diff options
Diffstat (limited to 'lib/public_key')
-rw-r--r-- | lib/public_key/asn1/CryptographicMessageSyntax.asn1 | 376 | ||||
-rw-r--r-- | lib/public_key/asn1/Makefile | 15 | ||||
-rw-r--r-- | lib/public_key/asn1/PKCS-12.asn1 | 174 | ||||
-rw-r--r-- | lib/public_key/asn1/PKCS-15.asn1 | 869 | ||||
-rw-r--r-- | lib/public_key/asn1/PKCS-7.asn1 | 77 | ||||
-rw-r--r-- | lib/public_key/asn1/PKCS-9.asn1 | 390 | ||||
-rw-r--r-- | lib/public_key/asn1/PKCS-FRAME.set.asn | 1 | ||||
-rw-r--r-- | lib/public_key/asn1/UpperBounds.asn1 | 88 |
8 files changed, 68 insertions, 1922 deletions
diff --git a/lib/public_key/asn1/CryptographicMessageSyntax.asn1 b/lib/public_key/asn1/CryptographicMessageSyntax.asn1 deleted file mode 100644 index 05ecdf2448..0000000000 --- a/lib/public_key/asn1/CryptographicMessageSyntax.asn1 +++ /dev/null @@ -1,376 +0,0 @@ -CryptographicMessageSyntax {iso(1) member-body(2) us(840) rsadsi(113549) - pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1)} --- --- Copyright (C) The Internet Society (1999). This version of --- this ASN.1 module is part of RFC 2630; --- see the RFC itself for full legal notices. --- -DEFINITIONS IMPLICIT TAGS ::= -BEGIN - --- EXPORTS All --- The types and values defined in this module are exported for use in --- the other ASN.1 modules. Other applications may use them for their --- own purposes. -IMPORTS - -- Directory Information Framework (X.501) - Name - FROM InformationFramework {joint-iso-itu-t ds(5) module(1) - informationFramework(1) 3} - -- Directory Authentication Framework (X.509) - AlgorithmIdentifier, AttributeCertificate, Certificate, CertificateList, - CertificateSerialNumber - FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1) - authenticationFramework(7) 3}; - -ContentInfo ::= SEQUENCE { - content-type CMS-CONTENT-TYPE.&id({CMSContentTable}), - pkcs7-content [0] CMS-CONTENT-TYPE.&Type({CMSContentTable}) -} - -CMS-CONTENT-TYPE ::= TYPE-IDENTIFIER - -CMSContentTable CMS-CONTENT-TYPE ::= - {...} - -ContentType ::= OBJECT IDENTIFIER - -SignedData ::= SEQUENCE { - version CMSVersion, - digestAlgorithms DigestAlgorithmIdentifiers, - encapContentInfo EncapsulatedContentInfo, - certificates [0] IMPLICIT CertificateSet OPTIONAL, - crls [1] IMPLICIT CertificateRevocationLists OPTIONAL, - signerInfos SignerInfos -} - -DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier - -SignerInfos ::= SET OF SignerInfo - -EncapsulatedContentInfo ::= SEQUENCE { - eContentType ContentType, - eContent [0] EXPLICIT OCTET STRING OPTIONAL -} - -SignerInfo ::= SEQUENCE { - version CMSVersion, - sid SignerIdentifier, - digestAlgorithm DigestAlgorithmIdentifier, - signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL, - signatureAlgorithm SignatureAlgorithmIdentifier, - signature SignatureValue, - unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL -} - -SignerIdentifier ::= CHOICE { - issuerAndSerialNumber IssuerAndSerialNumber, - subjectKeyIdentifier [0] SubjectKeyIdentifier -} - -SignedAttributes ::= SET SIZE (1..MAX) OF Attribute - -UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute - -Attribute ::= SEQUENCE { - attrType OBJECT IDENTIFIER, - attrValues SET OF AttributeValue -} - -OPEN ::= CLASS {&Type -}WITH SYNTAX {TYPE &Type -} - -AttributeValue ::= OPEN.&Type - -SignatureValue ::= OCTET STRING - -EnvelopedData ::= SEQUENCE { - version CMSVersion, - originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL, - recipientInfos RecipientInfos, - encryptedContentInfo EncryptedContentInfo, - unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL -} - -OriginatorInfo ::= SEQUENCE { - certs [0] IMPLICIT CertificateSet OPTIONAL, - crls [1] IMPLICIT CertificateRevocationLists OPTIONAL -} - -RecipientInfos ::= SET OF RecipientInfo - -EncryptedContentInfo ::= SEQUENCE { - contentType ContentType, - contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier, - encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL -} - -EncryptedContent ::= OCTET STRING - -UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute - -RecipientInfo ::= CHOICE { - ktri KeyTransRecipientInfo, - kari [1] KeyAgreeRecipientInfo, - kekri [2] KEKRecipientInfo -} - -EncryptedKey ::= OCTET STRING - -KeyTransRecipientInfo ::= SEQUENCE { - version CMSVersion, -- always set to 0 or 2 - rid RecipientIdentifier, - keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, - encryptedKey EncryptedKey -} - -RecipientIdentifier ::= CHOICE { - issuerAndSerialNumber IssuerAndSerialNumber, - subjectKeyIdentifier [0] SubjectKeyIdentifier -} - -KeyAgreeRecipientInfo ::= SEQUENCE { - version CMSVersion, -- always set to 3 - originator [0] EXPLICIT OriginatorIdentifierOrKey, - ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL, - keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, - recipientEncryptedKeys RecipientEncryptedKeys -} - -OriginatorIdentifierOrKey ::= CHOICE { - issuerAndSerialNumber IssuerAndSerialNumber, - subjectKeyIdentifier [0] SubjectKeyIdentifier, - originatorKey [1] OriginatorPublicKey -} - -OriginatorPublicKey ::= SEQUENCE { - algorithm AlgorithmIdentifier, - publicKey BIT STRING -} - -RecipientEncryptedKeys ::= SEQUENCE OF RecipientEncryptedKey - -RecipientEncryptedKey ::= SEQUENCE { - rid KeyAgreeRecipientIdentifier, - encryptedKey EncryptedKey -} - -KeyAgreeRecipientIdentifier ::= CHOICE { - issuerAndSerialNumber IssuerAndSerialNumber, - rKeyId [0] IMPLICIT RecipientKeyIdentifier -} - -RecipientKeyIdentifier ::= SEQUENCE { - subjectKeyIdentifier SubjectKeyIdentifier, - date GeneralizedTime OPTIONAL, - other OtherKeyAttribute OPTIONAL -} - -SubjectKeyIdentifier ::= OCTET STRING - -KEKRecipientInfo ::= SEQUENCE { - version CMSVersion, -- always set to 4 - kekid KEKIdentifier, - keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, - encryptedKey EncryptedKey -} - -KEKIdentifier ::= SEQUENCE { - keyIdentifier OCTET STRING, - date GeneralizedTime OPTIONAL, - other OtherKeyAttribute OPTIONAL -} - -DigestedData ::= SEQUENCE { - version CMSVersion, - digestAlgorithm DigestAlgorithmIdentifier, - encapContentInfo EncapsulatedContentInfo, - digest Digest -} - -Digest ::= OCTET STRING - -EncryptedData ::= SEQUENCE { - version CMSVersion, - encryptedContentInfo EncryptedContentInfo, - unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL -} - -AuthenticatedData ::= SEQUENCE { - version CMSVersion, - originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL, - recipientInfos RecipientInfos, - macAlgorithm MessageAuthenticationCodeAlgorithm, - digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL, - encapContentInfo EncapsulatedContentInfo, - authenticatedAttributes [2] IMPLICIT AuthAttributes OPTIONAL, - mac MessageAuthenticationCode, - unauthenticatedAttributes [3] IMPLICIT UnauthAttributes OPTIONAL -} - -AuthAttributes ::= SET SIZE (1..MAX) OF Attribute - -UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute - -MessageAuthenticationCode ::= OCTET STRING - -DigestAlgorithmIdentifier ::= AlgorithmIdentifier - -SignatureAlgorithmIdentifier ::= AlgorithmIdentifier - -KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier - -ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier - -MessageAuthenticationCodeAlgorithm ::= AlgorithmIdentifier - -CertificateRevocationLists ::= SET OF CertificateList - -CertificateChoices ::= CHOICE { - certificate Certificate, -- See X.509 - extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete - attrCert [1] IMPLICIT AttributeCertificate -} -- See X.509 & X9.57 - -CertificateSet ::= SET OF CertificateChoices - -IssuerAndSerialNumber ::= SEQUENCE { - issuer Name, - serialNumber CertificateSerialNumber -} - -CMSVersion ::= INTEGER {v0(0), v1(1), v2(2), v3(3), v4(4)} - -UserKeyingMaterial ::= OCTET STRING - -OtherKeyAttribute ::= SEQUENCE { - keyAttributeIdentifier OTHER-KEY-ATTRIBUTE.