summaryrefslogtreecommitdiff
path: root/common/pkix.asn
diff options
context:
space:
mode:
Diffstat (limited to 'common/pkix.asn')
-rw-r--r--common/pkix.asn566
1 files changed, 0 insertions, 566 deletions
diff --git a/common/pkix.asn b/common/pkix.asn
deleted file mode 100644
index 38bb028..0000000
--- a/common/pkix.asn
+++ /dev/null
@@ -1,566 +0,0 @@
-
-PKIX1 { }
-
-DEFINITIONS IMPLICIT TAGS ::=
-
-BEGIN
-
--- This contains both PKIX1Implicit88 and RFC2630 ASN.1 modules.
-
-id-pkix OBJECT IDENTIFIER ::=
- { iso(1) identified-organization(3) dod(6) internet(1)
- security(5) mechanisms(5) pkix(7) }
-
--- ISO arc for standard certificate and CRL extensions
-
--- authority key identifier OID and syntax
-
-AuthorityKeyIdentifier ::= SEQUENCE {
- keyIdentifier [0] KeyIdentifier OPTIONAL,
- authorityCertIssuer [1] GeneralNames OPTIONAL,
- authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
- -- authorityCertIssuer and authorityCertSerialNumber shall both
- -- be present or both be absgent
-
-KeyIdentifier ::= OCTET STRING
-
--- subject key identifier OID and syntax
-
-SubjectKeyIdentifier ::= KeyIdentifier
-
--- key usage extension OID and syntax
-
-KeyUsage ::= BIT STRING
-
--- Directory string type --
-
-DirectoryString ::= CHOICE {
- teletexString TeletexString (SIZE (1..MAX)),
- printableString PrintableString (SIZE (1..MAX)),
- universalString UniversalString (SIZE (1..MAX)),
- utf8String UTF8String (SIZE (1..MAX)),
- bmpString BMPString (SIZE(1..MAX)),
- -- IA5String is added here to handle old UID encoded as ia5String --
- -- See tests/userid/ for more information. It shouldn't be here, --
- -- so if it causes problems, considering dropping it. --
- ia5String IA5String (SIZE(1..MAX)) }
-
-SubjectAltName ::= GeneralNames
-
-GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
-
-GeneralName ::= CHOICE {
- otherName [0] AnotherName,
- rfc822Name [1] IA5String,
- dNSName [2] IA5String,
- x400Address [3] ANY,
--- Changed to work with the libtasn1 parser.
- directoryName [4] EXPLICIT RDNSequence, --Name,
- ediPartyName [5] ANY, --EDIPartyName replaced by ANY to save memory
- uniformResourceIdentifier [6] IA5String,
- iPAddress [7] OCTET STRING,
- registeredID [8] OBJECT IDENTIFIER }
-
--- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as
--- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax
-
-AnotherName ::= SEQUENCE {
- type-id OBJECT IDENTIFIER,
- value [0] EXPLICIT ANY DEFINED BY type-id }
-
--- issuer alternative name extension OID and syntax
-
-IssuerAltName ::= GeneralNames
-
--- basic constraints extension OID and syntax
-
-BasicConstraints ::= SEQUENCE {
- cA BOOLEAN DEFAULT FALSE,
- pathLenConstraint INTEGER (0..MAX) OPTIONAL }
-
--- CRL distribution points extension OID and syntax
-
-CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
-
-DistributionPoint ::= SEQUENCE {
- distributionPoint [0] EXPLICIT DistributionPointName OPTIONAL,
- reasons [1] ReasonFlags OPTIONAL,
- cRLIssuer [2] GeneralNames OPTIONAL
-}
-
-DistributionPointName ::= CHOICE {
- fullName [0] GeneralNames,
- nameRelativeToCRLIssuer [1] RelativeDistinguishedName
-}
-
-ReasonFlags ::= BIT STRING
-
--- extended key usage extension OID and syntax
-
-ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
-
-KeyPurposeId ::= OBJECT IDENTIFIER
-
--- CRL number extension OID and syntax
-
-CRLNumber ::= INTEGER (0..MAX)
-
--- certificate issuer CRL entry extension OID and syntax
-
-CertificateIssuer ::= GeneralNames
-
--- --------------------------------------
--- EXPLICIT
--- --------------------------------------
-
--- UNIVERSAL Types defined in '93 and '98 ASN.1
--- but required by this specification
-
-NumericString ::= [UNIVERSAL 18] IMPLICIT OCTET STRING
-
-IA5String ::= [UNIVERSAL 22] IMPLICIT OCTET STRING
-
-TeletexString ::= [UNIVERSAL 20] IMPLICIT OCTET STRING
-
-PrintableString ::= [UNIVERSAL 19] IMPLICIT OCTET STRING
-
-UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING
- -- UniversalString is defined in ASN.1:1993
-
-BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING
- -- BMPString is the subtype of UniversalString and models
- -- the Basic Multilingual Plane of ISO/IEC/ITU 10646-1
-
-UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING
- -- The content of this type conforms to RFC 2279.
