tpm-key_attestation 0.8.0 → 0.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 535e681d5138dba02fee04f040ba56dc32aec3cfc0e120317fd9037e3af5ef48
-  data.tar.gz: 2aa3fd555c148bffc4be80a98a18bc53083ede8b249ac5c51bca7150f4f10ad7
+  metadata.gz: 0f495569765faf3eaf8bcd9ff004405e278d720d12253ec01f98175f9dce3e4c
+  data.tar.gz: 26105eb6528b31ddec9a800cdeddea4eee311e25fdfc1c99cee2345b43e58bd9
 SHA512:
-  metadata.gz: 5ba4bb439bede1e2c2eb7bcd4d26de281643c8cc9ed7e1f29b60e5f75ae8efdae671eaa3f2c567aae5f93fdfe98bdcae0b52a7ed0e313ffef70c23be433c8712
-  data.tar.gz: 37c996a44f6f724490371b12962e08598a6fc85acc454378a7b125284542c9f91b7e4570751b74b33e072faf7e66f2ce1ab55a8e23ce33ea47e90778127a1f3e
+  metadata.gz: 3501ffabdfea8bc28803a2036f0e83d2e16eb7cdcd21a937f9112ffd7ecfdb91ff37290fd97b5d8de50eab22f3ddf109899b7f715c90b4ef667a0aed04156c4b
+  data.tar.gz: 26698f67fad4bcb5788d5f01ab536057b3fa3c0bd2db5338aa495dda45435bf528e101ae91e4afddd3f94b8389456544677a9964871df9f7997b79274ca41f38

data/.travis.yml

@@ -1,17 +1,27 @@
 ---
 dist: bionic
 language: ruby
-cache: bundler
 
-rvm:
-  - ruby-head
-  - 2.7.0
-  - 2.6.5
-  - 2.5.7
-  - 2.4.9
+cache:
+  bundler: true
+  directories:
+    - /home/travis/.rvm/
+
+env:
+  - RB=2.7.1 LIBSSL=1.0
+  - RB=2.7.1 LIBSSL=1.1
+  - RB=2.6.6 LIBSSL=1.0
+  - RB=2.6.6 LIBSSL=1.1
+  - RB=2.5.8 LIBSSL=1.0
+  - RB=2.5.8 LIBSSL=1.1
+  - RB=2.4.10 LIBSSL=1.0
+  - RB=2.4.10 LIBSSL=1.1
+  - RB=ruby-head LIBSSL=1.0
+  - RB=ruby-head LIBSSL=1.1
 
 gemfile:
   - gemfiles/openssl_head.gemfile
+  - gemfiles/openssl_2_2.gemfile
   - gemfiles/openssl_2_1.gemfile
   - gemfiles/openssl_2_0.gemfile
   - gemfiles/openssl_default.gemfile
@@ -19,9 +29,12 @@ gemfile:
 matrix:
   fast_finish: true
   allow_failures:
-    - rvm: ruby-head
+    - env: RB=ruby-head LIBSSL=1.0
+    - env: RB=ruby-head LIBSSL=1.1
     - gemfile: gemfiles/openssl_head.gemfile
 
 before_install:
+  - ./install-openssl.sh
+  - ./install-ruby.sh
   - gem install bundler -v "~> 2.0"
   - rm Gemfile.lock

data/Appraisals

@@ -4,6 +4,10 @@ appraise "openssl_head" do
   gem "openssl", git: "https://github.com/ruby/openssl"
 end
 
+appraise "openssl_2_2" do
+  gem "openssl", "~> 2.2.0"
+end
+
 appraise "openssl_2_1" do
   gem "openssl", "~> 2.1.0"
 end

data/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Changelog
 
+## [v0.9.0] - 2020-05-31
+
+### Fixed
+
+- Fixed compatibility with OpenSSL-C (libssl) v1.0.2 ([@santiagorodriguez96])
+
 ## [v0.8.0] - 2020-03-29
 
 ### Changed
@@ -55,6 +61,7 @@ replacement of `JOSE` format `algorithm` string
 - `TPM::EKCertificate` wrapper
 - `TPM::SAttest` wrapper
 
