OLD | NEW |
| (Empty) |
1 /* This Source Code Form is subject to the terms of the Mozilla Public | |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
4 | |
5 #include "secoid.h" | |
6 #include "pkcs11t.h" | |
7 #include "secitem.h" | |
8 #include "secerr.h" | |
9 #include "prenv.h" | |
10 #include "plhash.h" | |
11 #include "nssrwlk.h" | |
12 #include "nssutil.h" | |
13 | |
14 /* Library identity and versioning */ | |
15 | |
16 #if defined(DEBUG) | |
17 #define _DEBUG_STRING " (debug)" | |
18 #else | |
19 #define _DEBUG_STRING "" | |
20 #endif | |
21 | |
22 /* | |
23 * Version information | |
24 */ | |
25 const char __nss_util_version[] = "Version: NSS " NSSUTIL_VERSION _DEBUG_STRING; | |
26 | |
27 /* MISSI Mosaic Object ID space */ | |
28 /* USGov algorithm OID space: { 2 16 840 1 101 } */ | |
29 #define USGOV 0x60, 0x86, 0x48, 0x01, 0x65 | |
30 #define MISSI USGOV, 0x02, 0x01, 0x01 | |
31 #define MISSI_OLD_KEA_DSS MISSI, 0x0c | |
32 #define MISSI_OLD_DSS MISSI, 0x02 | |
33 #define MISSI_KEA_DSS MISSI, 0x14 | |
34 #define MISSI_DSS MISSI, 0x13 | |
35 #define MISSI_KEA MISSI, 0x0a | |
36 #define MISSI_ALT_KEA MISSI, 0x16 | |
37 | |
38 #define NISTALGS USGOV, 3, 4 | |
39 #define AES NISTALGS, 1 | |
40 #define SHAXXX NISTALGS, 2 | |
41 #define DSA2 NISTALGS, 3 | |
42 | |
43 /** | |
44 ** The Netscape OID space is allocated by Terry Hayes. If you need | |
45 ** a piece of the space, contact him at thayes@netscape.com. | |
46 **/ | |
47 | |
48 /* Netscape Communications Corporation Object ID space */ | |
49 /* { 2 16 840 1 113730 } */ | |
50 #define NETSCAPE_OID 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42 | |
51 #define NETSCAPE_CERT_EXT NETSCAPE_OID, 0x01 | |
52 #define NETSCAPE_DATA_TYPE NETSCAPE_OID, 0x02 | |
53 /* netscape directory oid - owned by Mark Smith (mcs@netscape.com) */ | |
54 #define NETSCAPE_DIRECTORY NETSCAPE_OID, 0x03 | |
55 #define NETSCAPE_POLICY NETSCAPE_OID, 0x04 | |
56 #define NETSCAPE_CERT_SERVER NETSCAPE_OID, 0x05 | |
57 #define NETSCAPE_ALGS NETSCAPE_OID, 0x06 /* algorithm OIDs */ | |
58 #define NETSCAPE_NAME_COMPONENTS NETSCAPE_OID, 0x07 | |
59 | |
60 #define NETSCAPE_CERT_EXT_AIA NETSCAPE_CERT_EXT, 0x10 | |
61 #define NETSCAPE_CERT_SERVER_CRMF NETSCAPE_CERT_SERVER, 0x01 | |
62 | |
63 /* these are old and should go away soon */ | |
64 #define OLD_NETSCAPE 0x60, 0x86, 0x48, 0xd8, 0x6a | |
65 #define NS_CERT_EXT OLD_NETSCAPE, 0x01 | |
66 #define NS_FILE_TYPE OLD_NETSCAPE, 0x02 | |
67 #define NS_IMAGE_TYPE OLD_NETSCAPE, 0x03 | |
68 | |
69 /* RSA OID name space */ | |
70 #define RSADSI 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d | |
71 #define PKCS RSADSI, 0x01 | |
72 #define DIGEST RSADSI, 0x02 | |
73 #define CIPHER RSADSI, 0x03 | |
74 #define PKCS1 PKCS, 0x01 | |
75 #define PKCS5 PKCS, 0x05 | |
76 #define PKCS7 PKCS, 0x07 | |
77 #define PKCS9 PKCS, 0x09 | |
78 #define PKCS12 PKCS, 0x0c | |
79 | |
80 /* Other OID name spaces */ | |
81 #define ALGORITHM 0x2b, 0x0e, 0x03, 0x02 | |
82 #define X500 0x55 | |
83 #define X520_ATTRIBUTE_TYPE X500, 0x04 | |
84 #define X500_ALG X500, 0x08 | |
85 #define X500_ALG_ENCRYPTION X500_ALG, 0x01 | |
86 | |
87 /** X.509 v3 Extension OID | |
88 ** {joint-iso-ccitt (2) ds(5) 29} | |
89 **/ | |
90 #define ID_CE_OID X500, 0x1d | |
91 | |
92 #define RFC1274_ATTR_TYPE 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x1 | |
93 /* #define RFC2247_ATTR_TYPE 0x09, 0x92, 0x26, 0xf5, 0x98, 0x1e, 0x64, 0x1 this
is WRONG! */ | |
94 | |
95 /* PKCS #12 name spaces */ | |
96 #define PKCS12_MODE_IDS PKCS12, 0x01 | |
97 #define PKCS12_ESPVK_IDS PKCS12, 0x02 | |
98 #define PKCS12_BAG_IDS PKCS12, 0x03 | |
99 #define PKCS12_CERT_BAG_IDS PKCS12, 0x04 | |
100 #define PKCS12_OIDS PKCS12, 0x05 | |
101 #define PKCS12_PBE_IDS PKCS12_OIDS, 0x01 | |
102 #define PKCS12_ENVELOPING_IDS PKCS12_OIDS, 0x02 | |
103 #define PKCS12_SIGNATURE_IDS PKCS12_OIDS, 0x03 | |
104 #define PKCS12_V2_PBE_IDS PKCS12, 0x01 | |
105 #define PKCS9_CERT_TYPES PKCS9, 0x16 | |
106 #define PKCS9_CRL_TYPES PKCS9, 0x17 | |
107 #define PKCS9_SMIME_IDS PKCS9, 0x10 | |
108 #define PKCS9_SMIME_ATTRS PKCS9_SMIME_IDS, 2 | |
109 #define PKCS9_SMIME_ALGS PKCS9_SMIME_IDS, 3 | |
110 #define PKCS12_VERSION1 PKCS12, 0x0a | |
111 #define PKCS12_V1_BAG_IDS PKCS12_VERSION1, 1 | |
112 | |
113 /* for DSA algorithm */ | |
114 /* { iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) } */ | |
115 #define ANSI_X9_ALGORITHM 0x2a, 0x86, 0x48, 0xce, 0x38, 0x4 | |
116 | |
117 /* for DH algorithm */ | |
118 /* { iso(1) member-body(2) us(840) x9-57(10046) number-type(2) } */ | |
119 /* need real OID person to look at this, copied the above line | |
120 * and added 6 to second to last value (and changed '4' to '2' */ | |
121 #define ANSI_X942_ALGORITHM 0x2a, 0x86, 0x48, 0xce, 0x3e, 0x2 | |
122 | |
123 #define VERISIGN 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45 | |
124 | |
125 #define PKIX 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07 | |
126 #define PKIX_CERT_EXTENSIONS PKIX, 1 | |
127 #define PKIX_POLICY_QUALIFIERS PKIX, 2 | |
128 #define PKIX_KEY_USAGE PKIX, 3 | |
129 #define PKIX_ACCESS_DESCRIPTION PKIX, 0x30 | |
130 #define PKIX_OCSP PKIX_ACCESS_DESCRIPTION, 1 | |
131 #define PKIX_CA_ISSUERS PKIX_ACCESS_DESCRIPTION, 2 | |
132 | |
133 #define PKIX_ID_PKIP PKIX, 5 | |
134 #define PKIX_ID_REGCTRL PKIX_ID_PKIP, 1 | |
135 #define PKIX_ID_REGINFO PKIX_ID_PKIP, 2 | |
136 | |
137 /* Microsoft Object ID space */ | |
138 /* { 1.3.6.1.4.1.311 } */ | |
139 #define MICROSOFT_OID 0x2b, 0x6, 0x1, 0x4, 0x1, 0x82, 0x37 | |
140 #define EV_NAME_ATTRIBUTE MICROSOFT_OID, 60, 2, 1 | |
141 | |
142 /* Microsoft Crypto 2.0 ID space */ | |
143 /* { 1.3.6.1.4.1.311.10 } */ | |
144 #define MS_CRYPTO_20 MICROSOFT_OID, 10 | |
145 /* Microsoft Crypto 2.0 Extended Key Usage ID space */ | |
146 /* { 1.3.6.1.4.1.311.10.3 } */ | |
147 #define MS_CRYPTO_EKU MS_CRYPTO_20, 3 | |
148 | |
149 #define CERTICOM_OID 0x2b, 0x81, 0x04 | |
150 #define SECG_OID CERTICOM_OID, 0x00 | |
151 | |
152 #define ANSI_X962_OID 0x2a, 0x86, 0x48, 0xce, 0x3d | |
153 #define ANSI_X962_CURVE_OID ANSI_X962_OID, 0x03 | |
154 #define ANSI_X962_GF2m_OID ANSI_X962_CURVE_OID, 0x00 | |
155 #define ANSI_X962_GFp_OID ANSI_X962_CURVE_OID, 0x01 | |
156 #define ANSI_X962_SIGNATURE_OID ANSI_X962_OID, 0x04 | |
157 #define ANSI_X962_SPECIFY_OID ANSI_X962_SIGNATURE_OID, 0x03 | |
158 | |
159 /* for Camellia: iso(1) member-body(2) jisc(392) | |
160 * mitsubishi(200011) isl(61) security(1) algorithm(1) | |
161 */ | |
162 #define MITSUBISHI_ALG 0x2a,0x83,0x08,0x8c,0x9a,0x4b,0x3d,0x01,0x01 | |
163 #define CAMELLIA_ENCRYPT_OID MITSUBISHI_ALG,1 | |
164 #define CAMELLIA_WRAP_OID MITSUBISHI_ALG,3 | |
165 | |
166 /* For IDEA: 1.3.6.1.4.1.188.7.1.1 | |
167 */ | |
168 #define ASCOM_OID 0x2b,0x6,0x1,0x4,0x1,0xbc | |
169 #define ASCOM_IDEA_ALG ASCOM_OID,0x7,0x1,0x1 | |
170 | |
171 /* for SEED : iso(1) member-body(2) korea(410) | |
172 * kisa(200004) algorithm(1) | |
173 */ | |
174 #define SEED_OID 0x2a,0x83,0x1a,0x8c,0x9a,0x44,0x01 | |
175 | |
176 #define CONST_OID static const unsigned char | |
177 | |
178 CONST_OID md2[] = { DIGEST, 0x02 }; | |
179 CONST_OID md4[] = { DIGEST, 0x04 }; | |
180 CONST_OID md5[] = { DIGEST, 0x05 }; | |
181 CONST_OID hmac_sha1[] = { DIGEST, 7 }; | |
182 CONST_OID hmac_sha224[] = { DIGEST, 8 }; | |
183 CONST_OID hmac_sha256[] = { DIGEST, 9 }; | |
184 CONST_OID hmac_sha384[] = { DIGEST, 10 }; | |
185 CONST_OID hmac_sha512[] = { DIGEST, 11 }; | |
186 | |
187 CONST_OID rc2cbc[] = { CIPHER, 0x02 }; | |
188 CONST_OID rc4[] = { CIPHER, 0x04 }; | |
189 CONST_OID desede3cbc[] = { CIPHER, 0x07 }; | |
190 CONST_OID rc5cbcpad[] = { CIPHER, 0x09 }; | |
191 | |
192 CONST_OID desecb[] = { ALGORITHM, 0x06 }; | |
193 CONST_OID descbc[] = { ALGORITHM, 0x07 }; | |
194 CONST_OID desofb[] = { ALGORITHM, 0x08 }; | |
195 CONST_OID descfb[] = { ALGORITHM, 0x09 }; | |
196 CONST_OID desmac[] = { ALGORITHM, 0x0a }; | |
197 CONST_OID sdn702DSASignature[] = { ALGORITHM, 0x0c }; | |
198 CONST_OID isoSHAWithRSASignature[] = { ALGORITHM, 0x0f }; | |
199 CONST_OID desede[] = { ALGORITHM, 0x11 }; | |
200 CONST_OID sha1[] = { ALGORITHM, 0x1a }; | |
201 CONST_OID bogusDSASignaturewithSHA1Digest[] = { ALGORITHM, 0x1b }; | |
202 CONST_OID isoSHA1WithRSASignature[] = { ALGORITHM, 0x1d }; | |
203 | |
204 CONST_OID pkcs1RSAEncryption[] = { PKCS1, 0x01 }; | |
205 CONST_OID pkcs1MD2WithRSAEncryption[] = { PKCS1, 0x02 }; | |
206 CONST_OID pkcs1MD4WithRSAEncryption[] = { PKCS1, 0x03 }; | |
207 CONST_OID pkcs1MD5WithRSAEncryption[] = { PKCS1, 0x04 }; | |
208 CONST_OID pkcs1SHA1WithRSAEncryption[] = { PKCS1, 0x05 }; | |
209 CONST_OID pkcs1RSAOAEPEncryption[] = { PKCS1, 0x07 }; | |
210 CONST_OID pkcs1MGF1[] = { PKCS1, 0x08 }; | |
211 CONST_OID pkcs1PSpecified[] = { PKCS1, 0x09 }; | |
212 CONST_OID pkcs1RSAPSSSignature[] = { PKCS1, 10 }; | |
213 CONST_OID pkcs1SHA256WithRSAEncryption[] = { PKCS1, 11 }; | |
214 CONST_OID pkcs1SHA384WithRSAEncryption[] = { PKCS1, 12 }; | |
215 CONST_OID pkcs1SHA512WithRSAEncryption[] = { PKCS1, 13 }; | |
216 CONST_OID pkcs1SHA224WithRSAEncryption[] = { PKCS1, 14 }; | |
217 | |
218 CONST_OID pkcs5PbeWithMD2AndDEScbc[] = { PKCS5, 0x01 }; | |
219 CONST_OID pkcs5PbeWithMD5AndDEScbc[] = { PKCS5, 0x03 }; | |
220 CONST_OID pkcs5PbeWithSha1AndDEScbc[] = { PKCS5, 0x0a }; | |
221 CONST_OID pkcs5Pbkdf2[] = { PKCS5, 12 }; | |
222 CONST_OID pkcs5Pbes2[] = { PKCS5, 13 }; | |
223 CONST_OID pkcs5Pbmac1[] = { PKCS5, 14 }; | |
224 | |
225 CONST_OID pkcs7[] = { PKCS7 }; | |
226 CONST_OID pkcs7Data[] = { PKCS7, 0x01 }; | |
227 CONST_OID pkcs7SignedData[] = { PKCS7, 0x02 }; | |
228 CONST_OID pkcs7EnvelopedData[] = { PKCS7, 0x03 }; | |
229 CONST_OID pkcs7SignedEnvelopedData[] = { PKCS7, 0x04 }; | |
230 CONST_OID pkcs7DigestedData[] = { PKCS7, 0x05 }; | |
231 CONST_OID pkcs7EncryptedData[] = { PKCS7, 0x06 }; | |
232 | |
233 CONST_OID pkcs9EmailAddress[] = { PKCS9, 0x01 }; | |
234 CONST_OID pkcs9UnstructuredName[] = { PKCS9, 0x02 }; | |
235 CONST_OID pkcs9ContentType[] = { PKCS9, 0x03 }; | |
236 CONST_OID pkcs9MessageDigest[] = { PKCS9, 0x04 }; | |
237 CONST_OID pkcs9SigningTime[] = { PKCS9, 0x05 }; | |
238 CONST_OID pkcs9CounterSignature[] = { PKCS9, 0x06 }; | |
239 CONST_OID pkcs9ChallengePassword[] = { PKCS9, 0x07 }; | |
240 CONST_OID pkcs9UnstructuredAddress[] = { PKCS9, 0x08 }; | |
241 CONST_OID pkcs9ExtendedCertificateAttributes[] = { PKCS9, 0x09 }; | |
242 CONST_OID pkcs9ExtensionRequest[] = { PKCS9, 14 }; | |
243 CONST_OID pkcs9SMIMECapabilities[] = { PKCS9, 15 }; | |
244 CONST_OID pkcs9FriendlyName[] = { PKCS9, 20 }; | |
245 CONST_OID pkcs9LocalKeyID[] = { PKCS9, 21 }; | |
246 | |
247 CONST_OID pkcs9X509Certificate[] = { PKCS9_CERT_TYPES, 1 }; | |
248 CONST_OID pkcs9SDSICertificate[] = { PKCS9_CERT_TYPES, 2 }; | |
249 CONST_OID pkcs9X509CRL[] = { PKCS9_CRL_TYPES, 1 }; | |
250 | |
251 /* RFC2630 (CMS) OIDs */ | |
252 CONST_OID cmsESDH[] = { PKCS9_SMIME_ALGS, 5 }; | |
253 CONST_OID cms3DESwrap[] = { PKCS9_SMIME_ALGS, 6 }; | |
254 CONST_OID cmsRC2wrap[] = { PKCS9_SMIME_ALGS, 7 }; | |
255 | |
256 /* RFC2633 SMIME message attributes */ | |
257 CONST_OID smimeEncryptionKeyPreference[] = { PKCS9_SMIME_ATTRS, 11 }; | |
258 CONST_OID ms_smimeEncryptionKeyPreference[] = { MICROSOFT_OID, 0x10, 0x4 }; | |
259 | |
260 CONST_OID x520CommonName[] = { X520_ATTRIBUTE_TYPE, 3 }; | |
261 CONST_OID x520SurName[] = { X520_ATTRIBUTE_TYPE, 4 }; | |
262 CONST_OID x520SerialNumber[] = { X520_ATTRIBUTE_TYPE, 5 }; | |
263 CONST_OID x520CountryName[] = { X520_ATTRIBUTE_TYPE, 6 }; | |
264 CONST_OID x520LocalityName[] = { X520_ATTRIBUTE_TYPE, 7 }; | |
265 CONST_OID x520StateOrProvinceName[] = { X520_ATTRIBUTE_TYPE, 8 }; | |
266 CONST_OID x520StreetAddress[] = { X520_ATTRIBUTE_TYPE, 9 }; | |
267 CONST_OID x520OrgName[] = { X520_ATTRIBUTE_TYPE, 10 }; | |
268 CONST_OID x520OrgUnitName[] = { X520_ATTRIBUTE_TYPE, 11 }; | |
269 CONST_OID x520Title[] = { X520_ATTRIBUTE_TYPE, 12 }; | |
270 CONST_OID x520BusinessCategory[] = { X520_ATTRIBUTE_TYPE, 15 }; | |
271 CONST_OID x520PostalAddress[] = { X520_ATTRIBUTE_TYPE, 16 }; | |
272 CONST_OID x520PostalCode[] = { X520_ATTRIBUTE_TYPE, 17 }; | |
273 CONST_OID x520PostOfficeBox[] = { X520_ATTRIBUTE_TYPE, 18 }; | |
274 CONST_OID x520Name[] = { X520_ATTRIBUTE_TYPE, 41 }; | |
275 CONST_OID x520GivenName[] = { X520_ATTRIBUTE_TYPE, 42 }; | |
276 CONST_OID x520Initials[] = { X520_ATTRIBUTE_TYPE, 43 }; | |
277 CONST_OID x520GenerationQualifier[] = { X520_ATTRIBUTE_TYPE, 44 }; | |
278 CONST_OID x520DnQualifier[] = { X520_ATTRIBUTE_TYPE, 46 }; | |
279 CONST_OID x520HouseIdentifier[] = { X520_ATTRIBUTE_TYPE, 51 }; | |
280 CONST_OID x520Pseudonym[] = { X520_ATTRIBUTE_TYPE, 65 }; | |
281 | |
282 CONST_OID nsTypeGIF[] = { NETSCAPE_DATA_TYPE, 0x01 }; | |
283 CONST_OID nsTypeJPEG[] = { NETSCAPE_DATA_TYPE, 0x02 }; | |
284 CONST_OID nsTypeURL[] = { NETSCAPE_DATA_TYPE, 0x03 }; | |
285 CONST_OID nsTypeHTML[] = { NETSCAPE_DATA_TYPE, 0x04 }; | |
286 CONST_OID nsTypeCertSeq[] = { NETSCAPE_DATA_TYPE, 0x05 }; | |
287 | |
288 CONST_OID missiCertKEADSSOld[] = { MISSI_OLD_KEA_DSS }; | |
289 CONST_OID missiCertDSSOld[] = { MISSI_OLD_DSS }; | |
290 CONST_OID missiCertKEADSS[] = { MISSI_KEA_DSS }; | |
291 CONST_OID missiCertDSS[] = { MISSI_DSS }; | |
292 CONST_OID missiCertKEA[] = { MISSI_KEA }; | |
293 CONST_OID missiCertAltKEA[] = { MISSI_ALT_KEA }; | |
294 CONST_OID x500RSAEncryption[] = { X500_ALG_ENCRYPTION, 0x01 }; | |
295 | |
296 /* added for alg 1485 */ | |
297 CONST_OID rfc1274Uid[] = { RFC1274_ATTR_TYPE, 1 }; | |
298 CONST_OID rfc1274Mail[] = { RFC1274_ATTR_TYPE, 3 }; | |
299 CONST_OID rfc2247DomainComponent[] = { RFC1274_ATTR_TYPE, 25 }; | |
300 | |
301 /* Netscape private certificate extensions */ | |
302 CONST_OID nsCertExtNetscapeOK[] = { NS_CERT_EXT, 1 }; | |
303 CONST_OID nsCertExtIssuerLogo[] = { NS_CERT_EXT, 2 }; | |
304 CONST_OID nsCertExtSubjectLogo[] = { NS_CERT_EXT, 3 }; | |
305 CONST_OID nsExtCertType[] = { NETSCAPE_CERT_EXT, 0x01 }; | |
306 CONST_OID nsExtBaseURL[] = { NETSCAPE_CERT_EXT, 0x02 }; | |
307 CONST_OID nsExtRevocationURL[] = { NETSCAPE_CERT_EXT, 0x03 }; | |
308 CONST_OID nsExtCARevocationURL[] = { NETSCAPE_CERT_EXT, 0x04 }; | |
309 CONST_OID nsExtCACRLURL[] = { NETSCAPE_CERT_EXT, 0x05 }; | |
310 CONST_OID nsExtCACertURL[] = { NETSCAPE_CERT_EXT, 0x06 }; | |
311 CONST_OID nsExtCertRenewalURL[] = { NETSCAPE_CERT_EXT, 0x07 }; | |
312 CONST_OID nsExtCAPolicyURL[] = { NETSCAPE_CERT_EXT, 0x08 }; | |
313 CONST_OID nsExtHomepageURL[] = { NETSCAPE_CERT_EXT, 0x09 }; | |
314 CONST_OID nsExtEntityLogo[] = { NETSCAPE_CERT_EXT, 0x0a }; | |
315 CONST_OID nsExtUserPicture[] = { NETSCAPE_CERT_EXT, 0x0b }; | |
316 CONST_OID nsExtSSLServerName[] = { NETSCAPE_CERT_EXT, 0x0c }; | |
317 CONST_OID nsExtComment[] = { NETSCAPE_CERT_EXT, 0x0d }; | |
318 | |
319 /* the following 2 extensions are defined for and used by Cartman(NSM) */ | |
320 CONST_OID nsExtLostPasswordURL[] = { NETSCAPE_CERT_EXT, 0x0e }; | |
321 CONST_OID nsExtCertRenewalTime[] = { NETSCAPE_CERT_EXT, 0x0f }; | |
322 | |
323 CONST_OID nsExtAIACertRenewal[] = { NETSCAPE_CERT_EXT_AIA, 0x01 }; | |
324 CONST_OID nsExtCertScopeOfUse[] = { NETSCAPE_CERT_EXT, 0x11 }; | |
325 /* Reserved Netscape (2 16 840 1 113730 1 18) = { NETSCAPE_CERT_EXT, 0x12 }; */ | |
326 | |
327 /* Netscape policy values */ | |
328 CONST_OID nsKeyUsageGovtApproved[] = { NETSCAPE_POLICY, 0x01 }; | |
329 | |
330 /* Netscape other name types */ | |
331 CONST_OID netscapeNickname[] = { NETSCAPE_NAME_COMPONENTS, 0x01 }; | |
332 CONST_OID netscapeAOLScreenname[] = { NETSCAPE_NAME_COMPONENTS, 0x02 }; | |
333 | |
334 /* OIDs needed for cert server */ | |
335 CONST_OID netscapeRecoveryRequest[] = { NETSCAPE_CERT_SERVER_CRMF, 0x01 }; | |
336 | |
337 | |
338 /* Standard x.509 v3 Certificate & CRL Extensions */ | |
339 CONST_OID x509SubjectDirectoryAttr[] = { ID_CE_OID, 9 }; | |
340 CONST_OID x509SubjectKeyID[] = { ID_CE_OID, 14 }; | |
341 CONST_OID x509KeyUsage[] = { ID_CE_OID, 15 }; | |
342 CONST_OID x509PrivateKeyUsagePeriod[] = { ID_CE_OID, 16 }; | |
343 CONST_OID x509SubjectAltName[] = { ID_CE_OID, 17 }; | |
344 CONST_OID x509IssuerAltName[] = { ID_CE_OID, 18 }; | |
345 CONST_OID x509BasicConstraints[] = { ID_CE_OID, 19 }; | |
346 CONST_OID x509CRLNumber[] = { ID_CE_OID, 20 }; | |
347 CONST_OID x509ReasonCode[] = { ID_CE_OID, 21 }; | |
348 CONST_OID x509HoldInstructionCode[] = { ID_CE_OID, 23 }; | |
349 CONST_OID x509InvalidDate[] = { ID_CE_OID, 24 }; | |
350 CONST_OID x509DeltaCRLIndicator[] = { ID_CE_OID, 27 }; | |
351 CONST_OID x509IssuingDistributionPoint[] = { ID_CE_OID, 28 }; | |
352 CONST_OID x509CertIssuer[] = { ID_CE_OID, 29 }; | |
353 CONST_OID x509NameConstraints[] = { ID_CE_OID, 30 }; | |
354 CONST_OID x509CRLDistPoints[] = { ID_CE_OID, 31 }; | |
355 CONST_OID x509CertificatePolicies[] = { ID_CE_OID, 32 }; | |
356 CONST_OID x509PolicyMappings[] = { ID_CE_OID, 33 }; | |
357 CONST_OID x509AuthKeyID[] = { ID_CE_OID, 35 }; | |
358 CONST_OID x509PolicyConstraints[] = { ID_CE_OID, 36 }; | |
359 CONST_OID x509ExtKeyUsage[] = { ID_CE_OID, 37 }; | |
360 CONST_OID x509FreshestCRL[] = { ID_CE_OID, 46 }; | |
361 CONST_OID x509InhibitAnyPolicy[] = { ID_CE_OID, 54 }; | |
362 | |
363 CONST_OID x509CertificatePoliciesAnyPolicy[] = { ID_CE_OID, 32, 0 }; | |
364 | |
365 CONST_OID x509AuthInfoAccess[] = { PKIX_CERT_EXTENSIONS, 1 }; | |
366 CONST_OID x509SubjectInfoAccess[] = { PKIX_CERT_EXTENSIONS, 11 }; | |
367 | |
368 CONST_OID x509SIATimeStamping[] = {PKIX_ACCESS_DESCRIPTION, 0x03
}; | |
369 CONST_OID x509SIACaRepository[] = {PKIX_ACCESS_DESCRIPTION, 0x05
}; | |
370 | |
371 /* pkcs 12 additions */ | |
372 CONST_OID pkcs12[] = { PKCS12 }; | |
373 CONST_OID pkcs12ModeIDs[] = { PKCS12_MODE_IDS }; | |
374 CONST_OID pkcs12ESPVKIDs[] = { PKCS12_ESPVK_IDS }; | |
375 CONST_OID pkcs12BagIDs[] = { PKCS12_BAG_IDS }; | |
376 CONST_OID pkcs12CertBagIDs[] = { PKCS12_CERT_BAG_IDS }; | |
377 CONST_OID pkcs12OIDs[] = { PKCS12_OIDS }; | |
378 CONST_OID pkcs12PBEIDs[] = { PKCS12_PBE_IDS }; | |
379 CONST_OID pkcs12EnvelopingIDs[] = { PKCS12_ENVELOPING_IDS }; | |
380 CONST_OID pkcs12SignatureIDs[] = { PKCS12_SIGNATURE_IDS }; | |
381 CONST_OID pkcs12PKCS8KeyShrouding[] = { PKCS12_ESPVK_IDS, 0x01 }; | |
382 CONST_OID pkcs12KeyBagID[] = { PKCS12_BAG_IDS, 0x01 }; | |
383 CONST_OID pkcs12CertAndCRLBagID[] = { PKCS12_BAG_IDS, 0x02 }; | |
384 CONST_OID pkcs12SecretBagID[] = { PKCS12_BAG_IDS, 0x03 }; | |
385 CONST_OID pkcs12X509CertCRLBag[] = { PKCS12_CERT_BAG_IDS, 0x01 }; | |
386 CONST_OID pkcs12SDSICertBag[] = { PKCS12_CERT_BAG_IDS, 0x02 }; | |
387 CONST_OID pkcs12PBEWithSha1And128BitRC4[] = { PKCS12_PBE_IDS, 0x01 }; | |
388 CONST_OID pkcs12PBEWithSha1And40BitRC4[] = { PKCS12_PBE_IDS, 0x02 }; | |
389 CONST_OID pkcs12PBEWithSha1AndTripleDESCBC[] = { PKCS12_PBE_IDS, 0x03 }; | |
390 CONST_OID pkcs12PBEWithSha1And128BitRC2CBC[] = { PKCS12_PBE_IDS, 0x04 }; | |
391 CONST_OID pkcs12PBEWithSha1And40BitRC2CBC[] = { PKCS12_PBE_IDS, 0x05 }; | |
392 CONST_OID pkcs12RSAEncryptionWith128BitRC4[] = { PKCS12_ENVELOPING_IDS, 0x01 }; | |
393 CONST_OID pkcs12RSAEncryptionWith40BitRC4[] = { PKCS12_ENVELOPING_IDS, 0x02 }; | |
394 CONST_OID pkcs12RSAEncryptionWithTripleDES[] = { PKCS12_ENVELOPING_IDS, 0x03 }; | |
395 CONST_OID pkcs12RSASignatureWithSHA1Digest[] = { PKCS12_SIGNATURE_IDS, 0x01 }; | |
396 | |
397 /* pkcs 12 version 1.0 ids */ | |
398 CONST_OID pkcs12V2PBEWithSha1And128BitRC4[] = { PKCS12_V2_PBE_IDS, 0x01 }; | |
399 CONST_OID pkcs12V2PBEWithSha1And40BitRC4[] = { PKCS12_V2_PBE_IDS, 0x02 }; | |
400 CONST_OID pkcs12V2PBEWithSha1And3KeyTripleDEScbc[]= { PKCS12_V2_PBE_IDS, 0x03 }; | |
401 CONST_OID pkcs12V2PBEWithSha1And2KeyTripleDEScbc[]= { PKCS12_V2_PBE_IDS, 0x04 }; | |
402 CONST_OID pkcs12V2PBEWithSha1And128BitRC2cbc[] = { PKCS12_V2_PBE_IDS, 0x05 }; | |
403 CONST_OID pkcs12V2PBEWithSha1And40BitRC2cbc[] = { PKCS12_V2_PBE_IDS, 0x06 }; | |
404 | |
405 CONST_OID pkcs12SafeContentsID[] = { PKCS12_BAG_IDS, 0x04 }; | |
406 CONST_OID pkcs12PKCS8ShroudedKeyBagID[] = { PKCS12_BAG_IDS, 0x05 }; | |
407 | |
408 CONST_OID pkcs12V1KeyBag[] = { PKCS12_V1_BAG_IDS, 0x01 }; | |
409 CONST_OID pkcs12V1PKCS8ShroudedKeyBag[] = { PKCS12_V1_BAG_IDS, 0x02 }; | |
410 CONST_OID pkcs12V1CertBag[] = { PKCS12_V1_BAG_IDS, 0x03 }; | |
411 CONST_OID pkcs12V1CRLBag[] = { PKCS12_V1_BAG_IDS, 0x04 }; | |
412 CONST_OID pkcs12V1SecretBag[] = { PKCS12_V1_BAG_IDS, 0x05 }; | |
413 CONST_OID pkcs12V1SafeContentsBag[] = { PKCS12_V1_BAG_IDS, 0x06 }; | |
414 | |
415 /* The following encoding is INCORRECT, but correcting it would create a | |
416 * duplicate OID in the table. So, we will leave it alone. | |
417 */ | |
418 CONST_OID pkcs12KeyUsageAttr[] = { 2, 5, 29, 15 }; | |
419 | |
420 CONST_OID ansix9DSASignature[] = { ANSI_X9_ALGORITHM, 0x01 }; | |
421 CONST_OID ansix9DSASignaturewithSHA1Digest[] = { ANSI_X9_ALGORITHM, 0x03 }; | |
422 CONST_OID nistDSASignaturewithSHA224Digest[] = { DSA2, 0x01 }; | |
423 CONST_OID nistDSASignaturewithSHA256Digest[] = { DSA2, 0x02 }; | |
424 | |
425 /* verisign OIDs */ | |
426 CONST_OID verisignUserNotices[] = { VERISIGN, 1, 7, 1, 1 }; | |
427 | |
428 /* pkix OIDs */ | |
429 CONST_OID pkixCPSPointerQualifier[] = { PKIX_POLICY_QUALIFIERS, 1 }; | |
430 CONST_OID pkixUserNoticeQualifier[] = { PKIX_POLICY_QUALIFIERS, 2 }; | |
431 | |
432 CONST_OID pkixOCSP[] = { PKIX_OCSP }; | |
433 CONST_OID pkixOCSPBasicResponse[] = { PKIX_OCSP, 1 }; | |
434 CONST_OID pkixOCSPNonce[] = { PKIX_OCSP, 2 }; | |
435 CONST_OID pkixOCSPCRL[] = { PKIX_OCSP, 3 }; | |
436 CONST_OID pkixOCSPResponse[] = { PKIX_OCSP, 4 }; | |
437 CONST_OID pkixOCSPNoCheck[] = { PKIX_OCSP, 5 }; | |
438 CONST_OID pkixOCSPArchiveCutoff[] = { PKIX_OCSP, 6 }; | |
439 CONST_OID pkixOCSPServiceLocator[] = { PKIX_OCSP, 7 }; | |
440 | |
441 CONST_OID pkixCAIssuers[] = { PKIX_CA_ISSUERS }; | |
442 | |
443 CONST_OID pkixRegCtrlRegToken[] = { PKIX_ID_REGCTRL, 1}; | |
444 CONST_OID pkixRegCtrlAuthenticator[] = { PKIX_ID_REGCTRL, 2}; | |
445 CONST_OID pkixRegCtrlPKIPubInfo[] = { PKIX_ID_REGCTRL, 3}; | |
446 CONST_OID pkixRegCtrlPKIArchOptions[] = { PKIX_ID_REGCTRL, 4}; | |
447 CONST_OID pkixRegCtrlOldCertID[] = { PKIX_ID_REGCTRL, 5}; | |
448 CONST_OID pkixRegCtrlProtEncKey[] = { PKIX_ID_REGCTRL, 6}; | |
449 CONST_OID pkixRegInfoUTF8Pairs[] = { PKIX_ID_REGINFO, 1}; | |
450 CONST_OID pkixRegInfoCertReq[] = { PKIX_ID_REGINFO, 2}; | |
451 | |
452 CONST_OID pkixExtendedKeyUsageServerAuth[] = { PKIX_KEY_USAGE, 1 }; | |
453 CONST_OID pkixExtendedKeyUsageClientAuth[] = { PKIX_KEY_USAGE, 2 }; | |
454 CONST_OID pkixExtendedKeyUsageCodeSign[] = { PKIX_KEY_USAGE, 3 }; | |
455 CONST_OID pkixExtendedKeyUsageEMailProtect[] = { PKIX_KEY_USAGE, 4 }; | |
456 CONST_OID pkixExtendedKeyUsageTimeStamp[] = { PKIX_KEY_USAGE, 8 }; | |
457 CONST_OID pkixOCSPResponderExtendedKeyUsage[] = { PKIX_KEY_USAGE, 9 }; | |
458 CONST_OID msExtendedKeyUsageTrustListSigning[] = { MS_CRYPTO_EKU, 1 }; | |
459 | |
460 /* OIDs for Netscape defined algorithms */ | |
461 CONST_OID netscapeSMimeKEA[] = { NETSCAPE_ALGS, 0x01 }; | |
462 | |
463 /* Fortezza algorithm OIDs */ | |
464 CONST_OID skipjackCBC[] = { MISSI, 0x04 }; | |
465 CONST_OID dhPublicKey[] = { ANSI_X942_ALGORITHM, 0x1 }; | |
466 | |
467 CONST_OID idea_CBC[] = { ASCOM_IDEA_ALG, 2 }; | |
468 CONST_OID aes128_GCM[] = { AES, 0x6 }; | |
469 CONST_OID aes192_GCM[] = { AES, 0x1a }; | |
470 CONST_OID aes256_GCM[] = { AES, 0x2e }; | |
471 CONST_OID aes128_ECB[] = { AES, 1 }; | |
472 CONST_OID aes128_CBC[] = { AES, 2 }; | |
473 #ifdef DEFINE_ALL_AES_CIPHERS | |
474 CONST_OID aes128_OFB[] = { AES, 3 }; | |
475 CONST_OID aes128_CFB[] = { AES, 4 }; | |
476 #endif | |
477 CONST_OID aes128_KEY_WRAP[] = { AES, 5 }; | |
478 | |
479 CONST_OID aes192_ECB[] = { AES, 21 }; | |
480 CONST_OID aes192_CBC[] = { AES, 22 }; | |
481 #ifdef DEFINE_ALL_AES_CIPHERS | |
482 CONST_OID aes192_OFB[] = { AES, 23 }; | |
483 CONST_OID aes192_CFB[] = { AES, 24 }; | |
484 #endif | |
485 CONST_OID aes192_KEY_WRAP[] = { AES, 25 }; | |
486 | |
487 CONST_OID aes256_ECB[] = { AES, 41 }; | |
488 CONST_OID aes256_CBC[] = { AES, 42 }; | |
489 #ifdef DEFINE_ALL_AES_CIPHERS | |
490 CONST_OID aes256_OFB[] = { AES, 43 }; | |
491 CONST_OID aes256_CFB[] = { AES, 44 }; | |
492 #endif | |
493 CONST_OID aes256_KEY_WRAP[] = { AES, 45 }; | |
494 | |
495 CONST_OID camellia128_CBC[] = { CAMELLIA_ENCRYPT_OID, 2}; | |
496 CONST_OID camellia192_CBC[] = { CAMELLIA_ENCRYPT_OID, 3}; | |
497 CONST_OID camellia256_CBC[] = { CAMELLIA_ENCRYPT_OID, 4}; | |
498 | |
499 CONST_OID sha256[] = { SHAXXX, 1 }; | |
500 CONST_OID sha384[] = { SHAXXX, 2 }; | |
501 CONST_OID sha512[] = { SHAXXX, 3 }; | |
502 CONST_OID sha224[] = { SHAXXX, 4 }; | |
503 | |
504 CONST_OID ansix962ECPublicKey[] = { ANSI_X962_OID, 0x02, 0x01 }; | |
505 CONST_OID ansix962SignaturewithSHA1Digest[] = { ANSI_X962_SIGNATURE_OID, 0x01 }; | |
506 CONST_OID ansix962SignatureRecommended[] = { ANSI_X962_SIGNATURE_OID, 0x02 }; | |
507 CONST_OID ansix962SignatureSpecified[] = { ANSI_X962_SPECIFY_OID }; | |
508 CONST_OID ansix962SignaturewithSHA224Digest[] = { ANSI_X962_SPECIFY_OID, 0x01 }; | |
509 CONST_OID ansix962SignaturewithSHA256Digest[] = { ANSI_X962_SPECIFY_OID, 0x02 }; | |
510 CONST_OID ansix962SignaturewithSHA384Digest[] = { ANSI_X962_SPECIFY_OID, 0x03 }; | |
511 CONST_OID ansix962SignaturewithSHA512Digest[] = { ANSI_X962_SPECIFY_OID, 0x04 }; | |
512 | |
513 /* ANSI X9.62 prime curve OIDs */ | |
514 /* NOTE: prime192v1 is the same as secp192r1, prime256v1 is the | |
515 * same as secp256r1 | |
516 */ | |
517 CONST_OID ansiX962prime192v1[] = { ANSI_X962_GFp_OID, 0x01 }; | |
518 CONST_OID ansiX962prime192v2[] = { ANSI_X962_GFp_OID, 0x02 }; | |
519 CONST_OID ansiX962prime192v3[] = { ANSI_X962_GFp_OID, 0x03 }; | |
520 CONST_OID ansiX962prime239v1[] = { ANSI_X962_GFp_OID, 0x04 }; | |
521 CONST_OID ansiX962prime239v2[] = { ANSI_X962_GFp_OID, 0x05 }; | |
522 CONST_OID ansiX962prime239v3[] = { ANSI_X962_GFp_OID, 0x06 }; | |
523 CONST_OID ansiX962prime256v1[] = { ANSI_X962_GFp_OID, 0x07 }; | |
524 | |
525 /* SECG prime curve OIDs */ | |
526 CONST_OID secgECsecp112r1[] = { SECG_OID, 0x06 }; | |
527 CONST_OID secgECsecp112r2[] = { SECG_OID, 0x07 }; | |
528 CONST_OID secgECsecp128r1[] = { SECG_OID, 0x1c }; | |
529 CONST_OID secgECsecp128r2[] = { SECG_OID, 0x1d }; | |
530 CONST_OID secgECsecp160k1[] = { SECG_OID, 0x09 }; | |
531 CONST_OID secgECsecp160r1[] = { SECG_OID, 0x08 }; | |
532 CONST_OID secgECsecp160r2[] = { SECG_OID, 0x1e }; | |
533 CONST_OID secgECsecp192k1[] = { SECG_OID, 0x1f }; | |
534 CONST_OID secgECsecp224k1[] = { SECG_OID, 0x20 }; | |
535 CONST_OID secgECsecp224r1[] = { SECG_OID, 0x21 }; | |
536 CONST_OID secgECsecp256k1[] = { SECG_OID, 0x0a }; | |
537 CONST_OID secgECsecp384r1[] = { SECG_OID, 0x22 }; | |
538 CONST_OID secgECsecp521r1[] = { SECG_OID, 0x23 }; | |
539 | |
540 /* ANSI X9.62 characteristic two curve OIDs */ | |
541 CONST_OID ansiX962c2pnb163v1[] = { ANSI_X962_GF2m_OID, 0x01 }; | |
542 CONST_OID ansiX962c2pnb163v2[] = { ANSI_X962_GF2m_OID, 0x02 }; | |
543 CONST_OID ansiX962c2pnb163v3[] = { ANSI_X962_GF2m_OID, 0x03 }; | |
544 CONST_OID ansiX962c2pnb176v1[] = { ANSI_X962_GF2m_OID, 0x04 }; | |
545 CONST_OID ansiX962c2tnb191v1[] = { ANSI_X962_GF2m_OID, 0x05 }; | |
546 CONST_OID ansiX962c2tnb191v2[] = { ANSI_X962_GF2m_OID, 0x06 }; | |
547 CONST_OID ansiX962c2tnb191v3[] = { ANSI_X962_GF2m_OID, 0x07 }; | |
548 CONST_OID ansiX962c2onb191v4[] = { ANSI_X962_GF2m_OID, 0x08 }; | |
549 CONST_OID ansiX962c2onb191v5[] = { ANSI_X962_GF2m_OID, 0x09 }; | |
550 CONST_OID ansiX962c2pnb208w1[] = { ANSI_X962_GF2m_OID, 0x0a }; | |
551 CONST_OID ansiX962c2tnb239v1[] = { ANSI_X962_GF2m_OID, 0x0b }; | |
552 CONST_OID ansiX962c2tnb239v2[] = { ANSI_X962_GF2m_OID, 0x0c }; | |
553 CONST_OID ansiX962c2tnb239v3[] = { ANSI_X962_GF2m_OID, 0x0d }; | |
554 CONST_OID ansiX962c2onb239v4[] = { ANSI_X962_GF2m_OID, 0x0e }; | |
555 CONST_OID ansiX962c2onb239v5[] = { ANSI_X962_GF2m_OID, 0x0f }; | |
556 CONST_OID ansiX962c2pnb272w1[] = { ANSI_X962_GF2m_OID, 0x10 }; | |
557 CONST_OID ansiX962c2pnb304w1[] = { ANSI_X962_GF2m_OID, 0x11 }; | |
558 CONST_OID ansiX962c2tnb359v1[] = { ANSI_X962_GF2m_OID, 0x12 }; | |
559 CONST_OID ansiX962c2pnb368w1[] = { ANSI_X962_GF2m_OID, 0x13 }; | |
560 CONST_OID ansiX962c2tnb431r1[] = { ANSI_X962_GF2m_OID, 0x14 }; | |
561 | |
562 /* SECG characterisitic two curve OIDs */ | |
563 CONST_OID secgECsect113r1[] = {SECG_OID, 0x04 }; | |
564 CONST_OID secgECsect113r2[] = {SECG_OID, 0x05 }; | |
565 CONST_OID secgECsect131r1[] = {SECG_OID, 0x16 }; | |
566 CONST_OID secgECsect131r2[] = {SECG_OID, 0x17 }; | |
567 CONST_OID secgECsect163k1[] = {SECG_OID, 0x01 }; | |
568 CONST_OID secgECsect163r1[] = {SECG_OID, 0x02 }; | |
569 CONST_OID secgECsect163r2[] = {SECG_OID, 0x0f }; | |
570 CONST_OID secgECsect193r1[] = {SECG_OID, 0x18 }; | |
571 CONST_OID secgECsect193r2[] = {SECG_OID, 0x19 }; | |
572 CONST_OID secgECsect233k1[] = {SECG_OID, 0x1a }; | |
573 CONST_OID secgECsect233r1[] = {SECG_OID, 0x1b }; | |
574 CONST_OID secgECsect239k1[] = {SECG_OID, 0x03 }; | |
575 CONST_OID secgECsect283k1[] = {SECG_OID, 0x10 }; | |
576 CONST_OID secgECsect283r1[] = {SECG_OID, 0x11 }; | |
577 CONST_OID secgECsect409k1[] = {SECG_OID, 0x24 }; | |
578 CONST_OID secgECsect409r1[] = {SECG_OID, 0x25 }; | |
579 CONST_OID secgECsect571k1[] = {SECG_OID, 0x26 }; | |
580 CONST_OID secgECsect571r1[] = {SECG_OID, 0x27 }; | |
581 | |
582 CONST_OID seed_CBC[] = { SEED_OID, 4 }; | |
583 | |
584 CONST_OID evIncorporationLocality[] = { EV_NAME_ATTRIBUTE, 1 }; | |
585 CONST_OID evIncorporationState[] = { EV_NAME_ATTRIBUTE, 2 }; | |
586 CONST_OID evIncorporationCountry[] = { EV_NAME_ATTRIBUTE, 3 }; | |
587 | |
588 #define OI(x) { siDEROID, (unsigned char *)x, sizeof x } | |
589 #ifndef SECOID_NO_STRINGS | |
590 #define OD(oid,tag,desc,mech,ext) { OI(oid), tag, desc, mech, ext } | |
591 #define ODE(tag,desc,mech,ext) { { siDEROID, NULL, 0 }, tag, desc, mech, ext } | |
592 #else | |
593 #define OD(oid,tag,desc,mech,ext) { OI(oid), tag, 0, mech, ext } | |
594 #define ODE(tag,desc,mech,ext) { { siDEROID, NULL, 0 }, tag, 0, mech, ext } | |
595 #endif | |
596 | |
597 #if defined(NSS_ALLOW_UNSUPPORTED_CRITICAL) | |
598 #define FAKE_SUPPORTED_CERT_EXTENSION SUPPORTED_CERT_EXTENSION | |
599 #else | |
600 #define FAKE_SUPPORTED_CERT_EXTENSION UNSUPPORTED_CERT_EXTENSION | |
601 #endif | |
602 | |
603 /* | |
604 * NOTE: the order of these entries must mach the SECOidTag enum in secoidt.h! | |
605 */ | |
606 const static SECOidData oids[SEC_OID_TOTAL] = { | |
607 { { siDEROID, NULL, 0 }, SEC_OID_UNKNOWN, | |
608 "Unknown OID", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION }, | |
609 OD( md2, SEC_OID_MD2, "MD2", CKM_MD2, INVALID_CERT_EXTENSION ), | |
610 OD( md4, SEC_OID_MD4, | |
611 "MD4", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
612 OD( md5, SEC_OID_MD5, "MD5", CKM_MD5, INVALID_CERT_EXTENSION ), | |
613 OD( sha1, SEC_OID_SHA1, "SHA-1", CKM_SHA_1, INVALID_CERT_EXTENSION ), | |
614 OD( rc2cbc, SEC_OID_RC2_CBC, | |
615 "RC2-CBC", CKM_RC2_CBC, INVALID_CERT_EXTENSION ), | |
616 OD( rc4, SEC_OID_RC4, "RC4", CKM_RC4, INVALID_CERT_EXTENSION ), | |
617 OD( desede3cbc, SEC_OID_DES_EDE3_CBC, | |
618 "DES-EDE3-CBC", CKM_DES3_CBC, INVALID_CERT_EXTENSION ), | |
619 OD( rc5cbcpad, SEC_OID_RC5_CBC_PAD, | |
620 "RC5-CBCPad", CKM_RC5_CBC, INVALID_CERT_EXTENSION ), | |
621 OD( desecb, SEC_OID_DES_ECB, | |
622 "DES-ECB", CKM_DES_ECB, INVALID_CERT_EXTENSION ), | |
623 OD( descbc, SEC_OID_DES_CBC, | |
624 "DES-CBC", CKM_DES_CBC, INVALID_CERT_EXTENSION ), | |
625 OD( desofb, SEC_OID_DES_OFB, | |
626 "DES-OFB", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
627 OD( descfb, SEC_OID_DES_CFB, | |
628 "DES-CFB", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
629 OD( desmac, SEC_OID_DES_MAC, | |
630 "DES-MAC", CKM_DES_MAC, INVALID_CERT_EXTENSION ), | |
631 OD( desede, SEC_OID_DES_EDE, | |
632 "DES-EDE", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
633 OD( isoSHAWithRSASignature, SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE, | |
634 "ISO SHA with RSA Signature", | |
635 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
636 OD( pkcs1RSAEncryption, SEC_OID_PKCS1_RSA_ENCRYPTION, | |
637 "PKCS #1 RSA Encryption", CKM_RSA_PKCS, INVALID_CERT_EXTENSION ), | |
638 | |
639 /* the following Signing mechanisms should get new CKM_ values when | |
640 * values for CKM_RSA_WITH_MDX and CKM_RSA_WITH_SHA_1 get defined in | |
641 * PKCS #11. | |
642 */ | |
643 OD( pkcs1MD2WithRSAEncryption, SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION, | |
644 "PKCS #1 MD2 With RSA Encryption", CKM_MD2_RSA_PKCS, | |
645 INVALID_CERT_EXTENSION ), | |
646 OD( pkcs1MD4WithRSAEncryption, SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION, | |
647 "PKCS #1 MD4 With RSA Encryption", | |
648 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
649 OD( pkcs1MD5WithRSAEncryption, SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION, | |
650 "PKCS #1 MD5 With RSA Encryption", CKM_MD5_RSA_PKCS, | |
651 INVALID_CERT_EXTENSION ), | |
652 OD( pkcs1SHA1WithRSAEncryption, SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION, | |
653 "PKCS #1 SHA-1 With RSA Encryption", CKM_SHA1_RSA_PKCS, | |
654 INVALID_CERT_EXTENSION ), | |
655 | |
656 OD( pkcs5PbeWithMD2AndDEScbc, SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC, | |
657 "PKCS #5 Password Based Encryption with MD2 and DES-CBC", | |
658 CKM_PBE_MD2_DES_CBC, INVALID_CERT_EXTENSION ), | |
659 OD( pkcs5PbeWithMD5AndDEScbc, SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC, | |
660 "PKCS #5 Password Based Encryption with MD5 and DES-CBC", | |
661 CKM_PBE_MD5_DES_CBC, INVALID_CERT_EXTENSION ), | |
662 OD( pkcs5PbeWithSha1AndDEScbc, SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC, | |
663 "PKCS #5 Password Based Encryption with SHA-1 and DES-CBC", | |
664 CKM_NETSCAPE_PBE_SHA1_DES_CBC, INVALID_CERT_EXTENSION ), | |
665 OD( pkcs7, SEC_OID_PKCS7, | |
666 "PKCS #7", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
667 OD( pkcs7Data, SEC_OID_PKCS7_DATA, | |
668 "PKCS #7 Data", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
669 OD( pkcs7SignedData, SEC_OID_PKCS7_SIGNED_DATA, | |
670 "PKCS #7 Signed Data", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
671 OD( pkcs7EnvelopedData, SEC_OID_PKCS7_ENVELOPED_DATA, | |
672 "PKCS #7 Enveloped Data", | |
673 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
674 OD( pkcs7SignedEnvelopedData, SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA, | |
675 "PKCS #7 Signed And Enveloped Data", | |
676 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
677 OD( pkcs7DigestedData, SEC_OID_PKCS7_DIGESTED_DATA, | |
678 "PKCS #7 Digested Data", | |
679 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
680 OD( pkcs7EncryptedData, SEC_OID_PKCS7_ENCRYPTED_DATA, | |
681 "PKCS #7 Encrypted Data", | |
682 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
683 OD( pkcs9EmailAddress, SEC_OID_PKCS9_EMAIL_ADDRESS, | |
684 "PKCS #9 Email Address", | |
685 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
686 OD( pkcs9UnstructuredName, SEC_OID_PKCS9_UNSTRUCTURED_NAME, | |
687 "PKCS #9 Unstructured Name", | |
688 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
689 OD( pkcs9ContentType, SEC_OID_PKCS9_CONTENT_TYPE, | |
690 "PKCS #9 Content Type", | |
691 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
692 OD( pkcs9MessageDigest, SEC_OID_PKCS9_MESSAGE_DIGEST, | |
693 "PKCS #9 Message Digest", | |
694 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
695 OD( pkcs9SigningTime, SEC_OID_PKCS9_SIGNING_TIME, | |
696 "PKCS #9 Signing Time", | |
697 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
698 OD( pkcs9CounterSignature, SEC_OID_PKCS9_COUNTER_SIGNATURE, | |
699 "PKCS #9 Counter Signature", | |
700 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
701 OD( pkcs9ChallengePassword, SEC_OID_PKCS9_CHALLENGE_PASSWORD, | |
702 "PKCS #9 Challenge Password", | |
703 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
704 OD( pkcs9UnstructuredAddress, SEC_OID_PKCS9_UNSTRUCTURED_ADDRESS, | |
705 "PKCS #9 Unstructured Address", | |
706 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
707 OD( pkcs9ExtendedCertificateAttributes, | |
708 SEC_OID_PKCS9_EXTENDED_CERTIFICATE_ATTRIBUTES, | |
709 "PKCS #9 Extended Certificate Attributes", | |
710 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
711 OD( pkcs9SMIMECapabilities, SEC_OID_PKCS9_SMIME_CAPABILITIES, | |
712 "PKCS #9 S/MIME Capabilities", | |
713 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
714 OD( x520CommonName, SEC_OID_AVA_COMMON_NAME, | |
715 "X520 Common Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
716 OD( x520CountryName, SEC_OID_AVA_COUNTRY_NAME, | |
717 "X520 Country Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
718 OD( x520LocalityName, SEC_OID_AVA_LOCALITY, | |
719 "X520 Locality Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
720 OD( x520StateOrProvinceName, SEC_OID_AVA_STATE_OR_PROVINCE, | |
721 "X520 State Or Province Name", | |
722 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
723 OD( x520OrgName, SEC_OID_AVA_ORGANIZATION_NAME, | |
724 "X520 Organization Name", | |
725 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
726 OD( x520OrgUnitName, SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME, | |
727 "X520 Organizational Unit Name", | |
728 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
729 OD( x520DnQualifier, SEC_OID_AVA_DN_QUALIFIER, | |
730 "X520 DN Qualifier", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
731 OD( rfc2247DomainComponent, SEC_OID_AVA_DC, | |
732 "RFC 2247 Domain Component", | |
733 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
734 | |
735 OD( nsTypeGIF, SEC_OID_NS_TYPE_GIF, | |
736 "GIF", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
737 OD( nsTypeJPEG, SEC_OID_NS_TYPE_JPEG, | |
738 "JPEG", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
739 OD( nsTypeURL, SEC_OID_NS_TYPE_URL, | |
740 "URL", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
741 OD( nsTypeHTML, SEC_OID_NS_TYPE_HTML, | |
742 "HTML", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
743 OD( nsTypeCertSeq, SEC_OID_NS_TYPE_CERT_SEQUENCE, | |
744 "Certificate Sequence", | |
745 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
746 OD( missiCertKEADSSOld, SEC_OID_MISSI_KEA_DSS_OLD, | |
747 "MISSI KEA and DSS Algorithm (Old)", | |
748 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
749 OD( missiCertDSSOld, SEC_OID_MISSI_DSS_OLD, | |
750 "MISSI DSS Algorithm (Old)", | |
751 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
752 OD( missiCertKEADSS, SEC_OID_MISSI_KEA_DSS, | |
753 "MISSI KEA and DSS Algorithm", | |
754 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
755 OD( missiCertDSS, SEC_OID_MISSI_DSS, | |
756 "MISSI DSS Algorithm", | |
757 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
758 OD( missiCertKEA, SEC_OID_MISSI_KEA, | |
759 "MISSI KEA Algorithm", | |
760 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
761 OD( missiCertAltKEA, SEC_OID_MISSI_ALT_KEA, | |
762 "MISSI Alternate KEA Algorithm", | |
763 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
764 | |
765 /* Netscape private extensions */ | |
766 OD( nsCertExtNetscapeOK, SEC_OID_NS_CERT_EXT_NETSCAPE_OK, | |
767 "Netscape says this cert is OK", | |
768 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ), | |
769 OD( nsCertExtIssuerLogo, SEC_OID_NS_CERT_EXT_ISSUER_LOGO, | |
770 "Certificate Issuer Logo", | |
771 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ), | |
772 OD( nsCertExtSubjectLogo, SEC_OID_NS_CERT_EXT_SUBJECT_LOGO, | |
773 "Certificate Subject Logo", | |
774 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ), | |
775 OD( nsExtCertType, SEC_OID_NS_CERT_EXT_CERT_TYPE, | |
776 "Certificate Type", | |
777 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), | |
778 OD( nsExtBaseURL, SEC_OID_NS_CERT_EXT_BASE_URL, | |
779 "Certificate Extension Base URL", | |
780 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), | |
781 OD( nsExtRevocationURL, SEC_OID_NS_CERT_EXT_REVOCATION_URL, | |
782 "Certificate Revocation URL", | |
783 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), | |
784 OD( nsExtCARevocationURL, SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL, | |
785 "Certificate Authority Revocation URL", | |
786 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), | |
787 OD( nsExtCACRLURL, SEC_OID_NS_CERT_EXT_CA_CRL_URL, | |
788 "Certificate Authority CRL Download URL", | |
789 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ), | |
790 OD( nsExtCACertURL, SEC_OID_NS_CERT_EXT_CA_CERT_URL, | |
791 "Certificate Authority Certificate Download URL", | |
792 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ), | |
793 OD( nsExtCertRenewalURL, SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL, | |
794 "Certificate Renewal URL", | |
795 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), | |
796 OD( nsExtCAPolicyURL, SEC_OID_NS_CERT_EXT_CA_POLICY_URL, | |
797 "Certificate Authority Policy URL", | |
798 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), | |
799 OD( nsExtHomepageURL, SEC_OID_NS_CERT_EXT_HOMEPAGE_URL, | |
800 "Certificate Homepage URL", | |
801 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ), | |
802 OD( nsExtEntityLogo, SEC_OID_NS_CERT_EXT_ENTITY_LOGO, | |
803 "Certificate Entity Logo", | |
804 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ), | |
805 OD( nsExtUserPicture, SEC_OID_NS_CERT_EXT_USER_PICTURE, | |
806 "Certificate User Picture", | |
807 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ), | |
808 OD( nsExtSSLServerName, SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME, | |
809 "Certificate SSL Server Name", | |
810 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ), | |
811 OD( nsExtComment, SEC_OID_NS_CERT_EXT_COMMENT, | |
812 "Certificate Comment", | |
813 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), | |
814 OD( nsExtLostPasswordURL, SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL, | |
815 "Lost Password URL", | |
816 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), | |
817 OD( nsExtCertRenewalTime, SEC_OID_NS_CERT_EXT_CERT_RENEWAL_TIME, | |
818 "Certificate Renewal Time", | |
819 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), | |
820 OD( nsKeyUsageGovtApproved, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED, | |
821 "Strong Crypto Export Approved", | |
822 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ), | |
823 | |
824 | |
825 /* x.509 v3 certificate extensions */ | |
826 OD( x509SubjectDirectoryAttr, SEC_OID_X509_SUBJECT_DIRECTORY_ATTR, | |
827 "Certificate Subject Directory Attributes", | |
828 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION), | |
829 OD( x509SubjectKeyID, SEC_OID_X509_SUBJECT_KEY_ID, | |
830 "Certificate Subject Key ID", | |
831 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), | |
832 OD( x509KeyUsage, SEC_OID_X509_KEY_USAGE, | |
833 "Certificate Key Usage", | |
834 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), | |
835 OD( x509PrivateKeyUsagePeriod, SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD, | |
836 "Certificate Private Key Usage Period", | |
837 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ), | |
838 OD( x509SubjectAltName, SEC_OID_X509_SUBJECT_ALT_NAME, | |
839 "Certificate Subject Alt Name", | |
840 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), | |
841 OD( x509IssuerAltName, SEC_OID_X509_ISSUER_ALT_NAME, | |
842 "Certificate Issuer Alt Name", | |
843 CKM_INVALID_MECHANISM, FAKE_SUPPORTED_CERT_EXTENSION ), | |
844 OD( x509BasicConstraints, SEC_OID_X509_BASIC_CONSTRAINTS, | |
845 "Certificate Basic Constraints", | |
846 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), | |
847 OD( x509NameConstraints, SEC_OID_X509_NAME_CONSTRAINTS, | |
848 "Certificate Name Constraints", | |
849 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), | |
850 OD( x509CRLDistPoints, SEC_OID_X509_CRL_DIST_POINTS, | |
851 "CRL Distribution Points", | |
852 CKM_INVALID_MECHANISM, FAKE_SUPPORTED_CERT_EXTENSION ), | |
853 OD( x509CertificatePolicies, SEC_OID_X509_CERTIFICATE_POLICIES, | |
854 "Certificate Policies", | |
855 CKM_INVALID_MECHANISM, FAKE_SUPPORTED_CERT_EXTENSION ), | |
856 OD( x509PolicyMappings, SEC_OID_X509_POLICY_MAPPINGS, | |
857 "Certificate Policy Mappings", | |
858 CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ), | |
859 OD( x509PolicyConstraints, SEC_OID_X509_POLICY_CONSTRAINTS, | |
860 "Certificate Policy Constraints", | |
861 CKM_INVALID_MECHANISM, FAKE_SUPPORTED_CERT_EXTENSION ), | |
862 OD( x509AuthKeyID, SEC_OID_X509_AUTH_KEY_ID, | |
863 "Certificate Authority Key Identifier", | |
864 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), | |
865 OD( x509ExtKeyUsage, SEC_OID_X509_EXT_KEY_USAGE, | |
866 "Extended Key Usage", | |
867 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), | |
868 OD( x509AuthInfoAccess, SEC_OID_X509_AUTH_INFO_ACCESS, | |
869 "Authority Information Access", | |
870 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), | |
871 | |
872 /* x.509 v3 CRL extensions */ | |
873 OD( x509CRLNumber, SEC_OID_X509_CRL_NUMBER, | |
874 "CRL Number", CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), | |
875 OD( x509ReasonCode, SEC_OID_X509_REASON_CODE, | |
876 "CRL reason code", CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), | |
877 OD( x509InvalidDate, SEC_OID_X509_INVALID_DATE, | |
878 "Invalid Date", CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), | |
879 | |
880 OD( x500RSAEncryption, SEC_OID_X500_RSA_ENCRYPTION, | |
881 "X500 RSA Encryption", CKM_RSA_X_509, INVALID_CERT_EXTENSION ), | |
882 | |
883 /* added for alg 1485 */ | |
884 OD( rfc1274Uid, SEC_OID_RFC1274_UID, | |
885 "RFC1274 User Id", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
886 OD( rfc1274Mail, SEC_OID_RFC1274_MAIL, | |
887 "RFC1274 E-mail Address", | |
888 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
889 | |
890 /* pkcs 12 additions */ | |
891 OD( pkcs12, SEC_OID_PKCS12, | |
892 "PKCS #12", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
893 OD( pkcs12ModeIDs, SEC_OID_PKCS12_MODE_IDS, | |
894 "PKCS #12 Mode IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
895 OD( pkcs12ESPVKIDs, SEC_OID_PKCS12_ESPVK_IDS, | |
896 "PKCS #12 ESPVK IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
897 OD( pkcs12BagIDs, SEC_OID_PKCS12_BAG_IDS, | |
898 "PKCS #12 Bag IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
899 OD( pkcs12CertBagIDs, SEC_OID_PKCS12_CERT_BAG_IDS, | |
900 "PKCS #12 Cert Bag IDs", | |
901 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
902 OD( pkcs12OIDs, SEC_OID_PKCS12_OIDS, | |
903 "PKCS #12 OIDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
904 OD( pkcs12PBEIDs, SEC_OID_PKCS12_PBE_IDS, | |
905 "PKCS #12 PBE IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
906 OD( pkcs12SignatureIDs, SEC_OID_PKCS12_SIGNATURE_IDS, | |
907 "PKCS #12 Signature IDs", | |
908 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
909 OD( pkcs12EnvelopingIDs, SEC_OID_PKCS12_ENVELOPING_IDS, | |
910 "PKCS #12 Enveloping IDs", | |
911 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
912 OD( pkcs12PKCS8KeyShrouding, SEC_OID_PKCS12_PKCS8_KEY_SHROUDING, | |
913 "PKCS #12 Key Shrouding", | |
914 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
915 OD( pkcs12KeyBagID, SEC_OID_PKCS12_KEY_BAG_ID, | |
916 "PKCS #12 Key Bag ID", | |
917 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
918 OD( pkcs12CertAndCRLBagID, SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID, | |
919 "PKCS #12 Cert And CRL Bag ID", | |
920 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
921 OD( pkcs12SecretBagID, SEC_OID_PKCS12_SECRET_BAG_ID, | |
922 "PKCS #12 Secret Bag ID", | |
923 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
924 OD( pkcs12X509CertCRLBag, SEC_OID_PKCS12_X509_CERT_CRL_BAG, | |
925 "PKCS #12 X509 Cert CRL Bag", | |
926 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
927 OD( pkcs12SDSICertBag, SEC_OID_PKCS12_SDSI_CERT_BAG, | |
928 "PKCS #12 SDSI Cert Bag", | |
929 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
930 OD( pkcs12PBEWithSha1And128BitRC4, | |
931 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4, | |
932 "PKCS #12 PBE With SHA-1 and 128 Bit RC4", | |
933 CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4, INVALID_CERT_EXTENSION ), | |
934 OD( pkcs12PBEWithSha1And40BitRC4, | |
935 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4, | |
936 "PKCS #12 PBE With SHA-1 and 40 Bit RC4", | |
937 CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4, INVALID_CERT_EXTENSION ), | |
938 OD( pkcs12PBEWithSha1AndTripleDESCBC, | |
939 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC, | |
940 "PKCS #12 PBE With SHA-1 and Triple DES-CBC", | |
941 CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC, INVALID_CERT_EXTENSION ), | |
942 OD( pkcs12PBEWithSha1And128BitRC2CBC, | |
943 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC, | |
944 "PKCS #12 PBE With SHA-1 and 128 Bit RC2 CBC", | |
945 CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC, INVALID_CERT_EXTENSION ), | |
946 OD( pkcs12PBEWithSha1And40BitRC2CBC, | |
947 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC, | |
948 "PKCS #12 PBE With SHA-1 and 40 Bit RC2 CBC", | |
949 CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC, INVALID_CERT_EXTENSION ), | |
950 OD( pkcs12RSAEncryptionWith128BitRC4, | |
951 SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_128_BIT_RC4, | |
952 "PKCS #12 RSA Encryption with 128 Bit RC4", | |
953 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
954 OD( pkcs12RSAEncryptionWith40BitRC4, | |
955 SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_40_BIT_RC4, | |
956 "PKCS #12 RSA Encryption with 40 Bit RC4", | |
957 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
958 OD( pkcs12RSAEncryptionWithTripleDES, | |
959 SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_TRIPLE_DES, | |
960 "PKCS #12 RSA Encryption with Triple DES", | |
961 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
962 OD( pkcs12RSASignatureWithSHA1Digest, | |
963 SEC_OID_PKCS12_RSA_SIGNATURE_WITH_SHA1_DIGEST, | |
964 "PKCS #12 RSA Encryption with Triple DES", | |
965 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
966 | |
967 /* DSA signatures */ | |
968 OD( ansix9DSASignature, SEC_OID_ANSIX9_DSA_SIGNATURE, | |
969 "ANSI X9.57 DSA Signature", CKM_DSA, INVALID_CERT_EXTENSION ), | |
970 OD( ansix9DSASignaturewithSHA1Digest, | |
971 SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST, | |
972 "ANSI X9.57 DSA Signature with SHA-1 Digest", | |
973 CKM_DSA_SHA1, INVALID_CERT_EXTENSION ), | |
974 OD( bogusDSASignaturewithSHA1Digest, | |
975 SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST, | |
976 "FORTEZZA DSA Signature with SHA-1 Digest", | |
977 CKM_DSA_SHA1, INVALID_CERT_EXTENSION ), | |
978 | |
979 /* verisign oids */ | |
980 OD( verisignUserNotices, SEC_OID_VERISIGN_USER_NOTICES, | |
981 "Verisign User Notices", | |
982 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
983 | |
984 /* pkix oids */ | |
985 OD( pkixCPSPointerQualifier, SEC_OID_PKIX_CPS_POINTER_QUALIFIER, | |
986 "PKIX CPS Pointer Qualifier", | |
987 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
988 OD( pkixUserNoticeQualifier, SEC_OID_PKIX_USER_NOTICE_QUALIFIER, | |
989 "PKIX User Notice Qualifier", | |
990 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
991 | |
992 OD( pkixOCSP, SEC_OID_PKIX_OCSP, | |
993 "PKIX Online Certificate Status Protocol", | |
994 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
995 OD( pkixOCSPBasicResponse, SEC_OID_PKIX_OCSP_BASIC_RESPONSE, | |
996 "OCSP Basic Response", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
997 OD( pkixOCSPNonce, SEC_OID_PKIX_OCSP_NONCE, | |
998 "OCSP Nonce Extension", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
999 OD( pkixOCSPCRL, SEC_OID_PKIX_OCSP_CRL, | |
1000 "OCSP CRL Reference Extension", | |
1001 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1002 OD( pkixOCSPResponse, SEC_OID_PKIX_OCSP_RESPONSE, | |
1003 "OCSP Response Types Extension", | |
1004 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1005 OD( pkixOCSPNoCheck, SEC_OID_PKIX_OCSP_NO_CHECK, | |
1006 "OCSP No Check Extension", | |
1007 CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), | |
1008 OD( pkixOCSPArchiveCutoff, SEC_OID_PKIX_OCSP_ARCHIVE_CUTOFF, | |
1009 "OCSP Archive Cutoff Extension", | |
1010 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1011 OD( pkixOCSPServiceLocator, SEC_OID_PKIX_OCSP_SERVICE_LOCATOR, | |
1012 "OCSP Service Locator Extension", | |
1013 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1014 | |
1015 OD( pkixRegCtrlRegToken, SEC_OID_PKIX_REGCTRL_REGTOKEN, | |
1016 "PKIX CRMF Registration Control, Registration Token", | |
1017 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1018 OD( pkixRegCtrlAuthenticator, SEC_OID_PKIX_REGCTRL_AUTHENTICATOR, | |
1019 "PKIX CRMF Registration Control, Registration Authenticator", | |
1020 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1021 OD( pkixRegCtrlPKIPubInfo, SEC_OID_PKIX_REGCTRL_PKIPUBINFO, | |
1022 "PKIX CRMF Registration Control, PKI Publication Info", | |
1023 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), | |
1024 OD( pkixRegCtrlPKIArchOptions, | |
1025 SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS, | |
1026 "PKIX CRMF Registration Control, PKI Archive Options", | |
1027 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), | |
1028 OD( pkixRegCtrlOldCertID, SEC_OID_PKIX_REGCTRL_OLD_CERT_ID, | |
1029 "PKIX CRMF Registration Control, Old Certificate ID", | |
1030 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), | |
1031 OD( pkixRegCtrlProtEncKey, SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY, | |
1032 "PKIX CRMF Registration Control, Protocol Encryption Key", | |
1033 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), | |
1034 OD( pkixRegInfoUTF8Pairs, SEC_OID_PKIX_REGINFO_UTF8_PAIRS, | |
1035 "PKIX CRMF Registration Info, UTF8 Pairs", | |
1036 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), | |
1037 OD( pkixRegInfoCertReq, SEC_OID_PKIX_REGINFO_CERT_REQUEST, | |
1038 "PKIX CRMF Registration Info, Certificate Request", | |
1039 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), | |
1040 OD( pkixExtendedKeyUsageServerAuth, | |
1041 SEC_OID_EXT_KEY_USAGE_SERVER_AUTH, | |
1042 "TLS Web Server Authentication Certificate", | |
1043 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), | |
1044 OD( pkixExtendedKeyUsageClientAuth, | |
1045 SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH, | |
1046 "TLS Web Client Authentication Certificate", | |
1047 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), | |
1048 OD( pkixExtendedKeyUsageCodeSign, SEC_OID_EXT_KEY_USAGE_CODE_SIGN, | |
1049 "Code Signing Certificate", | |
1050 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), | |
1051 OD( pkixExtendedKeyUsageEMailProtect, | |
1052 SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT, | |
1053 "E-Mail Protection Certificate", | |
1054 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), | |
1055 OD( pkixExtendedKeyUsageTimeStamp, | |
1056 SEC_OID_EXT_KEY_USAGE_TIME_STAMP, | |
1057 "Time Stamping Certifcate", | |
1058 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), | |
1059 OD( pkixOCSPResponderExtendedKeyUsage, SEC_OID_OCSP_RESPONDER, | |
1060 "OCSP Responder Certificate", | |
1061 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), | |
1062 | |
1063 /* Netscape Algorithm OIDs */ | |
1064 | |
1065 OD( netscapeSMimeKEA, SEC_OID_NETSCAPE_SMIME_KEA, | |
1066 "Netscape S/MIME KEA", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1067 | |
1068 /* Skipjack OID -- ### mwelch temporary */ | |
1069 OD( skipjackCBC, SEC_OID_FORTEZZA_SKIPJACK, | |
1070 "Skipjack CBC64", CKM_SKIPJACK_CBC64, INVALID_CERT_EXTENSION ), | |
1071 | |
1072 /* pkcs12 v2 oids */ | |
1073 OD( pkcs12V2PBEWithSha1And128BitRC4, | |
1074 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4, | |
1075 "PKCS #12 V2 PBE With SHA-1 And 128 Bit RC4", | |
1076 CKM_PBE_SHA1_RC4_128, INVALID_CERT_EXTENSION ), | |
1077 OD( pkcs12V2PBEWithSha1And40BitRC4, | |
1078 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4, | |
1079 "PKCS #12 V2 PBE With SHA-1 And 40 Bit RC4", | |
1080 CKM_PBE_SHA1_RC4_40, INVALID_CERT_EXTENSION ), | |
1081 OD( pkcs12V2PBEWithSha1And3KeyTripleDEScbc, | |
1082 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC, | |
1083 "PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC", | |
1084 CKM_PBE_SHA1_DES3_EDE_CBC, INVALID_CERT_EXTENSION ), | |
1085 OD( pkcs12V2PBEWithSha1And2KeyTripleDEScbc, | |
1086 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC, | |
1087 "PKCS #12 V2 PBE With SHA-1 And 2KEY Triple DES-CBC", | |
1088 CKM_PBE_SHA1_DES2_EDE_CBC, INVALID_CERT_EXTENSION ), | |
1089 OD( pkcs12V2PBEWithSha1And128BitRC2cbc, | |
1090 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC, | |
1091 "PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC", | |
1092 CKM_PBE_SHA1_RC2_128_CBC, INVALID_CERT_EXTENSION ), | |
1093 OD( pkcs12V2PBEWithSha1And40BitRC2cbc, | |
1094 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC, | |
1095 "PKCS #12 V2 PBE With SHA-1 And 40 Bit RC2 CBC", | |
1096 CKM_PBE_SHA1_RC2_40_CBC, INVALID_CERT_EXTENSION ), | |
1097 OD( pkcs12SafeContentsID, SEC_OID_PKCS12_SAFE_CONTENTS_ID, | |
1098 "PKCS #12 Safe Contents ID", | |
1099 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1100 OD( pkcs12PKCS8ShroudedKeyBagID, | |
1101 SEC_OID_PKCS12_PKCS8_SHROUDED_KEY_BAG_ID, | |
1102 "PKCS #12 Safe Contents ID", | |
1103 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1104 OD( pkcs12V1KeyBag, SEC_OID_PKCS12_V1_KEY_BAG_ID, | |
1105 "PKCS #12 V1 Key Bag", | |
1106 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1107 OD( pkcs12V1PKCS8ShroudedKeyBag, | |
1108 SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID, | |
1109 "PKCS #12 V1 PKCS8 Shrouded Key Bag", | |
1110 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1111 OD( pkcs12V1CertBag, SEC_OID_PKCS12_V1_CERT_BAG_ID, | |
1112 "PKCS #12 V1 Cert Bag", | |
1113 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1114 OD( pkcs12V1CRLBag, SEC_OID_PKCS12_V1_CRL_BAG_ID, | |
1115 "PKCS #12 V1 CRL Bag", | |
1116 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1117 OD( pkcs12V1SecretBag, SEC_OID_PKCS12_V1_SECRET_BAG_ID, | |
1118 "PKCS #12 V1 Secret Bag", | |
1119 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1120 OD( pkcs12V1SafeContentsBag, SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID, | |
1121 "PKCS #12 V1 Safe Contents Bag", | |
1122 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1123 | |
1124 OD( pkcs9X509Certificate, SEC_OID_PKCS9_X509_CERT, | |
1125 "PKCS #9 X509 Certificate", | |
1126 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1127 OD( pkcs9SDSICertificate, SEC_OID_PKCS9_SDSI_CERT, | |
1128 "PKCS #9 SDSI Certificate", | |
1129 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1130 OD( pkcs9X509CRL, SEC_OID_PKCS9_X509_CRL, | |
1131 "PKCS #9 X509 CRL", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1132 OD( pkcs9FriendlyName, SEC_OID_PKCS9_FRIENDLY_NAME, | |
1133 "PKCS #9 Friendly Name", | |
1134 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1135 OD( pkcs9LocalKeyID, SEC_OID_PKCS9_LOCAL_KEY_ID, | |
1136 "PKCS #9 Local Key ID", | |
1137 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1138 OD( pkcs12KeyUsageAttr, SEC_OID_BOGUS_KEY_USAGE, | |
1139 "Bogus Key Usage", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1140 OD( dhPublicKey, SEC_OID_X942_DIFFIE_HELMAN_KEY, | |
1141 "Diffie-Helman Public Key", CKM_DH_PKCS_DERIVE, | |
1142 INVALID_CERT_EXTENSION ), | |
1143 OD( netscapeNickname, SEC_OID_NETSCAPE_NICKNAME, | |
1144 "Netscape Nickname", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1145 | |
1146 /* Cert Server specific OIDs */ | |
1147 OD( netscapeRecoveryRequest, SEC_OID_NETSCAPE_RECOVERY_REQUEST, | |
1148 "Recovery Request OID", | |
1149 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1150 | |
1151 OD( nsExtAIACertRenewal, SEC_OID_CERT_RENEWAL_LOCATOR, | |
1152 "Certificate Renewal Locator OID", CKM_INVALID_MECHANISM, | |
1153 INVALID_CERT_EXTENSION ), | |
1154 | |
1155 OD( nsExtCertScopeOfUse, SEC_OID_NS_CERT_EXT_SCOPE_OF_USE, | |
1156 "Certificate Scope-of-Use Extension", CKM_INVALID_MECHANISM, | |
1157 SUPPORTED_CERT_EXTENSION ), | |
1158 | |
1159 /* CMS stuff */ | |
1160 OD( cmsESDH, SEC_OID_CMS_EPHEMERAL_STATIC_DIFFIE_HELLMAN, | |
1161 "Ephemeral-Static Diffie-Hellman", CKM_INVALID_MECHANISM /* XXX */, | |
1162 INVALID_CERT_EXTENSION ), | |
1163 OD( cms3DESwrap, SEC_OID_CMS_3DES_KEY_WRAP, | |
1164 "CMS Triple DES Key Wrap", CKM_INVALID_MECHANISM /* XXX */, | |
1165 INVALID_CERT_EXTENSION ), | |
1166 OD( cmsRC2wrap, SEC_OID_CMS_RC2_KEY_WRAP, | |
1167 "CMS RC2 Key Wrap", CKM_INVALID_MECHANISM /* XXX */, | |
1168 INVALID_CERT_EXTENSION ), | |
1169 OD( smimeEncryptionKeyPreference, SEC_OID_SMIME_ENCRYPTION_KEY_PREFERENCE, | |
1170 "S/MIME Encryption Key Preference", | |
1171 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1172 | |
1173 /* AES algorithm OIDs */ | |
1174 OD( aes128_ECB, SEC_OID_AES_128_ECB, | |
1175 "AES-128-ECB", CKM_AES_ECB, INVALID_CERT_EXTENSION ), | |
1176 OD( aes128_CBC, SEC_OID_AES_128_CBC, | |
1177 "AES-128-CBC", CKM_AES_CBC, INVALID_CERT_EXTENSION ), | |
1178 OD( aes192_ECB, SEC_OID_AES_192_ECB, | |
1179 "AES-192-ECB", CKM_AES_ECB, INVALID_CERT_EXTENSION ), | |
1180 OD( aes192_CBC, SEC_OID_AES_192_CBC, | |
1181 "AES-192-CBC", CKM_AES_CBC, INVALID_CERT_EXTENSION ), | |
1182 OD( aes256_ECB, SEC_OID_AES_256_ECB, | |
1183 "AES-256-ECB", CKM_AES_ECB, INVALID_CERT_EXTENSION ), | |
1184 OD( aes256_CBC, SEC_OID_AES_256_CBC, | |
1185 "AES-256-CBC", CKM_AES_CBC, INVALID_CERT_EXTENSION ), | |
1186 | |
1187 /* More bogus DSA OIDs */ | |
1188 OD( sdn702DSASignature, SEC_OID_SDN702_DSA_SIGNATURE, | |
1189 "SDN.702 DSA Signature", CKM_DSA_SHA1, INVALID_CERT_EXTENSION ), | |
1190 | |
1191 OD( ms_smimeEncryptionKeyPreference, | |
1192 SEC_OID_MS_SMIME_ENCRYPTION_KEY_PREFERENCE, | |
1193 "Microsoft S/MIME Encryption Key Preference", | |
1194 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1195 | |
1196 OD( sha256, SEC_OID_SHA256, "SHA-256", CKM_SHA256, INVALID_CERT_EXTENSION), | |
1197 OD( sha384, SEC_OID_SHA384, "SHA-384", CKM_SHA384, INVALID_CERT_EXTENSION), | |
1198 OD( sha512, SEC_OID_SHA512, "SHA-512", CKM_SHA512, INVALID_CERT_EXTENSION), | |
1199 | |
1200 OD( pkcs1SHA256WithRSAEncryption, SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION, | |
1201 "PKCS #1 SHA-256 With RSA Encryption", CKM_SHA256_RSA_PKCS, | |
1202 INVALID_CERT_EXTENSION ), | |
1203 OD( pkcs1SHA384WithRSAEncryption, SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION, | |
1204 "PKCS #1 SHA-384 With RSA Encryption", CKM_SHA384_RSA_PKCS, | |
1205 INVALID_CERT_EXTENSION ), | |
1206 OD( pkcs1SHA512WithRSAEncryption, SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION, | |
1207 "PKCS #1 SHA-512 With RSA Encryption", CKM_SHA512_RSA_PKCS, | |
1208 INVALID_CERT_EXTENSION ), | |
1209 | |
1210 OD( aes128_KEY_WRAP, SEC_OID_AES_128_KEY_WRAP, | |
1211 "AES-128 Key Wrap", CKM_NSS_AES_KEY_WRAP, INVALID_CERT_EXTENSION), | |
1212 OD( aes192_KEY_WRAP, SEC_OID_AES_192_KEY_WRAP, | |
1213 "AES-192 Key Wrap", CKM_NSS_AES_KEY_WRAP, INVALID_CERT_EXTENSION), | |
1214 OD( aes256_KEY_WRAP, SEC_OID_AES_256_KEY_WRAP, | |
1215 "AES-256 Key Wrap", CKM_NSS_AES_KEY_WRAP, INVALID_CERT_EXTENSION), | |
1216 | |
1217 /* Elliptic Curve Cryptography (ECC) OIDs */ | |
1218 OD( ansix962ECPublicKey, SEC_OID_ANSIX962_EC_PUBLIC_KEY, | |
1219 "X9.62 elliptic curve public key", CKM_ECDH1_DERIVE, | |
1220 INVALID_CERT_EXTENSION ), | |
1221 OD( ansix962SignaturewithSHA1Digest, | |
1222 SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE, | |
1223 "X9.62 ECDSA signature with SHA-1", CKM_ECDSA_SHA1, | |
1224 INVALID_CERT_EXTENSION ), | |
1225 | |
1226 /* Named curves */ | |
1227 | |
1228 /* ANSI X9.62 named elliptic curves (prime field) */ | |
1229 OD( ansiX962prime192v1, SEC_OID_ANSIX962_EC_PRIME192V1, | |
1230 "ANSI X9.62 elliptic curve prime192v1 (aka secp192r1, NIST P-192)", | |
1231 CKM_INVALID_MECHANISM, | |
1232 INVALID_CERT_EXTENSION ), | |
1233 OD( ansiX962prime192v2, SEC_OID_ANSIX962_EC_PRIME192V2, | |
1234 "ANSI X9.62 elliptic curve prime192v2", | |
1235 CKM_INVALID_MECHANISM, | |
1236 INVALID_CERT_EXTENSION ), | |
1237 OD( ansiX962prime192v3, SEC_OID_ANSIX962_EC_PRIME192V3, | |
1238 "ANSI X9.62 elliptic curve prime192v3", | |
1239 CKM_INVALID_MECHANISM, | |
1240 INVALID_CERT_EXTENSION ), | |
1241 OD( ansiX962prime239v1, SEC_OID_ANSIX962_EC_PRIME239V1, | |
1242 "ANSI X9.62 elliptic curve prime239v1", | |
1243 CKM_INVALID_MECHANISM, | |
1244 INVALID_CERT_EXTENSION ), | |
1245 OD( ansiX962prime239v2, SEC_OID_ANSIX962_EC_PRIME239V2, | |
1246 "ANSI X9.62 elliptic curve prime239v2", | |
1247 CKM_INVALID_MECHANISM, | |
1248 INVALID_CERT_EXTENSION ), | |
1249 OD( ansiX962prime239v3, SEC_OID_ANSIX962_EC_PRIME239V3, | |
1250 "ANSI X9.62 elliptic curve prime239v3", | |
1251 CKM_INVALID_MECHANISM, | |
1252 INVALID_CERT_EXTENSION ), | |
1253 OD( ansiX962prime256v1, SEC_OID_ANSIX962_EC_PRIME256V1, | |
1254 "ANSI X9.62 elliptic curve prime256v1 (aka secp256r1, NIST P-256)", | |
1255 CKM_INVALID_MECHANISM, | |
1256 INVALID_CERT_EXTENSION ), | |
1257 | |
1258 /* SECG named elliptic curves (prime field) */ | |
1259 OD( secgECsecp112r1, SEC_OID_SECG_EC_SECP112R1, | |
1260 "SECG elliptic curve secp112r1", | |
1261 CKM_INVALID_MECHANISM, | |
1262 INVALID_CERT_EXTENSION ), | |
1263 OD( secgECsecp112r2, SEC_OID_SECG_EC_SECP112R2, | |
1264 "SECG elliptic curve secp112r2", | |
1265 CKM_INVALID_MECHANISM, | |
1266 INVALID_CERT_EXTENSION ), | |
1267 OD( secgECsecp128r1, SEC_OID_SECG_EC_SECP128R1, | |
1268 "SECG elliptic curve secp128r1", | |
1269 CKM_INVALID_MECHANISM, | |
1270 INVALID_CERT_EXTENSION ), | |
1271 OD( secgECsecp128r2, SEC_OID_SECG_EC_SECP128R2, | |
1272 "SECG elliptic curve secp128r2", | |
1273 CKM_INVALID_MECHANISM, | |
1274 INVALID_CERT_EXTENSION ), | |
1275 OD( secgECsecp160k1, SEC_OID_SECG_EC_SECP160K1, | |
1276 "SECG elliptic curve secp160k1", | |
1277 CKM_INVALID_MECHANISM, | |
1278 INVALID_CERT_EXTENSION ), | |
1279 OD( secgECsecp160r1, SEC_OID_SECG_EC_SECP160R1, | |
1280 "SECG elliptic curve secp160r1", | |
1281 CKM_INVALID_MECHANISM, | |
1282 INVALID_CERT_EXTENSION ), | |
1283 OD( secgECsecp160r2, SEC_OID_SECG_EC_SECP160R2, | |
1284 "SECG elliptic curve secp160r2", | |
1285 CKM_INVALID_MECHANISM, | |
1286 INVALID_CERT_EXTENSION ), | |
1287 OD( secgECsecp192k1, SEC_OID_SECG_EC_SECP192K1, | |
1288 "SECG elliptic curve secp192k1", | |
1289 CKM_INVALID_MECHANISM, | |
1290 INVALID_CERT_EXTENSION ), | |
1291 OD( secgECsecp224k1, SEC_OID_SECG_EC_SECP224K1, | |
1292 "SECG elliptic curve secp224k1", | |
1293 CKM_INVALID_MECHANISM, | |
1294 INVALID_CERT_EXTENSION ), | |
1295 OD( secgECsecp224r1, SEC_OID_SECG_EC_SECP224R1, | |
1296 "SECG elliptic curve secp224r1 (aka NIST P-224)", | |
1297 CKM_INVALID_MECHANISM, | |
1298 INVALID_CERT_EXTENSION ), | |
1299 OD( secgECsecp256k1, SEC_OID_SECG_EC_SECP256K1, | |
1300 "SECG elliptic curve secp256k1", | |
1301 CKM_INVALID_MECHANISM, | |
1302 INVALID_CERT_EXTENSION ), | |
1303 OD( secgECsecp384r1, SEC_OID_SECG_EC_SECP384R1, | |
1304 "SECG elliptic curve secp384r1 (aka NIST P-384)", | |
1305 CKM_INVALID_MECHANISM, | |
1306 INVALID_CERT_EXTENSION ), | |
1307 OD( secgECsecp521r1, SEC_OID_SECG_EC_SECP521R1, | |
1308 "SECG elliptic curve secp521r1 (aka NIST P-521)", | |
1309 CKM_INVALID_MECHANISM, | |
1310 INVALID_CERT_EXTENSION ), | |
1311 | |
1312 /* ANSI X9.62 named elliptic curves (characteristic two field) */ | |
1313 OD( ansiX962c2pnb163v1, SEC_OID_ANSIX962_EC_C2PNB163V1, | |
1314 "ANSI X9.62 elliptic curve c2pnb163v1", | |
1315 CKM_INVALID_MECHANISM, | |
1316 INVALID_CERT_EXTENSION ), | |
1317 OD( ansiX962c2pnb163v2, SEC_OID_ANSIX962_EC_C2PNB163V2, | |
1318 "ANSI X9.62 elliptic curve c2pnb163v2", | |
1319 CKM_INVALID_MECHANISM, | |
1320 INVALID_CERT_EXTENSION ), | |
1321 OD( ansiX962c2pnb163v3, SEC_OID_ANSIX962_EC_C2PNB163V3, | |
1322 "ANSI X9.62 elliptic curve c2pnb163v3", | |
1323 CKM_INVALID_MECHANISM, | |
1324 INVALID_CERT_EXTENSION ), | |
1325 OD( ansiX962c2pnb176v1, SEC_OID_ANSIX962_EC_C2PNB176V1, | |
1326 "ANSI X9.62 elliptic curve c2pnb176v1", | |
1327 CKM_INVALID_MECHANISM, | |
1328 INVALID_CERT_EXTENSION ), | |
1329 OD( ansiX962c2tnb191v1, SEC_OID_ANSIX962_EC_C2TNB191V1, | |
1330 "ANSI X9.62 elliptic curve c2tnb191v1", | |
1331 CKM_INVALID_MECHANISM, | |
1332 INVALID_CERT_EXTENSION ), | |
1333 OD( ansiX962c2tnb191v2, SEC_OID_ANSIX962_EC_C2TNB191V2, | |
1334 "ANSI X9.62 elliptic curve c2tnb191v2", | |
1335 CKM_INVALID_MECHANISM, | |
1336 INVALID_CERT_EXTENSION ), | |
1337 OD( ansiX962c2tnb191v3, SEC_OID_ANSIX962_EC_C2TNB191V3, | |
1338 "ANSI X9.62 elliptic curve c2tnb191v3", | |
1339 CKM_INVALID_MECHANISM, | |
1340 INVALID_CERT_EXTENSION ), | |
1341 OD( ansiX962c2onb191v4, SEC_OID_ANSIX962_EC_C2ONB191V4, | |
1342 "ANSI X9.62 elliptic curve c2onb191v4", | |
1343 CKM_INVALID_MECHANISM, | |
1344 INVALID_CERT_EXTENSION ), | |
1345 OD( ansiX962c2onb191v5, SEC_OID_ANSIX962_EC_C2ONB191V5, | |
1346 "ANSI X9.62 elliptic curve c2onb191v5", | |
1347 CKM_INVALID_MECHANISM, | |
1348 INVALID_CERT_EXTENSION ), | |
1349 OD( ansiX962c2pnb208w1, SEC_OID_ANSIX962_EC_C2PNB208W1, | |
1350 "ANSI X9.62 elliptic curve c2pnb208w1", | |
1351 CKM_INVALID_MECHANISM, | |
1352 INVALID_CERT_EXTENSION ), | |
1353 OD( ansiX962c2tnb239v1, SEC_OID_ANSIX962_EC_C2TNB239V1, | |
1354 "ANSI X9.62 elliptic curve c2tnb239v1", | |
1355 CKM_INVALID_MECHANISM, | |
1356 INVALID_CERT_EXTENSION ), | |
1357 OD( ansiX962c2tnb239v2, SEC_OID_ANSIX962_EC_C2TNB239V2, | |
1358 "ANSI X9.62 elliptic curve c2tnb239v2", | |
1359 CKM_INVALID_MECHANISM, | |
1360 INVALID_CERT_EXTENSION ), | |
1361 OD( ansiX962c2tnb239v3, SEC_OID_ANSIX962_EC_C2TNB239V3, | |
1362 "ANSI X9.62 elliptic curve c2tnb239v3", | |
1363 CKM_INVALID_MECHANISM, | |
1364 INVALID_CERT_EXTENSION ), | |
1365 OD( ansiX962c2onb239v4, SEC_OID_ANSIX962_EC_C2ONB239V4, | |
1366 "ANSI X9.62 elliptic curve c2onb239v4", | |
1367 CKM_INVALID_MECHANISM, | |
1368 INVALID_CERT_EXTENSION ), | |
1369 OD( ansiX962c2onb239v5, SEC_OID_ANSIX962_EC_C2ONB239V5, | |
1370 "ANSI X9.62 elliptic curve c2onb239v5", | |
1371 CKM_INVALID_MECHANISM, | |
1372 INVALID_CERT_EXTENSION ), | |
1373 OD( ansiX962c2pnb272w1, SEC_OID_ANSIX962_EC_C2PNB272W1, | |
1374 "ANSI X9.62 elliptic curve c2pnb272w1", | |
1375 CKM_INVALID_MECHANISM, | |
1376 INVALID_CERT_EXTENSION ), | |
1377 OD( ansiX962c2pnb304w1, SEC_OID_ANSIX962_EC_C2PNB304W1, | |
1378 "ANSI X9.62 elliptic curve c2pnb304w1", | |
1379 CKM_INVALID_MECHANISM, | |
1380 INVALID_CERT_EXTENSION ), | |
1381 OD( ansiX962c2tnb359v1, SEC_OID_ANSIX962_EC_C2TNB359V1, | |
1382 "ANSI X9.62 elliptic curve c2tnb359v1", | |
1383 CKM_INVALID_MECHANISM, | |
1384 INVALID_CERT_EXTENSION ), | |
1385 OD( ansiX962c2pnb368w1, SEC_OID_ANSIX962_EC_C2PNB368W1, | |
1386 "ANSI X9.62 elliptic curve c2pnb368w1", | |
1387 CKM_INVALID_MECHANISM, | |
1388 INVALID_CERT_EXTENSION ), | |
1389 OD( ansiX962c2tnb431r1, SEC_OID_ANSIX962_EC_C2TNB431R1, | |
1390 "ANSI X9.62 elliptic curve c2tnb431r1", | |
1391 CKM_INVALID_MECHANISM, | |
1392 INVALID_CERT_EXTENSION ), | |
1393 | |
1394 /* SECG named elliptic curves (characterisitic two field) */ | |
1395 OD( secgECsect113r1, SEC_OID_SECG_EC_SECT113R1, | |
1396 "SECG elliptic curve sect113r1", | |
1397 CKM_INVALID_MECHANISM, | |
1398 INVALID_CERT_EXTENSION ), | |
1399 OD( secgECsect113r2, SEC_OID_SECG_EC_SECT113R2, | |
1400 "SECG elliptic curve sect113r2", | |
1401 CKM_INVALID_MECHANISM, | |
1402 INVALID_CERT_EXTENSION ), | |
1403 OD( secgECsect131r1, SEC_OID_SECG_EC_SECT131R1, | |
1404 "SECG elliptic curve sect131r1", | |
1405 CKM_INVALID_MECHANISM, | |
1406 INVALID_CERT_EXTENSION ), | |
1407 OD( secgECsect131r2, SEC_OID_SECG_EC_SECT131R2, | |
1408 "SECG elliptic curve sect131r2", | |
1409 CKM_INVALID_MECHANISM, | |
1410 INVALID_CERT_EXTENSION ), | |
1411 OD( secgECsect163k1, SEC_OID_SECG_EC_SECT163K1, | |
1412 "SECG elliptic curve sect163k1 (aka NIST K-163)", | |
1413 CKM_INVALID_MECHANISM, | |
1414 INVALID_CERT_EXTENSION ), | |
1415 OD( secgECsect163r1, SEC_OID_SECG_EC_SECT163R1, | |
1416 "SECG elliptic curve sect163r1", | |
1417 CKM_INVALID_MECHANISM, | |
1418 INVALID_CERT_EXTENSION ), | |
1419 OD( secgECsect163r2, SEC_OID_SECG_EC_SECT163R2, | |
1420 "SECG elliptic curve sect163r2 (aka NIST B-163)", | |
1421 CKM_INVALID_MECHANISM, | |
1422 INVALID_CERT_EXTENSION ), | |
1423 OD( secgECsect193r1, SEC_OID_SECG_EC_SECT193R1, | |
1424 "SECG elliptic curve sect193r1", | |
1425 CKM_INVALID_MECHANISM, | |
1426 INVALID_CERT_EXTENSION ), | |
1427 OD( secgECsect193r2, SEC_OID_SECG_EC_SECT193R2, | |
1428 "SECG elliptic curve sect193r2", | |
1429 CKM_INVALID_MECHANISM, | |
1430 INVALID_CERT_EXTENSION ), | |
1431 OD( secgECsect233k1, SEC_OID_SECG_EC_SECT233K1, | |
1432 "SECG elliptic curve sect233k1 (aka NIST K-233)", | |
1433 CKM_INVALID_MECHANISM, | |
1434 INVALID_CERT_EXTENSION ), | |
1435 OD( secgECsect233r1, SEC_OID_SECG_EC_SECT233R1, | |
1436 "SECG elliptic curve sect233r1 (aka NIST B-233)", | |
1437 CKM_INVALID_MECHANISM, | |
1438 INVALID_CERT_EXTENSION ), | |
1439 OD( secgECsect239k1, SEC_OID_SECG_EC_SECT239K1, | |
1440 "SECG elliptic curve sect239k1", | |
1441 CKM_INVALID_MECHANISM, | |
1442 INVALID_CERT_EXTENSION ), | |
1443 OD( secgECsect283k1, SEC_OID_SECG_EC_SECT283K1, | |
1444 "SECG elliptic curve sect283k1 (aka NIST K-283)", | |
1445 CKM_INVALID_MECHANISM, | |
1446 INVALID_CERT_EXTENSION ), | |
1447 OD( secgECsect283r1, SEC_OID_SECG_EC_SECT283R1, | |
1448 "SECG elliptic curve sect283r1 (aka NIST B-283)", | |
1449 CKM_INVALID_MECHANISM, | |
1450 INVALID_CERT_EXTENSION ), | |
1451 OD( secgECsect409k1, SEC_OID_SECG_EC_SECT409K1, | |
1452 "SECG elliptic curve sect409k1 (aka NIST K-409)", | |
1453 CKM_INVALID_MECHANISM, | |
1454 INVALID_CERT_EXTENSION ), | |
1455 OD( secgECsect409r1, SEC_OID_SECG_EC_SECT409R1, | |
1456 "SECG elliptic curve sect409r1 (aka NIST B-409)", | |
1457 CKM_INVALID_MECHANISM, | |
1458 INVALID_CERT_EXTENSION ), | |
1459 OD( secgECsect571k1, SEC_OID_SECG_EC_SECT571K1, | |
1460 "SECG elliptic curve sect571k1 (aka NIST K-571)", | |
1461 CKM_INVALID_MECHANISM, | |
1462 INVALID_CERT_EXTENSION ), | |
1463 OD( secgECsect571r1, SEC_OID_SECG_EC_SECT571R1, | |
1464 "SECG elliptic curve sect571r1 (aka NIST B-571)", | |
1465 CKM_INVALID_MECHANISM, | |
1466 INVALID_CERT_EXTENSION ), | |
1467 | |
1468 OD( netscapeAOLScreenname, SEC_OID_NETSCAPE_AOLSCREENNAME, | |
1469 "AOL Screenname", CKM_INVALID_MECHANISM, | |
1470 INVALID_CERT_EXTENSION ), | |
1471 | |
1472 OD( x520SurName, SEC_OID_AVA_SURNAME, | |
1473 "X520 Title", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1474 OD( x520SerialNumber, SEC_OID_AVA_SERIAL_NUMBER, | |
1475 "X520 Serial Number", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1476 OD( x520StreetAddress, SEC_OID_AVA_STREET_ADDRESS, | |
1477 "X520 Street Address", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1478 OD( x520Title, SEC_OID_AVA_TITLE, | |
1479 "X520 Title", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1480 OD( x520PostalAddress, SEC_OID_AVA_POSTAL_ADDRESS, | |
1481 "X520 Postal Address", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1482 OD( x520PostalCode, SEC_OID_AVA_POSTAL_CODE, | |
1483 "X520 Postal Code", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1484 OD( x520PostOfficeBox, SEC_OID_AVA_POST_OFFICE_BOX, | |
1485 "X520 Post Office Box", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1486 OD( x520GivenName, SEC_OID_AVA_GIVEN_NAME, | |
1487 "X520 Given Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1488 OD( x520Initials, SEC_OID_AVA_INITIALS, | |
1489 "X520 Initials", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1490 OD( x520GenerationQualifier, SEC_OID_AVA_GENERATION_QUALIFIER, | |
1491 "X520 Generation Qualifier", | |
1492 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1493 OD( x520HouseIdentifier, SEC_OID_AVA_HOUSE_IDENTIFIER, | |
1494 "X520 House Identifier", | |
1495 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1496 OD( x520Pseudonym, SEC_OID_AVA_PSEUDONYM, | |
1497 "X520 Pseudonym", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1498 | |
1499 /* More OIDs */ | |
1500 OD( pkixCAIssuers, SEC_OID_PKIX_CA_ISSUERS, | |
1501 "PKIX CA issuers access method", | |
1502 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1503 OD( pkcs9ExtensionRequest, SEC_OID_PKCS9_EXTENSION_REQUEST, | |
1504 "PKCS #9 Extension Request", | |
1505 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1506 | |
1507 /* more ECC Signature Oids */ | |
1508 OD( ansix962SignatureRecommended, | |
1509 SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST, | |
1510 "X9.62 ECDSA signature with recommended digest", CKM_INVALID_MECHANISM, | |
1511 INVALID_CERT_EXTENSION ), | |
1512 OD( ansix962SignatureSpecified, | |
1513 SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST, | |
1514 "X9.62 ECDSA signature with specified digest", CKM_ECDSA, | |
1515 INVALID_CERT_EXTENSION ), | |
1516 OD( ansix962SignaturewithSHA224Digest, | |
1517 SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE, | |
1518 "X9.62 ECDSA signature with SHA224", CKM_INVALID_MECHANISM, | |
1519 INVALID_CERT_EXTENSION ), | |
1520 OD( ansix962SignaturewithSHA256Digest, | |
1521 SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE, | |
1522 "X9.62 ECDSA signature with SHA256", CKM_INVALID_MECHANISM, | |
1523 INVALID_CERT_EXTENSION ), | |
1524 OD( ansix962SignaturewithSHA384Digest, | |
1525 SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE, | |
1526 "X9.62 ECDSA signature with SHA384", CKM_INVALID_MECHANISM, | |
1527 INVALID_CERT_EXTENSION ), | |
1528 OD( ansix962SignaturewithSHA512Digest, | |
1529 SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE, | |
1530 "X9.62 ECDSA signature with SHA512", CKM_INVALID_MECHANISM, | |
1531 INVALID_CERT_EXTENSION ), | |
1532 | |
1533 /* More id-ce and id-pe OIDs from RFC 3280 */ | |
1534 OD( x509HoldInstructionCode, SEC_OID_X509_HOLD_INSTRUCTION_CODE, | |
1535 "CRL Hold Instruction Code", CKM_INVALID_MECHANISM, | |
1536 UNSUPPORTED_CERT_EXTENSION ), | |
1537 OD( x509DeltaCRLIndicator, SEC_OID_X509_DELTA_CRL_INDICATOR, | |
1538 "Delta CRL Indicator", CKM_INVALID_MECHANISM, | |
1539 FAKE_SUPPORTED_CERT_EXTENSION ), | |
1540 OD( x509IssuingDistributionPoint, SEC_OID_X509_ISSUING_DISTRIBUTION_POINT, | |
1541 "Issuing Distribution Point", CKM_INVALID_MECHANISM, | |
1542 FAKE_SUPPORTED_CERT_EXTENSION ), | |
1543 OD( x509CertIssuer, SEC_OID_X509_CERT_ISSUER, | |
1544 "Certificate Issuer Extension",CKM_INVALID_MECHANISM, | |
1545 FAKE_SUPPORTED_CERT_EXTENSION ), | |
1546 OD( x509FreshestCRL, SEC_OID_X509_FRESHEST_CRL, | |
1547 "Freshest CRL", CKM_INVALID_MECHANISM, | |
1548 UNSUPPORTED_CERT_EXTENSION ), | |
1549 OD( x509InhibitAnyPolicy, SEC_OID_X509_INHIBIT_ANY_POLICY, | |
1550 "Inhibit Any Policy", CKM_INVALID_MECHANISM, | |
1551 FAKE_SUPPORTED_CERT_EXTENSION ), | |
1552 OD( x509SubjectInfoAccess, SEC_OID_X509_SUBJECT_INFO_ACCESS, | |
1553 "Subject Info Access", CKM_INVALID_MECHANISM, | |
1554 UNSUPPORTED_CERT_EXTENSION ), | |
1555 | |
1556 /* Camellia algorithm OIDs */ | |
1557 OD( camellia128_CBC, SEC_OID_CAMELLIA_128_CBC, | |
1558 "CAMELLIA-128-CBC", CKM_CAMELLIA_CBC, INVALID_CERT_EXTENSION ), | |
1559 OD( camellia192_CBC, SEC_OID_CAMELLIA_192_CBC, | |
1560 "CAMELLIA-192-CBC", CKM_CAMELLIA_CBC, INVALID_CERT_EXTENSION ), | |
1561 OD( camellia256_CBC, SEC_OID_CAMELLIA_256_CBC, | |
1562 "CAMELLIA-256-CBC", CKM_CAMELLIA_CBC, INVALID_CERT_EXTENSION ), | |
1563 | |
1564 /* PKCS 5 v2 OIDS */ | |
1565 OD( pkcs5Pbkdf2, SEC_OID_PKCS5_PBKDF2, | |
1566 "PKCS #5 Password Based Key Dervive Function v2 ", | |
1567 CKM_PKCS5_PBKD2, INVALID_CERT_EXTENSION ), | |
1568 OD( pkcs5Pbes2, SEC_OID_PKCS5_PBES2, | |
1569 "PKCS #5 Password Based Encryption v2 ", | |
1570 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1571 OD( pkcs5Pbmac1, SEC_OID_PKCS5_PBMAC1, | |
1572 "PKCS #5 Password Based Authentication v1 ", | |
1573 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1574 OD( hmac_sha1, SEC_OID_HMAC_SHA1, "HMAC SHA-1", | |
1575 CKM_SHA_1_HMAC, INVALID_CERT_EXTENSION ), | |
1576 OD( hmac_sha224, SEC_OID_HMAC_SHA224, "HMAC SHA-224", | |
1577 CKM_SHA224_HMAC, INVALID_CERT_EXTENSION ), | |
1578 OD( hmac_sha256, SEC_OID_HMAC_SHA256, "HMAC SHA-256", | |
1579 CKM_SHA256_HMAC, INVALID_CERT_EXTENSION ), | |
1580 OD( hmac_sha384, SEC_OID_HMAC_SHA384, "HMAC SHA-384", | |
1581 CKM_SHA384_HMAC, INVALID_CERT_EXTENSION ), | |
1582 OD( hmac_sha512, SEC_OID_HMAC_SHA512, "HMAC SHA-512", | |
1583 CKM_SHA512_HMAC, INVALID_CERT_EXTENSION ), | |
1584 | |
1585 /* SIA extension OIDs */ | |
1586 OD( x509SIATimeStamping, SEC_OID_PKIX_TIMESTAMPING, | |
1587 "SIA Time Stamping", CKM_INVALID_MECHANISM, | |
1588 INVALID_CERT_EXTENSION ), | |
1589 OD( x509SIACaRepository, SEC_OID_PKIX_CA_REPOSITORY, | |
1590 "SIA CA Repository", CKM_INVALID_MECHANISM, | |
1591 INVALID_CERT_EXTENSION ), | |
1592 | |
1593 OD( isoSHA1WithRSASignature, SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE, | |
1594 "ISO SHA-1 with RSA Signature", | |
1595 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1596 | |
1597 /* SEED algorithm OIDs */ | |
1598 OD( seed_CBC, SEC_OID_SEED_CBC, | |
1599 "SEED-CBC", CKM_SEED_CBC, INVALID_CERT_EXTENSION), | |
1600 | |
1601 OD( x509CertificatePoliciesAnyPolicy, SEC_OID_X509_ANY_POLICY, | |
1602 "Certificate Policies AnyPolicy", | |
1603 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1604 | |
1605 OD( pkcs1RSAOAEPEncryption, SEC_OID_PKCS1_RSA_OAEP_ENCRYPTION, | |
1606 "PKCS #1 RSA-OAEP Encryption", CKM_RSA_PKCS_OAEP, | |
1607 INVALID_CERT_EXTENSION ), | |
1608 | |
1609 OD( pkcs1MGF1, SEC_OID_PKCS1_MGF1, | |
1610 "PKCS #1 MGF1 Mask Generation Function", CKM_INVALID_MECHANISM, | |
1611 INVALID_CERT_EXTENSION ), | |
1612 | |
1613 OD( pkcs1PSpecified, SEC_OID_PKCS1_PSPECIFIED, | |
1614 "PKCS #1 RSA-OAEP Explicitly Specified Encoding Parameters", | |
1615 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1616 | |
1617 OD( pkcs1RSAPSSSignature, SEC_OID_PKCS1_RSA_PSS_SIGNATURE, | |
1618 "PKCS #1 RSA-PSS Signature", CKM_RSA_PKCS_PSS, | |
1619 INVALID_CERT_EXTENSION ), | |
1620 | |
1621 OD( pkcs1SHA224WithRSAEncryption, SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION, | |
1622 "PKCS #1 SHA-224 With RSA Encryption", CKM_SHA224_RSA_PKCS, | |
1623 INVALID_CERT_EXTENSION ), | |
1624 | |
1625 OD( sha224, SEC_OID_SHA224, "SHA-224", CKM_SHA224, INVALID_CERT_EXTENSION), | |
1626 | |
1627 OD( evIncorporationLocality, SEC_OID_EV_INCORPORATION_LOCALITY, | |
1628 "Jurisdiction of Incorporation Locality Name", | |
1629 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1630 OD( evIncorporationState, SEC_OID_EV_INCORPORATION_STATE, | |
1631 "Jurisdiction of Incorporation State Name", | |
1632 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1633 OD( evIncorporationCountry, SEC_OID_EV_INCORPORATION_COUNTRY, | |
1634 "Jurisdiction of Incorporation Country Name", | |
1635 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1636 OD( x520BusinessCategory, SEC_OID_BUSINESS_CATEGORY, | |
1637 "Business Category", | |
1638 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1639 | |
1640 OD( nistDSASignaturewithSHA224Digest, | |
1641 SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST, | |
1642 "DSA with SHA-224 Signature", | |
1643 CKM_INVALID_MECHANISM /* not yet defined */, INVALID_CERT_EXTENSION), | |
1644 OD( nistDSASignaturewithSHA256Digest, | |
1645 SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST, | |
1646 "DSA with SHA-256 Signature", | |
1647 CKM_INVALID_MECHANISM /* not yet defined */, INVALID_CERT_EXTENSION), | |
1648 OD( msExtendedKeyUsageTrustListSigning, | |
1649 SEC_OID_MS_EXT_KEY_USAGE_CTL_SIGNING, | |
1650 "Microsoft Trust List Signing", | |
1651 CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1652 OD( x520Name, SEC_OID_AVA_NAME, | |
1653 "X520 Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1654 | |
1655 OD( aes128_GCM, SEC_OID_AES_128_GCM, | |
1656 "AES-128-GCM", CKM_AES_GCM, INVALID_CERT_EXTENSION ), | |
1657 OD( aes192_GCM, SEC_OID_AES_192_GCM, | |
1658 "AES-192-GCM", CKM_AES_GCM, INVALID_CERT_EXTENSION ), | |
1659 OD( aes256_GCM, SEC_OID_AES_256_GCM, | |
1660 "AES-256-GCM", CKM_AES_GCM, INVALID_CERT_EXTENSION ), | |
1661 OD( idea_CBC, SEC_OID_IDEA_CBC, | |
1662 "IDEA_CBC", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1663 | |
1664 ODE( SEC_OID_RC2_40_CBC, | |
1665 "RC2-40-CBC", CKM_RC2_CBC, INVALID_CERT_EXTENSION ), | |
1666 ODE( SEC_OID_DES_40_CBC, | |
1667 "DES-40-CBC", CKM_RC2_CBC, INVALID_CERT_EXTENSION ), | |
1668 ODE( SEC_OID_RC4_40, | |
1669 "RC4-40", CKM_RC4, INVALID_CERT_EXTENSION ), | |
1670 ODE( SEC_OID_RC4_56, | |
1671 "RC4-56", CKM_RC4, INVALID_CERT_EXTENSION ), | |
1672 ODE( SEC_OID_NULL_CIPHER, | |
1673 "NULL cipher", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1674 ODE( SEC_OID_HMAC_MD5, | |
1675 "HMAC-MD5", CKM_MD5_HMAC, INVALID_CERT_EXTENSION ), | |
1676 ODE( SEC_OID_TLS_RSA, | |
1677 "TLS RSA key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), | |
1678 ODE( SEC_OID_TLS_DHE_RSA, | |
1679 "TLS DHE-RSA key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSIO
N ), | |
1680 ODE( SEC_OID_TLS_DHE_DSS, | |
1681 "TLS DHE-DSS key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSIO
N ), | |
1682 ODE( SEC_OID_TLS_DH_RSA, | |
1683 "TLS DH-RSA key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION
), | |
1684 ODE( SEC_OID_TLS_DH_DSS, | |
1685 "TLS DH-DSS key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION
), | |
1686 ODE( SEC_OID_TLS_DH_ANON, | |
1687 "TLS DH-ANON key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSIO
N ), | |
1688 ODE( SEC_OID_TLS_ECDHE_ECDSA, | |
1689 "TLS ECDHE-ECDSA key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTE
NSION ), | |
1690 ODE( SEC_OID_TLS_ECDHE_RSA, | |
1691 "TLS ECDHE-RSA key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENS
ION ), | |
1692 ODE( SEC_OID_TLS_ECDH_ECDSA, | |
1693 "TLS ECDH-ECDSA key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTEN
SION ), | |
1694 ODE( SEC_OID_TLS_ECDH_RSA, | |
1695 "TLS ECDH-RSA key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSI
ON ), | |
1696 ODE( SEC_OID_TLS_ECDH_ANON, | |
1697 "TLS ECDH-ANON key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENS
ION ), | |
1698 ODE( SEC_OID_TLS_RSA_EXPORT, | |
1699 "TLS RSA-EXPORT key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTEN
SION ), | |
1700 ODE( SEC_OID_TLS_DHE_RSA_EXPORT, | |
1701 "TLS DHE-RSA-EXPORT key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_E
XTENSION ), | |
1702 ODE( SEC_OID_TLS_DHE_DSS_EXPORT, | |
1703 "TLS DHE-DSS-EXPORT key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_E
XTENSION ), | |
1704 ODE( SEC_OID_TLS_DH_RSA_EXPORT, | |
1705 "TLS DH-RSA-EXPORT key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EX
TENSION ), | |
1706 ODE( SEC_OID_TLS_DH_DSS_EXPORT, | |
1707 "TLS DH-DSS-EXPORT key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EX
TENSION ), | |
1708 ODE( SEC_OID_TLS_DH_ANON_EXPORT, | |
1709 "TLS DH-ANON-EXPORT key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_E
XTENSION ), | |
1710 ODE( SEC_OID_APPLY_SSL_POLICY, | |
1711 "Apply SSL policy (pseudo-OID)", CKM_INVALID_MECHANISM, INVALID_CERT_EXT
ENSION ), | |
1712 ODE( SEC_OID_CHACHA20_POLY1305, | |
1713 "ChaCha20-Poly1305", CKM_NSS_CHACHA20_POLY1305, INVALID_CERT_EXTENSION )
, | |
1714 | |
1715 }; | |
1716 | |
1717 /* PRIVATE EXTENDED SECOID Table | |
1718 * This table is private. Its structure is opaque to the outside. | |
1719 * It is indexed by the same SECOidTag as the oids table above. | |
1720 * Every member of this struct must have accessor functions (set, get) | |
1721 * and those functions must operate by value, not by reference. | |
1722 * The addresses of the contents of this table must not be exposed | |
1723 * by the accessor functions. | |
1724 */ | |
1725 typedef struct privXOidStr { | |
1726 PRUint32 notPolicyFlags; /* ones complement of policy flags */ | |
1727 } privXOid; | |
1728 | |
1729 static privXOid xOids[SEC_OID_TOTAL]; | |
1730 | |
1731 /* | |
1732 * now the dynamic table. The dynamic table gets build at init time. | |
1733 * and conceivably gets modified if the user loads new crypto modules. | |
1734 * All this static data, and the allocated data to which it points, | |
1735 * is protected by a global reader/writer lock. | |
1736 * The c language guarantees that global and static data that is not | |
1737 * explicitly initialized will be initialized with zeros. If we | |
1738 * initialize it with zeros, the data goes into the initialized data | |
1739 * secment, and increases the size of the library. By leaving it | |
1740 * uninitialized, it is allocated in BSS, and does NOT increase the | |
1741 * library size. | |
1742 */ | |
1743 | |
1744 typedef struct dynXOidStr { | |
1745 SECOidData data; | |
1746 privXOid priv; | |
1747 } dynXOid; | |
1748 | |
1749 static NSSRWLock * dynOidLock; | |
1750 static PLArenaPool * dynOidPool; | |
1751 static PLHashTable * dynOidHash; | |
1752 static dynXOid ** dynOidTable; /* not in the pool */ | |
1753 static int dynOidEntriesAllocated; | |
1754 static int dynOidEntriesUsed; | |
1755 | |
1756 /* Creates NSSRWLock and dynOidPool at initialization time. | |
1757 */ | |
1758 static SECStatus | |
1759 secoid_InitDynOidData(void) | |
1760 { | |
1761 SECStatus rv = SECSuccess; | |
1762 | |
1763 dynOidLock = NSSRWLock_New(1, "dynamic OID data"); | |
1764 if (!dynOidLock) { | |
1765 return SECFailure; /* Error code should already be set. */ | |
1766 } | |
1767 dynOidPool = PORT_NewArena(2048); | |
1768 if (!dynOidPool) { | |
1769 rv = SECFailure /* Error code should already be set. */; | |
1770 } | |
1771 return rv; | |
1772 } | |
1773 | |
1774 /* Add oidData to hash table. Caller holds write lock dynOidLock. */ | |
1775 static SECStatus | |
1776 secoid_HashDynamicOiddata(const SECOidData * oid) | |
1777 { | |
1778 PLHashEntry *entry; | |
1779 | |
1780 if (!dynOidHash) { | |
1781 dynOidHash = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare, | |
1782 PL_CompareValues, NULL, NULL); | |
1783 if ( !dynOidHash ) { | |
1784 return SECFailure; | |
1785 } | |
1786 } | |
1787 | |
1788 entry = PL_HashTableAdd( dynOidHash, &oid->oid, (void *)oid ); | |
1789 return entry ? SECSuccess : SECFailure; | |
1790 } | |
1791 | |
1792 | |
1793 /* | |
1794 * Lookup a Dynamic OID. Dynamic OID's still change slowly, so it's | |
1795 * cheaper to rehash the table when it changes than it is to do the loop | |
1796 * each time. | |
1797 */ | |
1798 static SECOidData * | |
1799 secoid_FindDynamic(const SECItem *key) | |
1800 { | |
1801 SECOidData *ret = NULL; | |
1802 | |
1803 if (dynOidHash) { | |
1804 NSSRWLock_LockRead(dynOidLock); | |
1805 if (dynOidHash) { /* must check it again with lock held. */ | |
1806 ret = (SECOidData *)PL_HashTableLookup(dynOidHash, key); | |
1807 } | |
1808 NSSRWLock_UnlockRead(dynOidLock); | |
1809 } | |
1810 if (ret == NULL) { | |
1811 PORT_SetError(SEC_ERROR_UNRECOGNIZED_OID); | |
1812 } | |
1813 return ret; | |
1814 } | |
1815 | |
1816 static dynXOid * | |
1817 secoid_FindDynamicByTag(SECOidTag tagnum) | |
1818 { | |
1819 dynXOid *dxo = NULL; | |
1820 int tagNumDiff; | |
1821 | |
1822 if (tagnum < SEC_OID_TOTAL) { | |
1823 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); | |
1824 return NULL; | |
1825 } | |
1826 tagNumDiff = tagnum - SEC_OID_TOTAL; | |
1827 | |
1828 if (dynOidTable) { | |
1829 NSSRWLock_LockRead(dynOidLock); | |
1830 if (dynOidTable != NULL && /* must check it again with lock held. */ | |
1831 tagNumDiff < dynOidEntriesUsed) { | |
1832 dxo = dynOidTable[tagNumDiff]; | |
1833 } | |
1834 NSSRWLock_UnlockRead(dynOidLock); | |
1835 } | |
1836 if (dxo == NULL) { | |
1837 PORT_SetError(SEC_ERROR_UNRECOGNIZED_OID); | |
1838 } | |
1839 return dxo; | |
1840 } | |
1841 | |
1842 /* | |
1843 * This routine is thread safe now. | |
1844 */ | |
1845 SECOidTag | |
1846 SECOID_AddEntry(const SECOidData * src) | |
1847 { | |
1848 SECOidData * dst; | |
1849 dynXOid **table; | |
1850 SECOidTag ret = SEC_OID_UNKNOWN; | |
1851 SECStatus rv; | |
1852 int tableEntries; | |
1853 int used; | |
1854 | |
1855 if (!src || !src->oid.data || !src->oid.len || \ | |
1856 !src->desc || !strlen(src->desc)) { | |
1857 PORT_SetError(SEC_ERROR_INVALID_ARGS); | |
1858 return ret; | |
1859 } | |
1860 if (src->supportedExtension != INVALID_CERT_EXTENSION && | |
1861 src->supportedExtension != UNSUPPORTED_CERT_EXTENSION && | |
1862 src->supportedExtension != SUPPORTED_CERT_EXTENSION ) { | |
1863 PORT_SetError(SEC_ERROR_INVALID_ARGS); | |
1864 return ret; | |
1865 } | |
1866 | |
1867 if (!dynOidPool || !dynOidLock) { | |
1868 PORT_SetError(SEC_ERROR_NOT_INITIALIZED); | |
1869 return ret; | |
1870 } | |
1871 | |
1872 NSSRWLock_LockWrite(dynOidLock); | |
1873 | |
1874 /* We've just acquired the write lock, and now we call FindOIDTag | |
1875 ** which will acquire and release the read lock. NSSRWLock has been | |
1876 ** designed to allow this very case without deadlock. This approach | |
1877 ** makes the test for the presence of the OID, and the subsequent | |
1878 ** addition of the OID to the table a single atomic write operation. | |
1879 */ | |
1880 ret = SECOID_FindOIDTag(&src->oid); | |
1881 if (ret != SEC_OID_UNKNOWN) { | |
1882 /* we could return an error here, but I chose not to do that. | |
1883 ** This way, if we add an OID to the shared library's built in | |
1884 ** list of OIDs in some future release, and that OID is the same | |
1885 ** as some OID that a program has been adding, the program will | |
1886 ** not suddenly stop working. | |
1887 */ | |
1888 goto done; | |
1889 } | |
1890 | |
1891 table = dynOidTable; | |
1892 tableEntries = dynOidEntriesAllocated; | |
1893 used = dynOidEntriesUsed; | |
1894 | |
1895 if (used + 1 > tableEntries) { | |
1896 dynXOid ** newTable; | |
1897 int newTableEntries = tableEntries + 16; | |
1898 | |
1899 newTable = (dynXOid **)PORT_Realloc(table, | |
1900 newTableEntries * sizeof(dynXOid *)); | |
1901 if (newTable == NULL) { | |
1902 goto done; | |
1903 } | |
1904 dynOidTable = table = newTable; | |
1905 dynOidEntriesAllocated = tableEntries = newTableEntries; | |
1906 } | |
1907 | |
1908 /* copy oid structure */ | |
1909 dst = (SECOidData *)PORT_ArenaZNew(dynOidPool, dynXOid); | |
1910 if (!dst) { | |
1911 goto done; | |
1912 } | |
1913 rv = SECITEM_CopyItem(dynOidPool, &dst->oid, &src->oid); | |
1914 if (rv != SECSuccess) { | |
1915 goto done; | |
1916 } | |
1917 dst->desc = PORT_ArenaStrdup(dynOidPool, src->desc); | |
1918 if (!dst->desc) { | |
1919 goto done; | |
1920 } | |
1921 dst->offset = (SECOidTag)(used + SEC_OID_TOTAL); | |
1922 dst->mechanism = src->mechanism; | |
1923 dst->supportedExtension = src->supportedExtension; | |
1924 | |
1925 rv = secoid_HashDynamicOiddata(dst); | |
1926 if (rv == SECSuccess) { | |
1927 table[used++] = (dynXOid *)dst; | |
1928 dynOidEntriesUsed = used; | |
1929 ret = dst->offset; | |
1930 } | |
1931 done: | |
1932 NSSRWLock_UnlockWrite(dynOidLock); | |
1933 return ret; | |
1934 } | |
1935 | |
1936 | |
1937 /* normal static table processing */ | |
1938 static PLHashTable *oidhash = NULL; | |
1939 static PLHashTable *oidmechhash = NULL; | |
1940 | |
1941 static PLHashNumber | |
1942 secoid_HashNumber(const void *key) | |
1943 { | |
1944 return (PLHashNumber)((char *)key - (char *)NULL); | |
1945 } | |
1946 | |
1947 #define DEF_FLAGS (NSS_USE_ALG_IN_CERT_SIGNATURE|NSS_USE_ALG_IN_SSL_KX|NSS_USE_A
LG_IN_SSL_KX) | |
1948 static void | |
1949 handleHashAlgSupport(char * envVal) | |
1950 { | |
1951 char * myVal = PORT_Strdup(envVal); /* Get a copy we can alter */ | |
1952 char * arg = myVal; | |
1953 | |
1954 while (arg && *arg) { | |
1955 char * nextArg = PL_strpbrk(arg, ";"); | |
1956 PRUint32 notEnable; | |
1957 | |
1958 if (nextArg) { | |
1959 while (*nextArg == ';') { | |
1960 *nextArg++ = '\0'; | |
1961 } | |
1962 } | |
1963 notEnable = (*arg == '-') ? (DEF_FLAGS) : 0; | |
1964 if ((*arg == '+' || *arg == '-') && *++arg) { | |
1965 int i; | |
1966 | |
1967 for (i = 1; i < SEC_OID_TOTAL; i++) { | |
1968 if (oids[i].desc && strstr(arg, oids[i].desc)) { | |
1969 xOids[i].notPolicyFlags = notEnable | | |
1970 (xOids[i].notPolicyFlags & ~(DEF_FLAGS)); | |
1971 } | |
1972 } | |
1973 } | |
1974 arg = nextArg; | |
1975 } | |
1976 PORT_Free(myVal); /* can handle NULL argument OK */ | |
1977 } | |
1978 | |
1979 SECStatus | |
1980 SECOID_Init(void) | |
1981 { | |
1982 PLHashEntry *entry; | |
1983 const SECOidData *oid; | |
1984 int i; | |
1985 char * envVal; | |
1986 | |
1987 #define NSS_VERSION_VARIABLE __nss_util_version | |
1988 #include "verref.h" | |
1989 | |
1990 if (oidhash) { | |
1991 return SECSuccess; /* already initialized */ | |
1992 } | |
1993 | |
1994 if (!PR_GetEnvSecure("NSS_ALLOW_WEAK_SIGNATURE_ALG")) { | |
1995 /* initialize any policy flags that are disabled by default */ | |
1996 xOids[SEC_OID_MD2 ].notPolicyFlags = ~0; | |
1997 xOids[SEC_OID_MD4 ].notPolicyFlags = ~0; | |
1998 xOids[SEC_OID_MD5 ].notPolicyFlags = ~0; | |
1999 xOids[SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION ].notPolicyFlags = ~0; | |
2000 xOids[SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION ].notPolicyFlags = ~0; | |
2001 xOids[SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION ].notPolicyFlags = ~0; | |
2002 xOids[SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC].notPolicyFlags = ~0; | |
2003 xOids[SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC].notPolicyFlags = ~0; | |
2004 } | |
2005 | |
2006 /* turn off NSS_USE_POLICY_IN_SSL by default */ | |
2007 xOids[SEC_OID_APPLY_SSL_POLICY].notPolicyFlags = NSS_USE_POLICY_IN_SSL; | |
2008 | |
2009 envVal = PR_GetEnvSecure("NSS_HASH_ALG_SUPPORT"); | |
2010 if (envVal) | |
2011 handleHashAlgSupport(envVal); | |
2012 | |
2013 if (secoid_InitDynOidData() != SECSuccess) { | |
2014 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); | |
2015 PORT_Assert(0); /* this function should never fail */ | |
2016 return SECFailure; | |
2017 } | |
2018 | |
2019 oidhash = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare, | |
2020 PL_CompareValues, NULL, NULL); | |
2021 oidmechhash = PL_NewHashTable(0, secoid_HashNumber, PL_CompareValues, | |
2022 PL_CompareValues, NULL, NULL); | |
2023 | |
2024 if ( !oidhash || !oidmechhash) { | |
2025 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); | |
2026 PORT_Assert(0); /*This function should never fail. */ | |
2027 return(SECFailure); | |
2028 } | |
2029 | |
2030 for ( i = 0; i < SEC_OID_TOTAL; i++ ) { | |
2031 oid = &oids[i]; | |
2032 | |
2033 PORT_Assert ( oid->offset == i ); | |
2034 | |
2035 entry = PL_HashTableAdd( oidhash, &oid->oid, (void *)oid ); | |
2036 if ( entry == NULL ) { | |
2037 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); | |
2038 PORT_Assert(0); /*This function should never fail. */ | |
2039 return(SECFailure); | |
2040 } | |
2041 | |
2042 if ( oid->mechanism != CKM_INVALID_MECHANISM ) { | |
2043 entry = PL_HashTableAdd( oidmechhash, | |
2044 (void *)oid->mechanism, (void *)oid ); | |
2045 if ( entry == NULL ) { | |
2046 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); | |
2047 PORT_Assert(0); /* This function should never fail. */ | |
2048 return(SECFailure); | |
2049 } | |
2050 } | |
2051 } | |
2052 | |
2053 PORT_Assert (i == SEC_OID_TOTAL); | |
2054 | |
2055 return(SECSuccess); | |
2056 } | |
2057 | |
2058 SECOidData * | |
2059 SECOID_FindOIDByMechanism(unsigned long mechanism) | |
2060 { | |
2061 SECOidData *ret; | |
2062 | |
2063 PR_ASSERT(oidhash != NULL); | |
2064 | |
2065 ret = PL_HashTableLookupConst ( oidmechhash, (void *)mechanism); | |
2066 if ( ret == NULL ) { | |
2067 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); | |
2068 } | |
2069 | |
2070 return (ret); | |
2071 } | |
2072 | |
2073 SECOidData * | |
2074 SECOID_FindOID(const SECItem *oid) | |
2075 { | |
2076 SECOidData *ret; | |
2077 | |
2078 PR_ASSERT(oidhash != NULL); | |
2079 | |
2080 ret = PL_HashTableLookupConst ( oidhash, oid ); | |
2081 if ( ret == NULL ) { | |
2082 ret = secoid_FindDynamic(oid); | |
2083 if (ret == NULL) { | |
2084 PORT_SetError(SEC_ERROR_UNRECOGNIZED_OID); | |
2085 } | |
2086 } | |
2087 | |
2088 return(ret); | |
2089 } | |
2090 | |
2091 SECOidTag | |
2092 SECOID_FindOIDTag(const SECItem *oid) | |
2093 { | |
2094 SECOidData *oiddata; | |
2095 | |
2096 oiddata = SECOID_FindOID (oid); | |
2097 if (oiddata == NULL) | |
2098 return SEC_OID_UNKNOWN; | |
2099 | |
2100 return oiddata->offset; | |
2101 } | |
2102 | |
2103 /* This really should return const. */ | |
2104 SECOidData * | |
2105 SECOID_FindOIDByTag(SECOidTag tagnum) | |
2106 { | |
2107 if (tagnum >= SEC_OID_TOTAL) { | |
2108 return (SECOidData *)secoid_FindDynamicByTag(tagnum); | |
2109 } | |
2110 | |
2111 PORT_Assert((unsigned int)tagnum < SEC_OID_TOTAL); | |
2112 return (SECOidData *)(&oids[tagnum]); | |
2113 } | |
2114 | |
2115 PRBool SECOID_KnownCertExtenOID (SECItem *extenOid) | |
2116 { | |
2117 SECOidData * oidData; | |
2118 | |
2119 oidData = SECOID_FindOID (extenOid); | |
2120 if (oidData == (SECOidData *)NULL) | |
2121 return (PR_FALSE); | |
2122 return ((oidData->supportedExtension == SUPPORTED_CERT_EXTENSION) ? | |
2123 PR_TRUE : PR_FALSE); | |
2124 } | |
2125 | |
2126 | |
2127 const char * | |
2128 SECOID_FindOIDTagDescription(SECOidTag tagnum) | |
2129 { | |
2130 const SECOidData *oidData = SECOID_FindOIDByTag(tagnum); | |
2131 return oidData ? oidData->desc : 0; | |
2132 } | |
2133 | |
2134 /* --------- opaque extended OID table accessor functions ---------------*/ | |
2135 /* | |
2136 * Any of these functions may return SECSuccess or SECFailure with the error | |
2137 * code set to SEC_ERROR_UNKNOWN_OBJECT_TYPE if the SECOidTag is out of range. | |
2138 */ | |
2139 | |
2140 static privXOid * | |
2141 secoid_FindXOidByTag(SECOidTag tagnum) | |
2142 { | |
2143 if (tagnum >= SEC_OID_TOTAL) { | |
2144 dynXOid *dxo = secoid_FindDynamicByTag(tagnum); | |
2145 return (dxo ? &dxo->priv : NULL); | |
2146 } | |
2147 | |
2148 PORT_Assert((unsigned int)tagnum < SEC_OID_TOTAL); | |
2149 return &xOids[tagnum]; | |
2150 } | |
2151 | |
2152 /* The Get function outputs the 32-bit value associated with the SECOidTag. | |
2153 * Flags bits are the NSS_USE_ALG_ #defines in "secoidt.h". | |
2154 * Default value for any algorithm is 0xffffffff (enabled for all purposes). | |
2155 * No value is output if function returns SECFailure. | |
2156 */ | |
2157 SECStatus | |
2158 NSS_GetAlgorithmPolicy(SECOidTag tag, PRUint32 *pValue) | |
2159 { | |
2160 privXOid * pxo = secoid_FindXOidByTag(tag); | |
2161 if (!pxo) | |
2162 return SECFailure; | |
2163 if (!pValue) { | |
2164 PORT_SetError(SEC_ERROR_INVALID_ARGS); | |
2165 return SECFailure; | |
2166 } | |
2167 *pValue = ~(pxo->notPolicyFlags); | |
2168 return SECSuccess; | |
2169 } | |
2170 | |
2171 /* The Set function modifies the stored value according to the following | |
2172 * algorithm: | |
2173 * policy[tag] = (policy[tag] & ~clearBits) | setBits; | |
2174 */ | |
2175 SECStatus | |
2176 NSS_SetAlgorithmPolicy(SECOidTag tag, PRUint32 setBits, PRUint32 clearBits) | |
2177 { | |
2178 privXOid * pxo = secoid_FindXOidByTag(tag); | |
2179 PRUint32 policyFlags; | |
2180 if (!pxo) | |
2181 return SECFailure; | |
2182 /* The stored policy flags are the ones complement of the flags as | |
2183 * seen by the user. This is not atomic, but these changes should | |
2184 * be done rarely, e.g. at initialization time. | |
2185 */ | |
2186 policyFlags = ~(pxo->notPolicyFlags); | |
2187 policyFlags = (policyFlags & ~clearBits) | setBits; | |
2188 pxo->notPolicyFlags = ~policyFlags; | |
2189 return SECSuccess; | |
2190 } | |
2191 | |
2192 /* --------- END OF opaque extended OID table accessor functions ---------*/ | |
2193 | |
2194 /* for now, this is only used in a single place, so it can remain static */ | |
2195 static PRBool parentForkedAfterC_Initialize; | |
2196 | |
2197 #define SKIP_AFTER_FORK(x) if (!parentForkedAfterC_Initialize) x | |
2198 | |
2199 /* | |
2200 * free up the oid tables. | |
2201 */ | |
2202 SECStatus | |
2203 SECOID_Shutdown(void) | |
2204 { | |
2205 if (oidhash) { | |
2206 PL_HashTableDestroy(oidhash); | |
2207 oidhash = NULL; | |
2208 } | |
2209 if (oidmechhash) { | |
2210 PL_HashTableDestroy(oidmechhash); | |
2211 oidmechhash = NULL; | |
2212 } | |
2213 /* Have to handle the case where the lock was created, but | |
2214 ** the pool wasn't. | |
2215 ** I'm not going to attempt to create the lock, just to protect | |
2216 ** the destruction of data that probably isn't initialized anyway. | |
2217 */ | |
2218 if (dynOidLock) { | |
2219 SKIP_AFTER_FORK(NSSRWLock_LockWrite(dynOidLock)); | |
2220 if (dynOidHash) { | |
2221 PL_HashTableDestroy(dynOidHash); | |
2222 dynOidHash = NULL; | |
2223 } | |
2224 if (dynOidPool) { | |
2225 PORT_FreeArena(dynOidPool, PR_FALSE); | |
2226 dynOidPool = NULL; | |
2227 } | |
2228 if (dynOidTable) { | |
2229 PORT_Free(dynOidTable); | |
2230 dynOidTable = NULL; | |
2231 } | |
2232 dynOidEntriesAllocated = 0; | |
2233 dynOidEntriesUsed = 0; | |
2234 | |
2235 SKIP_AFTER_FORK(NSSRWLock_UnlockWrite(dynOidLock)); | |
2236 SKIP_AFTER_FORK(NSSRWLock_Destroy(dynOidLock)); | |
2237 dynOidLock = NULL; | |
2238 } else { | |
2239 /* Since dynOidLock doesn't exist, then all the data it protects | |
2240 ** should be uninitialized. We'll check that (in DEBUG builds), | |
2241 ** and then make sure it is so, in case NSS is reinitialized. | |
2242 */ | |
2243 PORT_Assert(!dynOidHash && !dynOidPool && !dynOidTable && \ | |
2244 !dynOidEntriesAllocated && !dynOidEntriesUsed); | |
2245 dynOidHash = NULL; | |
2246 dynOidPool = NULL; | |
2247 dynOidTable = NULL; | |
2248 dynOidEntriesAllocated = 0; | |
2249 dynOidEntriesUsed = 0; | |
2250 } | |
2251 memset(xOids, 0, sizeof xOids); | |
2252 return SECSuccess; | |
2253 } | |
2254 | |
2255 void UTIL_SetForkState(PRBool forked) | |
2256 { | |
2257 parentForkedAfterC_Initialize = forked; | |
2258 } | |
2259 | |
2260 const char * | |
2261 NSSUTIL_GetVersion(void) | |
2262 { | |
2263 return NSSUTIL_VERSION; | |
2264 } | |
OLD | NEW |