ExternalVendorCode/go-attestation
1
0
Fork 0
mirror of https://github.com/google/go-attestation.git synced 2025-06-01 15:00:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix broken tag statements

Browse Source 
A number of the struct definitions had broken tag definitions, which
meant some parsing was working by accident and some parsing was entirely
broken. Fixing this uncovered some additional issues (a mixture of
incorrect definitions and platform certificates that violate the spec),
so this is all cleaned up as well.
This commit is contained in:
Matthew Garrett 2020-05-08 12:15:58 -07:00 committed by Matthew Garrett
parent 596928d20b
commit 3538e3d287
13 changed files with 166 additions and 116 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
attributecert/attributecert.go
View File

@ -62,10 +62,10 @@ var (
) )
var ( var (
oidSignatureRSASha1 = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 5} oidSignatureRSASha1 = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 5}
oidSignatureRSAPSS = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 10} oidSignatureRSAPSS = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 10}
oidSignatureRSASha256 = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 11} oidSignatureRSASha256 = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 11}
oidSignatureEd25519 = asn1.ObjectIdentifier{1, 3, 101, 112} oidSignatureEd25519 = asn1.ObjectIdentifier{1, 3, 101, 112}
oidSHA256 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 1} oidSHA256 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 1}
oidSHA384 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 2} oidSHA384 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 2}
@ -343,26 +343,49 @@ type CommonCriteriaMeasures struct {
AssuranceLevel asn1.Enumerated AssuranceLevel asn1.Enumerated
EvaluationStatus asn1.Enumerated EvaluationStatus asn1.Enumerated
Plus bool Plus bool
StrengthOfFunction asn1.Enumerated `asn1:"optional,tag=0"` StrengthOfFunction asn1.Enumerated `asn1:"optional,tag:0"`
ProfileOid asn1.ObjectIdentifier `asn1:"optional,tag=1"` ProfileOid asn1.ObjectIdentifier `asn1:"optional,tag:1"`
ProfileURI string `asn1:"optional,tag=2"` ProfileURI string `asn1:"optional,tag:2"`
TargetOid asn1.ObjectIdentifier `asn1:"optional,tag=3"` TargetOid asn1.ObjectIdentifier `asn1:"optional,tag:3"`
TargetURI asn1.ObjectIdentifier `asn1:"optional,tag=4"` TargetURI asn1.ObjectIdentifier `asn1:"optional,tag:4"`
} }
type TBBSecurityAssertions struct { type TBBSecurityAssertions struct {
Version int Version int
CcInfo CommonCriteriaMeasures `asn1:"optional,tag=0"` CcInfo CommonCriteriaMeasures `asn1:"optional,tag:0"`
FipsLevel FipsLevel `asn1:"optional,tag=1"` FipsLevel FipsLevel `asn1:"optional,tag:1"`
RtmType asn1.Enumerated `asn1:"optional,tag=2"` RtmType asn1.Enumerated `asn1:"optional,tag:2"`
Iso9000Certified bool `asn1:"optional"` Iso9000Certified bool `asn1:"optional"`
Iso9000URI string `asn1:"optional"` Iso9000URI string `asn1:"optional"`
} }
// Certificates with this information in the SDA region appear to fail to
// tag the optional fields
type CommonCriteriaMeasures_sda struct {
Version string
AssuranceLevel asn1.Enumerated
EvaluationStatus asn1.Enumerated
Plus bool
StrengthOfFunction asn1.Enumerated `asn1:"optional"`
ProfileOid asn1.ObjectIdentifier `asn1:"optional"`
ProfileURI string `asn1:"optional"`
TargetOid asn1.ObjectIdentifier `asn1:"optional"`
TargetURI asn1.ObjectIdentifier `asn1:"optional"`
}
type TBBSecurityAssertions_sda struct {
Version int
CcInfo CommonCriteriaMeasures_sda `asn1:"optional"`
FipsLevel FipsLevel `asn1:"optional"`
RtmType asn1.Enumerated `asn1:"optional"`
Iso9000Certified bool `asn1:"optional"`
Iso9000URI string `asn1:"optional"`
}
type Property struct { type Property struct {
PropertyName string PropertyName string
PropertyValue string PropertyValue string
Status asn1.Enumerated `asn1:"optional,tag=0"` Status asn1.Enumerated `asn1:"optional,tag:0"`
} }
type AttributeCertificateIdentifier struct { type AttributeCertificateIdentifier struct {
@ -371,8 +394,8 @@ type AttributeCertificateIdentifier struct {
} }
type CertificateIdentifier struct { type CertificateIdentifier struct {
AttributeCertIdentifier AttributeCertificateIdentifier `asn1:"optional,tag=0"` AttributeCertIdentifier AttributeCertificateIdentifier `asn1:"optional,tag:0"`
GenericCertIdientifier issuerSerial `asn1:"optional,tag=1"` GenericCertIdientifier issuerSerial `asn1:"optional,tag:1"`
