Implement addition of profile name in certificates
Add DICE_PROFILE_NAME as an option in the config headers and include it
in the dynamically-sized certificates. The profile name is not supported
in the template examples.
Bug: 293659743
Change-Id: I029e342920514ab8cb6d327243b2ae8f3108db74
Reviewed-on: https://pigweed-review.googlesource.com/c/open-dice/+/163351
Commit-Queue: Andrew Scull <ascull@google.com>
Reviewed-by: Darren Krahn <dkrahn@google.com>
diff --git a/include/dice/config/boringssl_ecdsa_p384/dice/config.h b/include/dice/config/boringssl_ecdsa_p384/dice/config.h
index 567560c..e5deb98 100644
--- a/include/dice/config/boringssl_ecdsa_p384/dice/config.h
+++ b/include/dice/config/boringssl_ecdsa_p384/dice/config.h
@@ -21,5 +21,6 @@
#define DICE_PUBLIC_KEY_SIZE 96
#define DICE_PRIVATE_KEY_SIZE 48
#define DICE_SIGNATURE_SIZE 96
+#define DICE_PROFILE_NAME "opendice.example.p384"
#endif // DICE_CONFIG_BORINGSSL_ECDSA_P384_DICE_DICE_CONFIG_H_
diff --git a/include/dice/config/boringssl_ed25519/dice/config.h b/include/dice/config/boringssl_ed25519/dice/config.h
index 276dd3b..ce5a8be 100644
--- a/include/dice/config/boringssl_ed25519/dice/config.h
+++ b/include/dice/config/boringssl_ed25519/dice/config.h
@@ -21,5 +21,6 @@
#define DICE_PUBLIC_KEY_SIZE 32
#define DICE_PRIVATE_KEY_SIZE 64
#define DICE_SIGNATURE_SIZE 64
+#define DICE_PROFILE_NAME NULL
#endif // DICE_CONFIG_BORINGSSL_ED25519_DICE_DICE_CONFIG_H_
diff --git a/include/dice/config/mbedtls_ecdsa_p256/dice/config.h b/include/dice/config/mbedtls_ecdsa_p256/dice/config.h
index 6d43fe4..107e4d5 100644
--- a/include/dice/config/mbedtls_ecdsa_p256/dice/config.h
+++ b/include/dice/config/mbedtls_ecdsa_p256/dice/config.h
@@ -19,5 +19,6 @@
#define DICE_PUBLIC_KEY_SIZE 33
#define DICE_PRIVATE_KEY_SIZE 32
#define DICE_SIGNATURE_SIZE 64
+#define DICE_PROFILE_NAME "openssl.example.p256"
#endif // DICE_CONFIG_MBEDTLS_ECDSA_P256_DICE_DICE_CONFIG_H_
diff --git a/include/dice/config/standalone/dice/config.h b/include/dice/config/standalone/dice/config.h
index d5c2520..d71ec76 100644
--- a/include/dice/config/standalone/dice/config.h
+++ b/include/dice/config/standalone/dice/config.h
@@ -22,5 +22,6 @@
#define DICE_PUBLIC_KEY_SIZE 1
#define DICE_PRIVATE_KEY_SIZE 1
#define DICE_SIGNATURE_SIZE 1
+#define DICE_PROFILE_NAME NULL
#endif // DICE_CONFIG_STANDALONE_DICE_CONFIG_H_
diff --git a/include/dice/known_test_values.h b/include/dice/known_test_values.h
index cb0925b..a74ed1d 100644
--- a/include/dice/known_test_values.h
+++ b/include/dice/known_test_values.h
@@ -179,7 +179,7 @@
// X509v3 Basic Constraints: critical
// CA:TRUE
// 1.3.6.1.4.1.11129.2.1.24: critical
-// 0:d=0 hl=3 l= 209 cons: SEQUENCE
+// 0:d=0 hl=3 l= 233 cons: SEQUENCE
// 3:d=1 hl=2 l= 66 cons: cont [ 0 ]
// 5:d=2 hl=2 l= 64 prim: OCTET STRING
// 0000 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
@@ -200,15 +200,17 @@
// 0030 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
// 207:d=1 hl=2 l= 3 cons: cont [ 6 ]
// 209:d=2 hl=2 l= 1 prim: ENUMERATED :00
+// 212:d=1 hl=2 l= 22 cons: cont [ 7 ]
+// 214:d=2 hl=2 l= 20 prim: UTF8STRING :openssl.example.p256
//
// Signature Algorithm: ecdsa-with-SHA512
// Signature Value:
-// 30:44:02:20:5c:20:d4:32:af:59:4b:44:fc:49:e5:d4:5d:b6:
-// fe:9c:ac:55:02:74:8b:66:c8:8c:f5:9a:70:8a:97:3c:bc:e0:
-// 02:20:66:83:d1:78:8c:75:44:83:90:c7:1e:d7:4c:98:1f:10:
-// 7f:14:6a:45:c0:1c:48:99:ce:6e:8f:6d:d3:dc:f3:93
-constexpr uint8_t kExpectedX509P256Cert_ZeroInput[705] = {
- 0x30, 0x82, 0x02, 0xbd, 0x30, 0x82, 0x02, 0x62, 0xa0, 0x03, 0x02, 0x01,
+// 30:46:02:21:00:a8:d1:e1:d1:7b:89:bf:a3:f1:8c:fa:43:fa:
+// 77:bf:83:ef:28:cb:54:d1:f5:29:e4:f3:05:99:e2:7a:d0:33:
+// 13:02:21:00:d7:9c:82:91:6b:a0:ca:70:48:76:03:95:1c:a4:
+// 6d:f0:44:ed:ba:02:2d:9a:e4:bf:f2:92:f6:78:ce:08:01:26
+constexpr uint8_t kExpectedX509P256Cert_ZeroInput[731] = {
+ 0x30, 0x82, 0x02, 0xd7, 0x30, 0x82, 0x02, 0x7a, 0xa0, 0x03, 0x02, 0x01,
0x02, 0x02, 0x14, 0x7c, 0x7d, 0xc0, 0xa3, 0xc1, 0xe7, 0x8d, 0x4e, 0x68,
0xbc, 0xc1, 0xa2, 0x32, 0x9e, 0xf9, 0x1c, 0xa8, 0x12, 0x44, 0x91, 0x30,
0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04, 0x05,
@@ -231,7 +233,7 @@
0x06, 0x02, 0xae, 0xc2, 0x69, 0x54, 0x1c, 0x6b, 0xe7, 0xeb, 0x40, 0x19,
0xab, 0x55, 0xc6, 0x6b, 0xc8, 0x8b, 0xb8, 0xb4, 0x69, 0xad, 0x7e, 0xe8,
0x58, 0x9e, 0x07, 0xd2, 0xf8, 0xbc, 0x88, 0x8e, 0xb3, 0x11, 0xc2, 0xdf,
- 0x97, 0x3b, 0x1b, 0x4a, 0xa3, 0x82, 0x01, 0x4e, 0x30, 0x82, 0x01, 0x4a,
+ 0x97, 0x3b, 0x1b, 0x4a, 0xa3, 0x82, 0x01, 0x66, 0x30, 0x82, 0x01, 0x62,
0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80,
0x14, 0x4c, 0x51, 0x4d, 0x88, 0xdb, 0x0f, 0x81, 0xd5, 0x7b, 0xeb, 0x96,
0x17, 0x7e, 0x3d, 0x7e, 0xa4, 0xaa, 0x58, 0x1e, 0x66, 0x30, 0x1d, 0x06,
@@ -240,9 +242,9 @@
0xa8, 0x12, 0x44, 0x91, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01,
0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x04, 0x30, 0x0f, 0x06, 0x03,
0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01,
- 0xff, 0x30, 0x81, 0xe6, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6,
- 0x79, 0x02, 0x01, 0x18, 0x01, 0x01, 0xff, 0x04, 0x81, 0xd4, 0x30, 0x81,
- 0xd1, 0xa0, 0x42, 0x04, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0xff, 0x30, 0x81, 0xfe, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6,
+ 0x79, 0x02, 0x01, 0x18, 0x01, 0x01, 0xff, 0x04, 0x81, 0xec, 0x30, 0x81,
+ 0xe9, 0xa0, 0x42, 0x04, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -259,14 +261,16 @@
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0xa6, 0x03, 0x0a, 0x01, 0x00, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86,
- 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04, 0x05, 0x00, 0x03, 0x47, 0x00, 0x30,
- 0x44, 0x02, 0x20, 0x5c, 0x20, 0xd4, 0x32, 0xaf, 0x59, 0x4b, 0x44, 0xfc,
- 0x49, 0xe5, 0xd4, 0x5d, 0xb6, 0xfe, 0x9c, 0xac, 0x55, 0x02, 0x74, 0x8b,
- 0x66, 0xc8, 0x8c, 0xf5, 0x9a, 0x70, 0x8a, 0x97, 0x3c, 0xbc, 0xe0, 0x02,
- 0x20, 0x66, 0x83, 0xd1, 0x78, 0x8c, 0x75, 0x44, 0x83, 0x90, 0xc7, 0x1e,
- 0xd7, 0x4c, 0x98, 0x1f, 0x10, 0x7f, 0x14, 0x6a, 0x45, 0xc0, 0x1c, 0x48,
- 0x99, 0xce, 0x6e, 0x8f, 0x6d, 0xd3, 0xdc, 0xf3, 0x93};
+ 0x00, 0xa6, 0x03, 0x0a, 0x01, 0x00, 0xa7, 0x16, 0x0c, 0x14, 0x6f, 0x70,
+ 0x65, 0x6e, 0x73, 0x73, 0x6c, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c,
+ 0x65, 0x2e, 0x70, 0x32, 0x35, 0x36, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86,
+ 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04, 0x05, 0x00, 0x03, 0x49, 0x00, 0x30,
+ 0x46, 0x02, 0x21, 0x00, 0xa8, 0xd1, 0xe1, 0xd1, 0x7b, 0x89, 0xbf, 0xa3,
+ 0xf1, 0x8c, 0xfa, 0x43, 0xfa, 0x77, 0xbf, 0x83, 0xef, 0x28, 0xcb, 0x54,
+ 0xd1, 0xf5, 0x29, 0xe4, 0xf3, 0x05, 0x99, 0xe2, 0x7a, 0xd0, 0x33, 0x13,
+ 0x02, 0x21, 0x00, 0xd7, 0x9c, 0x82, 0x91, 0x6b, 0xa0, 0xca, 0x70, 0x48,
+ 0x76, 0x03, 0x95, 0x1c, 0xa4, 0x6d, 0xf0, 0x44, 0xed, 0xba, 0x02, 0x2d,
+ 0x9a, 0xe4, 0xbf, 0xf2, 0x92, 0xf6, 0x78, 0xce, 0x08, 0x01, 0x26};
constexpr uint8_t kExpectedX509P384Cert_ZeroInput[0] = {};
@@ -311,8 +315,8 @@
constexpr uint8_t kExpectedCborP256Cert_ZeroInput[0] = {};
-constexpr uint8_t kExpectedCborP384Cert_ZeroInput[542] = {
- 0x84, 0x44, 0xa1, 0x01, 0x38, 0x22, 0xa0, 0x59, 0x01, 0xb2, 0xa8, 0x01,
+constexpr uint8_t kExpectedCborP384Cert_ZeroInput[569] = {
+ 0x84, 0x44, 0xa1, 0x01, 0x38, 0x22, 0xa0, 0x59, 0x01, 0xcd, 0xa9, 0x01,
