]> git.saurik.com Git - apple/security.git/blame - OSX/libsecurity_cssm/lib/oidscert.cpp
projects / apple / security.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Security-57740.1.18.tar.gz
[apple/security.git] / OSX / libsecurity_cssm / lib / oidscert.cpp
CommitLineData
b1ab9ed8 1/*
e0e0d90e 2 * Copyright (c) 2000-2004,2008-2015 Apple Inc. All Rights Reserved.
427c49bc 3 *
b1ab9ed8 4 * @APPLE_LICENSE_HEADER_START@
e0e0d90e 5 *
b1ab9ed8
A		 6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
e0e0d90e 12 *
b1ab9ed8
A		 13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
e0e0d90e 20 *
b1ab9ed8
A		 21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25/*
26
27 File: oidscert.cpp
28
29 Contains: Object Identifiers for X509 Certificate Library
30
b1ab9ed8
A		 31 */
32
33#include "oidsbase.h"
34#include "oidscert.h"
35
d8f41ccd
A		 36#pragma clang diagnostic push
37#pragma clang diagnostic ignored "-Wunused-const-variable"
38
b1ab9ed8
A		 39/* required until PR-3347430 Security/cdsa/cdsa/oidscert.h is checked
40 * into TOT - pending public API review */
41extern "C" {
427c49bc 42 extern const CSSM_OID CSSMOID_X509V1IssuerNameStd,
b1ab9ed8
A		 43 CSSMOID_X509V1SubjectNameStd;
44}
45
46static const uint8
47
48 /* Certificate OID Fields */
49 X509V3SignedCertificate[] = {INTEL_X509V3_CERT_R08, 0},
50 X509V3SignedCertificateCStruct[] = {INTEL_X509V3_CERT_R08, 0, INTEL_X509_C_DATATYPE},
51 X509V3Certificate[] = {INTEL_X509V3_CERT_R08, 1},
52 X509V3CertificateCStruct[] = {INTEL_X509V3_CERT_R08, 1, INTEL_X509_C_DATATYPE},
53 X509V1Version[] = {INTEL_X509V3_CERT_R08, 2},
54 X509V1SerialNumber[] = {INTEL_X509V3_CERT_R08, 3},
55 X509V1IssuerName[] = {INTEL_X509V3_CERT_R08, 5},
56 X509V1IssuerNameCStruct[] = {INTEL_X509V3_CERT_R08, 5, INTEL_X509_C_DATATYPE},
57 X509V1IssuerNameLDAP[] = {INTEL_X509V3_CERT_R08, 5, INTEL_X509_LDAPSTRING_DATATYPE},
58 X509V1ValidityNotBefore[] = {INTEL_X509V3_CERT_R08, 6},
59 X509V1ValidityNotAfter[] = {INTEL_X509V3_CERT_R08, 7},
60 X509V1SubjectName[] = {INTEL_X509V3_CERT_R08, 8},
61 X509V1SubjectNameCStruct[] = {INTEL_X509V3_CERT_R08, 8, INTEL_X509_C_DATATYPE},
62 X509V1SubjectNameLDAP[] = {INTEL_X509V3_CERT_R08, 8, INTEL_X509_LDAPSTRING_DATATYPE},
63 X509V1SubjectPublicKeyAlgorithm[] = {INTEL_X509V3_CERT_R08, 9},
64 X509V1SubjectPublicKey[] = {INTEL_X509V3_CERT_R08, 10},
65 X509V1CertificateIssuerUniqueId[] = {INTEL_X509V3_CERT_R08, 11},
66 X509V1CertificateSubjectUniqueId[] = {INTEL_X509V3_CERT_R08, 12},
67 X509V3CertificateExtensionStruct[] = {INTEL_X509V3_CERT_R08, 13},
68 X509V3CertificateExtensionCStruct[] = {INTEL_X509V3_CERT_R08, 13, INTEL_X509_C_DATATYPE},
69 X509V3CertificateNumberOfExtensions[] = {INTEL_X509V3_CERT_R08, 14},
70 X509V3CertificateExtensionId[] = {INTEL_X509V3_CERT_R08, 15},
71 X509V3CertificateExtensionCritical[] = {INTEL_X509V3_CERT_R08, 16},
72 X509V3CertificateExtensionValue[] = {INTEL_X509V3_CERT_R08, 17},
73 X509V1SubjectPublicKeyAlgorithmParameters[] = {INTEL_X509V3_CERT_R08, 18},
74 X509V3CertificateExtensionType[] = {INTEL_X509V3_CERT_R08, 19},
75 CSSMKeyStruct[] = {INTEL_X509V3_CERT_R08, 20},
76 X509V1SubjectPublicKeyCStruct[] = {INTEL_X509V3_CERT_R08, 20, INTEL_X509_C_DATATYPE},
77 X509V3CertificateExtensionsStruct[] = {INTEL_X509V3_CERT_R08, 21},
