search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Import from firefox-3.0b1 tarball
[mozilla-nss.git] / security / nss / lib / util / secoid.c
blob1292085e4e9cd61c39b4fa363457493367ff1b08
1 /* ***** BEGIN LICENSE BLOCK *****
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
3 *
4 * The contents of this file are subject to the Mozilla Public License Version
5 * 1.1 (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 * http://www.mozilla.org/MPL/
8 *
9 * Software distributed under the License is distributed on an "AS IS" basis,
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11 * for the specific language governing rights and limitations under the
12 * License.
13 *
14 * The Original Code is the Netscape security libraries.
15 *
16 * The Initial Developer of the Original Code is
17 * Netscape Communications Corporation.
18 * Portions created by the Initial Developer are Copyright (C) 1994-2000
19 * the Initial Developer. All Rights Reserved.
20 *
21 * Contributor(s):
22 * Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
23 *
24 * Alternatively, the contents of this file may be used under the terms of
25 * either the GNU General Public License Version 2 or later (the "GPL"), or
26 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
27 * in which case the provisions of the GPL or the LGPL are applicable instead
28 * of those above. If you wish to allow use of your version of this file only
29 * under the terms of either the GPL or the LGPL, and not to allow others to
30 * use your version of this file under the terms of the MPL, indicate your
31 * decision by deleting the provisions above and replace them with the notice
32 * and other provisions required by the GPL or the LGPL. If you do not delete
33 * the provisions above, a recipient may use your version of this file under
34 * the terms of any one of the MPL, the GPL or the LGPL.
35 *
36 * ***** END LICENSE BLOCK ***** */
37
38 #include "secoid.h"
39 #include "pkcs11t.h"
40 #include "secmodt.h"
41 #include "secitem.h"
42 #include "secerr.h"
43 #include "plhash.h"
44 #include "nssrwlk.h"
45
46 /* MISSI Mosaic Object ID space */
47 #define USGOV 0x60, 0x86, 0x48, 0x01, 0x65
48 #define MISSI USGOV, 0x02, 0x01, 0x01
49 #define MISSI_OLD_KEA_DSS MISSI, 0x0c
50 #define MISSI_OLD_DSS MISSI, 0x02
51 #define MISSI_KEA_DSS MISSI, 0x14
52 #define MISSI_DSS MISSI, 0x13
53 #define MISSI_KEA MISSI, 0x0a
54 #define MISSI_ALT_KEA MISSI, 0x16
55
56 #define NISTALGS USGOV, 3, 4
57 #define AES NISTALGS, 1
58 #define SHAXXX NISTALGS, 2
59
60 /**
61 ** The Netscape OID space is allocated by Terry Hayes. If you need
62 ** a piece of the space, contact him at thayes@netscape.com.
63 **/
64
65 /* Netscape Communications Corporation Object ID space */
66 /* { 2 16 840 1 113730 } */
67 #define NETSCAPE_OID 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42
68 #define NETSCAPE_CERT_EXT NETSCAPE_OID, 0x01
69 #define NETSCAPE_DATA_TYPE NETSCAPE_OID, 0x02
70 /* netscape directory oid - owned by Mark Smith (mcs@netscape.com) */
71 #define NETSCAPE_DIRECTORY NETSCAPE_OID, 0x03
72 #define NETSCAPE_POLICY NETSCAPE_OID, 0x04
73 #define NETSCAPE_CERT_SERVER NETSCAPE_OID, 0x05
74 #define NETSCAPE_ALGS NETSCAPE_OID, 0x06 /* algorithm OIDs */
75 #define NETSCAPE_NAME_COMPONENTS NETSCAPE_OID, 0x07
76
77 #define NETSCAPE_CERT_EXT_AIA NETSCAPE_CERT_EXT, 0x10
78 #define NETSCAPE_CERT_SERVER_CRMF NETSCAPE_CERT_SERVER, 0x01
79
80 /* these are old and should go away soon */
81 #define OLD_NETSCAPE 0x60, 0x86, 0x48, 0xd8, 0x6a
82 #define NS_CERT_EXT OLD_NETSCAPE, 0x01
83 #define NS_FILE_TYPE OLD_NETSCAPE, 0x02
84 #define NS_IMAGE_TYPE OLD_NETSCAPE, 0x03
85
86 /* RSA OID name space */
87 #define RSADSI 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d
88 #define PKCS RSADSI, 0x01
89 #define DIGEST RSADSI, 0x02
90 #define CIPHER RSADSI, 0x03
91 #define PKCS1 PKCS, 0x01
92 #define PKCS5 PKCS, 0x05
93 #define PKCS7 PKCS, 0x07
94 #define PKCS9 PKCS, 0x09
95 #define PKCS12 PKCS, 0x0c
96
97 /* Fortezza algorithm OID space: { 2 16 840 1 101 2 1 1 } */
98 /* ### mwelch -- Is this just for algorithms, or all of Fortezza? */
99 #define FORTEZZA_ALG 0x60, 0x86, 0x48, 0x01, 0x65, 0x02, 0x01, 0x01
100
101 /* Other OID name spaces */
102 #define ALGORITHM 0x2b, 0x0e, 0x03, 0x02
103 #define X500 0x55
104 #define X520_ATTRIBUTE_TYPE X500, 0x04
105 #define X500_ALG X500, 0x08
106 #define X500_ALG_ENCRYPTION X500_ALG, 0x01
107
108 /** X.509 v3 Extension OID
109 ** {joint-iso-ccitt (2) ds(5) 29}
110 **/
111 #define ID_CE_OID X500, 0x1d
112
113 #define RFC1274_ATTR_TYPE 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x1
114 /* #define RFC2247_ATTR_TYPE 0x09, 0x92, 0x26, 0xf5, 0x98, 0x1e, 0x64, 0x1 this is WRONG! */
115
116 /* PKCS #12 name spaces */
117 #define PKCS12_MODE_IDS PKCS12, 0x01
118 #define PKCS12_ESPVK_IDS PKCS12, 0x02
119 #define PKCS12_BAG_IDS PKCS12, 0x03
120 #define PKCS12_CERT_BAG_IDS PKCS12, 0x04
121 #define PKCS12_OIDS PKCS12, 0x05
122 #define PKCS12_PBE_IDS PKCS12_OIDS, 0x01
123 #define PKCS12_ENVELOPING_IDS PKCS12_OIDS, 0x02
124 #define PKCS12_SIGNATURE_IDS PKCS12_OIDS, 0x03
125 #define PKCS12_V2_PBE_IDS PKCS12, 0x01
126 #define PKCS9_CERT_TYPES PKCS9, 0x16
127 #define PKCS9_CRL_TYPES PKCS9, 0x17
128 #define PKCS9_SMIME_IDS PKCS9, 0x10
129 #define PKCS9_SMIME_ATTRS PKCS9_SMIME_IDS, 2
130 #define PKCS9_SMIME_ALGS PKCS9_SMIME_IDS, 3
131 #define PKCS12_VERSION1 PKCS12, 0x0a
132 #define PKCS12_V1_BAG_IDS PKCS12_VERSION1, 1
133
134 /* for DSA algorithm */
135 /* { iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) } */
136 #define ANSI_X9_ALGORITHM 0x2a, 0x86, 0x48, 0xce, 0x38, 0x4
137
138 /* for DH algorithm */
139 /* { iso(1) member-body(2) us(840) x9-57(10046) number-type(2) } */
140 /* need real OID person to look at this, copied the above line
141 * and added 6 to second to last value (and changed '4' to '2' */
142 #define ANSI_X942_ALGORITHM 0x2a, 0x86, 0x48, 0xce, 0x3e, 0x2
143
144 #define VERISIGN 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45
145
146 #define PKIX 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07
147 #define PKIX_CERT_EXTENSIONS PKIX, 1
148 #define PKIX_POLICY_QUALIFIERS PKIX, 2
149 #define PKIX_KEY_USAGE PKIX, 3
150 #define PKIX_ACCESS_DESCRIPTION PKIX, 0x30
151 #define PKIX_OCSP PKIX_ACCESS_DESCRIPTION, 1
152 #define PKIX_CA_ISSUERS PKIX_ACCESS_DESCRIPTION, 2
153
154 #define PKIX_ID_PKIP PKIX, 5
155 #define PKIX_ID_REGCTRL PKIX_ID_PKIP, 1
156 #define PKIX_ID_REGINFO PKIX_ID_PKIP, 2
157
158 /* Microsoft Object ID space */
159 /* { 1.3.6.1.4.1.311 } */
160 #define MICROSOFT_OID 0x2b, 0x6, 0x1, 0x4, 0x1, 0x82, 0x37
161
162 #define CERTICOM_OID 0x2b, 0x81, 0x04
163 #define SECG_OID CERTICOM_OID, 0x00
164
165 #define ANSI_X962_OID 0x2a, 0x86, 0x48, 0xce, 0x3d
166 #define ANSI_X962_CURVE_OID ANSI_X962_OID, 0x03
167 #define ANSI_X962_GF2m_OID ANSI_X962_CURVE_OID, 0x00
168 #define ANSI_X962_GFp_OID ANSI_X962_CURVE_OID, 0x01
169 #define ANSI_X962_SIGNATURE_OID ANSI_X962_OID, 0x04
170 #define ANSI_X962_SPECIFY_OID ANSI_X962_SIGNATURE_OID, 0x03
171
172 /* for Camellia: iso(1) member-body(2) jisc(392)
173 * mitsubishi(200011) isl(61) security(1) algorithm(1)
174 */
175 #define MITSUBISHI_ALG 0x2a,0x83,0x08,0x8c,0x9a,0x4b,0x3d,0x01,0x01
176 #define CAMELLIA_ENCRYPT_OID MITSUBISHI_ALG,1
177 #define CAMELLIA_WRAP_OID MITSUBISHI_ALG,3
178
179 #define CONST_OID static const unsigned char
180
181 CONST_OID md2[] = { DIGEST, 0x02 };
182 CONST_OID md4[] = { DIGEST, 0x04 };
183 CONST_OID md5[] = { DIGEST, 0x05 };
184 CONST_OID hmac_sha1[] = { DIGEST, 7 };
185 CONST_OID hmac_sha224[] = { DIGEST, 8 };
186 CONST_OID hmac_sha256[] = { DIGEST, 9 };
187 CONST_OID hmac_sha384[] = { DIGEST, 10 };
188 CONST_OID hmac_sha512[] = { DIGEST, 11 };
189
190 CONST_OID rc2cbc[] = { CIPHER, 0x02 };
191 CONST_OID rc4[] = { CIPHER, 0x04 };
192 CONST_OID desede3cbc[] = { CIPHER, 0x07 };
193 CONST_OID rc5cbcpad[] = { CIPHER, 0x09 };
194
195 CONST_OID desecb[] = { ALGORITHM, 0x06 };
196 CONST_OID descbc[] = { ALGORITHM, 0x07 };
197 CONST_OID desofb[] = { ALGORITHM, 0x08 };
198 CONST_OID descfb[] = { ALGORITHM, 0x09 };
199 CONST_OID desmac[] = { ALGORITHM, 0x0a };
200 CONST_OID sdn702DSASignature[] = { ALGORITHM, 0x0c };
201 CONST_OID isoSHAWithRSASignature[] = { ALGORITHM, 0x0f };
202 CONST_OID desede[] = { ALGORITHM, 0x11 };
203 CONST_OID sha1[] = { ALGORITHM, 0x1a };
204 CONST_OID bogusDSASignaturewithSHA1Digest[] = { ALGORITHM, 0x1b };
205
206 CONST_OID pkcs1RSAEncryption[] = { PKCS1, 0x01 };
207 CONST_OID pkcs1MD2WithRSAEncryption[] = { PKCS1, 0x02 };
208 CONST_OID pkcs1MD4WithRSAEncryption[] = { PKCS1, 0x03 };
209 CONST_OID pkcs1MD5WithRSAEncryption[] = { PKCS1, 0x04 };
210 CONST_OID pkcs1SHA1WithRSAEncryption[] = { PKCS1, 0x05 };
211 CONST_OID pkcs1SHA256WithRSAEncryption[] = { PKCS1, 11 };
212 CONST_OID pkcs1SHA384WithRSAEncryption[] = { PKCS1, 12 };
213 CONST_OID pkcs1SHA512WithRSAEncryption[] = { PKCS1, 13 };
214
215 CONST_OID pkcs5PbeWithMD2AndDEScbc[] = { PKCS5, 0x01 };
216 CONST_OID pkcs5PbeWithMD5AndDEScbc[] = { PKCS5, 0x03 };
217 CONST_OID pkcs5PbeWithSha1AndDEScbc[] = { PKCS5, 0x0a };
218 CONST_OID pkcs5Pbkdf2[] = { PKCS5, 12 };
219 CONST_OID pkcs5Pbes2[] = { PKCS5, 13 };
220 CONST_OID pkcs5Pbmac1[] = { PKCS5, 14 };
221
222 CONST_OID pkcs7[] = { PKCS7 };
223 CONST_OID pkcs7Data[] = { PKCS7, 0x01 };
224 CONST_OID pkcs7SignedData[] = { PKCS7, 0x02 };
225 CONST_OID pkcs7EnvelopedData[] = { PKCS7, 0x03 };
226 CONST_OID pkcs7SignedEnvelopedData[] = { PKCS7, 0x04 };
227 CONST_OID pkcs7DigestedData[] = { PKCS7, 0x05 };
228 CONST_OID pkcs7EncryptedData[] = { PKCS7, 0x06 };
229
230 CONST_OID pkcs9EmailAddress[] = { PKCS9, 0x01 };
231 CONST_OID pkcs9UnstructuredName[] = { PKCS9, 0x02 };
