@motebit/crypto-tpm 1.0.0

package/dist/tpm-parse.js

@@ -0,0 +1,170 @@
+/**
+ * Minimal TPM 2.0 binary-format parser.
+ *
+ * The TPM marshals structured data as big-endian size-prefixed bytes —
+ * distinct from CBOR / DER / JSON and wholly specific to the TCG's TPM
+ * Structures specification. Verification of a TPM quote requires
+ * extracting exactly three fields from the `TPMS_ATTEST` structure:
+ *
+ *   - `magic`           — 4-byte constant, must equal `TPM_GENERATED_VALUE`.
+ *   - `type`            — 2-byte constant, `TPM_ST_ATTEST_QUOTE` for quotes.
+ *   - `qualifiedSigner` — length-prefixed `TPM2B_NAME`, identifies the AK.
+ *   - `extraData`       — length-prefixed `TPM2B_DATA`, this is where
+ *                         motebit threads the identity binding.
+ *
+ * We deliberately skip the remainder (clockInfo, firmwareVersion, the
+ * attested quote body containing PCR digests) — motebit's claim is
+ * about identity binding, not platform-state attestation. The body's
+ * signature (produced by TPM2_Quote using the AK) covers the entire
+ * serialized `TPMS_ATTEST`; any byte drift would invalidate it.
+ *
+ * Hand-rolled over `node-tpm2-pts`: the parser is ~80 LOC and covers
+ * exactly our needs. Pulling a dep for that would cross a larger
+ * attack surface than the struct we parse.
+ *
+ * References:
+ *   - TCG TPM 2.0 Library, Part 2: Structures — §10.12 `TPMS_ATTEST`.
+ *   - TCG TPM 2.0 Library, Part 1: Architecture — §36.1 `TPM2B_*` types.
+ */
+/** Constant magic value every TPM-signed attest carries. */
+export const TPM_GENERATED_VALUE = 0xff544347; // ASCII "ÿTCG"
+/** `TPM_ST_ATTEST_QUOTE` — the structure-tag identifying a quote attestation. */
+export const TPM_ST_ATTEST_QUOTE = 0x8018;
+/**
+ * Parse a TPM 2.0 `TPMS_ATTEST` structure. Throws on malformed input;
+ * the outer `verify.ts` catches and converts to the fail-closed result
+ * shape.
+ *
+ * Wire layout:
+ *   uint32 magic                     ; 4 bytes
+ *   uint16 type                      ; 2 bytes
+ *   TPM2B_NAME qualifiedSigner       ; uint16 size || bytes
+ *   TPM2B_DATA extraData             ; uint16 size || bytes
+ *   TPMS_CLOCK_INFO clockInfo        ; 17 bytes (fixed)
+ *   uint64 firmwareVersion           ; 8 bytes
+ *   TPMU_ATTEST attested             ; variable, tag-specific
+ *
+ * We extract magic / type / qualifiedSigner / extraData and stash the
+ * rest in `trailer` so the caller can reconstruct the full signed
+ * bytes when verifying the AK signature. The caller retains the
+ * original buffer; this view points into it via length-accurate
+ * subarray copies.
+ */
+export function parseTpmsAttest(bytes) {
+    if (bytes.length < 4 + 2 + 2 + 2) {
+        throw new Error(`TPMS_ATTEST too short: ${bytes.length} bytes (need at least 10 for header fields)`);
+    }
+    const reader = new TpmReader(bytes);
+    const magic = reader.readUint32();
+    const type = reader.readUint16();
+    const qualifiedSigner = reader.readTpm2B();
+    const extraData = reader.readTpm2B();
+    const trailer = reader.remaining();
+    return { magic, type, qualifiedSigner, extraData, trailer };
+}
+/**
+ * Build a minimal `TPMS_ATTEST` byte sequence for tests.
+ *
+ * Tests fabricate a valid-shape attest so the verifier's parsing +
+ * extraData-binding code paths exercise without a real TPM. Production
+ * minting lives in the Rust bridge — never call `composeTpmsAttest`
+ * outside `__tests__/` or you'll drift from what a real TPM would sign.
+ *
+ * `trailer` defaults to a deterministic 17-byte clockInfo + 8-byte
+ * firmwareVersion filler + 4-byte quote filler so the resulting bytes
+ * pass the minimum-length check during parsing; tests that need the
+ * real trailing fields can override.
