1/* 2 * Copyright (c) 2000-2004,2008,2010,2012-2014 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24/* 25 * oidsalg.c - OIDs defining crypto algorithms 26 */ 27 28#include <stdint.h> 29#include "SecAsn1Types.h" 30#include "oidsbase.h" 31 32static const uint8_t 33 OID_MD2[] = { OID_RSA_HASH, 2 }, 34 OID_MD4[] = { OID_RSA_HASH, 4 }, 35 OID_MD5[] = { OID_RSA_HASH, 5 }, 36 OID_RSAEncryption[] = { OID_PKCS_1, 1 }, 37 OID_MD2WithRSA[] = { OID_PKCS_1, 2 }, 38 OID_MD4WithRSA[] = { OID_PKCS_1, 3 }, 39 OID_MD5WithRSA[] = { OID_PKCS_1, 4 }, 40 OID_SHA1WithRSA[] = { OID_PKCS_1, 5 }, 41 OID_RSAWithOAEP[] = { OID_PKCS_1, 7 }, 42 OID_OAEP_MGF1[] = { OID_PKCS_1, 8 }, 43 OID_OAEP_ID_PSPECIFIED[]= { OID_PKCS_1, 9 }, 44 OID_SHA224WithRSA[] = { OID_PKCS_1, 14 }, 45 OID_SHA256WithRSA[] = { OID_PKCS_1, 11 }, 46 OID_SHA384WithRSA[] = { OID_PKCS_1, 12 }, 47 OID_SHA512WithRSA[] = { OID_PKCS_1, 13 }, 48 OID_PKCS_3_ARC[] = { OID_PKCS_3 }, 49 OID_DHKeyAgreement[] = { OID_PKCS_3, 1 }, 50 /* BSAFE-specific DSA */ 51 OID_OIW_DSA[] = { OID_OIW_ALGORITHM, 12 }, 52 OID_OIW_DSAWithSHA1[] = { OID_OIW_ALGORITHM, 27 }, 53 /* DSA from CMS */ 54 OID_CMS_DSA[] = { 0x2A, 0x86, 0x48, 0xCE, 0x38, 4, 1 }, 55 OID_CMS_DSAWithSHA1[] = { 0x2A, 0x86, 0x48, 0xCE, 0x38, 4, 3 }, 56 /* DSA from JDK 1.1 */ 57 OID_JDK_DSA[] = { 0x2B, 0x0E, 0x03, 0x02, 0x0c }, 58 OID_JDK_DSAWithSHA1[] = { 0x2B, 0x0E, 0x03, 0x02, 0x0D }, 59 60 OID_OIW_SHA1[] = { OID_OIW_ALGORITHM, 26 }, 61 OID_OIW_RSAWithSHA1[] = { OID_OIW_ALGORITHM, 29 }, 62 OID_OIW_DES_CBC[] = { OID_OIW_ALGORITHM, 7 }, 63 64 OID_SHA224[] = { OID_NIST_HASHALG, 4}, 65 OID_SHA256[] = { OID_NIST_HASHALG, 1}, 66 OID_SHA384[] = { OID_NIST_HASHALG, 2}, 67 OID_SHA512[] = { OID_NIST_HASHALG, 3}, 68 69 /* ANSI X9.42 */ 70 OID_ANSI_DH_PUB_NUMBER[]= { OID_ANSI_X9_42, 1 }, 71 OID_ANSI_DH_STATIC[] = { OID_ANSI_X9_42_SCHEME, 1 }, 72 OID_ANSI_DH_EPHEM[] = { OID_ANSI_X9_42_SCHEME, 2 }, 73 OID_ANSI_DH_ONE_FLOW[] = { OID_ANSI_X9_42_SCHEME, 3 }, 74 OID_ANSI_DH_HYBRID1[] = { OID_ANSI_X9_42_SCHEME, 4 }, 75 OID_ANSI_DH_HYBRID2[] = { OID_ANSI_X9_42_SCHEME, 5 }, 76 OID_ANSI_DH_HYBRID_ONEFLOW[] = { OID_ANSI_X9_42_SCHEME, 6 }, 77 /* sic - enumerated in reverse order in the spec */ 78 OID_ANSI_MQV1[] = { OID_ANSI_X9_42_SCHEME, 8 }, 79 OID_ANSI_MQV2[] = { OID_ANSI_X9_42_SCHEME, 7 }, 80 81 OID_ANSI_DH_STATIC_SHA1[] = { OID_ANSI_X9_42_NAMED_SCHEME, 1 }, 82 OID_ANSI_DH_EPHEM_SHA1[] = { OID_ANSI_X9_42_NAMED_SCHEME, 2 }, 83 OID_ANSI_DH_ONE_FLOW_SHA1[] = { OID_ANSI_X9_42_NAMED_SCHEME, 3 }, 84 OID_ANSI_DH_HYBRID1_SHA1[] = { OID_ANSI_X9_42_NAMED_SCHEME, 4 }, 85 OID_ANSI_DH_HYBRID2_SHA1[] = { OID_ANSI_X9_42_NAMED_SCHEME, 5 }, 86 OID_ANSI_DH_HYBRID_ONEFLOW_SHA1[] = { OID_ANSI_X9_42_NAMED_SCHEME, 6 }, 87 /* sic - enumerated in reverse order in the spec */ 88 OID_ANSI_MQV1_SHA1[] = { OID_ANSI_X9_42_NAMED_SCHEME, 8 }, 89 OID_ANSI_MQV2_SHA1[] = { OID_ANSI_X9_42_NAMED_SCHEME, 7 }; 90 91const SecAsn1Oid 92 CSSMOID_MD2 = {OID_RSA_HASH_LENGTH+1, (uint8_t *)OID_MD2}, 93 CSSMOID_MD4 = {OID_RSA_HASH_LENGTH+1, (uint8_t *)OID_MD4}, 94 CSSMOID_MD5 = {OID_RSA_HASH_LENGTH+1, (uint8_t *)OID_MD5}, 95 CSSMOID_RSA = {OID_PKCS_1_LENGTH+1, (uint8_t *)OID_RSAEncryption}, 96 CSSMOID_MD2WithRSA = {OID_PKCS_1_LENGTH+1, (uint8_t *)OID_MD2WithRSA}, 97 CSSMOID_MD4WithRSA = {OID_PKCS_1_LENGTH+1, (uint8_t *)OID_MD4WithRSA}, 98 CSSMOID_MD5WithRSA = {OID_PKCS_1_LENGTH+1, (uint8_t *)OID_MD5WithRSA}, 99 CSSMOID_SHA1WithRSA = {OID_PKCS_1_LENGTH+1, (uint8_t *)OID_SHA1WithRSA}, 100 CSSMOID_RSAWithOAEP = {OID_PKCS_1_LENGTH+1, (uint8_t *)OID_RSAWithOAEP}, 101 CSSMOID_OAEP_MGF1 = {OID_PKCS_1_LENGTH+1, (uint8_t *)OID_OAEP_MGF1}, 102 CSSMOID_OAEP_ID_PSPECIFIED = {OID_PKCS_1_LENGTH+1, (uint8_t *)OID_OAEP_ID_PSPECIFIED}, 103 CSSMOID_SHA224WithRSA = {OID_PKCS_1_LENGTH+1, (uint8_t *)OID_SHA224WithRSA}, 104 CSSMOID_SHA256WithRSA = {OID_PKCS_1_LENGTH+1, (uint8_t *)OID_SHA256WithRSA}, 105 CSSMOID_SHA384WithRSA = {OID_PKCS_1_LENGTH+1, (uint8_t *)OID_SHA384WithRSA}, 106 CSSMOID_SHA512WithRSA = {OID_PKCS_1_LENGTH+1, (uint8_t *)OID_SHA512WithRSA}, 107 CSSMOID_PKCS3 = {OID_PKCS_3_LENGTH, (uint8_t *)OID_PKCS_3_ARC}, 108 CSSMOID_DH = {OID_PKCS_3_LENGTH+1, (uint8_t *)OID_DHKeyAgreement}, 109 CSSMOID_DSA = {OID_OIW_ALGORITHM_LENGTH+1, (uint8_t *)OID_OIW_DSA}, 110 CSSMOID_DSA_CMS = { 7, (uint8_t *)OID_CMS_DSA}, 111 CSSMOID_DSA_JDK = { 5, (uint8_t *)OID_JDK_DSA}, 112 CSSMOID_SHA1WithDSA = {OID_OIW_ALGORITHM_LENGTH+1, (uint8_t *)OID_OIW_DSAWithSHA1}, 113 CSSMOID_SHA1WithDSA_CMS = { 7, (uint8_t *)OID_CMS_DSAWithSHA1}, 114 CSSMOID_SHA1WithDSA_JDK = { 5, (uint8_t *)OID_JDK_DSAWithSHA1}, 115 CSSMOID_SHA1 = {OID_OIW_ALGORITHM_LENGTH+1, (uint8_t *)OID_OIW_SHA1}, 116 CSSMOID_SHA224 = {OID_NIST_HASHALG_LENGTH+1, (uint8_t *)OID_SHA224}, 117 CSSMOID_SHA256 = {OID_NIST_HASHALG_LENGTH+1, (uint8_t *)OID_SHA256}, 118 CSSMOID_SHA384 = {OID_NIST_HASHALG_LENGTH+1, (uint8_t *)OID_SHA384}, 119 CSSMOID_SHA512 = {OID_NIST_HASHALG_LENGTH+1, (uint8_t *)OID_SHA512}, 120 CSSMOID_SHA1WithRSA_OIW = {OID_OIW_ALGORITHM_LENGTH+1, (uint8_t *)OID_OIW_RSAWithSHA1}, 121 CSSMOID_DES_CBC = {OID_OIW_ALGORITHM_LENGTH+1, (uint8_t *)OID_OIW_DES_CBC}, 122 CSSMOID_ANSI_DH_PUB_NUMBER = {OID_ANSI_X9_42_LEN + 1, (uint8_t *)OID_ANSI_DH_PUB_NUMBER}, 123 CSSMOID_ANSI_DH_STATIC = {OID_ANSI_X9_42_SCHEME_LEN + 1, (uint8_t *)OID_ANSI_DH_STATIC}, 124 CSSMOID_ANSI_DH_ONE_FLOW = {OID_ANSI_X9_42_SCHEME_LEN + 1, (uint8_t *)OID_ANSI_DH_ONE_FLOW}, 125 CSSMOID_ANSI_DH_EPHEM = {OID_ANSI_X9_42_SCHEME_LEN + 1, (uint8_t *)OID_ANSI_DH_EPHEM}, 126 CSSMOID_ANSI_DH_HYBRID1 = {OID_ANSI_X9_42_SCHEME_LEN + 1, (uint8_t *)OID_ANSI_DH_HYBRID1}, 127 CSSMOID_ANSI_DH_HYBRID2 = {OID_ANSI_X9_42_SCHEME_LEN + 1, (uint8_t *)OID_ANSI_DH_HYBRID2}, 128 CSSMOID_ANSI_DH_HYBRID_ONEFLOW = {OID_ANSI_X9_42_SCHEME_LEN + 1, 129 (uint8_t *)OID_ANSI_DH_HYBRID_ONEFLOW}, 130 CSSMOID_ANSI_MQV1 = {OID_ANSI_X9_42_SCHEME_LEN + 1, (uint8_t *)OID_ANSI_MQV1}, 131 CSSMOID_ANSI_MQV2 = {OID_ANSI_X9_42_SCHEME_LEN + 1, (uint8_t *)OID_ANSI_MQV2}, 132 CSSMOID_ANSI_DH_STATIC_SHA1 = {OID_ANSI_X9_42_NAMED_SCHEME_LEN + 1, 133 (uint8_t *)OID_ANSI_DH_STATIC_SHA1}, 134 CSSMOID_ANSI_DH_ONE_FLOW_SHA1 = {OID_ANSI_X9_42_NAMED_SCHEME_LEN + 1, 135 (uint8_t *)OID_ANSI_DH_ONE_FLOW_SHA1}, 136 CSSMOID_ANSI_DH_EPHEM_SHA1 = {OID_ANSI_X9_42_NAMED_SCHEME_LEN + 1, 137 (uint8_t *)OID_ANSI_DH_EPHEM_SHA1}, 138 CSSMOID_ANSI_DH_HYBRID1_SHA1 = {OID_ANSI_X9_42_NAMED_SCHEME_LEN + 1, 139 (uint8_t *)OID_ANSI_DH_HYBRID1_SHA1}, 140 CSSMOID_ANSI_DH_HYBRID2_SHA1 = {OID_ANSI_X9_42_NAMED_SCHEME_LEN + 1, 141 (uint8_t *)OID_ANSI_DH_HYBRID2_SHA1}, 142 CSSMOID_ANSI_DH_HYBRID_ONEFLOW_SHA1 = {OID_ANSI_X9_42_NAMED_SCHEME_LEN + 1, 143 (uint8_t *)OID_ANSI_DH_HYBRID_ONEFLOW_SHA1}, 144 CSSMOID_ANSI_MQV1_SHA1 = {OID_ANSI_X9_42_NAMED_SCHEME_LEN + 1, 145 (uint8_t *)OID_ANSI_MQV1_SHA1}, 146 CSSMOID_ANSI_MQV2_SHA1 = {OID_ANSI_X9_42_NAMED_SCHEME_LEN + 1, 147 (uint8_t *)OID_ANSI_MQV2_SHA1}; 148 149 150/* iSignTP OBJECT IDENTIFIER ::= 151 * { appleTrustPolicy 1 } 152 * { 1 2 840 113635 100 1 1 } 153 * 154 * BER = 06 09 2A 86 48 86 F7 63 64 01 01 155 */ 156static const uint8_t 157APPLE_TP_ISIGN[] = {APPLE_TP_OID, 1}, 158 159/* AppleX509Basic OBJECT IDENTIFIER ::= 160 * { appleTrustPolicy 2 } 161 * { 1 2 840 113635 100 1 2 } 162 * 163 * BER = 06 09 2A 86 48 86 F7 63 64 01 01 164 */ 165APPLE_TP_X509_BASIC[] = {APPLE_TP_OID, 2}, 166 167/* AppleSSLPolicy := {appleTrustPolicy 3 } */ 168APPLE_TP_SSL[] = {APPLE_TP_OID, 3}, 169 170/* AppleLocalCertGenPolicy := {appleTrustPolicy 4 } */ 171APPLE_TP_LOCAL_CERT_GEN[] = {APPLE_TP_OID, 4}, 172 173/* AppleCSRGenPolicy := {appleTrustPolicy 5 } */ 174APPLE_TP_CSR_GEN[] = {APPLE_TP_OID, 5}, 175 176/* Apple CRL-based revocation policy := {appleTrustPolicy 6 } */ 177APPLE_TP_REVOCATION_CRL[] = {APPLE_TP_OID, 6}, 178 179/* Apple OCSP-based revocation policy := {appleTrustPolicy 7 } */ 180APPLE_TP_REVOCATION_OCSP[] = {APPLE_TP_OID, 7}, 181 182/* Apple S/MIME trust policy := {appleTrustPolicy 8 } */ 183APPLE_TP_SMIME[] = {APPLE_TP_OID, 8}, 184 185/* Apple EAP trust policy := {appleTrustPolicy 9 } */ 186APPLE_TP_EAP[] = {APPLE_TP_OID, 9}, 187 188/* 189 * NOTE: "Apple Code Signing Policy", CSSMOID_APPLE_TP_CODE_SIGN, was renamed 190 * to "Apple Software Update Signing Policy", CSSMOID_APPLE_TP_SW_UPDATE_SIGNING, 191 * on 8/16/06. For compatibility, we keep the TP_CODE_SIGN OID here until 192 * SoftwareUpdate converts to the new symbol. 193 * 194 * Apple Code Signing Policy := { appleTrustPolicy 10 } 195 * Apple Software Update Signing Policy := { appleTrustPolicy 10 } 196 */ 197APPLE_SW_UPDATE_SIGNING[] = {APPLE_TP_OID, 10}, 198#define APPLE_TP_CODE_SIGN APPLE_SW_UPDATE_SIGNING 199 200/* Apple IPSec Policy := { appleTrustPolicy 11 } */ 201APPLE_TP_IP_SEC[] = {APPLE_TP_OID, 11}, 202 203/* Apple iChat Policy := { appleTrustPolicy 12 } */ 204APPLE_TP_ICHAT[] = {APPLE_TP_OID, 12}, 205 206/* Apple Resource Signing Policy := { appleTrustPolicy 13 } */ 207APPLE_TP_RESOURCE_SIGN[] = {APPLE_TP_OID, 13}, 208 209/* Apple PKINIT Client Cert Policy := { appleTrustPolicy 14 } */ 210APPLE_TP_PKINIT_CLIENT[] = {APPLE_TP_OID, 14}, 211 212/* Apple PKINIT Server Cert Policy := { appleTrustPolicy 15 } */ 213APPLE_TP_PKINIT_SERVER[] = {APPLE_TP_OID, 15}, 214 