forked from osmocom/wireshark
Adding dissector for OIDs used in TCG X.509 Certificates
OIDs used in Trusted Computing Group X.509 Certificate Profiles are available in https://www.trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_EK_V2.0_R14_published.pdf Example Certificates in PEM format are in Appendix A. The relevant TCG OIDs are mostly used in certificate extensions like: - subjectAltName - extKeyUsage - subjectDirectoryAttributes Change-Id: Ifd44f598bea0b32b4471dfec2fd3af74f7a9e33e Reviewed-on: https://code.wireshark.org/review/29983 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
This commit is contained in:
parent
107205c2be
commit
0bc74bb7ea
|
@ -1708,6 +1708,7 @@ set(DISSECTOR_SRC
|
|||
${CMAKE_CURRENT_SOURCE_DIR}/packet-tacacs.c
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/packet-tali.c
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/packet-tapa.c
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/packet-tcg-cp-oids.c
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/packet-tcp.c
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/packet-tcpros.c
|
||||
${CMAKE_CURRENT_SOURCE_DIR}/packet-tdmoe.c
|
||||
|
|
|
@ -113,6 +113,7 @@ set(ASN1_SRC_DIRS
|
|||
t125
|
||||
t38
|
||||
tcap
|
||||
tcg-cp-oids
|
||||
tetra
|
||||
ulp
|
||||
wlancertextn
|
||||
|
|
|
@ -0,0 +1,42 @@
|
|||
# CMakeLists.txt
|
||||
#
|
||||
# Wireshark - Network traffic analyzer
|
||||
# By Gerald Combs <gerald@wireshark.org>
|
||||
# Copyright 1998 Gerald Combs
|
||||
#
|
||||
# SPDX-License-Identifier: GPL-2.0-or-later
|
||||
#
|
||||
|
||||
set( PROTOCOL_NAME tcg-cp-oids )
|
||||
|
||||
set( PROTO_OPT )
|
||||
|
||||
set( EXPORT_FILES
|
||||
${PROTOCOL_NAME}-exp.cnf
|
||||
)
|
||||
|
||||
set( EXT_ASN_FILE_LIST
|
||||
)
|
||||
|
||||
set( ASN_FILE_LIST
|
||||
tcg-cp-oids.asn
|
||||
)
|
||||
|
||||
set( EXTRA_DIST
|
||||
${ASN_FILE_LIST}
|
||||
packet-${PROTOCOL_NAME}-template.c
|
||||
packet-${PROTOCOL_NAME}-template.h
|
||||
${PROTOCOL_NAME}.cnf
|
||||
)
|
||||
|
||||
set( SRC_FILES
|
||||
${EXTRA_DIST}
|
||||
${EXT_ASN_FILE_LIST}
|
||||
)
|
||||
|
||||
set( A2W_FLAGS -b )
|
||||
|
||||
set( EXTRA_CNF
|
||||
)
|
||||
|
||||
ASN2WRS()
|
|
@ -0,0 +1,103 @@
|
|||
/* packet-tcg-cp-oids.c
|
||||
*
|
||||
* Wireshark - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@wireshark.org>
|
||||
* Copyright 1998 Gerald Combs
|
||||
*
|
||||
* SPDX-License-Identifier: GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#include "config.h"
|
||||
|
||||
#include <epan/packet.h>
|
||||
#include <epan/oids.h>
|
||||
#include <epan/asn1.h>
|
||||
|
||||
#include "packet-tcg-cp-oids.h"
|
||||
#include "packet-ber.h"
|
||||
#include "packet-pkix1explicit.h"
|
||||
#include "packet-pkix1implicit.h"
|
||||
|
||||
#define PNAME "TCG_CP_OIDS"
|
||||
#define PSNAME "TCG_CP_OIDS"
|
||||
#define PFNAME "tcg_cp_oids"
|
||||
|
||||
void proto_register_tcg_cp_oids(void);
|
