Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set Cert: incorrect key usage check for AliasCert Model #2833

Open
rw8896 opened this issue Sep 11, 2024 · 1 comment · May be fixed by #2837
Open

Set Cert: incorrect key usage check for AliasCert Model #2833

rw8896 opened this issue Sep 11, 2024 · 1 comment · May be fixed by #2837
Assignees
@steven-bellock
Labels
bug Something isn't working

Comments

@rw8896
Copy link
Contributor

rw8896 commented Sep 11, 2024

libspdm/library/spdm_crypt_lib/libspdm_crypt_cert.c

Lines 1193 to 1197 in b327ead

if ((LIBSPDM_CRYPTO_X509_KU_DIGITAL_SIGNATURE & value) == 0) {
status = false;
goto cleanup;
}
}

When set_cert is true and cert model is SPDM_CERTIFICATE_INFO_CERT_MODEL_ALIAS_CERT, the leaf cert is device CA cert which doesn't need to have the digitalSignature usage. Probably could check keyCertSign instead.
@steven-bellock steven-bellock added the bug Something isn't working label Sep 11, 2024
@steven-bellock
Copy link
Contributor

Probably could check keyCertSign instead.

In the SPDM specification Key Usage is only mandatory for leaf certificates. For now libspdm can just skip the check.

steven-bellock added a commit to steven-bellock/libspdm that referenced this issue Sep 15, 2024
@steven-bellock
Skip keyUsage check for AliasCert and SET_CERTIFICATE
584b1ab 
Fix DMTF#2833.

Signed-off-by: Steven Bellock <sbellock@nvidia.com>
@steven-bellock steven-bellock linked a pull request Sep 15, 2024 that will close this issue
Open
steven-bellock added a commit to steven-bellock/libspdm that referenced this issue Sep 15, 2024
@steven-bellock
Skip keyUsage check for AliasCert and SET_CERTIFICATE
1ff50ab 
Fix DMTF#2833.

Signed-off-by: Steven Bellock <sbellock@nvidia.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@steven-bellock steven-bellock

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Skip keyUsage check for AliasCert and SET_CERTIFICATE steven-bellock/libspdm
2 participants
@steven-bellock @rw8896