xref: /freebsd/crypto/heimdal/lib/asn1/rfc2459.asn1 (revision 39beb93c3f8bdbf72a61fda42300b5ebed7390c8)
1-- $Id$ --
2-- Definitions from rfc2459/rfc3280
3
4RFC2459 DEFINITIONS ::= BEGIN
5
6IMPORTS heim_any FROM heim;
7
8Version ::=  INTEGER {
9	rfc3280_version_1(0),
10	rfc3280_version_2(1),
11	rfc3280_version_3(2)
12}
13
14id-pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
15	rsadsi(113549) pkcs(1) 1 }
16id-pkcs1-rsaEncryption OBJECT IDENTIFIER ::=		{ id-pkcs-1 1 }
17id-pkcs1-md2WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 2 }
18id-pkcs1-md5WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 4 }
19id-pkcs1-sha1WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 5 }
20id-pkcs1-sha256WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 11 }
21id-pkcs1-sha384WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 12 }
22id-pkcs1-sha512WithRSAEncryption OBJECT IDENTIFIER ::=	{ id-pkcs-1 13 }
23
24id-heim-rsa-pkcs1-x509 OBJECT IDENTIFIER ::= { 1  2 752 43 16 1 }
25
26id-pkcs-2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
27	rsadsi(113549) pkcs(1) 2 }
28id-pkcs2-md2 OBJECT IDENTIFIER ::=		{ id-pkcs-2 2 }
29id-pkcs2-md4 OBJECT IDENTIFIER ::=		{ id-pkcs-2 4 }
30id-pkcs2-md5 OBJECT IDENTIFIER ::=		{ id-pkcs-2 5 }
31
32id-rsa-digestAlgorithm OBJECT IDENTIFIER ::=
33{ iso(1) member-body(2) us(840) rsadsi(113549) 2 }
34
35id-rsa-digest-md2 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 2 }
36id-rsa-digest-md4 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 4 }
37id-rsa-digest-md5 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 5 }
38
39id-pkcs-3 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
40	rsadsi(113549) pkcs(1) 3 }
41
42id-pkcs3-rc2-cbc OBJECT IDENTIFIER ::=		{ id-pkcs-3 2 }
43id-pkcs3-rc4     OBJECT IDENTIFIER ::=		{ id-pkcs-3 4 }
44id-pkcs3-des-ede3-cbc OBJECT IDENTIFIER ::=	{ id-pkcs-3 7 }
45
46id-rsadsi-encalg OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
47	rsadsi(113549) 3 }
48
49id-rsadsi-rc2-cbc OBJECT IDENTIFIER ::=		{ id-rsadsi-encalg 2 }
50id-rsadsi-des-ede3-cbc OBJECT IDENTIFIER ::=	{ id-rsadsi-encalg 7 }
51
52id-secsig-sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
53	oiw(14) secsig(3) algorithm(2) 26 }
54
55id-nistAlgorithm OBJECT IDENTIFIER ::= {
56   joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) 4 }
57
58id-nist-aes-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 1 }
59
60id-aes-128-cbc OBJECT IDENTIFIER ::=		{ id-nist-aes-algs 2 }
61id-aes-192-cbc OBJECT IDENTIFIER ::=		{ id-nist-aes-algs 22 }
62id-aes-256-cbc OBJECT IDENTIFIER ::=		{ id-nist-aes-algs 42 }
63
64id-nist-sha-algs OBJECT IDENTIFIER ::=		{ id-nistAlgorithm 2 }
65
66id-sha256 OBJECT IDENTIFIER ::=			{ id-nist-sha-algs 1 }
67id-sha224 OBJECT IDENTIFIER ::=			{ id-nist-sha-algs 4 }
68id-sha384 OBJECT IDENTIFIER ::=			{ id-nist-sha-algs 2 }
69id-sha512 OBJECT IDENTIFIER ::=			{ id-nist-sha-algs 3 }
70
71id-dhpublicnumber OBJECT IDENTIFIER ::= {
72        iso(1) member-body(2) us(840) ansi-x942(10046)
73        number-type(2) 1 }
74
75id-x9-57 OBJECT IDENTIFIER ::= {
76        iso(1) member-body(2) us(840) ansi-x942(10046)
77	4 }
78
79id-dsa OBJECT IDENTIFIER ::=		{ id-x9-57 1 }
80id-dsa-with-sha1 OBJECT IDENTIFIER ::=		{ id-x9-57 3 }
81
82-- x.520 names types
83
84id-x520-at 	OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 }
85
86id-at-commonName		OBJECT IDENTIFIER ::= { id-x520-at 3 }
87id-at-surname			OBJECT IDENTIFIER ::= { id-x520-at 4 }