||||
void proto_reg_handoff_tcg_cp_oids(void);
|
||||
|
||||
/* Initialize the protocol and registered fields */
|
||||
static int proto_tcg_cp_oids = -1;
|
||||
#include "packet-tcg-cp-oids-hf.c"
|
||||
static int hf_tcg_cp_oids_UTF8String_PDU = -1;
|
||||
|
||||
/* Initialize the subtree pointers */
|
||||
#include "packet-tcg-cp-oids-ett.c"
|
||||
#include "packet-tcg-cp-oids-fn.c"
|
||||
|
||||
|
||||
/*--- proto_register_tcg_cp_oids ----------------------------------------------*/
|
||||
void proto_register_tcg_cp_oids(void) {
|
||||
|
||||
/* List of fields */
|
||||
static hf_register_info hf[] = {
|
||||
{ &hf_tcg_cp_oids_UTF8String_PDU,
|
||||
{ "UTF8String", "tcg-cp-oids.UTF8String",
|
||||
FT_STRING, BASE_NONE, NULL, 0,
|
||||
NULL, HFILL }},
|
||||
#include "packet-tcg-cp-oids-hfarr.c"
|
||||
};
|
||||
|
||||
/* List of subtrees */
|
||||
static gint *ett[] = {
|
||||
#include "packet-tcg-cp-oids-ettarr.c"
|
||||
};
|
||||
|
||||
/* Register protocol */
|
||||
proto_tcg_cp_oids = proto_register_protocol(PNAME, PSNAME, PFNAME);
|
||||
|
||||
/* Register fields and subtrees */
|
||||
proto_register_field_array(proto_tcg_cp_oids, hf, array_length(hf));
|
||||
proto_register_subtree_array(ett, array_length(ett));
|
||||
}
|
||||
|
||||
/* to be able to register OIDs for UTF8String */
|
||||
static int
|
||||
dissect_tcg_cp_oids_UTF8String_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
|
||||
int offset = 0;
|
||||
asn1_ctx_t actx;
|
||||
asn1_ctx_init(&actx, ASN1_ENC_BER, TRUE, pinfo);
|
||||
offset = dissect_ber_restricted_string(FALSE, BER_UNI_TAG_UTF8String, &actx, tree, tvb, offset, hf_tcg_cp_oids_UTF8String_PDU, NULL);
|
||||
return offset;
|
||||
}
|
||||
|
||||
/*--- proto_reg_handoff_tcg_cp_oids -------------------------------------------*/
|
||||
void proto_reg_handoff_tcg_cp_oids(void) {
|
||||
#include "packet-tcg-cp-oids-dis-tab.c"
|
||||
oid_add_from_string("tcg","2.23.133");
|
||||
oid_add_from_string("tcg-attribute","2.23.133.2");
|
||||
oid_add_from_string("tcg-protocol","2.23.133.3");
|
||||
oid_add_from_string("tcg-algorithm","2.23.133.4");
|
||||
oid_add_from_string("tcg-ce","2.23.133.6");
|
||||
oid_add_from_string("tcg-kp","2.23.133.8");
|
||||
/* TCG Spec Version OIDs */
|
||||
oid_add_from_string("tcg-sv-tpm12","2.23.133.1.1");
|
||||
oid_add_from_string("tcg-sv-tpm20","2.23.133.1.2");
|
||||
/* TCG Attribute OIDs */
|
||||
oid_add_from_string("tcg-at-securityQualities","2.23.133.2.10");
|
||||
/* TCG Algorithm OIDs */
|
||||
oid_add_from_string("tcg-algorithm-null","2.23.133.4.1");
|
||||
/* TCG Key Purposes OIDs */
|
||||
oid_add_from_string("tcg-kp-EKCertificate","2.23.133.8.1");
|
||||
oid_add_from_string("tcg-kp-PlatformCertificate","2.23.133.8.2");
|
||||
oid_add_from_string("tcg-kp-AIKCertificate","2.23.133.8.3");
|
||||
/* TCG Protocol OIDs */
|
||||
oid_add_from_string("tcg-prt-tpmIdProtocol","2.23.133.3.1");
|
||||
|
||||