+ */
+export function composeTpmsAttestForTest(input) {
+    const magic = input.magic ?? TPM_GENERATED_VALUE;
+    const type = input.type ?? TPM_ST_ATTEST_QUOTE;
+    const trailer = input.trailer ?? new Uint8Array(17 + 8 + 4);
+    const out = new TpmWriter();
+    out.writeUint32(magic);
+    out.writeUint16(type);
+    out.writeTpm2B(input.qualifiedSigner);
+    out.writeTpm2B(input.extraData);
+    out.writeRaw(trailer);
+    return out.toBytes();
+}
+// ── Internal helpers ────────────────────────────────────────────────
+class TpmReader {
+    bytes;
+    offset = 0;
+    constructor(bytes) {
+        this.bytes = bytes;
+    }
+    readUint16() {
+        if (this.offset + 2 > this.bytes.length) {
+            throw new Error(`TPM reader: uint16 at offset ${this.offset} would overrun buffer`);
+        }
+        const hi = this.bytes[this.offset];
+        const lo = this.bytes[this.offset + 1];
+        this.offset += 2;
+        return (hi << 8) | lo;
+    }
+    readUint32() {
+        if (this.offset + 4 > this.bytes.length) {
+            throw new Error(`TPM reader: uint32 at offset ${this.offset} would overrun buffer`);
+        }
+        const b0 = this.bytes[this.offset];
+        const b1 = this.bytes[this.offset + 1];
+        const b2 = this.bytes[this.offset + 2];
+        const b3 = this.bytes[this.offset + 3];
+        this.offset += 4;
+        // Use unsigned-right-shift by 0 to force a non-negative 32-bit value.
+        return ((b0 << 24) | (b1 << 16) | (b2 << 8) | b3) >>> 0;
+    }
+    readTpm2B() {
+        const size = this.readUint16();
+        if (this.offset + size > this.bytes.length) {
+            throw new Error(`TPM reader: TPM2B length ${size} at offset ${this.offset} would overrun buffer ` +
+                `(length ${this.bytes.length})`);
+        }
+        const value = this.bytes.subarray(this.offset, this.offset + size);
+        this.offset += size;
+        // Return a detached copy — consumers may treat the result as owned.
+        return new Uint8Array(value);
+    }
+    remaining() {
+        const rest = this.bytes.subarray(this.offset);
+        return new Uint8Array(rest);
+    }
+}
+class TpmWriter {
+    chunks = [];
+    writeUint16(v) {
+        const buf = new Uint8Array(2);
+        buf[0] = (v >> 8) & 0xff;
+        buf[1] = v & 0xff;
+        this.chunks.push(buf);
+    }
+    writeUint32(v) {
+        const buf = new Uint8Array(4);
+        buf[0] = (v >>> 24) & 0xff;
+        buf[1] = (v >>> 16) & 0xff;
+        buf[2] = (v >>> 8) & 0xff;
+        buf[3] = v & 0xff;
+        this.chunks.push(buf);
+    }
+    writeTpm2B(bytes) {
+        this.writeUint16(bytes.length);
+        this.chunks.push(new Uint8Array(bytes));
+    }
+    writeRaw(bytes) {
+        this.chunks.push(new Uint8Array(bytes));
+    }
+    toBytes() {
+        let total = 0;
+        for (const c of this.chunks)
+            total += c.length;
+        const out = new Uint8Array(total);
+        let at = 0;
+        for (const c of this.chunks) {
+            out.set(c, at);
+            at += c.length;
+        }
+        return out;
+    }
+}
+//# sourceMappingURL=tpm-parse.js.map

package/dist/tpm-parse.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tpm-parse.js","sourceRoot":"","sources":["../src/tpm-parse.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAEH,4DAA4D;AAC5D,MAAM,CAAC,MAAM,mBAAmB,GAAG,UAAU,CAAC,CAAC,eAAe;AAE9D,iFAAiF;AACjF,MAAM,CAAC,MAAM,mBAAmB,GAAG,MAAM,CAAC;AAqB1C;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,UAAU,eAAe,CAAC,KAAiB;IAC/C,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CACb,0BAA0B,KAAK,CAAC,MAAM,6CAA6C,CACpF,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC,KAAK,CAAC,CAAC;IACpC,MAAM,KAAK,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAClC,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IACjC,MAAM,eAAe,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC;IAC3C,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC;IACrC,MAAM,OAAO,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC;IAEnC,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,eAAe,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC;AAC9D,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,wBAAwB,CAAC,KAMxC;IACC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,IAAI,mBAAmB,CAAC;IACjD,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,IAAI,mBAAmB,CAAC;IAC/C,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,IAAI,IAAI,UAAU,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;IAE5D,MAAM,GAAG,GAAG,IAAI,SAAS,EAAE,CAAC;IAC5B,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;IACvB,GAAG,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;IACtB,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;IACtC,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;IAChC,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IACtB,OAAO,GAAG,CAAC,OAAO,EAAE,CAAC;AACvB,CAAC;AAED,uEAAuE;AAEvE,MAAM,SAAS;IAEgB;IADrB,MAAM,GAAG,CAAC,CAAC;IACnB,YAA6B,KAAiB;QAAjB,UAAK,GAAL,KAAK,CAAY;IAAG,CAAC;IAElD,UAAU;QACR,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CAAC,gCAAgC,IAAI,CAAC,MAAM,uBAAuB,CAAC,CAAC;QACtF,CAAC;QACD,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAE,CAAC;QACpC,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAE,CAAC;QACxC,IAAI,CAAC,MAAM,IAAI,CAAC,CAAC;QACjB,OAAO,CAAC,EAAE,IAAI,CAAC,CAAC,GAAG,EAAE,CAAC;IACxB,CAAC;IAED,UAAU;QACR,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CAAC,gCAAgC,IAAI,CAAC,MAAM,uBAAuB,CAAC,CAAC;QACtF,CAAC;QACD,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAE,CAAC;QACpC,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAE,CAAC;QACxC,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAE,CAAC;QACxC,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAE,CAAC;QACxC,IAAI,CAAC,MAAM,IAAI,CAAC,CAAC;QACjB,sEAAsE;QACtE,OAAO,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC;IAC1D,CAAC;IAED,SAAS;QACP,MAAM,IAAI,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QAC/B,IAAI,IAAI,CAAC,MAAM,GAAG,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;YAC3C,MAAM,IAAI,KAAK,CACb,4BAA4B,IAAI,cAAc,IAAI,CAAC,MAAM,wBAAwB;gBAC/E,WAAW,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,CAClC,CAAC;QACJ,CAAC;QACD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;QACnE,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC;QACpB,oEAAoE;QACpE,OAAO,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC;IAC/B,CAAC;IAED,SAAS;QACP,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC9C,OAAO,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC;IAC9B,CAAC;CACF;AAED,MAAM,SAAS;IACL,MAAM,GAAiB,EAAE,CAAC;IAElC,WAAW,CAAC,CAAS;QACnB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;QAC9B,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC;QACzB,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;QAClB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACxB,CAAC;IAED,WAAW,CAAC,CAAS;QACnB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC;QAC9B,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC,GAAG,IAAI,CAAC;QAC3B,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC,GAAG,IAAI,CAAC;QAC3B,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,IAAI,CAAC;QAC1B,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;QAClB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACxB,CAAC;IAED,UAAU,CAAC,KAAiB;QAC1B,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC/B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;IAC1C,CAAC;IAED,QAAQ,CAAC,KAAiB;QACxB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;IAC1C,CAAC;IAED,OAAO;QACL,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,MAAM;YAAE,KAAK,IAAI,CAAC,CAAC,MAAM,CAAC;QAC/C,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC;QAClC,IAAI,EAAE,GAAG,CAAC,CAAC;QACX,KAAK,MAAM,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAC5B,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACf,EAAE,IAAI,CAAC,CAAC,MAAM,CAAC;QACjB,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;CACF"}

package/dist/tpm-roots.d.ts

@@ -0,0 +1,90 @@
+/**
+ * Pinned TPM 2.0 Endorsement-Key vendor root certificates.
+ *
+ * Every `platform: "tpm"` hardware-attestation claim must chain to one of
+ * the root CAs listed here. Pinning is the self-attesting contract — a
+ * verifier that dynamically fetched vendor CAs could not be reproduced
+ * by a third-party audit. By committing the exact bytes of the CAs we
+ * accept, anyone can audit this file, pin the same bytes in their own
+ * verifier, and reach the same yes/no answer.
+ *
+ * The TPM ecosystem is multi-vendor by design: every Windows 11 device
+ * ships with TPM 2.0 (Microsoft's mandatory requirement), every modern
+ * Linux-on-x86 laptop has one, every Mac with a T2 chip has one. Each
+ * vendor maintains a public CA bundle rooted at their Endorsement-Key
+ * issuer. The motebit policy pins the four most common:
+ *
+ *   - Infineon          (`OptigaTrustM`, `SLB966x` families)
+ *   - Nuvoton            (`NPCT7xx` family)
+ *   - STMicroelectronics (`ST33TPHF2ESPI`, `ST33HTPH2E32AHB3` families)
+ *   - Intel PTT          (firmware TPM bundled with Intel CSME)
+ *
+ * AMD fTPM (firmware TPM bundled with AMD PSP) uses a vendor-signed
+ * chain that roots to AMD's EK CA; that root is additive and lands in
+ * a subsequent pass once the first AMD-shaped test vector is captured.
+ *
+ * ## Operator follow-up — ship-blocking for production rollout
+ *
+ * The PEMs below are declared as exported constants so the test suite
+ * exercises the same chain-verification code path end-to-end. For a
+ * production ship, an operator must replace each placeholder with the
+ * exact byte-for-byte vendor root published at the URL in the comment.
+ * The test fabrication pattern (`buildFakeChain` in `__tests__`) does
+ * not need the real bytes — tests inject their own roots — so swapping
+ * in the real vendor PEMs is a mechanical operator task, not a code
+ * change. The drift gate `check-hardware-attestation-primitives` covers
+ * the parser / composer contract; the vendor-root swap is tracked in
+ * `docs/doctrine/hardware-attestation.md` §Non-goals.
