| blob | 2856cc7b4a7dd8a432ebb7e79770f3d89aa21df8 |
1 -- This file is based on PKIX1Implicit93 definition in
2 -- RFC2459 section b.2
3 --
4 --Appendix F of RFC2459
5 --Appendix F. Full Copyright Statement
6 --
7 -- Copyright (C) The Internet Society (1999). All Rights Reserved.
8 --
9 -- This document and translations of it may be copied and furnished to
10 -- others, and derivative works that comment on or otherwise explain it
11 -- or assist in its implementation may be prepared, copied, published
12 -- and distributed, in whole or in part, without restriction of any
13 -- kind, provided that the above copyright notice and this paragraph are
14 -- included on all such copies and derivative works. However, this
15 -- document itself may not be modified in any way, such as by removing
16 -- the copyright notice or references to the Internet Society or other
17 -- Internet organizations, except as needed for the purpose of
18 -- developing Internet standards in which case the procedures for
19 -- copyrights defined in the Internet Standards process must be
20 -- followed, or as required to translate it into languages other than
21 -- English.
22 --
23 -- The limited permissions granted above are perpetual and will not be
24 -- revoked by the Internet Society or its successors or assigns.
25 --
26 -- This document and the information contained herein is provided on an
27 -- "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
28 -- TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
29 -- BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
30 -- HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
31 -- MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
32 --
33 --
34 --NOTE: This ASN1 definition have been significantly modified from the original
35 --version in RFC2459 in order to accommodate the feature sets available
36 --in the Wireshark projects asn2wrs compiler.
37 --It has also been modified and structures have been commented out that
38 --are already implemented in the X509 dissectors.
39 --Dissectors present already in the X509 dissectors should be implemented in
40 --the template by hand as stubs that will just call the original
41 --dissector functions in X509 in order not to duplicate code.
42 --
43 --Structures and constructs in this definition are uncommented and
44 --implemented on-demand when someone needs them.
45 --
46 --If you export new types from this file, make sure to update the
47 --pkix1implicit_exp.cnf file with the proper definitions
50 PKIX1Implicit93 {iso(1) identified-organization(3) dod(6) internet(1)
51 security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit-93(4)}
53 DEFINITIONS IMPLICIT TAGS::=
55 BEGIN
57 --EXPORTS ALL
59 IMPORTS
60 id-pe, id-qt, id-kp, id-ad, id-qt-unotice,
61 ORAddress, Name, RelativeDistinguishedName,
62 CertificateSerialNumber, CertificateList,
63 AlgorithmIdentifier, ub-name, DirectoryString,
64 Attribute, EXTENSION
65 FROM PKIX1Explicit93 {iso(1) identified-organization(3)
66 dod(6) internet(1) security(5) mechanisms(5) pkix(7)
67 id-mod(0) id-pkix1-explicit-93(3)}
68 GeneralName FROM CertificateExtensions;
71 -- Key and policy information extensions
72 --
73 --authorityKeyIdentifier EXTENSION ::= {
74 -- SYNTAX AuthorityKeyIdentifier
75 -- IDENTIFIED BY id-ce-authorityKeyIdentifier }
76 --
77 --AuthorityKeyIdentifier ::= SEQUENCE {
78 -- keyIdentifier [0] KeyIdentifier OPTIONAL,
79 -- authorityCertIssuer [1] GeneralNames OPTIONAL,
80 -- authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
81 -- ( WITH COMPONENTS {..., authorityCertIssuer PRESENT,
82 -- authorityCertSerialNumber PRESENT} |
83 -- WITH COMPONENTS {..., authorityCertIssuer ABSENT,
84 -- authorityCertSerialNumber ABSENT} )
85 --
