iBoot/lib/pki/libDER/oids.c

/* Copyright (c) 2005-2013, 2015 Apple Inc. All Rights Reserved. */

/*
 * oids.c - OID consts 
 *
 * Created Nov. 11 2005 by dmitch
 */

#include <libDER/libDER.h>
#include <libDER/oids.h>

#define OID_ISO_CCITT_DIR_SERVICE 			85
#define OID_DS              				OID_ISO_CCITT_DIR_SERVICE 
#define OID_ATTR_TYPE        				OID_DS, 4                
#define OID_EXTENSION        				OID_DS, 29          
#define OID_ISO_STANDARD      	 			40
#define OID_ISO_MEMBER         				42                     
#define OID_US                 				OID_ISO_MEMBER, 134, 72

#define OID_ISO_IDENTIFIED_ORG 				43
#define OID_OSINET             				OID_ISO_IDENTIFIED_ORG, 4
#define OID_GOSIP              				OID_ISO_IDENTIFIED_ORG, 5
#define OID_DOD                				OID_ISO_IDENTIFIED_ORG, 6
#define OID_OIW                				OID_ISO_IDENTIFIED_ORG, 14 

/* From the PKCS Standards */
#define OID_RSA               				OID_US, 134, 247, 13
#define OID_RSA_HASH          				OID_RSA, 2
#define OID_RSA_ENCRYPT       				OID_RSA, 3
#define OID_PKCS             				OID_RSA, 1
#define OID_PKCS_1          				OID_PKCS, 1
#define OID_PKCS_2          				OID_PKCS, 2
#define OID_PKCS_3          				OID_PKCS, 3
#define OID_PKCS_4          				OID_PKCS, 4
#define OID_PKCS_5          				OID_PKCS, 5
#define OID_PKCS_6          				OID_PKCS, 6
#define OID_PKCS_7          				OID_PKCS, 7
#define OID_PKCS_8          				OID_PKCS, 8
#define OID_PKCS_9          				OID_PKCS, 9
#define OID_PKCS_10         				OID_PKCS, 10
#define OID_PKCS_11          				OID_PKCS, 11
#define OID_PKCS_12          				OID_PKCS, 12

/* ANSI X9.62 */
#define OID_ANSI_X9_62						OID_US, 206, 61
#define OID_PUBLIC_KEY_TYPE					OID_ANSI_X9_62, 2
#define OID_EC_SIG_TYPE                     OID_ANSI_X9_62, 4
#define OID_ECDSA_WITH_SHA2                 OID_EC_SIG_TYPE, 3

/* ANSI X9.42 */
#define OID_ANSI_X9_42						OID_US, 206, 62, 2
#define OID_ANSI_X9_42_SCHEME				OID_ANSI_X9_42, 3
#define OID_ANSI_X9_42_NAMED_SCHEME			OID_ANSI_X9_42, 4

/* DOD IANA Security releated objects. */
#define OID_IANA                            OID_DOD, 1, 5

/* Kerberos PKINIT */
#define OID_KERBv5							OID_IANA, 2
#define OID_KERBv5_PKINIT					OID_KERBv5, 3

/* DOD IANA Mechanisms. */
#define OID_MECHANISMS						OID_IANA, 5

/* PKIX */
#define OID_PKIX							OID_MECHANISMS, 7
#define OID_PE								OID_PKIX, 1
#define OID_QT								OID_PKIX, 2
#define OID_KP								OID_PKIX, 3
#define OID_OTHER_NAME						OID_PKIX, 8
#define OID_PDA								OID_PKIX, 9
#define OID_QCS								OID_PKIX, 11
#define OID_AD								OID_PKIX, 48
#define OID_AD_OCSP							OID_AD, 1
#define OID_AD_CAISSUERS                    OID_AD, 2

/* ISAKMP */
#define OID_ISAKMP							OID_MECHANISMS, 8

/* ETSI */
#define OID_ETSI							0x04, 0x00
#define OID_ETSI_QCS						0x04, 0x00, 0x8E, 0x46, 0x01
	
