From 15633d74dcfe446d309d612c69fd075616d45c5b Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Mon, 7 Sep 2020 20:27:19 +0200 Subject: [PATCH] Add 4 new OIDs for PKIX key purposes and 3 new CMP information types Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12807) --- crypto/objects/obj_dat.h | 45 +++++++++++++++++++++++++++++++++----- crypto/objects/obj_mac.num | 7 ++++++ crypto/objects/objects.txt | 9 ++++++++ fuzz/oids.txt | 7 ++++++ include/openssl/obj_mac.h | 32 +++++++++++++++++++++++++++ 5 files changed, 95 insertions(+), 5 deletions(-) diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index decf33ef9b..0abd2a8d72 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -10,7 +10,7 @@ */ /* Serialized OID's */ -static const unsigned char so[7845] = { +static const unsigned char so[7901] = { 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ @@ -1086,9 +1086,16 @@ static const unsigned char so[7845] = { 0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x05, /* [ 7820] OBJ_XmppAddr */ 0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x07, /* [ 7828] OBJ_SRVName */ 0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x08, /* [ 7836] OBJ_NAIRealm */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1D, /* [ 7844] OBJ_cmcArchive */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1E, /* [ 7852] OBJ_id_kp_bgpsec_router */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1F, /* [ 7860] OBJ_id_kp_BrandIndicatorforMessageIdentification */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x20, /* [ 7868] OBJ_cmKGA */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x11, /* [ 7876] OBJ_id_it_caCerts */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x12, /* [ 7884] OBJ_id_it_rootCaKeyUpdate */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x13, /* [ 7892] OBJ_id_it_certReqTemplate */ }; -#define NUM_NID 1219 +#define NUM_NID 1226 static const ASN1_OBJECT nid_objs[NUM_NID] = { {"UNDEF", "undefined", NID_undef}, {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]}, @@ -2309,9 +2316,16 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { {"modp_6144", "modp_6144", NID_modp_6144}, {"modp_8192", "modp_8192", NID_modp_8192}, {"KxGOST18", "kx-gost18", NID_kx_gost18}, + {"cmcArchive", "CMC Archive Server", NID_cmcArchive, 8, &so[7844]}, + {"id-kp-bgpsec-router", "BGPsec Router", NID_id_kp_bgpsec_router, 8, &so[7852]}, + {"id-kp-BrandIndicatorforMessageIdentification", "Brand Indicator for Message Identification", NID_id_kp_BrandIndicatorforMessageIdentification, 8, &so[7860]}, + {"cmKGA", "Certificate Management Key Generation Authority", NID_cmKGA, 8, &so[7868]}, + {"id-it-caCerts", "id-it-caCerts", NID_id_it_caCerts, 8, &so[7876]}, + {"id-it-rootCaKeyUpdate", "id-it-rootCaKeyUpdate", NID_id_it_rootCaKeyUpdate, 8, &so[7884]}, + {"id-it-certReqTemplate", "id-it-certReqTemplate", NID_id_it_certReqTemplate, 8, &so[7892]}, }; -#define NUM_SN 1210 +#define NUM_SN 1217 static const unsigned int sn_objs[NUM_SN] = { 364, /* "AD_DVCS" */ 419, /* "AES-128-CBC" */ @@ -2692,6 +2706,8 @@ static const unsigned int sn_objs[NUM_SN] = { 407, /* "characteristic-two-field" */ 395, /* "clearance" */ 130, /* "clientAuth" */ + 1222, /* "cmKGA" */ + 1219, /* "cmcArchive" */ 1131, /* "cmcCA" */ 1132, /* "cmcRA" */ 131, /* "codeSigning" */ @@ -2931,8 +2947,10 @@ static const unsigned int sn_objs[NUM_SN] = { 1104, /* "id-hmacWithSHA3-384" */ 1105, /* "id-hmacWithSHA3-512" */ 260, /* "id-it" */ + 1223, /* "id-it-caCerts" */ 302, /* "id-it-caKeyUpdateInfo" */ 298, /* "id-it-caProtEncCert" */ + 1225, /* "id-it-certReqTemplate" */ 311, /* "id-it-confirmWaitTime" */ 303, /* "id-it-currentCRL" */ 300, /* "id-it-encKeyPairTypes" */ @@ -2942,12 +2960,15 @@ static const unsigned int sn_objs[NUM_SN] = { 312, /* "id-it-origPKIMessage" */ 301, /* "id-it-preferredSymmAlg" */ 309, /* "id-it-revPassphrase" */ + 1224, /* "id-it-rootCaKeyUpdate" */ 299, /* "id-it-signKeyPairTypes" */ 305, /* "id-it-subscriptionRequest" */ 306, /* "id-it-subscriptionResponse" */ 784, /* "id-it-suppLangTags" */ 304, /* "id-it-unsupportedOIDs" */ 128, /* "id-kp" */ + 1221, /* "id-kp-BrandIndicatorforMessageIdentification" */ + 1220, /* "id-kp-bgpsec-router" */ 280, /* "id-mod-attribute-cert" */ 274, /* "id-mod-cmc" */ 277, /* "id-mod-cmp" */ @@ -3525,7 +3546,7 @@ static const unsigned int sn_objs[NUM_SN] = { 1093, /* "x509ExtAdmission" */ }; -#define NUM_LN 1210 +#define NUM_LN 1217 static const unsigned int ln_objs[NUM_LN] = { 363, /* "AD Time Stamping" */ 405, /* "ANSI X9.62" */ @@ -3533,16 +3554,20 @@ static const unsigned int ln_objs[NUM_LN] = { 910, /* "Any Extended Key Usage" */ 664, /* "Any language" */ 177, /* "Authority Information Access" */ + 1220, /* "BGPsec Router" */ 365, /* "Basic OCSP Response" */ 285, /* "Biometric Info" */ + 1221, /* "Brand Indicator for Message Identification" */ 179, /* "CA Issuers" */ 785, /* "CA Repository" */ + 1219, /* "CMC Archive Server" */ 1131, /* "CMC Certificate Authority" */ 1132, /* "CMC Registration Authority" */ 954, /* "CT Certificate SCTs" */ 952, /* "CT Precertificate Poison" */ 951, /* "CT Precertificate SCTs" */ 953, /* "CT Precertificate Signer" */ + 1222, /* "Certificate Management Key Generation Authority" */ 131, /* "Code Signing" */ 1024, /* "Ctrl/Provision WAP Termination" */ 1023, /* "Ctrl/provision WAP Access" */ @@ -4144,8 +4169,10 @@ static const unsigned int ln_objs[NUM_LN] = { 508, /* "id-hex-multipart-message" */ 507, /* "id-hex-partial-message" */ 260, /* "id-it" */ + 1223, /* "id-it-caCerts" */ 302, /* "id-it-caKeyUpdateInfo" */ 298, /* "id-it-caProtEncCert" */ + 1225, /* "id-it-certReqTemplate" */ 311, /* "id-it-confirmWaitTime" */ 303, /* "id-it-currentCRL" */ 300, /* "id-it-encKeyPairTypes" */ @@ -4155,6 +4182,7 @@ static const unsigned int ln_objs[NUM_LN] = { 312, /* "id-it-origPKIMessage" */ 301, /* "id-it-preferredSymmAlg" */ 