| Tim Windelschmidt | 6d33a43 | 2025-02-04 14:34:25 +0100 | [diff] [blame] | 1 | // Copyright The Monogon Project Authors. |
| 2 | // SPDX-License-Identifier: Apache-2.0 |
| 3 | |
| Serge Bazanski | 551a819 | 2024-06-04 14:32:11 +0000 | [diff] [blame] | 4 | package main |
| 5 | |
| 6 | import ( |
| 7 | "encoding/asn1" |
| 8 | "log" |
| 9 | ) |
| 10 | |
| 11 | type manufacturerInfo struct { |
| 12 | Manufacturer struct { |
| 13 | Sequence struct { |
| 14 | OID asn1.ObjectIdentifier |
| 15 | Data string `asn1:"utf8"` |
| 16 | } |
| 17 | } `asn1:"set"` |
| 18 | Model struct { |
| 19 | Sequence struct { |
| 20 | OID asn1.ObjectIdentifier |
| 21 | Data string `asn1:"utf8"` |
| 22 | } |
| 23 | } `asn1:"set"` |
| 24 | Version struct { |
| 25 | Sequence struct { |
| 26 | OID asn1.ObjectIdentifier |
| 27 | Data string `asn1:"utf8"` |
| 28 | } |
| 29 | } `asn1:"set"` |
| 30 | } |
| 31 | |
| 32 | // buildManufacturerInfo marshals TPM manufacturer info (TPMManufacturer |
| 33 | // structure from TCG EK Credential Profile For TPM Family 2.0; Level 0; Version |
| 34 | // 2.4; Revision 3; 16 July 2021). |
| 35 | // |
| 36 | // This is embedded as a directoryName GeneralName SubjectAltName in the |
| 37 | // generated X509 certificate for an EK. |
| 38 | func buildManufacturerInfo(manufacturer, model, version string) []byte { |
| 39 | var v manufacturerInfo |
| 40 | v.Manufacturer.Sequence.OID = asn1.ObjectIdentifier{2, 23, 133, 2, 1} |
| 41 | v.Manufacturer.Sequence.Data = manufacturer |
| 42 | v.Model.Sequence.OID = asn1.ObjectIdentifier{2, 23, 133, 2, 2} |
| 43 | v.Model.Sequence.Data = model |
| 44 | v.Version.Sequence.OID = asn1.ObjectIdentifier{2, 23, 133, 2, 3} |
| 45 | v.Version.Sequence.Data = version |
| 46 | |
| 47 | res, err := asn1.Marshal(v) |
| 48 | if err != nil { |
| 49 | log.Fatalf("Failed to marshal manufacturer info: %v", err) |
| 50 | } |
| 51 | return res |
| 52 | } |
| 53 | |
| 54 | type platformManufacturerInfo struct { |
| 55 | Manufacturer struct { |
| 56 | Sequence struct { |
| 57 | OID asn1.ObjectIdentifier |
| 58 | Data string `asn1:"utf8"` |
| 59 | } |
| 60 | } `asn1:"set"` |
| 61 | Model struct { |
| 62 | Sequence struct { |
| 63 | OID asn1.ObjectIdentifier |
| 64 | Data string `asn1:"utf8"` |
| 65 | } |
| 66 | } `asn1:"set"` |
| 67 | Version struct { |
| 68 | Sequence struct { |
| 69 | OID asn1.ObjectIdentifier |
| 70 | Data string `asn1:"utf8"` |
| 71 | } |
| 72 | } `asn1:"set"` |
| 73 | } |
| 74 | |
| 75 | // buildPlatformManufacturerInfo marshals TPM platform manufacturer info. |
| 76 | // |
| 77 | // See: TCG Platform Certificate Profile; Specification Version 1.1; Revision 19; |
| 78 | // 10 April 2020: Section 3.1.2 (Name Attributes |
| 79 | // Platform{ManufacturerStr,Model,Version}) and Section 3.2 (Platform |
| 80 | // Certificate, Extensions Subject Alternative Names). |
| 81 | // |
| 82 | // This is embedded as a directoryName GeneralName SubjectAltName in the |
| 83 | // generated X509 certificate for a Platform. |
| 84 | // |
| 85 | // The spec seems to have missing ASN.1 definitions to tie together the strings |
| 86 | // into a structure that's embedded into the SAN. This corresponds to whatever |
| 87 | // upstream swtpm_cert is doing. |
| 88 | func buildPlatformManufacturerInfo(manufacturer, model, version string) []byte { |
| 89 | var v platformManufacturerInfo |
| 90 | v.Manufacturer.Sequence.OID = asn1.ObjectIdentifier{2, 23, 133, 5, 1, 1} |
| 91 | v.Manufacturer.Sequence.Data = manufacturer |
| 92 | v.Model.Sequence.OID = asn1.ObjectIdentifier{2, 23, 133, 5, 1, 4} |
| 93 | v.Model.Sequence.Data = model |
| 94 | v.Version.Sequence.OID = asn1.ObjectIdentifier{2, 23, 133, 5, 1, 5} |
| 95 | v.Version.Sequence.Data = version |
| 96 | |
| 97 | res, err := asn1.Marshal(v) |
| 98 | if err != nil { |
| 99 | log.Fatalf("Failed to marshal platform manufacturer info: %v", err) |
| 100 | } |
| 101 | return res |
| 102 | } |
| 103 | |
| 104 | type specificationInfo struct { |
| 105 | OID asn1.ObjectIdentifier |
| 106 | Set struct { |
| 107 | Sequence struct { |
| 108 | Family string |
| 109 | Level int |
| 110 | Revision int |
| 111 | } |
| 112 | } `asn1:"set"` |
| 113 | } |
| 114 | |
| 115 | // buildSpecificationInfo marshals TPM manufacturer info (tPMSpecification |
| 116 | // structure from TCG EK Credential Profile For TPM Family 2.0; Level 0; Version |
| 117 | // 2.4; Revision 3; 16 July 2021). |
| 118 | // |
| 119 | // This is embedded as a directoryName SAN or extension in the generated X509 |
| 120 | // certificate for an EK. |
| 121 | func buildSpecificationInfo(family string, level, revision int) []byte { |
| 122 | var v specificationInfo |
| 123 | v.OID = asn1.ObjectIdentifier{2, 23, 133, 2, 16} |
| 124 | v.Set.Sequence.Family = family |
| 125 | v.Set.Sequence.Level = level |
| 126 | v.Set.Sequence.Revision = revision |
| 127 | res, err := asn1.Marshal(v) |
| 128 | if err != nil { |
| 129 | log.Fatalf("Failed to marshal specification info: %v", err) |
| 130 | } |
| 131 | return res |
| 132 | } |