&id({OtherKeyAttributeTable}), - keyAttribute - OTHER-KEY-ATTRIBUTE.&Type - ({OtherKeyAttributeTable}{@keyAttributeIdentifier}) OPTIONAL -} - -OTHER-KEY-ATTRIBUTE ::= TYPE-IDENTIFIER - -OtherKeyAttributeTable OTHER-KEY-ATTRIBUTE ::= - {...} - --- CMS Attributes -MessageDigest ::= OCTET STRING - -SigningTime ::= Time - -Time ::= CHOICE {utcTime UTCTime, - generalTime GeneralizedTime -} - -Countersignature ::= SignerInfo - --- Algorithm Identifiers -sha-1 OBJECT IDENTIFIER ::= - {iso(1) identified-organization(3) oiw(14) secsig(3) algorithm(2) 26} - -md5 OBJECT IDENTIFIER ::= - {iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5} - -id-dsa-with-sha1 OBJECT IDENTIFIER ::= - {iso(1) member-body(2) us(840) x9-57(10040) x9cm(4) 3} - -rsaEncryption OBJECT IDENTIFIER ::= - {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1} - -dh-public-number OBJECT IDENTIFIER ::= - {iso(1) member-body(2) us(840) ansi-x942(10046) number-type(2) 1} - -id-alg-ESDH OBJECT IDENTIFIER ::= - {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) - alg(3) 5} - -id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= - {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) - alg(3) 6} - -id-alg-CMSRC2wrap OBJECT IDENTIFIER ::= - {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) - alg(3) 7} - -des-ede3-cbc OBJECT IDENTIFIER ::= - {iso(1) member-body(2) us(840) rsadsi(113549) encryptionAlgorithm(3) 7} - -rc2-cbc OBJECT IDENTIFIER ::= - {iso(1) member-body(2) us(840) rsadsi(113549) encryptionAlgorithm(3) 2} - -hMAC-SHA1 OBJECT IDENTIFIER ::= - {iso(1) identified-organization(3) dod(6) internet(1) security(5) - mechanisms(5) 8 1 2} - --- Algorithm Parameters -KeyWrapAlgorithm ::= AlgorithmIdentifier - -RC2wrapParameter ::= RC2ParameterVersion - -RC2ParameterVersion ::= INTEGER - -CBCParameter ::= IV - -IV ::= OCTET STRING -- exactly 8 octets - -RC2CBCParameter ::= SEQUENCE { - rc2ParameterVersion INTEGER, - iv OCTET STRING -} -- exactly 8 octets - --- Content Type Object Identifiers -id-ct-contentInfo OBJECT IDENTIFIER ::= - {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) - ct(1) 6} - -id-data OBJECT IDENTIFIER ::= - {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1} - -id-signedData OBJECT IDENTIFIER ::= - {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2} - -id-envelopedData OBJECT IDENTIFIER ::= - {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 3} - -id-digestedData OBJECT IDENTIFIER ::= - {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 5} - -id-encryptedData OBJECT IDENTIFIER ::= - {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6} - -id-ct-authData OBJECT IDENTIFIER ::= - {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) - ct(1) 2} - --- Attribute Object Identifiers -id-contentType OBJECT IDENTIFIER ::= - {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) 3} - -id-messageDigest OBJECT IDENTIFIER ::= - {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) 4} - -id-signingTime OBJECT IDENTIFIER ::= - {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) 5} - -id-countersignature OBJECT IDENTIFIER ::= - {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) 6} - --- Obsolete Extended Certificate syntax from PKCS#6 -ExtendedCertificate ::= SEQUENCE { - extendedCertificateInfo ExtendedCertificateInfo, - signatureAlgorithm SignatureAlgorithmIdentifier, - signature Signature -} - -ExtendedCertificateInfo ::= SEQUENCE { - version CMSVersion, - certificate Certificate, - attributes UnauthAttributes -} - -Signature ::= BIT STRING - -END -- of CryptographicMessageSyntax diff --git a/lib/public_key/asn1/Makefile b/lib/public_key/asn1/Makefile index 8b76d957f0..4b4db9ec6d 100644 --- a/lib/public_key/asn1/Makefile +++ b/lib/public_key/asn1/Makefile @@ -40,7 +40,7 @@ RELSYSDIR = $(RELEASE_PATH)/lib/public_key-$(VSN) ASN_TOP = OTP-PUB-KEY PKCS-FRAME ASN_MODULES = PKIX1Explicit88 PKIX1Implicit88 PKIX1Algorithms88 \ - PKIXAttributeCertificate PKCS-1 PKCS-3 PKCS-7 PKCS-8 PKCS-9 PKCS-15 PKCS-12 PKCS5v2-0 OTP-PKIX \ + PKIXAttributeCertificate PKCS-1 PKCS-3 PKCS-7 PKCS-8 PKCS5v2-0 OTP-PKIX \ AuthenticationFramework InformationFramework UsefulDefinitions SelectedAttributeTypes ASN_ASNS = $(ASN_MODULES:%=%.asn1) ASN_ERLS = $(ASN_TOP:%=%.erl) @@ -116,16 +116,11 @@ OTP-PUB-KEY.asn1db: PKIX1Algorithms88.asn1 \ OTP-PKIX.asn1 $(EBIN)/PKCS-FRAME.beam: PKCS-FRAME.erl PKCS-FRAME.hrl -PKCS-FRAME.erl PKCS-FRAME.hrl: PKCS-FRAME.asn1db -PKCS-FRAME.asn1db: PKCS-8.asn1\ +PKCS-FRAME.erl PKCS-FRAME.hrl: PKCS-FRAME.asn1db +PKCS-FRAME.asn1db: PKCS5v2-0.asn1\ + PKCS-8.asn1\ PKCS-7.asn1\ - PKCS-9.asn1\ - PKCS-15.asn1\ - PKCS-12.asn1\ AuthenticationFramework.asn1\ InformationFramework.asn1\ UsefulDefinitions.asn1\ - SelectedAttributeTypes.asn1\ - CryptographicMessageSyntax.asn1\ - UpperBounds.asn1\ - PKCS5v2-0.asn1
\ No newline at end of file + SelectedAttributeTypes.asn1 diff --git a/lib/public_key/asn1/PKCS-12.asn1 b/lib/public_key/asn1/PKCS-12.asn1 deleted file mode 100644 index 078089f7b5..0000000000 --- a/lib/public_key/asn1/PKCS-12.asn1 +++ /dev/null @@ -1,174 +0,0 @@ -PKCS-12 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) - pkcs-12(12) modules(0) pkcs-12(1)} - --- $Revision$ - -DEFINITIONS IMPLICIT TAGS ::= - -BEGIN - --- EXPORTS ALL --- All types and values defined in this module is exported for use in --- other ASN.1 modules. - -IMPORTS - -informationFramework - FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1) - usefulDefinitions(0) 3} - -ATTRIBUTE - FROM InformationFramework informationFramework - -ContentInfo, DigestInfo - FROM PKCS-7 {iso(1) member-body(2) us(840) rsadsi(113549) - pkcs(1) pkcs-7(7) modules(0) pkcs-7(1)} - -PrivateKeyInfo, EncryptedPrivateKeyInfo - FROM PKCS-8 {iso(1) member-body(2) us(840) rsadsi(113549) - pkcs(1) pkcs-8(8) modules(1) pkcs-8(1)} - -pkcs-9, friendlyName, localKeyId, certTypes, crlTypes - FROM PKCS-9 {iso(1) member-body(2) us(840) rsadsi(113549) - pkcs(1) pkcs-9(9) modules(0) pkcs-9(1)}; - --- Object identifiers - -rsadsi OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549)} -pkcs OBJECT IDENTIFIER ::= {rsadsi pkcs(1)} -pkcs-12 OBJECT IDENTIFIER ::= {pkcs 12} -pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1} -pbeWithSHAAnd128BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 1} -pbeWithSHAAnd40BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 2} -pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} -pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} -pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} -pbewithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} - -bagtypes OBJECT IDENTIFIER ::= {pkcs-12 10 1} - --- The PFX PDU - -PFX ::= SEQUENCE { - version INTEGER {v3(3)}(v3,...), - authSafe ContentInfo, - macData MacData OPTIONAL -} - -MacData ::= SEQUENCE { - mac DigestInfo, - macSalt OCTET STRING, - iterations INTEGER DEFAULT 1 --- Note: The default is for historical reasons and its use is --- deprecated. A higher value, like 1024 is recommended. -} - -AuthenticatedSafe ::= SEQUENCE OF ContentInfo - -- Data if unencrypted - -- EncryptedData if password-encrypted - -- EnvelopedData if public key-encrypted - -SafeContents ::= SEQUENCE OF SafeBag - -SafeBag ::= SEQUENCE { - bagId BAG-TYPE.&id ({PKCS12BagSet}), - bagValue [0] EXPLICIT BAG-TYPE.