aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--lib/public_key/asn1/CryptographicMessageSyntax.asn1376
-rw-r--r--lib/public_key/asn1/Makefile15
-rw-r--r--lib/public_key/asn1/PKCS-12.asn1174
-rw-r--r--lib/public_key/asn1/PKCS-15.asn1869
-rw-r--r--lib/public_key/asn1/PKCS-7.asn177
-rw-r--r--lib/public_key/asn1/PKCS-9.asn1390
-rw-r--r--lib/public_key/asn1/PKCS-FRAME.set.asn1
-rw-r--r--lib/public_key/asn1/UpperBounds.asn188
8 files changed, 68 insertions, 1922 deletions
diff --git a/lib/public_key/asn1/CryptographicMessageSyntax.asn1 b/lib/public_key/asn1/CryptographicMessageSyntax.asn1
deleted file mode 100644
index 05ecdf2448..0000000000
--- a/lib/public_key/asn1/CryptographicMessageSyntax.asn1
+++ /dev/null
@@ -1,376 +0,0 @@
-CryptographicMessageSyntax {iso(1) member-body(2) us(840) rsadsi(113549)
- pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1)}
---
--- Copyright (C) The Internet Society (1999). This version of
--- this ASN.1 module is part of RFC 2630;
--- see the RFC itself for full legal notices.
---
-DEFINITIONS IMPLICIT TAGS ::=
-BEGIN
-
--- EXPORTS All
--- The types and values defined in this module are exported for use in
--- the other ASN.1 modules. Other applications may use them for their
--- own purposes.
-IMPORTS
- -- Directory Information Framework (X.501)
- Name
- FROM InformationFramework {joint-iso-itu-t ds(5) module(1)
- informationFramework(1) 3}
- -- Directory Authentication Framework (X.509)
- AlgorithmIdentifier, AttributeCertificate, Certificate, CertificateList,
- CertificateSerialNumber
- FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1)
- authenticationFramework(7) 3};
-
-ContentInfo ::= SEQUENCE {
- content-type CMS-CONTENT-TYPE.&id({CMSContentTable}),
- pkcs7-content [0] CMS-CONTENT-TYPE.&Type({CMSContentTable})
-}
-
-CMS-CONTENT-TYPE ::= TYPE-IDENTIFIER
-
-CMSContentTable CMS-CONTENT-TYPE ::=
- {...}
-
-ContentType ::= OBJECT IDENTIFIER
-
-SignedData ::= SEQUENCE {
- version CMSVersion,
- digestAlgorithms DigestAlgorithmIdentifiers,
- encapContentInfo EncapsulatedContentInfo,
- certificates [0] IMPLICIT CertificateSet OPTIONAL,
- crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
- signerInfos SignerInfos
-}
-
-DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
-
-SignerInfos ::= SET OF SignerInfo
-
-EncapsulatedContentInfo ::= SEQUENCE {
- eContentType ContentType,
- eContent [0] EXPLICIT OCTET STRING OPTIONAL
-}
-
-SignerInfo ::= SEQUENCE {
- version CMSVersion,
- sid SignerIdentifier,
- digestAlgorithm DigestAlgorithmIdentifier,
- signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
- signatureAlgorithm SignatureAlgorithmIdentifier,
- signature SignatureValue,
- unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL
-}
-
-SignerIdentifier ::= CHOICE {
- issuerAndSerialNumber IssuerAndSerialNumber,
- subjectKeyIdentifier [0] SubjectKeyIdentifier
-}
-
-SignedAttributes ::= SET SIZE (1..MAX) OF Attribute
-
-UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute
-
-Attribute ::= SEQUENCE {
- attrType OBJECT IDENTIFIER,
- attrValues SET OF AttributeValue
-}
-
-OPEN ::= CLASS {&Type
-}WITH SYNTAX {TYPE &Type
-}
-
-AttributeValue ::= OPEN.&Type
-
-SignatureValue ::= OCTET STRING
-
-EnvelopedData ::= SEQUENCE {
- version CMSVersion,
- originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
- recipientInfos RecipientInfos,
- encryptedContentInfo EncryptedContentInfo,
- unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL
-}
-
-OriginatorInfo ::= SEQUENCE {
- certs [0] IMPLICIT CertificateSet OPTIONAL,
- crls [1] IMPLICIT CertificateRevocationLists OPTIONAL
-}
-
-RecipientInfos ::= SET OF RecipientInfo
-
-EncryptedContentInfo ::= SEQUENCE {
- contentType ContentType,
- contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
- encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL
-}
-
-EncryptedContent ::= OCTET STRING
-
-UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute
-
-RecipientInfo ::= CHOICE {
- ktri KeyTransRecipientInfo,
- kari [1] KeyAgreeRecipientInfo,
- kekri [2] KEKRecipientInfo
-}
-
-EncryptedKey ::= OCTET STRING
-
-KeyTransRecipientInfo ::= SEQUENCE {
- version CMSVersion, -- always set to 0 or 2
- rid RecipientIdentifier,
- keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
- encryptedKey EncryptedKey
-}
-
-RecipientIdentifier ::= CHOICE {
- issuerAndSerialNumber IssuerAndSerialNumber,
- subjectKeyIdentifier [0] SubjectKeyIdentifier
-}
-
-KeyAgreeRecipientInfo ::= SEQUENCE {
- version CMSVersion, -- always set to 3
- originator [0] EXPLICIT OriginatorIdentifierOrKey,
- ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL,
- keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
- recipientEncryptedKeys RecipientEncryptedKeys
-}
-
-OriginatorIdentifierOrKey ::= CHOICE {
- issuerAndSerialNumber IssuerAndSerialNumber,
- subjectKeyIdentifier [0] SubjectKeyIdentifier,
- originatorKey [1] OriginatorPublicKey
-}
-
-OriginatorPublicKey ::= SEQUENCE {
- algorithm AlgorithmIdentifier,
- publicKey BIT STRING
-}
-
-RecipientEncryptedKeys ::= SEQUENCE OF RecipientEncryptedKey
-
-RecipientEncryptedKey ::= SEQUENCE {
- rid KeyAgreeRecipientIdentifier,
- encryptedKey EncryptedKey
-}
-
-KeyAgreeRecipientIdentifier ::= CHOICE {
- issuerAndSerialNumber IssuerAndSerialNumber,
- rKeyId [0] IMPLICIT RecipientKeyIdentifier
-}
-
-RecipientKeyIdentifier ::= SEQUENCE {
- subjectKeyIdentifier SubjectKeyIdentifier,
- date GeneralizedTime OPTIONAL,
- other OtherKeyAttribute OPTIONAL
-}
-
-SubjectKeyIdentifier ::= OCTET STRING
-
-KEKRecipientInfo ::= SEQUENCE {
- version CMSVersion, -- always set to 4
- kekid KEKIdentifier,
- keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
- encryptedKey EncryptedKey
-}
-
-KEKIdentifier ::= SEQUENCE {
- keyIdentifier OCTET STRING,
- date GeneralizedTime OPTIONAL,
- other OtherKeyAttribute OPTIONAL
-}
-
-DigestedData ::= SEQUENCE {
- version CMSVersion,
- digestAlgorithm DigestAlgorithmIdentifier,
- encapContentInfo EncapsulatedContentInfo,
- digest Digest
-}
-
-Digest ::= OCTET STRING
-
-EncryptedData ::= SEQUENCE {
- version CMSVersion,
- encryptedContentInfo EncryptedContentInfo,
- unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL
-}
-
-AuthenticatedData ::= SEQUENCE {
- version CMSVersion,
- originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
- recipientInfos RecipientInfos,
- macAlgorithm MessageAuthenticationCodeAlgorithm,
- digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL,
- encapContentInfo EncapsulatedContentInfo,
- authenticatedAttributes [2] IMPLICIT AuthAttributes OPTIONAL,
- mac MessageAuthenticationCode,
- unauthenticatedAttributes [3] IMPLICIT UnauthAttributes OPTIONAL
-}
-
-AuthAttributes ::= SET SIZE (1..MAX) OF Attribute
-
-UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute
-
-MessageAuthenticationCode ::= OCTET STRING
-
-DigestAlgorithmIdentifier ::= AlgorithmIdentifier
-
-SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
-
-KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
-
-ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
-
-MessageAuthenticationCodeAlgorithm ::= AlgorithmIdentifier
-
-CertificateRevocationLists ::= SET OF CertificateList
-
-CertificateChoices ::= CHOICE {
- certificate Certificate, -- See X.509
- extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete
- attrCert [1] IMPLICIT AttributeCertificate
-} -- See X.509 & X9.57
-
-CertificateSet ::= SET OF CertificateChoices
-
-IssuerAndSerialNumber ::= SEQUENCE {
- issuer Name,
- serialNumber CertificateSerialNumber
-}
-
-CMSVersion ::= INTEGER {v0(0), v1(1), v2(2), v3(3), v4(4)}
-
-UserKeyingMaterial ::= OCTET STRING
-
-OtherKeyAttribute ::= SEQUENCE {
- keyAttributeIdentifier OTHER-KEY-ATTRIBUTE.&id({OtherKeyAttributeTable}),
- keyAttribute
- OTHER-KEY-ATTRIBUTE.&Type
