RubyGems - tpm-key_attestation - Versions diffs - 0.12.1 → 0.13.0 - Mend

tpm-key_attestation 0.12.1 → 0.13.0

Files changed (16) hide show

checksums.yaml +4 -4
data/.github/workflows/build.yml +25 -5
data/Appraisals +4 -0
data/CHANGELOG.md +7 -0
data/Gemfile +1 -1
data/Gemfile.lock +30 -28
data/gemfiles/openssl_2_1.gemfile +1 -1
data/gemfiles/openssl_2_2.gemfile +1 -1
data/gemfiles/openssl_3_0.gemfile +1 -1
data/gemfiles/openssl_3_1.gemfile +1 -1
data/gemfiles/openssl_3_2.gemfile +12 -0
data/lib/tpm/certify_validator.rb +7 -11
data/lib/tpm/key_attestation/version.rb +1 -1
data/lib/tpm/t_public.rb +8 -3
data/lib/tpm/tpms_ecc_point.rb +12 -0
metadata +4 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ae6c28ee251d9123abbdaa6c18ab7d424accaf1bb44cbe0e350ccb2bdf8c79ca
-  data.tar.gz: f172c0436c2dedeab2e8300396ddc515428912f6c73f5688d905723844625320
+  metadata.gz: c9e6f949c61e23e0614e570ac3eaeb2d1649d72af8681612cabe4df72b11c76b
+  data.tar.gz: d72f892493994557c4afb2547a9cfd78f9e75bd6a01b2d9026ad50028dc09c89
 SHA512:
-  metadata.gz: aa78d70ea5a12c5768a0c24d90ae3f6137260ae8b45d14e23c716519b07a3dade2f76735c0a18b39dc1244f09e2ecd47019554395fb03c45d98a88bc454affd0
-  data.tar.gz: fc501bb669b8ac188a89ce63fe3052b27b22b9e29069a4ca58e4b3538d5b14fd8ae23dccfe1de89027eeb74943750c00b21f460151872b26fdc51ec6f3c45979
+  metadata.gz: be7db9415c8e0e3dc8182f3a5c5483ed410e70e2096552efc65426b92209df500057f34440006a16fa39a39121b47bd49987073a3588f029ed74267d38651d6d
+  data.tar.gz: a4aef2663a09171e1388db3ab116c5526766363e50beb5ac7b991988d2796c69527647ff9b49fa1863a9ff364ef4c5085cb5449abddc77d4e16347addd53bfe5

data/.github/workflows/build.yml CHANGED Viewed

@@ -22,8 +22,9 @@ jobs:
         os:
           - ubuntu-20.04
           - windows-latest
-          - macos-12
+          - macos-13
         ruby:
+          - '3.3'
           - '3.2'
           - '3.1'
           - '3.0'
@@ -36,6 +37,7 @@ jobs:
           - openssl_2_1
           - openssl_3_0
           - openssl_3_1
+          - openssl_3_2
         exclude:
           - ruby: '2.4'
             gemfile: openssl_3_0
@@ -45,24 +47,42 @@ jobs:
             gemfile: openssl_3_1
           - ruby: '2.5'
             gemfile: openssl_3_1
+          - ruby: '2.4'
+            gemfile: openssl_3_2
+          - ruby: '2.5'
+            gemfile: openssl_3_2
+          - ruby: '2.6'
+            gemfile: openssl_3_2
           - ruby: '3.1'
             gemfile: openssl_2_2
-            os: macos-12
+            os: macos-13
           - ruby: '3.1'
             gemfile: openssl_2_1
-            os: macos-12
+            os: macos-13
           - ruby: '3.2'
             gemfile: openssl_2_2
-            os: macos-12
+            os: macos-13
           - ruby: '3.2'
             gemfile: openssl_2_1
-            os: macos-12
+            os: macos-13
           - ruby: '3.2'
             gemfile: openssl_2_2
             os: windows-latest
           - ruby: '3.2'
             gemfile: openssl_2_1
             os: windows-latest
+          - ruby: '3.3'
+            gemfile: openssl_2_2
+            os: macos-13
+          - ruby: '3.3'
+            gemfile: openssl_2_1
+            os: macos-13
+          - ruby: '3.3'
+            gemfile: openssl_2_2
+            os: windows-latest
+          - ruby: '3.3'
+            gemfile: openssl_2_1
+            os: windows-latest
     env:
       BUNDLE_GEMFILE: gemfiles/${{ matrix.gemfile }}.gemfile
     steps:

data/Appraisals CHANGED Viewed

@@ -15,3 +15,7 @@ end
 appraise "openssl_3_1" do
   gem "openssl", "~> 3.1.0"
 end
+appraise "openssl_3_2" do
+  gem "openssl", "~> 3.2.0"
+end

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,11 @@
 # Changelog
+## [v0.13.0] - 2025-01-21
+- Use public key from AIK cert for signature algorithm initalization [@santiagorodriguez96]
+- Support algorithm being ECC and pubArea's scheme parameter being TPM_ALG_NULL [@santiagorodriguez96]
+- Allow TPM:TPublic to handle ECC keys in pubArea correctly [@santiagorodriguez96]
 ## [v0.12.1] - 2024-08-05
 - Fix loading trusted certificates on Windows. #20 & #21 [@johnnyshields], [@salmanasiddiqui]
@@ -79,6 +85,7 @@ replacement of `JOSE` format `algorithm` string
 - `TPM::EKCertificate` wrapper
 - `TPM::SAttest` wrapper
+[v0.13.0]: https://github.com/cedarcode/tpm-key_attestation/compare/v0.12.1...v0.13.0/
 [v0.12.0]: https://github.com/cedarcode/tpm-key_attestation/compare/v0.11.0...v0.12.0/
 [v0.11.0]: https://github.com/cedarcode/tpm-key_attestation/compare/v0.10.0...v0.11.0/
 [v0.10.0]: https://github.com/cedarcode/tpm-key_attestation/compare/v0.9.0...v0.10.0/

data/Gemfile CHANGED Viewed

@@ -5,7 +5,7 @@ source "https://rubygems.org"
 # Specify your gem's dependencies in tpm-key_attestation.gemspec
 gemspec
-gem "appraisal", "~> 2.2.0"
+gem "appraisal", "~> 2.5.0"
 gem "byebug", "~> 11.0"
 gem "rake", "~> 13.0"
 gem "rspec", "~> 3.0"

