secoid.c

来自「支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS」· C语言 代码 · 共 1,534 行 · 第 1/5 页

/*
 * The contents of this file are subject to the Mozilla Public
 * License Version 1.1 (the "License"); you may not use this file
 * except in compliance with the License. You may obtain a copy of
 * the License at http://www.mozilla.org/MPL/
 * 
 * Software distributed under the License is distributed on an "AS
 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
 * implied. See the License for the specific language governing
 * rights and limitations under the License.
 * 
 * The Original Code is the Netscape security libraries.
 * 
 * The Initial Developer of the Original Code is Netscape
 * Communications Corporation.  Portions created by Netscape are 
 * Copyright (C) 1994-2000 Netscape Communications Corporation.  All
 * Rights Reserved.
 * 
 * Contributor(s):
 * 
 * Alternatively, the contents of this file may be used under the
 * terms of the GNU General Public License Version 2 or later (the
 * "GPL"), in which case the provisions of the GPL are applicable 
 * instead of those above.  If you wish to allow use of your 
 * version of this file only under the terms of the GPL and not to
 * allow others to use your version of this file under the MPL,
 * indicate your decision by deleting the provisions above and
 * replace them with the notice and other provisions required by
 * the GPL.  If you do not delete the provisions above, a recipient
 * may use your version of this file under either the MPL or the
 * GPL.
 */

#include "secoid.h"
#include "mcom_db.h"
#include "pkcs11t.h"
#include "secmodt.h"
#include "secitem.h"
#include "secerr.h"

/* MISSI Mosaic Object ID space */
#define MISSI	0x60, 0x86, 0x48, 0x01, 0x65, 0x02, 0x01, 0x01
#define MISSI_OLD_KEA_DSS	MISSI, 0x0c
#define MISSI_OLD_DSS		MISSI, 0x02
#define MISSI_KEA_DSS		MISSI, 0x14
#define MISSI_DSS		MISSI, 0x13
#define MISSI_KEA               MISSI, 0x0a
#define MISSI_ALT_KEA           MISSI, 0x16

/**
 ** The Netscape OID space is allocated by Terry Hayes.  If you need
 ** a piece of the space, contact him at thayes@netscape.com.
 **/

/* Netscape Communications Corporation Object ID space */
/* { 2 16 840 1 113730 } */
#define NETSCAPE_OID	0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42
/* netscape certificate extensions */
#define NETSCAPE_CERT_EXT NETSCAPE_OID, 0x01

/* netscape data types */
#define NETSCAPE_DATA_TYPE NETSCAPE_OID, 0x02

/* netscape directory oid - owned by Tim Howes(howes@netscape.com) */
#define NETSCAPE_DIRECTORY NETSCAPE_OID, 0x03

/* various policy type OIDs */
#define NETSCAPE_POLICY NETSCAPE_OID, 0x04

/* netscape cert server oid */
#define NETSCAPE_CERT_SERVER NETSCAPE_OID, 0x05
#define NETSCAPE_CERT_SERVER_CRMF NETSCAPE_CERT_SERVER, 0x01

/* various algorithm OIDs */
#define NETSCAPE_ALGS NETSCAPE_OID, 0x06

/* Netscape Other Name Types */

#define NETSCAPE_NAME_COMPONENTS NETSCAPE_OID, 0x07

/* these are old and should go away soon */
#define OLD_NETSCAPE	0x60, 0x86, 0x48, 0xd8, 0x6a
#define NS_CERT_EXT	OLD_NETSCAPE, 0x01
#define NS_FILE_TYPE	OLD_NETSCAPE, 0x02
#define NS_IMAGE_TYPE	OLD_NETSCAPE, 0x03

/* RSA OID name space */
#define RSADSI	0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d
#define PKCS	RSADSI, 0x01
#define DIGEST	RSADSI, 0x02
#define CIPHER	RSADSI, 0x03
#define PKCS1	PKCS, 0x01
#define PKCS5	PKCS, 0x05
#define PKCS7	PKCS, 0x07
#define PKCS9	PKCS, 0x09
#define PKCS12	PKCS, 0x0c