- ({OtherKeyAttributeTable}{@keyAttributeIdentifier}) OPTIONAL
-}
-
-OTHER-KEY-ATTRIBUTE ::= TYPE-IDENTIFIER
-
-OtherKeyAttributeTable OTHER-KEY-ATTRIBUTE ::=
- {...}
-
--- CMS Attributes
-MessageDigest ::= OCTET STRING
-
-SigningTime ::= Time
-
-Time ::= CHOICE {utcTime UTCTime,
- generalTime GeneralizedTime
-}
-
-Countersignature ::= SignerInfo
-
--- Algorithm Identifiers
-sha-1 OBJECT IDENTIFIER ::=
- {iso(1) identified-organization(3) oiw(14) secsig(3) algorithm(2) 26}
-
-md5 OBJECT IDENTIFIER ::=
- {iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5}
-
-id-dsa-with-sha1 OBJECT IDENTIFIER ::=
- {iso(1) member-body(2) us(840) x9-57(10040) x9cm(4) 3}
-
-rsaEncryption OBJECT IDENTIFIER ::=
- {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1}
-
-dh-public-number OBJECT IDENTIFIER ::=
- {iso(1) member-body(2) us(840) ansi-x942(10046) number-type(2) 1}
-
-id-alg-ESDH OBJECT IDENTIFIER ::=
- {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
- alg(3) 5}
-
-id-alg-CMS3DESwrap OBJECT IDENTIFIER ::=
- {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
- alg(3) 6}
-
-id-alg-CMSRC2wrap OBJECT IDENTIFIER ::=
- {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
- alg(3) 7}
-
-des-ede3-cbc OBJECT IDENTIFIER ::=
- {iso(1) member-body(2) us(840) rsadsi(113549) encryptionAlgorithm(3) 7}
-
-rc2-cbc OBJECT IDENTIFIER ::=
- {iso(1) member-body(2) us(840) rsadsi(113549) encryptionAlgorithm(3) 2}
-
-hMAC-SHA1 OBJECT IDENTIFIER ::=
- {iso(1) identified-organization(3) dod(6) internet(1) security(5)
- mechanisms(5) 8 1 2}
-
--- Algorithm Parameters
-KeyWrapAlgorithm ::= AlgorithmIdentifier
-
-RC2wrapParameter ::= RC2ParameterVersion
-
-RC2ParameterVersion ::= INTEGER
-
-CBCParameter ::= IV
-
-IV ::= OCTET STRING -- exactly 8 octets
-
-RC2CBCParameter ::= SEQUENCE {
- rc2ParameterVersion INTEGER,
- iv OCTET STRING
-} -- exactly 8 octets
-
--- Content Type Object Identifiers
-id-ct-contentInfo OBJECT IDENTIFIER ::=
- {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
- ct(1) 6}
-
-id-data OBJECT IDENTIFIER ::=
- {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1}
-
-id-signedData OBJECT IDENTIFIER ::=
- {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2}
-
-id-envelopedData OBJECT IDENTIFIER ::=
- {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 3}
-
-id-digestedData OBJECT IDENTIFIER ::=
- {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 5}
-
-id-encryptedData OBJECT IDENTIFIER ::=
- {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6}
-
-id-ct-authData OBJECT IDENTIFIER ::=
- {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
- ct(1) 2}
-
--- Attribute Object Identifiers
-id-contentType OBJECT IDENTIFIER ::=
- {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) 3}
-
-id-messageDigest OBJECT IDENTIFIER ::=
- {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) 4}
-
-id-signingTime OBJECT IDENTIFIER ::=
- {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) 5}
-
-id-countersignature OBJECT IDENTIFIER ::=
- {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) 6}
-
--- Obsolete Extended Certificate syntax from PKCS#6
-ExtendedCertificate ::= SEQUENCE {
- extendedCertificateInfo ExtendedCertificateInfo,
- signatureAlgorithm SignatureAlgorithmIdentifier,
- signature Signature
-}
-
-ExtendedCertificateInfo ::= SEQUENCE {
- version CMSVersion,
- certificate Certificate,
- attributes UnauthAttributes
-}
-
-Signature ::= BIT STRING
-
-END -- of CryptographicMessageSyntax
diff --git a/lib/public_key/asn1/Makefile b/lib/public_key/asn1/Makefile
index 8b76d957f0..4b4db9ec6d 100644
--- a/lib/public_key/asn1/Makefile
+++ b/lib/public_key/asn1/Makefile
@@ -40,7 +40,7 @@ RELSYSDIR = $(RELEASE_PATH)/lib/public_key-$(VSN)
ASN_TOP = OTP-PUB-KEY PKCS-FRAME
ASN_MODULES = PKIX1Explicit88 PKIX1Implicit88 PKIX1Algorithms88 \
- PKIXAttributeCertificate PKCS-1 PKCS-3 PKCS-7 PKCS-8 PKCS-9 PKCS-15 PKCS-12 PKCS5v2-0 OTP-PKIX \
+ PKIXAttributeCertificate PKCS-1 PKCS-3 PKCS-7 PKCS-8 PKCS5v2-0 OTP-PKIX \
AuthenticationFramework InformationFramework UsefulDefinitions SelectedAttributeTypes
ASN_ASNS = $(ASN_MODULES:%=%.asn1)
ASN_ERLS = $(ASN_TOP:%=%.erl)
@@ -116,16 +116,11 @@ OTP-PUB-KEY.asn1db: PKIX1Algorithms88.asn1 \
OTP-PKIX.asn1
$(EBIN)/PKCS-FRAME.beam: PKCS-FRAME.erl PKCS-FRAME.hrl
-PKCS-FRAME.erl PKCS-FRAME.hrl: PKCS-FRAME.asn1db
-PKCS-FRAME.asn1db: PKCS-8.asn1\
+PKCS-FRAME.erl PKCS-FRAME.hrl: PKCS-FRAME.asn1db
+PKCS-FRAME.asn1db: PKCS5v2-0.asn1\
+ PKCS-8.asn1\
PKCS-7.asn1\
- PKCS-9.asn1\
- PKCS-15.asn1\
- PKCS-12.asn1\
AuthenticationFramework.asn1\
InformationFramework.asn1\
UsefulDefinitions.asn1\
- SelectedAttributeTypes.asn1\
- CryptographicMessageSyntax.asn1\
- UpperBounds.asn1\
- PKCS5v2-0.asn1 \ No newline at end of file
+ SelectedAttributeTypes.asn1
diff --git a/lib/public_key/asn1/PKCS-12.asn1 b/lib/public_key/asn1/PKCS-12.asn1
deleted file mode 100644
index 078089f7b5..0000000000
--- a/lib/public_key/asn1/PKCS-12.asn1
+++ /dev/null
@@ -1,174 +0,0 @@
-PKCS-12 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
- pkcs-12(12) modules(0) pkcs-12(1)}
-
--- $Revision$
-
-DEFINITIONS IMPLICIT TAGS ::=
-
-BEGIN
-
--- EXPORTS ALL
--- All types and values defined in this module is exported for use in
--- other ASN.1 modules.
-
-IMPORTS
-
-informationFramework
- FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1)
- usefulDefinitions(0) 3}
-
-ATTRIBUTE
- FROM InformationFramework informationFramework
-
-ContentInfo, DigestInfo
- FROM PKCS-7 {iso(1) member-body(2) us(840) rsadsi(113549)
- pkcs(1) pkcs-7(7) modules(0) pkcs-7(1)}
-
-PrivateKeyInfo, EncryptedPrivateKeyInfo
- FROM PKCS-8 {iso(1) member-body(2) us(840) rsadsi(113549)
- pkcs(1) pkcs-8(8) modules(1) pkcs-8(1)}
-
-pkcs-9, friendlyName, localKeyId, certTypes, crlTypes
- FROM PKCS-9 {iso(1) member-body(2) us(840) rsadsi(113549)
- pkcs(1) pkcs-9(9) modules(0) pkcs-9(1)};
-
--- Object identifiers
-
-rsadsi OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549)}
-pkcs OBJECT IDENTIFIER ::= {rsadsi pkcs(1)}
-pkcs-12 OBJECT IDENTIFIER ::= {pkcs 12}
-pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1}
-pbeWithSHAAnd128BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 1}
-pbeWithSHAAnd40BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 2}
-pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3}
-pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4}
-pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5}
-pbewithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6}
-
-bagtypes OBJECT IDENTIFIER ::= {pkcs-12 10 1}
-
--- The PFX PDU
-
-PFX ::= SEQUENCE {
- version INTEGER {v3(3)}(v3,...),
- authSafe ContentInfo,
- macData MacData OPTIONAL
-}
-
-MacData ::= SEQUENCE {
- mac DigestInfo,
- macSalt OCTET STRING,
- iterations INTEGER DEFAULT 1
--- Note: The default is for historical reasons and its use is
--- deprecated. A higher value, like 1024 is recommended.
-}
-
-AuthenticatedSafe ::= SEQUENCE OF ContentInfo
- -- Data if unencrypted
- -- EncryptedData if password-encrypted
- -- EnvelopedData if public key-encrypted
-
-SafeContents ::= SEQUENCE OF SafeBag
-
-SafeBag ::= SEQUENCE {
- bagId BAG-TYPE.&id ({PKCS12BagSet}),
- bagValue [0] EXPLICIT BAG-TYPE.&Type({PKCS12BagSet}{@bagId}),
- bagAttributes SET OF PKCS12Attribute OPTIONAL
-}
-
--- Bag types
-
-keyBag BAG-TYPE ::=
- {KeyBag IDENTIFIED BY {bagtypes 1}}
-pkcs8ShroudedKeyBag BAG-TYPE ::=
- {PKCS8ShroudedKeyBag IDENTIFIED BY {bagtypes 2}}
-certBag BAG-TYPE ::=
- {CertBag IDENTIFIED BY {bagtypes 3}}
-crlBag BAG-TYPE ::=
- {CRLBag IDENTIFIED BY {bagtypes 4}}
-secretBag BAG-TYPE ::=
- {SecretBag IDENTIFIED BY {bagtypes 5}}
-safeContentsBag BAG-TYPE ::=
- {SafeContents IDENTIFIED BY {bagtypes 6}}
-
-PKCS12BagSet BAG-TYPE ::= {
- keyBag |
- pkcs8ShroudedKeyBag |
- certBag |