88id-at-serialNumber		OBJECT IDENTIFIER ::= { id-x520-at 5 }
89id-at-countryName		OBJECT IDENTIFIER ::= { id-x520-at 6 }
90id-at-localityName		OBJECT IDENTIFIER ::= { id-x520-at 7 }
91id-at-stateOrProvinceName	OBJECT IDENTIFIER ::= { id-x520-at 8 }
92id-at-streetAddress		OBJECT IDENTIFIER ::= { id-x520-at 9 }
93id-at-organizationName		OBJECT IDENTIFIER ::= { id-x520-at 10 }
94id-at-organizationalUnitName	OBJECT IDENTIFIER ::= { id-x520-at 11 }
95id-at-name			OBJECT IDENTIFIER ::= { id-x520-at 41 }
96id-at-givenName			OBJECT IDENTIFIER ::= { id-x520-at 42 }
97id-at-initials			OBJECT IDENTIFIER ::= { id-x520-at 43 }
98id-at-generationQualifier	OBJECT IDENTIFIER ::= { id-x520-at 44 }
99id-at-pseudonym			OBJECT IDENTIFIER ::= { id-x520-at 65 }
100-- RFC 2247
101id-Userid		      	OBJECT IDENTIFIER ::=
102                          { 0 9 2342 19200300 100 1 1 }
103id-domainComponent      	OBJECT IDENTIFIER ::=
104                          { 0 9 2342 19200300 100 1 25 }
105
106
107-- rfc3280
108
109id-x509-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29}
110
111AlgorithmIdentifier ::= SEQUENCE {
112	algorithm	OBJECT IDENTIFIER,
113	parameters	heim_any OPTIONAL
114}
115
116AttributeType ::=   OBJECT IDENTIFIER
117
118AttributeValue ::=   heim_any
119
120TeletexStringx ::= [UNIVERSAL 20] IMPLICIT OCTET STRING
121
122DirectoryString ::= CHOICE {
123	ia5String	IA5String,
124	teletexString	TeletexStringx,
125	printableString	PrintableString,
126	universalString UniversalString,
127	utf8String	UTF8String,
128	bmpString	BMPString
129}
130
131Attribute ::= SEQUENCE {
132        type    AttributeType,
133        value   SET OF -- AttributeValue -- heim_any
134}
135
136AttributeTypeAndValue ::= SEQUENCE {
137        type    AttributeType,
138        value   DirectoryString
139}
140
141RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
142
143RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
144
145Name ::= CHOICE {
146	rdnSequence  RDNSequence
147}
148
149CertificateSerialNumber ::= INTEGER
150
151Time ::= CHOICE {
152     utcTime        UTCTime,
153     generalTime    GeneralizedTime
154}
155
156Validity ::= SEQUENCE {
157     notBefore      Time,
158     notAfter       Time
159}
160
161UniqueIdentifier  ::=  BIT STRING
162
163SubjectPublicKeyInfo  ::=  SEQUENCE  {
164     algorithm            AlgorithmIdentifier,
165     subjectPublicKey     BIT STRING
166}
167
168Extension  ::=  SEQUENCE  {
169     extnID      OBJECT IDENTIFIER,
170     critical    BOOLEAN OPTIONAL, -- DEFAULT FALSE XXX
171     extnValue   OCTET STRING
172}
173
174Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
175
176TBSCertificate  ::=  SEQUENCE  {
177     version         [0]  Version OPTIONAL, -- EXPLICIT nnn DEFAULT 1,
178     serialNumber         CertificateSerialNumber,
179     signature            AlgorithmIdentifier,
180     issuer               Name,
181     validity             Validity,
182     subject              Name,
183     subjectPublicKeyInfo SubjectPublicKeyInfo,
184     issuerUniqueID  [1]  IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
185                          -- If present, version shall be v2 or v3
186     subjectUniqueID [2]  IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
187                          -- If present, version shall be v2 or v3
188     extensions      [3]  EXPLICIT Extensions OPTIONAL
189                          -- If present, version shall be v3
190}
191
