secoid.c

来自「支持SSL v2/v3, TLS, PKCS #5, PKCS #7, PKCS」· C语言 代码 · 共 1,534 行 · 第 1/5 页

static unsigned char ansix9DSASignaturewithSHA1Digest[] =
	{ ANSI_X9_ALGORITHM, 0x03 };
static unsigned char bogusDSASignaturewithSHA1Digest[] =
        { ALGORITHM, 0x1b };

/* verisign OIDs */
static unsigned char verisignUserNotices[] = { VERISIGN, 1, 7, 1, 1 };

/* pkix OIDs */
static unsigned char pkixCPSPointerQualifier[] = { PKIX_POLICY_QUALIFIERS, 1 };
static unsigned char pkixUserNoticeQualifier[] = { PKIX_POLICY_QUALIFIERS, 2 };

static unsigned char pkixOCSP[]			= { PKIX_OCSP };
static unsigned char pkixOCSPBasicResponse[]	= { PKIX_OCSP, 1 };
static unsigned char pkixOCSPNonce[]		= { PKIX_OCSP, 2 };
static unsigned char pkixOCSPCRL[]		= { PKIX_OCSP, 3 };
static unsigned char pkixOCSPResponse[]		= { PKIX_OCSP, 4 };
static unsigned char pkixOCSPNoCheck[]		= { PKIX_OCSP, 5 };
static unsigned char pkixOCSPArchiveCutoff[]	= { PKIX_OCSP, 6 };
static unsigned char pkixOCSPServiceLocator[]	= { PKIX_OCSP, 7 };

static unsigned char pkixRegCtrlRegToken[]       = { PKIX_ID_REGCTRL, 1};
static unsigned char pkixRegCtrlAuthenticator[]  = { PKIX_ID_REGCTRL, 2};
static unsigned char pkixRegCtrlPKIPubInfo[]     = { PKIX_ID_REGCTRL, 3};
static unsigned char pkixRegCtrlPKIArchOptions[] = { PKIX_ID_REGCTRL, 4};
static unsigned char pkixRegCtrlOldCertID[]      = { PKIX_ID_REGCTRL, 5};
static unsigned char pkixRegCtrlProtEncKey[]     = { PKIX_ID_REGCTRL, 6};
static unsigned char pkixRegInfoUTF8Pairs[]      = { PKIX_ID_REGINFO, 1};
static unsigned char pkixRegInfoCertReq[]        = { PKIX_ID_REGINFO, 2};

static unsigned char pkixExtendedKeyUsageServerAuth[] = 
        { PKIX_KEY_USAGE, 1 };
static unsigned char pkixExtendedKeyUsageClientAuth[] = 
        { PKIX_KEY_USAGE, 2 };
static unsigned char pkixExtendedKeyUsageCodeSign[] = 
        { PKIX_KEY_USAGE, 3 };
static unsigned char pkixExtendedKeyUsageEMailProtect[] = 
        { PKIX_KEY_USAGE, 4 };
static unsigned char pkixExtendedKeyUsageTimeStamp[] = 
        { PKIX_KEY_USAGE, 8 };
static unsigned char pkixOCSPResponderExtendedKeyUsage[] = 
        { PKIX_KEY_USAGE, 9 };

/* OIDs for Netscape defined algorithms */
static unsigned char netscapeSMimeKEA[] = { NETSCAPE_ALGS, 0x01 };

/* pkcs 12 version 1.0 ids */
static unsigned char pkcs12V2PBEWithSha1And128BitRC4[] = { PKCS12_V2_PBE_IDS, 0x01 };
static unsigned char pkcs12V2PBEWithSha1And40BitRC4[] = { PKCS12_V2_PBE_IDS, 0x02 };
static unsigned char pkcs12V2PBEWithSha1And3KeyTripleDEScbc[] = { PKCS12_V2_PBE_IDS, 0x03 };
static unsigned char pkcs12V2PBEWithSha1And2KeyTripleDEScbc[] = { PKCS12_V2_PBE_IDS, 0x04 };
static unsigned char pkcs12V2PBEWithSha1And128BitRC2cbc[] = { PKCS12_V2_PBE_IDS, 0x05 };
static unsigned char pkcs12V2PBEWithSha1And40BitRC2cbc[] = { PKCS12_V2_PBE_IDS, 0x06 };

