blob: a3bb1d41832fdc68622f9aac474a5614ea4131bf [file] [log] [blame]
Bob Beckbc97b7a2023-04-18 08:35:15 -06001// Copyright 2015 The Chromium Authors
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "extended_key_usage.h"
6
David Benjamin2a5db682024-02-06 21:56:57 -05007#include <openssl/bytestring.h>
8
Bob Beckbc97b7a2023-04-18 08:35:15 -06009#include "input.h"
10#include "parser.h"
Bob Beckbc97b7a2023-04-18 08:35:15 -060011
David Benjamin0fbc17a2024-08-21 15:13:10 -040012BSSL_NAMESPACE_BEGIN
Bob Beckbc97b7a2023-04-18 08:35:15 -060013
David Benjamin81138bc2024-01-23 14:53:40 -050014bool ParseEKUExtension(der::Input extension_value,
Bob Beck5c7a2a02023-11-20 17:28:21 -070015 std::vector<der::Input> *eku_oids) {
Bob Beckbc97b7a2023-04-18 08:35:15 -060016 der::Parser extension_parser(extension_value);
17 der::Parser sequence_parser;
Bob Beck6beabf32023-11-21 09:43:52 -070018 if (!extension_parser.ReadSequence(&sequence_parser)) {
Bob Beckbc97b7a2023-04-18 08:35:15 -060019 return false;
Bob Beck6beabf32023-11-21 09:43:52 -070020 }
Bob Beckbc97b7a2023-04-18 08:35:15 -060021
22 // Section 4.2.1.12 of RFC 5280 defines ExtKeyUsageSyntax as:
23 // ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
24 //
25 // Therefore, the sequence must contain at least one KeyPurposeId.
Bob Beck6beabf32023-11-21 09:43:52 -070026 if (!sequence_parser.HasMore()) {
Bob Beckbc97b7a2023-04-18 08:35:15 -060027 return false;
Bob Beck6beabf32023-11-21 09:43:52 -070028 }
Bob Beckbc97b7a2023-04-18 08:35:15 -060029 while (sequence_parser.HasMore()) {
30 der::Input eku_oid;
David Benjamin2a5db682024-02-06 21:56:57 -050031 if (!sequence_parser.ReadTag(CBS_ASN1_OBJECT, &eku_oid)) {
Bob Beckbc97b7a2023-04-18 08:35:15 -060032 // The SEQUENCE OF must contain only KeyPurposeIds (OIDs).
33 return false;
Bob Beck6beabf32023-11-21 09:43:52 -070034 }
Bob Beckbc97b7a2023-04-18 08:35:15 -060035 eku_oids->push_back(eku_oid);
36 }
Bob Beck6beabf32023-11-21 09:43:52 -070037 if (extension_parser.HasMore()) {
Bob Beckbc97b7a2023-04-18 08:35:15 -060038 // The extension value must follow ExtKeyUsageSyntax - there is no way that
39 // it could be extended to allow for something after the SEQUENCE OF.
40 return false;
Bob Beck6beabf32023-11-21 09:43:52 -070041 }
Bob Beckbc97b7a2023-04-18 08:35:15 -060042 return true;
43}
44
David Benjamin0fbc17a2024-08-21 15:13:10 -040045BSSL_NAMESPACE_END