Adding dissector for OIDs used in TCG X.509 Certificates

OIDs used in Trusted Computing Group X.509 Certificate Profiles are available in https://www.trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_EK_V2.0_R14_published.pdf Example Certificates in PEM format are in Appendix A. The relevant TCG OIDs are mostly used in certificate extensions like: - subjectAltName - extKeyUsage - subjectDirectoryAttributes Change-Id: Ifd44f598bea0b32b4471dfec2fd3af74f7a9e33e Reviewed-on: https://code.wireshark.org/review/29983 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
2018-10-02 17:03:08 +03:00 · 2018-10-02 17:03:08 +03:00 · 0bc74bb7ea
parent 107205c2be
commit 0bc74bb7ea
9 changed files with 1608 additions and 0 deletions
--- a/epan/dissectors/CMakeLists.txt
+++ b/epan/dissectors/CMakeLists.txt
@ -1708,6 +1708,7 @@ set(DISSECTOR_SRC
 	${CMAKE_CURRENT_SOURCE_DIR}/packet-tacacs.c
 	${CMAKE_CURRENT_SOURCE_DIR}/packet-tali.c
 	${CMAKE_CURRENT_SOURCE_DIR}/packet-tapa.c
+	${CMAKE_CURRENT_SOURCE_DIR}/packet-tcg-cp-oids.c
 	${CMAKE_CURRENT_SOURCE_DIR}/packet-tcp.c
 	${CMAKE_CURRENT_SOURCE_DIR}/packet-tcpros.c
 	${CMAKE_CURRENT_SOURCE_DIR}/packet-tdmoe.c
--- a/epan/dissectors/asn1/CMakeLists.txt
+++ b/epan/dissectors/asn1/CMakeLists.txt
@ -113,6 +113,7 @@ set(ASN1_SRC_DIRS
 	t125
 	t38
 	tcap
+	tcg-cp-oids
 	tetra
 	ulp
 	wlancertextn
--- a/epan/dissectors/asn1/tcg-cp-oids/CMakeLists.txt
+++ b/epan/dissectors/asn1/tcg-cp-oids/CMakeLists.txt
@ -0,0 +1,42 @@
+# CMakeLists.txt
+#
+# Wireshark - Network traffic analyzer
+# By Gerald Combs <gerald@wireshark.org>
+# Copyright 1998 Gerald Combs
+#
+# SPDX-License-Identifier: GPL-2.0-or-later
+#
+
+set( PROTOCOL_NAME tcg-cp-oids )
+
+set( PROTO_OPT )
+
+set( EXPORT_FILES
+	${PROTOCOL_NAME}-exp.cnf
+)
+
+set( EXT_ASN_FILE_LIST
+)
+
+set( ASN_FILE_LIST
+	tcg-cp-oids.asn
+)
+
+set( EXTRA_DIST
+	${ASN_FILE_LIST}
+	packet-${PROTOCOL_NAME}-template.c
+	packet-${PROTOCOL_NAME}-template.h
+	${PROTOCOL_NAME}.cnf
+)
+
+set( SRC_FILES
+	${EXTRA_DIST}
+	${EXT_ASN_FILE_LIST}
+)
+
+set( A2W_FLAGS -b )
+
+set( EXTRA_CNF
+)
+
+ASN2WRS()
--- a/epan/dissectors/asn1/tcg-cp-oids/packet-tcg-cp-oids-template.c
+++ b/epan/dissectors/asn1/tcg-cp-oids/packet-tcg-cp-oids-template.c
@ -0,0 +1,103 @@
+/* packet-tcg-cp-oids.c
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "config.h"
+
+#include <epan/packet.h>
+#include <epan/oids.h>
+#include <epan/asn1.h>
+
+#include "packet-tcg-cp-oids.h"
+#include "packet-ber.h"
+#include "packet-pkix1explicit.h"
+#include "packet-pkix1implicit.h"
+
+#define PNAME  "TCG_CP_OIDS"
+#define PSNAME "TCG_CP_OIDS"
+#define PFNAME "tcg_cp_oids"
+
+void proto_register_tcg_cp_oids(void);
+void proto_reg_handoff_tcg_cp_oids(void);
+
+/* Initialize the protocol and registered fields */
+static int proto_tcg_cp_oids = -1;
+#include "packet-tcg-cp-oids-hf.c"
+static int hf_tcg_cp_oids_UTF8String_PDU = -1;
+
+/* Initialize the subtree pointers */
+#include "packet-tcg-cp-oids-ett.c"
+#include "packet-tcg-cp-oids-fn.c"
+
+
