Back to index

lightning-sunbird  0.9+nobinonly
secoid.c
Go to the documentation of this file.
00001 /* ***** BEGIN LICENSE BLOCK *****
00002  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
00003  *
00004  * The contents of this file are subject to the Mozilla Public License Version
00005  * 1.1 (the "License"); you may not use this file except in compliance with
00006  * the License. You may obtain a copy of the License at
00007  * http://www.mozilla.org/MPL/
00008  *
00009  * Software distributed under the License is distributed on an "AS IS" basis,
00010  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
00011  * for the specific language governing rights and limitations under the
00012  * License.
00013  *
00014  * The Original Code is the Netscape security libraries.
00015  *
00016  * The Initial Developer of the Original Code is
00017  * Netscape Communications Corporation.
00018  * Portions created by the Initial Developer are Copyright (C) 1994-2000
00019  * the Initial Developer. All Rights Reserved.
00020  *
00021  * Contributor(s):
00022  *   Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
00023  *
00024  * Alternatively, the contents of this file may be used under the terms of
00025  * either the GNU General Public License Version 2 or later (the "GPL"), or
00026  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
00027  * in which case the provisions of the GPL or the LGPL are applicable instead
00028  * of those above. If you wish to allow use of your version of this file only
00029  * under the terms of either the GPL or the LGPL, and not to allow others to
00030  * use your version of this file under the terms of the MPL, indicate your
00031  * decision by deleting the provisions above and replace them with the notice
00032  * and other provisions required by the GPL or the LGPL. If you do not delete
00033  * the provisions above, a recipient may use your version of this file under
00034  * the terms of any one of the MPL, the GPL or the LGPL.
00035  *
00036  * ***** END LICENSE BLOCK ***** */
00037 
00038 #include "secoid.h"
00039 #include "pkcs11t.h"
00040 #include "secmodt.h"
00041 #include "secitem.h"
00042 #include "secerr.h"
00043 #include "plhash.h"
00044 #include "nssrwlk.h"
00045 
00046 /* MISSI Mosaic Object ID space */
00047 #define USGOV                   0x60, 0x86, 0x48, 0x01, 0x65
00048 #define MISSI                 USGOV, 0x02, 0x01, 0x01
00049 #define MISSI_OLD_KEA_DSS   MISSI, 0x0c
00050 #define MISSI_OLD_DSS              MISSI, 0x02
00051 #define MISSI_KEA_DSS              MISSI, 0x14
00052 #define MISSI_DSS           MISSI, 0x13
00053 #define MISSI_KEA               MISSI, 0x0a
00054 #define MISSI_ALT_KEA           MISSI, 0x16
00055 
00056 #define NISTALGS    USGOV, 3, 4
00057 #define AES         NISTALGS, 1
00058 #define SHAXXX      NISTALGS, 2
00059 
00065 /* Netscape Communications Corporation Object ID space */
00066 /* { 2 16 840 1 113730 } */
00067 #define NETSCAPE_OID           0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42
00068 #define NETSCAPE_CERT_EXT     NETSCAPE_OID, 0x01
00069 #define NETSCAPE_DATA_TYPE    NETSCAPE_OID, 0x02
00070 /* netscape directory oid - owned by Mark Smith (mcs@netscape.com) */
00071 #define NETSCAPE_DIRECTORY    NETSCAPE_OID, 0x03
00072 #define NETSCAPE_POLICY       NETSCAPE_OID, 0x04
00073 #define NETSCAPE_CERT_SERVER         NETSCAPE_OID, 0x05
00074 #define NETSCAPE_ALGS                NETSCAPE_OID, 0x06 /* algorithm OIDs */
00075 #define NETSCAPE_NAME_COMPONENTS  NETSCAPE_OID, 0x07
00076 
00077 #define NETSCAPE_CERT_EXT_AIA     NETSCAPE_CERT_EXT, 0x10
00078 #define NETSCAPE_CERT_SERVER_CRMF NETSCAPE_CERT_SERVER, 0x01
00079 
00080 /* these are old and should go away soon */
00081 #define OLD_NETSCAPE        0x60, 0x86, 0x48, 0xd8, 0x6a
00082 #define NS_CERT_EXT         OLD_NETSCAPE, 0x01
00083 #define NS_FILE_TYPE        OLD_NETSCAPE, 0x02
00084 #define NS_IMAGE_TYPE              OLD_NETSCAPE, 0x03
00085 
00086 /* RSA OID name space */
00087 #define RSADSI                     0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d
00088 #define PKCS                RSADSI, 0x01
00089 #define DIGEST                     RSADSI, 0x02
00090 #define CIPHER                     RSADSI, 0x03
00091 #define PKCS1               PKCS, 0x01
00092 #define PKCS5               PKCS, 0x05
00093 #define PKCS7               PKCS, 0x07
00094 #define PKCS9               PKCS, 0x09
00095 #define PKCS12                     PKCS, 0x0c
00096 
00097 /* Fortezza algorithm OID space: { 2 16 840 1 101 2 1 1 } */
00098 /* ### mwelch -- Is this just for algorithms, or all of Fortezza? */
00099 #define FORTEZZA_ALG 0x60, 0x86, 0x48, 0x01, 0x65, 0x02, 0x01, 0x01
00100 
00101 /* Other OID name spaces */
00102 #define ALGORITHM           0x2b, 0x0e, 0x03, 0x02
00103 #define X500                0x55
00104 #define X520_ATTRIBUTE_TYPE X500, 0x04
00105 #define X500_ALG            X500, 0x08
00106 #define X500_ALG_ENCRYPTION X500_ALG, 0x01
00107 
00111 #define       ID_CE_OID            X500, 0x1d
00112 
00113 #define RFC1274_ATTR_TYPE  0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x1
00114 /* #define RFC2247_ATTR_TYPE  0x09, 0x92, 0x26, 0xf5, 0x98, 0x1e, 0x64, 0x1 this is WRONG! */
00115 
00116 /* PKCS #12 name spaces */
00117 #define PKCS12_MODE_IDS            PKCS12, 0x01
00118 #define PKCS12_ESPVK_IDS    PKCS12, 0x02
00119 #define PKCS12_BAG_IDS             PKCS12, 0x03
00120 #define PKCS12_CERT_BAG_IDS PKCS12, 0x04
00121 #define PKCS12_OIDS         PKCS12, 0x05
00122 #define PKCS12_PBE_IDS             PKCS12_OIDS, 0x01
00123 #define PKCS12_ENVELOPING_IDS      PKCS12_OIDS, 0x02
00124 #define PKCS12_SIGNATURE_IDS       PKCS12_OIDS, 0x03
00125 #define PKCS12_V2_PBE_IDS   PKCS12, 0x01
00126 #define PKCS9_CERT_TYPES    PKCS9, 0x16
00127 #define PKCS9_CRL_TYPES            PKCS9, 0x17
00128 #define PKCS9_SMIME_IDS            PKCS9, 0x10
00129 #define PKCS9_SMIME_ATTRS   PKCS9_SMIME_IDS, 2
00130 #define PKCS9_SMIME_ALGS    PKCS9_SMIME_IDS, 3
00131 #define PKCS12_VERSION1            PKCS12, 0x0a
00132 #define PKCS12_V1_BAG_IDS   PKCS12_VERSION1, 1
00133 
00134 /* for DSA algorithm */
00135 /* { iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) } */
00136 #define ANSI_X9_ALGORITHM  0x2a, 0x86, 0x48, 0xce, 0x38, 0x4
00137 
00138 /* for DH algorithm */
00139 /* { iso(1) member-body(2) us(840) x9-57(10046) number-type(2) } */
00140 /* need real OID person to look at this, copied the above line
00141  * and added 6 to second to last value (and changed '4' to '2' */
00142 #define ANSI_X942_ALGORITHM  0x2a, 0x86, 0x48, 0xce, 0x3e, 0x2
00143 
00144 #define VERISIGN 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45
00145 
00146 #define PKIX                0x2b, 0x06, 0x01, 0x05, 0x05, 0x07
00147 #define PKIX_CERT_EXTENSIONS    PKIX, 1
00148 #define PKIX_POLICY_QUALIFIERS  PKIX, 2
00149 #define PKIX_KEY_USAGE             PKIX, 3
00150 #define PKIX_ACCESS_DESCRIPTION PKIX, 0x30
00151 #define PKIX_OCSP           PKIX_ACCESS_DESCRIPTION, 1
00152 #define PKIX_CA_ISSUERS            PKIX_ACCESS_DESCRIPTION, 2
00153 
00154 #define PKIX_ID_PKIP        PKIX, 5
00155 #define PKIX_ID_REGCTRL     PKIX_ID_PKIP, 1 
00156 #define PKIX_ID_REGINFO     PKIX_ID_PKIP, 2
00157 
00158 /* Microsoft Object ID space */
00159 /* { 1.3.6.1.4.1.311 } */
00160 #define MICROSOFT_OID 0x2b, 0x6, 0x1, 0x4, 0x1, 0x82, 0x37
00161 
00162 #define CERTICOM_OID            0x2b, 0x81, 0x04
00163 #define SECG_OID                CERTICOM_OID, 0x00
00164 
00165 #define ANSI_X962_OID           0x2a, 0x86, 0x48, 0xce, 0x3d
00166 #define ANSI_X962_CURVE_OID     ANSI_X962_OID, 0x03
00167 #define ANSI_X962_GF2m_OID      ANSI_X962_CURVE_OID, 0x00
00168 #define ANSI_X962_GFp_OID       ANSI_X962_CURVE_OID, 0x01
00169 #define ANSI_X962_SIGNATURE_OID ANSI_X962_OID, 0x04
00170 #define ANSI_X962_SPECIFY_OID   ANSI_X962_SIGNATURE_OID, 0x03
00171 
00172 #define CONST_OID static const unsigned char
00173 
00174 CONST_OID md2[]                                  = { DIGEST, 0x02 };
00175 CONST_OID md4[]                                  = { DIGEST, 0x04 };
00176 CONST_OID md5[]                                  = { DIGEST, 0x05 };
00177 
00178 CONST_OID rc2cbc[]                               = { CIPHER, 0x02 };
00179 CONST_OID rc4[]                                  = { CIPHER, 0x04 };
00180 CONST_OID desede3cbc[]                           = { CIPHER, 0x07 };
00181 CONST_OID rc5cbcpad[]                            = { CIPHER, 0x09 };
00182 
00183 CONST_OID desecb[]                           = { ALGORITHM, 0x06 };
00184 CONST_OID descbc[]                           = { ALGORITHM, 0x07 };
00185 CONST_OID desofb[]                           = { ALGORITHM, 0x08 };
00186 CONST_OID descfb[]                           = { ALGORITHM, 0x09 };
00187 CONST_OID desmac[]                           = { ALGORITHM, 0x0a };
00188 CONST_OID sdn702DSASignature[]               = { ALGORITHM, 0x0c };
00189 CONST_OID isoSHAWithRSASignature[]           = { ALGORITHM, 0x0f };
00190 CONST_OID desede[]                           = { ALGORITHM, 0x11 };
00191 CONST_OID sha1[]                             = { ALGORITHM, 0x1a };
00192 CONST_OID bogusDSASignaturewithSHA1Digest[]  = { ALGORITHM, 0x1b };
00193 
00194 CONST_OID pkcs1RSAEncryption[]                   = { PKCS1, 0x01 };
00195 CONST_OID pkcs1MD2WithRSAEncryption[]            = { PKCS1, 0x02 };
00196 CONST_OID pkcs1MD4WithRSAEncryption[]            = { PKCS1, 0x03 };
00197 CONST_OID pkcs1MD5WithRSAEncryption[]            = { PKCS1, 0x04 };
00198 CONST_OID pkcs1SHA1WithRSAEncryption[]           = { PKCS1, 0x05 };
00199 CONST_OID pkcs1SHA256WithRSAEncryption[]  = { PKCS1, 11 };
00200 CONST_OID pkcs1SHA384WithRSAEncryption[]  = { PKCS1, 12 };
00201 CONST_OID pkcs1SHA512WithRSAEncryption[]  = { PKCS1, 13 };
00202 
00203 CONST_OID pkcs5PbeWithMD2AndDEScbc[]             = { PKCS5, 0x01 };
00204 CONST_OID pkcs5PbeWithMD5AndDEScbc[]             = { PKCS5, 0x03 };
00205 CONST_OID pkcs5PbeWithSha1AndDEScbc[]            = { PKCS5, 0x0a };
00206 
00207 CONST_OID pkcs7[]                                = { PKCS7 };
00208 CONST_OID pkcs7Data[]                            = { PKCS7, 0x01 };
00209 CONST_OID pkcs7SignedData[]                      = { PKCS7, 0x02 };
00210 CONST_OID pkcs7EnvelopedData[]                   = { PKCS7, 0x03 };