#define OID_OIW_SECSIG        				OID_OIW, 3

#define OID_OIW_ALGORITHM    				OID_OIW_SECSIG, 2

/* NIST defined digest algorithm arc (2, 16, 840, 1, 101, 3, 4, 2) */
#define OID_NIST_HASHALG					0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02

/*
 * Apple-specific OID bases
 */
 
/* 
 * apple OBJECT IDENTIFIER ::=
 * 	{ iso(1) member-body(2) US(840) 113635 }
 * 
 * BER = 06 06 2A 86 48 86 F7 63
 */
#define APPLE_OID				OID_US, 0x86, 0xf7, 0x63

/* appleDataSecurity OBJECT IDENTIFIER ::=
 *		{ apple 100 }
 *      { 1 2 840 113635 100 }
 *
 * BER = 06 07 2A 86 48 86 F7 63 64
 */
#define APPLE_ADS_OID			APPLE_OID, 0x64

/*
 * appleTrustPolicy OBJECT IDENTIFIER ::=
 *		{ appleDataSecurity 1 }
 *      { 1 2 840 113635 100 1 }
 *
 * BER = 06 08 2A 86 48 86 F7 63 64 01 
 */ 
#define APPLE_TP_OID			APPLE_ADS_OID, 1

/*
 *	appleSecurityAlgorithm OBJECT IDENTIFIER ::=
 *		{ appleDataSecurity 2 }
 *      { 1 2 840 113635 100 2 }
 *
 * BER = 06 08 2A 86 48 86 F7 63 64 02
 */
#define APPLE_ALG_OID			APPLE_ADS_OID, 2

/*
 * appleDotMacCertificate OBJECT IDENTIFIER ::= 
 *		{ appleDataSecurity 3 }
 *      { 1 2 840 113635 100 3 }
 */
#define APPLE_DOTMAC_CERT_OID			APPLE_ADS_OID, 3

/*
 * Basis of Policy OIDs for .mac TP requests
 *
 * dotMacCertificateRequest OBJECT IDENTIFIER ::= 
 *		{ appleDotMacCertificate 1 }
 *      { 1 2 840 113635 100 3 1 }
 */
#define APPLE_DOTMAC_CERT_REQ_OID			APPLE_DOTMAC_CERT_OID, 1

/*
 * Basis of .mac Certificate Extensions
 *
 * dotMacCertificateExtension OBJECT IDENTIFIER ::= 
 *		{ appleDotMacCertificate 2 }
 *      { 1 2 840 113635 100 3 2 }
 */
#define APPLE_DOTMAC_CERT_EXTEN_OID			APPLE_DOTMAC_CERT_OID, 2

/*
 * Basis of .mac Certificate request OID/value identitifiers
 *
 * dotMacCertificateRequestValues OBJECT IDENTIFIER ::= 
 *		{ appleDotMacCertificate 3 }
 *      { 1 2 840 113635 100 3 3 }
 */
#define APPLE_DOTMAC_CERT_REQ_VALUE_OID			APPLE_DOTMAC_CERT_OID, 3

/*
 * Basis of Apple-specific extended key usages
 *
 * appleExtendedKeyUsage OBJECT IDENTIFIER ::= 
 *		{ appleDataSecurity 4 }
 *      { 1 2 840 113635 100 4 }
 */
#define APPLE_EKU_OID					APPLE_ADS_OID, 4

/* 
 * Basis of Apple Code Signing extended key usages
 * appleCodeSigning  OBJECT IDENTIFIER ::= 
 *		{ appleExtendedKeyUsage 1 }
 *      { 1 2 840 113635 100 4 1}
 */
#define APPLE_EKU_CODE_SIGNING			APPLE_EKU_OID, 1
#define APPLE_EKU_APPLE_ID              APPLE_EKU_OID, 7
#define APPLE_EKU_SHOEBOX               APPLE_EKU_OID, 14

