diff options
Diffstat (limited to 'lib/asn1/test')
| -rw-r--r-- | lib/asn1/test/Makefile | 10 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE.erl | 120 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/BadTypeEnding.asn | 6 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/BadValueAssignment1.asn1 | 8 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/BadValueAssignment2.asn1 | 8 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/BadValueSet.asn1 | 9 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/CCSNARG3.asn | 2 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/ChoExtension.asn1 | 6 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/ChoiceBadExtension.asn1 | 27 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/ConstraintEquivalence.asn1 | 60 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/Constraints.py | 44 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/CoverParser.asn1 | 57 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/EnumExt.asn1 | 2 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/Example.asn1 | 20 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/Export1.asn | 7 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/Exporting.asn1 | 18 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/ExtensibilityImplied.asn1 | 30 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/IllegalExport.asn1 | 7 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/Importing.asn1 | 20 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/InfObj.asn | 188 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/InfObjExtract.asn1 | 136 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/MissingEnd.asn1 | 5 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/ObjIdValues.asn1 | 1 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/ParamBasic.asn1 | 33 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/Prim.asn1 | 2 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/SelectionType.asn | 8 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/Seq.py | 5 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/SeqOptional2.asn | 6 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/SequenceBadComma.asn | 10 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/SequenceBadComponentName.asn1 | 10 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/SequenceBadComponentType.asn1 | 10 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/Syntax.py | 10 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/ValueTest.asn | 96 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/ACSE-1.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/ACSE-1.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/AlgorithmInformation-2009.asn1 | 466 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/AttributeCertificateVersion1-2009.asn1 | 59 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/AuthenticationFramework.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/AuthenticationFramework.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/BasicAccessControl.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/BasicAccessControl.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/CertificateExtensions.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/CertificateExtensions.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/Character-Coding-Attributes.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/Character-Coding-Attributes.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/Character-Presentation-Attributes.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/Character-Presentation-Attributes.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/Character-Profile-Attributes.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/Character-Profile-Attributes.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/Colour-Attributes.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/Colour-Attributes.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/CryptographicMessageSyntax-2009.asn1 | 463 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/CryptographicMessageSyntaxAlgorithms-2009.asn1 | 248 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/DOR-definition.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/DOR-definition.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/DSAOperationalAttributeTypes.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/DSAOperationalAttributeTypes.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/Default-Value-Lists.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/Default-Value-Lists.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryAbstractService.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/DirectoryAbstractService.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryAccessProtocol.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/DirectoryAccessProtocol.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryInformationShadowProtocol.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/DirectoryInformationShadowProtocol.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryOperationalBindingManagementProtocol.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/DirectoryOperationalBindingManagementProtocol.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryOperationalBindingTypes.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/DirectoryOperationalBindingTypes.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryProtectionMappings.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/DirectoryProtectionMappings.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryShadowAbstractService.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/DirectoryShadowAbstractService.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/DirectorySystemProtocol.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/DirectorySystemProtocol.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/DistributedOperations.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/DistributedOperations.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/Document-Profile-Descriptor.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/Document-Profile-Descriptor.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/EnhancedSecurity.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/EnhancedSecurity.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/EnrollmentMessageSyntax-2009.asn1 | 543 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/External-References.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/External-References.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/GULSProtectionMappings.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/GULSProtectionMappings.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/GenericProtectingTransferSyntax.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/GenericProtectingTransferSyntax.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/Geo-Gr-Coding-Attributes.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/Geo-Gr-Coding-Attributes.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/Geo-Gr-Presentation-Attributes.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/Geo-Gr-Presentation-Attributes.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/Geo-Gr-Profile-Attributes.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/Geo-Gr-Profile-Attributes.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/GulsSecurityExchanges.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/GulsSecurityExchanges.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/GulsSecurityTransformations.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/GulsSecurityTransformations.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/HierarchicalOperationalBindings.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/HierarchicalOperationalBindings.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/IPMSAbstractService.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/IPMSAbstractService.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/IPMSAutoActionTypes.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/IPMSAutoActionTypes.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/IPMSExtendedBodyPartTypes.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/IPMSExtendedBodyPartTypes.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/IPMSExtendedBodyPartTypes2.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/IPMSExtendedBodyPartTypes2.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/IPMSExtendedVoiceBodyPartType.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/IPMSExtendedVoiceBodyPartType.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/IPMSFileTransferBodyPartType.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/IPMSFileTransferBodyPartType.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/IPMSForwardedContentBodyPartType.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/IPMSForwardedContentBodyPartType.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/IPMSForwardedReportBodyPartType.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/IPMSForwardedReportBodyPartType.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/IPMSFunctionalObjects.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/IPMSFunctionalObjects.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/IPMSHeadingExtensions.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/IPMSHeadingExtensions.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/IPMSInformationObjects.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/IPMSInformationObjects.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/IPMSMessageStoreAttributes.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/IPMSMessageStoreAttributes.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/IPMSObjectIdentifiers.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/IPMSObjectIdentifiers.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/IPMSObjectIdentifiers2.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/IPMSObjectIdentifiers2.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/IPMSSecurityExtensions.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/IPMSSecurityExtensions.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/IPMSUpperBounds.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/IPMSUpperBounds.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/ISO-STANDARD-9541-FONT-ATTRIBUTE-SET.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/ISO-STANDARD-9541-FONT-ATTRIBUTE-SET.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/ISO8571-FTAM.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/ISO8571-FTAM.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/ISO9541-SN.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/ISO9541-SN.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/Identifiers-and-Expressions.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/Identifiers-and-Expressions.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/InformationFramework.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/InformationFramework.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/Interchange-Data-Elements.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/Interchange-Data-Elements.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/Layout-Descriptors.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/Layout-Descriptors.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/Link-Descriptors.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/Link-Descriptors.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/Location-Expressions.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/Location-Expressions.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/Logical-Descriptors.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/Logical-Descriptors.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/MHSObjectIdentifiers.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/MHSObjectIdentifiers.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/MHSProtocolObjectIdentifiers.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/MHSProtocolObjectIdentifiers.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/MSAbstractService.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/MSAbstractService.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/MSAccessProtocol.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/MSAccessProtocol.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/MSGeneralAttributeTypes.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/MSGeneralAttributeTypes.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/MSGeneralAutoActionTypes.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/MSGeneralAutoActionTypes.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/MSMatchingRules.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/MSMatchingRules.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/MSObjectIdentifiers.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/MSObjectIdentifiers.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/MSUpperBounds.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/MSUpperBounds.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/MTAAbstractService.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/MTAAbstractService.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/MTSAbstractService.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/MTSAbstractService.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/MTSAbstractService88.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/MTSAbstractService88.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/MTSAccessProtocol.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/MTSAccessProtocol.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/MTSObjectIdentifiers.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/MTSObjectIdentifiers.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/MTSUpperBounds.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/MTSUpperBounds.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/Notation.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/Notation.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/OCSP-2009.asn1 | 183 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/OLD-PKCS7.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/PKCS7.asn) | 2 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/ObjectIdentifiers.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/ObjectIdentifiers.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/OperationalBindingManagement.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/OperationalBindingManagement.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-10.asn1 | 56 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-12.asn1 | 174 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-5.asn1 | 202 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-7.asn1 | 326 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-8.asn1 | 61 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-9.asn1 | 391 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/PKCS7BodyPartType.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/PKCS7BodyPartType.asn) | 2 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/PKIX-CommonTypes-2009.asn1 | 166 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/PKIX-X400Address-2009.asn1 | 300 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/PKIX1-PSS-OAEP-Algorithms-2009.asn1 | 308 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/PKIX1Explicit-2009.asn1 | 415 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/PKIX1Implicit-2009.asn1 | 447 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/PKIXAlgs-2009.asn1 | 528 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/PKIXAttributeCertificate-2009.asn1 | 292 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/PKIXCMP-2009.asn1 | 495 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/PKIXCRMF-2009.asn1 | 409 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/Protected-Part-Descriptors.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/Protected-Part-Descriptors.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/ProtocolObjectIdentifiers.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/ProtocolObjectIdentifiers.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/Raster-Gr-Coding-Attributes.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/Raster-Gr-Coding-Attributes.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/Raster-Gr-Presentation-Attributes.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/Raster-Gr-Presentation-Attributes.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/Raster-Gr-Profile-Attributes.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/Raster-Gr-Profile-Attributes.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/Reliable-Transfer-APDU.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/Reliable-Transfer-APDU.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Abstract-Syntaxes.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Abstract-Syntaxes.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Generic-ROS-PDUs.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Generic-ROS-PDUs.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Information-Objects-extensions.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Information-Objects-extensions.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Information-Objects.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Information-Objects.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Realizations.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Realizations.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Useful-Definitions.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Useful-Definitions.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/SCVP-2009.asn1 | 608 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/SecureMimeMessageV3dot1-2009.asn1 | 122 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/SelectedAttributeTypes.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/SelectedAttributeTypes.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/SeseAPDUs.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/SeseAPDUs.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/SpkmGssTokens.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/SpkmGssTokens.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/Style-Descriptors.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/Style-Descriptors.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/Subprofiles.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/Subprofiles.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/Temporal-Relationships.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/Temporal-Relationships.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/Text-Units.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/Text-Units.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/UpperBounds.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/UpperBounds.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/UsefulDefinitions.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/UsefulDefinitions.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_SUITE_data/rfcs/Videotex-Coding-Attributes.asn1 (renamed from lib/asn1/test/asn1_SUITE_data/x420/Videotex-Coding-Attributes.asn) | 0 | ||||
| -rw-r--r-- | lib/asn1/test/asn1_test_lib.erl | 25 | ||||
| -rw-r--r-- | lib/asn1/test/error_SUITE.erl | 725 | ||||
| -rw-r--r-- | lib/asn1/test/syntax_SUITE.erl | 340 | ||||
| -rw-r--r-- | lib/asn1/test/testChoExtension.erl | 5 | ||||
| -rw-r--r-- | lib/asn1/test/testConstraints.erl | 22 | ||||
| -rw-r--r-- | lib/asn1/test/testEnumExt.erl | 28 | ||||
| -rw-r--r-- | lib/asn1/test/testExtensibilityImplied.erl | 29 | ||||
| -rw-r--r-- | lib/asn1/test/testImporting.erl | 34 | ||||
| -rw-r--r-- | lib/asn1/test/testInfObj.erl | 39 | ||||
| -rw-r--r-- | lib/asn1/test/testInfObjExtract.erl | 72 | ||||
| -rw-r--r-- | lib/asn1/test/testParamBasic.erl | 8 | ||||
| -rw-r--r-- | lib/asn1/test/testPrim.erl | 5 | ||||
| -rw-r--r-- | lib/asn1/test/testPrimStrings.erl | 3 | ||||
| -rw-r--r-- | lib/asn1/test/testRfcs.erl | 75 | ||||
| -rw-r--r-- | lib/asn1/test/testSelectionTypes.erl | 28 | ||||
| -rw-r--r-- | lib/asn1/test/testUniqueObjectSets.erl | 175 | ||||
| -rw-r--r-- | lib/asn1/test/testValueTest.erl | 114 | ||||
| -rw-r--r-- | lib/asn1/test/testX420.erl | 93 | ||||
| -rw-r--r-- | lib/asn1/test/test_compile_options.erl | 39 | 
174 files changed, 9706 insertions, 400 deletions
| diff --git a/lib/asn1/test/Makefile b/lib/asn1/test/Makefile index b1b08aa9f9..ea5a0f857e 100644 --- a/lib/asn1/test/Makefile +++ b/lib/asn1/test/Makefile @@ -78,6 +78,7 @@ MODULES= \  	testEnumExt \  	testInfObjectClass \  	testInfObj \ +	testInfObjExtract \  	testParameterizedInfObj \  	testFragmented \  	testMergeCompile \ @@ -104,14 +105,19 @@ MODULES= \  	test_compile_options \  	testDoubleEllipses \  	test_modified_x420 \ -	testX420 \  	test_x691 \  	testWSParamClass \ +	testValueTest \ +	testUniqueObjectSets \ +	testRfcs \ +	testImporting \ +	testExtensibilityImplied \  	asn1_test_lib \  	asn1_app_test \  	asn1_appup_test \  	asn1_SUITE \ -	error_SUITE +	error_SUITE \ +	syntax_SUITE  ERL_FILES= $(MODULES:%=%.erl) diff --git a/lib/asn1/test/asn1_SUITE.erl b/lib/asn1/test/asn1_SUITE.erl index 432197eec0..9dfcc3f571 100644 --- a/lib/asn1/test/asn1_SUITE.erl +++ b/lib/asn1/test/asn1_SUITE.erl @@ -52,9 +52,7 @@ all() ->  groups() ->      Parallel = asn1_test_lib:parallel(),      [{compile, Parallel, -      [c_syntax, -       c_string, -       c_implicit_before_choice, +      [c_string,         constraint_equivalence]},       {ber, Parallel, @@ -89,6 +87,7 @@ groups() ->                      ber_other,  		    der,                      h323test]}, +       testExtensibilityImplied,         testChoPrim,         testChoExtension,         testChoOptional, @@ -135,19 +134,19 @@ groups() ->         testChoiceIndefinite,         per_open_type,         testInfObjectClass, +       testUniqueObjectSets, +       testInfObjExtract,         testParam,         testFragmented,         testMergeCompile,         testobj,         testDeepTConstr, -       testExport,         testImport,         testDER,         testDEFAULT,         testMvrasn6,         testContextSwitchingTypes,         testOpenTypeImplicitTag, -       duplicate_tags,         testROSE,         testINSTANCE_OF,         testTCAP, @@ -158,16 +157,19 @@ groups() ->         testNortel,         % Uses 'PKCS7', 'InformationFramework'         {group, [], [test_WS_ParamClass, -		    test_modified_x420, -                    testX420]}, -       testTcapsystem, -       testNBAPsystem, -       testS1AP, +		    test_modified_x420]}, +       %% Don't run all these at the same time. +       {group, [], +	[testTcapsystem, +	 testNBAPsystem, +	 testS1AP, +	 testRfcs]},         test_compile_options,         testDoubleEllipses,         test_x691,         ticket_6143, -       test_OTP_9688]}, +       test_OTP_9688, +       testValueTest]},       {performance, [],        [testTimer_ber, @@ -196,7 +198,7 @@ init_per_testcase(Func, Config) ->      true = code:add_patha(CaseDir),      Dog = case Func of -              testX420 -> ct:timetrap({minutes, 90}); +              testRfcs -> ct:timetrap({minutes, 90});                _        -> ct:timetrap({minutes, 60})            end,      [{case_dir, CaseDir}, {watchdog, Dog}|Config]. @@ -374,6 +376,12 @@ testExternal(Config, Rule, Opts) ->      testSetOfTag:main(Rule),      testSetTag:main(Rule). +testExtensibilityImplied(Config) -> +    test(Config, fun testExtensibilityImplied/3). +testExtensibilityImplied(Config, Rule, Opts) -> +    asn1_test_lib:compile("ExtensibilityImplied", Config, +			  [Rule,no_ok_wrapper|Opts]), +    testExtensibilityImplied:main().  testChoPrim(Config) -> test(Config, fun testChoPrim/3).  testChoPrim(Config, Rule, Opts) -> @@ -561,39 +569,21 @@ testSetOfCho(Config, Rule, Opts) ->      asn1_test_lib:compile("SetOfCho", Config, [Rule|Opts]),      testSetOfCho:main(Rule). -c_syntax(Config) -> -    DataDir = ?config(data_dir, Config), -    [{error, _} = asn1ct:compile(filename:join(DataDir, F)) -     || F <-["Syntax", -             "BadTypeEnding", -             "BadValueAssignment1", -             "BadValueAssignment2", -             "BadValueSet", -             "ChoiceBadExtension", -             "EnumerationBadExtension", -             "Example", -             "Export1", -             "MissingEnd", -             "SequenceBadComma", -             "SequenceBadComponentName", -             "SequenceBadComponentType", -             "SeqBadComma"]]. -  c_string(Config) ->      test(Config, fun c_string/3).  c_string(Config, Rule, Opts) ->      asn1_test_lib:compile("String", Config, [Rule|Opts]),      asn1ct:test('String'). -c_implicit_before_choice(Config) -> -    test(Config, fun c_implicit_before_choice/3, [ber]). -c_implicit_before_choice(Config, Rule, Opts) -> -    DataDir = ?config(data_dir, Config), -    CaseDir = ?config(case_dir, Config), -    {error, _R2} = asn1ct:compile(filename:join(DataDir, "CCSNARG3"), -                                  [Rule, {outdir, CaseDir}|Opts]). -  constraint_equivalence(Config) -> +    constraint_equivalence_abs(Config), +    test(Config, fun constraint_equivalence/3). + +constraint_equivalence(Config, Rule, Opts) -> +    M = 'ConstraintEquivalence', +    asn1_test_lib:compile(M, Config, [Rule|Opts]). + +constraint_equivalence_abs(Config) ->      DataDir = ?config(data_dir, Config),      CaseDir = ?config(case_dir, Config),      Asn1Spec = "ConstraintEquivalence", @@ -765,6 +755,16 @@ testInfObjectClass(Config, Rule, Opts) ->      testInfObjectClass:main(Rule),      testInfObj:main(Rule). +testUniqueObjectSets(Config) -> test(Config, fun testUniqueObjectSets/3). +testUniqueObjectSets(Config, Rule, Opts) -> +    CaseDir = ?config(case_dir, Config), +    testUniqueObjectSets:main(CaseDir, Rule, Opts). + +testInfObjExtract(Config) -> test(Config, fun testInfObjExtract/3). +testInfObjExtract(Config, Rule, Opts) -> +    asn1_test_lib:compile("InfObjExtract", Config, [Rule|Opts]), +    testInfObjExtract:main(). +  testParam(Config) ->      test(Config, fun testParam/3, [ber,{ber,[der]},per,uper]).  testParam(Config, Rule, Opts) -> @@ -804,18 +804,14 @@ testDeepTConstr(Config, Rule, Opts) ->                                [Rule|Opts]),      testDeepTConstr:main(Rule). -testExport(Config) -> -    {error, _} = -	asn1ct:compile(filename:join(?config(data_dir, Config), -				     "IllegalExport"), -		       [{outdir, ?config(case_dir, Config)}]). -  testImport(Config) ->      test(Config, fun testImport/3).  testImport(Config, Rule, Opts) -> -    Files = ["ImportsFrom","ImportsFrom2","ImportsFrom3"], +    Files = ["ImportsFrom","ImportsFrom2","ImportsFrom3", +	     "Importing","Exporting"],      asn1_test_lib:compile_all(Files, Config, [Rule|Opts]),      42 = 'ImportsFrom':i(), +    testImporting:main(),      ok.  testMegaco(Config) -> test(Config, fun testMegaco/3). @@ -839,24 +835,20 @@ testContextSwitchingTypes(Config, Rule, Opts) ->  testTypeValueNotation(Config) -> test(Config, fun testTypeValueNotation/3).  testTypeValueNotation(Config, Rule, Opts) -> -    asn1_test_lib:compile_all(["SeqTypeRefPrim", "ValueTest"], Config, -                              [Rule|Opts]), +    asn1_test_lib:compile("SeqTypeRefPrim", Config, [Rule|Opts]),      testTypeValueNotation:main(Rule, Opts). +testValueTest(Config) -> test(Config, fun testValueTest/3). +testValueTest(Config, Rule, Opts) -> +    asn1_test_lib:compile("ValueTest", Config, [Rule|Opts]), +    testValueTest:main(). +  testOpenTypeImplicitTag(Config) ->      test(Config, fun testOpenTypeImplicitTag/3).  testOpenTypeImplicitTag(Config, Rule, Opts) ->      asn1_test_lib:compile("OpenTypeImplicitTag", Config, [Rule|Opts]),      testOpenTypeImplicitTag:main(Rule). -duplicate_tags(Config) -> -    DataDir = ?config(data_dir, Config), -    CaseDir = ?config(case_dir, Config), -    {error, [{error, {type, _, _, 'SeqOpt1Imp', -			     {asn1, {duplicates_of_the_tags, _}}}}]} = -	asn1ct:compile(filename:join(DataDir, "SeqOptional2"), -		       [abs, {outdir, CaseDir}]). -  rtUI(Config) -> test(Config, fun rtUI/3).  rtUI(Config, Rule, Opts) ->      asn1_test_lib:compile("Prim", Config, [Rule|Opts]), @@ -990,13 +982,22 @@ testS1AP(Config, Rule, Opts) ->  	    ok      end. +testRfcs(Config) ->  test(Config, fun testRfcs/3, [{ber,[der]}]). +testRfcs(Config, Rule, Opts) -> +    case erlang:system_info(system_architecture) of +	"sparc-sun-solaris2.10" -> +	    {skip,"Too slow for an old Sparc"}; +	_ -> +	    testRfcs:compile(Config, Rule, Opts), +	    testRfcs:test() +    end. +  test_compile_options(Config) ->      ok = test_compile_options:wrong_path(Config),      ok = test_compile_options:path(Config),      ok = test_compile_options:noobj(Config),      ok = test_compile_options:record_name_prefix(Config), -    ok = test_compile_options:verbose(Config), -    ok = test_compile_options:warnings_as_errors(Config). +    ok = test_compile_options:verbose(Config).  testDoubleEllipses(Config) -> test(Config, fun testDoubleEllipses/3).  testDoubleEllipses(Config, Rule, Opts) -> @@ -1084,6 +1085,7 @@ test_modules() ->       "CommonDataTypes",       "Constraints",       "ContextSwitchingTypes", +     "CoverParser",       "DS-EquipmentUser-CommonFunctionOrig-TransmissionPath",       "Enum",       "From", @@ -1118,7 +1120,9 @@ test_modules() ->       "Def",       "Opt",       "ELDAPv3", -     "LDAP"]. +     "LDAP", +     "SeqOptional2", +     "CCSNARG3"].  test_OTP_9688(Config) ->      PrivDir = ?config(case_dir, Config), diff --git a/lib/asn1/test/asn1_SUITE_data/BadTypeEnding.asn b/lib/asn1/test/asn1_SUITE_data/BadTypeEnding.asn deleted file mode 100644 index 3ccd838ac0..0000000000 --- a/lib/asn1/test/asn1_SUITE_data/BadTypeEnding.asn +++ /dev/null @@ -1,6 +0,0 @@ -BadTypeEnding  DEFINITIONS ::= -BEGIN - -T ::= Typ; - -END diff --git a/lib/asn1/test/asn1_SUITE_data/BadValueAssignment1.asn1 b/lib/asn1/test/asn1_SUITE_data/BadValueAssignment1.asn1 deleted file mode 100644 index a5d4984e60..0000000000 --- a/lib/asn1/test/asn1_SUITE_data/BadValueAssignment1.asn1 +++ /dev/null @@ -1,8 +0,0 @@ -BadValueAssignment1  DEFINITIONS ::= -BEGIN - -int INTEGER ::= 3 - -int2 integer ::= 3 - -END diff --git a/lib/asn1/test/asn1_SUITE_data/BadValueAssignment2.asn1 b/lib/asn1/test/asn1_SUITE_data/BadValueAssignment2.asn1 deleted file mode 100644 index 7a96406001..0000000000 --- a/lib/asn1/test/asn1_SUITE_data/BadValueAssignment2.asn1 +++ /dev/null @@ -1,8 +0,0 @@ -BadValueAssignment2  DEFINITIONS ::= -BEGIN - -int INTEGER ::= 3 - -int2 ::= 3 - -END diff --git a/lib/asn1/test/asn1_SUITE_data/BadValueSet.asn1 b/lib/asn1/test/asn1_SUITE_data/BadValueSet.asn1 deleted file mode 100644 index 68bd4380b7..0000000000 --- a/lib/asn1/test/asn1_SUITE_data/BadValueSet.asn1 +++ /dev/null @@ -1,9 +0,0 @@ -BadValueSet  DEFINITIONS ::= -BEGIN - -Int INTEGER ::= {1|2|3} - -Int2 INTEGER ::= { -    1,2,3} - -END diff --git a/lib/asn1/test/asn1_SUITE_data/CCSNARG3.asn b/lib/asn1/test/asn1_SUITE_data/CCSNARG3.asn index 23c1f32ceb..8932238adc 100644 --- a/lib/asn1/test/asn1_SUITE_data/CCSNARG3.asn +++ b/lib/asn1/test/asn1_SUITE_data/CCSNARG3.asn @@ -3,7 +3,7 @@ BEGIN  CallCentreServiceNotificationArg ::= SEQUENCE {     scriptInformation      [0] ScriptToScriptInformation, -   eventInformation       [1] IMPLICIT EventInformation OPTIONAL +   eventInformation       [1] EventInformation OPTIONAL  } diff --git a/lib/asn1/test/asn1_SUITE_data/ChoExtension.asn1 b/lib/asn1/test/asn1_SUITE_data/ChoExtension.asn1 index f6fe18be10..18473bae30 100644 --- a/lib/asn1/test/asn1_SUITE_data/ChoExtension.asn1 +++ b/lib/asn1/test/asn1_SUITE_data/ChoExtension.asn1 @@ -41,10 +41,4 @@ ChoExt4 ::= CHOICE    str OCTET STRING  } -ChoEmptyRoot ::= CHOICE { -  ..., -  bool BOOLEAN, -  int INTEGER (0..7) -} -  END diff --git a/lib/asn1/test/asn1_SUITE_data/ChoiceBadExtension.asn1 b/lib/asn1/test/asn1_SUITE_data/ChoiceBadExtension.asn1 deleted file mode 100644 index d0789d7414..0000000000 --- a/lib/asn1/test/asn1_SUITE_data/ChoiceBadExtension.asn1 +++ /dev/null @@ -1,27 +0,0 @@ -ChoiceBadExtension DEFINITIONS ::= -BEGIN - -Seq ::= SEQUENCE { -    ..., -    name PrintableString, -    location INTEGER {home(0),field(1),roving(2)}, -    age INTEGER  -    } - -Cho1 ::= CHOICE { -    name PrintableString, -    ..., -    location INTEGER {home(0),field(1),roving(2)}, -    age INTEGER  -    } - -Cho2 ::= CHOICE { -    ..., -    name PrintableString, -    location INTEGER {home(0),field(1),roving(2)}, -    age INTEGER  -    } - -END - - diff --git a/lib/asn1/test/asn1_SUITE_data/ConstraintEquivalence.asn1 b/lib/asn1/test/asn1_SUITE_data/ConstraintEquivalence.asn1 index 8b3d151502..648275dd66 100644 --- a/lib/asn1/test/asn1_SUITE_data/ConstraintEquivalence.asn1 +++ b/lib/asn1/test/asn1_SUITE_data/ConstraintEquivalence.asn1 @@ -11,6 +11,10 @@ BEGIN   SingleValueX8 ::= INTEGER (integer42)   SingleValueX9 ::= INTEGER (integer42..integer42)   SingleValueX10 ::= INTEGER ((integer42) INTERSECTION (40..49)) + SingleValueX11 ::= INTEGER (40..49) (integer42) + SingleValueX12 ::= INTEGER ((MIN..0) ^ (1..10) | integer42) + SingleValueX13 ::= INTEGER ((11..20) ^ (1..10) | integer42) + SingleValueX14 ::= INTEGER ((MIN..42) ^ (1..100) ^ (42..50))   UnconstrainedX0 ::= INTEGER   UnconstrainedX1 ::= INTEGER (MIN..MAX) @@ -19,6 +23,10 @@ BEGIN   UnconstrainedX4 ::= INTEGER ((MIN..MAX)|9|10)   UnconstrainedX5 ::= INTEGER ((MIN..MAX)|10..20)   UnconstrainedX6 ::= INTEGER ((MIN..MAX) UNION (10..20)) + UnconstrainedX7 ::= INTEGER ((MIN..MAX) ^ ((MIN..MAX) UNION (10..20))) + UnconstrainedX8 ::= INTEGER ((-100..MAX) ^ (42..MAX) | (MIN..41)) + UnconstrainedX9 ::= INTEGER (UnconstrainedX0) + UnconstrainedX10 ::= INTEGER (UnconstrainedX0)(MIN..MAX)   RangeX00 ::= INTEGER (5..10)   RangeX01 ::= INTEGER (4<..<11) @@ -38,22 +46,66 @@ BEGIN   RangeX16 ::= INTEGER ((5|6) UNION (7) UNION (7<..<11))   RangeX20 ::= INTEGER (0..20) (5..10) - RangeX21 ::= INTEGER (0..10) (5..20) - RangeX22 ::= INTEGER (0..10) (5..20) (MIN..MAX) - RangeX23 ::= INTEGER ((0..10) INTERSECTION (5..20) ^ (MIN..MAX)) - RangeX24 ::= INTEGER ((5|6|7|8|9|10) INTERSECTION (5..20) ^ (MIN..MAX)) + RangeX21 ::= INTEGER ((0..10) ^ (5..20)) + RangeX22 ::= INTEGER ((0..10) ^ (5..20) ^ (MIN..MAX)) + RangeX23 ::= INTEGER (MIN..MAX) (-100..20) (5..10) + RangeX24 ::= INTEGER (MIN..MAX) (0..100) (5..20) (5..10) + RangeX25 ::= INTEGER ((0..10) INTERSECTION (5..20) ^ (MIN..MAX)) + RangeX26 ::= INTEGER ((5|6|7|8|9|10) INTERSECTION (5..20) ^ (MIN..MAX)) + + RangeX30 ::= INTEGER (((5|6) | (5..20)) ^ (0..10)) + RangeX31 ::= INTEGER (((((5|6) | (5..20)) ^ (0..10))) ^ (MIN..MAX)) + RangeX32 ::= INTEGER ((5|7) | (5..10)) + + Semi00 ::= INTEGER (0..MAX) + Semi01 ::= INTEGER (0..MAX) (MIN..MAX) + Semi02 ::= INTEGER ((0..100) UNION (200..MAX) UNION (50..1024)) + + RangeExtX00 ::= INTEGER (5..10, ...) + RangeExtX01 ::= INTEGER (0..20) (5..10, ...) + RangeExtX02 ::= INTEGER (RangeX26) (5..10, ...) +-- RangeExtX03 ::= RangeX26 (5..10, ...) + + MinRangeX00 ::= INTEGER (MIN..10) + MinRangeX01 ::= INTEGER ((MIN..0) | (0..10)) + MinRangeX02 ::= INTEGER (MIN..MAX) (MIN..100) (MIN..10) + MinRangeX03 ::= INTEGER (((MIN..-100)|(-60..-50)) | (MIN..10)) + + DisjointRangeX00 ::= INTEGER (0..5 UNION 95..99) + DisjointRangeX01 ::= INTEGER (0|1|2|3|4|5|95|96|97|98|99) + DisjointRangeX02 ::= INTEGER (0..100) (0..2 UNION 95..99 UNION 3|4|5) + DisjointRangeX03 ::= INTEGER (MIN..MAX) (0..2 UNION 95..99 UNION 3|4|5) + + MinDisjointRangeX00 ::= INTEGER (MIN..-100 UNION 100..1000) + MinDisjointRangeX01 ::= INTEGER (MIN..-100 UNION 100..1000 UNION (MIN..-100)) + MinDisjointRangeX02 ::= INTEGER (MIN..-50000 UNION 100..1000 UNION (MIN..-100)) + MinDisjointRangeX03 ::= INTEGER (MIN..-100 UNION 100..1000 UNION (MIN..-1000000)) + MinDisjointRangeX04 ::= INTEGER (MIN..-100 UNION 100..1000 UNION (MIN..-1000000)) + MinDisjointRangeX05 ::= INTEGER (MIN..-100 ^ (MIN..-100) UNION 100..1000) + MinDisjointRangeX06 ::= INTEGER (MIN..-100 ^ (MIN..0) UNION 100..1000)   UnconstrainedStringX00 ::= IA5String   UnconstrainedStringX01 ::= IA5String (SIZE (0..MAX)) + UnconstrainedStringX02 ::= IA5String (SIZE (0..42|43..MAX))   ConstrainedStringX00 ::= IA5String (SIZE (0..5))   ConstrainedStringX01 ::= IA5String (SIZE (0|1|2|3|4|5)) + StringExtFromX00 ::= IA5String (FROM ("AB", ..., "CD"))(SIZE (1..10, ..., 15..20)) + StringExtFromX01 ::= IA5String (FROM ("AB", ..., "CD"))(SIZE (1..10, ..., 15..20)) + StringExtFromX02 ::= IA5String ((FROM ("AB", ..., "CD")) ^ ((SIZE (1..10, ..., 15..20)))) + StringExtFromX03 ::= IA5String ((FROM ("AB", ..., "CD")) ^ (SIZE (1..10, ..., 15..20))) + StringExtFromX04 ::= IA5String (StringExtFromX00) +   -- Note: None of the back-ends care about the exact values   -- outside of the root range.   ExtConstrainedStringX00 ::= IA5String (SIZE (1..2, ...))   ExtConstrainedStringX01 ::= IA5String (SIZE (1|2, ..., 3))   ExtConstrainedStringX02 ::= IA5String (SIZE (1|2, ..., 3|4|5)) + ExtConstrainedStringX03 ::= IA5String (SIZE (1|2, ...,  1|2|3|4|5)) + ExtConstrainedStringX04 ::= IA5String (SIZE (1|2), ..., SIZE (1|2|3|4|5)) + ExtConstrainedStringX05 ::= IA5String (SIZE (1|2, ...), ..., +                                        SIZE (1|2|3|4|5, ...))   integer4 INTEGER ::= 4   integer11 INTEGER ::= 11 diff --git a/lib/asn1/test/asn1_SUITE_data/Constraints.py b/lib/asn1/test/asn1_SUITE_data/Constraints.py index 3495cd841b..a40c513141 100644 --- a/lib/asn1/test/asn1_SUITE_data/Constraints.py +++ b/lib/asn1/test/asn1_SUITE_data/Constraints.py @@ -81,7 +81,7 @@ maxNrOfCellPortionsPerCell-1 INTEGER ::= 35  CellPortionID	::= INTEGER (0..maxNrOfCellPortionsPerCell-1,...)  -- OTP-6763 -T ::=  IA5String (SIZE (1|2, ..., SIZE (1|2|3))) -- Dubuisson 268 +T ::=  IA5String (SIZE (1|2), ..., SIZE (1|2|3)) -- Dubuisson 268  T2 ::= IA5String (SIZE (1|2, ..., 3)) -- equal with T  -- OTP-8046 @@ -144,5 +144,47 @@ NonOverlapping ::= INTEGER (7280..7560 |  23000..24000 |  24960..26900) +-- +-- Test INTEGER constraints from fields in objects. +-- + +INT-HOLDER ::= CLASS { +  &id INTEGER UNIQUE, +  &obj INT-HOLDER OPTIONAL +} WITH SYNTAX { +  ID &id +  [OBJ &obj] +} + +int-holder-1 INT-HOLDER ::= { ID 2 } +int-holder-2 INT-HOLDER ::= { ID 4 OBJ int-holder-1 } + +IntObjectConstr ::= INTEGER (int-holder-2.&obj.&id..int-holder-2.&id) + +-- +-- INTEGER constraints defined using named INTEGERs. +-- + +ConstrainedNamedInt ::= INTEGER {v1(42)} (v1) +constrainedNamedInt-1 INTEGER {v1(42)} (v1) ::= 42 +constrainedNamedInt-2 ConstrainedNamedInt ::= 100 + +SeqWithNamedInt ::= SEQUENCE { +   int INTEGER {v2(7)} (v2) +} + +-- +-- Cover simpletable constraint checking code. +-- + +ContentInfo ::= SEQUENCE { +  contentType ContentType +} + +Contents TYPE-IDENTIFIER ::= { +  {OCTET STRING IDENTIFIED BY {2 1 1 1 1 1 1}} +} + +ContentType ::= TYPE-IDENTIFIER.&id({Contents})  END diff --git a/lib/asn1/test/asn1_SUITE_data/CoverParser.asn1 b/lib/asn1/test/asn1_SUITE_data/CoverParser.asn1 new file mode 100644 index 0000000000..75d40188ca --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/CoverParser.asn1 @@ -0,0 +1,57 @@ +CoverParser DEFINITIONS AUTOMATIC TAGS ::= +BEGIN + + Cho1 ::= CHOICE { +   i INTEGER, +   ... ! 42, +   [[ b BOOLEAN ]] + } + + Cho2 ::= CHOICE { +   i INTEGER, +   ..., +   [[ b BOOLEAN, +      s IA5String ]], +   ... + } + + Int1 ::= INTEGER (CONSTRAINED BY {INTEGER:1,INTEGER:2}) + + Seq1 ::= SEQUENCE { +   ... ! INTEGER:1 + } + + Seq2 ::= SEQUENCE { +   ... ! INTEGER:1, +   i INTEGER + } + + Seq3 ::= SEQUENCE { +   b BOOLEAN, +   ... ! INTEGER:1, +   i INTEGER + } + + Seq4 ::= SEQUENCE { +   a INTEGER OPTIONAL, +   b OCTET STRING OPTIONAL + } (WITH COMPONENTS {a ABSENT, b OPTIONAL} | +    WITH COMPONENTS {a PRESENT, b PRESENT}) + + SeqOf1 ::= SEQUENCE OF INTEGER + SeqOf2 ::= SeqOf1 (WITH COMPONENT (0..7)) + + SegOf3 ::= SEQUENCE (SIZE (1..10)) OF id INTEGER + + Set1 ::= SET { +   ... ! INTEGER:1 + } + + Set2 ::= SET { +   ... ! INTEGER:1, +   a INTEGER + } + + SetOf3 ::= SET (SIZE (1..10)) OF id INTEGER + +END diff --git a/lib/asn1/test/asn1_SUITE_data/EnumExt.asn1 b/lib/asn1/test/asn1_SUITE_data/EnumExt.asn1 index 74fa97e7aa..55ad5a01a1 100644 --- a/lib/asn1/test/asn1_SUITE_data/EnumExt.asn1 +++ b/lib/asn1/test/asn1_SUITE_data/EnumExt.asn1 @@ -53,5 +53,7 @@ SeqBig ::= SEQUENCE {    i INTEGER  } +EnumSkip ::= ENUMERATED {a(2), ..., b, c, d, e, f} +  END diff --git a/lib/asn1/test/asn1_SUITE_data/Example.asn1 b/lib/asn1/test/asn1_SUITE_data/Example.asn1 deleted file mode 100644 index 2639f63940..0000000000 --- a/lib/asn1/test/asn1_SUITE_data/Example.asn1 +++ /dev/null @@ -1,20 +0,0 @@ -Example  DEFINITIONS ::= -BEGIN - -T ::= Typ - -Typ ::= SEQUENCE { -    a b, -    c Typ} ---ECLASS ::= CLASS { ---    &num       INTEGER UNIQUE, ---    &Typo ---    } WITH SYNTAX { ---    &Typo DETERMINED BY &num ---    } - ---v1 ECLASS ::= {INTEGER DETERMINED BY 12} - ---v2 INTEGER ::= 13 - -END diff --git a/lib/asn1/test/asn1_SUITE_data/Export1.asn b/lib/asn1/test/asn1_SUITE_data/Export1.asn deleted file mode 100644 index 78ead8f4d2..0000000000 --- a/lib/asn1/test/asn1_SUITE_data/Export1.asn +++ /dev/null @@ -1,7 +0,0 @@ -Export1  DEFINITIONS ::= -BEGIN -EXPORTS T - -T ::= Typ	 - -END diff --git a/lib/asn1/test/asn1_SUITE_data/Exporting.asn1 b/lib/asn1/test/asn1_SUITE_data/Exporting.asn1 new file mode 100644 index 0000000000..e4f32f6788 --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/Exporting.asn1 @@ -0,0 +1,18 @@ +Exporting DEFINITIONS AUTOMATIC TAGS ::= +BEGIN + +  Seq ::= SEQUENCE { id INTEGER, f BOOLEAN } +  PtSeq{T} ::= SEQUENCE { a T } + +  CL ::= CLASS { +     &id INTEGER UNIQUE, +     &Type +  } WITH SYNTAX { +     ID &id TYPE &Type +  } + +  obj CL ::= { ID 1 TYPE OCTET STRING } + +  pt-object{CL:ob} CL ::= {ID ob.&id TYPE OCTET STRING} + +END diff --git a/lib/asn1/test/asn1_SUITE_data/ExtensibilityImplied.asn1 b/lib/asn1/test/asn1_SUITE_data/ExtensibilityImplied.asn1 new file mode 100644 index 0000000000..d59b0edda5 --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/ExtensibilityImplied.asn1 @@ -0,0 +1,30 @@ +ExtensibilityImplied DEFINITIONS +AUTOMATIC TAGS +EXTENSIBILITY IMPLIED +::= +BEGIN + +Enum1 ::= ENUMERATED { root, ..., ext } +Enum2 ::= ENUMERATED { root } + +Seq1 ::= SEQUENCE { +  b BOOLEAN, +  ..., +  i INTEGER +} + +Seq2 ::= SEQUENCE { +  b BOOLEAN +} + +Set1 ::= SET { +  b BOOLEAN, +  ..., +  i INTEGER +} + +Set2 ::= SET { +  b BOOLEAN +} + +END diff --git a/lib/asn1/test/asn1_SUITE_data/IllegalExport.asn1 b/lib/asn1/test/asn1_SUITE_data/IllegalExport.asn1 deleted file mode 100644 index 1b5e42ad3c..0000000000 --- a/lib/asn1/test/asn1_SUITE_data/IllegalExport.asn1 +++ /dev/null @@ -1,7 +0,0 @@ -IllegalExport  DEFINITIONS ::= -BEGIN -EXPORTS T, KalleAnka; - -T ::= INTEGER	 - -END diff --git a/lib/asn1/test/asn1_SUITE_data/Importing.asn1 b/lib/asn1/test/asn1_SUITE_data/Importing.asn1 new file mode 100644 index 0000000000..2f2699c576 --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/Importing.asn1 @@ -0,0 +1,20 @@ +Importing DEFINITIONS AUTOMATIC TAGS ::= +BEGIN + + Seq ::= Exporting.PtSeq{ INTEGER(0..7) } + OtherSeq ::= Exporting.Seq + + seq Exporting.Seq ::= { id 42, f TRUE } + + o1 Exporting.CL ::= { ID 2 TYPE INTEGER (0..63) } + + ObjSet Exporting.CL ::= { o1 | Exporting.obj } + + ObjSeq ::= SEQUENCE { +   id Exporting.CL.&id ({ObjSet}), +   type Exporting.CL.&Type ({ObjSet}{@id}) + } + + o1-cloned Exporting.CL ::= Exporting.pt-object{o1} + +END diff --git a/lib/asn1/test/asn1_SUITE_data/InfObj.asn b/lib/asn1/test/asn1_SUITE_data/InfObj.asn index 719119f418..3b88770d78 100644 --- a/lib/asn1/test/asn1_SUITE_data/InfObj.asn +++ b/lib/asn1/test/asn1_SUITE_data/InfObj.asn @@ -206,7 +206,9 @@ ConstructedDefaultSet CONSTRUCTED-DEFAULT ::= {    { &id 4, &Type SET { a INTEGER, b BIT STRING } } |    { &id 5, &Type CHOICE { i INTEGER, b BIT STRING } } |    { &id 6, &Type SEQUENCE OF INTEGER (1..16) } | -  { &id 7, &Type SET OF INTEGER (1..64) } +  { &id 7, &Type SET OF INTEGER (1..64) } | +  { &id 8, &Type SEQUENCE OF SEQUENCE { x INTEGER, y INTEGER } } | +  { &id 9, &Type SET OF SEQUENCE { x INTEGER, y INTEGER } }  }  ConstructedPdu ::= SEQUENCE { @@ -288,18 +290,196 @@ OstSeq1234 ::= ObjectSetTest{ {Ost1234} }  OstSeq45 ::= ObjectSetTest{ {Ost45} }  OstSeq12345 ::= ObjectSetTest{ {Ost12345} } +OstSeq12Except ::= ObjectSetTest{ {Ost123 EXCEPT ost3} } +OstSeq123Except ::= ObjectSetTest{ {Ost12345 EXCEPT Ost45} } + +ExOst1    OBJECT-SET-TEST ::= { ost1, ... }  ExOst12    OBJECT-SET-TEST ::= { ost1, ..., ost2 }  ExOst123   OBJECT-SET-TEST ::= { ost3, ..., ExOst12 } ---ExOst1234  OBJECT-SET-TEST ::= { ExOst123, ..., ost4 } +ExOst1234  OBJECT-SET-TEST ::= { ExOst123, ..., ost4 }  ExOst45    OBJECT-SET-TEST ::= { ost4, ..., ost5 }  ExOst12345 OBJECT-SET-TEST ::= { ExOst123, ..., ExOst45 } +ExOstSeq1 ::= ObjectSetTest{ {ExOst1} }  ExOstSeq12 ::= ObjectSetTest{ {ExOst12} }  ExOstSeq123 ::= ObjectSetTest{ {ExOst123} } ---ExOstSeq1234 ::= ObjectSetTest{ {ExOst1234} } +ExOstSeq1234 ::= ObjectSetTest{ {ExOst1234} }  ExOstSeq45 ::= ObjectSetTest{ {ExOst45} }  ExOstSeq12345 ::= ObjectSetTest{ {ExOst12345} } -END +ExOstSeq12Except ::= ObjectSetTest{ {ExOst123 EXCEPT ost3} } +ExOstSeq123Except ::= ObjectSetTest{ {ExOst12345 EXCEPT ExOst45} } + +ExInlOst1    OBJECT-SET-TEST ::= { +    { 1 IS BIT STRING }, +    ... +} +ExInlOst12   OBJECT-SET-TEST ::= { +    { 1 IS BIT STRING }, +    ..., +    { 2 IS OCTET STRING } +} + +ExInlOstSeq1 ::= ObjectSetTest{ {ExInlOst1} } +ExInlOstSeq12 ::= ObjectSetTest{ {ExInlOst12} } + +-- +-- Test that extensions in a simple class works. +-- + +ExtClassSeq ::= SEQUENCE { +  arg      EXT-CLASS.&id({Extend}) +} + +EXT-CLASS ::= CLASS { +    &id INTEGER UNIQUE +} WITH SYNTAX { +    ID &id +} + +Extend EXT-CLASS ::= { { ID alt1 } | { ID alt2 }, ... } + +alt1 INTEGER ::= 4 +alt2 INTEGER ::= 5 + + +-- +-- Test a BIT STRING which is optional in the simplified syntax. +-- + +PUBLIC-KEY ::= CLASS { +    &id             INTEGER UNIQUE, +    &keyUsage       KeyUsage OPTIONAL +} WITH SYNTAX { +    IDENTIFIER &id +    [OPTIONAL-BIT-STRING &keyUsage] +} + +KeyUsage ::= BIT STRING { +     digitalSignature        (0), +     nonRepudiation          (1), +     keyEncipherment         (2) + } + +object-with-optional-bit-string PUBLIC-KEY ::= { + IDENTIFIER 42 + OPTIONAL-BIT-STRING {digitalSignature, nonRepudiation, keyEncipherment} +} + +-- Test object identifiers from objects. + +CONTAINER ::= CLASS { + &id   OBJECT IDENTIFIER UNIQUE, + &rid  RELATIVE-OID OPTIONAL, + &Type OPTIONAL +} WITH SYNTAX { +  IDENTIFIED BY &id +  [REL-OID &rid] +  [TYPE &Type] +} + +id1 OBJECT IDENTIFIER ::= {1 2 42} +obj1 CONTAINER ::= { IDENTIFIED BY id1 REL-OID {100 101} } + +value-2 OBJECT IDENTIFIER ::= { value-1 25 } +value-1 OBJECT IDENTIFIER ::= obj1.&id +value-3 RELATIVE-OID ::= obj1.&rid +value-4 OBJECT IDENTIFIER ::= { 1 2 value-3 } + + +-- Test an obscure issue when ATTRIBUTE.&id was not +-- properly evaluated. + +Rdn ::= SingleAttribute { {SupportedAttributes} } + +ATTRIBUTE ::= CLASS { +   &id             OBJECT IDENTIFIER UNIQUE, +   &Type           OPTIONAL +} + +SingleAttribute{ATTRIBUTE:AttrSet} ::= SEQUENCE { +   type      ATTRIBUTE.&id({AttrSet}), +   value     ATTRIBUTE.&Type({AttrSet}{@type}) +} +AttributeType ::= ATTRIBUTE.&id +SupportedAttributes ATTRIBUTE ::= { at-name } + +id-at OBJECT IDENTIFIER ::= { 2 5 4 41 } +id-at-name AttributeType ::= id-at +at-name ATTRIBUTE ::= { &Type PrintableString, &id id-at-name } + +-- +-- Test using an alias for TYPE-IDENTIFIER. +-- + +TiAliasParameterized { TI-ALIAS:InfoObjectSet } ::= SEQUENCE { +  algorithm TI-ALIAS.&id({InfoObjectSet}), +  parameters TI-ALIAS.&Type({InfoObjectSet} {@algorithm}) OPTIONAL +} + +TI-ALIAS ::= TYPE-IDENTIFIER + +TiAliasSeq ::= SEQUENCE { +  prf TiAliasParameterized {{TiAliasSet}} +} + +TiAliasSet TI-ALIAS ::= { +  {NULL IDENTIFIED BY {2 1 2}}, +   ... +} + +-- +-- Test using an alias for a class. +-- + +ALIAS-CONTAINER ::= CLASS { +  &id INTEGER UNIQUE, +  &obj INDIRECT-CLASS +} + +INDIRECTED-CLASS ::= CLASS { +  &id INTEGER UNIQUE, +  &Type +} + +INDIRECT-CLASS ::= INDIRECTED-CLASS + +-- +-- Indirect ObjectClassFieldType in a SEQUENCE. +-- + +ContentInfo ::= SEQUENCE { +  contentType  ContentType, -- Indirect ObjectClassFieldType +  content      TYPE-IDENTIFIER.&Type({Contents}{@contentType}) +OPTIONAL +} + +Contents TYPE-IDENTIFIER ::= { +  {IA5String IDENTIFIED BY id-content-type} +} + +ContentType ::= TYPE-IDENTIFIER.&id({Contents}) +id-content-type ContentType ::= { 2 7 8 9 } + +-- +-- Tricky parsing of simplified syntax. +-- + +TrickyType-1 ::= BIT STRING +TrickyType-2 ::= OCTET STRING + +TRICKY ::= CLASS { +  &Type1, +  &Type2 +} WITH SYNTAX { +   TYPE &Type1 &Type2 +} + +tricky-object TRICKY ::= {TYPE TrickyType-1 TrickyType-2} + +tricky-bit-string tricky-object.&Type1 ::= '1011'B +tricky-octet-string tricky-object.&Type1 ::= 'CAFE'H + +END diff --git a/lib/asn1/test/asn1_SUITE_data/InfObjExtract.asn1 b/lib/asn1/test/asn1_SUITE_data/InfObjExtract.asn1 new file mode 100644 index 0000000000..13981b546d --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/InfObjExtract.asn1 @@ -0,0 +1,136 @@ +InfObjExtract DEFINITIONS AUTOMATIC TAGS ::= +BEGIN + +DATA-CLASS ::= CLASS { +  &id INTEGER UNIQUE, +  &Type +} WITH SYNTAX { +  ID &id +  TYPE &Type +} + +data-object-1 DATA-CLASS ::= { ID 1 TYPE BOOLEAN } +data-object-2 DATA-CLASS ::= { ID 2 TYPE OCTET STRING } +data-object-3 DATA-CLASS ::= { ID 3 TYPE BIT STRING } + +ObjSet DATA-CLASS ::= { +  holder-object-1.&obj | +  data-object-2 | +  data-object-3, +  ... +} + +OBJ-SET DATA-CLASS ::= { +  holder-object-1.&obj | +  data-object-2 | +  data-object-3, +  ... +} + +SingleElementSet DATA-CLASS ::= { +  holder-object-1.&obj +} + +holder-object-1 HOLDER-CLASS ::= { +  OBJ data-object-1 +} + +holder-object-2 HOLDER-CLASS ::= { +  OBJ-SET {data-object-1} +} + +holder-object-3 HOLDER-CLASS ::= { +  OBJ-SET {holder-object-2.&ObjSet} +} + +-- Note: References to object sets with names in all uppercase/hyphens +-- may be represented differently compared to object sets with names +-- that contain lowercase letters. CAVEAT TESTOR. + +HOLDER-OBJECTS HOLDER-CLASS ::= { holder-object-2 } +HolderObjects HOLDER-CLASS ::= { holder-object-3 } + +holder-object-4 HOLDER-CLASS ::= { +  OBJ-SET { HOLDER-OBJECTS.&ObjSet } +} + +holder-object-5 HOLDER-CLASS ::= { +  OBJ-SET { HolderObjects.&ObjSet } +} + +holder-object-6 HOLDER-CLASS ::= { +  OBJ-SET { OBJ-SET } +} + +holder-object-7 HOLDER-CLASS ::= { +  OBJ-SET { ObjSet  } +} + +HOLDER-CLASS ::= CLASS { +  &obj DATA-CLASS OPTIONAL, +  &ObjSet DATA-CLASS OPTIONAL +} WITH SYNTAX { +  [OBJ &obj] +  [OBJ-SET &ObjSet] +} + +TestSeq{DATA-CLASS:ObjectSet} ::= SEQUENCE { +  id DATA-CLASS.&id ({ObjectSet}), +  data DATA-CLASS.&Type ({ObjectSet}{@id}) +} + +DataSeq-1 ::= TestSeq{ {ObjSet} } +DataSeq-2 ::= TestSeq{ {holder-object-3.&ObjSet} } + +DataSeq-3 ::= TestSeq{ {holder-object-4.&ObjSet} } +DataSeq-4 ::= TestSeq{ {holder-object-5.&ObjSet} } +DataSeq-5 ::= TestSeq{ {holder-object-6.&ObjSet} } +DataSeq-6 ::= TestSeq{ {holder-object-7.&ObjSet} } + +DataSeqSingleSet-1 ::= TestSeq{ {SingleElementSet} } +DataSeqSingleSet-2 ::= TestSeq{ {holder-object-1.&obj} } + +-- +-- Test ObjectSetFromObjects. +-- + +OBJ-CLASS ::= CLASS { +  &id INTEGER UNIQUE, +  &Data OPTIONAL, +  &Obj OBJ-CLASS OPTIONAL, +  &obj OBJ-CLASS OPTIONAL +} + +obj-class-obj-1 OBJ-CLASS ::= { &id 1, &Data BOOLEAN } + +obj-class-obj-2 OBJ-CLASS ::= { &id 2, &Data BOOLEAN, +			         &Obj {obj-class-obj-1} } + +obj-class-obj-3 OBJ-CLASS ::= { &id 3, &Data BOOLEAN, +			         &obj {&id 99, &Obj {obj-class-obj-1}} } + +obj-class-obj-4 OBJ-CLASS ::= { &id 4, &Data BOOLEAN, &obj obj-class-obj-2 } + +obj-class-obj-5 OBJ-CLASS ::= { &id 5, &Data BOOLEAN, +		                &Obj {obj-class-obj-4.&obj} } + +ObjClassSet OBJ-CLASS ::= { obj-class-obj-3.&obj.&Obj | +			    obj-class-obj-4.&Obj | -- Non-existing field +			    obj-class-obj-5.&Obj +			   } + +TestObjClassSeq{OBJ-CLASS:ObjectSet} ::= SEQUENCE { +  id OBJ-CLASS.&id ({ObjectSet}), +  data OBJ-CLASS.&Data ({ObjectSet}{@id}) +} + +ObjClassSeq-1 ::= TestObjClassSeq{{ObjClassSet}} + +-- +-- Test several levels of inlined definitions. +-- + +obj-class-obj-6 OBJ-CLASS ::= { &id 6, &Obj {{&id 100, &Data INTEGER}}, +		                &Data INTEGER } + +END diff --git a/lib/asn1/test/asn1_SUITE_data/MissingEnd.asn1 b/lib/asn1/test/asn1_SUITE_data/MissingEnd.asn1 deleted file mode 100644 index 66912ef693..0000000000 --- a/lib/asn1/test/asn1_SUITE_data/MissingEnd.asn1 +++ /dev/null @@ -1,5 +0,0 @@ -MissingEnd  DEFINITIONS ::= -BEGIN - -T ::= Typ	 - diff --git a/lib/asn1/test/asn1_SUITE_data/ObjIdValues.asn1 b/lib/asn1/test/asn1_SUITE_data/ObjIdValues.asn1 index 9368e8dceb..9193ed495c 100644 --- a/lib/asn1/test/asn1_SUITE_data/ObjIdValues.asn1 +++ b/lib/asn1/test/asn1_SUITE_data/ObjIdValues.asn1 @@ -50,6 +50,7 @@ itu-t-o OBJECT IDENTIFIER ::= {itu-t recommendation o}  itu-t-p OBJECT IDENTIFIER ::= {itu-t recommendation p}  itu-t-q OBJECT IDENTIFIER ::= {itu-t recommendation q}  itu-t-r OBJECT IDENTIFIER ::= {itu-t recommendation r} +itu-t-s OBJECT IDENTIFIER ::= {itu-t recommendation s}  itu-t-t OBJECT IDENTIFIER ::= {itu-t recommendation t}  itu-t-u OBJECT IDENTIFIER ::= {itu-t recommendation u}  itu-t-v OBJECT IDENTIFIER ::= {itu-t recommendation v} diff --git a/lib/asn1/test/asn1_SUITE_data/ParamBasic.asn1 b/lib/asn1/test/asn1_SUITE_data/ParamBasic.asn1 index 68fc782f33..d203b6c816 100644 --- a/lib/asn1/test/asn1_SUITE_data/ParamBasic.asn1 +++ b/lib/asn1/test/asn1_SUITE_data/ParamBasic.asn1 @@ -42,4 +42,37 @@ SIGNATURE-ALGORITHM ::= CLASS {      KEY &id CONTAINING &Type  } +alg-seq-1 AnAlgorithm ::= { algorithm 1, type 42 } +alg-seq-2 AnAlgorithm ::= { algorithm 2, type TRUE } + +-- +-- Test that indirect classes references are resolved. +-- + +AlgorithmIdentifier2 { ALGORITHM-IDENTIFIER:InfoObjectSet } ::= SEQUENCE { +  algorithm ALGORITHM-IDENTIFIER.