+ */
+/**
+ * Infineon OPTIGA TPM 2.0 Endorsement Key Root CA.
+ *
+ * Published at: https://pki.infineon.com/OptigaEccRootCA/OptigaEccRootCA.crt
+ *
+ * Placeholder PEM — replace with the real vendor bytes before
+ * production rollout. Tests override via `rootPems` option.
+ */
+export declare const INFINEON_TPM_EK_ROOT_PEM = "-----BEGIN CERTIFICATE-----\nMIIBdjCCARygAwIBAgIJAIMw8f7k8+xyMAoGCCqGSM49BAMCMCIxIDAeBgNVBAMM\nF01vdGViaXQgSW5maW5lb24gUGxhY2Vob2xkZXIwHhcNMjYwNDIyMDAwMDAwWhcN\nNDYwNDIyMDAwMDAwWjAiMSAwHgYDVQQDDBdNb3RlYml0IEluZmluZW9uIFBsYWNl\naG9sZGVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKZ/4LNYqi/LAI4R6tS2K\nkRUnhkRzkYfi5hmz2E+35mqWVNqCb/FRhk6dEuxCNbwJxFPEK4Opf5lCOs0ZsRdF\n+KNCMEAwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQp3ojpUGm1YB9N+9lQHg0s\nVpSoBTAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0kAMEYCIQCjxfFCCf6t\nCpGcGc7Gsk8h2RFQ7CFW8NzkjuvUZZ7bwwIhAJ/CB4+XzV5EhcOf0qRZN8zmJb8G\nB9Z9EFcZ7Nt1l4Tn\n-----END CERTIFICATE-----\n";
+/**
+ * Nuvoton NPCT TPM 2.0 Endorsement Key Root CA.
+ *
+ * Published at: https://www.nuvoton.com/security/NTC-TPM-EK-Cert/Nuvoton TPM Root CA 2110.cer
+ *
+ * Placeholder PEM — replace with the real vendor bytes before
+ * production rollout. Tests override via `rootPems` option.
+ */
+export declare const NUVOTON_TPM_EK_ROOT_PEM = "-----BEGIN CERTIFICATE-----\nMIIBczCCARmgAwIBAgIJAL7X6p2yXxJJMAoGCCqGSM49BAMCMCAxHjAcBgNVBAMM\nFU1vdGViaXQgTnV2b3RvbiBQbGFjZWhvbGRlcjAeFw0yNjA0MjIwMDAwMDBaFw00\nNjA0MjIwMDAwMDBaMCAxHjAcBgNVBAMMFU1vdGViaXQgTnV2b3RvbiBQbGFjZWhv\nbGRlcjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJgPwHoU+cVjX3HzkXpEksdn\nf3KPRwMbFYvE3tkqDcW8JqzG8qO5VwPKFPwoAEE2C8dJpKHEk7fA4iGrSXz7x/6j\nQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUNskUYy3Uz8Tvuvbu/B5VTJA2\nlLcwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiAAbU6/dL06n8Cw\nCYI/rHo/cLWEFQKH5VnzDJH4RN5fIgIgAN0F3fYbTBa9H8OXCJdXUDxSDr2iT8E5\nVDz6f2s3uFo=\n-----END CERTIFICATE-----\n";
+/**
+ * STMicroelectronics ST33 TPM 2.0 Endorsement Key Root CA.
+ *
+ * Published at: https://sw-center.st.com/STM_ROOT_CA_2.crt
+ *
+ * Placeholder PEM — replace with the real vendor bytes before
+ * production rollout. Tests override via `rootPems` option.
+ */
+export declare const STMICRO_TPM_EK_ROOT_PEM = "-----BEGIN CERTIFICATE-----\nMIIBdDCCARqgAwIBAgIJAMZ4+9xZHMuaMAoGCCqGSM49BAMCMCExHzAdBgNVBAMM\nFk1vdGViaXQgU1RNaWNybyBQbGFjZWhvbGRlcjAeFw0yNjA0MjIwMDAwMDBaFw00\nNjA0MjIwMDAwMDBaMCExHzAdBgNVBAMMFk1vdGViaXQgU1RNaWNybyBQbGFjZWhv\nbGRlcjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLnK3t7y4JBJxzE0EFq+zsOV\n+m9n9D1YDUFb7k6hVIsKvfoH9o3rZkc4uRuSsz7fjC+IsKsMrJKXaU0mxH6ncjej\nQjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUe/x8wdJYzEypFT3M0K1Jy5C6\n1j8wDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiAc9Ln4qhL7fZ5c\noUbLFsTVTEc4aeBMkxqzLrJpZOYVegIgWSfLj2Q5CQ8OFvJx8fVDkxN9OXjYT6Jm\nH6Bvb0gQaG8=\n-----END CERTIFICATE-----\n";
+/**
+ * Intel PTT (Platform Trust Technology, firmware TPM inside Intel CSME)
+ * Endorsement Key Root CA.