232 CONST_OID pkcs9ContentType[] = { PKCS9, 0x03 };
233 CONST_OID pkcs9MessageDigest[] = { PKCS9, 0x04 };
234 CONST_OID pkcs9SigningTime[] = { PKCS9, 0x05 };
235 CONST_OID pkcs9CounterSignature[] = { PKCS9, 0x06 };
236 CONST_OID pkcs9ChallengePassword[] = { PKCS9, 0x07 };
237 CONST_OID pkcs9UnstructuredAddress[] = { PKCS9, 0x08 };
238 CONST_OID pkcs9ExtendedCertificateAttributes[] = { PKCS9, 0x09 };
239 CONST_OID pkcs9ExtensionRequest[] = { PKCS9, 14 };
240 CONST_OID pkcs9SMIMECapabilities[] = { PKCS9, 15 };
241 CONST_OID pkcs9FriendlyName[] = { PKCS9, 20 };
242 CONST_OID pkcs9LocalKeyID[] = { PKCS9, 21 };
243
244 CONST_OID pkcs9X509Certificate[] = { PKCS9_CERT_TYPES, 1 };
245 CONST_OID pkcs9SDSICertificate[] = { PKCS9_CERT_TYPES, 2 };
246 CONST_OID pkcs9X509CRL[] = { PKCS9_CRL_TYPES, 1 };
247
248 /* RFC2630 (CMS) OIDs */
249 CONST_OID cmsESDH[] = { PKCS9_SMIME_ALGS, 5 };
250 CONST_OID cms3DESwrap[] = { PKCS9_SMIME_ALGS, 6 };
251 CONST_OID cmsRC2wrap[] = { PKCS9_SMIME_ALGS, 7 };
252
253 /* RFC2633 SMIME message attributes */
254 CONST_OID smimeEncryptionKeyPreference[] = { PKCS9_SMIME_ATTRS, 11 };
255 CONST_OID ms_smimeEncryptionKeyPreference[] = { MICROSOFT_OID, 0x10, 0x4 };
256
257 CONST_OID x520CommonName[] = { X520_ATTRIBUTE_TYPE, 3 };
258 CONST_OID x520SurName[] = { X520_ATTRIBUTE_TYPE, 4 };
259 CONST_OID x520SerialNumber[] = { X520_ATTRIBUTE_TYPE, 5 };
260 CONST_OID x520CountryName[] = { X520_ATTRIBUTE_TYPE, 6 };
261 CONST_OID x520LocalityName[] = { X520_ATTRIBUTE_TYPE, 7 };
262 CONST_OID x520StateOrProvinceName[] = { X520_ATTRIBUTE_TYPE, 8 };
263 CONST_OID x520StreetAddress[] = { X520_ATTRIBUTE_TYPE, 9 };
264 CONST_OID x520OrgName[] = { X520_ATTRIBUTE_TYPE, 10 };
265 CONST_OID x520OrgUnitName[] = { X520_ATTRIBUTE_TYPE, 11 };
266 CONST_OID x520Title[] = { X520_ATTRIBUTE_TYPE, 12 };
267 CONST_OID x520PostalAddress[] = { X520_ATTRIBUTE_TYPE, 16 };
268 CONST_OID x520PostalCode[] = { X520_ATTRIBUTE_TYPE, 17 };
269 CONST_OID x520PostOfficeBox[] = { X520_ATTRIBUTE_TYPE, 18 };
270 CONST_OID x520GivenName[] = { X520_ATTRIBUTE_TYPE, 42 };
271 CONST_OID x520Initials[] = { X520_ATTRIBUTE_TYPE, 43 };
272 CONST_OID x520GenerationQualifier[] = { X520_ATTRIBUTE_TYPE, 44 };
273 CONST_OID x520DnQualifier[] = { X520_ATTRIBUTE_TYPE, 46 };
274 CONST_OID x520HouseIdentifier[] = { X520_ATTRIBUTE_TYPE, 51 };
275 CONST_OID x520Pseudonym[] = { X520_ATTRIBUTE_TYPE, 65 };
276
277 CONST_OID nsTypeGIF[] = { NETSCAPE_DATA_TYPE, 0x01 };
278 CONST_OID nsTypeJPEG[] = { NETSCAPE_DATA_TYPE, 0x02 };
279 CONST_OID nsTypeURL[] = { NETSCAPE_DATA_TYPE, 0x03 };
280 CONST_OID nsTypeHTML[] = { NETSCAPE_DATA_TYPE, 0x04 };
281 CONST_OID nsTypeCertSeq[] = { NETSCAPE_DATA_TYPE, 0x05 };
282
283 CONST_OID missiCertKEADSSOld[] = { MISSI_OLD_KEA_DSS };
284 CONST_OID missiCertDSSOld[] = { MISSI_OLD_DSS };
285 CONST_OID missiCertKEADSS[] = { MISSI_KEA_DSS };
286 CONST_OID missiCertDSS[] = { MISSI_DSS };
287 CONST_OID missiCertKEA[] = { MISSI_KEA };
288 CONST_OID missiCertAltKEA[] = { MISSI_ALT_KEA };
289 CONST_OID x500RSAEncryption[] = { X500_ALG_ENCRYPTION, 0x01 };
290
291 /* added for alg 1485 */
292 CONST_OID rfc1274Uid[] = { RFC1274_ATTR_TYPE, 1 };
293 CONST_OID rfc1274Mail[] = { RFC1274_ATTR_TYPE, 3 };
294 CONST_OID rfc2247DomainComponent[] = { RFC1274_ATTR_TYPE, 25 };
295
296 /* Netscape private certificate extensions */
297 CONST_OID nsCertExtNetscapeOK[] = { NS_CERT_EXT, 1 };
298 CONST_OID nsCertExtIssuerLogo[] = { NS_CERT_EXT, 2 };
299 CONST_OID nsCertExtSubjectLogo[] = { NS_CERT_EXT, 3 };
300 CONST_OID nsExtCertType[] = { NETSCAPE_CERT_EXT, 0x01 };
301 CONST_OID nsExtBaseURL[] = { NETSCAPE_CERT_EXT, 0x02 };
302 CONST_OID nsExtRevocationURL[] = { NETSCAPE_CERT_EXT, 0x03 };
303 CONST_OID nsExtCARevocationURL[] = { NETSCAPE_CERT_EXT, 0x04 };
304 CONST_OID nsExtCACRLURL[] = { NETSCAPE_CERT_EXT, 0x05 };
305 CONST_OID nsExtCACertURL[] = { NETSCAPE_CERT_EXT, 0x06 };
306 CONST_OID nsExtCertRenewalURL[] = { NETSCAPE_CERT_EXT, 0x07 };
307 CONST_OID nsExtCAPolicyURL[] = { NETSCAPE_CERT_EXT, 0x08 };
308 CONST_OID nsExtHomepageURL[] = { NETSCAPE_CERT_EXT, 0x09 };
309 CONST_OID nsExtEntityLogo[] = { NETSCAPE_CERT_EXT, 0x0a };
310 CONST_OID nsExtUserPicture[] = { NETSCAPE_CERT_EXT, 0x0b };
311 CONST_OID nsExtSSLServerName[] = { NETSCAPE_CERT_EXT, 0x0c };
312 CONST_OID nsExtComment[] = { NETSCAPE_CERT_EXT, 0x0d };
313
314 /* the following 2 extensions are defined for and used by Cartman(NSM) */
315 CONST_OID nsExtLostPasswordURL[] = { NETSCAPE_CERT_EXT, 0x0e };
316 CONST_OID nsExtCertRenewalTime[] = { NETSCAPE_CERT_EXT, 0x0f };
317
318 CONST_OID nsExtAIACertRenewal[] = { NETSCAPE_CERT_EXT_AIA, 0x01 };
319 CONST_OID nsExtCertScopeOfUse[] = { NETSCAPE_CERT_EXT, 0x11 };
320 /* Reserved Netscape (2 16 840 1 113730 1 18) = { NETSCAPE_CERT_EXT, 0x12 }; */
321
322 /* Netscape policy values */
323 CONST_OID nsKeyUsageGovtApproved[] = { NETSCAPE_POLICY, 0x01 };
324
325 /* Netscape other name types */
326 CONST_OID netscapeNickname[] = { NETSCAPE_NAME_COMPONENTS, 0x01 };
327 CONST_OID netscapeAOLScreenname[] = { NETSCAPE_NAME_COMPONENTS, 0x02 };
328
329 /* OIDs needed for cert server */
330 CONST_OID netscapeRecoveryRequest[] = { NETSCAPE_CERT_SERVER_CRMF, 0x01 };
331
332
333 /* Standard x.509 v3 Certificate & CRL Extensions */
334 CONST_OID x509SubjectDirectoryAttr[] = { ID_CE_OID, 9 };
335 CONST_OID x509SubjectKeyID[] = { ID_CE_OID, 14 };
336 CONST_OID x509KeyUsage[] = { ID_CE_OID, 15 };
337 CONST_OID x509PrivateKeyUsagePeriod[] = { ID_CE_OID, 16 };
338 CONST_OID x509SubjectAltName[] = { ID_CE_OID, 17 };
339 CONST_OID x509IssuerAltName[] = { ID_CE_OID, 18 };
340 CONST_OID x509BasicConstraints[] = { ID_CE_OID, 19 };
341 CONST_OID x509CRLNumber[] = { ID_CE_OID, 20 };
342 CONST_OID x509ReasonCode[] = { ID_CE_OID, 21 };
343 CONST_OID x509HoldInstructionCode[] = { ID_CE_OID, 23 };
344 CONST_OID x509InvalidDate[] = { ID_CE_OID, 24 };
345 CONST_OID x509DeltaCRLIndicator[] = { ID_CE_OID, 27 };
346 CONST_OID x509IssuingDistributionPoint[] = { ID_CE_OID, 28 };
347 CONST_OID x509CertIssuer[] = { ID_CE_OID, 29 };
348 CONST_OID x509NameConstraints[] = { ID_CE_OID, 30 };
349 CONST_OID x509CRLDistPoints[] = { ID_CE_OID, 31 };
350 CONST_OID x509CertificatePolicies[] = { ID_CE_OID, 32 };
351 CONST_OID x509PolicyMappings[] = { ID_CE_OID, 33 };
352 CONST_OID x509AuthKeyID[] = { ID_CE_OID, 35 };
353 CONST_OID x509PolicyConstraints[] = { ID_CE_OID, 36 };
354 CONST_OID x509ExtKeyUsage[] = { ID_CE_OID, 37 };
355 CONST_OID x509FreshestCRL[] = { ID_CE_OID, 46 };
356 CONST_OID x509InhibitAnyPolicy[] = { ID_CE_OID, 54 };
357
358 CONST_OID x509AuthInfoAccess[] = { PKIX_CERT_EXTENSIONS, 1 };
359 CONST_OID x509SubjectInfoAccess[] = { PKIX_CERT_EXTENSIONS, 11 };
360
361 CONST_OID x509SIATimeStamping[] = {PKIX_ACCESS_DESCRIPTION, 0x03};
362 CONST_OID x509SIACaRepository[] = {PKIX_ACCESS_DESCRIPTION, 0x05};
363
364 /* pkcs 12 additions */
365 CONST_OID pkcs12[] = { PKCS12 };
366 CONST_OID pkcs12ModeIDs[] = { PKCS12_MODE_IDS };
367 CONST_OID pkcs12ESPVKIDs[] = { PKCS12_ESPVK_IDS };
368 CONST_OID pkcs12BagIDs[] = { PKCS12_BAG_IDS };
369 CONST_OID pkcs12CertBagIDs[] = { PKCS12_CERT_BAG_IDS };
370 CONST_OID pkcs12OIDs[] = { PKCS12_OIDS };
371 CONST_OID pkcs12PBEIDs[] = { PKCS12_PBE_IDS };
372 CONST_OID pkcs12EnvelopingIDs[] = { PKCS12_ENVELOPING_IDS };
373 CONST_OID pkcs12SignatureIDs[] = { PKCS12_SIGNATURE_IDS };
374 CONST_OID pkcs12PKCS8KeyShrouding[] = { PKCS12_ESPVK_IDS, 0x01 };
375 CONST_OID pkcs12KeyBagID[] = { PKCS12_BAG_IDS, 0x01 };
376 CONST_OID pkcs12CertAndCRLBagID[] = { PKCS12_BAG_IDS, 0x02 };
377 CONST_OID pkcs12SecretBagID[] = { PKCS12_BAG_IDS, 0x03 };
378 CONST_OID pkcs12X509CertCRLBag[] = { PKCS12_CERT_BAG_IDS, 0x01 };
379 CONST_OID pkcs12SDSICertBag[] = { PKCS12_CERT_BAG_IDS, 0x02 };
380 CONST_OID pkcs12PBEWithSha1And128BitRC4[] = { PKCS12_PBE_IDS, 0x01 };
381 CONST_OID pkcs12PBEWithSha1And40BitRC4[] = { PKCS12_PBE_IDS, 0x02 };
382 CONST_OID pkcs12PBEWithSha1AndTripleDESCBC[] = { PKCS12_PBE_IDS, 0x03 };
383 CONST_OID pkcs12PBEWithSha1And128BitRC2CBC[] = { PKCS12_PBE_IDS, 0x04 };
384 CONST_OID pkcs12PBEWithSha1And40BitRC2CBC[] = { PKCS12_PBE_IDS, 0x05 };
385 CONST_OID pkcs12RSAEncryptionWith128BitRC4[] = { PKCS12_ENVELOPING_IDS, 0x01 };
386 CONST_OID pkcs12RSAEncryptionWith40BitRC4[] = { PKCS12_ENVELOPING_IDS, 0x02 };
387 CONST_OID pkcs12RSAEncryptionWithTripleDES[] = { PKCS12_ENVELOPING_IDS, 0x03 };
388 CONST_OID pkcs12RSASignatureWithSHA1Digest[] = { PKCS12_SIGNATURE_IDS, 0x01 };
389
390 /* pkcs 12 version 1.0 ids */
391 CONST_OID pkcs12V2PBEWithSha1And128BitRC4[] = { PKCS12_V2_PBE_IDS, 0x01 };
392 CONST_OID pkcs12V2PBEWithSha1And40BitRC4[] = { PKCS12_V2_PBE_IDS, 0x02 };
393 CONST_OID pkcs12V2PBEWithSha1And3KeyTripleDEScbc[]= { PKCS12_V2_PBE_IDS, 0x03 };
394 CONST_OID pkcs12V2PBEWithSha1And2KeyTripleDEScbc[]= { PKCS12_V2_PBE_IDS, 0x04 };
395 CONST_OID pkcs12V2PBEWithSha1And128BitRC2cbc[] = { PKCS12_V2_PBE_IDS, 0x05 };
396 CONST_OID pkcs12V2PBEWithSha1And40BitRC2cbc[] = { PKCS12_V2_PBE_IDS, 0x06 };
397
398 CONST_OID pkcs12SafeContentsID[] = { PKCS12_BAG_IDS, 0x04 };
399 CONST_OID pkcs12PKCS8ShroudedKeyBagID[] = { PKCS12_BAG_IDS, 0x05 };
400
401 CONST_OID pkcs12V1KeyBag[] = { PKCS12_V1_BAG_IDS, 0x01 };
402 CONST_OID pkcs12V1PKCS8ShroudedKeyBag[] = { PKCS12_V1_BAG_IDS, 0x02 };
403 CONST_OID pkcs12V1CertBag[] = { PKCS12_V1_BAG_IDS, 0x03 };
404 CONST_OID pkcs12V1CRLBag[] = { PKCS12_V1_BAG_IDS, 0x04 };
405 CONST_OID pkcs12V1SecretBag[] = { PKCS12_V1_BAG_IDS, 0x05 };
406 CONST_OID pkcs12V1SafeContentsBag[] = { PKCS12_V1_BAG_IDS, 0x06 };
407
408 /* The following encoding is INCORRECT, but correcting it would create a
409 * duplicate OID in the table. So, we will leave it alone.
