forked from osmocom/wireshark
8c608e6e82
Change-Id: Ie476c6f82f318188b41ed922b92c6fec119ea954 Reviewed-on: https://code.wireshark.org/review/244 Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com> Tested-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
276 lines
7.2 KiB
Groff
276 lines
7.2 KiB
Groff
PKCS-12 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
|
|
pkcs-12(12) modules(0) pkcs-12(1)}
|
|
|
|
DEFINITIONS IMPLICIT TAGS ::=
|
|
|
|
BEGIN
|
|
|
|
-- EXPORTS ALL
|
|
-- All types and values defined in this module is exported for use in
|
|
-- other ASN.1 modules.
|
|
|
|
IMPORTS
|
|
|
|
informationFramework
|
|
FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1)
|
|
usefulDefinitions(0) 3}
|
|
|
|
Attribute
|
|
FROM InformationFramework informationFramework
|
|
|
|
ContentInfo, --DigestInfo-- Digest, DigestAlgorithmIdentifier
|
|
FROM PKCS-7 {iso(1) member-body(2) us(840) rsadsi(113549)
|
|
pkcs(1) pkcs-7(7) modules(0) pkcs-7(1)}
|
|
|
|
--PrivateKeyInfo, EncryptedPrivateKeyInfo
|
|
-- FROM PKCS-8 {iso(1) member-body(2) us(840) rsadsi(113549)
|
|
-- pkcs(1) pkcs-8(8) modules(1) pkcs-8(1)}
|
|
--
|
|
--pkcs-9, friendlyName, localKeyId, certTypes, crlTypes
|
|
-- FROM PKCS-9 {iso(1) member-body(2) us(840) rsadsi(113549)
|
|
-- pkcs(1) pkcs-9(9) modules(0) pkcs-9(1) };--
|
|
|
|
-- A PKCS#8 IMPORT from below
|
|
AlgorithmIdentifier, ALGORITHM-IDENTIFIER
|
|
FROM PKCS-5 {iso(1) member-body(2) us(840) rsadsi(113549)
|
|
pkcs(1) pkcs-5(5) modules(16) pkcs-5(1)};
|
|
|
|
|
|
-- Object identifiers
|
|
|
|
--rsadsi OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549)}
|
|
--pkcs OBJECT IDENTIFIER ::= {rsadsi pkcs(1)}
|
|
--pkcs-12 OBJECT IDENTIFIER ::= {pkcs 12}
|
|
--pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1}
|
|
--pbeWithSHAAnd128BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 1}
|
|
--pbeWithSHAAnd40BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 2}
|
|
--pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3}
|
|
--pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4}
|
|
--pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5}
|
|
--pbewithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6}
|
|
|
|
--bagtypes OBJECT IDENTIFIER ::= {pkcs-12 10 1}
|
|
|
|
-- The PFX PDU
|
|
|
|
PFX ::= SEQUENCE {
|
|
version INTEGER {v3(3)}(v3,...),
|
|
authSafe ContentInfo,
|
|
macData MacData OPTIONAL
|
|
}
|
|
|
|
MacData ::= SEQUENCE {
|
|
mac DigestInfo,
|
|
macSalt OCTET STRING,
|
|
iterations INTEGER DEFAULT 1
|
|
-- Note: The default is for historical reasons and its use is
|
|
-- deprecated. A higher value, like 1024 is recommended.
