diff --git a/src/crypto/CHIPCryptoPALOpenSSL.cpp b/src/crypto/CHIPCryptoPALOpenSSL.cpp index a3321aaf9e2828..e181190a109bb6 100644 --- a/src/crypto/CHIPCryptoPALOpenSSL.cpp +++ b/src/crypto/CHIPCryptoPALOpenSSL.cpp @@ -1653,7 +1653,8 @@ CHIP_ERROR VerifyAttestationCertificateFormat(const ByteSpan & cert, Attestation } else { - VerifyOrExit(isCA && (pathLen == -1 || pathLen == 0 || pathLen == 1), err = CHIP_ERROR_INTERNAL); + // For PAA, pathlen must be absent or equal to 1 (see Matter 1.1 spec 6.2.2.5) + VerifyOrExit(isCA && (pathLen == -1 || pathLen == 1), err = CHIP_ERROR_INTERNAL); } } break; diff --git a/src/crypto/CHIPCryptoPALPSA.cpp b/src/crypto/CHIPCryptoPALPSA.cpp index 2d01e3229b4918..e8d4b75c9221b1 100644 --- a/src/crypto/CHIPCryptoPALPSA.cpp +++ b/src/crypto/CHIPCryptoPALPSA.cpp @@ -1295,9 +1295,8 @@ CHIP_ERROR VerifyAttestationCertificateFormat(const ByteSpan & cert, Attestation if (OID_CMP(sOID_Extension_BasicConstraints, extOID)) { - int isCA = 0; - int pathLen = -1; - unsigned char * seqStart = p; + int isCA = 0; + int pathLen = -1; VerifyOrExit(extCritical, error = CHIP_ERROR_INTERNAL); extBasicPresent = true; @@ -1306,11 +1305,17 @@ CHIP_ERROR VerifyAttestationCertificateFormat(const ByteSpan & cert, Attestation VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL); if (len > 0) { - result = mbedtls_asn1_get_bool(&p, end, &isCA); + unsigned char * seqStart = p; + result = mbedtls_asn1_get_bool(&p, end, &isCA); VerifyOrExit(result == 0 || result == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG, error = CHIP_ERROR_INTERNAL); - if (p != seqStart + len) + // Check if pathLen is there by validating if the cursor didn't get to the end of + // of the internal SEQUENCE for the basic constraints encapsulation. + // Missing pathLen optional tag will leave pathLen == -1 for following checks. + bool hasPathLen = (p != (seqStart + len)); + if (hasPathLen) { + // Extract pathLen value, making sure it's a valid format. result = mbedtls_asn1_get_int(&p, end, &pathLen); VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL); } @@ -1326,7 +1331,8 @@ CHIP_ERROR VerifyAttestationCertificateFormat(const ByteSpan & cert, Attestation } else { - VerifyOrExit(isCA && (pathLen == -1 || pathLen == 0 || pathLen == 1), error = CHIP_ERROR_INTERNAL); + // For PAA, pathlen must be absent or equal to 1 (see Matter 1.1 spec 6.2.2.5) + VerifyOrExit(isCA && (pathLen == -1 || pathLen == 1), error = CHIP_ERROR_INTERNAL); } } else if (OID_CMP(sOID_Extension_KeyUsage, extOID)) diff --git a/src/crypto/CHIPCryptoPALmbedTLS.cpp b/src/crypto/CHIPCryptoPALmbedTLS.cpp index 26a00156725791..92ec3048fe8de6 100644 --- a/src/crypto/CHIPCryptoPALmbedTLS.cpp +++ b/src/crypto/CHIPCryptoPALmbedTLS.cpp @@ -1386,9 +1386,8 @@ CHIP_ERROR VerifyAttestationCertificateFormat(const ByteSpan & cert, Attestation if (OID_CMP(sOID_Extension_BasicConstraints, extOID)) { - int isCA = 0; - int pathLen = -1; - unsigned char * seqStart = p; + int isCA = 0; + int pathLen = -1; VerifyOrExit(extCritical, error = CHIP_ERROR_INTERNAL); extBasicPresent = true; @@ -1397,11 +1396,17 @@ CHIP_ERROR VerifyAttestationCertificateFormat(const ByteSpan & cert, Attestation VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL); if (len > 0) { - result = mbedtls_asn1_get_bool(&p, end, &isCA); + unsigned char * seqStart = p; + result = mbedtls_asn1_get_bool(&p, end, &isCA); VerifyOrExit(result == 0 || result == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG, error = CHIP_ERROR_INTERNAL); - if (p != seqStart + len) + // Check if pathLen is there by validating if the cursor didn't get to the end of + // of the internal SEQUENCE for the basic constraints encapsulation. + // Missing pathLen optional tag will leave pathLen == -1 for following checks. + bool hasPathLen = (p != (seqStart + len)); + if (hasPathLen) { + // Extract pathLen value, making sure it's a valid format. result = mbedtls_asn1_get_int(&p, end, &pathLen); VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL); } @@ -1417,7 +1422,8 @@ CHIP_ERROR VerifyAttestationCertificateFormat(const ByteSpan & cert, Attestation } else { - VerifyOrExit(isCA && (pathLen == -1 || pathLen == 0 || pathLen == 1), error = CHIP_ERROR_INTERNAL); + // For PAA, pathlen must be absent or equal to 1 (see Matter 1.1 spec 6.2.2.5) + VerifyOrExit(isCA && (pathLen == -1 || pathLen == 1), error = CHIP_ERROR_INTERNAL); } } else if (OID_CMP(sOID_Extension_KeyUsage, extOID)) diff --git a/src/crypto/tests/BUILD.gn b/src/crypto/tests/BUILD.gn index ea3ee0dc124f5d..0f2fde50996481 100644 --- a/src/crypto/tests/BUILD.gn +++ b/src/crypto/tests/BUILD.gn @@ -25,6 +25,7 @@ chip_test_suite("tests") { sources = [ "AES_CCM_128_test_vectors.h", "CHIPCryptoPALTest.cpp", + "DacValidationExplicitVectors.h", "DerSigConversion_test_vectors.h", "ECDH_P256_test_vectors.h", "HKDF_SHA256_test_vectors.h", diff --git a/src/crypto/tests/CHIPCryptoPALTest.cpp b/src/crypto/tests/CHIPCryptoPALTest.cpp index fae25912c2fe44..3ceda243d2347d 100644 --- a/src/crypto/tests/CHIPCryptoPALTest.cpp +++ b/src/crypto/tests/CHIPCryptoPALTest.cpp @@ -156,6 +156,8 @@ class HeapChecker }; #endif +#include "DacValidationExplicitVectors.h" + } // namespace static uint32_t gs_test_entropy_source_called = 0; @@ -1956,14 +1958,25 @@ static void TestX509_VerifyAttestationCertificateFormat(nlTestSuite * inSuite, v { ByteSpan(), Crypto::AttestationCertType::kDAC, CHIP_ERROR_INVALID_ARGUMENT }, { sTestCert_PAI_FFF2_NoPID_FB_Cert, Crypto::AttestationCertType::kDAC, CHIP_ERROR_INTERNAL }, { sTestCert_DAC_FFF2_8006_0025_ValInFuture_Cert, Crypto::AttestationCertType::kPAA, CHIP_ERROR_INTERNAL }, + { ByteSpan{kPaaWithNoPathlen}, Crypto::AttestationCertType::kPAA, CHIP_NO_ERROR }, + { ByteSpan{kPaiPathLenMissing}, Crypto::AttestationCertType::kPAI, CHIP_ERROR_INTERNAL }, + { ByteSpan{kPaiPathLen1}, Crypto::AttestationCertType::kPAI, CHIP_ERROR_INTERNAL }, + { ByteSpan{kPaaPathLen2}, Crypto::AttestationCertType::kPAA, CHIP_ERROR_INTERNAL }, }; // clang-format on + int case_idx = 0; for (auto & testCase : sValidationTestCases) { ByteSpan cert = testCase.cert; CHIP_ERROR err = VerifyAttestationCertificateFormat(cert, testCase.type); + if (err != testCase.expectedError) + { + ChipLogError(Crypto, "Failed TestX509_VerifyAttestationCertificateFormat sub-case %d, err: %" CHIP_ERROR_FORMAT, + case_idx, err.Format()); + } NL_TEST_ASSERT(inSuite, err == testCase.expectedError); + ++case_idx; } } diff --git a/src/crypto/tests/DacValidationExplicitVectors.h b/src/crypto/tests/DacValidationExplicitVectors.h new file mode 100644 index 00000000000000..ea1dc6d0584520 --- /dev/null +++ b/src/crypto/tests/DacValidationExplicitVectors.h @@ -0,0 +1,180 @@ +/* + * + * Copyright (c) 2023 Project CHIP Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// This file contains test certificate bodies with particular situations that +// were not auto-generated, but