diff options
Diffstat (limited to 'lib/public_key/asn1')
-rwxr-xr-x | lib/public_key/asn1/DSS.asn1 | 20 | ||||
-rw-r--r-- | lib/public_key/asn1/Makefile | 113 | ||||
-rw-r--r-- | lib/public_key/asn1/OTP-PKIX.asn1 | 709 | ||||
-rw-r--r-- | lib/public_key/asn1/OTP-PUB-KEY.asn1config | 2 | ||||
-rw-r--r-- | lib/public_key/asn1/OTP-PUB-KEY.set.asn | 7 | ||||
-rwxr-xr-x | lib/public_key/asn1/PKCS-1.asn1 | 116 | ||||
-rw-r--r-- | lib/public_key/asn1/PKIX1Algorithms88.asn1 | 235 | ||||
-rw-r--r-- | lib/public_key/asn1/PKIX1Explicit88.asn1 | 619 | ||||
-rw-r--r-- | lib/public_key/asn1/PKIX1Implicit88.asn1 | 349 | ||||
-rw-r--r-- | lib/public_key/asn1/PKIXAttributeCertificate.asn1 | 189 | ||||
-rw-r--r-- | lib/public_key/asn1/README | 51 |
11 files changed, 2410 insertions, 0 deletions
diff --git a/lib/public_key/asn1/DSS.asn1 b/lib/public_key/asn1/DSS.asn1 new file mode 100755 index 0000000000..77aca3808b --- /dev/null +++ b/lib/public_key/asn1/DSS.asn1 @@ -0,0 +1,20 @@ +DSS DEFINITIONS EXPLICIT TAGS ::= + +BEGIN + +-- EXPORTS ALL +-- All types and values defined in this module are exported for use +-- in other ASN.1 modules. + +DSAPrivateKey ::= SEQUENCE { + version INTEGER, + p INTEGER, -- p + q INTEGER, -- q + g INTEGER, -- q + y INTEGER, -- y + x INTEGER -- x +} + +END + + diff --git a/lib/public_key/asn1/Makefile b/lib/public_key/asn1/Makefile new file mode 100644 index 0000000000..fbea701be9 --- /dev/null +++ b/lib/public_key/asn1/Makefile @@ -0,0 +1,113 @@ +# +# %CopyrightBegin% +# +# Copyright Ericsson AB 2008-2009. All Rights Reserved. +# +# The contents of this file are subject to the Erlang Public License, +# Version 1.1, (the "License"); you may not use this file except in +# compliance with the License. You should have received a copy of the +# Erlang Public License along with this software. If not, it can be +# retrieved online at http://www.erlang.org/. +# +# Software distributed under the License is distributed on an "AS IS" +# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See +# the License for the specific language governing rights and limitations +# under the License. +# +# %CopyrightEnd% +# + +include $(ERL_TOP)/make/target.mk +include $(ERL_TOP)/make/$(TARGET)/otp.mk + +# ---------------------------------------------------- +# Application version +# ---------------------------------------------------- +include ../vsn.mk +VSN=$(PUBLIC_KEY_VSN) + +# ---------------------------------------------------- +# Release directory specification +# ---------------------------------------------------- +RELSYSDIR = $(RELEASE_PATH)/lib/public_key-$(VSN) + +# ---------------------------------------------------- +# Common Macros +# ---------------------------------------------------- + +.SUFFIXES: .asn1 +.PRECIOUS: %.erl + +ASN_TOP = OTP-PUB-KEY +ASN_MODULES = PKIX1Explicit88 PKIX1Implicit88 PKIX1Algorithms88 \ + PKIXAttributeCertificate OTP-PKIX +ASN_ASNS = $(ASN_MODULES:%=%.asn1) +ASN_ERLS = $(ASN_TOP).erl +ASN_HRLS = $(ASN_TOP).hrl +ASN_CONFIGS = OTP-PUB-KEY.asn1config +ASN_DBS = $(ASN_MODULES:%=%.asn1db) OTP-PUB-KEY.asn1db +ASN_TABLES = $(ASN_MODULES:%=%.table) + +GEN_MODULES = +GEN_ERLS = $(GEN_MODULES:%=%.erl) +ERL_MODULES = $(ASN_TOP) $(GEN_MODULES) + +TARGET_FILES= $(ERL_MODULES:%=$(EBIN)/%.$(EMULATOR)) + +HRL_FILES = $(ASN_HRLS:%=$(INCLUDE)/%) + +INCLUDE = ../include +EBIN = ../ebin + +# ---------------------------------------------------- +# FLAGS +# ---------------------------------------------------- +EXTRA_ERLC_FLAGS = +ERL_COMPILE_FLAGS += $(EXTRA_ERLC_FLAGS) + +ASN_FLAGS = -bber_bin +der +compact_bit_string +optimize +noobj +asn1config +inline + +# ---------------------------------------------------- +# Targets +# ---------------------------------------------------- + +debug opt: $(TARGET_FILES) $(HRL_FILES) + +clean: + -rm -f $(ASN_ERLS) $(GEN_ERLS) $(ASN_HRLS) $(HRL_FILES) $(ASN_DBS) \ + $(ASN_TABLES) $(TARGET_FILES) *.beam *~ + +docs: + +%.erl: %.set.asn + erlc $(ASN_FLAGS) $< + +$(HRL_FILES): $(ASN_HRLS) + cp -p $(ASN_HRLS) $(INCLUDE) + +# ---------------------------------------------------- +# Release Target +# ---------------------------------------------------- +include $(ERL_TOP)/make/otp_release_targets.mk + +release_spec: opt + $(INSTALL_DIR) $(RELSYSDIR)/include + $(INSTALL_DATA) $(HRL_FILES) $(RELSYSDIR)/include + $(INSTALL_DIR) $(RELSYSDIR)/asn1 + $(INSTALL_DATA) $(ASN_ASNS) $(ASN_ERLS) $(ASN_HRLS) $(ASN_CONFIGS) \ + $(GEN_ERLS) $(RELSYSDIR)/asn1 + $(INSTALL_DIR) $(RELSYSDIR)/ebin + $(INSTALL_DATA) $(TARGET_FILES) $(RELSYSDIR)/ebin + +release_docs_spec: + +# +# Dependencies + +$(EBIN)/OTP-PUB-KEY.beam: OTP-PUB-KEY.erl OTP-PUB-KEY.hrl +OTP-PUB-KEY.erl OTP-PUB-KEY.hrl: OTP-PUB-KEY.asn1db +OTP-PUB-KEY.asn1db: PKIX1Algorithms88.asn1 \ + PKIX1Explicit88.asn1 \ + PKIX1Implicit88.asn1 \ + PKIXAttributeCertificate.asn1 \ + OTP-PKIX.asn1 diff --git a/lib/public_key/asn1/OTP-PKIX.asn1 b/lib/public_key/asn1/OTP-PKIX.asn1 new file mode 100644 index 0000000000..2bcacc0990 --- /dev/null +++ b/lib/public_key/asn1/OTP-PKIX.asn1 @@ -0,0 +1,709 @@ +OTP-PKIX {iso(1) identified-organization(3) dod(6) internet(1) + private(4) enterprices(1) ericsson(193) otp(19) ssl(10) + pkix1(1)} + +DEFINITIONS EXPLICIT TAGS ::= + +BEGIN + +-- EXPORTS ALL + +IMPORTS + -- Certificate (parts of) + Version, + CertificateSerialNumber, + --AlgorithmIdentifier, + Validity, + UniqueIdentifier, + + -- AttribyteTypeAndValue + Name, + AttributeType, + id-at-name, + id-at-surname, + id-at-givenName, + id-at-initials, + id-at-generationQualifier, X520name, + id-at-commonName, X520CommonName, + id-at-localityName, X520LocalityName, + id-at-stateOrProvinceName, X520StateOrProvinceName, + id-at-organizationName, X520OrganizationName, + id-at-organizationalUnitName, X520OrganizationalUnitName, + id-at-title, X520Title, + id-at-dnQualifier, X520dnQualifier, + id-at-countryName, X520countryName, + id-at-serialNumber, X520SerialNumber, + id-at-pseudonym, X520Pseudonym, + id-domainComponent, DomainComponent, + id-emailAddress, EmailAddress, + + -- Extension Attributes + common-name, CommonName, + teletex-common-name, TeletexCommonName, + teletex-personal-name, TeletexPersonalName, + pds-name, PDSName, + physical-delivery-country-name, PhysicalDeliveryCountryName, + postal-code, PostalCode, + physical-delivery-office-name, PhysicalDeliveryOfficeName, + physical-delivery-office-number, PhysicalDeliveryOfficeNumber, + extension-OR-address-components, ExtensionORAddressComponents, + physical-delivery-personal-name, PhysicalDeliveryPersonalName, + physical-delivery-organization-name, PhysicalDeliveryOrganizationName, + extension-physical-delivery-address-components, + ExtensionPhysicalDeliveryAddressComponents, + unformatted-postal-address, UnformattedPostalAddress, + street-address, StreetAddress, + post-office-box-address, PostOfficeBoxAddress, + poste-restante-address, PosteRestanteAddress, + unique-postal-name, UniquePostalName, + local-postal-attributes, LocalPostalAttributes, + extended-network-address, ExtendedNetworkAddress, + terminal-type, TerminalType, + teletex-domain-defined-attributes, TeletexDomainDefinedAttributes + + FROM PKIX1Explicit88 { iso(1) identified-organization(3) dod(6) + internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) + id-pkix1-explicit(18) } + + -- Extensions + id-ce-authorityKeyIdentifier, AuthorityKeyIdentifier, + id-ce-subjectKeyIdentifier, SubjectKeyIdentifier, + id-ce-keyUsage, KeyUsage, + id-ce-privateKeyUsagePeriod, PrivateKeyUsagePeriod, + id-ce-certificatePolicies, CertificatePolicies, + id-ce-policyMappings, PolicyMappings, + id-ce-subjectAltName, SubjectAltName, + id-ce-issuerAltName, IssuerAltName, + id-ce-subjectDirectoryAttributes, SubjectDirectoryAttributes, + id-ce-basicConstraints, BasicConstraints, + id-ce-nameConstraints, NameConstraints, + id-ce-policyConstraints, PolicyConstraints, + id-ce-cRLDistributionPoints, CRLDistributionPoints, + id-ce-extKeyUsage, ExtKeyUsageSyntax, + id-ce-inhibitAnyPolicy, InhibitAnyPolicy, + id-ce-freshestCRL, FreshestCRL, + id-pe-authorityInfoAccess, AuthorityInfoAccessSyntax, + id-pe-subjectInfoAccess, SubjectInfoAccessSyntax, + id-ce-cRLNumber, CRLNumber, + id-ce-issuingDistributionPoint, IssuingDistributionPoint, + id-ce-deltaCRLIndicator, BaseCRLNumber, + id-ce-cRLReasons, CRLReason, + id-ce-certificateIssuer, CertificateIssuer, + id-ce-holdInstructionCode, HoldInstructionCode, + id-ce-invalidityDate, InvalidityDate + + FROM PKIX1Implicit88 { iso(1) identified-organization(3) dod(6) + internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) + id-pkix1-implicit(19) } + + --Keys and Signatures + id-dsa, Dss-Parms, DSAPublicKey, + id-dsa-with-sha1, + md2WithRSAEncryption, + md5WithRSAEncryption, + sha1WithRSAEncryption, + rsaEncryption, RSAPublicKey, + dhpublicnumber, DomainParameters, DHPublicKey, + id-keyExchangeAlgorithm, KEA-Parms-Id, --KEA-PublicKey, + ecdsa-with-SHA1, + prime-field, Prime-p, + characteristic-two-field, --Characteristic-two, + gnBasis, + tpBasis, Trinomial, + ppBasis, Pentanomial, + id-ecPublicKey, EcpkParameters, ECPoint + FROM PKIX1Algorithms88 { iso(1) identified-organization(3) dod(6) + internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) + id-mod-pkix1-algorithms(17) }; + +-- +-- Certificate +-- + +OTPCertificate ::= SEQUENCE { + tbsCertificate OTPTBSCertificate, + signatureAlgorithm SignatureAlgorithm, + signature BIT STRING } + +OTPTBSCertificate ::= SEQUENCE { + version [0] Version DEFAULT v1, + serialNumber CertificateSerialNumber, + signature SignatureAlgorithm, + issuer Name, + validity Validity, + subject Name, + subjectPublicKeyInfo OTPSubjectPublicKeyInfo, + issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, + -- If present, version MUST be v2 or v3 + subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, + -- If present, version MUST be v2 or v3 + extensions [3] Extensions OPTIONAL + -- If present, version MUST be v3 -- } + + +-- Attribute type and values +-- + +ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= CLASS { + &id AttributeType UNIQUE, + &Type } + WITH SYNTAX { + ID &id + TYPE &Type } + +OTPAttributeTypeAndValue ::= SEQUENCE { + type ATTRIBUTE-TYPE-AND-VALUE-CLASS.