Add parsing/printing for new X.509 keyUsage flags
This commit is contained in:
parent
b80d16d171
commit
9a702255f4
5 changed files with 32 additions and 2 deletions
|
@ -110,6 +110,7 @@
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* X.509 v3 Key Usage Extension flags
|
* X.509 v3 Key Usage Extension flags
|
||||||
|
* Reminder: update x509_info_key_usage() when adding new flags.
|
||||||
*/
|
*/
|
||||||
#define MBEDTLS_X509_KU_DIGITAL_SIGNATURE (0x80) /* bit 0 */
|
#define MBEDTLS_X509_KU_DIGITAL_SIGNATURE (0x80) /* bit 0 */
|
||||||
#define MBEDTLS_X509_KU_NON_REPUDIATION (0x40) /* bit 1 */
|
#define MBEDTLS_X509_KU_NON_REPUDIATION (0x40) /* bit 1 */
|
||||||
|
@ -118,6 +119,8 @@
|
||||||
#define MBEDTLS_X509_KU_KEY_AGREEMENT (0x08) /* bit 4 */
|
#define MBEDTLS_X509_KU_KEY_AGREEMENT (0x08) /* bit 4 */
|
||||||
#define MBEDTLS_X509_KU_KEY_CERT_SIGN (0x04) /* bit 5 */
|
#define MBEDTLS_X509_KU_KEY_CERT_SIGN (0x04) /* bit 5 */
|
||||||
#define MBEDTLS_X509_KU_CRL_SIGN (0x02) /* bit 6 */
|
#define MBEDTLS_X509_KU_CRL_SIGN (0x02) /* bit 6 */
|
||||||
|
#define MBEDTLS_X509_KU_ENCIPHER_ONLY (0x01) /* bit 7 */
|
||||||
|
#define MBEDTLS_X509_KU_DECIPHER_ONLY (0x8000) /* bit 8 */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Netscape certificate types
|
* Netscape certificate types
|
||||||
|
|
|
@ -371,6 +371,7 @@ static int x509_get_key_usage( unsigned char **p,
|
||||||
unsigned int *key_usage)
|
unsigned int *key_usage)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
size_t i;
|
||||||
mbedtls_x509_bitstring bs = { 0, 0, NULL };
|
mbedtls_x509_bitstring bs = { 0, 0, NULL };
|
||||||
|
|
||||||
if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 )
|
if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 )
|
||||||
|
@ -381,7 +382,12 @@ static int x509_get_key_usage( unsigned char **p,
|
||||||
MBEDTLS_ERR_ASN1_INVALID_LENGTH );
|
MBEDTLS_ERR_ASN1_INVALID_LENGTH );
|
||||||
|
|
||||||
/* Get actual bitstring */
|
/* Get actual bitstring */
|
||||||
*key_usage = *bs.p;
|
*key_usage = 0;
|
||||||
|
for( i = 0; i < bs.len && i < sizeof( unsigned int ); i++ )
|
||||||
|
{
|
||||||
|
*key_usage |= (unsigned int) bs.p[i] << (8*i);
|
||||||
|
}
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1274,7 +1280,7 @@ static int x509_info_cert_type( char **buf, size_t *size,
|
||||||
PRINT_ITEM( name );
|
PRINT_ITEM( name );
|
||||||
|
|
||||||
static int x509_info_key_usage( char **buf, size_t *size,
|
static int x509_info_key_usage( char **buf, size_t *size,
|
||||||
unsigned char key_usage )
|
unsigned int key_usage )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
size_t n = *size;
|
size_t n = *size;
|
||||||
|
@ -1288,6 +1294,8 @@ static int x509_info_key_usage( char **buf, size_t *size,
|
||||||
KEY_USAGE( MBEDTLS_X509_KU_KEY_AGREEMENT, "Key Agreement" );
|
KEY_USAGE( MBEDTLS_X509_KU_KEY_AGREEMENT, "Key Agreement" );
|
||||||
KEY_USAGE( MBEDTLS_X509_KU_KEY_CERT_SIGN, "Key Cert Sign" );
|
KEY_USAGE( MBEDTLS_X509_KU_KEY_CERT_SIGN, "Key Cert Sign" );
|
||||||
KEY_USAGE( MBEDTLS_X509_KU_CRL_SIGN, "CRL Sign" );
|
KEY_USAGE( MBEDTLS_X509_KU_CRL_SIGN, "CRL Sign" );
|
||||||
|
KEY_USAGE( MBEDTLS_X509_KU_ENCIPHER_ONLY, "Encipher Only" );
|
||||||
|
KEY_USAGE( MBEDTLS_X509_KU_DECIPHER_ONLY, "Decipher Only" );
|
||||||
|
|
||||||
*size = n;
|
*size = n;
|
||||||
*buf = p;
|
*buf = p;
|
||||||
|
|
|
