forked from osmocom/wireshark
Adding dissector for OIDs used in TCG X.509 Certificates
OIDs used in Trusted Computing Group X.509 Certificate Profiles are available in https://www.trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_EK_V2.0_R14_published.pdf Example Certificates in PEM format are in Appendix A. The relevant TCG OIDs are mostly used in certificate extensions like: - subjectAltName - extKeyUsage - subjectDirectoryAttributes Change-Id: Ifd44f598bea0b32b4471dfec2fd3af74f7a9e33e Reviewed-on: https://code.wireshark.org/review/29983 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot Reviewed-by: Anders Broman <a.broman58@gmail.com>
This commit is contained in:
parent
107205c2be
commit
0bc74bb7ea
|
@ -1708,6 +1708,7 @@ set(DISSECTOR_SRC
|
||||||
${CMAKE_CURRENT_SOURCE_DIR}/packet-tacacs.c
|
${CMAKE_CURRENT_SOURCE_DIR}/packet-tacacs.c
|
||||||
${CMAKE_CURRENT_SOURCE_DIR}/packet-tali.c
|
${CMAKE_CURRENT_SOURCE_DIR}/packet-tali.c
|
||||||
${CMAKE_CURRENT_SOURCE_DIR}/packet-tapa.c
|
${CMAKE_CURRENT_SOURCE_DIR}/packet-tapa.c
|
||||||
|
${CMAKE_CURRENT_SOURCE_DIR}/packet-tcg-cp-oids.c
|
||||||
${CMAKE_CURRENT_SOURCE_DIR}/packet-tcp.c
|
${CMAKE_CURRENT_SOURCE_DIR}/packet-tcp.c
|
||||||
${CMAKE_CURRENT_SOURCE_DIR}/packet-tcpros.c
|
${CMAKE_CURRENT_SOURCE_DIR}/packet-tcpros.c
|
||||||
${CMAKE_CURRENT_SOURCE_DIR}/packet-tdmoe.c
|
${CMAKE_CURRENT_SOURCE_DIR}/packet-tdmoe.c
|
||||||
|
|
|
@ -113,6 +113,7 @@ set(ASN1_SRC_DIRS
|
||||||
t125
|
t125
|
||||||
t38
|
t38
|
||||||
tcap
|
tcap
|
||||||
|
tcg-cp-oids
|
||||||
tetra
|
tetra
|
||||||
ulp
|
ulp
|
||||||
wlancertextn
|
wlancertextn
|
||||||
|
|
|
@ -0,0 +1,42 @@
|
||||||
|
# CMakeLists.txt
|
||||||
|
#
|
||||||
|
# Wireshark - Network traffic analyzer
|
||||||
|
# By Gerald Combs <gerald@wireshark.org>
|
||||||
|
# Copyright 1998 Gerald Combs
|
||||||
|
#
|
||||||
|
# SPDX-License-Identifier: GPL-2.0-or-later
|
||||||
|
#
|
||||||
|
|
||||||
|
set( PROTOCOL_NAME tcg-cp-oids )
|
||||||
|
|
||||||
|
set( PROTO_OPT )
|
||||||
|
|
||||||
|
set( EXPORT_FILES
|
||||||
|
${PROTOCOL_NAME}-exp.cnf
|
||||||
|
)
|
||||||
|
|
||||||
|
set( EXT_ASN_FILE_LIST
|
||||||
|
)
|
||||||
|
|
||||||
|
set( ASN_FILE_LIST
|
||||||
|
tcg-cp-oids.asn
|
||||||
|
)
|
||||||
|
|
||||||
|
set( EXTRA_DIST
|
||||||
|
${ASN_FILE_LIST}
|
||||||
|
packet-${PROTOCOL_NAME}-template.c
|
||||||
|
packet-${PROTOCOL_NAME}-template.h
|
||||||
|
${PROTOCOL_NAME}.cnf
|
||||||
|
)
|
||||||
|
|
||||||
|
set( SRC_FILES
|
||||||
|
${EXTRA_DIST}
|
||||||
|
${EXT_ASN_FILE_LIST}
|
||||||
|
)
|
||||||
|
|
||||||
|
set( A2W_FLAGS -b )
|
||||||
|
|
||||||
|
set( EXTRA_CNF
|
||||||
|
)
|
||||||
|
|
||||||
|
ASN2WRS()
|
|
@ -0,0 +1,103 @@
|
||||||
|
/* packet-tcg-cp-oids.c
|
||||||
|
*
|
||||||
|
* Wireshark - Network traffic analyzer
|
||||||
|
* By Gerald Combs <gerald@wireshark.org>
|
||||||
|
* Copyright 1998 Gerald Combs
|
||||||
|
*
|
||||||
|
* SPDX-License-Identifier: GPL-2.0-or-later
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "config.h"
|
||||||
|
|
||||||
|
#include <epan/packet.h>
|
||||||
|
#include <epan/oids.h>
|
||||||
|
#include <epan/asn1.h>
|
||||||
|
|
||||||
|
#include "packet-tcg-cp-oids.h"
|
||||||
|
#include "packet-ber.h"
|
||||||
|
#include "packet-pkix1explicit.h"