&id({InfoObjectSet}), +  parameters ALGORITHM-IDENTIFIER.&Type({InfoObjectSet} {@algorithm}) OPTIONAL +} + +ALGORITHM-IDENTIFIER ::= TYPE-IDENTIFIER + +Seq ::= SEQUENCE { +  c1 AlgorithmIdentifier2 {{ObjectSet-1}}, +  c2 AlgorithmIdentifier2 {{ObjectSet-2}} +} + +ObjectSet-1 ALGORITHM-IDENTIFIER ::= { {INTEGER IDENTIFIED BY {2 1 1}}, ... } +ObjectSet-2 ALGORITHM-IDENTIFIER ::= { ... } + +-- Test a value that uses the instantiation of a parameterized type inline. +-- (Adapted from PKCS-5.) +-- + +algid-hmacWithSHA1 AlgorithmIdentifier2 {{ObjectSet-3}} ::= +  {algorithm id-hmacWithSHA1, parameters NULL : NULL} + +ObjectSet-3 TYPE-IDENTIFIER ::= { {NULL IDENTIFIED BY id-hmacWithSHA1} } + +id-hmacWithSHA1 OBJECT IDENTIFIER ::= {2 9 9 9 7} +  END diff --git a/lib/asn1/test/asn1_SUITE_data/Prim.asn1 b/lib/asn1/test/asn1_SUITE_data/Prim.asn1 index cc0e61422a..b4c011fd39 100644 --- a/lib/asn1/test/asn1_SUITE_data/Prim.asn1 +++ b/lib/asn1/test/asn1_SUITE_data/Prim.asn1 @@ -24,6 +24,8 @@ BEGIN                          friday(5),saturday(6),sunday(7)}    SingleEnumVal ::= ENUMERATED {true}    SingleEnumValExt ::= ENUMERATED {true, ...} +  NegEnumVal ::= ENUMERATED {neg(-1), ..., zero(0)} +  EnumVal128 ::= ENUMERATED {val(128)}    ObjId ::= OBJECT IDENTIFIER diff --git a/lib/asn1/test/asn1_SUITE_data/SelectionType.asn b/lib/asn1/test/asn1_SUITE_data/SelectionType.asn index d7bfbf1788..6163f390dd 100644 --- a/lib/asn1/test/asn1_SUITE_data/SelectionType.asn +++ b/lib/asn1/test/asn1_SUITE_data/SelectionType.asn @@ -14,7 +14,7 @@ Element ::= CHOICE {bool BOOLEAN,  		    utf UTF8String,  		    ro RELATIVE-OID,  		    nums NumericString, -		    symbol  PrintableString, +		    symbol PrintableString,  		    telet TeletexString,  		    t61 T61String,  		    video VideotexString, @@ -23,13 +23,14 @@ Element ::= CHOICE {bool BOOLEAN,  		    generalizedTime GeneralizedTime,  		    gs GraphicString,  		    vs VisibleString, ---		    iso64 ISO646String,  		    generalString GeneralString,  		    univ UniversalString,  		    cs CHARACTER STRING,  		    bmp BMPString} -MendeleyevTable ::= SEQUENCE  OF symbol < Element +MendeleyevTable ::= SEQUENCE OF symbol < Element +MendeleyevSet ::= SET OF atomic-no < Element +  BoolType ::= bool < Element  einsteinium symbol < Element ::= "Es" @@ -51,7 +52,6 @@ utctimev utctime < Element ::= "9805281429Z"  gTime generalizedTime < Element ::= "19980528142905.1"  gsv gs < Element ::= "graphic"  vsv vs  < Element ::= "visible" ---iso64v iso64 < Element ::= "iso"  gStringv generalString < Element ::= "general"  univv univ < Element ::= "Universal"  bmov bmp < Element ::= "bmp" diff --git a/lib/asn1/test/asn1_SUITE_data/Seq.py b/lib/asn1/test/asn1_SUITE_data/Seq.py index f345373ab5..b68f9045a6 100644 --- a/lib/asn1/test/asn1_SUITE_data/Seq.py +++ b/lib/asn1/test/asn1_SUITE_data/Seq.py @@ -142,7 +142,10 @@ SeqImp3 ::= SET    set  Set1  } - +SeqCompOf ::= SEQUENCE { +  ..., +  COMPONENTS OF SeqS3 +}  END diff --git a/lib/asn1/test/asn1_SUITE_data/SeqOptional2.asn b/lib/asn1/test/asn1_SUITE_data/SeqOptional2.asn index 7de9134096..bb85c9e418 100644 --- a/lib/asn1/test/asn1_SUITE_data/SeqOptional2.asn +++ b/lib/asn1/test/asn1_SUITE_data/SeqOptional2.asn @@ -15,10 +15,10 @@ SeqOpt1Imp ::= SEQUENCE    bool1 [1] BOOLEAN OPTIONAL,    int1  INTEGER,    seq1  [2] SeqIn OPTIONAL, -  seq2  [2] SeqIn OPTIONAL, +  seq2  [3] SeqIn OPTIONAL,    ..., -  int2  [3] SeqIn, -  int3  [3] SeqIn +  int2  [4] SeqIn, +  int3  [5] SeqIn  }  SeqOpt1Exp ::= SEQUENCE  diff --git a/lib/asn1/test/asn1_SUITE_data/SequenceBadComma.asn b/lib/asn1/test/asn1_SUITE_data/SequenceBadComma.asn deleted file mode 100644 index 436815aa9b..0000000000 --- a/lib/asn1/test/asn1_SUITE_data/SequenceBadComma.asn +++ /dev/null @@ -1,10 +0,0 @@ -SequenceBadComma DEFINITIONS IMPLICIT TAGS ::= -BEGIN -EXPORTS Person; - -Person ::= [PRIVATE 19] SEQUENCE {, -    name PrintableString, -    location INTEGER {home(0),field(1),roving(2)}, -    age INTEGER OPTIONAL -    } -END diff --git a/lib/asn1/test/asn1_SUITE_data/SequenceBadComponentName.asn1 b/lib/asn1/test/asn1_SUITE_data/SequenceBadComponentName.asn1 deleted file mode 100644 index 8b2b8816db..0000000000 --- a/lib/asn1/test/asn1_SUITE_data/SequenceBadComponentName.asn1 +++ /dev/null @@ -1,10 +0,0 @@ -SequenceBadComponentName  DEFINITIONS ::= -BEGIN - -T ::= Typ - -Typ ::= SEQUENCE { -    a INTEGER, -    C Typ} - -END diff --git a/lib/asn1/test/asn1_SUITE_data/SequenceBadComponentType.asn1 b/lib/asn1/test/asn1_SUITE_data/SequenceBadComponentType.asn1 deleted file mode 100644 index 0c33f48906..0000000000 --- a/lib/asn1/test/asn1_SUITE_data/SequenceBadComponentType.asn1 +++ /dev/null @@ -1,10 +0,0 @@ -SequenceBadComponentType  DEFINITIONS ::= -BEGIN - -T ::= Typ - -Typ ::= SEQUENCE { -    a b, -    c T} - -END diff --git a/lib/asn1/test/asn1_SUITE_data/Syntax.py b/lib/asn1/test/asn1_SUITE_data/Syntax.py deleted file mode 100644 index 867d1148e1..0000000000 --- a/lib/asn1/test/asn1_SUITE_data/Syntax.py +++ /dev/null @@ -1,10 +0,0 @@ -Syntax DEFINITIONS IMPLICIT TAGS ::= -BEGIN -EXPORTS Person; - -Person ::= [PRIVATE 19] SEQUENCE {, -	name PrintableString, -	location INTEGER {home(0),field(1),roving(2)}, -	age INTEGER OPTIONAL -	} -END diff --git a/lib/asn1/test/asn1_SUITE_data/ValueTest.asn b/lib/asn1/test/asn1_SUITE_data/ValueTest.asn index dae9ae498a..b2c59d686a 100644 --- a/lib/asn1/test/asn1_SUITE_data/ValueTest.asn +++ b/lib/asn1/test/asn1_SUITE_data/ValueTest.asn @@ -1,4 +1,4 @@ -ValueTest DEFINITIONS  ::=  +ValueTest DEFINITIONS AUTOMATIC TAGS ::=  BEGIN @@ -23,8 +23,15 @@ vENUMERATED RadioButton ::= button1  vBS BSNNL ::= {zero,two}  vNULL NULL ::= NULL  vOS OCTET STRING ::= '313233'H -vOD OBJECT IDENTIFIER ::= {2 1 1} +-- OBJECT IDENTIFIER +vOD OBJECT IDENTIFIER ::= {2 1 1} +one INTEGER ::= 1 +integer-first OBJECT IDENTIFIER ::= {one 2} +rel-oid-1 RELATIVE-OID ::= {2 4 5} +include-roid OBJECT IDENTIFIER ::= {0 rel-oid-1} +include-oid OBJECT IDENTIFIER ::= {integer-first 1} +include-all OBJECT IDENTIFIER ::= {integer-first 1 rel-oid-1 42}  --Character strings  numericstring NumericString ::= "01234567" @@ -41,7 +48,6 @@ objectdescriptor ObjectDescriptor ::= "ObjectDescriptor"  graphicstring GraphicString ::= "GraphicString"  generalstring GeneralString ::= "GeneralString"  bmpstring1 BMPString ::= "BMPString" ---bmpstring2 BMPString ::= [{0,0,0,66},{0,0,0,77},{0,0,0,80},{0,0,0,115},{0,0,0,116},{0,0,0,114},{0,0,0,105},{0,0,0,110},{0,0,0,103}]  latinCapitalLetterA UniversalString ::= {0,0,0,65}  greekCapitalLetterSigma UniversalString ::= {0,0,3,145}  my-universalstring UniversalString ::= {"This is a capital A: ", @@ -50,4 +56,88 @@ my-universalstring UniversalString ::= {"This is a capital A: ",  					greekCapitalLetterSigma,  					"; try and spot the difference!"} +-- Useful parameterized SEQUENCE. +ParamSeq{Type} ::= SEQUENCE { +    a Type +} + +-- Integer values. +IntegerSeq ::= ParamSeq{INTEGER} +someInteger INTEGER ::= 42 +integerSeq1 IntegerSeq ::= { a otherInteger } +otherInteger INTEGER ::= someInteger + +-- +-- Values from objects. +-- +int-from-object-1 INTEGER ::= int-holder-2.&obj.&id +int-from-object-2 INTEGER ::= int-holder-2.&id + +INT-HOLDER ::= CLASS { +  &id INTEGER UNIQUE, +  &obj INT-HOLDER OPTIONAL +} WITH SYNTAX { +  ID &id +  [OBJ &obj] +} + +int-holder-1 INT-HOLDER ::= { ID 2 } +int-holder-2 INT-HOLDER ::= { ID 4 OBJ int-holder-1 } + +II ::= INTEGER (int-from-object-1..int-from-object-2) + +-- Recursive OCTET STRING definitions. + +OS-HOLDER ::= CLASS { +  &id INTEGER UNIQUE, +  &os OCTET STRING +} WITH SYNTAX { +  ID &id OS &os +} + +os-holder-1 OS-HOLDER ::= { ID 1 OS '4041FF'H } + +OctetStringSeq ::= ParamSeq{OCTET STRING} + +someOctetString OCTET STRING ::= '404142'H + +octetStringSeq1 OctetStringSeq ::= { a someOctetString } +octetStringSeq2 OctetStringSeq ::= { a otherOctetString } +octetStringSeq3 OctetStringSeq ::= { a os-holder-1.&os } + +otherOctetString OCTET STRING ::= someOctetString + +os-1 OCTET STRING ::= os-2 +os-2 OCTET STRING ::= os-holder-1.&os + +-- Recursive BIT STRING definitions. + +BS-HOLDER ::= CLASS { +  &id INTEGER UNIQUE, +  &bs BIT STRING, +  &named-bs NamedBsType +} WITH SYNTAX { +  ID &id BS &bs NAMED-BS &named-bs +} +bs-holder-1 BS-HOLDER ::= { ID 1 BS '101'B NAMED-BS {a,c} } + +NamedBsType ::= BIT STRING {a(0),b(1),c(2)} +BsSeq ::= SEQUENCE { +  a BIT STRING, +  b NamedBsType +} + +someBitString BIT STRING ::= '101101'B + +bsSeq1 BsSeq ::= { a someBitString, b someNamedBs } +bsSeq2 BsSeq ::= { a otherBitString, b someOtherNamedBs } +bsSeq3 BsSeq ::= { a bs-holder-1.&bs, b bs-holder-1.&named-bs } + +otherBitString BIT STRING ::= someBitString +bsFromObjectInd BIT STRING ::= bsFromObject +bsFromObject BIT STRING ::= bs-holder-1.&bs + +someOtherNamedBs NamedBsType ::= someNamedBs +someNamedBs NamedBsType ::= {c} +  END diff --git a/lib/asn1/test/asn1_SUITE_data/x420/ACSE-1.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/ACSE-1.asn1 index 3f1385323a..3f1385323a 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/ACSE-1.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/ACSE-1.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/AlgorithmInformation-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/AlgorithmInformation-2009.asn1 new file mode 100644 index 0000000000..f912966c72 --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/AlgorithmInformation-2009.asn1 @@ -0,0 +1,466 @@ +AlgorithmInformation-2009 +    {iso(1) identified-organization(3) dod(6) internet(1) security(5) +    mechanisms(5) pkix(7) id-mod(0) +    id-mod-algorithmInformation-02(58)} + +DEFINITIONS EXPLICIT TAGS ::= +BEGIN +EXPORTS ALL; +IMPORTS + +KeyUsage +FROM PKIX1Implicit-2009 +    {iso(1) identified-organization(3) dod(6) internet(1) +    security(5) mechanisms(5) pkix(7) id-mod(0) +    id-mod-pkix1-implicit-02(59)} ; + +--  Suggested prefixes for algorithm objects are: +-- +--  mda-   Message Digest Algorithms +--  sa-    Signature Algorithms +--  kta-   Key Transport Algorithms (Asymmetric) +--  kaa-   Key Agreement Algorithms  (Asymmetric) +--  kwa-   Key Wrap Algorithms (Symmetric) +--  kda-   Key Derivation Algorithms +--  maca-  Message Authentication Code Algorithms +--  pk-    Public Key +--  cea-   Content (symmetric) Encryption Algorithms +--  cap-   S/MIME Capabilities + +ParamOptions ::= ENUMERATED { +   required,         -- Parameters MUST be encoded in structure +   preferredPresent, -- Parameters SHOULD be encoded in structure +   preferredAbsent,  -- Parameters SHOULD NOT be encoded in structure +   absent,           -- Parameters MUST NOT be encoded in structure +   inheritable,      -- Parameters are inherited if not present +   optional,         -- Parameters MAY be encoded in the structure +   ... +} + +--  DIGEST-ALGORITHM +-- +--  Describes the basic information for ASN.1 and a digest +--      algorithm. +-- +--  &id - contains the OID identifying the digest algorithm +--  &Params - if present, contains the type for the algorithm +--               parameters; if absent, implies no parameters +--  ¶mPresence - parameter presence requirement +-- +--  Additional information such as the length of the hash could have +--      been encoded.  Without a clear understanding of what information +--      is needed by applications, such extraneous information was not +--      considered to be of sufficent importance. +-- +--  Example: +--  mda-sha1 DIGEST-ALGORITHM ::= { +--      IDENTIFIER id-sha1 +--      PARAMS TYPE NULL ARE preferredAbsent +--  } + +DIGEST-ALGORITHM ::= CLASS { +    &id                 OBJECT IDENTIFIER UNIQUE, +    &Params             OPTIONAL, +    ¶mPresence      ParamOptions DEFAULT absent +} WITH SYNTAX { +    IDENTIFIER &id +    [PARAMS [TYPE &Params] ARE ¶mPresence ] +} + +--  SIGNATURE-ALGORITHM +-- +--  Describes the basic properties of a signature algorithm +-- +--  &id - contains the OID identifying the signature algorithm +--  &Value - contains a type definition for the value structure of +--              the signature; if absent, implies that no ASN.1 +--              encoding is performed on the value +--  &Params - if present, contains the type for the algorithm +--               parameters; if absent, implies no parameters +--  ¶mPresence - parameter presence requirement +--  &HashSet - The set of hash algorithms used with this +--                  signature algorithm +--  &PublicKeySet - the set of public key algorithms for this +--                  signature algorithm +--  &smimeCaps - contains the object describing how the S/MIME +--              capabilities are presented. +-- +--  Example: +--  sig-RSA-PSS SIGNATURE-ALGORITHM ::= { +--     IDENTIFIER id-RSASSA-PSS +--     PARAMS TYPE RSASSA-PSS-params ARE required +--     HASHES { mda-sha1 | mda-md5, ... } +--     PUBLIC-KEYS { pk-rsa | pk-rsa-pss } +-- } + +SIGNATURE-ALGORITHM ::= CLASS { +    &id             OBJECT IDENTIFIER UNIQUE, +    &Value          OPTIONAL, +    &Params         OPTIONAL, +    ¶mPresence  ParamOptions DEFAULT absent, +    &HashSet        DIGEST-ALGORITHM OPTIONAL, +    &PublicKeySet   PUBLIC-KEY OPTIONAL, +    &smimeCaps      SMIME-CAPS OPTIONAL +} WITH SYNTAX { +    IDENTIFIER &id +    [VALUE &Value] +    [PARAMS [TYPE &Params] ARE ¶mPresence ] +    [HASHES &HashSet] +    [PUBLIC-KEYS &PublicKeySet] +    [SMIME-CAPS &smimeCaps] +} + +--  PUBLIC-KEY +-- +--  Describes the basic properties of a public key +-- +--  &id - contains the OID identifying the public key +--  &KeyValue - contains the type for the key value +--  &Params - if present, contains the type for the algorithm +--               parameters; if absent, implies no parameters +--  ¶mPresence - parameter presence requirement +--  &keyUsage - contains the set of bits that are legal for this +--              key type.  Note that is does not make any statement +--              about how bits may be paired. +--  &PrivateKey - contains a type structure for encoding the private +--              key information. +-- +--  Example: +--  pk-rsa-pss PUBLIC-KEY ::= { +--      IDENTIFIER id-RSASSA-PSS +--      KEY RSAPublicKey +--      PARAMS TYPE RSASSA-PSS-params ARE optional +--      CERT-KEY-USAGE { .... } +--  } + +PUBLIC-KEY ::= CLASS { +    &id             OBJECT IDENTIFIER UNIQUE, +    &KeyValue       OPTIONAL, +    &Params         OPTIONAL, +    ¶mPresence  ParamOptions DEFAULT absent, +    &keyUsage       KeyUsage OPTIONAL, +    &PrivateKey     OPTIONAL +} WITH SYNTAX { +    IDENTIFIER &id +    [KEY &KeyValue] +    [PARAMS [TYPE &Params] ARE ¶mPresence] +    [CERT-KEY-USAGE &keyUsage] +    [PRIVATE-KEY &PrivateKey] +} + +--  KEY-TRANSPORT +-- +--  Describes the basic properties of a key transport algorithm +-- +--  &id - contains the OID identifying the key transport algorithm +--  &Params - if present, contains the type for the algorithm +--               parameters; if absent, implies no parameters +--  ¶mPresence - parameter presence requirement +--  &PublicKeySet - specifies which public keys are used with +--                       this algorithm +--  &smimeCaps - contains the object describing how the S/MIME +--              capabilities are presented. +-- +--  Example: +--  kta-rsaTransport KEY-TRANSPORT ::= { +--      IDENTIFIER &id +--      PARAMS TYPE NULL ARE required +--      PUBLIC-KEYS  { pk-rsa | pk-rsa-pss } +--  } + +KEY-TRANSPORT ::= CLASS { +    &id                 OBJECT IDENTIFIER UNIQUE, +    &Params             OPTIONAL, +    ¶mPresence      ParamOptions DEFAULT absent, +    &PublicKeySet       PUBLIC-KEY OPTIONAL, +    &smimeCaps          SMIME-CAPS OPTIONAL +} WITH SYNTAX { +    IDENTIFIER &id +    [PARAMS [TYPE &Params] ARE ¶mPresence] +    [PUBLIC-KEYS &PublicKeySet] +    [SMIME-CAPS &smimeCaps] +} + +--  KEY-AGREE +-- +--  Describes the basic properties of a key agreement algorithm +-- +--  &id - contains the OID identifying the key agreement algorithm +--  &Params - if present, contains the type for the algorithm +--               parameters; if absent, implies no parameters +--  ¶mPresence - parameter presence requirement +--  &PublicKeySet - specifies which public keys are used with +--                        this algorithm +--  &Ukm - type of user keying material used +--  &ukmPresence - specifies the requirements to define the UKM field +--  &smimeCaps - contains the object describing how the S/MIME +--              capabilities are presented. +-- +--  Example: +--  kaa-dh-static-ephemeral KEY-AGREE ::= { +--      IDENTIFIER id-alg-ESDH +--      PARAMS TYPE KeyWrapAlgorithm ARE required +--      PUBLIC-KEYS { +--         {IDENTIFIER dh-public-number KEY DHPublicKey +--            PARAMS TYPE DHDomainParameters ARE inheritable } +--      } +--      - - UKM should be present but is not separately ASN.1-encoded +--      UKM ARE preferredPresent +--  } + +KEY-AGREE ::= CLASS { +    &id             OBJECT IDENTIFIER UNIQUE, +    &Params         OPTIONAL, +    ¶mPresence  ParamOptions DEFAULT absent, +    &PublicKeySet   PUBLIC-KEY OPTIONAL, +    &Ukm            OPTIONAL, +    &ukmPresence    ParamOptions DEFAULT absent, +    &smimeCaps      SMIME-CAPS OPTIONAL +} WITH SYNTAX { +    IDENTIFIER &id +    [PARAMS [TYPE &Params] ARE ¶mPresence] +    [PUBLIC-KEYS &PublicKeySet] +    [UKM [TYPE &Ukm] ARE &ukmPresence] +    [SMIME-CAPS &smimeCaps] +} + +--  KEY-WRAP +-- +--  Describes the basic properties of a key wrap algorithm +-- +--  &id - contains the OID identifying the key wrap algorithm +--  &Params - if present, contains the type for the algorithm +--               parameters; if absent, implies no parameters +--  ¶mPresence - parameter presence requirement +--  &smimeCaps - contains the object describing how the S/MIME +--              capabilities are presented. +-- +--  Example: +--  kwa-cms3DESwrap KEY-WRAP ::= { +--      IDENTIFIER id-alg-CMS3DESwrap +--      PARAMS TYPE NULL ARE required +--  } + +KEY-WRAP ::= CLASS { +    &id                OBJECT IDENTIFIER UNIQUE, +    &Params            OPTIONAL, +    ¶mPresence     ParamOptions DEFAULT absent, +    &smimeCaps         SMIME-CAPS OPTIONAL +} WITH SYNTAX { +    IDENTIFIER &id +    [PARAMS [TYPE &Params] ARE ¶mPresence] +    [SMIME-CAPS &smimeCaps] +} +--  KEY-DERIVATION +-- +--  Describes the basic properties of a key derivation algorithm +-- +--  &id - contains the OID identifying the key derivation algorithm +--  &Params - if present, contains the type for the algorithm +--               parameters; if absent, implies no parameters +--  ¶mPresence - parameter presence requirement +--  &smimeCaps - contains the object describing how the S/MIME +--              capabilities are presented. +-- +--  Example: +--  kda-pbkdf2 KEY-DERIVATION ::= { +--      IDENTIFIER id-PBKDF2 +--      PARAMS TYPE PBKDF2-params ARE required +--  } + +KEY-DERIVATION ::= CLASS { +    &id                OBJECT IDENTIFIER UNIQUE, +    &Params            OPTIONAL, +    ¶mPresence     ParamOptions DEFAULT absent, +    &smimeCaps         SMIME-CAPS OPTIONAL +} WITH SYNTAX { +    IDENTIFIER &id +    [PARAMS [TYPE &Params] ARE ¶mPresence] +    [SMIME-CAPS &smimeCaps] +} + +-- MAC-ALGORITHM +-- +--  Describes the basic properties of a message +--      authentication code (MAC) algorithm +-- +--  &id - contains the OID identifying the MAC algorithm +--  &Params - if present, contains the type for the algorithm +--               parameters; if absent, implies no parameters +--  ¶mPresence - parameter presence requirement +--  &keyed - MAC algorithm is a keyed MAC algorithm +--  &smimeCaps - contains the object describing how the S/MIME +--              capabilities are presented. +-- +--  Some parameters that perhaps should have been added would be +--  fields with the minimum and maximum MAC lengths for +--  those MAC algorithms that allow truncations. +-- +--  Example: +--  maca-hmac-sha1 MAC-ALGORITHM ::= { +--      IDENTIFIER hMAC-SHA1 +--      PARAMS TYPE NULL ARE preferredAbsent +--      IS KEYED MAC TRUE +--      SMIME-CAPS {IDENTIFIED BY hMAC-SHA1} +--  } + +MAC-ALGORITHM ::= CLASS { +    &id                 OBJECT IDENTIFIER UNIQUE, +    &Params             OPTIONAL, +    ¶mPresence      ParamOptions DEFAULT absent, +    &keyed              BOOLEAN, +    &smimeCaps          SMIME-CAPS OPTIONAL +} WITH SYNTAX { +    IDENTIFIER &id +    [PARAMS [TYPE &Params] ARE ¶mPresence] +    IS-KEYED-MAC &keyed +    [SMIME-CAPS &smimeCaps] +} + +--  CONTENT-ENCRYPTION +-- +--  Describes the basic properties of a content encryption +--      algorithm +-- +--  &id - contains the OID identifying the content +--        encryption algorithm +--  &Params - if present, contains the type for the algorithm +--               parameters; if absent, implies no parameters +--  ¶mPresence - parameter presence requirement +--  &smimeCaps - contains the object describing how the S/MIME +--              capabilities are presented. +-- +--  Example: +--  cea-3DES-cbc CONTENT-ENCRYPTION ::= { +--      IDENTIFIER des-ede3-cbc +--      PARAMS TYPE IV ARE required +--      SMIME-CAPS { IDENTIFIED BY des-ede3-cbc } +--  } + +CONTENT-ENCRYPTION ::= CLASS { +    &id                OBJECT IDENTIFIER UNIQUE, +    &Params            OPTIONAL, +    ¶mPresence     ParamOptions DEFAULT absent, +    &smimeCaps         SMIME-CAPS OPTIONAL +} WITH SYNTAX { +    IDENTIFIER &id +    [PARAMS [TYPE &Params] ARE ¶mPresence] +    [SMIME-CAPS &smimeCaps] +} + +-- ALGORITHM +-- +-- Describes a generic algorithm identifier +-- +--  &id - contains the OID identifying the algorithm +--  &Params - if present, contains the type for the algorithm +--               parameters; if absent, implies no parameters +--  ¶mPresence - parameter presence requirement +--  &smimeCaps - contains the object describing how the S/MIME +--              capabilities are presented. +-- +--  This would be used for cases where an algorithm of an unknown +--  type is used.  In general however, one should either define +--  a more complete algorithm structure (such as the one above) +--  or use the TYPE-IDENTIFIER class. + +ALGORITHM ::= CLASS { +    &id OBJECT   IDENTIFIER UNIQUE, +    &Params      OPTIONAL, +    ¶mPresence ParamOptions DEFAULT absent, +    &smimeCaps   SMIME-CAPS OPTIONAL +} WITH SYNTAX { +    IDENTIFIER &id +    [PARAMS [TYPE &Params] ARE ¶mPresence] +    [SMIME-CAPS &smimeCaps] +} + +-- AlgorithmIdentifier +-- +-- Provides the generic structure that is used to encode algorithm +--    identification and the parameters associated with the +--    algorithm. +-- +-- The first parameter represents the type of the algorithm being +--    used. +-- The second parameter represents an object set containing the +--    algorithms that may occur in this situation. +--    The initial list of required algorithms should occur to the +--      left of an extension marker; all other algorithms should +--      occur to the right of an extension marker. +-- +-- The object class ALGORITHM can be used for generic unspecified +--     items. +-- If new ALGORITHM classes are defined, the fields &id and &Params +--     need to be present as fields in the object in order to use +--     this parameterized type. +-- +-- Example: +--    SignatureAlgorithmIdentifier ::= +--       AlgorithmIdentifier{SIGNATURE-ALGORITHM, {SignatureAlgSet}} + +AlgorithmIdentifier{ALGORITHM-TYPE, ALGORITHM-TYPE:AlgorithmSet} ::= +        SEQUENCE { +            algorithm   ALGORITHM-TYPE.&id({AlgorithmSet}), +            parameters  ALGORITHM-TYPE. +                   &Params({AlgorithmSet}{@algorithm}) OPTIONAL +        } + +--  S/MIME Capabilities +-- +--  We have moved the SMIME-CAPS from the module for RFC 3851 to here +--  because it is used in RFC 4262 (X.509 Certificate Extension for +--  S/MIME Capabilities) +-- +-- +--  This class is used to represent an S/MIME capability.  S/MIME +--  capabilities are used to represent what algorithm capabilities +--  an individual has.  The classic example was the content encryption +--  algorithm RC2 where the algorithm id and the RC2 key lengths +--  supported needed to be advertised, but the IV used is not fixed. +--  Thus, for RC2 we used +-- +--  cap-RC2CBC SMIME-CAPS ::= { +--      TYPE INTEGER ( 40 | 128 ) IDENTIFIED BY rc2-cbc } +-- +--  where 40 and 128 represent the RC2 key length in number of bits. +-- +--  Another example where information needs to be shown is for +--  RSA-OAEP where only specific hash functions or mask generation +--  functions are supported, but the saltLength is specified by the +--  sender and not the recipient.  In this case, one can either +--  generate a number of capability items, +--  or a new S/MIME capability type could be generated where +--  multiple hash functions could be specified. +-- +-- +--  SMIME-CAP +-- +--  This class is used to associate the type that describes the +--  capabilities with the object identifier. +-- + +SMIME-CAPS ::= CLASS { +    &id         OBJECT IDENTIFIER UNIQUE, +    &Type       OPTIONAL +} +WITH SYNTAX { [TYPE &Type] IDENTIFIED BY &id } + +-- +--  Generic type - this is used for defining values. +-- + +--  Define a single S/MIME capability encoding + +SMIMECapability{SMIME-CAPS:CapabilitySet} ::= SEQUENCE { +    capabilityID        SMIME-CAPS.&id({CapabilitySet}), +    parameters          SMIME-CAPS.&Type({CapabilitySet} +                            {@capabilityID}) OPTIONAL +} + +--  Define a sequence of S/MIME capability values + +SMIMECapabilities { SMIME-CAPS:CapabilitySet } ::= +        SEQUENCE SIZE (1..MAX) OF SMIMECapability{{CapabilitySet} } + +END diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/AttributeCertificateVersion1-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/AttributeCertificateVersion1-2009.asn1 new file mode 100644 index 0000000000..46b431af40 --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/AttributeCertificateVersion1-2009.asn1 @@ -0,0 +1,59 @@ +  AttributeCertificateVersion1-2009 +      {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) +      smime(16) modules(0) id-mod-v1AttrCert-02(49)} +  DEFINITIONS EXPLICIT TAGS ::= +  BEGIN +  IMPORTS + +  SIGNATURE-ALGORITHM, ALGORITHM, AlgorithmIdentifier{} +  FROM AlgorithmInformation-2009 +      {iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) +      id-mod-algorithmInformation-02(58)} + +  AttributeSet{}, Extensions{}, EXTENSION, ATTRIBUTE +  FROM PKIX-CommonTypes-2009 +      {iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57) } + +  CertificateSerialNumber, UniqueIdentifier, SIGNED{} +  FROM PKIX1Explicit-2009 +      { iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51) } + +  GeneralNames +  FROM PKIX1Implicit-2009 +      { iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59) } + +  AttCertValidityPeriod, IssuerSerial +  FROM PKIXAttributeCertificate-2009 +      { iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) id-mod-attribute-cert-02(47) } ; + +  -- Definition extracted from X.509-1997 [X.509-97], but +  -- different type names are used to avoid collisions. + +  AttributeCertificateV1 ::= SIGNED{AttributeCertificateInfoV1} + +  AttributeCertificateInfoV1 ::= SEQUENCE { +     version AttCertVersionV1 DEFAULT v1, +     subject CHOICE { +        baseCertificateID [0] IssuerSerial, +        -- associated with a Public Key Certificate +        subjectName [1] GeneralNames }, +     -- associated with a name +     issuer GeneralNames, +     signature AlgorithmIdentifier{SIGNATURE-ALGORITHM, {...}}, +     serialNumber CertificateSerialNumber, +     attCertValidityPeriod AttCertValidityPeriod, +     attributes SEQUENCE OF AttributeSet{{AttrList}}, +     issuerUniqueID UniqueIdentifier OPTIONAL, +     extensions Extensions{{AttributeCertExtensionsV1}} OPTIONAL } + +  AttCertVersionV1 ::= INTEGER { v1(0) } + +  AttrList ATTRIBUTE ::= {...} +  AttributeCertExtensionsV1 EXTENSION ::= {...} + +  END diff --git a/lib/asn1/test/asn1_SUITE_data/x420/AuthenticationFramework.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/AuthenticationFramework.asn1 index 5cfa9062f0..5cfa9062f0 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/AuthenticationFramework.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/AuthenticationFramework.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/BasicAccessControl.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/BasicAccessControl.asn1 index d8b2b687ae..d8b2b687ae 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/BasicAccessControl.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/BasicAccessControl.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/CertificateExtensions.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/CertificateExtensions.asn1 index 0daf2208e9..0daf2208e9 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/CertificateExtensions.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/CertificateExtensions.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Character-Coding-Attributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Character-Coding-Attributes.asn1 index 04060cf060..04060cf060 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/Character-Coding-Attributes.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Character-Coding-Attributes.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Character-Presentation-Attributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Character-Presentation-Attributes.asn1 index aed48ac26b..aed48ac26b 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/Character-Presentation-Attributes.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Character-Presentation-Attributes.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Character-Profile-Attributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Character-Profile-Attributes.asn1 index 7ba5bf194a..7ba5bf194a 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/Character-Profile-Attributes.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Character-Profile-Attributes.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Colour-Attributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Colour-Attributes.asn1 index 24c7fafc38..24c7fafc38 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/Colour-Attributes.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Colour-Attributes.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/CryptographicMessageSyntax-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/CryptographicMessageSyntax-2009.asn1 new file mode 100644 index 0000000000..3e350294be --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/CryptographicMessageSyntax-2009.asn1 @@ -0,0 +1,463 @@ +  CryptographicMessageSyntax-2009 +      { iso(1) member-body(2) us(840) rsadsi(113549) +      pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2004-02(41) } +  DEFINITIONS IMPLICIT TAGS ::= +  BEGIN +  IMPORTS + +  ParamOptions, DIGEST-ALGORITHM, SIGNATURE-ALGORITHM, +      PUBLIC-KEY, KEY-DERIVATION, KEY-WRAP, MAC-ALGORITHM, +      KEY-AGREE, KEY-TRANSPORT, CONTENT-ENCRYPTION, ALGORITHM, +      AlgorithmIdentifier +  FROM AlgorithmInformation-2009 +      {iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) +      id-mod-algorithmInformation-02(58)} +  SignatureAlgs, MessageDigestAlgs, KeyAgreementAlgs, +      MessageAuthAlgs, KeyWrapAlgs, ContentEncryptionAlgs, +      KeyTransportAlgs, KeyDerivationAlgs, KeyAgreePublicKeys +  FROM CryptographicMessageSyntaxAlgorithms-2009 +      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) +      smime(16) modules(0) id-mod-cmsalg-2001-02(37) } + +  Certificate, CertificateList, CertificateSerialNumber, +      Name, ATTRIBUTE +  FROM PKIX1Explicit-2009 +      { iso(1) identified-organization(3) dod(6) internet(1) +      security(5) mechanisms(5) pkix(7) id-mod(0) +      id-mod-pkix1-explicit-02(51) } + +  AttributeCertificate +  FROM PKIXAttributeCertificate-2009 +      { iso(1) identified-organization(3) dod(6) internet(1) +      security(5) mechanisms(5) pkix(7) id-mod(0) +      id-mod-attribute-cert-02(47) } + +  AttributeCertificateV1 +  FROM AttributeCertificateVersion1-2009 +      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) +      smime(16) modules(0) id-mod-v1AttrCert-02(49) } ; + +  -- Cryptographic Message Syntax + +  -- The following are used for version numbers using the ASN.1 +  --   idiom "[[n:" +  --   Version 1 = PKCS #7 +  --   Version 2 = S/MIME V2 +  --   Version 3 = RFC 2630 +  --   Version 4 = RFC 3369 +  --   Version 5 = RFC 3852 + +  CONTENT-TYPE ::= TYPE-IDENTIFIER +  ContentType ::= CONTENT-TYPE.&id + +  ContentInfo ::= SEQUENCE { +      contentType        CONTENT-TYPE. +                      &id({ContentSet}), +      content            [0] EXPLICIT CONTENT-TYPE. +                      &Type({ContentSet}{@contentType})} + +  ContentSet CONTENT-TYPE ::= { +      --  Define the set of content types to be recognized. +      ct-Data | ct-SignedData | ct-EncryptedData | ct-EnvelopedData | +      ct-AuthenticatedData | ct-DigestedData, ... } + +  SignedData ::= SEQUENCE { +      version CMSVersion, +      digestAlgorithms SET OF DigestAlgorithmIdentifier, +      encapContentInfo EncapsulatedContentInfo, +      certificates [0] IMPLICIT CertificateSet OPTIONAL, +      crls [1] IMPLICIT RevocationInfoChoices OPTIONAL, +      signerInfos SignerInfos } + +  SignerInfos ::= SET OF SignerInfo + +  EncapsulatedContentInfo ::= SEQUENCE { +      eContentType       CONTENT-TYPE.&id({ContentSet}), +      eContent           [0] EXPLICIT OCTET STRING +              ( CONTAINING CONTENT-TYPE. +                  &Type({ContentSet}{@eContentType})) OPTIONAL } + +  SignerInfo ::= SEQUENCE { +      version CMSVersion, +      sid SignerIdentifier, +      digestAlgorithm DigestAlgorithmIdentifier, +      signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL, +      signatureAlgorithm SignatureAlgorithmIdentifier, +      signature SignatureValue, +      unsignedAttrs [1] IMPLICIT Attributes +          {{UnsignedAttributes}} OPTIONAL } + +  SignedAttributes ::= Attributes {{ SignedAttributesSet }} + +  SignerIdentifier ::= CHOICE { +      issuerAndSerialNumber IssuerAndSerialNumber, +      ..., +      [[3: subjectKeyIdentifier [0] SubjectKeyIdentifier ]] } + +  SignedAttributesSet ATTRIBUTE ::= +      { aa-signingTime | aa-messageDigest | aa-contentType, ... } + +  UnsignedAttributes ATTRIBUTE ::= { aa-countersignature, ... } + +  SignatureValue ::= OCTET STRING + +  EnvelopedData ::= SEQUENCE { +      version CMSVersion, +      originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL, +      recipientInfos RecipientInfos, +      encryptedContentInfo EncryptedContentInfo, +      ..., +      [[2: unprotectedAttrs [1] IMPLICIT Attributes +          {{ UnprotectedAttributes }} OPTIONAL ]] } + +  OriginatorInfo ::= SEQUENCE { +      certs [0] IMPLICIT CertificateSet OPTIONAL, +      crls [1] IMPLICIT RevocationInfoChoices OPTIONAL } + +  RecipientInfos ::= SET SIZE (1..MAX) OF RecipientInfo + +  EncryptedContentInfo ::= SEQUENCE { +      contentType        CONTENT-TYPE.&id({ContentSet}), +      contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier, +      encryptedContent   [0] IMPLICIT OCTET STRING OPTIONAL } + +  -- If you want to do constraints, you might use: +  -- EncryptedContentInfo ::= SEQUENCE { +  --  contentType        CONTENT-TYPE.&id({ContentSet}), +  --  contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier, +  --  encryptedContent   [0] IMPLICIT ENCRYPTED {CONTENT-TYPE. +  --      &Type({ContentSet}{@contentType}) OPTIONAL } +  -- ENCRYPTED {ToBeEncrypted} ::= OCTET STRING ( CONSTRAINED BY +  --        { ToBeEncrypted } ) + +  UnprotectedAttributes ATTRIBUTE ::=  { ... } + +  RecipientInfo ::= CHOICE { +      ktri           KeyTransRecipientInfo, +      ..., +      [[3: kari  [1] KeyAgreeRecipientInfo ]], +      [[4: kekri [2] KEKRecipientInfo]], +      [[5: pwri  [3] PasswordRecipientInfo, +           ori   [4] OtherRecipientInfo ]] } + +  EncryptedKey ::= OCTET STRING + +  KeyTransRecipientInfo ::= SEQUENCE { +      version CMSVersion,  -- always set to 0 or 2 +      rid RecipientIdentifier, +      keyEncryptionAlgorithm AlgorithmIdentifier +          {KEY-TRANSPORT, {KeyTransportAlgorithmSet}}, +      encryptedKey EncryptedKey } + +  KeyTransportAlgorithmSet KEY-TRANSPORT ::= { KeyTransportAlgs, ... } + +  RecipientIdentifier ::= CHOICE { +      issuerAndSerialNumber IssuerAndSerialNumber, +      ..., +      [[2: subjectKeyIdentifier [0] SubjectKeyIdentifier ]] } +  KeyAgreeRecipientInfo ::= SEQUENCE { +      version CMSVersion,  -- always set to 3 +      originator [0] EXPLICIT OriginatorIdentifierOrKey, +      ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL, +      keyEncryptionAlgorithm AlgorithmIdentifier +          {KEY-AGREE, {KeyAgreementAlgorithmSet}}, +      recipientEncryptedKeys RecipientEncryptedKeys } + +  KeyAgreementAlgorithmSet KEY-AGREE ::= { KeyAgreementAlgs, ... } + +  OriginatorIdentifierOrKey ::= CHOICE { +      issuerAndSerialNumber IssuerAndSerialNumber, +      subjectKeyIdentifier [0] SubjectKeyIdentifier, +      originatorKey [1] OriginatorPublicKey } + +  OriginatorPublicKey ::= SEQUENCE { +      algorithm AlgorithmIdentifier {PUBLIC-KEY, {OriginatorKeySet}}, +      publicKey BIT STRING } + +  OriginatorKeySet PUBLIC-KEY ::= { KeyAgreePublicKeys, ... } + +  RecipientEncryptedKeys ::= SEQUENCE OF RecipientEncryptedKey + +  RecipientEncryptedKey ::= SEQUENCE { +      rid KeyAgreeRecipientIdentifier, +      encryptedKey EncryptedKey } + +  KeyAgreeRecipientIdentifier ::= CHOICE { +      issuerAndSerialNumber IssuerAndSerialNumber, +      rKeyId [0] IMPLICIT RecipientKeyIdentifier } + +  RecipientKeyIdentifier ::= SEQUENCE { +      subjectKeyIdentifier SubjectKeyIdentifier, +      date GeneralizedTime OPTIONAL, +      other OtherKeyAttribute OPTIONAL } + +  SubjectKeyIdentifier ::= OCTET STRING + +  KEKRecipientInfo ::= SEQUENCE { +      version CMSVersion,  -- always set to 4 +      kekid KEKIdentifier, +      keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, +      encryptedKey EncryptedKey } + +  KEKIdentifier ::= SEQUENCE { +      keyIdentifier OCTET STRING, +      date GeneralizedTime OPTIONAL, +      other OtherKeyAttribute OPTIONAL } +  PasswordRecipientInfo ::= SEQUENCE { +      version CMSVersion,   -- always set to 0 +      keyDerivationAlgorithm [0] KeyDerivationAlgorithmIdentifier +                              OPTIONAL, +      keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, +      encryptedKey EncryptedKey } + +  OTHER-RECIPIENT ::= TYPE-IDENTIFIER + +  OtherRecipientInfo ::= SEQUENCE { +      oriType    OTHER-RECIPIENT. +              &id({SupportedOtherRecipInfo}), +      oriValue   OTHER-RECIPIENT. +              &Type({SupportedOtherRecipInfo}{@oriType})} + +  SupportedOtherRecipInfo OTHER-RECIPIENT ::= { ... } + +  DigestedData ::= SEQUENCE { +      version CMSVersion, +      digestAlgorithm DigestAlgorithmIdentifier, +      encapContentInfo EncapsulatedContentInfo, +      digest Digest, ... } + +  Digest ::= OCTET STRING + +  EncryptedData ::= SEQUENCE { +      version CMSVersion, +      encryptedContentInfo EncryptedContentInfo, +      ..., +      [[2: unprotectedAttrs [1] IMPLICIT Attributes +          {{UnprotectedAttributes}} OPTIONAL ]] } + +  AuthenticatedData ::= SEQUENCE { +      version CMSVersion, +      originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL, +      recipientInfos RecipientInfos, +      macAlgorithm MessageAuthenticationCodeAlgorithm, +      digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL, +      encapContentInfo EncapsulatedContentInfo, +      authAttrs [2] IMPLICIT AuthAttributes OPTIONAL, +      mac MessageAuthenticationCode, +      unauthAttrs [3] IMPLICIT UnauthAttributes OPTIONAL } + +  AuthAttributes ::= SET SIZE (1..MAX) OF Attribute +      {{AuthAttributeSet}} + +  AuthAttributeSet ATTRIBUTE ::= { aa-contentType | aa-messageDigest +                                       | aa-signingTime, ...} +  MessageAuthenticationCode ::= OCTET STRING + +  UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute +      {{UnauthAttributeSet}} + +  UnauthAttributeSet ATTRIBUTE ::= {...} + +  -- +  --  General algorithm definitions +  -- + +  DigestAlgorithmIdentifier ::= AlgorithmIdentifier +      {DIGEST-ALGORITHM, {DigestAlgorithmSet}} + +  DigestAlgorithmSet DIGEST-ALGORITHM ::= { +      CryptographicMessageSyntaxAlgorithms-2009.MessageDigestAlgs, ... } + +  SignatureAlgorithmIdentifier ::= AlgorithmIdentifier +      {SIGNATURE-ALGORITHM, {SignatureAlgorithmSet}} + +  SignatureAlgorithmSet SIGNATURE-ALGORITHM ::= +      { SignatureAlgs, ... } + +  KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier +      {KEY-WRAP, {KeyEncryptionAlgorithmSet}} + +  KeyEncryptionAlgorithmSet KEY-WRAP ::= { KeyWrapAlgs, ... } + +  ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier +      {CONTENT-ENCRYPTION, {ContentEncryptionAlgorithmSet}} + +  ContentEncryptionAlgorithmSet CONTENT-ENCRYPTION ::= +      { ContentEncryptionAlgs, ... } + +  MessageAuthenticationCodeAlgorithm ::= AlgorithmIdentifier +      {MAC-ALGORITHM, {MessageAuthenticationCodeAlgorithmSet}} + +  MessageAuthenticationCodeAlgorithmSet MAC-ALGORITHM ::= +      { MessageAuthAlgs, ... } + +  KeyDerivationAlgorithmIdentifier ::= AlgorithmIdentifier +      {KEY-DERIVATION, {KeyDerivationAlgs, ...}} + +  RevocationInfoChoices ::= SET OF RevocationInfoChoice + +  RevocationInfoChoice ::= CHOICE { +      crl CertificateList, +      ..., +      [[5: other [1] IMPLICIT OtherRevocationInfoFormat ]] } + +  OTHER-REVOK-INFO ::= TYPE-IDENTIFIER + +  OtherRevocationInfoFormat ::= SEQUENCE { +      otherRevInfoFormat    OTHER-REVOK-INFO. +              &id({SupportedOtherRevokInfo}), +      otherRevInfo          OTHER-REVOK-INFO. +              &Type({SupportedOtherRevokInfo}{@otherRevInfoFormat})} + +  SupportedOtherRevokInfo OTHER-REVOK-INFO ::= { ... } + +  CertificateChoices ::= CHOICE { +      certificate Certificate, +      extendedCertificate [0] IMPLICIT ExtendedCertificate, +           -- Obsolete +      ..., +      [[3: v1AttrCert [1] IMPLICIT AttributeCertificateV1]], +           -- Obsolete +      [[4: v2AttrCert [2] IMPLICIT AttributeCertificateV2]], +      [[5: other      [3] IMPLICIT OtherCertificateFormat]] } + +  AttributeCertificateV2 ::= AttributeCertificate + +  OTHER-CERT-FMT ::= TYPE-IDENTIFIER + +  OtherCertificateFormat ::= SEQUENCE { +      otherCertFormat OTHER-CERT-FMT. +              &id({SupportedCertFormats}), +      otherCert       OTHER-CERT-FMT. +              &Type({SupportedCertFormats}{@otherCertFormat})} + +  SupportedCertFormats OTHER-CERT-FMT ::= { ... } + +  CertificateSet ::= SET OF CertificateChoices + +  IssuerAndSerialNumber ::= SEQUENCE { +      issuer Name, +      serialNumber CertificateSerialNumber } + +  CMSVersion ::= INTEGER  { v0(0), v1(1), v2(2), v3(3), v4(4), v5(5) } + +  UserKeyingMaterial ::= OCTET STRING + +  KEY-ATTRIBUTE ::= TYPE-IDENTIFIER + +  OtherKeyAttribute ::= SEQUENCE { +      keyAttrId  KEY-ATTRIBUTE. + +              &id({SupportedKeyAttributes}), +      keyAttr    KEY-ATTRIBUTE. +              &Type({SupportedKeyAttributes}{@keyAttrId})} + +  SupportedKeyAttributes KEY-ATTRIBUTE ::= { ... } + +  -- Content Type Object Identifiers + +  id-ct-contentInfo OBJECT IDENTIFIER ::= { iso(1) member-body(2) +     us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) ct(1) 6 } + +  ct-Data CONTENT-TYPE ::= {OCTET STRING IDENTIFIED BY id-data} + +  id-data OBJECT IDENTIFIER ::= { iso(1) member-body(2) +     us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 } + +  ct-SignedData CONTENT-TYPE ::= +      { SignedData IDENTIFIED BY id-signedData} + +  id-signedData OBJECT IDENTIFIER ::= { iso(1) member-body(2) +     us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2 } + +  ct-EnvelopedData CONTENT-TYPE ::= +      { EnvelopedData IDENTIFIED BY id-envelopedData} + +  id-envelopedData OBJECT IDENTIFIER ::= { iso(1) member-body(2) +     us(840) rsadsi(113549) pkcs(1) pkcs7(7) 3 } + +  ct-DigestedData CONTENT-TYPE ::= +      { DigestedData IDENTIFIED BY id-digestedData} + +  id-digestedData OBJECT IDENTIFIER ::= { iso(1) member-body(2) +     us(840) rsadsi(113549) pkcs(1) pkcs7(7) 5 } + +  ct-EncryptedData CONTENT-TYPE ::= +      { EncryptedData IDENTIFIED BY id-encryptedData} + +  id-encryptedData OBJECT IDENTIFIER ::= { iso(1) member-body(2) +     us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6 } + +  ct-AuthenticatedData CONTENT-TYPE ::= +      { AuthenticatedData IDENTIFIED BY id-ct-authData} + +  id-ct-authData OBJECT IDENTIFIER ::= { iso(1) member-body(2) +     us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 2 } + +  -- +  -- The CMS Attributes +  -- + +  MessageDigest ::= OCTET STRING + +  SigningTime  ::= Time + +  Time ::= CHOICE { +      utcTime UTCTime, +      generalTime GeneralizedTime } + +  Countersignature ::= SignerInfo + +  -- Attribute Object Identifiers + +  aa-contentType ATTRIBUTE ::= +      { TYPE ContentType IDENTIFIED BY id-contentType } +  id-contentType OBJECT IDENTIFIER ::= { iso(1) member-body(2) +     us(840) rsadsi(113549) pkcs(1) pkcs9(9) 3 } + +  aa-messageDigest ATTRIBUTE ::= +      { TYPE MessageDigest IDENTIFIED BY id-messageDigest} +  id-messageDigest OBJECT IDENTIFIER ::= { iso(1) member-body(2) +     us(840) rsadsi(113549) pkcs(1) pkcs9(9) 4 } + +  aa-signingTime ATTRIBUTE ::= +      { TYPE SigningTime IDENTIFIED BY id-signingTime } +  id-signingTime OBJECT IDENTIFIER ::= { iso(1) member-body(2) +     us(840) rsadsi(113549) pkcs(1) pkcs9(9) 5 } + +  aa-countersignature ATTRIBUTE ::= +      { TYPE Countersignature IDENTIFIED BY id-countersignature } +  id-countersignature OBJECT IDENTIFIER ::= { iso(1) member-body(2) +     us(840) rsadsi(113549) pkcs(1) pkcs9(9) 6 } + +  -- +  -- Obsolete Extended Certificate syntax from PKCS#6 +  -- + +  ExtendedCertificateOrCertificate ::= CHOICE { +      certificate Certificate, +      extendedCertificate [0] IMPLICIT ExtendedCertificate } + +  ExtendedCertificate ::= SEQUENCE { +      extendedCertificateInfo ExtendedCertificateInfo, +      signatureAlgorithm SignatureAlgorithmIdentifier, +      signature Signature } + +  ExtendedCertificateInfo ::= SEQUENCE { +      version CMSVersion, +      certificate Certificate, +      attributes UnauthAttributes } + +  Signature ::= BIT STRING + +  Attribute{ ATTRIBUTE:AttrList } ::= SEQUENCE { +      attrType           ATTRIBUTE. +              &id({AttrList}), +      attrValues         SET OF ATTRIBUTE. +              &Type({AttrList}{@attrType})  } + +  Attributes { ATTRIBUTE:AttrList } ::= +      SET SIZE (1..MAX) OF Attribute {{ AttrList }} + +  END diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/CryptographicMessageSyntaxAlgorithms-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/CryptographicMessageSyntaxAlgorithms-2009.asn1 new file mode 100644 index 0000000000..72e8b270db --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/CryptographicMessageSyntaxAlgorithms-2009.asn1 @@ -0,0 +1,248 @@ +   CryptographicMessageSyntaxAlgorithms-2009 +       { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) +       smime(16) modules(0) id-mod-cmsalg-2001-02(37) } +   DEFINITIONS IMPLICIT TAGS ::= +   BEGIN +   IMPORTS + +   ParamOptions, DIGEST-ALGORITHM, SIGNATURE-ALGORITHM, +      PUBLIC-KEY, KEY-DERIVATION, KEY-WRAP, MAC-ALGORITHM, +      KEY-AGREE, KEY-TRANSPORT, CONTENT-ENCRYPTION, ALGORITHM, +      AlgorithmIdentifier{}, SMIME-CAPS +   FROM AlgorithmInformation-2009 +       {iso(1) identified-organization(3) dod(6) internet(1) security(5) +       mechanisms(5) pkix(7) id-mod(0) +       id-mod-algorithmInformation-02(58)} + +   pk-rsa, pk-dh, pk-dsa, rsaEncryption, DHPublicKey, dhpublicnumber +   FROM PKIXAlgs-2009 +        {iso(1) identified-organization(3) dod(6) +        internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) +        id-mod-pkix1-algorithms2008-02(56)} + +   cap-RC2CBC +   FROM SecureMimeMessageV3dot1-2009 +        {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) +        smime(16) modules(0) id-mod-msg-v3dot1-02(39)}; + +   --  2. Hash algorithms in this document + +   MessageDigestAlgs DIGEST-ALGORITHM ::= { +   --   mda-md5 | mda-sha1, +        ... } + +   --  3. Signature algorithms in this document + +   SignatureAlgs SIGNATURE-ALGORITHM ::= { +   --  See RFC 3279 +   --  sa-dsaWithSHA1 |  sa-rsaWithMD5 | sa-rsaWithSHA1, +       ... } + +   --  4.  Key Management Algorithms +   --  4.1 Key Agreement Algorithms + +   KeyAgreementAlgs KEY-AGREE ::= { kaa-esdh | kaa-ssdh, ...} +   KeyAgreePublicKeys PUBLIC-KEY ::= { pk-dh, ...} + +   --  4.2  Key Transport Algorithms + +   KeyTransportAlgs KEY-TRANSPORT ::= { kt-rsa, ... } + +   --  4.3  Symmetric Key-Encryption Key Algorithms + +   KeyWrapAlgs KEY-WRAP ::= { kwa-3DESWrap | kwa-RC2Wrap, ... } + +   --  4.4  Key Derivation Algorithms + +   KeyDerivationAlgs KEY-DERIVATION ::= { kda-PBKDF2, ... } + +   --  5.  Content Encryption Algorithms + +   ContentEncryptionAlgs CONTENT-ENCRYPTION ::= +       { cea-3DES-cbc | cea-RC2-cbc, ... } + +   --  6.  Message Authentication Code Algorithms + +   MessageAuthAlgs MAC-ALGORITHM ::= { maca-hMAC-SHA1, ... } + +   --  S/MIME Capabilities for these items + +   SMimeCaps SMIME-CAPS ::= { +       kaa-esdh.&smimeCaps         | +       kaa-ssdh.&smimeCaps         | +       kt-rsa.&smimeCaps           | +       kwa-3DESWrap.&smimeCaps     | +       kwa-RC2Wrap.&smimeCaps      | +       cea-3DES-cbc.&smimeCaps     | +       cea-RC2-cbc.&smimeCaps      | +       maca-hMAC-SHA1.&smimeCaps, +       ...} + +   -- +   -- +   -- + +   -- Algorithm Identifiers + +   -- rsaEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2) +   --    us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1 } + +   id-alg-ESDH OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) +      rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 5 } + +   id-alg-SSDH OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) +      rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 10 } + +   id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= { iso(1) member-body(2) +      us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 6 } + +   id-alg-CMSRC2wrap OBJECT IDENTIFIER ::= { iso(1) member-body(2) +      us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 7 } + +   des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) +      us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } + +   rc2-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) +      rsadsi(113549) encryptionAlgorithm(3) 2 } + +   hMAC-SHA1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) +      dod(6) internet(1) security(5) mechanisms(5) 8 1 2 } + +   id-PBKDF2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) +      rsadsi(113549) pkcs(1) pkcs-5(5) 12 } + +   -- Algorithm Identifier Parameter Types + +   KeyWrapAlgorithm ::= +       AlgorithmIdentifier {KEY-WRAP, {KeyWrapAlgs }} + +   RC2wrapParameter ::= RC2ParameterVersion +   RC2ParameterVersion ::= INTEGER + +   CBCParameter ::= IV + +   IV ::= OCTET STRING  -- exactly 8 octets + +   RC2CBCParameter ::= SEQUENCE { +       rc2ParameterVersion INTEGER (1..256), +       iv OCTET STRING  }  -- exactly 8 octets + +   maca-hMAC-SHA1 MAC-ALGORITHM ::= { +       IDENTIFIER hMAC-SHA1 +       PARAMS TYPE NULL ARE preferredAbsent +       IS-KEYED-MAC TRUE +       SMIME-CAPS {IDENTIFIED BY hMAC-SHA1} +   } + +   PBKDF2-PRFsAlgorithmIdentifier ::= AlgorithmIdentifier{ ALGORITHM, +                                          {PBKDF2-PRFs} } + +   alg-hMAC-SHA1 ALGORITHM ::= +       { IDENTIFIER hMAC-SHA1 PARAMS TYPE NULL ARE required } + +   PBKDF2-PRFs ALGORITHM ::= { alg-hMAC-SHA1, ... } + +   PBKDF2-SaltSources ALGORITHM ::= { ... } + +   PBKDF2-SaltSourcesAlgorithmIdentifier ::= +       AlgorithmIdentifier {ALGORITHM, {PBKDF2-SaltSources}} + +   defaultPBKDF2 PBKDF2-PRFsAlgorithmIdentifier ::= +       { algorithm alg-hMAC-SHA1.&id, parameters NULL:NULL } + +   PBKDF2-params ::= SEQUENCE { +       salt CHOICE { +           specified OCTET STRING, +           otherSource PBKDF2-SaltSourcesAlgorithmIdentifier }, +       iterationCount INTEGER (1..MAX), +       keyLength INTEGER (1..MAX) OPTIONAL, +       prf PBKDF2-PRFsAlgorithmIdentifier DEFAULT +               defaultPBKDF2 +           } + +   -- +   --  This object is included for completeness.  It should not be used +   --      for encoding of signatures, but was sometimes used in older +   --      versions of CMS for encoding of RSA signatures. +   -- +   -- +   -- sa-rsa SIGNATURE-ALGORITHM ::= { +   --         IDENTIFIER rsaEncryption +   --         - - value is not ASN.1 encoded +   --         PARAMS TYPE NULL ARE required +   --         HASHES {mda-sha1 | mda-md5, ...