/* Fortezza algorithm OID space: { 2 16 840 1 101 2 1 1 } */
/* ### mwelch -- Is this just for algorithms, or all of Fortezza? */
#define FORTEZZA_ALG 0x60, 0x86, 0x48, 0x01, 0x65, 0x02, 0x01, 0x01

/* Other OID name spaces */
#define ALGORITHM		0x2b, 0x0e, 0x03, 0x02
#define X500			0x55
#define X520_ATTRIBUTE_TYPE	X500, 0x04
#define X500_ALG		X500, 0x08
#define X500_ALG_ENCRYPTION	X500_ALG, 0x01

/** X.509 v3 Extension OID 
 ** {joint-iso-ccitt (2) ds(5) 29}
 **/
#define	ID_CE_OID X500, 0x1d

#define RFC1274_ATTR_TYPE  0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x1
/* #define RFC2247_ATTR_TYPE  0x09, 0x92, 0x26, 0xf5, 0x98, 0x1e, 0x64, 0x1 this is WRONG! */

/* PKCS #12 name spaces */
#define PKCS12_MODE_IDS		PKCS12, 0x01
#define PKCS12_ESPVK_IDS	PKCS12, 0x02
#define PKCS12_BAG_IDS		PKCS12, 0x03
#define PKCS12_CERT_BAG_IDS	PKCS12, 0x04
#define PKCS12_OIDS		PKCS12, 0x05
#define PKCS12_PBE_IDS		PKCS12_OIDS, 0x01
#define PKCS12_ENVELOPING_IDS	PKCS12_OIDS, 0x02
#define PKCS12_SIGNATURE_IDS	PKCS12_OIDS, 0x03
#define PKCS12_V2_PBE_IDS	PKCS12, 0x01
#define PKCS9_CERT_TYPES	PKCS9, 0x16
#define PKCS9_CRL_TYPES		PKCS9, 0x17
#define PKCS9_SMIME_IDS		PKCS9, 0x10
#define PKCS9_SMIME_ATTRS	PKCS9_SMIME_IDS, 2
#define PKCS9_SMIME_ALGS	PKCS9_SMIME_IDS, 3
#define PKCS12_VERSION1		PKCS12, 0x0a
#define PKCS12_V1_BAG_IDS	PKCS12_VERSION1, 1

/* for DSA algorithm */
/* { iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) } */
#define ANSI_X9_ALGORITHM  0x2a, 0x86, 0x48, 0xce, 0x38, 0x4

/* for DH algorithm */
/* { iso(1) member-body(2) us(840) x9-57(10046) number-type(2) } */
/* need real OID person to look at this, copied the above line
 * and added 6 to second to last value (and changed '4' to '2' */
#define ANSI_X942_ALGORITHM  0x2a, 0x86, 0x48, 0xce, 0x3e, 0x2

#define VERISIGN 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x45

#define PKIX 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07
#define PKIX_CERT_EXTENSIONS PKIX, 1
#define PKIX_POLICY_QUALIFIERS PKIX, 2
#define PKIX_KEY_USAGE PKIX, 3
#define PKIX_ACCESS_DESCRIPTION PKIX, 0x30
#define PKIX_OCSP PKIX_ACCESS_DESCRIPTION, 1

#define PKIX_ID_PKIP     PKIX, 5
#define PKIX_ID_REGCTRL  PKIX_ID_PKIP, 1 
#define PKIX_ID_REGINFO  PKIX_ID_PKIP, 2