static unsigned char pkcs12SafeContentsID[] = {PKCS12_BAG_IDS, 0x04 };
static unsigned char pkcs12PKCS8ShroudedKeyBagID[] = { PKCS12_BAG_IDS, 0x05 };

static unsigned char pkcs12V1KeyBag[] = { PKCS12_V1_BAG_IDS, 0x01 };
static unsigned char pkcs12V1PKCS8ShroudedKeyBag[] = { PKCS12_V1_BAG_IDS, 0x02 };
static unsigned char pkcs12V1CertBag[] = { PKCS12_V1_BAG_IDS, 0x03 };
static unsigned char pkcs12V1CRLBag[] = { PKCS12_V1_BAG_IDS, 0x04 };
static unsigned char pkcs12V1SecretBag[] = { PKCS12_V1_BAG_IDS, 0x05 };
static unsigned char pkcs12V1SafeContentsBag[] = { PKCS12_V1_BAG_IDS, 0x06 };

static unsigned char pkcs9X509Certificate[] = { PKCS9_CERT_TYPES, 1 };
static unsigned char pkcs9SDSICertificate[] = { PKCS9_CERT_TYPES, 2 };
static unsigned char pkcs9X509CRL[] = { PKCS9_CRL_TYPES, 1 };
static unsigned char pkcs9FriendlyName[] = { PKCS9, 20 };
static unsigned char pkcs9LocalKeyID[] = { PKCS9, 21 };
static unsigned char pkcs12KeyUsageAttr[] = { 2, 5, 29, 15 };

/* Fortezza algorithm OIDs */
static unsigned char skipjackCBC[] = { FORTEZZA_ALG, 0x04 };
static unsigned char dhPublicKey[] = { ANSI_X942_ALGORITHM, 0x1 };

/* Netscape other name types */
static unsigned char netscapeNickname[] = { NETSCAPE_NAME_COMPONENTS, 0x01};

/* OIDs needed for cert server */
static unsigned char netscapeRecoveryRequest[] = 
                                        { NETSCAPE_CERT_SERVER_CRMF, 0x01 };

/* RFC2630 (CMS) OIDs */
static unsigned char cmsESDH[] = { PKCS9_SMIME_ALGS, 5 };
static unsigned char cms3DESwrap[] = { PKCS9_SMIME_ALGS, 6 };
static unsigned char cmsRC2wrap[] = { PKCS9_SMIME_ALGS, 7 };

/* RFC2633 SMIME message attributes */
static unsigned char smimeEncryptionKeyPreference[] = { PKCS9_SMIME_ATTRS, 11 };