0x78, 0x28, 0x30, 0x34, 0x63, 0x32, 0x36, 0x35, 0x66, 0x65, 0x30, 0x36,
0x66, 0x66, 0x32, 0x33, 0x30, 0x65, 0x33, 0x39, 0x62, 0x36, 0x33, 0x32,
0x32, 0x65, 0x65, 0x61, 0x39, 0x65, 0x30, 0x31, 0x30, 0x37, 0x31, 0x31,
@@ -349,15 +353,17 @@
0xfc, 0xe0, 0x3c, 0xdc, 0x5d, 0x1b, 0x58, 0x16, 0x69, 0xdd, 0x44, 0x24,
0x67, 0xbf, 0x21, 0xd7, 0x47, 0xf3, 0x13, 0xd1, 0x47, 0x6c, 0x4b, 0xd3,
0x05, 0xb5, 0x29, 0xa0, 0xf1, 0x3a, 0x00, 0x47, 0x44, 0x58, 0x41, 0x20,
- 0x58, 0x60, 0x2b, 0xe7, 0xe6, 0xee, 0xd2, 0x40, 0xa4, 0xf6, 0x2b, 0x30,
- 0xda, 0x0d, 0x60, 0x89, 0xa4, 0x0c, 0x99, 0xa6, 0x95, 0x85, 0x77, 0xae,
- 0xe8, 0x7f, 0xcd, 0x66, 0x81, 0xca, 0xd1, 0x5c, 0x56, 0xcf, 0x62, 0x05,
- 0xa8, 0xb8, 0x66, 0x66, 0x46, 0x39, 0xc7, 0x9a, 0x7a, 0x47, 0xe4, 0x64,
- 0xee, 0x36, 0xd9, 0x40, 0x8d, 0xd4, 0x88, 0x82, 0xbf, 0x24, 0x70, 0x56,
- 0x03, 0x23, 0x6a, 0x45, 0x39, 0x38, 0xa2, 0xdd, 0x02, 0x18, 0x7e, 0x72,
- 0x89, 0xe5, 0xf9, 0x38, 0xfe, 0xef, 0x50, 0xf4, 0x31, 0xae, 0xb4, 0xbe,
- 0x33, 0xb2, 0x22, 0xd4, 0x34, 0x16, 0xa6, 0x53, 0x49, 0xe1, 0x54, 0x1a,
- 0x9d, 0x3e};
+ 0x3a, 0x00, 0x47, 0x44, 0x59, 0x75, 0x6f, 0x70, 0x65, 0x6e, 0x64, 0x69,
+ 0x63, 0x65, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x70,
+ 0x33, 0x38, 0x34, 0x58, 0x60, 0x19, 0x40, 0xb7, 0x32, 0x81, 0xdd, 0x03,
+ 0x7b, 0x0f, 0x35, 0xd2, 0x5a, 0x01, 0x85, 0x5b, 0xbc, 0xea, 0xb4, 0x0d,
+ 0x83, 0xec, 0x6a, 0x33, 0x6d, 0x2d, 0xa0, 0x7d, 0xa6, 0x2e, 0xe8, 0x64,
+ 0xdc, 0x51, 0x71, 0xa0, 0x76, 0x3e, 0x5b, 0x4e, 0xee, 0x4a, 0xa1, 0x1a,
+ 0xd2, 0xd4, 0xaf, 0x38, 0x86, 0xa7, 0xd8, 0x62, 0xce, 0x55, 0xdc, 0x14,
+ 0x8c, 0x08, 0xda, 0xcb, 0x0a, 0x82, 0x1f, 0x89, 0x6e, 0x75, 0x08, 0xa1,
+ 0x14, 0xe8, 0x74, 0xdf, 0xf9, 0x01, 0x6b, 0x1b, 0x69, 0xb5, 0xba, 0x6e,
+ 0xec, 0x4b, 0x27, 0x04, 0xcf, 0xff, 0x5f, 0x07, 0xbe, 0x60, 0xf2, 0x8d,
+ 0x07, 0x4a, 0xe6, 0xa1, 0xa3};
constexpr uint8_t kExpectedCdiAttest_HashOnlyInput[32] = {
0x08, 0x4e, 0xf4, 0x06, 0xc6, 0x9b, 0xa7, 0x4b, 0x1e, 0x24, 0xd0,
@@ -515,7 +521,7 @@
// X509v3 Basic Constraints: critical
// CA:TRUE
// 1.3.6.1.4.1.11129.2.1.24: critical
-// 0:d=0 hl=3 l= 209 cons: SEQUENCE
+// 0:d=0 hl=3 l= 233 cons: SEQUENCE
// 3:d=1 hl=2 l= 66 cons: cont [ 0 ]
// 5:d=2 hl=2 l= 64 prim: OCTET STRING
// 0000 - b7 d4 0c cb 22 5b a5 78-8f 98 ff 9e 86 93 75 f6 ...."[.x......u.
@@ -536,15 +542,17 @@
// 0030 - 94 4f be 1b 21 f9 cc 23-73 41 b6 b9 b6 98 d0 bc .O..!..#sA......
// 207:d=1 hl=2 l= 3 cons: cont [ 6 ]
// 209:d=2 hl=2 l= 1 prim: ENUMERATED :00
+// 212:d=1 hl=2 l= 22 cons: cont [ 7 ]
+// 214:d=2 hl=2 l= 20 prim: UTF8STRING :openssl.example.p256
//
// Signature Algorithm: ecdsa-with-SHA512
// Signature Value:
-// 30:46:02:21:00:d0:ff:60:84:d4:74:47:eb:f4:29:86:c5:2a:
-// 12:01:f9:7e:5b:ab:fd:fe:d3:11:75:bc:26:63:71:57:2b:b1:
-// c8:02:21:00:e0:16:72:65:b0:4a:92:ca:c6:c9:e2:0f:50:f0:
-// 1c:70:01:64:a7:8d:7d:51:e9:59:fe:e6:7f:31:28:30:04:04
-constexpr uint8_t kExpectedX509P256Cert_HashOnlyInput[707] = {
- 0x30, 0x82, 0x02, 0xbf, 0x30, 0x82, 0x02, 0x62, 0xa0, 0x03, 0x02, 0x01,
+// 30:44:02:20:2a:d1:3e:6f:ee:42:e2:d0:64:b8:1c:bd:de:fe:
+// 49:2f:2e:4f:80:3c:66:52:05:95:2a:d9:87:7a:6d:47:44:bf:
+// 02:20:6e:1c:5a:a0:62:00:17:61:f9:c3:93:17:72:1a:ce:28:
+// 3d:c7:7d:35:22:de:b3:d6:3d:b2:6e:75:c9:f0:c1:73
+constexpr uint8_t kExpectedX509P256Cert_HashOnlyInput[729] = {
+ 0x30, 0x82, 0x02, 0xd5, 0x30, 0x82, 0x02, 0x7a, 0xa0, 0x03, 0x02, 0x01,
0x02, 0x02, 0x14, 0x68, 0x49, 0x58, 0xd9, 0xae, 0xa7, 0x2e, 0xbf, 0x7c,
0x06, 0xaf, 0x20, 0x03, 0xb6, 0x44, 0x47, 0x82, 0x4a, 0x62, 0x71, 0x30,
0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04, 0x05,
@@ -567,7 +575,7 @@
0xfb, 0x6d, 0x57, 0x18, 0xfc, 0x8f, 0x6f, 0x0b, 0x09, 0x1a, 0x19, 0xea,
