]> git.saurik.com Git - apple/security.git/blob - libsecurity_smime/lib/secoid.c
Security-57031.30.12.tar.gz
[apple/security.git] / libsecurity_smime / lib / secoid.c
1 /*
2 * The contents of this file are subject to the Mozilla Public
3 * License Version 1.1 (the "License"); you may not use this file
4 * except in compliance with the License. You may obtain a copy of
5 * the License at http://www.mozilla.org/MPL/
6 *
7 * Software distributed under the License is distributed on an "AS
8 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
9 * implied. See the License for the specific language governing
10 * rights and limitations under the License.
11 *
12 * The Original Code is the Netscape security libraries.
13 *
14 * The Initial Developer of the Original Code is Netscape
15 * Communications Corporation. Portions created by Netscape are
16 * Copyright (C) 1994-2000 Netscape Communications Corporation. All
17 * Rights Reserved.
18 *
19 * Contributor(s):
20 *
21 * Alternatively, the contents of this file may be used under the
22 * terms of the GNU General Public License Version 2 or later (the
23 * "GPL"), in which case the provisions of the GPL are applicable
24 * instead of those above. If you wish to allow use of your
25 * version of this file only under the terms of the GPL and not to
26 * allow others to use your version of this file under the MPL,
27 * indicate your decision by deleting the provisions above and
28 * replace them with the notice and other provisions required by
29 * the GPL. If you do not delete the provisions above, a recipient
30 * may use your version of this file under either the MPL or the
31 * GPL.
32 */
33
34 #include "secoid.h"
35 #include "SecAsn1Item.h"
36 #include "plhash.h"
37
38 #include <security_asn1/secerr.h>
39 #include <security_asn1/secport.h>
40
41 #if USE_CDSA_CRYPTO
42 #include <Security/cssmapple.h>
43 #else
44 #include <Security/oidsalg.h>
45 #include <CommonCrypto/CommonCryptor.h>
46 #endif
47 #include <pthread.h>
48
49 /* MISSI Mosaic Object ID space */
50 #define USGOV 0x60, 0x86, 0x48, 0x01, 0x65
51 #define MISSI USGOV, 0x02, 0x01, 0x01
52 #define MISSI_OLD_KEA_DSS MISSI, 0x0c
53 #define MISSI_OLD_DSS MISSI, 0x02
54 #define MISSI_KEA_DSS MISSI, 0x14
55 #define MISSI_DSS MISSI, 0x13
56 #define MISSI_KEA MISSI, 0x0a
57 #define MISSI_ALT_KEA MISSI, 0x16
58
59 #define NISTALGS USGOV, 3, 4
60 #define AES NISTALGS, 1
61 #define SHAXXX NISTALGS, 2
62
63 /**
64 ** The Netscape OID space is allocated by Terry Hayes. If you need
65 ** a piece of the space, contact him at thayes@netscape.com.
66 **/
67
68 /* Netscape Communications Corporation Object ID space */
69 /* { 2 16 840 1 113730 } */
70 #define NETSCAPE_OID 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42
71 #define NETSCAPE_CERT_EXT NETSCAPE_OID, 0x01
72 #define NETSCAPE_DATA_TYPE NETSCAPE_OID, 0x02
73 /* netscape directory oid - owned by Mark Smith (mcs@netscape.com) */
74 #define NETSCAPE_DIRECTORY NETSCAPE_OID, 0x03
75 #define NETSCAPE_POLICY NETSCAPE_OID, 0x04
76 #define NETSCAPE_CERT_SERVER NETSCAPE_OID, 0x05
77 #define NETSCAPE_ALGS NETSCAPE_OID, 0x06 /* algorithm OIDs */
78 #define NETSCAPE_NAME_COMPONENTS NETSCAPE_OID, 0x07
79
80 #define NETSCAPE_CERT_EXT_AIA NETSCAPE_CERT_EXT, 0x10
81 #define NETSCAPE_CERT_SERVER_CRMF NETSCAPE_CERT_SERVER, 0x01
82
83 /* these are old and should go away soon */
84 #define OLD_NETSCAPE 0x60, 0x86, 0x48, 0xd8, 0x6a
85 #define NS_CERT_EXT OLD_NETSCAPE, 0x01
86 #define NS_FILE_TYPE OLD_NETSCAPE, 0x02
87 #define NS_IMAGE_TYPE OLD_NETSCAPE, 0x03
88
89 /* RSA OID name space */
90 #define RSADSI 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d
91 #define PKCS RSADSI, 0x01
92 #define DIGEST RSADSI, 0x02
93 #define CIPHER RSADSI, 0x03
94 #define PKCS1 PKCS, 0x01
95 #define PKCS5 PKCS, 0x05
96 #define PKCS7 PKCS, 0x07
97 #define PKCS9 PKCS, 0x09
98 #define PKCS12 PKCS, 0x0c
99
100 /* Fortezza algorithm OID space: { 2 16 840 1 101 2 1 1 } */
101 /* ### mwelch -- Is this just for algorithms, or all of Fortezza? */
102 #define FORTEZZA_ALG 0x60, 0x86, 0x48, 0x01, 0x65, 0x02, 0x01, 0x01
103
104 /* Other OID name spaces */
105 #define ALGORITHM 0x2b, 0x0e, 0x03, 0x02
106 #define X500 0x55
107 #define X520_ATTRIBUTE_TYPE X500, 0x04
108 #define X500_ALG X500, 0x08
109 #define X500_ALG_ENCRYPTION X500_ALG, 0x01
110
111 /** X.509 v3 Extension OID
112 ** {joint-iso-ccitt (2) ds(5) 29}
113 **/
114 #define ID_CE_OID X500, 0x1d
115
116 #define RFC1274_ATTR_TYPE 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x1
117 /* #define RFC2247_ATTR_TYPE 0x09, 0x92, 0x26, 0xf5, 0x98, 0x1e, 0x64, 0x1 this is WRONG! */
118
119 /* PKCS #12 name spaces */
120 #define PKCS12_MODE_IDS PKCS12, 0x01
121 #define PKCS12_ESPVK_IDS PKCS12, 0x02
122 #define PKCS12_BAG_IDS PKCS12, 0x03
123 #define PKCS12_CERT_BAG_IDS PKCS12, 0x04
124 #define PKCS12_OIDS PKCS12, 0x05
125 #define PKCS12_PBE_IDS PKCS12_OIDS, 0x01
126 #define PKCS12_ENVELOPING_IDS PKCS12_OIDS, 0x02
127 #define PKCS12_SIGNATURE_IDS PKCS12_OIDS, 0x03
128 #define PKCS12_V2_PBE_IDS PKCS12, 0x01
129 #define PKCS9_CERT_TYPES PKCS9, 0x16
130 #define PKCS9_CRL_TYPES PKCS9, 0x17
131 #define PKCS9_SMIME_IDS PKCS9, 0x10
132 #define PKCS9_SMIME_ATTRS PKCS9_SMIME_IDS, 2
133 #define PKCS9_SMIME_ALGS PKCS9_SMIME_IDS, 3
134 #define PKCS12_VERSION1 PKCS12, 0x0a
135 #define PKCS12_V1_BAG_IDS PKCS12_VERSION1, 1
136
137 /* for DSA algorithm */
138 /* { iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) } */
139 #define ANSI_X9_ALGORITHM 0x2a, 0x86, 0x48, 0xce, 0x38, 0x4
140
141 /* for DH algorithm */
142 /* { iso(1) member-body(2) us(840) x9-57(10046) number-type(2) } */
143 /* need real OID person to look at this, copied the above line
144 * and added 6 to second to last value (and changed '4' to '2' */
145 #define ANSI_X942_ALGORITHM 0x2a, 0x86, 0x48, 0xce, 0x3e, 0x2
146
147 #define VERISIGN 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45
148
149 #define PKIX 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07
150 #define PKIX_CERT_EXTENSIONS PKIX, 1
151 #define PKIX_POLICY_QUALIFIERS PKIX, 2
152 #define PKIX_KEY_USAGE PKIX, 3
153 #define PKIX_ACCESS_DESCRIPTION PKIX, 0x30
154 #define PKIX_OCSP PKIX_ACCESS_DESCRIPTION, 1
155
156 #define PKIX_ID_PKIP PKIX, 5
157 #define PKIX_ID_REGCTRL PKIX_ID_PKIP, 1
158 #define PKIX_ID_REGINFO PKIX_ID_PKIP, 2
159
160 /* Microsoft Object ID space */
161 /* { 1.3.6.1.4.1.311 } */
162 #define MICROSOFT_OID 0x2b, 0x6, 0x1, 0x4, 0x1, 0x82, 0x37
163
164 #define CONST_OID static const unsigned char
165
166 CONST_OID null_oid[] = { };
167
168 CONST_OID md2[] = { DIGEST, 0x02 };
169 CONST_OID md4[] = { DIGEST, 0x04 };
170 CONST_OID md5[] = { DIGEST, 0x05 };
171
172 CONST_OID rc2cbc[] = { CIPHER, 0x02 };
173 CONST_OID rc4[] = { CIPHER, 0x04 };
