tpm-key_attestation 0.9.0 → 0.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0f495569765faf3eaf8bcd9ff004405e278d720d12253ec01f98175f9dce3e4c
-  data.tar.gz: 26105eb6528b31ddec9a800cdeddea4eee311e25fdfc1c99cee2345b43e58bd9
+  metadata.gz: fe02507111938501d687c21a2a8461f086ca5ddd1b2d2f2715921a94ee249260
+  data.tar.gz: 3c7f0f3e79819bdd00e11febc517083320c40c8e4033c328654b64fe9eb88549
 SHA512:
-  metadata.gz: 3501ffabdfea8bc28803a2036f0e83d2e16eb7cdcd21a937f9112ffd7ecfdb91ff37290fd97b5d8de50eab22f3ddf109899b7f715c90b4ef667a0aed04156c4b
-  data.tar.gz: 26698f67fad4bcb5788d5f01ab536057b3fa3c0bd2db5338aa495dda45435bf528e101ae91e4afddd3f94b8389456544677a9964871df9f7997b79274ca41f38
+  metadata.gz: 0f77dbedcd721d3c06f6ec33a862f89c02360e913776a0c54847cf240b7af1d9ecde6b1bc1d2e1634b7342859bde36038a30aee8f1a85447a1afb494efd4506e
+  data.tar.gz: cac3351b83246f7c21f542a8c22043b99bdd73a7e218e25064f06785f173303f976aea9b2ffd13ac845e0f0155663543c74f3076f8c099b58db351ec4c823b0f

data/.github/workflows/build.yml

@@ -0,0 +1,49 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
+# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
+
+name: build
+
+on: push
+
+jobs:
+  test:
+    runs-on: ubuntu-20.04
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby:
+          - '3.2'
+          - '3.1'
+          - '3.0'
+          - '2.7'
+          - '2.6'
+          - '2.5'
+          - '2.4'
+        gemfile:
+          - openssl_2_2
+          - openssl_2_1
+          - openssl_3_0
+          - openssl_3_1
+        exclude:
+          - ruby: '2.4'
+            gemfile: openssl_3_0
+          - ruby: '2.5'
+            gemfile: openssl_3_0
+          - ruby: '2.4'
+            gemfile: openssl_3_1
+          - ruby: '2.5'
+            gemfile: openssl_3_1
+    env:
+      BUNDLE_GEMFILE: gemfiles/${{ matrix.gemfile }}.gemfile
+    steps:
+    - uses: actions/checkout@v2
+    - run: rm Gemfile.lock
+    - uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+        bundler-cache: true
+    - run: bundle exec rake

data/.rubocop.yml

@@ -3,6 +3,7 @@ AllCops:
   DisabledByDefault: true
   Exclude:
     - "gemfiles/**/*"
+    - "vendor/bundle/**/*"
 
 Bundler:
   Enabled: true

data/Appraisals

@@ -1,9 +1,5 @@
 # frozen_string_literal: true
 
-appraise "openssl_head" do
-  gem "openssl", git: "https://github.com/ruby/openssl"
-end
-
 appraise "openssl_2_2" do
   gem "openssl", "~> 2.2.0"
 end
@@ -12,9 +8,10 @@ appraise "openssl_2_1" do
   gem "openssl", "~> 2.1.0"
 end
 
-appraise "openssl_2_0" do
-  gem "openssl", "~> 2.0.0"
+appraise "openssl_3_0" do
+  gem "openssl", "~> 3.0.0"
 end
 
-appraise "openssl_default" do
+appraise "openssl_3_1" do
+  gem "openssl", "~> 3.1.0"
 end

data/CHANGELOG.md

@@ -1,5 +1,19 @@
 # Changelog
 
+## [v0.12.0] - 2022-07-05
+
+- Loose OpenSSL dependency to support 3.2 users. Credits to @stanhu <3
+
+## [v0.11.0] - 2022-07-05
+
+- Support OpenSSL ~>3.0.0. Credits to @ClearlyClaire <3
+
+## [v0.10.0] - 2020-07-09
+
+### Added
+
+- Support ECDSA with NIST P384 and P521 curves
+
 ## [v0.9.0] - 2020-05-31
 
