hx509: Add TCG EK and DevID certs to test with

These are sample certificates from the Trusted Computing Group Endorsement Key Credential Profile For TPM Family 2.0; Level 0. - lib/hx509/data/tcg-ek-cp.pem (Endorsement Key certificate) - lib/hx509/data/tcg-devid.pem (DevID certificate) https://trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_EK_V2.0_R14_published.pdf https://trustedcomputinggroup.org/wp-content/uploads/TCG_IWG_EKCredentialProfile_v2p3_r2_pub.pdf https://trustedcomputinggroup.org/wp-content/uploads/TCG_IWG_DevID_v1r2_02dec2020.pdf This certificate came from the Trusted Computing Group Endorsement Key (EK) Credential Profile [0], Appendix A, page 34. [0] https://trustedcomputinggroup.org/wp-content/uploads/TCG_IWG_EKCredentialProfile_v2p3_r2_pub.pdf Note that hxtool at this point both certificates, including all their extensions, HardwareModule Name SAN, certificate policies, and the new DN attributes TPMVersion, TPMModel, and TPMManufacturer, as shown below. The work on the ASN.1 compiler helped. The goal of this work will be to enable a Heimdal service for device enrolment using TPMs. More TCG profiling has to be done, and perhaps some ECC work as well. But Heimdal will mostly just be a relying party and CA, and will not include the client side piece of enrolment. $ cd build/lib/hx509 $ ./hxtool print --content PEM-FILE:../../../lib/hx509/data/tcg-ek-cp.pem cert: 0 friendly name: private key: no issuer: "CN=ExampleCA" subject: "" serial: 01 keyusage: keyEncipherment subject name: issuer name: CN=ExampleCA Validity: notBefore 2014-01-15 15:40:50 notAfter 2015-01-15 15:40:50 checking extension: authorityInfoAccess Critical not set on MUST type: 1.3.6.1.5.5.7.48.2 dirname: URI: http://www.example.com/ExampleCA.crt checking extension: keyUsage checking extension: subjectAltName Critical set on MUST NOT directoryName: TPMVersion=id:00010023,TPMModel=ABCDEF123456,TPMManufacturer=id:54434700 checking extension: basicConstraints is NOT a CA checking extension: cRLDistributionPoints CRL Distribution Points: Fullname: URI: http://www.example.com/ExampleCA.crl checking extension: certificatePolicies Policy: 1.2.3.4 checking extension: authorityKeyIdentifier authority key id: 347767244C44AFE79E2AE0B24C69579524B33DDA checking extension: extKeyUsage eku-0: 2.23.133.8.1 checking extension: subjectDirectoryAttributes Doesn't have SubjectKeyIdentifier $ $ $ ./hxtool print --content PEM-FILE:../../../lib/hx509/data/tcg-devid.pem cert: 0 friendly name: private key: no issuer: "CN=ExampleCA" subject: "" serial: 01 keyusage: keyEncipherment subject name: issuer name: CN=ExampleCA Validity: notBefore 2014-01-15 15:40:50 notAfter 2015-01-15 15:40:50 checking extension: authorityInfoAccess Critical not set on MUST type: 1.3.6.1.5.5.7.48.2 dirname: URI: http://www.example.com/ExampleCA.crt checking extension: keyUsage checking extension: subjectAltName Critical set on MUST NOT directoryName: TPMVersion=id:00010023,TPMModel=ABCDEF123456,TPMManufacturer=id:54434700 otherName: 1.3.6.1.5.5.7.8.4 HardwareModuleName 2.23.133.1.2:tpmserialnumber checking extension: basicConstraints is NOT a CA checking extension: cRLDistributionPoints CRL Distribution Points: Fullname: URI: http://www.example.com/ExampleCA.crl checking extension: certificatePolicies Policy: 1.2.3.4 checking extension: authorityKeyIdentifier authority key id: 347767244C44AFE79E2AE0B24C69579524B33DDA checking extension: extKeyUsage eku-0: 2.23.133.8.1 checking extension: subjectDirectoryAttributes Doesn't have SubjectKeyIdentifier $
