1 /*
2  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 /*
6  * Copyright(c) 1995-2000 Intel Corporation. All rights reserved.
7  */
8 
9 #include <kmfapi.h>
10 
11 /* From X.520 */
12 static uint8_t
13 OID_ObjectClass[] = { OID_ATTR_TYPE, 0 },
14 OID_AliasedEntryName[] = { OID_ATTR_TYPE, 1 },
15 OID_KnowledgeInformation[] = { OID_ATTR_TYPE, 2 },
16 OID_CommonName[] = { OID_ATTR_TYPE, 3 },
17 OID_Surname[] = { OID_ATTR_TYPE, 4 },
18 OID_SerialNumber[] = { OID_ATTR_TYPE, 5 },
19 OID_CountryName[] = { OID_ATTR_TYPE, 6 },
20 OID_LocalityName[] = { OID_ATTR_TYPE, 7 },
21 OID_StateProvinceName[] = { OID_ATTR_TYPE, 8 },
22 OID_CollectiveStateProvinceName[] = { OID_ATTR_TYPE, 8, 1 },
23 OID_StreetAddress[] = { OID_ATTR_TYPE, 9 },
24 OID_CollectiveStreetAddress[] = { OID_ATTR_TYPE, 9, 1 },
25 OID_OrganizationName[] = { OID_ATTR_TYPE, 10 },
26 OID_CollectiveOrganizationName[] = { OID_ATTR_TYPE, 10, 1 },
27 OID_OrganizationalUnitName[] = { OID_ATTR_TYPE, 11 },
28 OID_CollectiveOrganizationalUnitName[] = { OID_ATTR_TYPE, 11, 1 },
29 OID_Title[] = { OID_ATTR_TYPE, 12 },
30 OID_Description[] = { OID_ATTR_TYPE, 13 },
31 OID_SearchGuide[] = { OID_ATTR_TYPE, 14 },
32 OID_BusinessCategory[] = { OID_ATTR_TYPE, 15 },
33 OID_PostalAddress[] = { OID_ATTR_TYPE, 16 },
34 OID_CollectivePostalAddress[] = { OID_ATTR_TYPE, 16, 1 },
35 OID_PostalCode[] = { OID_ATTR_TYPE, 17 },
36 OID_CollectivePostalCode[] = { OID_ATTR_TYPE, 17, 1 },
37 OID_PostOfficeBox[] = { OID_ATTR_TYPE, 18 },
38 OID_CollectivePostOfficeBox[] = { OID_ATTR_TYPE, 18, 1 },
39 OID_PhysicalDeliveryOfficeName[] = { OID_ATTR_TYPE, 19 },
40 OID_CollectivePhysicalDeliveryOfficeName[] = { OID_ATTR_TYPE, 19, 1 },
41 OID_TelephoneNumber[] = { OID_ATTR_TYPE, 20 },
42 OID_CollectiveTelephoneNumber[] = { OID_ATTR_TYPE, 20, 1 },
43 OID_TelexNumber[] = { OID_ATTR_TYPE, 21 },
44 OID_CollectiveTelexNumber[] = { OID_ATTR_TYPE, 21, 1 },
45 OID_TelexTerminalIdentifier[] = { OID_ATTR_TYPE, 22 },
46 OID_CollectiveTelexTerminalIdentifier[] = { OID_ATTR_TYPE, 22, 1 },
47 OID_FacsimileTelephoneNumber[] = { OID_ATTR_TYPE, 23 },
48 OID_CollectiveFacsimileTelephoneNumber[] = { OID_ATTR_TYPE, 23, 1 },
49 OID_X_121Address[] = { OID_ATTR_TYPE, 24 },
50 OID_InternationalISDNNumber[] = { OID_ATTR_TYPE, 25 },
51 OID_CollectiveInternationalISDNNumber[] = { OID_ATTR_TYPE, 25, 1 },
52 OID_RegisteredAddress[] = { OID_ATTR_TYPE, 26 },
53 OID_DestinationIndicator[] = { OID_ATTR_TYPE, 27 },
54 OID_PreferredDeliveryMethod[] = { OID_ATTR_TYPE, 28 },
55 OID_PresentationAddress[] = { OID_ATTR_TYPE, 29 },
56 OID_SupportedApplicationContext[] = { OID_ATTR_TYPE, 30 },
57 OID_Member[] = { OID_ATTR_TYPE, 31 },
58 OID_Owner[] = { OID_ATTR_TYPE, 32 },
59 OID_RoleOccupant[] = { OID_ATTR_TYPE, 33 },
60 OID_SeeAlso[] = { OID_ATTR_TYPE, 34 },
61 OID_UserPassword[] = { OID_ATTR_TYPE, 35 },
62 OID_UserCertificate[] = { OID_ATTR_TYPE, 36 },
63 OID_CACertificate[] = { OID_ATTR_TYPE, 37 },
64 OID_AuthorityRevocationList[] = { OID_ATTR_TYPE, 38 },
65 OID_CertificateRevocationList[] = { OID_ATTR_TYPE, 39 },
66 OID_CrossCertificatePair[] = { OID_ATTR_TYPE, 40 },
67 OID_Name[] = { OID_ATTR_TYPE, 41 },
68 OID_GivenName[] = { OID_ATTR_TYPE, 42 },
69 OID_Initials[] = { OID_ATTR_TYPE, 43 },
70 OID_GenerationQualifier[] = { OID_ATTR_TYPE, 44 },
71 OID_UniqueIdentifier[] = { OID_ATTR_TYPE, 45 },
72 OID_DNQualifier[] = { OID_ATTR_TYPE, 46 },
73 OID_EnhancedSearchGuide[] = { OID_ATTR_TYPE, 47 },
74 OID_ProtocolInformation[] = { OID_ATTR_TYPE, 48 },
75 OID_DistinguishedName[] = { OID_ATTR_TYPE, 49 },
76 OID_UniqueMember[] = { OID_ATTR_TYPE, 50 },
