Git Product home page Git Product logo

go-tpm-tools's Introduction

Go-TPM tools GitHub release (latest SemVer)

Build Status Go Reference GitHub go.mod Go version Go Report Card License

The go-tpm-tools module is a TPM 2.0 support library designed to complement Go-TPM.

It contains the following public packages:

  • client: A Go package providing simplified abstractions and utility functions for interacting with a TPM 2.0, including:
    • Signing
    • Attestation
    • Reading PCRs
    • Sealing/Unsealing data
    • Importing Data and Keys
    • Reading NVData
    • Getting the TCG Event Log
  • server: A Go package providing functionality for a remote server to send, receive, and interpret TPM 2.0 data. None of the commands in this package issue TPM commands, but instead handle:
    • TCG Event Log parsing
    • Attestation verification
    • Creating data for Importing into a TPM
  • proto: Common Protocol Buffer messages that are exchanged between the client and server libraries. This package also contains helper methods for validating these messages.
  • simulator: Go bindings to the Microsoft's TPM 2.0 simulator.

This repository also contains gotpm, a command line tool for using the TPM. Run gotpm --help and gotpm <command> --help for more documentation.

Use prebuilt gotpm binary

You can download the binary from a release directly.

# VERSION: 0.4.4 ARCH: Linux_x86_64
curl -L https://github.com/google/go-tpm-tools/releases/download/[VERSION]/go-tpm-tools_[ARCH].tar.gz -o go-tpm-tools.tar.gz
tar xvf go-tpm-tools.tar.gz
# You may need to copy the binary to a directory with executable permissions.
# NOTE: on Container-Optimized OS, /var/lib/google/ is executable
./gotpm --help

Building and Installing gotpm

gotpm can be directly installed from this repo by running:

go install github.com/google/go-tpm-tools/cmd/gotpm@latest
# gotpm will be installed to $GOBIN
gotpm --help

Alternatively, to build gotpm from a cloned version of this repo, run:

cd /my/path/to/cloned/go-tpm-tools/cmd/gotpm
go build
# gotpm will be in the cmd/gotpm subdirectory of the repo
./gotpm --help

Minimum Required Go Version

This project currently requires Go 1.20 or newer. Any update to the minimum required Go version will be released as a minor version update.

openssl errors when building simulator

Similarly, when building the simulator library (or tests), you may get an error that looks like:

fatal error: openssl/aes.h: No such file or directory
   47 | // #include <openssl/aes.h>
      |           ^~~~~~~~~~~~~~~~
compilation terminated.

This is because the simulator library depends on having the OpenSSL headers installed. To fix this error, install the appropriate header package:

Linux

# Ubuntu/Debian based systems
sudo apt install libssl-dev
# Redhat/Centos based systems
sudo yum install openssl-devel
# Arch Linux (headers/library in the same package)
sudo pacman -S openssl

macOS

First, install Homebrew. Then run:

brew install openssl

Windows

First, install Chocolatey. Then run:

choco install openssl

Custom install location

If you want to use a different installation of OpenSSL, or you are getting linker errors like ld: library not found for -lcrypto, you can directly point Go your installation. We will assume your installation is located at $OPENSSL_PATH (with lib and include subdirectories).

Add OpenSSL to the include and library path at the command line

This solution does not require modifying go-tpm-tools code and is useful when working on other projects that depend on go-tpm-tools/simulator.

C_INCLUDE_PATH="$OPENSSL_PATH/include" LIBRARY_PATH="$OPENSSL_PATH/lib" go test ...

Add OpenSSL to the include and library path in the code

This solution modifies your local copy of the go-tpm-tools simulator source and removes the need to provide the paths on the command line.

Modify the CFLAGS/LDFLAGS options beginning with #cgo darwin or #cgo windows in simulator/internal/internal.go to point at your installation. This could look something like:

// #cgo darwin CFLAGS: -I $OPENSSL_PATH/include
// #cgo darwin LDFLAGS: -L $OPENSSL_PATH/lib

Remember to revert your modifications to simulator/internal/internal.go before committing your changes.

No TPM 1.2 support

Unlike Go-TPM (which supports TPM 1.2 and TPM 2.0), this module explicitly only supports TPM 2.0. Users should avoid use of TPM 1.2 due to the inherent reliance on SHA1 (which is quite broken).

Confidential VMs with Intel TDX

For Ubuntu image, the tdx_guest module was moved to linux-modules-extra package in the 1016 and newer kernels. You should be able to install the module, and either manually load the module or reboot.

To install the linux-modules-extra package, run:

sudo apt-get install linux-modules-extra-gcp

To manually load the module, run:

sudo modprobe tdx_guest

Legal

Copyright 2018 Google Inc. under the Apache 2.0 License. Microsoft's TPM simulator code is licensed under a 3-clause BSD license and the TCG software license. See the LICENSE file for more information.

This is not an official Google product.

go-tpm-tools's People

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

exhorder sambdavidson kpemmasani josephlr jkl73 northpole79 bendhillier ajb042487 kfabryczny mewbak fkorotkov 9elements langbeck neotim alexmwu yzz127 pszal prosaicsatsuma isabella232 thalesignite ekmixon cblk jasonkolodziej psasidhar immune-gmbh physolia zabari matt-tsai brandonweeks joshuakrstic deeglaze motamiguel arianvp daniel-weisse itxaka leon-auradine markusbkk hslatman pranjali-2501 yawangwang 3u13r nighthostt ahdavies chrisfenner jingshui1037 jrjatin ghas-results ruide msanft google-octo alanzsm efocht vbalain moxicution enicol09 aimixsaka jialeif namrata-ibm meetrajvala qinkunbao

go-tpm-tools's Issues

Support linux userspace eventlog

Systemd measures into various PCRs from userspace.
An up to date list can be found here.
Interesting entries are those marked as Userspace.

For some time, those measurements were not logged into any eventlog, making it cumbersome to use new systemd versions with go-tpm-tools since the eventlog would not match up with the actual measurements in the PCRs. However, they recently decided to log measurments to a separate eventlog with a similar but slightly different format to what is used in the UEFI boot phase (different location, json encoded).
The implementation can be found here: systemd/systemd#29004

My proposal is that go-tpm-tools could combine the uefi tpm eventlog from /sys/kernel/security/tpm0/binary_bios_measurements with the userspace eventlog in /var/log/systemd/tpm2-measure.log when reading the eventlog.

This would allow parsePCClientEventLog to succeed with newer versions of systemd.

using simulator in other project does not fetch ms-tpm-20-ref

Hi

I am referencing your simulator in my project, making my code better testable.

import "github.com/google/go-tpm-tools/simulator"
...
simulator.Get()
...

go mod vendor does fetch everything, except the folder ms-tpm-20-ref, which then results in failure on testing (missing header files).

When downloading the ms-tpm-20-ref folder manually to the appropiate vendor folder, everything works as expected.

What am I doing wrong?