rather constructed. + +#pragma once + +#include + +/* +-----BEGIN CERTIFICATE----- +MIIByjCCAXCgAwIBAgIRALmDRJO1vv31wcqYjJYpxZQwCgYIKoZIzj0EAwIwMzEb +MBkGA1UEAwwSUWlhbnlhbiBNYXR0ZXIgUEFBMRQwEgYKKwYBBAGConwCAQwEMTM4 +NzAgFw0yMzAzMTQwODIyNDRaGA85OTk5MTIzMTIzNTk1OVowMzEbMBkGA1UEAwwS +UWlhbnlhbiBNYXR0ZXIgUEFBMRQwEgYKKwYBBAGConwCAQwEMTM4NzBZMBMGByqG +SM49AgEGCCqGSM49AwEHA0IABAV999uorscml0N9OlulWuvb+6d06vsjmpwKPQd5 +mpaayy4f6ODdbycnNhHUZqxP4jQL8CLk509zlJCyTvX4f16jYzBhMA8GA1UdEwEB +/wQFMAMBAf8wHQYDVR0OBBYEFDCn/GzW+lrLgn93bjJiB2u4EeQpMA4GA1UdDwEB +/wQEAwIBhjAfBgNVHSMEGDAWgBQwp/xs1vpay4J/d24yYgdruBHkKTAKBggqhkjO +PQQDAgNIADBFAiBo6kBk1wcJjH4XYaR6cPOrCOXmbTPk20EzfoaLrXXtrgIhANmh +IEohtRvlb6URoKv1v3jwfzATeqLNY2eLKBmQjUN8 +-----END CERTIFICATE----- +*/ + +const uint8_t kPaaWithNoPathlen[462] = { + 0x30, 0x82, 0x01, 0xca, 0x30, 0x82, 0x01, 0x70, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x11, 0x00, 0xb9, 0x83, 0x44, 0x93, 0xb5, + 0xbe, 0xfd, 0xf5, 0xc1, 0xca, 0x98, 0x8c, 0x96, 0x29, 0xc5, 0x94, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, + 0x03, 0x02, 0x30, 0x33, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x12, 0x51, 0x69, 0x61, 0x6e, 0x79, 0x61, + 0x6e, 0x20, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x50, 0x41, 0x41, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, + 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x31, 0x33, 0x38, 0x37, 0x30, 0x20, 0x17, 0x0d, 0x32, 0x33, 0x30, 0x33, + 0x31, 0x34, 0x30, 0x38, 0x32, 0x32, 0x34, 0x34, 0x5a, 0x18, 0x0f, 0x39, 0x39, 0x39, 0x39, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, + 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x33, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x12, 0x51, 0x69, 0x61, + 0x6e, 0x79, 0x61, 0x6e, 0x20, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x50, 0x41, 0x41, 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x31, 0x33, 0x38, 0x37, 0x30, 0x59, 0x30, 0x13, 0x06, + 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, + 0x04, 0x05, 0x7d, 0xf7, 0xdb, 0xa8, 0xae, 0xc7, 0x26, 0x97, 0x43, 0x7d, 0x3a, 0x5b, 0xa5, 0x5a, 0xeb, 0xdb, 0xfb, 0xa7, 0x74, + 0xea, 0xfb, 0x23, 0x9a, 0x9c, 0x0a, 0x3d, 0x07, 0x79, 0x9a, 0x96, 0x9a, 0xcb, 0x2e, 0x1f, 0xe8, 0xe0, 0xdd, 0x6f, 0x27, 0x27, + 0x36, 0x11, 0xd4, 0x66, 0xac, 0x4f, 0xe2, 0x34, 0x0b, 0xf0, 0x22, 0xe4, 0xe7, 0x4f, 0x73, 0x94, 0x90, 0xb2, 0x4e, 0xf5, 0xf8, + 0x7f, 0x5e, 0xa3, 0x63, 0x30, 0x61, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, + 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x30, 0xa7, 0xfc, 0x6c, 0xd6, 0xfa, 0x5a, 0xcb, + 0x82, 0x7f, 0x77, 0x6e, 0x32, 0x62, 0x07, 0x6b, 0xb8, 0x11, 0xe4, 0x29, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, + 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x30, + 0xa7, 0xfc, 0x6c, 0xd6, 0xfa, 0x5a, 0xcb, 0x82, 0x7f, 0x77, 0x6e, 0x32, 0x62, 0x07, 0x6b, 0xb8, 0x11, 0xe4, 0x29, 0x30, 0x0a, + 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x20, 0x68, 0xea, 0x40, 0x64, + 0xd7, 0x07, 0x09, 0x8c, 0x7e, 0x17, 0x61, 0xa4, 0x7a, 0x70, 0xf3, 0xab, 0x08, 0xe5, 0xe6, 0x6d, 0x33, 0xe4, 0xdb, 0x41, 0x33, + 0x7e, 0x86, 0x8b, 0xad, 0x75, 0xed, 0xae, 0x02, 0x21, 0x00, 0xd9, 0xa1, 0x20, 0x4a, 0x21, 0xb5, 0x1b, 0xe5, 0x6f, 0xa5, 0x11, + 0xa0, 0xab, 0xf5, 0xbf, 0x78, 0xf0, 0x7f, 0x30, 0x13, 0x7a, 0xa2, 0xcd, 0x63, 0x67, 0x8b, 0x28, 0x19, 0x90, 0x8d, 0x43, 0x7c, +}; + +/* +-----BEGIN CERTIFICATE----- +MIIBuDCCAV+gAwIBAgIIEl3k+yzkQuowCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwP +TWF0dGVyIFRlc3QgUEFBMB4XDTIxMDYyODE0MjM0M1oXDTMzMDYyODE0MjM0Mlow +RjEYMBYGA1UEAwwPTWF0dGVyIFRlc3QgUEFJMRQwEgYKKwYBBAGConwCAQwERkZG +MjEUMBIGCisGAQQBgqJ8AgIMBDgwMDUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC +AAQso3JRSRbamUuVk4C2aycB9M84CPOT9xaxI4nC+VqK8vSTJiploKPr+BvganEH +MqCqoC/1KO+Vi/0gMmMvvYhfo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB +/wQEAwIBBjAdBgNVHQ4EFgQU2tRnb1BtRUPblHbWGGkcZ0lyjQgwHwYDVR0jBBgw +FoAUeFznBbhrj05vx5OqYMtD6mlogtUwCgYIKoZIzj0EAwIDRwAwRAIgYreXc1Ny ++5HZRSxqT4gPVP5z5ZkhZXUSYW7GHaqs8VACID/8iIGshdedcjAbI6sQO+AtevcO +qLypxnhGVlL2gQnf +-----END CERTIFICATE----- +*/ +const uint8_t kPaiPathLenMissing[444] = { + 0x30, 0x82, 0x01, 0xb8, 0x30, 0x82, 0x01, 0x5f, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x12, 0x5d, 0xe4, 0xfb, 0x2c, 0xe4, + 0x42, 0xea, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x41, + 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x36, 0x32, 0x38, 0x31, 0x34, 0x32, 0x33, 0x34, 0x33, 0x5a, 0x17, 0x0d, 0x33, 0x33, + 0x30, 0x36, 0x32, 0x38, 0x31, 0x34, 0x32, 0x33, 0x34, 0x32, 0x5a, 0x30, 0x46, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x49, 0x31, 0x14, 0x30, + 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46, 0x32, 0x31, 0x14, + 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x02, 0x0c, 0x04, 0x38, 0x30, 0x30, 0x35, 0x30, + 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, + 0x07, 0x03, 0x42, 0x00, 0x04, 0x2c, 0xa3, 0x72, 0x51, 0x49, 0x16, 0xda, 0x99, 0x4b, 0x95, 0x93, 0x80, 0xb6, 0x6b, 0x27, 0x01, + 0xf4, 0xcf, 0x38, 0x08, 0xf3, 0x93, 0xf7, 0x16, 0xb1, 0x23, 0x89, 0xc2, 0xf9, 0x5a, 0x8a, 0xf2, 0xf4, 0x93, 0x26, 0x2a, 0x65, + 0xa0, 0xa3, 0xeb, 0xf8, 0x1b, 0xe0, 0x6a, 0x71, 0x07, 0x32, 0xa0, 0xaa, 0xa0, 0x2f, 0xf5, 0x28, 0xef, 0x95, 0x8b, 0xfd, 0x20, + 0x32, 0x63, 0x2f, 0xbd, 0x88, 0x5f, 0xa3, 0x63, 0x30, 0x61, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, + 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, + 0x06, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xda, 0xd4, 0x67, 0x6f, 0x50, 0x6d, 0x45, 0x43, 0xdb, + 0x94, 0x76, 0xd6, 0x18, 0x69, 0x1c, 0x67, 0x49, 0x72, 0x8d, 0x08, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, + 0x16, 0x80, 0x14, 0x78, 0x5c, 0xe7, 0x05, 0xb8, 0x6b, 0x8f, 0x4e, 0x6f, 0xc7, 0x93, 0xaa, 0x60, 0xcb, 0x43, 0xea, 0x69, 0x68, + 0x82, 0xd5, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, 0x30, 0x44, 0x02, 0x20, + 0x62, 0xb7, 0x97, 0x73, 0x53, 0x72, 0xfb, 0x91, 0xd9, 0x45, 0x2c, 0x6a, 0x4f, 0x88, 0x0f, 0x54, 0xfe, 0x73, 0xe5, 0x99, 0x21, + 0x65, 0x75, 0x12, 0x61, 0x6e, 0xc6, 0x1d, 0xaa, 0xac, 0xf1, 0x50, 0x02, 0x20, 0x3f, 0xfc, 0x88, 0x81, 0xac, 0x85, 0xd7, 0x9d, + 0x72, 0x30, 0x1b, 0x23, 0xab, 0x10, 0x3b, 0xe0, 0x2d, 0x7a, 0xf7, 0x0e, 0xa8, 0xbc, 0xa9, 0xc6, 0x78, 0x46, 0x56, 0x52, 0xf6, + 0x81, 0x09, 0xdf, +}; + +/* +-----BEGIN CERTIFICATE----- +MIIBuzCCAWKgAwIBAgIIEl3k+yzkQuowCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwP +TWF0dGVyIFRlc3QgUEFBMB4XDTIxMDYyODE0MjM0M1oXDTMzMDYyODE0MjM0Mlow +RjEYMBYGA1UEAwwPTWF0dGVyIFRlc3QgUEFJMRQwEgYKKwYBBAGConwCAQwERkZG +MjEUMBIGCisGAQQBgqJ8AgIMBDgwMDUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC +AAQso3JRSRbamUuVk4C2aycB9M84CPOT9xaxI4nC+VqK8vSTJiploKPr+BvganEH +MqCqoC/1KO+Vi/0gMmMvvYhfo2YwZDASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1Ud +DwEB/wQEAwIBBjAdBgNVHQ4EFgQU2tRnb1BtRUPblHbWGGkcZ0lyjQgwHwYDVR0j +BBgwFoAUeFznBbhrj05vx5OqYMtD6mlogtUwCgYIKoZIzj0EAwIDRwAwRAIgYreX +c1Ny+5HZRSxqT4gPVP5z5ZkhZXUSYW7GHaqs8VACID/8iIGshdedcjAbI6sQO+At +evcOqLypxnhGVlL2gQnf +-----END CERTIFICATE----- +*/ +const uint8_t kPaiPathLen1[447] = { + 0x30, 0x82, 0x01, 0xbb, 0x30, 0x82, 0x01, 0x62, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x12, 0x5d, 0xe4, 0xfb, 0x2c, 0xe4, + 0x42, 0xea, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x41, + 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x36, 0x32, 0x38, 0x31, 0x34, 0x32, 0x33, 0x34, 0x33, 0x5a, 0x17, 0x0d, 0x33, 0x33, + 0x30, 0x36, 0x32, 0x38, 0x31, 0x34, 0x32, 0x33, 0x34, 0x32, 0x5a, 0x30, 0x46, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x49, 0x31, 0x14, 0x30, + 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46, 0x32, 0x31, 0x14, + 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x02, 0x0c, 0x04, 0x38, 0x30, 0x30, 0x35, 0x30, + 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, + 0x07, 0x03, 0x42, 0x00, 0x04, 0x2c, 0xa3, 0x72, 0x51, 0x49, 0x16, 0xda, 0x99, 0x4b, 0x95, 0x93, 0x80, 0xb6, 0x6b, 0x27, 0x01, + 0xf4, 0xcf, 0x38, 0x08, 0xf3, 0x93, 0xf7, 0x16, 0xb1, 0x23, 0x89, 0xc2, 0xf9, 0x5a, 0x8a, 0xf2, 0xf4, 0x93, 0x26, 0x2a, 0x65, + 0xa0, 0xa3, 0xeb, 0xf8, 0x1b, 0xe0, 0x6a, 0x71, 0x07, 0x32, 0xa0, 0xaa, 0xa0, 0x2f, 0xf5, 0x28, 0xef, 0x95, 0x8b, 0xfd, 0x20, + 0x32, 0x63, 0x2f, 0xbd, 0x88, 0x5f, 0xa3, 0x66, 0x30, 0x64, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, + 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x01, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, + 0x03, 0x02, 0x01, 0x06, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xda, 0xd4, 0x67, 0x6f, 0x50, 0x6d, + 0x45, 0x43, 0xdb, 0x94, 0x76, 0xd6, 0x18, 0x69, 0x1c, 0x67, 0x49, 0x72, 0x8d, 0x08, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, + 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x78, 0x5c, 0xe7, 0x05, 0xb8, 0x6b, 0x8f, 0x4e, 0x6f, 0xc7, 0x93, 0xaa, 0x60, 0xcb, 0x43, + 0xea, 0x69, 0x68, 0x82, 0xd5, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, 0x30, + 0x44, 0x02, 0x20, 0x62, 0xb7, 0x97, 0x73, 0x53, 0x72, 0xfb, 0x91, 0xd9, 0x45, 0x2c, 0x6a, 0x4f, 0x88, 0x0f, 0x54, 0xfe, 0x73, + 0xe5, 0x99, 0x21, 0x65, 0x75, 0x12, 0x61, 0x6e, 0xc6, 0x1d, 0xaa, 0xac, 0xf1, 0x50, 0x02, 0x20, 0x3f, 0xfc, 0x88, 0x81, 0xac, + 0x85, 0xd7, 0x9d, 0x72, 0x30, 0x1b, 0x23, 0xab, 0x10, 0x3b, 0xe0, 0x2d, 0x7a, 0xf7, 0x0e, 0xa8, 0xbc, 0xa9, 0xc6, 0x78, 0x46, + 0x56, 0x52, 0xf6, 0x81, 0x09, 0xdf, +}; + +/* +-----BEGIN CERTIFICATE----- +MIIBvDCCAWKgAwIBAgIIUU31T4F/bycwCgYIKoZIzj0EAwIwMDEYMBYGA1UEAwwP +TWF0dGVyIFRlc3QgUEFBMRQwEgYKKwYBBAGConwCAQwERkZGMjAeFw0yMzA1Mjgx +NDIzNDNaFw0zMjA2MjcxNDIzNDJaMDAxGDAWBgNVBAMMD01hdHRlciBUZXN0IFBB +QTEUMBIGCisGAQQBgqJ8AgEMBEZGRjIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC +AAQjYtkTW7E7w26mNn1LTLN/93IZp/xgOrAGP9ye/8bPC166EyCmbvTjSBvKu+HM +UlUmt2r79bkb9Swzhg3GXxA5o2YwZDASBgNVHRMBAf8ECDAGAQH/AgECMA4GA1Ud +DwEB/wQEAwIBBjAdBgNVHQ4EFgQUfx2q8kSYuYZoDqCPwYkh6EhInRcwHwYDVR0j +BBgwFoAUfx2q8kSYuYZoDqCPwYkh6EhInRcwCgYIKoZIzj0EAwIDSAAwRQIgbBOM +5XDzrA1cWOTHigR4go96aos4+W1pA8Irlj2LxRcCIQDje3+2Gvz7UW9rRkf8p/SG +NbKsuLiNm8I5idctQg3eaw== +-----END CERTIFICATE----- +*/ +const uint8_t kPaaPathLen2[448] = { + 0x30, 0x82, 0x01, 0xbc, 0x30, 0x82, 0x01, 0x62, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x51, 0x4d, 0xf5, 0x4f, 0x81, 0x7f, + 0x6f, 0x27, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x30, 0x31, 0x18, 0x30, 