diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 8f292520b..459e82edc 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -4518,6 +4518,7 @@ static const byte extCertPolicyAnyOid[] = {85, 29, 32, 0}; CERT_POLICY_TYPE_OID_BASE(41); static const byte extCertPolicyFpkiPiviAuthOid[] = CERT_POLICY_TYPE_OID_BASE(45); + /* DoD PKI OIDs - 2.16.840.1.101.2.1.11.X */ #define DOD_POLICY_TYPE_OID_BASE(num) {96, 134, 72, 1, 101, 2, 1, 11, num} static const byte extCertPolicyDodMediumOid[] = @@ -4561,6 +4562,8 @@ static const byte extCertPolicyAnyOid[] = {85, 29, 32, 0}; static const byte extCertPolicyDodInternalNpe128Oid[] = DOD_POLICY_TYPE_OID_BASE(61); static const byte extCertPolicyDodInternalNpe192Oid[] = + DOD_POLICY_TYPE_OID_BASE(62); + /* ECA PKI OIDs - 2.16.840.1.101.3.2.1.12.X */ #define ECA_POLICY_TYPE_OID_BASE(num) {96, 134, 72, 1, 101, 3, 2, 1, 12, num} static const byte extCertPolicyEcaMediumOid[] = @@ -4581,50 +4584,6 @@ static const byte extCertPolicyAnyOid[] = {85, 29, 32, 0}; ECA_POLICY_TYPE_OID_BASE(9); static const byte extCertPolicyEcaMediumHardwareSha256Oid[] = ECA_POLICY_TYPE_OID_BASE(10); - DOD_POLICY_TYPE_OID_BASE(62); - /* Verizon/Cybertrust Federal SSP PKI OIDs - 2.16.840.1.101.3.2.1.3.X */ - #define VERIZON_POLICY_TYPE_OID_BASE(num) {96, 134, 72, 1, 101, 3, 2, 1, 3, num} - static const byte extCertPolicyVerizonCommonHwOid[] = - VERIZON_POLICY_TYPE_OID_BASE(7); - static const byte extCertPolicyVerizonCommonAuthOid[] = - VERIZON_POLICY_TYPE_OID_BASE(13); - static const byte extCertPolicyVerizonCommonPivCsOid[] = - VERIZON_POLICY_TYPE_OID_BASE(39); - - /* WidePoint Federal SSP PKI OIDs - 2.16.840.1.101.3.2.1.3.X */ - #define WIDEPOINT_POLICY_TYPE_OID_BASE(num) {96, 134, 72, 1, 101, 3, 2, 1, 3, num} - static const byte extCertPolicyWidepointCommonHwOid[] = - WIDEPOINT_POLICY_TYPE_OID_BASE(7); - static const byte extCertPolicyWidepointCommonAuthOid[] = - WIDEPOINT_POLICY_TYPE_OID_BASE(13); - static const byte extCertPolicyWidepointCommonDevHwOid[] = - WIDEPOINT_POLICY_TYPE_OID_BASE(36); - static const byte extCertPolicyWidepointCommonPivCsOid[] = - WIDEPOINT_POLICY_TYPE_OID_BASE(39); - - /* IdenTrust NFI OIDs - 2.16.840.1.113839.0.100.X.Y */ - #define IDENTRUST_POLICY_TYPE_OID_BASE(num1, num2) {96, 134, 72, 1, 129, 113, 67, 0, 100, num1, num2} - static const byte extCertPolicyIdentrustMediumhwSignOid[] = - IDENTRUST_POLICY_TYPE_OID_BASE(12, 1); - static const byte extCertPolicyIdentrustMediumhwEncOid[] = - IDENTRUST_POLICY_TYPE_OID_BASE(12, 2); - static const byte extCertPolicyIdentrustPiviHwIdOid[] = - IDENTRUST_POLICY_TYPE_OID_BASE(18, 0); - static const byte extCertPolicyIdentrustPiviHwSignOid[] = - IDENTRUST_POLICY_TYPE_OID_BASE(18, 1); - static const byte extCertPolicyIdentrustPiviHwEncOid[] = - IDENTRUST_POLICY_TYPE_OID_BASE(18, 