asn1: Some TPM fields have to be EXPLICIT
The TCG EK cert profile says that the context tags in the TPMSecurityAssertions type are IMPLICIT. The sample EK cert we have has them as EXPLICIT. What to do?
This commit is contained in:
@@ -2296,48 +2296,48 @@ test_ios(void)
|
||||
"1030A0100A2030A0100A310300E1603332E310A01040A01020101FFA40F300D1"
|
||||
"6053134302D320A0102010100\"],\"_values_choice\":\"\",\"_values\":[{\"_ty"
|
||||
"pe\":\"TPMSecurityAssertions\",\"version\":\"0\",\"fieldUpgradable\":true"
|
||||
",\"ekGenerationType\":\"655617\",\"ekGenerationLocation\":\"655616\",\"ek"
|
||||
"CertificateGenerationLocation\":\"655616\",\"ccInfo\":{\"_type\":\"Commo"
|
||||
"nCriteriaMeasures\",\"version\":\"3.1\",\"assurancelevel\":\"4\",\"evaluat"
|
||||
"ionStatus\":\"2\",\"plus\":true,\"strengthOfFunction\":null,\"profileOid"
|
||||
"\":null,\"profileUri\":null,\"targetOid\":null,\"targetUri\":null},\"fip"
|
||||
"sLevel\":{\"_type\":\"FIPSLevel\",\"version\":\"140-2\",\"level\":\"2\",\"plus"
|
||||
"\":false},\"iso9000Certified\":false,\"iso9000Uri\":null}]}]},{\"_type"
|
||||
"\":\"Extension\",\"extnID\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.5.2"
|
||||
"9.15\",\"components\":[2,5,29,15],\"name\":\"id-x509-ce-keyUsage\"},\"cr"
|
||||
"itical\":true,\"extnValue\":\"03020520\",\"_extnValue_choice\":\"\",\"_ext"
|
||||
"nValue\":[\"keyEncipherment\"]},{\"_type\":\"Extension\",\"extnID\":{\"_ty"
|
||||
"pe\":\"OBJECT IDENTIFIER\",\"oid\":\"2.5.29.19\",\"components\":[2,5,29,1"
|
||||
"9],\"name\":\"id-x509-ce-basicConstraints\"},\"critical\":true,\"extnVa"
|
||||
"lue\":\"3000\",\"_extnValue_choice\":\"\",\"_extnValue\":{\"_type\":\"BasicC"
|
||||
"onstraints\",\"cA\":false,\"pathLenConstraint\":null}},{\"_type\":\"Exte"
|
||||
"nsion\",\"extnID\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.5.29.37\",\""
|
||||
"components\":[2,5,29,37],\"name\":\"id-x509-ce-extKeyUsage\"},\"critic"
|
||||
"al\":false,\"extnValue\":\"300706056781050801\",\"_extnValue_choice\":\""
|
||||
"\",\"_extnValue\":[{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.23.133.8.1"
|
||||
"\",\"components\":[2,23,133,8,1],\"name\":\"tcg-kp-EKCertificate\"}]},{"
|
||||
"\"_type\":\"Extension\",\"extnID\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":"
|
||||
"\"1.3.6.1.5.5.7.1.1\",\"components\":[1,3,6,1,5,5,7,1,1],\"name\":\"id-"
|
||||
"pkix-pe-authorityInfoAccess\"},\"critical\":false,\"extnValue\":\"303C"
|
||||
"303A06082B06010505073002862E687474703A2F2F7365637572652E676C6F62"
|
||||
"616C7369676E2E636F6D2F73746D74706D656B696E7430352E637274\",\"_extn"
|
||||
"Value_choice\":\"\",\"_extnValue\":[{\"_type\":\"AccessDescription\",\"acc"
|
||||
"essMethod\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"1.3.6.1.5.5.7.48."
