certs: Fixup id-spdm-cert-oid SEQUENCE

Following the discussion in libspdm [1] we are incorrectly missing a
second SEQUENCE tag when generating the id-spdm-cert-oids. This commit
fixes it so we are compliant with the libspdm tests.

1: DMTF/libspdm#2325 (comment)

Signed-off-by: Alistair Francis <[email protected]>

Author: alistair23

certs/openssl.cnf

@@ -1,5 +1,3 @@
-### REF: https://www.openssl.org/docs/man1.1.1/man3/ASN1_generate_nconf.html
-
 [ device_ca ]
 basicConstraints = CA:true
 keyUsage = cRLSign, keyCertSign, digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign
@@ -14,6 +12,9 @@ extendedKeyUsage = critical, serverAuth, clientAuth, OCSPSigning
 2.23.133.5.4.100.8 = ASN1:NULL # tcg-dice-kp-attestInit
 
 [ device_ca_spdm_cert_oids ]
+id-spdm-cert-oid = SEQUENCE:device_ca_spdm_cert_hardware_identity_oid
+
+[ device_ca_spdm_cert_hardware_identity_oid ]
 id-DMTF-hardware-identity = OID:1.3.6.1.4.1.412.274.2
 
 [ alias_ca ]
@@ -30,6 +31,9 @@ extendedKeyUsage = critical, serverAuth, clientAuth, OCSPSigning
 2.23.133.5.4.100.11 = ASN1:NULL # tcg-dice-kp-assertLoc
 
 [ alias_ca_spdm_cert_oids ]
+id-spdm-cert-oid = SEQUENCE:alias_ca_spdm_cert_mutable_oid
+
+[ alias_ca_spdm_cert_mutable_oid ]
 id-DMTF-mutable-certificate = OID:1.3.6.1.4.1.412.274.5
 
 [ leaf ]
@@ -48,4 +52,7 @@ extendedKeyUsage = critical, serverAuth, clientAuth, OCSPSigning, 1.3.6.1.4.1.41
 2.23.133.5.4.100.11 = ASN1:NULL # tcg-dice-kp-assertLoc
 
 [ leaf_spdm_cert_oids ]
+id-spdm-cert-oid = SEQUENCE:leaf_spdm_cert_mutabl_oid
+
+[ leaf_spdm_cert_mutabl_oid ]
 id-DMTF-mutable-certificate = OID:1.3.6.1.4.1.412.274.5

certs/slot0/ca.cert

@@ -1,12 +1,12 @@
 -----BEGIN CERTIFICATE-----
-MIIBtTCCATygAwIBAgIUHHzm254eX1FdkMgO7Yv0ro8oERYwCgYIKoZIzj0EAwMw
-EjEQMA4GA1UEAwwHVGVzdCBDQTAeFw0yNDAyMjkwMzAwNDFaFw0zNDAyMjYwMzAw
-NDFaMBIxEDAOBgNVBAMMB1Rlc3QgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARb
-M9WEPtGaFsHQnhpkAO2vBErfRW7D59ItMABEgy1h64XztpcIBAZ+ue1PYA51UKvJ
-iugUvFjm1Yoa/m33FnINuSUo3VmR1Eg1KA4+gcGIrYRkdAIQ2BNR9i+OJh9SVDaj
-UzBRMB0GA1UdDgQWBBTA/APZGgxdhPBSAtbKtD8PRd1aZzAfBgNVHSMEGDAWgBTA
-/APZGgxdhPBSAtbKtD8PRd1aZzAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMD
-A2cAMGQCMB3W1Jw0GJFSDIqdg97FOePsJdwrmR1hjXZV+pNURBT7BVJeV631kBZ2
-VphljPFUfQIwEONtJYyCtLy2r1xn2ELs/N5/UNDq/7BsJugSy4S8xdz8qOtZAET1
-lthtFq5OvYgD
+MIIBtjCCATygAwIBAgIUb1sjyAnlHy55wptv7sT1StHBX9EwCgYIKoZIzj0EAwMw
+EjEQMA4GA1UEAwwHVGVzdCBDQTAeFw0yNDAzMDgwMzM0MzFaFw0zNDAzMDYwMzM0
+MzFaMBIxEDAOBgNVBAMMB1Rlc3QgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARL
+D9toR9XDGiqLflxqNYsq4oUfYx+QUYxrTQ5KNIStTk1r08Lz9cWNNTWMHbE7vPDN
+ruaPEVpAsZYG4AtAOTVogHH5zd9iq90hZOdiyPJ1dnxRHKSnRaun84byAA+cPmWj
+UzBRMB0GA1UdDgQWBBTE/XXyaypBglRd5QMisc9Cf/+EyDAfBgNVHSMEGDAWgBTE
+/XXyaypBglRd5QMisc9Cf/+EyDAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMD
+A2gAMGUCMQDYgKWqOErRRBwn+aRIw5H6gQof41p9W3RD7R4ihnaf8AF67MEYCL9P
+HSdnI7y9GjMCMBnBaiJmX7NIp8f5J3O2mUv/UO7Pt/QenxvgJ701GV2r8Mmrm4TE
+O1QoyF88EKC28g==
 -----END CERTIFICATE-----