&Type({PKCS12BagSet}{@bagId}), - bagAttributes SET OF PKCS12Attribute OPTIONAL -} - --- Bag types - -keyBag BAG-TYPE ::= - {KeyBag IDENTIFIED BY {bagtypes 1}} -pkcs8ShroudedKeyBag BAG-TYPE ::= - {PKCS8ShroudedKeyBag IDENTIFIED BY {bagtypes 2}} -certBag BAG-TYPE ::= - {CertBag IDENTIFIED BY {bagtypes 3}} -crlBag BAG-TYPE ::= - {CRLBag IDENTIFIED BY {bagtypes 4}} -secretBag BAG-TYPE ::= - {SecretBag IDENTIFIED BY {bagtypes 5}} -safeContentsBag BAG-TYPE ::= - {SafeContents IDENTIFIED BY {bagtypes 6}} - -PKCS12BagSet BAG-TYPE ::= { - keyBag | - pkcs8ShroudedKeyBag | - certBag | - crlBag | - secretBag | - safeContentsBag, - ... -- For future extensions -} - -BAG-TYPE ::= TYPE-IDENTIFIER - --- KeyBag - -KeyBag ::= PrivateKeyInfo - --- Shrouded KeyBag - -PKCS8ShroudedKeyBag ::= EncryptedPrivateKeyInfo - --- CertBag - -CertBag ::= SEQUENCE { - certId BAG-TYPE.&id ({CertTypes}), - certValue [0] EXPLICIT BAG-TYPE.&Type ({CertTypes}{@certId}) -} - -x509Certificate BAG-TYPE ::= - {OCTET STRING IDENTIFIED BY {certTypes 1}} - -- DER-encoded X.509 certificate stored in OCTET STRING -sdsiCertificate BAG-TYPE ::= - {IA5String IDENTIFIED BY {certTypes 2}} - -- Base64-encoded SDSI certificate stored in IA5String - -CertTypes BAG-TYPE ::= { - x509Certificate | - sdsiCertificate, - ... -- For future extensions -} - --- CRLBag - -CRLBag ::= SEQUENCE { - crlId BAG-TYPE.&id ({CRLTypes}), - crlValue [0] EXPLICIT BAG-TYPE.&Type ({CRLTypes}{@crlId}) -} - -x509CRL BAG-TYPE ::= - {OCTET STRING IDENTIFIED BY {crlTypes 1}} - -- DER-encoded X.509 CRL stored in OCTET STRING - -CRLTypes BAG-TYPE ::= { - x509CRL, - ... -- For future extensions -} - --- Secret Bag - -SecretBag ::= SEQUENCE { - secretTypeId BAG-TYPE.&id ({SecretTypes}), - secretValue [0] EXPLICIT BAG-TYPE.&Type ({SecretTypes}{@secretTypeId}) -} - -SecretTypes BAG-TYPE ::= { - ... -- For future extensions -} - --- Attributes - -PKCS12Attribute ::= SEQUENCE { - attrId ATTRIBUTE.&id ({PKCS12AttrSet}), - attrValues SET OF ATTRIBUTE.&Type ({PKCS12AttrSet}{@attrId}) -} -- This type is compatible with the X.500 type 'Attribute' - -PKCS12AttrSet ATTRIBUTE ::= { - friendlyName | - localKeyId, - ... -- Other attributes are allowed -} - -END diff --git a/lib/public_key/asn1/PKCS-15.asn1 b/lib/public_key/asn1/PKCS-15.asn1 deleted file mode 100644 index 6d352e1014..0000000000 --- a/lib/public_key/asn1/PKCS-15.asn1 +++ /dev/null @@ -1,869 +0,0 @@ -PKCS-15 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) - pkcs-15(15) modules(1) pkcs-15(1)} - --- $Revision: 1.7 $ -- - -DEFINITIONS IMPLICIT TAGS ::= - -BEGIN - -IMPORTS - -informationFramework, authenticationFramework, certificateExtensions - FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1) - usefulDefinitions(0) 3} - -Name, Attribute - FROM InformationFramework informationFramework - -Certificate, AttributeCertificate, CertificateSerialNumber, - SubjectPublicKeyInfo - FROM AuthenticationFramework authenticationFramework - -GeneralNames, KeyUsage - FROM CertificateExtensions certificateExtensions - -RecipientInfos, RecipientInfo, OriginatorInfo, sha-1, - id-alg-CMS3DESwrap, id-alg-CMSRC2wrap, hMAC-SHA1, des-ede3-cbc - FROM CryptographicMessageSyntax {iso(1) member-body(2) - us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) - cms(1)} - -RSAPublicKey - FROM PKCS-1 {iso(1) member-body(2) us(840) rsadsi(113549) - pkcs(1) pkcs-1(1) modules(0) pkcs-1(1)} - -AlgorithmIdentifier, SupportingAlgorithms, PBKDF2Algorithms, - ALGORITHM-IDENTIFIER, id-hmacWithSHA1 - FROM PKCS-5 {iso(1) member-body(2) us(840) rsadsi(113549) - pkcs(1) pkcs-5(5) modules(16) pkcs-5(1)} - -ECPoint, Parameters - FROM ANSI-X9-62 {iso(1) member-body(2) us(840) - ansi-x962(10045) module(4) 1} - -DiffieHellmanPublicNumber, DomainParameters - FROM ANSI-X9-42 {iso(1) member-body(2) us(840) - ansi-x942(10046) module(5) 1} - -OOBCertHash - FROM PKIXCMP {iso(1) identified-organization(3) dod(6) - internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) - id-mod-cmp(9)}; - --- Constants - -pkcs15-ub-identifier INTEGER ::= 255 -pkcs15-ub-reference INTEGER ::= 255 -pkcs15-ub-index INTEGER ::= 65535 -pkcs15-ub-label INTEGER ::= pkcs15-ub-identifier -pkcs15-lb-minPinLength INTEGER ::= 4 -pkcs15-ub-minPinLength INTEGER ::= 8 -pkcs15-ub-storedPinLength INTEGER ::= 64 -pkcs15-ub-recordLength INTEGER ::= 16383 -pkcs15-ub-userConsent INTEGER ::= 15 -pkcs15-ub-securityConditions INTEGER ::= 255 -pkcs15-ub-seInfo INTEGER ::= 255 - --- Object Identifiers - -pkcs15 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) - rsadsi(113549) pkcs(1) pkcs-15(15)} -pkcs15-mo OBJECT IDENTIFIER ::= {pkcs15 1} -- Modules branch -pkcs15-at OBJECT IDENTIFIER ::= {pkcs15 2} -- Attribute branch -pkcs15-ct OBJECT IDENTIFIER ::= {pkcs15 3} -- Content type branch - --- Content Types - -pkcs15-ct-PKCS15Token OBJECT IDENTIFIER ::= {pkcs15-ct 1} - --- Basic types - -Identifier ::= OCTET STRING (SIZE (0..pkcs15-ub-identifier)) - -Reference ::= INTEGER (0..pkcs15-ub-reference) - -Label ::= UTF8String (SIZE(0..pkcs15-ub-label)) - -KEY-IDENTIFIER ::= CLASS { - &id INTEGER UNIQUE, - &Value -} WITH SYNTAX { - SYNTAX &Value IDENTIFIED BY &id -} - -CredentialIdentifier {KEY-IDENTIFIER : IdentifierSet} ::= SEQUENCE { - idType KEY-IDENTIFIER.&id ({IdentifierSet}), - idValue KEY-IDENTIFIER.&Value ({IdentifierSet}{@idType}) -} - -KeyIdentifiers KEY-IDENTIFIER ::= { - issuerAndSerialNumber| - issuerAndSerialNumberHash| - subjectKeyId| - subjectKeyHash | - issuerKeyHash | - issuerNameHash | - subjectNameHash, - ... -} - -issuerAndSerialNumber KEY-IDENTIFIER::= - {SYNTAX PKCS15-OPAQUE.&Type IDENTIFIED BY 1} - -- As defined in RFC 2630 -subjectKeyId KEY-IDENTIFIER ::= - {SYNTAX OCTET STRING IDENTIFIED BY 2} - -- From x509v3 certificate extension -issuerAndSerialNumberHash KEY-IDENTIFIER ::= - {SYNTAX OCTET STRING IDENTIFIED BY 3} - -- Assumes SHA-1 hash of DER encoding of IssuerAndSerialNumber -subjectKeyHash KEY-IDENTIFIER ::= - {SYNTAX OCTET STRING IDENTIFIED BY 4} -issuerKeyHash KEY-IDENTIFIER ::= - {SYNTAX OCTET STRING IDENTIFIED BY 5} -issuerNameHash KEY-IDENTIFIER ::= - {SYNTAX OCTET STRING IDENTIFIED BY 6} - -- SHA-1 hash of DER-encoded issuer name -subjectNameHash KEY-IDENTIFIER ::= - {SYNTAX OCTET STRING IDENTIFIED BY 7} - -- SHA-1 hash of DER-encoded subject name - -ReferencedValue {Type} ::= CHOICE { - path Path, - url URL -} (CONSTRAINED BY {-- 'path' or 'url' shall point to an object of - -- type -- Type}) - -URL ::= CHOICE { - url PrintableString, - urlWithDigest [3] SEQUENCE { - url IA5String, - digest DigestInfoWithDefault - } -} - -alg-id-sha1 AlgorithmIdentifier {{DigestAlgorithms}} ::= { - algorithm sha-1, - parameters SHA1Parameters : NULL} - -SHA1Parameters ::= NULL - -DigestInfoWithDefault ::= SEQUENCE { - digestAlg AlgorithmIdentifier {{DigestAlgorithms}} DEFAULT alg-id-sha1, - digest OCTET STRING (SIZE(8..128)) -} - -Path ::= SEQUENCE { - path OCTET STRING, - index INTEGER (0..pkcs15-ub-index) OPTIONAL, - length [0] INTEGER (0..pkcs15-ub-index) OPTIONAL - }( WITH COMPONENTS {..., index PRESENT, length PRESENT}| - WITH COMPONENTS {..., index ABSENT, length ABSENT}) - -ObjectValue { Type } ::= CHOICE { - indirect ReferencedValue {Type}, - direct [0] Type, - indirect-protected [1] ReferencedValue {EnvelopedData {Type}}, - direct-protected [2] EnvelopedData {Type} - }(CONSTRAINED BY {-- if indirection is being used, then it is - -- expected that the reference points either to a (possibly - -- enveloped) object of type -- Type -- or (key case) to a card- - -- specific key file --}) - -PathOrObjects {ObjectType} ::= CHOICE { - path Path, - objects [0] SEQUENCE OF ObjectType, - ..., - indirect-protected [1] ReferencedValue {EnvelopedData {SEQUENCE OF ObjectType}}, - direct-protected [2] EnvelopedData {SEQUENCE OF ObjectType} - } - -CommonObjectAttributes ::= SEQUENCE { - label Label OPTIONAL, - flags CommonObjectFlags OPTIONAL, - authId Identifier OPTIONAL, - ..., - userConsent INTEGER (1..pkcs15-ub-userConsent) OPTIONAL, - accessControlRules SEQUENCE SIZE (1..MAX) OF AccessControlRule OPTIONAL -} (CONSTRAINED BY {-- authId should be present in the IC card case if - -- flags.private is set. It must equal an authID in one AuthRecord - -- in the AODF -- }) - -CommonObjectFlags ::= BIT STRING { - private (0), - modifiable (1) -} - -AccessControlRule ::= SEQUENCE { - accessMode AccessMode, - securityCondition SecurityCondition, - ... -- For future extensions -} - -AccessMode ::= BIT STRING { - read (0), - update (1), - execute (2) -} - -SecurityCondition ::= CHOICE { - authId Identifier, - not [0] SecurityCondition, - and [1] SEQUENCE SIZE (2..pkcs15-ub-securityConditions) - OF SecurityCondition, - or [2] SEQUENCE SIZE (2..pkcs15-ub-securityConditions) - OF SecurityCondition, - ... -- For future extensions -} - -CommonKeyAttributes ::= SEQUENCE { - iD Identifier, - usage KeyUsageFlags, - native BOOLEAN DEFAULT TRUE, - accessFlags KeyAccessFlags OPTIONAL, - keyReference Reference OPTIONAL, - startDate GeneralizedTime OPTIONAL, - endDate [0] GeneralizedTime OPTIONAL, - ... -- For future extensions -} - -KeyUsageFlags ::= BIT STRING { - encrypt (0), - decrypt (1), - sign (2), - signRecover (3), - wrap (4), - unwrap (5), - verify (6), - verifyRecover (7), - derive (8), - nonRepudiation (9) -} - -KeyAccessFlags ::= BIT STRING { - sensitive (0), - extractable (1), - alwaysSensitive (2), - neverExtractable (3), - local (4) -} - -CommonPrivateKeyAttributes ::= SEQUENCE { - subjectName Name OPTIONAL, - keyIdentifiers [0] SEQUENCE OF CredentialIdentifier - {{KeyIdentifiers}} OPTIONAL, - ... -- For future extensions -} - -CommonPublicKeyAttributes ::= SEQUENCE { - subjectName Name OPTIONAL, - ..., - trustedUsage [0] Usage OPTIONAL -} - -CommonSecretKeyAttributes ::= SEQUENCE { - keyLen INTEGER OPTIONAL, -- keylength (in bits) - ... -- For future extensions -} - -KeyInfo {ParameterType, OperationsType} ::= CHOICE { - reference Reference, - paramsAndOps SEQUENCE { - parameters ParameterType, - supportedOperations OperationsType OPTIONAL - } -} - -CommonCertificateAttributes ::= SEQUENCE { - iD Identifier, - authority BOOLEAN DEFAULT FALSE, - identifier CredentialIdentifier {{KeyIdentifiers}} OPTIONAL, - certHash [0] OOBCertHash OPTIONAL, - ..., - trustedUsage [1] Usage OPTIONAL, - identifiers [2] SEQUENCE OF CredentialIdentifier{{KeyIdentifiers}} OPTIONAL, - implicitTrust [3] BOOLEAN DEFAULT FALSE -} - -Usage ::= SEQUENCE { - keyUsage KeyUsage OPTIONAL, - extKeyUsage SEQUENCE SIZE (1..MAX) OF OBJECT IDENTIFIER OPTIONAL - }(WITH COMPONENTS {..., keyUsage PRESENT} | - WITH COMPONENTS {..., extKeyUsage PRESENT}) - -CommonDataObjectAttributes ::= SEQUENCE { - applicationName Label OPTIONAL, - applicationOID OBJECT IDENTIFIER OPTIONAL, - ... -- For future extensions - } (WITH COMPONENTS {..., applicationName PRESENT}| - WITH COMPONENTS {..., applicationOID PRESENT}) - -CommonAuthenticationObjectAttributes ::= SEQUENCE { - authId Identifier, - ... -- For future extensions -} - -PKCS15Object {ClassAttributes, SubClassAttributes, TypeAttributes} - ::= SEQUENCE { - commonObjectAttributes CommonObjectAttributes, - classAttributes ClassAttributes, - subClassAttributes [0] SubClassAttributes OPTIONAL, - typeAttributes [1] TypeAttributes -} - -PKCS15Objects ::= CHOICE { - privateKeys [0] PrivateKeys, - publicKeys [1] PublicKeys, - trustedPublicKeys [2] PublicKeys, - secretKeys [3] SecretKeys, - certificates [4] Certificates, - trustedCertificates [5] Certificates, - usefulCertificates [6] Certificates, - dataObjects [7] DataObjects, - authObjects [8] AuthObjects, - ... -- For future extensions -} - -PrivateKeys ::= PathOrObjects {PrivateKeyType} - -SecretKeys ::= PathOrObjects {SecretKeyType} - -PublicKeys ::= PathOrObjects {PublicKeyType} - -Certificates ::= PathOrObjects {CertificateType} - -DataObjects ::= PathOrObjects {DataType} - -AuthObjects ::= PathOrObjects {AuthenticationType} - -PrivateKeyType ::= CHOICE { - privateRSAKey PrivateKeyObject {PrivateRSAKeyAttributes}, - privateECKey [0] PrivateKeyObject {PrivateECKeyAttributes}, - privateDHKey [1] PrivateKeyObject {PrivateDHKeyAttributes}, - privateDSAKey [2] PrivateKeyObject {PrivateDSAKeyAttributes}, - privateKEAKey [3] PrivateKeyObject {PrivateKEAKeyAttributes}, - ... -- For future extensions -} - -PrivateKeyObject {KeyAttributes} ::= PKCS15Object { - CommonKeyAttributes, CommonPrivateKeyAttributes, KeyAttributes} - -PrivateRSAKeyAttributes ::= SEQUENCE { - value ObjectValue {RSAPrivateKeyObject}, - modulusLength INTEGER, -- modulus length in bits, e.g. 1024 - keyInfo KeyInfo {NULL, PublicKeyOperations} OPTIONAL, - ... -- For future extensions -} - -RSAPrivateKeyObject ::= SEQUENCE { - modulus [0] INTEGER OPTIONAL, -- n - publicExponent [1] INTEGER OPTIONAL, -- e - privateExponent [2] INTEGER OPTIONAL, -- d - prime1 [3] INTEGER OPTIONAL, -- p - prime2 [4] INTEGER OPTIONAL, -- q - exponent1 [5] INTEGER OPTIONAL, -- d mod (p-1) - exponent2 [6] INTEGER OPTIONAL, -- d mod (q-1) - coefficient [7] INTEGER OPTIONAL -- inv(q) mod p -} (CONSTRAINED BY {-- must be possible to reconstruct modulus and - -- privateExponent from selected fields --}) - -PrivateECKeyAttributes ::= SEQUENCE { - value ObjectValue {ECPrivateKey}, - keyInfo KeyInfo {Parameters, PublicKeyOperations} OPTIONAL, - ... -- For future extensions -} - -ECPrivateKey ::= INTEGER - -PrivateDHKeyAttributes ::= SEQUENCE { - value ObjectValue {DHPrivateKey}, - keyInfo KeyInfo {DomainParameters, PublicKeyOperations} OPTIONAL, - ... -- For future extensions -} - -DHPrivateKey ::= INTEGER -- Diffie-Hellman exponent - -PrivateDSAKeyAttributes ::= SEQUENCE { - value ObjectValue {DSAPrivateKey}, - keyInfo KeyInfo {DomainParameters, PublicKeyOperations} OPTIONAL, - ... -- For future extensions -} - -DSAPrivateKey ::= INTEGER - -PrivateKEAKeyAttributes ::= SEQUENCE { - value ObjectValue {KEAPrivateKey}, - keyInfo KeyInfo {DomainParameters, PublicKeyOperations} OPTIONAL, - ... -- For future extensions -} - -KEAPrivateKey ::= INTEGER - -PublicKeyType ::= CHOICE { - publicRSAKey PublicKeyObject {PublicRSAKeyAttributes}, - publicECKey [0] PublicKeyObject {PublicECKeyAttributes}, - publicDHKey [1] PublicKeyObject {PublicDHKeyAttributes}, - publicDSAKey [2] PublicKeyObject {PublicDSAKeyAttributes}, - publicKEAKey [3] PublicKeyObject {PublicKEAKeyAttributes}, - ... -- For future extensions -} - -PublicKeyObject {KeyAttributes} ::= PKCS15Object { - CommonKeyAttributes, CommonPublicKeyAttributes, KeyAttributes} - -PublicRSAKeyAttributes ::= SEQUENCE { - value ObjectValue {RSAPublicKeyChoice}, - modulusLength INTEGER, -- modulus length in bits, e.g. 1024 - keyInfo KeyInfo {NULL, PublicKeyOperations} OPTIONAL, - ... -- For future extensions -} - -RSAPublicKeyChoice ::= CHOICE { - raw RSAPublicKey, - spki [1] SubjectPublicKeyInfo, -- See X.509. Must contain a - -- public RSA key - ... -} - -PublicECKeyAttributes ::= SEQUENCE { - value ObjectValue {ECPublicKeyChoice}, - keyInfo KeyInfo {Parameters, PublicKeyOperations} OPTIONAL, - ... -- For future extensions -} - -ECPublicKeyChoice ::= CHOICE { - raw ECPoint, - spki SubjectPublicKeyInfo, -- See X.509. Must contain a public EC key - ... -} - -PublicDHKeyAttributes ::= SEQUENCE { - value ObjectValue {DHPublicKeyChoice}, - keyInfo KeyInfo {DomainParameters, PublicKeyOperations} OPTIONAL, - ... -- For future extensions -} - -DHPublicKeyChoice ::= CHOICE { - raw DiffieHellmanPublicNumber, - spki SubjectPublicKeyInfo, -- See X.509. Must contain a public D-H key - ... -} - -PublicDSAKeyAttributes ::= SEQUENCE { - value ObjectValue {DSAPublicKeyChoice}, - keyInfo KeyInfo {DomainParameters, PublicKeyOperations} OPTIONAL, - ... -- For