diff options
| author | Michael Brown <mcb30@ipxe.org> | 2012-03-21 16:16:37 +0000 |
|---|---|---|
| committer | Michael Brown <mcb30@ipxe.org> | 2012-03-22 11:41:22 +0000 |
| commit | fe6e741c62e11655018996b5d281eaeb1af796c1 (patch) | |
| tree | f21086bd055a22a27c0710e1edee1735799d678e /src/include/ipxe | |
| parent | f2af64aba55fda84bd4c6dc6d3590049a637c03f (diff) | |
| download | ipxe-fe6e741c62e11655018996b5d281eaeb1af796c1.zip ipxe-fe6e741c62e11655018996b5d281eaeb1af796c1.tar.gz ipxe-fe6e741c62e11655018996b5d281eaeb1af796c1.tar.bz2 | |
[crypto] Parse X.509 extended key usage extension
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/include/ipxe')
| -rw-r--r-- | src/include/ipxe/asn1.h | 12 | ||||
| -rw-r--r-- | src/include/ipxe/x509.h | 27 |
2 files changed, 39 insertions, 0 deletions
diff --git a/src/include/ipxe/asn1.h b/src/include/ipxe/asn1.h index 553a8f3..393d5dc 100644 --- a/src/include/ipxe/asn1.h +++ b/src/include/ipxe/asn1.h @@ -140,6 +140,18 @@ struct asn1_cursor { ASN1_OID_INITIAL ( 2, 5 ), ASN1_OID_SINGLE ( 29 ), \ ASN1_OID_SINGLE ( 19 ) +/** ASN.1 OID for id-ce-extKeyUsage (2.5.29.37) */ +#define ASN1_OID_EXTKEYUSAGE \ + ASN1_OID_INITIAL ( 2, 5 ), ASN1_OID_SINGLE ( 29 ), \ + ASN1_OID_SINGLE ( 37 ) + +/** ASN.1 OID for id-kp-codeSigning (1.3.6.1.5.5.7.3.3) */ +#define ASN1_OID_CODESIGNING \ + ASN1_OID_INITIAL ( 1, 3 ), ASN1_OID_SINGLE ( 6 ), \ + ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 5 ), \ + ASN1_OID_SINGLE ( 5 ), ASN1_OID_SINGLE ( 7 ), \ + ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 3 ) + /** Define an ASN.1 cursor containing an OID */ #define ASN1_OID_CURSOR( oid_value ) { \ .data = oid_value, \ diff --git a/src/include/ipxe/x509.h b/src/include/ipxe/x509.h index 427f795..09e1800 100644 --- a/src/include/ipxe/x509.h +++ b/src/include/ipxe/x509.h @@ -113,12 +113,29 @@ enum x509_key_usage_bits { X509_DECIPHER_ONLY = 0x8000, }; +/** An X.509 certificate extended key usage */ +struct x509_extended_key_usage { + /** Usage bits */ + unsigned int bits; +}; + +/** X.509 certificate extended key usage bits + * + * Extended key usages are identified by OID; these bits are purely an + * internal definition. + */ +enum x509_extended_key_usage_bits { + X509_CODE_SIGNING = 0x0001, +}; + /** An X.509 certificate extensions set */ struct x509_extensions { /** Basic constraints */ struct x509_basic_constraints basic; /** Key usage */ struct x509_key_usage usage; + /** Extended key usage */ + struct x509_extended_key_usage ext_usage; }; /** An X.509 certificate */ @@ -161,6 +178,16 @@ struct x509_extension { const struct asn1_cursor *raw ); }; +/** An X.509 key purpose */ +struct x509_key_purpose { + /** Name */ + const char *name; + /** Object identifier */ + struct asn1_cursor oid; + /** Extended key usage bits */ + unsigned int bits; +}; + /** An X.509 root certificate store */ struct x509_root { /** Fingerprint digest algorithm */ |