&id + ({SupportedAttributeTypeAndValues}), + value ATTRIBUTE-TYPE-AND-VALUE-CLASS.&Type + ({SupportedAttributeTypeAndValues}{@type}) } + +SupportedAttributeTypeAndValues ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= + { name | surname | givenName | initials | generationQualifier | + commonName | localityName | stateOrProvinceName | organizationName | + organizationalUnitName | title | dnQualifier | countryName | + serialNumber | pseudonym | domainComponent | emailAddress } + +name ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-name + TYPE X520name } + +surname ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-surname + TYPE X520name } + +givenName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-givenName + TYPE X520name } + +initials ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-initials + TYPE X520name } + +generationQualifier ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-generationQualifier + TYPE X520name } + +commonName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-commonName + TYPE X520CommonName } + +localityName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-localityName + TYPE X520LocalityName } + +stateOrProvinceName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-stateOrProvinceName + TYPE X520StateOrProvinceName } + +organizationName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-organizationName + TYPE X520OrganizationName } + +organizationalUnitName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-organizationalUnitName + TYPE X520OrganizationalUnitName } + +title ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-title + TYPE X520Title } + +dnQualifier ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-dnQualifier + TYPE X520dnQualifier } + +countryName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-countryName + TYPE X520countryName } + +serialNumber ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-serialNumber + TYPE X520SerialNumber } + +pseudonym ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-at-pseudonym + TYPE X520Pseudonym } + +domainComponent ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-domainComponent + TYPE DomainComponent } + +emailAddress ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { + ID id-emailAddress + TYPE EmailAddress } + +-- +-- Signature and Public Key Algorithms +-- + +OTPOLDSubjectPublicKeyInfo ::= SEQUENCE { + algorithm SEQUENCE { + algo PUBLIC-KEY-ALGORITHM-CLASS.&id + ({SupportedPublicKeyAlgorithms}), + parameters PUBLIC-KEY-ALGORITHM-CLASS.&Type + ({SupportedPublicKeyAlgorithms}{@.algo}) + OPTIONAL + }, + subjectPublicKey PUBLIC-KEY-ALGORITHM-CLASS.&PublicKeyType + ({SupportedPublicKeyAlgorithms}{@algorithm.algo}) } + +OTPSubjectPublicKeyInfo ::= SEQUENCE { + algorithm PublicKeyAlgorithm, + subjectPublicKey BIT STRING } + + +-- The following is needed for conversion of SubjectPublicKeyInfo. + +OTPSubjectPublicKeyInfo-Any ::= SEQUENCE { + algorithm PublicKeyAlgorithm, + subjectPublicKey ANY } + + +SIGNATURE-ALGORITHM-CLASS ::= CLASS { + &id OBJECT IDENTIFIER UNIQUE, + &Type OPTIONAL } + WITH SYNTAX { + ID &id + [TYPE &Type] } + +PUBLIC-KEY-ALGORITHM-CLASS ::= CLASS { + &id OBJECT IDENTIFIER UNIQUE, + &Type OPTIONAL, + &PublicKeyType OPTIONAL } + WITH SYNTAX { + ID &id + [TYPE &Type] + [PUBLIC-KEY-TYPE &PublicKeyType] } + +SignatureAlgorithm ::= SEQUENCE { + algorithm SIGNATURE-ALGORITHM-CLASS.&id + ({SupportedSignatureAlgorithms}), + parameters SIGNATURE-ALGORITHM-CLASS.&Type + ({SupportedSignatureAlgorithms}{@algorithm}) + OPTIONAL } + +SignatureAlgorithm-Any ::= SEQUENCE { + algorithm OBJECT IDENTIFIER, + parameters ANY OPTIONAL } + +PublicKeyAlgorithm ::= SEQUENCE { + algorithm PUBLIC-KEY-ALGORITHM-CLASS.&id + ({SupportedPublicKeyAlgorithms}), + parameters PUBLIC-KEY-ALGORITHM-CLASS.&Type + ({SupportedPublicKeyAlgorithms}{@algorithm}) + OPTIONAL } + +SupportedSignatureAlgorithms SIGNATURE-ALGORITHM-CLASS ::= { + dsa-with-sha1 | md2-with-rsa-encryption | + md5-with-rsa-encryption | sha1-with-rsa-encryption | + ecdsa-with-sha1 } + +SupportedPublicKeyAlgorithms PUBLIC-KEY-ALGORITHM-CLASS ::= { + dsa | rsa-encryption | dh | kea | ec-public-key } + + -- DSA Keys and Signatures + + -- SubjectPublicKeyInfo: + + dsa PUBLIC-KEY-ALGORITHM-CLASS ::= { + ID id-dsa + TYPE Dss-Parms -- XXX Must be OPTIONAL + PUBLIC-KEY-TYPE DSAPublicKey } + + -- Certificate.signatureAlgorithm + + dsa-with-sha1 SIGNATURE-ALGORITHM-CLASS ::= { + ID id-dsa-with-sha1 + TYPE NULL } -- XXX Must be empty and not NULL + + -- + -- RSA Keys and Signatures + -- + + -- Certificate.signatureAlgorithm + + md2-with-rsa-encryption SIGNATURE-ALGORITHM-CLASS ::= { + ID md2WithRSAEncryption + TYPE NULL } + + md5-with-rsa-encryption SIGNATURE-ALGORITHM-CLASS ::= { + ID md5WithRSAEncryption + TYPE NULL } + + sha1-with-rsa-encryption SIGNATURE-ALGORITHM-CLASS ::= { + ID sha1WithRSAEncryption + TYPE NULL } + + -- Certificate.signature + -- See PKCS #1 (RFC 2313). XXX + + -- SubjectPublicKeyInfo: + + rsa-encryption PUBLIC-KEY-ALGORITHM-CLASS ::= { + ID rsaEncryption + TYPE NULL + PUBLIC-KEY-TYPE RSAPublicKey } + + -- + -- Diffie-Hellman Keys + -- + + -- SubjectPublicKeyInfo: + + dh PUBLIC-KEY-ALGORITHM-CLASS ::= { + ID dhpublicnumber + TYPE DomainParameters + PUBLIC-KEY-TYPE DHPublicKey } + + -- There are no Diffie-Hellman signature algorithms + + -- + -- KEA Keys + -- + + -- SubjectPublicKeyInfo: + + KEA-PublicKey ::= INTEGER + + kea PUBLIC-KEY-ALGORITHM-CLASS ::= { + ID id-keyExchangeAlgorithm + TYPE KEA-Parms-Id + PUBLIC-KEY-TYPE KEA-PublicKey } + + -- There are no KEA signature algorithms + + -- + -- Elliptic Curve Keys, Signatures, and Curves + -- + + -- Certificate.signatureAlgorithm + + ecdsa-with-sha1 SIGNATURE-ALGORITHM-CLASS ::= { + ID ecdsa-with-SHA1 + TYPE NULL } -- XXX Must be empty and not NULL + + FIELD-ID-CLASS ::= CLASS { + &id OBJECT IDENTIFIER UNIQUE, + &Type } + WITH SYNTAX { + ID &id + TYPE &Type } + + OTPFieldID ::= SEQUENCE { -- Finite field + fieldType FIELD-ID-CLASS.&id({SupportedFieldIds}), + parameters FIELD-ID-CLASS.&Type({SupportedFieldIds}{@fieldType}) } + + SupportedFieldIds FIELD-ID-CLASS ::= { + field-prime-field | field-characteristic-two } + + field-prime-field FIELD-ID-CLASS ::= { + ID prime-field + TYPE Prime-p } + + CHARACTERISTIC-TWO-CLASS ::= CLASS { + &id OBJECT IDENTIFIER UNIQUE, + &Type } + WITH SYNTAX { + ID &id + TYPE &Type } + + OTPCharacteristic-two ::= SEQUENCE { -- Finite field + m INTEGER, -- Field size 2^m + basis CHARACTERISTIC-TWO-CLASS.&id({SupportedCharacteristicTwos}), + parameters CHARACTERISTIC-TWO-CLASS.&Type + ({SupportedCharacteristicTwos}{@basis}) } + + SupportedCharacteristicTwos CHARACTERISTIC-TWO-CLASS ::= { + gn-basis | tp-basis | pp-basis } + + field-characteristic-two FIELD-ID-CLASS ::= { + ID characteristic-two-field + TYPE Characteristic-two } + + gn-basis CHARACTERISTIC-TWO-CLASS ::= { + ID gnBasis + TYPE NULL } + + tp-basis CHARACTERISTIC-TWO-CLASS ::= { + ID tpBasis + TYPE Trinomial } + + pp-basis CHARACTERISTIC-TWO-CLASS ::= { + ID ppBasis + TYPE Pentanomial } + + -- SubjectPublicKeyInfo.algorithm + + ec-public-key PUBLIC-KEY-ALGORITHM-CLASS ::= { + ID id-ecPublicKey + TYPE EcpkParameters + PUBLIC-KEY-TYPE ECPoint } + +-- +-- Extension Attributes +-- + +EXTENSION-ATTRIBUTE-CLASS ::= CLASS { + &id INTEGER UNIQUE, + &Type } + WITH SYNTAX { + ID &id + TYPE &Type } + +OTPExtensionAttributes ::= SET SIZE (1..MAX) OF ExtensionAttribute + +-- XXX Below we should have extension-attribute-type and extension- +-- attribute-value but Erlang ASN1 does not like it. +OTPExtensionAttribute ::= SEQUENCE { + extensionAttributeType [0] IMPLICIT EXTENSION-ATTRIBUTE-CLASS.&id + ({SupportedExtensionAttributes}), + extensionAttributeValue [1] EXTENSION-ATTRIBUTE-CLASS.