1 /* 2 * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 3 * Use is subject to license terms. 4 */ 5 /* 6 * Copyright(c) 1995-2000 Intel Corporation. All rights reserved. 7 */ 8 9 #include <kmfapi.h> 10 11 /* From X.520 */ 12 static uint8_t 13 OID_ObjectClass[] = { OID_ATTR_TYPE, 0 }, 14 OID_AliasedEntryName[] = { OID_ATTR_TYPE, 1 }, 15 OID_KnowledgeInformation[] = { OID_ATTR_TYPE, 2 }, 16 OID_CommonName[] = { OID_ATTR_TYPE, 3 }, 17 OID_Surname[] = { OID_ATTR_TYPE, 4 }, 18 OID_SerialNumber[] = { OID_ATTR_TYPE, 5 }, 19 OID_CountryName[] = { OID_ATTR_TYPE, 6 }, 20 OID_LocalityName[] = { OID_ATTR_TYPE, 7 }, 21 OID_StateProvinceName[] = { OID_ATTR_TYPE, 8 }, 22 OID_CollectiveStateProvinceName[] = { OID_ATTR_TYPE, 8, 1 }, 23 OID_StreetAddress[] = { OID_ATTR_TYPE, 9 }, 24 OID_CollectiveStreetAddress[] = { OID_ATTR_TYPE, 9, 1 }, 25 OID_OrganizationName[] = { OID_ATTR_TYPE, 10 }, 26 OID_CollectiveOrganizationName[] = { OID_ATTR_TYPE, 10, 1 }, 27 OID_OrganizationalUnitName[] = { OID_ATTR_TYPE, 11 }, 28 OID_CollectiveOrganizationalUnitName[] = { OID_ATTR_TYPE, 11, 1 }, 29 OID_Title[] = { OID_ATTR_TYPE, 12 }, 30 OID_Description[] = { OID_ATTR_TYPE, 13 }, 31 OID_SearchGuide[] = { OID_ATTR_TYPE, 14 }, 32 OID_BusinessCategory[] = { OID_ATTR_TYPE, 15 }, 33 OID_PostalAddress[] = { OID_ATTR_TYPE, 16 }, 34 OID_CollectivePostalAddress[] = { OID_ATTR_TYPE, 16, 1 }, 35 OID_PostalCode[] = { OID_ATTR_TYPE, 17 }, 36 OID_CollectivePostalCode[] = { OID_ATTR_TYPE, 17, 1 }, 37 OID_PostOfficeBox[] = { OID_ATTR_TYPE, 18 }, 38 OID_CollectivePostOfficeBox[] = { OID_ATTR_TYPE, 18, 1 }, 39 OID_PhysicalDeliveryOfficeName[] = { OID_ATTR_TYPE, 19 }, 40 OID_CollectivePhysicalDeliveryOfficeName[] = { OID_ATTR_TYPE, 19, 1 }, 41 OID_TelephoneNumber[] = { OID_ATTR_TYPE, 20 }, 42 OID_CollectiveTelephoneNumber[] = { OID_ATTR_TYPE, 20, 1 }, 43 OID_TelexNumber[] = { OID_ATTR_TYPE, 21 }, 44 OID_CollectiveTelexNumber[] = { OID_ATTR_TYPE, 21, 1 }, 45 OID_TelexTerminalIdentifier[] = { OID_ATTR_TYPE, 22 }, 46 OID_CollectiveTelexTerminalIdentifier[] = { OID_ATTR_TYPE, 22, 1 }, 47 OID_FacsimileTelephoneNumber[] = { OID_ATTR_TYPE, 23 }, 48 OID_CollectiveFacsimileTelephoneNumber[] = { OID_ATTR_TYPE, 23, 1 }, 49 OID_X_121Address[] = { OID_ATTR_TYPE, 24 }, 50 OID_InternationalISDNNumber[] = { OID_ATTR_TYPE, 25 }, 51 OID_CollectiveInternationalISDNNumber[] = { OID_ATTR_TYPE, 25, 1 }, 52 OID_RegisteredAddress[] = { OID_ATTR_TYPE, 26 }, 53 OID_DestinationIndicator[] = { OID_ATTR_TYPE, 27 }, 54 OID_PreferredDeliveryMethod[] = { OID_ATTR_TYPE, 28 }, 55 OID_PresentationAddress[] = { OID_ATTR_TYPE, 29 }, 56 OID_SupportedApplicationContext[] = { OID_ATTR_TYPE, 30 }, 57 OID_Member[] = { OID_ATTR_TYPE, 31 }, 58 OID_Owner[] = { OID_ATTR_TYPE, 32 }, 59 OID_RoleOccupant[] = { OID_ATTR_TYPE, 33 }, 60 OID_SeeAlso[] = { OID_ATTR_TYPE, 34 }, 61 OID_UserPassword[] = { OID_ATTR_TYPE, 35 }, 62 OID_UserCertificate[] = { OID_ATTR_TYPE, 36 }, 63 OID_CACertificate[] = { OID_ATTR_TYPE, 37 }, 64 OID_AuthorityRevocationList[] = { OID_ATTR_TYPE, 38 }, 65 OID_CertificateRevocationList[] = { OID_ATTR_TYPE, 39 }, 66 OID_CrossCertificatePair[] = { OID_ATTR_TYPE, 40 }, 67 OID_Name[] = { OID_ATTR_TYPE, 41 }, 68 OID_GivenName[] = { OID_ATTR_TYPE, 42 }, 69 OID_Initials[] = { OID_ATTR_TYPE, 43 }, 70 OID_GenerationQualifier[] = { OID_ATTR_TYPE, 44 }, 71 OID_UniqueIdentifier[] = { OID_ATTR_TYPE, 45 }, 72 OID_DNQualifier[] = { OID_ATTR_TYPE, 46 }, 73 OID_EnhancedSearchGuide[] = { OID_ATTR_TYPE, 