attest-tpm 1.0.1 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/Readme.md +5 -7
  2. package/attest-tpm.mjs +206 -235
  3. package/package.json +2 -2
package/Readme.md CHANGED
@@ -65,13 +65,11 @@ import * as attestTPM from "attest-tpm"
65
65
  let responseContent
66
66
 
67
67
  if (request.method?.[3]) {
68
- for await (const content of request) {
69
- responseContent = (await attestTPM.authorityIssue(
70
- authorityCers.Intermediate,
71
- content,
72
- signCer
73
- )).response
74
- }
68
+ responseContent = (await attestTPM.authorityIssue(
69
+ authorityCers.Intermediate,
70
+ (await request.toArray())[0],
71
+ signCer
72
+ )).response
75
73
  } else {
76
74
  responseContent = authorityCers["Trusted Root"]
77
75
  }
package/attest-tpm.mjs CHANGED
@@ -1,5 +1,5 @@
1
1
  import koffi from "koffi"
2
- /**@import os from "os"*/
2
+ /**@import v8 from "v8"*/
3
3
 
4
4
  const authorityFields = {
5
5
  /**The Trusted Root certificate's Issued by and Issued to and the Intermediate certificate's Issued by.*/ "Issued by": "",
@@ -139,53 +139,37 @@ const createCer = async (/**@type {number[]}*/ Issuer, /**@type {number[]}*/ Val
139
139
  ...prependLength([
140
140
  0,
141
141
  48,
142
- 128,
143
- 2,
144
- ...prependLength(Array.from(
145
- Publickey,
146
- (character) => {
147
- return character.charCodeAt(0)
148
- }
149
- )),
150
- 2,
151
- 3,
152
- 1,
153
- 0,
154
- 1,
155
- 0,
156
- 0
142
+ ...prependLength([
143
+ 2,
144
+ ...prependLength(Array.from(
145
+ Publickey,
146
+ (character) => {
147
+ return character.charCodeAt(0)
148
+ }
149
+ )),
150
+ 2,
151
+ 3,
152
+ 1,
153
+ 0,
154
+ 1
155
+ ])
157
156
  ])
158
157
  ]),
159
158
  163,
160
- 128,
161
- 48,
162
- 128,
163
- 48,
164
- ...Fields,
165
- 48,
166
- 14,
167
- 6,
168
- 3,
169
- 85,
170
- 29,
171
- 15,
172
- 1,
173
- 1,
174
- 255,
175
- 4,
176
- 4,
177
- 3,
178
- 2,
179
- 0,
180
- KeyUsage,
181
- 0,
182
- 0,
183
- 0,
184
- 0
159
+ ...prependLength([
160
+ 48,
161
+ ...prependLength([48, ...Fields, 48, 14, 6, 3, 85, 29, 15, 1, 1, 255, 4, 4, 3, 2, 0, KeyUsage])
162
+ ])
185
163
  ])
186
164
  ])
187
165
 
188
- return { cer: Uint8Array.from([48, 128, ...Details, 48, 11, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 11, 3, 130, 2, 1, 0, ...new Uint8Array(await sign(Details.buffer)), 0, 0]), "Serial number": Serialnumber }
166
+ return {
167
+ cer: Uint8Array.from([
168
+ 48,
169
+ ...prependLength([...Details, 48, 11, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 11, 3, 130, 2, 1, 0, ...new Uint8Array(await sign(Details.buffer))])
170
+ ]),
171
+ "Serial number": Serialnumber
172
+ }
189
173
  }
190
174
 
191
175
  const OnlineCertificateStatusProtocol = (/**@type {string}*/ URL) => {
@@ -222,56 +206,54 @@ const signingFields = (/**@type {number[]}*/ AuthorityInformationAccess, /**@typ
222
206
  }
223
207
 
