Back to index

lightning-sunbird  0.9+nobinonly
secoid.c
Go to the documentation of this file.
00001 /* ***** BEGIN LICENSE BLOCK *****
00002  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
00003  *
00004  * The contents of this file are subject to the Mozilla Public License Version
00005  * 1.1 (the "License"); you may not use this file except in compliance with
00006  * the License. You may obtain a copy of the License at
00007  * http://www.mozilla.org/MPL/
00008  *
00009  * Software distributed under the License is distributed on an "AS IS" basis,
00010  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
00011  * for the specific language governing rights and limitations under the
00012  * License.
00013  *
00014  * The Original Code is the Netscape security libraries.
00015  *
00016  * The Initial Developer of the Original Code is
00017  * Netscape Communications Corporation.
00018  * Portions created by the Initial Developer are Copyright (C) 1994-2000
00019  * the Initial Developer. All Rights Reserved.
00020  *
00021  * Contributor(s):
00022  *   Dr Vipul Gupta <vipul.gupta@sun.com>, Sun Microsystems Laboratories
00023  *
00024  * Alternatively, the contents of this file may be used under the terms of
00025  * either the GNU General Public License Version 2 or later (the "GPL"), or
00026  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
00027  * in which case the provisions of the GPL or the LGPL are applicable instead
00028  * of those above. If you wish to allow use of your version of this file only
00029  * under the terms of either the GPL or the LGPL, and not to allow others to
00030  * use your version of this file under the terms of the MPL, indicate your
00031  * decision by deleting the provisions above and replace them with the notice
00032  * and other provisions required by the GPL or the LGPL. If you do not delete
00033  * the provisions above, a recipient may use your version of this file under
00034  * the terms of any one of the MPL, the GPL or the LGPL.
00035  *
00036  * ***** END LICENSE BLOCK ***** */
00037 
00038 #include "secoid.h"
00039 #include "pkcs11t.h"
00040 #include "secmodt.h"
00041 #include "secitem.h"
00042 #include "secerr.h"
00043 #include "plhash.h"
00044 #include "nssrwlk.h"
00045 
00046 /* MISSI Mosaic Object ID space */
00047 #define USGOV                   0x60, 0x86, 0x48, 0x01, 0x65
00048 #define MISSI                 USGOV, 0x02, 0x01, 0x01
00049 #define MISSI_OLD_KEA_DSS   MISSI, 0x0c
00050 #define MISSI_OLD_DSS              MISSI, 0x02
00051 #define MISSI_KEA_DSS              MISSI, 0x14
00052 #define MISSI_DSS           MISSI, 0x13
00053 #define MISSI_KEA               MISSI, 0x0a
00054 #define MISSI_ALT_KEA           MISSI, 0x16
00055 
00056 #define NISTALGS    USGOV, 3, 4
00057 #define AES         NISTALGS, 1
00058 #define SHAXXX      NISTALGS, 2
00059 
00065 /* Netscape Communications Corporation Object ID space */
00066 /* { 2 16 840 1 113730 } */
00067 #define NETSCAPE_OID           0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42
00068 #define NETSCAPE_CERT_EXT     NETSCAPE_OID, 0x01
00069 #define NETSCAPE_DATA_TYPE    NETSCAPE_OID, 0x02
00070 /* netscape directory oid - owned by Mark Smith (mcs@netscape.com) */
00071 #define NETSCAPE_DIRECTORY    NETSCAPE_OID, 0x03
00072 #define NETSCAPE_POLICY       NETSCAPE_OID, 0x04
00073 #define NETSCAPE_CERT_SERVER         NETSCAPE_OID, 0x05
00074 #define NETSCAPE_ALGS                NETSCAPE_OID, 0x06 /* algorithm OIDs */
00075 #define NETSCAPE_NAME_COMPONENTS  NETSCAPE_OID, 0x07
00076 
00077 #define NETSCAPE_CERT_EXT_AIA     NETSCAPE_CERT_EXT, 0x10
00078 #define NETSCAPE_CERT_SERVER_CRMF NETSCAPE_CERT_SERVER, 0x01
00079 
00080 /* these are old and should go away soon */
00081 #define OLD_NETSCAPE        0x60, 0x86, 0x48, 0xd8, 0x6a
00082 #define NS_CERT_EXT         OLD_NETSCAPE, 0x01
00083 #define NS_FILE_TYPE        OLD_NETSCAPE, 0x02
00084 #define NS_IMAGE_TYPE              OLD_NETSCAPE, 0x03
00085 
00086 /* RSA OID name space */
00087 #define RSADSI                     0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d
00088 #define PKCS                RSADSI, 0x01
00089 #define DIGEST                     RSADSI, 0x02
00090 #define CIPHER                     RSADSI, 0x03
00091 #define PKCS1               PKCS, 0x01
00092 #define PKCS5               PKCS, 0x05
00093 #define PKCS7               PKCS, 0x07
00094 #define PKCS9               PKCS, 0x09
00095 #define PKCS12                     PKCS, 0x0c
00096 
00097 /* Fortezza algorithm OID space: { 2 16 840 1 101 2 1 1 } */
00098 /* ### mwelch -- Is this just for algorithms, or all of Fortezza? */
00099 #define FORTEZZA_ALG 0x60, 0x86, 0x48, 0x01, 0x65, 0x02, 0x01, 0x01
00100 
00101 /* Other OID name spaces */
00102 #define ALGORITHM           0x2b, 0x0e, 0x03, 0x02
00103 #define X500                0x55
00104 #define X520_ATTRIBUTE_TYPE X500, 0x04
00105 #define X500_ALG            X500, 0x08
00106 #define X500_ALG_ENCRYPTION X500_ALG, 0x01
00107 
00111 #define       ID_CE_OID            X500, 0x1d
00112 
00113 #define RFC1274_ATTR_TYPE  0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x1
00114 /* #define RFC2247_ATTR_TYPE  0x09, 0x92, 0x26, 0xf5, 0x98, 0x1e, 0x64, 0x1 this is WRONG! */
00115 
00116 /* PKCS #12 name spaces */
00117 #define PKCS12_MODE_IDS            PKCS12, 0x01
00118 #define PKCS12_ESPVK_IDS    PKCS12, 0x02
00119 #define PKCS12_BAG_IDS             PKCS12, 0x03
00120 #define PKCS12_CERT_BAG_IDS PKCS12, 0x04
00121 #define PKCS12_OIDS         PKCS12, 0x05
00122 #define PKCS12_PBE_IDS             PKCS12_OIDS, 0x01
00123 #define PKCS12_ENVELOPING_IDS      PKCS12_OIDS, 0x02
00124 #define PKCS12_SIGNATURE_IDS       PKCS12_OIDS, 0x03
00125 #define PKCS12_V2_PBE_IDS   PKCS12, 0x01
00126 #define PKCS9_CERT_TYPES    PKCS9, 0x16
00127 #define PKCS9_CRL_TYPES            PKCS9, 0x17
00128 #define PKCS9_SMIME_IDS            PKCS9, 0x10
00129 #define PKCS9_SMIME_ATTRS   PKCS9_SMIME_IDS, 2
00130 #define PKCS9_SMIME_ALGS    PKCS9_SMIME_IDS, 3
00131 #define PKCS12_VERSION1            PKCS12, 0x0a
00132 #define PKCS12_V1_BAG_IDS   PKCS12_VERSION1, 1
00133 
00134 /* for DSA algorithm */
00135 /* { iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) } */
00136 #define ANSI_X9_ALGORITHM  0x2a, 0x86, 0x48, 0xce, 0x38, 0x4
00137 
00138 /* for DH algorithm */
00139 /* { iso(1) member-body(2) us(840) x9-57(10046) number-type(2) } */
00140 /* need real OID person to look at this, copied the above line
00141  * and added 6 to second to last value (and changed '4' to '2' */
00142 #define ANSI_X942_ALGORITHM  0x2a, 0x86, 0x48, 0xce, 0x3e, 0x2
00143 
00144 #define VERISIGN 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45
00145 
00146 #define PKIX                0x2b, 0x06, 0x01, 0x05, 0x05, 0x07
00147 #define PKIX_CERT_EXTENSIONS    PKIX, 1
00148 #define PKIX_POLICY_QUALIFIERS  PKIX, 2
00149 #define PKIX_KEY_USAGE             PKIX, 3
00150 #define PKIX_ACCESS_DESCRIPTION PKIX, 0x30
00151 #define PKIX_OCSP           PKIX_ACCESS_DESCRIPTION, 1
00152 #define PKIX_CA_ISSUERS            PKIX_ACCESS_DESCRIPTION, 2
00153 
00154 #define PKIX_ID_PKIP        PKIX, 5
00155 #define PKIX_ID_REGCTRL     PKIX_ID_PKIP, 1 
00156 #define PKIX_ID_REGINFO     PKIX_ID_PKIP, 2
00157 
00158 /* Microsoft Object ID space */
00159 /* { 1.3.6.1.4.1.311 } */
00160 #define MICROSOFT_OID 0x2b, 0x6, 0x1, 0x4, 0x1, 0x82, 0x37
00161 
00162 #define CERTICOM_OID            0x2b, 0x81, 0x04
00163 #define SECG_OID                CERTICOM_OID, 0x00
00164 
00165 #define ANSI_X962_OID           0x2a, 0x86, 0x48, 0xce, 0x3d
00166 #define ANSI_X962_CURVE_OID     ANSI_X962_OID, 0x03
00167 #define ANSI_X962_GF2m_OID      ANSI_X962_CURVE_OID, 0x00
00168 #define ANSI_X962_GFp_OID       ANSI_X962_CURVE_OID, 0x01
00169 #define ANSI_X962_SIGNATURE_OID ANSI_X962_OID, 0x04
00170 #define ANSI_X962_SPECIFY_OID   ANSI_X962_SIGNATURE_OID, 0x03
00171 
00172 #define CONST_OID static const unsigned char
00173 
00174 CONST_OID md2[]                                  = { DIGEST, 0x02 };
00175 CONST_OID md4[]                                  = { DIGEST, 0x04 };
00176 CONST_OID md5[]                                  = { DIGEST, 0x05 };
00177 
00178 CONST_OID rc2cbc[]                               = { CIPHER, 0x02 };
00179 CONST_OID rc4[]                                  = { CIPHER, 0x04 };
00180 CONST_OID desede3cbc[]                           = { CIPHER, 0x07 };
00181 CONST_OID rc5cbcpad[]                            = { CIPHER, 0x09 };
00182 
00183 CONST_OID desecb[]                           = { ALGORITHM, 0x06 };
00184 CONST_OID descbc[]                           = { ALGORITHM, 0x07 };
00185 CONST_OID desofb[]                           = { ALGORITHM, 0x08 };
00186 CONST_OID descfb[]                           = { ALGORITHM, 0x09 };
00187 CONST_OID desmac[]                           = { ALGORITHM, 0x0a };
00188 CONST_OID sdn702DSASignature[]               = { ALGORITHM, 0x0c };
00189 CONST_OID isoSHAWithRSASignature[]           = { ALGORITHM, 0x0f };
00190 CONST_OID desede[]                           = { ALGORITHM, 0x11 };
00191 CONST_OID sha1[]                             = { ALGORITHM, 0x1a };
00192 CONST_OID bogusDSASignaturewithSHA1Digest[]  = { ALGORITHM, 0x1b };
00193 
00194 CONST_OID pkcs1RSAEncryption[]                   = { PKCS1, 0x01 };
00195 CONST_OID pkcs1MD2WithRSAEncryption[]            = { PKCS1, 0x02 };
00196 CONST_OID pkcs1MD4WithRSAEncryption[]            = { PKCS1, 0x03 };
00197 CONST_OID pkcs1MD5WithRSAEncryption[]            = { PKCS1, 0x04 };
00198 CONST_OID pkcs1SHA1WithRSAEncryption[]           = { PKCS1, 0x05 };
00199 CONST_OID pkcs1SHA256WithRSAEncryption[]  = { PKCS1, 11 };
00200 CONST_OID pkcs1SHA384WithRSAEncryption[]  = { PKCS1, 12 };
00201 CONST_OID pkcs1SHA512WithRSAEncryption[]  = { PKCS1, 13 };
00202 
00203 CONST_OID pkcs5PbeWithMD2AndDEScbc[]             = { PKCS5, 0x01 };
00204 CONST_OID pkcs5PbeWithMD5AndDEScbc[]             = { PKCS5, 0x03 };
00205 CONST_OID pkcs5PbeWithSha1AndDEScbc[]            = { PKCS5, 0x0a };
00206 
00207 CONST_OID pkcs7[]                                = { PKCS7 };
00208 CONST_OID pkcs7Data[]                            = { PKCS7, 0x01 };
00209 CONST_OID pkcs7SignedData[]                      = { PKCS7, 0x02 };
00210 CONST_OID pkcs7EnvelopedData[]                   = { PKCS7, 0x03 };
00211 CONST_OID pkcs7SignedEnvelopedData[]             = { PKCS7, 0x04 };
00212 CONST_OID pkcs7DigestedData[]                    = { PKCS7, 0x05 };
00213 CONST_OID pkcs7EncryptedData[]                   = { PKCS7, 0x06 };
00214 
00215 CONST_OID pkcs9EmailAddress[]                  = { PKCS9, 0x01 };
00216 CONST_OID pkcs9UnstructuredName[]              = { PKCS9, 0x02 };
00217 CONST_OID pkcs9ContentType[]                   = { PKCS9, 0x03 };
00218 CONST_OID pkcs9MessageDigest[]                 = { PKCS9, 0x04 };
00219 CONST_OID pkcs9SigningTime[]                   = { PKCS9, 0x05 };
00220 CONST_OID pkcs9CounterSignature[]              = { PKCS9, 0x06 };
00221 CONST_OID pkcs9ChallengePassword[]             = { PKCS9, 0x07 };
00222 CONST_OID pkcs9UnstructuredAddress[]           = { PKCS9, 0x08 };
00223 CONST_OID pkcs9ExtendedCertificateAttributes[] = { PKCS9, 0x09 };
00224 CONST_OID pkcs9ExtensionRequest[]              = { PKCS9, 14 };
