andre@0: /* This Source Code Form is subject to the terms of the Mozilla Public andre@0: * License, v. 2.0. If a copy of the MPL was not distributed with this andre@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ andre@0: andre@0: #include "secoid.h" andre@0: #include "pkcs11t.h" andre@0: #include "secitem.h" andre@0: #include "secerr.h" andre@0: #include "prenv.h" andre@0: #include "plhash.h" andre@0: #include "nssrwlk.h" andre@0: #include "nssutil.h" andre@0: andre@0: /* Library identity and versioning */ andre@0: andre@0: #if defined(DEBUG) andre@0: #define _DEBUG_STRING " (debug)" andre@0: #else andre@0: #define _DEBUG_STRING "" andre@0: #endif andre@0: andre@0: /* andre@0: * Version information for the 'ident' and 'what commands andre@0: * andre@0: * NOTE: the first component of the concatenated rcsid string andre@0: * must not end in a '$' to prevent rcs keyword substitution. andre@0: */ andre@0: const char __nss_util_rcsid[] = "$Header: NSS " NSSUTIL_VERSION _DEBUG_STRING andre@0: " " __DATE__ " " __TIME__ " $"; andre@0: const char __nss_util_sccsid[] = "@(#)NSS " NSSUTIL_VERSION _DEBUG_STRING andre@0: " " __DATE__ " " __TIME__; andre@0: andre@0: /* MISSI Mosaic Object ID space */ andre@0: /* USGov algorithm OID space: { 2 16 840 1 101 } */ andre@0: #define USGOV 0x60, 0x86, 0x48, 0x01, 0x65 andre@0: #define MISSI USGOV, 0x02, 0x01, 0x01 andre@0: #define MISSI_OLD_KEA_DSS MISSI, 0x0c andre@0: #define MISSI_OLD_DSS MISSI, 0x02 andre@0: #define MISSI_KEA_DSS MISSI, 0x14 andre@0: #define MISSI_DSS MISSI, 0x13 andre@0: #define MISSI_KEA MISSI, 0x0a andre@0: #define MISSI_ALT_KEA MISSI, 0x16 andre@0: andre@0: #define NISTALGS USGOV, 3, 4 andre@0: #define AES NISTALGS, 1 andre@0: #define SHAXXX NISTALGS, 2 andre@0: #define DSA2 NISTALGS, 3 andre@0: andre@0: /** andre@0: ** The Netscape OID space is allocated by Terry Hayes. If you need andre@0: ** a piece of the space, contact him at thayes@netscape.com. andre@0: **/ andre@0: andre@0: /* Netscape Communications Corporation Object ID space */ andre@0: /* { 2 16 840 1 113730 } */ andre@0: #define NETSCAPE_OID 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42 andre@0: #define NETSCAPE_CERT_EXT NETSCAPE_OID, 0x01 andre@0: #define NETSCAPE_DATA_TYPE NETSCAPE_OID, 0x02 andre@0: /* netscape directory oid - owned by Mark Smith (mcs@netscape.com) */ andre@0: #define NETSCAPE_DIRECTORY NETSCAPE_OID, 0x03 andre@0: #define NETSCAPE_POLICY NETSCAPE_OID, 0x04 andre@0: #define NETSCAPE_CERT_SERVER NETSCAPE_OID, 0x05 andre@0: #define NETSCAPE_ALGS NETSCAPE_OID, 0x06 /* algorithm OIDs */ andre@0: #define NETSCAPE_NAME_COMPONENTS NETSCAPE_OID, 0x07 andre@0: andre@0: #define NETSCAPE_CERT_EXT_AIA NETSCAPE_CERT_EXT, 0x10 andre@0: #define NETSCAPE_CERT_SERVER_CRMF NETSCAPE_CERT_SERVER, 0x01 andre@0: andre@0: /* these are old and should go away soon */ andre@0: #define OLD_NETSCAPE 0x60, 0x86, 0x48, 0xd8, 0x6a andre@0: #define NS_CERT_EXT OLD_NETSCAPE, 0x01 andre@0: #define NS_FILE_TYPE OLD_NETSCAPE, 0x02 andre@0: #define NS_IMAGE_TYPE OLD_NETSCAPE, 0x03 andre@0: andre@0: /* RSA OID name space */ andre@0: #define RSADSI 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d andre@0: #define PKCS RSADSI, 0x01 andre@0: #define DIGEST RSADSI, 0x02 andre@0: #define CIPHER RSADSI, 0x03 andre@0: #define PKCS1 PKCS, 0x01 andre@0: #define PKCS5 PKCS, 0x05 andre@0: #define PKCS7 PKCS, 0x07 andre@0: #define PKCS9 PKCS, 0x09 andre@0: #define PKCS12 PKCS, 0x0c andre@0: andre@0: /* Other OID name spaces */ andre@0: #define ALGORITHM 0x2b, 0x0e, 0x03, 0x02 andre@0: #define X500 0x55 andre@0: #define X520_ATTRIBUTE_TYPE X500, 0x04 andre@0: #define X500_ALG X500, 0x08 andre@0: #define X500_ALG_ENCRYPTION X500_ALG, 0x01 andre@0: andre@0: /** X.509 v3 Extension OID andre@0: ** {joint-iso-ccitt (2) ds(5) 29} andre@0: **/ andre@0: #define ID_CE_OID X500, 0x1d andre@0: andre@0: #define RFC1274_ATTR_TYPE 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x1 andre@0: /* #define RFC2247_ATTR_TYPE 0x09, 0x92, 0x26, 0xf5, 0x98, 0x1e, 0x64, 0x1 this is WRONG! */ andre@0: andre@0: /* PKCS #12 name spaces */ andre@0: #define PKCS12_MODE_IDS PKCS12, 0x01 andre@0: #define PKCS12_ESPVK_IDS PKCS12, 0x02 andre@0: #define PKCS12_BAG_IDS PKCS12, 0x03 andre@0: #define PKCS12_CERT_BAG_IDS PKCS12, 0x04 andre@0: #define PKCS12_OIDS PKCS12, 0x05 andre@0: #define PKCS12_PBE_IDS PKCS12_OIDS, 0x01 andre@0: #define PKCS12_ENVELOPING_IDS PKCS12_OIDS, 0x02 andre@0: #define PKCS12_SIGNATURE_IDS PKCS12_OIDS, 0x03 andre@0: #define PKCS12_V2_PBE_IDS PKCS12, 0x01 andre@0: #define PKCS9_CERT_TYPES PKCS9, 0x16 andre@0: #define PKCS9_CRL_TYPES PKCS9, 0x17 andre@0: #define PKCS9_SMIME_IDS PKCS9, 0x10 andre@0: #define PKCS9_SMIME_ATTRS PKCS9_SMIME_IDS, 2 andre@0: #define PKCS9_SMIME_ALGS PKCS9_SMIME_IDS, 3 andre@0: #define PKCS12_VERSION1 PKCS12, 0x0a andre@0: #define PKCS12_V1_BAG_IDS PKCS12_VERSION1, 1 andre@0: andre@0: /* for DSA algorithm */ andre@0: /* { iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) } */ andre@0: #define ANSI_X9_ALGORITHM 0x2a, 0x86, 0x48, 0xce, 0x38, 0x4 andre@0: andre@0: /* for DH algorithm */ andre@0: /* { iso(1) member-body(2) us(840) x9-57(10046) number-type(2) } */ andre@0: /* need real OID person to look at this, copied the above line andre@0: * and added 6 to second to last value (and changed '4' to '2' */ andre@0: #define ANSI_X942_ALGORITHM 0x2a, 0x86, 0x48, 0xce, 0x3e, 0x2 andre@0: andre@0: #define VERISIGN 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45 andre@0: andre@0: #define PKIX 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07 andre@0: #define PKIX_CERT_EXTENSIONS PKIX, 1 andre@0: #define PKIX_POLICY_QUALIFIERS PKIX, 2 andre@0: #define PKIX_KEY_USAGE PKIX, 3 andre@0: #define PKIX_ACCESS_DESCRIPTION PKIX, 0x30 andre@0: #define PKIX_OCSP PKIX_ACCESS_DESCRIPTION, 1 andre@0: #define PKIX_CA_ISSUERS PKIX_ACCESS_DESCRIPTION, 2 andre@0: andre@0: #define PKIX_ID_PKIP PKIX, 5 andre@0: #define PKIX_ID_REGCTRL PKIX_ID_PKIP, 1 andre@0: #define PKIX_ID_REGINFO PKIX_ID_PKIP, 2 andre@0: andre@0: /* Microsoft Object ID space */ andre@0: /* { 1.3.6.1.4.1.311 } */ andre@0: #define MICROSOFT_OID 0x2b, 0x6, 0x1, 0x4, 0x1, 0x82, 0x37 andre@0: #define EV_NAME_ATTRIBUTE MICROSOFT_OID, 60, 2, 1 andre@0: andre@0: /* Microsoft Crypto 2.0 ID space */ andre@0: /* { 1.3.6.1.4.1.311.10 } */ andre@0: #define MS_CRYPTO_20 MICROSOFT_OID, 10 andre@0: /* Microsoft Crypto 2.0 Extended Key Usage ID space */ andre@0: /* { 1.3.6.1.4.1.311.10.3 } */ andre@0: #define MS_CRYPTO_EKU MS_CRYPTO_20, 3 andre@0: andre@0: #define CERTICOM_OID 0x2b, 0x81, 0x04 andre@0: #define SECG_OID CERTICOM_OID, 0x00 andre@0: andre@0: #define ANSI_X962_OID 0x2a, 0x86, 0x48, 0xce, 0x3d andre@0: #define ANSI_X962_CURVE_OID ANSI_X962_OID, 0x03 andre@0: #define ANSI_X962_GF2m_OID ANSI_X962_CURVE_OID, 0x00 andre@0: #define ANSI_X962_GFp_OID ANSI_X962_CURVE_OID, 0x01 andre@0: #define ANSI_X962_SIGNATURE_OID ANSI_X962_OID, 0x04 andre@0: #define ANSI_X962_SPECIFY_OID ANSI_X962_SIGNATURE_OID, 0x03 andre@0: andre@0: /* for Camellia: iso(1) member-body(2) jisc(392) andre@0: * mitsubishi(200011) isl(61) security(1) algorithm(1) andre@0: */ andre@0: #define MITSUBISHI_ALG 0x2a,0x83,0x08,0x8c,0x9a,0x4b,0x3d,0x01,0x01 andre@0: #define CAMELLIA_ENCRYPT_OID MITSUBISHI_ALG,1 andre@0: #define CAMELLIA_WRAP_OID MITSUBISHI_ALG,3 andre@0: andre@0: /* for SEED : iso(1) member-body(2) korea(410) andre@0: * kisa(200004) algorithm(1) andre@0: */ andre@0: #define SEED_OID 0x2a,0x83,0x1a,0x8c,0x9a,0x44,0x01 andre@0: andre@0: #define CONST_OID static const unsigned char andre@0: andre@0: CONST_OID md2[] = { DIGEST, 0x02 }; andre@0: CONST_OID md4[] = { DIGEST, 0x04 }; andre@0: CONST_OID md5[] = { DIGEST, 0x05 }; andre@0: CONST_OID hmac_sha1[] = { DIGEST, 7 }; andre@0: CONST_OID hmac_sha224[] = { DIGEST, 8 }; andre@0: CONST_OID hmac_sha256[] = { DIGEST, 9 }; andre@0: CONST_OID hmac_sha384[] = { DIGEST, 10 }; andre@0: CONST_OID hmac_sha512[] = { DIGEST, 11 }; andre@0: andre@0: CONST_OID rc2cbc[] = { CIPHER, 0x02 }; andre@0: CONST_OID rc4[] = { CIPHER, 0x04 }; andre@0: CONST_OID desede3cbc[] = { CIPHER, 0x07 }; andre@0: CONST_OID rc5cbcpad[] = { CIPHER, 0x09 }; andre@0: andre@0: CONST_OID desecb[] = { ALGORITHM, 0x06 }; andre@0: CONST_OID descbc[] = { ALGORITHM, 0x07 }; andre@0: CONST_OID desofb[] = { ALGORITHM, 0x08 }; andre@0: CONST_OID descfb[] = { ALGORITHM, 0x09 }; andre@0: CONST_OID desmac[] = { ALGORITHM, 0x0a }; andre@0: CONST_OID sdn702DSASignature[] = { ALGORITHM, 0x0c }; andre@0: CONST_OID isoSHAWithRSASignature[] = { ALGORITHM, 0x0f }; andre@0: CONST_OID desede[] = { ALGORITHM, 0x11 }; andre@0: CONST_OID sha1[] = { ALGORITHM, 0x1a }; andre@0: CONST_OID bogusDSASignaturewithSHA1Digest[] = { ALGORITHM, 0x1b }; andre@0: CONST_OID isoSHA1WithRSASignature[] = { ALGORITHM, 0x1d }; andre@0: andre@0: CONST_OID pkcs1RSAEncryption[] = { PKCS1, 0x01 }; andre@0: CONST_OID pkcs1MD2WithRSAEncryption[] = { PKCS1, 0x02 }; andre@0: CONST_OID pkcs1MD4WithRSAEncryption[] = { PKCS1, 0x03 }; andre@0: CONST_OID pkcs1MD5WithRSAEncryption[] = { PKCS1, 0x04 }; andre@0: CONST_OID pkcs1SHA1WithRSAEncryption[] = { PKCS1, 0x05 }; andre@0: CONST_OID pkcs1RSAOAEPEncryption[] = { PKCS1, 0x07 }; andre@0: CONST_OID pkcs1MGF1[] = { PKCS1, 0x08 }; andre@0: CONST_OID pkcs1PSpecified[] = { PKCS1, 0x09 }; andre@0: CONST_OID pkcs1RSAPSSSignature[] = { PKCS1, 10 }; andre@0: CONST_OID pkcs1SHA256WithRSAEncryption[] = { PKCS1, 11 }; andre@0: CONST_OID pkcs1SHA384WithRSAEncryption[] = { PKCS1, 12 }; andre@0: CONST_OID pkcs1SHA512WithRSAEncryption[] = { PKCS1, 13 }; andre@0: CONST_OID pkcs1SHA224WithRSAEncryption[] = { PKCS1, 14 }; andre@0: andre@0: CONST_OID pkcs5PbeWithMD2AndDEScbc[] = { PKCS5, 0x01 }; andre@0: CONST_OID pkcs5PbeWithMD5AndDEScbc[] = { PKCS5, 0x03 }; andre@0: CONST_OID pkcs5PbeWithSha1AndDEScbc[] = { PKCS5, 0x0a }; andre@0: CONST_OID pkcs5Pbkdf2[] = { PKCS5, 12 }; andre@0: CONST_OID pkcs5Pbes2[] = { PKCS5, 13 }; andre@0: CONST_OID pkcs5Pbmac1[] = { PKCS5, 14 }; andre@0: andre@0: CONST_OID pkcs7[] = { PKCS7 }; andre@0: CONST_OID pkcs7Data[] = { PKCS7, 0x01 }; andre@0: CONST_OID pkcs7SignedData[] = { PKCS7, 0x02 }; andre@0: CONST_OID pkcs7EnvelopedData[] = { PKCS7, 0x03 }; andre@0: CONST_OID pkcs7SignedEnvelopedData[] = { PKCS7, 0x04 }; andre@0: CONST_OID pkcs7DigestedData[] = { PKCS7, 0x05 }; andre@0: CONST_OID pkcs7EncryptedData[] = { PKCS7, 0x06 }; andre@0: andre@0: CONST_OID pkcs9EmailAddress[] = { PKCS9, 0x01 }; andre@0: CONST_OID pkcs9UnstructuredName[] = { PKCS9, 0x02 }; andre@0: CONST_OID pkcs9ContentType[] = { PKCS9, 0x03 }; andre@0: CONST_OID pkcs9MessageDigest[] = { PKCS9, 0x04 }; andre@0: CONST_OID pkcs9SigningTime[] = { PKCS9, 0x05 }; andre@0: CONST_OID pkcs9CounterSignature[] = { PKCS9, 0x06 }; andre@0: CONST_OID pkcs9ChallengePassword[] = { PKCS9, 0x07 }; andre@0: CONST_OID pkcs9UnstructuredAddress[] = { PKCS9, 0x08 }; andre@0: CONST_OID pkcs9ExtendedCertificateAttributes[] = { PKCS9, 0x09 }; andre@0: CONST_OID pkcs9ExtensionRequest[] = { PKCS9, 14 }; andre@0: CONST_OID pkcs9SMIMECapabilities[] = { PKCS9, 15 }; andre@0: CONST_OID pkcs9FriendlyName[] = { PKCS9, 20 }; andre@0: CONST_OID pkcs9LocalKeyID[] = { PKCS9, 21 }; andre@0: andre@0: CONST_OID pkcs9X509Certificate[] = { PKCS9_CERT_TYPES, 1 }; andre@0: CONST_OID pkcs9SDSICertificate[] = { PKCS9_CERT_TYPES, 2 }; andre@0: CONST_OID pkcs9X509CRL[] = { PKCS9_CRL_TYPES, 1 }; andre@0: andre@0: /* RFC2630 (CMS) OIDs */ andre@0: CONST_OID cmsESDH[] = { PKCS9_SMIME_ALGS, 5 }; andre@0: CONST_OID cms3DESwrap[] = { PKCS9_SMIME_ALGS, 6 }; andre@0: CONST_OID cmsRC2wrap[] = { PKCS9_SMIME_ALGS, 7 }; andre@0: andre@0: /* RFC2633 SMIME message attributes */ andre@0: CONST_OID smimeEncryptionKeyPreference[] = { PKCS9_SMIME_ATTRS, 11 }; andre@0: CONST_OID ms_smimeEncryptionKeyPreference[] = { MICROSOFT_OID, 0x10, 0x4 }; andre@0: andre@0: CONST_OID x520CommonName[] = { X520_ATTRIBUTE_TYPE, 3 }; andre@0: CONST_OID x520SurName[] = { X520_ATTRIBUTE_TYPE, 4 }; andre@0: CONST_OID x520SerialNumber[] = { X520_ATTRIBUTE_TYPE, 5 }; andre@0: CONST_OID x520CountryName[] = { X520_ATTRIBUTE_TYPE, 6 }; andre@0: CONST_OID x520LocalityName[] = { X520_ATTRIBUTE_TYPE, 7 }; andre@0: CONST_OID x520StateOrProvinceName[] = { X520_ATTRIBUTE_TYPE, 8 }; andre@0: CONST_OID x520StreetAddress[] = { X520_ATTRIBUTE_TYPE, 9 }; andre@0: CONST_OID x520OrgName[] = { X520_ATTRIBUTE_TYPE, 10 }; andre@0: CONST_OID x520OrgUnitName[] = { X520_ATTRIBUTE_TYPE, 11 }; andre@0: CONST_OID x520Title[] = { X520_ATTRIBUTE_TYPE, 12 }; andre@0: CONST_OID