class WebAuthn::AttestationStatement::TPM
Constants
- COSE_ALG_TO_TPM
- TPM_V2
Public Instance Methods
valid?(authenticator_data, client_data_hash)
click to toggle source
# File lib/webauthn/attestation_statement/tpm.rb, line 20 def valid?(authenticator_data, client_data_hash) attestation_type == ATTESTATION_TYPE_ATTCA && ver == TPM_V2 && valid_key_attestation?( authenticator_data.data + client_data_hash, authenticator_data.credential.public_key_object, authenticator_data.aaguid ) && matching_aaguid?(authenticator_data.attested_credential_data.raw_aaguid) && trustworthy?(aaguid: authenticator_data.aaguid) && [attestation_type, attestation_trust_path] end
Private Instance Methods
attestation_type()
click to toggle source
# File lib/webauthn/attestation_statement/tpm.rb, line 72 def attestation_type if raw_certificates ATTESTATION_TYPE_ATTCA else raise "Attestation type invalid" end end
cose_algorithm()
click to toggle source
# File lib/webauthn/attestation_statement/tpm.rb, line 68 def cose_algorithm @cose_algorithm ||= COSE::Algorithm.find(algorithm) end
default_root_certificates()
click to toggle source
# File lib/webauthn/attestation_statement/tpm.rb, line 56 def default_root_certificates ::TPM::KeyAttestation::ROOT_CERTIFICATES end
tpm_algorithm()
click to toggle source
# File lib/webauthn/attestation_statement/tpm.rb, line 60 def tpm_algorithm COSE_ALG_TO_TPM[cose_algorithm.name] || raise("Unsupported algorithm #{cose_algorithm.name}") end
valid_certificate_chain?(**_)
click to toggle source
# File lib/webauthn/attestation_statement/tpm.rb, line 51 def valid_certificate_chain?(**_) # Already performed as part of #valid_key_attestation? true end
valid_key_attestation?(certified_extra_data, key, aaguid)
click to toggle source
# File lib/webauthn/attestation_statement/tpm.rb, line 35 def valid_key_attestation?(certified_extra_data, key, aaguid) key_attestation = ::TPM::KeyAttestation.new( statement["certInfo"], signature, statement["pubArea"], certificates, OpenSSL::Digest.digest(cose_algorithm.hash_function, certified_extra_data), signature_algorithm: tpm_algorithm[:signature], hash_algorithm: tpm_algorithm[:hash], root_certificates: root_certificates(aaguid: aaguid) ) key_attestation.valid? && key_attestation.key && key_attestation.key.to_pem == key.to_pem end
ver()
click to toggle source
# File lib/webauthn/attestation_statement/tpm.rb, line 64 def ver statement["ver"] end