- crlBag |
- secretBag |
- safeContentsBag,
- ... -- For future extensions
-}
-
-BAG-TYPE ::= TYPE-IDENTIFIER
-
--- KeyBag
-
-KeyBag ::= PrivateKeyInfo
-
--- Shrouded KeyBag
-
-PKCS8ShroudedKeyBag ::= EncryptedPrivateKeyInfo
-
--- CertBag
-
-CertBag ::= SEQUENCE {
- certId BAG-TYPE.&id ({CertTypes}),
- certValue [0] EXPLICIT BAG-TYPE.&Type ({CertTypes}{@certId})
-}
-
-x509Certificate BAG-TYPE ::=
- {OCTET STRING IDENTIFIED BY {certTypes 1}}
- -- DER-encoded X.509 certificate stored in OCTET STRING
-sdsiCertificate BAG-TYPE ::=
- {IA5String IDENTIFIED BY {certTypes 2}}
- -- Base64-encoded SDSI certificate stored in IA5String
-
-CertTypes BAG-TYPE ::= {
- x509Certificate |
- sdsiCertificate,
- ... -- For future extensions
-}
-
--- CRLBag
-
-CRLBag ::= SEQUENCE {
- crlId BAG-TYPE.&id ({CRLTypes}),
- crlValue [0] EXPLICIT BAG-TYPE.&Type ({CRLTypes}{@crlId})
-}
-
-x509CRL BAG-TYPE ::=
- {OCTET STRING IDENTIFIED BY {crlTypes 1}}
- -- DER-encoded X.509 CRL stored in OCTET STRING
-
-CRLTypes BAG-TYPE ::= {
- x509CRL,
- ... -- For future extensions
-}
-
--- Secret Bag
-
-SecretBag ::= SEQUENCE {
- secretTypeId BAG-TYPE.&id ({SecretTypes}),
- secretValue [0] EXPLICIT BAG-TYPE.&Type ({SecretTypes}{@secretTypeId})
-}
-
-SecretTypes BAG-TYPE ::= {
- ... -- For future extensions
-}
-
--- Attributes
-
-PKCS12Attribute ::= SEQUENCE {
- attrId ATTRIBUTE.&id ({PKCS12AttrSet}),
- attrValues SET OF ATTRIBUTE.&Type ({PKCS12AttrSet}{@attrId})
-} -- This type is compatible with the X.500 type 'Attribute'
-
-PKCS12AttrSet ATTRIBUTE ::= {
- friendlyName |
- localKeyId,
- ... -- Other attributes are allowed
-}
-
-END
diff --git a/lib/public_key/asn1/PKCS-15.asn1 b/lib/public_key/asn1/PKCS-15.asn1
deleted file mode 100644
index 6d352e1014..0000000000
--- a/lib/public_key/asn1/PKCS-15.asn1
+++ /dev/null
@@ -1,869 +0,0 @@
-PKCS-15 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
- pkcs-15(15) modules(1) pkcs-15(1)}
-
--- $Revision: 1.7 $ --
-
-DEFINITIONS IMPLICIT TAGS ::=
-
-BEGIN
-
-IMPORTS
-
-informationFramework, authenticationFramework, certificateExtensions
- FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1)
- usefulDefinitions(0) 3}
-
-Name, Attribute
- FROM InformationFramework informationFramework
-
-Certificate, AttributeCertificate, CertificateSerialNumber,
- SubjectPublicKeyInfo
- FROM AuthenticationFramework authenticationFramework
-
-GeneralNames, KeyUsage
- FROM CertificateExtensions certificateExtensions
-
-RecipientInfos, RecipientInfo, OriginatorInfo, sha-1,
- id-alg-CMS3DESwrap, id-alg-CMSRC2wrap, hMAC-SHA1, des-ede3-cbc
- FROM CryptographicMessageSyntax {iso(1) member-body(2)
- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0)
- cms(1)}
-
-RSAPublicKey
- FROM PKCS-1 {iso(1) member-body(2) us(840) rsadsi(113549)
- pkcs(1) pkcs-1(1) modules(0) pkcs-1(1)}
-
-AlgorithmIdentifier, SupportingAlgorithms, PBKDF2Algorithms,
- ALGORITHM-IDENTIFIER, id-hmacWithSHA1
- FROM PKCS-5 {iso(1) member-body(2) us(840) rsadsi(113549)
- pkcs(1) pkcs-5(5) modules(16) pkcs-5(1)}
-
-ECPoint, Parameters
- FROM ANSI-X9-62 {iso(1) member-body(2) us(840)
- ansi-x962(10045) module(4) 1}
-
-DiffieHellmanPublicNumber, DomainParameters
- FROM ANSI-X9-42 {iso(1) member-body(2) us(840)
- ansi-x942(10046) module(5) 1}
-
-OOBCertHash
- FROM PKIXCMP {iso(1) identified-organization(3) dod(6)
- internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
- id-mod-cmp(9)};
-
--- Constants
-
-pkcs15-ub-identifier INTEGER ::= 255
-pkcs15-ub-reference INTEGER ::= 255
-pkcs15-ub-index INTEGER ::= 65535
-pkcs15-ub-label INTEGER ::= pkcs15-ub-identifier
-pkcs15-lb-minPinLength INTEGER ::= 4
-pkcs15-ub-minPinLength INTEGER ::= 8
-pkcs15-ub-storedPinLength INTEGER ::= 64
-pkcs15-ub-recordLength INTEGER ::= 16383
-pkcs15-ub-userConsent INTEGER ::= 15
-pkcs15-ub-securityConditions INTEGER ::= 255
-pkcs15-ub-seInfo INTEGER ::= 255
-
--- Object Identifiers
-
-pkcs15 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
- rsadsi(113549) pkcs(1) pkcs-15(15)}
-pkcs15-mo OBJECT IDENTIFIER ::= {pkcs15 1} -- Modules branch
-pkcs15-at OBJECT IDENTIFIER ::= {pkcs15 2} -- Attribute branch
-pkcs15-ct OBJECT IDENTIFIER ::= {pkcs15 3} -- Content type branch
-
--- Content Types
-
-pkcs15-ct-PKCS15Token OBJECT IDENTIFIER ::= {pkcs15-ct 1}
-
--- Basic types
-
-Identifier ::= OCTET STRING (SIZE (0..pkcs15-ub-identifier))
-
-Reference ::= INTEGER (0..pkcs15-ub-reference)
-
-Label ::= UTF8String (SIZE(0..pkcs15-ub-label))
-
-KEY-IDENTIFIER ::= CLASS {
- &id INTEGER UNIQUE,
- &Value
-} WITH SYNTAX {
- SYNTAX &Value IDENTIFIED BY &id
-}
-
-CredentialIdentifier {KEY-IDENTIFIER : IdentifierSet} ::= SEQUENCE {
- idType KEY-IDENTIFIER.&id ({IdentifierSet}),
- idValue KEY-IDENTIFIER.&Value ({IdentifierSet}{@idType})
-}
-
-KeyIdentifiers KEY-IDENTIFIER ::= {
- issuerAndSerialNumber|
- issuerAndSerialNumberHash|
- subjectKeyId|
- subjectKeyHash |
- issuerKeyHash |
- issuerNameHash |
- subjectNameHash,
- ...
-}
-
-issuerAndSerialNumber KEY-IDENTIFIER::=
- {SYNTAX PKCS15-OPAQUE.&Type IDENTIFIED BY 1}
- -- As defined in RFC 2630
-subjectKeyId KEY-IDENTIFIER ::=
- {SYNTAX OCTET STRING IDENTIFIED BY 2}
- -- From x509v3 certificate extension
-issuerAndSerialNumberHash KEY-IDENTIFIER ::=
- {SYNTAX OCTET STRING IDENTIFIED BY 3}
- -- Assumes SHA-1 hash of DER encoding of IssuerAndSerialNumber
-subjectKeyHash KEY-IDENTIFIER ::=
- {SYNTAX OCTET STRING IDENTIFIED BY 4}
-issuerKeyHash KEY-IDENTIFIER ::=
- {SYNTAX OCTET STRING IDENTIFIED BY 5}
-issuerNameHash KEY-IDENTIFIER ::=
- {SYNTAX OCTET STRING IDENTIFIED BY 6}
- -- SHA-1 hash of DER-encoded issuer name
-subjectNameHash KEY-IDENTIFIER ::=
- {SYNTAX OCTET STRING IDENTIFIED BY 7}
- -- SHA-1 hash of DER-encoded subject name
-
-ReferencedValue {Type} ::= CHOICE {
- path Path,
- url URL
-} (CONSTRAINED BY {-- 'path' or 'url' shall point to an object of
- -- type -- Type})
-
-URL ::= CHOICE {
- url PrintableString,
- urlWithDigest [3] SEQUENCE {
- url IA5String,
- digest DigestInfoWithDefault
- }
-}
-
-alg-id-sha1 AlgorithmIdentifier {{DigestAlgorithms}} ::= {
- algorithm sha-1,
- parameters SHA1Parameters : NULL}
-
-SHA1Parameters ::= NULL
-
-DigestInfoWithDefault ::= SEQUENCE {
- digestAlg AlgorithmIdentifier {{DigestAlgorithms}} DEFAULT alg-id-sha1,
- digest OCTET STRING (SIZE(8..128))
-}
-
-Path ::= SEQUENCE {
- path OCTET STRING,
- index INTEGER (0..pkcs15-ub-index) OPTIONAL,
- length [0] INTEGER (0..pkcs15-ub-index) OPTIONAL
- }( WITH COMPONENTS {..., index PRESENT, length PRESENT}|
- WITH COMPONENTS {..., index ABSENT, length ABSENT})
-
-ObjectValue { Type } ::= CHOICE {
- indirect ReferencedValue {Type},
- direct [0] Type,
- indirect-protected [1] ReferencedValue {EnvelopedData {Type}},
- direct-protected [2] EnvelopedData {Type}
- }(CONSTRAINED BY {-- if indirection is being used, then it is
- -- expected that the reference points either to a (possibly
- -- enveloped) object of type -- Type -- or (key case) to a card-
- -- specific key file --})
-
-PathOrObjects {ObjectType} ::= CHOICE {
- path Path,
- objects [0] SEQUENCE OF ObjectType,
- ...,
- indirect-protected [1] ReferencedValue {EnvelopedData {SEQUENCE OF ObjectType}},
- direct-protected [2] EnvelopedData {SEQUENCE OF ObjectType}
- }
-
-CommonObjectAttributes ::= SEQUENCE {
- label Label OPTIONAL,
- flags CommonObjectFlags OPTIONAL,
- authId Identifier OPTIONAL,
- ...,
- userConsent INTEGER (1..pkcs15-ub-userConsent) OPTIONAL,
- accessControlRules SEQUENCE SIZE (1..MAX) OF AccessControlRule OPTIONAL
-} (CONSTRAINED BY {-- authId should be present in the IC card case if
- -- flags.private is set. It must equal an authID in one AuthRecord
- -- in the AODF -- })
-
-CommonObjectFlags ::= BIT STRING {
- private (0),
- modifiable (1)
-}
-
-AccessControlRule ::= SEQUENCE {
- accessMode AccessMode,