00225 CONST_OID pkcs9SMIMECapabilities[]             = { PKCS9, 15 };
00226 CONST_OID pkcs9FriendlyName[]                  = { PKCS9, 20 };
00227 CONST_OID pkcs9LocalKeyID[]                    = { PKCS9, 21 };
00228 
00229 CONST_OID pkcs9X509Certificate[]          = { PKCS9_CERT_TYPES, 1 };
00230 CONST_OID pkcs9SDSICertificate[]          = { PKCS9_CERT_TYPES, 2 };
00231 CONST_OID pkcs9X509CRL[]                  = { PKCS9_CRL_TYPES, 1 };
00232 
00233 /* RFC2630 (CMS) OIDs */
00234 CONST_OID cmsESDH[]                       = { PKCS9_SMIME_ALGS, 5 };
00235 CONST_OID cms3DESwrap[]                   = { PKCS9_SMIME_ALGS, 6 };
00236 CONST_OID cmsRC2wrap[]                    = { PKCS9_SMIME_ALGS, 7 };
00237 
00238 /* RFC2633 SMIME message attributes */
00239 CONST_OID smimeEncryptionKeyPreference[]  = { PKCS9_SMIME_ATTRS, 11 };
00240 CONST_OID ms_smimeEncryptionKeyPreference[]      = { MICROSOFT_OID, 0x10, 0x4 };
00241 
00242 CONST_OID x520CommonName[]                      = { X520_ATTRIBUTE_TYPE, 3 };
00243 CONST_OID x520SurName[]                         = { X520_ATTRIBUTE_TYPE, 4 };
00244 CONST_OID x520SerialNumber[]                    = { X520_ATTRIBUTE_TYPE, 5 };
00245 CONST_OID x520CountryName[]                     = { X520_ATTRIBUTE_TYPE, 6 };
00246 CONST_OID x520LocalityName[]                    = { X520_ATTRIBUTE_TYPE, 7 };
00247 CONST_OID x520StateOrProvinceName[]             = { X520_ATTRIBUTE_TYPE, 8 };
00248 CONST_OID x520StreetAddress[]                   = { X520_ATTRIBUTE_TYPE, 9 };
00249 CONST_OID x520OrgName[]                         = { X520_ATTRIBUTE_TYPE, 10 };
00250 CONST_OID x520OrgUnitName[]                     = { X520_ATTRIBUTE_TYPE, 11 };
00251 CONST_OID x520Title[]                           = { X520_ATTRIBUTE_TYPE, 12 };
00252 CONST_OID x520PostalAddress[]                   = { X520_ATTRIBUTE_TYPE, 16 };
00253 CONST_OID x520PostalCode[]                      = { X520_ATTRIBUTE_TYPE, 17 };
00254 CONST_OID x520PostOfficeBox[]                   = { X520_ATTRIBUTE_TYPE, 18 };
00255 CONST_OID x520GivenName[]                       = { X520_ATTRIBUTE_TYPE, 42 };
00256 CONST_OID x520Initials[]                        = { X520_ATTRIBUTE_TYPE, 43 };
00257 CONST_OID x520GenerationQualifier[]             = { X520_ATTRIBUTE_TYPE, 44 };
00258 CONST_OID x520DnQualifier[]                     = { X520_ATTRIBUTE_TYPE, 46 };
00259 CONST_OID x520HouseIdentifier[]                 = { X520_ATTRIBUTE_TYPE, 51 };
00260 CONST_OID x520Pseudonym[]                       = { X520_ATTRIBUTE_TYPE, 65 };
00261 
00262 CONST_OID nsTypeGIF[]                            = { NETSCAPE_DATA_TYPE, 0x01 };
00263 CONST_OID nsTypeJPEG[]                           = { NETSCAPE_DATA_TYPE, 0x02 };
00264 CONST_OID nsTypeURL[]                            = { NETSCAPE_DATA_TYPE, 0x03 };
00265 CONST_OID nsTypeHTML[]                           = { NETSCAPE_DATA_TYPE, 0x04 };
00266 CONST_OID nsTypeCertSeq[]                        = { NETSCAPE_DATA_TYPE, 0x05 };
00267 
00268 CONST_OID missiCertKEADSSOld[]                   = { MISSI_OLD_KEA_DSS };
00269 CONST_OID missiCertDSSOld[]                      = { MISSI_OLD_DSS };
00270 CONST_OID missiCertKEADSS[]                      = { MISSI_KEA_DSS };
00271 CONST_OID missiCertDSS[]                         = { MISSI_DSS };
00272 CONST_OID missiCertKEA[]                         = { MISSI_KEA };
00273 CONST_OID missiCertAltKEA[]                      = { MISSI_ALT_KEA };
00274 CONST_OID x500RSAEncryption[]                    = { X500_ALG_ENCRYPTION, 0x01 };
00275 
00276 /* added for alg 1485 */
00277 CONST_OID rfc1274Uid[]                           = { RFC1274_ATTR_TYPE, 1 };
00278 CONST_OID rfc1274Mail[]                          = { RFC1274_ATTR_TYPE, 3 };
00279 CONST_OID rfc2247DomainComponent[]               = { RFC1274_ATTR_TYPE, 25 };
00280 
00281 /* Netscape private certificate extensions */
00282 CONST_OID nsCertExtNetscapeOK[]           = { NS_CERT_EXT, 1 };
00283 CONST_OID nsCertExtIssuerLogo[]           = { NS_CERT_EXT, 2 };
00284 CONST_OID nsCertExtSubjectLogo[]          = { NS_CERT_EXT, 3 };
00285 CONST_OID nsExtCertType[]                 = { NETSCAPE_CERT_EXT, 0x01 };
00286 CONST_OID nsExtBaseURL[]                  = { NETSCAPE_CERT_EXT, 0x02 };
00287 CONST_OID nsExtRevocationURL[]            = { NETSCAPE_CERT_EXT, 0x03 };
00288 CONST_OID nsExtCARevocationURL[]          = { NETSCAPE_CERT_EXT, 0x04 };
00289 CONST_OID nsExtCACRLURL[]                 = { NETSCAPE_CERT_EXT, 0x05 };
00290 CONST_OID nsExtCACertURL[]                = { NETSCAPE_CERT_EXT, 0x06 };
00291 CONST_OID nsExtCertRenewalURL[]           = { NETSCAPE_CERT_EXT, 0x07 };
00292 CONST_OID nsExtCAPolicyURL[]              = { NETSCAPE_CERT_EXT, 0x08 };
00293 CONST_OID nsExtHomepageURL[]              = { NETSCAPE_CERT_EXT, 0x09 };
00294 CONST_OID nsExtEntityLogo[]               = { NETSCAPE_CERT_EXT, 0x0a };
00295 CONST_OID nsExtUserPicture[]              = { NETSCAPE_CERT_EXT, 0x0b };
00296 CONST_OID nsExtSSLServerName[]            = { NETSCAPE_CERT_EXT, 0x0c };
00297 CONST_OID nsExtComment[]                  = { NETSCAPE_CERT_EXT, 0x0d };
00298 
00299 /* the following 2 extensions are defined for and used by Cartman(NSM) */
00300 CONST_OID nsExtLostPasswordURL[]          = { NETSCAPE_CERT_EXT, 0x0e };
00301 CONST_OID nsExtCertRenewalTime[]          = { NETSCAPE_CERT_EXT, 0x0f };
00302 
00303 CONST_OID nsExtAIACertRenewal[]           = { NETSCAPE_CERT_EXT_AIA, 0x01 };
00304 CONST_OID nsExtCertScopeOfUse[]           = { NETSCAPE_CERT_EXT, 0x11 };
00305 /* Reserved Netscape (2 16 840 1 113730 1 18) = { NETSCAPE_CERT_EXT, 0x12 }; */
00306 
00307 /* Netscape policy values */
00308 CONST_OID nsKeyUsageGovtApproved[]        = { NETSCAPE_POLICY, 0x01 };
00309 
00310 /* Netscape other name types */
00311 CONST_OID netscapeNickname[]              = { NETSCAPE_NAME_COMPONENTS, 0x01 };
00312 CONST_OID netscapeAOLScreenname[]  = { NETSCAPE_NAME_COMPONENTS, 0x02 };
00313 
00314 /* OIDs needed for cert server */
00315 CONST_OID netscapeRecoveryRequest[]       = { NETSCAPE_CERT_SERVER_CRMF, 0x01 };
00316 
00317 
00318 /* Standard x.509 v3 Certificate & CRL Extensions */
00319 CONST_OID x509SubjectDirectoryAttr[]             = { ID_CE_OID,  9 };
00320 CONST_OID x509SubjectKeyID[]                     = { ID_CE_OID, 14 };
00321 CONST_OID x509KeyUsage[]                         = { ID_CE_OID, 15 };
00322 CONST_OID x509PrivateKeyUsagePeriod[]            = { ID_CE_OID, 16 };
00323 CONST_OID x509SubjectAltName[]                   = { ID_CE_OID, 17 };
00324 CONST_OID x509IssuerAltName[]                    = { ID_CE_OID, 18 };
00325 CONST_OID x509BasicConstraints[]                 = { ID_CE_OID, 19 };
00326 CONST_OID x509CRLNumber[]                        = { ID_CE_OID, 20 };
00327 CONST_OID x509ReasonCode[]                       = { ID_CE_OID, 21 };
00328 CONST_OID x509HoldInstructionCode[]             = { ID_CE_OID, 23 };
00329 CONST_OID x509InvalidDate[]                     = { ID_CE_OID, 24 };
00330 CONST_OID x509DeltaCRLIndicator[]               = { ID_CE_OID, 27 };
00331 CONST_OID x509IssuingDistributionPoint[]        = { ID_CE_OID, 28 };
00332 CONST_OID x509CertIssuer[]                      = { ID_CE_OID, 29 };
00333 CONST_OID x509NameConstraints[]                  = { ID_CE_OID, 30 };
00334 CONST_OID x509CRLDistPoints[]                    = { ID_CE_OID, 31 };
00335 CONST_OID x509CertificatePolicies[]              = { ID_CE_OID, 32 };
00336 CONST_OID x509PolicyMappings[]                   = { ID_CE_OID, 33 };
00337 CONST_OID x509AuthKeyID[]                        = { ID_CE_OID, 35 };
00338 CONST_OID x509PolicyConstraints[]                = { ID_CE_OID, 36 };
00339 CONST_OID x509ExtKeyUsage[]                      = { ID_CE_OID, 37 };
00340 CONST_OID x509FreshestCRL[]                      = { ID_CE_OID, 46 };
00341 CONST_OID x509InhibitAnyPolicy[]                 = { ID_CE_OID, 54 };
00342 
00343 CONST_OID x509AuthInfoAccess[]                   = { PKIX_CERT_EXTENSIONS,  1 };
00344 CONST_OID x509SubjectInfoAccess[]               = { PKIX_CERT_EXTENSIONS, 11 };
00345 
00346 /* pkcs 12 additions */
00347 CONST_OID pkcs12[]                           = { PKCS12 };
00348 CONST_OID pkcs12ModeIDs[]                    = { PKCS12_MODE_IDS };
00349 CONST_OID pkcs12ESPVKIDs[]                   = { PKCS12_ESPVK_IDS };
00350 CONST_OID pkcs12BagIDs[]                     = { PKCS12_BAG_IDS };
00351 CONST_OID pkcs12CertBagIDs[]                 = { PKCS12_CERT_BAG_IDS };
00352 CONST_OID pkcs12OIDs[]                       = { PKCS12_OIDS };
00353 CONST_OID pkcs12PBEIDs[]                     = { PKCS12_PBE_IDS };
00354 CONST_OID pkcs12EnvelopingIDs[]              = { PKCS12_ENVELOPING_IDS };
00355 CONST_OID pkcs12SignatureIDs[]               = { PKCS12_SIGNATURE_IDS };
00356 CONST_OID pkcs12PKCS8KeyShrouding[]          = { PKCS12_ESPVK_IDS, 0x01 };
00357 CONST_OID pkcs12KeyBagID[]                   = { PKCS12_BAG_IDS, 0x01 };
00358 CONST_OID pkcs12CertAndCRLBagID[]            = { PKCS12_BAG_IDS, 0x02 };
00359 CONST_OID pkcs12SecretBagID[]                = { PKCS12_BAG_IDS, 0x03 };
00360 CONST_OID pkcs12X509CertCRLBag[]             = { PKCS12_CERT_BAG_IDS, 0x01 };
00361 CONST_OID pkcs12SDSICertBag[]                = { PKCS12_CERT_BAG_IDS, 0x02 };
00362 CONST_OID pkcs12PBEWithSha1And128BitRC4[]    = { PKCS12_PBE_IDS, 0x01 };
00363 CONST_OID pkcs12PBEWithSha1And40BitRC4[]     = { PKCS12_PBE_IDS, 0x02 };
00364 CONST_OID pkcs12PBEWithSha1AndTripleDESCBC[] = { PKCS12_PBE_IDS, 0x03 };
00365 CONST_OID pkcs12PBEWithSha1And128BitRC2CBC[] = { PKCS12_PBE_IDS, 0x04 };
00366 CONST_OID pkcs12PBEWithSha1And40BitRC2CBC[]  = { PKCS12_PBE_IDS, 0x05 };
00367 CONST_OID pkcs12RSAEncryptionWith128BitRC4[] = { PKCS12_ENVELOPING_IDS, 0x01 };
00368 CONST_OID pkcs12RSAEncryptionWith40BitRC4[]  = { PKCS12_ENVELOPING_IDS, 0x02 };
00369 CONST_OID pkcs12RSAEncryptionWithTripleDES[] = { PKCS12_ENVELOPING_IDS, 0x03 }; 
00370 CONST_OID pkcs12RSASignatureWithSHA1Digest[] = { PKCS12_SIGNATURE_IDS, 0x01 };
00371 
00372 /* pkcs 12 version 1.0 ids */
00373 CONST_OID pkcs12V2PBEWithSha1And128BitRC4[]       = { PKCS12_V2_PBE_IDS, 0x01 };
00374 CONST_OID pkcs12V2PBEWithSha1And40BitRC4[]        = { PKCS12_V2_PBE_IDS, 0x02 };
00375 CONST_OID pkcs12V2PBEWithSha1And3KeyTripleDEScbc[]= { PKCS12_V2_PBE_IDS, 0x03 };
00376 CONST_OID pkcs12V2PBEWithSha1And2KeyTripleDEScbc[]= { PKCS12_V2_PBE_IDS, 0x04 };
00377 CONST_OID pkcs12V2PBEWithSha1And128BitRC2cbc[]    = { PKCS12_V2_PBE_IDS, 0x05 };
00378 CONST_OID pkcs12V2PBEWithSha1And40BitRC2cbc[]     = { PKCS12_V2_PBE_IDS, 0x06 };
00379 
00380 CONST_OID pkcs12SafeContentsID[]                  = { PKCS12_BAG_IDS, 0x04 };
00381 CONST_OID pkcs12PKCS8ShroudedKeyBagID[]           = { PKCS12_BAG_IDS, 0x05 };
00382 
00383 CONST_OID pkcs12V1KeyBag[]                = { PKCS12_V1_BAG_IDS, 0x01 };
00384 CONST_OID pkcs12V1PKCS8ShroudedKeyBag[]   = { PKCS12_V1_BAG_IDS, 0x02 };
00385 CONST_OID pkcs12V1CertBag[]               = { PKCS12_V1_BAG_IDS, 0x03 };
00386 CONST_OID pkcs12V1CRLBag[]                = { PKCS12_V1_BAG_IDS, 0x04 };
00387 CONST_OID pkcs12V1SecretBag[]             = { PKCS12_V1_BAG_IDS, 0x05 };
00388 CONST_OID pkcs12V1SafeContentsBag[]       = { PKCS12_V1_BAG_IDS, 0x06 };
00389 
00390 /* The following encoding is INCORRECT, but correcting it would create a
00391  * duplicate OID in the table.  So, we will leave it alone.