+/*--- proto_register_tcg_cp_oids ----------------------------------------------*/
+void proto_register_tcg_cp_oids(void) {
+
+  /* List of fields */
+  static hf_register_info hf[] = {
+    { &hf_tcg_cp_oids_UTF8String_PDU,
+      { "UTF8String", "tcg-cp-oids.UTF8String",
+        FT_STRING, BASE_NONE, NULL, 0,
+        NULL, HFILL }},
+#include "packet-tcg-cp-oids-hfarr.c"
+  };
+
+  /* List of subtrees */
+  static gint *ett[] = {
+#include "packet-tcg-cp-oids-ettarr.c"
+  };
+
+  /* Register protocol */
+  proto_tcg_cp_oids = proto_register_protocol(PNAME, PSNAME, PFNAME);
+
+  /* Register fields and subtrees */
+  proto_register_field_array(proto_tcg_cp_oids, hf, array_length(hf));
+  proto_register_subtree_array(ett, array_length(ett));
+}
+
+/* to be able to register OIDs for UTF8String */
+static int
+dissect_tcg_cp_oids_UTF8String_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
+    int offset = 0;
+    asn1_ctx_t actx;
+    asn1_ctx_init(&actx, ASN1_ENC_BER, TRUE, pinfo);
+    offset = dissect_ber_restricted_string(FALSE, BER_UNI_TAG_UTF8String, &actx, tree, tvb, offset, hf_tcg_cp_oids_UTF8String_PDU, NULL);
+    return offset;
+}
+
+/*--- proto_reg_handoff_tcg_cp_oids -------------------------------------------*/
+void proto_reg_handoff_tcg_cp_oids(void) {
+#include "packet-tcg-cp-oids-dis-tab.c"
+  oid_add_from_string("tcg","2.23.133");
+  oid_add_from_string("tcg-attribute","2.23.133.2");
+  oid_add_from_string("tcg-protocol","2.23.133.3");
+  oid_add_from_string("tcg-algorithm","2.23.133.4");
+  oid_add_from_string("tcg-ce","2.23.133.6");
+  oid_add_from_string("tcg-kp","2.23.133.8");
+  /* TCG Spec Version OIDs */
+  oid_add_from_string("tcg-sv-tpm12","2.23.133.1.1");
+  oid_add_from_string("tcg-sv-tpm20","2.23.133.1.2");
+  /* TCG Attribute OIDs */
+  oid_add_from_string("tcg-at-securityQualities","2.23.133.2.10");
+  /* TCG Algorithm OIDs */
+  oid_add_from_string("tcg-algorithm-null","2.23.133.4.1");
+  /* TCG Key Purposes OIDs */
+  oid_add_from_string("tcg-kp-EKCertificate","2.23.133.8.1");
+  oid_add_from_string("tcg-kp-PlatformCertificate","2.23.133.8.2");
+  oid_add_from_string("tcg-kp-AIKCertificate","2.23.133.8.3");
+  /* TCG Protocol OIDs */
+  oid_add_from_string("tcg-prt-tpmIdProtocol","2.23.133.3.1");
+
+  register_ber_oid_dissector("2.23.133.2.1", dissect_tcg_cp_oids_UTF8String_PDU, proto_tcg_cp_oids, "tcg-at-tpmManufacturer");
+  register_ber_oid_dissector("2.23.133.2.2", dissect_tcg_cp_oids_UTF8String_PDU, proto_tcg_cp_oids, "tcg-at-tpmModel");
+  register_ber_oid_dissector("2.23.133.2.3", dissect_tcg_cp_oids_UTF8String_PDU, proto_tcg_cp_oids, "tcg-at-tpmVersion");
+  register_ber_oid_dissector("2.23.133.2.4", dissect_tcg_cp_oids_UTF8String_PDU, proto_tcg_cp_oids, "tcg-at-platformManufacturer");
+  register_ber_oid_dissector("2.23.133.2.5", dissect_tcg_cp_oids_UTF8String_PDU, proto_tcg_cp_oids, "tcg-at-platformModel");
+  register_ber_oid_dissector("2.23.133.2.6", dissect_tcg_cp_oids_UTF8String_PDU, proto_tcg_cp_oids, "tcg-at-platformVersion");