- securityCondition SecurityCondition,
- ... -- For future extensions
-}
-
-AccessMode ::= BIT STRING {
- read (0),
- update (1),
- execute (2)
-}
-
-SecurityCondition ::= CHOICE {
- authId Identifier,
- not [0] SecurityCondition,
- and [1] SEQUENCE SIZE (2..pkcs15-ub-securityConditions)
- OF SecurityCondition,
- or [2] SEQUENCE SIZE (2..pkcs15-ub-securityConditions)
- OF SecurityCondition,
- ... -- For future extensions
-}
-
-CommonKeyAttributes ::= SEQUENCE {
- iD Identifier,
- usage KeyUsageFlags,
- native BOOLEAN DEFAULT TRUE,
- accessFlags KeyAccessFlags OPTIONAL,
- keyReference Reference OPTIONAL,
- startDate GeneralizedTime OPTIONAL,
- endDate [0] GeneralizedTime OPTIONAL,
- ... -- For future extensions
-}
-
-KeyUsageFlags ::= BIT STRING {
- encrypt (0),
- decrypt (1),
- sign (2),
- signRecover (3),
- wrap (4),
- unwrap (5),
- verify (6),
- verifyRecover (7),
- derive (8),
- nonRepudiation (9)
-}
-
-KeyAccessFlags ::= BIT STRING {
- sensitive (0),
- extractable (1),
- alwaysSensitive (2),
- neverExtractable (3),
- local (4)
-}
-
-CommonPrivateKeyAttributes ::= SEQUENCE {
- subjectName Name OPTIONAL,
- keyIdentifiers [0] SEQUENCE OF CredentialIdentifier
- {{KeyIdentifiers}} OPTIONAL,
- ... -- For future extensions
-}
-
-CommonPublicKeyAttributes ::= SEQUENCE {
- subjectName Name OPTIONAL,
- ...,
- trustedUsage [0] Usage OPTIONAL
-}
-
-CommonSecretKeyAttributes ::= SEQUENCE {
- keyLen INTEGER OPTIONAL, -- keylength (in bits)
- ... -- For future extensions
-}
-
-KeyInfo {ParameterType, OperationsType} ::= CHOICE {
- reference Reference,
- paramsAndOps SEQUENCE {
- parameters ParameterType,
- supportedOperations OperationsType OPTIONAL
- }
-}
-
-CommonCertificateAttributes ::= SEQUENCE {
- iD Identifier,
- authority BOOLEAN DEFAULT FALSE,
- identifier CredentialIdentifier {{KeyIdentifiers}} OPTIONAL,
- certHash [0] OOBCertHash OPTIONAL,
- ...,
- trustedUsage [1] Usage OPTIONAL,
- identifiers [2] SEQUENCE OF CredentialIdentifier{{KeyIdentifiers}} OPTIONAL,
- implicitTrust [3] BOOLEAN DEFAULT FALSE
-}
-
-Usage ::= SEQUENCE {
- keyUsage KeyUsage OPTIONAL,
- extKeyUsage SEQUENCE SIZE (1..MAX) OF OBJECT IDENTIFIER OPTIONAL
- }(WITH COMPONENTS {..., keyUsage PRESENT} |
- WITH COMPONENTS {..., extKeyUsage PRESENT})
-
-CommonDataObjectAttributes ::= SEQUENCE {
- applicationName Label OPTIONAL,
- applicationOID OBJECT IDENTIFIER OPTIONAL,
- ... -- For future extensions
- } (WITH COMPONENTS {..., applicationName PRESENT}|
- WITH COMPONENTS {..., applicationOID PRESENT})
-
-CommonAuthenticationObjectAttributes ::= SEQUENCE {
- authId Identifier,
- ... -- For future extensions
-}
-
-PKCS15Object {ClassAttributes, SubClassAttributes, TypeAttributes}
- ::= SEQUENCE {
- commonObjectAttributes CommonObjectAttributes,
- classAttributes ClassAttributes,
- subClassAttributes [0] SubClassAttributes OPTIONAL,
- typeAttributes [1] TypeAttributes
-}
-
-PKCS15Objects ::= CHOICE {
- privateKeys [0] PrivateKeys,
- publicKeys [1] PublicKeys,
- trustedPublicKeys [2] PublicKeys,
- secretKeys [3] SecretKeys,
- certificates [4] Certificates,
- trustedCertificates [5] Certificates,
- usefulCertificates [6] Certificates,
- dataObjects [7] DataObjects,
- authObjects [8] AuthObjects,
- ... -- For future extensions
-}
-
-PrivateKeys ::= PathOrObjects {PrivateKeyType}
-
-SecretKeys ::= PathOrObjects {SecretKeyType}
-
-PublicKeys ::= PathOrObjects {PublicKeyType}
-
-Certificates ::= PathOrObjects {CertificateType}
-
-DataObjects ::= PathOrObjects {DataType}
-
-AuthObjects ::= PathOrObjects {AuthenticationType}
-
-PrivateKeyType ::= CHOICE {
- privateRSAKey PrivateKeyObject {PrivateRSAKeyAttributes},
- privateECKey [0] PrivateKeyObject {PrivateECKeyAttributes},
- privateDHKey [1] PrivateKeyObject {PrivateDHKeyAttributes},
- privateDSAKey [2] PrivateKeyObject {PrivateDSAKeyAttributes},
- privateKEAKey [3] PrivateKeyObject {PrivateKEAKeyAttributes},
- ... -- For future extensions
-}
-
-PrivateKeyObject {KeyAttributes} ::= PKCS15Object {
- CommonKeyAttributes, CommonPrivateKeyAttributes, KeyAttributes}
-
-PrivateRSAKeyAttributes ::= SEQUENCE {
- value ObjectValue {RSAPrivateKeyObject},
- modulusLength INTEGER, -- modulus length in bits, e.g. 1024
- keyInfo KeyInfo {NULL, PublicKeyOperations} OPTIONAL,
- ... -- For future extensions
-}
-
-RSAPrivateKeyObject ::= SEQUENCE {
- modulus [0] INTEGER OPTIONAL, -- n
- publicExponent [1] INTEGER OPTIONAL, -- e
- privateExponent [2] INTEGER OPTIONAL, -- d
- prime1 [3] INTEGER OPTIONAL, -- p
- prime2 [4] INTEGER OPTIONAL, -- q
- exponent1 [5] INTEGER OPTIONAL, -- d mod (p-1)
- exponent2 [6] INTEGER OPTIONAL, -- d mod (q-1)
- coefficient [7] INTEGER OPTIONAL -- inv(q) mod p
-} (CONSTRAINED BY {-- must be possible to reconstruct modulus and
- -- privateExponent from selected fields --})
-
-PrivateECKeyAttributes ::= SEQUENCE {
- value ObjectValue {ECPrivateKey},
- keyInfo KeyInfo {Parameters, PublicKeyOperations} OPTIONAL,
- ... -- For future extensions
-}
-
-ECPrivateKey ::= INTEGER
-
-PrivateDHKeyAttributes ::= SEQUENCE {
- value ObjectValue {DHPrivateKey},
- keyInfo KeyInfo {DomainParameters, PublicKeyOperations} OPTIONAL,
- ... -- For future extensions
-}
-
-DHPrivateKey ::= INTEGER -- Diffie-Hellman exponent
-
-PrivateDSAKeyAttributes ::= SEQUENCE {
- value ObjectValue {DSAPrivateKey},
- keyInfo KeyInfo {DomainParameters, PublicKeyOperations} OPTIONAL,
- ... -- For future extensions
-}
-
-DSAPrivateKey ::= INTEGER
-
-PrivateKEAKeyAttributes ::= SEQUENCE {
- value ObjectValue {KEAPrivateKey},
- keyInfo KeyInfo {DomainParameters, PublicKeyOperations} OPTIONAL,
- ... -- For future extensions
-}
-
-KEAPrivateKey ::= INTEGER
-
-PublicKeyType ::= CHOICE {
- publicRSAKey PublicKeyObject {PublicRSAKeyAttributes},
- publicECKey [0] PublicKeyObject {PublicECKeyAttributes},
- publicDHKey [1] PublicKeyObject {PublicDHKeyAttributes},
- publicDSAKey [2] PublicKeyObject {PublicDSAKeyAttributes},
- publicKEAKey [3] PublicKeyObject {PublicKEAKeyAttributes},
- ... -- For future extensions
-}
-
-PublicKeyObject {KeyAttributes} ::= PKCS15Object {
- CommonKeyAttributes, CommonPublicKeyAttributes, KeyAttributes}
-
-PublicRSAKeyAttributes ::= SEQUENCE {
- value ObjectValue {RSAPublicKeyChoice},
- modulusLength INTEGER, -- modulus length in bits, e.g. 1024
- keyInfo KeyInfo {NULL, PublicKeyOperations} OPTIONAL,
- ... -- For future extensions
-}
-
-RSAPublicKeyChoice ::= CHOICE {
- raw RSAPublicKey,
- spki [1] SubjectPublicKeyInfo, -- See X.509. Must contain a
- -- public RSA key
- ...
-}
-
-PublicECKeyAttributes ::= SEQUENCE {
- value ObjectValue {ECPublicKeyChoice},
- keyInfo KeyInfo {Parameters, PublicKeyOperations} OPTIONAL,
- ... -- For future extensions
-}
-
-ECPublicKeyChoice ::= CHOICE {
- raw ECPoint,
- spki SubjectPublicKeyInfo, -- See X.509. Must contain a public EC key
- ...
-}
-
-PublicDHKeyAttributes ::= SEQUENCE {
- value ObjectValue {DHPublicKeyChoice},
- keyInfo KeyInfo {DomainParameters, PublicKeyOperations} OPTIONAL,
- ... -- For future extensions
-}
-
-DHPublicKeyChoice ::= CHOICE {
- raw DiffieHellmanPublicNumber,
- spki SubjectPublicKeyInfo, -- See X.509. Must contain a public D-H key
- ...
-}
-
-PublicDSAKeyAttributes ::= SEQUENCE {
- value ObjectValue {DSAPublicKeyChoice},
- keyInfo KeyInfo {DomainParameters, PublicKeyOperations} OPTIONAL,
- ... -- For future extensions
-}
-
-DSAPublicKeyChoice ::= CHOICE {
- raw INTEGER,
- spki SubjectPublicKeyInfo, -- See X.509. Must contain a public DSA key.
- ...
-}
-
-PublicKEAKeyAttributes ::= SEQUENCE {
- value ObjectValue {KEAPublicKeyChoice},
- keyInfo KeyInfo {DomainParameters, PublicKeyOperations} OPTIONAL,
- ... -- For future extensions
-}
-
-KEAPublicKeyChoice ::= CHOICE {
- raw INTEGER,
- spki SubjectPublicKeyInfo, -- See X.509. Must contain a public KEA key
- ...