410 */
411 CONST_OID pkcs12KeyUsageAttr[] = { 2, 5, 29, 15 };
412
413 CONST_OID ansix9DSASignature[] = { ANSI_X9_ALGORITHM, 0x01 };
414 CONST_OID ansix9DSASignaturewithSHA1Digest[] = { ANSI_X9_ALGORITHM, 0x03 };
415
416 /* verisign OIDs */
417 CONST_OID verisignUserNotices[] = { VERISIGN, 1, 7, 1, 1 };
418
419 /* pkix OIDs */
420 CONST_OID pkixCPSPointerQualifier[] = { PKIX_POLICY_QUALIFIERS, 1 };
421 CONST_OID pkixUserNoticeQualifier[] = { PKIX_POLICY_QUALIFIERS, 2 };
422
423 CONST_OID pkixOCSP[] = { PKIX_OCSP };
424 CONST_OID pkixOCSPBasicResponse[] = { PKIX_OCSP, 1 };
425 CONST_OID pkixOCSPNonce[] = { PKIX_OCSP, 2 };
426 CONST_OID pkixOCSPCRL[] = { PKIX_OCSP, 3 };
427 CONST_OID pkixOCSPResponse[] = { PKIX_OCSP, 4 };
428 CONST_OID pkixOCSPNoCheck[] = { PKIX_OCSP, 5 };
429 CONST_OID pkixOCSPArchiveCutoff[] = { PKIX_OCSP, 6 };
430 CONST_OID pkixOCSPServiceLocator[] = { PKIX_OCSP, 7 };
431
432 CONST_OID pkixCAIssuers[] = { PKIX_CA_ISSUERS };
433
434 CONST_OID pkixRegCtrlRegToken[] = { PKIX_ID_REGCTRL, 1};
435 CONST_OID pkixRegCtrlAuthenticator[] = { PKIX_ID_REGCTRL, 2};
436 CONST_OID pkixRegCtrlPKIPubInfo[] = { PKIX_ID_REGCTRL, 3};
437 CONST_OID pkixRegCtrlPKIArchOptions[] = { PKIX_ID_REGCTRL, 4};
438 CONST_OID pkixRegCtrlOldCertID[] = { PKIX_ID_REGCTRL, 5};
439 CONST_OID pkixRegCtrlProtEncKey[] = { PKIX_ID_REGCTRL, 6};
440 CONST_OID pkixRegInfoUTF8Pairs[] = { PKIX_ID_REGINFO, 1};
441 CONST_OID pkixRegInfoCertReq[] = { PKIX_ID_REGINFO, 2};
442
443 CONST_OID pkixExtendedKeyUsageServerAuth[] = { PKIX_KEY_USAGE, 1 };
444 CONST_OID pkixExtendedKeyUsageClientAuth[] = { PKIX_KEY_USAGE, 2 };
445 CONST_OID pkixExtendedKeyUsageCodeSign[] = { PKIX_KEY_USAGE, 3 };
446 CONST_OID pkixExtendedKeyUsageEMailProtect[] = { PKIX_KEY_USAGE, 4 };
447 CONST_OID pkixExtendedKeyUsageTimeStamp[] = { PKIX_KEY_USAGE, 8 };
448 CONST_OID pkixOCSPResponderExtendedKeyUsage[] = { PKIX_KEY_USAGE, 9 };
449
450 /* OIDs for Netscape defined algorithms */
451 CONST_OID netscapeSMimeKEA[] = { NETSCAPE_ALGS, 0x01 };
452
453 /* Fortezza algorithm OIDs */
454 CONST_OID skipjackCBC[] = { FORTEZZA_ALG, 0x04 };
455 CONST_OID dhPublicKey[] = { ANSI_X942_ALGORITHM, 0x1 };
456
457 CONST_OID aes128_ECB[] = { AES, 1 };
458 CONST_OID aes128_CBC[] = { AES, 2 };
459 #ifdef DEFINE_ALL_AES_CIPHERS
460 CONST_OID aes128_OFB[] = { AES, 3 };
461 CONST_OID aes128_CFB[] = { AES, 4 };
462 #endif
463 CONST_OID aes128_KEY_WRAP[] = { AES, 5 };
464
465 CONST_OID aes192_ECB[] = { AES, 21 };
466 CONST_OID aes192_CBC[] = { AES, 22 };
467 #ifdef DEFINE_ALL_AES_CIPHERS
468 CONST_OID aes192_OFB[] = { AES, 23 };
469 CONST_OID aes192_CFB[] = { AES, 24 };
470 #endif
471 CONST_OID aes192_KEY_WRAP[] = { AES, 25 };
472
473 CONST_OID aes256_ECB[] = { AES, 41 };
474 CONST_OID aes256_CBC[] = { AES, 42 };
475 #ifdef DEFINE_ALL_AES_CIPHERS
476 CONST_OID aes256_OFB[] = { AES, 43 };
477 CONST_OID aes256_CFB[] = { AES, 44 };
478 #endif
479 CONST_OID aes256_KEY_WRAP[] = { AES, 45 };
480
481 CONST_OID camellia128_CBC[] = { CAMELLIA_ENCRYPT_OID, 2};
482 CONST_OID camellia192_CBC[] = { CAMELLIA_ENCRYPT_OID, 3};
483 CONST_OID camellia256_CBC[] = { CAMELLIA_ENCRYPT_OID, 4};
484 CONST_OID camellia128_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 2};
485 CONST_OID camellia192_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 3};
486 CONST_OID camellia256_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 4};
487
488 CONST_OID sha256[] = { SHAXXX, 1 };
489 CONST_OID sha384[] = { SHAXXX, 2 };
490 CONST_OID sha512[] = { SHAXXX, 3 };
491
492 CONST_OID ansix962ECPublicKey[] = { ANSI_X962_OID, 0x02, 0x01 };
493 CONST_OID ansix962SignaturewithSHA1Digest[] = { ANSI_X962_SIGNATURE_OID, 0x01 };
494 CONST_OID ansix962SignatureRecommended[] = { ANSI_X962_SIGNATURE_OID, 0x02 };
495 CONST_OID ansix962SignatureSpecified[] = { ANSI_X962_SPECIFY_OID };
496 CONST_OID ansix962SignaturewithSHA224Digest[] = { ANSI_X962_SPECIFY_OID, 0x01 };
497 CONST_OID ansix962SignaturewithSHA256Digest[] = { ANSI_X962_SPECIFY_OID, 0x02 };
498 CONST_OID ansix962SignaturewithSHA384Digest[] = { ANSI_X962_SPECIFY_OID, 0x03 };
499 CONST_OID ansix962SignaturewithSHA512Digest[] = { ANSI_X962_SPECIFY_OID, 0x04 };
500
501 /* ANSI X9.62 prime curve OIDs */
502 /* NOTE: prime192v1 is the same as secp192r1, prime256v1 is the
503 * same as secp256r1
504 */
505 CONST_OID ansiX962prime192v1[] = { ANSI_X962_GFp_OID, 0x01 };
506 CONST_OID ansiX962prime192v2[] = { ANSI_X962_GFp_OID, 0x02 };
507 CONST_OID ansiX962prime192v3[] = { ANSI_X962_GFp_OID, 0x03 };
508 CONST_OID ansiX962prime239v1[] = { ANSI_X962_GFp_OID, 0x04 };
509 CONST_OID ansiX962prime239v2[] = { ANSI_X962_GFp_OID, 0x05 };
510 CONST_OID ansiX962prime239v3[] = { ANSI_X962_GFp_OID, 0x06 };
511 CONST_OID ansiX962prime256v1[] = { ANSI_X962_GFp_OID, 0x07 };
512
513 /* SECG prime curve OIDs */
514 CONST_OID secgECsecp112r1[] = { SECG_OID, 0x06 };
515 CONST_OID secgECsecp112r2[] = { SECG_OID, 0x07 };
516 CONST_OID secgECsecp128r1[] = { SECG_OID, 0x1c };
517 CONST_OID secgECsecp128r2[] = { SECG_OID, 0x1d };
518 CONST_OID secgECsecp160k1[] = { SECG_OID, 0x09 };
519 CONST_OID secgECsecp160r1[] = { SECG_OID, 0x08 };
520 CONST_OID secgECsecp160r2[] = { SECG_OID, 0x1e };
521 CONST_OID secgECsecp192k1[] = { SECG_OID, 0x1f };
522 CONST_OID secgECsecp224k1[] = { SECG_OID, 0x20 };
523 CONST_OID secgECsecp224r1[] = { SECG_OID, 0x21 };
524 CONST_OID secgECsecp256k1[] = { SECG_OID, 0x0a };
525 CONST_OID secgECsecp384r1[] = { SECG_OID, 0x22 };
526 CONST_OID secgECsecp521r1[] = { SECG_OID, 0x23 };
527
528 /* ANSI X9.62 characteristic two curve OIDs */
529 CONST_OID ansiX962c2pnb163v1[] = { ANSI_X962_GF2m_OID, 0x01 };
530 CONST_OID ansiX962c2pnb163v2[] = { ANSI_X962_GF2m_OID, 0x02 };
531 CONST_OID ansiX962c2pnb163v3[] = { ANSI_X962_GF2m_OID, 0x03 };
532 CONST_OID ansiX962c2pnb176v1[] = { ANSI_X962_GF2m_OID, 0x04 };
533 CONST_OID ansiX962c2tnb191v1[] = { ANSI_X962_GF2m_OID, 0x05 };
534 CONST_OID ansiX962c2tnb191v2[] = { ANSI_X962_GF2m_OID, 0x06 };
535 CONST_OID ansiX962c2tnb191v3[] = { ANSI_X962_GF2m_OID, 0x07 };
536 CONST_OID ansiX962c2onb191v4[] = { ANSI_X962_GF2m_OID, 0x08 };
537 CONST_OID ansiX962c2onb191v5[] = { ANSI_X962_GF2m_OID, 0x09 };
538 CONST_OID ansiX962c2pnb208w1[] = { ANSI_X962_GF2m_OID, 0x0a };
539 CONST_OID ansiX962c2tnb239v1[] = { ANSI_X962_GF2m_OID, 0x0b };
540 CONST_OID ansiX962c2tnb239v2[] = { ANSI_X962_GF2m_OID, 0x0c };
541 CONST_OID ansiX962c2tnb239v3[] = { ANSI_X962_GF2m_OID, 0x0d };
542 CONST_OID ansiX962c2onb239v4[] = { ANSI_X962_GF2m_OID, 0x0e };
543 CONST_OID ansiX962c2onb239v5[] = { ANSI_X962_GF2m_OID, 0x0f };
544 CONST_OID ansiX962c2pnb272w1[] = { ANSI_X962_GF2m_OID, 0x10 };
545 CONST_OID ansiX962c2pnb304w1[] = { ANSI_X962_GF2m_OID, 0x11 };
546 CONST_OID ansiX962c2tnb359v1[] = { ANSI_X962_GF2m_OID, 0x12 };
547 CONST_OID ansiX962c2pnb368w1[] = { ANSI_X962_GF2m_OID, 0x13 };
548 CONST_OID ansiX962c2tnb431r1[] = { ANSI_X962_GF2m_OID, 0x14 };
549
550 /* SECG characterisitic two curve OIDs */
551 CONST_OID secgECsect113r1[] = {SECG_OID, 0x04 };
552 CONST_OID secgECsect113r2[] = {SECG_OID, 0x05 };
553 CONST_OID secgECsect131r1[] = {SECG_OID, 0x16 };
554 CONST_OID secgECsect131r2[] = {SECG_OID, 0x17 };
555 CONST_OID secgECsect163k1[] = {SECG_OID, 0x01 };
556 CONST_OID secgECsect163r1[] = {SECG_OID, 0x02 };
557 CONST_OID secgECsect163r2[] = {SECG_OID, 0x0f };
558 CONST_OID secgECsect193r1[] = {SECG_OID, 0x18 };
559 CONST_OID secgECsect193r2[] = {SECG_OID, 0x19 };
560 CONST_OID secgECsect233k1[] = {SECG_OID, 0x1a };
561 CONST_OID secgECsect233r1[] = {SECG_OID, 0x1b };
562 CONST_OID secgECsect239k1[] = {SECG_OID, 0x03 };
563 CONST_OID secgECsect283k1[] = {SECG_OID, 0x10 };
564 CONST_OID secgECsect283r1[] = {SECG_OID, 0x11 };
565 CONST_OID secgECsect409k1[] = {SECG_OID, 0x24 };
566 CONST_OID secgECsect409r1[] = {SECG_OID, 0x25 };
567 CONST_OID secgECsect571k1[] = {SECG_OID, 0x26 };
568 CONST_OID secgECsect571r1[] = {SECG_OID, 0x27 };
569
570 #define OI(x) { siDEROID, (unsigned char *)x, sizeof x }
571 #ifndef SECOID_NO_STRINGS
572 #define OD(oid,tag,desc,mech,ext) { OI(oid), tag, desc, mech, ext }
573 #else
574 #define OD(oid,tag,desc,mech,ext) { OI(oid), tag, 0, mech, ext }
575 #endif
576
577 #if defined(NSS_ALLOW_UNSUPPORTED_CRITICAL)
578 #define FAKE_SUPPORTED_CERT_EXTENSION SUPPORTED_CERT_EXTENSION
579 #else
580 #define FAKE_SUPPORTED_CERT_EXTENSION UNSUPPORTED_CERT_EXTENSION
581 #endif
582
583 /*
584 * NOTE: the order of these entries must mach the SECOidTag enum in secoidt.h!