|
||||||
|
#include "packet-pkix1implicit.h"
|
||||||
|
|
||||||
|
#define PNAME "TCG_CP_OIDS"
|
||||||
|
#define PSNAME "TCG_CP_OIDS"
|
||||||
|
#define PFNAME "tcg_cp_oids"
|
||||||
|
|
||||||
|
void proto_register_tcg_cp_oids(void);
|
||||||
|
void proto_reg_handoff_tcg_cp_oids(void);
|
||||||
|
|
||||||
|
/* Initialize the protocol and registered fields */
|
||||||
|
static int proto_tcg_cp_oids = -1;
|
||||||
|
#include "packet-tcg-cp-oids-hf.c"
|
||||||
|
static int hf_tcg_cp_oids_UTF8String_PDU = -1;
|
||||||
|
|
||||||
|
/* Initialize the subtree pointers */
|
||||||
|
#include "packet-tcg-cp-oids-ett.c"
|
||||||
|
#include "packet-tcg-cp-oids-fn.c"
|
||||||
|
|
||||||
|
|
||||||
|
/*--- proto_register_tcg_cp_oids ----------------------------------------------*/
|
||||||
|
void proto_register_tcg_cp_oids(void) {
|
||||||
|
|
||||||
|
/* List of fields */
|
||||||
|
static hf_register_info hf[] = {
|
||||||
|
{ &hf_tcg_cp_oids_UTF8String_PDU,
|
||||||
|
{ "UTF8String", "tcg-cp-oids.UTF8String",
|
||||||
|
FT_STRING, BASE_NONE, NULL, 0,
|
||||||
|
NULL, HFILL }},
|
||||||
|
#include "packet-tcg-cp-oids-hfarr.c"
|
||||||
|
};
|
||||||
|
|
||||||
|
/* List of subtrees */
|
||||||
|
static gint *ett[] = {
|
||||||
|
#include "packet-tcg-cp-oids-ettarr.c"
|
||||||
|
};
|
||||||
|
|
||||||
|
/* Register protocol */
|
||||||
|
proto_tcg_cp_oids = proto_register_protocol(PNAME, PSNAME, PFNAME);
|
||||||
|
|
||||||
|
/* Register fields and subtrees */
|
||||||
|
proto_register_field_array(proto_tcg_cp_oids, hf, array_length(hf));
|
||||||
|
proto_register_subtree_array(ett, array_length(ett));
|
||||||
|
}
|
||||||
|
|
||||||
|
/* to be able to register OIDs for UTF8String */
|
||||||
|
static int
|
||||||
|
dissect_tcg_cp_oids_UTF8String_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
|
||||||
|
int offset = 0;
|
||||||
|
asn1_ctx_t actx;
|
||||||
|
asn1_ctx_init(&actx, ASN1_ENC_BER, TRUE, pinfo);
|
||||||
|
offset = dissect_ber_restricted_string(FALSE, BER_UNI_TAG_UTF8String, &actx, tree, tvb, offset, hf_tcg_cp_oids_UTF8String_PDU, NULL);
|
||||||
|
return offset;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*--- proto_reg_handoff_tcg_cp_oids -------------------------------------------*/
|
||||||
|
void proto_reg_handoff_tcg_cp_oids(void) {
|
||||||
|
#include "packet-tcg-cp-oids-dis-tab.c"
|
||||||
|
oid_add_from_string("tcg","2.23.133");
|
||||||
|
oid_add_from_string("tcg-attribute","2.23.133.2");
|
||||||
|
oid_add_from_string("tcg-protocol","2.23.133.3");
|
||||||
|
oid_add_from_string("tcg-algorithm","2.23.133.4");
|
||||||
|
oid_add_from_string("tcg-ce","2.23.133.6");
|
||||||
|
oid_add_from_string("tcg-kp","2.23.133.8");
|
||||||
|
/* TCG Spec Version OIDs */
|
||||||
|
oid_add_from_string("tcg-sv-tpm12","2.23.133.1.1");
|
||||||
|
oid_add_from_string("tcg-sv-tpm20","2.23.133.1.2");
|
||||||
|
/* TCG Attribute OIDs */
|
||||||
|
oid_add_from_string("tcg-at-securityQualities","2.23.133.2.10");
|
||||||
|
/* TCG Algorithm OIDs */
|
||||||
|
oid_add_from_string("tcg-algorithm-null","2.23.133.4.1");
|
||||||
|
/* TCG Key Purposes OIDs */
|
||||||
|
oid_add_from_string("tcg-kp-EKCertificate","2.23.133.8.1");
|
||||||
|
oid_add_from_string("tcg-kp-PlatformCertificate","2.23.133.8.2");