/*
 * Basis of Apple-specific Certific Policy IDs.
 * appleCertificatePolicies OBJECT IDENTIFIER ::= 
 *		{ appleDataSecurity 5 }
 *		{ 1 2 840 113635 100 5 }
 */
#define APPLE_CERT_POLICIES				APPLE_ADS_OID, 5

/*
 * Basis of Apple-specific Signing extensions
 *		{ appleDataSecurity 6 }
 */
#define APPLE_CERT_EXT    APPLE_ADS_OID, 6

/* Apple Intermediate Marker OIDs */
#define APPLE_CERT_EXT_INTERMEDIATE_MARKER APPLE_CERT_EXT, 2
/* Apple Apple ID Intermediate Marker */
#define APPLE_CERT_EXT_INTERMEDIATE_MARKER_APPLEID APPLE_CERT_EXT_INTERMEDIATE_MARKER, 3
/* 
 *  Apple Apple ID Intermediate Marker (New subCA, no longer shared with push notification server cert issuer 
 *
 *  appleCertificateExtensionAppleIDIntermediate ::= 
 *    { appleCertificateExtensionIntermediateMarker 7 }                                
 *    { 1 2 840 113635 100 6 2 7 }
 */
#define APPLE_CERT_EXT_INTERMEDIATE_MARKER_APPLEID_2 APPLE_CERT_EXT_INTERMEDIATE_MARKER, 7

#define APPLE_CERT_EXT_APPLE_PUSH_MARKER    APPLE_CERT_EXT_INTERMEDIATE_MARKER_APPLEID, 2


#define APPLE_CERT_EXTENSION_CODESIGNING        APPLE_CERT_EXT, 1

/* Secure Boot Embedded Image3 value,
   co-opted by desktop for "Apple Released Code Signature", without value */
#define APPLE_SBOOT_CERT_EXTEN_SBOOT_SPEC_OID	APPLE_CERT_EXTENSION_CODESIGNING, 1
#define APPLE_SBOOT_CERT_EXTEN_SBOOT_TICKET_SPEC_OID	APPLE_CERT_EXTENSION_CODESIGNING, 11
#define APPLE_SBOOT_CERT_EXTEN_IMG4_MANIFEST_SPEC_OID	APPLE_CERT_EXTENSION_CODESIGNING, 15
/* iPhone Provisioning Profile Signing leaf - on the intermediate marker arc? */
#define APPLE_PROVISIONING_PROFILE_OID	APPLE_CERT_EXT_INTERMEDIATE_MARKER, 1
/* iPhone Application Signing leaf */
#define APPLE_APP_SIGINING_OID          APPLE_CERT_EXTENSION_CODESIGNING, 3
/* Shoebox card signing leaf */
#define APPLE_INSTALLER_PACKAGE_SIGNING_EXTERNAL_OID       APPLE_CERT_EXTENSION_CODESIGNING, 16

/*
 * Netscape OIDs.
 */
#define NETSCAPE_BASE_OID           0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42

/*
 * Netscape cert extension.
 *
 *  netscape-cert-extension OBJECT IDENTIFIER ::=
 * 		{ 2 16 840 1 113730 1 }
 *
 *	BER = 06 08 60 86 48 01 86 F8 42 01
 */
#define NETSCAPE_CERT_EXTEN			NETSCAPE_BASE_OID, 0x01

#define NETSCAPE_CERT_POLICY		NETSCAPE_BASE_OID, 0x04

/* Entrust OIDs. */
#define ENTRUST_BASE_OID            OID_US, 0x86, 0xf6, 0x7d

/*
 * Entrust cert extension.
 *
 *  entrust-cert-extension OBJECT IDENTIFIER ::=
 * 		{  1 2 840 113533 7 65 }
 *
 *	BER = 06 08 2A 86 48 86 F6 7D 07 41
 */
#define ENTRUST_CERT_EXTEN			ENTRUST_BASE_OID, 0x07, 0x41