2020-12-29 22:44:17 -06:00
parent 6aeab13f06
commit 989fd1199b
2 changed files with 48 additions and 0 deletions
--- a/lib/hx509/data/tcg-devid.pem
+++ b/lib/hx509/data/tcg-devid.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEGDCCAwCgAwIBAgIBATANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAlFeGFt
+cGxlQ0EwHhcNMTQwMTE1MTU0MDUwWhcNMTUwMTE1MTU0MDUwWjAAMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncvm0aOBK05rdNInYXzJGV5SFteVUFpt
+XFxg4evROvlulB3BzUmFGQYFDcItVnJX2fAvf0UJLtLBVBQggb5ylL6bRpj72cS3
+oyNbs0CGmix9Z1QDjkZZFvIsD1GcKO0tvsCvsEItH8Cm0fq8WcGFijWLdRD5eulP
+55pq1bAHAvIo4+VLMJVBG71xrKGZeHPjKoq6seYjh7AGy+hk2vmFzpZ8Ghdgqv+K
+02IZ7FEdzuylHW8U3qsxBHysMut4inj6AiVf467OOs5meHiifIK9MGkovMrfY9iX
+uUVUs/KXpE1sgeoX9BLvx1BPcODosr5K+z5i71OtIXy4CXrPvcGzRwIDAQABo4IB
+hzCCAYMwQAYIKwYBBQUHAQEENDAyMDAGCCsGAQUFBzAChiRodHRwOi8vd3d3LmV4
+YW1wbGUuY29tL0V4YW1wbGVDQS5jcnQwDgYDVR0PAQH/BAQDAgAgMIGBBgNVHREB
+Af8EdzB1pEswSTEWMBQGBWeBBQIBDAtpZDo1NDQzNDcwMDEXMBUGBWeBBQICDAxB
+QkNERUYxMjM0NTYxFjAUBgVngQUCAwwLaWQ6MDAwMTAwMjOgJgYIKwYBBQUHCASg
+GjAYBgVngQUBAgQPdHBtc2VyaWFsbnVtYmVyMAwGA1UdEwEB/wQCMAAwNQYDVR0f
+BC4wLDAqoCigJoYkaHR0cDovL3d3dy5leGFtcGxlLmNvbS9FeGFtcGxlQ0EuY3Js
+MBAGA1UdIAQJMAcwBQYDKgMEMB8GA1UdIwQYMBaAFDR3ZyRMRK/nnirgskxpV5Uk
+sz3aMBAGA1UdJQQJMAcGBWeBBQgBMCEGA1UdCQQaMBgwFgYFZ4EFAhAxDTALDAMy
+LjACAQACAWMwDQYJKoZIhvcNAQELBQADggEBABtrZu0n/7jPTYxak2n30AUakS7f
+Ihomojo14e8Lp/HF7/2VaUcohJH4KekCHTf8wpPxM/b9xRKLSOORA2Ey255Q2h8T
+v19he0dcdTvDPNQVY3AKaFO4cNiXeOYPR8n3IDYK5QdPqrdRX4/Bc34QcTWFDALx
+C00L/kDvBjV7l0Et2DBJIiBNziVKxs1xn136buZYRam6ZJhTRzNMMQ0eZ279Um4M
+39EI4DIFv6FzX0sC5waacVg6HFYd933NtdkDWV0VTGuk+5V8rH4Sjx+sywHahkoz
+BJhQBai2qiWEt7bB0ExGN2ZXPjiQiG4UHvLgGlCOUHX7EDNf0dvfUIZ6hLY=
+-----END CERTIFICATE-----
--- a/lib/hx509/data/tcg-ek-cp.pem
+++ b/lib/hx509/data/tcg-ek-cp.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID7zCCAtegAwIBAgIBATANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAlFeGFt
+cGxlQ0EwHhcNMTQwMTE1MTU0MDUwWhcNMTUwMTE1MTU0MDUwWjAAMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncvm0aOBK05rdNInYXzJGV5SFteVUFpt
+XFxg4evROvlulB3BzUmFGQYFDcItVnJX2fAvf0UJLtLBVBQggb5ylL6bRpj72cS3
+oyNbs0CGmix9Z1QDjkZZFvIsD1GcKO0tvsCvsEItH8Cm0fq8WcGFijWLdRD5eulP
+55pq1bAHAvIo4+VLMJVBG71xrKGZeHPjKoq6seYjh7AGy+hk2vmFzpZ8Ghdgqv+K
+02IZ7FEdzuylHW8U3qsxBHysMut4inj6AiVf467OOs5meHiifIK9MGkovMrfY9iX
+uUVUs/KXpE1sgeoX9BLvx1BPcODosr5K+z5i71OtIXy4CXrPvcGzRwIDAQABo4IB
+XjCCAVowQAYIKwYBBQUHAQEENDAyMDAGCCsGAQUFBzAChiRodHRwOi8vd3d3LmV4
+YW1wbGUuY29tL0V4YW1wbGVDQS5jcnQwDgYDVR0PAQH/BAQDAgAgMFkGA1UdEQEB
+/wRPME2kSzBJMRYwFAYFZ4EFAgEMC2lkOjU0NDM0NzAwMRcwFQYFZ4EFAgIMDEFC
+Q0RFRjEyMzQ1NjEWMBQGBWeBBQIDDAtpZDowMDAxMDAyMzAMBgNVHRMBAf8EAjAA
+MDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly93d3cuZXhhbXBsZS5jb20vRXhhbXBs
+ZUNBLmNybDAQBgNVHSAECTAHMAUGAyoDBDAfBgNVHSMEGDAWgBQ0d2ckTESv554q
+4LJMaVeVJLM92jAQBgNVHSUECTAHBgVngQUIATAhBgNVHQkEGjAYMBYGBWeBBQIQ
+MQ0wCwwDMi4wAgEAAgFjMA0GCSqGSIb3DQEBCwUAA4IBAQAba2btJ/+4z02MWpNp
+99AFGpEu3yIaJqI6NeHvC6fxxe/9lWlHKISR+CnpAh03/MKT8TP2/cUSi0jjkQNh
+MtueUNofE79fYXtHXHU7wzzUFWNwCmhTuHDYl3jmD0fJ9yA2CuUHT6q3UV+PwXN+
+EHE1hQwC8QtNC/5A7wY1e5dBLdgwSSIgTc4lSsbNcZ9d+m7mWEWpumSYU0czTDEN
+Hmdu/VJuDN/RCOAyBb+hc19LAucGmnFYOhxWHfd9zbXZA1ldFUxrpPuVfKx+Eo8f
+rMsB2oZKMwSYUAWotqolhLe2wdBMRjdmVz44kIhuFB7y4BpQjlB1+xAzX9Hb31CG
+eoS2
+-----END CERTIFICATE-----