|
||||||
|
oid_add_from_string("tcg-kp-AIKCertificate","2.23.133.8.3");
|
||||||
|
/* TCG Protocol OIDs */
|
||||||
|
oid_add_from_string("tcg-prt-tpmIdProtocol","2.23.133.3.1");
|
||||||
|
|
||||||
|
register_ber_oid_dissector("2.23.133.2.1", dissect_tcg_cp_oids_UTF8String_PDU, proto_tcg_cp_oids, "tcg-at-tpmManufacturer");
|
||||||
|
register_ber_oid_dissector("2.23.133.2.2", dissect_tcg_cp_oids_UTF8String_PDU, proto_tcg_cp_oids, "tcg-at-tpmModel");
|
||||||
|
register_ber_oid_dissector("2.23.133.2.3", dissect_tcg_cp_oids_UTF8String_PDU, proto_tcg_cp_oids, "tcg-at-tpmVersion");
|
||||||
|
register_ber_oid_dissector("2.23.133.2.4", dissect_tcg_cp_oids_UTF8String_PDU, proto_tcg_cp_oids, "tcg-at-platformManufacturer");
|
||||||
|
register_ber_oid_dissector("2.23.133.2.5", dissect_tcg_cp_oids_UTF8String_PDU, proto_tcg_cp_oids, "tcg-at-platformModel");
|
||||||
|
register_ber_oid_dissector("2.23.133.2.6", dissect_tcg_cp_oids_UTF8String_PDU, proto_tcg_cp_oids, "tcg-at-platformVersion");
|
||||||
|
register_ber_oid_dissector("2.23.133.2.15", dissect_tcg_cp_oids_UTF8String_PDU, proto_tcg_cp_oids, "tcg-at-tpmIdLabel");
|
||||||
|
}
|
|
@ -0,0 +1,16 @@
|
||||||
|
/* packet-tcg-cp-oids.h
|
||||||
|
* Routines for TCG Certificate Profile OIDs
|
||||||
|
*
|
||||||
|
* Wireshark - Network traffic analyzer
|
||||||
|
* By Gerald Combs <gerald@wireshark.org>
|
||||||
|
* Copyright 1998 Gerald Combs
|
||||||
|
*
|
||||||
|
* SPDX-License-Identifier: GPL-2.0-or-later
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef PACKET_TCG_CP_OIDS_H
|
||||||
|
#define PACKET_TCG_CP_OIDS_H
|
||||||
|
|
||||||
|
#include "packet-tcg-cp-oids-exp.h"
|
||||||
|
|
||||||
|
#endif /* PACKET_TCG_CP_OIDS_H */
|
|
@ -0,0 +1,294 @@
|
||||||
|
--
|
||||||
|
-- ASN.1 extracted from
|
||||||
|
-- TCG EK Credential Profile
|
||||||
|
-- For TPM Family 2.0; Level 0
|
||||||
|
-- Specification Version 2.0
|
||||||
|
-- Revision 14
|
||||||
|
-- 4 November 2014
|
||||||
|
-- https://www.trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_EK_V2.0_R14_published.pdf
|
||||||
|
-- on 2018-10-02, and heavily polished + bug fixed for asn2wrs
|
||||||
|
|
||||||
|
TCG DEFINITIONS::=
|
||||||
|
|
||||||
|
BEGIN
|
||||||
|
|
||||||
|
IMPORTS
|
||||||
|
|
||||||
|
-- Additional IMPORT for Wireshark
|
||||||
|
AlgorithmIdentifier
|
||||||
|
FROM PKIX1Explicit88 {iso(1) identified-organization(3)
|
||||||
|
dod(6) internet(1) security(5) mechanisms(5) pkix(7)
|
||||||
|
id-mod(0) id-pkix1-explicit-88(1)};
|
||||||
|
|
||||||
|
-- TCG specific OIDs
|
||||||
|
-- tcg OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) international-organizations(23) tcg(133) }
|
||||||
|
-- tcg-tcpaSpecVersion OBJECT IDENTIFIER ::= {tcg 1}
|
||||||
|
-- tcg-attribute OBJECT IDENTIFIER ::= {tcg 2}
|
||||||
|
-- tcg-protocol OBJECT IDENTIFIER ::= {tcg 3}
|
||||||
|
-- tcg-algorithm OBJECT IDENTIFIER ::= {tcg 4}
|
||||||
|
-- tcg-ce OBJECT IDENTIFIER ::= {tcg 6}
|
||||||
|
-- tcg-kp OBJECT IDENTIFIER ::= {tcg 8}
|
||||||
|
-- TCG Spec Version OIDs
|
||||||
|
-- tcg-sv-tpm12 OBJECT IDENTIFIER ::= { tcg-tcpaSpecVersion 1}
|
||||||
|
-- tcg-sv-tpm20 OBJECT IDENTIFIER ::= { tcg-tcpaSpecVersion 2}
|
||||||
|
-- TCG Attribute OIDs
|
||||||