} }
type ComponentAddress struct { type ComponentAddress struct {
@ -389,14 +412,14 @@ type ComponentIdentifierV2 struct {
ComponentClass ComponentClass ComponentClass ComponentClass
ComponentManufacturer string ComponentManufacturer string
ComponentModel string ComponentModel string
ComponentSerial string `asn1:"optional,tag=0"` ComponentSerial string `asn1:"optional,tag:0"`
ComponentRevision string `asn1:"optional,tag=1"` ComponentRevision string `asn1:"optional,tag:1"`
ComponentManufacturerID int `asn1:"optional,tag=2"` ComponentManufacturerID int `asn1:"optional,tag:2"`
FieldReplaceable bool `asn1:"optional,tag=3"` FieldReplaceable bool `asn1:"optional,tag:3"`
ComponentAddresses []ComponentAddress `asn1:"optional,tag=4"` ComponentAddresses []ComponentAddress `asn1:"optional,tag:4"`
ComponentPlatformCert CertificateIdentifier `asn1:"optional,tag=5"` ComponentPlatformCert CertificateIdentifier `asn1:"optional,tag:5"`
ComponentPlatformCertURI string `asn1:"optional,tag=6"` ComponentPlatformCertURI string `asn1:"optional,tag:6"`
Status asn1.Enumerated `asn1:"optional,tag=7"` Status asn1.Enumerated `asn1:"optional,tag:7"`
} }
type URIReference struct { type URIReference struct {
@ -406,26 +429,27 @@ type URIReference struct {
} }
type PlatformConfigurationV2 struct { type PlatformConfigurationV2 struct {
ComponentIdentifiers []ComponentIdentifierV2 `asn1:"optional,tag=0"` ComponentIdentifiers []ComponentIdentifierV2 `asn1:"optional,tag:0"`
ComponentIdentifiersURI URIReference `asn1:"optional,tag=1"` ComponentIdentifiersURI URIReference `asn1:"optional,tag:1"`
PlatformProperties []Property `asn1:"optional,tag=2"` PlatformProperties []Property `asn1:"optional,tag:2"`
PlatformPropertiesURI URIReference `asn1:"optional,tag=3"` PlatformPropertiesURI URIReference `asn1:"optional,tag:3"`
} }
type ComponentIdentifierV1 struct { type ComponentIdentifierV1 struct {
ComponentClass []byte `asn1:"optional"`
ComponentManufacturer string ComponentManufacturer string
ComponentModel string ComponentModel string
ComponentSerial string `asn1:"optional,tag=0"` ComponentSerial string `asn1:"optional,tag:0"`
ComponentRevision string `asn1:"optional,tag=1"` ComponentRevision string `asn1:"optional,tag:1"`
ComponentManufacturerId int `asn1:"optional,tag=2"` ComponentManufacturerId int `asn1:"optional,tag:2"`
FieldReplaceable bool `asn1:"optional,tag=3"` FieldReplaceable bool `asn1:"optional,tag:3"`
ComponentAddresses []ComponentAddress `asn1:"optional,tag=4"` ComponentAddresses []ComponentAddress `asn1:"optional,tag:4"`
} }
type PlatformConfigurationV1 struct { type PlatformConfigurationV1 struct {
ComponentIdentifiers []ComponentIdentifierV1 `asn1:"optional,tag=0"` ComponentIdentifiers []ComponentIdentifierV1 `asn1:"optional,tag:0"`
PlatformProperties []Property `asn1:"optional,tag=1"` PlatformProperties []Property `asn1:"optional,tag:1"`
PlatformPropertiesURI []URIReference `asn1:"optional,tag=2"` PlatformPropertiesURI URIReference `asn1:"optional,tag:2"`
} }
func unmarshalSAN(v asn1.RawValue) ([]pkix.AttributeTypeAndValue, error) { func unmarshalSAN(v asn1.RawValue) ([]pkix.AttributeTypeAndValue, error) {
@ -614,12 +638,17 @@ func parseAttributeCertificate(in *attributeCertificate) (*AttributeCertificate,
} }
out.TCGPlatformSpecification = platformSpecification out.TCGPlatformSpecification = platformSpecification
case e.ID.Equal(oidTbbSecurityAssertions): case e.ID.Equal(oidTbbSecurityAssertions):
var securityAssertions TBBSecurityAssertions var securityAssertions TBBSecurityAssertions_sda
_, err := asn1.Unmarshal(e.Data.Bytes, &securityAssertions) _, err := asn1.Unmarshal(e.Data.Bytes, &securityAssertions)
if err != nil { if err != nil {
return nil, err return nil, err
} }
out.TBBSecurityAssertions = securityAssertions out.TBBSecurityAssertions.Version = securityAssertions.Version
out.TBBSecurityAssertions.CcInfo = CommonCriteriaMeasures(securityAssertions.CcInfo)
out.TBBSecurityAssertions.FipsLevel = securityAssertions.FipsLevel
out.TBBSecurityAssertions.RtmType = securityAssertions.RtmType
out.TBBSecurityAssertions.Iso9000Certified = securityAssertions.Iso9000Certified
out.TBBSecurityAssertions.Iso9000URI = securityAssertions.Iso9000URI
default: default:
return nil, fmt.Errorf("attributecert: unhandled TCG directory attribute: %v", e.ID) return nil, fmt.Errorf("attributecert: unhandled TCG directory attribute: %v", e.ID)
} }