00211 CONST_OID pkcs7SignedEnvelopedData[]             = { PKCS7, 0x04 };
00212 CONST_OID pkcs7DigestedData[]                    = { PKCS7, 0x05 };
00213 CONST_OID pkcs7EncryptedData[]                   = { PKCS7, 0x06 };
00214 
00215 CONST_OID pkcs9EmailAddress[]                  = { PKCS9, 0x01 };
00216 CONST_OID pkcs9UnstructuredName[]              = { PKCS9, 0x02 };
00217 CONST_OID pkcs9ContentType[]                   = { PKCS9, 0x03 };
00218 CONST_OID pkcs9MessageDigest[]                 = { PKCS9, 0x04 };
00219 CONST_OID pkcs9SigningTime[]                   = { PKCS9, 0x05 };
00220 CONST_OID pkcs9CounterSignature[]              = { PKCS9, 0x06 };
00221 CONST_OID pkcs9ChallengePassword[]             = { PKCS9, 0x07 };
00222 CONST_OID pkcs9UnstructuredAddress[]           = { PKCS9, 0x08 };
00223 CONST_OID pkcs9ExtendedCertificateAttributes[] = { PKCS9, 0x09 };
00224 CONST_OID pkcs9ExtensionRequest[]              = { PKCS9, 14 };
00225 CONST_OID pkcs9SMIMECapabilities[]             = { PKCS9, 15 };
00226 CONST_OID pkcs9FriendlyName[]                  = { PKCS9, 20 };
00227 CONST_OID pkcs9LocalKeyID[]                    = { PKCS9, 21 };
00228 
00229 CONST_OID pkcs9X509Certificate[]          = { PKCS9_CERT_TYPES, 1 };
00230 CONST_OID pkcs9SDSICertificate[]          = { PKCS9_CERT_TYPES, 2 };
00231 CONST_OID pkcs9X509CRL[]                  = { PKCS9_CRL_TYPES, 1 };
00232 
00233 /* RFC2630 (CMS) OIDs */
00234 CONST_OID cmsESDH[]                       = { PKCS9_SMIME_ALGS, 5 };
00235 CONST_OID cms3DESwrap[]                   = { PKCS9_SMIME_ALGS, 6 };
00236 CONST_OID cmsRC2wrap[]                    = { PKCS9_SMIME_ALGS, 7 };
00237 
00238 /* RFC2633 SMIME message attributes */
00239 CONST_OID smimeEncryptionKeyPreference[]  = { PKCS9_SMIME_ATTRS, 11 };
00240 CONST_OID ms_smimeEncryptionKeyPreference[]      = { MICROSOFT_OID, 0x10, 0x4 };
00241 
00242 CONST_OID x520CommonName[]                      = { X520_ATTRIBUTE_TYPE, 3 };
00243 CONST_OID x520SurName[]                         = { X520_ATTRIBUTE_TYPE, 4 };
00244 CONST_OID x520SerialNumber[]                    = { X520_ATTRIBUTE_TYPE, 5 };
00245 CONST_OID x520CountryName[]                     = { X520_ATTRIBUTE_TYPE, 6 };
00246 CONST_OID x520LocalityName[]                    = { X520_ATTRIBUTE_TYPE, 7 };
00247 CONST_OID x520StateOrProvinceName[]             = { X520_ATTRIBUTE_TYPE, 8 };
00248 CONST_OID x520StreetAddress[]                   = { X520_ATTRIBUTE_TYPE, 9 };
00249 CONST_OID x520OrgName[]                         = { X520_ATTRIBUTE_TYPE, 10 };
00250 CONST_OID x520OrgUnitName[]                     = { X520_ATTRIBUTE_TYPE, 11 };
00251 CONST_OID x520Title[]                           = { X520_ATTRIBUTE_TYPE, 12 };
00252 CONST_OID x520PostalAddress[]                   = { X520_ATTRIBUTE_TYPE, 16 };
00253 CONST_OID x520PostalCode[]                      = { X520_ATTRIBUTE_TYPE, 17 };
00254 CONST_OID x520PostOfficeBox[]                   = { X520_ATTRIBUTE_TYPE, 18 };
00255 CONST_OID x520GivenName[]                       = { X520_ATTRIBUTE_TYPE, 42 };
00256 CONST_OID x520Initials[]                        = { X520_ATTRIBUTE_TYPE, 43 };
00257 CONST_OID x520GenerationQualifier[]             = { X520_ATTRIBUTE_TYPE, 44 };
00258 CONST_OID x520DnQualifier[]                     = { X520_ATTRIBUTE_TYPE, 46 };
00259 CONST_OID x520HouseIdentifier[]                 = { X520_ATTRIBUTE_TYPE, 51 };
00260 CONST_OID x520Pseudonym[]                       = { X520_ATTRIBUTE_TYPE, 65 };
00261 
00262 CONST_OID nsTypeGIF[]                            = { NETSCAPE_DATA_TYPE, 0x01 };
00263 CONST_OID nsTypeJPEG[]                           = { NETSCAPE_DATA_TYPE, 0x02 };
00264 CONST_OID nsTypeURL[]                            = { NETSCAPE_DATA_TYPE, 0x03 };
00265 CONST_OID nsTypeHTML[]                           = { NETSCAPE_DATA_TYPE, 0x04 };
00266 CONST_OID nsTypeCertSeq[]                        = { NETSCAPE_DATA_TYPE, 0x05 };
00267 
00268 CONST_OID missiCertKEADSSOld[]                   = { MISSI_OLD_KEA_DSS };
00269 CONST_OID missiCertDSSOld[]                      = { MISSI_OLD_DSS };
00270 CONST_OID missiCertKEADSS[]                      = { MISSI_KEA_DSS };
00271 CONST_OID missiCertDSS[]                         = { MISSI_DSS };
00272 CONST_OID missiCertKEA[]                         = { MISSI_KEA };
00273 CONST_OID missiCertAltKEA[]                      = { MISSI_ALT_KEA };
00274 CONST_OID x500RSAEncryption[]                    = { X500_ALG_ENCRYPTION, 0x01 };
00275 
00276 /* added for alg 1485 */
00277 CONST_OID rfc1274Uid[]                           = { RFC1274_ATTR_TYPE, 1 };
00278 CONST_OID rfc1274Mail[]                          = { RFC1274_ATTR_TYPE, 3 };
00279 CONST_OID rfc2247DomainComponent[]               = { RFC1274_ATTR_TYPE, 25 };
00280 
00281 /* Netscape private certificate extensions */
00282 CONST_OID nsCertExtNetscapeOK[]           = { NS_CERT_EXT, 1 };
00283 CONST_OID nsCertExtIssuerLogo[]           = { NS_CERT_EXT, 2 };
00284 CONST_OID nsCertExtSubjectLogo[]          = { NS_CERT_EXT, 3 };
00285 CONST_OID nsExtCertType[]                 = { NETSCAPE_CERT_EXT, 0x01 };
00286 CONST_OID nsExtBaseURL[]                  = { NETSCAPE_CERT_EXT, 0x02 };
00287 CONST_OID nsExtRevocationURL[]            = { NETSCAPE_CERT_EXT, 0x03 };
00288 CONST_OID nsExtCARevocationURL[]          = { NETSCAPE_CERT_EXT, 0x04 };
00289 CONST_OID nsExtCACRLURL[]                 = { NETSCAPE_CERT_EXT, 0x05 };
00290 CONST_OID nsExtCACertURL[]                = { NETSCAPE_CERT_EXT, 0x06 };
00291 CONST_OID nsExtCertRenewalURL[]           = { NETSCAPE_CERT_EXT, 0x07 };
00292 CONST_OID nsExtCAPolicyURL[]              = { NETSCAPE_CERT_EXT, 0x08 };
00293 CONST_OID nsExtHomepageURL[]              = { NETSCAPE_CERT_EXT, 0x09 };
00294 CONST_OID nsExtEntityLogo[]               = { NETSCAPE_CERT_EXT, 0x0a };
00295 CONST_OID nsExtUserPicture[]              = { NETSCAPE_CERT_EXT, 0x0b };
00296 CONST_OID nsExtSSLServerName[]            = { NETSCAPE_CERT_EXT, 0x0c };
00297 CONST_OID nsExtComment[]                  = { NETSCAPE_CERT_EXT, 0x0d };
00298 
00299 /* the following 2 extensions are defined for and used by Cartman(NSM) */
00300 CONST_OID nsExtLostPasswordURL[]          = { NETSCAPE_CERT_EXT, 0x0e };
00301 CONST_OID nsExtCertRenewalTime[]          = { NETSCAPE_CERT_EXT, 0x0f };
00302 
00303 CONST_OID nsExtAIACertRenewal[]           = { NETSCAPE_CERT_EXT_AIA, 0x01 };
00304 CONST_OID nsExtCertScopeOfUse[]           = { NETSCAPE_CERT_EXT, 0x11 };
00305 /* Reserved Netscape (2 16 840 1 113730 1 18) = { NETSCAPE_CERT_EXT, 0x12 }; */
00306 
00307 /* Netscape policy values */
00308 CONST_OID nsKeyUsageGovtApproved[]        = { NETSCAPE_POLICY, 0x01 };
00309 
00310 /* Netscape other name types */
00311 CONST_OID netscapeNickname[]              = { NETSCAPE_NAME_COMPONENTS, 0x01 };
00312 CONST_OID netscapeAOLScreenname[]  = { NETSCAPE_NAME_COMPONENTS, 0x02 };
00313 
00314 /* OIDs needed for cert server */
00315 CONST_OID netscapeRecoveryRequest[]       = { NETSCAPE_CERT_SERVER_CRMF, 0x01 };
00316 
00317 
00318 /* Standard x.509 v3 Certificate Extensions */
00319 CONST_OID x509SubjectDirectoryAttr[]             = { ID_CE_OID,  9 };
00320 CONST_OID x509SubjectKeyID[]                     = { ID_CE_OID, 14 };
00321 CONST_OID x509KeyUsage[]                         = { ID_CE_OID, 15 };
00322 CONST_OID x509PrivateKeyUsagePeriod[]            = { ID_CE_OID, 16 };
00323 CONST_OID x509SubjectAltName[]                   = { ID_CE_OID, 17 };
00324 CONST_OID x509IssuerAltName[]                    = { ID_CE_OID, 18 };
00325 CONST_OID x509BasicConstraints[]                 = { ID_CE_OID, 19 };
00326 CONST_OID x509NameConstraints[]                  = { ID_CE_OID, 30 };
00327 CONST_OID x509CRLDistPoints[]                    = { ID_CE_OID, 31 };
00328 CONST_OID x509CertificatePolicies[]              = { ID_CE_OID, 32 };
00329 CONST_OID x509PolicyMappings[]                   = { ID_CE_OID, 33 };
00330 CONST_OID x509PolicyConstraints[]                = { ID_CE_OID, 34 };
00331 CONST_OID x509AuthKeyID[]                        = { ID_CE_OID, 35 };
00332 CONST_OID x509ExtKeyUsage[]                      = { ID_CE_OID, 37 };
00333 CONST_OID x509AuthInfoAccess[]                   = { PKIX_CERT_EXTENSIONS, 1 };
00334 
00335 /* Standard x.509 v3 CRL Extensions */
00336 CONST_OID x509CrlNumber[]                        = { ID_CE_OID, 20};
00337 CONST_OID x509ReasonCode[]                       = { ID_CE_OID, 21};
00338 CONST_OID x509InvalidDate[]                      = { ID_CE_OID, 24};
00339 
00340 /* pkcs 12 additions */
00341 CONST_OID pkcs12[]                           = { PKCS12 };
00342 CONST_OID pkcs12ModeIDs[]                    = { PKCS12_MODE_IDS };
00343 CONST_OID pkcs12ESPVKIDs[]                   = { PKCS12_ESPVK_IDS };
00344 CONST_OID pkcs12BagIDs[]                     = { PKCS12_BAG_IDS };
00345 CONST_OID pkcs12CertBagIDs[]                 = { PKCS12_CERT_BAG_IDS };
00346 CONST_OID pkcs12OIDs[]                       = { PKCS12_OIDS };
00347 CONST_OID pkcs12PBEIDs[]                     = { PKCS12_PBE_IDS };
00348 CONST_OID pkcs12EnvelopingIDs[]              = { PKCS12_ENVELOPING_IDS };
00349 CONST_OID pkcs12SignatureIDs[]               = { PKCS12_SIGNATURE_IDS };
00350 CONST_OID pkcs12PKCS8KeyShrouding[]          = { PKCS12_ESPVK_IDS, 0x01 };
00351 CONST_OID pkcs12KeyBagID[]                   = { PKCS12_BAG_IDS, 0x01 };
00352 CONST_OID pkcs12CertAndCRLBagID[]            = { PKCS12_BAG_IDS, 0x02 };
00353 CONST_OID pkcs12SecretBagID[]                = { PKCS12_BAG_IDS, 0x03 };
00354 CONST_OID pkcs12X509CertCRLBag[]             = { PKCS12_CERT_BAG_IDS, 0x01 };
00355 CONST_OID pkcs12SDSICertBag[]                = { PKCS12_CERT_BAG_IDS, 0x02 };
00356 CONST_OID pkcs12PBEWithSha1And128BitRC4[]    = { PKCS12_PBE_IDS, 0x01 };
00357 CONST_OID pkcs12PBEWithSha1And40BitRC4[]     = { PKCS12_PBE_IDS, 0x02 };
00358 CONST_OID pkcs12PBEWithSha1AndTripleDESCBC[] = { PKCS12_PBE_IDS, 0x03 };
00359 CONST_OID pkcs12PBEWithSha1And128BitRC2CBC[] = { PKCS12_PBE_IDS, 0x04 };
00360 CONST_OID pkcs12PBEWithSha1And40BitRC2CBC[]  = { PKCS12_PBE_IDS, 0x05 };
00361 CONST_OID pkcs12RSAEncryptionWith128BitRC4[] = { PKCS12_ENVELOPING_IDS, 0x01 };
00362 CONST_OID pkcs12RSAEncryptionWith40BitRC4[]  = { PKCS12_ENVELOPING_IDS, 0x02 };
00363 CONST_OID pkcs12RSAEncryptionWithTripleDES[] = { PKCS12_ENVELOPING_IDS, 0x03 }; 