Cheers
Tobi

Comapre Public Keys

SO basically I want to compare two attestation keys.
The returned attestation key is of type Key (client/keys.go) and inhibits the public key as a variable of type crypto.PublicKey. Per definition it implements the interface

interface{
    Equal(x crypto.PublicKey) bool
}

Now i wrote the following code, which does not detect quality of public keys by comparison of the public keys. Although if I compare the string versions of the public keys the match.
Is this intended behavior?

akk_0, err := client.AttestationKeyRSA(rwc)
if err != nil {
    log.Fatalf("error creating RSA Endorsement key!")
} else {
    fmt.Println("created RSA endorsement key")
}

akk_1, err := client.AttestationKeyRSA(rwc)
if err != nil {
l    og.Fatalf("error creating RSA Attestation key!")
}

if akk_0.PublicKey() == akk_1.PublicKey() {
    fmt.Println("keys are the same")
} else {
    fmt.Println("keys are not the same")
}

akkstr0 := fmt.Sprintf("%v", akk_0.PublicKey())
akkstr0 = akkstr0[:len("akk0: &")-1]
akkstr1 := fmt.Sprintf("%v", akk_1.PublicKey())
akkstr1 = akkstr1[:len("akk1: &")-1]
fmt.Printf("akk0: %v\nakk_1: %v\n", akk_0.PublicKey(), akk_1.PublicKey())

fmt.Printf("Keys are the same: %t\n", akkstr0 == akkstr1)

Support loading cached key

Is it possible to simply load a cached key without having to know extra parameters, e.g. a template matching the key?

Basically, I want a TPM client function like the following:

// LoadKey loads a key from the provided handle.
func LoadKey(rw io.ReadWriter, handle tpmutil.Handle) (*Key, error) {
        cachedPub, _, _, err := tpm2.ReadPublic(rw, handle)
        if err != nil {
                return nil, err
        }
        k := &Key{
                rw: rw,
                handle: handle,
                pubArea: cachedPub,
        }
        return k, k.finish()
}

The only function that does a similar thing is NewCachedKey, but comes with the risk of overwriting a key at the given handle if the provided template does not match the existing key.

Add ability to parse db and dbx to return a Database usable for policies

For db additions, this would look more like take an existing Database/empty Database and update with hashes and certificates.

  • AddCertificate, AddHash
    For dbx, we should support reading a dbx update file from https://uefi.org/revocationlistfile that then returns a corresponding Database containing the dbx hashes (and certs, if any). Currently, this is done manually using https://github.com/rhboot/dbxtool.
  • ParseDatabaseListFile(updateFile []bytes). This will return a Database object that corresponds to the file. Likely this will only be used for dbx files as I'm not aware of any db files that uses the same update format.

This will allow us to embed raw dbx updates and use them to build policy constants, as well as supply that ability to any users of the policy APIs.

Build noise from deprecated features when compiling against OpenSSL 3

When cgo picks up OpenSSL 3.0 (for example via brew on macOS), compilation outputs quite a few deprecation warnings similar to the following:

/redacted/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslMath.c:600:9: warning: 'EC_POINTs_mul' is deprecated [-Wdeprecated-declarations]
/usr/local/opt/openssl/include/openssl/ec.h:857:1: note: 'EC_POINTs_mul' has been explicitly marked deprecated here
/usr/local/opt/openssl/include/openssl/macros.h:182:49: note: expanded from macro 'OSSL_DEPRECATEDIN_3_0'
/usr/local/opt/openssl/include/openssl/macros.h:62:52: note: expanded from macro 'OSSL_DEPRECATED'

One route is to disable deprecation warnings, assuming openssl 3.0 support is off the table for now.

Support seal/unseal operation with a password

Current seal/unseal operations in tpm2tools only check PCRs. We should support the operation with a user specified password. So users can seal the secret to not only PCRs but also a password.

Switch to using array of certs rather than a cert pool

The x509.CertPool interface is quite awkward, using an array is more natural for an options structure. It also makes it possible to iterate though the specified root certs (which is not possible with the existing implementation).

In `gotpm` properly handle usage

Right now we display the usage errors on virtually all errors. This clutters the output and is confusing.

We should only display the usage on usage errors. Note, a TPM "permission denied" is not a usage error.

Refactor GetEventLog

Currently, we have a confusing interface for GetEventLog. In order to take advantage of this model, we need to wrap the EventLog method in a new structure whenever we pass the simulator as an embedded field to a test. See #128, specifically ignoreClose and ignoreCloseWithEventLogGetter as an example. We do this because the event log and the TPM are closely tied in a simulated environment; the TPM's PCRs need to reflect the event log events to pass our tests.

To prevent this, we should figure out how best to

Here are a few options to consider:

  1. Refactor our testing to have a test.GetTPMAndEventLog replace test.GetTPM. This can return some TPMAndEventLog structure that tests can optionally take one or both of. We then need to revisit client.Attest and probably introduce an eventLog []byte parameter again that calls GetEventLog when nil.
  1. Create some wrapper interface around both TPM and EventLog (for lack of a better name, call it TPMContext). It could look something like type TPMContext interface { io.ReadWriterCloser EventLog() []byte
  • option 2 allows us to be more flexible with how we implement and tie together RWC and EventLog. This would require a more significant refactor and is a breaking change.
  1. Introduce some attestHelper and only test that, leaving the event log for the test to provide.
  • This is brittle and doesn't test the actual interface we provide.

Thoughts?

failed to validate the PCClient event log in VMware

I've created the following script for testing proposes and I'm running it on a VMware VM with a virtualized TPM with RHEL8 as the OS. I got the following error when running server.VerifyAttestation:

failed to validate the PCClient event log:
failed to replay event log: event log failed to verify: the following registers failed to replay: [0]

Is this expected to happen? I'm thinking about testing this on my real machine with the actual TPM but I afraid to break something.

The code is pretty much the same as the verify_test.go one but using VMwares virtualized TPM.

`package main

import (
"crypto"
"fmt"

"github.com/google/go-tpm-tools/client"
"github.com/google/go-tpm-tools/server"
"github.com/google/go-tpm/tpm2"

)

func main() {

tpm, err := tpm2.OpenTPM()
if err != nil {
	fmt.Println("[ERROR] opening tpm failed: ", err)
	return
}

AttestationKeyRSA, err := client.AttestationKeyRSA(tpm)
defer AttestationKeyRSA.Close()

if err != nil {
	fmt.Println("[ERROR] RSA AK Creation failed: ", err)
	return
}
fmt.Println("[INFO] AK Created: ", AttestationKeyRSA)

nonce, err := tpm2.GetRandom(tpm, 15)

if err != nil {
	fmt.Println("[ERROR] nonce creation failed: ", err)
	return
}
fmt.Println("[INFO] nonce Created: ", nonce)

attestation, err := AttestationKeyRSA.Attest(client.AttestOpts{Nonce: nonce})

if err != nil {
	fmt.Println("[ERROR] Attestation failed: ", err)
	return
}

MachineState, err := server.VerifyAttestation(attestation, server.VerifyOpts{
	Nonce:      nonce,
	TrustedAKs: []crypto.PublicKey{AttestationKeyRSA.PublicKey()},
})

if err != nil {
	// handle error
	fmt.Println("[ERROR] VerifyAttestation failed: ", err)
	return
}

fmt.Println("INFO: Grub State", MachineState)

}`

Add Travis Presubmits

We should have some presubmits running that verify:

  • The code builds
  • The tests pass
  • The code is formatted correctly
  • go vet gives no errors

Fix server.VerifyAttestation with server.VerifyOpts

currently, when you call server.VerifyAttestation() with server.VerifyOpts{TrustedAKs: []crypto.PublicKey{...}}, this causes a pacnic when the proto message also contains an AKCert. This is because we return a nil proto in

go-tpm-tools/server/verify.go

Line 248 in 99dd67b

return nil, validateAKPub(akCert.PublicKey.(crypto.PublicKey), opts)
. Thus, when we try to merge later on

go-tpm-tools/server/verify.go

Line 174 in 99dd67b

proto.Merge(machineState, celState)
the proto library panics with merging into a nil message

warning: '...' is deprecated: Since OpenSSL 3.0

When compiling the project I receive these warnings about the use of deprecated macros being used in the code.