|
-- tcg-at-tpmManufacturer OBJECT IDENTIFIER ::= {tcg-attribute 1}
|
||||||
|
-- tcg-at-tpmModel OBJECT IDENTIFIER ::= {tcg-attribute 2}
|
||||||
|
-- tcg-at-tpmVersion OBJECT IDENTIFIER ::= {tcg-attribute 3}
|
||||||
|
-- tcg-at-platformManufacturer OBJECT IDENTIFIER ::= {tcg-attribute 4}
|
||||||
|
-- tcg-at-platformModel OBJECT IDENTIFIER ::= {tcg-attribute 5}
|
||||||
|
-- tcg-at-platformVersion OBJECT IDENTIFIER ::= {tcg-attribute 6}
|
||||||
|
-- tcg-at-securityQualities OBJECT IDENTIFIER ::= {tcg-attribute 10}
|
||||||
|
-- tcg-at-tpmProtectionProfile OBJECT IDENTIFIER ::= {tcg-attribute 11}
|
||||||
|
-- tcg-at-tpmSecurityTarget OBJECT IDENTIFIER ::= {tcg-attribute 12}
|
||||||
|
-- tcg-at-tbbProtectionProfile OBJECT IDENTIFIER ::= {tcg-attribute 13}
|
||||||
|
-- tcg-at-tbbSecurityTarget OBJECT IDENTIFIER ::= {tcg-attribute 14}
|
||||||
|
-- tcg-at-tpmIdLabel OBJECT IDENTIFIER ::= {tcg-attribute 15}
|
||||||
|
-- tcg-at-tpmSpecification OBJECT IDENTIFIER ::= {tcg-attribute 16}
|
||||||
|
-- tcg-at-tcgPlatformSpecification OBJECT IDENTIFIER ::= {tcg-attribute 17}
|
||||||
|
-- tcg-at-tpmSecurityAssertions OBJECT IDENTIFIER ::= {tcg-attribute 18}
|
||||||
|
-- tcg-at-tbbSecurityAssertions OBJECT IDENTIFIER ::= {tcg-attribute 19}
|
||||||
|
-- TCG Algorithm OIDs
|
||||||
|
-- tcg-algorithm-null OBJECT IDENTIFIER ::= {tcg-algorithm 1}
|
||||||
|
-- TCG Key Purposes OIDs
|
||||||
|
-- tcg-kp-EKCertificate OBJECT IDENTIFIER ::= {tcg-kp 1}
|
||||||
|
-- tcg-kp-PlatformCertificate OBJECT IDENTIFIER ::= {tcg-kp 2}
|
||||||
|
-- tcg-kp-AIKCertificate OBJECT IDENTIFIER ::= {tcg-kp 3}
|
||||||
|
-- TCG Certificate Extensions
|
||||||
|
-- tcg-ce-relevantCredentials OBJECT IDENTIFIER ::= {tcg-ce 2}
|
||||||
|
-- tcg-ce-relevantManifests OBJECT IDENTIFIER ::= {tcg-ce 3}
|
||||||
|
-- tcg-ce-virtualPlatformAttestationService OBJECT IDENTIFIER ::= {tcg-ce 4}
|
||||||
|
-- tcg-ce-migrationControllerAttestationService OBJECT IDENTIFIER ::= {tcg-ce 5}
|
||||||
|
-- tcg-ce-migrationControllerRegistrationService OBJECT IDENTIFIER ::= {tcg-ce 6}
|
||||||
|
-- tcg-ce-virtualPlatformBackupService OBJECT IDENTIFIER ::= {tcg-ce 7}
|
||||||
|
-- TCG Protocol OIDs
|
||||||
|
-- tcg-prt-tpmIdProtocol OBJECT IDENTIFIER ::= {tcg-protocol 1}
|
||||||
|
-- tcg specification attributes for tpm and platform
|
||||||
|
|
||||||
|
-- tPMSpecification ATTRIBUTE ::= {
|
||||||
|
-- WITH SYNTAX TPMSpecification
|
||||||
|
-- ID tcg-at-tpmSpecification }
|
||||||
|
|
||||||
|
TPMSpecification ::= SEQUENCE {
|
||||||
|
family UTF8String, -- (SIZE (1..STRMAX)),
|
||||||
|
level INTEGER,
|
||||||
|
revision INTEGER }
|
||||||
|
|
||||||
|
-- tCGPlatformSpecification ATTRIBUTE ::= {
|
||||||
|
-- WITH SYNTAX TCGPlatformSpecification
|
||||||
|
-- ID tcg-at-tcgPlatformSpecification }
|
||||||
|
|
||||||
|
TCGSpecificationVersion ::= SEQUENCE {
|
||||||
|
majorVersion INTEGER,
|
||||||
|
minorVersion INTEGER,
|
||||||
|
revision INTEGER }
|
||||||
|
|
||||||
|
TCGPlatformSpecification ::= SEQUENCE {
|
||||||
|
version TCGSpecificationVersion,
|
||||||
|
platformClass OCTET STRING } -- SIZE(4) }
|
||||||
|
|
||||||
|
-- tcpa tpm specification attribute (deprecated)
|
||||||
|
-- tCPASpecVersion ATTRIBUTE ::= {
|
||||||
|