&Type + ({SupportedExtensionAttributes}{@extensionAttributeType}) } + +SupportedExtensionAttributes EXTENSION-ATTRIBUTE-CLASS ::= { + x400-common-name | + x400-teletex-common-name | + x400-teletex-personal-name | + x400-pds-name | + x400-physical-delivery-country-name | + x400-postal-code | + x400-physical-delivery-office-name | + x400-physical-delivery-office-number | + x400-extension-OR-address-components | + x400-physical-delivery-personal-name | + x400-physical-delivery-organization-name | + x400-extension-physical-delivery-address-components | + x400-unformatted-postal-address | + x400-street-address | + x400-post-office-box-address | + x400-poste-restante-address | + x400-unique-postal-name | + x400-local-postal-attributes | + x400-extended-network-address | + x400-terminal-type | + x400-teletex-domain-defined-attributes } + +-- Extension types and attribute values + +x400-common-name EXTENSION-ATTRIBUTE-CLASS ::= { + ID common-name + TYPE CommonName } + +x400-teletex-common-name EXTENSION-ATTRIBUTE-CLASS ::= { + ID teletex-common-name + TYPE TeletexCommonName } + +x400-teletex-personal-name EXTENSION-ATTRIBUTE-CLASS ::= { + ID teletex-personal-name + TYPE TeletexPersonalName } + +x400-pds-name EXTENSION-ATTRIBUTE-CLASS ::= { + ID pds-name + TYPE PDSName } + +x400-physical-delivery-country-name EXTENSION-ATTRIBUTE-CLASS ::= { + ID physical-delivery-country-name + TYPE PhysicalDeliveryCountryName } + +x400-postal-code EXTENSION-ATTRIBUTE-CLASS ::= { + ID postal-code + TYPE PostalCode } + +x400-physical-delivery-office-name EXTENSION-ATTRIBUTE-CLASS ::= { + ID physical-delivery-office-name + TYPE PhysicalDeliveryOfficeName } + +x400-physical-delivery-office-number EXTENSION-ATTRIBUTE-CLASS ::= { + ID physical-delivery-office-number + TYPE PhysicalDeliveryOfficeNumber } + +x400-extension-OR-address-components EXTENSION-ATTRIBUTE-CLASS ::= { + ID extension-OR-address-components + TYPE ExtensionORAddressComponents } + +x400-physical-delivery-personal-name EXTENSION-ATTRIBUTE-CLASS ::= { + ID physical-delivery-personal-name + TYPE PhysicalDeliveryPersonalName } + +x400-physical-delivery-organization-name EXTENSION-ATTRIBUTE-CLASS ::= { + ID physical-delivery-organization-name + TYPE PhysicalDeliveryOrganizationName } + +x400-extension-physical-delivery-address-components + EXTENSION-ATTRIBUTE-CLASS ::= { + ID extension-physical-delivery-address-components + TYPE ExtensionPhysicalDeliveryAddressComponents } + +x400-unformatted-postal-address EXTENSION-ATTRIBUTE-CLASS ::= { + ID unformatted-postal-address + TYPE UnformattedPostalAddress } + +x400-street-address EXTENSION-ATTRIBUTE-CLASS ::= { + ID street-address + TYPE StreetAddress } + +x400-post-office-box-address EXTENSION-ATTRIBUTE-CLASS ::= { + ID post-office-box-address + TYPE PostOfficeBoxAddress } + +x400-poste-restante-address EXTENSION-ATTRIBUTE-CLASS ::= { + ID poste-restante-address + TYPE PosteRestanteAddress } + +x400-unique-postal-name EXTENSION-ATTRIBUTE-CLASS ::= { + ID unique-postal-name + TYPE UniquePostalName } + +x400-local-postal-attributes EXTENSION-ATTRIBUTE-CLASS ::= { + ID local-postal-attributes + TYPE LocalPostalAttributes } + +x400-extended-network-address EXTENSION-ATTRIBUTE-CLASS ::= { + ID extended-network-address + TYPE ExtendedNetworkAddress } + +x400-terminal-type EXTENSION-ATTRIBUTE-CLASS ::= { + ID terminal-type + TYPE TerminalType } + +x400-teletex-domain-defined-attributes EXTENSION-ATTRIBUTE-CLASS ::= { + ID teletex-domain-defined-attributes + TYPE TeletexDomainDefinedAttributes } + +-- Extensions + +OTPExtensions ::= SEQUENCE SIZE (1..MAX) OF Extension + +EXTENSION-CLASS ::= CLASS { + &id OBJECT IDENTIFIER UNIQUE, + &Type OPTIONAL} + WITH SYNTAX { + ID &id + [TYPE &Type] } + +OTPExtension ::= SEQUENCE { + extnID EXTENSION-CLASS.&id({SupportedExtensions}), + critical BOOLEAN DEFAULT FALSE, + extnValue EXTENSION-CLASS.&Type({SupportedExtensions}{@extnID}) } + +-- The following is needed for conversion between Extension and Extension-Cd + +ObjId ::= OBJECT IDENTIFIER +Boolean ::= BOOLEAN +Any ::= ANY + +Extension-Any ::= SEQUENCE { + extnID OBJECT IDENTIFIER, + critical BOOLEAN DEFAULT FALSE, + extnValue ANY } + +SupportedExtensions EXTENSION-CLASS ::= { authorityKeyIdentifier | + subjectKeyIdentifier | keyUsage | privateKeyUsagePeriod | + certificatePolicies | policyMappings | subjectAltName | + issuerAltName | subjectDirectoryAttributes | basicConstraints | + nameConstraints | policyConstraints | cRLDistributionPoints | + extKeyUsage | inhibitAnyPolicy | freshestCRL | authorityInfoAccess | + subjectInfoAccess | cRLNumber | issuingDistributionPoint | + deltaCRLIndicator | cRLReasons | certificateIssuer | + holdInstructionCode | invalidityDate } + +authorityKeyIdentifier EXTENSION-CLASS ::= { + ID id-ce-authorityKeyIdentifier + TYPE AuthorityKeyIdentifier } + +subjectKeyIdentifier EXTENSION-CLASS ::= { + ID id-ce-subjectKeyIdentifier + TYPE SubjectKeyIdentifier } + +keyUsage EXTENSION-CLASS ::= { + ID id-ce-keyUsage + TYPE KeyUsage } + +privateKeyUsagePeriod EXTENSION-CLASS ::= { + ID id-ce-privateKeyUsagePeriod + TYPE PrivateKeyUsagePeriod } + +certificatePolicies EXTENSION-CLASS ::= { + ID id-ce-certificatePolicies + TYPE CertificatePolicies } + +policyMappings EXTENSION-CLASS ::= { + ID id-ce-policyMappings + TYPE PolicyMappings } + +subjectAltName EXTENSION-CLASS ::= { + ID id-ce-subjectAltName + TYPE SubjectAltName } + +issuerAltName EXTENSION-CLASS ::= { + ID id-ce-issuerAltName + TYPE IssuerAltName } + +subjectDirectoryAttributes EXTENSION-CLASS ::= { + ID id-ce-subjectDirectoryAttributes + TYPE SubjectDirectoryAttributes } + +basicConstraints EXTENSION-CLASS ::= { + ID id-ce-basicConstraints + TYPE BasicConstraints } + +nameConstraints EXTENSION-CLASS ::= { + ID id-ce-nameConstraints + TYPE NameConstraints } + +policyConstraints EXTENSION-CLASS ::= { + ID id-ce-policyConstraints + TYPE PolicyConstraints } + +cRLDistributionPoints EXTENSION-CLASS ::= { + ID id-ce-cRLDistributionPoints + TYPE CRLDistributionPoints } + +extKeyUsage EXTENSION-CLASS ::= { + ID id-ce-extKeyUsage + TYPE ExtKeyUsageSyntax } + +inhibitAnyPolicy EXTENSION-CLASS ::= { + ID id-ce-inhibitAnyPolicy + TYPE InhibitAnyPolicy } + +freshestCRL EXTENSION-CLASS ::= { + ID id-ce-freshestCRL + TYPE FreshestCRL } + +authorityInfoAccess EXTENSION-CLASS ::= { + ID id-pe-authorityInfoAccess + TYPE AuthorityInfoAccessSyntax } + +subjectInfoAccess EXTENSION-CLASS ::= { + ID id-pe-subjectInfoAccess + TYPE SubjectInfoAccessSyntax } + +cRLNumber EXTENSION-CLASS ::= { + ID id-ce-cRLNumber + TYPE CRLNumber } + +issuingDistributionPoint EXTENSION-CLASS ::= { + ID id-ce-issuingDistributionPoint + TYPE IssuingDistributionPoint } + +deltaCRLIndicator EXTENSION-CLASS ::= { + ID id-ce-deltaCRLIndicator + TYPE BaseCRLNumber } + +cRLReasons EXTENSION-CLASS ::= { + ID id-ce-cRLReasons + TYPE CRLReason } + +certificateIssuer EXTENSION-CLASS ::= { + ID id-ce-certificateIssuer + TYPE CertificateIssuer } + +holdInstructionCode EXTENSION-CLASS ::= { + ID id-ce-holdInstructionCode + TYPE HoldInstructionCode } + +invalidityDate EXTENSION-CLASS ::= { + ID id-ce-invalidityDate + TYPE InvalidityDate } + +END diff --git a/lib/public_key/asn1/OTP-PUB-KEY.asn1config b/lib/public_key/asn1/OTP-PUB-KEY.asn1config new file mode 100644 index 0000000000..86f4c54748 --- /dev/null +++ b/lib/public_key/asn1/OTP-PUB-KEY.asn1config @@ -0,0 +1,2 @@ +{exclusive_decode,{'OTP-PUB-KEY', + [{decode_TBSCert_exclusive,['Certificate',[{tbsCertificate,undecoded}]]}]}}. diff --git a/lib/public_key/asn1/OTP-PUB-KEY.set.asn b/lib/public_key/asn1/OTP-PUB-KEY.set.asn new file mode 100644 index 0000000000..2f9ccd6b0e --- /dev/null +++ b/lib/public_key/asn1/OTP-PUB-KEY.set.asn @@ -0,0 +1,7 @@ +OTP-PKIX.asn1 +PKIX1Explicit88.asn1 +PKIX1Implicit88.asn1 +PKIXAttributeCertificate.asn1 +PKIX1Algorithms88.asn1 +PKCS-1.asn1 +DSS.asn1 diff --git a/lib/public_key/asn1/PKCS-1.asn1 b/lib/public_key/asn1/PKCS-1.asn1 new file mode 100755 index 0000000000..b06f5efa9d --- /dev/null +++ b/lib/public_key/asn1/PKCS-1.asn1 @@ -0,0 +1,116 @@ +PKCS-1 { + iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) + modules(0) pkcs-1(1) +} + +-- $Revision: 1.1 $ + +DEFINITIONS EXPLICIT TAGS ::= + +BEGIN + +--IMPORTS id-sha256, id-sha384, id-sha512 +-- FROM NIST-SHA2 { +-- joint-iso-itu-t(2) country(16) us(840) organization(1) +-- gov(101) csor(3) nistalgorithm(4) modules(0) sha2(1) +-- }; + +pkcs-1 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 +} + +rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } + +id-RSAES-OAEP OBJECT IDENTIFIER ::= { pkcs-1 7 } + +id-pSpecified OBJECT IDENTIFIER ::= { pkcs-1 9 } + +id-RSASSA-PSS OBJECT IDENTIFIER ::= { pkcs-1 10 } + +md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 } +md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 } +sha1WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 5 } +sha256WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 11 } +sha384WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 12 } +sha512WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 13 } + +id-sha1 OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) oiw(14) secsig(3) + algorithms(2) 26 +} + +id-md2 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 +} + +id-md5 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 +} + +id-mgf1 OBJECT IDENTIFIER ::= { pkcs-1 8 } + + +RSAPublicKey ::= SEQUENCE { + modulus INTEGER, -- n + publicExponent INTEGER -- e +} + +RSAPrivateKey ::= SEQUENCE { + version Version, + modulus INTEGER, -- n + publicExponent INTEGER, -- e + privateExponent INTEGER, -- d + prime1 INTEGER, -- p + prime2 INTEGER, -- q + exponent1 INTEGER, -- d mod (p-1) + exponent2 INTEGER, -- d mod (q-1) + coefficient INTEGER, -- (inverse of q) mod p + otherPrimeInfos OtherPrimeInfos OPTIONAL +} + +Version ::= INTEGER { two-prime(0), multi(1) } + (CONSTRAINED BY { + -- version must be multi if otherPrimeInfos present -- + }) + +OtherPrimeInfos ::= SEQUENCE SIZE(1..MAX) OF OtherPrimeInfo + +OtherPrimeInfo ::= SEQUENCE { + prime INTEGER, -- ri + exponent INTEGER, -- di + coefficient INTEGER -- ti +} + +Algorithm ::= SEQUENCE { + algorithm OBJECT IDENTIFIER, + parameters ANY DEFINED BY algorithm OPTIONAL +} + +AlgorithmNull ::= SEQUENCE { + algorithm OBJECT IDENTIFIER, + parameters NULL +} + + +RSASSA-PSS-params ::= SEQUENCE { + hashAlgorithm [0] Algorithm, -- DEFAULT sha1, + maskGenAlgorithm [1] Algorithm, -- DEFAULT mgf1SHA1, + saltLength [2] INTEGER DEFAULT 20, + trailerField [3] TrailerField DEFAULT trailerFieldBC +} + +TrailerField ::= INTEGER { trailerFieldBC(1) } + +DigestInfo ::= SEQUENCE { + digestAlgorithm Algorithm, + digest OCTET STRING +} + +DigestInfoNull ::= SEQUENCE { + digestAlgorithm AlgorithmNull, + digest OCTET STRING +} + + +END -- PKCS1Definitions + diff --git a/lib/public_key/asn1/PKIX1Algorithms88.asn1 b/lib/public_key/asn1/PKIX1Algorithms88.asn1 new file mode 100644 index 0000000000..f895b6d0cd --- /dev/null +++ b/lib/public_key/asn1/PKIX1Algorithms88.asn1 @@ -0,0 +1,235 @@ + PKIX1Algorithms88 { iso(1) identified-organization(3) dod(6) + internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) + id-mod-pkix1-algorithms(17) } + + DEFINITIONS EXPLICIT TAGS ::= BEGIN + + -- EXPORTS All; + + -- IMPORTS NONE; + + -- + -- One-way Hash Functions + -- md2, md5, id-sha1 see PKCS-1 + + -- + -- DSA Keys and Signatures + -- + + -- OID for DSA public key + + id-dsa OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 } + + -- encoding for DSA public key + + DSAPublicKey ::= INTEGER -- public key, y + + Dss-Parms ::= SEQUENCE { + p INTEGER, + q INTEGER, + g INTEGER } + + -- OID for DSA signature generated with SHA-1 hash + + id-dsa-with-sha1 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) x9-57 (10040) x9algorithm(4) 3 } + + -- encoding for DSA signature generated with SHA-1 hash + + Dss-Sig-Value ::= SEQUENCE { + r INTEGER, + s INTEGER } + + -- + -- RSA Keys and Signatures, see PKCS-1 + -- + + -- + -- Diffie-Hellman Keys + -- + + dhpublicnumber OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) ansi-x942(10046) + number-type(2) 1 } + + -- encoding for DSA public key + + DHPublicKey ::= INTEGER -- public key, y = g^x mod p + + DomainParameters ::= SEQUENCE { + p INTEGER, -- odd prime, p=jq +1 + g INTEGER, -- generator, g + q INTEGER, -- factor of p-1 + j INTEGER OPTIONAL, -- subgroup factor, j>= 2 + validationParms ValidationParms OPTIONAL } + + ValidationParms ::= SEQUENCE { + seed BIT STRING, + pgenCounter INTEGER } + + -- + -- KEA Keys + -- + + id-keyExchangeAlgorithm OBJECT IDENTIFIER ::= + { 2 16 840 1 101 2 1 1 22 } + + KEA-Parms-Id ::= OCTET STRING + + -- + -- Elliptic Curve Keys, Signatures, and Curves + -- + + ansi-X9-62 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) 10045 } + + FieldID ::= SEQUENCE { -- Finite field + fieldType OBJECT IDENTIFIER, + parameters ANY DEFINED BY fieldType } + + -- Arc for ECDSA signature OIDS + + id-ecSigType OBJECT IDENTIFIER ::= { ansi-X9-62 signatures(4) } + + -- OID for ECDSA signatures with SHA-1 + + ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { id-ecSigType 1 } + + -- OID for an elliptic curve signature + -- format for the value of an ECDSA signature value + + ECDSA-Sig-Value ::= SEQUENCE { + r INTEGER, + s INTEGER } + + -- recognized field type OIDs are defined in the following arc + + id-fieldType OBJECT IDENTIFIER ::= { ansi-X9-62 fieldType(1) } + + -- where fieldType is prime-field, the parameters are of type Prime-p + + prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 } + + Prime-p ::= INTEGER -- Finite field F(p), where p is an odd prime + + -- where fieldType is characteristic-two-field, the parameters are + -- of type Characteristic-two + + characteristic-two-field OBJECT IDENTIFIER ::= { id-fieldType 2 } + + Characteristic-two ::= SEQUENCE { + m INTEGER, -- Field size 2^m + basis OBJECT IDENTIFIER, + parameters ANY DEFINED BY basis } + + -- recognized basis type OIDs are defined in the following arc + + id-characteristic-two-basis OBJECT IDENTIFIER ::= { + characteristic-two-field basisType(3) } + + -- gnbasis is identified by OID gnBasis and indicates + -- parameters are NULL + + gnBasis OBJECT IDENTIFIER ::= { id-characteristic-two-basis 1 } + + -- parameters for this basis are NULL + + -- trinomial basis is identified by OID tpBasis and indicates + -- parameters of type Pentanomial + + tpBasis OBJECT IDENTIFIER ::= { id-characteristic-two-basis 2 } + + -- Trinomial basis representation of F2^m + -- Integer k for reduction polynomial xm + xk + 1 + + Trinomial ::= INTEGER + + -- for pentanomial basis is identified by OID ppBasis and indicates + -- parameters of type Pentanomial + + ppBasis OBJECT IDENTIFIER ::= { id-characteristic-two-basis 3 } + + -- Pentanomial basis representation of F2^m + -- reduction polynomial integers k1, k2, k3 + -- f(x) = x**m + x**k3 + x**k2 + x**k1 + 1 + + Pentanomial ::= SEQUENCE { + k1 INTEGER, + k2 INTEGER, + k3 INTEGER } + + -- The object identifiers gnBasis, tpBasis and ppBasis name + -- three kinds of basis for characteristic-two finite fields + + FieldElement ::= OCTET STRING -- Finite field element + + ECPoint ::= OCTET STRING -- Elliptic curve point + + -- Elliptic Curve parameters may be specified explicitly, + -- specified implicitly through a "named curve", or + -- inherited from the CA + + EcpkParameters ::= CHOICE { + ecParameters ECParameters, + namedCurve OBJECT IDENTIFIER, + implicitlyCA NULL } + + ECParameters ::= SEQUENCE { -- Elliptic curve parameters + version ECPVer, + fieldID FieldID, + curve Curve, + base ECPoint, -- Base point G + order INTEGER, -- Order n of the base point + cofactor INTEGER OPTIONAL } -- The integer h = #E(Fq)/n + + ECPVer ::= INTEGER {ecpVer1(1)} + + Curve ::= SEQUENCE { + a FieldElement, -- Elliptic curve coefficient a + b FieldElement, -- Elliptic curve coefficient b + seed BIT STRING OPTIONAL } + + id-publicKeyType OBJECT IDENTIFIER ::= { ansi-X9-62 keyType(2) } + + id-ecPublicKey OBJECT IDENTIFIER ::= { id-publicKeyType 1 } + + -- Named Elliptic Curves in ANSI X9.62. + + ellipticCurve OBJECT IDENTIFIER ::= { ansi-X9-62 curves(3) } + + c-TwoCurve OBJECT IDENTIFIER ::= { + ellipticCurve characteristicTwo(0) } + + c2pnb163v1 OBJECT IDENTIFIER ::= { c-TwoCurve 1 } + c2pnb163v2 OBJECT IDENTIFIER ::= { c-TwoCurve 2 } + c2pnb163v3 OBJECT IDENTIFIER ::= { c-TwoCurve 3 } + c2pnb176w1 OBJECT IDENTIFIER ::= { c-TwoCurve 4 } + c2tnb191v1 OBJECT IDENTIFIER ::= { c-TwoCurve 5 } + c2tnb191v2 OBJECT IDENTIFIER ::= { c-TwoCurve 6 } + c2tnb191v3 OBJECT IDENTIFIER ::= { c-TwoCurve 7 } + c2onb191v4 OBJECT IDENTIFIER ::= { c-TwoCurve 8 } + c2onb191v5 OBJECT IDENTIFIER ::= { c-TwoCurve 9 } + c2pnb208w1 OBJECT IDENTIFIER ::= { c-TwoCurve 10 } + c2tnb239v1 OBJECT IDENTIFIER ::= { c-TwoCurve 11 } + c2tnb239v2 OBJECT IDENTIFIER ::= { c-TwoCurve 12 } + c2tnb239v3 OBJECT IDENTIFIER ::= { c-TwoCurve 13 } + c2onb239v4 OBJECT IDENTIFIER ::= { c-TwoCurve 14 } + c2onb239v5 OBJECT IDENTIFIER ::= { c-TwoCurve 15 } + c2pnb272w1 OBJECT IDENTIFIER ::= { c-TwoCurve 16 } + c2pnb304w1 OBJECT IDENTIFIER ::= { c-TwoCurve 17 } + c2tnb359v1 OBJECT IDENTIFIER ::= { c-TwoCurve 18 } + c2pnb368w1 OBJECT IDENTIFIER ::= { c-TwoCurve 19 } + c2tnb431r1 OBJECT IDENTIFIER ::= { c-TwoCurve 20 } + + primeCurve OBJECT IDENTIFIER ::= { ellipticCurve prime(1) } + + prime192v1 OBJECT IDENTIFIER ::= { primeCurve 1 } + prime192v2 OBJECT IDENTIFIER ::= { primeCurve 2 } + prime192v3 OBJECT IDENTIFIER ::= { primeCurve 3 } + prime239v1 OBJECT IDENTIFIER ::= { primeCurve 4 } + prime239v2 OBJECT IDENTIFIER ::= { primeCurve 5 } + prime239v3 OBJECT IDENTIFIER ::= { primeCurve 6 } + prime256v1 OBJECT IDENTIFIER ::= { primeCurve 7 } + + END diff --git a/lib/public_key/asn1/PKIX1Explicit88.asn1 b/lib/public_key/asn1/PKIX1Explicit88.asn1 new file mode 100644 index 0000000000..03e9da3e05 --- /dev/null +++ b/lib/public_key/asn1/PKIX1Explicit88.asn1 @@ -0,0 +1,619 @@ +PKIX1Explicit88 { iso(1) identified-organization(3) dod(6) internet(1) + security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit(18) } + +DEFINITIONS EXPLICIT TAGS ::= + +BEGIN + +-- EXPORTS ALL -- + +-- IMPORTS NONE -- + +-- UNIVERSAL Types defined in 1993 and 1998 ASN.1 +-- and required by this specification + +-- UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING + -- UniversalString is defined in ASN.1:1993 + +-- BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING + -- BMPString is the subtype of UniversalString and models + -- the Basic Multilingual Plane of ISO/IEC/ITU 10646-1 + +-- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING + -- The content of this type conforms to RFC 2279. + +-- PKIX specific OIDs + +id-pkix OBJECT IDENTIFIER ::= + { iso(1) identified-organization(3) dod(6) internet(1) + security(5) mechanisms(5) pkix(7) } + +-- PKIX arcs + +id-pe OBJECT IDENTIFIER ::= { id-pkix 1 } + -- arc for private certificate extensions +id-qt OBJECT IDENTIFIER ::= { id-pkix 2 } + -- arc for policy qualifier types +id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } + -- arc for extended key purpose OIDS +id-ad OBJECT IDENTIFIER ::= { id-pkix 48 } + -- arc for access descriptors + +-- policyQualifierIds for Internet policy qualifiers + +id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 } + -- OID for CPS qualifier +id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 } + -- OID for user notice qualifier + +-- access descriptor definitions + +id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 } +id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 } +id-ad-timeStamping OBJECT IDENTIFIER ::= { id-ad 3 } +id-ad-caRepository OBJECT IDENTIFIER ::= { id-ad 5 } + +-- attribute data types + +Attribute ::= SEQUENCE { + type AttributeType, + values SET OF AttributeValue } + -- at least one value is required + +AttributeType ::= OBJECT IDENTIFIER + +AttributeValue ::= ANY + +AttributeTypeAndValue ::= SEQUENCE { + type AttributeType, + value AttributeValue } + +-- suggested naming attributes: Definition of the following +-- information object set may be augmented to meet local +-- requirements. Note that deleting members of the set may +-- prevent interoperability with conforming implementations. +-- presented in pairs: the AttributeType followed by the +-- type definition for the corresponding AttributeValue +--Arc for standard naming attributes +id-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 } + +-- Naming attributes of type X520name + +id-at-name AttributeType ::= { id-at 41 } +id-at-surname AttributeType ::= { id-at 4 } +id-at-givenName AttributeType ::= { id-at 42 } +id-at-initials AttributeType ::= { id-at 43 } +id-at-generationQualifier AttributeType ::= { id-at 44 } + +X520name ::= CHOICE { + teletexString TeletexString (SIZE (1..ub-name)), + printableString PrintableString (SIZE (1..ub-name)), + universalString UniversalString (SIZE (1..ub-name)), + utf8String UTF8String (SIZE (1..ub-name)), + bmpString BMPString (SIZE (1..ub-name)) } + +-- Naming attributes of type X520CommonName + +id-at-commonName AttributeType ::= { id-at 3 } + +X520CommonName ::= CHOICE { + teletexString TeletexString (SIZE (1..ub-common-name)), + printableString PrintableString (SIZE (1..ub-common-name)), + universalString UniversalString (SIZE (1..ub-common-name)), + utf8String UTF8String (SIZE (1..ub-common-name)), + bmpString BMPString (SIZE (1..ub-common-name)) } + +-- Naming attributes of type X520LocalityName + +id-at-localityName AttributeType ::= { id-at 7 } + +X520LocalityName ::= CHOICE { + teletexString TeletexString (SIZE (1..ub-locality-name)), + printableString PrintableString (SIZE (1..ub-locality-name)), + universalString UniversalString (SIZE (1..ub-locality-name)), + utf8String UTF8String (SIZE (1..ub-locality-name)), + bmpString BMPString (SIZE (1..ub-locality-name)) } + +-- Naming attributes of type X520StateOrProvinceName + +id-at-stateOrProvinceName AttributeType ::= { id-at 8 } + +X520StateOrProvinceName ::= CHOICE { + teletexString TeletexString (SIZE (1..ub-state-name)), + printableString PrintableString (SIZE (1..ub-state-name)), + universalString UniversalString (SIZE (1..ub-state-name)), + utf8String UTF8String (SIZE (1..ub-state-name)), + bmpString BMPString (SIZE(1..ub-state-name)) } + +-- Naming attributes of type X520OrganizationName + +id-at-organizationName AttributeType ::= { id-at 10 } + +X520OrganizationName ::= CHOICE { + teletexString TeletexString + (SIZE (1..ub-organization-name)), + printableString PrintableString + (SIZE (1..ub-organization-name)), + universalString UniversalString + (SIZE (1..ub-organization-name)), + utf8String UTF8String + (SIZE (1..ub-organization-name)), + bmpString BMPString + (SIZE (1..ub-organization-name)) } + +-- Naming attributes of type X520OrganizationalUnitName + +id-at-organizationalUnitName AttributeType ::= { id-at 11 } + +X520OrganizationalUnitName ::= CHOICE { + teletexString TeletexString + (SIZE (1..ub-organizational-unit-name)), + printableString PrintableString + (SIZE (1..ub-organizational-unit-name)), + universalString UniversalString + (SIZE (1..ub-organizational-unit-name)), + utf8String UTF8String + (SIZE (1..ub-organizational-unit-name)), + bmpString BMPString + (SIZE (1..ub-organizational-unit-name)) } + +-- Naming attributes of type X520Title + +id-at-title AttributeType ::= { id-at 12 } + +X520Title ::= CHOICE { + teletexString TeletexString (SIZE (1..ub-title)), + printableString PrintableString (SIZE (1..ub-title)), + universalString UniversalString (SIZE (1..ub-title)), + utf8String UTF8String (SIZE (1..ub-title)), + bmpString BMPString (SIZE (1..ub-title)) } + +-- Naming attributes of type X520dnQualifier + +id-at-dnQualifier AttributeType ::= { id-at 46 } + +X520dnQualifier ::= PrintableString + +-- Naming attributes of type X520countryName (digraph from IS 3166) + +id-at-countryName AttributeType ::= { id-at 6 } + +X520countryName ::= PrintableString (SIZE (2)) + +-- Naming attributes of type X520SerialNumber + +id-at-serialNumber AttributeType ::= { id-at 5 } + +X520SerialNumber ::= PrintableString (SIZE (1..ub-serial-number)) + +-- Naming attributes of type X520Pseudonym + +id-at-pseudonym AttributeType ::= { id-at 65 } + +X520Pseudonym ::= CHOICE { + teletexString TeletexString (SIZE (1..ub-pseudonym)), + printableString PrintableString (SIZE (1..ub-pseudonym)), + universalString UniversalString (SIZE (1..ub-pseudonym)), + utf8String UTF8String (SIZE (1..ub-pseudonym)), + bmpString BMPString (SIZE (1..ub-pseudonym)) } + +-- Naming attributes of type DomainComponent (from RFC 2247) + +id-domainComponent AttributeType ::= + { 0 9 2342 19200300 100 1 25 } + +DomainComponent ::= IA5String + +-- Legacy attributes + +pkcs-9 OBJECT IDENTIFIER ::= + { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } + +id-emailAddress AttributeType ::= { pkcs-9 1 } + +EmailAddress ::= IA5String (SIZE (1..ub-emailaddress-length)) + +-- naming data types -- + +Name ::= CHOICE { -- only one possibility for now -- + rdnSequence RDNSequence } + +RDNSequence ::= SEQUENCE OF RelativeDistinguishedName + +DistinguishedName ::= RDNSequence + +RelativeDistinguishedName ::= + SET SIZE (1 .. MAX) OF AttributeTypeAndValue + +-- Directory string type -- + +DirectoryString ::= CHOICE { + teletexString TeletexString (SIZE (1..MAX)), + printableString PrintableString (SIZE (1..MAX)), + universalString UniversalString (SIZE (1..MAX)), + utf8String UTF8String (SIZE (1..MAX)), + bmpString BMPString (SIZE (1..MAX)) } + +-- certificate and CRL specific structures begin here + +Certificate ::= SEQUENCE { + tbsCertificate TBSCertificate, + signatureAlgorithm AlgorithmIdentifier, + signature BIT STRING } + +TBSCertificate ::= SEQUENCE { + version [0] Version DEFAULT v1, + serialNumber CertificateSerialNumber, + signature AlgorithmIdentifier, + issuer Name, + validity Validity, + subject Name, + subjectPublicKeyInfo SubjectPublicKeyInfo, + issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, + -- If present, version MUST be v2 or v3 + subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, + -- If present, version MUST be v2 or v3 + extensions [3] Extensions OPTIONAL + -- If present, version MUST be v3 -- } + +Version ::= INTEGER { v1(0), v2(1), v3(2) } + +CertificateSerialNumber ::= INTEGER + +Validity ::= SEQUENCE { + notBefore Time, + notAfter Time } + +Time ::= CHOICE { + utcTime UTCTime, + generalTime GeneralizedTime } + +UniqueIdentifier ::= BIT STRING + +SubjectPublicKeyInfo ::= SEQUENCE { + algorithm AlgorithmIdentifier, + subjectPublicKey BIT STRING } + +Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension + +Extension ::= SEQUENCE { + extnID OBJECT IDENTIFIER, + critical BOOLEAN DEFAULT FALSE, + extnValue OCTET STRING } + +-- CRL structures + +CertificateList ::= SEQUENCE { + tbsCertList TBSCertList, + signatureAlgorithm AlgorithmIdentifier, + signature BIT STRING } + +TBSCertList ::= SEQUENCE { + version Version OPTIONAL, + -- if present, MUST be v2 + signature AlgorithmIdentifier, + issuer Name, + thisUpdate Time, + nextUpdate Time OPTIONAL, + revokedCertificates SEQUENCE OF SEQUENCE { + userCertificate