v0.9.1

This release adds a few new commands to the "direct" (non-legacy) interface, including:

• EvictControl
• HMAC_Start
• ObjectChangeAuth
• Duplicate
• TestParms
• HierarchyChangeAuth

Many thanks to our contributors!

What's Changed

• Remove temporary .swp file by @hslatman in #333
• chore: remove refs to deprecated io/ioutil by @testwill in #334
• feat: tpm2.EvictControl by @jclab-joseph in #338
• tpm2: Implement TPM2_Import by @Foxboron in #341
• Allow callers to omit handles from commands when RH_NULL by @chrisfenner in #344
• Introduce helper for formatting PCR selection bitmasks by @chrisfenner in #345
• Fix the mistake of signature algorithm number by @akakou in #349
• Add TPM2_HMAC_Start implementation by @nckrss in #351
• Bump go to 1.22 and golangci-lint to 1.56.2 by @nckrss in #353
• Implement TPM2_ObjectChangeAuth by @Foxboron in #354
• Implement TPM2_Duplicate by @rthellend in #355
• feat: TPM2_RSA_Encrypt and TPM2_RSA_Decrypt by @dflamand in #356
• tpm2: Implement TPM2_TestParms by @Foxboron in #352
• tpm2: Add RSADecryptWithSession by @thomasten in #314
• feat: add HierarchyChangeAuth command by @novag in #357

New Contributors

• @hslatman made their first contribution in #333
• @testwill made their first contribution in #334
• @Foxboron made their first contribution in #341
• @nckrss made their first contribution in #351
• @rthellend made their first contribution in #355
• @dflamand made their first contribution in #356
• @thomasten made their first contribution in #314
• @novag made their first contribution in #357

Full Changelog: v0.9.0...v0.9.1

Introducing the new TPM-Direct API

This is a major change to the go-tpm library. It introduces the API that was proposed in 2022 as "TPMDirect", which maps TPM commands to Go structs instead of funcs, allowing greater composability. Stay tuned for more information about this change and how to get started.

If you want to update to this release of go-tpm, you don't have to rewrite all your code! You can start using the new API at your leisure. Simply use the old API at its new path by changing from github.com/google/go-tpm/tpm2 to github.com/google/go-tpm/legacy/tpm2 in your code's import statements:

import github.com/google/go-tpm/tpm2

to

import github.com/google/go-tpm/legacy/tpm2

What's Changed

• Update tpmdirect with latest changes from master by @chrisfenner in #269
• Introduce Direct TPM2 API by @chrisfenner in #266
• Update README.md by @chrisfenner in #270
• Add a lot of policy and NV commands to TPMDirect by @chrisfenner in #272
• Implemented and Tested ReadPublic by @matt-tsai in #279
• Implemented and Tested GetRandom by @matt-tsai in #277
• Implemented and Tested Sign by @matt-tsai in #282
• Implemented and Tested Hash, HashSequenceStart, SequenceUpdate, and SequenceComplete by @matt-tsai in #284
• Supporting functionalities for direct migration by @matt-tsai in #283
• Define the structure related to ECDAA by @akakou in #288
• Implemented and Tested PolicyPCR by @matt-tsai in #289
• Implemented and Tested ContextSave, ContextLoad by @matt-tsai in #280
• Implemented and Tested Certify by @matt-tsai in #293
• Implemented and Tested CertifyCreation by @matt-tsai in #297
• Implemented and Tested pcrReset. by @matt-tsai in #295
• Adding comments to TestReadPublicKey by @matt-tsai in #299
• Implement TPM2_Commit by @akakou in #296
• rename tpmdirect to tpm2 and rename existing tpm2 as legacy/tpm2 by @chrisfenner in #304
• add several commands needed by Google PINT by @chrisfenner in #305
• Add type of ECDAA signature by @chrisfenner in #306
• flatten the new API to just tpm2 by @chrisfenner in #308
• Use generics to simplify the TPMDirect interface by @chrisfenner in #310
• make two transcription fixes by @chrisfenner in #316
• support go generate for constants by @chrisfenner in #317
• fix reflection on cmd structs not to use elem by @chrisfenner in #329
• Replay google/master work since the start of tpmdirect by @chrisfenner in #330
• get rid of adapter.go and rename Startup_ and Shutdown_ by @chrisfenner in #331
• rely on go-tpm-tools @ 4639ecce2abad383ae6c5cbbc0eba5ba37abb05a by @chrisfenner in #332

