oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

asn1: Add TCG module

Browse Source 
This is in preparation for adding support for TPM-related functionality
in lib/hx509 and, eventually, in bx509d.
This commit is contained in:
Nicolas Williams
2020-12-17 12:05:27 -06:00
parent 936d8dd4ee
commit 727578f7b1
5 changed files with 271 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
lib/asn1/Makefile.am
View File

@@ -25,9 +25,10 @@ BUILT_SOURCES = \
$(gen_files_rfc2459:.x=.c) \ $(gen_files_rfc2459:.x=.c) \
$(gen_files_rfc4043:.x=.c) \ $(gen_files_rfc4043:.x=.c) \
$(gen_files_rfc4108:.x=.c) \ $(gen_files_rfc4108:.x=.c) \
$(gen_files_tcg:.x=.c) \
$(gen_files_cms:.x=.c) \ $(gen_files_cms:.x=.c) \
$(gen_files_krb5:.x=.c) \ $(gen_files_krb5:.x=.c) \
$(gen_files_ocsp:.x=.c) \ $(gen_files_ocsp:.x=.c) \
$(gen_files_pkinit:.x=.c) \ $(gen_files_pkinit:.x=.c) \
$(gen_files_pkcs8:.x=.c) \ $(gen_files_pkcs8:.x=.c) \
$(gen_files_pkcs9:.x=.c) \ $(gen_files_pkcs9:.x=.c) \
@@ -42,6 +43,7 @@ gen_files_crmf = asn1_crmf_asn1.x
gen_files_rfc2459 = asn1_rfc2459_asn1.x gen_files_rfc2459 = asn1_rfc2459_asn1.x
gen_files_rfc4043 = asn1_rfc4043_asn1.x gen_files_rfc4043 = asn1_rfc4043_asn1.x
gen_files_rfc4108 = asn1_rfc4108_asn1.x gen_files_rfc4108 = asn1_rfc4108_asn1.x
gen_files_tcg = asn1_tcg_asn1.x
gen_files_ocsp = asn1_ocsp_asn1.x gen_files_ocsp = asn1_ocsp_asn1.x
gen_files_pkinit = asn1_pkinit_asn1.x gen_files_pkinit = asn1_pkinit_asn1.x
gen_files_pkcs10 = asn1_pkcs10_asn1.x gen_files_pkcs10 = asn1_pkcs10_asn1.x
@@ -52,8 +54,7 @@ gen_files_test_template = test_template_asn1-template.x
gen_files_test = asn1_test_asn1.x gen_files_test = asn1_test_asn1.x
gen_files_digest = asn1_digest_asn1.x gen_files_digest = asn1_digest_asn1.x
gen_files_kx509 = asn1_kx509_asn1.x gen_files_kx509 = asn1_kx509_asn1.x
gen_files_rfc4043 = asn1_rfc4043_asn1.x gen_files_tcg = asn1_tcg_asn1.x
gen_files_rfc4108 = asn1_rfc4108_asn1.x
oid_resolution.lo: $(BUILT_SOURCES) oid_resolution.lo: $(BUILT_SOURCES)
@@ -147,6 +148,7 @@ CLEANFILES = \
$(gen_files_rfc2459) \ $(gen_files_rfc2459) \
$(gen_files_rfc4043) \ $(gen_files_rfc4043) \
$(gen_files_rfc4108) \ $(gen_files_rfc4108) \
$(gen_files_tcg) \
$(gen_files_cms) \ $(gen_files_cms) \
$(gen_files_krb5) \ $(gen_files_krb5) \
$(gen_files_ocsp) \ $(gen_files_ocsp) \
@@ -164,6 +166,7 @@ CLEANFILES = \
rfc2459_asn1_files rfc2459_asn1*.h* \ rfc2459_asn1_files rfc2459_asn1*.h* \
rfc4043_asn1_files rfc4043_asn1*.h* \ rfc4043_asn1_files rfc4043_asn1*.h* \
rfc4108_asn1_files rfc4108_asn1*.h* \ rfc4108_asn1_files rfc4108_asn1*.h* \
tcg_asn1_files tcg_asn1*.h* \
cms_asn1_files cms_asn1*.h* \ cms_asn1_files cms_asn1*.h* \
crmf_asn1_files crmf_asn1*.h* \ crmf_asn1_files crmf_asn1*.h* \
krb5_asn1_files krb5_asn1*.h* \ krb5_asn1_files krb5_asn1*.h* \
@@ -191,6 +194,7 @@ nodist_include_HEADERS += crmf_asn1.h
nodist_include_HEADERS += rfc2459_asn1.h nodist_include_HEADERS += rfc2459_asn1.h
nodist_include_HEADERS += rfc4043_asn1.h nodist_include_HEADERS += rfc4043_asn1.h
nodist_include_HEADERS += rfc4108_asn1.h nodist_include_HEADERS += rfc4108_asn1.h
nodist_include_HEADERS += tcg_asn1.h
nodist_include_HEADERS += ocsp_asn1.h nodist_include_HEADERS += ocsp_asn1.h
nodist_include_HEADERS += pkcs8_asn1.h nodist_include_HEADERS += pkcs8_asn1.h
nodist_include_HEADERS += pkcs9_asn1.h nodist_include_HEADERS += pkcs9_asn1.h
@@ -206,6 +210,7 @@ priv_headers += crmf_asn1-priv.h
priv_headers += rfc2459_asn1-priv.h priv_headers += rfc2459_asn1-priv.h
priv_headers += rfc4043_asn1-priv.h priv_headers += rfc4043_asn1-priv.h
priv_headers += rfc4108_asn1-priv.h priv_headers += rfc4108_asn1-priv.h
priv_headers += tcg_asn1-priv.h
priv_headers += ocsp_asn1-priv.h priv_headers += ocsp_asn1-priv.h
priv_headers += pkcs8_asn1-priv.h priv_headers += pkcs8_asn1-priv.h