-
-
--- attribute data types --
-
-Attribute ::= SEQUENCE {
- type AttributeType,
- values SET OF AttributeValue
- -- at least one value is required --
-}
-
-AttributeType ::= OBJECT IDENTIFIER
-
-AttributeValue ::= ANY DEFINED BY type
-
-AttributeTypeAndValue ::= SEQUENCE {
- type AttributeType,
- value AttributeValue }
-
--- suggested naming attributes: Definition of the following
--- information object set may be augmented to meet local
--- requirements. Note that deleting members of the set may
--- prevent interoperability with conforming implementations.
--- presented in pairs: the AttributeType followed by the
--- type definition for the corresponding AttributeValue
-
--- Arc for standard naming attributes
-id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4}
-
--- Attributes of type NameDirectoryString
-
--- gnutls: Note that the Object ID (id-at*) is being set just before the
--- actual definition. This is done in order for asn1_find_structure_from_oid
--- to work (locate structure from OID).
--- Maybe this is inefficient and memory consuming. Should we replace with
--- a table that maps OIDs to structures?
-
-PostalAddress ::= SEQUENCE OF DirectoryString
-
- -- Legacy attributes
-
-emailAddress AttributeType ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 1 }
-
-Pkcs9email ::= IA5String (SIZE (1..ub-emailaddress-length))
-
--- naming data types --
-
-Name ::= CHOICE { -- only one possibility for now --
- rdnSequence RDNSequence }
-
-RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
-
-DistinguishedName ::= RDNSequence
-
-RelativeDistinguishedName ::=
- SET SIZE (1 .. MAX) OF AttributeTypeAndValue
-
-
-
--- --------------------------------------------------------
--- certificate and CRL specific structures begin here
--- --------------------------------------------------------
-
-Certificate ::= SEQUENCE {
- tbsCertificate TBSCertificate,
- signatureAlgorithm AlgorithmIdentifier,
- signature BIT STRING }
-
-TBSCertificate ::= SEQUENCE {
- version [0] EXPLICIT Version DEFAULT v1,
- serialNumber CertificateSerialNumber,
- signature AlgorithmIdentifier,
- issuer Name,
- validity Validity,
- subject Name,
- subjectPublicKeyInfo SubjectPublicKeyInfo,
- issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
- -- If present, version shall be v2 or v3
- subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
- -- If present, version shall be v2 or v3
- extensions [3] EXPLICIT Extensions OPTIONAL
- -- If present, version shall be v3 --
-}
-
-Version ::= INTEGER { v1(0), v2(1), v3(2) }
-
-CertificateSerialNumber ::= INTEGER
-
-Validity ::= SEQUENCE {
- notBefore Time,
- notAfter Time }
-
-Time ::= CHOICE {
- utcTime UTCTime,
- generalTime GeneralizedTime }
-
-UniqueIdentifier ::= BIT STRING
-
-SubjectPublicKeyInfo ::= SEQUENCE {
- algorithm AlgorithmIdentifier,
- subjectPublicKey BIT STRING }
-
-Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
-
-Extension ::= SEQUENCE {
- extnID OBJECT IDENTIFIER,
- critical BOOLEAN DEFAULT FALSE,
- extnValue OCTET STRING }
-
-
--- ------------------------------------------
--- CRL structures
--- ------------------------------------------
-
-CertificateList ::= SEQUENCE {
- tbsCertList TBSCertList,
- signatureAlgorithm AlgorithmIdentifier,