-}
-
-SecretKeyType ::= CHOICE {
- genericSecretKey SecretKeyObject {GenericSecretKeyAttributes},
- rc2key [0] SecretKeyObject {GenericSecretKeyAttributes},
- rc4key [1] SecretKeyObject {GenericSecretKeyAttributes},
- desKey [2] SecretKeyObject {GenericSecretKeyAttributes},
- des2Key [3] SecretKeyObject {GenericSecretKeyAttributes},
- des3Key [4] SecretKeyObject {GenericSecretKeyAttributes},
- castKey [5] SecretKeyObject {GenericSecretKeyAttributes},
- cast3Key [6] SecretKeyObject {GenericSecretKeyAttributes},
- cast128Key [7] SecretKeyObject {GenericSecretKeyAttributes},
- rc5Key [8] SecretKeyObject {GenericSecretKeyAttributes},
- ideaKey [9] SecretKeyObject {GenericSecretKeyAttributes},
- skipjackKey [10] SecretKeyObject {GenericSecretKeyAttributes},
- batonKey [11] SecretKeyObject {GenericSecretKeyAttributes},
- juniperKey [12] SecretKeyObject {GenericSecretKeyAttributes},
- rc6Key [13] SecretKeyObject {GenericSecretKeyAttributes},
- otherKey [14] OtherKey,
-... -- For future extensions
-}
-
-SecretKeyObject {KeyAttributes} ::= PKCS15Object {
- CommonKeyAttributes, CommonSecretKeyAttributes, KeyAttributes}
-
-OtherKey ::= SEQUENCE {
- keyType OBJECT IDENTIFIER,
- keyAttr SecretKeyObject {GenericSecretKeyAttributes}
-}
-
-GenericSecretKeyAttributes ::= SEQUENCE {
- value ObjectValue { OCTET STRING },
- ... -- For future extensions
-}
-
-CertificateType ::= CHOICE {
- x509Certificate CertificateObject { X509CertificateAttributes},
- x509AttributeCertificate [0] CertificateObject
- {X509AttributeCertificateAttributes},
- spkiCertificate [1] CertificateObject {SPKICertificateAttributes},
- pgpCertificate [2] CertificateObject {PGPCertificateAttributes},
- wtlsCertificate [3] CertificateObject {WTLSCertificateAttributes},
- x9-68Certificate [4] CertificateObject {X9-68CertificateAttributes},
- ...,
- cvCertificate [5] CertificateObject {CVCertificateAttributes}
-}
-
-CertificateObject {CertAttributes} ::= PKCS15Object {
- CommonCertificateAttributes, NULL, CertAttributes}
-
-X509CertificateAttributes ::= SEQUENCE {
- value ObjectValue { Certificate },
- subject Name OPTIONAL,
- issuer [0] Name OPTIONAL,
- serialNumber CertificateSerialNumber OPTIONAL,
- ... -- For future extensions
-}
-
-X509AttributeCertificateAttributes ::= SEQUENCE {
- value ObjectValue { AttributeCertificate },
- issuer GeneralNames OPTIONAL,
- serialNumber CertificateSerialNumber OPTIONAL,
- attrTypes [0] SEQUENCE OF OBJECT IDENTIFIER OPTIONAL,
- ... -- For future extensions
-}
-
-SPKICertificateAttributes ::= SEQUENCE {
- value ObjectValue { PKCS15-OPAQUE.&Type },
- ... -- For future extensions
-}
-
-PGPCertificateAttributes ::= SEQUENCE {
- value ObjectValue { PKCS15-OPAQUE.&Type },
- ... -- For future extensions
-}
-
-WTLSCertificateAttributes ::= SEQUENCE {
- value ObjectValue { PKCS15-OPAQUE.&Type },
- ... -- For future extensions
-}
-
-X9-68CertificateAttributes ::= SEQUENCE {
- value ObjectValue { PKCS15-OPAQUE.&Type },
- ... -- For future extensions
-}
-CVCertificateAttributes ::= SEQUENCE {
- value ObjectValue { PKCS15-OPAQUE.&Type},
- ... -- For future extensions
-}
-
-DataType ::= CHOICE {
- opaqueDO DataObject {Opaque},
- externalIDO [0] DataObject {ExternalIDO},
- oidDO [1] DataObject {OidDO},
- ... -- For future extensions
-}
-
-DataObject {DataObjectAttributes} ::= PKCS15Object {
- CommonDataObjectAttributes, NULL, DataObjectAttributes}
-
-Opaque ::= ObjectValue {PKCS15-OPAQUE.&Type}
-
-ExternalIDO ::= ObjectValue {PKCS15-OPAQUE.&Type}
- (CONSTRAINED BY {-- All data objects must be defined in
- -- accordance with ISO/IEC 7816-6 --})
-
-OidDO ::= SEQUENCE {
- id OBJECT IDENTIFIER,
- value ObjectValue {PKCS15-OPAQUE.&Type}
-}
-
-AuthenticationType ::= CHOICE {
- pin AuthenticationObject { PinAttributes },
- ...,
- biometricTemplate [0] AuthenticationObject {BiometricAttributes},
- authKey [1] AuthenticationObject {AuthKeyAttributes},
- external [2] AuthenticationObject {ExternalAuthObjectAttributes}
-}
-
-AuthenticationObject {AuthObjectAttributes} ::= PKCS15Object {
- CommonAuthenticationObjectAttributes, NULL, AuthObjectAttributes}
-
-PinAttributes ::= SEQUENCE {
- pinFlags PinFlags,
- pinType PinType,
- minLength INTEGER (pkcs15-lb-minPinLength..pkcs15-ub-minPinLength),
- storedLength INTEGER (0..pkcs15-ub-storedPinLength),
- maxLength INTEGER OPTIONAL,
- pinReference [0] Reference DEFAULT 0,
- padChar OCTET STRING (SIZE(1)) OPTIONAL,
- lastPinChange GeneralizedTime OPTIONAL,
- path Path OPTIONAL,
- ... -- For future extensions
-}
-
-PinFlags ::= BIT STRING {
- case-sensitive (0),
- local (1),
- change-disabled (2),
- unblock-disabled (3),
- initialized (4),
- needs-padding (5),
- unblockingPin (6),
- soPin (7),
- disable-allowed (8),
- integrity-protected (9),
- confidentiality-protected (10),
- exchangeRefData (11)
-} (CONSTRAINED BY { -- 'unblockingPin' and 'soPIN' cannot both be set -- })
-
-PinType ::= ENUMERATED {bcd, ascii-numeric, utf8, ...,
- half-nibble-bcd, iso9564-1}
-
-BiometricAttributes ::= SEQUENCE {
- bioFlags BiometricFlags,
- templateId OBJECT IDENTIFIER,
- bioType BiometricType,
- bioReference Reference DEFAULT 0,
- lastChange GeneralizedTime OPTIONAL,
- path Path OPTIONAL,
-... -- For future extensions
-}
-
-BiometricFlags ::= BIT STRING {
- local (1),
- change-disabled (2),
- unblock-disabled (3),
- initialized (4),
- disable-allowed (8),
- integrity-protected (9),
- confidentiality-protected (10)
- } -- Note: bits 0, 5, 6, and 7 are reserved for future use
-
-BiometricType ::= CHOICE {
- fingerPrint FingerPrint,
- irisScan [0] IrisScan,
- -- Possible extensions:
- -- voiceScan VoiceScan,
- -- faceScan FaceScan,
- -- retinaScan Retinascan,
- -- handGeometry HandGeometry,
- -- writeDynamics WriteDynamics,
- -- keyStrokeDynamicsKeyStrokeDynamics,
- -- lipDynamics LipDynamics,
- ... -- For future extensions
-}
-
-FingerPrint ::= SEQUENCE {
- hand ENUMERATED {left, right},
- finger ENUMERATED {thumb, pointerFinger, middleFinger,
- ringFinger, littleFinger},
- ...
-}
-
-IrisScan ::= SEQUENCE {
- eye ENUMERATED {left, right},
- ...
-}
-
-ExternalAuthObjectAttributes ::= CHOICE {
- authKeyAttributes AuthKeyAttributes,
- certBasedAttributes [0] CertBasedAuthenticationAttributes,
- ... -- For future extensions
-}
-
-AuthKeyAttributes ::= SEQUENCE {
- derivedKey BOOLEAN DEFAULT TRUE,
- authKeyId Identifier,
- ... -- For future extensions
-}
-
-CertBasedAuthenticationAttributes ::= SEQUENCE {
- cha OCTET STRING,
- ...
-}
-
-TokenInfo ::= SEQUENCE {
- version INTEGER {v1(0)} (v1,...),
- serialNumber OCTET STRING,
- manufacturerID Label OPTIONAL,
- label [0] Label OPTIONAL,
- tokenflags TokenFlags,
- seInfo SEQUENCE OF SecurityEnvironmentInfo OPTIONAL,
- recordInfo [1] RecordInfo OPTIONAL,
- supportedAlgorithms [2] SEQUENCE OF AlgorithmInfo OPTIONAL,
- ...,
- issuerId [3] Label OPTIONAL,
- holderId [4] Label OPTIONAL,
- lastUpdate [5] LastUpdate OPTIONAL,
- preferredLanguage PrintableString OPTIONAL -- In accordance with
- -- IETF RFC 1766
-} (CONSTRAINED BY { -- Each AlgorithmInfo.reference value must be unique --})
-
-TokenFlags ::= BIT STRING {
- readonly (0),
- loginRequired (1),
- prnGeneration (2),
- eidCompliant (3)
-}
-
-SecurityEnvironmentInfo ::= SEQUENCE {
- se INTEGER (0..pkcs15-ub-seInfo),
- owner OBJECT IDENTIFIER,
- ... -- For future extensions
-}
-
-RecordInfo ::= SEQUENCE {
- oDFRecordLength [0] INTEGER (0..pkcs15-ub-recordLength) OPTIONAL,
- prKDFRecordLength [1] INTEGER (0..pkcs15-ub-recordLength) OPTIONAL,
- puKDFRecordLength [2] INTEGER (0..pkcs15-ub-recordLength) OPTIONAL,
- sKDFRecordLength [3] INTEGER (0..pkcs15-ub-recordLength) OPTIONAL,
- cDFRecordLength [4] INTEGER (0..pkcs15-ub-recordLength) OPTIONAL,
- dODFRecordLength [5] INTEGER (0..pkcs15-ub-recordLength) OPTIONAL,
- aODFRecordLength [6] INTEGER (0..pkcs15-ub-recordLength) OPTIONAL
-}
-
-AlgorithmInfo ::= SEQUENCE {
- reference Reference,
- algorithm PKCS15-ALGORITHM.&id({AlgorithmSet}),
- parameters PKCS15-ALGORITHM.&Parameters({AlgorithmSet}{@algorithm}),
- supportedOperations
- PKCS15-ALGORITHM.&Operations({AlgorithmSet}{@algorithm}),
- algId PKCS15-ALGORITHM.&objectIdentifier({AlgorithmSet}{@algorithm})
- OPTIONAL,
- algRef Reference OPTIONAL
-}
-
-PKCS15-ALGORITHM ::= CLASS {
- &id INTEGER UNIQUE,
- &Parameters,
- &Operations Operations,
- &objectIdentifier OBJECT IDENTIFIER OPTIONAL
-} WITH SYNTAX {
- PARAMETERS &Parameters OPERATIONS &Operations ID &id [OID &objectIdentifier]}
-
-PKCS15-OPAQUE ::= TYPE-IDENTIFIER
-
-PublicKeyOperations ::= Operations
-
-Operations ::= BIT STRING {
- compute-checksum (0), -- H/W computation of checksum
- compute-signature (1), -- H/W computation of signature
- verify-checksum (2), -- H/W verification of checksum
- verify-signature (3), -- H/W verification of signature
- encipher (4), -- H/W encryption of data
- decipher (5), -- H/W decryption of data
- hash (6), -- H/W hashing
- generate-key (7) -- H/W key generation
- }
-
-pkcs15-alg-null PKCS15-ALGORITHM ::= {
- PARAMETERS NULL OPERATIONS {{generate-key}} ID -1}
-
-AlgorithmSet PKCS15-ALGORITHM ::= {
- pkcs15-alg-null,
- ... -- See PKCS #11 for values for the &id field (and parameters)
- }
-
-LastUpdate ::= CHOICE {
- generalizedTime GeneralizedTime,
- referencedTime ReferencedValue {GeneralizedTime},
- ... -- For future extensions
- }
-
--- Soft token related types and objects
-
-EnvelopedData {Type} ::= SEQUENCE {
- version INTEGER{v0(0),v1(1),v2(2),v3(3),v4(4)}(v0|v1|v2,...),
- originatorInfo [0] OriginatorInfo OPTIONAL,
- recipientInfos RecipientInfos,
- encryptedContentInfo EncryptedContentInfo{Type},
- unprotectedAttrs [1] SET SIZE (1..MAX) OF Attribute OPTIONAL
-}
-
-EncryptedContentInfo {Type} ::= SEQUENCE {
- contentType OBJECT IDENTIFIER,
- contentEncryptionAlgorithm AlgorithmIdentifier {{KeyDerivationAlgorithms}},
- encryptedContent [0] OCTET STRING OPTIONAL
-}(CONSTRAINED BY {-- 'encryptedContent' shall be the result of
- -- encrypting DER-encoded value of type -- Type})
-
-PKCS15Token ::= SEQUENCE {
- version INTEGER {v1(0)} (v1,...),
- keyManagementInfo [0] KeyManagementInfo OPTIONAL,
- pkcs15Objects SEQUENCE OF PKCS15Objects
-}
-
-KeyManagementInfo ::= SEQUENCE OF SEQUENCE {
- keyId Identifier,
- keyInfo CHOICE {
- recipientInfo RecipientInfo,
- passwordInfo [0] PasswordInfo
- }
-} (CONSTRAINED BY {-- Each keyID must be unique --})
-
-PasswordInfo ::= SEQUENCE {
- hint Label OPTIONAL,
- algId AlgorithmIdentifier {{KeyDerivationAlgorithms}},
- ...
