Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(177)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: mozilla/security/nss/lib/util/secoid.c

Issue 14249009: Change the NSS and NSPR source tree to the new directory structure to be (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/
Patch Set: Created 7 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « mozilla/security/nss/lib/util/secoid.h ('k') | mozilla/security/nss/lib/util/secoidt.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5 #include "secoid.h"
6 #include "pkcs11t.h"
7 #include "secitem.h"
8 #include "secerr.h"
9 #include "prenv.h"
10 #include "plhash.h"
11 #include "nssrwlk.h"
12 #include "nssutil.h"
13
14 /* Library identity and versioning */
15
16 #if defined(DEBUG)
17 #define _DEBUG_STRING " (debug)"
18 #else
19 #define _DEBUG_STRING ""
20 #endif
21
22 /*
23 * Version information for the 'ident' and 'what commands
24 *
25 * NOTE: the first component of the concatenated rcsid string
26 * must not end in a '$' to prevent rcs keyword substitution.
27 */
28 const char __nss_util_rcsid[] = "$Header: NSS " NSSUTIL_VERSION _DEBUG_STRING
29 " " __DATE__ " " __TIME__ " $";
30 const char __nss_util_sccsid[] = "@(#)NSS " NSSUTIL_VERSION _DEBUG_STRING
31 " " __DATE__ " " __TIME__;
32
33 /* MISSI Mosaic Object ID space */
34 /* USGov algorithm OID space: { 2 16 840 1 101 } */
35 #define USGOV 0x60, 0x86, 0x48, 0x01, 0x65
36 #define MISSI USGOV, 0x02, 0x01, 0x01
37 #define MISSI_OLD_KEA_DSS MISSI, 0x0c
38 #define MISSI_OLD_DSS MISSI, 0x02
39 #define MISSI_KEA_DSS MISSI, 0x14
40 #define MISSI_DSS MISSI, 0x13
41 #define MISSI_KEA MISSI, 0x0a
42 #define MISSI_ALT_KEA MISSI, 0x16
43
44 #define NISTALGS USGOV, 3, 4
45 #define AES NISTALGS, 1
46 #define SHAXXX NISTALGS, 2
47 #define DSA2 NISTALGS, 3
48
49 /**
50 ** The Netscape OID space is allocated by Terry Hayes. If you need
51 ** a piece of the space, contact him at thayes@netscape.com.
52 **/
53
54 /* Netscape Communications Corporation Object ID space */
55 /* { 2 16 840 1 113730 } */
56 #define NETSCAPE_OID 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42
57 #define NETSCAPE_CERT_EXT NETSCAPE_OID, 0x01
58 #define NETSCAPE_DATA_TYPE NETSCAPE_OID, 0x02
59 /* netscape directory oid - owned by Mark Smith (mcs@netscape.com) */
60 #define NETSCAPE_DIRECTORY NETSCAPE_OID, 0x03
61 #define NETSCAPE_POLICY NETSCAPE_OID, 0x04
62 #define NETSCAPE_CERT_SERVER NETSCAPE_OID, 0x05
63 #define NETSCAPE_ALGS NETSCAPE_OID, 0x06 /* algorithm OIDs */
64 #define NETSCAPE_NAME_COMPONENTS NETSCAPE_OID, 0x07
65
66 #define NETSCAPE_CERT_EXT_AIA NETSCAPE_CERT_EXT, 0x10
67 #define NETSCAPE_CERT_SERVER_CRMF NETSCAPE_CERT_SERVER, 0x01
68
69 /* these are old and should go away soon */
70 #define OLD_NETSCAPE 0x60, 0x86, 0x48, 0xd8, 0x6a
71 #define NS_CERT_EXT OLD_NETSCAPE, 0x01
72 #define NS_FILE_TYPE OLD_NETSCAPE, 0x02
73 #define NS_IMAGE_TYPE OLD_NETSCAPE, 0x03
74
75 /* RSA OID name space */
76 #define RSADSI 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d
77 #define PKCS RSADSI, 0x01
78 #define DIGEST RSADSI, 0x02
79 #define CIPHER RSADSI, 0x03
80 #define PKCS1 PKCS, 0x01
81 #define PKCS5 PKCS, 0x05
82 #define PKCS7 PKCS, 0x07
83 #define PKCS9 PKCS, 0x09
84 #define PKCS12 PKCS, 0x0c
85
86 /* Other OID name spaces */
87 #define ALGORITHM 0x2b, 0x0e, 0x03, 0x02
88 #define X500 0x55
89 #define X520_ATTRIBUTE_TYPE X500, 0x04
90 #define X500_ALG X500, 0x08
91 #define X500_ALG_ENCRYPTION X500_ALG, 0x01
92
93 /** X.509 v3 Extension OID
94 ** {joint-iso-ccitt (2) ds(5) 29}
95 **/
96 #define ID_CE_OID X500, 0x1d
97
98 #define RFC1274_ATTR_TYPE 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x1
99 /* #define RFC2247_ATTR_TYPE 0x09, 0x92, 0x26, 0xf5, 0x98, 0x1e, 0x64, 0x1 this is WRONG! */
100
101 /* PKCS #12 name spaces */
102 #define PKCS12_MODE_IDS PKCS12, 0x01
103 #define PKCS12_ESPVK_IDS PKCS12, 0x02
104 #define PKCS12_BAG_IDS PKCS12, 0x03
105 #define PKCS12_CERT_BAG_IDS PKCS12, 0x04
106 #define PKCS12_OIDS PKCS12, 0x05
107 #define PKCS12_PBE_IDS PKCS12_OIDS, 0x01
108 #define PKCS12_ENVELOPING_IDS PKCS12_OIDS, 0x02
109 #define PKCS12_SIGNATURE_IDS PKCS12_OIDS, 0x03
110 #define PKCS12_V2_PBE_IDS PKCS12, 0x01
111 #define PKCS9_CERT_TYPES PKCS9, 0x16
112 #define PKCS9_CRL_TYPES PKCS9, 0x17
113 #define PKCS9_SMIME_IDS PKCS9, 0x10
114 #define PKCS9_SMIME_ATTRS PKCS9_SMIME_IDS, 2
115 #define PKCS9_SMIME_ALGS PKCS9_SMIME_IDS, 3
116 #define PKCS12_VERSION1 PKCS12, 0x0a
117 #define PKCS12_V1_BAG_IDS PKCS12_VERSION1, 1
118
119 /* for DSA algorithm */
120 /* { iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) } */
121 #define ANSI_X9_ALGORITHM 0x2a, 0x86, 0x48, 0xce, 0x38, 0x4
122
123 /* for DH algorithm */
124 /* { iso(1) member-body(2) us(840) x9-57(10046) number-type(2) } */
125 /* need real OID person to look at this, copied the above line
126 * and added 6 to second to last value (and changed '4' to '2' */
127 #define ANSI_X942_ALGORITHM 0x2a, 0x86, 0x48, 0xce, 0x3e, 0x2
128
129 #define VERISIGN 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45
130
131 #define PKIX 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07
132 #define PKIX_CERT_EXTENSIONS PKIX, 1
133 #define PKIX_POLICY_QUALIFIERS PKIX, 2
134 #define PKIX_KEY_USAGE PKIX, 3
135 #define PKIX_ACCESS_DESCRIPTION PKIX, 0x30
136 #define PKIX_OCSP PKIX_ACCESS_DESCRIPTION, 1
137 #define PKIX_CA_ISSUERS PKIX_ACCESS_DESCRIPTION, 2
138
139 #define PKIX_ID_PKIP PKIX, 5
140 #define PKIX_ID_REGCTRL PKIX_ID_PKIP, 1
141 #define PKIX_ID_REGINFO PKIX_ID_PKIP, 2
142
143 /* Microsoft Object ID space */
144 /* { 1.3.6.1.4.1.311 } */
145 #define MICROSOFT_OID 0x2b, 0x6, 0x1, 0x4, 0x1, 0x82, 0x37
146 #define EV_NAME_ATTRIBUTE MICROSOFT_OID, 60, 2, 1
147
148 /* Microsoft Crypto 2.0 ID space */
149 /* { 1.3.6.1.4.1.311.10 } */
150 #define MS_CRYPTO_20 MICROSOFT_OID, 10
151 /* Microsoft Crypto 2.0 Extended Key Usage ID space */
152 /* { 1.3.6.1.4.1.311.10.3 } */
153 #define MS_CRYPTO_EKU MS_CRYPTO_20, 3
154
155 #define CERTICOM_OID 0x2b, 0x81, 0x04
156 #define SECG_OID CERTICOM_OID, 0x00
157
158 #define ANSI_X962_OID 0x2a, 0x86, 0x48, 0xce, 0x3d
159 #define ANSI_X962_CURVE_OID ANSI_X962_OID, 0x03
160 #define ANSI_X962_GF2m_OID ANSI_X962_CURVE_OID, 0x00
161 #define ANSI_X962_GFp_OID ANSI_X962_CURVE_OID, 0x01
162 #define ANSI_X962_SIGNATURE_OID ANSI_X962_OID, 0x04
163 #define ANSI_X962_SPECIFY_OID ANSI_X962_SIGNATURE_OID, 0x03
164
165 /* for Camellia: iso(1) member-body(2) jisc(392)
166 * mitsubishi(200011) isl(61) security(1) algorithm(1)
167 */
168 #define MITSUBISHI_ALG 0x2a,0x83,0x08,0x8c,0x9a,0x4b,0x3d,0x01,0x01
169 #define CAMELLIA_ENCRYPT_OID MITSUBISHI_ALG,1
170 #define CAMELLIA_WRAP_OID MITSUBISHI_ALG,3
171
172 /* for SEED : iso(1) member-body(2) korea(410)
173 * kisa(200004) algorithm(1)
174 */
175 #define SEED_OID 0x2a,0x83,0x1a,0x8c,0x9a,0x44,0x01
176
177 #define CONST_OID static const unsigned char
178
179 CONST_OID md2[] = { DIGEST, 0x02 };
180 CONST_OID md4[] = { DIGEST, 0x04 };
181 CONST_OID md5[] = { DIGEST, 0x05 };
182 CONST_OID hmac_sha1[] = { DIGEST, 7 };
183 CONST_OID hmac_sha224[] = { DIGEST, 8 };
184 CONST_OID hmac_sha256[] = { DIGEST, 9 };
185 CONST_OID hmac_sha384[] = { DIGEST, 10 };
186 CONST_OID hmac_sha512[] = { DIGEST, 11 };
187
188 CONST_OID rc2cbc[] = { CIPHER, 0x02 };
189 CONST_OID rc4[] = { CIPHER, 0x04 };
190 CONST_OID desede3cbc[] = { CIPHER, 0x07 };
191 CONST_OID rc5cbcpad[] = { CIPHER, 0x09 };
192
193 CONST_OID desecb[] = { ALGORITHM, 0x06 };
194 CONST_OID descbc[] = { ALGORITHM, 0x07 };
195 CONST_OID desofb[] = { ALGORITHM, 0x08 };
196 CONST_OID descfb[] = { ALGORITHM, 0x09 };
197 CONST_OID desmac[] = { ALGORITHM, 0x0a };
198 CONST_OID sdn702DSASignature[] = { ALGORITHM, 0x0c };
199 CONST_OID isoSHAWithRSASignature[] = { ALGORITHM, 0x0f };
200 CONST_OID desede[] = { ALGORITHM, 0x11 };
201 CONST_OID sha1[] = { ALGORITHM, 0x1a };
202 CONST_OID bogusDSASignaturewithSHA1Digest[] = { ALGORITHM, 0x1b };
203 CONST_OID isoSHA1WithRSASignature[] = { ALGORITHM, 0x1d };
204
205 CONST_OID pkcs1RSAEncryption[] = { PKCS1, 0x01 };
206 CONST_OID pkcs1MD2WithRSAEncryption[] = { PKCS1, 0x02 };
207 CONST_OID pkcs1MD4WithRSAEncryption[] = { PKCS1, 0x03 };
208 CONST_OID pkcs1MD5WithRSAEncryption[] = { PKCS1, 0x04 };
209 CONST_OID pkcs1SHA1WithRSAEncryption[] = { PKCS1, 0x05 };
210 CONST_OID pkcs1RSAOAEPEncryption[] = { PKCS1, 0x07 };
211 CONST_OID pkcs1MGF1[] = { PKCS1, 0x08 };
212 CONST_OID pkcs1PSpecified[] = { PKCS1, 0x09 };
213 CONST_OID pkcs1RSAPSSSignature[] = { PKCS1, 10 };
214 CONST_OID pkcs1SHA256WithRSAEncryption[] = { PKCS1, 11 };
215 CONST_OID pkcs1SHA384WithRSAEncryption[] = { PKCS1, 12 };
216 CONST_OID pkcs1SHA512WithRSAEncryption[] = { PKCS1, 13 };
217 CONST_OID pkcs1SHA224WithRSAEncryption[] = { PKCS1, 14 };
218
219 CONST_OID pkcs5PbeWithMD2AndDEScbc[] = { PKCS5, 0x01 };
220 CONST_OID pkcs5PbeWithMD5AndDEScbc[] = { PKCS5, 0x03 };
221 CONST_OID pkcs5PbeWithSha1AndDEScbc[] = { PKCS5, 0x0a };
222 CONST_OID pkcs5Pbkdf2[] = { PKCS5, 12 };
223 CONST_OID pkcs5Pbes2[] = { PKCS5, 13 };
224 CONST_OID pkcs5Pbmac1[] = { PKCS5, 14 };
225
226 CONST_OID pkcs7[] = { PKCS7 };
227 CONST_OID pkcs7Data[] = { PKCS7, 0x01 };
228 CONST_OID pkcs7SignedData[] = { PKCS7, 0x02 };
229 CONST_OID pkcs7EnvelopedData[] = { PKCS7, 0x03 };
230 CONST_OID pkcs7SignedEnvelopedData[] = { PKCS7, 0x04 };
231 CONST_OID pkcs7DigestedData[] = { PKCS7, 0x05 };
232 CONST_OID pkcs7EncryptedData[] = { PKCS7, 0x06 };
233
234 CONST_OID pkcs9EmailAddress[] = { PKCS9, 0x01 };
235 CONST_OID pkcs9UnstructuredName[] = { PKCS9, 0x02 };
236 CONST_OID pkcs9ContentType[] = { PKCS9, 0x03 };
237 CONST_OID pkcs9MessageDigest[] = { PKCS9, 0x04 };
238 CONST_OID pkcs9SigningTime[] = { PKCS9, 0x05 };