OS: Ubuntu 22.04
Kernel: 5.15.0-1004-gcp
go-tpm-tools: v0.3.5
go: go1.18.2 linux/amd64

The following snippet shows the reduced output.

warning: โ€˜AES_set_encrypt_keyโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
warning: โ€˜AES_encryptโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
warning: โ€˜AES_set_encrypt_keyโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
warning: โ€˜AES_encryptโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
warning: โ€˜SHA1_Initโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
warning: โ€˜SHA1_Updateโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
warning: โ€˜SHA1_Finalโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
warning: โ€˜SHA256_Initโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
warning: โ€˜SHA256_Updateโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
warning: โ€˜SHA256_Finalโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
warning: โ€˜SHA384_Initโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
warning: โ€˜SHA384_Updateโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
warning: โ€˜SHA384_Finalโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
warning: โ€˜SHA512_Initโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
warning: โ€˜SHA512_Updateโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
warning: โ€˜SHA512_Finalโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
warning: โ€˜AES_encryptโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
warning: โ€˜AES_set_encrypt_keyโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
warning: โ€˜AES_encryptโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
warning: โ€˜AES_set_encrypt_keyโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
warning: โ€˜AES_set_encrypt_keyโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
warning: โ€˜AES_set_encrypt_keyโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
warning: โ€˜AES_encryptโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
warning: โ€˜AES_set_decrypt_keyโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
warning: โ€˜AES_decryptโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
warning: โ€˜AES_set_encrypt_keyโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
warning: โ€˜AES_encryptโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
warning: โ€˜EC_POINT_get_affine_coordinates_GFpโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
warning: โ€˜EC_POINT_set_affine_coordinates_GFpโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
warning: โ€˜EC_POINT_set_affine_coordinates_GFpโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
warning: โ€˜EC_POINTs_mulโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations

Here the full output:

/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptCmac.c: In function โ€˜CryptCmacDataโ€™:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptCmac.c:104:5: warning: โ€˜AES_set_encrypt_keyโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  104 |     SELECT(ENCRYPT);
      |     ^~~~~~
In file included from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslSym.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h:63,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c:57,
                 from include.c:17:
/usr/include/openssl/aes.h:51:5: note: declared here
   51 | int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
      |     ^~~~~~~~~~~~~~~~~~~
In file included from include.c:153:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptCmac.c:104:5: warning: โ€˜AES_encryptโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  104 |     SELECT(ENCRYPT);
      |     ^~~~~~
In file included from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslSym.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h:63,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c:57,
                 from include.c:17:
/usr/include/openssl/aes.h:57:6: note: declared here
   57 | void AES_encrypt(const unsigned char *in, unsigned char *out,
      |      ^~~~~~~~~~~
In file included from include.c:153:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptCmac.c: In function โ€˜CryptCmacEndโ€™:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptCmac.c:144:5: warning: โ€˜AES_set_encrypt_keyโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  144 |     SELECT(ENCRYPT);
      |     ^~~~~~
In file included from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslSym.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h:63,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c:57,
                 from include.c:17:
/usr/include/openssl/aes.h:51:5: note: declared here
   51 | int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
      |     ^~~~~~~~~~~~~~~~~~~
In file included from include.c:153:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptCmac.c:144:5: warning: โ€˜AES_encryptโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  144 |     SELECT(ENCRYPT);
      |     ^~~~~~
In file included from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslSym.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h:63,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c:57,
                 from include.c:17:
/usr/include/openssl/aes.h:57:6: note: declared here
   57 | void AES_encrypt(const unsigned char *in, unsigned char *out,
      |      ^~~~~~~~~~~
In file included from include.c:159:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptHash.c: At top level:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptHash.c:51:1: warning: โ€˜SHA1_Initโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
   51 | HASH_DEF_TEMPLATE(SHA1, Sha1);
      | ^~~~~~~~~~~~~~~~~
In file included from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslHash.h:45,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h:64,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c:57,
                 from include.c:17:
/usr/include/openssl/sha.h:49:27: note: declared here
   49 | OSSL_DEPRECATEDIN_3_0 int SHA1_Init(SHA_CTX *c);
      |                           ^~~~~~~~~
In file included from include.c:159:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptHash.c:51:1: warning: โ€˜SHA1_Updateโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
   51 | HASH_DEF_TEMPLATE(SHA1, Sha1);
      | ^~~~~~~~~~~~~~~~~
In file included from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslHash.h:45,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h:64,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c:57,
                 from include.c:17:
/usr/include/openssl/sha.h:50:27: note: declared here
   50 | OSSL_DEPRECATEDIN_3_0 int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
      |                           ^~~~~~~~~~~
In file included from include.c:159:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptHash.c:51:1: warning: โ€˜SHA1_Finalโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
   51 | HASH_DEF_TEMPLATE(SHA1, Sha1);
      | ^~~~~~~~~~~~~~~~~
In file included from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslHash.h:45,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h:64,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c:57,
                 from include.c:17:
/usr/include/openssl/sha.h:51:27: note: declared here
   51 | OSSL_DEPRECATEDIN_3_0 int SHA1_Final(unsigned char *md, SHA_CTX *c);
      |                           ^~~~~~~~~~
In file included from include.c:159:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptHash.c:54:1: warning: โ€˜SHA256_Initโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
   54 | HASH_DEF_TEMPLATE(SHA256, Sha256);
      | ^~~~~~~~~~~~~~~~~
In file included from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslHash.h:45,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h:64,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c:57,
                 from include.c:17:
/usr/include/openssl/sha.h:73:27: note: declared here
   73 | OSSL_DEPRECATEDIN_3_0 int SHA256_Init(SHA256_CTX *c);
      |                           ^~~~~~~~~~~
In file included from include.c:159:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptHash.c:54:1: warning: โ€˜SHA256_Updateโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
   54 | HASH_DEF_TEMPLATE(SHA256, Sha256);
      | ^~~~~~~~~~~~~~~~~
In file included from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslHash.h:45,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h:64,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c:57,
                 from include.c:17:
/usr/include/openssl/sha.h:74:27: note: declared here
   74 | OSSL_DEPRECATEDIN_3_0 int SHA256_Update(SHA256_CTX *c,
      |                           ^~~~~~~~~~~~~
In file included from include.c:159:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptHash.c:54:1: warning: โ€˜SHA256_Finalโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
   54 | HASH_DEF_TEMPLATE(SHA256, Sha256);
      | ^~~~~~~~~~~~~~~~~
In file included from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslHash.h:45,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h:64,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c:57,
                 from include.c:17:
/usr/include/openssl/sha.h:76:27: note: declared here
   76 | OSSL_DEPRECATEDIN_3_0 int SHA256_Final(unsigned char *md, SHA256_CTX *c);
      |                           ^~~~~~~~~~~~
In file included from include.c:159:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptHash.c:57:1: warning: โ€˜SHA384_Initโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
   57 | HASH_DEF_TEMPLATE(SHA384, Sha384);
      | ^~~~~~~~~~~~~~~~~
In file included from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslHash.h:45,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h:64,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c:57,
                 from include.c:17:
/usr/include/openssl/sha.h:119:27: note: declared here
  119 | OSSL_DEPRECATEDIN_3_0 int SHA384_Init(SHA512_CTX *c);
      |                           ^~~~~~~~~~~
In file included from include.c:159:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptHash.c:57:1: warning: โ€˜SHA384_Updateโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
   57 | HASH_DEF_TEMPLATE(SHA384, Sha384);
      | ^~~~~~~~~~~~~~~~~
In file included from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslHash.h:45,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h:64,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c:57,
                 from include.c:17:
/usr/include/openssl/sha.h:120:27: note: declared here
  120 | OSSL_DEPRECATEDIN_3_0 int SHA384_Update(SHA512_CTX *c,
      |                           ^~~~~~~~~~~~~
In file included from include.c:159:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptHash.c:57:1: warning: โ€˜SHA384_Finalโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
   57 | HASH_DEF_TEMPLATE(SHA384, Sha384);
      | ^~~~~~~~~~~~~~~~~
In file included from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslHash.h:45,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h:64,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c:57,
                 from include.c:17:
/usr/include/openssl/sha.h:122:27: note: declared here
  122 | OSSL_DEPRECATEDIN_3_0 int SHA384_Final(unsigned char *md, SHA512_CTX *c);
      |                           ^~~~~~~~~~~~
In file included from include.c:159:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptHash.c:60:1: warning: โ€˜SHA512_Initโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
   60 | HASH_DEF_TEMPLATE(SHA512, Sha512);
      | ^~~~~~~~~~~~~~~~~
In file included from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslHash.h:45,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h:64,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c:57,
                 from include.c:17:
/usr/include/openssl/sha.h:123:27: note: declared here
  123 | OSSL_DEPRECATEDIN_3_0 int SHA512_Init(SHA512_CTX *c);
      |                           ^~~~~~~~~~~
In file included from include.c:159:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptHash.c:60:1: warning: โ€˜SHA512_Updateโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
   60 | HASH_DEF_TEMPLATE(SHA512, Sha512);
      | ^~~~~~~~~~~~~~~~~
In file included from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslHash.h:45,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h:64,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c:57,
                 from include.c:17:
/usr/include/openssl/sha.h:124:27: note: declared here
  124 | OSSL_DEPRECATEDIN_3_0 int SHA512_Update(SHA512_CTX *c,
      |                           ^~~~~~~~~~~~~
In file included from include.c:159:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptHash.c:60:1: warning: โ€˜SHA512_Finalโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
   60 | HASH_DEF_TEMPLATE(SHA512, Sha512);
      | ^~~~~~~~~~~~~~~~~
In file included from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslHash.h:45,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h:64,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c:57,
                 from include.c:17:
/usr/include/openssl/sha.h:126:27: note: declared here
  126 | OSSL_DEPRECATEDIN_3_0 int SHA512_Final(unsigned char *md, SHA512_CTX *c);
      |                           ^~~~~~~~~~~~
In file included from include.c:162:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRand.c: In function โ€˜DfComputeโ€™:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRand.c:133:9: warning: โ€˜AES_encryptโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  133 |         DRBG_ENCRYPT(&dfState->keySchedule, &temp, pIv);
      |         ^~~~~~~~~~~~
In file included from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslSym.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h:63,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c:57,
                 from include.c:17:
/usr/include/openssl/aes.h:57:6: note: declared here
   57 | void AES_encrypt(const unsigned char *in, unsigned char *out,
      |      ^~~~~~~~~~~
In file included from include.c:162:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRand.c: In function โ€˜DfStartโ€™:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRand.c:162:5: warning: โ€˜AES_set_encrypt_keyโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  162 |     DRBG_ENCRYPT_SETUP(&dfKey[0], DRBG_KEY_SIZE_BITS, &dfState->keySchedule);
      |     ^~~~~~~~~~~~~~~~~~
In file included from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslSym.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h:63,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c:57,
                 from include.c:17:
/usr/include/openssl/aes.h:51:5: note: declared here
   51 | int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
      |     ^~~~~~~~~~~~~~~~~~~
In file included from include.c:162:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRand.c: In function โ€˜EncryptDRBGโ€™:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRand.c:342:9: warning: โ€˜AES_encryptโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  342 |         DRBG_ENCRYPT(keySchedule, iv, temp);
      |         ^~~~~~~~~~~~
In file included from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslSym.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h:63,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c:57,
                 from include.c:17:
/usr/include/openssl/aes.h:57:6: note: declared here
   57 | void AES_encrypt(const unsigned char *in, unsigned char *out,
      |      ^~~~~~~~~~~
In file included from include.c:162:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRand.c: In function โ€˜DRBG_Updateโ€™:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRand.c:419:9: warning: โ€˜AES_set_encrypt_keyโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  419 |         if(DRBG_ENCRYPT_SETUP((BYTE *)key,
      |         ^~
In file included from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslSym.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h:63,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c:57,
                 from include.c:17:
/usr/include/openssl/aes.h:51:5: note: declared here
   51 | int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
      |     ^~~~~~~~~~~~~~~~~~~
In file included from include.c:162:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRand.c: In function โ€˜DRBG_Generateโ€™:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRand.c:873:9: warning: โ€˜AES_set_encrypt_keyโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  873 |         if(DRBG_ENCRYPT_SETUP((BYTE *)pDRBG_KEY(seed),
      |         ^~
In file included from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslSym.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h:63,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c:57,
                 from include.c:17:
/usr/include/openssl/aes.h:51:5: note: declared here
   51 | int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
      |     ^~~~~~~~~~~~~~~~~~~
In file included from include.c:166:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSym.c: In function โ€˜CryptSymmetricEncryptโ€™:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSym.c:190:5: warning: โ€˜AES_set_encrypt_keyโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  190 |     SELECT(ENCRYPT);
      |     ^~~~~~
In file included from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslSym.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h:63,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c:57,
                 from include.c:17:
/usr/include/openssl/aes.h:51:5: note: declared here
   51 | int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
      |     ^~~~~~~~~~~~~~~~~~~
In file included from include.c:166:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSym.c:190:5: warning: โ€˜AES_encryptโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  190 |     SELECT(ENCRYPT);
      |     ^~~~~~
In file included from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslSym.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h:63,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c:57,
                 from include.c:17:
/usr/include/openssl/aes.h:57:6: note: declared here
   57 | void AES_encrypt(const unsigned char *in, unsigned char *out,
      |      ^~~~~~~~~~~
In file included from include.c:166:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSym.c: In function โ€˜CryptSymmetricDecryptโ€™:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSym.c:358:13: warning: โ€˜AES_set_decrypt_keyโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  358 |             SELECT(DECRYPT);
      |             ^~~~~~
In file included from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslSym.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h:63,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c:57,
                 from include.c:17:
/usr/include/openssl/aes.h:54:5: note: declared here
   54 | int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
      |     ^~~~~~~~~~~~~~~~~~~
In file included from include.c:166:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSym.c:358:13: warning: โ€˜AES_decryptโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  358 |             SELECT(DECRYPT);
      |             ^~~~~~
In file included from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslSym.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h:63,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c:57,
                 from include.c:17:
/usr/include/openssl/aes.h:60:6: note: declared here
   60 | void AES_decrypt(const unsigned char *in, unsigned char *out,
      |      ^~~~~~~~~~~
In file included from include.c:166:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSym.c:363:13: warning: โ€˜AES_set_encrypt_keyโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  363 |             SELECT(ENCRYPT);
      |             ^~~~~~
In file included from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslSym.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h:63,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c:57,
                 from include.c:17:
/usr/include/openssl/aes.h:51:5: note: declared here
   51 | int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
      |     ^~~~~~~~~~~~~~~~~~~
In file included from include.c:166:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSym.c:363:13: warning: โ€˜AES_encryptโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  363 |             SELECT(ENCRYPT);
      |             ^~~~~~
In file included from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslSym.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h:63,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h:47,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c:57,
                 from include.c:17:
/usr/include/openssl/aes.h:57:6: note: declared here
   57 | void AES_encrypt(const unsigned char *in, unsigned char *out,
      |      ^~~~~~~~~~~
In file included from include.c:172:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslMath.c: In function โ€˜PointFromOsslโ€™:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslMath.c:429:5: warning: โ€˜EC_POINT_get_affine_coordinates_GFpโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  429 |     OK = EC_POINT_get_affine_coordinates_GFp(E->G, pIn, x, y, E->CTX);
      |     ^~
In file included from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslMath.h:48,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/BnValues.h:317,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Global.h:82,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h:52,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c:57,
                 from include.c:17:
/usr/include/openssl/ec.h:659:27: note: declared here
  659 | OSSL_DEPRECATEDIN_3_0 int EC_POINT_get_affine_coordinates_GFp
      |                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from include.c:172:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslMath.c: In function โ€˜EcPointInitializedโ€™:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslMath.c:459:9: warning: โ€˜EC_POINT_set_affine_coordinates_GFpโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  459 |         if(!EC_POINT_set_affine_coordinates_GFp(E->G, P, bnX, bnY, E->CTX))
      |         ^~
In file included from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslMath.h:48,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/BnValues.h:317,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Global.h:82,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h:52,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c:57,
                 from include.c:17:
/usr/include/openssl/ec.h:646:27: note: declared here
  646 | OSSL_DEPRECATEDIN_3_0 int EC_POINT_set_affine_coordinates_GFp
      |                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from include.c:172:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslMath.c: In function โ€˜BnCurveInitializeโ€™:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslMath.c:511:9: warning: โ€˜EC_POINT_set_affine_coordinates_GFpโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  511 |         VERIFY(EC_POINT_set_affine_coordinates_GFp(E->G, P, bnX, bnY, CTX));
      |         ^~~~~~
In file included from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslMath.h:48,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/BnValues.h:317,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Global.h:82,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h:52,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c:57,
                 from include.c:17:
/usr/include/openssl/ec.h:646:27: note: declared here
  646 | OSSL_DEPRECATEDIN_3_0 int EC_POINT_set_affine_coordinates_GFp
      |                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from include.c:172:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslMath.c: In function โ€˜BnEccModMult2โ€™:
/home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslMath.c:600:9: warning: โ€˜EC_POINTs_mulโ€™ is deprecated: Since OpenSSL 3.0 [-Wdeprecated-declarations]
  600 |         EC_POINTs_mul(E->G, pR, NULL, 2, points, scalars, E->CTX);
      |         ^~~~~~~~~~~~~
In file included from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslMath.h:48,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/BnValues.h:317,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Global.h:82,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h:52,
                 from /home/leon/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c:57,
                 from include.c:17:
/usr/include/openssl/ec.h:859:27: note: declared here
  859 | OSSL_DEPRECATEDIN_3_0 int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r,
      |                           ^~~~~~~~~~~~~