CertificateSerialNumber, + revocationDate Time, + crlEntryExtensions Extensions OPTIONAL + -- if present, MUST be v2 + } OPTIONAL, + crlExtensions [0] Extensions OPTIONAL } + -- if present, MUST be v2 + +-- Version, Time, CertificateSerialNumber, and Extensions were +-- defined earlier for use in the certificate structure + +AlgorithmIdentifier ::= SEQUENCE { + algorithm OBJECT IDENTIFIER, + parameters ANY DEFINED BY algorithm OPTIONAL } + -- contains a value of the type + -- registered for use with the + -- algorithm object identifier value + +-- X.400 address syntax starts here + +ORAddress ::= SEQUENCE { + built-in-standard-attributes BuiltInStandardAttributes, + built-in-domain-defined-attributes + BuiltInDomainDefinedAttributes OPTIONAL, + -- see also teletex-domain-defined-attributes + extension-attributes ExtensionAttributes OPTIONAL } + +-- Built-in Standard Attributes + +BuiltInStandardAttributes ::= SEQUENCE { + country-name CountryName OPTIONAL, + administration-domain-name AdministrationDomainName OPTIONAL, + network-address [0] IMPLICIT NetworkAddress OPTIONAL, + -- see also extended-network-address + terminal-identifier [1] IMPLICIT TerminalIdentifier OPTIONAL, + private-domain-name [2] PrivateDomainName OPTIONAL, + organization-name [3] IMPLICIT OrganizationName OPTIONAL, + -- see also teletex-organization-name + numeric-user-identifier [4] IMPLICIT NumericUserIdentifier + OPTIONAL, + personal-name [5] IMPLICIT PersonalName OPTIONAL, + -- see also teletex-personal-name + organizational-unit-names [6] IMPLICIT OrganizationalUnitNames + OPTIONAL } + -- see also teletex-organizational-unit-names + +CountryName ::= [APPLICATION 1] CHOICE { + x121-dcc-code NumericString + (SIZE (ub-country-name-numeric-length)), + iso-3166-alpha2-code PrintableString + (SIZE (ub-country-name-alpha-length)) } + +AdministrationDomainName ::= [APPLICATION 2] CHOICE { + numeric NumericString (SIZE (0..ub-domain-name-length)), + printable PrintableString (SIZE (0..ub-domain-name-length)) } + +NetworkAddress ::= X121Address -- see also extended-network-address + +X121Address ::= NumericString (SIZE (1..ub-x121-address-length)) + +TerminalIdentifier ::= PrintableString (SIZE +(1..ub-terminal-id-length)) + +PrivateDomainName ::= CHOICE { + numeric NumericString (SIZE (1..ub-domain-name-length)), + printable PrintableString (SIZE (1..ub-domain-name-length)) } + +OrganizationName ::= PrintableString + (SIZE (1..ub-organization-name-length)) + -- see also teletex-organization-name + +NumericUserIdentifier ::= NumericString + (SIZE (1..ub-numeric-user-id-length)) + +PersonalName ::= SET { + surname [0] IMPLICIT PrintableString + (SIZE (1..ub-surname-length)), + given-name [1] IMPLICIT PrintableString + (SIZE (1..ub-given-name-length)) OPTIONAL, + initials [2] IMPLICIT PrintableString + (SIZE (1..ub-initials-length)) OPTIONAL, + generation-qualifier [3] IMPLICIT PrintableString + (SIZE (1..ub-generation-qualifier-length)) + OPTIONAL } + -- see also teletex-personal-name + +OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units) + OF OrganizationalUnitName + -- see also teletex-organizational-unit-names + +OrganizationalUnitName ::= PrintableString (SIZE + (1..ub-organizational-unit-name-length)) + +-- Built-in Domain-defined Attributes + +BuiltInDomainDefinedAttributes ::= SEQUENCE SIZE + (1..ub-domain-defined-attributes) OF + BuiltInDomainDefinedAttribute + +BuiltInDomainDefinedAttribute ::= SEQUENCE { + type PrintableString (SIZE + (1..ub-domain-defined-attribute-type-length)), + value PrintableString (SIZE + (1..ub-domain-defined-attribute-value-length)) } + +-- Extension Attributes + +ExtensionAttributes ::= SET SIZE (1..ub-extension-attributes) OF + ExtensionAttribute + +ExtensionAttribute ::= SEQUENCE { + extension-attribute-type [0] IMPLICIT INTEGER + (0..ub-extension-attributes), + extension-attribute-value [1] + ANY DEFINED BY extension-attribute-type } + +-- Extension types and attribute values + +common-name INTEGER ::= 1 + +CommonName ::= PrintableString (SIZE (1..ub-common-name-length)) + +teletex-common-name INTEGER ::= 2 + +TeletexCommonName ::= TeletexString (SIZE (1..ub-common-name-length)) + +teletex-organization-name INTEGER ::= 3 + +TeletexOrganizationName ::= + TeletexString (SIZE (1..ub-organization-name-length)) + +teletex-personal-name INTEGER ::= 4 + +TeletexPersonalName ::= SET { + surname [0] IMPLICIT TeletexString + (SIZE (1..ub-surname-length)), + given-name [1] IMPLICIT TeletexString + (SIZE (1..ub-given-name-length)) OPTIONAL, + initials [2] IMPLICIT TeletexString + (SIZE (1..ub-initials-length)) OPTIONAL, + generation-qualifier [3] IMPLICIT TeletexString + (SIZE (1..ub-generation-qualifier-length)) + OPTIONAL } + +teletex-organizational-unit-names INTEGER ::= 5 + +TeletexOrganizationalUnitNames ::= SEQUENCE SIZE + (1..ub-organizational-units) OF TeletexOrganizationalUnitName + +TeletexOrganizationalUnitName ::= TeletexString + (SIZE (1..ub-organizational-unit-name-length)) + +pds-name INTEGER ::= 7 + +PDSName ::= PrintableString (SIZE (1..ub-pds-name-length)) + +physical-delivery-country-name INTEGER ::= 8 + +PhysicalDeliveryCountryName ::= CHOICE { + x121-dcc-code NumericString (SIZE +(ub-country-name-numeric-length)), + iso-3166-alpha2-code PrintableString + (SIZE (ub-country-name-alpha-length)) } + +postal-code INTEGER ::= 9 + +PostalCode ::= CHOICE { + numeric-code NumericString (SIZE (1..ub-postal-code-length)), + printable-code PrintableString (SIZE (1..ub-postal-code-length)) } + +physical-delivery-office-name INTEGER ::= 10 + +PhysicalDeliveryOfficeName ::= PDSParameter + +physical-delivery-office-number INTEGER ::= 11 + +PhysicalDeliveryOfficeNumber ::= PDSParameter + +extension-OR-address-components INTEGER ::= 12 + +ExtensionORAddressComponents ::= PDSParameter + +physical-delivery-personal-name INTEGER ::= 13 + +PhysicalDeliveryPersonalName ::= PDSParameter + +physical-delivery-organization-name INTEGER ::= 14 + +PhysicalDeliveryOrganizationName ::= PDSParameter + +extension-physical-delivery-address-components INTEGER ::= 15 + +ExtensionPhysicalDeliveryAddressComponents ::= PDSParameter + +unformatted-postal-address INTEGER ::= 16 + +UnformattedPostalAddress ::= SET { + printable-address SEQUENCE SIZE (1..ub-pds-physical-address-lines) + OF PrintableString (SIZE (1..ub-pds-parameter-length)) + OPTIONAL, + teletex-string TeletexString + (SIZE (1..ub-unformatted-address-length)) OPTIONAL } + +street-address INTEGER ::= 17 + +StreetAddress ::= PDSParameter + +post-office-box-address INTEGER ::= 18 + +PostOfficeBoxAddress ::= PDSParameter + +poste-restante-address INTEGER ::= 19 + +PosteRestanteAddress ::= PDSParameter + +unique-postal-name INTEGER ::= 20 + +UniquePostalName ::= PDSParameter + +local-postal-attributes INTEGER ::= 21 + +LocalPostalAttributes ::= PDSParameter + +PDSParameter ::= SET { + printable-string PrintableString + (SIZE(1..ub-pds-parameter-length)) OPTIONAL, + teletex-string TeletexString + (SIZE(1..ub-pds-parameter-length)) OPTIONAL } + +extended-network-address INTEGER ::= 22 + +ExtendedNetworkAddress ::= CHOICE { + e163-4-address SEQUENCE { + number [0] IMPLICIT NumericString + (SIZE (1..ub-e163-4-number-length)), + sub-address [1] IMPLICIT NumericString + (SIZE (1..ub-e163-4-sub-address-length)) + OPTIONAL }, + psap-address [0] IMPLICIT PresentationAddress } + +PresentationAddress ::= SEQUENCE { + pSelector [0] EXPLICIT OCTET STRING OPTIONAL, + sSelector [1] EXPLICIT OCTET STRING OPTIONAL, + tSelector [2] EXPLICIT OCTET STRING OPTIONAL, + nAddresses [3] EXPLICIT SET SIZE (1..MAX) OF OCTET STRING } + +terminal-type INTEGER ::= 23 + +TerminalType ::= INTEGER { + telex (3), + teletex (4), + g3-facsimile (5), + g4-facsimile (6), + ia5-terminal (7), + videotex (8) } (0..ub-integer-options) + +-- Extension Domain-defined Attributes + +teletex-domain-defined-attributes INTEGER ::= 6 + +TeletexDomainDefinedAttributes ::= SEQUENCE SIZE + (1..ub-domain-defined-attributes) OF TeletexDomainDefinedAttribute + +TeletexDomainDefinedAttribute ::= SEQUENCE { + type TeletexString + (SIZE (1..ub-domain-defined-attribute-type-length)), + value TeletexString + (SIZE (1..ub-domain-defined-attribute-value-length)) } + +-- specifications of Upper Bounds MUST be regarded as mandatory +-- from Annex B of ITU-T X.411 Reference Definition of MTS Parameter +-- Upper Bounds + +-- Upper Bounds +ub-name INTEGER ::= 32768 +ub-common-name INTEGER ::= 64 +ub-locality-name INTEGER ::= 128 +ub-state-name INTEGER ::= 128 +ub-organization-name INTEGER ::= 64 +ub-organizational-unit-name INTEGER ::= 64 +ub-title INTEGER ::= 64 +ub-serial-number INTEGER ::= 64 +ub-match INTEGER ::= 128 +ub-emailaddress-length INTEGER ::= 255 +ub-common-name-length INTEGER ::= 64 +ub-country-name-alpha-length INTEGER ::= 2 +ub-country-name-numeric-length INTEGER ::= 3 +ub-domain-defined-attributes INTEGER ::= 4 +ub-domain-defined-attribute-type-length INTEGER ::= 8 +ub-domain-defined-attribute-value-length INTEGER ::= 128 +ub-domain-name-length INTEGER ::= 16 +ub-extension-attributes