asn1: Import ASN.1 modules from RFCs 4043 and 4108
In preparation for adding support for TPM attestations as an authentication method in bx509d for a host trust bootstrap mechanism based on TPMs and their endorsement keys and endorsement key certificates. The plan is to add support to libhx509 and hxtool for PermanentIdentifier (RFC4043) and HardwareModuleName (RFC4108) SANs, and then to add a query parameter to bx509d for passing an attestation and a proof-of-possession (either CMS or CSR), and add an authorizer plugin call for authorizing a device manufacturer and serial number to hostname. Support for TPMs w/o endorsement key certificates should also be possible based on a digest of the endorsement key as the "serial number".
This commit is contained in:
Nicolas Williams
@@ -23,6 +23,8 @@ libasn1_la_LIBADD = \
|
||||
|
||||
BUILT_SOURCES = \
|
||||
$(gen_files_rfc2459:.x=.c) \
|
||||
$(gen_files_rfc4043:.x=.c) \
|
||||
$(gen_files_rfc4108:.x=.c) \
|
||||
$(gen_files_cms:.x=.c) \
|
||||
$(gen_files_krb5:.x=.c) \
|
||||
$(gen_files_ocsp:.x=.c) \
|
||||
@@ -38,6 +40,8 @@ gen_files_krb5 = asn1_krb5_asn1.x
|
||||
gen_files_cms = asn1_cms_asn1.x
|
||||
gen_files_crmf = asn1_crmf_asn1.x
|
||||
gen_files_rfc2459 = asn1_rfc2459_asn1.x
|
||||
gen_files_rfc4043 = asn1_rfc4043_asn1.x
|
||||
gen_files_rfc4108 = asn1_rfc4108_asn1.x
|
||||
gen_files_ocsp = asn1_ocsp_asn1.x
|
||||
gen_files_pkinit = asn1_pkinit_asn1.x
|
||||
gen_files_pkcs10 = asn1_pkcs10_asn1.x
|
||||
@@ -48,6 +52,8 @@ gen_files_test_template = test_template_asn1-template.x
|
||||
gen_files_test = asn1_test_asn1.x
|
||||
gen_files_digest = asn1_digest_asn1.x
|
||||
gen_files_kx509 = asn1_kx509_asn1.x
|
||||
gen_files_rfc4043 = asn1_rfc4043_asn1.x
|
||||
gen_files_rfc4108 = asn1_rfc4108_asn1.x
|
||||
|
||||
oid_resolution.lo: $(BUILT_SOURCES)
|
||||
|
||||
@@ -139,6 +145,8 @@ check_ber_LDADD = $(check_gen_LDADD)
|
||||
CLEANFILES = \
|
||||
$(BUILT_SOURCES) \
|
||||
$(gen_files_rfc2459) \
|
||||
$(gen_files_rfc4043) \
|
||||
$(gen_files_rfc4108) \
|
||||
$(gen_files_cms) \
|
||||
$(gen_files_krb5) \
|
||||
$(gen_files_ocsp) \
|
||||
@@ -154,6 +162,8 @@ CLEANFILES = \
|
||||
$(nodist_check_gen_SOURCES) \
|
||||
asn1_err.c asn1_err.h \
|
||||
rfc2459_asn1_files rfc2459_asn1*.h* \
|
||||
rfc4043_asn1_files rfc4043_asn1*.h* \
|
||||
rfc4108_asn1_files rfc4108_asn1*.h* \
|
||||
cms_asn1_files cms_asn1*.h* \
|
||||
crmf_asn1_files crmf_asn1*.h* \
|
||||
krb5_asn1_files krb5_asn1*.h* \
|
||||
@@ -179,6 +189,8 @@ nodist_include_HEADERS += pkinit_asn1.h
|
||||
nodist_include_HEADERS += cms_asn1.h
|
||||
nodist_include_HEADERS += crmf_asn1.h
|
||||
nodist_include_HEADERS += rfc2459_asn1.h
|
||||
nodist_include_HEADERS += rfc4043_asn1.h
|
||||
nodist_include_HEADERS += rfc4108_asn1.h
|
||||
nodist_include_HEADERS += ocsp_asn1.h
|
||||
nodist_include_HEADERS += pkcs8_asn1.h
|
||||
nodist_include_HEADERS += pkcs9_asn1.h
|
||||
@@ -192,6 +204,8 @@ priv_headers += pkinit_asn1-priv.h
|
||||
priv_headers += cms_asn1-priv.h
|
||||
priv_headers += crmf_asn1-priv.h
|
||||
priv_headers += rfc2459_asn1-priv.h
|
||||
priv_headers += rfc4043_asn1-priv.h
|
||||
priv_headers += rfc4108_asn1-priv.h