585 */
586 const static SECOidData oids[] = {
587 { { siDEROID, NULL, 0 }, SEC_OID_UNKNOWN,
588 "Unknown OID", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
589 OD( md2, SEC_OID_MD2, "MD2", CKM_MD2, INVALID_CERT_EXTENSION ),
590 OD( md4, SEC_OID_MD4,
591 "MD4", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
592 OD( md5, SEC_OID_MD5, "MD5", CKM_MD5, INVALID_CERT_EXTENSION ),
593 OD( sha1, SEC_OID_SHA1, "SHA-1", CKM_SHA_1, INVALID_CERT_EXTENSION ),
594 OD( rc2cbc, SEC_OID_RC2_CBC,
595 "RC2-CBC", CKM_RC2_CBC, INVALID_CERT_EXTENSION ),
596 OD( rc4, SEC_OID_RC4, "RC4", CKM_RC4, INVALID_CERT_EXTENSION ),
597 OD( desede3cbc, SEC_OID_DES_EDE3_CBC,
598 "DES-EDE3-CBC", CKM_DES3_CBC, INVALID_CERT_EXTENSION ),
599 OD( rc5cbcpad, SEC_OID_RC5_CBC_PAD,
600 "RC5-CBCPad", CKM_RC5_CBC, INVALID_CERT_EXTENSION ),
601 OD( desecb, SEC_OID_DES_ECB,
602 "DES-ECB", CKM_DES_ECB, INVALID_CERT_EXTENSION ),
603 OD( descbc, SEC_OID_DES_CBC,
604 "DES-CBC", CKM_DES_CBC, INVALID_CERT_EXTENSION ),
605 OD( desofb, SEC_OID_DES_OFB,
606 "DES-OFB", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
607 OD( descfb, SEC_OID_DES_CFB,
608 "DES-CFB", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
609 OD( desmac, SEC_OID_DES_MAC,
610 "DES-MAC", CKM_DES_MAC, INVALID_CERT_EXTENSION ),
611 OD( desede, SEC_OID_DES_EDE,
612 "DES-EDE", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
613 OD( isoSHAWithRSASignature, SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE,
614 "ISO SHA with RSA Signature",
615 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
616 OD( pkcs1RSAEncryption, SEC_OID_PKCS1_RSA_ENCRYPTION,
617 "PKCS #1 RSA Encryption", CKM_RSA_PKCS, INVALID_CERT_EXTENSION ),
618
619 /* the following Signing mechanisms should get new CKM_ values when
620 * values for CKM_RSA_WITH_MDX and CKM_RSA_WITH_SHA_1 get defined in
621 * PKCS #11.
622 */
623 OD( pkcs1MD2WithRSAEncryption, SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION,
624 "PKCS #1 MD2 With RSA Encryption", CKM_MD2_RSA_PKCS,
625 INVALID_CERT_EXTENSION ),
626 OD( pkcs1MD4WithRSAEncryption, SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION,
627 "PKCS #1 MD4 With RSA Encryption",
628 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
629 OD( pkcs1MD5WithRSAEncryption, SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION,
630 "PKCS #1 MD5 With RSA Encryption", CKM_MD5_RSA_PKCS,
631 INVALID_CERT_EXTENSION ),
632 OD( pkcs1SHA1WithRSAEncryption, SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION,
633 "PKCS #1 SHA-1 With RSA Encryption", CKM_SHA1_RSA_PKCS,
634 INVALID_CERT_EXTENSION ),
635
636 OD( pkcs5PbeWithMD2AndDEScbc, SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC,
637 "PKCS #5 Password Based Encryption with MD2 and DES CBC",
638 CKM_PBE_MD2_DES_CBC, INVALID_CERT_EXTENSION ),
639 OD( pkcs5PbeWithMD5AndDEScbc, SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC,
640 "PKCS #5 Password Based Encryption with MD5 and DES CBC",
641 CKM_PBE_MD5_DES_CBC, INVALID_CERT_EXTENSION ),
642 OD( pkcs5PbeWithSha1AndDEScbc, SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC,
643 "PKCS #5 Password Based Encryption with SHA1 and DES CBC",
644 CKM_NETSCAPE_PBE_SHA1_DES_CBC, INVALID_CERT_EXTENSION ),
645 OD( pkcs7, SEC_OID_PKCS7,
646 "PKCS #7", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
647 OD( pkcs7Data, SEC_OID_PKCS7_DATA,
648 "PKCS #7 Data", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
649 OD( pkcs7SignedData, SEC_OID_PKCS7_SIGNED_DATA,
650 "PKCS #7 Signed Data", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
651 OD( pkcs7EnvelopedData, SEC_OID_PKCS7_ENVELOPED_DATA,
652 "PKCS #7 Enveloped Data",
653 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
654 OD( pkcs7SignedEnvelopedData, SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA,
655 "PKCS #7 Signed And Enveloped Data",
656 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
657 OD( pkcs7DigestedData, SEC_OID_PKCS7_DIGESTED_DATA,
658 "PKCS #7 Digested Data",
659 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
660 OD( pkcs7EncryptedData, SEC_OID_PKCS7_ENCRYPTED_DATA,
661 "PKCS #7 Encrypted Data",
662 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
663 OD( pkcs9EmailAddress, SEC_OID_PKCS9_EMAIL_ADDRESS,
664 "PKCS #9 Email Address",
665 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
666 OD( pkcs9UnstructuredName, SEC_OID_PKCS9_UNSTRUCTURED_NAME,
667 "PKCS #9 Unstructured Name",
668 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
669 OD( pkcs9ContentType, SEC_OID_PKCS9_CONTENT_TYPE,
670 "PKCS #9 Content Type",
671 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
672 OD( pkcs9MessageDigest, SEC_OID_PKCS9_MESSAGE_DIGEST,
673 "PKCS #9 Message Digest",
674 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
675 OD( pkcs9SigningTime, SEC_OID_PKCS9_SIGNING_TIME,
676 "PKCS #9 Signing Time",
677 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
678 OD( pkcs9CounterSignature, SEC_OID_PKCS9_COUNTER_SIGNATURE,
679 "PKCS #9 Counter Signature",
680 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
681 OD( pkcs9ChallengePassword, SEC_OID_PKCS9_CHALLENGE_PASSWORD,
682 "PKCS #9 Challenge Password",
683 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
684 OD( pkcs9UnstructuredAddress, SEC_OID_PKCS9_UNSTRUCTURED_ADDRESS,
685 "PKCS #9 Unstructured Address",
686 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
687 OD( pkcs9ExtendedCertificateAttributes,
688 SEC_OID_PKCS9_EXTENDED_CERTIFICATE_ATTRIBUTES,
689 "PKCS #9 Extended Certificate Attributes",
690 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
691 OD( pkcs9SMIMECapabilities, SEC_OID_PKCS9_SMIME_CAPABILITIES,
692 "PKCS #9 S/MIME Capabilities",
693 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
694 OD( x520CommonName, SEC_OID_AVA_COMMON_NAME,
695 "X520 Common Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
696 OD( x520CountryName, SEC_OID_AVA_COUNTRY_NAME,
697 "X520 Country Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
698 OD( x520LocalityName, SEC_OID_AVA_LOCALITY,
699 "X520 Locality Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
700 OD( x520StateOrProvinceName, SEC_OID_AVA_STATE_OR_PROVINCE,
701 "X520 State Or Province Name",
702 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
703 OD( x520OrgName, SEC_OID_AVA_ORGANIZATION_NAME,
704 "X520 Organization Name",
705 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
706 OD( x520OrgUnitName, SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME,
707 "X520 Organizational Unit Name",
708 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
709 OD( x520DnQualifier, SEC_OID_AVA_DN_QUALIFIER,
710 "X520 DN Qualifier", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
711 OD( rfc2247DomainComponent, SEC_OID_AVA_DC,
712 "RFC 2247 Domain Component",
713 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
714
715 OD( nsTypeGIF, SEC_OID_NS_TYPE_GIF,
716 "GIF", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
717 OD( nsTypeJPEG, SEC_OID_NS_TYPE_JPEG,
718 "JPEG", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
719 OD( nsTypeURL, SEC_OID_NS_TYPE_URL,
720 "URL", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
721 OD( nsTypeHTML, SEC_OID_NS_TYPE_HTML,
722 "HTML", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
723 OD( nsTypeCertSeq, SEC_OID_NS_TYPE_CERT_SEQUENCE,
724 "Certificate Sequence",
725 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
726 OD( missiCertKEADSSOld, SEC_OID_MISSI_KEA_DSS_OLD,
727 "MISSI KEA and DSS Algorithm (Old)",
728 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
729 OD( missiCertDSSOld, SEC_OID_MISSI_DSS_OLD,
730 "MISSI DSS Algorithm (Old)",
731 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
732 OD( missiCertKEADSS, SEC_OID_MISSI_KEA_DSS,
733 "MISSI KEA and DSS Algorithm",
734 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
735 OD( missiCertDSS, SEC_OID_MISSI_DSS,
736 "MISSI DSS Algorithm",
737 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
738 OD( missiCertKEA, SEC_OID_MISSI_KEA,
739 "MISSI KEA Algorithm",
740 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
741 OD( missiCertAltKEA, SEC_OID_MISSI_ALT_KEA,
742 "MISSI Alternate KEA Algorithm",
743 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
744
745 /* Netscape private extensions */
746 OD( nsCertExtNetscapeOK, SEC_OID_NS_CERT_EXT_NETSCAPE_OK,
747 "Netscape says this cert is OK",
748 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
749 OD( nsCertExtIssuerLogo, SEC_OID_NS_CERT_EXT_ISSUER_LOGO,
750 "Certificate Issuer Logo",
751 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
752 OD( nsCertExtSubjectLogo, SEC_OID_NS_CERT_EXT_SUBJECT_LOGO,
753 "Certificate Subject Logo",
754 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
755 OD( nsExtCertType, SEC_OID_NS_CERT_EXT_CERT_TYPE,
756 "Certificate Type",
757 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
758 OD( nsExtBaseURL, SEC_OID_NS_CERT_EXT_BASE_URL,
759 "Certificate Extension Base URL",
760 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
761 OD( nsExtRevocationURL, SEC_OID_NS_CERT_EXT_REVOCATION_URL,
762 "Certificate Revocation URL",
763 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
764 OD( nsExtCARevocationURL, SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL,
765 "Certificate Authority Revocation URL",
766 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
767 OD( nsExtCACRLURL, SEC_OID_NS_CERT_EXT_CA_CRL_URL,
768 "Certificate Authority CRL Download URL",
769 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
770 OD( nsExtCACertURL, SEC_OID_NS_CERT_EXT_CA_CERT_URL,
771 "Certificate Authority Certificate Download URL",
772 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
773 OD( nsExtCertRenewalURL, SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL,
774 "Certificate Renewal URL",
775 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
776 OD( nsExtCAPolicyURL, SEC_OID_NS_CERT_EXT_CA_POLICY_URL,
777 "Certificate Authority Policy URL",
778 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
779 OD( nsExtHomepageURL, SEC_OID_NS_CERT_EXT_HOMEPAGE_URL,
780 "Certificate Homepage URL",
781 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
782 OD( nsExtEntityLogo, SEC_OID_NS_CERT_EXT_ENTITY_LOGO,
783 "Certificate Entity Logo",
784 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
785 OD( nsExtUserPicture, SEC_OID_NS_CERT_EXT_USER_PICTURE,
786 "Certificate User Picture",
787 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
788 OD( nsExtSSLServerName, SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME,
789 "Certificate SSL Server Name",
790 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
791 OD( nsExtComment, SEC_OID_NS_CERT_EXT_COMMENT,
792 "Certificate Comment",
793 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
794 OD( nsExtLostPasswordURL, SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL,
795 "Lost Password URL",
796 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
797 OD( nsExtCertRenewalTime, SEC_OID_NS_CERT_EXT_CERT_RENEWAL_TIME,
798 "Certificate Renewal Time",
799 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
800 OD( nsKeyUsageGovtApproved, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED,
801 "Strong Crypto Export Approved",
802 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
803
804
805 /* x.509 v3 certificate extensions */
806 OD( x509SubjectDirectoryAttr, SEC_OID_X509_SUBJECT_DIRECTORY_ATTR,
807 "Certificate Subject Directory Attributes",
808 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION),
809 OD( x509SubjectKeyID, SEC_OID_X509_SUBJECT_KEY_ID,
810 "Certificate Subject Key ID",
811 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
812 OD( x509KeyUsage, SEC_OID_X509_KEY_USAGE,
813 "Certificate Key Usage",
814 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
