diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 7e0948eee..9ae27ceb8 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -4506,6 +4506,148 @@ static const byte extCertPolicyAnyOid[] = {85, 29, 32, 0}; CERT_POLICY_TYPE_OID_BASE(41); static const byte extCertPolicyFpkiPiviAuthOid[] = CERT_POLICY_TYPE_OID_BASE(45); + /* DoD PKI OIDs - 2.16.840.1.101.2.1.11.X */ + #define DOD_POLICY_TYPE_OID_BASE(num) {96, 134, 72, 1, 101, 2, 1, 11, num} + static const byte extCertPolicyDodMediumOid[] = + DOD_POLICY_TYPE_OID_BASE(5); + static const byte extCertPolicyDodMediumHardwareOid[] = + DOD_POLICY_TYPE_OID_BASE(9); + static const byte extCertPolicyDodPivAuthOid[] = + DOD_POLICY_TYPE_OID_BASE(10); + static const byte extCertPolicyDodMediumNpeOid[] = + DOD_POLICY_TYPE_OID_BASE(17); + static const byte extCertPolicyDodMedium2048Oid[] = + DOD_POLICY_TYPE_OID_BASE(18); + static const byte extCertPolicyDodMediumHardware2048Oid[] = + DOD_POLICY_TYPE_OID_BASE(19); + static const byte extCertPolicyDodPivAuth2048Oid[] = + DOD_POLICY_TYPE_OID_BASE(20); + static const byte extCertPolicyDodPeerInteropOid[] = + DOD_POLICY_TYPE_OID_BASE(31); + static const byte extCertPolicyDodMediumNpe112Oid[] = + DOD_POLICY_TYPE_OID_BASE(36); + static const byte extCertPolicyDodMediumNpe128Oid[] = + DOD_POLICY_TYPE_OID_BASE(37); + static const byte extCertPolicyDodMediumNpe192Oid[] = + DOD_POLICY_TYPE_OID_BASE(38); + static const byte extCertPolicyDodMedium112Oid[] = + DOD_POLICY_TYPE_OID_BASE(39); + static const byte extCertPolicyDodMedium128Oid[] = + DOD_POLICY_TYPE_OID_BASE(40); + static const byte extCertPolicyDodMedium192Oid[] = + DOD_POLICY_TYPE_OID_BASE(41); + static const byte extCertPolicyDodMediumHardware112Oid[] = + DOD_POLICY_TYPE_OID_BASE(42); + static const byte extCertPolicyDodMediumHardware128Oid[] = + DOD_POLICY_TYPE_OID_BASE(43); + static const byte extCertPolicyDodMediumHardware192Oid[] = + DOD_POLICY_TYPE_OID_BASE(44); + static const byte extCertPolicyDodAdminOid[] = + DOD_POLICY_TYPE_OID_BASE(59); + static const byte extCertPolicyDodInternalNpe112Oid[] = + DOD_POLICY_TYPE_OID_BASE(60); + static const byte extCertPolicyDodInternalNpe128Oid[] = + DOD_POLICY_TYPE_OID_BASE(61); + static const byte extCertPolicyDodInternalNpe192Oid[] = + /* ECA PKI OIDs - 2.16.840.1.101.3.2.1.12.X */ + #define ECA_POLICY_TYPE_OID_BASE(num) {96, 134, 72, 1, 101, 3, 2, 1, 12, num} + static const byte extCertPolicyEcaMediumOid[] = + ECA_POLICY_TYPE_OID_BASE(1); + static const byte extCertPolicyEcaMediumHardwareOid[] = + ECA_POLICY_TYPE_OID_BASE(2); + static const byte extCertPolicyEcaMediumTokenOid[] = + ECA_POLICY_TYPE_OID_BASE(3); + static const byte extCertPolicyEcaMediumSha256Oid[] = + ECA_POLICY_TYPE_OID_BASE(4); + static const byte extCertPolicyEcaMediumTokenSha256Oid[] = + ECA_POLICY_TYPE_OID_BASE(5); + static const byte extCertPolicyEcaMediumHardwarePiviOid[] = + ECA_POLICY_TYPE_OID_BASE(6); + static const byte extCertPolicyEcaContentSigningPiviOid[] = + ECA_POLICY_TYPE_OID_BASE(8); + static const byte extCertPolicyEcaMediumDeviceSha256Oid[] = + ECA_POLICY_TYPE_OID_BASE(9); + static const byte extCertPolicyEcaMediumHardwareSha256Oid[] = + ECA_POLICY_TYPE_OID_BASE(10); + DOD_POLICY_TYPE_OID_BASE(62); + /* Verizon/Cybertrust Federal SSP PKI OIDs - 2.16.840.1.101.3.2.1.3.X */ + #define VERIZON_POLICY_TYPE_OID_BASE(num) {96, 134, 72, 1, 101, 