78 X509V3CertificateExtensionsCStruct[] = {INTEL_X509V3_CERT_R08, 21, INTEL_X509_C_DATATYPE},
79 X509V1SubjectNameStd[] = {INTEL_X509V3_CERT_R08, 22},
80 X509V1IssuerNameStd[] = {INTEL_X509V3_CERT_R08, 23},
427c49bc 81
b1ab9ed8
A		 82 /* Signature OID Fields */
83 X509V1SignatureStruct[] = {INTEL_X509V3_SIGN_R08, 0},
84 X509V1SignatureCStruct[] = {INTEL_X509V3_SIGN_R08, 0, INTEL_X509_C_DATATYPE},
85 /* for the algorithm ID in the cert proper */
86 X509V1SignatureAlgorithm[] = {INTEL_X509V3_SIGN_R08, 1},
87 /* for the one in TBSCert */
88 X509V1SignatureAlgorithmTBS[] = {INTEL_X509V3_SIGN_R08, 10},
89 X509V1SignatureAlgorithmParameters[] = {INTEL_X509V3_SIGN_R08, 3},
90 X509V1Signature[] = {INTEL_X509V3_SIGN_R08, 2},
427c49bc 91
b1ab9ed8
A		 92 /* Extension OID Fields */
93 SubjectSignatureBitmap[] = {INTEL_X509V3_CERT_PRIVATE_EXTENSIONS, 1},
94 SubjectPicture[] = {INTEL_X509V3_CERT_PRIVATE_EXTENSIONS, 2},
95 SubjectEmailAddress[] = {INTEL_X509V3_CERT_PRIVATE_EXTENSIONS, 3},
96 UseExemptions[] = {INTEL_X509V3_CERT_PRIVATE_EXTENSIONS, 4};
97
98
99const CSSM_OID
100
101 /* Certificate OIDS */
102 CSSMOID_X509V3SignedCertificate = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)X509V3SignedCertificate},
427c49bc 103 CSSMOID_X509V3SignedCertificateCStruct = {INTEL_X509V3_CERT_R08_LENGTH+2,
b1ab9ed8
A		 104 (uint8 *)X509V3SignedCertificateCStruct},
105 CSSMOID_X509V3Certificate = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)X509V3Certificate},
106 CSSMOID_X509V3CertificateCStruct = {INTEL_X509V3_CERT_R08_LENGTH+2, (uint8 *)X509V3CertificateCStruct},
107 CSSMOID_X509V1Version = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)X509V1Version},
108 CSSMOID_X509V1SerialNumber = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)X509V1SerialNumber},
109 CSSMOID_X509V1IssuerName = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)X509V1IssuerName},
110 CSSMOID_X509V1IssuerNameStd = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)X509V1IssuerNameStd},
111 CSSMOID_X509V1IssuerNameCStruct = {INTEL_X509V3_CERT_R08_LENGTH+2, (uint8 *)X509V1IssuerNameCStruct},
112 CSSMOID_X509V1IssuerNameLDAP = {INTEL_X509V3_CERT_R08_LENGTH+2, (uint8 *)X509V1IssuerNameLDAP},
113 CSSMOID_X509V1ValidityNotBefore = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)X509V1ValidityNotBefore},
114 CSSMOID_X509V1ValidityNotAfter = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)X509V1ValidityNotAfter},
115 CSSMOID_X509V1SubjectName = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)X509V1SubjectName},
116 CSSMOID_X509V1SubjectNameStd = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)X509V1SubjectNameStd},
117 CSSMOID_X509V1SubjectNameCStruct = {INTEL_X509V3_CERT_R08_LENGTH+2, (uint8 *)X509V1SubjectNameCStruct},
118 CSSMOID_X509V1SubjectNameLDAP = {INTEL_X509V3_CERT_R08_LENGTH+2, (uint8 *)X509V1SubjectNameLDAP},
119 CSSMOID_CSSMKeyStruct = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)CSSMKeyStruct},
427c49bc 120 CSSMOID_X509V1SubjectPublicKeyCStruct = {INTEL_X509V3_CERT_R08_LENGTH+2,
b1ab9ed8 121 (uint8 *)X509V1SubjectPublicKeyCStruct},
427c49bc 122 CSSMOID_X509V1SubjectPublicKeyAlgorithm = {INTEL_X509V3_CERT_R08_LENGTH+1,
b1ab9ed8 123 (uint8 *)X509V1SubjectPublicKeyAlgorithm},
