tpm-key_attestation 0.6.0 → 0.7.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (44) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +12 -0
  3. data/Gemfile +1 -2
  4. data/Gemfile.lock +3 -3
  5. data/README.md +1 -1
  6. data/gemfiles/openssl_2_0.gemfile +2 -1
  7. data/gemfiles/openssl_2_1.gemfile +2 -1
  8. data/gemfiles/openssl_default.gemfile +2 -1
  9. data/gemfiles/openssl_head.gemfile +2 -1
  10. data/lib/tpm/{ek_certificate.rb → aik_certificate.rb} +56 -29
  11. data/lib/tpm/certificates/AMD/RootCA/AMD-fTPM-ECC-RootCA.crt +0 -0
  12. data/lib/tpm/certificates/AMD/RootCA/AMD-fTPM-RSA-RootCA.crt +0 -0
  13. data/lib/tpm/certificates/Atmel/RootCA/Atmel TPM Root Signing Module.der +0 -0
  14. data/lib/tpm/certificates/Infineon/RootCA/IFX TPM EK Root CA.cer +0 -0
  15. data/lib/tpm/certificates/Infineon/RootCA/IFX-RootCA.cer +0 -0
  16. data/lib/tpm/certificates/Infineon/RootCA/IFX_TPM_RootCert_008.crt +0 -0
  17. data/lib/tpm/certificates/Infineon/RootCA/Infineon OPTIGA(TM) ECC Root CA.crt +0 -0
  18. data/lib/tpm/certificates/Infineon/RootCA/Infineon OPTIGA(TM) RSA Root CA.crt +0 -0
  19. data/lib/tpm/certificates/Intel/RootCA/EKRootPublicKey.cer +0 -0
  20. data/lib/tpm/certificates/Microsoft/RootCA/Microsoft TPM Root Certificate Authority 2014.cer +0 -0
  21. data/lib/tpm/certificates/NationZ/RootCA/EkRootCA.crt +15 -0
  22. data/lib/tpm/certificates/Nuvoton/RootCA/NTC TPM EK Root CA 01.cer +0 -0
  23. data/lib/tpm/certificates/Nuvoton/RootCA/NTC TPM EK Root CA 02.cer +0 -0
  24. data/lib/tpm/certificates/Nuvoton/RootCA/NTC TPM EK Root CA ARSUF 01.cer +0 -0
  25. data/lib/tpm/certificates/Nuvoton/RootCA/Nuvoton TPM Root CA 1013.cer +0 -0
  26. data/lib/tpm/certificates/Nuvoton/RootCA/Nuvoton TPM Root CA 1014.cer +0 -0
  27. data/lib/tpm/certificates/Nuvoton/RootCA/Nuvoton TPM Root CA 1110.cer +0 -0
  28. data/lib/tpm/certificates/Nuvoton/RootCA/Nuvoton TPM Root CA 1111.cer +0 -0
  29. data/lib/tpm/certificates/Nuvoton/RootCA/Nuvoton TPM Root CA 2010.cer +0 -0
  30. data/lib/tpm/certificates/Nuvoton/RootCA/Nuvoton TPM Root CA 2011.cer +0 -0
  31. data/lib/tpm/certificates/Nuvoton/RootCA/Nuvoton TPM Root CA 2110.cer +0 -0
  32. data/lib/tpm/certificates/Nuvoton/RootCA/Nuvoton TPM Root CA 2111.cer +0 -0
  33. data/lib/tpm/certificates/QC/RootCA/Microsoft TPM Root Certificate Authority 2014.cer +0 -0
  34. data/lib/tpm/certificates/STMicro/RootCA/GlobalSign Trusted Computing CA.crt +0 -0
  35. data/lib/tpm/certificates/STMicro/RootCA/GlobalSign Trusted Platform Module ECC Root CA.crt +0 -0
  36. data/lib/tpm/certificates/STMicro/RootCA/ST TPM Root Certificate.crt +0 -0
  37. data/lib/tpm/certificates/STMicro/RootCA/STM TPM ECC Root CA 01.crt +0 -0
  38. data/lib/tpm/certify_validator.rb +1 -2
  39. data/lib/tpm/key_attestation.rb +45 -12
  40. data/lib/tpm/key_attestation/version.rb +1 -1
  41. data/lib/tpm/s_attest/s_certify_info.rb +2 -1
  42. data/lib/tpm/tpm2b_name.rb +18 -0
  43. data/lib/tpm/tpmt_ha.rb +20 -0
  44. metadata +33 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6b370d3aabc86bde782bf8cf6a6507f85edf56a676875fd4511c30dd4ddff1da
4
- data.tar.gz: 53ce92d16a1ab22b573236c0a859c8ebec4c6172679b22d957e6ebf3347d4531
3
+ metadata.gz: 060cbdfedb9cd4519611fb5d388035957e57adafaad608de0d98c4448a4dda51
4
+ data.tar.gz: 34dd516159fe8fe5d761c8fbbd263b43db23ed2976911fc36dc847b54d18b5e7
5
5
  SHA512:
6
- metadata.gz: 407f2c3dadf408a90c536cb5723e52ebc28e12f89231b93c6915ba182b7773960c256c7a2d5cc087bb3af02bf14522518cdafc279783321e3f0812daafe7b405
7
- data.tar.gz: '0787cf34b0c204ed54391766fceafdf28fb1fcc5a453887b0a8f671f13f6c4b89f9f562e6ec6b72e996b3668f4b797ec0a53acdee87174a8cb0ae97c6dbdf91f'
6
+ metadata.gz: 7f4da510b00f75763df1aa60bcdac51ae261be6384756f6476f4810314e9b61bc545c5d9c61b6aa93e8b09c94ba22fe2d436a085b788eea0ee0af226be006878
7
+ data.tar.gz: b4a4fb61c649f023033c5938171ec4d57e1df0044a40d1e994210f2da0ffaa6bd36439492526378ce9b9f433ced1d39ec9f30d0cb948c102243129c172c1b817
data/CHANGELOG.md CHANGED
@@ -1,5 +1,16 @@
1
1
  # Changelog
2
2
 