77 OID_HouseIdentifier[] = { OID_ATTR_TYPE, 51 }
78 /* OID_SupportedAlgorithms[] = { OID_ATTR_TYPE, 52 }, */
79 /* OID_DeltaRevocationList[] = { OID_ATTR_TYPE, 53 }, */
80 /* OID_AttributeCertificate[] = { OID_ATTR_TYPE, 58 } */
81 ;
82 
83 /* From PKCS 9 */
84 static uint8_t
85 OID_EmailAddress[] = { OID_PKCS_9, 1 },
86 OID_UnstructuredName[] = { OID_PKCS_9, 2 },
87 OID_ContentType[] = { OID_PKCS_9, 3 },
88 OID_MessageDigest[] = { OID_PKCS_9, 4 },
89 OID_SigningTime[] = { OID_PKCS_9, 5 },
90 OID_CounterSignature[] = { OID_PKCS_9, 6 },
91 OID_ChallengePassword[] = { OID_PKCS_9, 7 },
92 OID_UnstructuredAddress[] = { OID_PKCS_9, 8 },
93 OID_ExtendedCertificateAttributes[] = { OID_PKCS_9, 9 },
94 OID_ExtensionRequest[] = { OID_PKCS_9, 14 };
95 
96 /* From PKIX 1 */
97 /* Standard Extensions */
98 static uint8_t
99 OID_SubjectDirectoryAttributes[] = { OID_EXTENSION, 9 },
100 OID_SubjectKeyIdentifier[] = { OID_EXTENSION, 14 },
101 OID_KeyUsage[] = { OID_EXTENSION, 15 },
102 OID_PrivateKeyUsagePeriod[] = { OID_EXTENSION, 16 },
103 OID_SubjectAltName[] = { OID_EXTENSION, 17 },
104 OID_IssuerAltName[] = { OID_EXTENSION, 18 },
105 OID_BasicConstraints[] = { OID_EXTENSION, 19 },
106 OID_CrlNumber[] = { OID_EXTENSION, 20 },
107 OID_CrlReason[] = { OID_EXTENSION, 21 },
108 OID_HoldInstructionCode[] = { OID_EXTENSION, 23 },
109 OID_InvalidityDate[] = { OID_EXTENSION, 24 },
110 OID_DeltaCrlIndicator[] = { OID_EXTENSION, 27 },
111 OID_IssuingDistributionPoints[] = { OID_EXTENSION, 28 },
112 
113 /* OID_CertificateIssuer[] = { OID_EXTENSION, 29 }, */
114 OID_NameConstraints[] = { OID_EXTENSION, 30 },
115 OID_CrlDistributionPoints[] = { OID_EXTENSION, 31 },
116 OID_CertificatePolicies[] = { OID_EXTENSION, 32 },
117 OID_PolicyMappings[] = { OID_EXTENSION, 33 },
118 /* 34 deprecated */
119 OID_AuthorityKeyIdentifier[] = { OID_EXTENSION, 35 },
120 OID_PolicyConstraints[] = { OID_EXTENSION, 36 },
121 OID_ExtKeyUsage[] = { OID_EXTENSION, 37 }
122 ;
123 
124 /* PKIX-defined extended key purpose OIDs */
125 static uint8_t
126 OID_QT_CPSuri[]		 = { OID_PKIX_QT_CPS },
127 OID_QT_Unotice[]	 = { OID_PKIX_QT_UNOTICE },
128 
129 OID_KP_ServerAuth[]	 = { OID_PKIX_KP, 1 },
130 OID_KP_ClientAuth[] = { OID_PKIX_KP, 2 },
131 OID_KP_CodeSigning[] = { OID_PKIX_KP, 3 },
132 OID_KP_EmailProtection[] = { OID_PKIX_KP, 4 },
133 OID_KP_IPSecEndSystem[] = { OID_PKIX_KP, 5 },
134 OID_KP_IPSecTunnel[] = { OID_PKIX_KP, 6 },
135 OID_KP_IPSecUser[] = { OID_PKIX_KP, 7 },
136 OID_KP_TimeStamping[] = { OID_PKIX_KP, 8 },
137 OID_KP_OCSPSigning[] = { OID_PKIX_KP, 9 }
138 ;
139 
140 /* From PKIX 1 */
141 static uint8_t
142 OID_AuthorityInfoAccess[] = { OID_PKIX_PE, 1};
143 
144 const KMF_OID
145 KMFOID_AuthorityInfoAccess = {OID_PKIX_LENGTH + 2, OID_AuthorityInfoAccess};
146 
147 static uint8_t
148 OID_PkixAdOcsp[] = {OID_PKIX_AD, 1};
149 
150 const KMF_OID
151 KMFOID_PkixAdOcsp = {OID_PKIX_AD_LENGTH + 1, OID_PkixAdOcsp};
152 
153 static uint8_t
154 OID_PkixAdCaIssuers[] = {OID_PKIX_AD, 2};
155 
156 const KMF_OID
157 KMFOID_PkixAdCaIssuers = {OID_PKIX_AD_LENGTH + 1, OID_PkixAdCaIssuers};
158 
159 /*
160  * From RFC 1274
161  */
162 static uint8_t
163 OID_userid[] =		{OID_PILOT, 1},
164 OID_RFC822mailbox[] =	{OID_PILOT, 3},
165 OID_domainComponent[] =	{OID_PILOT, 25};
166 
167 const KMF_OID
168 KMFOID_userid		= {OID_PILOT_LENGTH + 1, OID_userid},
169 KMFOID_RFC822mailbox	= {OID_PILOT_LENGTH + 1, OID_RFC822mailbox},
170 KMFOID_domainComponent	= {OID_PILOT_LENGTH + 1, OID_domainComponent},
171 KMFOID_ObjectClass = {OID_ATTR_TYPE_LENGTH+1, OID_ObjectClass},