174 CONST_OID desede3cbc[] = { CIPHER, 0x07 };
175 CONST_OID rc5cbcpad[] = { CIPHER, 0x09 };
176
177 CONST_OID desecb[] = { ALGORITHM, 0x06 };
178 CONST_OID descbc[] = { ALGORITHM, 0x07 };
179 CONST_OID desofb[] = { ALGORITHM, 0x08 };
180 CONST_OID descfb[] = { ALGORITHM, 0x09 };
181 CONST_OID desmac[] = { ALGORITHM, 0x0a };
182 CONST_OID sdn702DSASignature[] = { ALGORITHM, 0x0c };
183 CONST_OID isoSHAWithRSASignature[] = { ALGORITHM, 0x0f };
184 CONST_OID desede[] = { ALGORITHM, 0x11 };
185 CONST_OID sha1[] = { ALGORITHM, 0x1a };
186 CONST_OID bogusDSASignaturewithSHA1Digest[] = { ALGORITHM, 0x1b };
187
188 CONST_OID pkcs1RSAEncryption[] = { PKCS1, 0x01 };
189 CONST_OID pkcs1MD2WithRSAEncryption[] = { PKCS1, 0x02 };
190 CONST_OID pkcs1MD4WithRSAEncryption[] = { PKCS1, 0x03 };
191 CONST_OID pkcs1MD5WithRSAEncryption[] = { PKCS1, 0x04 };
192 CONST_OID pkcs1SHA1WithRSAEncryption[] = { PKCS1, 0x05 };
193 CONST_OID pkcs1SHA256WithRSAEncryption[] = { PKCS1, 11 };
194 CONST_OID pkcs1SHA384WithRSAEncryption[] = { PKCS1, 12 };
195 CONST_OID pkcs1SHA512WithRSAEncryption[] = { PKCS1, 13 };
196
197 CONST_OID pkcs5PbeWithMD2AndDEScbc[] = { PKCS5, 0x01 };
198 CONST_OID pkcs5PbeWithMD5AndDEScbc[] = { PKCS5, 0x03 };
199 CONST_OID pkcs5PbeWithSha1AndDEScbc[] = { PKCS5, 0x0a };
200
201 CONST_OID pkcs7[] = { PKCS7 };
202 CONST_OID pkcs7Data[] = { PKCS7, 0x01 };
203 CONST_OID pkcs7SignedData[] = { PKCS7, 0x02 };
204 CONST_OID pkcs7EnvelopedData[] = { PKCS7, 0x03 };
205 CONST_OID pkcs7SignedEnvelopedData[] = { PKCS7, 0x04 };
206 CONST_OID pkcs7DigestedData[] = { PKCS7, 0x05 };
207 CONST_OID pkcs7EncryptedData[] = { PKCS7, 0x06 };
208
209 CONST_OID pkcs9EmailAddress[] = { PKCS9, 0x01 };
210 CONST_OID pkcs9UnstructuredName[] = { PKCS9, 0x02 };
211 CONST_OID pkcs9ContentType[] = { PKCS9, 0x03 };
212 CONST_OID pkcs9MessageDigest[] = { PKCS9, 0x04 };
213 CONST_OID pkcs9SigningTime[] = { PKCS9, 0x05 };
214 CONST_OID pkcs9CounterSignature[] = { PKCS9, 0x06 };
215 CONST_OID pkcs9ChallengePassword[] = { PKCS9, 0x07 };
216 CONST_OID pkcs9UnstructuredAddress[] = { PKCS9, 0x08 };
217 CONST_OID pkcs9ExtendedCertificateAttributes[] = { PKCS9, 0x09 };
218 CONST_OID pkcs9SMIMECapabilities[] = { PKCS9, 15 };
219 CONST_OID pkcs9FriendlyName[] = { PKCS9, 20 };
220 CONST_OID pkcs9LocalKeyID[] = { PKCS9, 21 };
221
222 CONST_OID pkcs9X509Certificate[] = { PKCS9_CERT_TYPES, 1 };
223 CONST_OID pkcs9SDSICertificate[] = { PKCS9_CERT_TYPES, 2 };
224 CONST_OID pkcs9X509CRL[] = { PKCS9_CRL_TYPES, 1 };
225
226 /* RFC2630 (CMS) OIDs */
227 CONST_OID cmsESDH[] = { PKCS9_SMIME_ALGS, 5 };
228 CONST_OID cms3DESwrap[] = { PKCS9_SMIME_ALGS, 6 };
229 CONST_OID cmsRC2wrap[] = { PKCS9_SMIME_ALGS, 7 };
230
231 /* RFC2633 SMIME message attributes */
232 CONST_OID smimeEncryptionKeyPreference[] = { PKCS9_SMIME_ATTRS, 11 };
233 CONST_OID ms_smimeEncryptionKeyPreference[] = { MICROSOFT_OID, 0x10, 0x4 };
234
235 CONST_OID x520CommonName[] = { X520_ATTRIBUTE_TYPE, 3 };
236 CONST_OID x520CountryName[] = { X520_ATTRIBUTE_TYPE, 6 };
237 CONST_OID x520LocalityName[] = { X520_ATTRIBUTE_TYPE, 7 };
238 CONST_OID x520StateOrProvinceName[] = { X520_ATTRIBUTE_TYPE, 8 };
239 CONST_OID x520OrgName[] = { X520_ATTRIBUTE_TYPE, 10 };
240 CONST_OID x520OrgUnitName[] = { X520_ATTRIBUTE_TYPE, 11 };
241 CONST_OID x520DnQualifier[] = { X520_ATTRIBUTE_TYPE, 46 };
242
243 CONST_OID nsTypeGIF[] = { NETSCAPE_DATA_TYPE, 0x01 };
244 CONST_OID nsTypeJPEG[] = { NETSCAPE_DATA_TYPE, 0x02 };
245 CONST_OID nsTypeURL[] = { NETSCAPE_DATA_TYPE, 0x03 };
246 CONST_OID nsTypeHTML[] = { NETSCAPE_DATA_TYPE, 0x04 };
247 CONST_OID nsTypeCertSeq[] = { NETSCAPE_DATA_TYPE, 0x05 };
248
249 CONST_OID missiCertKEADSSOld[] = { MISSI_OLD_KEA_DSS };
250 CONST_OID missiCertDSSOld[] = { MISSI_OLD_DSS };
251 CONST_OID missiCertKEADSS[] = { MISSI_KEA_DSS };
252 CONST_OID missiCertDSS[] = { MISSI_DSS };
253 CONST_OID missiCertKEA[] = { MISSI_KEA };
254 CONST_OID missiCertAltKEA[] = { MISSI_ALT_KEA };
255 CONST_OID x500RSAEncryption[] = { X500_ALG_ENCRYPTION, 0x01 };
256
257 /* added for alg 1485 */
258 CONST_OID rfc1274Uid[] = { RFC1274_ATTR_TYPE, 1 };
259 CONST_OID rfc1274Mail[] = { RFC1274_ATTR_TYPE, 3 };
260 CONST_OID rfc2247DomainComponent[] = { RFC1274_ATTR_TYPE, 25 };
261
262 /* Netscape private certificate extensions */
263 CONST_OID nsCertExtNetscapeOK[] = { NS_CERT_EXT, 1 };
264 CONST_OID nsCertExtIssuerLogo[] = { NS_CERT_EXT, 2 };
265 CONST_OID nsCertExtSubjectLogo[] = { NS_CERT_EXT, 3 };
266 CONST_OID nsExtCertType[] = { NETSCAPE_CERT_EXT, 0x01 };
267 CONST_OID nsExtBaseURL[] = { NETSCAPE_CERT_EXT, 0x02 };
268 CONST_OID nsExtRevocationURL[] = { NETSCAPE_CERT_EXT, 0x03 };
269 CONST_OID nsExtCARevocationURL[] = { NETSCAPE_CERT_EXT, 0x04 };
270 CONST_OID nsExtCACRLURL[] = { NETSCAPE_CERT_EXT, 0x05 };
271 CONST_OID nsExtCACertURL[] = { NETSCAPE_CERT_EXT, 0x06 };
272 CONST_OID nsExtCertRenewalURL[] = { NETSCAPE_CERT_EXT, 0x07 };
273 CONST_OID nsExtCAPolicyURL[] = { NETSCAPE_CERT_EXT, 0x08 };
274 CONST_OID nsExtHomepageURL[] = { NETSCAPE_CERT_EXT, 0x09 };
275 CONST_OID nsExtEntityLogo[] = { NETSCAPE_CERT_EXT, 0x0a };
276 CONST_OID nsExtUserPicture[] = { NETSCAPE_CERT_EXT, 0x0b };
277 CONST_OID nsExtSSLServerName[] = { NETSCAPE_CERT_EXT, 0x0c };
278 CONST_OID nsExtComment[] = { NETSCAPE_CERT_EXT, 0x0d };
279
280 /* the following 2 extensions are defined for and used by Cartman(NSM) */
281 CONST_OID nsExtLostPasswordURL[] = { NETSCAPE_CERT_EXT, 0x0e };
282 CONST_OID nsExtCertRenewalTime[] = { NETSCAPE_CERT_EXT, 0x0f };
283
284 CONST_OID nsExtAIACertRenewal[] = { NETSCAPE_CERT_EXT_AIA, 0x01 };
285 CONST_OID nsExtCertScopeOfUse[] = { NETSCAPE_CERT_EXT, 0x11 };
286 /* Reserved Netscape (2 16 840 1 113730 1 18) = { NETSCAPE_CERT_EXT, 0x12 }; */
287
288 /* Netscape policy values */
289 CONST_OID nsKeyUsageGovtApproved[] = { NETSCAPE_POLICY, 0x01 };
290
291 /* Netscape other name types */
292 CONST_OID netscapeNickname[] = { NETSCAPE_NAME_COMPONENTS, 0x01};
293 /* Reserved Netscape REF605437
294 (2 16 840 1 113730 7 2) = { NETSCAPE_NAME_COMPONENTS, 0x02 }; */
295
296 /* OIDs needed for cert server */
297 CONST_OID netscapeRecoveryRequest[] = { NETSCAPE_CERT_SERVER_CRMF, 0x01 };
298
299
300 /* Standard x.509 v3 Certificate Extensions */
301 CONST_OID x509SubjectDirectoryAttr[] = { ID_CE_OID, 9 };
302 CONST_OID x509SubjectKeyID[] = { ID_CE_OID, 14 };
303 CONST_OID x509KeyUsage[] = { ID_CE_OID, 15 };
304 CONST_OID x509PrivateKeyUsagePeriod[] = { ID_CE_OID, 16 };
305 CONST_OID x509SubjectAltName[] = { ID_CE_OID, 17 };
306 CONST_OID x509IssuerAltName[] = { ID_CE_OID, 18 };
307 CONST_OID x509BasicConstraints[] = { ID_CE_OID, 19 };
308 CONST_OID x509NameConstraints[] = { ID_CE_OID, 30 };
309 CONST_OID x509CRLDistPoints[] = { ID_CE_OID, 31 };
310 CONST_OID x509CertificatePolicies[] = { ID_CE_OID, 32 };
