diff options
Diffstat (limited to 'lib/public_key/asn1/PKCS-15.asn1')
| -rw-r--r-- | lib/public_key/asn1/PKCS-15.asn1 | 869 |
1 files changed, 0 insertions, 869 deletions
diff --git a/lib/public_key/asn1/PKCS-15.asn1 b/lib/public_key/asn1/PKCS-15.asn1 deleted file mode 100644 index 6d352e1014..0000000000 --- a/lib/public_key/asn1/PKCS-15.asn1 +++ /dev/null @@ -1,869 +0,0 @@ -PKCS-15 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) - pkcs-15(15) modules(1) pkcs-15(1)} - --- $Revision: 1.7 $ -- - -DEFINITIONS IMPLICIT TAGS ::= - -BEGIN - -IMPORTS - -informationFramework, authenticationFramework, certificateExtensions - FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1) - usefulDefinitions(0) 3} - -Name, Attribute - FROM InformationFramework informationFramework - -Certificate, AttributeCertificate, CertificateSerialNumber, - SubjectPublicKeyInfo - FROM AuthenticationFramework authenticationFramework - -GeneralNames, KeyUsage - FROM CertificateExtensions certificateExtensions - -RecipientInfos, RecipientInfo, OriginatorInfo, sha-1, - id-alg-CMS3DESwrap, id-alg-CMSRC2wrap, hMAC-SHA1, des-ede3-cbc - FROM CryptographicMessageSyntax {iso(1) member-body(2) - us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) - cms(1)} - -RSAPublicKey - FROM PKCS-1 {iso(1) member-body(2) us(840) rsadsi(113549) - pkcs(1) pkcs-1(1) modules(0) pkcs-1(1)} - -AlgorithmIdentifier, SupportingAlgorithms, PBKDF2Algorithms, - ALGORITHM-IDENTIFIER, id-hmacWithSHA1 - FROM PKCS-5 {iso(1) member-body(2) us(840) rsadsi(113549) - pkcs(1) pkcs-5(5) modules(16) pkcs-5(1)} - -ECPoint, Parameters - FROM ANSI-X9-62 {iso(1) member-body(2) us(840) - ansi-x962(10045) module(4) 1} - -DiffieHellmanPublicNumber, DomainParameters - FROM ANSI-X9-42 {iso(1) member-body(2) us(840) - ansi-x942(10046) module(5) 1} - -OOBCertHash - FROM PKIXCMP {iso(1) identified-organization(3) dod(6) - internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) - id-mod-cmp(9)}; - --- Constants - -pkcs15-ub-identifier INTEGER ::= 255 -pkcs15-ub-reference INTEGER ::= 255 -pkcs15-ub-index INTEGER ::= 65535 -pkcs15-ub-label INTEGER ::= pkcs15-ub-identifier -pkcs15-lb-minPinLength INTEGER ::= 4 -pkcs15-ub-minPinLength INTEGER ::= 8 -pkcs15-ub-storedPinLength INTEGER ::= 64 -pkcs15-ub-recordLength INTEGER ::= 16383 -pkcs15-ub-userConsent INTEGER ::= 15 -pkcs15-ub-securityConditions INTEGER ::= 255 -pkcs15-ub-seInfo INTEGER ::= 255 - --- Object Identifiers - -pkcs15 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) - rsadsi(113549) pkcs(1) pkcs-15(15)} -pkcs15-mo OBJECT IDENTIFIER ::= {pkcs15 1} -- Modules branch -pkcs15-at OBJECT IDENTIFIER ::= {pkcs15 2} -- Attribute branch -pkcs15-ct OBJECT IDENTIFIER ::= {pkcs15 3} -- Content type branch - --- Content Types - -pkcs15-ct-PKCS15Token OBJECT IDENTIFIER ::= {pkcs15-ct 1} - --- Basic types - -Identifier ::= OCTET STRING (SIZE (0..pkcs15-ub-identifier)) - -Reference ::= INTEGER (0..pkcs15-ub-reference) - -Label ::= UTF8String (SIZE(0..pkcs15-ub-label)) - -KEY-IDENTIFIER ::= CLASS { - &id INTEGER UNIQUE, - &Value -} WITH SYNTAX { - SYNTAX &Value IDENTIFIED BY &id -} - -CredentialIdentifier {KEY-IDENTIFIER : IdentifierSet} ::= SEQUENCE { - idType KEY-IDENTIFIER.&id ({IdentifierSet}), - idValue KEY-IDENTIFIER.