RT2752: Add some EKU OID's
authorRich Salz <rsalz@akamai.com>
Thu, 4 Feb 2016 01:26:03 +0000 (20:26 -0500)
committerRich Salz <rsalz@openssl.org>
Thu, 4 Feb 2016 04:33:55 +0000 (23:33 -0500)
And some others found in the Internet.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
crypto/objects/obj_dat.h
crypto/objects/obj_mac.num
crypto/objects/objects.txt
include/openssl/obj_mac.h

index d91fb1817d96fb61c57354cc69f1f2d560892157..c7a793377fcead6ff51281096210e02ba53a367e 100644 (file)
  * [including the GNU Public Licence.]
  */
 
-#define NUM_NID 1023
-#define NUM_SN 1016
-#define NUM_LN 1016
-#define NUM_OBJ 938
+#define NUM_NID 1034
+#define NUM_SN 1027
+#define NUM_LN 1027
+#define NUM_OBJ 949
 
-static const unsigned char lvalues[6620]={
+static const unsigned char lvalues[6704]={
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  0] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  6] OBJ_pkcs */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,     /* [ 13] OBJ_md2 */
@@ -998,6 +998,17 @@ static const unsigned char lvalues[6620]={
 0x2A,0x85,0x03,0x64,0x70,                    /* [6598] OBJ_issuerSignTool */
 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x18,     /* [6603] OBJ_tlsfeature */
 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x11,     /* [6611] OBJ_ipsec_IKE */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x12,     /* [6619] OBJ_capwapAC */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x13,     /* [6627] OBJ_capwapWTP */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x15,     /* [6635] OBJ_sshClient */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x16,     /* [6643] OBJ_sshServer */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x17,     /* [6651] OBJ_sendRouter */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x18,     /* [6659] OBJ_sendProxiedRouter */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x19,     /* [6667] OBJ_sendOwner */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1A,     /* [6675] OBJ_sendProxiedOwner */
+0x2B,0x06,0x01,0x05,0x02,0x03,               /* [6683] OBJ_id_pkinit */
+0x2B,0x06,0x01,0x05,0x02,0x03,0x04,          /* [6689] OBJ_pkInitClientAuth */
+0x2B,0x06,0x01,0x05,0x02,0x03,0x05,          /* [6696] OBJ_pkInitKDC */
 };
 
 static const ASN1_OBJECT nid_objs[NUM_NID]={
@@ -2673,6 +2684,22 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
 {"TLS1-PRF","tls1-prf",NID_tls1_prf,0,NULL,0},
 {"ipsecIKE","ipsec Internet Key Exchange",NID_ipsec_IKE,8,
        &(lvalues[6611]),0},
+{"capwapAC","Ctrl/provision WAP Access",NID_capwapAC,8,
+       &(lvalues[6619]),0},
+{"capwapWTP","Ctrl/Provision WAP Termination",NID_capwapWTP,8,
+       &(lvalues[6627]),0},
+{"secureShellClient","SSH Client",NID_sshClient,8,&(lvalues[6635]),0},
+{"secureShellServer","SSH Server",NID_sshServer,8,&(lvalues[6643]),0},
+{"sendRouter","Send Router",NID_sendRouter,8,&(lvalues[6651]),0},
+{"sendProxiedRouter","Send Proxied Router",NID_sendProxiedRouter,8,
+       &(lvalues[6659]),0},
+{"sendOwner","Send Owner",NID_sendOwner,8,&(lvalues[6667]),0},
+{"sendProxiedOwner","Send Proxied Owner",NID_sendProxiedOwner,8,
+       &(lvalues[6675]),0},
+{"id-pkinit","id-pkinit",NID_id_pkinit,6,&(lvalues[6683]),0},
+{"pkInitClientAuth","PKINIT Client Auth",NID_pkInitClientAuth,7,
+       &(lvalues[6689]),0},
+{"pkInitKDC","Signing KDC Response",NID_pkInitKDC,7,&(lvalues[6696]),0},
 };
 