-} (CONSTRAINED BY {--keyID shall point to a KEKRecipientInfo--})
-
-KeyDerivationAlgorithms ALGORITHM-IDENTIFIER ::= {
- PBKDF2Algorithms,
- ... -- For future extensions
-}
-
-CMS3DESwrap ::= NULL
-
-KeyEncryptionAlgorithms ALGORITHM-IDENTIFIER ::= {
- {CMS3DESwrap IDENTIFIED BY id-alg-CMS3DESwrap} |
- {INTEGER IDENTIFIED BY id-alg-CMSRC2wrap},
- ... -- For future extensions
-}
-
-DES-IV ::= OCTET STRING (SIZE(8))
-
-ContentEncryptionAlgorithms ALGORITHM-IDENTIFIER ::= {
- SupportingAlgorithms EXCEPT {NULL IDENTIFIED BY id-hmacWithSHA1},
- ... -- For future extensions
-}
-
-MACAlgorithms ALGORITHM-IDENTIFIER ::= {
- {NULL IDENTIFIED BY hMAC-SHA1},
- ... -- For future extensions
-}
-
-DigestAlgorithms ALGORITHM-IDENTIFIER ::= {
- {NULL IDENTIFIED BY sha-1},
- ... -- For future extensions
-}
-
--- Misc
-
-DDO ::= SEQUENCE {
- oid OBJECT IDENTIFIER,
- odfPath Path OPTIONAL,
- tokenInfoPath [0] Path OPTIONAL,
- unusedPath [1] Path OPTIONAL,
- ... -- For future extensions
-}
-
-DIRRecord ::= [APPLICATION 1] SEQUENCE {
- aid [APPLICATION 15] OCTET STRING,
- label [APPLICATION 16] UTF8String OPTIONAL,
- path [APPLICATION 17] OCTET STRING,
- ddo [APPLICATION 19] DDO OPTIONAL
-}
-
-UnusedSpace ::= SEQUENCE {
- path Path (WITH COMPONENTS {..., index PRESENT, length PRESENT}),
- authId Identifier OPTIONAL,
- ...,
- accessControlRules SEQUENCE OF AccessControlRule OPTIONAL
-}
-
-END
diff --git a/lib/public_key/asn1/PKCS-7.asn1 b/lib/public_key/asn1/PKCS-7.asn1
index 3af6449f58..f80954398e 100644
--- a/lib/public_key/asn1/PKCS-7.asn1
+++ b/lib/public_key/asn1/PKCS-7.asn1
@@ -20,15 +20,52 @@ informationFramework, authenticationFramework
FROM InformationFramework informationFramework
ALGORITHM, Certificate, CertificateSerialNumber,
- CertificateList
- FROM AuthenticationFramework authenticationFramework
+ CertificateList, Time
+ FROM AuthenticationFramework authenticationFramework;
- contentType, messageDigest, signingTime, counterSignature
- FROM PKCS-9 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
- pkcs-9(9) modules(0) pkcs-9(1)};
+-- contentType, messageDigest, signingTime
+-- , counterSignature
+-- FROM PKCS-9 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
+-- pkcs-9(9) modules(0) pkcs-9(1)};
--
-- 6. Useful types
--
+pkcs-9 OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840)
+ rsadsi(113549) pkcs(1) 9}
+contentType ATTRIBUTE ::= {
+ WITH SYNTAX ContentType
+-- EQUALITY MATCHING RULE objectIdentifierMatch
+ SINGLE VALUE TRUE
+ ID pkcs-9-at-contentType
+}
+
+pkcs-9-at-contentType OBJECT IDENTIFIER ::= {pkcs-9 3}
+pkcs-9-at-messageDigest OBJECT IDENTIFIER ::= {pkcs-9 4}
+pkcs-9-at-signingTime OBJECT IDENTIFIER ::= {pkcs-9 5}
+pkcs-9-at-counterSignature OBJECT IDENTIFIER ::= {pkcs-9 6}
+
+counterSignature ATTRIBUTE ::= {
+ WITH SYNTAX SignerInfo
+ ID pkcs-9-at-counterSignature
+}
+messageDigest ATTRIBUTE ::= {
+ WITH SYNTAX MessageDigest
+-- EQUALITY MATCHING RULE octetStringMatch
+ SINGLE VALUE TRUE
+ ID pkcs-9-at-messageDigest
+}
+
+MessageDigest ::= OCTET STRING
+
+signingTime ATTRIBUTE ::= {
+ WITH SYNTAX SigningTime
+-- EQUALITY MATCHING RULE signingTimeMatch
+ SINGLE VALUE TRUE
+ ID pkcs-9-at-signingTime
+}
+
+SigningTime ::= Time -- imported from ISO/IEC 9594-8
+
-- Also defined in X.509
-- Redeclared here as a parameterized type
@@ -101,7 +138,8 @@ KeyEncryptionAlgorithms ALGORITHM ::= {
--
ContentInfo ::= SEQUENCE {
- contentType ContentType,
+-- contentType ContentType,
+ contentType CONTENTS.&id({Contents}),
content [0] EXPLICIT CONTENTS.&Type({Contents}{@contentType})
OPTIONAL
}
@@ -131,7 +169,8 @@ Data ::= OCTET STRING
--
SignedData ::= SEQUENCE {
- version INTEGER {sdVer1(1), sdVer2(2)} (sdVer1 | sdVer2),
+-- version INTEGER {sdVer1(1), sdVer2(2)} (sdVer1 | sdVer2),
+ version INTEGER {sdVer1(1), sdVer2(2)},
digestAlgorithms
DigestAlgorithmIdentifiers,
contentInfo ContentInfo,
@@ -168,7 +207,8 @@ DigestAlgorithmIdentifiers ::= CHOICE {
}
SignerInfo ::= SEQUENCE {
- version INTEGER {siVer1(1), siVer2(2)} (siVer1 | siVer2),
+-- version INTEGER {siVer1(1), siVer2(2)} (siVer1 | siVer2),
+ version INTEGER {siVer1(1), siVer2(2)},
issuerAndSerialNumber
IssuerAndSerialNumber,
digestAlgorithm DigestAlgorithmIdentifier,
@@ -201,8 +241,12 @@ Authenticated ATTRIBUTE ::= {
}
Unauthenticated ATTRIBUTE ::= {
+ contentType |
+ messageDigest,
..., -- add application-specific attributes here
counterSignature
+-- ..., add application-specific attributes here
+-- counterSignature
}
EncryptedDigest ::= OCTET STRING
@@ -219,7 +263,8 @@ Digest ::= OCTET STRING
--
EnvelopedData ::= SEQUENCE {
- version INTEGER {edVer0(0), edVer1(1)} (edVer0 | edVer1),
+-- version INTEGER {edVer0(0), edVer1(1)} (edVer0 | edVer1),
+ version INTEGER {edVer0(0), edVer1(1)},
recipientInfos RecipientInfos,
encryptedContentInfo
EncryptedContentInfo
@@ -245,7 +290,8 @@ EncryptedContentInfo ::= SEQUENCE {
EncryptedContent ::= OCTET STRING
RecipientInfo ::= SEQUENCE {
- version INTEGER {riVer0(0)} (riVer0),
+-- version INTEGER {riVer0(0)} (riVer0),
+ version INTEGER {riVer0(0)},
issuerAndSerialNumber
IssuerAndSerialNumber,
keyEncryptionAlgorithm
@@ -260,7 +306,8 @@ EncryptedKey ::= OCTET STRING
--
SignedAndEnvelopedData ::= SEQUENCE {
- version INTEGER {seVer1(1), seVer2(2)} (seVer1 | seVer2),
+-- version INTEGER {seVer1(1), seVer2(2)} (seVer1 | seVer2),
+ version INTEGER {seVer1(1), seVer2(2)},
recipientInfos RecipientInfos,
digestAlgorithms
DigestAlgorithmIdentifiers,
@@ -292,10 +339,11 @@ SignedAndEnvelopedData ::= SEQUENCE {
--
-- 12. Digested-data content type
---
+--pbeWithSHAAnd3-KeyTripleDES-CBC
DigestedData ::= SEQUENCE {
- version INTEGER {ddVer0(0)} (ddVer0),
+-- version INTEGER {ddVer0(0)} (ddVer0),
+ version INTEGER {ddVer0(0)},
digestAlgorithm DigestAlgorithmIdentifier,
contentInfo ContentInfo,
digest Digest
@@ -306,7 +354,8 @@ DigestedData ::= SEQUENCE {
--
EncryptedData ::= SEQUENCE {
- version INTEGER {edVer0(0)} (edVer0),
+-- version INTEGER {edVer0(0)} (edVer0),
+ version INTEGER {edVer0(0)},
encryptedContentInfo EncryptedContentInfo
}
diff --git a/lib/public_key/asn1/PKCS-9.asn1 b/lib/public_key/asn1/PKCS-9.asn1
deleted file mode 100644
index 9196251ccb..0000000000
--- a/lib/public_key/asn1/PKCS-9.asn1
+++ /dev/null
@@ -1,390 +0,0 @@
-PKCS-9 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
-pkcs-9(9) modules(0) pkcs-9(1)}
-
--- $Revision$
-
-DEFINITIONS IMPLICIT TAGS ::=
-
-BEGIN
-
--- EXPORTS All --
--- All types and values defined in this module is exported for use in
--- other ASN.1 modules.