register_ber_oid_dissector("2.23.133.2.1", dissect_tcg_cp_oids_UTF8String_PDU, proto_tcg_cp_oids, "tcg-at-tpmManufacturer");
|
||||
register_ber_oid_dissector("2.23.133.2.2", dissect_tcg_cp_oids_UTF8String_PDU, proto_tcg_cp_oids, "tcg-at-tpmModel");
|
||||
register_ber_oid_dissector("2.23.133.2.3", dissect_tcg_cp_oids_UTF8String_PDU, proto_tcg_cp_oids, "tcg-at-tpmVersion");
|
||||
register_ber_oid_dissector("2.23.133.2.4", dissect_tcg_cp_oids_UTF8String_PDU, proto_tcg_cp_oids, "tcg-at-platformManufacturer");
|
||||
register_ber_oid_dissector("2.23.133.2.5", dissect_tcg_cp_oids_UTF8String_PDU, proto_tcg_cp_oids, "tcg-at-platformModel");
|
||||
register_ber_oid_dissector("2.23.133.2.6", dissect_tcg_cp_oids_UTF8String_PDU, proto_tcg_cp_oids, "tcg-at-platformVersion");
|
||||
register_ber_oid_dissector("2.23.133.2.15", dissect_tcg_cp_oids_UTF8String_PDU, proto_tcg_cp_oids, "tcg-at-tpmIdLabel");
|
||||
}
|
|
@ -0,0 +1,16 @@
|
|||
/* packet-tcg-cp-oids.h
|
||||
* Routines for TCG Certificate Profile OIDs
|
||||
*
|
||||
* Wireshark - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@wireshark.org>
|
||||
* Copyright 1998 Gerald Combs
|
||||
*
|
||||
* SPDX-License-Identifier: GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#ifndef PACKET_TCG_CP_OIDS_H
|
||||
#define PACKET_TCG_CP_OIDS_H
|
||||
|
||||
#include "packet-tcg-cp-oids-exp.h"
|
||||
|
||||
#endif /* PACKET_TCG_CP_OIDS_H */
|
|
@ -0,0 +1,294 @@
|
|||
--
|
||||
-- ASN.1 extracted from
|
||||
-- TCG EK Credential Profile
|
||||
-- For TPM Family 2.0; Level 0
|
||||
-- Specification Version 2.0
|
||||
-- Revision 14
|
||||
-- 4 November 2014
|
||||
-- https://www.trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_EK_V2.0_R14_published.pdf
|
||||
-- on 2018-10-02, and heavily polished + bug fixed for asn2wrs
|
||||
|
||||
TCG DEFINITIONS::=
|
||||
|
||||
BEGIN
|
||||
|
||||
IMPORTS
|
||||
|
||||
-- Additional IMPORT for Wireshark
|
||||
AlgorithmIdentifier
|
||||
FROM PKIX1Explicit88 {iso(1) identified-organization(3)
|
||||
dod(6) internet(1) security(5) mechanisms(5) pkix(7)
|
||||
id-mod(0) id-pkix1-explicit-88(1)};
|
||||
|
||||
-- TCG specific OIDs
|
||||
-- tcg OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) international-organizations(23) tcg(133) }
|
||||
-- tcg-tcpaSpecVersion OBJECT IDENTIFIER ::= {tcg 1}
|
||||
-- tcg-attribute OBJECT IDENTIFIER ::= {tcg 2}
|
||||
-- tcg-protocol OBJECT IDENTIFIER ::= {tcg 3}
|
||||
-- tcg-algorithm OBJECT IDENTIFIER ::= {tcg 4}
|
||||
-- tcg-ce OBJECT IDENTIFIER ::= {tcg 6}
|
||||
-- tcg-kp OBJECT IDENTIFIER ::= {tcg 8}
|
||||
-- TCG Spec Version OIDs
|
||||
-- tcg-sv-tpm12 OBJECT IDENTIFIER ::= { tcg-tcpaSpecVersion 1}
|
||||
-- tcg-sv-tpm20 OBJECT IDENTIFIER ::= { tcg-tcpaSpecVersion 2}
|
||||
-- TCG Attribute OIDs
|
||||
-- tcg-at-tpmManufacturer OBJECT IDENTIFIER ::= {tcg-attribute 1}
|
||||
-- tcg-at-tpmModel OBJECT IDENTIFIER ::= {tcg-attribute 2}
