tpm-key_attestation 0.3.0 → 0.4.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +7 -0
  3. data/Gemfile.lock +1 -1
  4. data/README.md +2 -2
  5. data/lib/tpm/certify_validator.rb +19 -6
  6. data/lib/tpm/key_attestation.rb +6 -5
  7. data/lib/tpm/key_attestation/version.rb +1 -1
  8. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fbe3cdf38d6460a938f807e18343011b5b1222fd0a3451c40ca0675ea30e74b1
4
- data.tar.gz: 7bad2c9779bc3c15cb591ca6ca7a54ac0c608727166056360c31d77bc5cc23fd
3
+ metadata.gz: aa6a84bd8d758948be4dbb8ee8719205c70f049b841027f496c6f5c5c25362b0
4
+ data.tar.gz: ca4acf429c5ea3a819c34c8f5ae3053053efa81f1209c4f3152480096562ac1e
5
5
  SHA512:
6
- metadata.gz: 0ffae87bcd8326dcbaaad92e9d487843461ae07d67dc20b0934d1130de00b8c167553c072e8674a41214f330952b9b6bb39ada04d2f6aad2bf62c3748c056e14
7
- data.tar.gz: 2f650b3bd139b0db1c41eccbc99cd59f9a4af01454b94b31672cfad58c253c5c4cfc36ffccabc561b651d0b1a7789dc94420c8b680245cd1215053328ca2ce18
6
+ metadata.gz: 7a0a2dea4c9669fc3a7fdb01d1515987fc61974209414b3d3ec30875f799b0c2111ea40cc6f75f86ff2d95ec7975110905b9a36c27b88f0e09dd4ef2f7c90287
7
+ data.tar.gz: 0717bc921eba45a9eda3d347f6b70b45c2dfbfc231eba53e2dfddd2ba1f1b22d5fe3fce60ec6f7d79c035813a755e82830c07c64f7750b6e41ede257c3460430
data/CHANGELOG.md CHANGED
@@ -1,5 +1,11 @@
1
1
  # Changelog
2
2
 
3
+ ## [v0.4.0] - 2020-01-20
4
+
5
+ ### Added
6
+
7
+ - Suport verification of RSA-PSS key attestations
8
+
3
9
  ## [v0.3.0] - 2020-01-20
4
10
 
5
11
  ### Added
@@ -19,6 +25,7 @@
19
25
  - `TPM::EKCertificate` wrapper
20
26
  - `TPM::SAttest` wrapper
21
27
 
28
+ [v0.4.0]: https://github.com/cedarcode/tpm-key_attestation/compare/v0.3.0...v0.4.0/
22
29
  [v0.3.0]: https://github.com/cedarcode/tpm-key_attestation/compare/v0.2.0...v0.3.0/
23
30
  [v0.2.0]: https://github.com/cedarcode/tpm-key_attestation/compare/v0.1.0...v0.2.0/
24
31
  [v0.1.0]: https://github.com/cedarcode/tpm-key_attestation/compare/57c926ef7e83830cee8d111fdc5ccaf99ab2e861...v0.1.0/
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- tpm-key_attestation (0.2.0)
4
+ tpm-key_attestation (0.4.0)
5
5
  bindata (~> 2.4)
6
6
 
7
7
  GEM
data/README.md CHANGED
@@ -30,8 +30,8 @@ key_attestation =
30
30
  signature,
31
31
  certified_object,
32
32
  signing_key,
33
- hash_function,
34
- quilifying_data
33
+ quilifying_data,
34
+ algorithm: "RS256" # Supported values: "RS256", "PS256", "ES256" (default "RS256")
35
35
  )
36
36
 
37
37
  if key_attestation.valid?
data/lib/tpm/certify_validator.rb CHANGED
@@ -6,17 +6,18 @@ require "tpm/s_attest"
6
6
 
7
7
  module TPM
8
8
  class CertifyValidator
9
- attr_reader :info, :signature, :nonce, :object
9
+ attr_reader :info, :signature, :nonce, :object, :algorithm
10
10
 
11
- def initialize(info, signature, nonce, object)
11
+ def initialize(info, signature, nonce, object, algorithm: "RS256")
12
12
  @info = info
13
13
  @signature = signature
14
14
  @nonce = nonce
15
15
  @object = object
16
+ @algorithm = algorithm
16
17
  end
17
18
 
18
- def valid?(signing_key, hash_function)
19
- valid_info? && valid_signature?(signing_key, hash_function)
19
+ def valid?(signing_key)
20
+ valid_info? && valid_signature?(signing_key)
20
21
  end
21
22
 
22
23
  private
@@ -28,12 +29,24 @@ module TPM
28
29
  attest.attested.name.buffer == TPM::PublicArea.new(object).name
29
30
  end
30
31
 
31
- def valid_signature?(signing_key, hash_function)
32
- signing_key.verify(hash_function, signature, info)
32
+ def valid_signature?(signing_key)
33
+ if rsa_pss?
34
+ signing_key.verify_pss(hash_function, signature, info, salt_length: :auto, mgf1_hash: hash_function)
35
+ else
36
+ signing_key.verify(hash_function, signature, info)
37
+ end
33
38
  end
34
39
 
35
40
  def attest
36
41
  @attest ||= TPM::SAttest.deserialize(info)
37
42
  end
43
+
44
+ def hash_function
45
+ "SHA#{algorithm[2..-1]}"
46
+ end
47
+
48
+ def rsa_pss?
49
+ algorithm.start_with?("PS")
50
+ end
38
51
  end
39
52
  end
data/lib/tpm/key_attestation.rb CHANGED
@@ -7,15 +7,15 @@ module TPM
7
7
  class KeyAttestation
8
8
  class Error < StandardError; end
9
9
 
10
- attr_reader :certify_info, :signature, :certified_object, :signing_key, :hash_function, :qualifying_data
10
+ attr_reader :certify_info, :signature, :certified_object, :signing_key, :algorithm, :qualifying_data
11
11
 
12
- def initialize(certify_info, signature, certified_object, signing_key, hash_function, qualifying_data)
12
+ def initialize(certify_info, signature, certified_object, signing_key, qualifying_data, algorithm: "RS256")
13
13
  @certify_info = certify_info
14
14
  @signature = signature
15
15
 
16
16
  @certified_object = certified_object
17
17
  @signing_key = signing_key
18
- @hash_function = hash_function
18
+ @algorithm = algorithm
19
19
  @qualifying_data = qualifying_data
20
20
  end
21
21
 
@@ -26,7 +26,7 @@ module TPM
26
26
  end
27
27
 
28
28
  def valid?
29
- certify_validator.valid?(signing_key, hash_function)
29
+ certify_validator.valid?(signing_key)
30
30
  end
31
31
 
32
32
  private
@@ -37,7 +37,8 @@ module TPM
37
37
  certify_info,
38
38
  signature,
39
39
  qualifying_data,
40
- certified_object
40
+ certified_object,
41
+ algorithm: algorithm
41
42
  )
42
43
  end
43
44
 
data/lib/tpm/key_attestation/version.rb CHANGED
@@ -2,6 +2,6 @@
2
2
 
3
3
  module TPM
4
4
  class KeyAttestation
5
- VERSION = "0.3.0"
5
+ VERSION = "0.4.0"
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: tpm-key_attestation
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.0
4
+ version: 0.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Gonzalo