feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

WIP: clean up Devin's work, remove duplicate OIDs, handle OID sum collisions

Browse Source
This commit is contained in:
Kareem
2025-03-25 13:39:38 -07:00
parent a911f70049
commit 6daaaec6e2
2 changed files with 37 additions and 131 deletions
Download Patch File Download Diff File Expand all files Collapse all files

104
wolfcrypt/src/asn.c
View File

@ -4518,6 +4518,7 @@ static const byte extCertPolicyAnyOid[] = {85, 29, 32, 0};
CERT_POLICY_TYPE_OID_BASE(41);
static const byte extCertPolicyFpkiPiviAuthOid[] =
CERT_POLICY_TYPE_OID_BASE(45);
/* DoD PKI OIDs - 2.16.840.1.101.2.1.11.X */
#define DOD_POLICY_TYPE_OID_BASE(num) {96, 134, 72, 1, 101, 2, 1, 11, num}
static const byte extCertPolicyDodMediumOid[] =
@ -4561,6 +4562,8 @@ static const byte extCertPolicyAnyOid[] = {85, 29, 32, 0};
static const byte extCertPolicyDodInternalNpe128Oid[] =
DOD_POLICY_TYPE_OID_BASE(61);
static const byte extCertPolicyDodInternalNpe192Oid[] =
DOD_POLICY_TYPE_OID_BASE(62);
/* ECA PKI OIDs - 2.16.840.1.101.3.2.1.12.X */
#define ECA_POLICY_TYPE_OID_BASE(num) {96, 134, 72, 1, 101, 3, 2, 1, 12, num}
static const byte extCertPolicyEcaMediumOid[] =
@ -4581,50 +4584,6 @@ static const byte extCertPolicyAnyOid[] = {85, 29, 32, 0};
ECA_POLICY_TYPE_OID_BASE(9);
static const byte extCertPolicyEcaMediumHardwareSha256Oid[] =
ECA_POLICY_TYPE_OID_BASE(10);
DOD_POLICY_TYPE_OID_BASE(62);
/* Verizon/Cybertrust Federal SSP PKI OIDs - 2.16.840.1.101.3.2.1.3.X */
#define VERIZON_POLICY_TYPE_OID_BASE(num) {96, 134, 72, 1, 101, 3, 2, 1, 3, num}
static const byte extCertPolicyVerizonCommonHwOid[] =
VERIZON_POLICY_TYPE_OID_BASE(7);
static const byte extCertPolicyVerizonCommonAuthOid[] =
VERIZON_POLICY_TYPE_OID_BASE(13);
static const byte extCertPolicyVerizonCommonPivCsOid[] =
VERIZON_POLICY_TYPE_OID_BASE(39);
/* WidePoint Federal SSP PKI OIDs - 2.16.840.1.101.3.2.1.3.X */
#define WIDEPOINT_POLICY_TYPE_OID_BASE(num) {96, 134, 72, 1, 101, 3, 2, 1, 3, num}
static const byte extCertPolicyWidepointCommonHwOid[] =
WIDEPOINT_POLICY_TYPE_OID_BASE(7);
static const byte extCertPolicyWidepointCommonAuthOid[] =
WIDEPOINT_POLICY_TYPE_OID_BASE(13);
static const byte extCertPolicyWidepointCommonDevHwOid[] =
WIDEPOINT_POLICY_TYPE_OID_BASE(36);
static const byte extCertPolicyWidepointCommonPivCsOid[] =
WIDEPOINT_POLICY_TYPE_OID_BASE(39);
/* IdenTrust NFI OIDs - 2.16.840.1.113839.0.100.X.Y */
#define IDENTRUST_POLICY_TYPE_OID_BASE(num1, num2) {96, 134, 72, 1, 129, 113, 67, 0, 100, num1, num2}
static const byte extCertPolicyIdentrustMediumhwSignOid[] =
IDENTRUST_POLICY_TYPE_OID_BASE(12, 1);
static const byte extCertPolicyIdentrustMediumhwEncOid[] =
IDENTRUST_POLICY_TYPE_OID_BASE(12, 2);