3
+ ## [v0.7.0] - 2020-02-25
4
+
5
+ ### Added
6
+
7
+ - `TPM::KeyAttestation#valid?` performs certificate path validation. In other words, it verifies trust up
8
+ to an acceptable trusted root certificate.
9
+
10
+ ### Changed
11
+
12
+ - Rename `TPM::EKCertificate` to `TPM::AIKCertificate` to fix semantics
13
+
3
14
  ## [v0.6.0] - 2020-01-30
4
15
 
5
16
  ### Changed
@@ -38,6 +49,7 @@ replacement of `JOSE` format `algorithm` string
38
49
  - `TPM::EKCertificate` wrapper
39
50
  - `TPM::SAttest` wrapper
40
51
 
52
+ [v0.7.0]: https://github.com/cedarcode/tpm-key_attestation/compare/v0.6.0...v0.7.0/
41
53
  [v0.6.0]: https://github.com/cedarcode/tpm-key_attestation/compare/v0.5.0...v0.6.0/
42
54
  [v0.5.0]: https://github.com/cedarcode/tpm-key_attestation/compare/v0.4.0...v0.5.0/
43
55
  [v0.4.0]: https://github.com/cedarcode/tpm-key_attestation/compare/v0.3.0...v0.4.0/
data/Gemfile CHANGED
@@ -9,5 +9,4 @@ gem "appraisal", "~> 2.2.0"
9
9
  gem "byebug", "~> 11.0"
10
10
  gem "rake", "~> 12.0"
11
11
  gem "rspec", "~> 3.0"
12
-
13
- gem "rubocop"
12
+ gem "rubocop", "~> 0.79.0"
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- tpm-key_attestation (0.6.0)
4
+ tpm-key_attestation (0.7.0)
5
5
  bindata (~> 2.4)
6
6
  openssl-signature_algorithm (~> 0.3.0)
7
7
 
@@ -13,7 +13,7 @@ GEM
13
13
  rake
14
14
  thor (>= 0.14.0)
15
15
  ast (2.4.0)
16
- bindata (2.4.4)
16
+ bindata (2.4.5)
17
17
  byebug (11.1.0)
18
18
  diff-lcs (1.3)
19
19
  jaro_winkler (1.5.4)
@@ -55,7 +55,7 @@ DEPENDENCIES
55
55
  byebug (~> 11.0)
56
56
  rake (~> 12.0)
57
57
  rspec (~> 3.0)
58
- rubocop
58
+ rubocop (~> 0.79.0)
59
59
  tpm-key_attestation!
60
60
 