INTEGER ::= 256 +ub-e163-4-number-length INTEGER ::= 15 +ub-e163-4-sub-address-length INTEGER ::= 40 +ub-generation-qualifier-length INTEGER ::= 3 +ub-given-name-length INTEGER ::= 16 +ub-initials-length INTEGER ::= 5 +ub-integer-options INTEGER ::= 256 +ub-numeric-user-id-length INTEGER ::= 32 +ub-organization-name-length INTEGER ::= 64 +ub-organizational-unit-name-length INTEGER ::= 32 +ub-organizational-units INTEGER ::= 4 +ub-pds-name-length INTEGER ::= 16 +ub-pds-parameter-length INTEGER ::= 30 +ub-pds-physical-address-lines INTEGER ::= 6 +ub-postal-code-length INTEGER ::= 16 +ub-pseudonym INTEGER ::= 128 +ub-surname-length INTEGER ::= 40 +ub-terminal-id-length INTEGER ::= 24 +ub-unformatted-address-length INTEGER ::= 180 +ub-x121-address-length INTEGER ::= 16 + +-- Note - upper bounds on string types, such as TeletexString, are +-- measured in characters. Excepting PrintableString or IA5String, a +-- significantly greater number of octets will be required to hold +-- such a value. As a minimum, 16 octets, or twice the specified +-- upper bound, whichever is the larger, should be allowed for +-- TeletexString. For UTF8String or UniversalString at least four +-- times the upper bound should be allowed. + +END diff --git a/lib/public_key/asn1/PKIX1Implicit88.asn1 b/lib/public_key/asn1/PKIX1Implicit88.asn1 new file mode 100644 index 0000000000..ced270baf6 --- /dev/null +++ b/lib/public_key/asn1/PKIX1Implicit88.asn1 @@ -0,0 +1,349 @@ +PKIX1Implicit88 { iso(1) identified-organization(3) dod(6) internet(1) + security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit(19) } + +DEFINITIONS IMPLICIT TAGS ::= + +BEGIN + +-- EXPORTS ALL -- + +IMPORTS + id-pe, id-kp, id-qt-unotice, id-qt-cps, + -- delete following line if "new" types are supported -- + -- BMPString, + -- UTF8String, end "new" types -- + ORAddress, Name, RelativeDistinguishedName, + CertificateSerialNumber, Attribute, DirectoryString + FROM PKIX1Explicit88 { iso(1) identified-organization(3) + dod(6) internet(1) security(5) mechanisms(5) pkix(7) + id-mod(0) id-pkix1-explicit(18) }; + + +-- ISO arc for standard certificate and CRL extensions + +id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} + +-- authority key identifier OID and syntax + +id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } + +AuthorityKeyIdentifier ::= SEQUENCE { + keyIdentifier [0] KeyIdentifier OPTIONAL, + authorityCertIssuer [1] GeneralNames OPTIONAL, + authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } + -- authorityCertIssuer and authorityCertSerialNumber MUST both + -- be present or both be absent + +KeyIdentifier ::= OCTET STRING + +-- subject key identifier OID and syntax + +id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } + +SubjectKeyIdentifier ::= KeyIdentifier + +-- key usage extension OID and syntax + +id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } + +KeyUsage ::= BIT STRING { + digitalSignature (0), + nonRepudiation (1), + keyEncipherment (2), + dataEncipherment (3), + keyAgreement (4), + keyCertSign (5), + cRLSign (6), + encipherOnly (7), + decipherOnly (8) } + +-- private key usage period extension OID and syntax + +id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-ce 16 } + +PrivateKeyUsagePeriod ::= SEQUENCE { + notBefore [0] GeneralizedTime OPTIONAL, + notAfter [1] GeneralizedTime OPTIONAL } + -- either notBefore or notAfter MUST be present + +-- certificate policies extension OID and syntax + +id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } + +anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } + +CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation + +PolicyInformation ::= SEQUENCE { + policyIdentifier CertPolicyId, + policyQualifiers SEQUENCE SIZE (1..MAX) OF + PolicyQualifierInfo OPTIONAL } + +CertPolicyId ::= OBJECT IDENTIFIER + +PolicyQualifierInfo ::= SEQUENCE { + policyQualifierId PolicyQualifierId, + qualifier ANY DEFINED BY policyQualifierId } + +-- Implementations that recognize additional policy qualifiers MUST +-- augment the following definition for PolicyQualifierId + +PolicyQualifierId ::= + OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice ) + +-- CPS pointer qualifier + +CPSuri ::= IA5String + +-- user notice qualifier + +UserNotice ::= SEQUENCE { + noticeRef NoticeReference OPTIONAL, + explicitText DisplayText OPTIONAL} + +NoticeReference ::= SEQUENCE { + organization DisplayText, + noticeNumbers SEQUENCE OF INTEGER } + +DisplayText ::= CHOICE { + ia5String IA5String (SIZE (1..200)), + visibleString VisibleString (SIZE (1..200)), + bmpString BMPString (SIZE (1..200)), + utf8String UTF8String (SIZE (1..200)) } + +-- policy mapping extension OID and syntax + +id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } + +PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { + issuerDomainPolicy CertPolicyId, + subjectDomainPolicy CertPolicyId } + +-- subject alternative name extension OID and syntax + +id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } + +SubjectAltName ::= GeneralNames + +GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName + +GeneralName ::= CHOICE { + otherName [0] AnotherName, + rfc822Name [1] IA5String, + dNSName [2] IA5String, + x400Address [3] ORAddress, + directoryName [4] Name, + ediPartyName [5] EDIPartyName, + uniformResourceIdentifier [6] IA5String, + iPAddress [7] OCTET STRING, + registeredID [8] OBJECT IDENTIFIER } + +-- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as +-- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax + +AnotherName ::= SEQUENCE { + type-id OBJECT IDENTIFIER, + value [0] EXPLICIT ANY DEFINED BY type-id } + +EDIPartyName ::= SEQUENCE { + nameAssigner [0] DirectoryString OPTIONAL, + partyName [1] DirectoryString } + +-- issuer alternative name extension OID and syntax + +id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 } + +IssuerAltName ::= GeneralNames + +id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 } + +SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF Attribute + +-- basic constraints extension OID and syntax + +id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } + +BasicConstraints ::= SEQUENCE { + cA BOOLEAN DEFAULT FALSE, + pathLenConstraint INTEGER (0..MAX) OPTIONAL } + +-- name constraints extension OID and syntax + +id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 } + +NameConstraints ::= SEQUENCE { + permittedSubtrees [0] GeneralSubtrees OPTIONAL, + excludedSubtrees [1] GeneralSubtrees OPTIONAL } + +GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree + +GeneralSubtree ::= SEQUENCE { + base GeneralName, + minimum [0] BaseDistance DEFAULT 0, + maximum [1] BaseDistance OPTIONAL } + +BaseDistance ::= INTEGER (0..MAX) + +-- policy constraints extension OID and syntax + +id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 } + +PolicyConstraints ::= SEQUENCE { + requireExplicitPolicy [0] SkipCerts OPTIONAL, + inhibitPolicyMapping [1] SkipCerts OPTIONAL } + +SkipCerts ::= INTEGER (0..MAX) + +-- CRL distribution points extension OID and syntax + +id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= {id-ce 31} + +CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint + +DistributionPoint ::= SEQUENCE { + distributionPoint [0] DistributionPointName OPTIONAL, + reasons [1] ReasonFlags OPTIONAL, + cRLIssuer [2] GeneralNames OPTIONAL } + +DistributionPointName ::= CHOICE { + fullName [0] GeneralNames, + nameRelativeToCRLIssuer [1] RelativeDistinguishedName } + +ReasonFlags ::= BIT STRING { + unused (0), + keyCompromise (1), + cACompromise (2), + affiliationChanged (3), + superseded (4), + cessationOfOperation (5), + certificateHold (6), + privilegeWithdrawn (7), + aACompromise (8) } + +-- extended key usage extension OID and syntax + +id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37} + +ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId + + +KeyPurposeId ::= OBJECT IDENTIFIER + +-- permit unspecified key uses + +anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } + +-- extended key purpose OIDs + +id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } +id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } +id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } +id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } +id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } +id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } + +-- inhibit any policy OID and syntax + +id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } + +InhibitAnyPolicy ::= SkipCerts + +-- freshest (delta)CRL extension OID and syntax + +id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 } + +FreshestCRL ::= CRLDistributionPoints + +-- authority info access + +id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 } + +AuthorityInfoAccessSyntax ::= + SEQUENCE SIZE (1..MAX) OF AccessDescription + +AccessDescription ::= SEQUENCE { + accessMethod OBJECT IDENTIFIER, + accessLocation GeneralName } + +-- subject info access + +id-pe-subjectInfoAccess OBJECT IDENTIFIER ::= { id-pe 