Context-specific fields in ASN.1 don't have explicit type tags in the
ASN.1 stream, so encoding/asn1 infers the tag from the type of the
struct field the stream is being unmarshalled to. By default string is
assumed to be PrintableString, which is only permitted to contain a
subset of possible characters. If a field is defined as UTF8String in
the spec then it may contain characters that are not permitted in
PrintableString, and in this case Unmarshal() will return an error. We
can avoid this by explicitly tagging any context-specific UTF8Strings.
Handle platform certificates that only provide a single property
The spec states that the PlatformProperties field of the
PlatformConfiguration attribute should be a sequence of key value pairs.
However, it seems that if there's only a single property present, it's
sometimes being stored as a bare key value pair rather than a sequence
with a single entry. Work around that.
A number of the struct definitions had broken tag definitions, which
meant some parsing was working by accident and some parsing was entirely
broken. Fixing this uncovered some additional issues (a mixture of
incorrect definitions and platform certificates that violate the spec),
so this is all cleaned up as well.
Attribute certificates are generally using RSA-SHA1 or RSA-SHA256
signatures, so include those. In addition, the CA signing restrictions
imposed for general purpose certificates don't apply here - drop that
restriction from certificate signature validation.
golint current generates complaints:
var oidTpmIdLabel should be oidTpmIDLabel
var oidTcgPlatformManufacturerIdV2 should be oidTcgPlatformManufacturerIDV2
var oidTcgPlatformConfigUri should be oidTcgPlatformConfigURI
Update names to satisfy golint.
The following commands were run to generate this change:
gopls rename -w attributecert.go:44:2 oidTpmIDLabel
gopls rename -w attributecert.go:54:2 oidTcgPlatformManufacturerIDV2
gopls rename -w attributecert.go:55:2 oidTcgPlatformConfigURI
gopls rename -w attributecert.go:163:6 authKeyID
gopls rename -w attributecert.go:164:2 ID
gopls rename -w attributecert.go:171:2 ID
gopls rename -w attributecert.go:178:2 ID
gopls rename -w attributecert.go:210:2 BaseCertificateID
gopls rename -w attributecert.go:232:2 ID
gopls rename -w attributecert.go:304:2 ID
gopls rename -w attributecert.go:309:2 ID
gopls rename -w attributecert.go:390:2 ComponentManufacturerID
sed -i 's/Uri/URI/g' attributecert.go
git clean -f
Updates #131
Platform certificates are defined as RFC5755 attribute certificates with
various additional attributes and extensions defined in the TCG Platform
Certificate Profile. Add support for parsing them, derived from
crypto/x509. Include some test certificates and verify we parse them.