future extensions -} - -DSAPublicKeyChoice ::= CHOICE { - raw INTEGER, - spki SubjectPublicKeyInfo, -- See X.509. Must contain a public DSA key. - ... -} - -PublicKEAKeyAttributes ::= SEQUENCE { - value ObjectValue {KEAPublicKeyChoice}, - keyInfo KeyInfo {DomainParameters, PublicKeyOperations} OPTIONAL, - ... -- For future extensions -} - -KEAPublicKeyChoice ::= CHOICE { - raw INTEGER, - spki SubjectPublicKeyInfo, -- See X.509. Must contain a public KEA key - ... -} - -SecretKeyType ::= CHOICE { - genericSecretKey SecretKeyObject {GenericSecretKeyAttributes}, - rc2key [0] SecretKeyObject {GenericSecretKeyAttributes}, - rc4key [1] SecretKeyObject {GenericSecretKeyAttributes}, - desKey [2] SecretKeyObject {GenericSecretKeyAttributes}, - des2Key [3] SecretKeyObject {GenericSecretKeyAttributes}, - des3Key [4] SecretKeyObject {GenericSecretKeyAttributes}, - castKey [5] SecretKeyObject {GenericSecretKeyAttributes}, - cast3Key [6] SecretKeyObject {GenericSecretKeyAttributes}, - cast128Key [7] SecretKeyObject {GenericSecretKeyAttributes}, - rc5Key [8] SecretKeyObject {GenericSecretKeyAttributes}, - ideaKey [9] SecretKeyObject {GenericSecretKeyAttributes}, - skipjackKey [10] SecretKeyObject {GenericSecretKeyAttributes}, - batonKey [11] SecretKeyObject {GenericSecretKeyAttributes}, - juniperKey [12] SecretKeyObject {GenericSecretKeyAttributes}, - rc6Key [13] SecretKeyObject {GenericSecretKeyAttributes}, - otherKey [14] OtherKey, -... -- For future extensions -} - -SecretKeyObject {KeyAttributes} ::= PKCS15Object { - CommonKeyAttributes, CommonSecretKeyAttributes, KeyAttributes} - -OtherKey ::= SEQUENCE { - keyType OBJECT IDENTIFIER, - keyAttr SecretKeyObject {GenericSecretKeyAttributes} -} - -GenericSecretKeyAttributes ::= SEQUENCE { - value ObjectValue { OCTET STRING }, - ... -- For future extensions -} - -CertificateType ::= CHOICE { - x509Certificate CertificateObject { X509CertificateAttributes}, - x509AttributeCertificate [0] CertificateObject - {X509AttributeCertificateAttributes}, - spkiCertificate [1] CertificateObject {SPKICertificateAttributes}, - pgpCertificate [2] CertificateObject {PGPCertificateAttributes}, - wtlsCertificate [3] CertificateObject {WTLSCertificateAttributes}, - x9-68Certificate [4] CertificateObject {X9-68CertificateAttributes}, - ..., - cvCertificate [5] CertificateObject {CVCertificateAttributes} -} - -CertificateObject {CertAttributes} ::= PKCS15Object { - CommonCertificateAttributes, NULL, CertAttributes} - -X509CertificateAttributes ::= SEQUENCE { - value ObjectValue { Certificate }, - subject Name OPTIONAL, - issuer [0] Name OPTIONAL, - serialNumber CertificateSerialNumber OPTIONAL, - ... -- For future extensions -} - -X509AttributeCertificateAttributes ::= SEQUENCE { - value ObjectValue { AttributeCertificate }, - issuer GeneralNames OPTIONAL, - serialNumber CertificateSerialNumber OPTIONAL, - attrTypes [0] SEQUENCE OF OBJECT IDENTIFIER OPTIONAL, - ... -- For future extensions -} - -SPKICertificateAttributes ::= SEQUENCE { - value ObjectValue { PKCS15-OPAQUE.&Type }, - ... -- For future extensions -} - -PGPCertificateAttributes ::= SEQUENCE { - value ObjectValue { PKCS15-OPAQUE.&Type }, - ... -- For future extensions -} - -WTLSCertificateAttributes ::= SEQUENCE { - value ObjectValue { PKCS15-OPAQUE.&Type }, - ... -- For future extensions -} - -X9-68CertificateAttributes ::= SEQUENCE { - value ObjectValue { PKCS15-OPAQUE.&Type }, - ... -- For future extensions -} -CVCertificateAttributes ::= SEQUENCE { - value ObjectValue { PKCS15-OPAQUE.&Type}, - ... -- For future extensions -} - -DataType ::= CHOICE { - opaqueDO DataObject {Opaque}, - externalIDO [0] DataObject {ExternalIDO}, - oidDO [1] DataObject {OidDO}, - ... -- For future extensions -} - -DataObject {DataObjectAttributes} ::= PKCS15Object { - CommonDataObjectAttributes, NULL, DataObjectAttributes} - -Opaque ::= ObjectValue {PKCS15-OPAQUE.&Type} - -ExternalIDO ::= ObjectValue {PKCS15-OPAQUE.&Type} - (CONSTRAINED BY {-- All data objects must be defined in - -- accordance with ISO/IEC 7816-6 --}) - -OidDO ::= SEQUENCE { - id OBJECT IDENTIFIER, - value ObjectValue {PKCS15-OPAQUE.&Type} -} - -AuthenticationType ::= CHOICE { - pin AuthenticationObject { PinAttributes }, - ..., - biometricTemplate [0] AuthenticationObject {BiometricAttributes}, - authKey [1] AuthenticationObject {AuthKeyAttributes}, - external [2] AuthenticationObject {ExternalAuthObjectAttributes} -} - -AuthenticationObject {AuthObjectAttributes} ::= PKCS15Object { - CommonAuthenticationObjectAttributes, NULL, AuthObjectAttributes} - -PinAttributes ::= SEQUENCE { - pinFlags PinFlags, - pinType PinType, - minLength INTEGER (pkcs15-lb-minPinLength..pkcs15-ub-minPinLength), - storedLength INTEGER (0..pkcs15-ub-storedPinLength), - maxLength INTEGER OPTIONAL, - pinReference [0] Reference DEFAULT 0, - padChar OCTET STRING (SIZE(1)) OPTIONAL, - lastPinChange GeneralizedTime OPTIONAL, - path Path OPTIONAL, - ... -- For future extensions -} - -PinFlags ::= BIT STRING { - case-sensitive (0), - local (1), - change-disabled (2), - unblock-disabled (3), - initialized (4), - needs-padding (5), - unblockingPin (6), - soPin (7), - disable-allowed (8), - integrity-protected (9), - confidentiality-protected (10), - exchangeRefData (11) -} (CONSTRAINED BY { -- 'unblockingPin' and 'soPIN' cannot both be set -- }) - -PinType ::= ENUMERATED {bcd, ascii-numeric, utf8, ..., - half-nibble-bcd, iso9564-1} - -BiometricAttributes ::= SEQUENCE { - bioFlags BiometricFlags, - templateId OBJECT IDENTIFIER, - bioType BiometricType, - bioReference Reference DEFAULT 0, - lastChange GeneralizedTime OPTIONAL, - path Path OPTIONAL, -... -- For future extensions -} - -BiometricFlags ::= BIT STRING { - local (1), - change-disabled (2), - unblock-disabled (3), - initialized (4), - disable-allowed (8), - integrity-protected (9), - confidentiality-protected (10) - } -- Note: bits 0, 5, 6, and 7 are reserved for future use - -BiometricType ::= CHOICE { - fingerPrint FingerPrint, - irisScan [0] IrisScan, - -- Possible extensions: - -- voiceScan VoiceScan, - -- faceScan FaceScan, - -- retinaScan Retinascan, - -- handGeometry HandGeometry, - -- writeDynamics WriteDynamics, - -- keyStrokeDynamicsKeyStrokeDynamics, - -- lipDynamics LipDynamics, - ... -- For future extensions -} - -FingerPrint ::= SEQUENCE { - hand ENUMERATED {left, right}, - finger ENUMERATED {thumb, pointerFinger, middleFinger, - ringFinger, littleFinger}, - ... -} - -IrisScan ::= SEQUENCE { - eye ENUMERATED {left, right}, - ... -} - -ExternalAuthObjectAttributes ::= CHOICE { - authKeyAttributes AuthKeyAttributes, - certBasedAttributes [0] CertBasedAuthenticationAttributes, - ... -- For future extensions -} - -AuthKeyAttributes ::= SEQUENCE { - derivedKey BOOLEAN DEFAULT TRUE, - authKeyId Identifier, - ... -- For future extensions -} - -CertBasedAuthenticationAttributes ::= SEQUENCE { - cha OCTET STRING, - ... -} - -TokenInfo ::= SEQUENCE { - version INTEGER {v1(0)} (v1,...), - serialNumber OCTET STRING, - manufacturerID Label OPTIONAL, - label [0] Label OPTIONAL, - tokenflags TokenFlags, - seInfo SEQUENCE OF SecurityEnvironmentInfo OPTIONAL, - recordInfo [1] RecordInfo OPTIONAL, - supportedAlgorithms [2] SEQUENCE OF AlgorithmInfo OPTIONAL, - ..., - issuerId [3] Label OPTIONAL, - holderId [4] Label OPTIONAL, - lastUpdate [5] LastUpdate OPTIONAL, - preferredLanguage PrintableString OPTIONAL -- In accordance with - -- IETF RFC 1766 -} (CONSTRAINED BY { -- Each AlgorithmInfo.reference value must be unique --}) - -TokenFlags ::= BIT STRING { - readonly (0), - loginRequired (1), - prnGeneration (2), - eidCompliant (3) -} - -SecurityEnvironmentInfo ::= SEQUENCE { - se INTEGER (0..pkcs15-ub-seInfo), - owner OBJECT IDENTIFIER, - ... -- For future extensions -} - -RecordInfo ::= SEQUENCE { - oDFRecordLength [0] INTEGER (0..pkcs15-ub-recordLength) OPTIONAL, - prKDFRecordLength [1] INTEGER (0..pkcs15-ub-recordLength) OPTIONAL, - puKDFRecordLength [2] INTEGER (0..pkcs15-ub-recordLength) OPTIONAL, - sKDFRecordLength [3] INTEGER (0..pkcs15-ub-recordLength) OPTIONAL, - cDFRecordLength [4] INTEGER (0..pkcs15-ub-recordLength) OPTIONAL, - dODFRecordLength [5] INTEGER (0..pkcs15-ub-recordLength) OPTIONAL, - aODFRecordLength [6] INTEGER (0..pkcs15-ub-recordLength) OPTIONAL -} - -AlgorithmInfo ::= SEQUENCE { - reference Reference, - algorithm PKCS15-ALGORITHM.