server.VerifyAttestation fails on gce debian10+secureboot

Attempting to use server.VerifyAttestation using the snippet provided below
server.VerifyAttestation fails on debian 10 with

gcloud compute instances create shielded-sb  --zone=us-central1-a --machine-type=e2-medium --no-service-account --no-scopes \
   --create-disk=auto-delete=yes,boot=yes,device-name=shielded-sb,image=projects/debian-cloud/global/images/debian-10-buster-v20211104,mode=rw,size=10,type=projects/mineral-minutia-820/zones/us-central1-a/diskTypes/pd-balanced \
  --shielded-vtpm --shielded-secure-boot --shielded-integrity-monitoring


# go run main.go
failed to validate the event log: failed to replay event log: event log failed to verify: 
the following registers failed to replay: [5 4]
exit status 1

though it works when using confidential compute instances

  • main.go
package main

import (
	"crypto"
	"flag"
	"log"

	"github.com/google/go-tpm-tools/client"
	"github.com/google/go-tpm-tools/server"
	"github.com/google/go-tpm/tpm2"
	//"github.com/google/go-attestation/attest"
)

var (
	tpmPath = flag.String("tpm-path", "/dev/tpm0", "Path to the TPM device (character device or a Unix socket).")
)

func main() {
	flag.Parse()

	var err error

	rwc, err := tpm2.OpenTPM(*tpmPath)
	if err != nil {
		log.Fatalf("can't open TPM %q: %v", *tpmPath, err)
	}
	defer func() {
		if err := rwc.Close(); err != nil {
			log.Fatalf("\ncan't close TPM %q: %v", tpmPath, err)
		}
	}()

	ekk, err := client.EndorsementKeyRSA(rwc)
	if err != nil {
		log.Fatalf("ERROR:  could not get EndorsementKeyRSA: %v", err)
	}
	defer ekk.Close()

	ak, err := client.AttestationKeyRSA(rwc)
	if err != nil {
		log.Fatalf("ERROR:  could not get AttestationKeyRSA: %v", err)
	}
	defer ak.Close()

	nonce := []byte("noncevalue")

	attestation, err := ak.Attest(client.AttestOpts{Nonce: nonce})
	if err != nil {
		log.Fatalf("failed to attest: %v", err)
	}

	ims, err := server.VerifyAttestation(attestation, server.VerifyOpts{
		Nonce:      nonce,
		TrustedAKs: []crypto.PublicKey{ak.PublicKey()},
	})
	if err != nil {
		log.Fatalf("failed to verify: %v", err)
	}
	log.Printf("Machine State: %v", ims.RawEvents)

