tpm-key_attestation 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +13 -0
- data/.rspec +3 -0
- data/.rubocop.yml +188 -0
- data/.travis.yml +28 -0
- data/Appraisals +16 -0
- data/CHANGELOG.md +24 -0
- data/Gemfile +12 -0
- data/Gemfile.lock +58 -0
- data/LICENSE +201 -0
- data/README.md +51 -0
- data/Rakefile +10 -0
- data/SECURITY.md +8 -0
- data/bin/console +15 -0
- data/bin/setup +8 -0
- data/gemfiles/openssl_2_0.gemfile +11 -0
- data/gemfiles/openssl_2_1.gemfile +11 -0
- data/gemfiles/openssl_default.gemfile +10 -0
- data/gemfiles/openssl_head.gemfile +11 -0
- data/lib/tpm/certify_validator.rb +39 -0
- data/lib/tpm/constants.rb +44 -0
- data/lib/tpm/ek_certificate.rb +85 -0
- data/lib/tpm/key_attestation.rb +48 -0
- data/lib/tpm/key_attestation/version.rb +7 -0
- data/lib/tpm/public_area.rb +41 -0
- data/lib/tpm/s_attest.rb +30 -0
- data/lib/tpm/s_attest/s_certify_info.rb +14 -0
- data/lib/tpm/sized_buffer.rb +13 -0
- data/lib/tpm/t_public.rb +90 -0
- data/lib/tpm/t_public/s_ecc_parms.rb +17 -0
- data/lib/tpm/t_public/s_rsa_parms.rb +17 -0
- data/tpm-key_attestation.gemspec +29 -0
- metadata +90 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: fbe3cdf38d6460a938f807e18343011b5b1222fd0a3451c40ca0675ea30e74b1
|
4
|
+
data.tar.gz: 7bad2c9779bc3c15cb591ca6ca7a54ac0c608727166056360c31d77bc5cc23fd
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 0ffae87bcd8326dcbaaad92e9d487843461ae07d67dc20b0934d1130de00b8c167553c072e8674a41214f330952b9b6bb39ada04d2f6aad2bf62c3748c056e14
|
7
|
+
data.tar.gz: 2f650b3bd139b0db1c41eccbc99cd59f9a4af01454b94b31672cfad58c253c5c4cfc36ffccabc561b651d0b1a7789dc94420c8b680245cd1215053328ca2ce18
|
data/.gitignore
ADDED
data/.rspec
ADDED
data/.rubocop.yml
ADDED
@@ -0,0 +1,188 @@
|
|
1
|
+
AllCops:
|
2
|
+
TargetRubyVersion: 2.3
|
3
|
+
DisabledByDefault: true
|
4
|
+
Exclude:
|
5
|
+
- "gemfiles/**/*"
|
6
|
+
|
7
|
+
Bundler:
|
8
|
+
Enabled: true
|
9
|
+
|
10
|
+
Gemspec:
|
11
|
+
Enabled: true
|
12
|
+
|
13
|
+
Layout:
|
14
|
+
Enabled: true
|
15
|
+
|
16
|
+
Layout/LineLength:
|
17
|
+
Max: 120
|
18
|
+
|
19
|
+
Lint:
|
20
|
+
Enabled: true
|
21
|
+
|
22
|
+
Naming:
|
23
|
+
Enabled: true
|
24
|
+
|
25
|
+
Security:
|
26
|
+
Enabled: true
|
27
|
+
|
28
|
+
Style/BlockComments:
|
29
|
+
Enabled: true
|
30
|
+
|
31
|
+
Style/BracesAroundHashParameters:
|
32
|
+
Enabled: true
|
33
|
+
|
34
|
+
Style/CaseEquality:
|
35
|
+
Enabled: true
|
36
|
+
|
37
|
+
Style/ClassAndModuleChildren:
|
38
|
+
Enabled: true
|
39
|
+
|
40
|
+
Style/ClassMethods:
|
41
|
+
Enabled: true
|
42
|
+
|
43
|
+
Style/ClassVars:
|
44
|
+
Enabled: true
|
45
|
+
|
46
|
+
Style/CommentAnnotation:
|
47
|
+
Enabled: true
|
48
|
+
|
49
|
+
Style/ConditionalAssignment:
|
50
|
+
Enabled: true
|
51
|
+
|
52
|
+
Style/DefWithParentheses:
|
53
|
+
Enabled: true
|
54
|
+
|
55
|
+
Style/Dir:
|
56
|
+
Enabled: true
|
57
|
+
|
58
|
+
Style/EachForSimpleLoop:
|
59
|
+
Enabled: true
|
60
|
+
|
61
|
+
Style/EachWithObject:
|
62
|
+
Enabled: true
|
63
|
+
|
64
|
+
Style/EmptyBlockParameter:
|
65
|
+
Enabled: true
|
66
|
+
|
67
|
+
Style/EmptyCaseCondition:
|
68
|
+
Enabled: true
|
69
|
+
|
70
|
+
Style/EmptyElse:
|
71
|
+
Enabled: true
|
72
|
+
|
73
|
+
Style/EmptyLambdaParameter:
|
74
|
+
Enabled: true
|
75
|
+
|
76
|
+
Style/EmptyLiteral:
|
77
|
+
Enabled: true
|
78
|
+
|
79
|
+
Style/EvenOdd:
|
80
|
+
Enabled: true
|
81
|
+
|
82
|
+
Style/ExpandPathArguments:
|
83
|
+
Enabled: true
|
84
|
+
|
85
|
+
Style/For:
|
86
|
+
Enabled: true
|
87
|
+
|
88
|
+
Style/FrozenStringLiteralComment:
|
89
|
+
Enabled: true
|
90
|
+
|
91
|
+
Style/GlobalVars:
|
92
|
+
Enabled: true
|
93
|
+
|
94
|
+
Style/HashSyntax:
|
95
|
+
Enabled: true
|
96
|
+
|
97
|
+
Style/IdenticalConditionalBranches:
|
98
|
+
Enabled: true
|
99
|
+
|
100
|
+
Style/IfInsideElse:
|
101
|
+
Enabled: true
|
102
|
+
|
103
|
+
Style/InverseMethods:
|
104
|
+
Enabled: true
|
105
|
+
|
106
|
+
Style/MethodCallWithoutArgsParentheses:
|
107
|
+