00392  */
00393 CONST_OID pkcs12KeyUsageAttr[]            = { 2, 5, 29, 15 };
00394 
00395 CONST_OID ansix9DSASignature[]                   = { ANSI_X9_ALGORITHM, 0x01 };
00396 CONST_OID ansix9DSASignaturewithSHA1Digest[]     = { ANSI_X9_ALGORITHM, 0x03 };
00397 
00398 /* verisign OIDs */
00399 CONST_OID verisignUserNotices[]                  = { VERISIGN, 1, 7, 1, 1 };
00400 
00401 /* pkix OIDs */
00402 CONST_OID pkixCPSPointerQualifier[]              = { PKIX_POLICY_QUALIFIERS, 1 };
00403 CONST_OID pkixUserNoticeQualifier[]              = { PKIX_POLICY_QUALIFIERS, 2 };
00404 
00405 CONST_OID pkixOCSP[]                      = { PKIX_OCSP };
00406 CONST_OID pkixOCSPBasicResponse[]         = { PKIX_OCSP, 1 };
00407 CONST_OID pkixOCSPNonce[]                 = { PKIX_OCSP, 2 };
00408 CONST_OID pkixOCSPCRL[]                   = { PKIX_OCSP, 3 };
00409 CONST_OID pkixOCSPResponse[]                     = { PKIX_OCSP, 4 };
00410 CONST_OID pkixOCSPNoCheck[]               = { PKIX_OCSP, 5 };
00411 CONST_OID pkixOCSPArchiveCutoff[]         = { PKIX_OCSP, 6 };
00412 CONST_OID pkixOCSPServiceLocator[]        = { PKIX_OCSP, 7 };
00413 
00414 CONST_OID pkixCAIssuers[]                 = { PKIX_CA_ISSUERS };
00415 
00416 CONST_OID pkixRegCtrlRegToken[]                  = { PKIX_ID_REGCTRL, 1};
00417 CONST_OID pkixRegCtrlAuthenticator[]             = { PKIX_ID_REGCTRL, 2};
00418 CONST_OID pkixRegCtrlPKIPubInfo[]                = { PKIX_ID_REGCTRL, 3};
00419 CONST_OID pkixRegCtrlPKIArchOptions[]            = { PKIX_ID_REGCTRL, 4};
00420 CONST_OID pkixRegCtrlOldCertID[]                 = { PKIX_ID_REGCTRL, 5};
00421 CONST_OID pkixRegCtrlProtEncKey[]                = { PKIX_ID_REGCTRL, 6};
00422 CONST_OID pkixRegInfoUTF8Pairs[]                 = { PKIX_ID_REGINFO, 1};
00423 CONST_OID pkixRegInfoCertReq[]                   = { PKIX_ID_REGINFO, 2};
00424 
00425 CONST_OID pkixExtendedKeyUsageServerAuth[]       = { PKIX_KEY_USAGE, 1 };
00426 CONST_OID pkixExtendedKeyUsageClientAuth[]       = { PKIX_KEY_USAGE, 2 };
00427 CONST_OID pkixExtendedKeyUsageCodeSign[]         = { PKIX_KEY_USAGE, 3 };
00428 CONST_OID pkixExtendedKeyUsageEMailProtect[]     = { PKIX_KEY_USAGE, 4 };
00429 CONST_OID pkixExtendedKeyUsageTimeStamp[]        = { PKIX_KEY_USAGE, 8 };
00430 CONST_OID pkixOCSPResponderExtendedKeyUsage[]    = { PKIX_KEY_USAGE, 9 };
00431 
00432 /* OIDs for Netscape defined algorithms */
00433 CONST_OID netscapeSMimeKEA[]                     = { NETSCAPE_ALGS, 0x01 };
00434 
00435 /* Fortezza algorithm OIDs */
00436 CONST_OID skipjackCBC[]                   = { FORTEZZA_ALG, 0x04 };
00437 CONST_OID dhPublicKey[]                   = { ANSI_X942_ALGORITHM, 0x1 };
00438 
00439 CONST_OID aes128_ECB[]                           = { AES, 1 };
00440 CONST_OID aes128_CBC[]                           = { AES, 2 };
00441 #ifdef DEFINE_ALL_AES_CIPHERS
00442 CONST_OID aes128_OFB[]                           = { AES, 3 };
00443 CONST_OID aes128_CFB[]                           = { AES, 4 };
00444 #endif
00445 CONST_OID aes128_KEY_WRAP[]               = { AES, 5 };
00446 
00447 CONST_OID aes192_ECB[]                           = { AES, 21 };
00448 CONST_OID aes192_CBC[]                           = { AES, 22 };
00449 #ifdef DEFINE_ALL_AES_CIPHERS
00450 CONST_OID aes192_OFB[]                           = { AES, 23 };
00451 CONST_OID aes192_CFB[]                           = { AES, 24 };
00452 #endif
00453 CONST_OID aes192_KEY_WRAP[]               = { AES, 25 };
00454 
00455 CONST_OID aes256_ECB[]                           = { AES, 41 };
00456 CONST_OID aes256_CBC[]                           = { AES, 42 };
00457 #ifdef DEFINE_ALL_AES_CIPHERS
00458 CONST_OID aes256_OFB[]                           = { AES, 43 };
00459 CONST_OID aes256_CFB[]                           = { AES, 44 };
00460 #endif
00461 CONST_OID aes256_KEY_WRAP[]               = { AES, 45 };
00462 
00463 CONST_OID sha256[]                              = { SHAXXX, 1 };
00464 CONST_OID sha384[]                              = { SHAXXX, 2 };
00465 CONST_OID sha512[]                              = { SHAXXX, 3 };
00466 
00467 CONST_OID ansix962ECPublicKey[]             = { ANSI_X962_OID, 0x02, 0x01 };
00468 CONST_OID ansix962SignaturewithSHA1Digest[] = { ANSI_X962_SIGNATURE_OID, 0x01 };
00469 CONST_OID ansix962SignatureRecommended[]    = { ANSI_X962_SIGNATURE_OID, 0x02 };
00470 CONST_OID ansix962SignatureSpecified[]      = { ANSI_X962_SPECIFY_OID };
00471 CONST_OID ansix962SignaturewithSHA224Digest[] = { ANSI_X962_SPECIFY_OID, 0x01 };
00472 CONST_OID ansix962SignaturewithSHA256Digest[] = { ANSI_X962_SPECIFY_OID, 0x02 };
00473 CONST_OID ansix962SignaturewithSHA384Digest[] = { ANSI_X962_SPECIFY_OID, 0x03 };
00474 CONST_OID ansix962SignaturewithSHA512Digest[] = { ANSI_X962_SPECIFY_OID, 0x04 };
00475 
00476 /* ANSI X9.62 prime curve OIDs */
00477 /* NOTE: prime192v1 is the same as secp192r1, prime256v1 is the
00478  * same as secp256r1
00479  */
00480 CONST_OID ansiX962prime192v1[] = { ANSI_X962_GFp_OID, 0x01 };
00481 CONST_OID ansiX962prime192v2[] = { ANSI_X962_GFp_OID, 0x02 };
00482 CONST_OID ansiX962prime192v3[] = { ANSI_X962_GFp_OID, 0x03 };
00483 CONST_OID ansiX962prime239v1[] = { ANSI_X962_GFp_OID, 0x04 };
00484 CONST_OID ansiX962prime239v2[] = { ANSI_X962_GFp_OID, 0x05 };
00485 CONST_OID ansiX962prime239v3[] = { ANSI_X962_GFp_OID, 0x06 };
00486 CONST_OID ansiX962prime256v1[] = { ANSI_X962_GFp_OID, 0x07 };
00487 
00488 /* SECG prime curve OIDs */
00489 CONST_OID secgECsecp112r1[] = { SECG_OID, 0x06 };
00490 CONST_OID secgECsecp112r2[] = { SECG_OID, 0x07 };
00491 CONST_OID secgECsecp128r1[] = { SECG_OID, 0x1c };
00492 CONST_OID secgECsecp128r2[] = { SECG_OID, 0x1d };
00493 CONST_OID secgECsecp160k1[] = { SECG_OID, 0x09 };
00494 CONST_OID secgECsecp160r1[] = { SECG_OID, 0x08 };
00495 CONST_OID secgECsecp160r2[] = { SECG_OID, 0x1e };
00496 CONST_OID secgECsecp192k1[] = { SECG_OID, 0x1f };
00497 CONST_OID secgECsecp224k1[] = { SECG_OID, 0x20 };
00498 CONST_OID secgECsecp224r1[] = { SECG_OID, 0x21 };
00499 CONST_OID secgECsecp256k1[] = { SECG_OID, 0x0a };
00500 CONST_OID secgECsecp384r1[] = { SECG_OID, 0x22 };
00501 CONST_OID secgECsecp521r1[] = { SECG_OID, 0x23 };
00502 
00503 /* ANSI X9.62 characteristic two curve OIDs */
00504 CONST_OID ansiX962c2pnb163v1[] = { ANSI_X962_GF2m_OID, 0x01 };
00505 CONST_OID ansiX962c2pnb163v2[] = { ANSI_X962_GF2m_OID, 0x02 };
00506 CONST_OID ansiX962c2pnb163v3[] = { ANSI_X962_GF2m_OID, 0x03 };
00507 CONST_OID ansiX962c2pnb176v1[] = { ANSI_X962_GF2m_OID, 0x04 };
00508 CONST_OID ansiX962c2tnb191v1[] = { ANSI_X962_GF2m_OID, 0x05 };
00509 CONST_OID ansiX962c2tnb191v2[] = { ANSI_X962_GF2m_OID, 0x06 };
00510 CONST_OID ansiX962c2tnb191v3[] = { ANSI_X962_GF2m_OID, 0x07 };
00511 CONST_OID ansiX962c2onb191v4[] = { ANSI_X962_GF2m_OID, 0x08 };
00512 CONST_OID ansiX962c2onb191v5[] = { ANSI_X962_GF2m_OID, 0x09 };
00513 CONST_OID ansiX962c2pnb208w1[] = { ANSI_X962_GF2m_OID, 0x0a };
00514 CONST_OID ansiX962c2tnb239v1[] = { ANSI_X962_GF2m_OID, 0x0b };
00515 CONST_OID ansiX962c2tnb239v2[] = { ANSI_X962_GF2m_OID, 0x0c };
00516 CONST_OID ansiX962c2tnb239v3[] = { ANSI_X962_GF2m_OID, 0x0d };
00517 CONST_OID ansiX962c2onb239v4[] = { ANSI_X962_GF2m_OID, 0x0e };
00518 CONST_OID ansiX962c2onb239v5[] = { ANSI_X962_GF2m_OID, 0x0f };
00519 CONST_OID ansiX962c2pnb272w1[] = { ANSI_X962_GF2m_OID, 0x10 };
00520 CONST_OID ansiX962c2pnb304w1[] = { ANSI_X962_GF2m_OID, 0x11 };
00521 CONST_OID ansiX962c2tnb359v1[] = { ANSI_X962_GF2m_OID, 0x12 };
00522 CONST_OID ansiX962c2pnb368w1[] = { ANSI_X962_GF2m_OID, 0x13 };
00523 CONST_OID ansiX962c2tnb431r1[] = { ANSI_X962_GF2m_OID, 0x14 };
00524 
00525 /* SECG characterisitic two curve OIDs */
00526 CONST_OID secgECsect113r1[] = {SECG_OID, 0x04 };
00527 CONST_OID secgECsect113r2[] = {SECG_OID, 0x05 };
00528 CONST_OID secgECsect131r1[] = {SECG_OID, 0x16 };
00529 CONST_OID secgECsect131r2[] = {SECG_OID, 0x17 };
00530 CONST_OID secgECsect163k1[] = {SECG_OID, 0x01 };
00531 CONST_OID secgECsect163r1[] = {SECG_OID, 0x02 };
00532 CONST_OID secgECsect163r2[] = {SECG_OID, 0x0f };
00533 CONST_OID secgECsect193r1[] = {SECG_OID, 0x18 };
00534 CONST_OID secgECsect193r2[] = {SECG_OID, 0x19 };
00535 CONST_OID secgECsect233k1[] = {SECG_OID, 0x1a };
00536 CONST_OID secgECsect233r1[] = {SECG_OID, 0x1b };
00537 CONST_OID secgECsect239k1[] = {SECG_OID, 0x03 };
00538 CONST_OID secgECsect283k1[] = {SECG_OID, 0x10 };
00539 CONST_OID secgECsect283r1[] = {SECG_OID, 0x11 };
00540 CONST_OID secgECsect409k1[] = {SECG_OID, 0x24 };
00541 CONST_OID secgECsect409r1[] = {SECG_OID, 0x25 };
00542 CONST_OID secgECsect571k1[] = {SECG_OID, 0x26 };
00543 CONST_OID secgECsect571r1[] = {SECG_OID, 0x27 };
00544 
00545 #define OI(x) { siDEROID, (unsigned char *)x, sizeof x }
00546 #ifndef SECOID_NO_STRINGS
00547 #define OD(oid,tag,desc,mech,ext) { OI(oid), tag, desc, mech, ext }
00548 #else
00549 #define OD(oid,tag,desc,mech,ext) { OI(oid), tag, 0, mech, ext }
00550 #endif
00551 
00552 #if defined(NSS_ALLOW_UNSUPPORTED_CRITICAL)
00553 #define FAKE_SUPPORTED_CERT_EXTENSION   SUPPORTED_CERT_EXTENSION
00554 #else
00555 #define FAKE_SUPPORTED_CERT_EXTENSION UNSUPPORTED_CERT_EXTENSION
00556 #endif
00557 
00558 /*
00559  * NOTE: the order of these entries must mach the SECOidTag enum in secoidt.h!
