Merge branch 'keyfile'

* keyfile:
  ssh-tpm-keygen: guard against invalid bit lengths a bit better
  update dependencies
  remove old marshalling tests
  implement key descriptions properly
  agent: Improve error for old keys
  add gitignore
  keyfile: description is a string
  remove workflow environment spam
  Move key format to ASN.1 TPM Key
  ssh-tpm-agent: close tpm in test
  fetch new go-tpm-keyfiles dependency
  move keytype from ECDSA to ECC
  Remove RSA SRKs and stick with ECC ones

Author: Foxboron

.github/workflows/build.yml

@@ -10,7 +10,6 @@ jobs:
   build:
     name: Build binaries
     runs-on: ubuntu-latest
-    environment: "Build, sign, release binaries"
     strategy:
       matrix:
         include:

.gitignore

@@ -0,0 +1,2 @@
+bin
+*.tar.gz*

agent/agent.go

@@ -124,7 +124,7 @@ func (a *Agent) List() ([]*agent.Key, error) {
 		agentKeys = append(agentKeys, &agent.Key{
 			Format:  pk.Type(),
 			Blob:    pk.Marshal(),
-			Comment: string(k.Comment),
+			Comment: k.Description(),
 		})
 	}
 
@@ -297,7 +297,12 @@ func LoadKeys(keyDir string) (map[string]*key.Key, error) {
 
 		k, err := key.DecodeKey(f)
 		if err != nil {
-			slog.Debug("not a TPM sealed key", slog.String("key_path", path), slog.String("error", err.Error()))
+			if errors.Is(err, key.ErrOldKey) {
+				slog.Info("TPM key is in an old format. Will not load it.", slog.String("key_path", path), slog.String("error", err.Error()))
+
+			} else {
+				slog.Debug("not a TPM sealed key", slog.String("key_path", path), slog.String("error", err.Error()))
+			}
 			return nil
 		}
 

agent/agent_test.go

@@ -49,12 +49,17 @@ func TestAddKey(t *testing.T) {
 
 	client := agent.NewClient(conn)
 
-	k, err := key.CreateKey(tpm, tpm2.TPMAlgECDSA, 256, []byte(""), []byte(""))
+	k, err := key.CreateKey(tpm, tpm2.TPMAlgECC, 256, []byte(""), "")
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	_, err = client.Extension(SSH_TPM_AGENT_ADD, key.EncodeKey(k))
+	encodedkey, err := key.EncodeKey(k)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	_, err = client.Extension(SSH_TPM_AGENT_ADD, encodedkey)
 	if err != nil {
 		t.Fatal(err)
 	}

cmd/ssh-tpm-agent/main.go

@@ -16,6 +16,7 @@ import (
 	"github.com/foxboron/ssh-tpm-agent/key"
 	"github.com/foxboron/ssh-tpm-agent/pinentry"
 	"github.com/foxboron/ssh-tpm-agent/utils"
+	"github.com/google/go-tpm/tpm2"
 	"github.com/google/go-tpm/tpm2/transport"
 	sshagent "golang.org/x/crypto/ssh/agent"
 	"golang.org/x/exp/slices"
@@ -202,7 +203,8 @@ func main() {
 
 		// PIN Callback
 		func(key *key.Key) ([]byte, error) {
-			keyHash := sha256.Sum256(key.Public.Bytes())
+			pbytes := tpm2.New2B(key.Pubkey)
+			keyHash := sha256.Sum256(pbytes.Bytes())
 			keyInfo := fmt.Sprintf("ssh-tpm-agent/%x", keyHash)
 			return pinentry.GetPinentry(keyInfo)
 		},

cmd/ssh-tpm-agent/main_test.go

@@ -109,8 +109,9 @@ func runSSHAuth(t *testing.T, keytype tpm2.TPMAlgID, bits int) {
 	if err != nil {
 		t.Fatal(err)
 	}
+	defer tpm.Close()
 
-	k, err := key.CreateKey(tpm, keytype, bits, []byte(""), []byte(""))
+	k, err := key.CreateKey(tpm, keytype, bits, []byte(""), "")
 	if err != nil {
 		t.Fatalf("failed creating key: %v", err)
 	}
@@ -185,15 +186,15 @@ func runSSHAuth(t *testing.T, keytype tpm2.TPMAlgID, bits int) {
 
 func TestSSHAuth(t *testing.T) {
 	t.Run("ecdsa p256 - agent", func(t *testing.T) {
-		runSSHAuth(t, tpm2.TPMAlgECDSA, 256)
+		runSSHAuth(t, tpm2.TPMAlgECC, 256)
 	})
 	t.Run("rsa - agent", func(t *testing.T) {
 		runSSHAuth(t, tpm2.TPMAlgRSA, 2048)
 	})
 	t.Run("ecdsa p384 - agent", func(t *testing.T) {
-		runSSHAuth(t, tpm2.TPMAlgECDSA, 384)
+		runSSHAuth(t, tpm2.TPMAlgECC, 384)
 	})
 	t.Run("ecdsa p521 - agent", func(t *testing.T) {
-		runSSHAuth(t, tpm2.TPMAlgECDSA, 521)
+		runSSHAuth(t, tpm2.TPMAlgECC, 521)
 	})
 }

cmd/ssh-tpm-keygen/main.go

@@ -13,6 +13,7 @@ import (
 	"os"
 	"os/user"
 	"path"
+	"slices"
 	"strings"
 	"syscall"
 