priv_headers += pkcs9_asn1-priv.h priv_headers += pkcs9_asn1-priv.h
@@ -239,6 +244,7 @@ $(gen_files_kx509) kx509_asn1.hx kx509_asn1-priv.hx: kx509_asn1_files
$(gen_files_rfc2459) rfc2459_asn1.hx rfc2459_asn1-priv.hx: rfc2459_asn1_files $(gen_files_rfc2459) rfc2459_asn1.hx rfc2459_asn1-priv.hx: rfc2459_asn1_files
$(gen_files_rfc4043) rfc4043_asn1.hx rfc4043_asn1-priv.hx: rfc4043_asn1_files $(gen_files_rfc4043) rfc4043_asn1.hx rfc4043_asn1-priv.hx: rfc4043_asn1_files
$(gen_files_rfc4108) rfc4108_asn1.hx rfc4108_asn1-priv.hx: rfc4108_asn1_files $(gen_files_rfc4108) rfc4108_asn1.hx rfc4108_asn1-priv.hx: rfc4108_asn1_files
$(gen_files_tcg) tcg_asn1.hx tcg_asn1-priv.hx: tcg_asn1_files
$(gen_files_cms) cms_asn1.hx cms_asn1-priv.hx: cms_asn1_files $(gen_files_cms) cms_asn1.hx cms_asn1-priv.hx: cms_asn1_files
$(gen_files_crmf) crmf_asn1.hx crmf_asn1-priv.hx: crmf_asn1_files $(gen_files_crmf) crmf_asn1.hx crmf_asn1-priv.hx: crmf_asn1_files
$(gen_files_test) test_asn1.hx test_asn1-priv.hx: test_asn1_files $(gen_files_test) test_asn1.hx test_asn1-priv.hx: test_asn1_files
@@ -253,6 +259,9 @@ rfc4043_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/rfc4043.asn1
rfc4108_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/rfc4108.asn1 rfc4108_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/rfc4108.asn1
$(ASN1_COMPILE) --one-code-file $(srcdir)/rfc4108.asn1 rfc4108_asn1 || (rm -f rfc4108_asn1_files ; exit 1) $(ASN1_COMPILE) --one-code-file $(srcdir)/rfc4108.asn1 rfc4108_asn1 || (rm -f rfc4108_asn1_files ; exit 1)
tcg_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/tcg.asn1
$(ASN1_COMPILE) --prefix-enum --one-code-file $(srcdir)/tcg.asn1 tcg_asn1 || (rm -f tcg_asn1_files ; exit 1)
cms_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/cms.asn1 $(srcdir)/cms.opt cms_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/cms.asn1 $(srcdir)/cms.opt
$(ASN1_COMPILE) --one-code-file --option-file=$(srcdir)/cms.opt $(srcdir)/cms.asn1 cms_asn1 || (rm -f cms_asn1_files ; exit 1) $(ASN1_COMPILE) --one-code-file --option-file=$(srcdir)/cms.opt $(srcdir)/cms.asn1 cms_asn1 || (rm -f cms_asn1_files ; exit 1)
@@ -317,6 +326,7 @@ EXTRA_DIST = \
rfc2459.asn1 \ rfc2459.asn1 \
rfc4043.asn1 \ rfc4043.asn1 \
rfc4108.asn1 \ rfc4108.asn1 \
tcg.asn1 \
setchgpw2.asn1 \ setchgpw2.asn1 \
test.asn1 \ test.asn1 \
test.gen \ test.gen \

17
lib/asn1/NTMakefile
View File

@@ -47,6 +47,8 @@ gen_files_rfc4043 = $(OBJ)\asn1_rfc4043_asn1.x
gen_files_rfc4108 = $(OBJ)\asn1_rfc4108_asn1.x gen_files_rfc4108 = $(OBJ)\asn1_rfc4108_asn1.x
gen_files_tcg = $(OBJ)\asn1_tcg_asn1.x
gen_files_ocsp = $(OBJ)\asn1_ocsp_asn1.x gen_files_ocsp = $(OBJ)\asn1_ocsp_asn1.x
gen_files_pkinit = $(OBJ)\asn1_pkinit_asn1.x gen_files_pkinit = $(OBJ)\asn1_pkinit_asn1.x
@@ -123,9 +125,10 @@ LIBASN1_OBJS= \
$(gen_files_rfc2459:.x=.obj) \ $(gen_files_rfc2459:.x=.obj) \
$(gen_files_rfc4043:.x=.obj) \ $(gen_files_rfc4043:.x=.obj) \
$(gen_files_rfc4108:.x=.obj) \ $(gen_files_rfc4108:.x=.obj) \
$(gen_files_tcg:.x=.obj) \
$(gen_files_cms:.x=.obj) \ $(gen_files_cms:.x=.obj) \
$(gen_files_crmf:.x=.obj) \ $(gen_files_crmf:.x=.obj) \
$(gen_files_krb5:.x=.obj) \ $(gen_files_krb5:.x=.obj) \
$(gen_files_ocsp:.x=.obj) \ $(gen_files_ocsp:.x=.obj) \
$(gen_files_pkinit:.x=.obj) \ $(gen_files_pkinit:.x=.obj) \
$(gen_files_pkcs8:.x=.obj) \ $(gen_files_pkcs8:.x=.obj) \
@@ -185,6 +188,8 @@ $(gen_files_rfc4043:.x=.c) : $$(@R).x
$(gen_files_rfc4108:.x=.c) : $$(@R).x $(gen_files_rfc4108:.x=.c) : $$(@R).x
$(gen_files_tcg:.x=.c) : $$(@R).x
$(gen_files_cms:.x=.c) : $$(@R).x $(gen_files_cms:.x=.c) : $$(@R).x
$(gen_files_crmf:.x=.c) : $$(@R).x $(gen_files_crmf:.x=.c) : $$(@R).x
@@ -281,6 +286,14 @@ $(gen_files_rfc4108) $(OBJ)\rfc4108_asn1.hx: $(BINDIR)\asn1_compile.exe rfc4108.