10
attributecert/testdata/Intel_nuc1.cer.json vendored
View File

@ -173,18 +173,18 @@
"Plus": false, "Plus": false,
"StrengthOfFunction": 0, "StrengthOfFunction": 0,
"ProfileOid": null, "ProfileOid": null,
"ProfileUri": "", "ProfileURI": "",
"TargetOid": null, "TargetOid": null,
"TargetUri": null "TargetURI": null
}, },
"FipsLevel": { "FipsLevel": {
"Version": "", "Version": "",
"Level": 0, "Level": 0,
"Plus": false "Plus": false
}, },
"RtmType": 0, "RtmType": 3,
"Iso9000Certified": false, "Iso9000Certified": false,
"Iso9000Uri": "" "Iso9000URI": ""
}, },
"PlatformManufacturer": "Intel Corporation", "PlatformManufacturer": "Intel Corporation",
"PlatformModel": "NUC7i5DNHE", "PlatformModel": "NUC7i5DNHE",
@ -198,4 +198,4 @@
}, },
"ExplicitText": "" "ExplicitText": ""
} }
} }

10
attributecert/testdata/Intel_nuc_pc.cer.json vendored
View File

@ -140,18 +140,18 @@
"Plus": false, "Plus": false,
"StrengthOfFunction": 0, "StrengthOfFunction": 0,
"ProfileOid": null, "ProfileOid": null,
"ProfileUri": "", "ProfileURI": "",
"TargetOid": null, "TargetOid": null,
"TargetUri": null "TargetURI": null
}, },
"FipsLevel": { "FipsLevel": {
"Version": "", "Version": "",
"Level": 0, "Level": 0,
"Plus": false "Plus": false
}, },
"RtmType": 0, "RtmType": 3,
"Iso9000Certified": false, "Iso9000Certified": false,
"Iso9000Uri": "" "Iso9000URI": ""
}, },
"PlatformManufacturer": "Intel", "PlatformManufacturer": "Intel",
"PlatformModel": "DE3815TYKH", "PlatformModel": "DE3815TYKH",
@ -165,4 +165,4 @@
}, },
"ExplicitText": "" "ExplicitText": ""
} }
} }

