/src/mozilla-central/security/nss/lib/util/secoid.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* This Source Code Form is subject to the terms of the Mozilla Public |
2 | | * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 | | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 | | |
5 | | #include "secoid.h" |
6 | | #include "pkcs11t.h" |
7 | | #include "secitem.h" |
8 | | #include "secerr.h" |
9 | | #include "prenv.h" |
10 | | #include "plhash.h" |
11 | | #include "nssrwlk.h" |
12 | | #include "nssutil.h" |
13 | | |
14 | | /* Library identity and versioning */ |
15 | | |
16 | | #if defined(DEBUG) |
17 | | #define _DEBUG_STRING " (debug)" |
18 | | #else |
19 | | #define _DEBUG_STRING "" |
20 | | #endif |
21 | | |
22 | | /* |
23 | | * Version information |
24 | | */ |
25 | | const char __nss_util_version[] = "Version: NSS " NSSUTIL_VERSION _DEBUG_STRING; |
26 | | |
27 | | /* MISSI Mosaic Object ID space */ |
28 | | /* USGov algorithm OID space: { 2 16 840 1 101 } */ |
29 | | #define USGOV 0x60, 0x86, 0x48, 0x01, 0x65 |
30 | | #define MISSI USGOV, 0x02, 0x01, 0x01 |
31 | | #define MISSI_OLD_KEA_DSS MISSI, 0x0c |
32 | | #define MISSI_OLD_DSS MISSI, 0x02 |
33 | | #define MISSI_KEA_DSS MISSI, 0x14 |
34 | | #define MISSI_DSS MISSI, 0x13 |
35 | | #define MISSI_KEA MISSI, 0x0a |
36 | | #define MISSI_ALT_KEA MISSI, 0x16 |
37 | | |
38 | | #define NISTALGS USGOV, 3, 4 |
39 | | #define AES NISTALGS, 1 |
40 | | #define SHAXXX NISTALGS, 2 |
41 | | #define DSA2 NISTALGS, 3 |
42 | | |
43 | | /** |
44 | | ** The Netscape OID space is allocated by Terry Hayes. If you need |
45 | | ** a piece of the space, contact him at thayes@netscape.com. |
46 | | **/ |
47 | | |
48 | | /* Netscape Communications Corporation Object ID space */ |
49 | | /* { 2 16 840 1 113730 } */ |
50 | | #define NETSCAPE_OID 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42 |
51 | | #define NETSCAPE_CERT_EXT NETSCAPE_OID, 0x01 |
52 | | #define NETSCAPE_DATA_TYPE NETSCAPE_OID, 0x02 |
53 | | /* netscape directory oid - owned by Mark Smith (mcs@netscape.com) */ |
54 | | #define NETSCAPE_DIRECTORY NETSCAPE_OID, 0x03 |
55 | | #define NETSCAPE_POLICY NETSCAPE_OID, 0x04 |
56 | | #define NETSCAPE_CERT_SERVER NETSCAPE_OID, 0x05 |
57 | | #define NETSCAPE_ALGS NETSCAPE_OID, 0x06 /* algorithm OIDs */ |
58 | | #define NETSCAPE_NAME_COMPONENTS NETSCAPE_OID, 0x07 |
59 | | |
60 | | #define NETSCAPE_CERT_EXT_AIA NETSCAPE_CERT_EXT, 0x10 |
61 | | #define NETSCAPE_CERT_SERVER_CRMF NETSCAPE_CERT_SERVER, 0x01 |
62 | | |
63 | | /* these are old and should go away soon */ |
64 | | #define OLD_NETSCAPE 0x60, 0x86, 0x48, 0xd8, 0x6a |
65 | | #define NS_CERT_EXT OLD_NETSCAPE, 0x01 |
66 | | #define NS_FILE_TYPE OLD_NETSCAPE, 0x02 |
67 | | #define NS_IMAGE_TYPE OLD_NETSCAPE, 0x03 |
68 | | |
69 | | /* RSA OID name space */ |
70 | | #define RSADSI 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d |
71 | | #define PKCS RSADSI, 0x01 |
72 | | #define DIGEST RSADSI, 0x02 |
73 | | #define CIPHER RSADSI, 0x03 |
74 | | #define PKCS1 PKCS, 0x01 |
75 | | #define PKCS5 PKCS, 0x05 |
76 | | #define PKCS7 PKCS, 0x07 |
77 | | #define PKCS9 PKCS, 0x09 |
78 | | #define PKCS12 PKCS, 0x0c |
79 | | |
80 | | /* Other OID name spaces */ |
81 | | #define ALGORITHM 0x2b, 0x0e, 0x03, 0x02 |
82 | | #define X500 0x55 |
83 | | #define X520_ATTRIBUTE_TYPE X500, 0x04 |
84 | | #define X500_ALG X500, 0x08 |
85 | | #define X500_ALG_ENCRYPTION X500_ALG, 0x01 |
86 | | |
87 | | /** X.509 v3 Extension OID |
88 | | ** {joint-iso-ccitt (2) ds(5) 29} |
89 | | **/ |
90 | | #define ID_CE_OID X500, 0x1d |
91 | | |
92 | | #define RFC1274_ATTR_TYPE 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x1 |
93 | | /* #define RFC2247_ATTR_TYPE 0x09, 0x92, 0x26, 0xf5, 0x98, 0x1e, 0x64, 0x1 this is WRONG! */ |
94 | | |
95 | | /* PKCS #12 name spaces */ |
96 | | #define PKCS12_MODE_IDS PKCS12, 0x01 |
97 | | #define PKCS12_ESPVK_IDS PKCS12, 0x02 |
98 | | #define PKCS12_BAG_IDS PKCS12, 0x03 |
99 | | #define PKCS12_CERT_BAG_IDS PKCS12, 0x04 |
100 | | #define PKCS12_OIDS PKCS12, 0x05 |
101 | | #define PKCS12_PBE_IDS PKCS12_OIDS, 0x01 |
102 | | #define PKCS12_ENVELOPING_IDS PKCS12_OIDS, 0x02 |
103 | | #define PKCS12_SIGNATURE_IDS PKCS12_OIDS, 0x03 |
104 | | #define PKCS12_V2_PBE_IDS PKCS12, 0x01 |
105 | | #define PKCS9_CERT_TYPES PKCS9, 0x16 |
106 | | #define PKCS9_CRL_TYPES PKCS9, 0x17 |
107 | | #define PKCS9_SMIME_IDS PKCS9, 0x10 |
108 | | #define PKCS9_SMIME_ATTRS PKCS9_SMIME_IDS, 2 |
109 | | #define PKCS9_SMIME_ALGS PKCS9_SMIME_IDS, 3 |
110 | | #define PKCS12_VERSION1 PKCS12, 0x0a |
111 | | #define PKCS12_V1_BAG_IDS PKCS12_VERSION1, 1 |
112 | | |
113 | | /* for DSA algorithm */ |
114 | | /* { iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) } */ |
115 | | #define ANSI_X9_ALGORITHM 0x2a, 0x86, 0x48, 0xce, 0x38, 0x4 |
116 | | |
117 | | /* for DH algorithm */ |
118 | | /* { iso(1) member-body(2) us(840) x9-57(10046) number-type(2) } */ |
119 | | /* need real OID person to look at this, copied the above line |
120 | | * and added 6 to second to last value (and changed '4' to '2' */ |
121 | | #define ANSI_X942_ALGORITHM 0x2a, 0x86, 0x48, 0xce, 0x3e, 0x2 |
122 | | |
123 | | #define VERISIGN 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45 |
124 | | |
125 | | #define PKIX 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07 |
126 | | #define PKIX_CERT_EXTENSIONS PKIX, 1 |
127 | | #define PKIX_POLICY_QUALIFIERS PKIX, 2 |
128 | | #define PKIX_KEY_USAGE PKIX, 3 |
129 | | #define PKIX_ACCESS_DESCRIPTION PKIX, 0x30 |
130 | | #define PKIX_OCSP PKIX_ACCESS_DESCRIPTION, 1 |
131 | | #define PKIX_CA_ISSUERS PKIX_ACCESS_DESCRIPTION, 2 |
132 | | |
133 | | #define PKIX_ID_PKIP PKIX, 5 |
134 | | #define PKIX_ID_REGCTRL PKIX_ID_PKIP, 1 |
135 | | #define PKIX_ID_REGINFO PKIX_ID_PKIP, 2 |
136 | | |
137 | | /* Microsoft Object ID space */ |
138 | | /* { 1.3.6.1.4.1.311 } */ |
139 | | #define MICROSOFT_OID 0x2b, 0x6, 0x1, 0x4, 0x1, 0x82, 0x37 |
140 | | #define EV_NAME_ATTRIBUTE MICROSOFT_OID, 60, 2, 1 |
141 | | |
142 | | /* Microsoft Crypto 2.0 ID space */ |
143 | | /* { 1.3.6.1.4.1.311.10 } */ |
144 | | #define MS_CRYPTO_20 MICROSOFT_OID, 10 |
145 | | /* Microsoft Crypto 2.0 Extended Key Usage ID space */ |
146 | | /* { 1.3.6.1.4.1.311.10.3 } */ |
147 | | #define MS_CRYPTO_EKU MS_CRYPTO_20, 3 |
148 | | |
149 | | #define CERTICOM_OID 0x2b, 0x81, 0x04 |
150 | | #define SECG_OID CERTICOM_OID, 0x00 |
151 | | |
152 | | #define ANSI_X962_OID 0x2a, 0x86, 0x48, 0xce, 0x3d |
153 | | #define ANSI_X962_CURVE_OID ANSI_X962_OID, 0x03 |
154 | | #define ANSI_X962_GF2m_OID ANSI_X962_CURVE_OID, 0x00 |
155 | | #define ANSI_X962_GFp_OID ANSI_X962_CURVE_OID, 0x01 |
156 | | #define ANSI_X962_SIGNATURE_OID ANSI_X962_OID, 0x04 |
157 | | #define ANSI_X962_SPECIFY_OID ANSI_X962_SIGNATURE_OID, 0x03 |
158 | | |
159 | | /* for Camellia: iso(1) member-body(2) jisc(392) |
160 | | * mitsubishi(200011) isl(61) security(1) algorithm(1) |
161 | | */ |
162 | | #define MITSUBISHI_ALG 0x2a, 0x83, 0x08, 0x8c, 0x9a, 0x4b, 0x3d, 0x01, 0x01 |
163 | | #define CAMELLIA_ENCRYPT_OID MITSUBISHI_ALG, 1 |
164 | | #define CAMELLIA_WRAP_OID MITSUBISHI_ALG, 3 |
165 | | |
166 | | /* For IDEA: 1.3.6.1.4.1.188.7.1.1 |
167 | | */ |
168 | | #define ASCOM_OID 0x2b, 0x6, 0x1, 0x4, 0x1, 0xbc |
169 | | #define ASCOM_IDEA_ALG ASCOM_OID, 0x7, 0x1, 0x1 |
170 | | |
171 | | /* for SEED : iso(1) member-body(2) korea(410) |
172 | | * kisa(200004) algorithm(1) |
173 | | */ |
174 | | #define SEED_OID 0x2a, 0x83, 0x1a, 0x8c, 0x9a, 0x44, 0x01 |
175 | | |
176 | | #define CONST_OID static const unsigned char |
177 | | |
178 | | CONST_OID md2[] = { DIGEST, 0x02 }; |
179 | | CONST_OID md4[] = { DIGEST, 0x04 }; |
180 | | CONST_OID md5[] = { DIGEST, 0x05 }; |
181 | | CONST_OID hmac_sha1[] = { DIGEST, 7 }; |
182 | | CONST_OID hmac_sha224[] = { DIGEST, 8 }; |
183 | | CONST_OID hmac_sha256[] = { DIGEST, 9 }; |
184 | | CONST_OID hmac_sha384[] = { DIGEST, 10 }; |
185 | | CONST_OID hmac_sha512[] = { DIGEST, 11 }; |
186 | | |
187 | | CONST_OID rc2cbc[] = { CIPHER, 0x02 }; |
188 | | CONST_OID rc4[] = { CIPHER, 0x04 }; |
189 | | CONST_OID desede3cbc[] = { CIPHER, 0x07 }; |
190 | | CONST_OID rc5cbcpad[] = { CIPHER, 0x09 }; |
191 | | |
192 | | CONST_OID desecb[] = { ALGORITHM, 0x06 }; |
193 | | CONST_OID descbc[] = { ALGORITHM, 0x07 }; |
194 | | CONST_OID desofb[] = { ALGORITHM, 0x08 }; |
195 | | CONST_OID descfb[] = { ALGORITHM, 0x09 }; |
196 | | CONST_OID desmac[] = { ALGORITHM, 0x0a }; |
197 | | CONST_OID sdn702DSASignature[] = { ALGORITHM, 0x0c }; |
198 | | CONST_OID isoSHAWithRSASignature[] = { ALGORITHM, 0x0f }; |
199 | | CONST_OID desede[] = { ALGORITHM, 0x11 }; |
200 | | CONST_OID sha1[] = { ALGORITHM, 0x1a }; |
201 | | CONST_OID bogusDSASignaturewithSHA1Digest[] = { ALGORITHM, 0x1b }; |
202 | | CONST_OID isoSHA1WithRSASignature[] = { ALGORITHM, 0x1d }; |
203 | | |
204 | | CONST_OID pkcs1RSAEncryption[] = { PKCS1, 0x01 }; |
205 | | CONST_OID pkcs1MD2WithRSAEncryption[] = { PKCS1, 0x02 }; |
206 | | CONST_OID pkcs1MD4WithRSAEncryption[] = { PKCS1, 0x03 }; |
207 | | CONST_OID pkcs1MD5WithRSAEncryption[] = { PKCS1, 0x04 }; |
208 | | CONST_OID pkcs1SHA1WithRSAEncryption[] = { PKCS1, 0x05 }; |
209 | | CONST_OID pkcs1RSAOAEPEncryption[] = { PKCS1, 0x07 }; |
210 | | CONST_OID pkcs1MGF1[] = { PKCS1, 0x08 }; |
211 | | CONST_OID pkcs1PSpecified[] = { PKCS1, 0x09 }; |
212 | | CONST_OID pkcs1RSAPSSSignature[] = { PKCS1, 10 }; |
213 | | CONST_OID pkcs1SHA256WithRSAEncryption[] = { PKCS1, 11 }; |
214 | | CONST_OID pkcs1SHA384WithRSAEncryption[] = { PKCS1, 12 }; |
215 | | CONST_OID pkcs1SHA512WithRSAEncryption[] = { PKCS1, 13 }; |
216 | | CONST_OID pkcs1SHA224WithRSAEncryption[] = { PKCS1, 14 }; |
217 | | |
218 | | CONST_OID pkcs5PbeWithMD2AndDEScbc[] = { PKCS5, 0x01 }; |
219 | | CONST_OID pkcs5PbeWithMD5AndDEScbc[] = { PKCS5, 0x03 }; |
220 | | CONST_OID pkcs5PbeWithSha1AndDEScbc[] = { PKCS5, 0x0a }; |
221 | | CONST_OID pkcs5Pbkdf2[] = { PKCS5, 12 }; |
222 | | CONST_OID pkcs5Pbes2[] = { PKCS5, 13 }; |
223 | | CONST_OID pkcs5Pbmac1[] = { PKCS5, 14 }; |
224 | | |
225 | | CONST_OID pkcs7[] = { PKCS7 }; |
226 | | CONST_OID pkcs7Data[] = { PKCS7, 0x01 }; |
227 | | CONST_OID pkcs7SignedData[] = { PKCS7, 0x02 }; |
228 | | CONST_OID pkcs7EnvelopedData[] = { PKCS7, 0x03 }; |
229 | | CONST_OID pkcs7SignedEnvelopedData[] = { PKCS7, 0x04 }; |
230 | | CONST_OID pkcs7DigestedData[] = { PKCS7, 0x05 }; |
231 | | CONST_OID pkcs7EncryptedData[] = { PKCS7, 0x06 }; |
232 | | |
233 | | CONST_OID pkcs9EmailAddress[] = { PKCS9, 0x01 }; |
234 | | CONST_OID pkcs9UnstructuredName[] = { PKCS9, 0x02 }; |
235 | | CONST_OID pkcs9ContentType[] = { PKCS9, 0x03 }; |
236 | | CONST_OID pkcs9MessageDigest[] = { PKCS9, 0x04 }; |
237 | | CONST_OID pkcs9SigningTime[] = { PKCS9, 0x05 }; |
238 | | CONST_OID pkcs9CounterSignature[] = { PKCS9, 0x06 }; |
239 | | CONST_OID pkcs9ChallengePassword[] = { PKCS9, 0x07 }; |
240 | | CONST_OID pkcs9UnstructuredAddress[] = { PKCS9, 0x08 }; |
241 | | CONST_OID pkcs9ExtendedCertificateAttributes[] = { PKCS9, 0x09 }; |
242 | | CONST_OID pkcs9ExtensionRequest[] = { PKCS9, 14 }; |
243 | | CONST_OID pkcs9SMIMECapabilities[] = { PKCS9, 15 }; |
244 | | CONST_OID pkcs9FriendlyName[] = { PKCS9, 20 }; |
245 | | CONST_OID pkcs9LocalKeyID[] = { PKCS9, 21 }; |
246 | | |
247 | | CONST_OID pkcs9X509Certificate[] = { PKCS9_CERT_TYPES, 1 }; |
248 | | CONST_OID pkcs9SDSICertificate[] = { PKCS9_CERT_TYPES, 2 }; |
249 | | CONST_OID pkcs9X509CRL[] = { PKCS9_CRL_TYPES, 1 }; |
250 | | |
251 | | /* RFC2630 (CMS) OIDs */ |
252 | | CONST_OID cmsESDH[] = { PKCS9_SMIME_ALGS, 5 }; |
253 | | CONST_OID cms3DESwrap[] = { PKCS9_SMIME_ALGS, 6 }; |
254 | | CONST_OID cmsRC2wrap[] = { PKCS9_SMIME_ALGS, 7 }; |
255 | | |
256 | | /* RFC2633 SMIME message attributes */ |
257 | | CONST_OID smimeEncryptionKeyPreference[] = { PKCS9_SMIME_ATTRS, 11 }; |
258 | | CONST_OID ms_smimeEncryptionKeyPreference[] = { MICROSOFT_OID, 0x10, 0x4 }; |
259 | | |
260 | | CONST_OID x520CommonName[] = { X520_ATTRIBUTE_TYPE, 3 }; |
261 | | CONST_OID x520SurName[] = { X520_ATTRIBUTE_TYPE, 4 }; |
262 | | CONST_OID x520SerialNumber[] = { X520_ATTRIBUTE_TYPE, 5 }; |
263 | | CONST_OID x520CountryName[] = { X520_ATTRIBUTE_TYPE, 6 }; |
264 | | CONST_OID x520LocalityName[] = { X520_ATTRIBUTE_TYPE, 7 }; |
265 | | CONST_OID x520StateOrProvinceName[] = { X520_ATTRIBUTE_TYPE, 8 }; |
266 | | CONST_OID x520StreetAddress[] = { X520_ATTRIBUTE_TYPE, 9 }; |
267 | | CONST_OID x520OrgName[] = { X520_ATTRIBUTE_TYPE, 10 }; |
268 | | CONST_OID x520OrgUnitName[] = { X520_ATTRIBUTE_TYPE, 11 }; |
269 | | CONST_OID x520Title[] = { X520_ATTRIBUTE_TYPE, 12 }; |
270 | | CONST_OID x520BusinessCategory[] = { X520_ATTRIBUTE_TYPE, 15 }; |
271 | | CONST_OID x520PostalAddress[] = { X520_ATTRIBUTE_TYPE, 16 }; |
272 | | CONST_OID x520PostalCode[] = { X520_ATTRIBUTE_TYPE, 17 }; |
273 | | CONST_OID x520PostOfficeBox[] = { X520_ATTRIBUTE_TYPE, 18 }; |
274 | | CONST_OID x520Name[] = { X520_ATTRIBUTE_TYPE, 41 }; |
275 | | CONST_OID x520GivenName[] = { X520_ATTRIBUTE_TYPE, 42 }; |
276 | | CONST_OID x520Initials[] = { X520_ATTRIBUTE_TYPE, 43 }; |
277 | | CONST_OID x520GenerationQualifier[] = { X520_ATTRIBUTE_TYPE, 44 }; |
278 | | CONST_OID x520DnQualifier[] = { X520_ATTRIBUTE_TYPE, 46 }; |
279 | | CONST_OID x520HouseIdentifier[] = { X520_ATTRIBUTE_TYPE, 51 }; |
280 | | CONST_OID x520Pseudonym[] = { X520_ATTRIBUTE_TYPE, 65 }; |
281 | | |
282 | | CONST_OID nsTypeGIF[] = { NETSCAPE_DATA_TYPE, 0x01 }; |
283 | | CONST_OID nsTypeJPEG[] = { NETSCAPE_DATA_TYPE, 0x02 }; |
284 | | CONST_OID nsTypeURL[] = { NETSCAPE_DATA_TYPE, 0x03 }; |
285 | | CONST_OID nsTypeHTML[] = { NETSCAPE_DATA_TYPE, 0x04 }; |
286 | | CONST_OID nsTypeCertSeq[] = { NETSCAPE_DATA_TYPE, 0x05 }; |
287 | | |
288 | | CONST_OID missiCertKEADSSOld[] = { MISSI_OLD_KEA_DSS }; |
289 | | CONST_OID missiCertDSSOld[] = { MISSI_OLD_DSS }; |
290 | | CONST_OID missiCertKEADSS[] = { MISSI_KEA_DSS }; |
291 | | CONST_OID missiCertDSS[] = { MISSI_DSS }; |
292 | | CONST_OID missiCertKEA[] = { MISSI_KEA }; |
293 | | CONST_OID missiCertAltKEA[] = { MISSI_ALT_KEA }; |
294 | | CONST_OID x500RSAEncryption[] = { X500_ALG_ENCRYPTION, 0x01 }; |
295 | | |
296 | | /* added for alg 1485 */ |
297 | | CONST_OID rfc1274Uid[] = { RFC1274_ATTR_TYPE, 1 }; |
298 | | CONST_OID rfc1274Mail[] = { RFC1274_ATTR_TYPE, 3 }; |
299 | | CONST_OID rfc2247DomainComponent[] = { RFC1274_ATTR_TYPE, 25 }; |
300 | | |
301 | | /* Netscape private certificate extensions */ |
302 | | CONST_OID nsCertExtNetscapeOK[] = { NS_CERT_EXT, 1 }; |
303 | | CONST_OID nsCertExtIssuerLogo[] = { NS_CERT_EXT, 2 }; |
304 | | CONST_OID nsCertExtSubjectLogo[] = { NS_CERT_EXT, 3 }; |
305 | | CONST_OID nsExtCertType[] = { NETSCAPE_CERT_EXT, 0x01 }; |
306 | | CONST_OID nsExtBaseURL[] = { NETSCAPE_CERT_EXT, 0x02 }; |
307 | | CONST_OID nsExtRevocationURL[] = { NETSCAPE_CERT_EXT, 0x03 }; |
308 | | CONST_OID nsExtCARevocationURL[] = { NETSCAPE_CERT_EXT, 0x04 }; |
309 | | CONST_OID nsExtCACRLURL[] = { NETSCAPE_CERT_EXT, 0x05 }; |
310 | | CONST_OID nsExtCACertURL[] = { NETSCAPE_CERT_EXT, 0x06 }; |
311 | | CONST_OID nsExtCertRenewalURL[] = { NETSCAPE_CERT_EXT, 0x07 }; |
312 | | CONST_OID nsExtCAPolicyURL[] = { NETSCAPE_CERT_EXT, 0x08 }; |
313 | | CONST_OID nsExtHomepageURL[] = { NETSCAPE_CERT_EXT, 0x09 }; |
314 | | CONST_OID nsExtEntityLogo[] = { NETSCAPE_CERT_EXT, 0x0a }; |
315 | | CONST_OID nsExtUserPicture[] = { NETSCAPE_CERT_EXT, 0x0b }; |
316 | | CONST_OID nsExtSSLServerName[] = { NETSCAPE_CERT_EXT, 0x0c }; |
317 | | CONST_OID nsExtComment[] = { NETSCAPE_CERT_EXT, 0x0d }; |
318 | | |
319 | | /* the following 2 extensions are defined for and used by Cartman(NSM) */ |
320 | | CONST_OID nsExtLostPasswordURL[] = { NETSCAPE_CERT_EXT, 0x0e }; |
321 | | CONST_OID nsExtCertRenewalTime[] = { NETSCAPE_CERT_EXT, 0x0f }; |
322 | | |
323 | | CONST_OID nsExtAIACertRenewal[] = { NETSCAPE_CERT_EXT_AIA, 0x01 }; |
324 | | CONST_OID nsExtCertScopeOfUse[] = { NETSCAPE_CERT_EXT, 0x11 }; |
325 | | /* Reserved Netscape (2 16 840 1 113730 1 18) = { NETSCAPE_CERT_EXT, 0x12 }; */ |
326 | | |
327 | | /* Netscape policy values */ |
328 | | CONST_OID nsKeyUsageGovtApproved[] = { NETSCAPE_POLICY, 0x01 }; |
329 | | |
330 | | /* Netscape other name types */ |
331 | | CONST_OID netscapeNickname[] = { NETSCAPE_NAME_COMPONENTS, 0x01 }; |
332 | | CONST_OID netscapeAOLScreenname[] = { NETSCAPE_NAME_COMPONENTS, 0x02 }; |
333 | | |
334 | | /* OIDs needed for cert server */ |
335 | | CONST_OID netscapeRecoveryRequest[] = { NETSCAPE_CERT_SERVER_CRMF, 0x01 }; |
336 | | |
337 | | /* Standard x.509 v3 Certificate & CRL Extensions */ |
338 | | CONST_OID x509SubjectDirectoryAttr[] = { ID_CE_OID, 9 }; |
339 | | CONST_OID x509SubjectKeyID[] = { ID_CE_OID, 14 }; |
340 | | CONST_OID x509KeyUsage[] = { ID_CE_OID, 15 }; |
341 | | CONST_OID x509PrivateKeyUsagePeriod[] = { ID_CE_OID, 16 }; |
342 | | CONST_OID x509SubjectAltName[] = { ID_CE_OID, 17 }; |
343 | | CONST_OID x509IssuerAltName[] = { ID_CE_OID, 18 }; |
344 | | CONST_OID x509BasicConstraints[] = { ID_CE_OID, 19 }; |
345 | | CONST_OID x509CRLNumber[] = { ID_CE_OID, 20 }; |
346 | | CONST_OID x509ReasonCode[] = { ID_CE_OID, 21 }; |
347 | | CONST_OID x509HoldInstructionCode[] = { ID_CE_OID, 23 }; |
348 | | CONST_OID x509InvalidDate[] = { ID_CE_OID, 24 }; |
349 | | CONST_OID x509DeltaCRLIndicator[] = { ID_CE_OID, 27 }; |
350 | | CONST_OID x509IssuingDistributionPoint[] = { ID_CE_OID, 28 }; |
351 | | CONST_OID x509CertIssuer[] = { ID_CE_OID, 29 }; |
352 | | CONST_OID x509NameConstraints[] = { ID_CE_OID, 30 }; |
353 | | CONST_OID x509CRLDistPoints[] = { ID_CE_OID, 31 }; |
354 | | CONST_OID x509CertificatePolicies[] = { ID_CE_OID, 32 }; |
355 | | CONST_OID x509PolicyMappings[] = { ID_CE_OID, 33 }; |
356 | | CONST_OID x509AuthKeyID[] = { ID_CE_OID, 35 }; |
357 | | CONST_OID x509PolicyConstraints[] = { ID_CE_OID, 36 }; |
358 | | CONST_OID x509ExtKeyUsage[] = { ID_CE_OID, 37 }; |
359 | | CONST_OID x509FreshestCRL[] = { ID_CE_OID, 46 }; |
360 | | CONST_OID x509InhibitAnyPolicy[] = { ID_CE_OID, 54 }; |
361 | | |
362 | | CONST_OID x509CertificatePoliciesAnyPolicy[] = { ID_CE_OID, 32, 0 }; |
363 | | |
364 | | CONST_OID x509AuthInfoAccess[] = { PKIX_CERT_EXTENSIONS, 1 }; |
365 | | CONST_OID x509SubjectInfoAccess[] = { PKIX_CERT_EXTENSIONS, 11 }; |
366 | | |
367 | | CONST_OID x509SIATimeStamping[] = { PKIX_ACCESS_DESCRIPTION, 0x03 }; |
368 | | CONST_OID x509SIACaRepository[] = { PKIX_ACCESS_DESCRIPTION, 0x05 }; |
369 | | |
370 | | /* pkcs 12 additions */ |
371 | | CONST_OID pkcs12[] = { PKCS12 }; |
372 | | CONST_OID pkcs12ModeIDs[] = { PKCS12_MODE_IDS }; |
373 | | CONST_OID pkcs12ESPVKIDs[] = { PKCS12_ESPVK_IDS }; |
374 | | CONST_OID pkcs12BagIDs[] = { PKCS12_BAG_IDS }; |
375 | | CONST_OID pkcs12CertBagIDs[] = { PKCS12_CERT_BAG_IDS }; |
376 | | CONST_OID pkcs12OIDs[] = { PKCS12_OIDS }; |
377 | | CONST_OID pkcs12PBEIDs[] = { PKCS12_PBE_IDS }; |
378 | | CONST_OID pkcs12EnvelopingIDs[] = { PKCS12_ENVELOPING_IDS }; |
379 | | CONST_OID pkcs12SignatureIDs[] = { PKCS12_SIGNATURE_IDS }; |
380 | | CONST_OID pkcs12PKCS8KeyShrouding[] = { PKCS12_ESPVK_IDS, 0x01 }; |
381 | | CONST_OID pkcs12KeyBagID[] = { PKCS12_BAG_IDS, 0x01 }; |
382 | | CONST_OID pkcs12CertAndCRLBagID[] = { PKCS12_BAG_IDS, 0x02 }; |
383 | | CONST_OID pkcs12SecretBagID[] = { PKCS12_BAG_IDS, 0x03 }; |
384 | | CONST_OID pkcs12X509CertCRLBag[] = { PKCS12_CERT_BAG_IDS, 0x01 }; |
385 | | CONST_OID pkcs12SDSICertBag[] = { PKCS12_CERT_BAG_IDS, 0x02 }; |
386 | | CONST_OID pkcs12PBEWithSha1And128BitRC4[] = { PKCS12_PBE_IDS, 0x01 }; |
387 | | CONST_OID pkcs12PBEWithSha1And40BitRC4[] = { PKCS12_PBE_IDS, 0x02 }; |
388 | | CONST_OID pkcs12PBEWithSha1AndTripleDESCBC[] = { PKCS12_PBE_IDS, 0x03 }; |
389 | | CONST_OID pkcs12PBEWithSha1And128BitRC2CBC[] = { PKCS12_PBE_IDS, 0x04 }; |
390 | | CONST_OID pkcs12PBEWithSha1And40BitRC2CBC[] = { PKCS12_PBE_IDS, 0x05 }; |
391 | | CONST_OID pkcs12RSAEncryptionWith128BitRC4[] = { PKCS12_ENVELOPING_IDS, 0x01 }; |
392 | | CONST_OID pkcs12RSAEncryptionWith40BitRC4[] = { PKCS12_ENVELOPING_IDS, 0x02 }; |
393 | | CONST_OID pkcs12RSAEncryptionWithTripleDES[] = { PKCS12_ENVELOPING_IDS, 0x03 }; |
394 | | CONST_OID pkcs12RSASignatureWithSHA1Digest[] = { PKCS12_SIGNATURE_IDS, 0x01 }; |
395 | | |
396 | | /* pkcs 12 version 1.0 ids */ |
397 | | CONST_OID pkcs12V2PBEWithSha1And128BitRC4[] = { PKCS12_V2_PBE_IDS, 0x01 }; |
398 | | CONST_OID pkcs12V2PBEWithSha1And40BitRC4[] = { PKCS12_V2_PBE_IDS, 0x02 }; |
399 | | CONST_OID pkcs12V2PBEWithSha1And3KeyTripleDEScbc[] = { PKCS12_V2_PBE_IDS, 0x03 }; |
400 | | CONST_OID pkcs12V2PBEWithSha1And2KeyTripleDEScbc[] = { PKCS12_V2_PBE_IDS, 0x04 }; |
401 | | CONST_OID pkcs12V2PBEWithSha1And128BitRC2cbc[] = { PKCS12_V2_PBE_IDS, 0x05 }; |
402 | | CONST_OID pkcs12V2PBEWithSha1And40BitRC2cbc[] = { PKCS12_V2_PBE_IDS, 0x06 }; |
403 | | |
404 | | CONST_OID pkcs12SafeContentsID[] = { PKCS12_BAG_IDS, 0x04 }; |
405 | | CONST_OID pkcs12PKCS8ShroudedKeyBagID[] = { PKCS12_BAG_IDS, 0x05 }; |
406 | | |
407 | | CONST_OID pkcs12V1KeyBag[] = { PKCS12_V1_BAG_IDS, 0x01 }; |
408 | | CONST_OID pkcs12V1PKCS8ShroudedKeyBag[] = { PKCS12_V1_BAG_IDS, 0x02 }; |
409 | | CONST_OID pkcs12V1CertBag[] = { PKCS12_V1_BAG_IDS, 0x03 }; |
410 | | CONST_OID pkcs12V1CRLBag[] = { PKCS12_V1_BAG_IDS, 0x04 }; |
411 | | CONST_OID pkcs12V1SecretBag[] = { PKCS12_V1_BAG_IDS, 0x05 }; |
412 | | CONST_OID pkcs12V1SafeContentsBag[] = { PKCS12_V1_BAG_IDS, 0x06 }; |
413 | | |
414 | | /* The following encoding is INCORRECT, but correcting it would create a |
415 | | * duplicate OID in the table. So, we will leave it alone. |
416 | | */ |
417 | | CONST_OID pkcs12KeyUsageAttr[] = { 2, 5, 29, 15 }; |
418 | | |
419 | | CONST_OID ansix9DSASignature[] = { ANSI_X9_ALGORITHM, 0x01 }; |
420 | | CONST_OID ansix9DSASignaturewithSHA1Digest[] = { ANSI_X9_ALGORITHM, 0x03 }; |
421 | | CONST_OID nistDSASignaturewithSHA224Digest[] = { DSA2, 0x01 }; |
422 | | CONST_OID nistDSASignaturewithSHA256Digest[] = { DSA2, 0x02 }; |
423 | | |
424 | | /* verisign OIDs */ |
425 | | CONST_OID verisignUserNotices[] = { VERISIGN, 1, 7, 1, 1 }; |
426 | | |
427 | | /* pkix OIDs */ |
428 | | CONST_OID pkixCPSPointerQualifier[] = { PKIX_POLICY_QUALIFIERS, 1 }; |
429 | | CONST_OID pkixUserNoticeQualifier[] = { PKIX_POLICY_QUALIFIERS, 2 }; |
430 | | |
431 | | CONST_OID pkixOCSP[] = { PKIX_OCSP }; |
432 | | CONST_OID pkixOCSPBasicResponse[] = { PKIX_OCSP, 1 }; |
433 | | CONST_OID pkixOCSPNonce[] = { PKIX_OCSP, 2 }; |
434 | | CONST_OID pkixOCSPCRL[] = { PKIX_OCSP, 3 }; |
435 | | CONST_OID pkixOCSPResponse[] = { PKIX_OCSP, 4 }; |
436 | | CONST_OID pkixOCSPNoCheck[] = { PKIX_OCSP, 5 }; |
437 | | CONST_OID pkixOCSPArchiveCutoff[] = { PKIX_OCSP, 6 }; |
438 | | CONST_OID pkixOCSPServiceLocator[] = { PKIX_OCSP, 7 }; |
439 | | |
440 | | CONST_OID pkixCAIssuers[] = { PKIX_CA_ISSUERS }; |
441 | | |
442 | | CONST_OID pkixRegCtrlRegToken[] = { PKIX_ID_REGCTRL, 1 }; |
443 | | CONST_OID pkixRegCtrlAuthenticator[] = { PKIX_ID_REGCTRL, 2 }; |
444 | | CONST_OID pkixRegCtrlPKIPubInfo[] = { PKIX_ID_REGCTRL, 3 }; |
445 | | CONST_OID pkixRegCtrlPKIArchOptions[] = { PKIX_ID_REGCTRL, 4 }; |
446 | | CONST_OID pkixRegCtrlOldCertID[] = { PKIX_ID_REGCTRL, 5 }; |
447 | | CONST_OID pkixRegCtrlProtEncKey[] = { PKIX_ID_REGCTRL, 6 }; |
448 | | CONST_OID pkixRegInfoUTF8Pairs[] = { PKIX_ID_REGINFO, 1 }; |
449 | | CONST_OID pkixRegInfoCertReq[] = { PKIX_ID_REGINFO, 2 }; |
450 | | |
451 | | CONST_OID pkixExtendedKeyUsageServerAuth[] = { PKIX_KEY_USAGE, 1 }; |
452 | | CONST_OID pkixExtendedKeyUsageClientAuth[] = { PKIX_KEY_USAGE, 2 }; |
453 | | CONST_OID pkixExtendedKeyUsageCodeSign[] = { PKIX_KEY_USAGE, 3 }; |
454 | | CONST_OID pkixExtendedKeyUsageEMailProtect[] = { PKIX_KEY_USAGE, 4 }; |
455 | | CONST_OID pkixExtendedKeyUsageTimeStamp[] = { PKIX_KEY_USAGE, 8 }; |
456 | | CONST_OID pkixOCSPResponderExtendedKeyUsage[] = { PKIX_KEY_USAGE, 9 }; |
457 | | CONST_OID msExtendedKeyUsageTrustListSigning[] = { MS_CRYPTO_EKU, 1 }; |
458 | | |
459 | | /* OIDs for Netscape defined algorithms */ |
460 | | CONST_OID netscapeSMimeKEA[] = { NETSCAPE_ALGS, 0x01 }; |
461 | | |
462 | | /* Fortezza algorithm OIDs */ |
463 | | CONST_OID skipjackCBC[] = { MISSI, 0x04 }; |
464 | | CONST_OID dhPublicKey[] = { ANSI_X942_ALGORITHM, 0x1 }; |
465 | | |
466 | | CONST_OID idea_CBC[] = { ASCOM_IDEA_ALG, 2 }; |
467 | | CONST_OID aes128_GCM[] = { AES, 0x6 }; |
468 | | CONST_OID aes192_GCM[] = { AES, 0x1a }; |
469 | | CONST_OID aes256_GCM[] = { AES, 0x2e }; |
470 | | CONST_OID aes128_ECB[] = { AES, 1 }; |
471 | | CONST_OID aes128_CBC[] = { AES, 2 }; |
472 | | #ifdef DEFINE_ALL_AES_CIPHERS |
473 | | CONST_OID aes128_OFB[] = { AES, 3 }; |
474 | | CONST_OID aes128_CFB[] = { AES, 4 }; |
475 | | #endif |
476 | | CONST_OID aes128_KEY_WRAP[] = { AES, 5 }; |
477 | | |
478 | | CONST_OID aes192_ECB[] = { AES, 21 }; |
479 | | CONST_OID aes192_CBC[] = { AES, 22 }; |
480 | | #ifdef DEFINE_ALL_AES_CIPHERS |
481 | | CONST_OID aes192_OFB[] = { AES, 23 }; |
482 | | CONST_OID aes192_CFB[] = { AES, 24 }; |
483 | | #endif |
484 | | CONST_OID aes192_KEY_WRAP[] = { AES, 25 }; |
485 | | |
486 | | CONST_OID aes256_ECB[] = { AES, 41 }; |
487 | | CONST_OID aes256_CBC[] = { AES, 42 }; |
488 | | #ifdef DEFINE_ALL_AES_CIPHERS |
489 | | CONST_OID aes256_OFB[] = { AES, 43 }; |
490 | | CONST_OID aes256_CFB[] = { AES, 44 }; |
491 | | #endif |
492 | | CONST_OID aes256_KEY_WRAP[] = { AES, 45 }; |
493 | | |
494 | | CONST_OID camellia128_CBC[] = { CAMELLIA_ENCRYPT_OID, 2 }; |
495 | | CONST_OID camellia192_CBC[] = { CAMELLIA_ENCRYPT_OID, 3 }; |
496 | | CONST_OID camellia256_CBC[] = { CAMELLIA_ENCRYPT_OID, 4 }; |
497 | | |
498 | | CONST_OID sha256[] = { SHAXXX, 1 }; |
499 | | CONST_OID sha384[] = { SHAXXX, 2 }; |
500 | | CONST_OID sha512[] = { SHAXXX, 3 }; |
501 | | CONST_OID sha224[] = { SHAXXX, 4 }; |
502 | | |
503 | | CONST_OID ansix962ECPublicKey[] = { ANSI_X962_OID, 0x02, 0x01 }; |
504 | | CONST_OID ansix962SignaturewithSHA1Digest[] = { ANSI_X962_SIGNATURE_OID, 0x01 }; |
505 | | CONST_OID ansix962SignatureRecommended[] = { ANSI_X962_SIGNATURE_OID, 0x02 }; |
506 | | CONST_OID ansix962SignatureSpecified[] = { ANSI_X962_SPECIFY_OID }; |
507 | | CONST_OID ansix962SignaturewithSHA224Digest[] = { ANSI_X962_SPECIFY_OID, 0x01 }; |
508 | | CONST_OID ansix962SignaturewithSHA256Digest[] = { ANSI_X962_SPECIFY_OID, 0x02 }; |
509 | | CONST_OID ansix962SignaturewithSHA384Digest[] = { ANSI_X962_SPECIFY_OID, 0x03 }; |
510 | | CONST_OID ansix962SignaturewithSHA512Digest[] = { ANSI_X962_SPECIFY_OID, 0x04 }; |
511 | | |
512 | | /* ANSI X9.62 prime curve OIDs */ |
513 | | /* NOTE: prime192v1 is the same as secp192r1, prime256v1 is the |
514 | | * same as secp256r1 |
515 | | */ |
516 | | CONST_OID ansiX962prime192v1[] = { ANSI_X962_GFp_OID, 0x01 }; /* unsupported by freebl */ |
517 | | CONST_OID ansiX962prime192v2[] = { ANSI_X962_GFp_OID, 0x02 }; /* unsupported by freebl */ |
518 | | CONST_OID ansiX962prime192v3[] = { ANSI_X962_GFp_OID, 0x03 }; /* unsupported by freebl */ |
519 | | CONST_OID ansiX962prime239v1[] = { ANSI_X962_GFp_OID, 0x04 }; /* unsupported by freebl */ |
520 | | CONST_OID ansiX962prime239v2[] = { ANSI_X962_GFp_OID, 0x05 }; /* unsupported by freebl */ |
521 | | CONST_OID ansiX962prime239v3[] = { ANSI_X962_GFp_OID, 0x06 }; /* unsupported by freebl */ |
522 | | CONST_OID ansiX962prime256v1[] = { ANSI_X962_GFp_OID, 0x07 }; |
523 | | |
524 | | /* SECG prime curve OIDs */ |
525 | | CONST_OID secgECsecp112r1[] = { SECG_OID, 0x06 }; /* unsupported by freebl */ |
526 | | CONST_OID secgECsecp112r2[] = { SECG_OID, 0x07 }; /* unsupported by freebl */ |
527 | | CONST_OID secgECsecp128r1[] = { SECG_OID, 0x1c }; /* unsupported by freebl */ |
528 | | CONST_OID secgECsecp128r2[] = { SECG_OID, 0x1d }; /* unsupported by freebl */ |
529 | | CONST_OID secgECsecp160k1[] = { SECG_OID, 0x09 }; /* unsupported by freebl */ |
530 | | CONST_OID secgECsecp160r1[] = { SECG_OID, 0x08 }; /* unsupported by freebl */ |
531 | | CONST_OID secgECsecp160r2[] = { SECG_OID, 0x1e }; /* unsupported by freebl */ |
532 | | CONST_OID secgECsecp192k1[] = { SECG_OID, 0x1f }; /* unsupported by freebl */ |
533 | | CONST_OID secgECsecp224k1[] = { SECG_OID, 0x20 }; /* unsupported by freebl */ |
534 | | CONST_OID secgECsecp224r1[] = { SECG_OID, 0x21 }; /* unsupported by freebl */ |
535 | | CONST_OID secgECsecp256k1[] = { SECG_OID, 0x0a }; /* unsupported by freebl */ |
536 | | CONST_OID secgECsecp384r1[] = { SECG_OID, 0x22 }; |
537 | | CONST_OID secgECsecp521r1[] = { SECG_OID, 0x23 }; |
538 | | |
539 | | /* ANSI X9.62 characteristic two curve OIDs */ |
540 | | CONST_OID ansiX962c2pnb163v1[] = { ANSI_X962_GF2m_OID, 0x01 }; /* unsupported by freebl */ |
541 | | CONST_OID ansiX962c2pnb163v2[] = { ANSI_X962_GF2m_OID, 0x02 }; /* unsupported by freebl */ |
542 | | CONST_OID ansiX962c2pnb163v3[] = { ANSI_X962_GF2m_OID, 0x03 }; /* unsupported by freebl */ |
543 | | CONST_OID ansiX962c2pnb176v1[] = { ANSI_X962_GF2m_OID, 0x04 }; /* unsupported by freebl */ |
544 | | CONST_OID ansiX962c2tnb191v1[] = { ANSI_X962_GF2m_OID, 0x05 }; /* unsupported by freebl */ |
545 | | CONST_OID ansiX962c2tnb191v2[] = { ANSI_X962_GF2m_OID, 0x06 }; /* unsupported by freebl */ |
546 | | CONST_OID ansiX962c2tnb191v3[] = { ANSI_X962_GF2m_OID, 0x07 }; /* unsupported by freebl */ |
547 | | CONST_OID ansiX962c2onb191v4[] = { ANSI_X962_GF2m_OID, 0x08 }; /* unsupported by freebl */ |
548 | | CONST_OID ansiX962c2onb191v5[] = { ANSI_X962_GF2m_OID, 0x09 }; /* unsupported by freebl */ |
549 | | CONST_OID ansiX962c2pnb208w1[] = { ANSI_X962_GF2m_OID, 0x0a }; /* unsupported by freebl */ |
550 | | CONST_OID ansiX962c2tnb239v1[] = { ANSI_X962_GF2m_OID, 0x0b }; /* unsupported by freebl */ |
551 | | CONST_OID ansiX962c2tnb239v2[] = { ANSI_X962_GF2m_OID, 0x0c }; /* unsupported by freebl */ |
552 | | CONST_OID ansiX962c2tnb239v3[] = { ANSI_X962_GF2m_OID, 0x0d }; /* unsupported by freebl */ |
553 | | CONST_OID ansiX962c2onb239v4[] = { ANSI_X962_GF2m_OID, 0x0e }; /* unsupported by freebl */ |
554 | | CONST_OID ansiX962c2onb239v5[] = { ANSI_X962_GF2m_OID, 0x0f }; /* unsupported by freebl */ |
555 | | CONST_OID ansiX962c2pnb272w1[] = { ANSI_X962_GF2m_OID, 0x10 }; /* unsupported by freebl */ |
556 | | CONST_OID ansiX962c2pnb304w1[] = { ANSI_X962_GF2m_OID, 0x11 }; /* unsupported by freebl */ |
557 | | CONST_OID ansiX962c2tnb359v1[] = { ANSI_X962_GF2m_OID, 0x12 }; /* unsupported by freebl */ |
558 | | CONST_OID ansiX962c2pnb368w1[] = { ANSI_X962_GF2m_OID, 0x13 }; /* unsupported by freebl */ |
559 | | CONST_OID ansiX962c2tnb431r1[] = { ANSI_X962_GF2m_OID, 0x14 }; /* unsupported by freebl */ |
560 | | |
561 | | /* SECG characterisitic two curve OIDs */ |
562 | | CONST_OID secgECsect113r1[] = { SECG_OID, 0x04 }; /* unsupported by freebl */ |
563 | | CONST_OID secgECsect113r2[] = { SECG_OID, 0x05 }; /* unsupported by freebl */ |
564 | | CONST_OID secgECsect131r1[] = { SECG_OID, 0x16 }; /* unsupported by freebl */ |
565 | | CONST_OID secgECsect131r2[] = { SECG_OID, 0x17 }; /* unsupported by freebl */ |
566 | | CONST_OID secgECsect163k1[] = { SECG_OID, 0x01 }; /* unsupported by freebl */ |
567 | | CONST_OID secgECsect163r1[] = { SECG_OID, 0x02 }; /* unsupported by freebl */ |
568 | | CONST_OID secgECsect163r2[] = { SECG_OID, 0x0f }; /* unsupported by freebl */ |
569 | | CONST_OID secgECsect193r1[] = { SECG_OID, 0x18 }; /* unsupported by freebl */ |
570 | | CONST_OID secgECsect193r2[] = { SECG_OID, 0x19 }; /* unsupported by freebl */ |
571 | | CONST_OID secgECsect233k1[] = { SECG_OID, 0x1a }; /* unsupported by freebl */ |
572 | | CONST_OID secgECsect233r1[] = { SECG_OID, 0x1b }; /* unsupported by freebl */ |
573 | | CONST_OID secgECsect239k1[] = { SECG_OID, 0x03 }; /* unsupported by freebl */ |
574 | | CONST_OID secgECsect283k1[] = { SECG_OID, 0x10 }; /* unsupported by freebl */ |
575 | | CONST_OID secgECsect283r1[] = { SECG_OID, 0x11 }; /* unsupported by freebl */ |
576 | | CONST_OID secgECsect409k1[] = { SECG_OID, 0x24 }; /* unsupported by freebl */ |
577 | | CONST_OID secgECsect409r1[] = { SECG_OID, 0x25 }; /* unsupported by freebl */ |
578 | | CONST_OID secgECsect571k1[] = { SECG_OID, 0x26 }; /* unsupported by freebl */ |
579 | | CONST_OID secgECsect571r1[] = { SECG_OID, 0x27 }; /* unsupported by freebl */ |
580 | | |
581 | | CONST_OID seed_CBC[] = { SEED_OID, 4 }; |
582 | | |
583 | | CONST_OID evIncorporationLocality[] = { EV_NAME_ATTRIBUTE, 1 }; |
584 | | CONST_OID evIncorporationState[] = { EV_NAME_ATTRIBUTE, 2 }; |
585 | | CONST_OID evIncorporationCountry[] = { EV_NAME_ATTRIBUTE, 3 }; |
586 | | |
587 | | /* https://tools.ietf.org/html/draft-josefsson-pkix-newcurves-01 |
588 | | * 1.3.6.1.4.1.11591.15.1 |
589 | | */ |
590 | | CONST_OID curve25519[] = { 0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA, 0x47, 0x0F, 0x01 }; |
591 | | |
592 | | #define OI(x) \ |
593 | | { \ |
594 | | siDEROID, (unsigned char *)x, sizeof x \ |
595 | | } |
596 | | #ifndef SECOID_NO_STRINGS |
597 | | #define OD(oid, tag, desc, mech, ext) \ |
598 | | { \ |
599 | | OI(oid) \ |
600 | | , tag, desc, mech, ext \ |
601 | | } |
602 | | #define ODE(tag, desc, mech, ext) \ |
603 | | { \ |
604 | | { siDEROID, NULL, 0 }, tag, desc, mech, ext \ |
605 | | } |
606 | | #else |
607 | | #define OD(oid, tag, desc, mech, ext) \ |
608 | | { \ |
609 | | OI(oid) \ |
610 | | , tag, 0, mech, ext \ |
611 | | } |
612 | | #define ODE(tag, desc, mech, ext) \ |
613 | | { \ |
614 | | { siDEROID, NULL, 0 }, tag, 0, mech, ext \ |
615 | | } |
616 | | #endif |
617 | | |
618 | | #if defined(NSS_ALLOW_UNSUPPORTED_CRITICAL) |
619 | | #define FAKE_SUPPORTED_CERT_EXTENSION SUPPORTED_CERT_EXTENSION |
620 | | #else |
621 | | #define FAKE_SUPPORTED_CERT_EXTENSION UNSUPPORTED_CERT_EXTENSION |
622 | | #endif |
623 | | |
624 | | /* |
625 | | * NOTE: the order of these entries must mach the SECOidTag enum in secoidt.h! |
626 | | */ |
627 | | const static SECOidData oids[SEC_OID_TOTAL] = { |
628 | | { { siDEROID, NULL, 0 }, SEC_OID_UNKNOWN, "Unknown OID", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION }, |
629 | | OD(md2, SEC_OID_MD2, "MD2", CKM_MD2, INVALID_CERT_EXTENSION), |
630 | | OD(md4, SEC_OID_MD4, |
631 | | "MD4", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
632 | | OD(md5, SEC_OID_MD5, "MD5", CKM_MD5, INVALID_CERT_EXTENSION), |
633 | | OD(sha1, SEC_OID_SHA1, "SHA-1", CKM_SHA_1, INVALID_CERT_EXTENSION), |
634 | | OD(rc2cbc, SEC_OID_RC2_CBC, |
635 | | "RC2-CBC", CKM_RC2_CBC, INVALID_CERT_EXTENSION), |
636 | | OD(rc4, SEC_OID_RC4, "RC4", CKM_RC4, INVALID_CERT_EXTENSION), |
637 | | OD(desede3cbc, SEC_OID_DES_EDE3_CBC, |
638 | | "DES-EDE3-CBC", CKM_DES3_CBC, INVALID_CERT_EXTENSION), |
639 | | OD(rc5cbcpad, SEC_OID_RC5_CBC_PAD, |
640 | | "RC5-CBCPad", CKM_RC5_CBC, INVALID_CERT_EXTENSION), |
641 | | OD(desecb, SEC_OID_DES_ECB, |
642 | | "DES-ECB", CKM_DES_ECB, INVALID_CERT_EXTENSION), |
643 | | OD(descbc, SEC_OID_DES_CBC, |
644 | | "DES-CBC", CKM_DES_CBC, INVALID_CERT_EXTENSION), |
645 | | OD(desofb, SEC_OID_DES_OFB, |
646 | | "DES-OFB", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
647 | | OD(descfb, SEC_OID_DES_CFB, |
648 | | "DES-CFB", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
649 | | OD(desmac, SEC_OID_DES_MAC, |
650 | | "DES-MAC", CKM_DES_MAC, INVALID_CERT_EXTENSION), |
651 | | OD(desede, SEC_OID_DES_EDE, |
652 | | "DES-EDE", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
653 | | OD(isoSHAWithRSASignature, SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE, |
654 | | "ISO SHA with RSA Signature", |
655 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
656 | | OD(pkcs1RSAEncryption, SEC_OID_PKCS1_RSA_ENCRYPTION, |
657 | | "PKCS #1 RSA Encryption", CKM_RSA_PKCS, INVALID_CERT_EXTENSION), |
658 | | |
659 | | /* the following Signing mechanisms should get new CKM_ values when |
660 | | * values for CKM_RSA_WITH_MDX and CKM_RSA_WITH_SHA_1 get defined in |
661 | | * PKCS #11. |
662 | | */ |
663 | | OD(pkcs1MD2WithRSAEncryption, SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION, |
664 | | "PKCS #1 MD2 With RSA Encryption", CKM_MD2_RSA_PKCS, |
665 | | INVALID_CERT_EXTENSION), |
666 | | OD(pkcs1MD4WithRSAEncryption, SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION, |
667 | | "PKCS #1 MD4 With RSA Encryption", |
668 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
669 | | OD(pkcs1MD5WithRSAEncryption, SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION, |
670 | | "PKCS #1 MD5 With RSA Encryption", CKM_MD5_RSA_PKCS, |
671 | | INVALID_CERT_EXTENSION), |
672 | | OD(pkcs1SHA1WithRSAEncryption, SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION, |
673 | | "PKCS #1 SHA-1 With RSA Encryption", CKM_SHA1_RSA_PKCS, |
674 | | INVALID_CERT_EXTENSION), |
675 | | |
676 | | OD(pkcs5PbeWithMD2AndDEScbc, SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC, |
677 | | "PKCS #5 Password Based Encryption with MD2 and DES-CBC", |
678 | | CKM_PBE_MD2_DES_CBC, INVALID_CERT_EXTENSION), |
679 | | OD(pkcs5PbeWithMD5AndDEScbc, SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC, |
680 | | "PKCS #5 Password Based Encryption with MD5 and DES-CBC", |
681 | | CKM_PBE_MD5_DES_CBC, INVALID_CERT_EXTENSION), |
682 | | OD(pkcs5PbeWithSha1AndDEScbc, SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC, |
683 | | "PKCS #5 Password Based Encryption with SHA-1 and DES-CBC", |
684 | | CKM_NETSCAPE_PBE_SHA1_DES_CBC, INVALID_CERT_EXTENSION), |
685 | | OD(pkcs7, SEC_OID_PKCS7, |
686 | | "PKCS #7", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
687 | | OD(pkcs7Data, SEC_OID_PKCS7_DATA, |
688 | | "PKCS #7 Data", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
689 | | OD(pkcs7SignedData, SEC_OID_PKCS7_SIGNED_DATA, |
690 | | "PKCS #7 Signed Data", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
691 | | OD(pkcs7EnvelopedData, SEC_OID_PKCS7_ENVELOPED_DATA, |
692 | | "PKCS #7 Enveloped Data", |
693 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
694 | | OD(pkcs7SignedEnvelopedData, SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA, |
695 | | "PKCS #7 Signed And Enveloped Data", |
696 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
697 | | OD(pkcs7DigestedData, SEC_OID_PKCS7_DIGESTED_DATA, |
698 | | "PKCS #7 Digested Data", |
699 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
700 | | OD(pkcs7EncryptedData, SEC_OID_PKCS7_ENCRYPTED_DATA, |
701 | | "PKCS #7 Encrypted Data", |
702 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
703 | | OD(pkcs9EmailAddress, SEC_OID_PKCS9_EMAIL_ADDRESS, |
704 | | "PKCS #9 Email Address", |
705 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
706 | | OD(pkcs9UnstructuredName, SEC_OID_PKCS9_UNSTRUCTURED_NAME, |
707 | | "PKCS #9 Unstructured Name", |
708 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
709 | | OD(pkcs9ContentType, SEC_OID_PKCS9_CONTENT_TYPE, |
710 | | "PKCS #9 Content Type", |
711 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
712 | | OD(pkcs9MessageDigest, SEC_OID_PKCS9_MESSAGE_DIGEST, |
713 | | "PKCS #9 Message Digest", |
714 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
715 | | OD(pkcs9SigningTime, SEC_OID_PKCS9_SIGNING_TIME, |
716 | | "PKCS #9 Signing Time", |
717 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
718 | | OD(pkcs9CounterSignature, SEC_OID_PKCS9_COUNTER_SIGNATURE, |
719 | | "PKCS #9 Counter Signature", |
720 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
721 | | OD(pkcs9ChallengePassword, SEC_OID_PKCS9_CHALLENGE_PASSWORD, |
722 | | "PKCS #9 Challenge Password", |
723 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
724 | | OD(pkcs9UnstructuredAddress, SEC_OID_PKCS9_UNSTRUCTURED_ADDRESS, |
725 | | "PKCS #9 Unstructured Address", |
726 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
727 | | OD(pkcs9ExtendedCertificateAttributes, |
728 | | SEC_OID_PKCS9_EXTENDED_CERTIFICATE_ATTRIBUTES, |
729 | | "PKCS #9 Extended Certificate Attributes", |
730 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
731 | | OD(pkcs9SMIMECapabilities, SEC_OID_PKCS9_SMIME_CAPABILITIES, |
732 | | "PKCS #9 S/MIME Capabilities", |
733 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
734 | | OD(x520CommonName, SEC_OID_AVA_COMMON_NAME, |
735 | | "X520 Common Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
736 | | OD(x520CountryName, SEC_OID_AVA_COUNTRY_NAME, |
737 | | "X520 Country Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
738 | | OD(x520LocalityName, SEC_OID_AVA_LOCALITY, |
739 | | "X520 Locality Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
740 | | OD(x520StateOrProvinceName, SEC_OID_AVA_STATE_OR_PROVINCE, |
741 | | "X520 State Or Province Name", |
742 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
743 | | OD(x520OrgName, SEC_OID_AVA_ORGANIZATION_NAME, |
744 | | "X520 Organization Name", |
745 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
746 | | OD(x520OrgUnitName, SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME, |
747 | | "X520 Organizational Unit Name", |
748 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
749 | | OD(x520DnQualifier, SEC_OID_AVA_DN_QUALIFIER, |
750 | | "X520 DN Qualifier", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
751 | | OD(rfc2247DomainComponent, SEC_OID_AVA_DC, |
752 | | "RFC 2247 Domain Component", |
753 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
754 | | |
755 | | OD(nsTypeGIF, SEC_OID_NS_TYPE_GIF, |
756 | | "GIF", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
757 | | OD(nsTypeJPEG, SEC_OID_NS_TYPE_JPEG, |
758 | | "JPEG", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
759 | | OD(nsTypeURL, SEC_OID_NS_TYPE_URL, |
760 | | "URL", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
761 | | OD(nsTypeHTML, SEC_OID_NS_TYPE_HTML, |
762 | | "HTML", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
763 | | OD(nsTypeCertSeq, SEC_OID_NS_TYPE_CERT_SEQUENCE, |
764 | | "Certificate Sequence", |
765 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
766 | | OD(missiCertKEADSSOld, SEC_OID_MISSI_KEA_DSS_OLD, |
767 | | "MISSI KEA and DSS Algorithm (Old)", |
768 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
769 | | OD(missiCertDSSOld, SEC_OID_MISSI_DSS_OLD, |
770 | | "MISSI DSS Algorithm (Old)", |
771 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
772 | | OD(missiCertKEADSS, SEC_OID_MISSI_KEA_DSS, |
773 | | "MISSI KEA and DSS Algorithm", |
774 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
775 | | OD(missiCertDSS, SEC_OID_MISSI_DSS, |
776 | | "MISSI DSS Algorithm", |
777 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
778 | | OD(missiCertKEA, SEC_OID_MISSI_KEA, |
779 | | "MISSI KEA Algorithm", |
780 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
781 | | OD(missiCertAltKEA, SEC_OID_MISSI_ALT_KEA, |
782 | | "MISSI Alternate KEA Algorithm", |
783 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
784 | | |
785 | | /* Netscape private extensions */ |
786 | | OD(nsCertExtNetscapeOK, SEC_OID_NS_CERT_EXT_NETSCAPE_OK, |
787 | | "Netscape says this cert is OK", |
788 | | CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION), |
789 | | OD(nsCertExtIssuerLogo, SEC_OID_NS_CERT_EXT_ISSUER_LOGO, |
790 | | "Certificate Issuer Logo", |
791 | | CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION), |
792 | | OD(nsCertExtSubjectLogo, SEC_OID_NS_CERT_EXT_SUBJECT_LOGO, |
793 | | "Certificate Subject Logo", |
794 | | CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION), |
795 | | OD(nsExtCertType, SEC_OID_NS_CERT_EXT_CERT_TYPE, |
796 | | "Certificate Type", |
797 | | CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION), |
798 | | OD(nsExtBaseURL, SEC_OID_NS_CERT_EXT_BASE_URL, |
799 | | "Certificate Extension Base URL", |
800 | | CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION), |
801 | | OD(nsExtRevocationURL, SEC_OID_NS_CERT_EXT_REVOCATION_URL, |
802 | | "Certificate Revocation URL", |
803 | | CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION), |
804 | | OD(nsExtCARevocationURL, SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL, |
805 | | "Certificate Authority Revocation URL", |
806 | | CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION), |
807 | | OD(nsExtCACRLURL, SEC_OID_NS_CERT_EXT_CA_CRL_URL, |
808 | | "Certificate Authority CRL Download URL", |
809 | | CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION), |
810 | | OD(nsExtCACertURL, SEC_OID_NS_CERT_EXT_CA_CERT_URL, |
811 | | "Certificate Authority Certificate Download URL", |
812 | | CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION), |
813 | | OD(nsExtCertRenewalURL, SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL, |
814 | | "Certificate Renewal URL", |
815 | | CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION), |
816 | | OD(nsExtCAPolicyURL, SEC_OID_NS_CERT_EXT_CA_POLICY_URL, |
817 | | "Certificate Authority Policy URL", |
818 | | CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION), |
819 | | OD(nsExtHomepageURL, SEC_OID_NS_CERT_EXT_HOMEPAGE_URL, |
820 | | "Certificate Homepage URL", |
821 | | CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION), |
822 | | OD(nsExtEntityLogo, SEC_OID_NS_CERT_EXT_ENTITY_LOGO, |
823 | | "Certificate Entity Logo", |
824 | | CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION), |
825 | | OD(nsExtUserPicture, SEC_OID_NS_CERT_EXT_USER_PICTURE, |
826 | | "Certificate User Picture", |
827 | | CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION), |
828 | | OD(nsExtSSLServerName, SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME, |
829 | | "Certificate SSL Server Name", |
830 | | CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION), |
831 | | OD(nsExtComment, SEC_OID_NS_CERT_EXT_COMMENT, |
832 | | "Certificate Comment", |
833 | | CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION), |
834 | | OD(nsExtLostPasswordURL, SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL, |
835 | | "Lost Password URL", |
836 | | CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION), |
837 | | OD(nsExtCertRenewalTime, SEC_OID_NS_CERT_EXT_CERT_RENEWAL_TIME, |
838 | | "Certificate Renewal Time", |
839 | | CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION), |
840 | | OD(nsKeyUsageGovtApproved, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED, |
841 | | "Strong Crypto Export Approved", |
842 | | CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION), |
843 | | |
844 | | /* x.509 v3 certificate extensions */ |
845 | | OD(x509SubjectDirectoryAttr, SEC_OID_X509_SUBJECT_DIRECTORY_ATTR, |
846 | | "Certificate Subject Directory Attributes", |
847 | | CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION), |
848 | | OD(x509SubjectKeyID, SEC_OID_X509_SUBJECT_KEY_ID, |
849 | | "Certificate Subject Key ID", |
850 | | CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION), |
851 | | OD(x509KeyUsage, SEC_OID_X509_KEY_USAGE, |
852 | | "Certificate Key Usage", |
853 | | CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION), |
854 | | OD(x509PrivateKeyUsagePeriod, SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD, |
855 | | "Certificate Private Key Usage Period", |
856 | | CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION), |
857 | | OD(x509SubjectAltName, SEC_OID_X509_SUBJECT_ALT_NAME, |
858 | | "Certificate Subject Alt Name", |
859 | | CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION), |
860 | | OD(x509IssuerAltName, SEC_OID_X509_ISSUER_ALT_NAME, |
861 | | "Certificate Issuer Alt Name", |
862 | | CKM_INVALID_MECHANISM, FAKE_SUPPORTED_CERT_EXTENSION), |
863 | | OD(x509BasicConstraints, SEC_OID_X509_BASIC_CONSTRAINTS, |
864 | | "Certificate Basic Constraints", |
865 | | CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION), |
866 | | OD(x509NameConstraints, SEC_OID_X509_NAME_CONSTRAINTS, |
867 | | "Certificate Name Constraints", |
868 | | CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION), |
869 | | OD(x509CRLDistPoints, SEC_OID_X509_CRL_DIST_POINTS, |
870 | | "CRL Distribution Points", |
871 | | CKM_INVALID_MECHANISM, FAKE_SUPPORTED_CERT_EXTENSION), |
872 | | OD(x509CertificatePolicies, SEC_OID_X509_CERTIFICATE_POLICIES, |
873 | | "Certificate Policies", |
874 | | CKM_INVALID_MECHANISM, FAKE_SUPPORTED_CERT_EXTENSION), |
875 | | OD(x509PolicyMappings, SEC_OID_X509_POLICY_MAPPINGS, |
876 | | "Certificate Policy Mappings", |
877 | | CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION), |
878 | | OD(x509PolicyConstraints, SEC_OID_X509_POLICY_CONSTRAINTS, |
879 | | "Certificate Policy Constraints", |
880 | | CKM_INVALID_MECHANISM, FAKE_SUPPORTED_CERT_EXTENSION), |
881 | | OD(x509AuthKeyID, SEC_OID_X509_AUTH_KEY_ID, |
882 | | "Certificate Authority Key Identifier", |
883 | | CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION), |
884 | | OD(x509ExtKeyUsage, SEC_OID_X509_EXT_KEY_USAGE, |
885 | | "Extended Key Usage", |
886 | | CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION), |
887 | | OD(x509AuthInfoAccess, SEC_OID_X509_AUTH_INFO_ACCESS, |
888 | | "Authority Information Access", |
889 | | CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION), |
890 | | |
891 | | /* x.509 v3 CRL extensions */ |
892 | | OD(x509CRLNumber, SEC_OID_X509_CRL_NUMBER, |
893 | | "CRL Number", CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION), |
894 | | OD(x509ReasonCode, SEC_OID_X509_REASON_CODE, |
895 | | "CRL reason code", CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION), |
896 | | OD(x509InvalidDate, SEC_OID_X509_INVALID_DATE, |
897 | | "Invalid Date", CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION), |
898 | | |
899 | | OD(x500RSAEncryption, SEC_OID_X500_RSA_ENCRYPTION, |
900 | | "X500 RSA Encryption", CKM_RSA_X_509, INVALID_CERT_EXTENSION), |
901 | | |
902 | | /* added for alg 1485 */ |
903 | | OD(rfc1274Uid, SEC_OID_RFC1274_UID, |
904 | | "RFC1274 User Id", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
905 | | OD(rfc1274Mail, SEC_OID_RFC1274_MAIL, |
906 | | "RFC1274 E-mail Address", |
907 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
908 | | |
909 | | /* pkcs 12 additions */ |
910 | | OD(pkcs12, SEC_OID_PKCS12, |
911 | | "PKCS #12", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
912 | | OD(pkcs12ModeIDs, SEC_OID_PKCS12_MODE_IDS, |
913 | | "PKCS #12 Mode IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
914 | | OD(pkcs12ESPVKIDs, SEC_OID_PKCS12_ESPVK_IDS, |
915 | | "PKCS #12 ESPVK IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
916 | | OD(pkcs12BagIDs, SEC_OID_PKCS12_BAG_IDS, |
917 | | "PKCS #12 Bag IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
918 | | OD(pkcs12CertBagIDs, SEC_OID_PKCS12_CERT_BAG_IDS, |
919 | | "PKCS #12 Cert Bag IDs", |
920 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
921 | | OD(pkcs12OIDs, SEC_OID_PKCS12_OIDS, |
922 | | "PKCS #12 OIDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
923 | | OD(pkcs12PBEIDs, SEC_OID_PKCS12_PBE_IDS, |
924 | | "PKCS #12 PBE IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
925 | | OD(pkcs12SignatureIDs, SEC_OID_PKCS12_SIGNATURE_IDS, |
926 | | "PKCS #12 Signature IDs", |
927 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
928 | | OD(pkcs12EnvelopingIDs, SEC_OID_PKCS12_ENVELOPING_IDS, |
929 | | "PKCS #12 Enveloping IDs", |
930 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
931 | | OD(pkcs12PKCS8KeyShrouding, SEC_OID_PKCS12_PKCS8_KEY_SHROUDING, |
932 | | "PKCS #12 Key Shrouding", |
933 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
934 | | OD(pkcs12KeyBagID, SEC_OID_PKCS12_KEY_BAG_ID, |
935 | | "PKCS #12 Key Bag ID", |
936 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
937 | | OD(pkcs12CertAndCRLBagID, SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID, |
938 | | "PKCS #12 Cert And CRL Bag ID", |
939 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
940 | | OD(pkcs12SecretBagID, SEC_OID_PKCS12_SECRET_BAG_ID, |
941 | | "PKCS #12 Secret Bag ID", |
942 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
943 | | OD(pkcs12X509CertCRLBag, SEC_OID_PKCS12_X509_CERT_CRL_BAG, |
944 | | "PKCS #12 X509 Cert CRL Bag", |
945 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
946 | | OD(pkcs12SDSICertBag, SEC_OID_PKCS12_SDSI_CERT_BAG, |
947 | | "PKCS #12 SDSI Cert Bag", |
948 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
949 | | OD(pkcs12PBEWithSha1And128BitRC4, |
950 | | SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4, |
951 | | "PKCS #12 PBE With SHA-1 and 128 Bit RC4", |
952 | | CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4, INVALID_CERT_EXTENSION), |
953 | | OD(pkcs12PBEWithSha1And40BitRC4, |
954 | | SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4, |
955 | | "PKCS #12 PBE With SHA-1 and 40 Bit RC4", |
956 | | CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4, INVALID_CERT_EXTENSION), |
957 | | OD(pkcs12PBEWithSha1AndTripleDESCBC, |
958 | | SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC, |
959 | | "PKCS #12 PBE With SHA-1 and Triple DES-CBC", |
960 | | CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC, INVALID_CERT_EXTENSION), |
961 | | OD(pkcs12PBEWithSha1And128BitRC2CBC, |
962 | | SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC, |
963 | | "PKCS #12 PBE With SHA-1 and 128 Bit RC2 CBC", |
964 | | CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC, INVALID_CERT_EXTENSION), |
965 | | OD(pkcs12PBEWithSha1And40BitRC2CBC, |
966 | | SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC, |
967 | | "PKCS #12 PBE With SHA-1 and 40 Bit RC2 CBC", |
968 | | CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC, INVALID_CERT_EXTENSION), |
969 | | OD(pkcs12RSAEncryptionWith128BitRC4, |
970 | | SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_128_BIT_RC4, |
971 | | "PKCS #12 RSA Encryption with 128 Bit RC4", |
972 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
973 | | OD(pkcs12RSAEncryptionWith40BitRC4, |
974 | | SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_40_BIT_RC4, |
975 | | "PKCS #12 RSA Encryption with 40 Bit RC4", |
976 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
977 | | OD(pkcs12RSAEncryptionWithTripleDES, |
978 | | SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_TRIPLE_DES, |
979 | | "PKCS #12 RSA Encryption with Triple DES", |
980 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
981 | | OD(pkcs12RSASignatureWithSHA1Digest, |
982 | | SEC_OID_PKCS12_RSA_SIGNATURE_WITH_SHA1_DIGEST, |
983 | | "PKCS #12 RSA Encryption with Triple DES", |
984 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
985 | | |
986 | | /* DSA signatures */ |
987 | | OD(ansix9DSASignature, SEC_OID_ANSIX9_DSA_SIGNATURE, |
988 | | "ANSI X9.57 DSA Signature", CKM_DSA, INVALID_CERT_EXTENSION), |
989 | | OD(ansix9DSASignaturewithSHA1Digest, |
990 | | SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST, |
991 | | "ANSI X9.57 DSA Signature with SHA-1 Digest", |
992 | | CKM_DSA_SHA1, INVALID_CERT_EXTENSION), |
993 | | OD(bogusDSASignaturewithSHA1Digest, |
994 | | SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST, |
995 | | "FORTEZZA DSA Signature with SHA-1 Digest", |
996 | | CKM_DSA_SHA1, INVALID_CERT_EXTENSION), |
997 | | |
998 | | /* verisign oids */ |
999 | | OD(verisignUserNotices, SEC_OID_VERISIGN_USER_NOTICES, |
1000 | | "Verisign User Notices", |
1001 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1002 | | |
1003 | | /* pkix oids */ |
1004 | | OD(pkixCPSPointerQualifier, SEC_OID_PKIX_CPS_POINTER_QUALIFIER, |
1005 | | "PKIX CPS Pointer Qualifier", |
1006 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1007 | | OD(pkixUserNoticeQualifier, SEC_OID_PKIX_USER_NOTICE_QUALIFIER, |
1008 | | "PKIX User Notice Qualifier", |
1009 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1010 | | |
1011 | | OD(pkixOCSP, SEC_OID_PKIX_OCSP, |
1012 | | "PKIX Online Certificate Status Protocol", |
1013 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1014 | | OD(pkixOCSPBasicResponse, SEC_OID_PKIX_OCSP_BASIC_RESPONSE, |
1015 | | "OCSP Basic Response", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1016 | | OD(pkixOCSPNonce, SEC_OID_PKIX_OCSP_NONCE, |
1017 | | "OCSP Nonce Extension", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1018 | | OD(pkixOCSPCRL, SEC_OID_PKIX_OCSP_CRL, |
1019 | | "OCSP CRL Reference Extension", |
1020 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1021 | | OD(pkixOCSPResponse, SEC_OID_PKIX_OCSP_RESPONSE, |
1022 | | "OCSP Response Types Extension", |
1023 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1024 | | OD(pkixOCSPNoCheck, SEC_OID_PKIX_OCSP_NO_CHECK, |
1025 | | "OCSP No Check Extension", |
1026 | | CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION), |
1027 | | OD(pkixOCSPArchiveCutoff, SEC_OID_PKIX_OCSP_ARCHIVE_CUTOFF, |
1028 | | "OCSP Archive Cutoff Extension", |
1029 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1030 | | OD(pkixOCSPServiceLocator, SEC_OID_PKIX_OCSP_SERVICE_LOCATOR, |
1031 | | "OCSP Service Locator Extension", |
1032 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1033 | | |
1034 | | OD(pkixRegCtrlRegToken, SEC_OID_PKIX_REGCTRL_REGTOKEN, |
1035 | | "PKIX CRMF Registration Control, Registration Token", |
1036 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1037 | | OD(pkixRegCtrlAuthenticator, SEC_OID_PKIX_REGCTRL_AUTHENTICATOR, |
1038 | | "PKIX CRMF Registration Control, Registration Authenticator", |
1039 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1040 | | OD(pkixRegCtrlPKIPubInfo, SEC_OID_PKIX_REGCTRL_PKIPUBINFO, |
1041 | | "PKIX CRMF Registration Control, PKI Publication Info", |
1042 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1043 | | OD(pkixRegCtrlPKIArchOptions, |
1044 | | SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS, |
1045 | | "PKIX CRMF Registration Control, PKI Archive Options", |
1046 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1047 | | OD(pkixRegCtrlOldCertID, SEC_OID_PKIX_REGCTRL_OLD_CERT_ID, |
1048 | | "PKIX CRMF Registration Control, Old Certificate ID", |
1049 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1050 | | OD(pkixRegCtrlProtEncKey, SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY, |
1051 | | "PKIX CRMF Registration Control, Protocol Encryption Key", |
1052 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1053 | | OD(pkixRegInfoUTF8Pairs, SEC_OID_PKIX_REGINFO_UTF8_PAIRS, |
1054 | | "PKIX CRMF Registration Info, UTF8 Pairs", |
1055 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1056 | | OD(pkixRegInfoCertReq, SEC_OID_PKIX_REGINFO_CERT_REQUEST, |
1057 | | "PKIX CRMF Registration Info, Certificate Request", |
1058 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1059 | | OD(pkixExtendedKeyUsageServerAuth, |
1060 | | SEC_OID_EXT_KEY_USAGE_SERVER_AUTH, |
1061 | | "TLS Web Server Authentication Certificate", |
1062 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1063 | | OD(pkixExtendedKeyUsageClientAuth, |
1064 | | SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH, |
1065 | | "TLS Web Client Authentication Certificate", |
1066 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1067 | | OD(pkixExtendedKeyUsageCodeSign, SEC_OID_EXT_KEY_USAGE_CODE_SIGN, |
1068 | | "Code Signing Certificate", |
1069 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1070 | | OD(pkixExtendedKeyUsageEMailProtect, |
1071 | | SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT, |
1072 | | "E-Mail Protection Certificate", |
1073 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1074 | | OD(pkixExtendedKeyUsageTimeStamp, |
1075 | | SEC_OID_EXT_KEY_USAGE_TIME_STAMP, |
1076 | | "Time Stamping Certifcate", |
1077 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1078 | | OD(pkixOCSPResponderExtendedKeyUsage, SEC_OID_OCSP_RESPONDER, |
1079 | | "OCSP Responder Certificate", |
1080 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1081 | | |
1082 | | /* Netscape Algorithm OIDs */ |
1083 | | |
1084 | | OD(netscapeSMimeKEA, SEC_OID_NETSCAPE_SMIME_KEA, |
1085 | | "Netscape S/MIME KEA", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1086 | | |
1087 | | /* Skipjack OID -- ### mwelch temporary */ |
1088 | | OD(skipjackCBC, SEC_OID_FORTEZZA_SKIPJACK, |
1089 | | "Skipjack CBC64", CKM_SKIPJACK_CBC64, INVALID_CERT_EXTENSION), |
1090 | | |
1091 | | /* pkcs12 v2 oids */ |
1092 | | OD(pkcs12V2PBEWithSha1And128BitRC4, |
1093 | | SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4, |
1094 | | "PKCS #12 V2 PBE With SHA-1 And 128 Bit RC4", |
1095 | | CKM_PBE_SHA1_RC4_128, INVALID_CERT_EXTENSION), |
1096 | | OD(pkcs12V2PBEWithSha1And40BitRC4, |
1097 | | SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4, |
1098 | | "PKCS #12 V2 PBE With SHA-1 And 40 Bit RC4", |
1099 | | CKM_PBE_SHA1_RC4_40, INVALID_CERT_EXTENSION), |
1100 | | OD(pkcs12V2PBEWithSha1And3KeyTripleDEScbc, |
1101 | | SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC, |
1102 | | "PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC", |
1103 | | CKM_PBE_SHA1_DES3_EDE_CBC, INVALID_CERT_EXTENSION), |
1104 | | OD(pkcs12V2PBEWithSha1And2KeyTripleDEScbc, |
1105 | | SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC, |
1106 | | "PKCS #12 V2 PBE With SHA-1 And 2KEY Triple DES-CBC", |
1107 | | CKM_PBE_SHA1_DES2_EDE_CBC, INVALID_CERT_EXTENSION), |
1108 | | OD(pkcs12V2PBEWithSha1And128BitRC2cbc, |
1109 | | SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC, |
1110 | | "PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC", |
1111 | | CKM_PBE_SHA1_RC2_128_CBC, INVALID_CERT_EXTENSION), |
1112 | | OD(pkcs12V2PBEWithSha1And40BitRC2cbc, |
1113 | | SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC, |
1114 | | "PKCS #12 V2 PBE With SHA-1 And 40 Bit RC2 CBC", |
1115 | | CKM_PBE_SHA1_RC2_40_CBC, INVALID_CERT_EXTENSION), |
1116 | | OD(pkcs12SafeContentsID, SEC_OID_PKCS12_SAFE_CONTENTS_ID, |
1117 | | "PKCS #12 Safe Contents ID", |
1118 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1119 | | OD(pkcs12PKCS8ShroudedKeyBagID, |
1120 | | SEC_OID_PKCS12_PKCS8_SHROUDED_KEY_BAG_ID, |
1121 | | "PKCS #12 Safe Contents ID", |
1122 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1123 | | OD(pkcs12V1KeyBag, SEC_OID_PKCS12_V1_KEY_BAG_ID, |
1124 | | "PKCS #12 V1 Key Bag", |
1125 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1126 | | OD(pkcs12V1PKCS8ShroudedKeyBag, |
1127 | | SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID, |
1128 | | "PKCS #12 V1 PKCS8 Shrouded Key Bag", |
1129 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1130 | | OD(pkcs12V1CertBag, SEC_OID_PKCS12_V1_CERT_BAG_ID, |
1131 | | "PKCS #12 V1 Cert Bag", |
1132 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1133 | | OD(pkcs12V1CRLBag, SEC_OID_PKCS12_V1_CRL_BAG_ID, |
1134 | | "PKCS #12 V1 CRL Bag", |
1135 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1136 | | OD(pkcs12V1SecretBag, SEC_OID_PKCS12_V1_SECRET_BAG_ID, |
1137 | | "PKCS #12 V1 Secret Bag", |
1138 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1139 | | OD(pkcs12V1SafeContentsBag, SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID, |
1140 | | "PKCS #12 V1 Safe Contents Bag", |
1141 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1142 | | |
1143 | | OD(pkcs9X509Certificate, SEC_OID_PKCS9_X509_CERT, |
1144 | | "PKCS #9 X509 Certificate", |
1145 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1146 | | OD(pkcs9SDSICertificate, SEC_OID_PKCS9_SDSI_CERT, |
1147 | | "PKCS #9 SDSI Certificate", |
1148 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1149 | | OD(pkcs9X509CRL, SEC_OID_PKCS9_X509_CRL, |
1150 | | "PKCS #9 X509 CRL", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1151 | | OD(pkcs9FriendlyName, SEC_OID_PKCS9_FRIENDLY_NAME, |
1152 | | "PKCS #9 Friendly Name", |
1153 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1154 | | OD(pkcs9LocalKeyID, SEC_OID_PKCS9_LOCAL_KEY_ID, |
1155 | | "PKCS #9 Local Key ID", |
1156 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1157 | | OD(pkcs12KeyUsageAttr, SEC_OID_BOGUS_KEY_USAGE, |
1158 | | "Bogus Key Usage", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1159 | | OD(dhPublicKey, SEC_OID_X942_DIFFIE_HELMAN_KEY, |
1160 | | "Diffie-Helman Public Key", CKM_DH_PKCS_DERIVE, |
1161 | | INVALID_CERT_EXTENSION), |
1162 | | OD(netscapeNickname, SEC_OID_NETSCAPE_NICKNAME, |
1163 | | "Netscape Nickname", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1164 | | |
1165 | | /* Cert Server specific OIDs */ |
1166 | | OD(netscapeRecoveryRequest, SEC_OID_NETSCAPE_RECOVERY_REQUEST, |
1167 | | "Recovery Request OID", |
1168 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1169 | | |
1170 | | OD(nsExtAIACertRenewal, SEC_OID_CERT_RENEWAL_LOCATOR, |
1171 | | "Certificate Renewal Locator OID", CKM_INVALID_MECHANISM, |
1172 | | INVALID_CERT_EXTENSION), |
1173 | | |
1174 | | OD(nsExtCertScopeOfUse, SEC_OID_NS_CERT_EXT_SCOPE_OF_USE, |
1175 | | "Certificate Scope-of-Use Extension", CKM_INVALID_MECHANISM, |
1176 | | SUPPORTED_CERT_EXTENSION), |
1177 | | |
1178 | | /* CMS stuff */ |
1179 | | OD(cmsESDH, SEC_OID_CMS_EPHEMERAL_STATIC_DIFFIE_HELLMAN, |
1180 | | "Ephemeral-Static Diffie-Hellman", CKM_INVALID_MECHANISM /* XXX */, |
1181 | | INVALID_CERT_EXTENSION), |
1182 | | OD(cms3DESwrap, SEC_OID_CMS_3DES_KEY_WRAP, |
1183 | | "CMS Triple DES Key Wrap", CKM_INVALID_MECHANISM /* XXX */, |
1184 | | INVALID_CERT_EXTENSION), |
1185 | | OD(cmsRC2wrap, SEC_OID_CMS_RC2_KEY_WRAP, |
1186 | | "CMS RC2 Key Wrap", CKM_INVALID_MECHANISM /* XXX */, |
1187 | | INVALID_CERT_EXTENSION), |
1188 | | OD(smimeEncryptionKeyPreference, SEC_OID_SMIME_ENCRYPTION_KEY_PREFERENCE, |
1189 | | "S/MIME Encryption Key Preference", |
1190 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1191 | | |
1192 | | /* AES algorithm OIDs */ |
1193 | | OD(aes128_ECB, SEC_OID_AES_128_ECB, |
1194 | | "AES-128-ECB", CKM_AES_ECB, INVALID_CERT_EXTENSION), |
1195 | | OD(aes128_CBC, SEC_OID_AES_128_CBC, |
1196 | | "AES-128-CBC", CKM_AES_CBC, INVALID_CERT_EXTENSION), |
1197 | | OD(aes192_ECB, SEC_OID_AES_192_ECB, |
1198 | | "AES-192-ECB", CKM_AES_ECB, INVALID_CERT_EXTENSION), |
1199 | | OD(aes192_CBC, SEC_OID_AES_192_CBC, |
1200 | | "AES-192-CBC", CKM_AES_CBC, INVALID_CERT_EXTENSION), |
1201 | | OD(aes256_ECB, SEC_OID_AES_256_ECB, |
1202 | | "AES-256-ECB", CKM_AES_ECB, INVALID_CERT_EXTENSION), |
1203 | | OD(aes256_CBC, SEC_OID_AES_256_CBC, |
1204 | | "AES-256-CBC", CKM_AES_CBC, INVALID_CERT_EXTENSION), |
1205 | | |
1206 | | /* More bogus DSA OIDs */ |
1207 | | OD(sdn702DSASignature, SEC_OID_SDN702_DSA_SIGNATURE, |
1208 | | "SDN.702 DSA Signature", CKM_DSA_SHA1, INVALID_CERT_EXTENSION), |
1209 | | |
1210 | | OD(ms_smimeEncryptionKeyPreference, |
1211 | | SEC_OID_MS_SMIME_ENCRYPTION_KEY_PREFERENCE, |
1212 | | "Microsoft S/MIME Encryption Key Preference", |
1213 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1214 | | |
1215 | | OD(sha256, SEC_OID_SHA256, "SHA-256", CKM_SHA256, INVALID_CERT_EXTENSION), |
1216 | | OD(sha384, SEC_OID_SHA384, "SHA-384", CKM_SHA384, INVALID_CERT_EXTENSION), |
1217 | | OD(sha512, SEC_OID_SHA512, "SHA-512", CKM_SHA512, INVALID_CERT_EXTENSION), |
1218 | | |
1219 | | OD(pkcs1SHA256WithRSAEncryption, SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION, |
1220 | | "PKCS #1 SHA-256 With RSA Encryption", CKM_SHA256_RSA_PKCS, |
1221 | | INVALID_CERT_EXTENSION), |
1222 | | OD(pkcs1SHA384WithRSAEncryption, SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION, |
1223 | | "PKCS #1 SHA-384 With RSA Encryption", CKM_SHA384_RSA_PKCS, |
1224 | | INVALID_CERT_EXTENSION), |
1225 | | OD(pkcs1SHA512WithRSAEncryption, SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION, |
1226 | | "PKCS #1 SHA-512 With RSA Encryption", CKM_SHA512_RSA_PKCS, |
1227 | | INVALID_CERT_EXTENSION), |
1228 | | |
1229 | | OD(aes128_KEY_WRAP, SEC_OID_AES_128_KEY_WRAP, |
1230 | | "AES-128 Key Wrap", CKM_NSS_AES_KEY_WRAP, INVALID_CERT_EXTENSION), |
1231 | | OD(aes192_KEY_WRAP, SEC_OID_AES_192_KEY_WRAP, |
1232 | | "AES-192 Key Wrap", CKM_NSS_AES_KEY_WRAP, INVALID_CERT_EXTENSION), |
1233 | | OD(aes256_KEY_WRAP, SEC_OID_AES_256_KEY_WRAP, |
1234 | | "AES-256 Key Wrap", CKM_NSS_AES_KEY_WRAP, INVALID_CERT_EXTENSION), |
1235 | | |
1236 | | /* Elliptic Curve Cryptography (ECC) OIDs */ |
1237 | | OD(ansix962ECPublicKey, SEC_OID_ANSIX962_EC_PUBLIC_KEY, |
1238 | | "X9.62 elliptic curve public key", CKM_ECDH1_DERIVE, |
1239 | | INVALID_CERT_EXTENSION), |
1240 | | OD(ansix962SignaturewithSHA1Digest, |
1241 | | SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE, |
1242 | | "X9.62 ECDSA signature with SHA-1", CKM_ECDSA_SHA1, |
1243 | | INVALID_CERT_EXTENSION), |
1244 | | |
1245 | | /* Named curves */ |
1246 | | /* NOTE: Only P256, P384, P521, and 25519 are supported by softoken. |
1247 | | * Using other curves requires an appropriate token. */ |
1248 | | |
1249 | | /* ANSI X9.62 named elliptic curves (prime field) */ |
1250 | | OD(ansiX962prime192v1, SEC_OID_ANSIX962_EC_PRIME192V1, |
1251 | | "ANSI X9.62 elliptic curve prime192v1 (aka secp192r1, NIST P-192)", |
1252 | | CKM_INVALID_MECHANISM, |
1253 | | INVALID_CERT_EXTENSION), |
1254 | | OD(ansiX962prime192v2, SEC_OID_ANSIX962_EC_PRIME192V2, |
1255 | | "ANSI X9.62 elliptic curve prime192v2", |
1256 | | CKM_INVALID_MECHANISM, |
1257 | | INVALID_CERT_EXTENSION), |
1258 | | OD(ansiX962prime192v3, SEC_OID_ANSIX962_EC_PRIME192V3, |
1259 | | "ANSI X9.62 elliptic curve prime192v3", |
1260 | | CKM_INVALID_MECHANISM, |
1261 | | INVALID_CERT_EXTENSION), |
1262 | | OD(ansiX962prime239v1, SEC_OID_ANSIX962_EC_PRIME239V1, |
1263 | | "ANSI X9.62 elliptic curve prime239v1", |
1264 | | CKM_INVALID_MECHANISM, |
1265 | | INVALID_CERT_EXTENSION), |
1266 | | OD(ansiX962prime239v2, SEC_OID_ANSIX962_EC_PRIME239V2, |
1267 | | "ANSI X9.62 elliptic curve prime239v2", |
1268 | | CKM_INVALID_MECHANISM, |
1269 | | INVALID_CERT_EXTENSION), |
1270 | | OD(ansiX962prime239v3, SEC_OID_ANSIX962_EC_PRIME239V3, |
1271 | | "ANSI X9.62 elliptic curve prime239v3", |
1272 | | CKM_INVALID_MECHANISM, |
1273 | | INVALID_CERT_EXTENSION), |
1274 | | OD(ansiX962prime256v1, SEC_OID_ANSIX962_EC_PRIME256V1, |
1275 | | "ANSI X9.62 elliptic curve prime256v1 (aka secp256r1, NIST P-256)", |
1276 | | CKM_INVALID_MECHANISM, |
1277 | | INVALID_CERT_EXTENSION), |
1278 | | |
1279 | | /* SECG named elliptic curves (prime field) */ |
1280 | | OD(secgECsecp112r1, SEC_OID_SECG_EC_SECP112R1, |
1281 | | "SECG elliptic curve secp112r1", |
1282 | | CKM_INVALID_MECHANISM, |
1283 | | INVALID_CERT_EXTENSION), |
1284 | | OD(secgECsecp112r2, SEC_OID_SECG_EC_SECP112R2, |
1285 | | "SECG elliptic curve secp112r2", |
1286 | | CKM_INVALID_MECHANISM, |
1287 | | INVALID_CERT_EXTENSION), |
1288 | | OD(secgECsecp128r1, SEC_OID_SECG_EC_SECP128R1, |
1289 | | "SECG elliptic curve secp128r1", |
1290 | | CKM_INVALID_MECHANISM, |
1291 | | INVALID_CERT_EXTENSION), |
1292 | | OD(secgECsecp128r2, SEC_OID_SECG_EC_SECP128R2, |
1293 | | "SECG elliptic curve secp128r2", |
1294 | | CKM_INVALID_MECHANISM, |
1295 | | INVALID_CERT_EXTENSION), |
1296 | | OD(secgECsecp160k1, SEC_OID_SECG_EC_SECP160K1, |
1297 | | "SECG elliptic curve secp160k1", |
1298 | | CKM_INVALID_MECHANISM, |
1299 | | INVALID_CERT_EXTENSION), |
1300 | | OD(secgECsecp160r1, SEC_OID_SECG_EC_SECP160R1, |
1301 | | "SECG elliptic curve secp160r1", |
1302 | | CKM_INVALID_MECHANISM, |
1303 | | INVALID_CERT_EXTENSION), |
1304 | | OD(secgECsecp160r2, SEC_OID_SECG_EC_SECP160R2, |
1305 | | "SECG elliptic curve secp160r2", |
1306 | | CKM_INVALID_MECHANISM, |
1307 | | INVALID_CERT_EXTENSION), |
1308 | | OD(secgECsecp192k1, SEC_OID_SECG_EC_SECP192K1, |
1309 | | "SECG elliptic curve secp192k1", |
1310 | | CKM_INVALID_MECHANISM, |
1311 | | INVALID_CERT_EXTENSION), |
1312 | | OD(secgECsecp224k1, SEC_OID_SECG_EC_SECP224K1, |
1313 | | "SECG elliptic curve secp224k1", |
1314 | | CKM_INVALID_MECHANISM, |
1315 | | INVALID_CERT_EXTENSION), |
1316 | | OD(secgECsecp224r1, SEC_OID_SECG_EC_SECP224R1, |
1317 | | "SECG elliptic curve secp224r1 (aka NIST P-224)", |
1318 | | CKM_INVALID_MECHANISM, |
1319 | | INVALID_CERT_EXTENSION), |
1320 | | OD(secgECsecp256k1, SEC_OID_SECG_EC_SECP256K1, |
1321 | | "SECG elliptic curve secp256k1", |
1322 | | CKM_INVALID_MECHANISM, |
1323 | | INVALID_CERT_EXTENSION), |
1324 | | OD(secgECsecp384r1, SEC_OID_SECG_EC_SECP384R1, |
1325 | | "SECG elliptic curve secp384r1 (aka NIST P-384)", |
1326 | | CKM_INVALID_MECHANISM, |
1327 | | INVALID_CERT_EXTENSION), |
1328 | | OD(secgECsecp521r1, SEC_OID_SECG_EC_SECP521R1, |
1329 | | "SECG elliptic curve secp521r1 (aka NIST P-521)", |
1330 | | CKM_INVALID_MECHANISM, |
1331 | | INVALID_CERT_EXTENSION), |
1332 | | |
1333 | | /* ANSI X9.62 named elliptic curves (characteristic two field) */ |
1334 | | OD(ansiX962c2pnb163v1, SEC_OID_ANSIX962_EC_C2PNB163V1, |
1335 | | "ANSI X9.62 elliptic curve c2pnb163v1", |
1336 | | CKM_INVALID_MECHANISM, |
1337 | | INVALID_CERT_EXTENSION), |
1338 | | OD(ansiX962c2pnb163v2, SEC_OID_ANSIX962_EC_C2PNB163V2, |
1339 | | "ANSI X9.62 elliptic curve c2pnb163v2", |
1340 | | CKM_INVALID_MECHANISM, |
1341 | | INVALID_CERT_EXTENSION), |
1342 | | OD(ansiX962c2pnb163v3, SEC_OID_ANSIX962_EC_C2PNB163V3, |
1343 | | "ANSI X9.62 elliptic curve c2pnb163v3", |
1344 | | CKM_INVALID_MECHANISM, |
1345 | | INVALID_CERT_EXTENSION), |
1346 | | OD(ansiX962c2pnb176v1, SEC_OID_ANSIX962_EC_C2PNB176V1, |
1347 | | "ANSI X9.62 elliptic curve c2pnb176v1", |
1348 | | CKM_INVALID_MECHANISM, |
1349 | | INVALID_CERT_EXTENSION), |
1350 | | OD(ansiX962c2tnb191v1, SEC_OID_ANSIX962_EC_C2TNB191V1, |
1351 | | "ANSI X9.62 elliptic curve c2tnb191v1", |
1352 | | CKM_INVALID_MECHANISM, |
1353 | | INVALID_CERT_EXTENSION), |
1354 | | OD(ansiX962c2tnb191v2, SEC_OID_ANSIX962_EC_C2TNB191V2, |
1355 | | "ANSI X9.62 elliptic curve c2tnb191v2", |
1356 | | CKM_INVALID_MECHANISM, |
1357 | | INVALID_CERT_EXTENSION), |
1358 | | OD(ansiX962c2tnb191v3, SEC_OID_ANSIX962_EC_C2TNB191V3, |
1359 | | "ANSI X9.62 elliptic curve c2tnb191v3", |
1360 | | CKM_INVALID_MECHANISM, |
1361 | | INVALID_CERT_EXTENSION), |
1362 | | OD(ansiX962c2onb191v4, SEC_OID_ANSIX962_EC_C2ONB191V4, |
1363 | | "ANSI X9.62 elliptic curve c2onb191v4", |
1364 | | CKM_INVALID_MECHANISM, |
1365 | | INVALID_CERT_EXTENSION), |
1366 | | OD(ansiX962c2onb191v5, SEC_OID_ANSIX962_EC_C2ONB191V5, |
1367 | | "ANSI X9.62 elliptic curve c2onb191v5", |
1368 | | CKM_INVALID_MECHANISM, |
1369 | | INVALID_CERT_EXTENSION), |
1370 | | OD(ansiX962c2pnb208w1, SEC_OID_ANSIX962_EC_C2PNB208W1, |
1371 | | "ANSI X9.62 elliptic curve c2pnb208w1", |
1372 | | CKM_INVALID_MECHANISM, |
1373 | | INVALID_CERT_EXTENSION), |
1374 | | OD(ansiX962c2tnb239v1, SEC_OID_ANSIX962_EC_C2TNB239V1, |
1375 | | "ANSI X9.62 elliptic curve c2tnb239v1", |
1376 | | CKM_INVALID_MECHANISM, |
1377 | | INVALID_CERT_EXTENSION), |
1378 | | OD(ansiX962c2tnb239v2, SEC_OID_ANSIX962_EC_C2TNB239V2, |
1379 | | "ANSI X9.62 elliptic curve c2tnb239v2", |
1380 | | CKM_INVALID_MECHANISM, |
1381 | | INVALID_CERT_EXTENSION), |
1382 | | OD(ansiX962c2tnb239v3, SEC_OID_ANSIX962_EC_C2TNB239V3, |
1383 | | "ANSI X9.62 elliptic curve c2tnb239v3", |
1384 | | CKM_INVALID_MECHANISM, |
1385 | | INVALID_CERT_EXTENSION), |
1386 | | OD(ansiX962c2onb239v4, SEC_OID_ANSIX962_EC_C2ONB239V4, |
1387 | | "ANSI X9.62 elliptic curve c2onb239v4", |
1388 | | CKM_INVALID_MECHANISM, |
1389 | | INVALID_CERT_EXTENSION), |
1390 | | OD(ansiX962c2onb239v5, SEC_OID_ANSIX962_EC_C2ONB239V5, |
1391 | | "ANSI X9.62 elliptic curve c2onb239v5", |
1392 | | CKM_INVALID_MECHANISM, |
1393 | | INVALID_CERT_EXTENSION), |
1394 | | OD(ansiX962c2pnb272w1, SEC_OID_ANSIX962_EC_C2PNB272W1, |
1395 | | "ANSI X9.62 elliptic curve c2pnb272w1", |
1396 | | CKM_INVALID_MECHANISM, |
1397 | | INVALID_CERT_EXTENSION), |
1398 | | OD(ansiX962c2pnb304w1, SEC_OID_ANSIX962_EC_C2PNB304W1, |
1399 | | "ANSI X9.62 elliptic curve c2pnb304w1", |
1400 | | CKM_INVALID_MECHANISM, |
1401 | | INVALID_CERT_EXTENSION), |
1402 | | OD(ansiX962c2tnb359v1, SEC_OID_ANSIX962_EC_C2TNB359V1, |
1403 | | "ANSI X9.62 elliptic curve c2tnb359v1", |
1404 | | CKM_INVALID_MECHANISM, |
1405 | | INVALID_CERT_EXTENSION), |
1406 | | OD(ansiX962c2pnb368w1, SEC_OID_ANSIX962_EC_C2PNB368W1, |
1407 | | "ANSI X9.62 elliptic curve c2pnb368w1", |
1408 | | CKM_INVALID_MECHANISM, |
1409 | | INVALID_CERT_EXTENSION), |
1410 | | OD(ansiX962c2tnb431r1, SEC_OID_ANSIX962_EC_C2TNB431R1, |
1411 | | "ANSI X9.62 elliptic curve c2tnb431r1", |
1412 | | CKM_INVALID_MECHANISM, |
1413 | | INVALID_CERT_EXTENSION), |
1414 | | |
1415 | | /* SECG named elliptic curves (characterisitic two field) */ |
1416 | | OD(secgECsect113r1, SEC_OID_SECG_EC_SECT113R1, |
1417 | | "SECG elliptic curve sect113r1", |
1418 | | CKM_INVALID_MECHANISM, |
1419 | | INVALID_CERT_EXTENSION), |
1420 | | OD(secgECsect113r2, SEC_OID_SECG_EC_SECT113R2, |
1421 | | "SECG elliptic curve sect113r2", |
1422 | | CKM_INVALID_MECHANISM, |
1423 | | INVALID_CERT_EXTENSION), |
1424 | | OD(secgECsect131r1, SEC_OID_SECG_EC_SECT131R1, |
1425 | | "SECG elliptic curve sect131r1", |
1426 | | CKM_INVALID_MECHANISM, |
1427 | | INVALID_CERT_EXTENSION), |
1428 | | OD(secgECsect131r2, SEC_OID_SECG_EC_SECT131R2, |
1429 | | "SECG elliptic curve sect131r2", |
1430 | | CKM_INVALID_MECHANISM, |
1431 | | INVALID_CERT_EXTENSION), |
1432 | | OD(secgECsect163k1, SEC_OID_SECG_EC_SECT163K1, |
1433 | | "SECG elliptic curve sect163k1 (aka NIST K-163)", |
1434 | | CKM_INVALID_MECHANISM, |
1435 | | INVALID_CERT_EXTENSION), |
1436 | | OD(secgECsect163r1, SEC_OID_SECG_EC_SECT163R1, |
1437 | | "SECG elliptic curve sect163r1", |
1438 | | CKM_INVALID_MECHANISM, |
1439 | | INVALID_CERT_EXTENSION), |
1440 | | OD(secgECsect163r2, SEC_OID_SECG_EC_SECT163R2, |
1441 | | "SECG elliptic curve sect163r2 (aka NIST B-163)", |
1442 | | CKM_INVALID_MECHANISM, |
1443 | | INVALID_CERT_EXTENSION), |
1444 | | OD(secgECsect193r1, SEC_OID_SECG_EC_SECT193R1, |
1445 | | "SECG elliptic curve sect193r1", |
1446 | | CKM_INVALID_MECHANISM, |
1447 | | INVALID_CERT_EXTENSION), |
1448 | | OD(secgECsect193r2, SEC_OID_SECG_EC_SECT193R2, |
1449 | | "SECG elliptic curve sect193r2", |
1450 | | CKM_INVALID_MECHANISM, |
1451 | | INVALID_CERT_EXTENSION), |
1452 | | OD(secgECsect233k1, SEC_OID_SECG_EC_SECT233K1, |
1453 | | "SECG elliptic curve sect233k1 (aka NIST K-233)", |
1454 | | CKM_INVALID_MECHANISM, |
1455 | | INVALID_CERT_EXTENSION), |
1456 | | OD(secgECsect233r1, SEC_OID_SECG_EC_SECT233R1, |
1457 | | "SECG elliptic curve sect233r1 (aka NIST B-233)", |
1458 | | CKM_INVALID_MECHANISM, |
1459 | | INVALID_CERT_EXTENSION), |
1460 | | OD(secgECsect239k1, SEC_OID_SECG_EC_SECT239K1, |
1461 | | "SECG elliptic curve sect239k1", |
1462 | | CKM_INVALID_MECHANISM, |
1463 | | INVALID_CERT_EXTENSION), |
1464 | | OD(secgECsect283k1, SEC_OID_SECG_EC_SECT283K1, |
1465 | | "SECG elliptic curve sect283k1 (aka NIST K-283)", |
1466 | | CKM_INVALID_MECHANISM, |
1467 | | INVALID_CERT_EXTENSION), |
1468 | | OD(secgECsect283r1, SEC_OID_SECG_EC_SECT283R1, |
1469 | | "SECG elliptic curve sect283r1 (aka NIST B-283)", |
1470 | | CKM_INVALID_MECHANISM, |
1471 | | INVALID_CERT_EXTENSION), |
1472 | | OD(secgECsect409k1, SEC_OID_SECG_EC_SECT409K1, |
1473 | | "SECG elliptic curve sect409k1 (aka NIST K-409)", |
1474 | | CKM_INVALID_MECHANISM, |
1475 | | INVALID_CERT_EXTENSION), |
1476 | | OD(secgECsect409r1, SEC_OID_SECG_EC_SECT409R1, |
1477 | | "SECG elliptic curve sect409r1 (aka NIST B-409)", |
1478 | | CKM_INVALID_MECHANISM, |
1479 | | INVALID_CERT_EXTENSION), |
1480 | | OD(secgECsect571k1, SEC_OID_SECG_EC_SECT571K1, |
1481 | | "SECG elliptic curve sect571k1 (aka NIST K-571)", |
1482 | | CKM_INVALID_MECHANISM, |
1483 | | INVALID_CERT_EXTENSION), |
1484 | | OD(secgECsect571r1, SEC_OID_SECG_EC_SECT571R1, |
1485 | | "SECG elliptic curve sect571r1 (aka NIST B-571)", |
1486 | | CKM_INVALID_MECHANISM, |
1487 | | INVALID_CERT_EXTENSION), |
1488 | | |
1489 | | OD(netscapeAOLScreenname, SEC_OID_NETSCAPE_AOLSCREENNAME, |
1490 | | "AOL Screenname", CKM_INVALID_MECHANISM, |
1491 | | INVALID_CERT_EXTENSION), |
1492 | | |
1493 | | OD(x520SurName, SEC_OID_AVA_SURNAME, |
1494 | | "X520 Title", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1495 | | OD(x520SerialNumber, SEC_OID_AVA_SERIAL_NUMBER, |
1496 | | "X520 Serial Number", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1497 | | OD(x520StreetAddress, SEC_OID_AVA_STREET_ADDRESS, |
1498 | | "X520 Street Address", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1499 | | OD(x520Title, SEC_OID_AVA_TITLE, |
1500 | | "X520 Title", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1501 | | OD(x520PostalAddress, SEC_OID_AVA_POSTAL_ADDRESS, |
1502 | | "X520 Postal Address", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1503 | | OD(x520PostalCode, SEC_OID_AVA_POSTAL_CODE, |
1504 | | "X520 Postal Code", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1505 | | OD(x520PostOfficeBox, SEC_OID_AVA_POST_OFFICE_BOX, |
1506 | | "X520 Post Office Box", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1507 | | OD(x520GivenName, SEC_OID_AVA_GIVEN_NAME, |
1508 | | "X520 Given Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1509 | | OD(x520Initials, SEC_OID_AVA_INITIALS, |
1510 | | "X520 Initials", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1511 | | OD(x520GenerationQualifier, SEC_OID_AVA_GENERATION_QUALIFIER, |
1512 | | "X520 Generation Qualifier", |
1513 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1514 | | OD(x520HouseIdentifier, SEC_OID_AVA_HOUSE_IDENTIFIER, |
1515 | | "X520 House Identifier", |
1516 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1517 | | OD(x520Pseudonym, SEC_OID_AVA_PSEUDONYM, |
1518 | | "X520 Pseudonym", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1519 | | |
1520 | | /* More OIDs */ |
1521 | | OD(pkixCAIssuers, SEC_OID_PKIX_CA_ISSUERS, |
1522 | | "PKIX CA issuers access method", |
1523 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1524 | | OD(pkcs9ExtensionRequest, SEC_OID_PKCS9_EXTENSION_REQUEST, |
1525 | | "PKCS #9 Extension Request", |
1526 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1527 | | |
1528 | | /* more ECC Signature Oids */ |
1529 | | OD(ansix962SignatureRecommended, |
1530 | | SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST, |
1531 | | "X9.62 ECDSA signature with recommended digest", CKM_INVALID_MECHANISM, |
1532 | | INVALID_CERT_EXTENSION), |
1533 | | OD(ansix962SignatureSpecified, |
1534 | | SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST, |
1535 | | "X9.62 ECDSA signature with specified digest", CKM_ECDSA, |
1536 | | INVALID_CERT_EXTENSION), |
1537 | | OD(ansix962SignaturewithSHA224Digest, |
1538 | | SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE, |
1539 | | "X9.62 ECDSA signature with SHA224", CKM_INVALID_MECHANISM, |
1540 | | INVALID_CERT_EXTENSION), |
1541 | | OD(ansix962SignaturewithSHA256Digest, |
1542 | | SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE, |
1543 | | "X9.62 ECDSA signature with SHA256", CKM_INVALID_MECHANISM, |
1544 | | INVALID_CERT_EXTENSION), |
1545 | | OD(ansix962SignaturewithSHA384Digest, |
1546 | | SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE, |
1547 | | "X9.62 ECDSA signature with SHA384", CKM_INVALID_MECHANISM, |
1548 | | INVALID_CERT_EXTENSION), |
1549 | | OD(ansix962SignaturewithSHA512Digest, |
1550 | | SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE, |
1551 | | "X9.62 ECDSA signature with SHA512", CKM_INVALID_MECHANISM, |
1552 | | INVALID_CERT_EXTENSION), |
1553 | | |
1554 | | /* More id-ce and id-pe OIDs from RFC 3280 */ |
1555 | | OD(x509HoldInstructionCode, SEC_OID_X509_HOLD_INSTRUCTION_CODE, |
1556 | | "CRL Hold Instruction Code", CKM_INVALID_MECHANISM, |
1557 | | UNSUPPORTED_CERT_EXTENSION), |
1558 | | OD(x509DeltaCRLIndicator, SEC_OID_X509_DELTA_CRL_INDICATOR, |
1559 | | "Delta CRL Indicator", CKM_INVALID_MECHANISM, |
1560 | | FAKE_SUPPORTED_CERT_EXTENSION), |
1561 | | OD(x509IssuingDistributionPoint, SEC_OID_X509_ISSUING_DISTRIBUTION_POINT, |
1562 | | "Issuing Distribution Point", CKM_INVALID_MECHANISM, |
1563 | | FAKE_SUPPORTED_CERT_EXTENSION), |
1564 | | OD(x509CertIssuer, SEC_OID_X509_CERT_ISSUER, |
1565 | | "Certificate Issuer Extension", CKM_INVALID_MECHANISM, |
1566 | | FAKE_SUPPORTED_CERT_EXTENSION), |
1567 | | OD(x509FreshestCRL, SEC_OID_X509_FRESHEST_CRL, |
1568 | | "Freshest CRL", CKM_INVALID_MECHANISM, |
1569 | | UNSUPPORTED_CERT_EXTENSION), |
1570 | | OD(x509InhibitAnyPolicy, SEC_OID_X509_INHIBIT_ANY_POLICY, |
1571 | | "Inhibit Any Policy", CKM_INVALID_MECHANISM, |
1572 | | FAKE_SUPPORTED_CERT_EXTENSION), |
1573 | | OD(x509SubjectInfoAccess, SEC_OID_X509_SUBJECT_INFO_ACCESS, |
1574 | | "Subject Info Access", CKM_INVALID_MECHANISM, |
1575 | | UNSUPPORTED_CERT_EXTENSION), |
1576 | | |
1577 | | /* Camellia algorithm OIDs */ |
1578 | | OD(camellia128_CBC, SEC_OID_CAMELLIA_128_CBC, |
1579 | | "CAMELLIA-128-CBC", CKM_CAMELLIA_CBC, INVALID_CERT_EXTENSION), |
1580 | | OD(camellia192_CBC, SEC_OID_CAMELLIA_192_CBC, |
1581 | | "CAMELLIA-192-CBC", CKM_CAMELLIA_CBC, INVALID_CERT_EXTENSION), |
1582 | | OD(camellia256_CBC, SEC_OID_CAMELLIA_256_CBC, |
1583 | | "CAMELLIA-256-CBC", CKM_CAMELLIA_CBC, INVALID_CERT_EXTENSION), |
1584 | | |
1585 | | /* PKCS 5 v2 OIDS */ |
1586 | | OD(pkcs5Pbkdf2, SEC_OID_PKCS5_PBKDF2, |
1587 | | "PKCS #5 Password Based Key Dervive Function v2 ", |
1588 | | CKM_PKCS5_PBKD2, INVALID_CERT_EXTENSION), |
1589 | | OD(pkcs5Pbes2, SEC_OID_PKCS5_PBES2, |
1590 | | "PKCS #5 Password Based Encryption v2 ", |
1591 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1592 | | OD(pkcs5Pbmac1, SEC_OID_PKCS5_PBMAC1, |
1593 | | "PKCS #5 Password Based Authentication v1 ", |
1594 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1595 | | OD(hmac_sha1, SEC_OID_HMAC_SHA1, "HMAC SHA-1", |
1596 | | CKM_SHA_1_HMAC, INVALID_CERT_EXTENSION), |
1597 | | OD(hmac_sha224, SEC_OID_HMAC_SHA224, "HMAC SHA-224", |
1598 | | CKM_SHA224_HMAC, INVALID_CERT_EXTENSION), |
1599 | | OD(hmac_sha256, SEC_OID_HMAC_SHA256, "HMAC SHA-256", |
1600 | | CKM_SHA256_HMAC, INVALID_CERT_EXTENSION), |
1601 | | OD(hmac_sha384, SEC_OID_HMAC_SHA384, "HMAC SHA-384", |
1602 | | CKM_SHA384_HMAC, INVALID_CERT_EXTENSION), |
1603 | | OD(hmac_sha512, SEC_OID_HMAC_SHA512, "HMAC SHA-512", |
1604 | | CKM_SHA512_HMAC, INVALID_CERT_EXTENSION), |
1605 | | |
1606 | | /* SIA extension OIDs */ |
1607 | | OD(x509SIATimeStamping, SEC_OID_PKIX_TIMESTAMPING, |
1608 | | "SIA Time Stamping", CKM_INVALID_MECHANISM, |
1609 | | INVALID_CERT_EXTENSION), |
1610 | | OD(x509SIACaRepository, SEC_OID_PKIX_CA_REPOSITORY, |
1611 | | "SIA CA Repository", CKM_INVALID_MECHANISM, |
1612 | | INVALID_CERT_EXTENSION), |
1613 | | |
1614 | | OD(isoSHA1WithRSASignature, SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE, |
1615 | | "ISO SHA-1 with RSA Signature", |
1616 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1617 | | |
1618 | | /* SEED algorithm OIDs */ |
1619 | | OD(seed_CBC, SEC_OID_SEED_CBC, |
1620 | | "SEED-CBC", CKM_SEED_CBC, INVALID_CERT_EXTENSION), |
1621 | | |
1622 | | OD(x509CertificatePoliciesAnyPolicy, SEC_OID_X509_ANY_POLICY, |
1623 | | "Certificate Policies AnyPolicy", |
1624 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1625 | | |
1626 | | OD(pkcs1RSAOAEPEncryption, SEC_OID_PKCS1_RSA_OAEP_ENCRYPTION, |
1627 | | "PKCS #1 RSA-OAEP Encryption", CKM_RSA_PKCS_OAEP, |
1628 | | INVALID_CERT_EXTENSION), |
1629 | | |
1630 | | OD(pkcs1MGF1, SEC_OID_PKCS1_MGF1, |
1631 | | "PKCS #1 MGF1 Mask Generation Function", CKM_INVALID_MECHANISM, |
1632 | | INVALID_CERT_EXTENSION), |
1633 | | |
1634 | | OD(pkcs1PSpecified, SEC_OID_PKCS1_PSPECIFIED, |
1635 | | "PKCS #1 RSA-OAEP Explicitly Specified Encoding Parameters", |
1636 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1637 | | |
1638 | | OD(pkcs1RSAPSSSignature, SEC_OID_PKCS1_RSA_PSS_SIGNATURE, |
1639 | | "PKCS #1 RSA-PSS Signature", CKM_RSA_PKCS_PSS, |
1640 | | INVALID_CERT_EXTENSION), |
1641 | | |
1642 | | OD(pkcs1SHA224WithRSAEncryption, SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION, |
1643 | | "PKCS #1 SHA-224 With RSA Encryption", CKM_SHA224_RSA_PKCS, |
1644 | | INVALID_CERT_EXTENSION), |
1645 | | |
1646 | | OD(sha224, SEC_OID_SHA224, "SHA-224", CKM_SHA224, INVALID_CERT_EXTENSION), |
1647 | | |
1648 | | OD(evIncorporationLocality, SEC_OID_EV_INCORPORATION_LOCALITY, |
1649 | | "Jurisdiction of Incorporation Locality Name", |
1650 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1651 | | OD(evIncorporationState, SEC_OID_EV_INCORPORATION_STATE, |
1652 | | "Jurisdiction of Incorporation State Name", |
1653 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1654 | | OD(evIncorporationCountry, SEC_OID_EV_INCORPORATION_COUNTRY, |
1655 | | "Jurisdiction of Incorporation Country Name", |
1656 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1657 | | OD(x520BusinessCategory, SEC_OID_BUSINESS_CATEGORY, |
1658 | | "Business Category", |
1659 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1660 | | |
1661 | | OD(nistDSASignaturewithSHA224Digest, |
1662 | | SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA224_DIGEST, |
1663 | | "DSA with SHA-224 Signature", |
1664 | | CKM_INVALID_MECHANISM /* not yet defined */, INVALID_CERT_EXTENSION), |
1665 | | OD(nistDSASignaturewithSHA256Digest, |
1666 | | SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST, |
1667 | | "DSA with SHA-256 Signature", |
1668 | | CKM_INVALID_MECHANISM /* not yet defined */, INVALID_CERT_EXTENSION), |
1669 | | OD(msExtendedKeyUsageTrustListSigning, |
1670 | | SEC_OID_MS_EXT_KEY_USAGE_CTL_SIGNING, |
1671 | | "Microsoft Trust List Signing", |
1672 | | CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1673 | | OD(x520Name, SEC_OID_AVA_NAME, |
1674 | | "X520 Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1675 | | |
1676 | | OD(aes128_GCM, SEC_OID_AES_128_GCM, |
1677 | | "AES-128-GCM", CKM_AES_GCM, INVALID_CERT_EXTENSION), |
1678 | | OD(aes192_GCM, SEC_OID_AES_192_GCM, |
1679 | | "AES-192-GCM", CKM_AES_GCM, INVALID_CERT_EXTENSION), |
1680 | | OD(aes256_GCM, SEC_OID_AES_256_GCM, |
1681 | | "AES-256-GCM", CKM_AES_GCM, INVALID_CERT_EXTENSION), |
1682 | | OD(idea_CBC, SEC_OID_IDEA_CBC, |
1683 | | "IDEA_CBC", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1684 | | |
1685 | | ODE(SEC_OID_RC2_40_CBC, |
1686 | | "RC2-40-CBC", CKM_RC2_CBC, INVALID_CERT_EXTENSION), |
1687 | | ODE(SEC_OID_DES_40_CBC, |
1688 | | "DES-40-CBC", CKM_RC2_CBC, INVALID_CERT_EXTENSION), |
1689 | | ODE(SEC_OID_RC4_40, |
1690 | | "RC4-40", CKM_RC4, INVALID_CERT_EXTENSION), |
1691 | | ODE(SEC_OID_RC4_56, |
1692 | | "RC4-56", CKM_RC4, INVALID_CERT_EXTENSION), |
1693 | | ODE(SEC_OID_NULL_CIPHER, |
1694 | | "NULL cipher", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1695 | | ODE(SEC_OID_HMAC_MD5, |
1696 | | "HMAC-MD5", CKM_MD5_HMAC, INVALID_CERT_EXTENSION), |
1697 | | ODE(SEC_OID_TLS_RSA, |
1698 | | "TLS RSA key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1699 | | ODE(SEC_OID_TLS_DHE_RSA, |
1700 | | "TLS DHE-RSA key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1701 | | ODE(SEC_OID_TLS_DHE_DSS, |
1702 | | "TLS DHE-DSS key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1703 | | ODE(SEC_OID_TLS_DH_RSA, |
1704 | | "TLS DH-RSA key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1705 | | ODE(SEC_OID_TLS_DH_DSS, |
1706 | | "TLS DH-DSS key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1707 | | ODE(SEC_OID_TLS_DH_ANON, |
1708 | | "TLS DH-ANON key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1709 | | ODE(SEC_OID_TLS_ECDHE_ECDSA, |
1710 | | "TLS ECDHE-ECDSA key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1711 | | ODE(SEC_OID_TLS_ECDHE_RSA, |
1712 | | "TLS ECDHE-RSA key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1713 | | ODE(SEC_OID_TLS_ECDH_ECDSA, |
1714 | | "TLS ECDH-ECDSA key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1715 | | ODE(SEC_OID_TLS_ECDH_RSA, |
1716 | | "TLS ECDH-RSA key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1717 | | ODE(SEC_OID_TLS_ECDH_ANON, |
1718 | | "TLS ECDH-ANON key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1719 | | ODE(SEC_OID_TLS_RSA_EXPORT, |
1720 | | "TLS RSA-EXPORT key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1721 | | ODE(SEC_OID_TLS_DHE_RSA_EXPORT, |
1722 | | "TLS DHE-RSA-EXPORT key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1723 | | ODE(SEC_OID_TLS_DHE_DSS_EXPORT, |
1724 | | "TLS DHE-DSS-EXPORT key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1725 | | ODE(SEC_OID_TLS_DH_RSA_EXPORT, |
1726 | | "TLS DH-RSA-EXPORT key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1727 | | ODE(SEC_OID_TLS_DH_DSS_EXPORT, |
1728 | | "TLS DH-DSS-EXPORT key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1729 | | ODE(SEC_OID_TLS_DH_ANON_EXPORT, |
1730 | | "TLS DH-ANON-EXPORT key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1731 | | ODE(SEC_OID_APPLY_SSL_POLICY, |
1732 | | "Apply SSL policy (pseudo-OID)", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1733 | | ODE(SEC_OID_CHACHA20_POLY1305, |
1734 | | "ChaCha20-Poly1305", CKM_NSS_CHACHA20_POLY1305, INVALID_CERT_EXTENSION), |
1735 | | |
1736 | | ODE(SEC_OID_TLS_ECDHE_PSK, |
1737 | | "TLS ECHDE-PSK key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1738 | | ODE(SEC_OID_TLS_DHE_PSK, |
1739 | | "TLS DHE-PSK key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1740 | | |
1741 | | ODE(SEC_OID_TLS_FFDHE_2048, |
1742 | | "TLS FFDHE 2048-bit key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1743 | | ODE(SEC_OID_TLS_FFDHE_3072, |
1744 | | "TLS FFDHE 3072-bit key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1745 | | ODE(SEC_OID_TLS_FFDHE_4096, |
1746 | | "TLS FFDHE 4096-bit key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1747 | | ODE(SEC_OID_TLS_FFDHE_6144, |
1748 | | "TLS FFDHE 6144-bit key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1749 | | ODE(SEC_OID_TLS_FFDHE_8192, |
1750 | | "TLS FFDHE 8192-bit key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1751 | | ODE(SEC_OID_TLS_DHE_CUSTOM, |
1752 | | "TLS DHE custom group key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1753 | | OD(curve25519, SEC_OID_CURVE25519, |
1754 | | "Curve25519", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1755 | | ODE(SEC_OID_TLS13_KEA_ANY, |
1756 | | "TLS 1.3 fake key exchange", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION), |
1757 | | }; |
1758 | | |
1759 | | /* PRIVATE EXTENDED SECOID Table |
1760 | | * This table is private. Its structure is opaque to the outside. |
1761 | | * It is indexed by the same SECOidTag as the oids table above. |
1762 | | * Every member of this struct must have accessor functions (set, get) |
1763 | | * and those functions must operate by value, not by reference. |
1764 | | * The addresses of the contents of this table must not be exposed |
1765 | | * by the accessor functions. |
1766 | | */ |
1767 | | typedef struct privXOidStr { |
1768 | | PRUint32 notPolicyFlags; /* ones complement of policy flags */ |
1769 | | } privXOid; |
1770 | | |
1771 | | static privXOid xOids[SEC_OID_TOTAL]; |
1772 | | |
1773 | | /* |
1774 | | * now the dynamic table. The dynamic table gets build at init time. |
1775 | | * and conceivably gets modified if the user loads new crypto modules. |
1776 | | * All this static data, and the allocated data to which it points, |
1777 | | * is protected by a global reader/writer lock. |
1778 | | * The c language guarantees that global and static data that is not |
1779 | | * explicitly initialized will be initialized with zeros. If we |
1780 | | * initialize it with zeros, the data goes into the initialized data |
1781 | | * secment, and increases the size of the library. By leaving it |
1782 | | * uninitialized, it is allocated in BSS, and does NOT increase the |
1783 | | * library size. |
1784 | | */ |
1785 | | |
1786 | | typedef struct dynXOidStr { |
1787 | | SECOidData data; |
1788 | | privXOid priv; |
1789 | | } dynXOid; |
1790 | | |
1791 | | static NSSRWLock *dynOidLock; |
1792 | | static PLArenaPool *dynOidPool; |
1793 | | static PLHashTable *dynOidHash; |
1794 | | static dynXOid **dynOidTable; /* not in the pool */ |
1795 | | static int dynOidEntriesAllocated; |
1796 | | static int dynOidEntriesUsed; |
1797 | | |
1798 | | /* Creates NSSRWLock and dynOidPool at initialization time. |
1799 | | */ |
1800 | | static SECStatus |
1801 | | secoid_InitDynOidData(void) |
1802 | 0 | { |
1803 | 0 | SECStatus rv = SECSuccess; |
1804 | 0 |
|
1805 | 0 | dynOidLock = NSSRWLock_New(1, "dynamic OID data"); |
1806 | 0 | if (!dynOidLock) { |
1807 | 0 | return SECFailure; /* Error code should already be set. */ |
1808 | 0 | } |
1809 | 0 | dynOidPool = PORT_NewArena(2048); |
1810 | 0 | if (!dynOidPool) { |
1811 | 0 | rv = SECFailure /* Error code should already be set. */; |
1812 | 0 | } |
1813 | 0 | return rv; |
1814 | 0 | } |
1815 | | |
1816 | | /* Add oidData to hash table. Caller holds write lock dynOidLock. */ |
1817 | | static SECStatus |
1818 | | secoid_HashDynamicOiddata(const SECOidData *oid) |
1819 | 0 | { |
1820 | 0 | PLHashEntry *entry; |
1821 | 0 |
|
1822 | 0 | if (!dynOidHash) { |
1823 | 0 | dynOidHash = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare, |
1824 | 0 | PL_CompareValues, NULL, NULL); |
1825 | 0 | if (!dynOidHash) { |
1826 | 0 | return SECFailure; |
1827 | 0 | } |
1828 | 0 | } |
1829 | 0 | |
1830 | 0 | entry = PL_HashTableAdd(dynOidHash, &oid->oid, (void *)oid); |
1831 | 0 | return entry ? SECSuccess : SECFailure; |
1832 | 0 | } |
1833 | | |
1834 | | /* |
1835 | | * Lookup a Dynamic OID. Dynamic OID's still change slowly, so it's |
1836 | | * cheaper to rehash the table when it changes than it is to do the loop |
1837 | | * each time. |
1838 | | */ |
1839 | | static SECOidData * |
1840 | | secoid_FindDynamic(const SECItem *key) |
1841 | 0 | { |
1842 | 0 | SECOidData *ret = NULL; |
1843 | 0 |
|
1844 | 0 | NSSRWLock_LockRead(dynOidLock); |
1845 | 0 | if (dynOidHash) { |
1846 | 0 | ret = (SECOidData *)PL_HashTableLookup(dynOidHash, key); |
1847 | 0 | } |
1848 | 0 | NSSRWLock_UnlockRead(dynOidLock); |
1849 | 0 | if (ret == NULL) { |
1850 | 0 | PORT_SetError(SEC_ERROR_UNRECOGNIZED_OID); |
1851 | 0 | } |
1852 | 0 | return ret; |
1853 | 0 | } |
1854 | | |
1855 | | static dynXOid * |
1856 | | secoid_FindDynamicByTag(SECOidTag tagnum) |
1857 | 0 | { |
1858 | 0 | dynXOid *dxo = NULL; |
1859 | 0 | int tagNumDiff; |
1860 | 0 |
|
1861 | 0 | if (tagnum < SEC_OID_TOTAL) { |
1862 | 0 | PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); |
1863 | 0 | return NULL; |
1864 | 0 | } |
1865 | 0 | tagNumDiff = tagnum - SEC_OID_TOTAL; |
1866 | 0 |
|
1867 | 0 | NSSRWLock_LockRead(dynOidLock); |
1868 | 0 | if (dynOidTable != NULL && |
1869 | 0 | tagNumDiff < dynOidEntriesUsed) { |
1870 | 0 | dxo = dynOidTable[tagNumDiff]; |
1871 | 0 | } |
1872 | 0 | NSSRWLock_UnlockRead(dynOidLock); |
1873 | 0 | if (dxo == NULL) { |
1874 | 0 | PORT_SetError(SEC_ERROR_UNRECOGNIZED_OID); |
1875 | 0 | } |
1876 | 0 | return dxo; |
1877 | 0 | } |
1878 | | |
1879 | | /* |
1880 | | * This routine is thread safe now. |
1881 | | */ |
1882 | | SECOidTag |
1883 | | SECOID_AddEntry(const SECOidData *src) |
1884 | 0 | { |
1885 | 0 | SECOidData *dst; |
1886 | 0 | dynXOid **table; |
1887 | 0 | SECOidTag ret = SEC_OID_UNKNOWN; |
1888 | 0 | SECStatus rv; |
1889 | 0 | int tableEntries; |
1890 | 0 | int used; |
1891 | 0 |
|
1892 | 0 | if (!src || !src->oid.data || !src->oid.len || |
1893 | 0 | !src->desc || !strlen(src->desc)) { |
1894 | 0 | PORT_SetError(SEC_ERROR_INVALID_ARGS); |
1895 | 0 | return ret; |
1896 | 0 | } |
1897 | 0 | if (src->supportedExtension != INVALID_CERT_EXTENSION && |
1898 | 0 | src->supportedExtension != UNSUPPORTED_CERT_EXTENSION && |
1899 | 0 | src->supportedExtension != SUPPORTED_CERT_EXTENSION) { |
1900 | 0 | PORT_SetError(SEC_ERROR_INVALID_ARGS); |
1901 | 0 | return ret; |
1902 | 0 | } |
1903 | 0 |
|
1904 | 0 | if (!dynOidPool || !dynOidLock) { |
1905 | 0 | PORT_SetError(SEC_ERROR_NOT_INITIALIZED); |
1906 | 0 | return ret; |
1907 | 0 | } |
1908 | 0 |
|
1909 | 0 | NSSRWLock_LockWrite(dynOidLock); |
1910 | 0 |
|
1911 | 0 | /* We've just acquired the write lock, and now we call FindOIDTag |
1912 | 0 | ** which will acquire and release the read lock. NSSRWLock has been |
1913 | 0 | ** designed to allow this very case without deadlock. This approach |
1914 | 0 | ** makes the test for the presence of the OID, and the subsequent |
1915 | 0 | ** addition of the OID to the table a single atomic write operation. |