+  register_ber_oid_dissector("2.23.133.2.15", dissect_tcg_cp_oids_UTF8String_PDU, proto_tcg_cp_oids, "tcg-at-tpmIdLabel");
+}
--- a/epan/dissectors/asn1/tcg-cp-oids/packet-tcg-cp-oids-template.h
+++ b/epan/dissectors/asn1/tcg-cp-oids/packet-tcg-cp-oids-template.h
@ -0,0 +1,16 @@
+/* packet-tcg-cp-oids.h
+ * Routines for TCG Certificate Profile OIDs
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#ifndef PACKET_TCG_CP_OIDS_H
+#define PACKET_TCG_CP_OIDS_H
+
+#include "packet-tcg-cp-oids-exp.h"
+
+#endif  /* PACKET_TCG_CP_OIDS_H */
--- a/epan/dissectors/asn1/tcg-cp-oids/tcg-cp-oids.asn
+++ b/epan/dissectors/asn1/tcg-cp-oids/tcg-cp-oids.asn
@ -0,0 +1,294 @@
+--
+-- ASN.1 extracted from
+--   TCG EK Credential Profile
+--   For TPM Family 2.0; Level 0
+--   Specification Version 2.0
+--   Revision 14
+--   4 November 2014
+--   https://www.trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_EK_V2.0_R14_published.pdf
+-- on 2018-10-02, and heavily polished + bug fixed for asn2wrs
+
+TCG DEFINITIONS::=
+
+BEGIN
+
+IMPORTS
+
+-- Additional IMPORT for Wireshark
+   AlgorithmIdentifier
+        FROM PKIX1Explicit88 {iso(1) identified-organization(3)
+        dod(6) internet(1) security(5) mechanisms(5) pkix(7)
+        id-mod(0) id-pkix1-explicit-88(1)};
+
+-- TCG specific OIDs
+-- tcg OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) international-organizations(23) tcg(133) }
+-- tcg-tcpaSpecVersion OBJECT IDENTIFIER ::= {tcg 1}
+-- tcg-attribute OBJECT IDENTIFIER ::= {tcg 2}
+-- tcg-protocol OBJECT IDENTIFIER ::= {tcg 3}
+-- tcg-algorithm OBJECT IDENTIFIER ::= {tcg 4}
+-- tcg-ce OBJECT IDENTIFIER ::= {tcg 6}
+-- tcg-kp OBJECT IDENTIFIER ::= {tcg 8}
+-- TCG Spec Version OIDs
+-- tcg-sv-tpm12 OBJECT IDENTIFIER ::= { tcg-tcpaSpecVersion 1}
+-- tcg-sv-tpm20 OBJECT IDENTIFIER ::= { tcg-tcpaSpecVersion 2}
+-- TCG Attribute OIDs
+-- tcg-at-tpmManufacturer OBJECT IDENTIFIER ::= {tcg-attribute 1}
+-- tcg-at-tpmModel OBJECT IDENTIFIER ::= {tcg-attribute 2}
+-- tcg-at-tpmVersion OBJECT IDENTIFIER ::= {tcg-attribute 3}
+-- tcg-at-platformManufacturer OBJECT IDENTIFIER ::= {tcg-attribute 4}
+-- tcg-at-platformModel OBJECT IDENTIFIER ::= {tcg-attribute 5}
+-- tcg-at-platformVersion OBJECT IDENTIFIER ::= {tcg-attribute 6}
+-- tcg-at-securityQualities OBJECT IDENTIFIER ::= {tcg-attribute 10}
+-- tcg-at-tpmProtectionProfile OBJECT IDENTIFIER ::= {tcg-attribute 11}
+-- tcg-at-tpmSecurityTarget OBJECT IDENTIFIER ::= {tcg-attribute 12}
+-- tcg-at-tbbProtectionProfile OBJECT IDENTIFIER ::= {tcg-attribute 13}
+-- tcg-at-tbbSecurityTarget OBJECT IDENTIFIER ::= {tcg-attribute 14}
+-- tcg-at-tpmIdLabel OBJECT IDENTIFIER ::= {tcg-attribute 15}
+-- tcg-at-tpmSpecification OBJECT IDENTIFIER ::= {tcg-attribute 16}
+-- tcg-at-tcgPlatformSpecification OBJECT IDENTIFIER ::= {tcg-attribute 17}
+-- tcg-at-tpmSecurityAssertions OBJECT IDENTIFIER ::= {tcg-attribute 18}
+-- tcg-at-tbbSecurityAssertions OBJECT IDENTIFIER ::= {tcg-attribute 19}
+-- TCG Algorithm OIDs
+-- tcg-algorithm-null OBJECT IDENTIFIER ::= {tcg-algorithm 1}