@@ -141,6 +142,8 @@ func main() {
 	}
 	defer tpm.Close()
 
+	supportedECCBitsizes := key.SupportedECCAlgorithms(tpm)
+
 	if listsupported {
 		fmt.Printf("ecdsa bit lengths:")
 		for _, alg := range key.SupportedECCAlgorithms(tpm) {
@@ -177,16 +180,19 @@ func main() {
 
 			slog.Info("Generating new host key", slog.String("algorithm", strings.ToUpper(n)))
 
-			k, err := key.CreateKey(tpm, t.alg, t.bits, []byte(""), []byte(defaultComment))
+			k, err := key.CreateKey(tpm, t.alg, t.bits, []byte(""), defaultComment)
 			if err != nil {
 				log.Fatal(err)
 			}
 
 			if err := os.WriteFile(pubkeyFilename, k.AuthorizedKey(), 0o600); err != nil {
 				log.Fatal(err)
 			}
-
-			if err := os.WriteFile(privatekeyFilename, k.Encode(), 0o600); err != nil {
+			encodedkey, err := k.Encode()
+			if err != nil {
+				log.Fatal(err)
+			}
+			if err := os.WriteFile(privatekeyFilename, encodedkey, 0o600); err != nil {
 				log.Fatal(err)
 			}
 
@@ -202,8 +208,13 @@ func main() {
 
 	switch keyType {
 	case "ecdsa":
-		tpmkeyType = tpm2.TPMAlgECDSA
+		tpmkeyType = tpm2.TPMAlgECC
 		filename = "id_ecdsa"
+
+		if !slices.Contains(supportedECCBitsizes, bits) {
+			log.Fatalf("invalid ecdsa key length: TPM does not support %v bits", bits)
+		}
+
 	case "rsa":
 		tpmkeyType = tpm2.TPMAlgRSA
 		filename = "id_rsa"
@@ -254,6 +265,9 @@ func main() {
 		switch key := rawKey.(type) {
 		case *ecdsa.PrivateKey:
 			toImportKey = *key
+			if !slices.Contains(supportedECCBitsizes, key.Params().BitSize) {
+				log.Fatalf("invalid ecdsa key length: TPM does not support %v bits", key.Params().BitSize)
+			}
 		case *rsa.PrivateKey:
 			if key.N.BitLen() != 2048 {
 				log.Fatal("can only support 2048 bit RSA")
@@ -327,12 +341,12 @@ func main() {
 
 	if importKey != "" {
 		// TODO: Read public key for comment
-		k, err = key.ImportKey(tpm, toImportKey, pin, []byte(comment))
+		k, err = key.ImportKey(tpm, toImportKey, pin, comment)
 		if err != nil {
 			log.Fatal(err)
 		}
 	} else {
-		k, err = key.CreateKey(tpm, tpmkeyType, bits, pin, []byte(comment))
+		k, err = key.CreateKey(tpm, tpmkeyType, bits, pin, comment)
 		if err != nil {
 			log.Fatal(err)
 		}
@@ -344,7 +358,12 @@ func main() {
 		}
 	}
 
-	if err := os.WriteFile(privatekeyFilename, k.Encode(), 0o600); err != nil {
+	encodedkey, err := k.Encode()
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	if err := os.WriteFile(privatekeyFilename, encodedkey, 0o600); err != nil {
 		log.Fatal(err)
 	}
 

go.mod

@@ -1,20 +1,21 @@
 module github.com/foxboron/ssh-tpm-agent
 
-go 1.22
+go 1.22.0
 
 require (
+	github.com/foxboron/go-tpm-keyfiles v0.0.0-20240224135548-465ca703cf09
 	github.com/foxboron/swtpm_test v0.0.0-20230726224112-46aaafdf7006
 	github.com/google/go-tpm v0.9.1-0.20230807150904-c49efc441a60
-	github.com/twpayne/go-pinentry v0.2.0
-	golang.org/x/crypto v0.12.0
-	golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63
-	golang.org/x/term v0.11.0
+	github.com/twpayne/go-pinentry v0.3.0
+	golang.org/x/crypto v0.19.0
+	golang.org/x/exp v0.0.0-20240222234643-814bf88cf225
+	golang.org/x/term v0.17.0
 )
 