/* Microsfot OIDs. */
#define MICROSOFT_BASE_OID          OID_DOD, 0x01, 0x04, 0x01, 0x82, 0x37
#define MICROSOFT_ENROLLMENT_OID    MICROSOFT_BASE_OID, 0x14

/* Algorithm OIDs. */
static const DERByte
    _oidRsa[]                       = { OID_PKCS_1, 1 },
    _oidMd2Rsa[]                    = { OID_PKCS_1, 2 },
    _oidMd5Rsa[]                    = { OID_PKCS_1, 4 },
    _oidSha1Rsa[]                   = { OID_PKCS_1, 5 },
    _oidSha256Rsa[]                 = { OID_PKCS_1, 11 }, /* rfc5754 */
    _oidSha384Rsa[]                 = { OID_PKCS_1, 12 }, /* rfc5754 */
    _oidSha512Rsa[]                 = { OID_PKCS_1, 13 }, /* rfc5754 */
    _oidSha224Rsa[]                 = { OID_PKCS_1, 14 }, /* rfc5754 */
    _oidEcPubKey[]                  = { OID_PUBLIC_KEY_TYPE, 1 },
    _oidSha1Ecdsa[]                 = { OID_EC_SIG_TYPE, 1 },     /* rfc3279 */
    _oidSha224Ecdsa[]               = { OID_ECDSA_WITH_SHA2, 1 }, /* rfc5758 */
    _oidSha256Ecdsa[]               = { OID_ECDSA_WITH_SHA2, 2 }, /* rfc5758 */
    _oidSha384Ecdsa[]               = { OID_ECDSA_WITH_SHA2, 3 }, /* rfc5758 */
    _oidSha512Ecdsa[]               = { OID_ECDSA_WITH_SHA2, 4 }, /* rfc5758 */
    _oidMd2[]                       = { OID_RSA_HASH, 2 },
    _oidMd4[]                       = { OID_RSA_HASH, 4 },
    _oidMd5[]                       = { OID_RSA_HASH, 5 },
    _oidSha1[]                      = { OID_OIW_ALGORITHM, 26 },
    _oidSha256[]                    = { OID_NIST_HASHALG, 1 },
    _oidSha384[]                    = { OID_NIST_HASHALG, 2 },
    _oidSha512[]                    = { OID_NIST_HASHALG, 3 },
    _oidSha224[]                    = { OID_NIST_HASHALG, 4 };

const DERItem
    oidRsa                          = { (DERByte *)_oidRsa,
                                        sizeof(_oidRsa) },
    oidMd2Rsa                       = { (DERByte *)_oidMd2Rsa,
                                        sizeof(_oidMd2Rsa) },
    oidMd5Rsa                       = { (DERByte *)_oidMd5Rsa,
                                        sizeof(_oidMd5Rsa) },
    oidSha1Rsa                      = { (DERByte *)_oidSha1Rsa,
                                        sizeof(_oidSha1Rsa) },
    oidSha224Rsa                    = { (DERByte *)_oidSha224Rsa,
                                        sizeof(_oidSha224Rsa) },
    oidSha256Rsa                    = { (DERByte *)_oidSha256Rsa,
                                        sizeof(_oidSha256Rsa) },
    oidSha384Rsa                    = { (DERByte *)_oidSha384Rsa,
                                        sizeof(_oidSha384Rsa) },
    oidSha512Rsa                    = { (DERByte *)_oidSha512Rsa,
                                        sizeof(_oidSha512Rsa) },
    oidEcPubKey                     = { (DERByte *)_oidEcPubKey,
                                        sizeof(_oidEcPubKey) },
    oidSha1Ecdsa                    = { (DERByte *)_oidSha1Ecdsa,
                                        sizeof(_oidSha1Ecdsa) },
    oidSha224Ecdsa                    = { (DERByte *)_oidSha224Ecdsa,
                                        sizeof(_oidSha224Ecdsa) },
    oidSha256Ecdsa                    = { (DERByte *)_oidSha256Ecdsa,
                                        sizeof(_oidSha256Ecdsa) },
    oidSha384Ecdsa                    = { (DERByte *)_oidSha384Ecdsa,
                                        sizeof(_oidSha384Ecdsa) },
    oidSha512Ecdsa                    = { (DERByte *)_oidSha512Ecdsa,
                                        sizeof(_oidSha512Ecdsa) },
    oidMd2                          = { (DERByte *)_oidMd2,
                                        sizeof(_oidMd2) },
    oidMd4                          = { (DERByte *)_oidMd4,
                                        sizeof(_oidMd4) },
    oidMd5                          = { (DERByte *)_oidMd5,
                                        sizeof(_oidMd5) },
    oidSha1                         = { (DERByte *)_oidSha1,
                                        sizeof(_oidSha1) },
    oidSha256                       = { (DERByte *)_oidSha256,
                                        sizeof(_oidSha256) },
    oidSha384                       = { (DERByte *)_oidSha384,
                                        sizeof(_oidSha384) },
    oidSha512                       = { (DERByte *)_oidSha512,
                                        sizeof(_oidSha512) },
    oidSha224                       = { (DERByte *)_oidSha224,
                                        sizeof(_oidSha224) };