61
61
  BUNDLED WITH
data/README.md CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  TPM Key Attestation utitlies
4
4
 
5
- [![Gem](https://img.shields.io/gem/v/tpm-key_attestation.svg?style=flat-square)](https://rubygems.org/gems/tpm-key_attestation)
5
+ [![Gem](https://img.shields.io/gem/v/tpm-key_attestation.svg?style=flat-square&color=informational)](https://rubygems.org/gems/tpm-key_attestation)
6
6
  [![Travis](https://img.shields.io/travis/cedarcode/tpm-key_attestation.svg?style=flat-square)](https://travis-ci.org/cedarcode/tpm-key_attestation)
7
7
 
8
8
  ## Installation
@@ -3,9 +3,10 @@
3
3
  source "https://rubygems.org"
4
4
 
5
5
  gem "appraisal", "~> 2.2.0"
6
+ gem "byebug", "~> 11.0"
6
7
  gem "rake", "~> 12.0"
7
8
  gem "rspec", "~> 3.0"
8
- gem "rubocop"
9
+ gem "rubocop", "~> 0.79.0"
9
10
  gem "openssl", "~> 2.0.0"
10
11
 
11
12
  gemspec path: "../"
@@ -3,9 +3,10 @@
3
3
  source "https://rubygems.org"
4
4
 
5
5
  gem "appraisal", "~> 2.2.0"
6
+ gem "byebug", "~> 11.0"
6
7
  gem "rake", "~> 12.0"
7
8
  gem "rspec", "~> 3.0"
8
- gem "rubocop"
9
+ gem "rubocop", "~> 0.79.0"
9
10
  gem "openssl", "~> 2.1.0"
10
11
 
11
12
  gemspec path: "../"
@@ -3,8 +3,9 @@
3
3
  source "https://rubygems.org"
4
4
 
5
5
  gem "appraisal", "~> 2.2.0"
6
+ gem "byebug", "~> 11.0"
6
7
  gem "rake", "~> 12.0"
7
8
  gem "rspec", "~> 3.0"
8
- gem "rubocop"
9
+ gem "rubocop", "~> 0.79.0"
9
10
 
10
11
  gemspec path: "../"
@@ -3,9 +3,10 @@
3
3
  source "https://rubygems.org"
4
4
 
5
5
  gem "appraisal", "~> 2.2.0"
6
+ gem "byebug", "~> 11.0"
6
7
  gem "rake", "~> 12.0"
7
8
  gem "rspec", "~> 3.0"
8
- gem "rubocop"
9
+ gem "rubocop", "~> 0.79.0"
9
10
  gem "openssl", git: "https://github.com/ruby/openssl"
10
11
 
11
12
  gemspec path: "../"
@@ -6,14 +6,15 @@ require "tpm/constants"
6
6
 
7
7
  module TPM
8
8
  # Section 3.2 in https://www.trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_EK_V2.0_R14_published.pdf
9
- class EKCertificate < SimpleDelegator
9
+ class AIKCertificate < SimpleDelegator
10
10
  ASN_V3 = 2
11
11
  EMPTY_NAME = OpenSSL::X509::Name.new([]).freeze
12
12
  SAN_DIRECTORY_NAME = 4
13
- OID_TCG_AT_TPM_MANUFACTURER = "2.23.133.2.1"
14
- OID_TCG_AT_TPM_MODEL = "2.23.133.2.2"
15
- OID_TCG_AT_TPM_VERSION = "2.23.133.2.3"
16
- OID_TCG_KP_AIK_CERTIFICATE = "2.23.133.8.3"
13
+ OID_TCG = "2.23.133"
14
+ OID_TCG_AT_TPM_MANUFACTURER = "#{OID_TCG}.2.1"
15
+ OID_TCG_AT_TPM_MODEL = "#{OID_TCG}.2.2"
16
+ OID_TCG_AT_TPM_VERSION = "#{OID_TCG}.2.3"
17
+ OID_TCG_KP_AIK_CERTIFICATE = "#{OID_TCG}.8.3"
17
18
 