 ### Fixed
@@ -61,6 +75,9 @@ replacement of `JOSE` format `algorithm` string
 - `TPM::EKCertificate` wrapper
 - `TPM::SAttest` wrapper
 
+[v0.12.0]: https://github.com/cedarcode/tpm-key_attestation/compare/v0.11.0...v0.12.0/
+[v0.11.0]: https://github.com/cedarcode/tpm-key_attestation/compare/v0.10.0...v0.11.0/
+[v0.10.0]: https://github.com/cedarcode/tpm-key_attestation/compare/v0.9.0...v0.10.0/
 [v0.9.0]: https://github.com/cedarcode/tpm-key_attestation/compare/v0.8.0...v0.9.0/
 [v0.8.0]: https://github.com/cedarcode/tpm-key_attestation/compare/v0.7.0...v0.8.0/
 [v0.7.0]: https://github.com/cedarcode/tpm-key_attestation/compare/v0.6.0...v0.7.0/
@@ -72,3 +89,4 @@ replacement of `JOSE` format `algorithm` string
 [v0.1.0]: https://github.com/cedarcode/tpm-key_attestation/compare/57c926ef7e83830cee8d111fdc5ccaf99ab2e861...v0.1.0/
 
 [@santiagorodriguez96]: https://github.com/santiagorodriguez96
+[@ClearlyClaire]: https://github.com/ClearlyClaire

data/Gemfile.lock

@@ -1,9 +1,10 @@
 PATH
   remote: .
   specs:
-    tpm-key_attestation (0.9.0)
+    tpm-key_attestation (0.11.0)
       bindata (~> 2.4)
-      openssl-signature_algorithm (~> 0.4.0)
+      openssl (> 2.0)
+      openssl-signature_algorithm (~> 1.0)
 
 GEM
   remote: https://rubygems.org/
@@ -12,31 +13,33 @@ GEM
       bundler
       rake
       thor (>= 0.14.0)
-    ast (2.4.0)
-    bindata (2.4.7)
+    ast (2.4.2)
+    bindata (2.4.14)
     byebug (11.1.3)
-    diff-lcs (1.3)
+    diff-lcs (1.4.4)
     jaro_winkler (1.5.4)
-    openssl-signature_algorithm (0.4.0)
-    parallel (1.19.1)
-    parser (2.7.1.3)
-      ast (~> 2.4.0)
+    openssl (3.1.0)
+    openssl-signature_algorithm (1.2.1)
+      openssl (> 2.0, < 3.1)
+    parallel (1.20.1)
+    parser (3.0.0.0)
+      ast (~> 2.4.1)
     rainbow (3.0.0)
-    rake (13.0.1)
+    rake (13.0.3)
     rexml (3.2.4)
-    rspec (3.9.0)
-      rspec-core (~> 3.9.0)
-      rspec-expectations (~> 3.9.0)
-      rspec-mocks (~> 3.9.0)
-    rspec-core (3.9.2)
-      rspec-support (~> 3.9.3)
-    rspec-expectations (3.9.2)
+    rspec (3.10.0)
+      rspec-core (~> 3.10.0)
+      rspec-expectations (~> 3.10.0)
+      rspec-mocks (~> 3.10.0)
+    rspec-core (3.10.1)
+      rspec-support (~> 3.10.0)
+    rspec-expectations (3.10.1)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.9.0)
-    rspec-mocks (3.9.1)
+      rspec-support (~> 3.10.0)
+    rspec-mocks (3.10.2)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.9.0)
-    rspec-support (3.9.3)
+      rspec-support (~> 3.10.0)
+    rspec-support (3.10.2)
     rubocop (0.80.1)
       jaro_winkler (~> 1.5.1)
       parallel (~> 1.10)
@@ -45,8 +48,8 @@ GEM
       rexml
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 1.4.0, < 1.7)
-    ruby-progressbar (1.10.1)
-    thor (1.0.1)
+    ruby-progressbar (1.11.0)
+    thor (1.1.0)
     unicode-display_width (1.6.1)
 
 PLATFORMS
@@ -61,4 +64,4 @@ DEPENDENCIES
   tpm-key_attestation!
 