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    tpm-key_attestation (0.11.0)
+    tpm-key_attestation (0.12.1)
       bindata (~> 2.4)
       openssl (> 2.0)
       openssl-signature_algorithm (~> 1.0)
@@ -9,37 +9,39 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    appraisal (2.2.0)
+    appraisal (2.5.0)
       bundler
       rake
       thor (>= 0.14.0)
     ast (2.4.2)
-    bindata (2.4.14)
+    bindata (2.5.0)
     byebug (11.1.3)
-    diff-lcs (1.4.4)
-    jaro_winkler (1.5.4)
-    openssl (3.1.0)
-    openssl-signature_algorithm (1.2.1)
-      openssl (> 2.0, < 3.1)
-    parallel (1.20.1)
-    parser (3.0.0.0)
+    diff-lcs (1.5.1)
+    jaro_winkler (1.5.6)
+    openssl (3.2.0)
+    openssl-signature_algorithm (1.3.0)
+      openssl (> 2.0)
+    parallel (1.26.3)
+    parser (3.3.6.0)
       ast (~> 2.4.1)
-    rainbow (3.0.0)
-    rake (13.0.3)
-    rexml (3.2.4)
-    rspec (3.10.0)
-      rspec-core (~> 3.10.0)
-      rspec-expectations (~> 3.10.0)
-      rspec-mocks (~> 3.10.0)
-    rspec-core (3.10.1)
-      rspec-support (~> 3.10.0)
-    rspec-expectations (3.10.1)
+      racc
+    racc (1.8.1)
+    rainbow (3.1.1)
+    rake (13.2.1)
+    rexml (3.3.9)
+    rspec (3.13.0)
+      rspec-core (~> 3.13.0)
+      rspec-expectations (~> 3.13.0)
+      rspec-mocks (~> 3.13.0)
+    rspec-core (3.13.2)
+      rspec-support (~> 3.13.0)
+    rspec-expectations (3.13.3)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
-    rspec-mocks (3.10.2)
+      rspec-support (~> 3.13.0)
+    rspec-mocks (3.13.2)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.10.0)
-    rspec-support (3.10.2)
+      rspec-support (~> 3.13.0)
+    rspec-support (3.13.2)
     rubocop (0.80.1)
       jaro_winkler (~> 1.5.1)
       parallel (~> 1.10)
@@ -48,15 +50,15 @@ GEM
       rexml
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 1.4.0, < 1.7)
-    ruby-progressbar (1.11.0)
-    thor (1.1.0)
+    ruby-progressbar (1.13.0)
+    thor (1.3.2)
     unicode-display_width (1.6.1)
 PLATFORMS
   ruby
 DEPENDENCIES
-  appraisal (~> 2.2.0)
+  appraisal (~> 2.5.0)
   byebug (~> 11.0)
   rake (~> 13.0)
   rspec (~> 3.0)
@@ -64,4 +66,4 @@ DEPENDENCIES
   tpm-key_attestation!
 BUNDLED WITH
-   2.2.8
+   2.5.23

data/gemfiles/openssl_2_1.gemfile CHANGED Viewed

@@ -2,7 +2,7 @@
 source "https://rubygems.org"
-gem "appraisal", "~> 2.2.0"
+gem "appraisal", "~> 2.5.0"
 gem "byebug", "~> 11.0"
 gem "rake", "~> 13.0"
 gem "rspec", "~> 3.0"

data/gemfiles/openssl_2_2.gemfile CHANGED Viewed

@@ -2,7 +2,7 @@
 source "https://rubygems.org"
-gem "appraisal", "~> 2.2.0"
+gem "appraisal", "~> 2.5.0"
 gem "byebug", "~> 11.0"
 gem "rake", "~> 13.0"
 gem "rspec", "~> 3.0"

data/gemfiles/openssl_3_0.gemfile CHANGED Viewed

@@ -2,7 +2,7 @@
 source "https://rubygems.org"
-gem "appraisal", "~> 2.2.0"
+gem "appraisal", "~> 2.5.0"
 gem "byebug", "~> 11.0"
 gem "rake", "~> 13.0"
 gem "rspec", "~> 3.0"

data/gemfiles/openssl_3_1.gemfile CHANGED Viewed

@@ -2,7 +2,7 @@
 source "https://rubygems.org"
-gem "appraisal", "~> 2.2.0"
+gem "appraisal", "~> 2.5.0"
 gem "byebug", "~> 11.0"
 gem "rake", "~> 13.0"
 gem "rspec", "~> 3.0"

data/gemfiles/openssl_3_2.gemfile ADDED Viewed

@@ -0,0 +1,12 @@
+# This file was generated by Appraisal
+source "https://rubygems.org"
+gem "appraisal", "~> 2.5.0"
+gem "byebug", "~> 11.0"
+gem "rake", "~> 13.0"
+gem "rspec", "~> 3.0"
+gem "rubocop", "~> 0.80.1"
+gem "openssl", "~> 3.2.0"
+gemspec path: "../"