00364 CONST_OID pkcs12RSASignatureWithSHA1Digest[] = { PKCS12_SIGNATURE_IDS, 0x01 };
00365 
00366 /* pkcs 12 version 1.0 ids */
00367 CONST_OID pkcs12V2PBEWithSha1And128BitRC4[]       = { PKCS12_V2_PBE_IDS, 0x01 };
00368 CONST_OID pkcs12V2PBEWithSha1And40BitRC4[]        = { PKCS12_V2_PBE_IDS, 0x02 };
00369 CONST_OID pkcs12V2PBEWithSha1And3KeyTripleDEScbc[]= { PKCS12_V2_PBE_IDS, 0x03 };
00370 CONST_OID pkcs12V2PBEWithSha1And2KeyTripleDEScbc[]= { PKCS12_V2_PBE_IDS, 0x04 };
00371 CONST_OID pkcs12V2PBEWithSha1And128BitRC2cbc[]    = { PKCS12_V2_PBE_IDS, 0x05 };
00372 CONST_OID pkcs12V2PBEWithSha1And40BitRC2cbc[]     = { PKCS12_V2_PBE_IDS, 0x06 };
00373 
00374 CONST_OID pkcs12SafeContentsID[]                  = { PKCS12_BAG_IDS, 0x04 };
00375 CONST_OID pkcs12PKCS8ShroudedKeyBagID[]           = { PKCS12_BAG_IDS, 0x05 };
00376 
00377 CONST_OID pkcs12V1KeyBag[]                = { PKCS12_V1_BAG_IDS, 0x01 };
00378 CONST_OID pkcs12V1PKCS8ShroudedKeyBag[]   = { PKCS12_V1_BAG_IDS, 0x02 };
00379 CONST_OID pkcs12V1CertBag[]               = { PKCS12_V1_BAG_IDS, 0x03 };
00380 CONST_OID pkcs12V1CRLBag[]                = { PKCS12_V1_BAG_IDS, 0x04 };
00381 CONST_OID pkcs12V1SecretBag[]             = { PKCS12_V1_BAG_IDS, 0x05 };
00382 CONST_OID pkcs12V1SafeContentsBag[]       = { PKCS12_V1_BAG_IDS, 0x06 };
00383 
00384 CONST_OID pkcs12KeyUsageAttr[]            = { 2, 5, 29, 15 };
00385 
00386 CONST_OID ansix9DSASignature[]                   = { ANSI_X9_ALGORITHM, 0x01 };
00387 CONST_OID ansix9DSASignaturewithSHA1Digest[]     = { ANSI_X9_ALGORITHM, 0x03 };
00388 
00389 /* verisign OIDs */
00390 CONST_OID verisignUserNotices[]                  = { VERISIGN, 1, 7, 1, 1 };
00391 
00392 /* pkix OIDs */
00393 CONST_OID pkixCPSPointerQualifier[]              = { PKIX_POLICY_QUALIFIERS, 1 };
00394 CONST_OID pkixUserNoticeQualifier[]              = { PKIX_POLICY_QUALIFIERS, 2 };
00395 
00396 CONST_OID pkixOCSP[]                      = { PKIX_OCSP };
00397 CONST_OID pkixOCSPBasicResponse[]         = { PKIX_OCSP, 1 };
00398 CONST_OID pkixOCSPNonce[]                 = { PKIX_OCSP, 2 };
00399 CONST_OID pkixOCSPCRL[]                   = { PKIX_OCSP, 3 };
00400 CONST_OID pkixOCSPResponse[]                     = { PKIX_OCSP, 4 };
00401 CONST_OID pkixOCSPNoCheck[]               = { PKIX_OCSP, 5 };
00402 CONST_OID pkixOCSPArchiveCutoff[]         = { PKIX_OCSP, 6 };
00403 CONST_OID pkixOCSPServiceLocator[]        = { PKIX_OCSP, 7 };
00404 
00405 CONST_OID pkixCAIssuers[]                 = { PKIX_CA_ISSUERS };
00406 
00407 CONST_OID pkixRegCtrlRegToken[]                  = { PKIX_ID_REGCTRL, 1};
00408 CONST_OID pkixRegCtrlAuthenticator[]             = { PKIX_ID_REGCTRL, 2};
00409 CONST_OID pkixRegCtrlPKIPubInfo[]                = { PKIX_ID_REGCTRL, 3};
00410 CONST_OID pkixRegCtrlPKIArchOptions[]            = { PKIX_ID_REGCTRL, 4};
00411 CONST_OID pkixRegCtrlOldCertID[]                 = { PKIX_ID_REGCTRL, 5};
00412 CONST_OID pkixRegCtrlProtEncKey[]                = { PKIX_ID_REGCTRL, 6};
00413 CONST_OID pkixRegInfoUTF8Pairs[]                 = { PKIX_ID_REGINFO, 1};
00414 CONST_OID pkixRegInfoCertReq[]                   = { PKIX_ID_REGINFO, 2};
00415 
00416 CONST_OID pkixExtendedKeyUsageServerAuth[]       = { PKIX_KEY_USAGE, 1 };
00417 CONST_OID pkixExtendedKeyUsageClientAuth[]       = { PKIX_KEY_USAGE, 2 };
00418 CONST_OID pkixExtendedKeyUsageCodeSign[]         = { PKIX_KEY_USAGE, 3 };
00419 CONST_OID pkixExtendedKeyUsageEMailProtect[]     = { PKIX_KEY_USAGE, 4 };
00420 CONST_OID pkixExtendedKeyUsageTimeStamp[]        = { PKIX_KEY_USAGE, 8 };
00421 CONST_OID pkixOCSPResponderExtendedKeyUsage[]    = { PKIX_KEY_USAGE, 9 };
00422 
00423 /* OIDs for Netscape defined algorithms */
00424 CONST_OID netscapeSMimeKEA[]                     = { NETSCAPE_ALGS, 0x01 };
00425 
00426 /* Fortezza algorithm OIDs */
00427 CONST_OID skipjackCBC[]                   = { FORTEZZA_ALG, 0x04 };
00428 CONST_OID dhPublicKey[]                   = { ANSI_X942_ALGORITHM, 0x1 };
00429 
00430 CONST_OID aes128_ECB[]                           = { AES, 1 };
00431 CONST_OID aes128_CBC[]                           = { AES, 2 };
00432 #ifdef DEFINE_ALL_AES_CIPHERS
00433 CONST_OID aes128_OFB[]                           = { AES, 3 };
00434 CONST_OID aes128_CFB[]                           = { AES, 4 };
00435 #endif
00436 CONST_OID aes128_KEY_WRAP[]               = { AES, 5 };
00437 
00438 CONST_OID aes192_ECB[]                           = { AES, 21 };
00439 CONST_OID aes192_CBC[]                           = { AES, 22 };
00440 #ifdef DEFINE_ALL_AES_CIPHERS
00441 CONST_OID aes192_OFB[]                           = { AES, 23 };
00442 CONST_OID aes192_CFB[]                           = { AES, 24 };
00443 #endif
00444 CONST_OID aes192_KEY_WRAP[]               = { AES, 25 };
00445 
00446 CONST_OID aes256_ECB[]                           = { AES, 41 };
00447 CONST_OID aes256_CBC[]                           = { AES, 42 };
00448 #ifdef DEFINE_ALL_AES_CIPHERS
00449 CONST_OID aes256_OFB[]                           = { AES, 43 };
00450 CONST_OID aes256_CFB[]                           = { AES, 44 };
00451 #endif
00452 CONST_OID aes256_KEY_WRAP[]               = { AES, 45 };
00453 
00454 CONST_OID sha256[]                              = { SHAXXX, 1 };
00455 CONST_OID sha384[]                              = { SHAXXX, 2 };
00456 CONST_OID sha512[]                              = { SHAXXX, 3 };
00457 
00458 CONST_OID ansix962ECPublicKey[]             = { ANSI_X962_OID, 0x02, 0x01 };
00459 CONST_OID ansix962SignaturewithSHA1Digest[] = { ANSI_X962_SIGNATURE_OID, 0x01 };
00460 CONST_OID ansix962SignatureRecommended[]    = { ANSI_X962_SIGNATURE_OID, 0x02 };
00461 CONST_OID ansix962SignatureSpecified[]      = { ANSI_X962_SPECIFY_OID };
00462 CONST_OID ansix962SignaturewithSHA224Digest[] = { ANSI_X962_SPECIFY_OID, 0x01 };
00463 CONST_OID ansix962SignaturewithSHA256Digest[] = { ANSI_X962_SPECIFY_OID, 0x02 };
00464 CONST_OID ansix962SignaturewithSHA384Digest[] = { ANSI_X962_SPECIFY_OID, 0x03 };
00465 CONST_OID ansix962SignaturewithSHA512Digest[] = { ANSI_X962_SPECIFY_OID, 0x04 };
00466 
00467 /* ANSI X9.62 prime curve OIDs */
00468 /* NOTE: prime192v1 is the same as secp192r1, prime256v1 is the
00469  * same as secp256r1
00470  */
00471 CONST_OID ansiX962prime192v1[] = { ANSI_X962_GFp_OID, 0x01 };
00472 CONST_OID ansiX962prime192v2[] = { ANSI_X962_GFp_OID, 0x02 };
00473 CONST_OID ansiX962prime192v3[] = { ANSI_X962_GFp_OID, 0x03 };
00474 CONST_OID ansiX962prime239v1[] = { ANSI_X962_GFp_OID, 0x04 };
00475 CONST_OID ansiX962prime239v2[] = { ANSI_X962_GFp_OID, 0x05 };
00476 CONST_OID ansiX962prime239v3[] = { ANSI_X962_GFp_OID, 0x06 };
00477 CONST_OID ansiX962prime256v1[] = { ANSI_X962_GFp_OID, 0x07 };
00478 
00479 /* SECG prime curve OIDs */
00480 CONST_OID secgECsecp112r1[] = { SECG_OID, 0x06 };
00481 CONST_OID secgECsecp112r2[] = { SECG_OID, 0x07 };
00482 CONST_OID secgECsecp128r1[] = { SECG_OID, 0x1c };
00483 CONST_OID secgECsecp128r2[] = { SECG_OID, 0x1d };
00484 CONST_OID secgECsecp160k1[] = { SECG_OID, 0x09 };
00485 CONST_OID secgECsecp160r1[] = { SECG_OID, 0x08 };
00486 CONST_OID secgECsecp160r2[] = { SECG_OID, 0x1e };
00487 CONST_OID secgECsecp192k1[] = { SECG_OID, 0x1f };
00488 CONST_OID secgECsecp224k1[] = { SECG_OID, 0x20 };
00489 CONST_OID secgECsecp224r1[] = { SECG_OID, 0x21 };
00490 CONST_OID secgECsecp256k1[] = { SECG_OID, 0x0a };
00491 CONST_OID secgECsecp384r1[] = { SECG_OID, 0x22 };
00492 CONST_OID secgECsecp521r1[] = { SECG_OID, 0x23 };
00493 
00494 /* ANSI X9.62 characteristic two curve OIDs */
00495 CONST_OID ansiX962c2pnb163v1[] = { ANSI_X962_GF2m_OID, 0x01 };
00496 CONST_OID ansiX962c2pnb163v2[] = { ANSI_X962_GF2m_OID, 0x02 };
00497 CONST_OID ansiX962c2pnb163v3[] = { ANSI_X962_GF2m_OID, 0x03 };
00498 CONST_OID ansiX962c2pnb176v1[] = { ANSI_X962_GF2m_OID, 0x04 };
00499 CONST_OID ansiX962c2tnb191v1[] = { ANSI_X962_GF2m_OID, 0x05 };
00500 CONST_OID ansiX962c2tnb191v2[] = { ANSI_X962_GF2m_OID, 0x06 };
00501 CONST_OID ansiX962c2tnb191v3[] = { ANSI_X962_GF2m_OID, 0x07 };
00502 CONST_OID ansiX962c2onb191v4[] = { ANSI_X962_GF2m_OID, 0x08 };
00503 CONST_OID ansiX962c2onb191v5[] = { ANSI_X962_GF2m_OID, 0x09 };
00504 CONST_OID ansiX962c2pnb208w1[] = { ANSI_X962_GF2m_OID, 0x0a };
00505 CONST_OID ansiX962c2tnb239v1[] = { ANSI_X962_GF2m_OID, 0x0b };
00506 CONST_OID ansiX962c2tnb239v2[] = { ANSI_X962_GF2m_OID, 0x0c };
00507 CONST_OID ansiX962c2tnb239v3[] = { ANSI_X962_GF2m_OID, 0x0d };
00508 CONST_OID ansiX962c2onb239v4[] = { ANSI_X962_GF2m_OID, 0x0e };
00509 CONST_OID ansiX962c2onb239v5[] = { ANSI_X962_GF2m_OID, 0x0f };
00510 CONST_OID ansiX962c2pnb272w1[] = { ANSI_X962_GF2m_OID, 0x10 };
00511 CONST_OID ansiX962c2pnb304w1[] = { ANSI_X962_GF2m_OID, 0x11 };
00512 CONST_OID ansiX962c2tnb359v1[] = { ANSI_X962_GF2m_OID, 0x12 };
00513 CONST_OID ansiX962c2pnb368w1[] = { ANSI_X962_GF2m_OID, 0x13 };
00514 CONST_OID ansiX962c2tnb431r1[] = { ANSI_X962_GF2m_OID, 0x14 };
00515 
00516 /* SECG characterisitic two curve OIDs */
00517 CONST_OID secgECsect113r1[] = {SECG_OID, 0x04 };
00518 CONST_OID secgECsect113r2[] = {SECG_OID, 0x05 };
00519 CONST_OID secgECsect131r1[] = {SECG_OID, 0x16 };
00520 CONST_OID secgECsect131r2[] = {SECG_OID, 0x17 };
00521 CONST_OID secgECsect163k1[] = {SECG_OID, 0x01 };
00522 CONST_OID secgECsect163r1[] = {SECG_OID, 0x02 };
00523 CONST_OID secgECsect163r2[] = {SECG_OID, 0x0f };
00524 CONST_OID secgECsect193r1[] = {SECG_OID, 0x18 };
00525 CONST_OID secgECsect193r2[] = {SECG_OID, 0x19 };
00526 CONST_OID secgECsect233k1[] = {SECG_OID, 0x1a };
00527 CONST_OID secgECsect233r1[] = {SECG_OID, 0x1b };
00528 CONST_OID secgECsect239k1[] = {SECG_OID, 0x03 };
00529 CONST_OID secgECsect283k1[] = {SECG_OID, 0x10 };
00530 CONST_OID secgECsect283r1[] = {SECG_OID, 0x11 };
00531 CONST_OID secgECsect409k1[] = {SECG_OID, 0x24 };
00532 CONST_OID secgECsect409r1[] = {SECG_OID, 0x25 };
00533 CONST_OID secgECsect571k1[] = {SECG_OID, 0x26 };
00534 CONST_OID secgECsect571r1[] = {SECG_OID, 0x27 };
00535 
00536 #define OI(x) { siDEROID, (unsigned char *)x, sizeof x }
00537 #ifndef SECOID_NO_STRINGS
00538 #define OD(oid,tag,desc,mech,ext) { OI(oid), tag, desc, mech, ext }
00539 #else
00540 #define OD(oid,tag,desc,mech,ext) { OI(oid), tag, 0, mech, ext }
00541 #endif
00542 
00543 /*
00544  * NOTE: the order of these entries must mach the SECOidTag enum in secoidt.h!