&id({AlgorithmSet}), - parameters PKCS15-ALGORITHM.&Parameters({AlgorithmSet}{@algorithm}), - supportedOperations - PKCS15-ALGORITHM.&Operations({AlgorithmSet}{@algorithm}), - algId PKCS15-ALGORITHM.&objectIdentifier({AlgorithmSet}{@algorithm}) - OPTIONAL, - algRef Reference OPTIONAL -} - -PKCS15-ALGORITHM ::= CLASS { - &id INTEGER UNIQUE, - &Parameters, - &Operations Operations, - &objectIdentifier OBJECT IDENTIFIER OPTIONAL -} WITH SYNTAX { - PARAMETERS &Parameters OPERATIONS &Operations ID &id [OID &objectIdentifier]} - -PKCS15-OPAQUE ::= TYPE-IDENTIFIER - -PublicKeyOperations ::= Operations - -Operations ::= BIT STRING { - compute-checksum (0), -- H/W computation of checksum - compute-signature (1), -- H/W computation of signature - verify-checksum (2), -- H/W verification of checksum - verify-signature (3), -- H/W verification of signature - encipher (4), -- H/W encryption of data - decipher (5), -- H/W decryption of data - hash (6), -- H/W hashing - generate-key (7) -- H/W key generation - } - -pkcs15-alg-null PKCS15-ALGORITHM ::= { - PARAMETERS NULL OPERATIONS {{generate-key}} ID -1} - -AlgorithmSet PKCS15-ALGORITHM ::= { - pkcs15-alg-null, - ... -- See PKCS #11 for values for the &id field (and parameters) - } - -LastUpdate ::= CHOICE { - generalizedTime GeneralizedTime, - referencedTime ReferencedValue {GeneralizedTime}, - ... -- For future extensions - } - --- Soft token related types and objects - -EnvelopedData {Type} ::= SEQUENCE { - version INTEGER{v0(0),v1(1),v2(2),v3(3),v4(4)}(v0|v1|v2,...), - originatorInfo [0] OriginatorInfo OPTIONAL, - recipientInfos RecipientInfos, - encryptedContentInfo EncryptedContentInfo{Type}, - unprotectedAttrs [1] SET SIZE (1..MAX) OF Attribute OPTIONAL -} - -EncryptedContentInfo {Type} ::= SEQUENCE { - contentType OBJECT IDENTIFIER, - contentEncryptionAlgorithm AlgorithmIdentifier {{KeyDerivationAlgorithms}}, - encryptedContent [0] OCTET STRING OPTIONAL -}(CONSTRAINED BY {-- 'encryptedContent' shall be the result of - -- encrypting DER-encoded value of type -- Type}) - -PKCS15Token ::= SEQUENCE { - version INTEGER {v1(0)} (v1,...), - keyManagementInfo [0] KeyManagementInfo OPTIONAL, - pkcs15Objects SEQUENCE OF PKCS15Objects -} - -KeyManagementInfo ::= SEQUENCE OF SEQUENCE { - keyId Identifier, - keyInfo CHOICE { - recipientInfo RecipientInfo, - passwordInfo [0] PasswordInfo - } -} (CONSTRAINED BY {-- Each keyID must be unique --}) - -PasswordInfo ::= SEQUENCE { - hint Label OPTIONAL, - algId AlgorithmIdentifier {{KeyDerivationAlgorithms}}, - ... -} (CONSTRAINED BY {--keyID shall point to a KEKRecipientInfo--}) - -KeyDerivationAlgorithms ALGORITHM-IDENTIFIER ::= { - PBKDF2Algorithms, - ... -- For future extensions -} - -CMS3DESwrap ::= NULL - -KeyEncryptionAlgorithms ALGORITHM-IDENTIFIER ::= { - {CMS3DESwrap IDENTIFIED BY id-alg-CMS3DESwrap} | - {INTEGER IDENTIFIED BY id-alg-CMSRC2wrap}, - ... -- For future extensions -} - -DES-IV ::= OCTET STRING (SIZE(8)) - -ContentEncryptionAlgorithms ALGORITHM-IDENTIFIER ::= { - SupportingAlgorithms EXCEPT {NULL IDENTIFIED BY id-hmacWithSHA1}, - ... -- For future extensions -} - -MACAlgorithms ALGORITHM-IDENTIFIER ::= { - {NULL IDENTIFIED BY hMAC-SHA1}, - ... -- For future extensions -} - -DigestAlgorithms ALGORITHM-IDENTIFIER ::= { - {NULL IDENTIFIED BY sha-1}, - ... -- For future extensions -} - --- Misc - -DDO ::= SEQUENCE { - oid OBJECT IDENTIFIER, - odfPath Path OPTIONAL, - tokenInfoPath [0] Path OPTIONAL, - unusedPath [1] Path OPTIONAL, - ... -- For future extensions -} - -DIRRecord ::= [APPLICATION 1] SEQUENCE { - aid [APPLICATION 15] OCTET STRING, - label [APPLICATION 16] UTF8String OPTIONAL, - path [APPLICATION 17] OCTET STRING, - ddo [APPLICATION 19] DDO OPTIONAL -} - -UnusedSpace ::= SEQUENCE { - path Path (WITH COMPONENTS {..., index PRESENT, length PRESENT}), - authId Identifier OPTIONAL, - ..., - accessControlRules SEQUENCE OF AccessControlRule OPTIONAL -} - -END diff --git a/lib/public_key/asn1/PKCS-7.asn1 b/lib/public_key/asn1/PKCS-7.asn1 index 3af6449f58..f80954398e 100644 --- a/lib/public_key/asn1/PKCS-7.asn1 +++ b/lib/public_key/asn1/PKCS-7.asn1 @@ -20,15 +20,52 @@ informationFramework, authenticationFramework FROM InformationFramework informationFramework ALGORITHM, Certificate, CertificateSerialNumber, - CertificateList - FROM AuthenticationFramework authenticationFramework + CertificateList, Time + FROM AuthenticationFramework authenticationFramework; - contentType, messageDigest, signingTime, counterSignature - FROM PKCS-9 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) - pkcs-9(9) modules(0) pkcs-9(1)}; +-- contentType, messageDigest, signingTime +-- , counterSignature +-- FROM PKCS-9 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) +-- pkcs-9(9) modules(0) pkcs-9(1)}; -- -- 6. Useful types -- +pkcs-9 OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) + rsadsi(113549) pkcs(1) 9} +contentType ATTRIBUTE ::= { + WITH SYNTAX ContentType +-- EQUALITY MATCHING RULE objectIdentifierMatch + SINGLE VALUE TRUE + ID pkcs-9-at-contentType +} + +pkcs-9-at-contentType OBJECT IDENTIFIER ::= {pkcs-9 3} +pkcs-9-at-messageDigest OBJECT IDENTIFIER ::= {pkcs-9 4} +pkcs-9-at-signingTime OBJECT IDENTIFIER ::= {pkcs-9 5} +pkcs-9-at-counterSignature OBJECT IDENTIFIER ::= {pkcs-9 6} + +counterSignature ATTRIBUTE ::= { + WITH SYNTAX SignerInfo + ID pkcs-9-at-counterSignature +} +messageDigest ATTRIBUTE ::= { + WITH SYNTAX MessageDigest +-- EQUALITY MATCHING RULE octetStringMatch + SINGLE VALUE TRUE + ID pkcs-9-at-messageDigest +} + +MessageDigest ::= OCTET STRING + +signingTime ATTRIBUTE ::= { + WITH SYNTAX SigningTime +-- EQUALITY MATCHING RULE signingTimeMatch + SINGLE VALUE TRUE + ID pkcs-9-at-signingTime +} + +SigningTime ::= Time -- imported from ISO/IEC 9594-8 + -- Also defined in X.509 -- Redeclared here as a parameterized type @@ -101,7 +138,8 @@ KeyEncryptionAlgorithms ALGORITHM ::= { -- ContentInfo ::= SEQUENCE { - contentType ContentType, +-- contentType ContentType, + contentType CONTENTS.&id({Contents}), content [0] EXPLICIT CONTENTS.