0x10, 0x7e, 0xa9, 0x38, 0xf4, 0x45, 0x33, 0xc1, 0x66, 0x5b, 0xbc, 0xfc,
0x0a, 0x6e, 0x98, 0x99, 0x72, 0x88, 0xc1, 0xad, 0x0e, 0x15, 0xc2, 0x85,
- 0x77, 0x75, 0x00, 0x0b, 0xa3, 0x82, 0x01, 0x4e, 0x30, 0x82, 0x01, 0x4a,
+ 0x77, 0x75, 0x00, 0x0b, 0xa3, 0x82, 0x01, 0x66, 0x30, 0x82, 0x01, 0x62,
0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80,
0x14, 0x1b, 0xe5, 0x68, 0x79, 0x33, 0xdb, 0x3d, 0x9c, 0xd5, 0xfc, 0xa7,
0x29, 0xe8, 0x1d, 0x66, 0x85, 0x46, 0x5a, 0x7b, 0xf1, 0x30, 0x1d, 0x06,
@@ -576,9 +584,9 @@
0x82, 0x4a, 0x62, 0x71, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01,
0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x04, 0x30, 0x0f, 0x06, 0x03,
0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01,
- 0xff, 0x30, 0x81, 0xe6, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6,
- 0x79, 0x02, 0x01, 0x18, 0x01, 0x01, 0xff, 0x04, 0x81, 0xd4, 0x30, 0x81,
- 0xd1, 0xa0, 0x42, 0x04, 0x40, 0xb7, 0xd4, 0x0c, 0xcb, 0x22, 0x5b, 0xa5,
+ 0xff, 0x30, 0x81, 0xfe, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6,
+ 0x79, 0x02, 0x01, 0x18, 0x01, 0x01, 0xff, 0x04, 0x81, 0xec, 0x30, 0x81,
+ 0xe9, 0xa0, 0x42, 0x04, 0x40, 0xb7, 0xd4, 0x0c, 0xcb, 0x22, 0x5b, 0xa5,
0x78, 0x8f, 0x98, 0xff, 0x9e, 0x86, 0x93, 0x75, 0xf6, 0x90, 0xac, 0x50,
0xcf, 0x9e, 0xbd, 0x0a, 0xfe, 0xb1, 0xd9, 0xc2, 0x4e, 0x52, 0x19, 0xe4,
0xde, 0x29, 0xe5, 0x61, 0xf3, 0xf9, 0x29, 0xe8, 0x40, 0x87, 0x7a, 0xdd,
@@ -595,14 +603,16 @@
0x6a, 0x4e, 0x36, 0xd7, 0x6a, 0x61, 0x39, 0x08, 0x21, 0xd4, 0xfe, 0x92,
0x5f, 0x36, 0x2d, 0xeb, 0x5d, 0xbb, 0x32, 0x8b, 0xe3, 0x94, 0x4f, 0xbe,
0x1b, 0x21, 0xf9, 0xcc, 0x23, 0x73, 0x41, 0xb6, 0xb9, 0xb6, 0x98, 0xd0,
- 0xbc, 0xa6, 0x03, 0x0a, 0x01, 0x00, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86,
- 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04, 0x05, 0x00, 0x03, 0x49, 0x00, 0x30,
- 0x46, 0x02, 0x21, 0x00, 0xd0, 0xff, 0x60, 0x84, 0xd4, 0x74, 0x47, 0xeb,
- 0xf4, 0x29, 0x86, 0xc5, 0x2a, 0x12, 0x01, 0xf9, 0x7e, 0x5b, 0xab, 0xfd,
- 0xfe, 0xd3, 0x11, 0x75, 0xbc, 0x26, 0x63, 0x71, 0x57, 0x2b, 0xb1, 0xc8,
- 0x02, 0x21, 0x00, 0xe0, 0x16, 0x72, 0x65, 0xb0, 0x4a, 0x92, 0xca, 0xc6,
- 0xc9, 0xe2, 0x0f, 0x50, 0xf0, 0x1c, 0x70, 0x01, 0x64, 0xa7, 0x8d, 0x7d,
- 0x51, 0xe9, 0x59, 0xfe, 0xe6, 0x7f, 0x31, 0x28, 0x30, 0x04, 0x04};
+ 0xbc, 0xa6, 0x03, 0x0a, 0x01, 0x00, 0xa7, 0x16, 0x0c, 0x14, 0x6f, 0x70,
+ 0x65, 0x6e, 0x73, 0x73, 0x6c, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c,
+ 0x65, 0x2e, 0x70, 0x32, 0x35, 0x36, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86,
+ 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04, 0x05, 0x00, 0x03, 0x47, 0x00, 0x30,
+ 0x44, 0x02, 0x20, 0x2a, 0xd1, 0x3e, 0x6f, 0xee, 0x42, 0xe2, 0xd0, 0x64,
+ 0xb8, 0x1c, 0xbd, 0xde, 0xfe, 0x49, 0x2f, 0x2e, 0x4f, 0x80, 0x3c, 0x66,
+ 0x52, 0x05, 0x95, 0x2a, 0xd9, 0x87, 0x7a, 0x6d, 0x47, 0x44, 0xbf, 0x02,
+ 0x20, 0x6e, 0x1c, 0x5a, 0xa0, 0x62, 0x00, 0x17, 0x61, 0xf9, 0xc3, 0x93,
+ 0x17, 0x72, 0x1a, 0xce, 0x28, 0x3d, 0xc7, 0x7d, 0x35, 0x22, 0xde, 0xb3,
+ 0xd6, 0x3d, 0xb2, 0x6e, 0x75, 0xc9, 0xf0, 0xc1, 0x73};
constexpr uint8_t kExpectedX509P384Cert_HashOnlyInput[0] = {};
@@ -647,8 +657,8 @@
constexpr uint8_t kExpectedCborP256Cert_HashOnlyInput[0] = {};
-constexpr uint8_t kExpectedCborP384Cert_HashOnlyInput[542] = {
- 0x84, 0x44, 0xa1, 0x01, 0x38, 0x22, 0xa0, 0x59, 0x01, 0xb2, 0xa8, 0x01,
+constexpr uint8_t kExpectedCborP384Cert_HashOnlyInput[569] = {
+ 0x84, 0x44, 0xa1, 0x01, 0x38, 0x22, 0xa0, 0x59, 0x01, 0xcd, 0xa9, 0x01,
0x78, 0x28, 0x35, 0x64, 0x38, 0x62, 0x36, 0x62, 0x65, 0x37, 0x63, 0x65,
0x33, 0x65, 0x64, 0x65, 0x36, 0x61, 0x32, 0x34, 0x31, 0x38, 0x30, 0x31,