/*
 * NOTE: the order of these entries must mach the SECOidTag enum in secoidt.h!
 */
static SECOidData oids[] = {
    { { siDEROID, NULL, 0 },
	  SEC_OID_UNKNOWN,
	  "Unknown OID", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
    { { siDEROID, md2, sizeof(md2) },
	  SEC_OID_MD2,
	  "MD2", CKM_MD2, INVALID_CERT_EXTENSION },
    { { siDEROID, md4, sizeof(md4) },
	  SEC_OID_MD4,
	  "MD4", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
    { { siDEROID, md5, sizeof(md5) },
	  SEC_OID_MD5,
	  "MD5", CKM_MD5, INVALID_CERT_EXTENSION },
    { { siDEROID, sha1, sizeof(sha1) },
	  SEC_OID_SHA1,
	  "SHA-1", CKM_SHA_1, INVALID_CERT_EXTENSION },
    { { siDEROID, rc2cbc, sizeof(rc2cbc) },
	  SEC_OID_RC2_CBC,
	  "RC2-CBC", CKM_RC2_CBC, INVALID_CERT_EXTENSION },
    { { siDEROID, rc4, sizeof(rc4) },
	  SEC_OID_RC4,
	  "RC4", CKM_RC4, INVALID_CERT_EXTENSION },
    { { siDEROID, desede3cbc, sizeof(desede3cbc) },
	  SEC_OID_DES_EDE3_CBC,
	  "DES-EDE3-CBC", CKM_DES3_CBC, INVALID_CERT_EXTENSION },
    { { siDEROID, rc5cbcpad, sizeof(rc5cbcpad) },
	  SEC_OID_RC5_CBC_PAD,
	  "RC5-CBCPad", CKM_RC5_CBC, INVALID_CERT_EXTENSION },
    { { siDEROID, desecb, sizeof(desecb) },
	  SEC_OID_DES_ECB,
	  "DES-ECB", CKM_DES_ECB, INVALID_CERT_EXTENSION },
    { { siDEROID, descbc, sizeof(descbc) },
	  SEC_OID_DES_CBC,
	  "DES-CBC", CKM_DES_CBC, INVALID_CERT_EXTENSION },
    { { siDEROID, desofb, sizeof(desofb) },
	  SEC_OID_DES_OFB,
	  "DES-OFB", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
    { { siDEROID, descfb, sizeof(descfb) },
	  SEC_OID_DES_CFB,
	  "DES-CFB", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
    { { siDEROID, desmac, sizeof(desmac) },
	  SEC_OID_DES_MAC,
	  "DES-MAC", CKM_DES_MAC, INVALID_CERT_EXTENSION },
    { { siDEROID, desede, sizeof(desede) },
	  SEC_OID_DES_EDE,
	  "DES-EDE", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
    { { siDEROID, isoSHAWithRSASignature, sizeof(isoSHAWithRSASignature) },
	  SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE,
	  "ISO SHA with RSA Signature", CKM_INVALID_MECHANISM,
	  INVALID_CERT_EXTENSION },
    { { siDEROID, pkcs1RSAEncryption, sizeof(pkcs1RSAEncryption) },
	  SEC_OID_PKCS1_RSA_ENCRYPTION,
	  "PKCS #1 RSA Encryption", CKM_RSA_PKCS, INVALID_CERT_EXTENSION },

    /* the following Signing mechanisms should get new CKM_ values when
     * values for CKM_RSA_WITH_MDX and CKM_RSA_WITH_SHA_1 get defined in
     * PKCS #11.
     */
    { { siDEROID, pkcs1MD2WithRSAEncryption, sizeof(pkcs1MD2WithRSAEncryption) },
	  SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION,
	  "PKCS #1 MD2 With RSA Encryption", CKM_MD2_RSA_PKCS,
	  INVALID_CERT_EXTENSION },
    { { siDEROID, pkcs1MD4WithRSAEncryption, sizeof(pkcs1MD4WithRSAEncryption) },
	  SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION,
	  "PKCS #1 MD4 With RSA Encryption", CKM_INVALID_MECHANISM,
	  INVALID_CERT_EXTENSION },
    { { siDEROID, pkcs1MD5WithRSAEncryption, sizeof(pkcs1MD5WithRSAEncryption) },
	  SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION,
	  "PKCS #1 MD5 With RSA Encryption", CKM_MD5_RSA_PKCS,
	  INVALID_CERT_EXTENSION },
    { { siDEROID, pkcs1SHA1WithRSAEncryption, sizeof(pkcs1SHA1WithRSAEncryption) },
	  SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION,
	  "PKCS #1 SHA-1 With RSA Encryption", CKM_SHA1_RSA_PKCS,
	  INVALID_CERT_EXTENSION },