2); - static const byte extCertPolicyIdentrustPiviContentOid[] = - IDENTRUST_POLICY_TYPE_OID_BASE(20, 1); - - /* TSCP Bridge OIDs - 1.3.6.1.4.1.38099.1.1.1.X */ - #define TSCP_POLICY_TYPE_OID_BASE(num) {43, 6, 1, 4, 1, 131, 59, 35, 1, 1, 1, num} - static const byte extCertPolicyTscpMediumhwOid[] = - TSCP_POLICY_TYPE_OID_BASE(2); - static const byte extCertPolicyTscpPiviOid[] = - TSCP_POLICY_TYPE_OID_BASE(5); - static const byte extCertPolicyTscpPiviContentOid[] = - TSCP_POLICY_TYPE_OID_BASE(7); /* Carillon Federal Services OIDs - 1.3.6.1.4.1.45606.3.1.X */ #define CARILLON_POLICY_TYPE_OID_BASE(num) {43, 6, 1, 4, 1, 131, 59, 178, 38, 3, 1, num} @@ -4660,6 +4619,30 @@ static const byte extCertPolicyAnyOid[] = {85, 29, 32, 0}; CERTIPATH_POLICY_TYPE_OID_BASE(18); static const byte extCertPolicyCertipathVarHighhwOid[] = CERTIPATH_POLICY_TYPE_OID_BASE(19); + + /* TSCP Bridge OIDs - 1.3.6.1.4.1.38099.1.1.1.X */ + #define TSCP_POLICY_TYPE_OID_BASE(num) {43, 6, 1, 4, 1, 131, 59, 35, 1, 1, 1, num} + static const byte extCertPolicyTscpMediumhwOid[] = + TSCP_POLICY_TYPE_OID_BASE(2); + static const byte extCertPolicyTscpPiviOid[] = + TSCP_POLICY_TYPE_OID_BASE(5); + static const byte extCertPolicyTscpPiviContentOid[] = + TSCP_POLICY_TYPE_OID_BASE(7); + + /* IdenTrust NFI OIDs - 2.16.840.1.113839.0.100.X.Y */ + #define IDENTRUST_POLICY_TYPE_OID_BASE(num1, num2) {96, 134, 72, 1, 129, 113, 67, 0, 100, num1, num2} + static const byte extCertPolicyIdentrustMediumhwSignOid[] = + IDENTRUST_POLICY_TYPE_OID_BASE(12, 1); + static const byte extCertPolicyIdentrustMediumhwEncOid[] = + IDENTRUST_POLICY_TYPE_OID_BASE(12, 2); + static const byte extCertPolicyIdentrustPiviHwIdOid[] = + IDENTRUST_POLICY_TYPE_OID_BASE(18, 0); + static const byte extCertPolicyIdentrustPiviHwSignOid[] = + IDENTRUST_POLICY_TYPE_OID_BASE(18, 1); + static const byte extCertPolicyIdentrustPiviHwEncOid[] = + IDENTRUST_POLICY_TYPE_OID_BASE(18, 2); + static const byte extCertPolicyIdentrustPiviContentOid[] = + IDENTRUST_POLICY_TYPE_OID_BASE(20, 1); #endif /* WOLFSSL_FPKI */ /* certAltNameType */ @@ -5612,39 +5595,6 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz) *oidSz = sizeof(extCertPolicyEcaMediumHardwareSha256Oid); break; - /* New PKI OIDs added below */ - /* Verizon/Cybertrust Federal SSP PKI OIDs */ - case CP_VERIZON_COMMON_HW_OID: - oid = extCertPolicyVerizonCommonHwOid; - *oidSz = sizeof(extCertPolicyVerizonCommonHwOid); - break; - case CP_VERIZON_COMMON_AUTH_OID: - oid = extCertPolicyVerizonCommonAuthOid; - *oidSz = sizeof(extCertPolicyVerizonCommonAuthOid); - break; - case CP_VERIZON_COMMON_PIV_CS_OID: - oid = extCertPolicyVerizonCommonPivCsOid; - *oidSz = sizeof(extCertPolicyVerizonCommonPivCsOid); - break; - - /* WidePoint