|
|
}
|
|
|
|
-- Imported from PKCS#7
|
|
DigestInfo ::= SEQUENCE {
|
|
digestAlgorithm DigestAlgorithmIdentifier,
|
|
digest Digest
|
|
}
|
|
|
|
AuthenticatedSafe ::= SEQUENCE OF ContentInfo
|
|
-- Data if unencrypted
|
|
-- EncryptedData if password-encrypted
|
|
-- EnvelopedData if public key-encrypted
|
|
|
|
SafeContents ::= SEQUENCE OF SafeBag
|
|
|
|
SafeBag ::= SEQUENCE {
|
|
bagId -- BAG-TYPE.&id ({PKCS12BagSet}) -- OBJECT IDENTIFIER,
|
|
bagValue [0] EXPLICIT --BAG-TYPE.&Type({PKCS12BagSet}{@bagId}) -- ANY,
|
|
bagAttributes SET OF PKCS12Attribute OPTIONAL
|
|
}
|
|
|
|
-- Bag types
|
|
|
|
--keyBag BAG-TYPE ::=
|
|
-- {KeyBag IDENTIFIED BY {bagtypes 1}}
|
|
--pkcs8ShroudedKeyBag BAG-TYPE ::=
|
|
-- {PKCS8ShroudedKeyBag IDENTIFIED BY {bagtypes 2}}
|
|
--certBag BAG-TYPE ::=
|
|
-- {CertBag IDENTIFIED BY {bagtypes 3}}
|
|
--crlBag BAG-TYPE ::=
|
|
-- {CRLBag IDENTIFIED BY {bagtypes 4}}
|
|
--secretBag BAG-TYPE ::=
|
|
-- {SecretBag IDENTIFIED BY {bagtypes 5}}
|
|
--safeContentsBag BAG-TYPE ::=
|
|
-- {SafeContents IDENTIFIED BY {bagtypes 6}}
|
|
|
|
--PKCS12BagSet BAG-TYPE ::= {
|
|
-- keyBag |
|
|
-- pkcs8ShroudedKeyBag |
|
|
-- certBag |
|
|
-- crlBag |
|
|
-- secretBag |
|
|
-- safeContentsBag,
|
|
-- ... - - For future extensions
|
|
--}
|
|
|
|
--BAG-TYPE ::= TYPE-IDENTIFIER
|
|
|
|
-- KeyBag
|
|
|
|
KeyBag ::= PrivateKeyInfo
|
|
|
|
-- Shrouded KeyBag
|
|
|
|
PKCS8ShroudedKeyBag ::= EncryptedPrivateKeyInfo
|
|
|
|
-- CertBag
|
|
|
|
CertBag ::= SEQUENCE {
|
|
certId --BAG-TYPE.&id ({CertTypes}) -- OBJECT IDENTIFIER,
|
|
certValue [0] EXPLICIT --BAG-TYPE.&Type ({CertTypes}{@certId})-- ANY
|
|
}
|
|
|
|
--x509Certificate BAG-TYPE ::=
|
|
-- {OCTET STRING IDENTIFIED BY {certTypes 1}}
|
|
-- DER-encoded X.509 certificate stored in OCTET STRING
|
|
--sdsiCertificate BAG-TYPE ::=
|
|
-- {IA5String IDENTIFIED BY {certTypes 2}}
|
|
-- Base64-encoded SDSI certificate stored in IA5String
|
|
|
|
--CertTypes BAG-TYPE ::= {
|
|
-- x509Certificate |
|
|
-- sdsiCertificate,
|
|
-- ... - - For future extensions
|
|
--}
|
|
|
|
-- CRLBag
|
|
|
|
CRLBag ::= SEQUENCE {
|
|
crlId --BAG-TYPE.&id ({CRLTypes})-- OBJECT IDENTIFIER,
|
|
crlValue [0] EXPLICIT --BAG-TYPE.&Type ({CRLTypes}{@crlId})-- ANY
|
|
}
|
|
|
|
--x509CRL BAG-TYPE ::=
|
|
-- {OCTET STRING IDENTIFIED BY {crlTypes 1}}
|
|
-- DER-encoded X.509 CRL stored in OCTET STRING
|
|
|
|
--CRLTypes BAG-TYPE ::= {
|
|
-- x509CRL,
|
|
-- ... - - For future extensions
|
|
--}
|
|
|
|
-- Secret Bag
|
|
|
|
SecretBag ::= SEQUENCE {
|
|
secretTypeId --BAG-TYPE.&id ({SecretTypes})-- OBJECT IDENTIFIER,
|
|
secretValue [0] EXPLICIT --BAG-TYPE.&Type ({SecretTypes}{@secretTypeId})-- ANY
|
|
}
|
|
|
|
--SecretTypes BAG-TYPE ::= {
|
|
-- ... - - For future extensions
|
|
--}
|
|
|
|
-- Attributes
|
|
|
|
PKCS12Attribute ::= SEQUENCE {
|
|
attrId --ATTRIBUTE.&id ({PKCS12AttrSet})-- OBJECT IDENTIFIER,
|
|
attrValues SET OF --ATTRIBUTE.&Type ({PKCS12AttrSet}{@attrId})-- ANY
|
|
} -- This type is compatible with the X.500 type 'Attribute'
|
|
|
|
--PKCS12AttrSet ATTRIBUTE ::= {
|
|
-- friendlyName |
|
|
-- localKeyId,
|
|
-- ... - - Other attributes are allowed
|
|
--}
|
|
|
|
--END
|
|
|
|
-- We import PKCS#8 here directly rather than creating another dissector
|
|
|
|
--PKCS-8 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-8(8)
|
|
-- modules(1) pkcs-8(1)}
|
|
|
|
-- $Revision: 1.5 $
|
|
|
|
-- This module has been checked for conformance with the ASN.1
|
|
-- standard by the OSS ASN.1 Tools
|
|
|
|
--DEFINITIONS IMPLICIT TAGS ::=
|
|
|
|
--BEGIN
|
|
|
|
-- EXPORTS All --
|
|
-- All types and values defined in this module is exported for use in other
|
|
-- ASN.1 modules.