00560  */
00561 const static SECOidData oids[] = {
00562     { { siDEROID, NULL, 0 }, SEC_OID_UNKNOWN,
00563        "Unknown OID", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
00564     OD( md2, SEC_OID_MD2, "MD2", CKM_MD2, INVALID_CERT_EXTENSION ),
00565     OD( md4, SEC_OID_MD4,
00566        "MD4", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00567     OD( md5, SEC_OID_MD5, "MD5", CKM_MD5, INVALID_CERT_EXTENSION ),
00568     OD( sha1, SEC_OID_SHA1, "SHA-1", CKM_SHA_1, INVALID_CERT_EXTENSION ),
00569     OD( rc2cbc, SEC_OID_RC2_CBC,
00570        "RC2-CBC", CKM_RC2_CBC, INVALID_CERT_EXTENSION ),
00571     OD( rc4, SEC_OID_RC4, "RC4", CKM_RC4, INVALID_CERT_EXTENSION ),
00572     OD( desede3cbc, SEC_OID_DES_EDE3_CBC,
00573        "DES-EDE3-CBC", CKM_DES3_CBC, INVALID_CERT_EXTENSION ),
00574     OD( rc5cbcpad, SEC_OID_RC5_CBC_PAD,
00575        "RC5-CBCPad", CKM_RC5_CBC, INVALID_CERT_EXTENSION ),
00576     OD( desecb, SEC_OID_DES_ECB,
00577        "DES-ECB", CKM_DES_ECB, INVALID_CERT_EXTENSION ),
00578     OD( descbc, SEC_OID_DES_CBC,
00579        "DES-CBC", CKM_DES_CBC, INVALID_CERT_EXTENSION ),
00580     OD( desofb, SEC_OID_DES_OFB,
00581        "DES-OFB", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00582     OD( descfb, SEC_OID_DES_CFB,
00583        "DES-CFB", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00584     OD( desmac, SEC_OID_DES_MAC,
00585        "DES-MAC", CKM_DES_MAC, INVALID_CERT_EXTENSION ),
00586     OD( desede, SEC_OID_DES_EDE,
00587        "DES-EDE", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00588     OD( isoSHAWithRSASignature, SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE,
00589        "ISO SHA with RSA Signature", 
00590        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00591     OD( pkcs1RSAEncryption, SEC_OID_PKCS1_RSA_ENCRYPTION,
00592        "PKCS #1 RSA Encryption", CKM_RSA_PKCS, INVALID_CERT_EXTENSION ),
00593 
00594     /* the following Signing mechanisms should get new CKM_ values when
00595      * values for CKM_RSA_WITH_MDX and CKM_RSA_WITH_SHA_1 get defined in
00596      * PKCS #11.
00597      */
00598     OD( pkcs1MD2WithRSAEncryption, SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION,
00599        "PKCS #1 MD2 With RSA Encryption", CKM_MD2_RSA_PKCS,
00600        INVALID_CERT_EXTENSION ),
00601     OD( pkcs1MD4WithRSAEncryption, SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION,
00602        "PKCS #1 MD4 With RSA Encryption", 
00603        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00604     OD( pkcs1MD5WithRSAEncryption, SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION,
00605        "PKCS #1 MD5 With RSA Encryption", CKM_MD5_RSA_PKCS,
00606        INVALID_CERT_EXTENSION ),
00607     OD( pkcs1SHA1WithRSAEncryption, SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION,
00608        "PKCS #1 SHA-1 With RSA Encryption", CKM_SHA1_RSA_PKCS,
00609        INVALID_CERT_EXTENSION ),
00610 
00611     OD( pkcs5PbeWithMD2AndDEScbc, SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC,
00612        "PKCS #5 Password Based Encryption with MD2 and DES CBC",
00613        CKM_PBE_MD2_DES_CBC, INVALID_CERT_EXTENSION ),
00614     OD( pkcs5PbeWithMD5AndDEScbc, SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC,
00615        "PKCS #5 Password Based Encryption with MD5 and DES CBC",
00616        CKM_PBE_MD5_DES_CBC, INVALID_CERT_EXTENSION ),
00617     OD( pkcs5PbeWithSha1AndDEScbc, SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC,
00618        "PKCS #5 Password Based Encryption with SHA1 and DES CBC", 
00619        CKM_NETSCAPE_PBE_SHA1_DES_CBC, INVALID_CERT_EXTENSION ),
00620     OD( pkcs7, SEC_OID_PKCS7,
00621        "PKCS #7", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00622     OD( pkcs7Data, SEC_OID_PKCS7_DATA,
00623        "PKCS #7 Data", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00624     OD( pkcs7SignedData, SEC_OID_PKCS7_SIGNED_DATA,
00625        "PKCS #7 Signed Data", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00626     OD( pkcs7EnvelopedData, SEC_OID_PKCS7_ENVELOPED_DATA,
00627        "PKCS #7 Enveloped Data", 
00628        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00629     OD( pkcs7SignedEnvelopedData, SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA,
00630        "PKCS #7 Signed And Enveloped Data", 
00631        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00632     OD( pkcs7DigestedData, SEC_OID_PKCS7_DIGESTED_DATA,
00633        "PKCS #7 Digested Data", 
00634        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00635     OD( pkcs7EncryptedData, SEC_OID_PKCS7_ENCRYPTED_DATA,
00636        "PKCS #7 Encrypted Data", 
00637        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00638     OD( pkcs9EmailAddress, SEC_OID_PKCS9_EMAIL_ADDRESS,
00639        "PKCS #9 Email Address", 
00640        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00641     OD( pkcs9UnstructuredName, SEC_OID_PKCS9_UNSTRUCTURED_NAME,
00642        "PKCS #9 Unstructured Name", 
00643        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00644     OD( pkcs9ContentType, SEC_OID_PKCS9_CONTENT_TYPE,
00645        "PKCS #9 Content Type", 
00646        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00647     OD( pkcs9MessageDigest, SEC_OID_PKCS9_MESSAGE_DIGEST,
00648        "PKCS #9 Message Digest", 
00649        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00650     OD( pkcs9SigningTime, SEC_OID_PKCS9_SIGNING_TIME,
00651        "PKCS #9 Signing Time", 
00652        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00653     OD( pkcs9CounterSignature, SEC_OID_PKCS9_COUNTER_SIGNATURE,
00654        "PKCS #9 Counter Signature", 
00655        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00656     OD( pkcs9ChallengePassword, SEC_OID_PKCS9_CHALLENGE_PASSWORD,
00657        "PKCS #9 Challenge Password", 
00658        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00659     OD( pkcs9UnstructuredAddress, SEC_OID_PKCS9_UNSTRUCTURED_ADDRESS,
00660        "PKCS #9 Unstructured Address", 
00661        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00662     OD( pkcs9ExtendedCertificateAttributes,
00663        SEC_OID_PKCS9_EXTENDED_CERTIFICATE_ATTRIBUTES,
00664        "PKCS #9 Extended Certificate Attributes", 
00665        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00666     OD( pkcs9SMIMECapabilities, SEC_OID_PKCS9_SMIME_CAPABILITIES,
00667        "PKCS #9 S/MIME Capabilities", 
00668        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00669     OD( x520CommonName, SEC_OID_AVA_COMMON_NAME,
00670        "X520 Common Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00671     OD( x520CountryName, SEC_OID_AVA_COUNTRY_NAME,
00672        "X520 Country Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00673     OD( x520LocalityName, SEC_OID_AVA_LOCALITY,
00674        "X520 Locality Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00675     OD( x520StateOrProvinceName, SEC_OID_AVA_STATE_OR_PROVINCE,
00676        "X520 State Or Province Name", 
00677        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00678     OD( x520OrgName, SEC_OID_AVA_ORGANIZATION_NAME,
00679        "X520 Organization Name", 
00680        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00681     OD( x520OrgUnitName, SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME,
00682        "X520 Organizational Unit Name", 
00683        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00684     OD( x520DnQualifier, SEC_OID_AVA_DN_QUALIFIER,
00685        "X520 DN Qualifier", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00686     OD( rfc2247DomainComponent, SEC_OID_AVA_DC,
00687        "RFC 2247 Domain Component", 
00688        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00689 
00690     OD( nsTypeGIF, SEC_OID_NS_TYPE_GIF,
00691        "GIF", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00692     OD( nsTypeJPEG, SEC_OID_NS_TYPE_JPEG,
00693        "JPEG", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00694     OD( nsTypeURL, SEC_OID_NS_TYPE_URL,
00695        "URL", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00696     OD( nsTypeHTML, SEC_OID_NS_TYPE_HTML,
00697        "HTML", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00698     OD( nsTypeCertSeq, SEC_OID_NS_TYPE_CERT_SEQUENCE,
00699        "Certificate Sequence", 
00700        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00701     OD( missiCertKEADSSOld, SEC_OID_MISSI_KEA_DSS_OLD, 
00702        "MISSI KEA and DSS Algorithm (Old)",
00703        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00704     OD( missiCertDSSOld, SEC_OID_MISSI_DSS_OLD, 
00705        "MISSI DSS Algorithm (Old)",
00706        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00707     OD( missiCertKEADSS, SEC_OID_MISSI_KEA_DSS, 
00708        "MISSI KEA and DSS Algorithm",
00709        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00710     OD( missiCertDSS, SEC_OID_MISSI_DSS, 
00711        "MISSI DSS Algorithm",
00712        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00713     OD( missiCertKEA, SEC_OID_MISSI_KEA, 
00714        "MISSI KEA Algorithm",
00715        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00716     OD( missiCertAltKEA, SEC_OID_MISSI_ALT_KEA, 
00717        "MISSI Alternate KEA Algorithm",
00718           CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00719 
00720     /* Netscape private extensions */
00721     OD( nsCertExtNetscapeOK, SEC_OID_NS_CERT_EXT_NETSCAPE_OK,
00722        "Netscape says this cert is OK",
00723        CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
00724     OD( nsCertExtIssuerLogo, SEC_OID_NS_CERT_EXT_ISSUER_LOGO,
00725        "Certificate Issuer Logo",
00726        CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
00727     OD( nsCertExtSubjectLogo, SEC_OID_NS_CERT_EXT_SUBJECT_LOGO,
00728        "Certificate Subject Logo",
00729        CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
00730     OD( nsExtCertType, SEC_OID_NS_CERT_EXT_CERT_TYPE,
00731        "Certificate Type",
00732        CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00733     OD( nsExtBaseURL, SEC_OID_NS_CERT_EXT_BASE_URL,
00734        "Certificate Extension Base URL",
00735        CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00736     OD( nsExtRevocationURL, SEC_OID_NS_CERT_EXT_REVOCATION_URL,
00737        "Certificate Revocation URL",
00738        CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00739     OD( nsExtCARevocationURL, SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL,
00740        "Certificate Authority Revocation URL",
00741        CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00742     OD( nsExtCACRLURL, SEC_OID_NS_CERT_EXT_CA_CRL_URL,
00743        "Certificate Authority CRL Download URL",
00744        CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
00745     OD( nsExtCACertURL, SEC_OID_NS_CERT_EXT_CA_CERT_URL,
00746        "Certificate Authority Certificate Download URL",
00747        CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
00748     OD( nsExtCertRenewalURL, SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL,
00749        "Certificate Renewal URL", 
00750        CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ), 
00751     OD( nsExtCAPolicyURL, SEC_OID_NS_CERT_EXT_CA_POLICY_URL,
00752        "Certificate Authority Policy URL",
00753        CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00754     OD( nsExtHomepageURL, SEC_OID_NS_CERT_EXT_HOMEPAGE_URL,
00755        "Certificate Homepage URL", 
00756        CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
00757     OD( nsExtEntityLogo, SEC_OID_NS_CERT_EXT_ENTITY_LOGO,
00758        "Certificate Entity Logo", 
00759        CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
00760     OD( nsExtUserPicture, SEC_OID_NS_CERT_EXT_USER_PICTURE,
00761        "Certificate User Picture", 
00762        CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
00763     OD( nsExtSSLServerName, SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME,
00764        "Certificate SSL Server Name", 
00765        CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00766     OD( nsExtComment, SEC_OID_NS_CERT_EXT_COMMENT,
00767        "Certificate Comment", 
00768        CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00769     OD( nsExtLostPasswordURL, SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL,
00770         "Lost Password URL", 
00771        CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00772     OD( nsExtCertRenewalTime, SEC_OID_NS_CERT_EXT_CERT_RENEWAL_TIME, 
00773        "Certificate Renewal Time", 
00774        CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00775     OD( nsKeyUsageGovtApproved, SEC_OID_NS_KEY_USAGE_GOVT_APPROVED,
00776        "Strong Crypto Export Approved",
00777        CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
00778 
00779 
00780     /* x.509 v3 certificate extensions */
00781     OD( x509SubjectDirectoryAttr, SEC_OID_X509_SUBJECT_DIRECTORY_ATTR,
00782        "Certificate Subject Directory Attributes",
00783        CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION),