- signature BIT STRING }
-
-TBSCertList ::= SEQUENCE {
- version Version OPTIONAL,
- -- if present, shall be v2
- signature AlgorithmIdentifier,
- issuer Name,
- thisUpdate Time,
- nextUpdate Time OPTIONAL,
- revokedCertificates SEQUENCE OF SEQUENCE {
- userCertificate CertificateSerialNumber,
- revocationDate Time,
- crlEntryExtensions Extensions OPTIONAL
- -- if present, shall be v2
- } OPTIONAL,
- crlExtensions [0] EXPLICIT Extensions OPTIONAL
- -- if present, shall be v2 --
-}
-
--- Version, Time, CertificateSerialNumber, and Extensions were
--- defined earlier for use in the certificate structure
-
-AlgorithmIdentifier ::= SEQUENCE {
- algorithm OBJECT IDENTIFIER,
- parameters ANY DEFINED BY algorithm OPTIONAL }
- -- contains a value of the type
- -- registered for use with the
- -- algorithm object identifier value
-
--- Algorithm OIDs and parameter structures
-
-Dss-Sig-Value ::= SEQUENCE {
- r INTEGER,
- s INTEGER
-}
-
-DomainParameters ::= SEQUENCE {
- p INTEGER, -- odd prime, p=jq +1
- g INTEGER, -- generator, g
- q INTEGER, -- factor of p-1
- j INTEGER OPTIONAL, -- subgroup factor, j>= 2
- validationParms ValidationParms OPTIONAL }
-
-ValidationParms ::= SEQUENCE {
- seed BIT STRING,
- pgenCounter INTEGER }
-
-Dss-Parms ::= SEQUENCE {
- p INTEGER,
- q INTEGER,
- g INTEGER }
-
--- x400 address syntax starts here
--- OR Names
-
-CountryName ::= [APPLICATION 1] CHOICE {
- x121-dcc-code NumericString
- (SIZE (ub-country-name-numeric-length)),
- iso-3166-alpha2-code PrintableString
- (SIZE (ub-country-name-alpha-length)) }
-
-OrganizationName ::= PrintableString
- (SIZE (1..ub-organization-name-length))
--- see also teletex-organization-name
-
-NumericUserIdentifier ::= NumericString
- (SIZE (1..ub-numeric-user-id-length))
-
--- see also teletex-personal-name
-
-OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units)
- OF OrganizationalUnitName
--- see also teletex-organizational-unit-names
-
-OrganizationalUnitName ::= PrintableString (SIZE
- (1..ub-organizational-unit-name-length))
-
--- Extension types and attribute values
---
-
-CommonName ::= PrintableString
-
--- END of PKIX1Implicit88
-
-
--- BEGIN of RFC2630
-
--- Cryptographic Message Syntax
-
-pkcs-7-ContentInfo ::= SEQUENCE {
- contentType pkcs-7-ContentType,
- content [0] EXPLICIT ANY DEFINED BY contentType }
-
-pkcs-7-DigestInfo ::= SEQUENCE {
- digestAlgorithm pkcs-7-DigestAlgorithmIdentifier,
- digest pkcs-7-Digest
-}
-
-pkcs-7-Digest ::= OCTET STRING
-
-pkcs-7-ContentType ::= OBJECT IDENTIFIER
-
-pkcs-7-SignedData ::= SEQUENCE {
- version pkcs-7-CMSVersion,
- digestAlgorithms pkcs-7-DigestAlgorithmIdentifiers,
- encapContentInfo pkcs-7-EncapsulatedContentInfo,
- certificates [0] IMPLICIT pkcs-7-CertificateSet OPTIONAL,
- crls [1] IMPLICIT pkcs-7-CertificateRevocationLists OPTIONAL,
- signerInfos pkcs-7-SignerInfos
-}
-
-pkcs-7-CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4) }
-
-pkcs-7-DigestAlgorithmIdentifiers ::= SET OF pkcs-7-DigestAlgorithmIdentifier
-
-pkcs-7-DigestAlgorithmIdentifier ::= AlgorithmIdentifier
-
-pkcs-7-EncapsulatedContentInfo ::= SEQUENCE {
- eContentType pkcs-7-ContentType,
- eContent [0] EXPLICIT OCTET STRING OPTIONAL }
-
--- We don't use CertificateList here since we only want
--- to read the raw data.