data/lib/tpm/certify_validator.rb CHANGED Viewed

@@ -44,7 +44,13 @@ module TPM
     end
     def valid_signature?(verify_key)
-      openssl_signature_algorithm = openssl_signature_algorithm_class.new(**openssl_signature_algorithm_parameters)
+      parameters = { hash_function: openssl_hash_function }
+      if verify_key.is_a?(OpenSSL::PKey::EC) || verify_key.is_a?(OpenSSL::PKey::EC::Point)
+        parameters[:curve] = verify_key.group.curve_name
+      end
+      openssl_signature_algorithm = openssl_signature_algorithm_class.new(**parameters)
       openssl_signature_algorithm.verify_key = verify_key
       openssl_signature_algorithm.verify(signature, info)
     rescue OpenSSL::SignatureAlgorithm::Error
@@ -55,16 +61,6 @@ module TPM
       @attest ||= TPM::SAttest.deserialize(info)
     end
-    def openssl_signature_algorithm_parameters
-      parameters = { hash_function: openssl_hash_function }
-      if public_area.ecc?
-        parameters[:curve] = public_area.openssl_curve_name
-      end
-      parameters
-    end
     def openssl_hash_function
       TPM_HASH_ALG_TO_OPENSSL[hash_algorithm] || raise("Unsupported hash algorithm #{hash_algorithm}")
     end

data/lib/tpm/key_attestation/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@
 module TPM
   class KeyAttestation
-    VERSION = "0.12.1"
+    VERSION = "0.13.0"
   end
 end

data/lib/tpm/t_public.rb CHANGED Viewed

@@ -4,6 +4,7 @@ require "bindata"
 require "openssl"
 require "tpm/constants"
 require "tpm/sized_buffer"
+require "tpm/tpms_ecc_point"
 require "tpm/t_public/s_ecc_parms"
 require "tpm/t_public/s_rsa_parms"
@@ -42,7 +43,7 @@ module TPM
     end
     choice :unique, selection: :alg_type do
-      sized_buffer TPM::ALG_ECC
+      tpms_ecc_point TPM::ALG_ECC
       sized_buffer TPM::ALG_RSA
     end
@@ -75,9 +76,13 @@ module TPM
     private
     def ecc_key
-      if parameters.scheme == TPM::ALG_ECDSA
+      case parameters.scheme
+      when TPM::ALG_ECDSA, TPM::ALG_NULL
         group = OpenSSL::PKey::EC::Group.new(openssl_curve_name)
-        point = OpenSSL::PKey::EC::Point.new(group, bn(ECC_UNCOMPRESSED_POINT_INDICATOR + unique.buffer.value))
+        point = OpenSSL::PKey::EC::Point.new(
+          group,
+          bn(ECC_UNCOMPRESSED_POINT_INDICATOR + unique.x.buffer.value + unique.y.buffer.value)
+        )
         # RFC5480 SubjectPublicKeyInfo
         asn1 = OpenSSL::ASN1::Sequence(

data/lib/tpm/tpms_ecc_point.rb ADDED Viewed

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+require "bindata"
+module TPM
+  class TpmsEccPoint < BinData::Record
+    endian :big
+    sized_buffer :x
+    sized_buffer :y
+  end
+end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tpm-key_attestation
 version: !ruby/object:Gem::Version
-  version: 0.12.1
+  version: 0.13.0
 platform: ruby
 authors:
 - Gonzalo
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-08-05 00:00:00.000000000 Z
+date: 2025-01-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bindata
@@ -76,6 +76,7 @@ files:
 - gemfiles/openssl_2_2.gemfile
 - gemfiles/openssl_3_0.gemfile
 - gemfiles/openssl_3_1.gemfile
+- gemfiles/openssl_3_2.gemfile
 - lib/tpm/aik_certificate.rb
 - lib/tpm/certificates/AMD/RootCA/AMD-fTPM-ECC-RootCA.crt
 - lib/tpm/certificates/AMD/RootCA/AMD-fTPM-RSA-RootCA.crt
@@ -115,6 +116,7 @@ files:
 - lib/tpm/t_public/s_ecc_parms.rb
 - lib/tpm/t_public/s_rsa_parms.rb
 - lib/tpm/tpm2b_name.rb
+- lib/tpm/tpms_ecc_point.rb
 - lib/tpm/tpmt_ha.rb
 - tpm-key_attestation.gemspec
 homepage: https://github.com/cedarcode/tpm-key_attestation