oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

asn1: Some TPM fields have to be EXPLICIT

Browse Source 
The TCG EK cert profile says that the context tags in the
TPMSecurityAssertions type are IMPLICIT.  The sample EK cert we have
has them as EXPLICIT.

What to do?
This commit is contained in:
Nicolas Williams
2021-03-07 00:31:47 -06:00
parent f7a018f002
commit be61d72be3
2 changed files with 50 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

84
lib/asn1/check-gen.c
View File

@@ -2296,48 +2296,48 @@ test_ios(void)
"1030A0100A2030A0100A310300E1603332E310A01040A01020101FFA40F300D1" "1030A0100A2030A0100A310300E1603332E310A01040A01020101FFA40F300D1"
"6053134302D320A0102010100\"],\"_values_choice\":\"\",\"_values\":[{\"_ty" "6053134302D320A0102010100\"],\"_values_choice\":\"\",\"_values\":[{\"_ty"
"pe\":\"TPMSecurityAssertions\",\"version\":\"0\",\"fieldUpgradable\":true" "pe\":\"TPMSecurityAssertions\",\"version\":\"0\",\"fieldUpgradable\":true"
",\"ekGenerationType\":\"655617\",\"ekGenerationLocation\":\"655616\",\"ek" ",\"ekGenerationType\":\"1\",\"ekGenerationLocation\":\"0\",\"ekCertificat"
"CertificateGenerationLocation\":\"655616\",\"ccInfo\":{\"_type\":\"Commo" "eGenerationLocation\":\"0\",\"ccInfo\":{\"_type\":\"CommonCriteriaMeasur"
"nCriteriaMeasures\",\"version\":\"3.1\",\"assurancelevel\":\"4\",\"evaluat" "es\",\"version\":\"3.1\",\"assurancelevel\":\"4\",\"evaluationStatus\":\"2\","
"ionStatus\":\"2\",\"plus\":true,\"strengthOfFunction\":null,\"profileOid" "\"plus\":true,\"strengthOfFunction\":null,\"profileOid\":null,\"profile"
"\":null,\"profileUri\":null,\"targetOid\":null,\"targetUri\":null},\"fip" "Uri\":null,\"targetOid\":null,\"targetUri\":null},\"fipsLevel\":{\"_type"
"sLevel\":{\"_type\":\"FIPSLevel\",\"version\":\"140-2\",\"level\":\"2\",\"plus" "\":\"FIPSLevel\",\"version\":\"140-2\",\"level\":\"2\",\"plus\":false},\"iso90"
"\":false},\"iso9000Certified\":false,\"iso9000Uri\":null}]}]},{\"_type" "00Certified\":false,\"iso9000Uri\":null}]}]},{\"_type\":\"Extension\",\""
"\":\"Extension\",\"extnID\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.5.2" "extnID\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.5.29.15\",\"componen"
"9.15\",\"components\":[2,5,29,15],\"name\":\"id-x509-ce-keyUsage\"},\"cr" "ts\":[2,5,29,15],\"name\":\"id-x509-ce-keyUsage\"},\"critical\":true,\"e"
"itical\":true,\"extnValue\":\"03020520\",\"_extnValue_choice\":\"\",\"_ext" "xtnValue\":\"03020520\",\"_extnValue_choice\":\"\",\"_extnValue\":[\"keyEn"
"nValue\":[\"keyEncipherment\"]},{\"_type\":\"Extension\",\"extnID\":{\"_ty" "cipherment\"]},{\"_type\":\"Extension\",\"extnID\":{\"_type\":\"OBJECT IDE"
"pe\":\"OBJECT IDENTIFIER\",\"oid\":\"2.5.29.19\",\"components\":[2,5,29,1" "NTIFIER\",\"oid\":\"2.5.29.19\",\"components\":[2,5,29,19],\"name\":\"id-x"
"9],\"name\":\"id-x509-ce-basicConstraints\"},\"critical\":true,\"extnVa" "509-ce-basicConstraints\"},\"critical\":true,\"extnValue\":\"3000\",\"_e"
"lue\":\"3000\",\"_extnValue_choice\":\"\",\"_extnValue\":{\"_type\":\"BasicC" "xtnValue_choice\":\"\",\"_extnValue\":{\"_type\":\"BasicConstraints\",\"cA"
"onstraints\",\"cA\":false,\"pathLenConstraint\":null}},{\"_type\":\"Exte" "\":false,\"pathLenConstraint\":null}},{\"_type\":\"Extension\",\"extnID\""
"nsion\",\"extnID\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.5.29.37\",\"" ":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.5.29.37\",\"components\":[2,"
"components\":[2,5,29,37],\"name\":\"id-x509-ce-extKeyUsage\"},\"critic" "5,29,37],\"name\":\"id-x509-ce-extKeyUsage\"},\"critical\":false,\"extn"