224
208
  return [
225
- 128,
226
- 6,
227
- 8,
228
- 43,
229
- 6,
230
- 1,
231
- 5,
232
- 5,
233
- 7,
234
- 1,
235
- 1,
236
- 4,
237
- ...prependLength([48, 128, ...AuthorityInformationAccess, 0, 0]),
238
- 0,
239
- 0,
209
+ ...prependLength([
210
+ 6,
211
+ 8,
212
+ 43,
213
+ 6,
214
+ 1,
215
+ 5,
216
+ 5,
217
+ 7,
218
+ 1,
219
+ 1,
220
+ 4,
221
+ ...prependLength([48, 128, ...AuthorityInformationAccess, 0, 0])
222
+ ]),
240
223
  48,
241
- 128,
242
- 6,
243
- 3,
244
- 85,
245
- 29,
246
- 31,
247
- 4,
248
224
  ...prependLength([
249
- 48,
250
- 128,
251
- 48,
252
- 128,
253
- 160,
254
- 128,
255
- 160,
256
- 128,
257
- 134,
258
- ...prependLength(Array.from(
259
- URL,
260
- (character) => {
261
- return character.charCodeAt(0)
262
- }
263
- )),
264
- 0,
265
- 0,
266
- 0,
267
- 0,
268
- 0,
269
- 0,
270
- 0,
271
- 0
225
+ 6,
226
+ 3,
227
+ 85,
228
+ 29,
229
+ 31,
230
+ 4,
231
+ ...prependLength([
232
+ 48,
233
+ 128,
234
+ 48,
235
+ 128,
236
+ 160,
237
+ 128,
238
+ 160,
239
+ 128,
240
+ 134,
241
+ ...prependLength(Array.from(
242
+ URL,
243
+ (character) => {
244
+ return character.charCodeAt(0)
245
+ }
246
+ )),
247
+ 0,
248
+ 0,
249
+ 0,
250
+ 0,
251
+ 0,
252
+ 0,
253
+ 0,
254
+ 0
255
+ ])
272
256
  ]),
273
- 0,
274
- 0,
275
257
  48,
276
258
  19,
277
259
  6,
@@ -975,16 +957,15 @@ export const /**Use the TPM to decrypt a Code Signing certificate.*/ tpmDecrypt
975
957
  7,
976
958
  1,
977
959
  160,
978
- 128,
979
- ...new Uint8Array(decryptedCer),
980
- ...Array.from(
981
- Intermediate,
982
- (character) => {
983
- return character.charCodeAt(0)
984
- }
985
- ),
986
- 0,
987
- 0,
960
+ ...prependLength([
961
+ ...new Uint8Array(decryptedCer),
962
+ ...Array.from(
963
+ Intermediate,
964
+ (character) => {
965
+ return character.charCodeAt(0)
966
+ }
967
+ )
968
+ ]),
988
969
  49,
989
970
  0,
990
971
  0,
@@ -1107,141 +1088,131 @@ export const /**Use the TPM to sign an `.exe`.*/ tpmSign = async (
1107
1088
 
