[crypto] Parse X.509 extended key usage extension

Signed-off-by: Michael Brown <mcb30@ipxe.org>

1 files changed, 27 insertions, 0 deletions

diff --git a/src/include/ipxe/x509.h b/src/include/ipxe/x509.h
index 427f7955..09e18007 100644
--- a/src/include/ipxe/x509.h
+++ b/src/include/ipxe/x509.h
@@ -113,12 +113,29 @@ enum x509_key_usage_bits {
 	X509_DECIPHER_ONLY = 0x8000,
 };
 
+/** An X.509 certificate extended key usage */
+struct x509_extended_key_usage {
+	/** Usage bits */
+	unsigned int bits;
+};
+
+/** X.509 certificate extended key usage bits
+ *
+ * Extended key usages are identified by OID; these bits are purely an
+ * internal definition.
+ */
+enum x509_extended_key_usage_bits {
+	X509_CODE_SIGNING = 0x0001,
+};
+
 /** An X.509 certificate extensions set */
 struct x509_extensions {
 	/** Basic constraints */
 	struct x509_basic_constraints basic;
 	/** Key usage */
 	struct x509_key_usage usage;
+	/** Extended key usage */
+	struct x509_extended_key_usage ext_usage;
 };
 
 /** An X.509 certificate */
@@ -161,6 +178,16 @@ struct x509_extension {
 			  const struct asn1_cursor *raw );
 };
 
+/** An X.509 key purpose */
+struct x509_key_purpose {
+	/** Name */
+	const char *name;
+	/** Object identifier */
+	struct asn1_cursor oid;
+	/** Extended key usage bits */
+	unsigned int bits;
+};
+
 /** An X.509 root certificate store */
 struct x509_root {
 	/** Fingerprint digest algorithm */