New Contributors

• @matt-tsai made their first contribution in #279
• @akakou made their first contribution in #288

Full Changelog: v0.3.3...v0.9.0

v0.3.3

Bug Fixes

• Fix golint and govet warnings by @brandonweeks in #229
• tpm2: fix encoding of name returned by Load() by @ericchiang in #231
• Various fixes for Remote Attestation implementations by @zaolin in #235
• Remove Invalid Pack test for ioutil.Discard by @josephlr in #241
• quote: Remove internal usage of ownerPassword with Quote by @josephlr in #250
• tpmutil: Fix integer casting on 32-bit platforms by @josephlr in #253

New Features

• TPM2: Add String function for tpm2.Algorithm by @ChriMarMe in #232
• Add TPM2_PolicySigned and Signature encoding by @alexmwu in #237
  [Breaking Change] A new return parameter timeout is added in tpm2.PolicySecret()
• Add PCRReset command for tpm2 by @jkl73 in #268

Documentation & Other

• Document that [type]parameters and [type]unique are merged by @chrisfenner in #239
• ci: Add golangci-lint linter by @josephlr in #254
• Update CODEOWNERS by @alexmwu in #251
• Remove go-cmp dependancy by @josephlr in #255
• Update golang.org/x/sys by @josephlr in #257
• tpm2: Allow for tpm2.OpenTPM() to use default paths on Linux by @josephlr in #256
  [Breaking Change] tpm2.OpenTPM() function signature has changed

New Contributors

• @alexmwu made their first contribution in #251

Full Changelog: v0.3.2...v0.3.3

Hashing Improvements and Bug Fixes

• Improve use of the TPM2 for Hashing operations
  • Add support for Hash Sequences (#219)
  • Add HashToAlgorithm which converts from a crypto.Hash to a TPM2 hash Algorithm (#226)
• Check TPMLPCRSelection for out-of-range PCR indices (#204)
• Update deps (#225)

Interstitial 0.3.1

TPM2: Added CertifyEx and encodeCertifyEx (#211)

* TPM2: Added CertifyEx and encodeCertifyEx which differ from Certify and encodeCertify in that they take the scheme to be used as an additional argument.

Signed-off-by: El Mostafa IDRASSI <[email protected]>

* Fixed typo

* Rename parentAuth and ownerAuth to objectAuth and signerAuth respectively.

Signed-off-by: El Mostafa IDRASSI <[email protected]>

* Update Certify documentation to explain it makes use of the hardcoded signing scheme {AlgRSASSA, AlgSHA256}.

* Pack AlgNull with no following hash alg in case of AlgNull scheme, and add TODO comment.

* Comment formatting and other requested changes.

Signed-off-by: El Mostafa IDRASSI <[email protected]>

* Replace all occurrences of tpmtSigScheme with SigScheme.
Add CertifyEx tests for both RSASSA/SHA256 and ALG_NULL cases.

* Better implementation of TestCertifyEx with all cases.

Signed-off-by: El Mostafa IDRASSI <[email protected]>

* Requested changes implemented.

Fix CVE-2020-8918

Fix TPM 1.2 migration (#195)

* Fix issue with TPM 1.2 migration auth (#1)

Fix some TPM 1.2-specific issues related to key migration and testing:

- A bug in CreateWrapKey that uses an incorrect key to encrypt a key's `migrationAuth` value
- Addition of `AuthorizeMigrationKey` and `CreateMigrationBlob` command functions to enable testing of migration auth bug fix
- A bug fix in TakeOwnership that prevented successful authorization of the command
- A session leak in a couple of TPM 1.2 tests (`TestOIAP` and `TestOSAP`)
- Improvements to the TPM 1.2 tests to allow execution on a TPM that needs to be started up
- Initial effort at documentation for running the TPM 1.2 tests against the IBM simulator

* Delete extraneous file