0x34, 0x35, 0x32, 0x33, 0x65, 0x36, 0x63, 0x39, 0x64, 0x63, 0x38, 0x37,
@@ -685,15 +695,17 @@
0x5c, 0x90, 0xfb, 0x4b, 0x6d, 0x96, 0x42, 0x77, 0xe2, 0xf6, 0x58, 0x3d,
0x37, 0xa7, 0x3d, 0x2e, 0xca, 0xd1, 0x2c, 0xa4, 0xd4, 0xa7, 0xaf, 0x25,
0xc3, 0xb2, 0xe7, 0x34, 0xf5, 0x3a, 0x00, 0x47, 0x44, 0x58, 0x41, 0x20,
- 0x58, 0x60, 0xd3, 0xbc, 0x6f, 0x53, 0x2c, 0x6a, 0x35, 0x3b, 0x2d, 0x7c,
- 0x4f, 0x1e, 0x1f, 0x06, 0xcf, 0x52, 0x87, 0xc2, 0xbe, 0x1c, 0x2c, 0xd1,
- 0x12, 0xd8, 0x13, 0x8e, 0xe4, 0xc8, 0x15, 0x65, 0x89, 0x97, 0xba, 0xc4,
- 0x80, 0xd2, 0xaf, 0xd2, 0xd0, 0xf8, 0x4b, 0xa1, 0xf6, 0x24, 0x5a, 0xd2,
- 0x25, 0x59, 0x7e, 0xb5, 0x6d, 0xe2, 0xae, 0x0a, 0x37, 0x4d, 0x50, 0x31,
- 0x8e, 0xc3, 0x21, 0xee, 0xf4, 0xf6, 0x7f, 0x16, 0xfd, 0xa3, 0x06, 0x27,
- 0x56, 0x0f, 0x74, 0xb7, 0xf8, 0x4c, 0xba, 0xb0, 0xc5, 0x93, 0xce, 0xe3,
- 0x24, 0x9c, 0x04, 0xdb, 0xac, 0x26, 0x14, 0xc6, 0x05, 0x04, 0xdb, 0x49,
- 0x5f, 0xe0};
+ 0x3a, 0x00, 0x47, 0x44, 0x59, 0x75, 0x6f, 0x70, 0x65, 0x6e, 0x64, 0x69,
+ 0x63, 0x65, 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x70,
+ 0x33, 0x38, 0x34, 0x58, 0x60, 0x08, 0x82, 0x40, 0x67, 0xcb, 0x0b, 0x5d,
+ 0x98, 0x3b, 0x7b, 0xf0, 0x9c, 0x5f, 0x32, 0x47, 0xb4, 0x5d, 0xb9, 0x7a,
+ 0xce, 0x1c, 0x55, 0x35, 0xc2, 0x18, 0x2d, 0xcb, 0x4b, 0xc1, 0xa7, 0xd2,
+ 0xfa, 0x1e, 0x17, 0xa9, 0x61, 0xd5, 0x2a, 0x9f, 0x8c, 0x8e, 0x72, 0xc7,
+ 0x60, 0x2e, 0x11, 0x59, 0x3a, 0xe9, 0x7d, 0x90, 0x00, 0x03, 0x67, 0xb7,
+ 0x17, 0xc1, 0x95, 0x07, 0x04, 0xec, 0x81, 0x11, 0x21, 0x19, 0x4b, 0x22,
+ 0x35, 0xbe, 0x93, 0xc8, 0xb8, 0x78, 0xb5, 0x16, 0xb9, 0x6e, 0x7b, 0xf6,
+ 0x50, 0xe8, 0xf4, 0x81, 0xc2, 0xf4, 0x1c, 0x4b, 0xe2, 0x8d, 0x9d, 0x80,
+ 0xcb, 0x34, 0x15, 0xc5, 0x63};
constexpr uint8_t kExpectedCdiAttest_DescriptorInput[32] = {
0x20, 0xd5, 0x0c, 0x68, 0x5a, 0xd9, 0xe2, 0xdf, 0x77, 0x60, 0x78,
@@ -890,7 +902,7 @@
// X509v3 Basic Constraints: critical
// CA:TRUE
// 1.3.6.1.4.1.11129.2.1.24: critical
-// 0:d=0 hl=4 l= 426 cons: SEQUENCE
+// 0:d=0 hl=4 l= 450 cons: SEQUENCE
// 4:d=1 hl=2 l= 66 cons: cont [ 0 ]
// 6:d=2 hl=2 l= 64 prim: OCTET STRING
// 0000 - b7 d4 0c cb 22 5b a5 78-8f 98 ff 9e 86 93 75 f6 ...."[.x......u.
@@ -932,15 +944,17 @@
// 0040 - a2 .
// 425:d=1 hl=2 l= 3 cons: cont [ 6 ]
// 427:d=2 hl=2 l= 1 prim: ENUMERATED :00
+// 430:d=1 hl=2 l= 22 cons: cont [ 7 ]
+// 432:d=2 hl=2 l= 20 prim: UTF8STRING :openssl.example.p256
//
// Signature Algorithm: ecdsa-with-SHA512
// Signature Value:
-// 30:46:02:21:00:a9:57:7d:ac:e0:80:8e:1c:7a:e1:4d:7d:2a:
-// 52:d2:5e:fb:5a:7d:45:1e:fa:67:17:04:9e:b3:05:c2:34:f0:
-// 7a:02:21:00:b7:3a:31:25:ae:1d:2b:06:8b:ba:44:d9:3a:bf:
-// 8b:e2:3f:89:e2:a6:14:0c:fa:c2:b1:dd:0c:0a:78:ac:60:19
-constexpr uint8_t kExpectedX509P256Cert_DescriptorInput[927] = {
- 0x30, 0x82, 0x03, 0x9b, 0x30, 0x82, 0x03, 0x3e, 0xa0, 0x03, 0x02, 0x01,
+// 30:45:02:20:4f:55:9a:0c:2a:48:d5:51:fe:a1:b9:40:e7:95:
+// 97:d0:48:0a:de:71:bf:aa:19:5f:51:3d:d9:4c:df:a8:69:a8:
+// 02:21:00:d4:8c:28:58:8e:3c:4e:b6:98:76:24:2b:92:c5:8c:
+// 42:8c:88:a7:58:35:3d:b5:0e:18:a5:6f:2d:d3:0c:4c:33
+constexpr uint8_t kExpectedX509P256Cert_DescriptorInput[950] = {
+ 0x30, 0x82, 0x03, 0xb2, 0x30, 0x82, 0x03, 0x56, 0xa0, 0x03, 0x02, 0x01,
0x02, 0x02, 0x14, 0x2c, 0x0d, 0xe9, 0x55, 0xc4, 0xfa, 0x08, 0x2c, 0x2c,
0x3a, 0x0b, 0x40, 0x66, 0x59, 0xaf, 0xa1, 0xc1, 0xc0, 0x84, 0x6c, 0x30,
0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04, 0x05,
@@ -963,7 +977,7 @@
0x9b, 0x27, 0xf3, 0x87, 0x97, 0xb3, 0xe7, 0x36, 0xe6, 0x42, 0x87, 0x8c,
0x72, 0xde, 0xf7, 0xaf, 0x2d, 0xc6, 0x23, 0x00, 0xb1, 0x2b, 0x4e, 0x1c,
0xf3, 0xaf, 0x67, 0xf0, 0x9b, 0x88, 0x40, 0x79, 0x3b, 0x09, 0x78, 0x30,