00784     OD( x509SubjectKeyID, SEC_OID_X509_SUBJECT_KEY_ID, 
00785        "Certificate Subject Key ID",
00786        CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00787     OD( x509KeyUsage, SEC_OID_X509_KEY_USAGE, 
00788        "Certificate Key Usage",
00789        CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00790     OD( x509PrivateKeyUsagePeriod, SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD,
00791        "Certificate Private Key Usage Period",
00792         CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
00793     OD( x509SubjectAltName, SEC_OID_X509_SUBJECT_ALT_NAME, 
00794        "Certificate Subject Alt Name",
00795         CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00796     OD( x509IssuerAltName, SEC_OID_X509_ISSUER_ALT_NAME, 
00797        "Certificate Issuer Alt Name",
00798         CKM_INVALID_MECHANISM, FAKE_SUPPORTED_CERT_EXTENSION ),
00799     OD( x509BasicConstraints, SEC_OID_X509_BASIC_CONSTRAINTS, 
00800        "Certificate Basic Constraints",
00801        CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00802     OD( x509NameConstraints, SEC_OID_X509_NAME_CONSTRAINTS, 
00803        "Certificate Name Constraints",
00804        CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00805     OD( x509CRLDistPoints, SEC_OID_X509_CRL_DIST_POINTS, 
00806        "CRL Distribution Points",
00807        CKM_INVALID_MECHANISM, FAKE_SUPPORTED_CERT_EXTENSION ),
00808     OD( x509CertificatePolicies, SEC_OID_X509_CERTIFICATE_POLICIES,
00809        "Certificate Policies",
00810         CKM_INVALID_MECHANISM, FAKE_SUPPORTED_CERT_EXTENSION ),
00811     OD( x509PolicyMappings, SEC_OID_X509_POLICY_MAPPINGS, 
00812        "Certificate Policy Mappings",
00813         CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),
00814     OD( x509PolicyConstraints, SEC_OID_X509_POLICY_CONSTRAINTS, 
00815        "Certificate Policy Constraints",
00816         CKM_INVALID_MECHANISM, FAKE_SUPPORTED_CERT_EXTENSION ),
00817     OD( x509AuthKeyID, SEC_OID_X509_AUTH_KEY_ID, 
00818        "Certificate Authority Key Identifier",
00819        CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00820     OD( x509ExtKeyUsage, SEC_OID_X509_EXT_KEY_USAGE, 
00821        "Extended Key Usage",
00822        CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00823     OD( x509AuthInfoAccess, SEC_OID_X509_AUTH_INFO_ACCESS, 
00824        "Authority Information Access",
00825         CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00826 
00827     /* x.509 v3 CRL extensions */
00828     OD( x509CRLNumber, SEC_OID_X509_CRL_NUMBER, 
00829        "CRL Number", CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00830     OD( x509ReasonCode, SEC_OID_X509_REASON_CODE, 
00831        "CRL reason code", CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00832     OD( x509InvalidDate, SEC_OID_X509_INVALID_DATE, 
00833        "Invalid Date", CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00834        
00835     OD( x500RSAEncryption, SEC_OID_X500_RSA_ENCRYPTION,
00836        "X500 RSA Encryption", CKM_RSA_X_509, INVALID_CERT_EXTENSION ),
00837 
00838     /* added for alg 1485 */
00839     OD( rfc1274Uid, SEC_OID_RFC1274_UID,
00840        "RFC1274 User Id", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00841     OD( rfc1274Mail, SEC_OID_RFC1274_MAIL,
00842        "RFC1274 E-mail Address", 
00843        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00844 
00845     /* pkcs 12 additions */
00846     OD( pkcs12, SEC_OID_PKCS12,
00847        "PKCS #12", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00848     OD( pkcs12ModeIDs, SEC_OID_PKCS12_MODE_IDS,
00849        "PKCS #12 Mode IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00850     OD( pkcs12ESPVKIDs, SEC_OID_PKCS12_ESPVK_IDS,
00851        "PKCS #12 ESPVK IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00852     OD( pkcs12BagIDs, SEC_OID_PKCS12_BAG_IDS,
00853        "PKCS #12 Bag IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00854     OD( pkcs12CertBagIDs, SEC_OID_PKCS12_CERT_BAG_IDS,
00855        "PKCS #12 Cert Bag IDs", 
00856        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00857     OD( pkcs12OIDs, SEC_OID_PKCS12_OIDS,
00858        "PKCS #12 OIDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00859     OD( pkcs12PBEIDs, SEC_OID_PKCS12_PBE_IDS,
00860        "PKCS #12 PBE IDs", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00861     OD( pkcs12SignatureIDs, SEC_OID_PKCS12_SIGNATURE_IDS,
00862        "PKCS #12 Signature IDs", 
00863        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00864     OD( pkcs12EnvelopingIDs, SEC_OID_PKCS12_ENVELOPING_IDS,
00865        "PKCS #12 Enveloping IDs", 
00866        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00867     OD( pkcs12PKCS8KeyShrouding, SEC_OID_PKCS12_PKCS8_KEY_SHROUDING,
00868        "PKCS #12 Key Shrouding", 
00869        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00870     OD( pkcs12KeyBagID, SEC_OID_PKCS12_KEY_BAG_ID,
00871        "PKCS #12 Key Bag ID", 
00872        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00873     OD( pkcs12CertAndCRLBagID, SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID,
00874        "PKCS #12 Cert And CRL Bag ID", 
00875        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00876     OD( pkcs12SecretBagID, SEC_OID_PKCS12_SECRET_BAG_ID,
00877        "PKCS #12 Secret Bag ID", 
00878        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00879     OD( pkcs12X509CertCRLBag, SEC_OID_PKCS12_X509_CERT_CRL_BAG,
00880        "PKCS #12 X509 Cert CRL Bag", 
00881        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00882     OD( pkcs12SDSICertBag, SEC_OID_PKCS12_SDSI_CERT_BAG,
00883        "PKCS #12 SDSI Cert Bag", 
00884        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00885     OD( pkcs12PBEWithSha1And128BitRC4,
00886        SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4,
00887        "PKCS #12 PBE With Sha1 and 128 Bit RC4", 
00888        CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4, INVALID_CERT_EXTENSION ),
00889     OD( pkcs12PBEWithSha1And40BitRC4,
00890        SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4,
00891        "PKCS #12 PBE With Sha1 and 40 Bit RC4", 
00892        CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4, INVALID_CERT_EXTENSION ),
00893     OD( pkcs12PBEWithSha1AndTripleDESCBC,
00894        SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC,
00895        "PKCS #12 PBE With Sha1 and Triple DES CBC", 
00896        CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC, INVALID_CERT_EXTENSION ),
00897     OD( pkcs12PBEWithSha1And128BitRC2CBC,
00898        SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC,
00899        "PKCS #12 PBE With Sha1 and 128 Bit RC2 CBC", 
00900        CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC, INVALID_CERT_EXTENSION ),
00901     OD( pkcs12PBEWithSha1And40BitRC2CBC,
00902        SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC,
00903        "PKCS #12 PBE With Sha1 and 40 Bit RC2 CBC", 
00904        CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC, INVALID_CERT_EXTENSION ),
00905     OD( pkcs12RSAEncryptionWith128BitRC4,
00906        SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_128_BIT_RC4,
00907        "PKCS #12 RSA Encryption with 128 Bit RC4",
00908        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00909     OD( pkcs12RSAEncryptionWith40BitRC4,
00910        SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_40_BIT_RC4,
00911        "PKCS #12 RSA Encryption with 40 Bit RC4",
00912        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00913     OD( pkcs12RSAEncryptionWithTripleDES,
00914        SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_TRIPLE_DES,
00915        "PKCS #12 RSA Encryption with Triple DES",
00916        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00917     OD( pkcs12RSASignatureWithSHA1Digest,
00918        SEC_OID_PKCS12_RSA_SIGNATURE_WITH_SHA1_DIGEST,
00919        "PKCS #12 RSA Encryption with Triple DES",
00920        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00921 
00922     /* DSA signatures */
00923     OD( ansix9DSASignature, SEC_OID_ANSIX9_DSA_SIGNATURE,
00924        "ANSI X9.57 DSA Signature", CKM_DSA, INVALID_CERT_EXTENSION ),
00925     OD( ansix9DSASignaturewithSHA1Digest,
00926         SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST,
00927        "ANSI X9.57 DSA Signature with SHA1 Digest", 
00928        CKM_DSA_SHA1, INVALID_CERT_EXTENSION ),
00929     OD( bogusDSASignaturewithSHA1Digest,
00930         SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST,
00931        "FORTEZZA DSA Signature with SHA1 Digest", 
00932        CKM_DSA_SHA1, INVALID_CERT_EXTENSION ),
00933 
00934     /* verisign oids */
00935     OD( verisignUserNotices, SEC_OID_VERISIGN_USER_NOTICES,
00936        "Verisign User Notices", 
00937        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00938 
00939     /* pkix oids */
00940     OD( pkixCPSPointerQualifier, SEC_OID_PKIX_CPS_POINTER_QUALIFIER,
00941        "PKIX CPS Pointer Qualifier", 
00942        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00943     OD( pkixUserNoticeQualifier, SEC_OID_PKIX_USER_NOTICE_QUALIFIER,
00944        "PKIX User Notice Qualifier", 
00945        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00946 
00947     OD( pkixOCSP, SEC_OID_PKIX_OCSP,
00948        "PKIX Online Certificate Status Protocol", 
00949        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00950     OD( pkixOCSPBasicResponse, SEC_OID_PKIX_OCSP_BASIC_RESPONSE,
00951        "OCSP Basic Response", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00952     OD( pkixOCSPNonce, SEC_OID_PKIX_OCSP_NONCE,
00953        "OCSP Nonce Extension", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00954     OD( pkixOCSPCRL, SEC_OID_PKIX_OCSP_CRL,
00955        "OCSP CRL Reference Extension", 
00956        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00957     OD( pkixOCSPResponse, SEC_OID_PKIX_OCSP_RESPONSE,
00958        "OCSP Response Types Extension", 
00959        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00960     OD( pkixOCSPNoCheck, SEC_OID_PKIX_OCSP_NO_CHECK,
00961        "OCSP No Check Extension", 
00962        CKM_INVALID_MECHANISM, SUPPORTED_CERT_EXTENSION ),
00963     OD( pkixOCSPArchiveCutoff, SEC_OID_PKIX_OCSP_ARCHIVE_CUTOFF,
00964        "OCSP Archive Cutoff Extension", 
00965        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00966     OD( pkixOCSPServiceLocator, SEC_OID_PKIX_OCSP_SERVICE_LOCATOR,
00967        "OCSP Service Locator Extension", 
00968        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00969 
00970     OD( pkixRegCtrlRegToken, SEC_OID_PKIX_REGCTRL_REGTOKEN,
00971         "PKIX CRMF Registration Control, Registration Token", 
00972         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00973     OD( pkixRegCtrlAuthenticator, SEC_OID_PKIX_REGCTRL_AUTHENTICATOR,
00974         "PKIX CRMF Registration Control, Registration Authenticator", 
00975         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
00976     OD( pkixRegCtrlPKIPubInfo, SEC_OID_PKIX_REGCTRL_PKIPUBINFO,
00977         "PKIX CRMF Registration Control, PKI Publication Info", 
00978         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
00979     OD( pkixRegCtrlPKIArchOptions,
00980         SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS,
00981         "PKIX CRMF Registration Control, PKI Archive Options", 
00982         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
00983     OD( pkixRegCtrlOldCertID, SEC_OID_PKIX_REGCTRL_OLD_CERT_ID,
00984         "PKIX CRMF Registration Control, Old Certificate ID", 
00985         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
00986     OD( pkixRegCtrlProtEncKey, SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY,
00987         "PKIX CRMF Registration Control, Protocol Encryption Key", 
00988         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
00989     OD( pkixRegInfoUTF8Pairs, SEC_OID_PKIX_REGINFO_UTF8_PAIRS,
00990         "PKIX CRMF Registration Info, UTF8 Pairs", 
00991         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
00992     OD( pkixRegInfoCertReq, SEC_OID_PKIX_REGINFO_CERT_REQUEST,
00993         "PKIX CRMF Registration Info, Certificate Request", 
00994         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
00995     OD( pkixExtendedKeyUsageServerAuth,
00996         SEC_OID_EXT_KEY_USAGE_SERVER_AUTH,
00997         "TLS Web Server Authentication Certificate",
00998         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
00999     OD( pkixExtendedKeyUsageClientAuth,
01000         SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH,
01001         "TLS Web Client Authentication Certificate",
01002         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
01003     OD( pkixExtendedKeyUsageCodeSign, SEC_OID_EXT_KEY_USAGE_CODE_SIGN,
01004         "Code Signing Certificate",
01005         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
01006     OD( pkixExtendedKeyUsageEMailProtect,
