diff --git a/attributecert/attributecert.go b/attributecert/attributecert.go index 5403b03..c28fdf5 100644 --- a/attributecert/attributecert.go +++ b/attributecert/attributecert.go @@ -62,10 +62,10 @@ var ( ) var ( - oidSignatureRSASha1 = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 5} - oidSignatureRSAPSS = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 10} + oidSignatureRSASha1 = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 5} + oidSignatureRSAPSS = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 10} oidSignatureRSASha256 = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 11} - oidSignatureEd25519 = asn1.ObjectIdentifier{1, 3, 101, 112} + oidSignatureEd25519 = asn1.ObjectIdentifier{1, 3, 101, 112} oidSHA256 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 1} oidSHA384 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 2} @@ -343,26 +343,49 @@ type CommonCriteriaMeasures struct { AssuranceLevel asn1.Enumerated EvaluationStatus asn1.Enumerated Plus bool - StrengthOfFunction asn1.Enumerated `asn1:"optional,tag=0"` - ProfileOid asn1.ObjectIdentifier `asn1:"optional,tag=1"` - ProfileURI string `asn1:"optional,tag=2"` - TargetOid asn1.ObjectIdentifier `asn1:"optional,tag=3"` - TargetURI asn1.ObjectIdentifier `asn1:"optional,tag=4"` + StrengthOfFunction asn1.Enumerated `asn1:"optional,tag:0"` + ProfileOid asn1.ObjectIdentifier `asn1:"optional,tag:1"` + ProfileURI string `asn1:"optional,tag:2"` + TargetOid asn1.ObjectIdentifier `asn1:"optional,tag:3"` + TargetURI asn1.ObjectIdentifier `asn1:"optional,tag:4"` } type TBBSecurityAssertions struct { Version int - CcInfo CommonCriteriaMeasures `asn1:"optional,tag=0"` - FipsLevel FipsLevel `asn1:"optional,tag=1"` - RtmType asn1.Enumerated `asn1:"optional,tag=2"` + CcInfo CommonCriteriaMeasures `asn1:"optional,tag:0"` + FipsLevel FipsLevel `asn1:"optional,tag:1"` + RtmType asn1.Enumerated `asn1:"optional,tag:2"` Iso9000Certified bool `asn1:"optional"` Iso9000URI string `asn1:"optional"` } +// Certificates with this information in the SDA region appear to fail to +// tag the optional fields +type CommonCriteriaMeasures_sda struct { + Version string + AssuranceLevel asn1.Enumerated + EvaluationStatus asn1.Enumerated + Plus bool + StrengthOfFunction asn1.Enumerated `asn1:"optional"` + ProfileOid asn1.ObjectIdentifier `asn1:"optional"` + ProfileURI string `asn1:"optional"` + TargetOid asn1.ObjectIdentifier `asn1:"optional"` + TargetURI asn1.ObjectIdentifier `asn1:"optional"` +} + +type TBBSecurityAssertions_sda struct { + Version int + CcInfo CommonCriteriaMeasures_sda `asn1:"optional"` + FipsLevel FipsLevel `asn1:"optional"` + RtmType asn1.Enumerated `asn1:"optional"` + Iso9000Certified bool `asn1:"optional"` + Iso9000URI string `asn1:"optional"` +} + type Property struct { PropertyName string PropertyValue string - Status asn1.Enumerated `asn1:"optional,tag=0"` + Status asn1.Enumerated `asn1:"optional,tag:0"` } type AttributeCertificateIdentifier struct { @@ -371,8 +394,8 @@ type AttributeCertificateIdentifier struct { } type CertificateIdentifier struct { - AttributeCertIdentifier AttributeCertificateIdentifier `asn1:"optional,tag=0"` - GenericCertIdientifier issuerSerial `asn1:"optional,tag=1"` + AttributeCertIdentifier AttributeCertificateIdentifier `asn1:"optional,tag:0"` + GenericCertIdientifier issuerSerial `asn1:"optional,tag:1"` } type