+-- TCG Key Purposes OIDs
+-- tcg-kp-EKCertificate OBJECT IDENTIFIER ::= {tcg-kp 1}
+-- tcg-kp-PlatformCertificate OBJECT IDENTIFIER ::= {tcg-kp 2}
+-- tcg-kp-AIKCertificate OBJECT IDENTIFIER ::= {tcg-kp 3}
+-- TCG Certificate Extensions
+-- tcg-ce-relevantCredentials OBJECT IDENTIFIER ::= {tcg-ce 2}
+-- tcg-ce-relevantManifests OBJECT IDENTIFIER ::= {tcg-ce 3}
+-- tcg-ce-virtualPlatformAttestationService OBJECT IDENTIFIER ::= {tcg-ce 4}
+-- tcg-ce-migrationControllerAttestationService OBJECT IDENTIFIER ::= {tcg-ce 5}
+-- tcg-ce-migrationControllerRegistrationService OBJECT IDENTIFIER ::= {tcg-ce 6}
+-- tcg-ce-virtualPlatformBackupService OBJECT IDENTIFIER ::= {tcg-ce 7}
+-- TCG Protocol OIDs
+-- tcg-prt-tpmIdProtocol OBJECT IDENTIFIER ::= {tcg-protocol 1}
+-- tcg specification attributes for tpm and platform
+
+-- tPMSpecification ATTRIBUTE ::= {
+-- WITH SYNTAX TPMSpecification
+-- ID tcg-at-tpmSpecification }
+
+TPMSpecification ::= SEQUENCE {
+family UTF8String, -- (SIZE (1..STRMAX)),
+level INTEGER,
+revision INTEGER }
+
+-- tCGPlatformSpecification ATTRIBUTE ::= {
+-- WITH SYNTAX TCGPlatformSpecification
+-- ID tcg-at-tcgPlatformSpecification }
+
+TCGSpecificationVersion ::= SEQUENCE {
+majorVersion INTEGER,
+minorVersion INTEGER,
+revision INTEGER }
+
+TCGPlatformSpecification ::= SEQUENCE {
+version TCGSpecificationVersion,
+platformClass OCTET STRING } -- SIZE(4) }
+
+-- tcpa tpm specification attribute (deprecated)
+-- tCPASpecVersion ATTRIBUTE ::= {
+-- WITH SYNTAX TCPASpecVersion
+-- ID tcg-tcpaSpecVersion }
+
+TCPASpecVersion ::= SEQUENCE {
+major INTEGER,
+minor INTEGER }
+
+-- manufacturer implementation model and version attributes
+-- TPMManufacturer ATTRIBUTE ::= {
+-- WITH SYNTAX UTF8String (SIZE (1..STRMAX))
+-- ID tcg-at-tpmManufacturer }
+-- TPMModel ATTRIBUTE ::= {
+-- WITH SYNTAX UTF8String (SIZE (1..STRMAX))
+-- ID tcg-at-tpmModel }
+-- TPMVersion ATTRIBUTE ::= {
+-- WITH SYNTAX UTF8String (SIZE (1..STRMAX))
+-- ID tcg-at-tpmVersion }
+-- PlatformManufacturer ATTRIBUTE ::= {
+-- WITH SYNTAX UTF8String (SIZE (1..STRMAX))
+-- ID tcg-at-platformManufacturer }
+-- PlatformModel ATTRIBUTE ::= {
+-- WITH SYNTAX UTF8String (SIZE (1..STRMAX))
+-- ID tcg-at-platformModel }
+-- PlatformVersion ATTRIBUTE ::= {
+-- WITH SYNTAX UTF8String (SIZE (1..STRMAX))
+-- ID tcg-at-platformVersion }
+-- tpm and platform tbb security assertions
+
+-- TODO: Wireshark dissection of version could be added
+Version ::= INTEGER -- { v1(0) }
+
+-- tPMSecurityAssertions ATTRIBUTE ::= {
+-- WITH SYNTAX TPMSecurityAssertions
+-- ID tcg—at-tpmSecurityAssertions
+-- }
+
+TPMSecurityAssertions ::= SEQUENCE {
+version Version DEFAULT v1,
+fieldUpgradable BOOLEAN DEFAULT FALSE,
+ekGenerationType [0] IMPLICIT EKGenerationType OPTIONAL,
+ekGenerationLocation [1] IMPLICIT EKGenerationLocation OPTIONAL,
+ekCertificateGenerationLocation [2] IMPLICIT
+EKCertificateGenerationLocation OPTIONAL,
+ccInfo [3] IMPLICIT CommonCriteriaMeasures OPTIONAL,
+fipsLevel [4] IMPLICIT FIPSLevel OPTIONAL,