- 0x51, 0x65, 0x38, 0x61, 0xa3, 0x82, 0x02, 0x2a, 0x30, 0x82, 0x02, 0x26,
+ 0x51, 0x65, 0x38, 0x61, 0xa3, 0x82, 0x02, 0x42, 0x30, 0x82, 0x02, 0x3e,
0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80,
0x14, 0x1b, 0xe5, 0x68, 0x79, 0x33, 0xdb, 0x3d, 0x9c, 0xd5, 0xfc, 0xa7,
0x29, 0xe8, 0x1d, 0x66, 0x85, 0x46, 0x5a, 0x7b, 0xf1, 0x30, 0x1d, 0x06,
@@ -972,9 +986,9 @@
0xc1, 0xc0, 0x84, 0x6c, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01,
0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x04, 0x30, 0x0f, 0x06, 0x03,
0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01,
- 0xff, 0x30, 0x82, 0x01, 0xc1, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01,
- 0xd6, 0x79, 0x02, 0x01, 0x18, 0x01, 0x01, 0xff, 0x04, 0x82, 0x01, 0xae,
- 0x30, 0x82, 0x01, 0xaa, 0xa0, 0x42, 0x04, 0x40, 0xb7, 0xd4, 0x0c, 0xcb,
+ 0xff, 0x30, 0x82, 0x01, 0xd9, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01,
+ 0xd6, 0x79, 0x02, 0x01, 0x18, 0x01, 0x01, 0xff, 0x04, 0x82, 0x01, 0xc6,
+ 0x30, 0x82, 0x01, 0xc2, 0xa0, 0x42, 0x04, 0x40, 0xb7, 0xd4, 0x0c, 0xcb,
0x22, 0x5b, 0xa5, 0x78, 0x8f, 0x98, 0xff, 0x9e, 0x86, 0x93, 0x75, 0xf6,
0x90, 0xac, 0x50, 0xcf, 0x9e, 0xbd, 0x0a, 0xfe, 0xb1, 0xd9, 0xc2, 0x4e,
0x52, 0x19, 0xe4, 0xde, 0x29, 0xe5, 0x61, 0xf3, 0xf9, 0x29, 0xe8, 0x40,
@@ -1009,15 +1023,17 @@
0x11, 0x2d, 0x08, 0x4d, 0x7c, 0x39, 0x76, 0xdc, 0x73, 0xe7, 0x1c, 0x16,
0x62, 0xd5, 0x59, 0xd7, 0x49, 0x2b, 0x6a, 0xa2, 0x36, 0x67, 0x57, 0xd1,
0xf2, 0xf9, 0xaf, 0x13, 0xd7, 0xa3, 0xe4, 0xd3, 0x39, 0x5b, 0x02, 0x78,
- 0xb1, 0xe0, 0x09, 0x70, 0xa2, 0xa6, 0x03, 0x0a, 0x01, 0x00, 0x30, 0x0c,
+ 0xb1, 0xe0, 0x09, 0x70, 0xa2, 0xa6, 0x03, 0x0a, 0x01, 0x00, 0xa7, 0x16,
+ 0x0c, 0x14, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x73, 0x6c, 0x2e, 0x65, 0x78,
+ 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x70, 0x32, 0x35, 0x36, 0x30, 0x0c,
0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04, 0x05, 0x00,
- 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xa9, 0x57, 0x7d, 0xac,
- 0xe0, 0x80, 0x8e, 0x1c, 0x7a, 0xe1, 0x4d, 0x7d, 0x2a, 0x52, 0xd2, 0x5e,
- 0xfb, 0x5a, 0x7d, 0x45, 0x1e, 0xfa, 0x67, 0x17, 0x04, 0x9e, 0xb3, 0x05,
- 0xc2, 0x34, 0xf0, 0x7a, 0x02, 0x21, 0x00, 0xb7, 0x3a, 0x31, 0x25, 0xae,
- 0x1d, 0x2b, 0x06, 0x8b, 0xba, 0x44, 0xd9, 0x3a, 0xbf, 0x8b, 0xe2, 0x3f,
- 0x89, 0xe2, 0xa6, 0x14, 0x0c, 0xfa, 0xc2, 0xb1, 0xdd, 0x0c, 0x0a, 0x78,
- 0xac, 0x60, 0x19};
+ 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x20, 0x4f, 0x55, 0x9a, 0x0c, 0x2a,
+ 0x48, 0xd5, 0x51, 0xfe, 0xa1, 0xb9, 0x40, 0xe7, 0x95, 0x97, 0xd0, 0x48,
+ 0x0a, 0xde, 0x71, 0xbf, 0xaa, 0x19, 0x5f, 0x51, 0x3d, 0xd9, 0x4c, 0xdf,
+ 0xa8, 0x69, 0xa8, 0x02, 0x21, 0x00, 0xd4, 0x8c, 0x28, 0x58, 0x8e, 0x3c,
+ 0x4e, 0xb6, 0x98, 0x76, 0x24, 0x2b, 0x92, 0xc5, 0x8c, 0x42, 0x8c, 0x88,
+ 0xa7, 0x58, 0x35, 0x3d, 0xb5, 0x0e, 0x18, 0xa5, 0x6f, 0x2d, 0xd3, 0x0c,
+ 0x4c, 0x33};
constexpr uint8_t kExpectedX509P384Cert_DescriptorInput[0] = {};
@@ -1081,8 +1097,8 @@
constexpr uint8_t kExpectedCborP256Cert_DescriptorInput[0] = {};
-constexpr uint8_t kExpectedCborP384Cert_DescriptorInput[768] = {
- 0x84, 0x44, 0xa1, 0x01, 0x38, 0x22, 0xa0, 0x59, 0x02, 0x94, 0xab, 0x01,
+constexpr uint8_t kExpectedCborP384Cert_DescriptorInput[795] = {
+ 0x84, 0x44, 0xa1, 0x01, 0x38, 0x22, 0xa0, 0x59, 0x02, 0xaf, 0xac, 0x01,
0x78, 0x28, 0x35, 0x64, 0x38, 0x62, 0x36, 0x62, 0x65, 0x37, 0x63, 0x65,
0x33, 0x65, 0x64, 0x65, 0x36, 0x61, 0x32, 0x34, 0x31, 0x38, 0x30, 0x31,
0x34, 0x35, 0x32, 0x33, 0x65, 0x36, 0x63, 0x39, 0x64, 0x63, 0x38, 0x37,
@@ -1137,15 +1153,18 @@
0x1a, 0xc2, 0x29, 0xb5, 0x80, 0x2f, 0x7b, 0x2b, 0x0a, 0x27, 0x96, 0xb3,
0xb2, 0xc1, 0xc6, 0x6f, 0xb4, 0x16, 0xa4, 0x78, 0x76, 0x73, 0x6f, 0xcb,