|| ($(RM) $(OBJ)\rfc4108_asn1.h ; exit /b 1) || ($(RM) $(OBJ)\rfc4108_asn1.h ; exit /b 1)
cd $(SRCDIR) cd $(SRCDIR)
$(gen_files_tcg) $(OBJ)\tcg_asn1.hx: $(BINDIR)\asn1_compile.exe tcg.asn1
cd $(OBJ)
$(BINDIR)\asn1_compile.exe \
--one-code-file \
$(SRCDIR)\tcg.asn1 tcg_asn1 \
|| ($(RM) $(OBJ)\tcg_asn1.h ; exit /b 1)
cd $(SRCDIR)
$(gen_files_cms) $(OBJ)\cms_asn1.hx: $(BINDIR)\asn1_compile.exe cms.asn1 cms.opt $(gen_files_cms) $(OBJ)\cms_asn1.hx: $(BINDIR)\asn1_compile.exe cms.asn1 cms.opt
cd $(OBJ) cd $(OBJ)
$(BINDIR)\asn1_compile.exe \ $(BINDIR)\asn1_compile.exe \
@@ -332,6 +345,7 @@ GENINCFILES= \
$(INCDIR)\rfc2459_asn1.h \ $(INCDIR)\rfc2459_asn1.h \
$(INCDIR)\rfc4043_asn1.h \ $(INCDIR)\rfc4043_asn1.h \
$(INCDIR)\rfc4108_asn1.h \ $(INCDIR)\rfc4108_asn1.h \
$(INCDIR)\tcg_asn1.h \
$(OBJ)\krb5_asn1-priv.h \ $(OBJ)\krb5_asn1-priv.h \
$(OBJ)\ocsp_asn1-priv.h \ $(OBJ)\ocsp_asn1-priv.h \
$(OBJ)\pkinit_asn1-priv.h \ $(OBJ)\pkinit_asn1-priv.h \
@@ -340,6 +354,7 @@ GENINCFILES= \
$(OBJ)\rfc2459_asn1-priv.h \ $(OBJ)\rfc2459_asn1-priv.h \
$(OBJ)\rfc4043_asn1-priv.h \ $(OBJ)\rfc4043_asn1-priv.h \
$(OBJ)\rfc4108_asn1-priv.h \ $(OBJ)\rfc4108_asn1-priv.h \
$(OBJ)\tcg_asn1-priv.h \
$(OBJ)\pkcs8_asn1-priv.h \ $(OBJ)\pkcs8_asn1-priv.h \
$(OBJ)\pkcs9_asn1-priv.h \ $(OBJ)\pkcs9_asn1-priv.h \
$(OBJ)\pkcs10_asn1-priv.h \ $(OBJ)\pkcs10_asn1-priv.h \

79
lib/asn1/libasn1-exports.def
View File

@@ -241,6 +241,20 @@ EXPORTS
asn1_oid_id_x509_ce_subjectKeyIdentifier DATA asn1_oid_id_x509_ce_subjectKeyIdentifier DATA
asn1_oid_id_x520_at DATA asn1_oid_id_x520_at DATA
asn1_oid_id_x9_57 DATA asn1_oid_id_x9_57 DATA
asn1_oid_tcg_at_tpmManufacturer DATA
asn1_oid_tcg_at_tpmModel DATA
asn1_oid_tcg_at_tpmSecurityAssertions DATA
asn1_oid_tcg_at_tpmSpecification DATA
asn1_oid_tcg_at_tpmVersion DATA
asn1_oid_tcg_attribute DATA
asn1_oid_tcg_cap_verifiedTPMFixed DATA
asn1_oid_tcg_cap_verifiedTPMResidency DATA
asn1_oid_tcg_cap_verifiedTPMRestricted DATA
asn1_oid_tcg DATA
asn1_oid_tcg_kp DATA
asn1_oid_tcg_kp_EKCertificate DATA
asn1_oid_tcg_on_ekPermIdSha256 DATA
asn1_oid_tcg_tpm20 DATA
asn1_SAMFlags_units asn1_SAMFlags_units
asn1_TicketFlags_units asn1_TicketFlags_units
copy_AccessDescription copy_AccessDescription
@@ -288,6 +302,7 @@ EXPORTS
copy_CMSIdentifier copy_CMSIdentifier
copy_CMSRC2CBCParameter copy_CMSRC2CBCParameter
copy_CMSVersion copy_CMSVersion
copy_CommonCriteriaMeasures
copy_CommunityIdentifier copy_CommunityIdentifier
copy_CommunityIdentifiers copy_CommunityIdentifiers
copy_ContentEncryptionAlgorithmIdentifier copy_ContentEncryptionAlgorithmIdentifier
@@ -326,6 +341,9 @@ EXPORTS
copy_ECDSA_Sig_Value copy_ECDSA_Sig_Value
copy_ECParameters copy_ECParameters
copy_ECPoint copy_ECPoint
copy_EKCertificateGenerationLocation
copy_EKGenerationLocation
copy_EKGenerationType
copy_EncAPRepPart copy_EncAPRepPart
copy_EncapsulatedContentInfo copy_EncapsulatedContentInfo
copy_EncASRepPart copy_EncASRepPart
@@ -346,12 +364,15 @@ EXPORTS
copy_ETYPE_INFO2_ENTRY copy_ETYPE_INFO2_ENTRY
copy_ETYPE_INFO_ENTRY copy_ETYPE_INFO_ENTRY
copy_EtypeList copy_EtypeList
copy_EvaluationAssuranceLevel
copy_EvaluationStatus
copy_Extension copy_Extension
copy_Extensions copy_Extensions
copy_ExternalPrincipalIdentifier copy_ExternalPrincipalIdentifier
copy_ExternalPrincipalIdentifiers copy_ExternalPrincipalIdentifiers
copy_ExtKeyUsage copy_ExtKeyUsage
copy_FastOptions copy_FastOptions
copy_FIPSLevel
copy_FirmwarePackageIdentifier copy_FirmwarePackageIdentifier
copy_FirmwarePackageInfo copy_FirmwarePackageInfo
copy_FirmwarePackageLoadError copy_FirmwarePackageLoadError
@@ -517,12 +538,14 @@ EXPORTS
