From a3cc2ad5d49ed61187527281da351e80d8f76a89 Mon Sep 17 00:00:00 2001

From: Peter Jones <pjones@redhat.com>

Date: Mon, 22 Aug 2016 13:31:38 -0400

Subject: [PATCH 15/29] oid: add SHIM_EKU_MODULE_SIGNING_ONLY and fix our array

 indices.

That was all kinds of wrong.

Signed-off-by: Peter Jones <pjones@redhat.com>

---

 src/oid.c | 10 +++++++---

 src/oid.h |  1 +

 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/oid.c b/src/oid.c

index 9d8154f..7037e1e 100644

--- a/src/oid.c

+++ b/src/oid.c

@@ -33,6 +33,7 @@ static uint8_t oiddata[] = {

 	0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x0f,

 	0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x15,

 	0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x01,

+	0x2b, 0x06, 0x01, 0x04, 0x01, 0x92, 0x08, 0x10, 0x01, 0x02,

 };

 #define OID(num, desc_s, oidtype, length, value)		\

@@ -53,11 +54,14 @@ static struct {

 	OID(SPC_STATEMENT_TYPE_OBJID, "Statement Type", siDEROID, 10,

 		&oiddata[10]),

 	OID(SPC_PE_IMAGE_DATA_OBJID, "PE Image Data", siDEROID, 10,

-		&oiddata[30]),

+		&oiddata[20]),

 	OID(SPC_INDIVIDUAL_SP_KEY_PURPOSE_OBJID, "Individual Key", siDEROID,

-		10, &oiddata[40]),

+		10, &oiddata[30]),

 	OID(szOID_CERTSRV_CA_VERSION, "Certification server CA version",

-		siAsciiString, 9, &oiddata[50]),

+		siAsciiString, 9, &oiddata[40]),

+	OID(SHIM_EKU_MODULE_SIGNING_ONLY,

+		"Certificate is used for kernel modules only", siDEROID, 10,

+		&oiddata[49]),

 	{ .oid = END_OID_LIST }

 };

diff --git a/src/oid.h b/src/oid.h

index 599f49d..0e00781 100644

--- a/src/oid.h

+++ b/src/oid.h

@@ -25,6 +25,7 @@ typedef enum {

 	SPC_PE_IMAGE_DATA_OBJID,		/* 1.3.6.1.4.1.311.2.1.15 */

 	SPC_INDIVIDUAL_SP_KEY_PURPOSE_OBJID,	/* 1.3.6.1.4.1.311.2.1.21 */

 	szOID_CERTSRV_CA_VERSION,		/* 1.3.6.1.4.1.311.21.1 */

+	SHIM_EKU_MODULE_SIGNING_ONLY,		/* 1.3.6.1.4.1.2312.16.1.2 */

 	END_OID_LIST

 } ms_oid_t;

-- 

2.13.4