x520BusinessCategory[] = { X520_ATTRIBUTE_TYPE, 15 }; andre@0: CONST_OID x520PostalAddress[] = { X520_ATTRIBUTE_TYPE, 16 }; andre@0: CONST_OID x520PostalCode[] = { X520_ATTRIBUTE_TYPE, 17 }; andre@0: CONST_OID x520PostOfficeBox[] = { X520_ATTRIBUTE_TYPE, 18 }; andre@0: CONST_OID x520Name[] = { X520_ATTRIBUTE_TYPE, 41 }; andre@0: CONST_OID x520GivenName[] = { X520_ATTRIBUTE_TYPE, 42 }; andre@0: CONST_OID x520Initials[] = { X520_ATTRIBUTE_TYPE, 43 }; andre@0: CONST_OID x520GenerationQualifier[] = { X520_ATTRIBUTE_TYPE, 44 }; andre@0: CONST_OID x520DnQualifier[] = { X520_ATTRIBUTE_TYPE, 46 }; andre@0: CONST_OID x520HouseIdentifier[] = { X520_ATTRIBUTE_TYPE, 51 }; andre@0: CONST_OID x520Pseudonym[] = { X520_ATTRIBUTE_TYPE, 65 }; andre@0: andre@0: CONST_OID nsTypeGIF[] = { NETSCAPE_DATA_TYPE, 0x01 }; andre@0: CONST_OID nsTypeJPEG[] = { NETSCAPE_DATA_TYPE, 0x02 }; andre@0: CONST_OID nsTypeURL[] = { NETSCAPE_DATA_TYPE, 0x03 }; andre@0: CONST_OID nsTypeHTML[] = { NETSCAPE_DATA_TYPE, 0x04 }; andre@0: CONST_OID nsTypeCertSeq[] = { NETSCAPE_DATA_TYPE, 0x05 }; andre@0: andre@0: CONST_OID missiCertKEADSSOld[] = { MISSI_OLD_KEA_DSS }; andre@0: CONST_OID missiCertDSSOld[] = { MISSI_OLD_DSS }; andre@0: CONST_OID missiCertKEADSS[] = { MISSI_KEA_DSS }; andre@0: CONST_OID missiCertDSS[] = { MISSI_DSS }; andre@0: CONST_OID missiCertKEA[] = { MISSI_KEA }; andre@0: CONST_OID missiCertAltKEA[] = { MISSI_ALT_KEA }; andre@0: CONST_OID x500RSAEncryption[] = { X500_ALG_ENCRYPTION, 0x01 }; andre@0: andre@0: /* added for alg 1485 */ andre@0: CONST_OID rfc1274Uid[] = { RFC1274_ATTR_TYPE, 1 }; andre@0: CONST_OID rfc1274Mail[] = { RFC1274_ATTR_TYPE, 3 }; andre@0: CONST_OID rfc2247DomainComponent[] = { RFC1274_ATTR_TYPE, 25 }; andre@0: andre@0: /* Netscape private certificate extensions */ andre@0: CONST_OID nsCertExtNetscapeOK[] = { NS_CERT_EXT, 1 }; andre@0: CONST_OID nsCertExtIssuerLogo[] = { NS_CERT_EXT, 2 }; andre@0: CONST_OID nsCertExtSubjectLogo[] = { NS_CERT_EXT, 3 }; andre@0: CONST_OID nsExtCertType[] = { NETSCAPE_CERT_EXT, 0x01 }; andre@0: CONST_OID nsExtBaseURL[] = { NETSCAPE_CERT_EXT, 0x02 }; andre@0: CONST_OID nsExtRevocationURL[] = { NETSCAPE_CERT_EXT, 0x03 }; andre@0: CONST_OID nsExtCARevocationURL[] = { NETSCAPE_CERT_EXT, 0x04 }; andre@0: CONST_OID nsExtCACRLURL[] = { NETSCAPE_CERT_EXT, 0x05 }; andre@0: CONST_OID nsExtCACertURL[] = { NETSCAPE_CERT_EXT, 0x06 }; andre@0: CONST_OID nsExtCertRenewalURL[] = { NETSCAPE_CERT_EXT, 0x07 }; andre@0: CONST_OID nsExtCAPolicyURL[] = { NETSCAPE_CERT_EXT, 0x08 }; andre@0: CONST_OID nsExtHomepageURL[] = { NETSCAPE_CERT_EXT, 0x09 }; andre@0: CONST_OID nsExtEntityLogo[] = { NETSCAPE_CERT_EXT, 0x0a }; andre@0: CONST_OID nsExtUserPicture[] = { NETSCAPE_CERT_EXT, 0x0b }; andre@0: CONST_OID nsExtSSLServerName[] = { NETSCAPE_CERT_EXT, 0x0c }; andre@0: CONST_OID nsExtComment[] = { NETSCAPE_CERT_EXT, 0x0d }; andre@0: andre@0: /* the following 2 extensions are defined for and used by Cartman(NSM) */ andre@0: CONST_OID nsExtLostPasswordURL[] = { NETSCAPE_CERT_EXT, 0x0e }; andre@0: CONST_OID nsExtCertRenewalTime[] = { NETSCAPE_CERT_EXT, 0x0f }; andre@0: andre@0: CONST_OID nsExtAIACertRenewal[] = { NETSCAPE_CERT_EXT_AIA, 0x01 }; andre@0: CONST_OID nsExtCertScopeOfUse[] = { NETSCAPE_CERT_EXT, 0x11 }; andre@0: /* Reserved Netscape (2 16 840 1 113730 1 18) = { NETSCAPE_CERT_EXT, 0x12 }; */ andre@0: andre@0: /* Netscape policy values */ andre@0: CONST_OID nsKeyUsageGovtApproved[] = { NETSCAPE_POLICY, 0x01 }; andre@0: andre@0: /* Netscape other name types */ andre@0: CONST_OID netscapeNickname[] = { NETSCAPE_NAME_COMPONENTS, 0x01 }; andre@0: CONST_OID netscapeAOLScreenname[] = { NETSCAPE_NAME_COMPONENTS, 0x02 }; andre@0: andre@0: /* OIDs needed for cert server */ andre@0: CONST_OID netscapeRecoveryRequest[] = { NETSCAPE_CERT_SERVER_CRMF, 0x01 }; andre@0: andre@0: andre@0: /* Standard x.509 v3 Certificate & CRL Extensions */ andre@0: CONST_OID x509SubjectDirectoryAttr[] = { ID_CE_OID, 9 }; andre@0: CONST_OID x509SubjectKeyID[] = { ID_CE_OID, 14 }; andre@0: CONST_OID x509KeyUsage[] = { ID_CE_OID, 15 }; andre@0: CONST_OID x509PrivateKeyUsagePeriod[] = { ID_CE_OID, 16 }; andre@0: CONST_OID x509SubjectAltName[] = { ID_CE_OID, 17 }; andre@0: CONST_OID x509IssuerAltName[] = { ID_CE_OID, 18 }; andre@0: CONST_OID x509BasicConstraints[] = { ID_CE_OID, 19 }; andre@0: CONST_OID x509CRLNumber[] = { ID_CE_OID, 20 }; andre@0: CONST_OID x509ReasonCode[] = { ID_CE_OID, 21 }; andre@0: CONST_OID x509HoldInstructionCode[] = { ID_CE_OID, 23 }; andre@0: CONST_OID x509InvalidDate[] = { ID_CE_OID, 24 }; andre@0: CONST_OID x509DeltaCRLIndicator[] = { ID_CE_OID, 27 }; andre@0: CONST_OID x509IssuingDistributionPoint[] = { ID_CE_OID, 28 }; andre@0: CONST_OID x509CertIssuer[] = { ID_CE_OID, 29 }; andre@0: CONST_OID x509NameConstraints[] = { ID_CE_OID, 30 }; andre@0: CONST_OID x509CRLDistPoints[] = { ID_CE_OID, 31 }; andre@0: CONST_OID x509CertificatePolicies[] = { ID_CE_OID, 32 }; andre@0: CONST_OID x509PolicyMappings[] = { ID_CE_OID, 33 }; andre@0: CONST_OID x509AuthKeyID[] = { ID_CE_OID, 35 }; andre@0: CONST_OID x509PolicyConstraints[] = { ID_CE_OID, 36 }; andre@0: CONST_OID x509ExtKeyUsage[] = { ID_CE_OID, 37 }; andre@0: CONST_OID x509FreshestCRL[] = { ID_CE_OID, 46 }; andre@0: CONST_OID x509InhibitAnyPolicy[] = { ID_CE_OID, 54 }; andre@0: andre@0: CONST_OID x509CertificatePoliciesAnyPolicy[] = { ID_CE_OID, 32, 0 }; andre@0: andre@0: CONST_OID x509AuthInfoAccess[] = { PKIX_CERT_EXTENSIONS, 1 }; andre@0: CONST_OID x509SubjectInfoAccess[] = { PKIX_CERT_EXTENSIONS, 11 }; andre@0: andre@0: CONST_OID x509SIATimeStamping[] = {PKIX_ACCESS_DESCRIPTION, 0x03}; andre@0: CONST_OID x509SIACaRepository[] = {PKIX_ACCESS_DESCRIPTION, 0x05}; andre@0: andre@0: /* pkcs 12 additions */ andre@0: CONST_OID pkcs12[] = { PKCS12 }; andre@0: CONST_OID pkcs12ModeIDs[] = { PKCS12_MODE_IDS }; andre@0: CONST_OID pkcs12ESPVKIDs[] = { PKCS12_ESPVK_IDS }; andre@0: CONST_OID pkcs12BagIDs[] = { PKCS12_BAG_IDS }; andre@0: CONST_OID pkcs12CertBagIDs[] = { PKCS12_CERT_BAG_IDS }; andre@0: CONST_OID pkcs12OIDs[] = { PKCS12_OIDS }; andre@0: CONST_OID pkcs12PBEIDs[] = { PKCS12_PBE_IDS }; andre@0: CONST_OID pkcs12EnvelopingIDs[] = { PKCS12_ENVELOPING_IDS }; andre@0: CONST_OID pkcs12SignatureIDs[] = { PKCS12_SIGNATURE_IDS }; andre@0: CONST_OID pkcs12PKCS8KeyShrouding[] = { PKCS12_ESPVK_IDS, 0x01 }; andre@0: CONST_OID pkcs12KeyBagID[] = { PKCS12_BAG_IDS, 0x01 }; andre@0: CONST_OID pkcs12CertAndCRLBagID[] = { PKCS12_BAG_IDS, 0x02 }; andre@0: CONST_OID pkcs12SecretBagID[] = { PKCS12_BAG_IDS, 0x03 }; andre@0: CONST_OID pkcs12X509CertCRLBag[] = { PKCS12_CERT_BAG_IDS, 0x01 }; andre@0: CONST_OID pkcs12SDSICertBag[] = { PKCS12_CERT_BAG_IDS, 0x02 }; andre@0: CONST_OID pkcs12PBEWithSha1And128BitRC4[] = { PKCS12_PBE_IDS, 0x01 }; andre@0: CONST_OID pkcs12PBEWithSha1And40BitRC4[] = { PKCS12_PBE_IDS, 0x02 }; andre@0: CONST_OID pkcs12PBEWithSha1AndTripleDESCBC[] = { PKCS12_PBE_IDS, 0x03 }; andre@0: CONST_OID pkcs12PBEWithSha1And128BitRC2CBC[] = { PKCS12_PBE_IDS, 0x04 }; andre@0: CONST_OID pkcs12PBEWithSha1And40BitRC2CBC[] = { PKCS12_PBE_IDS, 0x05 }; andre@0: CONST_OID pkcs12RSAEncryptionWith128BitRC4[] = { PKCS12_ENVELOPING_IDS, 0x01 }; andre@0: CONST_OID pkcs12RSAEncryptionWith40BitRC4[] = { PKCS12_ENVELOPING_IDS, 0x02 }; andre@0: CONST_OID pkcs12RSAEncryptionWithTripleDES[] = { PKCS12_ENVELOPING_IDS, 0x03 }; andre@0: CONST_OID pkcs12RSASignatureWithSHA1Digest[] = { PKCS12_SIGNATURE_IDS, 0x01 }; andre@0: andre@0: /* pkcs 12 version 1.0 ids */ andre@0: CONST_OID pkcs12V2PBEWithSha1And128BitRC4[] = { PKCS12_V2_PBE_IDS, 0x01 }; andre@0: CONST_OID pkcs12V2PBEWithSha1And40BitRC4[] = { PKCS12_V2_PBE_IDS, 0x02 }; andre@0: CONST_OID pkcs12V2PBEWithSha1And3KeyTripleDEScbc[]= { PKCS12_V2_PBE_IDS, 0x03 }; andre@0: CONST_OID pkcs12V2PBEWithSha1And2KeyTripleDEScbc[]= { PKCS12_V2_PBE_IDS, 0x04 }; andre@0: CONST_OID pkcs12V2PBEWithSha1And128BitRC2cbc[] = { PKCS12_V2_PBE_IDS, 0x05 }; andre@0: CONST_OID pkcs12V2PBEWithSha1And40BitRC2cbc[] = { PKCS12_V2_PBE_IDS, 0x06 }; andre@0: andre@0: CONST_OID pkcs12SafeContentsID[] = { PKCS12_BAG_IDS, 0x04 }; andre@0: CONST_OID pkcs12PKCS8ShroudedKeyBagID[] = { PKCS12_BAG_IDS, 0x05 }; andre@0: andre@0: CONST_OID pkcs12V1KeyBag[] = { PKCS12_V1_BAG_IDS, 0x01 }; andre@0: CONST_OID pkcs12V1PKCS8ShroudedKeyBag[] = { PKCS12_V1_BAG_IDS, 0x02 }; andre@0: CONST_OID pkcs12V1CertBag[] = { PKCS12_V1_BAG_IDS, 0x03 }; andre@0: CONST_OID pkcs12V1CRLBag[] = { PKCS12_V1_BAG_IDS, 0x04 }; andre@0: CONST_OID pkcs12V1SecretBag[] = { PKCS12_V1_BAG_IDS, 0x05 }; andre@0: CONST_OID pkcs12V1SafeContentsBag[] = { PKCS12_V1_BAG_IDS, 0x06 }; andre@0: andre@0: /* The following encoding is INCORRECT, but correcting it would create a andre@0: * duplicate OID in the table. So, we will leave it alone. andre@0: */ andre@0: CONST_OID pkcs12KeyUsageAttr[] = { 2, 5, 29, 15 }; andre@0: andre@0: CONST_OID ansix9DSASignature[] = { ANSI_X9_ALGORITHM, 0x01 }; andre@0: CONST_OID ansix9DSASignaturewithSHA1Digest[] = { ANSI_X9_ALGORITHM, 0x03 }; andre@0: CONST_OID nistDSASignaturewithSHA224Digest[] = { DSA2, 0x01 }; andre@0: CONST_OID nistDSASignaturewithSHA256Digest[] = { DSA2, 0x02 }; andre@0: andre@0: /* verisign OIDs */ andre@0: CONST_OID verisignUserNotices[] = { VERISIGN, 1, 7, 1, 1 }; andre@0: andre@0: /* pkix OIDs */ andre@0: CONST_OID pkixCPSPointerQualifier[] = { PKIX_POLICY_QUALIFIERS, 1 }; andre@0: CONST_OID pkixUserNoticeQualifier[] = { PKIX_POLICY_QUALIFIERS, 2 }; andre@0: andre@0: CONST_OID pkixOCSP[] = { PKIX_OCSP }; andre@0: CONST_OID pkixOCSPBasicResponse[] = { PKIX_OCSP, 1 }; andre@0: CONST_OID pkixOCSPNonce[] = { PKIX_OCSP, 2 }; andre@0: CONST_OID pkixOCSPCRL[] = { PKIX_OCSP, 3 }; andre@0: CONST_OID pkixOCSPResponse[] = { PKIX_OCSP, 4 }; andre@0: CONST_OID pkixOCSPNoCheck[] = { PKIX_OCSP, 5 }; andre@0: CONST_OID pkixOCSPArchiveCutoff[] = { PKIX_OCSP, 6 }; andre@0: CONST_OID pkixOCSPServiceLocator[] = { PKIX_OCSP, 7 }; andre@0: andre@0: CONST_OID pkixCAIssuers[] = { PKIX_CA_ISSUERS }; andre@0: andre@0: CONST_OID pkixRegCtrlRegToken[] = { PKIX_ID_REGCTRL, 1}; andre@0: CONST_OID pkixRegCtrlAuthenticator[] = { PKIX_ID_REGCTRL, 2}; andre@0: CONST_OID pkixRegCtrlPKIPubInfo[] = { PKIX_ID_REGCTRL, 3}; andre@0: CONST_OID pkixRegCtrlPKIArchOptions[] = { PKIX_ID_REGCTRL, 4}; andre@0: CONST_OID pkixRegCtrlOldCertID[] = { PKIX_ID_REGCTRL, 5}; andre@0: CONST_OID pkixRegCtrlProtEncKey[] = { PKIX_ID_REGCTRL, 6}; andre@0: CONST_OID pkixRegInfoUTF8Pairs[] = { PKIX_ID_REGINFO, 1}; andre@0: CONST_OID pkixRegInfoCertReq[] = { PKIX_ID_REGINFO, 2}; andre@0: andre@0: CONST_OID pkixExtendedKeyUsageServerAuth[] = { PKIX_KEY_USAGE, 1 }; andre@0: CONST_OID pkixExtendedKeyUsageClientAuth[] = { PKIX_KEY_USAGE, 2 }; andre@0: CONST_OID pkixExtendedKeyUsageCodeSign[] = { PKIX_KEY_USAGE, 3 }; andre@0: CONST_OID pkixExtendedKeyUsageEMailProtect[] = { PKIX_KEY_USAGE, 4 }; andre@0: CONST_OID pkixExtendedKeyUsageTimeStamp[] = { PKIX_KEY_USAGE, 8 }; andre@0: CONST_OID pkixOCSPResponderExtendedKeyUsage[] = { PKIX_KEY_USAGE, 9 }; andre@0: CONST_OID msExtendedKeyUsageTrustListSigning[] = { MS_CRYPTO_EKU, 1 }; andre@0: andre@0: /* OIDs for Netscape defined algorithms */ andre@0: CONST_OID netscapeSMimeKEA[] = { NETSCAPE_ALGS, 0x01 }; andre@0: andre@0: /* Fortezza algorithm OIDs */ andre@0: CONST_OID skipjackCBC[] = { MISSI, 0x04 }; andre@0: CONST_OID dhPublicKey[] = { ANSI_X942_ALGORITHM, 0x1 }; andre@0: andre@0: CONST_OID aes128_ECB[] = { AES, 1 }; andre@0: CONST_OID aes128_CBC[] = { AES, 2 }; andre@0: #ifdef DEFINE_ALL_AES_CIPHERS andre@0: CONST_OID aes128_OFB[] = { AES, 3 }; andre@0: CONST_OID aes128_CFB[] = { AES, 4 }; andre@0: #endif andre@0: CONST_OID aes128_KEY_WRAP[] = { AES, 5 }; andre@0: andre@0: CONST_OID aes192_ECB[] = { AES, 21 }; andre@0: CONST_OID aes192_CBC[] = { AES, 22 }; andre@0: #ifdef DEFINE_ALL_AES_CIPHERS andre@0: CONST_OID aes192_OFB[] = { AES, 23 }; andre@0: CONST_OID aes192_CFB[] = { AES, 24 }; andre@0: #endif andre@0: CONST_OID aes192_KEY_WRAP[] = { AES, 25 }; andre@0: andre@0: CONST_OID aes256_ECB[] = { AES, 41 }; andre@0: CONST_OID aes256_CBC[] = { AES, 42 }; andre@0: #ifdef DEFINE_ALL_AES_CIPHERS andre@0: CONST_OID aes256_OFB[] = { AES, 43 }; andre@0: CONST_OID aes256_CFB[] = { AES, 44 }; andre@0: #endif andre@0: CONST_OID aes256_KEY_WRAP[] = { AES, 45 }; andre@0: andre@0: CONST_OID camellia128_CBC[] = { CAMELLIA_ENCRYPT_OID, 2}; andre@0: CONST_OID camellia192_CBC[] = { CAMELLIA_ENCRYPT_OID, 3}; andre@0: CONST_OID camellia256_CBC[] = { CAMELLIA_ENCRYPT_OID, 4}; andre@0: CONST_OID camellia128_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 