311 CONST_OID x509PolicyMappings[] = { ID_CE_OID, 33 };
312 CONST_OID x509PolicyConstraints[] = { ID_CE_OID, 34 };
313 CONST_OID x509AuthKeyID[] = { ID_CE_OID, 35 };
314 CONST_OID x509ExtKeyUsage[] = { ID_CE_OID, 37 };
315 CONST_OID x509AuthInfoAccess[] = { PKIX_CERT_EXTENSIONS, 1 };
316
317 /* Standard x.509 v3 CRL Extensions */
318 CONST_OID x509CrlNumber[] = { ID_CE_OID, 20};
319 CONST_OID x509ReasonCode[] = { ID_CE_OID, 21};
320 CONST_OID x509InvalidDate[] = { ID_CE_OID, 24};
321
322 /* pkcs 12 additions */
323 CONST_OID pkcs12[] = { PKCS12 };
324 CONST_OID pkcs12ModeIDs[] = { PKCS12_MODE_IDS };
325 CONST_OID pkcs12ESPVKIDs[] = { PKCS12_ESPVK_IDS };
326 CONST_OID pkcs12BagIDs[] = { PKCS12_BAG_IDS };
327 CONST_OID pkcs12CertBagIDs[] = { PKCS12_CERT_BAG_IDS };
328 CONST_OID pkcs12OIDs[] = { PKCS12_OIDS };
329 CONST_OID pkcs12PBEIDs[] = { PKCS12_PBE_IDS };
330 CONST_OID pkcs12EnvelopingIDs[] = { PKCS12_ENVELOPING_IDS };
331 CONST_OID pkcs12SignatureIDs[] = { PKCS12_SIGNATURE_IDS };
332 CONST_OID pkcs12PKCS8KeyShrouding[] = { PKCS12_ESPVK_IDS, 0x01 };
333 CONST_OID pkcs12KeyBagID[] = { PKCS12_BAG_IDS, 0x01 };
334 CONST_OID pkcs12CertAndCRLBagID[] = { PKCS12_BAG_IDS, 0x02 };
335 CONST_OID pkcs12SecretBagID[] = { PKCS12_BAG_IDS, 0x03 };
336 CONST_OID pkcs12X509CertCRLBag[] = { PKCS12_CERT_BAG_IDS, 0x01 };
337 CONST_OID pkcs12SDSICertBag[] = { PKCS12_CERT_BAG_IDS, 0x02 };
338 CONST_OID pkcs12PBEWithSha1And128BitRC4[] = { PKCS12_PBE_IDS, 0x01 };
339 CONST_OID pkcs12PBEWithSha1And40BitRC4[] = { PKCS12_PBE_IDS, 0x02 };
340 CONST_OID pkcs12PBEWithSha1AndTripleDESCBC[] = { PKCS12_PBE_IDS, 0x03 };
341 CONST_OID pkcs12PBEWithSha1And128BitRC2CBC[] = { PKCS12_PBE_IDS, 0x04 };
342 CONST_OID pkcs12PBEWithSha1And40BitRC2CBC[] = { PKCS12_PBE_IDS, 0x05 };
343 CONST_OID pkcs12RSAEncryptionWith128BitRC4[] = { PKCS12_ENVELOPING_IDS, 0x01 };
344 CONST_OID pkcs12RSAEncryptionWith40BitRC4[] = { PKCS12_ENVELOPING_IDS, 0x02 };
345 CONST_OID pkcs12RSAEncryptionWithTripleDES[] = { PKCS12_ENVELOPING_IDS, 0x03 };
346 CONST_OID pkcs12RSASignatureWithSHA1Digest[] = { PKCS12_SIGNATURE_IDS, 0x01 };
347
348 /* pkcs 12 version 1.0 ids */
349 CONST_OID pkcs12V2PBEWithSha1And128BitRC4[] = { PKCS12_V2_PBE_IDS, 0x01 };
350 CONST_OID pkcs12V2PBEWithSha1And40BitRC4[] = { PKCS12_V2_PBE_IDS, 0x02 };
351 CONST_OID pkcs12V2PBEWithSha1And3KeyTripleDEScbc[]= { PKCS12_V2_PBE_IDS, 0x03 };
352 CONST_OID pkcs12V2PBEWithSha1And2KeyTripleDEScbc[]= { PKCS12_V2_PBE_IDS, 0x04 };
353 CONST_OID pkcs12V2PBEWithSha1And128BitRC2cbc[] = { PKCS12_V2_PBE_IDS, 0x05 };
354 CONST_OID pkcs12V2PBEWithSha1And40BitRC2cbc[] = { PKCS12_V2_PBE_IDS, 0x06 };
355
356 CONST_OID pkcs12SafeContentsID[] = { PKCS12_BAG_IDS, 0x04 };
357 CONST_OID pkcs12PKCS8ShroudedKeyBagID[] = { PKCS12_BAG_IDS, 0x05 };
358
359 CONST_OID pkcs12V1KeyBag[] = { PKCS12_V1_BAG_IDS, 0x01 };
360 CONST_OID pkcs12V1PKCS8ShroudedKeyBag[] = { PKCS12_V1_BAG_IDS, 0x02 };
361 CONST_OID pkcs12V1CertBag[] = { PKCS12_V1_BAG_IDS, 0x03 };
362 CONST_OID pkcs12V1CRLBag[] = { PKCS12_V1_BAG_IDS, 0x04 };
363 CONST_OID pkcs12V1SecretBag[] = { PKCS12_V1_BAG_IDS, 0x05 };
364 CONST_OID pkcs12V1SafeContentsBag[] = { PKCS12_V1_BAG_IDS, 0x06 };
365
366 CONST_OID pkcs12KeyUsageAttr[] = { 2, 5, 29, 15 };
367
368 CONST_OID ansix9DSASignature[] = { ANSI_X9_ALGORITHM, 0x01 };
369 CONST_OID ansix9DSASignaturewithSHA1Digest[] = { ANSI_X9_ALGORITHM, 0x03 };
370
371 /* verisign OIDs */
372 CONST_OID verisignUserNotices[] = { VERISIGN, 1, 7, 1, 1 };
373
374 /* pkix OIDs */
375 CONST_OID pkixCPSPointerQualifier[] = { PKIX_POLICY_QUALIFIERS, 1 };
376 CONST_OID pkixUserNoticeQualifier[] = { PKIX_POLICY_QUALIFIERS, 2 };
377
378 CONST_OID pkixOCSP[] = { PKIX_OCSP };
379 CONST_OID pkixOCSPBasicResponse[] = { PKIX_OCSP, 1 };
380 CONST_OID pkixOCSPNonce[] = { PKIX_OCSP, 2 };
381 CONST_OID pkixOCSPCRL[] = { PKIX_OCSP, 3 };
382 CONST_OID pkixOCSPResponse[] = { PKIX_OCSP, 4 };
383 CONST_OID pkixOCSPNoCheck[] = { PKIX_OCSP, 5 };
384 CONST_OID pkixOCSPArchiveCutoff[] = { PKIX_OCSP, 6 };
385 CONST_OID pkixOCSPServiceLocator[] = { PKIX_OCSP, 7 };
386
387 CONST_OID pkixRegCtrlRegToken[] = { PKIX_ID_REGCTRL, 1};
388 CONST_OID pkixRegCtrlAuthenticator[] = { PKIX_ID_REGCTRL, 2};
389 CONST_OID pkixRegCtrlPKIPubInfo[] = { PKIX_ID_REGCTRL, 3};
390 CONST_OID pkixRegCtrlPKIArchOptions[] = { PKIX_ID_REGCTRL, 4};
391 CONST_OID pkixRegCtrlOldCertID[] = { PKIX_ID_REGCTRL, 5};
392 CONST_OID pkixRegCtrlProtEncKey[] = { PKIX_ID_REGCTRL, 6};
393 CONST_OID pkixRegInfoUTF8Pairs[] = { PKIX_ID_REGINFO, 1};
394 CONST_OID pkixRegInfoCertReq[] = { PKIX_ID_REGINFO, 2};
395
396 CONST_OID pkixExtendedKeyUsageServerAuth[] = { PKIX_KEY_USAGE, 1 };
397 CONST_OID pkixExtendedKeyUsageClientAuth[] = { PKIX_KEY_USAGE, 2 };
398 CONST_OID pkixExtendedKeyUsageCodeSign[] = { PKIX_KEY_USAGE, 3 };
399 CONST_OID pkixExtendedKeyUsageEMailProtect[] = { PKIX_KEY_USAGE, 4 };
400 CONST_OID pkixExtendedKeyUsageTimeStamp[] = { PKIX_KEY_USAGE, 8 };
401 CONST_OID pkixOCSPResponderExtendedKeyUsage[] = { PKIX_KEY_USAGE, 9 };
402
403 /* OIDs for Netscape defined algorithms */
404 CONST_OID netscapeSMimeKEA[] = { NETSCAPE_ALGS, 0x01 };
405
406 /* Fortezza algorithm OIDs */
407 CONST_OID skipjackCBC[] = { FORTEZZA_ALG, 0x04 };
408 CONST_OID dhPublicKey[] = { ANSI_X942_ALGORITHM, 0x1 };
409
410 CONST_OID aes128_ECB[] = { AES, 1 };
411 CONST_OID aes128_CBC[] = { AES, 2 };
412 #ifdef DEFINE_ALL_AES_CIPHERS
413 CONST_OID aes128_OFB[] = { AES, 3 };
414 CONST_OID aes128_CFB[] = { AES, 4 };
415 #endif
416 CONST_OID aes128_KEY_WRAP[] = { AES, 5 };
417
418 CONST_OID aes192_ECB[] = { AES, 21 };
419 CONST_OID aes192_CBC[] = { AES, 22 };
420 #ifdef DEFINE_ALL_AES_CIPHERS
421 CONST_OID aes192_OFB[] = { AES, 23 };
422 CONST_OID aes192_CFB[] = { AES, 24 };
423 #endif
424 CONST_OID aes192_KEY_WRAP[] = { AES, 25 };
425
426 CONST_OID aes256_ECB[] = { AES, 41 };
427 CONST_OID aes256_CBC[] = { AES, 42 };
428 #ifdef DEFINE_ALL_AES_CIPHERS
429 CONST_OID aes256_OFB[] = { AES, 43 };
430 CONST_OID aes256_CFB[] = { AES, 44 };
431 #endif
432 CONST_OID aes256_KEY_WRAP[] = { AES, 45 };
433
434 CONST_OID sha256[] = { SHAXXX, 1 };
435 CONST_OID sha384[] = { SHAXXX, 2 };
436 CONST_OID sha512[] = { SHAXXX, 3 };
437 CONST_OID sha224[] = { SHAXXX, 4 };
438
439 #define OI(x) { sizeof x, (uint8_t *)x }
440 #ifndef SECOID_NO_STRINGS
441 #if USE_CDSA_CRYPTO
442 #define OD(oid,tag,desc,mech,ext) { OI(oid), tag, desc, mech, ext }
443 #else
444 #define OD(oid,tag,desc,mech,ext) { OI(oid), tag, desc, ext }
445 #endif
446 #else
447 #define OD(oid,tag,desc,mech,ext) { OI(oid), tag, 0, mech, ext }
448 #endif
449
450 #if 0 // !USE_CDSA_CRYPTO
451
452 enum {
453 CSSM_ALGID_NONE = 0,
454 CSSM_ALGID_CUSTOM = CSSM_ALGID_NONE + 1,
455 CSSM_ALGID_DH = CSSM_ALGID_NONE + 2,
456 CSSM_ALGID_PH = CSSM_ALGID_NONE + 3,