static const byte extCertPolicyIdentrustPiviHwIdOid[] =
IDENTRUST_POLICY_TYPE_OID_BASE(18, 0);
static const byte extCertPolicyIdentrustPiviHwSignOid[] =
IDENTRUST_POLICY_TYPE_OID_BASE(18, 1);
static const byte extCertPolicyIdentrustPiviHwEncOid[] =
IDENTRUST_POLICY_TYPE_OID_BASE(18, 2);
static const byte extCertPolicyIdentrustPiviContentOid[] =
IDENTRUST_POLICY_TYPE_OID_BASE(20, 1);
/* TSCP Bridge OIDs - 1.3.6.1.4.1.38099.1.1.1.X */
#define TSCP_POLICY_TYPE_OID_BASE(num) {43, 6, 1, 4, 1, 131, 59, 35, 1, 1, 1, num}
static const byte extCertPolicyTscpMediumhwOid[] =
TSCP_POLICY_TYPE_OID_BASE(2);
static const byte extCertPolicyTscpPiviOid[] =
TSCP_POLICY_TYPE_OID_BASE(5);
static const byte extCertPolicyTscpPiviContentOid[] =
TSCP_POLICY_TYPE_OID_BASE(7);
/* Carillon Federal Services OIDs - 1.3.6.1.4.1.45606.3.1.X */
#define CARILLON_POLICY_TYPE_OID_BASE(num) {43, 6, 1, 4, 1, 131, 59, 178, 38, 3, 1, num}
@ -4660,6 +4619,30 @@ static const byte extCertPolicyAnyOid[] = {85, 29, 32, 0};
CERTIPATH_POLICY_TYPE_OID_BASE(18);
static const byte extCertPolicyCertipathVarHighhwOid[] =
CERTIPATH_POLICY_TYPE_OID_BASE(19);
/* TSCP Bridge OIDs - 1.3.6.1.4.1.38099.1.1.1.X */
#define TSCP_POLICY_TYPE_OID_BASE(num) {43, 6, 1, 4, 1, 131, 59, 35, 1, 1, 1, num}
static const byte extCertPolicyTscpMediumhwOid[] =
TSCP_POLICY_TYPE_OID_BASE(2);
static const byte extCertPolicyTscpPiviOid[] =
TSCP_POLICY_TYPE_OID_BASE(5);
static const byte extCertPolicyTscpPiviContentOid[] =
TSCP_POLICY_TYPE_OID_BASE(7);
/* IdenTrust NFI OIDs - 2.16.840.1.113839.0.100.X.Y */
#define IDENTRUST_POLICY_TYPE_OID_BASE(num1, num2) {96, 134, 72, 1, 129, 113, 67, 0, 100, num1, num2}
static const byte extCertPolicyIdentrustMediumhwSignOid[] =
IDENTRUST_POLICY_TYPE_OID_BASE(12, 1);
static const byte extCertPolicyIdentrustMediumhwEncOid[] =
IDENTRUST_POLICY_TYPE_OID_BASE(12, 2);
static const byte extCertPolicyIdentrustPiviHwIdOid[] =
IDENTRUST_POLICY_TYPE_OID_BASE(18, 0);
static const byte extCertPolicyIdentrustPiviHwSignOid[] =
IDENTRUST_POLICY_TYPE_OID_BASE(18, 1);
static const byte extCertPolicyIdentrustPiviHwEncOid[] =
IDENTRUST_POLICY_TYPE_OID_BASE(18, 2);
static const byte extCertPolicyIdentrustPiviContentOid[] =
IDENTRUST_POLICY_TYPE_OID_BASE(20, 1);
#endif /* WOLFSSL_FPKI */
/* certAltNameType */
@ -5612,39 +5595,6 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
*oidSz = sizeof(extCertPolicyEcaMediumHardwareSha256Oid);
break;
/* New PKI OIDs added below */
/* Verizon/Cybertrust Federal SSP PKI OIDs */
case CP_VERIZON_COMMON_HW_OID:
oid = extCertPolicyVerizonCommonHwOid;
*oidSz = sizeof(extCertPolicyVerizonCommonHwOid);
break;
case CP_VERIZON_COMMON_AUTH_OID:
oid = extCertPolicyVerizonCommonAuthOid;