239 CONST_OID pkcs9CounterSignature[] = { PKCS9, 0x06 };
240 CONST_OID pkcs9ChallengePassword[] = { PKCS9, 0x07 };
241 CONST_OID pkcs9UnstructuredAddress[] = { PKCS9, 0x08 };
242 CONST_OID pkcs9ExtendedCertificateAttributes[] = { PKCS9, 0x09 };
243 CONST_OID pkcs9ExtensionRequest[] = { PKCS9, 14 };
244 CONST_OID pkcs9SMIMECapabilities[] = { PKCS9, 15 };
245 CONST_OID pkcs9FriendlyName[] = { PKCS9, 20 };
246 CONST_OID pkcs9LocalKeyID[] = { PKCS9, 21 };
247
248 CONST_OID pkcs9X509Certificate[] = { PKCS9_CERT_TYPES, 1 };
249 CONST_OID pkcs9SDSICertificate[] = { PKCS9_CERT_TYPES, 2 };
250 CONST_OID pkcs9X509CRL[] = { PKCS9_CRL_TYPES, 1 };
251
252 /* RFC2630 (CMS) OIDs */
253 CONST_OID cmsESDH[] = { PKCS9_SMIME_ALGS, 5 };
254 CONST_OID cms3DESwrap[] = { PKCS9_SMIME_ALGS, 6 };
255 CONST_OID cmsRC2wrap[] = { PKCS9_SMIME_ALGS, 7 };
256
257 /* RFC2633 SMIME message attributes */
258 CONST_OID smimeEncryptionKeyPreference[] = { PKCS9_SMIME_ATTRS, 11 };
259 CONST_OID ms_smimeEncryptionKeyPreference[] = { MICROSOFT_OID, 0x10, 0x4 };
260
261 CONST_OID x520CommonName[] = { X520_ATTRIBUTE_TYPE, 3 };
262 CONST_OID x520SurName[] = { X520_ATTRIBUTE_TYPE, 4 };
263 CONST_OID x520SerialNumber[] = { X520_ATTRIBUTE_TYPE, 5 };
264 CONST_OID x520CountryName[] = { X520_ATTRIBUTE_TYPE, 6 };
265 CONST_OID x520LocalityName[] = { X520_ATTRIBUTE_TYPE, 7 };
266 CONST_OID x520StateOrProvinceName[] = { X520_ATTRIBUTE_TYPE, 8 };
267 CONST_OID x520StreetAddress[] = { X520_ATTRIBUTE_TYPE, 9 };
268 CONST_OID x520OrgName[] = { X520_ATTRIBUTE_TYPE, 10 };
269 CONST_OID x520OrgUnitName[] = { X520_ATTRIBUTE_TYPE, 11 };
270 CONST_OID x520Title[] = { X520_ATTRIBUTE_TYPE, 12 };
271 CONST_OID x520BusinessCategory[] = { X520_ATTRIBUTE_TYPE, 15 };
272 CONST_OID x520PostalAddress[] = { X520_ATTRIBUTE_TYPE, 16 };
273 CONST_OID x520PostalCode[] = { X520_ATTRIBUTE_TYPE, 17 };
274 CONST_OID x520PostOfficeBox[] = { X520_ATTRIBUTE_TYPE, 18 };
275 CONST_OID x520GivenName[] = { X520_ATTRIBUTE_TYPE, 42 };
276 CONST_OID x520Initials[] = { X520_ATTRIBUTE_TYPE, 43 };
277 CONST_OID x520GenerationQualifier[] = { X520_ATTRIBUTE_TYPE, 44 };
278 CONST_OID x520DnQualifier[] = { X520_ATTRIBUTE_TYPE, 46 };
279 CONST_OID x520HouseIdentifier[] = { X520_ATTRIBUTE_TYPE, 51 };
280 CONST_OID x520Pseudonym[] = { X520_ATTRIBUTE_TYPE, 65 };
281
282 CONST_OID nsTypeGIF[] = { NETSCAPE_DATA_TYPE, 0x01 };
283 CONST_OID nsTypeJPEG[] = { NETSCAPE_DATA_TYPE, 0x02 };
284 CONST_OID nsTypeURL[] = { NETSCAPE_DATA_TYPE, 0x03 };
285 CONST_OID nsTypeHTML[] = { NETSCAPE_DATA_TYPE, 0x04 };
286 CONST_OID nsTypeCertSeq[] = { NETSCAPE_DATA_TYPE, 0x05 };
287
288 CONST_OID missiCertKEADSSOld[] = { MISSI_OLD_KEA_DSS };
289 CONST_OID missiCertDSSOld[] = { MISSI_OLD_DSS };
290 CONST_OID missiCertKEADSS[] = { MISSI_KEA_DSS };
291 CONST_OID missiCertDSS[] = { MISSI_DSS };
292 CONST_OID missiCertKEA[] = { MISSI_KEA };
293 CONST_OID missiCertAltKEA[] = { MISSI_ALT_KEA };
294 CONST_OID x500RSAEncryption[] = { X500_ALG_ENCRYPTION, 0x01 };
295
296 /* added for alg 1485 */
297 CONST_OID rfc1274Uid[] = { RFC1274_ATTR_TYPE, 1 };
298 CONST_OID rfc1274Mail[] = { RFC1274_ATTR_TYPE, 3 };
299 CONST_OID rfc2247DomainComponent[] = { RFC1274_ATTR_TYPE, 25 };
300
301 /* Netscape private certificate extensions */
302 CONST_OID nsCertExtNetscapeOK[] = { NS_CERT_EXT, 1 };
303 CONST_OID nsCertExtIssuerLogo[] = { NS_CERT_EXT, 2 };
304 CONST_OID nsCertExtSubjectLogo[] = { NS_CERT_EXT, 3 };
305 CONST_OID nsExtCertType[] = { NETSCAPE_CERT_EXT, 0x01 };
306 CONST_OID nsExtBaseURL[] = { NETSCAPE_CERT_EXT, 0x02 };
307 CONST_OID nsExtRevocationURL[] = { NETSCAPE_CERT_EXT, 0x03 };
308 CONST_OID nsExtCARevocationURL[] = { NETSCAPE_CERT_EXT, 0x04 };
309 CONST_OID nsExtCACRLURL[] = { NETSCAPE_CERT_EXT, 0x05 };
310 CONST_OID nsExtCACertURL[] = { NETSCAPE_CERT_EXT, 0x06 };
311 CONST_OID nsExtCertRenewalURL[] = { NETSCAPE_CERT_EXT, 0x07 };
312 CONST_OID nsExtCAPolicyURL[] = { NETSCAPE_CERT_EXT, 0x08 };
313 CONST_OID nsExtHomepageURL[] = { NETSCAPE_CERT_EXT, 0x09 };
314 CONST_OID nsExtEntityLogo[] = { NETSCAPE_CERT_EXT, 0x0a };
315 CONST_OID nsExtUserPicture[] = { NETSCAPE_CERT_EXT, 0x0b };
316 CONST_OID nsExtSSLServerName[] = { NETSCAPE_CERT_EXT, 0x0c };
317 CONST_OID nsExtComment[] = { NETSCAPE_CERT_EXT, 0x0d };
318
319 /* the following 2 extensions are defined for and used by Cartman(NSM) */
320 CONST_OID nsExtLostPasswordURL[] = { NETSCAPE_CERT_EXT, 0x0e };
321 CONST_OID nsExtCertRenewalTime[] = { NETSCAPE_CERT_EXT, 0x0f };
322
323 CONST_OID nsExtAIACertRenewal[] = { NETSCAPE_CERT_EXT_AIA, 0x01 };
324 CONST_OID nsExtCertScopeOfUse[] = { NETSCAPE_CERT_EXT, 0x11 };
325 /* Reserved Netscape (2 16 840 1 113730 1 18) = { NETSCAPE_CERT_EXT, 0x12 }; */
326
327 /* Netscape policy values */
328 CONST_OID nsKeyUsageGovtApproved[] = { NETSCAPE_POLICY, 0x01 };
329
330 /* Netscape other name types */
331 CONST_OID netscapeNickname[] = { NETSCAPE_NAME_COMPONENTS, 0x01 };
332 CONST_OID netscapeAOLScreenname[] = { NETSCAPE_NAME_COMPONENTS, 0x02 };
333
334 /* OIDs needed for cert server */
335 CONST_OID netscapeRecoveryRequest[] = { NETSCAPE_CERT_SERVER_CRMF, 0x01 };
336
337
338 /* Standard x.509 v3 Certificate & CRL Extensions */
339 CONST_OID x509SubjectDirectoryAttr[] = { ID_CE_OID, 9 };
340 CONST_OID x509SubjectKeyID[] = { ID_CE_OID, 14 };
341 CONST_OID x509KeyUsage[] = { ID_CE_OID, 15 };
342 CONST_OID x509PrivateKeyUsagePeriod[] = { ID_CE_OID, 16 };
343 CONST_OID x509SubjectAltName[] = { ID_CE_OID, 17 };
344 CONST_OID x509IssuerAltName[] = { ID_CE_OID, 18 };
345 CONST_OID x509BasicConstraints[] = { ID_CE_OID, 19 };
346 CONST_OID x509CRLNumber[] = { ID_CE_OID, 20 };
347 CONST_OID x509ReasonCode[] = { ID_CE_OID, 21 };
348 CONST_OID x509HoldInstructionCode[] = { ID_CE_OID, 23 };
349 CONST_OID x509InvalidDate[] = { ID_CE_OID, 24 };
350 CONST_OID x509DeltaCRLIndicator[] = { ID_CE_OID, 27 };
351 CONST_OID x509IssuingDistributionPoint[] = { ID_CE_OID, 28 };
352 CONST_OID x509CertIssuer[] = { ID_CE_OID, 29 };
353 CONST_OID x509NameConstraints[] = { ID_CE_OID, 30 };
354 CONST_OID x509CRLDistPoints[] = { ID_CE_OID, 31 };
355 CONST_OID x509CertificatePolicies[] = { ID_CE_OID, 32 };
356 CONST_OID x509PolicyMappings[] = { ID_CE_OID, 33 };
357 CONST_OID x509AuthKeyID[] = { ID_CE_OID, 35 };
358 CONST_OID x509PolicyConstraints[] = { ID_CE_OID, 36 };
359 CONST_OID x509ExtKeyUsage[] = { ID_CE_OID, 37 };
360 CONST_OID x509FreshestCRL[] = { ID_CE_OID, 46 };
361 CONST_OID x509InhibitAnyPolicy[] = { ID_CE_OID, 54 };
362
363 CONST_OID x509CertificatePoliciesAnyPolicy[] = { ID_CE_OID, 32, 0 };
364
365 CONST_OID x509AuthInfoAccess[] = { PKIX_CERT_EXTENSIONS, 1 };
366 CONST_OID x509SubjectInfoAccess[] = { PKIX_CERT_EXTENSIONS, 11 };
367
368 CONST_OID x509SIATimeStamping[] = {PKIX_ACCESS_DESCRIPTION, 0x03 };
369 CONST_OID x509SIACaRepository[] = {PKIX_ACCESS_DESCRIPTION, 0x05 };
370
371 /* pkcs 12 additions */
372 CONST_OID pkcs12[] = { PKCS12 };
373 CONST_OID pkcs12ModeIDs[] = { PKCS12_MODE_IDS };
374 CONST_OID pkcs12ESPVKIDs[] = { PKCS12_ESPVK_IDS };
375 CONST_OID pkcs12BagIDs[] = { PKCS12_BAG_IDS };
376 CONST_OID pkcs12CertBagIDs[] = { PKCS12_CERT_BAG_IDS };
377 CONST_OID pkcs12OIDs[] = { PKCS12_OIDS };
378 CONST_OID pkcs12PBEIDs[] = { PKCS12_PBE_IDS };
379 CONST_OID pkcs12EnvelopingIDs[] = { PKCS12_ENVELOPING_IDS };
380 CONST_OID pkcs12SignatureIDs[] = { PKCS12_SIGNATURE_IDS };
381 CONST_OID pkcs12PKCS8KeyShrouding[] = { PKCS12_ESPVK_IDS, 0x01 };
382 CONST_OID pkcs12KeyBagID[] = { PKCS12_BAG_IDS, 0x01 };
383 CONST_OID pkcs12CertAndCRLBagID[] = { PKCS12_BAG_IDS, 0x02 };
384 CONST_OID pkcs12SecretBagID[] = { PKCS12_BAG_IDS, 0x03 };
385 CONST_OID pkcs12X509CertCRLBag[] = { PKCS12_CERT_BAG_IDS, 0x01 };
386 CONST_OID pkcs12SDSICertBag[] = { PKCS12_CERT_BAG_IDS, 0x02 };
387 CONST_OID pkcs12PBEWithSha1And128BitRC4[] = { PKCS12_PBE_IDS, 0x01 };
388 CONST_OID pkcs12PBEWithSha1And40BitRC4[] = { PKCS12_PBE_IDS, 0x02 };
389 CONST_OID pkcs12PBEWithSha1AndTripleDESCBC[] = { PKCS12_PBE_IDS, 0x03 };
390 CONST_OID pkcs12PBEWithSha1And128BitRC2CBC[] = { PKCS12_PBE_IDS, 0x04 };
391 CONST_OID pkcs12PBEWithSha1And40BitRC2CBC[] = { PKCS12_PBE_IDS, 0x05 };
392 CONST_OID pkcs12RSAEncryptionWith128BitRC4[] = { PKCS12_ENVELOPING_IDS, 0x01 };
393 CONST_OID pkcs12RSAEncryptionWith40BitRC4[] = { PKCS12_ENVELOPING_IDS, 0x02 };
394 CONST_OID pkcs12RSAEncryptionWithTripleDES[] = { PKCS12_ENVELOPING_IDS, 0x03 };
395 CONST_OID pkcs12RSASignatureWithSHA1Digest[] = { PKCS12_SIGNATURE_IDS, 0x01 };
396
397 /* pkcs 12 version 1.0 ids */
398 CONST_OID pkcs12V2PBEWithSha1And128BitRC4[] = { PKCS12_V2_PBE_IDS, 0x01 };
399 CONST_OID pkcs12V2PBEWithSha1And40BitRC4[] = { PKCS12_V2_PBE_IDS, 0x02 };
400 CONST_OID pkcs12V2PBEWithSha1And3KeyTripleDEScbc[]= { PKCS12_V2_PBE_IDS, 0x03 };
401 CONST_OID pkcs12V2PBEWithSha1And2KeyTripleDEScbc[]= { PKCS12_V2_PBE_IDS, 0x04 };
402 CONST_OID pkcs12V2PBEWithSha1And128BitRC2cbc[] = { PKCS12_V2_PBE_IDS, 0x05 };
403 CONST_OID pkcs12V2PBEWithSha1And40BitRC2cbc[] = { PKCS12_V2_PBE_IDS, 0x06 };
404
405 CONST_OID pkcs12SafeContentsID[] = { PKCS12_BAG_IDS, 0x04 };
406 CONST_OID pkcs12PKCS8ShroudedKeyBagID[] = { PKCS12_BAG_IDS, 0x05 };
407
408 CONST_OID pkcs12V1KeyBag[] = { PKCS12_V1_BAG_IDS, 0x01 };
409 CONST_OID pkcs12V1PKCS8ShroudedKeyBag[] = { PKCS12_V1_BAG_IDS, 0x02 };
410 CONST_OID pkcs12V1CertBag[] = { PKCS12_V1_BAG_IDS, 0x03 };
411 CONST_OID pkcs12V1CRLBag[] = { PKCS12_V1_BAG_IDS, 0x04 };
412 CONST_OID pkcs12V1SecretBag[] = { PKCS12_V1_BAG_IDS, 0x05 };
413 CONST_OID pkcs12V1SafeContentsBag[] = { PKCS12_V1_BAG_IDS, 0x06 };
414
415 /* The following encoding is INCORRECT, but correcting it would create a
416 * duplicate OID in the table. So, we will leave it alone.
417 */
418 CONST_OID pkcs12KeyUsageAttr[] = { 2, 5, 29, 15 };
419
420 CONST_OID ansix9DSASignature[] = { ANSI_X9_ALGORITHM, 0x01 };
421 CONST_OID ansix9DSASignaturewithSHA1Digest[] = { ANSI_X9_ALGORITHM, 0x03 };
422 CONST_OID nistDSASignaturewithSHA224Digest[] = { DSA2, 0x01 };
423 CONST_OID nistDSASignaturewithSHA256Digest[] = { DSA2, 0x02 };
424
425 /* verisign OIDs */
426 CONST_OID verisignUserNotices[] = { VERISIGN, 1, 7, 1, 1 };
427
428 /* pkix OIDs */
429 CONST_OID pkixCPSPointerQualifier[] = { PKIX_POLICY_QUALIFIERS, 1 };
430 CONST_OID pkixUserNoticeQualifier[] = { PKIX_POLICY_QUALIFIERS, 2 };
431
432 CONST_OID pkixOCSP[] = { PKIX_OCSP };
433 CONST_OID pkixOCSPBasicResponse[] = { PKIX_OCSP, 1 };
434 CONST_OID pkixOCSPNonce[] = { PKIX_OCSP, 2 };
435 CONST_OID pkixOCSPCRL[] = { PKIX_OCSP, 3 };
436 CONST_OID pkixOCSPResponse[] = { PKIX_OCSP, 4 };
437 CONST_OID pkixOCSPNoCheck[] = { PKIX_OCSP, 5 };
438 CONST_OID pkixOCSPArchiveCutoff[] = { PKIX_OCSP, 6 };
439 CONST_OID pkixOCSPServiceLocator[] = { PKIX_OCSP, 7 };
440
441 CONST_OID pkixCAIssuers[] = { PKIX_CA_ISSUERS };
442
443 CONST_OID pkixRegCtrlRegToken[] = { PKIX_ID_REGCTRL, 1};
444 CONST_OID pkixRegCtrlAuthenticator[] = { PKIX_ID_REGCTRL, 2};
445 CONST_OID pkixRegCtrlPKIPubInfo[] = { PKIX_ID_REGCTRL, 3};
446 CONST_OID pkixRegCtrlPKIArchOptions[] = { PKIX_ID_REGCTRL, 4};
447 CONST_OID pkixRegCtrlOldCertID[] = { PKIX_ID_REGCTRL, 5};
448 CONST_OID pkixRegCtrlProtEncKey[] = { PKIX_ID_REGCTRL, 6};
449 CONST_OID pkixRegInfoUTF8Pairs[] = { PKIX_ID_REGINFO, 1};
450 CONST_OID pkixRegInfoCertReq[] = { PKIX_ID_REGINFO, 2};
451
452 CONST_OID pkixExtendedKeyUsageServerAuth[] = { PKIX_KEY_USAGE, 1 };
453 CONST_OID pkixExtendedKeyUsageClientAuth[] = { PKIX_KEY_USAGE, 2 };
454 CONST_OID pkixExtendedKeyUsageCodeSign[] = { PKIX_KEY_USAGE, 3 };
455 CONST_OID pkixExtendedKeyUsageEMailProtect[] = { PKIX_KEY_USAGE, 4 };
456 CONST_OID pkixExtendedKeyUsageTimeStamp[] = { PKIX_KEY_USAGE, 8 };
457 CONST_OID pkixOCSPResponderExtendedKeyUsage[] = { PKIX_KEY_USAGE, 9 };
458 CONST_OID msExtendedKeyUsageTrustListSigning[] = { MS_CRYPTO_EKU, 1 };
459
460 /* OIDs for Netscape defined algorithms */
461 CONST_OID netscapeSMimeKEA[] = { NETSCAPE_ALGS, 0x01 };
462
463 /* Fortezza algorithm OIDs */
464 CONST_OID skipjackCBC[] = { MISSI, 0x04 };
465 CONST_OID dhPublicKey[] = { ANSI_X942_ALGORITHM, 0x1 };
466
467 CONST_OID aes128_ECB[] = { AES, 1 };
468 CONST_OID aes128_CBC[] = { AES, 2 };
469 #ifdef DEFINE_ALL_AES_CIPHERS
470 CONST_OID aes128_OFB[] = { AES, 3 };
471 CONST_OID aes128_CFB[] = { AES, 4 };
472 #endif
473 CONST_OID aes128_KEY_WRAP[] = { AES, 5 };
474
475 CONST_OID aes192_ECB[] = { AES, 21 };
476 CONST_OID aes192_CBC[] = { AES, 22 };
477 #ifdef DEFINE_ALL_AES_CIPHERS
478 CONST_OID aes192_OFB[] = { AES, 23 };
479 CONST_OID aes192_CFB[] = { AES, 24 };
480 #endif
481 CONST_OID aes192_KEY_WRAP[] = { AES, 25 };
482
483 CONST_OID aes256_ECB[] = { AES, 41 };
484 CONST_OID aes256_CBC[] = { AES, 42 };
485 #ifdef DEFINE_ALL_AES_CIPHERS
486 CONST_OID aes256_OFB[] = { AES, 43 };
487 CONST_OID aes256_CFB[] = { AES, 44 };
488 #endif
489 CONST_OID aes256_KEY_WRAP[] = { AES, 45 };
490
491 CONST_OID camellia128_CBC[] = { CAMELLIA_ENCRYPT_OID, 2};
492 CONST_OID camellia192_CBC[] = { CAMELLIA_ENCRYPT_OID, 3};
493 CONST_OID camellia256_CBC[] = { CAMELLIA_ENCRYPT_OID, 4};
494 CONST_OID camellia128_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 2};
495 CONST_OID camellia192_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 3};
496 CONST_OID camellia256_KEY_WRAP[] = { CAMELLIA_WRAP_OID, 4};
497
498 CONST_OID sha256[] = { SHAXXX, 1 };
499 CONST_OID sha384[] = { SHAXXX, 2 };
500 CONST_OID sha512[] = { SHAXXX, 3 };
501 CONST_OID sha224[] = { SHAXXX, 4 };
502
503 CONST_OID ansix962ECPublicKey[] = { ANSI_X962_OID, 0x02, 0x01 };
504 CONST_OID ansix962SignaturewithSHA1Digest[] = { ANSI_X962_SIGNATURE_OID, 0x01 };
505 CONST_OID ansix962SignatureRecommended[] = { ANSI_X962_SIGNATURE_OID, 0x02 };
506 CONST_OID ansix962SignatureSpecified[] = { ANSI_X962_SPECIFY_OID };
507 CONST_OID ansix962SignaturewithSHA224Digest[] = { ANSI_X962_SPECIFY_OID, 0x01 };
508 CONST_OID ansix962SignaturewithSHA256Digest[] = { ANSI_X962_SPECIFY_OID, 0x02 };
509 CONST_OID ansix962SignaturewithSHA384Digest[] = { ANSI_X962_SPECIFY_OID, 0x03 };
510 CONST_OID ansix962SignaturewithSHA512Digest[] = { ANSI_X962_SPECIFY_OID, 0x04 };
511
512 /* ANSI X9.62 prime curve OIDs */
513 /* NOTE: prime192v1 is the same as secp192r1, prime256v1 is the
514 * same as secp256r1
515 */
516 CONST_OID ansiX962prime192v1[] = { ANSI_X962_GFp_OID, 0x01 };
517 CONST_OID ansiX962prime192v2[] = { ANSI_X962_GFp_OID, 0x02 };
518 CONST_OID ansiX962prime192v3[] = { ANSI_X962_GFp_OID, 0x03 };
519 CONST_OID ansiX962prime239v1[] = { ANSI_X962_GFp_OID, 0x04 };
520 CONST_OID ansiX962prime239v2[] = { ANSI_X962_GFp_OID, 0x05 };
521 CONST_OID ansiX962prime239v3[] = { ANSI_X962_GFp_OID, 0x06 };
522 CONST_OID ansiX962prime256v1[] = { ANSI_X962_GFp_OID, 0x07 };
523
524 /* SECG prime curve OIDs */
525 CONST_OID secgECsecp112r1[] = { SECG_OID, 0x06 };
526 CONST_OID secgECsecp112r2[] = { SECG_OID, 0x07 };
527 CONST_OID secgECsecp128r1[] = { SECG_OID, 0x1c };
528 CONST_OID secgECsecp128r2[] = { SECG_OID, 0x1d };
529 CONST_OID secgECsecp160k1[] = { SECG_OID, 0x09 };
530 CONST_OID secgECsecp160r1[] = { SECG_OID, 0x08 };
531 CONST_OID secgECsecp160r2[] = { SECG_OID, 0x1e };
532 CONST_OID secgECsecp192k1[] = { SECG_OID, 0x1f };
533 CONST_OID secgECsecp224k1[] = { SECG_OID, 0x20 };
534 CONST_OID secgECsecp224r1[] = { SECG_OID, 0x21 };
535 CONST_OID secgECsecp256k1[] = { SECG_OID, 0x0a };
536 CONST_OID secgECsecp384r1[] = { SECG_OID, 0x22 };
537 CONST_OID secgECsecp521r1[] = { SECG_OID, 0x23 };
538
539 /* ANSI X9.62 characteristic two curve OIDs */
540 CONST_OID ansiX962c2pnb163v1[] = { ANSI_X962_GF2m_OID, 0x01 };
541 CONST_OID ansiX962c2pnb163v2[] = { ANSI_X962_GF2m_OID, 0x02 };
542 CONST_OID ansiX962c2pnb163v3[] = { ANSI_X962_GF2m_OID, 0x03 };
543 CONST_OID ansiX962c2pnb176v1[] = { ANSI_X962_GF2m_OID, 0x04 };
544 CONST_OID ansiX962c2tnb191v1[] = { ANSI_X962_GF2m_OID, 0x05 };
545 CONST_OID ansiX962c2tnb191v2[] = { ANSI_X962_GF2m_OID, 0x06 };
546 CONST_OID ansiX962c2tnb191v3[] = { ANSI_X962_GF2m_OID, 0x07 };
547 CONST_OID ansiX962c2onb191v4[] = { ANSI_X962_GF2m_OID, 0x08 };
548 CONST_OID ansiX962c2onb191v5[] = { ANSI_X962_GF2m_OID, 0x09 };
549 CONST_OID ansiX962c2pnb208w1[] = { ANSI_X962_GF2m_OID, 0x0a };
550 CONST_OID ansiX962c2tnb239v1[] = { ANSI_X962_GF2m_OID, 0x0b };
551 CONST_OID ansiX962c2tnb239v2[] = { ANSI_X962_GF2m_OID, 0x0c };
552 CONST_OID ansiX962c2tnb239v3[] = { ANSI_X962_GF2m_OID, 0x0d };
553 CONST_OID ansiX962c2onb239v4[] = { ANSI_X962_GF2m_OID, 0x0e };
554 CONST_OID ansiX962c2onb239v5[] = { ANSI_X962_GF2m_OID, 0x0f };
555 CONST_OID ansiX962c2pnb272w1[] = { ANSI_X962_GF2m_OID, 0x10 };
556 CONST_OID ansiX962c2pnb304w1[] = { ANSI_X962_GF2m_OID, 0x11 };
557 CONST_OID ansiX962c2tnb359v1[] = { ANSI_X962_GF2m_OID, 0x12 };
558 CONST_OID ansiX962c2pnb368w1[] = { ANSI_X962_GF2m_OID, 0x13 };
559 CONST_OID ansiX962c2tnb431r1[] = { ANSI_X962_GF2m_OID, 0x14 };
560
561 /* SECG characterisitic two curve OIDs */
562 CONST_OID secgECsect113r1[] = {SECG_OID, 0x04 };
563 CONST_OID secgECsect113r2[] = {SECG_OID, 0x05 };
564 CONST_OID secgECsect131r1[] = {SECG_OID, 0x16 };
565 CONST_OID secgECsect131r2[] = {SECG_OID, 0x17 };
566 CONST_OID secgECsect163k1[] = {SECG_OID, 0x01 };
567 CONST_OID secgECsect163r1[] = {SECG_OID, 0x02 };
568 CONST_OID secgECsect163r2[] = {SECG_OID, 0x0f };
569 CONST_OID secgECsect193r1[] = {SECG_OID, 0x18 };
570 CONST_OID secgECsect193r2[] = {SECG_OID, 0x19 };
571 CONST_OID secgECsect233k1[] = {SECG_OID, 0x1a };
572 CONST_OID secgECsect233r1[] = {SECG_OID, 0x1b };
573 CONST_OID secgECsect239k1[] = {SECG_OID, 0x03 };
574 CONST_OID secgECsect283k1[] = {SECG_OID, 0x10 };
575 CONST_OID secgECsect283r1[] = {SECG_OID, 0x11 };
576 CONST_OID secgECsect409k1[] = {SECG_OID, 0x24 };
577 CONST_OID secgECsect409r1[] = {SECG_OID, 0x25 };
578 CONST_OID secgECsect571k1[] = {SECG_OID, 0x26 };
579 CONST_OID secgECsect571r1[] = {SECG_OID, 0x27 };
580
581 CONST_OID seed_CBC[] = { SEED_OID, 4 };
582
583 CONST_OID evIncorporationLocality[] = { EV_NAME_ATTRIBUTE, 1 };
584 CONST_OID evIncorporationState[] = { EV_NAME_ATTRIBUTE, 2 };
585 CONST_OID evIncorporationCountry[] = { EV_NAME_ATTRIBUTE, 3 };
586
587 #define OI(x) { siDEROID, (unsigned char *)x, sizeof x }
588 #ifndef SECOID_NO_STRINGS
589 #define OD(oid,tag,desc,mech,ext) { OI(oid), tag, desc, mech, ext }
590 #else
591 #define OD(oid,tag,desc,mech,ext) { OI(oid), tag, 0, mech, ext }
592 #endif
593
594 #if defined(NSS_ALLOW_UNSUPPORTED_CRITICAL)
595 #define FAKE_SUPPORTED_CERT_EXTENSION SUPPORTED_CERT_EXTENSION
596 #else
597 #define FAKE_SUPPORTED_CERT_EXTENSION UNSUPPORTED_CERT_EXTENSION
598 #endif
599
600 /*
601 * NOTE: the order of these entries must mach the SECOidTag enum in secoidt.h!
602 */
603 const static SECOidData oids[SEC_OID_TOTAL] = {
604 { { siDEROID, NULL, 0 }, SEC_OID_UNKNOWN,
605 "Unknown OID", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
606 OD( md2, SEC_OID_MD2, "MD2", CKM_MD2, INVALID_CERT_EXTENSION ),
607 OD( md4, SEC_OID_MD4,
608 "MD4", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
609 OD( md5, SEC_OID_MD5, "MD5", CKM_MD5, INVALID_CERT_EXTENSION ),
610 OD( sha1, SEC_OID_SHA1, "SHA-1", CKM_SHA_1, INVALID_CERT_EXTENSION ),
611 OD( rc2cbc, SEC_OID_RC2_CBC,
612 "RC2-CBC", CKM_RC2_CBC, INVALID_CERT_EXTENSION ),
613 OD( rc4, SEC_OID_RC4, "RC4", CKM_RC4, INVALID_CERT_EXTENSION ),
614 OD( desede3cbc, SEC_OID_DES_EDE3_CBC,
615 "DES-EDE3-CBC", CKM_DES3_CBC, INVALID_CERT_EXTENSION ),
616 OD( rc5cbcpad, SEC_OID_RC5_CBC_PAD,
617 "RC5-CBCPad", CKM_RC5_CBC, INVALID_CERT_EXTENSION ),
618 OD( desecb, SEC_OID_DES_ECB,
619 "DES-ECB", CKM_DES_ECB, INVALID_CERT_EXTENSION ),
620 OD( descbc, SEC_OID_DES_CBC,
621 "DES-CBC", CKM_DES_CBC, INVALID_CERT_EXTENSION ),
622 OD( desofb, SEC_OID_DES_OFB,
623 "DES-OFB", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
624 OD( descfb, SEC_OID_DES_CFB,
625 "DES-CFB", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
626 OD( desmac, SEC_OID_DES_MAC,
627 "DES-MAC", CKM_DES_MAC, INVALID_CERT_EXTENSION ),
628 OD( desede, SEC_OID_DES_EDE,
629 "DES-EDE", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
630 OD( isoSHAWithRSASignature, SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE,
631 "ISO SHA with RSA Signature",
632 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
633 OD( pkcs1RSAEncryption, SEC_OID_PKCS1_RSA_ENCRYPTION,
634 "PKCS #1 RSA Encryption", CKM_RSA_PKCS, INVALID_CERT_EXTENSION ),
635
636 /* the following Signing mechanisms should get new CKM_ values when
637 * values for CKM_RSA_WITH_MDX and CKM_RSA_WITH_SHA_1 get defined in
638 * PKCS #11.
639 */
640 OD( pkcs1MD2WithRSAEncryption, SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION,
641 "PKCS #1 MD2 With RSA Encryption", CKM_MD2_RSA_PKCS,
642 INVALID_CERT_EXTENSION ),
643 OD( pkcs1MD4WithRSAEncryption, SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION,
644 "PKCS #1 MD4 With RSA Encryption",
645 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
646 OD( pkcs1MD5WithRSAEncryption, SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION,
647 "PKCS #1 MD5 With RSA Encryption", CKM_MD5_RSA_PKCS,
648 INVALID_CERT_EXTENSION ),
649 OD( pkcs1SHA1WithRSAEncryption, SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION,
650 "PKCS #1 SHA-1 With RSA Encryption", CKM_SHA1_RSA_PKCS,
651 INVALID_CERT_EXTENSION ),
652
653 OD( pkcs5PbeWithMD2AndDEScbc, SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC,
654 "PKCS #5 Password Based Encryption with MD2 and DES-CBC",
655 CKM_PBE_MD2_DES_CBC, INVALID_CERT_EXTENSION ),
656 OD( pkcs5PbeWithMD5AndDEScbc, SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC,
657 "PKCS #5 Password Based Encryption with MD5 and DES-CBC",
658 CKM_PBE_MD5_DES_CBC, INVALID_CERT_EXTENSION ),
659 OD( pkcs5PbeWithSha1AndDEScbc, SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC,
660 "PKCS #5 Password Based Encryption with SHA-1 and DES-CBC",
661 CKM_NETSCAPE_PBE_SHA1_DES_CBC, INVALID_CERT_EXTENSION ),
662 OD( pkcs7, SEC_OID_PKCS7,
663 "PKCS #7", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
664 OD( pkcs7Data, SEC_OID_PKCS7_DATA,
665 "PKCS #7 Data", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
666 OD( pkcs7SignedData, SEC_OID_PKCS7_SIGNED_DATA,
667 "PKCS #7 Signed Data", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
668 OD( pkcs7EnvelopedData, SEC_OID_PKCS7_ENVELOPED_DATA,
669 "PKCS #7 Enveloped Data",
670 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
671 OD( pkcs7SignedEnvelopedData, SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA,
672 "PKCS #7 Signed And Enveloped Data",
673 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
674 OD( pkcs7DigestedData, SEC_OID_PKCS7_DIGESTED_DATA,
675 "PKCS #7 Digested Data",
676 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
677 OD( pkcs7EncryptedData, SEC_OID_PKCS7_ENCRYPTED_DATA,
678 "PKCS #7 Encrypted Data",
679 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
680 OD( pkcs9EmailAddress, SEC_OID_PKCS9_EMAIL_ADDRESS,
681 "PKCS #9 Email Address",
682 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
683 OD( pkcs9UnstructuredName, SEC_OID_PKCS9_UNSTRUCTURED_NAME,
684 "PKCS #9 Unstructured Name",
685 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
686 OD( pkcs9ContentType, SEC_OID_PKCS9_CONTENT_TYPE,
687 "PKCS #9 Content Type",
688 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
689 OD( pkcs9MessageDigest, SEC_OID_PKCS9_MESSAGE_DIGEST,
690 "PKCS #9 Message Digest",
691 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
692 OD( pkcs9SigningTime, SEC_OID_PKCS9_SIGNING_TIME,
693 "PKCS #9 Signing Time",
694 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
695 OD( pkcs9CounterSignature, SEC_OID_PKCS9_COUNTER_SIGNATURE,
696 "PKCS #9 Counter Signature",
697 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
698 OD( pkcs9ChallengePassword, SEC_OID_PKCS9_CHALLENGE_PASSWORD,
699 "PKCS #9 Challenge Password",
700 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
701 OD( pkcs9UnstructuredAddress, SEC_OID_PKCS9_UNSTRUCTURED_ADDRESS,
702 "PKCS #9 Unstructured Address",
703 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
704 OD( pkcs9ExtendedCertificateAttributes,
705 SEC_OID_PKCS9_EXTENDED_CERTIFICATE_ATTRIBUTES,
706 "PKCS #9 Extended Certificate Attributes",
707 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
708 OD( pkcs9SMIMECapabilities, SEC_OID_PKCS9_SMIME_CAPABILITIES,
709 "PKCS #9 S/MIME Capabilities",
710 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
711 OD( x520CommonName, SEC_OID_AVA_COMMON_NAME,
712 "X520 Common Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
713 OD( x520CountryName, SEC_OID_AVA_COUNTRY_NAME,
714 "X520 Country Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
715 OD( x520LocalityName, SEC_OID_AVA_LOCALITY,
716 "X520 Locality Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
717 OD( x520StateOrProvinceName, SEC_OID_AVA_STATE_OR_PROVINCE,
718 "X520 State Or Province Name",
719 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
720 OD( x520OrgName, SEC_OID_AVA_ORGANIZATION_NAME,
721 "X520 Organization Name",
722 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
723 OD( x520OrgUnitName, SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME,
724 "X520 Organizational Unit Name",
725 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
726 OD( x520DnQualifier, SEC_OID_AVA_DN_QUALIFIER,
727 "X520 DN Qualifier", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
728 OD( rfc2247DomainComponent, SEC_OID_AVA_DC,
729 "RFC 2247 Domain Component",
730 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
731
732 OD( nsTypeGIF, SEC_OID_NS_TYPE_GIF,
733 "GIF", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
734 OD( nsTypeJPEG, SEC_OID_NS_TYPE_JPEG,
735 "JPEG", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
736 OD( nsTypeURL, SEC_OID_NS_TYPE_URL,
737 "URL", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
738 OD( nsTypeHTML, SEC_OID_NS_TYPE_HTML,
739 "HTML", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
740 OD( nsTypeCertSeq, SEC_OID_NS_TYPE_CERT_SEQUENCE,
741 "Certificate Sequence",
742 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
743 OD( missiCertKEADSSOld, SEC_OID_MISSI_KEA_DSS_OLD,
744 "MISSI KEA and DSS Algorithm (Old)",
745 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
746 OD( missiCertDSSOld, SEC_OID_MISSI_DSS_OLD,
747 "MISSI DSS Algorithm (Old)",
748 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
749 OD( missiCertKEADSS, SEC_OID_MISSI_KEA_DSS,
750 "MISSI KEA and DSS Algorithm",
751 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
752 OD( missiCertDSS, SEC_OID_MISSI_DSS,
753 "MISSI DSS Algorithm",
754 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
755 OD( missiCertKEA, SEC_OID_MISSI_KEA,
756 "MISSI KEA Algorithm",
757 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
758 OD( missiCertAltKEA, SEC_OID_MISSI_ALT_KEA,
759 "MISSI Alternate KEA Algorithm",
760 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
761
762 /* Netscape private extensions */
763 OD( nsCertExtNetscapeOK, SEC_OID_NS_CERT_EXT_NETSCAPE_OK,
764 "Netscape says this cert is OK",
765 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
766 OD( nsCertExtIssuerLogo, SEC_OID_NS_CERT_EXT_ISSUER_LOGO,
767 "Certificate Issuer Logo",
768 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
769 OD( nsCertExtSubjectLogo, SEC_OID_NS_CERT_EXT_SUBJECT_LOGO,
770 "Certificate Subject Logo",
771 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
772 OD( nsExtCertType, SEC_OID_NS_CERT_EXT_CERT_TYPE,
773 "Certificate Type",
774 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
775 OD( nsExtBaseURL, SEC_OID_NS_CERT_EXT_BASE_URL,
776 "Certificate Extension Base URL",
777 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
778 OD( nsExtRevocationURL, SEC_OID_NS_CERT_EXT_REVOCATION_URL,
779 "Certificate Revocation URL",
780 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
781 OD( nsExtCARevocationURL, SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL,
782 "Certificate Authority Revocation URL",
783 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
784 OD( nsExtCACRLURL, SEC_OID_NS_CERT_EXT_CA_CRL_URL,
785 "Certificate Authority CRL Download URL",
786 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
787 OD( nsExtCACertURL, SEC_OID_NS_CERT_EXT_CA_CERT_URL,
788 "Certificate Authority Certificate Download URL",
789 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
790 OD( nsExtCertRenewalURL, SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL,
791 "Certificate Renewal URL",
792 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
793 OD( nsExtCAPolicyURL, SEC_OID_NS_CERT_EXT_CA_POLICY_URL,
794 "Certificate Authority Policy URL",
795 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
796 OD( nsExtHomepageURL, SEC_OID_NS_CERT_EXT_HOMEPAGE_URL,
797 "Certificate Homepage URL",
798 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
799 OD( nsExtEntityLogo, SEC_OID_NS_CERT_EXT_ENTITY_LOGO,
800 "Certificate Entity Logo",
801 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
802 OD( nsExtUserPicture, SEC_OID_NS_CERT_EXT_USER_PICTURE,
803 "Certificate User Picture",
804 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
805 OD( nsExtSSLServerName, SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME,
806 "Certificate SSL Server Name",
807 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
808 OD( nsExtComment, SEC_OID_NS_CERT_EXT_COMMENT,
809 "Certificate Comment",
810 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
811 OD( nsExtLostPasswordURL, SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL,
812 "Lost Password URL",
813 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
814 OD( nsExtCertRenewalTime, SEC_OID_NS_CERT_EXT_CERT_RENEWAL_TIME,
815 "Certificate Renewal Time",
816 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
817 OD( nsKeyUsageGovtApproved, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED,
818 "Strong Crypto Export Approved",
819 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
820
821
822 /* x.509 v3 certificate extensions */
823 OD( x509SubjectDirectoryAttr, SEC_OID_X509_SUBJECT_DIRECTORY_ATTR,
824 "Certificate Subject Directory Attributes",
825 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION),
826 OD( x509SubjectKeyID, SEC_OID_X509_SUBJECT_KEY_ID,
827 "Certificate Subject Key ID",
828 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
829 OD( x509KeyUsage, SEC_OID_X509_KEY_USAGE,
830 "Certificate Key Usage",
831 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
832 OD( x509PrivateKeyUsagePeriod, SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD,
833 "Certificate Private Key Usage Period",
834 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
835 OD( x509SubjectAltName, SEC_OID_X509_SUBJECT_ALT_NAME,
836 "Certificate Subject Alt Name",
837 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
838 OD( x509IssuerAltName, SEC_OID_X509_ISSUER_ALT_NAME,
839 "Certificate Issuer Alt Name",
840 CKM_INVALID_MECHANISM, FAKE_SUPPORTED_CERT_EXTENSION ),
841 OD( x509BasicConstraints, SEC_OID_X509_BASIC_CONSTRAINTS,
842 "Certificate Basic Constraints",
843 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
844 OD( x509NameConstraints, SEC_OID_X509_NAME_CONSTRAINTS,
845 "Certificate Name Constraints",
846 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
847 OD( x509CRLDistPoints, SEC_OID_X509_CRL_DIST_POINTS,
848 "CRL Distribution Points",
849 CKM_INVALID_MECHANISM, FAKE_SUPPORTED_CERT_EXTENSION ),
850 OD( x509CertificatePolicies, SEC_OID_X509_CERTIFICATE_POLICIES,
851 "Certificate Policies",
852 CKM_INVALID_MECHANISM, FAKE_SUPPORTED_CERT_EXTENSION ),
853 OD( x509PolicyMappings, SEC_OID_X509_POLICY_MAPPINGS,
854 "Certificate Policy Mappings",
855 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
856 OD( x509PolicyConstraints, SEC_OID_X509_POLICY_CONSTRAINTS,
857 "Certificate Policy Constraints",
858 CKM_INVALID_MECHANISM, FAKE_SUPPORTED_CERT_EXTENSION ),
859 OD( x509AuthKeyID, SEC_OID_X509_AUTH_KEY_ID,
860 "Certificate Authority Key Identifier",
861 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
862 OD( x509ExtKeyUsage, SEC_OID_X509_EXT_KEY_USAGE,
863 "Extended Key Usage",
864 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
865 OD( x509AuthInfoAccess, SEC_OID_X509_AUTH_INFO_ACCESS,
866 "Authority Information Access",
867 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
868
869 /* x.509 v3 CRL extensions */
870 OD( x509CRLNumber, SEC_OID_X509_CRL_NUMBER,
871 "CRL Number", CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
872 OD( x509ReasonCode, SEC_OID_X509_REASON_CODE,
873 "CRL reason code", CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
874 OD( x509InvalidDate, SEC_OID_X509_INVALID_DATE,
875 "Invalid Date", CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
876
877 OD( x500RSAEncryption, SEC_OID_X500_RSA_ENCRYPTION,
878 "X500 RSA Encryption", CKM_RSA_X_509, INVALID_CERT_EXTENSION ),
879
880 /* added for alg 1485 */
881 OD( rfc1274Uid, SEC_OID_RFC1274_UID,
882 "RFC1274 User Id", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
883 OD( rfc1274Mail, SEC_OID_RFC1274_MAIL,
884 "RFC1274 E-mail Address",
885 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
886
887 /* pkcs 12 additions */
888 OD( pkcs12, SEC_OID_PKCS12,
889 "PKCS #12", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
890 OD( pkcs12ModeIDs, SEC_OID_PKCS12_MODE_IDS,
891 "PKCS #12 Mode IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
892 OD( pkcs12ESPVKIDs, SEC_OID_PKCS12_ESPVK_IDS,
893 "PKCS #12 ESPVK IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
894 OD( pkcs12BagIDs, SEC_OID_PKCS12_BAG_IDS,
895 "PKCS #12 Bag IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
896 OD( pkcs12CertBagIDs, SEC_OID_PKCS12_CERT_BAG_IDS,
897 "PKCS #12 Cert Bag IDs",
898 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
899 OD( pkcs12OIDs, SEC_OID_PKCS12_OIDS,
900 "PKCS #12 OIDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
901 OD( pkcs12PBEIDs, SEC_OID_PKCS12_PBE_IDS,
902 "PKCS #12 PBE IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
903 OD( pkcs12SignatureIDs, SEC_OID_PKCS12_SIGNATURE_IDS,
904 "PKCS #12 Signature IDs",
905 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
906 OD( pkcs12EnvelopingIDs, SEC_OID_PKCS12_ENVELOPING_IDS,
907 "PKCS #12 Enveloping IDs",
908 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
909 OD( pkcs12PKCS8KeyShrouding, SEC_OID_PKCS12_PKCS8_KEY_SHROUDING,
910 "PKCS #12 Key Shrouding",
911 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
912 OD( pkcs12KeyBagID, SEC_OID_PKCS12_KEY_BAG_ID,
913 "PKCS #12 Key Bag ID",
914 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
915 OD( pkcs12CertAndCRLBagID, SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID,
916 "PKCS #12 Cert And CRL Bag ID",
917 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
918 OD( pkcs12SecretBagID, SEC_OID_PKCS12_SECRET_BAG_ID,
919 "PKCS #12 Secret Bag ID",
920 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
921 OD( pkcs12X509CertCRLBag, SEC_OID_PKCS12_X509_CERT_CRL_BAG,
922 "PKCS #12 X509 Cert CRL Bag",
923 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
924 OD( pkcs12SDSICertBag, SEC_OID_PKCS12_SDSI_CERT_BAG,
925 "PKCS #12 SDSI Cert Bag",
926 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
927 OD( pkcs12PBEWithSha1And128BitRC4,
928 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4,
929 "PKCS #12 PBE With SHA-1 and 128 Bit RC4",
930 CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4, INVALID_CERT_EXTENSION ),
931 OD( pkcs12PBEWithSha1And40BitRC4,
932 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4,
933 "PKCS #12 PBE With SHA-1 and 40 Bit RC4",
934 CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4, INVALID_CERT_EXTENSION ),
935 OD( pkcs12PBEWithSha1AndTripleDESCBC,
936 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC,
937 "PKCS #12 PBE With SHA-1 and Triple DES-CBC",
938 CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC, INVALID_CERT_EXTENSION ),
939 OD( pkcs12PBEWithSha1And128BitRC2CBC,
940 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC,
941 "PKCS #12 PBE With SHA-1 and 128 Bit RC2 CBC",
942 CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC, INVALID_CERT_EXTENSION ),
943 OD( pkcs12PBEWithSha1And40BitRC2CBC,
944 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC,
945 "PKCS #12 PBE With SHA-1 and 40 Bit RC2 CBC",
946 CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC, INVALID_CERT_EXTENSION ),
947 OD( pkcs12RSAEncryptionWith128BitRC4,
948 SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_128_BIT_RC4,
949 "PKCS #12 RSA Encryption with 128 Bit RC4",
950 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
951 OD( pkcs12RSAEncryptionWith40BitRC4,
952 SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_40_BIT_RC4,
953 "PKCS #12 RSA Encryption with 40 Bit RC4",
954 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
955 OD( pkcs12RSAEncryptionWithTripleDES,
956 SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_TRIPLE_DES,
957 "PKCS #12 RSA Encryption with Triple DES",
958 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
959 OD( pkcs12RSASignatureWithSHA1Digest,
960 SEC_OID_PKCS12_RSA_SIGNATURE_WITH_SHA1_DIGEST,
961 "PKCS #12 RSA Encryption with Triple DES",
962 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
963
964 /* DSA signatures */
965 OD( ansix9DSASignature, SEC_OID_ANSIX9_DSA_SIGNATURE,
966 "ANSI X9.57 DSA Signature", CKM_DSA, INVALID_CERT_EXTENSION ),
967 OD( ansix9DSASignaturewithSHA1Digest,
968 SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST,
969 "ANSI X9.57 DSA Signature with SHA-1 Digest",
970 CKM_DSA_SHA1, INVALID_CERT_EXTENSION ),
971 OD( bogusDSASignaturewithSHA1Digest,
972 SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST,
973 "FORTEZZA DSA Signature with SHA-1 Digest",
974 CKM_DSA_SHA1, INVALID_CERT_EXTENSION ),
975
976 /* verisign oids */
977 OD( verisignUserNotices, SEC_OID_VERISIGN_USER_NOTICES,
978 "Verisign User Notices",
979 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
980
981 /* pkix oids */
982 OD( pkixCPSPointerQualifier, SEC_OID_PKIX_CPS_POINTER_QUALIFIER,
983 "PKIX CPS Pointer Qualifier",
984 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
985 OD( pkixUserNoticeQualifier, SEC_OID_PKIX_USER_NOTICE_QUALIFIER,
986 "PKIX User Notice Qualifier",
987 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
988
989 OD( pkixOCSP, SEC_OID_PKIX_OCSP,
990 "PKIX Online Certificate Status Protocol",
991 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
992 OD( pkixOCSPBasicResponse, SEC_OID_PKIX_OCSP_BASIC_RESPONSE,
993 "OCSP Basic Response", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
994 OD( pkixOCSPNonce, SEC_OID_PKIX_OCSP_NONCE,
995 "OCSP Nonce Extension", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
996 OD( pkixOCSPCRL, SEC_OID_PKIX_OCSP_CRL,
997 "OCSP CRL Reference Extension",
998 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
999 OD( pkixOCSPResponse, SEC_OID_PKIX_OCSP_RESPONSE,
1000 "OCSP Response Types Extension",
1001 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1002 OD( pkixOCSPNoCheck, SEC_OID_PKIX_OCSP_NO_CHECK,
1003 "OCSP No Check Extension",
1004 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
1005 OD( pkixOCSPArchiveCutoff, SEC_OID_PKIX_OCSP_ARCHIVE_CUTOFF,
1006 "OCSP Archive Cutoff Extension",
1007 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1008 OD( pkixOCSPServiceLocator, SEC_OID_PKIX_OCSP_SERVICE_LOCATOR,
1009 "OCSP Service Locator Extension",
1010 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1011
1012 OD( pkixRegCtrlRegToken, SEC_OID_PKIX_REGCTRL_REGTOKEN,
1013 "PKIX CRMF Registration Control, Registration Token",
1014 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1015 OD( pkixRegCtrlAuthenticator, SEC_OID_PKIX_REGCTRL_AUTHENTICATOR,
1016 "PKIX CRMF Registration Control, Registration Authenticator",
1017 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1018 OD( pkixRegCtrlPKIPubInfo, SEC_OID_PKIX_REGCTRL_PKIPUBINFO,
1019 "PKIX CRMF Registration Control, PKI Publication Info",
1020 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
1021 OD( pkixRegCtrlPKIArchOptions,
1022 SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS,
1023 "PKIX CRMF Registration Control, PKI Archive Options",
1024 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
1025 OD( pkixRegCtrlOldCertID, SEC_OID_PKIX_REGCTRL_OLD_CERT_ID,
1026 "PKIX CRMF Registration Control, Old Certificate ID",
1027 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
1028 OD( pkixRegCtrlProtEncKey, SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY,
1029 "PKIX CRMF Registration Control, Protocol Encryption Key",
1030 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
1031 OD( pkixRegInfoUTF8Pairs, SEC_OID_PKIX_REGINFO_UTF8_PAIRS,
1032 "PKIX CRMF Registration Info, UTF8 Pairs",
1033 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
1034 OD( pkixRegInfoCertReq, SEC_OID_PKIX_REGINFO_CERT_REQUEST,
1035 "PKIX CRMF Registration Info, Certificate Request",
1036 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
1037 OD( pkixExtendedKeyUsageServerAuth,
1038 SEC_OID_EXT_KEY_USAGE_SERVER_AUTH,
1039 "TLS Web Server Authentication Certificate",
1040 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
1041 OD( pkixExtendedKeyUsageClientAuth,
1042 SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH,
1043 "TLS Web Client Authentication Certificate",
1044 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
1045 OD( pkixExtendedKeyUsageCodeSign, SEC_OID_EXT_KEY_USAGE_CODE_SIGN,
1046 "Code Signing Certificate",
1047 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
1048 OD( pkixExtendedKeyUsageEMailProtect,
1049 SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT,
1050 "E-Mail Protection Certificate",
1051 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
1052 OD( pkixExtendedKeyUsageTimeStamp,
1053 SEC_OID_EXT_KEY_USAGE_TIME_STAMP,
1054 "Time Stamping Certifcate",
1055 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
1056 OD( pkixOCSPResponderExtendedKeyUsage, SEC_OID_OCSP_RESPONDER,
1057 "OCSP Responder Certificate",
1058 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
1059
1060 /* Netscape Algorithm OIDs */
1061
1062 OD( netscapeSMimeKEA, SEC_OID_NETSCAPE_SMIME_KEA,
1063 "Netscape S/MIME KEA", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1064
1065 /* Skipjack OID -- ### mwelch temporary */
1066 OD( skipjackCBC, SEC_OID_FORTEZZA_SKIPJACK,
1067 "Skipjack CBC64", CKM_SKIPJACK_CBC64, INVALID_CERT_EXTENSION ),
1068
1069 /* pkcs12 v2 oids */
1070 OD( pkcs12V2PBEWithSha1And128BitRC4,
1071 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4,
1072 "PKCS #12 V2 PBE With SHA-1 And 128 Bit RC4",
1073 CKM_PBE_SHA1_RC4_128, INVALID_CERT_EXTENSION ),
1074 OD( pkcs12V2PBEWithSha1And40BitRC4,
1075 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4,
1076 "PKCS #12 V2 PBE With SHA-1 And 40 Bit RC4",
1077 CKM_PBE_SHA1_RC4_40, INVALID_CERT_EXTENSION ),
1078 OD( pkcs12V2PBEWithSha1And3KeyTripleDEScbc,
1079 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC,
1080 "PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC",
1081 CKM_PBE_SHA1_DES3_EDE_CBC, INVALID_CERT_EXTENSION ),
1082 OD( pkcs12V2PBEWithSha1And2KeyTripleDEScbc,
1083 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC,
1084 "PKCS #12 V2 PBE With SHA-1 And 2KEY Triple DES-CBC",
1085 CKM_PBE_SHA1_DES2_EDE_CBC, INVALID_CERT_EXTENSION ),
1086 OD( pkcs12V2PBEWithSha1And128BitRC2cbc,
1087 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC,
1088 "PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC",
1089 CKM_PBE_SHA1_RC2_128_CBC, INVALID_CERT_EXTENSION ),
1090 OD( pkcs12V2PBEWithSha1And40BitRC2cbc,
1091 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC,
1092 "PKCS #12 V2 PBE With SHA-1 And 40 Bit RC2 CBC",
1093 CKM_PBE_SHA1_RC2_40_CBC, INVALID_CERT_EXTENSION ),
1094 OD( pkcs12SafeContentsID, SEC_OID_PKCS12_SAFE_CONTENTS_ID,
1095 "PKCS #12 Safe Contents ID",
1096 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1097 OD( pkcs12PKCS8ShroudedKeyBagID,
1098 SEC_OID_PKCS12_PKCS8_SHROUDED_KEY_BAG_ID,
1099 "PKCS #12 Safe Contents ID",
1100 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1101 OD( pkcs12V1KeyBag, SEC_OID_PKCS12_V1_KEY_BAG_ID,
1102 "PKCS #12 V1 Key Bag",
1103 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1104 OD( pkcs12V1PKCS8ShroudedKeyBag,
1105 SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID,
1106 "PKCS #12 V1 PKCS8 Shrouded Key Bag",
1107 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1108 OD( pkcs12V1CertBag, SEC_OID_PKCS12_V1_CERT_BAG_ID,
1109 "PKCS #12 V1 Cert Bag",
1110 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1111 OD( pkcs12V1CRLBag, SEC_OID_PKCS12_V1_CRL_BAG_ID,
1112 "PKCS #12 V1 CRL Bag",
1113 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1114 OD( pkcs12V1SecretBag, SEC_OID_PKCS12_V1_SECRET_BAG_ID,
1115 "PKCS #12 V1 Secret Bag",
1116 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1117 OD( pkcs12V1SafeContentsBag, SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID,
1118 "PKCS #12 V1 Safe Contents Bag",
1119 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1120
1121 OD( pkcs9X509Certificate, SEC_OID_PKCS9_X509_CERT,
1122 "PKCS #9 X509 Certificate",
1123 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1124 OD( pkcs9SDSICertificate, SEC_OID_PKCS9_SDSI_CERT,
1125 "PKCS #9 SDSI Certificate",
1126 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1127 OD( pkcs9X509CRL, SEC_OID_PKCS9_X509_CRL,
1128 "PKCS #9 X509 CRL", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1129 OD( pkcs9FriendlyName, SEC_OID_PKCS9_FRIENDLY_NAME,
1130 "PKCS #9 Friendly Name",
1131 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1132 OD( pkcs9LocalKeyID, SEC_OID_PKCS9_LOCAL_KEY_ID,
1133 "PKCS #9 Local Key ID",
1134 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1135 OD( pkcs12KeyUsageAttr, SEC_OID_BOGUS_KEY_USAGE,
1136 "Bogus Key Usage", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1137 OD( dhPublicKey, SEC_OID_X942_DIFFIE_HELMAN_KEY,
1138 "Diffie-Helman Public Key", CKM_DH_PKCS_DERIVE,
1139 INVALID_CERT_EXTENSION ),
1140 OD( netscapeNickname, SEC_OID_NETSCAPE_NICKNAME,
1141 "Netscape Nickname", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1142
1143 /* Cert Server specific OIDs */
1144 OD( netscapeRecoveryRequest, SEC_OID_NETSCAPE_RECOVERY_REQUEST,
1145 "Recovery Request OID",
1146 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1147
1148 OD( nsExtAIACertRenewal, SEC_OID_CERT_RENEWAL_LOCATOR,
1149 "Certificate Renewal Locator OID", CKM_INVALID_MECHANISM,
1150 INVALID_CERT_EXTENSION ),
1151
1152 OD( nsExtCertScopeOfUse, SEC_OID_NS_CERT_EXT_SCOPE_OF_USE,
1153 "Certificate Scope-of-Use Extension", CKM_INVALID_MECHANISM,
1154 SUPPORTED_CERT_EXTENSION ),
1155
1156 /* CMS stuff */
1157 OD( cmsESDH, SEC_OID_CMS_EPHEMERAL_STATIC_DIFFIE_HELLMAN,
1158 "Ephemeral-Static Diffie-Hellman", CKM_INVALID_MECHANISM /* XXX */,
1159 INVALID_CERT_EXTENSION ),
1160 OD( cms3DESwrap, SEC_OID_CMS_3DES_KEY_WRAP,
1161 "CMS Triple DES Key Wrap", CKM_INVALID_MECHANISM /* XXX */,
1162 INVALID_CERT_EXTENSION ),
1163 OD( cmsRC2wrap, SEC_OID_CMS_RC2_KEY_WRAP,
1164 "CMS RC2 Key Wrap", CKM_INVALID_MECHANISM /* XXX */,
1165 INVALID_CERT_EXTENSION ),
1166 OD( smimeEncryptionKeyPreference, SEC_OID_SMIME_ENCRYPTION_KEY_PREFERENCE,
1167 "S/MIME Encryption Key Preference",
1168 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1169
1170 /* AES algorithm OIDs */
1171 OD( aes128_ECB, SEC_OID_AES_128_ECB,
1172 "AES-128-ECB", CKM_AES_ECB, INVALID_CERT_EXTENSION ),
1173 OD( aes128_CBC, SEC_OID_AES_128_CBC,
1174 "AES-128-CBC", CKM_AES_CBC, INVALID_CERT_EXTENSION ),
1175 OD( aes192_ECB, SEC_OID_AES_192_ECB,
1176 "AES-192-ECB", CKM_AES_ECB, INVALID_CERT_EXTENSION ),
1177 OD( aes192_CBC, SEC_OID_AES_192_CBC,
1178 "AES-192-CBC", CKM_AES_CBC, INVALID_CERT_EXTENSION ),
1179 OD( aes256_ECB, SEC_OID_AES_256_ECB,
1180 "AES-256-ECB", CKM_AES_ECB, INVALID_CERT_EXTENSION ),
1181 OD( aes256_CBC, SEC_OID_AES_256_CBC,
1182 "AES-256-CBC", CKM_AES_CBC, INVALID_CERT_EXTENSION ),
1183
1184 /* More bogus DSA OIDs */
1185 OD( sdn702DSASignature, SEC_OID_SDN702_DSA_SIGNATURE,
1186 "SDN.702 DSA Signature", CKM_DSA_SHA1, INVALID_CERT_EXTENSION ),
1187
1188 OD( ms_smimeEncryptionKeyPreference,
1189 SEC_OID_MS_SMIME_ENCRYPTION_KEY_PREFERENCE,
1190 "Microsoft S/MIME Encryption Key Preference",
1191 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1192
1193 OD( sha256, SEC_OID_SHA256, "SHA-256", CKM_SHA256, INVALID_CERT_EXTENSION),
1194 OD( sha384, SEC_OID_SHA384, "SHA-384", CKM_SHA384, INVALID_CERT_EXTENSION),
1195 OD( sha512, SEC_OID_SHA512, "SHA-512", CKM_SHA512, INVALID_CERT_EXTENSION),
1196
1197 OD( pkcs1SHA256WithRSAEncryption, SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION,
1198 "PKCS #1 SHA-256 With RSA Encryption", CKM_SHA256_RSA_PKCS,
1199 INVALID_CERT_EXTENSION ),
1200 OD( pkcs1SHA384WithRSAEncryption, SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION,
1201 "PKCS #1 SHA-384 With RSA Encryption", CKM_SHA384_RSA_PKCS,
1202 INVALID_CERT_EXTENSION ),
1203 OD( pkcs1SHA512WithRSAEncryption, SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION,
1204 "PKCS #1 SHA-512 With RSA Encryption", CKM_SHA512_RSA_PKCS,
1205 INVALID_CERT_EXTENSION ),
1206
1207 OD( aes128_KEY_WRAP, SEC_OID_AES_128_KEY_WRAP,
1208 "AES-128 Key Wrap", CKM_NSS_AES_KEY_WRAP, INVALID_CERT_EXTENSION),
1209 OD( aes192_KEY_WRAP, SEC_OID_AES_192_KEY_WRAP,
1210 "AES-192 Key Wrap", CKM_NSS_AES_KEY_WRAP, INVALID_CERT_EXTENSION),
1211 OD( aes256_KEY_WRAP, SEC_OID_AES_256_KEY_WRAP,
1212 "AES-256 Key Wrap", CKM_NSS_AES_KEY_WRAP, INVALID_CERT_EXTENSION),
1213
1214 /* Elliptic Curve Cryptography (ECC) OIDs */
1215 OD( ansix962ECPublicKey, SEC_OID_ANSIX962_EC_PUBLIC_KEY,
1216 "X9.62 elliptic curve public key", CKM_ECDH1_DERIVE,
1217 INVALID_CERT_EXTENSION ),
1218 OD( ansix962SignaturewithSHA1Digest,
1219 SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE,
1220 "X9.62 ECDSA signature with SHA-1", CKM_ECDSA_SHA1,
1221 INVALID_CERT_EXTENSION ),
1222
1223 /* Named curves */
1224
1225 /* ANSI X9.62 named elliptic curves (prime field) */
1226 OD( ansiX962prime192v1, SEC_OID_ANSIX962_EC_PRIME192V1,
1227 "ANSI X9.62 elliptic curve prime192v1 (aka secp192r1, NIST P-192)",
1228 CKM_INVALID_MECHANISM,
1229 INVALID_CERT_EXTENSION ),
1230 OD( ansiX962prime192v2, SEC_OID_ANSIX962_EC_PRIME192V2,
1231 "ANSI X9.62 elliptic curve prime192v2",
1232 CKM_INVALID_MECHANISM,
1233 INVALID_CERT_EXTENSION ),
1234 OD( ansiX962prime192v3, SEC_OID_ANSIX962_EC_PRIME192V3,
1235 "ANSI X9.62 elliptic curve prime192v3",
1236 CKM_INVALID_MECHANISM,
1237 INVALID_CERT_EXTENSION ),
1238 OD( ansiX962prime239v1, SEC_OID_ANSIX962_EC_PRIME239V1,
1239 "ANSI X9.62 elliptic curve prime239v1",
1240 CKM_INVALID_MECHANISM,
1241 INVALID_CERT_EXTENSION ),
1242 OD( ansiX962prime239v2, SEC_OID_ANSIX962_EC_PRIME239V2,
1243 "ANSI X9.62 elliptic curve prime239v2",
1244 CKM_INVALID_MECHANISM,
1245 INVALID_CERT_EXTENSION ),
1246 OD( ansiX962prime239v3, SEC_OID_ANSIX962_EC_PRIME239V3,
1247 "ANSI X9.62 elliptic curve prime239v3",
1248 CKM_INVALID_MECHANISM,
1249 INVALID_CERT_EXTENSION ),
1250 OD( ansiX962prime256v1, SEC_OID_ANSIX962_EC_PRIME256V1,
1251 "ANSI X9.62 elliptic curve prime256v1 (aka secp256r1, NIST P-256)",
1252 CKM_INVALID_MECHANISM,
1253 INVALID_CERT_EXTENSION ),
1254
1255 /* SECG named elliptic curves (prime field) */
1256 OD( secgECsecp112r1, SEC_OID_SECG_EC_SECP112R1,
1257 "SECG elliptic curve secp112r1",
1258 CKM_INVALID_MECHANISM,
1259 INVALID_CERT_EXTENSION ),
1260 OD( secgECsecp112r2, SEC_OID_SECG_EC_SECP112R2,
1261 "SECG elliptic curve secp112r2",
1262 CKM_INVALID_MECHANISM,
1263 INVALID_CERT_EXTENSION ),
1264 OD( secgECsecp128r1, SEC_OID_SECG_EC_SECP128R1,
1265 "SECG elliptic curve secp128r1",
1266 CKM_INVALID_MECHANISM,
1267 INVALID_CERT_EXTENSION ),
1268 OD( secgECsecp128r2, SEC_OID_SECG_EC_SECP128R2,
1269 "SECG elliptic curve secp128r2",
1270 CKM_INVALID_MECHANISM,
1271 INVALID_CERT_EXTENSION ),
1272 OD( secgECsecp160k1, SEC_OID_SECG_EC_SECP160K1,
1273 "SECG elliptic curve secp160k1",
1274 CKM_INVALID_MECHANISM,
1275 INVALID_CERT_EXTENSION ),
1276 OD( secgECsecp160r1, SEC_OID_SECG_EC_SECP160R1,
1277 "SECG elliptic curve secp160r1",
1278 CKM_INVALID_MECHANISM,
1279 INVALID_CERT_EXTENSION ),
1280 OD( secgECsecp160r2, SEC_OID_SECG_EC_SECP160R2,
1281 "SECG elliptic curve secp160r2",
1282 CKM_INVALID_MECHANISM,
1283 INVALID_CERT_EXTENSION ),
1284 OD( secgECsecp192k1, SEC_OID_SECG_EC_SECP192K1,
1285 "SECG elliptic curve secp192k1",
1286 CKM_INVALID_MECHANISM,
1287 INVALID_CERT_EXTENSION ),
1288 OD( secgECsecp224k1, SEC_OID_SECG_EC_SECP224K1,
1289 "SECG elliptic curve secp224k1",
1290 CKM_INVALID_MECHANISM,
1291 INVALID_CERT_EXTENSION ),
1292 OD( secgECsecp224r1, SEC_OID_SECG_EC_SECP224R1,
1293 "SECG elliptic curve secp224r1 (aka NIST P-224)",
1294 CKM_INVALID_MECHANISM,
1295 INVALID_CERT_EXTENSION ),
1296 OD( secgECsecp256k1, SEC_OID_SECG_EC_SECP256K1,
1297 "SECG elliptic curve secp256k1",
1298 CKM_INVALID_MECHANISM,
1299 INVALID_CERT_EXTENSION ),
1300 OD( secgECsecp384r1, SEC_OID_SECG_EC_SECP384R1,
1301 "SECG elliptic curve secp384r1 (aka NIST P-384)",
1302 CKM_INVALID_MECHANISM,
1303 INVALID_CERT_EXTENSION ),
1304 OD( secgECsecp521r1, SEC_OID_SECG_EC_SECP521R1,
1305 "SECG elliptic curve secp521r1 (aka NIST P-521)",
1306 CKM_INVALID_MECHANISM,
1307 INVALID_CERT_EXTENSION ),
1308
1309 /* ANSI X9.62 named elliptic curves (characteristic two field) */
1310 OD( ansiX962c2pnb163v1, SEC_OID_ANSIX962_EC_C2PNB163V1,
1311 "ANSI X9.62 elliptic curve c2pnb163v1",
1312 CKM_INVALID_MECHANISM,
1313 INVALID_CERT_EXTENSION ),
1314 OD( ansiX962c2pnb163v2, SEC_OID_ANSIX962_EC_C2PNB163V2,
1315 "ANSI X9.62 elliptic curve c2pnb163v2",
1316 CKM_INVALID_MECHANISM,
1317 INVALID_CERT_EXTENSION ),
1318 OD( ansiX962c2pnb163v3, SEC_OID_ANSIX962_EC_C2PNB163V3,
1319 "ANSI X9.62 elliptic curve c2pnb163v3",
1320 CKM_INVALID_MECHANISM,
1321 INVALID_CERT_EXTENSION ),
1322 OD( ansiX962c2pnb176v1, SEC_OID_ANSIX962_EC_C2PNB176V1,
1323 "ANSI X9.62 elliptic curve c2pnb176v1",
1324 CKM_INVALID_MECHANISM,
1325 INVALID_CERT_EXTENSION ),
1326 OD( ansiX962c2tnb191v1, SEC_OID_ANSIX962_EC_C2TNB191V1,
1327 "ANSI X9.62 elliptic curve c2tnb191v1",
1328 CKM_INVALID_MECHANISM,
1329 INVALID_CERT_EXTENSION ),
1330 OD( ansiX962c2tnb191v2, SEC_OID_ANSIX962_EC_C2TNB191V2,
1331 "ANSI X9.62 elliptic curve c2tnb191v2",
1332 CKM_INVALID_MECHANISM,
1333 INVALID_CERT_EXTENSION ),
1334 OD( ansiX962c2tnb191v3, SEC_OID_ANSIX962_EC_C2TNB191V3,
1335 "ANSI X9.62 elliptic curve c2tnb191v3",
1336 CKM_INVALID_MECHANISM,
1337 INVALID_CERT_EXTENSION ),
1338 OD( ansiX962c2onb191v4, SEC_OID_ANSIX962_EC_C2ONB191V4,
1339 "ANSI X9.62 elliptic curve c2onb191v4",
1340 CKM_INVALID_MECHANISM,
1341 INVALID_CERT_EXTENSION ),
1342 OD( ansiX962c2onb191v5, SEC_OID_ANSIX962_EC_C2ONB191V5,
1343 "ANSI X9.62 elliptic curve c2onb191v5",
1344 CKM_INVALID_MECHANISM,
1345 INVALID_CERT_EXTENSION ),
1346 OD( ansiX962c2pnb208w1, SEC_OID_ANSIX962_EC_C2PNB208W1,
1347 "ANSI X9.62 elliptic curve c2pnb208w1",
1348 CKM_INVALID_MECHANISM,
1349 INVALID_CERT_EXTENSION ),
1350 OD( ansiX962c2tnb239v1, SEC_OID_ANSIX962_EC_C2TNB239V1,
1351 "ANSI X9.62 elliptic curve c2tnb239v1",
1352 CKM_INVALID_MECHANISM,
1353 INVALID_CERT_EXTENSION ),
1354 OD( ansiX962c2tnb239v2, SEC_OID_ANSIX962_EC_C2TNB239V2,
1355 "ANSI X9.62 elliptic curve c2tnb239v2",
1356 CKM_INVALID_MECHANISM,
1357 INVALID_CERT_EXTENSION ),
1358 OD( ansiX962c2tnb239v3, SEC_OID_ANSIX962_EC_C2TNB239V3,
1359 "ANSI X9.62 elliptic curve c2tnb239v3",
1360 CKM_INVALID_MECHANISM,
1361 INVALID_CERT_EXTENSION ),
1362 OD( ansiX962c2onb239v4, SEC_OID_ANSIX962_EC_C2ONB239V4,
1363 "ANSI X9.62 elliptic curve c2onb239v4",
1364 CKM_INVALID_MECHANISM,
1365 INVALID_CERT_EXTENSION ),
1366 OD( ansiX962c2onb239v5, SEC_OID_ANSIX962_EC_C2ONB239V5,
1367 "ANSI X9.62 elliptic curve c2onb239v5",
1368 CKM_INVALID_MECHANISM,
1369 INVALID_CERT_EXTENSION ),
1370 OD( ansiX962c2pnb272w1, SEC_OID_ANSIX962_EC_C2PNB272W1,
1371 "ANSI X9.62 elliptic curve c2pnb272w1",
1372 CKM_INVALID_MECHANISM,
1373 INVALID_CERT_EXTENSION ),
1374 OD( ansiX962c2pnb304w1, SEC_OID_ANSIX962_EC_C2PNB304W1,
1375 "ANSI X9.62 elliptic curve c2pnb304w1",
1376 CKM_INVALID_MECHANISM,
1377 INVALID_CERT_EXTENSION ),
1378 OD( ansiX962c2tnb359v1, SEC_OID_ANSIX962_EC_C2TNB359V1,
1379 "ANSI X9.62 elliptic curve c2tnb359v1",
1380 CKM_INVALID_MECHANISM,
1381 INVALID_CERT_EXTENSION ),
1382 OD( ansiX962c2pnb368w1, SEC_OID_ANSIX962_EC_C2PNB368W1,
1383 "ANSI X9.62 elliptic curve c2pnb368w1",
1384 CKM_INVALID_MECHANISM,
1385 INVALID_CERT_EXTENSION ),
1386 OD( ansiX962c2tnb431r1, SEC_OID_ANSIX962_EC_C2TNB431R1,
1387 "ANSI X9.62 elliptic curve c2tnb431r1",
1388 CKM_INVALID_MECHANISM,
1389 INVALID_CERT_EXTENSION ),
1390
1391 /* SECG named elliptic curves (characterisitic two field) */
1392 OD( secgECsect113r1, SEC_OID_SECG_EC_SECT113R1,
1393 "SECG elliptic curve sect113r1",
1394 CKM_INVALID_MECHANISM,
1395 INVALID_CERT_EXTENSION ),
1396 OD( secgECsect113r2, SEC_OID_SECG_EC_SECT113R2,
1397 "SECG elliptic curve sect113r2",
1398 CKM_INVALID_MECHANISM,
1399 INVALID_CERT_EXTENSION ),
1400 OD( secgECsect131r1, SEC_OID_SECG_EC_SECT131R1,
1401 "SECG elliptic curve sect131r1",
1402 CKM_INVALID_MECHANISM,
1403 INVALID_CERT_EXTENSION ),
1404 OD( secgECsect131r2, SEC_OID_SECG_EC_SECT131R2,
1405 "SECG elliptic curve sect131r2",
1406 CKM_INVALID_MECHANISM,
1407 INVALID_CERT_EXTENSION ),
1408 OD( secgECsect163k1, SEC_OID_SECG_EC_SECT163K1,
1409 "SECG elliptic curve sect163k1 (aka NIST K-163)",
1410 CKM_INVALID_MECHANISM,
1411 INVALID_CERT_EXTENSION ),
1412 OD( secgECsect163r1, SEC_OID_SECG_EC_SECT163R1,
1413 "SECG elliptic curve sect163r1",
1414 CKM_INVALID_MECHANISM,
1415 INVALID_CERT_EXTENSION ),
1416 OD( secgECsect163r2, SEC_OID_SECG_EC_SECT163R2,
1417 "SECG elliptic curve sect163r2 (aka NIST B-163)",
1418 CKM_INVALID_MECHANISM,
1419 INVALID_CERT_EXTENSION ),
1420 OD( secgECsect193r1, SEC_OID_SECG_EC_SECT193R1,
1421 "SECG elliptic curve sect193r1",
1422 CKM_INVALID_MECHANISM,
1423 INVALID_CERT_EXTENSION ),
1424 OD( secgECsect193r2, SEC_OID_SECG_EC_SECT193R2,
1425 "SECG elliptic curve sect193r2",
1426 CKM_INVALID_MECHANISM,
1427 INVALID_CERT_EXTENSION ),
1428 OD( secgECsect233k1, SEC_OID_SECG_EC_SECT233K1,
1429 "SECG elliptic curve sect233k1 (aka NIST K-233)",
1430 CKM_INVALID_MECHANISM,
1431 INVALID_CERT_EXTENSION ),
1432 OD( secgECsect233r1, SEC_OID_SECG_EC_SECT233R1,
1433 "SECG elliptic curve sect233r1 (aka NIST B-233)",
1434 CKM_INVALID_MECHANISM,
1435 INVALID_CERT_EXTENSION ),
1436 OD( secgECsect239k1, SEC_OID_SECG_EC_SECT239K1,
1437 "SECG elliptic curve sect239k1",
1438 CKM_INVALID_MECHANISM,
1439 INVALID_CERT_EXTENSION ),
1440 OD( secgECsect283k1, SEC_OID_SECG_EC_SECT283K1,
1441 "SECG elliptic curve sect283k1 (aka NIST K-283)",
1442 CKM_INVALID_MECHANISM,
1443 INVALID_CERT_EXTENSION ),
1444 OD( secgECsect283r1, SEC_OID_SECG_EC_SECT283R1,
1445 "SECG elliptic curve sect283r1 (aka NIST B-283)",
1446 CKM_INVALID_MECHANISM,
1447 INVALID_CERT_EXTENSION ),
1448 OD( secgECsect409k1, SEC_OID_SECG_EC_SECT409K1,
1449 "SECG elliptic curve sect409k1 (aka NIST K-409)",
1450 CKM_INVALID_MECHANISM,
1451 INVALID_CERT_EXTENSION ),
1452 OD( secgECsect409r1, SEC_OID_SECG_EC_SECT409R1,
1453 "SECG elliptic curve sect409r1 (aka NIST B-409)",
1454 CKM_INVALID_MECHANISM,
1455 INVALID_CERT_EXTENSION ),
1456 OD( secgECsect571k1, SEC_OID_SECG_EC_SECT571K1,
1457 "SECG elliptic curve sect571k1 (aka NIST K-571)",
1458 CKM_INVALID_MECHANISM,
1459 INVALID_CERT_EXTENSION ),
1460 OD( secgECsect571r1, SEC_OID_SECG_EC_SECT571R1,
1461 "SECG elliptic curve sect571r1 (aka NIST B-571)",
1462 CKM_INVALID_MECHANISM,
1463 INVALID_CERT_EXTENSION ),
1464
1465 OD( netscapeAOLScreenname, SEC_OID_NETSCAPE_AOLSCREENNAME,
1466 "AOL Screenname", CKM_INVALID_MECHANISM,
1467 INVALID_CERT_EXTENSION ),
1468
1469 OD( x520SurName, SEC_OID_AVA_SURNAME,
1470 "X520 Title", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1471 OD( x520SerialNumber, SEC_OID_AVA_SERIAL_NUMBER,
1472 "X520 Serial Number", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1473 OD( x520StreetAddress, SEC_OID_AVA_STREET_ADDRESS,
1474 "X520 Street Address", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1475 OD( x520Title, SEC_OID_AVA_TITLE,
1476 "X520 Title", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1477 OD( x520PostalAddress, SEC_OID_AVA_POSTAL_ADDRESS,
1478 "X520 Postal Address", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1479 OD( x520PostalCode, SEC_OID_AVA_POSTAL_CODE,
1480 "X520 Postal Code", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1481 OD( x520PostOfficeBox, SEC_OID_AVA_POST_OFFICE_BOX,
1482 "X520 Post Office Box", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1483 OD( x520GivenName, SEC_OID_AVA_GIVEN_NAME,
1484 "X520 Given Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1485 OD( x520Initials, SEC_OID_AVA_INITIALS,
1486 "X520 Initials", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1487 OD( x520GenerationQualifier, SEC_OID_AVA_GENERATION_QUALIFIER,
1488 "X520 Generation Qualifier",
1489 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1490 OD( x520HouseIdentifier, SEC_OID_AVA_HOUSE_IDENTIFIER,
1491 "X520 House Identifier",
1492 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1493 OD( x520Pseudonym, SEC_OID_AVA_PSEUDONYM,
1494 "X520 Pseudonym", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1495
1496 /* More OIDs */
1497 OD( pkixCAIssuers, SEC_OID_PKIX_CA_ISSUERS,
1498 "PKIX CA issuers access method",
1499 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1500 OD( pkcs9ExtensionRequest, SEC_OID_PKCS9_EXTENSION_REQUEST,
1501 "PKCS #9 Extension Request",
1502 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1503
1504 /* more ECC Signature Oids */
1505 OD( ansix962SignatureRecommended,
1506 SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST,
1507 "X9.62 ECDSA signature with recommended digest", CKM_INVALID_MECHANISM,
1508 INVALID_CERT_EXTENSION ),
1509 OD( ansix962SignatureSpecified,
1510 SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST,
1511 "X9.62 ECDSA signature with specified digest", CKM_ECDSA,
1512 INVALID_CERT_EXTENSION ),
1513 OD( ansix962SignaturewithSHA224Digest,
1514 SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE,
1515 "X9.62 ECDSA signature with SHA224", CKM_INVALID_MECHANISM,
1516 INVALID_CERT_EXTENSION ),
1517 OD( ansix962SignaturewithSHA256Digest,
1518 SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE,
1519 "X9.62 ECDSA signature with SHA256", CKM_INVALID_MECHANISM,
1520 INVALID_CERT_EXTENSION ),
1521 OD( ansix962SignaturewithSHA384Digest,
1522 SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE,
1523 "X9.62 ECDSA signature with SHA384", CKM_INVALID_MECHANISM,
1524 INVALID_CERT_EXTENSION ),
1525 OD( ansix962SignaturewithSHA512Digest,
1526 SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE,
1527 "X9.62 ECDSA signature with SHA512", CKM_INVALID_MECHANISM,
1528 INVALID_CERT_EXTENSION ),
1529
1530 /* More id-ce and id-pe OIDs from RFC 3280 */
1531 OD( x509HoldInstructionCode, SEC_OID_X509_HOLD_INSTRUCTION_CODE,
1532 "CRL Hold Instruction Code", CKM_INVALID_MECHANISM,
1533 UNSUPPORTED_CERT_EXTENSION ),
1534 OD( x509DeltaCRLIndicator, SEC_OID_X509_DELTA_CRL_INDICATOR,
1535 "Delta CRL Indicator", CKM_INVALID_MECHANISM,
1536 FAKE_SUPPORTED_CERT_EXTENSION ),
1537 OD( x509IssuingDistributionPoint, SEC_OID_X509_ISSUING_DISTRIBUTION_POINT,
1538 "Issuing Distribution Point", CKM_INVALID_MECHANISM,
1539 FAKE_SUPPORTED_CERT_EXTENSION ),
1540 OD( x509CertIssuer, SEC_OID_X509_CERT_ISSUER,
1541 "Certificate Issuer Extension",CKM_INVALID_MECHANISM,
1542 FAKE_SUPPORTED_CERT_EXTENSION ),
1543 OD( x509FreshestCRL, SEC_OID_X509_FRESHEST_CRL,
1544 "Freshest CRL", CKM_INVALID_MECHANISM,
1545 UNSUPPORTED_CERT_EXTENSION ),
1546 OD( x509InhibitAnyPolicy, SEC_OID_X509_INHIBIT_ANY_POLICY,
1547 "Inhibit Any Policy", CKM_INVALID_MECHANISM,
1548 FAKE_SUPPORTED_CERT_EXTENSION ),
1549 OD( x509SubjectInfoAccess, SEC_OID_X509_SUBJECT_INFO_ACCESS,
1550 "Subject Info Access", CKM_INVALID_MECHANISM,
1551 UNSUPPORTED_CERT_EXTENSION ),
1552
1553 /* Camellia algorithm OIDs */
1554 OD( camellia128_CBC, SEC_OID_CAMELLIA_128_CBC,
1555 "CAMELLIA-128-CBC", CKM_CAMELLIA_CBC, INVALID_CERT_EXTENSION ),
1556 OD( camellia192_CBC, SEC_OID_CAMELLIA_192_CBC,
1557 "CAMELLIA-192-CBC", CKM_CAMELLIA_CBC, INVALID_CERT_EXTENSION ),
1558 OD( camellia256_CBC, SEC_OID_CAMELLIA_256_CBC,
1559 "CAMELLIA-256-CBC", CKM_CAMELLIA_CBC, INVALID_CERT_EXTENSION ),
1560
1561 /* PKCS 5 v2 OIDS */
1562 OD( pkcs5Pbkdf2, SEC_OID_PKCS5_PBKDF2,
1563 "PKCS #5 Password Based Key Dervive Function v2 ",
1564 CKM_PKCS5_PBKD2, INVALID_CERT_EXTENSION ),
1565 OD( pkcs5Pbes2, SEC_OID_PKCS5_PBES2,
1566 "PKCS #5 Password Based Encryption v2 ",
1567 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1568 OD( pkcs5Pbmac1, SEC_OID_PKCS5_PBMAC1,
1569 "PKCS #5 Password Based Authentication v1 ",
1570 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1571 OD( hmac_sha1, SEC_OID_HMAC_SHA1, "HMAC SHA-1",
1572 CKM_SHA_1_HMAC, INVALID_CERT_EXTENSION ),
1573 OD( hmac_sha224, SEC_OID_HMAC_SHA224, "HMAC SHA-224",
1574 CKM_SHA224_HMAC, INVALID_CERT_EXTENSION ),
1575 OD( hmac_sha256, SEC_OID_HMAC_SHA256, "HMAC SHA-256",
1576 CKM_SHA256_HMAC, INVALID_CERT_EXTENSION ),
1577 OD( hmac_sha384, SEC_OID_HMAC_SHA384, "HMAC SHA-384",
1578 CKM_SHA384_HMAC, INVALID_CERT_EXTENSION ),
1579 OD( hmac_sha512, SEC_OID_HMAC_SHA512, "HMAC SHA-512",
1580 CKM_SHA512_HMAC, INVALID_CERT_EXTENSION ),
1581
1582 /* SIA extension OIDs */
1583 OD( x509SIATimeStamping, SEC_OID_PKIX_TIMESTAMPING,
1584 "SIA Time Stamping", CKM_INVALID_MECHANISM,
1585 INVALID_CERT_EXTENSION ),
1586 OD( x509SIACaRepository, SEC_OID_PKIX_CA_REPOSITORY,
1587 "SIA CA Repository", CKM_INVALID_MECHANISM,
1588 INVALID_CERT_EXTENSION ),
1589
1590 OD( isoSHA1WithRSASignature, SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE,
1591 "ISO SHA-1 with RSA Signature",
1592 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1593
1594 /* SEED algorithm OIDs */
1595 OD( seed_CBC, SEC_OID_SEED_CBC,
1596 "SEED-CBC", CKM_SEED_CBC, INVALID_CERT_EXTENSION),
1597
1598 OD( x509CertificatePoliciesAnyPolicy, SEC_OID_X509_ANY_POLICY,
1599 "Certificate Policies AnyPolicy",
1600 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1601
1602 OD( pkcs1RSAOAEPEncryption, SEC_OID_PKCS1_RSA_OAEP_ENCRYPTION,
1603 "PKCS #1 RSA-OAEP Encryption", CKM_RSA_PKCS_OAEP,
1604 INVALID_CERT_EXTENSION ),
1605
1606 OD( pkcs1MGF1, SEC_OID_PKCS1_MGF1,
1607 "PKCS #1 MGF1 Mask Generation Function", CKM_INVALID_MECHANISM,
1608 INVALID_CERT_EXTENSION ),
1609
1610 OD( pkcs1PSpecified, SEC_OID_PKCS1_PSPECIFIED,
1611 "PKCS #1 RSA-OAEP Explicitly Specified Encoding Parameters",
1612 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1613
1614 OD( pkcs1RSAPSSSignature, SEC_OID_PKCS1_RSA_PSS_SIGNATURE,
1615 "PKCS #1 RSA-PSS Signature", CKM_RSA_PKCS_PSS,
1616 INVALID_CERT_EXTENSION ),
1617
1618 OD( pkcs1SHA224WithRSAEncryption, SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION,
1619 "PKCS #1 SHA-224 With RSA Encryption", CKM_SHA224_RSA_PKCS,
1620 INVALID_CERT_EXTENSION ),
1621
1622 OD( sha224, SEC_OID_SHA224, "SHA-224", CKM_SHA224, INVALID_CERT_EXTENSION),
1623
1624 OD( evIncorporationLocality, SEC_OID_EV_INCORPORATION_LOCALITY,
1625 "Jurisdiction of Incorporation Locality Name",
1626 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1627 OD( evIncorporationState, SEC_OID_EV_INCORPORATION_STATE,
1628 "Jurisdiction of Incorporation State Name",
1629 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1630 OD( evIncorporationCountry, SEC_OID_EV_INCORPORATION_COUNTRY,
1631 "Jurisdiction of Incorporation Country Name",
1632 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1633 OD( x520BusinessCategory, SEC_OID_BUSINESS_CATEGORY,
1634 "Business Category",
1635 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
1636
1637 OD( nistDSASignaturewithSHA224Digest,
1638 SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST,
1639 "DSA with SHA-224 Signature",
1640 CKM_INVALID_MECHANISM /* not yet defined */, INVALID_CERT_EXTENSION),
1641 OD( nistDSASignaturewithSHA256Digest,
1642 SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST,
1643 "DSA with SHA-256 Signature",
1644 CKM_INVALID_MECHANISM /* not yet defined */, INVALID_CERT_EXTENSION),
1645 OD( msExtendedKeyUsageTrustListSigning,
1646 SEC_OID_MS_EXT_KEY_USAGE_CTL_SIGNING,
1647 "Microsoft Trust List Signing",
1648 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION )
1649 };
1650
1651 /* PRIVATE EXTENDED SECOID Table
1652 * This table is private. Its structure is opaque to the outside.
1653 * It is indexed by the same SECOidTag as the oids table above.
1654 * Every member of this struct must have accessor functions (set, get)
1655 * and those functions must operate by value, not by reference.
1656 * The addresses of the contents of this table must not be exposed
1657 * by the accessor functions.
1658 */
1659 typedef struct privXOidStr {
1660 PRUint32 notPolicyFlags; /* ones complement of policy flags */
1661 } privXOid;
1662
1663 static privXOid xOids[SEC_OID_TOTAL];
1664
1665 /*
1666 * now the dynamic table. The dynamic table gets build at init time.
1667 * and conceivably gets modified if the user loads new crypto modules.
1668 * All this static data, and the allocated data to which it points,
1669 * is protected by a global reader/writer lock.
1670 * The c language guarantees that global and static data that is not
1671 * explicitly initialized will be initialized with zeros. If we
1672 * initialize it with zeros, the data goes into the initialized data
1673 * secment, and increases the size of the library. By leaving it
1674 * uninitialized, it is allocated in BSS, and does NOT increase the
1675 * library size.
1676 */
1677
1678 typedef struct dynXOidStr {
1679 SECOidData data;
1680 privXOid priv;
1681 } dynXOid;
1682
1683 static NSSRWLock * dynOidLock;
1684 static PLArenaPool * dynOidPool;
1685 static PLHashTable * dynOidHash;
1686 static dynXOid ** dynOidTable; /* not in the pool */
1687 static int dynOidEntriesAllocated;
1688 static int dynOidEntriesUsed;
1689
1690 /* Creates NSSRWLock and dynOidPool at initialization time.
1691 */
1692 static SECStatus
1693 secoid_InitDynOidData(void)
1694 {
1695 SECStatus rv = SECSuccess;
1696
1697 dynOidLock = NSSRWLock_New(1, "dynamic OID data");
1698 if (!dynOidLock) {
1699 return SECFailure; /* Error code should already be set. */
1700 }
1701 dynOidPool = PORT_NewArena(2048);
1702 if (!dynOidPool) {
1703 rv = SECFailure /* Error code should already be set. */;
1704 }
1705 return rv;
1706 }
1707
1708 /* Add oidData to hash table. Caller holds write lock dynOidLock. */
1709 static SECStatus
1710 secoid_HashDynamicOiddata(const SECOidData * oid)
1711 {
1712 PLHashEntry *entry;
1713
1714 if (!dynOidHash) {
1715 dynOidHash = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare,
1716 PL_CompareValues, NULL, NULL);
1717 if ( !dynOidHash ) {
1718 return SECFailure;
1719 }
1720 }
1721
1722 entry = PL_HashTableAdd( dynOidHash, &oid->oid, (void *)oid );
1723 return entry ? SECSuccess : SECFailure;
1724 }
1725
1726
1727 /*
1728 * Lookup a Dynamic OID. Dynamic OID's still change slowly, so it's
1729 * cheaper to rehash the table when it changes than it is to do the loop
1730 * each time.
1731 */
1732 static SECOidData *
1733 secoid_FindDynamic(const SECItem *key)
1734 {
1735 SECOidData *ret = NULL;
1736
1737 if (dynOidHash) {
1738 NSSRWLock_LockRead(dynOidLock);
1739 if (dynOidHash) { /* must check it again with lock held. */
1740 ret = (SECOidData *)PL_HashTableLookup(dynOidHash, key);
1741 }
1742 NSSRWLock_UnlockRead(dynOidLock);
1743 }
1744 if (ret == NULL) {
1745 PORT_SetError(SEC_ERROR_UNRECOGNIZED_OID);
1746 }
1747 return ret;
1748 }
1749
1750 static dynXOid *
1751 secoid_FindDynamicByTag(SECOidTag tagnum)
1752 {
1753 dynXOid *dxo = NULL;
1754 int tagNumDiff;
1755
1756 if (tagnum < SEC_OID_TOTAL) {
1757 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1758 return NULL;
1759 }
1760 tagNumDiff = tagnum - SEC_OID_TOTAL;
1761
1762 if (dynOidTable) {
1763 NSSRWLock_LockRead(dynOidLock);
1764 if (dynOidTable != NULL && /* must check it again with lock held. */
1765 tagNumDiff < dynOidEntriesUsed) {
1766 dxo = dynOidTable[tagNumDiff];
1767 }
1768 NSSRWLock_UnlockRead(dynOidLock);
1769 }
1770 if (dxo == NULL) {
1771 PORT_SetError(SEC_ERROR_UNRECOGNIZED_OID);
1772 }
1773 return dxo;
1774 }
1775
1776 /*
1777 * This routine is thread safe now.