&Type({Contents}{@contentType}) OPTIONAL } @@ -131,7 +169,8 @@ Data ::= OCTET STRING -- SignedData ::= SEQUENCE { - version INTEGER {sdVer1(1), sdVer2(2)} (sdVer1 | sdVer2), +-- version INTEGER {sdVer1(1), sdVer2(2)} (sdVer1 | sdVer2), + version INTEGER {sdVer1(1), sdVer2(2)}, digestAlgorithms DigestAlgorithmIdentifiers, contentInfo ContentInfo, @@ -168,7 +207,8 @@ DigestAlgorithmIdentifiers ::= CHOICE { } SignerInfo ::= SEQUENCE { - version INTEGER {siVer1(1), siVer2(2)} (siVer1 | siVer2), +-- version INTEGER {siVer1(1), siVer2(2)} (siVer1 | siVer2), + version INTEGER {siVer1(1), siVer2(2)}, issuerAndSerialNumber IssuerAndSerialNumber, digestAlgorithm DigestAlgorithmIdentifier, @@ -201,8 +241,12 @@ Authenticated ATTRIBUTE ::= { } Unauthenticated ATTRIBUTE ::= { + contentType | + messageDigest, ..., -- add application-specific attributes here counterSignature +-- ..., add application-specific attributes here +-- counterSignature } EncryptedDigest ::= OCTET STRING @@ -219,7 +263,8 @@ Digest ::= OCTET STRING -- EnvelopedData ::= SEQUENCE { - version INTEGER {edVer0(0), edVer1(1)} (edVer0 | edVer1), +-- version INTEGER {edVer0(0), edVer1(1)} (edVer0 | edVer1), + version INTEGER {edVer0(0), edVer1(1)}, recipientInfos RecipientInfos, encryptedContentInfo EncryptedContentInfo @@ -245,7 +290,8 @@ EncryptedContentInfo ::= SEQUENCE { EncryptedContent ::= OCTET STRING RecipientInfo ::= SEQUENCE { - version INTEGER {riVer0(0)} (riVer0), +-- version INTEGER {riVer0(0)} (riVer0), + version INTEGER {riVer0(0)}, issuerAndSerialNumber IssuerAndSerialNumber, keyEncryptionAlgorithm @@ -260,7 +306,8 @@ EncryptedKey ::= OCTET STRING -- SignedAndEnvelopedData ::= SEQUENCE { - version INTEGER {seVer1(1), seVer2(2)} (seVer1 | seVer2), +-- version INTEGER {seVer1(1), seVer2(2)} (seVer1 | seVer2), + version INTEGER {seVer1(1), seVer2(2)}, recipientInfos RecipientInfos, digestAlgorithms DigestAlgorithmIdentifiers, @@ -292,10 +339,11 @@ SignedAndEnvelopedData ::= SEQUENCE { -- -- 12. Digested-data content type --- +--pbeWithSHAAnd3-KeyTripleDES-CBC DigestedData ::= SEQUENCE { - version INTEGER {ddVer0(0)} (ddVer0), +-- version INTEGER {ddVer0(0)} (ddVer0), + version INTEGER {ddVer0(0)}, digestAlgorithm DigestAlgorithmIdentifier, contentInfo ContentInfo, digest Digest @@ -306,7 +354,8 @@ DigestedData ::= SEQUENCE { -- EncryptedData ::= SEQUENCE { - version INTEGER {edVer0(0)} (edVer0), +-- version INTEGER {edVer0(0)} (edVer0), + version INTEGER {edVer0(0)}, encryptedContentInfo EncryptedContentInfo } diff --git a/lib/public_key/asn1/PKCS-9.asn1 b/lib/public_key/asn1/PKCS-9.asn1 deleted file mode 100644 index 9196251ccb..0000000000 --- a/lib/public_key/asn1/PKCS-9.asn1 +++ /dev/null @@ -1,390 +0,0 @@ -PKCS-9 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) -pkcs-9(9) modules(0) pkcs-9(1)} - --- $Revision$ - -DEFINITIONS IMPLICIT TAGS ::= - -BEGIN - --- EXPORTS All -- --- All types and values defined in this module is exported for use in --- other ASN.1 modules. - -IMPORTS - -informationFramework, authenticationFramework, selectedAttributeTypes, - upperBounds , id-at - FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) - usefulDefinitions(0) 3} - -ub-name - FROM UpperBounds upperBounds - -OBJECT-CLASS, ATTRIBUTE, MATCHING-RULE, Attribute, top, objectIdentifierMatch - FROM InformationFramework informationFramework - -ALGORITHM, Extensions, Time - FROM AuthenticationFramework authenticationFramework - -DirectoryString, octetStringMatch, caseIgnoreMatch, caseExactMatch, - generalizedTimeMatch, integerMatch, serialNumber - FROM SelectedAttributeTypes selectedAttributeTypes - -ContentInfo, SignerInfo - FROM CryptographicMessageSyntax {iso(1) member-body(2) us(840) - rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1)} - -EncryptedPrivateKeyInfo - FROM PKCS-8 {iso(1) member-body(2) us(840) rsadsi(113549) - pkcs(1) pkcs-8(8) modules(1) pkcs-8(1)} - -PFX - FROM PKCS-12 {iso(1) member-body(2) us(840) rsadsi(113549) - pkcs(1) pkcs-12(12) modules(0) pkcs-12(1)} - -PKCS15Token - FROM PKCS-15 {iso(1) member-body(2) us(840) rsadsi(113549) - pkcs(1) pkcs-15(15) modules(1) pkcs-15(1)}; - --- Upper bounds -pkcs-9-ub-pkcs9String INTEGER ::= 255 -pkcs-9-ub-emailAddress INTEGER ::= pkcs-9-ub-pkcs9String -pkcs-9-ub-unstructuredName INTEGER ::= pkcs-9-ub-pkcs9String -pkcs-9-ub-unstructuredAddress INTEGER ::= pkcs-9-ub-pkcs9String -pkcs-9-ub-challengePassword INTEGER ::= pkcs-9-ub-pkcs9String -pkcs-9-ub-friendlyName INTEGER ::= pkcs-9-ub-pkcs9String -pkcs-9-ub-signingDescription INTEGER ::= pkcs-9-ub-pkcs9String -pkcs-9-ub-match INTEGER ::= pkcs-9-ub-pkcs9String -pkcs-9-ub-pseudonym INTEGER ::= ub-name -pkcs-9-ub-placeOfBirth INTEGER ::= ub-name - --- Object Identifiers - -pkcs-9 OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) - rsadsi(113549) pkcs(1) 9} - - -- Main arcs -pkcs-9-mo OBJECT IDENTIFIER ::= {pkcs-9 0} -- Modules branch -pkcs-9-oc OBJECT IDENTIFIER ::= {pkcs-9 24} -- Object class branch -pkcs-9-at OBJECT IDENTIFIER ::= {pkcs-9 25} -- Attribute branch, for new attributes -pkcs-9-sx OBJECT IDENTIFIER ::= {pkcs-9 26} -- For syntaxes (RFC 2252) -pkcs-9-mr OBJECT IDENTIFIER ::= {pkcs-9 27} -- Matching rules - - -- Object classes -pkcs-9-oc-pkcsEntity OBJECT IDENTIFIER ::= {pkcs-9-oc 1} -pkcs-9-oc-naturalPerson OBJECT IDENTIFIER ::= {pkcs-9-oc 2} - - -- Attributes -pkcs-9-at-emailAddress OBJECT IDENTIFIER ::= {pkcs-9 1} -pkcs-9-at-unstructuredName OBJECT IDENTIFIER ::= {pkcs-9 2} -pkcs-9-at-contentType OBJECT IDENTIFIER ::= {pkcs-9 3} -pkcs-9-at-messageDigest OBJECT IDENTIFIER ::= {pkcs-9 4} -pkcs-9-at-signingTime OBJECT IDENTIFIER ::= {pkcs-9 5} -pkcs-9-at-counterSignature OBJECT IDENTIFIER ::= {pkcs-9 6} -pkcs-9-at-challengePassword OBJECT IDENTIFIER ::= {pkcs-9 7} -pkcs-9-at-unstructuredAddress OBJECT IDENTIFIER ::= {pkcs-9 8} -pkcs-9-at-extendedCertificateAttributes OBJECT IDENTIFIER ::= {pkcs-9 9} - --- Obsolete (?) attribute identifiers, purportedly from "tentative --- PKCS #9 draft" --- pkcs-9-at-issuerAndSerialNumber OBJECT IDENTIFIER ::= {pkcs-9 10} --- pkcs-9-at-passwordCheck OBJECT IDENTIFIER ::= {pkcs-9 11} --- pkcs-9-at-publicKey OBJECT IDENTIFIER ::= {pkcs-9 12} - -pkcs-9-at-signingDescription OBJECT IDENTIFIER ::= {pkcs-9 13} -pkcs-9-at-extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14} -pkcs-9-at-smimeCapabilities OBJECT IDENTIFIER ::= {pkcs-9 15} - --- Unused (?) --- pkcs-9-at-? OBJECT IDENTIFIER ::= {pkcs-9 17} --- pkcs-9-at-? OBJECT IDENTIFIER ::= {pkcs-9 18} --- pkcs-9-at-? OBJECT IDENTIFIER ::= {pkcs-9 19} - -pkcs-9-at-friendlyName OBJECT IDENTIFIER ::= {pkcs-9 20} -pkcs-9-at-localKeyId OBJECT IDENTIFIER ::= {pkcs-9 21} -pkcs-9-at-userPKCS12 OBJECT IDENTIFIER ::= {2 16 840 1 113730 3 1 216} -pkcs-9-at-pkcs15Token OBJECT IDENTIFIER ::= {pkcs-9-at 1} -pkcs-9-at-encryptedPrivateKeyInfo OBJECT IDENTIFIER ::= {pkcs-9-at 2} -pkcs-9-at-randomNonce OBJECT IDENTIFIER ::= {pkcs-9-at 3} -pkcs-9-at-sequenceNumber OBJECT IDENTIFIER ::= {pkcs-9-at 4} -pkcs-9-at-pkcs7PDU OBJECT IDENTIFIER ::= {pkcs-9-at 5} - - -- IETF PKIX Attribute branch -ietf-at OBJECT IDENTIFIER ::= {1 3 6 1 5 5 7 9} - -pkcs-9-at-dateOfBirth OBJECT IDENTIFIER ::= {ietf-at 1} -pkcs-9-at-placeOfBirth OBJECT IDENTIFIER ::= {ietf-at 2} -pkcs-9-at-gender OBJECT IDENTIFIER ::= {ietf-at 3} -pkcs-9-at-countryOfCitizenship OBJECT IDENTIFIER ::= {ietf-at 4} -pkcs-9-at-countryOfResidence OBJECT IDENTIFIER ::= {ietf-at 5} - - -- Syntaxes (for use with LDAP accessible directories) -pkcs-9-sx-pkcs9String OBJECT IDENTIFIER ::= {pkcs-9-sx 1} -pkcs-9-sx-signingTime OBJECT IDENTIFIER ::= {pkcs-9-sx 2} - - -- Matching rules -pkcs-9-mr-caseIgnoreMatch OBJECT IDENTIFIER ::= {pkcs-9-mr 1} -pkcs-9-mr-signingTimeMatch OBJECT IDENTIFIER ::= {pkcs-9-mr 2} - - -- Arcs with attributes defined elsewhere -smime OBJECT IDENTIFIER ::= {pkcs-9 16} - -- Main arc for S/MIME (RFC 2633) -certTypes OBJECT IDENTIFIER ::= {pkcs-9 22} - -- Main arc for certificate types defined in PKCS #12 -crlTypes OBJECT IDENTIFIER ::= {pkcs-9 23} - -- Main arc for crl types defined in PKCS #12 - - -- Other object identifiers -id-at-pseudonym OBJECT IDENTIFIER ::= {id-at 65} - --- Useful types - -PKCS9String {INTEGER : maxSize} ::= CHOICE { - ia5String IA5String (SIZE(1..maxSize)), - directoryString DirectoryString {maxSize} -} - --- Object classes - -pkcsEntity OBJECT-CLASS ::= { - SUBCLASS OF { top } - KIND auxiliary - MAY CONTAIN { PKCSEntityAttributeSet } - ID pkcs-9-oc-pkcsEntity -} - -naturalPerson OBJECT-CLASS ::= { - SUBCLASS OF { top } - KIND auxiliary - MAY CONTAIN { NaturalPersonAttributeSet } - ID pkcs-9-oc-naturalPerson -} - --- Attribute sets - -PKCSEntityAttributeSet