} +   --         PUBLIC-KEYS { pk-rsa} +   -- } +   -- +   -- No ASN.1 encoding is applied to the signature value +   --    for these items + +   kaa-esdh KEY-AGREE ::= { +        IDENTIFIER id-alg-ESDH +        PARAMS TYPE KeyWrapAlgorithm ARE required +        PUBLIC-KEYS { pk-dh } +        -- UKM is not ASN.1 encoded +        UKM ARE optional +        SMIME-CAPS {TYPE KeyWrapAlgorithm IDENTIFIED BY id-alg-ESDH} +   } + +   kaa-ssdh KEY-AGREE ::= { +        IDENTIFIER id-alg-SSDH +        PARAMS TYPE KeyWrapAlgorithm ARE required +        PUBLIC-KEYS {pk-dh} +        -- UKM is not ASN.1 encoded +        UKM ARE optional +        SMIME-CAPS {TYPE KeyWrapAlgorithm IDENTIFIED BY id-alg-SSDH} +   } + +   dh-public-number OBJECT IDENTIFIER ::= dhpublicnumber + +   pk-originator-dh PUBLIC-KEY ::= { +       IDENTIFIER dh-public-number +       KEY DHPublicKey +       PARAMS ARE absent +       CERT-KEY-USAGE {keyAgreement, encipherOnly, decipherOnly} +   } + +   kwa-3DESWrap KEY-WRAP ::= { +        IDENTIFIER id-alg-CMS3DESwrap +        PARAMS TYPE NULL ARE required +        SMIME-CAPS {IDENTIFIED BY id-alg-CMS3DESwrap} +   } + +   kwa-RC2Wrap KEY-WRAP ::= { +        IDENTIFIER id-alg-CMSRC2wrap +        PARAMS TYPE RC2wrapParameter ARE required +        SMIME-CAPS { IDENTIFIED BY id-alg-CMSRC2wrap } +   } + +   kda-PBKDF2 KEY-DERIVATION ::= { +       IDENTIFIER id-PBKDF2 +       PARAMS TYPE PBKDF2-params ARE required +       -- No S/MIME caps defined +   } + +   cea-3DES-cbc CONTENT-ENCRYPTION ::= { +       IDENTIFIER des-ede3-cbc +       PARAMS TYPE IV ARE required +       SMIME-CAPS { IDENTIFIED BY des-ede3-cbc } +   } + +   cea-RC2-cbc CONTENT-ENCRYPTION ::= { +       IDENTIFIER rc2-cbc +       PARAMS TYPE RC2CBCParameter ARE required +       SMIME-CAPS cap-RC2CBC +   } + +   kt-rsa KEY-TRANSPORT ::= { +       IDENTIFIER rsaEncryption +       PARAMS TYPE NULL ARE required +       PUBLIC-KEYS { pk-rsa } +       SMIME-CAPS {IDENTIFIED BY rsaEncryption} +   } + +   --  S/MIME Capabilities - most have no label. + +   cap-3DESwrap SMIME-CAPS ::= { IDENTIFIED BY id-alg-CMS3DESwrap } + +   END diff --git a/lib/asn1/test/asn1_SUITE_data/x420/DOR-definition.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/DOR-definition.asn1 index cd3330dc56..cd3330dc56 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/DOR-definition.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/DOR-definition.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/DSAOperationalAttributeTypes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/DSAOperationalAttributeTypes.asn1 index df5e8489ea..df5e8489ea 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/DSAOperationalAttributeTypes.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/DSAOperationalAttributeTypes.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Default-Value-Lists.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Default-Value-Lists.asn1 index ef1187ba8c..ef1187ba8c 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/Default-Value-Lists.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Default-Value-Lists.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryAbstractService.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryAbstractService.asn1 index 5a5d310729..5a5d310729 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryAbstractService.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryAbstractService.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryAccessProtocol.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryAccessProtocol.asn1 index 10d6979f6d..10d6979f6d 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryAccessProtocol.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryAccessProtocol.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryInformationShadowProtocol.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryInformationShadowProtocol.asn1 index 91c0a865f7..91c0a865f7 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryInformationShadowProtocol.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryInformationShadowProtocol.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryOperationalBindingManagementProtocol.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryOperationalBindingManagementProtocol.asn1 index e3e1f95621..e3e1f95621 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryOperationalBindingManagementProtocol.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryOperationalBindingManagementProtocol.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryOperationalBindingTypes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryOperationalBindingTypes.asn1 index 9df5d2783a..9df5d2783a 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryOperationalBindingTypes.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryOperationalBindingTypes.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryProtectionMappings.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryProtectionMappings.asn1 index 37c6cac261..37c6cac261 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryProtectionMappings.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryProtectionMappings.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryShadowAbstractService.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryShadowAbstractService.asn1 index acbb692b6f..acbb692b6f 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/DirectoryShadowAbstractService.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectoryShadowAbstractService.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/DirectorySystemProtocol.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectorySystemProtocol.asn1 index cace79d109..cace79d109 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/DirectorySystemProtocol.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/DirectorySystemProtocol.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/DistributedOperations.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/DistributedOperations.asn1 index 72e791f10c..72e791f10c 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/DistributedOperations.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/DistributedOperations.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Document-Profile-Descriptor.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Document-Profile-Descriptor.asn1 index d8c15b7afa..d8c15b7afa 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/Document-Profile-Descriptor.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Document-Profile-Descriptor.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/EnhancedSecurity.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/EnhancedSecurity.asn1 index 9991a59454..9991a59454 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/EnhancedSecurity.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/EnhancedSecurity.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/EnrollmentMessageSyntax-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/EnrollmentMessageSyntax-2009.asn1 new file mode 100644 index 0000000000..17a45a0a6b --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/EnrollmentMessageSyntax-2009.asn1 @@ -0,0 +1,543 @@ +  EnrollmentMessageSyntax-2009 +      {iso(1) identified-organization(3) dod(6) internet(1) +      security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-cmc2002-02(53)} +  DEFINITIONS IMPLICIT TAGS ::= +  BEGIN +  EXPORTS ALL; +  IMPORTS + +  AttributeSet{}, Extension{}, EXTENSION, ATTRIBUTE +  FROM PKIX-CommonTypes-2009 +      {iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57)} +  AlgorithmIdentifier{}, DIGEST-ALGORITHM, KEY-WRAP, KEY-DERIVATION, +      MAC-ALGORITHM, SIGNATURE-ALGORITHM, PUBLIC-KEY +  FROM AlgorithmInformation-2009 +      {iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) +      id-mod-algorithmInformation-02(58)} + +  CertificateSerialNumber, GeneralName, CRLReason, ReasonFlags, +      CertExtensions +  FROM PKIX1Implicit-2009 +      {iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)} + +  Name, id-pkix, PublicKeyAlgorithms, SignatureAlgorithms +  FROM PKIX1Explicit-2009 +      {iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51)} + +  ContentInfo, IssuerAndSerialNumber, CONTENT-TYPE +  FROM CryptographicMessageSyntax-2009 +      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) +      smime(16) modules(0) id-mod-cms-2004-02(41)} + +  CertReqMsg, PKIPublicationInfo, CertTemplate +  FROM PKIXCRMF-2009 +      {iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) id-mod-crmf2005-02(55)} + +  mda-sha1 +  FROM PKIXAlgs-2009 +       { iso(1) identified-organization(3) dod(6) +       internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) +       id-mod-pkix1-algorithms2008-02(56)} + +  kda-PBKDF2, maca-hMAC-SHA1 +  FROM CryptographicMessageSyntaxAlgorithms-2009 +      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) +      smime(16) modules(0) id-mod-cmsalg-2001-02(37) } + +  mda-sha256 +  FROM PKIX1-PSS-OAEP-Algorithms-2009 +       { iso(1) identified-organization(3) dod(6) +         internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) +         id-mod-pkix1-rsa-pkalgs-02(54) } ; + +  --  CMS Content types defined in this document +  CMC-ContentTypes CONTENT-TYPE ::= { ct-PKIData | ct-PKIResponse, ... } + +  --  Signature Algorithms defined in this document + +  SignatureAlgs SIGNATURE-ALGORITHM ::= { sa-noSignature } + +  --  CMS Unsigned Attributes + +  CMC-UnsignedAtts ATTRIBUTE ::= { aa-cmc-unsignedData } + +  -- +  -- + +  id-cmc OBJECT IDENTIFIER ::= {id-pkix 7}   -- CMC controls +  id-cct OBJECT IDENTIFIER ::= {id-pkix 12}  -- CMC content types + +  -- This is the content type for a request message in the protocol + +  ct-PKIData CONTENT-TYPE ::= +      { PKIData IDENTIFIED BY id-cct-PKIData } +  id-cct-PKIData OBJECT IDENTIFIER ::= { id-cct 2 } + +  PKIData ::= SEQUENCE { +      controlSequence    SEQUENCE SIZE(0..MAX) OF TaggedAttribute, +      reqSequence        SEQUENCE SIZE(0..MAX) OF TaggedRequest, +      cmsSequence        SEQUENCE SIZE(0..MAX) OF TaggedContentInfo, +      otherMsgSequence   SEQUENCE SIZE(0..MAX) OF OtherMsg +  } + +  BodyPartID ::= INTEGER(0..4294967295) + +  TaggedAttribute ::= SEQUENCE { +      bodyPartID         BodyPartID, +      attrType           CMC-CONTROL.&id({Cmc-Control-Set}), +      attrValues         SET OF CMC-CONTROL. +                             &Type({Cmc-Control-Set}{@attrType}) +  } + +  Cmc-Control-Set CMC-CONTROL ::= { +      cmc-identityProof | cmc-dataReturn | cmc-regInfo | +      cmc-responseInfo | cmc-queryPending | cmc-popLinkRandom | +      cmc-popLinkWitness | cmc-identification | cmc-transactionId | +      cmc-senderNonce | cmc-recipientNonce | cmc-statusInfo | +      cmc-addExtensions | cmc-encryptedPOP | cmc-decryptedPOP | +      cmc-lraPOPWitness | cmc-getCert | cmc-getCRL | +      cmc-revokeRequest | cmc-confirmCertAcceptance | +      cmc-statusInfoV2 | cmc-trustedAnchors | cmc-authData | +      cmc-batchRequests | cmc-batchResponses | cmc-publishCert | +      cmc-modCertTemplate | cmc-controlProcessed | +      cmc-identityProofV2 | cmc-popLinkWitnessV2, ... } + +  OTHER-REQUEST ::= TYPE-IDENTIFIER + +  --  We do not define any other requests in this document; +  --     examples might be attribute certification requests + +  OtherRequests OTHER-REQUEST ::= {...} + +  TaggedRequest ::= CHOICE { +      tcr               [0] TaggedCertificationRequest, +      crm               [1] CertReqMsg, +      orm               [2] SEQUENCE { +          bodyPartID            BodyPartID, +          requestMessageType    OTHER-REQUEST.&id({OtherRequests}), +          requestMessageValue   OTHER-REQUEST.&Type({OtherRequests} +                                    {@.requestMessageType}) +      } +  } + +  TaggedCertificationRequest ::= SEQUENCE { +      bodyPartID            BodyPartID, +      certificationRequest  CertificationRequest +  } + +  AttributeList ATTRIBUTE ::= {at-extension-req, ...} + +  CertificationRequest ::= SEQUENCE { +     certificationRequestInfo  SEQUENCE { +         version                   INTEGER, +         subject                   Name, +         subjectPublicKeyInfo      SEQUENCE { +             algorithm                 AlgorithmIdentifier{PUBLIC-KEY, +                                           {PublicKeyAlgorithms}}, +             subjectPublicKey          BIT STRING +         }, +         attributes                [0] IMPLICIT SET OF +                                       AttributeSet{{AttributeList}} +      }, +      signatureAlgorithm        AlgorithmIdentifier +                                    {SIGNATURE-ALGORITHM, +                                        {SignatureAlgorithms}}, +      signature                 BIT STRING +  } + +  TaggedContentInfo ::= SEQUENCE { +      bodyPartID              BodyPartID, +      contentInfo             ContentInfo +  } + +  OTHER-MSG ::= TYPE-IDENTIFIER + +  --  No other messages currently defined + +  OtherMsgSet OTHER-MSG ::= {...} + +  OtherMsg ::= SEQUENCE { +      bodyPartID        BodyPartID, +      otherMsgType      OTHER-MSG.&id({OtherMsgSet}), +      otherMsgValue     OTHER-MSG.&Type({OtherMsgSet}{@otherMsgType}) } + +  --  This defines the response message in the protocol + +  ct-PKIResponse CONTENT-TYPE ::= +      { PKIResponse IDENTIFIED BY id-cct-PKIResponse } +  id-cct-PKIResponse OBJECT IDENTIFIER ::= { id-cct 3 } + +  ResponseBody ::= PKIResponse + +  PKIResponse ::= SEQUENCE { +      controlSequence   SEQUENCE SIZE(0..MAX) OF TaggedAttribute, +      cmsSequence       SEQUENCE SIZE(0..MAX) OF TaggedContentInfo, +      otherMsgSequence  SEQUENCE SIZE(0..MAX) OF OtherMsg +  } + +  CMC-CONTROL ::= TYPE-IDENTIFIER + +  -- The following controls have the type OCTET STRING + +  cmc-identityProof CMC-CONTROL ::= +      { OCTET STRING IDENTIFIED BY id-cmc-identityProof } +  id-cmc-identityProof OBJECT IDENTIFIER ::= {id-cmc 3} + +  cmc-dataReturn CMC-CONTROL ::= +      { OCTET STRING IDENTIFIED BY id-cmc-dataReturn } +  id-cmc-dataReturn OBJECT IDENTIFIER ::= {id-cmc 4} + +  cmc-regInfo CMC-CONTROL ::= +      { OCTET STRING IDENTIFIED BY id-cmc-regInfo } +  id-cmc-regInfo OBJECT IDENTIFIER ::= {id-cmc 18} + +  cmc-responseInfo CMC-CONTROL ::= +      { OCTET STRING IDENTIFIED BY id-cmc-responseInfo } +  id-cmc-responseInfo OBJECT IDENTIFIER ::= {id-cmc 19} + +  cmc-queryPending CMC-CONTROL ::= +      { OCTET STRING IDENTIFIED BY id-cmc-queryPending } +  id-cmc-queryPending OBJECT IDENTIFIER ::= {id-cmc 21} + +  cmc-popLinkRandom CMC-CONTROL ::= +      { OCTET STRING IDENTIFIED BY id-cmc-popLinkRandom } +  id-cmc-popLinkRandom OBJECT IDENTIFIER ::= {id-cmc 22} + +  cmc-popLinkWitness CMC-CONTROL ::= +      { OCTET STRING IDENTIFIED BY id-cmc-popLinkWitness } +  id-cmc-popLinkWitness OBJECT IDENTIFIER ::= {id-cmc 23} + +  -- The following controls have the type UTF8String + +  cmc-identification CMC-CONTROL ::= +      { UTF8String IDENTIFIED BY id-cmc-identification } +  id-cmc-identification OBJECT IDENTIFIER ::= {id-cmc 2} + +  -- The following controls have the type INTEGER + +  cmc-transactionId CMC-CONTROL ::= +      { INTEGER IDENTIFIED BY id-cmc-transactionId } +  id-cmc-transactionId OBJECT IDENTIFIER ::= {id-cmc 5} + +  -- The following controls have the type OCTET STRING + +  cmc-senderNonce CMC-CONTROL ::= +      { OCTET STRING IDENTIFIED BY id-cmc-senderNonce } + +  id-cmc-senderNonce OBJECT IDENTIFIER ::= {id-cmc 6} + +  cmc-recipientNonce CMC-CONTROL ::= +      { OCTET STRING IDENTIFIED BY id-cmc-recipientNonce } +  id-cmc-recipientNonce OBJECT IDENTIFIER ::= {id-cmc 7} + +  -- Used to return status in a response + +  cmc-statusInfo CMC-CONTROL ::= +      { CMCStatusInfo IDENTIFIED BY id-cmc-statusInfo } +  id-cmc-statusInfo OBJECT IDENTIFIER ::= {id-cmc 1} + +  CMCStatusInfo ::= SEQUENCE { +      cMCStatus       CMCStatus, +      bodyList        SEQUENCE SIZE (1..MAX) OF BodyPartID, +      statusString    UTF8String OPTIONAL, +      otherInfo       CHOICE { +         failInfo         CMCFailInfo, +         pendInfo         PendInfo +      } OPTIONAL +  } + +  PendInfo ::= SEQUENCE { +      pendToken        OCTET STRING, +      pendTime         GeneralizedTime +  } + +  CMCStatus ::= INTEGER { +      success         (0), +      failed          (2), +      pending         (3), +      noSupport       (4), +      confirmRequired (5), +      popRequired     (6), +      partial         (7) +  } + +  -- Note: +  -- The spelling of unsupportedExt is corrected in this version. +  -- In RFC 2797, it was unsuportedExt. + +  CMCFailInfo ::= INTEGER { +      badAlg          (0), +      badMessageCheck (1), +      badRequest      (2), +      badTime         (3), +      badCertId       (4), +      unsuportedExt   (5), +      mustArchiveKeys (6), +      badIdentity     (7), +      popRequired     (8), +      popFailed       (9), +      noKeyReuse      (10), +      internalCAError (11), +      tryLater        (12), +      authDataFail    (13) +  } + +  -- Used for RAs to add extensions to certification requests + +  cmc-addExtensions CMC-CONTROL ::= +      { AddExtensions IDENTIFIED BY id-cmc-addExtensions } +  id-cmc-addExtensions OBJECT IDENTIFIER ::= {id-cmc 8} + +  AddExtensions ::= SEQUENCE { +      pkiDataReference    BodyPartID, +      certReferences      SEQUENCE OF BodyPartID, +      extensions          SEQUENCE OF Extension{{CertExtensions}} +  } + +  cmc-encryptedPOP CMC-CONTROL ::= +      { EncryptedPOP IDENTIFIED BY id-cmc-encryptedPOP } +  cmc-decryptedPOP CMC-CONTROL ::= +      { DecryptedPOP IDENTIFIED BY id-cmc-decryptedPOP } +  id-cmc-encryptedPOP OBJECT IDENTIFIER ::= {id-cmc 9} +  id-cmc-decryptedPOP OBJECT IDENTIFIER ::= {id-cmc 10} + +  EncryptedPOP ::= SEQUENCE { +      request       TaggedRequest, +      cms             ContentInfo, +      thePOPAlgID     AlgorithmIdentifier{MAC-ALGORITHM, {POPAlgs}}, +      witnessAlgID    AlgorithmIdentifier{DIGEST-ALGORITHM, +                          {WitnessAlgs}}, +      witness         OCTET STRING +  } + +  POPAlgs MAC-ALGORITHM ::= {maca-hMAC-SHA1, ...} +  WitnessAlgs DIGEST-ALGORITHM ::= {mda-sha1, ...} + +  DecryptedPOP ::= SEQUENCE { +      bodyPartID      BodyPartID, +      thePOPAlgID     AlgorithmIdentifier{MAC-ALGORITHM, {POPAlgs}}, +      thePOP          OCTET STRING +  } + +  cmc-lraPOPWitness CMC-CONTROL ::= +      { LraPopWitness IDENTIFIED BY id-cmc-lraPOPWitness } + +  id-cmc-lraPOPWitness OBJECT IDENTIFIER ::= {id-cmc 11} + +  LraPopWitness ::= SEQUENCE { +      pkiDataBodyid   BodyPartID, +      bodyIds         SEQUENCE OF BodyPartID +  } + +  -- + +  cmc-getCert CMC-CONTROL ::= +      { GetCert IDENTIFIED BY id-cmc-getCert } +  id-cmc-getCert OBJECT IDENTIFIER ::= {id-cmc 15} + +  GetCert ::= SEQUENCE { +      issuerName      GeneralName, +      serialNumber    INTEGER } + +  cmc-getCRL CMC-CONTROL ::= +      { GetCRL IDENTIFIED BY id-cmc-getCRL } +  id-cmc-getCRL OBJECT IDENTIFIER ::= {id-cmc 16} +  GetCRL ::= SEQUENCE { +      issuerName    Name, +      cRLName       GeneralName OPTIONAL, +      time          GeneralizedTime OPTIONAL, +      reasons       ReasonFlags OPTIONAL } + +  cmc-revokeRequest CMC-CONTROL ::= +      { RevokeRequest IDENTIFIED BY id-cmc-revokeRequest} +  id-cmc-revokeRequest OBJECT IDENTIFIER ::= {id-cmc 17} + +  RevokeRequest ::= SEQUENCE { +      issuerName            Name, +      serialNumber          INTEGER, +      reason                CRLReason, +      invalidityDate         GeneralizedTime OPTIONAL, +      passphrase            OCTET STRING OPTIONAL, +      comment               UTF8String OPTIONAL } + +  cmc-confirmCertAcceptance CMC-CONTROL ::= +      { CMCCertId IDENTIFIED BY id-cmc-confirmCertAcceptance } +  id-cmc-confirmCertAcceptance OBJECT IDENTIFIER ::= {id-cmc 24} + +  CMCCertId ::= IssuerAndSerialNumber + +  -- The following is used to request v3 extensions be added +  --     to a certificate + +  at-extension-req ATTRIBUTE ::= +      { TYPE ExtensionReq IDENTIFIED BY id-ExtensionReq } +  id-ExtensionReq OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) +      rsadsi(113549) pkcs(1) pkcs-9(9) 14} + +  ExtensionReq ::= SEQUENCE SIZE (1..MAX) OF +      Extension{{CertExtensions}} + +  -- The following allows Diffie-Hellman Certification Request +  --     Messages to be well-formed + +  sa-noSignature SIGNATURE-ALGORITHM ::= { +      IDENTIFIER id-alg-noSignature +      VALUE NoSignatureValue +      PARAMS TYPE NULL ARE required +      HASHES { mda-sha1 } +  } +  id-alg-noSignature OBJECT IDENTIFIER ::= {id-pkix id-alg(6) 2} + +  NoSignatureValue ::= OCTET STRING +  --  Unauthenticated attribute to carry removable data. + +  id-aa OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) +      rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2)} + +  aa-cmc-unsignedData ATTRIBUTE ::= +      { TYPE CMCUnsignedData IDENTIFIED BY id-aa-cmc-unsignedData } +  id-aa-cmc-unsignedData OBJECT IDENTIFIER ::= {id-aa 34} + +  CMCUnsignedData ::= SEQUENCE { +      bodyPartPath        BodyPartPath, +      identifier          TYPE-IDENTIFIER.&id, +      content             TYPE-IDENTIFIER.&Type +  } + +  --  Replaces CMC Status Info +  -- + +  cmc-statusInfoV2 CMC-CONTROL ::= +      { CMCStatusInfoV2 IDENTIFIED BY id-cmc-statusInfoV2 } +  id-cmc-statusInfoV2 OBJECT IDENTIFIER ::= {id-cmc 25} + +  EXTENDED-FAILURE-INFO ::= TYPE-IDENTIFIER + +  ExtendedFailures EXTENDED-FAILURE-INFO ::= {...} + +  CMCStatusInfoV2 ::= SEQUENCE { +     cMCStatus             CMCStatus, +     bodyList              SEQUENCE SIZE (1..MAX) OF +                                    BodyPartReference, +     statusString          UTF8String OPTIONAL, +     otherInfo             CHOICE { +         failInfo               CMCFailInfo, +         pendInfo               PendInfo, +         extendedFailInfo       [1] SEQUENCE { +            failInfoOID            TYPE-IDENTIFIER.&id +                                       ({ExtendedFailures}), +            failInfoValue          TYPE-IDENTIFIER.&Type +                                       ({ExtendedFailures} +                                           {@.failInfoOID}) +         } +      } OPTIONAL +  } + +  BodyPartReference ::= CHOICE { +     bodyPartID           BodyPartID, +     bodyPartPath         BodyPartPath +  } + +  BodyPartPath ::= SEQUENCE SIZE (1..MAX) OF BodyPartID + +  --  Allow for distribution of trust anchors +  -- + +  cmc-trustedAnchors CMC-CONTROL ::= +      { PublishTrustAnchors IDENTIFIED BY id-cmc-trustedAnchors } +  id-cmc-trustedAnchors OBJECT IDENTIFIER ::= {id-cmc 26} + +  PublishTrustAnchors ::= SEQUENCE { +      seqNumber      INTEGER, +      hashAlgorithm  AlgorithmIdentifier{DIGEST-ALGORITHM, +                         {HashAlgorithms}}, +      anchorHashes   SEQUENCE OF OCTET STRING +  } + +  HashAlgorithms DIGEST-ALGORITHM ::= { +     mda-sha1 | mda-sha256, ... +  } + +  cmc-authData CMC-CONTROL ::= +      { AuthPublish IDENTIFIED BY id-cmc-authData } +  id-cmc-authData OBJECT IDENTIFIER ::= {id-cmc 27} + +  AuthPublish ::= BodyPartID + +  --   These two items use BodyPartList + +  cmc-batchRequests CMC-CONTROL ::= +      { BodyPartList IDENTIFIED BY id-cmc-batchRequests } +  id-cmc-batchRequests OBJECT IDENTIFIER ::= {id-cmc 28} + +  cmc-batchResponses CMC-CONTROL ::= +      { BodyPartList IDENTIFIED BY id-cmc-batchResponses } +  id-cmc-batchResponses OBJECT IDENTIFIER ::= {id-cmc 29} + +  BodyPartList ::= SEQUENCE SIZE (1..MAX) OF BodyPartID + +  cmc-publishCert CMC-CONTROL ::= +      { CMCPublicationInfo IDENTIFIED BY id-cmc-publishCert } +  id-cmc-publishCert OBJECT IDENTIFIER ::= {id-cmc 30} + +  CMCPublicationInfo ::= SEQUENCE { +      hashAlg        AlgorithmIdentifier{DIGEST-ALGORITHM, +                           {HashAlgorithms}}, +      certHashes     SEQUENCE OF OCTET STRING, +      pubInfo        PKIPublicationInfo +  } + +  cmc-modCertTemplate CMC-CONTROL ::= +      { ModCertTemplate IDENTIFIED BY id-cmc-modCertTemplate } +  id-cmc-modCertTemplate OBJECT IDENTIFIER ::= {id-cmc 31} + +  ModCertTemplate ::= SEQUENCE { +      pkiDataReference             BodyPartPath, +      certReferences               BodyPartList, +      replace                      BOOLEAN DEFAULT TRUE, +      certTemplate                 CertTemplate +  } + +  -- Inform follow-on servers that one or more controls have +  --     already been processed + +  cmc-controlProcessed CMC-CONTROL ::= +      { ControlsProcessed IDENTIFIED BY id-cmc-controlProcessed } +  id-cmc-controlProcessed OBJECT IDENTIFIER ::= {id-cmc 32} + +  ControlsProcessed ::= SEQUENCE { +      bodyList              SEQUENCE SIZE(1..MAX) OF BodyPartReference +  } + +  --  Identity Proof control w/ algorithm agility + +  cmc-identityProofV2 CMC-CONTROL ::= +      { IdentityProofV2 IDENTIFIED BY id-cmc-identityProofV2 } +  id-cmc-identityProofV2 OBJECT IDENTIFIER ::= { id-cmc 33 } + +  IdentityProofV2 ::= SEQUENCE { +      proofAlgID       AlgorithmIdentifier{DIGEST-ALGORITHM, +                           {WitnessAlgs}}, +      macAlgId         AlgorithmIdentifier{MAC-ALGORITHM, {POPAlgs}}, +      witness          OCTET STRING +  } + +  cmc-popLinkWitnessV2 CMC-CONTROL ::= +      { PopLinkWitnessV2 IDENTIFIED BY id-cmc-popLinkWitnessV2 } +  id-cmc-popLinkWitnessV2 OBJECT IDENTIFIER ::= { id-cmc 34 } + +  PopLinkWitnessV2 ::= SEQUENCE { +      keyGenAlgorithm   AlgorithmIdentifier{KEY-DERIVATION, +                            {KeyDevAlgs}}, +      macAlgorithm      AlgorithmIdentifier{MAC-ALGORITHM, {POPAlgs}}, +      witness           OCTET STRING +  } + +  KeyDevAlgs KEY-DERIVATION ::= {kda-PBKDF2, ...} + +  END diff --git a/lib/asn1/test/asn1_SUITE_data/x420/External-References.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/External-References.asn1 index 9a7d4936a6..9a7d4936a6 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/External-References.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/External-References.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/GULSProtectionMappings.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/GULSProtectionMappings.asn1 index 9b6a426ca2..9b6a426ca2 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/GULSProtectionMappings.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/GULSProtectionMappings.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/GenericProtectingTransferSyntax.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/GenericProtectingTransferSyntax.asn1 index c59451dcdb..c59451dcdb 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/GenericProtectingTransferSyntax.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/GenericProtectingTransferSyntax.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Geo-Gr-Coding-Attributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Geo-Gr-Coding-Attributes.asn1 index 60acbb3b5c..60acbb3b5c 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/Geo-Gr-Coding-Attributes.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Geo-Gr-Coding-Attributes.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Geo-Gr-Presentation-Attributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Geo-Gr-Presentation-Attributes.asn1 index 84c1ee9851..84c1ee9851 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/Geo-Gr-Presentation-Attributes.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Geo-Gr-Presentation-Attributes.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Geo-Gr-Profile-Attributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Geo-Gr-Profile-Attributes.asn1 index 28daa467e1..28daa467e1 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/Geo-Gr-Profile-Attributes.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Geo-Gr-Profile-Attributes.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/GulsSecurityExchanges.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/GulsSecurityExchanges.asn1 index 336b824174..336b824174 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/GulsSecurityExchanges.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/GulsSecurityExchanges.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/GulsSecurityTransformations.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/GulsSecurityTransformations.asn1 index db2725c37d..db2725c37d 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/GulsSecurityTransformations.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/GulsSecurityTransformations.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/HierarchicalOperationalBindings.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/HierarchicalOperationalBindings.asn1 index 4e0084b079..4e0084b079 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/HierarchicalOperationalBindings.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/HierarchicalOperationalBindings.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSAbstractService.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSAbstractService.asn1 index 3fec8ae64a..3fec8ae64a 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSAbstractService.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSAbstractService.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSAutoActionTypes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSAutoActionTypes.asn1 index 8c0c8138e2..8c0c8138e2 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSAutoActionTypes.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSAutoActionTypes.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSExtendedBodyPartTypes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSExtendedBodyPartTypes.asn1 index 9805a6189d..9805a6189d 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSExtendedBodyPartTypes.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSExtendedBodyPartTypes.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSExtendedBodyPartTypes2.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSExtendedBodyPartTypes2.asn1 index b39e03c3b6..b39e03c3b6 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSExtendedBodyPartTypes2.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSExtendedBodyPartTypes2.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSExtendedVoiceBodyPartType.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSExtendedVoiceBodyPartType.asn1 index 171f4b4223..171f4b4223 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSExtendedVoiceBodyPartType.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSExtendedVoiceBodyPartType.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSFileTransferBodyPartType.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSFileTransferBodyPartType.asn1 index 59de6d1b04..59de6d1b04 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSFileTransferBodyPartType.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSFileTransferBodyPartType.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSForwardedContentBodyPartType.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSForwardedContentBodyPartType.asn1 index 57faac6587..57faac6587 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSForwardedContentBodyPartType.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSForwardedContentBodyPartType.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSForwardedReportBodyPartType.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSForwardedReportBodyPartType.asn1 index 4e46c7679b..4e46c7679b 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSForwardedReportBodyPartType.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSForwardedReportBodyPartType.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSFunctionalObjects.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSFunctionalObjects.asn1 index 09ef4de282..09ef4de282 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSFunctionalObjects.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSFunctionalObjects.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSHeadingExtensions.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSHeadingExtensions.asn1 index 752e8d05e1..752e8d05e1 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSHeadingExtensions.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSHeadingExtensions.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSInformationObjects.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSInformationObjects.asn1 index 3fb0463ee7..3fb0463ee7 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSInformationObjects.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSInformationObjects.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSMessageStoreAttributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSMessageStoreAttributes.asn1 index 719bca4987..719bca4987 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSMessageStoreAttributes.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSMessageStoreAttributes.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSObjectIdentifiers.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSObjectIdentifiers.asn1 index 6e5c01ab40..6e5c01ab40 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSObjectIdentifiers.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSObjectIdentifiers.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSObjectIdentifiers2.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSObjectIdentifiers2.asn1 index 2b46b27b3e..2b46b27b3e 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSObjectIdentifiers2.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSObjectIdentifiers2.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSSecurityExtensions.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSSecurityExtensions.asn1 index 8c692ccb31..8c692ccb31 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSSecurityExtensions.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSSecurityExtensions.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/IPMSUpperBounds.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSUpperBounds.asn1 index 27324f614f..27324f614f 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/IPMSUpperBounds.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/IPMSUpperBounds.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/ISO-STANDARD-9541-FONT-ATTRIBUTE-SET.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/ISO-STANDARD-9541-FONT-ATTRIBUTE-SET.asn1 index b7efd7417e..b7efd7417e 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/ISO-STANDARD-9541-FONT-ATTRIBUTE-SET.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/ISO-STANDARD-9541-FONT-ATTRIBUTE-SET.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/ISO8571-FTAM.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/ISO8571-FTAM.asn1 index a57a276704..a57a276704 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/ISO8571-FTAM.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/ISO8571-FTAM.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/ISO9541-SN.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/ISO9541-SN.asn1 index 0149602040..0149602040 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/ISO9541-SN.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/ISO9541-SN.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Identifiers-and-Expressions.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Identifiers-and-Expressions.asn1 index bd1d8d3c48..bd1d8d3c48 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/Identifiers-and-Expressions.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Identifiers-and-Expressions.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/InformationFramework.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/InformationFramework.asn1 index 813ac9c6a0..813ac9c6a0 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/InformationFramework.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/InformationFramework.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Interchange-Data-Elements.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Interchange-Data-Elements.asn1 index 2c78360b7b..2c78360b7b 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/Interchange-Data-Elements.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Interchange-Data-Elements.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Layout-Descriptors.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Layout-Descriptors.asn1 index 92c887bb06..92c887bb06 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/Layout-Descriptors.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Layout-Descriptors.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Link-Descriptors.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Link-Descriptors.asn1 index 64fc4436e4..64fc4436e4 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/Link-Descriptors.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Link-Descriptors.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Location-Expressions.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Location-Expressions.asn1 index 5de6491621..5de6491621 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/Location-Expressions.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Location-Expressions.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Logical-Descriptors.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Logical-Descriptors.asn1 index fab36bf12a..fab36bf12a 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/Logical-Descriptors.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Logical-Descriptors.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MHSObjectIdentifiers.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MHSObjectIdentifiers.asn1 index 187c3c8ad4..187c3c8ad4 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/MHSObjectIdentifiers.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MHSObjectIdentifiers.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MHSProtocolObjectIdentifiers.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MHSProtocolObjectIdentifiers.asn1 index 40f53b9458..40f53b9458 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/MHSProtocolObjectIdentifiers.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MHSProtocolObjectIdentifiers.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MSAbstractService.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MSAbstractService.asn1 index 052b3b2041..052b3b2041 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/MSAbstractService.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MSAbstractService.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MSAccessProtocol.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MSAccessProtocol.asn1 index b69d72b3ed..b69d72b3ed 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/MSAccessProtocol.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MSAccessProtocol.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MSGeneralAttributeTypes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MSGeneralAttributeTypes.asn1 index 99d34b2883..99d34b2883 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/MSGeneralAttributeTypes.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MSGeneralAttributeTypes.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MSGeneralAutoActionTypes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MSGeneralAutoActionTypes.asn1 index eceae4ab44..eceae4ab44 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/MSGeneralAutoActionTypes.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MSGeneralAutoActionTypes.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MSMatchingRules.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MSMatchingRules.asn1 index 37c894da86..37c894da86 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/MSMatchingRules.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MSMatchingRules.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MSObjectIdentifiers.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MSObjectIdentifiers.asn1 index df194f838c..df194f838c 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/MSObjectIdentifiers.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MSObjectIdentifiers.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MSUpperBounds.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MSUpperBounds.asn1 index 6494fbd3ef..6494fbd3ef 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/MSUpperBounds.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MSUpperBounds.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MTAAbstractService.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MTAAbstractService.asn1 index 38035c77ae..38035c77ae 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/MTAAbstractService.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MTAAbstractService.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MTSAbstractService.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MTSAbstractService.asn1 index 68a5118bc8..68a5118bc8 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/MTSAbstractService.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MTSAbstractService.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MTSAbstractService88.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MTSAbstractService88.asn1 index f66d117f35..f66d117f35 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/MTSAbstractService88.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MTSAbstractService88.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MTSAccessProtocol.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MTSAccessProtocol.asn1 index 03181c5951..03181c5951 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/MTSAccessProtocol.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MTSAccessProtocol.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MTSObjectIdentifiers.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MTSObjectIdentifiers.asn1 index 1615b241ee..1615b241ee 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/MTSObjectIdentifiers.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MTSObjectIdentifiers.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/MTSUpperBounds.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/MTSUpperBounds.asn1 index 10eac962cb..10eac962cb 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/MTSUpperBounds.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/MTSUpperBounds.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Notation.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Notation.asn1 index 96dfc39b6a..96dfc39b6a 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/Notation.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Notation.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/OCSP-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/OCSP-2009.asn1 new file mode 100644 index 0000000000..db500fe9a1 --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/OCSP-2009.asn1 @@ -0,0 +1,183 @@ +  OCSP-2009 +      {iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) id-mod-ocsp-02(48)} +  DEFINITIONS EXPLICIT TAGS ::= +  BEGIN +  IMPORTS + +  Extensions{}, EXTENSION, ATTRIBUTE +  FROM PKIX-CommonTypes-2009 +      {iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57)} + +  AlgorithmIdentifier{}, DIGEST-ALGORITHM, SIGNATURE-ALGORITHM +  FROM AlgorithmInformation-2009 +      {iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) +      id-mod-algorithmInformation-02(58)} + +  AuthorityInfoAccessSyntax, GeneralName, CrlEntryExtensions +  FROM PKIX1Implicit-2009 +      {iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)} + +  Name, CertificateSerialNumber, id-kp, id-ad-ocsp, Certificate +  FROM PKIX1Explicit-2009 +      {iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51)} + +  sa-dsaWithSHA1, sa-rsaWithMD2, sa-rsaWithMD5, sa-rsaWithSHA1 +  FROM PKIXAlgs-2009 +      {iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) +      id-mod-pkix1-algorithms2008-02(56)}; + +  OCSPRequest     ::=     SEQUENCE { +      tbsRequest                  TBSRequest, +      optionalSignature   [0]     EXPLICIT Signature OPTIONAL } + +  TBSRequest      ::=     SEQUENCE { +      version             [0] EXPLICIT Version DEFAULT v1, +      requestorName       [1] EXPLICIT GeneralName OPTIONAL, +      requestList             SEQUENCE OF Request, +      requestExtensions   [2] EXPLICIT Extensions {{re-ocsp-nonce | +                                  re-ocsp-response, ...}} OPTIONAL } + +  Signature       ::=     SEQUENCE { +      signatureAlgorithm   AlgorithmIdentifier +                               { SIGNATURE-ALGORITHM, {...}}, +      signature            BIT STRING, +      certs            [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } + +  Version  ::=  INTEGER  {  v1(0) } + +  Request ::=     SEQUENCE { +      reqCert                    CertID, +      singleRequestExtensions    [0] EXPLICIT Extensions +                                         { {re-ocsp-service-locator, +                                                ...}} OPTIONAL } + +  CertID ::= SEQUENCE { +      hashAlgorithm            AlgorithmIdentifier +                                   {DIGEST-ALGORITHM, {...}}, +      issuerNameHash     OCTET STRING, -- Hash of Issuer's DN +      issuerKeyHash      OCTET STRING, -- Hash of Issuer's public key +      serialNumber       CertificateSerialNumber } + +  OCSPResponse ::= SEQUENCE { +     responseStatus         OCSPResponseStatus, +     responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL } + +  OCSPResponseStatus ::= ENUMERATED { +      successful            (0), --Response has valid confirmations +      malformedRequest      (1), --Illegal confirmation request +      internalError         (2), --Internal error in issuer +      tryLater              (3), --Try again later +                                 -- (4) is not used +      sigRequired           (5), --Must sign the request +      unauthorized          (6)  --Request unauthorized +  } + +  RESPONSE ::= TYPE-IDENTIFIER + +  ResponseSet RESPONSE ::= {basicResponse, ...} + +  ResponseBytes ::=       SEQUENCE { +      responseType        RESPONSE. +                              &id ({ResponseSet}), +      response            OCTET STRING (CONTAINING RESPONSE. +                              &Type({ResponseSet}{@responseType}))} + +  basicResponse RESPONSE ::= +      { BasicOCSPResponse IDENTIFIED BY id-pkix-ocsp-basic } + +  BasicOCSPResponse       ::= SEQUENCE { +     tbsResponseData      ResponseData, +     signatureAlgorithm   AlgorithmIdentifier{SIGNATURE-ALGORITHM, +                              {sa-dsaWithSHA1 | sa-rsaWithSHA1 | +                                   sa-rsaWithMD5 | sa-rsaWithMD2, ...}}, +     signature            BIT STRING, +     certs            [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } + +  ResponseData ::= SEQUENCE { +     version              [0] EXPLICIT Version DEFAULT v1, +     responderID              ResponderID, +     producedAt               GeneralizedTime, +     responses                SEQUENCE OF SingleResponse, +     responseExtensions   [1] EXPLICIT Extensions +                                  {{re-ocsp-nonce, ...}} OPTIONAL } + +  ResponderID ::= CHOICE { +     byName   [1] Name, +     byKey    [2] KeyHash } + +  KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key +                           -- (excluding the tag and length fields) + +  SingleResponse ::= SEQUENCE { +     certID                       CertID, +     certStatus                   CertStatus, +     thisUpdate                   GeneralizedTime, +     nextUpdate           [0]     EXPLICIT GeneralizedTime OPTIONAL, +     singleExtensions     [1]     EXPLICIT Extensions{{re-ocsp-crl | +                                               re-ocsp-archive-cutoff | +                                                CrlEntryExtensions, ...} +                                               } OPTIONAL } + +  CertStatus ::= CHOICE { +      good                [0]     IMPLICIT NULL, +      revoked             [1]     IMPLICIT RevokedInfo, +      unknown             [2]     IMPLICIT UnknownInfo } + +  RevokedInfo ::= SEQUENCE { +      revocationTime              GeneralizedTime, +      revocationReason    [0]     EXPLICIT CRLReason OPTIONAL } + +  UnknownInfo ::= NULL + +  CRLReason ::= INTEGER + +  ArchiveCutoff ::= GeneralizedTime + +  AcceptableResponses ::= SEQUENCE OF RESPONSE.&id({ResponseSet}) + +  ServiceLocator ::= SEQUENCE { +      issuer    Name, +      locator   AuthorityInfoAccessSyntax } + +  CrlID ::= SEQUENCE { +      crlUrl               [0]     EXPLICIT IA5String OPTIONAL, +      crlNum               [1]     EXPLICIT INTEGER OPTIONAL, +      crlTime              [2]     EXPLICIT GeneralizedTime OPTIONAL } + +  --  Request Extensions + +  re-ocsp-nonce EXTENSION ::= { SYNTAX OCTET STRING IDENTIFIED +                                    BY id-pkix-ocsp-nonce } +  re-ocsp-response EXTENSION ::= { SYNTAX AcceptableResponses IDENTIFIED +                                       BY id-pkix-ocsp-response } +  re-ocsp-service-locator EXTENSION ::= { SYNTAX ServiceLocator +                                          IDENTIFIED BY +                                          id-pkix-ocsp-service-locator } + +  --  Response Extensions + +  re-ocsp-crl EXTENSION ::= { SYNTAX CrlID IDENTIFIED BY +                                  id-pkix-ocsp-crl } +  re-ocsp-archive-cutoff EXTENSION ::= { SYNTAX ArchiveCutoff +                                         IDENTIFIED BY +                                         id-pkix-ocsp-archive-cutoff } + +  -- Object Identifiers + +  id-kp-OCSPSigning            OBJECT IDENTIFIER ::= { id-kp 9 } +  id-pkix-ocsp                 OBJECT IDENTIFIER ::= id-ad-ocsp +  id-pkix-ocsp-basic           OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 } +  id-pkix-ocsp-nonce           OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 } +  id-pkix-ocsp-crl             OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 } +  id-pkix-ocsp-response        OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 } +  id-pkix-ocsp-nocheck         OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 } +  id-pkix-ocsp-archive-cutoff  OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 } +  id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 } + +  END diff --git a/lib/asn1/test/asn1_SUITE_data/x420/PKCS7.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/OLD-PKCS7.asn1 index ac449b59c7..ab555200bb 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/PKCS7.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/OLD-PKCS7.asn1 @@ -3,7 +3,7 @@  -- This Annex contains a module of PKCS#7 ASN.1 definitions conforming to current ASN.1 standards rather than the obsolescent (and now deprecated) 1988/90 version of ASN.1 used in version 1.5 of PKCS#7.  -- Extensions to PKCS#7 defined in RFC 2630 are included.  -- If differences are found between the ASN.1 in the following module and that in PKCS#7, the latter is definitive. -PKCS7 {iso member-body usa(840) rsadsi(113549) pkcs(1) 7 +OLD-PKCS7 {iso member-body usa(840) rsadsi(113549) pkcs(1) 7    module(0) -- module not currently defined in PKCS#7 --} DEFINITIONS IMPLICIT  TAGS ::=  BEGIN diff --git a/lib/asn1/test/asn1_SUITE_data/x420/ObjectIdentifiers.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/ObjectIdentifiers.asn1 index b4f91f50c5..b4f91f50c5 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/ObjectIdentifiers.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/ObjectIdentifiers.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/OperationalBindingManagement.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/OperationalBindingManagement.asn1 index 2044feb155..2044feb155 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/OperationalBindingManagement.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/OperationalBindingManagement.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-10.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-10.asn1 new file mode 100644 index 0000000000..a5fd0fefb9 --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-10.asn1 @@ -0,0 +1,56 @@ +  PKCS-10 +      {iso(1) identified-organization(3) dod(6) internet(1) security(5) +        mechanisms(5) pkix(7) id-mod(0) id-mod-pkcs10-2009(69)} +  DEFINITIONS IMPLICIT TAGS ::= +  BEGIN +  IMPORTS + +  AlgorithmIdentifier{}, DIGEST-ALGORITHM, SIGNATURE-ALGORITHM, +      PUBLIC-KEY +  FROM AlgorithmInformation-2009 +      {iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) +      id-mod-algorithmInformation-02(58)} + +  ATTRIBUTE, Name +  FROM PKIX1Explicit-2009 +      {iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51)}; + +  -- Certificate requests +  CertificationRequestInfo ::= SEQUENCE { +      version       INTEGER { v1(0) } (v1, ... ), +      subject       Name, +      subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }}, +      attributes    [0] Attributes{{ CRIAttributes }} +  } + +  SubjectPublicKeyInfo {PUBLIC-KEY: IOSet} ::= SEQUENCE { +      algorithm        AlgorithmIdentifier {PUBLIC-KEY, {IOSet}}, +      subjectPublicKey BIT STRING +  } + +  PKInfoAlgorithms PUBLIC-KEY ::= { +      ... -- add any locally defined algorithms here -- } + +  Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }} + +  CRIAttributes  ATTRIBUTE  ::= { +      ... -- add any locally defined attributes here -- } + +  Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE { +      type   ATTRIBUTE.&id({IOSet}), +      values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type}) +  } + +  CertificationRequest ::= SEQUENCE { +      certificationRequestInfo  CertificationRequestInfo, +      signatureAlgorithm        AlgorithmIdentifier{SIGNATURE-ALGORITHM, +                                    { SignatureAlgorithms }}, +      signature                 BIT STRING +  } + +  SignatureAlgorithms SIGNATURE-ALGORITHM ::= { +      ... -- add any locally defined algorithms here -- } + +  END diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-12.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-12.asn1 new file mode 100644 index 0000000000..5b37a552f9 --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-12.asn1 @@ -0,0 +1,174 @@ +PKCS-12 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) +                 pkcs-12(12) modules(0)  pkcs-12(1)} + +-- $Revision$ + +DEFINITIONS IMPLICIT TAGS ::= + +BEGIN + +-- EXPORTS ALL +-- All types and values defined in this module is exported for use in +-- other ASN.1 modules. + +IMPORTS + +informationFramework +        FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1) +        usefulDefinitions(0) 3} + +ATTRIBUTE +	FROM InformationFramework informationFramework + +ContentInfo, DigestInfo +	FROM PKCS-7 {iso(1) member-body(2) us(840) rsadsi(113549) +	pkcs(1) pkcs-7(7) modules(0) pkcs-7(1)} + +PrivateKeyInfo, EncryptedPrivateKeyInfo +	FROM PKCS-8 {iso(1) member-body(2) us(840) rsadsi(113549) +	pkcs(1) pkcs-8(8) modules(1) pkcs-8(1)} + +pkcs-9, friendlyName, localKeyId, certTypes, crlTypes +	FROM PKCS-9 {iso(1) member-body(2) us(840) rsadsi(113549) +	pkcs(1) pkcs-9(9) modules(0) pkcs-9(1)}; + +-- Object identifiers + +rsadsi	OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549)} +pkcs    OBJECT IDENTIFIER ::= {rsadsi pkcs(1)} +pkcs-12	OBJECT IDENTIFIER ::= {pkcs 12} +pkcs-12PbeIds                  	OBJECT IDENTIFIER ::= {pkcs-12 1} +pbeWithSHAAnd128BitRC4          OBJECT IDENTIFIER ::= {pkcs-12PbeIds 1} +pbeWithSHAAnd40BitRC4           OBJECT IDENTIFIER ::= {pkcs-12PbeIds 2} +pbeWithSHAAnd3-KeyTripleDES-CBC	OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} +pbeWithSHAAnd2-KeyTripleDES-CBC	OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} +pbeWithSHAAnd128BitRC2-CBC      OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} +pbewithSHAAnd40BitRC2-CBC       OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} + +bagtypes			OBJECT IDENTIFIER ::= {pkcs-12 10 1} + +-- The PFX PDU + +PFX ::= SEQUENCE { +	version		INTEGER {v3(3)}(v3,...), +	authSafe	ContentInfo, +	macData    	MacData OPTIONAL +} + +MacData ::= SEQUENCE { +	mac 		DigestInfo, +	macSalt	        OCTET STRING, +	iterations	INTEGER DEFAULT 1 +-- Note: The default is for historical reasons and its use is +-- deprecated. A higher value, like 1024 is recommended. +} + +AuthenticatedSafe ::= SEQUENCE OF ContentInfo +	-- Data if unencrypted +	-- EncryptedData if password-encrypted +	-- EnvelopedData if public key-encrypted + +SafeContents ::= SEQUENCE OF SafeBag + +SafeBag ::= SEQUENCE { +	bagId	      	BAG-TYPE.&id ({PKCS12BagSet}), +	bagValue      	[0] EXPLICIT BAG-TYPE.&Type({PKCS12BagSet}{@bagId}), +	bagAttributes 	SET OF PKCS12Attribute OPTIONAL +} + +-- Bag types + +keyBag 	  BAG-TYPE ::= +	{KeyBag IDENTIFIED BY {bagtypes 1}} +pkcs8ShroudedKeyBag BAG-TYPE ::= +	{PKCS8ShroudedKeyBag IDENTIFIED BY {bagtypes 2}} +certBag BAG-TYPE ::= +	{CertBag IDENTIFIED BY {bagtypes 3}} +crlBag BAG-TYPE ::= +	{CRLBag IDENTIFIED BY {bagtypes 4}} +secretBag BAG-TYPE ::= +	{SecretBag IDENTIFIED BY {bagtypes 5}} +safeContentsBag BAG-TYPE ::= +	{SafeContents IDENTIFIED BY {bagtypes 6}} + +PKCS12BagSet BAG-TYPE ::= { +	keyBag | +	pkcs8ShroudedKeyBag | +	certBag | +	crlBag | +	secretBag | +	safeContentsBag, +	... -- For future extensions +} + +BAG-TYPE ::= TYPE-IDENTIFIER + +-- KeyBag + +KeyBag ::= PrivateKeyInfo + +-- Shrouded KeyBag + +PKCS8ShroudedKeyBag ::= EncryptedPrivateKeyInfo + +-- CertBag + +CertBag ::= SEQUENCE { +	certId    BAG-TYPE.&id   ({CertTypes}), +	certValue [0] EXPLICIT BAG-TYPE.&Type ({CertTypes}{@certId}) +} + +x509Certificate BAG-TYPE ::= +	{OCTET STRING IDENTIFIED BY {certTypes 1}} +	-- DER-encoded X.509 certificate stored in OCTET STRING +sdsiCertificate BAG-TYPE ::= +	{IA5String IDENTIFIED BY {certTypes 2}} +	-- Base64-encoded SDSI certificate stored in IA5String + +CertTypes BAG-TYPE ::= { +	x509Certificate | +	sdsiCertificate, +	... -- For future extensions +} + +-- CRLBag + +CRLBag ::= SEQUENCE { +	crlId     	BAG-TYPE.&id ({CRLTypes}), +	crlValue 	[0] EXPLICIT BAG-TYPE.&Type ({CRLTypes}{@crlId}) +} + +x509CRL BAG-TYPE ::= +	{OCTET STRING IDENTIFIED BY {crlTypes 1}} +	-- DER-encoded X.509 CRL stored in OCTET STRING + +CRLTypes BAG-TYPE ::= { +	x509CRL, +	... -- For future extensions +} + +-- Secret Bag + +SecretBag ::= SEQUENCE { +	secretTypeId BAG-TYPE.&id ({SecretTypes}), +	secretValue  [0] EXPLICIT BAG-TYPE.&Type ({SecretTypes}{@secretTypeId}) +} + +SecretTypes BAG-TYPE ::= { +	... -- For future extensions +} + +-- Attributes + +PKCS12Attribute ::= SEQUENCE { +	attrId	   	ATTRIBUTE.&id ({PKCS12AttrSet}), +	attrValues 	SET OF ATTRIBUTE.&Type ({PKCS12AttrSet}{@attrId}) +} -- This type is compatible with the X.500 type 'Attribute' + +PKCS12AttrSet ATTRIBUTE ::= { +	friendlyName | +	localKeyId, +	... -- Other attributes are allowed +} + +END