457 CSSM_ALGID_KEA = CSSM_ALGID_NONE + 4,
458 CSSM_ALGID_MD2 = CSSM_ALGID_NONE + 5,
459 CSSM_ALGID_MD4 = CSSM_ALGID_NONE + 6,
460 CSSM_ALGID_MD5 = CSSM_ALGID_NONE + 7,
461 CSSM_ALGID_SHA1 = CSSM_ALGID_NONE + 8,
462 CSSM_ALGID_NHASH = CSSM_ALGID_NONE + 9,
463 CSSM_ALGID_HAVAL = CSSM_ALGID_NONE + 10,
464 CSSM_ALGID_RIPEMD = CSSM_ALGID_NONE + 11,
465 CSSM_ALGID_IBCHASH = CSSM_ALGID_NONE + 12,
466 CSSM_ALGID_RIPEMAC = CSSM_ALGID_NONE + 13,
467 CSSM_ALGID_DES = CSSM_ALGID_NONE + 14,
468 CSSM_ALGID_DESX = CSSM_ALGID_NONE + 15,
469 CSSM_ALGID_RDES = CSSM_ALGID_NONE + 16,
470 CSSM_ALGID_3DES_3KEY_EDE = CSSM_ALGID_NONE + 17,
471 CSSM_ALGID_3DES_2KEY_EDE = CSSM_ALGID_NONE + 18,
472 CSSM_ALGID_3DES_1KEY_EEE = CSSM_ALGID_NONE + 19,
473 CSSM_ALGID_3DES_3KEY = CSSM_ALGID_3DES_3KEY_EDE,
474 CSSM_ALGID_3DES_3KEY_EEE = CSSM_ALGID_NONE + 20,
475 CSSM_ALGID_3DES_2KEY = CSSM_ALGID_3DES_2KEY_EDE,
476 CSSM_ALGID_3DES_2KEY_EEE = CSSM_ALGID_NONE + 21,
477 CSSM_ALGID_3DES_1KEY = CSSM_ALGID_3DES_3KEY_EEE,
478 CSSM_ALGID_IDEA = CSSM_ALGID_NONE + 22,
479 CSSM_ALGID_RC2 = CSSM_ALGID_NONE + 23,
480 CSSM_ALGID_RC5 = CSSM_ALGID_NONE + 24,
481 CSSM_ALGID_RC4 = CSSM_ALGID_NONE + 25,
482 CSSM_ALGID_SEAL = CSSM_ALGID_NONE + 26,
483 CSSM_ALGID_CAST = CSSM_ALGID_NONE + 27,
484 CSSM_ALGID_BLOWFISH = CSSM_ALGID_NONE + 28,
485 CSSM_ALGID_SKIPJACK = CSSM_ALGID_NONE + 29,
486 CSSM_ALGID_LUCIFER = CSSM_ALGID_NONE + 30,
487 CSSM_ALGID_MADRYGA = CSSM_ALGID_NONE + 31,
488 CSSM_ALGID_FEAL = CSSM_ALGID_NONE + 32,
489 CSSM_ALGID_REDOC = CSSM_ALGID_NONE + 33,
490 CSSM_ALGID_REDOC3 = CSSM_ALGID_NONE + 34,
491 CSSM_ALGID_LOKI = CSSM_ALGID_NONE + 35,
492 CSSM_ALGID_KHUFU = CSSM_ALGID_NONE + 36,
493 CSSM_ALGID_KHAFRE = CSSM_ALGID_NONE + 37,
494 CSSM_ALGID_MMB = CSSM_ALGID_NONE + 38,
495 CSSM_ALGID_GOST = CSSM_ALGID_NONE + 39,
496 CSSM_ALGID_SAFER = CSSM_ALGID_NONE + 40,
497 CSSM_ALGID_CRAB = CSSM_ALGID_NONE + 41,
498 CSSM_ALGID_RSA = CSSM_ALGID_NONE + 42,
499 CSSM_ALGID_DSA = CSSM_ALGID_NONE + 43,
500 CSSM_ALGID_MD5WithRSA = CSSM_ALGID_NONE + 44,
501 CSSM_ALGID_MD2WithRSA = CSSM_ALGID_NONE + 45,
502 CSSM_ALGID_ElGamal = CSSM_ALGID_NONE + 46,
503 CSSM_ALGID_MD2Random = CSSM_ALGID_NONE + 47,
504 CSSM_ALGID_MD5Random = CSSM_ALGID_NONE + 48,
505 CSSM_ALGID_SHARandom = CSSM_ALGID_NONE + 49,
506 CSSM_ALGID_DESRandom = CSSM_ALGID_NONE + 50,
507 CSSM_ALGID_SHA1WithRSA = CSSM_ALGID_NONE + 51,
508 CSSM_ALGID_CDMF = CSSM_ALGID_NONE + 52,
509 CSSM_ALGID_CAST3 = CSSM_ALGID_NONE + 53,
510 CSSM_ALGID_CAST5 = CSSM_ALGID_NONE + 54,
511 CSSM_ALGID_GenericSecret = CSSM_ALGID_NONE + 55,
512 CSSM_ALGID_ConcatBaseAndKey = CSSM_ALGID_NONE + 56,
513 CSSM_ALGID_ConcatKeyAndBase = CSSM_ALGID_NONE + 57,
514 CSSM_ALGID_ConcatBaseAndData = CSSM_ALGID_NONE + 58,
515 CSSM_ALGID_ConcatDataAndBase = CSSM_ALGID_NONE + 59,
516 CSSM_ALGID_XORBaseAndData = CSSM_ALGID_NONE + 60,
517 CSSM_ALGID_ExtractFromKey = CSSM_ALGID_NONE + 61,
518 CSSM_ALGID_SSL3PreMasterGen = CSSM_ALGID_NONE + 62,
519 CSSM_ALGID_SSL3MasterDerive = CSSM_ALGID_NONE + 63,
520 CSSM_ALGID_SSL3KeyAndMacDerive = CSSM_ALGID_NONE + 64,
521 CSSM_ALGID_SSL3MD5_MAC = CSSM_ALGID_NONE + 65,
522 CSSM_ALGID_SSL3SHA1_MAC = CSSM_ALGID_NONE + 66,
523 CSSM_ALGID_PKCS5_PBKDF1_MD5 = CSSM_ALGID_NONE + 67,
524 CSSM_ALGID_PKCS5_PBKDF1_MD2 = CSSM_ALGID_NONE + 68,
525 CSSM_ALGID_PKCS5_PBKDF1_SHA1 = CSSM_ALGID_NONE + 69,
526 CSSM_ALGID_WrapLynks = CSSM_ALGID_NONE + 70,
527 CSSM_ALGID_WrapSET_OAEP = CSSM_ALGID_NONE + 71,
528 CSSM_ALGID_BATON = CSSM_ALGID_NONE + 72,
529 CSSM_ALGID_ECDSA = CSSM_ALGID_NONE + 73,
530 CSSM_ALGID_MAYFLY = CSSM_ALGID_NONE + 74,
531 CSSM_ALGID_JUNIPER = CSSM_ALGID_NONE + 75,
532 CSSM_ALGID_FASTHASH = CSSM_ALGID_NONE + 76,
533 CSSM_ALGID_3DES = CSSM_ALGID_NONE + 77,
534 CSSM_ALGID_SSL3MD5 = CSSM_ALGID_NONE + 78,
535 CSSM_ALGID_SSL3SHA1 = CSSM_ALGID_NONE + 79,
536 CSSM_ALGID_FortezzaTimestamp = CSSM_ALGID_NONE + 80,
537 CSSM_ALGID_SHA1WithDSA = CSSM_ALGID_NONE + 81,
538 CSSM_ALGID_SHA1WithECDSA = CSSM_ALGID_NONE + 82,
539 CSSM_ALGID_DSA_BSAFE = CSSM_ALGID_NONE + 83,
540 CSSM_ALGID_ECDH = CSSM_ALGID_NONE + 84,
541 CSSM_ALGID_ECMQV = CSSM_ALGID_NONE + 85,
542 CSSM_ALGID_PKCS12_SHA1_PBE = CSSM_ALGID_NONE + 86,
543 CSSM_ALGID_ECNRA = CSSM_ALGID_NONE + 87,
544 CSSM_ALGID_SHA1WithECNRA = CSSM_ALGID_NONE + 88,
545 CSSM_ALGID_ECES = CSSM_ALGID_NONE + 89,
546 CSSM_ALGID_ECAES = CSSM_ALGID_NONE + 90,
547 CSSM_ALGID_SHA1HMAC = CSSM_ALGID_NONE + 91,
548 CSSM_ALGID_FIPS186Random = CSSM_ALGID_NONE + 92,
549 CSSM_ALGID_ECC = CSSM_ALGID_NONE + 93,
550 CSSM_ALGID_MQV = CSSM_ALGID_NONE + 94,
551 CSSM_ALGID_NRA = CSSM_ALGID_NONE + 95,
552 CSSM_ALGID_IntelPlatformRandom = CSSM_ALGID_NONE + 96,
553 CSSM_ALGID_UTC = CSSM_ALGID_NONE + 97,
554 CSSM_ALGID_HAVAL3 = CSSM_ALGID_NONE + 98,
555 CSSM_ALGID_HAVAL4 = CSSM_ALGID_NONE + 99,
556 CSSM_ALGID_HAVAL5 = CSSM_ALGID_NONE + 100,
557 CSSM_ALGID_TIGER = CSSM_ALGID_NONE + 101,
558 CSSM_ALGID_MD5HMAC = CSSM_ALGID_NONE + 102,
559 CSSM_ALGID_PKCS5_PBKDF2 = CSSM_ALGID_NONE + 103,
560 CSSM_ALGID_RUNNING_COUNTER = CSSM_ALGID_NONE + 104,
561 CSSM_ALGID_LAST = CSSM_ALGID_NONE + 0x7FFFFFFF,
562 /* All algorithms IDs that are vendor specific, and not
563 part of the CSSM specification should be defined relative
564 to CSSM_ALGID_VENDOR_DEFINED. */
565 CSSM_ALGID_VENDOR_DEFINED = CSSM_ALGID_NONE + 0x80000000
566 };
567
568 enum
569 {
570 CSSM_ALGID_APPLE_YARROW = CSSM_ALGID_VENDOR_DEFINED,
571 CSSM_ALGID_AES, /* RijnDael */
572 CSSM_ALGID_FEE, /* FEE Key Generation */
573 CSSM_ALGID_FEE_MD5, /* FEE/ElGamal signature w/ MD5
574 hash */
575 CSSM_ALGID_FEE_SHA1, /* FEE/ElGamal signature w/ SHA1 hash */
576 CSSM_ALGID_FEED, /* 1:1 FEE asymmetric encryption
577 */
578 CSSM_ALGID_FEEDEXP, /* 2:1 FEE asymmetric encryption
579 */
580 CSSM_ALGID_ASC, /* Apple Secure Compression */
581 CSSM_ALGID_SHA1HMAC_LEGACY, /* HMAC/SHA1, legacy compatible */
582 CSSM_ALGID_KEYCHAIN_KEY, /* derive or manipulate keychain master
583 keys */
584 CSSM_ALGID_PKCS12_PBE_ENCR, /* PKCS12, encrypt/decrypt key */
585 CSSM_ALGID_PKCS12_PBE_MAC, /* PKCS12, MAC key */
586 CSSM_ALGID_SECURE_PASSPHRASE, /* passphrase acquired by SecurityServer
587 */
588 CSSM_ALGID_PBE_OPENSSL_MD5, /* traditional openssl key derivation */
589 CSSM_ALGID_SHA256, /* 256-bit SHA2 */
590 CSSM_ALGID_SHA384, /* 384-bit SHA2 */
591 CSSM_ALGID_SHA512, /* 512-bit SHA2 */
592 CSSM_ALGID_ENTROPY_DEFAULT, /* default entropy source of (CSP) devic
593 e, if any */
594 CSSM_ALGID_SHA224, /* SHA2, 224 bit */
595 CSSM_ALGID_SHA224WithRSA, /* RSA signature on SHA224 digest */
596 CSSM_ALGID_SHA256WithRSA, /* RSA signature on SHA256 digest */
597 CSSM_ALGID_SHA384WithRSA, /* RSA signature on SHA384 digest */
598 CSSM_ALGID_SHA512WithRSA, /* RSA signature on SHA512 digest */
599 CSSM_ALGID_OPENSSH1, /* OpenSSH v1 RSA key wrapping */
600 CSSM_ALGID__FIRST_UNUSED
601 };