-- WITH SYNTAX TCPASpecVersion
|
||||||
|
-- ID tcg-tcpaSpecVersion }
|
||||||
|
|
||||||
|
TCPASpecVersion ::= SEQUENCE {
|
||||||
|
major INTEGER,
|
||||||
|
minor INTEGER }
|
||||||
|
|
||||||
|
-- manufacturer implementation model and version attributes
|
||||||
|
-- TPMManufacturer ATTRIBUTE ::= {
|
||||||
|
-- WITH SYNTAX UTF8String (SIZE (1..STRMAX))
|
||||||
|
-- ID tcg-at-tpmManufacturer }
|
||||||
|
-- TPMModel ATTRIBUTE ::= {
|
||||||
|
-- WITH SYNTAX UTF8String (SIZE (1..STRMAX))
|
||||||
|
-- ID tcg-at-tpmModel }
|
||||||
|
-- TPMVersion ATTRIBUTE ::= {
|
||||||
|
-- WITH SYNTAX UTF8String (SIZE (1..STRMAX))
|
||||||
|
-- ID tcg-at-tpmVersion }
|
||||||
|
-- PlatformManufacturer ATTRIBUTE ::= {
|
||||||
|
-- WITH SYNTAX UTF8String (SIZE (1..STRMAX))
|
||||||
|
-- ID tcg-at-platformManufacturer }
|
||||||
|
-- PlatformModel ATTRIBUTE ::= {
|
||||||
|
-- WITH SYNTAX UTF8String (SIZE (1..STRMAX))
|
||||||
|
-- ID tcg-at-platformModel }
|
||||||
|
-- PlatformVersion ATTRIBUTE ::= {
|
||||||
|
-- WITH SYNTAX UTF8String (SIZE (1..STRMAX))
|
||||||
|
-- ID tcg-at-platformVersion }
|
||||||
|
-- tpm and platform tbb security assertions
|
||||||
|
|
||||||
|
-- TODO: Wireshark dissection of version could be added
|
||||||
|
Version ::= INTEGER -- { v1(0) }
|
||||||
|
|
||||||
|
-- tPMSecurityAssertions ATTRIBUTE ::= {
|
||||||
|
-- WITH SYNTAX TPMSecurityAssertions
|
||||||
|
-- ID tcg—at-tpmSecurityAssertions
|
||||||
|
-- }
|
||||||
|
|
||||||
|
TPMSecurityAssertions ::= SEQUENCE {
|
||||||
|
version Version DEFAULT v1,
|
||||||
|
fieldUpgradable BOOLEAN DEFAULT FALSE,
|
||||||
|
ekGenerationType [0] IMPLICIT EKGenerationType OPTIONAL,
|
||||||
|
ekGenerationLocation [1] IMPLICIT EKGenerationLocation OPTIONAL,
|
||||||
|
ekCertificateGenerationLocation [2] IMPLICIT
|
||||||
|
EKCertificateGenerationLocation OPTIONAL,
|
||||||
|
ccInfo [3] IMPLICIT CommonCriteriaMeasures OPTIONAL,
|
||||||
|
fipsLevel [4] IMPLICIT FIPSLevel OPTIONAL,
|
||||||
|
iso9000Certified [5] IMPLICIT BOOLEAN DEFAULT FALSE,
|
||||||
|
iso9000Uri IA5String OPTIONAL } -- (SIZE (1..URIMAX)) OPTIONAL }
|
||||||
|
|
||||||
|
-- tBBSecurityAssertions ATTRIBUTE ::= {
|
||||||
|
-- WITH SYNTAX TBBSecurityAssertions
|
||||||
|
-- ID tcg—at-tbbSecurityAssertions }
|
||||||
|
|
||||||
|
TBBSecurityAssertions ::= SEQUENCE {
|
||||||
|
version Version DEFAULT v1,
|
||||||
|
ccInfo [0] IMPLICIT CommonCriteriaMeasures OPTIONAL,
|
||||||
|
fipsLevel [1] IMPLICIT FIPSLevel OPTIONAL,
|
||||||
|
rtmType [2] IMPLICIT MeasurementRootType OPTIONAL,
|
||||||
|
iso9000Certified BOOLEAN DEFAULT FALSE,
|
||||||
|
iso9000Uri IA5String OPTIONAL } -- (SIZE (1..URIMAX)) OPTIONAL }
|
||||||
|
|
||||||
|
EKGenerationType ::= ENUMERATED {
|
||||||
|
internal (0),
|
||||||
|
injected (1),
|
||||||
|
internalRevocable(2),
|
||||||
|
injectedRevocable(3) }
|
||||||
|
|
||||||
|
EKGenerationLocation ::= ENUMERATED {
|
||||||
|
tpmManufacturer (0),
|
||||||
|
platformManufacturer (1),
|
||||||
|
ekCertSigner (2) }
|
||||||
|
|
||||||
|
EKCertificateGenerationLocation ::= ENUMERATED {
|
||||||
|
tpmManufacturer (0),
|
||||||
|
platformManufacturer (1),
|
||||||
|
ekCertSigner (2) }
|
||||||
|
|
||||||
|
-- V1.1 of this specification adds hybrid and physical.