172 KMFOID_AliasedEntryName = {OID_ATTR_TYPE_LENGTH+1, OID_AliasedEntryName},
173 KMFOID_KnowledgeInformation = {OID_ATTR_TYPE_LENGTH+1,
174 	OID_KnowledgeInformation},
175 KMFOID_CommonName = {OID_ATTR_TYPE_LENGTH+1, OID_CommonName},
176 KMFOID_Surname = {OID_ATTR_TYPE_LENGTH+1, OID_Surname},
177 KMFOID_SerialNumber = {OID_ATTR_TYPE_LENGTH+1, OID_SerialNumber},
178 KMFOID_CountryName = {OID_ATTR_TYPE_LENGTH+1, OID_CountryName},
179 KMFOID_LocalityName = {OID_ATTR_TYPE_LENGTH+1, OID_LocalityName},
180 KMFOID_StateProvinceName = {OID_ATTR_TYPE_LENGTH+1, OID_StateProvinceName},
181 KMFOID_CollectiveStateProvinceName = {OID_ATTR_TYPE_LENGTH+2,
182 	OID_CollectiveStateProvinceName},
183 KMFOID_StreetAddress = {OID_ATTR_TYPE_LENGTH+1, OID_StreetAddress},
184 KMFOID_CollectiveStreetAddress = {OID_ATTR_TYPE_LENGTH+2,
185 	OID_CollectiveStreetAddress},
186 KMFOID_OrganizationName = {OID_ATTR_TYPE_LENGTH+1, OID_OrganizationName},
187 KMFOID_CollectiveOrganizationName = {OID_ATTR_TYPE_LENGTH+2,
188 	OID_CollectiveOrganizationName},
189 KMFOID_OrganizationalUnitName = {OID_ATTR_TYPE_LENGTH+1,
190 	OID_OrganizationalUnitName},
191 KMFOID_CollectiveOrganizationalUnitName = {OID_ATTR_TYPE_LENGTH+2,
192 	OID_CollectiveOrganizationalUnitName},
193 KMFOID_Title = {OID_ATTR_TYPE_LENGTH+1, OID_Title},
194 KMFOID_Description = {OID_ATTR_TYPE_LENGTH+1, OID_Description},
195 KMFOID_SearchGuide = {OID_ATTR_TYPE_LENGTH+1, OID_SearchGuide},
196 KMFOID_BusinessCategory = {OID_ATTR_TYPE_LENGTH+1, OID_BusinessCategory},
197 KMFOID_PostalAddress = {OID_ATTR_TYPE_LENGTH+1, OID_PostalAddress},
198 KMFOID_CollectivePostalAddress = {OID_ATTR_TYPE_LENGTH+2,
199 	OID_CollectivePostalAddress},
200 KMFOID_PostalCode = {OID_ATTR_TYPE_LENGTH+1, OID_PostalCode},
201 KMFOID_CollectivePostalCode = {OID_ATTR_TYPE_LENGTH+2,
202 	OID_CollectivePostalCode},
203 KMFOID_PostOfficeBox = {OID_ATTR_TYPE_LENGTH+1, OID_PostOfficeBox},
204 KMFOID_CollectivePostOfficeBox = {OID_ATTR_TYPE_LENGTH+2,
205 	OID_CollectivePostOfficeBox},
206 KMFOID_PhysicalDeliveryOfficeName = {OID_ATTR_TYPE_LENGTH+1,
207 	OID_PhysicalDeliveryOfficeName},
208 KMFOID_CollectivePhysicalDeliveryOfficeName = {OID_ATTR_TYPE_LENGTH+2,
209 	OID_CollectivePhysicalDeliveryOfficeName},
210 KMFOID_TelephoneNumber = {OID_ATTR_TYPE_LENGTH+1, OID_TelephoneNumber},
211 KMFOID_CollectiveTelephoneNumber = {OID_ATTR_TYPE_LENGTH+2,
212 	OID_CollectiveTelephoneNumber},
213 KMFOID_TelexNumber = {OID_ATTR_TYPE_LENGTH+1, OID_TelexNumber},
214 KMFOID_CollectiveTelexNumber = {OID_ATTR_TYPE_LENGTH+2,
215 	OID_CollectiveTelexNumber},
216 KMFOID_TelexTerminalIdentifier = {OID_ATTR_TYPE_LENGTH+1,
217 	OID_TelexTerminalIdentifier},
218 KMFOID_CollectiveTelexTerminalIdentifier = {OID_ATTR_TYPE_LENGTH+2,
219 	OID_CollectiveTelexTerminalIdentifier},
220 KMFOID_FacsimileTelephoneNumber = {OID_ATTR_TYPE_LENGTH+1,
221 	OID_FacsimileTelephoneNumber},
222 KMFOID_CollectiveFacsimileTelephoneNumber = {OID_ATTR_TYPE_LENGTH+2,
223 	OID_CollectiveFacsimileTelephoneNumber},
224 KMFOID_X_121Address = {OID_ATTR_TYPE_LENGTH+1, OID_X_121Address},
225 KMFOID_InternationalISDNNumber = {OID_ATTR_TYPE_LENGTH+1,
226 	OID_InternationalISDNNumber},
227 KMFOID_CollectiveInternationalISDNNumber = {OID_ATTR_TYPE_LENGTH+2,
228 	OID_CollectiveInternationalISDNNumber},
229 KMFOID_RegisteredAddress = {OID_ATTR_TYPE_LENGTH+1, OID_RegisteredAddress},
230 KMFOID_DestinationIndicator = {OID_ATTR_TYPE_LENGTH+1,
231 	OID_DestinationIndicator},
232 KMFOID_PreferredDeliveryMethod = {OID_ATTR_TYPE_LENGTH+1,
233 	OID_PreferredDeliveryMethod},