Enabled: true
|
108
|
+
|
109
|
+
Style/MethodDefParentheses:
|
110
|
+
Enabled: true
|
111
|
+
|
112
|
+
Style/MultilineMemoization:
|
113
|
+
Enabled: true
|
114
|
+
|
115
|
+
Style/MutableConstant:
|
116
|
+
Enabled: true
|
117
|
+
|
118
|
+
Style/NestedParenthesizedCalls:
|
119
|
+
Enabled: true
|
120
|
+
|
121
|
+
Style/OptionalArguments:
|
122
|
+
Enabled: true
|
123
|
+
|
124
|
+
Style/ParenthesesAroundCondition:
|
125
|
+
Enabled: true
|
126
|
+
|
127
|
+
Style/RedundantBegin:
|
128
|
+
Enabled: true
|
129
|
+
|
130
|
+
Style/RedundantConditional:
|
131
|
+
Enabled: true
|
132
|
+
|
133
|
+
Style/RedundantException:
|
134
|
+
Enabled: true
|
135
|
+
|
136
|
+
Style/RedundantFreeze:
|
137
|
+
Enabled: true
|
138
|
+
|
139
|
+
Style/RedundantInterpolation:
|
140
|
+
Enabled: true
|
141
|
+
|
142
|
+
Style/RedundantParentheses:
|
143
|
+
Enabled: true
|
144
|
+
|
145
|
+
Style/RedundantPercentQ:
|
146
|
+
Enabled: true
|
147
|
+
|
148
|
+
Style/RedundantReturn:
|
149
|
+
Enabled: true
|
150
|
+
|
151
|
+
Style/RedundantSelf:
|
152
|
+
Enabled: true
|
153
|
+
|
154
|
+
Style/Semicolon:
|
155
|
+
Enabled: true
|
156
|
+
|
157
|
+
Style/SingleLineMethods:
|
158
|
+
Enabled: true
|
159
|
+
|
160
|
+
Style/SpecialGlobalVars:
|
161
|
+
Enabled: true
|
162
|
+
|
163
|
+
Style/SymbolLiteral:
|
164
|
+
Enabled: true
|
165
|
+
|
166
|
+
Style/TrailingBodyOnClass:
|
167
|
+
Enabled: true
|
168
|
+
|
169
|
+
Style/TrailingBodyOnMethodDefinition:
|
170
|
+
Enabled: true
|
171
|
+
|
172
|
+
Style/TrailingBodyOnModule:
|
173
|
+
Enabled: true
|
174
|
+
|
175
|
+
Style/TrailingMethodEndStatement:
|
176
|
+
Enabled: true
|
177
|
+
|
178
|
+
Style/TrivialAccessors:
|
179
|
+
Enabled: true
|
180
|
+
|
181
|
+
Style/UnpackFirst:
|
182
|
+
Enabled: true
|
183
|
+
|
184
|
+
Style/YodaCondition:
|
185
|
+
Enabled: true
|
186
|
+
|
187
|
+
Style/ZeroLengthPredicate:
|
188
|
+
Enabled: true
|
data/.travis.yml
ADDED
@@ -0,0 +1,28 @@
|
|
1
|
+
---
|
2
|
+
dist: bionic
|
3
|
+
language: ruby
|
4
|
+
cache: bundler
|
5
|
+
|
6
|
+
rvm:
|
7
|
+
- ruby-head
|
8
|
+
- 2.7.0
|
9
|
+
- 2.6.5
|
10
|
+
- 2.5.7
|
11
|
+
- 2.4.9
|
12
|
+
- 2.3.8
|
13
|
+
|
14
|
+
gemfile:
|
15
|
+
- gemfiles/openssl_head.gemfile
|
16
|
+
- gemfiles/openssl_2_1.gemfile
|
17
|
+
- gemfiles/openssl_2_0.gemfile
|
18
|
+
- gemfiles/openssl_default.gemfile
|
19
|
+
|
20
|
+
matrix:
|
21
|
+
fast_finish: true
|
22
|
+
allow_failures:
|
23
|
+
- rvm: ruby-head
|
24
|
+
- gemfile: gemfiles/openssl_head.gemfile
|
25
|
+
|
26
|
+
before_install:
|
27
|
+
- gem install bundler -v "~> 2.0"
|
28
|
+
- rm Gemfile.lock
|
data/Appraisals
ADDED
@@ -0,0 +1,16 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
appraise "openssl_head" do
|
4
|
+
gem "openssl", git: "https://github.com/ruby/openssl"
|
5
|
+
end
|
6
|
+
|
7
|
+
appraise "openssl_2_1" do
|
8
|
+
gem "openssl", "~> 2.1.0"
|
9
|
+
end
|
10
|
+
|
11
|
+
appraise "openssl_2_0" do
|
12
|
+
gem "openssl", "~> 2.0.0"
|
13
|
+
end
|
14
|
+
|
15
|
+
appraise "openssl_default" do
|
16
|
+
end
|
data/CHANGELOG.md
ADDED
@@ -0,0 +1,24 @@
|
|
1
|
+
# Changelog
|
2
|
+
|
3
|
+
## [v0.3.0] - 2020-01-20
|
4
|
+
|
5
|
+
### Added
|
6
|
+
|
7
|
+
- `TPM::KeyAttestation#key` returns attested key as an instance of `OpenSSL::PKey::PKey`
|
8
|
+
|
9
|
+
## [v0.2.0] - 2020-01-16
|
10
|
+
|
11
|
+
### Added
|
12
|
+
|
13
|
+
- `TPM::KeyAttestation#valid?`
|
14
|
+
|
15
|
+
## [v0.1.0] - 2020-01-15
|
16
|
+
|
17
|
+
### Added
|
18
|
+
|
19
|
+
- `TPM::EKCertificate` wrapper
|
20
|
+
- `TPM::SAttest` wrapper
|
21
|
+
|
22
|
+
[v0.3.0]: https://github.com/cedarcode/tpm-key_attestation/compare/v0.2.0...v0.3.0/
|
23
|
+
[v0.2.0]: https://github.com/cedarcode/tpm-key_attestation/compare/v0.1.0...v0.2.0/
|
24
|
+
[v0.1.0]: https://github.com/cedarcode/tpm-key_attestation/compare/57c926ef7e83830cee8d111fdc5ccaf99ab2e861...v0.1.0/
|
data/Gemfile
ADDED
data/Gemfile.lock
ADDED
@@ -0,0 +1,58 @@
|
|
1
|
+
PATH
|
2
|
+
remote: .
