tpm-key_attestation 0.14.0 → 0.14.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0a92767d4ddd0efcb039e6c5453f77036bb03ff7bd47a0a0aedf831f12e2645c
-  data.tar.gz: 287110f2d3c8e3945d4eced73103371d40e9d5ca3a00f50a99c209b0df1efa6a
+  metadata.gz: ac67cd1f8602f280de57b3a79c3d9d2f204ee1d94957bc0f6fab02a5d8266bc1
+  data.tar.gz: 2fac7ff34e04e53b94d2b98c3dddac46a32539d577c6ef37bd2bb82a9b742cf6
 SHA512:
-  metadata.gz: e1c2d352b315b796655a0ede9c11383547a902c803f8815354f934090c5a3d683d32426f8fd537f1a76f6eb6784ea5688065bb6008da52e204bb0c6ac9dc5c9f
-  data.tar.gz: 19d3dbb264e6720af1731296aed09549a080119f2af1ee5174ca5ae07c9102b8669ce597bd7df5b7932efbf0c7ac21272e6ed6a033ace8158e5d7d64a3b460fe
+  metadata.gz: 9e1a57b93516d73c96a8511cf9829f520bda4945dce30de0ea6a4b2d82ec8e61409f7cc2fa406c322cfb88a8e5d31afdd1b116713f142b560d4937fe258c4cec
+  data.tar.gz: ab57e0026ee79af4de43959785435612f65b776e44ba0dfe17c12e070717630ea758e76adb401f8e045bbeb6bc51ca55cc19b369e46f466d2218bf55b9763bd3

data/.github/actions/install-openssl/action.yml

@@ -0,0 +1,36 @@
+name: Install OpenSSL
+inputs:
+  version:
+    description: 'The version of OpenSSL to install'
+    required: true
+  os:
+    description: 'The operating system to install OpenSSL on'
+    required: true
+runs:
+  using: 'composite'
+  steps:
+    - name: Cache OpenSSL library
+      id: cache-openssl
+      uses: actions/cache@v4
+      with:
+        path: ~/openssl
+        key: openssl-${{ inputs.version }}-${{ inputs.os }}
+
+    - name: Compile OpenSSL library
+      if: steps.cache-openssl.outputs.cache-hit != 'true'
+      shell: bash
+      run: |
+        mkdir -p tmp/build-openssl && cd tmp/build-openssl
+        case ${{ inputs.version }} in
+        1.1.*)
+          OPENSSL_COMMIT=OpenSSL_
+          OPENSSL_COMMIT+=$(echo ${{ inputs.version  }} | sed -e 's/\./_/g')
+          git clone -b $OPENSSL_COMMIT --depth 1 https://github.com/openssl/openssl.git .
+          echo "Git commit: $(git rev-parse HEAD)"
+          ./Configure --prefix=$HOME/openssl --libdir=lib linux-x86_64
+          make depend && make -j4 && make install_sw
+          ;;
+        *)
+          echo "Don't know how to build OpenSSL ${{ inputs.version }}"
+          ;;
+        esac