3, 2, 1, 3, num} + static const byte extCertPolicyVerizonCommonHwOid[] = + VERIZON_POLICY_TYPE_OID_BASE(7); + static const byte extCertPolicyVerizonCommonAuthOid[] = + VERIZON_POLICY_TYPE_OID_BASE(13); + static const byte extCertPolicyVerizonCommonPivCsOid[] = + VERIZON_POLICY_TYPE_OID_BASE(39); + + /* WidePoint Federal SSP PKI OIDs - 2.16.840.1.101.3.2.1.3.X */ + #define WIDEPOINT_POLICY_TYPE_OID_BASE(num) {96, 134, 72, 1, 101, 3, 2, 1, 3, num} + static const byte extCertPolicyWidepointCommonHwOid[] = + WIDEPOINT_POLICY_TYPE_OID_BASE(7); + static const byte extCertPolicyWidepointCommonAuthOid[] = + WIDEPOINT_POLICY_TYPE_OID_BASE(13); + static const byte extCertPolicyWidepointCommonDevHwOid[] = + WIDEPOINT_POLICY_TYPE_OID_BASE(36); + static const byte extCertPolicyWidepointCommonPivCsOid[] = + WIDEPOINT_POLICY_TYPE_OID_BASE(39); + + /* IdenTrust NFI OIDs - 2.16.840.1.113839.0.100.X.Y */ + #define IDENTRUST_POLICY_TYPE_OID_BASE(num1, num2) {96, 134, 72, 1, 129, 113, 67, 0, 100, num1, num2} + static const byte extCertPolicyIdentrustMediumhwSignOid[] = + IDENTRUST_POLICY_TYPE_OID_BASE(12, 1); + static const byte extCertPolicyIdentrustMediumhwEncOid[] = + IDENTRUST_POLICY_TYPE_OID_BASE(12, 2); + static const byte extCertPolicyIdentrustPiviHwIdOid[] = + IDENTRUST_POLICY_TYPE_OID_BASE(18, 0); + static const byte extCertPolicyIdentrustPiviHwSignOid[] = + IDENTRUST_POLICY_TYPE_OID_BASE(18, 1); + static const byte extCertPolicyIdentrustPiviHwEncOid[] = + IDENTRUST_POLICY_TYPE_OID_BASE(18, 2); + static const byte extCertPolicyIdentrustPiviContentOid[] = + IDENTRUST_POLICY_TYPE_OID_BASE(20, 1); + + /* TSCP Bridge OIDs - 1.3.6.1.4.1.38099.1.1.1.X */ + #define TSCP_POLICY_TYPE_OID_BASE(num) {43, 6, 1, 4, 1, 131, 59, 35, 1, 1, 1, num} + static const byte extCertPolicyTscpMediumhwOid[] = + TSCP_POLICY_TYPE_OID_BASE(2); + static const byte extCertPolicyTscpPiviOid[] = + TSCP_POLICY_TYPE_OID_BASE(5); + static const byte extCertPolicyTscpPiviContentOid[] = + TSCP_POLICY_TYPE_OID_BASE(7); + + /* Carillon Federal Services OIDs - 1.3.6.1.4.1.45606.3.1.X */ + #define CARILLON_POLICY_TYPE_OID_BASE(num) {43, 6, 1, 4, 1, 131, 59, 178, 38, 3, 1, num} + static const byte extCertPolicyCarillonMediumhw256Oid[] = + CARILLON_POLICY_TYPE_OID_BASE(12); + static const byte extCertPolicyCarillonAivhwOid[] = + CARILLON_POLICY_TYPE_OID_BASE(20); + static const byte extCertPolicyCarillonAivcontentOid[] = + CARILLON_POLICY_TYPE_OID_BASE(22); + + /* Carillon Information Security OIDs - 1.3.6.1.4.1.25054.3.1.X */ + #define CIS_POLICY_TYPE_OID_BASE(num) {43, 6, 1, 4, 1, 131, 59, 97, 230, 3, 1, num} + static const byte extCertPolicyCisMediumhw256Oid[] = + CIS_POLICY_TYPE_OID_BASE(12); + static const byte extCertPolicyCisMeddevhw256Oid[] = + CIS_POLICY_TYPE_OID_BASE(14); + static const byte extCertPolicyCisIcecapHwOid[] = + CIS_POLICY_TYPE_OID_BASE(20); + static const byte extCertPolicyCisIcecapContentOid[] = + CIS_POLICY_TYPE_OID_BASE(22); + + /* CertiPath Bridge OIDs - 1.3.6.1.4.1.24019.1.1.1.X */ + #define CERTIPATH_POLICY_TYPE_OID_BASE(num) {43, 6, 1, 4, 1, 131, 59, 93, 227, 1, 1, 1, num} + static const byte extCertPolicyCertipathMediumhwOid[] = + CERTIPATH_POLICY_TYPE_OID_BASE(2); + static const byte extCertPolicyCertipathHighhwOid[] = + CERTIPATH_POLICY_TYPE_OID_BASE(3); + static const byte extCertPolicyCertipathIcecapHwOid[] = + CERTIPATH_POLICY_TYPE_OID_BASE(7); + static