|
3
|
+
specs:
|
4
|
+
tpm-key_attestation (0.2.0)
|
5
|
+
bindata (~> 2.4)
|
6
|
+
|
7
|
+
GEM
|
8
|
+
remote: https://rubygems.org/
|
9
|
+
specs:
|
10
|
+
appraisal (2.2.0)
|
11
|
+
bundler
|
12
|
+
rake
|
13
|
+
thor (>= 0.14.0)
|
14
|
+
ast (2.4.0)
|
15
|
+
bindata (2.4.4)
|
16
|
+
diff-lcs (1.3)
|
17
|
+
jaro_winkler (1.5.4)
|
18
|
+
parallel (1.19.1)
|
19
|
+
parser (2.7.0.2)
|
20
|
+
ast (~> 2.4.0)
|
21
|
+
rainbow (3.0.0)
|
22
|
+
rake (12.3.3)
|
23
|
+
rspec (3.9.0)
|
24
|
+
rspec-core (~> 3.9.0)
|
25
|
+
rspec-expectations (~> 3.9.0)
|
26
|
+
rspec-mocks (~> 3.9.0)
|
27
|
+
rspec-core (3.9.1)
|
28
|
+
rspec-support (~> 3.9.1)
|
29
|
+
rspec-expectations (3.9.0)
|
30
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
31
|
+
rspec-support (~> 3.9.0)
|
32
|
+
rspec-mocks (3.9.1)
|
33
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
34
|
+
rspec-support (~> 3.9.0)
|
35
|
+
rspec-support (3.9.2)
|
36
|
+
rubocop (0.79.0)
|
37
|
+
jaro_winkler (~> 1.5.1)
|
38
|
+
parallel (~> 1.10)
|
39
|
+
parser (>= 2.7.0.1)
|
40
|
+
rainbow (>= 2.2.2, < 4.0)
|
41
|
+
ruby-progressbar (~> 1.7)
|
42
|
+
unicode-display_width (>= 1.4.0, < 1.7)
|
43
|
+
ruby-progressbar (1.10.1)
|
44
|
+
thor (1.0.1)
|
45
|
+
unicode-display_width (1.6.0)
|
46
|
+
|
47
|
+
PLATFORMS
|
48
|
+
ruby
|
49
|
+
|
50
|
+
DEPENDENCIES
|
51
|
+
appraisal (~> 2.2.0)
|
52
|
+
rake (~> 12.0)
|
53
|
+
rspec (~> 3.0)
|
54
|
+
rubocop
|
55
|
+
tpm-key_attestation!
|
56
|
+
|
57
|
+
BUNDLED WITH
|
58
|
+
2.1.4
|
data/LICENSE
ADDED
@@ -0,0 +1,201 @@
|
|
1
|
+
Apache License
|
2
|
+
Version 2.0, January 2004
|
3
|
+
http://www.apache.org/licenses/
|
4
|
+
|
5
|
+
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
6
|
+
|
7
|
+
1. Definitions.
|
8
|
+
|
9
|
+
"License" shall mean the terms and conditions for use, reproduction,
|
10
|
+
and distribution as defined by Sections 1 through 9 of this document.
|
11
|
+
|
12
|
+
"Licensor" shall mean the copyright owner or entity authorized by
|
13
|
+
the copyright owner that is granting the License.
|
14
|
+
|
15
|
+
"Legal Entity" shall mean the union of the acting entity and all
|
16
|
+
other entities that control, are controlled by, or are under common
|
17
|
+
control with that entity. For the purposes of this definition,
|
18
|
+
"control" means (i) the power, direct or indirect, to cause the
|
19
|
+
direction or management of such entity, whether by contract or
|
20
|
+
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
21
|
+
outstanding shares, or (iii) beneficial ownership of such entity.
|
22
|
+
|
23
|
+
"You" (or "Your") shall mean an individual or Legal Entity
|
24
|
+
exercising permissions granted by this License.
|
25
|
+
|
26
|
+
"Source" form shall mean the preferred form for making modifications,
|
27
|
+
including but not limited to software source code, documentation
|
28
|
+
source, and configuration files.
|
29
|
+
|
30
|
+
"Object" form shall mean any form resulting from mechanical
|
31
|
+
transformation or translation of a Source form, including but
|
32
|
+
not limited to compiled object code, generated documentation,
|
33
|
+
and conversions to other media types.
|
34
|
+
|
35
|
+
"Work" shall mean the work of authorship, whether in Source or
|
36
|
+
Object form, made available under the License, as indicated by a
|
37
|
+
copyright notice that is included in or attached to the work
|
38
|
+
(an example is provided in the Appendix below).
|
39
|
+
|
40
|
+
"Derivative Works" shall mean any work, whether in Source or Object
|
41
|
+
form, that is based on (or derived from) the Work and for which the
|
42
|
+
editorial revisions, annotations, elaborations, or other modifications
|
43
|
+
represent, as a whole, an original work of authorship. For the purposes
|
44
|
+
of this License, Derivative Works shall not include works that remain
|
45
|
+
separable from, or merely link (or bind by name) to the interfaces of,
|
46
|
+
the Work and Derivative Works thereof.
|
47
|
+
|
48
|
+
"Contribution" shall mean any work of authorship, including
|
49
|
+
the original version of the Work and any modifications or additions
|
50
|
+
to that Work or Derivative Works thereof, that is intentionally
|
51
|
+
submitted to Licensor for inclusion in the Work by the copyright owner
|
52
|
+
or by an individual or Legal Entity authorized to submit on behalf of
|
53
|
+
the copyright owner. For the purposes of this definition, "submitted"
|
54
|
+
means any form of electronic, verbal, or written communication sent
|
55
|
+
to the Licensor or its representatives, including but not limited to
|
56
|
+
communication on electronic mailing lists, source code control systems,
|
57
|
+
and issue tracking systems that are managed by, or on behalf of, the
|
58
|
+
Licensor for the purpose of discussing and improving the Work, but
|
59
|
+
excluding communication that is conspicuously marked or otherwise
|
60
|
+
designated in writing by the copyright owner as "Not a Contribution."
|
61
|
+
|
62
|
+
"Contributor" shall mean Licensor and any individual or Legal Entity
|
63
|
+
on behalf of whom a Contribution has been received by Licensor and
|
64
|
+
subsequently incorporated within the Work.
|
65
|
+
|
66
|
+
2. Grant of Copyright License. Subject to the terms and conditions of
|
67
|
+
this License, each Contributor hereby grants to You a perpetual,
|
68
|
+
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
69
|
+
copyright license to reproduce, prepare Derivative Works of,
|
70
|
+
publicly display, publicly perform, sublicense, and distribute the
|
71
|
+
Work and such Derivative Works in Source or Object form.