|
||||
"2\",\"components\":[1,3,6,1,5,5,7,48,2],\"name\":\"id-pkix-ad-caIssuer"
|
||||
"s\"},\"accessLocation\":{\"_choice\":\"uniformResourceIdentifier\",\"val"
|
||||
"ue\":\"http://secure.globalsign.com/stmtpmekint05.crt\"}}]}]},\"sign"
|
||||
"atureAlgorithm\":{\"_type\":\"AlgorithmIdentifier\",\"algorithm\":{\"_ty"
|
||||
"pe\":\"OBJECT IDENTIFIER\",\"oid\":\"1.2.840.113549.1.1.11\",\"component"
|
||||
"s\":[1,2,840,113549,1,1,11],\"name\":\"id-pkcs1-sha256WithRSAEncrypt"
|
||||
"ion\"},\"parameters\":\"0500\"},\"signatureValue\":\"2048:3D4C381E5B4F1B"
|
||||
"CBE09C63D52F1F04570CAEA142FD9CD942043B11F8E3BDCF50007AE16CF88690"
|
||||
"13041E92CDD3280BA4B51FBBD40582ED750219E261A695095674855AACEB520A"
|
||||
"DAFF9E7E908480A39CDCF900462D9171960FFE55D3AC49E8C981341BBD2EFBCC"
|
||||
"252A4C18A4F3B7C84CCE42CE70A208C84D2630A7ABFBE72D6271E75B9FF1C971"
|
||||
"D20EB3DBD763F1E04D834EAA692D2E4001BBF4730A3E3FDA9711AE386524D91C"
|
||||
"63BE0E516D00D5C6141FCCF6C539F3518E180049865BE16B69CAE1F8CB7FDC47"
|
||||
"4B38F7EE56CBE7D8A89D9BA99B65D5265AEF32AA62426B10E6D75BB8677EC44F"
|
||||
"755BBC2806FD2B4E04BDF5D44259DBEAA42B6F563DF7AA7506\"}"
|
||||
",\"ekGenerationType\":\"1\",\"ekGenerationLocation\":\"0\",\"ekCertificat"
|
||||
"eGenerationLocation\":\"0\",\"ccInfo\":{\"_type\":\"CommonCriteriaMeasur"
|
||||
"es\",\"version\":\"3.1\",\"assurancelevel\":\"4\",\"evaluationStatus\":\"2\","
|
||||
"\"plus\":true,\"strengthOfFunction\":null,\"profileOid\":null,\"profile"
|
||||
"Uri\":null,\"targetOid\":null,\"targetUri\":null},\"fipsLevel\":{\"_type"
|
||||
"\":\"FIPSLevel\",\"version\":\"140-2\",\"level\":\"2\",\"plus\":false},\"iso90"
|
||||
"00Certified\":false,\"iso9000Uri\":null}]}]},{\"_type\":\"Extension\",\""
|
||||
"extnID\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.5.29.15\",\"componen"
|
||||
"ts\":[2,5,29,15],\"name\":\"id-x509-ce-keyUsage\"},\"critical\":true,\"e"
|
||||
"xtnValue\":\"03020520\",\"_extnValue_choice\":\"\",\"_extnValue\":[\"keyEn"
|
||||
"cipherment\"]},{\"_type\":\"Extension\",\"extnID\":{\"_type\":\"OBJECT IDE"
|
||||
"NTIFIER\",\"oid\":\"2.5.29.19\",\"components\":[2,5,29,19],\"name\":\"id-x"
|
||||
"509-ce-basicConstraints\"},\"critical\":true,\"extnValue\":\"3000\",\"_e"
|
||||
"xtnValue_choice\":\"\",\"_extnValue\":{\"_type\":\"BasicConstraints\",\"cA"
|
||||
"\":false,\"pathLenConstraint\":null}},{\"_type\":\"Extension\",\"extnID\""
|
||||
":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.5.29.37\",\"components\":[2,"
|
||||
"5,29,37],\"name\":\"id-x509-ce-extKeyUsage\"},\"critical\":false,\"extn"
|
||||
"Value\":\"300706056781050801\",\"_extnValue_choice\":\"\",\"_extnValue\":"
|
||||
"[{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.23.133.8.1\",\"components\":"
|
||||
"[2,23,133,8,1],\"name\":\"tcg-kp-EKCertificate\"}]},{\"_type\":\"Extens"
|
||||
"ion\",\"extnID\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"1.3.6.1.5.5.7."