|
||||||
|
-- Hybrid means the measurement root is capable of static AND dynamic
|
||||||
|
-- Physical means that the root is anchored by a physical TPM
|
||||||
|
-- Virtual means the TPM is virtualized (possibly running in a VMM)
|
||||||
|
-- TPMs or RTMs might leverage other lower layer RTMs to virtualize the
|
||||||
|
-- the capabilities of the platform.
|
||||||
|
|
||||||
|
MeasurementRootType ::= ENUMERATED {
|
||||||
|
static (0),
|
||||||
|
dynamic (1),
|
||||||
|
nonHost (2),
|
||||||
|
hybrid (3),
|
||||||
|
physical (4),
|
||||||
|
virtual (5) }
|
||||||
|
|
||||||
|
-- common criteria evaluation
|
||||||
|
CommonCriteriaMeasures ::= SEQUENCE {
|
||||||
|
version IA5String, -- (SIZE (1..STRMAX)), “2.2” or “3.1”; future syntax defined by CC
|
||||||
|
assurancelevel EvaluationAssuranceLevel,
|
||||||
|
evaluationStatus EvaluationStatus,
|
||||||
|
plus BOOLEAN DEFAULT FALSE,
|
||||||
|
strengthOfFunction [0] IMPLICIT StrengthOfFunction OPTIONAL,
|
||||||
|
profileOid [1] IMPLICIT OBJECT IDENTIFIER OPTIONAL,
|
||||||
|
profileUri [2] IMPLICIT URIReference OPTIONAL,
|
||||||
|
targetOid [3] IMPLICIT OBJECT IDENTIFIER OPTIONAL,
|
||||||
|
targetUri [4] IMPLICIT URIReference OPTIONAL }
|
||||||
|
|
||||||
|
EvaluationAssuranceLevel ::= ENUMERATED {
|
||||||
|
levell (1),
|
||||||
|
level2 (2),
|
||||||
|
level3 (3),
|
||||||
|
level4 (4),
|
||||||
|
level5 (5),
|
||||||
|
level6 (6),
|
||||||
|
level7 (7) }
|
||||||
|
|
||||||
|
StrengthOfFunction ::= ENUMERATED {
|
||||||
|
basic (0),
|
||||||
|
medium (1),
|
||||||
|
high (2) }
|
||||||
|
|
||||||
|
URIReference ::= SEQUENCE {
|
||||||
|
uniformResourceIdentifier IA5String, -- (SIZE (1..URIMAX)),
|
||||||
|
hashAlgorithm AlgorithmIdentifier OPTIONAL,
|
||||||
|
hashValue BIT STRING OPTIONAL }
|
||||||
|
|
||||||
|
EvaluationStatus ::= ENUMERATED {
|
||||||
|
designedToMeet (0),
|
||||||
|
evaluationInProgress (1),
|
||||||
|
evaluationCompleted (2) }
|
||||||
|
-- fips evaluation
|
||||||
|
|
||||||
|
FIPSLevel ::= SEQUENCE {
|
||||||
|
version IA5String, -- (SIZE (1..STRMAX)), “140-1” or “140-2”
|
||||||
|
level SecurityLevel,
|
||||||
|
plus BOOLEAN DEFAULT FALSE }
|
||||||
|
|
||||||
|
SecurityLevel ::= ENUMERATED {
|
||||||
|
level1 (1),
|
||||||
|
level2 (2),
|
||||||
|
level3 (3),
|
||||||
|
level4 (4) }
|
||||||
|
|
||||||
|
-- aik certificate label from tpm owner
|
||||||
|
--TPMIdLabel OTHER-NAME ::= {UTF8String IDENTIFIED BY {tcg-at-tpmIdLabel} }
|
||||||
|
-- the following are deprecated but may be present for compatibility with TCPA
|
||||||
|
|
||||||
|
-- TPMProtectionProfile ATTRIBUTE ::= {
|
||||||
|
-- WITH SYNTAX ProtectionProfile
|
||||||
|
-- ID tcg-at-tpmProtectionProfile }
|
||||||
|
-- TPMSecurityTarget ATTRIBUTE ::= {
|
||||||
|
-- WITH SYNTAX SecurityTarget
|
||||||
|
-- ID tcg-at-tpmSecurityTarget }
|
||||||
|
--
|
||||||
|
-- TBBProtectionProfile ATTRIBUTE ::= {
|
||||||
|
-- WITH SYNTAX ProtectionProfile
|
||||||
|
-- ID tcg-at-tbbProtectionProfile }
|
||||||
|
-- TBBSecurityTarget ATTRIBUTE ::= {
|
||||||
|
-- WITH SYNTAX SecurityTarget
|
||||||
|
-- ID tcg-at-tbbSecurityTarget }
|
||||||
|
|
||||||
|
ProtectionProfile ::= OBJECT IDENTIFIER
|
||||||
|
|
||||||
|
SecurityTarget ::= OBJECT IDENTIFIER
|
||||||
|
|
||||||
|
-- V1.1 addition for enabling references to other credentials or
|
||||||
|
-- XML-based Reference Manifests. These data objects are included
|
||||||
|
-- in X.509 extensions using the new tcg-ce-[relevantCredentials,
|
||||||
|
-- relevantManifests] OIDs.