47 }, 74 OID_ProtocolInformation[] = { OID_ATTR_TYPE, 48 }, 75 OID_DistinguishedName[] = { OID_ATTR_TYPE, 49 }, 76 OID_UniqueMember[] = { OID_ATTR_TYPE, 50 }, 77 OID_HouseIdentifier[] = { OID_ATTR_TYPE, 51 } 78 /* OID_SupportedAlgorithms[] = { OID_ATTR_TYPE, 52 }, */ 79 /* OID_DeltaRevocationList[] = { OID_ATTR_TYPE, 53 }, */ 80 /* OID_AttributeCertificate[] = { OID_ATTR_TYPE, 58 } */ 81 ; 82 83 /* From PKCS 9 */ 84 static uint8_t 85 OID_EmailAddress[] = { OID_PKCS_9, 1 }, 86 OID_UnstructuredName[] = { OID_PKCS_9, 2 }, 87 OID_ContentType[] = { OID_PKCS_9, 3 }, 88 OID_MessageDigest[] = { OID_PKCS_9, 4 }, 89 OID_SigningTime[] = { OID_PKCS_9, 5 }, 90 OID_CounterSignature[] = { OID_PKCS_9, 6 }, 91 OID_ChallengePassword[] = { OID_PKCS_9, 7 }, 92 OID_UnstructuredAddress[] = { OID_PKCS_9, 8 }, 93 OID_ExtendedCertificateAttributes[] = { OID_PKCS_9, 9 }, 94 OID_ExtensionRequest[] = { OID_PKCS_9, 14 }; 95 96 /* From PKIX 1 */ 97 /* Standard Extensions */ 98 static uint8_t 99 OID_SubjectDirectoryAttributes[] = { OID_EXTENSION, 9 }, 100 OID_SubjectKeyIdentifier[] = { OID_EXTENSION, 14 }, 101 OID_KeyUsage[] = { OID_EXTENSION, 15 }, 102 OID_PrivateKeyUsagePeriod[] = { OID_EXTENSION, 16 }, 103 OID_SubjectAltName[] = { OID_EXTENSION, 17 }, 104 OID_IssuerAltName[] = { OID_EXTENSION, 18 }, 105 OID_BasicConstraints[] = { OID_EXTENSION, 19 }, 106 OID_CrlNumber[] = { OID_EXTENSION, 20 }, 107 OID_CrlReason[] = { OID_EXTENSION, 21 }, 108 OID_HoldInstructionCode[] = { OID_EXTENSION, 23 }, 109 OID_InvalidityDate[] = { OID_EXTENSION, 24 }, 110 OID_DeltaCrlIndicator[] = { OID_EXTENSION, 27 }, 111 OID_IssuingDistributionPoints[] = { OID_EXTENSION, 28 }, 112 113 /* OID_CertificateIssuer[] = { OID_EXTENSION, 29 }, */ 114 OID_NameConstraints[] = { OID_EXTENSION, 30 }, 115 OID_CrlDistributionPoints[] = { OID_EXTENSION, 31 }, 116 OID_CertificatePolicies[] = { OID_EXTENSION, 32 }, 117 OID_PolicyMappings[] = { OID_EXTENSION, 33 }, 118 /* 34 deprecated */ 119 OID_AuthorityKeyIdentifier[] = { OID_EXTENSION, 35 }, 120 OID_PolicyConstraints[] = { OID_EXTENSION, 36 }, 121 OID_ExtKeyUsage[] = { OID_EXTENSION, 37 } 122 ; 123 124 /* PKIX-defined extended key purpose OIDs */ 125 static uint8_t 126 OID_QT_CPSuri[] = { OID_PKIX_QT_CPS }, 127 OID_QT_Unotice[] = { OID_PKIX_QT_UNOTICE }, 128 129 OID_KP_ServerAuth[] = { OID_PKIX_KP, 1 }, 130 OID_KP_ClientAuth[] = { OID_PKIX_KP, 2 }, 131 OID_KP_CodeSigning[] = { OID_PKIX_KP, 3 }, 132 OID_KP_EmailProtection[] = { OID_PKIX_KP, 4 }, 133 OID_KP_IPSecEndSystem[] = { OID_PKIX_KP, 5 }, 134 OID_KP_IPSecTunnel[] = { OID_PKIX_KP, 6 }, 135 OID_KP_IPSecUser[] = { OID_PKIX_KP, 7 }, 136 OID_KP_TimeStamping[] = { OID_PKIX_KP, 8 }, 137 OID_KP_OCSPSigning[] = { OID_PKIX_KP, 9 } 138 ; 139 140 /* From PKIX 1 */ 141 static uint8_t 142 OID_AuthorityInfoAccess[] = { OID_PKIX_PE, 1}; 143 144 const KMF_OID 145 KMFOID_AuthorityInfoAccess = {OID_PKIX_LENGTH + 2, OID_AuthorityInfoAccess}; 146 147 static uint8_t 148 OID_PkixAdOcsp[] = {OID_PKIX_AD, 1}; 149 150 const KMF_OID 151 KMFOID_PkixAdOcsp = {OID_PKIX_AD_LENGTH + 1, OID_PkixAdOcsp}; 152 153 static uint8_t 154 OID_PkixAdCaIssuers[] = {OID_PKIX_AD, 2}; 155 156 const KMF_OID 157 KMFOID_PkixAdCaIssuers = {OID_PKIX_AD_LENGTH + 1, OID_PkixAdCaIssuers}; 158 159 /* 160 * From RFC 1274 161 */ 162 static uint8_t 163 OID_userid[] = {OID_PILOT, 1}, 164 OID_RFC822mailbox[] = {OID_PILOT, 3}, 165 OID_domainComponent[] = {OID_PILOT, 25}; 166 167 const KMF_OID 168 KMFOID_userid = {OID_PILOT_LENGTH + 1, OID_userid}, 169 KMFOID_RFC822mailbox = {OID_PILOT_LENGTH + 1, OID_RFC822mailbox}, 170 KMFOID_domainComponent = {OID_PILOT_LENGTH + 1, OID_domainComponent}, 171 KMFOID_ObjectClass = {OID_ATTR_TYPE_LENGTH+1, OID_ObjectClass}, 172 KMFOID_AliasedEntryName = {OID_ATTR_TYPE_LENGTH+1, OID_AliasedEntryName}, 173 KMFOID_KnowledgeInformation = {OID_ATTR_TYPE_LENGTH+1, 174 OID_KnowledgeInformation}, 175 KMFOID_CommonName = {OID_ATTR_TYPE_LENGTH+1, OID_CommonName}, 176 KMFOID_Surname = {OID_ATTR_TYPE_LENGTH+1, OID_Surname}, 177 KMFOID_SerialNumber = {OID_ATTR_TYPE_LENGTH+1, OID_SerialNumber}, 178 KMFOID_CountryName = {OID_ATTR_TYPE_LENGTH+1, OID_CountryName}, 179 KMFOID_LocalityName = {OID_ATTR_TYPE_LENGTH+1, OID_LocalityName}, 180 KMFOID_StateProvinceName = {OID_ATTR_TYPE_LENGTH+1, OID_StateProvinceName}, 181 KMFOID_CollectiveStateProvinceName = {OID_ATTR_TYPE_LENGTH+2, 182 OID_CollectiveStateProvinceName}, 183 KMFOID_StreetAddress = {OID_ATTR_TYPE_LENGTH+1, OID_StreetAddress}, 184 KMFOID_CollectiveStreetAddress = {OID_ATTR_TYPE_LENGTH+2, 185 OID_CollectiveStreetAddress}, 186 KMFOID_OrganizationName = {OID_ATTR_TYPE_LENGTH+1, OID_OrganizationName}, 187 KMFOID_CollectiveOrganizationName = {OID_ATTR_TYPE_LENGTH+2, 188 OID_CollectiveOrganizationName}, 189 KMFOID_OrganizationalUnitName = {OID_ATTR_TYPE_LENGTH+1, 190 OID_OrganizationalUnitName}, 191 KMFOID_CollectiveOrganizationalUnitName = {OID_ATTR_TYPE_LENGTH+2, 192 OID_CollectiveOrganizationalUnitName}, 193 KMFOID_Title = {OID_ATTR_TYPE_LENGTH+1, OID_Title}, 194 KMFOID_Description = {OID_ATTR_TYPE_LENGTH+1, OID_Description}, 195 KMFOID_SearchGuide = {OID_ATTR_TYPE_LENGTH+1, OID_SearchGuide}, 196 KMFOID_BusinessCategory = {OID_ATTR_TYPE_LENGTH+1, OID_BusinessCategory}, 197 KMFOID_PostalAddress = {OID_ATTR_TYPE_LENGTH+1, OID_PostalAddress}, 198 KMFOID_CollectivePostalAddress = {OID_ATTR_TYPE_LENGTH+2, 199 OID_CollectivePostalAddress}, 200 KMFOID_PostalCode = {OID_ATTR_TYPE_LENGTH+1, OID_PostalCode}, 201 KMFOID_CollectivePostalCode = {OID_ATTR_TYPE_LENGTH+2, 202 OID_CollectivePostalCode}, 203 KMFOID_PostOfficeBox = {OID_ATTR_TYPE_LENGTH+1, OID_PostOfficeBox}, 204 KMFOID_CollectivePostOfficeBox = {OID_ATTR_TYPE_LENGTH+2, 205 OID_CollectivePostOfficeBox}, 206 KMFOID_PhysicalDeliveryOfficeName = {OID_ATTR_TYPE_LENGTH+1, 207 OID_PhysicalDeliveryOfficeName}, 208 KMFOID_CollectivePhysicalDeliveryOfficeName = {OID_ATTR_TYPE_LENGTH+2, 209 OID_CollectivePhysicalDeliveryOfficeName}, 210 KMFOID_TelephoneNumber = {OID_ATTR_TYPE_LENGTH+1, OID_TelephoneNumber}, 211 KMFOID_CollectiveTelephoneNumber = {OID_ATTR_TYPE_LENGTH+2, 212 OID_CollectiveTelephoneNumber}, 213 KMFOID_TelexNumber = {OID_ATTR_TYPE_LENGTH+1, OID_TelexNumber}, 214 KMFOID_CollectiveTelexNumber = {OID_ATTR_TYPE_LENGTH+2, 215 OID_CollectiveTelexNumber}, 216 KMFOID_TelexTerminalIdentifier = {OID_ATTR_TYPE_LENGTH+1, 217 OID_TelexTerminalIdentifier}, 218 KMFOID_CollectiveTelexTerminalIdentifier = {OID_ATTR_TYPE_LENGTH+2, 219 OID_CollectiveTelexTerminalIdentifier}, 220 KMFOID_FacsimileTelephoneNumber = {OID_ATTR_TYPE_LENGTH+1, 221 OID_FacsimileTelephoneNumber}, 222 KMFOID_CollectiveFacsimileTelephoneNumber = {OID_ATTR_TYPE_LENGTH+2, 223 OID_CollectiveFacsimileTelephoneNumber}, 224 KMFOID_X_121Address = {OID_ATTR_TYPE_LENGTH+1, OID_X_121Address}, 225 KMFOID_InternationalISDNNumber = {OID_ATTR_TYPE_LENGTH+1, 226 OID_InternationalISDNNumber}, 227 KMFOID_CollectiveInternationalISDNNumber = {OID_ATTR_TYPE_LENGTH+2, 