class TPM::CertifyValidator
Constants
- TPM_HASH_ALG_TO_OPENSSL
- TPM_SIGNATURE_ALG_TO_OPENSSL
Attributes
hash_algorithm[R]
info[R]
nonce[R]
public_area[R]
signature[R]
signature_algorithm[R]
Public Class Methods
new(info, signature, nonce, public_area, signature_algorithm: ALG_RSASSA, hash_algorithm: ALG_SHA256)
click to toggle source
# File lib/tpm/certify_validator.rb, line 24 def initialize(info, signature, nonce, public_area, signature_algorithm: ALG_RSASSA, hash_algorithm: ALG_SHA256) @info = info @signature = signature @nonce = nonce @public_area = public_area @signature_algorithm = signature_algorithm @hash_algorithm = hash_algorithm end
Public Instance Methods
valid?(signing_key)
click to toggle source
# File lib/tpm/certify_validator.rb, line 33 def valid?(signing_key) valid_info? && valid_signature?(signing_key) end
Private Instance Methods
attest()
click to toggle source
# File lib/tpm/certify_validator.rb, line 54 def attest @attest ||= TPM::SAttest.deserialize(info) end
openssl_hash_function()
click to toggle source
# File lib/tpm/certify_validator.rb, line 68 def openssl_hash_function TPM_HASH_ALG_TO_OPENSSL[hash_algorithm] || raise("Unsupported hash algorithm #{hash_algorithm}") end
openssl_signature_algorithm_class()
click to toggle source
# File lib/tpm/certify_validator.rb, line 72 def openssl_signature_algorithm_class TPM_SIGNATURE_ALG_TO_OPENSSL[signature_algorithm] || raise("Unsupported signature algorithm #{signature_algorithm}") end
openssl_signature_algorithm_parameters()
click to toggle source
# File lib/tpm/certify_validator.rb, line 58 def openssl_signature_algorithm_parameters parameters = { hash_function: openssl_hash_function } if public_area.ecc? parameters[:curve] = public_area.openssl_curve_name end parameters end
valid_info?()
click to toggle source
# File lib/tpm/certify_validator.rb, line 39 def valid_info? attest.attested_type == TPM::ST_ATTEST_CERTIFY && attest.extra_data.buffer == nonce && attest.magic == TPM::GENERATED_VALUE && attest.attested.name.valid_for?(public_area.name) end
valid_signature?(verify_key)
click to toggle source
# File lib/tpm/certify_validator.rb, line 46 def valid_signature?(verify_key) openssl_signature_algorithm = openssl_signature_algorithm_class.new(**openssl_signature_algorithm_parameters) openssl_signature_algorithm.verify_key = verify_key openssl_signature_algorithm.verify(signature, info) rescue OpenSSL::SignatureAlgorithm::Error false end