415 lines
16 KiB
Groff
415 lines
16 KiB
Groff
-- This file is based on PKIX1Implicit93 definition in
|
|
-- RFC2459 section b.2
|
|
--
|
|
--Appendix F of RFC2459
|
|
--Appendix F. Full Copyright Statement
|
|
--
|
|
-- Copyright (C) The Internet Society (1999). All Rights Reserved.
|
|
--
|
|
-- This document and translations of it may be copied and furnished to
|
|
-- others, and derivative works that comment on or otherwise explain it
|
|
-- or assist in its implementation may be prepared, copied, published
|
|
-- and distributed, in whole or in part, without restriction of any
|
|
-- kind, provided that the above copyright notice and this paragraph are
|
|
-- included on all such copies and derivative works. However, this
|
|
-- document itself may not be modified in any way, such as by removing
|
|
-- the copyright notice or references to the Internet Society or other
|
|
-- Internet organizations, except as needed for the purpose of
|
|
-- developing Internet standards in which case the procedures for
|
|
-- copyrights defined in the Internet Standards process must be
|
|
-- followed, or as required to translate it into languages other than
|
|
-- English.
|
|
--
|
|
-- The limited permissions granted above are perpetual and will not be
|
|
-- revoked by the Internet Society or its successors or assigns.
|
|
--
|
|
-- This document and the information contained herein is provided on an
|
|
-- "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
|
-- TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
|
-- BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
|
-- HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
|
-- MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
|
--
|
|
--
|
|
--NOTE: This ASN1 definition have been significantly modified from the original
|
|
--version in RFC2459 in order to accomodate the featuresets available
|
|
--in the Wireshark projects asn2wrs compiler.
|
|
--It has also been modified and structures have been commented out that
|
|
--are already implemented in the X509 dissectors.
|
|
--Dissectors present already in the X509 dissectors should be implemented in
|
|
--the template by hand as stubs that will just call the original
|
|
--dissector functions in X509 in order not to duplicate code.
|
|
--
|
|
--Structures and constructs in this definition are uncommented and
|
|
--implemented on-demand when someone needs them.
|
|
--
|
|
--If you export new types from this file, make sure to update the
|
|
--pkix1implicit_exp.cnf file with the proper definitions
|
|
|
|
|
|
PKIX1Implicit93 {iso(1) identified-organization(3) dod(6) internet(1)
|
|
security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit-93(4)}
|
|
|
|
DEFINITIONS IMPLICIT TAGS::=
|
|
|
|
BEGIN
|
|
|
|
--EXPORTS ALL
|
|
|
|
IMPORTS
|
|
id-pe, id-qt, id-kp, id-ad, id-qt-unotice,
|
|
ORAddress, Name, RelativeDistinguishedName,
|
|
CertificateSerialNumber, CertificateList,
|
|
AlgorithmIdentifier, ub-name, DirectoryString,
|
|
Attribute, EXTENSION
|
|