602
603 #endif
604
605
606 /*
607 NOTE: the order of these entries must mach the SECOidTag enum in secoidt.h!
608 @@@ We are sticking a enum type in a field of type SecAsn1AlgId, which is
609 defined as:
610 typedef struct {
611 SecAsn1Oid algorithm;
612 SecAsn1Item parameters;
613 } SecAsn1AlgId;
614 */
615 static const SECOidData oids[] = {
616 OD( null_oid, SEC_OID_UNKNOWN, "Unknown OID", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
617 OD( md2, SEC_OID_MD2, "MD2", CSSM_ALGID_MD2, INVALID_CERT_EXTENSION ),
618 OD( md4, SEC_OID_MD4, "MD4", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
619 OD( md5, SEC_OID_MD5, "MD5", CSSM_ALGID_MD5, INVALID_CERT_EXTENSION ),
620 OD( sha1, SEC_OID_SHA1, "SHA-1", CSSM_ALGID_SHA1, INVALID_CERT_EXTENSION ),
621 OD( rc2cbc, SEC_OID_RC2_CBC,
622 "RC2-CBC", CSSM_ALGID_RC2, INVALID_CERT_EXTENSION ),
623 OD( rc4, SEC_OID_RC4, "RC4", CSSM_ALGID_RC4, INVALID_CERT_EXTENSION ),
624 OD( desede3cbc, SEC_OID_DES_EDE3_CBC,
625 "DES-EDE3-CBC", CSSM_ALGID_3DES_3KEY_EDE, INVALID_CERT_EXTENSION ),
626 OD( rc5cbcpad, SEC_OID_RC5_CBC_PAD,
627 "RC5-CBCPad", CSSM_ALGID_RC5, INVALID_CERT_EXTENSION ),
628 OD( desecb, SEC_OID_DES_ECB,
629 "DES-ECB", CSSM_ALGID_DES, INVALID_CERT_EXTENSION ),
630 OD( descbc, SEC_OID_DES_CBC,
631 "DES-CBC", CSSM_ALGID_DES, INVALID_CERT_EXTENSION ),
632 OD( desofb, SEC_OID_DES_OFB,
633 "DES-OFB", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
634 OD( descfb, SEC_OID_DES_CFB,
635 "DES-CFB", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
636 OD( desmac, SEC_OID_DES_MAC,
637 "DES-MAC", CSSM_ALGID_DES, INVALID_CERT_EXTENSION ),
638 OD( desede, SEC_OID_DES_EDE,
639 "DES-EDE", CSSM_ALGID_3DES_3KEY_EDE, INVALID_CERT_EXTENSION ),
640 OD( isoSHAWithRSASignature, SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE,
641 "ISO SHA with RSA Signature",
642 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
643 OD( pkcs1RSAEncryption, SEC_OID_PKCS1_RSA_ENCRYPTION,
644 "PKCS #1 RSA Encryption", CSSM_ALGID_RSA, INVALID_CERT_EXTENSION ),
645
646 /* the following Signing CSSM_ALGORITHMS should get new CKM_ values when
647 * values for CKM_RSA_WITH_MDX and CKM_RSA_WITH_SHA_1 get defined in
648 * PKCS #11.
649 */
650 OD( pkcs1MD2WithRSAEncryption, SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION,
651 "PKCS #1 MD2 With RSA Encryption", CSSM_ALGID_MD2WithRSA,
652 INVALID_CERT_EXTENSION ),
653 OD( pkcs1MD4WithRSAEncryption, SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION,
654 "PKCS #1 MD4 With RSA Encryption",
655 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
656 OD( pkcs1MD5WithRSAEncryption, SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION,
657 "PKCS #1 MD5 With RSA Encryption", CSSM_ALGID_MD5WithRSA,
658 INVALID_CERT_EXTENSION ),
659 OD( pkcs1SHA1WithRSAEncryption, SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION,
660 "PKCS #1 SHA-1 With RSA Encryption", CSSM_ALGID_SHA1WithRSA,
661 INVALID_CERT_EXTENSION ),
662
663 OD( pkcs5PbeWithMD2AndDEScbc, SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC,
664 "PKCS #5 Password Based Encryption with MD2 and DES CBC",
665 CSSM_ALGID_PKCS5_PBKDF1_MD2, INVALID_CERT_EXTENSION ),
666 OD( pkcs5PbeWithMD5AndDEScbc, SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC,
667 "PKCS #5 Password Based Encryption with MD5 and DES CBC",
668 CSSM_ALGID_PKCS5_PBKDF1_MD5, INVALID_CERT_EXTENSION ),
669 OD( pkcs5PbeWithSha1AndDEScbc, SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC,
670 "PKCS #5 Password Based Encryption with SHA1 and DES CBC",
671 CSSM_ALGID_PKCS5_PBKDF1_SHA1, INVALID_CERT_EXTENSION ),
672 OD( pkcs7, SEC_OID_PKCS7,
673 "PKCS #7", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
674 OD( pkcs7Data, SEC_OID_PKCS7_DATA,
675 "PKCS #7 Data", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
676 OD( pkcs7SignedData, SEC_OID_PKCS7_SIGNED_DATA,
677 "PKCS #7 Signed Data", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
678 OD( pkcs7EnvelopedData, SEC_OID_PKCS7_ENVELOPED_DATA,
679 "PKCS #7 Enveloped Data",
680 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
681 OD( pkcs7SignedEnvelopedData, SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA,
682 "PKCS #7 Signed And Enveloped Data",
683 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
684 OD( pkcs7DigestedData, SEC_OID_PKCS7_DIGESTED_DATA,
685 "PKCS #7 Digested Data",
686 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
687 OD( pkcs7EncryptedData, SEC_OID_PKCS7_ENCRYPTED_DATA,
688 "PKCS #7 Encrypted Data",
689 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
690 OD( pkcs9EmailAddress, SEC_OID_PKCS9_EMAIL_ADDRESS,
691 "PKCS #9 Email Address",
692 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
693 OD( pkcs9UnstructuredName, SEC_OID_PKCS9_UNSTRUCTURED_NAME,
694 "PKCS #9 Unstructured Name",
695 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
696 OD( pkcs9ContentType, SEC_OID_PKCS9_CONTENT_TYPE,
697 "PKCS #9 Content Type",
698 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
699 OD( pkcs9MessageDigest, SEC_OID_PKCS9_MESSAGE_DIGEST,
700 "PKCS #9 Message Digest",
701 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
702 OD( pkcs9SigningTime, SEC_OID_PKCS9_SIGNING_TIME,
703 "PKCS #9 Signing Time",
704 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
705 OD( pkcs9CounterSignature, SEC_OID_PKCS9_COUNTER_SIGNATURE,
706 "PKCS #9 Counter Signature",
707 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
708 OD( pkcs9ChallengePassword, SEC_OID_PKCS9_CHALLENGE_PASSWORD,
709 "PKCS #9 Challenge Password",
710 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
711 OD( pkcs9UnstructuredAddress, SEC_OID_PKCS9_UNSTRUCTURED_ADDRESS,
712 "PKCS #9 Unstructured Address",
713 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
714 OD( pkcs9ExtendedCertificateAttributes,
715 SEC_OID_PKCS9_EXTENDED_CERTIFICATE_ATTRIBUTES,
716 "PKCS #9 Extended Certificate Attributes",
717 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
718 OD( pkcs9SMIMECapabilities, SEC_OID_PKCS9_SMIME_CAPABILITIES,
719 "PKCS #9 S/MIME Capabilities",
720 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
721 OD( x520CommonName, SEC_OID_AVA_COMMON_NAME,
722 "X520 Common Name", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
723 OD( x520CountryName, SEC_OID_AVA_COUNTRY_NAME,
724 "X520 Country Name", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
725 OD( x520LocalityName, SEC_OID_AVA_LOCALITY,
726 "X520 Locality Name", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
727 OD( x520StateOrProvinceName, SEC_OID_AVA_STATE_OR_PROVINCE,
728 "X520 State Or Province Name",
729 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
730 OD( x520OrgName, SEC_OID_AVA_ORGANIZATION_NAME,
731 "X520 Organization Name",
732 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
733 OD( x520OrgUnitName, SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME,
734 "X520 Organizational Unit Name",
735 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
736 OD( x520DnQualifier, SEC_OID_AVA_DN_QUALIFIER,
737 "X520 DN Qualifier", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
738 OD( rfc2247DomainComponent, SEC_OID_AVA_DC,
739 "RFC 2247 Domain Component",
740 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
741
742 OD( nsTypeGIF, SEC_OID_NS_TYPE_GIF,
743 "GIF", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
744 OD( nsTypeJPEG, SEC_OID_NS_TYPE_JPEG,
745 "JPEG", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
746 OD( nsTypeURL, SEC_OID_NS_TYPE_URL,
747 "URL", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
748 OD( nsTypeHTML, SEC_OID_NS_TYPE_HTML,
749 "HTML", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
750 OD( nsTypeCertSeq, SEC_OID_NS_TYPE_CERT_SEQUENCE,
751 "Certificate Sequence",
752 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
753 OD( missiCertKEADSSOld, SEC_OID_MISSI_KEA_DSS_OLD,
754 "MISSI KEA and DSS Algorithm (Old)",
755 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
756 OD( missiCertDSSOld, SEC_OID_MISSI_DSS_OLD,
757 "MISSI DSS Algorithm (Old)",
758 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
759 OD( missiCertKEADSS, SEC_OID_MISSI_KEA_DSS,
760 "MISSI KEA and DSS Algorithm",
761 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
762 OD( missiCertDSS, SEC_OID_MISSI_DSS,
763 "MISSI DSS Algorithm",
764 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
765 OD( missiCertKEA, SEC_OID_MISSI_KEA,
766 "MISSI KEA Algorithm",
767 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
768 OD( missiCertAltKEA, SEC_OID_MISSI_ALT_KEA,
769 "MISSI Alternate KEA Algorithm",
770 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
771
772 /* Netscape private extensions */
773 OD( nsCertExtNetscapeOK, SEC_OID_NS_CERT_EXT_NETSCAPE_OK,
774 "Netscape says this cert is OK",
775 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
776 OD( nsCertExtIssuerLogo, SEC_OID_NS_CERT_EXT_ISSUER_LOGO,
777 "Certificate Issuer Logo",
778 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
779 OD( nsCertExtSubjectLogo, SEC_OID_NS_CERT_EXT_SUBJECT_LOGO,
780 "Certificate Subject Logo",
781 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
782 OD( nsExtCertType, SEC_OID_NS_CERT_EXT_CERT_TYPE,
783 "Certificate Type",
784 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
785 OD( nsExtBaseURL, SEC_OID_NS_CERT_EXT_BASE_URL,
786 "Certificate Extension Base URL",
787 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
788 OD( nsExtRevocationURL, SEC_OID_NS_CERT_EXT_REVOCATION_URL,
789 "Certificate Revocation URL",
790 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
791 OD( nsExtCARevocationURL, SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL,
792 "Certificate Authority Revocation URL",
793 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
794 OD( nsExtCACRLURL, SEC_OID_NS_CERT_EXT_CA_CRL_URL,
795 "Certificate Authority CRL Download URL",
796 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
797 OD( nsExtCACertURL, SEC_OID_NS_CERT_EXT_CA_CERT_URL,
798 "Certificate Authority Certificate Download URL",
799 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
800 OD( nsExtCertRenewalURL, SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL,
801 "Certificate Renewal URL",
802 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
803 OD( nsExtCAPolicyURL, SEC_OID_NS_CERT_EXT_CA_POLICY_URL,
804 "Certificate Authority Policy URL",
805 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
806 OD( nsExtHomepageURL, SEC_OID_NS_CERT_EXT_HOMEPAGE_URL,