00545  */
00546 const static SECOidData oids[] = {
00547     { { siDEROID, NULL, 0 }, SEC_OID_UNKNOWN,
00548        "Unknown OID", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
00549     OD( md2, SEC_OID_MD2, "MD2", CKM_MD2, INVALID_CERT_EXTENSION ),
00550     OD( md4, SEC_OID_MD4,
00551        "MD4", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00552     OD( md5, SEC_OID_MD5, "MD5", CKM_MD5, INVALID_CERT_EXTENSION ),
00553     OD( sha1, SEC_OID_SHA1, "SHA-1", CKM_SHA_1, INVALID_CERT_EXTENSION ),
00554     OD( rc2cbc, SEC_OID_RC2_CBC,
00555        "RC2-CBC", CKM_RC2_CBC, INVALID_CERT_EXTENSION ),
00556     OD( rc4, SEC_OID_RC4, "RC4", CKM_RC4, INVALID_CERT_EXTENSION ),
00557     OD( desede3cbc, SEC_OID_DES_EDE3_CBC,
00558        "DES-EDE3-CBC", CKM_DES3_CBC, INVALID_CERT_EXTENSION ),
00559     OD( rc5cbcpad, SEC_OID_RC5_CBC_PAD,
00560        "RC5-CBCPad", CKM_RC5_CBC, INVALID_CERT_EXTENSION ),
00561     OD( desecb, SEC_OID_DES_ECB,
00562        "DES-ECB", CKM_DES_ECB, INVALID_CERT_EXTENSION ),
00563     OD( descbc, SEC_OID_DES_CBC,
00564        "DES-CBC", CKM_DES_CBC, INVALID_CERT_EXTENSION ),
00565     OD( desofb, SEC_OID_DES_OFB,
00566        "DES-OFB", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00567     OD( descfb, SEC_OID_DES_CFB,
00568        "DES-CFB", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00569     OD( desmac, SEC_OID_DES_MAC,
00570        "DES-MAC", CKM_DES_MAC, INVALID_CERT_EXTENSION ),
00571     OD( desede, SEC_OID_DES_EDE,
00572        "DES-EDE", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00573     OD( isoSHAWithRSASignature, SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE,
00574        "ISO SHA with RSA Signature", 
00575        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00576     OD( pkcs1RSAEncryption, SEC_OID_PKCS1_RSA_ENCRYPTION,
00577        "PKCS #1 RSA Encryption", CKM_RSA_PKCS, INVALID_CERT_EXTENSION ),
00578 
00579     /* the following Signing mechanisms should get new CKM_ values when
00580      * values for CKM_RSA_WITH_MDX and CKM_RSA_WITH_SHA_1 get defined in
00581      * PKCS #11.
00582      */
00583     OD( pkcs1MD2WithRSAEncryption, SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION,
00584        "PKCS #1 MD2 With RSA Encryption", CKM_MD2_RSA_PKCS,
00585        INVALID_CERT_EXTENSION ),
00586     OD( pkcs1MD4WithRSAEncryption, SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION,
00587        "PKCS #1 MD4 With RSA Encryption", 
00588        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00589     OD( pkcs1MD5WithRSAEncryption, SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION,
00590        "PKCS #1 MD5 With RSA Encryption", CKM_MD5_RSA_PKCS,
00591        INVALID_CERT_EXTENSION ),
00592     OD( pkcs1SHA1WithRSAEncryption, SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION,
00593        "PKCS #1 SHA-1 With RSA Encryption", CKM_SHA1_RSA_PKCS,
00594        INVALID_CERT_EXTENSION ),
00595 
00596     OD( pkcs5PbeWithMD2AndDEScbc, SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC,
00597        "PKCS #5 Password Based Encryption with MD2 and DES CBC",
00598        CKM_PBE_MD2_DES_CBC, INVALID_CERT_EXTENSION ),
00599     OD( pkcs5PbeWithMD5AndDEScbc, SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC,
00600        "PKCS #5 Password Based Encryption with MD5 and DES CBC",
00601        CKM_PBE_MD5_DES_CBC, INVALID_CERT_EXTENSION ),
00602     OD( pkcs5PbeWithSha1AndDEScbc, SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC,
00603        "PKCS #5 Password Based Encryption with SHA1 and DES CBC", 
00604        CKM_NETSCAPE_PBE_SHA1_DES_CBC, INVALID_CERT_EXTENSION ),
00605     OD( pkcs7, SEC_OID_PKCS7,
00606        "PKCS #7", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00607     OD( pkcs7Data, SEC_OID_PKCS7_DATA,
00608        "PKCS #7 Data", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00609     OD( pkcs7SignedData, SEC_OID_PKCS7_SIGNED_DATA,
00610        "PKCS #7 Signed Data", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00611     OD( pkcs7EnvelopedData, SEC_OID_PKCS7_ENVELOPED_DATA,
00612        "PKCS #7 Enveloped Data", 
00613        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00614     OD( pkcs7SignedEnvelopedData, SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA,
00615        "PKCS #7 Signed And Enveloped Data", 
00616        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00617     OD( pkcs7DigestedData, SEC_OID_PKCS7_DIGESTED_DATA,
00618        "PKCS #7 Digested Data", 
00619        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00620     OD( pkcs7EncryptedData, SEC_OID_PKCS7_ENCRYPTED_DATA,
00621        "PKCS #7 Encrypted Data", 
00622        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00623     OD( pkcs9EmailAddress, SEC_OID_PKCS9_EMAIL_ADDRESS,
00624        "PKCS #9 Email Address", 
00625        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00626     OD( pkcs9UnstructuredName, SEC_OID_PKCS9_UNSTRUCTURED_NAME,
00627        "PKCS #9 Unstructured Name", 
00628        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00629     OD( pkcs9ContentType, SEC_OID_PKCS9_CONTENT_TYPE,
00630        "PKCS #9 Content Type", 
00631        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00632     OD( pkcs9MessageDigest, SEC_OID_PKCS9_MESSAGE_DIGEST,
00633        "PKCS #9 Message Digest", 
00634        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00635     OD( pkcs9SigningTime, SEC_OID_PKCS9_SIGNING_TIME,
00636        "PKCS #9 Signing Time", 
00637        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00638     OD( pkcs9CounterSignature, SEC_OID_PKCS9_COUNTER_SIGNATURE,
00639        "PKCS #9 Counter Signature", 
00640        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00641     OD( pkcs9ChallengePassword, SEC_OID_PKCS9_CHALLENGE_PASSWORD,
00642        "PKCS #9 Challenge Password", 
00643        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00644     OD( pkcs9UnstructuredAddress, SEC_OID_PKCS9_UNSTRUCTURED_ADDRESS,
00645        "PKCS #9 Unstructured Address", 
00646        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00647     OD( pkcs9ExtendedCertificateAttributes,
00648        SEC_OID_PKCS9_EXTENDED_CERTIFICATE_ATTRIBUTES,
00649        "PKCS #9 Extended Certificate Attributes", 
00650        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00651     OD( pkcs9SMIMECapabilities, SEC_OID_PKCS9_SMIME_CAPABILITIES,
00652        "PKCS #9 S/MIME Capabilities", 
00653        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00654     OD( x520CommonName, SEC_OID_AVA_COMMON_NAME,
00655        "X520 Common Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00656     OD( x520CountryName, SEC_OID_AVA_COUNTRY_NAME,
00657        "X520 Country Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00658     OD( x520LocalityName, SEC_OID_AVA_LOCALITY,
00659        "X520 Locality Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00660     OD( x520StateOrProvinceName, SEC_OID_AVA_STATE_OR_PROVINCE,
00661        "X520 State Or Province Name", 
00662        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00663     OD( x520OrgName, SEC_OID_AVA_ORGANIZATION_NAME,
00664        "X520 Organization Name", 
00665        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00666     OD( x520OrgUnitName, SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME,
00667        "X520 Organizational Unit Name", 
00668        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00669     OD( x520DnQualifier, SEC_OID_AVA_DN_QUALIFIER,
00670        "X520 DN Qualifier", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00671     OD( rfc2247DomainComponent, SEC_OID_AVA_DC,
00672        "RFC 2247 Domain Component", 
00673        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00674 
00675     OD( nsTypeGIF, SEC_OID_NS_TYPE_GIF,
00676        "GIF", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00677     OD( nsTypeJPEG, SEC_OID_NS_TYPE_JPEG,
00678        "JPEG", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00679     OD( nsTypeURL, SEC_OID_NS_TYPE_URL,
00680        "URL", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00681     OD( nsTypeHTML, SEC_OID_NS_TYPE_HTML,
00682        "HTML", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00683     OD( nsTypeCertSeq, SEC_OID_NS_TYPE_CERT_SEQUENCE,
00684        "Certificate Sequence", 
00685        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00686     OD( missiCertKEADSSOld, SEC_OID_MISSI_KEA_DSS_OLD, 
00687        "MISSI KEA and DSS Algorithm (Old)",
00688        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00689     OD( missiCertDSSOld, SEC_OID_MISSI_DSS_OLD, 
00690        "MISSI DSS Algorithm (Old)",
00691        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00692     OD( missiCertKEADSS, SEC_OID_MISSI_KEA_DSS, 
00693        "MISSI KEA and DSS Algorithm",
00694        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00695     OD( missiCertDSS, SEC_OID_MISSI_DSS, 
00696        "MISSI DSS Algorithm",
00697        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00698     OD( missiCertKEA, SEC_OID_MISSI_KEA, 
00699        "MISSI KEA Algorithm",
00700        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00701     OD( missiCertAltKEA, SEC_OID_MISSI_ALT_KEA, 
00702        "MISSI Alternate KEA Algorithm",
00703           CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00704 
00705     /* Netscape private extensions */
00706     OD( nsCertExtNetscapeOK, SEC_OID_NS_CERT_EXT_NETSCAPE_OK,
00707        "Netscape says this cert is OK",
00708        CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
00709     OD( nsCertExtIssuerLogo, SEC_OID_NS_CERT_EXT_ISSUER_LOGO,
00710        "Certificate Issuer Logo",
00711        CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
00712     OD( nsCertExtSubjectLogo, SEC_OID_NS_CERT_EXT_SUBJECT_LOGO,
00713        "Certificate Subject Logo",
00714        CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
00715     OD( nsExtCertType, SEC_OID_NS_CERT_EXT_CERT_TYPE,
00716        "Certificate Type",
00717        CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00718     OD( nsExtBaseURL, SEC_OID_NS_CERT_EXT_BASE_URL,
00719        "Certificate Extension Base URL",
00720        CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00721     OD( nsExtRevocationURL, SEC_OID_NS_CERT_EXT_REVOCATION_URL,
00722        "Certificate Revocation URL",
00723        CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00724     OD( nsExtCARevocationURL, SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL,
00725        "Certificate Authority Revocation URL",
00726        CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00727     OD( nsExtCACRLURL, SEC_OID_NS_CERT_EXT_CA_CRL_URL,
00728        "Certificate Authority CRL Download URL",
00729        CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
00730     OD( nsExtCACertURL, SEC_OID_NS_CERT_EXT_CA_CERT_URL,
00731        "Certificate Authority Certificate Download URL",
00732        CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
00733     OD( nsExtCertRenewalURL, SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL,
00734        "Certificate Renewal URL", 
00735        CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), 
00736     OD( nsExtCAPolicyURL, SEC_OID_NS_CERT_EXT_CA_POLICY_URL,
00737        "Certificate Authority Policy URL",
00738        CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00739     OD( nsExtHomepageURL, SEC_OID_NS_CERT_EXT_HOMEPAGE_URL,
00740        "Certificate Homepage URL", 
00741        CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
00742     OD( nsExtEntityLogo, SEC_OID_NS_CERT_EXT_ENTITY_LOGO,
00743        "Certificate Entity Logo", 
00744        CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
00745     OD( nsExtUserPicture, SEC_OID_NS_CERT_EXT_USER_PICTURE,
00746        "Certificate User Picture", 
00747        CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
00748     OD( nsExtSSLServerName, SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME,
00749        "Certificate SSL Server Name", 
00750        CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00751     OD( nsExtComment, SEC_OID_NS_CERT_EXT_COMMENT,
00752        "Certificate Comment", 
00753        CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00754     OD( nsExtLostPasswordURL, SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL,
00755         "Lost Password URL", 
00756        CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00757     OD( nsExtCertRenewalTime, SEC_OID_NS_CERT_EXT_CERT_RENEWAL_TIME, 
00758        "Certificate Renewal Time", 
00759        CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00760     OD( nsKeyUsageGovtApproved, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED,
00761        "Strong Crypto Export Approved",
00762        CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