10
attributecert/testdata/Intel_nuc_pc2.cer.json vendored
View File

@ -140,18 +140,18 @@
"Plus": false, "Plus": false,
"StrengthOfFunction": 0, "StrengthOfFunction": 0,
"ProfileOid": null, "ProfileOid": null,
"ProfileUri": "", "ProfileURI": "",
"TargetOid": null, "TargetOid": null,
"TargetUri": null "TargetURI": null
}, },
"FipsLevel": { "FipsLevel": {
"Version": "", "Version": "",
"Level": 0, "Level": 0,
"Plus": false "Plus": false
}, },
"RtmType": 0, "RtmType": 3,
"Iso9000Certified": false, "Iso9000Certified": false,
"Iso9000Uri": "" "Iso9000URI": ""
}, },
"PlatformManufacturer": "Intel", "PlatformManufacturer": "Intel",
"PlatformModel": "DE3815TYKH", "PlatformModel": "DE3815TYKH",
@ -165,4 +165,4 @@
}, },
"ExplicitText": "" "ExplicitText": ""
} }
} }

8
attributecert/testdata/Intel_pc1.cer.json vendored
View File

@ -140,9 +140,9 @@
"Plus": false, "Plus": false,
"StrengthOfFunction": 1, "StrengthOfFunction": 1,
"ProfileOid": null, "ProfileOid": null,
"ProfileUri": "", "ProfileURI": "",
"TargetOid": null, "TargetOid": null,
"TargetUri": null "TargetURI": null
}, },
"FipsLevel": { "FipsLevel": {
"Version": "", "Version": "",
@ -151,7 +151,7 @@
}, },
"RtmType": 2, "RtmType": 2,
"Iso9000Certified": true, "Iso9000Certified": true,
"Iso9000Uri": "URL to iso9000 certificate" "Iso9000URI": "URL to iso9000 certificate"
}, },
"PlatformManufacturer": "Intel", "PlatformManufacturer": "Intel",
"PlatformModel": "S2600KP", "PlatformModel": "S2600KP",
@ -165,4 +165,4 @@
}, },
"ExplicitText": "TCPA Trusted Platform Endorsement" "ExplicitText": "TCPA Trusted Platform Endorsement"
} }
} }

10
attributecert/testdata/Intel_pc2.cer.json vendored
View File

@ -140,18 +140,18 @@
"Plus": false, "Plus": false,
"StrengthOfFunction": 0, "StrengthOfFunction": 0,
"ProfileOid": null, "ProfileOid": null,
"ProfileUri": "", "ProfileURI": "",
"TargetOid": null, "TargetOid": null,
"TargetUri": null "TargetURI": null
}, },
"FipsLevel": { "FipsLevel": {
"Version": "", "Version": "",
"Level": 0, "Level": 0,
"Plus": false "Plus": false
}, },
"RtmType": 0, "RtmType": 3,
"Iso9000Certified": false, "Iso9000Certified": false,
"Iso9000Uri": "" "Iso9000URI": ""
}, },
"PlatformManufacturer": "Intel", "PlatformManufacturer": "Intel",
"PlatformModel": "DE3815TYKH", "PlatformModel": "DE3815TYKH",
@ -165,4 +165,4 @@
}, },
"ExplicitText": "" "ExplicitText": ""
} }
} }