815 OD( x509PrivateKeyUsagePeriod, SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD,
816 "Certificate Private Key Usage Period",
817 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
818 OD( x509SubjectAltName, SEC_OID_X509_SUBJECT_ALT_NAME,
819 "Certificate Subject Alt Name",
820 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
821 OD( x509IssuerAltName, SEC_OID_X509_ISSUER_ALT_NAME,
822 "Certificate Issuer Alt Name",
823 CKM_INVALID_MECHANISM, FAKE_SUPPORTED_CERT_EXTENSION ),
824 OD( x509BasicConstraints, SEC_OID_X509_BASIC_CONSTRAINTS,
825 "Certificate Basic Constraints",
826 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
827 OD( x509NameConstraints, SEC_OID_X509_NAME_CONSTRAINTS,
828 "Certificate Name Constraints",
829 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
830 OD( x509CRLDistPoints, SEC_OID_X509_CRL_DIST_POINTS,
831 "CRL Distribution Points",
832 CKM_INVALID_MECHANISM, FAKE_SUPPORTED_CERT_EXTENSION ),
833 OD( x509CertificatePolicies, SEC_OID_X509_CERTIFICATE_POLICIES,
834 "Certificate Policies",
835 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
836 OD( x509PolicyMappings, SEC_OID_X509_POLICY_MAPPINGS,
837 "Certificate Policy Mappings",
838 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
839 OD( x509PolicyConstraints, SEC_OID_X509_POLICY_CONSTRAINTS,
840 "Certificate Policy Constraints",
841 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
842 OD( x509AuthKeyID, SEC_OID_X509_AUTH_KEY_ID,
843 "Certificate Authority Key Identifier",
844 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
845 OD( x509ExtKeyUsage, SEC_OID_X509_EXT_KEY_USAGE,
846 "Extended Key Usage",
847 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
848 OD( x509AuthInfoAccess, SEC_OID_X509_AUTH_INFO_ACCESS,
849 "Authority Information Access",
850 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
851
852 /* x.509 v3 CRL extensions */
853 OD( x509CRLNumber, SEC_OID_X509_CRL_NUMBER,
854 "CRL Number", CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
855 OD( x509ReasonCode, SEC_OID_X509_REASON_CODE,
856 "CRL reason code", CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
857 OD( x509InvalidDate, SEC_OID_X509_INVALID_DATE,
858 "Invalid Date", CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
859
860 OD( x500RSAEncryption, SEC_OID_X500_RSA_ENCRYPTION,
861 "X500 RSA Encryption", CKM_RSA_X_509, INVALID_CERT_EXTENSION ),
862
863 /* added for alg 1485 */
864 OD( rfc1274Uid, SEC_OID_RFC1274_UID,
865 "RFC1274 User Id", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
866 OD( rfc1274Mail, SEC_OID_RFC1274_MAIL,
867 "RFC1274 E-mail Address",
868 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
869
870 /* pkcs 12 additions */
871 OD( pkcs12, SEC_OID_PKCS12,
872 "PKCS #12", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
873 OD( pkcs12ModeIDs, SEC_OID_PKCS12_MODE_IDS,
874 "PKCS #12 Mode IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
875 OD( pkcs12ESPVKIDs, SEC_OID_PKCS12_ESPVK_IDS,
876 "PKCS #12 ESPVK IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
877 OD( pkcs12BagIDs, SEC_OID_PKCS12_BAG_IDS,
878 "PKCS #12 Bag IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
879 OD( pkcs12CertBagIDs, SEC_OID_PKCS12_CERT_BAG_IDS,
880 "PKCS #12 Cert Bag IDs",
881 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
882 OD( pkcs12OIDs, SEC_OID_PKCS12_OIDS,
883 "PKCS #12 OIDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
884 OD( pkcs12PBEIDs, SEC_OID_PKCS12_PBE_IDS,
885 "PKCS #12 PBE IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
886 OD( pkcs12SignatureIDs, SEC_OID_PKCS12_SIGNATURE_IDS,
887 "PKCS #12 Signature IDs",
888 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
889 OD( pkcs12EnvelopingIDs, SEC_OID_PKCS12_ENVELOPING_IDS,
890 "PKCS #12 Enveloping IDs",
891 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
892 OD( pkcs12PKCS8KeyShrouding, SEC_OID_PKCS12_PKCS8_KEY_SHROUDING,
893 "PKCS #12 Key Shrouding",
894 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
895 OD( pkcs12KeyBagID, SEC_OID_PKCS12_KEY_BAG_ID,
896 "PKCS #12 Key Bag ID",
897 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
898 OD( pkcs12CertAndCRLBagID, SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID,
899 "PKCS #12 Cert And CRL Bag ID",
900 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
901 OD( pkcs12SecretBagID, SEC_OID_PKCS12_SECRET_BAG_ID,
902 "PKCS #12 Secret Bag ID",
903 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
904 OD( pkcs12X509CertCRLBag, SEC_OID_PKCS12_X509_CERT_CRL_BAG,
905 "PKCS #12 X509 Cert CRL Bag",
906 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
907 OD( pkcs12SDSICertBag, SEC_OID_PKCS12_SDSI_CERT_BAG,
908 "PKCS #12 SDSI Cert Bag",
909 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
910 OD( pkcs12PBEWithSha1And128BitRC4,
911 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4,
912 "PKCS #12 PBE With Sha1 and 128 Bit RC4",
913 CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4, INVALID_CERT_EXTENSION ),
914 OD( pkcs12PBEWithSha1And40BitRC4,
915 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4,
916 "PKCS #12 PBE With Sha1 and 40 Bit RC4",
917 CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4, INVALID_CERT_EXTENSION ),
918 OD( pkcs12PBEWithSha1AndTripleDESCBC,
919 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC,
920 "PKCS #12 PBE With Sha1 and Triple DES CBC",
921 CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC, INVALID_CERT_EXTENSION ),
922 OD( pkcs12PBEWithSha1And128BitRC2CBC,
923 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC,
924 "PKCS #12 PBE With Sha1 and 128 Bit RC2 CBC",
925 CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC, INVALID_CERT_EXTENSION ),
926 OD( pkcs12PBEWithSha1And40BitRC2CBC,
927 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC,
928 "PKCS #12 PBE With Sha1 and 40 Bit RC2 CBC",
929 CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC, INVALID_CERT_EXTENSION ),
930 OD( pkcs12RSAEncryptionWith128BitRC4,
931 SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_128_BIT_RC4,
932 "PKCS #12 RSA Encryption with 128 Bit RC4",
933 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
934 OD( pkcs12RSAEncryptionWith40BitRC4,
935 SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_40_BIT_RC4,
936 "PKCS #12 RSA Encryption with 40 Bit RC4",
937 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
938 OD( pkcs12RSAEncryptionWithTripleDES,
939 SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_TRIPLE_DES,
940 "PKCS #12 RSA Encryption with Triple DES",
941 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
942 OD( pkcs12RSASignatureWithSHA1Digest,
943 SEC_OID_PKCS12_RSA_SIGNATURE_WITH_SHA1_DIGEST,
944 "PKCS #12 RSA Encryption with Triple DES",
945 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
946
947 /* DSA signatures */
948 OD( ansix9DSASignature, SEC_OID_ANSIX9_DSA_SIGNATURE,
949 "ANSI X9.57 DSA Signature", CKM_DSA, INVALID_CERT_EXTENSION ),
950 OD( ansix9DSASignaturewithSHA1Digest,
951 SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST,
952 "ANSI X9.57 DSA Signature with SHA1 Digest",
953 CKM_DSA_SHA1, INVALID_CERT_EXTENSION ),
954 OD( bogusDSASignaturewithSHA1Digest,
955 SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST,
956 "FORTEZZA DSA Signature with SHA1 Digest",
957 CKM_DSA_SHA1, INVALID_CERT_EXTENSION ),
958
959 /* verisign oids */
960 OD( verisignUserNotices, SEC_OID_VERISIGN_USER_NOTICES,
961 "Verisign User Notices",
962 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
963
964 /* pkix oids */
965 OD( pkixCPSPointerQualifier, SEC_OID_PKIX_CPS_POINTER_QUALIFIER,
966 "PKIX CPS Pointer Qualifier",
967 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
968 OD( pkixUserNoticeQualifier, SEC_OID_PKIX_USER_NOTICE_QUALIFIER,
969 "PKIX User Notice Qualifier",
970 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
971
972 OD( pkixOCSP, SEC_OID_PKIX_OCSP,
973 "PKIX Online Certificate Status Protocol",
974 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
975 OD( pkixOCSPBasicResponse, SEC_OID_PKIX_OCSP_BASIC_RESPONSE,
976 "OCSP Basic Response", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
977 OD( pkixOCSPNonce, SEC_OID_PKIX_OCSP_NONCE,
978 "OCSP Nonce Extension", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
979 OD( pkixOCSPCRL, SEC_OID_PKIX_OCSP_CRL,
980 "OCSP CRL Reference Extension",
981 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
982 OD( pkixOCSPResponse, SEC_OID_PKIX_OCSP_RESPONSE,
983 "OCSP Response Types Extension",
984 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
985 OD( pkixOCSPNoCheck, SEC_OID_PKIX_OCSP_NO_CHECK,
986 "OCSP No Check Extension",
987 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
988 OD( pkixOCSPArchiveCutoff, SEC_OID_PKIX_OCSP_ARCHIVE_CUTOFF,
989 "OCSP Archive Cutoff Extension",
990 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
991 OD( pkixOCSPServiceLocator, SEC_OID_PKIX_OCSP_SERVICE_LOCATOR,
992 "OCSP Service Locator Extension",
993 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
994
995 OD( pkixRegCtrlRegToken, SEC_OID_PKIX_REGCTRL_REGTOKEN,
996 "PKIX CRMF Registration Control, Registration Token",
997 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
998 OD( pkixRegCtrlAuthenticator, SEC_OID_PKIX_REGCTRL_AUTHENTICATOR,
999 "PKIX CRMF Registration Control, Registration Authenticator",
1000 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1001 OD( pkixRegCtrlPKIPubInfo, SEC_OID_PKIX_REGCTRL_PKIPUBINFO,
1002 "PKIX CRMF Registration Control, PKI Publication Info",
1003 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
1004 OD( pkixRegCtrlPKIArchOptions,
1005 SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS,
1006 "PKIX CRMF Registration Control, PKI Archive Options",
1007 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
1008 OD( pkixRegCtrlOldCertID, SEC_OID_PKIX_REGCTRL_OLD_CERT_ID,
1009 "PKIX CRMF Registration Control, Old Certificate ID",
1010 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
1011 OD( pkixRegCtrlProtEncKey, SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY,
1012 "PKIX CRMF Registration Control, Protocol Encryption Key",
1013 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
1014 OD( pkixRegInfoUTF8Pairs, SEC_OID_PKIX_REGINFO_UTF8_PAIRS,
1015 "PKIX CRMF Registration Info, UTF8 Pairs",
1016 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
1017 OD( pkixRegInfoCertReq, SEC_OID_PKIX_REGINFO_CERT_REQUEST,
1018 "PKIX CRMF Registration Info, Certificate Request",
1019 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
1020 OD( pkixExtendedKeyUsageServerAuth,
1021 SEC_OID_EXT_KEY_USAGE_SERVER_AUTH,
1022 "TLS Web Server Authentication Certificate",
1023 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
1024 OD( pkixExtendedKeyUsageClientAuth,
1025 SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH,
1026 "TLS Web Client Authentication Certificate",
1027 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
1028 OD( pkixExtendedKeyUsageCodeSign, SEC_OID_EXT_KEY_USAGE_CODE_SIGN,
1029 "Code Signing Certificate",
1030 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
1031 OD( pkixExtendedKeyUsageEMailProtect,
1032 SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT,
1033 "E-Mail Protection Certificate",
1034 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
1035 OD( pkixExtendedKeyUsageTimeStamp,
1036 SEC_OID_EXT_KEY_USAGE_TIME_STAMP,
1037 "Time Stamping Certifcate",
1038 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
1039 OD( pkixOCSPResponderExtendedKeyUsage, SEC_OID_OCSP_RESPONDER,
1040 "OCSP Responder Certificate",
1041 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
1042
1043 /* Netscape Algorithm OIDs */
1044
1045 OD( netscapeSMimeKEA, SEC_OID_NETSCAPE_SMIME_KEA,
1046 "Netscape S/MIME KEA", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1047
