michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: #include "secoid.h" michael@0: #include "secmodt.h" /* for CKM_INVALID_MECHANISM */ michael@0: michael@0: #define OI(x) { siDEROID, (unsigned char *)x, sizeof x } michael@0: #define OD(oid,tag,desc,mech,ext) { OI(oid), tag, desc, mech, ext } michael@0: #define ODN(oid,desc) \ michael@0: { OI(oid), 0, desc, CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION } michael@0: michael@0: #define OIDT static const unsigned char michael@0: michael@0: /* OIW Security Special Interest Group defined algorithms. */ michael@0: #define OIWSSIG 0x2B, 13, 3, 2 michael@0: michael@0: OIDT oiwMD5RSA[] = { OIWSSIG, 3 }; michael@0: OIDT oiwDESCBC[] = { OIWSSIG, 7 }; michael@0: OIDT oiwRSAsig[] = { OIWSSIG, 11 }; michael@0: OIDT oiwDSA [] = { OIWSSIG, 12 }; michael@0: OIDT oiwMD5RSAsig[] = { OIWSSIG, 25 }; michael@0: OIDT oiwSHA1 [] = { OIWSSIG, 26 }; michael@0: OIDT oiwDSASHA1[] = { OIWSSIG, 27 }; michael@0: OIDT oiwDSASHA1param[] = { OIWSSIG, 28 }; michael@0: OIDT oiwSHA1RSA[] = { OIWSSIG, 29 }; michael@0: michael@0: michael@0: /* Microsoft OIDs. (1 3 6 1 4 1 311 ... ) */ michael@0: #define MICROSOFT 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37 michael@0: michael@0: OIDT mCTL[] = { MICROSOFT, 10, 3, 1 }; /* Cert Trust List signing */ michael@0: OIDT mTSS[] = { MICROSOFT, 10, 3, 2 }; /* Time Stamp Signing */ michael@0: OIDT mSGC[] = { MICROSOFT, 10, 3, 3 }; /* Server gated cryptography */ michael@0: OIDT mEFS[] = { MICROSOFT, 10, 3, 4 }; /* Encrypted File System */ michael@0: OIDT mSMIME[] = { MICROSOFT, 16, 4 }; /* SMIME encryption key prefs */ michael@0: michael@0: OIDT mECRTT[] = { MICROSOFT, 20, 2 }; /* Enrollment cert type xtn */ michael@0: OIDT mEAGNT[] = { MICROSOFT, 20, 2, 1 }; /* Enrollment Agent */ michael@0: OIDT mKPSCL[] = { MICROSOFT, 20, 2, 2 }; /* KP SmartCard Logon */ michael@0: OIDT mNTPN [] = { MICROSOFT, 20, 2, 3 }; /* NT Principal Name */ michael@0: OIDT mCASRV[] = { MICROSOFT, 21, 1 }; /* CertServ CA version */ michael@0: michael@0: /* AOL OIDs (1 3 6 1 4 1 1066 ... ) */ michael@0: #define AOL 0x2B, 0x06, 0x01, 0x04, 0x01, 0x88, 0x2A michael@0: michael@0: /* PKIX IDs (1 3 6 1 5 5 7 ...) */ michael@0: #define ID_PKIX 0x2B, 6, 1, 5, 5, 7 michael@0: /* PKIX Access Descriptors (methods for Authority Info Access Extns) */ michael@0: #define ID_AD ID_PKIX, 48 michael@0: michael@0: OIDT padOCSP[] = { ID_AD, 1 }; /* OCSP method */ michael@0: OIDT padCAissuer[] = { ID_AD, 2 }; /* URI (for CRL ?) */ michael@0: OIDT padTimeStamp[] = { ID_AD, 3 }; /* time stamping */ michael@0: michael@0: /* ISO Cert Extension type OIDs (id-ce) (2 5 29 ...) */ michael@0: #define X500 0x55 michael@0: #define X520_ATTRIBUTE_TYPE X500, 0x04 michael@0: #define X500_ALG X500, 0x08 michael@0: #define X500_ALG_ENCRYPTION X500_ALG, 0x01 michael@0: #define ID_CE X500, 29 michael@0: michael@0: OIDT cePlcyObs[] = { ID_CE, 3 }; /* Cert policies, obsolete. */ michael@0: OIDT cePlcyCns[] = { ID_CE, 36 }; /* Cert policy constraints. */ michael@0: michael@0: /* US Company arc (2 16 840 1 ...) */ michael@0: #define USCOM 0x60, 0x86, 0x48, 0x01 michael@0: #define USGOV USCOM, 0x65 michael@0: #define USDOD USGOV, 2 michael@0: #define ID_INFOSEC USDOD, 1 michael@0: michael@0: /* Verisign PKI OIDs (2 16 840 1 113733 1 ...) */ michael@0: #define VERISIGN_PKI USCOM, 0x86, 0xf8, 0x45, 1 michael@0: #define VERISIGN_XTN VERISIGN_PKI, 6 michael@0: #define VERISIGN_POL VERISIGN_PKI, 7 /* Cert policies */ michael@0: #define VERISIGN_TNET VERISIGN_POL, 23 /* Verisign Trust