Re: [PATCH v4 4/6] KEYS: X.509: Parse Key Usage

From: Mimi Zohar <zohar@linux.ibm.com>
To: Eric Snowberg <eric.snowberg@oracle.com>,
	jarkko@kernel.org, dhowells@redhat.com, dwmw2@infradead.org
Cc: herbert@gondor.apana.org.au, davem@davemloft.net,
	dmitry.kasatkin@gmail.com, paul@paul-moore.com,
	jmorris@namei.org, serge@hallyn.com, pvorel@suse.cz,
	tadeusz.struk@intel.com, kanth.ghatraju@oracle.com,
	konrad.wilk@oracle.com, erpalmer@linux.vnet.ibm.com,
	coxu@redhat.com, keyrings@vger.kernel.org,
	linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org,
	linux-integrity@vger.kernel.org,
	linux-security-module@vger.kernel.org
Subject: Re: [PATCH v4 4/6] KEYS: X.509: Parse Key Usage
Date: Wed, 08 Feb 2023 16:02:12 -0500	[thread overview]
Message-ID: <b3965b3392d799a04848ab72d4eb5cdeb9736253.camel@linux.ibm.com> (raw)
In-Reply-To: <20230207025958.974056-5-eric.snowberg@oracle.com>

On Mon, 2023-02-06 at 21:59 -0500, Eric Snowberg wrote:
> Parse the X.509 Key Usage.  The key usage extension defines the purpose of
> the key contained in the certificate.
> 
>    id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }
> 
>       KeyUsage ::= BIT STRING {
>            digitalSignature        (0),
>            contentCommitment       (1),
>            keyEncipherment         (2),
>            dataEncipherment        (3),
>            keyAgreement            (4),
>            keyCertSign             (5),
>            cRLSign                 (6),
>            encipherOnly            (7),
>            decipherOnly            (8) }
> 
> If the keyCertSign or digitalSignature is set, store it in the
> public_key structure.  This will be used in a follow on patch that
> requires knowing the certificate key usage type.
> 
> Link: https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.3
> Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>

Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>