Fixed DICE asn.1 example

Updated DICE examples to create a evidence bundle containing a DICE cmw and DiceTcbInfo. Added CsrAttestation name to the definition in CSR-ATTESTATION-2023.asn file so that imports would compile.
lamps-wg · Sep 25, 2024 · 2098453 · 2098453
1 parent 8242ad7
commit 2098453
Show file tree

Hide file tree

Showing 2 changed files with 94 additions and 5 deletions.
diff --git a/CSR-ATTESTATION-2023.asn b/CSR-ATTESTATION-2023.asn
@@ -2,7 +2,7 @@ CSR-ATTESTATION-2023
            {iso(1) identified-organization(3) dod(6) internet(1) security(5)
        mechanisms(5) pkix(7) id-mod(0) id-mod-pkix-attest-01(TBDMOD)}
 
-DEFINITIONS IMPLICIT TAGS ::= BEGIN
+CsrAttestation DEFINITIONS IMPLICIT TAGS ::= BEGIN
 
 EXPORTS ALL;
 

diff --git a/CSR-ATTESTATION-WITH-DICE-CMW.asn b/CSR-ATTESTATION-WITH-DICE-CMW.asn
@@ -1,11 +1,100 @@
 
-tcgDiceEvidenceStatementES EVIDENCE-STATEMENT ::=
-  { ConceptualMessageWrapper IDENTIFIED BY tcg-dice-conceptual-message-wrapper }
+CsrAttestationDiceExample DEFINITIONS IMPLICIT TAGS ::= BEGIN
 
--- where ConceptualMessageWrapper and tcg-dice-conceptual-message-wrapper 
+IMPORTS 
+
+tcg-dice-conceptual-message-wrapper FROM TcgDiceAttestation
+DiceConceptualMessageWrapper FROM TcgDiceAttestation
+
+EvidenceStatementSet FROM CsrAttestation 
+;
+
+tcgDiceCmwEvidenceStatementES EVIDENCE-STATEMENT ::= { 
+  DiceConceptualMessageWrapper IDENTIFIED BY tcg-dice-conceptual-message-wrapper }
+
+tcgDiceTcbInfoEvidenceStatementES EVIDENCE-STATEMENT ::= {
+  DiceTcbInfo IDENTIFIED BY tcg-dice-TcbInfo }
+-- where ConceptualMessageWrapper, tcg-dice-conceptual-message-wrapper, DiceTcbInfo, and tcg-dice-TcbInfo
 -- are defined in DICE-Attestation-Architecture-Version-1.1-Revision-17_1August2023.pdf
 
 EvidenceStatementSet EVIDENCE-STATEMENT ::= {
-  tcgDiceEvidenceStatementES, ...
+  tcgDiceEvidenceStatementES, 
+  tcgDiceTcbInfoEvidenceStatementES, 
+  ...
+}
+END
+
+TcgDiceAttestation DEFINITIONS AUTOMATIC TAGS ::= BEGIN
+
+EXPORTS ALL;
+
+tcg OBJECT IDENTIFIER ::= { 2 23 133 }
+tcg-dice OBJECT IDENTIFIER ::= { tcg platformClass(5) dice(4) }
+tcg-dice-TcbInfo OBJECT IDENTIFIER ::= { tcg-dice tcbinfo(1) }
+tcg-dice-MultiTcbInfo OBJECT IDENTIFIER ::= {tcg-dice multitcbinfo(5) }
+tcg-dice-UCCS-evidence OBJECT IDENTIFIER ::= {tcg-dice uccs-evidence(6) }
+tcg-dice-manifest-evidence OBJECT IDENTIFIER ::= {tcg-dice manifest-evidience(7) }
+tcg-dice-MultiTcbInfoComp OBJECT IDENTIFIER ::= {tcg-dice multitcbinfocomp(8) }
+tcg-dice-conceptual-message-wrapper OBJECT IDENTIFIER ::= { tcg-dice cmw(9) }
+
+DiceConceptualMessageWrapper ::= SEQUENCE {
+  cmw OCTECT STRING
 }
 
+DiceTcbInfo ::= SEQUENCE {
+  vendor [0] IMPLICIT UTF8String OPTIONAL,
+  model [1] IMPLICIT UTF8String OPTIONAL,
+  version [2] IMPLICIT UTF8String OPTIONAL,
+  svn [3] IMPLICIT INTEGER OPTIONAL,
+  layer [4] IMPLICIT INTEGER OPTIONAL,
+  index [5] IMPLICIT INTEGER OPTIONAL,
+  fwids [6] IMPLICIT FWIDLIST OPTIONAL,
+  flags [7] IMPLICIT OperationalFlags OPTIONAL,
+  vendorInfo [8] IMPLICIT OCTET STRING OPTIONAL,
+  type [9] IMPLICIT OCTET STRING OPTIONAL,
+  flagsMask [10]IMPLICIT OperationalFlagsMask OPTIONAL,
+  integrityRegisters [11] IMPLICIT IrList OPTIONAL
+}
+
+FWIDLIST ::= SEQUENCE SIZE (1..MAX) OF FWID
+  FWID ::= SEQUENCE {
+  hashAlg OBJECT IDENTIFIER,
+  digest OCTET STRING
+}
+
+OperationalFlags ::= BIT STRING {
+  notConfigured (0),
+  notSecure (1),
+  recovery (2),
+  debug (3),
+  notReplayProtected (4),
+  notIntegrityProtected (5),
+  notRuntimeMeasured (6),
+  notImmutable (7),
+  notTcb (8),
+  fixedWidth (31)
+}
+
+OperationalFlagsMask ::= BIT STRING {
+  notConfigured (0),
+  notSecure (1),
+  recovery (2),
+  debug (3),
+  notReplayProtected (4),
+  notIntegrityProtected (5),
+  notRuntimeMeasured (6),
+  notImmutable (7),
+  notTcb (8),
+  fixedWidth (31)
+}
+
+IrList ::= SEQUENCE SIZE (1..MAX) OF IntegrityRegister
+
+IntegrityRegister ::= SEQUENCE {
+  registerName IA5String OPTIONAL,
+  registerNum INTEGER OPTIONAL,
+  hashAlg OBJECT IDENTIFIER,
+  digest OCTET STRING
+}
+
+END