309, /* "id-it-revPassphrase" */ + 1224, /* "id-it-rootCaKeyUpdate" */ 299, /* "id-it-signKeyPairTypes" */ 305, /* "id-it-subscriptionRequest" */ 306, /* "id-it-subscriptionResponse" */ @@ -4739,7 +4767,7 @@ static const unsigned int ln_objs[NUM_LN] = { 125, /* "zlib compression" */ }; -#define NUM_OBJ 1081 +#define NUM_OBJ 1088 static const unsigned int obj_objs[NUM_OBJ] = { 0, /* OBJ_undef 0 */ 181, /* OBJ_iso 1 */ @@ -5345,6 +5373,10 @@ static const unsigned int obj_objs[NUM_OBJ] = { 1030, /* OBJ_sendProxiedOwner 1 3 6 1 5 5 7 3 26 */ 1131, /* OBJ_cmcCA 1 3 6 1 5 5 7 3 27 */ 1132, /* OBJ_cmcRA 1 3 6 1 5 5 7 3 28 */ + 1219, /* OBJ_cmcArchive 1 3 6 1 5 5 7 3 29 */ + 1220, /* OBJ_id_kp_bgpsec_router 1 3 6 1 5 5 7 3 30 */ + 1221, /* OBJ_id_kp_BrandIndicatorforMessageIdentification 1 3 6 1 5 5 7 3 31 */ + 1222, /* OBJ_cmKGA 1 3 6 1 5 5 7 3 32 */ 298, /* OBJ_id_it_caProtEncCert 1 3 6 1 5 5 7 4 1 */ 299, /* OBJ_id_it_signKeyPairTypes 1 3 6 1 5 5 7 4 2 */ 300, /* OBJ_id_it_encKeyPairTypes 1 3 6 1 5 5 7 4 3 */ @@ -5361,6 +5393,9 @@ static const unsigned int obj_objs[NUM_OBJ] = { 311, /* OBJ_id_it_confirmWaitTime 1 3 6 1 5 5 7 4 14 */ 312, /* OBJ_id_it_origPKIMessage 1 3 6 1 5 5 7 4 15 */ 784, /* OBJ_id_it_suppLangTags 1 3 6 1 5 5 7 4 16 */ + 1223, /* OBJ_id_it_caCerts 1 3 6 1 5 5 7 4 17 */ + 1224, /* OBJ_id_it_rootCaKeyUpdate 1 3 6 1 5 5 7 4 18 */ + 1225, /* OBJ_id_it_certReqTemplate 1 3 6 1 5 5 7 4 19 */ 313, /* OBJ_id_regCtrl 1 3 6 1 5 5 7 5 1 */ 314, /* OBJ_id_regInfo 1 3 6 1 5 5 7 5 2 */ 323, /* OBJ_id_alg_des40 1 3 6 1 5 5 7 6 1 */ diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index 6d2c0d74a8..fb40663977 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -1216,3 +1216,10 @@ modp_4096 1215 modp_6144 1216 modp_8192 1217 kx_gost18 1218 +cmcArchive 1219 +id_kp_bgpsec_router 1220 +id_kp_BrandIndicatorforMessageIdentification 1221 +cmKGA 1222 +id_it_caCerts 1223 +id_it_rootCaKeyUpdate 1224 +id_it_certReqTemplate 1225 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index b19454209b..4aa6fc5854 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -509,6 +509,7 @@ id-qt 1 : id-qt-cps : Policy Qualifier CPS id-qt 2 : id-qt-unotice : Policy Qualifier User Notice id-qt 3 : textNotice +# https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.3 # PKIX key purpose identifiers !Cname server-auth id-kp 1 : serverAuth : TLS Web Server Authentication @@ -541,7 +542,12 @@ id-kp 25 : sendOwner : Send Owner id-kp 26 : sendProxiedOwner : Send Proxied Owner id-kp 27 : cmcCA : CMC Certificate Authority id-kp 28 : cmcRA : CMC Registration Authority +id-kp 29 : cmcArchive : CMC Archive Server +id-kp 30 : id-kp-bgpsec-router : BGPsec Router +id-kp 31 : id-kp-BrandIndicatorforMessageIdentification : Brand Indicator for Message Identification +id-kp 32 : cmKGA : Certificate Management Key Generation Authority +# https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.4 # CMP