234 KMFOID_PresentationAddress = {OID_ATTR_TYPE_LENGTH+1,
235 	OID_PresentationAddress},
236 KMFOID_SupportedApplicationContext = {OID_ATTR_TYPE_LENGTH+1,
237 	OID_SupportedApplicationContext},
238 KMFOID_Member = {OID_ATTR_TYPE_LENGTH+1, OID_Member},
239 KMFOID_Owner = {OID_ATTR_TYPE_LENGTH+1, OID_Owner},
240 KMFOID_RoleOccupant = {OID_ATTR_TYPE_LENGTH+1, OID_RoleOccupant},
241 KMFOID_SeeAlso = {OID_ATTR_TYPE_LENGTH+1, OID_SeeAlso},
242 KMFOID_UserPassword = {OID_ATTR_TYPE_LENGTH+1, OID_UserPassword},
243 KMFOID_UserCertificate = {OID_ATTR_TYPE_LENGTH+1, OID_UserCertificate},
244 KMFOID_CACertificate = {OID_ATTR_TYPE_LENGTH+1, OID_CACertificate},
245 KMFOID_AuthorityRevocationList = {OID_ATTR_TYPE_LENGTH+1,
246 	OID_AuthorityRevocationList},
247 KMFOID_CertificateRevocationList = {OID_ATTR_TYPE_LENGTH+1,
248 	OID_CertificateRevocationList},
249 KMFOID_CrossCertificatePair = {OID_ATTR_TYPE_LENGTH+1,
250 	OID_CrossCertificatePair},
251 KMFOID_Name = {OID_ATTR_TYPE_LENGTH+1, OID_Name},
252 KMFOID_GivenName = {OID_ATTR_TYPE_LENGTH+1, OID_GivenName},
253 KMFOID_Initials = {OID_ATTR_TYPE_LENGTH+1, OID_Initials},
254 KMFOID_GenerationQualifier = {OID_ATTR_TYPE_LENGTH+1, OID_GenerationQualifier},
255 KMFOID_UniqueIdentifier = {OID_ATTR_TYPE_LENGTH+1, OID_UniqueIdentifier},
256 KMFOID_DNQualifier = {OID_ATTR_TYPE_LENGTH+1, OID_DNQualifier},
257 KMFOID_EnhancedSearchGuide = {OID_ATTR_TYPE_LENGTH+1, OID_EnhancedSearchGuide},
258 KMFOID_ProtocolInformation = {OID_ATTR_TYPE_LENGTH+1, OID_ProtocolInformation},
259 KMFOID_DistinguishedName = {OID_ATTR_TYPE_LENGTH+1, OID_DistinguishedName},
260 KMFOID_UniqueMember = {OID_ATTR_TYPE_LENGTH+1, OID_UniqueMember},
261 KMFOID_HouseIdentifier = {OID_ATTR_TYPE_LENGTH+1, OID_HouseIdentifier},
262 KMFOID_EmailAddress = {OID_PKCS_9_LENGTH+1, OID_EmailAddress},
263 KMFOID_UnstructuredName = {OID_PKCS_9_LENGTH+1, OID_UnstructuredName},
264 KMFOID_ContentType = {OID_PKCS_9_LENGTH+1, OID_ContentType},
265 KMFOID_MessageDigest = {OID_PKCS_9_LENGTH+1, OID_MessageDigest},
266 KMFOID_SigningTime = {OID_PKCS_9_LENGTH+1, OID_SigningTime},
267 KMFOID_CounterSignature = {OID_PKCS_9_LENGTH+1, OID_CounterSignature},
268 KMFOID_ChallengePassword = {OID_PKCS_9_LENGTH+1, OID_ChallengePassword},
269 KMFOID_UnstructuredAddress = {OID_PKCS_9_LENGTH+1, OID_UnstructuredAddress},
270 KMFOID_ExtendedCertificateAttributes = {OID_PKCS_9_LENGTH+1,
271 	OID_ExtendedCertificateAttributes},
272 KMFOID_ExtensionRequest = {OID_PKCS_9_LENGTH + 1, OID_ExtensionRequest};
273 
274 static uint8_t
275 OID_AuthorityKeyID[] = { OID_EXTENSION, 1 },
276 OID_VerisignCertificatePolicy[] = { OID_EXTENSION, 3 },
277 OID_KeyUsageRestriction[] = { OID_EXTENSION, 4 };
278 
279 const KMF_OID
280 KMFOID_AuthorityKeyID		 = {OID_EXTENSION_LENGTH+1, OID_AuthorityKeyID},
281 
282 KMFOID_VerisignCertificatePolicy = {OID_EXTENSION_LENGTH+1,
283 	OID_VerisignCertificatePolicy},
284 
285 KMFOID_KeyUsageRestriction	 = {OID_EXTENSION_LENGTH+1,
286 	OID_KeyUsageRestriction},
287 
288 KMFOID_SubjectDirectoryAttributes = {OID_EXTENSION_LENGTH+1,
289 	OID_SubjectDirectoryAttributes},
290 
291 KMFOID_SubjectKeyIdentifier	 = {OID_EXTENSION_LENGTH+1,
292 	OID_SubjectKeyIdentifier },
293 KMFOID_KeyUsage		 = {OID_EXTENSION_LENGTH+1, OID_KeyUsage },
294 
295 KMFOID_PrivateKeyUsagePeriod	 = {OID_EXTENSION_LENGTH+1,
296 	OID_PrivateKeyUsagePeriod},
297 KMFOID_SubjectAltName	 = {OID_EXTENSION_LENGTH+1, OID_SubjectAltName },
298 KMFOID_IssuerAltName	 = {OID_EXTENSION_LENGTH+1, OID_IssuerAltName },
299 KMFOID_BasicConstraints	 = {OID_EXTENSION_LENGTH+1, OID_BasicConstraints },