86 KeyIdentifier ::= OCTET STRING
87 --
88 --subjectKeyIdentifier EXTENSION ::= {
89 -- SYNTAX SubjectKeyIdentifier
90 -- IDENTIFIED BY id-ce-subjectKeyIdentifier }
91 --
92 --SubjectKeyIdentifier ::= KeyIdentifier
93 --
94 --keyUsage EXTENSION ::= {
95 -- SYNTAX KeyUsage
96 -- IDENTIFIED BY id-ce-keyUsage }
97 --
98 --KeyUsage ::= BIT STRING {
99 -- digitalSignature (0),
100 -- nonRepudiation (1),
101 -- keyEncipherment (2),
102 -- dataEncipherment (3),
103 -- keyAgreement (4),
104 -- keyCertSign (5),
105 -- cRLSign (6),
106 -- encipherOnly (7),
107 -- decipherOnly (8) }
108 --
109 --extendedKeyUsage EXTENSION ::= {
110 -- SYNTAX SEQUENCE SIZE (1..MAX) OF KeyPurposeId
111 -- IDENTIFIED BY id-ce-extKeyUsage }
112 --
113 Dummy ::= NULL
114 --KeyPurposeId ::= OBJECT IDENTIFIER
115 --
116 -- PKIX-defined extended key purpose OIDs
117 --id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 }
118 --id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 }
119 --id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 }
120 --id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 }
121 --id-kp-ipsecEndSystem OBJECT IDENTIFIER ::= { id-kp 5 }
122 --id-kp-ipsecTunnel OBJECT IDENTIFIER ::= { id-kp 6 }
123 --id-kp-ipsecUser OBJECT IDENTIFIER ::= { id-kp 7 }
124 --id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 }
125 --
126 --privateKeyUsagePeriod EXTENSION ::= {
127 -- SYNTAX PrivateKeyUsagePeriod
128 -- IDENTIFIED BY { id-ce-privateKeyUsagePeriod } }
129 --
130 --PrivateKeyUsagePeriod ::= SEQUENCE {
131 -- notBefore [0] GeneralizedTime OPTIONAL,
132 -- notAfter [1] GeneralizedTime OPTIONAL }
133 -- ( WITH COMPONENTS {..., notBefore PRESENT} |
134 -- WITH COMPONENTS {..., notAfter PRESENT} )
135 --
136 --certificatePolicies EXTENSION ::= {
137 -- SYNTAX CertificatePoliciesSyntax
138 -- IDENTIFIED BY id-ce-certificatePolicies }
139 --
140 --CertificatePoliciesSyntax ::=
141 -- SEQUENCE SIZE (1..MAX) OF PolicyInformation
142 --
143 --PolicyInformation ::= SEQUENCE {
144 -- policyIdentifier CertPolicyId,
145 -- policyQualifiers SEQUENCE SIZE (1..MAX) OF
146 -- PolicyQualifierInfo OPTIONAL }
147 --
148 --CertPolicyId ::= OBJECT IDENTIFIER
149 --
150 --PolicyQualifierInfo ::= SEQUENCE {
151 -- policyQualifierId CERT-POLICY-QUALIFIER.&id
152 -- ({SupportedPolicyQualifiers}),
153 -- qualifier CERT-POLICY-QUALIFIER.&Qualifier
154 -- ({SupportedPolicyQualifiers}
155 -- {@policyQualifierId})OPTIONAL }
156 --
157 --SupportedPolicyQualifiers CERT-POLICY-QUALIFIER ::= { noticeToUser |
158 -- pointerToCPS }
159 --
160 --CERT-POLICY-QUALIFIER ::= CLASS {
161 -- &id OBJECT IDENTIFIER UNIQUE,
162 -- &Qualifier OPTIONAL }
163 --WITH SYNTAX {
164 -- POLICY-QUALIFIER-ID &id
165 -- [QUALIFIER-TYPE &Qualifier] }
166 --
167 --policyMappings EXTENSION ::= {
168 -- SYNTAX PolicyMappingsSyntax
169 -- IDENTIFIED BY id-ce-policyMappings }
170 --
171 --PolicyMappingsSyntax ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
172 -- issuerDomainPolicy CertPolicyId,
173 -- subjectDomainPolicy CertPolicyId }
174 --
175 -- Certificate subject and certificate issuer attributes extensions
176 --
177 --subjectAltName EXTENSION ::= {
178 -- SYNTAX GeneralNames
179 -- IDENTIFIED BY id-ce-subjectAltName }
180 --
181 --GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
182 --
183 --Imported from X509CE
184 --GeneralName ::= CHOICE {
185 -- otherName [0] INSTANCE OF OTHER-NAME,
186 -- rfc822Name [1] IA5String,
187 -- dNSName [2] IA5String,
188 -- x400Address [3] ORAddress,
189 -- directoryName [4] Name,
190 -- ediPartyName [5] EDIPartyName,
191 -- uniformResourceIdentifier [6] IA5String,
192 -- iPAddress [7] OCTET STRING,
193 -- registeredID [8] OBJECT IDENTIFIER
194 --}
196 --OTHER-NAME ::= TYPE-IDENTIFIER
198 EDIPartyName ::= SEQUENCE {
