| blob | 62de3ef0ad58a90bd70dc09d927108a11ce0e9f5 |
1 -- $Id: rfc2459.asn1,v 1.2 2008/03/22 08:37:04 mlelstv Exp $ --
2 -- Definitions from rfc2459/rfc3280
4 RFC2459 DEFINITIONS ::= BEGIN
6 IMPORTS heim_any FROM heim;
8 Version ::= INTEGER {
9 rfc3280_version_1(0),
10 rfc3280_version_2(1),
11 rfc3280_version_3(2)
12 }
14 id-pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
15 rsadsi(113549) pkcs(1) 1 }
16 id-pkcs1-rsaEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 1 }
17 id-pkcs1-md2WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 2 }
18 id-pkcs1-md5WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 4 }
19 id-pkcs1-sha1WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 5 }
20 id-pkcs1-sha256WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 11 }
21 id-pkcs1-sha384WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 12 }
22 id-pkcs1-sha512WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 13 }
24 id-heim-rsa-pkcs1-x509 OBJECT IDENTIFIER ::= { 1 2 752 43 16 1 }
26 id-pkcs-2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
27 rsadsi(113549) pkcs(1) 2 }
28 id-pkcs2-md2 OBJECT IDENTIFIER ::= { id-pkcs-2 2 }
29 id-pkcs2-md4 OBJECT IDENTIFIER ::= { id-pkcs-2 4 }
30 id-pkcs2-md5 OBJECT IDENTIFIER ::= { id-pkcs-2 5 }
32 id-rsa-digestAlgorithm OBJECT IDENTIFIER ::=
33 { iso(1) member-body(2) us(840) rsadsi(113549) 2 }
35 id-rsa-digest-md2 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 2 }
36 id-rsa-digest-md4 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 4 }
37 id-rsa-digest-md5 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 5 }
39 id-pkcs-3 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
40 rsadsi(113549) pkcs(1) 3 }
42 id-pkcs3-rc2-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 2 }
43 id-pkcs3-rc4 OBJECT IDENTIFIER ::= { id-pkcs-3 4 }
44 id-pkcs3-des-ede3-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 7 }
46 id-rsadsi-encalg OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
47 rsadsi(113549) 3 }
49 id-rsadsi-rc2-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 2 }
50 id-rsadsi-des-ede3-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 7 }
52 id-secsig-sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
53 oiw(14) secsig(3) algorithm(2) 26 }
55 id-nistAlgorithm OBJECT IDENTIFIER ::= {
56 joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) 4 }
58 id-nist-aes-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 1 }
60 id-aes-128-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 2 }
61 id-aes-192-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 22 }
62 id-aes-256-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 42 }
64 id-nist-sha-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 2 }
66 id-sha256 OBJECT IDENTIFIER ::= { id-nist-sha-algs 1 }
67 id-sha224 OBJECT IDENTIFIER ::= { id-nist-sha-algs 4 }
68 id-sha384 OBJECT IDENTIFIER ::= { id-nist-sha-algs 2 }
69 id-sha512 OBJECT IDENTIFIER ::= { id-nist-sha-algs 3 }
71 id-dhpublicnumber OBJECT IDENTIFIER ::= {
72 iso(1) member-body(2) us(840) ansi-x942(10046)
73 number-type(2) 1 }
75 id-x9-57 OBJECT IDENTIFIER ::= {
76 iso(1) member-body(2) us(840) ansi-x942(10046)
77 4 }
79 id-dsa OBJECT IDENTIFIER ::= { id-x9-57 1 }