+ *
+ * Published at: https://upgrades.intel.com/content/CRL/ekcert/EKRootPublicKey.cer
+ *
+ * Placeholder PEM — replace with the real vendor bytes before
+ * production rollout. Tests override via `rootPems` option.
+ */
+export declare const INTEL_PTT_EK_ROOT_PEM = "-----BEGIN CERTIFICATE-----\nMIIBcjCCARegAwIBAgIJAOQz8pPRrTIxMAoGCCqGSM49BAMCMB8xHTAbBgNVBAMM\nFE1vdGViaXQgSW50ZWwgUGxhY2Vob2xkZXIwHhcNMjYwNDIyMDAwMDAwWhcNNDYw\nNDIyMDAwMDAwWjAfMR0wGwYDVQQDDBRNb3RlYml0IEludGVsIFBsYWNlaG9sZGVy\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkxD3N3JQMgVV8gRZEiQLBPyxX5jw\nWHNJCt8Fc0BbzQZVZ6Vkg4J1oHkLXIpsWcNOwU1RXcE/Pzr2yIjTnJW2VKNCMEAw\nDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQxu9vHJmf+rQznfCVCd9vNQTRwPjAP\nBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0gAMEUCIQCbX9rmZqJgk7lYPXGj\nWBR+oXt4AYzQ8pQvTSfkG/DBYwIgEY/oKZl5QL3Jt7lJx6lJxF3vLkaKBnJ9t4K4\ngHQ4nCY=\n-----END CERTIFICATE-----\n";
+/**
+ * Default pinned-root set returned when a caller passes no `rootPems`
+ * override. Ordered by deployment prevalence — Infineon and Intel PTT
+ * together cover the vast majority of Windows 11 hosts; Nuvoton and
+ * STMicro cover most non-Intel Linux laptops.
+ */
+export declare const DEFAULT_PINNED_TPM_ROOTS: readonly string[];
+/**
+ * Sentinel value the consumer-facing verifier emits on a mint path
+ * where the Rust bridge returns a `not_supported` failure envelope.
+ * Exposed as a constant so call sites match on a named token rather
+ * than a raw string literal.
+ */
+export declare const TPM_PLATFORM: "tpm";
+//# sourceMappingURL=tpm-roots.d.ts.map

package/dist/tpm-roots.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tpm-roots.d.ts","sourceRoot":"","sources":["../src/tpm-roots.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AAEH;;;;;;;GAOG;AACH,eAAO,MAAM,wBAAwB,+lBAWpC,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,uBAAuB,2lBAWnC,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,uBAAuB,2lBAWnC,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,qBAAqB,ulBAWjC,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,wBAAwB,EAAE,SAAS,MAAM,EAKrD,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,YAAY,EAAG,KAAc,CAAC"}

package/dist/tpm-roots.js

@@ -0,0 +1,139 @@
+/**
+ * Pinned TPM 2.0 Endorsement-Key vendor root certificates.
+ *
+ * Every `platform: "tpm"` hardware-attestation claim must chain to one of
+ * the root CAs listed here. Pinning is the self-attesting contract — a
+ * verifier that dynamically fetched vendor CAs could not be reproduced
+ * by a third-party audit. By committing the exact bytes of the CAs we
+ * accept, anyone can audit this file, pin the same bytes in their own
+ * verifier, and reach the same yes/no answer.
+ *
+ * The TPM ecosystem is multi-vendor by design: every Windows 11 device
+ * ships with TPM 2.0 (Microsoft's mandatory requirement), every modern
+ * Linux-on-x86 laptop has one, every Mac with a T2 chip has one. Each
+ * vendor maintains a public CA bundle rooted at their Endorsement-Key
+ * issuer. The motebit policy pins the four most common:
+ *
+ *   - Infineon          (`OptigaTrustM`, `SLB966x` families)
+ *   - Nuvoton            (`NPCT7xx` family)
+ *   - STMicroelectronics (`ST33TPHF2ESPI`, `ST33HTPH2E32AHB3` families)
+ *   - Intel PTT          (firmware TPM bundled with Intel CSME)
+ *
+ * AMD fTPM (firmware TPM bundled with AMD PSP) uses a vendor-signed
+ * chain that roots to AMD's EK CA; that root is additive and lands in
+ * a subsequent pass once the first AMD-shaped test vector is captured.
+ *
+ * ## Operator follow-up — ship-blocking for production rollout
+ *
+ * The PEMs below are declared as exported constants so the test suite
+ * exercises the same chain-verification code path end-to-end. For a
+ * production ship, an operator must replace each placeholder with the
+ * exact byte-for-byte vendor root published at the URL in the comment.
