ExternalVendorCode/go-attestation
1
0
Fork 0
mirror of https://github.com/google/go-attestation.git synced 2024-12-20 05:28:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix broken tag statements

Browse Source 
A number of the struct definitions had broken tag definitions, which
meant some parsing was working by accident and some parsing was entirely
broken. Fixing this uncovered some additional issues (a mixture of
incorrect definitions and platform certificates that violate the spec),
so this is all cleaned up as well.
This commit is contained in:
Matthew Garrett 2020-05-08 12:15:58 -07:00 committed by Matthew Garrett
parent 596928d20b
commit 3538e3d287
13 changed files with 166 additions and 116 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
attributecert/attributecert.go
View File

@ -62,10 +62,10 @@ var (
)
var (
oidSignatureRSASha1 = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 5}
oidSignatureRSAPSS = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 10}
oidSignatureRSASha1 = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 5}
oidSignatureRSAPSS = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 10}
oidSignatureRSASha256 = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 11}
oidSignatureEd25519 = asn1.ObjectIdentifier{1, 3, 101, 112}
oidSignatureEd25519 = asn1.ObjectIdentifier{1, 3, 101, 112}
oidSHA256 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 1}
oidSHA384 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 2}
@ -343,26 +343,49 @@ type CommonCriteriaMeasures struct {
AssuranceLevel asn1.Enumerated
EvaluationStatus asn1.Enumerated
Plus bool
StrengthOfFunction asn1.Enumerated `asn1:"optional,tag=0"`
ProfileOid asn1.ObjectIdentifier `asn1:"optional,tag=1"`
ProfileURI string `asn1:"optional,tag=2"`
TargetOid asn1.ObjectIdentifier `asn1:"optional,tag=3"`
TargetURI asn1.ObjectIdentifier `asn1:"optional,tag=4"`
StrengthOfFunction asn1.Enumerated `asn1:"optional,tag:0"`
ProfileOid asn1.ObjectIdentifier `asn1:"optional,tag:1"`
ProfileURI string `asn1:"optional,tag:2"`
TargetOid asn1.ObjectIdentifier `asn1:"optional,tag:3"`
TargetURI asn1.ObjectIdentifier `asn1:"optional,tag:4"`
}
type TBBSecurityAssertions struct {
Version int
CcInfo CommonCriteriaMeasures `asn1:"optional,tag=0"`
FipsLevel FipsLevel `asn1:"optional,tag=1"`
RtmType asn1.Enumerated `asn1:"optional,tag=2"`
CcInfo CommonCriteriaMeasures `asn1:"optional,tag:0"`
FipsLevel FipsLevel `asn1:"optional,tag:1"`
RtmType asn1.Enumerated `asn1:"optional,tag:2"`
Iso9000Certified bool `asn1:"optional"`
Iso9000URI string `asn1:"optional"`
}
// Certificates with this information in the SDA region appear to fail to
// tag the optional fields
type CommonCriteriaMeasures_sda struct {
Version string
AssuranceLevel asn1.Enumerated
EvaluationStatus asn1.Enumerated
Plus bool
StrengthOfFunction asn1.Enumerated `asn1:"optional"`
ProfileOid asn1.ObjectIdentifier `asn1:"optional"`
ProfileURI string `asn1:"optional"`
TargetOid asn1.ObjectIdentifier `asn1:"optional"`
TargetURI asn1.ObjectIdentifier `asn1:"optional"`
}
type TBBSecurityAssertions_sda struct {
Version int
CcInfo CommonCriteriaMeasures_sda `asn1:"optional"`
FipsLevel FipsLevel `asn1:"optional"`
RtmType asn1.Enumerated `asn1:"optional"`
Iso9000Certified bool `asn1:"optional"`
Iso9000URI string `asn1:"optional"`
}
type Property struct {
PropertyName string
PropertyValue string
Status asn1.Enumerated `asn1:"optional,tag=0"`
Status asn1.Enumerated `asn1:"optional,tag:0"`
}
type AttributeCertificateIdentifier struct {
@ -371,8 +394,8 @@ type AttributeCertificateIdentifier struct {
}
type CertificateIdentifier struct {
AttributeCertIdentifier AttributeCertificateIdentifier `asn1:"optional,tag=0"`
GenericCertIdientifier issuerSerial `asn1:"optional,tag=1"`
AttributeCertIdentifier AttributeCertificateIdentifier `asn1:"optional,tag:0"`