18
19
  def self.from_der(certificate_der)
19
20
  new(OpenSSL::X509::Certificate.new(certificate_der))
@@ -24,13 +25,10 @@ module TPM
24
25
  valid_version? &&
25
26
  valid_extended_key_usage? &&
26
27
  valid_basic_constraints? &&
28
+ empty_subject? &&
27
29
  valid_subject_alternative_name?
28
30
  end
29
31
 
30
- def empty_subject?
31
- subject.eql?(EMPTY_NAME)
32
- end
33
-
34
32
  private
35
33
 
36
34
  def in_use?
@@ -55,31 +53,60 @@ module TPM
55
53
  extended_key_usage && extended_key_usage.value == OID_TCG_KP_AIK_CERTIFICATE && !extended_key_usage.critical?
56
54
  end
57
55
 
56
+ def empty_subject?
57
+ subject.eql?(EMPTY_NAME)
58
+ end
59
+
58
60
  def valid_subject_alternative_name?
59
- extension = extensions.detect { |ext| ext.oid == "subjectAltName" }
60
- return unless extension
61
-
62
- san_asn1 =
63
- OpenSSL::ASN1.decode(extension).find do |val|
64
- val.tag_class == :UNIVERSAL && val.tag == OpenSSL::ASN1::OCTET_STRING
65
- end
66
- directory_name =
67
- OpenSSL::ASN1.decode(san_asn1.value).find do |val|
68
- val.tag_class == :CONTEXT_SPECIFIC && val.tag == SAN_DIRECTORY_NAME
69
- end
70
- name = OpenSSL::X509::Name.new(directory_name.value.first).to_a
71
- manufacturer = name.assoc(OID_TCG_AT_TPM_MANUFACTURER).at(1)
72
- model = name.assoc(OID_TCG_AT_TPM_MODEL).at(1)
73
- version = name.assoc(OID_TCG_AT_TPM_VERSION).at(1)
74
-
75
- TPM::VENDOR_IDS[manufacturer] &&
76
- !model.empty? &&
77
- !version.empty? &&
78
- (empty_subject? && extension.critical? || !empty_subject? && !extension.critical?)
61
+ if san_extension
62
+ san_extension.critical? &&
63
+ !tpm_manufacturer.empty? &&
64
+ TPM::VENDOR_IDS[tpm_manufacturer] &&
65
+ !tpm_model.empty? &&
66
+ !tpm_version.empty?
67
+ end
79
68
  end
80
69
 
81
70
  def extension(oid)
82
71
  extensions.detect { |ext| ext.oid == oid }
83
72
  end
73
+
74
+ def tpm_manufacturer
75
+ if san_name
76
+ san_name.assoc(OID_TCG_AT_TPM_MANUFACTURER).at(1)
77
+ end
78
+ end
79
+
80
+ def tpm_model
81
+ if san_name
82
+ san_name.assoc(OID_TCG_AT_TPM_MODEL).at(1)
83
+ end
84
+ end
85
+
86
+ def tpm_version
87
+ if san_name
88
+ san_name.assoc(OID_TCG_AT_TPM_VERSION).at(1)
89
+ end
90
+ end
91
+
92
+ def san_name
93
+ if san_extension
94
+ san_asn1 =
95
+ OpenSSL::ASN1.decode(san_extension).find do |val|
96
+ val.tag_class == :UNIVERSAL && val.tag == OpenSSL::ASN1::OCTET_STRING
97
+ end
98
+
99
+ directory_name =
100
+ OpenSSL::ASN1.decode(san_asn1.value).find do |val|
101
+ val.tag_class == :CONTEXT_SPECIFIC && val.tag == SAN_DIRECTORY_NAME
102
+ end
103
+
104
+ OpenSSL::X509::Name.new(directory_name.value.first).to_a
105
+ end
106
+ end
107
+
108
+ def san_extension
109
+ extension("subjectAltName")
110
+ end
84
111
  end
85
112
  end
@@ -0,0 +1,15 @@
1
+ -----BEGIN CERTIFICATE-----
2
+ MIICRDCCAcqgAwIBAgIBATAKBggqhkjOPQQDAzBrMQswCQYDVQQGEwJDTjEhMB8G
3
+ A1UECgwYTmF0aW9ueiBUZWNobm9sb2dpZXMgSW5jMRswGQYDVQQLDBJOYXRpb256
4
+ IFRQTSBEZXZpY2UxHDAaBgNVBAMME05hdGlvbnogVFBNIFJvb3QgQ0EwHhcNMTcw
5
+ NTEyMDAwMDAwWhcNNDcwNTEzMDAwMDAwWjBrMQswCQYDVQQGEwJDTjEhMB8GA1UE
6
+ CgwYTmF0aW9ueiBUZWNobm9sb2dpZXMgSW5jMRswGQYDVQQLDBJOYXRpb256IFRQ
7
+ TSBEZXZpY2UxHDAaBgNVBAMME05hdGlvbnogVFBNIFJvb3QgQ0EwdjAQBgcqhkjO
8
+ PQIBBgUrgQQAIgNiAATvuDTN8TNvp3A9fSjWpDARLmvz7ItQrDq/mmuzvzInwQfs
9
+ YKUUJza4MXB3yS0PH1jjv1YMvaIBIalAgc+kahScQUy6W2fy6hd36pazmc/vQfG3
10
+ Gdhw56gGwRHx4rn4TuqjQjBAMB0GA1UdDgQWBBQ6vP8I314BDCtkB4vHzpUG9Aj9
11
+ 5DAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNo
12
+ ADBlAjApzqSmd4cCMKC7slJ4NE/7zweXZx89JzSEnEWGcq78jbbXCw6yM+R4nCNX
13
+ phflI9QCMQCeFOAvyR+DQvThfGFINABej+1zeDVIjuZHat3FHVyV0UQVClPgMlZu
14
+ TntipXwGOVY=
15
+ -----END CERTIFICATE-----
@@ -2,7 +2,6 @@
2
2
 