80 id-dsa-with-sha1 OBJECT IDENTIFIER ::= { id-x9-57 3 }
82 -- x.520 names types
84 id-x520-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 }
86 id-at-commonName OBJECT IDENTIFIER ::= { id-x520-at 3 }
87 id-at-surname OBJECT IDENTIFIER ::= { id-x520-at 4 }
88 id-at-serialNumber OBJECT IDENTIFIER ::= { id-x520-at 5 }
89 id-at-countryName OBJECT IDENTIFIER ::= { id-x520-at 6 }
90 id-at-localityName OBJECT IDENTIFIER ::= { id-x520-at 7 }
91 id-at-stateOrProvinceName OBJECT IDENTIFIER ::= { id-x520-at 8 }
92 id-at-streetAddress OBJECT IDENTIFIER ::= { id-x520-at 9 }
93 id-at-organizationName OBJECT IDENTIFIER ::= { id-x520-at 10 }
94 id-at-organizationalUnitName OBJECT IDENTIFIER ::= { id-x520-at 11 }
95 id-at-name OBJECT IDENTIFIER ::= { id-x520-at 41 }
96 id-at-givenName OBJECT IDENTIFIER ::= { id-x520-at 42 }
97 id-at-initials OBJECT IDENTIFIER ::= { id-x520-at 43 }
98 id-at-generationQualifier OBJECT IDENTIFIER ::= { id-x520-at 44 }
99 id-at-pseudonym OBJECT IDENTIFIER ::= { id-x520-at 65 }
100 -- RFC 2247
101 id-Userid OBJECT IDENTIFIER ::=
102 { 0 9 2342 19200300 100 1 1 }
103 id-domainComponent OBJECT IDENTIFIER ::=
104 { 0 9 2342 19200300 100 1 25 }
107 -- rfc3280
109 id-x509-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29}
111 AlgorithmIdentifier ::= SEQUENCE {
112 algorithm OBJECT IDENTIFIER,
113 parameters heim_any OPTIONAL
114 }
116 AttributeType ::= OBJECT IDENTIFIER
118 AttributeValue ::= heim_any
120 TeletexStringx ::= [UNIVERSAL 20] IMPLICIT OCTET STRING
122 DirectoryString ::= CHOICE {
123 ia5String IA5String,
124 teletexString TeletexStringx,
125 printableString PrintableString,
126 universalString UniversalString,
127 utf8String UTF8String,
128 bmpString BMPString
129 }
131 Attribute ::= SEQUENCE {
132 type AttributeType,
133 value SET OF -- AttributeValue -- heim_any
134 }
136 AttributeTypeAndValue ::= SEQUENCE {
137 type AttributeType,
138 value DirectoryString
139 }
141 RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
143 RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
145 Name ::= CHOICE {
146 rdnSequence RDNSequence
147 }
149 CertificateSerialNumber ::= INTEGER
151 Time ::= CHOICE {
152 utcTime UTCTime,
153 generalTime GeneralizedTime
154 }
156 Validity ::= SEQUENCE {
157 notBefore Time,
158 notAfter Time
159 }
161 UniqueIdentifier ::= BIT STRING
163 SubjectPublicKeyInfo ::= SEQUENCE {
164 algorithm AlgorithmIdentifier,
165 subjectPublicKey BIT STRING
166 }
168 Extension ::= SEQUENCE {
169 extnID OBJECT IDENTIFIER,
170 critical BOOLEAN OPTIONAL, -- DEFAULT FALSE XXX
171 extnValue OCTET STRING
172 }
174 Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
176 TBSCertificate ::= SEQUENCE {
177 version [0] Version OPTIONAL, -- EXPLICIT nnn DEFAULT 1,
178 serialNumber CertificateSerialNumber,
179 signature AlgorithmIdentifier,
180 issuer Name,
181 validity Validity,
182 subject Name,
183 subjectPublicKeyInfo SubjectPublicKeyInfo,
184 issuerUniqueID [1] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
185 -- If present, version shall be v2 or v3
186 subjectUniqueID [2] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
187 -- If present, version shall be v2 or v3
188 extensions [3] EXPLICIT Extensions OPTIONAL