information types id-it 1 : id-it-caProtEncCert id-it 2 : id-it-signKeyPairTypes @@ -561,6 +567,9 @@ id-it 13 : id-it-implicitConfirm id-it 14 : id-it-confirmWaitTime id-it 15 : id-it-origPKIMessage id-it 16 : id-it-suppLangTags +id-it 17 : id-it-caCerts +id-it 18 : id-it-rootCaKeyUpdate +id-it 19 : id-it-certReqTemplate # CRMF registration id-pkip 1 : id-regCtrl diff --git a/fuzz/oids.txt b/fuzz/oids.txt index ddd50880ce..2b4cb110ce 100644 --- a/fuzz/oids.txt +++ b/fuzz/oids.txt @@ -1073,3 +1073,10 @@ OBJ_id_on_SmtpUTF8Mailbox="\x2B\x06\x01\x05\x05\x07\x08\x09" OBJ_XmppAddr="\x2B\x06\x01\x05\x05\x07\x08\x05" OBJ_SRVName="\x2B\x06\x01\x05\x05\x07\x08\x07" OBJ_NAIRealm="\x2B\x06\x01\x05\x05\x07\x08\x08" +OBJ_cmcArchive="\x2B\x06\x01\x05\x05\x07\x03\x1D" +OBJ_id_kp_bgpsec_router="\x2B\x06\x01\x05\x05\x07\x03\x1E" +OBJ_id_kp_BrandIndicatorforMessageIdentification="\x2B\x06\x01\x05\x05\x07\x03\x1F" +OBJ_cmKGA="\x2B\x06\x01\x05\x05\x07\x03\x20" +OBJ_id_it_caCerts="\x2B\x06\x01\x05\x05\x07\x04\x11" +OBJ_id_it_rootCaKeyUpdate="\x2B\x06\x01\x05\x05\x07\x04\x12" +OBJ_id_it_certReqTemplate="\x2B\x06\x01\x05\x05\x07\x04\x13" diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h index 0f9adc9b6a..18fd0ec451 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -1647,6 +1647,26 @@ #define NID_cmcRA 1132 #define OBJ_cmcRA OBJ_id_kp,28L +#define SN_cmcArchive "cmcArchive" +#define LN_cmcArchive "CMC Archive Server" +#define NID_cmcArchive 1219 +#define OBJ_cmcArchive OBJ_id_kp,29L + +#define SN_id_kp_bgpsec_router "id-kp-bgpsec-router" +#define LN_id_kp_bgpsec_router "BGPsec Router" +#define NID_id_kp_bgpsec_router 1220 +#define OBJ_id_kp_bgpsec_router OBJ_id_kp,30L + +#define SN_id_kp_BrandIndicatorforMessageIdentification "id-kp-BrandIndicatorforMessageIdentification" +#define LN_id_kp_BrandIndicatorforMessageIdentification "Brand Indicator for Message Identification" +#define NID_id_kp_BrandIndicatorforMessageIdentification 1221 +#define OBJ_id_kp_BrandIndicatorforMessageIdentification OBJ_id_kp,31L + +#define SN_cmKGA "cmKGA" +#define LN_cmKGA "Certificate Management Key Generation Authority" +#define NID_cmKGA 1222 +#define OBJ_cmKGA OBJ_id_kp,32L + #define SN_id_it_caProtEncCert "id-it-caProtEncCert" #define NID_id_it_caProtEncCert 298 #define OBJ_id_it_caProtEncCert OBJ_id_it,1L @@ -1711,6 +1731,18 @@ #define NID_id_it_suppLangTags 784 #define OBJ_id_it_suppLangTags OBJ_id_it,16L +#define SN_id_it_caCerts "id-it-caCerts" +#define NID_id_it_caCerts 1223 +#define OBJ_id_it_caCerts OBJ_id_it,17L + +#define SN_id_it_rootCaKeyUpdate "id-it-rootCaKeyUpdate" +#define NID_id_it_rootCaKeyUpdate 1224 +#define OBJ_id_it_rootCaKeyUpdate OBJ_id_it,18L + +#define SN_id_it_certReqTemplate "id-it-certReqTemplate" +#define NID_id_it_certReqTemplate 1225 +#define OBJ_id_it_certReqTemplate OBJ_id_it,19L + #define SN_id_regCtrl "id-regCtrl" #define NID_id_regCtrl 313 #define OBJ_id_regCtrl OBJ_id_pkip,1L -- 2.34.1