 BUNDLED WITH
-   2.1.4
+   2.2.8

data/README.md

@@ -3,7 +3,7 @@
 TPM Key Attestation utitlies
 
 [![Gem](https://img.shields.io/gem/v/tpm-key_attestation.svg?style=flat-square&color=informational)](https://rubygems.org/gems/tpm-key_attestation)
-[![Travis](https://img.shields.io/travis/cedarcode/tpm-key_attestation/master.svg?style=flat-square)](https://travis-ci.org/cedarcode/tpm-key_attestation)
+[![Actions Build](https://github.com/cedarcode/tpm-key_attestation/workflows/build/badge.svg)](https://github.com/cedarcode/tpm-key_attestation/actions)
 [![Conventional Commits](https://img.shields.io/badge/Conventional%20Commits-1.0.0-informational.svg?style=flat-square)](https://conventionalcommits.org)
 
 ## Installation

data/gemfiles/{openssl_2_0.gemfile → openssl_3_0.gemfile}

@@ -7,6 +7,6 @@ gem "byebug", "~> 11.0"
 gem "rake", "~> 13.0"
 gem "rspec", "~> 3.0"
 gem "rubocop", "~> 0.80.1"
-gem "openssl", "~> 2.0.0"
+gem "openssl", "~> 3.0.0"
 
 gemspec path: "../"

data/gemfiles/{openssl_default.gemfile → openssl_3_1.gemfile}

@@ -7,5 +7,6 @@ gem "byebug", "~> 11.0"
 gem "rake", "~> 13.0"
 gem "rspec", "~> 3.0"
 gem "rubocop", "~> 0.80.1"
+gem "openssl", "~> 3.1.0"
 
 gemspec path: "../"

data/lib/tpm/certify_validator.rb

@@ -6,7 +6,7 @@ require "tpm/s_attest"
 
 module TPM
   class CertifyValidator
-    attr_reader :info, :signature, :nonce, :object, :signature_algorithm, :hash_algorithm
+    attr_reader :info, :signature, :nonce, :public_area, :signature_algorithm, :hash_algorithm
 
     TPM_SIGNATURE_ALG_TO_OPENSSL = {
       ALG_RSASSA => OpenSSL::SignatureAlgorithm::RSAPKCS1,
@@ -16,14 +16,16 @@ module TPM
 
     TPM_HASH_ALG_TO_OPENSSL = {
       ALG_SHA1 => "SHA1",
-      ALG_SHA256 => "SHA256"
+      ALG_SHA256 => "SHA256",
+      ALG_SHA384 => "SHA384",
+      ALG_SHA512 => "SHA512"
     }.freeze
 
-    def initialize(info, signature, nonce, object, signature_algorithm: ALG_RSASSA, hash_algorithm: ALG_SHA256)
+    def initialize(info, signature, nonce, public_area, signature_algorithm: ALG_RSASSA, hash_algorithm: ALG_SHA256)
       @info = info
       @signature = signature
       @nonce = nonce
-      @object = object
+      @public_area = public_area
       @signature_algorithm = signature_algorithm
       @hash_algorithm = hash_algorithm
     end
@@ -38,30 +40,38 @@ module TPM
       attest.attested_type == TPM::ST_ATTEST_CERTIFY &&
         attest.extra_data.buffer == nonce &&
         attest.magic == TPM::GENERATED_VALUE &&
-        attest.attested.name.valid_for?(object)
+        attest.attested.name.valid_for?(public_area.name)
     end
 
     def valid_signature?(verify_key)
-      openssl_signature_algorithm = openssl_signature_algorithm_class.new(openssl_hash_function[3..-1])
+      openssl_signature_algorithm = openssl_signature_algorithm_class.new(**openssl_signature_algorithm_parameters)
       openssl_signature_algorithm.verify_key = verify_key
-
-      begin
-        openssl_signature_algorithm.verify(signature, info)
-      rescue OpenSSL::SignatureAlgorithm::Error
-        false
-      end
+      openssl_signature_algorithm.verify(signature, info)
+    rescue OpenSSL::SignatureAlgorithm::Error
+      false
     end
 