data/.github/actions/install-ruby/action.yml

@@ -0,0 +1,68 @@
+name: Install Ruby
+inputs:
+  version:
+    description: 'The version of Ruby to install'
+    required: true
+  os:
+    description: 'The operating system to install Ruby on'
+    required: true
+runs:
+  using: 'composite'
+  steps:
+    - name: Cache Ruby
+      id: ruby-cache
+      uses: actions/cache@v4
+      with:
+        path: ~/rubies/ruby-${{ inputs.version }}
+        key: ruby-${{ inputs.version }}-${{ inputs.os }}-openssl-1.1.1w
+
+    - name: Install Ruby
+      if: steps.ruby-cache.outputs.cache-hit != 'true'
+      shell: bash
+      run: |
+        latest_patch=$(curl -s https://cache.ruby-lang.org/pub/ruby/${{ inputs.version }}/ \
+           | grep -oP "ruby-${{ inputs.version }}\.\d+\.tar\.xz" \
+           | grep -oP "\d+(?=\.tar\.xz)" \
+           | sort -V | tail -n 1)
+
+        wget https://cache.ruby-lang.org/pub/ruby/${{ inputs.version }}/ruby-${{ inputs.version }}.${latest_patch}.tar.xz
+        tar -xJvf ruby-${{ inputs.version }}.${latest_patch}.tar.xz
+        cd ruby-${{ inputs.version }}.${latest_patch}
+        ./configure --prefix=$HOME/rubies/ruby-${{ inputs.version }} --with-openssl-dir=$HOME/openssl
+        make
+        make install
+
+    - name: Update PATH
+      shell: bash
+      run: |
+        echo "~/rubies/ruby-${{ inputs.version }}/bin" >> $GITHUB_PATH
+
+    - name: Install Bundler
+      shell: bash
+      run: |
+        case ${{ inputs.version }} in
+        2.7* | 3.*)
+          echo "Skipping Bundler installation for Ruby ${{ inputs.version }}"
+          ;;
+        2.5* | 2.6*)
+          gem install bundler -v '~> 2.3.0'
+          ;;
+        *)
+          echo "Don't know how to install Bundler for Ruby ${{ inputs.version }}"
+          ;;
+        esac
+
+    - name: Cache Bundler Install
+      id: bundler-cache
+      uses: actions/cache@v4
+      env:
+        GEMFILE: ${{ env.BUNDLE_GEMFILE || 'Gemfile' }}
+      with:
+        path: ./vendor/bundle
+        key: bundler-ruby-${{ inputs.version }}-${{ inputs.os }}-${{ hashFiles(env.Gemfile, 'tpm-key_attestation.gemspec') }}
+
+    - name: Install dependencies
+      shell: bash
+      run: |
+        bundle config set --local path ../vendor/bundle
+        bundle install

data/.github/workflows/build.yml

@@ -7,23 +7,35 @@
 
 name: build
 
-on:  
-  push:
-    branches: [master]
-  pull_request:
-    types: [opened, synchronize]
+on: push
 
 jobs:
+  lint:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v4
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '3.4'
+          bundler-cache: true
+
+      - name: Lint code for consistent style
+        run: bundle exec rubocop -f github
   test:
     runs-on: ${{ matrix.os }}
     strategy:
       fail-fast: false
       matrix:
         os:
-          - ubuntu-20.04
+          - ubuntu-24.04
           - windows-latest
           - macos-13
         ruby:
+          - '3.4'
           - '3.3'
           - '3.2'
           - '3.1'
@@ -38,6 +50,7 @@ jobs:
           - openssl_3_0
           - openssl_3_1
           - openssl_3_2
+          - openssl_3_3
         exclude:
           - ruby: '2.4'
             gemfile: openssl_3_0
@@ -53,6 +66,12 @@ jobs:
             gemfile: openssl_3_2
           - ruby: '2.6'
             gemfile: openssl_3_2
+          - ruby: '2.4'
+            gemfile: openssl_3_3
+          - ruby: '2.5'
+            gemfile: openssl_3_3
+          - ruby: '2.6'
+            gemfile: openssl_3_3
           - ruby: '3.1'
             gemfile: openssl_2_2
             os: macos-13
@@ -83,13 +102,48 @@ jobs:
           - ruby: '3.3'
             gemfile: openssl_2_1
             os: windows-latest
+          - ruby: '3.4'
+            gemfile: openssl_2_2
+            os: macos-13
+          - ruby: '3.4'
+            gemfile: openssl_2_1
+            os: macos-13
+          - ruby: '3.4'
+            gemfile: openssl_2_2
+            os: windows-latest
+          - ruby: '3.4'
+            gemfile: openssl_2_1
+            os: windows-latest
+          - ruby: '3.4'
+            gemfile: openssl_3_0
+            os: windows-latest
+          - ruby: '2.4'
+            os: ubuntu-24.04
     env:
       BUNDLE_GEMFILE: gemfiles/${{ matrix.gemfile }}.gemfile
     steps:
     - uses: actions/checkout@v4
+
     - run: rm Gemfile.lock
+
+    - name: Install OpenSSL
+      if: matrix.os == 'ubuntu-24.04'
+      uses: ./.github/actions/install-openssl
+      with:
+        version: "1.1.1w"
+        os: ${{ matrix.os }}
+
     - uses: ruby/setup-ruby@v1
+      if: matrix.os != 'ubuntu-24.04'
       with:
         ruby-version: ${{ matrix.ruby }}
         bundler-cache: true
-    - run: bundle exec rake
+
+    - name: Manually set up Ruby
+      if: matrix.os == 'ubuntu-24.04'
+      uses: ./.github/actions/install-ruby
+      with:
+        version: ${{ matrix.ruby }}
+        os: ${{ matrix.os }}
+
+    - run: bundle exec rspec