-
-IMPORTS
-
-informationFramework, authenticationFramework, selectedAttributeTypes,
- upperBounds , id-at
- FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
- usefulDefinitions(0) 3}
-
-ub-name
- FROM UpperBounds upperBounds
-
-OBJECT-CLASS, ATTRIBUTE, MATCHING-RULE, Attribute, top, objectIdentifierMatch
- FROM InformationFramework informationFramework
-
-ALGORITHM, Extensions, Time
- FROM AuthenticationFramework authenticationFramework
-
-DirectoryString, octetStringMatch, caseIgnoreMatch, caseExactMatch,
- generalizedTimeMatch, integerMatch, serialNumber
- FROM SelectedAttributeTypes selectedAttributeTypes
-
-ContentInfo, SignerInfo
- FROM CryptographicMessageSyntax {iso(1) member-body(2) us(840)
- rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1)}
-
-EncryptedPrivateKeyInfo
- FROM PKCS-8 {iso(1) member-body(2) us(840) rsadsi(113549)
- pkcs(1) pkcs-8(8) modules(1) pkcs-8(1)}
-
-PFX
- FROM PKCS-12 {iso(1) member-body(2) us(840) rsadsi(113549)
- pkcs(1) pkcs-12(12) modules(0) pkcs-12(1)}
-
-PKCS15Token
- FROM PKCS-15 {iso(1) member-body(2) us(840) rsadsi(113549)
- pkcs(1) pkcs-15(15) modules(1) pkcs-15(1)};
-
--- Upper bounds
-pkcs-9-ub-pkcs9String INTEGER ::= 255
-pkcs-9-ub-emailAddress INTEGER ::= pkcs-9-ub-pkcs9String
-pkcs-9-ub-unstructuredName INTEGER ::= pkcs-9-ub-pkcs9String
-pkcs-9-ub-unstructuredAddress INTEGER ::= pkcs-9-ub-pkcs9String
-pkcs-9-ub-challengePassword INTEGER ::= pkcs-9-ub-pkcs9String
-pkcs-9-ub-friendlyName INTEGER ::= pkcs-9-ub-pkcs9String
-pkcs-9-ub-signingDescription INTEGER ::= pkcs-9-ub-pkcs9String
-pkcs-9-ub-match INTEGER ::= pkcs-9-ub-pkcs9String
-pkcs-9-ub-pseudonym INTEGER ::= ub-name
-pkcs-9-ub-placeOfBirth INTEGER ::= ub-name
-
--- Object Identifiers
-
-pkcs-9 OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840)
- rsadsi(113549) pkcs(1) 9}
-
- -- Main arcs
-pkcs-9-mo OBJECT IDENTIFIER ::= {pkcs-9 0} -- Modules branch
-pkcs-9-oc OBJECT IDENTIFIER ::= {pkcs-9 24} -- Object class branch
-pkcs-9-at OBJECT IDENTIFIER ::= {pkcs-9 25} -- Attribute branch, for new attributes
-pkcs-9-sx OBJECT IDENTIFIER ::= {pkcs-9 26} -- For syntaxes (RFC 2252)
-pkcs-9-mr OBJECT IDENTIFIER ::= {pkcs-9 27} -- Matching rules
-
- -- Object classes
-pkcs-9-oc-pkcsEntity OBJECT IDENTIFIER ::= {pkcs-9-oc 1}
-pkcs-9-oc-naturalPerson OBJECT IDENTIFIER ::= {pkcs-9-oc 2}
-
- -- Attributes
-pkcs-9-at-emailAddress OBJECT IDENTIFIER ::= {pkcs-9 1}
-pkcs-9-at-unstructuredName OBJECT IDENTIFIER ::= {pkcs-9 2}
-pkcs-9-at-contentType OBJECT IDENTIFIER ::= {pkcs-9 3}
-pkcs-9-at-messageDigest OBJECT IDENTIFIER ::= {pkcs-9 4}
-pkcs-9-at-signingTime OBJECT IDENTIFIER ::= {pkcs-9 5}
-pkcs-9-at-counterSignature OBJECT IDENTIFIER ::= {pkcs-9 6}
-pkcs-9-at-challengePassword OBJECT IDENTIFIER ::= {pkcs-9 7}
-pkcs-9-at-unstructuredAddress OBJECT IDENTIFIER ::= {pkcs-9 8}
-pkcs-9-at-extendedCertificateAttributes OBJECT IDENTIFIER ::= {pkcs-9 9}
-
--- Obsolete (?) attribute identifiers, purportedly from "tentative
--- PKCS #9 draft"
--- pkcs-9-at-issuerAndSerialNumber OBJECT IDENTIFIER ::= {pkcs-9 10}
--- pkcs-9-at-passwordCheck OBJECT IDENTIFIER ::= {pkcs-9 11}
--- pkcs-9-at-publicKey OBJECT IDENTIFIER ::= {pkcs-9 12}
-
-pkcs-9-at-signingDescription OBJECT IDENTIFIER ::= {pkcs-9 13}
-pkcs-9-at-extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14}
-pkcs-9-at-smimeCapabilities OBJECT IDENTIFIER ::= {pkcs-9 15}
-
--- Unused (?)
--- pkcs-9-at-? OBJECT IDENTIFIER ::= {pkcs-9 17}
--- pkcs-9-at-? OBJECT IDENTIFIER ::= {pkcs-9 18}
--- pkcs-9-at-? OBJECT IDENTIFIER ::= {pkcs-9 19}
-
-pkcs-9-at-friendlyName OBJECT IDENTIFIER ::= {pkcs-9 20}
-pkcs-9-at-localKeyId OBJECT IDENTIFIER ::= {pkcs-9 21}
-pkcs-9-at-userPKCS12 OBJECT IDENTIFIER ::= {2 16 840 1 113730 3 1 216}
-pkcs-9-at-pkcs15Token OBJECT IDENTIFIER ::= {pkcs-9-at 1}
-pkcs-9-at-encryptedPrivateKeyInfo OBJECT IDENTIFIER ::= {pkcs-9-at 2}
-pkcs-9-at-randomNonce OBJECT IDENTIFIER ::= {pkcs-9-at 3}
-pkcs-9-at-sequenceNumber OBJECT IDENTIFIER ::= {pkcs-9-at 4}
-pkcs-9-at-pkcs7PDU OBJECT IDENTIFIER ::= {pkcs-9-at 5}
-
- -- IETF PKIX Attribute branch
-ietf-at OBJECT IDENTIFIER ::= {1 3 6 1 5 5 7 9}
-
-pkcs-9-at-dateOfBirth OBJECT IDENTIFIER ::= {ietf-at 1}
-pkcs-9-at-placeOfBirth OBJECT IDENTIFIER ::= {ietf-at 2}
-pkcs-9-at-gender OBJECT IDENTIFIER ::= {ietf-at 3}
-pkcs-9-at-countryOfCitizenship OBJECT IDENTIFIER ::= {ietf-at 4}
-pkcs-9-at-countryOfResidence OBJECT IDENTIFIER ::= {ietf-at 5}
-
- -- Syntaxes (for use with LDAP accessible directories)
-pkcs-9-sx-pkcs9String OBJECT IDENTIFIER ::= {pkcs-9-sx 1}
-pkcs-9-sx-signingTime OBJECT IDENTIFIER ::= {pkcs-9-sx 2}
-
- -- Matching rules
-pkcs-9-mr-caseIgnoreMatch OBJECT IDENTIFIER ::= {pkcs-9-mr 1}
-pkcs-9-mr-signingTimeMatch OBJECT IDENTIFIER ::= {pkcs-9-mr 2}
-
- -- Arcs with attributes defined elsewhere
-smime OBJECT IDENTIFIER ::= {pkcs-9 16}
- -- Main arc for S/MIME (RFC 2633)
-certTypes OBJECT IDENTIFIER ::= {pkcs-9 22}
- -- Main arc for certificate types defined in PKCS #12
-crlTypes OBJECT IDENTIFIER ::= {pkcs-9 23}
- -- Main arc for crl types defined in PKCS #12
-
- -- Other object identifiers
-id-at-pseudonym OBJECT IDENTIFIER ::= {id-at 65}
-
--- Useful types
-
-PKCS9String {INTEGER : maxSize} ::= CHOICE {
- ia5String IA5String (SIZE(1..maxSize)),
- directoryString DirectoryString {maxSize}
-}
-
--- Object classes
-
-pkcsEntity OBJECT-CLASS ::= {
- SUBCLASS OF { top }
- KIND auxiliary
- MAY CONTAIN { PKCSEntityAttributeSet }
- ID pkcs-9-oc-pkcsEntity
-}
-
-naturalPerson OBJECT-CLASS ::= {
- SUBCLASS OF { top }
- KIND auxiliary
- MAY CONTAIN { NaturalPersonAttributeSet }
- ID pkcs-9-oc-naturalPerson
-}
-
--- Attribute sets
-
-PKCSEntityAttributeSet ATTRIBUTE ::= {
- pKCS7PDU |
- userPKCS12 |
- pKCS15Token |
- encryptedPrivateKeyInfo,
- ... -- For future extensions
-}
-
-NaturalPersonAttributeSet ATTRIBUTE ::= {
- emailAddress |
- unstructuredName |
- unstructuredAddress |
- dateOfBirth |
- placeOfBirth |
- gender |
- countryOfCitizenship |
- countryOfResidence |
- pseudonym |
- serialNumber,
- ... -- For future extensions
-}
-
--- Attributes
-
-pKCS7PDU ATTRIBUTE ::= {
- WITH SYNTAX ContentInfo
- ID pkcs-9-at-pkcs7PDU
-}
-
-userPKCS12 ATTRIBUTE ::= {
- WITH SYNTAX PFX
- ID pkcs-9-at-userPKCS12
-}
-
-pKCS15Token ATTRIBUTE ::= {
- WITH SYNTAX PKCS15Token
- ID pkcs-9-at-pkcs15Token
-}
-
-encryptedPrivateKeyInfo ATTRIBUTE ::= {
- WITH SYNTAX EncryptedPrivateKeyInfo
- ID pkcs-9-at-encryptedPrivateKeyInfo
-}
-
-emailAddress ATTRIBUTE ::= {
- WITH SYNTAX IA5String (SIZE(1..pkcs-9-ub-emailAddress))
- EQUALITY MATCHING RULE pkcs9CaseIgnoreMatch
- ID pkcs-9-at-emailAddress
-}
-
-unstructuredName ATTRIBUTE ::= {
- WITH SYNTAX PKCS9String {pkcs-9-ub-unstructuredName}
