1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5 #include "secoid.h"
6 #include "secmodt.h" /* for CKM_INVALID_MECHANISM */
7
8 #define OI(x) \
9 { \
10 siDEROID, (unsigned char *)x, sizeof x \
11 }
12 #define OD(oid, tag, desc, mech, ext) \
13 { \
14 OI(oid) \
15 , tag, desc, mech, ext \
16 }
17 #define ODN(oid, desc) \
18 { \
19 OI(oid) \
20 , 0, desc, CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION \
21 }
22
23 #define OIDT static const unsigned char
24
25 /* OIW Security Special Interest Group defined algorithms. */
26 #define OIWSSIG 0x2B, 13, 3, 2
27
28 OIDT oiwMD5RSA[] = { OIWSSIG, 3 };
29 OIDT oiwDESCBC[] = { OIWSSIG, 7 };
30 OIDT oiwRSAsig[] = { OIWSSIG, 11 };
31 OIDT oiwDSA[] = { OIWSSIG, 12 };
32 OIDT oiwMD5RSAsig[] = { OIWSSIG, 25 };
33 OIDT oiwSHA1[] = { OIWSSIG, 26 };
34 OIDT oiwDSASHA1[] = { OIWSSIG, 27 };
35 OIDT oiwDSASHA1param[] = { OIWSSIG, 28 };
36 OIDT oiwSHA1RSA[] = { OIWSSIG, 29 };
37
38 /* Microsoft OIDs. (1 3 6 1 4 1 311 ... ) */
39 #define MICROSOFT 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37
40
41 OIDT mCTL[] = { MICROSOFT, 10, 3, 1 }; /* Cert Trust List signing */
42 OIDT mTSS[] = { MICROSOFT, 10, 3, 2 }; /* Time Stamp Signing */
43 OIDT mSGC[] = { MICROSOFT, 10, 3, 3 }; /* Server gated cryptography */
44 OIDT mEFS[] = { MICROSOFT, 10, 3, 4 }; /* Encrypted File System */
45 OIDT mSMIME[] = { MICROSOFT, 16, 4 }; /* SMIME encryption key prefs */
46
47 OIDT mECRTT[] = { MICROSOFT, 20, 2 }; /* Enrollment cert type xtn */
48 OIDT mEAGNT[] = { MICROSOFT, 20, 2, 1 }; /* Enrollment Agent */
49 OIDT mKPSCL[] = { MICROSOFT, 20, 2, 2 }; /* KP SmartCard Logon */
50 OIDT mNTPN[] = { MICROSOFT, 20, 2, 3 }; /* NT Principal Name */
51 OIDT mCASRV[] = { MICROSOFT, 21, 1 }; /* CertServ CA version */
52
53 /* AOL OIDs (1 3 6 1 4 1 1066 ... ) */
54 #define AOL 0x2B, 0x06, 0x01, 0x04, 0x01, 0x88, 0x2A
55
56 /* PKIX IDs (1 3 6 1 5 5 7 ...) */
57 #define ID_PKIX 0x2B, 6, 1, 5, 5, 7
58 /* PKIX Access Descriptors (methods for Authority Info Access Extns) */
59 #define ID_AD ID_PKIX, 48
60
61 OIDT padOCSP[] = { ID_AD, 1 }; /* OCSP method */
62 OIDT padCAissuer[] = { ID_AD, 2 }; /* URI (for CRL ?) */
63 OIDT padTimeStamp[] = { ID_AD, 3 }; /* time stamping */
64
65 /* ISO Cert Extension type OIDs (id-ce) (2 5 29 ...) */
66 #define X500 0x55
67 #define X520_ATTRIBUTE_TYPE X500, 0x04
68 #define X500_ALG X500, 0x08
69 #define X500_ALG_ENCRYPTION X500_ALG, 0x01
70 #define ID_CE X500, 29
71
72 OIDT cePlcyObs[] = { ID_CE, 3 }; /* Cert policies, obsolete. */
73 OIDT cePlcyCns[] = { ID_CE, 36 }; /* Cert policy constraints. */
74
75 /* US Company arc (2 16 840 1 ...) */
76 #define USCOM 0x60, 0x86, 0x48, 0x01
77 #define USGOV USCOM, 0x65
78 #define USDOD USGOV, 2
79 #define ID_INFOSEC USDOD, 1
80
81 /* Verisign PKI OIDs (2 16 840 1 113733 1 ...) */
82 #define VERISIGN_PKI USCOM, 0x86, 0xf8, 0x45, 1
83 #define VERISIGN_XTN VERISIGN_PKI, 6
84 #define VERISIGN_POL VERISIGN_PKI, 7 /* Cert policies */
85 #define VERISIGN_TNET VERISIGN_POL, 23 /* Verisign Trust Network */
