lib/tpm/t_public.rb in tpm-key_attestation-0.9.0 vs lib/tpm/t_public.rb in tpm-key_attestation-0.10.0

@@ -1,19 +1,28 @@
 # frozen_string_literal: true
 
 require "bindata"
+require "openssl"
 require "tpm/constants"
 require "tpm/sized_buffer"
 require "tpm/t_public/s_ecc_parms"
 require "tpm/t_public/s_rsa_parms"
 
 module TPM
   # Section 12.2.4 in https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
   class TPublic < BinData::Record
     BYTE_LENGTH = 8
-    CURVE_TPM_TO_OPENSSL = { TPM::ECC_NIST_P256 => "prime256v1" }.freeze
+
+    CURVE_TPM_TO_OPENSSL = {
+      TPM::ECC_NIST_P256 => "prime256v1",
+      TPM::ECC_NIST_P384 => "secp384r1",
+      TPM::ECC_NIST_P521 => "secp521r1",
+    }.freeze
+
+    BN_BASE = 2
     RSA_KEY_DEFAULT_PUBLIC_EXPONENT = 2**16 + 1
+    ECC_UNCOMPRESSED_POINT_INDICATOR = "\x04"
 
     class << self
       alias_method :deserialize, :read
     end
 
@@ -35,38 +44,46 @@
     choice :unique, selection: :alg_type do
       sized_buffer TPM::ALG_ECC
       sized_buffer TPM::ALG_RSA
     end
 
+    def rsa?
+      alg_type == TPM::ALG_RSA
+    end
+
+    def ecc?
+      alg_type == TPM::ALG_ECC
+    end
+
     def key
       if parameters.symmetric == TPM::ALG_NULL
-        case alg_type
-        when TPM::ALG_ECC
+        if ecc?
           ecc_key
-        when TPM::ALG_RSA
+        elsif rsa?
           rsa_key
         else
           raise "Type #{alg_type} not supported"
         end
       end
     end
 
+    def openssl_curve_name
+      if ecc?
+        CURVE_TPM_TO_OPENSSL[parameters.curve_id] || raise("Unknown curve #{parameters.curve_id}")
+      end
+    end
+
     private
 
     def ecc_key
       if parameters.scheme == TPM::ALG_ECDSA
-        curve = CURVE_TPM_TO_OPENSSL[parameters.curve_id]
+        group = OpenSSL::PKey::EC::Group.new(openssl_curve_name)
 
-        if curve
-          group = OpenSSL::PKey::EC::Group.new(curve)
-          pkey = OpenSSL::PKey::EC.new(group)
-          public_key_bn = OpenSSL::BN.new("\x04" + unique.buffer.value, 2)
-          public_key_point = OpenSSL::PKey::EC::Point.new(group, public_key_bn)
-          pkey.public_key = public_key_point
+        key = OpenSSL::PKey::EC.new(group)
+        key.public_key = OpenSSL::PKey::EC::Point.new(group, bn(ECC_UNCOMPRESSED_POINT_INDICATOR + unique.buffer.value))
 
-          pkey
-        end
+        key
       end
     end
 
     def rsa_key
       case parameters.scheme
@@ -82,10 +99,10 @@
       end
     end
 
     def bn(data)
       if data
-        OpenSSL::BN.new(data, 2)
+        OpenSSL::BN.new(data, BN_BASE)
       end
     end
   end
 end