+iso9000Certified [5] IMPLICIT BOOLEAN DEFAULT FALSE,
+iso9000Uri IA5String OPTIONAL } -- (SIZE (1..URIMAX)) OPTIONAL }
+
+-- tBBSecurityAssertions ATTRIBUTE ::= {
+-- WITH SYNTAX TBBSecurityAssertions
+-- ID tcg—at-tbbSecurityAssertions }
+
+TBBSecurityAssertions ::= SEQUENCE {
+version Version DEFAULT v1,
+ccInfo [0] IMPLICIT CommonCriteriaMeasures OPTIONAL,
+fipsLevel [1] IMPLICIT FIPSLevel OPTIONAL,
+rtmType [2] IMPLICIT MeasurementRootType OPTIONAL,
+iso9000Certified BOOLEAN DEFAULT FALSE,
+iso9000Uri IA5String OPTIONAL } -- (SIZE (1..URIMAX)) OPTIONAL }
+
+EKGenerationType ::= ENUMERATED {
+internal (0),
+injected (1),
+internalRevocable(2),
+injectedRevocable(3) }
+
+EKGenerationLocation ::= ENUMERATED {
+tpmManufacturer (0),
+platformManufacturer (1),
+ekCertSigner (2) }
+
+EKCertificateGenerationLocation ::= ENUMERATED {
+tpmManufacturer (0),
+platformManufacturer (1),
+ekCertSigner (2) }
+
+-- V1.1 of this specification adds hybrid and physical.
+-- Hybrid means the measurement root is capable of static AND dynamic
+-- Physical means that the root is anchored by a physical TPM
+-- Virtual means the TPM is virtualized (possibly running in a VMM)
+-- TPMs or RTMs might leverage other lower layer RTMs to virtualize the
+-- the capabilities of the platform.
+
+MeasurementRootType ::= ENUMERATED {
+static (0),
+dynamic (1),
+nonHost (2),
+hybrid (3),
+physical (4),
+virtual (5) }
+
+-- common criteria evaluation
+CommonCriteriaMeasures ::= SEQUENCE {
+version IA5String, --  (SIZE (1..STRMAX)), “2.2” or “3.1”; future syntax defined by CC
+assurancelevel EvaluationAssuranceLevel,
+evaluationStatus EvaluationStatus,
+plus BOOLEAN DEFAULT FALSE,
+strengthOfFunction [0] IMPLICIT StrengthOfFunction OPTIONAL,
+profileOid [1] IMPLICIT OBJECT IDENTIFIER OPTIONAL,
+profileUri [2] IMPLICIT URIReference OPTIONAL,
+targetOid [3] IMPLICIT OBJECT IDENTIFIER OPTIONAL,
+targetUri [4] IMPLICIT URIReference OPTIONAL }
+
+EvaluationAssuranceLevel ::= ENUMERATED {
+levell (1),
+level2 (2),
+level3 (3),
+level4 (4),
+level5 (5),
+level6 (6),
+level7 (7) }
+
+StrengthOfFunction ::= ENUMERATED {
+basic (0),
+medium (1),
+high (2) }
+
+URIReference ::= SEQUENCE {
+uniformResourceIdentifier IA5String, -- (SIZE (1..URIMAX)),
+hashAlgorithm AlgorithmIdentifier OPTIONAL,
+hashValue BIT STRING OPTIONAL }
+
+EvaluationStatus ::= ENUMERATED {
+designedToMeet (0),
+evaluationInProgress (1),
+evaluationCompleted (2) }
+-- fips evaluation
+
+FIPSLevel ::= SEQUENCE {
+version IA5String, -- (SIZE (1..STRMAX)), “140-1” or “140-2”
+level SecurityLevel,
+plus BOOLEAN DEFAULT FALSE }
+
+SecurityLevel ::= ENUMERATED {
+level1 (1),
+level2 (2),
+level3 (3),
+level4 (4) }
+
+-- aik certificate label from tpm owner
+--TPMIdLabel OTHER-NAME ::= {UTF8String IDENTIFIED BY {tcg-at-tpmIdLabel} }
+-- the following are deprecated but may be present for compatibility with TCPA
+
+-- TPMProtectionProfile ATTRIBUTE ::= {
+-- WITH SYNTAX ProtectionProfile
+-- ID tcg-at-tpmProtectionProfile }
+-- TPMSecurityTarget ATTRIBUTE ::= {