const byte extCertPolicyCertipathIcecapContentOid[] = + CERTIPATH_POLICY_TYPE_OID_BASE(9); + static const byte extCertPolicyCertipathVarMediumhwOid[] = + CERTIPATH_POLICY_TYPE_OID_BASE(18); + static const byte extCertPolicyCertipathVarHighhwOid[] = + CERTIPATH_POLICY_TYPE_OID_BASE(19); #endif /* WOLFSSL_FPKI */ /* certAltNameType */ @@ -5313,6 +5455,257 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz) oid = extCertPolicyFpkiPiviAuthOid; *oidSz = sizeof(extCertPolicyFpkiPiviAuthOid); break; + case CP_DOD_MEDIUM_OID: + oid = extCertPolicyDodMediumOid; + *oidSz = sizeof(extCertPolicyDodMediumOid); + break; + case CP_DOD_MEDIUM_HARDWARE_OID: + oid = extCertPolicyDodMediumHardwareOid; + *oidSz = sizeof(extCertPolicyDodMediumHardwareOid); + break; + case CP_DOD_PIV_AUTH_OID: + oid = extCertPolicyDodPivAuthOid; + *oidSz = sizeof(extCertPolicyDodPivAuthOid); + break; + case CP_DOD_MEDIUM_NPE_OID: + oid = extCertPolicyDodMediumNpeOid; + *oidSz = sizeof(extCertPolicyDodMediumNpeOid); + break; + case CP_DOD_MEDIUM_2048_OID: + oid = extCertPolicyDodMedium2048Oid; + *oidSz = sizeof(extCertPolicyDodMedium2048Oid); + break; + case CP_DOD_MEDIUM_HARDWARE_2048_OID: + oid = extCertPolicyDodMediumHardware2048Oid; + *oidSz = sizeof(extCertPolicyDodMediumHardware2048Oid); + break; + case CP_DOD_PIV_AUTH_2048_OID: + oid = extCertPolicyDodPivAuth2048Oid; + *oidSz = sizeof(extCertPolicyDodPivAuth2048Oid); + break; + case CP_DOD_PEER_INTEROP_OID: + oid = extCertPolicyDodPeerInteropOid; + *oidSz = sizeof(extCertPolicyDodPeerInteropOid); + break; + case CP_DOD_MEDIUM_NPE_112_OID: + oid = extCertPolicyDodMediumNpe112Oid; + *oidSz = sizeof(extCertPolicyDodMediumNpe112Oid); + break; + case CP_DOD_MEDIUM_NPE_128_OID: + oid = extCertPolicyDodMediumNpe128Oid; + *oidSz = sizeof(extCertPolicyDodMediumNpe128Oid); + break; + case CP_DOD_MEDIUM_NPE_192_OID: + oid = extCertPolicyDodMediumNpe192Oid; + *oidSz = sizeof(extCertPolicyDodMediumNpe192Oid); + break; + case CP_DOD_MEDIUM_112_OID: + oid = extCertPolicyDodMedium112Oid; + *oidSz = sizeof(extCertPolicyDodMedium112Oid); + break; + case CP_DOD_MEDIUM_128_OID: + oid = extCertPolicyDodMedium128Oid; + *oidSz = sizeof(extCertPolicyDodMedium128Oid); + break; + case CP_DOD_MEDIUM_192_OID: + oid = extCertPolicyDodMedium192Oid; + *oidSz = sizeof(extCertPolicyDodMedium192Oid); + break; + case CP_DOD_MEDIUM_HARDWARE_112_OID: + oid = extCertPolicyDodMediumHardware112Oid; + *oidSz = sizeof(extCertPolicyDodMediumHardware112Oid); + break; + case CP_DOD_MEDIUM_HARDWARE_128_OID: + oid = extCertPolicyDodMediumHardware128Oid; + *oidSz = sizeof(extCertPolicyDodMediumHardware128Oid); + break; + case CP_DOD_MEDIUM_HARDWARE_192_OID: + oid = extCertPolicyDodMediumHardware192Oid; + *oidSz = sizeof(extCertPolicyDodMediumHardware192Oid); + break; + case CP_DOD_ADMIN_OID: + oid = extCertPolicyDodAdminOid; + *oidSz = sizeof(extCertPolicyDodAdminOid); + break; + case CP_DOD_INTERNAL_NPE_112_OID: + oid = extCertPolicyDodInternalNpe112Oid; + *oidSz = sizeof(extCertPolicyDodInternalNpe112Oid); + break; + case CP_DOD_INTERNAL_NPE_128_OID: + oid = extCertPolicyDodInternalNpe128Oid; + *oidSz = sizeof(extCertPolicyDodInternalNpe128Oid); + break; + case CP_DOD_INTERNAL_NPE_192_OID: + oid = extCertPolicyDodInternalNpe192Oid; + *oidSz = sizeof(extCertPolicyDodInternalNpe192Oid); + break; + case