3
3
  require "openssl/signature_algorithm"
4
4
  require "tpm/constants"
5
- require "tpm/public_area"
6
5
  require "tpm/s_attest"
7
6
 
8
7
  module TPM
@@ -39,7 +38,7 @@ module TPM
39
38
  attest.attested_type == TPM::ST_ATTEST_CERTIFY &&
40
39
  attest.extra_data.buffer == nonce &&
41
40
  attest.magic == TPM::GENERATED_VALUE &&
42
- attest.attested.name.buffer == TPM::PublicArea.new(object).name
41
+ attest.attested.name.valid_for?(object)
43
42
  end
44
43
 
45
44
  def valid_signature?(verify_key)
@@ -1,50 +1,66 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require "openssl"
3
4
  require "tpm/key_attestation/version"
5
+ require "tpm/aik_certificate"
4
6
  require "tpm/certify_validator"
5
7
  require "tpm/constants"
6
8
 
7
9
  module TPM
8
10
  class KeyAttestation
11
+ # https://docs.microsoft.com/en-us/windows-server/security/guarded-fabric-shielded-vm/guarded-fabric-install-trusted-tpm-root-certificates
12
+ ROOT_CERTIFICATES =
13
+ begin
14
+ pattern = File.expand_path(File.join(__dir__, "certificates", "*", "RootCA", "*.*"))
15
+ Dir.glob(pattern).map do |filename|
16
+ File.open(filename) { |file| OpenSSL::X509::Certificate.new(file) }
17
+ end
18
+ end
19
+
9
20
  class Error < StandardError; end
10
21
 
11
22
  attr_reader(
12
23
  :certify_info,
13
24
  :signature,
14
- :certified_object,
15
- :signing_key,
25
+ :certified_key,
26
+ :certificates,
16
27
  :signature_algorithm,
17
28
  :hash_algorithm,
18
- :qualifying_data
29
+ :qualifying_data,
30
+ :root_certificates
19
31
  )
20
32
 
21
33
  def initialize(
22
34
  certify_info,
23
35
  signature,
24
- certified_object,
25
- signing_key,
36
+ certified_key,
37
+ certificates,
26
38
  qualifying_data,
27
39
  signature_algorithm: ALG_RSASSA,
28
- hash_algorithm: ALG_SHA256
40
+ hash_algorithm: ALG_SHA256,
41
+ root_certificates: ROOT_CERTIFICATES
29
42
  )
30
43
  @certify_info = certify_info
31
44
  @signature = signature
32
45
 