|
72
|
+
|
73
|
+
3. Grant of Patent License. Subject to the terms and conditions of
|
74
|
+
this License, each Contributor hereby grants to You a perpetual,
|
75
|
+
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
76
|
+
(except as stated in this section) patent license to make, have made,
|
77
|
+
use, offer to sell, sell, import, and otherwise transfer the Work,
|
78
|
+
where such license applies only to those patent claims licensable
|
79
|
+
by such Contributor that are necessarily infringed by their
|
80
|
+
Contribution(s) alone or by combination of their Contribution(s)
|
81
|
+
with the Work to which such Contribution(s) was submitted. If You
|
82
|
+
institute patent litigation against any entity (including a
|
83
|
+
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
84
|
+
or a Contribution incorporated within the Work constitutes direct
|
85
|
+
or contributory patent infringement, then any patent licenses
|
86
|
+
granted to You under this License for that Work shall terminate
|
87
|
+
as of the date such litigation is filed.
|
88
|
+
|
89
|
+
4. Redistribution. You may reproduce and distribute copies of the
|
90
|
+
Work or Derivative Works thereof in any medium, with or without
|
91
|
+
modifications, and in Source or Object form, provided that You
|
92
|
+
meet the following conditions:
|
93
|
+
|
94
|
+
(a) You must give any other recipients of the Work or
|
95
|
+
Derivative Works a copy of this License; and
|
96
|
+
|
97
|
+
(b) You must cause any modified files to carry prominent notices
|
98
|
+
stating that You changed the files; and
|
99
|
+
|
100
|
+
(c) You must retain, in the Source form of any Derivative Works
|
101
|
+
that You distribute, all copyright, patent, trademark, and
|
102
|
+
attribution notices from the Source form of the Work,
|
103
|
+
excluding those notices that do not pertain to any part of
|
104
|
+
the Derivative Works; and
|
105
|
+
|
106
|
+
(d) If the Work includes a "NOTICE" text file as part of its
|
107
|
+
distribution, then any Derivative Works that You distribute must
|
108
|
+
include a readable copy of the attribution notices contained
|
109
|
+
within such NOTICE file, excluding those notices that do not
|
110
|
+
pertain to any part of the Derivative Works, in at least one
|
111
|
+
of the following places: within a NOTICE text file distributed
|
112
|
+
as part of the Derivative Works; within the Source form or
|
113
|
+
documentation, if provided along with the Derivative Works; or,
|
114
|
+
within a display generated by the Derivative Works, if and
|
115
|
+
wherever such third-party notices normally appear. The contents
|
116
|
+
of the NOTICE file are for informational purposes only and
|
117
|
+
do not modify the License. You may add Your own attribution
|
118
|
+
notices within Derivative Works that You distribute, alongside
|
119
|
+
or as an addendum to the NOTICE text from the Work, provided
|
120
|
+
that such additional attribution notices cannot be construed
|
121
|
+
as modifying the License.
|
122
|
+
|
123
|
+
You may add Your own copyright statement to Your modifications and
|
124
|
+
may provide additional or different license terms and conditions
|
125
|
+
for use, reproduction, or distribution of Your modifications, or
|
126
|
+
for any such Derivative Works as a whole, provided Your use,
|
127
|
+
reproduction, and distribution of the Work otherwise complies with
|
128
|
+
the conditions stated in this License.
|
129
|
+
|
130
|
+
5. Submission of Contributions. Unless You explicitly state otherwise,
|
131
|
+
any Contribution intentionally submitted for inclusion in the Work
|
132
|
+
by You to the Licensor shall be under the terms and conditions of
|
133
|
+
this License, without any additional terms or conditions.
|
134
|
+
Notwithstanding the above, nothing herein shall supersede or modify
|
135
|
+
the terms of any separate license agreement you may have executed
|
136
|
+
with Licensor regarding such Contributions.
|
137
|
+
|
138
|
+
6. Trademarks. This License does not grant permission to use the trade
|
139
|
+
names, trademarks, service marks, or product names of the Licensor,
|
140
|
+
except as required for reasonable and customary use in describing the
|
141
|
+
origin of the Work and reproducing the content of the NOTICE file.
|
142
|
+
|
143
|
+
7. Disclaimer of Warranty. Unless required by applicable law or
|
144
|
+
agreed to in writing, Licensor provides the Work (and each
|
145
|
+
Contributor provides its Contributions) on an "AS IS" BASIS,
|
146
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
147
|
+
implied, including, without limitation, any warranties or conditions
|
148
|
+
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
149
|
+
PARTICULAR PURPOSE. You are solely responsible for determining the
|
150
|
+
appropriateness of using or redistributing the Work and assume any
|
151
|
+
risks associated with Your exercise of permissions under this License.
|
152
|
+
|
153
|
+
8. Limitation of Liability. In no event and under no legal theory,
|
154
|
+
whether in tort (including negligence), contract, or otherwise,
|
155
|
+
unless required by applicable law (such as deliberate and grossly
|
156
|
+
negligent acts) or agreed to in writing, shall any Contributor be
|
157
|
+
liable to You for damages, including any direct, indirect, special,
|
158
|
+
incidental, or consequential damages of any character arising as a
|
159
|
+
result of this License or out of the use or inability to use the
|
160
|
+
Work (including but not limited to damages for loss of goodwill,
|
161
|
+
work stoppage, computer failure or malfunction, or any and all
|
162
|
+
other commercial damages or losses), even if such Contributor
|
163
|
+
has been advised of the possibility of such damages.
|
164
|
+
|
165
|
+
9. Accepting Warranty or Additional Liability. While redistributing
|
166
|
+
the Work or Derivative Works thereof, You may choose to offer,
|
167
|
+
and charge a fee for, acceptance of support, warranty, indemnity,
|
168
|
+
or other liability obligations and/or rights consistent with this
|
169
|
+
License. However, in accepting such obligations, You may act only
|
170
|
+
on Your own behalf and on Your sole responsibility, not on behalf
|
171
|
+
of any other Contributor, and only if You agree to indemnify,
|
172
|
+
defend, and hold each Contributor harmless for any liability
|
173
|
+
incurred by, or claims asserted against, such Contributor by reason
|
174
|
+
of your accepting any such warranty or additional liability.
|
175
|
+
|
176
|
+
END OF TERMS AND CONDITIONS
|
177
|
+
|
178
|
+
APPENDIX: How to apply the Apache License to your work.
|
179
|
+
|
180
|
+
To apply the Apache License to your work, attach the following
|
181
|
+
boilerplate notice, with the fields enclosed by brackets "[]"
|
182
|
+
replaced with your own identifying information. (Don't include
|
183
|
+
the brackets!) The text should be enclosed in the appropriate
|
184
|
+
comment syntax for the file format. We also recommend that a
|
185
|
+
file or class name and description of purpose be included on the
|
186
|
+
same "printed page" as the copyright notice for easier
|
187
|
+
identification within third-party archives.