|
||||
priv_headers += ocsp_asn1-priv.h
|
||||
priv_headers += pkcs8_asn1-priv.h
|
||||
priv_headers += pkcs9_asn1-priv.h
|
||||
@@ -223,6 +237,8 @@ $(gen_files_pkcs12) pkcs12_asn1.hx pkcs12_asn1-priv.hx: pkcs12_asn1_files
|
||||
$(gen_files_digest) digest_asn1.hx digest_asn1-priv.hx: digest_asn1_files
|
||||
$(gen_files_kx509) kx509_asn1.hx kx509_asn1-priv.hx: kx509_asn1_files
|
||||
$(gen_files_rfc2459) rfc2459_asn1.hx rfc2459_asn1-priv.hx: rfc2459_asn1_files
|
||||
$(gen_files_rfc4043) rfc4043_asn1.hx rfc4043_asn1-priv.hx: rfc4043_asn1_files
|
||||
$(gen_files_rfc4108) rfc4108_asn1.hx rfc4108_asn1-priv.hx: rfc4108_asn1_files
|
||||
$(gen_files_cms) cms_asn1.hx cms_asn1-priv.hx: cms_asn1_files
|
||||
$(gen_files_crmf) crmf_asn1.hx crmf_asn1-priv.hx: crmf_asn1_files
|
||||
$(gen_files_test) test_asn1.hx test_asn1-priv.hx: test_asn1_files
|
||||
@@ -231,6 +247,12 @@ $(gen_files_test_template) test_template_asn1.hx test_template_asn1-priv.hx: tes
|
||||
rfc2459_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/rfc2459.asn1
|
||||
$(ASN1_COMPILE) --one-code-file --option-file=$(srcdir)/rfc2459.opt $(srcdir)/rfc2459.asn1 rfc2459_asn1 || (rm -f rfc2459_asn1_files ; exit 1)
|
||||
|
||||
rfc4043_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/rfc4043.asn1
|
||||
$(ASN1_COMPILE) --one-code-file $(srcdir)/rfc4043.asn1 rfc4043_asn1 || (rm -f rfc4043_asn1_files ; exit 1)
|
||||
|
||||
rfc4108_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/rfc4108.asn1
|
||||
$(ASN1_COMPILE) --one-code-file $(srcdir)/rfc4108.asn1 rfc4108_asn1 || (rm -f rfc4108_asn1_files ; exit 1)
|
||||
|
||||
cms_asn1_files: asn1_compile$(EXEEXT) $(srcdir)/cms.asn1 $(srcdir)/cms.opt
|
||||
$(ASN1_COMPILE) --one-code-file --option-file=$(srcdir)/cms.opt $(srcdir)/cms.asn1 cms_asn1 || (rm -f cms_asn1_files ; exit 1)
|
||||
|
||||
@@ -293,6 +315,8 @@ EXTRA_DIST = \
|
||||
pkcs10.asn1 \
|
||||
pkinit.asn1 \
|
||||
rfc2459.asn1 \
|
||||
rfc4043.asn1 \
|
||||
rfc4108.asn1 \
|
||||
setchgpw2.asn1 \
|
||||
test.asn1 \
|
||||
test.gen \
|
||||
|
||||
@@ -43,6 +43,10 @@ gen_files_crmf = $(OBJ)\asn1_crmf_asn1.x
|
||||
|
||||
gen_files_rfc2459 = $(OBJ)\asn1_rfc2459_asn1.x
|
||||
|
||||
gen_files_rfc4043 = $(OBJ)\asn1_rfc4043_asn1.x
|
||||
|
||||
gen_files_rfc4108 = $(OBJ)\asn1_rfc4108_asn1.x
|
||||
|
||||
gen_files_ocsp = $(OBJ)\asn1_ocsp_asn1.x
|
||||
|
||||
gen_files_pkinit = $(OBJ)\asn1_pkinit_asn1.x
|
||||
@@ -117,6 +121,8 @@ LIBASN1_OBJS= \
|
||||
$(OBJ)\extra.obj \
|
||||
$(OBJ)\timegm.obj \
|
||||
$(gen_files_rfc2459:.x=.obj) \
|
||||
$(gen_files_rfc4043:.x=.obj) \
|
||||
$(gen_files_rfc4108:.x=.obj) \
|
||||
$(gen_files_cms:.x=.obj) \
|
||||
$(gen_files_crmf:.x=.obj) \
|
||||
$(gen_files_krb5:.x=.obj) \
|
||||
@@ -175,6 +181,10 @@ $(gen_files_kx509:.x=.c) : $$(@R).x
|
||||
|
||||
$(gen_files_rfc2459:.x=.c) : $$(@R).x
|
||||
|
||||
$(gen_files_rfc4043:.x=.c) : $$(@R).x
|
||||
|
||||
$(gen_files_rfc4108:.x=.c) : $$(@R).x
|
||||
|
||||
$(gen_files_cms:.x=.c) : $$(@R).x
|
||||
|
||||
$(gen_files_crmf:.x=.c) : $$(@R).x
|
||||
@@ -255,6 +265,22 @@ $(gen_files_rfc2459) $(OBJ)\rfc2459_asn1.hx: $(BINDIR)\asn1_compile.exe rfc2459.
