2 -- Definitions from rfc2459/rfc3280
4 RFC2459 DEFINITIONS ::= BEGIN
6 IMPORTS heim_any FROM heim;
14 id-pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
15 rsadsi(113549) pkcs(1) 1 }
16 id-pkcs1-rsaEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 1 }
17 id-pkcs1-md2WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 2 }
18 id-pkcs1-md5WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 4 }
19 id-pkcs1-sha1WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 5 }
20 id-pkcs1-sha256WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 11 }
21 id-pkcs1-sha384WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 12 }
22 id-pkcs1-sha512WithRSAEncryption OBJECT IDENTIFIER ::= { id-pkcs-1 13 }
24 id-heim-rsa-pkcs1-x509 OBJECT IDENTIFIER ::= { 1 2 752 43 16 1 }
26 id-pkcs-2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
27 rsadsi(113549) pkcs(1) 2 }
28 id-pkcs2-md2 OBJECT IDENTIFIER ::= { id-pkcs-2 2 }
29 id-pkcs2-md4 OBJECT IDENTIFIER ::= { id-pkcs-2 4 }
30 id-pkcs2-md5 OBJECT IDENTIFIER ::= { id-pkcs-2 5 }
32 id-rsa-digestAlgorithm OBJECT IDENTIFIER ::=
33 { iso(1) member-body(2) us(840) rsadsi(113549) 2 }
35 id-rsa-digest-md2 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 2 }
36 id-rsa-digest-md4 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 4 }
37 id-rsa-digest-md5 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 5 }
39 id-pkcs-3 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
40 rsadsi(113549) pkcs(1) 3 }
42 id-pkcs3-rc2-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 2 }
43 id-pkcs3-rc4 OBJECT IDENTIFIER ::= { id-pkcs-3 4 }
44 id-pkcs3-des-ede3-cbc OBJECT IDENTIFIER ::= { id-pkcs-3 7 }
46 id-rsadsi-encalg OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
49 id-rsadsi-rc2-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 2 }
50 id-rsadsi-des-ede3-cbc OBJECT IDENTIFIER ::= { id-rsadsi-encalg 7 }
52 id-secsig-sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
53 oiw(14) secsig(3) algorithm(2) 26 }
55 id-secsig-sha-1WithRSAEncryption OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
56 oiw(14) secsig(3) algorithm(2) 29 }
58 id-nistAlgorithm OBJECT IDENTIFIER ::= {
59 joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) 4 }
61 id-nist-aes-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 1 }
63 id-aes-128-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 2 }
64 id-aes-192-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 22 }
65 id-aes-256-cbc OBJECT IDENTIFIER ::= { id-nist-aes-algs 42 }
67 id-nist-sha-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 2 }
69 id-sha256 OBJECT IDENTIFIER ::= { id-nist-sha-algs 1 }
70 id-sha224 OBJECT IDENTIFIER ::= { id-nist-sha-algs 4 }
71 id-sha384 OBJECT IDENTIFIER ::= { id-nist-sha-algs 2 }
72 id-sha512 OBJECT IDENTIFIER ::= { id-nist-sha-algs 3 }
74 id-dhpublicnumber OBJECT IDENTIFIER ::= {
75 iso(1) member-body(2) us(840) ansi-x942(10046)
80 id-ecPublicKey OBJECT IDENTIFIER ::= {
81 iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 }
83 id-ecDH OBJECT IDENTIFIER ::= {
84 iso(1) identified-organization(3) certicom(132) schemes(1)
87 id-ecMQV OBJECT IDENTIFIER ::= {
88 iso(1) identified-organization(3) certicom(132) schemes(1)
91 id-ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
92 iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
93 ecdsa-with-SHA2(3) 2 }
95 id-ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
96 iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 }
100 id-ec-group-secp256r1 OBJECT IDENTIFIER ::= {
101 iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
104 id-ec-group-secp160r1 OBJECT IDENTIFIER ::= {
105 iso(1) identified-organization(3) certicom(132) 0 8 }
107 id-ec-group-secp160r2 OBJECT IDENTIFIER ::= {
108 iso(1) identified-organization(3) certicom(132) 0 30 }
112 id-x9-57 OBJECT IDENTIFIER ::= {
113 iso(1) member-body(2) us(840) ansi-x942(10046) 4 }
115 id-dsa OBJECT IDENTIFIER ::= { id-x9-57 1 }
116 id-dsa-with-sha1 OBJECT IDENTIFIER ::= { id-x9-57 3 }
120 id-x520-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 }
122 id-at-commonName OBJECT IDENTIFIER ::= { id-x520-at 3 }
123 id-at-surname OBJECT IDENTIFIER ::= { id-x520-at 4 }
124 id-at-serialNumber OBJECT IDENTIFIER ::= { id-x520-at 5 }
125 id-at-countryName OBJECT IDENTIFIER ::= { id-x520-at 6 }
126 id-at-localityName OBJECT IDENTIFIER ::= { id-x520-at 7 }
127 id-at-stateOrProvinceName OBJECT IDENTIFIER ::= { id-x520-at 8 }