&Value ({IdentifierSet}{@idType}) -} - -KeyIdentifiers KEY-IDENTIFIER ::= { - issuerAndSerialNumber| - issuerAndSerialNumberHash| - subjectKeyId| - subjectKeyHash | - issuerKeyHash | - issuerNameHash | - subjectNameHash, - ... -} - -issuerAndSerialNumber KEY-IDENTIFIER::= - {SYNTAX PKCS15-OPAQUE.&Type IDENTIFIED BY 1} - -- As defined in RFC 2630 -subjectKeyId KEY-IDENTIFIER ::= - {SYNTAX OCTET STRING IDENTIFIED BY 2} - -- From x509v3 certificate extension -issuerAndSerialNumberHash KEY-IDENTIFIER ::= - {SYNTAX OCTET STRING IDENTIFIED BY 3} - -- Assumes SHA-1 hash of DER encoding of IssuerAndSerialNumber -subjectKeyHash KEY-IDENTIFIER ::= - {SYNTAX OCTET STRING IDENTIFIED BY 4} -issuerKeyHash KEY-IDENTIFIER ::= - {SYNTAX OCTET STRING IDENTIFIED BY 5} -issuerNameHash KEY-IDENTIFIER ::= - {SYNTAX OCTET STRING IDENTIFIED BY 6} - -- SHA-1 hash of DER-encoded issuer name -subjectNameHash KEY-IDENTIFIER ::= - {SYNTAX OCTET STRING IDENTIFIED BY 7} - -- SHA-1 hash of DER-encoded subject name - -ReferencedValue {Type} ::= CHOICE { - path Path, - url URL -} (CONSTRAINED BY {-- 'path' or 'url' shall point to an object of - -- type -- Type}) - -URL ::= CHOICE { - url PrintableString, - urlWithDigest [3] SEQUENCE { - url IA5String, - digest DigestInfoWithDefault - } -} - -alg-id-sha1 AlgorithmIdentifier {{DigestAlgorithms}} ::= { - algorithm sha-1, - parameters SHA1Parameters : NULL} - -SHA1Parameters ::= NULL - -DigestInfoWithDefault ::= SEQUENCE { - digestAlg AlgorithmIdentifier {{DigestAlgorithms}} DEFAULT alg-id-sha1, - digest OCTET STRING (SIZE(8..128)) -} - -Path ::= SEQUENCE { - path OCTET STRING, - index INTEGER (0..pkcs15-ub-index) OPTIONAL, - length [0] INTEGER (0..pkcs15-ub-index) OPTIONAL - }( WITH COMPONENTS {..., index PRESENT, length PRESENT}| - WITH COMPONENTS {..., index ABSENT, length ABSENT}) - -ObjectValue { Type } ::= CHOICE { - indirect ReferencedValue {Type}, - direct [0] Type, - indirect-protected [1] ReferencedValue {EnvelopedData {Type}}, - direct-protected [2] EnvelopedData {Type} - }(CONSTRAINED BY {-- if indirection is being used, then it is - -- expected that the reference points either to a (possibly - -- enveloped) object of type -- Type -- or (key case) to a card- - -- specific key file --}) - -PathOrObjects {ObjectType} ::= CHOICE { - path Path, - objects [0] SEQUENCE OF ObjectType, - ..., - indirect-protected [1] ReferencedValue {EnvelopedData {SEQUENCE OF ObjectType}}, - direct-protected [2] EnvelopedData {SEQUENCE OF ObjectType} - } - -CommonObjectAttributes ::= SEQUENCE { - label Label OPTIONAL, - flags CommonObjectFlags OPTIONAL, - authId Identifier OPTIONAL, - ..., - userConsent INTEGER (1..pkcs15-ub-userConsent) OPTIONAL, - accessControlRules SEQUENCE SIZE (1..MAX) OF AccessControlRule OPTIONAL -} (CONSTRAINED BY {-- authId should be present in the IC card case if - -- flags.private is set. It must equal an authID in one AuthRecord - -- in the AODF -- }) - -CommonObjectFlags ::= BIT STRING { - private (0), - modifiable (1) -} - -AccessControlRule ::= SEQUENCE { - accessMode AccessMode, - securityCondition SecurityCondition, - ... -- For future extensions -} - -AccessMode ::= BIT STRING { - read (0), - update (1), - execute (2) -} - -SecurityCondition ::= CHOICE { - authId Identifier, - not [0] SecurityCondition, - and [1] SEQUENCE SIZE (2..pkcs15-ub-securityConditions) - OF SecurityCondition, - or [2] SEQUENCE SIZE (2..pkcs15-ub-securityConditions) - OF SecurityCondition, - ... -- For future extensions -} - -CommonKeyAttributes ::= SEQUENCE { - iD Identifier, - usage KeyUsageFlags, - native BOOLEAN DEFAULT TRUE, - accessFlags KeyAccessFlags OPTIONAL, - keyReference Reference OPTIONAL, - startDate GeneralizedTime OPTIONAL, - endDate [0] GeneralizedTime OPTIONAL, - ... -- For future extensions -} - -KeyUsageFlags ::= BIT STRING { - encrypt (0), - decrypt (1), - sign (2), - signRecover (3), - wrap (4), - unwrap (5), - verify (6), - verifyRecover (7), - derive (8), - nonRepudiation (9) -} - -KeyAccessFlags ::= BIT STRING { - sensitive (0), - extractable (1), - alwaysSensitive (2), - neverExtractable (3), - local (4) -} - -CommonPrivateKeyAttributes ::= SEQUENCE { - subjectName Name OPTIONAL, - keyIdentifiers [0] SEQUENCE OF CredentialIdentifier - {{KeyIdentifiers}} OPTIONAL, - ... -- For future extensions -} - -CommonPublicKeyAttributes ::= SEQUENCE { - subjectName Name OPTIONAL, - ..., - trustedUsage [0] Usage OPTIONAL -} - -CommonSecretKeyAttributes ::= SEQUENCE { - keyLen INTEGER OPTIONAL, -- keylength (in bits) - ... -- For future extensions -} - -KeyInfo {ParameterType, OperationsType} ::= CHOICE { - reference Reference, - paramsAndOps SEQUENCE { - parameters ParameterType, - supportedOperations OperationsType OPTIONAL - } -} - -CommonCertificateAttributes ::= SEQUENCE { - iD Identifier, - authority BOOLEAN DEFAULT FALSE, - identifier CredentialIdentifier {{KeyIdentifiers}} OPTIONAL, - certHash [0] OOBCertHash OPTIONAL, - ..., - trustedUsage [1] Usage OPTIONAL, - identifiers [2] SEQUENCE OF CredentialIdentifier{{KeyIdentifiers}} OPTIONAL, - implicitTrust [3] BOOLEAN DEFAULT FALSE -} - -Usage ::= SEQUENCE { - keyUsage KeyUsage OPTIONAL, - extKeyUsage SEQUENCE SIZE (1..MAX) OF OBJECT IDENTIFIER OPTIONAL - }(WITH COMPONENTS {..., keyUsage PRESENT} | - WITH COMPONENTS {..., extKeyUsage PRESENT}) - -CommonDataObjectAttributes ::= SEQUENCE { - applicationName Label OPTIONAL, - applicationOID OBJECT IDENTIFIER OPTIONAL, - ... -- For future extensions - } (WITH COMPONENTS {..., applicationName PRESENT}| - WITH COMPONENTS {..., applicationOID PRESENT}) - -CommonAuthenticationObjectAttributes ::= SEQUENCE { - authId Identifier, - ... -- For future extensions -} - -PKCS15Object {ClassAttributes, SubClassAttributes, TypeAttributes} - ::= SEQUENCE { - commonObjectAttributes CommonObjectAttributes, - classAttributes ClassAttributes, - subClassAttributes [0] SubClassAttributes OPTIONAL, - typeAttributes [1] TypeAttributes -} - -PKCS15Objects ::= CHOICE { - privateKeys [0] PrivateKeys, - publicKeys [1] PublicKeys, - trustedPublicKeys [2] PublicKeys, - secretKeys [3] SecretKeys, - certificates [4] Certificates, - trustedCertificates [5] Certificates, - usefulCertificates [6] Certificates, - dataObjects [7] DataObjects, - authObjects [8] AuthObjects, - ... -- For future extensions -} - -PrivateKeys ::= PathOrObjects {PrivateKeyType} - -SecretKeys ::= PathOrObjects {SecretKeyType} - -PublicKeys ::= PathOrObjects {PublicKeyType} - -Certificates ::= PathOrObjects {CertificateType} - -DataObjects ::= PathOrObjects {DataType} - -AuthObjects ::= PathOrObjects {AuthenticationType} - -PrivateKeyType ::= CHOICE { - privateRSAKey PrivateKeyObject {PrivateRSAKeyAttributes}, - privateECKey [0] PrivateKeyObject {PrivateECKeyAttributes}, - privateDHKey [1] PrivateKeyObject {PrivateDHKeyAttributes}, - privateDSAKey [2] PrivateKeyObject {PrivateDSAKeyAttributes}, - privateKEAKey [3] PrivateKeyObject {PrivateKEAKeyAttributes}, - ... -- For future extensions -} - -PrivateKeyObject {KeyAttributes} ::= PKCS15Object { - CommonKeyAttributes, CommonPrivateKeyAttributes, KeyAttributes} - -PrivateRSAKeyAttributes ::= SEQUENCE { - value ObjectValue {RSAPrivateKeyObject}, - modulusLength INTEGER, -- modulus length in bits, e.g. 1024 - keyInfo KeyInfo {NULL, PublicKeyOperations} OPTIONAL, - ... -- For future extensions -} - -RSAPrivateKeyObject ::= SEQUENCE { - modulus [0] INTEGER OPTIONAL, -- n - publicExponent [1] INTEGER OPTIONAL, -- e - privateExponent [2] INTEGER OPTIONAL, -- d - prime1 [3] INTEGER OPTIONAL, -- p - prime2 [4] INTEGER OPTIONAL, -- q - exponent1 [5] INTEGER OPTIONAL, -- d mod (p-1) - exponent2 [6] INTEGER OPTIONAL, -- d mod (q-1) - coefficient [7] INTEGER OPTIONAL -- inv(q) mod p -} (CONSTRAINED BY {-- must be possible to reconstruct modulus and - -- privateExponent from selected fields --}) - -PrivateECKeyAttributes ::= SEQUENCE { - value ObjectValue {ECPrivateKey}, - keyInfo KeyInfo {Parameters, PublicKeyOperations} OPTIONAL, - ... -- For future extensions -} - -ECPrivateKey ::= INTEGER - -PrivateDHKeyAttributes ::= SEQUENCE { - value ObjectValue {DHPrivateKey}, - keyInfo KeyInfo {DomainParameters, PublicKeyOperations} OPTIONAL, - ... -- For future extensions -} - -DHPrivateKey ::= INTEGER -- Diffie-Hellman exponent - -PrivateDSAKeyAttributes ::= SEQUENCE { - value ObjectValue {DSAPrivateKey}, - keyInfo KeyInfo {DomainParameters, PublicKeyOperations} OPTIONAL, - ... -- For future extensions -} - -DSAPrivateKey ::= INTEGER - -PrivateKEAKeyAttributes ::= SEQUENCE { - value ObjectValue {KEAPrivateKey}, - keyInfo KeyInfo {DomainParameters, PublicKeyOperations} OPTIONAL, - ... -- For future extensions -} - -KEAPrivateKey ::= INTEGER - -PublicKeyType ::= CHOICE { - publicRSAKey PublicKeyObject {PublicRSAKeyAttributes}, - publicECKey [0] PublicKeyObject {PublicECKeyAttributes}, - publicDHKey [1] PublicKeyObject {PublicDHKeyAttributes}, - publicDSAKey [2] PublicKeyObject {PublicDSAKeyAttributes}, - publicKEAKey [3] PublicKeyObject {PublicKEAKeyAttributes}, - ... -- For future extensions -} - -PublicKeyObject {KeyAttributes} ::= PKCS15Object { - CommonKeyAttributes, CommonPublicKeyAttributes, KeyAttributes} - -PublicRSAKeyAttributes ::= SEQUENCE { - value ObjectValue {RSAPublicKeyChoice}, - modulusLength INTEGER, -- modulus length in bits, e.g. 1024 - keyInfo KeyInfo {NULL, PublicKeyOperations} OPTIONAL, - ... -- For future extensions -} - -RSAPublicKeyChoice ::= CHOICE { - raw RSAPublicKey, - spki [1] SubjectPublicKeyInfo, -- See X.509. Must contain a - -- public RSA key - ... -} - -PublicECKeyAttributes ::= SEQUENCE { - value ObjectValue {ECPublicKeyChoice}, - keyInfo KeyInfo {Parameters, PublicKeyOperations} OPTIONAL, - ... -- For