228 OID_CollectiveInternationalISDNNumber}, 229 KMFOID_RegisteredAddress = {OID_ATTR_TYPE_LENGTH+1, OID_RegisteredAddress}, 230 KMFOID_DestinationIndicator = {OID_ATTR_TYPE_LENGTH+1, 231 OID_DestinationIndicator}, 232 KMFOID_PreferredDeliveryMethod = {OID_ATTR_TYPE_LENGTH+1, 233 OID_PreferredDeliveryMethod}, 234 KMFOID_PresentationAddress = {OID_ATTR_TYPE_LENGTH+1, 235 OID_PresentationAddress}, 236 KMFOID_SupportedApplicationContext = {OID_ATTR_TYPE_LENGTH+1, 237 OID_SupportedApplicationContext}, 238 KMFOID_Member = {OID_ATTR_TYPE_LENGTH+1, OID_Member}, 239 KMFOID_Owner = {OID_ATTR_TYPE_LENGTH+1, OID_Owner}, 240 KMFOID_RoleOccupant = {OID_ATTR_TYPE_LENGTH+1, OID_RoleOccupant}, 241 KMFOID_SeeAlso = {OID_ATTR_TYPE_LENGTH+1, OID_SeeAlso}, 242 KMFOID_UserPassword = {OID_ATTR_TYPE_LENGTH+1, OID_UserPassword}, 243 KMFOID_UserCertificate = {OID_ATTR_TYPE_LENGTH+1, OID_UserCertificate}, 244 KMFOID_CACertificate = {OID_ATTR_TYPE_LENGTH+1, OID_CACertificate}, 245 KMFOID_AuthorityRevocationList = {OID_ATTR_TYPE_LENGTH+1, 246 OID_AuthorityRevocationList}, 247 KMFOID_CertificateRevocationList = {OID_ATTR_TYPE_LENGTH+1, 248 OID_CertificateRevocationList}, 249 KMFOID_CrossCertificatePair = {OID_ATTR_TYPE_LENGTH+1, 250 OID_CrossCertificatePair}, 251 KMFOID_Name = {OID_ATTR_TYPE_LENGTH+1, OID_Name}, 252 KMFOID_GivenName = {OID_ATTR_TYPE_LENGTH+1, OID_GivenName}, 253 KMFOID_Initials = {OID_ATTR_TYPE_LENGTH+1, OID_Initials}, 254 KMFOID_GenerationQualifier = {OID_ATTR_TYPE_LENGTH+1, OID_GenerationQualifier}, 255 KMFOID_UniqueIdentifier = {OID_ATTR_TYPE_LENGTH+1, OID_UniqueIdentifier}, 256 KMFOID_DNQualifier = {OID_ATTR_TYPE_LENGTH+1, OID_DNQualifier}, 257 KMFOID_EnhancedSearchGuide = {OID_ATTR_TYPE_LENGTH+1, OID_EnhancedSearchGuide}, 258 KMFOID_ProtocolInformation = {OID_ATTR_TYPE_LENGTH+1, OID_ProtocolInformation}, 259 KMFOID_DistinguishedName = {OID_ATTR_TYPE_LENGTH+1, OID_DistinguishedName}, 260 KMFOID_UniqueMember = {OID_ATTR_TYPE_LENGTH+1, OID_UniqueMember}, 261 KMFOID_HouseIdentifier = {OID_ATTR_TYPE_LENGTH+1, OID_HouseIdentifier}, 262 KMFOID_EmailAddress = {OID_PKCS_9_LENGTH+1, OID_EmailAddress}, 263 KMFOID_UnstructuredName = {OID_PKCS_9_LENGTH+1, OID_UnstructuredName}, 264 KMFOID_ContentType = {OID_PKCS_9_LENGTH+1, OID_ContentType}, 265 KMFOID_MessageDigest = {OID_PKCS_9_LENGTH+1, OID_MessageDigest}, 266 KMFOID_SigningTime = {OID_PKCS_9_LENGTH+1, OID_SigningTime}, 267 KMFOID_CounterSignature = {OID_PKCS_9_LENGTH+1, OID_CounterSignature}, 268 KMFOID_ChallengePassword = {OID_PKCS_9_LENGTH+1, OID_ChallengePassword}, 269 KMFOID_UnstructuredAddress = {OID_PKCS_9_LENGTH+1, OID_UnstructuredAddress}, 270 KMFOID_ExtendedCertificateAttributes = {OID_PKCS_9_LENGTH+1, 271 OID_ExtendedCertificateAttributes}, 272 KMFOID_ExtensionRequest = {OID_PKCS_9_LENGTH + 1, OID_ExtensionRequest}; 273 274 static uint8_t 275 OID_AuthorityKeyID[] = { OID_EXTENSION, 1 }, 276 OID_VerisignCertificatePolicy[] = { OID_EXTENSION, 3 }, 277 OID_KeyUsageRestriction[] = { OID_EXTENSION, 4 }; 278 279 const KMF_OID 280 KMFOID_AuthorityKeyID = {OID_EXTENSION_LENGTH+1, OID_AuthorityKeyID}, 281 282 KMFOID_VerisignCertificatePolicy = {OID_EXTENSION_LENGTH+1, 283 OID_VerisignCertificatePolicy}, 284 285 KMFOID_KeyUsageRestriction = {OID_EXTENSION_LENGTH+1, 286 OID_KeyUsageRestriction}, 287 288 KMFOID_SubjectDirectoryAttributes = {OID_EXTENSION_LENGTH+1, 289 OID_SubjectDirectoryAttributes}, 290 291 KMFOID_SubjectKeyIdentifier = {OID_EXTENSION_LENGTH+1, 292 