|
|
8bd67f |
diff --git a/lib/util/secoid.c b/lib/util/secoid.c
|
|
|
8bd67f |
--- a/lib/util/secoid.c
|
|
|
8bd67f |
+++ b/lib/util/secoid.c
|
|
|
8bd67f |
@@ -117,17 +117,19 @@ const char __nss_util_version[] = "Versi
|
|
|
8bd67f |
/* for DH algorithm */
|
|
|
8bd67f |
/* { iso(1) member-body(2) us(840) x9-57(10046) number-type(2) } */
|
|
|
8bd67f |
/* need real OID person to look at this, copied the above line
|
|
|
8bd67f |
* and added 6 to second to last value (and changed '4' to '2' */
|
|
|
8bd67f |
#define ANSI_X942_ALGORITHM 0x2a, 0x86, 0x48, 0xce, 0x3e, 0x2
|
|
|
8bd67f |
|
|
|
8bd67f |
#define VERISIGN 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45
|
|
|
8bd67f |
|
|
|
8bd67f |
-#define PKIX 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07
|
|
|
8bd67f |
+#define INTERNET_SECURITY_MECH 0x2b, 0x06, 0x01, 0x05, 0x05
|
|
|
8bd67f |
+
|
|
|
8bd67f |
+#define PKIX INTERNET_SECURITY_MECH, 0x07
|
|
|
8bd67f |
#define PKIX_CERT_EXTENSIONS PKIX, 1
|
|
|
8bd67f |
#define PKIX_POLICY_QUALIFIERS PKIX, 2
|
|
|
8bd67f |
#define PKIX_KEY_USAGE PKIX, 3
|
|
|
8bd67f |
#define PKIX_ACCESS_DESCRIPTION PKIX, 0x30
|
|
|
8bd67f |
#define PKIX_OCSP PKIX_ACCESS_DESCRIPTION, 1
|
|
|
8bd67f |
#define PKIX_CA_ISSUERS PKIX_ACCESS_DESCRIPTION, 2
|
|
|
8bd67f |
|
|
|
8bd67f |
#define PKIX_ID_PKIP PKIX, 5
|
|
|
8bd67f |
@@ -355,16 +357,17 @@ CONST_OID x509CertificatePolicies[] = {
|
|
|
8bd67f |
CONST_OID x509PolicyMappings[] = { ID_CE_OID, 33 };
|
|
|
8bd67f |
CONST_OID x509AuthKeyID[] = { ID_CE_OID, 35 };
|
|
|
8bd67f |
CONST_OID x509PolicyConstraints[] = { ID_CE_OID, 36 };
|
|
|
8bd67f |
CONST_OID x509ExtKeyUsage[] = { ID_CE_OID, 37 };
|
|
|
8bd67f |
CONST_OID x509FreshestCRL[] = { ID_CE_OID, 46 };
|
|
|
8bd67f |
CONST_OID x509InhibitAnyPolicy[] = { ID_CE_OID, 54 };
|
|
|
8bd67f |
|
|
|
8bd67f |
CONST_OID x509CertificatePoliciesAnyPolicy[] = { ID_CE_OID, 32, 0 };
|
|
|
8bd67f |
+CONST_OID x509ExtKeyUsageAnyUsage[] = { ID_CE_OID, 37, 0 };
|
|
|
8bd67f |
|
|
|
8bd67f |
CONST_OID x509AuthInfoAccess[] = { PKIX_CERT_EXTENSIONS, 1 };
|
|
|
8bd67f |
CONST_OID x509SubjectInfoAccess[] = { PKIX_CERT_EXTENSIONS, 11 };
|
|
|
8bd67f |
|
|
|
8bd67f |
CONST_OID x509SIATimeStamping[] = { PKIX_ACCESS_DESCRIPTION, 0x03 };
|
|
|
8bd67f |
CONST_OID x509SIACaRepository[] = { PKIX_ACCESS_DESCRIPTION, 0x05 };
|
|
|
8bd67f |
|
|
|
8bd67f |
/* pkcs 12 additions */
|
|
|
8bd67f |
@@ -449,18 +452,23 @@ CONST_OID pkixRegInfoUTF8Pairs[] = { PKI
|
|
|
8bd67f |
CONST_OID pkixRegInfoCertReq[] = { PKIX_ID_REGINFO, 2 };
|
|
|
8bd67f |
|
|
|
8bd67f |
CONST_OID pkixExtendedKeyUsageServerAuth[] = { PKIX_KEY_USAGE, 1 };
|
|
|
8bd67f |
CONST_OID pkixExtendedKeyUsageClientAuth[] = { PKIX_KEY_USAGE, 2 };
|
|
|
8bd67f |
CONST_OID pkixExtendedKeyUsageCodeSign[] = { PKIX_KEY_USAGE, 3 };
|
|
|
8bd67f |
CONST_OID pkixExtendedKeyUsageEMailProtect[] = { PKIX_KEY_USAGE, 4 };
|
|
|
8bd67f |
CONST_OID pkixExtendedKeyUsageTimeStamp[] = { PKIX_KEY_USAGE, 8 };
|
|
|
8bd67f |
CONST_OID pkixOCSPResponderExtendedKeyUsage[] = { PKIX_KEY_USAGE, 9 };
|
|
|
8bd67f |
+/* 17 replaces 5 + 6 + 7 (declared obsolete in RFC 4945) */
|
|
|
8bd67f |
+CONST_OID pkixExtendedKeyUsageIPsecIKE[] = { PKIX_KEY_USAGE, 17 };
|
|
|
8bd67f |
CONST_OID msExtendedKeyUsageTrustListSigning[] = { MS_CRYPTO_EKU, 1 };
|
|
|
8bd67f |
|
|
|
8bd67f |
+CONST_OID ipsecIKEEnd[] = { INTERNET_SECURITY_MECH, 0x08, 0x02, 0x01 };
|
|
|
8bd67f |