 require (
 	github.com/google/go-tpm-tools v0.3.13-0.20230620182252-4639ecce2aba // indirect
-	github.com/rs/zerolog v1.26.0 // indirect
-	go.uber.org/atomic v1.7.0 // indirect
-	go.uber.org/multierr v1.8.0 // indirect
-	golang.org/x/sys v0.11.0 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/rs/zerolog v1.32.0 // indirect
+	golang.org/x/sys v0.17.0 // indirect
 )

go.sum

@@ -1,7 +1,10 @@
-github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/alecthomas/assert/v2 v2.2.2 h1:Z/iVC0xZfWTaFNE6bA3z07T86hd45Xe2eLt6WVy2bbk=
+github.com/alecthomas/assert/v2 v2.2.2/go.mod h1:pXcQ2Asjp247dahGEmsZ6ru0UVwnkhktn7S0bBDLxvQ=
+github.com/alecthomas/repr v0.2.0 h1:HAzS41CIzNW5syS8Mf9UwXhNH1J9aix/BvDRf1Ml2Yk=
+github.com/alecthomas/repr v0.2.0/go.mod h1:Fr0507jx4eOXV7AlPV6AVZLYrLIuIeSOWtW57eE/O/4=
+github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
+github.com/foxboron/go-tpm-keyfiles v0.0.0-20240224135548-465ca703cf09 h1:GDGfrGCVy9elCgb632QPT5XU8azF5O5CuuurF//oYD0=
+github.com/foxboron/go-tpm-keyfiles v0.0.0-20240224135548-465ca703cf09/go.mod h1:Y5SsZTulz5NFq7aigID+rsWMgAq72YHHTUD0Zo2iar8=
 github.com/foxboron/swtpm_test v0.0.0-20230726224112-46aaafdf7006 h1:50sW4r0PcvlpG4PV8tYh2RVCapszJgaOLRCS2subvV4=
 github.com/foxboron/swtpm_test v0.0.0-20230726224112-46aaafdf7006/go.mod h1:eIXCMsMYCaqq9m1KSSxXwQG11krpuNPGP3k0uaWrbas=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
@@ -17,60 +20,33 @@ github.com/google/logger v1.1.1 h1:+6Z2geNxc9G+4D4oDO9njjjn2d0wN5d7uOo0vOIW1NQ=
 github.com/google/logger v1.1.1/go.mod h1:BkeJZ+1FhQ+/d087r4dzojEg1u2ZX+ZqG1jTUrLM+zQ=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
+github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
+github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
+github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
+github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
+github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/pborman/uuid v1.2.0 h1:J7Q5mO4ysT1dv8hyrUGHb9+ooztCXu1D8MY8DZYsu3g=
 github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/rs/xid v1.3.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
-github.com/rs/zerolog v1.26.0 h1:ORM4ibhEZeTeQlCojCK2kPz1ogAY4bGs4tD+SaAdGaE=
-github.com/rs/zerolog v1.26.0/go.mod h1:yBiM87lvSqX8h0Ww4sdzNSkVYZ8dL2xjZJG1lAuGZEo=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
-github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/twpayne/go-pinentry v0.2.0 h1:hS5NEJiilop9xP9pBX/1NYduzDlGGMdg1KamTBTrOWw=
-github.com/twpayne/go-pinentry v0.2.0/go.mod h1:r6buhMwARxnnL0VRBqfd1tE6Fadk1kfP00GRMutEspY=
-github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw=
-go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/multierr v1.8.0 h1:dg6GjLku4EH+249NNmoIciG9N/jURbDG+pFlTkhzIC8=
-go.uber.org/multierr v1.8.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak=
-golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk=
-golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
-golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 h1:m64FZMko/V45gv0bNmrNYoDEq8U5YUhetc9cBWKS1TQ=
-golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63/go.mod h1:0v4NqG35kSWCMzLaMeX+IQrlSnVE/bqGSyC2cz/9Le8=
-golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM=
-golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0=
-golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
+github.com/rs/zerolog v1.32.0 h1:keLypqrlIjaFsbmJOBdB/qvyF8KEtCWHwobLp5l/mQ0=
+github.com/rs/zerolog v1.32.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss=
+github.com/twpayne/go-pinentry v0.3.0 h1:Rr+fEOZXmeItOb4thjeVaBWJKB9Xa/eojolycyF/26c=
+github.com/twpayne/go-pinentry v0.3.0/go.mod h1:iOIZD+9np/2V24OdCGos7Y1/xX90wc6VEAZsgb+r9D4=
+golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo=
+golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
+golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 h1:LfspQV/FYTatPTr/3HzIcmiUFH7PGP+OQ6mgDYo3yuQ=
+golang.org/x/exp v0.0.0-20240222234643-814bf88cf225/go.mod h1:CxmFvTBINI24O/j8iY7H1xHzx2i4OsyguNBmN/uPtqc=
+golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U=
+golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
 google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
-gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=