|
|
|
|
--IMPORTS
|
|
|
|
--informationFramework
|
|
-- FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1)
|
|
-- usefulDefinitions(0) 3}
|
|
|
|
--Attribute
|
|
-- FROM InformationFramework informationFramework
|
|
|
|
--AlgorithmIdentifier, ALGORITHM-IDENTIFIER
|
|
-- FROM PKCS-5 {iso(1) member-body(2) us(840) rsadsi(113549)
|
|
-- pkcs(1) pkcs-5(5) modules(16) pkcs-5(1)};
|
|
|
|
-- Private-key information syntax
|
|
|
|
PrivateKeyInfo ::= SEQUENCE {
|
|
version Version,
|
|
privateKeyAlgorithm AlgorithmIdentifier --{{PrivateKeyAlgorithms}}--,
|
|
privateKey PrivateKey,
|
|
attributes [0] Attributes OPTIONAL }
|
|
|
|
Version ::= INTEGER {v1(0)} (v1,...)
|
|
|
|
PrivateKey ::= OCTET STRING
|
|
|
|
Attributes ::= SET OF Attribute
|
|
|
|
-- Encrypted private-key information syntax
|
|
|
|
EncryptedPrivateKeyInfo ::= SEQUENCE {
|
|
encryptionAlgorithm AlgorithmIdentifier --{{KeyEncryptionAlgorithms}}--,
|
|
encryptedData EncryptedData
|
|
}
|
|
|
|
EncryptedData ::= OCTET STRING
|
|
|
|
--PrivateKeyAlgorithms ALGORITHM-IDENTIFIER ::= {
|
|
-- ... - - For local profiles
|
|
--}
|
|
|
|
--KeyEncryptionAlgorithms ALGORITHM-IDENTIFIER ::= {
|
|
-- ... - - For local profiles
|
|
--}
|
|
|
|
-- From RFC 2898
|
|
PBEParameter ::= SEQUENCE {
|
|
salt OCTET STRING,
|
|
iterationCount INTEGER
|
|
}
|
|
|
|
|
|
PBKDF2Params ::= SEQUENCE {
|
|
salt CHOICE {
|
|
specified OCTET STRING,
|
|
otherSource AlgorithmIdentifier --{{PBKDF2-SaltSources}}--
|
|
},
|
|
iterationCount INTEGER --(1..MAX)--,
|
|
keyLength INTEGER (1..MAX) OPTIONAL,
|
|
prf AlgorithmIdentifier --{{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1-- OPTIONAL }
|
|
|
|
PBES2Params ::= SEQUENCE {
|
|
keyDerivationFunc AlgorithmIdentifier --{{PBES2-KDFs}}--,
|
|
encryptionScheme AlgorithmIdentifier --{{PBES2-Encs}}-- }
|
|
|
|
PBMAC1Params ::= SEQUENCE {
|
|
keyDerivationFunc AlgorithmIdentifier --{{PBMAC1-KDFs}}--,
|
|
messageAuthScheme AlgorithmIdentifier --{{PBMAC1-MACs}}-- }
|
|
|
|
|
|
END
|
|
|
|
|