ComponentAddress struct { @@ -389,14 +412,14 @@ type ComponentIdentifierV2 struct { ComponentClass ComponentClass ComponentManufacturer string ComponentModel string - ComponentSerial string `asn1:"optional,tag=0"` - ComponentRevision string `asn1:"optional,tag=1"` - ComponentManufacturerID int `asn1:"optional,tag=2"` - FieldReplaceable bool `asn1:"optional,tag=3"` - ComponentAddresses []ComponentAddress `asn1:"optional,tag=4"` - ComponentPlatformCert CertificateIdentifier `asn1:"optional,tag=5"` - ComponentPlatformCertURI string `asn1:"optional,tag=6"` - Status asn1.Enumerated `asn1:"optional,tag=7"` + ComponentSerial string `asn1:"optional,tag:0"` + ComponentRevision string `asn1:"optional,tag:1"` + ComponentManufacturerID int `asn1:"optional,tag:2"` + FieldReplaceable bool `asn1:"optional,tag:3"` + ComponentAddresses []ComponentAddress `asn1:"optional,tag:4"` + ComponentPlatformCert CertificateIdentifier `asn1:"optional,tag:5"` + ComponentPlatformCertURI string `asn1:"optional,tag:6"` + Status asn1.Enumerated `asn1:"optional,tag:7"` } type URIReference struct { @@ -406,26 +429,27 @@ type URIReference struct { } type PlatformConfigurationV2 struct { - ComponentIdentifiers []ComponentIdentifierV2 `asn1:"optional,tag=0"` - ComponentIdentifiersURI URIReference `asn1:"optional,tag=1"` - PlatformProperties []Property `asn1:"optional,tag=2"` - PlatformPropertiesURI URIReference `asn1:"optional,tag=3"` + ComponentIdentifiers []ComponentIdentifierV2 `asn1:"optional,tag:0"` + ComponentIdentifiersURI URIReference `asn1:"optional,tag:1"` + PlatformProperties []Property `asn1:"optional,tag:2"` + PlatformPropertiesURI URIReference `asn1:"optional,tag:3"` } type ComponentIdentifierV1 struct { + ComponentClass []byte `asn1:"optional"` ComponentManufacturer string ComponentModel string - ComponentSerial string `asn1:"optional,tag=0"` - ComponentRevision string `asn1:"optional,tag=1"` - ComponentManufacturerId int `asn1:"optional,tag=2"` - FieldReplaceable bool `asn1:"optional,tag=3"` - ComponentAddresses []ComponentAddress `asn1:"optional,tag=4"` + ComponentSerial string `asn1:"optional,tag:0"` + ComponentRevision string `asn1:"optional,tag:1"` + ComponentManufacturerId int `asn1:"optional,tag:2"` + FieldReplaceable bool `asn1:"optional,tag:3"` + ComponentAddresses []ComponentAddress `asn1:"optional,tag:4"` } type PlatformConfigurationV1 struct { - ComponentIdentifiers []ComponentIdentifierV1 `asn1:"optional,tag=0"` - PlatformProperties []Property `asn1:"optional,tag=1"` - PlatformPropertiesURI []URIReference `asn1:"optional,tag=2"` + ComponentIdentifiers []ComponentIdentifierV1 `asn1:"optional,tag:0"` + PlatformProperties []Property `asn1:"optional,tag:1"` + PlatformPropertiesURI URIReference `asn1:"optional,tag:2"` } func unmarshalSAN(v asn1.RawValue) ([]pkix.AttributeTypeAndValue, error) { @@ -614,12 +638,17 @@ func parseAttributeCertificate(in *attributeCertificate) (*AttributeCertificate, } out.TCGPlatformSpecification = platformSpecification case e.ID.Equal(oidTbbSecurityAssertions): - var securityAssertions TBBSecurityAssertions + var securityAssertions TBBSecurityAssertions_sda _, err := asn1.Unmarshal(e.Data.Bytes, &securityAssertions) if err != nil { return nil, err } - out.TBBSecurityAssertions = securityAssertions + out.TBBSecurityAssertions.Version = securityAssertions.Version + out.TBBSecurityAssertions.CcInfo = CommonCriteriaMeasures(securityAssertions.CcInfo) + out.TBBSecurityAssertions.FipsLevel = securityAssertions.FipsLevel + out.TBBSecurityAssertions.RtmType = securityAssertions.RtmType + out.TBBSecurityAssertions.Iso9000Certified = securityAssertions.Iso9000Certified + out.TBBSecurityAssertions.Iso9000URI = securityAssertions.Iso9000URI default: return nil, fmt.Errorf("attributecert: unhandled TCG directory attribute: %v", e.ID) } diff --git a/attributecert/testdata/Intel_nuc1.cer.json b/attributecert/testdata/Intel_nuc1.cer.json index c628316..7468237 100644 --- a/attributecert/testdata/Intel_nuc1.cer.json +++ b/attributecert/testdata/Intel_nuc1.cer.json @@ -173,18 +173,18 @@ "Plus": false, "StrengthOfFunction": 0, "ProfileOid": null, - "ProfileUri": "", + "ProfileURI": "", "TargetOid": null, - "TargetUri": null + "TargetURI": null }, "FipsLevel": { "Version": "", "Level": 0, "Plus": false }, - "RtmType": 0, + "RtmType": 3, "Iso9000Certified": false, - "Iso9000Uri": "" + "Iso9000URI": "" }, "PlatformManufacturer": "Intel Corporation", "PlatformModel": "NUC7i5DNHE", @@ -198,4 +198,4 @@ }, "ExplicitText": "" } -} +} \ No newline at end of file diff --git a/attributecert/testdata/Intel_nuc_pc.cer.json b/attributecert/testdata/Intel_nuc_pc.cer.json index 88144fd..2fed03a 100644 --- a/attributecert/testdata/Intel_nuc_pc.cer.json +++ b/attributecert/testdata/Intel_nuc_pc.cer.json @@ -140,18 +140,18 @@ "Plus": false, "StrengthOfFunction": 0, "ProfileOid": null, - "ProfileUri": "", + "ProfileURI": "", "TargetOid": null, - "TargetUri": null + "TargetURI": null }, "FipsLevel": { "Version": "", "Level": 0, "Plus": false }, - "RtmType": 0, + "RtmType": 3, "Iso9000Certified": false, - "Iso9000Uri": "" + "Iso9000URI": "" }, "PlatformManufacturer": "Intel", "PlatformModel": "DE3815TYKH", @@ -165,4 +165,4 @@ }, "ExplicitText": "" } -} +} \ No newline at end of file diff --git a/attributecert/testdata/Intel_nuc_pc2.cer.json b/attributecert/testdata/Intel_nuc_pc2.cer.json index a732597..9cab3c6 100644 --- a/attributecert/testdata/Intel_nuc_pc2.cer.json +++ b/attributecert/testdata/Intel_nuc_pc2.cer.json @@ -140,18 +140,18 @@ "Plus": false, "StrengthOfFunction": 0, "ProfileOid": null, - "ProfileUri": "", + "ProfileURI": "", "TargetOid": null, - "TargetUri": null + "TargetURI": null }, "FipsLevel": { "Version": "", "Level": 0, "Plus": false }, - "RtmType": 0, + "RtmType": 3, "Iso9000Certified": false, - "Iso9000Uri": "" + "Iso9000URI": "" }, "PlatformManufacturer": "Intel", "PlatformModel": "DE3815TYKH", @@ -165,4 +165,4 @@ }, "ExplicitText": "" } -} +} \ No newline at end of file diff --git a/attributecert/testdata/Intel_pc1.cer.json b/attributecert/testdata/Intel_pc1.cer.json index 5fe7b8e..5e75f05 100644 --- a/attributecert/testdata/Intel_pc1.cer.json +++ b/attributecert/testdata/Intel_pc1.cer.json @@ -140,9 +140,9 @@ "Plus": false, "StrengthOfFunction": 1, "ProfileOid": null, - "ProfileUri": "", + "ProfileURI": "", "TargetOid": null, - "TargetUri": null + "TargetURI": null }, "FipsLevel": { "Version": "", @@ -151,7 +151,7 @@ }, "RtmType": 2, "Iso9000Certified": true, - "Iso9000Uri": "URL to iso9000 certificate" + "Iso9000URI": "URL to iso9000 certificate" }, "PlatformManufacturer": "Intel", "PlatformModel": "S2600KP", @@ -165,4 +165,4 @@ }, "ExplicitText": "TCPA Trusted Platform Endorsement" } -} +} \ No newline