copy_RSAPrivateKey copy_RSAPrivateKey
copy_RSAPublicKey copy_RSAPublicKey
copy_SAMFlags copy_SAMFlags
copy_SecurityLevel
copy_SignatureAlgorithmIdentifier copy_SignatureAlgorithmIdentifier
copy_SignatureValue copy_SignatureValue
copy_SignedData copy_SignedData
copy_SignerIdentifier copy_SignerIdentifier
copy_SignerInfo copy_SignerInfo
copy_SignerInfos copy_SignerInfos
copy_StrengthOfFunction
copy_SubjectInfoAccessSyntax copy_SubjectInfoAccessSyntax
copy_SubjectKeyIdentifier copy_SubjectKeyIdentifier
copy_SubjectPublicKeyInfo copy_SubjectPublicKeyInfo
@@ -537,6 +560,9 @@ EXPORTS
copy_Ticket copy_Ticket
copy_TicketFlags copy_TicketFlags
copy_Time copy_Time
copy_TPMSecurityAssertions
copy_TPMSpecification
copy_TPMVersion
copy_TransitedEncoding copy_TransitedEncoding
copy_TrustedCA copy_TrustedCA
copy_TrustedCA_Win2k copy_TrustedCA_Win2k
@@ -544,6 +570,7 @@ EXPORTS
copy_TYPED_DATA copy_TYPED_DATA
copy_UniqueIdentifier copy_UniqueIdentifier
copy_UnprotectedAttributes copy_UnprotectedAttributes
copy_URIReference
copy_ValidationParms copy_ValidationParms
copy_Validity copy_Validity
copy_VendorLoadErrorCode copy_VendorLoadErrorCode
@@ -594,6 +621,7 @@ EXPORTS
decode_CMSIdentifier decode_CMSIdentifier
decode_CMSRC2CBCParameter decode_CMSRC2CBCParameter
decode_CMSVersion decode_CMSVersion
decode_CommonCriteriaMeasures
decode_CommunityIdentifier decode_CommunityIdentifier
decode_CommunityIdentifiers decode_CommunityIdentifiers
decode_ContentEncryptionAlgorithmIdentifier decode_ContentEncryptionAlgorithmIdentifier
@@ -632,6 +660,9 @@ EXPORTS
decode_ECDSA_Sig_Value decode_ECDSA_Sig_Value
decode_ECParameters decode_ECParameters
decode_ECPoint decode_ECPoint
decode_EKCertificateGenerationLocation
decode_EKGenerationLocation
decode_EKGenerationType
decode_EncAPRepPart decode_EncAPRepPart
decode_EncapsulatedContentInfo decode_EncapsulatedContentInfo
decode_EncASRepPart decode_EncASRepPart
@@ -652,12 +683,15 @@ EXPORTS
decode_ETYPE_INFO2_ENTRY decode_ETYPE_INFO2_ENTRY
decode_ETYPE_INFO_ENTRY decode_ETYPE_INFO_ENTRY
decode_EtypeList decode_EtypeList
decode_EvaluationAssuranceLevel
decode_EvaluationStatus
decode_Extension decode_Extension
decode_Extensions decode_Extensions
decode_ExternalPrincipalIdentifier decode_ExternalPrincipalIdentifier
decode_ExternalPrincipalIdentifiers decode_ExternalPrincipalIdentifiers
decode_ExtKeyUsage decode_ExtKeyUsage
decode_FastOptions decode_FastOptions
decode_FIPSLevel
decode_FirmwarePackageIdentifier decode_FirmwarePackageIdentifier
decode_FirmwarePackageInfo decode_FirmwarePackageInfo
decode_FirmwarePackageLoadError decode_FirmwarePackageLoadError
@@ -823,12 +857,14 @@ EXPORTS
decode_RSAPrivateKey decode_RSAPrivateKey
decode_RSAPublicKey decode_RSAPublicKey
decode_SAMFlags decode_SAMFlags
decode_SecurityLevel
decode_SignatureAlgorithmIdentifier decode_SignatureAlgorithmIdentifier
decode_SignatureValue decode_SignatureValue
decode_SignedData decode_SignedData
decode_SignerIdentifier decode_SignerIdentifier
decode_SignerInfo decode_SignerInfo
decode_SignerInfos decode_SignerInfos
decode_StrengthOfFunction
decode_SubjectInfoAccessSyntax decode_SubjectInfoAccessSyntax
decode_SubjectKeyIdentifier decode_SubjectKeyIdentifier
decode_SubjectPublicKeyInfo decode_SubjectPublicKeyInfo
@@ -843,6 +879,9 @@ EXPORTS
decode_Ticket decode_Ticket
decode_TicketFlags decode_TicketFlags
decode_Time decode_Time
decode_TPMSecurityAssertions
decode_TPMSpecification
decode_TPMVersion
decode_TransitedEncoding decode_TransitedEncoding
decode_TrustedCA decode_TrustedCA
decode_TrustedCA_Win2k decode_TrustedCA_Win2k
@@ -850,6 +889,7 @@ EXPORTS
decode_TYPED_DATA decode_TYPED_DATA