199 nameAssigner [0] DirectoryString OPTIONAL,
200 partyName [1] DirectoryString }
202 --issuerAltName EXTENSION ::= {
203 -- SYNTAX GeneralNames
204 -- IDENTIFIED BY id-ce-issuerAltName }
205 --
206 --subjectDirectoryAttributes EXTENSION ::= {
207 -- SYNTAX AttributesSyntax
208 -- IDENTIFIED BY id-ce-subjectDirectoryAttributes }
209 --
210 --AttributesSyntax ::= SEQUENCE SIZE (1..MAX) OF Attribute
211 --
212 -- Certification path constraints extensions
213 --
214 --basicConstraints EXTENSION ::= {
215 -- SYNTAX BasicConstraintsSyntax
216 -- IDENTIFIED BY id-ce-basicConstraints }
217 --
218 --BasicConstraintsSyntax ::= SEQUENCE {
219 -- cA BOOLEAN DEFAULT FALSE,
220 -- pathLenConstraint INTEGER (0..MAX) OPTIONAL }
221 --
222 --nameConstraints EXTENSION ::= {
223 -- SYNTAX NameConstraintsSyntax
224 -- IDENTIFIED BY id-ce-nameConstraints }
225 --
226 --NameConstraintsSyntax ::= SEQUENCE {
227 -- permittedSubtrees [0] GeneralSubtrees OPTIONAL,
228 -- excludedSubtrees [1] GeneralSubtrees OPTIONAL }
229 --
230 --GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
231 --
232 --GeneralSubtree ::= SEQUENCE {
233 -- base GeneralName,
234 -- minimum [0] BaseDistance DEFAULT 0,
235 -- maximum [1] BaseDistance OPTIONAL }
236 --
237 --BaseDistance ::= INTEGER (0..MAX)
238 --
239 --policyConstraints EXTENSION ::= {
240 -- SYNTAX PolicyConstraintsSyntax
241 -- IDENTIFIED BY id-ce-policyConstraints }
242 --
243 --PolicyConstraintsSyntax ::= SEQUENCE {
244 -- requireExplicitPolicy [0] SkipCerts OPTIONAL,
245 -- inhibitPolicyMapping [1] SkipCerts OPTIONAL }
246 --
247 --
248 --SkipCerts ::= INTEGER (0..MAX)
249 --
250 -- Basic CRL extensions
251 --
252 --cRLNumber EXTENSION ::= {
253 -- SYNTAX CRLNumber
254 -- IDENTIFIED BY id-ce-cRLNumber }
255 --
256 --CRLNumber ::= INTEGER (0..MAX)
257 --
258 --reasonCode EXTENSION ::= {
259 -- SYNTAX CRLReason
260 -- IDENTIFIED BY id-ce-reasonCode }
261 --
262 --CRLReason ::= ENUMERATED {
263 -- unspecified (0),
264 -- keyCompromise (1),
265 -- cACompromise (2),
266 -- affiliationChanged (3),
267 -- superseded (4),
268 -- cessationOfOperation (5),
269 -- certificateHold (6),
270 -- removeFromCRL (8) }
271 --
272 --instructionCode EXTENSION ::= {
273 -- SYNTAX HoldInstruction
274 -- IDENTIFIED BY id-ce-instructionCode }
275 --
276 --HoldInstruction ::= OBJECT IDENTIFIER
277 --
278 -- holdinstructions described in this specification, from ANSI x9
279 --
280 -- ANSI x9 arc holdinstruction arc
281 --holdInstruction OBJECT IDENTIFIER ::= {
282 -- joint-iso-ccitt(2) member-body(2) us(840) x9cm(10040) 2}
283 --
284 -- ANSI X9 holdinstructions referenced by this standard
285 --id-holdinstruction-none OBJECT IDENTIFIER ::= {holdInstruction 1}
286 --id-holdinstruction-callissuer OBJECT IDENTIFIER ::= {holdInstruction 2}
287 --id-holdinstruction-reject OBJECT IDENTIFIER ::= {holdInstruction 3}
288 --
289 --invalidityDate EXTENSION ::= {
290 -- SYNTAX GeneralizedTime
291 -- IDENTIFIED BY id-ce-invalidityDate }
292 --
293 -- CRL distribution points and delta-CRL extensions
294 --
295 --cRLDistributionPoints EXTENSION ::= {
296 --
297 -- SYNTAX CRLDistPointsSyntax
298 -- IDENTIFIED BY id-ce-cRLDistributionPoints }
299 --
300 --CRLDistPointsSyntax ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
301 --
302 --DistributionPoint ::= SEQUENCE {
303 -- distributionPoint [0] DistributionPointName OPTIONAL,
304 -- reasons [1] ReasonFlags OPTIONAL,
305 -- cRLIssuer [2] GeneralNames OPTIONAL }
306 --
307 --DistributionPointName ::= CHOICE {
308 -- fullName [0] GeneralNames,
309 -- nameRelativeToCRLIssuer [1] RelativeDistinguishedName }
310 --
311 --ReasonFlags ::= BIT STRING {
312 -- unused (0),
313 -- keyCompromise (1),
314 -- caCompromise (2),
315 -- affiliationChanged (3),
