Adapt check_key_usage to new weird bits

include/mbedtls/x509_crt.h

@@ -335,19 +335,25 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
  * \brief          Check usage of certificate against keyUsage extension.
  *
  * \param crt      Leaf certificate used.
- * \param usage    Intended usage(s) (eg MBEDTLS_X509_KU_KEY_ENCIPHERMENT before using the
- *                 certificate to perform an RSA key exchange).
+ * \param usage    Intended usage(s) (eg MBEDTLS_X509_KU_KEY_ENCIPHERMENT
+ *                 before using the certificate to perform an RSA key
+ *                 exchange).
+ *
+ * \note           Except for decipherOnly and encipherOnly, a bit set in the
+ *                 usage argument means this bit MUST be set in the
+ *                 certificate. For decipherOnly and encipherOnly, it means
+ *                 that bit MAY be set.
  *
  * \return         0 is these uses of the certificate are allowed,
  *                 MBEDTLS_ERR_X509_BAD_INPUT_DATA if the keyUsage extension
- *                 is present but does not contain all the bits set in the
- *                 usage argument.
+ *                 is present but does not match the usage argument.
  *
  * \note           You should only call this function on leaf certificates, on
  *                 (intermediate) CAs the keyUsage extension is automatically
  *                 checked by \c mbedtls_x509_crt_verify().
  */
-int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt, unsigned int usage );
+int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
+                                      unsigned int usage );
 #endif /* MBEDTLS_X509_CHECK_KEY_USAGE) */
 
 #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)

library/x509_crt.c

@@ -1519,10 +1519,24 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
 }
 
 #if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
-int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt, unsigned int usage )
+int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
+                                      unsigned int usage )
 {
-    if( ( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE ) != 0 &&
-        ( crt->key_usage & usage ) != usage )
+    unsigned int usage_must, usage_may;
+    unsigned int may_mask = MBEDTLS_X509_KU_ENCIPHER_ONLY
+                          | MBEDTLS_X509_KU_DECIPHER_ONLY;
+
+    if( ( crt->ext_types & MBEDTLS_X509_EXT_KEY_USAGE ) == 0 )
+        return( 0 );
+
+    usage_must = usage & ~may_mask;
+
+    if( ( ( crt->key_usage & ~may_mask ) & usage_must ) != usage_must )
+        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
+
+    usage_may = usage & may_mask;
+
+    if( ( ( crt->key_usage & may_mask ) | usage_may ) != usage_may )
         return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
 
     return( 0 );

tests/suites/test_suite_x509parse.data

@@ -1128,6 +1128,15 @@ x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_CERT
 X509 crt keyUsage #8 (extension present, combined KU one absent)
 x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_ENCIPHERMENT|MBEDTLS_X509_KU_KEY_AGREEMENT:MBEDTLS_ERR_X509_BAD_INPUT_DATA
 
+X509 crt keyUsage #9 (extension present, decOnly allowed absent)
+x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT|MBEDTLS_X509_KU_DECIPHER_ONLY:0
+
+X509 crt keyUsage #10 (extension present, decOnly non-allowed present)
+x509_check_key_usage:"data_files/keyUsage.decipherOnly.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT:MBEDTLS_ERR_X509_BAD_INPUT_DATA
+
+X509 crt keyUsage #11 (extension present, decOnly allowed present)
+x509_check_key_usage:"data_files/keyUsage.decipherOnly.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT|MBEDTLS_X509_KU_DECIPHER_ONLY:0
+
 X509 crt extendedKeyUsage #1 (no extension, serverAuth)
 depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
 x509_check_extended_key_usage:"data_files/server5.crt":"2B06010505070301":0