aboutsummaryrefslogblamecommitdiffstats
path: root/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXAlgs-2009.asn1
blob: d58bcb5b19c869418d5bbc1230999a1ab6ee4d6c (plain) (tree)
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528


















































































































































                                                                        

                                                                                                    


























































































































































































































































































































































































                                                                       
   PKIXAlgs-2009 { iso(1) identified-organization(3) dod(6)
     internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
     id-mod-pkix1-algorithms2008-02(56) }

   DEFINITIONS EXPLICIT TAGS ::=
   BEGIN
   IMPORTS

   PUBLIC-KEY, SIGNATURE-ALGORITHM, DIGEST-ALGORITHM, SMIME-CAPS
   FROM AlgorithmInformation-2009
       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
       mechanisms(5) pkix(7) id-mod(0)
       id-mod-algorithmInformation-02(58)}

   mda-sha224, mda-sha256, mda-sha384, mda-sha512
   FROM PKIX1-PSS-OAEP-Algorithms-2009
       {iso(1) identified-organization(3) dod(6) internet(1)
       security(5) mechanisms(5) pkix(7) id-mod(0)
       id-mod-pkix1-rsa-pkalgs-02(54)} ;

   --
   -- Public Key (pk-) Algorithms
   --

   PublicKeys PUBLIC-KEY ::= {
    pk-rsa  |
    pk-dsa  |
    pk-dh   |
    pk-kea,
    ...,
    pk-ec   |
    pk-ecDH |
    pk-ecMQV
   }

   --
   -- Signature Algorithms (sa-)
   --

   SignatureAlgs SIGNATURE-ALGORITHM ::= {
    sa-rsaWithMD2      |
    sa-rsaWithMD5      |
    sa-rsaWithSHA1     |
    sa-dsaWithSHA1     |
    sa-ecdsaWithSHA1,
    ..., -- Extensible
    sa-dsaWithSHA224   |
    sa-dsaWithSHA256   |
    sa-ecdsaWithSHA224 |
    sa-ecdsaWithSHA256 |
    sa-ecdsaWithSHA384 |
    sa-ecdsaWithSHA512
   }

   --
   -- S/MIME CAPS for algorithms in this document
   --
   -- For all of the algorithms laid out in this document, the
   -- parameters field for the S/MIME capabilities is defined as
   -- ABSENT as there are no specific values that need to be known
   -- by the receiver for negotiation.

   --

   SMimeCaps SMIME-CAPS ::= {
    sa-rsaWithMD2.&smimeCaps      |
    sa-rsaWithMD5.&smimeCaps      |
    sa-rsaWithSHA1.&smimeCaps     |
    sa-dsaWithSHA1.&smimeCaps     |
    sa-dsaWithSHA224.&smimeCaps   |
    sa-dsaWithSHA256.&smimeCaps   |
    sa-ecdsaWithSHA1.&smimeCaps   |
    sa-ecdsaWithSHA224.&smimeCaps |
    sa-ecdsaWithSHA256.&smimeCaps |
    sa-ecdsaWithSHA384.&smimeCaps |
    sa-ecdsaWithSHA512.&smimeCaps,
    ... }

   -- RSA PK Algorithm, Parameters, and Keys

   pk-rsa PUBLIC-KEY ::= {
    IDENTIFIER rsaEncryption
    KEY RSAPublicKey
    PARAMS TYPE NULL ARE absent
    -- Private key format not in this module --
    CERT-KEY-USAGE {digitalSignature, nonRepudiation,
    keyEncipherment, dataEncipherment, keyCertSign, cRLSign}
   }

   rsaEncryption OBJECT IDENTIFIER ::= {
    iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
    pkcs-1(1) 1 }

   RSAPublicKey ::= SEQUENCE {
    modulus         INTEGER, -- n
    publicExponent  INTEGER  -- e
   }