10
attributecert/testdata/Intel_pc3.cer.json vendored
View File

@ -140,18 +140,18 @@
"Plus": false, "Plus": false,
"StrengthOfFunction": 0, "StrengthOfFunction": 0,
"ProfileOid": null, "ProfileOid": null,
"ProfileUri": "", "ProfileURI": "",
"TargetOid": null, "TargetOid": null,
"TargetUri": null "TargetURI": null
}, },
"FipsLevel": { "FipsLevel": {
"Version": "", "Version": "",
"Level": 0, "Level": 0,
"Plus": false "Plus": false
}, },
"RtmType": 0, "RtmType": 3,
"Iso9000Certified": false, "Iso9000Certified": false,
"Iso9000Uri": "" "Iso9000URI": ""
}, },
"PlatformManufacturer": "Intel", "PlatformManufacturer": "Intel",
"PlatformModel": "DE3815TYKH", "PlatformModel": "DE3815TYKH",
@ -165,4 +165,4 @@
}, },
"ExplicitText": "" "ExplicitText": ""
} }
} }

10
attributecert/testdata/Intel_pc4.cer.json vendored
View File

@ -140,18 +140,18 @@
"Plus": false, "Plus": false,
"StrengthOfFunction": 0, "StrengthOfFunction": 0,
"ProfileOid": null, "ProfileOid": null,
"ProfileUri": "", "ProfileURI": "",
"TargetOid": null, "TargetOid": null,
"TargetUri": null "TargetURI": null
}, },
"FipsLevel": { "FipsLevel": {
"Version": "", "Version": "",
"Level": 0, "Level": 0,
"Plus": false "Plus": false
}, },
"RtmType": 0, "RtmType": 3,
"Iso9000Certified": false, "Iso9000Certified": false,
"Iso9000Uri": "" "Iso9000URI": ""
}, },
"PlatformManufacturer": "Intel", "PlatformManufacturer": "Intel",
"PlatformModel": "DE3815TYKH", "PlatformModel": "DE3815TYKH",
@ -165,4 +165,4 @@
}, },
"ExplicitText": "" "ExplicitText": ""
} }
} }

10
attributecert/testdata/Intel_pc5.cer.json vendored
View File

@ -140,18 +140,18 @@
"Plus": false, "Plus": false,
"StrengthOfFunction": 0, "StrengthOfFunction": 0,
"ProfileOid": null, "ProfileOid": null,
"ProfileUri": "", "ProfileURI": "",
"TargetOid": null, "TargetOid": null,
"TargetUri": null "TargetURI": null
}, },
"FipsLevel": { "FipsLevel": {
"Version": "", "Version": "",
"Level": 0, "Level": 0,
"Plus": false "Plus": false
}, },
"RtmType": 0, "RtmType": 3,
"Iso9000Certified": false, "Iso9000Certified": false,
"Iso9000Uri": "" "Iso9000URI": ""
}, },
"PlatformManufacturer": "Intel", "PlatformManufacturer": "Intel",
"PlatformModel": "DE3815TYKH", "PlatformModel": "DE3815TYKH",
@ -165,4 +165,4 @@
}, },
"ExplicitText": "" "ExplicitText": ""
} }
} }

10
attributecert/testdata/lenovo.cer.json vendored
View File

@ -162,18 +162,18 @@
"Plus": false, "Plus": false,
"StrengthOfFunction": 0, "StrengthOfFunction": 0,
"ProfileOid": null, "ProfileOid": null,
"ProfileUri": "", "ProfileURI": "",
"TargetOid": null, "TargetOid": null,
"TargetUri": null "TargetURI": null
}, },
"FipsLevel": { "FipsLevel": {
"Version": "", "Version": "",
"Level": 0, "Level": 0,
"Plus": false "Plus": false
}, },
"RtmType": 0, "RtmType": 3,
"Iso9000Certified": false, "Iso9000Certified": false,
"Iso9000Uri": "" "Iso9000URI": ""
}, },
"PlatformManufacturer": "LENOVO", "PlatformManufacturer": "LENOVO",
"PlatformModel": "20L7002BUS", "PlatformModel": "20L7002BUS",
@ -187,4 +187,4 @@
}, },
"ExplicitText": "" "ExplicitText": ""
} }
} }