"al\":false,\"extnValue\":\"300706056781050801\",\"_extnValue_choice\":\"" "Value\":\"300706056781050801\",\"_extnValue_choice\":\"\",\"_extnValue\":"
"\",\"_extnValue\":[{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.23.133.8.1" "[{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"2.23.133.8.1\",\"components\":"
"\",\"components\":[2,23,133,8,1],\"name\":\"tcg-kp-EKCertificate\"}]},{" "[2,23,133,8,1],\"name\":\"tcg-kp-EKCertificate\"}]},{\"_type\":\"Extens"
"\"_type\":\"Extension\",\"extnID\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":" "ion\",\"extnID\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"1.3.6.1.5.5.7."
"\"1.3.6.1.5.5.7.1.1\",\"components\":[1,3,6,1,5,5,7,1,1],\"name\":\"id-" "1.1\",\"components\":[1,3,6,1,5,5,7,1,1],\"name\":\"id-pkix-pe-authori"
"pkix-pe-authorityInfoAccess\"},\"critical\":false,\"extnValue\":\"303C" "tyInfoAccess\"},\"critical\":false,\"extnValue\":\"303C303A06082B06010"
"303A06082B06010505073002862E687474703A2F2F7365637572652E676C6F62" "505073002862E687474703A2F2F7365637572652E676C6F62616C7369676E2E6"
"616C7369676E2E636F6D2F73746D74706D656B696E7430352E637274\",\"_extn" "36F6D2F73746D74706D656B696E7430352E637274\",\"_extnValue_choice\":\""
"Value_choice\":\"\",\"_extnValue\":[{\"_type\":\"AccessDescription\",\"acc" "\",\"_extnValue\":[{\"_type\":\"AccessDescription\",\"accessMethod\":{\"_t"
"essMethod\":{\"_type\":\"OBJECT IDENTIFIER\",\"oid\":\"1.3.6.1.5.5.7.48." "ype\":\"OBJECT IDENTIFIER\",\"oid\":\"1.3.6.1.5.5.7.48.2\",\"components\""
"2\",\"components\":[1,3,6,1,5,5,7,48,2],\"name\":\"id-pkix-ad-caIssuer" ":[1,3,6,1,5,5,7,48,2],\"name\":\"id-pkix-ad-caIssuers\"},\"accessLoca"
"s\"},\"accessLocation\":{\"_choice\":\"uniformResourceIdentifier\",\"val" "tion\":{\"_choice\":\"uniformResourceIdentifier\",\"value\":\"http://sec"
"ue\":\"http://secure.globalsign.com/stmtpmekint05.crt\"}}]}]},\"sign" "ure.globalsign.com/stmtpmekint05.crt\"}}]}]},\"signatureAlgorithm\""
"atureAlgorithm\":{\"_type\":\"AlgorithmIdentifier\",\"algorithm\":{\"_ty" ":{\"_type\":\"AlgorithmIdentifier\",\"algorithm\":{\"_type\":\"OBJECT IDE"
"pe\":\"OBJECT IDENTIFIER\",\"oid\":\"1.2.840.113549.1.1.11\",\"component" "NTIFIER\",\"oid\":\"1.2.840.113549.1.1.11\",\"components\":[1,2,840,113"
"s\":[1,2,840,113549,1,1,11],\"name\":\"id-pkcs1-sha256WithRSAEncrypt" "549,1,1,11],\"name\":\"id-pkcs1-sha256WithRSAEncryption\"},\"paramete"
"ion\"},\"parameters\":\"0500\"},\"signatureValue\":\"2048:3D4C381E5B4F1B" "rs\":\"0500\"},\"signatureValue\":\"2048:3D4C381E5B4F1BCBE09C63D52F1F0"
"CBE09C63D52F1F04570CAEA142FD9CD942043B11F8E3BDCF50007AE16CF88690" "4570CAEA142FD9CD942043B11F8E3BDCF50007AE16CF8869013041E92CDD3280"
"13041E92CDD3280BA4B51FBBD40582ED750219E261A695095674855AACEB520A" "BA4B51FBBD40582ED750219E261A695095674855AACEB520ADAFF9E7E908480A"
"DAFF9E7E908480A39CDCF900462D9171960FFE55D3AC49E8C981341BBD2EFBCC" "39CDCF900462D9171960FFE55D3AC49E8C981341BBD2EFBCC252A4C18A4F3B7C"
"252A4C18A4F3B7C84CCE42CE70A208C84D2630A7ABFBE72D6271E75B9FF1C971" "84CCE42CE70A208C84D2630A7ABFBE72D6271E75B9FF1C971D20EB3DBD763F1E"
"D20EB3DBD763F1E04D834EAA692D2E4001BBF4730A3E3FDA9711AE386524D91C" "04D834EAA692D2E4001BBF4730A3E3FDA9711AE386524D91C63BE0E516D00D5C"
"63BE0E516D00D5C6141FCCF6C539F3518E180049865BE16B69CAE1F8CB7FDC47" "6141FCCF6C539F3518E180049865BE16B69CAE1F8CB7FDC474B38F7EE56CBE7D"
"4B38F7EE56CBE7D8A89D9BA99B65D5265AEF32AA62426B10E6D75BB8677EC44F" "8A89D9BA99B65D5265AEF32AA62426B10E6D75BB8677EC44F755BBC2806FD2B4"
"755BBC2806FD2B4E04BDF5D44259DBEAA42B6F563DF7AA7506\"}" "E04BDF5D44259DBEAA42B6F563DF7AA7506\"}"
}; };
heim_octet_string os; heim_octet_string os;
Certificate c0, c1; Certificate c0, c1;