+[v0.9.0]: https://github.com/cedarcode/tpm-key_attestation/compare/v0.8.0...v0.9.0/
 [v0.8.0]: https://github.com/cedarcode/tpm-key_attestation/compare/v0.7.0...v0.8.0/
 [v0.7.0]: https://github.com/cedarcode/tpm-key_attestation/compare/v0.6.0...v0.7.0/
 [v0.6.0]: https://github.com/cedarcode/tpm-key_attestation/compare/v0.5.0...v0.6.0/
@@ -63,3 +70,5 @@ replacement of `JOSE` format `algorithm` string
 [v0.3.0]: https://github.com/cedarcode/tpm-key_attestation/compare/v0.2.0...v0.3.0/
 [v0.2.0]: https://github.com/cedarcode/tpm-key_attestation/compare/v0.1.0...v0.2.0/
 [v0.1.0]: https://github.com/cedarcode/tpm-key_attestation/compare/57c926ef7e83830cee8d111fdc5ccaf99ab2e861...v0.1.0/
+
+[@santiagorodriguez96]: https://github.com/santiagorodriguez96

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    tpm-key_attestation (0.8.0)
+    tpm-key_attestation (0.9.0)
       bindata (~> 2.4)
       openssl-signature_algorithm (~> 0.4.0)
 
@@ -13,13 +13,13 @@ GEM
       rake
       thor (>= 0.14.0)
     ast (2.4.0)
-    bindata (2.4.6)
-    byebug (11.1.1)
+    bindata (2.4.7)
+    byebug (11.1.3)
     diff-lcs (1.3)
     jaro_winkler (1.5.4)
     openssl-signature_algorithm (0.4.0)
     parallel (1.19.1)
-    parser (2.7.0.5)
+    parser (2.7.1.3)
       ast (~> 2.4.0)
     rainbow (3.0.0)
     rake (13.0.1)
@@ -28,15 +28,15 @@ GEM
       rspec-core (~> 3.9.0)
       rspec-expectations (~> 3.9.0)
       rspec-mocks (~> 3.9.0)
-    rspec-core (3.9.1)
-      rspec-support (~> 3.9.1)
-    rspec-expectations (3.9.1)
+    rspec-core (3.9.2)
+      rspec-support (~> 3.9.3)
+    rspec-expectations (3.9.2)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.9.0)
     rspec-mocks (3.9.1)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.9.0)
-    rspec-support (3.9.2)
+    rspec-support (3.9.3)
     rubocop (0.80.1)
       jaro_winkler (~> 1.5.1)
       parallel (~> 1.10)

data/README.md

@@ -3,7 +3,8 @@
 TPM Key Attestation utitlies
 
 [![Gem](https://img.shields.io/gem/v/tpm-key_attestation.svg?style=flat-square&color=informational)](https://rubygems.org/gems/tpm-key_attestation)
-[![Travis](https://img.shields.io/travis/cedarcode/tpm-key_attestation.svg?style=flat-square)](https://travis-ci.org/cedarcode/tpm-key_attestation)
+[![Travis](https://img.shields.io/travis/cedarcode/tpm-key_attestation/master.svg?style=flat-square)](https://travis-ci.org/cedarcode/tpm-key_attestation)
+[![Conventional Commits](https://img.shields.io/badge/Conventional%20Commits-1.0.0-informational.svg?style=flat-square)](https://conventionalcommits.org)
 
 ## Installation
 

data/gemfiles/openssl_2_0.gemfile

@@ -4,9 +4,9 @@ source "https://rubygems.org"
 
 gem "appraisal", "~> 2.2.0"
 gem "byebug", "~> 11.0"
-gem "rake", "~> 12.0"
+gem "rake", "~> 13.0"
 gem "rspec", "~> 3.0"
-gem "rubocop", "~> 0.79.0"
+gem "rubocop", "~> 0.80.1"
 gem "openssl", "~> 2.0.0"
 
 gemspec path: "../"

data/gemfiles/openssl_2_1.gemfile

@@ -4,9 +4,9 @@ source "https://rubygems.org"
 
 gem "appraisal", "~> 2.2.0"
 gem "byebug", "~> 11.0"
-gem "rake", "~> 12.0"
+gem "rake", "~> 13.0"
 gem "rspec", "~> 3.0"
-gem "rubocop", "~> 0.79.0"
+gem "rubocop", "~> 0.80.1"
 gem "openssl", "~> 2.1.0"
 
 gemspec path: "../"

data/gemfiles/openssl_2_2.gemfile

@@ -0,0 +1,12 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "appraisal", "~> 2.2.0"
+gem "byebug", "~> 11.0"
+gem "rake", "~> 13.0"
+gem "rspec", "~> 3.0"
+gem "rubocop", "~> 0.80.1"
+gem "openssl", "~> 2.2.0"
+
+gemspec path: "../"