OID_SubjectKeyIdentifier }, 293 KMFOID_KeyUsage = {OID_EXTENSION_LENGTH+1, OID_KeyUsage }, 294 295 KMFOID_PrivateKeyUsagePeriod = {OID_EXTENSION_LENGTH+1, 296 OID_PrivateKeyUsagePeriod}, 297 KMFOID_SubjectAltName = {OID_EXTENSION_LENGTH+1, OID_SubjectAltName }, 298 KMFOID_IssuerAltName = {OID_EXTENSION_LENGTH+1, OID_IssuerAltName }, 299 KMFOID_BasicConstraints = {OID_EXTENSION_LENGTH+1, OID_BasicConstraints }, 300 301 KMFOID_CrlNumber = {OID_EXTENSION_LENGTH+1, OID_CrlNumber}, 302 303 KMFOID_CrlReason = {OID_EXTENSION_LENGTH+1, OID_CrlReason}, 304 305 KMFOID_HoldInstructionCode = {OID_EXTENSION_LENGTH+1, OID_HoldInstructionCode}, 306 307 KMFOID_InvalidityDate = {OID_EXTENSION_LENGTH+1, OID_InvalidityDate}, 308 309 KMFOID_DeltaCrlIndicator = {OID_EXTENSION_LENGTH+1, OID_DeltaCrlIndicator}, 310 311 KMFOID_IssuingDistributionPoints = {OID_EXTENSION_LENGTH+1, 312 OID_IssuingDistributionPoints}, 313 314 KMFOID_NameConstraints = {OID_EXTENSION_LENGTH+1, 315 OID_NameConstraints}, 316 317 KMFOID_CrlDistributionPoints = {OID_EXTENSION_LENGTH+1, 318 OID_CrlDistributionPoints}, 319 320 KMFOID_CertificatePolicies = {OID_EXTENSION_LENGTH+1, 321 OID_CertificatePolicies}, 322 323 KMFOID_PolicyMappings = {OID_EXTENSION_LENGTH+1, OID_PolicyMappings}, 324 325 KMFOID_PolicyConstraints = {OID_EXTENSION_LENGTH+1, OID_PolicyConstraints}, 326 327 KMFOID_AuthorityKeyIdentifier = {OID_EXTENSION_LENGTH+1, 328 OID_AuthorityKeyIdentifier}, 329 330 KMFOID_ExtendedKeyUsage = {OID_EXTENSION_LENGTH+1, OID_ExtKeyUsage}, 331 332 KMFOID_PKIX_PQ_CPSuri = {OID_PKIX_QT_CPS_LENGTH, OID_QT_CPSuri}, 333 334 KMFOID_PKIX_PQ_Unotice = {OID_PKIX_QT_UNOTICE_LENGTH, OID_QT_Unotice}, 335 336 /* Extended Key Usage OIDs */ 337 KMFOID_PKIX_KP_ServerAuth = {OID_PKIX_KP_LENGTH + 1, OID_KP_ServerAuth}, 338 339 KMFOID_PKIX_KP_ClientAuth = {OID_PKIX_KP_LENGTH + 1, OID_KP_ClientAuth}, 340 341 KMFOID_PKIX_KP_CodeSigning = {OID_PKIX_KP_LENGTH + 1, OID_KP_CodeSigning}, 342 343 KMFOID_PKIX_KP_EmailProtection = {OID_PKIX_KP_LENGTH + 1, 344 OID_KP_EmailProtection}, 345 346 KMFOID_PKIX_KP_IPSecEndSystem = {OID_PKIX_KP_LENGTH + 1, OID_KP_IPSecEndSystem}, 347 348 KMFOID_PKIX_KP_IPSecTunnel = {OID_PKIX_KP_LENGTH + 1, OID_KP_IPSecTunnel}, 349 350 KMFOID_PKIX_KP_IPSecUser = {OID_PKIX_KP_LENGTH + 1, OID_KP_IPSecUser}, 351 352 KMFOID_PKIX_KP_TimeStamping = {OID_PKIX_KP_LENGTH + 1, OID_KP_TimeStamping}, 353 354 KMFOID_PKIX_KP_OCSPSigning = {OID_PKIX_KP_LENGTH + 1, OID_KP_OCSPSigning}; 355 356 static uint8_t 357 OID_OIW_SHA1[] = { OID_OIW_ALGORITHM, 26}, 358 OID_OIW_DSA[] = { OID_OIW_ALGORITHM, 12 }, 359 OID_OIW_DSAWithSHA1[] = { OID_OIW_ALGORITHM, 13 }, 360 OID_RSAEncryption[] = { OID_PKCS_1, 1 }, 361 OID_MD2WithRSA[] = { OID_PKCS_1, 2 }, 362 OID_MD5WithRSA[] = { OID_PKCS_1, 4 }, 363 OID_SHA1WithRSA[] = { OID_PKCS_1, 5 }, 364 OID_SHA256WithRSA[] = { OID_PKCS_1, 11 }, 365 OID_SHA384WithRSA[] = { OID_PKCS_1, 12 }, 366 OID_SHA512WithRSA[] = { OID_PKCS_1, 13 }, 367 OID_X9CM_DSA[] = { OID_X9CM_X9ALGORITHM, 1 }, 368 OID_X9CM_DSAWithSHA1[] = { OID_X9CM_X9ALGORITHM, 3}; 369 370 const KMF_OID 371 KMFOID_SHA1 = {OID_OIW_ALGORITHM_LENGTH+1, OID_OIW_SHA1}, 372 KMFOID_RSA = {OID_PKCS_1_LENGTH+1, OID_RSAEncryption}, 373 KMFOID_DSA = {OID_OIW_ALGORITHM_LENGTH+1, OID_OIW_DSA}, 374 KMFOID_MD5WithRSA = {OID_PKCS_1_LENGTH+1, OID_MD5WithRSA}, 375 KMFOID_MD2WithRSA = {OID_PKCS_1_LENGTH+1, OID_MD2WithRSA}, 376 KMFOID_SHA1WithRSA = {OID_PKCS_1_LENGTH+1, OID_SHA1WithRSA}, 377 KMFOID_SHA256WithRSA = {OID_PKCS_1_LENGTH+1, OID_SHA256WithRSA}, 378 KMFOID_SHA384WithRSA = {OID_PKCS_1_LENGTH+1, OID_SHA384WithRSA}, 379 KMFOID_SHA512WithRSA = {OID_PKCS_1_LENGTH+1, OID_SHA512WithRSA}, 380 KMFOID_SHA1WithDSA = {OID_OIW_ALGORITHM_LENGTH+1, OID_OIW_DSAWithSHA1}, 381 KMFOID_X9CM_DSA = {OID_X9CM_X9ALGORITHM_LENGTH+1, OID_X9CM_DSA}, 382 KMFOID_X9CM_DSAWithSHA1 = {OID_X9CM_X9ALGORITHM_LENGTH+1, 383 OID_X9CM_DSAWithSHA1}; 384 385 /* 386 * New for PKINIT support. 