15
lib/asn1/rfc2459.asn1
View File

@@ -863,13 +863,14 @@ TPMVersion ::= INTEGER { tpm-v1(0) }
TPMSecurityAssertions ::= SEQUENCE { TPMSecurityAssertions ::= SEQUENCE {
version TPMVersion DEFAULT 0, -- v1 version TPMVersion DEFAULT 0, -- v1
fieldUpgradable BOOLEAN DEFAULT FALSE, fieldUpgradable BOOLEAN DEFAULT FALSE,
ekGenerationType [0] IMPLICIT EKGenerationType OPTIONAL, -- The TCG EK cert profile spec says all these context tags are IMPLICIT,
ekGenerationLocation [1] IMPLICIT EKGenerationLocation OPTIONAL, -- but samples in the field have them as EXPLICIT.
ekCertificateGenerationLocation [2] IMPLICIT EKCertificateGenerationLocation OPTIONAL, ekGenerationType [0] EXPLICIT EKGenerationType OPTIONAL,
-- These two are marked IMPLICIT, but... ekGenerationLocation [1] EXPLICIT EKGenerationLocation OPTIONAL,
ccInfo [3] CommonCriteriaMeasures OPTIONAL, ekCertificateGenerationLocation [2] EXPLICIT EKCertificateGenerationLocation OPTIONAL,
fipsLevel [4] FIPSLevel OPTIONAL, ccInfo [3] EXPLICIT CommonCriteriaMeasures OPTIONAL,
iso9000Certified [5] IMPLICIT BOOLEAN DEFAULT FALSE, fipsLevel [4] EXPLICIT FIPSLevel OPTIONAL,
iso9000Certified [5] EXPLICIT BOOLEAN DEFAULT FALSE,
iso9000Uri IA5String OPTIONAL, -- (SIZE (1..URIMAX)) iso9000Uri IA5String OPTIONAL, -- (SIZE (1..URIMAX))
... ...
} }