ATTRIBUTE ::= { - pKCS7PDU | - userPKCS12 | - pKCS15Token | - encryptedPrivateKeyInfo, - ... -- For future extensions -} - -NaturalPersonAttributeSet ATTRIBUTE ::= { - emailAddress | - unstructuredName | - unstructuredAddress | - dateOfBirth | - placeOfBirth | - gender | - countryOfCitizenship | - countryOfResidence | - pseudonym | - serialNumber, - ... -- For future extensions -} - --- Attributes - -pKCS7PDU ATTRIBUTE ::= { - WITH SYNTAX ContentInfo - ID pkcs-9-at-pkcs7PDU -} - -userPKCS12 ATTRIBUTE ::= { - WITH SYNTAX PFX - ID pkcs-9-at-userPKCS12 -} - -pKCS15Token ATTRIBUTE ::= { - WITH SYNTAX PKCS15Token - ID pkcs-9-at-pkcs15Token -} - -encryptedPrivateKeyInfo ATTRIBUTE ::= { - WITH SYNTAX EncryptedPrivateKeyInfo - ID pkcs-9-at-encryptedPrivateKeyInfo -} - -emailAddress ATTRIBUTE ::= { - WITH SYNTAX IA5String (SIZE(1..pkcs-9-ub-emailAddress)) - EQUALITY MATCHING RULE pkcs9CaseIgnoreMatch - ID pkcs-9-at-emailAddress -} - -unstructuredName ATTRIBUTE ::= { - WITH SYNTAX PKCS9String {pkcs-9-ub-unstructuredName} - EQUALITY MATCHING RULE pkcs9CaseIgnoreMatch - ID pkcs-9-at-unstructuredName -} - -unstructuredAddress ATTRIBUTE ::= { - WITH SYNTAX DirectoryString {pkcs-9-ub-unstructuredAddress} - EQUALITY MATCHING RULE caseIgnoreMatch - ID pkcs-9-at-unstructuredAddress -} - -dateOfBirth ATTRIBUTE ::= { - WITH SYNTAX GeneralizedTime - EQUALITY MATCHING RULE generalizedTimeMatch - SINGLE VALUE TRUE - ID pkcs-9-at-dateOfBirth -} - -placeOfBirth ATTRIBUTE ::= { - WITH SYNTAX DirectoryString {pkcs-9-ub-placeOfBirth} - EQUALITY MATCHING RULE caseExactMatch - SINGLE VALUE TRUE - ID pkcs-9-at-placeOfBirth -} - -gender ATTRIBUTE ::= { - WITH SYNTAX PrintableString (SIZE(1) ^ FROM ("M" | "F" | "m" | "f")) - EQUALITY MATCHING RULE caseIgnoreMatch - SINGLE VALUE TRUE - ID pkcs-9-at-gender -} - -countryOfCitizenship ATTRIBUTE ::= { - WITH SYNTAX PrintableString (SIZE(2))(CONSTRAINED BY { - -- Must be a two-letter country acronym in accordance with - -- ISO/IEC 3166 --}) - EQUALITY MATCHING RULE caseIgnoreMatch - ID pkcs-9-at-countryOfCitizenship -} - -countryOfResidence ATTRIBUTE ::= { - WITH SYNTAX PrintableString (SIZE(2))(CONSTRAINED BY { - -- Must be a two-letter country acronym in accordance with - -- ISO/IEC 3166 --}) - EQUALITY MATCHING RULE caseIgnoreMatch - ID pkcs-9-at-countryOfResidence -} - -pseudonym ATTRIBUTE ::= { - WITH SYNTAX DirectoryString {pkcs-9-ub-pseudonym} - EQUALITY MATCHING RULE caseExactMatch - ID id-at-pseudonym -} - -contentType ATTRIBUTE ::= { - WITH SYNTAX ContentType - EQUALITY MATCHING RULE objectIdentifierMatch - SINGLE VALUE TRUE - ID pkcs-9-at-contentType -} - -ContentType ::= OBJECT IDENTIFIER - -messageDigest ATTRIBUTE ::= { - WITH SYNTAX MessageDigest - EQUALITY MATCHING RULE octetStringMatch - SINGLE VALUE TRUE - ID pkcs-9-at-messageDigest -} - -MessageDigest ::= OCTET STRING - -signingTime ATTRIBUTE ::= { - WITH SYNTAX SigningTime - EQUALITY MATCHING RULE signingTimeMatch - SINGLE VALUE TRUE - ID pkcs-9-at-signingTime -} - -SigningTime ::= Time -- imported from ISO/IEC 9594-8 - -randomNonce ATTRIBUTE ::= { - WITH SYNTAX RandomNonce - EQUALITY MATCHING RULE octetStringMatch - SINGLE VALUE TRUE - ID pkcs-9-at-randomNonce -} - -RandomNonce ::= OCTET STRING (SIZE(4..MAX)) -- At least four bytes long - -sequenceNumber ATTRIBUTE ::= { - WITH SYNTAX SequenceNumber - EQUALITY MATCHING RULE integerMatch - SINGLE VALUE TRUE - ID pkcs-9-at-sequenceNumber -} - -SequenceNumber ::= INTEGER (1..MAX) - -counterSignature ATTRIBUTE ::= { - WITH SYNTAX SignerInfo - ID pkcs-9-at-counterSignature -} - -challengePassword ATTRIBUTE ::= { - WITH SYNTAX DirectoryString {pkcs-9-ub-challengePassword} - EQUALITY MATCHING RULE caseExactMatch - SINGLE VALUE TRUE - ID pkcs-9-at-challengePassword -} - -extensionRequest ATTRIBUTE ::= { - WITH SYNTAX ExtensionRequest - SINGLE VALUE TRUE - ID pkcs-9-at-extensionRequest -} - -ExtensionRequest ::= Extensions - -extendedCertificateAttributes ATTRIBUTE ::= { - WITH SYNTAX SET OF Attribute - SINGLE VALUE TRUE - ID pkcs-9-at-extendedCertificateAttributes -} - -friendlyName ATTRIBUTE ::= { - WITH SYNTAX BMPString (SIZE(1..pkcs-9-ub-friendlyName)) - EQUALITY MATCHING RULE caseIgnoreMatch - SINGLE VALUE TRUE - ID pkcs-9-at-friendlyName -} - -localKeyId ATTRIBUTE ::= { - WITH SYNTAX OCTET STRING - EQUALITY MATCHING RULE octetStringMatch - SINGLE VALUE TRUE - ID pkcs-9-at-localKeyId -} - -signingDescription ATTRIBUTE ::= { - WITH SYNTAX DirectoryString {pkcs-9-ub-signingDescription} - EQUALITY MATCHING RULE caseIgnoreMatch - SINGLE VALUE TRUE - ID pkcs-9-at-signingDescription -} - -smimeCapabilities ATTRIBUTE ::= { - WITH SYNTAX SMIMECapabilities - SINGLE VALUE TRUE - ID pkcs-9-at-smimeCapabilities -} - -SMIMECapabilities ::= SEQUENCE OF SMIMECapability - -SMIMECapability ::= SEQUENCE { - algorithm ALGORITHM.&id ({SMIMEv3Algorithms}), - parameters ALGORITHM.&Type ({SMIMEv3Algorithms}{@algorithm}) -} - -SMIMEv3Algorithms ALGORITHM ::= {...-- See RFC 2633 --} - - -- Matching rules - -pkcs9CaseIgnoreMatch MATCHING-RULE ::= { - SYNTAX PKCS9String {pkcs-9-ub-match} - ID pkcs-9-mr-caseIgnoreMatch -} - -signingTimeMatch MATCHING-RULE ::= { - SYNTAX SigningTime - ID pkcs-9-mr-signingTimeMatch -} - -END diff --git a/lib/public_key/asn1/PKCS-FRAME.set.asn b/lib/public_key/asn1/PKCS-FRAME.set.asn index 00219bccba..343afedd76 100644 --- a/lib/public_key/asn1/PKCS-FRAME.set.asn +++ b/lib/public_key/asn1/PKCS-FRAME.set.asn @@ -1,4 +1,3 @@ PKCS-8.asn1 PKCS-7.asn1 -PKCS-9.asn1 PKCS5v2-0.asn1 diff --git a/lib/public_key/asn1/UpperBounds.asn1 b/lib/public_key/asn1/UpperBounds.asn1 deleted file mode 100644 index 71c2a7ba7a..0000000000 --- a/lib/public_key/asn1/UpperBounds.asn1 +++ /dev/null @@ -1,88 +0,0 @@ -UpperBounds {joint-iso-itu-t ds(5) module(1) upperBounds(10) 5} DEFINITIONS ::= -BEGIN - --- EXPORTS All --- The types and values defined in this module are exported for use in the other ASN.1 modules contained --- within the Directory Specifications, and for the use of other applications which will use them to access --- Directory services. Other applications may use them for their own purposes, but this will not constrain --- extensions and modifications needed to maintain or improve the Directory service. -ub-answerback INTEGER ::= - 8 - -ub-business-category INTEGER ::= 128 - -ub-common-name INTEGER ::= 64 - -ub-content INTEGER ::= 32768 - -ub-country-code INTEGER ::= 4 - -ub-description INTEGER ::= 1024 - -ub-destination-indicator INTEGER ::= 128 - -ub-directory-string-first-component-match INTEGER ::= 32768 - -ub-domainLocalID INTEGER ::= 64 - -ub-international-isdn-number INTEGER ::= 16 - -ub-knowledge-information INTEGER ::= 32768 - -ub-labeledURI INTEGER ::= 32768 - -ub-localeContextSyntax INTEGER ::= 128 - -ub-locality-name INTEGER ::= 128 - -ub-match INTEGER ::= 128 - -ub-name INTEGER ::= 64 - -ub-organization-name INTEGER ::= 64 - -ub-organizational-unit-name INTEGER ::= 64 - -ub-physical-office-name INTEGER ::= 128 - -ub-post-office-box INTEGER ::= 40 - -ub-postal-code INTEGER ::= 40 - -ub-postal-line INTEGER ::= 6 - -ub-postal-string INTEGER ::= 30 - -ub-privacy-mark-length INTEGER ::= 128 - -ub-pseudonym INTEGER ::= 128 - -ub-saslMechanism INTEGER ::= 64 - -ub-schema INTEGER ::= 1024 - -ub-search INTEGER ::= 32768 - -ub-serial-number INTEGER ::= 64 - -ub-state-name INTEGER ::= 128 - -ub-street-address INTEGER ::= 128 - -ub-surname INTEGER ::= 64 - -ub-tag INTEGER ::= 64 - -ub-telephone-number INTEGER ::= 32 - -ub-teletex-terminal-id INTEGER ::= 1024 - -ub-telex-number INTEGER ::= 14 - -ub-title INTEGER ::= 64 - -ub-user-password INTEGER ::= 128 - -ub-x121-address INTEGER ::= 15 - -END -- UpperBounds |