heimdal

Files

Nicolas Williams 989fd1199b hx509: Add TCG EK and DevID certs to test with

These are sample certificates from the Trusted Computing Group
Endorsement Key Credential Profile For TPM Family 2.0; Level 0.

 - lib/hx509/data/tcg-ek-cp.pem (Endorsement Key certificate)
 - lib/hx509/data/tcg-devid.pem (DevID certificate)

https://trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_EK_V2.0_R14_published.pdf
https://trustedcomputinggroup.org/wp-content/uploads/TCG_IWG_EKCredentialProfile_v2p3_r2_pub.pdf
https://trustedcomputinggroup.org/wp-content/uploads/TCG_IWG_DevID_v1r2_02dec2020.pdf

This certificate came from the Trusted Computing Group Endorsement Key
(EK) Credential Profile [0], Appendix A, page 34.

[0] https://trustedcomputinggroup.org/wp-content/uploads/TCG_IWG_EKCredentialProfile_v2p3_r2_pub.pdf

Note that hxtool at this point both certificates, including all their
extensions, HardwareModule Name SAN, certificate policies, and the new
DN attributes TPMVersion, TPMModel, and TPMManufacturer, as shown below.

The work on the ASN.1 compiler helped.

The goal of this work will be to enable a Heimdal service for device
enrolment using TPMs.  More TCG profiling has to be done, and perhaps
some ECC work as well.  But Heimdal will mostly just be a relying party
and CA, and will not include the client side piece of enrolment.

$ cd build/lib/hx509
$ ./hxtool print --content PEM-FILE:../../../lib/hx509/data/tcg-ek-cp.pem
cert: 0
    friendly name:
    private key: no
    issuer:  "CN=ExampleCA"
    subject: ""
    serial: 01
    keyusage: keyEncipherment
subject name:
issuer name: CN=ExampleCA
Validity:
        notBefore 2014-01-15 15:40:50
        notAfter  2015-01-15 15:40:50
checking extension: authorityInfoAccess
        Critical not set on MUST
        type: 1.3.6.1.5.5.7.48.2
        dirname: URI: http://www.example.com/ExampleCA.crt
checking extension: keyUsage
checking extension: subjectAltName
        Critical set on MUST NOT
        directoryName: TPMVersion=id:00010023,TPMModel=ABCDEF123456,TPMManufacturer=id:54434700
checking extension: basicConstraints
        is NOT a CA
checking extension: cRLDistributionPoints
CRL Distribution Points:
Fullname:
   URI: http://www.example.com/ExampleCA.crl
checking extension: certificatePolicies
        Policy: 1.2.3.4
checking extension: authorityKeyIdentifier
        authority key id: 347767244C44AFE79E2AE0B24C69579524B33DDA
checking extension: extKeyUsage
        eku-0: 2.23.133.8.1
checking extension: subjectDirectoryAttributes
Doesn't have SubjectKeyIdentifier
$
$
$ ./hxtool print --content PEM-FILE:../../../lib/hx509/data/tcg-devid.pem
cert: 0
    friendly name:
    private key: no
    issuer:  "CN=ExampleCA"
    subject: ""
    serial: 01
    keyusage: keyEncipherment
subject name:
issuer name: CN=ExampleCA
Validity:
        notBefore 2014-01-15 15:40:50
        notAfter  2015-01-15 15:40:50
checking extension: authorityInfoAccess
        Critical not set on MUST
        type: 1.3.6.1.5.5.7.48.2
        dirname: URI: http://www.example.com/ExampleCA.crt
checking extension: keyUsage
checking extension: subjectAltName
        Critical set on MUST NOT
        directoryName: TPMVersion=id:00010023,TPMModel=ABCDEF123456,TPMManufacturer=id:54434700
        otherName: 1.3.6.1.5.5.7.8.4 HardwareModuleName 2.23.133.1.2:tpmserialnumber
checking extension: basicConstraints
        is NOT a CA
checking extension: cRLDistributionPoints
CRL Distribution Points:
Fullname:
   URI: http://www.example.com/ExampleCA.crl
checking extension: certificatePolicies
        Policy: 1.2.3.4
checking extension: authorityKeyIdentifier
        authority key id: 347767244C44AFE79E2AE0B24C69579524B33DDA
checking extension: extKeyUsage
        eku-0: 2.23.133.8.1
checking extension: subjectDirectoryAttributes
Doesn't have SubjectKeyIdentifier
$

2021-01-15 13:21:18 -06:00

bleichenbacher-bad.pem

test bleichenbacher from eay

2006-09-12 22:04:42 +00:00

bleichenbacher-good.pem

test bleichenbacher from eay

2006-09-12 22:04:42 +00:00

bleichenbacher-sf-pad-correct.pem

starfield test root cert and Ralf-Philipp and Andreis correctly padded bad cert

2006-09-19 14:02:43 +00:00

ca.crt

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

ca.key

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

crl1.crl

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

crl1.der

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

eccurve.pem

regen

2009-02-07 15:13:28 +00:00

gen-req.sh

For https://github.com/heimdal/heimdal/issues/392

2019-03-22 17:49:46 -04:00

https.crt

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

https.key

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

j.pem

2007-06-04 22:53:18 +00:00

kdc.crt

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

kdc.key

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

key2.der

another key

2007-01-04 01:56:37 +00:00

key.der

needed for cert request test

2006-04-03 12:17:20 +00:00

mkcert.sh

For https://github.com/heimdal/heimdal/issues/392

2019-03-22 17:49:46 -04:00

n0ll.pem

reference to where cert comes from

2009-09-30 01:20:25 -07:00

nist-data

Make work on case senstive filesystems too.