 static const unsigned int sn_objs[NUM_SN]={
@@ -2951,6 +2978,8 @@ static const unsigned int sn_objs[NUM_SN]={
 483,   /* "cNAMERecord" */
 179,   /* "caIssuers" */
 785,   /* "caRepository" */
+1023,  /* "capwapAC" */
+1024,  /* "capwapWTP" */
 443,   /* "caseIgnoreIA5StringSyntax" */
 152,   /* "certBag" */
 677,   /* "certicom-arc" */
@@ -3212,6 +3241,7 @@ static const unsigned int sn_objs[NUM_SN]={
 351,   /* "id-pda-gender" */
 349,   /* "id-pda-placeOfBirth" */
 175,   /* "id-pe" */
+1031,  /* "id-pkinit" */
 261,   /* "id-pkip" */
 258,   /* "id-pkix-mod" */
 269,   /* "id-pkix1-explicit-88" */
@@ -3416,6 +3446,8 @@ static const unsigned int sn_objs[NUM_SN]={
 440,   /* "pilotObjectClass" */
 455,   /* "pilotOrganization" */
 445,   /* "pilotPerson" */
+1032,  /* "pkInitClientAuth" */
+1033,  /* "pkInitKDC" */
  2,    /* "pkcs" */
 186,   /* "pkcs1" */
 27,    /* "pkcs3" */
@@ -3504,9 +3536,15 @@ static const unsigned int sn_objs[NUM_SN]={
 732,   /* "sect409r1" */
 733,   /* "sect571k1" */
 734,   /* "sect571r1" */
+1025,  /* "secureShellClient" */
+1026,  /* "secureShellServer" */
 386,   /* "security" */
 878,   /* "seeAlso" */
 394,   /* "selected-attribute-types" */
+1029,  /* "sendOwner" */
+1030,  /* "sendProxiedOwner" */
+1028,  /* "sendProxiedRouter" */
+1027,  /* "sendRouter" */
 105,   /* "serialNumber" */
 129,   /* "serverAuth" */
 371,   /* "serviceLocator" */
@@ -3710,6 +3748,8 @@ static const unsigned int ln_objs[NUM_LN]={
 951,   /* "CT Precertificate SCTs" */
 953,   /* "CT Precertificate Signer" */
 131,   /* "Code Signing" */
+1024,  /* "Ctrl/Provision WAP Termination" */
+1023,  /* "Ctrl/provision WAP Access" */
 783,   /* "Diffie-Hellman based MAC" */
 382,   /* "Directory" */
 392,   /* "Domain" */
@@ -3801,6 +3841,7 @@ static const unsigned int ln_objs[NUM_LN]={
 161,   /* "PBES2" */
 69,    /* "PBKDF2" */
 162,   /* "PBMAC1" */
+1032,  /* "PKINIT Client Auth" */
 127,   /* "PKIX" */
 858,   /* "Permanent Identifier" */
 164,   /* "Policy Qualifier CPS" */
@@ -3813,9 +3854,16 @@ static const unsigned int ln_objs[NUM_LN]={
 167,   /* "S/MIME Capabilities" */
 1006,  /* "SNILS" */
 387,   /* "SNMPv2" */
+1025,  /* "SSH Client" */
+1026,  /* "SSH Server" */
 512,   /* "Secure Electronic Transactions" */
 386,   /* "Security" */
 394,   /* "Selected Attribute Types" */
+1029,  /* "Send Owner" */
+1030,  /* "Send Proxied Owner" */
+1028,  /* "Send Proxied Router" */
+1027,  /* "Send Router" */
+1033,  /* "Signing KDC Response" */
 1008,  /* "Signing Tool of Issuer" */
 1007,  /* "Signing Tool of Subject" */
 143,   /* "Strong Extranet ID" */
@@ -4234,6 +4282,7 @@ static const unsigned int ln_objs[NUM_LN]={
 351,   /* "id-pda-gender" */
 349,   /* "id-pda-placeOfBirth" */
 175,   /* "id-pe" */
+1031,  /* "id-pkinit" */
 261,   /* "id-pkip" */
 258,   /* "id-pkix-mod" */
 269,   /* "id-pkix1-explicit-88" */
@@ -5042,6 +5091,7 @@ static const unsigned int obj_objs[NUM_OBJ]={
 994,   /* OBJ_id_tc26_constants            1 2 643 7 1 2 */
  1,    /* OBJ_rsadsi                       1 2 840 113549 */
 185,   /* OBJ_X9cm                         1 2 840 10040 4 */
+1031,  /* OBJ_id_pkinit                    1 3 6 1 5 2 3 */