|
||||
-- tcg-at-tpmVersion OBJECT IDENTIFIER ::= {tcg-attribute 3}
|
||||
-- tcg-at-platformManufacturer OBJECT IDENTIFIER ::= {tcg-attribute 4}
|
||||
-- tcg-at-platformModel OBJECT IDENTIFIER ::= {tcg-attribute 5}
|
||||
-- tcg-at-platformVersion OBJECT IDENTIFIER ::= {tcg-attribute 6}
|
||||
-- tcg-at-securityQualities OBJECT IDENTIFIER ::= {tcg-attribute 10}
|
||||
-- tcg-at-tpmProtectionProfile OBJECT IDENTIFIER ::= {tcg-attribute 11}
|
||||
-- tcg-at-tpmSecurityTarget OBJECT IDENTIFIER ::= {tcg-attribute 12}
|
||||
-- tcg-at-tbbProtectionProfile OBJECT IDENTIFIER ::= {tcg-attribute 13}
|
||||
-- tcg-at-tbbSecurityTarget OBJECT IDENTIFIER ::= {tcg-attribute 14}
|
||||
-- tcg-at-tpmIdLabel OBJECT IDENTIFIER ::= {tcg-attribute 15}
|
||||
-- tcg-at-tpmSpecification OBJECT IDENTIFIER ::= {tcg-attribute 16}
|
||||
-- tcg-at-tcgPlatformSpecification OBJECT IDENTIFIER ::= {tcg-attribute 17}
|
||||
-- tcg-at-tpmSecurityAssertions OBJECT IDENTIFIER ::= {tcg-attribute 18}
|
||||
-- tcg-at-tbbSecurityAssertions OBJECT IDENTIFIER ::= {tcg-attribute 19}
|
||||
-- TCG Algorithm OIDs
|
||||
-- tcg-algorithm-null OBJECT IDENTIFIER ::= {tcg-algorithm 1}
|
||||
-- TCG Key Purposes OIDs
|
||||
-- tcg-kp-EKCertificate OBJECT IDENTIFIER ::= {tcg-kp 1}
|
||||
-- tcg-kp-PlatformCertificate OBJECT IDENTIFIER ::= {tcg-kp 2}
|
||||
-- tcg-kp-AIKCertificate OBJECT IDENTIFIER ::= {tcg-kp 3}
|
||||
-- TCG Certificate Extensions
|
||||
-- tcg-ce-relevantCredentials OBJECT IDENTIFIER ::= {tcg-ce 2}
|
||||
-- tcg-ce-relevantManifests OBJECT IDENTIFIER ::= {tcg-ce 3}
|
||||
-- tcg-ce-virtualPlatformAttestationService OBJECT IDENTIFIER ::= {tcg-ce 4}
|
||||
-- tcg-ce-migrationControllerAttestationService OBJECT IDENTIFIER ::= {tcg-ce 5}
|
||||
-- tcg-ce-migrationControllerRegistrationService OBJECT IDENTIFIER ::= {tcg-ce 6}
|
||||
-- tcg-ce-virtualPlatformBackupService OBJECT IDENTIFIER ::= {tcg-ce 7}
|
||||
-- TCG Protocol OIDs
|
||||
-- tcg-prt-tpmIdProtocol OBJECT IDENTIFIER ::= {tcg-protocol 1}
|
||||
-- tcg specification attributes for tpm and platform
|
||||
|
||||
-- tPMSpecification ATTRIBUTE ::= {
|
||||
-- WITH SYNTAX TPMSpecification
|
||||
-- ID tcg-at-tpmSpecification }
|
||||
|
||||
TPMSpecification ::= SEQUENCE {
|
||||
family UTF8String, -- (SIZE (1..STRMAX)),
|
||||
level INTEGER,
|
||||
revision INTEGER }
|
||||
|
||||
-- tCGPlatformSpecification ATTRIBUTE ::= {
|
||||
-- WITH SYNTAX TCGPlatformSpecification
|
||||
-- ID tcg-at-tcgPlatformSpecification }
|
||||
|
||||
TCGSpecificationVersion ::= SEQUENCE {
|
||||
majorVersion INTEGER,
|
||||
minorVersion INTEGER,
|
||||
revision INTEGER }
|
||||
|
||||
TCGPlatformSpecification ::= SEQUENCE {
|
||||
version TCGSpecificationVersion,
|
||||
platformClass OCTET STRING } -- SIZE(4) }
|
||||
|
||||
-- tcpa tpm specification attribute (deprecated)
|
||||
-- tCPASpecVersion ATTRIBUTE ::= {
|
||||
-- WITH SYNTAX TCPASpecVersion
|