215/* Apple Code Signing Cert Policy := { appleTrustPolicy 16 } */ 216APPLE_TP_CODE_SIGNING[] = {APPLE_TP_OID, 16}, 217 218/* Apple Package Signing Cert Policy := { appleTrustPolicy 17 } */ 219APPLE_TP_PACKAGE_SIGNING[] = {APPLE_TP_OID, 17}, 220 221/* AppleID Sharing Cert Policy := { appleTrustPolicy 18 } */ 222APPLE_TP_APPLEID_SHARING[] = {APPLE_TP_OID, 18}, 223/* appleIDValidationPolicy */ 224 225/* Apple MacAppStore receipt verification policy := { appleTrustPolicy 19 } */ 226APPLE_TP_MACAPPSTORE_RECEIPT[] = {APPLE_TP_OID, 19}, 227 228/* Apple Time Stamping Server Cert Policy := { appleTrustPolicy 20 } */ 229APPLE_TP_TIMESTAMPING[] = {APPLE_TP_OID, 20}, 230 231/* Apple Revocation Policy := { appleTrustPolicy 21 } */ 232APPLE_TP_REVOCATION[] = {APPLE_TP_OID, 21}, 233 234/* Apple Passbook Signing Policy := { appleTrustPolicy 22 } */ 235APPLE_TP_PASSBOOK_SIGNING[] = {APPLE_TP_OID, 22}, 236 237/* Apple Mobile Store Policy := { appleTrustPolicy 23 } */ 238APPLE_TP_MOBILE_STORE[] = {APPLE_TP_OID, 23}, 239 240/* Apple Escrow Service Policy := { appleTrustPolicy 24 } */ 241APPLE_TP_ESCROW_SERVICE[] = {APPLE_TP_OID, 24}, 242 243/* Apple Configuration Profile Signing Policy := { appleTrustPolicy 25 } */ 244APPLE_TP_PROFILE_SIGNING[] = {APPLE_TP_OID, 25}, 245 246/* Apple QA Configuration Profile Signing Policy := { appleTrustPolicy 26 } */ 247APPLE_TP_QA_PROFILE_SIGNING[] = {APPLE_TP_OID, 26}, 248 249/* Apple Test Mobile Store Policy := { appleTrustPolicy 27 } */ 250APPLE_TP_TEST_MOBILE_STORE[] = {APPLE_TP_OID, 27}, 251 252/* Apple PCS Escrow Service Policy := { appleTrustPolicy 34 } */ 253APPLE_TP_PCS_ESCROW_SERVICE[] = {APPLE_TP_OID, 34}, 254 255/* 256 * fee OBJECT IDENTIFIER ::= 257 * { appleSecurityAlgorithm 1 } 258 * { 1 2 840 113635 100 2 1 } 259 * 260 * BER = 06 09 2A 86 48 86 F7 63 64 02 01 261 */ 262APPLE_FEE[] = {APPLE_ALG_OID, 1}, 263 264/* 265 * asc OBJECT IDENTIFIER ::= 266 * { appleSecurityAlgorithm 2 } 267 * { 1 2 840 113635 100 2 2 } 268 * 269 * BER = 06 09 2A 86 48 86 F7 63 64 02 02 270 */ 271APPLE_ASC[] = {APPLE_ALG_OID, 2}, 272 273/* 274 * fee_MD5 OBJECT IDENTIFIER ::= 275 * { appleSecurityAlgorithm 3 } 276 * { 1 2 840 113635 100 2 3 } 277 * 278 * BER = 06 09 2A 86 48 86 F7 63 64 02 03 279 */ 280APPLE_FEE_MD5[] = {APPLE_ALG_OID, 3}, 281 282/* 283 * fee_SHA1 OBJECT IDENTIFIER ::= 284 * { appleSecurityAlgorithm 4 } 285 * { 1 2 840 113635 100 2 4 } 286 * 287 * BER = 06 09 2A 86 48 86 F7 63 64 02 04 288 */ 289APPLE_FEE_SHA1[] = {APPLE_ALG_OID, 4}, 290 291/* 292 * feed OBJECT IDENTIFIER ::= 293 * { appleSecurityAlgorithm 5 } 294 * { 1 2 840 113635 100 2 5 } 295 * 296 * BER = 06 09 2A 86 48 86 F7 63 64 02 05 297 */ 298APPLE_FEED[] = {APPLE_ALG_OID, 5}, 299 300/* 301 * feedExp OBJECT IDENTIFIER ::= 302 * { appleSecurityAlgorithm 6 } 303 * { 1 2 840 113635 100 2 6 } 304 * 305 * BER = 06 09 2A 86 48 86 F7 63 64 02 06 306 */ 307APPLE_FEEDEXP[] = {APPLE_ALG_OID, 6}, 308 309/* 310 * AppleECDSA OBJECT IDENTIFIER ::= 311 * { appleSecurityAlgorithm 7 } 312 * { 1 2 840 113635 100 2 7 } 313 * 314 * BER = 06 09 2A 