11 } + +SubjectInfoAccessSyntax ::= + SEQUENCE SIZE (1..MAX) OF AccessDescription + +-- CRL number extension OID and syntax + +id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } + +CRLNumber ::= INTEGER (0..MAX) + +-- issuing distribution point extension OID and syntax + +id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 } + +IssuingDistributionPoint ::= SEQUENCE { + distributionPoint [0] DistributionPointName OPTIONAL, + onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE, + onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE, + onlySomeReasons [3] ReasonFlags OPTIONAL, + indirectCRL [4] BOOLEAN DEFAULT FALSE, + onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE } + +id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-ce 27 } + +BaseCRLNumber ::= CRLNumber + +-- CRL reasons extension OID and syntax + +id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 } + +CRLReason ::= ENUMERATED { + unspecified (0), + keyCompromise (1), + cACompromise (2), + affiliationChanged (3), + superseded (4), + cessationOfOperation (5), + certificateHold (6), + removeFromCRL (8), + privilegeWithdrawn (9), + aACompromise (10) } + +-- certificate issuer CRL entry extension OID and syntax + +id-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-ce 29 } + +CertificateIssuer ::= GeneralNames + +-- hold instruction extension OID and syntax + +id-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-ce 23 } + +HoldInstructionCode ::= OBJECT IDENTIFIER + +-- ANSI x9 holdinstructions + +-- ANSI x9 arc holdinstruction arc + +holdInstruction OBJECT IDENTIFIER ::= + {joint-iso-itu-t(2) member-body(2) us(840) x9cm(10040) 2} + +-- ANSI X9 holdinstructions referenced by this standard + +id-holdinstruction-none OBJECT IDENTIFIER ::= + {holdInstruction 1} -- deprecated + +id-holdinstruction-callissuer OBJECT IDENTIFIER ::= + {holdInstruction 2} + +id-holdinstruction-reject OBJECT IDENTIFIER ::= + {holdInstruction 3} + +-- invalidity date CRL entry extension OID and syntax + +id-ce-invalidityDate OBJECT IDENTIFIER ::= { id-ce 24 } + +InvalidityDate ::= GeneralizedTime + +END diff --git a/lib/public_key/asn1/PKIXAttributeCertificate.asn1 b/lib/public_key/asn1/PKIXAttributeCertificate.asn1 new file mode 100644 index 0000000000..7d93e6b37e --- /dev/null +++ b/lib/public_key/asn1/PKIXAttributeCertificate.asn1 @@ -0,0 +1,189 @@ + PKIXAttributeCertificate {iso(1) identified-organization(3) dod(6) + internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) + id-mod-attribute-cert(12)} + + DEFINITIONS IMPLICIT TAGS ::= + + BEGIN + + -- EXPORTS ALL -- + + IMPORTS + + -- IMPORTed module OIDs MAY change if [PKIXPROF] changes + -- PKIX Certificate Extensions + Attribute, AlgorithmIdentifier, CertificateSerialNumber, + Extensions, UniqueIdentifier, + id-pkix, id-pe, id-kp, id-ad, id-at + FROM PKIX1Explicit88 {iso(1) identified-organization(3) + dod(6) internet(1) security(5) mechanisms(5) + pkix(7) id-mod(0) id-pkix1-explicit-88(1)} + + GeneralName, GeneralNames, id-ce + FROM PKIX1Implicit88 {iso(1) identified-organization(3) + dod(6) internet(1) security(5) mechanisms(5) + pkix(7) id-mod(0) id-pkix1-implicit-88(2)} ; + + id-pe-ac-auditIdentity OBJECT IDENTIFIER ::= { id-pe 4 } + id-pe-aaControls OBJECT IDENTIFIER ::= { id-pe 6 } + id-pe-ac-proxying OBJECT IDENTIFIER ::= { id-pe 10 } + id-ce-targetInformation OBJECT IDENTIFIER ::= { id-ce 55 } + + id-aca OBJECT IDENTIFIER ::= { id-pkix 10 } + id-aca-authenticationInfo OBJECT IDENTIFIER ::= { id-aca 1 } + id-aca-accessIdentity OBJECT IDENTIFIER ::= { id-aca 2 } + id-aca-chargingIdentity OBJECT IDENTIFIER ::= { id-aca 3 } + id-aca-group OBJECT IDENTIFIER ::= { id-aca 4 } + -- { id-aca 5 } is reserved + id-aca-encAttrs OBJECT IDENTIFIER ::= { id-aca 6 } + + id-at-role OBJECT IDENTIFIER ::= { id-at 72} + id-at-clearance OBJECT IDENTIFIER ::= + { joint-iso-ccitt(2) ds(5) module(1) + selected-attribute-types(5) clearance (55) } + + -- Uncomment this if using a 1988 level ASN.1 compiler + -- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING + + AttributeCertificate ::= SEQUENCE { + acinfo AttributeCertificateInfo, + signatureAlgorithm AlgorithmIdentifier, + signatureValue BIT STRING + } + + AttributeCertificateInfo ::= SEQUENCE { + version AttCertVersion, -- version is v2 + holder Holder, + issuer AttCertIssuer, + signature AlgorithmIdentifier, + serialNumber CertificateSerialNumber, + attrCertValidityPeriod AttCertValidityPeriod, + attributes SEQUENCE OF Attribute, + issuerUniqueID UniqueIdentifier OPTIONAL, + extensions Extensions OPTIONAL + } + + AttCertVersion ::= INTEGER { v2(1) } + + Holder ::= SEQUENCE { + baseCertificateID [0] IssuerSerial OPTIONAL, + -- the issuer and serial number of + -- the holder's Public Key Certificate + entityName [1] GeneralNames OPTIONAL, + -- the name of the claimant or role + objectDigestInfo [2] ObjectDigestInfo OPTIONAL + -- used to directly authenticate the + -- holder, for example, an executable + } + + ObjectDigestInfo ::= SEQUENCE { + digestedObjectType ENUMERATED { + publicKey (0), + publicKeyCert (1), + otherObjectTypes (2) }, + -- otherObjectTypes MUST NOT + -- MUST NOT be used in this profile + otherObjectTypeID OBJECT IDENTIFIER OPTIONAL, + digestAlgorithm AlgorithmIdentifier, + objectDigest BIT STRING + } + + AttCertIssuer ::= CHOICE { + v1Form GeneralNames, -- MUST NOT be used in this + -- profile + v2Form [0] V2Form -- v2 only + } + + V2Form ::= SEQUENCE { + issuerName GeneralNames OPTIONAL, + baseCertificateID [0] IssuerSerial OPTIONAL, + objectDigestInfo [1] ObjectDigestInfo OPTIONAL + -- issuerName MUST be present in this profile + -- baseCertificateID and objectDigestInfo MUST + -- NOT be present in this profile + } + + IssuerSerial ::= SEQUENCE { + issuer GeneralNames, + serial CertificateSerialNumber, + issuerUID UniqueIdentifier OPTIONAL + } + + AttCertValidityPeriod ::= SEQUENCE { + notBeforeTime GeneralizedTime, + notAfterTime GeneralizedTime + } + + Targets ::= SEQUENCE OF Target + + Target ::= CHOICE { + targetName [0] GeneralName, + targetGroup [1] GeneralName, + targetCert [2] TargetCert + } + + TargetCert ::= SEQUENCE { + targetCertificate IssuerSerial, + targetName GeneralName OPTIONAL, + certDigestInfo ObjectDigestInfo OPTIONAL + } + + IetfAttrSyntax ::= SEQUENCE { + policyAuthority[0] GeneralNames OPTIONAL, + values SEQUENCE OF CHOICE { + octets OCTET STRING, + oid OBJECT IDENTIFIER, + string UTF8String + } + } + + SvceAuthInfo ::= SEQUENCE { + service GeneralName, + ident GeneralName, + authInfo OCTET STRING OPTIONAL + } + + RoleSyntax ::= SEQUENCE { + roleAuthority [0] GeneralNames OPTIONAL, + roleName [1] GeneralName + } + + Clearance ::= SEQUENCE { + policyId [0] OBJECT IDENTIFIER, + classList [1] ClassList DEFAULT {unclassified}, + securityCategories + [2] SET OF SecurityCategory OPTIONAL + } + + ClassList ::= BIT STRING { + unmarked (0), + unclassified (1), + restricted (2), + confidential (3), + secret (4), + topSecret (5) + } + + SecurityCategory ::= SEQUENCE { + type [0] IMPLICIT OBJECT IDENTIFIER, + value [1] ANY DEFINED BY type + } + + AAControls ::= SEQUENCE { + pathLenConstraint INTEGER (0..MAX) OPTIONAL, + permittedAttrs [0] AttrSpec OPTIONAL, + excludedAttrs [1] AttrSpec OPTIONAL, + permitUnSpecified BOOLEAN DEFAULT TRUE + } + + AttrSpec::= SEQUENCE OF OBJECT IDENTIFIER + + ACClearAttrs ::= SEQUENCE { + acIssuer GeneralName, + acSerial INTEGER, + attrs SEQUENCE OF Attribute + } + + ProxyInfo ::= SEQUENCE OF Targets + + END diff --git a/lib/public_key/asn1/README b/lib/public_key/asn1/README new file mode 100644 index 0000000000..5fb8cf9725 --- /dev/null +++ b/lib/public_key/asn1/README @@ -0,0 +1,51 @@ +The files + + PKIX1Algorithms88.asn1 + PKIX1Explicit88.asn1 + PKIX1Implicit88.asn1 + PKIXAttributeCertificate.asn1 + +are from RFCs 3279, 3280 and 3281. + +We have edited PKIX1Explicit88.asn1, PKIX1Implicit88.asn1, and +PKIXAttributeCertificate.asn1 as follows: + + +1. Removal of definition of UniversalString and BMPString: + +diff -r1.1 PKIX1Explicit88.asn1 +15c15 +< UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING +--- +> -- UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING +18c18 +< BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING +--- +> -- BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING + + +2. Removal of definition of BMPString: + +diff -r1.1 PKIX1Implicit88.asn1 +13c13,14 +< BMPString, UTF8String, -- end "new" types -- +--- +> -- BMPString, +> UTF8String, -- end "new" types -- + + +3. Addition of definition of UTF8String, and correction of a typo. + +diff -r1.1 PKIXAttributeCertificate.asn1 +46c46 +< -- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING +--- +> UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING +55c55 +< version AttCertVersion -- version is v2, +--- +> version AttCertVersion, -- version is v2 + +4. Defenitions of publuic keys from PKCS-1.asn1 present in +PKIX1Algorithms88.asn1 where removed as we take them directly from +PKCS-1.asn1
\ No newline at end of file |