1108
1089
  const DigitalSignature = [
1109
1090
  48,
1110
- 128,
1111
- 6,
1112
- 9,
1113
- 42,
1114
- 134,
1115
- 72,
1116
- 134,
1117
- 247,
1118
- 13,
1119
- 1,
1120
- 7,
1121
- 2,
1122
- 160,
1123
- 128,
1124
- 48,
1125
- 128,
1126
- 2,
1127
- 1,
1128
- 0,
1129
- 49,
1130
- 13,
1131
- 48,
1132
- 11,
1133
- 6,
1134
- 9,
1135
- 96,
1136
- 134,
1137
- 72,
1138
- 1,
1139
- 101,
1140
- 3,
1141
- 4,
1142
- 2,
1143
- 1,
1144
- 48,
1145
- 81,
1146
- 6,
1147
- 10,
1148
- 43,
1149
- 6,
1150
- 1,
1151
- 4,
1152
- 1,
1153
- 130,
1154
- 55,
1155
- 2,
1156
- 1,
1157
- 4,
1158
- 160,
1159
- 67,
1160
- 48,
1161
- 65,
1162
- ...signatureDigest,
1163
- ...p7bCers.asn,
1164
- 49,
1165
- 128,
1166
- 48,
1167
- 128,
1168
- 2,
1169
- 1,
1170
- 0,
1171
- 48,
1172
- 128,
1173
- ...p7bCers.children[0].children[0].children[3].asn,
1174
- ...p7bCers.children[0].children[0].children[1].asn,
1175
- 0,
1176
- 0,
1177
- 48,
1178
- 11,
1179
- 6,
1180
- 9,
1181
- 96,
1182
- 134,
1183
- 72,
1184
- 1,
1185
- 101,
1186
- 3,
1187
- 4,
1188
- 2,
1189
- 1,
1190
- 160,
1191
- ...Authenticatedattributes,
1192
- 48,
1193
- 11,
1194
- 6,
1195
- 9,
1196
- 42,
1197
- 134,
1198
- 72,
1199
- 134,
1200
- 247,
1201
- 13,
1202
- 1,
1203
- 1,
1204
- 1,
1205
- 4,
1206
- 130,
1207
- 1,
1208
- 128,
1209
- ...encryptedAttributes,
1210
- 161,
1211
- 128,
1212
- 48,
1213
- 128,
1214
- 6,
1215
- 10,
1216
- 43,
1217
- 6,
1218
- 1,
1219
- 4,
1220
- 1,
1221
- 130,
1222
- 55,
1223
- 3,
1224
- 3,
1225
- 1,
1226
- 49,
1227
- 128,
1228
- ...(await (await fetch("https://timestamp.acs.microsoft.com", { method: "POST", body: Uint8Array.from([48, 55, 2, 1, 0, 48, 47, 48, 11, 6, 9, 96, 134, 72, 1, 101, 3, 4, 2, 1, 4, 32, ...new Uint8Array(await crypto.subtle.digest("sha-256", encryptedAttributes)), 1, 1, 255]) })).bytes()).slice(9),
1229
- 0,
1230
- 0,
1231
- 0,
1232
- 0,
1233
- 0,
1234
- 0,
1235
- 0,
1236
- 0,
1237
- 0,
1238
- 0,
1239
- 0,
1240
- 0,
1241
- 0,
1242
- 0,
1243
- 0,
1244
- 0
1091
+ ...prependLength([
1092
+ 6,
1093
+ 9,
1094
+ 42,
1095
+ 134,
1096
+ 72,
1097
+ 134,
1098
+ 247,
1099
+ 13,
1100
+ 1,
1101
+ 7,
1102
+ 2,
1103
+ 160,
1104
+ ...prependLength([
1105
+ 48,
1106
+ ...prependLength([
1107
+ 2,
1108
+ 1,
1109
+ 0,
1110
+ 49,
1111
+ 13,
1112
+ 48,
1113
+ 11,
1114
+ 6,
1115
+ 9,
1116
+ 96,
1117
+ 134,
1118
+ 72,
1119
+ 1,
1120
+ 101,
1121
+ 3,
1122
+ 4,
1123
+ 2,
1124
+ 1,
1125
+ 48,
1126
+ 81,
1127
+ 6,
1128
+ 10,
1129
+ 43,
1130
+ 6,
1131
+ 1,
1132
+ 4,
1133
+ 1,
1134
+ 130,
1135
+ 55,
1136
+ 2,
1137
+ 1,
1138
+ 4,
1139
+ 160,
1140
+ 67,
1141
+ 48,
1142
+ 65,
1143
+ ...signatureDigest,
1144
+ ...p7bCers.asn,
1145
+ 49,
1146
+ ...prependLength([
1147
+ 48,
1148
+ ...prependLength([
1149
+ 2,
1150
+ 1,
1151
+ 0,
1152
+ 48,
1153
+ ...prependLength([...p7bCers.children[0].children[0].children[3].asn, ...p7bCers.children[0].children[0].children[1].asn]),
1154
+ 48,
1155
+ 11,
1156
+ 6,
1157
+ 9,
1158
+ 96,
1159
+ 134,
1160
+ 72,
1161
+ 1,
1162
+ 101,
1163
+ 3,
1164
+ 4,
1165
+ 2,
1166
+ 1,
1167
+ 160,
1168
+ ...Authenticatedattributes,
1169
+ 48,
1170
+ 11,
1171
+ 6,
1172
+ 9,
1173
+ 42,
1174
+ 134,
1175
+ 72,
1176
+ 134,
1177
+ 247,
1178
+ 13,
1179
+ 1,
1180
+ 1,
1181
+ 1,
1182
+ 4,
1183
+ 130,
1184
+ 1,
1185
+ 128,
1186
+ ...encryptedAttributes,
1187
+ 161,
1188
+ ...prependLength([
1189
+ 48,
1190
+ 128,
1191
+ 6,
1192
+ 10,
1193
+ 43,
1194
+ 6,
1195
+ 1,
1196
+ 4,
1197
+ 1,
1198
+ 130,
1199
+ 55,
1200
+ 3,
1201
+ 3,
1202
+ 1,
1203
+ 49,
1204
+ 128,
1205
+ ...(await (await fetch("https://timestamp.acs.microsoft.com", { method: "POST", body: Uint8Array.from([48, 55, 2, 1, 0, 48, 47, 48, 11, 6, 9, 96, 134, 72, 1, 101, 3, 4, 2, 1, 4, 32, ...new Uint8Array(await crypto.subtle.digest("sha-256", encryptedAttributes)), 1, 1, 255]) })).bytes()).slice(9),
1206
+ 0,
1207
+ 0,
1208
+ 0,
1209
+ 0
1210
+ ])
1211
+ ])
1212
+ ])
1213
+ ])
1214
+ ])
1215
+ ])
1245
1216
  ]
1246
1217
 