CP_ECA_MEDIUM_OID: + oid = extCertPolicyEcaMediumOid; + *oidSz = sizeof(extCertPolicyEcaMediumOid); + break; + case CP_ECA_MEDIUM_HARDWARE_OID: + oid = extCertPolicyEcaMediumHardwareOid; + *oidSz = sizeof(extCertPolicyEcaMediumHardwareOid); + break; + case CP_ECA_MEDIUM_TOKEN_OID: + oid = extCertPolicyEcaMediumTokenOid; + *oidSz = sizeof(extCertPolicyEcaMediumTokenOid); + break; + case CP_ECA_MEDIUM_SHA256_OID: + oid = extCertPolicyEcaMediumSha256Oid; + *oidSz = sizeof(extCertPolicyEcaMediumSha256Oid); + break; + case CP_ECA_MEDIUM_TOKEN_SHA256_OID: + oid = extCertPolicyEcaMediumTokenSha256Oid; + *oidSz = sizeof(extCertPolicyEcaMediumTokenSha256Oid); + break; + case CP_ECA_MEDIUM_HARDWARE_PIVI_OID: + oid = extCertPolicyEcaMediumHardwarePiviOid; + *oidSz = sizeof(extCertPolicyEcaMediumHardwarePiviOid); + break; + case CP_ECA_CONTENT_SIGNING_PIVI_OID: + oid = extCertPolicyEcaContentSigningPiviOid; + *oidSz = sizeof(extCertPolicyEcaContentSigningPiviOid); + break; + case CP_ECA_MEDIUM_DEVICE_SHA256_OID: + oid = extCertPolicyEcaMediumDeviceSha256Oid; + *oidSz = sizeof(extCertPolicyEcaMediumDeviceSha256Oid); + break; + case CP_ECA_MEDIUM_HARDWARE_SHA256_OID: + oid = extCertPolicyEcaMediumHardwareSha256Oid; + *oidSz = sizeof(extCertPolicyEcaMediumHardwareSha256Oid); + break; + + /* New PKI OIDs added below */ + /* Verizon/Cybertrust Federal SSP PKI OIDs */ + case CP_VERIZON_COMMON_HW_OID: + oid = extCertPolicyVerizonCommonHwOid; + *oidSz = sizeof(extCertPolicyVerizonCommonHwOid); + break; + case CP_VERIZON_COMMON_AUTH_OID: + oid = extCertPolicyVerizonCommonAuthOid; + *oidSz = sizeof(extCertPolicyVerizonCommonAuthOid); + break; + case CP_VERIZON_COMMON_PIV_CS_OID: + oid = extCertPolicyVerizonCommonPivCsOid; + *oidSz = sizeof(extCertPolicyVerizonCommonPivCsOid); + break; + + /* WidePoint Federal SSP PKI OIDs */ + case CP_WIDEPOINT_COMMON_HW_OID: + oid = extCertPolicyWidepointCommonHwOid; + *oidSz = sizeof(extCertPolicyWidepointCommonHwOid); + break; + case CP_WIDEPOINT_COMMON_AUTH_OID: + oid = extCertPolicyWidepointCommonAuthOid; + *oidSz = sizeof(extCertPolicyWidepointCommonAuthOid); + break; + case CP_WIDEPOINT_COMMON_DEV_HW_OID: + oid = extCertPolicyWidepointCommonDevHwOid; + *oidSz = sizeof(extCertPolicyWidepointCommonDevHwOid); + break; + case CP_WIDEPOINT_COMMON_PIV_CS_OID: + oid = extCertPolicyWidepointCommonPivCsOid; + *oidSz = sizeof(extCertPolicyWidepointCommonPivCsOid); + break; + + /* IdenTrust NFI OIDs */ + case CP_IDENTRUST_MEDIUMHW_SIGN_OID: + oid = extCertPolicyIdentrustMediumhwSignOid; + *oidSz = sizeof(extCertPolicyIdentrustMediumhwSignOid); + break; + case CP_IDENTRUST_MEDIUMHW_ENC_OID: + oid = extCertPolicyIdentrustMediumhwEncOid; + *oidSz = sizeof(extCertPolicyIdentrustMediumhwEncOid); + break; + case CP_IDENTRUST_PIVI_HW_ID_OID: + oid = extCertPolicyIdentrustPiviHwIdOid; + *oidSz = sizeof(extCertPolicyIdentrustPiviHwIdOid); + break; + case CP_IDENTRUST_PIVI_HW_SIGN_OID: + oid = extCertPolicyIdentrustPiviHwSignOid; + *oidSz = sizeof(extCertPolicyIdentrustPiviHwSignOid); + break; + case CP_IDENTRUST_PIVI_HW_ENC_OID: + oid = extCertPolicyIdentrustPiviHwEncOid; + *oidSz = sizeof(extCertPolicyIdentrustPiviHwEncOid); + break; + case CP_IDENTRUST_PIVI_CONTENT_OID: + oid = extCertPolicyIdentrustPiviContentOid; + *oidSz = sizeof(extCertPolicyIdentrustPiviContentOid); + break; + + /* TSCP Bridge OIDs */ + case CP_TSCP_MEDIUMHW_OID: + oid = extCertPolicyTscpMediumhwOid; + *oidSz = sizeof(extCertPolicyTscpMediumhwOid); + break; + case CP_TSCP_PIVI_OID: + oid = extCertPolicyTscpPiviOid; + *oidSz = sizeof(extCertPolicyTscpPiviOid); + break; + case CP_TSCP_PIVI_CONTENT_OID: + oid = extCertPolicyTscpPiviContentOid; + *oidSz = sizeof(extCertPolicyTscpPiviContentOid); + break; + + /* Carillon Federal Services OIDs */ + case CP_CARILLON_MEDIUMHW_256_OID: + oid = extCertPolicyCarillonMediumhw256Oid; + *oidSz = sizeof(extCertPolicyCarillonMediumhw256Oid); + break; + case CP_CARILLON_AIVHW_OID: + oid = extCertPolicyCarillonAivhwOid; + *oidSz = sizeof(extCertPolicyCarillonAivhwOid); + break; + case CP_CARILLON_AIVCONTENT_OID: + oid = extCertPolicyCarillonAivcontentOid; + *oidSz = sizeof(extCertPolicyCarillonAivcontentOid); + break; + + /* Carillon Information Security OIDs */ + case CP_CIS_MEDIUMHW_256_OID: + oid = extCertPolicyCisMediumhw256Oid; + *oidSz = sizeof(extCertPolicyCisMediumhw256Oid); + break; + case CP_CIS_MEDDEVHW_256_OID: + oid = extCertPolicyCisMeddevhw256Oid; + *oidSz = sizeof(extCertPolicyCisMeddevhw256Oid); + break; + case CP_CIS_ICECAP_HW_OID: + oid = extCertPolicyCisIcecapHwOid; + *oidSz = sizeof(extCertPolicyCisIcecapHwOid); + break; + case CP_CIS_ICECAP_CONTENT_OID: + oid = extCertPolicyCisIcecapContentOid; + *oidSz = sizeof(extCertPolicyCisIcecapContentOid); + break; + + /* CertiPath Bridge OIDs */ + case CP_CERTIPATH_MEDIUMHW_OID: + oid = extCertPolicyCertipathMediumhwOid; + *oidSz = sizeof(extCertPolicyCertipathMediumhwOid); + break; + case CP_CERTIPATH_HIGHHW_OID: + oid = extCertPolicyCertipathHighhwOid; + *oidSz = sizeof(extCertPolicyCertipathHighhwOid); + break; + case CP_CERTIPATH_ICECAP_HW_OID: + oid = extCertPolicyCertipathIcecapHwOid; + *oidSz = sizeof(extCertPolicyCertipathIcecapHwOid); + break; + case CP_CERTIPATH_ICECAP_CONTENT_OID: + oid = extCertPolicyCertipathIcecapContentOid; + *oidSz = sizeof(extCertPolicyCertipathIcecapContentOid); + break; + case CP_CERTIPATH_VAR_MEDIUMHW_OID: + oid = extCertPolicyCertipathVarMediumhwOid; + *oidSz = sizeof(extCertPolicyCertipathVarMediumhwOid); + break; + case CP_CERTIPATH_VAR_HIGHHW_OID: + oid = extCertPolicyCertipathVarHighhwOid; + *oidSz = sizeof(extCertPolicyCertipathVarHighhwOid); + break; #endif /* WOLFSSL_FPKI */ default: break; @@ -6016,6 +6409,9 @@ static int GetOID(const byte* input, word32* inOutIdx, word32* oid, checkOid = blkAes256CbcOid; checkOidSz = sizeof(blkAes256CbcOid); } + if (oidType == oidCertPolicyType) { + checkOid = fpkiCertPolOid(*oid, &checkOidSz, actualOid, actualOidSz); + } #endif /* HAVE_AES_CBC */ #endif /* WOLFSSL_FPKI */ diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index e5ac2d0af..4835386dc 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -1425,10 +1425,201 @@ enum Extensions_Sum { enum CertificatePolicy_Sum { CP_ANY_OID = 146, /* id-ce 32 0 */ #ifdef WOLFSSL_FPKI + /* Federal PKI OIDs */ CP_FPKI_COMMON_AUTH_OID = 426, /* 2.16.840.1.101.3.2.1.3.13 */ CP_FPKI_PIV_AUTH_OID = 453, /* 2.16.840.1.101.3.2.1.3.40 */ CP_FPKI_PIV_AUTH_HW_OID = 454, /* 2.16.840.1.101.3.2.1.3.41 */ CP_FPKI_PIVI_AUTH_OID = 458, /* 2.16.840.1.101.3.2.1.3.45 */ + + /* DoD PKI OIDs */ + CP_DOD_MEDIUM_OID = 423, /* 2.16.840.1.101.2.1.11.5 */ + CP_DOD_MEDIUM_HARDWARE_OID = 427, /* 2.16.840.1.101.2.1.11.9 */ + CP_DOD_PIV_AUTH_OID = 