86
87 OIDT vcx7[] = { VERISIGN_XTN, 7 }; /* Cert Extension 7 (?) */
88 OIDT vcp1[] = { VERISIGN_TNET, 1 }; /* class 1 cert policy */
89 OIDT vcp2[] = { VERISIGN_TNET, 2 }; /* class 2 cert policy */
90 OIDT vcp3[] = { VERISIGN_TNET, 3 }; /* class 3 cert policy */
91 OIDT vcp4[] = { VERISIGN_TNET, 4 }; /* class 4 cert policy */
92
93 /* ------------------------------------------------------------------- */
94 static const SECOidData oids[] = {
95 /* OIW Security Special Interest Group OIDs */
96 ODN(oiwMD5RSA, "OIWSecSIG MD5 with RSA"),
97 ODN(oiwDESCBC, "OIWSecSIG DES CBC"),
98 ODN(oiwRSAsig, "OIWSecSIG RSA signature"),
99 ODN(oiwDSA, "OIWSecSIG DSA"),
100 ODN(oiwMD5RSAsig, "OIWSecSIG MD5 with RSA signature"),
101 ODN(oiwSHA1, "OIWSecSIG SHA1"),
102 ODN(oiwDSASHA1, "OIWSecSIG DSA with SHA1"),
103 ODN(oiwDSASHA1param, "OIWSecSIG DSA with SHA1 with params"),
104 ODN(oiwSHA1RSA, "OIWSecSIG MD5 with RSA"),
105
106 /* Microsoft OIDs */
107 ODN(mCTL, "Microsoft Cert Trust List signing"),
108 ODN(mTSS, "Microsoft Time Stamp signing"),
109 ODN(mSGC, "Microsoft SGC SSL server"),
110 ODN(mEFS, "Microsoft Encrypted File System"),
111 ODN(mSMIME, "Microsoft SMIME preferences"),
112 ODN(mECRTT, "Microsoft Enrollment Cert Type Extension"),
113 ODN(mEAGNT, "Microsoft Enrollment Agent"),
114 ODN(mKPSCL, "Microsoft KP SmartCard Logon"),
115 ODN(mNTPN, "Microsoft NT Principal Name"),
116 ODN(mCASRV, "Microsoft CertServ CA version"),
117
118 /* PKIX OIDs */
119 ODN(padOCSP, "PKIX OCSP method"),
120 ODN(padCAissuer, "PKIX CA Issuer method"),
121 ODN(padTimeStamp, "PKIX Time Stamping method"),
122
123 /* ID_CE OIDs. */
124 ODN(cePlcyObs, "Certificate Policies (Obsolete)"),
125 ODN(cePlcyCns, "Certificate Policy Constraints"),
126
127 /* Verisign OIDs. */
128 ODN(vcx7, "Verisign Cert Extension 7 (?)"),
129 ODN(vcp1, "Verisign Class 1 Certificate Policy"),
130 ODN(vcp2, "Verisign Class 2 Certificate Policy"),
131 ODN(vcp3, "Verisign Class 3 Certificate Policy"),
132 ODN(vcp4, "Verisign Class 4 Certificate Policy"),
133
134 };
135
136 static const unsigned int numOids = (sizeof oids) / (sizeof oids[0]);
137
138 /* Fetch and register an oid if it hasn't been done already */
139 void
SECU_cert_fetchOID(SECOidTag * data,const SECOidData * src)140 SECU_cert_fetchOID(SECOidTag *data, const SECOidData *src)
141 {
142 if (*data == SEC_OID_UNKNOWN) {
143 /* AddEntry does the right thing if someone else has already
144 * added the oid. (that is return that oid tag) */
145 *data = SECOID_AddEntry(src);
146 }
147 }
148
149 SECStatus
SECU_RegisterDynamicOids(void)150 SECU_RegisterDynamicOids(void)
151 {
152 unsigned int i;
153 SECStatus rv = SECSuccess;
154
155 for (i = 0; i < numOids; ++i) {
156 SECOidTag tag = SECOID_AddEntry(&oids[i]);
157 if (tag == SEC_OID_UNKNOWN) {
158 rv = SECFailure;
159 #ifdef DEBUG_DYN_OIDS
160 fprintf(stderr, "Add OID[%d] failed\n", i);
161 } else {
162 fprintf(stderr, "Add OID[%d] returned tag %d\n", i, tag);
163 #endif
164 }
165 }
166 return rv;
167 }
168