diff options
author | Michael Brown | 2012-03-21 17:16:37 +0100 |
---|---|---|
committer | Michael Brown | 2012-03-22 12:41:22 +0100 |
commit | fe6e741c62e11655018996b5d281eaeb1af796c1 (patch) | |
tree | f21086bd055a22a27c0710e1edee1735799d678e /src/include/ipxe/x509.h | |
parent | [crypto] Differentiate "untrusted root" and "incomplete chain" error cases (diff) | |
download | ipxe-fe6e741c62e11655018996b5d281eaeb1af796c1.tar.gz ipxe-fe6e741c62e11655018996b5d281eaeb1af796c1.tar.xz ipxe-fe6e741c62e11655018996b5d281eaeb1af796c1.zip |
[crypto] Parse X.509 extended key usage extension
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/include/ipxe/x509.h')
-rw-r--r-- | src/include/ipxe/x509.h | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/src/include/ipxe/x509.h b/src/include/ipxe/x509.h index 427f7955..09e18007 100644 --- a/src/include/ipxe/x509.h +++ b/src/include/ipxe/x509.h @@ -113,12 +113,29 @@ enum x509_key_usage_bits { X509_DECIPHER_ONLY = 0x8000, }; +/** An X.509 certificate extended key usage */ +struct x509_extended_key_usage { + /** Usage bits */ + unsigned int bits; +}; + +/** X.509 certificate extended key usage bits + * + * Extended key usages are identified by OID; these bits are purely an + * internal definition. + */ +enum x509_extended_key_usage_bits { + X509_CODE_SIGNING = 0x0001, +}; + /** An X.509 certificate extensions set */ struct x509_extensions { /** Basic constraints */ struct x509_basic_constraints basic; /** Key usage */ struct x509_key_usage usage; + /** Extended key usage */ + struct x509_extended_key_usage ext_usage; }; /** An X.509 certificate */ @@ -161,6 +178,16 @@ struct x509_extension { const struct asn1_cursor *raw ); }; +/** An X.509 key purpose */ +struct x509_key_purpose { + /** Name */ + const char *name; + /** Object identifier */ + struct asn1_cursor oid; + /** Extended key usage bits */ + unsigned int bits; +}; + /** An X.509 root certificate store */ struct x509_root { /** Fingerprint digest algorithm */ |