GenericCertIdientifier issuerSerial `asn1:"optional,tag:1"`
}
type ComponentAddress struct {
@ -389,14 +412,14 @@ type ComponentIdentifierV2 struct {
ComponentClass ComponentClass
ComponentManufacturer string
ComponentModel string
ComponentSerial string `asn1:"optional,tag=0"`
ComponentRevision string `asn1:"optional,tag=1"`
ComponentManufacturerID int `asn1:"optional,tag=2"`
FieldReplaceable bool `asn1:"optional,tag=3"`
ComponentAddresses []ComponentAddress `asn1:"optional,tag=4"`
ComponentPlatformCert CertificateIdentifier `asn1:"optional,tag=5"`
ComponentPlatformCertURI string `asn1:"optional,tag=6"`
Status asn1.Enumerated `asn1:"optional,tag=7"`
ComponentSerial string `asn1:"optional,tag:0"`
ComponentRevision string `asn1:"optional,tag:1"`
ComponentManufacturerID int `asn1:"optional,tag:2"`
FieldReplaceable bool `asn1:"optional,tag:3"`
ComponentAddresses []ComponentAddress `asn1:"optional,tag:4"`
ComponentPlatformCert CertificateIdentifier `asn1:"optional,tag:5"`
ComponentPlatformCertURI string `asn1:"optional,tag:6"`
Status asn1.Enumerated `asn1:"optional,tag:7"`
}
type URIReference struct {
@ -406,26 +429,27 @@ type URIReference struct {
}
type PlatformConfigurationV2 struct {
ComponentIdentifiers []ComponentIdentifierV2 `asn1:"optional,tag=0"`
ComponentIdentifiersURI URIReference `asn1:"optional,tag=1"`
PlatformProperties []Property `asn1:"optional,tag=2"`
PlatformPropertiesURI URIReference `asn1:"optional,tag=3"`
ComponentIdentifiers []ComponentIdentifierV2 `asn1:"optional,tag:0"`
ComponentIdentifiersURI URIReference `asn1:"optional,tag:1"`
PlatformProperties []Property `asn1:"optional,tag:2"`
PlatformPropertiesURI URIReference `asn1:"optional,tag:3"`
}
type ComponentIdentifierV1 struct {
ComponentClass []byte `asn1:"optional"`
ComponentManufacturer string
ComponentModel string
ComponentSerial string `asn1:"optional,tag=0"`
ComponentRevision string `asn1:"optional,tag=1"`
ComponentManufacturerId int `asn1:"optional,tag=2"`
FieldReplaceable bool `asn1:"optional,tag=3"`
ComponentAddresses []ComponentAddress `asn1:"optional,tag=4"`
ComponentSerial string `asn1:"optional,tag:0"`
ComponentRevision string `asn1:"optional,tag:1"`
ComponentManufacturerId int `asn1:"optional,tag:2"`
FieldReplaceable bool `asn1:"optional,tag:3"`
ComponentAddresses []ComponentAddress `asn1:"optional,tag:4"`
}
type PlatformConfigurationV1 struct {
ComponentIdentifiers []ComponentIdentifierV1 `asn1:"optional,tag=0"`
PlatformProperties []Property `asn1:"optional,tag=1"`
PlatformPropertiesURI []URIReference `asn1:"optional,tag=2"`
ComponentIdentifiers []ComponentIdentifierV1 `asn1:"optional,tag:0"`
PlatformProperties []Property `asn1:"optional,tag:1"`
PlatformPropertiesURI URIReference `asn1:"optional,tag:2"`
}
func unmarshalSAN(v asn1.RawValue) ([]pkix.AttributeTypeAndValue, error) {
@ -614,12 +638,17 @@ func parseAttributeCertificate(in *attributeCertificate) (*AttributeCertificate,
}
out.TCGPlatformSpecification = platformSpecification
case e.ID.Equal(oidTbbSecurityAssertions):
var securityAssertions TBBSecurityAssertions
var securityAssertions TBBSecurityAssertions_sda
_, err := asn1.Unmarshal(e.Data.Bytes, &securityAssertions)
if err != nil {
return nil, err
}
out.TBBSecurityAssertions = securityAssertions
out.TBBSecurityAssertions.Version = securityAssertions.Version
out.TBBSecurityAssertions.CcInfo = CommonCriteriaMeasures(securityAssertions.CcInfo)
out.TBBSecurityAssertions.FipsLevel = securityAssertions.FipsLevel
out.TBBSecurityAssertions.RtmType = securityAssertions.RtmType
out.TBBSecurityAssertions.Iso9000Certified = securityAssertions.Iso9000Certified
out.TBBSecurityAssertions.Iso9000URI = securityAssertions.Iso9000URI
default:
return nil, fmt.Errorf("attributecert: unhandled TCG directory attribute: %v", e.ID)
}

