oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

asn1: Some TPM fields have to be EXPLICIT

Browse Source 
The TCG EK cert profile says that the context tags in the
TPMSecurityAssertions type are IMPLICIT.  The sample EK cert we have
has them as EXPLICIT.

What to do?
This commit is contained in:
Nicolas Williams
2021-03-07 00:31:47 -06:00
parent f7a018f002
commit be61d72be3
2 changed files with 50 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

84
lib/asn1/check-gen.c
View File

@@ -2296,48 +2296,48 @@ test_ios(void)
"1030A0100A2030A0100A310300E1603332E310A01040A01020101FFA40F300D1"
"6053134302D320A0102010100\"],\"_values_choice\":\"\",\"_values\":[{\"_ty"
"pe\":\"TPMSecurityAssertions\",\"version\":\"0\",\"fieldUpgradable\":true"
",\"ekGenerationType\":\"655617\",\"ekGenerationLocation\":\"655616\",\"ek"
"CertificateGenerationLocation\":\"655616\",\"ccInfo\":{\"_type\":\"Commo"
"nCriteriaMeasures\",\"version\":\"3.1\",\"assurancelevel\":\"4\",\"evaluat"
"ionStatus\":\"2\",\"plus\":true,\"strengthOfFunction\":null,\"profileOid"
"\":null,\"profileUri\":null,\"targetOid\":null,\"targetUri\":null},\"fip"
"sLevel\":{\"_type\":\"FIPSLevel\",\"version\":\"140-2\",\"level\":\"2\",\"plus"
"\":false},\"iso9000Certified\":false,\"iso9000Uri\":null}]}]},{\"_type"
"\":\"Extension\",\"extnID\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.5.2"
"9.15\",\"components\":[2,5,29,15],\"name\":\"id-x509-ce-keyUsage\"},\"cr"
"itical\":true,\"extnValue\":\"03020520\",\"_extnValue_choice\":\"\",\"_ext"
"nValue\":[\"keyEncipherment\"]},{\"_type\":\"Extension\",\"extnID\":{\"_ty"
"pe\":\"OBJECT IDENTIFIER\",\"oid\":\"2.5.29.19\",\"components\":[2,5,29,1"
"9],\"name\":\"id-x509-ce-basicConstraints\"},\"critical\":true,\"extnVa"
"lue\":\"3000\",\"_extnValue_choice\":\"\",\"_extnValue\":{\"_type\":\"BasicC"
"onstraints\",\"cA\":false,\"pathLenConstraint\":null}},{\"_type\":\"Exte"
"nsion\",\"extnID\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.5.29.37\",\""
"components\":[2,5,29,37],\"name\":\"id-x509-ce-extKeyUsage\"},\"critic"
"al\":false,\"extnValue\":\"300706056781050801\",\"_extnValue_choice\":\""
"\",\"_extnValue\":[{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.23.133.8.1"
"\",\"components\":[2,23,133,8,1],\"name\":\"tcg-kp-EKCertificate\"}]},{"
"\"_type\":\"Extension\",\"extnID\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":"
"\"1.3.6.1.5.5.7.1.1\",\"components\":[1,3,6,1,5,5,7,1,1],\"name\":\"id-"
"pkix-pe-authorityInfoAccess\"},\"critical\":false,\"extnValue\":\"303C"
"303A06082B06010505073002862E687474703A2F2F7365637572652E676C6F62"
"616C7369676E2E636F6D2F73746D74706D656B696E7430352E637274\",\"_extn"
"Value_choice\":\"\",\"_extnValue\":[{\"_type\":\"AccessDescription\",\"acc"
"essMethod\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"1.3.6.1.5.5.7.48."
"2\",\"components\":[1,3,6,1,5,5,7,48,2],\"name\":\"id-pkix-ad-caIssuer"
"s\"},\"accessLocation\":{\"_choice\":\"uniformResourceIdentifier\",\"val"
"ue\":\"http://secure.globalsign.com/stmtpmekint05.crt\"}}]}]},\"sign"
"atureAlgorithm\":{\"_type\":\"AlgorithmIdentifier\",\"algorithm\":{\"_ty"
"pe\":\"OBJECT IDENTIFIER\",\"oid\":\"1.2.840.113549.1.1.11\",\"component"
"s\":[1,2,840,113549,1,1,11],\"name\":\"id-pkcs1-sha256WithRSAEncrypt"
"ion\"},\"parameters\":\"0500\"},\"signatureValue\":\"2048:3D4C381E5B4F1B"
"CBE09C63D52F1F04570CAEA142FD9CD942043B11F8E3BDCF50007AE16CF88690"
"13041E92CDD3280BA4B51FBBD40582ED750219E261A695095674855AACEB520A"