FROM PKIX1Explicit93 {iso(1) identified-organization(3)
|
|
dod(6) internet(1) security(5) mechanisms(5) pkix(7)
|
|
id-mod(0) id-pkix1-explicit-93(3)}
|
|
GeneralName FROM CertificateExtensions;
|
|
|
|
|
|
-- Key and policy information extensions
|
|
--
|
|
--authorityKeyIdentifier EXTENSION ::= {
|
|
-- SYNTAX AuthorityKeyIdentifier
|
|
-- IDENTIFIED BY id-ce-authorityKeyIdentifier }
|
|
--
|
|
--AuthorityKeyIdentifier ::= SEQUENCE {
|
|
-- keyIdentifier [0] KeyIdentifier OPTIONAL,
|
|
-- authorityCertIssuer [1] GeneralNames OPTIONAL,
|
|
-- authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
|
|
-- ( WITH COMPONENTS {..., authorityCertIssuer PRESENT,
|
|
-- authorityCertSerialNumber PRESENT} |
|
|
-- WITH COMPONENTS {..., authorityCertIssuer ABSENT,
|
|
-- authorityCertSerialNumber ABSENT} )
|
|
--
|
|
KeyIdentifier ::= OCTET STRING
|
|
--
|
|
--subjectKeyIdentifier EXTENSION ::= {
|
|
-- SYNTAX SubjectKeyIdentifier
|
|
-- IDENTIFIED BY id-ce-subjectKeyIdentifier }
|
|
--
|
|
--SubjectKeyIdentifier ::= KeyIdentifier
|
|
--
|
|
--keyUsage EXTENSION ::= {
|
|
-- SYNTAX KeyUsage
|
|
-- IDENTIFIED BY id-ce-keyUsage }
|
|
--
|
|
--KeyUsage ::= BIT STRING {
|
|
-- digitalSignature (0),
|
|
-- nonRepudiation (1),
|
|
-- keyEncipherment (2),
|
|
-- dataEncipherment (3),
|
|
-- keyAgreement (4),
|
|
-- keyCertSign (5),
|
|
-- cRLSign (6),
|
|
-- encipherOnly (7),
|
|
-- decipherOnly (8) }
|
|
--
|
|
--extendedKeyUsage EXTENSION ::= {
|
|
-- SYNTAX SEQUENCE SIZE (1..MAX) OF KeyPurposeId
|
|
-- IDENTIFIED BY id-ce-extKeyUsage }
|
|
--
|
|
Dummy ::= NULL
|
|
--KeyPurposeId ::= OBJECT IDENTIFIER
|
|
--
|
|
-- PKIX-defined extended key purpose OIDs
|
|
--id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 }
|
|
--id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 }
|
|
--id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 }
|
|
--id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 }
|
|
--id-kp-ipsecEndSystem OBJECT IDENTIFIER ::= { id-kp 5 }
|
|
--id-kp-ipsecTunnel OBJECT IDENTIFIER ::= { id-kp 6 }
|
|
--id-kp-ipsecUser OBJECT IDENTIFIER ::= { id-kp 7 }
|
|
--id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 }
|
|
--
|
|
--privateKeyUsagePeriod EXTENSION ::= {
|
|
-- SYNTAX PrivateKeyUsagePeriod
|
|
-- IDENTIFIED BY { id-ce-privateKeyUsagePeriod } }
|
|
--
|
|
--PrivateKeyUsagePeriod ::= SEQUENCE {
|
|
-- notBefore [0] GeneralizedTime OPTIONAL,
|
|
-- notAfter [1] GeneralizedTime OPTIONAL }
|
|
-- ( WITH COMPONENTS {..., notBefore PRESENT} |
|
|
-- WITH COMPONENTS {..., notAfter PRESENT} )
|
|
--
|
|
--certificatePolicies EXTENSION ::= {
|
|
-- SYNTAX CertificatePoliciesSyntax
|
|
-- IDENTIFIED BY id-ce-certificatePolicies }
|
|
--
|
|
--CertificatePoliciesSyntax ::=
|
|
-- SEQUENCE SIZE (1..MAX) OF PolicyInformation
|
|
--
|
|
--PolicyInformation ::= SEQUENCE {
|
|
-- policyIdentifier CertPolicyId,
|
|
-- policyQualifiers SEQUENCE SIZE (1..MAX) OF
|
|
-- PolicyQualifierInfo OPTIONAL }
|
|
--
|
|
--CertPolicyId ::= OBJECT IDENTIFIER
|
|
--
|
|
--PolicyQualifierInfo ::= SEQUENCE {