427c49bc 124 CSSMOID_X509V1SubjectPublicKeyAlgorithmParameters = {INTEL_X509V3_CERT_R08_LENGTH+1,
b1ab9ed8
A		 125 (uint8 *)X509V1SubjectPublicKeyAlgorithmParameters},
126 CSSMOID_X509V1SubjectPublicKey = {INTEL_X509V3_CERT_R08_LENGTH+1, (uint8 *)X509V1SubjectPublicKey},
427c49bc 127 CSSMOID_X509V1CertificateIssuerUniqueId = {INTEL_X509V3_CERT_R08_LENGTH+1,
b1ab9ed8 128 (uint8 *)X509V1CertificateIssuerUniqueId},
427c49bc 129 CSSMOID_X509V1CertificateSubjectUniqueId = {INTEL_X509V3_CERT_R08_LENGTH+1,
b1ab9ed8 130 (uint8 *)X509V1CertificateSubjectUniqueId},
427c49bc 131 CSSMOID_X509V3CertificateExtensionsStruct = {INTEL_X509V3_CERT_R08_LENGTH+1,
b1ab9ed8 132 (uint8 *)X509V3CertificateExtensionsStruct},
427c49bc 133 CSSMOID_X509V3CertificateExtensionsCStruct = {INTEL_X509V3_CERT_R08_LENGTH+2,
b1ab9ed8 134 (uint8 *)X509V3CertificateExtensionsCStruct},
427c49bc 135 CSSMOID_X509V3CertificateNumberOfExtensions = {INTEL_X509V3_CERT_R08_LENGTH+1,
b1ab9ed8 136 (uint8 *)X509V3CertificateNumberOfExtensions},
427c49bc 137 CSSMOID_X509V3CertificateExtensionStruct = {INTEL_X509V3_CERT_R08_LENGTH+1,
b1ab9ed8 138 (uint8 *)X509V3CertificateExtensionStruct},
427c49bc 139 CSSMOID_X509V3CertificateExtensionCStruct = {INTEL_X509V3_CERT_R08_LENGTH+2,
b1ab9ed8 140 (uint8 *)X509V3CertificateExtensionCStruct},
427c49bc 141 CSSMOID_X509V3CertificateExtensionId = {INTEL_X509V3_CERT_R08_LENGTH+1,
b1ab9ed8 142 (uint8 *)X509V3CertificateExtensionId},
427c49bc 143 CSSMOID_X509V3CertificateExtensionCritical = {INTEL_X509V3_CERT_R08_LENGTH+1,
b1ab9ed8 144 (uint8 *)X509V3CertificateExtensionCritical},
427c49bc 145 CSSMOID_X509V3CertificateExtensionType = {INTEL_X509V3_CERT_R08_LENGTH+1,
b1ab9ed8 146 (uint8 *)X509V3CertificateExtensionType},
427c49bc 147 CSSMOID_X509V3CertificateExtensionValue = {INTEL_X509V3_CERT_R08_LENGTH+1,
b1ab9ed8
A		 148 (uint8 *)X509V3CertificateExtensionValue},
149
150 /* Signature OID Fields */
151 CSSMOID_X509V1SignatureStruct = {INTEL_X509V3_SIGN_R08_LENGTH+1, (uint8 *)X509V1SignatureStruct},
152 CSSMOID_X509V1SignatureCStruct = {INTEL_X509V3_SIGN_R08_LENGTH+2, (uint8 *)X509V1SignatureCStruct},
153 CSSMOID_X509V1SignatureAlgorithm = {INTEL_X509V3_SIGN_R08_LENGTH+1, (uint8 *)X509V1SignatureAlgorithm},
154 CSSMOID_X509V1SignatureAlgorithmTBS = {INTEL_X509V3_SIGN_R08_LENGTH+1, (uint8 *)X509V1SignatureAlgorithmTBS},
427c49bc 155 CSSMOID_X509V1SignatureAlgorithmParameters = {INTEL_X509V3_SIGN_R08_LENGTH+1,
b1ab9ed8
A		 156 (uint8 *)X509V1SignatureAlgorithmParameters},
157 CSSMOID_X509V1Signature = {INTEL_X509V3_SIGN_R08_LENGTH+1, (uint8 *)X509V1Signature},
427c49bc 158
b1ab9ed8
A		 159 /* Extension OID Fields */
160 CSSMOID_SubjectSignatureBitmap = {INTEL_X509V3_CERT_PRIVATE_EXTENSIONS_LENGTH+1, (uint8 *)SubjectSignatureBitmap},
161 CSSMOID_SubjectPicture = {INTEL_X509V3_CERT_PRIVATE_EXTENSIONS_LENGTH+1, (uint8 *)SubjectPicture},
162 CSSMOID_SubjectEmailAddress = {INTEL_X509V3_CERT_PRIVATE_EXTENSIONS_LENGTH+1, (uint8 *)SubjectEmailAddress},
163 CSSMOID_UseExemptions = {INTEL_X509V3_CERT_PRIVATE_EXTENSIONS_LENGTH+1, (uint8 *)UseExemptions};
164
165
166/***
167 *** Apple addenda.
168 ***/
427c49bc
A		 169
170/*
b1ab9ed8
A		 171 * Standard Cert extensions.
172 */
173static const uint8
174 OID_SubjectDirectoryAttributes[] = { OID_EXTENSION, 9 },