data/Appraisals

@@ -19,3 +19,7 @@ end
 appraise "openssl_3_2" do
   gem "openssl", "~> 3.2.0"
 end
+
+appraise "openssl_3_3" do
+  gem "openssl", "~> 3.3.0"
+end

data/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Changelog
 
+## [v0.14.1] - 2025-05-23
+
+### Fixed
+
+- Support for OpenSSL 3.5+ `OID` values returned from the extensions created by `OpenSSL::X509::ExtensionFactory`. [@nicolastemciuc]
+
 ## [v0.14.0] - 2025-02-06
 
 - Handle incompatibility between `parameters` and `unique` in `TPublic`. [@nicolastemciuc], [@santiagorodriguez96]
@@ -93,6 +99,8 @@ replacement of `JOSE` format `algorithm` string
 - `TPM::EKCertificate` wrapper
 - `TPM::SAttest` wrapper
 
+[v0.14.1]: https://github.com/cedarcode/tpm-key_attestation/compare/v0.14.0...v0.14.1/
+[v0.14.0]: https://github.com/cedarcode/tpm-key_attestation/compare/v0.13.1...v0.14.0/
 [v0.13.1]: https://github.com/cedarcode/tpm-key_attestation/compare/v0.13.0...v0.13.1/
 [v0.13.0]: https://github.com/cedarcode/tpm-key_attestation/compare/v0.12.1...v0.13.0/
 [v0.12.0]: https://github.com/cedarcode/tpm-key_attestation/compare/v0.11.0...v0.12.0/

data/Gemfile

@@ -9,4 +9,4 @@ gem "appraisal", "~> 2.5.0"
 gem "byebug", "~> 11.0"
 gem "rake", "~> 13.0"
 gem "rspec", "~> 3.0"
-gem "rubocop", "~> 0.80.1"
+gem "rubocop", "~> 1"