- EQUALITY MATCHING RULE pkcs9CaseIgnoreMatch
- ID pkcs-9-at-unstructuredName
-}
-
-unstructuredAddress ATTRIBUTE ::= {
- WITH SYNTAX DirectoryString {pkcs-9-ub-unstructuredAddress}
- EQUALITY MATCHING RULE caseIgnoreMatch
- ID pkcs-9-at-unstructuredAddress
-}
-
-dateOfBirth ATTRIBUTE ::= {
- WITH SYNTAX GeneralizedTime
- EQUALITY MATCHING RULE generalizedTimeMatch
- SINGLE VALUE TRUE
- ID pkcs-9-at-dateOfBirth
-}
-
-placeOfBirth ATTRIBUTE ::= {
- WITH SYNTAX DirectoryString {pkcs-9-ub-placeOfBirth}
- EQUALITY MATCHING RULE caseExactMatch
- SINGLE VALUE TRUE
- ID pkcs-9-at-placeOfBirth
-}
-
-gender ATTRIBUTE ::= {
- WITH SYNTAX PrintableString (SIZE(1) ^ FROM ("M" | "F" | "m" | "f"))
- EQUALITY MATCHING RULE caseIgnoreMatch
- SINGLE VALUE TRUE
- ID pkcs-9-at-gender
-}
-
-countryOfCitizenship ATTRIBUTE ::= {
- WITH SYNTAX PrintableString (SIZE(2))(CONSTRAINED BY {
- -- Must be a two-letter country acronym in accordance with
- -- ISO/IEC 3166 --})
- EQUALITY MATCHING RULE caseIgnoreMatch
- ID pkcs-9-at-countryOfCitizenship
-}
-
-countryOfResidence ATTRIBUTE ::= {
- WITH SYNTAX PrintableString (SIZE(2))(CONSTRAINED BY {
- -- Must be a two-letter country acronym in accordance with
- -- ISO/IEC 3166 --})
- EQUALITY MATCHING RULE caseIgnoreMatch
- ID pkcs-9-at-countryOfResidence
-}
-
-pseudonym ATTRIBUTE ::= {
- WITH SYNTAX DirectoryString {pkcs-9-ub-pseudonym}
- EQUALITY MATCHING RULE caseExactMatch
- ID id-at-pseudonym
-}
-
-contentType ATTRIBUTE ::= {
- WITH SYNTAX ContentType
- EQUALITY MATCHING RULE objectIdentifierMatch
- SINGLE VALUE TRUE
- ID pkcs-9-at-contentType
-}
-
-ContentType ::= OBJECT IDENTIFIER
-
-messageDigest ATTRIBUTE ::= {
- WITH SYNTAX MessageDigest
- EQUALITY MATCHING RULE octetStringMatch
- SINGLE VALUE TRUE
- ID pkcs-9-at-messageDigest
-}
-
-MessageDigest ::= OCTET STRING
-
-signingTime ATTRIBUTE ::= {
- WITH SYNTAX SigningTime
- EQUALITY MATCHING RULE signingTimeMatch
- SINGLE VALUE TRUE
- ID pkcs-9-at-signingTime
-}
-
-SigningTime ::= Time -- imported from ISO/IEC 9594-8
-
-randomNonce ATTRIBUTE ::= {
- WITH SYNTAX RandomNonce
- EQUALITY MATCHING RULE octetStringMatch
- SINGLE VALUE TRUE
- ID pkcs-9-at-randomNonce
-}
-
-RandomNonce ::= OCTET STRING (SIZE(4..MAX)) -- At least four bytes long
-
-sequenceNumber ATTRIBUTE ::= {
- WITH SYNTAX SequenceNumber
- EQUALITY MATCHING RULE integerMatch
- SINGLE VALUE TRUE
- ID pkcs-9-at-sequenceNumber
-}
-
-SequenceNumber ::= INTEGER (1..MAX)
-
-counterSignature ATTRIBUTE ::= {
- WITH SYNTAX SignerInfo
- ID pkcs-9-at-counterSignature
-}
-
-challengePassword ATTRIBUTE ::= {
- WITH SYNTAX DirectoryString {pkcs-9-ub-challengePassword}
- EQUALITY MATCHING RULE caseExactMatch
- SINGLE VALUE TRUE
- ID pkcs-9-at-challengePassword
-}
-
-extensionRequest ATTRIBUTE ::= {
- WITH SYNTAX ExtensionRequest
- SINGLE VALUE TRUE
- ID pkcs-9-at-extensionRequest
-}
-
-ExtensionRequest ::= Extensions
-
-extendedCertificateAttributes ATTRIBUTE ::= {
- WITH SYNTAX SET OF Attribute
- SINGLE VALUE TRUE
- ID pkcs-9-at-extendedCertificateAttributes
-}
-
-friendlyName ATTRIBUTE ::= {
- WITH SYNTAX BMPString (SIZE(1..pkcs-9-ub-friendlyName))
- EQUALITY MATCHING RULE caseIgnoreMatch
- SINGLE VALUE TRUE
- ID pkcs-9-at-friendlyName
-}
-
-localKeyId ATTRIBUTE ::= {
- WITH SYNTAX OCTET STRING
- EQUALITY MATCHING RULE octetStringMatch
- SINGLE VALUE TRUE
- ID pkcs-9-at-localKeyId
-}
-
-signingDescription ATTRIBUTE ::= {
- WITH SYNTAX DirectoryString {pkcs-9-ub-signingDescription}
- EQUALITY MATCHING RULE caseIgnoreMatch
- SINGLE VALUE TRUE
- ID pkcs-9-at-signingDescription
-}
-
-smimeCapabilities ATTRIBUTE ::= {
- WITH SYNTAX SMIMECapabilities
- SINGLE VALUE TRUE
- ID pkcs-9-at-smimeCapabilities
-}
-
-SMIMECapabilities ::= SEQUENCE OF SMIMECapability
-
-SMIMECapability ::= SEQUENCE {
- algorithm ALGORITHM.&id ({SMIMEv3Algorithms}),
- parameters ALGORITHM.&Type ({SMIMEv3Algorithms}{@algorithm})
-}
-
-SMIMEv3Algorithms ALGORITHM ::= {...-- See RFC 2633 --}
-
- -- Matching rules
-
-pkcs9CaseIgnoreMatch MATCHING-RULE ::= {
- SYNTAX PKCS9String {pkcs-9-ub-match}
- ID pkcs-9-mr-caseIgnoreMatch
-}
-
-signingTimeMatch MATCHING-RULE ::= {
- SYNTAX SigningTime
- ID pkcs-9-mr-signingTimeMatch
-}
-
-END
diff --git a/lib/public_key/asn1/PKCS-FRAME.set.asn b/lib/public_key/asn1/PKCS-FRAME.set.asn
index 00219bccba..343afedd76 100644
--- a/lib/public_key/asn1/PKCS-FRAME.set.asn
+++ b/lib/public_key/asn1/PKCS-FRAME.set.asn
@@ -1,4 +1,3 @@
PKCS-8.asn1
PKCS-7.asn1
-PKCS-9.asn1
PKCS5v2-0.asn1
diff --git a/lib/public_key/asn1/UpperBounds.asn1 b/lib/public_key/asn1/UpperBounds.asn1
deleted file mode 100644
index 71c2a7ba7a..0000000000
--- a/lib/public_key/asn1/UpperBounds.asn1
+++ /dev/null
@@ -1,88 +0,0 @@
-UpperBounds {joint-iso-itu-t ds(5) module(1) upperBounds(10) 5} DEFINITIONS ::=
-BEGIN
-
--- EXPORTS All
--- The types and values defined in this module are exported for use in the other ASN.1 modules contained
--- within the Directory Specifications, and for the use of other applications which will use them to access
--- Directory services. Other applications may use them for their own purposes, but this will not constrain
--- extensions and modifications needed to maintain or improve the Directory service.
-ub-answerback INTEGER ::=
- 8
-
-ub-business-category INTEGER ::= 128
-
-ub-common-name INTEGER ::= 64
-
-ub-content INTEGER ::= 32768
-
-ub-country-code INTEGER ::= 4
-
-ub-description INTEGER ::= 1024
-
-ub-destination-indicator INTEGER ::= 128
-
-ub-directory-string-first-component-match INTEGER ::= 32768
-
-ub-domainLocalID INTEGER ::= 64
-
-ub-international-isdn-number INTEGER ::= 16
-
-ub-knowledge-information INTEGER ::= 32768
-
-ub-labeledURI INTEGER ::= 32768
-
-ub-localeContextSyntax INTEGER ::= 128
-
-ub-locality-name INTEGER ::= 128
-
-ub-match INTEGER ::= 128
-
-ub-name INTEGER ::= 64
-
-ub-organization-name INTEGER ::= 64
-
-ub-organizational-unit-name INTEGER ::= 64
-
-ub-physical-office-name INTEGER ::= 128
-
-ub-post-office-box INTEGER ::= 40
-
-ub-postal-code INTEGER ::= 40
-
-ub-postal-line INTEGER ::= 6
-
-ub-postal-string INTEGER ::= 30
-
-ub-privacy-mark-length INTEGER ::= 128
-
-ub-pseudonym INTEGER ::= 128
-
-ub-saslMechanism INTEGER ::= 64
-
-ub-schema INTEGER ::= 1024
-
-ub-search INTEGER ::= 32768
-
-ub-serial-number INTEGER ::= 64
-
-ub-state-name INTEGER ::= 128
-
-ub-street-address INTEGER ::= 128
-
-ub-surname INTEGER ::= 64
-
-ub-tag INTEGER ::= 64
-
-ub-telephone-number INTEGER ::= 32
-
-ub-teletex-terminal-id INTEGER ::= 1024
-
-ub-telex-number INTEGER ::= 14
-
-ub-title INTEGER ::= 64
-
-ub-user-password INTEGER ::= 128
-
-ub-x121-address INTEGER ::= 15
-
-END -- UpperBounds