Support PIN through pinentry + session encryption

[Foxboron]

There is something weird happening with the session encryption when used together with the signing. Inconsistent attributes apparently?

Need to figure out that one.

[tomoveu]

@Foxboron I remember Alex Wu mentioned during TPMdev2021 conference that Go-tpm does not support parameter encryption session at the time. Back then, Google primarily used go-tpm for virtual TPMs. Later on, encryption session support was added, but I do not know how complete it is.

Would you like me to check with Alex and Jim, perhaps also Christ @ Google about this?

Cheers,
Dimi / Founder of TPM.dev

[Foxboron]

Would you like me to check with Alex and Jim, perhaps also Christ @ Google about this?

The talk from 2021 is just very old at this point. They gave up on trying to implement everything inside the higher-level abstraction tpm2 library in go-tpm and have moved to the tpmdirect implementation from Chris Fenner (Google/TCG) which is a 1:1 implementation of the TPM spec.

It does support session encryption, as you'd expect.

Chris also reviewed my usage of the new API in age-plugin-tpm, and the code reviewed there is mostly copy-pasted to this project.

Foxboron/age-plugin-tpm#9

See Foxboron/age-plugin-tpm#9 (comment)

[Foxboron]

Should also mark this as fixed with 2ab0b32

[tomoveu]

I am happy that you solved it.

The tpm-direct interface changed things a lot. Originally, go-tpm was made as something that will provide a mild layer for easy of us and safety, and would never give users the direct access (re 2021 go-tpm goals). Funny how things change over time :)

[Foxboron]

Fixed with 2ab0b32 and ebc50ff