future extensions -} - -ECPublicKeyChoice ::= CHOICE { - raw ECPoint, - spki SubjectPublicKeyInfo, -- See X.509. Must contain a public EC key - ... -} - -PublicDHKeyAttributes ::= SEQUENCE { - value ObjectValue {DHPublicKeyChoice}, - keyInfo KeyInfo {DomainParameters, PublicKeyOperations} OPTIONAL, - ... -- For future extensions -} - -DHPublicKeyChoice ::= CHOICE { - raw DiffieHellmanPublicNumber, - spki SubjectPublicKeyInfo, -- See X.509. Must contain a public D-H key - ... -} - -PublicDSAKeyAttributes ::= SEQUENCE { - value ObjectValue {DSAPublicKeyChoice}, - keyInfo KeyInfo {DomainParameters, PublicKeyOperations} OPTIONAL, - ... -- For future extensions -} - -DSAPublicKeyChoice ::= CHOICE { - raw INTEGER, - spki SubjectPublicKeyInfo, -- See X.509. Must contain a public DSA key. - ... -} - -PublicKEAKeyAttributes ::= SEQUENCE { - value ObjectValue {KEAPublicKeyChoice}, - keyInfo KeyInfo {DomainParameters, PublicKeyOperations} OPTIONAL, - ... -- For future extensions -} - -KEAPublicKeyChoice ::= CHOICE { - raw INTEGER, - spki SubjectPublicKeyInfo, -- See X.509. Must contain a public KEA key - ... -} - -SecretKeyType ::= CHOICE { - genericSecretKey SecretKeyObject {GenericSecretKeyAttributes}, - rc2key [0] SecretKeyObject {GenericSecretKeyAttributes}, - rc4key [1] SecretKeyObject {GenericSecretKeyAttributes}, - desKey [2] SecretKeyObject {GenericSecretKeyAttributes}, - des2Key [3] SecretKeyObject {GenericSecretKeyAttributes}, - des3Key [4] SecretKeyObject {GenericSecretKeyAttributes}, - castKey [5] SecretKeyObject {GenericSecretKeyAttributes}, - cast3Key [6] SecretKeyObject {GenericSecretKeyAttributes}, - cast128Key [7] SecretKeyObject {GenericSecretKeyAttributes}, - rc5Key [8] SecretKeyObject {GenericSecretKeyAttributes}, - ideaKey [9] SecretKeyObject {GenericSecretKeyAttributes}, - skipjackKey [10] SecretKeyObject {GenericSecretKeyAttributes}, - batonKey [11] SecretKeyObject {GenericSecretKeyAttributes}, - juniperKey [12] SecretKeyObject {GenericSecretKeyAttributes}, - rc6Key [13] SecretKeyObject {GenericSecretKeyAttributes}, - otherKey [14] OtherKey, -... -- For future extensions -} - -SecretKeyObject {KeyAttributes} ::= PKCS15Object { - CommonKeyAttributes, CommonSecretKeyAttributes, KeyAttributes} - -OtherKey ::= SEQUENCE { - keyType OBJECT IDENTIFIER, - keyAttr SecretKeyObject {GenericSecretKeyAttributes} -} - -GenericSecretKeyAttributes ::= SEQUENCE { - value ObjectValue { OCTET STRING }, - ... -- For future extensions -} - -CertificateType ::= CHOICE { - x509Certificate CertificateObject { X509CertificateAttributes}, - x509AttributeCertificate [0] CertificateObject - {X509AttributeCertificateAttributes}, - spkiCertificate [1] CertificateObject {SPKICertificateAttributes}, - pgpCertificate [2] CertificateObject {PGPCertificateAttributes}, - wtlsCertificate [3] CertificateObject {WTLSCertificateAttributes}, - x9-68Certificate [4] CertificateObject {X9-68CertificateAttributes}, - ..., - cvCertificate [5] CertificateObject {CVCertificateAttributes} -} - -CertificateObject {CertAttributes} ::= PKCS15Object { - CommonCertificateAttributes, NULL, CertAttributes} - -X509CertificateAttributes ::= SEQUENCE { - value ObjectValue { Certificate }, - subject Name OPTIONAL, - issuer [0] Name OPTIONAL, - serialNumber CertificateSerialNumber OPTIONAL, - ... -- For future extensions -} - -X509AttributeCertificateAttributes ::= SEQUENCE { - value ObjectValue { AttributeCertificate }, - issuer GeneralNames OPTIONAL, - serialNumber CertificateSerialNumber OPTIONAL, - attrTypes [0] SEQUENCE OF OBJECT IDENTIFIER OPTIONAL, - ... -- For future extensions -} - -SPKICertificateAttributes ::= SEQUENCE { - value ObjectValue { PKCS15-OPAQUE.