428, /* 2.16.840.1.101.2.1.11.10 */ + CP_DOD_MEDIUM_NPE_OID = 435, /* 2.16.840.1.101.2.1.11.17 */ + CP_DOD_MEDIUM_2048_OID = 436, /* 2.16.840.1.101.2.1.11.18 */ + CP_DOD_MEDIUM_HARDWARE_2048_OID = 437, /* 2.16.840.1.101.2.1.11.19 */ + CP_DOD_PIV_AUTH_2048_OID = 438, /* 2.16.840.1.101.2.1.11.20 */ + CP_DOD_PEER_INTEROP_OID = 449, /* 2.16.840.1.101.2.1.11.31 */ + CP_DOD_MEDIUM_NPE_112_OID = 454, /* 2.16.840.1.101.2.1.11.36 */ + CP_DOD_MEDIUM_NPE_128_OID = 455, /* 2.16.840.1.101.2.1.11.37 */ + CP_DOD_MEDIUM_NPE_192_OID = 456, /* 2.16.840.1.101.2.1.11.38 */ + CP_DOD_MEDIUM_112_OID = 457, /* 2.16.840.1.101.2.1.11.39 */ + CP_DOD_MEDIUM_128_OID = 458, /* 2.16.840.1.101.2.1.11.40 */ + CP_DOD_MEDIUM_192_OID = 459, /* 2.16.840.1.101.2.1.11.41 */ + CP_DOD_MEDIUM_HARDWARE_112_OID = 460, /* 2.16.840.1.101.2.1.11.42 */ + CP_DOD_MEDIUM_HARDWARE_128_OID = 461, /* 2.16.840.1.101.2.1.11.43 */ + CP_DOD_MEDIUM_HARDWARE_192_OID = 462, /* 2.16.840.1.101.2.1.11.44 */ + CP_DOD_ADMIN_OID = 477, /* 2.16.840.1.101.2.1.11.59 */ + CP_DOD_INTERNAL_NPE_112_OID = 478, /* 2.16.840.1.101.2.1.11.60 */ + CP_DOD_INTERNAL_NPE_128_OID = 479, /* 2.16.840.1.101.2.1.11.61 */ + CP_DOD_INTERNAL_NPE_192_OID = 480, /* 2.16.840.1.101.2.1.11.62 */ + + /* ECA PKI OIDs */ + CP_ECA_MEDIUM_OID = 417, /* 2.16.840.1.101.3.2.1.12.1 */ + CP_ECA_MEDIUM_HARDWARE_OID = 418, /* 2.16.840.1.101.3.2.1.12.2 */ + CP_ECA_MEDIUM_TOKEN_OID = 419, /* 2.16.840.1.101.3.2.1.12.3 */ + CP_ECA_MEDIUM_SHA256_OID = 420, /* 2.16.840.1.101.3.2.1.12.4 */ + CP_ECA_MEDIUM_TOKEN_SHA256_OID = 421, /* 2.16.840.1.101.3.2.1.12.5 */ + CP_ECA_MEDIUM_HARDWARE_PIVI_OID = 422, /* 2.16.840.1.101.3.2.1.12.6 */ + CP_ECA_CONTENT_SIGNING_PIVI_OID = 424, /* 2.16.840.1.101.3.2.1.12.8 */ + CP_ECA_MEDIUM_DEVICE_SHA256_OID = 425, /* 2.16.840.1.101.3.2.1.12.9 */ + CP_ECA_MEDIUM_HARDWARE_SHA256_OID = 426, /* 2.16.840.1.101.3.2.1.12.10 */ + + /* Federal PKI OIDs */ + CP_FPKI_HIGH_ASSURANCE_OID = 417, /* 2.16.840.1.101.3.2.1.3.4 */ + CP_FPKI_COMMON_HARDWARE_OID = 420, /* 2.16.840.1.101.3.2.1.3.7 */ + CP_FPKI_MEDIUM_HARDWARE_OID = 425, /* 2.16.840.1.101.3.2.1.3.12 */ + CP_FPKI_COMMON_HIGH_OID = 429, /* 2.16.840.1.101.3.2.1.3.16 */ + CP_FPKI_PIVI_HARDWARE_OID = 431, /* 2.16.840.1.101.3.2.1.3.18 */ + CP_FPKI_PIVI_CONTENT_SIGNING_OID = 433, /* 2.16.840.1.101.3.2.1.3.20 */ + CP_FPKI_COMMON_DEVICES_HARDWARE_OID = 449, /* 2.16.840.1.101.3.2.1.3.36 */ + CP_FPKI_MEDIUM_DEVICE_HARDWARE_OID = 451, /* 2.16.840.1.101.3.2.1.3.38 */ + CP_FPKI_COMMON_PIV_CONTENT_SIGNING_OID = 452, /* 2.16.840.1.101.3.2.1.3.39 */ + CP_FPKI_COMMON_PIV_AUTH_DERIVED_HARDWARE_OID = 454, /* 2.16.840.1.101.3.2.1.3.41 */ + CP_FPKI_COMMON_PIVI_CONTENT_SIGNING_OID = 460, /* 2.16.840.1.101.3.2.1.3.47 */ + + /* Entrust Federal SSP PKI OIDs - shares OIDs with Federal PKI */ + /* DigiCert Federal SSP PKI OIDs - shares OIDs with Federal PKI */ + /* Verizon/Cybertrust Federal SSP PKI OIDs - shares OIDs with Federal PKI */ + /* WidePoint Federal SSP PKI OIDs - shares OIDs with Federal PKI */ + + /* Department of State PKI OIDs */ + CP_STATE_HIGH_OID = 420, /* 2.16.840.1.101.3.2.1.6.4 */ + CP_STATE_MEDHW_OID = 428, /* 2.16.840.1.101.3.2.1.6.12 */ + CP_STATE_MEDDEVHW_OID = 454, /* 2.16.840.1.101.3.2.1.6.38 */ + + /* U.S. Treasury SSP PKI OIDs */ + CP_TREAS_MEDIUMHW_OID = 419, /* 2.16.840.1.101.3.2.1.5.4 */ + CP_TREAS_HIGH_OID = 420, /* 2.16.840.1.101.3.2.1.5.5 */ + CP_TREAS_PIVI_HW_OID = 425, /* 2.16.840.1.101.3.2.1.5.10 */ + CP_TREAS_PIVI_CONTENT_OID = 427, /* 2.16.840.1.101.3.2.1.5.12 */ + + /* Boeing PKI OIDs */ + CP_BOEING_MEDIUMHW_SHA256_OID = 159, /* 1.3.6.1.4.1.73.15.3.1.12 */ + CP_BOEING_MEDIUMHW_CONTENT_SHA256_OID = 164, /* 1.3.6.1.4.1.73.15.3.1.17 */ + + /* Carillon Federal Services OIDs */ + CP_CARILLON_MEDIUMHW_256_OID = 467, /* 1.3.6.1.4.1.45606.3.1.12 */ + CP_CARILLON_AIVHW_OID = 475, /* 1.3.6.1.4.1.45606.3.1.20 */ + CP_CARILLON_AIVCONTENT_OID = 477, /* 1.3.6.1.4.1.45606.3.1.22 */ + + /* Carillon Information Security OIDs */ + CP_CIS_MEDIUMHW_256_OID = 489, /* 1.3.6.1.4.1.25054.3.1.12 */ + CP_CIS_MEDDEVHW_256_OID = 491, /* 1.3.6.1.4.1.25054.3.1.14 */ + CP_CIS_ICECAP_HW_OID = 497, /* 1.3.6.1.4.1.25054.3.1.20 */ + CP_CIS_ICECAP_CONTENT_OID = 499, /* 1.3.6.1.4.1.25054.3.1.22 */ + + /* CertiPath Bridge OIDs */ + CP_CERTIPATH_MEDIUMHW_OID = 459, /* 1.3.6.1.4.1.24019.1.1.1.2 */ + CP_CERTIPATH_HIGHHW_OID = 460, /* 1.3.6.1.4.1.24019.1.1.1.3 */ + CP_CERTIPATH_ICECAP_HW_OID = 464, /* 1.3.6.1.4.1.24019.1.1.1.7 */ + CP_CERTIPATH_ICECAP_CONTENT_OID = 466, /* 1.3.6.1.4.1.24019.1.1.1.9 */ + CP_CERTIPATH_VAR_MEDIUMHW_OID = 475, /* 1.3.6.1.4.1.24019.1.1.1.18 */ + CP_CERTIPATH_VAR_HIGHHW_OID = 476, /* 1.3.6.1.4.1.24019.1.1.1.19 */ + + /* TSCP Bridge OIDs */ + CP_TSCP_MEDIUMHW_OID = 442, /* 1.3.6.1.4.1.38099.1.1.1.2 */ + CP_TSCP_PIVI_OID = 445, /* 1.3.6.1.4.1.38099.1.1.1.5 */ + CP_TSCP_PIVI_CONTENT_OID = 447, /* 1.3.6.1.4.1.38099.1.1.1.7 */ + + /* DigiCert NFI PKI OIDs */ + CP_DIGICERT_NFSSP_MEDIUMHW_OID = 796, /* 2.16.840.1.113733.1.7.23.3.1.7 */ + CP_DIGICERT_NFSSP_AUTH_OID = 802, /* 2.16.840.1.113733.1.7.23.3.1.13 */ + CP_DIGICERT_NFSSP_PIVI_HW_OID = 807, /* 2.16.840.1.113733.1.7.23.3.1.18 */ + CP_DIGICERT_NFSSP_PIVI_CONTENT_OID = 809, /* 2.16.840.1.113733.1.7.23.3.1.20 */ + CP_DIGICERT_NFSSP_MEDDEVHW_OID = 825, /* 2.16.840.1.113733.1.7.23.3.1.36 */ + + /* Entrust Managed Services NFI PKI OIDs */ + CP_ENTRUST_NFSSP_MEDIUMHW_OID = 1017, /* 2.16.840.1.114027.200.3.10.7.2 */ + CP_ENTRUST_NFSSP_MEDAUTH_OID = 1019, /* 2.16.840.1.114027.200.3.10.7.4 */ + CP_ENTRUST_NFSSP_PIVI_HW_OID = 1021, /* 2.16.840.1.114027.200.3.10.7.6 */ + CP_ENTRUST_NFSSP_PIVI_CONTENT_OID = 1024, /* 2.16.840.1.114027.200.3.10.7.9 */ + CP_ENTRUST_NFSSP_MEDDEVHW_OID = 1031, /* 2.16.840.1.114027.200.3.10.7.16 */ + + /* Exostar LLC PKI OIDs */ + CP_EXOSTAR_MEDIUMHW_SHA2_OID = 424, /* 1.3.6.1.4.1.13948.1.1.1.6 */ + + /* IdenTrust NFI OIDs */ + CP_IDENTRUST_MEDIUMHW_SIGN_OID = 846, /* 2.16.840.1.113839.0.100.12.1 */ + CP_IDENTRUST_MEDIUMHW_ENC_OID = 847, /* 2.16.840.1.113839.0.100.12.2 */ + CP_IDENTRUST_PIVI_HW_ID_OID = 851, /* 2.16.840.1.113839.0.100.18.0 */ + CP_IDENTRUST_PIVI_HW_SIGN_OID = 852, /* 2.16.840.1.113839.0.100.18.1 */ + CP_IDENTRUST_PIVI_HW_ENC_OID = 853, /* 2.16.840.1.113839.0.100.18.2 */ + CP_IDENTRUST_PIVI_CONTENT_OID = 854, /* 2.16.840.1.113839.0.100.20.1 */ + + /* Lockheed Martin PKI OIDs */ + CP_LOCKHEED_MEDIUMHW_OID = 266, /* 1.3.6.1.4.1.103.100.1.1.3.3 */ + + /* Northrop Grumman PKI OIDs */ + CP_NORTHROP_MEDIUM_256_HW_OID = 654, /* 1.3.6.1.4.1.16334.509.2.8 */ + CP_NORTHROP_PIVI_256_HW_OID = 655, /* 1.3.6.1.4.1.16334.509.2.9 */ + CP_NORTHROP_PIVI_256_CONTENT_OID = 657, /* 1.3.6.1.4.1.16334.509.2.11 */ + CP_NORTHROP_MEDIUM_384_HW_OID = 660, /* 1.3.6.1.4.1.16334.509.2.14 */ + + /* Raytheon