diff --git a/lib/asn1/check-gen.c b/lib/asn1/check-gen.c index 7da76177f..f3e5b060c 100644 --- a/lib/asn1/check-gen.c +++ b/lib/asn1/check-gen.c @@ -2296,48 +2296,48 @@ test_ios(void) "1030A0100A2030A0100A310300E1603332E310A01040A01020101FFA40F300D1" "6053134302D320A0102010100\"],\"_values_choice\":\"\",\"_values\":[{\"_ty" "pe\":\"TPMSecurityAssertions\",\"version\":\"0\",\"fieldUpgradable\":true" - ",\"ekGenerationType\":\"655617\",\"ekGenerationLocation\":\"655616\",\"ek" - "CertificateGenerationLocation\":\"655616\",\"ccInfo\":{\"_type\":\"Commo" - "nCriteriaMeasures\",\"version\":\"3.1\",\"assurancelevel\":\"4\",\"evaluat" - "ionStatus\":\"2\",\"plus\":true,\"strengthOfFunction\":null,\"profileOid" - "\":null,\"profileUri\":null,\"targetOid\":null,\"targetUri\":null},\"fip" - "sLevel\":{\"_type\":\"FIPSLevel\",\"version\":\"140-2\",\"level\":\"2\",\"plus" - "\":false},\"iso9000Certified\":false,\"iso9000Uri\":null}]}]},{\"_type" - "\":\"Extension\",\"extnID\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.5.2" - "9.15\",\"components\":[2,5,29,15],\"name\":\"id-x509-ce-keyUsage\"},\"cr" - "itical\":true,\"extnValue\":\"03020520\",\"_extnValue_choice\":\"\",\"_ext" - "nValue\":[\"keyEncipherment\"]},{\"_type\":\"Extension\",\"extnID\":{\"_ty" - "pe\":\"OBJECT IDENTIFIER\",\"oid\":\"2.5.29.19\",\"components\":[2,5,29,1" - "9],\"name\":\"id-x509-ce-basicConstraints\"},\"critical\":true,\"extnVa" - "lue\":\"3000\",\"_extnValue_choice\":\"\",\"_extnValue\":{\"_type\":\"BasicC" - "onstraints\",\"cA\":false,\"pathLenConstraint\":null}},{\"_type\":\"Exte" - "nsion\",\"extnID\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.5.29.37\",\"" - "components\":[2,5,29,37],\"name\":\"id-x509-ce-extKeyUsage\"},\"critic" - "al\":false,\"extnValue\":\"300706056781050801\",\"_extnValue_choice\":\"" - "\",\"_extnValue\":[{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.23.133.8.1" - "\",\"components\":[2,23,133,8,1],\"name\":\"tcg-kp-EKCertificate\"}]},{" - "\"_type\":\"Extension\",\"extnID\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":" - "\"1.3.6.1.5.5.7.1.1\",\"components\":[1,3,6,1,5,5,7,1,1],\"name\":\"id-" - "pkix-pe-authorityInfoAccess\"},\"critical\":false,\"extnValue\":\"303C" - "303A06082B06010505073002862E687474703A2F2F7365637572652E676C6F62" - "616C7369676E2E636F6D2F73746D74706D656B696E7430352E637274\",\"_extn" - "Value_choice\":\"\",\"_extnValue\":[{\"_type\":\"AccessDescription\",\"acc" - "essMethod\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"1.3.6.1.5.5.7.48." - "2\",\"components\":[1,3,6,1,5,5,7,48,2],\"name\":\"id-pkix-ad-caIssuer" - "s\"},\"accessLocation\":{\"_choice\":\"uniformResourceIdentifier\",\"val" - "ue\":\"http://secure.globalsign.com/stmtpmekint05.crt\"}}]}]},\"sign" - "atureAlgorithm\":{\"_type\":\"AlgorithmIdentifier\",\"algorithm\":{\"_ty" - "pe\":\"OBJECT