data/gemfiles/openssl_default.gemfile

@@ -4,8 +4,8 @@ source "https://rubygems.org"
 
 gem "appraisal", "~> 2.2.0"
 gem "byebug", "~> 11.0"
-gem "rake", "~> 12.0"
+gem "rake", "~> 13.0"
 gem "rspec", "~> 3.0"
-gem "rubocop", "~> 0.79.0"
+gem "rubocop", "~> 0.80.1"
 
 gemspec path: "../"

data/gemfiles/openssl_head.gemfile

@@ -4,9 +4,9 @@ source "https://rubygems.org"
 
 gem "appraisal", "~> 2.2.0"
 gem "byebug", "~> 11.0"
-gem "rake", "~> 12.0"
+gem "rake", "~> 13.0"
 gem "rspec", "~> 3.0"
-gem "rubocop", "~> 0.79.0"
+gem "rubocop", "~> 0.80.1"
 gem "openssl", git: "https://github.com/ruby/openssl"
 
 gemspec path: "../"

data/install-openssl.sh

@@ -0,0 +1,3 @@
+if [[ "${LIBSSL}" == "1.0" ]]; then
+  sudo apt purge libssl-dev && sudo apt-get -yq --no-install-suggests --no-install-recommends install libssl1.0-dev
+fi

data/install-ruby.sh

@@ -0,0 +1,10 @@
+source ~/.rvm/scripts/rvm
+
+if [[ "${LIBSSL}" == "1.0" ]]; then
+  rvm install $RB --autolibs=read-only -C --with-openssl-dir=usr/include/openssl
+elif [[ "${LIBSSL}" == "1.1" ]]; then
+  rvm install $RB --binary --fuzzy
+fi
+
+rvm use $RB
+ruby -ropenssl -e 'puts OpenSSL::OPENSSL_VERSION'

data/lib/tpm/key_attestation.rb

@@ -86,7 +86,7 @@ module TPM
     def trust_store
       @trust_store ||=
         OpenSSL::X509::Store.new.tap do |trust_store|
-          root_certificates.each { |root_certificate| trust_store.add_cert(root_certificate) }
+          root_certificates.uniq(&:serial).each { |root_certificate| trust_store.add_cert(root_certificate) }
         end
     end
 

data/lib/tpm/key_attestation/version.rb

@@ -2,6 +2,6 @@
 
 module TPM
   class KeyAttestation
-    VERSION = "0.8.0"
+    VERSION = "0.9.0"
   end
 end

data/lib/tpm/t_public.rb

@@ -11,6 +11,7 @@ module TPM
   class TPublic < BinData::Record
     BYTE_LENGTH = 8
     CURVE_TPM_TO_OPENSSL = { TPM::ECC_NIST_P256 => "prime256v1" }.freeze
+    RSA_KEY_DEFAULT_PUBLIC_EXPONENT = 2**16 + 1
 
     class << self
       alias_method :deserialize, :read
@@ -74,7 +75,7 @@ module TPM
 
         if parameters.key_bits / BYTE_LENGTH == n.size
           key = OpenSSL::PKey::RSA.new(parameters.key_bits.value)
-          key.set_key(bn(n), nil, nil)
+          key.set_key(bn(n), bn(RSA_KEY_DEFAULT_PUBLIC_EXPONENT), nil)
 
           key.public_key
         end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tpm-key_attestation
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.9.0
 platform: ruby
 authors:
 - Gonzalo
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-03-29 00:00:00.000000000 Z
+date: 2020-05-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bindata
@@ -60,8 +60,11 @@ files:
 - bin/setup
 - gemfiles/openssl_2_0.gemfile
 - gemfiles/openssl_2_1.gemfile
+- gemfiles/openssl_2_2.gemfile
 - gemfiles/openssl_default.gemfile
 - gemfiles/openssl_head.gemfile
+- install-openssl.sh
+- install-ruby.sh
 - lib/tpm/aik_certificate.rb
 - lib/tpm/certificates/AMD/RootCA/AMD-fTPM-ECC-RootCA.crt
 - lib/tpm/certificates/AMD/RootCA/AMD-fTPM-RSA-RootCA.crt
@@ -127,7 +130,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.1.3
 signing_key: 
 specification_version: 4
 summary: TPM Key Attestation verifier