2}; andre@0: CONST_OID camellia192_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 3}; andre@0: CONST_OID camellia256_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 4}; andre@0: andre@0: CONST_OID sha256[] = { SHAXXX, 1 }; andre@0: CONST_OID sha384[] = { SHAXXX, 2 }; andre@0: CONST_OID sha512[] = { SHAXXX, 3 }; andre@0: CONST_OID sha224[] = { SHAXXX, 4 }; andre@0: andre@0: CONST_OID ansix962ECPublicKey[] = { ANSI_X962_OID, 0x02, 0x01 }; andre@0: CONST_OID ansix962SignaturewithSHA1Digest[] = { ANSI_X962_SIGNATURE_OID, 0x01 }; andre@0: CONST_OID ansix962SignatureRecommended[] = { ANSI_X962_SIGNATURE_OID, 0x02 }; andre@0: CONST_OID ansix962SignatureSpecified[] = { ANSI_X962_SPECIFY_OID }; andre@0: CONST_OID ansix962SignaturewithSHA224Digest[] = { ANSI_X962_SPECIFY_OID, 0x01 }; andre@0: CONST_OID ansix962SignaturewithSHA256Digest[] = { ANSI_X962_SPECIFY_OID, 0x02 }; andre@0: CONST_OID ansix962SignaturewithSHA384Digest[] = { ANSI_X962_SPECIFY_OID, 0x03 }; andre@0: CONST_OID ansix962SignaturewithSHA512Digest[] = { ANSI_X962_SPECIFY_OID, 0x04 }; andre@0: andre@0: /* ANSI X9.62 prime curve OIDs */ andre@0: /* NOTE: prime192v1 is the same as secp192r1, prime256v1 is the andre@0: * same as secp256r1 andre@0: */ andre@0: CONST_OID ansiX962prime192v1[] = { ANSI_X962_GFp_OID, 0x01 }; andre@0: CONST_OID ansiX962prime192v2[] = { ANSI_X962_GFp_OID, 0x02 }; andre@0: CONST_OID ansiX962prime192v3[] = { ANSI_X962_GFp_OID, 0x03 }; andre@0: CONST_OID ansiX962prime239v1[] = { ANSI_X962_GFp_OID, 0x04 }; andre@0: CONST_OID ansiX962prime239v2[] = { ANSI_X962_GFp_OID, 0x05 }; andre@0: CONST_OID ansiX962prime239v3[] = { ANSI_X962_GFp_OID, 0x06 }; andre@0: CONST_OID ansiX962prime256v1[] = { ANSI_X962_GFp_OID, 0x07 }; andre@0: andre@0: /* SECG prime curve OIDs */ andre@0: CONST_OID secgECsecp112r1[] = { SECG_OID, 0x06 }; andre@0: CONST_OID secgECsecp112r2[] = { SECG_OID, 0x07 }; andre@0: CONST_OID secgECsecp128r1[] = { SECG_OID, 0x1c }; andre@0: CONST_OID secgECsecp128r2[] = { SECG_OID, 0x1d }; andre@0: CONST_OID secgECsecp160k1[] = { SECG_OID, 0x09 }; andre@0: CONST_OID secgECsecp160r1[] = { SECG_OID, 0x08 }; andre@0: CONST_OID secgECsecp160r2[] = { SECG_OID, 0x1e }; andre@0: CONST_OID secgECsecp192k1[] = { SECG_OID, 0x1f }; andre@0: CONST_OID secgECsecp224k1[] = { SECG_OID, 0x20 }; andre@0: CONST_OID secgECsecp224r1[] = { SECG_OID, 0x21 }; andre@0: CONST_OID secgECsecp256k1[] = { SECG_OID, 0x0a }; andre@0: CONST_OID secgECsecp384r1[] = { SECG_OID, 0x22 }; andre@0: CONST_OID secgECsecp521r1[] = { SECG_OID, 0x23 }; andre@0: andre@0: /* ANSI X9.62 characteristic two curve OIDs */ andre@0: CONST_OID ansiX962c2pnb163v1[] = { ANSI_X962_GF2m_OID, 0x01 }; andre@0: CONST_OID ansiX962c2pnb163v2[] = { ANSI_X962_GF2m_OID, 0x02 }; andre@0: CONST_OID ansiX962c2pnb163v3[] = { ANSI_X962_GF2m_OID, 0x03 }; andre@0: CONST_OID ansiX962c2pnb176v1[] = { ANSI_X962_GF2m_OID, 0x04 }; andre@0: CONST_OID ansiX962c2tnb191v1[] = { ANSI_X962_GF2m_OID, 0x05 }; andre@0: CONST_OID ansiX962c2tnb191v2[] = { ANSI_X962_GF2m_OID, 0x06 }; andre@0: CONST_OID ansiX962c2tnb191v3[] = { ANSI_X962_GF2m_OID, 0x07 }; andre@0: CONST_OID ansiX962c2onb191v4[] = { ANSI_X962_GF2m_OID, 0x08 }; andre@0: CONST_OID ansiX962c2onb191v5[] = { ANSI_X962_GF2m_OID, 0x09 }; andre@0: CONST_OID ansiX962c2pnb208w1[] = { ANSI_X962_GF2m_OID, 0x0a }; andre@0: CONST_OID ansiX962c2tnb239v1[] = { ANSI_X962_GF2m_OID, 0x0b }; andre@0: CONST_OID ansiX962c2tnb239v2[] = { ANSI_X962_GF2m_OID, 0x0c }; andre@0: CONST_OID ansiX962c2tnb239v3[] = { ANSI_X962_GF2m_OID, 0x0d }; andre@0: CONST_OID ansiX962c2onb239v4[] = { ANSI_X962_GF2m_OID, 0x0e }; andre@0: CONST_OID ansiX962c2onb239v5[] = { ANSI_X962_GF2m_OID, 0x0f }; andre@0: CONST_OID ansiX962c2pnb272w1[] = { ANSI_X962_GF2m_OID, 0x10 }; andre@0: CONST_OID ansiX962c2pnb304w1[] = { ANSI_X962_GF2m_OID, 0x11 }; andre@0: CONST_OID ansiX962c2tnb359v1[] = { ANSI_X962_GF2m_OID, 0x12 }; andre@0: CONST_OID ansiX962c2pnb368w1[] = { ANSI_X962_GF2m_OID, 0x13 }; andre@0: CONST_OID ansiX962c2tnb431r1[] = { ANSI_X962_GF2m_OID, 0x14 }; andre@0: andre@0: /* SECG characterisitic two curve OIDs */ andre@0: CONST_OID secgECsect113r1[] = {SECG_OID, 0x04 }; andre@0: CONST_OID secgECsect113r2[] = {SECG_OID, 0x05 }; andre@0: CONST_OID secgECsect131r1[] = {SECG_OID, 0x16 }; andre@0: CONST_OID secgECsect131r2[] = {SECG_OID, 0x17 }; andre@0: CONST_OID secgECsect163k1[] = {SECG_OID, 0x01 }; andre@0: CONST_OID secgECsect163r1[] = {SECG_OID, 0x02 }; andre@0: CONST_OID secgECsect163r2[] = {SECG_OID, 0x0f }; andre@0: CONST_OID secgECsect193r1[] = {SECG_OID, 0x18 }; andre@0: CONST_OID secgECsect193r2[] = {SECG_OID, 0x19 }; andre@0: CONST_OID secgECsect233k1[] = {SECG_OID, 0x1a }; andre@0: CONST_OID secgECsect233r1[] = {SECG_OID, 0x1b }; andre@0: CONST_OID secgECsect239k1[] = {SECG_OID, 0x03 }; andre@0: CONST_OID secgECsect283k1[] = {SECG_OID, 0x10 }; andre@0: CONST_OID secgECsect283r1[] = {SECG_OID, 0x11 }; andre@0: CONST_OID secgECsect409k1[] = {SECG_OID, 0x24 }; andre@0: CONST_OID secgECsect409r1[] = {SECG_OID, 0x25 }; andre@0: CONST_OID secgECsect571k1[] = {SECG_OID, 0x26 }; andre@0: CONST_OID secgECsect571r1[] = {SECG_OID, 0x27 }; andre@0: andre@0: CONST_OID seed_CBC[] = { SEED_OID, 4 }; andre@0: andre@0: CONST_OID evIncorporationLocality[] = { EV_NAME_ATTRIBUTE, 1 }; andre@0: CONST_OID evIncorporationState[] = { EV_NAME_ATTRIBUTE, 2 }; andre@0: CONST_OID evIncorporationCountry[] = { EV_NAME_ATTRIBUTE, 3 }; andre@0: andre@0: #define OI(x) { siDEROID, (unsigned char *)x, sizeof x } andre@0: #ifndef SECOID_NO_STRINGS andre@0: #define OD(oid,tag,desc,mech,ext) { OI(oid), tag, desc, mech, ext } andre@0: #else andre@0: #define OD(oid,tag,desc,mech,ext) { OI(oid), tag, 0, mech, ext } andre@0: #endif andre@0: andre@0: #if defined(NSS_ALLOW_UNSUPPORTED_CRITICAL) andre@0: #define FAKE_SUPPORTED_CERT_EXTENSION SUPPORTED_CERT_EXTENSION andre@0: #else andre@0: #define FAKE_SUPPORTED_CERT_EXTENSION UNSUPPORTED_CERT_EXTENSION andre@0: #endif andre@0: andre@0: /* andre@0: * NOTE: the order of these entries must mach the SECOidTag enum in secoidt.h! andre@0: */ andre@0: const static SECOidData oids[SEC_OID_TOTAL] = { andre@0: { { siDEROID, NULL, 0 }, SEC_OID_UNKNOWN, andre@0: "Unknown OID", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION }, andre@0: OD( md2, SEC_OID_MD2, "MD2", CKM_MD2, INVALID_CERT_EXTENSION ), andre@0: OD( md4, SEC_OID_MD4, andre@0: "MD4", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( md5, SEC_OID_MD5, "MD5", CKM_MD5, INVALID_CERT_EXTENSION ), andre@0: OD( sha1, SEC_OID_SHA1, "SHA-1", CKM_SHA_1, INVALID_CERT_EXTENSION ), andre@0: OD( rc2cbc, SEC_OID_RC2_CBC, andre@0: "RC2-CBC", CKM_RC2_CBC, INVALID_CERT_EXTENSION ), andre@0: OD( rc4, SEC_OID_RC4, "RC4", CKM_RC4, INVALID_CERT_EXTENSION ), andre@0: OD( desede3cbc, SEC_OID_DES_EDE3_CBC, andre@0: "DES-EDE3-CBC", CKM_DES3_CBC, INVALID_CERT_EXTENSION ), andre@0: OD( rc5cbcpad, SEC_OID_RC5_CBC_PAD, andre@0: "RC5-CBCPad", CKM_RC5_CBC, INVALID_CERT_EXTENSION ), andre@0: OD( desecb, SEC_OID_DES_ECB, andre@0: "DES-ECB", CKM_DES_ECB, INVALID_CERT_EXTENSION ), andre@0: OD( descbc, SEC_OID_DES_CBC, andre@0: "DES-CBC", CKM_DES_CBC, INVALID_CERT_EXTENSION ), andre@0: OD( desofb, SEC_OID_DES_OFB, andre@0: "DES-OFB", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( descfb, SEC_OID_DES_CFB, andre@0: "DES-CFB", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( desmac, SEC_OID_DES_MAC, andre@0: "DES-MAC", CKM_DES_MAC, INVALID_CERT_EXTENSION ), andre@0: OD( desede, SEC_OID_DES_EDE, andre@0: "DES-EDE", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( isoSHAWithRSASignature, SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE, andre@0: "ISO SHA with RSA Signature", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs1RSAEncryption, SEC_OID_PKCS1_RSA_ENCRYPTION, andre@0: "PKCS #1 RSA Encryption", CKM_RSA_PKCS, INVALID_CERT_EXTENSION ), andre@0: andre@0: /* the following Signing mechanisms should get new CKM_ values when andre@0: * values for CKM_RSA_WITH_MDX and CKM_RSA_WITH_SHA_1 get defined in andre@0: * PKCS #11. andre@0: */ andre@0: OD( pkcs1MD2WithRSAEncryption, SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION, andre@0: "PKCS #1 MD2 With RSA Encryption", CKM_MD2_RSA_PKCS, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( pkcs1MD4WithRSAEncryption, SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION, andre@0: "PKCS #1 MD4 With RSA Encryption", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs1MD5WithRSAEncryption, SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION, andre@0: "PKCS #1 MD5 With RSA Encryption", CKM_MD5_RSA_PKCS, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( pkcs1SHA1WithRSAEncryption, SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION, andre@0: "PKCS #1 SHA-1 With RSA Encryption", CKM_SHA1_RSA_PKCS, andre@0: INVALID_CERT_EXTENSION ), andre@0: andre@0: OD( pkcs5PbeWithMD2AndDEScbc, SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC, andre@0: "PKCS #5 Password Based Encryption with MD2 and DES-CBC", andre@0: CKM_PBE_MD2_DES_CBC, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs5PbeWithMD5AndDEScbc, SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC, andre@0: "PKCS #5 Password Based Encryption with MD5 and DES-CBC", andre@0: CKM_PBE_MD5_DES_CBC, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs5PbeWithSha1AndDEScbc, SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC, andre@0: "PKCS #5 Password Based Encryption with SHA-1 and DES-CBC", andre@0: CKM_NETSCAPE_PBE_SHA1_DES_CBC, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs7, SEC_OID_PKCS7, andre@0: "PKCS #7", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs7Data, SEC_OID_PKCS7_DATA, andre@0: "PKCS #7 Data", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs7SignedData, SEC_OID_PKCS7_SIGNED_DATA, andre@0: "PKCS #7 Signed Data", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs7EnvelopedData, SEC_OID_PKCS7_ENVELOPED_DATA, andre@0: "PKCS #7 Enveloped Data", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs7SignedEnvelopedData, SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA, andre@0: "PKCS #7 Signed And Enveloped Data", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs7DigestedData, SEC_OID_PKCS7_DIGESTED_DATA, andre@0: "PKCS #7 Digested Data", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs7EncryptedData, SEC_OID_PKCS7_ENCRYPTED_DATA, andre@0: "PKCS #7 Encrypted Data", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs9EmailAddress, SEC_OID_PKCS9_EMAIL_ADDRESS, andre@0: "PKCS #9 Email Address", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs9UnstructuredName, SEC_OID_PKCS9_UNSTRUCTURED_NAME, andre@0: "PKCS #9 Unstructured Name", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs9ContentType, SEC_OID_PKCS9_CONTENT_TYPE, andre@0: "PKCS #9 Content Type", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs9MessageDigest, SEC_OID_PKCS9_MESSAGE_DIGEST, andre@0: "PKCS #9 Message Digest", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs9SigningTime, SEC_OID_PKCS9_SIGNING_TIME, andre@0: "PKCS #9 Signing Time", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs9CounterSignature, SEC_OID_PKCS9_COUNTER_SIGNATURE, andre@0: "PKCS #9 Counter Signature", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs9ChallengePassword, SEC_OID_PKCS9_CHALLENGE_PASSWORD, andre@0: "PKCS #9 Challenge Password", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs9UnstructuredAddress, SEC_OID_PKCS9_UNSTRUCTURED_ADDRESS, andre@0: "PKCS #9 Unstructured Address", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs9ExtendedCertificateAttributes, andre@0: SEC_OID_PKCS9_EXTENDED_CERTIFICATE_ATTRIBUTES, andre@0: "PKCS #9 Extended Certificate Attributes", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs9SMIMECapabilities, SEC_OID_PKCS9_SMIME_CAPABILITIES, andre@0: "PKCS #9 S/MIME Capabilities", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( x520CommonName, SEC_OID_AVA_COMMON_NAME, andre@0: "X520 Common Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( x520CountryName, SEC_OID_AVA_COUNTRY_NAME, andre@0: "X520 Country Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( x520LocalityName, SEC_OID_AVA_LOCALITY, andre@0: "X520 Locality Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( x520StateOrProvinceName, SEC_OID_AVA_STATE_OR_PROVINCE, andre@0: "X520 State Or Province Name", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( x520OrgName, SEC_OID_AVA_ORGANIZATION_NAME, andre@0: "X520 Organization