decode_UniqueIdentifier decode_UniqueIdentifier
decode_UnprotectedAttributes decode_UnprotectedAttributes
decode_URIReference
decode_ValidationParms decode_ValidationParms
decode_Validity decode_Validity
decode_VendorLoadErrorCode decode_VendorLoadErrorCode
@@ -1027,6 +1067,7 @@ EXPORTS
encode_CMSIdentifier encode_CMSIdentifier
encode_CMSRC2CBCParameter encode_CMSRC2CBCParameter
encode_CMSVersion encode_CMSVersion
encode_CommonCriteriaMeasures
encode_CommunityIdentifier encode_CommunityIdentifier
encode_CommunityIdentifiers encode_CommunityIdentifiers
encode_ContentEncryptionAlgorithmIdentifier encode_ContentEncryptionAlgorithmIdentifier
@@ -1065,6 +1106,9 @@ EXPORTS
encode_ECDSA_Sig_Value encode_ECDSA_Sig_Value
encode_ECParameters encode_ECParameters
encode_ECPoint encode_ECPoint
encode_EKCertificateGenerationLocation
encode_EKGenerationLocation
encode_EKGenerationType
encode_EncAPRepPart encode_EncAPRepPart
encode_EncapsulatedContentInfo encode_EncapsulatedContentInfo
encode_EncASRepPart encode_EncASRepPart
@@ -1085,12 +1129,15 @@ EXPORTS
encode_ETYPE_INFO2_ENTRY encode_ETYPE_INFO2_ENTRY
encode_ETYPE_INFO_ENTRY encode_ETYPE_INFO_ENTRY
encode_EtypeList encode_EtypeList
encode_EvaluationAssuranceLevel
encode_EvaluationStatus
encode_Extension encode_Extension
encode_Extensions encode_Extensions
encode_ExternalPrincipalIdentifier encode_ExternalPrincipalIdentifier
encode_ExternalPrincipalIdentifiers encode_ExternalPrincipalIdentifiers
encode_ExtKeyUsage encode_ExtKeyUsage
encode_FastOptions encode_FastOptions
encode_FIPSLevel
encode_FirmwarePackageIdentifier encode_FirmwarePackageIdentifier
encode_FirmwarePackageInfo encode_FirmwarePackageInfo
encode_FirmwarePackageLoadError encode_FirmwarePackageLoadError
@@ -1256,12 +1303,14 @@ EXPORTS
encode_RSAPrivateKey encode_RSAPrivateKey
encode_RSAPublicKey encode_RSAPublicKey
encode_SAMFlags encode_SAMFlags
encode_SecurityLevel
encode_SignatureAlgorithmIdentifier encode_SignatureAlgorithmIdentifier
encode_SignatureValue encode_SignatureValue
encode_SignedData encode_SignedData
encode_SignerIdentifier encode_SignerIdentifier
encode_SignerInfo encode_SignerInfo
encode_SignerInfos encode_SignerInfos
encode_StrengthOfFunction
encode_SubjectInfoAccessSyntax encode_SubjectInfoAccessSyntax
encode_SubjectKeyIdentifier encode_SubjectKeyIdentifier
encode_SubjectPublicKeyInfo encode_SubjectPublicKeyInfo
@@ -1276,6 +1325,9 @@ EXPORTS
encode_Ticket encode_Ticket
encode_TicketFlags encode_TicketFlags
encode_Time encode_Time
encode_TPMSecurityAssertions
encode_TPMSpecification
encode_TPMVersion
encode_TransitedEncoding encode_TransitedEncoding
encode_TrustedCA encode_TrustedCA
encode_TrustedCA_Win2k encode_TrustedCA_Win2k
@@ -1283,6 +1335,7 @@ EXPORTS
encode_TYPED_DATA encode_TYPED_DATA
encode_UniqueIdentifier encode_UniqueIdentifier
encode_UnprotectedAttributes encode_UnprotectedAttributes
encode_URIReference
encode_ValidationParms encode_ValidationParms
encode_Validity encode_Validity
encode_VendorLoadErrorCode encode_VendorLoadErrorCode
@@ -1334,6 +1387,7 @@ EXPORTS
free_CMSIdentifier free_CMSIdentifier
free_CMSRC2CBCParameter free_CMSRC2CBCParameter
free_CMSVersion free_CMSVersion
free_CommonCriteriaMeasures
free_CommunityIdentifier free_CommunityIdentifier
free_CommunityIdentifiers free_CommunityIdentifiers
free_ContentEncryptionAlgorithmIdentifier free_ContentEncryptionAlgorithmIdentifier
@@ -1372,6 +1426,9 @@ EXPORTS
free_ECDSA_Sig_Value free_ECDSA_Sig_Value
free_ECParameters free_ECParameters
free_ECPoint free_ECPoint
free_EKCertificateGenerationLocation
free_EKGenerationLocation
free_EKGenerationType
