diff options
Diffstat (limited to 'common/pkix.asn')
-rw-r--r-- | common/pkix.asn | 566 |
1 files changed, 0 insertions, 566 deletions
diff --git a/common/pkix.asn b/common/pkix.asn deleted file mode 100644 index 38bb028..0000000 --- a/common/pkix.asn +++ /dev/null @@ -1,566 +0,0 @@ - -PKIX1 { } - -DEFINITIONS IMPLICIT TAGS ::= - -BEGIN - --- This contains both PKIX1Implicit88 and RFC2630 ASN.1 modules. - -id-pkix OBJECT IDENTIFIER ::= - { iso(1) identified-organization(3) dod(6) internet(1) - security(5) mechanisms(5) pkix(7) } - --- ISO arc for standard certificate and CRL extensions - --- authority key identifier OID and syntax - -AuthorityKeyIdentifier ::= SEQUENCE { - keyIdentifier [0] KeyIdentifier OPTIONAL, - authorityCertIssuer [1] GeneralNames OPTIONAL, - authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } - -- authorityCertIssuer and authorityCertSerialNumber shall both - -- be present or both be absgent - -KeyIdentifier ::= OCTET STRING - --- subject key identifier OID and syntax - -SubjectKeyIdentifier ::= KeyIdentifier - --- key usage extension OID and syntax - -KeyUsage ::= BIT STRING - --- Directory string type -- - -DirectoryString ::= CHOICE { - teletexString TeletexString (SIZE (1..MAX)), - printableString PrintableString (SIZE (1..MAX)), - universalString UniversalString (SIZE (1..MAX)), - utf8String UTF8String (SIZE (1..MAX)), - bmpString BMPString (SIZE(1..MAX)), - -- IA5String is added here to handle old UID encoded as ia5String -- - -- See tests/userid/ for more information. It shouldn't be here, -- - -- so if it causes problems, considering dropping it. -- - ia5String IA5String (SIZE(1..MAX)) } - -SubjectAltName ::= GeneralNames - -GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName - -GeneralName ::= CHOICE { - otherName [0] AnotherName, - rfc822Name [1] IA5String, - dNSName [2] IA5String, - x400Address [3] ANY, --- Changed to work with the libtasn1 parser. - directoryName [4] EXPLICIT RDNSequence, --Name, - ediPartyName [5] ANY, --EDIPartyName replaced by ANY to save memory - uniformResourceIdentifier [6] IA5String, - iPAddress [7] OCTET STRING, - registeredID [8] OBJECT IDENTIFIER } - --- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as --- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax - -AnotherName ::= SEQUENCE { - type-id OBJECT IDENTIFIER, - value [0] EXPLICIT ANY DEFINED BY type-id } - --- issuer alternative name extension OID and syntax - -IssuerAltName ::= GeneralNames - --- basic constraints extension OID and syntax - -BasicConstraints ::= SEQUENCE { - cA BOOLEAN DEFAULT FALSE, - pathLenConstraint INTEGER (0..MAX) OPTIONAL } - --- CRL distribution points extension OID and syntax - -CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint - -DistributionPoint ::= SEQUENCE { - distributionPoint [0] EXPLICIT DistributionPointName OPTIONAL, - reasons [1] ReasonFlags OPTIONAL, - cRLIssuer [2] GeneralNames OPTIONAL -} - -DistributionPointName ::= CHOICE { - fullName [0] GeneralNames, - nameRelativeToCRLIssuer [1] RelativeDistinguishedName -} - -ReasonFlags ::= BIT STRING - --- extended key usage extension OID and syntax - -ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId - -KeyPurposeId ::= OBJECT IDENTIFIER - --- CRL number extension OID and syntax - -CRLNumber ::= INTEGER (0..MAX) - --- certificate issuer CRL entry extension OID and syntax - -CertificateIssuer ::= GeneralNames - --- -------------------------------------- --- EXPLICIT --- -------------------------------------- - --- UNIVERSAL Types defined in '93 and '98 ASN.1 --- but required by this specification - -NumericString ::= [UNIVERSAL 18] IMPLICIT OCTET STRING - -IA5String ::= [UNIVERSAL 22] IMPLICIT OCTET STRING - -TeletexString ::= [UNIVERSAL 20] IMPLICIT OCTET STRING - -PrintableString ::= [UNIVERSAL 19] IMPLICIT OCTET STRING - -UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING - -- UniversalString is defined in ASN.1:1993 - -BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING - -- BMPString is the subtype of UniversalString and models - -- the Basic Multilingual Plane of ISO/IEC/ITU 10646-1 - -UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING - -- The content of this type conforms to RFC 2279. - - --- attribute data types -- - -Attribute ::= SEQUENCE { - type AttributeType, - values SET OF AttributeValue - -- at least one value is required -- -} - -AttributeType ::= OBJECT IDENTIFIER - -AttributeValue ::= ANY DEFINED BY type - -AttributeTypeAndValue ::= SEQUENCE { - type AttributeType, - value AttributeValue } - --- suggested naming attributes: Definition of the following --- information object set may be augmented to meet local --- requirements. Note that deleting members of the set may --- prevent interoperability with conforming implementations. --- presented in pairs: the AttributeType followed by the --- type definition for the corresponding AttributeValue - --- Arc for standard naming attributes -id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} - --- Attributes of type NameDirectoryString - --- gnutls: Note that the Object ID (id-at*) is being set just before the --- actual definition. This is done in order for asn1_find_structure_from_oid --- to work (locate structure from OID). --- Maybe this is inefficient and memory consuming. Should we replace with --- a table that maps OIDs to structures? - -PostalAddress ::= SEQUENCE OF DirectoryString - - -- Legacy attributes - -emailAddress AttributeType ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 1 } - -Pkcs9email ::= IA5String (SIZE (1..ub-emailaddress-length)) - --- naming data types -- - -Name ::= CHOICE { -- only one possibility for now -- - rdnSequence RDNSequence } - -RDNSequence ::= SEQUENCE OF RelativeDistinguishedName - -DistinguishedName ::= RDNSequence - -RelativeDistinguishedName ::= - SET SIZE (1 .. MAX) OF AttributeTypeAndValue - - - --- -------------------------------------------------------- --- certificate and CRL specific structures begin here --- -------------------------------------------------------- - -Certificate ::= SEQUENCE { - tbsCertificate TBSCertificate, - signatureAlgorithm AlgorithmIdentifier, - signature BIT STRING } - -TBSCertificate ::= SEQUENCE { - version [0] EXPLICIT Version DEFAULT v1, - serialNumber CertificateSerialNumber, - signature AlgorithmIdentifier, - issuer Name, - validity Validity, - subject Name, - subjectPublicKeyInfo SubjectPublicKeyInfo, - issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, - -- If present, version shall be v2 or v3 - subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, - -- If present, version shall be v2 or v3 - extensions [3] EXPLICIT Extensions OPTIONAL - -- If present, version shall be v3 -- -} - -Version ::= INTEGER { v1(0), v2(1), v3(2) } - -CertificateSerialNumber ::= INTEGER - -Validity ::= SEQUENCE { - notBefore Time, - notAfter Time } - -Time ::= CHOICE { - utcTime UTCTime, - generalTime GeneralizedTime } - -UniqueIdentifier ::= BIT STRING - -SubjectPublicKeyInfo ::= SEQUENCE { - algorithm AlgorithmIdentifier, - subjectPublicKey BIT STRING } - -Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension - -Extension ::= SEQUENCE { - extnID OBJECT IDENTIFIER, - critical BOOLEAN DEFAULT FALSE, - extnValue OCTET STRING } - - --- ------------------------------------------ --- CRL structures --- ------------------------------------------ - -CertificateList ::= SEQUENCE { - tbsCertList TBSCertList, - signatureAlgorithm AlgorithmIdentifier, - signature BIT STRING } - -TBSCertList ::= SEQUENCE { - version Version OPTIONAL, - -- if present, shall be v2 - signature AlgorithmIdentifier, - issuer Name, - thisUpdate Time, - nextUpdate Time OPTIONAL, - revokedCertificates SEQUENCE OF SEQUENCE { - userCertificate CertificateSerialNumber, - revocationDate Time, - crlEntryExtensions Extensions OPTIONAL - -- if present, shall be v2 - } OPTIONAL, - crlExtensions [0] EXPLICIT Extensions OPTIONAL - -- if present, shall be v2 -- -} - --- Version, Time, CertificateSerialNumber, and Extensions were --- defined earlier for use in the certificate structure - -AlgorithmIdentifier ::= SEQUENCE { - algorithm OBJECT IDENTIFIER, - parameters ANY DEFINED BY algorithm OPTIONAL } - -- contains a value of the type - -- registered for use with the - -- algorithm object identifier value - --- Algorithm OIDs and parameter structures - -Dss-Sig-Value ::= SEQUENCE { - r INTEGER, - s INTEGER -} - -DomainParameters ::= SEQUENCE { - p INTEGER, -- odd prime, p=jq +1 - g INTEGER, -- generator, g - q INTEGER, -- factor of p-1 - j INTEGER OPTIONAL, -- subgroup factor, j>= 2 - validationParms ValidationParms OPTIONAL } - -ValidationParms ::= SEQUENCE { - seed BIT STRING, - pgenCounter INTEGER } - -Dss-Parms ::= SEQUENCE { - p INTEGER, - q INTEGER, - g INTEGER } - --- x400 address syntax starts here --- OR Names - -CountryName ::= [APPLICATION 1] CHOICE { - x121-dcc-code NumericString - (SIZE (ub-country-name-numeric-length)), - iso-3166-alpha2-code PrintableString - (SIZE (ub-country-name-alpha-length)) } - -OrganizationName ::= PrintableString - (SIZE (1..ub-organization-name-length)) --- see also teletex-organization-name - -NumericUserIdentifier ::= NumericString - (SIZE (1..ub-numeric-user-id-length)) - --- see also teletex-personal-name - -OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units) - OF OrganizationalUnitName --- see also teletex-organizational-unit-names - -OrganizationalUnitName ::= PrintableString (SIZE - (1..ub-organizational-unit-name-length)) - --- Extension types and attribute values --- - -CommonName ::= PrintableString - --- END of PKIX1Implicit88 - - --- BEGIN of RFC2630 - --- Cryptographic Message Syntax - -pkcs-7-ContentInfo ::= SEQUENCE { - contentType pkcs-7-ContentType, - content [0] EXPLICIT ANY DEFINED BY contentType } - -pkcs-7-DigestInfo ::= SEQUENCE { - digestAlgorithm pkcs-7-DigestAlgorithmIdentifier, - digest pkcs-7-Digest -} - -pkcs-7-Digest ::= OCTET STRING - -pkcs-7-ContentType ::= OBJECT IDENTIFIER - -pkcs-7-SignedData ::= SEQUENCE { - version pkcs-7-CMSVersion, - digestAlgorithms pkcs-7-DigestAlgorithmIdentifiers, - encapContentInfo pkcs-7-EncapsulatedContentInfo, - certificates [0] IMPLICIT pkcs-7-CertificateSet OPTIONAL, - crls [1] IMPLICIT pkcs-7-CertificateRevocationLists OPTIONAL, - signerInfos pkcs-7-SignerInfos -} - -pkcs-7-CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4) } - -pkcs-7-DigestAlgorithmIdentifiers ::= SET OF pkcs-7-DigestAlgorithmIdentifier - -pkcs-7-DigestAlgorithmIdentifier ::= AlgorithmIdentifier - -pkcs-7-EncapsulatedContentInfo ::= SEQUENCE { - eContentType pkcs-7-ContentType, - eContent [0] EXPLICIT OCTET STRING OPTIONAL } - --- We don't use CertificateList here since we only want --- to read the raw data. -pkcs-7-CertificateRevocationLists ::= SET OF ANY - -pkcs-7-CertificateChoices ::= CHOICE { --- Although the paper uses Certificate type, we --- don't use it since, we don't need to parse it. --- We only need to read and store it. - certificate ANY -} - -pkcs-7-CertificateSet ::= SET OF pkcs-7-CertificateChoices - -pkcs-7-SignerInfos ::= SET OF ANY -- this is not correct but we don't use it - -- anyway - - --- BEGIN of RFC2986 - --- Certificate requests -pkcs-10-CertificationRequestInfo ::= SEQUENCE { - version INTEGER { v1(0) }, - subject Name, - subjectPKInfo SubjectPublicKeyInfo, - attributes [0] Attributes -} - -Attributes ::= SET OF Attribute - -pkcs-10-CertificationRequest ::= SEQUENCE { - certificationRequestInfo pkcs-10-CertificationRequestInfo, - signatureAlgorithm AlgorithmIdentifier, - signature BIT STRING -} - --- stuff from PKCS#9 - -pkcs-9-at-challengePassword OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 7} - -pkcs-9-challengePassword ::= CHOICE { - printableString PrintableString, - utf8String UTF8String } - -pkcs-9-localKeyId ::= OCTET STRING - --- PKCS #8 stuff - --- Private-key information syntax - -pkcs-8-PrivateKeyInfo ::= SEQUENCE { - version pkcs-8-Version, - privateKeyAlgorithm AlgorithmIdentifier, - privateKey pkcs-8-PrivateKey, - attributes [0] Attributes OPTIONAL } - -pkcs-8-Version ::= INTEGER {v1(0)} - -pkcs-8-PrivateKey ::= OCTET STRING - -pkcs-8-Attributes ::= SET OF Attribute - --- Encrypted private-key information syntax - -pkcs-8-EncryptedPrivateKeyInfo ::= SEQUENCE { - encryptionAlgorithm AlgorithmIdentifier, - encryptedData pkcs-8-EncryptedData -} - -pkcs-8-EncryptedData ::= OCTET STRING - --- PKCS #5 stuff - -pkcs-5-des-EDE3-CBC-params ::= OCTET STRING (SIZE(8)) -pkcs-5-aes128-CBC-params ::= OCTET STRING (SIZE(16)) -pkcs-5-aes192-CBC-params ::= OCTET STRING (SIZE(16)) -pkcs-5-aes256-CBC-params ::= OCTET STRING (SIZE(16)) - -pkcs-5-PBES2-params ::= SEQUENCE { - keyDerivationFunc AlgorithmIdentifier, - encryptionScheme AlgorithmIdentifier } - --- PBKDF2 - --- pkcs-5-algid-hmacWithSHA1 AlgorithmIdentifier ::= --- {algorithm pkcs-5-id-hmacWithSHA1, parameters NULL : NULL} - -pkcs-5-PBKDF2-params ::= SEQUENCE { - salt CHOICE { - specified OCTET STRING, - otherSource AlgorithmIdentifier - }, - iterationCount INTEGER (1..MAX), - keyLength INTEGER (1..MAX) OPTIONAL, - prf AlgorithmIdentifier OPTIONAL -- DEFAULT pkcs-5-id-hmacWithSHA1 -} - --- PKCS #12 stuff - -pkcs-12-PFX ::= SEQUENCE { - version INTEGER {v3(3)}, - authSafe pkcs-7-ContentInfo, - macData pkcs-12-MacData OPTIONAL -} - -pkcs-12-PbeParams ::= SEQUENCE { - salt OCTET STRING, - iterations INTEGER -} - -pkcs-12-MacData ::= SEQUENCE { - mac pkcs-7-DigestInfo, - macSalt OCTET STRING, - iterations INTEGER DEFAULT 1 --- Note: The default is for historical reasons and its use is --- deprecated. A higher value, like 1024 is recommended. -} - -pkcs-12-AuthenticatedSafe ::= SEQUENCE OF pkcs-7-ContentInfo - -- Data if unencrypted - -- EncryptedData if password-encrypted - -- EnvelopedData if public key-encrypted - -pkcs-12-SafeContents ::= SEQUENCE OF pkcs-12-SafeBag - -pkcs-12-SafeBag ::= SEQUENCE { - bagId OBJECT IDENTIFIER, - bagValue [0] EXPLICIT ANY DEFINED BY badId, - bagAttributes SET OF pkcs-12-PKCS12Attribute OPTIONAL -} - --- Bag types - -pkcs-12-KeyBag ::= pkcs-8-PrivateKeyInfo - --- Shrouded KeyBag - -pkcs-12-PKCS8ShroudedKeyBag ::= pkcs-8-EncryptedPrivateKeyInfo - --- CertBag - -pkcs-12-CertBag ::= SEQUENCE { - certId OBJECT IDENTIFIER, - certValue [0] EXPLICIT ANY DEFINED BY certId -} - --- x509Certificate BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {pkcs-9-certTypes 1}} --- DER-encoded X.509 certificate stored in OCTET STRING - -pkcs-12-CRLBag ::= SEQUENCE { - crlId OBJECT IDENTIFIER, - crlValue [0] EXPLICIT ANY DEFINED BY crlId -} - -pkcs-12-SecretBag ::= SEQUENCE { - secretTypeId OBJECT IDENTIFIER, - secretValue [0] EXPLICIT ANY DEFINED BY secretTypeId -} - --- x509CRL BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {pkcs-9-crlTypes 1}} --- DER-encoded X.509 CRL stored in OCTET STRING - -pkcs-12-PKCS12Attribute ::= Attribute - --- PKCS #7 stuff (needed in PKCS 12) - -pkcs-7-Data ::= OCTET STRING - -pkcs-7-EncryptedData ::= SEQUENCE { - version pkcs-7-CMSVersion, - encryptedContentInfo pkcs-7-EncryptedContentInfo, - unprotectedAttrs [1] IMPLICIT pkcs-7-UnprotectedAttributes OPTIONAL } - -pkcs-7-EncryptedContentInfo ::= SEQUENCE { - contentType pkcs-7-ContentType, - contentEncryptionAlgorithm pkcs-7-ContentEncryptionAlgorithmIdentifier, - encryptedContent [0] IMPLICIT pkcs-7-EncryptedContent OPTIONAL } - -pkcs-7-ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier - -pkcs-7-EncryptedContent ::= OCTET STRING - -pkcs-7-UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute - --- rfc3820 - -ProxyCertInfo ::= SEQUENCE { - pCPathLenConstraint INTEGER (0..MAX) OPTIONAL, - proxyPolicy ProxyPolicy } - -ProxyPolicy ::= SEQUENCE { - policyLanguage OBJECT IDENTIFIER, - policy OCTET STRING OPTIONAL } - -END |