||||
-- ID tcg-tcpaSpecVersion }
|
||||
|
||||
TCPASpecVersion ::= SEQUENCE {
|
||||
major INTEGER,
|
||||
minor INTEGER }
|
||||
|
||||
-- manufacturer implementation model and version attributes
|
||||
-- TPMManufacturer ATTRIBUTE ::= {
|
||||
-- WITH SYNTAX UTF8String (SIZE (1..STRMAX))
|
||||
-- ID tcg-at-tpmManufacturer }
|
||||
-- TPMModel ATTRIBUTE ::= {
|
||||
-- WITH SYNTAX UTF8String (SIZE (1..STRMAX))
|
||||
-- ID tcg-at-tpmModel }
|
||||
-- TPMVersion ATTRIBUTE ::= {
|
||||
-- WITH SYNTAX UTF8String (SIZE (1..STRMAX))
|
||||
-- ID tcg-at-tpmVersion }
|
||||
-- PlatformManufacturer ATTRIBUTE ::= {
|
||||
-- WITH SYNTAX UTF8String (SIZE (1..STRMAX))
|
||||
-- ID tcg-at-platformManufacturer }
|
||||
-- PlatformModel ATTRIBUTE ::= {
|
||||
-- WITH SYNTAX UTF8String (SIZE (1..STRMAX))
|
||||
-- ID tcg-at-platformModel }
|
||||
-- PlatformVersion ATTRIBUTE ::= {
|
||||
-- WITH SYNTAX UTF8String (SIZE (1..STRMAX))
|
||||
-- ID tcg-at-platformVersion }
|
||||
-- tpm and platform tbb security assertions
|
||||
|
||||
-- TODO: Wireshark dissection of version could be added
|
||||
Version ::= INTEGER -- { v1(0) }
|
||||
|
||||
-- tPMSecurityAssertions ATTRIBUTE ::= {
|
||||
-- WITH SYNTAX TPMSecurityAssertions
|
||||
-- ID tcg—at-tpmSecurityAssertions
|
||||
-- }
|
||||
|
||||
TPMSecurityAssertions ::= SEQUENCE {
|
||||
version Version DEFAULT v1,
|
||||
fieldUpgradable BOOLEAN DEFAULT FALSE,
|
||||
ekGenerationType [0] IMPLICIT EKGenerationType OPTIONAL,
|
||||
ekGenerationLocation [1] IMPLICIT EKGenerationLocation OPTIONAL,
|
||||
ekCertificateGenerationLocation [2] IMPLICIT
|
||||
EKCertificateGenerationLocation OPTIONAL,
|
||||
ccInfo [3] IMPLICIT CommonCriteriaMeasures OPTIONAL,
|
||||
fipsLevel [4] IMPLICIT FIPSLevel OPTIONAL,
|
||||
iso9000Certified [5] IMPLICIT BOOLEAN DEFAULT FALSE,
|
||||
iso9000Uri IA5String OPTIONAL } -- (SIZE (1..URIMAX)) OPTIONAL }
|
||||
|
||||
-- tBBSecurityAssertions ATTRIBUTE ::= {
|
||||
-- WITH SYNTAX TBBSecurityAssertions
|
||||
-- ID tcg—at-tbbSecurityAssertions }
|
||||
|
||||
TBBSecurityAssertions ::= SEQUENCE {
|
||||
version Version DEFAULT v1,
|
||||
ccInfo [0] IMPLICIT CommonCriteriaMeasures OPTIONAL,
|
||||
fipsLevel [1] IMPLICIT FIPSLevel OPTIONAL,
|
||||
rtmType [2] IMPLICIT MeasurementRootType OPTIONAL,
|
||||
iso9000Certified BOOLEAN DEFAULT FALSE,
|
||||
iso9000Uri IA5String OPTIONAL } -- (SIZE (1..URIMAX)) OPTIONAL }
|
||||
|
||||
EKGenerationType ::= ENUMERATED {
|
||||
internal (0),
|
||||
injected (1),
|
||||
internalRevocable(2),
|
||||
injectedRevocable(3) }
|
||||
|
||||
EKGenerationLocation ::= ENUMERATED {
|
||||
tpmManufacturer (0),
|
||||
platformManufacturer (1),
|
||||
ekCertSigner (2) }
|
||||
|
||||
EKCertificateGenerationLocation ::= ENUMERATED {
|
||||
tpmManufacturer (0),
|
||||
platformManufacturer (1),
|
||||
ekCertSigner (2) }
|
||||
|
||||
-- V1.1 of this specification adds hybrid and physical.