free_EncAPRepPart free_EncAPRepPart
free_EncapsulatedContentInfo free_EncapsulatedContentInfo
free_EncASRepPart free_EncASRepPart
@@ -1392,12 +1449,15 @@ EXPORTS
free_ETYPE_INFO2_ENTRY free_ETYPE_INFO2_ENTRY
free_ETYPE_INFO_ENTRY free_ETYPE_INFO_ENTRY
free_EtypeList free_EtypeList
free_EvaluationAssuranceLevel
free_EvaluationStatus
free_Extension free_Extension
free_Extensions free_Extensions
free_ExternalPrincipalIdentifier free_ExternalPrincipalIdentifier
free_ExternalPrincipalIdentifiers free_ExternalPrincipalIdentifiers
free_ExtKeyUsage free_ExtKeyUsage
free_FastOptions free_FastOptions
free_FIPSLevel
free_FirmwarePackageIdentifier free_FirmwarePackageIdentifier
free_FirmwarePackageInfo free_FirmwarePackageInfo
free_FirmwarePackageLoadError free_FirmwarePackageLoadError
@@ -1563,12 +1623,14 @@ EXPORTS
free_RSAPrivateKey free_RSAPrivateKey
free_RSAPublicKey free_RSAPublicKey
free_SAMFlags free_SAMFlags
free_SecurityLevel
free_SignatureAlgorithmIdentifier free_SignatureAlgorithmIdentifier
free_SignatureValue free_SignatureValue
free_SignedData free_SignedData
free_SignerIdentifier free_SignerIdentifier
free_SignerInfo free_SignerInfo
free_SignerInfos free_SignerInfos
free_StrengthOfFunction
free_SubjectInfoAccessSyntax free_SubjectInfoAccessSyntax
free_SubjectKeyIdentifier free_SubjectKeyIdentifier
free_SubjectPublicKeyInfo free_SubjectPublicKeyInfo
@@ -1583,6 +1645,9 @@ EXPORTS
free_Ticket free_Ticket
free_TicketFlags free_TicketFlags
free_Time free_Time
free_TPMSecurityAssertions
free_TPMSpecification
free_TPMVersion
free_TransitedEncoding free_TransitedEncoding
free_TrustedCA free_TrustedCA
free_TrustedCA_Win2k free_TrustedCA_Win2k
@@ -1590,6 +1655,7 @@ EXPORTS
free_TYPED_DATA free_TYPED_DATA
free_UniqueIdentifier free_UniqueIdentifier
free_UnprotectedAttributes free_UnprotectedAttributes
free_URIReference
free_ValidationParms free_ValidationParms
free_Validity free_Validity
free_VendorLoadErrorCode free_VendorLoadErrorCode
@@ -1662,6 +1728,7 @@ EXPORTS
length_CMSIdentifier length_CMSIdentifier
length_CMSRC2CBCParameter length_CMSRC2CBCParameter
length_CMSVersion length_CMSVersion
length_CommonCriteriaMeasures
length_CommunityIdentifier length_CommunityIdentifier
length_CommunityIdentifiers length_CommunityIdentifiers
length_ContentEncryptionAlgorithmIdentifier length_ContentEncryptionAlgorithmIdentifier
@@ -1700,6 +1767,9 @@ EXPORTS
length_ECDSA_Sig_Value length_ECDSA_Sig_Value
length_ECParameters length_ECParameters
length_ECPoint length_ECPoint
length_EKCertificateGenerationLocation
length_EKGenerationLocation
length_EKGenerationType
length_EncAPRepPart length_EncAPRepPart
length_EncapsulatedContentInfo length_EncapsulatedContentInfo
length_EncASRepPart length_EncASRepPart
@@ -1720,12 +1790,15 @@ EXPORTS
length_ETYPE_INFO2_ENTRY length_ETYPE_INFO2_ENTRY
length_ETYPE_INFO_ENTRY length_ETYPE_INFO_ENTRY
length_EtypeList length_EtypeList
length_EvaluationAssuranceLevel
length_EvaluationStatus
length_Extension length_Extension
length_Extensions length_Extensions
length_ExternalPrincipalIdentifier length_ExternalPrincipalIdentifier
length_ExternalPrincipalIdentifiers length_ExternalPrincipalIdentifiers
length_ExtKeyUsage length_ExtKeyUsage
length_FastOptions length_FastOptions
length_FIPSLevel
length_FirmwarePackageIdentifier length_FirmwarePackageIdentifier
length_FirmwarePackageInfo length_FirmwarePackageInfo
length_FirmwarePackageLoadError length_FirmwarePackageLoadError
@@ -1891,12 +1964,14 @@ EXPORTS
length_RSAPrivateKey length_RSAPrivateKey
length_RSAPublicKey length_RSAPublicKey
length_SAMFlags length_SAMFlags
length_SecurityLevel