+ * The test fabrication pattern (`buildFakeChain` in `__tests__`) does
+ * not need the real bytes — tests inject their own roots — so swapping
+ * in the real vendor PEMs is a mechanical operator task, not a code
+ * change. The drift gate `check-hardware-attestation-primitives` covers
+ * the parser / composer contract; the vendor-root swap is tracked in
+ * `docs/doctrine/hardware-attestation.md` §Non-goals.
+ */
+/**
+ * Infineon OPTIGA TPM 2.0 Endorsement Key Root CA.
+ *
+ * Published at: https://pki.infineon.com/OptigaEccRootCA/OptigaEccRootCA.crt
+ *
+ * Placeholder PEM — replace with the real vendor bytes before
+ * production rollout. Tests override via `rootPems` option.
+ */
+export const INFINEON_TPM_EK_ROOT_PEM = `-----BEGIN CERTIFICATE-----
+MIIBdjCCARygAwIBAgIJAIMw8f7k8+xyMAoGCCqGSM49BAMCMCIxIDAeBgNVBAMM
+F01vdGViaXQgSW5maW5lb24gUGxhY2Vob2xkZXIwHhcNMjYwNDIyMDAwMDAwWhcN
+NDYwNDIyMDAwMDAwWjAiMSAwHgYDVQQDDBdNb3RlYml0IEluZmluZW9uIFBsYWNl
+aG9sZGVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKZ/4LNYqi/LAI4R6tS2K
+kRUnhkRzkYfi5hmz2E+35mqWVNqCb/FRhk6dEuxCNbwJxFPEK4Opf5lCOs0ZsRdF
++KNCMEAwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQp3ojpUGm1YB9N+9lQHg0s
+VpSoBTAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0kAMEYCIQCjxfFCCf6t
+CpGcGc7Gsk8h2RFQ7CFW8NzkjuvUZZ7bwwIhAJ/CB4+XzV5EhcOf0qRZN8zmJb8G
+B9Z9EFcZ7Nt1l4Tn
+-----END CERTIFICATE-----
+`;
+/**
+ * Nuvoton NPCT TPM 2.0 Endorsement Key Root CA.
+ *
+ * Published at: https://www.nuvoton.com/security/NTC-TPM-EK-Cert/Nuvoton TPM Root CA 2110.cer
+ *
+ * Placeholder PEM — replace with the real vendor bytes before
+ * production rollout. Tests override via `rootPems` option.
+ */
+export const NUVOTON_TPM_EK_ROOT_PEM = `-----BEGIN CERTIFICATE-----
+MIIBczCCARmgAwIBAgIJAL7X6p2yXxJJMAoGCCqGSM49BAMCMCAxHjAcBgNVBAMM
+FU1vdGViaXQgTnV2b3RvbiBQbGFjZWhvbGRlcjAeFw0yNjA0MjIwMDAwMDBaFw00
+NjA0MjIwMDAwMDBaMCAxHjAcBgNVBAMMFU1vdGViaXQgTnV2b3RvbiBQbGFjZWhv
+bGRlcjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJgPwHoU+cVjX3HzkXpEksdn
+f3KPRwMbFYvE3tkqDcW8JqzG8qO5VwPKFPwoAEE2C8dJpKHEk7fA4iGrSXz7x/6j
+QjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUNskUYy3Uz8Tvuvbu/B5VTJA2
+lLcwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiAAbU6/dL06n8Cw
+CYI/rHo/cLWEFQKH5VnzDJH4RN5fIgIgAN0F3fYbTBa9H8OXCJdXUDxSDr2iT8E5
+VDz6f2s3uFo=
+-----END CERTIFICATE-----
+`;
+/**
+ * STMicroelectronics ST33 TPM 2.0 Endorsement Key Root CA.
+ *
+ * Published at: https://sw-center.st.com/STM_ROOT_CA_2.crt
+ *
+ * Placeholder PEM — replace with the real vendor bytes before
+ * production rollout. Tests override via `rootPems` option.
+ */
+export const STMICRO_TPM_EK_ROOT_PEM = `-----BEGIN CERTIFICATE-----
+MIIBdDCCARqgAwIBAgIJAMZ4+9xZHMuaMAoGCCqGSM49BAMCMCExHzAdBgNVBAMM
+Fk1vdGViaXQgU1RNaWNybyBQbGFjZWhvbGRlcjAeFw0yNjA0MjIwMDAwMDBaFw00
+NjA0MjIwMDAwMDBaMCExHzAdBgNVBAMMFk1vdGViaXQgU1RNaWNybyBQbGFjZWhv
+bGRlcjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABLnK3t7y4JBJxzE0EFq+zsOV
++m9n9D1YDUFb7k6hVIsKvfoH9o3rZkc4uRuSsz7fjC+IsKsMrJKXaU0mxH6ncjej
+QjBAMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUe/x8wdJYzEypFT3M0K1Jy5C6
+1j8wDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiAc9Ln4qhL7fZ5c
+oUbLFsTVTEc4aeBMkxqzLrJpZOYVegIgWSfLj2Q5CQ8OFvJx8fVDkxN9OXjYT6Jm
+H6Bvb0gQaG8=
+-----END CERTIFICATE-----
+`;
+/**
+ * Intel PTT (Platform Trust Technology, firmware TPM inside Intel CSME)
+ * Endorsement Key Root CA.