}
  • go.mod
module main

go 1.17

require (
	github.com/google/go-tpm v0.3.3-0.20210409082102-d3310770bfec
	github.com/google/go-tpm-tools v0.3.1
	golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 // indirect

)

require (
	github.com/google/certificate-transparency-go v1.1.1 // indirect
	github.com/google/go-attestation v0.3.2 // indirect
	github.com/google/go-tspi v0.2.1-0.20190423175329-115dea689aad // indirect
	golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 // indirect
	google.golang.org/protobuf v1.27.1 // indirect
)

root@shielded-sb:~/sb_test# dmesg |grep -i secure
[    0.000000] secureboot: Secure boot enabled
[    0.000000] Kernel is locked down from EFI secure boot; see https://wiki.debian.org/SecureBoot
[    1.583131] Loaded X.509 cert 'Debian Secure Boot CA: 6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1'
[    1.585830] Loaded X.509 cert 'Debian Secure Boot Signer 2021 - linux: 4b6ef5abca669825178e052c84667ccbc0531f8c'
[    1.604722] Lockdown: Hibernation is restricted; see https://wiki.debian.org/SecureBoot
[    2.936099] Lockdown: BPF is restricted; see https://wiki.debian.org/SecureBoot

# tpm2_pcrread sha1:7+sha256:7
  sha1:
    7 : 0xACFD7EACCC8F855AA27B2C05B8B1C7C982BFBBFA
  sha256:
    7 : 0x3D91599581F7A3A3A1BB7C7A55A7B8A50967BE6506A5F47A9E89FEF756FAB07A

# tpm2_eventlog /sys/kernel/security/tpm0/binary_bios_measurements
pcrs:
  sha1:
    0  : 0x0f2d3a2a1adaa479aeeca8f5df76aadc41b862ea
    1  : 0xb1676439cac1531683990fefe2218a43239d6fe8
    2  : 0xb2a83b0ebf2f8374299a5b2bdfc31ea955ad7236
    3  : 0xb2a83b0ebf2f8374299a5b2bdfc31ea955ad7236
    4  : 0x4474b686153d01c26b4455a3eb9e3632f355a2cb
    5  : 0xeb3dd3eb12b3d3df65d868757c87030b083bac06
    6  : 0xb2a83b0ebf2f8374299a5b2bdfc31ea955ad7236
    7  : 0xacfd7eaccc8f855aa27b2c05b8b1c7c982bfbbfa
    14 : 0x7c067190e738329a729aebd84709a7063de9219c

Simulator checks wrong path for `openssl` with Homebrew on Apple Silicon macOS 

// // Flags to find OpenSSL installation on macOS (default Homebrew location)
// #cgo darwin CFLAGS: -I/usr/local/opt/openssl/include
// #cgo darwin LDFLAGS: -L/usr/local/opt/openssl/lib

The aforementioned flags are correct on Intel macOS, but on Apple Silicon, Homebrew installs packages to /opt/homebrew/opt rather than /usr/local/opt. Whilst the root directory readme in this project instructs users on how to set C_INCLUDE_PATH, it doesn't mention this case specifically and the Go files seem to attempt to work with Homebrew. This can be a little confusing for those less familiar with the elements in play.

Has support for pkg-config been considered ? This feels like a less platform dependent way of handling this and quite a few dependencies I've encountered that use cgo make use of pkg-config for this purpose.

Workaround

export C_INCLUDE_PATH="$(brew --prefix openssl)/include"
export LIBRARY_PATH="$(brew --prefix openssl)/lib"
# Now you can run go build/go test

Remove libtspi dependancy

Right now, building the server library requires libtspi (a Trousers TPM 1.2 library) to be installed.

This is because go-attestation's attest package depends on it for TPM 1.2 support. As we don't need TPM 1.2 support, this dependency is unnecessary.

To fix this we should:

  • Move the eventlog parsing/processsing to a separate package (either in this repo or go-attestation)
  • Have go-attestation/attest depend on this separate package
  • Have go-tpm-tools/server depend on this separate package

Issue building on Ubuntu 2204 jammy

I've been bumping a docker container from Ubuntu2004 to Ubuntu2204 and encountered the following error:

# github.com/google/go-tpm-tools/simulator/internal
In file included from /root/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/BnValues.h:317,
                 from /root/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Global.h:82,
                 from /root/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h:52,
                 from /root/go/pkg/mod/github.com/google/[email protected]/simulator/internal/internal.go:34:
/root/go/pkg/mod/github.com/google/[email protected]/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslMath.h:52:5: error: #error Untested OpenSSL version
   52 | #   error Untested OpenSSL version
      |     ^~~~~

I've only found the following related issue: ibm-openbmc/dev#3452

Anyways, my workaround was to manually install libssl-dev_1.1.1:

wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.16_amd64.deb
sudo dpkg -i libssl1.1_1.1.1f-1ubuntu2.16_amd64.deb
wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_1.1.1f-1ubuntu2.16_amd64.deb
sudo dpkg -i libssl-dev_1.1.1f-1ubuntu2.16_amd64.deb

Are there any plans to address this issue?

SigningKeyImportBlob to support duplication policy

CreateSigningKeyImportBlob and ImportSigningKey only support restrictions with pcr values.

However, the imorted key does not have any authorization policy that prevent duplication afaik (only pcr binding)

# tpm2_readpublic -c  0x81010001
name: 000b1c71beda21f8f0592d56651a3799fb0f7cd6e8b86a2305c84f9c8c13c9bae8da
qualified name: 000b4db0e8e4c7c9e13e51c8a40c686647e13f1236bf0f536d839235c442ed3fabf8
name-alg:
  value: sha256
  raw: 0xb
attributes:
  value: adminwithpolicy|sign
  raw: 0x40080
type:
  value: rsa
  raw: 0x1
exponent: 65537
bits: 2048
scheme:
  value: rsassa
  raw: 0x14
scheme-halg:
  value: sha256
  raw: 0xb
sym-alg:
  value: null
  raw: 0x10
sym-mode:
  value: (null)
  raw: 0x0
sym-keybits: 0
rsa: dac81c51f456...
authorization policy: 2094289099c2cb180f28f99c71c8d681123935f7330bdae5aa1ae1e09f0fe532

I think something like https://github.com/tpm2-software/tpm2-tools/blob/master/man/tpm2_policyduplicationselect.1.md would be needed

ImportSigningKey throws segfault when importing Key with PCR values

I'm trying to use ImportSigningKey after sealing an RSA key using CreateSigningKeyImportBlob on my laptop. I specified PCR values i would expect on the TPM system that currenly has:

$ tpm2_pcrread sha256:23
sha256:
  23: 0xF5A5FD42D16A20302798EF6ED309979B43003D2320D9F0E8EA9831A92759FB4B

THe following program is run on my laptop where i send in arguments to encode the string into bytes and finally as the expected(?) format of the CreateSigningKeyImportBlob method

I used a GCP serviceaccount .p12 file here but you can ofcourse use even a transient RSA key for this rsa.GenerateKey(rand.Reader, 2048)

TO repro, se any PCR value and create the keyblob using

-"laptop"
https://gist.github.com/salrashid123/a252d76235d334de2ea7b849695a6f58

go run main.go  \
  --rsaKeyFile=svc_account.p12 \
  --sealedOutput=sealed.dat \
  --pcrValues=23=f5a5fd42d16a20302798ef6ed309979b43003d2320d9f0e8ea9831a92759fb4b -v=2 -alsologtostderr

The output is a sealded.dat which you transfer to the VM with the tpm.