|
||||
|| ($(RM) $(OBJ)\rfc2459_asn1.h ; exit /b 1)
|
||||
cd $(SRCDIR)
|
||||
|
||||
$(gen_files_rfc4043) $(OBJ)\rfc4043_asn1.hx: $(BINDIR)\asn1_compile.exe rfc4043.asn1
|
||||
cd $(OBJ)
|
||||
$(BINDIR)\asn1_compile.exe \
|
||||
--one-code-file \
|
||||
$(SRCDIR)\rfc4043.asn1 rfc4043_asn1 \
|
||||
|| ($(RM) $(OBJ)\rfc4043_asn1.h ; exit /b 1)
|
||||
cd $(SRCDIR)
|
||||
|
||||
$(gen_files_rfc4108) $(OBJ)\rfc4108_asn1.hx: $(BINDIR)\asn1_compile.exe rfc4108.asn1
|
||||
cd $(OBJ)
|
||||
$(BINDIR)\asn1_compile.exe \
|
||||
--one-code-file \
|
||||
$(SRCDIR)\rfc4108.asn1 rfc4108_asn1 \
|
||||
|| ($(RM) $(OBJ)\rfc4108_asn1.h ; exit /b 1)
|
||||
cd $(SRCDIR)
|
||||
|
||||
$(gen_files_cms) $(OBJ)\cms_asn1.hx: $(BINDIR)\asn1_compile.exe cms.asn1 cms.opt
|
||||
cd $(OBJ)
|
||||
$(BINDIR)\asn1_compile.exe \
|
||||
@@ -304,12 +330,16 @@ GENINCFILES= \
|
||||
$(INCDIR)\pkcs10_asn1.h \
|
||||
$(INCDIR)\pkinit_asn1.h \
|
||||
$(INCDIR)\rfc2459_asn1.h \
|
||||
$(INCDIR)\rfc4043_asn1.h \
|
||||
$(INCDIR)\rfc4108_asn1.h \
|
||||
$(OBJ)\krb5_asn1-priv.h \
|
||||
$(OBJ)\ocsp_asn1-priv.h \
|
||||
$(OBJ)\pkinit_asn1-priv.h \
|
||||
$(OBJ)\cms_asn1-priv.h \
|
||||
$(OBJ)\crmf_asn1-priv.h \
|
||||
$(OBJ)\rfc2459_asn1-priv.h \
|
||||
$(OBJ)\rfc4043_asn1-priv.h \
|
||||
$(OBJ)\rfc4108_asn1-priv.h \
|
||||
$(OBJ)\pkcs8_asn1-priv.h \
|
||||
$(OBJ)\pkcs9_asn1-priv.h \
|
||||
$(OBJ)\pkcs10_asn1-priv.h \
|
||||
|
||||
@@ -19,6 +19,14 @@ EXPORTS
|
||||
asn1_KDCFastFlags_units
|
||||
asn1_KDCOptions_units
|
||||
asn1_KeyUsage_units
|
||||
asn1_oid_id_aa_communityIdentifiers DATA
|
||||
asn1_oid_id_aa_decryptKeyID DATA
|
||||
asn1_oid_id_aa_firmwarePackageID DATA
|
||||
asn1_oid_id_aa_firmwarePackageInfo DATA
|
||||
asn1_oid_id_aa_implCompressAlgs DATA
|
||||
asn1_oid_id_aa_implCryptoAlgs DATA
|
||||
asn1_oid_id_aa_targetHardwareIDs DATA
|
||||
asn1_oid_id_aa_wrappedFirmwareKey DATA
|
||||
asn1_oid_id_aes_128_cbc DATA
|
||||
asn1_oid_id_aes_192_cbc DATA
|
||||
asn1_oid_id_aes_256_cbc DATA
|
||||
@@ -40,6 +48,9 @@ EXPORTS
|
||||
asn1_oid_id_at_streetAddress DATA
|
||||
asn1_oid_id_at_surname DATA
|
||||
asn1_oid_id_at_title DATA
|
||||
asn1_oid_id_ct_firmwareLoadError DATA
|
||||
asn1_oid_id_ct_firmwareLoadReceipt DATA
|
||||
asn1_oid_id_ct_firmwarePackage DATA
|
||||
asn1_oid_id_dhpublicnumber DATA
|
||||
asn1_oid_id_domainComponent DATA
|
||||
asn1_oid_id_dsa DATA
|
||||
@@ -73,6 +84,9 @@ EXPORTS
|
||||
asn1_oid_id_nist_aes_algs DATA
|
||||
asn1_oid_id_nistAlgorithm DATA
|
||||
asn1_oid_id_nist_sha_algs DATA
|
||||
asn1_oid_id_on DATA
|
||||
asn1_oid_id_on_hardwareModuleName DATA
|
||||
asn1_oid_id_on_permanentIdentifier DATA
|
||||
asn1_oid_id_pbeWithSHAAnd128BitRC2_CBC DATA
|
||||
asn1_oid_id_pbeWithSHAAnd128BitRC4 DATA
|
||||
asn1_oid_id_pbeWithSHAAnd2_KeyTripleDES_CBC DATA
|
||||
@@ -274,12 +288,16 @@ EXPORTS
|
||||
copy_CMSIdentifier
|
||||
copy_CMSRC2CBCParameter
|
||||
copy_CMSVersion
|
||||
copy_CommunityIdentifier
|
||||
copy_CommunityIdentifiers
|
||||
copy_ContentEncryptionAlgorithmIdentifier
|
||||
copy_ContentInfo
|
||||
copy_ContentType
|
||||
copy_CRLCertificateList
|
||||
copy_CRLDistributionPoints
|
||||
copy_CRLReason
|
||||
copy_CurrentFWConfig
|
||||
copy_DecryptKeyIdentifier
|
||||
copy_DHNonce
|
||||
copy_DHParameter
|
||||
copy_DHPublicKey
|
||||
@@ -334,14 +352,27 @@ EXPORTS
|
||||
copy_ExternalPrincipalIdentifiers
|
||||
copy_ExtKeyUsage
|
||||
copy_FastOptions
|
||||
copy_FirmwarePackageIdentifier
|
||||
copy_FirmwarePackageInfo
|
||||
copy_FirmwarePackageLoadError
|
||||
copy_FirmwarePackageLoadErrorCode
|
||||
copy_FirmwarePackageLoadReceipt
|
||||
copy_FirmwarePkgData
|
||||
copy_FWErrorVersion
|
||||
copy_FWReceiptVersion
|
||||
copy_GeneralName
|
||||
copy_GeneralNames
|
||||
copy_GeneralSubtree
|
||||
copy_GeneralSubtrees
|
||||
copy_HardwareModuleName
|
||||
copy_HardwareModules
|
||||
copy_HardwareSerialEntry
|
||||
copy_heim_any
|
||||
copy_heim_any_set
|
||||
