Specification v2.4 with code changes
Changes to the specification include:
* Fixed typos
* Various minor changes for clarity
* Added guidance for asymmetric key derivation
* Updated KDF guidance regarding HKDF extract, and added SP800-108
* Removed omitted CBOR Web Token fields for CBOR certificate; these fields are
now effectively optional
* In X.509 CDI certificates, changed the custom extension to be marked critical
The only code change is to mark the X.509 custom extension critical.
Change-Id: Iceefbd91aef19904454420724b30986e22823a4b
Reviewed-on: https://pigweed-review.googlesource.com/c/open-dice/+/92280
Reviewed-by: Andrew Scull <ascull@google.com>
Commit-Queue: Darren Krahn <dkrahn@google.com>
diff --git a/docs/specification.md b/docs/specification.md
index 5c746f2..bbf82f3 100644
--- a/docs/specification.md
+++ b/docs/specification.md
@@ -9,17 +9,17 @@
The Trusted Computing Group (TCG) specifies
[Hardware Requirements for a Device Identifier Composition Engine](https://trustedcomputinggroup.org/wp-content/uploads/Hardware-Requirements-for-Device-Identifier-Composition-Engine-r78_For-Publication.pdf)
(DICE) which provides the context for this document. We'll call this TCG
-document the _TCG DICE specification_. Concepts like a Unique Device Secret
+document the *TCG DICE specification*. Concepts like a Unique Device Secret
(UDS) and a Compound Device Identifier (CDI) are used as defined in the TCG DICE
specification.
#### A Note on Nomenclature
-This document uses the term _hardware_ to refer to anything that is immutable by
-design after manufacturing. Code in mask ROM, for example, is _hardware_. The
-terms _firmware_, _software_ and _program_ are all interchangeable; they all
-refer to mutable code. Often we say _firmware_ for code that runs early in boot,
-and _program_ for a particular unit of code, but it's really all _software_.
+This document uses the term *hardware* to refer to anything that is immutable by
+design after manufacturing. Code in mask ROM, for example, is *hardware*. The
+terms *firmware*, *software* and *program* are all interchangeable; they all
+refer to mutable code. Often we say *firmware* for code that runs early in boot,
+and *program* for a particular unit of code, but it's really all *software*.
#### DICE Primer
@@ -87,17 +87,18 @@
software, and uses the UDS in the derivation of both the Attestation CDI and
Sealing CDI. Subsequent DICE transitions would use the current CDI values in
place of the UDS to compute the subsequent CDI values. See
-[Layering Details](#layering-details).
+[Layering Details](#layering-details). See the [Cryptography](#cryptography)
+section for details on the primitives referenced in the diagram.
## Use Cases
This design is motivated by two use cases: **attestation** and **sealing**.
-_Attestation_ allows a computing device or program to provide verifiable
+*Attestation* allows a computing device or program to provide verifiable
evidence of its identity and operating state, including hardware identity,
software image, security-relevant configuration, operating environment, etc.
-_Sealing_ allows a computing device or program to encrypt data in such a way
+*Sealing* allows a computing device or program to encrypt data in such a way
that it can only be decrypted by the same device or program operating in the
same state as at the time of encryption.
@@ -131,7 +132,7 @@
authority selection, device mode, boot location, chip status information,
instance identifiers, etc. This value may or may not be a hash of the actual
configuration data. When it is a hash, the original data must also be
- included in certificates. It's ok for this input to be _not stable_, it may
+ included in certificates. It's ok for this input to be *not stable*, it may
change from one boot to the next.
3. **Authority Data (64 bytes)** - This input is computed by hashing a
representation of the verified boot trusted authority. For example, this may
@@ -153,7 +154,7 @@
device makes at runtime. In the sealing use case, this enables data to be
sealed separately under each mode. See
[Mode Value Details](#mode-value-details).
-5. **Hidden Inputs (64 bytes)** - This optional input value is _hidden_ in the
+5. **Hidden Inputs (64 bytes)** - This optional input value is *hidden* in the
sense that it does not appear in any certificate. It is used for both
attestation and sealing CDI derivation so it is expected to be stable; it
should not change under normal operation except when that change is an
@@ -178,12 +179,12 @@
1. **Attestation CDI** - This CDI is derived from the combination of all input
values and will change across software updates or configuration changes.
- This CDI is appropriate for attestation and is _mandatory_ for
+ This CDI is appropriate for attestation and is *mandatory* for
implementations of this profile.
2. **Sealing CDI** - This CDI is derived from only the authority data, mode
decision, and hidden inputs because these are stable. It will reflect this
stability and will remain the same across software updates and some
- configuration changes. This CDI is appropriate for sealing and is _optional_
+ configuration changes. This CDI is appropriate for sealing and is *optional*
for implementations of this profile.
### CDI Certificates
@@ -340,13 +341,19 @@
algorithm. The KDF inputs map exactly to HKDF parameters, by design. This is the
recommended default.
+Per the HKDF
+[specification](https://datatracker.ietf.org/doc/html/rfc5869#section-3.3) the
+extract step can be skipped in some cases, and since all KDFs used in this
+specification use cryptographically strong ikm values, doing so is acceptable
+here.
+
##### DRBG
A
[DRBG](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90Ar1.pdf)
can be used to implement the KDF operation. Depending on the DRBG implementation
-this may require UDS and CDI values larger than 256 bits to provide both _nonce_
-and _entropy_ inputs when instantiating the DRBG. The DRBG should be
+this may require UDS and CDI values larger than 256 bits to provide both *nonce*
+and *entropy* inputs when instantiating the DRBG. The DRBG should be
instantiated with a security strength of 256 bits. The sequence of DRBG
functions {instantiate, generate, uninstantiate}, are used as a KDF operation.
The mapping of inputs is as shown in the following table.
@@ -363,6 +370,12 @@
[OpenTitan Key Manager](https://docs.opentitan.org/hw/ip/keymgr/doc/index.html)
can be used as a KDF. See the OpenTitan documentation for details.
+##### SP800-108
+
+The KDFs described in NIST's
+[SP800-108](https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-108.pdf)
+can be used.
+
#### Digital Signatures
##### Ed25519
@@ -370,10 +383,13 @@
[Ed25519](https://en.wikipedia.org/wiki/EdDSA#Ed25519) is the recommended
default.
+When deriving Ed25519 key pairs, using the output of ASYM_KDF directly as the
+private key is acceptable.
+
##### ECDSA
[ECDSA](https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm)
-can be used instead of Ed25519. When signing the CDI certificate, the random _k_
+can be used instead of Ed25519. When signing the CDI certificate, the random *k*
required by ECDSA may be generated deterministically per
[RFC6979](https://tools.ietf.org/html/rfc6979). One weakness of Ed25519 is that
implementations may be susceptible to error injection
@@ -387,6 +403,13 @@
* P-256
* P-384
+When deriving ECDSA key pairs the output of ASYM_KDF cannot be used directly.
+Following the process described in
+[RFC 6979](https://datatracker.ietf.org/doc/html/rfc6979#section-3.3) is
+recommended. In this process the seed, in this case the output of ASYM_KDF, is
+used to seed an HMAC_DRBG instance and then the private key is generated from
+the DRBG. See the RFC for details.
+
## Layering Details
This DICE profile is designed to be layered. That is, software that receives CDI
@@ -477,7 +500,7 @@
UDS is derived on-chip from internal and external entropy, at least 256 bits
each. Internal entropy may be generated using a
[PUF](https://en.wikipedia.org/wiki/Physical_unclonable_function), or generated
-once using an internal hardware RNG and stored, for example, in OTP memory.
+once using an internal hardware TRNG and stored, for example, in OTP memory.
External entropy is injected once during manufacturing and stored, for example,
in OTP memory. The UDS is derived at runtime on every boot from the combined
entropy. The UDS derivation (i.e. conditioning) from internal and external
@@ -534,7 +557,8 @@
inject to multiple devices
2. [Manufacturing] Run the DICE flow and read the UDS\_Public key
3. [Manufacturing] Retain H(UDS\_Public) in a secure database
-4. [On-Demand] Send UDS\_Public to the CA (no proof-of-possession necessary)
+4. [On-Demand] Send UDS\_Public from the device to the CA (no
+ proof-of-possession necessary)
5. [CA] Check that H(UDS\_Public) is approved by the manufacturer
6. [CA] Issue a certificate for UDS\_Public
@@ -574,14 +598,14 @@
infrastructure may place additional constraints on certificate type, but this
profile does not.
-Regardless of type, UDS and CDI certificates are always semantically _CA
-certificates_ to enable use cases for certifying subsequent DICE
+Regardless of type, UDS and CDI certificates are always semantically *CA
+certificates* to enable use cases for certifying subsequent DICE
[layers](#layering-details) or certifying attestation keys of some kind; the
UDS\_Private and CDI\_Private keys are not intended to be used for any purpose
other than signing certificates. In particular, this means CDI\_Private should
not participate directly in attestation protocols, but should rather certify an
attestation key. If a target software component does not launch additional
-software, the _pathLenConstraint_ field can be set to zero so certification of a
+software, the *pathLenConstraint* field can be set to zero so certification of a
subsequent CDI\_Public is not possible.
When UDS and CDI certificates are standard X.509 certificates, they follow the
@@ -593,10 +617,11 @@
### X.509 UDS Certificates
-The following table describes all standard fields of a UDS certificate's
-tbsCertificate field that this profile requires. Fields omitted are
-implementation dependent, but must not break the ability to chain to a CDI
-Certificate.
+X.509 UDS certificates generally follow
+[RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280). The following table
+describes all standard fields of a UDS certificate's tbsCertificate field that
+this profile requires. Fields omitted are implementation dependent, but must not
+break the ability to chain to a CDI Certificate.
Field | Description
-------------------- | -----------
@@ -615,20 +640,22 @@
### X.509 CDI Certificates
-All standard fields of a CDI certificate and the tbsCertificate field are
-described in the following table. Notably, this certificate can be generated
-deterministically given a CDI\_Public key and the DICE input value details.
+X.509 CDI certificates generally follow
+[RFC 5280](https://datatracker.ietf.org/doc/html/rfc5280). All standard fields
+of a CDI certificate and the tbsCertificate field are described in the following
+table. Notably, this certificate can be generated deterministically given a
+CDI\_Public key and the DICE input value details.
Field | Description
-------------------- | -----------
-signatureAlgorithm | id-Ed25519 per [RFC 8410](https://tools.ietf.org/html/rfc8410)
-signatureValue | 64 byte Ed25519 signature per [RFC 8032](https://tools.ietf.org/html/rfc8032), using UDS\_Private or a previous CDI\_Private as the signing key
+signatureAlgorithm | When using Ed25519, id-Ed25519 per [RFC 8410](https://tools.ietf.org/html/rfc8410)
+signatureValue | When using Ed25519, 64 byte Ed25519 signature per [RFC 8032](https://tools.ietf.org/html/rfc8032), using UDS\_Private or the current CDI\_Private as the signing key
version | v3
serialNumber | CDI\_ID in ASN.1 INTEGER form
-signature | id-Ed25519 per [RFC 8410](https://tools.ietf.org/html/rfc8410)
-issuer | "SERIALNUMBER=\<UDS\_ID\>" where UDS\_ID is hex encoded lower case
-validity | The DICE is not expected to have a reliable source of time when generating a certificate. The validity values are populated as follows: _notBefore_ can be any time known to be in the past; in the absence of a better value, "180322235959Z" can be used which is the date of publication of the [TCG DICE specification](#background), and _notAfter_ is set to the standard value used to indicate no well-known expiry date, "99991231235959Z".
-subject | "SERIALNUMBER=\<CDI\_ID\>" where CDI\_ID is hex encoded lower case
+signature | When using Ed25519, id-Ed25519 per [RFC 8410](https://tools.ietf.org/html/rfc8410)
+issuer | "SERIALNUMBER=\<UDS\_ID\>" where UDS\_ID is hex encoded lower case. When layering, UDS\_ID becomes CDI\_ID of the current layer.
+validity | The DICE is not expected to have a reliable source of time when generating a certificate. The validity values are populated as follows: *notBefore* can be any time known to be in the past; in the absence of a better value, "180322235959Z" can be used which is the date of publication of the [TCG DICE specification](#background), and *notAfter* is set to the standard value used to indicate no well-known expiry date, "99991231235959Z".