On that, run the following program to import the blob

https://gist.github.com/salrashid123/71c390c41578ab4ea4da3131f312ca60

as

go run main.go  \
  --importSigningKeyFile=sealed.dat \
  --keyHandleOutputFile=key.dat \
  --v=2 -alsologtostderr

you'll see it prints the existing on-system PCR corrently but still throws the segfault at

key, err := ek.ImportSigningKey(importblob)

./import  --importSigningKeyFile=sealed.dat --keyHandleOutputFile=key.dat --v=2 -alsologtostderr
I0302 23:07:41.203882    9040 main.go:49] ======= Init importSigningKey ========
I0302 23:07:41.239047    9040 main.go:71] Handle 0x80000001 flushed
I0302 23:07:41.239073    9040 main.go:76] ======= Print PCR 23 ========
I0302 23:07:41.239783    9040 main.go:81] PCR23: 00000000  f5 a5 fd 42 d1 6a 20 30  27 98 ef 6e d3 09 97 9b  |...B.j 0'..n....|
00000010  43 00 3d 23 20 d9 f0 e8  ea 98 31 a9 27 59 fb 4b  |C.=# .....1.'Y.K|
I0302 23:07:41.239805    9040 main.go:83] ======= Loading EndorsementKeyRSA ========
I0302 23:07:41.245614    9040 main.go:90] ======= Loading sealedkey ========
I0302 23:07:41.245938    9040 main.go:101] ======= Loading ImportSigningKey ========
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x80 pc=0x5fab09]

goroutine 1 [running]:
github.com/google/go-tpm-tools/tpm2tools.(*Key).Close(0x0)
	/apps/go/go_path/pkg/mod/github.com/google/[email protected]/tpm2tools/keys.go:197 +0x29
github.com/google/go-tpm-tools/tpm2tools.(*Key).ImportSigningKey.func1(0xc00009db48, 0xc00009db40)
	/apps/go/go_path/pkg/mod/github.com/google/[email protected]/tpm2tools/import.go:72 +0x43
github.com/google/go-tpm-tools/tpm2tools.(*Key).ImportSigningKey(0xc0000f2000, 0xc0000940e0, 0x0, 0x6c8740, 0xc00001ad14)
	/apps/go/go_path/pkg/mod/github.com/google/[email protected]/tpm2tools/import.go:80 +0x2d3
main.importSigningKey(0x67e1f9, 0x9, 0x7ffea8ffb842, 0xa, 0x7ffea8ffb863, 0x7, 0x0, 0x0)
	/home/srashid/Desktop/tpm_poc/go_import_rsa/transfer/shieldedvm/main.go:102 +0xb0e
main.main()
	/home/srashid/Desktop/tpm_poc/go_import_rsa/transfer/shieldedvm/main.go:41 +0xd6

Make simulator available over TCP (the same as original mssim)

simulator is a nice package that makes it easy to use it in tests. It works great for tests that need access from a golang app. But some integration tests use external tools to operate with TPM chip (e.g. clevis uses tpm-tools to seal passwords).

tpm-tools is a widely used tool. It allows to specify different locations for the TPM chip/simulator. e.g. export TPM2TOOLS_TCTI="mssim:host=localhost,port=2321" will make it work with the MS simulator.

It would be great if the simulator had an option to enable the TCP protocol for communication with the chip. It will allow to use utilities based on tpm-tools in the tests.

server.VerifyAttestation currently fails if no eventlog is present

Currently if an Attestation is passed to server.VerifyAttestation() and the EventLog field is empty, the attestation will fail to verify.

This is inconsistent with how we handle the CanonicalEventLog field, where if the field is not present, we just don't fill out the corresponding parts of the MachineState. We should do the same with the PC Client Log. If no event logs are present, but the attestation otherwise works, the returned MachineState might be empty, but VerifyAttestation should still succeed.

Can't do BootMeasurements with the activated key

I'm trying to do boot measurements over a couple of devices.
My idea was the following:

  1. Use go-attestation to perform credential activation over the attestation key so I know it comes from a real TPM in the device.
  2. Once that key is verified to be authentic I'm using go-tpm-tools to perform the boot measurements.

But the TPM is using different AKs for the credential activation and for the boot measurement.

Is there a way to get the same key in both steps? I been checking the code but there are different implementations for the AK in go-attestation and go-tpm-tools so I can't load the key that I saved in the file and use it for the boot measurement.

For the credential activation I'm following the Read me of go-attestation. Creating the AK once and the reading it from a file after that.

//*** Client code ****

ak, err := tpm.NewAK(akConfig)
if err != nil {
    // handle error
}
...

akBytes, err := ioutil.ReadFile("encrypted_aik.json")
if err != nil {
    // handle error
}
ak, err := tpm.LoadAK(akBytes)
if err != nil {
    // handle error
}

Then after the AK's activation I get the attestation in the client.

//*** Client code ****

	AttestationKeyRSA, err := client.AttestationKeyRSA(tpm)
	defer AttestationKeyRSA.Close()

	if err != nil {
		fmt.Println("[ERROR] RSA AK Creation failed: ", err)
		return attestation, err
	}
	
	attestation, err = AttestationKeyRSA.Attest(client.AttestOpts{Nonce: nonce})

And finally in the server I receive the attestation struct and use the activated key as a trusted AK

//*** Server code ****
	MachineState, err := server.VerifyAttestation(&attestation, server.VerifyOpts{
		Nonce:      nonce,
		TrustedAKs: []crypto.PublicKey{AK}, //AK over which the credential activation was performed
	})

After the server.VerifyAttestation failed with error: failed to validate AK public key: key not trusted, I printed both keys like this and realized they were different keys:

//*** Server code ****
	fmt.Println("Trusted AK: ",AK)

	AttestationAK,_ := attest.ParseAKPublic(attest.TPMVersion20,attestation.AkPub)

	fmt.Println("Attestation AK: ",AttestationAK.Public)

Output:

Trusted AK:  &{22625668753689935980571696617646531410311646055847460150146031955368141347892546072472151098691717083163190575295750118557252069419643430008839792549518343766996218661027754564422853438172331477624265118482252607760763238338014619728129577807610905516030568487169444589250654654043850859758955173878811509112975703884759248671470936102180203908740164507062309086315352685292102244496716092699492312453577752391037268548290629150366342796405842922567156990195627384184217223466121001529999169714543089732221558993779103042913918477467666942119418594696399696742396367888368390231614534062639898413731500632838990288481 65537}
Attestation AK:  &{24606078517372867746568476579973555674413697827296281697689486371263301713106853868117256185293762294457303876897405868451242220529635901914188791658444430536712298354918757004438886720919448816098270443869616683191968045457641887236740064788347918904432558310820107377744738463207056090875378366537105579411171957007686539651850507641514305555333608173797710394278151802353200518421930341078293919959759755548883140471070331092058467464059615785523256446067594146997832086927325563036550699298042779324683834629986188120061925682632273578688726532511964038644225245280635696752327780519182524838970112129010039092927 65537}

Really appreciate your help with this!