Network */ michael@0: michael@0: OIDT vcx7[] = { VERISIGN_XTN, 7 }; /* Cert Extension 7 (?) */ michael@0: OIDT vcp1[] = { VERISIGN_TNET, 1 }; /* class 1 cert policy */ michael@0: OIDT vcp2[] = { VERISIGN_TNET, 2 }; /* class 2 cert policy */ michael@0: OIDT vcp3[] = { VERISIGN_TNET, 3 }; /* class 3 cert policy */ michael@0: OIDT vcp4[] = { VERISIGN_TNET, 4 }; /* class 4 cert policy */ michael@0: michael@0: michael@0: /* ------------------------------------------------------------------- */ michael@0: static const SECOidData oids[] = { michael@0: /* OIW Security Special Interest Group OIDs */ michael@0: ODN( oiwMD5RSA, "OIWSecSIG MD5 with RSA"), michael@0: ODN( oiwDESCBC, "OIWSecSIG DES CBC"), michael@0: ODN( oiwRSAsig, "OIWSecSIG RSA signature"), michael@0: ODN( oiwDSA , "OIWSecSIG DSA"), michael@0: ODN( oiwMD5RSAsig, "OIWSecSIG MD5 with RSA signature"), michael@0: ODN( oiwSHA1 , "OIWSecSIG SHA1"), michael@0: ODN( oiwDSASHA1, "OIWSecSIG DSA with SHA1"), michael@0: ODN( oiwDSASHA1param, "OIWSecSIG DSA with SHA1 with params"), michael@0: ODN( oiwSHA1RSA, "OIWSecSIG MD5 with RSA"), michael@0: michael@0: /* Microsoft OIDs */ michael@0: ODN( mCTL, "Microsoft Cert Trust List signing"), michael@0: ODN( mTSS, "Microsoft Time Stamp signing"), michael@0: ODN( mSGC, "Microsoft SGC SSL server"), michael@0: ODN( mEFS, "Microsoft Encrypted File System"), michael@0: ODN( mSMIME, "Microsoft SMIME preferences"), michael@0: ODN( mECRTT, "Microsoft Enrollment Cert Type Extension"), michael@0: ODN( mEAGNT, "Microsoft Enrollment Agent"), michael@0: ODN( mKPSCL, "Microsoft KP SmartCard Logon"), michael@0: ODN( mNTPN, "Microsoft NT Principal Name"), michael@0: ODN( mCASRV, "Microsoft CertServ CA version"), michael@0: michael@0: /* PKIX OIDs */ michael@0: ODN( padOCSP, "PKIX OCSP method"), michael@0: ODN( padCAissuer, "PKIX CA Issuer method"), michael@0: ODN( padTimeStamp, "PKIX Time Stamping method"), michael@0: michael@0: /* ID_CE OIDs. */ michael@0: ODN( cePlcyObs, "Certificate Policies (Obsolete)"), michael@0: ODN( cePlcyCns, "Certificate Policy Constraints"), michael@0: michael@0: /* Verisign OIDs. */ michael@0: ODN( vcx7, "Verisign Cert Extension 7 (?)"), michael@0: ODN( vcp1, "Verisign Class 1 Certificate Policy"), michael@0: ODN( vcp2, "Verisign Class 2 Certificate Policy"), michael@0: ODN( vcp3, "Verisign Class 3 Certificate Policy"), michael@0: ODN( vcp4, "Verisign Class 4 Certificate Policy"), michael@0: michael@0: }; michael@0: michael@0: static const unsigned int numOids = (sizeof oids) / (sizeof oids[0]); michael@0: michael@0: /* Fetch and register an oid if it hasn't been done already */ michael@0: void michael@0: SECU_cert_fetchOID(SECOidTag *data, const SECOidData *src) michael@0: { michael@0: if (*data == SEC_OID_UNKNOWN) { michael@0: /* AddEntry does the right thing if someone else has already michael@0: * added the oid. (that is return that oid tag) */ michael@0: *data = SECOID_AddEntry(src); michael@0: } michael@0: } michael@0: michael@0: SECStatus michael@0: SECU_RegisterDynamicOids(void) michael@0: { michael@0: unsigned int i; michael@0: SECStatus rv = SECSuccess; michael@0: michael@0: for (i = 0; i < numOids; ++i) { michael@0: SECOidTag tag = SECOID_AddEntry(&oids[i]); michael@0: if (tag == SEC_OID_UNKNOWN) { michael@0: rv = SECFailure; michael@0: #ifdef DEBUG_DYN_OIDS michael@0: fprintf(stderr, "Add OID[%d] failed\n", i); michael@0: } else { michael@0: fprintf(stderr, "Add OID[%d] returned tag %d\n", i, tag); michael@0: #endif michael@0: } michael@0: } michael@0: return rv; michael@0: }