+-- WITH SYNTAX SecurityTarget
+-- ID tcg-at-tpmSecurityTarget }
+--
+-- TBBProtectionProfile ATTRIBUTE ::= {
+-- WITH SYNTAX ProtectionProfile
+-- ID tcg-at-tbbProtectionProfile }
+-- TBBSecurityTarget ATTRIBUTE ::= {
+-- WITH SYNTAX SecurityTarget
+-- ID tcg-at-tbbSecurityTarget }
+
+ProtectionProfile ::= OBJECT IDENTIFIER
+
+SecurityTarget ::= OBJECT IDENTIFIER
+
+-- V1.1 addition for enabling references to other credentials or
+-- XML-based Reference Manifests. These data objects are included
+-- in X.509 extensions using the new tcg-ce-[relevantCredentials,
+-- relevantManifests] OIDs.
+
+HashAlgAndValue ::= SEQUENCE {
+hashAlg AlgorithmIdentifier,
+hashValue OCTET STRING }
+
+HashedSubjectInfoURI ::= SEQUENCE {
+documentURI IA5String, -- (SIZE (1..URIMAX)),
+documentAccessInfo OBJECT IDENTIFIER OPTIONAL,
+documentHashInfo HashAlgAndValue OPTIONAL }
+
+-- Use of SubjectInfoURIList is not specified anywhere, therefore commented out for Wireshark in cnf file
+SubjectInfoURIList ::=
+SEQUENCE -- SIZE (1..REFMAX) -- OF HashedSubjectInfoURI
+
+TCGRelevantCredentials::=
+SEQUENCE -- SIZE (1..REFMAX) -- OF HashedSubjectInfoURI
+
+TCGRelevantManifests::=
+SEQUENCE -- SIZE (1..REFMAX) -- OF HashedSubjectInfoURI
+
+-- V1.2 addition of virtualization oriented credential extensions.
+-- This extension indicates how a remote challenger can contact the (deep) attestation service below the current credential holder in order to attest the layer below.
+-- Using this model allows the credential of each virtualization layer to reference the attestation service for the layer below it.
+-- A remote challenger could traverse the layer hierarchy using this extension until reaching the physical trusted platform rooted attestation.
+-- The following URI is optionally included in a certificate for a virtual machine associated with the tcg-ce-virtualPlatformAttestationService extension OID.
+-- These URI are associated with the tcg-ce-[virtualPlatformAttestationService,
+--  migrationControllerAttestationService, migrationControllerRegistrationService, virtualPlatformBackupService] OIDs respectively:
+VirtualPlatformAttestationServiceURI ::= IA5String -- (SIZE (1..URIMAX)
+
+MigrationControllerAttestationServiceURI ::= IA5String -- (SIZE (1..URIMAX)
+
+MigrationControllerRegistrationServiceURI ::= IA5String -- (SIZE (1..URIMAX)
+
+VirtualPlatformBackupServiceURI ::= SEQUENCE {
+restoreAllowed BOOLEAN DEFAULT FALSE,
+backupServiceURI IA5String }
+
+END
--- a/epan/dissectors/asn1/tcg-cp-oids/tcg-cp-oids.cnf
+++ b/epan/dissectors/asn1/tcg-cp-oids/tcg-cp-oids.cnf
@ -0,0 +1,62 @@
+# tcg-cp-OID.cnf
+# Trusted Computing Group Certificate Profile OIDs conformation file
+
+#.MODULE_IMPORT
+PKIX1Explicit88	pkix1explicit
+#.INCLUDE ../pkix1explicit/pkix1explicit_exp.cnf
+
+
+#.OMIT_ASSIGNMENT
+SubjectInfoURIList
+#.END
+
+#.EXPORTS
+
+#.REGISTER
+
+TCPASpecVersion           B "2.23.133.1"    "tcg-tcpaSpecVersion"
+
+ProtectionProfile         B "2.23.133.2.11" "tcg-at-tpmProtectionProfile"