|
188
|
+
|
189
|
+
Copyright [yyyy] [name of copyright owner]
|
190
|
+
|
191
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
192
|
+
you may not use this file except in compliance with the License.
|
193
|
+
You may obtain a copy of the License at
|
194
|
+
|
195
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
196
|
+
|
197
|
+
Unless required by applicable law or agreed to in writing, software
|
198
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
199
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
200
|
+
See the License for the specific language governing permissions and
|
201
|
+
limitations under the License.
|
data/README.md
ADDED
@@ -0,0 +1,51 @@
|
|
1
|
+
# tpm-key_attestation
|
2
|
+
|
3
|
+
TPM Key Attestation utitlies
|
4
|
+
|
5
|
+
[![Gem](https://img.shields.io/gem/v/tpm-key_attestation.svg?style=flat-square)](https://rubygems.org/gems/tpm-key_attestation)
|
6
|
+
[![Travis](https://img.shields.io/travis/cedarcode/tpm-key_attestation.svg?style=flat-square)](https://travis-ci.org/cedarcode/tpm-key_attestation)
|
7
|
+
|
8
|
+
## Installation
|
9
|
+
|
10
|
+
Add this line to your application's Gemfile:
|
11
|
+
|
12
|
+
```ruby
|
13
|
+
gem 'tpm-key_attestation'
|
14
|
+
```
|
15
|
+
|
16
|
+
And then execute:
|
17
|
+
|
18
|
+
$ bundle install
|
19
|
+
|
20
|
+
Or install it yourself as:
|
21
|
+
|
22
|
+
$ gem install tpm-key_attestation
|
23
|
+
|
24
|
+
## Usage
|
25
|
+
|
26
|
+
```ruby
|
27
|
+
key_attestation =
|
28
|
+
TPM::KeyAttestation.new(
|
29
|
+
certify_info,
|
30
|
+
signature,
|
31
|
+
certified_object,
|
32
|
+
signing_key,
|
33
|
+
hash_function,
|
34
|
+
quilifying_data
|
35
|
+
)
|
36
|
+
|
37
|
+
if key_attestation.valid?
|
38
|
+
key_attestation.key
|
39
|
+
end
|
40
|
+
```
|
41
|
+
|
42
|
+
## Development
|
43
|
+
|
44
|
+
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
45
|
+
|
46
|
+
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
|
47
|
+
|
48
|
+
## Contributing
|
49
|
+
|
50
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/cedarcode/tpm-key_attestation.
|
51
|
+
|
data/Rakefile
ADDED
data/SECURITY.md
ADDED
data/bin/console
ADDED
@@ -0,0 +1,15 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
require "bundler/setup"
|
5
|
+
require "tpm/key_attestation"
|
6
|
+
|
7
|
+
# You can add fixtures and/or initialization code here to make experimenting
|
8
|
+
# with your gem easier. You can also use a different console, if you like.
|
9
|
+
|
10
|
+
# (If you use this, don't forget to add pry to your Gemfile!)
|
11
|
+
# require "pry"
|
12
|
+
# Pry.start
|
13
|
+
|
14
|
+
require "irb"
|
15
|
+
IRB.start(__FILE__)
|
data/bin/setup
ADDED
@@ -0,0 +1,39 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "tpm/constants"
|
4
|
+
require "tpm/public_area"
|
5
|
+
require "tpm/s_attest"
|
6
|
+
|
7
|
+
module TPM
|
8
|
+
class CertifyValidator
|
9
|
+
attr_reader :info, :signature, :nonce, :object
|
10
|
+
|
11
|
+
def initialize(info, signature, nonce, object)
|
12
|
+
@info = info
|
13
|
+
@signature = signature
|
14
|
+
@nonce = nonce
|
15
|
+
@object = object
|
16
|
+
end
|
17
|
+
|
18
|
+
def valid?(signing_key, hash_function)
|
19
|
+
valid_info? && valid_signature?(signing_key, hash_function)
|
20
|
+
end
|
21
|
+
|
22
|
+
private
|
23
|
+
|
24
|
+
def valid_info?
|
25
|
+
attest.attested_type == TPM::ST_ATTEST_CERTIFY &&
|
26
|
+
attest.extra_data.buffer == nonce &&
|
27
|
+
attest.magic == TPM::GENERATED_VALUE &&
|
28
|
+
attest.attested.name.buffer == TPM::PublicArea.new(object).name
|
29
|
+
end
|
30
|
+
|
31
|
+
def valid_signature?(signing_key, hash_function)
|
32
|
+
signing_key.verify(hash_function, signature, info)
|
33
|
+
end
|
34
|
+
|
35
|
+
def attest
|
36
|
+
@attest ||= TPM::SAttest.deserialize(info)
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
@@ -0,0 +1,44 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module TPM
|
4
|
+
# Section 6 in https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
|
5
|
+
|
6
|
+
GENERATED_VALUE = 0xFF544347
|
7
|
+
|
8
|
+
ST_ATTEST_CERTIFY = 0x8017
|
9
|
+
|
10
|
+
# Algorithms
|
11
|
+
ALG_RSA = 0x0001
|
12
|
+
ALG_SHA1 = 0x0004
|
13
|
+
ALG_SHA256 = 0x000B
|
14
|
+
ALG_NULL = 0x0010
|
15
|
+
ALG_RSASSA = 0x0014
|
16
|
+
ALG_RSAPSS = 0x0016
|
17
|
+
ALG_ECDSA = 0x0018
|
18
|
+
ALG_ECC = 0x0023
|
19
|
+
|
20
|
+
# ECC curves
|
21
|
+
ECC_NIST_P256 = 0x0003
|
22
|
+
|
23
|
+
# https://trustedcomputinggroup.org/resource/vendor-id-registry/ section 2 "TPM Capabilities Vendor ID (CAP_VID)"
|
24
|
+
VENDOR_IDS = {
|
25
|
+
"id:414D4400" => "AMD",
|
26
|
+
"id:41544D4C" => "Atmel",
|
27
|
+
"id:4252434D" => "Broadcom",
|
28
|
+
"id:49424D00" => "IBM",
|
29
|
+
"id:49465800" => "Infineon",
|
30
|
+
"id:494E5443" => "Intel",
|
31
|
+
"id:4C454E00" => "Lenovo",
|
32
|
+
"id:4E534D20" => "National Semiconductor",
|
33
|
+
"id:4E545A00" => "Nationz",
|
34
|
+
"id:4E544300" => "Nuvoton Technology",
|
35
|
+
"id:51434F4D" => "Qualcomm",
|
36
|
+
"id:534D5343" => "SMSC",
|
37
|
+
"id:53544D20" => "ST Microelectronics",
|
38
|
+
"id:534D534E" => "Samsung",
|
39
|
+
"id:534E5300" => "Sinosun",
|
40
|
+
"id:54584E00" => "Texas Instruments",
|
41
|
+
"id:57454300" => "Winbond",
|
42
|
+
"id:524F4343" => "Fuzhou Rockchip",
|
43
|
+
}.freeze
|
44
|
+
end
|
@@ -0,0 +1,85 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "delegate"
|
4
|
+
require "openssl"
|
5
|
+
require "tpm/constants"
|
6
|
+
|
7
|
+
module TPM
|
8
|
+
# Section 3.2 in https://www.trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_EK_V2.0_R14_published.pdf
|
9
|
+
class EKCertificate < SimpleDelegator
|
10
|
+
ASN_V3 = 2
|
11
|
+
EMPTY_NAME = OpenSSL::X509::Name.new([]).freeze
|
12
|
+
SAN_DIRECTORY_NAME = 4
|
13
|
+
OID_TCG_AT_TPM_MANUFACTURER = "2.23.133.2.1"
|
14
|
+
OID_TCG_AT_TPM_MODEL = "2.23.133.2.2"
|
15
|
+
OID_TCG_AT_TPM_VERSION = "2.23.133.2.3"
|
16
|
+
OID_TCG_KP_AIK_CERTIFICATE = "2.23.133.8.3"
|
17
|
+
|
18
|
+
def self.from_der(certificate_der)
|
19
|
+
new(OpenSSL::X509::Certificate.new(certificate_der))
|
20
|
+
end
|
21
|
+
|
22
|
+
def conformant?