300 
301 KMFOID_CrlNumber	 = {OID_EXTENSION_LENGTH+1, OID_CrlNumber},
302 
303 KMFOID_CrlReason	 = {OID_EXTENSION_LENGTH+1, OID_CrlReason},
304 
305 KMFOID_HoldInstructionCode = {OID_EXTENSION_LENGTH+1, OID_HoldInstructionCode},
306 
307 KMFOID_InvalidityDate	 = {OID_EXTENSION_LENGTH+1, OID_InvalidityDate},
308 
309 KMFOID_DeltaCrlIndicator = {OID_EXTENSION_LENGTH+1, OID_DeltaCrlIndicator},
310 
311 KMFOID_IssuingDistributionPoints = {OID_EXTENSION_LENGTH+1,
312 	OID_IssuingDistributionPoints},
313 
314 KMFOID_NameConstraints	 = {OID_EXTENSION_LENGTH+1,
315 	OID_NameConstraints},
316 
317 KMFOID_CrlDistributionPoints = {OID_EXTENSION_LENGTH+1,
318 	OID_CrlDistributionPoints},
319 
320 KMFOID_CertificatePolicies = {OID_EXTENSION_LENGTH+1,
321 	OID_CertificatePolicies},
322 
323 KMFOID_PolicyMappings	 = {OID_EXTENSION_LENGTH+1, OID_PolicyMappings},
324 
325 KMFOID_PolicyConstraints = {OID_EXTENSION_LENGTH+1, OID_PolicyConstraints},
326 
327 KMFOID_AuthorityKeyIdentifier = {OID_EXTENSION_LENGTH+1,
328 	OID_AuthorityKeyIdentifier},
329 
330 KMFOID_ExtendedKeyUsage	 = {OID_EXTENSION_LENGTH+1, OID_ExtKeyUsage},
331 
332 KMFOID_PKIX_PQ_CPSuri	 = {OID_PKIX_QT_CPS_LENGTH, 	OID_QT_CPSuri},
333 
334 KMFOID_PKIX_PQ_Unotice	 = {OID_PKIX_QT_UNOTICE_LENGTH,	OID_QT_Unotice},
335 
336 /* Extended Key Usage OIDs */
337 KMFOID_PKIX_KP_ServerAuth = {OID_PKIX_KP_LENGTH + 1, OID_KP_ServerAuth},
338 
339 KMFOID_PKIX_KP_ClientAuth = {OID_PKIX_KP_LENGTH + 1, OID_KP_ClientAuth},
340 
341 KMFOID_PKIX_KP_CodeSigning = {OID_PKIX_KP_LENGTH + 1, OID_KP_CodeSigning},
342 
343 KMFOID_PKIX_KP_EmailProtection	 = {OID_PKIX_KP_LENGTH + 1,
344 	OID_KP_EmailProtection},
345 
346 KMFOID_PKIX_KP_IPSecEndSystem = {OID_PKIX_KP_LENGTH + 1, OID_KP_IPSecEndSystem},
347 
348 KMFOID_PKIX_KP_IPSecTunnel = {OID_PKIX_KP_LENGTH + 1, OID_KP_IPSecTunnel},
349 
350 KMFOID_PKIX_KP_IPSecUser = {OID_PKIX_KP_LENGTH + 1, OID_KP_IPSecUser},
351 
352 KMFOID_PKIX_KP_TimeStamping = {OID_PKIX_KP_LENGTH + 1, OID_KP_TimeStamping},
353 
354 KMFOID_PKIX_KP_OCSPSigning = {OID_PKIX_KP_LENGTH + 1, OID_KP_OCSPSigning};
355 
356 static uint8_t
357 OID_OIW_SHA1[] = { OID_OIW_ALGORITHM, 26},
358 OID_OIW_DSA[] = { OID_OIW_ALGORITHM, 12  },
359 OID_OIW_DSAWithSHA1[] = { OID_OIW_ALGORITHM, 13 },
360 OID_RSAEncryption[] = { OID_PKCS_1, 1 },
361 OID_MD2WithRSA[]   = { OID_PKCS_1, 2 },
362 OID_MD5WithRSA[]   = { OID_PKCS_1, 4 },
363 OID_SHA1WithRSA[]  = { OID_PKCS_1, 5 },
364 OID_SHA256WithRSA[]  = { OID_PKCS_1, 11 },
365 OID_SHA384WithRSA[]  = { OID_PKCS_1, 12 },
366 OID_SHA512WithRSA[]  = { OID_PKCS_1, 13 },
367 OID_X9CM_DSA[] = { OID_X9CM_X9ALGORITHM, 1 },
368 OID_X9CM_DSAWithSHA1[] = { OID_X9CM_X9ALGORITHM, 3};
369 
370 const KMF_OID
371 KMFOID_SHA1 = {OID_OIW_ALGORITHM_LENGTH+1, OID_OIW_SHA1},
372 KMFOID_RSA = {OID_PKCS_1_LENGTH+1, OID_RSAEncryption},
373 KMFOID_DSA = {OID_OIW_ALGORITHM_LENGTH+1, OID_OIW_DSA},
374 KMFOID_MD5WithRSA = {OID_PKCS_1_LENGTH+1, OID_MD5WithRSA},
375 KMFOID_MD2WithRSA = {OID_PKCS_1_LENGTH+1, OID_MD2WithRSA},
376 KMFOID_SHA1WithRSA = {OID_PKCS_1_LENGTH+1, OID_SHA1WithRSA},
377 KMFOID_SHA256WithRSA = {OID_PKCS_1_LENGTH+1, OID_SHA256WithRSA},
378 KMFOID_SHA384WithRSA = {OID_PKCS_1_LENGTH+1, OID_SHA384WithRSA},
379 KMFOID_SHA512WithRSA = {OID_PKCS_1_LENGTH+1, OID_SHA512WithRSA},
380 KMFOID_SHA1WithDSA  = {OID_OIW_ALGORITHM_LENGTH+1, OID_OIW_DSAWithSHA1},
381 KMFOID_X9CM_DSA = {OID_X9CM_X9ALGORITHM_LENGTH+1, OID_X9CM_DSA},
382 KMFOID_X9CM_DSAWithSHA1 = {OID_X9CM_X9ALGORITHM_LENGTH+1,
383 		OID_X9CM_DSAWithSHA1};
384 
385 /*
386  * New for PKINIT support.