0x16, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x41, + 0x31, 0x14, 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46, + 0x32, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x33, 0x30, 0x35, 0x32, 0x38, 0x31, 0x34, 0x32, 0x33, 0x34, 0x33, 0x5a, 0x17, 0x0d, 0x33, + 0x32, 0x30, 0x36, 0x32, 0x37, 0x31, 0x34, 0x32, 0x33, 0x34, 0x32, 0x5a, 0x30, 0x30, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x0c, 0x0f, 0x4d, 0x61, 0x74, 0x74, 0x65, 0x72, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x50, 0x41, 0x41, 0x31, 0x14, + 0x30, 0x12, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0xa2, 0x7c, 0x02, 0x01, 0x0c, 0x04, 0x46, 0x46, 0x46, 0x32, 0x30, + 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, + 0x07, 0x03, 0x42, 0x00, 0x04, 0x23, 0x62, 0xd9, 0x13, 0x5b, 0xb1, 0x3b, 0xc3, 0x6e, 0xa6, 0x36, 0x7d, 0x4b, 0x4c, 0xb3, 0x7f, + 0xf7, 0x72, 0x19, 0xa7, 0xfc, 0x60, 0x3a, 0xb0, 0x06, 0x3f, 0xdc, 0x9e, 0xff, 0xc6, 0xcf, 0x0b, 0x5e, 0xba, 0x13, 0x20, 0xa6, + 0x6e, 0xf4, 0xe3, 0x48, 0x1b, 0xca, 0xbb, 0xe1, 0xcc, 0x52, 0x55, 0x26, 0xb7, 0x6a, 0xfb, 0xf5, 0xb9, 0x1b, 0xf5, 0x2c, 0x33, + 0x86, 0x0d, 0xc6, 0x5f, 0x10, 0x39, 0xa3, 0x66, 0x30, 0x64, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, + 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x02, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, + 0x03, 0x02, 0x01, 0x06, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x7f, 0x1d, 0xaa, 0xf2, 0x44, 0x98, + 0xb9, 0x86, 0x68, 0x0e, 0xa0, 0x8f, 0xc1, 0x89, 0x21, 0xe8, 0x48, 0x48, 0x9d, 0x17, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, + 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x7f, 0x1d, 0xaa, 0xf2, 0x44, 0x98, 0xb9, 0x86, 0x68, 0x0e, 0xa0, 0x8f, 0xc1, 0x89, 0x21, + 0xe8, 0x48, 0x48, 0x9d, 0x17, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, + 0x45, 0x02, 0x20, 0x6c, 0x13, 0x8c, 0xe5, 0x70, 0xf3, 0xac, 0x0d, 0x5c, 0x58, 0xe4, 0xc7, 0x8a, 0x04, 0x78, 0x82, 0x8f, 0x7a, + 0x6a, 0x8b, 0x38, 0xf9, 0x6d, 0x69, 0x03, 0xc2, 0x2b, 0x96, 0x3d, 0x8b, 0xc5, 0x17, 0x02, 0x21, 0x00, 0xe3, 0x7b, 0x7f, 0xb6, + 0x1a, 0xfc, 0xfb, 0x51, 0x6f, 0x6b, 0x46, 0x47, 0xfc, 0xa7, 0xf4, 0x86, 0x35, 0xb2, 0xac, 0xb8, 0xb8, 0x8d, 0x9b, 0xc2, 0x39, + 0x89, 0xd7, 0x2d, 0x42, 0x0d, 0xde, 0x6b, +}; diff --git a/src/platform/nxp/common/crypto/CHIPCryptoPALTinyCrypt.cpp b/src/platform/nxp/common/crypto/CHIPCryptoPALTinyCrypt.cpp index 4ad79d22463f5a..e5fedf2d7f994d 100644 --- a/src/platform/nxp/common/crypto/CHIPCryptoPALTinyCrypt.cpp +++ b/src/platform/nxp/common/crypto/CHIPCryptoPALTinyCrypt.cpp @@ -1227,9 +1227,8 @@ CHIP_ERROR VerifyAttestationCertificateFormat(const ByteSpan & cert, Attestation if (OID_CMP(sOID_Extension_BasicConstraints, extOID)) { - int isCA = 0; - int pathLen = -1; - unsigned char * seqStart = p; + int isCA = 0; + int pathLen = -1; VerifyOrExit(extCritical, error = CHIP_ERROR_INTERNAL); extBasicPresent = true; @@ -1238,11 +1237,17 @@ CHIP_ERROR VerifyAttestationCertificateFormat(const ByteSpan & cert, Attestation VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL); if (len > 0) { - result = mbedtls_asn1_get_bool(&p, end, &isCA); + unsigned char * seqStart = p; + result = mbedtls_asn1_get_bool(&p, end, &isCA); VerifyOrExit(result == 0 || result == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG, error = CHIP_ERROR_INTERNAL); - if (p != seqStart + len) + // Check if pathLen is there by validating if the cursor didn't get