Bob Beck | bc97b7a | 2023-04-18 08:35:15 -0600 | [diff] [blame] | 1 | // Copyright 2015 The Chromium Authors |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #include "extended_key_usage.h" |
| 6 | |
David Benjamin | 2a5db68 | 2024-02-06 21:56:57 -0500 | [diff] [blame] | 7 | #include <openssl/bytestring.h> |
| 8 | |
Bob Beck | bc97b7a | 2023-04-18 08:35:15 -0600 | [diff] [blame] | 9 | #include "input.h" |
| 10 | #include "parser.h" |
Bob Beck | bc97b7a | 2023-04-18 08:35:15 -0600 | [diff] [blame] | 11 | |
David Benjamin | 0fbc17a | 2024-08-21 15:13:10 -0400 | [diff] [blame] | 12 | BSSL_NAMESPACE_BEGIN |
Bob Beck | bc97b7a | 2023-04-18 08:35:15 -0600 | [diff] [blame] | 13 | |
David Benjamin | 81138bc | 2024-01-23 14:53:40 -0500 | [diff] [blame] | 14 | bool ParseEKUExtension(der::Input extension_value, |
Bob Beck | 5c7a2a0 | 2023-11-20 17:28:21 -0700 | [diff] [blame] | 15 | std::vector<der::Input> *eku_oids) { |
Bob Beck | bc97b7a | 2023-04-18 08:35:15 -0600 | [diff] [blame] | 16 | der::Parser extension_parser(extension_value); |
| 17 | der::Parser sequence_parser; |
Bob Beck | 6beabf3 | 2023-11-21 09:43:52 -0700 | [diff] [blame] | 18 | if (!extension_parser.ReadSequence(&sequence_parser)) { |
Bob Beck | bc97b7a | 2023-04-18 08:35:15 -0600 | [diff] [blame] | 19 | return false; |
Bob Beck | 6beabf3 | 2023-11-21 09:43:52 -0700 | [diff] [blame] | 20 | } |
Bob Beck | bc97b7a | 2023-04-18 08:35:15 -0600 | [diff] [blame] | 21 | |
| 22 | // Section 4.2.1.12 of RFC 5280 defines ExtKeyUsageSyntax as: |
| 23 | // ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId |
| 24 | // |
| 25 | // Therefore, the sequence must contain at least one KeyPurposeId. |
Bob Beck | 6beabf3 | 2023-11-21 09:43:52 -0700 | [diff] [blame] | 26 | if (!sequence_parser.HasMore()) { |
Bob Beck | bc97b7a | 2023-04-18 08:35:15 -0600 | [diff] [blame] | 27 | return false; |
Bob Beck | 6beabf3 | 2023-11-21 09:43:52 -0700 | [diff] [blame] | 28 | } |
Bob Beck | bc97b7a | 2023-04-18 08:35:15 -0600 | [diff] [blame] | 29 | while (sequence_parser.HasMore()) { |
| 30 | der::Input eku_oid; |
David Benjamin | 2a5db68 | 2024-02-06 21:56:57 -0500 | [diff] [blame] | 31 | if (!sequence_parser.ReadTag(CBS_ASN1_OBJECT, &eku_oid)) { |
Bob Beck | bc97b7a | 2023-04-18 08:35:15 -0600 | [diff] [blame] | 32 | // The SEQUENCE OF must contain only KeyPurposeIds (OIDs). |
| 33 | return false; |
Bob Beck | 6beabf3 | 2023-11-21 09:43:52 -0700 | [diff] [blame] | 34 | } |
Bob Beck | bc97b7a | 2023-04-18 08:35:15 -0600 | [diff] [blame] | 35 | eku_oids->push_back(eku_oid); |
| 36 | } |
Bob Beck | 6beabf3 | 2023-11-21 09:43:52 -0700 | [diff] [blame] | 37 | if (extension_parser.HasMore()) { |
Bob Beck | bc97b7a | 2023-04-18 08:35:15 -0600 | [diff] [blame] | 38 | // The extension value must follow ExtKeyUsageSyntax - there is no way that |
| 39 | // it could be extended to allow for something after the SEQUENCE OF. |
| 40 | return false; |
Bob Beck | 6beabf3 | 2023-11-21 09:43:52 -0700 | [diff] [blame] | 41 | } |
Bob Beck | bc97b7a | 2023-04-18 08:35:15 -0600 | [diff] [blame] | 42 | return true; |
| 43 | } |
| 44 | |
David Benjamin | 0fbc17a | 2024-08-21 15:13:10 -0400 | [diff] [blame] | 45 | BSSL_NAMESPACE_END |