|
|
-- policyQualifierId CERT-POLICY-QUALIFIER.&id
|
|
-- ({SupportedPolicyQualifiers}),
|
|
-- qualifier CERT-POLICY-QUALIFIER.&Qualifier
|
|
-- ({SupportedPolicyQualifiers}
|
|
-- {@policyQualifierId})OPTIONAL }
|
|
--
|
|
--SupportedPolicyQualifiers CERT-POLICY-QUALIFIER ::= { noticeToUser |
|
|
-- pointerToCPS }
|
|
--
|
|
--CERT-POLICY-QUALIFIER ::= CLASS {
|
|
-- &id OBJECT IDENTIFIER UNIQUE,
|
|
-- &Qualifier OPTIONAL }
|
|
--WITH SYNTAX {
|
|
-- POLICY-QUALIFIER-ID &id
|
|
-- [QUALIFIER-TYPE &Qualifier] }
|
|
--
|
|
--policyMappings EXTENSION ::= {
|
|
-- SYNTAX PolicyMappingsSyntax
|
|
-- IDENTIFIED BY id-ce-policyMappings }
|
|
--
|
|
--PolicyMappingsSyntax ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
|
|
-- issuerDomainPolicy CertPolicyId,
|
|
-- subjectDomainPolicy CertPolicyId }
|
|
--
|
|
-- Certificate subject and certificate issuer attributes extensions
|
|
--
|
|
--subjectAltName EXTENSION ::= {
|
|
-- SYNTAX GeneralNames
|
|
-- IDENTIFIED BY id-ce-subjectAltName }
|
|
--
|
|
--GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
|
|
--
|
|
--Imported from X509CE
|
|
--GeneralName ::= CHOICE {
|
|
-- otherName [0] INSTANCE OF OTHER-NAME,
|
|
-- rfc822Name [1] IA5String,
|
|
-- dNSName [2] IA5String,
|
|
-- x400Address [3] ORAddress,
|
|
-- directoryName [4] Name,
|
|
-- ediPartyName [5] EDIPartyName,
|
|
-- uniformResourceIdentifier [6] IA5String,
|
|
-- iPAddress [7] OCTET STRING,
|
|
-- registeredID [8] OBJECT IDENTIFIER
|
|
--}
|
|
|
|
--OTHER-NAME ::= TYPE-IDENTIFIER
|
|
|
|
EDIPartyName ::= SEQUENCE {
|
|
nameAssigner [0] DirectoryString OPTIONAL,
|
|
partyName [1] DirectoryString }
|
|
|
|
--issuerAltName EXTENSION ::= {
|
|
-- SYNTAX GeneralNames
|
|
-- IDENTIFIED BY id-ce-issuerAltName }
|
|
--
|
|
--subjectDirectoryAttributes EXTENSION ::= {
|
|
-- SYNTAX AttributesSyntax
|
|
-- IDENTIFIED BY id-ce-subjectDirectoryAttributes }
|
|
--
|
|
--AttributesSyntax ::= SEQUENCE SIZE (1..MAX) OF Attribute
|
|
--
|
|
-- Certification path constraints extensions
|
|
--
|
|
--basicConstraints EXTENSION ::= {
|
|
-- SYNTAX BasicConstraintsSyntax
|
|
-- IDENTIFIED BY id-ce-basicConstraints }
|
|
--
|
|
--BasicConstraintsSyntax ::= SEQUENCE {
|
|
-- cA BOOLEAN DEFAULT FALSE,
|
|
-- pathLenConstraint INTEGER (0..MAX) OPTIONAL }
|
|
--
|
|
--nameConstraints EXTENSION ::= {
|
|
-- SYNTAX NameConstraintsSyntax
|
|
-- IDENTIFIED BY id-ce-nameConstraints }
|
|
--
|
|
--NameConstraintsSyntax ::= SEQUENCE {
|
|
-- permittedSubtrees [0] GeneralSubtrees OPTIONAL,
|
|
-- excludedSubtrees [1] GeneralSubtrees OPTIONAL }
|
|
--
|
|
--GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
|
|
--
|
|
--GeneralSubtree ::= SEQUENCE {
|
|
-- base GeneralName,
|
|
-- minimum [0] BaseDistance DEFAULT 0,
|
|
-- maximum [1] BaseDistance OPTIONAL }
|
|
--
|
|
--BaseDistance ::= INTEGER (0..MAX)
|
|
--
|
|
--policyConstraints EXTENSION ::= {
|
|
-- SYNTAX PolicyConstraintsSyntax
|
|
-- IDENTIFIED BY id-ce-policyConstraints }
|
|
--
|
|
--PolicyConstraintsSyntax ::= SEQUENCE {