"DAFF9E7E908480A39CDCF900462D9171960FFE55D3AC49E8C981341BBD2EFBCC"
"252A4C18A4F3B7C84CCE42CE70A208C84D2630A7ABFBE72D6271E75B9FF1C971"
"D20EB3DBD763F1E04D834EAA692D2E4001BBF4730A3E3FDA9711AE386524D91C"
"63BE0E516D00D5C6141FCCF6C539F3518E180049865BE16B69CAE1F8CB7FDC47"
"4B38F7EE56CBE7D8A89D9BA99B65D5265AEF32AA62426B10E6D75BB8677EC44F"
"755BBC2806FD2B4E04BDF5D44259DBEAA42B6F563DF7AA7506\"}"
",\"ekGenerationType\":\"1\",\"ekGenerationLocation\":\"0\",\"ekCertificat"
"eGenerationLocation\":\"0\",\"ccInfo\":{\"_type\":\"CommonCriteriaMeasur"
"es\",\"version\":\"3.1\",\"assurancelevel\":\"4\",\"evaluationStatus\":\"2\","
"\"plus\":true,\"strengthOfFunction\":null,\"profileOid\":null,\"profile"
"Uri\":null,\"targetOid\":null,\"targetUri\":null},\"fipsLevel\":{\"_type"
"\":\"FIPSLevel\",\"version\":\"140-2\",\"level\":\"2\",\"plus\":false},\"iso90"
"00Certified\":false,\"iso9000Uri\":null}]}]},{\"_type\":\"Extension\",\""
"extnID\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.5.29.15\",\"componen"
"ts\":[2,5,29,15],\"name\":\"id-x509-ce-keyUsage\"},\"critical\":true,\"e"
"xtnValue\":\"03020520\",\"_extnValue_choice\":\"\",\"_extnValue\":[\"keyEn"
"cipherment\"]},{\"_type\":\"Extension\",\"extnID\":{\"_type\":\"OBJECT IDE"
"NTIFIER\",\"oid\":\"2.5.29.19\",\"components\":[2,5,29,19],\"name\":\"id-x"
"509-ce-basicConstraints\"},\"critical\":true,\"extnValue\":\"3000\",\"_e"
"xtnValue_choice\":\"\",\"_extnValue\":{\"_type\":\"BasicConstraints\",\"cA"
"\":false,\"pathLenConstraint\":null}},{\"_type\":\"Extension\",\"extnID\""
":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.5.29.37\",\"components\":[2,"
"5,29,37],\"name\":\"id-x509-ce-extKeyUsage\"},\"critical\":false,\"extn"
"Value\":\"300706056781050801\",\"_extnValue_choice\":\"\",\"_extnValue\":"
"[{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.23.133.8.1\",\"components\":"
"[2,23,133,8,1],\"name\":\"tcg-kp-EKCertificate\"}]},{\"_type\":\"Extens"
"ion\",\"extnID\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"1.3.6.1.5.5.7."
"1.1\",\"components\":[1,3,6,1,5,5,7,1,1],\"name\":\"id-pkix-pe-authori"
"tyInfoAccess\"},\"critical\":false,\"extnValue\":\"303C303A06082B06010"
"505073002862E687474703A2F2F7365637572652E676C6F62616C7369676E2E6"
"36F6D2F73746D74706D656B696E7430352E637274\",\"_extnValue_choice\":\""
"\",\"_extnValue\":[{\"_type\":\"AccessDescription\",\"accessMethod\":{\"_t"
"ype\":\"OBJECT IDENTIFIER\",\"oid\":\"1.3.6.1.5.5.7.48.2\",\"components\""
":[1,3,6,1,5,5,7,48,2],\"name\":\"id-pkix-ad-caIssuers\"},\"accessLoca"
"tion\":{\"_choice\":\"uniformResourceIdentifier\",\"value\":\"http://sec"
"ure.globalsign.com/stmtpmekint05.crt\"}}]}]},\"signatureAlgorithm\""
":{\"_type\":\"AlgorithmIdentifier\",\"algorithm\":{\"_type\":\"OBJECT IDE"
"NTIFIER\",\"oid\":\"1.2.840.113549.1.1.11\",\"components\":[1,2,840,113"
"549,1,1,11],\"name\":\"id-pkcs1-sha256WithRSAEncryption\"},\"paramete"
"rs\":\"0500\"},\"signatureValue\":\"2048:3D4C381E5B4F1BCBE09C63D52F1F0"
"4570CAEA142FD9CD942043B11F8E3BDCF50007AE16CF8869013041E92CDD3280"
"BA4B51FBBD40582ED750219E261A695095674855AACEB520ADAFF9E7E908480A"
"39CDCF900462D9171960FFE55D3AC49E8C981341BBD2EFBCC252A4C18A4F3B7C"
"84CCE42CE70A208C84D2630A7ABFBE72D6271E75B9FF1C971D20EB3DBD763F1E"
"04D834EAA692D2E4001BBF4730A3E3FDA9711AE386524D91C63BE0E516D00D5C"
"6141FCCF6C539F3518E180049865BE16B69CAE1F8CB7FDC474B38F7EE56CBE7D"
"8A89D9BA99B65D5265AEF32AA62426B10E6D75BB8677EC44F755BBC2806FD2B4"
"E04BDF5D44259DBEAA42B6F563DF7AA7506\"}"
};
heim_octet_string os;
Certificate c0, c1;