175 OID_SubjectKeyIdentifier[] = { OID_EXTENSION, 14 },
176 OID_KeyUsage[] = { OID_EXTENSION, 15 },
177 OID_PrivateKeyUsagePeriod[] = { OID_EXTENSION, 16 },
178 OID_SubjectAltName[] = { OID_EXTENSION, 17 },
179 OID_IssuerAltName[] = { OID_EXTENSION, 18 },
180 OID_BasicConstraints[] = { OID_EXTENSION, 19 },
181 OID_CrlNumber[] = { OID_EXTENSION, 20 },
182 OID_CrlReason[] = { OID_EXTENSION, 21 },
183 OID_HoldInstructionCode[] = { OID_EXTENSION, 23 },
184 OID_InvalidityDate[] = { OID_EXTENSION, 24 },
185 OID_DeltaCrlIndicator[] = { OID_EXTENSION, 27 },
186 OID_IssuingDistributionPoint[] = { OID_EXTENSION, 28 },
187 OID_CertIssuer[] = { OID_EXTENSION, 29 },
188 OID_NameConstraints[] = { OID_EXTENSION, 30 },
189 OID_CrlDistributionPoints[] = { OID_EXTENSION, 31 },
190 OID_CertificatePolicies[] = { OID_EXTENSION, 32 },
191 OID_PolicyMappings[] = { OID_EXTENSION, 33 },
192 OID_AuthorityKeyIdentifier[] = { OID_EXTENSION, 35 },
193 OID_PolicyConstraints[] = { OID_EXTENSION, 36 },
194 OID_ExtendedKeyUsage[] = { OID_EXTENSION, 37 },
195 OID_InhibitAnyPolicy[] = { OID_EXTENSION, 54 },
196 OID_AuthorityInfoAccess[] = { OID_PE, 1 },
197 OID_BiometricInfo[] = { OID_PE, 2 },
198 OID_QC_Statements[] = { OID_PE, 3 },
199 OID_SubjectInfoAccess[] = { OID_PE, 11 },
427c49bc 200
b1ab9ed8
A		 201 /* Individual OIDS appearing in an ExtendedKeyUsage extension */
202 OID_ExtendedKeyUsageAny[] = { OID_EXTENSION, 37, 0 },
203 OID_KP_ServerAuth[] = { OID_KP, 1 },
204 OID_KP_ClientAuth[] = { OID_KP, 2 },
205 OID_KP_ExtendedUseCodeSigning[] = { OID_KP, 3 },
206 OID_KP_EmailProtection[] = { OID_KP, 4 },
207 OID_KP_TimeStamping[] = { OID_KP, 8 },
208 OID_KP_OCSPSigning[] = { OID_KP, 9 },
209 /* Kerberos PKINIT Extended Key Use values */
210 OID_KERBv5_PKINIT_KP_CLIENT_AUTH[] = { OID_KERBv5_PKINIT, 4 },
211 OID_KERBv5_PKINIT_KP_KDC[] = { OID_KERBv5_PKINIT, 5 },
212 /* IPSec */
213 OID_EKU_IPSec[] = { 0x2B, 0x06, 0x01, 0x05, 0x05, 0x08, 0x02, 0x02 },
427c49bc 214
b1ab9ed8
A		 215 /* .mac Certificate Extended Key Use values */
216 OID_DOTMAC_CERT_EXTENSION[] = { APPLE_DOTMAC_CERT_EXTEN_OID },
217 OID_DOTMAC_CERT_IDENTITY[] = { APPLE_DOTMAC_CERT_EXTEN_OID, 1 },
218 OID_DOTMAC_CERT_EMAIL_SIGN[] = { APPLE_DOTMAC_CERT_EXTEN_OID, 2 },
219 OID_DOTMAC_CERT_EMAIL_ENCRYPT[] = { APPLE_DOTMAC_CERT_EXTEN_OID, 3 },
220 /* Other Apple extended key usage values */
221 OID_APPLE_EKU_CODE_SIGNING[] = { APPLE_EKU_CODE_SIGNING },
222 OID_APPLE_EKU_CODE_SIGNING_DEV[] = { APPLE_EKU_CODE_SIGNING, 1 },
223 OID_APPLE_EKU_RESOURCE_SIGNING[] = { APPLE_EKU_CODE_SIGNING, 4 },
224 OID_APPLE_EKU_ICHAT_SIGNING[] = { APPLE_EKU_OID, 2 },
225 OID_APPLE_EKU_ICHAT_ENCRYPTION[] = { APPLE_EKU_OID, 3 },
226 OID_APPLE_EKU_SYSTEM_IDENTITY[] = { APPLE_EKU_OID, 4 },
427c49bc
A		 227 OID_APPLE_EKU_PASSBOOK_SIGNING[] = { APPLE_EKU_OID, 14 },
228 OID_APPLE_EKU_PROFILE_SIGNING[] = { APPLE_EKU_OID, 16 },
229 OID_APPLE_EKU_QA_PROFILE_SIGNING[] = { APPLE_EKU_OID, 17 },
b1ab9ed8
A		 230 /* Apple cert policies */
231 OID_APPLE_CERT_POLICY[] = { APPLE_CERT_POLICIES, 1 },
232 OID_DOTMAC_CERT_POLICY[] = { APPLE_CERT_POLICIES, 2 },
233 OID_ADC_CERT_POLICY[] = { APPLE_CERT_POLICIES, 3 },
234 OID_APPLE_CERT_POLICY_MACAPPSTORE[] = { APPLE_CERT_POLICIES_MACAPPSTORE },