192Certificate  ::=  SEQUENCE  {
193     tbsCertificate       TBSCertificate,
194     signatureAlgorithm   AlgorithmIdentifier,
195     signatureValue       BIT STRING
196}
197
198Certificates ::= SEQUENCE OF Certificate
199
200ValidationParms ::= SEQUENCE {
201	seed		BIT STRING,
202	pgenCounter	INTEGER
203}
204
205DomainParameters ::= SEQUENCE {
206	p		INTEGER, -- odd prime, p=jq +1
207	g		INTEGER, -- generator, g
208	q		INTEGER, -- factor of p-1
209	j		INTEGER OPTIONAL, -- subgroup factor
210	validationParms	ValidationParms OPTIONAL -- ValidationParms
211}
212
213DHPublicKey ::= INTEGER
214
215OtherName ::= SEQUENCE {
216	type-id    OBJECT IDENTIFIER,
217	value      [0] EXPLICIT heim_any
218}
219
220GeneralName ::= CHOICE {
221	otherName			[0]     IMPLICIT -- OtherName -- SEQUENCE {
222		type-id    OBJECT IDENTIFIER,
223		value      [0] EXPLICIT heim_any
224	},
225	rfc822Name			[1]     IMPLICIT IA5String,
226	dNSName				[2]     IMPLICIT IA5String,
227--	x400Address			[3]     IMPLICIT ORAddress,--
228	directoryName			[4]     IMPLICIT -- Name -- CHOICE {
229		rdnSequence  RDNSequence
230	},
231--	ediPartyName			[5]     IMPLICIT EDIPartyName, --
232	uniformResourceIdentifier	[6]     IMPLICIT IA5String,
233	iPAddress			[7]     IMPLICIT OCTET STRING,
234	registeredID			[8]     IMPLICIT OBJECT IDENTIFIER
235}
236
237GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
238
239id-x509-ce-keyUsage OBJECT IDENTIFIER ::=  { id-x509-ce 15 }
240
241KeyUsage ::= BIT STRING {
242	digitalSignature	(0),
243	nonRepudiation		(1),
244	keyEncipherment		(2),
245	dataEncipherment	(3),
246	keyAgreement		(4),
247	keyCertSign		(5),
248	cRLSign			(6),
249	encipherOnly		(7),
250	decipherOnly		(8)
251}
252
253id-x509-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-x509-ce 35 }
254
255KeyIdentifier ::= OCTET STRING
256
257AuthorityKeyIdentifier ::= SEQUENCE {
258	keyIdentifier             [0] IMPLICIT OCTET STRING OPTIONAL,
259	authorityCertIssuer       [1] IMPLICIT -- GeneralName --
260		SEQUENCE -- SIZE (1..MAX) -- OF GeneralName OPTIONAL,
261	authorityCertSerialNumber [2] IMPLICIT INTEGER OPTIONAL
262}
263
264id-x509-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-x509-ce 14 }
265
266SubjectKeyIdentifier ::= KeyIdentifier
267
268id-x509-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-x509-ce 19 }
269
270BasicConstraints ::= SEQUENCE {
271	cA                      BOOLEAN OPTIONAL -- DEFAULT FALSE --,
272	pathLenConstraint	INTEGER (0..4294967295) OPTIONAL
273}
274
275id-x509-ce-nameConstraints OBJECT IDENTIFIER ::=  { id-x509-ce 30 }
276
277BaseDistance ::= INTEGER -- (0..MAX) --
278
279GeneralSubtree ::= SEQUENCE {
280	base			GeneralName,
281	minimum		[0]	IMPLICIT -- BaseDistance -- INTEGER OPTIONAL -- DEFAULT 0 --,
282	maximum		[1]	IMPLICIT -- BaseDistance -- INTEGER OPTIONAL
283}
284
285GeneralSubtrees ::= SEQUENCE -- SIZE (1..MAX) -- OF GeneralSubtree
286
287NameConstraints ::= SEQUENCE {
288	permittedSubtrees       [0]     IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL,
289	excludedSubtrees        [1]     IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL
290}
291
292id-x509-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::=  { id-x509-ce 16 }
293id-x509-ce-certificatePolicies OBJECT IDENTIFIER ::=  { id-x509-ce 32 }
294id-x509-ce-policyMappings OBJECT IDENTIFIER ::=  { id-x509-ce 33 }
295id-x509-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-x509-ce 17 }
