aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWerner Koch <wk@gnupg.org>2021-02-01 10:28:52 +0100
committerWerner Koch <wk@gnupg.org>2021-02-01 10:28:52 +0100
commit0737dc8187a0eb9ca4661e2ad45954c718daa451 (patch)
tree92fc86dfb29d2af545fcc86e7d3bae26bc970d1f
parent90c514868ff5fcf6d39490d4874ac3a31ba9e85f (diff)
downloadgnupg-0737dc8187a0eb9ca4661e2ad45954c718daa451.tar.gz
sm: Add a few OIDs and merge OID tables.
* sm/keylist.c (OID_FLAG_KP): New. (key_purpose_map): Merge into ... (oidtranstbl): this. (get_oid_desc): New arg 'matchflag'. Use function in place of direct access to key_purpose_map. Signed-off-by: Werner Koch <wk@gnupg.org>
-rw-r--r--sm/keylist.c96
1 files changed, 44 insertions, 52 deletions
diff --git a/sm/keylist.c b/sm/keylist.c
index 6558d68d2..4fb738036 100644
--- a/sm/keylist.c
+++ b/sm/keylist.c
@@ -49,36 +49,6 @@ struct list_external_parm_s
};
-/* This table is to map Extended Key Usage OIDs to human readable
- names. */
-struct
-{
- const char *oid;
- const char *name;
-} key_purpose_map[] = {
- { "1.3.6.1.5.5.7.3.1", "serverAuth" },
- { "1.3.6.1.5.5.7.3.2", "clientAuth" },
- { "1.3.6.1.5.5.7.3.3", "codeSigning" },
- { "1.3.6.1.5.5.7.3.4", "emailProtection" },
- { "1.3.6.1.5.5.7.3.5", "ipsecEndSystem" },
- { "1.3.6.1.5.5.7.3.6", "ipsecTunnel" },
- { "1.3.6.1.5.5.7.3.7", "ipsecUser" },
- { "1.3.6.1.5.5.7.3.8", "timeStamping" },
- { "1.3.6.1.5.5.7.3.9", "ocspSigning" },
- { "1.3.6.1.5.5.7.3.10", "dvcs" },
- { "1.3.6.1.5.5.7.3.11", "sbgpCertAAServerAuth" },
- { "1.3.6.1.5.5.7.3.13", "eapOverPPP" },
- { "1.3.6.1.5.5.7.3.14", "wlanSSID" },
-
- { "2.16.840.1.113730.4.1", "serverGatedCrypto.ns" }, /* Netscape. */
- { "1.3.6.1.4.1.311.10.3.3", "serverGatedCrypto.ms"}, /* Microsoft. */
-
- { "1.3.6.1.5.5.7.48.1.5", "ocspNoCheck" },
-
- { NULL, NULL }
-};
-
-
/* Do not print this extension in the list of extensions. This is set
for oids which are already available via ksba functions. */
#define OID_FLAG_SKIP 1
@@ -86,6 +56,8 @@ struct
#define OID_FLAG_UTF8 2
/* The extension can be trnted as a hex string. */
#define OID_FLAG_HEX 4
+/* Define if this specififies a key purpose. */
+#define OID_FLAG_KP 8
/* A table mapping OIDs to a descriptive string. */
static struct
@@ -143,7 +115,23 @@ static struct
{ "1.3.6.1.5.5.7.1.10", "acProxying" },
{ "1.3.6.1.5.5.7.1.11", "subjectInfoAccess" },
+ { "1.3.6.1.5.5.7.3.1", "serverAuth", OID_FLAG_KP },
+ { "1.3.6.1.5.5.7.3.2", "clientAuth", OID_FLAG_KP },
+ { "1.3.6.1.5.5.7.3.3", "codeSigning", OID_FLAG_KP },
+ { "1.3.6.1.5.5.7.3.4", "emailProtection", OID_FLAG_KP },
+ { "1.3.6.1.5.5.7.3.5", "ipsecEndSystem", OID_FLAG_KP }, /* historic */
+ { "1.3.6.1.5.5.7.3.6", "ipsecTunnel", OID_FLAG_KP }, /* historic */
+ { "1.3.6.1.5.5.7.3.7", "ipsecUser", OID_FLAG_KP },
+ { "1.3.6.1.5.5.7.3.8", "timeStamping", OID_FLAG_KP },
+ { "1.3.6.1.5.5.7.3.9", "ocspSigning", OID_FLAG_KP },
+ { "1.3.6.1.5.5.7.3.10", "dvcs", OID_FLAG_KP },
+ { "1.3.6.1.5.5.7.3.11", "sbgpCertAAServerAuth", OID_FLAG_KP },
+ { "1.3.6.1.5.5.7.3.13", "eapOverPPP", OID_FLAG_KP },
+ { "1.3.6.1.5.5.7.3.14", "wlanSSID", OID_FLAG_KP },
+ { "1.3.6.1.5.5.7.3.17", "ipsecIKE", OID_FLAG_KP }, /* rfc-4945 */
+
{ "1.3.6.1.5.5.7.48.1", "ocsp" },
+ { "1.3.6.1.5.5.7.48.1.5", "ocspNoCheck", OID_FLAG_KP },
{ "1.3.6.1.5.5.7.48.2", "caIssuers" },
{ "1.3.6.1.5.5.7.48.3", "timeStamping" },
{ "1.3.6.1.5.5.7.48.5", "caRepository" },
@@ -186,6 +174,7 @@ static struct
{ "2.16.840.1.113730.1.11", "netscape-userPicture" },
{ "2.16.840.1.113730.1.12", "netscape-ssl-server-name" },
{ "2.16.840.1.113730.1.13", "netscape-comment" },
+ { "2.16.840.1.113730.4.1", "serverGatedCrypto.ns", OID_FLAG_KP },
/* GnuPG extensions */
{ "1.3.6.1.4.1.11591.2.1.1", "pkaAddress" },
