asn1: Import ASN.1 modules from RFCs 4043 and 4108

Browse Source

In preparation for adding support for TPM attestations as an authentication
method in bx509d for a host trust bootstrap mechanism based on TPMs and their
endorsement keys and endorsement key certificates.

The plan is to add support to libhx509 and hxtool for PermanentIdentifier
(RFC4043) and HardwareModuleName (RFC4108) SANs, and then to add a query
parameter to bx509d for passing an attestation and a proof-of-possession
(either CMS or CSR), and add an authorizer plugin call for authorizing a device
manufacturer and serial number to hostname.  Support for TPMs w/o endorsement
key certificates should also be possible based on a digest of the endorsement
key as the "serial number".

...

This commit is contained in:

Nicolas Williams

2020-12-16 10:50:14 -06:00

parent fb6f89f295

commit 7f0349e1fb

7 changed files with 4682 additions and 0 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

3419

doc/standardisation/rfc4108.txt Normal file

File diff suppressed because it is too large Load Diff