copy_HostAddress
|
||||
copy_HostAddresses
|
||||
copy_ImplementedCompressAlgorithms
|
||||
copy_ImplementedCryptoAlgorithms
|
||||
copy_IssuerAndSerialNumber
|
||||
copy_KDCDHKeyInfo
|
||||
copy_KDCDHKeyInfo_Win2k
|
||||
@@ -442,6 +473,7 @@ EXPORTS
|
||||
copy_PA_ServerReferralData
|
||||
copy_PA_SERVER_REFERRAL_DATA
|
||||
copy_PA_SvrReferralData
|
||||
copy_PermanentIdentifier
|
||||
copy_PKAuthenticator
|
||||
copy_PKAuthenticator_Win2k
|
||||
copy_PKCS12_Attribute
|
||||
@@ -465,6 +497,9 @@ EXPORTS
|
||||
copy_PkinitSP80056AOtherInfo
|
||||
copy_PkinitSuppPubInfo
|
||||
copy_PKIXXmppAddr
|
||||
copy_PreferredOrLegacyPackageIdentifier
|
||||
copy_PreferredOrLegacyStalePackageIdentifier
|
||||
copy_PreferredPackageIdentifier
|
||||
copy_Principal
|
||||
copy_PrincipalName
|
||||
copy_Principals
|
||||
@@ -491,6 +526,7 @@ EXPORTS
|
||||
copy_SubjectInfoAccessSyntax
|
||||
copy_SubjectKeyIdentifier
|
||||
copy_SubjectPublicKeyInfo
|
||||
copy_TargetHardwareIdentifiers
|
||||
copy_TBSCertificate
|
||||
copy_TBSCRLCertList
|
||||
copy_TD_DH_PARAMETERS
|
||||
@@ -510,7 +546,9 @@ EXPORTS
|
||||
copy_UnprotectedAttributes
|
||||
copy_ValidationParms
|
||||
copy_Validity
|
||||
copy_VendorLoadErrorCode
|
||||
copy_Version
|
||||
copy_WrappedFirmwareKey
|
||||
decode_AccessDescription
|
||||
decode_AD_AND_OR
|
||||
decode_AD_IF_RELEVANT
|
||||
@@ -556,12 +594,16 @@ EXPORTS
|
||||
decode_CMSIdentifier
|
||||
decode_CMSRC2CBCParameter
|
||||
decode_CMSVersion
|
||||
decode_CommunityIdentifier
|
||||
decode_CommunityIdentifiers
|
||||
decode_ContentEncryptionAlgorithmIdentifier
|
||||
decode_ContentInfo
|
||||
decode_ContentType
|
||||
decode_CRLCertificateList
|
||||
decode_CRLDistributionPoints
|
||||
decode_CRLReason
|
||||
decode_CurrentFWConfig
|
||||
decode_DecryptKeyIdentifier
|
||||
decode_DHNonce
|
||||
decode_DHParameter
|
||||
decode_DHPublicKey
|
||||
@@ -616,14 +658,27 @@ EXPORTS
|
||||
decode_ExternalPrincipalIdentifiers
|
||||
decode_ExtKeyUsage
|
||||
decode_FastOptions
|
||||
decode_FirmwarePackageIdentifier
|
||||
decode_FirmwarePackageInfo
|
||||
decode_FirmwarePackageLoadError
|
||||
decode_FirmwarePackageLoadErrorCode
|
||||
decode_FirmwarePackageLoadReceipt
|
||||
decode_FirmwarePkgData
|
||||
decode_FWErrorVersion
|
||||
decode_FWReceiptVersion
|
||||
decode_GeneralName
|
||||
decode_GeneralNames
|
||||
decode_GeneralSubtree
|
||||
decode_GeneralSubtrees
|
||||
decode_HardwareModuleName
|
||||
decode_HardwareModules
|
||||
decode_HardwareSerialEntry
|
||||
decode_heim_any
|
||||
decode_heim_any_set
|
||||
decode_HostAddress
|
||||
decode_HostAddresses
|
||||
decode_ImplementedCompressAlgorithms
|
||||
decode_ImplementedCryptoAlgorithms
|
||||
decode_IssuerAndSerialNumber
|
||||
decode_KDCDHKeyInfo
|
||||
decode_KDCDHKeyInfo_Win2k
|
||||
@@ -724,6 +779,7 @@ EXPORTS
|
||||
decode_PA_ServerReferralData
|
||||
decode_PA_SERVER_REFERRAL_DATA
|
||||
decode_PA_SvrReferralData
|
||||
decode_PermanentIdentifier
|
||||
decode_PKAuthenticator
|
||||
decode_PKAuthenticator_Win2k
|
||||
decode_PKCS12_Attribute
|
||||
@@ -747,6 +803,9 @@ EXPORTS
|
||||
decode_PkinitSP80056AOtherInfo
|
||||
decode_PkinitSuppPubInfo
|
||||
decode_PKIXXmppAddr
|
||||
decode_PreferredOrLegacyPackageIdentifier
|
||||
decode_PreferredOrLegacyStalePackageIdentifier
|
||||
decode_PreferredPackageIdentifier
|
||||
decode_Principal
|
||||
decode_PrincipalName
|
||||
decode_Principals
|
||||
@@ -773,6 +832,7 @@ EXPORTS
|
||||
decode_SubjectInfoAccessSyntax
|
||||
decode_SubjectKeyIdentifier
|
||||
decode_SubjectPublicKeyInfo
|
||||
decode_TargetHardwareIdentifiers
|
||||
decode_TBSCertificate
|
||||
decode_TBSCRLCertList
|
||||
decode_TD_DH_PARAMETERS
|
||||
@@ -792,7 +852,9 @@ EXPORTS
|
||||
decode_UnprotectedAttributes
|
||||
decode_ValidationParms
|
||||
decode_Validity
|
||||
decode_VendorLoadErrorCode
|
||||
decode_Version
|
||||
decode_WrappedFirmwareKey
|
||||
der_copy_bit_string
|
||||
der_copy_bmp_string
