[crypto] Parse OCSPSigning key purpose, if present

Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/crypto/x509.c

@@ -518,13 +518,21 @@ static int x509_parse_key_usage ( struct x509_certificate *cert,
 /** "id-kp-codeSigning" object identifier */
 static uint8_t oid_code_signing[] = { ASN1_OID_CODESIGNING };
 
+/** "id-kp-OCSPSigning" object identifier */
+static uint8_t oid_ocsp_signing[] = { ASN1_OID_OCSPSIGNING };
+
 /** Supported key purposes */
 static struct x509_key_purpose x509_key_purposes[] = {
 	{
 		.name = "codeSigning",
 		.bits = X509_CODE_SIGNING,
 		.oid = ASN1_OID_CURSOR ( oid_code_signing ),
 	},
+	{
+		.name = "ocspSigning",
+		.bits = X509_OCSP_SIGNING,
+		.oid = ASN1_OID_CURSOR ( oid_ocsp_signing ),
+	},
 };
 
 /**

src/include/ipxe/asn1.h

@@ -176,6 +176,13 @@ struct asn1_cursor {
 	ASN1_OID_SINGLE ( 5 ), ASN1_OID_SINGLE ( 7 ),		\
 	ASN1_OID_SINGLE ( 48 ), ASN1_OID_SINGLE ( 1 )
 
+/** ASN.1 OID for id-kp-OCSPSigning (1.3.6.1.5.5.7.3.9) */
+#define ASN1_OID_OCSPSIGNING					\
+	ASN1_OID_INITIAL ( 1, 3 ), ASN1_OID_SINGLE ( 6 ),	\
+	ASN1_OID_SINGLE ( 1 ), ASN1_OID_SINGLE ( 5 ),		\
+	ASN1_OID_SINGLE ( 5 ), ASN1_OID_SINGLE ( 7 ),		\
+	ASN1_OID_SINGLE ( 3 ), ASN1_OID_SINGLE ( 9 )
+
 /** Define an ASN.1 cursor containing an OID */
 #define ASN1_OID_CURSOR( oid_value ) {				\
 		.data = oid_value,				\

src/include/ipxe/x509.h

@@ -119,6 +119,7 @@ struct x509_extended_key_usage {
  */
 enum x509_extended_key_usage_bits {
 	X509_CODE_SIGNING = 0x0001,
+	X509_OCSP_SIGNING = 0x0002,
 };
 
 /** X.509 certificate OCSP responder */