|
||||
-- Hybrid means the measurement root is capable of static AND dynamic
|
||||
-- Physical means that the root is anchored by a physical TPM
|
||||
-- Virtual means the TPM is virtualized (possibly running in a VMM)
|
||||
-- TPMs or RTMs might leverage other lower layer RTMs to virtualize the
|
||||
-- the capabilities of the platform.
|
||||
|
||||
MeasurementRootType ::= ENUMERATED {
|
||||
static (0),
|
||||
dynamic (1),
|
||||
nonHost (2),
|
||||
hybrid (3),
|
||||
physical (4),
|
||||
virtual (5) }
|
||||
|
||||
-- common criteria evaluation
|
||||
CommonCriteriaMeasures ::= SEQUENCE {
|
||||
version IA5String, -- (SIZE (1..STRMAX)), “2.2” or “3.1”; future syntax defined by CC
|
||||
assurancelevel EvaluationAssuranceLevel,
|
||||
evaluationStatus EvaluationStatus,
|
||||
plus BOOLEAN DEFAULT FALSE,
|
||||
strengthOfFunction [0] IMPLICIT StrengthOfFunction OPTIONAL,
|
||||
profileOid [1] IMPLICIT OBJECT IDENTIFIER OPTIONAL,
|
||||
profileUri [2] IMPLICIT URIReference OPTIONAL,
|
||||
targetOid [3] IMPLICIT OBJECT IDENTIFIER OPTIONAL,
|
||||
targetUri [4] IMPLICIT URIReference OPTIONAL }
|
||||
|
||||
EvaluationAssuranceLevel ::= ENUMERATED {
|
||||
levell (1),
|
||||
level2 (2),
|
||||
level3 (3),
|
||||
level4 (4),
|
||||
level5 (5),
|
||||
level6 (6),
|
||||
level7 (7) }
|
||||
|
||||
StrengthOfFunction ::= ENUMERATED {
|
||||
basic (0),
|
||||
medium (1),
|
||||
high (2) }
|
||||
|
||||
URIReference ::= SEQUENCE {
|
||||
uniformResourceIdentifier IA5String, -- (SIZE (1..URIMAX)),
|
||||
hashAlgorithm AlgorithmIdentifier OPTIONAL,
|
||||
hashValue BIT STRING OPTIONAL }
|
||||
|
||||
EvaluationStatus ::= ENUMERATED {
|
||||
designedToMeet (0),
|
||||
evaluationInProgress (1),
|
||||
evaluationCompleted (2) }
|
||||
-- fips evaluation
|
||||
|
||||
FIPSLevel ::= SEQUENCE {
|
||||
version IA5String, -- (SIZE (1..STRMAX)), “140-1” or “140-2”
|
||||
level SecurityLevel,
|
||||
plus BOOLEAN DEFAULT FALSE }
|
||||
|
||||
SecurityLevel ::= ENUMERATED {
|
||||
level1 (1),
|
||||
level2 (2),
|
||||
level3 (3),
|
||||
level4 (4) }
|
||||
|
||||
-- aik certificate label from tpm owner
|
||||
--TPMIdLabel OTHER-NAME ::= {UTF8String IDENTIFIED BY {tcg-at-tpmIdLabel} }
|
||||
-- the following are deprecated but may be present for compatibility with TCPA
|
||||
|
||||
-- TPMProtectionProfile ATTRIBUTE ::= {
|
||||
-- WITH SYNTAX ProtectionProfile
|
||||
-- ID tcg-at-tpmProtectionProfile }
|
||||
-- TPMSecurityTarget ATTRIBUTE ::= {
|
||||
-- WITH SYNTAX SecurityTarget
|
||||
-- ID tcg-at-tpmSecurityTarget }
|
||||
--
|
||||
-- TBBProtectionProfile ATTRIBUTE ::= {
|
||||
-- WITH SYNTAX ProtectionProfile
|
||||
-- ID tcg-at-tbbProtectionProfile }
|
||||
-- TBBSecurityTarget ATTRIBUTE ::= {
|
||||
-- WITH SYNTAX SecurityTarget
|
||||
-- ID tcg-at-tbbSecurityTarget }
|
||||
|
||||
ProtectionProfile ::= OBJECT IDENTIFIER
|
||||
|
||||
SecurityTarget ::= OBJECT IDENTIFIER
|
||||
|
||||
-- V1.1 addition for enabling references to other credentials or
|
||||
-- XML-based Reference Manifests. These data objects are included
|
||||
-- in X.509 extensions using the new tcg-ce-[relevantCredentials,
|
||||
-- relevantManifests] OIDs.