   -- DSA PK Algorithm, Parameters, and Keys

   pk-dsa PUBLIC-KEY ::= {
    IDENTIFIER id-dsa
    KEY DSAPublicKey
    PARAMS TYPE DSA-Params ARE inheritable
    -- Private key format not in this module --
    CERT-KEY-USAGE { digitalSignature, nonRepudiation, keyCertSign,
                        cRLSign }
   }

   id-dsa OBJECT IDENTIFIER ::= {
    iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 }

   DSA-Params ::= SEQUENCE {
    p  INTEGER,
    q  INTEGER,
    g  INTEGER
   }

   DSAPublicKey ::= INTEGER --  public key, y

   -- Diffie-Hellman PK Algorithm, Parameters, and Keys

   pk-dh PUBLIC-KEY ::= {
    IDENTIFIER dhpublicnumber
    KEY DHPublicKey
    PARAMS TYPE DomainParameters ARE inheritable
    -- Private key format not in this module --
    CERT-KEY-USAGE {keyAgreement, encipherOnly, decipherOnly }
   }

   dhpublicnumber OBJECT IDENTIFIER ::= {
    iso(1) member-body(2) us(840) ansi-x942(10046)
    number-type(2) 1 }

   DomainParameters ::= SEQUENCE {
    p                INTEGER,           -- odd prime, p=jq +1
    g                INTEGER,           -- generator, g
    q                INTEGER,           -- factor of p-1
    j                INTEGER OPTIONAL,  -- subgroup factor, j>= 2
    validationParams  ValidationParams OPTIONAL
   }

   ValidationParams ::= SEQUENCE {
    seed         BIT STRING,
    pgenCounter  INTEGER
   }

   DiffieHellmanPublicNumber ::= INTEGER   -- according to http://wikisec.free.fr/crypto/crypto.html

   DHPublicKey ::= INTEGER  -- public key, y = g^x mod p

   -- KEA PK Algorithm and Parameters

   pk-kea PUBLIC-KEY ::= {
    IDENTIFIER id-keyExchangeAlgorithm
    -- key is not encoded --
    PARAMS TYPE KEA-Params-Id ARE required
    -- Private key format not in this module --
    CERT-KEY-USAGE {keyAgreement, encipherOnly, decipherOnly }
   }
   id-keyExchangeAlgorithm OBJECT IDENTIFIER ::= {
       joint-iso-itu-t(2) country(16) us(840) organization(1)
       gov(101) dod(2) infosec(1) algorithms(1) 22 }

   KEA-Params-Id ::= OCTET STRING

   -- Elliptic Curve (EC) Signatures: Unrestricted Algorithms
   --  (Section 2.1.1 of RFC 5480)
   --
   -- EC Unrestricted Algorithm ID -- -- this is used for ECDSA

   pk-ec PUBLIC-KEY ::= {
    IDENTIFIER id-ecPublicKey
    KEY ECPoint
    PARAMS TYPE ECParameters ARE required
    -- Private key format not in this module --
    CERT-KEY-USAGE { digitalSignature, nonRepudiation, keyAgreement,
                         keyCertSign, cRLSign }
   }

   ECPoint ::= OCTET STRING -- see RFC 5480 for syntax and restrictions

   id-ecPublicKey OBJECT IDENTIFIER ::= {
    iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 }

   -- Elliptic Curve (EC) Signatures: Restricted Algorithms
   --  (Section 2.1.2 of RFC 5480)
   --
   -- EC Diffie-Hellman Algorithm ID

   pk-ecDH PUBLIC-KEY ::= {
    IDENTIFIER id-ecDH
    KEY ECPoint
    PARAMS TYPE ECParameters ARE required
    -- Private key format not in this module --
    CERT-KEY-USAGE { keyAgreement, encipherOnly, decipherOnly }
   }

   id-ecDH OBJECT IDENTIFIER ::= {
    iso(1) identified-organization(3) certicom(132) schemes(1)
    ecdh(12) }

   -- EC Menezes-Qu-Vanstone Algorithm ID

   pk-ecMQV PUBLIC-KEY ::= {
    IDENTIFIER id-ecMQV
    KEY ECPoint
    PARAMS TYPE ECParameters ARE required
    -- Private key format not in this module --
    CERT-KEY-USAGE { keyAgreement, encipherOnly, decipherOnly }
   }

   id-ecMQV OBJECT IDENTIFIER ::= {
    iso(1) identified-organization(3) certicom(132) schemes(1)
    ecmqv(13) }