189 -- If present, version shall be v3
190 }
192 Certificate ::= SEQUENCE {
193 tbsCertificate TBSCertificate,
194 signatureAlgorithm AlgorithmIdentifier,
195 signatureValue BIT STRING
196 }
198 Certificates ::= SEQUENCE OF Certificate
200 ValidationParms ::= SEQUENCE {
201 seed BIT STRING,
202 pgenCounter INTEGER
203 }
205 DomainParameters ::= SEQUENCE {
206 p INTEGER, -- odd prime, p=jq +1
207 g INTEGER, -- generator, g
208 q INTEGER, -- factor of p-1
209 j INTEGER OPTIONAL, -- subgroup factor
210 validationParms ValidationParms OPTIONAL -- ValidationParms
211 }
213 DHPublicKey ::= INTEGER
215 OtherName ::= SEQUENCE {
216 type-id OBJECT IDENTIFIER,
217 value [0] EXPLICIT heim_any
218 }
220 GeneralName ::= CHOICE {
221 otherName [0] IMPLICIT -- OtherName -- SEQUENCE {
222 type-id OBJECT IDENTIFIER,
223 value [0] EXPLICIT heim_any
224 },
225 rfc822Name [1] IMPLICIT IA5String,
226 dNSName [2] IMPLICIT IA5String,
227 -- x400Address [3] IMPLICIT ORAddress,--
228 directoryName [4] IMPLICIT -- Name -- CHOICE {
229 rdnSequence RDNSequence
230 },
231 -- ediPartyName [5] IMPLICIT EDIPartyName, --
232 uniformResourceIdentifier [6] IMPLICIT IA5String,
233 iPAddress [7] IMPLICIT OCTET STRING,
234 registeredID [8] IMPLICIT OBJECT IDENTIFIER
235 }
237 GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
239 id-x509-ce-keyUsage OBJECT IDENTIFIER ::= { id-x509-ce 15 }
241 KeyUsage ::= BIT STRING {
242 digitalSignature (0),
243 nonRepudiation (1),
244 keyEncipherment (2),
245 dataEncipherment (3),
246 keyAgreement (4),
247 keyCertSign (5),
248 cRLSign (6),
249 encipherOnly (7),
250 decipherOnly (8)
251 }
253 id-x509-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 35 }
255 KeyIdentifier ::= OCTET STRING
257 AuthorityKeyIdentifier ::= SEQUENCE {
258 keyIdentifier [0] IMPLICIT OCTET STRING OPTIONAL,
259 authorityCertIssuer [1] IMPLICIT -- GeneralName --
260 SEQUENCE -- SIZE (1..MAX) -- OF GeneralName OPTIONAL,
261 authorityCertSerialNumber [2] IMPLICIT INTEGER OPTIONAL
262 }
264 id-x509-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 14 }
266 SubjectKeyIdentifier ::= KeyIdentifier
268 id-x509-ce-basicConstraints OBJECT IDENTIFIER ::= { id-x509-ce 19 }
270 BasicConstraints ::= SEQUENCE {
271 cA BOOLEAN OPTIONAL -- DEFAULT FALSE --,
272 pathLenConstraint INTEGER (0..4294967295) OPTIONAL
273 }
275 id-x509-ce-nameConstraints OBJECT IDENTIFIER ::= { id-x509-ce 30 }
277 BaseDistance ::= INTEGER -- (0..MAX) --
279 GeneralSubtree ::= SEQUENCE {
280 base GeneralName,
281 minimum [0] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL -- DEFAULT 0 --,
282 maximum [1] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL
283 }
285 GeneralSubtrees ::= SEQUENCE -- SIZE (1..MAX) -- OF GeneralSubtree
287 NameConstraints ::= SEQUENCE {
288 permittedSubtrees [0] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL,
289 excludedSubtrees [1] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL
290 }
292 id-x509-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-x509-ce 16 }
293 id-x509-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-x509-ce 32 }
294 id-x509-ce-policyMappings OBJECT IDENTIFIER ::= { id-x509-ce 33 }
295 id-x509-ce-subjectAltName OBJECT IDENTIFIER ::= { id-x509-ce 17 }