@@ -201,20 +190,29 @@ static struct
{ "1.3.6.1.4.1.41482.3.8", "yubikey-pin-touch-policy", OID_FLAG_HEX },
{ "1.3.6.1.4.1.41482.3.9", "yubikey-formfactor", OID_FLAG_HEX },
+ /* Microsoft extensions. */
+ { "1.3.6.1.4.1.311.10.3.3", "serverGatedCrypto.ms", OID_FLAG_KP },
+ { "1.3.6.1.4.1.311.20.2.2", "microsoft-smartcard-logon" },
+
+ /* Oterh vendor extensions. */
+ { "1.3.6.1.4.1.30205.13.1.1", "trusted-disk", OID_FLAG_KP },
+
{ NULL }
};
-/* Return the description for OID; if no description is available
- NULL is returned. */
+/* Return the description for OID; if no description is available NULL
+ * is returned. If MATCHFLAG is set the flag of the OID must match
+ * MATCHFLAG; otherwise NULL is returned. */
static const char *
-get_oid_desc (const char *oid, unsigned int *flag)
+get_oid_desc (const char *oid, unsigned int matchflag, unsigned int *flag)
{
int i;
if (oid)
for (i=0; oidtranstbl[i].oid; i++)
- if (!strcmp (oidtranstbl[i].oid, oid))
+ if (!strcmp (oidtranstbl[i].oid, oid)
+ && (!matchflag || (oidtranstbl[i].flag & matchflag)))
{
if (flag)
*flag = oidtranstbl[i].flag;
@@ -849,7 +847,7 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd,
es_putc ('\n', fp);
oid = ksba_cert_get_digest_algo (cert);
- s = get_oid_desc (oid, NULL);
+ s = get_oid_desc (oid, 0, NULL);
es_fprintf (fp, " hashAlgo: %s%s%s%s\n", oid, s?" (":"",s?s:"",s?")":"");
{
@@ -948,10 +946,8 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd,
while (p && (pend=strchr (p, ':')))
{
*pend++ = 0;
- for (i=0; key_purpose_map[i].oid; i++)
- if ( !strcmp (key_purpose_map[i].oid, p) )
- break;
- es_fputs (key_purpose_map[i].oid?key_purpose_map[i].name:p, fp);
+ s = get_oid_desc (p, OID_FLAG_KP, NULL);
+ es_fputs (s ? s : p, fp);
p = pend;
if (*p != 'C')
es_fputs (" (suggested)", fp);
@@ -981,10 +977,8 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd,
while (p && (pend=strchr (p, ':')))
{
*pend++ = 0;
- for (i=0; key_purpose_map[i].oid; i++)
- if ( !strcmp (key_purpose_map[i].oid, p) )
- break;
- es_fputs (p, fp);
+ s = get_oid_desc (p, OID_FLAG_KP, NULL);
+ es_fputs (s?s:p, fp);
p = pend;
if (*p == 'C')
es_fputs (" (critical)", fp);
@@ -1061,7 +1055,7 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd,
&name)); idx++)
{
es_fputs (" authInfo: ", fp);
- s = get_oid_desc (string, NULL);
+ s = get_oid_desc (string, 0, NULL);
es_fprintf (fp, "%s%s%s%s\n", string, s?" (":"", s?s:"", s?")":"");
print_names_raw (fp, -15, name);
ksba_name_release (name);
@@ -1078,7 +1072,7 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd,
&name)); idx++)
{
es_fputs (" subjectInfo: ", fp);
- s = get_oid_desc (string, NULL);
+ s = get_oid_desc (string, 0, NULL);
es_fprintf (fp, "%s%s%s%s\n", string, s?" (":"", s?s:"", s?")":"");
print_names_raw (fp, -15, name);
ksba_name_release (name);
@@ -1096,7 +1090,7 @@ list_cert_raw (ctrl_t ctrl, KEYDB_HANDLE hd,
{
unsigned int flag;
- s = get_oid_desc (oid, &flag);
+ s = get_oid_desc (oid, 0, &flag);
if ((flag & OID_FLAG_SKIP))
continue;
@@ -1158,12 +1152,12 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret,
ksba_sexp_t sexp;
char *dn;
ksba_isotime_t t;
- int idx, i;
+ int idx;
int is_ca, chainlen;
unsigned int kusage;
char *string, *p, *pend;
size_t off, len;
- const char *oid;
+ const char *oid, *s;
const unsigned char *cert_der = NULL;
@@ -1264,10 +1258,8 @@ list_cert_std (ctrl_t ctrl, ksba_cert_t cert, estream_t fp, int have_secret,
while (p && (pend=strchr (p, ':')))
{
*pend++ = 0;
- for (i=0; key_purpose_map[i].oid; i++)
- if ( !strcmp (key_purpose_map[i].oid, p) )
- break;
- es_fputs (key_purpose_map[i].oid?key_purpose_map[i].name:p, fp);
+ s = get_oid_desc (p, OID_FLAG_KP, NULL);
+ es_fputs (s? s : p, fp);
p = pend;
if (*p != 'C')
es_fputs (" (suggested)", fp);