\ No newline at end of file diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-5.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-5.asn1 new file mode 100644 index 0000000000..91b0dc36bf --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-5.asn1 @@ -0,0 +1,202 @@ +-- PKCS #5 v2.1 ASN.1 Module +-- Revised October 27, 2012 + +-- This module has been checked for conformance with the +-- ASN.1 standard by the OSS ASN.1 Tools + +PKCS-5 { +    iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-5(5) modules(16) +	pkcs5v2-1(2)} + +DEFINITIONS EXPLICIT TAGS ::= + +BEGIN + +-- ============================ +--   Basic object identifiers +-- ============================ + +nistAlgorithms OBJECT IDENTIFIER ::= +  {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) 4} +oiw    OBJECT IDENTIFIER ::= {iso(1) identified-organization(3) 14} +rsadsi OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) 113549} +pkcs   OBJECT IDENTIFIER ::= {rsadsi 1} +pkcs-5 OBJECT IDENTIFIER ::= {pkcs 5} + + +-- ============================ +-- Basic types and classes +-- ============================ + +AlgorithmIdentifier { ALGORITHM-IDENTIFIER:InfoObjectSet } ::= SEQUENCE { +  algorithm ALGORITHM-IDENTIFIER.&id({InfoObjectSet}), +  parameters ALGORITHM-IDENTIFIER.&Type({InfoObjectSet} {@algorithm}) OPTIONAL +} + +ALGORITHM-IDENTIFIER ::= TYPE-IDENTIFIER + + +-- ============================ +-- PBKDF2 +-- ============================ + +PBKDF2Algorithms ALGORITHM-IDENTIFIER ::= +  { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ...} + +id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} + +algid-hmacWithSHA1 AlgorithmIdentifier {{PBKDF2-PRFs}} ::= +  {algorithm id-hmacWithSHA1, parameters NULL : NULL} + +PBKDF2-params ::= SEQUENCE { +  salt CHOICE { +    specified OCTET STRING, +    otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}} +  }, +  iterationCount INTEGER (1..MAX), +  keyLength INTEGER (1..MAX) OPTIONAL, +  prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1 +} + +PBKDF2-SaltSources ALGORITHM-IDENTIFIER ::= { ... } + +PBKDF2-PRFs ALGORITHM-IDENTIFIER ::= { +  {NULL IDENTIFIED BY id-hmacWithSHA1}       | +  {NULL IDENTIFIED BY id-hmacWithSHA224}     | +  {NULL IDENTIFIED BY id-hmacWithSHA256}     | +  {NULL IDENTIFIED BY id-hmacWithSHA384}     | +  {NULL IDENTIFIED BY id-hmacWithSHA512}     | +  {NULL IDENTIFIED BY id-hmacWithSHA512-224} | +  {NULL IDENTIFIED BY id-hmacWithSHA512-256}, +   ... +} + + +-- ============================ + -- PBES1 +-- ============================ + +PBES1Algorithms ALGORITHM-IDENTIFIER ::= { +  {PBEParameter IDENTIFIED BY pbeWithMD2AndDES-CBC}  | +  {PBEParameter IDENTIFIED BY pbeWithMD2AndRC2-CBC}  | +  {PBEParameter IDENTIFIED BY pbeWithMD5AndDES-CBC}  | +  {PBEParameter IDENTIFIED BY pbeWithMD5AndRC2-CBC}  | +  {PBEParameter IDENTIFIED BY pbeWithSHA1AndDES-CBC} | +  {PBEParameter IDENTIFIED BY pbeWithSHA1AndRC2-CBC}, +   ... +} + +pbeWithMD2AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 1} +pbeWithMD2AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 4} +pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3} +pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6} +pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} +pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} + +PBEParameter ::= SEQUENCE { +  salt OCTET STRING (SIZE(8)), +  iterationCount INTEGER +} + + +-- ============================ +-- PBES2 +-- ============================ + +PBES2Algorithms ALGORITHM-IDENTIFIER ::= { +  {PBES2-params IDENTIFIED BY id-PBES2}, +   ... +} + +id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} + +PBES2-params ::= SEQUENCE { +  keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}}, +  encryptionScheme AlgorithmIdentifier {{PBES2-Encs}} +} + +PBES2-KDFs ALGORITHM-IDENTIFIER ::= { +  {PBKDF2-params IDENTIFIED BY id-PBKDF2}, +   ... +} + +PBES2-Encs ALGORITHM-IDENTIFIER ::= { ... } + + +-- ============================ +-- PBMAC1 +-- ============================ + +PBMAC1Algorithms ALGORITHM-IDENTIFIER ::= { +  {PBMAC1-params IDENTIFIED BY id-PBMAC1}, +   ... +} + +id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14} + +PBMAC1-params ::=  SEQUENCE { +  keyDerivationFunc AlgorithmIdentifier {{PBMAC1-KDFs}}, +  messageAuthScheme AlgorithmIdentifier {{PBMAC1-MACs}} +} + +PBMAC1-KDFs ALGORITHM-IDENTIFIER ::= { +  {PBKDF2-params IDENTIFIED BY id-PBKDF2}, +   ... +} + +PBMAC1-MACs ALGORITHM-IDENTIFIER ::= { ... } + +-- ============================ +-- Supporting techniques +-- ============================ + +digestAlgorithm OBJECT IDENTIFIER     ::= {rsadsi 2} +encryptionAlgorithm OBJECT IDENTIFIER ::= {rsadsi 3} + +SupportingAlgorithms ALGORITHM-IDENTIFIER ::= { +  {NULL                    IDENTIFIED BY id-hmacWithSHA1} | +  {OCTET STRING (SIZE(8))  IDENTIFIED BY desCBC}          | +  {OCTET STRING (SIZE(8))  IDENTIFIED BY des-EDE3-CBC}    | +  {RC2-CBC-Parameter       IDENTIFIED BY rc2CBC}          | +  {RC5-CBC-Parameters      IDENTIFIED BY rc5-CBC-PAD}     | +  {OCTET STRING (SIZE(16)) IDENTIFIED BY aes128-CBC-PAD}  | +  {OCTET STRING (SIZE(16)) IDENTIFIED BY aes192-CBC-PAD}  | +  {OCTET STRING (SIZE(16)) IDENTIFIED BY aes256-CBC-PAD}, +   ... +} + +id-hmacWithSHA1       OBJECT IDENTIFIER ::= {digestAlgorithm 7} +id-hmacWithSHA224     OBJECT IDENTIFIER ::= {digestAlgorithm 8} +id-hmacWithSHA256     OBJECT IDENTIFIER ::= {digestAlgorithm 9} +id-hmacWithSHA384     OBJECT IDENTIFIER ::= {digestAlgorithm 10} +id-hmacWithSHA512     OBJECT IDENTIFIER ::= {digestAlgorithm 11} +id-hmacWithSHA512-224 OBJECT IDENTIFIER ::= {digestAlgorithm 12} +id-hmacWithSHA512-256 OBJECT IDENTIFIER ::= {digestAlgorithm 13} + +-- from OIW +desCBC OBJECT IDENTIFIER ::= {oiw secsig(3) algorithms(2) 7} + +des-EDE3-CBC OBJECT IDENTIFIER ::= {encryptionAlgorithm 7} + +rc2CBC OBJECT IDENTIFIER ::= {encryptionAlgorithm 2} + +RC2-CBC-Parameter ::= SEQUENCE { +  rc2ParameterVersion INTEGER OPTIONAL, +  iv OCTET STRING (SIZE(8)) +} + +rc5-CBC-PAD OBJECT IDENTIFIER ::= {encryptionAlgorithm 9} + +RC5-CBC-Parameters ::= SEQUENCE { +  version INTEGER {v1-0(16)} (v1-0), +  rounds INTEGER (8..127), +  blockSizeInBits INTEGER (64 | 128), +  iv OCTET STRING OPTIONAL +} + +aes OBJECT IDENTIFIER ::= { nistAlgorithms 1 } +aes128-CBC-PAD OBJECT IDENTIFIER ::= { aes 2 } +aes192-CBC-PAD OBJECT IDENTIFIER ::= { aes 22 } +aes256-CBC-PAD OBJECT IDENTIFIER ::= { aes 42 } + +END
\ No newline at end of file diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-7.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-7.asn1 new file mode 100644 index 0000000000..4cea8db240 --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-7.asn1 @@ -0,0 +1,326 @@ +PKCS-7 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-7(7) +        modules(0) pkcs-7(1)} + +DEFINITIONS EXPLICIT TAGS ::= +BEGIN + +-- +-- 3. Definitions +-- + +-- EXPORTS All; + +IMPORTS + +informationFramework, authenticationFramework +    FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) +                            usefulDefinitions(0) 3} + +  Name, ATTRIBUTE +    FROM InformationFramework informationFramework + +  ALGORITHM, Certificate, CertificateSerialNumber, +    CertificateList +    FROM AuthenticationFramework authenticationFramework + +  contentType, messageDigest, signingTime, counterSignature +    FROM PKCS-9 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) +                 pkcs-9(9) modules(0) pkcs-9(1)}; +-- +-- 6. Useful types +-- + +-- Also defined in X.509 +-- Redeclared here as a parameterized type +AlgorithmIdentifier {ALGORITHM:IOSet} ::= SEQUENCE { +   algorithm   ALGORITHM.&id({IOSet}), +   parameters  ALGORITHM.&Type({IOSet}{@algorithm}) OPTIONAL +} + +-- Also defined in X.501 +-- Redeclared here as a parameterized type +Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE { +  type    ATTRIBUTE.&id({IOSet}), +  values  SET SIZE (1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type}) +} + +CertificateRevocationLists ::= +  SET OF CertificateList + +Certificates ::= +  SEQUENCE OF Certificate + +CRLSequence ::= +  SEQUENCE OF CertificateList + +ContentEncryptionAlgorithmIdentifier ::= +  AlgorithmIdentifier {{ContentEncryptionAlgorithms}} + +ContentEncryptionAlgorithms ALGORITHM ::= { +  ...  -- add any application-specific algorithms here +} + +DigestAlgorithmIdentifier ::= +  AlgorithmIdentifier {{DigestAlgorithms}} + +DigestAlgorithms ALGORITHM ::= { +   ...  -- add any application-specific algorithms here +} + +DigestEncryptionAlgorithmIdentifier ::= +  AlgorithmIdentifier {{DigestEncryptionAlgorithms}} + +DigestEncryptionAlgorithms ALGORITHM ::= { +  ...  -- add any application-specific algorithms here +} + +ExtendedCertificateOrCertificate ::= CHOICE { +  certificate          Certificate,                      -- X.509 +  extendedCertificate  [0] IMPLICIT ExtendedCertificate  -- PKCS#6 +} + +ExtendedCertificate ::= Certificate -- cheating + +ExtendedCertificatesAndCertificates ::= +  SET OF ExtendedCertificateOrCertificate + +IssuerAndSerialNumber ::= SEQUENCE { +  issuer        Name, +  serialNumber  CertificateSerialNumber +} + +KeyEncryptionAlgorithmIdentifier ::= +  AlgorithmIdentifier {{KeyEncryptionAlgorithms}} + +KeyEncryptionAlgorithms ALGORITHM ::= { +  ...  -- add any application-specific algorithms here +} + +-- +-- 7. General syntax +-- + +ContentInfo ::= SEQUENCE { +  contentType  ContentType, +  content      [0] EXPLICIT CONTENTS.&Type({Contents}{@contentType}) +OPTIONAL +} + +CONTENTS ::= TYPE-IDENTIFIER + +Contents CONTENTS ::= { +  {Data                    IDENTIFIED BY data}                   | +  {SignedData              IDENTIFIED BY signedData}             | +  {EnvelopedData           IDENTIFIED BY envelopedData}          | +  {SignedAndEnvelopedData  IDENTIFIED BY signedAndEnvelopedData} | +  {DigestedData            IDENTIFIED BY digestedData}           | +  {EncryptedData           IDENTIFIED BY encryptedData}, +  ...  -- add any application-specific types/contents here +} + +ContentType ::= CONTENTS.&id({Contents}) + +-- +-- 8. Data content type +-- + +Data ::= OCTET STRING + +-- +-- 9. Signed-data content type +-- + +SignedData ::= SEQUENCE { +  version         INTEGER {sdVer1(1), sdVer2(2)} (sdVer1 | sdVer2), +  digestAlgorithms +                  DigestAlgorithmIdentifiers, +  contentInfo     ContentInfo, +  certificates CHOICE { +    certSet       [0] IMPLICIT ExtendedCertificatesAndCertificates, +    certSequence  [2] IMPLICIT Certificates +  } OPTIONAL, +  crls CHOICE { +    crlSet        [1] IMPLICIT CertificateRevocationLists, +    crlSequence   [3] IMPLICIT CRLSequence +  } OPTIONAL, +  signerInfos     SignerInfos +} (WITH COMPONENTS { ..., version (sdVer1), +     digestAlgorithms   (WITH COMPONENTS { ..., daSet PRESENT }), +     certificates       (WITH COMPONENTS { ..., certSequence ABSENT }), +     crls               (WITH COMPONENTS { ..., crlSequence ABSENT }), +     signerInfos        (WITH COMPONENTS { ..., siSet PRESENT }) +   } | +   WITH COMPONENTS { ..., version (sdVer2), +      digestAlgorithms  (WITH COMPONENTS { ..., daSequence PRESENT }), +      certificates      (WITH COMPONENTS { ..., certSet ABSENT }), +      crls              (WITH COMPONENTS { ..., crlSet ABSENT }), +      signerInfos       (WITH COMPONENTS { ..., siSequence PRESENT }) +}) + +SignerInfos ::= CHOICE { +    siSet         SET OF SignerInfo, +    siSequence    SEQUENCE OF SignerInfo +} + +DigestAlgorithmIdentifiers ::= CHOICE { +  daSet           SET OF DigestAlgorithmIdentifier, +  daSequence      SEQUENCE OF DigestAlgorithmIdentifier +} + +SignerInfo ::= SEQUENCE { +  version         INTEGER {siVer1(1), siVer2(2)} (siVer1 | siVer2), +  issuerAndSerialNumber +                  IssuerAndSerialNumber, +  digestAlgorithm DigestAlgorithmIdentifier, +  authenticatedAttributes CHOICE { +    aaSet         [0] IMPLICIT SET OF Attribute {{Authenticated}}, +    aaSequence    [2] EXPLICIT SEQUENCE OF Attribute {{Authenticated}} +    -- Explicit because easier to compute digest on sequence of attributes and then reuse +    -- encoded sequence in aaSequence. +  } OPTIONAL, +  digestEncryptionAlgorithm +                  DigestEncryptionAlgorithmIdentifier, +  encryptedDigest EncryptedDigest, +  unauthenticatedAttributes CHOICE { +    uaSet         [1] IMPLICIT SET OF Attribute {{Unauthenticated}}, +    uaSequence    [3] IMPLICIT SEQUENCE OF Attribute {{Unauthenticated}} +  } OPTIONAL +} (WITH COMPONENTS { ..., version (siVer1), +  authenticatedAttributes       (WITH COMPONENTS { ..., aaSequence ABSENT }), +  unauthenticatedAttributes     (WITH COMPONENTS { ..., uaSequence ABSENT }) +} | WITH COMPONENTS { ..., version (siVer2), +  authenticatedAttributes       (WITH COMPONENTS { ..., aaSet ABSENT }), +  unauthenticatedAttributes     (WITH COMPONENTS { ..., uaSet ABSENT }) +}) + +Authenticated ATTRIBUTE ::= { +  contentType | +  messageDigest, +  ...,  -- add application-specific attributes here +  signingTime +} + +Unauthenticated ATTRIBUTE ::= { +  ...,  -- add application-specific attributes here +  counterSignature +} + +EncryptedDigest ::= OCTET STRING + +DigestInfo ::= SEQUENCE { +  digestAlgorithm DigestAlgorithmIdentifier, +  digest          Digest +} + +Digest ::= OCTET STRING + +-- +-- 10. Enveloped-data content type +-- + +EnvelopedData ::= SEQUENCE { +  version         INTEGER {edVer0(0), edVer1(1)} (edVer0 | edVer1), +  recipientInfos  RecipientInfos, +  encryptedContentInfo +                  EncryptedContentInfo +} (WITH COMPONENTS { ..., version (edVer0), +    recipientInfos      (WITH COMPONENTS { ..., riSet PRESENT }) +} | WITH COMPONENTS { ..., version (edVer1), +    recipientInfos      (WITH COMPONENTS { ..., riSequence PRESENT }) +}) + +RecipientInfos ::= CHOICE { +  riSet           SET OF RecipientInfo, +  riSequence      SEQUENCE OF RecipientInfo +} + +EncryptedContentInfo ::= SEQUENCE { +  contentType     ContentType, +  contentEncryptionAlgorithm +                  ContentEncryptionAlgorithmIdentifier, +  encryptedContent +                  [0] IMPLICIT EncryptedContent OPTIONAL +} + +EncryptedContent ::= OCTET STRING + +RecipientInfo ::= SEQUENCE { +  version         INTEGER {riVer0(0)} (riVer0), +  issuerAndSerialNumber +                  IssuerAndSerialNumber, +  keyEncryptionAlgorithm +                  KeyEncryptionAlgorithmIdentifier, +  encryptedKey    EncryptedKey +} + +EncryptedKey ::= OCTET STRING + +-- +-- 11. Signed-and-enveloped-data content type +-- + +SignedAndEnvelopedData ::= SEQUENCE { +  version         INTEGER {seVer1(1), seVer2(2)} (seVer1 | seVer2), +  recipientInfos  RecipientInfos, +  digestAlgorithms +                  DigestAlgorithmIdentifiers, +  encryptedContentInfo +                  EncryptedContentInfo, +  certificates CHOICE { +    certSet       [0] IMPLICIT ExtendedCertificatesAndCertificates, +    certSequence  [2] IMPLICIT Certificates +  } OPTIONAL, +  crls CHOICE { +    crlSet        [1] IMPLICIT CertificateRevocationLists, +    crlSequence   [3] IMPLICIT CRLSequence +  } OPTIONAL, +  signerInfos     SignerInfos +} (WITH COMPONENTS { ..., version (seVer1), +    recipientInfos   (WITH COMPONENTS { ..., riSet PRESENT }), +    digestAlgorithms (WITH COMPONENTS { ..., daSet PRESENT }), +    certificates     (WITH COMPONENTS { ..., certSequence ABSENT }), +    crls             (WITH COMPONENTS { ..., crlSequence ABSENT }), +    signerInfos      (WITH COMPONENTS { ..., siSet PRESENT }) +} | +  WITH COMPONENTS { ..., version (seVer2), +    recipientInfos   (WITH COMPONENTS { ..., riSequence PRESENT }), +    digestAlgorithms (WITH COMPONENTS { ..., daSequence PRESENT }), +    certificates     (WITH COMPONENTS { ..., certSet ABSENT }), +    crls             (WITH COMPONENTS { ..., crlSet ABSENT }), +    signerInfos      (WITH COMPONENTS { ..., siSequence PRESENT }) +}) + +-- +-- 12. Digested-data content type +-- + +DigestedData ::= SEQUENCE { +  version         INTEGER {ddVer0(0)} (ddVer0), +  digestAlgorithm DigestAlgorithmIdentifier, +  contentInfo     ContentInfo, +  digest          Digest +} + +-- +-- 13. Encrypted-data content type +-- + +EncryptedData ::= SEQUENCE { +  version		INTEGER {edVer0(0)} (edVer0), +  encryptedContentInfo  EncryptedContentInfo +} + +-- +-- 14. Object Identifiers +-- + +pkcs-7                  OBJECT IDENTIFIER ::= +  { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 7 } +data                    OBJECT IDENTIFIER ::= { pkcs-7 1 } +signedData              OBJECT IDENTIFIER ::= { pkcs-7 2 } +envelopedData           OBJECT IDENTIFIER ::= { pkcs-7 3 } +signedAndEnvelopedData  OBJECT IDENTIFIER ::= { pkcs-7 4 } +digestedData            OBJECT IDENTIFIER ::= { pkcs-7 5 } +encryptedData           OBJECT IDENTIFIER ::= { pkcs-7 6 } + +END
\ No newline at end of file diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-8.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-8.asn1 new file mode 100644 index 0000000000..266f90170a --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-8.asn1 @@ -0,0 +1,61 @@ +PKCS-8 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-8(8) +        modules(1) pkcs-8(1)} + +-- $Revision: 1.5 $ + +-- This module has been checked for conformance with the ASN.1 +-- standard by the OSS ASN.1 Tools + +DEFINITIONS IMPLICIT TAGS ::= + +BEGIN + +-- EXPORTS All -- +-- All types and values defined in this module is exported for use in other +-- ASN.1 modules. + +IMPORTS + +informationFramework +        FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1) +                                usefulDefinitions(0) 3} + +Attribute +        FROM InformationFramework informationFramework + +AlgorithmIdentifier, ALGORITHM-IDENTIFIER +        FROM PKCS-5 {iso(1) member-body(2) us(840) rsadsi(113549) +        pkcs(1) pkcs-5(5) modules(16) pkcs-5(1)}; + +-- Private-key information syntax + +PrivateKeyInfo ::= SEQUENCE { +  version Version, +  privateKeyAlgorithm AlgorithmIdentifier {{PrivateKeyAlgorithms}}, +  privateKey PrivateKey, +  attributes [0] Attributes OPTIONAL } + +Version ::= INTEGER {v1(0)} (v1,...) + +PrivateKey ::= OCTET STRING + +Attributes ::= SET OF Attribute + +-- Encrypted private-key information syntax + +EncryptedPrivateKeyInfo ::= SEQUENCE { +    encryptionAlgorithm AlgorithmIdentifier {{KeyEncryptionAlgorithms}}, +    encryptedData EncryptedData +} + +EncryptedData ::= OCTET STRING + +PrivateKeyAlgorithms ALGORITHM-IDENTIFIER ::= { +    ... -- For local profiles +} + +KeyEncryptionAlgorithms ALGORITHM-IDENTIFIER ::= { +    ... -- For local profiles +} + +END diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-9.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-9.asn1 new file mode 100644 index 0000000000..cd561f4d7e --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS-9.asn1 @@ -0,0 +1,391 @@ +PKCS-9 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) +pkcs-9(9) modules(0) pkcs-9(1)} + +-- $Revision$ + +DEFINITIONS IMPLICIT TAGS ::= + +BEGIN + +-- EXPORTS All -- +-- All types and values defined in this module is exported for use in +-- other ASN.1 modules. + +IMPORTS + +informationFramework, authenticationFramework, selectedAttributeTypes, +        upperBounds , id-at +        FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) +        usefulDefinitions(0) 3} + +ub-name +        FROM UpperBounds upperBounds + +OBJECT-CLASS, ATTRIBUTE, MATCHING-RULE, Attribute, top, objectIdentifierMatch +        FROM InformationFramework informationFramework + +ALGORITHM, Extensions, Time +        FROM AuthenticationFramework authenticationFramework + +DirectoryString, octetStringMatch, caseIgnoreMatch, caseExactMatch, +        generalizedTimeMatch, integerMatch, serialNumber +        FROM SelectedAttributeTypes selectedAttributeTypes + +ContentInfo, SignerInfo +        FROM CryptographicMessageSyntax-2009 {iso(1) member-body(2) us(840) +        rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1)} + +EncryptedPrivateKeyInfo +        FROM PKCS-8 {iso(1) member-body(2) us(840) rsadsi(113549) +        pkcs(1) pkcs-8(8) modules(1) pkcs-8(1)} + +PFX +        FROM PKCS-12 {iso(1) member-body(2) us(840) rsadsi(113549) +        pkcs(1) pkcs-12(12) modules(0) pkcs-12(1)} + +-- PKCS15Token +--        FROM PKCS-15 {iso(1) member-body(2) us(840) rsadsi(113549) +--        pkcs(1) pkcs-15(15) modules(1) pkcs-15(1)} +; + +-- Upper bounds +pkcs-9-ub-pkcs9String          		INTEGER ::= 255 +pkcs-9-ub-emailAddress         		INTEGER ::= pkcs-9-ub-pkcs9String +pkcs-9-ub-unstructuredName      	INTEGER ::= pkcs-9-ub-pkcs9String +pkcs-9-ub-unstructuredAddress   	INTEGER ::= pkcs-9-ub-pkcs9String +pkcs-9-ub-challengePassword     	INTEGER ::= pkcs-9-ub-pkcs9String +pkcs-9-ub-friendlyName         		INTEGER ::= pkcs-9-ub-pkcs9String +pkcs-9-ub-signingDescription    	INTEGER ::= pkcs-9-ub-pkcs9String +pkcs-9-ub-match                		INTEGER ::= pkcs-9-ub-pkcs9String +pkcs-9-ub-pseudonym            		INTEGER ::= ub-name +pkcs-9-ub-placeOfBirth         		INTEGER ::= ub-name + +-- Object Identifiers + +pkcs-9 OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) +                              rsadsi(113549) pkcs(1) 9} + +  -- Main arcs +pkcs-9-mo	OBJECT IDENTIFIER ::= {pkcs-9 0}  -- Modules branch +pkcs-9-oc    	OBJECT IDENTIFIER ::= {pkcs-9 24} -- Object class branch +pkcs-9-at       OBJECT IDENTIFIER ::= {pkcs-9 25} -- Attribute branch, for new  attributes +pkcs-9-sx	OBJECT IDENTIFIER ::= {pkcs-9 26} -- For syntaxes (RFC 2252) +pkcs-9-mr       OBJECT IDENTIFIER ::= {pkcs-9 27} -- Matching rules + +  -- Object classes +pkcs-9-oc-pkcsEntity   			OBJECT IDENTIFIER ::= {pkcs-9-oc 1} +pkcs-9-oc-naturalPerson                 OBJECT IDENTIFIER ::= {pkcs-9-oc 2} + +  -- Attributes +pkcs-9-at-emailAddress                  OBJECT IDENTIFIER ::= {pkcs-9 1} +pkcs-9-at-unstructuredName              OBJECT IDENTIFIER ::= {pkcs-9 2} +pkcs-9-at-contentType                   OBJECT IDENTIFIER ::= {pkcs-9 3} +pkcs-9-at-messageDigest                 OBJECT IDENTIFIER ::= {pkcs-9 4} +pkcs-9-at-signingTime                   OBJECT IDENTIFIER ::= {pkcs-9 5} +pkcs-9-at-counterSignature              OBJECT IDENTIFIER ::= {pkcs-9 6} +pkcs-9-at-challengePassword             OBJECT IDENTIFIER ::= {pkcs-9 7} +pkcs-9-at-unstructuredAddress           OBJECT IDENTIFIER ::= {pkcs-9 8} +pkcs-9-at-extendedCertificateAttributes OBJECT IDENTIFIER ::= {pkcs-9 9} + +-- Obsolete (?) attribute identifiers, purportedly from "tentative +-- PKCS #9 draft" +-- pkcs-9-at-issuerAndSerialNumber      OBJECT IDENTIFIER ::= {pkcs-9 10} +-- pkcs-9-at-passwordCheck              OBJECT IDENTIFIER ::= {pkcs-9 11} +-- pkcs-9-at-publicKey                  OBJECT IDENTIFIER ::= {pkcs-9 12} + +pkcs-9-at-signingDescription            OBJECT IDENTIFIER ::= {pkcs-9 13} +pkcs-9-at-extensionRequest              OBJECT IDENTIFIER ::= {pkcs-9 14} +pkcs-9-at-smimeCapabilities             OBJECT IDENTIFIER ::= {pkcs-9 15} + +-- Unused (?) +-- pkcs-9-at-?                          OBJECT IDENTIFIER ::= {pkcs-9 17} +-- pkcs-9-at-?                          OBJECT IDENTIFIER ::= {pkcs-9 18} +-- pkcs-9-at-?                          OBJECT IDENTIFIER ::= {pkcs-9 19} + +pkcs-9-at-friendlyName                  OBJECT IDENTIFIER ::= {pkcs-9 20} +pkcs-9-at-localKeyId                    OBJECT IDENTIFIER ::= {pkcs-9 21} +pkcs-9-at-userPKCS12                    OBJECT IDENTIFIER ::= {2 16 840 1 113730 3 1 216} +pkcs-9-at-pkcs15Token                   OBJECT IDENTIFIER ::= {pkcs-9-at 1} +pkcs-9-at-encryptedPrivateKeyInfo       OBJECT IDENTIFIER ::= {pkcs-9-at 2} +pkcs-9-at-randomNonce                   OBJECT IDENTIFIER ::= {pkcs-9-at 3} +pkcs-9-at-sequenceNumber                OBJECT IDENTIFIER ::= {pkcs-9-at 4} +pkcs-9-at-pkcs7PDU                      OBJECT IDENTIFIER ::= {pkcs-9-at 5} + +  -- IETF PKIX Attribute branch +ietf-at         			OBJECT IDENTIFIER ::= {1 3 6 1 5 5 7 9} + +pkcs-9-at-dateOfBirth                   OBJECT IDENTIFIER ::= {ietf-at 1} +pkcs-9-at-placeOfBirth                  OBJECT IDENTIFIER ::= {ietf-at 2} +pkcs-9-at-gender                        OBJECT IDENTIFIER ::= {ietf-at 3} +pkcs-9-at-countryOfCitizenship          OBJECT IDENTIFIER ::= {ietf-at 4} +pkcs-9-at-countryOfResidence            OBJECT IDENTIFIER ::= {ietf-at 5} + +  -- Syntaxes (for use with LDAP accessible directories) +pkcs-9-sx-pkcs9String                   OBJECT IDENTIFIER ::= {pkcs-9-sx 1} +pkcs-9-sx-signingTime                   OBJECT IDENTIFIER ::= {pkcs-9-sx 2} + +  -- Matching rules +pkcs-9-mr-caseIgnoreMatch               OBJECT IDENTIFIER ::= {pkcs-9-mr 1} +pkcs-9-mr-signingTimeMatch              OBJECT IDENTIFIER ::= {pkcs-9-mr 2} + +  -- Arcs with attributes defined elsewhere +smime             			OBJECT IDENTIFIER ::= {pkcs-9 16} +  -- Main arc for S/MIME (RFC 2633) +certTypes         			OBJECT IDENTIFIER ::= {pkcs-9 22} +  -- Main arc for certificate types defined in PKCS #12 +crlTypes          			OBJECT IDENTIFIER ::= {pkcs-9 23} +  -- Main arc for crl types defined in PKCS #12 + +  -- Other object identifiers +id-at-pseudonym				OBJECT IDENTIFIER ::= {id-at 65} + +-- Useful types + +PKCS9String {INTEGER : maxSize} ::= CHOICE { +        ia5String IA5String (SIZE(1..maxSize)), +        directoryString DirectoryString {maxSize} +} + +-- Object classes + +pkcsEntity OBJECT-CLASS ::= { +        SUBCLASS OF	{ top } +        KIND           	auxiliary +        MAY CONTAIN	{ PKCSEntityAttributeSet } +        ID              pkcs-9-oc-pkcsEntity +} + +naturalPerson OBJECT-CLASS ::= { +        SUBCLASS OF 	{ top } +        KIND 		auxiliary +        MAY CONTAIN 	{ NaturalPersonAttributeSet } +        ID 		pkcs-9-oc-naturalPerson +} + +-- Attribute sets + +PKCSEntityAttributeSet ATTRIBUTE ::= { +        pKCS7PDU       | +        userPKCS12     | +--        pKCS15Token    | +        encryptedPrivateKeyInfo, +        ... -- For future extensions +} + +NaturalPersonAttributeSet ATTRIBUTE ::= { +        emailAddress	     | +        unstructuredName     | +        unstructuredAddress  | +        dateOfBirth	     | +        placeOfBirth	     | +        gender		     | +        countryOfCitizenship | +        countryOfResidence   | +        pseudonym	     | +        serialNumber, +        ... -- For future extensions +} + +-- Attributes + +pKCS7PDU ATTRIBUTE ::= { +        WITH SYNTAX ContentInfo +        ID pkcs-9-at-pkcs7PDU +} + +userPKCS12 ATTRIBUTE ::= { +        WITH SYNTAX PFX +        ID pkcs-9-at-userPKCS12 +} + +-- pKCS15Token ATTRIBUTE ::= { +--        WITH SYNTAX PKCS15Token +--        ID pkcs-9-at-pkcs15Token +-- } + +encryptedPrivateKeyInfo ATTRIBUTE ::= { +        WITH SYNTAX EncryptedPrivateKeyInfo +        ID pkcs-9-at-encryptedPrivateKeyInfo +} + +emailAddress ATTRIBUTE ::= { +        WITH SYNTAX IA5String (SIZE(1..pkcs-9-ub-emailAddress)) +        EQUALITY MATCHING RULE pkcs9CaseIgnoreMatch +        ID pkcs-9-at-emailAddress +} + +unstructuredName ATTRIBUTE ::= { +        WITH SYNTAX PKCS9String {pkcs-9-ub-unstructuredName} +        EQUALITY MATCHING RULE pkcs9CaseIgnoreMatch +        ID pkcs-9-at-unstructuredName +} + +unstructuredAddress ATTRIBUTE ::= { +        WITH SYNTAX DirectoryString {pkcs-9-ub-unstructuredAddress} +        EQUALITY MATCHING RULE caseIgnoreMatch +        ID pkcs-9-at-unstructuredAddress +} + +dateOfBirth ATTRIBUTE ::= { +        WITH SYNTAX GeneralizedTime +        EQUALITY MATCHING RULE generalizedTimeMatch +        SINGLE VALUE TRUE +        ID pkcs-9-at-dateOfBirth +} + +placeOfBirth ATTRIBUTE ::= { +        WITH SYNTAX DirectoryString {pkcs-9-ub-placeOfBirth} +        EQUALITY MATCHING RULE caseExactMatch +        SINGLE VALUE TRUE +        ID pkcs-9-at-placeOfBirth +} + +gender ATTRIBUTE ::= { +        WITH SYNTAX PrintableString (SIZE(1) ^ FROM ("M" | "F" | "m" | "f")) +        EQUALITY MATCHING RULE caseIgnoreMatch +        SINGLE VALUE TRUE +        ID pkcs-9-at-gender +} + +countryOfCitizenship ATTRIBUTE ::= { +        WITH SYNTAX PrintableString (SIZE(2))(CONSTRAINED BY { +        -- Must be a two-letter country acronym in accordance with +        -- ISO/IEC 3166 --}) +        EQUALITY MATCHING RULE caseIgnoreMatch +        ID pkcs-9-at-countryOfCitizenship +} + +countryOfResidence ATTRIBUTE ::= { +        WITH SYNTAX PrintableString (SIZE(2))(CONSTRAINED BY { +        -- Must be a two-letter country acronym in accordance with +        -- ISO/IEC 3166 --}) +        EQUALITY MATCHING RULE caseIgnoreMatch +        ID pkcs-9-at-countryOfResidence +} + +pseudonym ATTRIBUTE ::= { +        WITH SYNTAX DirectoryString {pkcs-9-ub-pseudonym} +        EQUALITY MATCHING RULE caseExactMatch +        ID id-at-pseudonym +} + +contentType ATTRIBUTE ::= { +        WITH SYNTAX ContentType +        EQUALITY MATCHING RULE objectIdentifierMatch +        SINGLE VALUE TRUE +        ID pkcs-9-at-contentType +} + +ContentType ::= OBJECT IDENTIFIER + +messageDigest ATTRIBUTE ::= { +        WITH SYNTAX MessageDigest +        EQUALITY MATCHING RULE octetStringMatch +        SINGLE VALUE TRUE +        ID pkcs-9-at-messageDigest +} + +MessageDigest ::= OCTET STRING + +signingTime ATTRIBUTE ::= { +        WITH SYNTAX SigningTime +        EQUALITY MATCHING RULE signingTimeMatch +        SINGLE VALUE TRUE +        ID pkcs-9-at-signingTime +} + +SigningTime ::= Time -- imported from ISO/IEC 9594-8 + +randomNonce ATTRIBUTE ::= { +        WITH SYNTAX RandomNonce +        EQUALITY MATCHING RULE octetStringMatch +        SINGLE VALUE TRUE +        ID pkcs-9-at-randomNonce +} + +RandomNonce ::= OCTET STRING (SIZE(4..MAX)) -- At least four bytes long + +sequenceNumber ATTRIBUTE ::= { +        WITH SYNTAX SequenceNumber +        EQUALITY MATCHING RULE integerMatch +        SINGLE VALUE TRUE +        ID pkcs-9-at-sequenceNumber +} + +SequenceNumber ::= INTEGER (1..MAX) + +counterSignature ATTRIBUTE ::= { +        WITH SYNTAX SignerInfo +        ID pkcs-9-at-counterSignature +} + +challengePassword ATTRIBUTE ::= { +        WITH SYNTAX DirectoryString {pkcs-9-ub-challengePassword} +        EQUALITY MATCHING RULE caseExactMatch +        SINGLE VALUE TRUE +        ID pkcs-9-at-challengePassword +} + +extensionRequest ATTRIBUTE ::= { +        WITH SYNTAX ExtensionRequest +        SINGLE VALUE TRUE +        ID pkcs-9-at-extensionRequest +} + +ExtensionRequest ::= Extensions + +extendedCertificateAttributes ATTRIBUTE ::= { +        WITH SYNTAX SET OF Attribute +        SINGLE VALUE TRUE +        ID pkcs-9-at-extendedCertificateAttributes +} + +friendlyName ATTRIBUTE ::= { +        WITH SYNTAX BMPString (SIZE(1..pkcs-9-ub-friendlyName)) +        EQUALITY MATCHING RULE caseIgnoreMatch +        SINGLE VALUE TRUE +        ID pkcs-9-at-friendlyName +} + +localKeyId ATTRIBUTE ::= { +        WITH SYNTAX OCTET STRING +        EQUALITY MATCHING RULE octetStringMatch +        SINGLE VALUE TRUE +        ID pkcs-9-at-localKeyId +} + +signingDescription ATTRIBUTE ::= { +        WITH SYNTAX DirectoryString {pkcs-9-ub-signingDescription} +        EQUALITY MATCHING RULE caseIgnoreMatch +        SINGLE VALUE TRUE +        ID pkcs-9-at-signingDescription +} + +smimeCapabilities ATTRIBUTE ::= { +        WITH SYNTAX SMIMECapabilities +        SINGLE VALUE TRUE +        ID pkcs-9-at-smimeCapabilities +} + +SMIMECapabilities ::= SEQUENCE OF SMIMECapability + +SMIMECapability ::= SEQUENCE { +        algorithm  ALGORITHM.&id ({SMIMEv3Algorithms}), +        parameters ALGORITHM.&Type ({SMIMEv3Algorithms}{@algorithm}) +} + +SMIMEv3Algorithms ALGORITHM ::= {...-- See RFC 2633 --} + + -- Matching rules + +pkcs9CaseIgnoreMatch MATCHING-RULE ::= { +        SYNTAX PKCS9String {pkcs-9-ub-match} +        ID pkcs-9-mr-caseIgnoreMatch +} + +signingTimeMatch MATCHING-RULE ::= { +        SYNTAX SigningTime +        ID pkcs-9-mr-signingTimeMatch +} + +END
\ No newline at end of file diff --git a/lib/asn1/test/asn1_SUITE_data/x420/PKCS7BodyPartType.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS7BodyPartType.asn1 index 525ee3c5ec..1bcc2281a1 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/PKCS7BodyPartType.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKCS7BodyPartType.asn1 @@ -6,7 +6,7 @@ BEGIN  IMPORTS    -- PKCS#7    ContentInfo -    FROM PKCS7 {iso(1) member-body(2) usa(840) rsadsi(113549) pkcs(1)  +    FROM PKCS-7 {iso(1) member-body(2) usa(840) rsadsi(113549) pkcs(1)        7 module(0)}    -- module not formally defined in the PKCS#7document, therefore defined in Annex O    -- IPMS Information Objects diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX-CommonTypes-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX-CommonTypes-2009.asn1 new file mode 100644 index 0000000000..fde5bddbf3 --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX-CommonTypes-2009.asn1 @@ -0,0 +1,166 @@ +  PKIX-CommonTypes-2009 +      {iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57)} + +  DEFINITIONS EXPLICIT TAGS ::= +  BEGIN + +  --  ATTRIBUTE +  -- +  --  Describe the set of data associated with an attribute of some type +  -- +  --  &id is an OID identifying the attribute +  --  &Type is the ASN.1 type structure for the attribute; not all +  --      attributes have a data structure, so this field is optional +  --  &minCount contains the minimum number of times the attribute can +  --      occur in an AttributeSet +  --  &maxCount contains the maximum number of times the attribute can +  --      appear in an AttributeSet +  --      Note: this cannot be automatically enforced as the field +  --      cannot be defaulted to MAX. +  --  &equality-match contains information about how matching should be +  --      done +  -- +  --  Currently we are using two different prefixes for attributes. +  -- +  --  at- for certificate attributes +  --  aa- for CMS attributes +  -- + +  ATTRIBUTE ::= CLASS { +      &id             OBJECT IDENTIFIER UNIQUE, +      &Type           OPTIONAL, +      &equality-match MATCHING-RULE OPTIONAL, +      &minCount       INTEGER DEFAULT 1, +      &maxCount       INTEGER OPTIONAL +  } WITH SYNTAX { +      [TYPE &Type] +      [EQUALITY MATCHING RULE &equality-match] +      [COUNTS [MIN &minCount] [MAX &maxCount]] +      IDENTIFIED BY &id +  } + +  -- Specification of MATCHING-RULE information object class +  -- + +  MATCHING-RULE ::= CLASS { +    &ParentMatchingRules   MATCHING-RULE OPTIONAL, +    &AssertionType         OPTIONAL, +    &uniqueMatchIndicator  ATTRIBUTE OPTIONAL, +    &id                    OBJECT IDENTIFIER UNIQUE +  } +  WITH SYNTAX { +    [PARENT &ParentMatchingRules] +    [SYNTAX &AssertionType] +    [UNIQUE-MATCH-INDICATOR &uniqueMatchIndicator] +    ID &id +  } + +  --  AttributeSet +  -- +  --  Used when a set of attributes is to occur. +  -- +  --  type contains the identifier of the attribute +  --  values contains a set of values where the structure of the ASN.1 +  --      is defined by the attribute +  -- +  --  The parameter contains the set of objects describing +  --      those attributes that can occur in this location. +  -- + +  AttributeSet{ATTRIBUTE:AttrSet} ::= SEQUENCE { +      type      ATTRIBUTE.&id({AttrSet}), +      values    SET SIZE (1..MAX) OF ATTRIBUTE. +                    &Type({AttrSet}{@type}) +  } + +  --  SingleAttribute +  -- +  --  Used for a single valued attribute +  -- +  --  The parameter contains the set of objects describing the +  --      attributes that can occur in this location +  -- + +  SingleAttribute{ATTRIBUTE:AttrSet} ::= SEQUENCE { +      type      ATTRIBUTE.&id({AttrSet}), +      value     ATTRIBUTE.&Type({AttrSet}{@type}) +  } + +  --  EXTENSION +  -- +  --  This class definition is used to describe the association of +  --      object identifier and ASN.1 type structure for extensions +  -- +  --  All extensions are prefixed with ext- +  -- +  --  &id contains the object identifier for the extension +  --  &ExtnType specifies the ASN.1 type structure for the extension +  --  &Critical contains the set of legal values for the critical field. +  --      This is normally {TRUE|FALSE} but in some instances may be +  --      restricted to just one of these values. +  -- + +  EXTENSION ::= CLASS { +      &id  OBJECT IDENTIFIER UNIQUE, +      &ExtnType, +      &Critical    BOOLEAN DEFAULT {TRUE | FALSE } +  } WITH SYNTAX { +      SYNTAX &ExtnType IDENTIFIED BY &id +      [CRITICALITY &Critical] +  } + +  --  Extensions +  -- +  --  Used for a sequence of extensions. +  -- +  --  The parameter contains the set of legal extensions that can +  --  occur in this sequence. +  -- + +  Extensions{EXTENSION:ExtensionSet} ::= +      SEQUENCE SIZE (1..MAX) OF Extension{{ExtensionSet}} + +  --  Extension +  -- +  --  Used for a single extension +  -- +  --  The parameter contains the set of legal extensions that can +  --      occur in this extension. +  -- +  --  The restriction on the critical field has been commented out +  --  the authors are not completely sure it is correct. +  --  The restriction could be done using custom code rather than +  --  compiler-generated code, however. +  -- + +  Extension{EXTENSION:ExtensionSet} ::= SEQUENCE { +      extnID      EXTENSION.&id({ExtensionSet}), +      critical    BOOLEAN +  --                     (EXTENSION.&Critical({ExtensionSet}{@extnID})) +                       DEFAULT FALSE, +      extnValue   OCTET STRING (CONTAINING +                  EXTENSION.&ExtnType({ExtensionSet}{@extnID})) +                  --  contains the DER encoding of the ASN.1 value +                  --  corresponding to the extension type identified +                  --  by extnID +  } + +  --  Security Category +  -- +  --  Security categories are used both for specifying clearances and +  --  for labeling objects.  We move this here from RFC 3281 so that +  --  they will use a common single object class to express this +  --  information. +  -- + +  SECURITY-CATEGORY ::= TYPE-IDENTIFIER + +  SecurityCategory{SECURITY-CATEGORY:Supported} ::= SEQUENCE { +      type      [0]  IMPLICIT SECURITY-CATEGORY. +              &id({Supported}), +      value     [1]  EXPLICIT SECURITY-CATEGORY. +              &Type({Supported}{@type}) +  } + +  END diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX-X400Address-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX-X400Address-2009.asn1 new file mode 100644 index 0000000000..41cbaea67e --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX-X400Address-2009.asn1 @@ -0,0 +1,300 @@ +  -- +  --  This module is used to isolate all the X.400 naming information. +  --  There is no reason to expect this to occur in a PKIX certificate. +  -- + +  PKIX-X400Address-2009 +      {iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-x400address-02(60) } +  DEFINITIONS EXPLICIT TAGS ::= +  BEGIN + +  -- X.400 address syntax starts here + +  ORAddress ::= SEQUENCE { +     built-in-standard-attributes BuiltInStandardAttributes, +     built-in-domain-defined-attributes +                     BuiltInDomainDefinedAttributes OPTIONAL, + +     -- see also teletex-domain-defined-attributes +     extension-attributes ExtensionAttributes OPTIONAL } + +  -- Built-in Standard Attributes + +  BuiltInStandardAttributes ::= SEQUENCE { +     country-name                  CountryName OPTIONAL, +     administration-domain-name    AdministrationDomainName OPTIONAL, +     network-address           [0] IMPLICIT NetworkAddress OPTIONAL, +       -- see also extended-network-address +     terminal-identifier       [1] IMPLICIT TerminalIdentifier OPTIONAL, +     private-domain-name       [2] PrivateDomainName OPTIONAL, +     organization-name         [3] IMPLICIT OrganizationName OPTIONAL, +       -- see also teletex-organization-name +     numeric-user-identifier   [4] IMPLICIT NumericUserIdentifier +                                   OPTIONAL, +     personal-name             [5] IMPLICIT PersonalName OPTIONAL, +       -- see also teletex-personal-name +     organizational-unit-names [6] IMPLICIT OrganizationalUnitNames +                                   OPTIONAL } +       -- see also teletex-organizational-unit-names + +  CountryName ::= [APPLICATION 1] CHOICE { +     x121-dcc-code         NumericString +                             (SIZE (ub-country-name-numeric-length)), +     iso-3166-alpha2-code  PrintableString +                             (SIZE (ub-country-name-alpha-length)) } + +  AdministrationDomainName ::= [APPLICATION 2] CHOICE { +     numeric   NumericString   (SIZE (0..ub-domain-name-length)), +     printable PrintableString (SIZE (0..ub-domain-name-length)) } + +  NetworkAddress ::= X121Address  -- see also extended-network-address + +  X121Address ::= NumericString (SIZE (1..ub-x121-address-length)) + +  TerminalIdentifier ::= PrintableString (SIZE +  (1..ub-terminal-id-length)) + +  PrivateDomainName ::= CHOICE { +     numeric   NumericString   (SIZE (1..ub-domain-name-length)), +     printable PrintableString (SIZE (1..ub-domain-name-length)) } + +  OrganizationName ::= PrintableString +                              (SIZE (1..ub-organization-name-length)) +    -- see also teletex-organization-name + +  NumericUserIdentifier ::= NumericString +                              (SIZE (1..ub-numeric-user-id-length)) + +  PersonalName ::= SET { +     surname     [0] IMPLICIT PrintableString +                      (SIZE (1..ub-surname-length)), +     given-name  [1] IMPLICIT PrintableString +                      (SIZE (1..ub-given-name-length)) OPTIONAL, +     initials    [2] IMPLICIT PrintableString +                      (SIZE (1..ub-initials-length)) OPTIONAL, +     generation-qualifier [3] IMPLICIT PrintableString +                      (SIZE (1..ub-generation-qualifier-length)) +                      OPTIONAL } +    -- see also teletex-personal-name + +  OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units) +                               OF OrganizationalUnitName +    -- see also teletex-organizational-unit-names + +  OrganizationalUnitName ::= PrintableString (SIZE +                      (1..ub-organizational-unit-name-length)) + +  -- Built-in Domain-defined Attributes + +  BuiltInDomainDefinedAttributes ::= SEQUENCE SIZE +                      (1..ub-domain-defined-attributes) OF +                      BuiltInDomainDefinedAttribute + +  BuiltInDomainDefinedAttribute ::= SEQUENCE { +     type PrintableString (SIZE +                     (1..ub-domain-defined-attribute-type-length)), +     value PrintableString (SIZE +                     (1..ub-domain-defined-attribute-value-length)) } + +  -- Extension Attributes + +  ExtensionAttributes ::= SET SIZE (1..ub-extension-attributes) OF +                 ExtensionAttribute + +  EXTENSION-ATTRIBUTE ::= CLASS { +      &id             INTEGER (0..ub-extension-attributes) UNIQUE, +      &Type +  } WITH SYNTAX { &Type IDENTIFIED BY &id } + +  ExtensionAttribute ::=  SEQUENCE { +     extension-attribute-type [0] IMPLICIT EXTENSION-ATTRIBUTE. +          &id({SupportedExtensionAttributes}), +     extension-attribute-value [1] EXTENSION-ATTRIBUTE. +          &Type({SupportedExtensionAttributes} +              {@extension-attribute-type})} + +  SupportedExtensionAttributes EXTENSION-ATTRIBUTE ::= { +      ea-commonName | ea-teletexCommonName | ea-teletexOrganizationName +      | ea-teletexPersonalName | ea-teletexOrganizationalUnitNames | +      ea-pDSName | ea-physicalDeliveryCountryName | ea-postalCode | +      ea-physicalDeliveryOfficeName | ea-physicalDeliveryOfficeNumber | +      ea-extensionORAddressComponents | ea-physicalDeliveryPersonalName +      | ea-physicalDeliveryOrganizationName | +      ea-extensionPhysicalDeliveryAddressComponents | +      ea-unformattedPostalAddress | ea-streetAddress | +      ea-postOfficeBoxAddress | ea-posteRestanteAddress | +      ea-uniquePostalName | ea-localPostalAttributes | +      ea-extendedNetworkAddress | ea-terminalType | +      ea-teletexDomainDefinedAttributes, ... } + +  -- Extension types and attribute values + +  ea-commonName EXTENSION-ATTRIBUTE ::= { PrintableString +      (SIZE (1..ub-common-name-length)) IDENTIFIED BY 1 } + +  ea-teletexCommonName EXTENSION-ATTRIBUTE ::= {TeletexString +      (SIZE (1..ub-common-name-length)) IDENTIFIED BY 2 } + +  ea-teletexOrganizationName EXTENSION-ATTRIBUTE::= { TeletexString +      (SIZE (1..ub-organization-name-length)) IDENTIFIED BY 3 } + +  ea-teletexPersonalName EXTENSION-ATTRIBUTE ::= {SET { +     surname     [0] IMPLICIT TeletexString +                      (SIZE (1..ub-surname-length)), +     given-name  [1] IMPLICIT TeletexString +                      (SIZE (1..ub-given-name-length)) OPTIONAL, +     initials    [2] IMPLICIT TeletexString +                      (SIZE (1..ub-initials-length)) OPTIONAL, +     generation-qualifier [3] IMPLICIT TeletexString +                      (SIZE (1..ub-generation-qualifier-length)) +                      OPTIONAL } IDENTIFIED BY 4 } + +  ea-teletexOrganizationalUnitNames EXTENSION-ATTRIBUTE ::= +      { SEQUENCE SIZE (1..ub-organizational-units) OF +            TeletexOrganizationalUnitName IDENTIFIED BY 5 } + +  TeletexOrganizationalUnitName ::= TeletexString +      (SIZE (1..ub-organizational-unit-name-length)) + +  ea-pDSName EXTENSION-ATTRIBUTE ::= {PrintableString +      (SIZE (1..ub-pds-name-length)) IDENTIFIED BY 7 } + +  ea-physicalDeliveryCountryName EXTENSION-ATTRIBUTE ::= { CHOICE { +       x121-dcc-code NumericString (SIZE +          (ub-country-name-numeric-length)), +       iso-3166-alpha2-code PrintableString +          (SIZE (ub-country-name-alpha-length)) } +       IDENTIFIED BY 8 } + +  ea-postalCode EXTENSION-ATTRIBUTE ::= { CHOICE { +     numeric-code NumericString (SIZE (1..ub-postal-code-length)), +     printable-code PrintableString (SIZE (1..ub-postal-code-length)) } +     IDENTIFIED BY 9 } + +  ea-physicalDeliveryOfficeName EXTENSION-ATTRIBUTE ::= +      { PDSParameter IDENTIFIED BY 10 } + +  ea-physicalDeliveryOfficeNumber EXTENSION-ATTRIBUTE ::= +      {PDSParameter IDENTIFIED BY 11 } + +  ea-extensionORAddressComponents EXTENSION-ATTRIBUTE ::= +      {PDSParameter IDENTIFIED BY 12 } + +  ea-physicalDeliveryPersonalName EXTENSION-ATTRIBUTE ::= +      {PDSParameter IDENTIFIED BY 13} + +  ea-physicalDeliveryOrganizationName EXTENSION-ATTRIBUTE ::= +      {PDSParameter IDENTIFIED BY 14 } + +  ea-extensionPhysicalDeliveryAddressComponents EXTENSION-ATTRIBUTE ::= +      {PDSParameter IDENTIFIED BY 15 } + +  ea-unformattedPostalAddress EXTENSION-ATTRIBUTE ::= { SET { +     printable-address SEQUENCE SIZE (1..ub-pds-physical-address-lines) +           OF PrintableString (SIZE (1..ub-pds-parameter-length)) +           OPTIONAL, +     teletex-string TeletexString +           (SIZE (1..ub-unformatted-address-length)) OPTIONAL } +     IDENTIFIED BY 16 } + +  ea-streetAddress EXTENSION-ATTRIBUTE ::= +      {PDSParameter IDENTIFIED BY 17 } + +  ea-postOfficeBoxAddress EXTENSION-ATTRIBUTE ::= +      {PDSParameter IDENTIFIED BY 18 } + +  ea-posteRestanteAddress EXTENSION-ATTRIBUTE ::= +      {PDSParameter IDENTIFIED BY 19 } + +  ea-uniquePostalName EXTENSION-ATTRIBUTE ::= +      { PDSParameter IDENTIFIED BY 20 } + +  ea-localPostalAttributes EXTENSION-ATTRIBUTE ::= +      {PDSParameter IDENTIFIED BY 21 } +  PDSParameter ::= SET { +     printable-string PrintableString +                  (SIZE(1..ub-pds-parameter-length)) OPTIONAL, +     teletex-string TeletexString +                  (SIZE(1..ub-pds-parameter-length)) OPTIONAL } + +  ea-extendedNetworkAddress EXTENSION-ATTRIBUTE ::= { +     CHOICE { +         e163-4-address SEQUENCE { +             number      [0] IMPLICIT NumericString +                   (SIZE (1..ub-e163-4-number-length)), +             sub-address [1] IMPLICIT NumericString +                   (SIZE (1..ub-e163-4-sub-address-length)) OPTIONAL +         }, +         psap-address [0] IMPLICIT PresentationAddress +     } IDENTIFIED BY 22 +  } + +  PresentationAddress ::= SEQUENCE { +      pSelector     [0] EXPLICIT OCTET STRING OPTIONAL, +      sSelector     [1] EXPLICIT OCTET STRING OPTIONAL, +      tSelector     [2] EXPLICIT OCTET STRING OPTIONAL, +      nAddresses    [3] EXPLICIT SET SIZE (1..MAX) OF OCTET STRING } + +  ea-terminalType EXTENSION-ATTRIBUTE ::= {INTEGER { +     telex (3), +     teletex (4), +     g3-facsimile (5), +     g4-facsimile (6), +     ia5-terminal (7), +     videotex (8) } (0..ub-integer-options) +     IDENTIFIED BY 23 } + +  -- Extension Domain-defined Attributes + +  ea-teletexDomainDefinedAttributes EXTENSION-ATTRIBUTE ::= +      { SEQUENCE SIZE (1..ub-domain-defined-attributes) OF +           TeletexDomainDefinedAttribute IDENTIFIED BY 6 } + +  TeletexDomainDefinedAttribute ::= SEQUENCE { +      type TeletexString +          (SIZE (1..ub-domain-defined-attribute-type-length)), +      value TeletexString +          (SIZE (1..ub-domain-defined-attribute-value-length)) } + +  --  specifications of Upper Bounds MUST be regarded as mandatory +  --  from Annex B of ITU-T X.411 Reference Definition of MTS Parameter +  --  Upper Bounds +  -- Upper Bounds +  ub-match INTEGER ::= 128 +  ub-common-name-length INTEGER ::= 64 +  ub-country-name-alpha-length INTEGER ::= 2 +  ub-country-name-numeric-length INTEGER ::= 3 +  ub-domain-defined-attributes INTEGER ::= 4 +  ub-domain-defined-attribute-type-length INTEGER ::= 8 +  ub-domain-defined-attribute-value-length INTEGER ::= 128 +  ub-domain-name-length INTEGER ::= 16 +  ub-extension-attributes INTEGER ::= 256 +  ub-e163-4-number-length INTEGER ::= 15 +  ub-e163-4-sub-address-length INTEGER ::= 40 +  ub-generation-qualifier-length INTEGER ::= 3 +  ub-given-name-length INTEGER ::= 16 +  ub-initials-length INTEGER ::= 5 +  ub-integer-options INTEGER ::= 256 +  ub-numeric-user-id-length INTEGER ::= 32 +  ub-organization-name-length INTEGER ::= 64 +  ub-organizational-unit-name-length INTEGER ::= 32 +  ub-organizational-units INTEGER ::= 4 +  ub-pds-name-length INTEGER ::= 16 +  ub-pds-parameter-length INTEGER ::= 30 +  ub-pds-physical-address-lines INTEGER ::= 6 +  ub-postal-code-length INTEGER ::= 16 +  ub-surname-length INTEGER ::= 40 +  ub-terminal-id-length INTEGER ::= 24 +  ub-unformatted-address-length INTEGER ::= 180 +  ub-x121-address-length INTEGER ::= 16 + +  -- Note - upper bounds on string types, such as TeletexString, are +  -- measured in characters.  