|
||||
der_copy_generalized_time
|
||||
@@ -965,12 +1027,16 @@ EXPORTS
|
||||
encode_CMSIdentifier
|
||||
encode_CMSRC2CBCParameter
|
||||
encode_CMSVersion
|
||||
encode_CommunityIdentifier
|
||||
encode_CommunityIdentifiers
|
||||
encode_ContentEncryptionAlgorithmIdentifier
|
||||
encode_ContentInfo
|
||||
encode_ContentType
|
||||
encode_CRLCertificateList
|
||||
encode_CRLDistributionPoints
|
||||
encode_CRLReason
|
||||
encode_CurrentFWConfig
|
||||
encode_DecryptKeyIdentifier
|
||||
encode_DHNonce
|
||||
encode_DHParameter
|
||||
encode_DHPublicKey
|
||||
@@ -1025,14 +1091,27 @@ EXPORTS
|
||||
encode_ExternalPrincipalIdentifiers
|
||||
encode_ExtKeyUsage
|
||||
encode_FastOptions
|
||||
encode_FirmwarePackageIdentifier
|
||||
encode_FirmwarePackageInfo
|
||||
encode_FirmwarePackageLoadError
|
||||
encode_FirmwarePackageLoadErrorCode
|
||||
encode_FirmwarePackageLoadReceipt
|
||||
encode_FirmwarePkgData
|
||||
encode_FWErrorVersion
|
||||
encode_FWReceiptVersion
|
||||
encode_GeneralName
|
||||
encode_GeneralNames
|
||||
encode_GeneralSubtree
|
||||
encode_GeneralSubtrees
|
||||
encode_HardwareModuleName
|
||||
encode_HardwareModules
|
||||
encode_HardwareSerialEntry
|
||||
encode_heim_any
|
||||
encode_heim_any_set
|
||||
encode_HostAddress
|
||||
encode_HostAddresses
|
||||
encode_ImplementedCompressAlgorithms
|
||||
encode_ImplementedCryptoAlgorithms
|
||||
encode_IssuerAndSerialNumber
|
||||
encode_KDCDHKeyInfo
|
||||
encode_KDCDHKeyInfo_Win2k
|
||||
@@ -1133,6 +1212,7 @@ EXPORTS
|
||||
encode_PA_ServerReferralData
|
||||
encode_PA_SERVER_REFERRAL_DATA
|
||||
encode_PA_SvrReferralData
|
||||
encode_PermanentIdentifier
|
||||
encode_PKAuthenticator
|
||||
encode_PKAuthenticator_Win2k
|
||||
encode_PKCS12_Attribute
|
||||
@@ -1156,6 +1236,9 @@ EXPORTS
|
||||
encode_PkinitSP80056AOtherInfo
|
||||
encode_PkinitSuppPubInfo
|
||||
encode_PKIXXmppAddr
|
||||
encode_PreferredOrLegacyPackageIdentifier
|
||||
encode_PreferredOrLegacyStalePackageIdentifier
|
||||
encode_PreferredPackageIdentifier
|
||||
encode_Principal
|
||||
encode_PrincipalName
|
||||
encode_Principals
|
||||
@@ -1182,6 +1265,7 @@ EXPORTS
|
||||
encode_SubjectInfoAccessSyntax
|
||||
encode_SubjectKeyIdentifier
|
||||
encode_SubjectPublicKeyInfo
|
||||
encode_TargetHardwareIdentifiers
|
||||
encode_TBSCertificate
|
||||
encode_TBSCRLCertList
|
||||
encode_TD_DH_PARAMETERS
|
||||
@@ -1201,7 +1285,9 @@ EXPORTS
|
||||
encode_UnprotectedAttributes
|
||||
encode_ValidationParms
|
||||
encode_Validity
|
||||
encode_VendorLoadErrorCode
|
||||
encode_Version
|
||||
encode_WrappedFirmwareKey
|
||||
FastOptions2int
|
||||
free_AccessDescription
|
||||
free_AD_AND_OR
|
||||
@@ -1248,12 +1334,16 @@ EXPORTS
|
||||
free_CMSIdentifier
|
||||
free_CMSRC2CBCParameter
|
||||
free_CMSVersion
|
||||
free_CommunityIdentifier
|
||||
free_CommunityIdentifiers
|
||||
free_ContentEncryptionAlgorithmIdentifier
|
||||
free_ContentInfo
|
||||
free_ContentType
|
||||
free_CRLCertificateList
|
||||
free_CRLDistributionPoints
|
||||
free_CRLReason
|
||||
free_CurrentFWConfig
|
||||
free_DecryptKeyIdentifier
|
||||
free_DHNonce
|
||||
free_DHParameter
|
||||
free_DHPublicKey
|
||||
@@ -1308,14 +1398,27 @@ EXPORTS
|
||||
free_ExternalPrincipalIdentifiers
|
||||
free_ExtKeyUsage
|
||||
free_FastOptions
|
||||
free_FirmwarePackageIdentifier
|
||||
free_FirmwarePackageInfo
|
||||
free_FirmwarePackageLoadError
|
||||
free_FirmwarePackageLoadErrorCode
|
||||
free_FirmwarePackageLoadReceipt
|
||||
free_FirmwarePkgData
|
||||
free_FWErrorVersion
|
||||
free_FWReceiptVersion
|
||||
free_GeneralName
|
||||
free_GeneralNames
|
||||
free_GeneralSubtree
|
||||
free_GeneralSubtrees
|
||||
free_HardwareModuleName
|
||||
free_HardwareModules
|
||||
free_HardwareSerialEntry
|
||||
free_heim_any
|
||||
free_heim_any_set
|
||||
free_HostAddress
|
||||
free_HostAddresses
|
||||
free_ImplementedCompressAlgorithms
|
||||
free_ImplementedCryptoAlgorithms