+subject | "SERIALNUMBER=\<CDI\_ID\>" where CDI\_ID is hex encoded lower case. When layering this is the CDI\_ID of the next layer.
subjectPublicKeyInfo | When using Ed25519, the info per [RFC 8410](https://tools.ietf.org/html/rfc8410) and [RFC 8032](https://tools.ietf.org/html/rfc8032)
issuerUniqueID | Omitted
subjectUniqueID | Omitted
@@ -648,7 +675,7 @@
Field | Value
--------- | -----
extnID | 1.3.6.1.4.1.11129.2.1.24 (The 1.3.6.1.4.1 is the [enterprise number](https://www.iana.org/assignments/enterprise-numbers/enterprise-numbers), the 11129.2.1 is google.googleSecurity.certificateExtensions, and 24 is diceAttestationData assigned for this profile).
-critical | FALSE
+critical | TRUE
extnValue | A [OpenDiceInput](#custom-extension-format) sequence
#### Custom Extension Format
@@ -699,13 +726,12 @@
A CBOR UDS certificate is a standard signed CWT. The following table lists all
field constraints required by this profile in addition to the standard. The
-certificate is _untagged_, and it must be a _COSE\_Sign1_ message.
+certificate is *untagged*, and it must be a *COSE\_Sign1* message.
Field | Description
----- | -----------
iss | Required: The value is implementation dependent.
sub | Required: The value must be "\<UDS\_ID\>" where UDS\_ID is hex encoded lower case.
-aud | Omitted
#### Additional Fields
@@ -718,10 +744,10 @@
subjectPublicKey | -4670552
keyUsage | -4670553
-The _subjectPublicKey_ field contains the public key associated with the subject
+The *subjectPublicKey* field contains the public key associated with the subject
in the form of a COSE\_Key structure encoded to a CBOR byte string.
-The _keyUsage_ field contains a CBOR byte string the bits of which correspond to
+The *keyUsage* field contains a CBOR byte string the bits of which correspond to
the [X.509 KeyUsage bits](https://tools.ietf.org/html/rfc5280#section-4.2.1.3)
in little-endian byte order (i.e. bit 0 is the low-order bit of the first byte).
For UDS certificates this should have only the keyCertSign bit set.
@@ -729,18 +755,16 @@
### CBOR CDI Certificates
A CBOR CDI certificate is a standard signed CWT with additional fields. The
-certificate is _untagged_, and it must be a _COSE\_Sign1_ message. The following
+certificate is *untagged*, and it must be a *COSE\_Sign1* message. The following
table lists all constraints on standard fields required by this profile.
Field | Description
----- | -----------
-iss | Required: The value must be "\<UDS\_ID\>" where UDS\_ID is hex encoded lower case.
-sub | Required: The value must be "\<CDI\_ID\>" where CDI\_ID is hex encoded lower case.
-aud | Omitted
-exp | Omitted
+iss | Required: The value must be "\<UDS\_ID\>" where UDS\_ID is hex encoded lower case. When layering, UDS\_ID becomes CDI\_ID of the current layer.
+sub | Required: The value must be "\<CDI\_ID\>" where CDI\_ID is hex encoded lower case. When layering this is the CDI\_ID of the next layer.
+exp | Omitted when a reliable time source is not available
nbf | Omitted when a reliable time source is not available
iat | Omitted when a reliable time source is not available
-cti | Omitted
#### Additional Fields
@@ -760,17 +784,17 @@
subjectPublicKey | -4670552
keyUsage | -4670553
-The _subjectPublicKey_ field contains the public key associated with the subject
+The *subjectPublicKey* field contains the public key associated with the subject
in the form of a COSE\_Key structure encoded to a CBOR byte string.
-The _keyUsage_ field contains a CBOR byte string the bits of which correspond to
+The *keyUsage* field contains a CBOR byte string the bits of which correspond to
the [X.509 KeyUsage bits](https://tools.ietf.org/html/rfc5280#section-4.2.1.3)
in little-endian byte order (i.e. bit 0 is the low-order bit of the first byte).
For CDI certificates this should have only the keyCertSign bit set.
All other fields have identical semantics to their counterparts in the
[X.509 custom extension](#custom-extension-format). The encoding for each is a
-CBOR byte string including _mode_ which is a CBOR byte string holding a single
+CBOR byte string including *mode* which is a CBOR byte string holding a single
byte (the advantage to using a byte string here is a consistent encoding size
regardless of the value of mode).
@@ -789,7 +813,7 @@
cover both the hardware and the firmware implementing this profile.
However, this only works if the firmware that implements this profile is
-unmodified during normal operation. It becomes a _ROM extension_ in the sense
+unmodified during normal operation. It becomes a *ROM extension* in the sense
that if it is modified, the firmware CDI changes, and the certificate chain
provisioned for the device is no longer valid. In an ARM Trusted Firmware
architecture, it would likely be BL2 firmware that implements this profile.
@@ -826,7 +850,7 @@
implementations as long as (1) A UDS can be made available by some means early
in boot, and (2) that UDS can be made subsequently unavailable until the next
boot. These implementations meet the requirements of the TCG DICE specification
-as an _updatable DICE_ per section 6.2.
+as an *updatable DICE* per section 6.2.
# Appendix B: Hardware Implementation Checklist
@@ -835,7 +859,7 @@
intended to add any additional requirements or constraints.
1. Provide a UDS capability as required by this profile and the TCG DICE
- specification. Usually this _cannot_ be implemented in mask ROM but requires
+ specification. Usually this *cannot* be implemented in mask ROM but requires
additional hardware capabilities. See [UDS Details](#uds-details).
1. Reserve on the order of 8KB of mask ROM for DICE, not including crypto
primitives. The rest of this list can usually be implemented entirely in
@@ -906,8 +930,8 @@
* Destroy any copy of the V-KDF seed, so it's only available to the V-KDF
* Run the DICE flow as usual
-Note that the V-KDF seed is derived from the _current_ sealing CDI; this value
-is _not_ passed to target code but is locked / destroyed as part of the DICE
+Note that the V-KDF seed is derived from the *current* sealing CDI; this value
+is *not* passed to target code but is locked / destroyed as part of the DICE
flow. As a result the target code can only generate versioned keys as seeded by
the previous layer.
diff --git a/images/architecture.png b/images/architecture.png
index b9a66f5..7b13787 100644
--- a/images/architecture.png
+++ b/images/architecture.png
Binary files differ
diff --git a/include/dice/known_test_values.h b/include/dice/known_test_values.h
index 90c565a..7391fe6 100644
--- a/include/dice/known_test_values.h
+++ b/include/dice/known_test_values.h
@@ -62,7 +62,7 @@
// Certificate Sign
// X509v3 Basic Constraints: critical
// CA:TRUE
-// 1.3.6.1.4.1.11129.2.1.24:
+// 1.3.6.1.4.1.11129.2.1.24: critical
// 0:d=0 hl=3 l= 209 cons: SEQUENCE
// 3:d=1 hl=2 l= 66 cons: cont [ 0 ]
// 5:d=2 hl=2 l= 64 prim: OCTET STRING
@@ -86,12 +86,12 @@
// 209:d=2 hl=2 l= 1 prim: ENUMERATED :00
//
// Signature Algorithm: ED25519
-// ba:e1:ef:9f:c5:b6:88:be:4a:67:22:b4:47:44:50:25:b6:37:
-// 68:8b:1a:29:27:9e:46:c6:d0:68:d8:6d:19:ed:50:55:ca:24:
-// 41:71:a5:b5:37:0d:60:2b:85:08:f9:38:6c:95:c6:77:33:11:
-// a2:28:a5:49:5b:87:05:e4:e8:0d
-constexpr uint8_t kExpectedX509Ed25519Cert_ZeroInput[635] = {