|
23
|
+
in_use? &&
|
24
|
+
valid_version? &&
|
25
|
+
valid_extended_key_usage? &&
|
26
|
+
valid_basic_constraints? &&
|
27
|
+
valid_subject_alternative_name?
|
28
|
+
end
|
29
|
+
|
30
|
+
def empty_subject?
|
31
|
+
subject.eql?(EMPTY_NAME)
|
32
|
+
end
|
33
|
+
|
34
|
+
private
|
35
|
+
|
36
|
+
def in_use?
|
37
|
+
now = Time.now
|
38
|
+
|
39
|
+
not_before < now && now < not_after
|
40
|
+
end
|
41
|
+
|
42
|
+
def valid_version?
|
43
|
+
version == ASN_V3
|
44
|
+
end
|
45
|
+
|
46
|
+
def valid_basic_constraints?
|
47
|
+
basic_constraints = extension("basicConstraints")
|
48
|
+
|
49
|
+
basic_constraints && basic_constraints.value == "CA:FALSE" && basic_constraints.critical?
|
50
|
+
end
|
51
|
+
|
52
|
+
def valid_extended_key_usage?
|
53
|
+
extended_key_usage = extension("extendedKeyUsage")
|
54
|
+
|
55
|
+
extended_key_usage && extended_key_usage.value == OID_TCG_KP_AIK_CERTIFICATE && !extended_key_usage.critical?
|
56
|
+
end
|
57
|
+
|
58
|
+
def valid_subject_alternative_name?
|
59
|
+
extension = extensions.detect { |ext| ext.oid == "subjectAltName" }
|
60
|
+
return unless extension
|
61
|
+
|
62
|
+
san_asn1 =
|
63
|
+
OpenSSL::ASN1.decode(extension).find do |val|
|
64
|
+
val.tag_class == :UNIVERSAL && val.tag == OpenSSL::ASN1::OCTET_STRING
|
65
|
+
end
|
66
|
+
directory_name =
|
67
|
+
OpenSSL::ASN1.decode(san_asn1.value).find do |val|
|
68
|
+
val.tag_class == :CONTEXT_SPECIFIC && val.tag == SAN_DIRECTORY_NAME
|
69
|
+
end
|
70
|
+
name = OpenSSL::X509::Name.new(directory_name.value.first).to_a
|
71
|
+
manufacturer = name.assoc(OID_TCG_AT_TPM_MANUFACTURER).at(1)
|
72
|
+
model = name.assoc(OID_TCG_AT_TPM_MODEL).at(1)
|
73
|
+
version = name.assoc(OID_TCG_AT_TPM_VERSION).at(1)
|
74
|
+
|
75
|
+
::TPM::VENDOR_IDS[manufacturer] &&
|
76
|
+
!model.empty? &&
|
77
|
+
!version.empty? &&
|
78
|
+
(empty_subject? && extension.critical? || !empty_subject? && !extension.critical?)
|
79
|
+
end
|
80
|
+
|
81
|
+
def extension(oid)
|
82
|
+
extensions.detect { |ext| ext.oid == oid }
|
83
|
+
end
|
84
|
+
end
|
85
|
+
end
|
@@ -0,0 +1,48 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "tpm/key_attestation/version"
|
4
|
+
require "tpm/certify_validator"
|
5
|
+
|
6
|
+
module TPM
|
7
|
+
class KeyAttestation
|
8
|
+
class Error < StandardError; end
|
9
|
+
|
10
|
+
attr_reader :certify_info, :signature, :certified_object, :signing_key, :hash_function, :qualifying_data
|
11
|
+
|
12
|
+
def initialize(certify_info, signature, certified_object, signing_key, hash_function, qualifying_data)
|
13
|
+
@certify_info = certify_info
|
14
|
+
@signature = signature
|
15
|
+
|
16
|
+
@certified_object = certified_object
|
17
|
+
@signing_key = signing_key
|
18
|
+
@hash_function = hash_function
|
19
|
+
@qualifying_data = qualifying_data
|
20
|
+
end
|
21
|
+
|
22
|
+
def key
|
23
|
+
if valid?
|
24
|
+
public_area.key
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
def valid?