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    tpm-key_attestation (0.14.0)
+    tpm-key_attestation (0.14.1)
       bindata (~> 2.4)
       openssl (> 2.0)
       openssl-signature_algorithm (~> 1.0)
@@ -17,18 +17,20 @@ GEM
     bindata (2.5.0)
     byebug (11.1.3)
     diff-lcs (1.5.1)
-    jaro_winkler (1.5.6)
+    json (2.10.1)
+    language_server-protocol (3.17.0.4)
+    lint_roller (1.1.0)
     openssl (3.2.0)
     openssl-signature_algorithm (1.3.0)
       openssl (> 2.0)
     parallel (1.26.3)
-    parser (3.3.6.0)
+    parser (3.3.7.1)
       ast (~> 2.4.1)
       racc
     racc (1.8.1)
     rainbow (3.1.1)
     rake (13.2.1)
-    rexml (3.3.9)
+    regexp_parser (2.10.0)
     rspec (3.13.0)
       rspec-core (~> 3.13.0)
       rspec-expectations (~> 3.13.0)
@@ -42,17 +44,24 @@ GEM
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
     rspec-support (3.13.2)
-    rubocop (0.80.1)
-      jaro_winkler (~> 1.5.1)
+    rubocop (1.72.2)
+      json (~> 2.3)
+      language_server-protocol (~> 3.17.0.2)
+      lint_roller (~> 1.1.0)
       parallel (~> 1.10)
-      parser (>= 2.7.0.1)
+      parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
-      rexml
+      regexp_parser (>= 2.9.3, < 3.0)
+      rubocop-ast (>= 1.38.0, < 2.0)
       ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 1.4.0, < 1.7)
+      unicode-display_width (>= 2.4.0, < 4.0)
+    rubocop-ast (1.38.0)
+      parser (>= 3.3.1.0)
     ruby-progressbar (1.13.0)
     thor (1.3.2)
-    unicode-display_width (1.6.1)
+    unicode-display_width (3.1.4)
+      unicode-emoji (~> 4.0, >= 4.0.4)
+    unicode-emoji (4.0.4)
 
 PLATFORMS
   ruby
@@ -62,7 +71,7 @@ DEPENDENCIES
   byebug (~> 11.0)
   rake (~> 13.0)
   rspec (~> 3.0)
-  rubocop (~> 0.80.1)
+  rubocop (~> 1)
   tpm-key_attestation!
 
 BUNDLED WITH

data/gemfiles/openssl_2_1.gemfile

@@ -6,7 +6,7 @@ gem "appraisal", "~> 2.5.0"
 gem "byebug", "~> 11.0"
 gem "rake", "~> 13.0"
 gem "rspec", "~> 3.0"
-gem "rubocop", "~> 0.80.1"
+gem "rubocop", "~> 1"
 gem "openssl", "~> 2.1.0"
 
 gemspec path: "../"

data/gemfiles/openssl_2_2.gemfile

@@ -6,7 +6,7 @@ gem "appraisal", "~> 2.5.0"
 gem "byebug", "~> 11.0"
 gem "rake", "~> 13.0"
 gem "rspec", "~> 3.0"
-gem "rubocop", "~> 0.80.1"
+gem "rubocop", "~> 1"
 gem "openssl", "~> 2.2.0"
 
 gemspec path: "../"

data/gemfiles/openssl_3_0.gemfile

@@ -6,7 +6,7 @@ gem "appraisal", "~> 2.5.0"
 gem "byebug", "~> 11.0"
 gem "rake", "~> 13.0"
 gem "rspec", "~> 3.0"
-gem "rubocop", "~> 0.80.1"
+gem "rubocop", "~> 1"
 gem "openssl", "~> 3.0.0"
 
 gemspec path: "../"

data/gemfiles/openssl_3_1.gemfile

@@ -6,7 +6,7 @@ gem "appraisal", "~> 2.5.0"
 gem "byebug", "~> 11.0"
 gem "rake", "~> 13.0"
 gem "rspec", "~> 3.0"
-gem "rubocop", "~> 0.80.1"
+gem "rubocop", "~> 1"
 gem "openssl", "~> 3.1.0"
 
 gemspec path: "../"

data/gemfiles/openssl_3_2.gemfile

@@ -6,7 +6,7 @@ gem "appraisal", "~> 2.5.0"
 gem "byebug", "~> 11.0"
 gem "rake", "~> 13.0"
 gem "rspec", "~> 3.0"
-gem "rubocop", "~> 0.80.1"
+gem "rubocop", "~> 1"
 gem "openssl", "~> 3.2.0"
 
 gemspec path: "../"

data/gemfiles/openssl_3_3.gemfile

@@ -0,0 +1,12 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "appraisal", "~> 2.5.0"
+gem "byebug", "~> 11.0"
+gem "rake", "~> 13.0"
+gem "rspec", "~> 3.0"
+gem "rubocop", "~> 1"
+gem "openssl", "~> 3.3.0"
+
+gemspec path: "../"