@ -23,6 +23,7 @@ Finally, other CAs for specific purposes:
|
||||||
- test-ca-v1.crt: v1 "CA", signs
|
- test-ca-v1.crt: v1 "CA", signs
|
||||||
server1-v1.crt: v1 "intermediate CA", signs
|
server1-v1.crt: v1 "intermediate CA", signs
|
||||||
server2-v1*.crt: EE cert (without of with chain in same file)
|
server2-v1*.crt: EE cert (without of with chain in same file)
|
||||||
|
- keyUsage.decipherOnly.crt: has the decipherOnly keyUsage bit set
|
||||||
|
|
||||||
End-entity certificates
|
End-entity certificates
|
||||||
-----------------------
|
-----------------------
|
||||||
|
|
14
tests/data_files/keyUsage.decipherOnly.crt
Normal file
14
tests/data_files/keyUsage.decipherOnly.crt
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIICFzCCAYCgAwIBAgIJAJsTzkylb95SMA0GCSqGSIb3DQEBBQUAMD8xCzAJBgNV
|
||||||
|
BAYTAkdCMRIwEAYDVQQHDAlDYW1icmlkZ2UxHDAaBgNVBAoME0RlZmF1bHQgQ29t
|
||||||
|
cGFueSBMdGQwHhcNMTUwNTEyMTAzNjU1WhcNMTgwNTExMTAzNjU1WjA/MQswCQYD
|
||||||
|
VQQGEwJHQjESMBAGA1UEBwwJQ2FtYnJpZGdlMRwwGgYDVQQKDBNEZWZhdWx0IENv
|
||||||
|
bXBhbnkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9nxYOSbha/Ap4
|
||||||
|
6rACrOMH7zfDD+0ZEHhbO0bgGRjc5ElvOaNuD321y9TnyAx+JrqPp/lFrAgNiVo1
|
||||||
|
HPurPHfcJ+tNBUgBHboWGNENNaf9ovwFPawsBzEZraGnDaqVPEFcIsUQPVqO1lrQ
|
||||||
|
CHLUjtqo1hMZDqe/Web0Mw9cZrqOaQIDAQABoxswGTAJBgNVHRMEAjAAMAwGA1Ud
|
||||||
|
DwQFAwMH4IAwDQYJKoZIhvcNAQEFBQADgYEAJ0NS2wUbgRelK0qKxrR2Ts6jVYEH
|
||||||
|
bmykx3GHjFyKpscDIn2vNyyB7ygfFglZPcw+2mn3xuVIwOV/mWxFvKHk+j2WrTQL
|
||||||
|
tDqSC5BhFoR01veFu07JdEYvz+I+NCL5z0IGWXkUrk235Wl4w4WMZDnXTqncMNEk
|
||||||
|
fLtpo9y79XD00QY=
|
||||||
|
-----END CERTIFICATE-----
|
|
@ -90,6 +90,10 @@ X509 Certificate information, Key Usage
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C
|
||||||
x509_cert_info:"data_files/server1.key_usage.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
|
x509_cert_info:"data_files/server1.key_usage.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
|
||||||
|
|
||||||
|
X509 Certificate information, Key Usage with decipherOnly
|
||||||
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C
|
||||||
|
x509_cert_info:"data_files/keyUsage.decipherOnly.crt":"cert. version \: 3\nserial number \: 9B\:13\:CE\:4C\:A5\:6F\:DE\:52\nissuer name \: C=GB, L=Cambridge, O=Default Company Ltd\nsubject name \: C=GB, L=Cambridge, O=Default Company Ltd\nissued on \: 2015-05-12 10\:36\:55\nexpires on \: 2018-05-11 10\:36\:55\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment, Decipher Only\n"
|
||||||
|
|
||||||
X509 Certificate information, Subject Alt Name
|
X509 Certificate information, Subject Alt Name
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C
|
||||||
x509_cert_info:"data_files/cert_example_multi.crt":"cert. version \: 3\nserial number \: 11\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=www.example.com\nissued on \: 2012-05-10 13\:23\:41\nexpires on \: 2022-05-11 13\:23\:41\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \: example.com, example.net, *.example.org\n"
|
x509_cert_info:"data_files/cert_example_multi.crt":"cert. version \: 3\nserial number \: 11\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=www.example.com\nissued on \: 2012-05-10 13\:23\:41\nexpires on \: 2022-05-11 13\:23\:41\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \: example.com, example.net, *.example.org\n"
|
||||||
|
|
Loading…
Reference in a new issue