Allow persistence `client.Key()`

FR to allow client.Key full persistence such that can be loadable after power cycles.

Right now the only way to reuse objects across reboots is to evictcontrol() and find one of the empty slots.

Key.read()
Key.write()

so that the library can load the entire chain cleanly.

also see

google/go-tpm#342

Invalid PCR selection during `key.Attest()`

Assuming we are running on a system with a TPM that does not support the full range of PCR Selections:

$ sudo tpm2_getcap pcrs
selected-pcrs:
  - sha1: [ ]
  - sha256: [ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ]
  - sha384: [ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ]
  - sha512: [ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ]

Then calling key.Attest(AttestOpts{Nonce:nonce}) fails with the following error:

failed to verify quote: given PCRs and Quote do not have the same PCR selection

The error is fixed by adjusting implementedPCRs() to only add a PCRSelection to the implemented PCRs list if a given PCRSelection is not an empty list.

I can open a PR to fix this.

Change GceAttestationKey* to GCEShieldedSigningKey*

On the next breaking change of go-tpm-tools, we should change the names of GceAttestationKeyRSA and GceAttestationKeyECC to GCEShieldedSigningKeyRSA and GCEShieldedSigningKeyECC to better match the documentation at https://cloud.google.com/compute/docs/reference/rest/v1/instances/getShieldedInstanceIdentity.

We should also update these docs to describe the attributes/properties of the GCE Shielded Signing Key and how this key is typically used (TPM2_Certify/Quote).

If a breaking change is undesirable for this API, we can deprecate the name and have it point to the new func names.

go install for github.com/google/go-tpm-tools/cmd/gotpm no longer works

Before, the gotpm CLI tool could be installed with one step:

go install github.com/google/go-tpm-tools/cmd/gotpm@latest

However, now this gives the error:

go: github.com/google/go-tpm-tools/cmd/gotpm@latest (in github.com/google/go-tpm-tools/[email protected]):
	The go.mod file for the module providing named packages contains one or
	more replace directives. It must not contain directives that would cause
	it to be interpreted differently than if it were the main module.

This is because we have a replace directive here:

go-tpm-tools/cmd/go.mod

Line 12 in 5dafd89

replace github.com/google/go-tpm-tools => ../

The solution to this is probably to require go 1.18 and use Workspaces. This should also (hopefully) solve our problems with running go build/go test/etc... We might even be able to add this now, while keeping go 1.16 for building the existing module.

simulator: not go-gettable

Git submodules do not work with Go modules, and as such hacks are needed to get the simulator/ package to build.

My temporary solution is this:

go get https://github.com/google/go-tpm-tools
export LASTWD=`pwd`

cd $(go mod download -json | jq -r '.Dir' | grep go-tpm-tools)
cd simulator/internal
sudo -n -E git clone --recursive https://github.com/josephlr/ms-tpm-20-ref

cd $LASTWD

Which is kinda hacky and needs jq to be installed.

Can we vendor in the additional dependencies or mention this on the README?

Build noise with Clang due to unknown flag

Clang does not implement the -Wno-maybe-uninitialized warning flag, which is unconditionally added during cgo compilation:

go-tpm-tools/simulator/internal/internal_cgo.go

Line 20 in 8a35101

// #cgo CFLAGS: -Wno-missing-braces -Wno-empty-body -Wno-unused-variable -Wno-maybe-uninitialized

This results in the following noise during compilation:

warning: unknown warning option '-Wno-maybe-uninitialized'; did you mean '-Wno-uninitialized'? [-Wunknown-warning-option]
... repeated many times ...

It would be super nice not to get this compiler spew.

Clang version:

$ clang --version
Apple clang version 13.0.0 (clang-1300.0.29.30)
Target: x86_64-apple-darwin21.2.0
Thread model: posix
InstalledDir: /Library/Developer/CommandLineTools/usr/bin

Add helper to get/set EKCert and AIKCert

We have utility methods to get the EK and AIK public keys (for both RSA and ECC). We should also have a way for users to easily fetch the corresponding certs.

This is mostly just reading/writing NVData and converting it to a x509.Certificate.

Not able to Extract SHA256 PCR Bank Values

Hi
I was testing out go-tpm-tools and ran into an issue which I think is worth highlighting.
I was trying to read all the PCR's for the Hash Algorithm SHA256.

Here is where I faced the following issues:
1).When I build the code and execute sudo ./gotpm read pcr, it by default provides me with the SHA1 Bank values. But I didn't wanted this and instead wanted to have PCR Values listed for SHA256. In the --help interface of the CLI, I was not able to see any flag by default for setting the Hash Algorithm as SHA256.
So with this, I came across the code here and saw that, there is this --hash-algo flag which let's us set the Hash Algorithm as SHA256 and when I set this in the CLI, it just returned me the Empty String SHA256: like this and did not print out the PCR Values.

2).As a next step to this, I hard coded the pcrHashAlgo value as tpm2.AlgSHA256 here but still it only returned me the Blank String SHA256: and did not return me the PCR Values

Why is this happening is something I am curious about ? Any help will be appreciated on this
Thanks !!

Preferred way to get raw hardware attestation?

Hi there, we're evaluating GCS and this tooling, and we'd like for the workload containers to be able to retrieve a raw hardware attestation with a custom nonce/runtime_data, not just a OIDC token, so that the workload can quickly have HW-based assurance that it's running an a TEE.

One possible way of doing this would be to add another endpoint to the TEE Server (e.g., something like POST /v1/attestation). Another way would be to mount the appropriate kernel devices into the container; e.g., /dev/sev-guest, etc., but the latter seems more complex.

https://github.com/google/go-tpm-tools/blob/main/launcher/teeserver/tee_server.go#L69

  1. Is there a way to access raw attestations from inside the workload container that I'm missing?
  2. Would this project be willing to accept a PR adding such an endpoint to the TEE Server?

Support "TSS2 PRIVATE KEY" PEM files

https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.html describes a (de facto, for now) standard for PEM files containing TPMv2-wrapped keys.

It is supported by both the IBM and TCG OpenSSL ENGINEs/providers, as well as GnuTLS and OpenConnect.

Users have a PEM file which contains the TPM-wrapped key, and should be able to pass that to any application in place of a simple file-based key... and expect it to Just Work.

There is C code for the interesting parts in https://gitlab.com/openconnect/openconnect/-/blob/v9.12/gnutls_tpm2.c which I'm happy to relicense, but my Go is weak.

Support importing AES or HMAC keys

go-tpm-tools currenlty supports importing an external rsa key into the tpm using CreateSigningKeyImportBlob

it also supports encrypting an arbitrary secret which can get decrypted by the target TPM (using CreateImportBlob

It'd be nice to allow a way to import an AES or HMAC key into the target tpm instead of it just allowing decryption (i.e have a similar mechanism like CreateSigningKeyImportBlob but one that actually embeds the secret.

this should be similar to tpm2_duplicate

one application would be to transfer an hmac AWS key to a target tpm for authentication

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.