/* * The contents of this file are subject to the Mozilla Public * License Version 1.1 (the "License"); you may not use this file * except in compliance with the License. You may obtain a copy of * the License at http://www.mozilla.org/MPL/ * * Software distributed under the License is distributed on an "AS * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or * implied. See the License for the specific language governing * rights and limitations under the License. * * The Original Code is the Netscape security libraries. * * The Initial Developer of the Original Code is Netscape * Communications Corporation. Portions created by Netscape are * Copyright (C) 1994-2000 Netscape Communications Corporation. All * Rights Reserved. * * Contributor(s): * * Alternatively, the contents of this file may be used under the * terms of the GNU General Public License Version 2 or later (the * "GPL"), in which case the provisions of the GPL are applicable * instead of those above. If you wish to allow use of your * version of this file only under the terms of the GPL and not to * allow others to use your version of this file under the MPL, * indicate your decision by deleting the provisions above and * replace them with the notice and other provisions required by * the GPL. If you do not delete the provisions above, a recipient * may use your version of this file under either the MPL or the * GPL. */ #include "secoid.h" //#include "pkcs11t.h" //#include "secmodt.h" #include "secitem.h" #include "secerr.h" #include "plhash.h" #include /* MISSI Mosaic Object ID space */ #define USGOV 0x60, 0x86, 0x48, 0x01, 0x65 #define MISSI USGOV, 0x02, 0x01, 0x01 #define MISSI_OLD_KEA_DSS MISSI, 0x0c #define MISSI_OLD_DSS MISSI, 0x02 #define MISSI_KEA_DSS MISSI, 0x14 #define MISSI_DSS MISSI, 0x13 #define MISSI_KEA MISSI, 0x0a #define MISSI_ALT_KEA MISSI, 0x16 #define NISTALGS USGOV, 3, 4 #define AES NISTALGS, 1 #define SHAXXX NISTALGS, 2 /** ** The Netscape OID space is allocated by Terry Hayes. If you need ** a piece of the space, contact him at thayes@netscape.com. **/ /* Netscape Communications Corporation Object ID space */ /* { 2 16 840 1 113730 } */ #define NETSCAPE_OID 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42 #define NETSCAPE_CERT_EXT NETSCAPE_OID, 0x01 #define NETSCAPE_DATA_TYPE NETSCAPE_OID, 0x02 /* netscape directory oid - owned by Mark Smith (mcs@netscape.com) */ #define NETSCAPE_DIRECTORY NETSCAPE_OID, 0x03 #define NETSCAPE_POLICY NETSCAPE_OID, 0x04 #define NETSCAPE_CERT_SERVER NETSCAPE_OID, 0x05 #define NETSCAPE_ALGS NETSCAPE_OID, 0x06 /* algorithm OIDs */ #define NETSCAPE_NAME_COMPONENTS NETSCAPE_OID, 0x07 #define NETSCAPE_CERT_EXT_AIA NETSCAPE_CERT_EXT, 0x10 #define NETSCAPE_CERT_SERVER_CRMF NETSCAPE_CERT_SERVER, 0x01 /* these are old and should go away soon */ #define OLD_NETSCAPE 0x60, 0x86, 0x48, 0xd8, 0x6a #define NS_CERT_EXT OLD_NETSCAPE, 0x01 #define NS_FILE_TYPE OLD_NETSCAPE, 0x02 #define NS_IMAGE_TYPE OLD_NETSCAPE, 0x03 /* RSA OID name space */ #define RSADSI 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d #define PKCS RSADSI, 0x01 #define DIGEST RSADSI, 0x02 #define CIPHER RSADSI, 0x03 #define PKCS1 PKCS, 0x01 #define PKCS5 PKCS, 0x05 #define PKCS7 PKCS, 0x07 #define PKCS9 PKCS, 0x09 #define PKCS12 PKCS, 0x0c /* Fortezza algorithm OID space: { 2 16 840 1 101 2 1 1 } */ /* ### mwelch -- Is this just for algorithms, or all of Fortezza? */ #define FORTEZZA_ALG 0x60, 0x86, 0x48, 0x01, 0x65, 0x02, 0x01, 0x01 /* Other OID name spaces */ #define ALGORITHM 0x2b, 0x0e, 0x03, 0x02 #define X500 0x55 #define X520_ATTRIBUTE_TYPE X500, 0x04 #define X500_ALG X500, 0x08 #define X500_ALG_ENCRYPTION X500_ALG, 0x01 /** X.509 v3 Extension OID ** {joint-iso-ccitt (2) ds(5) 29} **/ #define ID_CE_OID X500, 0x1d #define RFC1274_ATTR_TYPE 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x1 /* #define RFC2247_ATTR_TYPE 0x09, 0x92, 0x26, 0xf5, 0x98, 0x1e, 0x64, 0x1 this is WRONG! */ /* PKCS #12 name spaces */ #define PKCS12_MODE_IDS PKCS12, 0x01 #define PKCS12_ESPVK_IDS PKCS12, 0x02 #define PKCS12_BAG_IDS PKCS12, 0x03 #define PKCS12_CERT_BAG_IDS PKCS12, 0x04 #define PKCS12_OIDS PKCS12, 0x05 #define PKCS12_PBE_IDS PKCS12_OIDS, 0x01 #define PKCS12_ENVELOPING_IDS PKCS12_OIDS, 0x02 #define PKCS12_SIGNATURE_IDS PKCS12_OIDS, 0x03 #define PKCS12_V2_PBE_IDS PKCS12, 0x01 #define PKCS9_CERT_TYPES PKCS9, 0x16 #define PKCS9_CRL_TYPES PKCS9, 0x17 #define PKCS9_SMIME_IDS PKCS9, 0x10 #define PKCS9_SMIME_ATTRS PKCS9_SMIME_IDS, 2 #define PKCS9_SMIME_ALGS PKCS9_SMIME_IDS, 3 #define PKCS12_VERSION1 PKCS12, 0x0a #define PKCS12_V1_BAG_IDS PKCS12_VERSION1, 1 /* for DSA algorithm */ /* { iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) } */ #define ANSI_X9_ALGORITHM 0x2a, 0x86, 0x48, 0xce, 0x38, 0x4 /* for DH algorithm */ /* { iso(1) member-body(2) us(840) x9-57(10046) number-type(2) } */ /* need real OID person to look at this, copied the above line * and added 6 to second to last value (and changed '4' to '2' */ #define ANSI_X942_ALGORITHM 0x2a, 0x86, 0x48, 0xce, 0x3e, 0x2 #define VERISIGN 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45 #define PKIX 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07 #define PKIX_CERT_EXTENSIONS PKIX, 1 #define PKIX_POLICY_QUALIFIERS PKIX, 2 #define PKIX_KEY_USAGE PKIX, 3 #define PKIX_ACCESS_DESCRIPTION PKIX, 0x30 #define PKIX_OCSP PKIX_ACCESS_DESCRIPTION, 1 #define PKIX_ID_PKIP PKIX, 5 #define PKIX_ID_REGCTRL PKIX_ID_PKIP, 1 #define PKIX_ID_REGINFO PKIX_ID_PKIP, 2 /* Microsoft Object ID space */ /* { 1.3.6.1.4.1.311 } */ #define MICROSOFT_OID 0x2b, 0x6, 0x1, 0x4, 0x1, 0x82, 0x37 #define CONST_OID static const unsigned char CONST_OID md2[] = { DIGEST, 0x02 }; CONST_OID md4[] = { DIGEST, 0x04 }; CONST_OID md5[] = { DIGEST, 0x05 }; CONST_OID rc2cbc[] = { CIPHER, 0x02 }; CONST_OID rc4[] = { CIPHER, 0x04 }; CONST_OID desede3cbc[] = { CIPHER, 0x07 }; CONST_OID rc5cbcpad[] = { CIPHER, 0x09 }; CONST_OID desecb[] = { ALGORITHM, 0x06 }; CONST_OID descbc[] = { ALGORITHM, 0x07 }; CONST_OID desofb[] = { ALGORITHM, 0x08 }; CONST_OID descfb[] = { ALGORITHM, 0x09 }; CONST_OID desmac[] = { ALGORITHM, 0x0a }; CONST_OID sdn702DSASignature[] = { ALGORITHM, 0x0c }; CONST_OID isoSHAWithRSASignature[] = { ALGORITHM, 0x0f }; CONST_OID desede[] = { ALGORITHM, 0x11 }; CONST_OID sha1[] = { ALGORITHM, 0x1a }; CONST_OID bogusDSASignaturewithSHA1Digest[] = { ALGORITHM, 0x1b }; CONST_OID pkcs1RSAEncryption[] = { PKCS1, 0x01 }; CONST_OID pkcs1MD2WithRSAEncryption[] = { PKCS1, 0x02 }; CONST_OID pkcs1MD4WithRSAEncryption[] = { PKCS1, 0x03 }; CONST_OID pkcs1MD5WithRSAEncryption[] = { PKCS1, 0x04 }; CONST_OID pkcs1SHA1WithRSAEncryption[] = { PKCS1, 0x05 }; CONST_OID pkcs1SHA256WithRSAEncryption[] = { PKCS1, 11 }; CONST_OID pkcs1SHA384WithRSAEncryption[] = { PKCS1, 12 }; CONST_OID pkcs1SHA512WithRSAEncryption[] = { PKCS1, 13 }; CONST_OID pkcs5PbeWithMD2AndDEScbc[] = { PKCS5, 0x01 }; CONST_OID pkcs5PbeWithMD5AndDEScbc[] = { PKCS5, 0x03 }; CONST_OID pkcs5PbeWithSha1AndDEScbc[] = { PKCS5, 0x0a }; CONST_OID pkcs7[] = { PKCS7 }; CONST_OID pkcs7Data[] = { PKCS7, 0x01 }; CONST_OID pkcs7SignedData[] = { PKCS7, 0x02 }; CONST_OID pkcs7EnvelopedData[] = { PKCS7, 0x03 }; CONST_OID pkcs7SignedEnvelopedData[] = { PKCS7, 0x04 }; CONST_OID pkcs7DigestedData[] = { PKCS7, 0x05 }; CONST_OID pkcs7EncryptedData[] = { PKCS7, 0x06 }; CONST_OID pkcs9EmailAddress[] = { PKCS9, 0x01 }; CONST_OID pkcs9UnstructuredName[] = { PKCS9, 0x02 }; CONST_OID pkcs9ContentType[] = { PKCS9, 0x03 }; CONST_OID pkcs9MessageDigest[] = { PKCS9, 0x04 }; CONST_OID pkcs9SigningTime[] = { PKCS9, 0x05 }; CONST_OID pkcs9CounterSignature[] = { PKCS9, 0x06 }; CONST_OID pkcs9ChallengePassword[] = { PKCS9, 0x07 }; CONST_OID pkcs9UnstructuredAddress[] = { PKCS9, 0x08 }; CONST_OID pkcs9ExtendedCertificateAttributes[] = { PKCS9, 0x09 }; CONST_OID pkcs9SMIMECapabilities[] = { PKCS9, 15 }; CONST_OID pkcs9FriendlyName[] = { PKCS9, 20 }; CONST_OID pkcs9LocalKeyID[] = { PKCS9, 21 }; CONST_OID pkcs9X509Certificate[] = { PKCS9_CERT_TYPES, 1 }; CONST_OID pkcs9SDSICertificate[] = { PKCS9_CERT_TYPES, 2 }; CONST_OID pkcs9X509CRL[] = { PKCS9_CRL_TYPES, 1 }; /* RFC2630 (CMS) OIDs */ CONST_OID cmsESDH[] = { PKCS9_SMIME_ALGS, 5 }; CONST_OID cms3DESwrap[] = { PKCS9_SMIME_ALGS, 6 }; CONST_OID cmsRC2wrap[] = { PKCS9_SMIME_ALGS, 7 }; /* RFC2633 SMIME message attributes */ CONST_OID smimeEncryptionKeyPreference[] = { PKCS9_SMIME_ATTRS, 11 }; CONST_OID ms_smimeEncryptionKeyPreference[] = { MICROSOFT_OID, 0x10, 0x4 }; CONST_OID x520CommonName[] = { X520_ATTRIBUTE_TYPE, 3 }; CONST_OID x520CountryName[] = { X520_ATTRIBUTE_TYPE, 6 }; CONST_OID x520LocalityName[] = { X520_ATTRIBUTE_TYPE, 7 }; CONST_OID x520StateOrProvinceName[] = { X520_ATTRIBUTE_TYPE, 8 }; CONST_OID x520OrgName[] = { X520_ATTRIBUTE_TYPE, 10 }; CONST_OID x520OrgUnitName[] = { X520_ATTRIBUTE_TYPE, 11 }; CONST_OID x520DnQualifier[] = { X520_ATTRIBUTE_TYPE, 46 }; CONST_OID nsTypeGIF[] = { NETSCAPE_DATA_TYPE, 0x01 }; CONST_OID nsTypeJPEG[] = { NETSCAPE_DATA_TYPE, 0x02 }; CONST_OID nsTypeURL[] = { NETSCAPE_DATA_TYPE, 0x03 }; CONST_OID nsTypeHTML[] = { NETSCAPE_DATA_TYPE, 0x04 }; CONST_OID nsTypeCertSeq[] = { NETSCAPE_DATA_TYPE, 0x05 }; CONST_OID missiCertKEADSSOld[] = { MISSI_OLD_KEA_DSS }; CONST_OID missiCertDSSOld[] = { MISSI_OLD_DSS }; CONST_OID missiCertKEADSS[] = { MISSI_KEA_DSS }; CONST_OID missiCertDSS[] = { MISSI_DSS }; CONST_OID missiCertKEA[] = { MISSI_KEA }; CONST_OID missiCertAltKEA[] = { MISSI_ALT_KEA }; CONST_OID x500RSAEncryption[] = { X500_ALG_ENCRYPTION, 0x01 }; /* added for alg 1485 */ CONST_OID rfc1274Uid[] = { RFC1274_ATTR_TYPE, 1 }; CONST_OID rfc1274Mail[] = { RFC1274_ATTR_TYPE, 3 }; CONST_OID rfc2247DomainComponent[] = { RFC1274_ATTR_TYPE, 25 }; /* Netscape private certificate extensions */ CONST_OID nsCertExtNetscapeOK[] = { NS_CERT_EXT, 1 }; CONST_OID nsCertExtIssuerLogo[] = { NS_CERT_EXT, 2 }; CONST_OID nsCertExtSubjectLogo[] = { NS_CERT_EXT, 3 }; CONST_OID nsExtCertType[] = { NETSCAPE_CERT_EXT, 0x01 }; CONST_OID nsExtBaseURL[] = { NETSCAPE_CERT_EXT, 0x02 }; CONST_OID nsExtRevocationURL[] = { NETSCAPE_CERT_EXT, 0x03 }; CONST_OID nsExtCARevocationURL[] = { NETSCAPE_CERT_EXT, 0x04 }; CONST_OID nsExtCACRLURL[] = { NETSCAPE_CERT_EXT, 0x05 }; CONST_OID nsExtCACertURL[] = { NETSCAPE_CERT_EXT, 0x06 }; CONST_OID nsExtCertRenewalURL[] = { NETSCAPE_CERT_EXT, 0x07 }; CONST_OID nsExtCAPolicyURL[] = { NETSCAPE_CERT_EXT, 0x08 }; CONST_OID nsExtHomepageURL[] = { NETSCAPE_CERT_EXT, 0x09 }; CONST_OID nsExtEntityLogo[] = { NETSCAPE_CERT_EXT, 0x0a }; CONST_OID nsExtUserPicture[] = { NETSCAPE_CERT_EXT, 0x0b }; CONST_OID nsExtSSLServerName[] = { NETSCAPE_CERT_EXT, 0x0c }; CONST_OID nsExtComment[] = { NETSCAPE_CERT_EXT, 0x0d }; /* the following 2 extensions are defined for and used by Cartman(NSM) */ CONST_OID nsExtLostPasswordURL[] = { NETSCAPE_CERT_EXT, 0x0e }; CONST_OID nsExtCertRenewalTime[] = { NETSCAPE_CERT_EXT, 0x0f }; CONST_OID nsExtAIACertRenewal[] = { NETSCAPE_CERT_EXT_AIA, 0x01 }; CONST_OID nsExtCertScopeOfUse[] = { NETSCAPE_CERT_EXT, 0x11 }; /* Reserved Netscape (2 16 840 1 113730 1 18) = { NETSCAPE_CERT_EXT, 0x12 }; */ /* Netscape policy values */ CONST_OID nsKeyUsageGovtApproved[] = { NETSCAPE_POLICY, 0x01 }; /* Netscape other name types */ CONST_OID netscapeNickname[] = { NETSCAPE_NAME_COMPONENTS, 0x01}; /* Reserved Netscape REF605437 (2 16 840 1 113730 7 2) = { NETSCAPE_NAME_COMPONENTS, 0x02 }; */ /* OIDs needed for cert server */ CONST_OID netscapeRecoveryRequest[] = { NETSCAPE_CERT_SERVER_CRMF, 0x01 }; /* Standard x.509 v3 Certificate Extensions */ CONST_OID x509SubjectDirectoryAttr[] = { ID_CE_OID, 9 }; CONST_OID x509SubjectKeyID[] = { ID_CE_OID, 14 }; CONST_OID x509KeyUsage[] = { ID_CE_OID, 15 }; CONST_OID x509PrivateKeyUsagePeriod[] = { ID_CE_OID, 16 }; CONST_OID x509SubjectAltName[] = { ID_CE_OID, 17 }; CONST_OID x509IssuerAltName[] = { ID_CE_OID, 18 }; CONST_OID x509BasicConstraints[] = { ID_CE_OID, 19 }; CONST_OID x509NameConstraints[] = { ID_CE_OID, 30 }; CONST_OID x509CRLDistPoints[] = { ID_CE_OID, 31 }; CONST_OID x509CertificatePolicies[] = { ID_CE_OID, 32 }; CONST_OID x509PolicyMappings[] = { ID_CE_OID, 33 }; CONST_OID x509PolicyConstraints[] = { ID_CE_OID, 34 }; CONST_OID x509AuthKeyID[] = { ID_CE_OID, 35 }; CONST_OID x509ExtKeyUsage[] = { ID_CE_OID, 37 }; CONST_OID x509AuthInfoAccess[] = { PKIX_CERT_EXTENSIONS, 1 }; /* Standard x.509 v3 CRL Extensions */ CONST_OID x509CrlNumber[] = { ID_CE_OID, 20}; CONST_OID x509ReasonCode[] = { ID_CE_OID, 21}; CONST_OID x509InvalidDate[] = { ID_CE_OID, 24}; /* pkcs 12 additions */ CONST_OID pkcs12[] = { PKCS12 }; CONST_OID pkcs12ModeIDs[] = { PKCS12_MODE_IDS }; CONST_OID pkcs12ESPVKIDs[] = { PKCS12_ESPVK_IDS }; CONST_OID pkcs12BagIDs[] = { PKCS12_BAG_IDS }; CONST_OID pkcs12CertBagIDs[] = { PKCS12_CERT_BAG_IDS }; CONST_OID pkcs12OIDs[] = { PKCS12_OIDS }; CONST_OID pkcs12PBEIDs[] = { PKCS12_PBE_IDS }; CONST_OID pkcs12EnvelopingIDs[] = { PKCS12_ENVELOPING_IDS }; CONST_OID pkcs12SignatureIDs[] = { PKCS12_SIGNATURE_IDS }; CONST_OID pkcs12PKCS8KeyShrouding[] = { PKCS12_ESPVK_IDS, 0x01 }; CONST_OID pkcs12KeyBagID[] = { PKCS12_BAG_IDS, 0x01 }; CONST_OID pkcs12CertAndCRLBagID[] = { PKCS12_BAG_IDS, 0x02 }; CONST_OID pkcs12SecretBagID[] = { PKCS12_BAG_IDS, 0x03 }; CONST_OID pkcs12X509CertCRLBag[] = { PKCS12_CERT_BAG_IDS, 0x01 }; CONST_OID pkcs12SDSICertBag[] = { PKCS12_CERT_BAG_IDS, 0x02 }; CONST_OID pkcs12PBEWithSha1And128BitRC4[] = { PKCS12_PBE_IDS, 0x01 }; CONST_OID pkcs12PBEWithSha1And40BitRC4[] = { PKCS12_PBE_IDS, 0x02 }; CONST_OID pkcs12PBEWithSha1AndTripleDESCBC[] = { PKCS12_PBE_IDS, 0x03 }; CONST_OID pkcs12PBEWithSha1And128BitRC2CBC[] = { PKCS12_PBE_IDS, 0x04 }; CONST_OID pkcs12PBEWithSha1And40BitRC2CBC[] = { PKCS12_PBE_IDS, 0x05 }; CONST_OID pkcs12RSAEncryptionWith128BitRC4[] = { PKCS12_ENVELOPING_IDS, 0x01 }; CONST_OID pkcs12RSAEncryptionWith40BitRC4[] = { PKCS12_ENVELOPING_IDS, 0x02 }; CONST_OID pkcs12RSAEncryptionWithTripleDES[] = { PKCS12_ENVELOPING_IDS, 0x03 }; CONST_OID pkcs12RSASignatureWithSHA1Digest[] = { PKCS12_SIGNATURE_IDS, 0x01 }; /* pkcs 12 version 1.0 ids */ CONST_OID pkcs12V2PBEWithSha1And128BitRC4[] = { PKCS12_V2_PBE_IDS, 0x01 }; CONST_OID pkcs12V2PBEWithSha1And40BitRC4[] = { PKCS12_V2_PBE_IDS, 0x02 }; CONST_OID pkcs12V2PBEWithSha1And3KeyTripleDEScbc[]= { PKCS12_V2_PBE_IDS, 0x03 }; CONST_OID pkcs12V2PBEWithSha1And2KeyTripleDEScbc[]= { PKCS12_V2_PBE_IDS, 0x04 }; CONST_OID pkcs12V2PBEWithSha1And128BitRC2cbc[] = { PKCS12_V2_PBE_IDS, 0x05 }; CONST_OID pkcs12V2PBEWithSha1And40BitRC2cbc[] = { PKCS12_V2_PBE_IDS, 0x06 }; CONST_OID pkcs12SafeContentsID[] = { PKCS12_BAG_IDS, 0x04 }; CONST_OID pkcs12PKCS8ShroudedKeyBagID[] = { PKCS12_BAG_IDS, 0x05 }; CONST_OID pkcs12V1KeyBag[] = { PKCS12_V1_BAG_IDS, 0x01 }; CONST_OID pkcs12V1PKCS8ShroudedKeyBag[] = { PKCS12_V1_BAG_IDS, 0x02 }; CONST_OID pkcs12V1CertBag[] = { PKCS12_V1_BAG_IDS, 0x03 }; CONST_OID pkcs12V1CRLBag[] = { PKCS12_V1_BAG_IDS, 0x04 }; CONST_OID pkcs12V1SecretBag[] = { PKCS12_V1_BAG_IDS, 0x05 }; CONST_OID pkcs12V1SafeContentsBag[] = { PKCS12_V1_BAG_IDS, 0x06 }; CONST_OID pkcs12KeyUsageAttr[] = { 2, 5, 29, 15 }; CONST_OID ansix9DSASignature[] = { ANSI_X9_ALGORITHM, 0x01 }; CONST_OID ansix9DSASignaturewithSHA1Digest[] = { ANSI_X9_ALGORITHM, 0x03 }; /* verisign OIDs */ CONST_OID verisignUserNotices[] = { VERISIGN, 1, 7, 1, 1 }; /* pkix OIDs */ CONST_OID pkixCPSPointerQualifier[] = { PKIX_POLICY_QUALIFIERS, 1 }; CONST_OID pkixUserNoticeQualifier[] = { PKIX_POLICY_QUALIFIERS, 2 }; CONST_OID pkixOCSP[] = { PKIX_OCSP }; CONST_OID pkixOCSPBasicResponse[] = { PKIX_OCSP, 1 }; CONST_OID pkixOCSPNonce[] = { PKIX_OCSP, 2 }; CONST_OID pkixOCSPCRL[] = { PKIX_OCSP, 3 }; CONST_OID pkixOCSPResponse[] = { PKIX_OCSP, 4 }; CONST_OID pkixOCSPNoCheck[] = { PKIX_OCSP, 5 }; CONST_OID pkixOCSPArchiveCutoff[] = { PKIX_OCSP, 6 }; CONST_OID pkixOCSPServiceLocator[] = { PKIX_OCSP, 7 }; CONST_OID pkixRegCtrlRegToken[] = { PKIX_ID_REGCTRL, 1}; CONST_OID pkixRegCtrlAuthenticator[] = { PKIX_ID_REGCTRL, 2}; CONST_OID pkixRegCtrlPKIPubInfo[] = { PKIX_ID_REGCTRL, 3}; CONST_OID pkixRegCtrlPKIArchOptions[] = { PKIX_ID_REGCTRL, 4}; CONST_OID pkixRegCtrlOldCertID[] = { PKIX_ID_REGCTRL, 5}; CONST_OID pkixRegCtrlProtEncKey[] = { PKIX_ID_REGCTRL, 6}; CONST_OID pkixRegInfoUTF8Pairs[] = { PKIX_ID_REGINFO, 1}; CONST_OID pkixRegInfoCertReq[] = { PKIX_ID_REGINFO, 2}; CONST_OID pkixExtendedKeyUsageServerAuth[] = { PKIX_KEY_USAGE, 1 }; CONST_OID pkixExtendedKeyUsageClientAuth[] = { PKIX_KEY_USAGE, 2 }; CONST_OID pkixExtendedKeyUsageCodeSign[] = { PKIX_KEY_USAGE, 3 }; CONST_OID pkixExtendedKeyUsageEMailProtect[] = { PKIX_KEY_USAGE, 4 }; CONST_OID pkixExtendedKeyUsageTimeStamp[] = { PKIX_KEY_USAGE, 8 }; CONST_OID pkixOCSPResponderExtendedKeyUsage[] = { PKIX_KEY_USAGE, 9 }; /* OIDs for Netscape defined algorithms */ CONST_OID netscapeSMimeKEA[] = { NETSCAPE_ALGS, 0x01 }; /* Fortezza algorithm OIDs */ CONST_OID skipjackCBC[] = { FORTEZZA_ALG, 0x04 }; CONST_OID dhPublicKey[] = { ANSI_X942_ALGORITHM, 0x1 }; CONST_OID aes128_ECB[] = { AES, 1 }; CONST_OID aes128_CBC[] = { AES, 2 }; #ifdef DEFINE_ALL_AES_CIPHERS CONST_OID aes128_OFB[] = { AES, 3 }; CONST_OID aes128_CFB[] = { AES, 4 }; #endif CONST_OID aes128_KEY_WRAP[] = { AES, 5 }; CONST_OID aes192_ECB[] = { AES, 21 }; CONST_OID aes192_CBC[] = { AES, 22 }; #ifdef DEFINE_ALL_AES_CIPHERS CONST_OID aes192_OFB[] = { AES, 23 }; CONST_OID aes192_CFB[] = { AES, 24 }; #endif CONST_OID aes192_KEY_WRAP[] = { AES, 25 }; CONST_OID aes256_ECB[] = { AES, 41 }; CONST_OID aes256_CBC[] = { AES, 42 }; #ifdef DEFINE_ALL_AES_CIPHERS CONST_OID aes256_OFB[] = { AES, 43 }; CONST_OID aes256_CFB[] = { AES, 44 }; #endif CONST_OID aes256_KEY_WRAP[] = { AES, 45 }; CONST_OID sha256[] = { SHAXXX, 1 }; CONST_OID sha384[] = { SHAXXX, 2 }; CONST_OID sha512[] = { SHAXXX, 3 }; #define OI(x) { sizeof x, (uint8 *)x } #ifndef SECOID_NO_STRINGS #define OD(oid,tag,desc,mech,ext) { OI(oid), tag, desc, mech, ext } #else #define OD(oid,tag,desc,mech,ext) { OI(oid), tag, 0, mech, ext } #endif /* * NOTE: the order of these entries must mach the SECOidTag enum in secoidt.h! */ const static SECOidData oids[] = { { { 0, NULL }, SEC_OID_UNKNOWN, "Unknown OID", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION }, OD( md2, SEC_OID_MD2, "MD2", CSSM_ALGID_MD2, INVALID_CERT_EXTENSION ), OD( md4, SEC_OID_MD4, "MD4", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( md5, SEC_OID_MD5, "MD5", CSSM_ALGID_MD5, INVALID_CERT_EXTENSION ), OD( sha1, SEC_OID_SHA1, "SHA-1", CSSM_ALGID_SHA1, INVALID_CERT_EXTENSION ), OD( rc2cbc, SEC_OID_RC2_CBC, "RC2-CBC", CSSM_ALGID_RC2, INVALID_CERT_EXTENSION ), OD( rc4, SEC_OID_RC4, "RC4", CSSM_ALGID_RC4, INVALID_CERT_EXTENSION ), OD( desede3cbc, SEC_OID_DES_EDE3_CBC, "DES-EDE3-CBC", CSSM_ALGID_3DES_3KEY_EDE, INVALID_CERT_EXTENSION ), OD( rc5cbcpad, SEC_OID_RC5_CBC_PAD, "RC5-CBCPad", CSSM_ALGID_RC5, INVALID_CERT_EXTENSION ), OD( desecb, SEC_OID_DES_ECB, "DES-ECB", CSSM_ALGID_DES, INVALID_CERT_EXTENSION ), OD( descbc, SEC_OID_DES_CBC, "DES-CBC", CSSM_ALGID_DES, INVALID_CERT_EXTENSION ), OD( desofb, SEC_OID_DES_OFB, "DES-OFB", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( descfb, SEC_OID_DES_CFB, "DES-CFB", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( desmac, SEC_OID_DES_MAC, "DES-MAC", CSSM_ALGID_DES, INVALID_CERT_EXTENSION ), OD( desede, SEC_OID_DES_EDE, "DES-EDE", CSSM_ALGID_3DES_3KEY_EDE, INVALID_CERT_EXTENSION ), OD( isoSHAWithRSASignature, SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE, "ISO SHA with RSA Signature", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs1RSAEncryption, SEC_OID_PKCS1_RSA_ENCRYPTION, "PKCS #1 RSA Encryption", CSSM_ALGID_RSA, INVALID_CERT_EXTENSION ), /* the following Signing CSSM_ALGORITHMS should get new CKM_ values when * values for CKM_RSA_WITH_MDX and CKM_RSA_WITH_SHA_1 get defined in * PKCS #11. */ OD( pkcs1MD2WithRSAEncryption, SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION, "PKCS #1 MD2 With RSA Encryption", CSSM_ALGID_MD2WithRSA, INVALID_CERT_EXTENSION ), OD( pkcs1MD4WithRSAEncryption, SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION, "PKCS #1 MD4 With RSA Encryption", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs1MD5WithRSAEncryption, SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION, "PKCS #1 MD5 With RSA Encryption", CSSM_ALGID_MD5WithRSA, INVALID_CERT_EXTENSION ), OD( pkcs1SHA1WithRSAEncryption, SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION, "PKCS #1 SHA-1 With RSA Encryption", CSSM_ALGID_SHA1WithRSA, INVALID_CERT_EXTENSION ), OD( pkcs5PbeWithMD2AndDEScbc, SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC, "PKCS #5 Password Based Encryption with MD2 and DES CBC", CSSM_ALGID_PKCS5_PBKDF1_MD2, INVALID_CERT_EXTENSION ), OD( pkcs5PbeWithMD5AndDEScbc, SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC, "PKCS #5 Password Based Encryption with MD5 and DES CBC", CSSM_ALGID_PKCS5_PBKDF1_MD5, INVALID_CERT_EXTENSION ), OD( pkcs5PbeWithSha1AndDEScbc, SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC, "PKCS #5 Password Based Encryption with SHA1 and DES CBC", CSSM_ALGID_PKCS5_PBKDF1_SHA1, INVALID_CERT_EXTENSION ), OD( pkcs7, SEC_OID_PKCS7, "PKCS #7", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs7Data, SEC_OID_PKCS7_DATA, "PKCS #7 Data", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs7SignedData, SEC_OID_PKCS7_SIGNED_DATA, "PKCS #7 Signed Data", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs7EnvelopedData, SEC_OID_PKCS7_ENVELOPED_DATA, "PKCS #7 Enveloped Data", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs7SignedEnvelopedData, SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA, "PKCS #7 Signed And Enveloped Data", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs7DigestedData, SEC_OID_PKCS7_DIGESTED_DATA, "PKCS #7 Digested Data", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs7EncryptedData, SEC_OID_PKCS7_ENCRYPTED_DATA, "PKCS #7 Encrypted Data", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs9EmailAddress, SEC_OID_PKCS9_EMAIL_ADDRESS, "PKCS #9 Email Address", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs9UnstructuredName, SEC_OID_PKCS9_UNSTRUCTURED_NAME, "PKCS #9 Unstructured Name", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs9ContentType, SEC_OID_PKCS9_CONTENT_TYPE, "PKCS #9 Content Type", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs9MessageDigest, SEC_OID_PKCS9_MESSAGE_DIGEST, "PKCS #9 Message Digest", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs9SigningTime, SEC_OID_PKCS9_SIGNING_TIME, "PKCS #9 Signing Time", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs9CounterSignature, SEC_OID_PKCS9_COUNTER_SIGNATURE, "PKCS #9 Counter Signature", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs9ChallengePassword, SEC_OID_PKCS9_CHALLENGE_PASSWORD, "PKCS #9 Challenge Password", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs9UnstructuredAddress, SEC_OID_PKCS9_UNSTRUCTURED_ADDRESS, "PKCS #9 Unstructured Address", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs9ExtendedCertificateAttributes, SEC_OID_PKCS9_EXTENDED_CERTIFICATE_ATTRIBUTES, "PKCS #9 Extended Certificate Attributes", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs9SMIMECapabilities, SEC_OID_PKCS9_SMIME_CAPABILITIES, "PKCS #9 S/MIME Capabilities", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( x520CommonName, SEC_OID_AVA_COMMON_NAME, "X520 Common Name", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( x520CountryName, SEC_OID_AVA_COUNTRY_NAME, "X520 Country Name", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( x520LocalityName, SEC_OID_AVA_LOCALITY, "X520 Locality Name", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( x520StateOrProvinceName, SEC_OID_AVA_STATE_OR_PROVINCE, "X520 State Or Province Name", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( x520OrgName, SEC_OID_AVA_ORGANIZATION_NAME, "X520 Organization Name", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( x520OrgUnitName, SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME, "X520 Organizational Unit Name", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( x520DnQualifier, SEC_OID_AVA_DN_QUALIFIER, "X520 DN Qualifier", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( rfc2247DomainComponent, SEC_OID_AVA_DC, "RFC 2247 Domain Component", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( nsTypeGIF, SEC_OID_NS_TYPE_GIF, "GIF", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( nsTypeJPEG, SEC_OID_NS_TYPE_JPEG, "JPEG", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( nsTypeURL, SEC_OID_NS_TYPE_URL, "URL", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( nsTypeHTML, SEC_OID_NS_TYPE_HTML, "HTML", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( nsTypeCertSeq, SEC_OID_NS_TYPE_CERT_SEQUENCE, "Certificate Sequence", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( missiCertKEADSSOld, SEC_OID_MISSI_KEA_DSS_OLD, "MISSI KEA and DSS Algorithm (Old)", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( missiCertDSSOld, SEC_OID_MISSI_DSS_OLD, "MISSI DSS Algorithm (Old)", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( missiCertKEADSS, SEC_OID_MISSI_KEA_DSS, "MISSI KEA and DSS Algorithm", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( missiCertDSS, SEC_OID_MISSI_DSS, "MISSI DSS Algorithm", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( missiCertKEA, SEC_OID_MISSI_KEA, "MISSI KEA Algorithm", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( missiCertAltKEA, SEC_OID_MISSI_ALT_KEA, "MISSI Alternate KEA Algorithm", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), /* Netscape private extensions */ OD( nsCertExtNetscapeOK, SEC_OID_NS_CERT_EXT_NETSCAPE_OK, "Netscape says this cert is OK", CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ), OD( nsCertExtIssuerLogo, SEC_OID_NS_CERT_EXT_ISSUER_LOGO, "Certificate Issuer Logo", CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ), OD( nsCertExtSubjectLogo, SEC_OID_NS_CERT_EXT_SUBJECT_LOGO, "Certificate Subject Logo", CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ), OD( nsExtCertType, SEC_OID_NS_CERT_EXT_CERT_TYPE, "Certificate Type", CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ), OD( nsExtBaseURL, SEC_OID_NS_CERT_EXT_BASE_URL, "Certificate Extension Base URL", CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ), OD( nsExtRevocationURL, SEC_OID_NS_CERT_EXT_REVOCATION_URL, "Certificate Revocation URL", CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ), OD( nsExtCARevocationURL, SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL, "Certificate Authority Revocation URL", CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ), OD( nsExtCACRLURL, SEC_OID_NS_CERT_EXT_CA_CRL_URL, "Certificate Authority CRL Download URL", CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ), OD( nsExtCACertURL, SEC_OID_NS_CERT_EXT_CA_CERT_URL, "Certificate Authority Certificate Download URL", CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ), OD( nsExtCertRenewalURL, SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL, "Certificate Renewal URL", CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ), OD( nsExtCAPolicyURL, SEC_OID_NS_CERT_EXT_CA_POLICY_URL, "Certificate Authority Policy URL", CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ), OD( nsExtHomepageURL, SEC_OID_NS_CERT_EXT_HOMEPAGE_URL, "Certificate Homepage URL", CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ), OD( nsExtEntityLogo, SEC_OID_NS_CERT_EXT_ENTITY_LOGO, "Certificate Entity Logo", CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ), OD( nsExtUserPicture, SEC_OID_NS_CERT_EXT_USER_PICTURE, "Certificate User Picture", CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ), OD( nsExtSSLServerName, SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME, "Certificate SSL Server Name", CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ), OD( nsExtComment, SEC_OID_NS_CERT_EXT_COMMENT, "Certificate Comment", CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ), OD( nsExtLostPasswordURL, SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL, "Lost Password URL", CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ), OD( nsExtCertRenewalTime, SEC_OID_NS_CERT_EXT_CERT_RENEWAL_TIME, "Certificate Renewal Time", CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ), OD( nsKeyUsageGovtApproved, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED, "Strong Crypto Export Approved", CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ), /* x.509 v3 certificate extensions */ OD( x509SubjectDirectoryAttr, SEC_OID_X509_SUBJECT_DIRECTORY_ATTR, "Certificate Subject Directory Attributes", CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION), OD( x509SubjectKeyID, SEC_OID_X509_SUBJECT_KEY_ID, "Certificate Subject Key ID", CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ), OD( x509KeyUsage, SEC_OID_X509_KEY_USAGE, "Certificate Key Usage", CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ), OD( x509PrivateKeyUsagePeriod, SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD, "Certificate Private Key Usage Period", CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ), OD( x509SubjectAltName, SEC_OID_X509_SUBJECT_ALT_NAME, "Certificate Subject Alt Name", CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ), OD( x509IssuerAltName, SEC_OID_X509_ISSUER_ALT_NAME, "Certificate Issuer Alt Name", CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ), OD( x509BasicConstraints, SEC_OID_X509_BASIC_CONSTRAINTS, "Certificate Basic Constraints", CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ), OD( x509NameConstraints, SEC_OID_X509_NAME_CONSTRAINTS, "Certificate Name Constraints", CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ), OD( x509CRLDistPoints, SEC_OID_X509_CRL_DIST_POINTS, "CRL Distribution Points", CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ), OD( x509CertificatePolicies, SEC_OID_X509_CERTIFICATE_POLICIES, "Certificate Policies", CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ), OD( x509PolicyMappings, SEC_OID_X509_POLICY_MAPPINGS, "Certificate Policy Mappings", CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ), OD( x509PolicyConstraints, SEC_OID_X509_POLICY_CONSTRAINTS, "Certificate Policy Constraints", CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ), OD( x509AuthKeyID, SEC_OID_X509_AUTH_KEY_ID, "Certificate Authority Key Identifier", CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ), OD( x509ExtKeyUsage, SEC_OID_X509_EXT_KEY_USAGE, "Extended Key Usage", CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ), OD( x509AuthInfoAccess, SEC_OID_X509_AUTH_INFO_ACCESS, "Authority Information Access", CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ), /* x.509 v3 CRL extensions */ OD( x509CrlNumber, SEC_OID_X509_CRL_NUMBER, "CRL Number", CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ), OD( x509ReasonCode, SEC_OID_X509_REASON_CODE, "CRL reason code", CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ), OD( x509InvalidDate, SEC_OID_X509_INVALID_DATE, "Invalid Date", CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ), OD( x500RSAEncryption, SEC_OID_X500_RSA_ENCRYPTION, "X500 RSA Encryption", CSSM_ALGID_RSA, INVALID_CERT_EXTENSION ), /* added for alg 1485 */ OD( rfc1274Uid, SEC_OID_RFC1274_UID, "RFC1274 User Id", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( rfc1274Mail, SEC_OID_RFC1274_MAIL, "RFC1274 E-mail Address", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), /* pkcs 12 additions */ OD( pkcs12, SEC_OID_PKCS12, "PKCS #12", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs12ModeIDs, SEC_OID_PKCS12_MODE_IDS, "PKCS #12 Mode IDs", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs12ESPVKIDs, SEC_OID_PKCS12_ESPVK_IDS, "PKCS #12 ESPVK IDs", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs12BagIDs, SEC_OID_PKCS12_BAG_IDS, "PKCS #12 Bag IDs", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs12CertBagIDs, SEC_OID_PKCS12_CERT_BAG_IDS, "PKCS #12 Cert Bag IDs", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs12OIDs, SEC_OID_PKCS12_OIDS, "PKCS #12 OIDs", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs12PBEIDs, SEC_OID_PKCS12_PBE_IDS, "PKCS #12 PBE IDs", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs12SignatureIDs, SEC_OID_PKCS12_SIGNATURE_IDS, "PKCS #12 Signature IDs", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs12EnvelopingIDs, SEC_OID_PKCS12_ENVELOPING_IDS, "PKCS #12 Enveloping IDs", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs12PKCS8KeyShrouding, SEC_OID_PKCS12_PKCS8_KEY_SHROUDING, "PKCS #12 Key Shrouding", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs12KeyBagID, SEC_OID_PKCS12_KEY_BAG_ID, "PKCS #12 Key Bag ID", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs12CertAndCRLBagID, SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID, "PKCS #12 Cert And CRL Bag ID", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs12SecretBagID, SEC_OID_PKCS12_SECRET_BAG_ID, "PKCS #12 Secret Bag ID", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs12X509CertCRLBag, SEC_OID_PKCS12_X509_CERT_CRL_BAG, "PKCS #12 X509 Cert CRL Bag", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs12SDSICertBag, SEC_OID_PKCS12_SDSI_CERT_BAG, "PKCS #12 SDSI Cert Bag", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs12PBEWithSha1And128BitRC4, SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4, "PKCS #12 PBE With Sha1 and 128 Bit RC4", CSSM_ALGID_PKCS12_SHA1_PBE, INVALID_CERT_EXTENSION ), OD( pkcs12PBEWithSha1And40BitRC4, SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4, "PKCS #12 PBE With Sha1 and 40 Bit RC4", CSSM_ALGID_PKCS12_SHA1_PBE, INVALID_CERT_EXTENSION ), OD( pkcs12PBEWithSha1AndTripleDESCBC, SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC, "PKCS #12 PBE With Sha1 and Triple DES CBC", CSSM_ALGID_PKCS12_SHA1_PBE, INVALID_CERT_EXTENSION ), OD( pkcs12PBEWithSha1And128BitRC2CBC, SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC, "PKCS #12 PBE With Sha1 and 128 Bit RC2 CBC", CSSM_ALGID_PKCS12_SHA1_PBE, INVALID_CERT_EXTENSION ), OD( pkcs12PBEWithSha1And40BitRC2CBC, SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC, "PKCS #12 PBE With Sha1 and 40 Bit RC2 CBC", CSSM_ALGID_PKCS12_SHA1_PBE, INVALID_CERT_EXTENSION ), OD( pkcs12RSAEncryptionWith128BitRC4, SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_128_BIT_RC4, "PKCS #12 RSA Encryption with 128 Bit RC4", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs12RSAEncryptionWith40BitRC4, SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_40_BIT_RC4, "PKCS #12 RSA Encryption with 40 Bit RC4", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs12RSAEncryptionWithTripleDES, SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_TRIPLE_DES, "PKCS #12 RSA Encryption with Triple DES", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs12RSASignatureWithSHA1Digest, SEC_OID_PKCS12_RSA_SIGNATURE_WITH_SHA1_DIGEST, "PKCS #12 RSA Encryption with Triple DES", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), /* DSA signatures */ OD( ansix9DSASignature, SEC_OID_ANSIX9_DSA_SIGNATURE, "ANSI X9.57 DSA Signature", CSSM_ALGID_DSA, INVALID_CERT_EXTENSION ), OD( ansix9DSASignaturewithSHA1Digest, SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST, "ANSI X9.57 DSA Signature with SHA1 Digest", CSSM_ALGID_SHA1WithDSA, INVALID_CERT_EXTENSION ), OD( bogusDSASignaturewithSHA1Digest, SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST, "FORTEZZA DSA Signature with SHA1 Digest", CSSM_ALGID_SHA1WithDSA, INVALID_CERT_EXTENSION ), /* verisign oids */ OD( verisignUserNotices, SEC_OID_VERISIGN_USER_NOTICES, "Verisign User Notices", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), /* pkix oids */ OD( pkixCPSPointerQualifier, SEC_OID_PKIX_CPS_POINTER_QUALIFIER, "PKIX CPS Pointer Qualifier", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkixUserNoticeQualifier, SEC_OID_PKIX_USER_NOTICE_QUALIFIER, "PKIX User Notice Qualifier", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkixOCSP, SEC_OID_PKIX_OCSP, "PKIX Online Certificate Status Protocol", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkixOCSPBasicResponse, SEC_OID_PKIX_OCSP_BASIC_RESPONSE, "OCSP Basic Response", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkixOCSPNonce, SEC_OID_PKIX_OCSP_NONCE, "OCSP Nonce Extension", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkixOCSPCRL, SEC_OID_PKIX_OCSP_CRL, "OCSP CRL Reference Extension", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkixOCSPResponse, SEC_OID_PKIX_OCSP_RESPONSE, "OCSP Response Types Extension", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkixOCSPNoCheck, SEC_OID_PKIX_OCSP_NO_CHECK, "OCSP No Check Extension", CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ), OD( pkixOCSPArchiveCutoff, SEC_OID_PKIX_OCSP_ARCHIVE_CUTOFF, "OCSP Archive Cutoff Extension", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkixOCSPServiceLocator, SEC_OID_PKIX_OCSP_SERVICE_LOCATOR, "OCSP Service Locator Extension", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkixRegCtrlRegToken, SEC_OID_PKIX_REGCTRL_REGTOKEN, "PKIX CRMF Registration Control, Registration Token", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkixRegCtrlAuthenticator, SEC_OID_PKIX_REGCTRL_AUTHENTICATOR, "PKIX CRMF Registration Control, Registration Authenticator", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkixRegCtrlPKIPubInfo, SEC_OID_PKIX_REGCTRL_PKIPUBINFO, "PKIX CRMF Registration Control, PKI Publication Info", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION), OD( pkixRegCtrlPKIArchOptions, SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS, "PKIX CRMF Registration Control, PKI Archive Options", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION), OD( pkixRegCtrlOldCertID, SEC_OID_PKIX_REGCTRL_OLD_CERT_ID, "PKIX CRMF Registration Control, Old Certificate ID", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION), OD( pkixRegCtrlProtEncKey, SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY, "PKIX CRMF Registration Control, Protocol Encryption Key", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION), OD( pkixRegInfoUTF8Pairs, SEC_OID_PKIX_REGINFO_UTF8_PAIRS, "PKIX CRMF Registration Info, UTF8 Pairs", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION), OD( pkixRegInfoCertReq, SEC_OID_PKIX_REGINFO_CERT_REQUEST, "PKIX CRMF Registration Info, Certificate Request", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION), OD( pkixExtendedKeyUsageServerAuth, SEC_OID_EXT_KEY_USAGE_SERVER_AUTH, "TLS Web Server Authentication Certificate", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION), OD( pkixExtendedKeyUsageClientAuth, SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH, "TLS Web Client Authentication Certificate", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION), OD( pkixExtendedKeyUsageCodeSign, SEC_OID_EXT_KEY_USAGE_CODE_SIGN, "Code Signing Certificate", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION), OD( pkixExtendedKeyUsageEMailProtect, SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT, "E-Mail Protection Certificate", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION), OD( pkixExtendedKeyUsageTimeStamp, SEC_OID_EXT_KEY_USAGE_TIME_STAMP, "Time Stamping Certifcate", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION), OD( pkixOCSPResponderExtendedKeyUsage, SEC_OID_OCSP_RESPONDER, "OCSP Responder Certificate", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION), /* Netscape Algorithm OIDs */ OD( netscapeSMimeKEA, SEC_OID_NETSCAPE_SMIME_KEA, "Netscape S/MIME KEA", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), /* Skipjack OID -- ### mwelch temporary */ OD( skipjackCBC, SEC_OID_FORTEZZA_SKIPJACK, "Skipjack CBC64", CSSM_ALGID_SKIPJACK, INVALID_CERT_EXTENSION ), /* pkcs12 v2 oids */ OD( pkcs12V2PBEWithSha1And128BitRC4, SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4, "PKCS12 V2 PBE With SHA1 And 128 Bit RC4", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs12V2PBEWithSha1And40BitRC4, SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4, "PKCS12 V2 PBE With SHA1 And 40 Bit RC4", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs12V2PBEWithSha1And3KeyTripleDEScbc, SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC, "PKCS12 V2 PBE With SHA1 And 3KEY Triple DES-cbc", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs12V2PBEWithSha1And2KeyTripleDEScbc, SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC, "PKCS12 V2 PBE With SHA1 And 2KEY Triple DES-cbc", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs12V2PBEWithSha1And128BitRC2cbc, SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC, "PKCS12 V2 PBE With SHA1 And 128 Bit RC2 CBC", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs12V2PBEWithSha1And40BitRC2cbc, SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC, "PKCS12 V2 PBE With SHA1 And 40 Bit RC2 CBC", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs12SafeContentsID, SEC_OID_PKCS12_SAFE_CONTENTS_ID, "PKCS #12 Safe Contents ID", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs12PKCS8ShroudedKeyBagID, SEC_OID_PKCS12_PKCS8_SHROUDED_KEY_BAG_ID, "PKCS #12 Safe Contents ID", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs12V1KeyBag, SEC_OID_PKCS12_V1_KEY_BAG_ID, "PKCS #12 V1 Key Bag", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs12V1PKCS8ShroudedKeyBag, SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID, "PKCS #12 V1 PKCS8 Shrouded Key Bag", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs12V1CertBag, SEC_OID_PKCS12_V1_CERT_BAG_ID, "PKCS #12 V1 Cert Bag", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs12V1CRLBag, SEC_OID_PKCS12_V1_CRL_BAG_ID, "PKCS #12 V1 CRL Bag", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs12V1SecretBag, SEC_OID_PKCS12_V1_SECRET_BAG_ID, "PKCS #12 V1 Secret Bag", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs12V1SafeContentsBag, SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID, "PKCS #12 V1 Safe Contents Bag", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs9X509Certificate, SEC_OID_PKCS9_X509_CERT, "PKCS #9 X509 Certificate", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs9SDSICertificate, SEC_OID_PKCS9_SDSI_CERT, "PKCS #9 SDSI Certificate", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs9X509CRL, SEC_OID_PKCS9_X509_CRL, "PKCS #9 X509 CRL", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs9FriendlyName, SEC_OID_PKCS9_FRIENDLY_NAME, "PKCS #9 Friendly Name", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs9LocalKeyID, SEC_OID_PKCS9_LOCAL_KEY_ID, "PKCS #9 Local Key ID", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs12KeyUsageAttr, SEC_OID_PKCS12_KEY_USAGE, "PKCS 12 Key Usage", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( dhPublicKey, SEC_OID_X942_DIFFIE_HELMAN_KEY, "Diffie-Helman Public Key", CSSM_ALGID_DH, INVALID_CERT_EXTENSION ), OD( netscapeNickname, SEC_OID_NETSCAPE_NICKNAME, "Netscape Nickname", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), /* Cert Server specific OIDs */ OD( netscapeRecoveryRequest, SEC_OID_NETSCAPE_RECOVERY_REQUEST, "Recovery Request OID", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( nsExtAIACertRenewal, SEC_OID_CERT_RENEWAL_LOCATOR, "Certificate Renewal Locator OID", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( nsExtCertScopeOfUse, SEC_OID_NS_CERT_EXT_SCOPE_OF_USE, "Certificate Scope-of-Use Extension", CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ), /* CMS stuff */ OD( cmsESDH, SEC_OID_CMS_EPHEMERAL_STATIC_DIFFIE_HELLMAN, "Ephemeral-Static Diffie-Hellman", CSSM_ALGID_NONE /* XXX */, INVALID_CERT_EXTENSION ), OD( cms3DESwrap, SEC_OID_CMS_3DES_KEY_WRAP, "CMS 3DES Key Wrap", CSSM_ALGID_NONE /* XXX */, INVALID_CERT_EXTENSION ), OD( cmsRC2wrap, SEC_OID_CMS_RC2_KEY_WRAP, "CMS RC2 Key Wrap", CSSM_ALGID_NONE /* XXX */, INVALID_CERT_EXTENSION ), OD( smimeEncryptionKeyPreference, SEC_OID_SMIME_ENCRYPTION_KEY_PREFERENCE, "S/MIME Encryption Key Preference", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), /* AES algorithm OIDs */ OD( aes128_ECB, SEC_OID_AES_128_ECB, "AES-128-ECB", CSSM_ALGID_AES, INVALID_CERT_EXTENSION ), OD( aes128_CBC, SEC_OID_AES_128_CBC, "AES-128-CBC", CSSM_ALGID_AES, INVALID_CERT_EXTENSION ), OD( aes192_ECB, SEC_OID_AES_192_ECB, "AES-192-ECB", CSSM_ALGID_AES, INVALID_CERT_EXTENSION ), OD( aes192_CBC, SEC_OID_AES_192_CBC, "AES-192-CBC", CSSM_ALGID_AES, INVALID_CERT_EXTENSION ), OD( aes256_ECB, SEC_OID_AES_256_ECB, "AES-256-ECB", CSSM_ALGID_AES, INVALID_CERT_EXTENSION ), OD( aes256_CBC, SEC_OID_AES_256_CBC, "AES-256-CBC", CSSM_ALGID_AES, INVALID_CERT_EXTENSION ), /* More bogus DSA OIDs */ OD( sdn702DSASignature, SEC_OID_SDN702_DSA_SIGNATURE, "SDN.702 DSA Signature", CSSM_ALGID_SHA1WithDSA, INVALID_CERT_EXTENSION ), OD( ms_smimeEncryptionKeyPreference, SEC_OID_MS_SMIME_ENCRYPTION_KEY_PREFERENCE, "Microsoft S/MIME Encryption Key Preference", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( sha256, SEC_OID_SHA256, "SHA-256", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION), OD( sha384, SEC_OID_SHA384, "SHA-384", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION), OD( sha512, SEC_OID_SHA512, "SHA-512", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION), OD( pkcs1SHA256WithRSAEncryption, SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION, "PKCS #1 SHA-256 With RSA Encryption", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs1SHA384WithRSAEncryption, SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION, "PKCS #1 SHA-384 With RSA Encryption", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( pkcs1SHA512WithRSAEncryption, SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION, "PKCS #1 SHA-512 With RSA Encryption", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ), OD( aes128_KEY_WRAP, SEC_OID_AES_128_KEY_WRAP, "AES-128 Key Wrap", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION), OD( aes192_KEY_WRAP, SEC_OID_AES_192_KEY_WRAP, "AES-192 Key Wrap", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION), OD( aes256_KEY_WRAP, SEC_OID_AES_256_KEY_WRAP, "AES-256 Key Wrap", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION), }; /* * now the dynamic table. The dynamic table gets build at init time. * and gets modified if the user loads new crypto modules. */ static PLHashTable *oid_d_hash = 0; static SECOidData **secoidDynamicTable = NULL; static int secoidDynamicTableSize = 0; static int secoidLastDynamicEntry = 0; static int secoidLastHashEntry = 0; static SECStatus secoid_DynamicRehash(void) { SECOidData *oid; PLHashEntry *entry; int i; int last = secoidLastDynamicEntry; if (!oid_d_hash) { oid_d_hash = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare, PL_CompareValues, NULL, NULL); } if ( !oid_d_hash ) { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); return(SECFailure); } for ( i = secoidLastHashEntry; i < last; i++ ) { oid = secoidDynamicTable[i]; entry = PL_HashTableAdd( oid_d_hash, &oid->oid, oid ); if ( entry == NULL ) { return(SECFailure); } } secoidLastHashEntry = last; return(SECSuccess); } /* * Lookup a Dynamic OID. Dynamic OID's still change slowly, so it's * cheaper to rehash the table when it changes than it is to do the loop * each time. Worry: what about thread safety here? Global Static data with * no locks.... (sigh). */ static SECOidData * secoid_FindDynamic(const SECItem *key) { SECOidData *ret = NULL; if (secoidDynamicTable == NULL) { /* PORT_SetError! */ return NULL; } if (secoidLastHashEntry != secoidLastDynamicEntry) { SECStatus rv = secoid_DynamicRehash(); if ( rv != SECSuccess ) { return NULL; } } ret = (SECOidData *)PL_HashTableLookup (oid_d_hash, key); return ret; } static SECOidData * secoid_FindDynamicByTag(SECOidTag tagnum) { int tagNumDiff; if (secoidDynamicTable == NULL) { return NULL; } if (tagnum < SEC_OID_TOTAL) { return NULL; } tagNumDiff = tagnum - SEC_OID_TOTAL; if (tagNumDiff >= secoidLastDynamicEntry) { return NULL; } return(secoidDynamicTable[tagNumDiff]); } /* * this routine is definately not thread safe. It is only called out * of the UI, or at init time. If we want to call it any other time, * we need to make it thread safe. */ SECStatus SECOID_AddEntry(SECItem *oid, char *description, CSSM_ALGORITHMS cssmAlgorithm) { SECOidData *oiddp = (SECOidData *)PORT_Alloc(sizeof(SECOidData)); int last = secoidLastDynamicEntry; int tableSize = secoidDynamicTableSize; int next = last++; SECOidData **newTable = secoidDynamicTable; SECOidData **oldTable = NULL; if (oid == NULL) { return SECFailure; } /* fill in oid structure */ if (SECITEM_CopyItem(NULL,&oiddp->oid,oid) != SECSuccess) { PORT_Free(oiddp); return SECFailure; } oiddp->offset = (SECOidTag)(next + SEC_OID_TOTAL); /* may we should just reference the copy passed to us? */ oiddp->desc = PORT_Strdup(description); oiddp->cssmAlgorithm = cssmAlgorithm; if (last > tableSize) { int oldTableSize = tableSize; tableSize += 10; oldTable = newTable; newTable = (SECOidData **)PORT_ZAlloc(sizeof(SECOidData *)*tableSize); if (newTable == NULL) { PORT_Free(oiddp->oid.Data); PORT_Free(oiddp); return SECFailure; } PORT_Memcpy(newTable,oldTable,sizeof(SECOidData *)*oldTableSize); PORT_Free(oldTable); } newTable[next] = oiddp; secoidDynamicTable = newTable; secoidDynamicTableSize = tableSize; secoidLastDynamicEntry= last; return SECSuccess; } /* normal static table processing */ static PLHashTable *oidhash = NULL; static PLHashTable *oidmechhash = NULL; static PLHashNumber secoid_HashNumber(const void *key) { return (PLHashNumber) key; } static SECStatus InitOIDHash(void) { PLHashEntry *entry; const SECOidData *oid; int i; oidhash = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare, PL_CompareValues, NULL, NULL); oidmechhash = PL_NewHashTable(0, secoid_HashNumber, PL_CompareValues, PL_CompareValues, NULL, NULL); if ( !oidhash || !oidmechhash) { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); PORT_Assert(0); /*This function should never fail. */ return(SECFailure); } for ( i = 0; i < ( sizeof(oids) / sizeof(SECOidData) ); i++ ) { oid = &oids[i]; PORT_Assert ( oid->offset == i ); entry = PL_HashTableAdd( oidhash, &oid->oid, (void *)oid ); if ( entry == NULL ) { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); PORT_Assert(0); /*This function should never fail. */ return(SECFailure); } if ( oid->cssmAlgorithm != CSSM_ALGID_NONE ) { entry = PL_HashTableAdd( oidmechhash, (void *)oid->cssmAlgorithm, (void *)oid ); if ( entry == NULL ) { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); PORT_Assert(0); /* This function should never fail. */ return(SECFailure); } } } PORT_Assert (i == SEC_OID_TOTAL); return(SECSuccess); } SECOidData * SECOID_FindOIDByCssmAlgorithm(CSSM_ALGORITHMS cssmAlgorithm) { SECOidData *ret; int rv; if ( !oidhash ) { rv = InitOIDHash(); if ( rv != SECSuccess ) { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); return NULL; } } ret = PL_HashTableLookupConst ( oidmechhash, (void *)cssmAlgorithm); if ( ret == NULL ) { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); } return (ret); } SECOidData * SECOID_FindOID(const SECItem *oid) { SECOidData *ret; int rv; if ( !oidhash ) { rv = InitOIDHash(); if ( rv != SECSuccess ) { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); return NULL; } } ret = PL_HashTableLookupConst ( oidhash, oid ); if ( ret == NULL ) { ret = secoid_FindDynamic(oid); if (ret == NULL) { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); } } return(ret); } SECOidTag SECOID_FindOIDTag(const SECItem *oid) { SECOidData *oiddata; oiddata = SECOID_FindOID (oid); if (oiddata == NULL) return SEC_OID_UNKNOWN; return oiddata->offset; } /* This really should return const. */ SECOidData * SECOID_FindOIDByTag(SECOidTag tagnum) { if (tagnum >= SEC_OID_TOTAL) { return secoid_FindDynamicByTag(tagnum); } PORT_Assert((unsigned int)tagnum < (sizeof(oids) / sizeof(SECOidData))); return (SECOidData *)(&oids[tagnum]); } PRBool SECOID_KnownCertExtenOID (const SECItem *extenOid) { SECOidData * oidData; oidData = SECOID_FindOID (extenOid); if (oidData == (SECOidData *)NULL) return (PR_FALSE); return ((oidData->supportedExtension == SUPPORTED_CERT_EXTENSION) ? PR_TRUE : PR_FALSE); } const char * SECOID_FindOIDTagDescription(SECOidTag tagnum) { const SECOidData *oidData = SECOID_FindOIDByTag(tagnum); return oidData ? oidData->desc : 0; } /* * free up the oid tables. */ SECStatus SECOID_Shutdown(void) { int i; if (oidhash) { PL_HashTableDestroy(oidhash); oidhash = NULL; } if (oidmechhash) { PL_HashTableDestroy(oidmechhash); oidmechhash = NULL; } if (oid_d_hash) { PL_HashTableDestroy(oid_d_hash); oid_d_hash = NULL; } if (secoidDynamicTable) { for (i=0; i < secoidLastDynamicEntry; i++) { PORT_Free(secoidDynamicTable[i]); } PORT_Free(secoidDynamicTable); secoidDynamicTable = NULL; secoidDynamicTableSize = 0; secoidLastDynamicEntry = 0; secoidLastHashEntry = 0; } return SECSuccess; }