/* Extension OIDs. */
static const DERByte
    _oidSubjectKeyIdentifier[]      = { OID_EXTENSION, 14 },
    _oidKeyUsage[]                  = { OID_EXTENSION, 15 },
    _oidPrivateKeyUsagePeriod[]     = { OID_EXTENSION, 16 },
    _oidSubjectAltName[]            = { OID_EXTENSION, 17 },
    _oidIssuerAltName[]             = { OID_EXTENSION, 18 },
    _oidBasicConstraints[]          = { OID_EXTENSION, 19 },
    _oidCrlDistributionPoints[]     = { OID_EXTENSION, 31 },
    _oidCertificatePolicies[]       = { OID_EXTENSION, 32 },
    _oidAnyPolicy[]                 = { OID_EXTENSION, 32, 0 },
    _oidPolicyMappings[]            = { OID_EXTENSION, 33 },
    _oidAuthorityKeyIdentifier[]    = { OID_EXTENSION, 35 },
    _oidPolicyConstraints[]         = { OID_EXTENSION, 36 },
    _oidExtendedKeyUsage[]          = { OID_EXTENSION, 37 },
    _oidAnyExtendedKeyUsage[]          = { OID_EXTENSION, 37, 0 },
    _oidInhibitAnyPolicy[]          = { OID_EXTENSION, 54 },
    _oidAuthorityInfoAccess[]       = { OID_PE, 1 },
    _oidSubjectInfoAccess[]			= { OID_PE, 11 },
    _oidAdOCSP[]                    = { OID_AD_OCSP },
    _oidAdCAIssuer[]                = { OID_AD_CAISSUERS },
    _oidNetscapeCertType[]          = { NETSCAPE_CERT_EXTEN, 1 },
    _oidEntrustVersInfo[]           = { ENTRUST_CERT_EXTEN, 0 },
    _oidMSNTPrincipalName[]         = { MICROSOFT_ENROLLMENT_OID, 2, 3 },
    /* Policy Qualifier IDs for Internet policy qualifiers. */
    _oidQtCps[]                     = { OID_QT, 1 },
    _oidQtUNotice[]                 = { OID_QT, 2 },
    /* X.501 Name IDs. */
    _oidCommonName[]                = { OID_ATTR_TYPE, 3 },
    _oidCountryName[]               = { OID_ATTR_TYPE, 6 },
    _oidLocalityName[]              = { OID_ATTR_TYPE, 7 },