Excepting PrintableString or IA5String, a +  -- significantly greater number of octets will be required to hold +  -- such a value.  As a minimum, 16 octets or twice the specified +  -- upper bound, whichever is the larger, should be allowed for +  -- TeletexString.  For UTF8String or UniversalString, at least four +  -- times the upper bound should be allowed. + +  END diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX1-PSS-OAEP-Algorithms-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX1-PSS-OAEP-Algorithms-2009.asn1 new file mode 100644 index 0000000000..b1232fb8f2 --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX1-PSS-OAEP-Algorithms-2009.asn1 @@ -0,0 +1,308 @@ +   PKIX1-PSS-OAEP-Algorithms-2009 +       {iso(1) identified-organization(3) dod(6) internet(1) security(5) +       mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-rsa-pkalgs-02(54)} +   DEFINITIONS EXPLICIT TAGS ::= +   BEGIN +   IMPORTS + +   AlgorithmIdentifier{}, ALGORITHM, DIGEST-ALGORITHM, KEY-TRANSPORT, +       SIGNATURE-ALGORITHM, PUBLIC-KEY, SMIME-CAPS +   FROM AlgorithmInformation-2009 +       {iso(1) identified-organization(3) dod(6) internet(1) security(5) +       mechanisms(5) pkix(7) id-mod(0) +       id-mod-algorithmInformation-02(58)} + +   id-sha1, mda-sha1, pk-rsa, RSAPublicKey +   FROM PKIXAlgs-2009 +      {iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) +      id-mod-pkix1-algorithms2008-02(56)}; + +   -- ============================ +   --    Object Set exports +   -- ============================ +   -- +   --  Define top-level symbols with all of the objects defined for +   --  export to other modules.  These objects would be included as part +   --  of an Object Set to restrict the set of legal values. +   -- + +   PublicKeys PUBLIC-KEY ::= { pk-rsaSSA-PSS | pk-rsaES-OAEP, ... } +   SignatureAlgs SIGNATURE-ALGORITHM ::= { sa-rsaSSA-PSS, ...} +   KeyTransportAlgs KEY-TRANSPORT ::= { kta-rsaES-OAEP, ... } +   HashAlgs DIGEST-ALGORITHM ::= { mda-sha224 | mda-sha256 | mda-sha384 +                                      | mda-sha512, ... } +   SMimeCaps SMIME-CAPS ::= { +       sa-rsaSSA-PSS.&smimeCaps | +       kta-rsaES-OAEP.&smimeCaps, +       ... +   } + +   -- ============================= +   --    Algorithm Objects +   -- ============================= + +   -- +   -- Public key object for PSS signatures +   -- + +   pk-rsaSSA-PSS PUBLIC-KEY ::= { +       IDENTIFIER id-RSASSA-PSS +       KEY RSAPublicKey +       PARAMS TYPE RSASSA-PSS-params ARE optional +        -- Private key format not in this module -- +       CERT-KEY-USAGE { nonRepudiation, digitalSignature, +                            keyCertSign, cRLSign } +   } + +   -- +   --  Signature algorithm definition for PSS signatures +   -- + +   sa-rsaSSA-PSS SIGNATURE-ALGORITHM ::= { +       IDENTIFIER id-RSASSA-PSS +       PARAMS TYPE RSASSA-PSS-params ARE required +       HASHES { mda-sha1 | mda-sha224 | mda-sha256 | mda-sha384 +                    | mda-sha512 } +       PUBLIC-KEYS { pk-rsa | pk-rsaSSA-PSS } +       SMIME-CAPS { IDENTIFIED BY id-RSASSA-PSS } +   } + +   -- +   --  Signature algorithm definitions for PKCS v1.5 signatures +   -- + +   sa-sha224WithRSAEncryption SIGNATURE-ALGORITHM ::= { +       IDENTIFIER sha224WithRSAEncryption +       PARAMS TYPE NULL ARE required +       HASHES { mda-sha224 } +       PUBLIC-KEYS { pk-rsa } +       SMIME-CAPS { IDENTIFIED BY sha224WithRSAEncryption } +   } +   sha224WithRSAEncryption  OBJECT IDENTIFIER  ::=  { pkcs-1 14 } + +   sa-sha256WithRSAEncryption SIGNATURE-ALGORITHM ::= { +       IDENTIFIER sha256WithRSAEncryption +       PARAMS TYPE NULL ARE required +       HASHES { mda-sha256 } +       PUBLIC-KEYS { pk-rsa } +       SMIME-CAPS { IDENTIFIED BY sha256WithRSAEncryption } +   } +   sha256WithRSAEncryption  OBJECT IDENTIFIER  ::=  { pkcs-1 11 } + +   sa-sha384WithRSAEncryption SIGNATURE-ALGORITHM ::= { +       IDENTIFIER sha384WithRSAEncryption +       PARAMS TYPE NULL ARE required +       HASHES { mda-sha384 } +       PUBLIC-KEYS { pk-rsa } +       SMIME-CAPS { IDENTIFIED BY sha384WithRSAEncryption } +   } +   sha384WithRSAEncryption  OBJECT IDENTIFIER  ::=  { pkcs-1 12 } + +   sa-sha512WithRSAEncryption SIGNATURE-ALGORITHM ::= { +       IDENTIFIER sha512WithRSAEncryption +       PARAMS TYPE NULL ARE required +       HASHES { mda-sha512 } +       PUBLIC-KEYS { pk-rsa } +       SMIME-CAPS { IDENTIFIED BY sha512WithRSAEncryption } +   } +   sha512WithRSAEncryption  OBJECT IDENTIFIER  ::=  { pkcs-1 13 } + +   -- +   --  Public key definition for OAEP encryption +   -- + +   pk-rsaES-OAEP PUBLIC-KEY ::= { +       IDENTIFIER id-RSAES-OAEP +       KEY RSAPublicKey +       PARAMS TYPE RSAES-OAEP-params ARE optional +        -- Private key format not in this module -- +       CERT-KEY-USAGE {keyEncipherment, dataEncipherment} +   } + +   -- +   --  Key transport key lock definition for OAEP encryption +   -- + +   kta-rsaES-OAEP KEY-TRANSPORT ::= { +       IDENTIFIER id-RSAES-OAEP +       PARAMS TYPE RSAES-OAEP-params ARE required +       PUBLIC-KEYS { pk-rsa | pk-rsaES-OAEP } +       SMIME-CAPS { TYPE RSAES-OAEP-params IDENTIFIED BY id-RSAES-OAEP} +   } +   -- ============================ +   --   Basic object identifiers +   -- ============================ + +   pkcs-1  OBJECT IDENTIFIER  ::= +       { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } + +   -- When rsaEncryption is used in an AlgorithmIdentifier, the +   -- parameters MUST be present and MUST be NULL. +   -- rsaEncryption  OBJECT IDENTIFIER  ::=  { pkcs-1 1 } + +   -- When id-RSAES-OAEP is used in an AlgorithmIdentifier, +   -- and the parameters field is present, it MUST be +   -- RSAES-OAEP-params. + +   id-RSAES-OAEP  OBJECT IDENTIFIER  ::=  { pkcs-1 7 } + +   -- When id-mgf1 is used in an AlgorithmIdentifier, the parameters +   -- MUST be present and MUST be a HashAlgorithm. + +   id-mgf1  OBJECT IDENTIFIER  ::=  { pkcs-1 8 } + +   -- When id-pSpecified is used in an AlgorithmIdentifier, the +   -- parameters MUST be an OCTET STRING. + +   id-pSpecified  OBJECT IDENTIFIER  ::=  { pkcs-1 9 } + +   -- When id-RSASSA-PSS is used in an AlgorithmIdentifier, and the +   -- parameters field is present, it MUST be RSASSA-PSS-params. + +   id-RSASSA-PSS  OBJECT IDENTIFIER  ::=  { pkcs-1 10 } + +   -- When the following OIDs are used in an AlgorithmIdentifier, the +   -- parameters SHOULD be absent, but if the parameters are present, +   -- they MUST be NULL. + +   -- +   -- id-sha1 is imported from RFC 3279.  Additionally, the v1.5 +   -- signature algorithms (i.e., rsaWithSHA256) are now solely placed +   -- in that module. +   -- + +   id-sha224  OBJECT IDENTIFIER  ::= +       { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) +       csor(3) nistAlgorithms(4) hashalgs(2) 4 } + +   mda-sha224 DIGEST-ALGORITHM ::= { +       IDENTIFIER id-sha224 +       PARAMS TYPE NULL ARE preferredAbsent +   } + +   id-sha256  OBJECT IDENTIFIER  ::= +       { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) +       csor(3) nistAlgorithms(4) hashalgs(2) 1 } + +   mda-sha256 DIGEST-ALGORITHM ::= { +       IDENTIFIER id-sha256 +       PARAMS TYPE NULL ARE preferredAbsent +   } +   id-sha384  OBJECT IDENTIFIER  ::= +       { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) +       csor(3) nistAlgorithms(4) hashalgs(2) 2 } + +   mda-sha384 DIGEST-ALGORITHM ::= { +       IDENTIFIER id-sha384 +       PARAMS TYPE NULL ARE preferredAbsent +   } +   id-sha512  OBJECT IDENTIFIER  ::= +       { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) +       csor(3) nistAlgorithms(4) hashalgs(2) 3 } + +   mda-sha512 DIGEST-ALGORITHM ::= { +       IDENTIFIER id-sha512 +       PARAMS TYPE NULL ARE preferredAbsent +   } + +   -- ============= +   --   Constants +   -- ============= + +   EncodingParameters ::= OCTET STRING(SIZE(0..MAX)) + +   nullOctetString  EncodingParameters  ::=  ''H + +   nullParameters NULL  ::=  NULL + +   -- ========================= +   --   Algorithm Identifiers +   -- ========================= + +   HashAlgorithm  ::=  AlgorithmIdentifier{DIGEST-ALGORITHM, +                           {HashAlgorithms}} + +   HashAlgorithms DIGEST-ALGORITHM ::=  { +       { IDENTIFIER id-sha1 PARAMS TYPE NULL ARE preferredPresent } | +       { IDENTIFIER id-sha224 PARAMS TYPE NULL ARE preferredPresent } | +       { IDENTIFIER id-sha256 PARAMS TYPE NULL ARE preferredPresent } | +       { IDENTIFIER id-sha384 PARAMS TYPE NULL ARE preferredPresent } | +       { IDENTIFIER id-sha512 PARAMS TYPE NULL ARE preferredPresent } +   } + +   sha1Identifier HashAlgorithm ::= { +       algorithm id-sha1, +       parameters NULL : NULL +   } + +   -- +   --  We have a default algorithm - create the value here +   -- + +   MaskGenAlgorithm ::= AlgorithmIdentifier{ALGORITHM, +                           {PKCS1MGFAlgorithms}} + +   mgf1SHA1 MaskGenAlgorithm ::= { +       algorithm id-mgf1, +       parameters HashAlgorithm : sha1Identifier +   } + +   -- +   --  Define the set of mask generation functions +   -- +   --  If the identifier is id-mgf1, any of the listed hash +   --    algorithms may be used. +   -- + +   PKCS1MGFAlgorithms ALGORITHM ::= { +       { IDENTIFIER id-mgf1 PARAMS TYPE HashAlgorithm ARE required }, +       ... +   } + +   -- +   -- Define the set of known source algorithms for PSS +   -- + +   PSourceAlgorithm ::= AlgorithmIdentifier{ALGORITHM, +                                                {PSS-SourceAlgorithms}} + +   PSS-SourceAlgorithms ALGORITHM ::= { +       { IDENTIFIER id-pSpecified PARAMS TYPE EncodingParameters +             ARE required }, +       ... +   } +   pSpecifiedEmpty PSourceAlgorithm ::=  { +       algorithm id-pSpecified, +       parameters EncodingParameters : nullOctetString +   } + +   -- =================== +   --   Main structures +   -- =================== + +   -- AlgorithmIdentifier parameters for id-RSASSA-PSS. +   -- Note that the tags in this Sequence are explicit. +   -- Note: The hash algorithm in hashAlgorithm and in +   -- maskGenAlgorithm should be the same. + +   RSASSA-PSS-params  ::=  SEQUENCE  { +       hashAlgorithm     [0] HashAlgorithm DEFAULT sha1Identifier, +       maskGenAlgorithm  [1] MaskGenAlgorithm DEFAULT mgf1SHA1, +       saltLength        [2] INTEGER DEFAULT 20, +       trailerField      [3] INTEGER DEFAULT 1 +   } + +   -- AlgorithmIdentifier parameters for id-RSAES-OAEP. +   -- Note that the tags in this Sequence are explicit. +   -- Note: The hash algorithm in hashFunc and in +   -- maskGenFunc should be the same. + +   RSAES-OAEP-params  ::=  SEQUENCE  { +       hashFunc          [0] HashAlgorithm DEFAULT sha1Identifier, +       maskGenFunc       [1] MaskGenAlgorithm DEFAULT mgf1SHA1, +       pSourceFunc       [2] PSourceAlgorithm DEFAULT +                                 pSpecifiedEmpty +   } + +   END diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX1Explicit-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX1Explicit-2009.asn1 new file mode 100644 index 0000000000..613e0e9d2c --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX1Explicit-2009.asn1 @@ -0,0 +1,415 @@ +  PKIX1Explicit-2009 +      {iso(1) identified-organization(3) dod(6) internet(1) +      security(5) mechanisms(5) pkix(7) id-mod(0) +      id-mod-pkix1-explicit-02(51)} +  DEFINITIONS EXPLICIT TAGS ::= +  BEGIN + +  IMPORTS + +  Extensions{}, EXTENSION, ATTRIBUTE, SingleAttribute{} +  FROM PKIX-CommonTypes-2009 +      {iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57)} + +  AlgorithmIdentifier{}, PUBLIC-KEY, SIGNATURE-ALGORITHM +  FROM AlgorithmInformation-2009 +      {iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) +      id-mod-algorithmInformation-02(58)} + +  CertExtensions, CrlExtensions, CrlEntryExtensions +  FROM PKIX1Implicit-2009 +      {iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)} +  SignatureAlgs, PublicKeys +  FROM PKIXAlgs-2009 +      {iso(1) identified-organization(3) dod(6) +      internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) 56} + +  SignatureAlgs, PublicKeys +  FROM PKIX1-PSS-OAEP-Algorithms-2009 +      {iso(1) identified-organization(3) dod(6) +      internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) +      id-mod-pkix1-rsa-pkalgs-02(54)} + +  ORAddress +  FROM PKIX-X400Address-2009 +      {iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-x400address-02(60)}; + +  id-pkix  OBJECT IDENTIFIER  ::= +      {iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7)} + +  -- PKIX arcs + +  id-pe OBJECT IDENTIFIER  ::=  { id-pkix 1 } +      -- arc for private certificate extensions +  id-qt OBJECT IDENTIFIER ::= { id-pkix 2 } +      -- arc for policy qualifier types +  id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } +      -- arc for extended key purpose OIDs +  id-ad OBJECT IDENTIFIER ::= { id-pkix 48 } +      -- arc for access descriptors + +  -- policyQualifierIds for Internet policy qualifiers + +  id-qt-cps      OBJECT IDENTIFIER ::=  { id-qt 1 } +      -- OID for CPS qualifier +  id-qt-unotice  OBJECT IDENTIFIER ::=  { id-qt 2 } +      -- OID for user notice qualifier + +  -- access descriptor definitions + +  id-ad-ocsp         OBJECT IDENTIFIER ::= { id-ad 1 } +  id-ad-caIssuers    OBJECT IDENTIFIER ::= { id-ad 2 } +  id-ad-timeStamping OBJECT IDENTIFIER ::= { id-ad 3 } +  id-ad-caRepository OBJECT IDENTIFIER ::= { id-ad 5 } + +  -- attribute data types +  AttributeType           ::=  ATTRIBUTE.&id + +  --  Replaced by SingleAttribute{} +  -- +  -- AttributeTypeAndValue   ::=  SEQUENCE { +  --    type    ATTRIBUTE.&id({SupportedAttributes}), +  --    value   ATTRIBUTE.&Type({SupportedAttributes}{@type}) } +  -- + +  -- Suggested naming attributes: Definition of the following +  --   information object set may be augmented to meet local +  --   requirements.  Note that deleting members of the set may +  --   prevent interoperability with conforming implementations. +  -- All attributes are presented in pairs: the AttributeType +  --   followed by the type definition for the corresponding +  --   AttributeValue. + +  -- Arc for standard naming attributes + +  id-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 } + +  -- Naming attributes of type X520name + +  id-at-name              AttributeType ::= { id-at 41 } +  at-name ATTRIBUTE ::= { TYPE X520name IDENTIFIED BY id-at-name } + +  id-at-surname           AttributeType ::= { id-at 4 } +  at-surname ATTRIBUTE ::= { TYPE X520name IDENTIFIED BY id-at-surname } + +  id-at-givenName         AttributeType ::= { id-at 42 } +  at-givenName ATTRIBUTE ::= +      { TYPE X520name IDENTIFIED BY id-at-givenName } + +  id-at-initials          AttributeType ::= { id-at 43 } +  at-initials ATTRIBUTE ::= +      { TYPE X520name IDENTIFIED BY id-at-initials } + +  id-at-generationQualifier AttributeType ::= { id-at 44 } +  at-generationQualifier ATTRIBUTE ::= +      { TYPE X520name IDENTIFIED BY id-at-generationQualifier } + +  -- Directory string type -- + +  DirectoryString{INTEGER:maxSize} ::= CHOICE { +      teletexString    TeletexString(SIZE (1..maxSize)), +      printableString  PrintableString(SIZE (1..maxSize)), +      bmpString        BMPString(SIZE (1..maxSize)), +      universalString  UniversalString(SIZE (1..maxSize)), +      uTF8String       UTF8String(SIZE (1..maxSize)) +  } + +  X520name ::= DirectoryString {ub-name} + +  -- Naming attributes of type X520CommonName + +  id-at-commonName        AttributeType ::= { id-at 3 } + +  at-x520CommonName ATTRIBUTE ::= +      {TYPE X520CommonName IDENTIFIED BY id-at-commonName } + +  X520CommonName ::= DirectoryString {ub-common-name} + +  -- Naming attributes of type X520LocalityName + +  id-at-localityName      AttributeType ::= { id-at 7 } + +  at-x520LocalityName ATTRIBUTE ::= +      { TYPE X520LocalityName IDENTIFIED BY id-at-localityName } +  X520LocalityName ::= DirectoryString {ub-locality-name} + +  -- Naming attributes of type X520StateOrProvinceName + +  id-at-stateOrProvinceName AttributeType ::= { id-at 8 } + +  at-x520StateOrProvinceName ATTRIBUTE ::= +      { TYPE DirectoryString {ub-state-name} +          IDENTIFIED BY id-at-stateOrProvinceName } +  X520StateOrProvinceName ::= DirectoryString {ub-state-name} + +  -- Naming attributes of type X520OrganizationName + +  id-at-organizationName  AttributeType ::= { id-at 10 } + +  at-x520OrganizationName ATTRIBUTE ::= +      { TYPE DirectoryString {ub-organization-name} +          IDENTIFIED BY id-at-organizationName } +  X520OrganizationName ::= DirectoryString {ub-organization-name} + +  -- Naming attributes of type X520OrganizationalUnitName + +  id-at-organizationalUnitName AttributeType ::= { id-at 11 } + +  at-x520OrganizationalUnitName ATTRIBUTE ::= +      { TYPE DirectoryString  {ub-organizational-unit-name} +          IDENTIFIED BY id-at-organizationalUnitName } +  X520OrganizationalUnitName ::= DirectoryString +                                     {ub-organizational-unit-name} + +  -- Naming attributes of type X520Title + +  id-at-title             AttributeType ::= { id-at 12 } + +  at-x520Title ATTRIBUTE ::= { TYPE DirectoryString { ub-title } +      IDENTIFIED BY id-at-title } + +  -- Naming attributes of type X520dnQualifier + +  id-at-dnQualifier       AttributeType ::= { id-at 46 } + +  at-x520dnQualifier ATTRIBUTE ::= { TYPE PrintableString +      IDENTIFIED BY id-at-dnQualifier } + +  -- Naming attributes of type X520countryName (digraph from IS 3166) + +  id-at-countryName       AttributeType ::= { id-at 6 } + +  at-x520countryName ATTRIBUTE ::=  { TYPE PrintableString (SIZE (2)) +      IDENTIFIED BY id-at-countryName } + +  -- Naming attributes of type X520SerialNumber + +  id-at-serialNumber      AttributeType ::= { id-at 5 } + +  at-x520SerialNumber ATTRIBUTE ::=  {TYPE PrintableString +      (SIZE (1..ub-serial-number)) IDENTIFIED BY id-at-serialNumber } + +  -- Naming attributes of type X520Pseudonym + +  id-at-pseudonym         AttributeType ::= { id-at 65 } + +  at-x520Pseudonym ATTRIBUTE ::= { TYPE DirectoryString {ub-pseudonym} +      IDENTIFIED BY id-at-pseudonym } + +  -- Naming attributes of type DomainComponent (from RFC 2247) + +  id-domainComponent      AttributeType ::= +       { itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) +       pilotAttributeType(1) 25 } + +  at-domainComponent ATTRIBUTE ::= {TYPE IA5String +      IDENTIFIED BY id-domainComponent } + +  -- Legacy attributes + +  pkcs-9 OBJECT IDENTIFIER ::= +      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } +  id-emailAddress          AttributeType ::= { pkcs-9 1 } + +  at-emailAddress ATTRIBUTE ::= {TYPE IA5String +      (SIZE (1..ub-emailaddress-length)) IDENTIFIED BY +      id-emailAddress } + +  -- naming data types -- + +  Name ::= CHOICE { -- only one possibility for now -- +      rdnSequence  RDNSequence } + +  RDNSequence ::= SEQUENCE OF RelativeDistinguishedName + +  DistinguishedName ::=   RDNSequence + +  RelativeDistinguishedName  ::= +      SET SIZE (1 .. MAX) OF SingleAttribute { {SupportedAttributes} } + +  --  These are the known name elements for a DN + +  SupportedAttributes ATTRIBUTE ::= { +      at-name | at-surname | at-givenName | at-initials | +      at-generationQualifier | at-x520CommonName | +      at-x520LocalityName | at-x520StateOrProvinceName | +      at-x520OrganizationName | at-x520OrganizationalUnitName | +      at-x520Title | at-x520dnQualifier | at-x520countryName | +      at-x520SerialNumber | at-x520Pseudonym | at-domainComponent | +      at-emailAddress, ... } + +  -- +  -- Certificate- and CRL-specific structures begin here +  -- + +  Certificate  ::=  SIGNED{TBSCertificate} + +  TBSCertificate  ::=  SEQUENCE  { +      version         [0]  Version DEFAULT v1, +      serialNumber         CertificateSerialNumber, +      signature            AlgorithmIdentifier{SIGNATURE-ALGORITHM, +                                {SignatureAlgorithms}}, +      issuer               Name, +      validity             Validity, +      subject              Name, +      subjectPublicKeyInfo SubjectPublicKeyInfo, +      ... , +      [[2:               -- If present, version MUST be v2 +      issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL, +      subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL +      ]], +      [[3:               -- If present, version MUST be v3 -- +      extensions      [3]  Extensions{{CertExtensions}} OPTIONAL +      ]], ... } + +  Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  } + +  CertificateSerialNumber  ::=  INTEGER + +  Validity ::= SEQUENCE { +      notBefore      Time, +      notAfter       Time  } + +  Time ::= CHOICE { +      utcTime        UTCTime, +      generalTime    GeneralizedTime } + +  UniqueIdentifier  ::=  BIT STRING + +  SubjectPublicKeyInfo  ::=  SEQUENCE  { +      algorithm            AlgorithmIdentifier{PUBLIC-KEY, +                               {PublicKeyAlgorithms}}, +      subjectPublicKey     BIT STRING  } + +  -- CRL structures + +  CertificateList  ::=  SIGNED{TBSCertList} + +  TBSCertList  ::=  SEQUENCE  { +      version              Version OPTIONAL, +                                 -- if present, MUST be v2 +      signature            AlgorithmIdentifier{SIGNATURE-ALGORITHM, +                               {SignatureAlgorithms}}, +      issuer               Name, +      thisUpdate           Time, +      nextUpdate           Time OPTIONAL, +      revokedCertificates  SEQUENCE SIZE (1..MAX) OF SEQUENCE { +          userCertificate  CertificateSerialNumber, +          revocationDate   Time, +          ... , +          [[2:                  -- if present, version MUST be v2 +          crlEntryExtensions  Extensions{{CrlEntryExtensions}} +                                  OPTIONAL +          ]], ... +      } OPTIONAL, +      ... , +      [[2:                       -- if present, version MUST be v2 +      crlExtensions       [0] Extensions{{CrlExtensions}} +                                  OPTIONAL +      ]], ... } + +  -- Version, Time, CertificateSerialNumber, and Extensions were +  -- defined earlier for use in the certificate structure + +  -- +  --  The two object sets below should be expanded to include +  --  those algorithms which are supported by the system. +  -- +  --  For example: +  --  SignatureAlgorithms SIGNATURE-ALGORITHM ::= { +  --    PKIXAlgs-2008.SignatureAlgs, ..., +  --        - - RFC 3279 provides the base set +  --    PKIX1-PSS-OAEP-ALGORITHMS.SignatureAlgs | +  --        - - RFC 4055 provides extension algs +  --    OtherModule.SignatureAlgs +  --        - - RFC XXXX provides additional extension algs +  --  } + +  SignatureAlgorithms SIGNATURE-ALGORITHM ::= { +      PKIXAlgs-2009.SignatureAlgs, ..., +      PKIX1-PSS-OAEP-Algorithms-2009.SignatureAlgs } + +  PublicKeyAlgorithms PUBLIC-KEY ::= { +      PKIXAlgs-2009.PublicKeys, ..., +      PKIX1-PSS-OAEP-Algorithms-2009.PublicKeys} + +  -- Upper Bounds + +  ub-state-name INTEGER ::= 128 +  ub-organization-name INTEGER ::= 64 +  ub-organizational-unit-name INTEGER ::= 64 +  ub-title INTEGER ::= 64 +  ub-serial-number INTEGER ::= 64 +  ub-pseudonym INTEGER ::= 128 +  ub-emailaddress-length INTEGER ::= 255 +  ub-locality-name INTEGER ::= 128 +  ub-common-name INTEGER ::= 64 +  ub-name INTEGER ::= 32768 + +  -- Note - upper bounds on string types, such as TeletexString, are +  -- measured in characters.  Excepting PrintableString or IA5String, a +  -- significantly greater number of octets will be required to hold +  -- such a value.  As a minimum, 16 octets or twice the specified +  -- upper bound, whichever is the larger, should be allowed for +  -- TeletexString.  For UTF8String or UniversalString, at least four +  -- times the upper bound should be allowed. + +  -- Information object classes used in the definition +  -- of certificates and CRLs + +  -- Parameterized Type SIGNED +  -- +  -- Three different versions of doing SIGNED: +  --  1.  Simple and close to the previous version +  -- +  --  SIGNED{ToBeSigned} ::= SEQUENCE { +  --    toBeSigned  ToBeSigned, +  --    algorithm   AlgorithmIdentifier{SIGNATURE-ALGORITHM, +  --                    {SignatureAlgorithms}}, +  --    signature   BIT STRING +  --  } + +  --  2.  From Authenticated Framework +  -- +  --  SIGNED{ToBeSigned} ::= SEQUENCE { +  --    toBeSigned        ToBeSigned, +  --    COMPONENTS OF SIGNATURE{ToBeSigned} +  --  } +  --  SIGNATURE{ToBeSigned} ::= SEQUENCE { +  --    algorithmIdentifier   AlgorithmIdentifier, +  --    encrypted             ENCRYPTED-HASH{ToBeSigned} +  --  } +  --  ENCRYPTED-HASH{ToBeSigned} ::= +  --    BIT STRING +  --      (CONSTRAINED BY { +  --        shall be the result of applying a hashing procedure to +  --        the DER-encoded (see 4.1) octets of a value of +  --        ToBeSigned and then applying an encipherment procedure +  --        to those octets +  --      }) +  -- +  -- +  --  3.  A more complex version, but one that automatically ties +  --      together both the signature algorithm and the +  --      signature value for automatic decoding. +  -- +  SIGNED{ToBeSigned} ::= SEQUENCE { +     toBeSigned           ToBeSigned, +     algorithmIdentifier  SEQUENCE { +         algorithm        SIGNATURE-ALGORITHM. +                            &id({SignatureAlgorithms}), +         parameters       SIGNATURE-ALGORITHM. +                            &Params({SignatureAlgorithms} +                              {@algorithmIdentifier.algorithm}) OPTIONAL +     }, +     signature BIT STRING (CONTAINING SIGNATURE-ALGORITHM.&Value( +                              {SignatureAlgorithms} +                              {@algorithmIdentifier.algorithm})) +  } + +  END diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX1Implicit-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX1Implicit-2009.asn1 new file mode 100644 index 0000000000..3651a5249b --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIX1Implicit-2009.asn1 @@ -0,0 +1,447 @@ +   PKIX1Implicit-2009 +       {iso(1) identified-organization(3) dod(6) internet(1) security(5) +       mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)} +   DEFINITIONS IMPLICIT TAGS ::= +   BEGIN +   IMPORTS + +   AttributeSet{}, EXTENSION, ATTRIBUTE +   FROM PKIX-CommonTypes-2009 +       {iso(1) identified-organization(3) dod(6) internet(1) security(5) +       mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57) } + +   id-pe, id-kp, id-qt-unotice, id-qt-cps, ORAddress, Name, +       RelativeDistinguishedName, CertificateSerialNumber, +       DirectoryString{}, SupportedAttributes +   FROM PKIX1Explicit-2009 +       {iso(1) identified-organization(3) dod(6) internet(1) security(5) +       mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51) }; + +   CertExtensions EXTENSION ::= { +           ext-AuthorityKeyIdentifier | ext-SubjectKeyIdentifier | +           ext-KeyUsage | ext-PrivateKeyUsagePeriod | +           ext-CertificatePolicies | ext-PolicyMappings | +           ext-SubjectAltName | ext-IssuerAltName | +           ext-SubjectDirectoryAttributes | +           ext-BasicConstraints | ext-NameConstraints | +           ext-PolicyConstraints | ext-ExtKeyUsage | +           ext-CRLDistributionPoints | ext-InhibitAnyPolicy | +           ext-FreshestCRL | ext-AuthorityInfoAccess | +           ext-SubjectInfoAccessSyntax, ... } + +   CrlExtensions EXTENSION ::= { +           ext-AuthorityKeyIdentifier | ext-IssuerAltName | +           ext-CRLNumber | ext-DeltaCRLIndicator | +           ext-IssuingDistributionPoint |  ext-FreshestCRL, ... } + +   CrlEntryExtensions EXTENSION ::= { +           ext-CRLReason | ext-CertificateIssuer | +           ext-HoldInstructionCode | ext-InvalidityDate, ... } +   -- Shared arc for standard certificate and CRL extensions + +   id-ce OBJECT IDENTIFIER  ::=  { joint-iso-ccitt(2) ds(5) 29 } + +   -- authority key identifier OID and syntax + +   ext-AuthorityKeyIdentifier EXTENSION ::= { SYNTAX +       AuthorityKeyIdentifier IDENTIFIED BY +       id-ce-authorityKeyIdentifier } +   id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 } + +   AuthorityKeyIdentifier ::= SEQUENCE { +       keyIdentifier             [0] KeyIdentifier            OPTIONAL, +       authorityCertIssuer       [1] GeneralNames             OPTIONAL, +       authorityCertSerialNumber [2] CertificateSerialNumber  OPTIONAL } +   (WITH COMPONENTS { +      ..., +      authorityCertIssuer        PRESENT, +      authorityCertSerialNumber  PRESENT +    } | +    WITH COMPONENTS { +      ..., +      authorityCertIssuer        ABSENT, +      authorityCertSerialNumber  ABSENT +    }) + +   KeyIdentifier ::= OCTET STRING + +   -- subject key identifier OID and syntax + +   ext-SubjectKeyIdentifier EXTENSION ::= { SYNTAX +       KeyIdentifier IDENTIFIED BY id-ce-subjectKeyIdentifier } +   id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 14 } + +   -- key usage extension OID and syntax + +   ext-KeyUsage EXTENSION ::= { SYNTAX +       KeyUsage IDENTIFIED BY id-ce-keyUsage } +   id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 } + +   KeyUsage ::= BIT STRING { +        digitalSignature        (0), +        nonRepudiation          (1), --  recent editions of X.509 have +                                     --  renamed this bit to +                                     --  contentCommitment +        keyEncipherment         (2), +        dataEncipherment        (3), +        keyAgreement            (4), +        keyCertSign             (5), +        cRLSign                 (6), +        encipherOnly            (7), +        decipherOnly            (8) +    } + +   -- private key usage period extension OID and syntax + +   ext-PrivateKeyUsagePeriod EXTENSION ::= { SYNTAX +       PrivateKeyUsagePeriod IDENTIFIED BY id-ce-privateKeyUsagePeriod } +   id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::=  { id-ce 16 } + +   PrivateKeyUsagePeriod ::= SEQUENCE { +        notBefore       [0]     GeneralizedTime OPTIONAL, +        notAfter        [1]     GeneralizedTime OPTIONAL } +   (WITH COMPONENTS {..., notBefore  PRESENT } | +    WITH COMPONENTS {..., notAfter  PRESENT }) + +   -- certificate policies extension OID and syntax + +   ext-CertificatePolicies EXTENSION ::= { SYNTAX +       CertificatePolicies IDENTIFIED BY id-ce-certificatePolicies} +   id-ce-certificatePolicies OBJECT IDENTIFIER ::=  { id-ce 32 } + +   CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation + +   PolicyInformation ::= SEQUENCE { +        policyIdentifier   CertPolicyId, +        policyQualifiers   SEQUENCE SIZE (1..MAX) OF +                PolicyQualifierInfo OPTIONAL } + +   CertPolicyId ::= OBJECT IDENTIFIER + +   CERT-POLICY-QUALIFIER ::= TYPE-IDENTIFIER + +   PolicyQualifierInfo ::= SEQUENCE { +          policyQualifierId  CERT-POLICY-QUALIFIER. +               &id({PolicyQualifierId}), +          qualifier          CERT-POLICY-QUALIFIER. +               &Type({PolicyQualifierId}{@policyQualifierId})} + +   -- Implementations that recognize additional policy qualifiers MUST +   -- augment the following definition for PolicyQualifierId + +   PolicyQualifierId CERT-POLICY-QUALIFIER ::= +       { pqid-cps | pqid-unotice, ... } + +   pqid-cps CERT-POLICY-QUALIFIER ::= { CPSuri IDENTIFIED BY id-qt-cps } +   pqid-unotice CERT-POLICY-QUALIFIER ::= { UserNotice +       IDENTIFIED BY id-qt-unotice } + +   -- CPS pointer qualifier + +   CPSuri ::= IA5String + +   -- user notice qualifier + +   UserNotice ::= SEQUENCE { +        noticeRef        NoticeReference OPTIONAL, +        explicitText     DisplayText OPTIONAL} + +   -- +   --  This is not made explicit in the text +   -- +   -- {WITH COMPONENTS {..., noticeRef PRESENT} | +   --  WITH COMPONENTS {..., DisplayText PRESENT }} + +   NoticeReference ::= SEQUENCE { +        organization     DisplayText, +        noticeNumbers    SEQUENCE OF INTEGER } + +   DisplayText ::= CHOICE { +        ia5String        IA5String      (SIZE (1..200)), +        visibleString    VisibleString  (SIZE (1..200)), +        bmpString        BMPString      (SIZE (1..200)), +        utf8String       UTF8String     (SIZE (1..200)) } + +   -- policy mapping extension OID and syntax + +   ext-PolicyMappings EXTENSION ::= { SYNTAX +       PolicyMappings IDENTIFIED BY id-ce-policyMappings } +   id-ce-policyMappings OBJECT IDENTIFIER ::=  { id-ce 33 } + +   PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { +       issuerDomainPolicy      CertPolicyId, +       subjectDomainPolicy     CertPolicyId +   } + +   -- subject alternative name extension OID and syntax + +   ext-SubjectAltName EXTENSION ::= { SYNTAX +       GeneralNames IDENTIFIED BY id-ce-subjectAltName } +   id-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-ce 17 } + +   GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName + +   GeneralName ::= CHOICE { +        otherName                   [0]  INSTANCE OF OTHER-NAME, +        rfc822Name                  [1]  IA5String, +        dNSName                     [2]  IA5String, +        x400Address                 [3]  ORAddress, +        directoryName               [4]  Name, +        ediPartyName                [5]  EDIPartyName, +        uniformResourceIdentifier   [6]  IA5String, +        iPAddress                   [7]  OCTET STRING, +        registeredID                [8]  OBJECT IDENTIFIER +   } + +   -- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as +   -- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax + +   OTHER-NAME ::= TYPE-IDENTIFIER + +   EDIPartyName ::= SEQUENCE { +       nameAssigner    [0] DirectoryString {ubMax} OPTIONAL, +       partyName       [1] DirectoryString {ubMax} +   } + +   -- issuer alternative name extension OID and syntax + +   ext-IssuerAltName EXTENSION ::= { SYNTAX +       GeneralNames IDENTIFIED BY id-ce-issuerAltName } +   id-ce-issuerAltName OBJECT IDENTIFIER ::=  { id-ce 18 } + +   ext-SubjectDirectoryAttributes EXTENSION ::= { SYNTAX +       SubjectDirectoryAttributes IDENTIFIED BY +       id-ce-subjectDirectoryAttributes } +   id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::=  { id-ce 9 } + +   SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF +       AttributeSet{{SupportedAttributes}} + +   -- basic constraints extension OID and syntax + +   ext-BasicConstraints EXTENSION ::= { SYNTAX +       BasicConstraints IDENTIFIED BY id-ce-basicConstraints } +   id-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-ce 19 } + +   BasicConstraints ::= SEQUENCE { +        cA                      BOOLEAN DEFAULT FALSE, +        pathLenConstraint       INTEGER (0..MAX) OPTIONAL +   } + +   -- name constraints extension OID and syntax +   ext-NameConstraints EXTENSION ::= { SYNTAX +       NameConstraints IDENTIFIED BY id-ce-nameConstraints } +   id-ce-nameConstraints OBJECT IDENTIFIER ::=  { id-ce 30 } + +   NameConstraints ::= SEQUENCE { +        permittedSubtrees       [0] GeneralSubtrees OPTIONAL, +        excludedSubtrees        [1] GeneralSubtrees OPTIONAL +   } +   -- +   --  This is a constraint in the issued certificates by CAs, but is +   --  not a requirement on EEs. +   -- +   -- (WITH COMPONENTS { ..., permittedSubtrees PRESENT} | +   --  WITH COMPONENTS { ..., excludedSubtrees PRESENT }} + +   GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree + +   GeneralSubtree ::= SEQUENCE { +        base                GeneralName, +        minimum         [0] BaseDistance DEFAULT 0, +        maximum         [1] BaseDistance OPTIONAL +   } + +   BaseDistance ::= INTEGER (0..MAX) + +   -- policy constraints extension OID and syntax + +   ext-PolicyConstraints EXTENSION ::= { SYNTAX +       PolicyConstraints IDENTIFIED BY id-ce-policyConstraints } +   id-ce-policyConstraints OBJECT IDENTIFIER ::=  { id-ce 36 } + +   PolicyConstraints ::= SEQUENCE { +        requireExplicitPolicy           [0] SkipCerts OPTIONAL, +        inhibitPolicyMapping            [1] SkipCerts OPTIONAL } +   -- +   --  This is a constraint in the issued certificates by CAs, +   --  but is not a requirement for EEs +   -- +   -- (WITH COMPONENTS { ..., requireExplicitPolicy PRESENT} | +   --  WITH COMPONENTS { ..., inhibitPolicyMapping PRESENT}) + +   SkipCerts ::= INTEGER (0..MAX) + +   -- CRL distribution points extension OID and syntax + +   ext-CRLDistributionPoints EXTENSION ::= { SYNTAX +       CRLDistributionPoints IDENTIFIED BY id-ce-cRLDistributionPoints} +   id-ce-cRLDistributionPoints     OBJECT IDENTIFIER  ::=  {id-ce 31} +   CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint + +   DistributionPoint ::= SEQUENCE { +        distributionPoint       [0] DistributionPointName OPTIONAL, +        reasons                 [1] ReasonFlags OPTIONAL, +        cRLIssuer               [2] GeneralNames OPTIONAL +   } +   -- +   --  This is not a requirement in the text, but it seems as if it +   --      should be +   -- +   --(WITH COMPONENTS {..., distributionPoint PRESENT} | +   -- WITH COMPONENTS {..., cRLIssuer PRESENT}) + +   DistributionPointName ::= CHOICE { +        fullName                [0] GeneralNames, +        nameRelativeToCRLIssuer [1] RelativeDistinguishedName +   } + +   ReasonFlags ::= BIT STRING { +        unused                  (0), +        keyCompromise           (1), +        cACompromise            (2), +        affiliationChanged      (3), +        superseded              (4), +        cessationOfOperation    (5), +        certificateHold         (6), +        privilegeWithdrawn      (7), +        aACompromise            (8) +    } + +   -- extended key usage extension OID and syntax + +   ext-ExtKeyUsage EXTENSION ::= { SYNTAX +       ExtKeyUsageSyntax IDENTIFIED BY id-ce-extKeyUsage } +   id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37} + +   ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId + +   KeyPurposeId ::= OBJECT IDENTIFIER + +   -- permit unspecified key uses + +   anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } + +   -- extended key purpose OIDs + +   id-kp-serverAuth       OBJECT IDENTIFIER ::= { id-kp 1 } +   id-kp-clientAuth       OBJECT IDENTIFIER ::= { id-kp 2 } +   id-kp-codeSigning      OBJECT IDENTIFIER ::= { id-kp 3 } +   id-kp-emailProtection  OBJECT IDENTIFIER ::= { id-kp 4 } +   id-kp-timeStamping     OBJECT IDENTIFIER ::= { id-kp 8 } +   id-kp-OCSPSigning      OBJECT IDENTIFIER ::= { id-kp 9 } + +   -- inhibit any policy OID and syntax + +   ext-InhibitAnyPolicy EXTENSION  ::= {SYNTAX +       SkipCerts IDENTIFIED BY id-ce-inhibitAnyPolicy } +   id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::=  { id-ce 54 } + +   -- freshest (delta)CRL extension OID and syntax + +   ext-FreshestCRL EXTENSION ::= {SYNTAX +       CRLDistributionPoints IDENTIFIED BY id-ce-freshestCRL } +   id-ce-freshestCRL OBJECT IDENTIFIER ::=  { id-ce 46 } + +   -- authority info access + +   ext-AuthorityInfoAccess EXTENSION ::= { SYNTAX +       AuthorityInfoAccessSyntax IDENTIFIED BY +       id-pe-authorityInfoAccess } +   id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 } + +   AuthorityInfoAccessSyntax  ::= +           SEQUENCE SIZE (1..MAX) OF AccessDescription + +   AccessDescription  ::=  SEQUENCE { +           accessMethod          OBJECT IDENTIFIER, +           accessLocation        GeneralName  } + +   -- subject info access + +   ext-SubjectInfoAccessSyntax EXTENSION ::= { SYNTAX +       SubjectInfoAccessSyntax IDENTIFIED BY id-pe-subjectInfoAccess } +   id-pe-subjectInfoAccess OBJECT IDENTIFIER ::= { id-pe 11 } + +   SubjectInfoAccessSyntax  ::= +           SEQUENCE SIZE (1..MAX) OF AccessDescription + +   -- CRL number extension OID and syntax + +   ext-CRLNumber EXTENSION ::= {SYNTAX +       INTEGER (0..MAX) IDENTIFIED BY id-ce-cRLNumber } +   id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } + +   CRLNumber ::= INTEGER (0..MAX) +   -- issuing distribution point extension OID and syntax + +   ext-IssuingDistributionPoint EXTENSION ::= { SYNTAX +       IssuingDistributionPoint IDENTIFIED BY +       id-ce-issuingDistributionPoint } +   id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 } + +   IssuingDistributionPoint ::= SEQUENCE { +        distributionPoint          [0] DistributionPointName OPTIONAL, +        onlyContainsUserCerts      [1] BOOLEAN DEFAULT FALSE, +        onlyContainsCACerts        [2] BOOLEAN DEFAULT FALSE, +        onlySomeReasons            [3] ReasonFlags OPTIONAL, +        indirectCRL                [4] BOOLEAN DEFAULT FALSE, +        onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE +   } +           -- at most one of onlyContainsUserCerts, onlyContainsCACerts, +           -- or onlyContainsAttributeCerts may be set to TRUE. + +   ext-DeltaCRLIndicator EXTENSION ::= { SYNTAX +       CRLNumber IDENTIFIED BY id-ce-deltaCRLIndicator } +   id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-ce 27 } + +   -- CRL reasons extension OID and syntax + +   ext-CRLReason EXTENSION ::= { SYNTAX +       CRLReason IDENTIFIED BY id-ce-cRLReasons } +   id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 } + +   CRLReason ::= ENUMERATED { +        unspecified             (0), +        keyCompromise           (1), +        cACompromise            (2), +        affiliationChanged      (3), +        superseded              (4), +        cessationOfOperation    (5), +        certificateHold         (6), +        removeFromCRL           (8), +        privilegeWithdrawn      (9), +        aACompromise           (10) +   } + +   -- certificate issuer CRL entry extension OID and syntax + +   ext-CertificateIssuer EXTENSION ::= { SYNTAX +       GeneralNames IDENTIFIED BY id-ce-certificateIssuer } +   id-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-ce 29 } + +   -- hold instruction extension OID and syntax +   ext-HoldInstructionCode EXTENSION ::= { SYNTAX +       OBJECT IDENTIFIER IDENTIFIED BY id-ce-holdInstructionCode } +   id-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-ce 23 } + +   -- ANSI x9 holdinstructions + +   holdInstruction OBJECT IDENTIFIER ::= +             {joint-iso-itu-t(2) member-body(2) us(840) x9cm(10040) 2} +   id-holdinstruction-none OBJECT IDENTIFIER  ::= +                   {holdInstruction 1} -- deprecated +   id-holdinstruction-callissuer OBJECT IDENTIFIER ::= +                   {holdInstruction 2} +   id-holdinstruction-reject OBJECT IDENTIFIER ::= +                   {holdInstruction 3} + +   -- invalidity date CRL entry extension OID and syntax + +   ext-InvalidityDate EXTENSION  ::=  { SYNTAX +       GeneralizedTime IDENTIFIED BY id-ce-invalidityDate } +   id-ce-invalidityDate OBJECT IDENTIFIER ::= { id-ce 24 } +   -- Upper bounds +   ubMax INTEGER ::= 32768 + +   END diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXAlgs-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXAlgs-2009.asn1 new file mode 100644 index 0000000000..d58bcb5b19 --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXAlgs-2009.asn1 @@ -0,0 +1,528 @@ +   PKIXAlgs-2009 { iso(1) identified-organization(3) dod(6) +     internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) +     id-mod-pkix1-algorithms2008-02(56) } + +   DEFINITIONS EXPLICIT TAGS ::= +   BEGIN +   IMPORTS + +   PUBLIC-KEY, SIGNATURE-ALGORITHM, DIGEST-ALGORITHM, SMIME-CAPS +   FROM AlgorithmInformation-2009 +       {iso(1) identified-organization(3) dod(6) internet(1) security(5) +       mechanisms(5) pkix(7) id-mod(0) +       id-mod-algorithmInformation-02(58)} + +   mda-sha224, mda-sha256, mda-sha384, mda-sha512 +   FROM PKIX1-PSS-OAEP-Algorithms-2009 +       {iso(1) identified-organization(3) dod(6) internet(1) +       security(5) mechanisms(5) pkix(7) id-mod(0) +       id-mod-pkix1-rsa-pkalgs-02(54)} ; + +   -- +   -- Public Key (pk-) Algorithms +   -- + +   PublicKeys PUBLIC-KEY ::= { +    pk-rsa  | +    pk-dsa  | +    pk-dh   | +    pk-kea, +    ..., +    pk-ec   | +    pk-ecDH | +    pk-ecMQV +   } + +   -- +   -- Signature Algorithms (sa-) +   -- + +   SignatureAlgs SIGNATURE-ALGORITHM ::= { +    sa-rsaWithMD2      | +    sa-rsaWithMD5      | +    sa-rsaWithSHA1     | +    sa-dsaWithSHA1     | +    sa-ecdsaWithSHA1, +    ..., -- Extensible +    sa-dsaWithSHA224   | +    sa-dsaWithSHA256   | +    sa-ecdsaWithSHA224 | +    sa-ecdsaWithSHA256 | +    sa-ecdsaWithSHA384 | +    sa-ecdsaWithSHA512 +   } + +   -- +   -- S/MIME CAPS for algorithms in this document +   -- +   -- For all of the algorithms laid out in this document, the +   -- parameters field for the S/MIME capabilities is defined as +   -- ABSENT as there are no specific values that need to be known +   -- by the receiver for negotiation. + +   -- + +   SMimeCaps SMIME-CAPS ::= { +    sa-rsaWithMD2.&smimeCaps      | +    sa-rsaWithMD5.&smimeCaps      | +    sa-rsaWithSHA1.&smimeCaps     | +    sa-dsaWithSHA1.&smimeCaps     | +    sa-dsaWithSHA224.&smimeCaps   | +    sa-dsaWithSHA256.&smimeCaps   | +    sa-ecdsaWithSHA1.&smimeCaps   | +    sa-ecdsaWithSHA224.&smimeCaps | +    sa-ecdsaWithSHA256.&smimeCaps | +    sa-ecdsaWithSHA384.&smimeCaps | +    sa-ecdsaWithSHA512.&smimeCaps, +    ... } + +   -- RSA PK Algorithm, Parameters, and Keys + +   pk-rsa PUBLIC-KEY ::= { +    IDENTIFIER rsaEncryption +    KEY RSAPublicKey +    PARAMS TYPE NULL ARE absent +    -- Private key format not in this module -- +    CERT-KEY-USAGE {digitalSignature, nonRepudiation, +    keyEncipherment, dataEncipherment, keyCertSign, cRLSign} +   } + +   rsaEncryption OBJECT IDENTIFIER ::= { +    iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) +    pkcs-1(1) 1 } + +   RSAPublicKey ::= SEQUENCE { +    modulus         INTEGER, -- n +    publicExponent  INTEGER  -- e +   } + +   -- DSA PK Algorithm, Parameters, and Keys + +   pk-dsa PUBLIC-KEY ::= { +    IDENTIFIER id-dsa +    KEY DSAPublicKey +    PARAMS TYPE DSA-Params ARE inheritable +    -- Private key format not in this module -- +    CERT-KEY-USAGE { digitalSignature, nonRepudiation, keyCertSign, +                        cRLSign } +   } + +   id-dsa OBJECT IDENTIFIER ::= { +    iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 } + +   DSA-Params ::= SEQUENCE { +    p  INTEGER, +    q  INTEGER, +    g  INTEGER +   } + +   DSAPublicKey ::= INTEGER --  public key, y + +   -- Diffie-Hellman PK Algorithm, Parameters, and Keys + +   pk-dh PUBLIC-KEY ::= { +    IDENTIFIER dhpublicnumber +    KEY DHPublicKey +    PARAMS TYPE DomainParameters ARE inheritable +    -- Private key format not in this module -- +    CERT-KEY-USAGE {keyAgreement, encipherOnly, decipherOnly } +   } + +   dhpublicnumber OBJECT IDENTIFIER ::= { +    iso(1) member-body(2) us(840) ansi-x942(10046) +    number-type(2) 1 } + +   DomainParameters ::= SEQUENCE { +    p                INTEGER,           -- odd prime, p=jq +1 +    g                INTEGER,           -- generator, g +    q                INTEGER,           -- factor of p-1 +    j                INTEGER OPTIONAL,  -- subgroup factor, j>= 2 +    validationParams  ValidationParams OPTIONAL +   } + +   ValidationParams ::= SEQUENCE { +    seed         BIT STRING, +    pgenCounter  INTEGER +   } + +   DiffieHellmanPublicNumber ::= INTEGER   -- according to http://wikisec.free.fr/crypto/crypto.html + +   DHPublicKey ::= INTEGER  -- public key, y = g^x mod p + +   -- KEA PK Algorithm and Parameters + +   pk-kea PUBLIC-KEY ::= { +    IDENTIFIER id-keyExchangeAlgorithm +    -- key is not encoded -- +    PARAMS TYPE KEA-Params-Id ARE required +    -- Private key format not in this module -- +    CERT-KEY-USAGE {keyAgreement, encipherOnly, decipherOnly } +   } +   id-keyExchangeAlgorithm OBJECT IDENTIFIER ::= { +       joint-iso-itu-t(2) country(16) us(840) organization(1) +       gov(101) dod(2) infosec(1) algorithms(1) 22 } + +   KEA-Params-Id ::= OCTET STRING + +   -- Elliptic Curve (EC) Signatures: Unrestricted Algorithms +   --  (Section 2.1.1 of RFC 5480) +   -- +   -- EC Unrestricted Algorithm ID -- -- this is used for ECDSA + +   pk-ec PUBLIC-KEY ::= { +    IDENTIFIER id-ecPublicKey +    KEY ECPoint +    PARAMS TYPE ECParameters ARE required +    -- Private key format not in this module -- +    CERT-KEY-USAGE { digitalSignature, nonRepudiation, keyAgreement, +                         keyCertSign, cRLSign } +   } + +   ECPoint ::= OCTET STRING -- see RFC 5480 for syntax and restrictions + +   id-ecPublicKey OBJECT IDENTIFIER ::= { +    iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } + +   -- Elliptic Curve (EC) Signatures: Restricted Algorithms +   --  (Section 2.1.2 of RFC 5480) +   -- +   -- EC Diffie-Hellman Algorithm ID + +   pk-ecDH PUBLIC-KEY ::= { +    IDENTIFIER id-ecDH +    KEY ECPoint +    PARAMS TYPE ECParameters ARE required +    -- Private key format not in this module -- +    CERT-KEY-USAGE { keyAgreement, encipherOnly, decipherOnly } +   } + +   id-ecDH OBJECT IDENTIFIER ::= { +    iso(1) identified-organization(3) certicom(132) schemes(1) +    ecdh(12) } + +   -- EC Menezes-Qu-Vanstone Algorithm ID + +   pk-ecMQV PUBLIC-KEY ::= { +    IDENTIFIER id-ecMQV +    KEY ECPoint +    PARAMS TYPE ECParameters ARE required +    -- Private key format not in this module -- +    CERT-KEY-USAGE { keyAgreement, encipherOnly, decipherOnly } +   } + +   id-ecMQV OBJECT IDENTIFIER ::= { +    iso(1) identified-organization(3) certicom(132) schemes(1) +    ecmqv(13) } + +   -- Parameters and Keys for both Restricted and Unrestricted EC + +   ECParameters ::= CHOICE { +    namedCurve      CURVE.&id({NamedCurve}) +    -- implicitCurve   NULL +      -- implicitCurve MUST NOT be used in PKIX +    -- specifiedCurve  SpecifiedCurve +      -- specifiedCurve MUST NOT be used in PKIX +      -- Details for specifiedCurve can be found in [X9.62] +      -- Any future additions to this CHOICE should be coordinated +      -- with ANSI X.9. +   } +   -- If you need to be able to decode ANSI X.9 parameter structures, +   -- uncomment the implicitCurve and specifiedCurve above, and also +   -- uncomment the following: +   --(WITH COMPONENTS {namedCurve PRESENT}) + +   -- Sec 2.1.1.1 Named Curve + +   CURVE ::= CLASS { &id OBJECT IDENTIFIER UNIQUE } +    WITH SYNTAX { ID &id } + +   NamedCurve CURVE ::= { +   { ID secp192r1 } | { ID sect163k1 } | { ID sect163r2 } | +   { ID secp224r1 } | { ID sect233k1 } | { ID sect233r1 } | +   { ID secp256r1 } | { ID sect283k1 } | { ID sect283r1 } | +   { ID secp384r1 } | { ID sect409k1 } | { ID sect409r1 } | +   { ID secp521r1 } | { ID sect571k1 } | { ID sect571r1 }, +   ... -- Extensible +   } + +   -- Note in [X9.62] the curves are referred to as 'ansiX9' as +   -- opposed to 'sec'.  