static unsigned char md2[] = { DIGEST, 0x02 };
static unsigned char md4[] = { DIGEST, 0x04 };
static unsigned char md5[] = { DIGEST, 0x05 };
static unsigned char sha1[] = { ALGORITHM, 0x1a };
static unsigned char rc2cbc[] = { CIPHER, 0x02 };
static unsigned char rc4[] = { CIPHER, 0x04 };
static unsigned char desede3cbc[] = { CIPHER, 0x07 };
static unsigned char rc5cbcpad[] = { CIPHER, 0x09 };
static unsigned char desecb[] = { ALGORITHM, 0x06 };
static unsigned char descbc[] = { ALGORITHM, 0x07 };
static unsigned char desofb[] = { ALGORITHM, 0x08 };
static unsigned char descfb[] = { ALGORITHM, 0x09 };
static unsigned char desmac[] = { ALGORITHM, 0x0a };
static unsigned char desede[] = { ALGORITHM, 0x11 };
static unsigned char isoSHAWithRSASignature[] = { ALGORITHM, 0xf };
static unsigned char pkcs1RSAEncryption[] = { PKCS1, 0x01 };
static unsigned char pkcs1MD2WithRSAEncryption[] = { PKCS1, 0x02 };
static unsigned char pkcs1MD4WithRSAEncryption[] = { PKCS1, 0x03 };
static unsigned char pkcs1MD5WithRSAEncryption[] = { PKCS1, 0x04 };
static unsigned char pkcs1SHA1WithRSAEncryption[] = { PKCS1, 0x05 };
static unsigned char pkcs5PbeWithMD2AndDEScbc[] = { PKCS5, 0x01 };
static unsigned char pkcs5PbeWithMD5AndDEScbc[] = { PKCS5, 0x03 };
static unsigned char pkcs5PbeWithSha1AndDEScbc[] = { PKCS5, 0x0a };
static unsigned char pkcs7[] = { PKCS7 };
static unsigned char pkcs7Data[] = { PKCS7, 0x01 };
static unsigned char pkcs7SignedData[] = { PKCS7, 0x02 };
static unsigned char pkcs7EnvelopedData[] = { PKCS7, 0x03 };
static unsigned char pkcs7SignedEnvelopedData[] = { PKCS7, 0x04 };
static unsigned char pkcs7DigestedData[] = { PKCS7, 0x05 };
static unsigned char pkcs7EncryptedData[] = { PKCS7, 0x06 };
static unsigned char pkcs9EmailAddress[] = { PKCS9, 0x01 };
static unsigned char pkcs9UnstructuredName[] = { PKCS9, 0x02 };
static unsigned char pkcs9ContentType[] = { PKCS9, 0x03 };
static unsigned char pkcs9MessageDigest[] = { PKCS9, 0x04 };
static unsigned char pkcs9SigningTime[] = { PKCS9, 0x05 };
static unsigned char pkcs9CounterSignature[] = { PKCS9, 0x06 };
static unsigned char pkcs9ChallengePassword[] = { PKCS9, 0x07 };
static unsigned char pkcs9UnstructuredAddress[] = { PKCS9, 0x08 };
static unsigned char pkcs9ExtendedCertificateAttributes[] = { PKCS9, 0x09 };
static unsigned char pkcs9SMIMECapabilities[] = { PKCS9, 15 };
static unsigned char x520CommonName[] = { X520_ATTRIBUTE_TYPE, 3 };
static unsigned char x520CountryName[] = { X520_ATTRIBUTE_TYPE, 6 };
static unsigned char x520LocalityName[] = { X520_ATTRIBUTE_TYPE, 7 };
static unsigned char x520StateOrProvinceName[] = { X520_ATTRIBUTE_TYPE, 8 };
static unsigned char x520OrgName[] = { X520_ATTRIBUTE_TYPE, 10 };
static unsigned char x520OrgUnitName[] = { X520_ATTRIBUTE_TYPE, 11 };
static unsigned char x520DnQualifier[] = { X520_ATTRIBUTE_TYPE, 46 };