-pkcs-7-CertificateRevocationLists ::= SET OF ANY
-
-pkcs-7-CertificateChoices ::= CHOICE {
--- Although the paper uses Certificate type, we
--- don't use it since, we don't need to parse it.
--- We only need to read and store it.
- certificate ANY
-}
-
-pkcs-7-CertificateSet ::= SET OF pkcs-7-CertificateChoices
-
-pkcs-7-SignerInfos ::= SET OF ANY -- this is not correct but we don't use it
- -- anyway
-
-
--- BEGIN of RFC2986
-
--- Certificate requests
-pkcs-10-CertificationRequestInfo ::= SEQUENCE {
- version INTEGER { v1(0) },
- subject Name,
- subjectPKInfo SubjectPublicKeyInfo,
- attributes [0] Attributes
-}
-
-Attributes ::= SET OF Attribute
-
-pkcs-10-CertificationRequest ::= SEQUENCE {
- certificationRequestInfo pkcs-10-CertificationRequestInfo,
- signatureAlgorithm AlgorithmIdentifier,
- signature BIT STRING
-}
-
--- stuff from PKCS#9
-
-pkcs-9-at-challengePassword OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 7}
-
-pkcs-9-challengePassword ::= CHOICE {
- printableString PrintableString,
- utf8String UTF8String }
-
-pkcs-9-localKeyId ::= OCTET STRING
-
--- PKCS #8 stuff
-
--- Private-key information syntax
-
-pkcs-8-PrivateKeyInfo ::= SEQUENCE {
- version pkcs-8-Version,
- privateKeyAlgorithm AlgorithmIdentifier,
- privateKey pkcs-8-PrivateKey,
- attributes [0] Attributes OPTIONAL }
-
-pkcs-8-Version ::= INTEGER {v1(0)}
-
-pkcs-8-PrivateKey ::= OCTET STRING
-
-pkcs-8-Attributes ::= SET OF Attribute
-
--- Encrypted private-key information syntax
-
-pkcs-8-EncryptedPrivateKeyInfo ::= SEQUENCE {
- encryptionAlgorithm AlgorithmIdentifier,
- encryptedData pkcs-8-EncryptedData
-}
-
-pkcs-8-EncryptedData ::= OCTET STRING
-
--- PKCS #5 stuff
-
-pkcs-5-des-EDE3-CBC-params ::= OCTET STRING (SIZE(8))
-pkcs-5-aes128-CBC-params ::= OCTET STRING (SIZE(16))
-pkcs-5-aes192-CBC-params ::= OCTET STRING (SIZE(16))
-pkcs-5-aes256-CBC-params ::= OCTET STRING (SIZE(16))
-
-pkcs-5-PBES2-params ::= SEQUENCE {
- keyDerivationFunc AlgorithmIdentifier,
- encryptionScheme AlgorithmIdentifier }
-
--- PBKDF2
-
--- pkcs-5-algid-hmacWithSHA1 AlgorithmIdentifier ::=
--- {algorithm pkcs-5-id-hmacWithSHA1, parameters NULL : NULL}
-
-pkcs-5-PBKDF2-params ::= SEQUENCE {
- salt CHOICE {
- specified OCTET STRING,
- otherSource AlgorithmIdentifier
- },
- iterationCount INTEGER (1..MAX),
- keyLength INTEGER (1..MAX) OPTIONAL,
- prf AlgorithmIdentifier OPTIONAL -- DEFAULT pkcs-5-id-hmacWithSHA1
-}
-
--- PKCS #12 stuff
-
-pkcs-12-PFX ::= SEQUENCE {
- version INTEGER {v3(3)},
- authSafe pkcs-7-ContentInfo,
- macData pkcs-12-MacData OPTIONAL
-}
-
-pkcs-12-PbeParams ::= SEQUENCE {
- salt OCTET STRING,
- iterations INTEGER
-}
-
-pkcs-12-MacData ::= SEQUENCE {
- mac pkcs-7-DigestInfo,
- macSalt OCTET STRING,
- iterations INTEGER DEFAULT 1
--- Note: The default is for historical reasons and its use is
--- deprecated. A higher value, like 1024 is recommended.
