Make OCTET STRING in authorityKeyIdentifier IMPLICIT

chipsalliance · Jun 10, 2024 · 61cbdb5 · 61cbdb5
1 parent 3791c34
commit 61cbdb5
Showing 1 changed file with 3 additions and 10 deletions.
diff --git a/dpe/src/x509.rs b/dpe/src/x509.rs
@@ -508,7 +508,7 @@ impl CertWriter<'_> {
         let aki_size = Self::get_key_identifier_size(
             &measurements.authority_key_identifier,
             true,
-            /*explicit=*/ true,
+            /*explicit=*/ false,
         )?;
 
         // Extension data is sequence -> octet string. To compute size, wrap
@@ -1613,7 +1613,7 @@ impl CertWriter<'_> {
         let key_identifier_size = Self::get_key_identifier_size(
             &measurements.authority_key_identifier,
             /*tagged=*/ true,
-            /*explicit=*/ true,
+            /*explicit=*/ false,
         )?;
         bytes_written += self.encode_byte(Self::OCTET_STRING_TAG)?;
         bytes_written += self.encode_size_field(Self::get_structure_size(
@@ -1946,19 +1946,12 @@ impl CertWriter<'_> {
     fn encode_key_identifier(&mut self, key_identifier: &[u8]) -> Result<usize, DpeErrorCode> {
         // KeyIdentifier is IMPLICIT field number 0
         let mut bytes_written = self.encode_byte(Self::CONTEXT_SPECIFIC | 0x0)?;
-        bytes_written += self.encode_size_field(Self::get_key_identifier_size(
-            key_identifier,
-            /*tagged=*/ true,
-            /*explicit=*/ false,
-        )?)?;
-
-        // KeyIdentifier := OCTET STRING
-        bytes_written += self.encode_tag_field(Self::OCTET_STRING_TAG)?;
         bytes_written += self.encode_size_field(Self::get_key_identifier_size(
             key_identifier,
             /*tagged=*/ false,
             /*explicit=*/ false,
         )?)?;
+
         bytes_written += self.encode_bytes(key_identifier)?;
 
         Ok(bytes_written)