86 48 86 F7 63 64 02 07 315 */ 316APPLE_ECDSA[] = {APPLE_ALG_OID, 7}, 317 318/* .mac cert OIDs */ 319OID_DOTMAC_CERT[] = { APPLE_DOTMAC_CERT_OID }, 320OID_DOTMAC_CERT_REQ[] = { APPLE_DOTMAC_CERT_REQ_OID }, 321OID_DOTMAC_CERT_REQ_IDENTITY[] = { APPLE_DOTMAC_CERT_REQ_OID, 1 }, /* deprecated */ 322OID_DOTMAC_CERT_REQ_EMAIL_SIGN[] = { APPLE_DOTMAC_CERT_REQ_OID, 2 }, /* deprecated */ 323OID_DOTMAC_CERT_REQ_EMAIL_ENCRYPT[] = { APPLE_DOTMAC_CERT_REQ_OID, 3 }, /* deprecated */ 324OID_DOTMAC_CERT_REQ_ARCHIVE_LIST[] = { APPLE_DOTMAC_CERT_REQ_OID, 4 }, 325OID_DOTMAC_CERT_REQ_ARCHIVE_STORE[] = { APPLE_DOTMAC_CERT_REQ_OID, 5 }, 326OID_DOTMAC_CERT_REQ_ARCHIVE_FETCH[] = { APPLE_DOTMAC_CERT_REQ_OID, 6 }, 327OID_DOTMAC_CERT_REQ_ARCHIVE_REMOVE[] = { APPLE_DOTMAC_CERT_REQ_OID, 7 }, 328OID_DOTMAC_CERT_REQ_SHARED_SERVICES[] = { APPLE_DOTMAC_CERT_REQ_OID, 8 }, /* treadstone - Shared Services */ 329 330/* OIDs for specifying OID/values pairs in a cert request */ 331OID_DOTMAC_CERT_REQ_VALUE_USERNAME[] = { APPLE_DOTMAC_CERT_REQ_VALUE_OID, 1 }, 332OID_DOTMAC_CERT_REQ_VALUE_PASSWORD[] = { APPLE_DOTMAC_CERT_REQ_VALUE_OID, 2 }, 333OID_DOTMAC_CERT_REQ_VALUE_HOSTNAME[] = { APPLE_DOTMAC_CERT_REQ_VALUE_OID, 3 }, 334OID_DOTMAC_CERT_REQ_VALUE_RENEW[] = { APPLE_DOTMAC_CERT_REQ_VALUE_OID, 4 }, 335OID_DOTMAC_CERT_REQ_VALUE_ASYNC[] = { APPLE_DOTMAC_CERT_REQ_VALUE_OID, 5 }, 336OID_DOTMAC_CERT_REQ_VALUE_IS_PENDING[] = { APPLE_DOTMAC_CERT_REQ_VALUE_OID, 6 }, 337__unused OID_DOTMAC_CERT_REQ_VALUE_TYPE_ICHAT[] = { APPLE_DOTMAC_CERT_REQ_VALUE_OID, 7 }, 338__unused OID_DOTMAC_CERT_REQ_VALUE_TYPE_SHARED_SERVICE[] = { APPLE_DOTMAC_CERT_REQ_VALUE_OID, 8 }, 339__unused OID_DOTMAC_CERT_REQ_VALUE_TYPE_EMAIL_ENCRYPT[] = { APPLE_DOTMAC_CERT_REQ_VALUE_OID, 9 }, 340__unused OID_DOTMAC_CERT_REQ_VALUE_TYPE_EMAIL_SIGN[] = { APPLE_DOTMAC_CERT_REQ_VALUE_OID, 10 } 341; 342 343const SecAsn1Oid 344 345CSSMOID_APPLE_ISIGN = {APPLE_TP_OID_LENGTH+1, (uint8_t *)APPLE_TP_ISIGN}, 346CSSMOID_APPLE_X509_BASIC = {APPLE_TP_OID_LENGTH+1, (uint8_t *)APPLE_TP_X509_BASIC}, 347CSSMOID_APPLE_TP_SSL = {APPLE_TP_OID_LENGTH+1, (uint8_t *)APPLE_TP_SSL}, 348CSSMOID_APPLE_TP_LOCAL_CERT_GEN = 349 {APPLE_TP_OID_LENGTH+1, (uint8_t *)APPLE_TP_LOCAL_CERT_GEN}, 350CSSMOID_APPLE_TP_CSR_GEN = {APPLE_TP_OID_LENGTH+1, (uint8_t *)APPLE_TP_CSR_GEN}, 351CSSMOID_APPLE_TP_REVOCATION_CRL = 352 {APPLE_TP_OID_LENGTH+1, (uint8_t *)APPLE_TP_REVOCATION_CRL}, 353CSSMOID_APPLE_TP_REVOCATION_OCSP = 354 {APPLE_TP_OID_LENGTH+1, (uint8_t *)APPLE_TP_REVOCATION_OCSP}, 355CSSMOID_APPLE_TP_SMIME = {APPLE_TP_OID_LENGTH+1, (uint8_t *)APPLE_TP_SMIME}, 356CSSMOID_APPLE_TP_EAP = {APPLE_TP_OID_LENGTH+1, (uint8_t *)APPLE_TP_EAP}, 357/* CSSMOID_APPLE_TP_CODE_SIGN here for temporary compatibility */ 358CSSMOID_APPLE_TP_CODE_SIGN = {APPLE_TP_OID_LENGTH+1, (uint8_t *)APPLE_TP_CODE_SIGN}, 359CSSMOID_APPLE_TP_SW_UPDATE_SIGNING = {APPLE_TP_OID_LENGTH+1, (uint8_t *)APPLE_SW_UPDATE_SIGNING}, 360CSSMOID_APPLE_TP_IP_SEC = {APPLE_TP_OID_LENGTH+1, (uint8_t *)APPLE_TP_IP_SEC}, 361CSSMOID_APPLE_TP_ICHAT = {APPLE_TP_OID_LENGTH+1, (uint8_t *)APPLE_TP_ICHAT}, 362CSSMOID_APPLE_TP_RESOURCE_SIGN = {APPLE_TP_OID_LENGTH+1, (uint8_t *)APPLE_TP_RESOURCE_SIGN}, 363CSSMOID_APPLE_TP_PKINIT_CLIENT = {APPLE_TP_OID_LENGTH+1, (uint8_t *)APPLE_TP_PKINIT_CLIENT}, 364CSSMOID_APPLE_TP_PKINIT_SERVER = {APPLE_TP_OID_LENGTH+1, (uint8_t *)APPLE_TP_PKINIT_SERVER}, 365CSSMOID_APPLE_TP_CODE_SIGNING = {APPLE_TP_OID_LENGTH+1, (uint8_t *)APPLE_TP_CODE_SIGNING}, 366CSSMOID_APPLE_TP_PACKAGE_SIGNING = {APPLE_TP_OID_LENGTH+1, (uint8_t *)APPLE_TP_PACKAGE_SIGNING}, 367CSSMOID_APPLE_TP_MACAPPSTORE_RECEIPT = {APPLE_TP_OID_LENGTH+1, (uint8_t *)APPLE_TP_MACAPPSTORE_RECEIPT}, 368CSSMOID_APPLE_TP_APPLEID_SHARING = {APPLE_TP_OID_LENGTH+1, (uint8_t *)APPLE_TP_APPLEID_SHARING}, 369CSSMOID_APPLE_TP_TIMESTAMPING = {APPLE_TP_OID_LENGTH+1, (uint8_t *)APPLE_TP_TIMESTAMPING}, 370CSSMOID_APPLE_TP_REVOCATION = {APPLE_TP_OID_LENGTH+1, (uint8_t *)APPLE_TP_REVOCATION}, 371CSSMOID_APPLE_TP_PASSBOOK_SIGNING = {APPLE_TP_OID_LENGTH+1, (uint8_t *)APPLE_TP_PASSBOOK_SIGNING}, 372CSSMOID_APPLE_TP_MOBILE_STORE = {APPLE_TP_OID_LENGTH+1, (uint8_t *)APPLE_TP_MOBILE_STORE}, 373CSSMOID_APPLE_TP_ESCROW_SERVICE = {APPLE_TP_OID_LENGTH+1, (uint8_t *)APPLE_TP_ESCROW_SERVICE}, 374CSSMOID_APPLE_TP_PROFILE_SIGNING = {APPLE_TP_OID_LENGTH+1, (uint8_t *)APPLE_TP_PROFILE_SIGNING}, 375CSSMOID_APPLE_TP_QA_PROFILE_SIGNING = {APPLE_TP_OID_LENGTH+1, (uint8_t *)APPLE_TP_QA_PROFILE_SIGNING}, 376CSSMOID_APPLE_TP_TEST_MOBILE_STORE = {APPLE_TP_OID_LENGTH+1, (uint8_t *)APPLE_TP_TEST_MOBILE_STORE}, 377CSSMOID_APPLE_TP_PCS_ESCROW_SERVICE = {APPLE_TP_OID_LENGTH+1, (uint8_t *)APPLE_TP_PCS_ESCROW_SERVICE}, 378CSSMOID_APPLE_FEE = {APPLE_ALG_OID_LENGTH+1, (uint8_t *)APPLE_FEE}, 379CSSMOID_APPLE_ASC = {APPLE_ALG_OID_LENGTH+1, (uint8_t *)APPLE_ASC}, 380CSSMOID_APPLE_FEE_MD5 = {APPLE_ALG_OID_LENGTH+1, (uint8_t *)APPLE_FEE_MD5}, 381CSSMOID_APPLE_FEE_SHA1 = {APPLE_ALG_OID_LENGTH+1, (uint8_t *)APPLE_FEE_SHA1}, 382CSSMOID_APPLE_FEED = {APPLE_ALG_OID_LENGTH+1, (uint8_t *)APPLE_FEED}, 383CSSMOID_APPLE_FEEDEXP = {APPLE_ALG_OID_LENGTH+1, (uint8_t *)APPLE_FEEDEXP}, 384CSSMOID_APPLE_ECDSA = {APPLE_ALG_OID_LENGTH+1, (uint8_t *)APPLE_ECDSA}, 385/* .mac cert OIDs */ 386CSSMOID_DOTMAC_CERT = { APPLE_DOTMAC_CERT_OID_LENGTH, 387 (uint8_t *)OID_DOTMAC_CERT }, 388CSSMOID_DOTMAC_CERT_REQ = { APPLE_DOTMAC_CERT_REQ_OID_LENGTH, 389 (uint8_t *)OID_DOTMAC_CERT_REQ }, 390/* This actually used to be for requesting an encrypted iChat cert; deprecated in Leopard */ 391CSSMOID_DOTMAC_CERT_REQ_IDENTITY = { APPLE_DOTMAC_CERT_REQ_OID_LENGTH + 1, 392 (uint8_t *)OID_DOTMAC_CERT_REQ_IDENTITY}, 393CSSMOID_DOTMAC_CERT_REQ_EMAIL_SIGN = { APPLE_DOTMAC_CERT_REQ_OID_LENGTH + 1, 394 (uint8_t *)OID_DOTMAC_CERT_REQ_EMAIL_SIGN}, 395CSSMOID_DOTMAC_CERT_REQ_EMAIL_ENCRYPT = { APPLE_DOTMAC_CERT_REQ_OID_LENGTH + 1, 396 (uint8_t *)OID_DOTMAC_CERT_REQ_EMAIL_ENCRYPT}, 397CSSMOID_DOTMAC_CERT_REQ_ARCHIVE_LIST = { APPLE_DOTMAC_CERT_REQ_OID_LENGTH + 1, 398 (uint8_t *)OID_DOTMAC_CERT_REQ_ARCHIVE_LIST}, 399CSSMOID_DOTMAC_CERT_REQ_ARCHIVE_STORE = { APPLE_DOTMAC_CERT_REQ_OID_LENGTH + 1, 400 (uint8_t *)OID_DOTMAC_CERT_REQ_ARCHIVE_STORE}, 401CSSMOID_DOTMAC_CERT_REQ_ARCHIVE_FETCH = { APPLE_DOTMAC_CERT_REQ_OID_LENGTH + 1, 402 (uint8_t *)OID_DOTMAC_CERT_REQ_ARCHIVE_FETCH}, 403CSSMOID_DOTMAC_CERT_REQ_ARCHIVE_REMOVE = { APPLE_DOTMAC_CERT_REQ_OID_LENGTH + 1, 404 (uint8_t *)OID_DOTMAC_CERT_REQ_ARCHIVE_REMOVE}, 405CSSMOID_DOTMAC_CERT_REQ_SHARED_SERVICES = { APPLE_DOTMAC_CERT_REQ_OID_LENGTH + 1, 406 (uint8_t *)OID_DOTMAC_CERT_REQ_SHARED_SERVICES}, 407CSSMOID_DOTMAC_CERT_REQ_VALUE_USERNAME = { APPLE_DOTMAC_CERT_REQ_VALUE_OID_LENGTH + 1, 408 (uint8_t *)OID_DOTMAC_CERT_REQ_VALUE_USERNAME}, 409CSSMOID_DOTMAC_CERT_REQ_VALUE_PASSWORD = { APPLE_DOTMAC_CERT_REQ_VALUE_OID_LENGTH + 1, 410 (uint8_t *)OID_DOTMAC_CERT_REQ_VALUE_PASSWORD}, 411CSSMOID_DOTMAC_CERT_REQ_VALUE_HOSTNAME = { APPLE_DOTMAC_CERT_REQ_VALUE_OID_LENGTH + 1, 412 (uint8_t *)OID_DOTMAC_CERT_REQ_VALUE_HOSTNAME}, 413CSSMOID_DOTMAC_CERT_REQ_VALUE_RENEW = { APPLE_DOTMAC_CERT_REQ_VALUE_OID_LENGTH + 1, 414 (uint8_t *)OID_DOTMAC_CERT_REQ_VALUE_RENEW}, 415CSSMOID_DOTMAC_CERT_REQ_VALUE_ASYNC = { APPLE_DOTMAC_CERT_REQ_VALUE_OID_LENGTH + 1, 416 (uint8_t *)OID_DOTMAC_CERT_REQ_VALUE_ASYNC}, 417CSSMOID_DOTMAC_CERT_REQ_VALUE_IS_PENDING = { APPLE_DOTMAC_CERT_REQ_VALUE_OID_LENGTH + 1, 418 (uint8_t *)OID_DOTMAC_CERT_REQ_VALUE_IS_PENDING} 419; 420 421/* PKCS5 algorithms */ 422 423static const uint8_t 424 OID_PKCS5_DIGEST_ALG[] = { OID_RSA_HASH }, 425 OID_PKCS5_ENCRYPT_ALG[] = { OID_RSA_ENCRYPT }, 426 OID_PKCS5_HMAC_SHA1[] = { OID_RSA_HASH, 7 }, 427 OID_PKCS5_pbeWithMD2AndDES[] = { OID_PKCS_5, 1 }, 428 OID_PKCS5_pbeWithMD5AndDES[] = { OID_PKCS_5, 3 }, 429 OID_PKCS5_pbeWithMD2AndRC2[] = { OID_PKCS_5, 4 }, 430 OID_PKCS5_pbeWithMD5AndRC2[] = { OID_PKCS_5, 6 }, 431 OID_PKCS5_pbeWithSHA1AndDES[] = { OID_PKCS_5, 10 }, 432 OID_PKCS5_pbeWithSHA1AndRC2[] = { OID_PKCS_5, 11 }, 433 OID_PKCS5_PBKDF2[] = { OID_PKCS_5, 12 }, 434 OID_PKCS5_PBES2[] = { OID_PKCS_5, 13 }, 435 OID_PKCS5_PBMAC1[] = { OID_PKCS_5, 14 }, 436 OID_PKCS5_RC2_CBC[] = { OID_RSA_ENCRYPT, 2 }, 437 OID_PKCS5_DES_EDE3_CBC[] = { OID_RSA_ENCRYPT, 7 }, 438 OID_PKCS5_RC5_CBC[] = { OID_RSA_ENCRYPT, 9 }; 439 440const SecAsn1Oid 441 CSSMOID_PKCS5_DIGEST_ALG = { OID_RSA_HASH_LENGTH, (uint8_t *)OID_PKCS5_DIGEST_ALG }, 442 CSSMOID_PKCS5_ENCRYPT_ALG = { OID_RSA_ENCRYPT_LENGTH, (uint8_t *)OID_PKCS5_ENCRYPT_ALG }, 443 CSSMOID_PKCS5_HMAC_SHA1 = { OID_RSA_HASH_LENGTH+1, (uint8_t *)OID_PKCS5_HMAC_SHA1 }, 444 CSSMOID_PKCS5_pbeWithMD2AndDES = { OID_PKCS_5_LENGTH+1, (uint8_t *)OID_PKCS5_pbeWithMD2AndDES }, 445 CSSMOID_PKCS5_pbeWithMD5AndDES = { OID_PKCS_5_LENGTH+1, (uint8_t *)OID_PKCS5_pbeWithMD5AndDES }, 446 CSSMOID_PKCS5_pbeWithMD2AndRC2 = { OID_PKCS_5_LENGTH+1, (uint8_t *)OID_PKCS5_pbeWithMD2AndRC2 }, 447 CSSMOID_PKCS5_pbeWithMD5AndRC2 = { OID_PKCS_5_LENGTH+1, (uint8_t *)OID_PKCS5_pbeWithMD5AndRC2 }, 448 CSSMOID_PKCS5_pbeWithSHA1AndDES = { OID_PKCS_5_LENGTH+1, (uint8_t *)OID_PKCS5_pbeWithSHA1AndDES }, 449 CSSMOID_PKCS5_pbeWithSHA1AndRC2 = { OID_PKCS_5_LENGTH+1, (uint8_t *)OID_PKCS5_pbeWithSHA1AndRC2 }, 450 CSSMOID_PKCS5_PBKDF2 = { OID_PKCS_5_LENGTH+1, (uint8_t *)OID_PKCS5_PBKDF2 }, 451 CSSMOID_PKCS5_PBES2 = { OID_PKCS_5_LENGTH+1, (uint8_t *)OID_PKCS5_PBES2 }, 452 CSSMOID_PKCS5_PBMAC1 = { OID_PKCS_5_LENGTH+1, (uint8_t *)OID_PKCS5_PBMAC1 }, 453 CSSMOID_PKCS5_RC2_CBC = { OID_RSA_ENCRYPT_LENGTH+1, (uint8_t *)OID_PKCS5_RC2_CBC }, 454 CSSMOID_PKCS5_DES_EDE3_CBC = { OID_RSA_ENCRYPT_LENGTH+1, (uint8_t *)OID_PKCS5_DES_EDE3_CBC }, 455 CSSMOID_PKCS5_RC5_CBC = { OID_RSA_ENCRYPT_LENGTH+1, (uint8_t *)OID_PKCS5_RC5_CBC }; 456 457/* PKCS12 algorithms */ 458#define OID_PKCS12_PbeIds OID_PKCS_12,1 459#define OID_PKCS12_PbeIds_Length OID_PKCS_12_LENGTH+1 460 461static const uint8_t 462 OID_PKCS12_pbeWithSHAAnd128BitRC4[] = { OID_PKCS12_PbeIds, 1 }, 463 OID_PKCS12_pbeWithSHAAnd40BitRC4[] = { OID_PKCS12_PbeIds, 2 }, 464 OID_PKCS12_pbeWithSHAAnd3Key3DESCBC[] = { OID_PKCS12_PbeIds, 3 }, 465 OID_PKCS12_pbeWithSHAAnd2Key3DESCBC[] = { OID_PKCS12_PbeIds, 4 }, 466 OID_PKCS12_pbeWithSHAAnd128BitRC2CBC[] ={ OID_PKCS12_PbeIds, 5 }, 467 OID_PKCS12_pbewithSHAAnd40BitRC2CBC[] = { OID_PKCS12_PbeIds, 6 }; 468 469 470const SecAsn1Oid 471CSSMOID_PKCS12_pbeWithSHAAnd128BitRC4 = {OID_PKCS12_PbeIds_Length + 1, 472 (uint8_t *)OID_PKCS12_pbeWithSHAAnd128BitRC4 }, 473CSSMOID_PKCS12_pbeWithSHAAnd40BitRC4 = {OID_PKCS12_PbeIds_Length + 1, 474 (uint8_t *)OID_PKCS12_pbeWithSHAAnd40BitRC4 }, 475CSSMOID_PKCS12_pbeWithSHAAnd3Key3DESCBC = {OID_PKCS12_PbeIds_Length + 1, 476 (uint8_t *)OID_PKCS12_pbeWithSHAAnd3Key3DESCBC }, 477CSSMOID_PKCS12_pbeWithSHAAnd2Key3DESCBC = {OID_PKCS12_PbeIds_Length + 1, 478 (uint8_t *)OID_PKCS12_pbeWithSHAAnd2Key3DESCBC }, 479CSSMOID_PKCS12_pbeWithSHAAnd128BitRC2CBC = {OID_PKCS12_PbeIds_Length + 1, 480 (uint8_t *)OID_PKCS12_pbeWithSHAAnd128BitRC2CBC }, 481CSSMOID_PKCS12_pbewithSHAAnd40BitRC2CBC = {OID_PKCS12_PbeIds_Length + 1, 482 (uint8_t *)OID_PKCS12_pbewithSHAAnd40BitRC2CBC }; 483 484/* ANSI X9.62 and Certicom elliptic curve algorithms */ 485static const uint8_t 486 OID_ecPublicKey[] = { OID_ANSI_X9_62_PUBKEY_TYPE, 1 }, 487 OID_ECDSA_WithSHA1[] = { OID_ANSI_X9_62_SIG_TYPE, 1 }, 488 OID_ECDSA_WithSHA224[] = { OID_ANSI_X9_62_SIG_TYPE, 3, 1 }, 489 OID_ECDSA_WithSHA256[] = { OID_ANSI_X9_62_SIG_TYPE, 3, 2 }, 490 OID_ECDSA_WithSHA384[] = { OID_ANSI_X9_62_SIG_TYPE, 3, 3 }, 491 OID_ECDSA_WithSHA512[] = { OID_ANSI_X9_62_SIG_TYPE, 3, 4 }, 492 OID_ECDSA_WithSpecified[] = { OID_ANSI_X9_62_SIG_TYPE, 3 }; 493 494const SecAsn1Oid 495CSSMOID_ecPublicKey = {OID_ANSI_X9_62_LEN+2, (uint8_t *)OID_ecPublicKey}, 496CSSMOID_ECDSA_WithSHA1 = {OID_ANSI_X9_62_SIG_TYPE_LEN+1, (uint8_t *)OID_ECDSA_WithSHA1 }, 497CSSMOID_ECDSA_WithSHA224 = {OID_ANSI_X9_62_SIG_TYPE_LEN+2, (uint8_t *)OID_ECDSA_WithSHA224 }, 498CSSMOID_ECDSA_WithSHA256 = {OID_ANSI_X9_62_SIG_TYPE_LEN+2, (uint8_t *)OID_ECDSA_WithSHA256 }, 499CSSMOID_ECDSA_WithSHA384 = {OID_ANSI_X9_62_SIG_TYPE_LEN+2, (uint8_t *)OID_ECDSA_WithSHA384 }, 500CSSMOID_ECDSA_WithSHA512 = {OID_ANSI_X9_62_SIG_TYPE_LEN+2, (uint8_t *)OID_ECDSA_WithSHA512 }, 501CSSMOID_ECDSA_WithSpecified = {OID_ANSI_X9_62_SIG_TYPE_LEN+1, (uint8_t *)OID_ECDSA_WithSpecified }; 502