- 0x30, 0x82, 0x02, 0x77, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01,
+// 70:23:a8:a3:78:fe:5f:8c:8d:83:49:95:ff:ee:e6:12:39:9c:
+// 4d:a0:49:f6:4b:4f:f7:02:1e:9f:97:0c:bd:3b:7f:94:78:26:
+// 09:fe:f2:91:7c:a4:dd:90:07:cc:95:a8:bc:4a:f4:84:69:ec:
+// 24:a4:9e:b7:01:0e:81:3a:a3:0a
+constexpr uint8_t kExpectedX509Ed25519Cert_ZeroInput[638] = {
+ 0x30, 0x82, 0x02, 0x7a, 0x30, 0x82, 0x02, 0x2c, 0xa0, 0x03, 0x02, 0x01,
0x02, 0x02, 0x14, 0x67, 0xc2, 0x2a, 0x88, 0x59, 0x06, 0x2b, 0x98, 0x68,
0x18, 0xe8, 0xe7, 0x2b, 0x0b, 0xcd, 0x9f, 0x59, 0x34, 0x9c, 0x89, 0x30,
0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x30, 0x33, 0x31, 0x31, 0x30, 0x2f,
@@ -110,7 +110,7 @@
0x21, 0x00, 0x0d, 0x14, 0xe5, 0xde, 0x29, 0x2e, 0xb1, 0xc8, 0xb3, 0x1b,
0xea, 0xe4, 0x3a, 0xb5, 0x5d, 0x8e, 0x9d, 0xc0, 0x14, 0xb7, 0x3e, 0xaa,
0x83, 0xb9, 0x25, 0xa0, 0x78, 0x8c, 0xc6, 0x2e, 0x5c, 0x8d, 0xa3, 0x82,
- 0x01, 0x4b, 0x30, 0x82, 0x01, 0x47, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d,
+ 0x01, 0x4e, 0x30, 0x82, 0x01, 0x4a, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d,
0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x7a, 0x06, 0xee, 0xe4, 0x1b,
0x78, 0x9f, 0x48, 0x63, 0xd8, 0x6b, 0x87, 0x78, 0xb1, 0xa2, 0x01, 0xa6,
0xfe, 0xdd, 0x56, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16,
@@ -118,32 +118,33 @@
0xe8, 0xe7, 0x2b, 0x0b, 0xcd, 0x9f, 0x59, 0x34, 0x9c, 0x89, 0x30, 0x0e,
0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02,
0x02, 0x04, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff,
- 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x81, 0xe3, 0x06, 0x0a,
- 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x01, 0x18, 0x04, 0x81,
- 0xd4, 0x30, 0x81, 0xd1, 0xa0, 0x42, 0x04, 0x40, 0x00, 0x00, 0x00, 0x00,
+ 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x81, 0xe6, 0x06, 0x0a,
+ 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x01, 0x18, 0x01, 0x01,
+ 0xff, 0x04, 0x81, 0xd4, 0x30, 0x81, 0xd1, 0xa0, 0x42, 0x04, 0x40, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0xa3, 0x42, 0x04, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0xa3, 0x42, 0x04, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xa4, 0x42, 0x04, 0x40,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xa4,
+ 0x42, 0x04, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0xa6, 0x03, 0x0a, 0x01, 0x00, 0x30, 0x05, 0x06,
- 0x03, 0x2b, 0x65, 0x70, 0x03, 0x41, 0x00, 0xba, 0xe1, 0xef, 0x9f, 0xc5,
- 0xb6, 0x88, 0xbe, 0x4a, 0x67, 0x22, 0xb4, 0x47, 0x44, 0x50, 0x25, 0xb6,
- 0x37, 0x68, 0x8b, 0x1a, 0x29, 0x27, 0x9e, 0x46, 0xc6, 0xd0, 0x68, 0xd8,
- 0x6d, 0x19, 0xed, 0x50, 0x55, 0xca, 0x24, 0x41, 0x71, 0xa5, 0xb5, 0x37,
- 0x0d, 0x60, 0x2b, 0x85, 0x08, 0xf9, 0x38, 0x6c, 0x95, 0xc6, 0x77, 0x33,
- 0x11, 0xa2, 0x28, 0xa5, 0x49, 0x5b, 0x87, 0x05, 0xe4, 0xe8, 0x0d};
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xa6, 0x03, 0x0a, 0x01, 0x00,
+ 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x41, 0x00, 0x70, 0x23,
+ 0xa8, 0xa3, 0x78, 0xfe, 0x5f, 0x8c, 0x8d, 0x83, 0x49, 0x95, 0xff, 0xee,
+ 0xe6, 0x12, 0x39, 0x9c, 0x4d, 0xa0, 0x49, 0xf6, 0x4b, 0x4f, 0xf7, 0x02,
+ 0x1e, 0x9f, 0x97, 0x0c, 0xbd, 0x3b, 0x7f, 0x94, 0x78, 0x26, 0x09, 0xfe,
+ 0xf2, 0x91, 0x7c, 0xa4, 0xdd, 0x90, 0x07, 0xcc, 0x95, 0xa8, 0xbc, 0x4a,
+ 0xf4, 0x84, 0x69, 0xec, 0x24, 0xa4, 0x9e, 0xb7, 0x01, 0x0e, 0x81, 0x3a,
+ 0xa3, 0x0a};
// $ openssl x509 -inform DER -noout -text -certopt ext_parse
// Certificate:
@@ -178,7 +179,7 @@
// Certificate Sign
// X509v3 Basic Constraints: critical
// CA:TRUE
-// 1.3.6.1.4.1.11129.2.1.24:
+// 1.3.6.1.4.1.11129.2.1.24: critical
// 0:d=0 hl=3 l= 209 cons: SEQUENCE
// 3:d=1 hl=2 l= 66 cons: cont [ 0 ]
// 5:d=2 hl=2 l= 64 prim: OCTET STRING
@@ -202,12 +203,12 @@
// 209:d=2 hl=2 l= 1 prim: ENUMERATED :00
//
// Signature Algorithm: ecdsa-with-SHA512
-// 30:46:02:21:00:b9:97:04:aa:8f:7f:65:d6:da:7c:3b:35:d8:
-// 6c:1f:93:c9:e2:ae:48:69:dd:0d:82:b9:0a:e1:f4:42:02:35:
-// b0:02:21:00:9b:a9:cf:3c:5f:2b:88:fd:4f:e6:97:2b:b4:c8:
-// 6b:28:91:75:c0:49:17:48:df:47:2f:80:fa:8c:5d:3f:a9:82
-constexpr uint8_t kExpectedX509P256Cert_ZeroInput[704] = {
- 0x30, 0x82, 0x02, 0xbc, 0x30, 0x82, 0x02, 0x5f, 0xa0, 0x03, 0x02, 0x01,
+// 30:44:02:20:5c:20:d4:32:af:59:4b:44:fc:49:e5:d4:5d:b6:
+// fe:9c:ac:55:02:74:8b:66:c8:8c:f5:9a:70:8a:97:3c:bc:e0:
+// 02:20:66:83:d1:78:8c:75:44:83:90:c7:1e:d7:4c:98:1f:10:
+// 7f:14:6a:45:c0:1c:48:99:ce:6e:8f:6d:d3:dc:f3:93
+constexpr uint8_t kExpectedX509P256Cert_ZeroInput[705] = {
+ 0x30, 0x82, 0x02, 0xbd, 0x30, 0x82, 0x02, 0x62, 0xa0, 0x03, 0x02, 0x01,
0x02, 0x02, 0x14, 0x7c, 0x7d, 0xc0, 0xa3, 0xc1, 0xe7, 0x8d, 0x4e, 0x68,
0xbc, 0xc1, 0xa2, 0x32, 0x9e, 0xf9, 0x1c, 0xa8, 0x12, 0x44, 0x91, 0x30,
0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04, 0x05,
@@ -230,7 +231,7 @@
0x06, 0x02, 0xae, 0xc2, 0x69, 0x54, 0x1c, 0x6b, 0xe7, 0xeb, 0x40, 0x19,
0xab, 0x55, 0xc6, 0x6b, 0xc8, 0x8b, 0xb8, 0xb4, 0x69, 0xad, 0x7e, 0xe8,
0x58, 0x9e, 0x07, 0xd2, 0xf8, 0xbc, 0x88, 0x8e, 0xb3, 0x11, 0xc2, 0xdf,
- 0x97, 0x3b, 0x1b, 0x4a, 0xa3, 0x82, 0x01, 0x4b, 0x30, 0x82, 0x01, 0x47,
+ 0x97, 0x3b, 0x1b, 0x4a, 0xa3, 0x82, 0x01, 0x4e, 0x30, 0x82, 0x01, 0x4a,
0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80,
0x14, 0x4c, 0x51, 0x4d, 0x88, 0xdb, 0x0f, 0x81, 0xd5, 0x7b, 0xeb, 0x96,
0x17, 0x7e, 0x3d, 0x7e, 0xa4, 0xaa, 0x58, 0x1e, 0x66, 0x30, 0x1d, 0x06,
@@ -239,33 +240,33 @@
0xa8, 0x12, 0x44, 0x91, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01,
0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x04, 0x30, 0x0f, 0x06, 0x03,
0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01,
- 0xff, 0x30, 0x81, 0xe3, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6,
- 0x79, 0x02, 0x01, 0x18, 0x04, 0x81, 0xd4, 0x30, 0x81, 0xd1, 0xa0, 0x42,
- 0x04, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xff, 0x30, 0x81, 0xe6, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6,
+ 0x79, 0x02, 0x01, 0x18, 0x01, 0x01, 0xff, 0x04, 0x81, 0xd4, 0x30, 0x81,
+ 0xd1, 0xa0, 0x42, 0x04, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xa3, 0x42, 0x04, 0x40, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xa3, 0x42, 0x04,
+ 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0xa4, 0x42, 0x04, 0x40, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0xa4, 0x42, 0x04, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xa6, 0x03,
- 0x0a, 0x01, 0x00, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
- 0x04, 0x03, 0x04, 0x05, 0x00, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21,
- 0x00, 0xb9, 0x97, 0x04, 0xaa, 0x8f, 0x7f, 0x65, 0xd6, 0xda, 0x7c, 0x3b,
- 0x35, 0xd8, 0x6c, 0x1f, 0x93, 0xc9, 0xe2, 0xae, 0x48, 0x69, 0xdd, 0x0d,
- 0x82, 0xb9, 0x0a, 0xe1, 0xf4, 0x42, 0x02, 0x35, 0xb0, 0x02, 0x21, 0x00,
- 0x9b, 0xa9, 0xcf, 0x3c, 0x5f, 0x2b, 0x88, 0xfd, 0x4f, 0xe6, 0x97, 0x2b,
- 0xb4, 0xc8, 0x6b, 0x28, 0x91, 0x75, 0xc0, 0x49, 0x17, 0x48, 0xdf, 0x47,
- 0x2f, 0x80, 0xfa, 0x8c, 0x5d, 0x3f, 0xa9, 0x82};
+ 0x00, 0xa6, 0x03, 0x0a, 0x01, 0x00, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86,
+ 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04, 0x05, 0x00, 0x03, 0x47, 0x00, 0x30,
+ 0x44, 0x02, 0x20, 0x5c, 0x20, 0xd4, 0x32, 0xaf, 0x59, 0x4b, 0x44, 0xfc,
+ 0x49, 0xe5, 0xd4, 0x5d, 0xb6, 0xfe, 0x9c, 0xac, 0x55, 0x02, 0x74, 0x8b,
+ 0x66, 0xc8, 0x8c, 0xf5, 0x9a, 0x70, 0x8a, 0x97, 0x3c, 0xbc, 0xe0, 0x02,