     def attest
       @attest ||= TPM::SAttest.deserialize(info)
     end
 
+    def openssl_signature_algorithm_parameters
+      parameters = { hash_function: openssl_hash_function }
+
+      if public_area.ecc?
+        parameters[:curve] = public_area.openssl_curve_name
+      end
+
+      parameters
+    end
+
     def openssl_hash_function
       TPM_HASH_ALG_TO_OPENSSL[hash_algorithm] || raise("Unsupported hash algorithm #{hash_algorithm}")
     end
 
     def openssl_signature_algorithm_class
-      TPM_SIGNATURE_ALG_TO_OPENSSL[signature_algorithm] || raise("Unsupported signature algorithm #{algorithm}")
+      TPM_SIGNATURE_ALG_TO_OPENSSL[signature_algorithm] ||
+        raise("Unsupported signature algorithm #{signature_algorithm}")
     end
   end
 end

data/lib/tpm/constants.rb

@@ -11,6 +11,8 @@ module TPM
   ALG_RSA = 0x0001
   ALG_SHA1 = 0x0004
   ALG_SHA256 = 0x000B
+  ALG_SHA384 = 0x000C
+  ALG_SHA512 = 0x000D
   ALG_NULL = 0x0010
   ALG_RSASSA = 0x0014
   ALG_RSAPSS = 0x0016
@@ -19,6 +21,8 @@ module TPM
 
   # ECC curves
   ECC_NIST_P256 = 0x0003
+  ECC_NIST_P384 = 0x0004
+  ECC_NIST_P521 = 0x0005
 
   # https://trustedcomputinggroup.org/resource/vendor-id-registry/ section 2 "TPM Capabilities Vendor ID (CAP_VID)"
   VENDOR_IDS = {

data/lib/tpm/key_attestation/version.rb

@@ -2,6 +2,6 @@
 
 module TPM
   class KeyAttestation
-    VERSION = "0.9.0"
+    VERSION = "0.12.0"
   end
 end

data/lib/tpm/key_attestation.rb

@@ -2,14 +2,16 @@
 
 require "openssl"
 require "tpm/key_attestation/version"
+
 require "tpm/aik_certificate"
 require "tpm/certify_validator"
 require "tpm/constants"
+require "tpm/public_area"
 
 module TPM
   class KeyAttestation
     # https://docs.microsoft.com/en-us/windows-server/security/guarded-fabric-shielded-vm/guarded-fabric-install-trusted-tpm-root-certificates
-    ROOT_CERTIFICATES =
+    TRUSTED_CERTIFICATES =
       begin
         pattern = File.expand_path(File.join(__dir__, "certificates", "*", "RootCA", "*.*"))
         Dir.glob(pattern).map do |filename|
@@ -27,7 +29,7 @@ module TPM
       :signature_algorithm,
       :hash_algorithm,
       :qualifying_data,
-      :root_certificates
+      :trusted_certificates
     )
 
     def initialize(
@@ -38,7 +40,7 @@ module TPM
       qualifying_data,
       signature_algorithm: ALG_RSASSA,
       hash_algorithm: ALG_SHA256,
-      root_certificates: ROOT_CERTIFICATES
+      trusted_certificates: TRUSTED_CERTIFICATES
     )
       @certify_info = certify_info
       @signature = signature
@@ -48,7 +50,7 @@ module TPM
       @signature_algorithm = signature_algorithm
       @hash_algorithm = hash_algorithm
       @qualifying_data = qualifying_data
-      @root_certificates = root_certificates
+      @trusted_certificates = trusted_certificates
     end
 