   -- Parameters and Keys for both Restricted and Unrestricted EC

   ECParameters ::= CHOICE {
    namedCurve      CURVE.&id({NamedCurve})
    -- implicitCurve   NULL
      -- implicitCurve MUST NOT be used in PKIX
    -- specifiedCurve  SpecifiedCurve
      -- specifiedCurve MUST NOT be used in PKIX
      -- Details for specifiedCurve can be found in [X9.62]
      -- Any future additions to this CHOICE should be coordinated
      -- with ANSI X.9.
   }
   -- If you need to be able to decode ANSI X.9 parameter structures,
   -- uncomment the implicitCurve and specifiedCurve above, and also
   -- uncomment the following:
   --(WITH COMPONENTS {namedCurve PRESENT})

   -- Sec 2.1.1.1 Named Curve

   CURVE ::= CLASS { &id OBJECT IDENTIFIER UNIQUE }
    WITH SYNTAX { ID &id }

   NamedCurve CURVE ::= {
   { ID secp192r1 } | { ID sect163k1 } | { ID sect163r2 } |
   { ID secp224r1 } | { ID sect233k1 } | { ID sect233r1 } |
   { ID secp256r1 } | { ID sect283k1 } | { ID sect283r1 } |
   { ID secp384r1 } | { ID sect409k1 } | { ID sect409r1 } |
   { ID secp521r1 } | { ID sect571k1 } | { ID sect571r1 },
   ... -- Extensible
   }

   -- Note in [X9.62] the curves are referred to as 'ansiX9' as
   -- opposed to 'sec'.  For example, secp192r1 is the same curve as
   -- ansix9p192r1.

   -- Note that in [PKI-ALG] the secp192r1 curve was referred to as
   -- prime192v1 and the secp256r1 curve was referred to as
   -- prime256v1.

   -- Note that [FIPS186-3] refers to secp192r1 as P-192,
   -- secp224r1 as P-224, secp256r1 as P-256, secp384r1 as P-384,
   -- and secp521r1 as P-521.

   secp192r1 OBJECT IDENTIFIER ::= {
    iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
    prime(1) 1 }

   sect163k1 OBJECT IDENTIFIER ::= {
    iso(1) identified-organization(3) certicom(132) curve(0) 1 }

   sect163r2 OBJECT IDENTIFIER ::= {
    iso(1) identified-organization(3) certicom(132) curve(0) 15 }

   secp224r1 OBJECT IDENTIFIER ::= {
    iso(1) identified-organization(3) certicom(132) curve(0) 33 }

   sect233k1 OBJECT IDENTIFIER ::= {
    iso(1) identified-organization(3) certicom(132) curve(0) 26 }

   sect233r1 OBJECT IDENTIFIER ::= {
    iso(1) identified-organization(3) certicom(132) curve(0) 27 }

   secp256r1 OBJECT IDENTIFIER ::= {
    iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
    prime(1) 7 }

   sect283k1 OBJECT IDENTIFIER ::= {
    iso(1) identified-organization(3) certicom(132) curve(0) 16 }

   sect283r1 OBJECT IDENTIFIER ::= {
    iso(1) identified-organization(3) certicom(132) curve(0) 17 }

   secp384r1 OBJECT IDENTIFIER ::= {
    iso(1) identified-organization(3) certicom(132) curve(0) 34 }

   sect409k1 OBJECT IDENTIFIER ::= {
    iso(1) identified-organization(3) certicom(132) curve(0) 36 }

   sect409r1 OBJECT IDENTIFIER ::= {
    iso(1) identified-organization(3) certicom(132) curve(0) 37 }

   secp521r1 OBJECT IDENTIFIER ::= {
    iso(1) identified-organization(3) certicom(132) curve(0) 35 }

   sect571k1 OBJECT IDENTIFIER ::= {
    iso(1) identified-organization(3) certicom(132) curve(0) 38 }

   sect571r1 OBJECT IDENTIFIER ::= {
    iso(1) identified-organization(3) certicom(132) curve(0) 39 }