1048 /* Skipjack OID -- ### mwelch temporary */
1049 OD( skipjackCBC, SEC_OID_FORTEZZA_SKIPJACK,
1050 "Skipjack CBC64", CKM_SKIPJACK_CBC64, INVALID_CERT_EXTENSION ),
1051
1052 /* pkcs12 v2 oids */
1053 OD( pkcs12V2PBEWithSha1And128BitRC4,
1054 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4,
1055 "PKCS12 V2 PBE With SHA1 And 128 Bit RC4",
1056 CKM_PBE_SHA1_RC4_128, INVALID_CERT_EXTENSION ),
1057 OD( pkcs12V2PBEWithSha1And40BitRC4,
1058 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4,
1059 "PKCS12 V2 PBE With SHA1 And 40 Bit RC4",
1060 CKM_PBE_SHA1_RC4_40, INVALID_CERT_EXTENSION ),
1061 OD( pkcs12V2PBEWithSha1And3KeyTripleDEScbc,
1062 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC,
1063 "PKCS12 V2 PBE With SHA1 And 3KEY Triple DES-cbc",
1064 CKM_PBE_SHA1_DES3_EDE_CBC, INVALID_CERT_EXTENSION ),
1065 OD( pkcs12V2PBEWithSha1And2KeyTripleDEScbc,
1066 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC,
1067 "PKCS12 V2 PBE With SHA1 And 2KEY Triple DES-cbc",
1068 CKM_PBE_SHA1_DES2_EDE_CBC, INVALID_CERT_EXTENSION ),
1069 OD( pkcs12V2PBEWithSha1And128BitRC2cbc,
1070 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC,
1071 "PKCS12 V2 PBE With SHA1 And 128 Bit RC2 CBC",
1072 CKM_PBE_SHA1_RC2_128_CBC, INVALID_CERT_EXTENSION ),
1073 OD( pkcs12V2PBEWithSha1And40BitRC2cbc,
1074 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC,
1075 "PKCS12 V2 PBE With SHA1 And 40 Bit RC2 CBC",
1076 CKM_PBE_SHA1_RC2_40_CBC, INVALID_CERT_EXTENSION ),
1077 OD( pkcs12SafeContentsID, SEC_OID_PKCS12_SAFE_CONTENTS_ID,
1078 "PKCS #12 Safe Contents ID",
1079 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1080 OD( pkcs12PKCS8ShroudedKeyBagID,
1081 SEC_OID_PKCS12_PKCS8_SHROUDED_KEY_BAG_ID,
1082 "PKCS #12 Safe Contents ID",
1083 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1084 OD( pkcs12V1KeyBag, SEC_OID_PKCS12_V1_KEY_BAG_ID,
1085 "PKCS #12 V1 Key Bag",
1086 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1087 OD( pkcs12V1PKCS8ShroudedKeyBag,
1088 SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID,
1089 "PKCS #12 V1 PKCS8 Shrouded Key Bag",
1090 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1091 OD( pkcs12V1CertBag, SEC_OID_PKCS12_V1_CERT_BAG_ID,
1092 "PKCS #12 V1 Cert Bag",
1093 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1094 OD( pkcs12V1CRLBag, SEC_OID_PKCS12_V1_CRL_BAG_ID,
1095 "PKCS #12 V1 CRL Bag",
1096 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1097 OD( pkcs12V1SecretBag, SEC_OID_PKCS12_V1_SECRET_BAG_ID,
1098 "PKCS #12 V1 Secret Bag",
1099 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1100 OD( pkcs12V1SafeContentsBag, SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID,
1101 "PKCS #12 V1 Safe Contents Bag",
1102 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1103
1104 OD( pkcs9X509Certificate, SEC_OID_PKCS9_X509_CERT,
1105 "PKCS #9 X509 Certificate",
1106 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1107 OD( pkcs9SDSICertificate, SEC_OID_PKCS9_SDSI_CERT,
1108 "PKCS #9 SDSI Certificate",
1109 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1110 OD( pkcs9X509CRL, SEC_OID_PKCS9_X509_CRL,
1111 "PKCS #9 X509 CRL", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1112 OD( pkcs9FriendlyName, SEC_OID_PKCS9_FRIENDLY_NAME,
1113 "PKCS #9 Friendly Name",
1114 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1115 OD( pkcs9LocalKeyID, SEC_OID_PKCS9_LOCAL_KEY_ID,
1116 "PKCS #9 Local Key ID",
1117 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1118 OD( pkcs12KeyUsageAttr, SEC_OID_BOGUS_KEY_USAGE,
1119 "Bogus Key Usage", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1120 OD( dhPublicKey, SEC_OID_X942_DIFFIE_HELMAN_KEY,
1121 "Diffie-Helman Public Key", CKM_DH_PKCS_DERIVE,
1122 INVALID_CERT_EXTENSION ),
1123 OD( netscapeNickname, SEC_OID_NETSCAPE_NICKNAME,
1124 "Netscape Nickname", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1125
1126 /* Cert Server specific OIDs */
1127 OD( netscapeRecoveryRequest, SEC_OID_NETSCAPE_RECOVERY_REQUEST,
1128 "Recovery Request OID",
1129 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1130
1131 OD( nsExtAIACertRenewal, SEC_OID_CERT_RENEWAL_LOCATOR,
1132 "Certificate Renewal Locator OID", CKM_INVALID_MECHANISM,
1133 INVALID_CERT_EXTENSION ),
1134
1135 OD( nsExtCertScopeOfUse, SEC_OID_NS_CERT_EXT_SCOPE_OF_USE,
1136 "Certificate Scope-of-Use Extension", CKM_INVALID_MECHANISM,
1137 SUPPORTED_CERT_EXTENSION ),
1138
1139 /* CMS stuff */
1140 OD( cmsESDH, SEC_OID_CMS_EPHEMERAL_STATIC_DIFFIE_HELLMAN,
1141 "Ephemeral-Static Diffie-Hellman", CKM_INVALID_MECHANISM /* XXX */,
1142 INVALID_CERT_EXTENSION ),
1143 OD( cms3DESwrap, SEC_OID_CMS_3DES_KEY_WRAP,
1144 "CMS 3DES Key Wrap", CKM_INVALID_MECHANISM /* XXX */,
1145 INVALID_CERT_EXTENSION ),
1146 OD( cmsRC2wrap, SEC_OID_CMS_RC2_KEY_WRAP,
1147 "CMS RC2 Key Wrap", CKM_INVALID_MECHANISM /* XXX */,
1148 INVALID_CERT_EXTENSION ),
1149 OD( smimeEncryptionKeyPreference, SEC_OID_SMIME_ENCRYPTION_KEY_PREFERENCE,
1150 "S/MIME Encryption Key Preference",
1151 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1152
1153 /* AES algorithm OIDs */
1154 OD( aes128_ECB, SEC_OID_AES_128_ECB,
1155 "AES-128-ECB", CKM_AES_ECB, INVALID_CERT_EXTENSION ),
1156 OD( aes128_CBC, SEC_OID_AES_128_CBC,
1157 "AES-128-CBC", CKM_AES_CBC, INVALID_CERT_EXTENSION ),
1158 OD( aes192_ECB, SEC_OID_AES_192_ECB,
1159 "AES-192-ECB", CKM_AES_ECB, INVALID_CERT_EXTENSION ),
1160 OD( aes192_CBC, SEC_OID_AES_192_CBC,
1161 "AES-192-CBC", CKM_AES_CBC, INVALID_CERT_EXTENSION ),
1162 OD( aes256_ECB, SEC_OID_AES_256_ECB,
1163 "AES-256-ECB", CKM_AES_ECB, INVALID_CERT_EXTENSION ),
1164 OD( aes256_CBC, SEC_OID_AES_256_CBC,
1165 "AES-256-CBC", CKM_AES_CBC, INVALID_CERT_EXTENSION ),
1166
1167 /* More bogus DSA OIDs */
1168 OD( sdn702DSASignature, SEC_OID_SDN702_DSA_SIGNATURE,
1169 "SDN.702 DSA Signature", CKM_DSA_SHA1, INVALID_CERT_EXTENSION ),
1170
1171 OD( ms_smimeEncryptionKeyPreference,
1172 SEC_OID_MS_SMIME_ENCRYPTION_KEY_PREFERENCE,
1173 "Microsoft S/MIME Encryption Key Preference",
1174 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1175
1176 OD( sha256, SEC_OID_SHA256, "SHA-256", CKM_SHA256, INVALID_CERT_EXTENSION),
1177 OD( sha384, SEC_OID_SHA384, "SHA-384", CKM_SHA384, INVALID_CERT_EXTENSION),
1178 OD( sha512, SEC_OID_SHA512, "SHA-512", CKM_SHA512, INVALID_CERT_EXTENSION),
1179
1180 OD( pkcs1SHA256WithRSAEncryption, SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION,
1181 "PKCS #1 SHA-256 With RSA Encryption", CKM_SHA256_RSA_PKCS,
1182 INVALID_CERT_EXTENSION ),
1183 OD( pkcs1SHA384WithRSAEncryption, SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION,
1184 "PKCS #1 SHA-384 With RSA Encryption", CKM_SHA384_RSA_PKCS,
1185 INVALID_CERT_EXTENSION ),
1186 OD( pkcs1SHA512WithRSAEncryption, SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION,
1187 "PKCS #1 SHA-512 With RSA Encryption", CKM_SHA512_RSA_PKCS,
1188 INVALID_CERT_EXTENSION ),
1189
1190 OD( aes128_KEY_WRAP, SEC_OID_AES_128_KEY_WRAP,
1191 "AES-128 Key Wrap", CKM_NETSCAPE_AES_KEY_WRAP, INVALID_CERT_EXTENSION),
1192 OD( aes192_KEY_WRAP, SEC_OID_AES_192_KEY_WRAP,
1193 "AES-192 Key Wrap", CKM_NETSCAPE_AES_KEY_WRAP, INVALID_CERT_EXTENSION),
1194 OD( aes256_KEY_WRAP, SEC_OID_AES_256_KEY_WRAP,
1195 "AES-256 Key Wrap", CKM_NETSCAPE_AES_KEY_WRAP, INVALID_CERT_EXTENSION),
1196
1197 /* Elliptic Curve Cryptography (ECC) OIDs */
1198 OD( ansix962ECPublicKey, SEC_OID_ANSIX962_EC_PUBLIC_KEY,
1199 "X9.62 elliptic curve public key", CKM_ECDH1_DERIVE,
1200 INVALID_CERT_EXTENSION ),
1201 OD( ansix962SignaturewithSHA1Digest,
1202 SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE,
1203 "X9.62 ECDSA signature with SHA1", CKM_ECDSA_SHA1,
1204 INVALID_CERT_EXTENSION ),
1205
1206 /* Named curves */
1207
1208 /* ANSI X9.62 named elliptic curves (prime field) */
1209 OD( ansiX962prime192v1, SEC_OID_ANSIX962_EC_PRIME192V1,
1210 "ANSI X9.62 elliptic curve prime192v1 (aka secp192r1, NIST P-192)",
1211 CKM_INVALID_MECHANISM,
1212 INVALID_CERT_EXTENSION ),
1213 OD( ansiX962prime192v2, SEC_OID_ANSIX962_EC_PRIME192V2,
1214 "ANSI X9.62 elliptic curve prime192v2",
1215 CKM_INVALID_MECHANISM,
1216 INVALID_CERT_EXTENSION ),
1217 OD( ansiX962prime192v3, SEC_OID_ANSIX962_EC_PRIME192V3,
1218 "ANSI X9.62 elliptic curve prime192v3",
1219 CKM_INVALID_MECHANISM,
1220 INVALID_CERT_EXTENSION ),
1221 OD( ansiX962prime239v1, SEC_OID_ANSIX962_EC_PRIME239V1,
1222 "ANSI X9.62 elliptic curve prime239v1",
1223 CKM_INVALID_MECHANISM,
1224 INVALID_CERT_EXTENSION ),
1225 OD( ansiX962prime239v2, SEC_OID_ANSIX962_EC_PRIME239V2,
1226 "ANSI X9.62 elliptic curve prime239v2",
1227 CKM_INVALID_MECHANISM,
1228 INVALID_CERT_EXTENSION ),
1229 OD( ansiX962prime239v3, SEC_OID_ANSIX962_EC_PRIME239V3,
1230 "ANSI X9.62 elliptic curve prime239v3",
1231 CKM_INVALID_MECHANISM,
1232 INVALID_CERT_EXTENSION ),
1233 OD( ansiX962prime256v1, SEC_OID_ANSIX962_EC_PRIME256V1,
1234 "ANSI X9.62 elliptic curve prime256v1 (aka secp256r1, NIST P-256)",
1235 CKM_INVALID_MECHANISM,
1236 INVALID_CERT_EXTENSION ),
1237
1238 /* SECG named elliptic curves (prime field) */
1239 OD( secgECsecp112r1, SEC_OID_SECG_EC_SECP112R1,
1240 "SECG elliptic curve secp112r1",
1241 CKM_INVALID_MECHANISM,
1242 INVALID_CERT_EXTENSION ),
1243 OD( secgECsecp112r2, SEC_OID_SECG_EC_SECP112R2,
1244 "SECG elliptic curve secp112r2",
1245 CKM_INVALID_MECHANISM,
1246 INVALID_CERT_EXTENSION ),
1247 OD( secgECsecp128r1, SEC_OID_SECG_EC_SECP128R1,
1248 "SECG elliptic curve secp128r1",
1249 CKM_INVALID_MECHANISM,
1250 INVALID_CERT_EXTENSION ),
1251 OD( secgECsecp128r2, SEC_OID_SECG_EC_SECP128R2,
1252 "SECG elliptic curve secp128r2",
1253 CKM_INVALID_MECHANISM,
1254 INVALID_CERT_EXTENSION ),
1255 OD( secgECsecp160k1, SEC_OID_SECG_EC_SECP160K1,
1256 "SECG elliptic curve secp160k1",
1257 CKM_INVALID_MECHANISM,
1258 INVALID_CERT_EXTENSION ),
1259 OD( secgECsecp160r1, SEC_OID_SECG_EC_SECP160R1,
1260 "SECG elliptic curve secp160r1",
1261 CKM_INVALID_MECHANISM,
1262 INVALID_CERT_EXTENSION ),
1263 OD( secgECsecp160r2, SEC_OID_SECG_EC_SECP160R2,
1264 "SECG elliptic curve secp160r2",
1265 CKM_INVALID_MECHANISM,
1266 INVALID_CERT_EXTENSION ),
1267 OD( secgECsecp192k1, SEC_OID_SECG_EC_SECP192K1,
1268 "SECG elliptic curve secp192k1",
1269 CKM_INVALID_MECHANISM,
1270 INVALID_CERT_EXTENSION ),
1271 OD( secgECsecp224k1, SEC_OID_SECG_EC_SECP224K1,
1272 "SECG elliptic curve secp224k1",
1273 CKM_INVALID_MECHANISM,
1274 INVALID_CERT_EXTENSION ),
1275 OD( secgECsecp224r1, SEC_OID_SECG_EC_SECP224R1,
1276 "SECG elliptic curve secp224r1 (aka NIST P-224)",
1277 CKM_INVALID_MECHANISM,
1278 INVALID_CERT_EXTENSION ),
1279 OD( secgECsecp256k1, SEC_OID_SECG_EC_SECP256K1,
1280 "SECG elliptic curve secp256k1",
1281 CKM_INVALID_MECHANISM,
1282 INVALID_CERT_EXTENSION ),
1283 OD( secgECsecp384r1, SEC_OID_SECG_EC_SECP384R1,
1284 "SECG elliptic curve secp384r1 (aka NIST P-384)",
1285 CKM_INVALID_MECHANISM,
1286 INVALID_CERT_EXTENSION ),
1287 OD( secgECsecp521r1, SEC_OID_SECG_EC_SECP521R1,
1288 "SECG elliptic curve secp521r1 (aka NIST P-521)",
1289 CKM_INVALID_MECHANISM,
1290 INVALID_CERT_EXTENSION ),
1291
1292 /* ANSI X9.62 named elliptic curves (characteristic two field) */
1293 OD( ansiX962c2pnb163v1, SEC_OID_ANSIX962_EC_C2PNB163V1,
1294 "ANSI X9.62 elliptic curve c2pnb163v1",
1295 CKM_INVALID_MECHANISM,
1296 INVALID_CERT_EXTENSION ),
1297 OD( ansiX962c2pnb163v2, SEC_OID_ANSIX962_EC_C2PNB163V2,
1298 "ANSI X9.62 elliptic curve c2pnb163v2",
1299 CKM_INVALID_MECHANISM,
1300 INVALID_CERT_EXTENSION ),
1301 OD( ansiX962c2pnb163v3, SEC_OID_ANSIX962_EC_C2PNB163V3,
1302 "ANSI X9.62 elliptic curve c2pnb163v3",
1303 CKM_INVALID_MECHANISM,
1304 INVALID_CERT_EXTENSION ),
1305 OD( ansiX962c2pnb176v1, SEC_OID_ANSIX962_EC_C2PNB176V1,
1306 "ANSI X9.62 elliptic curve c2pnb176v1",
1307 CKM_INVALID_MECHANISM,
1308 INVALID_CERT_EXTENSION ),