|
||||
free_IssuerAndSerialNumber
|
||||
free_KDCDHKeyInfo
|
||||
free_KDCDHKeyInfo_Win2k
|
||||
@@ -1416,6 +1519,7 @@ EXPORTS
|
||||
free_PA_ServerReferralData
|
||||
free_PA_SERVER_REFERRAL_DATA
|
||||
free_PA_SvrReferralData
|
||||
free_PermanentIdentifier
|
||||
free_PKAuthenticator
|
||||
free_PKAuthenticator_Win2k
|
||||
free_PKCS12_Attribute
|
||||
@@ -1439,6 +1543,9 @@ EXPORTS
|
||||
free_PkinitSP80056AOtherInfo
|
||||
free_PkinitSuppPubInfo
|
||||
free_PKIXXmppAddr
|
||||
free_PreferredOrLegacyPackageIdentifier
|
||||
free_PreferredOrLegacyStalePackageIdentifier
|
||||
free_PreferredPackageIdentifier
|
||||
free_Principal
|
||||
free_PrincipalName
|
||||
free_Principals
|
||||
@@ -1465,6 +1572,7 @@ EXPORTS
|
||||
free_SubjectInfoAccessSyntax
|
||||
free_SubjectKeyIdentifier
|
||||
free_SubjectPublicKeyInfo
|
||||
free_TargetHardwareIdentifiers
|
||||
free_TBSCertificate
|
||||
free_TBSCRLCertList
|
||||
free_TD_DH_PARAMETERS
|
||||
@@ -1484,7 +1592,9 @@ EXPORTS
|
||||
free_UnprotectedAttributes
|
||||
free_ValidationParms
|
||||
free_Validity
|
||||
free_VendorLoadErrorCode
|
||||
free_Version
|
||||
free_WrappedFirmwareKey
|
||||
heim_any_cmp
|
||||
_heim_der_set_sort
|
||||
_heim_fix_dce
|
||||
@@ -1552,12 +1662,16 @@ EXPORTS
|
||||
length_CMSIdentifier
|
||||
length_CMSRC2CBCParameter
|
||||
length_CMSVersion
|
||||
length_CommunityIdentifier
|
||||
length_CommunityIdentifiers
|
||||
length_ContentEncryptionAlgorithmIdentifier
|
||||
length_ContentInfo
|
||||
length_ContentType
|
||||
length_CRLCertificateList
|
||||
length_CRLDistributionPoints
|
||||
length_CRLReason
|
||||
length_CurrentFWConfig
|
||||
length_DecryptKeyIdentifier
|
||||
length_DHNonce
|
||||
length_DHParameter
|
||||
length_DHPublicKey
|
||||
@@ -1612,14 +1726,27 @@ EXPORTS
|
||||
length_ExternalPrincipalIdentifiers
|
||||
length_ExtKeyUsage
|
||||
length_FastOptions
|
||||
length_FirmwarePackageIdentifier
|
||||
length_FirmwarePackageInfo
|
||||
length_FirmwarePackageLoadError
|
||||
length_FirmwarePackageLoadErrorCode
|
||||
length_FirmwarePackageLoadReceipt
|
||||
length_FirmwarePkgData
|
||||
length_FWErrorVersion
|
||||
length_FWReceiptVersion
|
||||
length_GeneralName
|
||||
length_GeneralNames
|
||||
length_GeneralSubtree
|
||||
length_GeneralSubtrees
|
||||
length_HardwareModuleName
|
||||
length_HardwareModules
|
||||
length_HardwareSerialEntry
|
||||
length_heim_any
|
||||
length_heim_any_set
|
||||
length_HostAddress
|
||||
length_HostAddresses
|
||||
length_ImplementedCompressAlgorithms
|
||||
length_ImplementedCryptoAlgorithms
|
||||
length_IssuerAndSerialNumber
|
||||
length_KDCDHKeyInfo
|
||||
length_KDCDHKeyInfo_Win2k
|
||||
@@ -1720,6 +1847,7 @@ EXPORTS
|
||||
length_PA_ServerReferralData
|
||||
length_PA_SERVER_REFERRAL_DATA
|
||||
length_PA_SvrReferralData
|
||||
length_PermanentIdentifier
|
||||
length_PKAuthenticator
|
||||
length_PKAuthenticator_Win2k
|
||||
length_PKCS12_Attribute
|
||||
@@ -1743,6 +1871,9 @@ EXPORTS
|
||||
length_PkinitSP80056AOtherInfo
|
||||
length_PkinitSuppPubInfo
|
||||
length_PKIXXmppAddr
|
||||
length_PreferredOrLegacyPackageIdentifier
|
||||
length_PreferredOrLegacyStalePackageIdentifier
|
||||
length_PreferredPackageIdentifier
|
||||
length_Principal
|
||||
length_PrincipalName
|
||||
length_Principals
|
||||
@@ -1769,6 +1900,7 @@ EXPORTS
|
||||
length_SubjectInfoAccessSyntax
|
||||
length_SubjectKeyIdentifier
|
||||
length_SubjectPublicKeyInfo
|
||||
length_TargetHardwareIdentifiers
|
||||
length_TBSCertificate
|
||||
length_TBSCRLCertList
|
||||
length_TD_DH_PARAMETERS
|
||||
@@ -1788,7 +1920,9 @@ EXPORTS
|
||||
length_UnprotectedAttributes
|
||||
length_ValidationParms
|
||||
length_Validity
|
||||
length_VendorLoadErrorCode
|
||||
length_Version
|
||||
length_WrappedFirmwareKey
|
||||
remove_AttributeValues
|
||||
remove_AuthorizationData
|
||||
remove_Certificates
|
||||
|
||||
30
lib/asn1/rfc4043.asn1
Normal file
30