235 OID_APPLE_CERT_POLICY_MACAPPSTORE_RECEIPT[] = { APPLE_CERT_POLICIES_MACAPPSTORE_RECEIPT },
236 OID_APPLE_CERT_POLICY_APPLEID[] = { APPLE_CERT_POLICIES_APPLEID },
237 OID_APPLE_CERT_POLICY_APPLEID_SHARING[] = { APPLE_CERT_POLICIES_APPLEID_SHARING },
427c49bc
A		 238 OID_APPLE_CERT_POLICY_MOBILE_STORE_SIGNING[] = { APPLE_CERT_POLICIES_MOBILE_STORE_SIGNING },
239 OID_APPLE_CERT_POLICY_TEST_MOBILE_STORE_SIGNING[] = { APPLE_CERT_POLICIES_TEST_MOBILE_STORE_SIGNING },
240
b1ab9ed8
A		 241 /* Apple-specific extensions */
242 OID_APPLE_EXTENSION[] = { APPLE_EXTENSION_OID },
243 OID_APPLE_EXTENSION_CODE_SIGNING[] = { APPLE_EXTENSION_CODE_SIGNING },
244 OID_APPLE_EXTENSION_APPLE_SIGNING[] = { APPLE_EXTENSION_CODE_SIGNING, 1 },
245 OID_APPLE_EXTENSION_ADC_DEV_SIGNING[] = { APPLE_EXTENSION_CODE_SIGNING, 2 },
246 OID_APPLE_EXTENSION_ADC_APPLE_SIGNING[] = { APPLE_EXTENSION_CODE_SIGNING, 3 },
427c49bc 247 OID_APPLE_EXTENSION_PASSBOOK_SIGNING[] = { APPLE_EXTENSION_CODE_SIGNING, 16 },
b1ab9ed8
A		 248 OID_APPLE_EXTENSION_MACAPPSTORE_RECEIPT[] = { APPLE_EXTENSION_MACAPPSTORE_RECEIPT },
249 OID_APPLE_EXTENSION_INTERMEDIATE_MARKER[] = { APPLE_EXTENSION_INTERMEDIATE_MARKER },
250 OID_APPLE_EXTENSION_WWDR_INTERMEDIATE[] = { APPLE_EXTENSION_WWDR_INTERMEDIATE },
251 OID_APPLE_EXTENSION_ITMS_INTERMEDIATE[] = { APPLE_EXTENSION_ITMS_INTERMEDIATE },
252 OID_APPLE_EXTENSION_AAI_INTERMEDIATE[] = { APPLE_EXTENSION_AAI_INTERMEDIATE },
253 OID_APPLE_EXTENSION_APPLEID_INTERMEDIATE[] = { APPLE_EXTENSION_APPLEID_INTERMEDIATE },
427c49bc
A		 254 OID_APPLE_EXTENSION_APPLEID_SHARING[] = { APPLE_EXTENSION_APPLEID_SHARING },
255 OID_APPLE_EXTENSION_SYSINT2_INTERMEDIATE[] = { APPLE_EXTENSION_SYSINT2_INTERMEDIATE },
d8f41ccd
A		 256 OID_APPLE_EXTENSION_DEVELOPER_AUTHENTICATION[] = { APPLE_EXTENSION_DEVELOPER_AUTHENTICATION },
257 OID_APPLE_EXTENSION_SERVER_AUTHENTICATION[] = { APPLE_EXTENSION_SERVER_AUTHENTICATION },
e0e0d90e
A		 258 OID_APPLE_EXTENSION_ESCROW_SERVICE[] = { APPLE_EXTENSION_ESCROW_SERVICE },
259 OID_APPLE_EXTENSION_PROVISIONING_PROFILE_SIGNING[] = { APPLE_EXTENSION_PROVISIONING_PROFILE_SIGNING }
b1ab9ed8
A		 260;
261
262#define OID_PKCS_CE_LENGTH OID_EXTENSION_LENGTH + 1
263
264const CSSM_OID
265CSSMOID_SubjectDirectoryAttributes = { OID_PKCS_CE_LENGTH, (uint8 *)OID_SubjectDirectoryAttributes},
266CSSMOID_SubjectKeyIdentifier = { OID_PKCS_CE_LENGTH, (uint8 *)OID_SubjectKeyIdentifier},
267CSSMOID_KeyUsage = { OID_PKCS_CE_LENGTH, (uint8 *)OID_KeyUsage},
268CSSMOID_PrivateKeyUsagePeriod = { OID_PKCS_CE_LENGTH, (uint8 *)OID_PrivateKeyUsagePeriod},
269CSSMOID_SubjectAltName = { OID_PKCS_CE_LENGTH, (uint8 *)OID_SubjectAltName},
270CSSMOID_IssuerAltName = { OID_PKCS_CE_LENGTH, (uint8 *)OID_IssuerAltName},
271CSSMOID_BasicConstraints = { OID_PKCS_CE_LENGTH, (uint8 *)OID_BasicConstraints},
272CSSMOID_CrlNumber = { OID_PKCS_CE_LENGTH, (uint8 *)OID_CrlNumber},
273CSSMOID_CrlReason = { OID_PKCS_CE_LENGTH, (uint8 *)OID_CrlReason},
274CSSMOID_HoldInstructionCode = { OID_PKCS_CE_LENGTH, (uint8 *)OID_HoldInstructionCode},
275CSSMOID_InvalidityDate = { OID_PKCS_CE_LENGTH, (uint8 *)OID_InvalidityDate},
276CSSMOID_DeltaCrlIndicator = { OID_PKCS_CE_LENGTH, (uint8 *)OID_DeltaCrlIndicator},
277CSSMOID_IssuingDistributionPoint = { OID_PKCS_CE_LENGTH, (uint8 *)OID_IssuingDistributionPoint},