+ *
+ * Published at: https://upgrades.intel.com/content/CRL/ekcert/EKRootPublicKey.cer
+ *
+ * Placeholder PEM — replace with the real vendor bytes before
+ * production rollout. Tests override via `rootPems` option.
+ */
+export const INTEL_PTT_EK_ROOT_PEM = `-----BEGIN CERTIFICATE-----
+MIIBcjCCARegAwIBAgIJAOQz8pPRrTIxMAoGCCqGSM49BAMCMB8xHTAbBgNVBAMM
+FE1vdGViaXQgSW50ZWwgUGxhY2Vob2xkZXIwHhcNMjYwNDIyMDAwMDAwWhcNNDYw
+NDIyMDAwMDAwWjAfMR0wGwYDVQQDDBRNb3RlYml0IEludGVsIFBsYWNlaG9sZGVy
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkxD3N3JQMgVV8gRZEiQLBPyxX5jw
+WHNJCt8Fc0BbzQZVZ6Vkg4J1oHkLXIpsWcNOwU1RXcE/Pzr2yIjTnJW2VKNCMEAw
+DgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQxu9vHJmf+rQznfCVCd9vNQTRwPjAP
+BgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0gAMEUCIQCbX9rmZqJgk7lYPXGj
+WBR+oXt4AYzQ8pQvTSfkG/DBYwIgEY/oKZl5QL3Jt7lJx6lJxF3vLkaKBnJ9t4K4
+gHQ4nCY=
+-----END CERTIFICATE-----
+`;
+/**
+ * Default pinned-root set returned when a caller passes no `rootPems`
+ * override. Ordered by deployment prevalence — Infineon and Intel PTT
+ * together cover the vast majority of Windows 11 hosts; Nuvoton and
+ * STMicro cover most non-Intel Linux laptops.
+ */
+export const DEFAULT_PINNED_TPM_ROOTS = [
+    INFINEON_TPM_EK_ROOT_PEM,
+    NUVOTON_TPM_EK_ROOT_PEM,
+    STMICRO_TPM_EK_ROOT_PEM,
+    INTEL_PTT_EK_ROOT_PEM,
+];
+/**
+ * Sentinel value the consumer-facing verifier emits on a mint path
+ * where the Rust bridge returns a `not_supported` failure envelope.
+ * Exposed as a constant so call sites match on a named token rather
+ * than a raw string literal.
+ */
+export const TPM_PLATFORM = "tpm";
+//# sourceMappingURL=tpm-roots.js.map

package/dist/tpm-roots.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tpm-roots.js","sourceRoot":"","sources":["../src/tpm-roots.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AAEH;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAG;;;;;;;;;;;CAWvC,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG;;;;;;;;;;;CAWtC,CAAC;AAEF;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG;;;;;;;;;;;CAWtC,CAAC;AAEF;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG;;;;;;;;;;;CAWpC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,CAAC,MAAM,wBAAwB,GAAsB;IACzD,wBAAwB;IACxB,uBAAuB;IACvB,uBAAuB;IACvB,qBAAqB;CACtB,CAAC;AAEF;;;;;GAKG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,KAAc,CAAC"}

package/dist/verify.d.ts

@@ -0,0 +1,99 @@
+/**
+ * TPM 2.0 quote verifier — the core judgment function this package
+ * exports.
+ *
+ * Flow (matches the TCG verification recipe for TPM2_Quote, plus the
+ * motebit-specific identity-key binding step):
+ *
+ *   1. Split the receipt into (tpmsAttestBase64, signatureBase64,
+ *      akCertDerBase64, intermediateCertsDerBase64Joined).
+ *   2. Parse the TPMS_ATTEST bytes. Assert magic = TPM_GENERATED_VALUE
+ *      and type = TPM_ST_ATTEST_QUOTE.
+ *   3. Parse the AK leaf + any intermediates as X.509. Walk the chain
+ *      from AK leaf → intermediate → vendor root. Every non-leaf must
+ *      carry `basicConstraints.cA === true`. Every signature must
+ *      verify under its issuer's public key. Every validity window
+ *      must include `now`. The terminal cert's DER must byte-equal
+ *      ONE of the pinned vendor roots.
+ *   4. Verify the AK signature over SHA-256(TPMS_ATTEST_BYTES) using
+ *      the AK certificate's public key.