0xf5, 0x7d, 0x26, 0xc2, 0x37, 0xe9, 0x58, 0x98, 0xeb, 0xef, 0x11, 0x7c,
- 0x8d, 0x1d, 0x4b, 0x3a, 0x00, 0x47, 0x44, 0x58, 0x41, 0x20, 0x58, 0x60,
- 0x6d, 0x1f, 0xb6, 0xd3, 0x9f, 0xfa, 0xaa, 0x73, 0xcf, 0x2d, 0x59, 0x99,
- 0x9d, 0xef, 0x0f, 0x20, 0xc4, 0xeb, 0x31, 0x99, 0xa8, 0x9c, 0xae, 0xeb,
- 0x85, 0x02, 0x34, 0x51, 0x24, 0x1a, 0x68, 0xc9, 0xfd, 0x87, 0xfd, 0x3d,
- 0xc8, 0xe4, 0x88, 0x16, 0x8a, 0x31, 0x67, 0xa5, 0x95, 0xec, 0x2d, 0x4d,
- 0x41, 0x08, 0x52, 0x3c, 0x26, 0x44, 0x3f, 0xca, 0xc8, 0xa3, 0x79, 0xc5,
- 0x56, 0x40, 0xc0, 0x62, 0x0d, 0x5c, 0xd4, 0xcf, 0x69, 0x22, 0x05, 0x94,
- 0xf2, 0x66, 0xcb, 0x1e, 0x8a, 0xdf, 0x98, 0xc4, 0xcd, 0x26, 0x4b, 0xd5,
- 0xc6, 0x3d, 0x08, 0xf5, 0x5a, 0xa7, 0xde, 0x21, 0xbe, 0x5d, 0x04, 0x94};
+ 0x8d, 0x1d, 0x4b, 0x3a, 0x00, 0x47, 0x44, 0x58, 0x41, 0x20, 0x3a, 0x00,
+ 0x47, 0x44, 0x59, 0x75, 0x6f, 0x70, 0x65, 0x6e, 0x64, 0x69, 0x63, 0x65,
+ 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x70, 0x33, 0x38,
+ 0x34, 0x58, 0x60, 0xe4, 0x8c, 0x6b, 0x6b, 0x24, 0xb2, 0xc6, 0x17, 0xcf,
+ 0xfb, 0xb0, 0x8b, 0x28, 0x81, 0x8c, 0xb7, 0xc0, 0xed, 0x46, 0x9d, 0xb7,
+ 0xb6, 0x7f, 0xfd, 0xc6, 0xdd, 0xb8, 0x61, 0xb9, 0x03, 0xbc, 0x66, 0x01,
+ 0xb2, 0x7e, 0x9d, 0x4e, 0x62, 0x7b, 0xb0, 0x41, 0x39, 0x81, 0x7f, 0x30,
+ 0x64, 0x4e, 0x5b, 0x33, 0x22, 0x1c, 0xa4, 0xac, 0x88, 0x33, 0x87, 0xe1,
+ 0x7b, 0x0f, 0xa1, 0x55, 0xaa, 0x8a, 0x4e, 0xbd, 0x50, 0xec, 0xc0, 0x35,
+ 0x28, 0xb4, 0xaa, 0xaa, 0x2a, 0x78, 0x42, 0x5f, 0xcb, 0x76, 0xa7, 0x84,
+ 0xa1, 0xca, 0xf2, 0xda, 0xdb, 0x14, 0x6a, 0x87, 0x05, 0x11, 0xa8, 0xfa,
+ 0x09, 0x30, 0x9c};
} // namespace test
} // namespace dice
diff --git a/src/boringssl_cert_op.c b/src/boringssl_cert_op.c
index 432294c..9ece559 100644
--- a/src/boringssl_cert_op.c
+++ b/src/boringssl_cert_op.c
@@ -17,6 +17,7 @@
// HKDF-SHA512, and Ed25519-SHA512.
#include <stdint.h>
+#include <string.h>
#include "dice/dice.h"
#include "dice/ops.h"
@@ -41,6 +42,7 @@
ASN1_OCTET_STRING* authority_hash;
ASN1_OCTET_STRING* authority_descriptor;
ASN1_ENUMERATED* mode;
+ ASN1_UTF8STRING* profile_name;
} DiceExtensionAsn1;
// clang-format off
@@ -52,6 +54,7 @@
ASN1_EXP_OPT(DiceExtensionAsn1, authority_hash, ASN1_OCTET_STRING, 4),
ASN1_EXP_OPT(DiceExtensionAsn1, authority_descriptor, ASN1_OCTET_STRING, 5),
ASN1_EXP_OPT(DiceExtensionAsn1, mode, ASN1_ENUMERATED, 6),
+ ASN1_EXP_OPT(DiceExtensionAsn1, profile_name, ASN1_UTF8STRING, 7),
} ASN1_SEQUENCE_END(DiceExtensionAsn1)
DECLARE_ASN1_FUNCTIONS(DiceExtensionAsn1)
IMPLEMENT_ASN1_FUNCTIONS(DiceExtensionAsn1)
@@ -426,6 +429,20 @@
goto out;
}
+ // Encode profile name.
+ if (DICE_PROFILE_NAME) {
+ asn1->profile_name = ASN1_UTF8STRING_new();
+ if (!asn1->profile_name) {
+ result = kDiceResultPlatformError;
+ goto out;
+ }
+ if (!ASN1_STRING_set(asn1->profile_name, DICE_PROFILE_NAME,
+ strlen(DICE_PROFILE_NAME))) {
+ result = kDiceResultPlatformError;
+ goto out;
+ }
+ }
+
*actual_size = i2d_DiceExtensionAsn1(asn1, NULL);
if (buffer_size < *actual_size) {
result = kDiceResultBufferTooSmall;
diff --git a/src/cbor_cert_op.c b/src/cbor_cert_op.c
index d0670de..4b6d171 100644
--- a/src/cbor_cert_op.c
+++ b/src/cbor_cert_op.c
@@ -172,6 +172,7 @@
const int64_t kModeLabel = -4670551;
const int64_t kSubjectPublicKeyLabel = -4670552;
const int64_t kKeyUsageLabel = -4670553;
+ const int64_t kProfileNameLabel = -4670554;
// Key usage constant per RFC 5280.
const uint8_t kKeyUsageCertSign = 32;
@@ -188,6 +189,9 @@
if (input_values->authority_descriptor_size > 0) {
map_pairs += 1;
}
+ if (DICE_PROFILE_NAME) {
+ map_pairs += 1;
+ }
struct CborOut out;
CborOutInit(buffer, buffer_size, &out);
@@ -247,6 +251,11 @@
// Add the key usage.