01007         SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT,
01008         "E-Mail Protection Certificate",
01009         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
01010     OD( pkixExtendedKeyUsageTimeStamp,
01011         SEC_OID_EXT_KEY_USAGE_TIME_STAMP,
01012         "Time Stamping Certifcate",
01013         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
01014     OD( pkixOCSPResponderExtendedKeyUsage, SEC_OID_OCSP_RESPONDER,
01015           "OCSP Responder Certificate",
01016           CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION),
01017 
01018     /* Netscape Algorithm OIDs */
01019 
01020     OD( netscapeSMimeKEA, SEC_OID_NETSCAPE_SMIME_KEA,
01021        "Netscape S/MIME KEA", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01022 
01023       /* Skipjack OID -- ### mwelch temporary */
01024     OD( skipjackCBC, SEC_OID_FORTEZZA_SKIPJACK,
01025        "Skipjack CBC64", CKM_SKIPJACK_CBC64, INVALID_CERT_EXTENSION ),
01026 
01027     /* pkcs12 v2 oids */
01028     OD( pkcs12V2PBEWithSha1And128BitRC4,
01029         SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4,
01030        "PKCS12 V2 PBE With SHA1 And 128 Bit RC4", 
01031        CKM_PBE_SHA1_RC4_128, INVALID_CERT_EXTENSION ),
01032     OD( pkcs12V2PBEWithSha1And40BitRC4,
01033         SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4,
01034        "PKCS12 V2 PBE With SHA1 And 40 Bit RC4", 
01035        CKM_PBE_SHA1_RC4_40, INVALID_CERT_EXTENSION ),
01036     OD( pkcs12V2PBEWithSha1And3KeyTripleDEScbc,
01037         SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC,
01038        "PKCS12 V2 PBE With SHA1 And 3KEY Triple DES-cbc", 
01039        CKM_PBE_SHA1_DES3_EDE_CBC, INVALID_CERT_EXTENSION ),
01040     OD( pkcs12V2PBEWithSha1And2KeyTripleDEScbc,
01041         SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC,
01042        "PKCS12 V2 PBE With SHA1 And 2KEY Triple DES-cbc", 
01043        CKM_PBE_SHA1_DES2_EDE_CBC, INVALID_CERT_EXTENSION ),
01044     OD( pkcs12V2PBEWithSha1And128BitRC2cbc,
01045         SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC,
01046        "PKCS12 V2 PBE With SHA1 And 128 Bit RC2 CBC", 
01047        CKM_PBE_SHA1_RC2_128_CBC, INVALID_CERT_EXTENSION ),
01048     OD( pkcs12V2PBEWithSha1And40BitRC2cbc,
01049         SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC,
01050        "PKCS12 V2 PBE With SHA1 And 40 Bit RC2 CBC", 
01051        CKM_PBE_SHA1_RC2_40_CBC, INVALID_CERT_EXTENSION ),
01052     OD( pkcs12SafeContentsID, SEC_OID_PKCS12_SAFE_CONTENTS_ID,
01053        "PKCS #12 Safe Contents ID", 
01054        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01055     OD( pkcs12PKCS8ShroudedKeyBagID,
01056        SEC_OID_PKCS12_PKCS8_SHROUDED_KEY_BAG_ID,
01057        "PKCS #12 Safe Contents ID", 
01058        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01059     OD( pkcs12V1KeyBag, SEC_OID_PKCS12_V1_KEY_BAG_ID,
01060        "PKCS #12 V1 Key Bag", 
01061        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01062     OD( pkcs12V1PKCS8ShroudedKeyBag,
01063        SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID,
01064        "PKCS #12 V1 PKCS8 Shrouded Key Bag", 
01065        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01066     OD( pkcs12V1CertBag, SEC_OID_PKCS12_V1_CERT_BAG_ID,
01067        "PKCS #12 V1 Cert Bag", 
01068        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01069     OD( pkcs12V1CRLBag, SEC_OID_PKCS12_V1_CRL_BAG_ID,
01070        "PKCS #12 V1 CRL Bag", 
01071        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01072     OD( pkcs12V1SecretBag, SEC_OID_PKCS12_V1_SECRET_BAG_ID,
01073        "PKCS #12 V1 Secret Bag", 
01074        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01075     OD( pkcs12V1SafeContentsBag, SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID,
01076        "PKCS #12 V1 Safe Contents Bag", 
01077        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01078 
01079     OD( pkcs9X509Certificate, SEC_OID_PKCS9_X509_CERT,
01080        "PKCS #9 X509 Certificate", 
01081        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01082     OD( pkcs9SDSICertificate, SEC_OID_PKCS9_SDSI_CERT,
01083        "PKCS #9 SDSI Certificate", 
01084        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01085     OD( pkcs9X509CRL, SEC_OID_PKCS9_X509_CRL,
01086        "PKCS #9 X509 CRL", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01087     OD( pkcs9FriendlyName, SEC_OID_PKCS9_FRIENDLY_NAME,
01088        "PKCS #9 Friendly Name", 
01089        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01090     OD( pkcs9LocalKeyID, SEC_OID_PKCS9_LOCAL_KEY_ID,
01091        "PKCS #9 Local Key ID", 
01092        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), 
01093     OD( pkcs12KeyUsageAttr, SEC_OID_BOGUS_KEY_USAGE,
01094        "Bogus Key Usage", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01095     OD( dhPublicKey, SEC_OID_X942_DIFFIE_HELMAN_KEY,
01096        "Diffie-Helman Public Key", CKM_DH_PKCS_DERIVE,
01097        INVALID_CERT_EXTENSION ),
01098     OD( netscapeNickname, SEC_OID_NETSCAPE_NICKNAME,
01099        "Netscape Nickname", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01100 
01101     /* Cert Server specific OIDs */
01102     OD( netscapeRecoveryRequest, SEC_OID_NETSCAPE_RECOVERY_REQUEST,
01103         "Recovery Request OID", 
01104        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01105 
01106     OD( nsExtAIACertRenewal, SEC_OID_CERT_RENEWAL_LOCATOR,
01107         "Certificate Renewal Locator OID", CKM_INVALID_MECHANISM,
01108         INVALID_CERT_EXTENSION ), 
01109 
01110     OD( nsExtCertScopeOfUse, SEC_OID_NS_CERT_EXT_SCOPE_OF_USE,
01111         "Certificate Scope-of-Use Extension", CKM_INVALID_MECHANISM,
01112         SUPPORTED_CERT_EXTENSION ),
01113 
01114     /* CMS stuff */
01115     OD( cmsESDH, SEC_OID_CMS_EPHEMERAL_STATIC_DIFFIE_HELLMAN,
01116         "Ephemeral-Static Diffie-Hellman", CKM_INVALID_MECHANISM /* XXX */,
01117         INVALID_CERT_EXTENSION ),
01118     OD( cms3DESwrap, SEC_OID_CMS_3DES_KEY_WRAP,
01119         "CMS 3DES Key Wrap", CKM_INVALID_MECHANISM /* XXX */,
01120         INVALID_CERT_EXTENSION ),
01121     OD( cmsRC2wrap, SEC_OID_CMS_RC2_KEY_WRAP,
01122         "CMS RC2 Key Wrap", CKM_INVALID_MECHANISM /* XXX */,
01123         INVALID_CERT_EXTENSION ),
01124     OD( smimeEncryptionKeyPreference, SEC_OID_SMIME_ENCRYPTION_KEY_PREFERENCE,
01125        "S/MIME Encryption Key Preference", 
01126        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01127 
01128     /* AES algorithm OIDs */
01129     OD( aes128_ECB, SEC_OID_AES_128_ECB,
01130        "AES-128-ECB", CKM_AES_ECB, INVALID_CERT_EXTENSION ),
01131     OD( aes128_CBC, SEC_OID_AES_128_CBC,
01132        "AES-128-CBC", CKM_AES_CBC, INVALID_CERT_EXTENSION ),
01133     OD( aes192_ECB, SEC_OID_AES_192_ECB,
01134        "AES-192-ECB", CKM_AES_ECB, INVALID_CERT_EXTENSION ),
01135     OD( aes192_CBC, SEC_OID_AES_192_CBC,
01136        "AES-192-CBC", CKM_AES_CBC, INVALID_CERT_EXTENSION ),
01137     OD( aes256_ECB, SEC_OID_AES_256_ECB,
01138        "AES-256-ECB", CKM_AES_ECB, INVALID_CERT_EXTENSION ),
01139     OD( aes256_CBC, SEC_OID_AES_256_CBC,
01140        "AES-256-CBC", CKM_AES_CBC, INVALID_CERT_EXTENSION ),
01141 
01142     /* More bogus DSA OIDs */
01143     OD( sdn702DSASignature, SEC_OID_SDN702_DSA_SIGNATURE, 
01144        "SDN.702 DSA Signature", CKM_DSA_SHA1, INVALID_CERT_EXTENSION ),
01145 
01146     OD( ms_smimeEncryptionKeyPreference, 
01147         SEC_OID_MS_SMIME_ENCRYPTION_KEY_PREFERENCE,
01148        "Microsoft S/MIME Encryption Key Preference", 
01149        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01150 
01151     OD( sha256, SEC_OID_SHA256, "SHA-256", CKM_SHA256, INVALID_CERT_EXTENSION),
01152     OD( sha384, SEC_OID_SHA384, "SHA-384", CKM_SHA384, INVALID_CERT_EXTENSION),
01153     OD( sha512, SEC_OID_SHA512, "SHA-512", CKM_SHA512, INVALID_CERT_EXTENSION),
01154 
01155     OD( pkcs1SHA256WithRSAEncryption, SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION,
01156        "PKCS #1 SHA-256 With RSA Encryption", CKM_SHA256_RSA_PKCS,
01157        INVALID_CERT_EXTENSION ),
01158     OD( pkcs1SHA384WithRSAEncryption, SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION,
01159        "PKCS #1 SHA-384 With RSA Encryption", CKM_SHA384_RSA_PKCS,
01160        INVALID_CERT_EXTENSION ),
01161     OD( pkcs1SHA512WithRSAEncryption, SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION,
01162        "PKCS #1 SHA-512 With RSA Encryption", CKM_SHA512_RSA_PKCS,
01163        INVALID_CERT_EXTENSION ),
01164 
01165     OD( aes128_KEY_WRAP, SEC_OID_AES_128_KEY_WRAP,
01166        "AES-128 Key Wrap", CKM_NETSCAPE_AES_KEY_WRAP, INVALID_CERT_EXTENSION),
01167     OD( aes192_KEY_WRAP, SEC_OID_AES_192_KEY_WRAP,
01168        "AES-192 Key Wrap", CKM_NETSCAPE_AES_KEY_WRAP, INVALID_CERT_EXTENSION),
01169     OD( aes256_KEY_WRAP, SEC_OID_AES_256_KEY_WRAP,
01170        "AES-256 Key Wrap", CKM_NETSCAPE_AES_KEY_WRAP, INVALID_CERT_EXTENSION),
01171 
01172     /* Elliptic Curve Cryptography (ECC) OIDs */
01173     OD( ansix962ECPublicKey, SEC_OID_ANSIX962_EC_PUBLIC_KEY,
01174        "X9.62 elliptic curve public key", CKM_ECDH1_DERIVE,
01175        INVALID_CERT_EXTENSION ),
01176     OD( ansix962SignaturewithSHA1Digest, 
01177        SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE,
01178        "X9.62 ECDSA signature with SHA1", CKM_ECDSA_SHA1,
01179        INVALID_CERT_EXTENSION ),
01180 
01181     /* Named curves */
01182 
01183     /* ANSI X9.62 named elliptic curves (prime field) */
01184     OD( ansiX962prime192v1, SEC_OID_ANSIX962_EC_PRIME192V1,
01185        "ANSI X9.62 elliptic curve prime192v1 (aka secp192r1, NIST P-192)", 
01186        CKM_INVALID_MECHANISM,
01187        INVALID_CERT_EXTENSION ),
01188     OD( ansiX962prime192v2, SEC_OID_ANSIX962_EC_PRIME192V2,
01189        "ANSI X9.62 elliptic curve prime192v2", 
01190        CKM_INVALID_MECHANISM,
01191        INVALID_CERT_EXTENSION ),
01192     OD( ansiX962prime192v3, SEC_OID_ANSIX962_EC_PRIME192V3,
01193        "ANSI X9.62 elliptic curve prime192v3", 
01194        CKM_INVALID_MECHANISM,
01195        INVALID_CERT_EXTENSION ),
01196     OD( ansiX962prime239v1, SEC_OID_ANSIX962_EC_PRIME239V1,
01197        "ANSI X9.62 elliptic curve prime239v1", 
01198        CKM_INVALID_MECHANISM,
01199        INVALID_CERT_EXTENSION ),
01200     OD( ansiX962prime239v2, SEC_OID_ANSIX962_EC_PRIME239V2,
01201        "ANSI X9.62 elliptic curve prime239v2", 
01202        CKM_INVALID_MECHANISM,
01203        INVALID_CERT_EXTENSION ),
01204     OD( ansiX962prime239v3, SEC_OID_ANSIX962_EC_PRIME239V3,
01205        "ANSI X9.62 elliptic curve prime239v3", 
01206        CKM_INVALID_MECHANISM,
01207        INVALID_CERT_EXTENSION ),
01208     OD( ansiX962prime256v1, SEC_OID_ANSIX962_EC_PRIME256V1,
01209        "ANSI X9.62 elliptic curve prime256v1 (aka secp256r1, NIST P-256)", 
01210        CKM_INVALID_MECHANISM,
01211        INVALID_CERT_EXTENSION ),
01212 
01213     /* SECG named elliptic curves (prime field) */
01214     OD( secgECsecp112r1, SEC_OID_SECG_EC_SECP112R1,
01215        "SECG elliptic curve secp112r1", 
01216        CKM_INVALID_MECHANISM,
01217        INVALID_CERT_EXTENSION ),
01218     OD( secgECsecp112r2, SEC_OID_SECG_EC_SECP112R2,
01219        "SECG elliptic curve secp112r2", 
01220        CKM_INVALID_MECHANISM,
01221        INVALID_CERT_EXTENSION ),
01222     OD( secgECsecp128r1, SEC_OID_SECG_EC_SECP128R1,
01223        "SECG elliptic curve secp128r1", 
01224        CKM_INVALID_MECHANISM,
01225        INVALID_CERT_EXTENSION ),
01226     OD( secgECsecp128r2, SEC_OID_SECG_EC_SECP128R2,
01227        "SECG elliptic curve secp128r2", 
01228        CKM_INVALID_MECHANISM,
01229        INVALID_CERT_EXTENSION ),
01230     OD( secgECsecp160k1, SEC_OID_SECG_EC_SECP160K1,
01231        "SECG elliptic curve secp160k1", 
01232        CKM_INVALID_MECHANISM,
01233        INVALID_CERT_EXTENSION ),
01234     OD( secgECsecp160r1, SEC_OID_SECG_EC_SECP160R1,
01235        "SECG elliptic curve secp160r1", 
01236        CKM_INVALID_MECHANISM,
01237        INVALID_CERT_EXTENSION ),
01238     OD( secgECsecp160r2, SEC_OID_SECG_EC_SECP160R2,
01239        "SECG elliptic curve secp160r2", 
01240        CKM_INVALID_MECHANISM,
01241        INVALID_CERT_EXTENSION ),
01242     OD( secgECsecp192k1, SEC_OID_SECG_EC_SECP192K1,
01243        "SECG elliptic curve secp192k1", 
01244        CKM_INVALID_MECHANISM,
01245        INVALID_CERT_EXTENSION ),
01246     OD( secgECsecp224k1, SEC_OID_SECG_EC_SECP224K1,
01247        "SECG elliptic curve secp224k1", 
01248        CKM_INVALID_MECHANISM,
01249        INVALID_CERT_EXTENSION ),
01250     OD( secgECsecp224r1, SEC_OID_SECG_EC_SECP224R1,
01251        "SECG elliptic curve secp224r1 (aka NIST P-224)", 
01252        CKM_INVALID_MECHANISM,
01253        INVALID_CERT_EXTENSION ),
01254     OD( secgECsecp256k1, SEC_OID_SECG_EC_SECP256K1,
01255        "SECG elliptic curve secp256k1", 
01256        CKM_INVALID_MECHANISM,
01257        INVALID_CERT_EXTENSION ),
01258     OD( secgECsecp384r1, SEC_OID_SECG_EC_SECP384R1,
01259        "SECG elliptic curve secp384r1 (aka NIST P-384)", 