data/lib/tpm/aik_certificate.rb

@@ -3,6 +3,7 @@
 require "delegate"
 require "openssl"
 require "tpm/constants"
+require "tpm/openssl_helper"
 
 module TPM
   # Section 3.2 in https://www.trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_EK_V2.0_R14_published.pdf
@@ -10,11 +11,19 @@ module TPM
     ASN_V3 = 2
     EMPTY_NAME = OpenSSL::X509::Name.new([]).freeze
     SAN_DIRECTORY_NAME = 4
-    OID_TCG = "2.23.133"
-    OID_TCG_AT_TPM_MANUFACTURER = "#{OID_TCG}.2.1"
-    OID_TCG_AT_TPM_MODEL = "#{OID_TCG}.2.2"
-    OID_TCG_AT_TPM_VERSION = "#{OID_TCG}.2.3"
-    OID_TCG_KP_AIK_CERTIFICATE = "#{OID_TCG}.8.3"
+
+    if TPM::OpenSSLHelper.running_openssl_version_35_or_up?
+      OID_TCG_AT_TPM_MANUFACTURER = "tcg-at-tpmManufacturer"
+      OID_TCG_AT_TPM_MODEL = "tcg-at-tpmModel"
+      OID_TCG_AT_TPM_VERSION = "tcg-at-tpmVersion"
+      OID_TCG_KP_AIK_CERTIFICATE = "Attestation Identity Key Certificate"
+    else
+      OID_TCG = "2.23.133"
+      OID_TCG_AT_TPM_MANUFACTURER = "#{OID_TCG}.2.1"
+      OID_TCG_AT_TPM_MODEL = "#{OID_TCG}.2.2"
+      OID_TCG_AT_TPM_VERSION = "#{OID_TCG}.2.3"
+      OID_TCG_KP_AIK_CERTIFICATE = "#{OID_TCG}.8.3"
+    end
 
     def self.from_der(certificate_der)
       new(OpenSSL::X509::Certificate.new(certificate_der))

data/lib/tpm/key_attestation/version.rb

@@ -2,6 +2,6 @@
 
 module TPM
   class KeyAttestation
-    VERSION = "0.14.0"
+    VERSION = "0.14.1"
   end
 end

data/lib/tpm/openssl_helper.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module TPM
+  module OpenSSLHelper
+    def self.running_openssl_version_35_or_up?
+      OpenSSL::OPENSSL_LIBRARY_VERSION.match(/\d+\.\d+\.\d+/).to_s >= "3.5.0"
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tpm-key_attestation
 version: !ruby/object:Gem::Version
-  version: 0.14.0
+  version: 0.14.1
 platform: ruby
 authors:
 - Gonzalo
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-02-06 00:00:00.000000000 Z
+date: 2025-06-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bindata
@@ -58,6 +58,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/actions/install-openssl/action.yml"
+- ".github/actions/install-ruby/action.yml"
 - ".github/workflows/build.yml"
 - ".gitignore"
 - ".rspec"
@@ -77,6 +79,7 @@ files:
 - gemfiles/openssl_3_0.gemfile
 - gemfiles/openssl_3_1.gemfile
 - gemfiles/openssl_3_2.gemfile
+- gemfiles/openssl_3_3.gemfile
 - lib/tpm/aik_certificate.rb
 - lib/tpm/certificates/AMD/RootCA/AMD-fTPM-ECC-RootCA.crt
 - lib/tpm/certificates/AMD/RootCA/AMD-fTPM-RSA-RootCA.crt
@@ -108,6 +111,7 @@ files:
 - lib/tpm/constants.rb
 - lib/tpm/key_attestation.rb
 - lib/tpm/key_attestation/version.rb
+- lib/tpm/openssl_helper.rb
 - lib/tpm/public_area.rb
 - lib/tpm/s_attest.rb
 - lib/tpm/s_attest/s_certify_info.rb