1247
1218
  const lengthBytes = new Uint8Array(4)
@@ -1249,7 +1220,7 @@ export const /**Use the TPM to sign an `.exe`.*/ tpmSign = async (
1249
1220
  const signaturesLength = new Uint8Array(2)
1250
1221
  const signatureLength = new Uint8Array(2)
1251
1222
  new DataView(signatureLength.buffer).setUint16(0, DigitalSignature.length + 8, true)
1252
- const DigitalSignatures = [...signatureLength, 0, 0, 0, 0, 2, 0, ...DigitalSignature, ...Array(8 * Math.ceil(DigitalSignature.length / 8) - DigitalSignature.length)]
1223
+ const DigitalSignatures = [...signatureLength, 0, 0, 0, 2, 2, 0, ...DigitalSignature, ...Array(8 * Math.ceil(DigitalSignature.length / 8) - DigitalSignature.length)]
1253
1224
  new DataView(signaturesLength.buffer).setUint16(0, DigitalSignatures.length, true)
1254
1225
  return Uint8Array.from([...exeHeader, ...lengthBytes, ...signaturesLength, 0, 0, ...exeContent, ...DigitalSignatures])
1255
1226
  }
package/package.json CHANGED
@@ -1,8 +1,8 @@
1
1
  {
2
2
  "name": "attest-tpm",
3
3
  "description": "Hardware protected Code Signing without USB tokens. Run a CA/B compliant Code Signing certificate authority that requires Trusted Platform Module key attestation, or use your TPM to obtain a certificate from such an authority and sign `.exe` files.",
4
- "version": "1.0.1",
5
- "dependencies": { "koffi": "2.15.1" },
4
+ "version": "1.0.2",
5
+ "dependencies": { "koffi": "2.16.2" },
6
6
  "repository": { "url": "git+https://github.com/epistemancering/attest-tpm.git" },
7
7
  "main": "attest-tpm.mjs"
8
8
  }