For example, secp192r1 is the same curve as +   -- ansix9p192r1. + +   -- Note that in [PKI-ALG] the secp192r1 curve was referred to as +   -- prime192v1 and the secp256r1 curve was referred to as +   -- prime256v1. + +   -- Note that [FIPS186-3] refers to secp192r1 as P-192, +   -- secp224r1 as P-224, secp256r1 as P-256, secp384r1 as P-384, +   -- and secp521r1 as P-521. + +   secp192r1 OBJECT IDENTIFIER ::= { +    iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) +    prime(1) 1 } + +   sect163k1 OBJECT IDENTIFIER ::= { +    iso(1) identified-organization(3) certicom(132) curve(0) 1 } + +   sect163r2 OBJECT IDENTIFIER ::= { +    iso(1) identified-organization(3) certicom(132) curve(0) 15 } + +   secp224r1 OBJECT IDENTIFIER ::= { +    iso(1) identified-organization(3) certicom(132) curve(0) 33 } + +   sect233k1 OBJECT IDENTIFIER ::= { +    iso(1) identified-organization(3) certicom(132) curve(0) 26 } + +   sect233r1 OBJECT IDENTIFIER ::= { +    iso(1) identified-organization(3) certicom(132) curve(0) 27 } + +   secp256r1 OBJECT IDENTIFIER ::= { +    iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) +    prime(1) 7 } + +   sect283k1 OBJECT IDENTIFIER ::= { +    iso(1) identified-organization(3) certicom(132) curve(0) 16 } + +   sect283r1 OBJECT IDENTIFIER ::= { +    iso(1) identified-organization(3) certicom(132) curve(0) 17 } + +   secp384r1 OBJECT IDENTIFIER ::= { +    iso(1) identified-organization(3) certicom(132) curve(0) 34 } + +   sect409k1 OBJECT IDENTIFIER ::= { +    iso(1) identified-organization(3) certicom(132) curve(0) 36 } + +   sect409r1 OBJECT IDENTIFIER ::= { +    iso(1) identified-organization(3) certicom(132) curve(0) 37 } + +   secp521r1 OBJECT IDENTIFIER ::= { +    iso(1) identified-organization(3) certicom(132) curve(0) 35 } + +   sect571k1 OBJECT IDENTIFIER ::= { +    iso(1) identified-organization(3) certicom(132) curve(0) 38 } + +   sect571r1 OBJECT IDENTIFIER ::= { +    iso(1) identified-organization(3) certicom(132) curve(0) 39 } + +   -- RSA with MD-2 + +   sa-rsaWithMD2 SIGNATURE-ALGORITHM ::= { +    IDENTIFIER md2WithRSAEncryption +    PARAMS TYPE NULL ARE required +    HASHES { mda-md2 } +    PUBLIC-KEYS { pk-rsa } +    SMIME-CAPS { IDENTIFIED BY md2WithRSAEncryption } +   } + +   md2WithRSAEncryption OBJECT IDENTIFIER ::= { +    iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) +    pkcs-1(1) 2 } + +   -- RSA with MD-5 + +   sa-rsaWithMD5 SIGNATURE-ALGORITHM ::= { +    IDENTIFIER md5WithRSAEncryption +    PARAMS TYPE NULL ARE required +    HASHES { mda-md5 } +    PUBLIC-KEYS { pk-rsa } +    SMIME-CAPS { IDENTIFIED BY md5WithRSAEncryption } +   } + +   md5WithRSAEncryption OBJECT IDENTIFIER ::= { +    iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) +    pkcs-1(1) 4 } + +   -- RSA with SHA-1 + +   sa-rsaWithSHA1 SIGNATURE-ALGORITHM ::= { +    IDENTIFIER sha1WithRSAEncryption +    PARAMS TYPE NULL ARE required +    HASHES { mda-sha1 } +    PUBLIC-KEYS { pk-rsa } +    SMIME-CAPS {IDENTIFIED BY sha1WithRSAEncryption } +   } + +   sha1WithRSAEncryption OBJECT IDENTIFIER ::= { +    iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) +    pkcs-1(1) 5 } + +   -- DSA with SHA-1 + +   sa-dsaWithSHA1 SIGNATURE-ALGORITHM ::= { +    IDENTIFIER dsa-with-sha1 +    VALUE DSA-Sig-Value +    PARAMS TYPE NULL ARE absent +    HASHES { mda-sha1 } +    PUBLIC-KEYS { pk-dsa } +    SMIME-CAPS { IDENTIFIED BY dsa-with-sha1 } +   } + +   dsa-with-sha1 OBJECT IDENTIFIER ::=  { +    iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 3 } + +   -- DSA with SHA-224 + +   sa-dsaWithSHA224 SIGNATURE-ALGORITHM ::= { +    IDENTIFIER dsa-with-sha224 +    VALUE DSA-Sig-Value +    PARAMS TYPE NULL ARE absent +    HASHES { mda-sha224 } +    PUBLIC-KEYS { pk-dsa } +    SMIME-CAPS { IDENTIFIED BY dsa-with-sha224 } +   } + +   dsa-with-sha224 OBJECT IDENTIFIER  ::=  { +    joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101) +    csor(3) algorithms(4) id-dsa-with-sha2(3) 1 } + +   -- DSA with SHA-256 + +   sa-dsaWithSHA256 SIGNATURE-ALGORITHM ::= { +    IDENTIFIER dsa-with-sha256 +    VALUE DSA-Sig-Value +    PARAMS TYPE NULL ARE absent +    HASHES { mda-sha256 } +    PUBLIC-KEYS { pk-dsa } +    SMIME-CAPS { IDENTIFIED BY dsa-with-sha256 } +   } + +   dsa-with-sha256 OBJECT IDENTIFIER  ::=  { +    joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101) +    csor(3) algorithms(4) id-dsa-with-sha2(3) 2 } + +   -- ECDSA with SHA-1 + +   sa-ecdsaWithSHA1 SIGNATURE-ALGORITHM ::= { +    IDENTIFIER ecdsa-with-SHA1 +    VALUE ECDSA-Sig-Value +    PARAMS TYPE NULL ARE absent +    HASHES { mda-sha1 } +    PUBLIC-KEYS { pk-ec } +    SMIME-CAPS {IDENTIFIED BY ecdsa-with-SHA1 } +   } + +   ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { +    iso(1) member-body(2) us(840) ansi-X9-62(10045) +    signatures(4) 1 } + +   -- ECDSA with SHA-224 + +   sa-ecdsaWithSHA224 SIGNATURE-ALGORITHM ::= { +    IDENTIFIER ecdsa-with-SHA224 +    VALUE ECDSA-Sig-Value +    PARAMS TYPE NULL ARE absent +    HASHES { mda-sha224 } +    PUBLIC-KEYS { pk-ec } +    SMIME-CAPS { IDENTIFIED BY ecdsa-with-SHA224 } +   } + +   ecdsa-with-SHA224 OBJECT IDENTIFIER ::= { +    iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) +    ecdsa-with-SHA2(3) 1 } + +   -- ECDSA with SHA-256 + +   sa-ecdsaWithSHA256 SIGNATURE-ALGORITHM ::= { +    IDENTIFIER ecdsa-with-SHA256 +    VALUE ECDSA-Sig-Value +    PARAMS TYPE NULL ARE absent +    HASHES { mda-sha256 } +    PUBLIC-KEYS { pk-ec } +    SMIME-CAPS { IDENTIFIED BY ecdsa-with-SHA256 } +   } + +   ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { +    iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) +    ecdsa-with-SHA2(3) 2 } + +   -- ECDSA with SHA-384 + +   sa-ecdsaWithSHA384 SIGNATURE-ALGORITHM ::= { +    IDENTIFIER ecdsa-with-SHA384 +    VALUE ECDSA-Sig-Value +    PARAMS TYPE NULL ARE absent +    HASHES { mda-sha384 } +    PUBLIC-KEYS { pk-ec } +    SMIME-CAPS { IDENTIFIED BY ecdsa-with-SHA384 } +   } +   ecdsa-with-SHA384 OBJECT IDENTIFIER ::= { +    iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) +    ecdsa-with-SHA2(3) 3 } + +   -- ECDSA with SHA-512 + +   sa-ecdsaWithSHA512 SIGNATURE-ALGORITHM ::= { +    IDENTIFIER ecdsa-with-SHA512 +    VALUE ECDSA-Sig-Value +    PARAMS TYPE NULL ARE absent +    HASHES { mda-sha512 } +    PUBLIC-KEYS { pk-ec } +    SMIME-CAPS { IDENTIFIED BY ecdsa-with-SHA512 } +   } + +   ecdsa-with-SHA512 OBJECT IDENTIFIER ::= { +    iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) +    ecdsa-with-SHA2(3) 4 } + +   -- +   -- Signature Values +   -- + +   -- DSA + +   DSA-Sig-Value ::= SEQUENCE { +    r  INTEGER, +    s  INTEGER +   } + +   -- ECDSA + +   ECDSA-Sig-Value ::= SEQUENCE { +    r  INTEGER, +    s  INTEGER +   } + +   -- +   -- Message Digest Algorithms (mda-) +   -- + +   HashAlgs DIGEST-ALGORITHM ::= { +    mda-md2    | +    mda-md5    | +    mda-sha1, +    ... -- Extensible +   } +   -- MD-2 + +   mda-md2 DIGEST-ALGORITHM ::= { +    IDENTIFIER id-md2 +    PARAMS TYPE NULL ARE preferredAbsent +   } + +   id-md2  OBJECT IDENTIFIER ::= { +    iso(1) member-body(2) us(840) rsadsi(113549) +    digestAlgorithm(2) 2 } + +   -- MD-5 + +   mda-md5 DIGEST-ALGORITHM ::= { +    IDENTIFIER id-md5 +    PARAMS TYPE NULL ARE preferredAbsent +   } + +   id-md5  OBJECT IDENTIFIER ::= { +    iso(1) member-body(2) us(840) rsadsi(113549) +    digestAlgorithm(2) 5 } + +   -- SHA-1 + +   mda-sha1 DIGEST-ALGORITHM ::= { +    IDENTIFIER id-sha1 +    PARAMS TYPE NULL ARE preferredAbsent +   } + +   id-sha1 OBJECT IDENTIFIER ::= { +    iso(1) identified-organization(3) oiw(14) secsig(3) +    algorithm(2) 26 } + +   END diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXAttributeCertificate-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXAttributeCertificate-2009.asn1 new file mode 100644 index 0000000000..3ab074643f --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXAttributeCertificate-2009.asn1 @@ -0,0 +1,292 @@ +   PKIXAttributeCertificate-2009 +       {iso(1) identified-organization(3) dod(6) internet(1) security(5) +       mechanisms(5) pkix(7) id-mod(0) id-mod-attribute-cert-02(47)} +   DEFINITIONS IMPLICIT TAGS ::= +   BEGIN +   IMPORTS + +   AttributeSet{}, Extensions{}, SecurityCategory{}, +           EXTENSION, ATTRIBUTE, SECURITY-CATEGORY +   FROM PKIX-CommonTypes-2009 +       {iso(1) identified-organization(3) dod(6) internet(1) security(5) +       mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57) } + +   AlgorithmIdentifier{}, SIGNATURE-ALGORITHM, DIGEST-ALGORITHM +   FROM AlgorithmInformation-2009 +       {iso(1) identified-organization(3) dod(6) internet(1) security(5) +       mechanisms(5) pkix(7) id-mod(0) +       id-mod-algorithmInformation-02(58)} + +      -- IMPORTed module OIDs MAY change if [PKIXPROF] changes +      -- PKIX Certificate Extensions + +   CertificateSerialNumber, UniqueIdentifier, id-pkix, id-pe, id-kp, +       id-ad, id-at, SIGNED{}, SignatureAlgorithms +   FROM PKIX1Explicit-2009 +       {iso(1) identified-organization(3) dod(6) internet(1) security(5) +       mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51)} + +   GeneralName, GeneralNames, id-ce, ext-AuthorityKeyIdentifier, +       ext-AuthorityInfoAccess, ext-CRLDistributionPoints +   FROM PKIX1Implicit-2009 +       {iso(1) identified-organization(3) dod(6) internet(1) security(5) +       mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)} + +   ContentInfo +     FROM CryptographicMessageSyntax-2009 +       { iso(1) member-body(2) us(840) rsadsi(113549) +       pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2004-02(41) }; +   --  Define the set of extensions that can appear. +   --  Some of these are imported from PKIX Cert + +   AttributeCertExtensions EXTENSION ::= { +       ext-auditIdentity | ext-targetInformation | +       ext-AuthorityKeyIdentifier | ext-AuthorityInfoAccess | +       ext-CRLDistributionPoints | ext-noRevAvail | ext-ac-proxying | +       ext-aaControls, ... } + +   ext-auditIdentity EXTENSION ::= { SYNTAX +       OCTET STRING IDENTIFIED BY id-pe-ac-auditIdentity} + +   ext-targetInformation EXTENSION ::= { SYNTAX +       Targets IDENTIFIED BY id-ce-targetInformation } + +   ext-noRevAvail EXTENSION ::= { SYNTAX +       NULL IDENTIFIED BY id-ce-noRevAvail} + +   ext-ac-proxying EXTENSION ::= { SYNTAX +       ProxyInfo IDENTIFIED BY id-pe-ac-proxying} + +   ext-aaControls EXTENSION ::= { SYNTAX +       AAControls IDENTIFIED BY id-pe-aaControls} + +   -- Define the set of attributes used here + +   AttributesDefined ATTRIBUTE ::= {  at-authenticationInfo | +        at-accesIdentity | at-chargingIdentity | at-group | +        at-role | at-clearance | at-encAttrs, ...} + +   at-authenticationInfo ATTRIBUTE ::= { TYPE SvceAuthInfo +       IDENTIFIED BY id-aca-authenticationInfo} + +   at-accesIdentity ATTRIBUTE ::= { TYPE SvceAuthInfo +       IDENTIFIED BY id-aca-accessIdentity} + +   at-chargingIdentity ATTRIBUTE ::= { TYPE IetfAttrSyntax +       IDENTIFIED BY id-aca-chargingIdentity} + +   at-group ATTRIBUTE ::= { TYPE IetfAttrSyntax +       IDENTIFIED BY id-aca-group} + +   at-role ATTRIBUTE ::= { TYPE RoleSyntax +       IDENTIFIED BY id-at-role} + +   at-clearance ATTRIBUTE ::= { TYPE Clearance +       IDENTIFIED BY id-at-clearance} +   at-clearance-RFC3281 ATTRIBUTE ::= {TYPE Clearance-rfc3281 +       IDENTIFIED BY id-at-clearance-rfc3281 } + +   at-encAttrs ATTRIBUTE ::= { TYPE ContentInfo +       IDENTIFIED BY id-aca-encAttrs} + +   -- +   --  OIDs used by Attribute Certificate Extensions +   -- + +   id-pe-ac-auditIdentity       OBJECT IDENTIFIER ::= { id-pe 4 } +   id-pe-aaControls             OBJECT IDENTIFIER ::= { id-pe 6 } +   id-pe-ac-proxying            OBJECT IDENTIFIER ::= { id-pe 10 } +   id-ce-targetInformation      OBJECT IDENTIFIER ::= { id-ce 55 } +   id-ce-noRevAvail             OBJECT IDENTIFIER ::= { id-ce 56 } + +   -- +   --  OIDs used by Attribute Certificate Attributes +   -- + +   id-aca                       OBJECT IDENTIFIER ::= { id-pkix 10 } + +   id-aca-authenticationInfo    OBJECT IDENTIFIER ::= { id-aca 1 } +   id-aca-accessIdentity        OBJECT IDENTIFIER ::= { id-aca 2 } +   id-aca-chargingIdentity      OBJECT IDENTIFIER ::= { id-aca 3 } +   id-aca-group                 OBJECT IDENTIFIER ::= { id-aca 4 } +   -- { id-aca 5 } is reserved +   id-aca-encAttrs              OBJECT IDENTIFIER ::= { id-aca 6 } + +   id-at-role                   OBJECT IDENTIFIER ::= { id-at 72} +   id-at-clearance              OBJECT IDENTIFIER ::= { +        joint-iso-ccitt(2) ds(5) attributeType(4) clearance (55) } + +   -- Uncomment the following declaration and comment the above line if +   -- using the id-at-clearance attribute as defined in [RFC3281] +   -- id-at-clearance ::= id-at-clearance-3281 + +   id-at-clearance-rfc3281              OBJECT IDENTIFIER ::= { +       joint-iso-ccitt(2) ds(5) module(1) selected-attribute-types(5) +       clearance (55) } + +   -- +   --  The syntax of an Attribute Certificate +   -- + +   AttributeCertificate ::= SIGNED{AttributeCertificateInfo} + +   AttributeCertificateInfo ::= SEQUENCE { +       version        AttCertVersion,  -- version is v2 +       holder         Holder, +       issuer         AttCertIssuer, +       signature      AlgorithmIdentifier{SIGNATURE-ALGORITHM, +                          {SignatureAlgorithms}}, +       serialNumber   CertificateSerialNumber, +       attrCertValidityPeriod   AttCertValidityPeriod, +       attributes     SEQUENCE OF +                          AttributeSet{{AttributesDefined}}, +       issuerUniqueID UniqueIdentifier OPTIONAL, +       extensions     Extensions{{AttributeCertExtensions}} OPTIONAL +   } + +   AttCertVersion ::= INTEGER { v2(1) } + +   Holder ::= SEQUENCE { +       baseCertificateID   [0] IssuerSerial OPTIONAL, +                 -- the issuer and serial number of +                 -- the holder's Public Key Certificate +       entityName          [1] GeneralNames OPTIONAL, +                 -- the name of the claimant or role +       objectDigestInfo    [2] ObjectDigestInfo OPTIONAL +                 -- used to directly authenticate the +                 -- holder, for example, an executable +   } + +   ObjectDigestInfo    ::= SEQUENCE { +       digestedObjectType  ENUMERATED { +            publicKey            (0), +            publicKeyCert        (1), +            otherObjectTypes     (2) }, +               -- otherObjectTypes MUST NOT +               -- be used in this profile +       otherObjectTypeID   OBJECT IDENTIFIER  OPTIONAL, +       digestAlgorithm     AlgorithmIdentifier{DIGEST-ALGORITHM, {...}}, +       objectDigest        BIT STRING +   } + +   AttCertIssuer ::= CHOICE { +       v1Form   GeneralNames,  -- MUST NOT be used in this +                               -- profile +       v2Form   [0] V2Form     -- v2 only +   } + +   V2Form ::= SEQUENCE { +       issuerName            GeneralNames  OPTIONAL, +       baseCertificateID     [0] IssuerSerial  OPTIONAL, +       objectDigestInfo      [1] ObjectDigestInfo  OPTIONAL +          -- issuerName MUST be present in this profile +          -- baseCertificateID and objectDigestInfo MUST +          -- NOT be present in this profile +   } + +   IssuerSerial  ::=  SEQUENCE { +       issuer         GeneralNames, +       serial         CertificateSerialNumber, +       issuerUID      UniqueIdentifier OPTIONAL +   } + +   AttCertValidityPeriod  ::= SEQUENCE { +       notBeforeTime  GeneralizedTime, +       notAfterTime   GeneralizedTime +   } + +   -- +   -- Syntax used by Attribute Certificate Extensions +   -- + +   Targets ::= SEQUENCE OF Target + +   Target  ::= CHOICE { +       targetName     [0] GeneralName, +       targetGroup    [1] GeneralName, +       targetCert     [2] TargetCert +   } + +   TargetCert  ::= SEQUENCE { +       targetCertificate  IssuerSerial, +       targetName         GeneralName OPTIONAL, +       certDigestInfo     ObjectDigestInfo OPTIONAL +   } + +   AAControls ::= SEQUENCE { +       pathLenConstraint INTEGER (0..MAX) OPTIONAL, +       permittedAttrs    [0] AttrSpec OPTIONAL, +       excludedAttrs     [1] AttrSpec OPTIONAL, +       permitUnSpecified BOOLEAN DEFAULT TRUE +   } + +   AttrSpec::= SEQUENCE OF OBJECT IDENTIFIER + +   ProxyInfo ::= SEQUENCE OF Targets + +   -- +   --  Syntax used by Attribute Certificate Attributes +   -- +   IetfAttrSyntax ::= SEQUENCE { +      policyAuthority[0] GeneralNames    OPTIONAL, +      values         SEQUENCE OF CHOICE { +                     octets    OCTET STRING, +                     oid       OBJECT IDENTIFIER, +                     string    UTF8String +     } +   } + +   SvceAuthInfo ::=    SEQUENCE { +       service       GeneralName, +       ident         GeneralName, +       authInfo      OCTET STRING OPTIONAL +   } + +   RoleSyntax ::= SEQUENCE { +       roleAuthority  [0] GeneralNames OPTIONAL, +       roleName       [1] GeneralName +   } + +   Clearance ::= SEQUENCE { +       policyId            OBJECT IDENTIFIER, +       classList           ClassList DEFAULT {unclassified}, +       securityCategories  SET OF SecurityCategory +                                {{SupportedSecurityCategories}} OPTIONAL +   } + +   -- Uncomment the following lines to support deprecated clearance +   -- syntax and comment out previous Clearance. + +   -- Clearance ::= Clearance-rfc3281 + +   Clearance-rfc3281  ::=  SEQUENCE { +       policyId       [0] OBJECT IDENTIFIER, +       classList      [1] ClassList DEFAULT {unclassified}, +       securityCategories [2] SET OF SecurityCategory-rfc3281 +                              {{SupportedSecurityCategories}} OPTIONAL +   } + +   ClassList  ::=  BIT STRING { +       unmarked       (0), +       unclassified   (1), +       restricted     (2), +       confidential   (3), +       secret         (4), +       topSecret      (5) +   } +   SupportedSecurityCategories SECURITY-CATEGORY ::= { ... } + +   SecurityCategory-rfc3281{SECURITY-CATEGORY:Supported} ::= SEQUENCE { +       type      [0]  IMPLICIT SECURITY-CATEGORY. +               &id({Supported}), +       value     [1]  EXPLICIT SECURITY-CATEGORY. +               &Type({Supported}{@type}) +   } + +   ACClearAttrs ::= SEQUENCE { +       acIssuer          GeneralName, +       acSerial          INTEGER, +       attrs             SEQUENCE OF AttributeSet{{AttributesDefined}} +   } + +   END diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXCMP-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXCMP-2009.asn1 new file mode 100644 index 0000000000..968a142f28 --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXCMP-2009.asn1 @@ -0,0 +1,495 @@ + PKIXCMP-2009 +     { iso(1) identified-organization(3) dod(6) internet(1) security(5) +     mechanisms(5) pkix(7) id-mod(0) id-mod-cmp2000-02(50) } + DEFINITIONS EXPLICIT TAGS ::= + BEGIN + IMPORTS + + AttributeSet{}, Extensions{}, EXTENSION, ATTRIBUTE + FROM PKIX-CommonTypes-2009 +     {iso(1) identified-organization(3) dod(6) internet(1) security(5) +     mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57)} + + AlgorithmIdentifier{}, SIGNATURE-ALGORITHM, ALGORITHM, +     DIGEST-ALGORITHM, MAC-ALGORITHM + FROM AlgorithmInformation-2009 +     {iso(1) identified-organization(3) dod(6) internet(1) security(5) +     mechanisms(5) pkix(7) id-mod(0) +     id-mod-algorithmInformation-02(58)} + + Certificate, CertificateList + FROM PKIX1Explicit-2009 +     {iso(1) identified-organization(3) dod(6) internet(1) security(5) +     mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51)} + + GeneralName, KeyIdentifier + FROM PKIX1Implicit-2009 +     {iso(1) identified-organization(3) dod(6) internet(1) security(5) +     mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)} + + CertTemplate, PKIPublicationInfo, EncryptedValue, CertId, +     CertReqMessages + FROM PKIXCRMF-2009 +     { iso(1) identified-organization(3) dod(6) internet(1) security(5) +     mechanisms(5) pkix(7) id-mod(0) id-mod-crmf2005-02(55) } + -- see also the behavioral clarifications to CRMF codified in + -- Appendix C of this specification + + CertificationRequest + FROM PKCS-10 +       {iso(1) identified-organization(3) dod(6) internet(1) security(5) +       mechanisms(5) pkix(7) id-mod(0) id-mod-pkcs10-2009(69)} + -- (specified in RFC 2986 with 1993 ASN.1 syntax and IMPLICIT + -- tags).  Alternatively, implementers may directly include + -- the [PKCS10] syntax in this module + ; + + -- the rest of the module contains locally defined OIDs and + -- constructs + + CMPCertificate ::= CHOICE { x509v3PKCert Certificate, ... } + -- This syntax, while bits-on-the-wire compatible with the + -- standard X.509 definition of "Certificate", allows the + -- possibility of future certificate types (such as X.509 + -- attribute certificates, WAP WTLS certificates, or other kinds + -- of certificates) within this certificate management protocol, + -- should a need ever arise to support such generality.  Those + -- implementations that do not foresee a need to ever support + -- other certificate types MAY, if they wish, comment out the + -- above structure and "uncomment" the following one prior to + -- compiling this ASN.1 module.  (Note that interoperability + -- with implementations that don't do this will be unaffected by + -- this change.) + + -- CMPCertificate ::= Certificate + + PKIMessage ::= SEQUENCE { +     header           PKIHeader, +     body             PKIBody, +     protection   [0] PKIProtection OPTIONAL, +     extraCerts   [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate +                   OPTIONAL } + + PKIMessages ::= SEQUENCE SIZE (1..MAX) OF PKIMessage + + PKIHeader ::= SEQUENCE { +     pvno                INTEGER     { cmp1999(1), cmp2000(2) }, +     sender              GeneralName, +     -- identifies the sender +     recipient           GeneralName, +     -- identifies the intended recipient +     messageTime     [0] GeneralizedTime         OPTIONAL, +     -- time of production of this message (used when sender +     -- believes that the transport will be "suitable"; i.e., +     -- that the time will still be meaningful upon receipt) +     protectionAlg   [1] AlgorithmIdentifier{ALGORITHM, {...}} +                             OPTIONAL, +     -- algorithm used for calculation of protection bits +     senderKID       [2] KeyIdentifier           OPTIONAL, +     recipKID        [3] KeyIdentifier           OPTIONAL, +     -- to identify specific keys used for protection +     transactionID   [4] OCTET STRING            OPTIONAL, +     -- identifies the transaction; i.e., this will be the same in +     -- corresponding request, response, certConf, and PKIConf +     -- messages +     senderNonce     [5] OCTET STRING            OPTIONAL, +     recipNonce      [6] OCTET STRING            OPTIONAL, +     -- nonces used to provide replay protection, senderNonce +     -- is inserted by the creator of this message; recipNonce +     -- is a nonce previously inserted in a related message by +     -- the intended recipient of this message +     freeText        [7] PKIFreeText             OPTIONAL, +     -- this may be used to indicate context-specific instructions +     -- (this field is intended for human consumption) +     generalInfo     [8] SEQUENCE SIZE (1..MAX) OF +                         InfoTypeAndValue     OPTIONAL +     -- this may be used to convey context-specific information +     -- (this field not primarily intended for human consumption) + } + + PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String +     -- text encoded as UTF-8 String [RFC3629] (note: each +     -- UTF8String MAY include an [RFC3066] language tag +     -- to indicate the language of the contained text; +     -- see [RFC2482] for details) + + PKIBody ::= CHOICE {       -- message-specific body elements +     ir       [0]  CertReqMessages,        --Initialization Request +     ip       [1]  CertRepMessage,         --Initialization Response +     cr       [2]  CertReqMessages,        --Certification Request +     cp       [3]  CertRepMessage,         --Certification Response +     p10cr    [4]  CertificationRequest,   --imported from [PKCS10] +     popdecc  [5]  POPODecKeyChallContent, --pop Challenge +     popdecr  [6]  POPODecKeyRespContent,  --pop Response +     kur      [7]  CertReqMessages,        --Key Update Request +     kup      [8]  CertRepMessage,         --Key Update Response +     krr      [9]  CertReqMessages,        --Key Recovery Request +     krp      [10] KeyRecRepContent,       --Key Recovery Response +     rr       [11] RevReqContent,          --Revocation Request +     rp       [12] RevRepContent,          --Revocation Response +     ccr      [13] CertReqMessages,        --Cross-Cert. Request +     ccp      [14] CertRepMessage,         --Cross-Cert. Response +     ckuann   [15] CAKeyUpdAnnContent,     --CA Key Update Ann. +     cann     [16] CertAnnContent,         --Certificate Ann. +     rann     [17] RevAnnContent,          --Revocation Ann. +     crlann   [18] CRLAnnContent,          --CRL Announcement +     pkiconf  [19] PKIConfirmContent,      --Confirmation +     nested   [20] NestedMessageContent,   --Nested Message +     genm     [21] GenMsgContent,          --General Message +     genp     [22] GenRepContent,          --General Response +     error    [23] ErrorMsgContent,        --Error Message +     certConf [24] CertConfirmContent,     --Certificate confirm +     pollReq  [25] PollReqContent,         --Polling request +     pollRep  [26] PollRepContent          --Polling response + } + + PKIProtection ::= BIT STRING + + ProtectedPart ::= SEQUENCE { +     header    PKIHeader, +     body      PKIBody } + + id-PasswordBasedMac OBJECT IDENTIFIER ::= { iso(1) member-body(2) +     usa(840) nt(113533) nsn(7) algorithms(66) 13 } + PBMParameter ::= SEQUENCE { +     salt                OCTET STRING, +     -- note:  implementations MAY wish to limit acceptable sizes +     -- of this string to values appropriate for their environment +     -- in order to reduce the risk of denial-of-service attacks +     owf                 AlgorithmIdentifier{DIGEST-ALGORITHM, {...}}, +     -- AlgId for a One-Way Function (SHA-1 recommended) +     iterationCount      INTEGER, +     -- number of times the OWF is applied +     -- note:  implementations MAY wish to limit acceptable sizes +     -- of this integer to values appropriate for their environment +     -- in order to reduce the risk of denial-of-service attacks +     mac                 AlgorithmIdentifier{MAC-ALGORITHM, {...}} +     -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11], +     -- or HMAC [RFC2104, RFC2202]) + } + + id-DHBasedMac OBJECT IDENTIFIER ::= { iso(1) member-body(2) +     usa(840) nt(113533) nsn(7) algorithms(66) 30 } + DHBMParameter ::= SEQUENCE { +     owf                 AlgorithmIdentifier{DIGEST-ALGORITHM, {...}}, +     -- AlgId for a One-Way Function (SHA-1 recommended) +     mac                 AlgorithmIdentifier{MAC-ALGORITHM, {...}} +     -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11], +     -- or HMAC [RFC2104, RFC2202]) + } + + PKIStatus ::= INTEGER { +     accepted               (0), +     -- you got exactly what you asked for +     grantedWithMods        (1), +     -- you got something like what you asked for; the +     -- requester is responsible for ascertaining the differences +     rejection              (2), +     -- you don't get it, more information elsewhere in the message +     waiting                (3), +     -- the request body part has not yet been processed; expect to +     -- hear more later (note: proper handling of this status +     -- response MAY use the polling req/rep PKIMessages specified +     -- in Section 5.3.22; alternatively, polling in the underlying +     -- transport layer MAY have some utility in this regard) +     revocationWarning      (4), +     -- this message contains a warning that a revocation is +     -- imminent +     revocationNotification (5), +     -- notification that a revocation has occurred +     keyUpdateWarning       (6) +     -- update already done for the oldCertId specified in +     -- CertReqMsg + } + + PKIFailureInfo ::= BIT STRING { + -- since we can fail in more than one way! + -- More codes may be added in the future if/when required. +     badAlg              (0), +     -- unrecognized or unsupported Algorithm Identifier +     badMessageCheck     (1), +     -- integrity check failed (e.g., signature did not verify) +     badRequest          (2), +     -- transaction not permitted or supported +     badTime             (3), +     -- messageTime was not sufficiently close to the system time, +     -- as defined by local policy +     badCertId           (4), +     -- no certificate could be found matching the provided criteria +     badDataFormat       (5), +     -- the data submitted has the wrong format +     wrongAuthority      (6), +     -- the authority indicated in the request is different from the +     -- one creating the response token +     incorrectData       (7), +     -- the requester's data is incorrect (for notary services) +     missingTimeStamp    (8), +     -- when the timestamp is missing but should be there +     -- (by policy) +     badPOP              (9), +     -- the proof-of-possession failed +     certRevoked         (10), +     -- the certificate has already been revoked +     certConfirmed       (11), +     -- the certificate has already been confirmed +     wrongIntegrity      (12), +     -- invalid integrity, password based instead of signature or +     -- vice versa +     badRecipientNonce   (13), +     -- invalid recipient nonce, either missing or wrong value +     timeNotAvailable    (14), +     -- the TSA's time source is not available +     unacceptedPolicy    (15), +     -- the requested TSA policy is not supported by the TSA +     unacceptedExtension (16), +     -- the requested extension is not supported by the TSA +     addInfoNotAvailable (17), +     -- the additional information requested could not be +     -- understood or is not available +     badSenderNonce      (18), +     -- invalid sender nonce, either missing or wrong size +     badCertTemplate     (19), +     -- invalid cert. template or missing mandatory information +     signerNotTrusted    (20), +     -- signer of the message unknown or not trusted +     transactionIdInUse  (21), +     -- the transaction identifier is already in use +     unsupportedVersion  (22), +     -- the version of the message is not supported +     notAuthorized       (23), +     -- the sender was not authorized to make the preceding +     -- request or perform the preceding action +     systemUnavail       (24), +     -- the request cannot be handled due to system unavailability +     systemFailure       (25), +     -- the request cannot be handled due to system failure +     duplicateCertReq    (26) +     -- certificate cannot be issued because a duplicate +     -- certificate already exists + } + + PKIStatusInfo ::= SEQUENCE { +     status        PKIStatus, +     statusString  PKIFreeText     OPTIONAL, +     failInfo      PKIFailureInfo  OPTIONAL } + + OOBCert ::= CMPCertificate + + OOBCertHash ::= SEQUENCE { +     hashAlg     [0] AlgorithmIdentifier{DIGEST-ALGORITHM, {...}} +                         OPTIONAL, +     certId      [1] CertId                  OPTIONAL, +     hashVal         BIT STRING +     -- hashVal is calculated over the DER encoding of the +     -- self-signed certificate with the identifier certID. + } + + POPODecKeyChallContent ::= SEQUENCE OF Challenge + -- One Challenge per encryption key certification request (in the + -- same order as these requests appear in CertReqMessages). + + Challenge ::= SEQUENCE { +     owf                 AlgorithmIdentifier{DIGEST-ALGORITHM, {...}} +                             OPTIONAL, +     -- MUST be present in the first Challenge; MAY be omitted in +     -- any subsequent Challenge in POPODecKeyChallContent (if +     -- omitted, then the owf used in the immediately preceding +     -- Challenge is to be used). +     witness             OCTET STRING, +     -- the result of applying the one-way function (owf) to a +     -- randomly-generated INTEGER, A.  [Note that a different +     -- INTEGER MUST be used for each Challenge.] +     challenge           OCTET STRING +     -- the encryption (under the public key for which the cert. +     -- request is being made) of Rand, where Rand is specified as +     --   Rand ::= SEQUENCE { +     --      int      INTEGER, +     --       - the randomly-generated INTEGER A (above) +     --      sender   GeneralName +     --       - the sender's name (as included in PKIHeader) +     --   } + } + + POPODecKeyRespContent ::= SEQUENCE OF INTEGER + -- One INTEGER per encryption key certification request (in the + -- same order as these requests appear in CertReqMessages).  The + -- retrieved INTEGER A (above) is returned to the sender of the + -- corresponding Challenge. + + CertRepMessage ::= SEQUENCE { +     caPubs       [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate +                   OPTIONAL, +     response         SEQUENCE OF CertResponse } + + CertResponse ::= SEQUENCE { +     certReqId           INTEGER, +     -- to match this response with the corresponding request (a value +     -- of -1 is to be used if certReqId is not specified in the +     -- corresponding request) +     status              PKIStatusInfo, +     certifiedKeyPair    CertifiedKeyPair    OPTIONAL, +     rspInfo             OCTET STRING        OPTIONAL +     -- analogous to the id-regInfo-utf8Pairs string defined +     -- for regInfo in CertReqMsg [RFC4211] + } + + CertifiedKeyPair ::= SEQUENCE { +     certOrEncCert       CertOrEncCert, +     privateKey      [0] EncryptedValue      OPTIONAL, +     -- see [RFC4211] for comment on encoding +     publicationInfo [1] PKIPublicationInfo  OPTIONAL } + + CertOrEncCert ::= CHOICE { +     certificate     [0] CMPCertificate, +     encryptedCert   [1] EncryptedValue } + KeyRecRepContent ::= SEQUENCE { +     status                  PKIStatusInfo, +     newSigCert          [0] CMPCertificate OPTIONAL, +     caCerts             [1] SEQUENCE SIZE (1..MAX) OF +                                      CMPCertificate OPTIONAL, +     keyPairHist         [2] SEQUENCE SIZE (1..MAX) OF +                                      CertifiedKeyPair OPTIONAL } + + RevReqContent ::= SEQUENCE OF RevDetails + + RevDetails ::= SEQUENCE { +     certDetails         CertTemplate, +     -- allows requester to specify as much as they can about +     -- the cert. for which revocation is requested +     -- (e.g., for cases in which serialNumber is not available) +     crlEntryDetails     Extensions{{...}}    OPTIONAL +     -- requested crlEntryExtensions + } + + RevRepContent ::= SEQUENCE { +     status       SEQUENCE SIZE (1..MAX) OF PKIStatusInfo, +     -- in same order as was sent in RevReqContent +     revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId OPTIONAL, +     -- IDs for which revocation was requested +     -- (same order as status) +     crls     [1] SEQUENCE SIZE (1..MAX) OF CertificateList OPTIONAL +     -- the resulting CRLs (there may be more than one) + } + + CAKeyUpdAnnContent ::= SEQUENCE { +     oldWithNew   CMPCertificate, -- old pub signed with new priv +     newWithOld   CMPCertificate, -- new pub signed with old priv +     newWithNew   CMPCertificate  -- new pub signed with new priv + } + + CertAnnContent ::= CMPCertificate + + RevAnnContent ::= SEQUENCE { +     status              PKIStatus, +     certId              CertId, +     willBeRevokedAt     GeneralizedTime, +     badSinceDate        GeneralizedTime, +     crlDetails          Extensions{{...}}  OPTIONAL +     -- extra CRL details (e.g., crl number, reason, location, etc.) + } + + CRLAnnContent ::= SEQUENCE OF CertificateList + PKIConfirmContent ::= NULL + + NestedMessageContent ::= PKIMessages + + INFO-TYPE-AND-VALUE ::= TYPE-IDENTIFIER + + InfoTypeAndValue ::= SEQUENCE { +     infoType    INFO-TYPE-AND-VALUE. +                     &id({SupportedInfoSet}), +     infoValue   INFO-TYPE-AND-VALUE. +                     &Type({SupportedInfoSet}{@infoType}) } + + SupportedInfoSet INFO-TYPE-AND-VALUE ::= { ... } + + -- Example InfoTypeAndValue contents include, but are not limited + -- to, the following (uncomment in this ASN.1 module and use as + -- appropriate for a given environment): + -- + --   id-it-caProtEncCert    OBJECT IDENTIFIER ::= {id-it 1} + --      CAProtEncCertValue      ::= CMPCertificate + --   id-it-signKeyPairTypes OBJECT IDENTIFIER ::= {id-it 2} + --      SignKeyPairTypesValue   ::= SEQUENCE OF + --                                      AlgorithmIdentifier{{...}} + --   id-it-encKeyPairTypes  OBJECT IDENTIFIER ::= {id-it 3} + --      EncKeyPairTypesValue    ::= SEQUENCE OF + --                                      AlgorithmIdentifier{{...}} + --   id-it-preferredSymmAlg OBJECT IDENTIFIER ::= {id-it 4} + --      PreferredSymmAlgValue   ::= AlgorithmIdentifier{{...}} + --   id-it-caKeyUpdateInfo  OBJECT IDENTIFIER ::= {id-it 5} + --      CAKeyUpdateInfoValue    ::= CAKeyUpdAnnContent + --   id-it-currentCRL       OBJECT IDENTIFIER ::= {id-it 6} + --      CurrentCRLValue         ::= CertificateList + --   id-it-unsupportedOIDs  OBJECT IDENTIFIER ::= {id-it 7} + --      UnsupportedOIDsValue    ::= SEQUENCE OF OBJECT IDENTIFIER + --   id-it-keyPairParamReq  OBJECT IDENTIFIER ::= {id-it 10} + --      KeyPairParamReqValue    ::= OBJECT IDENTIFIER + --   id-it-keyPairParamRep  OBJECT IDENTIFIER ::= {id-it 11} + --      KeyPairParamRepValue    ::= AlgorithmIdentifer + --   id-it-revPassphrase    OBJECT IDENTIFIER ::= {id-it 12} + --      RevPassphraseValue      ::= EncryptedValue + --   id-it-implicitConfirm  OBJECT IDENTIFIER ::= {id-it 13} + --      ImplicitConfirmValue    ::= NULL + --   id-it-confirmWaitTime  OBJECT IDENTIFIER ::= {id-it 14} + --      ConfirmWaitTimeValue    ::= GeneralizedTime + --   id-it-origPKIMessage   OBJECT IDENTIFIER ::= {id-it 15} + --      OrigPKIMessageValue     ::= PKIMessages + --   id-it-suppLangTags     OBJECT IDENTIFIER ::= {id-it 16} + --      SuppLangTagsValue       ::= SEQUENCE OF UTF8String + -- + -- where + -- + --   id-pkix OBJECT IDENTIFIER ::= { + --      iso(1) identified-organization(3) + --      dod(6) internet(1) security(5) mechanisms(5) pkix(7)} + -- and + --   id-it   OBJECT IDENTIFIER ::= {id-pkix 4} + -- + -- + -- This construct MAY also be used to define new PKIX Certificate + -- Management Protocol request and response messages, or general- + -- purpose (e.g., announcement) messages for future needs or for + -- specific environments. + + GenMsgContent ::= SEQUENCE OF InfoTypeAndValue + + -- May be sent by EE, RA, or CA (depending on message content). + -- The OPTIONAL infoValue parameter of InfoTypeAndValue will + -- typically be omitted for some of the examples given above. + -- The receiver is free to ignore any contained OBJECT IDs that it + -- does not recognize.  If sent from EE to CA, the empty set + -- indicates that the CA may send + -- any/all information that it wishes. + + GenRepContent ::= SEQUENCE OF InfoTypeAndValue + -- Receiver MAY ignore any contained OIDs that it does not + -- recognize. + + ErrorMsgContent ::= SEQUENCE { +     pKIStatusInfo          PKIStatusInfo, +     errorCode              INTEGER           OPTIONAL, +     -- implementation-specific error codes +     errorDetails           PKIFreeText       OPTIONAL +     -- implementation-specific error details + } + + CertConfirmContent ::= SEQUENCE OF CertStatus + + CertStatus ::= SEQUENCE { +     certHash    OCTET STRING, +     -- the hash of the certificate, using the same hash algorithm +     -- as is used to create and verify the certificate signature +     certReqId   INTEGER, +     -- to match this confirmation with the corresponding req/rep +     statusInfo  PKIStatusInfo OPTIONAL } + + PollReqContent ::= SEQUENCE OF SEQUENCE { +     certReqId              INTEGER } + + PollRepContent ::= SEQUENCE OF SEQUENCE { +     certReqId              INTEGER, +     checkAfter             INTEGER,  -- time in seconds +     reason                 PKIFreeText OPTIONAL } + + END diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXCRMF-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXCRMF-2009.asn1 new file mode 100644 index 0000000000..1c0b780499 --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/PKIXCRMF-2009.asn1 @@ -0,0 +1,409 @@ +  PKIXCRMF-2009 +      {iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) id-mod-crmf2005-02(55)} +  DEFINITIONS IMPLICIT TAGS ::= +  BEGIN +  IMPORTS + +  AttributeSet{}, Extensions{}, EXTENSION, ATTRIBUTE, +      SingleAttribute{} +  FROM PKIX-CommonTypes-2009 +      {iso(1) identified-organization(3) dod(6) internet(1) +      security(5) mechanisms(5) pkix(7) id-mod(0) +      id-mod-pkixCommon-02(57) } + +  AlgorithmIdentifier{}, SIGNATURE-ALGORITHM, ALGORITHM, +      DIGEST-ALGORITHM, MAC-ALGORITHM, PUBLIC-KEY +  FROM AlgorithmInformation-2009 +      {iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) +      id-mod-algorithmInformation-02(58)} + +  Version, Name, Time, SubjectPublicKeyInfo, UniqueIdentifier, id-pkix, +      SignatureAlgorithms +  FROM PKIX1Explicit-2009 +      {iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51)} + +  GeneralName, CertExtensions +  FROM PKIX1Implicit-2009 +      {iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)} + +  EnvelopedData, CONTENT-TYPE +  FROM CryptographicMessageSyntax-2009 +      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) +      smime(16) modules(0) id-mod-cms-2004-02(41)} +  maca-hMAC-SHA1 +  FROM CryptographicMessageSyntaxAlgorithms-2009 +      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) +      smime(16) modules(0) id-mod-cmsalg-2001-02(37) } + +  mda-sha1 +  FROM PKIXAlgs-2009 +      { iso(1) identified-organization(3) dod(6) +      internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) +      id-mod-pkix1-algorithms2008-02(56) } ; + +  -- arc for Internet X.509 PKI protocols and their components + +  id-pkip  OBJECT IDENTIFIER ::= { id-pkix 5 } + +  id-smime OBJECT IDENTIFIER ::= { iso(1) member-body(2) +       us(840) rsadsi(113549) pkcs(1) pkcs9(9) 16 } + +  id-ct   OBJECT IDENTIFIER ::= { id-smime  1 }  -- content types + +  -- Core definitions for this module + +  CertReqMessages ::= SEQUENCE SIZE (1..MAX) OF CertReqMsg + +  CertReqMsg ::= SEQUENCE { +      certReq   CertRequest, +      popo       ProofOfPossession  OPTIONAL, +      -- content depends upon key type +      regInfo   SEQUENCE SIZE(1..MAX) OF +          SingleAttribute{{RegInfoSet}} OPTIONAL } + +  CertRequest ::= SEQUENCE { +      certReqId     INTEGER, +      -- ID for matching request and reply +      certTemplate  CertTemplate, +      -- Selected fields of cert to be issued +      controls      Controls OPTIONAL } +      -- Attributes affecting issuance + +  CertTemplate ::= SEQUENCE { +      version      [0] Version               OPTIONAL, +      serialNumber [1] INTEGER               OPTIONAL, +      signingAlg   [2] AlgorithmIdentifier{SIGNATURE-ALGORITHM, +                           {SignatureAlgorithms}}   OPTIONAL, +      issuer       [3] Name                  OPTIONAL, +      validity     [4] OptionalValidity      OPTIONAL, +      subject      [5] Name                  OPTIONAL, +      publicKey    [6] SubjectPublicKeyInfo  OPTIONAL, +      issuerUID    [7] UniqueIdentifier      OPTIONAL, +      subjectUID   [8] UniqueIdentifier      OPTIONAL, +      extensions   [9] Extensions{{CertExtensions}}  OPTIONAL } + +  OptionalValidity ::= SEQUENCE { +      notBefore  [0] Time OPTIONAL, +      notAfter   [1] Time OPTIONAL } -- at least one MUST be present + +  Controls  ::= SEQUENCE SIZE(1..MAX) OF SingleAttribute +                    {{RegControlSet}} + +  ProofOfPossession ::= CHOICE { +      raVerified        [0] NULL, +      -- used if the RA has already verified that the requester is in +      -- possession of the private key +      signature         [1] POPOSigningKey, +      keyEncipherment   [2] POPOPrivKey, +      keyAgreement      [3] POPOPrivKey } + +  POPOSigningKey ::= SEQUENCE { +      poposkInput           [0] POPOSigningKeyInput OPTIONAL, +      algorithmIdentifier   AlgorithmIdentifier{SIGNATURE-ALGORITHM, +                                {SignatureAlgorithms}}, +      signature             BIT STRING } +      -- The signature (using "algorithmIdentifier") is on the +      -- DER-encoded value of poposkInput.  NOTE: If the CertReqMsg +      -- certReq CertTemplate contains the subject and publicKey values, +      -- then poposkInput MUST be omitted and the signature MUST be +      -- computed over the DER-encoded value of CertReqMsg certReq.  If +      -- the CertReqMsg certReq CertTemplate does not contain both the +      -- public key and subject values (i.e., if it contains only one +      -- of these, or neither), then poposkInput MUST be present and +      -- MUST be signed. + +  POPOSigningKeyInput ::= SEQUENCE { +      authInfo            CHOICE { +       sender              [0] GeneralName, +       -- used only if an authenticated identity has been +       -- established for the sender (e.g., a DN from a +       -- previously-issued and currently-valid certificate) +       publicKeyMAC        PKMACValue }, +       -- used if no authenticated GeneralName currently exists for +       -- the sender; publicKeyMAC contains a password-based MAC +       -- on the DER-encoded value of publicKey +      publicKey           SubjectPublicKeyInfo }  -- from CertTemplate + +  PKMACValue ::= SEQUENCE { +      algId  AlgorithmIdentifier{MAC-ALGORITHM, +                 {Password-MACAlgorithms}}, +      value  BIT STRING } + +  -- +  --  Define the currently only acceptable MAC algorithm to be used +  --  for the PKMACValue structure +  -- + +  id-PasswordBasedMac OBJECT IDENTIFIER ::= { iso(1) member-body(2) +      usa(840) nt(113533) nsn(7) algorithms(66) 13 } + +  Password-MACAlgorithms MAC-ALGORITHM ::= { +      {IDENTIFIER id-PasswordBasedMac +       PARAMS TYPE PBMParameter ARE required +       IS-KEYED-MAC TRUE +      }, ... +  } + +  PBMParameter ::= SEQUENCE { +     salt                OCTET STRING, +     owf                 AlgorithmIdentifier{DIGEST-ALGORITHM, +                             {DigestAlgorithms}}, +     -- AlgId for a One-Way Function (SHA-1 recommended) +     iterationCount      INTEGER, +     -- number of times the OWF is applied +     mac                 AlgorithmIdentifier{MAC-ALGORITHM, +                             {MACAlgorithms}} +     -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC, or HMAC +  } + +  DigestAlgorithms DIGEST-ALGORITHM ::= { +     mda-sha1, ... +  } + +  MACAlgorithms MAC-ALGORITHM ::= { +      -- The modules containing the ASN.1 for the DES and 3DES MAC +      -- algorithms have not been updated at the time that this is +      -- being published.  Users of this module should define the +      -- appropriate MAC-ALGORITHM objects and uncomment the +      -- following lines if they support these MAC algorithms. +      -- maca-des-mac | maca-3des-mac -- +      maca-hMAC-SHA1, +      ... +  } + +  POPOPrivKey ::= CHOICE { +      thisMessage       [0] BIT STRING,         -- Deprecated +      -- possession is proven in this message (which contains +      -- the private key itself (encrypted for the CA)) +      subsequentMessage [1] SubsequentMessage, +      -- possession will be proven in a subsequent message +      dhMAC             [2] BIT STRING,         -- Deprecated +      agreeMAC          [3] PKMACValue, +      encryptedKey      [4] EnvelopedData } +      -- for keyAgreement (only), possession is proven in this message +      -- (which contains a MAC (over the DER-encoded value of the +      -- certReq parameter in CertReqMsg, which MUST include both +      -- subject and publicKey) based on a key derived from the end +      -- entity's private DH key and the CA's public DH key); + +  SubsequentMessage ::= INTEGER { +      encrCert (0), +      -- requests that resulting certificate be encrypted for the +      -- end entity (following which, POP will be proven in a +      -- confirmation message) +      challengeResp (1) } +      -- requests that CA engage in challenge-response exchange with +      -- end entity in order to prove private key possession + +  -- +  -- id-ct-encKeyWithID content type used as the content type for the +  -- EnvelopedData in POPOPrivKey. +  -- It contains both a private key and an identifier for key escrow +  -- agents to check against recovery requestors. +  -- + +  ct-encKeyWithID CONTENT-TYPE ::= +      { EncKeyWithID IDENTIFIED BY id-ct-encKeyWithID } + +  id-ct-encKeyWithID OBJECT IDENTIFIER ::= {id-ct 21} + +  EncKeyWithID ::= SEQUENCE { +      privateKey           PrivateKeyInfo, +      identifier CHOICE { +          string             UTF8String, +          generalName        GeneralName +      } OPTIONAL +  } + +  PrivateKeyInfo ::= SEQUENCE { +     version                   INTEGER, +     privateKeyAlgorithm       AlgorithmIdentifier{PUBLIC-KEY, {...}}, +     privateKey                OCTET STRING, +               --  Structure of public key is in PUBLIC-KEY.&PrivateKey +     attributes                [0] IMPLICIT Attributes OPTIONAL +  } + +  Attributes ::= SET OF AttributeSet{{PrivateKeyAttributes}} +  PrivateKeyAttributes ATTRIBUTE ::= {...} + +  -- +  -- 6.  Registration Controls in CRMF +  -- + +  id-regCtrl OBJECT IDENTIFIER ::= { id-pkip 1 } + +  RegControlSet ATTRIBUTE ::= { +      regCtrl-regToken | regCtrl-authenticator | +      regCtrl-pkiPublicationInfo | regCtrl-pkiArchiveOptions | +      regCtrl-oldCertID | regCtrl-protocolEncrKey, ... } + +  -- +  --  6.1.  Registration Token Control +  -- + +  regCtrl-regToken ATTRIBUTE ::= +      { TYPE RegToken IDENTIFIED BY id-regCtrl-regToken } + +  id-regCtrl-regToken OBJECT IDENTIFIER ::= { id-regCtrl 1 } + +  RegToken ::= UTF8String + +  -- +  --  6.2.  Authenticator Control +  -- + +  regCtrl-authenticator ATTRIBUTE ::= +      { TYPE Authenticator IDENTIFIED BY id-regCtrl-authenticator } + +  id-regCtrl-authenticator OBJECT IDENTIFIER ::= { id-regCtrl 2 } + +  Authenticator ::= UTF8String + +  -- +  --  6.3.  Publication Information Control +  -- + +  regCtrl-pkiPublicationInfo ATTRIBUTE ::= +      { TYPE PKIPublicationInfo IDENTIFIED BY +          id-regCtrl-pkiPublicationInfo } + +  id-regCtrl-pkiPublicationInfo OBJECT IDENTIFIER ::= { id-regCtrl 3 } + +  PKIPublicationInfo ::= SEQUENCE { +      action     INTEGER { +                     dontPublish (0), +                     pleasePublish (1) }, +      pubInfos  SEQUENCE SIZE (1..MAX) OF SinglePubInfo OPTIONAL } +      -- pubInfos MUST NOT be present if action is "dontPublish" +      -- (if action is "pleasePublish" and pubInfos is omitted, +      -- "dontCare" is assumed) + +  SinglePubInfo ::= SEQUENCE { +      pubMethod    INTEGER { +          dontCare    (0), +          x500        (1), +          web         (2), +          ldap        (3) }, +      pubLocation  GeneralName OPTIONAL } + +  -- +  --  6.4.  Archive Options Control +  -- + +  regCtrl-pkiArchiveOptions ATTRIBUTE ::= +      { TYPE PKIArchiveOptions IDENTIFIED BY +          id-regCtrl-pkiArchiveOptions } + +  id-regCtrl-pkiArchiveOptions OBJECT IDENTIFIER ::= { id-regCtrl 4 } + +  PKIArchiveOptions ::= CHOICE { +      encryptedPrivKey     [0] EncryptedKey, +      -- the actual value of the private key +      keyGenParameters     [1] KeyGenParameters, +      -- parameters that allow the private key to be re-generated +      archiveRemGenPrivKey [2] BOOLEAN } +      -- set to TRUE if sender wishes receiver to archive the private +      -- key of a key pair that the receiver generates in response to +      -- this request; set to FALSE if no archive is desired. + +  EncryptedKey ::= CHOICE { +      encryptedValue        EncryptedValue,   -- Deprecated +      envelopedData     [0] EnvelopedData } +      -- The encrypted private key MUST be placed in the envelopedData +      -- encryptedContentInfo encryptedContent OCTET STRING. + +  -- +  --  We skipped doing the full constraints here since this structure +  --      has been deprecated in favor of EnvelopedData +  -- + +  EncryptedValue ::= SEQUENCE { +      intendedAlg   [0] AlgorithmIdentifier{ALGORITHM, {...}}  OPTIONAL, +      -- the intended algorithm for which the value will be used +      symmAlg       [1] AlgorithmIdentifier{ALGORITHM, {...}}  OPTIONAL, +      -- the symmetric algorithm used to encrypt the value +      encSymmKey    [2] BIT STRING           OPTIONAL, +      -- the (encrypted) symmetric key used to encrypt the value +      keyAlg        [3] AlgorithmIdentifier{ALGORITHM, {...}}  OPTIONAL, +      -- algorithm used to encrypt the symmetric key +      valueHint     [4] OCTET STRING         OPTIONAL, +      -- a brief description or identifier of the encValue content +      -- (may be meaningful only to the sending entity, and used only +      -- if EncryptedValue might be re-examined by the sending entity +      -- in the future) +      encValue       BIT STRING } +      -- the encrypted value itself +  -- When EncryptedValue is used to carry a private key (as opposed to +  -- a certificate), implementations MUST support the encValue field +  -- containing an encrypted PrivateKeyInfo as defined in [PKCS11], +  -- section 12.11.  If encValue contains some other format/encoding +  -- for the private key, the first octet of valueHint MAY be used +  -- to indicate the format/encoding (but note that the possible values +  -- of this octet are not specified at this time).  In all cases, the +  -- intendedAlg field MUST be used to indicate at least the OID of +  -- the intended algorithm of the private key, unless this information +  -- is known a priori to both sender and receiver by some other means. + +  KeyGenParameters ::= OCTET STRING + +  -- +  --  6.5.  OldCert ID Control +  -- + +  regCtrl-oldCertID ATTRIBUTE ::= +      { TYPE OldCertId IDENTIFIED BY id-regCtrl-oldCertID } + +  id-regCtrl-oldCertID  OBJECT IDENTIFIER ::= { id-regCtrl 5 } + +  OldCertId ::= CertId + +  CertId ::= SEQUENCE { +      issuer           GeneralName, +      serialNumber     INTEGER } + +  -- +  -- 6.6.  Protocol Encryption Key Control +  -- + +  regCtrl-protocolEncrKey ATTRIBUTE ::= +      { TYPE ProtocolEncrKey IDENTIFIED BY id-regCtrl-protocolEncrKey } +  id-regCtrl-protocolEncrKey    OBJECT IDENTIFIER ::= { id-regCtrl 6 } + +  ProtocolEncrKey ::= SubjectPublicKeyInfo + +  -- +  -- 7.  Registration Info in CRMF +  -- + +  id-regInfo OBJECT IDENTIFIER ::= { id-pkip 2 } + +  RegInfoSet ATTRIBUTE ::= +      { regInfo-utf8Pairs | regInfo-certReq } + +  -- +  -- 7.1.  