296id-x509-ce-issuerAltName OBJECT IDENTIFIER ::=  { id-x509-ce 18 }
297id-x509-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::=  { id-x509-ce 9 }
298id-x509-ce-policyConstraints OBJECT IDENTIFIER ::=  { id-x509-ce 36 }
299
300id-x509-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-x509-ce 37}
301
302ExtKeyUsage ::= SEQUENCE OF OBJECT IDENTIFIER
303
304id-x509-ce-cRLDistributionPoints OBJECT IDENTIFIER ::=  { id-x509-ce 31 }
305id-x509-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-x509-ce 27 }
306id-x509-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-x509-ce 28 }
307id-x509-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-x509-ce 23 }
308id-x509-ce-invalidityDate OBJECT IDENTIFIER ::= { id-x509-ce 24 }
309id-x509-ce-certificateIssuer   OBJECT IDENTIFIER ::= { id-x509-ce 29 }
310id-x509-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::=  { id-x509-ce 54 }
311
312DistributionPointReasonFlags ::= BIT STRING {
313	unused                  (0),
314	keyCompromise           (1),
315	cACompromise            (2),
316	affiliationChanged      (3),
317	superseded              (4),
318	cessationOfOperation    (5),
319	certificateHold         (6),
320	privilegeWithdrawn      (7),
321	aACompromise            (8)
322}
323
324DistributionPointName ::= CHOICE {
325	fullName                [0]     IMPLICIT -- GeneralNames --  SEQUENCE SIZE (1..MAX) OF GeneralName,
326	nameRelativeToCRLIssuer [1]     RelativeDistinguishedName
327}
328
329DistributionPoint ::= SEQUENCE {
330	distributionPoint       [0]     IMPLICIT heim_any -- DistributionPointName -- OPTIONAL,
331	reasons                 [1]     IMPLICIT heim_any -- DistributionPointReasonFlags -- OPTIONAL,
332	cRLIssuer               [2]     IMPLICIT heim_any -- GeneralNames -- OPTIONAL
333}
334
335CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
336
337
338-- rfc3279
339
340DSASigValue  ::=  SEQUENCE {
341	r	INTEGER,
342	s	INTEGER
343}
344
345DSAPublicKey ::= INTEGER
346
347DSAParams  ::=  SEQUENCE {
348	p	INTEGER,
349	q	INTEGER,
350	g	INTEGER
351}
352
353-- really pkcs1
354
355RSAPublicKey ::= SEQUENCE {
356	modulus INTEGER, -- n
357	publicExponent INTEGER -- e
358}
359
360RSAPrivateKey ::= SEQUENCE {
361	version INTEGER (0..4294967295),
362	modulus INTEGER, -- n
363	publicExponent INTEGER, -- e
364	privateExponent INTEGER, -- d
365	prime1 INTEGER, -- p
366	prime2 INTEGER, -- q
367	exponent1 INTEGER, -- d mod (p-1)
368	exponent2 INTEGER, -- d mod (q-1)
369	coefficient INTEGER -- (inverse of q) mod p
370}
371
372DigestInfo ::= SEQUENCE {
373	digestAlgorithm AlgorithmIdentifier,
374	digest OCTET STRING
375}
376
377-- some ms ext
378
379-- szOID_ENROLL_CERTTYPE_EXTENSION "1.3.6.1.4.1.311.20.2" is Encoded as a
380
381-- UNICODESTRING (0x1E tag)
382
383-- szOID_CERTIFICATE_TEMPLATE "1.3.6.1.4.1.311.21.7" is Encoded as:
384
385-- TemplateVersion ::= INTEGER (0..4294967295)
386
387-- CertificateTemplate ::= SEQUENCE {
388--	templateID OBJECT IDENTIFIER,
389--	templateMajorVersion TemplateVersion,
390--	templateMinorVersion TemplateVersion OPTIONAL
391-- }
392
393
394--
395-- CRL
396--
397
398TBSCRLCertList ::=  SEQUENCE  {
399	version			Version OPTIONAL, -- if present, MUST be v2
400	signature		AlgorithmIdentifier,
401	issuer			Name,
402	thisUpdate		Time,
403	nextUpdate		Time OPTIONAL,
404	revokedCertificates     SEQUENCE OF SEQUENCE  {
405		userCertificate         CertificateSerialNumber,
406		revocationDate          Time,
407		crlEntryExtensions      Extensions OPTIONAL