|
||||
|
||||
HashAlgAndValue ::= SEQUENCE {
|
||||
hashAlg AlgorithmIdentifier,
|
||||
hashValue OCTET STRING }
|
||||
|
||||
HashedSubjectInfoURI ::= SEQUENCE {
|
||||
documentURI IA5String, -- (SIZE (1..URIMAX)),
|
||||
documentAccessInfo OBJECT IDENTIFIER OPTIONAL,
|
||||
documentHashInfo HashAlgAndValue OPTIONAL }
|
||||
|
||||
-- Use of SubjectInfoURIList is not specified anywhere, therefore commented out for Wireshark in cnf file
|
||||
SubjectInfoURIList ::=
|
||||
SEQUENCE -- SIZE (1..REFMAX) -- OF HashedSubjectInfoURI
|
||||
|
||||
TCGRelevantCredentials::=
|
||||
SEQUENCE -- SIZE (1..REFMAX) -- OF HashedSubjectInfoURI
|
||||
|
||||
TCGRelevantManifests::=
|
||||
SEQUENCE -- SIZE (1..REFMAX) -- OF HashedSubjectInfoURI
|
||||
|
||||
-- V1.2 addition of virtualization oriented credential extensions.
|
||||
-- This extension indicates how a remote challenger can contact the (deep) attestation service below the current credential holder in order to attest the layer below.
|
||||
-- Using this model allows the credential of each virtualization layer to reference the attestation service for the layer below it.
|
||||
-- A remote challenger could traverse the layer hierarchy using this extension until reaching the physical trusted platform rooted attestation.
|
||||
-- The following URI is optionally included in a certificate for a virtual machine associated with the tcg-ce-virtualPlatformAttestationService extension OID.
|
||||
-- These URI are associated with the tcg-ce-[virtualPlatformAttestationService,
|
||||
-- migrationControllerAttestationService, migrationControllerRegistrationService, virtualPlatformBackupService] OIDs respectively:
|
||||
VirtualPlatformAttestationServiceURI ::= IA5String -- (SIZE (1..URIMAX)
|
||||
|
||||
MigrationControllerAttestationServiceURI ::= IA5String -- (SIZE (1..URIMAX)
|
||||
|
||||
MigrationControllerRegistrationServiceURI ::= IA5String -- (SIZE (1..URIMAX)
|
||||
|
||||
VirtualPlatformBackupServiceURI ::= SEQUENCE {
|
||||
restoreAllowed BOOLEAN DEFAULT FALSE,
|
||||
backupServiceURI IA5String }
|
||||
|
||||
END
|
|
@ -0,0 +1,62 @@
|
|||
# tcg-cp-OID.cnf
|
||||
# Trusted Computing Group Certificate Profile OIDs conformation file
|
||||
|
||||
#.MODULE_IMPORT
|
||||
PKIX1Explicit88 pkix1explicit
|
||||
#.INCLUDE ../pkix1explicit/pkix1explicit_exp.cnf
|
||||
|
||||
|
||||
#.OMIT_ASSIGNMENT
|
||||
SubjectInfoURIList
|
||||
#.END
|
||||
|
||||
#.EXPORTS
|
||||
|
||||
#.REGISTER
|
||||
|
||||
TCPASpecVersion B "2.23.133.1" "tcg-tcpaSpecVersion"
|
||||
|
||||
ProtectionProfile B "2.23.133.2.11" "tcg-at-tpmProtectionProfile"
|
||||
SecurityTarget B "2.23.133.2.12" "tcg-at-tpmSecurityTarget"
|
||||
ProtectionProfile B "2.23.133.2.13" "tcg-at-tbbProtectionProfile"
|
||||
SecurityTarget B "2.23.133.2.14" "tcg-at-tbbSecurityTarget"
|
||||
TPMSpecification B "2.23.133.2.16" "tcg-at-tpmSpecification"
|
||||