296 id-x509-ce-issuerAltName OBJECT IDENTIFIER ::= { id-x509-ce 18 }
297 id-x509-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-x509-ce 9 }
298 id-x509-ce-policyConstraints OBJECT IDENTIFIER ::= { id-x509-ce 36 }
300 id-x509-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-x509-ce 37}
302 ExtKeyUsage ::= SEQUENCE OF OBJECT IDENTIFIER
304 id-x509-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-x509-ce 31 }
305 id-x509-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-x509-ce 27 }
306 id-x509-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-x509-ce 28 }
307 id-x509-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-x509-ce 23 }
308 id-x509-ce-invalidityDate OBJECT IDENTIFIER ::= { id-x509-ce 24 }
309 id-x509-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-x509-ce 29 }
310 id-x509-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-x509-ce 54 }
312 DistributionPointReasonFlags ::= BIT STRING {
313 unused (0),
314 keyCompromise (1),
315 cACompromise (2),
316 affiliationChanged (3),
317 superseded (4),
318 cessationOfOperation (5),
319 certificateHold (6),
320 privilegeWithdrawn (7),
321 aACompromise (8)
322 }
324 DistributionPointName ::= CHOICE {
325 fullName [0] IMPLICIT -- GeneralNames -- SEQUENCE SIZE (1..MAX) OF GeneralName,
326 nameRelativeToCRLIssuer [1] RelativeDistinguishedName
327 }
329 DistributionPoint ::= SEQUENCE {
330 distributionPoint [0] IMPLICIT heim_any -- DistributionPointName -- OPTIONAL,
331 reasons [1] IMPLICIT heim_any -- DistributionPointReasonFlags -- OPTIONAL,
332 cRLIssuer [2] IMPLICIT heim_any -- GeneralNames -- OPTIONAL
333 }
335 CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
338 -- rfc3279
340 DSASigValue ::= SEQUENCE {
341 r INTEGER,
342 s INTEGER
343 }
345 DSAPublicKey ::= INTEGER
347 DSAParams ::= SEQUENCE {
348 p INTEGER,
349 q INTEGER,
350 g INTEGER
351 }
353 -- really pkcs1
355 RSAPublicKey ::= SEQUENCE {
356 modulus INTEGER, -- n
357 publicExponent INTEGER -- e
358 }
360 RSAPrivateKey ::= SEQUENCE {
361 version INTEGER (0..4294967295),
362 modulus INTEGER, -- n
363 publicExponent INTEGER, -- e
364 privateExponent INTEGER, -- d
365 prime1 INTEGER, -- p
366 prime2 INTEGER, -- q
367 exponent1 INTEGER, -- d mod (p-1)
368 exponent2 INTEGER, -- d mod (q-1)
369 coefficient INTEGER -- (inverse of q) mod p
370 }
372 DigestInfo ::= SEQUENCE {
373 digestAlgorithm AlgorithmIdentifier,
374 digest OCTET STRING
375 }
377 -- some ms ext
379 -- szOID_ENROLL_CERTTYPE_EXTENSION "1.3.6.1.4.1.311.20.2" is Encoded as a
381 -- UNICODESTRING (0x1E tag)
383 -- szOID_CERTIFICATE_TEMPLATE "1.3.6.1.4.1.311.21.7" is Encoded as:
385 -- TemplateVersion ::= INTEGER (0..4294967295)
387 -- CertificateTemplate ::= SEQUENCE {
388 -- templateID OBJECT IDENTIFIER,
389 -- templateMajorVersion TemplateVersion,
390 -- templateMinorVersion TemplateVersion OPTIONAL
391 -- }
394 --
395 -- CRL
396 --
398 TBSCRLCertList ::= SEQUENCE {
399 version Version OPTIONAL, -- if present, MUST be v2
400 signature AlgorithmIdentifier,
401 issuer Name,
402 thisUpdate Time,
403 nextUpdate Time OPTIONAL,
404 revokedCertificates SEQUENCE OF SEQUENCE {
405 userCertificate CertificateSerialNumber,
406 revocationDate Time,
407 crlEntryExtensions Extensions OPTIONAL
