diff --git a/Gemfile.lock b/Gemfile.lock index 72106be..2042a7f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - tpm-key_attestation (0.12.1) + tpm-key_attestation (0.13.1) bindata (~> 2.4) openssl (> 2.0) openssl-signature_algorithm (~> 1.0) diff --git a/lib/tpm/t_public.rb b/lib/tpm/t_public.rb index 8a71dc3..a1be2b8 100644 --- a/lib/tpm/t_public.rb +++ b/lib/tpm/t_public.rb @@ -99,6 +99,8 @@ def ecc_key OpenSSL::PKey::EC.new(asn1.to_der) end + rescue OpenSSL::PKey::EC::Point::Error + nil end def rsa_key diff --git a/spec/tpm/key_attestation_spec.rb b/spec/tpm/key_attestation_spec.rb index 088b062..e00ff92 100644 --- a/spec/tpm/key_attestation_spec.rb +++ b/spec/tpm/key_attestation_spec.rb @@ -358,38 +358,53 @@ end context 'when ECDSA algorithm' do + let(:root_key) { create_ecc_key(key_curve_id) } + let(:attestation_key) { create_ecc_key(key_curve_id) } + let(:attested_key) { create_ecc_key(key_curve_id) } + let(:key_curve_id) { TPM::ECC_NIST_P256 } + + let(:signature_algorithm) { TPM::ALG_ECDSA } + let(:hash_algorithm) { TPM::ALG_SHA256 } + let(:hash_function) { "SHA256" } + + let(:certified_key) do + t_public = TPM::TPublic.new + t_public.alg_type = TPM::ALG_ECC + t_public.name_alg = name_alg + t_public.parameters.symmetric = TPM::ALG_NULL + t_public.parameters.scheme = scheme + t_public.parameters.curve_id = t_public_curve_id + t_public.parameters.kdf = TPM::ALG_NULL + + public_key_bytes = attested_key.public_key.to_bn.to_s(2)[1..-1] + coordinate_length = public_key_bytes.size / 2 + t_public.unique.x.buffer = public_key_bytes[0..(coordinate_length - 1)] + t_public.unique.y.buffer = public_key_bytes[coordinate_length..-1] + + t_public.to_binary_s + end + context "when the scheme parameter from pubArea is TPM_ALG_NULL" do - let(:root_key) { create_ecc_key(curve_id) } - let(:attestation_key) { create_ecc_key(curve_id) } - let(:attested_key) { create_ecc_key(curve_id) } + let(:scheme) { TPM::ALG_NULL } - let(:signature_algorithm) { TPM::ALG_ECDSA } - let(:hash_algorithm) { TPM::ALG_SHA256 } - let(:hash_function) { "SHA256" } - - let(:certified_key) do - t_public = TPM::TPublic.new - t_public.alg_type = TPM::ALG_ECC - t_public.name_alg = name_alg - t_public.parameters.symmetric = TPM::ALG_NULL - t_public.parameters.scheme = TPM::ALG_NULL - t_public.parameters.curve_id = curve_id - t_public.parameters.kdf = TPM::ALG_NULL - - public_key_bytes = attested_key.public_key.to_bn.to_s(2)[1..-1] - coordinate_length = public_key_bytes.size / 2 - t_public.unique.x.buffer = public_key_bytes[0..(coordinate_length - 1)] - t_public.unique.y.buffer = public_key_bytes[coordinate_length..-1] - - t_public.to_binary_s + context "when t_public.parameters and t_public.unique are compatible" do + let(:t_public_curve_id) { TPM::ECC_NIST_P256 } + + it "returns a public ECDSA key with the correct properties" do + expect(key_attestation.key).to be_a(OpenSSL::PKey::EC) + expect(key_attestation.key.group.curve_name).to eq("prime256v1") + expect(key_attestation.key.public_key).to eq(attested_key.public_key) + end end - let(:curve_id) { TPM::ECC_NIST_P256 } + context "when t_public.parameters and t_public.unique are incompatible" do + # Make the curve in t_public.parameters different than the curve + # used to generate the coordinates of the t_public.unique field + let(:t_public_curve_id) { TPM::ECC_NIST_P384 } - it "returns a public ECDSA key with the correct properties" do - expect(key_attestation.key).to be_a(OpenSSL::PKey::EC) - expect(key_attestation.key.group.curve_name).to eq("prime256v1") - expect(key_attestation.key.public_key).to eq(attested_key.public_key) + it "returns nil" do + expect(key_attestation.key).to be nil + end end end end