|
||||||
|
|
||||||
|
HashAlgAndValue ::= SEQUENCE {
|
||||||
|
hashAlg AlgorithmIdentifier,
|
||||||
|
hashValue OCTET STRING }
|
||||||
|
|
||||||
|
HashedSubjectInfoURI ::= SEQUENCE {
|
||||||
|
documentURI IA5String, -- (SIZE (1..URIMAX)),
|
||||||
|
documentAccessInfo OBJECT IDENTIFIER OPTIONAL,
|
||||||
|
documentHashInfo HashAlgAndValue OPTIONAL }
|
||||||
|
|
||||||
|
-- Use of SubjectInfoURIList is not specified anywhere, therefore commented out for Wireshark in cnf file
|
||||||
|
SubjectInfoURIList ::=
|
||||||
|
SEQUENCE -- SIZE (1..REFMAX) -- OF HashedSubjectInfoURI
|
||||||
|
|
||||||
|
TCGRelevantCredentials::=
|
||||||
|
SEQUENCE -- SIZE (1..REFMAX) -- OF HashedSubjectInfoURI
|
||||||
|
|
||||||
|
TCGRelevantManifests::=
|
||||||
|
SEQUENCE -- SIZE (1..REFMAX) -- OF HashedSubjectInfoURI
|
||||||
|
|
||||||
|
-- V1.2 addition of virtualization oriented credential extensions.
|
||||||
|
-- This extension indicates how a remote challenger can contact the (deep) attestation service below the current credential holder in order to attest the layer below.
|
||||||
|
-- Using this model allows the credential of each virtualization layer to reference the attestation service for the layer below it.
|
||||||
|
-- A remote challenger could traverse the layer hierarchy using this extension until reaching the physical trusted platform rooted attestation.
|
||||||
|
-- The following URI is optionally included in a certificate for a virtual machine associated with the tcg-ce-virtualPlatformAttestationService extension OID.
|
||||||
|
-- These URI are associated with the tcg-ce-[virtualPlatformAttestationService,
|
||||||
|
-- migrationControllerAttestationService, migrationControllerRegistrationService, virtualPlatformBackupService] OIDs respectively:
|
||||||
|
VirtualPlatformAttestationServiceURI ::= IA5String -- (SIZE (1..URIMAX)
|
||||||
|
|
||||||
|
MigrationControllerAttestationServiceURI ::= IA5String -- (SIZE (1..URIMAX)
|
||||||
|
|
||||||
|
MigrationControllerRegistrationServiceURI ::= IA5String -- (SIZE (1..URIMAX)
|
||||||
|
|
||||||
|
VirtualPlatformBackupServiceURI ::= SEQUENCE {
|
||||||
|
restoreAllowed BOOLEAN DEFAULT FALSE,
|
||||||
|
backupServiceURI IA5String }
|
||||||
|
|
||||||
|
END
|
|
@ -0,0 +1,62 @@
|
||||||
|
# tcg-cp-OID.cnf
|
||||||
|
# Trusted Computing Group Certificate Profile OIDs conformation file
|
||||||
|
|
||||||
|
#.MODULE_IMPORT
|
||||||
|
PKIX1Explicit88 pkix1explicit
|
||||||
|
#.INCLUDE ../pkix1explicit/pkix1explicit_exp.cnf
|
||||||
|
|
||||||
|
|
||||||
|
#.OMIT_ASSIGNMENT
|
||||||
|
SubjectInfoURIList
|
||||||
|
#.END
|
||||||
|
|
||||||
|
#.EXPORTS
|
||||||
|
|
||||||
|
#.REGISTER
|
||||||
|
|
||||||
|
TCPASpecVersion B "2.23.133.1" "tcg-tcpaSpecVersion"
|
||||||
|
|
||||||
|
ProtectionProfile B "2.23.133.2.11" "tcg-at-tpmProtectionProfile"
|
||||||
|
SecurityTarget B "2.23.133.2.12" "tcg-at-tpmSecurityTarget"
|
||||||
|
ProtectionProfile B "2.23.133.2.13" "tcg-at-tbbProtectionProfile"
|
||||||
|
SecurityTarget B "2.23.133.2.14" "tcg-at-tbbSecurityTarget"
|
||||||
|
TPMSpecification B "2.23.133.2.16" "tcg-at-tpmSpecification"
|
||||||
|