387 */ 388 static uint8_t 389 OID_pkinit_san[] = { OID_KRB5_SAN }, 390 OID_pkinit_san_upn[] = { OID_MS_KP_SC_LOGON_UPN }, 391 OID_pkinit_kp_clientauth[] = { OID_KRB5_PKINIT_KPCLIENTAUTH }, 392 OID_pkinit_kp_kdc[] = { OID_KRB5_PKINIT_KPKDC }, 393 OID_pkinit_kp_sc_logon[] = { OID_MS_KP_SC_LOGON }; 394 395 const KMF_OID 396 KMFOID_PKINIT_san = {OID_KRB5_SAN_LENGTH, OID_pkinit_san }, 397 KMFOID_PKINIT_ClientAuth = {OID_KRB5_PKINIT_KPCLIENTAUTH_LENGTH, 398 OID_pkinit_kp_clientauth}, 399 KMFOID_PKINIT_Kdc = {OID_KRB5_PKINIT_KPKDC_LENGTH, 400 OID_pkinit_kp_kdc}, 401 KMFOID_MS_KP_SCLogon = {OID_MS_KP_SC_LOGON_LENGTH, 402 OID_pkinit_kp_sc_logon}, 403 KMFOID_MS_KP_SCLogon_UPN = {OID_MS_KP_SC_LOGON_UPN_LENGTH, 404 OID_pkinit_san_upn}; 405 406 /* 407 * MD5 408 * iso(1) member-body(2) us(840) rsadsi(113549) 409 * digestAlgorithm(2) 5 410 */ 411 #define RSADSI 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d 412 #define OID_id_md5 RSADSI, 0x02, 0x05 413 414 /* 415 * SHA2 OIDs 416 */ 417 #define NIST_ALG 96, 134, 72, 1, 101, 3, 4 418 #define NIST_HASH NIST_ALG, 2 419 #define OID_id_sha256 NIST_HASH, 1 420 #define OID_id_sha384 NIST_HASH, 2 421 #define OID_id_sha512 NIST_HASH, 3 422 #define OID_id_sha224 NIST_HASH, 4 423 424 #define OID_id_dsa_with_sha224 NIST_ALG, 3, 1 425 #define OID_id_dsa_with_sha256 NIST_ALG, 3, 2 426 427 /* 428 * For ECC support. 429 */ 430 #define CERTICOM_OID 0x2b, 0x81, 0x04 431 #define SECG_OID CERTICOM_OID, 0x00 432 433 #define ANSI_X962_OID 0x2a, 0x86, 0x48, 0xce, 0x3d 434 #define ANSI_X962_CURVE_OID ANSI_X962_OID, 0x03 435 #define ANSI_X962_GF2m_OID ANSI_X962_CURVE_OID, 0x00 436 #define ANSI_X962_GFp_OID ANSI_X962_CURVE_OID, 0x01 437 438 #define ANSI_X962_SIG_OID ANSI_X962_OID, 0x04 439 #define OID_ecdsa_with_sha224 ANSI_X962_SIG_OID, 3, 1 440 #define OID_ecdsa_with_sha256 ANSI_X962_SIG_OID, 3, 2 441 #define OID_ecdsa_with_sha384 ANSI_X962_SIG_OID, 3, 3 442 #define OID_ecdsa_with_sha512 ANSI_X962_SIG_OID, 3, 4 443 444 static uint8_t 445 OID_secp112r1[] = { 0x6, 0x5, SECG_OID, 0x06 }, 446 OID_secp112r2[] = { 0x6, 0x5, SECG_OID, 0x07 }, 447 OID_secp128r1[] = { 0x6, 0x5, SECG_OID, 0x1c }, 448 OID_secp128r2[] = { 0x6, 0x5, SECG_OID, 0x1d }, 449 OID_secp160k1[] = { 0x6, 0x5, SECG_OID, 0x09 }, 450 OID_secp160r1[] = { 0x6, 0x5, SECG_OID, 0x08 }, 451 OID_secp160r2[] = { 0x6, 0x5, SECG_OID, 0x1e }, 452 OID_secp192k1[] = { 0x6, 0x5, SECG_OID, 0x1f }, 453 OID_secp224k1[] = { 0x6, 0x5, SECG_OID, 0x20 }, 454 OID_secp224r1[] = { 0x6, 0x5, SECG_OID, 0x21 }, 455 OID_secp256k1[] = { 0x6, 0x5, SECG_OID, 0x0a }, 456 OID_secp384r1[] = { 0x6, 0x5, SECG_OID, 0x22 }, 457 OID_secp521r1[] = { 0x6, 0x5, SECG_OID, 0x23 }, 458 OID_sect113r1[] = { 0x6, 0x5, SECG_OID, 0x04 }, 459 OID_sect113r2[] = { 0x6, 0x5, SECG_OID, 0x05 }, 460 OID_sect131r1[] = { 0x6, 0x5, SECG_OID, 0x16 }, 461 OID_sect131r2[] = { 0x6, 0x5, SECG_OID, 0x17 }, 462 OID_sect163k1[] = { 0x6, 0x5, SECG_OID, 0x01 }, 463 OID_sect163r1[] = { 0x6, 0x5, SECG_OID, 0x02 }, 464 OID_sect163r2[] = { 0x6, 