 127,   /* OBJ_id_pkix                      1 3 6 1 5 5 7 */
 505,   /* OBJ_mime_mhs_headings            1 3 6 1 7 1 1 */
 506,   /* OBJ_mime_mhs_bodies              1 3 6 1 7 1 2 */
@@ -5112,6 +5162,8 @@ static const unsigned int obj_objs[NUM_OBJ]={
 791,   /* OBJ_ecdsa_with_Recommended       1 2 840 10045 4 2 */
 792,   /* OBJ_ecdsa_with_Specified         1 2 840 10045 4 3 */
 920,   /* OBJ_dhpublicnumber               1 2 840 10046 2 1 */
+1032,  /* OBJ_pkInitClientAuth             1 3 6 1 5 2 3 4 */
+1033,  /* OBJ_pkInitKDC                    1 3 6 1 5 2 3 5 */
 258,   /* OBJ_id_pkix_mod                  1 3 6 1 5 5 7 0 */
 175,   /* OBJ_id_pe                        1 3 6 1 5 5 7 1 */
 259,   /* OBJ_id_qt                        1 3 6 1 5 5 7 2 */
@@ -5269,6 +5321,14 @@ static const unsigned int obj_objs[NUM_OBJ]={
 180,   /* OBJ_OCSP_sign                    1 3 6 1 5 5 7 3 9 */
 297,   /* OBJ_dvcs                         1 3 6 1 5 5 7 3 10 */
 1022,  /* OBJ_ipsec_IKE                    1 3 6 1 5 5 7 3 17 */
+1023,  /* OBJ_capwapAC                     1 3 6 1 5 5 7 3 18 */
+1024,  /* OBJ_capwapWTP                    1 3 6 1 5 5 7 3 19 */
+1025,  /* OBJ_sshClient                    1 3 6 1 5 5 7 3 21 */
+1026,  /* OBJ_sshServer                    1 3 6 1 5 5 7 3 22 */
+1027,  /* OBJ_sendRouter                   1 3 6 1 5 5 7 3 23 */
+1028,  /* OBJ_sendProxiedRouter            1 3 6 1 5 5 7 3 24 */
+1029,  /* OBJ_sendOwner                    1 3 6 1 5 5 7 3 25 */
+1030,  /* OBJ_sendProxiedOwner             1 3 6 1 5 5 7 3 26 */
 298,   /* OBJ_id_it_caProtEncCert          1 3 6 1 5 5 7 4 1 */
 299,   /* OBJ_id_it_signKeyPairTypes       1 3 6 1 5 5 7 4 2 */
 300,   /* OBJ_id_it_encKeyPairTypes        1 3 6 1 5 5 7 4 3 */
index 2e54d3d261a4597872e0df83e0f5ae655cfd895f..f4937958c7a92ef4c055ba5ee9d642e66a55a05a 100644 (file)
@@ -1020,3 +1020,14 @@ chacha20         1019
 tlsfeature             1020
 tls1_prf               1021
 ipsec_IKE              1022
+capwapAC               1023
+capwapWTP              1024
+sshClient              1025
+sshServer              1026
+sendRouter             1027
+sendProxiedRouter              1028
+sendOwner              1029
+sendProxiedOwner               1030
+id_pkinit              1031
+pkInitClientAuth               1032
+pkInitKDC              1033
index 42175d9daffbf3ef9451d6f0e1e7c10512cec51d..0fcd3e16245e381559e674c80675b4e9ab0c77d4 100644 (file)
@@ -499,6 +499,16 @@ id-kp 9                    : OCSPSigning           : OCSP Signing
 id-kp 10               : DVCS                  : dvcs
 !Cname ipsec-IKE
 id-kp 17                : ipsecIKE              : ipsec Internet Key Exchange
+id-kp 18                : capwapAC              : Ctrl/provision WAP Access
+id-kp 19                : capwapWTP             : Ctrl/Provision WAP Termination
+!Cname sshClient
+id-kp 21                : secureShellClient     : SSH Client
+!Cname sshServer
+id-kp 22                : secureShellServer     : SSH Server
+id-kp 23                : sendRouter            : Send Router
+id-kp 24                : sendProxiedRouter     : Send Proxied Router
+id-kp 25                : sendOwner             : Send Owner
+id-kp 26                : sendProxiedOwner      : Send Proxied Owner
 