   -- RSA with MD-2

   sa-rsaWithMD2 SIGNATURE-ALGORITHM ::= {
    IDENTIFIER md2WithRSAEncryption
    PARAMS TYPE NULL ARE required
    HASHES { mda-md2 }
    PUBLIC-KEYS { pk-rsa }
    SMIME-CAPS { IDENTIFIED BY md2WithRSAEncryption }
   }

   md2WithRSAEncryption OBJECT IDENTIFIER ::= {
    iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
    pkcs-1(1) 2 }

   -- RSA with MD-5

   sa-rsaWithMD5 SIGNATURE-ALGORITHM ::= {
    IDENTIFIER md5WithRSAEncryption
    PARAMS TYPE NULL ARE required
    HASHES { mda-md5 }
    PUBLIC-KEYS { pk-rsa }
    SMIME-CAPS { IDENTIFIED BY md5WithRSAEncryption }
   }

   md5WithRSAEncryption OBJECT IDENTIFIER ::= {
    iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
    pkcs-1(1) 4 }

   -- RSA with SHA-1

   sa-rsaWithSHA1 SIGNATURE-ALGORITHM ::= {
    IDENTIFIER sha1WithRSAEncryption
    PARAMS TYPE NULL ARE required
    HASHES { mda-sha1 }
    PUBLIC-KEYS { pk-rsa }
    SMIME-CAPS {IDENTIFIED BY sha1WithRSAEncryption }
   }

   sha1WithRSAEncryption OBJECT IDENTIFIER ::= {
    iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
    pkcs-1(1) 5 }

   -- DSA with SHA-1

   sa-dsaWithSHA1 SIGNATURE-ALGORITHM ::= {
    IDENTIFIER dsa-with-sha1
    VALUE DSA-Sig-Value
    PARAMS TYPE NULL ARE absent
    HASHES { mda-sha1 }
    PUBLIC-KEYS { pk-dsa }
    SMIME-CAPS { IDENTIFIED BY dsa-with-sha1 }
   }

   dsa-with-sha1 OBJECT IDENTIFIER ::=  {
    iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 3 }

   -- DSA with SHA-224

   sa-dsaWithSHA224 SIGNATURE-ALGORITHM ::= {
    IDENTIFIER dsa-with-sha224
    VALUE DSA-Sig-Value
    PARAMS TYPE NULL ARE absent
    HASHES { mda-sha224 }
    PUBLIC-KEYS { pk-dsa }
    SMIME-CAPS { IDENTIFIED BY dsa-with-sha224 }
   }

   dsa-with-sha224 OBJECT IDENTIFIER  ::=  {
    joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101)
    csor(3) algorithms(4) id-dsa-with-sha2(3) 1 }

   -- DSA with SHA-256

   sa-dsaWithSHA256 SIGNATURE-ALGORITHM ::= {
    IDENTIFIER dsa-with-sha256
    VALUE DSA-Sig-Value
    PARAMS TYPE NULL ARE absent
    HASHES { mda-sha256 }
    PUBLIC-KEYS { pk-dsa }
    SMIME-CAPS { IDENTIFIED BY dsa-with-sha256 }
   }

   dsa-with-sha256 OBJECT IDENTIFIER  ::=  {
    joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101)
    csor(3) algorithms(4) id-dsa-with-sha2(3) 2 }

   -- ECDSA with SHA-1

   sa-ecdsaWithSHA1 SIGNATURE-ALGORITHM ::= {
    IDENTIFIER ecdsa-with-SHA1
    VALUE ECDSA-Sig-Value
    PARAMS TYPE NULL ARE absent
    HASHES { mda-sha1 }
    PUBLIC-KEYS { pk-ec }
    SMIME-CAPS {IDENTIFIED BY ecdsa-with-SHA1 }
   }

   ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
    iso(1) member-body(2) us(840) ansi-X9-62(10045)
    signatures(4) 1 }

   -- ECDSA with SHA-224

   sa-ecdsaWithSHA224 SIGNATURE-ALGORITHM ::= {
    IDENTIFIER ecdsa-with-SHA224
    VALUE ECDSA-Sig-Value
    PARAMS TYPE NULL ARE absent
    HASHES { mda-sha224 }
    PUBLIC-KEYS { pk-ec }
    SMIME-CAPS { IDENTIFIED BY ecdsa-with-SHA224 }
   }

   ecdsa-with-SHA224 OBJECT IDENTIFIER ::= {
    iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
    ecdsa-with-SHA2(3) 1 }

   -- ECDSA with SHA-256

   sa-ecdsaWithSHA256 SIGNATURE-ALGORITHM ::= {
    IDENTIFIER ecdsa-with-SHA256
    VALUE ECDSA-Sig-Value
    PARAMS TYPE NULL ARE absent
    HASHES { mda-sha256 }
    PUBLIC-KEYS { pk-ec }
    SMIME-CAPS { IDENTIFIED BY ecdsa-with-SHA256 }
   }

   ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
    iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
    ecdsa-with-SHA2(3) 2 }

   -- ECDSA with SHA-384

   sa-ecdsaWithSHA384 SIGNATURE-ALGORITHM ::= {
    IDENTIFIER ecdsa-with-SHA384
    VALUE ECDSA-Sig-Value
    PARAMS TYPE NULL ARE absent
    HASHES { mda-sha384 }
    PUBLIC-KEYS { pk-ec }
    SMIME-CAPS { IDENTIFIED BY ecdsa-with-SHA384 }
   }
   ecdsa-with-SHA384 OBJECT IDENTIFIER ::= {
    iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
    ecdsa-with-SHA2(3) 3 }

   -- ECDSA with SHA-512

   sa-ecdsaWithSHA512 SIGNATURE-ALGORITHM ::= {
    IDENTIFIER ecdsa-with-SHA512
    VALUE ECDSA-Sig-Value
    PARAMS TYPE NULL ARE absent
    HASHES { mda-sha512 }
    PUBLIC-KEYS { pk-ec }
    SMIME-CAPS { IDENTIFIED BY ecdsa-with-SHA512 }
   }

   ecdsa-with-SHA512 OBJECT IDENTIFIER ::= {
    iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
    ecdsa-with-SHA2(3) 4 }

   --
   -- Signature Values
   --

   -- DSA

   DSA-Sig-Value ::= SEQUENCE {
    r  INTEGER,
    s  INTEGER
   }

   -- ECDSA

   ECDSA-Sig-Value ::= SEQUENCE {
    r  INTEGER,
    s  INTEGER
   }

   --
   -- Message Digest Algorithms (mda-)
   --

   HashAlgs DIGEST-ALGORITHM ::= {
    mda-md2    |
    mda-md5    |
    mda-sha1,
    ... -- Extensible
   }
   -- MD-2

   mda-md2 DIGEST-ALGORITHM ::= {
    IDENTIFIER id-md2
    PARAMS TYPE NULL ARE preferredAbsent
   }

   id-md2  OBJECT IDENTIFIER ::= {
    iso(1) member-body(2) us(840) rsadsi(113549)
    digestAlgorithm(2) 2 }

   -- MD-5

   mda-md5 DIGEST-ALGORITHM ::= {
    IDENTIFIER id-md5
    PARAMS TYPE NULL ARE preferredAbsent
   }

   id-md5  OBJECT IDENTIFIER ::= {
    iso(1) member-body(2) us(840) rsadsi(113549)
    digestAlgorithm(2) 5 }

   -- SHA-1

   mda-sha1 DIGEST-ALGORITHM ::= {
    IDENTIFIER id-sha1
    PARAMS TYPE NULL ARE preferredAbsent
   }

   id-sha1 OBJECT IDENTIFIER ::= {
    iso(1) identified-organization(3) oiw(14) secsig(3)
    algorithm(2) 26 }

   END