IDENTIFIER\",\"oid\":\"1.2.840.113549.1.1.11\",\"component" - "s\":[1,2,840,113549,1,1,11],\"name\":\"id-pkcs1-sha256WithRSAEncrypt" - "ion\"},\"parameters\":\"0500\"},\"signatureValue\":\"2048:3D4C381E5B4F1B" - "CBE09C63D52F1F04570CAEA142FD9CD942043B11F8E3BDCF50007AE16CF88690" - "13041E92CDD3280BA4B51FBBD40582ED750219E261A695095674855AACEB520A" - "DAFF9E7E908480A39CDCF900462D9171960FFE55D3AC49E8C981341BBD2EFBCC" - "252A4C18A4F3B7C84CCE42CE70A208C84D2630A7ABFBE72D6271E75B9FF1C971" - "D20EB3DBD763F1E04D834EAA692D2E4001BBF4730A3E3FDA9711AE386524D91C" - "63BE0E516D00D5C6141FCCF6C539F3518E180049865BE16B69CAE1F8CB7FDC47" - "4B38F7EE56CBE7D8A89D9BA99B65D5265AEF32AA62426B10E6D75BB8677EC44F" - "755BBC2806FD2B4E04BDF5D44259DBEAA42B6F563DF7AA7506\"}" + ",\"ekGenerationType\":\"1\",\"ekGenerationLocation\":\"0\",\"ekCertificat" + "eGenerationLocation\":\"0\",\"ccInfo\":{\"_type\":\"CommonCriteriaMeasur" + "es\",\"version\":\"3.1\",\"assurancelevel\":\"4\",\"evaluationStatus\":\"2\"," + "\"plus\":true,\"strengthOfFunction\":null,\"profileOid\":null,\"profile" + "Uri\":null,\"targetOid\":null,\"targetUri\":null},\"fipsLevel\":{\"_type" + "\":\"FIPSLevel\",\"version\":\"140-2\",\"level\":\"2\",\"plus\":false},\"iso90" + "00Certified\":false,\"iso9000Uri\":null}]}]},{\"_type\":\"Extension\",\"" + "extnID\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.5.29.15\",\"componen" + "ts\":[2,5,29,15],\"name\":\"id-x509-ce-keyUsage\"},\"critical\":true,\"e" + "xtnValue\":\"03020520\",\"_extnValue_choice\":\"\",\"_extnValue\":[\"keyEn" + "cipherment\"]},{\"_type\":\"Extension\",\"extnID\":{\"_type\":\"OBJECT IDE" + "NTIFIER\",\"oid\":\"2.5.29.19\",\"components\":[2,5,29,19],\"name\":\"id-x" + "509-ce-basicConstraints\"},\"critical\":true,\"extnValue\":\"3000\",\"_e" + "xtnValue_choice\":\"\",\"_extnValue\":{\"_type\":\"BasicConstraints\",\"cA" + "\":false,\"pathLenConstraint\":null}},{\"_type\":\"Extension\",\"extnID\"" + ":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.5.29.37\",\"components\":[2," + "5,29,37],\"name\":\"id-x509-ce-extKeyUsage\"},\"critical\":false,\"extn" + "Value\":\"300706056781050801\",\"_extnValue_choice\":\"\",\"_extnValue\":" + "[{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.23.133.8.1\",\"components\":" + "[2,23,133,8,1],\"name\":\"tcg-kp-EKCertificate\"}]},{\"_type\":\"Extens" + "ion\",\"extnID\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"1.3.6.1.5.5.7." + "1.1\",\"components\":[1,3,6,1,5,5,7,1,1],\"name\":\"id-pkix-pe-authori" + "tyInfoAccess\"},\"critical\":false,\"extnValue\":\"303C303A06082B06010" + "505073002862E687474703A2F2F7365637572652E676C6F62616C7369676E2E6" + "36F6D2F73746D74706D656B696E7430352E637274\",\"_extnValue_choice\":\"" + "\",\"_extnValue\":[{\"_type\":\"AccessDescription\",\"accessMethod\":{\"_t" + "ype\":\"OBJECT