0x5, SECG_OID, 0x0f }, 465 OID_sect193r1[] = { 0x6, 0x5, SECG_OID, 0x18 }, 466 OID_sect193r2[] = { 0x6, 0x5, SECG_OID, 0x19 }, 467 OID_sect233k1[] = { 0x6, 0x5, SECG_OID, 0x1a }, 468 OID_sect233r1[] = { 0x6, 0x5, SECG_OID, 0x1b }, 469 OID_sect239k1[] = { 0x6, 0x5, SECG_OID, 0x03 }, 470 OID_sect283k1[] = { 0x6, 0x5, SECG_OID, 0x10 }, 471 OID_sect283r1[] = { 0x6, 0x5, SECG_OID, 0x11 }, 472 OID_sect409k1[] = { 0x6, 0x5, SECG_OID, 0x24 }, 473 OID_sect409r1[] = { 0x6, 0x5, SECG_OID, 0x25 }, 474 OID_sect571k1[] = { 0x6, 0x5, SECG_OID, 0x26 }, 475 OID_sect571r1[] = { 0x6, 0x5, SECG_OID, 0x27 }, 476 OID_c2pnb163v1[] = { 0x6, 0x8, ANSI_X962_GF2m_OID, 0x01 }, 477 OID_c2pnb163v2[] = { 0x6, 0x8, ANSI_X962_GF2m_OID, 0x02 }, 478 OID_c2pnb163v3[] = { 0x6, 0x8, ANSI_X962_GF2m_OID, 0x03 }, 479 OID_c2pnb176v1[] = { 0x6, 0x8, ANSI_X962_GF2m_OID, 0x04 }, 480 OID_c2tnb191v1[] = { 0x6, 0x8, ANSI_X962_GF2m_OID, 0x05 }, 481 OID_c2tnb191v2[] = { 0x6, 0x8, ANSI_X962_GF2m_OID, 0x06 }, 482 OID_c2tnb191v3[] = { 0x6, 0x8, ANSI_X962_GF2m_OID, 0x07 }, 483 OID_c2pnb208w1[] = { 0x6, 0x8, ANSI_X962_GF2m_OID, 0x0a }, 484 OID_c2tnb239v1[] = { 0x6, 0x8, ANSI_X962_GF2m_OID, 0x0b }, 485 OID_c2tnb239v2[] = { 0x6, 0x8, ANSI_X962_GF2m_OID, 0x0c }, 486 OID_c2tnb239v3[] = { 0x6, 0x8, ANSI_X962_GF2m_OID, 0x0d }, 487 OID_c2pnb272w1[] = { 0x6, 0x8, ANSI_X962_GF2m_OID, 0x10 }, 488 OID_c2pnb304w1[] = { 0x6, 0x8, ANSI_X962_GF2m_OID, 0x11 }, 489 OID_c2tnb359v1[] = { 0x6, 0x8, ANSI_X962_GF2m_OID, 0x12 }, 490 OID_c2pnb368w1[] = { 0x6, 0x8, ANSI_X962_GF2m_OID, 0x13 }, 491 OID_c2tnb431r1[] = { 0x6, 0x8, ANSI_X962_GF2m_OID, 0x14 }, 492 493 OID_prime192v2[] = { 0x6, 0x8, ANSI_X962_GFp_OID, 0x02 }, 494 OID_prime192v3[] = { 0x6, 0x8, ANSI_X962_GFp_OID, 0x03 }, 495 496 OID_secp192r1[] = { 0x6, 0x8, ANSI_X962_GFp_OID, 0x01 }, 497 OID_secp256r1[] = { 0x6, 0x8, ANSI_X962_GFp_OID, 0x07 }; 498 499 const KMF_OID 500 KMFOID_ECC_secp112r1 = {sizeof (OID_secp112r1), OID_secp112r1}, 501 KMFOID_ECC_secp112r2 = {sizeof (OID_secp112r2), OID_secp112r2}, 502 KMFOID_ECC_secp128r1 = {sizeof (OID_secp128r1), OID_secp128r1}, 503 KMFOID_ECC_secp128r2 = {sizeof (OID_secp128r2), OID_secp128r2}, 504 KMFOID_ECC_secp160k1 = {sizeof (OID_secp160k1), OID_secp160k1}, 505 KMFOID_ECC_secp160r1 = {sizeof (OID_secp160r1), OID_secp160r1}, 506 KMFOID_ECC_secp160r2 = {sizeof (OID_secp160r2), OID_secp160r2}, 507 KMFOID_ECC_secp192k1 = {sizeof (OID_secp192k1), OID_secp192k1}, 508 KMFOID_ECC_secp224k1 = {sizeof (OID_secp224k1), OID_secp224k1}, 509 KMFOID_ECC_secp224r1 = {sizeof (OID_secp224r1), OID_secp224r1}, 510 KMFOID_ECC_secp256k1 = {sizeof (OID_secp256k1), OID_secp256k1}, 511 KMFOID_ECC_secp384r1 = {sizeof (OID_secp384r1), OID_secp384r1}, 512 KMFOID_ECC_secp521r1 = {sizeof (OID_secp521r1), OID_secp521r1}, 513 KMFOID_ECC_sect113r1 = {sizeof (OID_sect113r1), OID_sect113r1}, 514 KMFOID_ECC_sect113r2 = {sizeof (OID_sect113r2), OID_sect113r2}, 515 KMFOID_ECC_sect131r1 = {sizeof (OID_sect131r1), OID_sect131r1}, 516 KMFOID_ECC_sect131r2 = {sizeof (OID_sect131r2), OID_sect131r2}, 517 KMFOID_ECC_sect163k1 = {sizeof (OID_sect163k1), OID_sect163k1}, 518 KMFOID_ECC_sect163r1 = {sizeof (OID_sect163r1), OID_sect163r1}, 519 KMFOID_ECC_sect163r2 = {sizeof (OID_sect163r2), OID_sect163r2}, 520 KMFOID_ECC_sect193r1 = {sizeof (OID_sect193r1), OID_sect193r1}, 521 KMFOID_ECC_sect193r2 = {sizeof (OID_sect193r2), OID_sect193r2}, 522 KMFOID_ECC_sect233k1 = {sizeof (OID_sect233k1), OID_sect233k1}, 523 KMFOID_ECC_sect233r1 = {sizeof (OID_sect233r1), OID_sect233r1}, 524 KMFOID_ECC_sect239k1 = {sizeof (OID_sect239k1), OID_sect239k1}, 525 KMFOID_ECC_sect283k1 = {sizeof (OID_sect283k1), OID_sect283k1}, 526 KMFOID_ECC_sect283r1 = {sizeof (OID_sect283r1), OID_sect283r1}, 527 KMFOID_ECC_sect409k1 = {sizeof (OID_sect409k1), OID_sect409k1}, 528 KMFOID_ECC_sect409r1 = {sizeof (OID_sect409r1), OID_sect409r1}, 529 KMFOID_ECC_sect571k1 = {sizeof (OID_sect571k1), OID_sect571k1}, 530 KMFOID_ECC_sect571r1 = {sizeof (OID_sect571r1), OID_sect571r1}, 531 KMFOID_ECC_c2pnb163v1 = {sizeof (OID_c2pnb163v1), OID_c2pnb163v1}, 532 KMFOID_ECC_c2pnb163v2 = {sizeof (OID_c2pnb163v2), OID_c2pnb163v2}, 533 KMFOID_ECC_c2pnb163v3 = {sizeof (OID_c2pnb163v3), OID_c2pnb163v3}, 534 KMFOID_ECC_c2pnb176v1 = {sizeof (OID_c2pnb176v1), OID_c2pnb176v1}, 535 KMFOID_ECC_c2tnb191v1 = {sizeof (OID_c2tnb191v1), OID_c2tnb191v1}, 536 KMFOID_ECC_c2tnb191v2 = {sizeof (OID_c2tnb191v2), OID_c2tnb191v2}, 537 KMFOID_ECC_c2tnb191v3 = {sizeof (OID_c2tnb191v3), OID_c2tnb191v3}, 538 KMFOID_ECC_c2pnb208w1 = {sizeof (OID_c2pnb208w1), OID_c2pnb208w1}, 539 KMFOID_ECC_c2tnb239v1 = {sizeof (OID_c2tnb239v1), OID_c2tnb239v1}, 540 KMFOID_ECC_c2tnb239v2 = {sizeof (OID_c2tnb239v2), OID_c2tnb239v2}, 541 KMFOID_ECC_c2tnb239v3 = {sizeof (OID_c2tnb239v3), OID_c2tnb239v3}, 542 KMFOID_ECC_c2pnb272w1 = {sizeof (OID_c2pnb272w1), OID_c2pnb272w1}, 543 KMFOID_ECC_c2pnb304w1 = {sizeof (OID_c2pnb304w1), OID_c2pnb304w1}, 544 KMFOID_ECC_c2tnb359v1 = {sizeof (OID_c2tnb359v1), OID_c2tnb359v1}, 545 KMFOID_ECC_c2pnb368w1 = {sizeof (OID_c2pnb368w1), OID_c2pnb368w1}, 546 KMFOID_ECC_c2tnb431r1 = {sizeof (OID_c2tnb431r1), OID_c2tnb431r1}, 547 KMFOID_ECC_prime192v2 = {sizeof (OID_prime192v2), OID_prime192v2}, 548 KMFOID_ECC_prime192v3 = {sizeof (OID_prime192v3), OID_prime192v3}, 549 KMFOID_ECC_secp192r1 = {sizeof (OID_secp192r1), OID_secp192r1}, 550 KMFOID_ECC_secp256r1 = {sizeof (OID_secp256r1), OID_secp256r1}; 551 552 static uint8_t 553 OID_EC_PUBLIC_KEY[] = {ANSI_X962_OID, 0x02, 0x01}, 554 OID_ECDSA_SHA1[] = {ANSI_X962_OID, 0x04, 0x01}, 555 OID_ECDSA_SHA224[] = {ANSI_X962_OID, 0x04, 0x03, 0x01}, 556 OID_ECDSA_SHA256[] = {ANSI_X962_OID, 0x04, 0x03, 0x02}, 557 OID_ECDSA_SHA384[] = {ANSI_X962_OID, 0x04, 0x03, 0x03}, 558 OID_ECDSA_SHA512[] = {ANSI_X962_OID, 0x04, 0x03, 0x04}, 559 OID_DSA_SHA224[] = {OID_id_dsa_with_sha224}, 560 OID_DSA_SHA256[] = {OID_id_dsa_with_sha256}, 561 OID_SHA224[] = {OID_id_sha224}, 562 OID_SHA256[] = {OID_id_sha256}, 563 OID_SHA384[] = {OID_id_sha384}, 564 OID_SHA512[] = {OID_id_sha512}, 565 OID_MD5[] = {OID_id_md5}; 566 567 const KMF_OID 568 KMFOID_EC_PUBLIC_KEY = { sizeof (OID_EC_PUBLIC_KEY), OID_EC_PUBLIC_KEY}, 569 KMFOID_SHA1WithECDSA = { sizeof (OID_ECDSA_SHA1), OID_ECDSA_SHA1}, 570 KMFOID_SHA224WithECDSA = { sizeof (OID_ECDSA_SHA224), OID_ECDSA_SHA224}, 571 KMFOID_SHA256WithECDSA = { sizeof (OID_ECDSA_SHA256), OID_ECDSA_SHA256}, 572 KMFOID_SHA384WithECDSA = { sizeof (OID_ECDSA_SHA384), OID_ECDSA_SHA384}, 573 KMFOID_SHA512WithECDSA = { sizeof (OID_ECDSA_SHA512), OID_ECDSA_SHA512}, 574 KMFOID_SHA224WithDSA = { sizeof (OID_DSA_SHA224), OID_DSA_SHA224}, 575 KMFOID_SHA256WithDSA = { sizeof (OID_DSA_SHA256), OID_DSA_SHA256}, 576 KMFOID_SHA224 = { sizeof (OID_SHA224), OID_SHA224}, 577 KMFOID_SHA256 = { sizeof (OID_SHA256), OID_SHA256}, 578 KMFOID_SHA384 = { sizeof (OID_SHA384), OID_SHA384}, 579 KMFOID_SHA512 = { sizeof (OID_SHA512), OID_SHA512}, 580 KMFOID_MD5 = { sizeof (OID_MD5), OID_MD5}; 581