certs/slot0/ca.cert.der

@@ -1,6 +1,6 @@
 -----BEGIN PRIVATE KEY-----
-MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBFO2tI6Ik0bOOMBUMF
-uDu10IXrU3ot0UUU9cGqoxjPICXKB9F7IeRxjU23rXPXipahZANiAARbM9WEPtGa
-FsHQnhpkAO2vBErfRW7D59ItMABEgy1h64XztpcIBAZ+ue1PYA51UKvJiugUvFjm
-1Yoa/m33FnINuSUo3VmR1Eg1KA4+gcGIrYRkdAIQ2BNR9i+OJh9SVDY=
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDUi3Ws2sH4r8Fs0xdS
+6WmH9fWcZIL5rCvdKzc9W0Vru+vw5pyLfzNivC0dt/2IsJChZANiAARLD9toR9XD
+GiqLflxqNYsq4oUfYx+QUYxrTQ5KNIStTk1r08Lz9cWNNTWMHbE7vPDNruaPEVpA
+sZYG4AtAOTVogHH5zd9iq90hZOdiyPJ1dnxRHKSnRaun84byAA+cPmU=
 -----END PRIVATE KEY-----

certs/slot0/ca.key

@@ -1,6 +1,6 @@
 -----BEGIN PRIVATE KEY-----
-MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCsK1BEpkVVF4HYozE/
-HsdoXkIRjE06MD68/MCn90Nhc1o4NpV7b7TfDbbO51bzdWWhZANiAATfQstwlynj
-R87v1GYSE8mb/gNqoDTraoBJw4VXDWIj0m9EPKE3sOuVilPAsg5kXvF8xSE6r3Ra
-rgd0m8fWhqVT/xAvyGvJwIdW/wBz7An+BWBNLdRMLH0t0LjyL4JO0SU=
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCI4TDp/s/DchCsurb2
+DU9xr0Leoyx3G4EXG68VSbS7/I7hKNxxJloITFbPhM6arTChZANiAAStL+PDvUOv
+ZdMnZTV6SY8wmsigVyoV2qVL1SVVIEGYvaKXv5+g87NYSWHJylnyGc84d78KHfKr
+q2kgl1VKIbminqCbG+hXZBQ1ksRPa8ev2Cziz7l9W1kKHlbtMwMbbxc=
 -----END PRIVATE KEY-----

certs/slot0/device.cert.der

@@ -1,8 +1,8 @@
 -----BEGIN CERTIFICATE REQUEST-----
 MIIBETCBmAIBADAZMRcwFQYDVQQDDA5UZXN0IERldmljZSBDQTB2MBAGByqGSM49
-AgEGBSuBBAAiA2IABN9Cy3CXKeNHzu/UZhITyZv+A2qgNOtqgEnDhVcNYiPSb0Q8
-oTew65WKU8CyDmRe8XzFITqvdFquB3Sbx9aGpVP/EC/Ia8nAh1b/AHPsCf4FYE0t
-1EwsfS3QuPIvgk7RJaAAMAoGCCqGSM49BAMDA2gAMGUCMA2lRYq1lrUdzG3Be7ci
-GN9JiH9h8KLGR8rbCoFFN5iPv1t6A+ze+RfBloqrTnUuuwIxANHUs0eWxLtjMbB9
-y4OMTG+Gqg4v1u3GgO8YV+qxgdyulAEX7vxB08nj0sr9BtCyxA==
+AgEGBSuBBAAiA2IABK0v48O9Q69l0ydlNXpJjzCayKBXKhXapUvVJVUgQZi9ope/
+n6Dzs1hJYcnKWfIZzzh3vwod8quraSCXVUohuaKeoJsb6FdkFDWSxE9rx6/YLOLP
+uX1bWQoeVu0zAxtvF6AAMAoGCCqGSM49BAMDA2gAMGUCMCvXttCiqs7eQ8eHU+xi
+dLkFYbRuezXuHze2x18MCN63e/eQPzAa/aN+X6BZqsZ/3gIxAIC6MaJ7lKjjxiea
+NhG1oRPDuA4XzNXdN8flcg1BaXeccGlPFI9QGMwjUII6E+txjQ==
 -----END CERTIFICATE REQUEST-----