+ 0x20, 0x66, 0x83, 0xd1, 0x78, 0x8c, 0x75, 0x44, 0x83, 0x90, 0xc7, 0x1e,
+ 0xd7, 0x4c, 0x98, 0x1f, 0x10, 0x7f, 0x14, 0x6a, 0x45, 0xc0, 0x1c, 0x48,
+ 0x99, 0xce, 0x6e, 0x8f, 0x6d, 0xd3, 0xdc, 0xf3, 0x93};
constexpr uint8_t kExpectedCborEd25519Cert_ZeroInput[441] = {
0x84, 0x43, 0xa1, 0x01, 0x27, 0xa0, 0x59, 0x01, 0x6e, 0xa8, 0x01, 0x78,
@@ -347,7 +348,7 @@
// Certificate Sign
// X509v3 Basic Constraints: critical
// CA:TRUE
-// 1.3.6.1.4.1.11129.2.1.24:
+// 1.3.6.1.4.1.11129.2.1.24: critical
// 0:d=0 hl=3 l= 209 cons: SEQUENCE
// 3:d=1 hl=2 l= 66 cons: cont [ 0 ]
// 5:d=2 hl=2 l= 64 prim: OCTET STRING
@@ -371,12 +372,12 @@
// 209:d=2 hl=2 l= 1 prim: ENUMERATED :00
//
// Signature Algorithm: ED25519
-// 2d:26:2d:e5:ad:8f:4a:d2:78:e3:38:fe:bc:4f:60:67:d8:c3:
-// 20:4b:f1:19:e1:e7:48:c5:9f:51:01:57:62:f1:0d:75:d2:6d:
-// d0:1b:0b:a4:32:f6:55:5a:55:b0:86:c0:e9:f9:6a:35:7c:5e:
-// 40:68:5f:05:ef:f6:52:a7:4c:05
-constexpr uint8_t kExpectedX509Ed25519Cert_HashOnlyInput[635] = {
- 0x30, 0x82, 0x02, 0x77, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01,
+// 27:68:51:a1:be:41:b7:90:03:8d:ce:ce:9c:35:9c:69:ff:f7:
+// 7c:14:fb:8d:59:06:71:cf:39:d8:c9:8e:95:79:70:f2:8f:89:
+// af:4d:92:a7:40:c8:fb:85:2a:7c:21:3d:09:8a:d4:f2:25:96:
+// cd:f6:29:06:73:98:db:70:74:08
+constexpr uint8_t kExpectedX509Ed25519Cert_HashOnlyInput[638] = {
+ 0x30, 0x82, 0x02, 0x7a, 0x30, 0x82, 0x02, 0x2c, 0xa0, 0x03, 0x02, 0x01,
0x02, 0x02, 0x14, 0x0d, 0x04, 0x0e, 0x2f, 0x46, 0x00, 0x52, 0xa5, 0x31,
0x1c, 0x1b, 0x91, 0xdb, 0xf9, 0xb4, 0x40, 0x83, 0x32, 0xec, 0x29, 0x30,
0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x30, 0x33, 0x31, 0x31, 0x30, 0x2f,
@@ -395,7 +396,7 @@
0x21, 0x00, 0x5a, 0x39, 0x49, 0x67, 0x8c, 0xd3, 0x0e, 0x88, 0xab, 0x1c,
0xdd, 0xf7, 0x15, 0x55, 0xd5, 0xbf, 0xd3, 0xf0, 0xb8, 0x47, 0x25, 0xa9,
0x58, 0xe1, 0xb9, 0xda, 0x4e, 0xb5, 0xf1, 0x38, 0x9a, 0x5a, 0xa3, 0x82,
- 0x01, 0x4b, 0x30, 0x82, 0x01, 0x47, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d,
+ 0x01, 0x4e, 0x30, 0x82, 0x01, 0x4a, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d,
0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x47, 0x57, 0x08, 0xeb, 0x3b,
0x42, 0x6f, 0x38, 0x6c, 0xfc, 0xe8, 0xf3, 0xba, 0xf5, 0x43, 0x90, 0x46,
0x27, 0x8d, 0xfa, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16,
@@ -403,32 +404,33 @@
0x1b, 0x91, 0xdb, 0xf9, 0xb4, 0x40, 0x83, 0x32, 0xec, 0x29, 0x30, 0x0e,
0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02,
0x02, 0x04, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff,
- 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x81, 0xe3, 0x06, 0x0a,
- 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x01, 0x18, 0x04, 0x81,
- 0xd4, 0x30, 0x81, 0xd1, 0xa0, 0x42, 0x04, 0x40, 0xb7, 0xd4, 0x0c, 0xcb,
- 0x22, 0x5b, 0xa5, 0x78, 0x8f, 0x98, 0xff, 0x9e, 0x86, 0x93, 0x75, 0xf6,
- 0x90, 0xac, 0x50, 0xcf, 0x9e, 0xbd, 0x0a, 0xfe, 0xb1, 0xd9, 0xc2, 0x4e,
- 0x52, 0x19, 0xe4, 0xde, 0x29, 0xe5, 0x61, 0xf3, 0xf9, 0x29, 0xe8, 0x40,
- 0x87, 0x7a, 0xdd, 0x17, 0x48, 0x05, 0x89, 0x7e, 0x2b, 0xcb, 0x54, 0x79,
- 0xcc, 0x66, 0xf1, 0xb3, 0x13, 0x29, 0x0c, 0x68, 0x96, 0xb2, 0xbb, 0x8f,
- 0xa3, 0x42, 0x04, 0x40, 0xcf, 0x99, 0x7b, 0xea, 0x2e, 0x2c, 0x86, 0xa0,
- 0x7b, 0x52, 0x09, 0xc8, 0xb5, 0x3c, 0x41, 0x12, 0x29, 0x28, 0x1a, 0x82,
- 0x0d, 0x49, 0x9c, 0x95, 0xcb, 0x0b, 0x1b, 0x31, 0x1a, 0x01, 0x9c, 0xf2,
- 0x66, 0x1a, 0xd9, 0xb5, 0xce, 0x52, 0x59, 0xcb, 0xf4, 0x81, 0x9b, 0x21,
- 0xaf, 0x32, 0x5d, 0x07, 0xa0, 0x1e, 0x91, 0x59, 0x6f, 0x06, 0x55, 0x10,
- 0x8e, 0x2e, 0x08, 0x88, 0x52, 0x28, 0x86, 0x7f, 0xa4, 0x42, 0x04, 0x40,
- 0x22, 0x52, 0x60, 0x17, 0xef, 0x2c, 0xa1, 0xf6, 0xcb, 0xed, 0x39, 0xd5,
- 0xe2, 0xaa, 0x65, 0x20, 0xfb, 0xad, 0x82, 0x93, 0xe5, 0x78, 0x23, 0x22,
- 0x97, 0xc1, 0x6e, 0x6a, 0x4e, 0x36, 0xd7, 0x6a, 0x61, 0x39, 0x08, 0x21,
- 0xd4, 0xfe, 0x92, 0x5f, 0x36, 0x2d, 0xeb, 0x5d, 0xbb, 0x32, 0x8b, 0xe3,
- 0x94, 0x4f, 0xbe, 0x1b, 0x21, 0xf9, 0xcc, 0x23, 0x73, 0x41, 0xb6, 0xb9,
- 0xb6, 0x98, 0xd0, 0xbc, 0xa6, 0x03, 0x0a, 0x01, 0x00, 0x30, 0x05, 0x06,
- 0x03, 0x2b, 0x65, 0x70, 0x03, 0x41, 0x00, 0x2d, 0x26, 0x2d, 0xe5, 0xad,
- 0x8f, 0x4a, 0xd2, 0x78, 0xe3, 0x38, 0xfe, 0xbc, 0x4f, 0x60, 0x67, 0xd8,
- 0xc3, 0x20, 0x4b, 0xf1, 0x19, 0xe1, 0xe7, 0x48, 0xc5, 0x9f, 0x51, 0x01,
- 0x57, 0x62, 0xf1, 0x0d, 0x75, 0xd2, 0x6d, 0xd0, 0x1b, 0x0b, 0xa4, 0x32,
- 0xf6, 0x55, 0x5a, 0x55, 0xb0, 0x86, 0xc0, 0xe9, 0xf9, 0x6a, 0x35, 0x7c,
- 0x5e, 0x40, 0x68, 0x5f, 0x05, 0xef, 0xf6, 0x52, 0xa7, 0x4c, 0x05};
+ 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x81, 0xe6, 0x06, 0x0a,
+ 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x01, 0x18, 0x01, 0x01,
+ 0xff, 0x04, 0x81, 0xd4, 0x30, 0x81, 0xd1, 0xa0, 0x42, 0x04, 0x40, 0xb7,
+ 0xd4, 0x0c, 0xcb, 0x22, 0x5b, 0xa5, 0x78, 0x8f, 0x98, 0xff, 0x9e, 0x86,
+ 0x93, 0x75, 0xf6, 0x90, 0xac, 0x50, 0xcf, 0x9e, 0xbd, 0x0a, 0xfe, 0xb1,
+ 0xd9, 0xc2, 0x4e, 0x52, 0x19, 0xe4, 0xde, 0x29, 0xe5, 0x61, 0xf3, 0xf9,
+ 0x29, 0xe8, 0x40, 0x87, 0x7a, 0xdd, 0x17, 0x48, 0x05, 0x89, 0x7e, 0x2b,
+ 0xcb, 0x54, 0x79, 0xcc, 0x66, 0xf1, 0xb3, 0x13, 0x29, 0x0c, 0x68, 0x96,
+ 0xb2, 0xbb, 0x8f, 0xa3, 0x42, 0x04, 0x40, 0xcf, 0x99, 0x7b, 0xea, 0x2e,
+ 0x2c, 0x86, 0xa0, 0x7b, 0x52, 0x09, 0xc8, 0xb5, 0x3c, 0x41, 0x12, 0x29,
+ 0x28, 0x1a, 0x82, 0x0d, 0x49, 0x9c, 0x95, 0xcb, 0x0b, 0x1b, 0x31, 0x1a,
+ 0x01, 0x9c, 0xf2, 0x66, 0x1a, 0xd9, 0xb5, 0xce, 0x52, 0x59, 0xcb, 0xf4,
+ 0x81, 0x9b, 0x21, 0xaf, 0x32, 0x5d, 0x07, 0xa0, 0x1e, 0x91, 0x59, 0x6f,
+ 0x06, 0x55, 0x10, 0x8e, 0x2e, 0x08, 0x88, 0x52, 0x28, 0x86, 0x7f, 0xa4,
+ 0x42, 0x04, 0x40, 0x22, 0x52, 0x60, 0x17, 0xef, 0x2c, 0xa1, 0xf6, 0xcb,
+ 0xed, 0x39, 0xd5, 0xe2, 0xaa, 0x65, 0x20, 0xfb, 0xad, 0x82, 0x93, 0xe5,
+ 0x78, 0x23, 0x22, 0x97, 0xc1, 0x6e, 0x6a, 0x4e, 0x36, 0xd7, 0x6a, 0x61,
+ 0x39, 0x08, 0x21, 0xd4, 0xfe, 0x92, 0x5f, 0x36, 0x2d, 0xeb, 0x5d, 0xbb,
+ 0x32, 0x8b, 0xe3, 0x94, 0x4f, 0xbe, 0x1b, 0x21, 0xf9, 0xcc, 0x23, 0x73,
+ 0x41, 0xb6, 0xb9, 0xb6, 0x98, 0xd0, 0xbc, 0xa6, 0x03, 0x0a, 0x01, 0x00,
+ 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x41, 0x00, 0x27, 0x68,
+ 0x51, 0xa1, 0xbe, 0x41, 0xb7, 0x90, 0x03, 0x8d, 0xce, 0xce, 0x9c, 0x35,
+ 0x9c, 0x69, 0xff, 0xf7, 0x7c, 0x14, 0xfb, 0x8d, 0x59, 0x06, 0x71, 0xcf,
+ 0x39, 0xd8, 0xc9, 0x8e, 0x95, 0x79, 0x70, 0xf2, 0x8f, 0x89, 0xaf, 0x4d,
+ 0x92, 0xa7, 0x40, 0xc8, 0xfb, 0x85, 0x2a, 0x7c, 0x21, 0x3d, 0x09, 0x8a,
+ 0xd4, 0xf2, 0x25, 0x96, 0xcd, 0xf6, 0x29, 0x06, 0x73, 0x98, 0xdb, 0x70,
+ 0x74, 0x08};
// $ openssl x509 -inform DER -noout -text -certopt ext_parse
// Certificate:
@@ -463,7 +465,7 @@
// Certificate Sign
// X509v3 Basic Constraints: critical
// CA:TRUE
-// 1.3.6.1.4.1.11129.2.1.24:
+// 1.3.6.1.4.1.11129.2.1.24: critical
// 0:d=0 hl=3 l= 209 cons: SEQUENCE
// 3:d=1 hl=2 l= 66 cons: cont [ 0 ]
// 5:d=2 hl=2 l= 64 prim: OCTET STRING
@@ -487,12 +489,12 @@
// 209:d=2 hl=2 l= 1 prim: ENUMERATED :00
//
// Signature Algorithm: ecdsa-with-SHA512
-// 30:45:02:21:00:a8:1f:9a:1c:bd:6e:f7:a1:6c:4c:a8:98:b3:
-// c9:c7:48:8b:2a:aa:29:37:35:83:8a:e3:64:2b:f2:e2:e2:a1:
-// 44:02:20:5e:80:29:7c:a9:7e:8c:44:3d:01:f7:ea:bd:8a:1f:
-// eb:e8:f6:92:43:03:16:e6:a9:5d:e7:26:42:f4:9b:6e:54
-constexpr uint8_t kExpectedX509P256Cert_HashOnlyInput[703] = {
- 0x30, 0x82, 0x02, 0xbb, 0x30, 0x82, 0x02, 0x5f, 0xa0, 0x03, 0x02, 0x01,
+// 30:46:02:21:00:d0:ff:60:84:d4:74:47:eb:f4:29:86:c5:2a:
+// 12:01:f9:7e:5b:ab:fd:fe:d3:11:75:bc:26:63:71:57:2b:b1:
+// c8:02:21:00:e0:16:72:65:b0:4a:92:ca:c6:c9:e2:0f:50:f0:
+// 1c:70:01:64:a7:8d:7d:51:e9:59:fe:e6:7f:31:28:30:04:04
+constexpr uint8_t kExpectedX509P256Cert_HashOnlyInput[707] = {
+ 0x30, 0x82, 0x02, 0xbf, 0x30, 0x82, 0x02, 0x62, 0xa0, 0x03, 0x02, 0x01,
0x02, 0x02, 0x14, 0x68, 0x49, 0x58, 0xd9, 0xae, 0xa7, 0x2e, 0xbf, 0x7c,
0x06, 0xaf, 0x20, 0x03, 0xb6, 0x44, 0x47, 0x82, 0x4a, 0x62, 0x71, 0x30,
0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04, 0x05,
@@ -515,7 +517,7 @@
0xfb, 0x6d, 0x57, 0x18, 0xfc, 0x8f, 0x6f, 0x0b, 0x09, 0x1a, 0x19, 0xea,
0x10, 0x7e, 0xa9, 0x38, 0xf4, 0x45, 0x33, 0xc1, 0x66, 0x5b, 0xbc, 0xfc,
0x0a, 0x6e, 0x98, 0x99, 0x72, 0x88, 0xc1, 0xad, 0x0e, 0x15, 0xc2, 0x85,
- 0x77, 0x75, 0x00, 0x0b, 0xa3, 0x82, 0x01, 0x4b, 0x30, 0x82, 0x01, 0x47,
+ 0x77, 0x75, 0x00, 0x0b, 0xa3, 0x82, 0x01, 0x4e, 0x30, 0x82, 0x01, 0x4a,
0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80,
0x14, 0x1b, 0xe5, 0x68, 0x79, 0x33, 0xdb, 0x3d, 0x9c, 0xd5, 0xfc, 0xa7,
0x29, 0xe8, 0x1d, 0x66, 0x85, 0x46, 0x5a, 0x7b, 0xf1, 0x30, 0x1d, 0x06,
@@ -524,33 +526,33 @@
0x82, 0x4a, 0x62, 0x71, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01,
0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x04, 0x30, 0x0f, 0x06, 0x03,
0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01,
- 0xff, 0x30, 0x81, 0xe3, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6,
- 0x79, 0x02, 0x01, 0x18, 0x04, 0x81, 0xd4, 0x30, 0x81, 0xd1, 0xa0, 0x42,
- 0x04, 0x40, 0xb7, 0xd4, 0x0c, 0xcb, 0x22, 0x5b, 0xa5, 0x78, 0x8f, 0x98,
- 0xff, 0x9e, 0x86, 0x93, 0x75, 0xf6, 0x90, 0xac, 0x50, 0xcf, 0x9e, 0xbd,
- 0x0a, 0xfe, 0xb1, 0xd9, 0xc2, 0x4e, 0x52, 0x19, 0xe4, 0xde, 0x29, 0xe5,
- 0x61, 0xf3, 0xf9, 0x29, 0xe8, 0x40, 0x87, 0x7a, 0xdd, 0x17, 0x48, 0x05,
- 0x89, 0x7e, 0x2b, 0xcb, 0x54, 0x79, 0xcc, 0x66, 0xf1, 0xb3, 0x13, 0x29,
- 0x0c, 0x68, 0x96, 0xb2, 0xbb, 0x8f, 0xa3, 0x42, 0x04, 0x40, 0xcf, 0x99,
- 0x7b, 0xea, 0x2e, 0x2c, 0x86, 0xa0, 0x7b, 0x52, 0x09, 0xc8, 0xb5, 0x3c,
- 0x41, 0x12, 0x29, 0x28, 0x1a, 0x82, 0x0d, 0x49, 0x9c, 0x95, 0xcb, 0x0b,
- 0x1b, 0x31, 0x1a, 0x01, 0x9c, 0xf2, 0x66, 0x1a, 0xd9, 0xb5, 0xce, 0x52,
- 0x59, 0xcb, 0xf4, 0x81, 0x9b, 0x21, 0xaf, 0x32, 0x5d, 0x07, 0xa0, 0x1e,
- 0x91, 0x59, 0x6f, 0x06, 0x55, 0x10, 0x8e, 0x2e, 0x08, 0x88, 0x52, 0x28,
- 0x86, 0x7f, 0xa4, 0x42, 0x04, 0x40, 0x22, 0x52, 0x60, 0x17, 0xef, 0x2c,
- 0xa1, 0xf6, 0xcb, 0xed, 0x39, 0xd5, 0xe2, 0xaa, 0x65, 0x20, 0xfb, 0xad,
- 0x82, 0x93, 0xe5, 0x78, 0x23, 0x22, 0x97, 0xc1, 0x6e, 0x6a, 0x4e, 0x36,
- 0xd7, 0x6a, 0x61, 0x39, 0x08, 0x21, 0xd4, 0xfe, 0x92, 0x5f, 0x36, 0x2d,
- 0xeb, 0x5d, 0xbb, 0x32, 0x8b, 0xe3, 0x94, 0x4f, 0xbe, 0x1b, 0x21, 0xf9,
- 0xcc, 0x23, 0x73, 0x41, 0xb6, 0xb9, 0xb6, 0x98, 0xd0, 0xbc, 0xa6, 0x03,
- 0x0a, 0x01, 0x00, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
- 0x04, 0x03, 0x04, 0x05, 0x00, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x21,
- 0x00, 0xa8, 0x1f, 0x9a, 0x1c, 0xbd, 0x6e, 0xf7, 0xa1, 0x6c, 0x4c, 0xa8,
- 0x98, 0xb3, 0xc9, 0xc7, 0x48, 0x8b, 0x2a, 0xaa, 0x29, 0x37, 0x35, 0x83,
- 0x8a, 0xe3, 0x64, 0x2b, 0xf2, 0xe2, 0xe2, 0xa1, 0x44, 0x02, 0x20, 0x5e,
- 0x80, 0x29, 0x7c, 0xa9, 0x7e, 0x8c, 0x44, 0x3d, 0x01, 0xf7, 0xea, 0xbd,
- 0x8a, 0x1f, 0xeb, 0xe8, 0xf6, 0x92, 0x43, 0x03, 0x16, 0xe6, 0xa9, 0x5d,
- 0xe7, 0x26, 0x42, 0xf4, 0x9b, 0x6e, 0x54};
+ 0xff, 0x30, 0x81, 0xe6, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6,
+ 0x79, 0x02, 0x01, 0x18, 0x01, 0x01, 0xff, 0x04, 0x81, 0xd4, 0x30, 0x81,
+ 0xd1, 0xa0, 0x42, 0x04, 0x40, 0xb7, 0xd4, 0x0c, 0xcb, 0x22, 0x5b, 0xa5,
+ 0x78, 0x8f, 0x98, 0xff, 0x9e, 0x86, 0x93, 0x75, 0xf6, 0x90, 0xac, 0x50,
+ 0xcf, 0x9e, 0xbd, 0x0a, 0xfe, 0xb1, 0xd9, 0xc2, 0x4e, 0x52, 0x19, 0xe4,
+ 0xde, 0x29, 0xe5, 0x61, 0xf3, 0xf9, 0x29, 0xe8, 0x40, 0x87, 0x7a, 0xdd,
+ 0x17, 0x48, 0x05, 0x89, 0x7e, 0x2b, 0xcb, 0x54, 0x79, 0xcc, 0x66, 0xf1,
+ 0xb3, 0x13, 0x29, 0x0c, 0x68, 0x96, 0xb2, 0xbb, 0x8f, 0xa3, 0x42, 0x04,
+ 0x40, 0xcf, 0x99, 0x7b, 0xea, 0x2e, 0x2c, 0x86, 0xa0, 0x7b, 0x52, 0x09,
+ 0xc8, 0xb5, 0x3c, 0x41, 0x12, 0x29, 0x28, 0x1a, 0x82, 0x0d, 0x49, 0x9c,
+ 0x95, 0xcb, 0x0b, 0x1b, 0x31, 0x1a, 0x01, 0x9c, 0xf2, 0x66, 0x1a, 0xd9,
+ 0xb5, 0xce, 0x52, 0x59, 0xcb, 0xf4, 0x81, 0x9b, 0x21, 0xaf, 0x32, 0x5d,
+ 0x07, 0xa0, 0x1e, 0x91, 0x59, 0x6f, 0x06, 0x55, 0x10, 0x8e, 0x2e, 0x08,
+ 0x88, 0x52, 0x28, 0x86, 0x7f, 0xa4, 0x42, 0x04, 0x40, 0x22, 0x52, 0x60,
+ 0x17, 0xef, 0x2c, 0xa1, 0xf6, 0xcb, 0xed, 0x39, 0xd5, 0xe2, 0xaa, 0x65,
+ 0x20, 0xfb, 0xad, 0x82, 0x93, 0xe5, 0x78, 0x23, 0x22, 0x97, 0xc1, 0x6e,
+ 0x6a, 0x4e, 0x36, 0xd7, 0x6a, 0x61, 0x39, 0x08, 0x21, 0xd4, 0xfe, 0x92,
+ 0x5f, 0x36, 0x2d, 0xeb, 0x5d, 0xbb, 0x32, 0x8b, 0xe3, 0x94, 0x4f, 0xbe,
+ 0x1b, 0x21, 0xf9, 0xcc, 0x23, 0x73, 0x41, 0xb6, 0xb9, 0xb6, 0x98, 0xd0,
+ 0xbc, 0xa6, 0x03, 0x0a, 0x01, 0x00, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86,
+ 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04, 0x05, 0x00, 0x03, 0x49, 0x00, 0x30,
+ 0x46, 0x02, 0x21, 0x00, 0xd0, 0xff, 0x60, 0x84, 0xd4, 0x74, 0x47, 0xeb,
+ 0xf4, 0x29, 0x86, 0xc5, 0x2a, 0x12, 0x01, 0xf9, 0x7e, 0x5b, 0xab, 0xfd,
+ 0xfe, 0xd3, 0x11, 0x75, 0xbc, 0x26, 0x63, 0x71, 0x57, 0x2b, 0xb1, 0xc8,
+ 0x02, 0x21, 0x00, 0xe0, 0x16, 0x72, 0x65, 0xb0, 0x4a, 0x92, 0xca, 0xc6,
+ 0xc9, 0xe2, 0x0f, 0x50, 0xf0, 0x1c, 0x70, 0x01, 0x64, 0xa7, 0x8d, 0x7d,
+ 0x51, 0xe9, 0x59, 0xfe, 0xe6, 0x7f, 0x31, 0x28, 0x30, 0x04, 0x04};
constexpr uint8_t kExpectedCborEd25519Cert_HashOnlyInput[441] = {
0x84, 0x43, 0xa1, 0x01, 0x27, 0xa0, 0x59, 0x01, 0x6e, 0xa8, 0x01, 0x78,
@@ -632,7 +634,7 @@
// Certificate Sign
// X509v3 Basic Constraints: critical
// CA:TRUE
-// 1.3.6.1.4.1.11129.2.1.24:
+// 1.3.6.1.4.1.11129.2.1.24: critical
// 0:d=0 hl=4 l= 426 cons: SEQUENCE
// 4:d=1 hl=2 l= 66 cons: cont [ 0 ]
// 6:d=2 hl=2 l= 64 prim: OCTET STRING
@@ -677,12 +679,12 @@
// 427:d=2 hl=2 l= 1 prim: ENUMERATED :00
//
// Signature Algorithm: ED25519
-// 70:3c:ba:64:6b:18:2b:3f:26:b3:67:52:3b:3d:08:f5:88:3d:
-// fe:79:d4:b4:e5:70:71:1d:95:f6:9a:ac:ca:f7:23:8b:fd:e2:
-// 22:5b:3b:39:82:99:02:e8:db:67:70:f2:99:9d:f7:3b:73:12:
-// 6a:b0:a0:ac:49:4b:37:06:21:06
-constexpr uint8_t kExpectedX509Ed25519Cert_DescriptorInput[855] = {
- 0x30, 0x82, 0x03, 0x53, 0x30, 0x82, 0x03, 0x05, 0xa0, 0x03, 0x02, 0x01,
+// 23:23:66:8c:b2:de:08:0a:fa:96:01:3f:5c:f3:87:ac:33:e0:
+// d0:86:9b:f5:6b:df:2c:6e:9e:63:a5:5c:dd:d4:55:27:df:7e:
+// 6f:ad:6a:95:99:fd:0f:91:a9:44:25:42:c4:02:c5:ed:2a:b3:
+// 72:23:4e:79:76:f9:13:6e:f7:00
+constexpr uint8_t kExpectedX509Ed25519Cert_DescriptorInput[858] = {
+ 0x30, 0x82, 0x03, 0x56, 0x30, 0x82, 0x03, 0x08, 0xa0, 0x03, 0x02, 0x01,
0x02, 0x02, 0x14, 0x52, 0x1f, 0x03, 0x5c, 0x21, 0xe3, 0x2f, 0x16, 0x74,
0x1c, 0x1e, 0xae, 0x6b, 0xde, 0xd9, 0x3c, 0xe3, 0x21, 0xe0, 0xdf, 0x30,
0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x30, 0x33, 0x31, 0x31, 0x30, 0x2f,
@@ -701,7 +703,7 @@
0x21, 0x00, 0x93, 0x7f, 0xd9, 0xc0, 0x4d, 0xc6, 0xbb, 0x2e, 0x1d, 0x11,
0x62, 0xcd, 0x5c, 0x76, 0x94, 0xc7, 0xdb, 0x02, 0x54, 0x0c, 0x85, 0x01,
0x3a, 0x01, 0xab, 0x37, 0xfa, 0xce, 0xf9, 0x6e, 0x62, 0x20, 0xa3, 0x82,
- 0x02, 0x27, 0x30, 0x82, 0x02, 0x23, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d,
+ 0x02, 0x2a, 0x30, 0x82, 0x02, 0x26, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d,
0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x47, 0x57, 0x08, 0xeb, 0x3b,