length_SignatureAlgorithmIdentifier length_SignatureAlgorithmIdentifier
length_SignatureValue length_SignatureValue
length_SignedData length_SignedData
length_SignerIdentifier length_SignerIdentifier
length_SignerInfo length_SignerInfo
length_SignerInfos length_SignerInfos
length_StrengthOfFunction
length_SubjectInfoAccessSyntax length_SubjectInfoAccessSyntax
length_SubjectKeyIdentifier length_SubjectKeyIdentifier
length_SubjectPublicKeyInfo length_SubjectPublicKeyInfo
@@ -1911,6 +1986,9 @@ EXPORTS
length_Ticket length_Ticket
length_TicketFlags length_TicketFlags
length_Time length_Time
length_TPMSecurityAssertions
length_TPMSpecification
length_TPMVersion
length_TransitedEncoding length_TransitedEncoding
length_TrustedCA length_TrustedCA
length_TrustedCA_Win2k length_TrustedCA_Win2k
@@ -1918,6 +1996,7 @@ EXPORTS
length_TYPED_DATA length_TYPED_DATA
length_UniqueIdentifier length_UniqueIdentifier
length_UnprotectedAttributes length_UnprotectedAttributes
length_URIReference
length_ValidationParms length_ValidationParms
length_Validity length_Validity
length_VendorLoadErrorCode length_VendorLoadErrorCode

2
lib/asn1/oid_resolution.c
View File

@@ -46,6 +46,7 @@
#include "pkcs9_asn1.h" #include "pkcs9_asn1.h"
#include "pkinit_asn1.h" #include "pkinit_asn1.h"
#include "rfc2459_asn1.h" #include "rfc2459_asn1.h"
#include "tcg_asn1.h"
struct sym_oid { struct sym_oid {
@@ -70,6 +71,7 @@ static const struct sym_oid sym_oids[] = {
#include "pkcs9_asn1_oids.x" #include "pkcs9_asn1_oids.x"
#include "pkinit_asn1_oids.x" #include "pkinit_asn1_oids.x"
#include "rfc2459_asn1_oids.x" #include "rfc2459_asn1_oids.x"
#include "tcg_asn1_oids.x"
}; };
static size_t num_sym_oids = sizeof(sym_oids) / sizeof(sym_oids[0]); static size_t num_sym_oids = sizeof(sym_oids) / sizeof(sym_oids[0]);

161
lib/asn1/tcg.asn1 Normal file
View File

@@ -0,0 +1,161 @@
TCG DEFINITIONS ::= BEGIN
IMPORTS CertificateSerialNumber, AlgorithmIdentifier, Name,
Attribute, Certificate, SubjectKeyIdentifier FROM rfc2459
heim_any, heim_any_set FROM heim;
-- BEGIN Heimdal commentary
--
-- Copy-pasted from section 4 of
-- https://trustedcomputinggroup.org/wp-content/uploads/TCG_IWG_EKCredentialProfile_v2p3_r2_pub.pdf
-- https://trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_EK_V2.0_R14_published.pdf
-- and adjusted to compile as follows:
--
-- - Extensibility markers added to all SEQUENCEs as per the TCG's spec they
-- reserve the right to add fields in the future.
-- - Information Object System annotations commented out (Heimdal does not
-- support them)
-- - Types sorted topologically (at the time I did that the Heimdal ASN.1
-- compiler wouldn't do that on its own)
-- - Two otherwise equal ENUMERATED types share a definition now (at the time
-- the Heimdal ASN.1 compiler did not prefix labels of ENUMERATED types)
--
-- A small note for anyone whoever finds this: do not add complex structures as
-- DN attributes, or, indeed, never add DN attributes again. If some metadata
-- is name-like, then add a subjectAlternativeName otherName for it, otherwise
-- add a certificate extension to carry that metadata. And, for any name-like
-- metadata, always always include query and display syntax for it.
--
-- Anyone designing anything but the simplest schema in ASN.1 should have to
-- learn a bit more about ASN.1 and/or get a review from ASN.1 experts.
--
-- Anyone designing anything but the simplest x.509 extensions should have to
-- learn a bit more about ASN.1 and x.509 and/or get a review from x.509
-- experts.
--
-- Note that a module OID was not provided. Indeed, a valid, complete ASN.1
-- module was not provided.