lib/asn1/rfc4043.asn1
Normal file
@@ -0,0 +1,30 @@
|
||||
PKIXpermanentidentifier88 {iso(1) identified-organization(3) dod(6)
|
||||
internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
|
||||
id-mod-perm-id-88(28) }
|
||||
|
||||
DEFINITIONS EXPLICIT TAGS ::=
|
||||
|
||||
BEGIN
|
||||
|
||||
-- EXPORTS ALL --
|
||||
-- IMPORTS id-pkix FROM rfc2459; but asn1_compile doesn't handle this
|
||||
|
||||
|
||||
-- Permanent identifier Object Identifier and Syntax
|
||||
|
||||
id-on OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
|
||||
dod(6) internet(1) security(5) mechanisms(5) pkix(7) 8 }
|
||||
|
||||
id-on-permanentIdentifier OBJECT IDENTIFIER ::= { id-on 3 }
|
||||
|
||||
PermanentIdentifier ::= SEQUENCE {
|
||||
identifierValue UTF8String OPTIONAL,
|
||||
-- if absent, use the serialNumber attribute
|
||||
-- if there is a single such attribute present
|
||||
-- in the subject DN
|
||||
assigner OBJECT IDENTIFIER OPTIONAL
|
||||
-- if absent, the assigner is
|
||||
-- the certificate issuer
|
||||
}
|
||||
|
||||
END
|
||||
202
lib/asn1/rfc4108.asn1
Normal file
202
lib/asn1/rfc4108.asn1
Normal file
@@ -0,0 +1,202 @@
|
||||
CMSFirmwareWrapper
|
||||
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
|
||||
pkcs-9(9) smime(16) modules(0) cms-firmware-wrap(22) }
|
||||
|
||||
DEFINITIONS IMPLICIT TAGS ::= BEGIN
|
||||
|
||||
IMPORTS
|
||||
EnvelopedData
|
||||
FROM cms -- [CMS]
|
||||
{ iso(1) member-body(2) us(840) rsadsi(113549)
|
||||
pkcs(1) pkcs-9(9) smime(16) modules(0) cms-2004(24) };
|
||||
|
||||
|
||||
-- Firmware Package Content Type and Object Identifier
|
||||
|
||||
id-ct-firmwarePackage OBJECT IDENTIFIER ::= {
|
||||
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
|
||||
smime(16) ct(1) 16 }
|
||||
|
||||
FirmwarePkgData ::= OCTET STRING
|
||||
|
||||
|
||||
-- Firmware Package Signed Attributes and Object Identifiers
|
||||
|
||||
id-aa-firmwarePackageID OBJECT IDENTIFIER ::= {
|
||||
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
|
||||
smime(16) aa(2) 35 }
|
||||
|
||||
PreferredPackageIdentifier ::= SEQUENCE {
|
||||
fwPkgID OBJECT IDENTIFIER,
|
||||
verNum INTEGER (0..MAX) }
|
||||
|
||||
PreferredOrLegacyPackageIdentifier ::= CHOICE {
|
||||
preferred PreferredPackageIdentifier,
|
||||
legacy OCTET STRING }
|
||||
|
||||
PreferredOrLegacyStalePackageIdentifier ::= CHOICE {
|
||||
preferredStaleVerNum INTEGER (0..MAX),
|
||||
legacyStaleVersion OCTET STRING }
|
||||
|
||||
FirmwarePackageIdentifier ::= SEQUENCE {
|
||||
name PreferredOrLegacyPackageIdentifier,
|
||||
stale PreferredOrLegacyStalePackageIdentifier OPTIONAL }
|
||||
|
||||
|
||||
id-aa-targetHardwareIDs OBJECT IDENTIFIER ::= {
|
||||
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
|
||||
smime(16) aa(2) 36 }
|
||||
|
||||
TargetHardwareIdentifiers ::= SEQUENCE OF OBJECT IDENTIFIER
|
||||
|
||||
|
||||
id-aa-decryptKeyID OBJECT IDENTIFIER ::= {
|
||||
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
|
||||
smime(16) aa(2) 37 }
|
||||
|
||||
DecryptKeyIdentifier ::= OCTET STRING
|
||||
|
||||
|
||||
id-aa-implCryptoAlgs OBJECT IDENTIFIER ::= {
|
||||
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
|
||||
smime(16) aa(2) 38 }
|
||||
|
||||
ImplementedCryptoAlgorithms ::= SEQUENCE OF OBJECT IDENTIFIER
|
||||
|
||||
id-aa-implCompressAlgs OBJECT IDENTIFIER ::= {
|
||||
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
|
||||
smime(16) aa(2) 43 }
|
||||
|
||||
ImplementedCompressAlgorithms ::= SEQUENCE OF OBJECT IDENTIFIER
|
||||
|
||||
|
||||
id-aa-communityIdentifiers OBJECT IDENTIFIER ::= {
|
||||
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
|
||||
smime(16) aa(2) 40 }
|
||||
|
||||
HardwareSerialEntry ::= CHOICE {
|
||||
all NULL,
|
||||
single OCTET STRING,
|
||||
block SEQUENCE {
|
||||
low OCTET STRING,
|
||||
high OCTET STRING } }
|
||||
|
||||
HardwareModules ::= SEQUENCE {
|
||||
hwType OBJECT IDENTIFIER,
|
||||