|
||||
"1.1\",\"components\":[1,3,6,1,5,5,7,1,1],\"name\":\"id-pkix-pe-authori"
|
||||
"tyInfoAccess\"},\"critical\":false,\"extnValue\":\"303C303A06082B06010"
|
||||
"505073002862E687474703A2F2F7365637572652E676C6F62616C7369676E2E6"
|
||||
"36F6D2F73746D74706D656B696E7430352E637274\",\"_extnValue_choice\":\""
|
||||
"\",\"_extnValue\":[{\"_type\":\"AccessDescription\",\"accessMethod\":{\"_t"
|
||||
"ype\":\"OBJECT IDENTIFIER\",\"oid\":\"1.3.6.1.5.5.7.48.2\",\"components\""
|
||||
":[1,3,6,1,5,5,7,48,2],\"name\":\"id-pkix-ad-caIssuers\"},\"accessLoca"
|
||||
"tion\":{\"_choice\":\"uniformResourceIdentifier\",\"value\":\"http://sec"
|
||||
"ure.globalsign.com/stmtpmekint05.crt\"}}]}]},\"signatureAlgorithm\""
|
||||
":{\"_type\":\"AlgorithmIdentifier\",\"algorithm\":{\"_type\":\"OBJECT IDE"
|
||||
"NTIFIER\",\"oid\":\"1.2.840.113549.1.1.11\",\"components\":[1,2,840,113"
|
||||
"549,1,1,11],\"name\":\"id-pkcs1-sha256WithRSAEncryption\"},\"paramete"
|
||||
"rs\":\"0500\"},\"signatureValue\":\"2048:3D4C381E5B4F1BCBE09C63D52F1F0"
|
||||
"4570CAEA142FD9CD942043B11F8E3BDCF50007AE16CF8869013041E92CDD3280"
|
||||
"BA4B51FBBD40582ED750219E261A695095674855AACEB520ADAFF9E7E908480A"
|
||||
"39CDCF900462D9171960FFE55D3AC49E8C981341BBD2EFBCC252A4C18A4F3B7C"
|
||||
"84CCE42CE70A208C84D2630A7ABFBE72D6271E75B9FF1C971D20EB3DBD763F1E"
|
||||
"04D834EAA692D2E4001BBF4730A3E3FDA9711AE386524D91C63BE0E516D00D5C"
|
||||
"6141FCCF6C539F3518E180049865BE16B69CAE1F8CB7FDC474B38F7EE56CBE7D"
|
||||
"8A89D9BA99B65D5265AEF32AA62426B10E6D75BB8677EC44F755BBC2806FD2B4"
|
||||
"E04BDF5D44259DBEAA42B6F563DF7AA7506\"}"
|
||||
};
|
||||
heim_octet_string os;
|
||||
Certificate c0, c1;
|
||||
|
@@ -863,13 +863,14 @@ TPMVersion ::= INTEGER { tpm-v1(0) }
|
||||
TPMSecurityAssertions ::= SEQUENCE {
|
||||
version TPMVersion DEFAULT 0, -- v1
|
||||
fieldUpgradable BOOLEAN DEFAULT FALSE,
|
||||
ekGenerationType [0] IMPLICIT EKGenerationType OPTIONAL,
|
||||
ekGenerationLocation [1] IMPLICIT EKGenerationLocation OPTIONAL,
|
||||
ekCertificateGenerationLocation [2] IMPLICIT EKCertificateGenerationLocation OPTIONAL,
|
||||
-- These two are marked IMPLICIT, but...
|
||||
ccInfo [3] CommonCriteriaMeasures OPTIONAL,
|
||||
fipsLevel [4] FIPSLevel OPTIONAL,
|
||||
iso9000Certified [5] IMPLICIT BOOLEAN DEFAULT FALSE,
|
||||
-- The TCG EK cert profile spec says all these context tags are IMPLICIT,
|
||||
-- but samples in the field have them as EXPLICIT.
|
||||
ekGenerationType [0] EXPLICIT EKGenerationType OPTIONAL,
|
||||
ekGenerationLocation [1] EXPLICIT EKGenerationLocation OPTIONAL,
|
||||
ekCertificateGenerationLocation [2] EXPLICIT EKCertificateGenerationLocation OPTIONAL,
|
||||
ccInfo [3] EXPLICIT CommonCriteriaMeasures OPTIONAL,
|
||||
fipsLevel [4] EXPLICIT FIPSLevel OPTIONAL,
|
||||
iso9000Certified [5] EXPLICIT BOOLEAN DEFAULT FALSE,
|
||||
iso9000Uri IA5String OPTIONAL, -- (SIZE (1..URIMAX))
|
||||
...
|
||||
}
|
||||
|
Reference in New Issue
Block a user