static unsigned char nsTypeGIF[] = { NETSCAPE_DATA_TYPE, 0x01 };
static unsigned char nsTypeJPEG[] = { NETSCAPE_DATA_TYPE, 0x02 };
static unsigned char nsTypeURL[] = { NETSCAPE_DATA_TYPE, 0x03 };
static unsigned char nsTypeHTML[] = { NETSCAPE_DATA_TYPE, 0x04 };
static unsigned char nsTypeCertSeq[] = { NETSCAPE_DATA_TYPE, 0x05 };
static unsigned char missiCertKEADSSOld[] = { MISSI_OLD_KEA_DSS };
static unsigned char missiCertDSSOld[] = { MISSI_OLD_DSS };
static unsigned char missiCertKEADSS[] = { MISSI_KEA_DSS };
static unsigned char missiCertDSS[] = { MISSI_DSS };
static unsigned char missiCertKEA[] = { MISSI_KEA };
static unsigned char missiCertAltKEA[] = { MISSI_ALT_KEA };
static unsigned char x500RSAEncryption[] = { X500_ALG_ENCRYPTION, 0x01 };

/* added for alg 1485 */
static unsigned char rfc1274Uid[] = { RFC1274_ATTR_TYPE, 1 };
static unsigned char rfc1274Mail[] = { RFC1274_ATTR_TYPE, 3 };
static unsigned char rfc2247DomainComponent[] = { RFC1274_ATTR_TYPE, 25 };

/* Netscape private certificate extensions */
static unsigned char nsCertExtNetscapeOK[] = { NS_CERT_EXT, 1 };
static unsigned char nsCertExtIssuerLogo[] = { NS_CERT_EXT, 2 };
static unsigned char nsCertExtSubjectLogo[] = { NS_CERT_EXT, 3 };
static unsigned char nsExtCertType[] = { NETSCAPE_CERT_EXT, 0x01 };
static unsigned char nsExtBaseURL[] = { NETSCAPE_CERT_EXT, 0x02 };
static unsigned char nsExtRevocationURL[] = { NETSCAPE_CERT_EXT, 0x03 };
static unsigned char nsExtCARevocationURL[] = { NETSCAPE_CERT_EXT, 0x04 };
static unsigned char nsExtCACRLURL[] = { NETSCAPE_CERT_EXT, 0x05 };
static unsigned char nsExtCACertURL[] = { NETSCAPE_CERT_EXT, 0x06 };
static unsigned char nsExtCertRenewalURL[] = { NETSCAPE_CERT_EXT, 0x07 };
static unsigned char nsExtCAPolicyURL[] = { NETSCAPE_CERT_EXT, 0x08 };
static unsigned char nsExtHomepageURL[] = { NETSCAPE_CERT_EXT, 0x09 };
static unsigned char nsExtEntityLogo[] = { NETSCAPE_CERT_EXT, 0x0a };
static unsigned char nsExtUserPicture[] = { NETSCAPE_CERT_EXT, 0x0b };
static unsigned char nsExtSSLServerName[] = { NETSCAPE_CERT_EXT, 0x0c };
static unsigned char nsExtComment[] = { NETSCAPE_CERT_EXT, 0x0d };

/* the following 2 extensions are defined for and used by Cartman(NSM) */
static unsigned char nsExtLostPasswordURL[] = { NETSCAPE_CERT_EXT, 0x0e };
static unsigned char nsExtCertRenewalTime[] = { NETSCAPE_CERT_EXT, 0x0f };

#define NETSCAPE_CERT_EXT_AIA NETSCAPE_CERT_EXT, 0x10

static unsigned char nsExtAIACertRenewal[] = { NETSCAPE_CERT_EXT_AIA, 0x01 };

static unsigned char nsExtCertScopeOfUse[] = { NETSCAPE_CERT_EXT, 0x11 };

static unsigned char nsKeyUsageGovtApproved[] = { NETSCAPE_POLICY, 0x01 };