408						-- if present, MUST be v2
409	} OPTIONAL,
410	crlExtensions		[0] EXPLICIT Extensions OPTIONAL
411						-- if present, MUST be v2
412}
413
414
415CRLCertificateList ::=  SEQUENCE  {
416	tbsCertList          TBSCRLCertList,
417	signatureAlgorithm   AlgorithmIdentifier,
418	signatureValue       BIT STRING
419}
420
421id-x509-ce-cRLNumber OBJECT IDENTIFIER ::= { id-x509-ce 20 }
422id-x509-ce-freshestCRL OBJECT IDENTIFIER ::=  { id-x509-ce 46 }
423id-x509-ce-cRLReason OBJECT IDENTIFIER ::= { id-x509-ce 21 }
424
425CRLReason ::= ENUMERATED {
426	unspecified             (0),
427	keyCompromise           (1),
428	cACompromise            (2),
429	affiliationChanged      (3),
430	superseded              (4),
431	cessationOfOperation    (5),
432	certificateHold         (6),
433	removeFromCRL           (8),
434	privilegeWithdrawn      (9),
435	aACompromise           (10)
436}
437
438PKIXXmppAddr ::= UTF8String
439
440id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
441            dod(6) internet(1) security(5) mechanisms(5) pkix(7) }
442
443id-pkix-on OBJECT IDENTIFIER ::= { id-pkix 8 }
444id-pkix-on-xmppAddr OBJECT IDENTIFIER ::= { id-pkix-on 5 }
445id-pkix-on-dnsSRV OBJECT IDENTIFIER ::= { id-pkix-on 7 }
446
447id-pkix-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
448id-pkix-kp-serverAuth OBJECT IDENTIFIER ::= { id-pkix-kp 1 }
449id-pkix-kp-clientAuth OBJECT IDENTIFIER ::= { id-pkix-kp 2 }
450id-pkix-kp-emailProtection OBJECT IDENTIFIER ::= { id-pkix-kp 4 }
451id-pkix-kp-timeStamping OBJECT IDENTIFIER ::= { id-pkix-kp 8 }
452id-pkix-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-pkix-kp 9 }
453
454id-pkix-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
455
456id-pkix-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pkix-pe 1 }
457
458AccessDescription  ::=  SEQUENCE {
459	accessMethod          OBJECT IDENTIFIER,
460	accessLocation        GeneralName
461}
462
463AuthorityInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescription
464
465-- RFC 3820 Proxy Certificate Profile
466
467id-pkix-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pkix-pe 14 }
468
469id-pkix-ppl  OBJECT IDENTIFIER ::= { id-pkix 21 }
470
471id-pkix-ppl-anyLanguage     OBJECT IDENTIFIER ::= { id-pkix-ppl 0 }
472id-pkix-ppl-inheritAll      OBJECT IDENTIFIER ::= { id-pkix-ppl 1 }
473id-pkix-ppl-independent     OBJECT IDENTIFIER ::= { id-pkix-ppl 2 }
474
475ProxyPolicy ::= SEQUENCE {
476	policyLanguage		OBJECT IDENTIFIER,
477	policy			OCTET STRING OPTIONAL
478}
479
480ProxyCertInfo ::= SEQUENCE {
481	pCPathLenConstraint	INTEGER (0..4294967295) OPTIONAL, -- really MAX
482	proxyPolicy		ProxyPolicy
483}
484
485--- U.S. Federal PKI Common Policy Framework
486-- Card Authentication key
487id-uspkicommon-card-id OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 6 }
488id-uspkicommon-piv-interim OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 9 1 }
489
490--- Netscape extentions
491
492id-netscape OBJECT IDENTIFIER ::=
493    { joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730) }
494id-netscape-cert-comment OBJECT IDENTIFIER ::= { id-netscape 1 13 }
495
496--- MS extentions
497
498id-ms-cert-enroll-domaincontroller OBJECT IDENTIFIER ::=
499    { 1 3 6 1 4 1 311 20 2 }
500
501id-ms-client-authentication OBJECT IDENTIFIER ::=
502 { 1 3 6 1 5 5 7 3 2 }
503
504-- DER:1e:20:00:44:00:6f:00:6d:00:61:00:69:00:6e:00:43:00:6f:00:6e:00:74:00:72:00:6f:00:6c:00:6c:00:65:00:72
505
506END
507