0x42, 0x6f, 0x38, 0x6c, 0xfc, 0xe8, 0xf3, 0xba, 0xf5, 0x43, 0x90, 0x46,
0x27, 0x8d, 0xfa, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16,
@@ -709,51 +711,51 @@
0x1e, 0xae, 0x6b, 0xde, 0xd9, 0x3c, 0xe3, 0x21, 0xe0, 0xdf, 0x30, 0x0e,
0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02,
0x02, 0x04, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff,
- 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x82, 0x01, 0xbe, 0x06,
- 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x01, 0x18, 0x04,
- 0x82, 0x01, 0xae, 0x30, 0x82, 0x01, 0xaa, 0xa0, 0x42, 0x04, 0x40, 0xb7,
- 0xd4, 0x0c, 0xcb, 0x22, 0x5b, 0xa5, 0x78, 0x8f, 0x98, 0xff, 0x9e, 0x86,
- 0x93, 0x75, 0xf6, 0x90, 0xac, 0x50, 0xcf, 0x9e, 0xbd, 0x0a, 0xfe, 0xb1,
- 0xd9, 0xc2, 0x4e, 0x52, 0x19, 0xe4, 0xde, 0x29, 0xe5, 0x61, 0xf3, 0xf9,
- 0x29, 0xe8, 0x40, 0x87, 0x7a, 0xdd, 0x17, 0x48, 0x05, 0x89, 0x7e, 0x2b,
- 0xcb, 0x54, 0x79, 0xcc, 0x66, 0xf1, 0xb3, 0x13, 0x29, 0x0c, 0x68, 0x96,
- 0xb2, 0xbb, 0x8f, 0xa1, 0x66, 0x04, 0x64, 0x6c, 0x46, 0x01, 0x33, 0x26,
- 0x73, 0x4b, 0x22, 0x65, 0xfd, 0xfa, 0x58, 0xd7, 0x57, 0x3e, 0x95, 0x59,
- 0xe0, 0x3a, 0xc3, 0xb9, 0xf7, 0xc8, 0x0e, 0x98, 0x80, 0x8c, 0xf5, 0xc4,
- 0xb8, 0xaf, 0xe3, 0x16, 0x84, 0x25, 0xa5, 0x35, 0x5d, 0x17, 0x72, 0x56,
- 0x8f, 0x8e, 0xec, 0x2f, 0x5a, 0x74, 0x60, 0x77, 0x2a, 0x6e, 0x90, 0xc0,
- 0x4e, 0x9f, 0x87, 0x6b, 0xf4, 0x8d, 0x9c, 0x66, 0xe3, 0x0b, 0xd2, 0x10,
- 0x35, 0x21, 0xa8, 0x1d, 0xa2, 0x31, 0x17, 0xe7, 0x0c, 0xdf, 0x18, 0xf7,
- 0x94, 0xe4, 0xd1, 0xca, 0x32, 0x7d, 0xf2, 0x63, 0x23, 0x1d, 0xbc, 0x84,
- 0x74, 0x61, 0xdb, 0x87, 0xf2, 0xab, 0x72, 0xad, 0xaf, 0x08, 0xf8, 0xa2,
- 0x42, 0x04, 0x40, 0x45, 0x00, 0xe9, 0x5c, 0xbd, 0x00, 0x57, 0x04, 0x55,
- 0x87, 0x6c, 0xbd, 0x2f, 0xea, 0x41, 0x9c, 0x66, 0x42, 0x51, 0x41, 0xbb,
- 0x44, 0xed, 0x0e, 0xe9, 0x66, 0xcf, 0xd5, 0x10, 0x73, 0x0d, 0x4b, 0x48,
- 0xe4, 0x7a, 0x53, 0x35, 0x01, 0x0e, 0x6d, 0x15, 0x55, 0xc5, 0xb7, 0xd2,
- 0xd5, 0x36, 0xb6, 0xbc, 0x7e, 0xb0, 0xf3, 0x3d, 0xe6, 0x19, 0x78, 0x62,
- 0xeb, 0x02, 0x57, 0x39, 0x56, 0x73, 0x4f, 0xa3, 0x2a, 0x04, 0x28, 0x1b,
- 0x40, 0xc1, 0xa9, 0x77, 0x60, 0xeb, 0xc3, 0x67, 0xf0, 0x5f, 0x6a, 0xe1,
- 0x5e, 0x20, 0xc2, 0x51, 0x68, 0x4d, 0x82, 0x48, 0x8b, 0x03, 0x32, 0x16,
- 0x79, 0x88, 0x14, 0x37, 0x78, 0x7f, 0x16, 0x9a, 0x06, 0xfd, 0xc0, 0x8a,
- 0x15, 0x80, 0x62, 0xa4, 0x42, 0x04, 0x40, 0x22, 0x52, 0x60, 0x17, 0xef,
- 0x2c, 0xa1, 0xf6, 0xcb, 0xed, 0x39, 0xd5, 0xe2, 0xaa, 0x65, 0x20, 0xfb,
- 0xad, 0x82, 0x93, 0xe5, 0x78, 0x23, 0x22, 0x97, 0xc1, 0x6e, 0x6a, 0x4e,
- 0x36, 0xd7, 0x6a, 0x61, 0x39, 0x08, 0x21, 0xd4, 0xfe, 0x92, 0x5f, 0x36,
- 0x2d, 0xeb, 0x5d, 0xbb, 0x32, 0x8b, 0xe3, 0x94, 0x4f, 0xbe, 0x1b, 0x21,
- 0xf9, 0xcc, 0x23, 0x73, 0x41, 0xb6, 0xb9, 0xb6, 0x98, 0xd0, 0xbc, 0xa5,
- 0x43, 0x04, 0x41, 0x92, 0xd6, 0x97, 0xb3, 0x83, 0xdf, 0xe7, 0x8c, 0xc7,
- 0xbc, 0x4a, 0xfc, 0xea, 0x76, 0xc0, 0x53, 0x66, 0xbd, 0x2c, 0x1e, 0x10,
- 0x31, 0x90, 0x80, 0x11, 0x2d, 0x08, 0x4d, 0x7c, 0x39, 0x76, 0xdc, 0x73,
- 0xe7, 0x1c, 0x16, 0x62, 0xd5, 0x59, 0xd7, 0x49, 0x2b, 0x6a, 0xa2, 0x36,
- 0x67, 0x57, 0xd1, 0xf2, 0xf9, 0xaf, 0x13, 0xd7, 0xa3, 0xe4, 0xd3, 0x39,
- 0x5b, 0x02, 0x78, 0xb1, 0xe0, 0x09, 0x70, 0xa2, 0xa6, 0x03, 0x0a, 0x01,
- 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x41, 0x00, 0x70,
- 0x3c, 0xba, 0x64, 0x6b, 0x18, 0x2b, 0x3f, 0x26, 0xb3, 0x67, 0x52, 0x3b,
- 0x3d, 0x08, 0xf5, 0x88, 0x3d, 0xfe, 0x79, 0xd4, 0xb4, 0xe5, 0x70, 0x71,
- 0x1d, 0x95, 0xf6, 0x9a, 0xac, 0xca, 0xf7, 0x23, 0x8b, 0xfd, 0xe2, 0x22,
- 0x5b, 0x3b, 0x39, 0x82, 0x99, 0x02, 0xe8, 0xdb, 0x67, 0x70, 0xf2, 0x99,
- 0x9d, 0xf7, 0x3b, 0x73, 0x12, 0x6a, 0xb0, 0xa0, 0xac, 0x49, 0x4b, 0x37,
- 0x06, 0x21, 0x06};
+ 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x82, 0x01, 0xc1, 0x06,
+ 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x01, 0x18, 0x01,
+ 0x01, 0xff, 0x04, 0x82, 0x01, 0xae, 0x30, 0x82, 0x01, 0xaa, 0xa0, 0x42,
+ 0x04, 0x40, 0xb7, 0xd4, 0x0c, 0xcb, 0x22, 0x5b, 0xa5, 0x78, 0x8f, 0x98,
+ 0xff, 0x9e, 0x86, 0x93, 0x75, 0xf6, 0x90, 0xac, 0x50, 0xcf, 0x9e, 0xbd,
+ 0x0a, 0xfe, 0xb1, 0xd9, 0xc2, 0x4e, 0x52, 0x19, 0xe4, 0xde, 0x29, 0xe5,
+ 0x61, 0xf3, 0xf9, 0x29, 0xe8, 0x40, 0x87, 0x7a, 0xdd, 0x17, 0x48, 0x05,
+ 0x89, 0x7e, 0x2b, 0xcb, 0x54, 0x79, 0xcc, 0x66, 0xf1, 0xb3, 0x13, 0x29,
+ 0x0c, 0x68, 0x96, 0xb2, 0xbb, 0x8f, 0xa1, 0x66, 0x04, 0x64, 0x6c, 0x46,
+ 0x01, 0x33, 0x26, 0x73, 0x4b, 0x22, 0x65, 0xfd, 0xfa, 0x58, 0xd7, 0x57,
+ 0x3e, 0x95, 0x59, 0xe0, 0x3a, 0xc3, 0xb9, 0xf7, 0xc8, 0x0e, 0x98, 0x80,
+ 0x8c, 0xf5, 0xc4, 0xb8, 0xaf, 0xe3, 0x16, 0x84, 0x25, 0xa5, 0x35, 0x5d,
+ 0x17, 0x72, 0x56, 0x8f, 0x8e, 0xec, 0x2f, 0x5a, 0x74, 0x60, 0x77, 0x2a,
+ 0x6e, 0x90, 0xc0, 0x4e, 0x9f, 0x87, 0x6b, 0xf4, 0x8d, 0x9c, 0x66, 0xe3,
+ 0x0b, 0xd2, 0x10, 0x35, 0x21, 0xa8, 0x1d, 0xa2, 0x31, 0x17, 0xe7, 0x0c,
+ 0xdf, 0x18, 0xf7, 0x94, 0xe4, 0xd1, 0xca, 0x32, 0x7d, 0xf2, 0x63, 0x23,
+ 0x1d, 0xbc, 0x84, 0x74, 0x61, 0xdb, 0x87, 0xf2, 0xab, 0x72, 0xad, 0xaf,
+ 0x08, 0xf8, 0xa2, 0x42, 0x04, 0x40, 0x45, 0x00, 0xe9, 0x5c, 0xbd, 0x00,
+ 0x57, 0x04, 0x55, 0x87, 0x6c, 0xbd, 0x2f, 0xea, 0x41, 0x9c, 0x66, 0x42,
+ 0x51, 0x41, 0xbb, 0x44, 0xed, 0x0e, 0xe9, 0x66, 0xcf, 0xd5, 0x10, 0x73,
+ 0x0d, 0x4b, 0x48, 0xe4, 0x7a, 0x53, 0x35, 0x01, 0x0e, 0x6d, 0x15, 0x55,
+ 0xc5, 0xb7, 0xd2, 0xd5, 0x36, 0xb6, 0xbc, 0x7e, 0xb0, 0xf3, 0x3d, 0xe6,
+ 0x19, 0x78, 0x62, 0xeb, 0x02, 0x57, 0x39, 0x56, 0x73, 0x4f, 0xa3, 0x2a,
+ 0x04, 0x28, 0x1b, 0x40, 0xc1, 0xa9, 0x77, 0x60, 0xeb, 0xc3, 0x67, 0xf0,
+ 0x5f, 0x6a, 0xe1, 0x5e, 0x20, 0xc2, 0x51, 0x68, 0x4d, 0x82, 0x48, 0x8b,
+ 0x03, 0x32, 0x16, 0x79, 0x88, 0x14, 0x37, 0x78, 0x7f, 0x16, 0x9a, 0x06,
+ 0xfd, 0xc0, 0x8a, 0x15, 0x80, 0x62, 0xa4, 0x42, 0x04, 0x40, 0x22, 0x52,
+ 0x60, 0x17, 0xef, 0x2c, 0xa1, 0xf6, 0xcb, 0xed, 0x39, 0xd5, 0xe2, 0xaa,
+ 0x65, 0x20, 0xfb, 0xad, 0x82, 0x93, 0xe5, 0x78, 0x23, 0x22, 0x97, 0xc1,
+ 0x6e, 0x6a, 0x4e, 0x36, 0xd7, 0x6a, 0x61, 0x39, 0x08, 0x21, 0xd4, 0xfe,
+ 0x92, 0x5f, 0x36, 0x2d, 0xeb, 0x5d, 0xbb, 0x32, 0x8b, 0xe3, 0x94, 0x4f,
+ 0xbe, 0x1b, 0x21, 0xf9, 0xcc, 0x23, 0x73, 0x41, 0xb6, 0xb9, 0xb6, 0x98,
+ 0xd0, 0xbc, 0xa5, 0x43, 0x04, 0x41, 0x92, 0xd6, 0x97, 0xb3, 0x83, 0xdf,
+ 0xe7, 0x8c, 0xc7, 0xbc, 0x4a, 0xfc, 0xea, 0x76, 0xc0, 0x53, 0x66, 0xbd,
+ 0x2c, 0x1e, 0x10, 0x31, 0x90, 0x80, 0x11, 0x2d, 0x08, 0x4d, 0x7c, 0x39,
+ 0x76, 0xdc, 0x73, 0xe7, 0x1c, 0x16, 0x62, 0xd5, 0x59, 0xd7, 0x49, 0x2b,
+ 0x6a, 0xa2, 0x36, 0x67, 0x57, 0xd1, 0xf2, 0xf9, 0xaf, 0x13, 0xd7, 0xa3,
+ 0xe4, 0xd3, 0x39, 0x5b, 0x02, 0x78, 0xb1, 0xe0, 0x09, 0x70, 0xa2, 0xa6,
+ 0x03, 0x0a, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03,
+ 0x41, 0x00, 0x23, 0x23, 0x66, 0x8c, 0xb2, 0xde, 0x08, 0x0a, 0xfa, 0x96,
+ 0x01, 0x3f, 0x5c, 0xf3, 0x87, 0xac, 0x33, 0xe0, 0xd0, 0x86, 0x9b, 0xf5,
+ 0x6b, 0xdf, 0x2c, 0x6e, 0x9e, 0x63, 0xa5, 0x5c, 0xdd, 0xd4, 0x55, 0x27,
+ 0xdf, 0x7e, 0x6f, 0xad, 0x6a, 0x95, 0x99, 0xfd, 0x0f, 0x91, 0xa9, 0x44,
+ 0x25, 0x42, 0xc4, 0x02, 0xc5, 0xed, 0x2a, 0xb3, 0x72, 0x23, 0x4e, 0x79,
+ 0x76, 0xf9, 0x13, 0x6e, 0xf7, 0x00};
// $ openssl x509 -inform DER -noout -text -certopt ext_parse
// Certificate:
@@ -788,7 +790,7 @@
// Certificate Sign
// X509v3 Basic Constraints: critical
// CA:TRUE
-// 1.3.6.1.4.1.11129.2.1.24:
+// 1.3.6.1.4.1.11129.2.1.24: critical
// 0:d=0 hl=4 l= 426 cons: SEQUENCE
// 4:d=1 hl=2 l= 66 cons: cont [ 0 ]