316 -- superseded (4),
317 -- cessationOfOperation (5),
318 -- certificateHold (6) }
319 --
320 --issuingDistributionPoint EXTENSION ::= {
321 -- SYNTAX IssuingDistPointSyntax
322 -- IDENTIFIED BY id-ce-issuingDistributionPoint }
323 --
324 --IssuingDistPointSyntax ::= SEQUENCE {
325 -- distributionPoint [0] DistributionPointName OPTIONAL,
326 -- onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE,
327 -- onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE,
328 -- onlySomeReasons [3] ReasonFlags OPTIONAL,
329 -- indirectCRL [4] BOOLEAN DEFAULT FALSE }
330 --
331 --certificateIssuer EXTENSION ::= {
332 -- SYNTAX GeneralNames
333 -- IDENTIFIED BY id-ce-certificateIssuer }
334 --
335 --deltaCRLIndicator EXTENSION ::= {
336 -- SYNTAX BaseCRLNumber
337 -- IDENTIFIED BY id-ce-deltaCRLIndicator }
338 --
339 --BaseCRLNumber ::= CRLNumber
340 --
341 -- Object identifier assignments for ISO certificate extensions
342 --id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29}
343 --
344 --id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= {id-ce 9}
345 --
346 --id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= {id-ce 14}
347 --id-ce-keyUsage OBJECT IDENTIFIER ::= {id-ce 15}
348 --id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= {id-ce 16}
349 --id-ce-subjectAltName OBJECT IDENTIFIER ::= {id-ce 17}
350 --id-ce-issuerAltName OBJECT IDENTIFIER ::= {id-ce 18}
351 --id-ce-basicConstraints OBJECT IDENTIFIER ::= {id-ce 19}
352 --id-ce-cRLNumber OBJECT IDENTIFIER ::= {id-ce 20}
353 --id-ce-reasonCode OBJECT IDENTIFIER ::= {id-ce 21}
354 --id-ce-instructionCode OBJECT IDENTIFIER ::= {id-ce 23}
355 --id-ce-invalidityDate OBJECT IDENTIFIER ::= {id-ce 24}
356 --id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= {id-ce 27}
357 --id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= {id-ce 28}
358 --id-ce-certificateIssuer OBJECT IDENTIFIER ::= {id-ce 29}
359 --id-ce-nameConstraints OBJECT IDENTIFIER ::= {id-ce 30}
360 --id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= {id-ce 31}
361 --id-ce-certificatePolicies OBJECT IDENTIFIER ::= {id-ce 32}
362 --id-ce-policyMappings OBJECT IDENTIFIER ::= {id-ce 33}
363 --id-ce-policyConstraints OBJECT IDENTIFIER ::= {id-ce 36}
364 --id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= {id-ce 35}
365 --id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37}
366 --
367 -- PKIX 1 extensions
368 --
369 --authorityInfoAccess EXTENSION ::= {
370 -- SYNTAX AuthorityInfoAccessSyntax
371 -- IDENTIFIED BY id-pe-authorityInfoAccess }
373 AuthorityInfoAccessSyntax ::=
374 SEQUENCE SIZE (1..MAX) OF AccessDescription
376 AccessDescription ::= SEQUENCE {
377 accessMethod OBJECT IDENTIFIER,
378 accessLocation GeneralName }
380 --id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
381 --
382 --id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
383 --id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }
384 --
385 -- PKIX policy qualifier definitions
386 --
387 --noticeToUser CERT-POLICY-QUALIFIER ::= {
388 -- POLICY-QUALIFIER-ID id-qt-cps QUALIFIER-TYPE CPSuri}
389 --
390 --pointerToCPS CERT-POLICY-QUALIFIER ::= {
391 -- POLICY-QUALIFIER-ID id-qt-unotice QUALIFIER-TYPE UserNotice}
392 --
393 --id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 }
394 --
395 --id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 }
396 --
397 --CPSuri ::= IA5String
398 --
399 UserNotice ::= SEQUENCE {
400 noticeRef NoticeReference OPTIONAL,
401 explicitText DisplayText OPTIONAL}
403 NoticeReference ::= SEQUENCE {
404 organization DisplayText,
405 noticeNumbers SEQUENCE OF INTEGER }
407 DisplayText ::= CHOICE {
408 ia5String IA5String,
409 visibleString VisibleString,
410 bmpString BMPString,
411 utf8String UTF8String }
414 END