387  */
388 static uint8_t
389 OID_pkinit_san[] = { OID_KRB5_SAN },
390 OID_pkinit_san_upn[] = { OID_MS_KP_SC_LOGON_UPN },
391 OID_pkinit_kp_clientauth[] = { OID_KRB5_PKINIT_KPCLIENTAUTH },
392 OID_pkinit_kp_kdc[] = { OID_KRB5_PKINIT_KPKDC },
393 OID_pkinit_kp_sc_logon[] = { OID_MS_KP_SC_LOGON };
394 
395 const KMF_OID
396 KMFOID_PKINIT_san = {OID_KRB5_SAN_LENGTH, OID_pkinit_san },
397 KMFOID_PKINIT_ClientAuth = {OID_KRB5_PKINIT_KPCLIENTAUTH_LENGTH,
398     OID_pkinit_kp_clientauth},
399 KMFOID_PKINIT_Kdc = {OID_KRB5_PKINIT_KPKDC_LENGTH,
400     OID_pkinit_kp_kdc},
401 KMFOID_MS_KP_SCLogon = {OID_MS_KP_SC_LOGON_LENGTH,
402     OID_pkinit_kp_sc_logon},
403 KMFOID_MS_KP_SCLogon_UPN = {OID_MS_KP_SC_LOGON_UPN_LENGTH,
404     OID_pkinit_san_upn};
405 
406 /*
407  * MD5
408  * iso(1) member-body(2) us(840) rsadsi(113549)
409  * digestAlgorithm(2) 5
410  */
411 #define	RSADSI 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d
412 #define	OID_id_md5	RSADSI, 0x02, 0x05
413 
414 /*
415  * SHA2 OIDs
416  */
417 #define	NIST_ALG 96, 134, 72, 1, 101, 3, 4
418 #define	NIST_HASH NIST_ALG, 2
419 #define	OID_id_sha256 NIST_HASH, 1
420 #define	OID_id_sha384 NIST_HASH, 2
421 #define	OID_id_sha512 NIST_HASH, 3
422 #define	OID_id_sha224 NIST_HASH, 4
423 
424 #define	OID_id_dsa_with_sha224	NIST_ALG, 3, 1
425 #define	OID_id_dsa_with_sha256	NIST_ALG, 3, 2
426 
427 /*
428  * For ECC support.
429  */
430 #define	CERTICOM_OID	0x2b, 0x81, 0x04
431 #define	SECG_OID	CERTICOM_OID, 0x00
432 
433 #define	ANSI_X962_OID		0x2a, 0x86, 0x48, 0xce, 0x3d
434 #define	ANSI_X962_CURVE_OID	ANSI_X962_OID, 0x03
435 #define	ANSI_X962_GF2m_OID	ANSI_X962_CURVE_OID, 0x00
436 #define	ANSI_X962_GFp_OID	ANSI_X962_CURVE_OID, 0x01
437 
438 #define	ANSI_X962_SIG_OID	ANSI_X962_OID, 0x04
439 #define	OID_ecdsa_with_sha224	ANSI_X962_SIG_OID, 3, 1
440 #define	OID_ecdsa_with_sha256	ANSI_X962_SIG_OID, 3, 2
441 #define	OID_ecdsa_with_sha384	ANSI_X962_SIG_OID, 3, 3
442 #define	OID_ecdsa_with_sha512	ANSI_X962_SIG_OID, 3, 4
443 
444 static uint8_t
445 OID_secp112r1[] = { 0x6, 0x5, SECG_OID, 0x06 },
446 OID_secp112r2[] = { 0x6, 0x5, SECG_OID, 0x07 },
447 OID_secp128r1[] = { 0x6, 0x5, SECG_OID, 0x1c },
448 OID_secp128r2[] = { 0x6, 0x5, SECG_OID, 0x1d },
449 OID_secp160k1[] = { 0x6, 0x5, SECG_OID, 0x09 },
450 OID_secp160r1[] = { 0x6, 0x5, SECG_OID, 0x08 },
451 OID_secp160r2[] = { 0x6, 0x5, SECG_OID, 0x1e },
452 OID_secp192k1[] = { 0x6, 0x5, SECG_OID, 0x1f },
453 OID_secp224k1[] = { 0x6, 0x5, SECG_OID, 0x20 },
454 OID_secp224r1[] = { 0x6, 0x5, SECG_OID, 0x21 },
455 OID_secp256k1[] = { 0x6, 0x5, SECG_OID, 0x0a },
456 OID_secp384r1[] = { 0x6, 0x5, SECG_OID, 0x22 },
457 OID_secp521r1[] = { 0x6, 0x5, SECG_OID, 0x23 },
458 OID_sect113r1[] = { 0x6, 0x5, SECG_OID, 0x04 },
459 OID_sect113r2[] = { 0x6, 0x5, SECG_OID, 0x05 },
460 OID_sect131r1[] = { 0x6, 0x5, SECG_OID, 0x16 },
461 OID_sect131r2[] = { 0x6, 0x5, SECG_OID, 0x17 },
462 OID_sect163k1[] = { 0x6, 0x5, SECG_OID, 0x01 },
463 OID_sect163r1[] = { 0x6, 0x5, SECG_OID, 0x02 },
464 OID_sect163r2[] = { 0x6, 0x5, SECG_OID, 0x0f },
465 OID_sect193r1[] = { 0x6, 0x5, SECG_OID, 0x18 },
466 OID_sect193r2[] = { 0x6, 0x5, SECG_OID, 0x19 },
467 OID_sect233k1[] = { 0x6, 0x5, SECG_OID, 0x1a },
468 OID_sect233r1[] = { 0x6, 0x5, SECG_OID, 0x1b },
469 OID_sect239k1[] = { 0x6, 0x5, SECG_OID, 0x03 },
