Add ECA PKI and Federal PKI Certificate Policy OIDs

Co-Authored-By: kareem@wolfssl.com <kareem@wolfssl.com>

wolfcrypt/src/asn.c

@@ -4549,6 +4549,26 @@ static const byte extCertPolicyAnyOid[] = {85, 29, 32, 0};
     static const byte extCertPolicyDodInternalNpe128Oid[] = 
             DOD_POLICY_TYPE_OID_BASE(61); 
     static const byte extCertPolicyDodInternalNpe192Oid[] = 
+    /* ECA PKI OIDs - 2.16.840.1.101.3.2.1.12.X */ 
+    #define ECA_POLICY_TYPE_OID_BASE(num) {96, 134, 72, 1, 101, 3, 2, 1, 12, num} 
+    static const byte extCertPolicyEcaMediumOid[] = 
+            ECA_POLICY_TYPE_OID_BASE(1); 
+    static const byte extCertPolicyEcaMediumHardwareOid[] = 
+            ECA_POLICY_TYPE_OID_BASE(2); 
+    static const byte extCertPolicyEcaMediumTokenOid[] = 
+            ECA_POLICY_TYPE_OID_BASE(3); 
+    static const byte extCertPolicyEcaMediumSha256Oid[] = 
+            ECA_POLICY_TYPE_OID_BASE(4); 
+    static const byte extCertPolicyEcaMediumTokenSha256Oid[] = 
+            ECA_POLICY_TYPE_OID_BASE(5); 
+    static const byte extCertPolicyEcaMediumHardwarePiviOid[] = 
+            ECA_POLICY_TYPE_OID_BASE(6); 
+    static const byte extCertPolicyEcaContentSigningPiviOid[] = 
+            ECA_POLICY_TYPE_OID_BASE(8); 
+    static const byte extCertPolicyEcaMediumDeviceSha256Oid[] = 
+            ECA_POLICY_TYPE_OID_BASE(9); 
+    static const byte extCertPolicyEcaMediumHardwareSha256Oid[] = 
+            ECA_POLICY_TYPE_OID_BASE(10);
             DOD_POLICY_TYPE_OID_BASE(62);
 #endif /* WOLFSSL_FPKI */
 
@@ -5438,6 +5458,42 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz)
                     *oidSz = sizeof(extCertPolicyDodInternalNpe128Oid); 
                     break; 
                 case CP_DOD_INTERNAL_NPE_192_OID: 
+                case CP_ECA_MEDIUM_OID: 
+                    oid = extCertPolicyEcaMediumOid; 
+                    *oidSz = sizeof(extCertPolicyEcaMediumOid); 
+                    break; 
+                case CP_ECA_MEDIUM_HARDWARE_OID: 
+                    oid = extCertPolicyEcaMediumHardwareOid; 
+                    *oidSz = sizeof(extCertPolicyEcaMediumHardwareOid); 
+                    break; 
+                case CP_ECA_MEDIUM_TOKEN_OID: 
+                    oid = extCertPolicyEcaMediumTokenOid; 
+                    *oidSz = sizeof(extCertPolicyEcaMediumTokenOid); 
+                    break; 
+                case CP_ECA_MEDIUM_SHA256_OID: 
+                    oid = extCertPolicyEcaMediumSha256Oid; 
+                    *oidSz = sizeof(extCertPolicyEcaMediumSha256Oid); 
+                    break; 
+                case CP_ECA_MEDIUM_TOKEN_SHA256_OID: 
+                    oid = extCertPolicyEcaMediumTokenSha256Oid; 
+                    *oidSz = sizeof(extCertPolicyEcaMediumTokenSha256Oid); 
+                    break; 
+                case CP_ECA_MEDIUM_HARDWARE_PIVI_OID: 
+                    oid = extCertPolicyEcaMediumHardwarePiviOid; 
+                    *oidSz = sizeof(extCertPolicyEcaMediumHardwarePiviOid); 
+                    break; 
+                case CP_ECA_CONTENT_SIGNING_PIVI_OID: 
+                    oid = extCertPolicyEcaContentSigningPiviOid; 
+                    *oidSz = sizeof(extCertPolicyEcaContentSigningPiviOid); 
+                    break; 
+                case CP_ECA_MEDIUM_DEVICE_SHA256_OID: 
+                    oid = extCertPolicyEcaMediumDeviceSha256Oid; 
+                    *oidSz = sizeof(extCertPolicyEcaMediumDeviceSha256Oid); 
+                    break; 
+                case CP_ECA_MEDIUM_HARDWARE_SHA256_OID: 
+                    oid = extCertPolicyEcaMediumHardwareSha256Oid; 
+                    *oidSz = sizeof(extCertPolicyEcaMediumHardwareSha256Oid); 
+                    break;
                     oid = extCertPolicyDodInternalNpe192Oid; 
                     *oidSz = sizeof(extCertPolicyDodInternalNpe192Oid); 
                     break;