|
29
|
+
certify_validator.valid?(signing_key, hash_function)
|
30
|
+
end
|
31
|
+
|
32
|
+
private
|
33
|
+
|
34
|
+
def certify_validator
|
35
|
+
@certify_validator ||=
|
36
|
+
TPM::CertifyValidator.new(
|
37
|
+
certify_info,
|
38
|
+
signature,
|
39
|
+
qualifying_data,
|
40
|
+
certified_object
|
41
|
+
)
|
42
|
+
end
|
43
|
+
|
44
|
+
def public_area
|
45
|
+
@public_area ||= TPM::PublicArea.new(certified_object)
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
@@ -0,0 +1,41 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "openssl"
|
4
|
+
require "tpm/t_public"
|
5
|
+
|
6
|
+
module TPM
|
7
|
+
TPM_TO_OPENSSL_HASH_ALG = {
|
8
|
+
TPM::ALG_SHA1 => "SHA1",
|
9
|
+
TPM::ALG_SHA256 => "SHA256"
|
10
|
+
}.freeze
|
11
|
+
|
12
|
+
class PublicArea
|
13
|
+
attr_reader :object
|
14
|
+
|
15
|
+
def initialize(object)
|
16
|
+
@object = object
|
17
|
+
end
|
18
|
+
|
19
|
+
def name
|
20
|
+
[name_alg].pack("n") + name_digest
|
21
|
+
end
|
22
|
+
|
23
|
+
def key
|
24
|
+
t_public.key
|
25
|
+
end
|
26
|
+
|
27
|
+
private
|
28
|
+
|
29
|
+
def name_digest
|
30
|
+
OpenSSL::Digest.digest(TPM_TO_OPENSSL_HASH_ALG[name_alg], object)
|
31
|
+
end
|
32
|
+
|
33
|
+
def name_alg
|
34
|
+
t_public.name_alg
|
35
|
+
end
|
36
|
+
|
37
|
+
def t_public
|
38
|
+
@t_public ||= TPM::TPublic.deserialize(object)
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
data/lib/tpm/s_attest.rb
ADDED
@@ -0,0 +1,30 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "bindata"
|
4
|
+
require "tpm/constants"
|
5
|
+
require "tpm/sized_buffer"
|
6
|
+
require "tpm/s_attest/s_certify_info"
|
7
|
+
|
8
|
+
module TPM
|
9
|
+
# Section 10.12.8 in https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
|
10
|
+
class SAttest < BinData::Record
|
11
|
+
class << self
|
12
|
+
alias_method :deserialize, :read
|
13
|
+
end
|
14
|
+
|
15
|
+
endian :big
|
16
|
+
|
17
|
+
uint32 :magic
|
18
|
+
uint16 :attested_type
|
19
|
+
sized_buffer :qualified_signer
|
20
|
+
sized_buffer :extra_data
|
21
|
+
|
22
|
+
# s_clock_info :clock_info
|
23
|
+
# uint64 :firmware_version
|
24
|
+
skip length: 25
|
25
|
+
|
26
|
+
choice :attested, selection: :attested_type do
|
27
|
+
s_certify_info TPM::ST_ATTEST_CERTIFY
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "bindata"
|
4
|
+
require "tpm/sized_buffer"
|
5
|
+
|
6
|
+
module TPM
|
7
|
+
class SAttest < BinData::Record
|
8
|
+
# Section 10.12.3 in https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
|
9
|
+
class SCertifyInfo < BinData::Record
|
10
|
+
sized_buffer :name
|
11
|
+
sized_buffer :qualified_name
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
@@ -0,0 +1,13 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "bindata"
|
4
|
+
|
5
|
+
module TPM
|
6
|
+
# Section 10.4 in https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
|
7
|
+
class SizedBuffer < BinData::Record
|
8
|
+
endian :big
|
9
|
+
|
10
|
+
uint16 :buffer_size, value: lambda { buffer.size }
|
11
|
+
string :buffer, read_length: :buffer_size
|
12
|
+
end
|
13
|
+
end
|
data/lib/tpm/t_public.rb
ADDED
@@ -0,0 +1,90 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "bindata"
|
4
|
+
require "tpm/constants"
|
5
|
+
require "tpm/sized_buffer"
|
6
|
+
require "tpm/t_public/s_ecc_parms"
|
7
|
+
require "tpm/t_public/s_rsa_parms"
|
8
|
+
|
9
|
+
module TPM
|
10
|
+
# Section 12.2.4 in https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
|
11
|
+
class TPublic < BinData::Record
|
12
|
+
BYTE_LENGTH = 8
|
13
|
+
CURVE_TPM_TO_OPENSSL = { TPM::ECC_NIST_P256 => "prime256v1" }.freeze
|
14
|
+
|
15
|
+
class << self
|
16
|
+
alias_method :deserialize, :read
|
17
|
+
end
|
18
|
+
|
19
|
+
endian :big
|
20
|
+
|
21
|
+
uint16 :alg_type
|
22
|
+
uint16 :name_alg
|
23
|
+
|
24
|
+
# :object_attributes
|
25
|
+
skip length: 4
|
26
|
+
|
27
|
+
sized_buffer :auth_policy
|
28
|
+
|
29
|
+
choice :parameters, selection: :alg_type do
|
30
|
+
s_ecc_parms TPM::ALG_ECC
|
31
|
+
s_rsa_parms TPM::ALG_RSA
|
32
|
+
end
|
33
|
+
|
34
|
+
choice :unique, selection: :alg_type do
|
35
|
+
sized_buffer TPM::ALG_ECC
|
36
|
+
sized_buffer TPM::ALG_RSA
|
37
|
+
end
|
38
|
+
|
39
|
+
def key
|
40
|
+
if parameters.symmetric == ::TPM::ALG_NULL
|
41
|
+
case alg_type
|
42
|
+
when TPM::ALG_ECC
|
43
|
+
ecc_key
|
44
|
+
when TPM::ALG_RSA
|
45
|
+
rsa_key
|
46
|
+
else
|
47
|
+
raise "Type #{alg_type} not supported"
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
private
|
53
|
+
|
54
|
+
def ecc_key
|
55
|
+
if parameters.scheme == TPM::ALG_ECDSA
|
56
|
+
curve = CURVE_TPM_TO_OPENSSL[parameters.curve_id]
|
57
|
+
|
58
|
+
if curve
|
59
|
+
group = OpenSSL::PKey::EC::Group.new(curve)
|
60
|
+
pkey = OpenSSL::PKey::EC.new(group)
|
61
|
+
public_key_bn = OpenSSL::BN.new("\x04" + unique.buffer.value, 2)
|
62
|
+
public_key_point = OpenSSL::PKey::EC::Point.new(group, public_key_bn)
|
63
|
+
pkey.public_key = public_key_point
|
64
|
+
|
65
|
+
pkey
|
66
|
+
end
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
def rsa_key
|
71
|
+
case parameters.scheme
|
72
|
+