utf8Pairs RegInfo Control +  -- + +  regInfo-utf8Pairs ATTRIBUTE ::= +      { TYPE UTF8Pairs IDENTIFIED BY id-regInfo-utf8Pairs } + +  id-regInfo-utf8Pairs    OBJECT IDENTIFIER ::= { id-regInfo 1 } +  --with syntax +  UTF8Pairs ::= UTF8String + +  -- +  --  7.2.  certReq RegInfo Control +  -- + +  regInfo-certReq ATTRIBUTE ::= +      { TYPE CertReq IDENTIFIED BY id-regInfo-certReq } + +  id-regInfo-certReq       OBJECT IDENTIFIER ::= { id-regInfo 2 } +  --with syntax +  CertReq ::= CertRequest + +  END diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Protected-Part-Descriptors.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Protected-Part-Descriptors.asn1 index 5512f1590b..5512f1590b 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/Protected-Part-Descriptors.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Protected-Part-Descriptors.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/ProtocolObjectIdentifiers.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/ProtocolObjectIdentifiers.asn1 index d6e88a2e47..d6e88a2e47 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/ProtocolObjectIdentifiers.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/ProtocolObjectIdentifiers.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Raster-Gr-Coding-Attributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Raster-Gr-Coding-Attributes.asn1 index 258c5f0b23..258c5f0b23 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/Raster-Gr-Coding-Attributes.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Raster-Gr-Coding-Attributes.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Raster-Gr-Presentation-Attributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Raster-Gr-Presentation-Attributes.asn1 index c8f3a2ff33..c8f3a2ff33 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/Raster-Gr-Presentation-Attributes.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Raster-Gr-Presentation-Attributes.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Raster-Gr-Profile-Attributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Raster-Gr-Profile-Attributes.asn1 index 365144ff35..365144ff35 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/Raster-Gr-Profile-Attributes.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Raster-Gr-Profile-Attributes.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Reliable-Transfer-APDU.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Reliable-Transfer-APDU.asn1 index d00570b7e7..d00570b7e7 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/Reliable-Transfer-APDU.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Reliable-Transfer-APDU.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Abstract-Syntaxes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Abstract-Syntaxes.asn1 index 4a59cc403b..4a59cc403b 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Abstract-Syntaxes.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Abstract-Syntaxes.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Generic-ROS-PDUs.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Generic-ROS-PDUs.asn1 index e55ea3c05e..e55ea3c05e 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Generic-ROS-PDUs.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Generic-ROS-PDUs.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Information-Objects-extensions.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Information-Objects-extensions.asn1 index 671cf0e780..671cf0e780 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Information-Objects-extensions.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Information-Objects-extensions.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Information-Objects.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Information-Objects.asn1 index b497e4126b..b497e4126b 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Information-Objects.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Information-Objects.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Realizations.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Realizations.asn1 index 73b49c8d7a..73b49c8d7a 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Realizations.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Realizations.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Useful-Definitions.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Useful-Definitions.asn1 index e526ff4600..e526ff4600 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/Remote-Operations-Useful-Definitions.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Remote-Operations-Useful-Definitions.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/SCVP-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/SCVP-2009.asn1 new file mode 100644 index 0000000000..f74f76ff7c --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/SCVP-2009.asn1 @@ -0,0 +1,608 @@ +  SCVP-2009 +      { iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) id-mod-scvp-02(52) } +  DEFINITIONS IMPLICIT TAGS ::= +  BEGIN +  IMPORTS + +  Extensions{}, EXTENSION, ATTRIBUTE +  FROM PKIX-CommonTypes-2009 +      {iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57) } + +  AlgorithmIdentifier{}, SIGNATURE-ALGORITHM, PUBLIC-KEY, KEY-AGREE, +      DIGEST-ALGORITHM, KEY-DERIVATION, MAC-ALGORITHM +  FROM AlgorithmInformation-2009 +      {iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) +      id-mod-algorithmInformation-02(58)} + +  Certificate, CertificateList, CertificateSerialNumber, +      SignatureAlgorithms, SubjectPublicKeyInfo +  FROM PKIX1Explicit-2009 +      { iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51) } + +  GeneralNames, GeneralName, KeyUsage, KeyPurposeId +  FROM PKIX1Implicit-2009 +      { iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59) } + +  AttributeCertificate +  FROM PKIXAttributeCertificate-2009 +      { iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) id-mod-attribute-cert-02(47) } + +  OCSPResponse +  FROM OCSP-2009 +      { iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) id-mod(0) id-mod-ocsp-02(48) } + +  ContentInfo, CONTENT-TYPE +  FROM CryptographicMessageSyntax-2009 +      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) +      smime(16) modules(0) id-mod-cms-2004-02(41) } + +  mda-sha1 +  FROM PKIXAlgs-2009 +      { iso(1) identified-organization(3) dod(6) +      internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) +      id-mod-pkix1-algorithms2008-02(56) } ; + +  ContentTypes CONTENT-TYPE ::= {ct-scvp-certValRequest | +      ct-scvp-certValResponse | ct-scvp-valPolRequest | +      ct-scvp-valPolResponse, ... } + +  id-ct OBJECT IDENTIFIER ::= +      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) +      id-smime(16) 1 } + +  ct-scvp-certValRequest CONTENT-TYPE ::= +      { CVRequest IDENTIFIED BY id-ct-scvp-certValRequest } + +  id-ct-scvp-certValRequest OBJECT IDENTIFIER ::= { id-ct 10 } + +  -- SCVP Certificate Validation Request + +  CVRequest ::= SEQUENCE { +      cvRequestVersion           INTEGER DEFAULT 1, +      query                      Query, +      requestorRef           [0] GeneralNames OPTIONAL, +      requestNonce           [1] OCTET STRING OPTIONAL, +      requestorName          [2] GeneralName OPTIONAL, +      responderName          [3] GeneralName OPTIONAL, +      requestExtensions      [4] Extensions{{RequestExtensions}} +                                     OPTIONAL, +      signatureAlg           [5] AlgorithmIdentifier +                                     {SIGNATURE-ALGORITHM, +                                         {SignatureAlgorithms}} +                                     OPTIONAL, +      hashAlg                [6] OBJECT IDENTIFIER OPTIONAL, +      requestorText          [7] UTF8String (SIZE (1..256)) OPTIONAL +  } + +  -- Set of signature algorithms is coming from RFC 5280 +  -- SignatureAlgorithms SIGNATURE-ALGORITHM ::= {...} + +  -- Add supported request extensions here; all new items should +  --      be added after the extension marker + +  RequestExtensions EXTENSION ::= {...} + +  Query ::= SEQUENCE { +      queriedCerts             CertReferences, +      checks                   CertChecks, +      wantBack             [1] WantBack OPTIONAL, +      validationPolicy         ValidationPolicy, +      responseFlags            ResponseFlags OPTIONAL, +      serverContextInfo    [2] OCTET STRING OPTIONAL, +      validationTime       [3] GeneralizedTime OPTIONAL, +      intermediateCerts    [4] CertBundle OPTIONAL, +      revInfos             [5] RevocationInfos OPTIONAL, +      producedAt           [6] GeneralizedTime OPTIONAL, +      queryExtensions      [7] Extensions{{QueryExtensions}} OPTIONAL +  } + +  -- Add supported query extensions here; all new items should be added +  --      after the extension marker + +  QueryExtensions EXTENSION ::= {...} + +  CertReferences ::= CHOICE { +      pkcRefs       [0] SEQUENCE SIZE (1..MAX) OF PKCReference, +      acRefs        [1] SEQUENCE SIZE (1..MAX) OF ACReference +  } + +  CertReference::= CHOICE { +      pkc               PKCReference, +      ac                ACReference +  } + +  PKCReference ::= CHOICE { +      cert          [0] Certificate, +      pkcRef        [1] SCVPCertID +  } + +  ACReference ::= CHOICE { +      attrCert      [2] AttributeCertificate, +      acRef         [3] SCVPCertID +  } + +  HashAlgorithm ::= AlgorithmIdentifier{DIGEST-ALGORITHM, +                        {mda-sha1, ...}} + +  SCVPCertID ::= SEQUENCE { +     certHash        OCTET STRING, +     issuerSerial    SCVPIssuerSerial, +     hashAlgorithm   HashAlgorithm +                         DEFAULT { algorithm mda-sha1.&id } +  } + +  SCVPIssuerSerial ::= SEQUENCE { +      issuer         GeneralNames, +      serialNumber   CertificateSerialNumber +  } + +  ValidationPolicy ::= SEQUENCE { +      validationPolRef           ValidationPolRef, +      validationAlg          [0] ValidationAlg OPTIONAL, +      userPolicySet          [1] SEQUENCE SIZE (1..MAX) OF OBJECT +                                IDENTIFIER OPTIONAL, +      inhibitPolicyMapping   [2] BOOLEAN OPTIONAL, +      requireExplicitPolicy  [3] BOOLEAN OPTIONAL, +      inhibitAnyPolicy       [4] BOOLEAN OPTIONAL, +      trustAnchors           [5] TrustAnchors OPTIONAL, +      keyUsages              [6] SEQUENCE OF KeyUsage OPTIONAL, +      extendedKeyUsages      [7] SEQUENCE OF KeyPurposeId OPTIONAL, +      specifiedKeyUsages     [8] SEQUENCE OF KeyPurposeId OPTIONAL +  } + +  CertChecks ::= SEQUENCE SIZE (1..MAX) OF +      OBJECT IDENTIFIER (CertCheckSet | ACertCheckSet, ... ) + +  WantBack ::= SEQUENCE SIZE (1..MAX) OF +      WANT-BACK.&id ({AllWantBacks}) + +  POLICY ::= ATTRIBUTE + +  ValidationPolRefSet POLICY ::= { +      svp-defaultValPolicy, ... +  } + +  ValidationPolRef ::= SEQUENCE { +     valPolId             POLICY.&id, +     valPolParams         POLICY.&Type OPTIONAL +  } + +  ValidationAlgSet POLICY ::= { +          svp-basicValAlg, ... +  } + +  ValidationAlg ::= SEQUENCE { +      valAlgId               POLICY.&id, +      parameters             POLICY.&Type OPTIONAL +  } + +  NameValidationAlgSet POLICY ::= { +      svp-nameValAlg, ... +  } + +  NameValidationAlgParams ::= SEQUENCE { +      nameCompAlgId          OBJECT IDENTIFIER (NameCompAlgSet, ... ), +      validationNames        GeneralNames +  } + +  TrustAnchors ::= SEQUENCE SIZE (1..MAX) OF PKCReference +  KeyAgreePublicKey ::= SEQUENCE { +      algorithm           AlgorithmIdentifier{KEY-AGREE, +                              {SupportedKeyAgreePublicKeys}}, +      publicKey           BIT STRING, +      macAlgorithm        AlgorithmIdentifier{MAC-ALGORITHM, +                              {SupportedMACAlgorithms}}, +      kDF                 AlgorithmIdentifier{KEY-DERIVATION, +                              {SupportedKeyDerivationFunctions}} +                              OPTIONAL +  } + +  SupportedKeyAgreePublicKeys KEY-AGREE ::= {...} +  SupportedMACAlgorithms MAC-ALGORITHM ::= {...} +  SupportedKeyDerivationFunctions KEY-DERIVATION ::= {...} + +  ResponseFlags ::= SEQUENCE { +      fullRequestInResponse      [0] BOOLEAN DEFAULT FALSE, +      responseValidationPolByRef [1] BOOLEAN DEFAULT TRUE, +      protectResponse            [2] BOOLEAN DEFAULT TRUE, +      cachedResponse             [3] BOOLEAN DEFAULT TRUE +  } + +  CertBundle ::= SEQUENCE SIZE (1..MAX) OF Certificate + +  RevocationInfos ::= SEQUENCE SIZE (1..MAX) OF RevocationInfo + +  RevocationInfo ::= CHOICE { +      crl                    [0] CertificateList, +      delta-crl              [1] CertificateList, +      ocsp                   [2] OCSPResponse, +      other                  [3] OtherRevInfo +  } + +  REV-INFO ::= TYPE-IDENTIFIER + +  OtherRevInfo ::= SEQUENCE { +      riType                     REV-INFO.&id, +      riValue                    REV-INFO.&Type +  } + +  -- SCVP Certificate Validation Response + +  ct-scvp-certValResponse CONTENT-TYPE ::= +      { CVResponse IDENTIFIED BY id-ct-scvp-certValResponse } + +  id-ct-scvp-certValResponse OBJECT IDENTIFIER ::= { id-ct 11 } + +  CVResponse ::= SEQUENCE { +      cvResponseVersion          INTEGER, +      serverConfigurationID      INTEGER, +      producedAt                 GeneralizedTime, +      responseStatus             ResponseStatus, +      respValidationPolicy   [0] RespValidationPolicy OPTIONAL, +      requestRef             [1] RequestReference OPTIONAL, +      requestorRef           [2] GeneralNames OPTIONAL, +      requestorName          [3] GeneralNames OPTIONAL, +      replyObjects           [4] ReplyObjects OPTIONAL, +      respNonce              [5] OCTET STRING OPTIONAL, +      serverContextInfo      [6] OCTET STRING OPTIONAL, +      cvResponseExtensions   [7] Extensions{{CVResponseExtensions}} +                                     OPTIONAL, +      requestorText          [8] UTF8String (SIZE (1..256)) OPTIONAL +  } + +  --  This document defines no extensions +  CVResponseExtensions EXTENSION ::= {...} + +  ResponseStatus ::= SEQUENCE { +     statusCode               CVStatusCode DEFAULT  okay, +     errorMessage             UTF8String OPTIONAL +  } + +  CVStatusCode ::= ENUMERATED { +     okay                               (0), +     skipUnrecognizedItems              (1), +     tooBusy                           (10), +     invalidRequest                    (11), +     internalError                     (12), +     badStructure                      (20), +     unsupportedVersion                (21), +     abortUnrecognizedItems            (22), +     unrecognizedSigKey                (23), +     badSignatureOrMAC                 (24), +     unableToDecode                    (25), +     notAuthorized                     (26), +     unsupportedChecks                 (27), +     unsupportedWantBacks              (28), +     unsupportedSignatureOrMAC         (29), +     invalidSignatureOrMAC             (30), +     protectedResponseUnsupported      (31), +     unrecognizedResponderName         (32), +     relayingLoop                      (40), +     unrecognizedValPol                (50), +     unrecognizedValAlg                (51), +     fullRequestInResponseUnsupported  (52), +     fullPolResponseUnsupported        (53), +     inhibitPolicyMappingUnsupported   (54), +     requireExplicitPolicyUnsupported  (55), +     inhibitAnyPolicyUnsupported       (56), +     validationTimeUnsupported         (57), +     unrecognizedCritQueryExt          (63), +     unrecognizedCritRequestExt        (64), +     ... +  } + +  RespValidationPolicy ::= ValidationPolicy + +  RequestReference ::= CHOICE { +      requestHash   [0] HashValue, -- hash of CVRequest +      fullRequest   [1] CVRequest } + +  HashValue ::= SEQUENCE { +      algorithm         HashAlgorithm +                            DEFAULT { algorithm mda-sha1.&id }, +      value             OCTET STRING } + +  ReplyObjects ::= SEQUENCE SIZE (1..MAX) OF CertReply + +  CertReply ::= SEQUENCE { +      cert                       CertReference, +      replyStatus                ReplyStatus DEFAULT success, +      replyValTime               GeneralizedTime, +      replyChecks                ReplyChecks, +      replyWantBacks             ReplyWantBacks, +      validationErrors       [0] SEQUENCE SIZE (1..MAX) OF +          OBJECT IDENTIFIER ( BasicValidationErrorSet | +                              NameValidationErrorSet, +                              ... ) OPTIONAL, +      nextUpdate             [1] GeneralizedTime OPTIONAL, +      certReplyExtensions    [2] Extensions{{...}} OPTIONAL +  } + +  ReplyStatus ::= ENUMERATED { +      success                    (0), +      malformedPKC               (1), +      malformedAC                (2), +      unavailableValidationTime  (3), +      referenceCertHashFail      (4), +      certPathConstructFail      (5), +      certPathNotValid           (6), +      certPathNotValidNow        (7), +      wantBackUnsatisfied        (8) +  } +  ReplyChecks ::= SEQUENCE OF ReplyCheck + +  ReplyCheck ::= SEQUENCE { +      check    OBJECT IDENTIFIER (CertCheckSet | ACertCheckSet, ... ), +      status   INTEGER DEFAULT 0 +  } + +  ReplyWantBacks ::= SEQUENCE OF ReplyWantBack + +  ReplyWantBack::= SEQUENCE { +      wb     WANT-BACK.&id({AllWantBacks}), +      value  OCTET STRING +                 (CONTAINING WANT-BACK.&Type({AllWantBacks}{@wb})) +  } + +  WANT-BACK ::= TYPE-IDENTIFIER + +  AllWantBacks WANT-BACK ::= { +      WantBackSet | ACertWantBackSet | AnyWantBackSet, ... +  } + +  CertBundles ::= SEQUENCE SIZE (1..MAX) OF CertBundle + +  RevInfoWantBack ::= SEQUENCE { +      revocationInfo             RevocationInfos, +      extraCerts                 CertBundle OPTIONAL +  } + +  SCVPResponses ::= SEQUENCE OF ContentInfo + +  -- SCVP Validation Policies Request + +  ct-scvp-valPolRequest CONTENT-TYPE ::= +      { ValPolRequest IDENTIFIED BY id-ct-scvp-valPolRequest } + +  id-ct-scvp-valPolRequest OBJECT IDENTIFIER ::= { id-ct 12 } + +  ValPolRequest ::= SEQUENCE { +      vpRequestVersion           INTEGER DEFAULT 1, +      requestNonce               OCTET STRING +  } + +  -- SCVP Validation Policies Response + +  ct-scvp-valPolResponse CONTENT-TYPE ::= +      { ValPolResponse IDENTIFIED BY id-ct-scvp-valPolResponse } + +  id-ct-scvp-valPolResponse OBJECT IDENTIFIER ::= { id-ct 13 } +  ValPolResponse ::= SEQUENCE { +      vpResponseVersion       INTEGER, +      maxCVRequestVersion     INTEGER, +      maxVPRequestVersion     INTEGER, +      serverConfigurationID   INTEGER, +      thisUpdate              GeneralizedTime, +      nextUpdate              GeneralizedTime OPTIONAL, +      supportedChecks         CertChecks, +      supportedWantBacks      WantBack, +      validationPolicies      SEQUENCE OF OBJECT IDENTIFIER, +      validationAlgs          SEQUENCE OF OBJECT IDENTIFIER, +      authPolicies            SEQUENCE OF AuthPolicy, +      responseTypes           ResponseTypes, +      defaultPolicyValues     RespValidationPolicy, +      revocationInfoTypes     RevocationInfoTypes, +      signatureGeneration     SEQUENCE OF AlgorithmIdentifier +                                  {SIGNATURE-ALGORITHM, +                                      {SignatureAlgorithms}}, +      signatureVerification   SEQUENCE OF AlgorithmIdentifier +                                  {SIGNATURE-ALGORITHM, +                                      {SignatureAlgorithms}}, +      hashAlgorithms          SEQUENCE SIZE (1..MAX) OF +                                 OBJECT IDENTIFIER, +      serverPublicKeys        SEQUENCE OF KeyAgreePublicKey +                                 OPTIONAL, +      clockSkew               INTEGER DEFAULT 10, +      requestNonce            OCTET STRING OPTIONAL +  } + +  ResponseTypes  ::= ENUMERATED { +      cached-only                (0), +      non-cached-only            (1), +      cached-and-non-cached      (2) +  } + +  RevocationInfoTypes ::= BIT STRING { +      fullCRLs                   (0), +      deltaCRLs                  (1), +      indirectCRLs               (2), +      oCSPResponses              (3) +  } + +  AuthPolicy ::= OBJECT IDENTIFIER + +  -- SCVP Check Identifiers + +  id-stc OBJECT IDENTIFIER ::= +      { iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) 17 } + +  CertCheckSet OBJECT IDENTIFIER ::= { +      id-stc-build-pkc-path | id-stc-build-valid-pkc-path | +      id-stc-build-status-checked-pkc-path, ... } + +  id-stc-build-pkc-path        OBJECT IDENTIFIER ::= { id-stc 1 } +  id-stc-build-valid-pkc-path  OBJECT IDENTIFIER ::= { id-stc 2 } +  id-stc-build-status-checked-pkc-path +                              OBJECT IDENTIFIER ::= { id-stc 3 } + +  ACertCheckSet OBJECT IDENTIFIER ::= { +      id-stc-build-aa-path | id-stc-build-valid-aa-path | +      id-stc-build-status-checked-aa-path | +      id-stc-status-check-ac-and-build-status-checked-aa-path +  } + +  id-stc-build-aa-path         OBJECT IDENTIFIER ::= { id-stc 4 } +  id-stc-build-valid-aa-path   OBJECT IDENTIFIER ::= { id-stc 5 } +  id-stc-build-status-checked-aa-path +                              OBJECT IDENTIFIER ::= { id-stc 6 } +  id-stc-status-check-ac-and-build-status-checked-aa-path +                              OBJECT IDENTIFIER ::= { id-stc 7 } + +  -- SCVP WantBack Identifiers + +  id-swb OBJECT IDENTIFIER ::= +      { iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) 18 } + +  WantBackSet WANT-BACK ::= { +      swb-pkc-cert | swb-pkc-best-cert-path | +      swb-pkc-revocation-info | swb-pkc-public-key-info | +      swb-pkc-all-cert-paths | swb-pkc-ee-revocation-info | +      swb-pkc-CAs-revocation-info +  } + +  ACertWantBackSet WANT-BACK ::= { +      swb-ac-cert | swb-aa-cert-path | +      swb-aa-revocation-info | swb-ac-revocation-info +  } + +  AnyWantBackSet WANT-BACK ::= { swb-relayed-responses } + +  swb-pkc-best-cert-path WANT-BACK ::= +      { CertBundle IDENTIFIED BY id-swb-pkc-best-cert-path } +  id-swb-pkc-best-cert-path       OBJECT IDENTIFIER ::= { id-swb 1 } +  swb-pkc-revocation-info WANT-BACK ::= +      { RevInfoWantBack IDENTIFIED BY id-swb-pkc-revocation-info } +  id-swb-pkc-revocation-info      OBJECT IDENTIFIER ::= { id-swb 2 } + +  swb-pkc-public-key-info WANT-BACK ::= +      { SubjectPublicKeyInfo IDENTIFIED BY id-swb-pkc-public-key-info } +  id-swb-pkc-public-key-info      OBJECT IDENTIFIER ::= { id-swb 4 } + +  swb-aa-cert-path WANT-BACK ::= +      {CertBundle IDENTIFIED BY id-swb-aa-cert-path } +  id-swb-aa-cert-path             OBJECT IDENTIFIER ::= { id-swb 5 } + +  swb-aa-revocation-info WANT-BACK ::= +      { RevInfoWantBack IDENTIFIED BY id-swb-aa-revocation-info } +  id-swb-aa-revocation-info       OBJECT IDENTIFIER ::= { id-swb 6 } + +  swb-ac-revocation-info WANT-BACK ::= +      { RevInfoWantBack IDENTIFIED BY id-swb-ac-revocation-info } +  id-swb-ac-revocation-info       OBJECT IDENTIFIER ::= { id-swb 7 } + +  swb-relayed-responses WANT-BACK ::= +      {SCVPResponses IDENTIFIED BY id-swb-relayed-responses } + +  id-swb-relayed-responses        OBJECT IDENTIFIER ::= { id-swb 9 } + +  swb-pkc-all-cert-paths WANT-BACK ::= +      {CertBundles IDENTIFIED BY id-swb-pkc-all-cert-paths } +  id-swb-pkc-all-cert-paths       OBJECT IDENTIFIER ::= { id-swb 12} + +  swb-pkc-ee-revocation-info WANT-BACK ::= +      { RevInfoWantBack IDENTIFIED BY id-swb-pkc-ee-revocation-info } +  id-swb-pkc-ee-revocation-info   OBJECT IDENTIFIER ::= { id-swb 13} + +  swb-pkc-CAs-revocation-info WANT-BACK ::= +      { RevInfoWantBack IDENTIFIED BY id-swb-pkc-CAs-revocation-info } +  id-swb-pkc-CAs-revocation-info  OBJECT IDENTIFIER ::= { id-swb 14} + +  swb-pkc-cert WANT-BACK ::= +      { Certificate IDENTIFIED BY id-swb-pkc-cert } +  id-swb-pkc-cert OBJECT IDENTIFIER ::= { id-swb 10} + +  swb-ac-cert WANT-BACK ::= +      { AttributeCertificate IDENTIFIED BY id-swb-ac-cert } +  id-swb-ac-cert OBJECT IDENTIFIER ::= { id-swb 11} + +  -- SCVP Validation Policy and Algorithm Identifiers + +  id-svp OBJECT IDENTIFIER ::= +      { iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) 19 } + +  svp-defaultValPolicy POLICY ::= +      { IDENTIFIED BY id-svp-defaultValPolicy } + +  id-svp-defaultValPolicy OBJECT IDENTIFIER ::= { id-svp 1 } + +  -- SCVP Basic Validation Algorithm Identifier + +  svp-basicValAlg POLICY ::= {IDENTIFIED BY id-svp-basicValAlg } + +  id-svp-basicValAlg OBJECT IDENTIFIER ::= { id-svp 3 } + +  -- SCVP Basic Validation Algorithm Errors + +  id-bvae OBJECT IDENTIFIER ::= id-svp-basicValAlg + +  BasicValidationErrorSet OBJECT IDENTIFIER ::= { +      id-bvae-expired | id-bvae-not-yet-valid | +      id-bvae-wrongTrustAnchor | id-bvae-noValidCertPath | +      id-bvae-revoked | id-bvae-invalidKeyPurpose | +      id-bvae-invalidKeyUsage | id-bvae-invalidCertPolicy +  } + +  id-bvae-expired              OBJECT IDENTIFIER ::= { id-bvae 1 } +  id-bvae-not-yet-valid        OBJECT IDENTIFIER ::= { id-bvae 2 } +  id-bvae-wrongTrustAnchor     OBJECT IDENTIFIER ::= { id-bvae 3 } +  id-bvae-noValidCertPath      OBJECT IDENTIFIER ::= { id-bvae 4 } +  id-bvae-revoked              OBJECT IDENTIFIER ::= { id-bvae 5 } +  id-bvae-invalidKeyPurpose    OBJECT IDENTIFIER ::= { id-bvae 9 } +  id-bvae-invalidKeyUsage      OBJECT IDENTIFIER ::= { id-bvae 10 } +  id-bvae-invalidCertPolicy    OBJECT IDENTIFIER ::= { id-bvae 11 } + +  -- SCVP Name Validation Algorithm Identifier + +  svp-nameValAlg POLICY ::= +      {TYPE NameValidationAlgParams IDENTIFIED BY id-svp-nameValAlg } + +  id-svp-nameValAlg OBJECT IDENTIFIER ::= { id-svp 2 } + +  -- SCVP Name Validation Algorithm DN comparison algorithm + +  NameCompAlgSet OBJECT IDENTIFIER ::= { +      id-nva-dnCompAlg +  } + +  id-nva-dnCompAlg   OBJECT IDENTIFIER ::= { id-svp 4 } +  -- SCVP Name Validation Algorithm Errors + +  id-nvae OBJECT IDENTIFIER ::= id-svp-nameValAlg + +  NameValidationErrorSet OBJECT IDENTIFIER ::= { +      id-nvae-name-mismatch | id-nvae-no-name | id-nvae-unknown-alg | +      id-nvae-bad-name | id-nvae-bad-name-type | id-nvae-mixed-names +  } + +  id-nvae-name-mismatch   OBJECT IDENTIFIER ::= { id-nvae 1 } +  id-nvae-no-name         OBJECT IDENTIFIER ::= { id-nvae 2 } +  id-nvae-unknown-alg     OBJECT IDENTIFIER ::= { id-nvae 3 } +  id-nvae-bad-name        OBJECT IDENTIFIER ::= { id-nvae 4 } +  id-nvae-bad-name-type   OBJECT IDENTIFIER ::= { id-nvae 5 } +  id-nvae-mixed-names     OBJECT IDENTIFIER ::= { id-nvae 6 } + +  -- SCVP Extended Key Usage Key Purpose Identifiers + +  id-kp OBJECT IDENTIFIER ::= +      { iso(1) identified-organization(3) dod(6) internet(1) security(5) +      mechanisms(5) pkix(7) 3 } + +  SvcpExtKeyUsageSet OBJECT IDENTIFIER ::= { +      id-kp-scvpServer | id-kp-scvpClient +  } + +  id-kp-scvpServer   OBJECT IDENTIFIER ::= { id-kp 15 } + +  id-kp-scvpClient   OBJECT IDENTIFIER ::= { id-kp 16 } + +  END diff --git a/lib/asn1/test/asn1_SUITE_data/rfcs/SecureMimeMessageV3dot1-2009.asn1 b/lib/asn1/test/asn1_SUITE_data/rfcs/SecureMimeMessageV3dot1-2009.asn1 new file mode 100644 index 0000000000..2bd2aaa435 --- /dev/null +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/SecureMimeMessageV3dot1-2009.asn1 @@ -0,0 +1,122 @@ + SecureMimeMessageV3dot1-2009 +       {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) +       smime(16) modules(0) id-mod-msg-v3dot1-02(39)} + DEFINITIONS IMPLICIT TAGS ::= + BEGIN + IMPORTS + + SMIME-CAPS, SMIMECapabilities{} + FROM AlgorithmInformation-2009 +     {iso(1) identified-organization(3) dod(6) internet(1) security(5) +     mechanisms(5) pkix(7) id-mod(0) +     id-mod-algorithmInformation-02(58)} + + ATTRIBUTE + FROM PKIX-CommonTypes-2009 +     {iso(1) identified-organization(3) dod(6) internet(1) security(5) +     mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57)} + + SubjectKeyIdentifier, IssuerAndSerialNumber, RecipientKeyIdentifier + FROM CryptographicMessageSyntax-2009 +     {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) +     smime(16) modules(0) id-mod-cms-2004-02(41)} + + rc2-cbc, SMimeCaps + FROM CryptographicMessageSyntaxAlgorithms-2009 +     {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) +     smime(16) modules(0) id-mod-cmsalg-2001-02(37)} + + SMimeCaps + FROM PKIXAlgs-2009 +     {iso(1) identified-organization(3) dod(6) internet(1) security(5) +     mechanisms(5) pkix(7) id-mod(0) +     id-mod-pkix1-algorithms2008-02(56)} + + SMimeCaps + FROM PKIX1-PSS-OAEP-Algorithms-2009 +      {iso(1) identified-organization(3) dod(6) internet(1) +      security(5) mechanisms(5) pkix(7) id-mod(0) +      id-mod-pkix1-rsa-pkalgs-02(54)}; + + SMimeAttributeSet ATTRIBUTE ::= +     { aa-smimeCapabilities | aa-encrypKeyPref, ... } + + --  id-aa is the arc with all new authenticated and unauthenticated + --  attributes produced by the S/MIME Working Group + + id-aa OBJECT IDENTIFIER ::= +     { iso(1) member-body(2) usa(840) rsadsi(113549) pkcs(1) pkcs-9(9) +     smime(16) attributes(2)} + + -- The S/MIME Capabilities attribute provides a method of broadcasting + -- the symmetric capabilities understood.  Algorithms SHOULD be ordered + -- by preference and grouped by type + + aa-smimeCapabilities ATTRIBUTE ::= +     { TYPE SMIMECapabilities{{SMimeCapsSet}} IDENTIFIED BY +           smimeCapabilities } + smimeCapabilities OBJECT IDENTIFIER ::= +     { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) +     15 } + + SMimeCapsSet SMIME-CAPS ::= +     { cap-preferBinaryInside | cap-RC2CBC | +     PKIXAlgs-2009.SMimeCaps | +     CryptographicMessageSyntaxAlgorithms-2009.SMimeCaps | +     PKIX1-PSS-OAEP-Algorithms-2009.SMimeCaps, ... } + + -- Encryption Key Preference provides a method of broadcasting the + -- preferred encryption certificate. + + aa-encrypKeyPref ATTRIBUTE ::= +     { TYPE SMIMEEncryptionKeyPreference +         IDENTIFIED BY id-aa-encrypKeyPref } + + id-aa-encrypKeyPref OBJECT IDENTIFIER ::= {id-aa 11} + + SMIMEEncryptionKeyPreference ::= CHOICE { +    issuerAndSerialNumber   [0] IssuerAndSerialNumber, +    receipentKeyId          [1] RecipientKeyIdentifier, +    subjectAltKeyIdentifier [2] SubjectKeyIdentifier + } + + -- receipentKeyId is spelt incorrectly, but kept for historical + -- reasons. + + id-smime OBJECT IDENTIFIER ::= { iso(1) member-body(2) +    us(840) rsadsi(113549) pkcs(1) pkcs9(9) 16 } + + id-cap  OBJECT IDENTIFIER ::= { id-smime 11 } + + -- The preferBinaryInside indicates an ability to receive messages + -- with binary encoding inside the CMS wrapper + + cap-preferBinaryInside SMIME-CAPS ::= +     { -- No value -- IDENTIFIED BY id-cap-preferBinaryInside } + + id-cap-preferBinaryInside  OBJECT IDENTIFIER ::= { id-cap 1 } + + --  The following list OIDs to be used with S/MIME V3 + + -- Signature Algorithms Not Found in [RFC3370] + -- + -- md2WithRSAEncryption OBJECT IDENTIFIER ::= + --    {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) + --     2} + -- + -- Other Signed Attributes + -- + -- signingTime OBJECT IDENTIFIER ::= + --    {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) + --     5} + --    See [RFC5652] for a description of how to encode the attribute + --    value. + + cap-RC2CBC SMIME-CAPS ::= +     { TYPE SMIMECapabilitiesParametersForRC2CBC +         IDENTIFIED BY rc2-cbc} + + SMIMECapabilitiesParametersForRC2CBC ::= INTEGER (40 | 128, ...) + --    (RC2 Key Length (number of bits)) + + END diff --git a/lib/asn1/test/asn1_SUITE_data/x420/SelectedAttributeTypes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/SelectedAttributeTypes.asn1 index 07bba30690..07bba30690 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/SelectedAttributeTypes.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/SelectedAttributeTypes.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/SeseAPDUs.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/SeseAPDUs.asn1 index 2917122e94..2917122e94 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/SeseAPDUs.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/SeseAPDUs.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/SpkmGssTokens.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/SpkmGssTokens.asn1 index 02205bd64c..02205bd64c 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/SpkmGssTokens.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/SpkmGssTokens.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Style-Descriptors.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Style-Descriptors.asn1 index 8f033eab6f..8f033eab6f 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/Style-Descriptors.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Style-Descriptors.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Subprofiles.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Subprofiles.asn1 index bfcd0b5dbc..bfcd0b5dbc 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/Subprofiles.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Subprofiles.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Temporal-Relationships.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Temporal-Relationships.asn1 index 9633995e3b..9633995e3b 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/Temporal-Relationships.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Temporal-Relationships.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Text-Units.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Text-Units.asn1 index ccc64a52f5..ccc64a52f5 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/Text-Units.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Text-Units.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/UpperBounds.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/UpperBounds.asn1 index c97c83a569..c97c83a569 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/UpperBounds.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/UpperBounds.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/UsefulDefinitions.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/UsefulDefinitions.asn1 index d9601bb7d0..d9601bb7d0 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/UsefulDefinitions.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/UsefulDefinitions.asn1 diff --git a/lib/asn1/test/asn1_SUITE_data/x420/Videotex-Coding-Attributes.asn b/lib/asn1/test/asn1_SUITE_data/rfcs/Videotex-Coding-Attributes.asn1 index 18e51cbc0d..18e51cbc0d 100644 --- a/lib/asn1/test/asn1_SUITE_data/x420/Videotex-Coding-Attributes.asn +++ b/lib/asn1/test/asn1_SUITE_data/rfcs/Videotex-Coding-Attributes.asn1 diff --git a/lib/asn1/test/asn1_test_lib.erl b/lib/asn1/test/asn1_test_lib.erl index da07cd1118..a5f46046ff 100644 --- a/lib/asn1/test/asn1_test_lib.erl +++ b/lib/asn1/test/asn1_test_lib.erl @@ -21,6 +21,7 @@  -export([compile/3,compile_all/3,compile_erlang/3,  	 hex_to_bin/1, +	 match_value/2,  	 parallel/0,  	 roundtrip/3,roundtrip/4,roundtrip_enc/3,roundtrip_enc/4]). @@ -106,6 +107,24 @@ compile_erlang(Mod, Config, Options) ->  hex_to_bin(S) ->      << <<(hex2num(C)):4>> || C <- S, C =/= $\s >>. +%% match_value(Pattern, Value) -> ok. +%%  Match Pattern against Value. If the Pattern contains in any +%%  position, the corresponding position in the Value can be +%%  anything. Generate an exception if the Pattern and Value don't +%%  match. + +match_value('_', _) -> +    ok; +match_value([H1|T1], [H2|T2]) -> +    match_value(H1, H2), +    match_value(T1, T2); +match_value(T1, T2) when tuple_size(T1) =:= tuple_size(T2) -> +    match_value_tuple(1, T1, T2); +match_value(Same, Same) -> +    ok; +match_value(V1, V2) -> +    error({nomatch,V1,V2}). +  roundtrip(Mod, Type, Value) ->      roundtrip(Mod, Type, Value, Value). @@ -132,6 +151,12 @@ hex2num(C) when $0 =< C, C =< $9 -> C - $0;  hex2num(C) when $A =< C, C =< $F -> C - $A + 10;  hex2num(C) when $a =< C, C =< $f -> C - $a + 10. +match_value_tuple(I, T1, T2) when I =< tuple_size(T1) -> +    match_value(element(I, T1), element(I, T2)), +    match_value_tuple(I+1, T1, T2); +match_value_tuple(_, _, _) -> +    ok. +  test_ber_indefinite(Mod, Type, Encoded, ExpectedValue) ->      case Mod:encoding_rule() of  	ber -> diff --git a/lib/asn1/test/error_SUITE.erl b/lib/asn1/test/error_SUITE.erl index 1edd60f7c8..a9893b91cc 100644 --- a/lib/asn1/test/error_SUITE.erl +++ b/lib/asn1/test/error_SUITE.erl @@ -19,9 +19,12 @@  -module(error_SUITE).  -export([suite/0,all/0,groups/0, -	 already_defined/1,bitstrings/1,enumerated/1, -	 imports/1,instance_of/1,integers/1,objects/1, -	 parameterization/1,values/1]). +	 already_defined/1,bitstrings/1, +	 classes/1,constraints/1,constructed/1,enumerated/1, +	 imports_exports/1,instance_of/1,integers/1,objects/1, +	 object_field_extraction/1,oids/1,rel_oids/1, +	 object_sets/1,parameterization/1, +	 syntax/1,table_constraints/1,tags/1,values/1]).  -include_lib("test_server/include/test_server.hrl"). @@ -34,12 +37,22 @@ groups() ->      [{p,parallel(),        [already_defined,         bitstrings, +       classes, +       constraints, +       constructed,         enumerated, -       imports, +       imports_exports,         instance_of,         integers,         objects, +       object_field_extraction, +       object_sets, +       oids, +       rel_oids,         parameterization, +       syntax, +       table_constraints, +       tags,         values]}].  parallel() -> @@ -94,6 +107,46 @@ bitstrings(Config) ->       ]} = run(P, Config),      ok. +classes(Config) -> +    M = 'Classes', +    P = {M, +	 <<"Classes DEFINITIONS AUTOMATIC TAGS ::= BEGIN\n" +	   "  LowerCase ::= CLASS { &id INTEGER UNIQUE }\n" +	   "  CL ::= CLASS { &id INTEGER UNIQUE DEFAULT 42}\n" +	   "END\n">>}, +    {error, +     [{structured_error,{M,2},asn1ct_check, +       {illegal_class_name,'LowerCase'}}, +      {structured_error,{M,3},asn1ct_check, +       {unique_and_default,id}} +     ]} = run(P, Config), +    ok. + +constraints(Config) -> +    M = 'Constraints', +    P = {M, +	 <<"Constraints DEFINITIONS AUTOMATIC TAGS ::= BEGIN\n" +	   "  II-1 ::= INTEGER (holder-1.&obj)\n" +	   "  II-2 ::= INTEGER ('1234'H<..20)\n" +	   "  II-3 ::= INTEGER (1..<\"abc\")\n" +	   "  II-4 ::= INTEGER (10..1)\n" + +	   "  HOLDER ::= CLASS {\n" +	   "    &obj HOLDER OPTIONAL\n" +	   "  }\n" + +	   "  holder-1 HOLDER ::= { &obj holder-2 }\n" +	   "  holder-2 HOLDER ::= { }\n" +	   "END\n">>}, +    {error, +     [ +      {structured_error,{M,2},asn1ct_check,illegal_value}, +      {structured_error,{M,3},asn1ct_check,illegal_integer_value}, +      {structured_error,{M,4},asn1ct_check,illegal_integer_value}, +      {structured_error,{M,5},asn1ct_check,reversed_range} +     ]} = run(P, Config), +    ok. +  enumerated(Config) ->      M = 'Enumerated',      P = {M, @@ -111,38 +164,77 @@ enumerated(Config) ->  	   "  S2 ::= SEQUENCE {\n"  	   "    e2 EnumExt DEFAULT xyz\n"  	   "  }\n" + +	   "  BadEnum1 ::= ENUMERATED {a, b, c, b }\n" +	   "  BadEnum2 ::= ENUMERATED {a(1), b(2), b(3) }\n" +	   "  BadEnum3 ::= ENUMERATED {a(1), b(1) }\n" +	   "  BadEnum4 ::= ENUMERATED {a, b, ..., c(0) }\n" +	   "  BadEnum5 ::= ENUMERATED {a, b, ..., c(10), d(5) }\n"  	   "END\n">>},      {error,       [ -      {structured_error,{'Enumerated',3},asn1ct_check,{undefined,d}}, -      {structured_error,{'Enumerated',5},asn1ct_check,{undefined,z}}, -      {structured_error,{'Enumerated',10},asn1ct_check,{undefined,aa}}, -      {structured_error,{'Enumerated',13},asn1ct_check,{undefined,xyz}} +      {structured_error,{M,3},asn1ct_check,{undefined,d}}, +      {structured_error,{M,5},asn1ct_check,{undefined,z}}, +      {structured_error,{M,6},asn1ct_check,{undefined,aa}}, +      {structured_error,{M,12},asn1ct_check,{undefined,xyz}}, +      {structured_error,{M,15},asn1ct_check, +       {enum_illegal_redefinition,b}}, +      {structured_error,{M,16},asn1ct_check, +       {enum_illegal_redefinition,b}}, +      {structured_error,{M,17},asn1ct_check, +       {enum_reused_value,b,1}}, +      {structured_error,{M,18},asn1ct_check, +       {enum_reused_value,c,0}}, +      {structured_error,{M,19},asn1ct_check, +       {enum_not_ascending,d,5,10}}       ]      } = run(P, Config),      ok. -imports(Config) -> +imports_exports(Config) ->      Ext = 'ExternalModule',      ExtP = {Ext,  	    <<"ExternalModule DEFINITIONS AUTOMATIC TAGS ::= BEGIN\n" +	      "IMPORTS\n" +	      " Int, NonExistingImport FROM ImportsFrom;\n" + +	      " Existing ::= INTEGER\n"  	      "END\n">>}, -    ok = run(ExtP, Config), +    {error, +     [{structured_error, +       {Ext,3}, +       asn1ct_check, +       {undefined_import,'NonExistingImport', +	'ImportsFrom'}}]} = run(ExtP, Config),      M = 'Imports',      P = {M,  	 <<"Imports DEFINITIONS AUTOMATIC TAGS ::= BEGIN\n" -	   "IMPORTS NotDefined FROM ExternalModule\n" -	   "X FROM UndefinedModule objid\n" -	   "Y, Z FROM UndefinedModule2;\n" +	   "EXPORTS\n" +	   " T, UndefinedType;\n" + +	   "IMPORTS\n" +	   " NotDefined, Existing, Int, NonExistingImport\n" +	   "   FROM ExternalModule\n" +	   " X FROM UndefinedModule objid\n" +	   " Y, Z FROM UndefinedModule2;\n" +  	   "objid OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) remote-operations(4)\n"  	   "    notation(0)}\n" +	   "T ::= INTEGER\n"  	   "END\n">>}, -    {error,[{structured_error,{M,2},asn1ct_check, -	     {undefined_import,'NotDefined','ExternalModule'}}, -	    {structured_error,{M,3},asn1ct_check,{undefined_import,'X','UndefinedModule'}}, -	    {structured_error,{M,4},asn1ct_check,{undefined_import,'Y','UndefinedModule2'}}, -	    {structured_error,{M,4},asn1ct_check,{undefined_import,'Z','UndefinedModule2'}} +    {error,[{structured_error,{M,3},asn1ct_check, +	     {undefined_export, 'UndefinedType'}}, +	    {structured_error,{M,5},asn1ct_check, +	     {undefined_import,'NonExistingImport',Ext}}, +	    {structured_error,{M,5},asn1ct_check, +	     {undefined_import,'NotDefined',Ext}}, +	    {structured_error,{M,7},asn1ct_check, +	     {undefined_import,'X','UndefinedModule'}}, +	    {structured_error,{M,8},asn1ct_check, +	     {undefined_import,'Y','UndefinedModule2'}}, +	    {structured_error,{M,8},asn1ct_check, +	     {undefined_import,'Z','UndefinedModule2'}}  	   ]} = run(P, Config),      ok. @@ -170,11 +262,14 @@ integers(Config) ->  	   "  Int1 ::= INTEGER {a(1), a(1)}\n"  	   "  Int2 ::= INTEGER {a(1), b(2), a(3)}\n"  	   "  Int3 ::= INTEGER {x(1), y(1)}\n" +	   "  i0 INTEGER ::= 1\n" +	   "  Int4 ::= INTEGER {x(i0), y(undef) }\n"  	   "END\n">>},      {error,       [{structured_error,{M,2},asn1ct_check,{namelist_redefinition,a}},        {structured_error,{M,3},asn1ct_check,{namelist_redefinition,a}}, -      {structured_error,{M,4},asn1ct_check,{value_reused,1}} +      {structured_error,{M,4},asn1ct_check,{value_reused,1}}, +      {structured_error,{M,6},asn1ct_check,{undefined,undef}}       ]} = run(P, Config),      ok. @@ -188,6 +283,11 @@ objects(Config) ->  	   "  obj3 CL ::= { &Data OCTET STRING }\n"  	   "  obj4 SMALL ::= { &code 42 }\n"  	   "  InvalidSet CL ::= { obj1 }\n" +	   "  obj5 CL ::= {}\n" +	   "  ErrSet ::= PT{ {PT{inst}}}\n" +	   "  obj6 CL ::= 7\n" +	   "  obj7 CL ::= int\n" +	   "  obj8 NON-CLASS ::= { &id 1 }\n"  	   "  CL ::= CLASS {\n"  	   "    &code INTEGER UNIQUE,\n" @@ -203,6 +303,12 @@ objects(Config) ->  	   "    &code INTEGER UNIQUE,\n"             "    &i INTEGER\n"             "  }\n" + +	   "  PT{SMALL:Small} ::= SEQUENCE { a SMALL.&code ({Small}) }\n" +	   "  inst SMALL ::= {&code 42, &i 4711}\n" + +	   "  int INTEGER ::= 42\n" +	   "  NON-CLASS ::= SEQUENCE { a BOOLEAN }\n"  	   "END\n">>},      {error,       [ @@ -216,24 +322,490 @@ objects(Config) ->        {structured_error,{M,5},asn1ct_check,         {missing_mandatory_fields,[i],obj4}},        {structured_error,{M,6},asn1ct_check, -       {invalid_fields,[wrong],'InvalidSet'}} +       {invalid_fields,[wrong],'InvalidSet'}}, +      {structured_error,{M,7},asn1ct_check, +       {missing_mandatory_fields, +	['Data','Set','VarTypeValue',code,enum,object, +	 vartypevalue],obj5}}, +      {structured_error,{M,8},asn1ct_check,invalid_objectset}, +      {structured_error,{M,9},asn1ct_check,illegal_object}, +      {structured_error,{M,10},asn1ct_check,illegal_object}, +      {structured_error,{M,11},asn1ct_check,illegal_object} +     ] +    } = run(P, Config), +    ok. + +object_field_extraction(Config) -> +    M = 'ObjectFieldExtraction', +    P = {M, +	 <<"ObjectFieldExtraction DEFINITIONS AUTOMATIC TAGS ::= BEGIN\n" + +	   "  DataObjSet DATA-CLASS ::= {\n" +	   "    holder-object-1.&int,\n" +	   "    ...\n" +	   "  }\n" + +	   "  DataObjSetNoExt DATA-CLASS ::= {\n" +	   "    holder-object-1.&int\n" +	   "  }\n" + +	   "  holder-object-1 HOLDER-CLASS ::= {\n" +	   "    &int 42\n" +	   "  }\n" + +	   "  HOLDER-CLASS ::= CLASS {\n" +           "    &int INTEGER\n" +           "  }\n" + +	   "  DATA-CLASS ::= CLASS {\n" +           "    &id INTEGER\n" +           "  }\n" + +	   "END\n">>}, +    {error, +     [ +      {structured_error,{M,2},asn1ct_check,illegal_object}, +      {structured_error,{M,6},asn1ct_check,illegal_object} +     ] +    } = run(P, Config), +    ok. + +object_sets(Config) -> +    M = 'ObjectSets', +    P = {M, <<"ObjectSets DEFINITIONS AUTOMATIC TAGS ::= BEGIN\n" +	      "TEST-UNIQ ::= CLASS { &id INTEGER UNIQUE,  &test INTEGER }\n" +	      "UniqSet TEST-UNIQ ::= { { &id 1, &test 1 } | {&id 1, &test 2} }\n" + +	      "DOUBLE-UNIQ ::= CLASS { &id1 INTEGER UNIQUE," +              "           &id INTEGER UNIQUE }\n" +              "DoubleSet DOUBLE-UNIQ ::= { {&id1 1, &id2 2} }\n" +	      "END\n">>}, +    {error, +     [{structured_error,{M,3},asn1ct_check,{non_unique_object,1}}, +      {structured_error,{M,5},asn1ct_check,multiple_uniqs} +     ] +    } = run(P, Config), +    ok. + +oids(Config) -> +    M = 'OIDS', +    P = {M,<<"OIDS DEFINITIONS AUTOMATIC TAGS ::= BEGIN\n" +	    "CONTAINER ::= CLASS { &id OBJECT IDENTIFIER UNIQUE,\n" +	    "                      &int INTEGER OPTIONAL,\n" +	    "                      &seq SEQUENCE { a INTEGER } OPTIONAL\n" +	    "}\n" + +	    "-- This is line 6.\n" +	    "object-1 CONTAINER ::= { &id {1 2 3}, &int 42 }\n" +	    "object-2 CONTAINER ::= { &id {1 999}, &int 0 }\n" +	    "object-3 CONTAINER ::= { &id {1 2}, &seq { a 42 } }\n" +	    "oid-1 OBJECT IDENTIFIER ::= object-1.&int\n" +	    "oid-2 OBJECT IDENTIFIER ::= object-2.&id\n" +	    "oid-3 OBJECT IDENTIFIER ::= object-3.&seq\n" +	    "-- This is line 13.\n" + +	    "oid-5 OBJECT IDENTIFIER ::= { a 42, b 19 }\n" + +	    "oid-6 OBJECT IDENTIFIER ::= int\n" +	    "int INTEGER ::= 42\n" + +	    "oid-7 OBJECT IDENTIFIER ::= seq\n" +	    "seq SEQUENCE { x INTEGER } ::= { x 11 }\n" + +	    "oid-8 OBJECT IDENTIFIER ::= os\n" +	    "os OCTET STRING ::= '1234'H\n" + +	    "oid-9 OBJECT IDENTIFIER ::= { 1 os }\n" + +	    "oid-10 OBJECT IDENTIFIER ::= { 1 invalid }\n" + +	    "-- This is line 23.\n" +	    "oid-11 OBJECT IDENTIFIER ::= { 0 legal-oid }\n" +	    "legal-oid OBJECT IDENTIFIER ::= {1 2 3}\n" + +	    "bad-root-1 OBJECT IDENTIFIER ::= {99}\n" +	    "bad-root-2 OBJECT IDENTIFIER ::= {0 42}\n" + +	    "oid-object-ref-1 OBJECT IDENTIFIER ::= object-1\n" +	    "oid-object-ref-2 OBJECT IDENTIFIER ::= { object-1 19 } \n" + +	    "oid-int OBJECT IDENTIFIER ::= 42\n" +	    "oid-sequence OBJECT IDENTIFIER ::= {a 42, b 35}\n" + +	     "END\n">>}, +    {error, +     [ +      {structured_error,{M,8},asn1ct_check,{illegal_oid,o_id}}, +      {structured_error,{M,10},asn1ct_check,{illegal_oid,o_id}}, +      {structured_error,{M,11},asn1ct_check,{illegal_oid,o_id}}, +      {structured_error,{M,12},asn1ct_check,{illegal_oid,o_id}}, +      {structured_error,{M,14},asn1ct_check,{illegal_oid,o_id}}, +      {structured_error,{M,15},asn1ct_check,{illegal_oid,o_id}}, +      {structured_error,{M,17},asn1ct_check,{illegal_oid,o_id}}, +      {structured_error,{M,19},asn1ct_check,{illegal_oid,o_id}}, +      {structured_error,{M,21},asn1ct_check,{illegal_oid,o_id}}, +      {structured_error,{M,22},asn1ct_check,{illegal_oid,o_id}}, +      {structured_error,{M,24},asn1ct_check,{illegal_oid,o_id}}, +      {structured_error,{M,26},asn1ct_check,{illegal_oid,o_id}}, +      {structured_error,{M,27},asn1ct_check,{illegal_oid,o_id}}, +      {structured_error,{M,28},asn1ct_check,{illegal_oid,o_id}}, +      {structured_error,{M,29},asn1ct_check,{illegal_oid,o_id}}, +      {structured_error,{M,30},asn1ct_check,{illegal_oid,o_id}}, +      {structured_error,{M,31},asn1ct_check,{illegal_oid,o_id}}       ]      } = run(P, Config),      ok. +rel_oids(Config) -> +    M = 'REL-OIDS', +    P = {M,<<"REL-OIDS DEFINITIONS AUTOMATIC TAGS ::= BEGIN\n" +	     "legal-oid OBJECT IDENTIFIER ::= {1 2}\n" +	     "legal-roid RELATIVE-OID ::= {1 2}\n" +	     "CONTAINER ::= CLASS { &oid OBJECT IDENTIFIER OPTIONAL,\n" +	     "                      &int INTEGER OPTIONAL,\n" +	     "                      &seq SEQUENCE { a INTEGER } OPTIONAL\n" +	     "}\n" +	     "object-1 CONTAINER ::= { &oid {1 2 3},\n" +	     "                         &int 42,\n", +	     "                         &seq {a 42}\n" +	     "                       }\n" + +	     "wrong-type-rel-oid-1 RELATIVE-OID ::= legal-oid\n" +	     "wrong-type-rel-oid-2 RELATIVE-OID ::= object-1.&oid\n" +	     "wrong-type-rel-oid-3 RELATIVE-OID ::= object-1.&int\n" +	     "wrong-type-rel-oid-4 RELATIVE-OID ::= object-1.&seq\n" +	     "wrong-type-rel-oid-5 RELATIVE-OID ::= object-1.&undef\n" + +	     "oid-bad-first OBJECT IDENTIFIER ::= {legal-roid 3}\n" +	     "END\n">>}, +    {error, +     [ +      {structured_error,{M,12},asn1ct_check,{illegal_oid,rel_oid}}, +      {structured_error,{M,13},asn1ct_check,{illegal_oid,rel_oid}}, +      {structured_error,{M,14},asn1ct_check,{illegal_oid,rel_oid}}, +      {structured_error,{M,15},asn1ct_check,{illegal_oid,rel_oid}}, +      {structured_error,{M,16},asn1ct_check,{undefined_field,undef}}, +      {structured_error,{M,17},asn1ct_check,{illegal_oid,o_id}} +     ] +    } = run(P, Config), +    ok. + +  parameterization(Config) ->      M = 'Parameterization',      P = {M,  	 <<"Parameterization DEFINITIONS AUTOMATIC TAGS ::= BEGIN\n"  	   "  NotUppercase{lowercase} ::= INTEGER (lowercase)\n" + +	   "  P{T1,T2} ::= SEQUENCE { a T1, b T2 }\n" +	   "  S ::= P{OCTET STRING}\n" + +	   "  Seq ::= SEQUENCE { a INTEGER }\n" +	   "  Sbad ::= Seq{INTEGER}\n" + +	   "END\n">>}, +    {error, +     [{structured_error,{M,2},asn1ct_check, +       {illegal_typereference,lowercase}}, +      {structured_error,{M,4},asn1ct_check, +       param_wrong_number_of_arguments}, +      {structured_error,{M,6},asn1ct_check, +       {param_bad_type, 'Seq'}} +     ] +    } = run(P, Config), +    ok. + + +constructed(Config) -> +    M = 'Const', +    P = {M, +	 <<"Const DEFINITIONS AUTOMATIC TAGS ::= BEGIN\n" +	   "  Seq1 ::= SEQUENCE {a INTEGER, b BIT STRING, a BOOLEAN}\n" +	   "  Ch   ::= CHOICE {a INTEGER, b BIT STRING, a BOOLEAN}\n" +	   "  Seq2 ::= SEQUENCE {COMPONENTS OF Ch}\n" +	   "  CL   ::= CLASS { &id INTEGER UNIQUE, &Type }\n" +	   "  Seq3 ::= SEQUENCE { id CL.&id, d CL.