470 OID_sect283k1[] = { 0x6, 0x5, SECG_OID, 0x10 },
471 OID_sect283r1[] = { 0x6, 0x5, SECG_OID, 0x11 },
472 OID_sect409k1[] = { 0x6, 0x5, SECG_OID, 0x24 },
473 OID_sect409r1[] = { 0x6, 0x5, SECG_OID, 0x25 },
474 OID_sect571k1[] = { 0x6, 0x5, SECG_OID, 0x26 },
475 OID_sect571r1[] = { 0x6, 0x5, SECG_OID, 0x27 },
476 OID_c2pnb163v1[] = { 0x6, 0x8, ANSI_X962_GF2m_OID, 0x01 },
477 OID_c2pnb163v2[] = { 0x6, 0x8, ANSI_X962_GF2m_OID, 0x02 },
478 OID_c2pnb163v3[] = { 0x6, 0x8, ANSI_X962_GF2m_OID, 0x03 },
479 OID_c2pnb176v1[] = { 0x6, 0x8, ANSI_X962_GF2m_OID, 0x04 },
480 OID_c2tnb191v1[] = { 0x6, 0x8, ANSI_X962_GF2m_OID, 0x05 },
481 OID_c2tnb191v2[] = { 0x6, 0x8, ANSI_X962_GF2m_OID, 0x06 },
482 OID_c2tnb191v3[] = { 0x6, 0x8, ANSI_X962_GF2m_OID, 0x07 },
483 OID_c2pnb208w1[] = { 0x6, 0x8, ANSI_X962_GF2m_OID, 0x0a },
484 OID_c2tnb239v1[] = { 0x6, 0x8, ANSI_X962_GF2m_OID, 0x0b },
485 OID_c2tnb239v2[] = { 0x6, 0x8, ANSI_X962_GF2m_OID, 0x0c },
486 OID_c2tnb239v3[] = { 0x6, 0x8, ANSI_X962_GF2m_OID, 0x0d },
487 OID_c2pnb272w1[] = { 0x6, 0x8, ANSI_X962_GF2m_OID, 0x10 },
488 OID_c2pnb304w1[] = { 0x6, 0x8, ANSI_X962_GF2m_OID, 0x11 },
489 OID_c2tnb359v1[] = { 0x6, 0x8, ANSI_X962_GF2m_OID, 0x12 },
490 OID_c2pnb368w1[] = { 0x6, 0x8, ANSI_X962_GF2m_OID, 0x13 },
491 OID_c2tnb431r1[] = { 0x6, 0x8, ANSI_X962_GF2m_OID, 0x14 },
492 
493 OID_prime192v2[] = { 0x6, 0x8, ANSI_X962_GFp_OID, 0x02 },
494 OID_prime192v3[] = { 0x6, 0x8, ANSI_X962_GFp_OID, 0x03 },
495 
496 OID_secp192r1[] = { 0x6, 0x8, ANSI_X962_GFp_OID, 0x01 },
497 OID_secp256r1[] = { 0x6, 0x8, ANSI_X962_GFp_OID, 0x07 };
498 
499 const KMF_OID
500 KMFOID_ECC_secp112r1 = {sizeof (OID_secp112r1), OID_secp112r1},
501 KMFOID_ECC_secp112r2 = {sizeof (OID_secp112r2), OID_secp112r2},
502 KMFOID_ECC_secp128r1 = {sizeof (OID_secp128r1), OID_secp128r1},
503 KMFOID_ECC_secp128r2 = {sizeof (OID_secp128r2), OID_secp128r2},
504 KMFOID_ECC_secp160k1 = {sizeof (OID_secp160k1), OID_secp160k1},
505 KMFOID_ECC_secp160r1 = {sizeof (OID_secp160r1), OID_secp160r1},
506 KMFOID_ECC_secp160r2 = {sizeof (OID_secp160r2), OID_secp160r2},
507 KMFOID_ECC_secp192k1 = {sizeof (OID_secp192k1), OID_secp192k1},
508 KMFOID_ECC_secp224k1 = {sizeof (OID_secp224k1), OID_secp224k1},
509 KMFOID_ECC_secp224r1 = {sizeof (OID_secp224r1), OID_secp224r1},
510 KMFOID_ECC_secp256k1 = {sizeof (OID_secp256k1), OID_secp256k1},
511 KMFOID_ECC_secp384r1 = {sizeof (OID_secp384r1), OID_secp384r1},
512 KMFOID_ECC_secp521r1 = {sizeof (OID_secp521r1), OID_secp521r1},
513 KMFOID_ECC_sect113r1 = {sizeof (OID_sect113r1), OID_sect113r1},
514 KMFOID_ECC_sect113r2 = {sizeof (OID_sect113r2), OID_sect113r2},
515 KMFOID_ECC_sect131r1 = {sizeof (OID_sect131r1), OID_sect131r1},
516 KMFOID_ECC_sect131r2 = {sizeof (OID_sect131r2), OID_sect131r2},
517 KMFOID_ECC_sect163k1 = {sizeof (OID_sect163k1), OID_sect163k1},
518 KMFOID_ECC_sect163r1 = {sizeof (OID_sect163r1), OID_sect163r1},
519 KMFOID_ECC_sect163r2 = {sizeof (OID_sect163r2), OID_sect163r2},
520 KMFOID_ECC_sect193r1 = {sizeof (OID_sect193r1), OID_sect193r1},
521 KMFOID_ECC_sect193r2 = {sizeof (OID_sect193r2), OID_sect193r2},
522 KMFOID_ECC_sect233k1 = {sizeof (OID_sect233k1), OID_sect233k1},
523 KMFOID_ECC_sect233r1 = {sizeof (OID_sect233r1), OID_sect233r1},
524 KMFOID_ECC_sect239k1 = {sizeof (OID_sect239k1), OID_sect239k1},