|
|
-- requireExplicitPolicy [0] SkipCerts OPTIONAL,
|
|
-- inhibitPolicyMapping [1] SkipCerts OPTIONAL }
|
|
--
|
|
--
|
|
--SkipCerts ::= INTEGER (0..MAX)
|
|
--
|
|
-- Basic CRL extensions
|
|
--
|
|
--cRLNumber EXTENSION ::= {
|
|
-- SYNTAX CRLNumber
|
|
-- IDENTIFIED BY id-ce-cRLNumber }
|
|
--
|
|
--CRLNumber ::= INTEGER (0..MAX)
|
|
--
|
|
--reasonCode EXTENSION ::= {
|
|
-- SYNTAX CRLReason
|
|
-- IDENTIFIED BY id-ce-reasonCode }
|
|
--
|
|
--CRLReason ::= ENUMERATED {
|
|
-- unspecified (0),
|
|
-- keyCompromise (1),
|
|
-- cACompromise (2),
|
|
-- affiliationChanged (3),
|
|
-- superseded (4),
|
|
-- cessationOfOperation (5),
|
|
-- certificateHold (6),
|
|
-- removeFromCRL (8) }
|
|
--
|
|
--instructionCode EXTENSION ::= {
|
|
-- SYNTAX HoldInstruction
|
|
-- IDENTIFIED BY id-ce-instructionCode }
|
|
--
|
|
--HoldInstruction ::= OBJECT IDENTIFIER
|
|
--
|
|
-- holdinstructions described in this specification, from ANSI x9
|
|
--
|
|
-- ANSI x9 arc holdinstruction arc
|
|
--holdInstruction OBJECT IDENTIFIER ::= {
|
|
-- joint-iso-ccitt(2) member-body(2) us(840) x9cm(10040) 2}
|
|
--
|
|
-- ANSI X9 holdinstructions referenced by this standard
|
|
--id-holdinstruction-none OBJECT IDENTIFIER ::= {holdInstruction 1}
|
|
--id-holdinstruction-callissuer OBJECT IDENTIFIER ::= {holdInstruction 2}
|
|
--id-holdinstruction-reject OBJECT IDENTIFIER ::= {holdInstruction 3}
|
|
--
|
|
--invalidityDate EXTENSION ::= {
|
|
-- SYNTAX GeneralizedTime
|
|
-- IDENTIFIED BY id-ce-invalidityDate }
|
|
--
|
|
-- CRL distribution points and delta-CRL extensions
|
|
--
|
|
--cRLDistributionPoints EXTENSION ::= {
|
|
--
|
|
-- SYNTAX CRLDistPointsSyntax
|
|
-- IDENTIFIED BY id-ce-cRLDistributionPoints }
|
|
--
|
|
--CRLDistPointsSyntax ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
|
|
--
|
|
--DistributionPoint ::= SEQUENCE {
|
|
-- distributionPoint [0] DistributionPointName OPTIONAL,
|
|
-- reasons [1] ReasonFlags OPTIONAL,
|
|
-- cRLIssuer [2] GeneralNames OPTIONAL }
|
|
--
|
|
--DistributionPointName ::= CHOICE {
|
|
-- fullName [0] GeneralNames,
|
|
-- nameRelativeToCRLIssuer [1] RelativeDistinguishedName }
|
|
--
|
|
--ReasonFlags ::= BIT STRING {
|
|
-- unused (0),
|
|
-- keyCompromise (1),
|
|
-- caCompromise (2),
|
|
-- affiliationChanged (3),
|
|
-- superseded (4),
|
|
-- cessationOfOperation (5),
|
|
-- certificateHold (6) }
|
|
--
|
|
--issuingDistributionPoint EXTENSION ::= {
|
|
-- SYNTAX IssuingDistPointSyntax
|
|
-- IDENTIFIED BY id-ce-issuingDistributionPoint }
|
|
--
|
|
--IssuingDistPointSyntax ::= SEQUENCE {
|
|
-- distributionPoint [0] DistributionPointName OPTIONAL,
|
|
-- onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE,
|
|
-- onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE,
|
|
-- onlySomeReasons [3] ReasonFlags OPTIONAL,
|
|
-- indirectCRL [4] BOOLEAN DEFAULT FALSE }
|
|
--
|
|
--certificateIssuer EXTENSION ::= {
|
|
-- SYNTAX GeneralNames
|
|
-- IDENTIFIED BY id-ce-certificateIssuer }
|
|
--
|
|
--deltaCRLIndicator EXTENSION ::= {
|
|