wolfssl/wolfcrypt/asn.h

@@ -1453,6 +1453,30 @@ enum CertificatePolicy_Sum {
     CP_DOD_INTERNAL_NPE_112_OID      = 478, /* 2.16.840.1.101.2.1.11.60 */
     CP_DOD_INTERNAL_NPE_128_OID      = 479, /* 2.16.840.1.101.2.1.11.61 */
     CP_DOD_INTERNAL_NPE_192_OID      = 480, /* 2.16.840.1.101.2.1.11.62 */
+
+    /* ECA PKI OIDs */
+    CP_ECA_MEDIUM_OID                = 481, /* 2.16.840.1.101.3.2.1.12.1 */
+    CP_ECA_MEDIUM_HARDWARE_OID       = 482, /* 2.16.840.1.101.3.2.1.12.2 */
+    CP_ECA_MEDIUM_TOKEN_OID          = 483, /* 2.16.840.1.101.3.2.1.12.3 */
+    CP_ECA_MEDIUM_SHA256_OID         = 484, /* 2.16.840.1.101.3.2.1.12.4 */
+    CP_ECA_MEDIUM_TOKEN_SHA256_OID   = 485, /* 2.16.840.1.101.3.2.1.12.5 */
+    CP_ECA_MEDIUM_HARDWARE_PIVI_OID  = 486, /* 2.16.840.1.101.3.2.1.12.6 */
+    CP_ECA_CONTENT_SIGNING_PIVI_OID  = 488, /* 2.16.840.1.101.3.2.1.12.8 */
+    CP_ECA_MEDIUM_DEVICE_SHA256_OID  = 489, /* 2.16.840.1.101.3.2.1.12.9 */
+    CP_ECA_MEDIUM_HARDWARE_SHA256_OID = 490, /* 2.16.840.1.101.3.2.1.12.10 */
+
+    /* Federal PKI OIDs */
+    CP_FPKI_HIGH_ASSURANCE_OID       = 491, /* 2.16.840.1.101.3.2.1.3.4 */
+    CP_FPKI_COMMON_HARDWARE_OID      = 492, /* 2.16.840.1.101.3.2.1.3.7 */
+    CP_FPKI_MEDIUM_HARDWARE_OID      = 493, /* 2.16.840.1.101.3.2.1.3.12 */
+    CP_FPKI_COMMON_HIGH_OID          = 494, /* 2.16.840.1.101.3.2.1.3.16 */
+    CP_FPKI_PIVI_HARDWARE_OID        = 495, /* 2.16.840.1.101.3.2.1.3.18 */
+    CP_FPKI_PIVI_CONTENT_SIGNING_OID = 496, /* 2.16.840.1.101.3.2.1.3.20 */
+    CP_FPKI_COMMON_DEVICES_HARDWARE_OID = 497, /* 2.16.840.1.101.3.2.1.3.36 */
+    CP_FPKI_MEDIUM_DEVICE_HARDWARE_OID = 498, /* 2.16.840.1.101.3.2.1.3.38 */
+    CP_FPKI_COMMON_PIV_CONTENT_SIGNING_OID = 499, /* 2.16.840.1.101.3.2.1.3.39 */
+    CP_FPKI_COMMON_PIV_AUTH_DERIVED_HARDWARE_OID = 500, /* 2.16.840.1.101.3.2.1.3.41 */
+    CP_FPKI_COMMON_PIVI_CONTENT_SIGNING_OID = 501, /* 2.16.840.1.101.3.2.1.3.47 */
 #endif /* WOLFSSL_FPKI */
     WOLF_ENUM_DUMMY_LAST_ELEMENT(CertificatePolicy_Sum)
 };