807 "Certificate Homepage URL",
808 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
809 OD( nsExtEntityLogo, SEC_OID_NS_CERT_EXT_ENTITY_LOGO,
810 "Certificate Entity Logo",
811 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
812 OD( nsExtUserPicture, SEC_OID_NS_CERT_EXT_USER_PICTURE,
813 "Certificate User Picture",
814 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
815 OD( nsExtSSLServerName, SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME,
816 "Certificate SSL Server Name",
817 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
818 OD( nsExtComment, SEC_OID_NS_CERT_EXT_COMMENT,
819 "Certificate Comment",
820 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
821 OD( nsExtLostPasswordURL, SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL,
822 "Lost Password URL",
823 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
824 OD( nsExtCertRenewalTime, SEC_OID_NS_CERT_EXT_CERT_RENEWAL_TIME,
825 "Certificate Renewal Time",
826 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
827 OD( nsKeyUsageGovtApproved, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED,
828 "Strong Crypto Export Approved",
829 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
830
831
832 /* x.509 v3 certificate extensions */
833 OD( x509SubjectDirectoryAttr, SEC_OID_X509_SUBJECT_DIRECTORY_ATTR,
834 "Certificate Subject Directory Attributes",
835 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION),
836 OD( x509SubjectKeyID, SEC_OID_X509_SUBJECT_KEY_ID,
837 "Certificate Subject Key ID",
838 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
839 OD( x509KeyUsage, SEC_OID_X509_KEY_USAGE,
840 "Certificate Key Usage",
841 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
842 OD( x509PrivateKeyUsagePeriod, SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD,
843 "Certificate Private Key Usage Period",
844 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
845 OD( x509SubjectAltName, SEC_OID_X509_SUBJECT_ALT_NAME,
846 "Certificate Subject Alt Name",
847 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
848 OD( x509IssuerAltName, SEC_OID_X509_ISSUER_ALT_NAME,
849 "Certificate Issuer Alt Name",
850 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
851 OD( x509BasicConstraints, SEC_OID_X509_BASIC_CONSTRAINTS,
852 "Certificate Basic Constraints",
853 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
854 OD( x509NameConstraints, SEC_OID_X509_NAME_CONSTRAINTS,
855 "Certificate Name Constraints",
856 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
857 OD( x509CRLDistPoints, SEC_OID_X509_CRL_DIST_POINTS,
858 "CRL Distribution Points",
859 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
860 OD( x509CertificatePolicies, SEC_OID_X509_CERTIFICATE_POLICIES,
861 "Certificate Policies",
862 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
863 OD( x509PolicyMappings, SEC_OID_X509_POLICY_MAPPINGS,
864 "Certificate Policy Mappings",
865 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
866 OD( x509PolicyConstraints, SEC_OID_X509_POLICY_CONSTRAINTS,
867 "Certificate Policy Constraints",
868 CSSM_ALGID_NONE, UNSUPPORTED_CERT_EXTENSION ),
869 OD( x509AuthKeyID, SEC_OID_X509_AUTH_KEY_ID,
870 "Certificate Authority Key Identifier",
871 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
872 OD( x509ExtKeyUsage, SEC_OID_X509_EXT_KEY_USAGE,
873 "Extended Key Usage",
874 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
875 OD( x509AuthInfoAccess, SEC_OID_X509_AUTH_INFO_ACCESS,
876 "Authority Information Access",
877 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
878
879 /* x.509 v3 CRL extensions */
880 OD( x509CrlNumber, SEC_OID_X509_CRL_NUMBER,
881 "CRL Number", CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
882 OD( x509ReasonCode, SEC_OID_X509_REASON_CODE,
883 "CRL reason code", CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
884 OD( x509InvalidDate, SEC_OID_X509_INVALID_DATE,
885 "Invalid Date", CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
886 OD( x500RSAEncryption, SEC_OID_X500_RSA_ENCRYPTION,
887 "X500 RSA Encryption", CSSM_ALGID_RSA, INVALID_CERT_EXTENSION ),
888 /* added for alg 1485 */
889 OD( rfc1274Uid, SEC_OID_RFC1274_UID,
890 "RFC1274 User Id", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
891 OD( rfc1274Mail, SEC_OID_RFC1274_MAIL,
892 "RFC1274 E-mail Address",
893 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
894
895 /* pkcs 12 additions */
896 OD( pkcs12, SEC_OID_PKCS12,
897 "PKCS #12", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
898 OD( pkcs12ModeIDs, SEC_OID_PKCS12_MODE_IDS,
899 "PKCS #12 Mode IDs", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
900 OD( pkcs12ESPVKIDs, SEC_OID_PKCS12_ESPVK_IDS,
901 "PKCS #12 ESPVK IDs", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
902 OD( pkcs12BagIDs, SEC_OID_PKCS12_BAG_IDS,
903 "PKCS #12 Bag IDs", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
904 OD( pkcs12CertBagIDs, SEC_OID_PKCS12_CERT_BAG_IDS,
905 "PKCS #12 Cert Bag IDs",
906 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
907 OD( pkcs12OIDs, SEC_OID_PKCS12_OIDS,
908 "PKCS #12 OIDs", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
909 OD( pkcs12PBEIDs, SEC_OID_PKCS12_PBE_IDS,
910 "PKCS #12 PBE IDs", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
911 OD( pkcs12SignatureIDs, SEC_OID_PKCS12_SIGNATURE_IDS,
912 "PKCS #12 Signature IDs",
913 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
914 OD( pkcs12EnvelopingIDs, SEC_OID_PKCS12_ENVELOPING_IDS,
915 "PKCS #12 Enveloping IDs",
916 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
917 OD( pkcs12PKCS8KeyShrouding, SEC_OID_PKCS12_PKCS8_KEY_SHROUDING,
918 "PKCS #12 Key Shrouding",
919 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
920 OD( pkcs12KeyBagID, SEC_OID_PKCS12_KEY_BAG_ID,
921 "PKCS #12 Key Bag ID",
922 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
923 OD( pkcs12CertAndCRLBagID, SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID,
924 "PKCS #12 Cert And CRL Bag ID",
925 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
926 OD( pkcs12SecretBagID, SEC_OID_PKCS12_SECRET_BAG_ID,
927 "PKCS #12 Secret Bag ID",
928 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
929 OD( pkcs12X509CertCRLBag, SEC_OID_PKCS12_X509_CERT_CRL_BAG,
930 "PKCS #12 X509 Cert CRL Bag",
931 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
932 OD( pkcs12SDSICertBag, SEC_OID_PKCS12_SDSI_CERT_BAG,
933 "PKCS #12 SDSI Cert Bag",
934 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
935 OD( pkcs12PBEWithSha1And128BitRC4,
936 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4,
937 "PKCS #12 PBE With Sha1 and 128 Bit RC4",
938 CSSM_ALGID_PKCS12_SHA1_PBE, INVALID_CERT_EXTENSION ),
939 OD( pkcs12PBEWithSha1And40BitRC4,
940 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4,
941 "PKCS #12 PBE With Sha1 and 40 Bit RC4",
942 CSSM_ALGID_PKCS12_SHA1_PBE, INVALID_CERT_EXTENSION ),
943 OD( pkcs12PBEWithSha1AndTripleDESCBC,
944 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC,
945 "PKCS #12 PBE With Sha1 and Triple DES CBC",
946 CSSM_ALGID_PKCS12_SHA1_PBE, INVALID_CERT_EXTENSION ),
947 OD( pkcs12PBEWithSha1And128BitRC2CBC,
948 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC,
949 "PKCS #12 PBE With Sha1 and 128 Bit RC2 CBC",
950 CSSM_ALGID_PKCS12_SHA1_PBE, INVALID_CERT_EXTENSION ),
951 OD( pkcs12PBEWithSha1And40BitRC2CBC,
952 SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC,
953 "PKCS #12 PBE With Sha1 and 40 Bit RC2 CBC",
954 CSSM_ALGID_PKCS12_SHA1_PBE, INVALID_CERT_EXTENSION ),
955 OD( pkcs12RSAEncryptionWith128BitRC4,
956 SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_128_BIT_RC4,
957 "PKCS #12 RSA Encryption with 128 Bit RC4",
958 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
959 OD( pkcs12RSAEncryptionWith40BitRC4,
960 SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_40_BIT_RC4,
961 "PKCS #12 RSA Encryption with 40 Bit RC4",
962 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
963 OD( pkcs12RSAEncryptionWithTripleDES,
964 SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_TRIPLE_DES,
965 "PKCS #12 RSA Encryption with Triple DES",
966 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
967 OD( pkcs12RSASignatureWithSHA1Digest,
968 SEC_OID_PKCS12_RSA_SIGNATURE_WITH_SHA1_DIGEST,
969 "PKCS #12 RSA Encryption with Triple DES",
970 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
971
972 /* DSA signatures */
973 OD( ansix9DSASignature, SEC_OID_ANSIX9_DSA_SIGNATURE,
974 "ANSI X9.57 DSA Signature", CSSM_ALGID_DSA, INVALID_CERT_EXTENSION ),
975 OD( ansix9DSASignaturewithSHA1Digest,
976 SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST,
977 "ANSI X9.57 DSA Signature with SHA1 Digest",
978 CSSM_ALGID_SHA1WithDSA, INVALID_CERT_EXTENSION ),
979 OD( bogusDSASignaturewithSHA1Digest,
980 SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST,
981 "FORTEZZA DSA Signature with SHA1 Digest",
982 CSSM_ALGID_SHA1WithDSA, INVALID_CERT_EXTENSION ),
983
984 /* verisign oids */
985 OD( verisignUserNotices, SEC_OID_VERISIGN_USER_NOTICES,
986 "Verisign User Notices",
987 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
988
989 /* pkix oids */
990 OD( pkixCPSPointerQualifier, SEC_OID_PKIX_CPS_POINTER_QUALIFIER,
991 "PKIX CPS Pointer Qualifier",
992 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
993 OD( pkixUserNoticeQualifier, SEC_OID_PKIX_USER_NOTICE_QUALIFIER,
994 "PKIX User Notice Qualifier",
995 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
996
997 OD( pkixOCSP, SEC_OID_PKIX_OCSP,
998 "PKIX Online Certificate Status Protocol",
999 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1000 OD( pkixOCSPBasicResponse, SEC_OID_PKIX_OCSP_BASIC_RESPONSE,
1001 "OCSP Basic Response", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1002 OD( pkixOCSPNonce, SEC_OID_PKIX_OCSP_NONCE,
1003 "OCSP Nonce Extension", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1004 OD( pkixOCSPCRL, SEC_OID_PKIX_OCSP_CRL,
1005 "OCSP CRL Reference Extension",
1006 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1007 OD( pkixOCSPResponse, SEC_OID_PKIX_OCSP_RESPONSE,
1008 "OCSP Response Types Extension",
1009 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1010 OD( pkixOCSPNoCheck, SEC_OID_PKIX_OCSP_NO_CHECK,
1011 "OCSP No Check Extension",
1012 CSSM_ALGID_NONE, SUPPORTED_CERT_EXTENSION ),
1013 OD( pkixOCSPArchiveCutoff, SEC_OID_PKIX_OCSP_ARCHIVE_CUTOFF,
1014 "OCSP Archive Cutoff Extension",
