Blob Blame History Raw
From a3cc2ad5d49ed61187527281da351e80d8f76a89 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Mon, 22 Aug 2016 13:31:38 -0400
Subject: [PATCH 15/29] oid: add SHIM_EKU_MODULE_SIGNING_ONLY and fix our array
 indices.

That was all kinds of wrong.

Signed-off-by: Peter Jones <pjones@redhat.com>
---
 src/oid.c | 10 +++++++---
 src/oid.h |  1 +
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/oid.c b/src/oid.c
index 9d8154f..7037e1e 100644
--- a/src/oid.c
+++ b/src/oid.c
@@ -33,6 +33,7 @@ static uint8_t oiddata[] = {
 	0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x0f,
 	0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x15,
 	0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x15, 0x01,
+	0x2b, 0x06, 0x01, 0x04, 0x01, 0x92, 0x08, 0x10, 0x01, 0x02,
 };
 
 #define OID(num, desc_s, oidtype, length, value)		\
@@ -53,11 +54,14 @@ static struct {
 	OID(SPC_STATEMENT_TYPE_OBJID, "Statement Type", siDEROID, 10,
 		&oiddata[10]),
 	OID(SPC_PE_IMAGE_DATA_OBJID, "PE Image Data", siDEROID, 10,
-		&oiddata[30]),
+		&oiddata[20]),
 	OID(SPC_INDIVIDUAL_SP_KEY_PURPOSE_OBJID, "Individual Key", siDEROID,
-		10, &oiddata[40]),
+		10, &oiddata[30]),
 	OID(szOID_CERTSRV_CA_VERSION, "Certification server CA version",
-		siAsciiString, 9, &oiddata[50]),
+		siAsciiString, 9, &oiddata[40]),
+	OID(SHIM_EKU_MODULE_SIGNING_ONLY,
+		"Certificate is used for kernel modules only", siDEROID, 10,
+		&oiddata[49]),
 	{ .oid = END_OID_LIST }
 };
 
diff --git a/src/oid.h b/src/oid.h
index 599f49d..0e00781 100644
--- a/src/oid.h
+++ b/src/oid.h
@@ -25,6 +25,7 @@ typedef enum {
 	SPC_PE_IMAGE_DATA_OBJID,		/* 1.3.6.1.4.1.311.2.1.15 */
 	SPC_INDIVIDUAL_SP_KEY_PURPOSE_OBJID,	/* 1.3.6.1.4.1.311.2.1.21 */
 	szOID_CERTSRV_CA_VERSION,		/* 1.3.6.1.4.1.311.21.1 */
+	SHIM_EKU_MODULE_SIGNING_ONLY,		/* 1.3.6.1.4.1.2312.16.1.2 */
 	END_OID_LIST
 } ms_oid_t;
 
-- 
2.13.4