-- SYNTAX BaseCRLNumber
|
|
-- IDENTIFIED BY id-ce-deltaCRLIndicator }
|
|
--
|
|
--BaseCRLNumber ::= CRLNumber
|
|
--
|
|
-- Object identifier assignments for ISO certificate extensions
|
|
--id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29}
|
|
--
|
|
--id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= {id-ce 9}
|
|
--
|
|
--id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= {id-ce 14}
|
|
--id-ce-keyUsage OBJECT IDENTIFIER ::= {id-ce 15}
|
|
--id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= {id-ce 16}
|
|
--id-ce-subjectAltName OBJECT IDENTIFIER ::= {id-ce 17}
|
|
--id-ce-issuerAltName OBJECT IDENTIFIER ::= {id-ce 18}
|
|
--id-ce-basicConstraints OBJECT IDENTIFIER ::= {id-ce 19}
|
|
--id-ce-cRLNumber OBJECT IDENTIFIER ::= {id-ce 20}
|
|
--id-ce-reasonCode OBJECT IDENTIFIER ::= {id-ce 21}
|
|
--id-ce-instructionCode OBJECT IDENTIFIER ::= {id-ce 23}
|
|
--id-ce-invalidityDate OBJECT IDENTIFIER ::= {id-ce 24}
|
|
--id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= {id-ce 27}
|
|
--id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= {id-ce 28}
|
|
--id-ce-certificateIssuer OBJECT IDENTIFIER ::= {id-ce 29}
|
|
--id-ce-nameConstraints OBJECT IDENTIFIER ::= {id-ce 30}
|
|
--id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= {id-ce 31}
|
|
--id-ce-certificatePolicies OBJECT IDENTIFIER ::= {id-ce 32}
|
|
--id-ce-policyMappings OBJECT IDENTIFIER ::= {id-ce 33}
|
|
--id-ce-policyConstraints OBJECT IDENTIFIER ::= {id-ce 36}
|
|
--id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= {id-ce 35}
|
|
--id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37}
|
|
--
|
|
-- PKIX 1 extensions
|
|
--
|
|
--authorityInfoAccess EXTENSION ::= {
|
|
-- SYNTAX AuthorityInfoAccessSyntax
|
|
-- IDENTIFIED BY id-pe-authorityInfoAccess }
|
|
|
|
AuthorityInfoAccessSyntax ::=
|
|
SEQUENCE SIZE (1..MAX) OF AccessDescription
|
|
|
|
AccessDescription ::= SEQUENCE {
|
|
accessMethod OBJECT IDENTIFIER,
|
|
accessLocation GeneralName }
|
|
|
|
--id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
|
|
--
|
|
--id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
|
|
--id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }
|
|
--
|
|
-- PKIX policy qualifier definitions
|
|
--
|
|
--noticeToUser CERT-POLICY-QUALIFIER ::= {
|
|
-- POLICY-QUALIFIER-ID id-qt-cps QUALIFIER-TYPE CPSuri}
|
|
--
|
|
--pointerToCPS CERT-POLICY-QUALIFIER ::= {
|
|
-- POLICY-QUALIFIER-ID id-qt-unotice QUALIFIER-TYPE UserNotice}
|
|
--
|
|
--id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 }
|
|
--
|
|
--id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 }
|
|
--
|
|
--CPSuri ::= IA5String
|
|
--
|
|
UserNotice ::= SEQUENCE {
|
|
noticeRef NoticeReference OPTIONAL,
|
|
explicitText DisplayText OPTIONAL}
|
|
|
|
NoticeReference ::= SEQUENCE {
|
|
organization DisplayText,
|
|
noticeNumbers SEQUENCE OF INTEGER }
|
|
|
|
DisplayText ::= CHOICE {
|
|
ia5String IA5String,
|
|
visibleString VisibleString,
|
|
bmpString BMPString,
|
|
utf8String UTF8String }
|
|
|
|
|
|
END
|