Parcourir la source

[crypto] Parse OCSPSigning key purpose, if present

Signed-off-by: Michael Brown <mcb30@ipxe.org>
tags/v1.20.1
Michael Brown il y a 12 ans
Parent
révision
e01af7367d
3 fichiers modifiés avec 16 ajouts et 0 suppressions
  1. 8
    0
      src/crypto/x509.c
  2. 7
    0
      src/include/ipxe/asn1.h
  3. 1
    0
      src/include/ipxe/x509.h

+ 8
- 0
src/crypto/x509.c Voir le fichier

@@ -518,6 +518,9 @@ static int x509_parse_key_usage ( struct x509_certificate *cert,
518 518
 /** "id-kp-codeSigning" object identifier */
519 519
 static uint8_t oid_code_signing[] = { ASN1_OID_CODESIGNING };
520 520
 
521
+/** "id-kp-OCSPSigning" object identifier */
522
+static uint8_t oid_ocsp_signing[] = { ASN1_OID_OCSPSIGNING };
523
+
521 524
 /** Supported key purposes */
522 525
 static struct x509_key_purpose x509_key_purposes[] = {
523 526
 	{
@@ -525,6 +528,11 @@ static struct x509_key_purpose x509_key_purposes[] = {
525 528
 		.bits = X509_CODE_SIGNING,
526 529
 		.oid = ASN1_OID_CURSOR ( oid_code_signing ),
527 530
 	},
531
+	{
532
+		.name = "ocspSigning",
533
+		.bits = X509_OCSP_SIGNING,
534
+		.oid = ASN1_OID_CURSOR ( oid_ocsp_signing ),
535
+	},
528 536
 };
529 537
 
530 538
 /**

+ 7
- 0
src/include/ipxe/asn1.h Voir le fichier

@@ -176,6 +176,13 @@ struct asn1_cursor {
176 176
 	ASN1_OID_SINGLE ( 5 ), ASN1_OID_SINGLE ( 7 ),		\
177 177
 	ASN1_OID_SINGLE ( 48 ), ASN1_OID_SINGLE ( 1 )
178 178
 
179
+/** ASN.1 OID for id-kp-OCSPSigning (1.3.6.1.5.5.7.3.9) */
180
+#define ASN1_OID_OCSPSIGNING					\
181
+	ASN1_OID_INITIAL ( 1, 3 ), ASN1_OID_SINGLE ( 6 ),	\
182
+	ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 5 ),		\
183
+	ASN1_OID_SINGLE ( 5 ), ASN1_OID_SINGLE ( 7 ),		\
184
+	ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 9 )
185
+
179 186
 /** Define an ASN.1 cursor containing an OID */
180 187
 #define ASN1_OID_CURSOR( oid_value ) {				\
181 188
 		.data = oid_value,				\

+ 1
- 0
src/include/ipxe/x509.h Voir le fichier

@@ -119,6 +119,7 @@ struct x509_extended_key_usage {
119 119
  */
120 120
 enum x509_extended_key_usage_bits {
121 121
 	X509_CODE_SIGNING = 0x0001,
122
+	X509_OCSP_SIGNING = 0x0002,
122 123
 };
123 124
 
124 125
 /** X.509 certificate OCSP responder */

Chargement…
Annuler
Enregistrer