*oidSz = sizeof(extCertPolicyVerizonCommonAuthOid);
break;
case CP_VERIZON_COMMON_PIV_CS_OID:
oid = extCertPolicyVerizonCommonPivCsOid;
*oidSz = sizeof(extCertPolicyVerizonCommonPivCsOid);
break;
/* WidePoint Federal SSP PKI OIDs */
case CP_WIDEPOINT_COMMON_HW_OID:
oid = extCertPolicyWidepointCommonHwOid;
*oidSz = sizeof(extCertPolicyWidepointCommonHwOid);
break;
case CP_WIDEPOINT_COMMON_AUTH_OID:
oid = extCertPolicyWidepointCommonAuthOid;
*oidSz = sizeof(extCertPolicyWidepointCommonAuthOid);
break;
case CP_WIDEPOINT_COMMON_DEV_HW_OID:
oid = extCertPolicyWidepointCommonDevHwOid;
*oidSz = sizeof(extCertPolicyWidepointCommonDevHwOid);
break;
case CP_WIDEPOINT_COMMON_PIV_CS_OID:
oid = extCertPolicyWidepointCommonPivCsOid;
*oidSz = sizeof(extCertPolicyWidepointCommonPivCsOid);
break;
/* IdenTrust NFI OIDs */
case CP_IDENTRUST_MEDIUMHW_SIGN_OID:
oid = extCertPolicyIdentrustMediumhwSignOid;

64
wolfssl/wolfcrypt/asn.h
View File

@ -1475,7 +1475,6 @@ enum CertificatePolicy_Sum {
CP_FPKI_COMMON_DEVICES_HARDWARE_OID = 449, /* 2.16.840.1.101.3.2.1.3.36 */
CP_FPKI_MEDIUM_DEVICE_HARDWARE_OID = 451, /* 2.16.840.1.101.3.2.1.3.38 */
CP_FPKI_COMMON_PIV_CONTENT_SIGNING_OID = 452, /* 2.16.840.1.101.3.2.1.3.39 */
CP_FPKI_COMMON_PIV_AUTH_DERIVED_HARDWARE_OID = 454, /* 2.16.840.1.101.3.2.1.3.41 */
CP_FPKI_COMMON_PIVI_CONTENT_SIGNING_OID = 460, /* 2.16.840.1.101.3.2.1.3.47 */
/* Entrust Federal SSP PKI OIDs - shares OIDs with Federal PKI */
@ -1504,18 +1503,18 @@ enum CertificatePolicy_Sum {
CP_CARILLON_AIVCONTENT_OID = 477, /* 1.3.6.1.4.1.45606.3.1.22 */
/* Carillon Information Security OIDs */
CP_CIS_MEDIUMHW_256_OID = 489, /* 1.3.6.1.4.1.25054.3.1.12 */
CP_CIS_MEDDEVHW_256_OID = 491, /* 1.3.6.1.4.1.25054.3.1.14 */
CP_CIS_ICECAP_HW_OID = 497, /* 1.3.6.1.4.1.25054.3.1.20 */
CP_CIS_ICECAP_CONTENT_OID = 499, /* 1.3.6.1.4.1.25054.3.1.22 */
CP_CIS_MEDIUMHW_256_OID = 358, /* 1.3.6.1.4.1.25054.3.1.12 */
CP_CIS_MEDDEVHW_256_OID = 360, /* 1.3.6.1.4.1.25054.3.1.14 */
CP_CIS_ICECAP_HW_OID = 366, /* 1.3.6.1.4.1.25054.3.1.20 */
CP_CIS_ICECAP_CONTENT_OID = 368, /* 1.3.6.1.4.1.25054.3.1.22 */
/* CertiPath Bridge OIDs */
CP_CERTIPATH_MEDIUMHW_OID = 459, /* 1.3.6.1.4.1.24019.1.1.1.2 */
CP_CERTIPATH_HIGHHW_OID = 460, /* 1.3.6.1.4.1.24019.1.1.1.3 */
CP_CERTIPATH_ICECAP_HW_OID = 464, /* 1.3.6.1.4.1.24019.1.1.1.7 */
CP_CERTIPATH_ICECAP_CONTENT_OID = 466, /* 1.3.6.1.4.1.24019.1.1.1.9 */
CP_CERTIPATH_VAR_MEDIUMHW_OID = 475, /* 1.3.6.1.4.1.24019.1.1.1.18 */
CP_CERTIPATH_VAR_HIGHHW_OID = 476, /* 1.3.6.1.4.1.24019.1.1.1.19 */
CP_CERTIPATH_MEDIUMHW_OID = 348, /* 1.3.6.1.4.1.24019.1.1.1.2 */
CP_CERTIPATH_HIGHHW_OID = 349, /* 1.3.6.1.4.1.24019.1.1.1.3 */
CP_CERTIPATH_ICECAP_HW_OID = 353, /* 1.3.6.1.4.1.24019.1.1.1.7 */