33
- @certified_object = certified_object
34
- @signing_key = signing_key
46
+ @certified_key = certified_key
47
+ @certificates = certificates
35
48
  @signature_algorithm = signature_algorithm
36
49
  @hash_algorithm = hash_algorithm
37
50
  @qualifying_data = qualifying_data
51
+ @root_certificates = root_certificates
38
52
  end
39
53
 
40
54
  def key
41
- if certify_validator.valid?(signing_key)
55
+ if valid?
42
56
  public_area.key
43
57
  end
44
58
  end
45
59
 
46
60
  def valid?
47
- !!key
61
+ certify_validator.valid?(aik_certificate.public_key) &&
62
+ aik_certificate.conformant? &&
63
+ trustworthy?
48
64
  end
49
65
 
50
66
  private
@@ -55,14 +71,31 @@ module TPM
55
71
  certify_info,
56
72
  signature,
57
73
  qualifying_data,
58
- certified_object,
74
+ certified_key,
59
75
  signature_algorithm: signature_algorithm,
60
76
  hash_algorithm: hash_algorithm
61
77
  )
62
78
  end
63
79
 
80
+ def trustworthy?
81
+ x509_certificates = certificates.map { |c| OpenSSL::X509::Certificate.new(c) }
82
+
83
+ trust_store.verify(x509_certificates[0], x509_certificates[1..-1])
84
+ end
85
+
86
+ def trust_store
87
+ @trust_store ||=
88
+ OpenSSL::X509::Store.new.tap do |trust_store|
89
+ root_certificates.each { |root_certificate| trust_store.add_cert(root_certificate) }
90
+ end
91
+ end
92
+
93
+ def aik_certificate
94
+ @aik_certificate ||= TPM::AIKCertificate.from_der(certificates.first)
95
+ end
96
+
64
97
  def public_area
65
- @public_area ||= TPM::PublicArea.new(certified_object)
98
+ @public_area ||= TPM::PublicArea.new(certified_key)
66
99
  end
67
100
  end
68
101
  end
@@ -2,6 +2,6 @@
2
2
 
3
3
  module TPM
4
4
  class KeyAttestation
5
- VERSION = "0.6.0"
5
+ VERSION = "0.7.0"
6
6
  end
7
7
  end
@@ -2,12 +2,13 @@
2
2
 
3
3
  require "bindata"
4
4
  require "tpm/sized_buffer"
5
+ require "tpm/tpm2b_name"
5
6
 