TCGPlatformSpecification B "2.23.133.2.17" "tcg-at-tcgPlatformSpecification"
|
||||
TPMSecurityAssertions B "2.23.133.2.18" "tcg-at-tpmSecurityAssertions"
|
||||
TBBSecurityAssertions B "2.23.133.2.19" "tcg-at-tbbSecurityAssertions"
|
||||
|
||||
# TCG Certificate Extensions
|
||||
# this is a guess for SubjectInfoURIList, whose use is not specified anywhere
|
||||
#SubjectInfoURIList B "2.23.133.6.1" "tcg-ce-subjectInfoURIList"
|
||||
TCGRelevantCredentials B "2.23.133.6.2" "tcg-ce-relevantCredentials"
|
||||
TCGRelevantManifests B "2.23.133.6.3" "tcg-ce-relevantManifests"
|
||||
|
||||
VirtualPlatformAttestationServiceURI B "2.23.133.6.4" "tcg-ce-virtualPlatformAttestationService"
|
||||
MigrationControllerAttestationServiceURI B "2.23.133.6.5" "tcg-ce-migrationControllerAttestationService"
|
||||
MigrationControllerRegistrationServiceURI B "2.23.133.6.6" "tcg-ce-migrationControllerRegistrationService"
|
||||
VirtualPlatformBackupServiceURI B "2.23.133.6.7" "tcg-ce-virtualPlatformBackupService"
|
||||
|
||||
#.NO_EMIT
|
||||
|
||||
#.TYPE_RENAME
|
||||
|
||||
#.FIELD_RENAME
|
||||
HashAlgAndValue/hashValue hash_alg_and_value_hashvalue
|
||||
URIReference/hashValue uri_reference_hashvalue
|
||||
|
||||
TPMSpecification/level tpm_specification_level
|
||||
FIPSLevel/level fips_security_level
|
||||
|
||||
TPMSecurityAssertions/version security_assertions_version
|
||||
TBBSecurityAssertions/version security_assertions_version
|
||||
|
||||
TCGPlatformSpecification/version tcg_specification_vesion
|
||||
|
||||
CommonCriteriaMeasures/version cc_measures_version_string
|
||||
FIPSLevel/version fips_level_version_string
|
||||
|
||||
|
||||
|
||||
#.END
|
||||
|
||||
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,29 @@
|
|||
/* Do not modify this file. Changes will be overwritten. */
|
||||
/* Generated automatically by the ASN.1 to Wireshark dissector compiler */
|
||||
/* packet-tcg-cp-oids.h */
|
||||
/* asn2wrs.py -b -p tcg-cp-oids -c ./tcg-cp-oids.cnf -s ./packet-tcg-cp-oids-template -D . -O ../.. tcg-cp-oids.asn */
|
||||
|
||||
/* Input file: packet-tcg-cp-oids-template.h */
|
||||
|
||||
#line 1 "./asn1/tcg-cp-oids/packet-tcg-cp-oids-template.h"
|
||||
/* packet-tcg-cp-oids.h
|
||||
* Routines for TCG Certificate Profile OIDs
|
||||
*
|
||||
* Wireshark - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@wireshark.org>
|
||||
* Copyright 1998 Gerald Combs
|
||||
*
|
||||
* SPDX-License-Identifier: GPL-2.0-or-later
|
||||
*/
|
||||
|
||||
#ifndef PACKET_TCG_CP_OIDS_H
|
||||
#define PACKET_TCG_CP_OIDS_H
|
||||
|
||||
|
||||
/*--- Included file: packet-tcg-cp-oids-exp.h ---*/
|
||||
#line 1 "./asn1/tcg-cp-oids/packet-tcg-cp-oids-exp.h"
|
||||
|
||||
/*--- End of included file: packet-tcg-cp-oids-exp.h ---*/
|
||||
#line 15 "./asn1/tcg-cp-oids/packet-tcg-cp-oids-template.h"
|
||||
|
||||
#endif /* PACKET_TCG_CP_OIDS_H */
|
Loading…
Reference in New Issue