31
attributecert/testdata/plat_cert1.cer.json vendored
View File

@ -156,24 +156,31 @@
"TBBSecurityAssertions": { "TBBSecurityAssertions": {
"Version": 0, "Version": 0,
"CcInfo": { "CcInfo": {
"Version": "", "Version": "3.1",
"AssuranceLevel": 0, "AssuranceLevel": 7,
"EvaluationStatus": 0, "EvaluationStatus": 2,
"Plus": false, "Plus": false,
"StrengthOfFunction": 0, "StrengthOfFunction": 1,
"ProfileOid": null, "ProfileOid": [
"ProfileUri": "", 1,
2,
3,
4,
5,
6
],
"ProfileURI": "",
"TargetOid": null, "TargetOid": null,
"TargetUri": null "TargetURI": null
}, },
"FipsLevel": { "FipsLevel": {
"Version": "", "Version": "140-2",
"Level": 0, "Level": 4,
"Plus": false "Plus": false
}, },
"RtmType": 0, "RtmType": 3,
"Iso9000Certified": false, "Iso9000Certified": false,
"Iso9000Uri": "" "Iso9000URI": "https://www.intel.com/isocertification.pdf"
}, },
"PlatformManufacturer": "Intel", "PlatformManufacturer": "Intel",
"PlatformModel": "S2600KP", "PlatformModel": "S2600KP",
@ -187,4 +194,4 @@
}, },
"ExplicitText": "" "ExplicitText": ""
} }
} }

31
attributecert/testdata/plat_cert2.cer.json vendored
View File

@ -156,24 +156,31 @@
"TBBSecurityAssertions": { "TBBSecurityAssertions": {
"Version": 0, "Version": 0,
"CcInfo": { "CcInfo": {
"Version": "", "Version": "3.1",
"AssuranceLevel": 0, "AssuranceLevel": 7,
"EvaluationStatus": 0, "EvaluationStatus": 2,
"Plus": false, "Plus": false,
"StrengthOfFunction": 0, "StrengthOfFunction": 1,
"ProfileOid": null, "ProfileOid": [
"ProfileUri": "", 1,
2,
3,
4,
5,
6
],
"ProfileURI": "",
"TargetOid": null, "TargetOid": null,
"TargetUri": null "TargetURI": null
}, },
"FipsLevel": { "FipsLevel": {
"Version": "", "Version": "140-2",
"Level": 0, "Level": 4,
"Plus": false "Plus": false
}, },
"RtmType": 0, "RtmType": 3,
"Iso9000Certified": false, "Iso9000Certified": false,
"Iso9000Uri": "" "Iso9000URI": "https://www.intel.com/isocertification.pdf"
}, },
"PlatformManufacturer": "Intel", "PlatformManufacturer": "Intel",
"PlatformModel": "S2600KP", "PlatformModel": "S2600KP",
@ -187,4 +194,4 @@
}, },
"ExplicitText": "" "ExplicitText": ""
} }
} }

31
attributecert/testdata/plat_cert3.cer.json vendored
View File

@ -134,24 +134,31 @@
"TBBSecurityAssertions": { "TBBSecurityAssertions": {
"Version": 0, "Version": 0,
"CcInfo": { "CcInfo": {
"Version": "", "Version": "3.1",
"AssuranceLevel": 0, "AssuranceLevel": 7,
"EvaluationStatus": 0, "EvaluationStatus": 2,
"Plus": false, "Plus": false,
"StrengthOfFunction": 0, "StrengthOfFunction": 1,
"ProfileOid": null, "ProfileOid": [
"ProfileUri": "", 1,
2,
3,
4,
5,
6
],
"ProfileURI": "",
"TargetOid": null, "TargetOid": null,
"TargetUri": null "TargetURI": null
}, },
"FipsLevel": { "FipsLevel": {
"Version": "", "Version": "140-2",
"Level": 0, "Level": 4,
"Plus": false "Plus": false
}, },
"RtmType": 0, "RtmType": 3,
"Iso9000Certified": false, "Iso9000Certified": false,
"Iso9000Uri": "" "Iso9000URI": "https://www.intel.com/isocertification.pdf"
}, },
"PlatformManufacturer": "Intel", "PlatformManufacturer": "Intel",
"PlatformModel": "S2600KP", "PlatformModel": "S2600KP",
@ -165,4 +172,4 @@
}, },
"ExplicitText": "" "ExplicitText": ""
} }
} }