// 6:d=2 hl=2 l= 64 prim: OCTET STRING
@@ -833,12 +835,12 @@
// 427:d=2 hl=2 l= 1 prim: ENUMERATED :00
//
// Signature Algorithm: ecdsa-with-SHA512
-// 30:45:02:21:00:b2:0b:bb:86:04:4e:38:55:db:f5:58:92:e1:
-// c1:31:4e:79:57:e4:5f:bc:36:68:29:b4:89:a5:63:4e:67:19:
-// 8c:02:20:1b:5d:e6:35:c0:cd:9f:7b:ec:c0:01:52:b8:2f:81:
-// f0:29:01:a0:17:19:83:ca:84:e2:ec:01:a8:b2:13:8a:b9
-constexpr uint8_t kExpectedX509P256Cert_DescriptorInput[923] = {
- 0x30, 0x82, 0x03, 0x97, 0x30, 0x82, 0x03, 0x3b, 0xa0, 0x03, 0x02, 0x01,
+// 30:46:02:21:00:a9:57:7d:ac:e0:80:8e:1c:7a:e1:4d:7d:2a:
+// 52:d2:5e:fb:5a:7d:45:1e:fa:67:17:04:9e:b3:05:c2:34:f0:
+// 7a:02:21:00:b7:3a:31:25:ae:1d:2b:06:8b:ba:44:d9:3a:bf:
+// 8b:e2:3f:89:e2:a6:14:0c:fa:c2:b1:dd:0c:0a:78:ac:60:19
+constexpr uint8_t kExpectedX509P256Cert_DescriptorInput[927] = {
+ 0x30, 0x82, 0x03, 0x9b, 0x30, 0x82, 0x03, 0x3e, 0xa0, 0x03, 0x02, 0x01,
0x02, 0x02, 0x14, 0x2c, 0x0d, 0xe9, 0x55, 0xc4, 0xfa, 0x08, 0x2c, 0x2c,
0x3a, 0x0b, 0x40, 0x66, 0x59, 0xaf, 0xa1, 0xc1, 0xc0, 0x84, 0x6c, 0x30,
0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04, 0x05,
@@ -861,7 +863,7 @@
0x9b, 0x27, 0xf3, 0x87, 0x97, 0xb3, 0xe7, 0x36, 0xe6, 0x42, 0x87, 0x8c,
0x72, 0xde, 0xf7, 0xaf, 0x2d, 0xc6, 0x23, 0x00, 0xb1, 0x2b, 0x4e, 0x1c,
0xf3, 0xaf, 0x67, 0xf0, 0x9b, 0x88, 0x40, 0x79, 0x3b, 0x09, 0x78, 0x30,
- 0x51, 0x65, 0x38, 0x61, 0xa3, 0x82, 0x02, 0x27, 0x30, 0x82, 0x02, 0x23,
+ 0x51, 0x65, 0x38, 0x61, 0xa3, 0x82, 0x02, 0x2a, 0x30, 0x82, 0x02, 0x26,
0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80,
0x14, 0x1b, 0xe5, 0x68, 0x79, 0x33, 0xdb, 0x3d, 0x9c, 0xd5, 0xfc, 0xa7,
0x29, 0xe8, 0x1d, 0x66, 0x85, 0x46, 0x5a, 0x7b, 0xf1, 0x30, 0x1d, 0x06,
@@ -870,51 +872,52 @@
0xc1, 0xc0, 0x84, 0x6c, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01,
0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x04, 0x30, 0x0f, 0x06, 0x03,
0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01,
- 0xff, 0x30, 0x82, 0x01, 0xbe, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01,
- 0xd6, 0x79, 0x02, 0x01, 0x18, 0x04, 0x82, 0x01, 0xae, 0x30, 0x82, 0x01,
- 0xaa, 0xa0, 0x42, 0x04, 0x40, 0xb7, 0xd4, 0x0c, 0xcb, 0x22, 0x5b, 0xa5,
- 0x78, 0x8f, 0x98, 0xff, 0x9e, 0x86, 0x93, 0x75, 0xf6, 0x90, 0xac, 0x50,
- 0xcf, 0x9e, 0xbd, 0x0a, 0xfe, 0xb1, 0xd9, 0xc2, 0x4e, 0x52, 0x19, 0xe4,
- 0xde, 0x29, 0xe5, 0x61, 0xf3, 0xf9, 0x29, 0xe8, 0x40, 0x87, 0x7a, 0xdd,
- 0x17, 0x48, 0x05, 0x89, 0x7e, 0x2b, 0xcb, 0x54, 0x79, 0xcc, 0x66, 0xf1,
- 0xb3, 0x13, 0x29, 0x0c, 0x68, 0x96, 0xb2, 0xbb, 0x8f, 0xa1, 0x66, 0x04,
- 0x64, 0x6c, 0x46, 0x01, 0x33, 0x26, 0x73, 0x4b, 0x22, 0x65, 0xfd, 0xfa,
- 0x58, 0xd7, 0x57, 0x3e, 0x95, 0x59, 0xe0, 0x3a, 0xc3, 0xb9, 0xf7, 0xc8,
- 0x0e, 0x98, 0x80, 0x8c, 0xf5, 0xc4, 0xb8, 0xaf, 0xe3, 0x16, 0x84, 0x25,
- 0xa5, 0x35, 0x5d, 0x17, 0x72, 0x56, 0x8f, 0x8e, 0xec, 0x2f, 0x5a, 0x74,
- 0x60, 0x77, 0x2a, 0x6e, 0x90, 0xc0, 0x4e, 0x9f, 0x87, 0x6b, 0xf4, 0x8d,
- 0x9c, 0x66, 0xe3, 0x0b, 0xd2, 0x10, 0x35, 0x21, 0xa8, 0x1d, 0xa2, 0x31,
- 0x17, 0xe7, 0x0c, 0xdf, 0x18, 0xf7, 0x94, 0xe4, 0xd1, 0xca, 0x32, 0x7d,
- 0xf2, 0x63, 0x23, 0x1d, 0xbc, 0x84, 0x74, 0x61, 0xdb, 0x87, 0xf2, 0xab,
- 0x72, 0xad, 0xaf, 0x08, 0xf8, 0xa2, 0x42, 0x04, 0x40, 0x45, 0x00, 0xe9,
- 0x5c, 0xbd, 0x00, 0x57, 0x04, 0x55, 0x87, 0x6c, 0xbd, 0x2f, 0xea, 0x41,
- 0x9c, 0x66, 0x42, 0x51, 0x41, 0xbb, 0x44, 0xed, 0x0e, 0xe9, 0x66, 0xcf,
- 0xd5, 0x10, 0x73, 0x0d, 0x4b, 0x48, 0xe4, 0x7a, 0x53, 0x35, 0x01, 0x0e,
- 0x6d, 0x15, 0x55, 0xc5, 0xb7, 0xd2, 0xd5, 0x36, 0xb6, 0xbc, 0x7e, 0xb0,
- 0xf3, 0x3d, 0xe6, 0x19, 0x78, 0x62, 0xeb, 0x02, 0x57, 0x39, 0x56, 0x73,
- 0x4f, 0xa3, 0x2a, 0x04, 0x28, 0x1b, 0x40, 0xc1, 0xa9, 0x77, 0x60, 0xeb,
- 0xc3, 0x67, 0xf0, 0x5f, 0x6a, 0xe1, 0x5e, 0x20, 0xc2, 0x51, 0x68, 0x4d,
- 0x82, 0x48, 0x8b, 0x03, 0x32, 0x16, 0x79, 0x88, 0x14, 0x37, 0x78, 0x7f,
- 0x16, 0x9a, 0x06, 0xfd, 0xc0, 0x8a, 0x15, 0x80, 0x62, 0xa4, 0x42, 0x04,
- 0x40, 0x22, 0x52, 0x60, 0x17, 0xef, 0x2c, 0xa1, 0xf6, 0xcb, 0xed, 0x39,
- 0xd5, 0xe2, 0xaa, 0x65, 0x20, 0xfb, 0xad, 0x82, 0x93, 0xe5, 0x78, 0x23,
- 0x22, 0x97, 0xc1, 0x6e, 0x6a, 0x4e, 0x36, 0xd7, 0x6a, 0x61, 0x39, 0x08,
- 0x21, 0xd4, 0xfe, 0x92, 0x5f, 0x36, 0x2d, 0xeb, 0x5d, 0xbb, 0x32, 0x8b,
- 0xe3, 0x94, 0x4f, 0xbe, 0x1b, 0x21, 0xf9, 0xcc, 0x23, 0x73, 0x41, 0xb6,
- 0xb9, 0xb6, 0x98, 0xd0, 0xbc, 0xa5, 0x43, 0x04, 0x41, 0x92, 0xd6, 0x97,
- 0xb3, 0x83, 0xdf, 0xe7, 0x8c, 0xc7, 0xbc, 0x4a, 0xfc, 0xea, 0x76, 0xc0,
- 0x53, 0x66, 0xbd, 0x2c, 0x1e, 0x10, 0x31, 0x90, 0x80, 0x11, 0x2d, 0x08,
- 0x4d, 0x7c, 0x39, 0x76, 0xdc, 0x73, 0xe7, 0x1c, 0x16, 0x62, 0xd5, 0x59,
- 0xd7, 0x49, 0x2b, 0x6a, 0xa2, 0x36, 0x67, 0x57, 0xd1, 0xf2, 0xf9, 0xaf,
- 0x13, 0xd7, 0xa3, 0xe4, 0xd3, 0x39, 0x5b, 0x02, 0x78, 0xb1, 0xe0, 0x09,
- 0x70, 0xa2, 0xa6, 0x03, 0x0a, 0x01, 0x00, 0x30, 0x0c, 0x06, 0x08, 0x2a,
- 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04, 0x05, 0x00, 0x03, 0x48, 0x00,
- 0x30, 0x45, 0x02, 0x21, 0x00, 0xb2, 0x0b, 0xbb, 0x86, 0x04, 0x4e, 0x38,
- 0x55, 0xdb, 0xf5, 0x58, 0x92, 0xe1, 0xc1, 0x31, 0x4e, 0x79, 0x57, 0xe4,
- 0x5f, 0xbc, 0x36, 0x68, 0x29, 0xb4, 0x89, 0xa5, 0x63, 0x4e, 0x67, 0x19,
- 0x8c, 0x02, 0x20, 0x1b, 0x5d, 0xe6, 0x35, 0xc0, 0xcd, 0x9f, 0x7b, 0xec,
- 0xc0, 0x01, 0x52, 0xb8, 0x2f, 0x81, 0xf0, 0x29, 0x01, 0xa0, 0x17, 0x19,
- 0x83, 0xca, 0x84, 0xe2, 0xec, 0x01, 0xa8, 0xb2, 0x13, 0x8a, 0xb9};
+ 0xff, 0x30, 0x82, 0x01, 0xc1, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01,
+ 0xd6, 0x79, 0x02, 0x01, 0x18, 0x01, 0x01, 0xff, 0x04, 0x82, 0x01, 0xae,
+ 0x30, 0x82, 0x01, 0xaa, 0xa0, 0x42, 0x04, 0x40, 0xb7, 0xd4, 0x0c, 0xcb,
+ 0x22, 0x5b, 0xa5, 0x78, 0x8f, 0x98, 0xff, 0x9e, 0x86, 0x93, 0x75, 0xf6,
+ 0x90, 0xac, 0x50, 0xcf, 0x9e, 0xbd, 0x0a, 0xfe, 0xb1, 0xd9, 0xc2, 0x4e,
+ 0x52, 0x19, 0xe4, 0xde, 0x29, 0xe5, 0x61, 0xf3, 0xf9, 0x29, 0xe8, 0x40,
+ 0x87, 0x7a, 0xdd, 0x17, 0x48, 0x05, 0x89, 0x7e, 0x2b, 0xcb, 0x54, 0x79,
+ 0xcc, 0x66, 0xf1, 0xb3, 0x13, 0x29, 0x0c, 0x68, 0x96, 0xb2, 0xbb, 0x8f,
+ 0xa1, 0x66, 0x04, 0x64, 0x6c, 0x46, 0x01, 0x33, 0x26, 0x73, 0x4b, 0x22,
+ 0x65, 0xfd, 0xfa, 0x58, 0xd7, 0x57, 0x3e, 0x95, 0x59, 0xe0, 0x3a, 0xc3,
+ 0xb9, 0xf7, 0xc8, 0x0e, 0x98, 0x80, 0x8c, 0xf5, 0xc4, 0xb8, 0xaf, 0xe3,
+ 0x16, 0x84, 0x25, 0xa5, 0x35, 0x5d, 0x17, 0x72, 0x56, 0x8f, 0x8e, 0xec,
+ 0x2f, 0x5a, 0x74, 0x60, 0x77, 0x2a, 0x6e, 0x90, 0xc0, 0x4e, 0x9f, 0x87,
+ 0x6b, 0xf4, 0x8d, 0x9c, 0x66, 0xe3, 0x0b, 0xd2, 0x10, 0x35, 0x21, 0xa8,
+ 0x1d, 0xa2, 0x31, 0x17, 0xe7, 0x0c, 0xdf, 0x18, 0xf7, 0x94, 0xe4, 0xd1,
+ 0xca, 0x32, 0x7d, 0xf2, 0x63, 0x23, 0x1d, 0xbc, 0x84, 0x74, 0x61, 0xdb,
+ 0x87, 0xf2, 0xab, 0x72, 0xad, 0xaf, 0x08, 0xf8, 0xa2, 0x42, 0x04, 0x40,
+ 0x45, 0x00, 0xe9, 0x5c, 0xbd, 0x00, 0x57, 0x04, 0x55, 0x87, 0x6c, 0xbd,
+ 0x2f, 0xea, 0x41, 0x9c, 0x66, 0x42, 0x51, 0x41, 0xbb, 0x44, 0xed, 0x0e,
+ 0xe9, 0x66, 0xcf, 0xd5, 0x10, 0x73, 0x0d, 0x4b, 0x48, 0xe4, 0x7a, 0x53,
+ 0x35, 0x01, 0x0e, 0x6d, 0x15, 0x55, 0xc5, 0xb7, 0xd2, 0xd5, 0x36, 0xb6,
+ 0xbc, 0x7e, 0xb0, 0xf3, 0x3d, 0xe6, 0x19, 0x78, 0x62, 0xeb, 0x02, 0x57,
+ 0x39, 0x56, 0x73, 0x4f, 0xa3, 0x2a, 0x04, 0x28, 0x1b, 0x40, 0xc1, 0xa9,
+ 0x77, 0x60, 0xeb, 0xc3, 0x67, 0xf0, 0x5f, 0x6a, 0xe1, 0x5e, 0x20, 0xc2,
+ 0x51, 0x68, 0x4d, 0x82, 0x48, 0x8b, 0x03, 0x32, 0x16, 0x79, 0x88, 0x14,
+ 0x37, 0x78, 0x7f, 0x16, 0x9a, 0x06, 0xfd, 0xc0, 0x8a, 0x15, 0x80, 0x62,
+ 0xa4, 0x42, 0x04, 0x40, 0x22, 0x52, 0x60, 0x17, 0xef, 0x2c, 0xa1, 0xf6,
