Skip to content

Commit

Permalink
[manuf] remove the fake CA pathlen constraint
Browse files Browse the repository at this point in the history 
Eliminate the pathlen constraint from the fake CA certificate and
allow certificate chains of arbitrary lenth.  This allows us to
verify the certificate chain from CA->UDS->CDI0->CDI1.

This is a manual cherry-pick from 87e0070.

Eventually, two CAs should be able to be specified for the perso flow.
See #24955 for more details.

Co-authored-by: Chris Frantz <[email protected]>
Signed-off-by: Tim Trippel <[email protected]>
(cherry picked from commit 87e0070)
(cherry picked from commit e741bb6)
  • Loading branch information
@timothytrippel @github-actions
timothytrippel authored and github-actions[bot] committed Oct 31, 2024
1 parent 173c8a2 commit f9991c9
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 11 deletions.
2 changes: 1 addition & 1 deletion sw/device/silicon_creator/manuf/keys/fake/fake_ca.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,5 +15,5 @@ CN=Google Engineering ICA
[v3_ca]
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always
basicConstraints = critical,CA:true,pathlen:0
basicConstraints = critical,CA:true
keyUsage = digitalSignature, keyCertSign, cRLSign
6 changes: 3 additions & 3 deletions sw/device/silicon_creator/manuf/keys/fake/fake_ca.csr
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ MIIBHTCBxAIBADBiMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExDzANBgNVBAoM
Bkdvb2dsZTEUMBIGA1UECwwLRW5naW5lZXJpbmcxHzAdBgNVBAMMFkdvb2dsZSBF
bmdpbmVlcmluZyBJQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARhCQgjUnab
iUu5ivmebhjhb+4TQuX/A2SWLfzDeQGDuCjsezqPTEP1OHqu3GlW3ovZhyp40Ju5
IwR1vy/vNJkVoAAwCgYIKoZIzj0EAwIDSAAwRQIhAKI+sbyTTTJ+QkEONzrsHCw1
UJ0YBDRjC29TqzWxicGJAiA0GEOXSPxoUnGqk7uZVY/D4GWCbtS1wQSu4aJ7WaMM
ig==
IwR1vy/vNJkVoAAwCgYIKoZIzj0EAwIDSAAwRQIhANepinY8fzxEZ3EyxMymfFjk
9X+Rd9HbyxPkzSD8vi7wAiAWLyR99Lk9wc2GgXKcA6COmQzCB9bzlGAdYJSDrMVM
jg==
-----END CERTIFICATE REQUEST-----
14 changes: 7 additions & 7 deletions sw/device/silicon_creator/manuf/keys/fake/fake_ca.pem
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
-----BEGIN CERTIFICATE-----
MIICrTCCAlKgAwIBAgIUR7zbZxY2lxH6tUOJcmi1PJX9G5cwCgYIKoZIzj0EAwIw
MIICqjCCAk+gAwIBAgIUG0NwWZ6+cxC7v+kO6zyiRNjbB64wCgYIKoZIzj0EAwIw
YjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQ8wDQYDVQQKDAZHb29nbGUxFDAS
BgNVBAsMC0VuZ2luZWVyaW5nMR8wHQYDVQQDDBZHb29nbGUgRW5naW5lZXJpbmcg
SUNBMB4XDTI0MDUxNDE3NDUwNVoXDTM0MDUxMjE3NDUwNVowYjELMAkGA1UEBhMC
SUNBMB4XDTI0MTAzMDIyNTYxMloXDTM0MTAyODIyNTYxMlowYjELMAkGA1UEBhMC
VVMxCzAJBgNVBAgMAkNBMQ8wDQYDVQQKDAZHb29nbGUxFDASBgNVBAsMC0VuZ2lu
ZWVyaW5nMR8wHQYDVQQDDBZHb29nbGUgRW5naW5lZXJpbmcgSUNBMFkwEwYHKoZI
zj0CAQYIKoZIzj0DAQcDQgAEYQkII1J2m4lLuYr5nm4Y4W/uE0Ll/wNkli38w3kB
g7go7Hs6j0xD9Th6rtxpVt6L2YcqeNCbuSMEdb8v7zSZFaOB5TCB4jAdBgNVHQ4E
g7go7Hs6j0xD9Th6rtxpVt6L2YcqeNCbuSMEdb8v7zSZFaOB4jCB3zAdBgNVHQ4E
FgQU/lhK51N5DP2GAaMS+zLTwbgi0RIwgZ8GA1UdIwSBlzCBlIAU/lhK51N5DP2G
AaMS+zLTwbgi0RKhZqRkMGIxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEPMA0G
A1UECgwGR29vZ2xlMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEfMB0GA1UEAwwWR29v
Z2xlIEVuZ2luZWVyaW5nIElDQYIUR7zbZxY2lxH6tUOJcmi1PJX9G5cwEgYDVR0T
AQH/BAgwBgEB/wIBADALBgNVHQ8EBAMCAYYwCgYIKoZIzj0EAwIDSQAwRgIhANhC
yBYH+QFtpyUTDJpNOYHqpYEDq2G2YbX8TqrrEKM7AiEA+ScDPRVz54Ra2fKi7Ggz
oquz3y9HDoQycPLiNihm5TM=
Z2xlIEVuZ2luZWVyaW5nIElDQYIUG0NwWZ6+cxC7v+kO6zyiRNjbB64wDwYDVR0T
AQH/BAUwAwEB/zALBgNVHQ8EBAMCAYYwCgYIKoZIzj0EAwIDSQAwRgIhAJiPs5uH
cbsQqf5sL33xJP2QjgqiAl1SuQn3axk3OxmLAiEAi85Nj0coqJ46qdSdQ78msnMf
a75PcoVcLy67k6leXuw=
-----END CERTIFICATE-----

0 comments on commit f9991c9

Please sign in to comment.