1778 */
1779 SECOidTag
1780 SECOID_AddEntry(const SECOidData * src)
1781 {
1782 SECOidData * dst;
1783 dynXOid **table;
1784 SECOidTag ret = SEC_OID_UNKNOWN;
1785 SECStatus rv;
1786 int tableEntries;
1787 int used;
1788
1789 if (!src || !src->oid.data || !src->oid.len || \
1790 !src->desc || !strlen(src->desc)) {
1791 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1792 return ret;
1793 }
1794 if (src->supportedExtension != INVALID_CERT_EXTENSION &&
1795 src->supportedExtension != UNSUPPORTED_CERT_EXTENSION &&
1796 src->supportedExtension != SUPPORTED_CERT_EXTENSION ) {
1797 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1798 return ret;
1799 }
1800
1801 if (!dynOidPool || !dynOidLock) {
1802 PORT_SetError(SEC_ERROR_NOT_INITIALIZED);
1803 return ret;
1804 }
1805
1806 NSSRWLock_LockWrite(dynOidLock);
1807
1808 /* We've just acquired the write lock, and now we call FindOIDTag
1809 ** which will acquire and release the read lock. NSSRWLock has been
1810 ** designed to allow this very case without deadlock. This approach
1811 ** makes the test for the presence of the OID, and the subsequent
1812 ** addition of the OID to the table a single atomic write operation.
1813 */
1814 ret = SECOID_FindOIDTag(&src->oid);
1815 if (ret != SEC_OID_UNKNOWN) {
1816 /* we could return an error here, but I chose not to do that.
1817 ** This way, if we add an OID to the shared library's built in
1818 ** list of OIDs in some future release, and that OID is the same
1819 ** as some OID that a program has been adding, the program will
1820 ** not suddenly stop working.
1821 */
1822 goto done;
1823 }
1824
1825 table = dynOidTable;
1826 tableEntries = dynOidEntriesAllocated;
1827 used = dynOidEntriesUsed;
1828
1829 if (used + 1 > tableEntries) {
1830 dynXOid ** newTable;
1831 int newTableEntries = tableEntries + 16;
1832
1833 newTable = (dynXOid **)PORT_Realloc(table,
1834 newTableEntries * sizeof(dynXOid *));
1835 if (newTable == NULL) {
1836 goto done;
1837 }
1838 dynOidTable = table = newTable;
1839 dynOidEntriesAllocated = tableEntries = newTableEntries;
1840 }
1841
1842 /* copy oid structure */
1843 dst = (SECOidData *)PORT_ArenaZNew(dynOidPool, dynXOid);
1844 if (!dst) {
1845 goto done;
1846 }
1847 rv = SECITEM_CopyItem(dynOidPool, &dst->oid, &src->oid);
1848 if (rv != SECSuccess) {
1849 goto done;
1850 }
1851 dst->desc = PORT_ArenaStrdup(dynOidPool, src->desc);
1852 if (!dst->desc) {
1853 goto done;
1854 }
1855 dst->offset = (SECOidTag)(used + SEC_OID_TOTAL);
1856 dst->mechanism = src->mechanism;
1857 dst->supportedExtension = src->supportedExtension;
1858
1859 rv = secoid_HashDynamicOiddata(dst);
1860 if (rv == SECSuccess) {
1861 table[used++] = (dynXOid *)dst;
1862 dynOidEntriesUsed = used;
1863 ret = dst->offset;
1864 }
1865 done:
1866 NSSRWLock_UnlockWrite(dynOidLock);
1867 return ret;
1868 }
1869
1870
1871 /* normal static table processing */
1872 static PLHashTable *oidhash = NULL;
1873 static PLHashTable *oidmechhash = NULL;
1874
1875 static PLHashNumber
1876 secoid_HashNumber(const void *key)
1877 {
1878 return (PLHashNumber) key;
1879 }
1880
1881 static void
1882 handleHashAlgSupport(char * envVal)
1883 {
1884 char * myVal = PORT_Strdup(envVal); /* Get a copy we can alter */
1885 char * arg = myVal;
1886
1887 while (arg && *arg) {
1888 char * nextArg = PL_strpbrk(arg, ";");
1889 PRUint32 notEnable;
1890
1891 if (nextArg) {
1892 while (*nextArg == ';') {
1893 *nextArg++ = '\0';
1894 }
1895 }
1896 notEnable = (*arg == '-') ? NSS_USE_ALG_IN_CERT_SIGNATURE : 0;
1897 if ((*arg == '+' || *arg == '-') && *++arg) {
1898 int i;
1899
1900 for (i = 1; i < SEC_OID_TOTAL; i++) {
1901 if (oids[i].desc && strstr(arg, oids[i].desc)) {
1902 xOids[i].notPolicyFlags = notEnable |
1903 (xOids[i].notPolicyFlags & ~NSS_USE_ALG_IN_CERT_SIGNATURE);
1904 }
1905 }
1906 }
1907 arg = nextArg;
1908 }
1909 PORT_Free(myVal); /* can handle NULL argument OK */
1910 }
1911
1912 SECStatus
1913 SECOID_Init(void)
1914 {
1915 PLHashEntry *entry;
1916 const SECOidData *oid;
1917 int i;
1918 char * envVal;
1919 volatile char c; /* force a reference that won't get optimized away */
1920
1921 c = __nss_util_rcsid[0] + __nss_util_sccsid[0];
1922
1923 if (oidhash) {
1924 return SECSuccess; /* already initialized */
1925 }
1926
1927 if (!PR_GetEnv("NSS_ALLOW_WEAK_SIGNATURE_ALG")) {
1928 /* initialize any policy flags that are disabled by default */
1929 xOids[SEC_OID_MD2 ].notPolicyFlags = ~0;
1930 xOids[SEC_OID_MD4 ].notPolicyFlags = ~0;
1931 xOids[SEC_OID_MD5 ].notPolicyFlags = ~0;
1932 xOids[SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION ].notPolicyFlags = ~0;
1933 xOids[SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION ].notPolicyFlags = ~0;
1934 xOids[SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION ].notPolicyFlags = ~0;
1935 xOids[SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC].notPolicyFlags = ~0;
1936 xOids[SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC].notPolicyFlags = ~0;
1937 }
1938
1939 envVal = PR_GetEnv("NSS_HASH_ALG_SUPPORT");
1940 if (envVal)
1941 handleHashAlgSupport(envVal);
1942
1943 if (secoid_InitDynOidData() != SECSuccess) {
1944 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1945 PORT_Assert(0); /* this function should never fail */
1946 return SECFailure;
1947 }
1948
1949 oidhash = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare,
1950 PL_CompareValues, NULL, NULL);
1951 oidmechhash = PL_NewHashTable(0, secoid_HashNumber, PL_CompareValues,
1952 PL_CompareValues, NULL, NULL);
1953
1954 if ( !oidhash || !oidmechhash) {
1955 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1956 PORT_Assert(0); /*This function should never fail. */
1957 return(SECFailure);
1958 }
1959
1960 for ( i = 0; i < SEC_OID_TOTAL; i++ ) {
1961 oid = &oids[i];
1962
1963 PORT_Assert ( oid->offset == i );
1964
1965 entry = PL_HashTableAdd( oidhash, &oid->oid, (void *)oid );
1966 if ( entry == NULL ) {
1967 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1968 PORT_Assert(0); /*This function should never fail. */
1969 return(SECFailure);
1970 }
1971
1972 if ( oid->mechanism != CKM_INVALID_MECHANISM ) {
1973 entry = PL_HashTableAdd( oidmechhash,
1974 (void *)oid->mechanism, (void *)oid );
1975 if ( entry == NULL ) {
1976 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1977 PORT_Assert(0); /* This function should never fail. */
1978 return(SECFailure);
1979 }
1980 }
1981 }
1982
1983 PORT_Assert (i == SEC_OID_TOTAL);
1984
1985 return(SECSuccess);
1986 }
1987
1988 SECOidData *
1989 SECOID_FindOIDByMechanism(unsigned long mechanism)
1990 {
1991 SECOidData *ret;
1992
1993 PR_ASSERT(oidhash != NULL);
1994
1995 ret = PL_HashTableLookupConst ( oidmechhash, (void *)mechanism);
1996 if ( ret == NULL ) {
1997 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1998 }
1999
2000 return (ret);
2001 }
2002
2003 SECOidData *
2004 SECOID_FindOID(const SECItem *oid)
2005 {
2006 SECOidData *ret;
2007
2008 PR_ASSERT(oidhash != NULL);
2009
2010 ret = PL_HashTableLookupConst ( oidhash, oid );
2011 if ( ret == NULL ) {
2012 ret = secoid_FindDynamic(oid);
2013 if (ret == NULL) {
2014 PORT_SetError(SEC_ERROR_UNRECOGNIZED_OID);
2015 }
2016 }
2017
2018 return(ret);
2019 }
2020
2021 SECOidTag
2022 SECOID_FindOIDTag(const SECItem *oid)
2023 {
2024 SECOidData *oiddata;
2025
2026 oiddata = SECOID_FindOID (oid);
2027 if (oiddata == NULL)
2028 return SEC_OID_UNKNOWN;
2029
2030 return oiddata->offset;
2031 }
2032
2033 /* This really should return const. */
2034 SECOidData *
2035 SECOID_FindOIDByTag(SECOidTag tagnum)
2036 {
2037 if (tagnum >= SEC_OID_TOTAL) {
2038 return (SECOidData *)secoid_FindDynamicByTag(tagnum);
2039 }
2040
2041 PORT_Assert((unsigned int)tagnum < SEC_OID_TOTAL);
2042 return (SECOidData *)(&oids[tagnum]);
2043 }
2044
2045 PRBool SECOID_KnownCertExtenOID (SECItem *extenOid)
2046 {
2047 SECOidData * oidData;
2048
2049 oidData = SECOID_FindOID (extenOid);
2050 if (oidData == (SECOidData *)NULL)
2051 return (PR_FALSE);
2052 return ((oidData->supportedExtension == SUPPORTED_CERT_EXTENSION) ?
2053 PR_TRUE : PR_FALSE);
2054 }
2055
2056
2057 const char *
2058 SECOID_FindOIDTagDescription(SECOidTag tagnum)
2059 {
2060 const SECOidData *oidData = SECOID_FindOIDByTag(tagnum);
2061 return oidData ? oidData->desc : 0;
2062 }
2063
2064 /* --------- opaque extended OID table accessor functions ---------------*/
2065 /*
2066 * Any of these functions may return SECSuccess or SECFailure with the error
2067 * code set to SEC_ERROR_UNKNOWN_OBJECT_TYPE if the SECOidTag is out of range.
2068 */
2069
2070 static privXOid *
2071 secoid_FindXOidByTag(SECOidTag tagnum)
2072 {
2073 if (tagnum >= SEC_OID_TOTAL) {
2074 dynXOid *dxo = secoid_FindDynamicByTag(tagnum);
2075 return (dxo ? &dxo->priv : NULL);
2076 }
2077
2078 PORT_Assert((unsigned int)tagnum < SEC_OID_TOTAL);
2079 return &xOids[tagnum];
2080 }
2081
2082 /* The Get function outputs the 32-bit value associated with the SECOidTag.
2083 * Flags bits are the NSS_USE_ALG_ #defines in "secoidt.h".
2084 * Default value for any algorithm is 0xffffffff (enabled for all purposes).
2085 * No value is output if function returns SECFailure.
2086 */
2087 SECStatus
2088 NSS_GetAlgorithmPolicy(SECOidTag tag, PRUint32 *pValue)
2089 {
2090 privXOid * pxo = secoid_FindXOidByTag(tag);
2091 if (!pxo)
2092 return SECFailure;
2093 if (!pValue) {
2094 PORT_SetError(SEC_ERROR_INVALID_ARGS);
2095 return SECFailure;
2096 }
2097 *pValue = ~(pxo->notPolicyFlags);
2098 return SECSuccess;
2099 }
2100
2101 /* The Set function modifies the stored value according to the following
2102 * algorithm:
2103 * policy[tag] = (policy[tag] & ~clearBits) | setBits;
2104 */
2105 SECStatus
2106 NSS_SetAlgorithmPolicy(SECOidTag tag, PRUint32 setBits, PRUint32 clearBits)
2107 {
2108 privXOid * pxo = secoid_FindXOidByTag(tag);
2109 PRUint32 policyFlags;
2110 if (!pxo)
2111 return SECFailure;
2112 /* The stored policy flags are the ones complement of the flags as
2113 * seen by the user. This is not atomic, but these changes should
2114 * be done rarely, e.g. at initialization time.
2115 */
2116 policyFlags = ~(pxo->notPolicyFlags);
2117 policyFlags = (policyFlags & ~clearBits) | setBits;
2118 pxo->notPolicyFlags = ~policyFlags;
2119 return SECSuccess;
2120 }
2121
2122 /* --------- END OF opaque extended OID table accessor functions ---------*/
2123
2124 /* for now, this is only used in a single place, so it can remain static */
2125 static PRBool parentForkedAfterC_Initialize;
2126
2127 #define SKIP_AFTER_FORK(x) if (!parentForkedAfterC_Initialize) x
2128
2129 /*
2130 * free up the oid tables.
2131 */
2132 SECStatus
2133 SECOID_Shutdown(void)
2134 {
2135 if (oidhash) {
2136 PL_HashTableDestroy(oidhash);
2137 oidhash = NULL;
2138 }
2139 if (oidmechhash) {
2140 PL_HashTableDestroy(oidmechhash);
2141 oidmechhash = NULL;
2142 }
2143 /* Have to handle the case where the lock was created, but
2144 ** the pool wasn't.
2145 ** I'm not going to attempt to create the lock, just to protect
2146 ** the destruction of data that probably isn't initialized anyway.
2147 */
2148 if (dynOidLock) {
2149 SKIP_AFTER_FORK(NSSRWLock_LockWrite(dynOidLock));
2150 if (dynOidHash) {
2151 PL_HashTableDestroy(dynOidHash);
2152 dynOidHash = NULL;
2153 }
2154 if (dynOidPool) {
2155 PORT_FreeArena(dynOidPool, PR_FALSE);
2156 dynOidPool = NULL;
2157 }
2158 if (dynOidTable) {
2159 PORT_Free(dynOidTable);
2160 dynOidTable = NULL;
2161 }
2162 dynOidEntriesAllocated = 0;
2163 dynOidEntriesUsed = 0;
2164
2165 SKIP_AFTER_FORK(NSSRWLock_UnlockWrite(dynOidLock));
2166 SKIP_AFTER_FORK(NSSRWLock_Destroy(dynOidLock));
2167 dynOidLock = NULL;
2168 } else {
2169 /* Since dynOidLock doesn't exist, then all the data it protects
2170 ** should be uninitialized. We'll check that (in DEBUG builds),
2171 ** and then make sure it is so, in case NSS is reinitialized.
2172 */
2173 PORT_Assert(!dynOidHash && !dynOidPool && !dynOidTable && \
2174 !dynOidEntriesAllocated && !dynOidEntriesUsed);
2175 dynOidHash = NULL;
2176 dynOidPool = NULL;
2177 dynOidTable = NULL;
2178 dynOidEntriesAllocated = 0;
2179 dynOidEntriesUsed = 0;
2180 }
2181 memset(xOids, 0, sizeof xOids);
2182 return SECSuccess;
2183 }
2184
2185 void UTIL_SetForkState(PRBool forked)
2186 {
2187 parentForkedAfterC_Initialize = forked;
2188 }
2189
2190 const char *
2191 NSSUTIL_GetVersion(void)
2192 {
2193 return NSSUTIL_VERSION;
2194 }
OLDNEW
« no previous file with comments | « mozilla/security/nss/lib/util/secoid.h ('k') | mozilla/security/nss/lib/util/secoidt.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698