PKI OIDs */ + CP_RAYTHEON_MEDIUMHW_OID = 251, /* 1.3.6.1.4.1.1569.10.1.12 */ + CP_RAYTHEON_MEDDEVHW_OID = 257, /* 1.3.6.1.4.1.1569.10.1.18 */ + CP_RAYTHEON_SHA2_MEDIUMHW_OID = 433, /* 1.3.6.1.4.1.26769.10.1.12 */ + CP_RAYTHEON_SHA2_MEDDEVHW_OID = 439, /* 1.3.6.1.4.1.26769.10.1.18 */ + + /* WidePoint NFI PKI OIDs */ + CP_WIDEPOINT_MEDIUMHW_OID = 310, /* 1.3.6.1.4.1.3922.1.1.1.12 */ + CP_WIDEPOINT_PIVI_HW_OID = 316, /* 1.3.6.1.4.1.3922.1.1.1.18 */ + CP_WIDEPOINT_PIVI_CONTENT_OID = 318, /* 1.3.6.1.4.1.3922.1.1.1.20 */ + CP_WIDEPOINT_MEDDEVHW_OID = 336, /* 1.3.6.1.4.1.3922.1.1.1.38 */ + + /* Australian Defence Organisation PKI OIDs */ + CP_ADO_MEDIUM_OID = 293, /* 1.2.36.1.334.1.2.1.2 */ + CP_ADO_HIGH_OID = 294, /* 1.2.36.1.334.1.2.1.3 */ + CP_ADO_RESOURCE_MEDIUM_OID = 294, /* 1.2.36.1.334.1.2.2.2 */ + + /* Netherlands Ministry of Defence PKI OIDs */ + CP_NL_MOD_AUTH_OID = 1001, /* 2.16.528.1.1003.1.2.5.1 */ + CP_NL_MOD_IRREFUT_OID = 1002, /* 2.16.528.1.1003.1.2.5.2 */ + CP_NL_MOD_CONFID_OID = 1003, /* 2.16.528.1.1003.1.2.5.3 */ + + /* Verizon/Cybertrust Federal SSP PKI OIDs */ + CP_VERIZON_COMMON_HW_OID = 420, /* 2.16.840.1.101.3.2.1.3.7 */ + CP_VERIZON_COMMON_AUTH_OID = 426, /* 2.16.840.1.101.3.2.1.3.13 */ + CP_VERIZON_COMMON_PIV_CS_OID = 452, /* 2.16.840.1.101.3.2.1.3.39 */ + + /* WidePoint Federal SSP PKI OIDs */ + CP_WIDEPOINT_COMMON_HW_OID = 420, /* 2.16.840.1.101.3.2.1.3.7 */ + CP_WIDEPOINT_COMMON_AUTH_OID = 426, /* 2.16.840.1.101.3.2.1.3.13 */ + CP_WIDEPOINT_COMMON_DEV_HW_OID = 449, /* 2.16.840.1.101.3.2.1.3.36 */ + CP_WIDEPOINT_COMMON_PIV_CS_OID = 452, /* 2.16.840.1.101.3.2.1.3.39 */ + + /* IdenTrust NFI OIDs */ + CP_IDENTRUST_MEDIUMHW_SIGN_OID = 846, /* 2.16.840.1.113839.0.100.12.1 */ + CP_IDENTRUST_MEDIUMHW_ENC_OID = 847, /* 2.16.840.1.113839.0.100.12.2 */ + CP_IDENTRUST_PIVI_HW_ID_OID = 851, /* 2.16.840.1.113839.0.100.18.0 */ + CP_IDENTRUST_PIVI_HW_SIGN_OID = 852, /* 2.16.840.1.113839.0.100.18.1 */ + CP_IDENTRUST_PIVI_HW_ENC_OID = 853, /* 2.16.840.1.113839.0.100.18.2 */ + CP_IDENTRUST_PIVI_CONTENT_OID = 854, /* 2.16.840.1.113839.0.100.20.1 */ + + /* TSCP Bridge OIDs */ + CP_TSCP_MEDIUMHW_OID = 348, /* 1.3.6.1.4.1.38099.1.1.1.2 */ + CP_TSCP_PIVI_OID = 351, /* 1.3.6.1.4.1.38099.1.1.1.5 */ + CP_TSCP_PIVI_CONTENT_OID = 353, /* 1.3.6.1.4.1.38099.1.1.1.7 */ + + /* Carillon Federal Services OIDs */ + CP_CARILLON_MEDIUMHW_256_OID = 358, /* 1.3.6.1.4.1.45606.3.1.12 */ + CP_CARILLON_AIVHW_OID = 366, /* 1.3.6.1.4.1.45606.3.1.20 */ + CP_CARILLON_AIVCONTENT_OID = 368, /* 1.3.6.1.4.1.45606.3.1.22 */ + + /* Carillon Information Security OIDs */ + CP_CIS_MEDIUMHW_256_OID = 358, /* 1.3.6.1.4.1.25054.3.1.12 */ + CP_CIS_MEDDEVHW_256_OID = 360, /* 1.3.6.1.4.1.25054.3.1.14 */ + CP_CIS_ICECAP_HW_OID = 366, /* 1.3.6.1.4.1.25054.3.1.20 */ + CP_CIS_ICECAP_CONTENT_OID = 368, /* 1.3.6.1.4.1.25054.3.1.22 */ + + /* CertiPath Bridge OIDs */ + CP_CERTIPATH_MEDIUMHW_OID = 348, /* 1.3.6.1.4.1.24019.1.1.1.2 */ + CP_CERTIPATH_HIGHHW_OID = 349, /* 1.3.6.1.4.1.24019.1.1.1.3 */ + CP_CERTIPATH_ICECAP_HW_OID = 353, /* 1.3.6.1.4.1.24019.1.1.1.7 */ + CP_CERTIPATH_ICECAP_CONTENT_OID = 355, /* 1.3.6.1.4.1.24019.1.1.1.9 */ + CP_CERTIPATH_VAR_MEDIUMHW_OID = 364, /* 1.3.6.1.4.1.24019.1.1.1.18 */ + CP_CERTIPATH_VAR_HIGHHW_OID = 365, /* 1.3.6.1.4.1.24019.1.1.1.19 */ #endif /* WOLFSSL_FPKI */ WOLF_ENUM_DUMMY_LAST_ELEMENT(CertificatePolicy_Sum) };