    _oidStateOrProvinceName[]       = { OID_ATTR_TYPE, 8 },
    _oidOrganizationName[]          = { OID_ATTR_TYPE, 10 },
    _oidOrganizationalUnitName[]    = { OID_ATTR_TYPE, 11 },
    _oidDescription[]               = { OID_ATTR_TYPE, 13 },
    _oidEmailAddress[]              = { OID_PKCS_9, 1 },
    _oidFriendlyName[]              = { OID_PKCS_9, 20 },
    _oidLocalKeyId[]                = { OID_PKCS_9, 21 },
    _oidExtendedKeyUsageServerAuth[] = { OID_KP, 1 },
    _oidExtendedKeyUsageClientAuth[] = { OID_KP, 2 },
    _oidExtendedKeyUsageCodeSigning[] = { OID_KP, 3 },
    _oidExtendedKeyUsageEmailProtection[] = { OID_KP, 4 },
    _oidExtendedKeyUsageOCSPSigning[] = { OID_KP, 9 },
    _oidExtendedKeyUsageIPSec[]     = { OID_ISAKMP, 2, 2 },
    _oidExtendedKeyUsageMicrosoftSGC[] = { MICROSOFT_BASE_OID, 10, 3, 3 },
    _oidExtendedKeyUsageNetscapeSGC[] = { NETSCAPE_CERT_POLICY, 1 },
    _oidAppleSecureBootCertSpec[]   = { APPLE_SBOOT_CERT_EXTEN_SBOOT_SPEC_OID },
    _oidAppleSecureBootTicketCertSpec[] = { APPLE_SBOOT_CERT_EXTEN_SBOOT_TICKET_SPEC_OID },
    _oidAppleImg4ManifestCertSpec[] = {
        APPLE_SBOOT_CERT_EXTEN_IMG4_MANIFEST_SPEC_OID },
    _oidAppleProvisioningProfile[]  = {APPLE_PROVISIONING_PROFILE_OID },
    _oidAppleApplicationSigning[]   = { APPLE_APP_SIGINING_OID },
    _oidAppleInstallerPackagingSigningExternal[]       = { APPLE_INSTALLER_PACKAGE_SIGNING_EXTERNAL_OID },
    _oidAppleExtendedKeyUsageAppleID[] = { APPLE_EKU_APPLE_ID },
    _oidAppleExtendedKeyUsageShoebox[] = { APPLE_EKU_SHOEBOX },
#if 0 // unused
    _oidApplePushServiceClient[]   =   { APPLE_CERT_EXT_APPLE_PUSH_MARKER, 2 },
#endif
    _oidAppleIntmMarkerAppleID[] = { APPLE_CERT_EXT_INTERMEDIATE_MARKER_APPLEID },
    _oidAppleIntmMarkerAppleID2[] = {APPLE_CERT_EXT_INTERMEDIATE_MARKER_APPLEID_2 };

const DERItem
    oidSubjectKeyIdentifier         = { (DERByte *)_oidSubjectKeyIdentifier,
                                        sizeof(_oidSubjectKeyIdentifier) },
    oidKeyUsage                     = { (DERByte *)_oidKeyUsage,
                                        sizeof(_oidKeyUsage) },
    oidPrivateKeyUsagePeriod        = { (DERByte *)_oidPrivateKeyUsagePeriod,
                                        sizeof(_oidPrivateKeyUsagePeriod) },
    oidSubjectAltName               = { (DERByte *)_oidSubjectAltName,
                                        sizeof(_oidSubjectAltName) },
    oidIssuerAltName                = { (DERByte *)_oidIssuerAltName,
                                        sizeof(_oidIssuerAltName) },
    oidBasicConstraints             = { (DERByte *)_oidBasicConstraints,
                                        sizeof(_oidBasicConstraints) },
    oidCrlDistributionPoints        = { (DERByte *)_oidCrlDistributionPoints,
                                        sizeof(_oidCrlDistributionPoints) },
    oidCertificatePolicies          = { (DERByte *)_oidCertificatePolicies,
                                        sizeof(_oidCertificatePolicies) },
    oidAnyPolicy                    = { (DERByte *)_oidAnyPolicy,
                                        sizeof(_oidAnyPolicy) },
    oidPolicyMappings               = { (DERByte *)_oidPolicyMappings,
                                        sizeof(_oidPolicyMappings) },
    oidAuthorityKeyIdentifier       = { (DERByte *)_oidAuthorityKeyIdentifier,
                                        sizeof(_oidAuthorityKeyIdentifier) },
    oidPolicyConstraints            = { (DERByte *)_oidPolicyConstraints,
                                        sizeof(_oidPolicyConstraints) },
    oidExtendedKeyUsage             = { (DERByte *)_oidExtendedKeyUsage,
                                        sizeof(_oidExtendedKeyUsage) },
    oidAnyExtendedKeyUsage          = { (DERByte *)_oidAnyExtendedKeyUsage,
                                        sizeof(_oidAnyExtendedKeyUsage) },
    oidInhibitAnyPolicy             = { (DERByte *)_oidInhibitAnyPolicy,
                                        sizeof(_oidInhibitAnyPolicy) },
    oidAuthorityInfoAccess          = { (DERByte *)_oidAuthorityInfoAccess,
                                        sizeof(_oidAuthorityInfoAccess) },
    oidSubjectInfoAccess			= { (DERByte *)_oidSubjectInfoAccess,
                                        sizeof(_oidSubjectInfoAccess) },
    oidAdOCSP                       = { (DERByte *)_oidAdOCSP,
                                        sizeof(_oidAdOCSP) },
    oidAdCAIssuer                   = { (DERByte *)_oidAdCAIssuer,
                                        sizeof(_oidAdCAIssuer) },
    oidNetscapeCertType             = { (DERByte *)_oidNetscapeCertType,
                                        sizeof(_oidNetscapeCertType) },
    oidEntrustVersInfo              = { (DERByte *)_oidEntrustVersInfo,
                                        sizeof(_oidEntrustVersInfo) },
    oidMSNTPrincipalName              = { (DERByte *)_oidMSNTPrincipalName,
                                        sizeof(_oidMSNTPrincipalName) },
    /* Policy Qualifier IDs for Internet policy qualifiers. */
    oidQtCps                        = { (DERByte *)_oidQtCps,
                                        sizeof(_oidQtCps) },
    oidQtUNotice                    = { (DERByte *)_oidQtUNotice,
                                        sizeof(_oidQtUNotice) },
    /* X.501 Name IDs. */
    oidCommonName                   = { (DERByte *)_oidCommonName,
                                        sizeof(_oidCommonName) },
    oidCountryName                  = { (DERByte *)_oidCountryName,
                                        sizeof(_oidCountryName) },
    oidLocalityName                 = { (DERByte *)_oidLocalityName,
                                        sizeof(_oidLocalityName) },
    oidStateOrProvinceName          = { (DERByte *)_oidStateOrProvinceName,
                                        sizeof(_oidStateOrProvinceName) },
    oidOrganizationName             = { (DERByte *)_oidOrganizationName,