408 -- if present, MUST be v2
409 } OPTIONAL,
410 crlExtensions [0] EXPLICIT Extensions OPTIONAL
411 -- if present, MUST be v2
412 }
415 CRLCertificateList ::= SEQUENCE {
416 tbsCertList TBSCRLCertList,
417 signatureAlgorithm AlgorithmIdentifier,
418 signatureValue BIT STRING
419 }
421 id-x509-ce-cRLNumber OBJECT IDENTIFIER ::= { id-x509-ce 20 }
422 id-x509-ce-freshestCRL OBJECT IDENTIFIER ::= { id-x509-ce 46 }
423 id-x509-ce-cRLReason OBJECT IDENTIFIER ::= { id-x509-ce 21 }
425 CRLReason ::= ENUMERATED {
426 unspecified (0),
427 keyCompromise (1),
428 cACompromise (2),
429 affiliationChanged (3),
430 superseded (4),
431 cessationOfOperation (5),
432 certificateHold (6),
433 removeFromCRL (8),
434 privilegeWithdrawn (9),
435 aACompromise (10)
436 }
438 PKIXXmppAddr ::= UTF8String
440 id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
441 dod(6) internet(1) security(5) mechanisms(5) pkix(7) }
443 id-pkix-on OBJECT IDENTIFIER ::= { id-pkix 8 }
444 id-pkix-on-xmppAddr OBJECT IDENTIFIER ::= { id-pkix-on 5 }
445 id-pkix-on-dnsSRV OBJECT IDENTIFIER ::= { id-pkix-on 7 }
447 id-pkix-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
448 id-pkix-kp-serverAuth OBJECT IDENTIFIER ::= { id-pkix-kp 1 }
449 id-pkix-kp-clientAuth OBJECT IDENTIFIER ::= { id-pkix-kp 2 }
450 id-pkix-kp-emailProtection OBJECT IDENTIFIER ::= { id-pkix-kp 4 }
451 id-pkix-kp-timeStamping OBJECT IDENTIFIER ::= { id-pkix-kp 8 }
452 id-pkix-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-pkix-kp 9 }
454 id-pkix-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
456 id-pkix-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pkix-pe 1 }
458 AccessDescription ::= SEQUENCE {
459 accessMethod OBJECT IDENTIFIER,
460 accessLocation GeneralName
461 }
463 AuthorityInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescription
465 -- RFC 3820 Proxy Certificate Profile
467 id-pkix-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pkix-pe 14 }
469 id-pkix-ppl OBJECT IDENTIFIER ::= { id-pkix 21 }
471 id-pkix-ppl-anyLanguage OBJECT IDENTIFIER ::= { id-pkix-ppl 0 }
472 id-pkix-ppl-inheritAll OBJECT IDENTIFIER ::= { id-pkix-ppl 1 }
473 id-pkix-ppl-independent OBJECT IDENTIFIER ::= { id-pkix-ppl 2 }
475 ProxyPolicy ::= SEQUENCE {
476 policyLanguage OBJECT IDENTIFIER,
477 policy OCTET STRING OPTIONAL
478 }
480 ProxyCertInfo ::= SEQUENCE {
481 pCPathLenConstraint INTEGER (0..4294967295) OPTIONAL, -- really MAX
482 proxyPolicy ProxyPolicy
483 }
485 --- U.S. Federal PKI Common Policy Framework
486 -- Card Authentication key
487 id-uspkicommon-card-id OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 6 }
488 id-uspkicommon-piv-interim OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 9 1 }
490 --- Netscape extentions
492 id-netscape OBJECT IDENTIFIER ::=
493 { joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730) }
494 id-netscape-cert-comment OBJECT IDENTIFIER ::= { id-netscape 1 13 }
496 --- MS extentions
498 id-ms-cert-enroll-domaincontroller OBJECT IDENTIFIER ::=
499 { 1 3 6 1 4 1 311 20 2 }
501 id-ms-client-authentication OBJECT IDENTIFIER ::=
502 { 1 3 6 1 5 5 7 3 2 }
504 -- DER:1e:20:00:44:00:6f:00:6d:00:61:00:69:00:6e:00:43:00:6f:00:6e:00:74:00:72:00:6f:00:6c:00:6c:00:65:00:72
506 END