01260        CKM_INVALID_MECHANISM,
01261        INVALID_CERT_EXTENSION ),
01262     OD( secgECsecp521r1, SEC_OID_SECG_EC_SECP521R1,
01263        "SECG elliptic curve secp521r1 (aka NIST P-521)", 
01264        CKM_INVALID_MECHANISM,
01265        INVALID_CERT_EXTENSION ),
01266 
01267     /* ANSI X9.62 named elliptic curves (characteristic two field) */
01268     OD( ansiX962c2pnb163v1, SEC_OID_ANSIX962_EC_C2PNB163V1,
01269        "ANSI X9.62 elliptic curve c2pnb163v1", 
01270        CKM_INVALID_MECHANISM,
01271        INVALID_CERT_EXTENSION ),
01272     OD( ansiX962c2pnb163v2, SEC_OID_ANSIX962_EC_C2PNB163V2,
01273        "ANSI X9.62 elliptic curve c2pnb163v2", 
01274        CKM_INVALID_MECHANISM,
01275        INVALID_CERT_EXTENSION ),
01276     OD( ansiX962c2pnb163v3, SEC_OID_ANSIX962_EC_C2PNB163V3,
01277        "ANSI X9.62 elliptic curve c2pnb163v3", 
01278        CKM_INVALID_MECHANISM,
01279        INVALID_CERT_EXTENSION ),
01280     OD( ansiX962c2pnb176v1, SEC_OID_ANSIX962_EC_C2PNB176V1,
01281        "ANSI X9.62 elliptic curve c2pnb176v1", 
01282        CKM_INVALID_MECHANISM,
01283        INVALID_CERT_EXTENSION ),
01284     OD( ansiX962c2tnb191v1, SEC_OID_ANSIX962_EC_C2TNB191V1,
01285        "ANSI X9.62 elliptic curve c2tnb191v1", 
01286        CKM_INVALID_MECHANISM,
01287        INVALID_CERT_EXTENSION ),
01288     OD( ansiX962c2tnb191v2, SEC_OID_ANSIX962_EC_C2TNB191V2,
01289        "ANSI X9.62 elliptic curve c2tnb191v2", 
01290        CKM_INVALID_MECHANISM,
01291        INVALID_CERT_EXTENSION ),
01292     OD( ansiX962c2tnb191v3, SEC_OID_ANSIX962_EC_C2TNB191V3,
01293        "ANSI X9.62 elliptic curve c2tnb191v3", 
01294        CKM_INVALID_MECHANISM,
01295        INVALID_CERT_EXTENSION ),
01296     OD( ansiX962c2onb191v4, SEC_OID_ANSIX962_EC_C2ONB191V4,
01297        "ANSI X9.62 elliptic curve c2onb191v4", 
01298        CKM_INVALID_MECHANISM,
01299        INVALID_CERT_EXTENSION ),
01300     OD( ansiX962c2onb191v5, SEC_OID_ANSIX962_EC_C2ONB191V5,
01301        "ANSI X9.62 elliptic curve c2onb191v5", 
01302        CKM_INVALID_MECHANISM,
01303        INVALID_CERT_EXTENSION ),
01304     OD( ansiX962c2pnb208w1, SEC_OID_ANSIX962_EC_C2PNB208W1,
01305        "ANSI X9.62 elliptic curve c2pnb208w1", 
01306        CKM_INVALID_MECHANISM,
01307        INVALID_CERT_EXTENSION ),
01308     OD( ansiX962c2tnb239v1, SEC_OID_ANSIX962_EC_C2TNB239V1,
01309        "ANSI X9.62 elliptic curve c2tnb239v1", 
01310        CKM_INVALID_MECHANISM,
01311        INVALID_CERT_EXTENSION ),
01312     OD( ansiX962c2tnb239v2, SEC_OID_ANSIX962_EC_C2TNB239V2,
01313        "ANSI X9.62 elliptic curve c2tnb239v2", 
01314        CKM_INVALID_MECHANISM,
01315        INVALID_CERT_EXTENSION ),
01316     OD( ansiX962c2tnb239v3, SEC_OID_ANSIX962_EC_C2TNB239V3,
01317        "ANSI X9.62 elliptic curve c2tnb239v3", 
01318        CKM_INVALID_MECHANISM,
01319        INVALID_CERT_EXTENSION ),
01320     OD( ansiX962c2onb239v4, SEC_OID_ANSIX962_EC_C2ONB239V4,
01321        "ANSI X9.62 elliptic curve c2onb239v4", 
01322        CKM_INVALID_MECHANISM,
01323        INVALID_CERT_EXTENSION ),
01324     OD( ansiX962c2onb239v5, SEC_OID_ANSIX962_EC_C2ONB239V5,
01325        "ANSI X9.62 elliptic curve c2onb239v5", 
01326        CKM_INVALID_MECHANISM,
01327        INVALID_CERT_EXTENSION ),
01328     OD( ansiX962c2pnb272w1, SEC_OID_ANSIX962_EC_C2PNB272W1,
01329        "ANSI X9.62 elliptic curve c2pnb272w1", 
01330        CKM_INVALID_MECHANISM,
01331        INVALID_CERT_EXTENSION ),
01332     OD( ansiX962c2pnb304w1, SEC_OID_ANSIX962_EC_C2PNB304W1,
01333        "ANSI X9.62 elliptic curve c2pnb304w1", 
01334        CKM_INVALID_MECHANISM,
01335        INVALID_CERT_EXTENSION ),
01336     OD( ansiX962c2tnb359v1, SEC_OID_ANSIX962_EC_C2TNB359V1,
01337        "ANSI X9.62 elliptic curve c2tnb359v1", 
01338        CKM_INVALID_MECHANISM,
01339        INVALID_CERT_EXTENSION ),
01340     OD( ansiX962c2pnb368w1, SEC_OID_ANSIX962_EC_C2PNB368W1,
01341        "ANSI X9.62 elliptic curve c2pnb368w1", 
01342        CKM_INVALID_MECHANISM,
01343        INVALID_CERT_EXTENSION ),
01344     OD( ansiX962c2tnb431r1, SEC_OID_ANSIX962_EC_C2TNB431R1,
01345        "ANSI X9.62 elliptic curve c2tnb431r1", 
01346        CKM_INVALID_MECHANISM,
01347        INVALID_CERT_EXTENSION ),
01348 
01349     /* SECG named elliptic curves (characterisitic two field) */
01350     OD( secgECsect113r1, SEC_OID_SECG_EC_SECT113R1,
01351        "SECG elliptic curve sect113r1", 
01352        CKM_INVALID_MECHANISM,
01353        INVALID_CERT_EXTENSION ),
01354     OD( secgECsect113r2, SEC_OID_SECG_EC_SECT113R2,
01355        "SECG elliptic curve sect113r2", 
01356        CKM_INVALID_MECHANISM,
01357        INVALID_CERT_EXTENSION ),
01358     OD( secgECsect131r1, SEC_OID_SECG_EC_SECT131R1,
01359        "SECG elliptic curve sect131r1", 
01360        CKM_INVALID_MECHANISM,
01361        INVALID_CERT_EXTENSION ),
01362     OD( secgECsect131r2, SEC_OID_SECG_EC_SECT131R2,
01363        "SECG elliptic curve sect131r2", 
01364        CKM_INVALID_MECHANISM,
01365        INVALID_CERT_EXTENSION ),
01366     OD( secgECsect163k1, SEC_OID_SECG_EC_SECT163K1,
01367        "SECG elliptic curve sect163k1 (aka NIST K-163)", 
01368        CKM_INVALID_MECHANISM,
01369        INVALID_CERT_EXTENSION ),
01370     OD( secgECsect163r1, SEC_OID_SECG_EC_SECT163R1,
01371        "SECG elliptic curve sect163r1", 
01372        CKM_INVALID_MECHANISM,
01373        INVALID_CERT_EXTENSION ),
01374     OD( secgECsect163r2, SEC_OID_SECG_EC_SECT163R2,
01375        "SECG elliptic curve sect163r2 (aka NIST B-163)", 
01376        CKM_INVALID_MECHANISM,
01377        INVALID_CERT_EXTENSION ),
01378     OD( secgECsect193r1, SEC_OID_SECG_EC_SECT193R1,
01379        "SECG elliptic curve sect193r1", 
01380        CKM_INVALID_MECHANISM,
01381        INVALID_CERT_EXTENSION ),
01382     OD( secgECsect193r2, SEC_OID_SECG_EC_SECT193R2,
01383        "SECG elliptic curve sect193r2", 
01384        CKM_INVALID_MECHANISM,
01385        INVALID_CERT_EXTENSION ),
01386     OD( secgECsect233k1, SEC_OID_SECG_EC_SECT233K1,
01387        "SECG elliptic curve sect233k1 (aka NIST K-233)", 
01388        CKM_INVALID_MECHANISM,
01389        INVALID_CERT_EXTENSION ),
01390     OD( secgECsect233r1, SEC_OID_SECG_EC_SECT233R1,
01391        "SECG elliptic curve sect233r1 (aka NIST B-233)", 
01392        CKM_INVALID_MECHANISM,
01393        INVALID_CERT_EXTENSION ),
01394     OD( secgECsect239k1, SEC_OID_SECG_EC_SECT239K1,
01395        "SECG elliptic curve sect239k1", 
01396        CKM_INVALID_MECHANISM,
01397        INVALID_CERT_EXTENSION ),
01398     OD( secgECsect283k1, SEC_OID_SECG_EC_SECT283K1,
01399        "SECG elliptic curve sect283k1 (aka NIST K-283)", 
01400        CKM_INVALID_MECHANISM,
01401        INVALID_CERT_EXTENSION ),
01402     OD( secgECsect283r1, SEC_OID_SECG_EC_SECT283R1,
01403        "SECG elliptic curve sect283r1 (aka NIST B-283)", 
01404        CKM_INVALID_MECHANISM,
01405        INVALID_CERT_EXTENSION ),
01406     OD( secgECsect409k1, SEC_OID_SECG_EC_SECT409K1,
01407        "SECG elliptic curve sect409k1 (aka NIST K-409)", 
01408        CKM_INVALID_MECHANISM,
01409        INVALID_CERT_EXTENSION ),
01410     OD( secgECsect409r1, SEC_OID_SECG_EC_SECT409R1,
01411        "SECG elliptic curve sect409r1 (aka NIST B-409)", 
01412        CKM_INVALID_MECHANISM,
01413        INVALID_CERT_EXTENSION ),
01414     OD( secgECsect571k1, SEC_OID_SECG_EC_SECT571K1,
01415        "SECG elliptic curve sect571k1 (aka NIST K-571)", 
01416        CKM_INVALID_MECHANISM,
01417        INVALID_CERT_EXTENSION ),
01418     OD( secgECsect571r1, SEC_OID_SECG_EC_SECT571R1,
01419        "SECG elliptic curve sect571r1 (aka NIST B-571)", 
01420        CKM_INVALID_MECHANISM,
01421        INVALID_CERT_EXTENSION ),
01422 
01423     OD( netscapeAOLScreenname, SEC_OID_NETSCAPE_AOLSCREENNAME,
01424        "AOL Screenname", CKM_INVALID_MECHANISM,
01425        INVALID_CERT_EXTENSION ),
01426 
01427     OD( x520SurName, SEC_OID_AVA_SURNAME,
01428        "X520 Title",         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01429     OD( x520SerialNumber, SEC_OID_AVA_SERIAL_NUMBER,
01430         "X520 Serial Number", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01431     OD( x520StreetAddress, SEC_OID_AVA_STREET_ADDRESS,
01432         "X520 Street Address", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01433     OD( x520Title, SEC_OID_AVA_TITLE, 
01434        "X520 Title",         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01435     OD( x520PostalAddress, SEC_OID_AVA_POSTAL_ADDRESS,
01436        "X520 Postal Address", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01437     OD( x520PostalCode, SEC_OID_AVA_POSTAL_CODE,
01438        "X520 Postal Code",   CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01439     OD( x520PostOfficeBox, SEC_OID_AVA_POST_OFFICE_BOX,
01440        "X520 Post Office Box", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01441     OD( x520GivenName, SEC_OID_AVA_GIVEN_NAME,
01442        "X520 Given Name",    CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01443     OD( x520Initials, SEC_OID_AVA_INITIALS,
01444        "X520 Initials",      CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01445     OD( x520GenerationQualifier, SEC_OID_AVA_GENERATION_QUALIFIER,
01446        "X520 Generation Qualifier", 
01447        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01448     OD( x520HouseIdentifier, SEC_OID_AVA_HOUSE_IDENTIFIER,
01449        "X520 House Identifier", 
01450        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01451     OD( x520Pseudonym, SEC_OID_AVA_PSEUDONYM,
01452        "X520 Pseudonym",     CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01453 
01454     /* More OIDs */
01455     OD( pkixCAIssuers, SEC_OID_PKIX_CA_ISSUERS,
01456         "PKIX CA issuers access method", 
01457         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01458     OD( pkcs9ExtensionRequest, SEC_OID_PKCS9_EXTENSION_REQUEST,
01459        "PKCS #9 Extension Request",
01460         CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
01461 
01462     /* more ECC Signature Oids */
01463     OD( ansix962SignatureRecommended,
01464        SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST,
01465        "X9.62 ECDSA signature with recommended digest", CKM_INVALID_MECHANISM,
01466        INVALID_CERT_EXTENSION ),
01467     OD( ansix962SignatureSpecified,
01468        SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST,
01469        "X9.62 ECDSA signature with specified digest", CKM_ECDSA,
01470        INVALID_CERT_EXTENSION ),
01471     OD( ansix962SignaturewithSHA224Digest,
01472        SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE,
01473        "X9.62 ECDSA signature with SHA224", CKM_INVALID_MECHANISM,
01474        INVALID_CERT_EXTENSION ),
01475     OD( ansix962SignaturewithSHA256Digest,
01476        SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE,
01477        "X9.62 ECDSA signature with SHA256", CKM_INVALID_MECHANISM,
01478        INVALID_CERT_EXTENSION ),
01479     OD( ansix962SignaturewithSHA384Digest,
01480        SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE,
01481        "X9.62 ECDSA signature with SHA384", CKM_INVALID_MECHANISM,
01482        INVALID_CERT_EXTENSION ),
01483     OD( ansix962SignaturewithSHA512Digest,
01484        SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE,
01485        "X9.62 ECDSA signature with SHA512", CKM_INVALID_MECHANISM,
01486        INVALID_CERT_EXTENSION ),
01487 
01488     /* More id-ce and id-pe OIDs from RFC 3280 */
01489     OD( x509HoldInstructionCode,      SEC_OID_X509_HOLD_INSTRUCTION_CODE,
01490         "CRL Hold Instruction Code",  CKM_INVALID_MECHANISM,
01491        UNSUPPORTED_CERT_EXTENSION ),
01492     OD( x509DeltaCRLIndicator,        SEC_OID_X509_DELTA_CRL_INDICATOR,
01493         "Delta CRL Indicator",        CKM_INVALID_MECHANISM,
01494        FAKE_SUPPORTED_CERT_EXTENSION ),
01495     OD( x509IssuingDistributionPoint, SEC_OID_X509_ISSUING_DISTRIBUTION_POINT,
01496         "Issuing Distribution Point", CKM_INVALID_MECHANISM,
01497        FAKE_SUPPORTED_CERT_EXTENSION ),
01498     OD( x509CertIssuer,               SEC_OID_X509_CERT_ISSUER,
01499         "Certificate Issuer Extension",CKM_INVALID_MECHANISM,
01500        FAKE_SUPPORTED_CERT_EXTENSION ),
01501     OD( x509FreshestCRL,              SEC_OID_X509_FRESHEST_CRL,
01502         "Freshest CRL",               CKM_INVALID_MECHANISM,
01503        UNSUPPORTED_CERT_EXTENSION ),
01504     OD( x509InhibitAnyPolicy,         SEC_OID_X509_INHIBIT_ANY_POLICY,
01505         "Inhibit Any Policy",         CKM_INVALID_MECHANISM,
01506        FAKE_SUPPORTED_CERT_EXTENSION ),
01507     OD( x509SubjectInfoAccess,        SEC_OID_X509_SUBJECT_INFO_ACCESS,
01508         "Subject Info Access",        CKM_INVALID_MECHANISM,
01509        UNSUPPORTED_CERT_EXTENSION ),
01510 
01511 };
01512 
01513 /*
01514  * now the dynamic table. The dynamic table gets build at init time.
01515  * and conceivably gets modified if the user loads new crypto modules.
01516  * All this static data, and the allocated data to which it points,
01517  * is protected by a global reader/writer lock.  
