From 65c2ddc318e2d9ff18adb940c8f896769df6777f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Tue, 1 Apr 2014 14:12:11 +0200
Subject: [PATCH] Print key_usage in x509_crt_info()

---
 library/x509_crt.c                     | 55 +++++++++++++++++++++++++-
 tests/suites/test_suite_x509parse.data | 10 ++++-
 2 files changed, 62 insertions(+), 3 deletions(-)

diff --git a/library/x509_crt.c b/library/x509_crt.c
index 436812d6d..e88bd4611 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1186,6 +1186,55 @@ static int x509_info_cert_type( char **buf, size_t *size,
     return( 0 );
 }
 
+static int x509_info_key_usage( char **buf, size_t *size,
+                                unsigned char key_usage )
+{
+    int ret;
+    size_t n = *size;
+    char *p = *buf;
+
+    if( key_usage & KU_DIGITAL_SIGNATURE )
+    {
+        ret = snprintf( p, n, " digitalSignature" );
+        SAFE_SNPRINTF();
+    }
+    if( key_usage & KU_NON_REPUDIATION )
+    {
+        ret = snprintf( p, n, " nonRepudiation" );
+        SAFE_SNPRINTF();
+    }
+    if( key_usage & KU_KEY_ENCIPHERMENT )
+    {
+        ret = snprintf( p, n, " keyEncipherment" );
+        SAFE_SNPRINTF();
+    }
+    if( key_usage & KU_DATA_ENCIPHERMENT )
+    {
+        ret = snprintf( p, n, " dataEncipherment" );
+        SAFE_SNPRINTF();
+    }
+    if( key_usage & KU_KEY_AGREEMENT )
+    {
+        ret = snprintf( p, n, " keyAgreement" );
+        SAFE_SNPRINTF();
+    }
+    if( key_usage & KU_KEY_CERT_SIGN )
+    {
+        ret = snprintf( p, n, " keyCertSign" );
+        SAFE_SNPRINTF();
+    }
+    if( key_usage & KU_CRL_SIGN )
+    {
+        ret = snprintf( p, n, " cRLSign" );
+        SAFE_SNPRINTF();
+    }
+
+    *size = n;
+    *buf = p;
+
+    return( 0 );
+}
+
 /*
  * Return an informational string about the certificate.
  */
@@ -1296,9 +1345,11 @@ int x509_crt_info( char *buf, size_t size, const char *prefix,
 
     if( crt->ext_types & EXT_KEY_USAGE )
     {
-        ret = snprintf( p, n, "\n%skey usage         : ", prefix );
+        ret = snprintf( p, n, "\n%skey usage         :", prefix );
         SAFE_SNPRINTF();
-        /* TODO */
+
+        if( ( ret = x509_info_key_usage( &p, &n, crt->key_usage ) ) != 0 )
+            return( ret );
     }
 
     if( crt->ext_types & EXT_EXTENDED_KEY_USAGE )
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 387c4a26b..4ec46ac55 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -66,10 +66,18 @@ X509 Certificate information, NS Cert Type
 depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C
 x509_cert_info:"data_files/server1.cert_type.crt":"cert. version     \: 3\nserial number     \: 01\nissuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name      \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued  on        \: 2011-02-12 14\:44\:06\nexpires on        \: 2021-02-12 14\:44\:06\nsigned using      \: RSA with SHA1\nRSA key size      \: 2048 bits\nbasic constraints \: CA=false\ncert. type        \: SSL Server\n"
 
-X509 Certificate information, NS Cert Type
+X509 Certificate information, Key Usage
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C
+x509_cert_info:"data_files/server1.key_usage.crt":"cert. version     \: 3\nserial number     \: 01\nissuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name      \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued  on        \: 2011-02-12 14\:44\:06\nexpires on        \: 2021-02-12 14\:44\:06\nsigned using      \: RSA with SHA1\nRSA key size      \: 2048 bits\nbasic constraints \: CA=false\nkey usage         \: digitalSignature nonRepudiation keyEncipherment\n"
+
+X509 Certificate information, Subject Alt Name
 depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C
 x509_cert_info:"data_files/cert_example_multi.crt":"cert. version     \: 3\nserial number     \: 11\nissuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name      \: C=NL, O=PolarSSL, CN=www.example.com\nissued  on        \: 2012-05-10 13\:23\:41\nexpires on        \: 2022-05-11 13\:23\:41\nsigned using      \: RSA with SHA1\nRSA key size      \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name  \: example.com example.net *.example.org\n"
 
+X509 Certificate information, Subject Alt Name + Key Usage
+depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C
+x509_cert_info:"data_files/cert_example_multi_nocn.crt":"cert. version     \: 3\nserial number     \: F7\:C6\:7F\:F8\:E9\:A9\:63\:F9\nissuer name       \: C=NL\nsubject name      \: C=NL\nissued  on        \: 2014-01-22 10\:04\:33\nexpires on        \: 2024-01-22 10\:04\:33\nsigned using      \: RSA with SHA1\nRSA key size      \: 1024 bits\nbasic constraints \: CA=false\nsubject alt name  \: www.shotokan-braunschweig.de www.massimo-abate.eu\nkey usage         \: digitalSignature nonRepudiation keyEncipherment\n"
+
 X509 Certificate information RSA signed by EC
 depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C
 x509_cert_info:"data_files/server4.crt":"cert. version     \: 3\nserial number     \: 08\nissuer name       \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name      \: C=NL, O=PolarSSL, CN=localhost\nissued  on        \: 2013-09-24 15\:52\:04\nexpires on        \: 2023-09-22 15\:52\:04\nsigned using      \: ECDSA with SHA256\nRSA key size      \: 2048 bits\nbasic constraints \: CA=false\n"