1309 OD( ansiX962c2tnb191v1, SEC_OID_ANSIX962_EC_C2TNB191V1,
1310 "ANSI X9.62 elliptic curve c2tnb191v1",
1311 CKM_INVALID_MECHANISM,
1312 INVALID_CERT_EXTENSION ),
1313 OD( ansiX962c2tnb191v2, SEC_OID_ANSIX962_EC_C2TNB191V2,
1314 "ANSI X9.62 elliptic curve c2tnb191v2",
1315 CKM_INVALID_MECHANISM,
1316 INVALID_CERT_EXTENSION ),
1317 OD( ansiX962c2tnb191v3, SEC_OID_ANSIX962_EC_C2TNB191V3,
1318 "ANSI X9.62 elliptic curve c2tnb191v3",
1319 CKM_INVALID_MECHANISM,
1320 INVALID_CERT_EXTENSION ),
1321 OD( ansiX962c2onb191v4, SEC_OID_ANSIX962_EC_C2ONB191V4,
1322 "ANSI X9.62 elliptic curve c2onb191v4",
1323 CKM_INVALID_MECHANISM,
1324 INVALID_CERT_EXTENSION ),
1325 OD( ansiX962c2onb191v5, SEC_OID_ANSIX962_EC_C2ONB191V5,
1326 "ANSI X9.62 elliptic curve c2onb191v5",
1327 CKM_INVALID_MECHANISM,
1328 INVALID_CERT_EXTENSION ),
1329 OD( ansiX962c2pnb208w1, SEC_OID_ANSIX962_EC_C2PNB208W1,
1330 "ANSI X9.62 elliptic curve c2pnb208w1",
1331 CKM_INVALID_MECHANISM,
1332 INVALID_CERT_EXTENSION ),
1333 OD( ansiX962c2tnb239v1, SEC_OID_ANSIX962_EC_C2TNB239V1,
1334 "ANSI X9.62 elliptic curve c2tnb239v1",
1335 CKM_INVALID_MECHANISM,
1336 INVALID_CERT_EXTENSION ),
1337 OD( ansiX962c2tnb239v2, SEC_OID_ANSIX962_EC_C2TNB239V2,
1338 "ANSI X9.62 elliptic curve c2tnb239v2",
1339 CKM_INVALID_MECHANISM,
1340 INVALID_CERT_EXTENSION ),
1341 OD( ansiX962c2tnb239v3, SEC_OID_ANSIX962_EC_C2TNB239V3,
1342 "ANSI X9.62 elliptic curve c2tnb239v3",
1343 CKM_INVALID_MECHANISM,
1344 INVALID_CERT_EXTENSION ),
1345 OD( ansiX962c2onb239v4, SEC_OID_ANSIX962_EC_C2ONB239V4,
1346 "ANSI X9.62 elliptic curve c2onb239v4",
1347 CKM_INVALID_MECHANISM,
1348 INVALID_CERT_EXTENSION ),
1349 OD( ansiX962c2onb239v5, SEC_OID_ANSIX962_EC_C2ONB239V5,
1350 "ANSI X9.62 elliptic curve c2onb239v5",
1351 CKM_INVALID_MECHANISM,
1352 INVALID_CERT_EXTENSION ),
1353 OD( ansiX962c2pnb272w1, SEC_OID_ANSIX962_EC_C2PNB272W1,
1354 "ANSI X9.62 elliptic curve c2pnb272w1",
1355 CKM_INVALID_MECHANISM,
1356 INVALID_CERT_EXTENSION ),
1357 OD( ansiX962c2pnb304w1, SEC_OID_ANSIX962_EC_C2PNB304W1,
1358 "ANSI X9.62 elliptic curve c2pnb304w1",
1359 CKM_INVALID_MECHANISM,
1360 INVALID_CERT_EXTENSION ),
1361 OD( ansiX962c2tnb359v1, SEC_OID_ANSIX962_EC_C2TNB359V1,
1362 "ANSI X9.62 elliptic curve c2tnb359v1",
1363 CKM_INVALID_MECHANISM,
1364 INVALID_CERT_EXTENSION ),
1365 OD( ansiX962c2pnb368w1, SEC_OID_ANSIX962_EC_C2PNB368W1,
1366 "ANSI X9.62 elliptic curve c2pnb368w1",
1367 CKM_INVALID_MECHANISM,
1368 INVALID_CERT_EXTENSION ),
1369 OD( ansiX962c2tnb431r1, SEC_OID_ANSIX962_EC_C2TNB431R1,
1370 "ANSI X9.62 elliptic curve c2tnb431r1",
1371 CKM_INVALID_MECHANISM,
1372 INVALID_CERT_EXTENSION ),
1373
1374 /* SECG named elliptic curves (characterisitic two field) */
1375 OD( secgECsect113r1, SEC_OID_SECG_EC_SECT113R1,
1376 "SECG elliptic curve sect113r1",
1377 CKM_INVALID_MECHANISM,
1378 INVALID_CERT_EXTENSION ),
1379 OD( secgECsect113r2, SEC_OID_SECG_EC_SECT113R2,
1380 "SECG elliptic curve sect113r2",
1381 CKM_INVALID_MECHANISM,
1382 INVALID_CERT_EXTENSION ),
1383 OD( secgECsect131r1, SEC_OID_SECG_EC_SECT131R1,
1384 "SECG elliptic curve sect131r1",
1385 CKM_INVALID_MECHANISM,
1386 INVALID_CERT_EXTENSION ),
1387 OD( secgECsect131r2, SEC_OID_SECG_EC_SECT131R2,
1388 "SECG elliptic curve sect131r2",
1389 CKM_INVALID_MECHANISM,
1390 INVALID_CERT_EXTENSION ),
1391 OD( secgECsect163k1, SEC_OID_SECG_EC_SECT163K1,
1392 "SECG elliptic curve sect163k1 (aka NIST K-163)",
1393 CKM_INVALID_MECHANISM,
1394 INVALID_CERT_EXTENSION ),
1395 OD( secgECsect163r1, SEC_OID_SECG_EC_SECT163R1,
1396 "SECG elliptic curve sect163r1",
1397 CKM_INVALID_MECHANISM,
1398 INVALID_CERT_EXTENSION ),
1399 OD( secgECsect163r2, SEC_OID_SECG_EC_SECT163R2,
1400 "SECG elliptic curve sect163r2 (aka NIST B-163)",
1401 CKM_INVALID_MECHANISM,
1402 INVALID_CERT_EXTENSION ),
1403 OD( secgECsect193r1, SEC_OID_SECG_EC_SECT193R1,
1404 "SECG elliptic curve sect193r1",
1405 CKM_INVALID_MECHANISM,
1406 INVALID_CERT_EXTENSION ),
1407 OD( secgECsect193r2, SEC_OID_SECG_EC_SECT193R2,
1408 "SECG elliptic curve sect193r2",
1409 CKM_INVALID_MECHANISM,
1410 INVALID_CERT_EXTENSION ),
1411 OD( secgECsect233k1, SEC_OID_SECG_EC_SECT233K1,
1412 "SECG elliptic curve sect233k1 (aka NIST K-233)",
1413 CKM_INVALID_MECHANISM,
1414 INVALID_CERT_EXTENSION ),
1415 OD( secgECsect233r1, SEC_OID_SECG_EC_SECT233R1,
1416 "SECG elliptic curve sect233r1 (aka NIST B-233)",
1417 CKM_INVALID_MECHANISM,
1418 INVALID_CERT_EXTENSION ),
1419 OD( secgECsect239k1, SEC_OID_SECG_EC_SECT239K1,
1420 "SECG elliptic curve sect239k1",
1421 CKM_INVALID_MECHANISM,
1422 INVALID_CERT_EXTENSION ),
1423 OD( secgECsect283k1, SEC_OID_SECG_EC_SECT283K1,
1424 "SECG elliptic curve sect283k1 (aka NIST K-283)",
1425 CKM_INVALID_MECHANISM,
1426 INVALID_CERT_EXTENSION ),
1427 OD( secgECsect283r1, SEC_OID_SECG_EC_SECT283R1,
1428 "SECG elliptic curve sect283r1 (aka NIST B-283)",
1429 CKM_INVALID_MECHANISM,
1430 INVALID_CERT_EXTENSION ),
1431 OD( secgECsect409k1, SEC_OID_SECG_EC_SECT409K1,
1432 "SECG elliptic curve sect409k1 (aka NIST K-409)",
1433 CKM_INVALID_MECHANISM,
1434 INVALID_CERT_EXTENSION ),
1435 OD( secgECsect409r1, SEC_OID_SECG_EC_SECT409R1,
1436 "SECG elliptic curve sect409r1 (aka NIST B-409)",
1437 CKM_INVALID_MECHANISM,
1438 INVALID_CERT_EXTENSION ),
1439 OD( secgECsect571k1, SEC_OID_SECG_EC_SECT571K1,
1440 "SECG elliptic curve sect571k1 (aka NIST K-571)",
1441 CKM_INVALID_MECHANISM,
1442 INVALID_CERT_EXTENSION ),
1443 OD( secgECsect571r1, SEC_OID_SECG_EC_SECT571R1,
1444 "SECG elliptic curve sect571r1 (aka NIST B-571)",
1445 CKM_INVALID_MECHANISM,
1446 INVALID_CERT_EXTENSION ),
1447
1448 OD( netscapeAOLScreenname, SEC_OID_NETSCAPE_AOLSCREENNAME,
1449 "AOL Screenname", CKM_INVALID_MECHANISM,
1450 INVALID_CERT_EXTENSION ),
1451
1452 OD( x520SurName, SEC_OID_AVA_SURNAME,
1453 "X520 Title", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1454 OD( x520SerialNumber, SEC_OID_AVA_SERIAL_NUMBER,
1455 "X520 Serial Number", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1456 OD( x520StreetAddress, SEC_OID_AVA_STREET_ADDRESS,
1457 "X520 Street Address", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1458 OD( x520Title, SEC_OID_AVA_TITLE,
1459 "X520 Title", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1460 OD( x520PostalAddress, SEC_OID_AVA_POSTAL_ADDRESS,
1461 "X520 Postal Address", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1462 OD( x520PostalCode, SEC_OID_AVA_POSTAL_CODE,
1463 "X520 Postal Code", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1464 OD( x520PostOfficeBox, SEC_OID_AVA_POST_OFFICE_BOX,
1465 "X520 Post Office Box", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1466 OD( x520GivenName, SEC_OID_AVA_GIVEN_NAME,
1467 "X520 Given Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1468 OD( x520Initials, SEC_OID_AVA_INITIALS,
1469 "X520 Initials", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1470 OD( x520GenerationQualifier, SEC_OID_AVA_GENERATION_QUALIFIER,
1471 "X520 Generation Qualifier",
1472 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1473 OD( x520HouseIdentifier, SEC_OID_AVA_HOUSE_IDENTIFIER,
1474 "X520 House Identifier",
1475 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1476 OD( x520Pseudonym, SEC_OID_AVA_PSEUDONYM,
1477 "X520 Pseudonym", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1478
1479 /* More OIDs */
1480 OD( pkixCAIssuers, SEC_OID_PKIX_CA_ISSUERS,
1481 "PKIX CA issuers access method",
1482 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1483 OD( pkcs9ExtensionRequest, SEC_OID_PKCS9_EXTENSION_REQUEST,
1484 "PKCS #9 Extension Request",
1485 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1486
1487 /* more ECC Signature Oids */
1488 OD( ansix962SignatureRecommended,
1489 SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST,
1490 "X9.62 ECDSA signature with recommended digest", CKM_INVALID_MECHANISM,
1491 INVALID_CERT_EXTENSION ),
1492 OD( ansix962SignatureSpecified,
1493 SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST,
1494 "X9.62 ECDSA signature with specified digest", CKM_ECDSA,
1495 INVALID_CERT_EXTENSION ),
1496 OD( ansix962SignaturewithSHA224Digest,
1497 SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE,
1498 "X9.62 ECDSA signature with SHA224", CKM_INVALID_MECHANISM,
1499 INVALID_CERT_EXTENSION ),
1500 OD( ansix962SignaturewithSHA256Digest,
1501 SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE,
1502 "X9.62 ECDSA signature with SHA256", CKM_INVALID_MECHANISM,
1503 INVALID_CERT_EXTENSION ),
1504 OD( ansix962SignaturewithSHA384Digest,
1505 SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE,
1506 "X9.62 ECDSA signature with SHA384", CKM_INVALID_MECHANISM,
1507 INVALID_CERT_EXTENSION ),
1508 OD( ansix962SignaturewithSHA512Digest,
1509 SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE,
1510 "X9.62 ECDSA signature with SHA512", CKM_INVALID_MECHANISM,
1511 INVALID_CERT_EXTENSION ),
1512
1513 /* More id-ce and id-pe OIDs from RFC 3280 */
1514 OD( x509HoldInstructionCode, SEC_OID_X509_HOLD_INSTRUCTION_CODE,
1515 "CRL Hold Instruction Code", CKM_INVALID_MECHANISM,
1516 UNSUPPORTED_CERT_EXTENSION ),
1517 OD( x509DeltaCRLIndicator, SEC_OID_X509_DELTA_CRL_INDICATOR,
1518 "Delta CRL Indicator", CKM_INVALID_MECHANISM,
1519 FAKE_SUPPORTED_CERT_EXTENSION ),
1520 OD( x509IssuingDistributionPoint, SEC_OID_X509_ISSUING_DISTRIBUTION_POINT,
1521 "Issuing Distribution Point", CKM_INVALID_MECHANISM,
1522 FAKE_SUPPORTED_CERT_EXTENSION ),
1523 OD( x509CertIssuer, SEC_OID_X509_CERT_ISSUER,
1524 "Certificate Issuer Extension",CKM_INVALID_MECHANISM,
1525 FAKE_SUPPORTED_CERT_EXTENSION ),
1526 OD( x509FreshestCRL, SEC_OID_X509_FRESHEST_CRL,
1527 "Freshest CRL", CKM_INVALID_MECHANISM,
1528 UNSUPPORTED_CERT_EXTENSION ),
1529 OD( x509InhibitAnyPolicy, SEC_OID_X509_INHIBIT_ANY_POLICY,
1530 "Inhibit Any Policy", CKM_INVALID_MECHANISM,
1531 FAKE_SUPPORTED_CERT_EXTENSION ),
1532 OD( x509SubjectInfoAccess, SEC_OID_X509_SUBJECT_INFO_ACCESS,
1533 "Subject Info Access", CKM_INVALID_MECHANISM,
1534 UNSUPPORTED_CERT_EXTENSION ),
1535
1536 /* Camellia algorithm OIDs */
1537 OD( camellia128_CBC, SEC_OID_CAMELLIA_128_CBC,
1538 "CAMELLIA-128-CBC", CKM_CAMELLIA_CBC, INVALID_CERT_EXTENSION ),
1539 OD( camellia192_CBC, SEC_OID_CAMELLIA_192_CBC,
1540 "CAMELLIA-192-CBC", CKM_CAMELLIA_CBC, INVALID_CERT_EXTENSION ),
1541 OD( camellia256_CBC, SEC_OID_CAMELLIA_256_CBC,
1542 "CAMELLIA-256-CBC", CKM_CAMELLIA_CBC, INVALID_CERT_EXTENSION ),
1543
1544 /* PKCS 5 v2 OIDS */
1545 OD( pkcs5Pbkdf2, SEC_OID_PKCS5_PBKDF2,
1546 "PKCS #5 Password Based Key Dervive Function v2 ",
1547 CKM_PKCS5_PBKD2, INVALID_CERT_EXTENSION ),
1548 OD( pkcs5Pbes2, SEC_OID_PKCS5_PBES2,
1549 "PKCS #5 Password Based Encryption v2 ",
1550 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1551 OD( pkcs5Pbmac1, SEC_OID_PKCS5_PBMAC1,
1552 "PKCS #5 Password Based Authentication v1 ",
1553 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1554 OD( hmac_sha1, SEC_OID_HMAC_SHA1, "HMAC SHA-1",
1555 CKM_SHA_1_HMAC, INVALID_CERT_EXTENSION ),
1556 OD( hmac_sha224, SEC_OID_HMAC_SHA224, "HMAC SHA-224",
1557 CKM_SHA224_HMAC, INVALID_CERT_EXTENSION ),
1558 OD( hmac_sha256, SEC_OID_HMAC_SHA256, "HMAC SHA-256",
1559 CKM_SHA256_HMAC, INVALID_CERT_EXTENSION ),
1560 OD( hmac_sha384, SEC_OID_HMAC_SHA384, "HMAC SHA-384",
1561 CKM_SHA384_HMAC, INVALID_CERT_EXTENSION ),
1562 OD( hmac_sha512, SEC_OID_HMAC_SHA512, "HMAC SHA-512",
1563 CKM_SHA512_HMAC, INVALID_CERT_EXTENSION ),
1564
1565 /* SIA extension OIDs */
1566 OD( x509SIATimeStamping, SEC_OID_PKIX_TIMESTAMPING,
1567 "SIA Time Stamping", CKM_INVALID_MECHANISM,
1568 INVALID_CERT_EXTENSION ),
1569 OD( x509SIACaRepository, SEC_OID_PKIX_CA_REPOSITORY,
1570 "SIA CA Repository", CKM_INVALID_MECHANISM,
1571 INVALID_CERT_EXTENSION ),
1572
1573 };
1574
1575 /*
1576 * now the dynamic table. The dynamic table gets build at init time.