00763 
00764 
00765     /* x.509 v3 certificate extensions */
00766     OD( x509SubjectDirectoryAttr, SEC_OID_X509_SUBJECT_DIRECTORY_ATTR,
00767        "Certificate Subject Directory Attributes",
00768        CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION),
00769     OD( x509SubjectKeyID, SEC_OID_X509_SUBJECT_KEY_ID, 
00770        "Certificate Subject Key ID",
00771        CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00772     OD( x509KeyUsage, SEC_OID_X509_KEY_USAGE, 
00773        "Certificate Key Usage",
00774        CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00775     OD( x509PrivateKeyUsagePeriod, SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD,
00776        "Certificate Private Key Usage Period",
00777         CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
00778     OD( x509SubjectAltName, SEC_OID_X509_SUBJECT_ALT_NAME, 
00779        "Certificate Subject Alt Name",
00780         CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00781     OD( x509IssuerAltName, SEC_OID_X509_ISSUER_ALT_NAME, 
00782        "Certificate Issuer Alt Name",
00783         CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
00784     OD( x509BasicConstraints, SEC_OID_X509_BASIC_CONSTRAINTS, 
00785        "Certificate Basic Constraints",
00786        CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00787     OD( x509NameConstraints, SEC_OID_X509_NAME_CONSTRAINTS, 
00788        "Certificate Name Constraints",
00789        CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00790     OD( x509CRLDistPoints, SEC_OID_X509_CRL_DIST_POINTS, 
00791        "CRL Distribution Points",
00792        CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
00793     OD( x509CertificatePolicies, SEC_OID_X509_CERTIFICATE_POLICIES,
00794        "Certificate Policies",
00795         CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
00796     OD( x509PolicyMappings, SEC_OID_X509_POLICY_MAPPINGS, 
00797        "Certificate Policy Mappings",
00798         CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
00799     OD( x509PolicyConstraints, SEC_OID_X509_POLICY_CONSTRAINTS, 
00800        "Certificate Policy Constraints",
00801         CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
00802     OD( x509AuthKeyID, SEC_OID_X509_AUTH_KEY_ID, 
00803        "Certificate Authority Key Identifier",
00804        CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00805     OD( x509ExtKeyUsage, SEC_OID_X509_EXT_KEY_USAGE, 
00806        "Extended Key Usage",
00807        CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00808     OD( x509AuthInfoAccess, SEC_OID_X509_AUTH_INFO_ACCESS, 
00809        "Authority Information Access",
00810         CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00811 
00812     /* x.509 v3 CRL extensions */
00813     OD( x509CrlNumber, SEC_OID_X509_CRL_NUMBER, 
00814        "CRL Number", CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00815     OD( x509ReasonCode, SEC_OID_X509_REASON_CODE, 
00816        "CRL reason code", CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00817     OD( x509InvalidDate, SEC_OID_X509_INVALID_DATE, 
00818        "Invalid Date", CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00819        
00820     OD( x500RSAEncryption, SEC_OID_X500_RSA_ENCRYPTION,
00821        "X500 RSA Encryption", CKM_RSA_X_509, INVALID_CERT_EXTENSION ),
00822 
00823     /* added for alg 1485 */
00824     OD( rfc1274Uid, SEC_OID_RFC1274_UID,
00825        "RFC1274 User Id", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00826     OD( rfc1274Mail, SEC_OID_RFC1274_MAIL,
00827        "RFC1274 E-mail Address", 
00828        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00829 
00830     /* pkcs 12 additions */
00831     OD( pkcs12, SEC_OID_PKCS12,
00832        "PKCS #12", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00833     OD( pkcs12ModeIDs, SEC_OID_PKCS12_MODE_IDS,
00834        "PKCS #12 Mode IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00835     OD( pkcs12ESPVKIDs, SEC_OID_PKCS12_ESPVK_IDS,
00836        "PKCS #12 ESPVK IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00837     OD( pkcs12BagIDs, SEC_OID_PKCS12_BAG_IDS,
00838        "PKCS #12 Bag IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00839     OD( pkcs12CertBagIDs, SEC_OID_PKCS12_CERT_BAG_IDS,
00840        "PKCS #12 Cert Bag IDs", 
00841        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00842     OD( pkcs12OIDs, SEC_OID_PKCS12_OIDS,
00843        "PKCS #12 OIDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00844     OD( pkcs12PBEIDs, SEC_OID_PKCS12_PBE_IDS,
00845        "PKCS #12 PBE IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00846     OD( pkcs12SignatureIDs, SEC_OID_PKCS12_SIGNATURE_IDS,
00847        "PKCS #12 Signature IDs", 
00848        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00849     OD( pkcs12EnvelopingIDs, SEC_OID_PKCS12_ENVELOPING_IDS,
00850        "PKCS #12 Enveloping IDs", 
00851        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00852     OD( pkcs12PKCS8KeyShrouding, SEC_OID_PKCS12_PKCS8_KEY_SHROUDING,
00853        "PKCS #12 Key Shrouding", 
00854        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00855     OD( pkcs12KeyBagID, SEC_OID_PKCS12_KEY_BAG_ID,
00856        "PKCS #12 Key Bag ID", 
00857        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00858     OD( pkcs12CertAndCRLBagID, SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID,
00859        "PKCS #12 Cert And CRL Bag ID", 
00860        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00861     OD( pkcs12SecretBagID, SEC_OID_PKCS12_SECRET_BAG_ID,
00862        "PKCS #12 Secret Bag ID", 
00863        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00864     OD( pkcs12X509CertCRLBag, SEC_OID_PKCS12_X509_CERT_CRL_BAG,
00865        "PKCS #12 X509 Cert CRL Bag", 
00866        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00867     OD( pkcs12SDSICertBag, SEC_OID_PKCS12_SDSI_CERT_BAG,
00868        "PKCS #12 SDSI Cert Bag", 
00869        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00870     OD( pkcs12PBEWithSha1And128BitRC4,
00871        SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4,
00872        "PKCS #12 PBE With Sha1 and 128 Bit RC4", 
00873        CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4, INVALID_CERT_EXTENSION ),
00874     OD( pkcs12PBEWithSha1And40BitRC4,
00875        SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4,
00876        "PKCS #12 PBE With Sha1 and 40 Bit RC4", 
00877        CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4, INVALID_CERT_EXTENSION ),
00878     OD( pkcs12PBEWithSha1AndTripleDESCBC,
00879        SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC,
00880        "PKCS #12 PBE With Sha1 and Triple DES CBC", 
00881        CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC, INVALID_CERT_EXTENSION ),
00882     OD( pkcs12PBEWithSha1And128BitRC2CBC,
00883        SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC,
00884        "PKCS #12 PBE With Sha1 and 128 Bit RC2 CBC", 
00885        CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC, INVALID_CERT_EXTENSION ),
00886     OD( pkcs12PBEWithSha1And40BitRC2CBC,
00887        SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC,
00888        "PKCS #12 PBE With Sha1 and 40 Bit RC2 CBC", 
00889        CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC, INVALID_CERT_EXTENSION ),
00890     OD( pkcs12RSAEncryptionWith128BitRC4,
00891        SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_128_BIT_RC4,
00892        "PKCS #12 RSA Encryption with 128 Bit RC4",
00893        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00894     OD( pkcs12RSAEncryptionWith40BitRC4,
00895        SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_40_BIT_RC4,
00896        "PKCS #12 RSA Encryption with 40 Bit RC4",
00897        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00898     OD( pkcs12RSAEncryptionWithTripleDES,
00899        SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_TRIPLE_DES,
00900        "PKCS #12 RSA Encryption with Triple DES",
00901        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00902     OD( pkcs12RSASignatureWithSHA1Digest,
00903        SEC_OID_PKCS12_RSA_SIGNATURE_WITH_SHA1_DIGEST,
00904        "PKCS #12 RSA Encryption with Triple DES",
00905        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00906 
00907     /* DSA signatures */
00908     OD( ansix9DSASignature, SEC_OID_ANSIX9_DSA_SIGNATURE,
00909        "ANSI X9.57 DSA Signature", CKM_DSA, INVALID_CERT_EXTENSION ),
00910     OD( ansix9DSASignaturewithSHA1Digest,
00911         SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST,
00912        "ANSI X9.57 DSA Signature with SHA1 Digest", 
00913        CKM_DSA_SHA1, INVALID_CERT_EXTENSION ),
00914     OD( bogusDSASignaturewithSHA1Digest,
00915         SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST,
00916        "FORTEZZA DSA Signature with SHA1 Digest", 
00917        CKM_DSA_SHA1, INVALID_CERT_EXTENSION ),
00918 
00919     /* verisign oids */
00920     OD( verisignUserNotices, SEC_OID_VERISIGN_USER_NOTICES,
00921        "Verisign User Notices", 
00922        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00923 
00924     /* pkix oids */
00925     OD( pkixCPSPointerQualifier, SEC_OID_PKIX_CPS_POINTER_QUALIFIER,
00926        "PKIX CPS Pointer Qualifier", 
00927        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00928     OD( pkixUserNoticeQualifier, SEC_OID_PKIX_USER_NOTICE_QUALIFIER,
00929        "PKIX User Notice Qualifier", 
00930        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00931 
00932     OD( pkixOCSP, SEC_OID_PKIX_OCSP,
00933        "PKIX Online Certificate Status Protocol", 
00934        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00935     OD( pkixOCSPBasicResponse, SEC_OID_PKIX_OCSP_BASIC_RESPONSE,
00936        "OCSP Basic Response", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00937     OD( pkixOCSPNonce, SEC_OID_PKIX_OCSP_NONCE,
00938        "OCSP Nonce Extension", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00939     OD( pkixOCSPCRL, SEC_OID_PKIX_OCSP_CRL,
00940        "OCSP CRL Reference Extension", 
00941        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00942     OD( pkixOCSPResponse, SEC_OID_PKIX_OCSP_RESPONSE,
00943        "OCSP Response Types Extension", 
00944        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00945     OD( pkixOCSPNoCheck, SEC_OID_PKIX_OCSP_NO_CHECK,
00946        "OCSP No Check Extension", 
00947        CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00948     OD( pkixOCSPArchiveCutoff, SEC_OID_PKIX_OCSP_ARCHIVE_CUTOFF,
00949        "OCSP Archive Cutoff Extension", 
00950        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00951     OD( pkixOCSPServiceLocator, SEC_OID_PKIX_OCSP_SERVICE_LOCATOR,
00952        "OCSP Service Locator Extension", 
00953        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00954 
00955     OD( pkixRegCtrlRegToken, SEC_OID_PKIX_REGCTRL_REGTOKEN,
00956         "PKIX CRMF Registration Control, Registration Token", 
00957         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00958     OD( pkixRegCtrlAuthenticator, SEC_OID_PKIX_REGCTRL_AUTHENTICATOR,
00959         "PKIX CRMF Registration Control, Registration Authenticator", 
00960         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00961     OD( pkixRegCtrlPKIPubInfo, SEC_OID_PKIX_REGCTRL_PKIPUBINFO,
00962         "PKIX CRMF Registration Control, PKI Publication Info", 
00963         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
00964     OD( pkixRegCtrlPKIArchOptions,
00965         SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS,
00966         "PKIX CRMF Registration Control, PKI Archive Options", 
00967         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
00968     OD( pkixRegCtrlOldCertID, SEC_OID_PKIX_REGCTRL_OLD_CERT_ID,
00969         "PKIX CRMF Registration Control, Old Certificate ID", 
00970         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
00971     OD( pkixRegCtrlProtEncKey, SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY,
00972         "PKIX CRMF Registration Control, Protocol Encryption Key", 
00973         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
00974     OD( pkixRegInfoUTF8Pairs, SEC_OID_PKIX_REGINFO_UTF8_PAIRS,
00975         "PKIX CRMF Registration Info, UTF8 Pairs", 
00976         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
00977     OD( pkixRegInfoCertReq, SEC_OID_PKIX_REGINFO_CERT_REQUEST,
00978         "PKIX CRMF Registration Info, Certificate Request", 
00979         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
00980     OD( pkixExtendedKeyUsageServerAuth,
00981         SEC_OID_EXT_KEY_USAGE_SERVER_AUTH,
00982         "TLS Web Server Authentication Certificate",
00983         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