                                        sizeof(_oidOrganizationName) },
    oidOrganizationalUnitName       = { (DERByte *)_oidOrganizationalUnitName,
                                        sizeof(_oidOrganizationalUnitName) },
    oidDescription                  = { (DERByte *)_oidDescription,
                                        sizeof(_oidDescription) },
    oidEmailAddress                 = { (DERByte *)_oidEmailAddress,
                                        sizeof(_oidEmailAddress) },
    oidFriendlyName                 = { (DERByte *)_oidFriendlyName, 
                                        sizeof(_oidFriendlyName) },
    oidLocalKeyId                   = { (DERByte *)_oidLocalKeyId,
                                        sizeof(_oidLocalKeyId) },
    oidExtendedKeyUsageServerAuth   = { (DERByte *)_oidExtendedKeyUsageServerAuth,
                                        sizeof(_oidExtendedKeyUsageServerAuth) },
    oidExtendedKeyUsageClientAuth   = { (DERByte *)_oidExtendedKeyUsageClientAuth,
                                        sizeof(_oidExtendedKeyUsageClientAuth) },
    oidExtendedKeyUsageCodeSigning  = { (DERByte *)_oidExtendedKeyUsageCodeSigning,
                                        sizeof(_oidExtendedKeyUsageCodeSigning) },
    oidExtendedKeyUsageEmailProtection  = { (DERByte *)_oidExtendedKeyUsageEmailProtection,
                                        sizeof(_oidExtendedKeyUsageEmailProtection) },
    oidExtendedKeyUsageOCSPSigning  = { (DERByte *)_oidExtendedKeyUsageOCSPSigning,
                                        sizeof(_oidExtendedKeyUsageOCSPSigning) },
    oidExtendedKeyUsageIPSec        = { (DERByte *)_oidExtendedKeyUsageIPSec,
                                        sizeof(_oidExtendedKeyUsageIPSec) },
    oidExtendedKeyUsageMicrosoftSGC = { (DERByte *)_oidExtendedKeyUsageMicrosoftSGC,
                                        sizeof(_oidExtendedKeyUsageMicrosoftSGC) },
    oidExtendedKeyUsageNetscapeSGC  = { (DERByte *)_oidExtendedKeyUsageNetscapeSGC,
                                        sizeof(_oidExtendedKeyUsageNetscapeSGC) },
    oidAppleSecureBootCertSpec      = { (DERByte *)_oidAppleSecureBootCertSpec,
                                        sizeof(_oidAppleSecureBootCertSpec) },
    oidAppleSecureBootTicketCertSpec = { (DERByte *)_oidAppleSecureBootTicketCertSpec,
                                        sizeof(_oidAppleSecureBootTicketCertSpec) },
    oidAppleImg4ManifestCertSpec = { (DERByte *)
        _oidAppleImg4ManifestCertSpec,
        sizeof(_oidAppleImg4ManifestCertSpec) },
    oidAppleProvisioningProfile     = { (DERByte *)_oidAppleProvisioningProfile,
                                        sizeof(_oidAppleProvisioningProfile) },
    oidAppleApplicationSigning      = { (DERByte *)_oidAppleApplicationSigning,
                                         sizeof(_oidAppleApplicationSigning) },
    oidAppleInstallerPackagingSigningExternal          = { (DERByte *)_oidAppleInstallerPackagingSigningExternal,
                                                            sizeof(_oidAppleInstallerPackagingSigningExternal) },
    oidAppleExtendedKeyUsageAppleID = { (DERByte *)_oidAppleExtendedKeyUsageAppleID,
                                        sizeof(_oidAppleExtendedKeyUsageAppleID) },
    oidAppleExtendedKeyUsageShoebox = { (DERByte *)_oidAppleExtendedKeyUsageShoebox,
                                        sizeof(_oidAppleExtendedKeyUsageShoebox) },
    oidAppleIntmMarkerAppleID       = { (DERByte *)_oidAppleIntmMarkerAppleID,
                                        sizeof(_oidAppleIntmMarkerAppleID) },
    oidAppleIntmMarkerAppleID2      = { (DERByte *)_oidAppleIntmMarkerAppleID2,
                                        sizeof(_oidAppleIntmMarkerAppleID2) },
    oidApplePushServiceClient       = { (DERByte *)_oidAppleIntmMarkerAppleID2,
                                        sizeof(_oidAppleIntmMarkerAppleID2) };


bool DEROidCompare(const DERItem *oid1, const DERItem *oid2) {
	if ((oid1 == NULL) || (oid2 == NULL)) {
		return false;
	}
	if (oid1->length != oid2->length) {
		return false;
	}
	if (!DERMemcmp(oid1->data, oid2->data, oid1->length)) {
		return true;
	} else {
		return false;
	}
}