&foo }\n" + +	   "  Seq4 ::= SEQUENCE { a INTEGER, z INTEGER OPTIONAL, b Set1 }\n" +	   "  Set1 ::= SET { c BOOLEAN, d INTEGER }\n" +	   "  s1 Seq4 ::= {a 42, b {c TRUE, zz 4711}}\n" +	   "  s2 Seq4 ::= {a 42, b {c TRUE, d FALSE}}\n" +	   "  s3 Seq4 ::= {a 42, b {c TRUE}}\n" +	   "  s4 Seq4 ::= {a 42, b {c TRUE, d 4711}, zz 4712}\n" +	   "  s5 Seq4 ::= {a 42}\n" +	   "  s6 Seq4 ::= {a 42, zz 4712, b {c TRUE, d 4711}}\n"  	   "END\n">>},      {error, -     [{structured_error,{'Parameterization',2},asn1ct_check, -       {illegal_typereference,lowercase}} -      ] -     } = run(P, Config), +     [{structured_error,{M,2},asn1ct_check,{duplicate_identifier,a}}, +      {structured_error,{M,3},asn1ct_check,{duplicate_identifier,a}}, +      {structured_error,{M,4},asn1ct_check,{illegal_COMPONENTS_OF,'Ch'}}, +      {structured_error,{M,6},asn1ct_check,{illegal_object_field,foo}}, + +      {structured_error,{M,9},asn1ct_check,{illegal_id,zz}}, +      {structured_error,{M,10},asn1ct_check,illegal_integer_value}, +      {structured_error,{M,11},asn1ct_check,{missing_id,d}}, +      {structured_error,{M,12},asn1ct_check,{illegal_id,zz}}, +      {structured_error,{M,13},asn1ct_check,{missing_id,b}}, +      {structured_error,{M,14},asn1ct_check,{illegal_id,zz}} +     ] +    } = run(P, Config), +    ok. + +syntax(Config) -> +    M = 'Syntax', +    P = {M, +	 <<"Syntax DEFINITIONS AUTOMATIC TAGS ::= BEGIN\n" +	   "  obj1  CL ::= { WRONG }\n" +	   "  obj2  CL ::= { CODE 42 AGAIN WRONG }\n" +	   "  obj3  CL ::= { INTEGER }\n" +	   "  obj4  CL ::= { BIT STRING }\n" +	   "  obj5  CL ::= { , }\n" +	   "  obj6  CL ::= { CODE , }\n" +	   "  obj7  CL ::= { CODE \"abc\" }\n" +	   "  obj8  CL ::= { CODE }\n" +	   "  obj9  CL ::= { CODE 42 ENUM}\n" +	   "  obj10 CL ::= { CODE 42 ENUM BIT STRING}\n" + +	   "  obj11 CL ::= { CODE 42 TYPE 13}\n" +	   "  obj12 CL ::= { CODE 42 TYPE d}\n" +	   "  obj13 CL ::= { CODE 42 TYPE bs-value}\n" + +	   "  bad-syntax-1 BAD-SYNTAX-1 ::= { BAD 42 }\n" + +	   "  obj14 CL ::= { CODE 42 OBJ-SET integer }\n" +	   "  obj15 CL ::= { CODE 42 OBJ-SET { A B } }\n" +	   "  obj16 CL ::= { CODE 42 OBJ-SET SEQUENCE { an INTEGER } }\n" + +	   "  obj17 CL ::= { CODE 42 OID {seqtag 42} }\n" +	   "  obj18 CL ::= { CODE 42 OID {seqtag 42, seqtag-again 43} }\n" +	   "  obj19 CL ::= { CODE 42 OID {one 1 two 2} }\n" + +	   "  BAD-SYNTAX-1 ::= CLASS {\n" +	   "    &code INTEGER UNIQUE\n" +	   "  } WITH SYNTAX {\n" +	   "    BAD &bad\n" +	   "  }\n" + +	   "  BAD-SYNTAX-2 ::= CLASS {\n" +	   "    &code INTEGER UNIQUE\n" +	   "  } WITH SYNTAX {\n" +	   "    BAD &Bad\n" +	   "  }\n" + +	   "  BAD-SYNTAX-3 ::= CLASS {\n" +	   "    &code INTEGER UNIQUE\n" +	   "  } WITH SYNTAX {\n" +	   "    [ID &code]\n" +	   "  }\n" + +	   "  BAD-SYNTAX-4 ::= CLASS {\n" +	   "    &code INTEGER UNIQUE\n" +	   "  } WITH SYNTAX {\n" +	   "    ID\n" +	   "  }\n" + +	   "  BAD-SYNTAX-5 ::= CLASS {\n" +	   "    &code INTEGER UNIQUE,\n" +	   "    &Type\n" +	   "  } WITH SYNTAX {\n" +	   "    ID\n" +	   "  }\n" + +	   "  BAD-SYNTAX-6 ::= CLASS {\n" +	   "    &code INTEGER UNIQUE\n" +	   "  } WITH SYNTAX {\n" +	   "    ID &code, &code\n" +	   "  }\n" + +	   "  BAD-SYNTAX-7 ::= CLASS {\n" +	   "    &code INTEGER UNIQUE,\n" +	   "    &Type\n" +	   "  } WITH SYNTAX {\n" +	   "    ID &Type, &code, &code, &Type\n" +	   "  }\n" + +	   "  CL ::= CLASS {\n" +	   "    &code INTEGER UNIQUE,\n" +	   "    &enum ENUMERATED { a, b, c} OPTIONAL,\n" +	   "    &Type OPTIONAL,\n" +	   "    &ObjSet CL OPTIONAL,\n" +	   "    &oid OBJECT IDENTIFIER OPTIONAL\n" +	   "  } WITH SYNTAX {\n" +	   "    CODE &code [ENUM &enum] [TYPE &Type] [OBJ-SET &ObjSet]\n" +           "    [OID &oid]\n" +	   "  }\n" + +	   "  bs-value BIT STRING ::= '1011'B\n" + +	   "  integer INTEGER ::= 42\n" +	   "END\n">>}, +    {error, +     [ +      {structured_error,{M,2},asn1ct_check, +       {syntax_nomatch,"WRONG"}}, +      {structured_error,{M,3},asn1ct_check, +       {syntax_nomatch,"AGAIN"}}, +      {structured_error,{M,4},asn1ct_check, +       {syntax_nomatch,"INTEGER"}}, +      {structured_error,{M,5},asn1ct_check, +       {syntax_nomatch,"BIT STRING"}}, +      {structured_error,{M,6},asn1ct_check, +       {syntax_nomatch,"\",\""}}, +      {structured_error,{M,7},asn1ct_check, +       {syntax_nomatch,"\",\""}}, +      {structured_error,{M,8},asn1ct_check, +       {syntax_nomatch,"\"abc\""}}, +      {structured_error,{M,9},asn1ct_check, +       syntax_nomatch}, +      {structured_error,{M,10},asn1ct_check, +       syntax_nomatch}, +      {structured_error,{M,11},asn1ct_check, +       {syntax_nomatch,"BIT STRING"}}, +      {structured_error,{M,12},asn1ct_check, +       {syntax_nomatch,"13"}}, +      {structured_error,{M,13},asn1ct_check, +       {syntax_nomatch,"d"}}, +      {structured_error,{M,14},asn1ct_check, +       {syntax_nomatch,"bs-value"}}, +      {structured_error,{M,15},asn1ct_check, +       {syntax_undefined_field,bad}}, +      {structured_error,{M,16},asn1ct_check, +       {syntax_nomatch,"integer"}}, +      {structured_error,{M,17},asn1ct_check, +       {syntax_nomatch,"\"A B\""}}, +      {structured_error,{M,18},asn1ct_check, +       {syntax_nomatch,"SEQUENCE"}}, +      {structured_error,{M,19},asn1ct_check, +       {syntax_nomatch,"\"seqtag 42\""}}, +      {structured_error,{M,20},asn1ct_check, +       {syntax_nomatch,"\"seqtag 42 seqtag-again 43\""}}, +      {structured_error,{M,21},asn1ct_check, +       {syntax_nomatch,"\"one 1 two 2\""}}, +      {structured_error,{M,22},asn1ct_check, +       {syntax_undefined_field,bad}}, +      {structured_error,{M,27},asn1ct_check, +       {syntax_undefined_field,'Bad'}}, +      {structured_error,{M,32},asn1ct_check, +       {syntax_mandatory_in_optional_group,code}}, +      {structured_error,{M,37},asn1ct_check, +       {syntax_missing_mandatory_fields,[code]}}, +      {structured_error,{M,42},asn1ct_check, +       {syntax_missing_mandatory_fields,['Type',code]}}, +      {structured_error,{M,48},asn1ct_check, +       {syntax_duplicated_fields,[code]}}, +      {structured_error,{M,53},asn1ct_check, +       {syntax_duplicated_fields,['Type',code]}} +     ] +    } = run(P, Config), +    ok. + +table_constraints(Config) -> +    M = 'TableConstraints', +    P = {M, +	 <<"TableConstraints DEFINITIONS AUTOMATIC TAGS ::= BEGIN\n" +	   "  Seq-1 ::= SEQUENCE {\n" +	   "    contentType CONTENTS.&id,\n" +	   "    content CONTENTS.&Type({Contents}{@contentType})\n" +	   "  }\n" + +	   "  Seq-2 ::= SEQUENCE {\n" +	   "    contentType INTEGER,\n" +	   "    content CONTENTS.&Type({Contents}{@contentType})\n" +	   "  }\n" + +	   "  Int ::= INTEGER ({1})\n" + +	   "  Seq-3 ::= SEQUENCE {\n" +	   "    contentType CONTENTS.&id({1})\n" +	   "  }\n" + +	   "Contents CONTENTS ::= {\n" +	   "  {OCTET STRING IDENTIFIED BY {2 1 1}}\n" +	   "}\n" + +	   "CONTENTS ::= TYPE-IDENTIFIER\n" +	   "END\n">>}, +    {error, +     [{structured_error, +       {M,2},asn1ct_check, +       {missing_table_constraint,contentType}}, +      {structured_error, +       {M,6},asn1ct_check, +       {missing_ocft,contentType}}, +      {structured_error, +       {M,10},asn1ct_check, +       illegal_table_constraint}, +      {structured_error, +       {M,11},asn1ct_check, +       invalid_table_constraint} +     ]} = run(P, Config), +    ok. + +tags(Config) -> +    M = 'Tags', +    P = {M, +	 <<"Tags DEFINITIONS AUTOMATIC TAGS ::= BEGIN\n" +	   "SeqOpt1 ::= SEQUENCE\n" +	   "{\n" +	   "bool1  BOOLEAN OPTIONAL,\n" +	   "int1  INTEGER,\n" +	   "seq1  SeqIn OPTIONAL\n" +	   "}\n" + +	   "SeqOpt1Imp ::= SEQUENCE \n" +	   "{\n" +	   "bool1 [1] BOOLEAN OPTIONAL,\n" +	   "int1  INTEGER,\n" +	   "seq1  [2] SeqIn OPTIONAL,\n" +	   "seq2  [2] SeqIn OPTIONAL,\n" +	   "...,\n" +	   "int2  [3] SeqIn,\n" +	   "int3  [3] SeqIn\n" +	   "}\n" + +	   "SeqIn ::= SEQUENCE \n" +	   "{\n" +	   "boolIn  BOOLEAN,\n" +	   "intIn  INTEGER\n" +	   "}\n" +	   "\n" + + +	   "Set1 ::= SET {\n" +	   " os [0] OCTET STRING,\n" +	   " bool [0] BOOLEAN\n" +	   "}\n" + +	   "Seq1 ::= SEQUENCE {\n" +	   "a [0] IMPLICIT Choice OPTIONAL\n" +	   "}\n" +	   "Seq2 ::= SEQUENCE {\n" +	   "a [0] IMPLICIT ANY OPTIONAL\n" +	   "}\n" +	   "Choice ::=\n" +	   "CHOICE {\n" +	   "a [0] BOOLEAN,\n" +	   "b [1] INTEGER\n" +	   "}\n" + +	   "END\n">>}, +    {error, +     [{structured_error, +       {M,8},asn1ct_check, +       {duplicate_tags,[seq1,seq2]}}, +      {structured_error, +       {M,24},asn1ct_check, +       {duplicate_tags,[bool,os]}}, +      {structured_error, +       {M,28},asn1ct_check, +       {implicit_tag_before,choice}}, +      {structured_error, +       {M,31},asn1ct_check, +       {implicit_tag_before,open_type}} +     ]} = run(P, Config),      ok. +  values(Config) ->      M = 'Values',      P = {M, @@ -241,6 +813,53 @@ values(Config) ->  	   "  os1 OCTET STRING ::= \"abc\"\n"  	   "  os2 OCTET STRING ::= 42\n"  	   "  os3 OCTET STRING ::= { 1, 3 }\n" +	   "  os4 OCTET STRING ::= '1234'H\n" +	   "  Seq ::= SEQUENCE {\n" +	   "    an OCTET STRING\n" +	   "  }\n" +	   "  seq Seq ::= { an int }\n" +	   "  os5 OCTET STRING ::= holder-1.&str\n" +	   "  os6 OCTET STRING ::= int\n" + +	   "  int1 INTEGER ::= \"string\"\n" +	   "  int2 INTEGER ::= os4\n" +	   "  int3 INTEGER ::= not-defined\n" +	   "  int4 INTEGER ::= holder-1.&str\n" +	   "  int5 INTEGER ::= holder-2.&obj\n" +	   "  int6 INTEGER ::= holder-2.&undefined-field\n" +	   "  int7 INTEGER ::= holder-2.&UndefinedField.&id\n" + +	   "  bs1 BIT STRING ::= 42\n" +	   "  bs2 BIT STRING ::= {a,b}\n" +	   "  bs3 BIT STRING {a(0),z(25)} ::= {a,b}\n" +	   "  bs4 BIT STRING {a(0),z(25)} ::= int\n" +	   "  bs5 BIT STRING ::= holder-2.&str\n" +	   "  bs6 BIT STRING ::= holder-2.&obj\n" + +	   "  b1 BOOLEAN ::= 42\n" +	   "  b2 BOOLEAN ::= {a,b}\n" + +	   "  HOLDER ::= CLASS {\n" +	   "    &str IA5String,\n" +	   "    &obj HOLDER OPTIONAL\n" +	   "  }\n" + +	   "  holder-1 HOLDER ::= { &str \"xyz\" }\n" +	   "  holder-2 HOLDER ::= { &str \"xyz\", &obj holder-1 }\n" + +	   "  ext-1 EXTERNAL ::= {identification bad:{1 2 3}, data-value '123'H}\n" +	   "  ext-2 EXTERNAL ::= {identification syntax:{1 2 3}, data '123'H}\n" + +	   "  CH ::= CHOICE { a INTEGER, b BOOLEAN }\n" +	   "  ch1 CH ::= 2344\n" +	   "  ch2 CH ::= zz:34\n" + +	   "  st1 an < Seq ::= 42\n" +	   "  st2 zz < CH ::= 42\n" +	   "  st3 a < HOLDER ::= 42\n" +	   "  st4 a < INTEGER ::= 42\n" + +	   "  int INTEGER ::= 42\n"  	   "END\n">>},      {error,       [ @@ -249,7 +868,59 @@ values(Config) ->        {structured_error,{M,3},asn1ct_check,         illegal_octet_string_value},        {structured_error,{M,4},asn1ct_check, -       illegal_octet_string_value} +       illegal_octet_string_value}, +      {structured_error,{M,9},asn1ct_check, +       illegal_octet_string_value}, +      {structured_error,{M,10},asn1ct_check, +       illegal_octet_string_value}, +      {structured_error,{M,11},asn1ct_check, +       illegal_octet_string_value}, +      {structured_error,{M,12},asn1ct_check, +       illegal_integer_value}, +      {structured_error,{M,13},asn1ct_check, +       illegal_integer_value}, +      {structured_error,{M,14},asn1ct_check, +       illegal_integer_value}, +      {structured_error,{M,15},asn1ct_check, +       illegal_integer_value}, +      {structured_error,{M,16},asn1ct_check, +       illegal_integer_value}, +      {structured_error,{M,17},asn1ct_check, +       {undefined_field,'undefined-field'}}, +      {structured_error,{M,18},asn1ct_check, +       {undefined_field,'UndefinedField'}}, +      {structured_error,{M,19},asn1ct_check, +       {illegal_value, "BIT STRING"}}, +      {structured_error,{M,20},asn1ct_check, +       {illegal_value, "BIT STRING"}}, +      {structured_error,{M,21},asn1ct_check, +       {illegal_value, "BIT STRING"}}, +      {structured_error,{M,22},asn1ct_check, +       {illegal_value, "BIT STRING"}}, +      {structured_error,{M,23},asn1ct_check, +       {illegal_value, "BIT STRING"}}, +      {structured_error,{M,24},asn1ct_check, +       {illegal_value, "BIT STRING"}}, +      {structured_error,{M,25},asn1ct_check, +       {illegal_value, "BOOLEAN"}}, +      {structured_error,{M,26},asn1ct_check, +       {illegal_value, "BOOLEAN"}}, +      {structured_error,{M,33},asn1ct_check, +       illegal_external_value}, +      {structured_error,{M,34},asn1ct_check, +       illegal_external_value}, +      {structured_error,{M,36},asn1ct_check, +       {illegal_id, 2344}}, +      {structured_error,{M,37},asn1ct_check, +       {illegal_id, zz}}, +      {structured_error,{M,38},asn1ct_check, +       {illegal_choice_type, 'Seq'}}, +      {structured_error,{M,39},asn1ct_check, +       {illegal_id, zz}}, +      {structured_error,{M,40},asn1ct_check, +       {illegal_choice_type, 'HOLDER'}}, +      {structured_error,{M,41},asn1ct_check, +       {illegal_choice_type, 'INTEGER'}}       ]      } = run(P, Config),      ok. @@ -258,5 +929,7 @@ values(Config) ->  run({Mod,Spec}, Config) ->      Base = atom_to_list(Mod) ++ ".asn1",      File = filename:join(?config(priv_dir, Config), Base), +    Include0 = filename:dirname(?config(data_dir, Config)), +    Include = filename:join(filename:dirname(Include0), "asn1_SUITE_data"),      ok = file:write_file(File, Spec), -    asn1ct:compile(File). +    asn1ct:compile(File, [{i, Include}]). diff --git a/lib/asn1/test/syntax_SUITE.erl b/lib/asn1/test/syntax_SUITE.erl new file mode 100644 index 0000000000..1a2c938fe5 --- /dev/null +++ b/lib/asn1/test/syntax_SUITE.erl @@ -0,0 +1,340 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2014. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% + +-module(syntax_SUITE). +-export([suite/0,all/0,groups/0, +	 assignment/1, +	 class/1, +	 constraints/1, +	 exports/1, +	 header/1, +	 imports/1, +	 objects/1, +	 sequence/1, +	 syntax/1, +	 tokenizer/1, +	 types/1, +	 values/1]). + +-include_lib("test_server/include/test_server.hrl"). + +suite() -> [{ct_hooks, [ts_install_cth]}]. + +all() -> +    [{group,p}]. + +groups() -> +    [{p,parallel(), +      [assignment, +       class, +       constraints, +       exports, +       header, +       imports, +       objects, +       sequence, +       syntax, +       tokenizer, +       types, +       values]}]. + +parallel() -> +    case erlang:system_info(schedulers) > 1 of +        true  -> [parallel]; +        false -> [] +    end. + +assignment(Config) -> +    Head = "Assignment DEFINITIONS AUTOMATIC TAGS ::=\nBEGIN\n", +    End = "\nEND\n", +    L0 = [{"42",3,{syntax_error,42}}, +	  {"i",4,{syntax_error,'END'}}, +	  {"i ::=",3,{syntax_error,'::='}}, +	  {"i type",4,{syntax_error,'END'}}, +	  {"i type ::=",3,{syntax_error,'::='}}, +	  {"i TYPE",4,{syntax_error,'END'}}, +	  {"i TYPE ::= ",4,{syntax_error,'END'}}, +	  {"i INTEGER ::= 42 garbage",4,{syntax_error,'END'}}, +	  {"i{T} Type",4,{syntax_error,'END'}}, +	  {"TYPE",4,{syntax_error,'END'}}, +	  {"TYPE ::=",4,{syntax_error,'END'}}, +	  {"TYPE{ ::=",3,{syntax_error,'::='}}, +	  {"TYPE{P, ::=",3,{syntax_error,'::='}}, +	  {"TYPE{P,} ::=",3,{syntax_error,'}'}}, +	  {"TYPE{Gov:} ::=",3,{syntax_error,':'}}, +	  {"TYPE{A} CL ",4,{syntax_error,'END'}}, +	  {"ObjSet CL",4,{syntax_error,'END'}} +	 ], +    L = [{Head++S++End,Line,E} || {S,Line,E} <- L0], +    run(L, "Assignment", Config), +    ok. + +class(Config) -> +    Head = "Class DEFINITIONS AUTOMATIC TAGS ::=\n" +	"BEGIN\n" +	" CL ::= CLASS {", +    End = "\nEND\n", +    L0 = [{"id",3,{syntax_error,'id'}}, +	  {"&id INTEGER",4,{syntax_error,'END'}}, +	  {"&id INTEGER,",4,{syntax_error,'END'}}, +	  {"&id,",3,{syntax_error,','}}, +	  {"&id OPTIONAL",3,{syntax_error,'OPTIONAL'}}, +	  {"&id INTEGER OPTIONAL",4,{syntax_error,'END'}}, +	  {"&var &Field",4,{syntax_error,'END'}}, +	  {"&Type,",4,{syntax_error,'END'}}, +	  {"&Type OPTIONAL",4,{syntax_error,'END'}}, +	  {"&ValueSet INTEGER OPTIONAL",4,{syntax_error,'END'}}, +	  {"&ValueSet INTEGER DEFAULT",4,{syntax_error,'END'}}, +	  {"&ValueSet INTEGER DEFAULT {",4,{syntax_error,'END'}}, +	  {"&ValueSet INTEGER DEFAULT {a",4,{syntax_error,'END'}}, +	  {"&Var &Field",4,{syntax_error,'END'}} +	 ], +    L = [{Head++S++End,Line,E} || {S,Line,E} <- L0], +    run(L, "Class", Config), +    ok. + +constraints(Config) -> +    Head = "Constraints DEFINITIONS AUTOMATIC TAGS ::=\n" +	"BEGIN\n" +	" Type ::= ", +    End = "\nEND\n", +    L0 = [{"INTEGER (",4,{syntax_error,'END'}}, +	  {"INTEGER (10x",3,{syntax_error,x}}, +	  {"INTEGER (10|(10y",3,{syntax_error,y}}, +	  {"INTEGER (CONSTRAINED BY {}",4,{syntax_error,'END'}}, +	  {"INTEGER (CONSTRAINED BY {INTEGER garbage",3, +	   {syntax_error,garbage}}, +	  {"INTEGER ({ObjSet",4,{syntax_error,'END'}}, +	  {"INTEGER ({ObjSet}{",3,{syntax_error,'{'}}, +	  {"INTEGER ({ObjSet}{@",3,{syntax_error,'{'}}, +	  {"INTEGER ({ObjSet}{@x",3,{syntax_error,'{'}}, +	  {"INTEGER ({ObjSet}{@x}",4,{syntax_error,'END'}}, +	  {"INTEGER (10 !BOOLEAN",4,{syntax_error,'END'}}, +	  {"INTEGER (10 !BOOLEAN:",4,{syntax_error,'END'}}, +	  {"INTEGER (10 !BOOLEAN:FALSE",4,{syntax_error,'END'}}, +	  {"SEQUENCE {} (WITH COMPONENTS { Type })", +	   3,{syntax_error,'Type'}}, +	  {"SEQUENCE {} (WITH COMPONENTS { x (10)", +	   4,{syntax_error,'END'}}, +	  {"SEQUENCE {} (WITH COMPONENTS { ..., x (10)", +	   4,{syntax_error,'END'}} +	 ], +    L = [{Head++S++End,Line,E} || {S,Line,E} <- L0], +    run(L, "Constraints", Config), +    ok. + +exports(Config) -> +    Head = "Exports DEFINITIONS AUTOMATIC TAGS ::=\n" +	"BEGIN\n" +	" EXPORTS ", +    End = "\nEND\n", +    L0 = [{"Type",4,{syntax_error,'END'}} +	 ], +    L = [{Head++S++End,Line,E} || {S,Line,E} <- L0], +    run(L, "Exports", Config), +    ok. + +header(Config) -> +    L = [{"lowercase",1,{syntax_error,lowercase}}, +	 {"H ",2,{syntax_error,'END-OF-FILE'}}, +	 {"H-",1,{syntax_error,'-'}}, +	 {"42",1,{syntax_error,42}}, +	 {"H definitions",1,{syntax_error,definitions}}, +	 {"H DEFINITIONS STUPID TAGS",1,{syntax_error,'STUPID'}}, +	 {"H DEFINITIONS WHATEVER",1,{syntax_error,'WHATEVER'}}, +	 {"H DEFINITIONS ::= BEGIN",2,{syntax_error,'END-OF-FILE'}}, +	 {"BOOLEAN",1,{syntax_error,'BOOLEAN'}} +	], +    run(L, "H", Config), +    ok. + +imports(Config) -> +    Head = "Imports DEFINITIONS AUTOMATIC TAGS ::=\n" +	"BEGIN\n" +	" IMPORTS ", +    End = "\nEND\n", +    L0 = [{"Type FROM X",4,{syntax_error,'END'}}, +	  {"Symbols TO Y",3,{syntax_error,'TO'}} +	 ], +    L = [{Head++S++End,Line,E} || {S,Line,E} <- L0], +    run(L, "Imports", Config), +    ok. + +objects(Config) -> +    Head = "Objects DEFINITIONS AUTOMATIC TAGS ::=\n" +	"BEGIN\n" +	"  object CLASS-NAME ::= ", +    End = "\nEND\n", +    L0 = [{"{",4,{syntax_error,'END'}}, +	  {"{&min 1, max 10}",3,{syntax_error,max}}, +	  {"{&min 1, Max 10}",3,{syntax_error,'Max'}}, +	  {"{min 1, &max 10}",3,{syntax_error,'&max'}}, +	  {"{min 1, &Max 10}",3,{syntax_error,'&Max'}}, +	  {"{RESERVERD WORD BIT}",3,{syntax_error,'BIT'}}, +	  {"{&min 1",4,{syntax_error,'END'}} +	 ], +    L = [{Head++S++End,Line,E} || {S,Line,E} <- L0], +    run(L, "Objects", Config), +    ok. + +sequence(Config) -> +    Head = "Sequence DEFINITIONS AUTOMATIC TAGS ::=\n" +	"BEGIN\n" +	"  Type ::= SEQUENCE {", +    End = "\nEND\n", +    L0 = [{"",4,{syntax_error,'END'}}, +	  {" UpperCase",3,{syntax_error,'UpperCase'}}, +	  {" a b",4,{syntax_error,'END'}}, +	  {" i INTEGER",4,{syntax_error,'END'}}, +	  {" ...",4,{syntax_error,'END'}}, +	  {" ..., [[",4,{syntax_error,'END'}}, +	  {" ..., [[ a INTEGER ]",3,{syntax_error,']'}}, +	  {" ..., [[ a INTEGER,",3,{syntax_error,','}}, +	  {" ..., [[ a INTEGER, ... ]]",3,{syntax_error,','}}, +	  {" ... !42 xxx",3,{syntax_error,'xxx'}}, +	  {" ... !42, a INTEGER,",3,{syntax_error,','}} +	 ], +    L = [{Head++S++End,Line,E} || {S,Line,E} <- L0], +    run(L, "Sequence", Config), +    ok. + +syntax(Config) -> +    Head = "Syntax DEFINITIONS AUTOMATIC TAGS ::=\n" +	"BEGIN\n" +	" CL ::= CLASS { &id INTEGER UNIQUE } WITH SYNTAX ", +    End = "\nEND\n", +    L0 = [{"{}",3,{syntax_error,'}'}}, +	  {"WORD",3,{syntax_error,'WORD'}}, +	  {"{ Word }",3,{syntax_error,'Word'}}, +	  {"{ [ Word ] }",3,{syntax_error,'Word'}}, +	  {"{ [ WORD }",3,{syntax_error,'}'}}, +	  {"{ WORD;",3,{syntax_error,';'}} +	 ], +    L = [{Head++S++End,Line,E} || {S,Line,E} <- L0], +    run(L, "Syntax", Config), +    ok. + +tokenizer(Config) -> +    Head = "Tokenize DEFINITIONS AUTOMATIC TAGS ::=\n" +	"BEGIN\n", +    End = "\nEND\n", +    L0 = [{"'",3,eol_in_token}, +	  {"'42'B",3,{invalid_binary_number,"42"}}, +	  {"'ZZZ'H",3,{invalid_hex_number,"ZZZ"}}, +	  {"\"abc",3,missing_quote_at_eof}, +	  {"/*",3,eof_in_comment} +	 ], +    L = [{Head++S++End,Line,E} || {S,Line,E} <- L0], +    run(L, "Tokenizer", Config, asn1ct_tok), +    ok. + +types(Config) -> +    Head = "Types DEFINITIONS AUTOMATIC TAGS ::=\n" +	"BEGIN\n" +	"  Type ::= ", +    End = "\nEND\n", +    L0 = [{"BIT STRING garbage",4,{syntax_error,'END'}}, +	  {"BIT STRING {",4,{syntax_error,'END'}}, +	  {"BIT STRING { a(42",3,{syntax_error,42}}, +	  {"BIT STRING { a(0)",4,{syntax_error,'END'}}, +	  {"CHOICE {",4,{syntax_error,'END'}}, +	  {"CHOICE { ..., a}",3,{syntax_error,'...'}}, +	  {"CHOICE { UpperCase",3,{syntax_error,'UpperCase'}}, +	  {"CHOICE { i INTEGER",4,{syntax_error,'END'}}, +	  {"CHOICE { ..., i INTEGER }",3,{syntax_error,'...'}}, +	  {"CHOICE { b BOOLEAN, ..., i INTEGER", +	   4,{syntax_error,'END'}}, +	  {"CHOICE { b BOOLEAN, ..., [[ e BOOLEAN, ...]]}", +	   3,{syntax_error,','}}, +	  {"CHOICE { b BOOLEAN, ..., i INTEGER, ..., x BIT STRING}", +	   3,{syntax_error,','}}, +	  {"ENUMERATED {",4,{syntax_error,'END'}}, +	  {"ENUMERATED { 42 }",3,{syntax_error,42}}, +	  {"ENUMERATED { a, b",4,{syntax_error,'END'}}, +	  {"ENUMERATED { a, }",3,{syntax_error,','}}, +	  {"ENUMERATED { a, ...,\nb, ..., c }",4,{syntax_error,','}}, +	  {"INTEGER {",4,{syntax_error,'END'}}, +	  {"INTEGER { a(42)",4,{syntax_error,'END'}}, +	  {"SEQUENCE",3,{syntax_error,'SEQUENCE'}}, +	  %% More tests for SEQUENCE in sequence/1. +	  {"SEQUENCE SIZE (1..10)",4,{syntax_error,'END'}}, +	  {"SEQUENCE (SIZE (1..10))",4,{syntax_error,'END'}}, +	  {"SET { i INTEGER",4,{syntax_error,'END'}}, +	  {"SET { ...",4,{syntax_error,'END'}}, +	  {"SET SIZE (1..10)",4,{syntax_error,'END'}}, +	  {"SET (SIZE (1..10))",4,{syntax_error,'END'}}, +	  {"SET { ... !42 xxx",3,{syntax_error,'xxx'}}, +	  {"SET { ... !42, a INTEGER,",3,{syntax_error,','}}, +	  {"[",4,{syntax_error,'END'}}, +	  {"[42",4,{syntax_error,'END'}} +	 ], +    L = [{Head++S++End,Line,E} || {S,Line,E} <- L0], +    run(L, "Types", Config), +    ok. + +values(Config) -> +    Head = "Values DEFINITIONS AUTOMATIC TAGS ::=\n" +	"BEGIN\n" +	"  value Type ::= ", +    End = "\nEND\n", +    L0 = [{"",4,{syntax_error,'END'}} +	 ], +    L = [{Head++S++End,Line,E} || {S,Line,E} <- L0], +    run(L, "Values", Config), +    ok. + +run(List, File, Config) -> +    run(List, File, Config, asn1ct_parser2). + +run(List, File0, Config, Module) -> +    Base = File0 ++ ".asn1", +    File = filename:join(?config(priv_dir, Config), Base), +    case run_1(List, Base, File, Module, 0) of +	0 -> ok; +	Errors -> ?t:fail(Errors) +    end. + +run_1([{Source,Line,Error}=Exp|T], Base, File, Module, N) -> +    ok = file:write_file(File, Source), +    io:format("~s", [Source]), +    case asn1ct:compile(File) of +	{error,[{structured_error,{Base,L},Module,E}]} -> +	    case {L,E} of +		{Line,Error} -> +		    run_1(T, Base, File, Module, N); +		{Line,OtherError} -> +		    io:format("*** Wrong error: ~p, expected ~p ***\n", +			      [OtherError,Error]), +		    run_1(T, Base, File, Module, N+1); +		{OtherLine,Error} -> +		    io:format("*** Wrong line: ~p, expected ~p ***\n", +			      [OtherLine,Line]), +		    run_1(T, Base, File, Module, N+1); +		{_,_} -> +		    io:format("*** Wrong line: ~p, expected ~p ***", +			      [L,Line]), +		    io:format("*** Wrong error: ~p, expected ~p ***\n", +			      [E,Error]), +		    run_1(T, Base, File, Module, N+1) +	    end; +	Other -> +	    io:format("~p\nGOT: ~p", [Exp,Other]) +    end; +run_1([], _, _, _, N) -> +    N. diff --git a/lib/asn1/test/testChoExtension.erl b/lib/asn1/test/testChoExtension.erl index 09e19ceebb..f36d6c1cbf 100644 --- a/lib/asn1/test/testChoExtension.erl +++ b/lib/asn1/test/testChoExtension.erl @@ -39,11 +39,6 @@ extension(_Rules) ->      roundtrip('ChoExt3', {int,33}),      roundtrip('ChoExt4', {str,<<"abc">>}), -    roundtrip('ChoEmptyRoot', {bool,false}), -    roundtrip('ChoEmptyRoot', {bool,true}), -    roundtrip('ChoEmptyRoot', {int,0}), -    roundtrip('ChoEmptyRoot', {int,7}), -      ok. diff --git a/lib/asn1/test/testConstraints.erl b/lib/asn1/test/testConstraints.erl index 3ccf883bd6..5d65cb8d73 100644 --- a/lib/asn1/test/testConstraints.erl +++ b/lib/asn1/test/testConstraints.erl @@ -231,6 +231,28 @@ int_constraints(Rules) ->      seq_roundtrip(Rules, 'SeqOverlapping', 'SeqNonOverlapping', 19000),      seq_roundtrip(Rules, 'SeqOverlapping', 'SeqNonOverlapping', 26900), +    %%========================================================== +    %%  Constraints from object fields. +    %%========================================================== +    range_error(Rules, 'IntObjectConstr', 1), +    roundtrip('IntObjectConstr', 2), +    roundtrip('IntObjectConstr', 3), +    roundtrip('IntObjectConstr', 4), +    range_error(Rules, 'IntObjectConstr', 5), + + +    %%========================================================== +    %% INTEGER constraints defined using named INTEGERs. +    %%========================================================== +    42 = 'Constraints':'constrainedNamedInt-1'(), +    100 = 'Constraints':'constrainedNamedInt-2'(), +    range_error(Rules, 'ConstrainedNamedInt', 41), +    roundtrip('ConstrainedNamedInt', v1), +    range_error(Rules, 'ConstrainedNamedInt', 43), + +    range_error(Rules, 'SeqWithNamedInt', {'SeqWithNamedInt',-100}), +    roundtrip('SeqWithNamedInt', {'SeqWithNamedInt',v2}), +      ok.  %% PER: Ensure that if the lower bound is Lb, Lb+16#80 is encoded diff --git a/lib/asn1/test/testEnumExt.erl b/lib/asn1/test/testEnumExt.erl index 878518be11..29995d6340 100644 --- a/lib/asn1/test/testEnumExt.erl +++ b/lib/asn1/test/testEnumExt.erl @@ -78,6 +78,9 @@ common(Erule) ->      v_roundtrip(Erule, 'SeqBig', {'SeqBig',true,e40,9357}),      v_roundtrip(Erule, 'SeqBig', {'SeqBig',true,e80,9357}), + +    v_roundtrip(Erule, 'EnumSkip', d), +      ok.  roundtrip(Type, Value) -> @@ -85,11 +88,20 @@ roundtrip(Type, Value) ->  v_roundtrip(Erule, Type, Value) ->      Encoded = roundtrip(Type, Value), -    Encoded = asn1_test_lib:hex_to_bin(v(Erule, Value)). - -v(ber, {'SeqBig',true,e40,9357}) -> "300A8001 FF810141 8202248D"; -v(ber, {'SeqBig',true,e80,9357}) -> "300B8001 FF810200 81820224 8D"; -v(per, {'SeqBig',true,e40,9357}) -> "E0014002 248D"; -v(per, {'SeqBig',true,e80,9357}) -> "E0018002 248D"; -v(uper, {'SeqBig',true,e40,9357}) -> "E0280044 91A0"; -v(uper, {'SeqBig',true,e80,9357}) -> "E0300044 91A0". +    Encoded = asn1_test_lib:hex_to_bin(v(Erule, Type, Value)). + +v(Erule, 'SeqBig', Value) -> +    v_seq_big(Erule, Value); +v(Erule, 'EnumSkip', Value) -> +    v_enum_skip(Erule, Value). + +v_seq_big(ber, {'SeqBig',true,e40,9357}) -> "300A8001 FF810141 8202248D"; +v_seq_big(ber, {'SeqBig',true,e80,9357}) -> "300B8001 FF810200 81820224 8D"; +v_seq_big(per, {'SeqBig',true,e40,9357}) -> "E0014002 248D"; +v_seq_big(per, {'SeqBig',true,e80,9357}) -> "E0018002 248D"; +v_seq_big(uper, {'SeqBig',true,e40,9357}) -> "E0280044 91A0"; +v_seq_big(uper, {'SeqBig',true,e80,9357}) -> "E0300044 91A0". + +v_enum_skip(per, d) -> "82"; +v_enum_skip(uper, d) -> "82"; +v_enum_skip(ber, d) -> "0A0103". diff --git a/lib/asn1/test/testExtensibilityImplied.erl b/lib/asn1/test/testExtensibilityImplied.erl new file mode 100644 index 0000000000..8049bb6e53 --- /dev/null +++ b/lib/asn1/test/testExtensibilityImplied.erl @@ -0,0 +1,29 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2014. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% +%% + +-module(testExtensibilityImplied). +-export([main/0]). + +main() -> +    M = 'ExtensibilityImplied', +    {'Seq2',true} = M:decode('Seq2', M:encode('Seq1', {'Seq1',true,42})), +    {'Set2',true} = M:decode('Set2', M:encode('Set1', {'Set1',true,42})), +    {asn1_enum,_} = M:decode('Enum2', M:encode('Enum1', ext)), +    ok. diff --git a/lib/asn1/test/testImporting.erl b/lib/asn1/test/testImporting.erl new file mode 100644 index 0000000000..de8beae38b --- /dev/null +++ b/lib/asn1/test/testImporting.erl @@ -0,0 +1,34 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2014. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% +%% + +-module(testImporting). +-export([main/0]). + +main() -> +    M = 'Importing', +    roundtrip('Seq', {'Seq',5}), +    roundtrip('OtherSeq', {'Seq',42,true}), +    {'Seq',42,true} = M:seq(), +    roundtrip('ObjSeq', {'ObjSeq',1,<<"XYZ">>}), +    roundtrip('ObjSeq', {'ObjSeq',2,19}), +    ok. + +roundtrip(Type, Value) -> +    asn1_test_lib:roundtrip('Importing', Type, Value). diff --git a/lib/asn1/test/testInfObj.erl b/lib/asn1/test/testInfObj.erl index 37c134b1b9..3044d5cd2a 100644 --- a/lib/asn1/test/testInfObj.erl +++ b/lib/asn1/test/testInfObj.erl @@ -74,6 +74,12 @@ main(_Erule) ->  	      {'ConstructedPdu',7,[]}),      roundtrip('InfObj', 'ConstructedPdu',  	      {'ConstructedPdu',7,[64,1,19,17,35]}), +    {'ConstructedPdu',8,[{_,-15,35},{_,533,-70}]} = +	enc_dec('InfObj', 'ConstructedPdu', +		{'ConstructedPdu',8,[{'_',-15,35},{'_',533,-70}]}), +    {'ConstructedPdu',9,[{RecTag9,-15,35},{RecTag9,533,-70}]} = +	enc_dec('InfObj', 'ConstructedPdu', +		{'ConstructedPdu',9,[{'_',-15,35},{'_',533,-70}]}),      roundtrip('InfObj', 'ConstructedSet',  	      {'ConstructedSet',1,{'CONSTRUCTED-DEFAULT_Type',-2001,true}}), @@ -96,6 +102,12 @@ main(_Erule) ->  	      {'ConstructedSet',7,[]}),      roundtrip('InfObj', 'ConstructedSet',  	      {'ConstructedSet',7,[64,1,19,17,35]}), +    {'ConstructedSet',8,[{_,-15,35},{_,533,-70}]} = +	enc_dec('InfObj', 'ConstructedSet', +		{'ConstructedSet',8,[{'_',-15,35},{'_',533,-70}]}), +    {'ConstructedSet',9,[{_,-15,35},{_,533,-70}]} = +	enc_dec('InfObj', 'ConstructedSet', +		{'ConstructedSet',9,[{'_',-15,35},{'_',533,-70}]}),      roundtrip('InfObj', 'Seq2',  	      {'Seq2',42,[true,false,false,true], @@ -126,12 +138,37 @@ main(_Erule) ->      test_objset('OstSeq45', [4,5]),      test_objset('OstSeq12345', [1,2,3,4,5]), +    test_objset('OstSeq12Except', [1,2]), +    test_objset('OstSeq123Except', [1,2]), +      test_objset('ExOstSeq12', [1,2]),      test_objset('ExOstSeq123', [1,2,3]), -    %%test_objset('ExOstSeq1234', [1,2,3,4]), +    test_objset('ExOstSeq1234', [1,2,3,4]),      test_objset('ExOstSeq45', [4,5]),      test_objset('ExOstSeq12345', [1,2,3,4,5]), +    test_objset('ExOstSeq12Except', [1,2]), +    test_objset('ExOstSeq123Except', [1,2]), + +    roundtrip('InfObj', 'ExtClassSeq', {'ExtClassSeq', 4}), + +    {1,2,42} = 'InfObj':'value-1'(), +    {1,2,42,25} = 'InfObj':'value-2'(), +    {100,101} = 'InfObj':'value-3'(), +    {1,2,100,101} = 'InfObj':'value-4'(), + +    roundtrip('InfObj', 'Rdn', {'Rdn',{2,5,4,41},"abc"}), + +    roundtrip('InfObj', 'TiAliasSeq', +	      {'TiAliasSeq',{'TiAliasSeq_prf',{2,1,2},'NULL'}}), + +    roundtrip('InfObj', 'ContentInfo', +	      {'ContentInfo',{2,7,8,9},"string"}), +    {2,7,8,9} = 'InfObj':'id-content-type'(), + +    <<2#1011:4>> = 'InfObj':'tricky-bit-string'(), +    <<16#CAFE:16>> = 'InfObj':'tricky-octet-string'(), +      ok.  test_objset(Type, Keys) -> diff --git a/lib/asn1/test/testInfObjExtract.erl b/lib/asn1/test/testInfObjExtract.erl new file mode 100644 index 0000000000..0ef967c1f6 --- /dev/null +++ b/lib/asn1/test/testInfObjExtract.erl @@ -0,0 +1,72 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2014. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% +%% + +-module(testInfObjExtract). + +-export([main/0]). + +main() -> +    roundtrip_data_object_13('DataSeq-1'), + +    roundtrip_data_object_1('DataSeq-2'), +    roundtrip_data_object_1('DataSeq-3'), +    roundtrip_data_object_1('DataSeq-4'), + +    roundtrip_data_object_13('DataSeq-5'), +    roundtrip_data_object_13('DataSeq-6'), + +    roundtrip_data_object_1('DataSeqSingleSet-1'), +    roundtrip_data_object_1('DataSeqSingleSet-2'), + +    roundtrip('ObjClassSeq-1', {'ObjClassSeq-1',1,true}), +    roundtrip('ObjClassSeq-1', {'ObjClassSeq-1',2,true}), + +    roundtrip_error('ObjClassSeq-1', {'ObjClassSeq-1',0,false}), +    roundtrip_error('ObjClassSeq-1', {'ObjClassSeq-1',3,true}), +    roundtrip_error('ObjClassSeq-1', {'ObjClassSeq-1',4,false}), +    roundtrip_error('ObjClassSeq-1', {'ObjClassSeq-1',5,true}), + +    ok. + +roundtrip_data_object_13(SeqType) -> +    roundtrip(SeqType, {SeqType,1,true}), +    roundtrip(SeqType, {SeqType,2,<<"abc">>}), +    roundtrip(SeqType, {SeqType,3,<<42:5>>}), +    roundtrip_error(SeqType, {SeqType,4,42}). + +roundtrip_data_object_1(SeqType) -> +    roundtrip(SeqType, {SeqType,1,false}), +    roundtrip(SeqType, {SeqType,1,true}), +    roundtrip_error(SeqType, {SeqType,1,42}), +    roundtrip_error(SeqType, {SeqType,2,<<"abc">>}), +    roundtrip_error(SeqType, {SeqType,3,<<42:5>>}), +    roundtrip_error(SeqType, {SeqType,999,42}). + +roundtrip(T, V) -> +    asn1_test_lib:roundtrip('InfObjExtract', T, V). + +roundtrip_error(T, V) -> +    try asn1_test_lib:roundtrip('InfObjExtract', T, V) of +	ok -> +	    test_server:fail() +    catch +	_:_ -> +	    ok +    end. diff --git a/lib/asn1/test/testParamBasic.erl b/lib/asn1/test/testParamBasic.erl index 39f7947e8d..5f6116bba4 100644 --- a/lib/asn1/test/testParamBasic.erl +++ b/lib/asn1/test/testParamBasic.erl @@ -46,6 +46,14 @@ main(Rules) ->      roundtrip('AnAlgorithm', {'AnAlgorithm',1,42}),      roundtrip('AnAlgorithm', {'AnAlgorithm',2,true}),      roundtrip('AnAlgorithm', {'AnAlgorithm',2,false}), +    {'AnAlgorithm',1,42} = 'ParamBasic':'alg-seq-1'(), +    {'AnAlgorithm',2,true} = 'ParamBasic':'alg-seq-2'(), + +    roundtrip('Seq', {'Seq', +		      {'Seq_c1',{2,1,1},42}, +		      {'Seq_c2',{2,1,1,1},asn1_NOVALUE}}), + +    {_,{2,9,9,9,7},'NULL'} = 'ParamBasic':'algid-hmacWithSHA1'(),      ok.  roundtrip(Type, Value) -> diff --git a/lib/asn1/test/testPrim.erl b/lib/asn1/test/testPrim.erl index e07379e634..d7893a2d58 100644 --- a/lib/asn1/test/testPrim.erl +++ b/lib/asn1/test/testPrim.erl @@ -98,6 +98,11 @@ enum(Rules) ->  	ber ->  	    ok      end, + +    roundtrip('NegEnumVal', neg), +    roundtrip('NegEnumVal', zero), +    roundtrip('EnumVal128', val), +      ok. diff --git a/lib/asn1/test/testPrimStrings.erl b/lib/asn1/test/testPrimStrings.erl index 155d6f6ff5..43835728e8 100644 --- a/lib/asn1/test/testPrimStrings.erl +++ b/lib/asn1/test/testPrimStrings.erl @@ -232,7 +232,8 @@ bit_string(Rules, Opts) ->      end.  random_bits(N) -> -    Seed = integer_to_list(erlang:phash2(erlang:now())), +    Seed0 = {erlang:monotonic_time(),erlang:unique_integer()}, +    Seed = integer_to_list(erlang:phash2(Seed0)),      random_bits(<<>>, N, Seed).  random_bits(Bin, N, Seed) -> diff --git a/lib/asn1/test/testRfcs.erl b/lib/asn1/test/testRfcs.erl new file mode 100644 index 0000000000..6281d09873 --- /dev/null +++ b/lib/asn1/test/testRfcs.erl @@ -0,0 +1,75 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2014. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% +%% + +-module(testRfcs). + +-export([compile/3,test/0]). + +-include_lib("test_server/include/test_server.hrl"). + +compile(Config, Erules, Options0) -> +    Options = [no_ok_wrapper|Options0], +    DataDir = ?config(data_dir, Config), +    Specs0 = filelib:wildcard("*.asn1", filename:join(DataDir, rfcs)), +    Specs = [filename:join(rfcs, Spec) || Spec <- Specs0], +    122 = length(Specs), +    CaseDir = ?config(case_dir, Config), +    asn1_test_lib:compile_all(Specs, Config, [Erules,{i,CaseDir}|Options]). + +test() -> +    {1,3,6,1,5,5,7,48,1,2} = +	IdPkixOcspNonce = +	'OCSP-2009':'id-pkix-ocsp-nonce'(), +    roundtrip('OCSP-2009', 'OCSPRequest', +	      {'OCSPRequest', +	       {'TBSRequest', +		0, +		{rfc822Name,"name string"}, +		[{'Request', +		  {'CertID',{'_',{2,9,3,4,5},asn1_NOVALUE}, +		   <<"POTATOHASH">>,<<"HASHBROWN">>,42}, +		  [{'_',IdPkixOcspNonce,true,<<34,159,16,57,199>>}]}], +		asn1_NOVALUE}, +	       asn1_NOVALUE}), +    otp_7759(), +    ok. + +roundtrip(Module, Type, Value0) -> +    Enc = Module:encode(Type, Value0), +    Value1 = Module:decode(Type, Enc), +    asn1_test_lib:match_value(Value0, Value1), +    ok. + +otp_7759() -> +    %% The release note for asn-1.6.6 says: +    %%   Decode of an open_type when the value was empty tagged +    %%   type encoded with indefinite length failed. +    Mod = 'OLD-PKCS7', +    Encoded = encoded_msg(), +    ContentInfo = Mod:decode('ContentInfo', Encoded), +    io:format("~p\n", [ContentInfo]), +    {'ContentInfo',_Id,PKCS7_content} = ContentInfo, +    X = Mod:decode('SignedData', PKCS7_content), +    io:format("~p\n", [X]), +    io:nl(), +    ok. + +encoded_msg() -> +    <<48,128,6,9,42,134,72,134,247,13,1,7,2,160,128,48,128,2,1,1,49,11,48,9,6,5,43,14,3,2,26,5,0,48,128,6,9,42,134,72,134,247,13,1,7,1,160,128,36,128,0,0,0,0,0,0,  49,130,1,192,48,130,1,188,2,1,1,48,50,48,38,49,17,48,15,6,3,85,4,3,12,8,65,100,109,105,110,67,65,49,49,17,48,15,6,3,85,4,10,12,8,69,82,73,67,83,83,79,78,2,8,15,151,245,186,21,23,240,96,48,9,6,5,43,14,3,2,26,5,0,160,129,229,48,17,6,10,96,134,72,1,134,248,69,1,9,2,49,3,19,1,51,48,17,6,10,96,134,72,1,134,248,69,1,9,3,49,3,19,1,51,48,24,6,9,42,134,72,134,247,13,1,9,3,49,11,6,9,42,134,72,134,247,13,1,7,1,48,28,6,9,42,134,72,134,247,13,1,9,5,49,15,23,13,48,56,49,50,49,48,48,57,53,52,50,51,90,48,28,6,10,96,134,72,1,134,248,69,1,9,7,49,14,19,12,49,53,50,56,49,52,50,52,48,57,53,53,48,32,6,10,96,134,72,1,134,248,69,1,9,5,49,18,4,16,165,115,177,71,78,88,239,113,78,56,98,98,18,202,217,235,48,32,6,10,96,134,72,1,134,248,69,1,9,6,49,18,4,16,227,174,230,251,43,153,252,65,11,93,231,83,34,18,55,46,48,35,6,9,42,134,72,134,247,13,1,9,4,49,22,4,20,218,57,163,238,94,107,75,13,50,85,191,239,149,96,24,144,175,216,7,9,48,13,6,9,42,134,72,134,247,13,1,1,1,5,0,4,129,128,106,233,116,125,140,51,133,173,63,41,54,138,214,211,89,215,169,125,98,77,16,222,216,240,211,79,125,111,87,186,73,63,253,204,107,102,177,63,174,197,224,212,231,172,149,246,33,68,223,67,102,93,64,152,152,5,216,102,247,134,36,197,150,236,57,77,56,138,95,71,204,31,23,149,241,213,78,172,165,249,100,187,12,45,19,57,67,120,54,63,15,239,41,217,127,61,254,60,201,104,68,3,135,214,206,93,253,255,192,94,56,107,68,210,57,61,41,249,47,156,130,244,52,12,163,216,236,69,0,0,0,0,0,0>>. diff --git a/lib/asn1/test/testSelectionTypes.erl b/lib/asn1/test/testSelectionTypes.erl index 6d060321da..7d273fe656 100644 --- a/lib/asn1/test/testSelectionTypes.erl +++ b/lib/asn1/test/testSelectionTypes.erl @@ -23,10 +23,34 @@  -include_lib("test_server/include/test_server.hrl").  test() -> -    Val = ["PrintableString","PrintableString","PrintableString"],      ["Es"] = Val2 = ['SelectionType':einsteinium()], -    roundtrip('MendeleyevTable', Val), +    roundtrip('MendeleyevTable', ["fox","tree","cat","stone"]),      roundtrip('MendeleyevTable', Val2), +    roundtrip('MendeleyevSet', [42,57,93,101]), + +    M = 'SelectionType', +    true = M:boolv(), +    4 = M:intv(), +    <<2#1001:4>> = M:bsv(), +    <<16#3130:16>> = M:osv(), +    'NULL' = M:nullv(), +    {2,1,1} = M:oiv(), +    "ObjectDesc" = M:odv(), +    "utf8" = M:utfv(), +    {5,32767,256} = M:rov(), +    "089" = M:numsv(), +    "telet" = M:teletv(), +    "t61" = M:t61v(), +    "video" = M:videov(), +    "ia5" = M:ia5v(), +    "9805281429Z" = M:utctimev(), +    "19980528142905.1" = M:gTime(), +    "graphic" = M:gsv(), +    "visible" = M:vsv(), +    "general" = M:gStringv(), +    "Universal" = M:univv(), +    "bmp" = M:bmov(), +      ok.  roundtrip(T, V) -> diff --git a/lib/asn1/test/testUniqueObjectSets.erl b/lib/asn1/test/testUniqueObjectSets.erl new file mode 100644 index 0000000000..1ef61a885a --- /dev/null +++ b/lib/asn1/test/testUniqueObjectSets.erl @@ -0,0 +1,175 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2014. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% +%% + +-module(testUniqueObjectSets). +-export([main/3]). + +%% Run-time function called by the generated code. +seq_roundtrip(I, D0) -> +    M = 'UniqueObjectSets', +    try +	{ok,Enc} = M:encode('Seq', {'Seq',I,D0}), +	{ok,{'Seq',I,D}} = M:decode('Seq', Enc), +	D +    catch C:E -> +	    Stk = erlang:get_stacktrace(), +	    io:format("FAILED: ~p ~p\n", [I,D0]), +	    erlang:raise(C, E, Stk) +    end. + +types() -> +    [{"CHOICE { a INTEGER, b BIT STRING }", {b,<<42:3>>}}, +     {"INTEGER",42}, +     {"SEQUENCE {a OCTET STRING}",{'_',<<"abc">>}}, +     {"SEQUENCE {b BOOLEAN, ...}",{'_',true}}, +     {"SEQUENCE {b BOOLEAN, ..., s IA5String, ..., e ENUMERATED { x, y, z}}", +      {'_',false,"string",y}}, +     {"SET {a BIT STRING}",{'_',<<1:17>>}}, +     {"SEQUENCE OF INTEGER",[-19,0,555,777]}, +     {"SET OF BOOLEAN",[true,false,true]}, +     {"SEQUENCE OF SEQUENCE {x INTEGER (0..7)}",[{'_',7},{'_',0}]}, +     {"SET OF SEQUENCE {x INTEGER (0..7)}",[{'_',7},{'_',0}]} +    ]. + +main(CaseDir, Rule, Opts) -> +    D0 = types(), +    {D1,_} = lists:mapfoldl(fun({T,S}, I) -> +				    {{I,T,S},I+1} +			    end, 1, D0), +    Types = [gen_types(I, Type) || {I,Type,_} <- D1], +    Set = [gen_set_items(I, T) || {I,T,_} <- D1], +    Objs = [gen_obj(I) || {I,_,_} <- D1], +    DupObjs = [gen_dup_obj(I, T) || {I,T,_} <- D1], +    DupObjRefs0 = [gen_dup_obj_refs(I) || {I,_,_} <- D1], +    DupObjRefs = string:join(DupObjRefs0, " |\n"), +    Asn1Spec = 'UniqueObjectSets', +    A = ["UniqueObjectSets DEFINITIONS AUTOMATIC TAGS ::=\n", +	 "BEGIN\n\n", +	 "TEST-UNIQUE ::= CLASS {\n" +	 " &id   INTEGER UNIQUE,\n" +	 " &Type OPTIONAL\n" +	 "}\n" +	 "WITH SYNTAX {IDENTIFIED BY &id [TYPE &Type]}\n", +	 $\n, +	 "DUP-CONTAINER ::= CLASS {\n" +	 " &id   INTEGER UNIQUE,\n" +	 " &data TEST-UNIQUE\n" +	 "} WITH SYNTAX {\n" +	 " ID &id, &data\n" +	 "}\n", +	 $\n, +	 Types,$\n, +	 "UniqSet TEST-UNIQUE ::= {\n", +	 Set, +	 " DupSet-1 |\n", +	 " DupSet-2, ...\n", +	 "}\n\n", +	 Objs,$\n, +	 DupObjs,$\n, +	 "DupSet-1 TEST-UNIQUE ::= {\n", +	 DupObjRefs,$\n, +	 "}\n\n", +	 "DupSet-2 TEST-UNIQUE ::= {\n", +	 DupObjRefs,",...\n", +	 "}\n\n", +	 "Seq ::= SEQUENCE {\n" +	 "  id TEST-UNIQUE.&id ({UniqSet}),\n" +	 "  type TEST-UNIQUE.&Type ({UniqSet}{@id})\n" +	 "}\n" +	 "END\n"], +    Asn1File = filename:join(CaseDir, atom_to_list(Asn1Spec)++".asn1"), +    ok = file:write_file(Asn1File, A), + +    TestModule = 'unique_object_sets', +    Test0 = [gen_test(I, Data) || {I,_,Data} <- D1], +    Test = ["-module(",atom_to_list(TestModule),").\n" +	    "-export([main/1]).\n" +	    "\n" +	    "main(SeqRoundtrip) ->\n", +	    "  ",atom_to_list(Rule)," = '",atom_to_list(Asn1Spec), +	    "':encoding_rule(),\n", +	    Test0, +	    "  ok.\n" +	    ], +    ErlFile = filename:join(CaseDir, atom_to_list(TestModule)++".erl"), +    ok = file:write_file(ErlFile, Test), + +    io:format("~s\n~s\n", [Asn1File,ErlFile]), +    case Rule of +	per -> +	    io:put_chars([A,$\n,Test,$\n]); +	_ -> +	    ok +    end, + +    ok = asn1ct:compile(Asn1File, [Rule,{outdir,CaseDir}|Opts]), +    {ok,TestModule} = c:c(ErlFile, [{outdir,CaseDir}]), +    TestModule:main(fun seq_roundtrip/2), +    ok. + +gen_types(I, Type) -> +    io_lib:format("AType~p ::= ~s\n", [I,Type]). + +gen_set_items(I, T) -> +    io_lib:format(" {IDENTIFIED BY ~p TYPE AType~p} |\n" +		  " {IDENTIFIED BY ~p TYPE AType~p} |\n" +		  " {IDENTIFIED BY ~p TYPE ~s} |\n" +		  " obj-~p |\n\n", +		  [I,I,I,I,I,T,I]). + +gen_obj(I) -> +    io_lib:format("obj-~p TEST-UNIQUE ::= {IDENTIFIED BY ~p TYPE AType~p}\n", +		  [I,I,I]). + +gen_dup_obj(I, T) -> +    io_lib:format("dup-obj-~p DUP-CONTAINER ::= " +		  "{ID ~p, {IDENTIFIED BY ~p TYPE ~s}}\n", +		  [I,I,I+1000,T]). + +gen_dup_obj_refs(I) -> +    io_lib:format("dup-obj-~p.&data", [I]). + +gen_test(I, Data) -> +    io_lib:format("  ~s = SeqRoundtrip(~p, ~p),\n", +		  [match_term(Data),I,Data]). + +match_term('_') -> +    "_"; +match_term([H|T]=L) -> +    case is_intlist(L) of +	true -> +	    io_lib:format("~p", [L]); +	false -> +	    ["[",match_term(H),"|",match_term(T),"]"] +    end; +match_term(Tuple) when is_tuple(Tuple) -> +    ["{",match_term_tuple(Tuple, 1),"}"]; +match_term(Other) -> +    io_lib:format("~p", [Other]). + +match_term_tuple(T, I) when I =< tuple_size(T) -> +    [match_term(element(I, T)), +     if I < tuple_size(T) -> ","; +	true -> "" end|match_term_tuple(T, I+1)]; +match_term_tuple(_, _) -> +    []. + +is_intlist(L) -> +    lists:all(fun is_integer/1, L). diff --git a/lib/asn1/test/testValueTest.erl b/lib/asn1/test/testValueTest.erl new file mode 100644 index 0000000000..8a8e973621 --- /dev/null +++ b/lib/asn1/test/testValueTest.erl @@ -0,0 +1,114 @@ +%% +%% %CopyrightBegin% +%% +%% Copyright Ericsson AB 2014. All Rights Reserved. +%% +%% The contents of this file are subject to the Erlang Public License, +%% Version 1.1, (the "License"); you may not use this file except in +%% compliance with the License. You should have received a copy of the +%% Erlang Public License along with this software. If not, it can be +%% retrieved online at http://www.erlang.org/. +%% +%% Software distributed under the License is distributed on an "AS IS" +%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +%% the License for the specific language governing rights and limitations +%% under the License. +%% +%% %CopyrightEnd% +%% +%% +-module(testValueTest). + +-export([main/0]). + +main() -> +    M = 'ValueTest', + +    %% Basic types +    12 = M:'vANY'(), +    true = M:'vBOOLEAN'(), +    12 = M:'vINTEGER'(), +    0 = M:'vINTEGERNNL'(), +    button1 = M:'vENUMERATED'(), +    [zero,two] = M:'vBS'(), +    'NULL' = M:'vNULL'(), +    <<16#31,16#32,16#33>> = M:'vOS'(), + +    %% OID +    {2,1,1} = M:'vOD'(), +    {1,2} = M:'integer-first'(), +    {2,4,5} = M:'rel-oid-1'(), +    {0,2,4,5} = M:'include-roid'(), +    {1,2,1} = M:'include-oid'(), +    {1,2,1,2,4,5,42} = M:'include-all'(), + +    %% Character strings +    "01234567" = M:'numericstring'(), +    "PrintableString" = M:'printablestring'(), +    "VisibleString" = M:'visiblestring'(), +    [0,13] = M:'cr'(), +    ["First line",[0,13],"Second line"] = M:'ia5string1'(), +    [[5,5],[4,4],[6,6]] = M:'ia5string2'(), +    "TeletexString" = M:'teletexstring'(), +    "VideotexString" = M:'videotexstring'(), +    "97100211-0500" = M:'utctime'(), +    "19971002103130.5" = M:'generalizedtime'(), +    "ObjectDescriptor" = M:'objectdescriptor'(), +    "GraphicString" = M:'graphicstring'(), +    "GeneralString" = M:'generalstring'(), +    "BMPString" = M:'bmpstring1'(), +    [0,0,0,65] = M:'latinCapitalLetterA'(), +    [0,0,3,145] = M:'greekCapitalLetterSigma'(), +    ["This is a capital A: ", +     [0,0,0,65], +     ", and a capital sigma: ", +     [0,0,3,145], +     "; try and spot the difference!"] = M:'my-universalstring'(), + +    %% Integers +    42 = M:someInteger(), +    42 = M:otherInteger(), +    {'IntegerSeq',42} = M:integerSeq1(), + +    %% Value from object +    2 = M:'int-from-object-1'(), +    4 = M:'int-from-object-2'(), +    roundtrip_error('II', 1), +    roundtrip('II', 2), +    roundtrip('II', 3), +    roundtrip('II', 4), +    roundtrip_error('II', 5), + +    %% Recursive value definitions. +    {'OctetStringSeq',<<16#40,16#41,16#42>>} = M:octetStringSeq1(), +    <<16#40,16#41,16#42>> = M:otherOctetString(), +    <<16#40,16#41,16#42>> = M:someOctetString(), +    {'OctetStringSeq',<<16#40,16#41,16#42>>} = M:octetStringSeq2(), +    {'OctetStringSeq',<<16#40,16#41,16#FF>>} = M:octetStringSeq3(), +    <<16#40,16#41,16#FF>> = M:'os-1'(), +    <<16#40,16#41,16#FF>> = M:'os-2'(), + +    %% Recursive BIT STRING definitions. +    {'BsSeq',<<2#101101:6>>,[c]} = M:bsSeq1(), +    {'BsSeq',<<2#101101:6>>,[c]} = M:bsSeq2(), +    {'BsSeq',<<2#101:3>>,[a,c]} = M:bsSeq3(), +    <<2#101101:6>> = M:someBitString(), +    <<2#101101:6>> = M:otherBitString(), +    <<2#101:3>> = M:bsFromObject(), +    <<2#101:3>> = M:bsFromObjectInd(), +    [c] = M:someNamedBs(), +    [c] = M:someOtherNamedBs(), + +    ok. + + +roundtrip(T, V) -> +    asn1_test_lib:roundtrip('ValueTest', T, V). + +roundtrip_error(T, V) -> +    try asn1_test_lib:roundtrip('ValueTest', T, V) of +	ok -> +	    test_server:fail() +    catch _:_ -> +	    ok +    end. diff --git a/lib/asn1/test/testX420.erl b/lib/asn1/test/testX420.erl deleted file mode 100644 index 4ddc55dc16..0000000000 --- a/lib/asn1/test/testX420.erl +++ /dev/null @@ -1,93 +0,0 @@ -%% -%% %CopyrightBegin% -%% -%% Copyright Ericsson AB 2008-2013. All Rights Reserved. -%% -%% The contents of this file are subject to the Erlang Public License, -%% Version 1.1, (the "License"); you may not use this file except in -%% compliance with the License. You should have received a copy of the -%% Erlang Public License along with this software. If not, it can be -%% retrieved online at http://www.erlang.org/. -%% -%% Software distributed under the License is distributed on an "AS IS" -%% basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -%% the License for the specific language governing rights and limitations -%% under the License. -%% -%% %CopyrightEnd% -%% -%% -%%------------------------------------------------------------------- - --module(testX420). - --export([compile/3, ticket7759/2]). - --include_lib("test_server/include/test_server.hrl"). - - -compile(Erule, Options, Config) -> -    Specs0 = specs(), -    99 = length(Specs0), -    CaseDir = ?config(case_dir, Config), -    Specs = [filename:join(x420, Spec) || Spec <- Specs0], -    asn1_test_lib:compile_all(Specs, Config, [Erule,{i,CaseDir}|Options]). - -specs() -> -    ["ACSE-1", "AuthenticationFramework", "BasicAccessControl", -     "CertificateExtensions", "Character-Coding-Attributes", -     "Character-Presentation-Attributes", "Character-Profile-Attributes", -     "Colour-Attributes", "DOR-definition", "DSAOperationalAttributeTypes", -     "Default-Value-Lists", "DirectoryAbstractService", -     "DirectoryAccessProtocol", "DirectoryInformationShadowProtocol", -     "DirectoryOperationalBindingManagementProtocol", -     "DirectoryOperationalBindingTypes", "DirectoryProtectionMappings", -     "DirectoryShadowAbstractService", "DirectorySystemProtocol", -     "DistributedOperations", "Document-Profile-Descriptor", -     "EnhancedSecurity", "External-References", "GULSProtectionMappings", -     "GenericProtectingTransferSyntax", "Geo-Gr-Coding-Attributes", -     "Geo-Gr-Presentation-Attributes", "Geo-Gr-Profile-Attributes", -     "GulsSecurityExchanges", "GulsSecurityTransformations", -     "HierarchicalOperationalBindings", "IPMSAbstractService", -     "IPMSAutoActionTypes", "IPMSExtendedBodyPartTypes", -     "IPMSExtendedBodyPartTypes2", "IPMSExtendedVoiceBodyPartType", -     "IPMSFileTransferBodyPartType", "IPMSForwardedContentBodyPartType", -     "IPMSForwardedReportBodyPartType", "IPMSFunctionalObjects", -     "IPMSHeadingExtensions", "IPMSInformationObjects", -     "IPMSMessageStoreAttributes", "IPMSObjectIdentifiers", -     "IPMSObjectIdentifiers2", "IPMSSecurityExtensions", "IPMSUpperBounds", -     "ISO-STANDARD-9541-FONT-ATTRIBUTE-SET", "ISO8571-FTAM", "ISO9541-SN", -     "Identifiers-and-Expressions", "InformationFramework", -     "Interchange-Data-Elements", "Layout-Descriptors", "Link-Descriptors", -     "Location-Expressions", "Logical-Descriptors", "MHSObjectIdentifiers", -     "MHSProtocolObjectIdentifiers", "MSAbstractService", -     "MSAccessProtocol", "MSGeneralAttributeTypes", -     "MSGeneralAutoActionTypes", "MSMatchingRules", "MSObjectIdentifiers", -     "MSUpperBounds", "MTAAbstractService", "MTSAbstractService", -     "MTSAbstractService88", "MTSAccessProtocol", "MTSObjectIdentifiers", -     "MTSUpperBounds", "Notation", "ObjectIdentifiers", -     "OperationalBindingManagement", "PKCS7", "PKCS7BodyPartType", -     "Protected-Part-Descriptors", "ProtocolObjectIdentifiers", -     "Raster-Gr-Coding-Attributes", "Raster-Gr-Presentation-Attributes", -     "Raster-Gr-Profile-Attributes", "Reliable-Transfer-APDU", -     "Remote-Operations-Abstract-Syntaxes", -     "Remote-Operations-Generic-ROS-PDUs", -     "Remote-Operations-Information-Objects-extensions", -     "Remote-Operations-Information-Objects", -     "Remote-Operations-Realizations", -     "Remote-Operations-Useful-Definitions", "SelectedAttributeTypes", -     "SeseAPDUs", "SpkmGssTokens", "Style-Descriptors", "Subprofiles", -     "Temporal-Relationships", "Text-Units", "UpperBounds", -     "UsefulDefinitions", "Videotex-Coding-Attributes"]. - -ticket7759(_Erule,_Config) -> -    Encoded = encoded_msg(), -    io:format("Testing ticket7759 ...~n",[]), -    {ok, ContentInfo} = 'PKCS7':decode('ContentInfo',Encoded), -    {'ContentInfo',_Id,PKCS7_content} = ContentInfo, -    {ok,_} = 'PKCS7':decode('SignedData',PKCS7_content), -    ok. - - -encoded_msg() -> -    <<48,128,6,9,42,134,72,134,247,13,1,7,2,160,128,48,128,2,1,1,49,11,48,9,6,5,43,14,3,2,26,5,0,48,128,6,9,42,134,72,134,247,13,1,7,1,160,128,36,128,0,0,0,0,0,0,  49,130,1,192,48,130,1,188,2,1,1,48,50,48,38,49,17,48,15,6,3,85,4,3,12,8,65,100,109,105,110,67,65,49,49,17,48,15,6,3,85,4,10,12,8,69,82,73,67,83,83,79,78,2,8,15,151,245,186,21,23,240,96,48,9,6,5,43,14,3,2,26,5,0,160,129,229,48,17,6,10,96,134,72,1,134,248,69,1,9,2,49,3,19,1,51,48,17,6,10,96,134,72,1,134,248,69,1,9,3,49,3,19,1,51,48,24,6,9,42,134,72,134,247,13,1,9,3,49,11,6,9,42,134,72,134,247,13,1,7,1,48,28,6,9,42,134,72,134,247,13,1,9,5,49,15,23,13,48,56,49,50,49,48,48,57,53,52,50,51,90,48,28,6,10,96,134,72,1,134,248,69,1,9,7,49,14,19,12,49,53,50,56,49,52,50,52,48,57,53,53,48,32,6,10,96,134,72,1,134,248,69,1,9,5,49,18,4,16,165,115,177,71,78,88,239,113,78,56,98,98,18,202,217,235,48,32,6,10,96,134,72,1,134,248,69,1,9,6,49,18,4,16,227,174,230,251,43,153,252,65,11,93,231,83,34,18,55,46,48,35,6,9,42,134,72,134,247,13,1,9,4,49,22,4,20,218,57,163,238,94,107,75,13,50,85,191,239,149,96,24,144,175,216,7,9,48,13,6,9,42,134,72,134,247,13,1,1,1,5,0,4,129,128,106,233,116,125,140,51,133,173,63,41,54,138,214,211,89,215,169,125,98,77,16,222,216,240,211,79,125,111,87,186,73,63,253,204,107,102,177,63,174,197,224,212,231,172,149,246,33,68,223,67,102,93,64,152,152,5,216,102,247,134,36,197,150,236,57,77,56,138,95,71,204,31,23,149,241,213,78,172,165,249,100,187,12,45,19,57,67,120,54,63,15,239,41,217,127,61,254,60,201,104,68,3,135,214,206,93,253,255,192,94,56,107,68,210,57,61,41,249,47,156,130,244,52,12,163,216,236,69,0,0,0,0,0,0>>. diff --git a/lib/asn1/test/test_compile_options.erl b/lib/asn1/test/test_compile_options.erl index 7f358e863c..4b6357a395 100644 --- a/lib/asn1/test/test_compile_options.erl +++ b/lib/asn1/test/test_compile_options.erl @@ -24,7 +24,7 @@  -export([wrong_path/1,comp/2,path/1,ticket_6143/1,noobj/1, -	 record_name_prefix/1,verbose/1,warnings_as_errors/1]). +	 record_name_prefix/1,verbose/1]).  %% OTP-5689  wrong_path(Config) -> @@ -132,43 +132,6 @@ verbose(Config) when is_list(Config) ->      ?line [] = test_server:capture_get(),      ok. -warnings_as_errors(Config) when is_list(Config) -> -    PrivDir = ?config(priv_dir,Config), -    Asn1File = filename:join([PrivDir,"WERROR.asn1"]), -    OutFile = filename:join([PrivDir,"WERROR.erl"]), -    Opts = [{outdir,PrivDir},noobj,verbose], - -    %% Generate WERR.asn to emit warning -    %% Warning: Wrong format of type/value -    %%     false/{'Externalvaluereference',_,'WERR',noInvokeId} -    Warn = <<"WERROR DEFINITIONS IMPLICIT TAGS ::=\n" -	     "\n" -	     "BEGIN\n" -	     "\n" -	     "InvokeId ::= CHOICE\n" -	     "{\n" -	     "    present INTEGER,\n" -	     "    absent NULL\n" -	     "}\n" -	     "\n" -	     "noInvokeId InvokeId ::= absent:NULL\n" -	     "\n" -	     "NoInvokeId InvokeId ::= {noInvokeId}\n" -	     "\n" -	     "END -- end of useful definitions.\n">>, -    ?line ok = file:write_file(Asn1File, Warn), - -    %% Test warnings_as_errors compile -    ?line false = filelib:is_regular(OutFile), -    ?line {error, _} = asn1ct:compile(Asn1File, [warnings_as_errors|Opts]), -    ?line false = filelib:is_regular(OutFile), - -    %% Test normal compile -    ?line ok = asn1ct:compile(Asn1File, Opts), -    ?line true = filelib:is_regular(OutFile), -    ?line ok = file:delete(OutFile), -    ok. -  outfiles_check(OutDir) ->      outfiles_check(OutDir,outfiles1()). | 