TCGPlatformSpecification B "2.23.133.2.17" "tcg-at-tcgPlatformSpecification"
|
||||||
|
TPMSecurityAssertions B "2.23.133.2.18" "tcg-at-tpmSecurityAssertions"
|
||||||
|
TBBSecurityAssertions B "2.23.133.2.19" "tcg-at-tbbSecurityAssertions"
|
||||||
|
|
||||||
|
# TCG Certificate Extensions
|
||||||
|
# this is a guess for SubjectInfoURIList, whose use is not specified anywhere
|
||||||
|
#SubjectInfoURIList B "2.23.133.6.1" "tcg-ce-subjectInfoURIList"
|
||||||
|
TCGRelevantCredentials B "2.23.133.6.2" "tcg-ce-relevantCredentials"
|
||||||
|
TCGRelevantManifests B "2.23.133.6.3" "tcg-ce-relevantManifests"
|
||||||
|
|
||||||
|
VirtualPlatformAttestationServiceURI B "2.23.133.6.4" "tcg-ce-virtualPlatformAttestationService"
|
||||||
|
MigrationControllerAttestationServiceURI B "2.23.133.6.5" "tcg-ce-migrationControllerAttestationService"
|
||||||
|
MigrationControllerRegistrationServiceURI B "2.23.133.6.6" "tcg-ce-migrationControllerRegistrationService"
|
||||||
|
VirtualPlatformBackupServiceURI B "2.23.133.6.7" "tcg-ce-virtualPlatformBackupService"
|
||||||
|
|
||||||
|
#.NO_EMIT
|
||||||
|
|
||||||
|
#.TYPE_RENAME
|
||||||
|
|
||||||
|
#.FIELD_RENAME
|
||||||
|
HashAlgAndValue/hashValue hash_alg_and_value_hashvalue
|
||||||
|
URIReference/hashValue uri_reference_hashvalue
|
||||||
|
|
||||||
|
TPMSpecification/level tpm_specification_level
|
||||||
|
FIPSLevel/level fips_security_level
|
||||||
|
|
||||||
|
TPMSecurityAssertions/version security_assertions_version
|
||||||
|
TBBSecurityAssertions/version security_assertions_version
|
||||||
|
|
||||||
|
TCGPlatformSpecification/version tcg_specification_vesion
|
||||||
|
|
||||||
|
CommonCriteriaMeasures/version cc_measures_version_string
|
||||||
|
FIPSLevel/version fips_level_version_string
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
#.END
|
||||||
|
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,29 @@
|
||||||
|
/* Do not modify this file. Changes will be overwritten. */
|
||||||
|
/* Generated automatically by the ASN.1 to Wireshark dissector compiler */
|
||||||
|
/* packet-tcg-cp-oids.h */
|
||||||
|
/* asn2wrs.py -b -p tcg-cp-oids -c ./tcg-cp-oids.cnf -s ./packet-tcg-cp-oids-template -D . -O ../.. tcg-cp-oids.asn */
|
||||||
|
|
||||||
|
/* Input file: packet-tcg-cp-oids-template.h */
|
||||||
|
|
||||||
|
#line 1 "./asn1/tcg-cp-oids/packet-tcg-cp-oids-template.h"
|
||||||
|
/* packet-tcg-cp-oids.h
|
||||||
|
* Routines for TCG Certificate Profile OIDs
|
||||||
|
*
|
||||||
|
* Wireshark - Network traffic analyzer
|
||||||
|
* By Gerald Combs <gerald@wireshark.org>
|
||||||
|
* Copyright 1998 Gerald Combs
|
||||||
|
*
|
||||||
|
* SPDX-License-Identifier: GPL-2.0-or-later
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef PACKET_TCG_CP_OIDS_H
|
||||||
|
#define PACKET_TCG_CP_OIDS_H
|
||||||
|
|
||||||
|
|
||||||
|
/*--- Included file: packet-tcg-cp-oids-exp.h ---*/
|
||||||
|
#line 1 "./asn1/tcg-cp-oids/packet-tcg-cp-oids-exp.h"
|
||||||
|
|
||||||
|
/*--- End of included file: packet-tcg-cp-oids-exp.h ---*/
|
||||||
|
#line 15 "./asn1/tcg-cp-oids/packet-tcg-cp-oids-template.h"
|
||||||
|
|
||||||
|
#endif /* PACKET_TCG_CP_OIDS_H */
|
Loading…
Reference in New Issue