&Type }, - ... -- For future extensions -} - -PGPCertificateAttributes ::= SEQUENCE { - value ObjectValue { PKCS15-OPAQUE.&Type }, - ... -- For future extensions -} - -WTLSCertificateAttributes ::= SEQUENCE { - value ObjectValue { PKCS15-OPAQUE.&Type }, - ... -- For future extensions -} - -X9-68CertificateAttributes ::= SEQUENCE { - value ObjectValue { PKCS15-OPAQUE.&Type }, - ... -- For future extensions -} -CVCertificateAttributes ::= SEQUENCE { - value ObjectValue { PKCS15-OPAQUE.&Type}, - ... -- For future extensions -} - -DataType ::= CHOICE { - opaqueDO DataObject {Opaque}, - externalIDO [0] DataObject {ExternalIDO}, - oidDO [1] DataObject {OidDO}, - ... -- For future extensions -} - -DataObject {DataObjectAttributes} ::= PKCS15Object { - CommonDataObjectAttributes, NULL, DataObjectAttributes} - -Opaque ::= ObjectValue {PKCS15-OPAQUE.&Type} - -ExternalIDO ::= ObjectValue {PKCS15-OPAQUE.&Type} - (CONSTRAINED BY {-- All data objects must be defined in - -- accordance with ISO/IEC 7816-6 --}) - -OidDO ::= SEQUENCE { - id OBJECT IDENTIFIER, - value ObjectValue {PKCS15-OPAQUE.&Type} -} - -AuthenticationType ::= CHOICE { - pin AuthenticationObject { PinAttributes }, - ..., - biometricTemplate [0] AuthenticationObject {BiometricAttributes}, - authKey [1] AuthenticationObject {AuthKeyAttributes}, - external [2] AuthenticationObject {ExternalAuthObjectAttributes} -} - -AuthenticationObject {AuthObjectAttributes} ::= PKCS15Object { - CommonAuthenticationObjectAttributes, NULL, AuthObjectAttributes} - -PinAttributes ::= SEQUENCE { - pinFlags PinFlags, - pinType PinType, - minLength INTEGER (pkcs15-lb-minPinLength..pkcs15-ub-minPinLength), - storedLength INTEGER (0..pkcs15-ub-storedPinLength), - maxLength INTEGER OPTIONAL, - pinReference [0] Reference DEFAULT 0, - padChar OCTET STRING (SIZE(1)) OPTIONAL, - lastPinChange GeneralizedTime OPTIONAL, - path Path OPTIONAL, - ... -- For future extensions -} - -PinFlags ::= BIT STRING { - case-sensitive (0), - local (1), - change-disabled (2), - unblock-disabled (3), - initialized (4), - needs-padding (5), - unblockingPin (6), - soPin (7), - disable-allowed (8), - integrity-protected (9), - confidentiality-protected (10), - exchangeRefData (11) -} (CONSTRAINED BY { -- 'unblockingPin' and 'soPIN' cannot both be set -- }) - -PinType ::= ENUMERATED {bcd, ascii-numeric, utf8, ..., - half-nibble-bcd, iso9564-1} - -BiometricAttributes ::= SEQUENCE { - bioFlags BiometricFlags, - templateId OBJECT IDENTIFIER, - bioType BiometricType, - bioReference Reference DEFAULT 0, - lastChange GeneralizedTime OPTIONAL, - path Path OPTIONAL, -... -- For future extensions -} - -BiometricFlags ::= BIT STRING { - local (1), - change-disabled (2), - unblock-disabled (3), - initialized (4), - disable-allowed (8), - integrity-protected (9), - confidentiality-protected (10) - } -- Note: bits 0, 5, 6, and 7 are reserved for future use - -BiometricType ::= CHOICE { - fingerPrint FingerPrint, - irisScan [0] IrisScan, - -- Possible extensions: - -- voiceScan VoiceScan, - -- faceScan FaceScan, - -- retinaScan Retinascan, - -- handGeometry HandGeometry, - -- writeDynamics WriteDynamics, - -- keyStrokeDynamicsKeyStrokeDynamics, - -- lipDynamics LipDynamics, - ... -- For future extensions -} - -FingerPrint ::= SEQUENCE { - hand ENUMERATED {left, right}, - finger ENUMERATED {thumb, pointerFinger, middleFinger, - ringFinger, littleFinger}, - ... -} - -IrisScan ::= SEQUENCE { - eye ENUMERATED {left, right}, - ... -} - -ExternalAuthObjectAttributes ::= CHOICE { - authKeyAttributes AuthKeyAttributes, - certBasedAttributes [0] CertBasedAuthenticationAttributes, - ... -- For future extensions -} - -AuthKeyAttributes ::= SEQUENCE { - derivedKey BOOLEAN DEFAULT TRUE, - authKeyId Identifier, - ... -- For future extensions -} - -CertBasedAuthenticationAttributes ::= SEQUENCE { - cha OCTET STRING, - ... -} - -TokenInfo ::= SEQUENCE { - version INTEGER {v1(0)} (v1,...), - serialNumber OCTET STRING, - manufacturerID Label OPTIONAL, - label [0] Label OPTIONAL, - tokenflags TokenFlags, - seInfo SEQUENCE OF SecurityEnvironmentInfo OPTIONAL, - recordInfo [1] RecordInfo OPTIONAL, - supportedAlgorithms [2] SEQUENCE OF AlgorithmInfo OPTIONAL, - ..., - issuerId [3] Label OPTIONAL, - holderId [4] Label OPTIONAL, - lastUpdate [5] LastUpdate OPTIONAL, - preferredLanguage PrintableString OPTIONAL -- In accordance with - -- IETF RFC 1766 -} (CONSTRAINED BY { -- Each AlgorithmInfo.reference value must be unique --}) - -TokenFlags ::= BIT STRING { - readonly (0), - loginRequired (1), - prnGeneration (2), - eidCompliant (3) -} - -SecurityEnvironmentInfo ::= SEQUENCE { - se INTEGER (0..pkcs15-ub-seInfo), - owner OBJECT IDENTIFIER, - ... -- For future extensions -} - -RecordInfo ::= SEQUENCE { - oDFRecordLength [0] INTEGER (0..pkcs15-ub-recordLength) OPTIONAL, - prKDFRecordLength [1] INTEGER (0..pkcs15-ub-recordLength) OPTIONAL, - puKDFRecordLength [2] INTEGER (0..pkcs15-ub-recordLength) OPTIONAL, - sKDFRecordLength [3] INTEGER (0..pkcs15-ub-recordLength) OPTIONAL, - cDFRecordLength [4] INTEGER (0..pkcs15-ub-recordLength) OPTIONAL, - dODFRecordLength [5] INTEGER (0..pkcs15-ub-recordLength) OPTIONAL, - aODFRecordLength [6] INTEGER (0..pkcs15-ub-recordLength) OPTIONAL -} - -AlgorithmInfo ::= SEQUENCE { - reference Reference, - algorithm PKCS15-ALGORITHM.&id({AlgorithmSet}), - parameters PKCS15-ALGORITHM.&Parameters({AlgorithmSet}{@algorithm}), - supportedOperations - PKCS15-ALGORITHM.&Operations({AlgorithmSet}{@algorithm}), - algId PKCS15-ALGORITHM.&objectIdentifier({AlgorithmSet}{@algorithm}) - OPTIONAL, - algRef Reference OPTIONAL -} - -PKCS15-ALGORITHM ::= CLASS { - &id INTEGER UNIQUE, - &Parameters, - &Operations Operations, - &objectIdentifier OBJECT IDENTIFIER OPTIONAL -} WITH SYNTAX { - PARAMETERS &Parameters OPERATIONS &Operations ID &id [OID &objectIdentifier]} - -PKCS15-OPAQUE ::= TYPE-IDENTIFIER - -PublicKeyOperations ::= Operations - -Operations ::= BIT STRING { - compute-checksum (0), -- H/W computation of checksum - compute-signature (1), -- H/W computation of signature - verify-checksum (2), -- H/W verification of checksum - verify-signature (3), -- H/W verification of signature - encipher (4), -- H/W encryption of data - decipher (5), -- H/W decryption of data - hash (6), -- H/W hashing - generate-key (7) -- H/W key generation - } - -pkcs15-alg-null PKCS15-ALGORITHM ::= { - PARAMETERS NULL OPERATIONS {{generate-key}} ID -1} - -AlgorithmSet PKCS15-ALGORITHM ::= { - pkcs15-alg-null, - ... -- See PKCS #11 for values for the &id field (and parameters) - } - -LastUpdate ::= CHOICE { - generalizedTime GeneralizedTime, - referencedTime ReferencedValue {GeneralizedTime}, - ... -- For future extensions - } - --- Soft token related types and objects - -EnvelopedData {Type} ::= SEQUENCE { - version INTEGER{v0(0),v1(1),v2(2),v3(3),v4(4)}(v0|v1|v2,...), - originatorInfo [0] OriginatorInfo OPTIONAL, - recipientInfos RecipientInfos, - encryptedContentInfo EncryptedContentInfo{Type}, - unprotectedAttrs [1] SET SIZE (1..MAX) OF Attribute OPTIONAL -} - -EncryptedContentInfo {Type} ::= SEQUENCE { - contentType OBJECT IDENTIFIER, - contentEncryptionAlgorithm AlgorithmIdentifier {{KeyDerivationAlgorithms}}, - encryptedContent [0] OCTET STRING OPTIONAL -}(CONSTRAINED BY {-- 'encryptedContent' shall be the result of - -- encrypting DER-encoded value of type -- Type}) - -PKCS15Token ::= SEQUENCE { - version INTEGER {v1(0)} (v1,...), - keyManagementInfo [0] KeyManagementInfo OPTIONAL, - pkcs15Objects SEQUENCE OF PKCS15Objects -} - -KeyManagementInfo ::= SEQUENCE OF SEQUENCE { - keyId Identifier, - keyInfo CHOICE { - recipientInfo RecipientInfo, - passwordInfo [0] PasswordInfo - } -} (CONSTRAINED BY {-- Each keyID must be unique --}) - -PasswordInfo ::= SEQUENCE { - hint Label OPTIONAL, - algId AlgorithmIdentifier {{KeyDerivationAlgorithms}}, - ... -} (CONSTRAINED BY {--keyID shall point to a KEKRecipientInfo--}) - -KeyDerivationAlgorithms ALGORITHM-IDENTIFIER ::= { - PBKDF2Algorithms, - ... -- For future extensions -} - -CMS3DESwrap ::= NULL - -KeyEncryptionAlgorithms ALGORITHM-IDENTIFIER ::= { - {CMS3DESwrap IDENTIFIED BY id-alg-CMS3DESwrap} | - {INTEGER IDENTIFIED BY id-alg-CMSRC2wrap}, - ... -- For future extensions -} - -DES-IV ::= OCTET STRING (SIZE(8)) - -ContentEncryptionAlgorithms ALGORITHM-IDENTIFIER ::= { - SupportingAlgorithms EXCEPT {NULL IDENTIFIED BY id-hmacWithSHA1}, - ... -- For future extensions -} - -MACAlgorithms ALGORITHM-IDENTIFIER ::= { - {NULL IDENTIFIED BY hMAC-SHA1}, - ... -- For future extensions -} - -DigestAlgorithms ALGORITHM-IDENTIFIER ::= { - {NULL IDENTIFIED BY sha-1}, - ... -- For future extensions -} - --- Misc - -DDO ::= SEQUENCE { - oid OBJECT IDENTIFIER, - odfPath Path OPTIONAL, - tokenInfoPath [0] Path OPTIONAL, - unusedPath [1] Path OPTIONAL, - ... -- For future extensions -} - -DIRRecord ::= [APPLICATION 1] SEQUENCE { - aid [APPLICATION 15] OCTET STRING, - label [APPLICATION 16] UTF8String OPTIONAL, - path [APPLICATION 17] OCTET STRING, - ddo [APPLICATION 19] DDO OPTIONAL -} - -UnusedSpace ::= SEQUENCE { - path Path (WITH COMPONENTS {..., index PRESENT, length PRESENT}), - authId Identifier OPTIONAL, - ..., - accessControlRules SEQUENCE OF AccessControlRule OPTIONAL -} - -END |