525 KMFOID_ECC_sect283k1 = {sizeof (OID_sect283k1), OID_sect283k1},
526 KMFOID_ECC_sect283r1 = {sizeof (OID_sect283r1), OID_sect283r1},
527 KMFOID_ECC_sect409k1 = {sizeof (OID_sect409k1), OID_sect409k1},
528 KMFOID_ECC_sect409r1 = {sizeof (OID_sect409r1), OID_sect409r1},
529 KMFOID_ECC_sect571k1 = {sizeof (OID_sect571k1), OID_sect571k1},
530 KMFOID_ECC_sect571r1 = {sizeof (OID_sect571r1), OID_sect571r1},
531 KMFOID_ECC_c2pnb163v1 = {sizeof (OID_c2pnb163v1), OID_c2pnb163v1},
532 KMFOID_ECC_c2pnb163v2 = {sizeof (OID_c2pnb163v2), OID_c2pnb163v2},
533 KMFOID_ECC_c2pnb163v3 = {sizeof (OID_c2pnb163v3), OID_c2pnb163v3},
534 KMFOID_ECC_c2pnb176v1 = {sizeof (OID_c2pnb176v1), OID_c2pnb176v1},
535 KMFOID_ECC_c2tnb191v1 = {sizeof (OID_c2tnb191v1), OID_c2tnb191v1},
536 KMFOID_ECC_c2tnb191v2 = {sizeof (OID_c2tnb191v2), OID_c2tnb191v2},
537 KMFOID_ECC_c2tnb191v3 = {sizeof (OID_c2tnb191v3), OID_c2tnb191v3},
538 KMFOID_ECC_c2pnb208w1 = {sizeof (OID_c2pnb208w1), OID_c2pnb208w1},
539 KMFOID_ECC_c2tnb239v1 = {sizeof (OID_c2tnb239v1), OID_c2tnb239v1},
540 KMFOID_ECC_c2tnb239v2 = {sizeof (OID_c2tnb239v2), OID_c2tnb239v2},
541 KMFOID_ECC_c2tnb239v3 = {sizeof (OID_c2tnb239v3), OID_c2tnb239v3},
542 KMFOID_ECC_c2pnb272w1 = {sizeof (OID_c2pnb272w1), OID_c2pnb272w1},
543 KMFOID_ECC_c2pnb304w1 = {sizeof (OID_c2pnb304w1), OID_c2pnb304w1},
544 KMFOID_ECC_c2tnb359v1 = {sizeof (OID_c2tnb359v1), OID_c2tnb359v1},
545 KMFOID_ECC_c2pnb368w1 = {sizeof (OID_c2pnb368w1), OID_c2pnb368w1},
546 KMFOID_ECC_c2tnb431r1 = {sizeof (OID_c2tnb431r1), OID_c2tnb431r1},
547 KMFOID_ECC_prime192v2 = {sizeof (OID_prime192v2), OID_prime192v2},
548 KMFOID_ECC_prime192v3 = {sizeof (OID_prime192v3), OID_prime192v3},
549 KMFOID_ECC_secp192r1 = {sizeof (OID_secp192r1), OID_secp192r1},
550 KMFOID_ECC_secp256r1 = {sizeof (OID_secp256r1), OID_secp256r1};
551 
552 static uint8_t
553 OID_EC_PUBLIC_KEY[] = {ANSI_X962_OID, 0x02, 0x01},
554 OID_ECDSA_SHA1[] = {ANSI_X962_OID, 0x04, 0x01},
555 OID_ECDSA_SHA224[] = {ANSI_X962_OID, 0x04, 0x03, 0x01},
556 OID_ECDSA_SHA256[] = {ANSI_X962_OID, 0x04, 0x03, 0x02},
557 OID_ECDSA_SHA384[] = {ANSI_X962_OID, 0x04, 0x03, 0x03},
558 OID_ECDSA_SHA512[] = {ANSI_X962_OID, 0x04, 0x03, 0x04},
559 OID_DSA_SHA224[] = {OID_id_dsa_with_sha224},
560 OID_DSA_SHA256[] = {OID_id_dsa_with_sha256},
561 OID_SHA224[] = {OID_id_sha224},
562 OID_SHA256[] = {OID_id_sha256},
563 OID_SHA384[] = {OID_id_sha384},
564 OID_SHA512[] = {OID_id_sha512},
565 OID_MD5[] = {OID_id_md5};
566 
567 const KMF_OID
568 KMFOID_EC_PUBLIC_KEY = { sizeof (OID_EC_PUBLIC_KEY), OID_EC_PUBLIC_KEY},
569 KMFOID_SHA1WithECDSA = { sizeof (OID_ECDSA_SHA1), OID_ECDSA_SHA1},
570 KMFOID_SHA224WithECDSA = { sizeof (OID_ECDSA_SHA224), OID_ECDSA_SHA224},
571 KMFOID_SHA256WithECDSA = { sizeof (OID_ECDSA_SHA256), OID_ECDSA_SHA256},
572 KMFOID_SHA384WithECDSA = { sizeof (OID_ECDSA_SHA384), OID_ECDSA_SHA384},
573 KMFOID_SHA512WithECDSA = { sizeof (OID_ECDSA_SHA512), OID_ECDSA_SHA512},
574 KMFOID_SHA224WithDSA = { sizeof (OID_DSA_SHA224), OID_DSA_SHA224},
575 KMFOID_SHA256WithDSA = { sizeof (OID_DSA_SHA256), OID_DSA_SHA256},
576 KMFOID_SHA224 = { sizeof (OID_SHA224), OID_SHA224},
577 KMFOID_SHA256 = { sizeof (OID_SHA256), OID_SHA256},
578 KMFOID_SHA384 = { sizeof (OID_SHA384), OID_SHA384},
579 KMFOID_SHA512 = { sizeof (OID_SHA512), OID_SHA512},
580 KMFOID_MD5 = { sizeof (OID_MD5), OID_MD5};
581