     def key
@@ -71,7 +73,7 @@ module TPM
           certify_info,
           signature,
           qualifying_data,
-          certified_key,
+          public_area,
           signature_algorithm: signature_algorithm,
           hash_algorithm: hash_algorithm
         )
@@ -86,7 +88,7 @@ module TPM
     def trust_store
       @trust_store ||=
         OpenSSL::X509::Store.new.tap do |trust_store|
-          root_certificates.uniq(&:serial).each { |root_certificate| trust_store.add_cert(root_certificate) }
+          trusted_certificates.uniq(&:serial).each { |trusted_certificate| trust_store.add_cert(trusted_certificate) }
         end
     end
 

data/lib/tpm/public_area.rb

@@ -24,6 +24,14 @@ module TPM
       t_public.key
     end
 
+    def ecc?
+      t_public.ecc?
+    end
+
+    def openssl_curve_name
+      t_public.openssl_curve_name
+    end
+
     private
 
     def name_digest

data/lib/tpm/t_public.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require "bindata"
+require "openssl"
 require "tpm/constants"
 require "tpm/sized_buffer"
 require "tpm/t_public/s_ecc_parms"
@@ -10,8 +11,16 @@ module TPM
   # Section 12.2.4 in https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
   class TPublic < BinData::Record
     BYTE_LENGTH = 8
-    CURVE_TPM_TO_OPENSSL = { TPM::ECC_NIST_P256 => "prime256v1" }.freeze
+
+    CURVE_TPM_TO_OPENSSL = {
+      TPM::ECC_NIST_P256 => "prime256v1",
+      TPM::ECC_NIST_P384 => "secp384r1",
+      TPM::ECC_NIST_P521 => "secp521r1",
+    }.freeze
+
+    BN_BASE = 2
     RSA_KEY_DEFAULT_PUBLIC_EXPONENT = 2**16 + 1
+    ECC_UNCOMPRESSED_POINT_INDICATOR = "\x04"
 
     class << self
       alias_method :deserialize, :read
@@ -37,12 +46,19 @@ module TPM
       sized_buffer TPM::ALG_RSA
     end
 
+    def rsa?
+      alg_type == TPM::ALG_RSA
+    end
+
+    def ecc?
+      alg_type == TPM::ALG_ECC
+    end
+
     def key
       if parameters.symmetric == TPM::ALG_NULL
-        case alg_type
-        when TPM::ALG_ECC
+        if ecc?
           ecc_key
-        when TPM::ALG_RSA
+        elsif rsa?
           rsa_key
         else
           raise "Type #{alg_type} not supported"
@@ -50,21 +66,33 @@ module TPM
       end
     end
 
+    def openssl_curve_name
+      if ecc?
+        CURVE_TPM_TO_OPENSSL[parameters.curve_id] || raise("Unknown curve #{parameters.curve_id}")
+      end
+    end
+
     private
 
     def ecc_key
       if parameters.scheme == TPM::ALG_ECDSA
-        curve = CURVE_TPM_TO_OPENSSL[parameters.curve_id]
-
-        if curve
-          group = OpenSSL::PKey::EC::Group.new(curve)
-          pkey = OpenSSL::PKey::EC.new(group)
-          public_key_bn = OpenSSL::BN.new("\x04" + unique.buffer.value, 2)
-          public_key_point = OpenSSL::PKey::EC::Point.new(group, public_key_bn)
-          pkey.public_key = public_key_point
-
-          pkey
-        end
+        group = OpenSSL::PKey::EC::Group.new(openssl_curve_name)
+        point = OpenSSL::PKey::EC::Point.new(group, bn(ECC_UNCOMPRESSED_POINT_INDICATOR + unique.buffer.value))
+
+        # RFC5480 SubjectPublicKeyInfo
+        asn1 = OpenSSL::ASN1::Sequence(
+          [
+            OpenSSL::ASN1::Sequence(
+              [
+                OpenSSL::ASN1::ObjectId("id-ecPublicKey"),
+                OpenSSL::ASN1::ObjectId(group.curve_name),
+              ]
+            ),
+            OpenSSL::ASN1::BitString(point.to_octet_string(:uncompressed))
+          ]
+        )
+
+        OpenSSL::PKey::EC.new(asn1.to_der)
       end
     end
 