-}
-
-pkcs-12-AuthenticatedSafe ::= SEQUENCE OF pkcs-7-ContentInfo
- -- Data if unencrypted
- -- EncryptedData if password-encrypted
- -- EnvelopedData if public key-encrypted
-
-pkcs-12-SafeContents ::= SEQUENCE OF pkcs-12-SafeBag
-
-pkcs-12-SafeBag ::= SEQUENCE {
- bagId OBJECT IDENTIFIER,
- bagValue [0] EXPLICIT ANY DEFINED BY badId,
- bagAttributes SET OF pkcs-12-PKCS12Attribute OPTIONAL
-}
-
--- Bag types
-
-pkcs-12-KeyBag ::= pkcs-8-PrivateKeyInfo
-
--- Shrouded KeyBag
-
-pkcs-12-PKCS8ShroudedKeyBag ::= pkcs-8-EncryptedPrivateKeyInfo
-
--- CertBag
-
-pkcs-12-CertBag ::= SEQUENCE {
- certId OBJECT IDENTIFIER,
- certValue [0] EXPLICIT ANY DEFINED BY certId
-}
-
--- x509Certificate BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {pkcs-9-certTypes 1}}
--- DER-encoded X.509 certificate stored in OCTET STRING
-
-pkcs-12-CRLBag ::= SEQUENCE {
- crlId OBJECT IDENTIFIER,
- crlValue [0] EXPLICIT ANY DEFINED BY crlId
-}
-
-pkcs-12-SecretBag ::= SEQUENCE {
- secretTypeId OBJECT IDENTIFIER,
- secretValue [0] EXPLICIT ANY DEFINED BY secretTypeId
-}
-
--- x509CRL BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {pkcs-9-crlTypes 1}}
--- DER-encoded X.509 CRL stored in OCTET STRING
-
-pkcs-12-PKCS12Attribute ::= Attribute
-
--- PKCS #7 stuff (needed in PKCS 12)
-
-pkcs-7-Data ::= OCTET STRING
-
-pkcs-7-EncryptedData ::= SEQUENCE {
- version pkcs-7-CMSVersion,
- encryptedContentInfo pkcs-7-EncryptedContentInfo,
- unprotectedAttrs [1] IMPLICIT pkcs-7-UnprotectedAttributes OPTIONAL }
-
-pkcs-7-EncryptedContentInfo ::= SEQUENCE {
- contentType pkcs-7-ContentType,
- contentEncryptionAlgorithm pkcs-7-ContentEncryptionAlgorithmIdentifier,
- encryptedContent [0] IMPLICIT pkcs-7-EncryptedContent OPTIONAL }
-
-pkcs-7-ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
-
-pkcs-7-EncryptedContent ::= OCTET STRING
-
-pkcs-7-UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute
-
--- rfc3820
-
-ProxyCertInfo ::= SEQUENCE {
- pCPathLenConstraint INTEGER (0..MAX) OPTIONAL,
- proxyPolicy ProxyPolicy }
-
-ProxyPolicy ::= SEQUENCE {
- policyLanguage OBJECT IDENTIFIER,
- policy OCTET STRING OPTIONAL }
-
-END