2007-08-16 13:54:25 +00:00

nist-data2

nist pkits tests

2007-08-03 10:38:52 +00:00

nist-result2

4.3.5 failes

2010-05-26 11:20:21 -05:00

no-proxy-test.crt

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

no-proxy-test.key

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

ocsp-req1.der

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

ocsp-req2.der

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

ocsp-resp1-2.der

make ca use openssl ca command so we can add ocsp tests, and regen certs

2006-04-01 00:41:04 +00:00

ocsp-resp1-3.der

make ca use openssl ca command so we can add ocsp tests, and regen certs

2006-04-01 00:41:04 +00:00

ocsp-resp1-ca.der

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

ocsp-resp1-keyhash.der

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

ocsp-resp1-ocsp-no-cert.der

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

ocsp-resp1-ocsp.der

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

ocsp-resp1.der

make ca use openssl ca command so we can add ocsp tests, and regen certs

2006-04-01 00:41:04 +00:00

ocsp-resp2.der

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

ocsp-responder.crt

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

ocsp-responder.key

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

openssl.1.0.cnf

hx509: update gen_req.sh for OpenSSL 1.1 (#392 )

2018-12-24 12:13:29 -06:00

openssl.1.1.cnf

For https://github.com/heimdal/heimdal/issues/392

2019-03-22 18:23:45 -04:00

pkinit-ec.crt

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

pkinit-ec.key

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

pkinit-proxy-chain.crt

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

pkinit-proxy.crt

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

pkinit-proxy.key

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

pkinit-pw.key

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

pkinit.crt

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

pkinit.key

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

PKITS_data.zip

NIST PKITS tests

2007-08-01 19:20:04 +00:00

PKITS.pdf

NIST PKITS tests

2007-08-01 19:20:04 +00:00

proxy10-child-child-test.crt

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

proxy10-child-child-test.key

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

proxy10-child-test.crt

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

proxy10-child-test.key

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

proxy10-test.crt

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

proxy10-test.key

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

proxy-level-test.crt

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

proxy-level-test.key

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

proxy-test.crt

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

proxy-test.key

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

revoke.crt

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

revoke.key

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

secp256r1TestCA.cert.pem

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

secp256r1TestCA.key.pem

Use P-256 for EC tests

2014-03-12 21:18:03 -04:00

secp256r1TestCA.pem

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

secp256r2TestClient.cert.pem

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

secp256r2TestClient.key.pem

Use P-256 for EC tests

2014-03-12 21:18:03 -04:00

secp256r2TestClient.pem

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

secp256r2TestServer.cert.pem

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

secp256r2TestServer.key.pem

Use P-256 for EC tests

2014-03-12 21:18:03 -04:00

secp256r2TestServer.pem

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

sf-class2-root.pem

starfield test root cert and Ralf-Philipp and Andreis correctly padded bad cert

2006-09-19 14:02:43 +00:00

static-file

its vs it\'s etc. From Bjorn Sandell

2007-11-14 20:04:50 +00:00

sub-ca.crt

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

sub-ca.key

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

sub-cert.crt

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

sub-cert.key

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

sub-cert.p12

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

tcg-devid.pem

hx509: Add TCG EK and DevID certs to test with

2021-01-15 13:21:18 -06:00

tcg-ek-cp.pem

hx509: Add TCG EK and DevID certs to test with

2021-01-15 13:21:18 -06:00

test-ds-only.crt

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

test-ds-only.key

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

test-enveloped-aes-128

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

test-enveloped-aes-256

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

test-enveloped-des

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

test-enveloped-des-ede3

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

test-enveloped-rc2-40

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

test-enveloped-rc2-64

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

test-enveloped-rc2-128

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

test-ke-only.crt

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

test-ke-only.key

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

test-nopw.p12

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

test-pw.key

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

test-signed-data

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

test-signed-data-noattr

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

test-signed-data-noattr-nocerts

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

test-signed-sha-1

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

test-signed-sha-256

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

test-signed-sha-512

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

test.combined.crt

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

test.crt

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

test.key

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

test.p12

Fixes https://github.com/heimdal/heimdal/issues/533

2019-03-22 20:59:04 -04:00

win-u16-in-printablestring.der

make printablestring and ia5string octetstrings

2010-08-08 15:51:33 -07:00

yutaka-pad-broken-ca.pem

yutaka test certs

2006-09-15 06:07:55 +00:00

yutaka-pad-broken-cert.pem

yutaka test certs

2006-09-15 06:07:55 +00:00

yutaka-pad-ok-ca.pem

yutaka test certs

2006-09-15 06:07:55 +00:00

yutaka-pad-ok-cert.pem

yutaka test certs

2006-09-15 06:07:55 +00:00

yutaka-pad.key

yutaka test certs

2006-09-15 06:07:55 +00:00