at end of file diff --git a/attributecert/testdata/Intel_pc2.cer.json b/attributecert/testdata/Intel_pc2.cer.json index 6c25651..41f6214 100644 --- a/attributecert/testdata/Intel_pc2.cer.json +++ b/attributecert/testdata/Intel_pc2.cer.json @@ -140,18 +140,18 @@ "Plus": false, "StrengthOfFunction": 0, "ProfileOid": null, - "ProfileUri": "", + "ProfileURI": "", "TargetOid": null, - "TargetUri": null + "TargetURI": null }, "FipsLevel": { "Version": "", "Level": 0, "Plus": false }, - "RtmType": 0, + "RtmType": 3, "Iso9000Certified": false, - "Iso9000Uri": "" + "Iso9000URI": "" }, "PlatformManufacturer": "Intel", "PlatformModel": "DE3815TYKH", @@ -165,4 +165,4 @@ }, "ExplicitText": "" } -} +} \ No newline at end of file diff --git a/attributecert/testdata/Intel_pc3.cer.json b/attributecert/testdata/Intel_pc3.cer.json index 5ba641a..c1e8d40 100644 --- a/attributecert/testdata/Intel_pc3.cer.json +++ b/attributecert/testdata/Intel_pc3.cer.json @@ -140,18 +140,18 @@ "Plus": false, "StrengthOfFunction": 0, "ProfileOid": null, - "ProfileUri": "", + "ProfileURI": "", "TargetOid": null, - "TargetUri": null + "TargetURI": null }, "FipsLevel": { "Version": "", "Level": 0, "Plus": false }, - "RtmType": 0, + "RtmType": 3, "Iso9000Certified": false, - "Iso9000Uri": "" + "Iso9000URI": "" }, "PlatformManufacturer": "Intel", "PlatformModel": "DE3815TYKH", @@ -165,4 +165,4 @@ }, "ExplicitText": "" } -} +} \ No newline at end of file diff --git a/attributecert/testdata/Intel_pc4.cer.json b/attributecert/testdata/Intel_pc4.cer.json index 47c768a..025b6bf 100644 --- a/attributecert/testdata/Intel_pc4.cer.json +++ b/attributecert/testdata/Intel_pc4.cer.json @@ -140,18 +140,18 @@ "Plus": false, "StrengthOfFunction": 0, "ProfileOid": null, - "ProfileUri": "", + "ProfileURI": "", "TargetOid": null, - "TargetUri": null + "TargetURI": null }, "FipsLevel": { "Version": "", "Level": 0, "Plus": false }, - "RtmType": 0, + "RtmType": 3, "Iso9000Certified": false, - "Iso9000Uri": "" + "Iso9000URI": "" }, "PlatformManufacturer": "Intel", "PlatformModel": "DE3815TYKH", @@ -165,4 +165,4 @@ }, "ExplicitText": "" } -} +} \ No newline at end of file diff --git a/attributecert/testdata/Intel_pc5.cer.json b/attributecert/testdata/Intel_pc5.cer.json index 99e1e92..da7fa31 100644 --- a/attributecert/testdata/Intel_pc5.cer.json +++ b/attributecert/testdata/Intel_pc5.cer.json @@ -140,18 +140,18 @@ "Plus": false, "StrengthOfFunction": 0, "ProfileOid": null, - "ProfileUri": "", + "ProfileURI": "", "TargetOid": null, - "TargetUri": null + "TargetURI": null }, "FipsLevel": { "Version": "", "Level": 0, "Plus": false }, - "RtmType": 0, + "RtmType": 3, "Iso9000Certified": false, - "Iso9000Uri": "" + "Iso9000URI": "" }, "PlatformManufacturer": "Intel", "PlatformModel": "DE3815TYKH", @@ -165,4 +165,4 @@ }, "ExplicitText": "" } -} +} \ No newline at end of file diff --git a/attributecert/testdata/lenovo.cer.json b/attributecert/testdata/lenovo.cer.json index db58819..250b5a9 100644 --- a/attributecert/testdata/lenovo.cer.json +++ b/attributecert/testdata/lenovo.cer.json @@ -162,18 +162,18 @@ "Plus": false, "StrengthOfFunction": 0, "ProfileOid": null, - "ProfileUri": "", + "ProfileURI": "", "TargetOid": null, - "TargetUri": null + "TargetURI": null }, "FipsLevel": { "Version": "", "Level": 0, "Plus": false }, - "RtmType": 0, + "RtmType": 