00984     OD( pkixExtendedKeyUsageClientAuth,
00985         SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH,
00986         "TLS Web Client Authentication Certificate",
00987         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
00988     OD( pkixExtendedKeyUsageCodeSign, SEC_OID_EXT_KEY_USAGE_CODE_SIGN,
00989         "Code Signing Certificate",
00990         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
00991     OD( pkixExtendedKeyUsageEMailProtect,
00992         SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT,
00993         "E-Mail Protection Certificate",
00994         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
00995     OD( pkixExtendedKeyUsageTimeStamp,
00996         SEC_OID_EXT_KEY_USAGE_TIME_STAMP,
00997         "Time Stamping Certifcate",
00998         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
00999     OD( pkixOCSPResponderExtendedKeyUsage, SEC_OID_OCSP_RESPONDER,
01000           "OCSP Responder Certificate",
01001           CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
01002 
01003     /* Netscape Algorithm OIDs */
01004 
01005     OD( netscapeSMimeKEA, SEC_OID_NETSCAPE_SMIME_KEA,
01006        "Netscape S/MIME KEA", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01007 
01008       /* Skipjack OID -- ### mwelch temporary */
01009     OD( skipjackCBC, SEC_OID_FORTEZZA_SKIPJACK,
01010        "Skipjack CBC64", CKM_SKIPJACK_CBC64, INVALID_CERT_EXTENSION ),
01011 
01012     /* pkcs12 v2 oids */
01013     OD( pkcs12V2PBEWithSha1And128BitRC4,
01014         SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4,
01015        "PKCS12 V2 PBE With SHA1 And 128 Bit RC4", 
01016        CKM_PBE_SHA1_RC4_128, INVALID_CERT_EXTENSION ),
01017     OD( pkcs12V2PBEWithSha1And40BitRC4,
01018         SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4,
01019        "PKCS12 V2 PBE With SHA1 And 40 Bit RC4", 
01020        CKM_PBE_SHA1_RC4_40, INVALID_CERT_EXTENSION ),
01021     OD( pkcs12V2PBEWithSha1And3KeyTripleDEScbc,
01022         SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC,
01023        "PKCS12 V2 PBE With SHA1 And 3KEY Triple DES-cbc", 
01024        CKM_PBE_SHA1_DES3_EDE_CBC, INVALID_CERT_EXTENSION ),
01025     OD( pkcs12V2PBEWithSha1And2KeyTripleDEScbc,
01026         SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC,
01027        "PKCS12 V2 PBE With SHA1 And 2KEY Triple DES-cbc", 
01028        CKM_PBE_SHA1_DES2_EDE_CBC, INVALID_CERT_EXTENSION ),
01029     OD( pkcs12V2PBEWithSha1And128BitRC2cbc,
01030         SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC,
01031        "PKCS12 V2 PBE With SHA1 And 128 Bit RC2 CBC", 
01032        CKM_PBE_SHA1_RC2_128_CBC, INVALID_CERT_EXTENSION ),
01033     OD( pkcs12V2PBEWithSha1And40BitRC2cbc,
01034         SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC,
01035        "PKCS12 V2 PBE With SHA1 And 40 Bit RC2 CBC", 
01036        CKM_PBE_SHA1_RC2_40_CBC, INVALID_CERT_EXTENSION ),
01037     OD( pkcs12SafeContentsID, SEC_OID_PKCS12_SAFE_CONTENTS_ID,
01038        "PKCS #12 Safe Contents ID", 
01039        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01040     OD( pkcs12PKCS8ShroudedKeyBagID,
01041        SEC_OID_PKCS12_PKCS8_SHROUDED_KEY_BAG_ID,
01042        "PKCS #12 Safe Contents ID", 
01043        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01044     OD( pkcs12V1KeyBag, SEC_OID_PKCS12_V1_KEY_BAG_ID,
01045        "PKCS #12 V1 Key Bag", 
01046        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01047     OD( pkcs12V1PKCS8ShroudedKeyBag,
01048        SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID,
01049        "PKCS #12 V1 PKCS8 Shrouded Key Bag", 
01050        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01051     OD( pkcs12V1CertBag, SEC_OID_PKCS12_V1_CERT_BAG_ID,
01052        "PKCS #12 V1 Cert Bag", 
01053        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01054     OD( pkcs12V1CRLBag, SEC_OID_PKCS12_V1_CRL_BAG_ID,
01055        "PKCS #12 V1 CRL Bag", 
01056        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01057     OD( pkcs12V1SecretBag, SEC_OID_PKCS12_V1_SECRET_BAG_ID,
01058        "PKCS #12 V1 Secret Bag", 
01059        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01060     OD( pkcs12V1SafeContentsBag, SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID,
01061        "PKCS #12 V1 Safe Contents Bag", 
01062        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01063 
01064     OD( pkcs9X509Certificate, SEC_OID_PKCS9_X509_CERT,
01065        "PKCS #9 X509 Certificate", 
01066        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01067     OD( pkcs9SDSICertificate, SEC_OID_PKCS9_SDSI_CERT,
01068        "PKCS #9 SDSI Certificate", 
01069        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01070     OD( pkcs9X509CRL, SEC_OID_PKCS9_X509_CRL,
01071        "PKCS #9 X509 CRL", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01072     OD( pkcs9FriendlyName, SEC_OID_PKCS9_FRIENDLY_NAME,
01073        "PKCS #9 Friendly Name", 
01074        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01075     OD( pkcs9LocalKeyID, SEC_OID_PKCS9_LOCAL_KEY_ID,
01076        "PKCS #9 Local Key ID", 
01077        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), 
01078     OD( pkcs12KeyUsageAttr, SEC_OID_PKCS12_KEY_USAGE,
01079        "PKCS 12 Key Usage", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01080     OD( dhPublicKey, SEC_OID_X942_DIFFIE_HELMAN_KEY,
01081        "Diffie-Helman Public Key", CKM_DH_PKCS_DERIVE,
01082        INVALID_CERT_EXTENSION ),
01083     OD( netscapeNickname, SEC_OID_NETSCAPE_NICKNAME,
01084        "Netscape Nickname", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01085 
01086     /* Cert Server specific OIDs */
01087     OD( netscapeRecoveryRequest, SEC_OID_NETSCAPE_RECOVERY_REQUEST,
01088         "Recovery Request OID", 
01089        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01090 
01091     OD( nsExtAIACertRenewal, SEC_OID_CERT_RENEWAL_LOCATOR,
01092         "Certificate Renewal Locator OID", CKM_INVALID_MECHANISM,
01093         INVALID_CERT_EXTENSION ), 
01094 
01095     OD( nsExtCertScopeOfUse, SEC_OID_NS_CERT_EXT_SCOPE_OF_USE,
01096         "Certificate Scope-of-Use Extension", CKM_INVALID_MECHANISM,
01097         SUPPORTED_CERT_EXTENSION ),
01098 
01099     /* CMS stuff */
01100     OD( cmsESDH, SEC_OID_CMS_EPHEMERAL_STATIC_DIFFIE_HELLMAN,
01101         "Ephemeral-Static Diffie-Hellman", CKM_INVALID_MECHANISM /* XXX */,
01102         INVALID_CERT_EXTENSION ),
01103     OD( cms3DESwrap, SEC_OID_CMS_3DES_KEY_WRAP,
01104         "CMS 3DES Key Wrap", CKM_INVALID_MECHANISM /* XXX */,
01105         INVALID_CERT_EXTENSION ),
01106     OD( cmsRC2wrap, SEC_OID_CMS_RC2_KEY_WRAP,
01107         "CMS RC2 Key Wrap", CKM_INVALID_MECHANISM /* XXX */,
01108         INVALID_CERT_EXTENSION ),
01109     OD( smimeEncryptionKeyPreference, SEC_OID_SMIME_ENCRYPTION_KEY_PREFERENCE,
01110        "S/MIME Encryption Key Preference", 
01111        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01112 
01113     /* AES algorithm OIDs */
01114     OD( aes128_ECB, SEC_OID_AES_128_ECB,
01115        "AES-128-ECB", CKM_AES_ECB, INVALID_CERT_EXTENSION ),
01116     OD( aes128_CBC, SEC_OID_AES_128_CBC,
01117        "AES-128-CBC", CKM_AES_CBC, INVALID_CERT_EXTENSION ),
01118     OD( aes192_ECB, SEC_OID_AES_192_ECB,
01119        "AES-192-ECB", CKM_AES_ECB, INVALID_CERT_EXTENSION ),
01120     OD( aes192_CBC, SEC_OID_AES_192_CBC,
01121        "AES-192-CBC", CKM_AES_CBC, INVALID_CERT_EXTENSION ),
01122     OD( aes256_ECB, SEC_OID_AES_256_ECB,
01123        "AES-256-ECB", CKM_AES_ECB, INVALID_CERT_EXTENSION ),
01124     OD( aes256_CBC, SEC_OID_AES_256_CBC,
01125        "AES-256-CBC", CKM_AES_CBC, INVALID_CERT_EXTENSION ),
01126 
01127     /* More bogus DSA OIDs */
01128     OD( sdn702DSASignature, SEC_OID_SDN702_DSA_SIGNATURE, 
01129        "SDN.702 DSA Signature", CKM_DSA_SHA1, INVALID_CERT_EXTENSION ),
01130 
01131     OD( ms_smimeEncryptionKeyPreference, 
01132         SEC_OID_MS_SMIME_ENCRYPTION_KEY_PREFERENCE,
01133        "Microsoft S/MIME Encryption Key Preference", 
01134        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01135 
01136     OD( sha256, SEC_OID_SHA256, "SHA-256", CKM_SHA256, INVALID_CERT_EXTENSION),
01137     OD( sha384, SEC_OID_SHA384, "SHA-384", CKM_SHA384, INVALID_CERT_EXTENSION),
01138     OD( sha512, SEC_OID_SHA512, "SHA-512", CKM_SHA512, INVALID_CERT_EXTENSION),
01139 
01140     OD( pkcs1SHA256WithRSAEncryption, SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION,
01141        "PKCS #1 SHA-256 With RSA Encryption", CKM_SHA256_RSA_PKCS,
01142        INVALID_CERT_EXTENSION ),
01143     OD( pkcs1SHA384WithRSAEncryption, SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION,
01144        "PKCS #1 SHA-384 With RSA Encryption", CKM_SHA384_RSA_PKCS,
01145        INVALID_CERT_EXTENSION ),
01146     OD( pkcs1SHA512WithRSAEncryption, SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION,
01147        "PKCS #1 SHA-512 With RSA Encryption", CKM_SHA512_RSA_PKCS,
01148        INVALID_CERT_EXTENSION ),
01149 
01150     OD( aes128_KEY_WRAP, SEC_OID_AES_128_KEY_WRAP,
01151        "AES-128 Key Wrap", CKM_NETSCAPE_AES_KEY_WRAP, INVALID_CERT_EXTENSION),
01152     OD( aes192_KEY_WRAP, SEC_OID_AES_192_KEY_WRAP,
01153        "AES-192 Key Wrap", CKM_NETSCAPE_AES_KEY_WRAP, INVALID_CERT_EXTENSION),
01154     OD( aes256_KEY_WRAP, SEC_OID_AES_256_KEY_WRAP,
01155        "AES-256 Key Wrap", CKM_NETSCAPE_AES_KEY_WRAP, INVALID_CERT_EXTENSION),
01156 
01157     /* Elliptic Curve Cryptography (ECC) OIDs */
01158     OD( ansix962ECPublicKey, SEC_OID_ANSIX962_EC_PUBLIC_KEY,
01159        "X9.62 elliptic curve public key", CKM_ECDH1_DERIVE,
01160        INVALID_CERT_EXTENSION ),
01161     OD( ansix962SignaturewithSHA1Digest, 
01162        SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE,
01163        "X9.62 ECDSA signature with SHA1", CKM_ECDSA_SHA1,
01164        INVALID_CERT_EXTENSION ),
01165 
01166     /* Named curves */
01167 
01168     /* ANSI X9.62 named elliptic curves (prime field) */
01169     OD( ansiX962prime192v1, SEC_OID_ANSIX962_EC_PRIME192V1,
01170        "ANSI X9.62 elliptic curve prime192v1 (aka secp192r1, NIST P-192)", 
01171        CKM_INVALID_MECHANISM,
01172        INVALID_CERT_EXTENSION ),
01173     OD( ansiX962prime192v2, SEC_OID_ANSIX962_EC_PRIME192V2,
01174        "ANSI X9.62 elliptic curve prime192v2", 
01175        CKM_INVALID_MECHANISM,
01176        INVALID_CERT_EXTENSION ),
01177     OD( ansiX962prime192v3, SEC_OID_ANSIX962_EC_PRIME192V3,
01178        "ANSI X9.62 elliptic curve prime192v3", 
01179        CKM_INVALID_MECHANISM,
01180        INVALID_CERT_EXTENSION ),
01181     OD( ansiX962prime239v1, SEC_OID_ANSIX962_EC_PRIME239V1,
01182        "ANSI X9.62 elliptic curve prime239v1", 
01183        CKM_INVALID_MECHANISM,
01184        INVALID_CERT_EXTENSION ),
01185     OD( ansiX962prime239v2, SEC_OID_ANSIX962_EC_PRIME239V2,
01186        "ANSI X9.62 elliptic curve prime239v2", 
01187        CKM_INVALID_MECHANISM,
01188        INVALID_CERT_EXTENSION ),
01189     OD( ansiX962prime239v3, SEC_OID_ANSIX962_EC_PRIME239V3,
01190        "ANSI X9.62 elliptic curve prime239v3", 
01191        CKM_INVALID_MECHANISM,
01192        INVALID_CERT_EXTENSION ),
01193     OD( ansiX962prime256v1, SEC_OID_ANSIX962_EC_PRIME256V1,
01194        "ANSI X9.62 elliptic curve prime256v1 (aka secp256r1, NIST P-256)", 
01195        CKM_INVALID_MECHANISM,
01196        INVALID_CERT_EXTENSION ),
01197 
01198     /* SECG named elliptic curves (prime field) */
01199     OD( secgECsecp112r1, SEC_OID_SECG_EC_SECP112R1,
01200        "SECG elliptic curve secp112r1", 
01201        CKM_INVALID_MECHANISM,
01202        INVALID_CERT_EXTENSION ),
01203     OD( secgECsecp112r2, SEC_OID_SECG_EC_SECP112R2,
01204        "SECG elliptic curve secp112r2", 
01205        CKM_INVALID_MECHANISM,
01206        INVALID_CERT_EXTENSION ),
01207     OD( secgECsecp128r1, SEC_OID_SECG_EC_SECP128R1,
01208        "SECG elliptic curve secp128r1", 
01209        CKM_INVALID_MECHANISM,
01210        INVALID_CERT_EXTENSION ),
01211     OD( secgECsecp128r2, SEC_OID_SECG_EC_SECP128R2,
01212        "SECG elliptic curve secp128r2", 
01213        CKM_INVALID_MECHANISM,
01214        INVALID_CERT_EXTENSION ),
01215     OD( secgECsecp160k1, SEC_OID_SECG_EC_SECP160K1,
01216        "SECG elliptic curve secp160k1", 
01217        CKM_INVALID_MECHANISM,
01218        INVALID_CERT_EXTENSION ),
01219     OD( secgECsecp160r1, SEC_OID_SECG_EC_SECP160R1,
01220        "SECG elliptic curve secp160r1", 
01221        CKM_INVALID_MECHANISM,
01222        INVALID_CERT_EXTENSION ),
01223     OD( secgECsecp160r2, SEC_OID_SECG_EC_SECP160R2,
01224        "SECG elliptic curve secp160r2", 
01225        CKM_INVALID_MECHANISM,
01226        INVALID_CERT_EXTENSION ),
01227     OD( secgECsecp192k1, SEC_OID_SECG_EC_SECP192K1,
01228        "SECG elliptic curve secp192k1", 