--
-- END Heimdal commentary (though some minor Heimdal commentary appears below)
--TCG specific OIDs
tcg OBJECT IDENTIFIER ::= {joint-iso-itu-t(2) international-organizations(23) tcg(133)}
tcg-attribute OBJECT IDENTIFIER ::= {tcg 2}
tcg-kp OBJECT IDENTIFIER ::= {tcg 8}
--TCG Attribute OIDs
tcg-at-tpmManufacturer OBJECT IDENTIFIER ::= {tcg-attribute 1}
tcg-at-tpmModel OBJECT IDENTIFIER ::= {tcg-attribute 2}
tcg-at-tpmVersion OBJECT IDENTIFIER ::= {tcg-attribute 3}
tcg-at-tpmSpecification OBJECT IDENTIFIER ::= {tcg-attribute 16}
tcg-at-tpmSecurityAssertions OBJECT IDENTIFIER ::= {tcg-attribute 18}
--TCG Key Purposes OIDs
tcg-kp-EKCertificate OBJECT IDENTIFIER ::= {tcg-kp 1}
-- OIDs not in the module in TCG_IWG_EKCredentialProfile_v2p3_r2_pub but in
-- TCG_IWG_DevID_v1r2_02dec2020 (missing arc names not mentioned in the TCG
-- specs):
tcg-tpm20 OBJECT IDENTIFIER ::= {tcg 1 2} -- this OID is not named in the TCG specs
tcg-on-ekPermIdSha256 OBJECT IDENTIFIER ::= {tcg 12 1}
tcg-cap-verifiedTPMResidency OBJECT IDENTIFIER ::= {tcg 11 1 1} -- policy OID
tcg-cap-verifiedTPMFixed OBJECT IDENTIFIER ::= {tcg 11 1 2} -- policy OID
tcg-cap-verifiedTPMRestricted OBJECT IDENTIFIER ::= {tcg 11 1 3} -- policy OID
EKGenerationType ::= ENUMERATED {
internal (0),
injected (1),
internalRevocable(2),
injectedRevocable(3)
}
EKGenerationLocation ::= ENUMERATED {
tpmManufacturer (0),
platformManufacturer (1),
ekCertSigner (2)
}
EKCertificateGenerationLocation ::= EKGenerationLocation -- XXX
EvaluationAssuranceLevel ::= ENUMERATED {
ealevell (1),
ealevel2 (2),
ealevel3 (3),
ealevel4 (4),
ealevel5 (5),
ealevel6 (6),
ealevel7 (7)
}
SecurityLevel ::= ENUMERATED {
sllevel1 (1),
sllevel2 (2),
sllevel3 (3),
sllevel4 (4)
}
StrengthOfFunction ::= ENUMERATED {
basic (0),
medium (1),
high (2)
}
URIReference ::= SEQUENCE {
uniformResourceIdentifier IA5String, -- (SIZE (1..URIMAX))
hashAlgorithm AlgorithmIdentifier OPTIONAL,
hashValue BIT STRING OPTIONAL
}
EvaluationStatus ::= ENUMERATED {
designedToMeet (0),
evaluationInProgress (1),
evaluationCompleted (2)
}
--tcg specification attributes for tpm
-- tPMSpecification ATTRIBUTE ::= {WITH SYNTAX TPMSpecification ID tcg-at-tpmSpecification }
TPMSpecification ::= SEQUENCE {
family UTF8String, -- (SIZE (1..STRMAX))
level INTEGER,
revision INTEGER,
...
}
--manufacturer implementation model and version attributes
-- TPMManufacturer ATTRIBUTE ::= {WITH SYNTAX UTF8String (SIZE (1..STRMAX)) ID tcg-at-tpmManufacturer }
-- TPMModel ATTRIBUTE ::= {WITH SYNTAX UTF8String (SIZE (1..STRMAX)) ID tcg-at-tpmModel }
-- TPMVersion ATTRIBUTE ::= {WITH SYNTAX UTF8String (SIZE (1..STRMAX)) ID tcg-at-tpmVersion }
--common criteria evaluation
CommonCriteriaMeasures ::= SEQUENCE {
version IA5String, -- (SIZE (1..STRMAX)) “2.2” or “3.1”;future syntax defined by CC
assurancelevel EvaluationAssuranceLevel,
evaluationStatus EvaluationStatus,
plus BOOLEAN DEFAULT FALSE,
strengthOfFunction [0] IMPLICIT StrengthOfFunction OPTIONAL,
profileOid [1] IMPLICIT OBJECT IDENTIFIER OPTIONAL,
profileUri [2] IMPLICIT URIReference OPTIONAL,
targetOid [3] IMPLICIT OBJECT IDENTIFIER OPTIONAL,
targetUri [4] IMPLICIT URIReference OPTIONAL,
...
}
--fips evaluation
FIPSLevel ::= SEQUENCE {
version IA5String, -- (SIZE (1..STRMAX)) “140-1” or “140-2”
level SecurityLevel,
plus BOOLEAN DEFAULT FALSE,
...
}
--tpm security assertions
TPMVersion ::= INTEGER { tpm-v1(0) }
--tPMSecurityAssertions ATTRIBUTE ::= {WITH SYNTAX TPMSecurityAssertions ID tcg—at-tpmSecurityAssertions}
TPMSecurityAssertions ::= SEQUENCE {
version TPMVersion DEFAULT 0, -- v1
fieldUpgradable BOOLEAN DEFAULT FALSE,
ekGenerationType [0] IMPLICIT EKGenerationType OPTIONAL,
ekGenerationLocation [1] IMPLICIT EKGenerationLocation OPTIONAL,
ekCertificateGenerationLocation [2] IMPLICIT EKCertificateGenerationLocation OPTIONAL,
ccInfo [3] IMPLICIT CommonCriteriaMeasures OPTIONAL,
fipsLevel [4] IMPLICIT FIPSLevel OPTIONAL,
iso9000Certified [5] IMPLICIT BOOLEAN DEFAULT FALSE,
iso9000Uri IA5String OPTIONAL, -- (SIZE (1..URIMAX))
...
}
END