+ *   5. Re-derive `extraData` from the JCS-canonical body
+ *      {attested_at, device_id, identity_public_key, motebit_id,
+ *      platform: "tpm", version: "1"} — SHA-256 of the canonical body
+ *      — and byte-compare against the transmitted `extraData`. This is
+ *      the cross-stack binding — without it every other step would
+ *      prove only that *some* TPM-enrolled device did something, not
+ *      that the Ed25519 key the credential subject claims is bound
+ *      to that device.
+ *
+ * The TPM's own EK certificate provisioning path is NOT verified here
+ * — that would require contacting the vendor's EK provisioning service
+ * and is out of scope for v1. The outer chain + extraData binding is
+ * enough for third-party self-verification of TPM-attested identity.
+ */
+import type { HardwareAttestationClaim } from "@motebit/protocol";
+export interface TpmVerifyOptions {
+    /**
+     * Ed25519 identity key (lowercase hex) the motebit VC claims. The
+     * TPM quote's extraData MUST bind this key.
+     */
+    readonly expectedIdentityPublicKeyHex: string;
+    /**
+     * motebit_id from the credential subject. Participates in the JCS
+     * body the Rust bridge hashes into extraData; re-derived here and
+     * byte-compared against the transmitted extraData so a malicious
+     * native client cannot substitute a different body.
+     */
+    readonly expectedMotebitId?: string;
+    /**
+     * device_id from the credential subject. Same binding role as
+     * `expectedMotebitId`.
+     */
+    readonly expectedDeviceId?: string;
+    /**
+     * `attested_at` (unix ms) from the credential subject. Same binding
+     * role as `expectedMotebitId`.
+     */
+    readonly expectedAttestedAt?: number;
+    /**
+     * Override the pinned vendor roots. Tests fabricate their own root
+     * so chain verification exercises the same code path without needing
+     * real vendor-signed leaves. Defaults to `DEFAULT_PINNED_TPM_ROOTS`.
+     */
+    readonly rootPems?: readonly string[];
+    /**
+     * Clock for chain-validity checks. Defaults to `Date.now`. Tests
+     * inject a fixed clock to keep certificate validity windows
+     * deterministic.
+     */
+    readonly now?: () => number;
+}
+export interface TpmVerifyError {
+    readonly message: string;
+}
+export interface TpmVerifyResult {
+    readonly valid: boolean;
+    readonly cert_chain_valid: boolean;
+    readonly quote_signature_valid: boolean;
+    readonly quote_shape_valid: boolean;
+    readonly identity_bound: boolean;
+    readonly errors: readonly TpmVerifyError[];
+}
+/**
+ * TPM 2.0 quote verifier.
+ *
+ * Pure. No network. No filesystem. Deterministic given `now()`.
+ *
+ * `claim` is the `HardwareAttestationClaim` as carried inside the
+ * motebit AgentTrustCredential. For TPM, the `attestation_receipt`
+ * field is expected to be four base64url segments separated by `.`:
+ *
+ *   `{tpmsAttestB64}.{signatureB64}.{akCertDerB64}.{intermediatesJoinedB64}`
+ *
+ * `intermediatesJoinedB64` may itself be an empty segment (`""`) when
+ * the AK cert chains directly to a pinned root, or a `,`-joined
+ * concatenation of base64url-encoded DER intermediates in leaf-
+ * proximal-first order otherwise.
+ */
+export declare function verifyTpmQuote(claim: HardwareAttestationClaim, opts: TpmVerifyOptions): Promise<TpmVerifyResult>;
+//# sourceMappingURL=verify.d.ts.map

package/dist/verify.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../src/verify.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAIH,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,mBAAmB,CAAC;AAKlE,MAAM,WAAW,gBAAgB;IAC/B;;;OAGG;IACH,QAAQ,CAAC,4BAA4B,EAAE,MAAM,CAAC;IAC9C;;;;;OAKG;IACH,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IACpC;;;OAGG;IACH,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IACnC;;;OAGG;IACH,QAAQ,CAAC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IACrC;;;;OAIG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACtC;;;;OAIG;IACH,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,MAAM,CAAC;CAC7B;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,gBAAgB,EAAE,OAAO,CAAC;IACnC,QAAQ,CAAC,qBAAqB,EAAE,OAAO,CAAC;IACxC,QAAQ,CAAC,iBAAiB,EAAE,OAAO,CAAC;IACpC,QAAQ,CAAC,cAAc,EAAE,OAAO,CAAC;IACjC,QAAQ,CAAC,MAAM,EAAE,SAAS,cAAc,EAAE,CAAC;CAC5C;AAKD;;;;;;;;;;;;;;;GAeG;AACH,wBAAsB,cAAc,CAClC,KAAK,EAAE,wBAAwB,EAC/B,IAAI,EAAE,gBAAgB,GACrB,OAAO,CAAC,eAAe,CAAC,CA0M1B"}