Federal SSP PKI OIDs */ - case CP_WIDEPOINT_COMMON_HW_OID: - oid = extCertPolicyWidepointCommonHwOid; - *oidSz = sizeof(extCertPolicyWidepointCommonHwOid); - break; - case CP_WIDEPOINT_COMMON_AUTH_OID: - oid = extCertPolicyWidepointCommonAuthOid; - *oidSz = sizeof(extCertPolicyWidepointCommonAuthOid); - break; - case CP_WIDEPOINT_COMMON_DEV_HW_OID: - oid = extCertPolicyWidepointCommonDevHwOid; - *oidSz = sizeof(extCertPolicyWidepointCommonDevHwOid); - break; - case CP_WIDEPOINT_COMMON_PIV_CS_OID: - oid = extCertPolicyWidepointCommonPivCsOid; - *oidSz = sizeof(extCertPolicyWidepointCommonPivCsOid); - break; - /* IdenTrust NFI OIDs */ case CP_IDENTRUST_MEDIUMHW_SIGN_OID: oid = extCertPolicyIdentrustMediumhwSignOid; diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 4835386dc..77eaea995 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -1475,7 +1475,6 @@ enum CertificatePolicy_Sum { CP_FPKI_COMMON_DEVICES_HARDWARE_OID = 449, /* 2.16.840.1.101.3.2.1.3.36 */ CP_FPKI_MEDIUM_DEVICE_HARDWARE_OID = 451, /* 2.16.840.1.101.3.2.1.3.38 */ CP_FPKI_COMMON_PIV_CONTENT_SIGNING_OID = 452, /* 2.16.840.1.101.3.2.1.3.39 */ - CP_FPKI_COMMON_PIV_AUTH_DERIVED_HARDWARE_OID = 454, /* 2.16.840.1.101.3.2.1.3.41 */ CP_FPKI_COMMON_PIVI_CONTENT_SIGNING_OID = 460, /* 2.16.840.1.101.3.2.1.3.47 */ /* Entrust Federal SSP PKI OIDs - shares OIDs with Federal PKI */ @@ -1504,18 +1503,18 @@ enum CertificatePolicy_Sum { CP_CARILLON_AIVCONTENT_OID = 477, /* 1.3.6.1.4.1.45606.3.1.22 */ /* Carillon Information Security OIDs */ - CP_CIS_MEDIUMHW_256_OID = 489, /* 1.3.6.1.4.1.25054.3.1.12 */ - CP_CIS_MEDDEVHW_256_OID = 491, /* 1.3.6.1.4.1.25054.3.1.14 */ - CP_CIS_ICECAP_HW_OID = 497, /* 1.3.6.1.4.1.25054.3.1.20 */ - CP_CIS_ICECAP_CONTENT_OID = 499, /* 1.3.6.1.4.1.25054.3.1.22 */ + CP_CIS_MEDIUMHW_256_OID = 358, /* 1.3.6.1.4.1.25054.3.1.12 */ + CP_CIS_MEDDEVHW_256_OID = 360, /* 1.3.6.1.4.1.25054.3.1.14 */ + CP_CIS_ICECAP_HW_OID = 366, /* 1.3.6.1.4.1.25054.3.1.20 */ + CP_CIS_ICECAP_CONTENT_OID = 368, /* 1.3.6.1.4.1.25054.3.1.22 */ /* CertiPath Bridge OIDs */ - CP_CERTIPATH_MEDIUMHW_OID = 459, /* 1.3.6.1.4.1.24019.1.1.1.2 */ - CP_CERTIPATH_HIGHHW_OID = 460, /* 1.3.6.1.4.1.24019.1.1.1.3 */ - CP_CERTIPATH_ICECAP_HW_OID = 464, /* 1.3.6.1.4.1.24019.1.1.1.7 */ - CP_CERTIPATH_ICECAP_CONTENT_OID = 466, /* 1.3.6.1.4.1.24019.1.1.1.9 */ - CP_CERTIPATH_VAR_MEDIUMHW_OID = 475, /* 1.3.6.1.4.1.24019.1.1.1.18 */ - CP_CERTIPATH_VAR_HIGHHW_OID = 476, /* 1.3.6.1.4.1.24019.1.1.1.19 */ + CP_CERTIPATH_MEDIUMHW_OID = 348, /* 1.3.6.1.4.1.24019.1.1.1.2 */ + CP_CERTIPATH_HIGHHW_OID = 349, /* 1.3.6.1.4.1.24019.1.1.1.3 */ + CP_CERTIPATH_ICECAP_HW_OID = 353, /* 1.3.6.1.4.1.24019.1.1.1.7 */ + CP_CERTIPATH_ICECAP_CONTENT_OID = 355, /* 1.3.6.1.4.1.24019.1.1.1.9 */ + CP_CERTIPATH_VAR_MEDIUMHW_OID = 364, /* 1.3.6.1.4.1.24019.1.1.1.18 */ + CP_CERTIPATH_VAR_HIGHHW_OID = 365, /* 1.3.6.1.4.1.24019.1.1.1.19 */ /* TSCP Bridge OIDs */ CP_TSCP_MEDIUMHW_OID = 442, /* 1.3.6.1.4.1.38099.1.1.1.2 */ @@ -1577,49 +1576,6 @@ enum CertificatePolicy_Sum { CP_NL_MOD_AUTH_OID = 1001, /* 2.16.528.1.1003.1.2.5.1 */ CP_NL_MOD_IRREFUT_OID = 1002, /* 2.16.528.1.1003.1.2.5.2 */ CP_NL_MOD_CONFID_OID = 1003, /* 2.16.528.1.1003.1.2.5.3 */ - - /* Verizon/Cybertrust Federal SSP PKI OIDs */ - CP_VERIZON_COMMON_HW_OID = 420, /* 2.16.840.1.101.3.2.1.3.7 */ - CP_VERIZON_COMMON_AUTH_OID = 426, /* 2.16.840.1.101.3.2.1.3.13 */ - CP_VERIZON_COMMON_PIV_CS_OID = 452, /* 2.16.840.1.101.3.2.1.3.39 */ - - /* WidePoint Federal SSP PKI OIDs */ - CP_WIDEPOINT_COMMON_HW_OID = 420, /* 2.16.840.1.101.3.2.1.3.7 */ - CP_WIDEPOINT_COMMON_AUTH_OID = 426, /* 2.16.840.1.101.3.2.1.3.13 */ - CP_WIDEPOINT_COMMON_DEV_HW_OID = 449, /* 2.16.840.1.101.3.2.1.3.36 */ - CP_WIDEPOINT_COMMON_PIV_CS_OID = 452, /* 2.16.840.1.101.3.2.1.3.39 */ - - /* IdenTrust NFI OIDs */ - CP_IDENTRUST_MEDIUMHW_SIGN_OID = 846, /* 2.16.840.1.113839.0.100.12.1 */ - CP_IDENTRUST_MEDIUMHW_ENC_OID = 847, /* 2.16.840.1.113839.0.100.12.2 */ - CP_IDENTRUST_PIVI_HW_ID_OID = 851, /* 2.16.840.1.113839.0.100.18.0 */ - CP_IDENTRUST_PIVI_HW_SIGN_OID = 852, /* 2.16.840.1.113839.0.100.18.1 */ - CP_IDENTRUST_PIVI_HW_ENC_OID = 853, /* 2.16.840.1.113839.0.100.18.2 */ - CP_IDENTRUST_PIVI_CONTENT_OID = 854, /* 2.16.840.1.113839.0.100.20.1 */ - - /* TSCP Bridge OIDs */ - CP_TSCP_MEDIUMHW_OID = 348, /* 1.3.6.1.4.1.38099.1.1.1.2 */ - CP_TSCP_PIVI_OID = 351, /* 1.3.6.1.4.1.38099.1.1.1.5 */ - CP_TSCP_PIVI_CONTENT_OID = 353, /* 1.3.6.1.4.1.38099.1.1.1.7 */ - - /* Carillon Federal Services OIDs */ - CP_CARILLON_MEDIUMHW_256_OID = 358, /* 1.3.6.1.4.1.45606.3.1.12 */ - CP_CARILLON_AIVHW_OID = 366, /* 1.3.6.1.4.1.45606.3.1.20 */ - CP_CARILLON_AIVCONTENT_OID = 368, /* 1.3.6.1.4.1.45606.3.1.22 */ - - /* Carillon Information Security OIDs */ - CP_CIS_MEDIUMHW_256_OID = 358, /* 1.3.6.1.4.1.25054.3.1.12 */ - CP_CIS_MEDDEVHW_256_OID = 360, /* 1.3.6.1.4.1.25054.3.1.14 */ - CP_CIS_ICECAP_HW_OID = 366, /* 1.3.6.1.4.1.25054.3.1.20 */ - CP_CIS_ICECAP_CONTENT_OID = 368, /* 1.3.6.1.4.1.25054.3.1.22 */ - - /* CertiPath Bridge OIDs */ - CP_CERTIPATH_MEDIUMHW_OID = 348, /* 1.3.6.1.4.1.24019.1.1.1.2 */ - CP_CERTIPATH_HIGHHW_OID = 349, /* 1.3.6.1.4.1.24019.1.1.1.3 */ - CP_CERTIPATH_ICECAP_HW_OID = 353, /* 1.3.6.1.4.1.24019.1.1.1.7 */ - CP_CERTIPATH_ICECAP_CONTENT_OID = 355, /* 1.3.6.1.4.1.24019.1.1.1.9 */ - CP_CERTIPATH_VAR_MEDIUMHW_OID = 364, /* 1.3.6.1.4.1.24019.1.1.1.18 */ - CP_CERTIPATH_VAR_HIGHHW_OID = 365, /* 1.3.6.1.4.1.24019.1.1.1.19 */ #endif /* WOLFSSL_FPKI */ WOLF_ENUM_DUMMY_LAST_ELEMENT(CertificatePolicy_Sum) };