+CONST_OID ipsecIKEIntermediate[] = { INTERNET_SECURITY_MECH, 0x08, 0x02, 0x02 };
|
|
|
8bd67f |
+
|
|
|
8bd67f |
/* OIDs for Netscape defined algorithms */
|
|
|
8bd67f |
CONST_OID netscapeSMimeKEA[] = { NETSCAPE_ALGS, 0x01 };
|
|
|
8bd67f |
|
|
|
8bd67f |
/* Fortezza algorithm OIDs */
|
|
|
8bd67f |
CONST_OID skipjackCBC[] = { MISSI, 0x04 };
|
|
|
8bd67f |
CONST_OID dhPublicKey[] = { ANSI_X942_ALGORITHM, 0x1 };
|
|
|
8bd67f |
|
|
|
8bd67f |
CONST_OID idea_CBC[] = { ASCOM_IDEA_ALG, 2 };
|
|
|
8bd67f |
@@ -1749,16 +1757,32 @@ const static SECOidData oids[SEC_OID_TOT
|
|
|
8bd67f |
ODE(SEC_OID_TLS_FFDHE_8192,
|
|
|
8bd67f |
"TLS FFDHE 8192-bit key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
|
|
|
8bd67f |
ODE(SEC_OID_TLS_DHE_CUSTOM,
|
|
|
8bd67f |
"TLS DHE custom group key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
|
|
|
8bd67f |
OD(curve25519, SEC_OID_CURVE25519,
|
|
|
8bd67f |
"Curve25519", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
|
|
|
8bd67f |
ODE(SEC_OID_TLS13_KEA_ANY,
|
|
|
8bd67f |
"TLS 1.3 fake key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
|
|
|
8bd67f |
+
|
|
|
8bd67f |
+ OD(x509ExtKeyUsageAnyUsage, SEC_OID_X509_ANY_EXT_KEY_USAGE,
|
|
|
8bd67f |
+ "Any Extended Key Usage",
|
|
|
8bd67f |
+ CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
|
|
|
8bd67f |
+ OD(pkixExtendedKeyUsageIPsecIKE,
|
|
|
8bd67f |
+ SEC_OID_EXT_KEY_USAGE_IPSEC_IKE,
|
|
|
8bd67f |
+ "IPsec IKE Certificate",
|
|
|
8bd67f |
+ CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
|
|
|
8bd67f |
+ OD(ipsecIKEEnd,
|
|
|
8bd67f |
+ SEC_OID_IPSEC_IKE_END,
|
|
|
8bd67f |
+ "IPsec IKE End",
|
|
|
8bd67f |
+ CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
|
|
|
8bd67f |
+ OD(ipsecIKEIntermediate,
|
|
|
8bd67f |
+ SEC_OID_IPSEC_IKE_INTERMEDIATE,
|
|
|
8bd67f |
+ "IPsec IKE Intermediate",
|
|
|
8bd67f |
+ CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
|
|
|
8bd67f |
};
|
|
|
8bd67f |
|
|
|
8bd67f |
/* PRIVATE EXTENDED SECOID Table
|
|
|
8bd67f |
* This table is private. Its structure is opaque to the outside.
|
|
|
8bd67f |
* It is indexed by the same SECOidTag as the oids table above.
|
|
|
8bd67f |
* Every member of this struct must have accessor functions (set, get)
|
|
|
8bd67f |
* and those functions must operate by value, not by reference.
|
|
|
8bd67f |
* The addresses of the contents of this table must not be exposed
|
|
|
8bd67f |
diff --git a/lib/util/secoidt.h b/lib/util/secoidt.h
|
|
|
8bd67f |
--- a/lib/util/secoidt.h
|
|
|
8bd67f |
+++ b/lib/util/secoidt.h
|
|
|
8bd67f |
@@ -489,16 +489,21 @@ typedef enum {
|
|
|
8bd67f |
SEC_OID_TLS_FFDHE_6144 = 352,
|
|
|
8bd67f |
SEC_OID_TLS_FFDHE_8192 = 353,
|
|
|
8bd67f |
SEC_OID_TLS_DHE_CUSTOM = 354,
|
|
|
8bd67f |
|
|
|
8bd67f |
SEC_OID_CURVE25519 = 355,
|
|
|
8bd67f |
|
|
|
8bd67f |
SEC_OID_TLS13_KEA_ANY = 356,
|
|
|
8bd67f |
|
|
|
8bd67f |
+ SEC_OID_X509_ANY_EXT_KEY_USAGE = 357,
|
|
|
8bd67f |
+ SEC_OID_EXT_KEY_USAGE_IPSEC_IKE = 358,
|
|
|
8bd67f |
+ SEC_OID_IPSEC_IKE_END = 359,
|
|
|
8bd67f |
+ SEC_OID_IPSEC_IKE_INTERMEDIATE = 360,
|
|
|
8bd67f |
+
|
|
|
8bd67f |
SEC_OID_TOTAL
|
|
|
8bd67f |
} SECOidTag;
|
|
|
8bd67f |
|
|
|
8bd67f |
#define SEC_OID_SECG_EC_SECP192R1 SEC_OID_ANSIX962_EC_PRIME192V1
|
|
|
8bd67f |
#define SEC_OID_SECG_EC_SECP256R1 SEC_OID_ANSIX962_EC_PRIME256V1
|
|
|
8bd67f |
#define SEC_OID_PKCS12_KEY_USAGE SEC_OID_X509_KEY_USAGE
|
|
|
8bd67f |
|
|
|
8bd67f |
/* fake OID for DSS sign/verify */
|