@@ -74,17 +102,22 @@ module TPM
         n = unique.buffer.value
 
         if parameters.key_bits / BYTE_LENGTH == n.size
-          key = OpenSSL::PKey::RSA.new(parameters.key_bits.value)
-          key.set_key(bn(n), bn(RSA_KEY_DEFAULT_PUBLIC_EXPONENT), nil)
-
-          key.public_key
+          # PKCS#1 RSAPublicKey
+          asn1 = OpenSSL::ASN1::Sequence(
+            [
+              OpenSSL::ASN1::Integer.new(bn(n)),
+              OpenSSL::ASN1::Integer.new(bn(RSA_KEY_DEFAULT_PUBLIC_EXPONENT)),
+            ]
+          )
+
+          OpenSSL::PKey::RSA.new(asn1.to_der)
         end
       end
     end
 
     def bn(data)
       if data
-        OpenSSL::BN.new(data, 2)
+        OpenSSL::BN.new(data, BN_BASE)
       end
     end
   end

data/lib/tpm/tpm2b_name.rb

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
 require "bindata"
-require "tpm/public_area"
 require "tpm/tpmt_ha"
 
 module TPM
@@ -11,8 +10,8 @@ module TPM
     uint16 :name_size, value: lambda { name.to_binary_s.size }
     tpmt_ha :name, read_length: :name_size
 
-    def valid_for?(object)
-      name.to_binary_s == TPM::PublicArea.new(object).name
+    def valid_for?(other_name)
+      name.to_binary_s == other_name
     end
   end
 end

data/tpm-key_attestation.gemspec

@@ -26,5 +26,6 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_dependency "bindata", "~> 2.4"
-  spec.add_dependency "openssl-signature_algorithm", "~> 0.4.0"
+  spec.add_dependency "openssl", "> 2.0"
+  spec.add_dependency "openssl-signature_algorithm", "~> 1.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tpm-key_attestation
 version: !ruby/object:Gem::Version
-  version: 0.9.0
+  version: 0.12.0
 platform: ruby
 authors:
 - Gonzalo
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-05-31 00:00:00.000000000 Z
+date: 2023-02-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bindata
@@ -24,30 +24,44 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.4'
+- !ruby/object:Gem::Dependency
+  name: openssl
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: openssl-signature_algorithm
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.4.0
+        version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.4.0
-description: 
-email: 
+        version: '1.0'
+description:
+email:
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/build.yml"
 - ".gitignore"
 - ".rspec"
 - ".rubocop.yml"
-- ".travis.yml"
 - Appraisals
 - CHANGELOG.md
 - Gemfile
@@ -58,20 +72,16 @@ files:
 - SECURITY.md
 - bin/console
 - bin/setup
-- gemfiles/openssl_2_0.gemfile
 - gemfiles/openssl_2_1.gemfile
 - gemfiles/openssl_2_2.gemfile
-- gemfiles/openssl_default.gemfile
-- gemfiles/openssl_head.gemfile
-- install-openssl.sh
-- install-ruby.sh
+- gemfiles/openssl_3_0.gemfile
+- gemfiles/openssl_3_1.gemfile
 - lib/tpm/aik_certificate.rb
 - lib/tpm/certificates/AMD/RootCA/AMD-fTPM-ECC-RootCA.crt
 - lib/tpm/certificates/AMD/RootCA/AMD-fTPM-RSA-RootCA.crt
 - lib/tpm/certificates/Atmel/RootCA/Atmel TPM Root Signing Module.der
 - lib/tpm/certificates/Infineon/RootCA/IFX TPM EK Root CA.cer
 - lib/tpm/certificates/Infineon/RootCA/IFX-RootCA.cer
-- lib/tpm/certificates/Infineon/RootCA/IFX_TPM_RootCert_008.crt
 - lib/tpm/certificates/Infineon/RootCA/Infineon OPTIGA(TM) ECC Root CA.crt
 - lib/tpm/certificates/Infineon/RootCA/Infineon OPTIGA(TM) RSA Root CA.crt
 - lib/tpm/certificates/Intel/RootCA/EKRootPublicKey.cer
@@ -88,7 +98,6 @@ files:
 - lib/tpm/certificates/Nuvoton/RootCA/Nuvoton TPM Root CA 2011.cer
 - lib/tpm/certificates/Nuvoton/RootCA/Nuvoton TPM Root CA 2110.cer
 - lib/tpm/certificates/Nuvoton/RootCA/Nuvoton TPM Root CA 2111.cer
-- lib/tpm/certificates/QC/RootCA/Microsoft TPM Root Certificate Authority 2014.cer
 - lib/tpm/certificates/STMicro/RootCA/GlobalSign Trusted Computing CA.crt
 - lib/tpm/certificates/STMicro/RootCA/GlobalSign Trusted Platform Module ECC Root
   CA.crt
@@ -115,7 +124,7 @@ metadata:
   homepage_uri: https://github.com/cedarcode/tpm-key_attestation
   source_code_uri: https://github.com/cedarcode/tpm-key_attestation
   changelog_uri: https://github.com/cedarcode/tpm-key_attestation/blob/master/CHANGELOG.md
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -130,8 +139,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.3
-signing_key: 
+rubygems_version: 3.2.32
+signing_key:
 specification_version: 4
 summary: TPM Key Attestation verifier
 test_files: []