when TPM::ALG_RSASSA, TPM::ALG_RSAPSS, TPM::ALG_NULL
|
73
|
+
n = unique.buffer.value
|
74
|
+
|
75
|
+
if parameters.key_bits / BYTE_LENGTH == n.size
|
76
|
+
key = OpenSSL::PKey::RSA.new(parameters.key_bits.value)
|
77
|
+
key.set_key(bn(n), nil, nil)
|
78
|
+
|
79
|
+
key.public_key
|
80
|
+
end
|
81
|
+
end
|
82
|
+
end
|
83
|
+
|
84
|
+
def bn(data)
|
85
|
+
if data
|
86
|
+
OpenSSL::BN.new(data, 2)
|
87
|
+
end
|
88
|
+
end
|
89
|
+
end
|
90
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "bindata"
|
4
|
+
|
5
|
+
module TPM
|
6
|
+
class TPublic < BinData::Record
|
7
|
+
# Section 12.2.3.6 in https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
|
8
|
+
class SEccParms < BinData::Record
|
9
|
+
endian :big
|
10
|
+
|
11
|
+
uint16 :symmetric
|
12
|
+
uint16 :scheme
|
13
|
+
uint16 :curve_id
|
14
|
+
uint16 :kdf
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "bindata"
|
4
|
+
|
5
|
+
module TPM
|
6
|
+
class TPublic < BinData::Record
|
7
|
+
# Section 12.2.3.5 in https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
|
8
|
+
class SRsaParms < BinData::Record
|
9
|
+
endian :big
|
10
|
+
|
11
|
+
uint16 :symmetric
|
12
|
+
uint16 :scheme
|
13
|
+
uint16 :key_bits
|
14
|
+
uint32 :exponent
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require_relative 'lib/tpm/key_attestation/version'
|
4
|
+
|
5
|
+
Gem::Specification.new do |spec|
|
6
|
+
spec.name = "tpm-key_attestation"
|
7
|
+
spec.version = TPM::KeyAttestation::VERSION
|
8
|
+
spec.authors = ["Gonzalo"]
|
9
|
+
spec.license = "Apache-2.0"
|
10
|
+
|
11
|
+
spec.summary = "TPM Key Attestation verifier"
|
12
|
+
spec.homepage = "https://github.com/cedarcode/tpm-key_attestation"
|
13
|
+
spec.required_ruby_version = Gem::Requirement.new(">= 2.3.0")
|
14
|
+
|
15
|
+
spec.metadata["homepage_uri"] = spec.homepage
|
16
|
+
spec.metadata["source_code_uri"] = spec.homepage
|
17
|
+
spec.metadata["changelog_uri"] = "#{spec.homepage}/blob/master/CHANGELOG.md"
|
18
|
+
|
19
|
+
# Specify which files should be added to the gem when it is released.
|
20
|
+
# The `git ls-files -z` loads the files in the RubyGem that have been added into git.
|
21
|
+
spec.files = Dir.chdir(File.expand_path(__dir__)) do
|
22
|
+
`git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
23
|
+
end
|
24
|
+
spec.bindir = "exe"
|
25
|
+
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
26
|
+
spec.require_paths = ["lib"]
|
27
|
+
|
28
|
+
spec.add_dependency "bindata", "~> 2.4"
|
29
|
+
end
|
metadata
ADDED
@@ -0,0 +1,90 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: tpm-key_attestation
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.3.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Gonzalo
|
8
|
+
autorequire:
|
9
|
+
bindir: exe
|
10
|
+
cert_chain: []
|
11
|
+
date: 2020-01-20 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: bindata
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '2.4'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '2.4'
|
27
|
+
description:
|
28
|
+
email:
|
29
|
+
executables: []
|
30
|
+
extensions: []
|
31
|
+
extra_rdoc_files: []
|
32
|
+
files:
|
33
|
+
- ".gitignore"
|
34
|
+
- ".rspec"
|
35
|
+
- ".rubocop.yml"
|
36
|
+
- ".travis.yml"
|
37
|
+
- Appraisals
|
38
|
+
- CHANGELOG.md
|
39
|
+
- Gemfile
|
40
|
+
- Gemfile.lock
|
41
|
+
- LICENSE
|
42
|
+
- README.md
|
43
|
+
- Rakefile
|
44
|
+
- SECURITY.md
|
45
|
+
- bin/console
|
46
|
+
- bin/setup
|
47
|
+
- gemfiles/openssl_2_0.gemfile
|
48
|
+
- gemfiles/openssl_2_1.gemfile
|
49
|
+
- gemfiles/openssl_default.gemfile
|
50
|
+
- gemfiles/openssl_head.gemfile
|
51
|
+
- lib/tpm/certify_validator.rb
|
52
|
+
- lib/tpm/constants.rb
|
53
|
+
- lib/tpm/ek_certificate.rb
|
54
|
+
- lib/tpm/key_attestation.rb
|
55
|
+
- lib/tpm/key_attestation/version.rb
|
56
|
+
- lib/tpm/public_area.rb
|
57
|
+
- lib/tpm/s_attest.rb
|
58
|
+
- lib/tpm/s_attest/s_certify_info.rb
|
59
|
+
- lib/tpm/sized_buffer.rb
|
60
|
+
- lib/tpm/t_public.rb
|
61
|
+
- lib/tpm/t_public/s_ecc_parms.rb
|
62
|
+
- lib/tpm/t_public/s_rsa_parms.rb
|
63
|
+
- tpm-key_attestation.gemspec
|
64
|
+
homepage: https://github.com/cedarcode/tpm-key_attestation
|
65
|
+
licenses:
|
66
|
+
- Apache-2.0
|
67
|
+
metadata:
|
68
|
+
homepage_uri: https://github.com/cedarcode/tpm-key_attestation
|
69
|
+
source_code_uri: https://github.com/cedarcode/tpm-key_attestation
|
70
|
+
changelog_uri: https://github.com/cedarcode/tpm-key_attestation/blob/master/CHANGELOG.md
|
71
|
+
post_install_message:
|
72
|
+
rdoc_options: []
|
73
|
+
require_paths:
|
74
|
+
- lib
|
75
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
76
|
+
requirements:
|
77
|
+
- - ">="
|
78
|
+
- !ruby/object:Gem::Version
|
79
|
+
version: 2.3.0
|
80
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
81
|
+
requirements:
|
82
|
+
- - ">="
|
83
|
+
- !ruby/object:Gem::Version
|
84
|
+
version: '0'
|
85
|
+
requirements: []
|
86
|
+
rubygems_version: 3.1.2
|
87
|
+
signing_key:
|
88
|
+
specification_version: 4
|
89
|
+
summary: TPM Key Attestation verifier
|
90
|
+
test_files: []
|