tpm-key_attestation 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +7 -0
  3. data/Gemfile.lock +1 -1
  4. data/README.md +2 -2
  5. data/lib/tpm/certify_validator.rb +19 -6
  6. data/lib/tpm/key_attestation.rb +6 -5
  7. data/lib/tpm/key_attestation/version.rb +1 -1
  8. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fbe3cdf38d6460a938f807e18343011b5b1222fd0a3451c40ca0675ea30e74b1
4
- data.tar.gz: 7bad2c9779bc3c15cb591ca6ca7a54ac0c608727166056360c31d77bc5cc23fd
3
+ metadata.gz: aa6a84bd8d758948be4dbb8ee8719205c70f049b841027f496c6f5c5c25362b0
4
+ data.tar.gz: ca4acf429c5ea3a819c34c8f5ae3053053efa81f1209c4f3152480096562ac1e
5
5
  SHA512:
6
- metadata.gz: 0ffae87bcd8326dcbaaad92e9d487843461ae07d67dc20b0934d1130de00b8c167553c072e8674a41214f330952b9b6bb39ada04d2f6aad2bf62c3748c056e14
7
- data.tar.gz: 2f650b3bd139b0db1c41eccbc99cd59f9a4af01454b94b31672cfad58c253c5c4cfc36ffccabc561b651d0b1a7789dc94420c8b680245cd1215053328ca2ce18
6
+ metadata.gz: 7a0a2dea4c9669fc3a7fdb01d1515987fc61974209414b3d3ec30875f799b0c2111ea40cc6f75f86ff2d95ec7975110905b9a36c27b88f0e09dd4ef2f7c90287
7
+ data.tar.gz: 0717bc921eba45a9eda3d347f6b70b45c2dfbfc231eba53e2dfddd2ba1f1b22d5fe3fce60ec6f7d79c035813a755e82830c07c64f7750b6e41ede257c3460430
data/CHANGELOG.md CHANGED
@@ -1,5 +1,11 @@
1
1
  # Changelog
2
2
 
3
+ ## [v0.4.0] - 2020-01-20
4
+
5
+ ### Added
6
+
7
+ - Suport verification of RSA-PSS key attestations
8
+
3
9
  ## [v0.3.0] - 2020-01-20
4
10
 
5
11
  ### Added
@@ -19,6 +25,7 @@
19
25
  - `TPM::EKCertificate` wrapper
20
26
  - `TPM::SAttest` wrapper
21
27
 
28
+ [v0.4.0]: https://github.com/cedarcode/tpm-key_attestation/compare/v0.3.0...v0.4.0/
22
29
  [v0.3.0]: https://github.com/cedarcode/tpm-key_attestation/compare/v0.2.0...v0.3.0/
23
30
  [v0.2.0]: https://github.com/cedarcode/tpm-key_attestation/compare/v0.1.0...v0.2.0/
24
31
  [v0.1.0]: https://github.com/cedarcode/tpm-key_attestation/compare/57c926ef7e83830cee8d111fdc5ccaf99ab2e861...v0.1.0/
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- tpm-key_attestation (0.2.0)
4
+ tpm-key_attestation (0.4.0)
5
5
  bindata (~> 2.4)
6
6
 
7
7
  GEM
data/README.md CHANGED
@@ -30,8 +30,8 @@ key_attestation =
30
30
  signature,
31
31
  certified_object,
32
32
  signing_key,
33
- hash_function,
34
- quilifying_data
33
+ quilifying_data,
34
+ algorithm: "RS256" # Supported values: "RS256", "PS256", "ES256" (default "RS256")
35
35
  )
36
36
 
37
37
  if key_attestation.valid?
data/lib/tpm/certify_validator.rb CHANGED
@@ -6,17 +6,18 @@ require "tpm/s_attest"
6
6
 
7
7
  module TPM
8
8
  class CertifyValidator
9
- attr_reader :info, :signature, :nonce, :object
9
+ attr_reader :info, :signature, :nonce, :object, :algorithm
10
10
 
11
- def initialize(info, signature, nonce, object)
11
+ def initialize(info, signature, nonce, object, algorithm: "RS256")
12
12
  @info = info
13
13
  @signature = signature
14
14
  @nonce = nonce
15
15
  @object = object
16
+ @algorithm = algorithm
16
17
  end
17
18
 
18
- def valid?(signing_key, hash_function)
19
- valid_info? && valid_signature?(signing_key, hash_function)
19
+ def valid?(signing_key)
20
+ valid_info? && valid_signature?(signing_key)
20
21
  end
21
22
 
22
23
  private
@@ -28,12 +29,24 @@ module TPM
28
29
  attest.attested.name.buffer == TPM::PublicArea.new(object).name
29
30
  end
30
31
 
31
- def valid_signature?(signing_key, hash_function)
32
- signing_key.verify(hash_function, signature, info)
32
+ def valid_signature?(signing_key)
33
+ if rsa_pss?
34
+ signing_key.verify_pss(hash_function, signature, info, salt_length: :auto, mgf1_hash: hash_function)
35
+ else
36
+ signing_key.verify(hash_function, signature, info)
37
+ end
33
38
  end
34
39
 
35
40
  def attest
36
41
  @attest ||= TPM::SAttest.deserialize(info)
37
42
  end
43
+
44
+ def hash_function
45
+ "SHA#{algorithm[2..-1]}"
46
+ end
47
+
48
+ def rsa_pss?
49
+ algorithm.start_with?("PS")
50
+ end
38
51
  end
39
52
  end
data/lib/tpm/key_attestation.rb CHANGED
@@ -7,15 +7,15 @@ module TPM
7
7
  class KeyAttestation
8
8
  class Error < StandardError; end
9
9
 
10
- attr_reader :certify_info, :signature, :certified_object, :signing_key, :hash_function, :qualifying_data
10
+ attr_reader :certify_info, :signature, :certified_object, :signing_key, :algorithm, :qualifying_data
11
11
 
12
- def initialize(certify_info, signature, certified_object, signing_key, hash_function, qualifying_data)
12
+ def initialize(certify_info, signature, certified_object, signing_key, qualifying_data, algorithm: "RS256")
13
13
  @certify_info = certify_info
14
14
  @signature = signature
15
15
 
16
16
  @certified_object = certified_object
17
17
  @signing_key = signing_key
18
- @hash_function = hash_function
18
+ @algorithm = algorithm
19
19
  @qualifying_data = qualifying_data
20
20
  end
21
21
 
@@ -26,7 +26,7 @@ module TPM
26
26
  end
27
27
 
28
28
  def valid?
29
- certify_validator.valid?(signing_key, hash_function)
29
+ certify_validator.valid?(signing_key)
30
30
  end
31
31
 
32
32
  private
@@ -37,7 +37,8 @@ module TPM
37
37
  certify_info,
38
38
  signature,
39
39
  qualifying_data,
40
- certified_object
40
+ certified_object,
41
+ algorithm: algorithm
41
42
  )
42
43
  end
43
44
 
data/lib/tpm/key_attestation/version.rb CHANGED
@@ -2,6 +2,6 @@
2
2
 
3
3
  module TPM
4
4
  class KeyAttestation
5
- VERSION = "0.3.0"
5
+ VERSION = "0.4.0"
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: tpm-key_attestation
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.0
4
+ version: 0.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Gonzalo