IDENTIFIER\",\"oid\":\"1.3.6.1.5.5.7.48.2\",\"components\"" + ":[1,3,6,1,5,5,7,48,2],\"name\":\"id-pkix-ad-caIssuers\"},\"accessLoca" + "tion\":{\"_choice\":\"uniformResourceIdentifier\",\"value\":\"http://sec" + "ure.globalsign.com/stmtpmekint05.crt\"}}]}]},\"signatureAlgorithm\"" + ":{\"_type\":\"AlgorithmIdentifier\",\"algorithm\":{\"_type\":\"OBJECT IDE" + "NTIFIER\",\"oid\":\"1.2.840.113549.1.1.11\",\"components\":[1,2,840,113" + "549,1,1,11],\"name\":\"id-pkcs1-sha256WithRSAEncryption\"},\"paramete" + "rs\":\"0500\"},\"signatureValue\":\"2048:3D4C381E5B4F1BCBE09C63D52F1F0" + "4570CAEA142FD9CD942043B11F8E3BDCF50007AE16CF8869013041E92CDD3280" + "BA4B51FBBD40582ED750219E261A695095674855AACEB520ADAFF9E7E908480A" + "39CDCF900462D9171960FFE55D3AC49E8C981341BBD2EFBCC252A4C18A4F3B7C" + "84CCE42CE70A208C84D2630A7ABFBE72D6271E75B9FF1C971D20EB3DBD763F1E" + "04D834EAA692D2E4001BBF4730A3E3FDA9711AE386524D91C63BE0E516D00D5C" + "6141FCCF6C539F3518E180049865BE16B69CAE1F8CB7FDC474B38F7EE56CBE7D" + "8A89D9BA99B65D5265AEF32AA62426B10E6D75BB8677EC44F755BBC2806FD2B4" + "E04BDF5D44259DBEAA42B6F563DF7AA7506\"}" }; heim_octet_string os; Certificate c0, c1; diff --git a/lib/asn1/rfc2459.asn1 b/lib/asn1/rfc2459.asn1 index f1de4dd81..bd6df0b67 100644 --- a/lib/asn1/rfc2459.asn1 +++ b/lib/asn1/rfc2459.asn1 @@ -863,13 +863,14 @@ TPMVersion ::= INTEGER { tpm-v1(0) } TPMSecurityAssertions ::= SEQUENCE { version TPMVersion DEFAULT 0, -- v1 fieldUpgradable BOOLEAN DEFAULT FALSE, - ekGenerationType [0] IMPLICIT EKGenerationType OPTIONAL, - ekGenerationLocation [1] IMPLICIT EKGenerationLocation OPTIONAL, - ekCertificateGenerationLocation [2] IMPLICIT EKCertificateGenerationLocation OPTIONAL, - -- These two are marked IMPLICIT, but... - ccInfo [3] CommonCriteriaMeasures OPTIONAL, - fipsLevel [4] FIPSLevel OPTIONAL, - iso9000Certified [5] IMPLICIT BOOLEAN DEFAULT FALSE, + -- The TCG EK cert profile spec says all these context tags are IMPLICIT, + -- but samples in the field have them as EXPLICIT. + ekGenerationType [0] EXPLICIT EKGenerationType OPTIONAL, + ekGenerationLocation [1] EXPLICIT EKGenerationLocation OPTIONAL, + ekCertificateGenerationLocation [2] EXPLICIT EKCertificateGenerationLocation OPTIONAL, + ccInfo [3] EXPLICIT CommonCriteriaMeasures OPTIONAL, + fipsLevel [4] EXPLICIT FIPSLevel OPTIONAL, + iso9000Certified [5] EXPLICIT BOOLEAN DEFAULT FALSE, iso9000Uri IA5String OPTIONAL, -- (SIZE (1..URIMAX)) ... }