6
7
  module TPM
7
8
  class SAttest < BinData::Record
8
9
  # Section 10.12.3 in https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
9
10
  class SCertifyInfo < BinData::Record
10
- sized_buffer :name
11
+ tpm2b_name :name
11
12
  sized_buffer :qualified_name
12
13
  end
13
14
  end
@@ -0,0 +1,18 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "bindata"
4
+ require "tpm/public_area"
5
+ require "tpm/tpmt_ha"
6
+
7
+ module TPM
8
+ class Tpm2bName < BinData::Record
9
+ endian :big
10
+
11
+ uint16 :name_size, value: lambda { name.to_binary_s.size }
12
+ tpmt_ha :name, read_length: :name_size
13
+
14
+ def valid_for?(object)
15
+ name.to_binary_s == TPM::PublicArea.new(object).name
16
+ end
17
+ end
18
+ end
@@ -0,0 +1,20 @@
1
+ # frozen_string_literal: true
2
+
3
+ require "bindata"
4
+
5
+ module TPM
6
+ class TpmtHa < BinData::Record
7
+ BYTE_LENGTH = 8
8
+ DIGEST_LENGTH_SHA1 = 160
9
+ DIGEST_LENGTH_SHA256 = 256
10
+
11
+ endian :big
12
+
13
+ uint16 :hash_alg
14
+
15
+ choice :digest, selection: :hash_alg do
16
+ string TPM::ALG_SHA1, length: DIGEST_LENGTH_SHA1 / BYTE_LENGTH
17
+ string TPM::ALG_SHA256, length: DIGEST_LENGTH_SHA256 / BYTE_LENGTH
18
+ end
19
+ end
20
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: tpm-key_attestation
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.0
4
+ version: 0.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Gonzalo
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-01-30 00:00:00.000000000 Z
11
+ date: 2020-02-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bindata
@@ -62,9 +62,37 @@ files:
62
62
  - gemfiles/openssl_2_1.gemfile
63
63
  - gemfiles/openssl_default.gemfile
64
64
  - gemfiles/openssl_head.gemfile
65
+ - lib/tpm/aik_certificate.rb
66
+ - lib/tpm/certificates/AMD/RootCA/AMD-fTPM-ECC-RootCA.crt
67
+ - lib/tpm/certificates/AMD/RootCA/AMD-fTPM-RSA-RootCA.crt
68
+ - lib/tpm/certificates/Atmel/RootCA/Atmel TPM Root Signing Module.der
69
+ - lib/tpm/certificates/Infineon/RootCA/IFX TPM EK Root CA.cer
70
+ - lib/tpm/certificates/Infineon/RootCA/IFX-RootCA.cer
71
+ - lib/tpm/certificates/Infineon/RootCA/IFX_TPM_RootCert_008.crt
72
+ - lib/tpm/certificates/Infineon/RootCA/Infineon OPTIGA(TM) ECC Root CA.crt
73
+ - lib/tpm/certificates/Infineon/RootCA/Infineon OPTIGA(TM) RSA Root CA.crt
74
+ - lib/tpm/certificates/Intel/RootCA/EKRootPublicKey.cer
75
+ - lib/tpm/certificates/Microsoft/RootCA/Microsoft TPM Root Certificate Authority 2014.cer
76
+ - lib/tpm/certificates/NationZ/RootCA/EkRootCA.crt
77
+ - lib/tpm/certificates/Nuvoton/RootCA/NTC TPM EK Root CA 01.cer
78
+ - lib/tpm/certificates/Nuvoton/RootCA/NTC TPM EK Root CA 02.cer
79
+ - lib/tpm/certificates/Nuvoton/RootCA/NTC TPM EK Root CA ARSUF 01.cer
80
+ - lib/tpm/certificates/Nuvoton/RootCA/Nuvoton TPM Root CA 1013.cer
81
+ - lib/tpm/certificates/Nuvoton/RootCA/Nuvoton TPM Root CA 1014.cer
82
+ - lib/tpm/certificates/Nuvoton/RootCA/Nuvoton TPM Root CA 1110.cer
83
+ - lib/tpm/certificates/Nuvoton/RootCA/Nuvoton TPM Root CA 1111.cer
84
+ - lib/tpm/certificates/Nuvoton/RootCA/Nuvoton TPM Root CA 2010.cer
85
+ - lib/tpm/certificates/Nuvoton/RootCA/Nuvoton TPM Root CA 2011.cer
86
+ - lib/tpm/certificates/Nuvoton/RootCA/Nuvoton TPM Root CA 2110.cer
87
+ - lib/tpm/certificates/Nuvoton/RootCA/Nuvoton TPM Root CA 2111.cer
88
+ - lib/tpm/certificates/QC/RootCA/Microsoft TPM Root Certificate Authority 2014.cer
89
+ - lib/tpm/certificates/STMicro/RootCA/GlobalSign Trusted Computing CA.crt
90
+ - lib/tpm/certificates/STMicro/RootCA/GlobalSign Trusted Platform Module ECC Root
91
+ CA.crt
92
+ - lib/tpm/certificates/STMicro/RootCA/ST TPM Root Certificate.crt
93
+ - lib/tpm/certificates/STMicro/RootCA/STM TPM ECC Root CA 01.crt
65
94
  - lib/tpm/certify_validator.rb
66
95
  - lib/tpm/constants.rb
67
- - lib/tpm/ek_certificate.rb
68
96
  - lib/tpm/key_attestation.rb
69
97
  - lib/tpm/key_attestation/version.rb
70
98
  - lib/tpm/public_area.rb
@@ -74,6 +102,8 @@ files:
74
102
  - lib/tpm/t_public.rb
75
103
  - lib/tpm/t_public/s_ecc_parms.rb
76
104
  - lib/tpm/t_public/s_rsa_parms.rb
105
+ - lib/tpm/tpm2b_name.rb
106
+ - lib/tpm/tpmt_ha.rb
77
107
  - tpm-key_attestation.gemspec
78
108
  homepage: https://github.com/cedarcode/tpm-key_attestation
79
109
  licenses: