开通博客赚积分
发布资源赚积分
分类

源码开发语言/平台
当前位置:首页 > 源码/资料 > 加密解密 > CA认证 > 查看源码
secoid.c
资源名称:nss-3.1.1.tar.gz [点击查看]
上传用户:lyxiangda
上传日期:2007-01-12
资源大小:3042k
文件大小:60k
源码类别:

CA认证

开发平台:

WINDOWS

secoid.c:源码内容
  1. /*
  2.  * The contents of this file are subject to the Mozilla Public
  3.  * License Version 1.1 (the "License"); you may not use this file
  4.  * except in compliance with the License. You may obtain a copy of
  5.  * the License at http://www.mozilla.org/MPL/
  6.  * 
  7.  * Software distributed under the License is distributed on an "AS
  8.  * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
  9.  * implied. See the License for the specific language governing
  10.  * rights and limitations under the License.
  11.  * 
  12.  * The Original Code is the Netscape security libraries.
  13.  * 
  14.  * The Initial Developer of the Original Code is Netscape
  15.  * Communications Corporation.  Portions created by Netscape are 
  16.  * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
  17.  * Rights Reserved.
  18.  * 
  19.  * Contributor(s):
  20.  * 
  21.  * Alternatively, the contents of this file may be used under the
  22.  * terms of the GNU General Public License Version 2 or later (the
  23.  * "GPL"), in which case the provisions of the GPL are applicable 
  24.  * instead of those above.  If you wish to allow use of your 
  25.  * version of this file only under the terms of the GPL and not to
  26.  * allow others to use your version of this file under the MPL,
  27.  * indicate your decision by deleting the provisions above and
  28.  * replace them with the notice and other provisions required by
  29.  * the GPL.  If you do not delete the provisions above, a recipient
  30.  * may use your version of this file under either the MPL or the
  31.  * GPL.
  32.  */
  34. #include "secoid.h"
  35. #include "mcom_db.h"
  36. #include "pkcs11t.h"
  37. #include "secmodt.h"
  38. #include "secitem.h"
  39. #include "secerr.h"
  41. /* MISSI Mosaic Object ID space */
  42. #define MISSI 0x60, 0x86, 0x48, 0x01, 0x65, 0x02, 0x01, 0x01
  43. #define MISSI_OLD_KEA_DSS MISSI, 0x0c
  44. #define MISSI_OLD_DSS MISSI, 0x02
  45. #define MISSI_KEA_DSS MISSI, 0x14
  46. #define MISSI_DSS MISSI, 0x13
  47. #define MISSI_KEA               MISSI, 0x0a
  48. #define MISSI_ALT_KEA           MISSI, 0x16
  50. /**
  51.  ** The Netscape OID space is allocated by Terry Hayes.  If you need
  52.  ** a piece of the space, contact him at thayes@netscape.com.
  53.  **/
  55. /* Netscape Communications Corporation Object ID space */
  56. /* { 2 16 840 1 113730 } */
  57. #define NETSCAPE_OID 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42
  58. /* netscape certificate extensions */
  59. #define NETSCAPE_CERT_EXT NETSCAPE_OID, 0x01
  61. /* netscape data types */
  62. #define NETSCAPE_DATA_TYPE NETSCAPE_OID, 0x02
  64. /* netscape directory oid - owned by Tim Howes(howes@netscape.com) */
  65. #define NETSCAPE_DIRECTORY NETSCAPE_OID, 0x03
  67. /* various policy type OIDs */
  68. #define NETSCAPE_POLICY NETSCAPE_OID, 0x04
  70. /* netscape cert server oid */
  71. #define NETSCAPE_CERT_SERVER NETSCAPE_OID, 0x05
  72. #define NETSCAPE_CERT_SERVER_CRMF NETSCAPE_CERT_SERVER, 0x01
  74. /* various algorithm OIDs */
  75. #define NETSCAPE_ALGS NETSCAPE_OID, 0x06
  77. /* Netscape Other Name Types */
  79. #define NETSCAPE_NAME_COMPONENTS NETSCAPE_OID, 0x07
  81. /* these are old and should go away soon */
  82. #define OLD_NETSCAPE 0x60, 0x86, 0x48, 0xd8, 0x6a
  83. #define NS_CERT_EXT OLD_NETSCAPE, 0x01
  84. #define NS_FILE_TYPE OLD_NETSCAPE, 0x02
  85. #define NS_IMAGE_TYPE OLD_NETSCAPE, 0x03
  87. /* RSA OID name space */
  88. #define RSADSI 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d
  89. #define PKCS RSADSI, 0x01
  90. #define DIGEST RSADSI, 0x02
  91. #define CIPHER RSADSI, 0x03
  92. #define PKCS1 PKCS, 0x01
  93. #define PKCS5 PKCS, 0x05
  94. #define PKCS7 PKCS, 0x07
  95. #define PKCS9 PKCS, 0x09
  96. #define PKCS12 PKCS, 0x0c
  98. /* Fortezza algorithm OID space: { 2 16 840 1 101 2 1 1 } */
  99. /* ### mwelch -- Is this just for algorithms, or all of Fortezza? */
  100. #define FORTEZZA_ALG 0x60, 0x86, 0x48, 0x01, 0x65, 0x02, 0x01, 0x01
  102. /* Other OID name spaces */
  103. #define ALGORITHM 0x2b, 0x0e, 0x03, 0x02
  104. #define X500 0x55
  105. #define X520_ATTRIBUTE_TYPE X500, 0x04
  106. #define X500_ALG X500, 0x08
  107. #define X500_ALG_ENCRYPTION X500_ALG, 0x01
  109. /** X.509 v3 Extension OID 
  110.  ** {joint-iso-ccitt (2) ds(5) 29}
  111.  **/
  112. #define ID_CE_OID X500, 0x1d
  114. #define RFC1274_ATTR_TYPE  0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x1
  115. /* #define RFC2247_ATTR_TYPE  0x09, 0x92, 0x26, 0xf5, 0x98, 0x1e, 0x64, 0x1 this is WRONG! */
  117. /* PKCS #12 name spaces */
  118. #define PKCS12_MODE_IDS PKCS12, 0x01
  119. #define PKCS12_ESPVK_IDS PKCS12, 0x02
  120. #define PKCS12_BAG_IDS PKCS12, 0x03
  121. #define PKCS12_CERT_BAG_IDS PKCS12, 0x04
  122. #define PKCS12_OIDS PKCS12, 0x05
  123. #define PKCS12_PBE_IDS PKCS12_OIDS, 0x01
  124. #define PKCS12_ENVELOPING_IDS PKCS12_OIDS, 0x02
  125. #define PKCS12_SIGNATURE_IDS PKCS12_OIDS, 0x03
  126. #define PKCS12_V2_PBE_IDS PKCS12, 0x01
  127. #define PKCS9_CERT_TYPES PKCS9, 0x16
  128. #define PKCS9_CRL_TYPES PKCS9, 0x17
  129. #define PKCS9_SMIME_IDS PKCS9, 0x10
  130. #define PKCS9_SMIME_ATTRS PKCS9_SMIME_IDS, 2
  131. #define PKCS9_SMIME_ALGS PKCS9_SMIME_IDS, 3
  132. #define PKCS12_VERSION1 PKCS12, 0x0a
  133. #define PKCS12_V1_BAG_IDS PKCS12_VERSION1, 1
  135. /* for DSA algorithm */
  136. /* { iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) } */
  137. #define ANSI_X9_ALGORITHM  0x2a, 0x86, 0x48, 0xce, 0x38, 0x4
  139. /* for DH algorithm */
  140. /* { iso(1) member-body(2) us(840) x9-57(10046) number-type(2) } */
  141. /* need real OID person to look at this, copied the above line
  142.  * and added 6 to second to last value (and changed '4' to '2' */
  143. #define ANSI_X942_ALGORITHM  0x2a, 0x86, 0x48, 0xce, 0x3e, 0x2
  145. #define VERISIGN 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45
  147. #define PKIX 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07
  148. #define PKIX_CERT_EXTENSIONS PKIX, 1
  149. #define PKIX_POLICY_QUALIFIERS PKIX, 2
  150. #define PKIX_KEY_USAGE PKIX, 3
  151. #define PKIX_ACCESS_DESCRIPTION PKIX, 0x30
  152. #define PKIX_OCSP PKIX_ACCESS_DESCRIPTION, 1
  154. #define PKIX_ID_PKIP     PKIX, 5
  155. #define PKIX_ID_REGCTRL  PKIX_ID_PKIP, 1 
  156. #define PKIX_ID_REGINFO  PKIX_ID_PKIP, 2
  159. static unsigned char md2[] = { DIGEST, 0x02 };
  160. static unsigned char md4[] = { DIGEST, 0x04 };
  161. static unsigned char md5[] = { DIGEST, 0x05 };
  162. static unsigned char sha1[] = { ALGORITHM, 0x1a };
  163. static unsigned char rc2cbc[] = { CIPHER, 0x02 };
  164. static unsigned char rc4[] = { CIPHER, 0x04 };
  165. static unsigned char desede3cbc[] = { CIPHER, 0x07 };
  166. static unsigned char rc5cbcpad[] = { CIPHER, 0x09 };
  167. static unsigned char desecb[] = { ALGORITHM, 0x06 };
  168. static unsigned char descbc[] = { ALGORITHM, 0x07 };
  169. static unsigned char desofb[] = { ALGORITHM, 0x08 };
  170. static unsigned char descfb[] = { ALGORITHM, 0x09 };
  171. static unsigned char desmac[] = { ALGORITHM, 0x0a };
  172. static unsigned char desede[] = { ALGORITHM, 0x11 };
  173. static unsigned char isoSHAWithRSASignature[] = { ALGORITHM, 0xf };
  174. static unsigned char pkcs1RSAEncryption[] = { PKCS1, 0x01 };
  175. static unsigned char pkcs1MD2WithRSAEncryption[] = { PKCS1, 0x02 };
  176. static unsigned char pkcs1MD4WithRSAEncryption[] = { PKCS1, 0x03 };
  177. static unsigned char pkcs1MD5WithRSAEncryption[] = { PKCS1, 0x04 };
  178. static unsigned char pkcs1SHA1WithRSAEncryption[] = { PKCS1, 0x05 };
  179. static unsigned char pkcs5PbeWithMD2AndDEScbc[] = { PKCS5, 0x01 };
  180. static unsigned char pkcs5PbeWithMD5AndDEScbc[] = { PKCS5, 0x03 };
  181. static unsigned char pkcs5PbeWithSha1AndDEScbc[] = { PKCS5, 0x0a };
  182. static unsigned char pkcs7[] = { PKCS7 };
  183. static unsigned char pkcs7Data[] = { PKCS7, 0x01 };
  184. static unsigned char pkcs7SignedData[] = { PKCS7, 0x02 };
  185. static unsigned char pkcs7EnvelopedData[] = { PKCS7, 0x03 };
  186. static unsigned char pkcs7SignedEnvelopedData[] = { PKCS7, 0x04 };
  187. static unsigned char pkcs7DigestedData[] = { PKCS7, 0x05 };
  188. static unsigned char pkcs7EncryptedData[] = { PKCS7, 0x06 };
  189. static unsigned char pkcs9EmailAddress[] = { PKCS9, 0x01 };
  190. static unsigned char pkcs9UnstructuredName[] = { PKCS9, 0x02 };
  191. static unsigned char pkcs9ContentType[] = { PKCS9, 0x03 };
  192. static unsigned char pkcs9MessageDigest[] = { PKCS9, 0x04 };
  193. static unsigned char pkcs9SigningTime[] = { PKCS9, 0x05 };
  194. static unsigned char pkcs9CounterSignature[] = { PKCS9, 0x06 };
  195. static unsigned char pkcs9ChallengePassword[] = { PKCS9, 0x07 };
  196. static unsigned char pkcs9UnstructuredAddress[] = { PKCS9, 0x08 };
  197. static unsigned char pkcs9ExtendedCertificateAttributes[] = { PKCS9, 0x09 };
  198. static unsigned char pkcs9SMIMECapabilities[] = { PKCS9, 15 };
  199. static unsigned char x520CommonName[] = { X520_ATTRIBUTE_TYPE, 3 };
  200. static unsigned char x520CountryName[] = { X520_ATTRIBUTE_TYPE, 6 };
  201. static unsigned char x520LocalityName[] = { X520_ATTRIBUTE_TYPE, 7 };
  202. static unsigned char x520StateOrProvinceName[] = { X520_ATTRIBUTE_TYPE, 8 };
  203. static unsigned char x520OrgName[] = { X520_ATTRIBUTE_TYPE, 10 };
  204. static unsigned char x520OrgUnitName[] = { X520_ATTRIBUTE_TYPE, 11 };
  205. static unsigned char x520DnQualifier[] = { X520_ATTRIBUTE_TYPE, 46 };
  207. static unsigned char nsTypeGIF[] = { NETSCAPE_DATA_TYPE, 0x01 };
  208. static unsigned char nsTypeJPEG[] = { NETSCAPE_DATA_TYPE, 0x02 };
  209. static unsigned char nsTypeURL[] = { NETSCAPE_DATA_TYPE, 0x03 };
  210. static unsigned char nsTypeHTML[] = { NETSCAPE_DATA_TYPE, 0x04 };
  211. static unsigned char nsTypeCertSeq[] = { NETSCAPE_DATA_TYPE, 0x05 };
  212. static unsigned char missiCertKEADSSOld[] = { MISSI_OLD_KEA_DSS };
  213. static unsigned char missiCertDSSOld[] = { MISSI_OLD_DSS };
  214. static unsigned char missiCertKEADSS[] = { MISSI_KEA_DSS };
  215. static unsigned char missiCertDSS[] = { MISSI_DSS };
  216. static unsigned char missiCertKEA[] = { MISSI_KEA };
  217. static unsigned char missiCertAltKEA[] = { MISSI_ALT_KEA };
  218. static unsigned char x500RSAEncryption[] = { X500_ALG_ENCRYPTION, 0x01 };
  220. /* added for alg 1485 */
  221. static unsigned char rfc1274Uid[] = { RFC1274_ATTR_TYPE, 1 };
  222. static unsigned char rfc1274Mail[] = { RFC1274_ATTR_TYPE, 3 };
  223. static unsigned char rfc2247DomainComponent[] = { RFC1274_ATTR_TYPE, 25 };
  225. /* Netscape private certificate extensions */
  226. static unsigned char nsCertExtNetscapeOK[] = { NS_CERT_EXT, 1 };
  227. static unsigned char nsCertExtIssuerLogo[] = { NS_CERT_EXT, 2 };
  228. static unsigned char nsCertExtSubjectLogo[] = { NS_CERT_EXT, 3 };
  229. static unsigned char nsExtCertType[] = { NETSCAPE_CERT_EXT, 0x01 };
  230. static unsigned char nsExtBaseURL[] = { NETSCAPE_CERT_EXT, 0x02 };
  231. static unsigned char nsExtRevocationURL[] = { NETSCAPE_CERT_EXT, 0x03 };
  232. static unsigned char nsExtCARevocationURL[] = { NETSCAPE_CERT_EXT, 0x04 };
  233. static unsigned char nsExtCACRLURL[] = { NETSCAPE_CERT_EXT, 0x05 };
  234. static unsigned char nsExtCACertURL[] = { NETSCAPE_CERT_EXT, 0x06 };
  235. static unsigned char nsExtCertRenewalURL[] = { NETSCAPE_CERT_EXT, 0x07 };
  236. static unsigned char nsExtCAPolicyURL[] = { NETSCAPE_CERT_EXT, 0x08 };
  237. static unsigned char nsExtHomepageURL[] = { NETSCAPE_CERT_EXT, 0x09 };
  238. static unsigned char nsExtEntityLogo[] = { NETSCAPE_CERT_EXT, 0x0a };
  239. static unsigned char nsExtUserPicture[] = { NETSCAPE_CERT_EXT, 0x0b };
  240. static unsigned char nsExtSSLServerName[] = { NETSCAPE_CERT_EXT, 0x0c };
  241. static unsigned char nsExtComment[] = { NETSCAPE_CERT_EXT, 0x0d };
  243. /* the following 2 extensions are defined for and used by Cartman(NSM) */
  244. static unsigned char nsExtLostPasswordURL[] = { NETSCAPE_CERT_EXT, 0x0e };
  245. static unsigned char nsExtCertRenewalTime[] = { NETSCAPE_CERT_EXT, 0x0f };
  247. #define NETSCAPE_CERT_EXT_AIA NETSCAPE_CERT_EXT, 0x10
  249. static unsigned char nsExtAIACertRenewal[] = { NETSCAPE_CERT_EXT_AIA, 0x01 };
  251. static unsigned char nsExtCertScopeOfUse[] = { NETSCAPE_CERT_EXT, 0x11 };
  253. static unsigned char nsKeyUsageGovtApproved[] = { NETSCAPE_POLICY, 0x01 };
  256. /* Standard x.509 v3 Certificate Extensions */
  257. static unsigned char x509SubjectDirectoryAttr[] = { ID_CE_OID, 9 };
  258. static unsigned char x509SubjectKeyID[] = { ID_CE_OID, 14 };
  259. static unsigned char x509KeyUsage[] = { ID_CE_OID, 15 };
  260. static unsigned char x509PrivateKeyUsagePeriod[] = { ID_CE_OID, 16 };
  261. static unsigned char x509SubjectAltName[] = { ID_CE_OID, 17 };
  262. static unsigned char x509IssuerAltName[] = { ID_CE_OID, 18 };
  263. static unsigned char x509BasicConstraints[] = { ID_CE_OID, 19 };
  264. static unsigned char x509NameConstraints[] = { ID_CE_OID, 30 };
  265. static unsigned char x509CRLDistPoints[] = { ID_CE_OID, 31 };
  266. static unsigned char x509CertificatePolicies[] = { ID_CE_OID, 32 };
  267. static unsigned char x509PolicyMappings[] = { ID_CE_OID, 33 };
  268. static unsigned char x509PolicyConstraints[] = { ID_CE_OID, 34 };
  269. static unsigned char x509AuthKeyID[] = { ID_CE_OID, 35};
  270. static unsigned char x509ExtKeyUsage[] = { ID_CE_OID, 37};
  271. static unsigned char x509AuthInfoAccess[] = { PKIX_CERT_EXTENSIONS, 1 };
  273. /* Standard x.509 v3 CRL Extensions */
  274. static unsigned char x509CrlNumber[] = { ID_CE_OID, 20};
  275. static unsigned char x509ReasonCode[] = { ID_CE_OID, 21};
  276. static unsigned char x509InvalidDate[] = { ID_CE_OID, 24};
  278. /* pkcs 12 additions */
  279. static unsigned char pkcs12[] = { PKCS12 };
  280. static unsigned char pkcs12ModeIDs[] = { PKCS12_MODE_IDS };
  281. static unsigned char pkcs12ESPVKIDs[] = { PKCS12_ESPVK_IDS };
  282. static unsigned char pkcs12BagIDs[] = { PKCS12_BAG_IDS };
  283. static unsigned char pkcs12CertBagIDs[] = { PKCS12_CERT_BAG_IDS };
  284. static unsigned char pkcs12OIDs[] = { PKCS12_OIDS };
  285. static unsigned char pkcs12PBEIDs[] = { PKCS12_PBE_IDS };
  286. static unsigned char pkcs12EnvelopingIDs[] = { PKCS12_ENVELOPING_IDS };
  287. static unsigned char pkcs12SignatureIDs[] = { PKCS12_SIGNATURE_IDS };
  288. static unsigned char pkcs12PKCS8KeyShrouding[] = { PKCS12_ESPVK_IDS, 0x01 };
  289. static unsigned char pkcs12KeyBagID[] = { PKCS12_BAG_IDS, 0x01 };
  290. static unsigned char pkcs12CertAndCRLBagID[] = { PKCS12_BAG_IDS, 0x02 };
  291. static unsigned char pkcs12SecretBagID[] = { PKCS12_BAG_IDS, 0x03 };
  292. static unsigned char pkcs12X509CertCRLBag[] = { PKCS12_CERT_BAG_IDS, 0x01 };
  293. static unsigned char pkcs12SDSICertBag[] = { PKCS12_CERT_BAG_IDS, 0x02 };
  294. static unsigned char pkcs12PBEWithSha1And128BitRC4[] = { PKCS12_PBE_IDS, 0x01 };
  295. static unsigned char pkcs12PBEWithSha1And40BitRC4[] = { PKCS12_PBE_IDS, 0x02 };
  296. static unsigned char pkcs12PBEWithSha1AndTripleDESCBC[] = { PKCS12_PBE_IDS, 0x03 };
  297. static unsigned char pkcs12PBEWithSha1And128BitRC2CBC[] = { PKCS12_PBE_IDS, 0x04 };
  298. static unsigned char pkcs12PBEWithSha1And40BitRC2CBC[] = { PKCS12_PBE_IDS, 0x05 };
  299. static unsigned char pkcs12RSAEncryptionWith128BitRC4[] =
  300. { PKCS12_ENVELOPING_IDS, 0x01 };
  301. static unsigned char pkcs12RSAEncryptionWith40BitRC4[] = 
  302. { PKCS12_ENVELOPING_IDS, 0x02 };
  303. static unsigned char pkcs12RSAEncryptionWithTripleDES[] = 
  304. { PKCS12_ENVELOPING_IDS, 0x03 }; 
  305. static unsigned char pkcs12RSASignatureWithSHA1Digest[] =
  306. { PKCS12_SIGNATURE_IDS, 0x01 };
  307. static unsigned char ansix9DSASignature[] = { ANSI_X9_ALGORITHM, 0x01 };
  308. static unsigned char ansix9DSASignaturewithSHA1Digest[] =
  309. { ANSI_X9_ALGORITHM, 0x03 };
  310. static unsigned char bogusDSASignaturewithSHA1Digest[] =
  311.         { ALGORITHM, 0x1b };
  313. /* verisign OIDs */
  314. static unsigned char verisignUserNotices[] = { VERISIGN, 1, 7, 1, 1 };
  316. /* pkix OIDs */
  317. static unsigned char pkixCPSPointerQualifier[] = { PKIX_POLICY_QUALIFIERS, 1 };
  318. static unsigned char pkixUserNoticeQualifier[] = { PKIX_POLICY_QUALIFIERS, 2 };
  320. static unsigned char pkixOCSP[] = { PKIX_OCSP };
  321. static unsigned char pkixOCSPBasicResponse[] = { PKIX_OCSP, 1 };
  322. static unsigned char pkixOCSPNonce[] = { PKIX_OCSP, 2 };
  323. static unsigned char pkixOCSPCRL[] = { PKIX_OCSP, 3 };
  324. static unsigned char pkixOCSPResponse[] = { PKIX_OCSP, 4 };
  325. static unsigned char pkixOCSPNoCheck[] = { PKIX_OCSP, 5 };
  326. static unsigned char pkixOCSPArchiveCutoff[] = { PKIX_OCSP, 6 };
  327. static unsigned char pkixOCSPServiceLocator[] = { PKIX_OCSP, 7 };
  329. static unsigned char pkixRegCtrlRegToken[]       = { PKIX_ID_REGCTRL, 1};
  330. static unsigned char pkixRegCtrlAuthenticator[]  = { PKIX_ID_REGCTRL, 2};
  331. static unsigned char pkixRegCtrlPKIPubInfo[]     = { PKIX_ID_REGCTRL, 3};
  332. static unsigned char pkixRegCtrlPKIArchOptions[] = { PKIX_ID_REGCTRL, 4};
  333. static unsigned char pkixRegCtrlOldCertID[]      = { PKIX_ID_REGCTRL, 5};
  334. static unsigned char pkixRegCtrlProtEncKey[]     = { PKIX_ID_REGCTRL, 6};
  335. static unsigned char pkixRegInfoUTF8Pairs[]      = { PKIX_ID_REGINFO, 1};
  336. static unsigned char pkixRegInfoCertReq[]        = { PKIX_ID_REGINFO, 2};
  338. static unsigned char pkixExtendedKeyUsageServerAuth[] = 
  339.         { PKIX_KEY_USAGE, 1 };
  340. static unsigned char pkixExtendedKeyUsageClientAuth[] = 
  341.         { PKIX_KEY_USAGE, 2 };
  342. static unsigned char pkixExtendedKeyUsageCodeSign[] = 
  343.         { PKIX_KEY_USAGE, 3 };
  344. static unsigned char pkixExtendedKeyUsageEMailProtect[] = 
  345.         { PKIX_KEY_USAGE, 4 };
  346. static unsigned char pkixExtendedKeyUsageTimeStamp[] = 
  347.         { PKIX_KEY_USAGE, 8 };
  348. static unsigned char pkixOCSPResponderExtendedKeyUsage[] = 
  349.         { PKIX_KEY_USAGE, 9 };
  351. /* OIDs for Netscape defined algorithms */
  352. static unsigned char netscapeSMimeKEA[] = { NETSCAPE_ALGS, 0x01 };
  354. /* pkcs 12 version 1.0 ids */
  355. static unsigned char pkcs12V2PBEWithSha1And128BitRC4[] = { PKCS12_V2_PBE_IDS, 0x01 };
  356. static unsigned char pkcs12V2PBEWithSha1And40BitRC4[] = { PKCS12_V2_PBE_IDS, 0x02 };
  357. static unsigned char pkcs12V2PBEWithSha1And3KeyTripleDEScbc[] = { PKCS12_V2_PBE_IDS, 0x03 };
  358. static unsigned char pkcs12V2PBEWithSha1And2KeyTripleDEScbc[] = { PKCS12_V2_PBE_IDS, 0x04 };
  359. static unsigned char pkcs12V2PBEWithSha1And128BitRC2cbc[] = { PKCS12_V2_PBE_IDS, 0x05 };
  360. static unsigned char pkcs12V2PBEWithSha1And40BitRC2cbc[] = { PKCS12_V2_PBE_IDS, 0x06 };
  362. static unsigned char pkcs12SafeContentsID[] = {PKCS12_BAG_IDS, 0x04 };
  363. static unsigned char pkcs12PKCS8ShroudedKeyBagID[] = { PKCS12_BAG_IDS, 0x05 };
  365. static unsigned char pkcs12V1KeyBag[] = { PKCS12_V1_BAG_IDS, 0x01 };
  366. static unsigned char pkcs12V1PKCS8ShroudedKeyBag[] = { PKCS12_V1_BAG_IDS, 0x02 };
  367. static unsigned char pkcs12V1CertBag[] = { PKCS12_V1_BAG_IDS, 0x03 };
  368. static unsigned char pkcs12V1CRLBag[] = { PKCS12_V1_BAG_IDS, 0x04 };
  369. static unsigned char pkcs12V1SecretBag[] = { PKCS12_V1_BAG_IDS, 0x05 };
  370. static unsigned char pkcs12V1SafeContentsBag[] = { PKCS12_V1_BAG_IDS, 0x06 };
  372. static unsigned char pkcs9X509Certificate[] = { PKCS9_CERT_TYPES, 1 };
  373. static unsigned char pkcs9SDSICertificate[] = { PKCS9_CERT_TYPES, 2 };
  374. static unsigned char pkcs9X509CRL[] = { PKCS9_CRL_TYPES, 1 };
  375. static unsigned char pkcs9FriendlyName[] = { PKCS9, 20 };
  376. static unsigned char pkcs9LocalKeyID[] = { PKCS9, 21 };
  377. static unsigned char pkcs12KeyUsageAttr[] = { 2, 5, 29, 15 };
  379. /* Fortezza algorithm OIDs */
  380. static unsigned char skipjackCBC[] = { FORTEZZA_ALG, 0x04 };
  381. static unsigned char dhPublicKey[] = { ANSI_X942_ALGORITHM, 0x1 };
  383. /* Netscape other name types */
  384. static unsigned char netscapeNickname[] = { NETSCAPE_NAME_COMPONENTS, 0x01};
  386. /* OIDs needed for cert server */
  387. static unsigned char netscapeRecoveryRequest[] = 
  388.                                         { NETSCAPE_CERT_SERVER_CRMF, 0x01 };
  390. /* RFC2630 (CMS) OIDs */
  391. static unsigned char cmsESDH[] = { PKCS9_SMIME_ALGS, 5 };
  392. static unsigned char cms3DESwrap[] = { PKCS9_SMIME_ALGS, 6 };
  393. static unsigned char cmsRC2wrap[] = { PKCS9_SMIME_ALGS, 7 };
  395. /* RFC2633 SMIME message attributes */
  396. static unsigned char smimeEncryptionKeyPreference[] = { PKCS9_SMIME_ATTRS, 11 };
  398. /*
  399.  * NOTE: the order of these entries must mach the SECOidTag enum in secoidt.h!
  400.  */
  401. static SECOidData oids[] = {
  402.     { { siDEROID, NULL, 0 },
  403.   SEC_OID_UNKNOWN,
  404.   "Unknown OID", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  405.     { { siDEROID, md2, sizeof(md2) },
  406.   SEC_OID_MD2,
  407.   "MD2", CKM_MD2, INVALID_CERT_EXTENSION },
  408.     { { siDEROID, md4, sizeof(md4) },
  409.   SEC_OID_MD4,
  410.   "MD4", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  411.     { { siDEROID, md5, sizeof(md5) },
  412.   SEC_OID_MD5,
  413.   "MD5", CKM_MD5, INVALID_CERT_EXTENSION },
  414.     { { siDEROID, sha1, sizeof(sha1) },
  415.   SEC_OID_SHA1,
  416.   "SHA-1", CKM_SHA_1, INVALID_CERT_EXTENSION },
  417.     { { siDEROID, rc2cbc, sizeof(rc2cbc) },
  418.   SEC_OID_RC2_CBC,
  419.   "RC2-CBC", CKM_RC2_CBC, INVALID_CERT_EXTENSION },
  420.     { { siDEROID, rc4, sizeof(rc4) },
  421.   SEC_OID_RC4,
  422.   "RC4", CKM_RC4, INVALID_CERT_EXTENSION },
  423.     { { siDEROID, desede3cbc, sizeof(desede3cbc) },
  424.   SEC_OID_DES_EDE3_CBC,
  425.   "DES-EDE3-CBC", CKM_DES3_CBC, INVALID_CERT_EXTENSION },
  426.     { { siDEROID, rc5cbcpad, sizeof(rc5cbcpad) },
  427.   SEC_OID_RC5_CBC_PAD,
  428.   "RC5-CBCPad", CKM_RC5_CBC, INVALID_CERT_EXTENSION },
  429.     { { siDEROID, desecb, sizeof(desecb) },
  430.   SEC_OID_DES_ECB,
  431.   "DES-ECB", CKM_DES_ECB, INVALID_CERT_EXTENSION },
  432.     { { siDEROID, descbc, sizeof(descbc) },
  433.   SEC_OID_DES_CBC,
  434.   "DES-CBC", CKM_DES_CBC, INVALID_CERT_EXTENSION },
  435.     { { siDEROID, desofb, sizeof(desofb) },
  436.   SEC_OID_DES_OFB,
  437.   "DES-OFB", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  438.     { { siDEROID, descfb, sizeof(descfb) },
  439.   SEC_OID_DES_CFB,
  440.   "DES-CFB", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  441.     { { siDEROID, desmac, sizeof(desmac) },
  442.   SEC_OID_DES_MAC,
  443.   "DES-MAC", CKM_DES_MAC, INVALID_CERT_EXTENSION },
  444.     { { siDEROID, desede, sizeof(desede) },
  445.   SEC_OID_DES_EDE,
  446.   "DES-EDE", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  447.     { { siDEROID, isoSHAWithRSASignature, sizeof(isoSHAWithRSASignature) },
  448.   SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE,
  449.   "ISO SHA with RSA Signature", CKM_INVALID_MECHANISM,
  450.   INVALID_CERT_EXTENSION },
  451.     { { siDEROID, pkcs1RSAEncryption, sizeof(pkcs1RSAEncryption) },
  452.   SEC_OID_PKCS1_RSA_ENCRYPTION,
  453.   "PKCS #1 RSA Encryption", CKM_RSA_PKCS, INVALID_CERT_EXTENSION },
  455.     /* the following Signing mechanisms should get new CKM_ values when
  456.      * values for CKM_RSA_WITH_MDX and CKM_RSA_WITH_SHA_1 get defined in
  457.      * PKCS #11.
  458.      */
  459.     { { siDEROID, pkcs1MD2WithRSAEncryption, sizeof(pkcs1MD2WithRSAEncryption) },
  460.   SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION,
  461.   "PKCS #1 MD2 With RSA Encryption", CKM_MD2_RSA_PKCS,
  462.   INVALID_CERT_EXTENSION },
  463.     { { siDEROID, pkcs1MD4WithRSAEncryption, sizeof(pkcs1MD4WithRSAEncryption) },
  464.   SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION,
  465.   "PKCS #1 MD4 With RSA Encryption", CKM_INVALID_MECHANISM,
  466.   INVALID_CERT_EXTENSION },
  467.     { { siDEROID, pkcs1MD5WithRSAEncryption, sizeof(pkcs1MD5WithRSAEncryption) },
  468.   SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION,
  469.   "PKCS #1 MD5 With RSA Encryption", CKM_MD5_RSA_PKCS,
  470.   INVALID_CERT_EXTENSION },
  471.     { { siDEROID, pkcs1SHA1WithRSAEncryption, sizeof(pkcs1SHA1WithRSAEncryption) },
  472.   SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION,
  473.   "PKCS #1 SHA-1 With RSA Encryption", CKM_SHA1_RSA_PKCS,
  474.   INVALID_CERT_EXTENSION },
  476.     { { siDEROID, pkcs5PbeWithMD2AndDEScbc, sizeof(pkcs5PbeWithMD2AndDEScbc) },
  477.   SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC,
  478.   "PKCS #5 Password Based Encryption with MD2 and DES CBC",
  479.   CKM_PBE_MD2_DES_CBC, INVALID_CERT_EXTENSION },
  480.     { { siDEROID, pkcs5PbeWithMD5AndDEScbc, sizeof(pkcs5PbeWithMD5AndDEScbc) },
  481.   SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC,
  482.   "PKCS #5 Password Based Encryption with MD5 and DES CBC",
  483.   CKM_PBE_MD5_DES_CBC, INVALID_CERT_EXTENSION },
  484.     { { siDEROID, pkcs5PbeWithSha1AndDEScbc,
  485.   sizeof(pkcs5PbeWithSha1AndDEScbc) },
  486.           SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC,
  487.   "PKCS #5 Password Based Encryption with SHA1 and DES CBC", 
  488.   CKM_NETSCAPE_PBE_SHA1_DES_CBC, INVALID_CERT_EXTENSION },
  489.     { { siDEROID, pkcs7, sizeof(pkcs7) },
  490.   SEC_OID_PKCS7,
  491.   "PKCS #7", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  492.     { { siDEROID, pkcs7Data, sizeof(pkcs7Data) },
  493.   SEC_OID_PKCS7_DATA,
  494.   "PKCS #7 Data", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  495.     { { siDEROID, pkcs7SignedData, sizeof(pkcs7SignedData) },
  496.   SEC_OID_PKCS7_SIGNED_DATA,
  497.   "PKCS #7 Signed Data", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  498.     { { siDEROID, pkcs7EnvelopedData, sizeof(pkcs7EnvelopedData) },
  499.   SEC_OID_PKCS7_ENVELOPED_DATA,
  500.   "PKCS #7 Enveloped Data", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  501.     { { siDEROID, pkcs7SignedEnvelopedData, sizeof(pkcs7SignedEnvelopedData) },
  502.   SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA,
  503.   "PKCS #7 Signed And Enveloped Data", CKM_INVALID_MECHANISM,
  504.   INVALID_CERT_EXTENSION },
  505.     { { siDEROID, pkcs7DigestedData, sizeof(pkcs7DigestedData) },
  506.   SEC_OID_PKCS7_DIGESTED_DATA,
  507.   "PKCS #7 Digested Data", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  508.     { { siDEROID, pkcs7EncryptedData, sizeof(pkcs7EncryptedData) },
  509.   SEC_OID_PKCS7_ENCRYPTED_DATA,
  510.   "PKCS #7 Encrypted Data", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  511.     { { siDEROID, pkcs9EmailAddress, sizeof(pkcs9EmailAddress) },
  512.   SEC_OID_PKCS9_EMAIL_ADDRESS,
  513.   "PKCS #9 Email Address", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  514.     { { siDEROID, pkcs9UnstructuredName, sizeof(pkcs9UnstructuredName) },
  515.   SEC_OID_PKCS9_UNSTRUCTURED_NAME,
  516.   "PKCS #9 Unstructured Name", CKM_INVALID_MECHANISM,
  517.   INVALID_CERT_EXTENSION },
  518.     { { siDEROID, pkcs9ContentType, sizeof(pkcs9ContentType) },
  519.   SEC_OID_PKCS9_CONTENT_TYPE,
  520.   "PKCS #9 Content Type", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  521.     { { siDEROID, pkcs9MessageDigest, sizeof(pkcs9MessageDigest) },
  522.   SEC_OID_PKCS9_MESSAGE_DIGEST,
  523.   "PKCS #9 Message Digest", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  524.     { { siDEROID, pkcs9SigningTime, sizeof(pkcs9SigningTime) },
  525.   SEC_OID_PKCS9_SIGNING_TIME,
  526.   "PKCS #9 Signing Time", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  527.     { { siDEROID, pkcs9CounterSignature, sizeof(pkcs9CounterSignature) },
  528.   SEC_OID_PKCS9_COUNTER_SIGNATURE,
  529.   "PKCS #9 Counter Signature", CKM_INVALID_MECHANISM,
  530.   INVALID_CERT_EXTENSION },
  531.     { { siDEROID, pkcs9ChallengePassword, sizeof(pkcs9ChallengePassword) },
  532.   SEC_OID_PKCS9_CHALLENGE_PASSWORD,
  533.   "PKCS #9 Challenge Password", CKM_INVALID_MECHANISM,
  534.   INVALID_CERT_EXTENSION },
  535.     { { siDEROID, pkcs9UnstructuredAddress, sizeof(pkcs9UnstructuredAddress) },
  536.   SEC_OID_PKCS9_UNSTRUCTURED_ADDRESS,
  537.   "PKCS #9 Unstructured Address", CKM_INVALID_MECHANISM,
  538.   INVALID_CERT_EXTENSION },
  539.     { { siDEROID, pkcs9ExtendedCertificateAttributes,
  540.           sizeof(pkcs9ExtendedCertificateAttributes) },
  541.   SEC_OID_PKCS9_EXTENDED_CERTIFICATE_ATTRIBUTES,
  542.   "PKCS #9 Extended Certificate Attributes", CKM_INVALID_MECHANISM,
  543.   INVALID_CERT_EXTENSION },
  544.     { { siDEROID, pkcs9SMIMECapabilities,
  545.           sizeof(pkcs9SMIMECapabilities) },
  546.   SEC_OID_PKCS9_SMIME_CAPABILITIES,
  547.   "PKCS #9 S/MIME Capabilities", CKM_INVALID_MECHANISM,
  548.   INVALID_CERT_EXTENSION },
  549.     { { siDEROID, x520CommonName,
  550.   sizeof(x520CommonName) },
  551.   SEC_OID_AVA_COMMON_NAME,
  552.   "X520 Common Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  553.     { { siDEROID, x520CountryName,
  554.   sizeof(x520CountryName) },
  555.   SEC_OID_AVA_COUNTRY_NAME,
  556.   "X520 Country Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  557.     { { siDEROID, x520LocalityName,
  558.   sizeof(x520LocalityName) },
  559.   SEC_OID_AVA_LOCALITY,
  560.   "X520 Locality Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  561.     { { siDEROID, x520StateOrProvinceName,
  562.   sizeof(x520StateOrProvinceName) },
  563.   SEC_OID_AVA_STATE_OR_PROVINCE,
  564.   "X520 State Or Province Name", CKM_INVALID_MECHANISM,
  565.   INVALID_CERT_EXTENSION },
  566.     { { siDEROID, x520OrgName,
  567.   sizeof(x520OrgName) },
  568.   SEC_OID_AVA_ORGANIZATION_NAME,
  569.   "X520 Organization Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  570.     { { siDEROID, x520OrgUnitName,
  571.   sizeof(x520OrgUnitName) },
  572.   SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME,
  573.   "X520 Organizational Unit Name", CKM_INVALID_MECHANISM,
  574.   INVALID_CERT_EXTENSION },
  575.     { { siDEROID, x520DnQualifier,
  576.   sizeof(x520DnQualifier) },
  577.   SEC_OID_AVA_DN_QUALIFIER,
  578.   "X520 DN Qualifier", CKM_INVALID_MECHANISM,
  579.   INVALID_CERT_EXTENSION },
  580.     { { siDEROID, rfc2247DomainComponent,
  581.   sizeof(rfc2247DomainComponent), },
  582.   SEC_OID_AVA_DC,
  583.   "RFC 2247 Domain Component", CKM_INVALID_MECHANISM,
  584.   INVALID_CERT_EXTENSION },
  586.     { { siDEROID, nsTypeGIF,
  587.   sizeof(nsTypeGIF) },
  588.   SEC_OID_NS_TYPE_GIF,
  589.   "GIF", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  590.     { { siDEROID, nsTypeJPEG,
  591.   sizeof(nsTypeJPEG) },
  592.   SEC_OID_NS_TYPE_JPEG,
  593.   "JPEG", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  594.     { { siDEROID, nsTypeURL,
  595.   sizeof(nsTypeURL) },
  596.   SEC_OID_NS_TYPE_URL,
  597.   "URL", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  598.     { { siDEROID, nsTypeHTML,
  599.   sizeof(nsTypeHTML) },
  600.   SEC_OID_NS_TYPE_HTML,
  601.   "HTML", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  602.     { { siDEROID, nsTypeCertSeq,
  603.   sizeof(nsTypeCertSeq) },
  604.   SEC_OID_NS_TYPE_CERT_SEQUENCE,
  605.   "Certificate Sequence", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  606.     { { siDEROID, missiCertKEADSSOld, sizeof(missiCertKEADSSOld) },
  607.           SEC_OID_MISSI_KEA_DSS_OLD, "MISSI KEA and DSS Algorithm (Old)",
  608.   CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION},
  609.     { { siDEROID, missiCertDSSOld, sizeof(missiCertDSSOld) },
  610.           SEC_OID_MISSI_DSS_OLD, "MISSI DSS Algorithm (Old)",
  611.   CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION  },
  612.     { { siDEROID, missiCertKEADSS, sizeof(missiCertKEADSS) },
  613.           SEC_OID_MISSI_KEA_DSS, "MISSI KEA and DSS Algorithm",
  614.   CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION  },
  615.     { { siDEROID, missiCertDSS, sizeof(missiCertDSS) },
  616.           SEC_OID_MISSI_DSS, "MISSI DSS Algorithm",
  617.   CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION  },
  618.     { { siDEROID, missiCertKEA, sizeof(missiCertKEA) },
  619.           SEC_OID_MISSI_KEA, "MISSI KEA Algorithm",
  620.   CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION  },
  621.     { { siDEROID, missiCertAltKEA, sizeof(missiCertAltKEA) },
  622.           SEC_OID_MISSI_ALT_KEA, "MISSI Alternate KEA Algorithm",
  623.           CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION  },
  625.     /* Netscape private extensions */
  626.     { { siDEROID, nsCertExtNetscapeOK,
  627.   sizeof(nsCertExtNetscapeOK) },
  628.   SEC_OID_NS_CERT_EXT_NETSCAPE_OK,
  629.   "Netscape says this cert is OK",
  630.   CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION },
  631.     { { siDEROID, nsCertExtIssuerLogo,
  632.   sizeof(nsCertExtIssuerLogo) },
  633.   SEC_OID_NS_CERT_EXT_ISSUER_LOGO,
  634.   "Certificate Issuer Logo",
  635.   CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION },
  636.     { { siDEROID, nsCertExtSubjectLogo,
  637.   sizeof(nsCertExtSubjectLogo) },
  638.   SEC_OID_NS_CERT_EXT_SUBJECT_LOGO,
  639.   "Certificate Subject Logo",
  640.   CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION },
  641.     { { siDEROID, nsExtCertType,
  642.   sizeof(nsExtCertType) },
  643.   SEC_OID_NS_CERT_EXT_CERT_TYPE,
  644.   "Certificate Type",
  645.   CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION },
  646.     { { siDEROID, nsExtBaseURL,
  647.   sizeof(nsExtBaseURL) },
  648.   SEC_OID_NS_CERT_EXT_BASE_URL,
  649.   "Certificate Extension Base URL",
  650.   CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION },
  651.     { { siDEROID, nsExtRevocationURL,
  652.   sizeof(nsExtRevocationURL) },
  653.   SEC_OID_NS_CERT_EXT_REVOCATION_URL,
  654.   "Certificate Revocation URL",
  655.   CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION },
  656.     { { siDEROID, nsExtCARevocationURL,
  657.   sizeof(nsExtCARevocationURL) },
  658.   SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL,
  659.   "Certificate Authority Revocation URL",
  660.   CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION },
  661.     { { siDEROID, nsExtCACRLURL,
  662.   sizeof(nsExtCACRLURL) },
  663.   SEC_OID_NS_CERT_EXT_CA_CRL_URL,
  664.   "Certificate Authority CRL Download URL",
  665.   CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION },
  666.     { { siDEROID, nsExtCACertURL,
  667.   sizeof(nsExtCACertURL) },
  668.   SEC_OID_NS_CERT_EXT_CA_CERT_URL,
  669.   "Certificate Authority Certificate Download URL",
  670.   CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION },
  671.     { { siDEROID, nsExtCertRenewalURL,
  672.   sizeof(nsExtCertRenewalURL) },
  673.   SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL,
  674.   "Certificate Renewal URL", CKM_INVALID_MECHANISM,
  675.           SUPPORTED_CERT_EXTENSION }, 
  676.     { { siDEROID, nsExtCAPolicyURL,
  677.   sizeof(nsExtCAPolicyURL) },
  678.   SEC_OID_NS_CERT_EXT_CA_POLICY_URL,
  679.   "Certificate Authority Policy URL",
  680.   CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION },
  681.     { { siDEROID, nsExtHomepageURL,
  682.   sizeof(nsExtHomepageURL) },
  683.   SEC_OID_NS_CERT_EXT_HOMEPAGE_URL,
  684.   "Certificate Homepage URL", CKM_INVALID_MECHANISM,
  685.   UNSUPPORTED_CERT_EXTENSION },
  686.     { { siDEROID, nsExtEntityLogo,
  687.   sizeof(nsExtEntityLogo) },
  688.   SEC_OID_NS_CERT_EXT_ENTITY_LOGO,
  689.   "Certificate Entity Logo", CKM_INVALID_MECHANISM,
  690.   UNSUPPORTED_CERT_EXTENSION },
  691.     { { siDEROID, nsExtUserPicture,
  692.   sizeof(nsExtUserPicture) },
  693.   SEC_OID_NS_CERT_EXT_USER_PICTURE,
  694.   "Certificate User Picture", CKM_INVALID_MECHANISM,
  695.   UNSUPPORTED_CERT_EXTENSION },
  696.     { { siDEROID, nsExtSSLServerName,
  697.   sizeof(nsExtSSLServerName) },
  698.   SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME,
  699.   "Certificate SSL Server Name", CKM_INVALID_MECHANISM,
  700.   SUPPORTED_CERT_EXTENSION },
  701.     { { siDEROID, nsExtComment,
  702.   sizeof(nsExtComment) },
  703.   SEC_OID_NS_CERT_EXT_COMMENT,
  704.   "Certificate Comment", CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION },
  705.     { { siDEROID, nsExtLostPasswordURL,
  706.           sizeof(nsExtLostPasswordURL) },
  707.           SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL,
  708.           "Lost Password URL", CKM_INVALID_MECHANISM,
  709.           SUPPORTED_CERT_EXTENSION },
  710.     { { siDEROID, nsExtCertRenewalTime, 
  711. sizeof(nsExtCertRenewalTime) },
  712. SEC_OID_NS_CERT_EXT_CERT_RENEWAL_TIME, 
  713. "Certificate Renewal Time", CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION },
  714.     { { siDEROID, nsKeyUsageGovtApproved,
  715.   sizeof(nsKeyUsageGovtApproved) },
  716.   SEC_OID_NS_KEY_USAGE_GOVT_APPROVED,
  717.   "Strong Crypto Export Approved",
  718.   CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION },
  721.     /* x.509 v3 certificate extensions */
  722.     { { siDEROID, x509SubjectDirectoryAttr, sizeof(x509SubjectDirectoryAttr) },
  723.   SEC_OID_X509_SUBJECT_DIRECTORY_ATTR,
  724.   "Certificate Subject Directory Attributes",
  725.   CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION},
  726.     { { siDEROID, x509SubjectKeyID, sizeof(x509SubjectKeyID) },
  727.   SEC_OID_X509_SUBJECT_KEY_ID, "Certificate Subject Key ID",
  728.   CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION },
  729.     { { siDEROID, x509KeyUsage, sizeof(x509KeyUsage) },
  730.   SEC_OID_X509_KEY_USAGE, "Certificate Key Usage",
  731.   CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION },
  732.     { { siDEROID, x509PrivateKeyUsagePeriod,
  733.   sizeof(x509PrivateKeyUsagePeriod) },
  734.   SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD,
  735.   "Certificate Private Key Usage Period",
  736.           CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION },
  737.     { { siDEROID, x509SubjectAltName, sizeof(x509SubjectAltName) },
  738.   SEC_OID_X509_SUBJECT_ALT_NAME, "Certificate Subject Alt Name",
  739.           CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION },
  740.     { { siDEROID, x509IssuerAltName, sizeof(x509IssuerAltName) },
  741.   SEC_OID_X509_ISSUER_ALT_NAME, "Certificate Issuer Alt Name",
  742.           CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION },
  743.     { { siDEROID, x509BasicConstraints, sizeof(x509BasicConstraints) },
  744.   SEC_OID_X509_BASIC_CONSTRAINTS, "Certificate Basic Constraints",
  745.   CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION },
  746.     { { siDEROID, x509NameConstraints, sizeof(x509NameConstraints) },
  747.   SEC_OID_X509_NAME_CONSTRAINTS, "Certificate Name Constraints",
  748.   CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION },
  749.     { { siDEROID, x509CRLDistPoints, sizeof(x509CRLDistPoints) },
  750.   SEC_OID_X509_CRL_DIST_POINTS, "CRL Distribution Points",
  751.   CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION },
  752.     { { siDEROID, x509CertificatePolicies, sizeof(x509CertificatePolicies) },
  753.   SEC_OID_X509_CERTIFICATE_POLICIES,
  754.   "Certificate Policies",
  755.           CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION },
  756.     { { siDEROID, x509PolicyMappings, sizeof(x509PolicyMappings) },
  757.   SEC_OID_X509_POLICY_MAPPINGS, "Certificate Policy Mappings",
  758.           CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION },
  759.     { { siDEROID, x509PolicyConstraints, sizeof(x509PolicyConstraints) },
  760.   SEC_OID_X509_POLICY_CONSTRAINTS, "Certificate Policy Constraints",
  761.           CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION },
  762.     { { siDEROID, x509AuthKeyID, sizeof(x509AuthKeyID) },
  763.   SEC_OID_X509_AUTH_KEY_ID, "Certificate Authority Key Identifier",
  764.   CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION },
  765.     { { siDEROID, x509ExtKeyUsage, sizeof(x509ExtKeyUsage) },
  766.   SEC_OID_X509_EXT_KEY_USAGE, "Extended Key Usage",
  767.   CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION },
  768.     { { siDEROID, x509AuthInfoAccess, sizeof(x509AuthInfoAccess) },
  769.           SEC_OID_X509_AUTH_INFO_ACCESS, "Authority Information Access",
  770.           CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION },
  772.     /* x.509 v3 CRL extensions */
  773.     { { siDEROID, x509CrlNumber, sizeof(x509CrlNumber) },
  774.   SEC_OID_X509_CRL_NUMBER, "CRL Number", CKM_INVALID_MECHANISM,
  775.   SUPPORTED_CERT_EXTENSION },
  776.     { { siDEROID, x509ReasonCode, sizeof(x509ReasonCode) },
  777.   SEC_OID_X509_REASON_CODE, "CRL reason code", CKM_INVALID_MECHANISM,
  778.   SUPPORTED_CERT_EXTENSION },
  779.     { { siDEROID, x509InvalidDate, sizeof(x509InvalidDate) },
  780.   SEC_OID_X509_INVALID_DATE, "Invalid Date", CKM_INVALID_MECHANISM,
  781.   SUPPORTED_CERT_EXTENSION },
  782.   
  783.     { { siDEROID, x500RSAEncryption, sizeof(x500RSAEncryption) },
  784.   SEC_OID_X500_RSA_ENCRYPTION,
  785.   "X500 RSA Encryption", CKM_RSA_X_509, INVALID_CERT_EXTENSION },
  787.     /* added for alg 1485 */
  788.     { { siDEROID, rfc1274Uid,
  789.   sizeof(rfc1274Uid) },
  790.   SEC_OID_RFC1274_UID,
  791.   "RFC1274 User Id", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  792.     { { siDEROID, rfc1274Mail,
  793.   sizeof(rfc1274Uid) },
  794.   SEC_OID_RFC1274_MAIL,
  795.   "RFC1274 E-mail Address", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  797.     /* pkcs 12 additions */
  798.     { { siDEROID, pkcs12, sizeof(pkcs12) },
  799.   SEC_OID_PKCS12,
  800.   "PKCS #12", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  801.     { { siDEROID, pkcs12ModeIDs, sizeof(pkcs12ModeIDs) },
  802.   SEC_OID_PKCS12_MODE_IDS,
  803.   "PKCS #12 Mode IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  804.     { { siDEROID, pkcs12ESPVKIDs, sizeof(pkcs12ESPVKIDs) },
  805.   SEC_OID_PKCS12_ESPVK_IDS,
  806.   "PKCS #12 ESPVK IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  807.     { { siDEROID, pkcs12BagIDs, sizeof(pkcs12BagIDs) },
  808.   SEC_OID_PKCS12_BAG_IDS,
  809.   "PKCS #12 Bag IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  810.     { { siDEROID, pkcs12CertBagIDs, sizeof(pkcs12CertBagIDs) },
  811.   SEC_OID_PKCS12_CERT_BAG_IDS,
  812.   "PKCS #12 Cert Bag IDs", CKM_INVALID_MECHANISM,
  813.   INVALID_CERT_EXTENSION },
  814.     { { siDEROID, pkcs12OIDs, sizeof(pkcs12OIDs) },
  815.   SEC_OID_PKCS12_OIDS,
  816.   "PKCS #12 OIDs", CKM_INVALID_MECHANISM,
  817.   INVALID_CERT_EXTENSION },
  818.     { { siDEROID, pkcs12PBEIDs, sizeof(pkcs12PBEIDs) },
  819.   SEC_OID_PKCS12_PBE_IDS,
  820.   "PKCS #12 PBE IDs", CKM_INVALID_MECHANISM,
  821.   INVALID_CERT_EXTENSION },
  822.     { { siDEROID, pkcs12SignatureIDs, sizeof(pkcs12SignatureIDs) },
  823.   SEC_OID_PKCS12_SIGNATURE_IDS,
  824.   "PKCS #12 Signature IDs", CKM_INVALID_MECHANISM,
  825.   INVALID_CERT_EXTENSION },
  826.     { { siDEROID, pkcs12EnvelopingIDs, sizeof(pkcs12EnvelopingIDs) },
  827.   SEC_OID_PKCS12_ENVELOPING_IDS,
  828.   "PKCS #12 Enveloping IDs", CKM_INVALID_MECHANISM,
  829.   INVALID_CERT_EXTENSION },
  830.     { { siDEROID, pkcs12PKCS8KeyShrouding, 
  831.      sizeof(pkcs12PKCS8KeyShrouding) },
  832.   SEC_OID_PKCS12_PKCS8_KEY_SHROUDING,
  833.   "PKCS #12 Key Shrouding", CKM_INVALID_MECHANISM,
  834.   INVALID_CERT_EXTENSION },
  835.     { { siDEROID, pkcs12KeyBagID, 
  836.      sizeof(pkcs12KeyBagID) },
  837.   SEC_OID_PKCS12_KEY_BAG_ID,
  838.   "PKCS #12 Key Bag ID", CKM_INVALID_MECHANISM,
  839.   INVALID_CERT_EXTENSION },
  840.     { { siDEROID, pkcs12CertAndCRLBagID, 
  841.      sizeof(pkcs12CertAndCRLBagID) },
  842.   SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID,
  843.   "PKCS #12 Cert And CRL Bag ID", CKM_INVALID_MECHANISM,
  844.   INVALID_CERT_EXTENSION },
  845.     { { siDEROID, pkcs12SecretBagID, 
  846.      sizeof(pkcs12SecretBagID) },
  847.   SEC_OID_PKCS12_SECRET_BAG_ID,
  848.   "PKCS #12 Secret Bag ID", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  849.     { { siDEROID, pkcs12X509CertCRLBag, 
  850.      sizeof(pkcs12X509CertCRLBag) },
  851.   SEC_OID_PKCS12_X509_CERT_CRL_BAG,
  852.   "PKCS #12 X509 Cert CRL Bag", CKM_INVALID_MECHANISM,
  853.   INVALID_CERT_EXTENSION },
  854.     { { siDEROID, pkcs12SDSICertBag, 
  855.      sizeof(pkcs12SDSICertBag) },
  856.   SEC_OID_PKCS12_SDSI_CERT_BAG,
  857.   "PKCS #12 SDSI Cert Bag", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  858.     { { siDEROID, pkcs12PBEWithSha1And128BitRC4, 
  859.      sizeof(pkcs12PBEWithSha1And128BitRC4) },
  860.   SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4,
  861.   "PKCS #12 PBE With Sha1 and 128 Bit RC4", 
  862.   CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4, INVALID_CERT_EXTENSION },
  863.     { { siDEROID, pkcs12PBEWithSha1And40BitRC4, 
  864.      sizeof(pkcs12PBEWithSha1And40BitRC4) },
  865.   SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4,
  866.   "PKCS #12 PBE With Sha1 and 40 Bit RC4", 
  867.   CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4, INVALID_CERT_EXTENSION },
  868.     { { siDEROID, pkcs12PBEWithSha1AndTripleDESCBC, 
  869.      sizeof(pkcs12PBEWithSha1AndTripleDESCBC) },
  870.   SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC,
  871.   "PKCS #12 PBE With Sha1 and Triple DES CBC", 
  872.   CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC, INVALID_CERT_EXTENSION },
  873.     { { siDEROID, pkcs12PBEWithSha1And128BitRC2CBC, 
  874.      sizeof(pkcs12PBEWithSha1And128BitRC2CBC) },
  875.   SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC,
  876.   "PKCS #12 PBE With Sha1 and 128 Bit RC2 CBC", 
  877.   CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC, INVALID_CERT_EXTENSION },
  878.     { { siDEROID, pkcs12PBEWithSha1And40BitRC2CBC, 
  879.      sizeof(pkcs12PBEWithSha1And40BitRC2CBC) },
  880.   SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC,
  881.   "PKCS #12 PBE With Sha1 and 40 Bit RC2 CBC", 
  882.   CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC, INVALID_CERT_EXTENSION },
  883.     { { siDEROID, pkcs12RSAEncryptionWith128BitRC4, 
  884.      sizeof(pkcs12RSAEncryptionWith128BitRC4) },
  885.   SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_128_BIT_RC4,
  886.   "PKCS #12 RSA Encryption with 128 Bit RC4",
  887.   CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  888.     { { siDEROID, pkcs12RSAEncryptionWith40BitRC4, 
  889.      sizeof(pkcs12RSAEncryptionWith40BitRC4) },
  890.   SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_40_BIT_RC4,
  891.   "PKCS #12 RSA Encryption with 40 Bit RC4",
  892.   CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  893.     { { siDEROID, pkcs12RSAEncryptionWithTripleDES, 
  894.      sizeof(pkcs12RSAEncryptionWithTripleDES) },
  895.   SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_TRIPLE_DES,
  896.   "PKCS #12 RSA Encryption with Triple DES",
  897.   CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  898.     { { siDEROID, pkcs12RSASignatureWithSHA1Digest, 
  899.      sizeof(pkcs12RSASignatureWithSHA1Digest) },
  900.   SEC_OID_PKCS12_RSA_SIGNATURE_WITH_SHA1_DIGEST,
  901.   "PKCS #12 RSA Encryption with Triple DES",
  902.   CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  904.     /* DSA signatures */
  905.     { { siDEROID, ansix9DSASignature, sizeof(ansix9DSASignature) },
  906.         SEC_OID_ANSIX9_DSA_SIGNATURE,
  907. "ANSI X9.57 DSA Signature", CKM_DSA,
  908. INVALID_CERT_EXTENSION },
  909.     { { siDEROID, ansix9DSASignaturewithSHA1Digest,
  910. sizeof(ansix9DSASignaturewithSHA1Digest) },
  911.         SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST,
  912. "ANSI X9.57 DSA Signature with SHA1 Digest", CKM_DSA_SHA1,
  913. INVALID_CERT_EXTENSION },
  914.     { { siDEROID, bogusDSASignaturewithSHA1Digest,
  915. sizeof(bogusDSASignaturewithSHA1Digest) },
  916.         SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST,
  917. "FORTEZZA DSA Signature with SHA1 Digest", CKM_DSA_SHA1,
  918. INVALID_CERT_EXTENSION },
  920.     /* verisign oids */
  921.     { { siDEROID, verisignUserNotices,
  922. sizeof(verisignUserNotices) },
  923.         SEC_OID_VERISIGN_USER_NOTICES,
  924. "Verisign User Notices", CKM_INVALID_MECHANISM,
  925. INVALID_CERT_EXTENSION },
  927.     /* pkix oids */
  928.     { { siDEROID, pkixCPSPointerQualifier,
  929. sizeof(pkixCPSPointerQualifier) },
  930.         SEC_OID_PKIX_CPS_POINTER_QUALIFIER,
  931. "PKIX CPS Pointer Qualifier", CKM_INVALID_MECHANISM,
  932. INVALID_CERT_EXTENSION },
  933.     { { siDEROID, pkixUserNoticeQualifier,
  934. sizeof(pkixUserNoticeQualifier) },
  935.         SEC_OID_PKIX_USER_NOTICE_QUALIFIER,
  936. "PKIX User Notice Qualifier", CKM_INVALID_MECHANISM,
  937. INVALID_CERT_EXTENSION },
  939.     { { siDEROID, pkixOCSP, sizeof(pkixOCSP), },
  940. SEC_OID_PKIX_OCSP,
  941. "PKIX Online Certificate Status Protocol", CKM_INVALID_MECHANISM,
  942. INVALID_CERT_EXTENSION },
  943.     { { siDEROID, pkixOCSPBasicResponse, sizeof(pkixOCSPBasicResponse), },
  944. SEC_OID_PKIX_OCSP_BASIC_RESPONSE,
  945. "OCSP Basic Response", CKM_INVALID_MECHANISM,
  946. INVALID_CERT_EXTENSION },
  947.     { { siDEROID, pkixOCSPNonce, sizeof(pkixOCSPNonce), },
  948. SEC_OID_PKIX_OCSP_NONCE,
  949. "OCSP Nonce Extension", CKM_INVALID_MECHANISM,
  950. INVALID_CERT_EXTENSION },
  951.     { { siDEROID, pkixOCSPCRL, sizeof(pkixOCSPCRL), },
  952. SEC_OID_PKIX_OCSP_CRL,
  953. "OCSP CRL Reference Extension", CKM_INVALID_MECHANISM,
  954. INVALID_CERT_EXTENSION },
  955.     { { siDEROID, pkixOCSPResponse, sizeof(pkixOCSPResponse), },
  956. SEC_OID_PKIX_OCSP_RESPONSE,
  957. "OCSP Response Types Extension", CKM_INVALID_MECHANISM,
  958. INVALID_CERT_EXTENSION },
  959.     { { siDEROID, pkixOCSPNoCheck, sizeof(pkixOCSPNoCheck) },
  960. SEC_OID_PKIX_OCSP_NO_CHECK,
  961. "OCSP No Check Extension", CKM_INVALID_MECHANISM, 
  962. SUPPORTED_CERT_EXTENSION },
  963.     { { siDEROID, pkixOCSPArchiveCutoff, sizeof(pkixOCSPArchiveCutoff) },
  964. SEC_OID_PKIX_OCSP_ARCHIVE_CUTOFF,
  965. "OCSP Archive Cutoff Extension", CKM_INVALID_MECHANISM,
  966. INVALID_CERT_EXTENSION },
  967.     { { siDEROID, pkixOCSPServiceLocator, sizeof(pkixOCSPServiceLocator) },
  968. SEC_OID_PKIX_OCSP_SERVICE_LOCATOR,
  969. "OCSP Service Locator Extension", CKM_INVALID_MECHANISM,
  970. INVALID_CERT_EXTENSION },
  972.     { { siDEROID, pkixRegCtrlRegToken,
  973. sizeof (pkixRegCtrlRegToken) },
  974.         SEC_OID_PKIX_REGCTRL_REGTOKEN,
  975.         "PKIX CRMF Registration Control, Registration Token", 
  976.         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  977.     { { siDEROID, pkixRegCtrlAuthenticator,
  978. sizeof (pkixRegCtrlAuthenticator) },
  979.         SEC_OID_PKIX_REGCTRL_AUTHENTICATOR,
  980.         "PKIX CRMF Registration Control, Registration Authenticator", 
  981.         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
  982.     { { siDEROID, pkixRegCtrlPKIPubInfo,
  983. sizeof (pkixRegCtrlPKIPubInfo) },
  984.         SEC_OID_PKIX_REGCTRL_PKIPUBINFO,
  985.         "PKIX CRMF Registration Control, PKI Publication Info", 
  986.         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION},
  987.     { { siDEROID, pkixRegCtrlPKIArchOptions,
  988. sizeof (pkixRegCtrlPKIArchOptions) },
  989.         SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS,
  990.         "PKIX CRMF Registration Control, PKI Archive Options", 
  991.         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION},
  992.     { { siDEROID, pkixRegCtrlOldCertID,
  993. sizeof (pkixRegCtrlOldCertID) },
  994.         SEC_OID_PKIX_REGCTRL_OLD_CERT_ID,
  995.         "PKIX CRMF Registration Control, Old Certificate ID", 
  996.         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION},
  997.     { { siDEROID, pkixRegCtrlProtEncKey,
  998. sizeof (pkixRegCtrlProtEncKey) },
  999.         SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY,
  1000.         "PKIX CRMF Registration Control, Protocol Encryption Key", 
  1001.         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION},
  1002.     { { siDEROID, pkixRegInfoUTF8Pairs,
  1003. sizeof (pkixRegInfoUTF8Pairs) },
  1004.         SEC_OID_PKIX_REGINFO_UTF8_PAIRS,
  1005.         "PKIX CRMF Registration Info, UTF8 Pairs", 
  1006.         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION},
  1007.     { { siDEROID, pkixRegInfoCertReq,
  1008. sizeof (pkixRegInfoCertReq) },
  1009.         SEC_OID_PKIX_REGINFO_CERT_REQUEST,
  1010.         "PKIX CRMF Registration Info, Certificate Request", 
  1011.         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION},
  1012.     { { siDEROID, pkixExtendedKeyUsageServerAuth,
  1013. sizeof (pkixExtendedKeyUsageServerAuth) },
  1014.         SEC_OID_EXT_KEY_USAGE_SERVER_AUTH,
  1015.         "TLS Web Server Authentication Certificate",
  1016.         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION},
  1017.     { { siDEROID, pkixExtendedKeyUsageClientAuth,
  1018. sizeof (pkixExtendedKeyUsageClientAuth) },
  1019.         SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH,
  1020.         "TLS Web Client Authentication Certificate",
  1021.         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION},
  1022.     { { siDEROID, pkixExtendedKeyUsageCodeSign,
  1023. sizeof (pkixExtendedKeyUsageCodeSign) },
  1024.         SEC_OID_EXT_KEY_USAGE_CODE_SIGN,
  1025.         "Code Signing Certificate",
  1026.         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION},
  1027.     { { siDEROID, pkixExtendedKeyUsageEMailProtect,
  1028. sizeof (pkixExtendedKeyUsageEMailProtect) },
  1029.         SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT,
  1030.         "E-Mail Protection Certificate",
  1031.         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION},
  1032.     { { siDEROID, pkixExtendedKeyUsageTimeStamp,
  1033. sizeof (pkixExtendedKeyUsageTimeStamp) },
  1034.         SEC_OID_EXT_KEY_USAGE_TIME_STAMP,
  1035.         "Time Stamping Certifcate",
  1036.         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION},
  1037.     { { siDEROID, pkixOCSPResponderExtendedKeyUsage,
  1038.   sizeof (pkixOCSPResponderExtendedKeyUsage) },
  1039.           SEC_OID_OCSP_RESPONDER,
  1040.           "OCSP Responder Certificate",
  1041.           CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION},
  1043.     /* Netscape Algorithm OIDs */
  1045.     { { siDEROID, netscapeSMimeKEA,
  1046. sizeof(netscapeSMimeKEA) },
  1047.         SEC_OID_NETSCAPE_SMIME_KEA,
  1048. "Netscape S/MIME KEA", CKM_INVALID_MECHANISM,
  1049. INVALID_CERT_EXTENSION },
  1051.       /* Skipjack OID -- ### mwelch temporary */
  1052.     { { siDEROID, skipjackCBC,
  1053. sizeof(skipjackCBC) },
  1054.         SEC_OID_FORTEZZA_SKIPJACK,
  1055. "Skipjack CBC64", CKM_SKIPJACK_CBC64,
  1056. INVALID_CERT_EXTENSION },
  1058.     /* pkcs12 v2 oids */
  1059.     { { siDEROID, pkcs12V2PBEWithSha1And128BitRC4,
  1060. sizeof(pkcs12V2PBEWithSha1And128BitRC4) },
  1061.         SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4,
  1062. "PKCS12 V2 PBE With SHA1 And 128 Bit RC4", 
  1063. CKM_PBE_SHA1_RC4_128,
  1064. INVALID_CERT_EXTENSION },
  1065.     { { siDEROID, pkcs12V2PBEWithSha1And40BitRC4,
  1066. sizeof(pkcs12V2PBEWithSha1And40BitRC4) },
  1067.         SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4,
  1068. "PKCS12 V2 PBE With SHA1 And 40 Bit RC4", 
  1069. CKM_PBE_SHA1_RC4_40,
  1070. INVALID_CERT_EXTENSION },
  1071.     { { siDEROID, pkcs12V2PBEWithSha1And3KeyTripleDEScbc,
  1072. sizeof(pkcs12V2PBEWithSha1And3KeyTripleDEScbc) },
  1073.         SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC,
  1074. "PKCS12 V2 PBE With SHA1 And 3KEY Triple DES-cbc", 
  1075. CKM_PBE_SHA1_DES3_EDE_CBC,
  1076. INVALID_CERT_EXTENSION },
  1077.     { { siDEROID, pkcs12V2PBEWithSha1And2KeyTripleDEScbc,
  1078. sizeof(pkcs12V2PBEWithSha1And2KeyTripleDEScbc) },
  1079.         SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC,
  1080. "PKCS12 V2 PBE With SHA1 And 2KEY Triple DES-cbc", 
  1081. CKM_PBE_SHA1_DES2_EDE_CBC,
  1082. INVALID_CERT_EXTENSION },
  1083.     { { siDEROID, pkcs12V2PBEWithSha1And128BitRC2cbc,
  1084. sizeof(pkcs12V2PBEWithSha1And128BitRC2cbc) },
  1085.         SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC,
  1086. "PKCS12 V2 PBE With SHA1 And 128 Bit RC2 CBC", 
  1087. CKM_PBE_SHA1_RC2_128_CBC,
  1088. INVALID_CERT_EXTENSION },
  1089.     { { siDEROID, pkcs12V2PBEWithSha1And40BitRC2cbc,
  1090. sizeof(pkcs12V2PBEWithSha1And40BitRC2cbc) },
  1091.         SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC,
  1092. "PKCS12 V2 PBE With SHA1 And 40 Bit RC2 CBC", 
  1093. CKM_PBE_SHA1_RC2_40_CBC,
  1094. INVALID_CERT_EXTENSION },
  1095.     { { siDEROID, pkcs12SafeContentsID, 
  1096.      sizeof(pkcs12SafeContentsID) },
  1097.   SEC_OID_PKCS12_SAFE_CONTENTS_ID,
  1098.   "PKCS #12 Safe Contents ID", CKM_INVALID_MECHANISM,
  1099.   INVALID_CERT_EXTENSION },
  1100.     { { siDEROID, pkcs12PKCS8ShroudedKeyBagID, 
  1101.      sizeof(pkcs12PKCS8ShroudedKeyBagID) },
  1102.   SEC_OID_PKCS12_PKCS8_SHROUDED_KEY_BAG_ID,
  1103.   "PKCS #12 Safe Contents ID", CKM_INVALID_MECHANISM,
  1104.   INVALID_CERT_EXTENSION },
  1105.     { { siDEROID, pkcs12V1KeyBag, 
  1106.      sizeof(pkcs12V1KeyBag) },
  1107.   SEC_OID_PKCS12_V1_KEY_BAG_ID,
  1108.   "PKCS #12 V1 Key Bag", CKM_INVALID_MECHANISM,
  1109.   INVALID_CERT_EXTENSION },
  1110.     { { siDEROID, pkcs12V1PKCS8ShroudedKeyBag, 
  1111.      sizeof(pkcs12V1PKCS8ShroudedKeyBag) },
  1112.   SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID,
  1113.   "PKCS #12 V1 PKCS8 Shrouded Key Bag", CKM_INVALID_MECHANISM,
  1114.   INVALID_CERT_EXTENSION },
  1115.     { { siDEROID, pkcs12V1CertBag, 
  1116.      sizeof(pkcs12V1CertBag) },
  1117.   SEC_OID_PKCS12_V1_CERT_BAG_ID,
  1118.   "PKCS #12 V1 Cert Bag", CKM_INVALID_MECHANISM,
  1119.   INVALID_CERT_EXTENSION },
  1120.     { { siDEROID, pkcs12V1CRLBag, 
  1121.      sizeof(pkcs12V1CRLBag) },
  1122.   SEC_OID_PKCS12_V1_CRL_BAG_ID,
  1123.   "PKCS #12 V1 CRL Bag", CKM_INVALID_MECHANISM,
  1124.   INVALID_CERT_EXTENSION },
  1125.     { { siDEROID, pkcs12V1SecretBag, 
  1126.      sizeof(pkcs12V1SecretBag) },
  1127.   SEC_OID_PKCS12_V1_SECRET_BAG_ID,
  1128.   "PKCS #12 V1 Secret Bag", CKM_INVALID_MECHANISM,
  1129.   INVALID_CERT_EXTENSION },
  1130.     { { siDEROID, pkcs12V1SafeContentsBag, 
  1131.      sizeof(pkcs12V1SafeContentsBag) },
  1132.   SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID,
  1133.   "PKCS #12 V1 Safe Contents Bag", CKM_INVALID_MECHANISM,
  1134.   INVALID_CERT_EXTENSION },
  1136.     { { siDEROID, pkcs9X509Certificate, 
  1137.      sizeof(pkcs9X509Certificate) },
  1138.   SEC_OID_PKCS9_X509_CERT,
  1139.   "PKCS #9 X509 Certificate", CKM_INVALID_MECHANISM,
  1140.   INVALID_CERT_EXTENSION },
  1141.     { { siDEROID, pkcs9SDSICertificate, 
  1142.      sizeof(pkcs9SDSICertificate) },
  1143.   SEC_OID_PKCS9_SDSI_CERT,
  1144.   "PKCS #9 SDSI Certificate", CKM_INVALID_MECHANISM,
  1145.   INVALID_CERT_EXTENSION },
  1146.     { { siDEROID, pkcs9X509CRL, 
  1147.      sizeof(pkcs9X509CRL) },
  1148.   SEC_OID_PKCS9_X509_CRL,
  1149.   "PKCS #9 X509 CRL", CKM_INVALID_MECHANISM,
  1150.   INVALID_CERT_EXTENSION },
  1151.     { { siDEROID, pkcs9FriendlyName, 
  1152.      sizeof(pkcs9FriendlyName) },
  1153.   SEC_OID_PKCS9_FRIENDLY_NAME,
  1154.   "PKCS #9 Friendly Name", CKM_INVALID_MECHANISM,
  1155.   INVALID_CERT_EXTENSION },
  1156.     { { siDEROID, pkcs9LocalKeyID, 
  1157.      sizeof(pkcs9LocalKeyID) },
  1158.   SEC_OID_PKCS9_LOCAL_KEY_ID,
  1159.   "PKCS #9 Local Key ID", CKM_INVALID_MECHANISM,
  1160.   INVALID_CERT_EXTENSION }, 
  1161.     { { siDEROID, pkcs12KeyUsageAttr,
  1162. sizeof(pkcs12KeyUsageAttr) },
  1163.   SEC_OID_PKCS12_KEY_USAGE,
  1164.   "PKCS 12 Key Usage", CKM_INVALID_MECHANISM,
  1165.   INVALID_CERT_EXTENSION },
  1166.     { { siDEROID, dhPublicKey,
  1167. sizeof(dhPublicKey) },
  1168.   SEC_OID_X942_DIFFIE_HELMAN_KEY,
  1169.   "Diffie-Helman Public Key", CKM_DH_PKCS_DERIVE,
  1170.   INVALID_CERT_EXTENSION },
  1171.     { { siDEROID, netscapeNickname,
  1172. sizeof(netscapeNickname) },
  1173.   SEC_OID_NETSCAPE_NICKNAME,
  1174.   "Netscape Nickname", CKM_INVALID_MECHANISM,
  1175.   INVALID_CERT_EXTENSION },
  1177.     /* Cert Server specific OIDs */
  1178.     { { siDEROID, netscapeRecoveryRequest,
  1179.         sizeof(netscapeRecoveryRequest) },
  1180.         SEC_OID_NETSCAPE_RECOVERY_REQUEST,
  1181.         "Recovery Request OID", CKM_INVALID_MECHANISM,
  1182.         INVALID_CERT_EXTENSION }, 
  1184.     { { siDEROID, nsExtAIACertRenewal,
  1185.         sizeof(nsExtAIACertRenewal) },
  1186.         SEC_OID_CERT_RENEWAL_LOCATOR,
  1187.         "Certificate Renewal Locator OID", CKM_INVALID_MECHANISM,
  1188.         INVALID_CERT_EXTENSION }, 
  1190.     { { siDEROID, nsExtCertScopeOfUse,
  1191.         sizeof(nsExtCertScopeOfUse) },
  1192.         SEC_OID_NS_CERT_EXT_SCOPE_OF_USE,
  1193.         "Certificate Scope-of-Use Extension", CKM_INVALID_MECHANISM,
  1194.         SUPPORTED_CERT_EXTENSION },
  1196.     /* CMS stuff */
  1197.     { { siDEROID, cmsESDH,
  1198.         sizeof(cmsESDH) },
  1199.         SEC_OID_CMS_EPHEMERAL_STATIC_DIFFIE_HELLMAN,
  1200.         "Ephemeral-Static Diffie-Hellman", CKM_INVALID_MECHANISM /* XXX */,
  1201.         INVALID_CERT_EXTENSION },
  1202.     { { siDEROID, cms3DESwrap,
  1203.         sizeof(cms3DESwrap) },
  1204.         SEC_OID_CMS_3DES_KEY_WRAP,
  1205.         "CMS 3DES Key Wrap", CKM_INVALID_MECHANISM /* XXX */,
  1206.         INVALID_CERT_EXTENSION },
  1207.     { { siDEROID, cmsRC2wrap,
  1208.         sizeof(cmsRC2wrap) },
  1209.         SEC_OID_CMS_RC2_KEY_WRAP,
  1210.         "CMS RC2 Key Wrap", CKM_INVALID_MECHANISM /* XXX */,
  1211.         INVALID_CERT_EXTENSION },
  1212.     { { siDEROID, smimeEncryptionKeyPreference,
  1213. sizeof(smimeEncryptionKeyPreference) },
  1214. SEC_OID_SMIME_ENCRYPTION_KEY_PREFERENCE,
  1215. "S/MIME Encryption Key Preference", CKM_INVALID_MECHANISM,
  1216. INVALID_CERT_EXTENSION },
  1218. };
  1220. /*
  1221.  * now the dynamic table. The dynamic table gets build at init time.
  1222.  *  and gets modified if the user loads new crypto modules.
  1223.  */
  1225. static DB *oid_d_hash = 0;
  1226. static SECOidData **secoidDynamicTable = NULL;
  1227. static int secoidDynamicTableSize = 0;
  1228. static int secoidLastDynamicEntry = 0;
  1229. static int secoidLastHashEntry = 0;
  1231. static SECStatus
  1232. secoid_DynamicRehash(void)
  1233. {
  1234.     DBT key;
  1235.     DBT data;
  1236.     int rv;
  1237.     SECOidData *oid;
  1238.     int i;
  1239.     int last = secoidLastDynamicEntry;
  1241.     if (!oid_d_hash) {
  1242.         oid_d_hash = dbopen( 0, O_RDWR | O_CREAT, 0600, DB_HASH, 0 );
  1243.     }
  1246.     if ( !oid_d_hash ) {
  1247. PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
  1248. return(SECFailure);
  1249.     }
  1251.     for ( i = secoidLastHashEntry; i < last; i++ ) {
  1252. oid = secoidDynamicTable[i];
  1254. /* invalid assert ... guarrenteed not to be true */
  1255. /* PORT_Assert ( oid->offset == i ); */
  1257. key.data = oid->oid.data;
  1258. key.size = oid->oid.len;
  1260. data.data = &oid;
  1261. data.size = sizeof(oid);
  1263. rv = (* oid_d_hash->put)( oid_d_hash, &key, &data, R_NOOVERWRITE );
  1264. if ( rv ) {
  1265.     PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
  1266.     return(SECFailure);
  1267. }
  1268.     }
  1269.     secoidLastHashEntry = last;
  1270.     return(SECSuccess);
  1271. }
  1273. /*
  1274.  * Lookup a Dynamic OID. Dynamic OID's still change slowly, so it's
  1275.  * cheaper to rehash the table when it changes than it is to do the loop
  1276.  * each time. Worry: what about thread safety here? Global Static data with
  1277.  * no locks.... (sigh).
  1278.  */
  1279. static SECStatus
  1280. secoid_FindDynamic(DBT *key, DBT *data) {
  1281.     if (secoidDynamicTable == NULL) {
  1282. return SECFailure;
  1283.     }
  1284.     if (secoidLastHashEntry != secoidLastDynamicEntry) {
  1285. SECStatus rv = secoid_DynamicRehash();
  1286. if ( rv != SECSuccess ) {
  1287.     return rv;
  1288. }
  1289.     }
  1290.     return (SECStatus)(* oid_d_hash->get)( oid_d_hash, key, data, 0 );
  1292. }
  1294. static SECOidData *
  1295. secoid_FindDynamicByTag(SECOidTag tagnum)
  1296. {
  1297.     int tagNumDiff;
  1299.     if (secoidDynamicTable == NULL) {
  1300. return NULL;
  1301.     }
  1303.     if (tagnum < SEC_OID_TOTAL) {
  1304. return NULL;
  1305.     }
  1307.     tagNumDiff = tagnum - SEC_OID_TOTAL;
  1308.     if (tagNumDiff >= secoidLastDynamicEntry) {
  1309. return NULL;
  1310.     }
  1312.     return(secoidDynamicTable[tagNumDiff]);
  1313. }
  1315. /*
  1316.  * this routine is definately not thread safe. It is only called out
  1317.  * of the UI, or at init time. If we want to call it any other time,
  1318.  * we need to make it thread safe.
  1319.  */
  1320. SECStatus
  1321. SECOID_AddEntry(SECItem *oid, char *description, unsigned long mech) {
  1322.     SECOidData *oiddp = (SECOidData *)PORT_Alloc(sizeof(SECOidData));
  1323.     int last = secoidLastDynamicEntry;
  1324.     int tableSize = secoidDynamicTableSize;
  1325.     int next = last++;
  1326.     SECOidData **newTable = secoidDynamicTable;
  1327.     SECOidData **oldTable = NULL;
  1329.     if (oid == NULL) {
  1330. return SECFailure;
  1331.     }
  1333.     /* fill in oid structure */
  1334.     if (SECITEM_CopyItem(NULL,&oiddp->oid,oid) != SECSuccess) {
  1335. PORT_Free(oiddp);
  1336. return SECFailure;
  1337.     }
  1338.     oiddp->offset = (SECOidTag)(next + SEC_OID_TOTAL);
  1339.     /* may we should just reference the copy passed to us? */
  1340.     oiddp->desc = PORT_Strdup(description);
  1341.     oiddp->mechanism = mech;
  1344.     if (last > tableSize) {
  1345. int oldTableSize = tableSize;
  1346. tableSize += 10;
  1347. oldTable = newTable;
  1348. newTable = (SECOidData **)PORT_ZAlloc(sizeof(SECOidData *)*tableSize);
  1349. if (newTable == NULL) {
  1350.    PORT_Free(oiddp->oid.data);
  1351.    PORT_Free(oiddp);
  1352.    return SECFailure;
  1353. }
  1354. PORT_Memcpy(newTable,oldTable,sizeof(SECOidData *)*oldTableSize);
  1355. PORT_Free(oldTable);
  1356.     }
  1358.     newTable[next] = oiddp;
  1359.     secoidDynamicTable = newTable;
  1360.     secoidDynamicTableSize = tableSize;
  1361.     secoidLastDynamicEntry= last;
  1362.     return SECSuccess;
  1363. }
  1366. /* normal static table processing */
  1367. static DB *oidhash     = NULL;
  1368. static DB *oidmechhash = NULL;
  1370. static SECStatus
  1371. InitOIDHash(void)
  1372. {
  1373.     DBT key;
  1374.     DBT data;
  1375.     int rv;
  1376.     SECOidData *oid;
  1377.     int i;
  1378.     
  1379.     oidhash = dbopen( 0, O_RDWR | O_CREAT, 0600, DB_HASH, 0 );
  1380.     oidmechhash = dbopen( 0, O_RDWR | O_CREAT, 0600, DB_HASH, 0 );
  1382.     if ( !oidhash || !oidmechhash) {
  1383. PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
  1384.   PORT_Assert(0); /*This function should never fail. */
  1385. return(SECFailure);
  1386.     }
  1388.     for ( i = 0; i < ( sizeof(oids) / sizeof(SECOidData) ); i++ ) {
  1389. oid = &oids[i];
  1391. PORT_Assert ( oid->offset == i );
  1393. key.data = oid->oid.data;
  1394. key.size = oid->oid.len;
  1396. data.data = &oid;
  1397. data.size = sizeof(oid);
  1399. rv = (* oidhash->put)( oidhash, &key, &data, R_NOOVERWRITE );
  1400. if ( rv ) {
  1401.     PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
  1402.             PORT_Assert(0); /*This function should never fail. */
  1403.     return(SECFailure);
  1404. }
  1406. if ( oid->mechanism != CKM_INVALID_MECHANISM ) {
  1407.     key.data = &oid->mechanism;
  1408.     key.size = sizeof(oid->mechanism);
  1410.     rv = (* oidmechhash->put)( oidmechhash, &key, &data, R_NOOVERWRITE);
  1411.     /* Only error out if the error value returned is not
  1412.      * RET_SPECIAL, ie the mechanism already has a registered 
  1413.      * OID.
  1414.      */
  1415.     if ( rv && rv != RET_SPECIAL) {
  1416.         PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
  1417.                 PORT_Assert(0); /* This function should never fail. */
  1418. return(SECFailure);
  1419.     }
  1420. }
  1421.     }
  1423.     PORT_Assert (i == SEC_OID_TOTAL);
  1425.     return(SECSuccess);
  1426. }
  1428. SECOidData *
  1429. SECOID_FindOIDByMechanism(unsigned long mechanism)
  1430. {
  1431.     DBT key;
  1432.     DBT data;
  1433.     SECOidData *ret;
  1434.     int rv;
  1436.     if ( !oidhash ) {
  1437.         rv = InitOIDHash();
  1438. if ( rv != SECSuccess ) {
  1439.     PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
  1440.     return NULL;
  1441. }
  1442.     }
  1443.     key.data = &mechanism;
  1444.     key.size = sizeof(mechanism);
  1446.     rv = (* oidmechhash->get)( oidmechhash, &key, &data, 0 );
  1447.     if ( rv || ( data.size != sizeof(unsigned long) ) ) {
  1448.         PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
  1449. return NULL;
  1450.     }
  1451.     PORT_Memcpy(&ret, data.data, data.size);
  1453.     return (ret);
  1454. }
  1456. SECOidData *
  1457. SECOID_FindOID(SECItem *oid)
  1458. {
  1459.     DBT key;
  1460.     DBT data;
  1461.     SECOidData *ret;
  1462.     int rv;
  1463.     
  1464.     if ( !oidhash ) {
  1465. rv = InitOIDHash();
  1466. if ( rv != SECSuccess ) {
  1467.     PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
  1468.     return NULL;
  1469. }
  1470.     }
  1471.     
  1472.     key.data = oid->data;
  1473.     key.size = oid->len;
  1474.     
  1475.     rv = (* oidhash->get)( oidhash, &key, &data, 0 );
  1476.     if ( rv || ( data.size != sizeof(SECOidData*) ) ) {
  1477. rv = secoid_FindDynamic(&key, &data);
  1478. if (rv != SECSuccess) {
  1479.     PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
  1480.     return(0);
  1481. }
  1482.     }
  1484.     PORT_Memcpy(&ret, data.data, data.size);
  1486.     return(ret);
  1487. }
  1489. SECOidTag
  1490. SECOID_FindOIDTag(SECItem *oid)
  1491. {
  1492.     SECOidData *oiddata;
  1494.     oiddata = SECOID_FindOID (oid);
  1495.     if (oiddata == NULL)
  1496. return SEC_OID_UNKNOWN;
  1498.     return oiddata->offset;
  1499. }
  1501. SECOidData *
  1502. SECOID_FindOIDByTag(SECOidTag tagnum)
  1503. {
  1505.     if (tagnum >= SEC_OID_TOTAL) {
  1506. return secoid_FindDynamicByTag(tagnum);
  1507.     }
  1509.     PORT_Assert((unsigned int)tagnum < (sizeof(oids) / sizeof(SECOidData)));
  1510.     return(&oids[tagnum]);
  1511. }
  1513. PRBool SECOID_KnownCertExtenOID (SECItem *extenOid)
  1514. {
  1515.     SECOidData * oidData;
  1517.     oidData = SECOID_FindOID (extenOid);
  1518.     if (oidData == (SECOidData *)NULL)
  1519. return (PR_FALSE);
  1520.     return ((oidData->supportedExtension == SUPPORTED_CERT_EXTENSION) ?
  1521.             PR_TRUE : PR_FALSE);
  1522. }
  1525. const char *
  1526. SECOID_FindOIDTagDescription(SECOidTag tagnum)
  1527. {
  1528.   SECOidData *oidData = SECOID_FindOIDByTag(tagnum);
  1529.   if (!oidData)
  1530.     return 0;
  1531.   else
  1532.     return oidData->desc;
  1533. }