1015 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1016 OD( pkixOCSPServiceLocator, SEC_OID_PKIX_OCSP_SERVICE_LOCATOR,
1017 "OCSP Service Locator Extension",
1018 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1019
1020 OD( pkixRegCtrlRegToken, SEC_OID_PKIX_REGCTRL_REGTOKEN,
1021 "PKIX CRMF Registration Control, Registration Token",
1022 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1023 OD( pkixRegCtrlAuthenticator, SEC_OID_PKIX_REGCTRL_AUTHENTICATOR,
1024 "PKIX CRMF Registration Control, Registration Authenticator",
1025 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1026 OD( pkixRegCtrlPKIPubInfo, SEC_OID_PKIX_REGCTRL_PKIPUBINFO,
1027 "PKIX CRMF Registration Control, PKI Publication Info",
1028 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
1029 OD( pkixRegCtrlPKIArchOptions,
1030 SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS,
1031 "PKIX CRMF Registration Control, PKI Archive Options",
1032 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
1033 OD( pkixRegCtrlOldCertID, SEC_OID_PKIX_REGCTRL_OLD_CERT_ID,
1034 "PKIX CRMF Registration Control, Old Certificate ID",
1035 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
1036 OD( pkixRegCtrlProtEncKey, SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY,
1037 "PKIX CRMF Registration Control, Protocol Encryption Key",
1038 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
1039 OD( pkixRegInfoUTF8Pairs, SEC_OID_PKIX_REGINFO_UTF8_PAIRS,
1040 "PKIX CRMF Registration Info, UTF8 Pairs",
1041 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
1042 OD( pkixRegInfoCertReq, SEC_OID_PKIX_REGINFO_CERT_REQUEST,
1043 "PKIX CRMF Registration Info, Certificate Request",
1044 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
1045 OD( pkixExtendedKeyUsageServerAuth,
1046 SEC_OID_EXT_KEY_USAGE_SERVER_AUTH,
1047 "TLS Web Server Authentication Certificate",
1048 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
1049 OD( pkixExtendedKeyUsageClientAuth,
1050 SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH,
1051 "TLS Web Client Authentication Certificate",
1052 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
1053 OD( pkixExtendedKeyUsageCodeSign, SEC_OID_EXT_KEY_USAGE_CODE_SIGN,
1054 "Code Signing Certificate",
1055 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
1056 OD( pkixExtendedKeyUsageEMailProtect,
1057 SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT,
1058 "E-Mail Protection Certificate",
1059 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
1060 OD( pkixExtendedKeyUsageTimeStamp,
1061 SEC_OID_EXT_KEY_USAGE_TIME_STAMP,
1062 "Time Stamping Certifcate",
1063 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
1064 OD( pkixOCSPResponderExtendedKeyUsage, SEC_OID_OCSP_RESPONDER,
1065 "OCSP Responder Certificate",
1066 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
1067
1068 /* Netscape Algorithm OIDs */
1069
1070 OD( netscapeSMimeKEA, SEC_OID_NETSCAPE_SMIME_KEA,
1071 "Netscape S/MIME KEA", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1072 /* Skipjack OID -- ### mwelch temporary */
1073 OD( skipjackCBC, SEC_OID_FORTEZZA_SKIPJACK,
1074 "Skipjack CBC64", CSSM_ALGID_SKIPJACK, INVALID_CERT_EXTENSION ),
1075 /* pkcs12 v2 oids */
1076 OD( pkcs12V2PBEWithSha1And128BitRC4,
1077 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4,
1078 "PKCS12 V2 PBE With SHA1 And 128 Bit RC4",
1079 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1080 OD( pkcs12V2PBEWithSha1And40BitRC4,
1081 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4,
1082 "PKCS12 V2 PBE With SHA1 And 40 Bit RC4",
1083 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1084 OD( pkcs12V2PBEWithSha1And3KeyTripleDEScbc,
1085 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC,
1086 "PKCS12 V2 PBE With SHA1 And 3KEY Triple DES-cbc",
1087 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1088 OD( pkcs12V2PBEWithSha1And2KeyTripleDEScbc,
1089 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC,
1090 "PKCS12 V2 PBE With SHA1 And 2KEY Triple DES-cbc",
1091 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1092 OD( pkcs12V2PBEWithSha1And128BitRC2cbc,
1093 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC,
1094 "PKCS12 V2 PBE With SHA1 And 128 Bit RC2 CBC",
1095 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1096 OD( pkcs12V2PBEWithSha1And40BitRC2cbc,
1097 SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC,
1098 "PKCS12 V2 PBE With SHA1 And 40 Bit RC2 CBC",
1099 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1100 OD( pkcs12SafeContentsID, SEC_OID_PKCS12_SAFE_CONTENTS_ID,
1101 "PKCS #12 Safe Contents ID",
1102 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1103 OD( pkcs12PKCS8ShroudedKeyBagID,
1104 SEC_OID_PKCS12_PKCS8_SHROUDED_KEY_BAG_ID,
1105 "PKCS #12 Safe Contents ID",
1106 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1107 OD( pkcs12V1KeyBag, SEC_OID_PKCS12_V1_KEY_BAG_ID,
1108 "PKCS #12 V1 Key Bag",
1109 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1110 OD( pkcs12V1PKCS8ShroudedKeyBag,
1111 SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID,
1112 "PKCS #12 V1 PKCS8 Shrouded Key Bag",
1113 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1114 OD( pkcs12V1CertBag, SEC_OID_PKCS12_V1_CERT_BAG_ID,
1115 "PKCS #12 V1 Cert Bag",
1116 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1117 OD( pkcs12V1CRLBag, SEC_OID_PKCS12_V1_CRL_BAG_ID,
1118 "PKCS #12 V1 CRL Bag",
1119 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1120 OD( pkcs12V1SecretBag, SEC_OID_PKCS12_V1_SECRET_BAG_ID,
1121 "PKCS #12 V1 Secret Bag",
1122 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1123 OD( pkcs12V1SafeContentsBag, SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID,
1124 "PKCS #12 V1 Safe Contents Bag",
1125 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1126
1127 OD( pkcs9X509Certificate, SEC_OID_PKCS9_X509_CERT,
1128 "PKCS #9 X509 Certificate",
1129 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1130 OD( pkcs9SDSICertificate, SEC_OID_PKCS9_SDSI_CERT,
1131 "PKCS #9 SDSI Certificate",
1132 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1133 OD( pkcs9X509CRL, SEC_OID_PKCS9_X509_CRL,
1134 "PKCS #9 X509 CRL", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1135 OD( pkcs9FriendlyName, SEC_OID_PKCS9_FRIENDLY_NAME,
1136 "PKCS #9 Friendly Name",
1137 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1138 OD( pkcs9LocalKeyID, SEC_OID_PKCS9_LOCAL_KEY_ID,
1139 "PKCS #9 Local Key ID",
1140 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1141 OD( pkcs12KeyUsageAttr, SEC_OID_PKCS12_KEY_USAGE,
1142 "PKCS 12 Key Usage", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1143 OD( dhPublicKey, SEC_OID_X942_DIFFIE_HELMAN_KEY,
1144 "Diffie-Helman Public Key", CSSM_ALGID_DH,
1145 INVALID_CERT_EXTENSION ),
1146 OD( netscapeNickname, SEC_OID_NETSCAPE_NICKNAME,
1147 "Netscape Nickname", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1148
1149 /* Cert Server specific OIDs */
1150 OD( netscapeRecoveryRequest, SEC_OID_NETSCAPE_RECOVERY_REQUEST,
1151 "Recovery Request OID",
1152 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1153
1154 OD( nsExtAIACertRenewal, SEC_OID_CERT_RENEWAL_LOCATOR,
1155 "Certificate Renewal Locator OID", CSSM_ALGID_NONE,
1156 INVALID_CERT_EXTENSION ),
1157
1158 OD( nsExtCertScopeOfUse, SEC_OID_NS_CERT_EXT_SCOPE_OF_USE,
1159 "Certificate Scope-of-Use Extension", CSSM_ALGID_NONE,
1160 SUPPORTED_CERT_EXTENSION ),
1161
1162 /* CMS stuff */
1163 OD( cmsESDH, SEC_OID_CMS_EPHEMERAL_STATIC_DIFFIE_HELLMAN,
1164 "Ephemeral-Static Diffie-Hellman", CSSM_ALGID_NONE /* XXX */,
1165 INVALID_CERT_EXTENSION ),
1166 OD( cms3DESwrap, SEC_OID_CMS_3DES_KEY_WRAP,
1167 "CMS 3DES Key Wrap", CSSM_ALGID_NONE /* XXX */,
1168 INVALID_CERT_EXTENSION ),
1169 OD( cmsRC2wrap, SEC_OID_CMS_RC2_KEY_WRAP,
1170 "CMS RC2 Key Wrap", CSSM_ALGID_NONE /* XXX */,
1171 INVALID_CERT_EXTENSION ),
1172 OD( smimeEncryptionKeyPreference, SEC_OID_SMIME_ENCRYPTION_KEY_PREFERENCE,
1173 "S/MIME Encryption Key Preference",
1174 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1175
1176 /* AES algorithm OIDs */
1177 OD( aes128_ECB, SEC_OID_AES_128_ECB,
1178 "AES-128-ECB", CSSM_ALGID_AES, INVALID_CERT_EXTENSION ),
1179 OD( aes128_CBC, SEC_OID_AES_128_CBC,
1180 "AES-128-CBC", CSSM_ALGID_AES, INVALID_CERT_EXTENSION ),
1181 OD( aes192_ECB, SEC_OID_AES_192_ECB,
1182 "AES-192-ECB", CSSM_ALGID_AES, INVALID_CERT_EXTENSION ),
1183 OD( aes192_CBC, SEC_OID_AES_192_CBC,
1184 "AES-192-CBC", CSSM_ALGID_AES, INVALID_CERT_EXTENSION ),
1185 OD( aes256_ECB, SEC_OID_AES_256_ECB,
1186 "AES-256-ECB", CSSM_ALGID_AES, INVALID_CERT_EXTENSION ),
1187 OD( aes256_CBC, SEC_OID_AES_256_CBC,
1188 "AES-256-CBC", CSSM_ALGID_AES, INVALID_CERT_EXTENSION ),
1189 /* More bogus DSA OIDs */
1190 OD( sdn702DSASignature, SEC_OID_SDN702_DSA_SIGNATURE,
1191 "SDN.702 DSA Signature", CSSM_ALGID_SHA1WithDSA, INVALID_CERT_EXTENSION ),
1192
1193 OD( ms_smimeEncryptionKeyPreference,
1194 SEC_OID_MS_SMIME_ENCRYPTION_KEY_PREFERENCE,
1195 "Microsoft S/MIME Encryption Key Preference",
1196 CSSM_ALGID_NONE, INVALID_CERT_EXTENSION ),
1197 OD( sha256, SEC_OID_SHA256, "SHA-256", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
1198 OD( sha384, SEC_OID_SHA384, "SHA-384", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
1199 OD( sha512, SEC_OID_SHA512, "SHA-512", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
1200
1201 OD( pkcs1SHA256WithRSAEncryption, SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION,
1202 "PKCS #1 SHA-256 With RSA Encryption", CSSM_ALGID_NONE,
1203 INVALID_CERT_EXTENSION ),
1204 OD( pkcs1SHA384WithRSAEncryption, SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION,
1205 "PKCS #1 SHA-384 With RSA Encryption", CSSM_ALGID_NONE,
1206 INVALID_CERT_EXTENSION ),
1207 OD( pkcs1SHA512WithRSAEncryption, SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION,
1208 "PKCS #1 SHA-512 With RSA Encryption", CSSM_ALGID_NONE,
1209 INVALID_CERT_EXTENSION ),
1210
1211 OD( aes128_KEY_WRAP, SEC_OID_AES_128_KEY_WRAP,
1212 "AES-128 Key Wrap", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
1213 OD( aes192_KEY_WRAP, SEC_OID_AES_192_KEY_WRAP,
1214 "AES-192 Key Wrap", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
1215 OD( aes256_KEY_WRAP, SEC_OID_AES_256_KEY_WRAP,
1216 "AES-256 Key Wrap", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
1217
1218 OD( sha224, SEC_OID_SHA224, "SHA-224", CSSM_ALGID_NONE, INVALID_CERT_EXTENSION),
1219 };
1220
1221 /*
1222 * now the dynamic table. The dynamic table gets build at init time.