8
attributecert/testdata/Intel_nuc1.cer.json vendored
View File

@ -173,18 +173,18 @@
"Plus": false,
"StrengthOfFunction": 0,
"ProfileOid": null,
"ProfileUri": "",
"ProfileURI": "",
"TargetOid": null,
"TargetUri": null
"TargetURI": null
},
"FipsLevel": {
"Version": "",
"Level": 0,
"Plus": false
},
"RtmType": 0,
"RtmType": 3,
"Iso9000Certified": false,
"Iso9000Uri": ""
"Iso9000URI": ""
},
"PlatformManufacturer": "Intel Corporation",
"PlatformModel": "NUC7i5DNHE",

8
attributecert/testdata/Intel_nuc_pc.cer.json vendored
View File

@ -140,18 +140,18 @@
"Plus": false,
"StrengthOfFunction": 0,
"ProfileOid": null,
"ProfileUri": "",
"ProfileURI": "",
"TargetOid": null,
"TargetUri": null
"TargetURI": null
},
"FipsLevel": {
"Version": "",
"Level": 0,
"Plus": false
},
"RtmType": 0,
"RtmType": 3,
"Iso9000Certified": false,
"Iso9000Uri": ""
"Iso9000URI": ""
},
"PlatformManufacturer": "Intel",
"PlatformModel": "DE3815TYKH",

8
attributecert/testdata/Intel_nuc_pc2.cer.json vendored
View File

@ -140,18 +140,18 @@
"Plus": false,
"StrengthOfFunction": 0,
"ProfileOid": null,
"ProfileUri": "",
"ProfileURI": "",
"TargetOid": null,
"TargetUri": null
"TargetURI": null
},
"FipsLevel": {
"Version": "",
"Level": 0,
"Plus": false
},
"RtmType": 0,
"RtmType": 3,
"Iso9000Certified": false,
"Iso9000Uri": ""
"Iso9000URI": ""
},
"PlatformManufacturer": "Intel",
"PlatformModel": "DE3815TYKH",

6
attributecert/testdata/Intel_pc1.cer.json vendored
View File

@ -140,9 +140,9 @@
"Plus": false,
"StrengthOfFunction": 1,
"ProfileOid": null,
"ProfileUri": "",
"ProfileURI": "",
"TargetOid": null,
"TargetUri": null
"TargetURI": null
},
"FipsLevel": {
"Version": "",
@ -151,7 +151,7 @@
},
"RtmType": 2,
"Iso9000Certified": true,
"Iso9000Uri": "URL to iso9000 certificate"
"Iso9000URI": "URL to iso9000 certificate"
},
"PlatformManufacturer": "Intel",
"PlatformModel": "S2600KP",

8
attributecert/testdata/Intel_pc2.cer.json vendored
View File

@ -140,18 +140,18 @@
"Plus": false,
"StrengthOfFunction": 0,
"ProfileOid": null,
"ProfileUri": "",
"ProfileURI": "",
"TargetOid": null,
"TargetUri": null
"TargetURI": null
},
"FipsLevel": {
"Version": "",
"Level": 0,
"Plus": false
},
"RtmType": 0,
"RtmType": 3,
"Iso9000Certified": false,
"Iso9000Uri": ""
"Iso9000URI": ""
},
"PlatformManufacturer": "Intel",
"PlatformModel": "DE3815TYKH",

8
attributecert/testdata/Intel_pc3.cer.json vendored
View File

@ -140,18 +140,18 @@
"Plus": false,
"StrengthOfFunction": 0,
"ProfileOid": null,
"ProfileUri": "",
"ProfileURI": "",
"TargetOid": null,
"TargetUri": null
"TargetURI": null
},
"FipsLevel": {
"Version": "",
"Level": 0,
"Plus": false
},
"RtmType": 0,
"RtmType": 3,
"Iso9000Certified": false,
"Iso9000Uri": ""
"Iso9000URI": ""
},
"PlatformManufacturer": "Intel",
"PlatformModel": "DE3815TYKH",

8
attributecert/testdata/Intel_pc4.cer.json vendored
View File

@ -140,18 +140,18 @@
"Plus": false,
"StrengthOfFunction": 0,
"ProfileOid": null,
"ProfileUri": "",
"ProfileURI": "",
"TargetOid": null,
"TargetUri": null
"TargetURI": null
},
"FipsLevel": {
"Version": "",
"Level": 0,
"Plus": false
},
"RtmType": 0,
"RtmType": 3,
"Iso9000Certified": false,
"Iso9000Uri": ""
"Iso9000URI": ""
},
"PlatformManufacturer": "Intel",
"PlatformModel": "DE3815TYKH",