Name", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( x520OrgUnitName, SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME, andre@0: "X520 Organizational Unit Name", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( x520DnQualifier, SEC_OID_AVA_DN_QUALIFIER, andre@0: "X520 DN Qualifier", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( rfc2247DomainComponent, SEC_OID_AVA_DC, andre@0: "RFC 2247 Domain Component", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: andre@0: OD( nsTypeGIF, SEC_OID_NS_TYPE_GIF, andre@0: "GIF", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( nsTypeJPEG, SEC_OID_NS_TYPE_JPEG, andre@0: "JPEG", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( nsTypeURL, SEC_OID_NS_TYPE_URL, andre@0: "URL", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( nsTypeHTML, SEC_OID_NS_TYPE_HTML, andre@0: "HTML", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( nsTypeCertSeq, SEC_OID_NS_TYPE_CERT_SEQUENCE, andre@0: "Certificate Sequence", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( missiCertKEADSSOld, SEC_OID_MISSI_KEA_DSS_OLD, andre@0: "MISSI KEA and DSS Algorithm (Old)", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( missiCertDSSOld, SEC_OID_MISSI_DSS_OLD, andre@0: "MISSI DSS Algorithm (Old)", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( missiCertKEADSS, SEC_OID_MISSI_KEA_DSS, andre@0: "MISSI KEA and DSS Algorithm", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( missiCertDSS, SEC_OID_MISSI_DSS, andre@0: "MISSI DSS Algorithm", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( missiCertKEA, SEC_OID_MISSI_KEA, andre@0: "MISSI KEA Algorithm", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( missiCertAltKEA, SEC_OID_MISSI_ALT_KEA, andre@0: "MISSI Alternate KEA Algorithm", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: andre@0: /* Netscape private extensions */ andre@0: OD( nsCertExtNetscapeOK, SEC_OID_NS_CERT_EXT_NETSCAPE_OK, andre@0: "Netscape says this cert is OK", andre@0: CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ), andre@0: OD( nsCertExtIssuerLogo, SEC_OID_NS_CERT_EXT_ISSUER_LOGO, andre@0: "Certificate Issuer Logo", andre@0: CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ), andre@0: OD( nsCertExtSubjectLogo, SEC_OID_NS_CERT_EXT_SUBJECT_LOGO, andre@0: "Certificate Subject Logo", andre@0: CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ), andre@0: OD( nsExtCertType, SEC_OID_NS_CERT_EXT_CERT_TYPE, andre@0: "Certificate Type", andre@0: CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), andre@0: OD( nsExtBaseURL, SEC_OID_NS_CERT_EXT_BASE_URL, andre@0: "Certificate Extension Base URL", andre@0: CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), andre@0: OD( nsExtRevocationURL, SEC_OID_NS_CERT_EXT_REVOCATION_URL, andre@0: "Certificate Revocation URL", andre@0: CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), andre@0: OD( nsExtCARevocationURL, SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL, andre@0: "Certificate Authority Revocation URL", andre@0: CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), andre@0: OD( nsExtCACRLURL, SEC_OID_NS_CERT_EXT_CA_CRL_URL, andre@0: "Certificate Authority CRL Download URL", andre@0: CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ), andre@0: OD( nsExtCACertURL, SEC_OID_NS_CERT_EXT_CA_CERT_URL, andre@0: "Certificate Authority Certificate Download URL", andre@0: CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ), andre@0: OD( nsExtCertRenewalURL, SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL, andre@0: "Certificate Renewal URL", andre@0: CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), andre@0: OD( nsExtCAPolicyURL, SEC_OID_NS_CERT_EXT_CA_POLICY_URL, andre@0: "Certificate Authority Policy URL", andre@0: CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), andre@0: OD( nsExtHomepageURL, SEC_OID_NS_CERT_EXT_HOMEPAGE_URL, andre@0: "Certificate Homepage URL", andre@0: CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ), andre@0: OD( nsExtEntityLogo, SEC_OID_NS_CERT_EXT_ENTITY_LOGO, andre@0: "Certificate Entity Logo", andre@0: CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ), andre@0: OD( nsExtUserPicture, SEC_OID_NS_CERT_EXT_USER_PICTURE, andre@0: "Certificate User Picture", andre@0: CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ), andre@0: OD( nsExtSSLServerName, SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME, andre@0: "Certificate SSL Server Name", andre@0: CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ), andre@0: OD( nsExtComment, SEC_OID_NS_CERT_EXT_COMMENT, andre@0: "Certificate Comment", andre@0: CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), andre@0: OD( nsExtLostPasswordURL, SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL, andre@0: "Lost Password URL", andre@0: CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), andre@0: OD( nsExtCertRenewalTime, SEC_OID_NS_CERT_EXT_CERT_RENEWAL_TIME, andre@0: "Certificate Renewal Time", andre@0: CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), andre@0: OD( nsKeyUsageGovtApproved, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED, andre@0: "Strong Crypto Export Approved", andre@0: CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ), andre@0: andre@0: andre@0: /* x.509 v3 certificate extensions */ andre@0: OD( x509SubjectDirectoryAttr, SEC_OID_X509_SUBJECT_DIRECTORY_ATTR, andre@0: "Certificate Subject Directory Attributes", andre@0: CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION), andre@0: OD( x509SubjectKeyID, SEC_OID_X509_SUBJECT_KEY_ID, andre@0: "Certificate Subject Key ID", andre@0: CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), andre@0: OD( x509KeyUsage, SEC_OID_X509_KEY_USAGE, andre@0: "Certificate Key Usage", andre@0: CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), andre@0: OD( x509PrivateKeyUsagePeriod, SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD, andre@0: "Certificate Private Key Usage Period", andre@0: CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ), andre@0: OD( x509SubjectAltName, SEC_OID_X509_SUBJECT_ALT_NAME, andre@0: "Certificate Subject Alt Name", andre@0: CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), andre@0: OD( x509IssuerAltName, SEC_OID_X509_ISSUER_ALT_NAME, andre@0: "Certificate Issuer Alt Name", andre@0: CKM_INVALID_MECHANISM, FAKE_SUPPORTED_CERT_EXTENSION ), andre@0: OD( x509BasicConstraints, SEC_OID_X509_BASIC_CONSTRAINTS, andre@0: "Certificate Basic Constraints", andre@0: CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), andre@0: OD( x509NameConstraints, SEC_OID_X509_NAME_CONSTRAINTS, andre@0: "Certificate Name Constraints", andre@0: CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), andre@0: OD( x509CRLDistPoints, SEC_OID_X509_CRL_DIST_POINTS, andre@0: "CRL Distribution Points", andre@0: CKM_INVALID_MECHANISM, FAKE_SUPPORTED_CERT_EXTENSION ), andre@0: OD( x509CertificatePolicies, SEC_OID_X509_CERTIFICATE_POLICIES, andre@0: "Certificate Policies", andre@0: CKM_INVALID_MECHANISM, FAKE_SUPPORTED_CERT_EXTENSION ), andre@0: OD( x509PolicyMappings, SEC_OID_X509_POLICY_MAPPINGS, andre@0: "Certificate Policy Mappings", andre@0: CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ), andre@0: OD( x509PolicyConstraints, SEC_OID_X509_POLICY_CONSTRAINTS, andre@0: "Certificate Policy Constraints", andre@0: CKM_INVALID_MECHANISM, FAKE_SUPPORTED_CERT_EXTENSION ), andre@0: OD( x509AuthKeyID, SEC_OID_X509_AUTH_KEY_ID, andre@0: "Certificate Authority Key Identifier", andre@0: CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), andre@0: OD( x509ExtKeyUsage, SEC_OID_X509_EXT_KEY_USAGE, andre@0: "Extended Key Usage", andre@0: CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), andre@0: OD( x509AuthInfoAccess, SEC_OID_X509_AUTH_INFO_ACCESS, andre@0: "Authority Information Access", andre@0: CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), andre@0: andre@0: /* x.509 v3 CRL extensions */ andre@0: OD( x509CRLNumber, SEC_OID_X509_CRL_NUMBER, andre@0: "CRL Number", CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), andre@0: OD( x509ReasonCode, SEC_OID_X509_REASON_CODE, andre@0: "CRL reason code", CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), andre@0: OD( x509InvalidDate, SEC_OID_X509_INVALID_DATE, andre@0: "Invalid Date", CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), andre@0: andre@0: OD( x500RSAEncryption, SEC_OID_X500_RSA_ENCRYPTION, andre@0: "X500 RSA Encryption", CKM_RSA_X_509, INVALID_CERT_EXTENSION ), andre@0: andre@0: /* added for alg 1485 */ andre@0: OD( rfc1274Uid, SEC_OID_RFC1274_UID, andre@0: "RFC1274 User Id", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( rfc1274Mail, SEC_OID_RFC1274_MAIL, andre@0: "RFC1274 E-mail Address", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: andre@0: /* pkcs 12 additions */ andre@0: OD( pkcs12, SEC_OID_PKCS12, andre@0: "PKCS #12", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12ModeIDs, SEC_OID_PKCS12_MODE_IDS, andre@0: "PKCS #12 Mode IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12ESPVKIDs, SEC_OID_PKCS12_ESPVK_IDS, andre@0: "PKCS #12 ESPVK IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12BagIDs, SEC_OID_PKCS12_BAG_IDS, andre@0: "PKCS #12 Bag IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12CertBagIDs, SEC_OID_PKCS12_CERT_BAG_IDS, andre@0: "PKCS #12 Cert Bag IDs", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12OIDs, SEC_OID_PKCS12_OIDS, andre@0: "PKCS #12 OIDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12PBEIDs, SEC_OID_PKCS12_PBE_IDS, andre@0: "PKCS #12 PBE IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12SignatureIDs, SEC_OID_PKCS12_SIGNATURE_IDS, andre@0: "PKCS #12 Signature IDs", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12EnvelopingIDs, SEC_OID_PKCS12_ENVELOPING_IDS, andre@0: "PKCS #12 Enveloping IDs", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12PKCS8KeyShrouding, SEC_OID_PKCS12_PKCS8_KEY_SHROUDING, andre@0: "PKCS #12 Key Shrouding", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12KeyBagID, SEC_OID_PKCS12_KEY_BAG_ID, andre@0: "PKCS #12 Key Bag ID", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12CertAndCRLBagID, SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID, andre@0: "PKCS #12 Cert And CRL Bag ID", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12SecretBagID, SEC_OID_PKCS12_SECRET_BAG_ID, andre@0: "PKCS #12 Secret Bag ID", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12X509CertCRLBag, SEC_OID_PKCS12_X509_CERT_CRL_BAG, andre@0: "PKCS #12 X509 Cert CRL Bag", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12SDSICertBag, SEC_OID_PKCS12_SDSI_CERT_BAG, andre@0: "PKCS #12 SDSI Cert Bag", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12PBEWithSha1And128BitRC4, andre@0: SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4, andre@0: "PKCS #12 PBE With SHA-1 and 128 Bit RC4", andre@0: CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12PBEWithSha1And40BitRC4, andre@0: SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4, andre@0: "PKCS #12 PBE With SHA-1 and 40 Bit RC4", andre@0: CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12PBEWithSha1AndTripleDESCBC, andre@0: SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC, andre@0: "PKCS #12 PBE With SHA-1 and Triple DES-CBC", andre@0: CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12PBEWithSha1And128BitRC2CBC, andre@0: SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC, andre@0: "PKCS #12 PBE With SHA-1 and 128 Bit RC2 CBC", andre@0: CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12PBEWithSha1And40BitRC2CBC, andre@0: SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC, andre@0: "PKCS #12 PBE With SHA-1 and 40 Bit RC2 CBC", andre@0: CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12RSAEncryptionWith128BitRC4, andre@0: SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_128_BIT_RC4, andre@0: "PKCS #12 RSA Encryption with 128 Bit RC4", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12RSAEncryptionWith40BitRC4, andre@0: SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_40_BIT_RC4, andre@0: "PKCS #12 RSA Encryption with 40 Bit RC4", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12RSAEncryptionWithTripleDES, andre@0: SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_TRIPLE_DES, andre@0: "PKCS #12 RSA Encryption with Triple DES", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12RSASignatureWithSHA1Digest, andre@0: SEC_OID_PKCS12_RSA_SIGNATURE_WITH_SHA1_DIGEST, andre@0: "PKCS #12 RSA Encryption with Triple