+SecurityTarget            B "2.23.133.2.12" "tcg-at-tpmSecurityTarget"
+ProtectionProfile         B "2.23.133.2.13" "tcg-at-tbbProtectionProfile"
+SecurityTarget            B "2.23.133.2.14" "tcg-at-tbbSecurityTarget"
+TPMSpecification          B "2.23.133.2.16" "tcg-at-tpmSpecification"
+TCGPlatformSpecification  B "2.23.133.2.17" "tcg-at-tcgPlatformSpecification"
+TPMSecurityAssertions     B "2.23.133.2.18" "tcg-at-tpmSecurityAssertions"
+TBBSecurityAssertions     B "2.23.133.2.19" "tcg-at-tbbSecurityAssertions"
+
+# TCG Certificate Extensions
+# this is a guess for SubjectInfoURIList, whose use is not specified anywhere
+#SubjectInfoURIList B "2.23.133.6.1" "tcg-ce-subjectInfoURIList"
+TCGRelevantCredentials B "2.23.133.6.2" "tcg-ce-relevantCredentials"
+TCGRelevantManifests   B "2.23.133.6.3" "tcg-ce-relevantManifests"
+
+VirtualPlatformAttestationServiceURI      B "2.23.133.6.4" "tcg-ce-virtualPlatformAttestationService"
+MigrationControllerAttestationServiceURI  B "2.23.133.6.5" "tcg-ce-migrationControllerAttestationService"
+MigrationControllerRegistrationServiceURI B "2.23.133.6.6" "tcg-ce-migrationControllerRegistrationService"
+VirtualPlatformBackupServiceURI           B "2.23.133.6.7" "tcg-ce-virtualPlatformBackupService"
+
+#.NO_EMIT
+
+#.TYPE_RENAME
+
+#.FIELD_RENAME
+HashAlgAndValue/hashValue hash_alg_and_value_hashvalue
+URIReference/hashValue    uri_reference_hashvalue
+
+TPMSpecification/level tpm_specification_level
+FIPSLevel/level fips_security_level
+
+TPMSecurityAssertions/version security_assertions_version
+TBBSecurityAssertions/version security_assertions_version
+
+TCGPlatformSpecification/version tcg_specification_vesion
+
+CommonCriteriaMeasures/version cc_measures_version_string
+FIPSLevel/version fips_level_version_string
+
+
+
+#.END
+
+
--- a/epan/dissectors/packet-tcg-cp-oids.c
+++ b/epan/dissectors/packet-tcg-cp-oids.c
--- a/epan/dissectors/packet-tcg-cp-oids.h
+++ b/epan/dissectors/packet-tcg-cp-oids.h
@ -0,0 +1,29 @@
+/* Do not modify this file. Changes will be overwritten.                      */
+/* Generated automatically by the ASN.1 to Wireshark dissector compiler       */
+/* packet-tcg-cp-oids.h                                                       */
+/* asn2wrs.py -b -p tcg-cp-oids -c ./tcg-cp-oids.cnf -s ./packet-tcg-cp-oids-template -D . -O ../.. tcg-cp-oids.asn */
+
+/* Input file: packet-tcg-cp-oids-template.h */
+
+#line 1 "./asn1/tcg-cp-oids/packet-tcg-cp-oids-template.h"
+/* packet-tcg-cp-oids.h
+ * Routines for TCG Certificate Profile OIDs
+ *
+ * Wireshark - Network traffic analyzer
+ * By Gerald Combs <gerald@wireshark.org>
+ * Copyright 1998 Gerald Combs
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#ifndef PACKET_TCG_CP_OIDS_H
+#define PACKET_TCG_CP_OIDS_H
+
+
+/*--- Included file: packet-tcg-cp-oids-exp.h ---*/
+#line 1 "./asn1/tcg-cp-oids/packet-tcg-cp-oids-exp.h"
+
+/*--- End of included file: packet-tcg-cp-oids-exp.h ---*/
+#line 15 "./asn1/tcg-cp-oids/packet-tcg-cp-oids-template.h"
+
+#endif  /* PACKET_TCG_CP_OIDS_H */