1223 * and gets modified if the user loads new crypto modules.
1224 */
1225
1226 #if 0 /* disabled since its not used (the only function that could "add" items was disabled before */
1227
1228 // TODO: protect this: used multi-threaded
1229 static PLHashTable *oid_d_hash = 0;
1230 static SECOidData **secoidDynamicTable = NULL;
1231 static int secoidDynamicTableSize = 0;
1232 static int secoidLastDynamicEntry = 0;
1233 static int secoidLastHashEntry = 0;
1234
1235 static SECStatus
1236 secoid_DynamicRehash(void)
1237 {
1238 SECOidData *oid;
1239 PLHashEntry *entry;
1240 int i;
1241 int last = secoidLastDynamicEntry;
1242
1243 if (!oid_d_hash) {
1244 oid_d_hash = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare,
1245 PL_CompareValues, NULL, NULL);
1246 }
1247
1248
1249 if ( !oid_d_hash ) {
1250 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1251 return(SECFailure);
1252 }
1253
1254 for ( i = secoidLastHashEntry; i < last; i++ ) {
1255 oid = secoidDynamicTable[i];
1256
1257 entry = PL_HashTableAdd( oid_d_hash, &oid->oid, oid );
1258 if ( entry == NULL ) {
1259 return(SECFailure);
1260 }
1261 }
1262 secoidLastHashEntry = last;
1263 return(SECSuccess);
1264 }
1265
1266
1267
1268 /*
1269 * Lookup a Dynamic OID. Dynamic OID's still change slowly, so it's
1270 * cheaper to rehash the table when it changes than it is to do the loop
1271 * each time. Worry: what about thread safety here? Global Static data with
1272 * no locks.... (sigh).
1273 */
1274 static SECOidData *
1275 secoid_FindDynamic(const SecAsn1Item *key) {
1276 SECOidData *ret = NULL;
1277 if (secoidDynamicTable == NULL) {
1278 /* PORT_SetError! */
1279 return NULL;
1280 }
1281 if (secoidLastHashEntry != secoidLastDynamicEntry) {
1282 SECStatus rv = secoid_DynamicRehash();
1283 if ( rv != SECSuccess ) {
1284 return NULL;
1285 }
1286 }
1287 ret = (SECOidData *)PL_HashTableLookup (oid_d_hash, key);
1288 return ret;
1289
1290 }
1291
1292 static SECOidData *
1293 secoid_FindDynamicByTag(SECOidTag tagnum)
1294 {
1295 int tagNumDiff;
1296
1297 if (secoidDynamicTable == NULL) {
1298 return NULL;
1299 }
1300
1301 if (tagnum < SEC_OID_TOTAL) {
1302 return NULL;
1303 }
1304
1305 tagNumDiff = tagnum - SEC_OID_TOTAL;
1306 if (tagNumDiff >= secoidLastDynamicEntry) {
1307 return NULL;
1308 }
1309
1310 return(secoidDynamicTable[tagNumDiff]);
1311 }
1312
1313 /*
1314 * this routine is definately not thread safe. It is only called out
1315 * of the UI, or at init time. If we want to call it any other time,
1316 * we need to make it thread safe.
1317 */
1318 SECStatus
1319 SECOID_AddEntry(SecAsn1Item *oid, char *description, SecAsn1AlgId cssmAlgorithm) {
1320 SECOidData *oiddp = (SECOidData *)PORT_Alloc(sizeof(SECOidData));
1321 int last = secoidLastDynamicEntry;
1322 int tableSize = secoidDynamicTableSize;
1323 int next = last++;
1324 SECOidData **newTable = secoidDynamicTable;
1325 SECOidData **oldTable = NULL;
1326
1327 if (oid == NULL) {
1328 return SECFailure;
1329 }
1330
1331 /* fill in oid structure */
1332 if (SECITEM_CopyItem(NULL,&oiddp->oid,oid) != SECSuccess) {
1333 PORT_Free(oiddp);
1334 return SECFailure;
1335 }
1336 oiddp->offset = (SECOidTag)(next + SEC_OID_TOTAL);
1337 /* may we should just reference the copy passed to us? */
1338 oiddp->desc = PORT_Strdup(description);
1339 oiddp->cssmAlgorithm = cssmAlgorithm;
1340
1341
1342 if (last > tableSize) {
1343 int oldTableSize = tableSize;
1344 tableSize += 10;
1345 oldTable = newTable;
1346 newTable = (SECOidData **)PORT_ZAlloc(sizeof(SECOidData *)*tableSize);
1347 if (newTable == NULL) {
1348 PORT_Free(oiddp->oid.Data);
1349 PORT_Free(oiddp);
1350 return SECFailure;
1351 }
1352 PORT_Memcpy(newTable,oldTable,sizeof(SECOidData *)*oldTableSize);
1353 PORT_Free(oldTable);
1354 }
1355
1356 newTable[next] = oiddp;
1357 secoidDynamicTable = newTable;
1358 secoidDynamicTableSize = tableSize;
1359 secoidLastDynamicEntry= last;
1360 return SECSuccess;
1361 }
1362 #endif
1363
1364 /* normal static table processing */
1365
1366 /* TODO: MORE GLOBAL DATA */
1367 static pthread_once_t hash_once = PTHREAD_ONCE_INIT;
1368 static PLHashTable *oidhash = NULL;
1369 static PLHashTable *oidmechhash = NULL;
1370
1371 static PLHashNumber
1372 secoid_HashNumber(const void *key)
1373 {
1374 /* This truncate the hash to the lower 32 bits -- probably safe right ??? */
1375 return (PLHashNumber)(PRUword)key;
1376 }
1377
1378
1379 static SECStatus
1380 InitOIDHash(void)
1381 {
1382 PLHashEntry *entry;
1383 const SECOidData *oid;
1384 size_t ix;
1385
1386 oidhash = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare,
1387 PL_CompareValues, NULL, NULL);
1388 oidmechhash = PL_NewHashTable(0, secoid_HashNumber, PL_CompareValues,
1389 PL_CompareValues, NULL, NULL);
1390
1391 if ( !oidhash || !oidmechhash) {
1392 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1393 PORT_Assert(0); /*This function should never fail. */
1394 return(SECFailure);
1395 }
1396
1397 for ( ix = 0; ix < ( sizeof(oids) / sizeof(SECOidData) ); ix++ ) {
1398 oid = &oids[ix];
1399
1400 PORT_Assert ( oid->offset == ix );
1401
1402 entry = PL_HashTableAdd( oidhash, &oid->oid, (void *)oid );
1403 if ( entry == NULL ) {
1404 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1405 PORT_Assert(0); /*This function should never fail. */
1406 return(SECFailure);
1407 }
1408
1409 #if USE_CDSA_CRYPTO
1410 if ( oid->cssmAlgorithm.algorithm.Length /*CSSM_ALGID_NONE*/ ) {
1411 entry = PL_HashTableAdd( oidmechhash,
1412 (void *)&(oid->cssmAlgorithm), (void *)oid );
1413 if ( entry == NULL ) {
1414 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1415 PORT_Assert(0); /* This function should never fail. */
1416 return(SECFailure);
1417 }
1418 }
1419 #endif
1420 }
1421
1422 PORT_Assert (ix == SEC_OID_TOTAL);
1423
1424 return(SECSuccess);
1425 }
1426
1427 static void InitOIDHashOnce()
1428 {
1429 if (SECSuccess != InitOIDHash())
1430 abort();
1431 }
1432
1433 /* TODO: appears to be the public entry point */
1434 SECOidData *
1435 SECOID_FindOIDByCssmAlgorithm(SecAsn1AlgId cssmAlgorithm)
1436 {
1437 SECOidData *ret;
1438
1439 pthread_once(&hash_once, InitOIDHashOnce);
1440
1441 ret = PL_HashTableLookupConst ( oidmechhash, (void *)&cssmAlgorithm);
1442 if ( ret == NULL ) {
1443 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1444 }
1445
1446 return (ret);
1447 }
1448
1449 /* TODO: appears to be the public entry point */
1450 SECOidData *
1451 SECOID_FindOID(const SecAsn1Item *oid)
1452 {
1453 SECOidData *ret;
1454
1455 pthread_once(&hash_once, InitOIDHashOnce);
1456
1457 ret = PL_HashTableLookupConst ( oidhash, oid );
1458 if ( ret == NULL ) {
1459 #if 0
1460 ret = secoid_FindDynamic(oid);
1461 #endif
1462 if (ret == NULL) {
1463 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
1464 }
1465 }
1466
1467 return(ret);
1468 }
1469
1470 SECOidTag
1471 SECOID_FindOIDTag(const SecAsn1Item *oid)
1472 {
1473 SECOidData *oiddata;
1474
1475 oiddata = SECOID_FindOID (oid);
1476 if (oiddata == NULL)
1477 return SEC_OID_UNKNOWN;
1478
1479 return oiddata->offset;
1480 }
1481
1482 /* This really should return const. */
1483 SECOidData *
1484 SECOID_FindOIDByTag(SECOidTag tagnum)
1485 {
1486 pthread_once(&hash_once, InitOIDHashOnce);
1487
1488 #if 0
1489 if (tagnum >= SEC_OID_TOTAL) {
1490 return secoid_FindDynamicByTag(tagnum);
1491 }
1492 #else
1493 if (tagnum >= SEC_OID_TOTAL)
1494 return NULL;
1495 #endif
1496
1497 PORT_Assert((unsigned int)tagnum < (sizeof(oids) / sizeof(SECOidData)));
1498 return (SECOidData *)(&oids[tagnum]);
1499 }
1500
1501 Boolean SECOID_KnownCertExtenOID (const SecAsn1Item *extenOid)
1502 {
1503 SECOidData * oidData;
1504
1505 oidData = SECOID_FindOID (extenOid);
1506 if (oidData == (SECOidData *)NULL)
1507 return (PR_FALSE);
1508 return ((oidData->supportedExtension == SUPPORTED_CERT_EXTENSION) ?
1509 PR_TRUE : PR_FALSE);
1510 }
1511
1512
1513 const char *
1514 SECOID_FindOIDTagDescription(SECOidTag tagnum)
1515 {
1516 const SECOidData *oidData = SECOID_FindOIDByTag(tagnum);
1517 return oidData ? oidData->desc : 0;
1518 }
1519
1520 #if 0
1521 /*
1522 * free up the oid tables.
1523 */
1524 SECStatus
1525 SECOID_Shutdown(void)
1526 {
1527 int i;
1528
1529 if (oidhash) {
1530 PL_HashTableDestroy(oidhash);
1531 oidhash = NULL;
1532 }
1533 if (oidmechhash) {
1534 PL_HashTableDestroy(oidmechhash);
1535 oidmechhash = NULL;
1536 }
1537 if (oid_d_hash) {
1538 PL_HashTableDestroy(oid_d_hash);
1539 oid_d_hash = NULL;
1540 }
1541 if (secoidDynamicTable) {
1542 for (i=0; i < secoidLastDynamicEntry; i++) {
1543 PORT_Free(secoidDynamicTable[i]);
1544 }
1545 PORT_Free(secoidDynamicTable);
1546 secoidDynamicTable = NULL;
1547 secoidDynamicTableSize = 0;
1548 secoidLastDynamicEntry = 0;
1549 secoidLastHashEntry = 0;
1550 }
1551 return SECSuccess;
1552 }
1553 #endif