+ 0xcb, 0xed, 0x39, 0xd5, 0xe2, 0xaa, 0x65, 0x20, 0xfb, 0xad, 0x82, 0x93,
+ 0xe5, 0x78, 0x23, 0x22, 0x97, 0xc1, 0x6e, 0x6a, 0x4e, 0x36, 0xd7, 0x6a,
+ 0x61, 0x39, 0x08, 0x21, 0xd4, 0xfe, 0x92, 0x5f, 0x36, 0x2d, 0xeb, 0x5d,
+ 0xbb, 0x32, 0x8b, 0xe3, 0x94, 0x4f, 0xbe, 0x1b, 0x21, 0xf9, 0xcc, 0x23,
+ 0x73, 0x41, 0xb6, 0xb9, 0xb6, 0x98, 0xd0, 0xbc, 0xa5, 0x43, 0x04, 0x41,
+ 0x92, 0xd6, 0x97, 0xb3, 0x83, 0xdf, 0xe7, 0x8c, 0xc7, 0xbc, 0x4a, 0xfc,
+ 0xea, 0x76, 0xc0, 0x53, 0x66, 0xbd, 0x2c, 0x1e, 0x10, 0x31, 0x90, 0x80,
+ 0x11, 0x2d, 0x08, 0x4d, 0x7c, 0x39, 0x76, 0xdc, 0x73, 0xe7, 0x1c, 0x16,
+ 0x62, 0xd5, 0x59, 0xd7, 0x49, 0x2b, 0x6a, 0xa2, 0x36, 0x67, 0x57, 0xd1,
+ 0xf2, 0xf9, 0xaf, 0x13, 0xd7, 0xa3, 0xe4, 0xd3, 0x39, 0x5b, 0x02, 0x78,
+ 0xb1, 0xe0, 0x09, 0x70, 0xa2, 0xa6, 0x03, 0x0a, 0x01, 0x00, 0x30, 0x0c,
+ 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04, 0x05, 0x00,
+ 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xa9, 0x57, 0x7d, 0xac,
+ 0xe0, 0x80, 0x8e, 0x1c, 0x7a, 0xe1, 0x4d, 0x7d, 0x2a, 0x52, 0xd2, 0x5e,
+ 0xfb, 0x5a, 0x7d, 0x45, 0x1e, 0xfa, 0x67, 0x17, 0x04, 0x9e, 0xb3, 0x05,
+ 0xc2, 0x34, 0xf0, 0x7a, 0x02, 0x21, 0x00, 0xb7, 0x3a, 0x31, 0x25, 0xae,
+ 0x1d, 0x2b, 0x06, 0x8b, 0xba, 0x44, 0xd9, 0x3a, 0xbf, 0x8b, 0xe2, 0x3f,
+ 0x89, 0xe2, 0xa6, 0x14, 0x0c, 0xfa, 0xc2, 0xb1, 0xdd, 0x0c, 0x0a, 0x78,
+ 0xac, 0x60, 0x19};
constexpr uint8_t kExpectedCborEd25519Cert_DescriptorInput[667] = {
0x84, 0x43, 0xa1, 0x01, 0x27, 0xa0, 0x59, 0x02, 0x50, 0xab, 0x01, 0x78,
diff --git a/include/dice/test_utils.h b/include/dice/test_utils.h
index 73383d4..776e932 100644
--- a/include/dice/test_utils.h
+++ b/include/dice/test_utils.h
@@ -56,7 +56,13 @@
// Verifies a chain of CDI certificates given by |states| against
// |root_certificate|. If |is_partial_chain| is set, then root_certificate does
-// not need to be self signed.
+// not need to be self signed. For X.509 certificate chains, only the standard
+// certificate fields and extensions are checked, other custom extensions are
+// ignored even if marked critical. For this reason, additional tests are needed
+// to fully verify a certificate chain, this is just useful for checking that a
+// chain is correctly constructed in terms of standard fields. Similarly for
+// CBOR certificate chains the chaining construction is verified but the content
+// of other fields is ignored.
bool VerifyCertificateChain(CertificateType cert_type,
const uint8_t* root_certificate,
size_t root_certificate_size,
diff --git a/src/boringssl_cert_op.c b/src/boringssl_cert_op.c
index 08315de..432294c 100644
--- a/src/boringssl_cert_op.c
+++ b/src/boringssl_cert_op.c
@@ -475,7 +475,7 @@
}
extension =
- X509_EXTENSION_create_by_OBJ(/*ex=*/NULL, oid, /*crit=*/0, octets);
+ X509_EXTENSION_create_by_OBJ(/*ex=*/NULL, oid, /*crit=*/1, octets);
if (!extension) {
result = kDiceResultPlatformError;
goto out;
diff --git a/src/boringssl_ops_test.cc b/src/boringssl_ops_test.cc
index 971ad0b..adb6f10 100644
--- a/src/boringssl_ops_test.cc
+++ b/src/boringssl_ops_test.cc
@@ -137,7 +137,7 @@
}
TEST(DiceOpsTest, NonZeroMode) {
- constexpr size_t kModeOffsetInCert = 0x230;
+ constexpr size_t kModeOffsetInCert = 0x233;
DiceStateForTest current_state = {};
DiceStateForTest next_state = {};
DiceInputValues input_values = {};
diff --git a/src/mbedtls_ops.c b/src/mbedtls_ops.c
index 18eb4d4..4085481 100644
--- a/src/mbedtls_ops.c
+++ b/src/mbedtls_ops.c
@@ -433,7 +433,7 @@
}
if (0 != mbedtls_x509write_crt_set_extension(
&cert_context, kDiceExtensionOid, kDiceExtensionOidLength,
- /*critical=*/0, dice_extension, dice_extension_size)) {
+ /*critical=*/1, dice_extension, dice_extension_size)) {
result = kDiceResultPlatformError;
goto out;
}
diff --git a/src/mbedtls_ops_test.cc b/src/mbedtls_ops_test.cc
index ff54180..7f97366 100644
--- a/src/mbedtls_ops_test.cc
+++ b/src/mbedtls_ops_test.cc
@@ -135,7 +135,7 @@
}
TEST(DiceOpsTest, NonZeroMode) {
- constexpr size_t kModeOffsetInCert = 0x266;
+ constexpr size_t kModeOffsetInCert = 0x269;
DiceStateForTest current_state = {};
DiceStateForTest next_state = {};
DiceInputValues input_values = {};
diff --git a/src/template_cert_op.c b/src/template_cert_op.c
index e577cd2..daa4317 100644
--- a/src/template_cert_op.c
+++ b/src/template_cert_op.c
@@ -40,12 +40,12 @@
#include "openssl/is_boringssl.h"
// A well-formed certificate, but with zeros in all fields to be filled.
-static const uint8_t kTemplate[635] = {
+static const uint8_t kTemplate[638] = {
// Constant encoding.
- 0x30, 0x82, 0x02, 0x77,
+ 0x30, 0x82, 0x02, 0x7a,
// Offset 4: TBS starts here.
// Constant encoding.
- 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14,
+ 0x30, 0x82, 0x02, 0x2c, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14,
// Offset 15: Serial number, 20 bytes.
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -74,7 +74,7 @@
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
// Constant encoding.
- 0xa3, 0x82, 0x01, 0x4b, 0x30, 0x82, 0x01, 0x47, 0x30, 0x1f, 0x06, 0x03,
+ 0xa3, 0x82, 0x01, 0x4e, 0x30, 0x82, 0x01, 0x4a, 0x30, 0x1f, 0x06, 0x03,
0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14,
// Offset 247: Authority key identifier, 20 bytes.
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -87,9 +87,10 @@
// Constant encoding.
0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04,
0x03, 0x02, 0x02, 0x04, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
- 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x81, 0xe3,
+ 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x81, 0xe6,
0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x01, 0x18,
- 0x04, 0x81, 0xd4, 0x30, 0x81, 0xd1, 0xa0, 0x42, 0x04, 0x40,
+ 0x01, 0x01, 0xff, 0x04, 0x81, 0xd4, 0x30, 0x81, 0xd1, 0xa0, 0x42, 0x04,
+ 0x40,
// Offset 356: Code hash, 64 bytes.
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -139,12 +140,12 @@
{194, 32}, // Subject public key
{247, 20}, // Authority key id
{278, 20}, // Subject key id
- {356, 64}, // Code hash
- {424, 64}, // Config descriptor
- {492, 64}, // Authority hash
- {560, 1}, // Mode
- {571, 64}, // Signature
- {4, 557}}; // Entire TBS
+ {359, 64}, // Code hash
+ {427, 64}, // Config descriptor
+ {495, 64}, // Authority hash
+ {563, 1}, // Mode
+ {574, 64}, // Signature
+ {4, 560}}; // Entire TBS
static const size_t kFieldIndexSerial = 0;
static const size_t kFieldIndexIssuerName = 1;
diff --git a/src/template_cert_op_test.cc b/src/template_cert_op_test.cc
index f522e16..409e8d0 100644
--- a/src/template_cert_op_test.cc
+++ b/src/template_cert_op_test.cc
@@ -125,7 +125,7 @@
}
TEST(DiceOpsTest, NonZeroMode) {
- constexpr size_t kModeOffsetInCert = 0x230;
+ constexpr size_t kModeOffsetInCert = 0x233;
DiceStateForTest current_state = {};
DiceStateForTest next_state = {};
DiceInputValues input_values = {};
diff --git a/src/test_utils.cc b/src/test_utils.cc
index e5dbd6f..1988f25 100644
--- a/src/test_utils.cc
+++ b/src/test_utils.cc
@@ -293,6 +293,8 @@
if (is_partial_chain) {
X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_PARTIAL_CHAIN);
}
+ // Boringssl doesn't support custom extensions, so ignore them.
+ X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_IGNORE_CRITICAL);
X509_STORE_CTX_set0_param(x509_store_ctx.get(), param);
return (1 == X509_verify_cert(x509_store_ctx.get()));
}