CP_CERTIPATH_ICECAP_CONTENT_OID = 355, /* 1.3.6.1.4.1.24019.1.1.1.9 */
CP_CERTIPATH_VAR_MEDIUMHW_OID = 364, /* 1.3.6.1.4.1.24019.1.1.1.18 */
CP_CERTIPATH_VAR_HIGHHW_OID = 365, /* 1.3.6.1.4.1.24019.1.1.1.19 */
/* TSCP Bridge OIDs */
CP_TSCP_MEDIUMHW_OID = 442, /* 1.3.6.1.4.1.38099.1.1.1.2 */
@ -1577,49 +1576,6 @@ enum CertificatePolicy_Sum {
CP_NL_MOD_AUTH_OID = 1001, /* 2.16.528.1.1003.1.2.5.1 */
CP_NL_MOD_IRREFUT_OID = 1002, /* 2.16.528.1.1003.1.2.5.2 */
CP_NL_MOD_CONFID_OID = 1003, /* 2.16.528.1.1003.1.2.5.3 */
/* Verizon/Cybertrust Federal SSP PKI OIDs */
CP_VERIZON_COMMON_HW_OID = 420, /* 2.16.840.1.101.3.2.1.3.7 */
CP_VERIZON_COMMON_AUTH_OID = 426, /* 2.16.840.1.101.3.2.1.3.13 */
CP_VERIZON_COMMON_PIV_CS_OID = 452, /* 2.16.840.1.101.3.2.1.3.39 */
/* WidePoint Federal SSP PKI OIDs */
CP_WIDEPOINT_COMMON_HW_OID = 420, /* 2.16.840.1.101.3.2.1.3.7 */
CP_WIDEPOINT_COMMON_AUTH_OID = 426, /* 2.16.840.1.101.3.2.1.3.13 */
CP_WIDEPOINT_COMMON_DEV_HW_OID = 449, /* 2.16.840.1.101.3.2.1.3.36 */
CP_WIDEPOINT_COMMON_PIV_CS_OID = 452, /* 2.16.840.1.101.3.2.1.3.39 */
/* IdenTrust NFI OIDs */
CP_IDENTRUST_MEDIUMHW_SIGN_OID = 846, /* 2.16.840.1.113839.0.100.12.1 */
CP_IDENTRUST_MEDIUMHW_ENC_OID = 847, /* 2.16.840.1.113839.0.100.12.2 */
CP_IDENTRUST_PIVI_HW_ID_OID = 851, /* 2.16.840.1.113839.0.100.18.0 */
CP_IDENTRUST_PIVI_HW_SIGN_OID = 852, /* 2.16.840.1.113839.0.100.18.1 */
CP_IDENTRUST_PIVI_HW_ENC_OID = 853, /* 2.16.840.1.113839.0.100.18.2 */
CP_IDENTRUST_PIVI_CONTENT_OID = 854, /* 2.16.840.1.113839.0.100.20.1 */
/* TSCP Bridge OIDs */
CP_TSCP_MEDIUMHW_OID = 348, /* 1.3.6.1.4.1.38099.1.1.1.2 */
CP_TSCP_PIVI_OID = 351, /* 1.3.6.1.4.1.38099.1.1.1.5 */
CP_TSCP_PIVI_CONTENT_OID = 353, /* 1.3.6.1.4.1.38099.1.1.1.7 */
/* Carillon Federal Services OIDs */
CP_CARILLON_MEDIUMHW_256_OID = 358, /* 1.3.6.1.4.1.45606.3.1.12 */
CP_CARILLON_AIVHW_OID = 366, /* 1.3.6.1.4.1.45606.3.1.20 */
CP_CARILLON_AIVCONTENT_OID = 368, /* 1.3.6.1.4.1.45606.3.1.22 */
/* Carillon Information Security OIDs */
CP_CIS_MEDIUMHW_256_OID = 358, /* 1.3.6.1.4.1.25054.3.1.12 */
CP_CIS_MEDDEVHW_256_OID = 360, /* 1.3.6.1.4.1.25054.3.1.14 */
CP_CIS_ICECAP_HW_OID = 366, /* 1.3.6.1.4.1.25054.3.1.20 */
CP_CIS_ICECAP_CONTENT_OID = 368, /* 1.3.6.1.4.1.25054.3.1.22 */
/* CertiPath Bridge OIDs */
CP_CERTIPATH_MEDIUMHW_OID = 348, /* 1.3.6.1.4.1.24019.1.1.1.2 */
CP_CERTIPATH_HIGHHW_OID = 349, /* 1.3.6.1.4.1.24019.1.1.1.3 */
CP_CERTIPATH_ICECAP_HW_OID = 353, /* 1.3.6.1.4.1.24019.1.1.1.7 */
CP_CERTIPATH_ICECAP_CONTENT_OID = 355, /* 1.3.6.1.4.1.24019.1.1.1.9 */
CP_CERTIPATH_VAR_MEDIUMHW_OID = 364, /* 1.3.6.1.4.1.24019.1.1.1.18 */
CP_CERTIPATH_VAR_HIGHHW_OID = 365, /* 1.3.6.1.4.1.24019.1.1.1.19 */
#endif /* WOLFSSL_FPKI */
WOLF_ENUM_DUMMY_LAST_ELEMENT(CertificatePolicy_Sum)
};