01229        CKM_INVALID_MECHANISM,
01230        INVALID_CERT_EXTENSION ),
01231     OD( secgECsecp224k1, SEC_OID_SECG_EC_SECP224K1,
01232        "SECG elliptic curve secp224k1", 
01233        CKM_INVALID_MECHANISM,
01234        INVALID_CERT_EXTENSION ),
01235     OD( secgECsecp224r1, SEC_OID_SECG_EC_SECP224R1,
01236        "SECG elliptic curve secp224r1 (aka NIST P-224)", 
01237        CKM_INVALID_MECHANISM,
01238        INVALID_CERT_EXTENSION ),
01239     OD( secgECsecp256k1, SEC_OID_SECG_EC_SECP256K1,
01240        "SECG elliptic curve secp256k1", 
01241        CKM_INVALID_MECHANISM,
01242        INVALID_CERT_EXTENSION ),
01243     OD( secgECsecp384r1, SEC_OID_SECG_EC_SECP384R1,
01244        "SECG elliptic curve secp384r1 (aka NIST P-384)", 
01245        CKM_INVALID_MECHANISM,
01246        INVALID_CERT_EXTENSION ),
01247     OD( secgECsecp521r1, SEC_OID_SECG_EC_SECP521R1,
01248        "SECG elliptic curve secp521r1 (aka NIST P-521)", 
01249        CKM_INVALID_MECHANISM,
01250        INVALID_CERT_EXTENSION ),
01251 
01252     /* ANSI X9.62 named elliptic curves (characteristic two field) */
01253     OD( ansiX962c2pnb163v1, SEC_OID_ANSIX962_EC_C2PNB163V1,
01254        "ANSI X9.62 elliptic curve c2pnb163v1", 
01255        CKM_INVALID_MECHANISM,
01256        INVALID_CERT_EXTENSION ),
01257     OD( ansiX962c2pnb163v2, SEC_OID_ANSIX962_EC_C2PNB163V2,
01258        "ANSI X9.62 elliptic curve c2pnb163v2", 
01259        CKM_INVALID_MECHANISM,
01260        INVALID_CERT_EXTENSION ),
01261     OD( ansiX962c2pnb163v3, SEC_OID_ANSIX962_EC_C2PNB163V3,
01262        "ANSI X9.62 elliptic curve c2pnb163v3", 
01263        CKM_INVALID_MECHANISM,
01264        INVALID_CERT_EXTENSION ),
01265     OD( ansiX962c2pnb176v1, SEC_OID_ANSIX962_EC_C2PNB176V1,
01266        "ANSI X9.62 elliptic curve c2pnb176v1", 
01267        CKM_INVALID_MECHANISM,
01268        INVALID_CERT_EXTENSION ),
01269     OD( ansiX962c2tnb191v1, SEC_OID_ANSIX962_EC_C2TNB191V1,
01270        "ANSI X9.62 elliptic curve c2tnb191v1", 
01271        CKM_INVALID_MECHANISM,
01272        INVALID_CERT_EXTENSION ),
01273     OD( ansiX962c2tnb191v2, SEC_OID_ANSIX962_EC_C2TNB191V2,
01274        "ANSI X9.62 elliptic curve c2tnb191v2", 
01275        CKM_INVALID_MECHANISM,
01276        INVALID_CERT_EXTENSION ),
01277     OD( ansiX962c2tnb191v3, SEC_OID_ANSIX962_EC_C2TNB191V3,
01278        "ANSI X9.62 elliptic curve c2tnb191v3", 
01279        CKM_INVALID_MECHANISM,
01280        INVALID_CERT_EXTENSION ),
01281     OD( ansiX962c2onb191v4, SEC_OID_ANSIX962_EC_C2ONB191V4,
01282        "ANSI X9.62 elliptic curve c2onb191v4", 
01283        CKM_INVALID_MECHANISM,
01284        INVALID_CERT_EXTENSION ),
01285     OD( ansiX962c2onb191v5, SEC_OID_ANSIX962_EC_C2ONB191V5,
01286        "ANSI X9.62 elliptic curve c2onb191v5", 
01287        CKM_INVALID_MECHANISM,
01288        INVALID_CERT_EXTENSION ),
01289     OD( ansiX962c2pnb208w1, SEC_OID_ANSIX962_EC_C2PNB208W1,
01290        "ANSI X9.62 elliptic curve c2pnb208w1", 
01291        CKM_INVALID_MECHANISM,
01292        INVALID_CERT_EXTENSION ),
01293     OD( ansiX962c2tnb239v1, SEC_OID_ANSIX962_EC_C2TNB239V1,
01294        "ANSI X9.62 elliptic curve c2tnb239v1", 
01295        CKM_INVALID_MECHANISM,
01296        INVALID_CERT_EXTENSION ),
01297     OD( ansiX962c2tnb239v2, SEC_OID_ANSIX962_EC_C2TNB239V2,
01298        "ANSI X9.62 elliptic curve c2tnb239v2", 
01299        CKM_INVALID_MECHANISM,
01300        INVALID_CERT_EXTENSION ),
01301     OD( ansiX962c2tnb239v3, SEC_OID_ANSIX962_EC_C2TNB239V3,
01302        "ANSI X9.62 elliptic curve c2tnb239v3", 
01303        CKM_INVALID_MECHANISM,
01304        INVALID_CERT_EXTENSION ),
01305     OD( ansiX962c2onb239v4, SEC_OID_ANSIX962_EC_C2ONB239V4,
01306        "ANSI X9.62 elliptic curve c2onb239v4", 
01307        CKM_INVALID_MECHANISM,
01308        INVALID_CERT_EXTENSION ),
01309     OD( ansiX962c2onb239v5, SEC_OID_ANSIX962_EC_C2ONB239V5,
01310        "ANSI X9.62 elliptic curve c2onb239v5", 
01311        CKM_INVALID_MECHANISM,
01312        INVALID_CERT_EXTENSION ),
01313     OD( ansiX962c2pnb272w1, SEC_OID_ANSIX962_EC_C2PNB272W1,
01314        "ANSI X9.62 elliptic curve c2pnb272w1", 
01315        CKM_INVALID_MECHANISM,
01316        INVALID_CERT_EXTENSION ),
01317     OD( ansiX962c2pnb304w1, SEC_OID_ANSIX962_EC_C2PNB304W1,
01318        "ANSI X9.62 elliptic curve c2pnb304w1", 
01319        CKM_INVALID_MECHANISM,
01320        INVALID_CERT_EXTENSION ),
01321     OD( ansiX962c2tnb359v1, SEC_OID_ANSIX962_EC_C2TNB359V1,
01322        "ANSI X9.62 elliptic curve c2tnb359v1", 
01323        CKM_INVALID_MECHANISM,
01324        INVALID_CERT_EXTENSION ),
01325     OD( ansiX962c2pnb368w1, SEC_OID_ANSIX962_EC_C2PNB368W1,
01326        "ANSI X9.62 elliptic curve c2pnb368w1", 
01327        CKM_INVALID_MECHANISM,
01328        INVALID_CERT_EXTENSION ),
01329     OD( ansiX962c2tnb431r1, SEC_OID_ANSIX962_EC_C2TNB431R1,
01330        "ANSI X9.62 elliptic curve c2tnb431r1", 
01331        CKM_INVALID_MECHANISM,
01332        INVALID_CERT_EXTENSION ),
01333 
01334     /* SECG named elliptic curves (characterisitic two field) */
01335     OD( secgECsect113r1, SEC_OID_SECG_EC_SECT113R1,
01336        "SECG elliptic curve sect113r1", 
01337        CKM_INVALID_MECHANISM,
01338        INVALID_CERT_EXTENSION ),
01339     OD( secgECsect113r2, SEC_OID_SECG_EC_SECT113R2,
01340        "SECG elliptic curve sect113r2", 
01341        CKM_INVALID_MECHANISM,
01342        INVALID_CERT_EXTENSION ),
01343     OD( secgECsect131r1, SEC_OID_SECG_EC_SECT131R1,
01344        "SECG elliptic curve sect131r1", 
01345        CKM_INVALID_MECHANISM,
01346        INVALID_CERT_EXTENSION ),
01347     OD( secgECsect131r2, SEC_OID_SECG_EC_SECT131R2,
01348        "SECG elliptic curve sect131r2", 
01349        CKM_INVALID_MECHANISM,
01350        INVALID_CERT_EXTENSION ),
01351     OD( secgECsect163k1, SEC_OID_SECG_EC_SECT163K1,
01352        "SECG elliptic curve sect163k1 (aka NIST K-163)", 
01353        CKM_INVALID_MECHANISM,
01354        INVALID_CERT_EXTENSION ),
01355     OD( secgECsect163r1, SEC_OID_SECG_EC_SECT163R1,
01356        "SECG elliptic curve sect163r1", 
01357        CKM_INVALID_MECHANISM,
01358        INVALID_CERT_EXTENSION ),
01359     OD( secgECsect163r2, SEC_OID_SECG_EC_SECT163R2,
01360        "SECG elliptic curve sect163r2 (aka NIST B-163)", 
01361        CKM_INVALID_MECHANISM,
01362        INVALID_CERT_EXTENSION ),
01363     OD( secgECsect193r1, SEC_OID_SECG_EC_SECT193R1,
01364        "SECG elliptic curve sect193r1", 
01365        CKM_INVALID_MECHANISM,
01366        INVALID_CERT_EXTENSION ),
01367     OD( secgECsect193r2, SEC_OID_SECG_EC_SECT193R2,
01368        "SECG elliptic curve sect193r2", 
01369        CKM_INVALID_MECHANISM,
01370        INVALID_CERT_EXTENSION ),
01371     OD( secgECsect233k1, SEC_OID_SECG_EC_SECT233K1,
01372        "SECG elliptic curve sect233k1 (aka NIST K-233)", 
01373        CKM_INVALID_MECHANISM,
01374        INVALID_CERT_EXTENSION ),
01375     OD( secgECsect233r1, SEC_OID_SECG_EC_SECT233R1,
01376        "SECG elliptic curve sect233r1 (aka NIST B-233)", 
01377        CKM_INVALID_MECHANISM,
01378        INVALID_CERT_EXTENSION ),
01379     OD( secgECsect239k1, SEC_OID_SECG_EC_SECT239K1,
01380        "SECG elliptic curve sect239k1", 
01381        CKM_INVALID_MECHANISM,
01382        INVALID_CERT_EXTENSION ),
01383     OD( secgECsect283k1, SEC_OID_SECG_EC_SECT283K1,
01384        "SECG elliptic curve sect283k1 (aka NIST K-283)", 
01385        CKM_INVALID_MECHANISM,
01386        INVALID_CERT_EXTENSION ),
01387     OD( secgECsect283r1, SEC_OID_SECG_EC_SECT283R1,
01388        "SECG elliptic curve sect283r1 (aka NIST B-283)", 
01389        CKM_INVALID_MECHANISM,
01390        INVALID_CERT_EXTENSION ),
01391     OD( secgECsect409k1, SEC_OID_SECG_EC_SECT409K1,
01392        "SECG elliptic curve sect409k1 (aka NIST K-409)", 
01393        CKM_INVALID_MECHANISM,
01394        INVALID_CERT_EXTENSION ),
01395     OD( secgECsect409r1, SEC_OID_SECG_EC_SECT409R1,
01396        "SECG elliptic curve sect409r1 (aka NIST B-409)", 
01397        CKM_INVALID_MECHANISM,
01398        INVALID_CERT_EXTENSION ),
01399     OD( secgECsect571k1, SEC_OID_SECG_EC_SECT571K1,
01400        "SECG elliptic curve sect571k1 (aka NIST K-571)", 
01401        CKM_INVALID_MECHANISM,
01402        INVALID_CERT_EXTENSION ),
01403     OD( secgECsect571r1, SEC_OID_SECG_EC_SECT571R1,
01404        "SECG elliptic curve sect571r1 (aka NIST B-571)", 
01405        CKM_INVALID_MECHANISM,
01406        INVALID_CERT_EXTENSION ),
01407 
01408     OD( netscapeAOLScreenname, SEC_OID_NETSCAPE_AOLSCREENNAME,
01409        "AOL Screenname", CKM_INVALID_MECHANISM,
01410        INVALID_CERT_EXTENSION ),
01411 
01412     OD( x520SurName, SEC_OID_AVA_SURNAME,
01413        "X520 Title",         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01414     OD( x520SerialNumber, SEC_OID_AVA_SERIAL_NUMBER,
01415         "X520 Serial Number", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01416     OD( x520StreetAddress, SEC_OID_AVA_STREET_ADDRESS,
01417         "X520 Street Address", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01418     OD( x520Title, SEC_OID_AVA_TITLE, 
01419        "X520 Title",         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01420     OD( x520PostalAddress, SEC_OID_AVA_POSTAL_ADDRESS,
01421        "X520 Postal Address", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01422     OD( x520PostalCode, SEC_OID_AVA_POSTAL_CODE,
01423        "X520 Postal Code",   CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01424     OD( x520PostOfficeBox, SEC_OID_AVA_POST_OFFICE_BOX,
01425        "X520 Post Office Box", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01426     OD( x520GivenName, SEC_OID_AVA_GIVEN_NAME,
01427        "X520 Given Name",    CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01428     OD( x520Initials, SEC_OID_AVA_INITIALS,
01429        "X520 Initials",      CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01430     OD( x520GenerationQualifier, SEC_OID_AVA_GENERATION_QUALIFIER,
01431        "X520 Generation Qualifier", 
01432        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01433     OD( x520HouseIdentifier, SEC_OID_AVA_HOUSE_IDENTIFIER,
01434        "X520 House Identifier", 
01435        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01436     OD( x520Pseudonym, SEC_OID_AVA_PSEUDONYM,
01437        "X520 Pseudonym",     CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01438 
01439     /* More OIDs */
01440     OD( pkixCAIssuers, SEC_OID_PKIX_CA_ISSUERS,
01441         "PKIX CA issuers access method", 
01442         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01443     OD( pkcs9ExtensionRequest, SEC_OID_PKCS9_EXTENSION_REQUEST,
01444        "PKCS #9 Extension Request",
01445         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01446 
01447     /* more ECC Signature Oids */
01448     OD( ansix962SignatureRecommended,
01449        SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST,
01450        "X9.62 ECDSA signature with recommended digest", CKM_INVALID_MECHANISM,
01451        INVALID_CERT_EXTENSION ),
01452     OD( ansix962SignatureSpecified,
01453        SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST,
01454        "X9.62 ECDSA signature with specified digest", CKM_ECDSA,
01455        INVALID_CERT_EXTENSION ),
01456     OD( ansix962SignaturewithSHA224Digest,
01457        SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE,
01458        "X9.62 ECDSA signature with SHA224", CKM_INVALID_MECHANISM,
01459        INVALID_CERT_EXTENSION ),
01460     OD( ansix962SignaturewithSHA256Digest,
01461        SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE,
01462        "X9.62 ECDSA signature with SHA256", CKM_INVALID_MECHANISM,
01463        INVALID_CERT_EXTENSION ),
01464     OD( ansix962SignaturewithSHA384Digest,
01465        SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE,
01466        "X9.62 ECDSA signature with SHA384", CKM_INVALID_MECHANISM,
01467        INVALID_CERT_EXTENSION ),
01468     OD( ansix962SignaturewithSHA512Digest,
01469        SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE,
01470        "X9.62 ECDSA signature with SHA512", CKM_INVALID_MECHANISM,
01471        INVALID_CERT_EXTENSION ),
01472 };
01473 
01474 /*
01475  * now the dynamic table. The dynamic table gets build at init time.
01476  * and conceivably gets modified if the user loads new crypto modules.
01477  * All this static data, and the allocated data to which it points,
01478  * is protected by a global reader/writer lock.  
01479  * The c language guarantees that global and static data that is not 
01480  * explicitly initialized will be initialized with zeros.  If we 
01481  * initialize it with zeros, the data goes into the initialized data
01482  * secment, and increases the size of the library.  By leaving it 
01483  * uninitialized, it is allocated in BSS, and does NOT increase the 
01484  * library size. 