278/* for backwards compatibility... */
279CSSMOID_IssuingDistributionPoints = { OID_PKCS_CE_LENGTH, (uint8 *)OID_IssuingDistributionPoint},
280CSSMOID_CertIssuer = { OID_PKCS_CE_LENGTH, (uint8 *)OID_CertIssuer},
281CSSMOID_NameConstraints = { OID_PKCS_CE_LENGTH, (uint8 *)OID_NameConstraints},
282CSSMOID_CrlDistributionPoints = { OID_PKCS_CE_LENGTH, (uint8 *)OID_CrlDistributionPoints},
283CSSMOID_CertificatePolicies = { OID_PKCS_CE_LENGTH, (uint8 *)OID_CertificatePolicies},
284CSSMOID_PolicyMappings = { OID_PKCS_CE_LENGTH, (uint8 *)OID_PolicyMappings},
285CSSMOID_PolicyConstraints = { OID_PKCS_CE_LENGTH, (uint8 *)OID_PolicyConstraints},
286CSSMOID_AuthorityKeyIdentifier = { OID_PKCS_CE_LENGTH, (uint8 *)OID_AuthorityKeyIdentifier},
287CSSMOID_ExtendedKeyUsage = { OID_PKCS_CE_LENGTH, (uint8 *)OID_ExtendedKeyUsage},
288CSSMOID_InhibitAnyPolicy = { OID_PKCS_CE_LENGTH, (uint8 *)OID_InhibitAnyPolicy},
289CSSMOID_AuthorityInfoAccess = { OID_PE_LENGTH+1, (uint8 *)OID_AuthorityInfoAccess},
290CSSMOID_BiometricInfo = { OID_PE_LENGTH+1, (uint8 *)OID_BiometricInfo},
291CSSMOID_QC_Statements = { OID_PE_LENGTH+1, (uint8 *)OID_QC_Statements},
292CSSMOID_SubjectInfoAccess = { OID_PE_LENGTH+1, (uint8 *)OID_SubjectInfoAccess},
293CSSMOID_ExtendedKeyUsageAny = { OID_PKCS_CE_LENGTH+1, (uint8 *)OID_ExtendedKeyUsageAny},
294CSSMOID_ServerAuth = { OID_KP_LENGTH+1, (uint8 *)OID_KP_ServerAuth},
295CSSMOID_ClientAuth = { OID_KP_LENGTH+1, (uint8 *)OID_KP_ClientAuth},
296CSSMOID_ExtendedUseCodeSigning = { OID_KP_LENGTH+1, (uint8 *)OID_KP_ExtendedUseCodeSigning},
297CSSMOID_EmailProtection = { OID_KP_LENGTH+1, (uint8 *)OID_KP_EmailProtection},
298CSSMOID_TimeStamping = { OID_KP_LENGTH+1, (uint8 *)OID_KP_TimeStamping},
299CSSMOID_OCSPSigning = { OID_KP_LENGTH+1, (uint8 *)OID_KP_OCSPSigning},
300CSSMOID_KERBv5_PKINIT_KP_CLIENT_AUTH = { OID_KERBv5_PKINIT_LEN + 1,
301 (uint8 *)OID_KERBv5_PKINIT_KP_CLIENT_AUTH },
302CSSMOID_KERBv5_PKINIT_KP_KDC = { OID_KERBv5_PKINIT_LEN + 1,
303 (uint8 *)OID_KERBv5_PKINIT_KP_KDC },
304CSSMOID_EKU_IPSec = { 8, (uint8 *)OID_EKU_IPSec },
305CSSMOID_DOTMAC_CERT_EXTENSION = { APPLE_DOTMAC_CERT_EXTEN_OID_LENGTH,
306 (uint8 *)OID_DOTMAC_CERT_EXTENSION },
307CSSMOID_DOTMAC_CERT_IDENTITY = { APPLE_DOTMAC_CERT_EXTEN_OID_LENGTH + 1,
308 (uint8 *)OID_DOTMAC_CERT_IDENTITY },
309CSSMOID_DOTMAC_CERT_EMAIL_SIGN = { APPLE_DOTMAC_CERT_EXTEN_OID_LENGTH + 1,
310 (uint8 *)OID_DOTMAC_CERT_EMAIL_SIGN },
311CSSMOID_DOTMAC_CERT_EMAIL_ENCRYPT = { APPLE_DOTMAC_CERT_EXTEN_OID_LENGTH + 1,
312 (uint8 *)OID_DOTMAC_CERT_EMAIL_ENCRYPT },
313CSSMOID_APPLE_CERT_POLICY = { APPLE_CERT_POLICIES_LENGTH + 1,
314 (uint8 *)OID_APPLE_CERT_POLICY },
315CSSMOID_DOTMAC_CERT_POLICY = { APPLE_CERT_POLICIES_LENGTH + 1,
316 (uint8 *)OID_DOTMAC_CERT_POLICY },
317CSSMOID_ADC_CERT_POLICY = { APPLE_CERT_POLICIES_LENGTH + 1,
318 (uint8 *)OID_ADC_CERT_POLICY },
319CSSMOID_MACAPPSTORE_CERT_POLICY = { APPLE_CERT_POLICIES_MACAPPSTORE_LENGTH,
320 (uint8 *)OID_APPLE_CERT_POLICY_MACAPPSTORE },
321CSSMOID_MACAPPSTORE_RECEIPT_CERT_POLICY = { APPLE_CERT_POLICIES_MACAPPSTORE_RECEIPT_LENGTH,
322 (uint8 *)OID_APPLE_CERT_POLICY_MACAPPSTORE_RECEIPT },
323CSSMOID_APPLEID_CERT_POLICY = { APPLE_CERT_POLICIES_APPLEID_LENGTH,
324 (uint8 *)OID_APPLE_CERT_POLICY_APPLEID },