data/.travis.yml

@@ -1,40 +0,0 @@
----
-dist: bionic
-language: ruby
-
-cache:
-  bundler: true
-  directories:
-    - /home/travis/.rvm/
-
-env:
-  - RB=2.7.1 LIBSSL=1.0
-  - RB=2.7.1 LIBSSL=1.1
-  - RB=2.6.6 LIBSSL=1.0
-  - RB=2.6.6 LIBSSL=1.1
-  - RB=2.5.8 LIBSSL=1.0
-  - RB=2.5.8 LIBSSL=1.1
-  - RB=2.4.10 LIBSSL=1.0
-  - RB=2.4.10 LIBSSL=1.1
-  - RB=ruby-head LIBSSL=1.0
-  - RB=ruby-head LIBSSL=1.1
-
-gemfile:
-  - gemfiles/openssl_head.gemfile
-  - gemfiles/openssl_2_2.gemfile
-  - gemfiles/openssl_2_1.gemfile
-  - gemfiles/openssl_2_0.gemfile
-  - gemfiles/openssl_default.gemfile
-
-matrix:
-  fast_finish: true
-  allow_failures:
-    - env: RB=ruby-head LIBSSL=1.0
-    - env: RB=ruby-head LIBSSL=1.1
-    - gemfile: gemfiles/openssl_head.gemfile
-
-before_install:
-  - ./install-openssl.sh
-  - ./install-ruby.sh
-  - gem install bundler -v "~> 2.0"
-  - rm Gemfile.lock

data/gemfiles/openssl_head.gemfile

@@ -1,12 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "appraisal", "~> 2.2.0"
-gem "byebug", "~> 11.0"
-gem "rake", "~> 13.0"
-gem "rspec", "~> 3.0"
-gem "rubocop", "~> 0.80.1"
-gem "openssl", git: "https://github.com/ruby/openssl"
-
-gemspec path: "../"

data/install-openssl.sh

@@ -1,3 +0,0 @@
-if [[ "${LIBSSL}" == "1.0" ]]; then
-  sudo apt purge libssl-dev && sudo apt-get -yq --no-install-suggests --no-install-recommends install libssl1.0-dev
-fi

data/install-ruby.sh

@@ -1,10 +0,0 @@
-source ~/.rvm/scripts/rvm
-
-if [[ "${LIBSSL}" == "1.0" ]]; then
-  rvm install $RB --autolibs=read-only -C --with-openssl-dir=usr/include/openssl
-elif [[ "${LIBSSL}" == "1.1" ]]; then
-  rvm install $RB --binary --fuzzy
-fi
-
-rvm use $RB
-ruby -ropenssl -e 'puts OpenSSL::OPENSSL_VERSION'