1577 * and conceivably gets modified if the user loads new crypto modules.
1578 * All this static data, and the allocated data to which it points,
1579 * is protected by a global reader/writer lock.
1580 * The c language guarantees that global and static data that is not
1581 * explicitly initialized will be initialized with zeros. If we
1582 * initialize it with zeros, the data goes into the initialized data
1583 * secment, and increases the size of the library. By leaving it
1584 * uninitialized, it is allocated in BSS, and does NOT increase the
1585 * library size.
1586 */
1587 static NSSRWLock * dynOidLock;
1588 static PLArenaPool * dynOidPool;
1589 static PLHashTable * dynOidHash;
1590 static SECOidData ** dynOidTable; /* not in the pool */
1591 static int dynOidEntriesAllocated;
1592 static int dynOidEntriesUsed;
1593
1594 /* Creates NSSRWLock and dynOidPool, if they don't exist.
1595 ** This function MIGHT create the lock, but not the pool, so
1596 ** code should test for dynOidPool, not dynOidLock, when deciding
1597 ** whether or not to call this function.
1598 */
1599 static SECStatus
1600 secoid_InitDynOidData(void)
1601 {
1602 SECStatus rv = SECSuccess;
1603 NSSRWLock * lock;
1604
1605 /* This function will create the lock if it doesn't exist,
1606 ** and will return the address of the lock, whether it was
1607 ** previously created, or was created by the function.
1608 */
1609 lock = nssRWLock_AtomicCreate(&dynOidLock, 1, "dynamic OID data");
1610 if (!lock) {
1611 return SECFailure; /* Error code should already be set. */
1612 }
1613 PORT_Assert(lock == dynOidLock);
1614 NSSRWLock_LockWrite(lock);
1615 if (!dynOidPool) {
1616 dynOidPool = PORT_NewArena(2048);
1617 if (!dynOidPool) {
1618 rv = SECFailure /* Error code should already be set. */;
1619 }
1620 }
1621 NSSRWLock_UnlockWrite(lock);
1622 return rv;
1623 }
1624
1625 /* Add oidData to hash table. Caller holds write lock dynOidLock. */
1626 static SECStatus
1627 secoid_HashDynamicOiddata(const SECOidData * oid)
1628 {
1629 PLHashEntry *entry;
1630
1631 if (!dynOidHash) {
1632 dynOidHash = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare,
1633 PL_CompareValues, NULL, NULL);
1634 if ( !dynOidHash ) {
1635 return SECFailure;
1636 }
1637 }
1638
1639 entry = PL_HashTableAdd( dynOidHash, &oid->oid, (void *)oid );
1640 return entry ? SECSuccess : SECFailure;
1641 }
1642
1643
1644 /*
1645 * Lookup a Dynamic OID. Dynamic OID's still change slowly, so it's
1646 * cheaper to rehash the table when it changes than it is to do the loop
1647 * each time.
1648 */
1649 static SECOidData *
1650 secoid_FindDynamic(const SECItem *key)
1651 {
1652 SECOidData *ret = NULL;
1653
1654 if (dynOidHash) {
1655 NSSRWLock_LockRead(dynOidLock);
1656 if (dynOidHash) { /* must check it again with lock held. */
1657 ret = (SECOidData *)PL_HashTableLookup(dynOidHash, key);
1658 }
1659 NSSRWLock_UnlockRead(dynOidLock);
1660 }
1661 if (ret == NULL) {
1662 PORT_SetError(SEC_ERROR_UNRECOGNIZED_OID);
1663 }
1664 return ret;
1665 }
1666
1667 static SECOidData *
1668 secoid_FindDynamicByTag(SECOidTag tagnum)
1669 {
1670 SECOidData *data = NULL;
1671 int tagNumDiff;
1672
1673 if (tagnum < SEC_OID_TOTAL) {
1674 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1675 return NULL;
1676 }
1677 tagNumDiff = tagnum - SEC_OID_TOTAL;
1678
1679 if (dynOidTable) {
1680 NSSRWLock_LockRead(dynOidLock);
1681 if (dynOidTable != NULL && /* must check it again with lock held. */
1682 tagNumDiff < dynOidEntriesUsed) {
1683 data = dynOidTable[tagNumDiff];
1684 }
1685 NSSRWLock_UnlockRead(dynOidLock);
1686 }
1687 if (data == NULL) {
1688 PORT_SetError(SEC_ERROR_UNRECOGNIZED_OID);
1689 }
1690 return data;
1691 }
1692
1693 /*
1694 * This routine is thread safe now.
1695 */
1696 SECOidTag
1697 SECOID_AddEntry(const SECOidData * src)
1698 {
1699 SECOidData * dst;
1700 SECOidData **table;
1701 SECOidTag ret = SEC_OID_UNKNOWN;
1702 SECStatus rv;
1703 int tableEntries;
1704 int used;
1705
1706 if (!src || !src->oid.data || !src->oid.len || \
1707 !src->desc || !strlen(src->desc)) {
1708 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1709 return ret;
1710 }
1711 if (src->supportedExtension != INVALID_CERT_EXTENSION &&
1712 src->supportedExtension != UNSUPPORTED_CERT_EXTENSION &&
1713 src->supportedExtension != SUPPORTED_CERT_EXTENSION ) {
1714 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1715 return ret;
1716 }
1717
1718 if (!dynOidPool && secoid_InitDynOidData() != SECSuccess) {
1719 /* Caller has set error code. */
1720 return ret;
1721 }
1722
1723 NSSRWLock_LockWrite(dynOidLock);
1724
1725 /* We've just acquired the write lock, and now we call FindOIDTag
1726 ** which will acquire and release the read lock. NSSRWLock has been
1727 ** designed to allow this very case without deadlock. This approach
1728 ** makes the test for the presence of the OID, and the subsequent
1729 ** addition of the OID to the table a single atomic write operation.
1730 */
1731 ret = SECOID_FindOIDTag(&src->oid);
1732 if (ret != SEC_OID_UNKNOWN) {
1733 /* we could return an error here, but I chose not to do that.
1734 ** This way, if we add an OID to the shared library's built in
1735 ** list of OIDs in some future release, and that OID is the same
1736 ** as some OID that a program has been adding, the program will
1737 ** not suddenly stop working.
1738 */
1739 goto done;
1740 }
1741
1742 table = dynOidTable;
1743 tableEntries = dynOidEntriesAllocated;
1744 used = dynOidEntriesUsed;
1745
1746 if (used + 1 > tableEntries) {
1747 SECOidData **newTable;
1748 int newTableEntries = tableEntries + 16;
1749
1750 newTable = (SECOidData **)PORT_Realloc(table,
1751 newTableEntries * sizeof(SECOidData *));
1752 if (newTable == NULL) {
1753 goto done;
1754 }
1755 dynOidTable = table = newTable;
1756 dynOidEntriesAllocated = tableEntries = newTableEntries;
1757 }
1758
1759 /* copy oid structure */
1760 dst = PORT_ArenaNew(dynOidPool, SECOidData);
1761 if (!dst) {
1762 goto done;
1763 }
1764 rv = SECITEM_CopyItem(dynOidPool, &dst->oid, &src->oid);
1765 if (rv != SECSuccess) {
1766 goto done;
1767 }
1768 dst->desc = PORT_ArenaStrdup(dynOidPool, src->desc);
1769 if (!dst->desc) {
1770 goto done;
1771 }
1772 dst->offset = (SECOidTag)(used + SEC_OID_TOTAL);
1773 dst->mechanism = src->mechanism;
1774 dst->supportedExtension = src->supportedExtension;
1775
1776 rv = secoid_HashDynamicOiddata(dst);
1777 if ( rv == SECSuccess ) {
1778 table[used++] = dst;
1779 dynOidEntriesUsed = used;
1780 ret = dst->offset;
1781 }
1782 done:
1783 NSSRWLock_UnlockWrite(dynOidLock);
1784 return ret;
1785 }
1786
1787
1788 /* normal static table processing */
1789 static PLHashTable *oidhash = NULL;
1790 static PLHashTable *oidmechhash = NULL;
1791
1792 static PLHashNumber
1793 secoid_HashNumber(const void *key)
1794 {
1795 return (PLHashNumber) key;
1796 }
1797
1798
1799 SECStatus
1800 secoid_Init(void)
1801 {
1802 PLHashEntry *entry;
1803 const SECOidData *oid;
1804 int i;
1805
1806 if (!dynOidPool && secoid_InitDynOidData() != SECSuccess) {
1807 return SECFailure;
1808 }
1809
1810 if (oidhash) {
1811 return SECSuccess;
1812 }
1813
1814 oidhash = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare,
1815 PL_CompareValues, NULL, NULL);
1816 oidmechhash = PL_NewHashTable(0, secoid_HashNumber, PL_CompareValues,
1817 PL_CompareValues, NULL, NULL);
1818
1819 if ( !oidhash || !oidmechhash) {
1820 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1821 PORT_Assert(0); /*This function should never fail. */
1822 return(SECFailure);
1823 }
1824
1825 for ( i = 0; i < ( sizeof(oids) / sizeof(SECOidData) ); i++ ) {
1826 oid = &oids[i];
1827
1828 PORT_Assert ( oid->offset == i );
1829
1830 entry = PL_HashTableAdd( oidhash, &oid->oid, (void *)oid );
1831 if ( entry == NULL ) {
1832 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1833 PORT_Assert(0); /*This function should never fail. */
1834 return(SECFailure);
1835 }
1836
1837 if ( oid->mechanism != CKM_INVALID_MECHANISM ) {
1838 entry = PL_HashTableAdd( oidmechhash,
1839 (void *)oid->mechanism, (void *)oid );
1840 if ( entry == NULL ) {
1841 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1842 PORT_Assert(0); /* This function should never fail. */
1843 return(SECFailure);
1844 }
1845 }
1846 }
1847
1848 PORT_Assert (i == SEC_OID_TOTAL);
1849
1850 return(SECSuccess);
1851 }
1852
1853 SECOidData *
1854 SECOID_FindOIDByMechanism(unsigned long mechanism)
1855 {
1856 SECOidData *ret;
1857
1858 PR_ASSERT(oidhash != NULL);
1859
1860 ret = PL_HashTableLookupConst ( oidmechhash, (void *)mechanism);
1861 if ( ret == NULL ) {
1862 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1863 }
1864
1865 return (ret);
1866 }
1867
1868 SECOidData *
1869 SECOID_FindOID(const SECItem *oid)
1870 {
1871 SECOidData *ret;
1872
1873 PR_ASSERT(oidhash != NULL);
1874
1875 ret = PL_HashTableLookupConst ( oidhash, oid );
1876 if ( ret == NULL ) {
1877 ret = secoid_FindDynamic(oid);
1878 if (ret == NULL) {
1879 PORT_SetError(SEC_ERROR_UNRECOGNIZED_OID);
1880 }
1881 }
1882
1883 return(ret);
1884 }
1885
1886 SECOidTag
1887 SECOID_FindOIDTag(const SECItem *oid)
1888 {
1889 SECOidData *oiddata;
1890
1891 oiddata = SECOID_FindOID (oid);
1892 if (oiddata == NULL)
1893 return SEC_OID_UNKNOWN;
1894
1895 return oiddata->offset;
1896 }
1897
1898 /* This really should return const. */
1899 SECOidData *
1900 SECOID_FindOIDByTag(SECOidTag tagnum)
1901 {
1902
1903 if (tagnum >= SEC_OID_TOTAL) {
1904 return secoid_FindDynamicByTag(tagnum);
1905 }
1906
1907 PORT_Assert((unsigned int)tagnum < (sizeof(oids) / sizeof(SECOidData)));
1908 return (SECOidData *)(&oids[tagnum]);
1909 }
1910
1911 PRBool SECOID_KnownCertExtenOID (SECItem *extenOid)
1912 {
1913 SECOidData * oidData;
1914
1915 oidData = SECOID_FindOID (extenOid);
1916 if (oidData == (SECOidData *)NULL)
1917 return (PR_FALSE);
1918 return ((oidData->supportedExtension == SUPPORTED_CERT_EXTENSION) ?
1919 PR_TRUE : PR_FALSE);
1920 }
1921
1922
1923 const char *
1924 SECOID_FindOIDTagDescription(SECOidTag tagnum)
1925 {
1926 const SECOidData *oidData = SECOID_FindOIDByTag(tagnum);
1927 return oidData ? oidData->desc : 0;
1928 }
1929
1930 /*
1931 * free up the oid tables.
1932 */
1933 SECStatus
1934 SECOID_Shutdown(void)
1935 {
1936 if (oidhash) {
1937 PL_HashTableDestroy(oidhash);
1938 oidhash = NULL;
1939 }
1940 if (oidmechhash) {
1941 PL_HashTableDestroy(oidmechhash);
1942 oidmechhash = NULL;
1943 }
1944 /* Have to handle the case where the lock was created, but
1945 ** the pool wasn't.
1946 ** I'm not going to attempt to create the lock, just to protect
1947 ** the destruction of data that probably isn't initialized anyway.
1948 */
1949 if (dynOidLock) {
1950 NSSRWLock_LockWrite(dynOidLock);
1951 if (dynOidHash) {
1952 PL_HashTableDestroy(dynOidHash);
1953 dynOidHash = NULL;
1954 }
1955 if (dynOidPool) {
1956 PORT_FreeArena(dynOidPool, PR_FALSE);
1957 dynOidPool = NULL;
1958 }
1959 if (dynOidTable) {
1960 PORT_Free(dynOidTable);
1961 dynOidTable = NULL;
1962 }
1963 dynOidEntriesAllocated = 0;
1964 dynOidEntriesUsed = 0;
1965
1966 NSSRWLock_UnlockWrite(dynOidLock);
1967 NSSRWLock_Destroy(dynOidLock);
1968 dynOidLock = NULL;
1969 } else {
1970 /* Since dynOidLock doesn't exist, then all the data it protects
1971 ** should be uninitialized. We'll check that (in DEBUG builds),
1972 ** and then make sure it is so, in case NSS is reinitialized.
1973 */
1974 PORT_Assert(!dynOidHash && !dynOidPool && !dynOidTable && \
1975 !dynOidEntriesAllocated && !dynOidEntriesUsed);
1976 dynOidHash = NULL;
1977 dynOidPool = NULL;
1978 dynOidTable = NULL;
1979 dynOidEntriesAllocated = 0;
1980 dynOidEntriesUsed = 0;
1981 }
1982 return SECSuccess;
1983 }
Mozilla NSS module