DES", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: andre@0: /* DSA signatures */ andre@0: OD( ansix9DSASignature, SEC_OID_ANSIX9_DSA_SIGNATURE, andre@0: "ANSI X9.57 DSA Signature", CKM_DSA, INVALID_CERT_EXTENSION ), andre@0: OD( ansix9DSASignaturewithSHA1Digest, andre@0: SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST, andre@0: "ANSI X9.57 DSA Signature with SHA-1 Digest", andre@0: CKM_DSA_SHA1, INVALID_CERT_EXTENSION ), andre@0: OD( bogusDSASignaturewithSHA1Digest, andre@0: SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST, andre@0: "FORTEZZA DSA Signature with SHA-1 Digest", andre@0: CKM_DSA_SHA1, INVALID_CERT_EXTENSION ), andre@0: andre@0: /* verisign oids */ andre@0: OD( verisignUserNotices, SEC_OID_VERISIGN_USER_NOTICES, andre@0: "Verisign User Notices", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: andre@0: /* pkix oids */ andre@0: OD( pkixCPSPointerQualifier, SEC_OID_PKIX_CPS_POINTER_QUALIFIER, andre@0: "PKIX CPS Pointer Qualifier", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkixUserNoticeQualifier, SEC_OID_PKIX_USER_NOTICE_QUALIFIER, andre@0: "PKIX User Notice Qualifier", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: andre@0: OD( pkixOCSP, SEC_OID_PKIX_OCSP, andre@0: "PKIX Online Certificate Status Protocol", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkixOCSPBasicResponse, SEC_OID_PKIX_OCSP_BASIC_RESPONSE, andre@0: "OCSP Basic Response", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkixOCSPNonce, SEC_OID_PKIX_OCSP_NONCE, andre@0: "OCSP Nonce Extension", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkixOCSPCRL, SEC_OID_PKIX_OCSP_CRL, andre@0: "OCSP CRL Reference Extension", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkixOCSPResponse, SEC_OID_PKIX_OCSP_RESPONSE, andre@0: "OCSP Response Types Extension", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkixOCSPNoCheck, SEC_OID_PKIX_OCSP_NO_CHECK, andre@0: "OCSP No Check Extension", andre@0: CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), andre@0: OD( pkixOCSPArchiveCutoff, SEC_OID_PKIX_OCSP_ARCHIVE_CUTOFF, andre@0: "OCSP Archive Cutoff Extension", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkixOCSPServiceLocator, SEC_OID_PKIX_OCSP_SERVICE_LOCATOR, andre@0: "OCSP Service Locator Extension", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: andre@0: OD( pkixRegCtrlRegToken, SEC_OID_PKIX_REGCTRL_REGTOKEN, andre@0: "PKIX CRMF Registration Control, Registration Token", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkixRegCtrlAuthenticator, SEC_OID_PKIX_REGCTRL_AUTHENTICATOR, andre@0: "PKIX CRMF Registration Control, Registration Authenticator", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkixRegCtrlPKIPubInfo, SEC_OID_PKIX_REGCTRL_PKIPUBINFO, andre@0: "PKIX CRMF Registration Control, PKI Publication Info", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), andre@0: OD( pkixRegCtrlPKIArchOptions, andre@0: SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS, andre@0: "PKIX CRMF Registration Control, PKI Archive Options", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), andre@0: OD( pkixRegCtrlOldCertID, SEC_OID_PKIX_REGCTRL_OLD_CERT_ID, andre@0: "PKIX CRMF Registration Control, Old Certificate ID", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), andre@0: OD( pkixRegCtrlProtEncKey, SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY, andre@0: "PKIX CRMF Registration Control, Protocol Encryption Key", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), andre@0: OD( pkixRegInfoUTF8Pairs, SEC_OID_PKIX_REGINFO_UTF8_PAIRS, andre@0: "PKIX CRMF Registration Info, UTF8 Pairs", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), andre@0: OD( pkixRegInfoCertReq, SEC_OID_PKIX_REGINFO_CERT_REQUEST, andre@0: "PKIX CRMF Registration Info, Certificate Request", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), andre@0: OD( pkixExtendedKeyUsageServerAuth, andre@0: SEC_OID_EXT_KEY_USAGE_SERVER_AUTH, andre@0: "TLS Web Server Authentication Certificate", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), andre@0: OD( pkixExtendedKeyUsageClientAuth, andre@0: SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH, andre@0: "TLS Web Client Authentication Certificate", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), andre@0: OD( pkixExtendedKeyUsageCodeSign, SEC_OID_EXT_KEY_USAGE_CODE_SIGN, andre@0: "Code Signing Certificate", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), andre@0: OD( pkixExtendedKeyUsageEMailProtect, andre@0: SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT, andre@0: "E-Mail Protection Certificate", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), andre@0: OD( pkixExtendedKeyUsageTimeStamp, andre@0: SEC_OID_EXT_KEY_USAGE_TIME_STAMP, andre@0: "Time Stamping Certifcate", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), andre@0: OD( pkixOCSPResponderExtendedKeyUsage, SEC_OID_OCSP_RESPONDER, andre@0: "OCSP Responder Certificate", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), andre@0: andre@0: /* Netscape Algorithm OIDs */ andre@0: andre@0: OD( netscapeSMimeKEA, SEC_OID_NETSCAPE_SMIME_KEA, andre@0: "Netscape S/MIME KEA", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: andre@0: /* Skipjack OID -- ### mwelch temporary */ andre@0: OD( skipjackCBC, SEC_OID_FORTEZZA_SKIPJACK, andre@0: "Skipjack CBC64", CKM_SKIPJACK_CBC64, INVALID_CERT_EXTENSION ), andre@0: andre@0: /* pkcs12 v2 oids */ andre@0: OD( pkcs12V2PBEWithSha1And128BitRC4, andre@0: SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4, andre@0: "PKCS #12 V2 PBE With SHA-1 And 128 Bit RC4", andre@0: CKM_PBE_SHA1_RC4_128, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12V2PBEWithSha1And40BitRC4, andre@0: SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4, andre@0: "PKCS #12 V2 PBE With SHA-1 And 40 Bit RC4", andre@0: CKM_PBE_SHA1_RC4_40, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12V2PBEWithSha1And3KeyTripleDEScbc, andre@0: SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC, andre@0: "PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC", andre@0: CKM_PBE_SHA1_DES3_EDE_CBC, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12V2PBEWithSha1And2KeyTripleDEScbc, andre@0: SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC, andre@0: "PKCS #12 V2 PBE With SHA-1 And 2KEY Triple DES-CBC", andre@0: CKM_PBE_SHA1_DES2_EDE_CBC, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12V2PBEWithSha1And128BitRC2cbc, andre@0: SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC, andre@0: "PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC", andre@0: CKM_PBE_SHA1_RC2_128_CBC, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12V2PBEWithSha1And40BitRC2cbc, andre@0: SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC, andre@0: "PKCS #12 V2 PBE With SHA-1 And 40 Bit RC2 CBC", andre@0: CKM_PBE_SHA1_RC2_40_CBC, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12SafeContentsID, SEC_OID_PKCS12_SAFE_CONTENTS_ID, andre@0: "PKCS #12 Safe Contents ID", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12PKCS8ShroudedKeyBagID, andre@0: SEC_OID_PKCS12_PKCS8_SHROUDED_KEY_BAG_ID, andre@0: "PKCS #12 Safe Contents ID", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12V1KeyBag, SEC_OID_PKCS12_V1_KEY_BAG_ID, andre@0: "PKCS #12 V1 Key Bag", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12V1PKCS8ShroudedKeyBag, andre@0: SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID, andre@0: "PKCS #12 V1 PKCS8 Shrouded Key Bag", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12V1CertBag, SEC_OID_PKCS12_V1_CERT_BAG_ID, andre@0: "PKCS #12 V1 Cert Bag", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12V1CRLBag, SEC_OID_PKCS12_V1_CRL_BAG_ID, andre@0: "PKCS #12 V1 CRL Bag", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12V1SecretBag, SEC_OID_PKCS12_V1_SECRET_BAG_ID, andre@0: "PKCS #12 V1 Secret Bag", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12V1SafeContentsBag, SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID, andre@0: "PKCS #12 V1 Safe Contents Bag", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: andre@0: OD( pkcs9X509Certificate, SEC_OID_PKCS9_X509_CERT, andre@0: "PKCS #9 X509 Certificate", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs9SDSICertificate, SEC_OID_PKCS9_SDSI_CERT, andre@0: "PKCS #9 SDSI Certificate", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs9X509CRL, SEC_OID_PKCS9_X509_CRL, andre@0: "PKCS #9 X509 CRL", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs9FriendlyName, SEC_OID_PKCS9_FRIENDLY_NAME, andre@0: "PKCS #9 Friendly Name", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs9LocalKeyID, SEC_OID_PKCS9_LOCAL_KEY_ID, andre@0: "PKCS #9 Local Key ID", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs12KeyUsageAttr, SEC_OID_BOGUS_KEY_USAGE, andre@0: "Bogus Key Usage", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( dhPublicKey, SEC_OID_X942_DIFFIE_HELMAN_KEY, andre@0: "Diffie-Helman Public Key", CKM_DH_PKCS_DERIVE, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( netscapeNickname, SEC_OID_NETSCAPE_NICKNAME, andre@0: "Netscape Nickname", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: andre@0: /* Cert Server specific OIDs */ andre@0: OD( netscapeRecoveryRequest, SEC_OID_NETSCAPE_RECOVERY_REQUEST, andre@0: "Recovery Request OID", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: andre@0: OD( nsExtAIACertRenewal, SEC_OID_CERT_RENEWAL_LOCATOR, andre@0: "Certificate Renewal Locator OID", CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: andre@0: OD( nsExtCertScopeOfUse, SEC_OID_NS_CERT_EXT_SCOPE_OF_USE, andre@0: "Certificate Scope-of-Use Extension", CKM_INVALID_MECHANISM, andre@0: SUPPORTED_CERT_EXTENSION ), andre@0: andre@0: /* CMS stuff */ andre@0: OD( cmsESDH, SEC_OID_CMS_EPHEMERAL_STATIC_DIFFIE_HELLMAN, andre@0: "Ephemeral-Static Diffie-Hellman", CKM_INVALID_MECHANISM /* XXX */, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( cms3DESwrap, SEC_OID_CMS_3DES_KEY_WRAP, andre@0: "CMS Triple DES Key Wrap", CKM_INVALID_MECHANISM /* XXX */, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( cmsRC2wrap, SEC_OID_CMS_RC2_KEY_WRAP, andre@0: "CMS RC2 Key Wrap", CKM_INVALID_MECHANISM /* XXX */, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( smimeEncryptionKeyPreference, SEC_OID_SMIME_ENCRYPTION_KEY_PREFERENCE, andre@0: "S/MIME Encryption Key Preference", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: andre@0: /* AES algorithm OIDs */ andre@0: OD( aes128_ECB, SEC_OID_AES_128_ECB, andre@0: "AES-128-ECB", CKM_AES_ECB, INVALID_CERT_EXTENSION ), andre@0: OD( aes128_CBC, SEC_OID_AES_128_CBC, andre@0: "AES-128-CBC", CKM_AES_CBC, INVALID_CERT_EXTENSION ), andre@0: OD( aes192_ECB, SEC_OID_AES_192_ECB, andre@0: "AES-192-ECB", CKM_AES_ECB, INVALID_CERT_EXTENSION ), andre@0: OD( aes192_CBC, SEC_OID_AES_192_CBC, andre@0: "AES-192-CBC", CKM_AES_CBC, INVALID_CERT_EXTENSION ), andre@0: OD( aes256_ECB, SEC_OID_AES_256_ECB, andre@0: "AES-256-ECB", CKM_AES_ECB, INVALID_CERT_EXTENSION ), andre@0: OD( aes256_CBC, SEC_OID_AES_256_CBC, andre@0: "AES-256-CBC", CKM_AES_CBC, INVALID_CERT_EXTENSION ), andre@0: andre@0: /* More bogus DSA OIDs */ andre@0: OD( sdn702DSASignature, SEC_OID_SDN702_DSA_SIGNATURE, andre@0: "SDN.702 DSA Signature", CKM_DSA_SHA1, INVALID_CERT_EXTENSION ), andre@0: andre@0: OD( ms_smimeEncryptionKeyPreference, andre@0: SEC_OID_MS_SMIME_ENCRYPTION_KEY_PREFERENCE, andre@0: "Microsoft S/MIME Encryption Key Preference", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: andre@0: OD( sha256, SEC_OID_SHA256, "SHA-256", CKM_SHA256, INVALID_CERT_EXTENSION), andre@0: OD( sha384, SEC_OID_SHA384, "SHA-384", CKM_SHA384, INVALID_CERT_EXTENSION), andre@0: OD( sha512, SEC_OID_SHA512, "SHA-512", CKM_SHA512, INVALID_CERT_EXTENSION), andre@0: andre@0: OD( pkcs1SHA256WithRSAEncryption, SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION, andre@0: "PKCS #1 SHA-256 With RSA Encryption", CKM_SHA256_RSA_PKCS, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( pkcs1SHA384WithRSAEncryption, SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION, andre@0: "PKCS #1 SHA-384 With RSA Encryption", CKM_SHA384_RSA_PKCS, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( pkcs1SHA512WithRSAEncryption, SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION, andre@0: "PKCS #1 SHA-512 With RSA Encryption", CKM_SHA512_RSA_PKCS, andre@0: INVALID_CERT_EXTENSION ), andre@0: andre@0: OD( aes128_KEY_WRAP, SEC_OID_AES_128_KEY_WRAP, andre@0: "AES-128 Key Wrap", CKM_NSS_AES_KEY_WRAP, INVALID_CERT_EXTENSION), andre@0: OD( aes192_KEY_WRAP, SEC_OID_AES_192_KEY_WRAP, andre@0: "AES-192 Key Wrap", CKM_NSS_AES_KEY_WRAP, INVALID_CERT_EXTENSION), andre@0: OD( aes256_KEY_WRAP, SEC_OID_AES_256_KEY_WRAP, andre@0: "AES-256 Key Wrap", CKM_NSS_AES_KEY_WRAP, INVALID_CERT_EXTENSION), andre@0: andre@0: /* Elliptic Curve Cryptography (ECC) OIDs */ andre@0: OD( ansix962ECPublicKey, SEC_OID_ANSIX962_EC_PUBLIC_KEY, andre@0: "X9.62 elliptic curve public key", CKM_ECDH1_DERIVE, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( ansix962SignaturewithSHA1Digest, andre@0: SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE, andre@0: "X9.62 ECDSA signature with SHA-1", CKM_ECDSA_SHA1, andre@0: INVALID_CERT_EXTENSION ), andre@0: andre@0: /* Named curves */ andre@0: andre@0: /* ANSI X9.62 named elliptic curves (prime field) */ andre@0: OD( ansiX962prime192v1, SEC_OID_ANSIX962_EC_PRIME192V1, andre@0: "ANSI X9.62 elliptic curve prime192v1 (aka secp192r1, NIST P-192)", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( ansiX962prime192v2, SEC_OID_ANSIX962_EC_PRIME192V2, andre@0: "ANSI X9.62 elliptic curve prime192v2", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( ansiX962prime192v3, SEC_OID_ANSIX962_EC_PRIME192V3, andre@0: "ANSI X9.62 elliptic curve prime192v3", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( ansiX962prime239v1, SEC_OID_ANSIX962_EC_PRIME239V1, andre@0: "ANSI X9.62 elliptic curve prime239v1", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( ansiX962prime239v2, SEC_OID_ANSIX962_EC_PRIME239V2, andre@0: "ANSI X9.62 elliptic curve prime239v2", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( ansiX962prime239v3, SEC_OID_ANSIX962_EC_PRIME239V3, andre@0: "ANSI X9.62 elliptic curve prime239v3", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( ansiX962prime256v1, SEC_OID_ANSIX962_EC_PRIME256V1, andre@0: "ANSI X9.62 elliptic curve prime256v1 (aka secp256r1, NIST P-256)", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: andre@0: /* SECG named elliptic curves (prime field) */ andre@0: OD( secgECsecp112r1, SEC_OID_SECG_EC_SECP112R1, andre@0: "SECG elliptic curve secp112r1", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( secgECsecp112r2, SEC_OID_SECG_EC_SECP112R2, andre@0: "SECG elliptic curve secp112r2", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( secgECsecp128r1, SEC_OID_SECG_EC_SECP128R1, andre@0: "SECG elliptic curve secp128r1", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( secgECsecp128r2, SEC_OID_SECG_EC_SECP128R2, andre@0: "SECG elliptic curve secp128r2", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( secgECsecp160k1, SEC_OID_SECG_EC_SECP160K1, andre@0: "SECG elliptic curve secp160k1", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( secgECsecp160r1, SEC_OID_SECG_EC_SECP160R1, andre@0: "SECG elliptic curve secp160r1", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( secgECsecp160r2, SEC_OID_SECG_EC_SECP160R2, andre@0: "SECG elliptic curve secp160r2", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( secgECsecp192k1, SEC_OID_SECG_EC_SECP192K1, andre@0: "SECG elliptic curve secp192k1", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( secgECsecp224k1, SEC_OID_SECG_EC_SECP224K1, andre@0: "SECG elliptic curve secp224k1", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( secgECsecp224r1, SEC_OID_SECG_EC_SECP224R1, andre@0: "SECG elliptic curve secp224r1 (aka NIST P-224)", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( secgECsecp256k1, SEC_OID_SECG_EC_SECP256K1, andre@0: "SECG elliptic curve secp256k1", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( secgECsecp384r1, SEC_OID_SECG_EC_SECP384R1, andre@0: "SECG elliptic curve secp384r1 (aka NIST P-384)", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( secgECsecp521r1, SEC_OID_SECG_EC_SECP521R1, andre@0: "SECG elliptic curve secp521r1 (aka NIST P-521)", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: andre@0: /* ANSI X9.62 named elliptic curves (characteristic two field) */ andre@0: OD( ansiX962c2pnb163v1, SEC_OID_ANSIX962_EC_C2PNB163V1, andre@0: "ANSI X9.62 elliptic curve c2pnb163v1", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( ansiX962c2pnb163v2, SEC_OID_ANSIX962_EC_C2PNB163V2, andre@0: "ANSI X9.62 elliptic curve c2pnb163v2", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( ansiX962c2pnb163v3, SEC_OID_ANSIX962_EC_C2PNB163V3, andre@0: "ANSI X9.62 elliptic curve c2pnb163v3", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( ansiX962c2pnb176v1, SEC_OID_ANSIX962_EC_C2PNB176V1, andre@0: "ANSI X9.62 elliptic curve c2pnb176v1", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( ansiX962c2tnb191v1, SEC_OID_ANSIX962_EC_C2TNB191V1, andre@0: "ANSI X9.62 elliptic curve c2tnb191v1", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( ansiX962c2tnb191v2, SEC_OID_ANSIX962_EC_C2TNB191V2, andre@0: "ANSI X9.62 elliptic curve c2tnb191v2", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( ansiX962c2tnb191v3, SEC_OID_ANSIX962_EC_C2TNB191V3, andre@0: "ANSI X9.62 elliptic curve c2tnb191v3", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( ansiX962c2onb191v4, SEC_OID_ANSIX962_EC_C2ONB191V4, andre@0: "ANSI X9.62 elliptic curve c2onb191v4", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( ansiX962c2onb191v5, SEC_OID_ANSIX962_EC_C2ONB191V5, andre@0: "ANSI X9.62 elliptic curve c2onb191v5", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( ansiX962c2pnb208w1, SEC_OID_ANSIX962_EC_C2PNB208W1, andre@0: "ANSI X9.62 elliptic curve c2pnb208w1", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( ansiX962c2tnb239v1, SEC_OID_ANSIX962_EC_C2TNB239V1, andre@0: "ANSI X9.62 elliptic curve c2tnb239v1", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( ansiX962c2tnb239v2, SEC_OID_ANSIX962_EC_C2TNB239V2, andre@0: "ANSI X9.62 elliptic curve c2tnb239v2", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( ansiX962c2tnb239v3, SEC_OID_ANSIX962_EC_C2TNB239V3, andre@0: "ANSI X9.62 elliptic curve c2tnb239v3", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( ansiX962c2onb239v4, SEC_OID_ANSIX962_EC_C2ONB239V4, andre@0: "ANSI X9.62 elliptic curve c2onb239v4", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( ansiX962c2onb239v5, SEC_OID_ANSIX962_EC_C2ONB239V5, andre@0: "ANSI X9.62 elliptic curve c2onb239v5", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( ansiX962c2pnb272w1, SEC_OID_ANSIX962_EC_C2PNB272W1, andre@0: "ANSI X9.62 elliptic curve c2pnb272w1", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( ansiX962c2pnb304w1, SEC_OID_ANSIX962_EC_C2PNB304W1, andre@0: "ANSI X9.62 elliptic curve c2pnb304w1", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( ansiX962c2tnb359v1, SEC_OID_ANSIX962_EC_C2TNB359V1, andre@0: "ANSI X9.62 elliptic curve c2tnb359v1", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( ansiX962c2pnb368w1, SEC_OID_ANSIX962_EC_C2PNB368W1, andre@0: "ANSI X9.62 elliptic curve c2pnb368w1", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( ansiX962c2tnb431r1, SEC_OID_ANSIX962_EC_C2TNB431R1, andre@0: "ANSI X9.62 elliptic curve c2tnb431r1", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: andre@0: /* SECG named elliptic curves (characterisitic two field) */ andre@0: OD( secgECsect113r1, SEC_OID_SECG_EC_SECT113R1, andre@0: "SECG elliptic curve sect113r1", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( secgECsect113r2, SEC_OID_SECG_EC_SECT113R2, andre@0: "SECG elliptic curve sect113r2", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( secgECsect131r1, SEC_OID_SECG_EC_SECT131R1, andre@0: "SECG elliptic curve sect131r1", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( secgECsect131r2, SEC_OID_SECG_EC_SECT131R2, andre@0: "SECG elliptic curve sect131r2", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( secgECsect163k1, SEC_OID_SECG_EC_SECT163K1, andre@0: "SECG elliptic curve sect163k1 (aka NIST K-163)", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( secgECsect163r1, SEC_OID_SECG_EC_SECT163R1, andre@0: "SECG elliptic curve sect163r1", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( secgECsect163r2, SEC_OID_SECG_EC_SECT163R2, andre@0: "SECG elliptic curve sect163r2 (aka NIST B-163)", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( secgECsect193r1, SEC_OID_SECG_EC_SECT193R1, andre@0: "SECG elliptic curve sect193r1", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( secgECsect193r2, SEC_OID_SECG_EC_SECT193R2, andre@0: "SECG elliptic curve sect193r2", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( secgECsect233k1, SEC_OID_SECG_EC_SECT233K1, andre@0: "SECG elliptic curve sect233k1 (aka NIST K-233)", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( secgECsect233r1, SEC_OID_SECG_EC_SECT233R1, andre@0: "SECG elliptic curve sect233r1 (aka NIST B-233)", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( secgECsect239k1, SEC_OID_SECG_EC_SECT239K1, andre@0: "SECG elliptic curve sect239k1", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( secgECsect283k1, SEC_OID_SECG_EC_SECT283K1, andre@0: "SECG elliptic curve sect283k1 (aka NIST K-283)", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( secgECsect283r1, SEC_OID_SECG_EC_SECT283R1, andre@0: "SECG elliptic curve sect283r1 (aka NIST B-283)", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( secgECsect409k1, SEC_OID_SECG_EC_SECT409K1, andre@0: "SECG elliptic curve sect409k1 (aka NIST K-409)", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( secgECsect409r1, SEC_OID_SECG_EC_SECT409R1, andre@0: "SECG elliptic curve sect409r1 (aka NIST B-409)", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( secgECsect571k1, SEC_OID_SECG_EC_SECT571K1, andre@0: "SECG elliptic curve sect571k1 (aka NIST K-571)", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( secgECsect571r1, SEC_OID_SECG_EC_SECT571R1, andre@0: "SECG elliptic curve sect571r1 (aka NIST B-571)", andre@0: CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: andre@0: OD( netscapeAOLScreenname, SEC_OID_NETSCAPE_AOLSCREENNAME, andre@0: "AOL Screenname", CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: andre@0: OD( x520SurName, SEC_OID_AVA_SURNAME, andre@0: "X520 Title", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( x520SerialNumber, SEC_OID_AVA_SERIAL_NUMBER, andre@0: "X520 Serial Number", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( x520StreetAddress, SEC_OID_AVA_STREET_ADDRESS, andre@0: "X520 Street Address", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( x520Title, SEC_OID_AVA_TITLE, andre@0: "X520 Title", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( x520PostalAddress, SEC_OID_AVA_POSTAL_ADDRESS, andre@0: "X520 Postal Address", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( x520PostalCode, SEC_OID_AVA_POSTAL_CODE, andre@0: "X520 Postal Code", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( x520PostOfficeBox, SEC_OID_AVA_POST_OFFICE_BOX, andre@0: "X520 Post Office Box", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( x520GivenName, SEC_OID_AVA_GIVEN_NAME, andre@0: "X520 Given Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( x520Initials, SEC_OID_AVA_INITIALS, andre@0: "X520 Initials", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( x520GenerationQualifier, SEC_OID_AVA_GENERATION_QUALIFIER, andre@0: "X520 Generation Qualifier", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( x520HouseIdentifier, SEC_OID_AVA_HOUSE_IDENTIFIER, andre@0: "X520 House Identifier", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( x520Pseudonym, SEC_OID_AVA_PSEUDONYM, andre@0: "X520 Pseudonym", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: andre@0: /* More OIDs */ andre@0: OD( pkixCAIssuers, SEC_OID_PKIX_CA_ISSUERS, andre@0: "PKIX CA issuers access method", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs9ExtensionRequest, SEC_OID_PKCS9_EXTENSION_REQUEST, andre@0: "PKCS #9 Extension Request", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: andre@0: /* more ECC Signature Oids */ andre@0: OD( ansix962SignatureRecommended, andre@0: SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST, andre@0: "X9.62 ECDSA signature with recommended digest", CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( ansix962SignatureSpecified, andre@0: SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST, andre@0: "X9.62 ECDSA signature with specified digest", CKM_ECDSA, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( ansix962SignaturewithSHA224Digest, andre@0: SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE, andre@0: "X9.62 ECDSA signature with SHA224", CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( ansix962SignaturewithSHA256Digest, andre@0: SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE, andre@0: "X9.62 ECDSA signature with SHA256", CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( ansix962SignaturewithSHA384Digest, andre@0: SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE, andre@0: "X9.62 ECDSA signature with SHA384", CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( ansix962SignaturewithSHA512Digest, andre@0: SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE, andre@0: "X9.62 ECDSA signature with SHA512", CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: andre@0: /* More id-ce and id-pe OIDs from RFC 3280 */ andre@0: OD( x509HoldInstructionCode, SEC_OID_X509_HOLD_INSTRUCTION_CODE, andre@0: "CRL Hold Instruction Code", CKM_INVALID_MECHANISM, andre@0: UNSUPPORTED_CERT_EXTENSION ), andre@0: OD( x509DeltaCRLIndicator, SEC_OID_X509_DELTA_CRL_INDICATOR, andre@0: "Delta CRL Indicator", CKM_INVALID_MECHANISM, andre@0: FAKE_SUPPORTED_CERT_EXTENSION ), andre@0: OD( x509IssuingDistributionPoint, SEC_OID_X509_ISSUING_DISTRIBUTION_POINT, andre@0: "Issuing Distribution Point", CKM_INVALID_MECHANISM, andre@0: FAKE_SUPPORTED_CERT_EXTENSION ), andre@0: OD( x509CertIssuer, SEC_OID_X509_CERT_ISSUER, andre@0: "Certificate Issuer Extension",CKM_INVALID_MECHANISM, andre@0: FAKE_SUPPORTED_CERT_EXTENSION ), andre@0: OD( x509FreshestCRL, SEC_OID_X509_FRESHEST_CRL, andre@0: "Freshest CRL", CKM_INVALID_MECHANISM, andre@0: UNSUPPORTED_CERT_EXTENSION ), andre@0: OD( x509InhibitAnyPolicy, SEC_OID_X509_INHIBIT_ANY_POLICY, andre@0: "Inhibit Any Policy", CKM_INVALID_MECHANISM, andre@0: FAKE_SUPPORTED_CERT_EXTENSION ), andre@0: OD( x509SubjectInfoAccess, SEC_OID_X509_SUBJECT_INFO_ACCESS, andre@0: "Subject Info Access", CKM_INVALID_MECHANISM, andre@0: UNSUPPORTED_CERT_EXTENSION ), andre@0: andre@0: /* Camellia algorithm OIDs */ andre@0: OD( camellia128_CBC, SEC_OID_CAMELLIA_128_CBC, andre@0: "CAMELLIA-128-CBC", CKM_CAMELLIA_CBC, INVALID_CERT_EXTENSION ), andre@0: OD( camellia192_CBC, SEC_OID_CAMELLIA_192_CBC, andre@0: "CAMELLIA-192-CBC", CKM_CAMELLIA_CBC, INVALID_CERT_EXTENSION ), andre@0: OD( camellia256_CBC, SEC_OID_CAMELLIA_256_CBC, andre@0: "CAMELLIA-256-CBC", CKM_CAMELLIA_CBC, INVALID_CERT_EXTENSION ), andre@0: andre@0: /* PKCS 5 v2 OIDS */ andre@0: OD( pkcs5Pbkdf2, SEC_OID_PKCS5_PBKDF2, andre@0: "PKCS #5 Password Based Key Dervive Function v2 ", andre@0: CKM_PKCS5_PBKD2, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs5Pbes2, SEC_OID_PKCS5_PBES2, andre@0: "PKCS #5 Password Based Encryption v2 ", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( pkcs5Pbmac1, SEC_OID_PKCS5_PBMAC1, andre@0: "PKCS #5 Password Based Authentication v1 ", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( hmac_sha1, SEC_OID_HMAC_SHA1, "HMAC SHA-1", andre@0: CKM_SHA_1_HMAC, INVALID_CERT_EXTENSION ), andre@0: OD( hmac_sha224, SEC_OID_HMAC_SHA224, "HMAC SHA-224", andre@0: CKM_SHA224_HMAC, INVALID_CERT_EXTENSION ), andre@0: OD( hmac_sha256, SEC_OID_HMAC_SHA256, "HMAC SHA-256", andre@0: CKM_SHA256_HMAC, INVALID_CERT_EXTENSION ), andre@0: OD( hmac_sha384, SEC_OID_HMAC_SHA384, "HMAC SHA-384", andre@0: CKM_SHA384_HMAC, INVALID_CERT_EXTENSION ), andre@0: OD( hmac_sha512, SEC_OID_HMAC_SHA512, "HMAC SHA-512", andre@0: CKM_SHA512_HMAC, INVALID_CERT_EXTENSION ), andre@0: andre@0: /* SIA extension OIDs */ andre@0: OD( x509SIATimeStamping, SEC_OID_PKIX_TIMESTAMPING, andre@0: "SIA Time Stamping", CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: OD( x509SIACaRepository, SEC_OID_PKIX_CA_REPOSITORY, andre@0: "SIA CA Repository", CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: andre@0: OD( isoSHA1WithRSASignature, SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE, andre@0: "ISO SHA-1 with RSA Signature", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: andre@0: /* SEED algorithm OIDs */ andre@0: OD( seed_CBC, SEC_OID_SEED_CBC, andre@0: "SEED-CBC", CKM_SEED_CBC, INVALID_CERT_EXTENSION), andre@0: andre@0: OD( x509CertificatePoliciesAnyPolicy, SEC_OID_X509_ANY_POLICY, andre@0: "Certificate Policies AnyPolicy", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: andre@0: OD( pkcs1RSAOAEPEncryption, SEC_OID_PKCS1_RSA_OAEP_ENCRYPTION, andre@0: "PKCS #1 RSA-OAEP Encryption", CKM_RSA_PKCS_OAEP, andre@0: INVALID_CERT_EXTENSION ), andre@0: andre@0: OD( pkcs1MGF1, SEC_OID_PKCS1_MGF1, andre@0: "PKCS #1 MGF1 Mask Generation Function", CKM_INVALID_MECHANISM, andre@0: INVALID_CERT_EXTENSION ), andre@0: andre@0: OD( pkcs1PSpecified, SEC_OID_PKCS1_PSPECIFIED, andre@0: "PKCS #1 RSA-OAEP Explicitly Specified Encoding Parameters", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: andre@0: OD( pkcs1RSAPSSSignature, SEC_OID_PKCS1_RSA_PSS_SIGNATURE, andre@0: "PKCS #1 RSA-PSS Signature", CKM_RSA_PKCS_PSS, andre@0: INVALID_CERT_EXTENSION ), andre@0: andre@0: OD( pkcs1SHA224WithRSAEncryption, SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION, andre@0: "PKCS #1 SHA-224 With RSA Encryption", CKM_SHA224_RSA_PKCS, andre@0: INVALID_CERT_EXTENSION ), andre@0: andre@0: OD( sha224, SEC_OID_SHA224, "SHA-224", CKM_SHA224, INVALID_CERT_EXTENSION), andre@0: andre@0: OD( evIncorporationLocality, SEC_OID_EV_INCORPORATION_LOCALITY, andre@0: "Jurisdiction of Incorporation Locality Name", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( evIncorporationState, SEC_OID_EV_INCORPORATION_STATE, andre@0: "Jurisdiction of Incorporation State Name", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( evIncorporationCountry, SEC_OID_EV_INCORPORATION_COUNTRY, andre@0: "Jurisdiction of Incorporation Country Name", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( x520BusinessCategory, SEC_OID_BUSINESS_CATEGORY, andre@0: "Business Category", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: andre@0: OD( nistDSASignaturewithSHA224Digest, andre@0: SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST, andre@0: "DSA with SHA-224 Signature", andre@0: CKM_INVALID_MECHANISM /* not yet defined */, INVALID_CERT_EXTENSION), andre@0: OD( nistDSASignaturewithSHA256Digest, andre@0: SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST, andre@0: "DSA with SHA-256 Signature", andre@0: CKM_INVALID_MECHANISM /* not yet defined */, INVALID_CERT_EXTENSION), andre@0: OD( msExtendedKeyUsageTrustListSigning, andre@0: SEC_OID_MS_EXT_KEY_USAGE_CTL_SIGNING, andre@0: "Microsoft Trust List Signing", andre@0: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), andre@0: OD( x520Name, SEC_OID_AVA_NAME, andre@0: "X520 Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ) andre@0: }; andre@0: andre@0: /* PRIVATE EXTENDED SECOID Table andre@0: * This table is private. Its structure is opaque to the outside. andre@0: * It is indexed by the same SECOidTag as the oids table above. andre@0: * Every member of this struct must have accessor functions (set, get) andre@0: * and those functions must operate by value, not by reference. andre@0: * The addresses of the contents of this table must not be exposed andre@0: * by the accessor functions. andre@0: */ andre@0: typedef struct privXOidStr { andre@0: PRUint32 notPolicyFlags; /* ones complement of policy flags */ andre@0: } privXOid; andre@0: andre@0: static privXOid xOids[SEC_OID_TOTAL]; andre@0: andre@0: /* andre@0: * now the dynamic table. The dynamic table gets build at init time. andre@0: * and conceivably gets modified if the user loads new crypto modules. andre@0: * All this static data, and the allocated data to which it points, andre@0: * is protected by a global reader/writer lock. andre@0: * The c language guarantees that global and static data that is not andre@0: * explicitly initialized will be initialized with zeros. If we andre@0: * initialize it with zeros, the data goes into the initialized data andre@0: * secment, and increases the size of the library. By leaving it andre@0: * uninitialized, it is allocated in BSS, and does NOT increase the andre@0: * library size. andre@0: */ andre@0: andre@0: typedef struct dynXOidStr { andre@0: SECOidData data; andre@0: privXOid priv; andre@0: } dynXOid; andre@0: andre@0: static NSSRWLock * dynOidLock; andre@0: static PLArenaPool * dynOidPool; andre@0: static PLHashTable * dynOidHash; andre@0: static dynXOid ** dynOidTable; /* not in the pool */ andre@0: static int dynOidEntriesAllocated; andre@0: static int dynOidEntriesUsed; andre@0: andre@0: /* Creates NSSRWLock and dynOidPool at initialization time. andre@0: */ andre@0: static SECStatus andre@0: secoid_InitDynOidData(void) andre@0: { andre@0: SECStatus rv = SECSuccess; andre@0: andre@0: dynOidLock = NSSRWLock_New(1, "dynamic OID data"); andre@0: if (!dynOidLock) { andre@0: return SECFailure; /* Error code should already be set. */ andre@0: } andre@0: dynOidPool = PORT_NewArena(2048); andre@0: if (!dynOidPool) { andre@0: rv = SECFailure /* Error code should already be set. */; andre@0: } andre@0: return rv; andre@0: } andre@0: andre@0: /* Add oidData to hash table. Caller holds write lock dynOidLock. */ andre@0: static SECStatus andre@0: secoid_HashDynamicOiddata(const SECOidData * oid) andre@0: { andre@0: PLHashEntry *entry; andre@0: andre@0: if (!dynOidHash) { andre@0: dynOidHash = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare, andre@0: PL_CompareValues, NULL, NULL); andre@0: if ( !dynOidHash ) { andre@0: return SECFailure; andre@0: } andre@0: } andre@0: andre@0: entry = PL_HashTableAdd( dynOidHash, &oid->oid, (void *)oid ); andre@0: return entry ? SECSuccess : SECFailure; andre@0: } andre@0: andre@0: andre@0: /* andre@0: * Lookup a Dynamic OID. Dynamic OID's still change slowly, so it's andre@0: * cheaper to rehash the table when it changes than it is to do the loop andre@0: * each time. andre@0: */ andre@0: static SECOidData * andre@0: secoid_FindDynamic(const SECItem *key) andre@0: { andre@0: SECOidData *ret = NULL; andre@0: andre@0: if (dynOidHash) { andre@0: NSSRWLock_LockRead(dynOidLock); andre@0: if (dynOidHash) { /* must check it again with lock held. */ andre@0: ret = (SECOidData *)PL_HashTableLookup(dynOidHash, key); andre@0: } andre@0: NSSRWLock_UnlockRead(dynOidLock); andre@0: } andre@0: if (ret == NULL) { andre@0: PORT_SetError(SEC_ERROR_UNRECOGNIZED_OID); andre@0: } andre@0: return ret; andre@0: } andre@0: andre@0: static dynXOid * andre@0: secoid_FindDynamicByTag(SECOidTag tagnum) andre@0: { andre@0: dynXOid *dxo = NULL; andre@0: int tagNumDiff; andre@0: andre@0: if (tagnum < SEC_OID_TOTAL) { andre@0: PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); andre@0: return NULL; andre@0: } andre@0: tagNumDiff = tagnum - SEC_OID_TOTAL; andre@0: andre@0: if (dynOidTable) { andre@0: NSSRWLock_LockRead(dynOidLock); andre@0: if (dynOidTable != NULL && /* must check it again with lock held. */ andre@0: tagNumDiff < dynOidEntriesUsed) { andre@0: dxo = dynOidTable[tagNumDiff]; andre@0: } andre@0: NSSRWLock_UnlockRead(dynOidLock); andre@0: } andre@0: if (dxo == NULL) { andre@0: PORT_SetError(SEC_ERROR_UNRECOGNIZED_OID); andre@0: } andre@0: return dxo; andre@0: } andre@0: andre@0: /* andre@0: * This routine is thread safe now. andre@0: */ andre@0: SECOidTag andre@0: SECOID_AddEntry(const SECOidData * src) andre@0: { andre@0: SECOidData * dst; andre@0: dynXOid **table; andre@0: SECOidTag ret = SEC_OID_UNKNOWN; andre@0: SECStatus rv; andre@0: int tableEntries; andre@0: int used; andre@0: andre@0: if (!src || !src->oid.data || !src->oid.len || \ andre@0: !src->desc || !strlen(src->desc)) { andre@0: PORT_SetError(SEC_ERROR_INVALID_ARGS); andre@0: return ret; andre@0: } andre@0: if (src->supportedExtension != INVALID_CERT_EXTENSION && andre@0: src->supportedExtension != UNSUPPORTED_CERT_EXTENSION && andre@0: src->supportedExtension != SUPPORTED_CERT_EXTENSION ) { andre@0: PORT_SetError(SEC_ERROR_INVALID_ARGS); andre@0: return ret; andre@0: } andre@0: andre@0: if (!dynOidPool || !dynOidLock) { andre@0: PORT_SetError(SEC_ERROR_NOT_INITIALIZED); andre@0: return ret; andre@0: } andre@0: andre@0: NSSRWLock_LockWrite(dynOidLock); andre@0: andre@0: /* We've just acquired the write lock, and now we call FindOIDTag andre@0: ** which will acquire and release the read lock. NSSRWLock has been andre@0: ** designed to allow this very case without deadlock. This approach andre@0: ** makes the test for the presence of the OID, and the subsequent andre@0: ** addition of the OID to the table a single atomic write operation. andre@0: */ andre@0: ret = SECOID_FindOIDTag(&src->oid); andre@0: if (ret != SEC_OID_UNKNOWN) { andre@0: /* we could return an error here, but I chose not to do that. andre@0: ** This way, if we add an OID to the shared library's built in andre@0: ** list of OIDs in some future release, and that OID is the same andre@0: ** as some OID that a program has been adding, the program will andre@0: ** not suddenly stop working. andre@0: */ andre@0: goto done; andre@0: } andre@0: andre@0: table = dynOidTable; andre@0: tableEntries = dynOidEntriesAllocated; andre@0: used = dynOidEntriesUsed; andre@0: andre@0: if (used + 1 > tableEntries) { andre@0: dynXOid ** newTable; andre@0: int newTableEntries = tableEntries + 16; andre@0: andre@0: newTable = (dynXOid **)PORT_Realloc(table, andre@0: newTableEntries * sizeof(dynXOid *)); andre@0: if (newTable == NULL) { andre@0: goto done; andre@0: } andre@0: dynOidTable = table = newTable; andre@0: dynOidEntriesAllocated = tableEntries = newTableEntries; andre@0: } andre@0: andre@0: /* copy oid structure */ andre@0: dst = (SECOidData *)PORT_ArenaZNew(dynOidPool, dynXOid); andre@0: if (!dst) { andre@0: goto done; andre@0: } andre@0: rv = SECITEM_CopyItem(dynOidPool, &dst->oid, &src->oid); andre@0: if (rv != SECSuccess) { andre@0: goto done; andre@0: } andre@0: dst->desc = PORT_ArenaStrdup(dynOidPool, src->desc); andre@0: if (!dst->desc) { andre@0: goto done; andre@0: } andre@0: dst->offset = (SECOidTag)(used + SEC_OID_TOTAL); andre@0: dst->mechanism = src->mechanism; andre@0: dst->supportedExtension = src->supportedExtension; andre@0: andre@0: rv = secoid_HashDynamicOiddata(dst); andre@0: if (rv == SECSuccess) { andre@0: table[used++] = (dynXOid *)dst; andre@0: dynOidEntriesUsed = used; andre@0: ret = dst->offset; andre@0: } andre@0: done: andre@0: NSSRWLock_UnlockWrite(dynOidLock); andre@0: return ret; andre@0: } andre@0: andre@0: andre@0: /* normal static table processing */ andre@0: static PLHashTable *oidhash = NULL; andre@0: static PLHashTable *oidmechhash = NULL; andre@0: andre@0: static PLHashNumber andre@0: secoid_HashNumber(const void *key) andre@0: { andre@0: return (PLHashNumber) key; andre@0: } andre@0: andre@0: static void andre@0: handleHashAlgSupport(char * envVal) andre@0: { andre@0: char * myVal = PORT_Strdup(envVal); /* Get a copy we can alter */ andre@0: char * arg = myVal; andre@0: andre@0: while (arg && *arg) { andre@0: char * nextArg = PL_strpbrk(arg, ";"); andre@0: PRUint32 notEnable; andre@0: andre@0: if (nextArg) { andre@0: while (*nextArg == ';') { andre@0: *nextArg++ = '\0'; andre@0: } andre@0: } andre@0: notEnable = (*arg == '-') ? NSS_USE_ALG_IN_CERT_SIGNATURE : 0; andre@0: if ((*arg == '+' || *arg == '-') && *++arg) { andre@0: int i; andre@0: andre@0: for (i = 1; i < SEC_OID_TOTAL; i++) { andre@0: if (oids[i].desc && strstr(arg, oids[i].desc)) { andre@0: xOids[i].notPolicyFlags = notEnable | andre@0: (xOids[i].notPolicyFlags & ~NSS_USE_ALG_IN_CERT_SIGNATURE); andre@0: } andre@0: } andre@0: } andre@0: arg = nextArg; andre@0: } andre@0: PORT_Free(myVal); /* can handle NULL argument OK */ andre@0: } andre@0: andre@0: SECStatus andre@0: SECOID_Init(void) andre@0: { andre@0: PLHashEntry *entry; andre@0: const SECOidData *oid; andre@0: int i; andre@0: char * envVal; andre@0: volatile char c; /* force a reference that won't get optimized away */ andre@0: andre@0: c = __nss_util_rcsid[0] + __nss_util_sccsid[0]; andre@0: andre@0: if (oidhash) { andre@0: return SECSuccess; /* already initialized */ andre@0: } andre@0: andre@0: if (!PR_GetEnv("NSS_ALLOW_WEAK_SIGNATURE_ALG")) { andre@0: /* initialize any policy flags that are disabled by default */ andre@0: xOids[SEC_OID_MD2 ].notPolicyFlags = ~0; andre@0: xOids[SEC_OID_MD4 ].notPolicyFlags = ~0; andre@0: xOids[SEC_OID_MD5 ].notPolicyFlags = ~0; andre@0: xOids[SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION ].notPolicyFlags = ~0; andre@0: xOids[SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION ].notPolicyFlags = ~0; andre@0: xOids[SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION ].notPolicyFlags = ~0; andre@0: xOids[SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC].notPolicyFlags = ~0; andre@0: xOids[SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC].notPolicyFlags = ~0; andre@0: } andre@0: andre@0: envVal = PR_GetEnv("NSS_HASH_ALG_SUPPORT"); andre@0: if (envVal) andre@0: handleHashAlgSupport(envVal); andre@0: andre@0: if (secoid_InitDynOidData() != SECSuccess) { andre@0: PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); andre@0: PORT_Assert(0); /* this function should never fail */ andre@0: return SECFailure; andre@0: } andre@0: andre@0: oidhash = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare, andre@0: PL_CompareValues, NULL, NULL); andre@0: oidmechhash = PL_NewHashTable(0, secoid_HashNumber, PL_CompareValues, andre@0: PL_CompareValues, NULL, NULL); andre@0: andre@0: if ( !oidhash || !oidmechhash) { andre@0: PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); andre@0: PORT_Assert(0); /*This function should never fail. */ andre@0: return(SECFailure); andre@0: } andre@0: andre@0: for ( i = 0; i < SEC_OID_TOTAL; i++ ) { andre@0: oid = &oids[i]; andre@0: andre@0: PORT_Assert ( oid->offset == i ); andre@0: andre@0: entry = PL_HashTableAdd( oidhash, &oid->oid, (void *)oid ); andre@0: if ( entry == NULL ) { andre@0: PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); andre@0: PORT_Assert(0); /*This function should never fail. */ andre@0: return(SECFailure); andre@0: } andre@0: andre@0: if ( oid->mechanism != CKM_INVALID_MECHANISM ) { andre@0: entry = PL_HashTableAdd( oidmechhash, andre@0: (void *)oid->mechanism, (void *)oid ); andre@0: if ( entry == NULL ) { andre@0: PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); andre@0: PORT_Assert(0); /* This function should never fail. */ andre@0: return(SECFailure); andre@0: } andre@0: } andre@0: } andre@0: andre@0: PORT_Assert (i == SEC_OID_TOTAL); andre@0: andre@0: return(SECSuccess); andre@0: } andre@0: andre@0: SECOidData * andre@0: SECOID_FindOIDByMechanism(unsigned long mechanism) andre@0: { andre@0: SECOidData *ret; andre@0: andre@0: PR_ASSERT(oidhash != NULL); andre@0: andre@0: ret = PL_HashTableLookupConst ( oidmechhash, (void *)mechanism); andre@0: if ( ret == NULL ) { andre@0: PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); andre@0: } andre@0: andre@0: return (ret); andre@0: } andre@0: andre@0: SECOidData * andre@0: SECOID_FindOID(const SECItem *oid) andre@0: { andre@0: SECOidData *ret; andre@0: andre@0: PR_ASSERT(oidhash != NULL); andre@0: andre@0: ret = PL_HashTableLookupConst ( oidhash, oid ); andre@0: if ( ret == NULL ) { andre@0: ret = secoid_FindDynamic(oid); andre@0: if (ret == NULL) { andre@0: PORT_SetError(SEC_ERROR_UNRECOGNIZED_OID); andre@0: } andre@0: } andre@0: andre@0: return(ret); andre@0: } andre@0: andre@0: SECOidTag andre@0: SECOID_FindOIDTag(const SECItem *oid) andre@0: { andre@0: SECOidData *oiddata; andre@0: andre@0: oiddata = SECOID_FindOID (oid); andre@0: if (oiddata == NULL) andre@0: return SEC_OID_UNKNOWN; andre@0: andre@0: return oiddata->offset; andre@0: } andre@0: andre@0: /* This really should return const. */ andre@0: SECOidData * andre@0: SECOID_FindOIDByTag(SECOidTag tagnum) andre@0: { andre@0: if (tagnum >= SEC_OID_TOTAL) { andre@0: return (SECOidData *)secoid_FindDynamicByTag(tagnum); andre@0: } andre@0: andre@0: PORT_Assert((unsigned int)tagnum < SEC_OID_TOTAL); andre@0: return (SECOidData *)(&oids[tagnum]); andre@0: } andre@0: andre@0: PRBool SECOID_KnownCertExtenOID (SECItem *extenOid) andre@0: { andre@0: SECOidData * oidData; andre@0: andre@0: oidData = SECOID_FindOID (extenOid); andre@0: if (oidData == (SECOidData *)NULL) andre@0: return (PR_FALSE); andre@0: return ((oidData->supportedExtension == SUPPORTED_CERT_EXTENSION) ? andre@0: PR_TRUE : PR_FALSE); andre@0: } andre@0: andre@0: andre@0: const char * andre@0: SECOID_FindOIDTagDescription(SECOidTag tagnum) andre@0: { andre@0: const SECOidData *oidData = SECOID_FindOIDByTag(tagnum); andre@0: return oidData ? oidData->desc : 0; andre@0: } andre@0: andre@0: /* --------- opaque extended OID table accessor functions ---------------*/ andre@0: /* andre@0: * Any of these functions may return SECSuccess or SECFailure with the error andre@0: * code set to SEC_ERROR_UNKNOWN_OBJECT_TYPE if the SECOidTag is out of range. andre@0: */ andre@0: andre@0: static privXOid * andre@0: secoid_FindXOidByTag(SECOidTag tagnum) andre@0: { andre@0: if (tagnum >= SEC_OID_TOTAL) { andre@0: dynXOid *dxo = secoid_FindDynamicByTag(tagnum); andre@0: return (dxo ? &dxo->priv : NULL); andre@0: } andre@0: andre@0: PORT_Assert((unsigned int)tagnum < SEC_OID_TOTAL); andre@0: return &xOids[tagnum]; andre@0: } andre@0: andre@0: /* The Get function outputs the 32-bit value associated with the SECOidTag. andre@0: * Flags bits are the NSS_USE_ALG_ #defines in "secoidt.h". andre@0: * Default value for any algorithm is 0xffffffff (enabled for all purposes). andre@0: * No value is output if function returns SECFailure. andre@0: */ andre@0: SECStatus andre@0: NSS_GetAlgorithmPolicy(SECOidTag tag, PRUint32 *pValue) andre@0: { andre@0: privXOid * pxo = secoid_FindXOidByTag(tag); andre@0: if (!pxo) andre@0: return SECFailure; andre@0: if (!pValue) { andre@0: PORT_SetError(SEC_ERROR_INVALID_ARGS); andre@0: return SECFailure; andre@0: } andre@0: *pValue = ~(pxo->notPolicyFlags); andre@0: return SECSuccess; andre@0: } andre@0: andre@0: /* The Set function modifies the stored value according to the following andre@0: * algorithm: andre@0: * policy[tag] = (policy[tag] & ~clearBits) | setBits; andre@0: */ andre@0: SECStatus andre@0: NSS_SetAlgorithmPolicy(SECOidTag tag, PRUint32 setBits, PRUint32 clearBits) andre@0: { andre@0: privXOid * pxo = secoid_FindXOidByTag(tag); andre@0: PRUint32 policyFlags; andre@0: if (!pxo) andre@0: return SECFailure; andre@0: /* The stored policy flags are the ones complement of the flags as andre@0: * seen by the user. This is not atomic, but these changes should andre@0: * be done rarely, e.g. at initialization time. andre@0: */ andre@0: policyFlags = ~(pxo->notPolicyFlags); andre@0: policyFlags = (policyFlags & ~clearBits) | setBits; andre@0: pxo->notPolicyFlags = ~policyFlags; andre@0: return SECSuccess; andre@0: } andre@0: andre@0: /* --------- END OF opaque extended OID table accessor functions ---------*/ andre@0: andre@0: /* for now, this is only used in a single place, so it can remain static */ andre@0: static PRBool parentForkedAfterC_Initialize; andre@0: andre@0: #define SKIP_AFTER_FORK(x) if (!parentForkedAfterC_Initialize) x andre@0: andre@0: /* andre@0: * free up the oid tables. andre@0: */ andre@0: SECStatus andre@0: SECOID_Shutdown(void) andre@0: { andre@0: if (oidhash) { andre@0: PL_HashTableDestroy(oidhash); andre@0: oidhash = NULL; andre@0: } andre@0: if (oidmechhash) { andre@0: PL_HashTableDestroy(oidmechhash); andre@0: oidmechhash = NULL; andre@0: } andre@0: /* Have to handle the case where the lock was created, but andre@0: ** the pool wasn't. andre@0: ** I'm not going to attempt to create the lock, just to protect andre@0: ** the destruction of data that probably isn't initialized anyway. andre@0: */ andre@0: if (dynOidLock) { andre@0: SKIP_AFTER_FORK(NSSRWLock_LockWrite(dynOidLock)); andre@0: if (dynOidHash) { andre@0: PL_HashTableDestroy(dynOidHash); andre@0: dynOidHash = NULL; andre@0: } andre@0: if (dynOidPool) { andre@0: PORT_FreeArena(dynOidPool, PR_FALSE); andre@0: dynOidPool = NULL; andre@0: } andre@0: if (dynOidTable) { andre@0: PORT_Free(dynOidTable); andre@0: dynOidTable = NULL; andre@0: } andre@0: dynOidEntriesAllocated = 0; andre@0: dynOidEntriesUsed = 0; andre@0: andre@0: SKIP_AFTER_FORK(NSSRWLock_UnlockWrite(dynOidLock)); andre@0: SKIP_AFTER_FORK(NSSRWLock_Destroy(dynOidLock)); andre@0: dynOidLock = NULL; andre@0: } else { andre@0: /* Since dynOidLock doesn't exist, then all the data it protects andre@0: ** should be uninitialized. We'll check that (in DEBUG builds), andre@0: ** and then make sure it is so, in case NSS is reinitialized. andre@0: */ andre@0: PORT_Assert(!dynOidHash && !dynOidPool && !dynOidTable && \ andre@0: !dynOidEntriesAllocated && !dynOidEntriesUsed); andre@0: dynOidHash = NULL; andre@0: dynOidPool = NULL; andre@0: dynOidTable = NULL; andre@0: dynOidEntriesAllocated = 0; andre@0: dynOidEntriesUsed = 0; andre@0: } andre@0: memset(xOids, 0, sizeof xOids); andre@0: return SECSuccess; andre@0: } andre@0: andre@0: void UTIL_SetForkState(PRBool forked) andre@0: { andre@0: parentForkedAfterC_Initialize = forked; andre@0: } andre@0: andre@0: const char * andre@0: NSSUTIL_GetVersion(void) andre@0: { andre@0: return NSSUTIL_VERSION; andre@0: }