Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 7887f758de8f9106a484ca59d9734304aa919e36 / . / metropolis / test / swtpm / swtpm_cert / asn1.go
blob: 4136a25d3efb6be0fa9f8ee0f968f0de7b37d12f [file] [log] [blame]
Serge Bazanski551a8192024-06-04 14:32:11 +0000[diff] [blame]1package main
2
3import (
4 "encoding/asn1"
5 "log"
6)
7
8type manufacturerInfo struct {
9 Manufacturer struct {
10 Sequence struct {
11 OID asn1.ObjectIdentifier
12 Data string `asn1:"utf8"`
13 }
14 } `asn1:"set"`
15 Model struct {
16 Sequence struct {
17 OID asn1.ObjectIdentifier
18 Data string `asn1:"utf8"`
19 }
20 } `asn1:"set"`
21 Version struct {
22 Sequence struct {
23 OID asn1.ObjectIdentifier
24 Data string `asn1:"utf8"`
25 }
26 } `asn1:"set"`
27}
28
29// buildManufacturerInfo marshals TPM manufacturer info (TPMManufacturer
30// structure from TCG EK Credential Profile For TPM Family 2.0; Level 0; Version
31// 2.4; Revision 3; 16 July 2021).
32//
33// This is embedded as a directoryName GeneralName SubjectAltName in the
34// generated X509 certificate for an EK.
35func buildManufacturerInfo(manufacturer, model, version string) []byte {
36 var v manufacturerInfo
37 v.Manufacturer.Sequence.OID = asn1.ObjectIdentifier{2, 23, 133, 2, 1}
38 v.Manufacturer.Sequence.Data = manufacturer
39 v.Model.Sequence.OID = asn1.ObjectIdentifier{2, 23, 133, 2, 2}
40 v.Model.Sequence.Data = model
41 v.Version.Sequence.OID = asn1.ObjectIdentifier{2, 23, 133, 2, 3}
42 v.Version.Sequence.Data = version
43
44 res, err := asn1.Marshal(v)
45 if err != nil {
46 log.Fatalf("Failed to marshal manufacturer info: %v", err)
47 }
48 return res
49}
50
51type platformManufacturerInfo struct {
52 Manufacturer struct {
53 Sequence struct {
54 OID asn1.ObjectIdentifier
55 Data string `asn1:"utf8"`
56 }
57 } `asn1:"set"`
58 Model struct {
59 Sequence struct {
60 OID asn1.ObjectIdentifier
61 Data string `asn1:"utf8"`
62 }
63 } `asn1:"set"`
64 Version struct {
65 Sequence struct {
66 OID asn1.ObjectIdentifier
67 Data string `asn1:"utf8"`
68 }
69 } `asn1:"set"`
70}
71
72// buildPlatformManufacturerInfo marshals TPM platform manufacturer info.
73//
74// See: TCG Platform Certificate Profile; Specification Version 1.1; Revision 19;
75// 10 April 2020: Section 3.1.2 (Name Attributes
76// Platform{ManufacturerStr,Model,Version}) and Section 3.2 (Platform
77// Certificate, Extensions Subject Alternative Names).
78//
79// This is embedded as a directoryName GeneralName SubjectAltName in the
80// generated X509 certificate for a Platform.
81//
82// The spec seems to have missing ASN.1 definitions to tie together the strings
83// into a structure that's embedded into the SAN. This corresponds to whatever
84// upstream swtpm_cert is doing.
85func buildPlatformManufacturerInfo(manufacturer, model, version string) []byte {
86 var v platformManufacturerInfo
87 v.Manufacturer.Sequence.OID = asn1.ObjectIdentifier{2, 23, 133, 5, 1, 1}
88 v.Manufacturer.Sequence.Data = manufacturer
89 v.Model.Sequence.OID = asn1.ObjectIdentifier{2, 23, 133, 5, 1, 4}
90 v.Model.Sequence.Data = model
91 v.Version.Sequence.OID = asn1.ObjectIdentifier{2, 23, 133, 5, 1, 5}
92 v.Version.Sequence.Data = version
93
94 res, err := asn1.Marshal(v)
95 if err != nil {
96 log.Fatalf("Failed to marshal platform manufacturer info: %v", err)
97 }
98 return res
99}
100
101type specificationInfo struct {
102 OID asn1.ObjectIdentifier
103 Set struct {
104 Sequence struct {
105 Family string
106 Level int
107 Revision int
108 }
109 } `asn1:"set"`
110}
111
112// buildSpecificationInfo marshals TPM manufacturer info (tPMSpecification
113// structure from TCG EK Credential Profile For TPM Family 2.0; Level 0; Version
114// 2.4; Revision 3; 16 July 2021).
115//
116// This is embedded as a directoryName SAN or extension in the generated X509
117// certificate for an EK.
118func buildSpecificationInfo(family string, level, revision int) []byte {
119 var v specificationInfo
120 v.OID = asn1.ObjectIdentifier{2, 23, 133, 2, 16}
121 v.Set.Sequence.Family = family
122 v.Set.Sequence.Level = level
123 v.Set.Sequence.Revision = revision
124 res, err := asn1.Marshal(v)
125 if err != nil {
126 log.Fatalf("Failed to marshal specification info: %v", err)
127 }
128 return res
129}