CborWriteInt(kKeyUsageLabel, &out);
CborWriteBstr(/*data_size=*/1, &key_usage, &out);
+ // Add the profile name
+ if (DICE_PROFILE_NAME) {
+ CborWriteInt(kProfileNameLabel, &out);
+ CborWriteTstr(DICE_PROFILE_NAME, &out);
+ }
*encoded_size = CborOutSize(&out);
if (CborOutOverflowed(&out)) {
return kDiceResultBufferTooSmall;
diff --git a/src/mbedtls_ops.c b/src/mbedtls_ops.c
index 4dbf2dd..b3d5e57 100644
--- a/src/mbedtls_ops.c
+++ b/src/mbedtls_ops.c
@@ -151,6 +151,45 @@
}
// Can be used with MBEDTLS_ASN1_CHK_ADD.
+static int WriteExplicitModeField(uint8_t tag, int value, uint8_t** pos,
+ uint8_t* start) {
+ // ASN.1 constants not defined by mbedtls.
+ const uint8_t kEnumTypeTag = 10;
+
+ int ret = 0; // Used by MBEDTLS_ASN1_CHK_ADD.
+ int field_length = 0;
+ MBEDTLS_ASN1_CHK_ADD(field_length, mbedtls_asn1_write_int(pos, start, value));
+ // Overwrite the 'int' type.
+ ++(*pos);
+ --field_length;
+ MBEDTLS_ASN1_CHK_ADD(field_length,
+ mbedtls_asn1_write_tag(pos, start, kEnumTypeTag));
+
+ // Explicitly tagged, so add the field tag too.
+ MBEDTLS_ASN1_CHK_ADD(field_length,
+ mbedtls_asn1_write_len(pos, start, field_length));
+ MBEDTLS_ASN1_CHK_ADD(field_length,
+ mbedtls_asn1_write_tag(pos, start, GetFieldTag(tag)));
+ return field_length;
+}
+
+// Can be used with MBEDTLS_ASN1_CHK_ADD.
+static int WriteExplicitUtf8StringField(uint8_t tag, const void* value,
+ size_t value_size, uint8_t** pos,
+ uint8_t* start) {
+ int ret = 0; // Used by MBEDTLS_ASN1_CHK_ADD.
+ int field_length = 0;
+ MBEDTLS_ASN1_CHK_ADD(field_length, mbedtls_asn1_write_utf8_string(
+ pos, start, value, value_size));
+ // Explicitly tagged, so add the field tag too.
+ MBEDTLS_ASN1_CHK_ADD(field_length,
+ mbedtls_asn1_write_len(pos, start, field_length));
+ MBEDTLS_ASN1_CHK_ADD(field_length,
+ mbedtls_asn1_write_tag(pos, start, GetFieldTag(tag)));
+ return field_length;
+}
+
+// Can be used with MBEDTLS_ASN1_CHK_ADD.
static int WriteExplicitOctetStringField(uint8_t tag, const uint8_t* value,
size_t value_size, uint8_t** pos,
uint8_t* start) {
@@ -168,8 +207,6 @@
static int GetDiceExtensionDataHelper(const DiceInputValues* input_values,
uint8_t** pos, uint8_t* start) {
- // ASN.1 constants not defined by mbedtls.
- const uint8_t kEnumTypeTag = 10;
// ASN.1 tags for extension fields.
const uint8_t kDiceFieldCodeHash = 0;
const uint8_t kDiceFieldCodeDescriptor = 1;
@@ -178,24 +215,23 @@
const uint8_t kDiceFieldAuthorityHash = 4;
const uint8_t kDiceFieldAuthorityDescriptor = 5;
const uint8_t kDiceFieldMode = 6;
+ const uint8_t kDiceFieldProfileName = 7;
// Build up the extension ASN.1 in reverse order.
int ret = 0; // Used by MBEDTLS_ASN1_CHK_ADD.
int length = 0;
- // Add the mode field.
- MBEDTLS_ASN1_CHK_ADD(length,
- mbedtls_asn1_write_int(pos, start, input_values->mode));
- // Overwrite the 'int' type.
- ++(*pos);
- --length;
- MBEDTLS_ASN1_CHK_ADD(length,
- mbedtls_asn1_write_tag(pos, start, kEnumTypeTag));
+ // Add the profile name field.
+ if (DICE_PROFILE_NAME) {
+ MBEDTLS_ASN1_CHK_ADD(length, WriteExplicitUtf8StringField(
+ kDiceFieldProfileName, DICE_PROFILE_NAME,
+ strlen(DICE_PROFILE_NAME), pos, start));
+ }
- // Explicitly tagged, so add the field tag too.
- MBEDTLS_ASN1_CHK_ADD(length, mbedtls_asn1_write_len(pos, start, length));
+ // Add the mode field.
MBEDTLS_ASN1_CHK_ADD(
- length, mbedtls_asn1_write_tag(pos, start, GetFieldTag(kDiceFieldMode)));
+ length,
+ WriteExplicitModeField(kDiceFieldMode, input_values->mode, pos, start));
// Add the authorityDescriptor field, if applicable.
if (input_values->authority_descriptor_size > 0) {
diff --git a/src/template_cbor_cert_op.c b/src/template_cbor_cert_op.c
index 641e83b..c935dfb 100644
--- a/src/template_cbor_cert_op.c
+++ b/src/template_cbor_cert_op.c
@@ -167,7 +167,7 @@
// Variable length descriptors are not supported.
if (input_values->code_descriptor_size > 0 ||
input_values->config_type != kDiceConfigTypeInline ||
- input_values->authority_descriptor_size > 0) {
+ input_values->authority_descriptor_size > 0 || DICE_PROFILE_NAME) {
return kDiceResultInvalidInput;
}
diff --git a/src/template_cert_op.c b/src/template_cert_op.c
index daa4317..7dcb16f 100644
--- a/src/template_cert_op.c
+++ b/src/template_cert_op.c
@@ -177,7 +177,7 @@
// Variable length descriptors are not supported.
if (input_values->code_descriptor_size > 0 ||
input_values->config_type != kDiceConfigTypeInline ||
- input_values->authority_descriptor_size > 0) {
+ input_values->authority_descriptor_size > 0 || DICE_PROFILE_NAME) {
return kDiceResultInvalidInput;
}
diff --git a/src/test_utils.cc b/src/test_utils.cc
index cb21d3f..12663cc 100644
--- a/src/test_utils.cc
+++ b/src/test_utils.cc
@@ -535,7 +535,7 @@
return nullptr;
}
ScopedCbor cwt(cn_cbor_decode(payload->v.bytes, payload->length, &error));
- if (cwt && cwt->type != CN_CBOR_MAP) {
+ if (!cwt || cwt->type != CN_CBOR_MAP) {
return nullptr;
}
return cwt;