01518  * The c language guarantees that global and static data that is not 
01519  * explicitly initialized will be initialized with zeros.  If we 
01520  * initialize it with zeros, the data goes into the initialized data
01521  * secment, and increases the size of the library.  By leaving it 
01522  * uninitialized, it is allocated in BSS, and does NOT increase the 
01523  * library size. 
01524  */
01525 static NSSRWLock   * dynOidLock;
01526 static PLArenaPool * dynOidPool;
01527 static PLHashTable * dynOidHash;
01528 static SECOidData ** dynOidTable;  /* not in the pool */
01529 static int           dynOidEntriesAllocated;
01530 static int           dynOidEntriesUsed;
01531 
01532 /* Creates NSSRWLock and dynOidPool, if they don't exist.
01533 ** This function MIGHT create the lock, but not the pool, so
01534 ** code should test for dynOidPool, not dynOidLock, when deciding
01535 ** whether or not to call this function.
01536 */
01537 static SECStatus
01538 secoid_InitDynOidData(void)
01539 {
01540     SECStatus   rv = SECSuccess;
01541     NSSRWLock * lock;
01542 
01543     /* This function will create the lock if it doesn't exist,
01544     ** and will return the address of the lock, whether it was 
01545     ** previously created, or was created by the function.
01546     */
01547     lock = nssRWLock_AtomicCreate(&dynOidLock, 1, "dynamic OID data");
01548     if (!lock) {
01549        return SECFailure; /* Error code should already be set. */
01550     }
01551     PORT_Assert(lock == dynOidLock);
01552     NSSRWLock_LockWrite(lock);
01553     if (!dynOidPool) {
01554        dynOidPool = PORT_NewArena(2048);
01555        if (!dynOidPool) {
01556            rv = SECFailure /* Error code should already be set. */;
01557        }
01558     }
01559     NSSRWLock_UnlockWrite(lock);
01560     return rv;
01561 }
01562 
01563 /* Add oidData to hash table.  Caller holds write lock dynOidLock. */
01564 static SECStatus
01565 secoid_HashDynamicOiddata(const SECOidData * oid)
01566 {
01567     PLHashEntry *entry;
01568 
01569     if (!dynOidHash) {
01570         dynOidHash = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare,
01571                      PL_CompareValues, NULL, NULL);
01572        if ( !dynOidHash ) {
01573            return SECFailure;
01574        }
01575     }
01576 
01577     entry = PL_HashTableAdd( dynOidHash, &oid->oid, (void *)oid );
01578     return entry ? SECSuccess : SECFailure;
01579 }
01580 
01581 
01582 /*
01583  * Lookup a Dynamic OID. Dynamic OID's still change slowly, so it's
01584  * cheaper to rehash the table when it changes than it is to do the loop
01585  * each time. 
01586  */
01587 static SECOidData *
01588 secoid_FindDynamic(const SECItem *key) 
01589 {
01590     SECOidData *ret = NULL;
01591 
01592     if (dynOidHash) {
01593        NSSRWLock_LockRead(dynOidLock);
01594        if (dynOidHash) { /* must check it again with lock held. */
01595            ret = (SECOidData *)PL_HashTableLookup(dynOidHash, key);
01596        }
01597        NSSRWLock_UnlockRead(dynOidLock);
01598     }
01599     if (ret == NULL) {
01600        PORT_SetError(SEC_ERROR_UNRECOGNIZED_OID);
01601     }
01602     return ret;
01603 }
01604 
01605 static SECOidData *
01606 secoid_FindDynamicByTag(SECOidTag tagnum)
01607 {
01608     SECOidData *data = NULL;
01609     int tagNumDiff;
01610 
01611     if (tagnum < SEC_OID_TOTAL) {
01612        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
01613        return NULL;
01614     }
01615     tagNumDiff = tagnum - SEC_OID_TOTAL;
01616 
01617     if (dynOidTable) {
01618        NSSRWLock_LockRead(dynOidLock);
01619        if (dynOidTable != NULL && /* must check it again with lock held. */
01620            tagNumDiff < dynOidEntriesUsed) {
01621            data = dynOidTable[tagNumDiff];
01622        }
01623        NSSRWLock_UnlockRead(dynOidLock);
01624     }
01625     if (data == NULL) {
01626        PORT_SetError(SEC_ERROR_UNRECOGNIZED_OID);
01627     }
01628     return data;
01629 }
01630 
01631 /*
01632  * This routine is thread safe now.
01633  */
01634 SECOidTag
01635 SECOID_AddEntry(const SECOidData * src)
01636 {
01637     SECOidData * dst;
01638     SECOidData **table;
01639     SECOidTag    ret         = SEC_OID_UNKNOWN;
01640     SECStatus    rv;
01641     int          tableEntries;
01642     int          used;
01643 
01644     if (!src || !src->oid.data || !src->oid.len || \
01645         !src->desc || !strlen(src->desc)) {
01646        PORT_SetError(SEC_ERROR_INVALID_ARGS);
01647        return ret;
01648     }
01649     if (src->supportedExtension != INVALID_CERT_EXTENSION     &&
01650        src->supportedExtension != UNSUPPORTED_CERT_EXTENSION &&
01651        src->supportedExtension != SUPPORTED_CERT_EXTENSION     ) {
01652        PORT_SetError(SEC_ERROR_INVALID_ARGS);
01653        return ret;
01654     }
01655 
01656     if (!dynOidPool && secoid_InitDynOidData() != SECSuccess) {
01657        /* Caller has set error code. */
01658        return ret;
01659     }
01660 
01661     NSSRWLock_LockWrite(dynOidLock);
01662 
01663     /* We've just acquired the write lock, and now we call FindOIDTag
01664     ** which will acquire and release the read lock.  NSSRWLock has been
01665     ** designed to allow this very case without deadlock.  This approach 
01666     ** makes the test for the presence of the OID, and the subsequent 
01667     ** addition of the OID to the table a single atomic write operation.
01668     */
01669     ret = SECOID_FindOIDTag(&src->oid);
01670     if (ret != SEC_OID_UNKNOWN) {
01671        /* we could return an error here, but I chose not to do that.
01672        ** This way, if we add an OID to the shared library's built in
01673        ** list of OIDs in some future release, and that OID is the same
01674        ** as some OID that a program has been adding, the program will
01675        ** not suddenly stop working.
01676        */
01677        goto done;
01678     }
01679 
01680     table        = dynOidTable;
01681     tableEntries = dynOidEntriesAllocated;
01682     used         = dynOidEntriesUsed;
01683 
01684     if (used + 1 > tableEntries) {
01685        SECOidData **newTable;
01686        int          newTableEntries = tableEntries + 16;
01687 
01688        newTable = (SECOidData **)PORT_Realloc(table, 
01689                                    newTableEntries * sizeof(SECOidData *));
01690        if (newTable == NULL) {
01691            goto done;
01692        }
01693        dynOidTable            = table        = newTable;
01694        dynOidEntriesAllocated = tableEntries = newTableEntries;
01695     }
01696 
01697     /* copy oid structure */
01698     dst = PORT_ArenaNew(dynOidPool, SECOidData);
01699     if (!dst) {
01700        goto done;
01701     }
01702     rv  = SECITEM_CopyItem(dynOidPool, &dst->oid, &src->oid);
01703     if (rv != SECSuccess) {
01704        goto done;
01705     }
01706     dst->desc = PORT_ArenaStrdup(dynOidPool, src->desc);
01707     if (!dst->desc) {
01708        goto done;
01709     }
01710     dst->offset             = (SECOidTag)(used + SEC_OID_TOTAL);
01711     dst->mechanism          = src->mechanism;
01712     dst->supportedExtension = src->supportedExtension;
01713 
01714     rv = secoid_HashDynamicOiddata(dst);
01715     if ( rv == SECSuccess ) {
01716        table[used++] = dst;
01717        dynOidEntriesUsed = used;
01718        ret = dst->offset;
01719     }
01720 done:
01721     NSSRWLock_UnlockWrite(dynOidLock);
01722     return ret;
01723 }
01724 
01725 
01726 /* normal static table processing */
01727 static PLHashTable *oidhash     = NULL;
01728 static PLHashTable *oidmechhash = NULL;
01729 
01730 static PLHashNumber
01731 secoid_HashNumber(const void *key)
01732 {
01733     return (PLHashNumber) key;
01734 }
01735 
01736 
01737 SECStatus
01738 secoid_Init(void)
01739 {
01740     PLHashEntry *entry;
01741     const SECOidData *oid;
01742     int i;
01743 
01744     if (!dynOidPool && secoid_InitDynOidData() != SECSuccess) {
01745        return SECFailure;
01746     }
01747 
01748     if (oidhash) {
01749        return SECSuccess;
01750     }
01751     
01752     oidhash = PL_NewHashTable(0, SECITEM_Hash, SECITEM_HashCompare,
01753                      PL_CompareValues, NULL, NULL);
01754     oidmechhash = PL_NewHashTable(0, secoid_HashNumber, PL_CompareValues,
01755                      PL_CompareValues, NULL, NULL);
01756 
01757     if ( !oidhash || !oidmechhash) {
01758        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
01759        PORT_Assert(0); /*This function should never fail. */
01760        return(SECFailure);
01761     }
01762 
01763     for ( i = 0; i < ( sizeof(oids) / sizeof(SECOidData) ); i++ ) {
01764        oid = &oids[i];
01765 
01766        PORT_Assert ( oid->offset == i );
01767 
01768        entry = PL_HashTableAdd( oidhash, &oid->oid, (void *)oid );
01769        if ( entry == NULL ) {
01770            PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
01771             PORT_Assert(0); /*This function should never fail. */
01772            return(SECFailure);
01773        }
01774 
01775        if ( oid->mechanism != CKM_INVALID_MECHANISM ) {
01776            entry = PL_HashTableAdd( oidmechhash, 
01777                                    (void *)oid->mechanism, (void *)oid );
01778            if ( entry == NULL ) {
01779                PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
01780                 PORT_Assert(0); /* This function should never fail. */
01781               return(SECFailure);
01782            }
01783        }
01784     }
01785 
01786     PORT_Assert (i == SEC_OID_TOTAL);
01787 
01788     return(SECSuccess);
01789 }
01790 
01791 SECOidData *
01792 SECOID_FindOIDByMechanism(unsigned long mechanism)
01793 {
01794     SECOidData *ret;
01795 
01796     PR_ASSERT(oidhash != NULL);
01797 
01798     ret = PL_HashTableLookupConst ( oidmechhash, (void *)mechanism);
01799     if ( ret == NULL ) {
01800         PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
01801     }
01802 
01803     return (ret);
01804 }
01805 
01806 SECOidData *
01807 SECOID_FindOID(const SECItem *oid)
01808 {
01809     SECOidData *ret;
01810 
01811     PR_ASSERT(oidhash != NULL);
01812     
01813     ret = PL_HashTableLookupConst ( oidhash, oid );
01814     if ( ret == NULL ) {
01815        ret  = secoid_FindDynamic(oid);
01816        if (ret == NULL) {
01817            PORT_SetError(SEC_ERROR_UNRECOGNIZED_OID);
01818        }
01819     }
01820 
01821     return(ret);
01822 }
01823 
01824 SECOidTag
01825 SECOID_FindOIDTag(const SECItem *oid)
01826 {
01827     SECOidData *oiddata;
01828 
01829     oiddata = SECOID_FindOID (oid);
01830     if (oiddata == NULL)
01831        return SEC_OID_UNKNOWN;
01832 
01833     return oiddata->offset;
01834 }
01835 
01836 /* This really should return const. */
01837 SECOidData *
01838 SECOID_FindOIDByTag(SECOidTag tagnum)
01839 {
01840 
01841     if (tagnum >= SEC_OID_TOTAL) {
01842        return secoid_FindDynamicByTag(tagnum);
01843     }
01844 
01845     PORT_Assert((unsigned int)tagnum < (sizeof(oids) / sizeof(SECOidData)));
01846     return (SECOidData *)(&oids[tagnum]);
01847 }
01848 
01849 PRBool SECOID_KnownCertExtenOID (SECItem *extenOid)
01850 {
01851     SECOidData * oidData;
01852 
01853     oidData = SECOID_FindOID (extenOid);
01854     if (oidData == (SECOidData *)NULL)
01855        return (PR_FALSE);
01856     return ((oidData->supportedExtension == SUPPORTED_CERT_EXTENSION) ?
01857             PR_TRUE : PR_FALSE);
01858 }
01859 
01860 
01861 const char *
01862 SECOID_FindOIDTagDescription(SECOidTag tagnum)
01863 {
01864   const SECOidData *oidData = SECOID_FindOIDByTag(tagnum);
01865   return oidData ? oidData->desc : 0;
01866 }
01867 
01868 /*
01869  * free up the oid tables.
01870  */
01871 SECStatus
01872 SECOID_Shutdown(void)
01873 {
01874     if (oidhash) {
01875        PL_HashTableDestroy(oidhash);
01876        oidhash = NULL;
01877     }
01878     if (oidmechhash) {
01879        PL_HashTableDestroy(oidmechhash);
01880        oidmechhash = NULL;
01881     }
01882     /* Have to handle the case where the lock was created, but
01883     ** the pool wasn't. 
01884     ** I'm not going to attempt to create the lock, just to protect
01885     ** the destruction of data that probably isn't initialized anyway.
01886     */
01887     if (dynOidLock) {
01888        NSSRWLock_LockWrite(dynOidLock);
01889        if (dynOidHash) {
01890            PL_HashTableDestroy(dynOidHash);
01891            dynOidHash = NULL;
01892        }
01893        if (dynOidPool) {
01894            PORT_FreeArena(dynOidPool, PR_FALSE);
01895            dynOidPool = NULL;
01896        }
01897        if (dynOidTable) {
01898            PORT_Free(dynOidTable);
01899            dynOidTable = NULL;
01900        }
01901        dynOidEntriesAllocated = 0;
01902        dynOidEntriesUsed = 0;
01903 
01904        NSSRWLock_UnlockWrite(dynOidLock);
01905        NSSRWLock_Destroy(dynOidLock);
01906        dynOidLock = NULL;
01907     } else {
01908        /* Since dynOidLock doesn't exist, then all the data it protects
01909        ** should be uninitialized.  We'll check that (in DEBUG builds),
01910        ** and then make sure it is so, in case NSS is reinitialized.
01911        */
01912        PORT_Assert(!dynOidHash && !dynOidPool && !dynOidTable && \
01913                    !dynOidEntriesAllocated && !dynOidEntriesUsed);
01914        dynOidHash = NULL;
01915        dynOidPool = NULL;
01916        dynOidTable = NULL;
01917        dynOidEntriesAllocated = 0;
01918        dynOidEntriesUsed = 0;
01919     }
01920     return SECSuccess;
01921 }