class TPM::CertifyValidator

Constants

TPM_HASH_ALG_TO_OPENSSL
TPM_SIGNATURE_ALG_TO_OPENSSL

Attributes

hash_algorithm[R]
info[R]
nonce[R]
public_area[R]
signature[R]
signature_algorithm[R]

Public Class Methods

new(info, signature, nonce, public_area, signature_algorithm: ALG_RSASSA, hash_algorithm: ALG_SHA256) click to toggle source
# File lib/tpm/certify_validator.rb, line 24
def initialize(info, signature, nonce, public_area, signature_algorithm: ALG_RSASSA, hash_algorithm: ALG_SHA256)
  @info = info
  @signature = signature
  @nonce = nonce
  @public_area = public_area
  @signature_algorithm = signature_algorithm
  @hash_algorithm = hash_algorithm
end

Public Instance Methods

valid?(signing_key) click to toggle source
# File lib/tpm/certify_validator.rb, line 33
def valid?(signing_key)
  valid_info? && valid_signature?(signing_key)
end

Private Instance Methods

attest() click to toggle source
# File lib/tpm/certify_validator.rb, line 54
def attest
  @attest ||= TPM::SAttest.deserialize(info)
end
openssl_hash_function() click to toggle source
# File lib/tpm/certify_validator.rb, line 68
def openssl_hash_function
  TPM_HASH_ALG_TO_OPENSSL[hash_algorithm] || raise("Unsupported hash algorithm #{hash_algorithm}")
end
openssl_signature_algorithm_class() click to toggle source
# File lib/tpm/certify_validator.rb, line 72
def openssl_signature_algorithm_class
  TPM_SIGNATURE_ALG_TO_OPENSSL[signature_algorithm] ||
    raise("Unsupported signature algorithm #{signature_algorithm}")
end
openssl_signature_algorithm_parameters() click to toggle source
# File lib/tpm/certify_validator.rb, line 58
def openssl_signature_algorithm_parameters
  parameters = { hash_function: openssl_hash_function }

  if public_area.ecc?
    parameters[:curve] = public_area.openssl_curve_name
  end

  parameters
end
valid_info?() click to toggle source
# File lib/tpm/certify_validator.rb, line 39
def valid_info?
  attest.attested_type == TPM::ST_ATTEST_CERTIFY &&
    attest.extra_data.buffer == nonce &&
    attest.magic == TPM::GENERATED_VALUE &&
    attest.attested.name.valid_for?(public_area.name)
end
valid_signature?(verify_key) click to toggle source
# File lib/tpm/certify_validator.rb, line 46
def valid_signature?(verify_key)
  openssl_signature_algorithm = openssl_signature_algorithm_class.new(**openssl_signature_algorithm_parameters)
  openssl_signature_algorithm.verify_key = verify_key
  openssl_signature_algorithm.verify(signature, info)
rescue OpenSSL::SignatureAlgorithm::Error
  false
end