Module: Tem::ECert

Included in:
Session
Defined in:
lib/tem/ecert.rb

Instance Method Summary collapse

Instance Method Details

#emitObject

Drives a TEM though the emitting process.



25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
 
# File 'lib/tem/ecert.rb', line 25

def emit
  emit_sec = assemble do |s|
    # Generate Endorsement Key pair, should end up in slots (0, 1).
    s.genkp :type => 0
    s.ldbc 1
    s.sub
    s.jne :to => :not_ok
    s.ldbc 0
    s.sub
    s.jne :to => :not_ok
    
    # Generate and output random authorization for PrivEK.
    s.ldbc 20
    s.dupn :n => 1
    s.outnew
    s.ldwc :privek_auth
    s.dupn :n => 2
    s.rnd
    s.outvb
    # Set authorizations for PrivEK and PubkEK.
    s.ldbc 0
    s.authk :auth => :privek_auth
    s.ldbc 1 # PubEK always has its initial authorization be all zeroes.
    s.authk :auth => :pubek_auth
    s.halt
    
    # Emitting didn't go well, return nothing and leave.
    s.label :not_ok
    s.ldbc 0
    s.outnew
    s.halt
    
    s.label :privek_auth
    s.zeros :tem_ubyte, 20
    s.label :pubek_auth
    s.zeros :tem_ubyte, 20
    s.stack 4
  end
  
  r = execute emit_sec
  if r.length == 0
    return nil
  else
    privk_auth = r[0...20]
    pubek_auth = (0...20).map {|i| 0}
    pubek = tk_read_key 1, pubek_auth
    tk_delete_key 1, pubek_auth      
    ecert = new_ecert pubek.ssl_key
    set_ecert ecert
    return { :privek_auth => privk_auth }
  end
end

#endorsement_certObject

Retrieves the TEM’s Endorsement Certificate.



10
11
12
 
# File 'lib/tem/ecert.rb', line 10

def endorsement_cert
  OpenSSL::X509::Certificate.new get_tag.pack('C*')
end

#manufacturer_certObject

Retrieves the certificate of the TEM’s Manfacturer (CA).



15
16
17
 
# File 'lib/tem/ecert.rb', line 15

def manufacturer_cert
  Tem::CA.ca_cert
end

#pubekObject

Retrieves the TEM’s Public Endorsement Key.



20
21
22
 
# File 'lib/tem/ecert.rb', line 20

def pubek
  Tem::Key.new_from_ssl_key endorsement_cert.public_key
end

#set_ecert(ecert) ⇒ Object

Writes an Endorsement Certificate to the TEM’s tag.



5
6
7
 
# File 'lib/tem/ecert.rb', line 5

def set_ecert(ecert)
  set_tag ecert.to_der.unpack('C*')
end