    { { siDEROID, pkcs5PbeWithMD2AndDEScbc, sizeof(pkcs5PbeWithMD2AndDEScbc) },
	  SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC,
	  "PKCS #5 Password Based Encryption with MD2 and DES CBC",
	  CKM_PBE_MD2_DES_CBC, INVALID_CERT_EXTENSION },
    { { siDEROID, pkcs5PbeWithMD5AndDEScbc, sizeof(pkcs5PbeWithMD5AndDEScbc) },
	  SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC,
	  "PKCS #5 Password Based Encryption with MD5 and DES CBC",
	  CKM_PBE_MD5_DES_CBC, INVALID_CERT_EXTENSION },
    { { siDEROID, pkcs5PbeWithSha1AndDEScbc,
	  sizeof(pkcs5PbeWithSha1AndDEScbc) },
          SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC,
	  "PKCS #5 Password Based Encryption with SHA1 and DES CBC", 
	  CKM_NETSCAPE_PBE_SHA1_DES_CBC, INVALID_CERT_EXTENSION },
    { { siDEROID, pkcs7, sizeof(pkcs7) },
	  SEC_OID_PKCS7,
	  "PKCS #7", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
    { { siDEROID, pkcs7Data, sizeof(pkcs7Data) },
	  SEC_OID_PKCS7_DATA,
	  "PKCS #7 Data", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
    { { siDEROID, pkcs7SignedData, sizeof(pkcs7SignedData) },
	  SEC_OID_PKCS7_SIGNED_DATA,
	  "PKCS #7 Signed Data", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
    { { siDEROID, pkcs7EnvelopedData, sizeof(pkcs7EnvelopedData) },
	  SEC_OID_PKCS7_ENVELOPED_DATA,
	  "PKCS #7 Enveloped Data", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
    { { siDEROID, pkcs7SignedEnvelopedData, sizeof(pkcs7SignedEnvelopedData) },
	  SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA,
	  "PKCS #7 Signed And Enveloped Data", CKM_INVALID_MECHANISM,
	  INVALID_CERT_EXTENSION },
    { { siDEROID, pkcs7DigestedData, sizeof(pkcs7DigestedData) },
	  SEC_OID_PKCS7_DIGESTED_DATA,
	  "PKCS #7 Digested Data", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
    { { siDEROID, pkcs7EncryptedData, sizeof(pkcs7EncryptedData) },
	  SEC_OID_PKCS7_ENCRYPTED_DATA,
	  "PKCS #7 Encrypted Data", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
    { { siDEROID, pkcs9EmailAddress, sizeof(pkcs9EmailAddress) },
	  SEC_OID_PKCS9_EMAIL_ADDRESS,
	  "PKCS #9 Email Address", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
    { { siDEROID, pkcs9UnstructuredName, sizeof(pkcs9UnstructuredName) },
	  SEC_OID_PKCS9_UNSTRUCTURED_NAME,
	  "PKCS #9 Unstructured Name", CKM_INVALID_MECHANISM,
	  INVALID_CERT_EXTENSION },
    { { siDEROID, pkcs9ContentType, sizeof(pkcs9ContentType) },
	  SEC_OID_PKCS9_CONTENT_TYPE,
	  "PKCS #9 Content Type", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
    { { siDEROID, pkcs9MessageDigest, sizeof(pkcs9MessageDigest) },
	  SEC_OID_PKCS9_MESSAGE_DIGEST,
	  "PKCS #9 Message Digest", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
    { { siDEROID, pkcs9SigningTime, sizeof(pkcs9SigningTime) },
	  SEC_OID_PKCS9_SIGNING_TIME,
	  "PKCS #9 Signing Time", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
    { { siDEROID, pkcs9CounterSignature, sizeof(pkcs9CounterSignature) },
	  SEC_OID_PKCS9_COUNTER_SIGNATURE,
	  "PKCS #9 Counter Signature", CKM_INVALID_MECHANISM,
	  INVALID_CERT_EXTENSION },
    { { siDEROID, pkcs9ChallengePassword, sizeof(pkcs9ChallengePassword) },
	  SEC_OID_PKCS9_CHALLENGE_PASSWORD,
	  "PKCS #9 Challenge Password", CKM_INVALID_MECHANISM,
	  INVALID_CERT_EXTENSION },
    { { siDEROID, pkcs9UnstructuredAddress, sizeof(pkcs9UnstructuredAddress) },
	  SEC_OID_PKCS9_UNSTRUCTURED_ADDRESS,
	  "PKCS #9 Unstructured Address", CKM_INVALID_MECHANISM,
	  INVALID_CERT_EXTENSION },
    { { siDEROID, pkcs9ExtendedCertificateAttributes,
          sizeof(pkcs9ExtendedCertificateAttributes) },
	  SEC_OID_PKCS9_EXTENDED_CERTIFICATE_ATTRIBUTES,
	  "PKCS #9 Extended Certificate Attributes", CKM_INVALID_MECHANISM,
	  INVALID_CERT_EXTENSION },
    { { siDEROID, pkcs9SMIMECapabilities,
          sizeof(pkcs9SMIMECapabilities) },
	  SEC_OID_PKCS9_SMIME_CAPABILITIES,
	  "PKCS #9 S/MIME Capabilities", CKM_INVALID_MECHANISM,
	  INVALID_CERT_EXTENSION },
    { { siDEROID, x520CommonName,
	  sizeof(x520CommonName) },
	  SEC_OID_AVA_COMMON_NAME,
	  "X520 Common Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
    { { siDEROID, x520CountryName,
	  sizeof(x520CountryName) },
	  SEC_OID_AVA_COUNTRY_NAME,
	  "X520 Country Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
    { { siDEROID, x520LocalityName,
	  sizeof(x520LocalityName) },
	  SEC_OID_AVA_LOCALITY,
	  "X520 Locality Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
    { { siDEROID, x520StateOrProvinceName,
	  sizeof(x520StateOrProvinceName) },
	  SEC_OID_AVA_STATE_OR_PROVINCE,
	  "X520 State Or Province Name", CKM_INVALID_MECHANISM,
	  INVALID_CERT_EXTENSION },
    { { siDEROID, x520OrgName,
	  sizeof(x520OrgName) },
	  SEC_OID_AVA_ORGANIZATION_NAME,
	  "X520 Organization Name", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
    { { siDEROID, x520OrgUnitName,
	  sizeof(x520OrgUnitName) },
	  SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME,
	  "X520 Organizational Unit Name", CKM_INVALID_MECHANISM,
	  INVALID_CERT_EXTENSION },
    { { siDEROID, x520DnQualifier,
	  sizeof(x520DnQualifier) },
	  SEC_OID_AVA_DN_QUALIFIER,
	  "X520 DN Qualifier", CKM_INVALID_MECHANISM,
	  INVALID_CERT_EXTENSION },
    { { siDEROID, rfc2247DomainComponent,
	  sizeof(rfc2247DomainComponent), },
	  SEC_OID_AVA_DC,
	  "RFC 2247 Domain Component", CKM_INVALID_MECHANISM,
	  INVALID_CERT_EXTENSION },