3, "Iso9000Certified": false, - "Iso9000Uri": "" + "Iso9000URI": "" }, "PlatformManufacturer": "LENOVO", "PlatformModel": "20L7002BUS", @@ -187,4 +187,4 @@ }, "ExplicitText": "" } -} +} \ No newline at end of file diff --git a/attributecert/testdata/plat_cert1.cer.json b/attributecert/testdata/plat_cert1.cer.json index e114dff..822c517 100644 --- a/attributecert/testdata/plat_cert1.cer.json +++ b/attributecert/testdata/plat_cert1.cer.json @@ -156,24 +156,31 @@ "TBBSecurityAssertions": { "Version": 0, "CcInfo": { - "Version": "", - "AssuranceLevel": 0, - "EvaluationStatus": 0, + "Version": "3.1", + "AssuranceLevel": 7, + "EvaluationStatus": 2, "Plus": false, - "StrengthOfFunction": 0, - "ProfileOid": null, - "ProfileUri": "", + "StrengthOfFunction": 1, + "ProfileOid": [ + 1, + 2, + 3, + 4, + 5, + 6 + ], + "ProfileURI": "", "TargetOid": null, - "TargetUri": null + "TargetURI": null }, "FipsLevel": { - "Version": "", - "Level": 0, + "Version": "140-2", + "Level": 4, "Plus": false }, - "RtmType": 0, + "RtmType": 3, "Iso9000Certified": false, - "Iso9000Uri": "" + "Iso9000URI": "https://www.intel.com/isocertification.pdf" }, "PlatformManufacturer": "Intel", "PlatformModel": "S2600KP", @@ -187,4 +194,4 @@ }, "ExplicitText": "" } -} +} \ No newline at end of file diff --git a/attributecert/testdata/plat_cert2.cer.json b/attributecert/testdata/plat_cert2.cer.json index 2643e1d..a0cf4df 100644 --- a/attributecert/testdata/plat_cert2.cer.json +++ b/attributecert/testdata/plat_cert2.cer.json @@ -156,24 +156,31 @@ "TBBSecurityAssertions": { "Version": 0, "CcInfo": { - "Version": "", - "AssuranceLevel": 0, - "EvaluationStatus": 0, + "Version": "3.1", + "AssuranceLevel": 7, + "EvaluationStatus": 2, "Plus": false, - "StrengthOfFunction": 0, - "ProfileOid": null, - "ProfileUri": "", + "StrengthOfFunction": 1, + "ProfileOid": [ + 1, + 2, + 3, + 4, + 5, + 6 + ], + "ProfileURI": "", "TargetOid": null, - "TargetUri": null + "TargetURI": null }, "FipsLevel": { - "Version": "", - "Level": 0, + "Version": "140-2", + "Level": 4, "Plus": false }, - "RtmType": 0, + "RtmType": 3, "Iso9000Certified": false, - "Iso9000Uri": "" + "Iso9000URI": "https://www.intel.com/isocertification.pdf" }, "PlatformManufacturer": "Intel", "PlatformModel": "S2600KP", @@ -187,4 +194,4 @@ }, "ExplicitText": "" } -} +} \ No newline at end of file diff --git a/attributecert/testdata/plat_cert3.cer.json b/attributecert/testdata/plat_cert3.cer.json index 09b4eb9..9667321 100644 --- a/attributecert/testdata/plat_cert3.cer.json +++ b/attributecert/testdata/plat_cert3.cer.json @@ -134,24 +134,31 @@ "TBBSecurityAssertions": { "Version": 0, "CcInfo": { - "Version": "", - "AssuranceLevel": 0, - "EvaluationStatus": 0, + "Version": "3.1", + "AssuranceLevel": 7, + "EvaluationStatus": 2, "Plus": false, - "StrengthOfFunction": 0, - "ProfileOid": null, - "ProfileUri": "", + "StrengthOfFunction": 1, + "ProfileOid": [ + 1, + 2, + 3, + 4, + 5, + 6 + ], + "ProfileURI": "", "TargetOid": null, - "TargetUri": null + "TargetURI": null }, "FipsLevel": { - "Version": "", - "Level": 0, + "Version": "140-2", + "Level": 4, "Plus": false }, - "RtmType": 0, + "RtmType": 3, "Iso9000Certified": false, - "Iso9000Uri": "" + "Iso9000URI": "https://www.intel.com/isocertification.pdf" }, "PlatformManufacturer": "Intel", "PlatformModel": "S2600KP", @@ -165,4 +172,4 @@ }, "ExplicitText": "" } -} +} \ No newline at end of file