hwSerialEntries SEQUENCE OF HardwareSerialEntry }
|
||||
|
||||
CommunityIdentifier ::= CHOICE {
|
||||
communityOID OBJECT IDENTIFIER,
|
||||
hwModuleList HardwareModules }
|
||||
|
||||
CommunityIdentifiers ::= SEQUENCE OF CommunityIdentifier
|
||||
|
||||
id-aa-firmwarePackageInfo OBJECT IDENTIFIER ::= {
|
||||
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
|
||||
smime(16) aa(2) 42 }
|
||||
|
||||
FirmwarePackageInfo ::= SEQUENCE {
|
||||
fwPkgType INTEGER OPTIONAL,
|
||||
dependencies SEQUENCE OF
|
||||
PreferredOrLegacyPackageIdentifier OPTIONAL }
|
||||
|
||||
|
||||
-- Firmware Package Unsigned Attributes and Object Identifiers
|
||||
|
||||
id-aa-wrappedFirmwareKey OBJECT IDENTIFIER ::= {
|
||||
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
|
||||
smime(16) aa(2) 39 }
|
||||
|
||||
WrappedFirmwareKey ::= EnvelopedData
|
||||
|
||||
|
||||
-- Firmware Package Load Receipt Content Type and Object Identifier
|
||||
|
||||
id-ct-firmwareLoadReceipt OBJECT IDENTIFIER ::= {
|
||||
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
|
||||
smime(16) ct(1) 17 }
|
||||
|
||||
FWReceiptVersion ::= INTEGER { v1(1) }
|
||||
|
||||
FirmwarePackageLoadReceipt ::= SEQUENCE {
|
||||
version FWReceiptVersion DEFAULT 1, -- v1, but asn1_compile doesn't handle this
|
||||
hwType OBJECT IDENTIFIER,
|
||||
hwSerialNum OCTET STRING,
|
||||
fwPkgName PreferredOrLegacyPackageIdentifier,
|
||||
trustAnchorKeyID OCTET STRING OPTIONAL,
|
||||
decryptKeyID [1] OCTET STRING OPTIONAL }
|
||||
|
||||
-- Firmware Package Load Error Report Content Type
|
||||
-- and Object Identifier
|
||||
|
||||
id-ct-firmwareLoadError OBJECT IDENTIFIER ::= {
|
||||
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
|
||||
smime(16) ct(1) 18 }
|
||||
|
||||
FWErrorVersion ::= FWReceiptVersion
|
||||
|
||||
FirmwarePackageLoadErrorCode ::= ENUMERATED {
|
||||
decodeFailure (1),
|
||||
badContentInfo (2),
|
||||
badSignedData (3),
|
||||
badEncapContent (4),
|
||||
badCertificate (5),
|
||||
badSignerInfo (6),
|
||||
badSignedAttrs (7),
|
||||
badUnsignedAttrs (8),
|
||||
missingContent (9),
|
||||
noTrustAnchor (10),
|
||||
notAuthorized (11),
|
||||
badDigestAlgorithm (12),
|
||||
badSignatureAlgorithm (13),
|
||||
unsupportedKeySize (14),
|
||||
signatureFailure (15),
|
||||
contentTypeMismatch (16),
|
||||
badEncryptedData (17),
|
||||
unprotectedAttrsPresent (18),
|
||||
badEncryptContent (19),
|
||||
badEncryptAlgorithm (20),
|
||||
missingCiphertext (21),
|
||||
noDecryptKey (22),
|
||||
decryptFailure (23),
|
||||
badCompressAlgorithm (24),
|
||||
missingCompressedContent (25),
|
||||
decompressFailure (26),
|
||||
wrongHardware (27),
|
||||
stalePackage (28),
|
||||
notInCommunity (29),
|
||||
unsupportedPackageType (30),
|
||||
missingDependency (31),
|
||||
wrongDependencyVersion (32),
|
||||
insufficientMemory (33),
|
||||
badFirmware (34),
|
||||
unsupportedParameters (35),
|
||||
breaksDependency (36),
|
||||
otherError (99) }
|
||||
|
||||
VendorLoadErrorCode ::= INTEGER
|
||||
|
||||
CurrentFWConfig ::= SEQUENCE {
|
||||
fwPkgType INTEGER OPTIONAL,
|
||||
fwPkgName PreferredOrLegacyPackageIdentifier }
|
||||
|
||||
FirmwarePackageLoadError ::= SEQUENCE {
|
||||
version FWErrorVersion DEFAULT 1, -- v1, but see above
|
||||
hwType OBJECT IDENTIFIER,
|
||||
hwSerialNum OCTET STRING,
|
||||
errorCode FirmwarePackageLoadErrorCode,
|
||||
vendorErrorCode VendorLoadErrorCode OPTIONAL,
|
||||
fwPkgName PreferredOrLegacyPackageIdentifier OPTIONAL,
|
||||
config [1] SEQUENCE OF CurrentFWConfig OPTIONAL }
|
||||
|
||||
-- Other Name syntax for Hardware Module Name
|
||||
|
||||
id-on-hardwareModuleName OBJECT IDENTIFIER ::= {
|
||||
iso(1) identified-organization(3) dod(6) internet(1) security(5)
|
||||
mechanisms(5) pkix(7) on(8) 4 }
|
||||
|
||||
HardwareModuleName ::= SEQUENCE {
|
||||
hwType OBJECT IDENTIFIER,
|
||||
hwSerialNum OCTET STRING }
|
||||
|
||||
END
|
||||
Reference in New Issue
Block a user