    { { siDEROID, nsTypeGIF,
	  sizeof(nsTypeGIF) },
	  SEC_OID_NS_TYPE_GIF,
	  "GIF", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
    { { siDEROID, nsTypeJPEG,
	  sizeof(nsTypeJPEG) },
	  SEC_OID_NS_TYPE_JPEG,
	  "JPEG", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
    { { siDEROID, nsTypeURL,
	  sizeof(nsTypeURL) },
	  SEC_OID_NS_TYPE_URL,
	  "URL", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
    { { siDEROID, nsTypeHTML,
	  sizeof(nsTypeHTML) },
	  SEC_OID_NS_TYPE_HTML,
	  "HTML", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
    { { siDEROID, nsTypeCertSeq,
	  sizeof(nsTypeCertSeq) },
	  SEC_OID_NS_TYPE_CERT_SEQUENCE,
	  "Certificate Sequence", CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION },
    { { siDEROID, missiCertKEADSSOld, sizeof(missiCertKEADSSOld) },
          SEC_OID_MISSI_KEA_DSS_OLD, "MISSI KEA and DSS Algorithm (Old)",
	  CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION},
    { { siDEROID, missiCertDSSOld, sizeof(missiCertDSSOld) },
          SEC_OID_MISSI_DSS_OLD, "MISSI DSS Algorithm (Old)",
	  CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION  },
    { { siDEROID, missiCertKEADSS, sizeof(missiCertKEADSS) },
          SEC_OID_MISSI_KEA_DSS, "MISSI KEA and DSS Algorithm",
	  CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION  },