/* Standard x.509 v3 Certificate Extensions */
static unsigned char x509SubjectDirectoryAttr[] = { ID_CE_OID, 9 };
static unsigned char x509SubjectKeyID[] = { ID_CE_OID, 14 };
static unsigned char x509KeyUsage[] = { ID_CE_OID, 15 };
static unsigned char x509PrivateKeyUsagePeriod[] = { ID_CE_OID, 16 };
static unsigned char x509SubjectAltName[] = { ID_CE_OID, 17 };
static unsigned char x509IssuerAltName[] = { ID_CE_OID, 18 };
static unsigned char x509BasicConstraints[] = { ID_CE_OID, 19 };
static unsigned char x509NameConstraints[] = { ID_CE_OID, 30 };
static unsigned char x509CRLDistPoints[] = { ID_CE_OID, 31 };
static unsigned char x509CertificatePolicies[] = { ID_CE_OID, 32 };
static unsigned char x509PolicyMappings[] = { ID_CE_OID, 33 };
static unsigned char x509PolicyConstraints[] = { ID_CE_OID, 34 };
static unsigned char x509AuthKeyID[] = { ID_CE_OID, 35};
static unsigned char x509ExtKeyUsage[] = { ID_CE_OID, 37};
static unsigned char x509AuthInfoAccess[] = { PKIX_CERT_EXTENSIONS, 1 };

/* Standard x.509 v3 CRL Extensions */
static unsigned char x509CrlNumber[] = { ID_CE_OID, 20};
static unsigned char x509ReasonCode[] = { ID_CE_OID, 21};
static unsigned char x509InvalidDate[] = { ID_CE_OID, 24};

/* pkcs 12 additions */
static unsigned char pkcs12[] = { PKCS12 };
static unsigned char pkcs12ModeIDs[] = { PKCS12_MODE_IDS };
static unsigned char pkcs12ESPVKIDs[] = { PKCS12_ESPVK_IDS };
static unsigned char pkcs12BagIDs[] = { PKCS12_BAG_IDS };
static unsigned char pkcs12CertBagIDs[] = { PKCS12_CERT_BAG_IDS };
static unsigned char pkcs12OIDs[] = { PKCS12_OIDS };
static unsigned char pkcs12PBEIDs[] = { PKCS12_PBE_IDS };
static unsigned char pkcs12EnvelopingIDs[] = { PKCS12_ENVELOPING_IDS };
static unsigned char pkcs12SignatureIDs[] = { PKCS12_SIGNATURE_IDS };
static unsigned char pkcs12PKCS8KeyShrouding[] = { PKCS12_ESPVK_IDS, 0x01 };
static unsigned char pkcs12KeyBagID[] = { PKCS12_BAG_IDS, 0x01 };
static unsigned char pkcs12CertAndCRLBagID[] = { PKCS12_BAG_IDS, 0x02 };
static unsigned char pkcs12SecretBagID[] = { PKCS12_BAG_IDS, 0x03 };
static unsigned char pkcs12X509CertCRLBag[] = { PKCS12_CERT_BAG_IDS, 0x01 };
static unsigned char pkcs12SDSICertBag[] = { PKCS12_CERT_BAG_IDS, 0x02 };
static unsigned char pkcs12PBEWithSha1And128BitRC4[] = { PKCS12_PBE_IDS, 0x01 };
static unsigned char pkcs12PBEWithSha1And40BitRC4[] = { PKCS12_PBE_IDS, 0x02 };
static unsigned char pkcs12PBEWithSha1AndTripleDESCBC[] = { PKCS12_PBE_IDS, 0x03 };
static unsigned char pkcs12PBEWithSha1And128BitRC2CBC[] = { PKCS12_PBE_IDS, 0x04 };
static unsigned char pkcs12PBEWithSha1And40BitRC2CBC[] = { PKCS12_PBE_IDS, 0x05 };
static unsigned char pkcs12RSAEncryptionWith128BitRC4[] =
	{ PKCS12_ENVELOPING_IDS, 0x01 };
static unsigned char pkcs12RSAEncryptionWith40BitRC4[] = 
	{ PKCS12_ENVELOPING_IDS, 0x02 };
static unsigned char pkcs12RSAEncryptionWithTripleDES[] = 
	{ PKCS12_ENVELOPING_IDS, 0x03 }; 
static unsigned char pkcs12RSASignatureWithSHA1Digest[] =
	{ PKCS12_SIGNATURE_IDS, 0x01 };
static unsigned char ansix9DSASignature[] = { ANSI_X9_ALGORITHM, 0x01 };