 # CMP information types
 id-it 1                        : id-it-caProtEncCert
@@ -1433,3 +1443,8 @@ secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme
 
 # NID for TLS1 PRF
                             : TLS1-PRF          : tls1-prf
+
+# RFC 4556
+1 3 6 1 5 2 3 : id-pkinit
+id-pkinit 4                     : pkInitClientAuth      : PKINIT Client Auth
+id-pkinit 5                     : pkInitKDC             : Signing KDC Response
index a577e51e906b4380b8503a82ad76afd1190cab49..d7693db6f851e3f6e043de34cf3c921f0b9459f7 100644 (file)
 #define NID_ipsec_IKE           1022
 #define OBJ_ipsec_IKE           OBJ_id_kp,17L
 
+#define SN_capwapAC             "capwapAC"
+#define LN_capwapAC             "Ctrl/provision WAP Access"
+#define NID_capwapAC            1023
+#define OBJ_capwapAC            OBJ_id_kp,18L
+
+#define SN_capwapWTP            "capwapWTP"
+#define LN_capwapWTP            "Ctrl/Provision WAP Termination"
+#define NID_capwapWTP           1024
+#define OBJ_capwapWTP           OBJ_id_kp,19L
+
+#define SN_sshClient            "secureShellClient"
+#define LN_sshClient            "SSH Client"
+#define NID_sshClient           1025
+#define OBJ_sshClient           OBJ_id_kp,21L
+
+#define SN_sshServer            "secureShellServer"
+#define LN_sshServer            "SSH Server"
+#define NID_sshServer           1026
+#define OBJ_sshServer           OBJ_id_kp,22L
+
+#define SN_sendRouter           "sendRouter"
+#define LN_sendRouter           "Send Router"
+#define NID_sendRouter          1027
+#define OBJ_sendRouter          OBJ_id_kp,23L
+
+#define SN_sendProxiedRouter            "sendProxiedRouter"
+#define LN_sendProxiedRouter            "Send Proxied Router"
+#define NID_sendProxiedRouter           1028
+#define OBJ_sendProxiedRouter           OBJ_id_kp,24L
+
+#define SN_sendOwner            "sendOwner"
+#define LN_sendOwner            "Send Owner"
+#define NID_sendOwner           1029
+#define OBJ_sendOwner           OBJ_id_kp,25L
+
+#define SN_sendProxiedOwner             "sendProxiedOwner"
+#define LN_sendProxiedOwner             "Send Proxied Owner"
+#define NID_sendProxiedOwner            1030
+#define OBJ_sendProxiedOwner            OBJ_id_kp,26L
+
 #define SN_id_it_caProtEncCert          "id-it-caProtEncCert"
 #define NID_id_it_caProtEncCert         298
 #define OBJ_id_it_caProtEncCert         OBJ_id_it,1L
 #define SN_tls1_prf             "TLS1-PRF"
 #define LN_tls1_prf             "tls1-prf"
 #define NID_tls1_prf            1021
+
+#define SN_id_pkinit            "id-pkinit"
+#define NID_id_pkinit           1031
+#define OBJ_id_pkinit           1L,3L,6L,1L,5L,2L,3L
+
+#define SN_pkInitClientAuth             "pkInitClientAuth"
+#define LN_pkInitClientAuth             "PKINIT Client Auth"
+#define NID_pkInitClientAuth            1032
+#define OBJ_pkInitClientAuth            OBJ_id_pkinit,4L
+
+#define SN_pkInitKDC            "pkInitKDC"
+#define LN_pkInitKDC            "Signing KDC Response"
+#define NID_pkInitKDC           1033
+#define OBJ_pkInitKDC           OBJ_id_pkinit,5L