01485  */
01486 static NSSRWLock   * dynOidLock;
01487 static PLArenaPool * dynOidPool;
01488 static PLHashTable * dynOidHash;
01489 static SECOidData ** dynOidTable;  /* not in the pool */
01490 static int           dynOidEntriesAllocated;
01491 static int           dynOidEntriesUsed;
01492 
01493 /* Creates NSSRWLock and dynOidPool, if they don't exist.
01494 ** This function MIGHT create the lock, but not the pool, so
01495 ** code should test for dynOidPool, not dynOidLock, when deciding
01496 ** whether or not to call this function.
01497 */
01498 static SECStatus
01499 secoid_InitDynOidData(void)
01500 {
01501     SECStatus   rv = SECSuccess;
01502     NSSRWLock * lock;
01503 
01504     /* This function will create the lock if it doesn't exist,
01505     ** and will return the address of the lock, whether it was 
01506     ** previously created, or was created by the function.
01507     */
01508     lock = nssRWLock_AtomicCreate(&dynOidLock, 1, "dynamic OID data");
01509     if (!lock) {
01510        return SECFailure; /* Error code should already be set. */
01511     }
01512     PORT_Assert(lock == dynOidLock);
01513     NSSRWLock_LockWrite(lock);
01514     if (!dynOidPool) {
01515        dynOidPool = PORT_NewArena(2048);
01516        if (!dynOidPool) {
01517            rv = SECFailure /* Error code should already be set. */;
01518        }
01519     }
01520     NSSRWLock_UnlockWrite(lock);
01521     return rv;
01522 }
01523 
01524 /* Add oidData to hash table.  Caller holds write lock dynOidLock. */
01525 static SECStatus
01526 secoid_HashDynamicOiddata(const SECOidData * oid)
01527 {
01528     PLHashEntry *entry;
01529 
01530     if (!dynOidHash) {
01531         dynOidHash = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare,
01532                      PL_CompareValues, NULL, NULL);
01533        if ( !dynOidHash ) {
01534            return SECFailure;
01535        }
01536     }
01537 
01538     entry = PL_HashTableAdd( dynOidHash, &oid->oid, (void *)oid );
01539     return entry ? SECSuccess : SECFailure;
01540 }
01541 
01542 
01543 /*
01544  * Lookup a Dynamic OID. Dynamic OID's still change slowly, so it's
01545  * cheaper to rehash the table when it changes than it is to do the loop
01546  * each time. 
01547  */
01548 static SECOidData *
01549 secoid_FindDynamic(const SECItem *key) 
01550 {
01551     SECOidData *ret = NULL;
01552 
01553     if (dynOidHash) {
01554        NSSRWLock_LockRead(dynOidLock);
01555        if (dynOidHash) { /* must check it again with lock held. */
01556            ret = (SECOidData *)PL_HashTableLookup(dynOidHash, key);
01557        }
01558        NSSRWLock_UnlockRead(dynOidLock);
01559     }
01560     if (ret == NULL) {
01561        PORT_SetError(SEC_ERROR_UNRECOGNIZED_OID);
01562     }
01563     return ret;
01564 }
01565 
01566 static SECOidData *
01567 secoid_FindDynamicByTag(SECOidTag tagnum)
01568 {
01569     SECOidData *data = NULL;
01570     int tagNumDiff;
01571 
01572     if (tagnum < SEC_OID_TOTAL) {
01573        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
01574        return NULL;
01575     }
01576     tagNumDiff = tagnum - SEC_OID_TOTAL;
01577 
01578     if (dynOidTable) {
01579        NSSRWLock_LockRead(dynOidLock);
01580        if (dynOidTable != NULL && /* must check it again with lock held. */
01581            tagNumDiff < dynOidEntriesUsed) {
01582            data = dynOidTable[tagNumDiff];
01583        }
01584        NSSRWLock_UnlockRead(dynOidLock);
01585     }
01586     if (data == NULL) {
01587        PORT_SetError(SEC_ERROR_UNRECOGNIZED_OID);
01588     }
01589     return data;
01590 }
01591 
01592 /*
01593  * This routine is thread safe now.
01594  */
01595 SECOidTag
01596 SECOID_AddEntry(const SECOidData * src)
01597 {
01598     SECOidData * dst;
01599     SECOidData **table;
01600     SECOidTag    ret         = SEC_OID_UNKNOWN;
01601     SECStatus    rv;
01602     int          tableEntries;
01603     int          used;
01604 
01605     if (!src || !src->oid.data || !src->oid.len || \
01606         !src->desc || !strlen(src->desc)) {
01607        PORT_SetError(SEC_ERROR_INVALID_ARGS);
01608        return ret;
01609     }
01610     if (src->supportedExtension != INVALID_CERT_EXTENSION     &&
01611        src->supportedExtension != UNSUPPORTED_CERT_EXTENSION &&
01612        src->supportedExtension != SUPPORTED_CERT_EXTENSION     ) {
01613        PORT_SetError(SEC_ERROR_INVALID_ARGS);
01614        return ret;
01615     }
01616 
01617     if (!dynOidPool && secoid_InitDynOidData() != SECSuccess) {
01618        /* Caller has set error code. */
01619        return ret;
01620     }
01621 
01622     NSSRWLock_LockWrite(dynOidLock);
01623 
01624     /* We've just acquired the write lock, and now we call FindOIDTag
01625     ** which will acquire and release the read lock.  NSSRWLock has been
01626     ** designed to allow this very case without deadlock.  This approach 
01627     ** makes the test for the presence of the OID, and the subsequent 
01628     ** addition of the OID to the table a single atomic write operation.
01629     */
01630     ret = SECOID_FindOIDTag(&src->oid);
01631     if (ret != SEC_OID_UNKNOWN) {
01632        /* we could return an error here, but I chose not to do that.
01633        ** This way, if we add an OID to the shared library's built in
01634        ** list of OIDs in some future release, and that OID is the same
01635        ** as some OID that a program has been adding, the program will
01636        ** not suddenly stop working.
01637        */
01638        goto done;
01639     }
01640 
01641     table        = dynOidTable;
01642     tableEntries = dynOidEntriesAllocated;
01643     used         = dynOidEntriesUsed;
01644 
01645     if (used + 1 > tableEntries) {
01646        SECOidData **newTable;
01647        int          newTableEntries = tableEntries + 16;
01648 
01649        newTable = (SECOidData **)PORT_Realloc(table, 
01650                                    newTableEntries * sizeof(SECOidData *));
01651        if (newTable == NULL) {
01652            goto done;
01653        }
01654        dynOidTable            = table        = newTable;
01655        dynOidEntriesAllocated = tableEntries = newTableEntries;
01656     }
01657 
01658     /* copy oid structure */
01659     dst = PORT_ArenaNew(dynOidPool, SECOidData);
01660     if (!dst) {
01661        goto done;
01662     }
01663     rv  = SECITEM_CopyItem(dynOidPool, &dst->oid, &src->oid);
01664     if (rv != SECSuccess) {
01665        goto done;
01666     }
01667     dst->desc = PORT_ArenaStrdup(dynOidPool, src->desc);
01668     if (!dst->desc) {
01669        goto done;
01670     }
01671     dst->offset             = (SECOidTag)(used + SEC_OID_TOTAL);
01672     dst->mechanism          = src->mechanism;
01673     dst->supportedExtension = src->supportedExtension;
01674 
01675     rv = secoid_HashDynamicOiddata(dst);
01676     if ( rv == SECSuccess ) {
01677        table[used++] = dst;
01678        dynOidEntriesUsed = used;
01679        ret = dst->offset;
01680     }
01681 done:
01682     NSSRWLock_UnlockWrite(dynOidLock);
01683     return ret;
01684 }
01685 
01686 
01687 /* normal static table processing */
01688 static PLHashTable *oidhash     = NULL;
01689 static PLHashTable *oidmechhash = NULL;
01690 
01691 static PLHashNumber
01692 secoid_HashNumber(const void *key)
01693 {
01694     return (PLHashNumber) key;
01695 }
01696 
01697 
01698 SECStatus
01699 secoid_Init(void)
01700 {
01701     PLHashEntry *entry;
01702     const SECOidData *oid;
01703     int i;
01704 
01705     if (!dynOidPool && secoid_InitDynOidData() != SECSuccess) {
01706        return SECFailure;
01707     }
01708 
01709     if (oidhash) {
01710        return SECSuccess;
01711     }
01712     
01713     oidhash = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare,
01714                      PL_CompareValues, NULL, NULL);
01715     oidmechhash = PL_NewHashTable(0, secoid_HashNumber, PL_CompareValues,
01716                      PL_CompareValues, NULL, NULL);
01717 
01718     if ( !oidhash || !oidmechhash) {
01719        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
01720        PORT_Assert(0); /*This function should never fail. */
01721        return(SECFailure);
01722     }
01723 
01724     for ( i = 0; i < ( sizeof(oids) / sizeof(SECOidData) ); i++ ) {
01725        oid = &oids[i];
01726 
01727        PORT_Assert ( oid->offset == i );
01728 
01729        entry = PL_HashTableAdd( oidhash, &oid->oid, (void *)oid );
01730        if ( entry == NULL ) {
01731            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
01732             PORT_Assert(0); /*This function should never fail. */
01733            return(SECFailure);
01734        }
01735 
01736        if ( oid->mechanism != CKM_INVALID_MECHANISM ) {
01737            entry = PL_HashTableAdd( oidmechhash, 
01738                                    (void *)oid->mechanism, (void *)oid );
01739            if ( entry == NULL ) {
01740                PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
01741                 PORT_Assert(0); /* This function should never fail. */
01742               return(SECFailure);
01743            }
01744        }
01745     }
01746 
01747     PORT_Assert (i == SEC_OID_TOTAL);
01748 
01749     return(SECSuccess);
01750 }
01751 
01752 SECOidData *
01753 SECOID_FindOIDByMechanism(unsigned long mechanism)
01754 {
01755     SECOidData *ret;
01756 
01757     PR_ASSERT(oidhash != NULL);
01758 
01759     ret = PL_HashTableLookupConst ( oidmechhash, (void *)mechanism);
01760     if ( ret == NULL ) {
01761         PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
01762     }
01763 
01764     return (ret);
01765 }
01766 
01767 SECOidData *
01768 SECOID_FindOID(const SECItem *oid)
01769 {
01770     SECOidData *ret;
01771 
01772     PR_ASSERT(oidhash != NULL);
01773     
01774     ret = PL_HashTableLookupConst ( oidhash, oid );
01775     if ( ret == NULL ) {
01776        ret  = secoid_FindDynamic(oid);
01777        if (ret == NULL) {
01778            PORT_SetError(SEC_ERROR_UNRECOGNIZED_OID);
01779        }
01780     }
01781 
01782     return(ret);
01783 }
01784 
01785 SECOidTag
01786 SECOID_FindOIDTag(const SECItem *oid)
01787 {
01788     SECOidData *oiddata;
01789 
01790     oiddata = SECOID_FindOID (oid);
01791     if (oiddata == NULL)
01792        return SEC_OID_UNKNOWN;
01793 
01794     return oiddata->offset;
01795 }
01796 
01797 /* This really should return const. */
01798 SECOidData *
01799 SECOID_FindOIDByTag(SECOidTag tagnum)
01800 {
01801 
01802     if (tagnum >= SEC_OID_TOTAL) {
01803        return secoid_FindDynamicByTag(tagnum);
01804     }
01805 
01806     PORT_Assert((unsigned int)tagnum < (sizeof(oids) / sizeof(SECOidData)));
01807     return (SECOidData *)(&oids[tagnum]);
01808 }
01809 
01810 PRBool SECOID_KnownCertExtenOID (SECItem *extenOid)
01811 {
01812     SECOidData * oidData;
01813 
01814     oidData = SECOID_FindOID (extenOid);
01815     if (oidData == (SECOidData *)NULL)
01816        return (PR_FALSE);
01817     return ((oidData->supportedExtension == SUPPORTED_CERT_EXTENSION) ?
01818             PR_TRUE : PR_FALSE);
01819 }
01820 
01821 
01822 const char *
01823 SECOID_FindOIDTagDescription(SECOidTag tagnum)
01824 {
01825   const SECOidData *oidData = SECOID_FindOIDByTag(tagnum);
01826   return oidData ? oidData->desc : 0;
01827 }
01828 
01829 /*
01830  * free up the oid tables.
01831  */
01832 SECStatus
01833 SECOID_Shutdown(void)
01834 {
01835     if (oidhash) {
01836        PL_HashTableDestroy(oidhash);
01837        oidhash = NULL;
01838     }
01839     if (oidmechhash) {
01840        PL_HashTableDestroy(oidmechhash);
01841        oidmechhash = NULL;
01842     }
01843     /* Have to handle the case where the lock was created, but
01844     ** the pool wasn't. 
01845     ** I'm not going to attempt to create the lock, just to protect
01846     ** the destruction of data the probably isn't inisialized anyway.
01847     */
01848     if (dynOidLock) {
01849        NSSRWLock_LockWrite(dynOidLock);
01850        if (dynOidHash) {
01851            PL_HashTableDestroy(dynOidHash);
01852            dynOidHash = NULL;
01853        }
01854        if (dynOidPool) {
01855            PORT_FreeArena(dynOidPool, PR_FALSE);
01856            dynOidPool = NULL;
01857        }
01858        if (dynOidTable) {
01859            PORT_Free(dynOidTable);
01860            dynOidTable = NULL;
01861        }
01862        dynOidEntriesAllocated = 0;
01863        dynOidEntriesUsed = 0;
01864 
01865        NSSRWLock_UnlockWrite(dynOidLock);
01866        NSSRWLock_Destroy(dynOidLock);
01867        dynOidLock = NULL;
01868     } else {
01869        /* Since dynOidLock doesn't exist, then all the data it protects
01870        ** should be uninitialized.  We'll check that (in DEBUG builds),
01871        ** and then make sure it is so, in case NSS is reinitialized.
01872        */
01873        PORT_Assert(!dynOidHash && !dynOidPool && !dynOidTable && \
01874                    !dynOidEntriesAllocated && !dynOidEntriesUsed);
01875        dynOidHash = NULL;
01876        dynOidPool = NULL;
01877        dynOidTable = NULL;
01878        dynOidEntriesAllocated = 0;
01879        dynOidEntriesUsed = 0;
01880     }
01881     return SECSuccess;
01882 }