325CSSMOID_APPLEID_SHARING_CERT_POLICY = { APPLE_CERT_POLICIES_APPLEID_SHARING_LENGTH,
326 (uint8 *)OID_APPLE_CERT_POLICY_APPLEID_SHARING },
427c49bc
A		 327CSSMOID_MOBILE_STORE_SIGNING_POLICY = { APPLE_CERT_POLICIES_MOBILE_STORE_SIGNING_LENGTH,
328 (uint8 *)OID_APPLE_CERT_POLICY_MOBILE_STORE_SIGNING },
329CSSMOID_TEST_MOBILE_STORE_SIGNING_POLICY = { APPLE_CERT_POLICIES_TEST_MOBILE_STORE_SIGNING_LENGTH,
330 (uint8 *)OID_APPLE_CERT_POLICY_TEST_MOBILE_STORE_SIGNING },
b1ab9ed8
A		 331CSSMOID_APPLE_EKU_CODE_SIGNING = { APPLE_EKU_CODE_SIGNING_LENGTH,
332 (uint8 *)OID_APPLE_EKU_CODE_SIGNING },
333CSSMOID_APPLE_EKU_CODE_SIGNING_DEV = { APPLE_EKU_CODE_SIGNING_LENGTH + 1,
334 (uint8 *)OID_APPLE_EKU_CODE_SIGNING_DEV },
335CSSMOID_APPLE_EKU_RESOURCE_SIGNING = { APPLE_EKU_CODE_SIGNING_LENGTH + 1,
336 (uint8 *)OID_APPLE_EKU_RESOURCE_SIGNING },
337CSSMOID_APPLE_EKU_ICHAT_SIGNING = { APPLE_EKU_OID_LENGTH + 1,
338 (uint8 *)OID_APPLE_EKU_ICHAT_SIGNING },
339CSSMOID_APPLE_EKU_ICHAT_ENCRYPTION = { APPLE_EKU_OID_LENGTH + 1,
340 (uint8 *)OID_APPLE_EKU_ICHAT_ENCRYPTION },
341CSSMOID_APPLE_EKU_SYSTEM_IDENTITY = { APPLE_EKU_OID_LENGTH + 1,
342 (uint8 *)OID_APPLE_EKU_SYSTEM_IDENTITY },
427c49bc
A		 343CSSMOID_APPLE_EKU_PASSBOOK_SIGNING = { APPLE_EKU_OID_LENGTH + 1,
344 (uint8 *)OID_APPLE_EKU_PASSBOOK_SIGNING },
345CSSMOID_APPLE_EKU_PROFILE_SIGNING = { APPLE_EKU_OID_LENGTH + 1,
346 (uint8 *)OID_APPLE_EKU_PROFILE_SIGNING },
347CSSMOID_APPLE_EKU_QA_PROFILE_SIGNING = { APPLE_EKU_OID_LENGTH + 1,
348 (uint8 *)OID_APPLE_EKU_QA_PROFILE_SIGNING },
b1ab9ed8
A		 349CSSMOID_APPLE_EXTENSION = { APPLE_EXTENSION_OID_LENGTH,
350 (uint8 *)OID_APPLE_EXTENSION },
351CSSMOID_APPLE_EXTENSION_CODE_SIGNING = { APPLE_EXTENSION_CODE_SIGNING_LENGTH,
352 (uint8 *)OID_APPLE_EXTENSION_CODE_SIGNING },
353CSSMOID_APPLE_EXTENSION_APPLE_SIGNING = { APPLE_EXTENSION_CODE_SIGNING_LENGTH + 1,
354 (uint8 *)OID_APPLE_EXTENSION_APPLE_SIGNING },
355CSSMOID_APPLE_EXTENSION_ADC_DEV_SIGNING = { APPLE_EXTENSION_CODE_SIGNING_LENGTH + 2,
356 (uint8 *)OID_APPLE_EXTENSION_ADC_DEV_SIGNING },
357CSSMOID_APPLE_EXTENSION_ADC_APPLE_SIGNING = { APPLE_EXTENSION_CODE_SIGNING_LENGTH + 3,
358 (uint8 *)OID_APPLE_EXTENSION_ADC_DEV_SIGNING },
427c49bc
A		 359CSSMOID_APPLE_EXTENSION_PASSBOOK_SIGNING = { APPLE_EXTENSION_CODE_SIGNING_LENGTH + 1,
360 (uint8 *)OID_APPLE_EXTENSION_PASSBOOK_SIGNING },
b1ab9ed8
A		 361CSSMOID_APPLE_EXTENSION_MACAPPSTORE_RECEIPT = { APPLE_EXTENSION_MACAPPSTORE_RECEIPT_LENGTH,
362 (uint8 *)OID_APPLE_EXTENSION_MACAPPSTORE_RECEIPT },
363CSSMOID_APPLE_EXTENSION_INTERMEDIATE_MARKER = { APPLE_EXTENSION_INTERMEDIATE_MARKER_LENGTH,
364 (uint8 *)OID_APPLE_EXTENSION_INTERMEDIATE_MARKER },
427c49bc 365CSSMOID_APPLE_EXTENSION_WWDR_INTERMEDIATE = { APPLE_EXTENSION_WWDR_INTERMEDIATE_LENGTH,
b1ab9ed8 366 (uint8 *)OID_APPLE_EXTENSION_WWDR_INTERMEDIATE },
427c49bc 367CSSMOID_APPLE_EXTENSION_ITMS_INTERMEDIATE = { APPLE_EXTENSION_ITMS_INTERMEDIATE_LENGTH,
b1ab9ed8 368 (uint8 *)OID_APPLE_EXTENSION_ITMS_INTERMEDIATE },
427c49bc 369CSSMOID_APPLE_EXTENSION_AAI_INTERMEDIATE = { APPLE_EXTENSION_AAI_INTERMEDIATE_LENGTH,
b1ab9ed8 370 (uint8 *)OID_APPLE_EXTENSION_AAI_INTERMEDIATE },
427c49bc 371CSSMOID_APPLE_EXTENSION_APPLEID_INTERMEDIATE = { APPLE_EXTENSION_APPLEID_INTERMEDIATE_LENGTH,
