From fe6e741c62e11655018996b5d281eaeb1af796c1 Mon Sep 17 00:00:00 2001 From: Michael Brown Date: Wed, 21 Mar 2012 16:16:37 +0000 Subject: [crypto] Parse X.509 extended key usage extension Signed-off-by: Michael Brown --- src/include/ipxe/asn1.h | 12 ++++++++++++ src/include/ipxe/x509.h | 27 +++++++++++++++++++++++++++ 2 files changed, 39 insertions(+) (limited to 'src/include') diff --git a/src/include/ipxe/asn1.h b/src/include/ipxe/asn1.h index 553a8f3c3..393d5dc34 100644 --- a/src/include/ipxe/asn1.h +++ b/src/include/ipxe/asn1.h @@ -140,6 +140,18 @@ struct asn1_cursor { ASN1_OID_INITIAL ( 2, 5 ), ASN1_OID_SINGLE ( 29 ), \ ASN1_OID_SINGLE ( 19 ) +/** ASN.1 OID for id-ce-extKeyUsage (2.5.29.37) */ +#define ASN1_OID_EXTKEYUSAGE \ + ASN1_OID_INITIAL ( 2, 5 ), ASN1_OID_SINGLE ( 29 ), \ + ASN1_OID_SINGLE ( 37 ) + +/** ASN.1 OID for id-kp-codeSigning (1.3.6.1.5.5.7.3.3) */ +#define ASN1_OID_CODESIGNING \ + ASN1_OID_INITIAL ( 1, 3 ), ASN1_OID_SINGLE ( 6 ), \ + ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 5 ), \ + ASN1_OID_SINGLE ( 5 ), ASN1_OID_SINGLE ( 7 ), \ + ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 3 ) + /** Define an ASN.1 cursor containing an OID */ #define ASN1_OID_CURSOR( oid_value ) { \ .data = oid_value, \ diff --git a/src/include/ipxe/x509.h b/src/include/ipxe/x509.h index 427f79557..09e180075 100644 --- a/src/include/ipxe/x509.h +++ b/src/include/ipxe/x509.h @@ -113,12 +113,29 @@ enum x509_key_usage_bits { X509_DECIPHER_ONLY = 0x8000, }; +/** An X.509 certificate extended key usage */ +struct x509_extended_key_usage { + /** Usage bits */ + unsigned int bits; +}; + +/** X.509 certificate extended key usage bits + * + * Extended key usages are identified by OID; these bits are purely an + * internal definition. + */ +enum x509_extended_key_usage_bits { + X509_CODE_SIGNING = 0x0001, +}; + /** An X.509 certificate extensions set */ struct x509_extensions { /** Basic constraints */ struct x509_basic_constraints basic; /** Key usage */ struct x509_key_usage usage; + /** Extended key usage */ + struct x509_extended_key_usage ext_usage; }; /** An X.509 certificate */ @@ -161,6 +178,16 @@ struct x509_extension { const struct asn1_cursor *raw ); }; +/** An X.509 key purpose */ +struct x509_key_purpose { + /** Name */ + const char *name; + /** Object identifier */ + struct asn1_cursor oid; + /** Extended key usage bits */ + unsigned int bits; +}; + /** An X.509 root certificate store */ struct x509_root { /** Fingerprint digest algorithm */ -- cgit v1.2.3-55-g7522