to the end of + // of the internal SEQUENCE for the basic constraints encapsulation. + // Missing pathLen optional tag will leave pathLen == -1 for following checks. + bool hasPathLen = (p != (seqStart + len)); + if (hasPathLen) { + // Extract pathLen value, making sure it's a valid format. result = mbedtls_asn1_get_int(&p, end, &pathLen); VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL); } @@ -1258,7 +1263,8 @@ CHIP_ERROR VerifyAttestationCertificateFormat(const ByteSpan & cert, Attestation } else { - VerifyOrExit(isCA && (pathLen == -1 || pathLen == 0 || pathLen == 1), error = CHIP_ERROR_INTERNAL); + // For PAA, pathlen must be absent or equal to 1 (see Matter 1.1 spec 6.2.2.5) + VerifyOrExit(isCA && (pathLen == -1 || pathLen == 1), error = CHIP_ERROR_INTERNAL); } } else if (OID_CMP(sOID_Extension_KeyUsage, extOID)) diff --git a/src/platform/nxp/k32w/k32w0/crypto/CHIPCryptoPALNXPUltrafastP256.cpp b/src/platform/nxp/k32w/k32w0/crypto/CHIPCryptoPALNXPUltrafastP256.cpp index 771e2638a8a176..93c286c0edaa9f 100644 --- a/src/platform/nxp/k32w/k32w0/crypto/CHIPCryptoPALNXPUltrafastP256.cpp +++ b/src/platform/nxp/k32w/k32w0/crypto/CHIPCryptoPALNXPUltrafastP256.cpp @@ -1197,9 +1197,8 @@ CHIP_ERROR VerifyAttestationCertificateFormat(const ByteSpan & cert, Attestation if (OID_CMP(sOID_Extension_BasicConstraints, extOID)) { - int isCA = 0; - int pathLen = -1; - unsigned char * seqStart = p; + int isCA = 0; + int pathLen = -1; VerifyOrExit(extCritical, error = CHIP_ERROR_INTERNAL); extBasicPresent = true; @@ -1208,11 +1207,17 @@ CHIP_ERROR VerifyAttestationCertificateFormat(const ByteSpan & cert, Attestation VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL); if (len > 0) { - result = mbedtls_asn1_get_bool(&p, end, &isCA); + unsigned char * seqStart = p; + result = mbedtls_asn1_get_bool(&p, end, &isCA); VerifyOrExit(result == 0 || result == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG, error = CHIP_ERROR_INTERNAL); - if (p != seqStart + len) + // Check if pathLen is there by validating if the cursor didn't get to the end of + // of the internal SEQUENCE for the basic constraints encapsulation. + // Missing pathLen optional tag will leave pathLen == -1 for following checks. + bool hasPathLen = (p != (seqStart + len)); + if (hasPathLen) { + // Extract pathLen value, making sure it's a valid format. result = mbedtls_asn1_get_int(&p, end, &pathLen); VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL); } @@ -1228,7 +1233,8 @@ CHIP_ERROR VerifyAttestationCertificateFormat(const ByteSpan & cert, Attestation } else { - VerifyOrExit(isCA && (pathLen == -1 || pathLen == 0 || pathLen == 1), error = CHIP_ERROR_INTERNAL); + // For PAA, pathlen must be absent or equal to 1 (see Matter 1.1 spec 6.2.2.5) + VerifyOrExit(isCA && (pathLen == -1 || pathLen == 1), error = CHIP_ERROR_INTERNAL); } } else if (OID_CMP(sOID_Extension_KeyUsage, extOID)) diff --git a/src/platform/silabs/SiWx917/CHIPCryptoPALTinyCrypt.cpp b/src/platform/silabs/SiWx917/CHIPCryptoPALTinyCrypt.cpp index 192f691b497cfe..321aaac5363d19 100644 --- a/src/platform/silabs/SiWx917/CHIPCryptoPALTinyCrypt.cpp +++ b/src/platform/silabs/SiWx917/CHIPCryptoPALTinyCrypt.cpp @@ -1228,9 +1228,8 @@ CHIP_ERROR VerifyAttestationCertificateFormat(const ByteSpan & cert, Attestation if (OID_CMP(sOID_Extension_BasicConstraints, extOID)) { - int isCA = 0; - int pathLen = -1; - unsigned char * seqStart = p; + int isCA = 0; + int pathLen = -1; VerifyOrExit(extCritical, error = CHIP_ERROR_INTERNAL); extBasicPresent = true; @@ -1239,11 +1238,17 @@ CHIP_ERROR VerifyAttestationCertificateFormat(const ByteSpan & cert, Attestation VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL); if (len > 0) { - result = mbedtls_asn1_get_bool(&p, end, &isCA); + unsigned char * seqStart = p; + result = mbedtls_asn1_get_bool(&p, end, &isCA); VerifyOrExit(result == 0 || result == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG, error = CHIP_ERROR_INTERNAL); - if (p != seqStart + len) + // Check if pathLen is there by validating if the cursor didn't get to the end of + // of the internal SEQUENCE for the basic constraints encapsulation. + // Missing pathLen optional tag will leave pathLen == -1 for following checks. + bool hasPathLen = (p != (seqStart + len)); + if (hasPathLen) { + // Extract pathLen value, making sure it's a valid format. result = mbedtls_asn1_get_int(&p, end, &pathLen); VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL); } @@ -1259,7 +1264,8 @@ CHIP_ERROR VerifyAttestationCertificateFormat(const ByteSpan & cert, Attestation } else { - VerifyOrExit(isCA && (pathLen == -1 || pathLen == 0 || pathLen == 1), error = CHIP_ERROR_INTERNAL); + // For PAA, pathlen must be absent or equal to 1 (see Matter 1.1 spec 6.2.2.5) + VerifyOrExit(isCA && (pathLen == -1 || pathLen == 1), error = CHIP_ERROR_INTERNAL); } } else if (OID_CMP(sOID_Extension_KeyUsage, extOID)) diff --git a/src/platform/silabs/efr32/CHIPCryptoPALPsaEfr32.cpp b/src/platform/silabs/efr32/CHIPCryptoPALPsaEfr32.cpp index 300348ef311e5a..63a7a17308ab13 100644 --- a/src/platform/silabs/efr32/CHIPCryptoPALPsaEfr32.cpp +++ b/src/platform/silabs/efr32/CHIPCryptoPALPsaEfr32.cpp @@ -1530,9 +1530,8 @@ CHIP_ERROR VerifyAttestationCertificateFormat(const ByteSpan & cert, Attestation if (OID_CMP(sOID_Extension_BasicConstraints, extOID)) { - int isCA = 0; - int pathLen = -1; - unsigned char * seqStart = p; + int isCA = 0; + int pathLen = -1; VerifyOrExit(extCritical, error = CHIP_ERROR_INTERNAL); extBasicPresent = true; @@ -1541,11 +1540,17 @@ CHIP_ERROR VerifyAttestationCertificateFormat(const ByteSpan & cert, Attestation VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL); if (len > 0) { - result = mbedtls_asn1_get_bool(&p, end, &isCA); + unsigned char * seqStart = p; + result = mbedtls_asn1_get_bool(&p, end, &isCA); VerifyOrExit(result == 0 || result == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG, error = CHIP_ERROR_INTERNAL); - if (p != seqStart + len) + // Check if pathLen is there by validating if the cursor didn't get to the end of + // of the internal SEQUENCE for the basic constraints encapsulation. + // Missing pathLen optional tag will leave pathLen == -1 for following checks. + bool hasPathLen = (p != (seqStart + len)); + if (hasPathLen) { + // Extract pathLen value, making sure it's a valid format. result = mbedtls_asn1_get_int(&p, end, &pathLen); VerifyOrExit(result == 0, error = CHIP_ERROR_INTERNAL); } @@ -1561,7 +1566,8 @@ CHIP_ERROR VerifyAttestationCertificateFormat(const ByteSpan & cert, Attestation } else { - VerifyOrExit(isCA && (pathLen == -1 || pathLen == 0 || pathLen == 1), error = CHIP_ERROR_INTERNAL); + // For PAA, pathlen must be absent or equal to 1 (see Matter 1.1 spec 6.2.2.5) + VerifyOrExit(isCA && (pathLen == -1 || pathLen == 1), error = CHIP_ERROR_INTERNAL); } } else if (OID_CMP(sOID_Extension_KeyUsage, extOID))