1916 | 0 | */ |
1917 | 0 | ret = SECOID_FindOIDTag(&src->oid); |
1918 | 0 | if (ret != SEC_OID_UNKNOWN) { |
1919 | 0 | /* we could return an error here, but I chose not to do that. |
1920 | 0 | ** This way, if we add an OID to the shared library's built in |
1921 | 0 | ** list of OIDs in some future release, and that OID is the same |
1922 | 0 | ** as some OID that a program has been adding, the program will |
1923 | 0 | ** not suddenly stop working. |
1924 | 0 | */ |
1925 | 0 | goto done; |
1926 | 0 | } |
1927 | 0 | |
1928 | 0 | table = dynOidTable; |
1929 | 0 | tableEntries = dynOidEntriesAllocated; |
1930 | 0 | used = dynOidEntriesUsed; |
1931 | 0 |
|
1932 | 0 | if (used + 1 > tableEntries) { |
1933 | 0 | dynXOid **newTable; |
1934 | 0 | int newTableEntries = tableEntries + 16; |
1935 | 0 |
|
1936 | 0 | newTable = (dynXOid **)PORT_Realloc(table, |
1937 | 0 | newTableEntries * sizeof(dynXOid *)); |
1938 | 0 | if (newTable == NULL) { |
1939 | 0 | goto done; |
1940 | 0 | } |
1941 | 0 | dynOidTable = table = newTable; |
1942 | 0 | dynOidEntriesAllocated = tableEntries = newTableEntries; |
1943 | 0 | } |
1944 | 0 |
|
1945 | 0 | /* copy oid structure */ |
1946 | 0 | dst = (SECOidData *)PORT_ArenaZNew(dynOidPool, dynXOid); |
1947 | 0 | if (!dst) { |
1948 | 0 | goto done; |
1949 | 0 | } |
1950 | 0 | rv = SECITEM_CopyItem(dynOidPool, &dst->oid, &src->oid); |
1951 | 0 | if (rv != SECSuccess) { |
1952 | 0 | goto done; |
1953 | 0 | } |
1954 | 0 | dst->desc = PORT_ArenaStrdup(dynOidPool, src->desc); |
1955 | 0 | if (!dst->desc) { |
1956 | 0 | goto done; |
1957 | 0 | } |
1958 | 0 | dst->offset = (SECOidTag)(used + SEC_OID_TOTAL); |
1959 | 0 | dst->mechanism = src->mechanism; |
1960 | 0 | dst->supportedExtension = src->supportedExtension; |
1961 | 0 |
|
1962 | 0 | rv = secoid_HashDynamicOiddata(dst); |
1963 | 0 | if (rv == SECSuccess) { |
1964 | 0 | table[used++] = (dynXOid *)dst; |
1965 | 0 | dynOidEntriesUsed = used; |
1966 | 0 | ret = dst->offset; |
1967 | 0 | } |
1968 | 0 | done: |
1969 | 0 | NSSRWLock_UnlockWrite(dynOidLock); |
1970 | 0 | return ret; |
1971 | 0 | } |
1972 | | |
1973 | | /* normal static table processing */ |
1974 | | static PLHashTable *oidhash = NULL; |
1975 | | static PLHashTable *oidmechhash = NULL; |
1976 | | |
1977 | | static PLHashNumber |
1978 | | secoid_HashNumber(const void *key) |
1979 | 0 | { |
1980 | 0 | return (PLHashNumber)((char *)key - (char *)NULL); |
1981 | 0 | } |
1982 | | |
1983 | 0 | #define DEF_FLAGS (NSS_USE_ALG_IN_CERT_SIGNATURE | NSS_USE_ALG_IN_SSL_KX | NSS_USE_ALG_IN_SSL_KX) |
1984 | | static void |
1985 | | handleHashAlgSupport(char *envVal) |
1986 | 0 | { |
1987 | 0 | char *myVal = PORT_Strdup(envVal); /* Get a copy we can alter */ |
1988 | 0 | char *arg = myVal; |
1989 | 0 |
|
1990 | 0 | while (arg && *arg) { |
1991 | 0 | char *nextArg = PL_strpbrk(arg, ";"); |
1992 | 0 | PRUint32 notEnable; |
1993 | 0 |
|
1994 | 0 | if (nextArg) { |
1995 | 0 | while (*nextArg == ';') { |
1996 | 0 | *nextArg++ = '\0'; |
1997 | 0 | } |
1998 | 0 | } |
1999 | 0 | notEnable = (*arg == '-') ? (DEF_FLAGS) : 0; |
2000 | 0 | if ((*arg == '+' || *arg == '-') && *++arg) { |
2001 | 0 | int i; |
2002 | 0 |
|
2003 | 0 | for (i = 1; i < SEC_OID_TOTAL; i++) { |
2004 | 0 | if (oids[i].desc && strstr(arg, oids[i].desc)) { |
2005 | 0 | xOids[i].notPolicyFlags = notEnable | |
2006 | 0 | (xOids[i].notPolicyFlags & ~(DEF_FLAGS)); |
2007 | 0 | } |
2008 | 0 | } |
2009 | 0 | } |
2010 | 0 | arg = nextArg; |
2011 | 0 | } |
2012 | 0 | PORT_Free(myVal); /* can handle NULL argument OK */ |
2013 | 0 | } |
2014 | | |
2015 | | SECStatus |
2016 | | SECOID_Init(void) |
2017 | 0 | { |
2018 | 0 | PLHashEntry *entry; |
2019 | 0 | const SECOidData *oid; |
2020 | 0 | int i; |
2021 | 0 | char *envVal; |
2022 | 0 |
|
2023 | 0 | #define NSS_VERSION_VARIABLE __nss_util_version |
2024 | 0 | #include "verref.h" |
2025 | 0 |
|
2026 | 0 | if (oidhash) { |
2027 | 0 | return SECSuccess; /* already initialized */ |
2028 | 0 | } |
2029 | 0 | |
2030 | 0 | if (!PR_GetEnvSecure("NSS_ALLOW_WEAK_SIGNATURE_ALG")) { |
2031 | 0 | /* initialize any policy flags that are disabled by default */ |
2032 | 0 | xOids[SEC_OID_MD2].notPolicyFlags = ~0; |
2033 | 0 | xOids[SEC_OID_MD4].notPolicyFlags = ~0; |
2034 | 0 | xOids[SEC_OID_MD5].notPolicyFlags = ~0; |
2035 | 0 | xOids[SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION].notPolicyFlags = ~0; |
2036 | 0 | xOids[SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION].notPolicyFlags = ~0; |
2037 | 0 | xOids[SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION].notPolicyFlags = ~0; |
2038 | 0 | xOids[SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC].notPolicyFlags = ~0; |
2039 | 0 | xOids[SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC].notPolicyFlags = ~0; |
2040 | 0 | } |
2041 | 0 |
|
2042 | 0 | /* turn off NSS_USE_POLICY_IN_SSL by default */ |
2043 | 0 | xOids[SEC_OID_APPLY_SSL_POLICY].notPolicyFlags = NSS_USE_POLICY_IN_SSL; |
2044 | 0 |
|
2045 | 0 | envVal = PR_GetEnvSecure("NSS_HASH_ALG_SUPPORT"); |
2046 | 0 | if (envVal) |
2047 | 0 | handleHashAlgSupport(envVal); |
2048 | 0 |
|
2049 | 0 | if (secoid_InitDynOidData() != SECSuccess) { |
2050 | 0 | PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); |
2051 | 0 | PORT_Assert(0); /* this function should never fail */ |
2052 | 0 | return SECFailure; |
2053 | 0 | } |
2054 | 0 |
|
2055 | 0 | oidhash = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare, |
2056 | 0 | PL_CompareValues, NULL, NULL); |
2057 | 0 | oidmechhash = PL_NewHashTable(0, secoid_HashNumber, PL_CompareValues, |
2058 | 0 | PL_CompareValues, NULL, NULL); |
2059 | 0 |
|
2060 | 0 | if (!oidhash || !oidmechhash) { |
2061 | 0 | PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); |
2062 | 0 | PORT_Assert(0); /*This function should never fail. */ |
2063 | 0 | return (SECFailure); |
2064 | 0 | } |
2065 | 0 |
|
2066 | 0 | for (i = 0; i < SEC_OID_TOTAL; i++) { |
2067 | 0 | oid = &oids[i]; |
2068 | 0 |
|
2069 | 0 | PORT_Assert(oid->offset == i); |
2070 | 0 |
|
2071 | 0 | entry = PL_HashTableAdd(oidhash, &oid->oid, (void *)oid); |
2072 | 0 | if (entry == NULL) { |
2073 | 0 | PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); |
2074 | 0 | PORT_Assert(0); /*This function should never fail. */ |
2075 | 0 | return (SECFailure); |
2076 | 0 | } |
2077 | 0 |
|
2078 | 0 | if (oid->mechanism != CKM_INVALID_MECHANISM) { |
2079 | 0 | entry = PL_HashTableAdd(oidmechhash, |
2080 | 0 | (void *)oid->mechanism, (void *)oid); |
2081 | 0 | if (entry == NULL) { |
2082 | 0 | PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); |
2083 | 0 | PORT_Assert(0); /* This function should never fail. */ |
2084 | 0 | return (SECFailure); |
2085 | 0 | } |
2086 | 0 | } |
2087 | 0 | } |
2088 | 0 |
|
2089 | 0 | PORT_Assert(i == SEC_OID_TOTAL); |
2090 | 0 |
|
2091 | 0 | return (SECSuccess); |
2092 | 0 | } |
2093 | | |
2094 | | SECOidData * |
2095 | | SECOID_FindOIDByMechanism(unsigned long mechanism) |
2096 | 0 | { |
2097 | 0 | SECOidData *ret; |
2098 | 0 |
|
2099 | 0 | PR_ASSERT(oidhash != NULL); |
2100 | 0 |
|
2101 | 0 | ret = PL_HashTableLookupConst(oidmechhash, (void *)mechanism); |
2102 | 0 | if (ret == NULL) { |
2103 | 0 | PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); |
2104 | 0 | } |
2105 | 0 |
|
2106 | 0 | return (ret); |
2107 | 0 | } |
2108 | | |
2109 | | SECOidData * |
2110 | | SECOID_FindOID(const SECItem *oid) |
2111 | 0 | { |
2112 | 0 | SECOidData *ret; |
2113 | 0 |
|
2114 | 0 | PR_ASSERT(oidhash != NULL); |
2115 | 0 |
|
2116 | 0 | ret = PL_HashTableLookupConst(oidhash, oid); |
2117 | 0 | if (ret == NULL) { |
2118 | 0 | ret = secoid_FindDynamic(oid); |
2119 | 0 | if (ret == NULL) { |
2120 | 0 | PORT_SetError(SEC_ERROR_UNRECOGNIZED_OID); |
2121 | 0 | } |
2122 | 0 | } |
2123 | 0 |
|
2124 | 0 | return (ret); |
2125 | 0 | } |
2126 | | |
2127 | | SECOidTag |
2128 | | SECOID_FindOIDTag(const SECItem *oid) |
2129 | 0 | { |
2130 | 0 | SECOidData *oiddata; |
2131 | 0 |
|
2132 | 0 | oiddata = SECOID_FindOID(oid); |
2133 | 0 | if (oiddata == NULL) |
2134 | 0 | return SEC_OID_UNKNOWN; |
2135 | 0 | |
2136 | 0 | return oiddata->offset; |
2137 | 0 | } |
2138 | | |
2139 | | /* This really should return const. */ |
2140 | | SECOidData * |
2141 | | SECOID_FindOIDByTag(SECOidTag tagnum) |
2142 | 0 | { |
2143 | 0 | if (tagnum >= SEC_OID_TOTAL) { |
2144 | 0 | return (SECOidData *)secoid_FindDynamicByTag(tagnum); |
2145 | 0 | } |
2146 | 0 | |
2147 | 0 | PORT_Assert((unsigned int)tagnum < SEC_OID_TOTAL); |
2148 | 0 | return (SECOidData *)(&oids[tagnum]); |
2149 | 0 | } |
2150 | | |
2151 | | PRBool |
2152 | | SECOID_KnownCertExtenOID(SECItem *extenOid) |
2153 | 0 | { |
2154 | 0 | SECOidData *oidData; |
2155 | 0 |
|
2156 | 0 | oidData = SECOID_FindOID(extenOid); |
2157 | 0 | if (oidData == (SECOidData *)NULL) |
2158 | 0 | return (PR_FALSE); |
2159 | 0 | return ((oidData->supportedExtension == SUPPORTED_CERT_EXTENSION) ? PR_TRUE : PR_FALSE); |
2160 | 0 | } |
2161 | | |
2162 | | const char * |
2163 | | SECOID_FindOIDTagDescription(SECOidTag tagnum) |
2164 | 0 | { |
2165 | 0 | const SECOidData *oidData = SECOID_FindOIDByTag(tagnum); |
2166 | 0 | return oidData ? oidData->desc : 0; |
2167 | 0 | } |
2168 | | |
2169 | | /* --------- opaque extended OID table accessor functions ---------------*/ |
2170 | | /* |
2171 | | * Any of these functions may return SECSuccess or SECFailure with the error |
2172 | | * code set to SEC_ERROR_UNKNOWN_OBJECT_TYPE if the SECOidTag is out of range. |
2173 | | */ |
2174 | | |
2175 | | static privXOid * |
2176 | | secoid_FindXOidByTag(SECOidTag tagnum) |
2177 | 0 | { |
2178 | 0 | if (tagnum >= SEC_OID_TOTAL) { |
2179 | 0 | dynXOid *dxo = secoid_FindDynamicByTag(tagnum); |
2180 | 0 | return (dxo ? &dxo->priv : NULL); |
2181 | 0 | } |
2182 | 0 |
|
2183 | 0 | PORT_Assert((unsigned int)tagnum < SEC_OID_TOTAL); |
2184 | 0 | return &xOids[tagnum]; |
2185 | 0 | } |
2186 | | |
2187 | | /* The Get function outputs the 32-bit value associated with the SECOidTag. |
2188 | | * Flags bits are the NSS_USE_ALG_ #defines in "secoidt.h". |
2189 | | * Default value for any algorithm is 0xffffffff (enabled for all purposes). |
2190 | | * No value is output if function returns SECFailure. |
2191 | | */ |
2192 | | SECStatus |
2193 | | NSS_GetAlgorithmPolicy(SECOidTag tag, PRUint32 *pValue) |
2194 | 0 | { |
2195 | 0 | privXOid *pxo = secoid_FindXOidByTag(tag); |
2196 | 0 | if (!pxo) |
2197 | 0 | return SECFailure; |
2198 | 0 | if (!pValue) { |
2199 | 0 | PORT_SetError(SEC_ERROR_INVALID_ARGS); |
2200 | 0 | return SECFailure; |
2201 | 0 | } |
2202 | 0 | *pValue = ~(pxo->notPolicyFlags); |
2203 | 0 | return SECSuccess; |
2204 | 0 | } |
2205 | | |
2206 | | /* The Set function modifies the stored value according to the following |
2207 | | * algorithm: |
2208 | | * policy[tag] = (policy[tag] & ~clearBits) | setBits; |
2209 | | */ |
2210 | | SECStatus |
2211 | | NSS_SetAlgorithmPolicy(SECOidTag tag, PRUint32 setBits, PRUint32 clearBits) |
2212 | 0 | { |
2213 | 0 | privXOid *pxo = secoid_FindXOidByTag(tag); |
2214 | 0 | PRUint32 policyFlags; |
2215 | 0 | if (!pxo) |
2216 | 0 | return SECFailure; |
2217 | 0 | /* The stored policy flags are the ones complement of the flags as |
2218 | 0 | * seen by the user. This is not atomic, but these changes should |
2219 | 0 | * be done rarely, e.g. at initialization time. |
2220 | 0 | */ |
2221 | 0 | policyFlags = ~(pxo->notPolicyFlags); |
2222 | 0 | policyFlags = (policyFlags & ~clearBits) | setBits; |
2223 | 0 | pxo->notPolicyFlags = ~policyFlags; |
2224 | 0 | return SECSuccess; |
2225 | 0 | } |
2226 | | |
2227 | | /* --------- END OF opaque extended OID table accessor functions ---------*/ |
2228 | | |
2229 | | /* for now, this is only used in a single place, so it can remain static */ |
2230 | | static PRBool parentForkedAfterC_Initialize; |
2231 | | |
2232 | | #define SKIP_AFTER_FORK(x) \ |
2233 | 0 | if (!parentForkedAfterC_Initialize) \ |
2234 | 0 | x |
2235 | | |
2236 | | /* |
2237 | | * free up the oid tables. |
2238 | | */ |
2239 | | SECStatus |
2240 | | SECOID_Shutdown(void) |
2241 | 0 | { |
2242 | 0 | if (oidhash) { |
2243 | 0 | PL_HashTableDestroy(oidhash); |
2244 | 0 | oidhash = NULL; |
2245 | 0 | } |
2246 | 0 | if (oidmechhash) { |
2247 | 0 | PL_HashTableDestroy(oidmechhash); |
2248 | 0 | oidmechhash = NULL; |
2249 | 0 | } |
2250 | 0 | /* Have to handle the case where the lock was created, but |
2251 | 0 | ** the pool wasn't. |
2252 | 0 | ** I'm not going to attempt to create the lock, just to protect |
2253 | 0 | ** the destruction of data that probably isn't initialized anyway. |
2254 | 0 | */ |
2255 | 0 | if (dynOidLock) { |
2256 | 0 | SKIP_AFTER_FORK(NSSRWLock_LockWrite(dynOidLock)); |
2257 | 0 | if (dynOidHash) { |
2258 | 0 | PL_HashTableDestroy(dynOidHash); |
2259 | 0 | dynOidHash = NULL; |
2260 | 0 | } |
2261 | 0 | if (dynOidPool) { |
2262 | 0 | PORT_FreeArena(dynOidPool, PR_FALSE); |
2263 | 0 | dynOidPool = NULL; |
2264 | 0 | } |
2265 | 0 | if (dynOidTable) { |
2266 | 0 | PORT_Free(dynOidTable); |
2267 | 0 | dynOidTable = NULL; |
2268 | 0 | } |
2269 | 0 | dynOidEntriesAllocated = 0; |
2270 | 0 | dynOidEntriesUsed = 0; |
2271 | 0 |
|
2272 | 0 | SKIP_AFTER_FORK(NSSRWLock_UnlockWrite(dynOidLock)); |
2273 | 0 | SKIP_AFTER_FORK(NSSRWLock_Destroy(dynOidLock)); |
2274 | 0 | dynOidLock = NULL; |
2275 | 0 | } else { |
2276 | 0 | /* Since dynOidLock doesn't exist, then all the data it protects |
2277 | 0 | ** should be uninitialized. We'll check that (in DEBUG builds), |
2278 | 0 | ** and then make sure it is so, in case NSS is reinitialized. |
2279 | 0 | */ |
2280 | 0 | PORT_Assert(!dynOidHash && !dynOidPool && !dynOidTable && |
2281 | 0 | !dynOidEntriesAllocated && !dynOidEntriesUsed); |
2282 | 0 | dynOidHash = NULL; |
2283 | 0 | dynOidPool = NULL; |
2284 | 0 | dynOidTable = NULL; |
2285 | 0 | dynOidEntriesAllocated = 0; |
2286 | 0 | dynOidEntriesUsed = 0; |
2287 | 0 | } |
2288 | 0 | memset(xOids, 0, sizeof xOids); |
2289 | 0 | return SECSuccess; |
2290 | 0 | } |
2291 | | |
2292 | | void |
2293 | | UTIL_SetForkState(PRBool forked) |
2294 | 0 | { |
2295 | 0 | parentForkedAfterC_Initialize = forked; |
2296 | 0 | } |
2297 | | |
2298 | | const char * |
2299 | | NSSUTIL_GetVersion(void) |
2300 | 0 | { |
2301 | 0 | return NSSUTIL_VERSION; |
2302 | 0 | } |