b1ab9ed8 372 (uint8 *)OID_APPLE_EXTENSION_APPLEID_INTERMEDIATE },
427c49bc
A		 373CSSMOID_APPLE_EXTENSION_APPLEID_SHARING = { APPLE_EXTENSION_APPLEID_SHARING_LENGTH + 1,
374 (uint8 *)OID_APPLE_EXTENSION_APPLEID_SHARING },
375CSSMOID_APPLE_EXTENSION_SYSINT2_INTERMEDIATE = { APPLE_EXTENSION_SYSINT2_INTERMEDIATE_LENGTH,
376 (uint8 *)OID_APPLE_EXTENSION_SYSINT2_INTERMEDIATE },
d8f41ccd
A		 377CSSMOID_APPLE_EXTENSION_DEVELOPER_AUTHENTICATION= { APPLE_EXTENSION_DEVELOPER_AUTHENTICATION_LENGTH,
378 (uint8 *)OID_APPLE_EXTENSION_DEVELOPER_AUTHENTICATION },
379CSSMOID_APPLE_EXTENSION_SERVER_AUTHENTICATION = { APPLE_EXTENSION_SERVER_AUTHENTICATION_LENGTH,
380 (uint8 *)OID_APPLE_EXTENSION_SERVER_AUTHENTICATION },
427c49bc 381CSSMOID_APPLE_EXTENSION_ESCROW_SERVICE = { APPLE_EXTENSION_ESCROW_SERVICE_LENGTH + 1,
e0e0d90e
A		 382 (uint8 *)OID_APPLE_EXTENSION_ESCROW_SERVICE },
383CSSMOID_APPLE_EXTENSION_PROVISIONING_PROFILE_SIGNING = { APPLE_EKU_OID_LENGTH + 1,
384 (uint8 *)OID_APPLE_EXTENSION_PROVISIONING_PROFILE_SIGNING }
b1ab9ed8
A		 385;
386
387/* Apple Intermediate Marker OIDs */
388#define APPLE_CERT_EXT_INTERMEDIATE_MARKER APPLE_CERT_EXT, 2
389/* Apple Apple ID Intermediate Marker */
390#define APPLE_CERT_EXT_INTERMEDIATE_MARKER_APPLEID APPLE_CERT_EXT_INTERMEDIATE_MARKER, 3
427c49bc
A		 391/*
392 * Apple Apple ID Intermediate Marker (New subCA, no longer shared with push notification server cert issuer
b1ab9ed8 393 *
427c49bc
A		 394 * appleCertificateExtensionAppleIDIntermediate ::=
395 * { appleCertificateExtensionIntermediateMarker 7 }
b1ab9ed8
A		 396 * { 1 2 840 113635 100 6 2 7 }
397 */
398#define APPLE_CERT_EXT_INTERMEDIATE_MARKER_APPLEID_2 APPLE_CERT_EXT_INTERMEDIATE_MARKER, 7
399
400/*
401 * Netscape extensions.
402 *
403 * netscape-cert-type OBJECT IDENTIFIER ::=
404 * { 2 16 840 1 113730 1 1 }
405 *
406 * BER = 06 08 60 86 48 01 86 F8 42 01 01
407 */
408static const uint8 OID_NetscapeCertType[] = {NETSCAPE_CERT_EXTEN, 1};
427c49bc 409const CSSM_OID CSSMOID_NetscapeCertType =
b1ab9ed8
A		 410 {NETSCAPE_CERT_EXTEN_LENGTH + 1, (uint8 *)OID_NetscapeCertType};
411
412/*
413 * netscape-cert-sequence ::= { 2 16 840 1 113730 2 5 }
414 *
415 * BER = 06 09 60 86 48 01 86 F8 42 02 05
416 */
417static const uint8 OID_NetscapeCertSequence[] = { NETSCAPE_BASE_OID, 2, 5 };
418const CSSM_OID CSSMOID_NetscapeCertSequence =
419 { NETSCAPE_BASE_OID_LEN + 2, (uint8 *)OID_NetscapeCertSequence };
427c49bc
A		 420
421/*
b1ab9ed8
A		 422 * Netscape version of ServerGatedCrypto ExtendedKeyUse.
423 * OID { 2 16 840 1 113730 4 1 }
424 */
425static const uint8 OID_Netscape_SGC[] = {NETSCAPE_CERT_POLICY, 1};
427c49bc 426const CSSM_OID CSSMOID_NetscapeSGC =
b1ab9ed8
A		 427 {NETSCAPE_CERT_POLICY_LENGTH + 1, (uint8 *)OID_Netscape_SGC};
428
427c49bc 429/*
b1ab9ed8
A		 430 * Microsoft version of ServerGatedCrypto ExtendedKeyUse.
431 * OID { 1 3 6 1 4 1 311 10 3 3 }
432 */
433static const uint8 OID_Microsoft_SGC[] = {0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x0A, 0x03, 0x03};
427c49bc 434const CSSM_OID CSSMOID_MicrosoftSGC =
b1ab9ed8 435 {10, (uint8 *)OID_Microsoft_SGC};
427c49bc 436
b1ab9ed8
A		 437/*
438 * .mac Certificate Extended Key Use values.
439 */
d8f41ccd
A		 440
441#pragma clang diagnostic pop
mirror of Security