8
attributecert/testdata/Intel_pc5.cer.json vendored
View File

@ -140,18 +140,18 @@
"Plus": false,
"StrengthOfFunction": 0,
"ProfileOid": null,
"ProfileUri": "",
"ProfileURI": "",
"TargetOid": null,
"TargetUri": null
"TargetURI": null
},
"FipsLevel": {
"Version": "",
"Level": 0,
"Plus": false
},
"RtmType": 0,
"RtmType": 3,
"Iso9000Certified": false,
"Iso9000Uri": ""
"Iso9000URI": ""
},
"PlatformManufacturer": "Intel",
"PlatformModel": "DE3815TYKH",

8
attributecert/testdata/lenovo.cer.json vendored
View File

@ -162,18 +162,18 @@
"Plus": false,
"StrengthOfFunction": 0,
"ProfileOid": null,
"ProfileUri": "",
"ProfileURI": "",
"TargetOid": null,
"TargetUri": null
"TargetURI": null
},
"FipsLevel": {
"Version": "",
"Level": 0,
"Plus": false
},
"RtmType": 0,
"RtmType": 3,
"Iso9000Certified": false,
"Iso9000Uri": ""
"Iso9000URI": ""
},
"PlatformManufacturer": "LENOVO",
"PlatformModel": "20L7002BUS",

29
attributecert/testdata/plat_cert1.cer.json vendored
View File

@ -156,24 +156,31 @@
"TBBSecurityAssertions": {
"Version": 0,
"CcInfo": {
"Version": "",
"AssuranceLevel": 0,
"EvaluationStatus": 0,
"Version": "3.1",
"AssuranceLevel": 7,
"EvaluationStatus": 2,
"Plus": false,
"StrengthOfFunction": 0,
"ProfileOid": null,
"ProfileUri": "",
"StrengthOfFunction": 1,
"ProfileOid": [
1,
2,
3,
4,
5,
6
],
"ProfileURI": "",
"TargetOid": null,
"TargetUri": null
"TargetURI": null
},
"FipsLevel": {
"Version": "",
"Level": 0,
"Version": "140-2",
"Level": 4,
"Plus": false
},
"RtmType": 0,
"RtmType": 3,
"Iso9000Certified": false,
"Iso9000Uri": ""
"Iso9000URI": "https://www.intel.com/isocertification.pdf"
},
"PlatformManufacturer": "Intel",
"PlatformModel": "S2600KP",

29
attributecert/testdata/plat_cert2.cer.json vendored
View File

@ -156,24 +156,31 @@
"TBBSecurityAssertions": {
"Version": 0,
"CcInfo": {
"Version": "",
"AssuranceLevel": 0,
"EvaluationStatus": 0,
"Version": "3.1",
"AssuranceLevel": 7,
"EvaluationStatus": 2,
"Plus": false,
"StrengthOfFunction": 0,
"ProfileOid": null,
"ProfileUri": "",
"StrengthOfFunction": 1,
"ProfileOid": [
1,
2,
3,
4,
5,
6
],
"ProfileURI": "",
"TargetOid": null,
"TargetUri": null
"TargetURI": null
},
"FipsLevel": {
"Version": "",
"Level": 0,
"Version": "140-2",
"Level": 4,
"Plus": false
},
"RtmType": 0,
"RtmType": 3,
"Iso9000Certified": false,
"Iso9000Uri": ""
"Iso9000URI": "https://www.intel.com/isocertification.pdf"
},
"PlatformManufacturer": "Intel",
"PlatformModel": "S2600KP",

29
attributecert/testdata/plat_cert3.cer.json vendored
View File

@ -134,24 +134,31 @@
"TBBSecurityAssertions": {
"Version": 0,
"CcInfo": {
"Version": "",
"AssuranceLevel": 0,
"EvaluationStatus": 0,
"Version": "3.1",
"AssuranceLevel": 7,
"EvaluationStatus": 2,
"Plus": false,
"StrengthOfFunction": 0,
"ProfileOid": null,
"ProfileUri": "",
"StrengthOfFunction": 1,
"ProfileOid": [
1,
2,
3,
4,
5,
6
],
"ProfileURI": "",
"TargetOid": null,
"TargetUri": null
"TargetURI": null
},
"FipsLevel": {
"Version": "",
"Level": 0,
"Version": "140-2",
"Level": 4,
"Plus": false
},
"RtmType": 0,
"RtmType": 3,
"Iso9000Certified": false,
"Iso9000Uri": ""
"Iso9000URI": "https://www.intel.com/isocertification.pdf"
},
"PlatformManufacturer": "Intel",
"PlatformModel": "S2600KP",