128 id-at-streetAddress OBJECT IDENTIFIER ::= { id-x520-at 9 }
129 id-at-organizationName OBJECT IDENTIFIER ::= { id-x520-at 10 }
130 id-at-organizationalUnitName OBJECT IDENTIFIER ::= { id-x520-at 11 }
131 id-at-name OBJECT IDENTIFIER ::= { id-x520-at 41 }
132 id-at-givenName OBJECT IDENTIFIER ::= { id-x520-at 42 }
133 id-at-initials OBJECT IDENTIFIER ::= { id-x520-at 43 }
134 id-at-generationQualifier OBJECT IDENTIFIER ::= { id-x520-at 44 }
135 id-at-pseudonym OBJECT IDENTIFIER ::= { id-x520-at 65 }
137 id-Userid OBJECT IDENTIFIER ::=
138 { 0 9 2342 19200300 100 1 1 }
139 id-domainComponent OBJECT IDENTIFIER ::=
140 { 0 9 2342 19200300 100 1 25 }
145 id-x509-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29}
147 AlgorithmIdentifier ::= SEQUENCE {
148 algorithm OBJECT IDENTIFIER,
149 parameters heim_any OPTIONAL
152 AttributeType ::= OBJECT IDENTIFIER
154 AttributeValue ::= heim_any
156 DirectoryString ::= CHOICE {
158 teletexString TeletexString,
159 printableString PrintableString,
160 universalString UniversalString,
161 utf8String UTF8String,
165 Attribute ::= SEQUENCE {
167 value SET OF -- AttributeValue -- heim_any
170 AttributeTypeAndValue ::= SEQUENCE {
172 value DirectoryString
175 RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
177 RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
180 rdnSequence RDNSequence
183 CertificateSerialNumber ::= INTEGER
187 generalTime GeneralizedTime
190 Validity ::= SEQUENCE {
195 UniqueIdentifier ::= BIT STRING
197 SubjectPublicKeyInfo ::= SEQUENCE {
198 algorithm AlgorithmIdentifier,
199 subjectPublicKey BIT STRING
202 Extension ::= SEQUENCE {
203 extnID OBJECT IDENTIFIER,
204 critical BOOLEAN OPTIONAL, -- DEFAULT FALSE XXX
205 extnValue OCTET STRING
208 Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
210 TBSCertificate ::= SEQUENCE {
211 version [0] Version OPTIONAL, -- EXPLICIT nnn DEFAULT 1,
212 serialNumber CertificateSerialNumber,
213 signature AlgorithmIdentifier,
217 subjectPublicKeyInfo SubjectPublicKeyInfo,
218 issuerUniqueID [1] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
219 -- If present, version shall be v2 or v3
220 subjectUniqueID [2] IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
221 -- If present, version shall be v2 or v3
222 extensions [3] EXPLICIT Extensions OPTIONAL
223 -- If present, version shall be v3
226 Certificate ::= SEQUENCE {
227 tbsCertificate TBSCertificate,
228 signatureAlgorithm AlgorithmIdentifier,
229 signatureValue BIT STRING
232 Certificates ::= SEQUENCE OF Certificate
234 ValidationParms ::= SEQUENCE {
239 DomainParameters ::= SEQUENCE {
240 p INTEGER, -- odd prime, p=jq +1
241 g INTEGER, -- generator, g
242 q INTEGER, -- factor of p-1
243 j INTEGER OPTIONAL, -- subgroup factor
244 validationParms ValidationParms OPTIONAL -- ValidationParms
247 -- As defined by PKCS3
248 DHParameter ::= SEQUENCE {
249 prime INTEGER, -- odd prime, p=jq +1
250 base INTEGER, -- generator, g
251 privateValueLength INTEGER OPTIONAL
254 DHPublicKey ::= INTEGER
256 OtherName ::= SEQUENCE {
257 type-id OBJECT IDENTIFIER,
258 value [0] EXPLICIT heim_any
261 GeneralName ::= CHOICE {
262 otherName [0] IMPLICIT -- OtherName -- SEQUENCE {
263 type-id OBJECT IDENTIFIER,
264 value [0] EXPLICIT heim_any
266 rfc822Name [1] IMPLICIT IA5String,
267 dNSName [2] IMPLICIT IA5String,
268 -- x400Address [3] IMPLICIT ORAddress,--
269 directoryName [4] IMPLICIT -- Name -- CHOICE {
270 rdnSequence RDNSequence
272 -- ediPartyName [5] IMPLICIT EDIPartyName, --
273 uniformResourceIdentifier [6] IMPLICIT IA5String,
274 iPAddress [7] IMPLICIT OCTET STRING,
275 registeredID [8] IMPLICIT OBJECT IDENTIFIER
278 GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
280 id-x509-ce-keyUsage OBJECT IDENTIFIER ::= { id-x509-ce 15 }
282 KeyUsage ::= BIT STRING {
283 digitalSignature (0),
286 dataEncipherment (3),
294 id-x509-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 35 }
296 KeyIdentifier ::= OCTET STRING
298 AuthorityKeyIdentifier ::= SEQUENCE {
299 keyIdentifier [0] IMPLICIT OCTET STRING OPTIONAL,
300 authorityCertIssuer [1] IMPLICIT -- GeneralName --
301 SEQUENCE -- SIZE (1..MAX) -- OF GeneralName OPTIONAL,
302 authorityCertSerialNumber [2] IMPLICIT INTEGER OPTIONAL
305 id-x509-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-x509-ce 14 }
307 SubjectKeyIdentifier ::= KeyIdentifier
309 id-x509-ce-basicConstraints OBJECT IDENTIFIER ::= { id-x509-ce 19 }
311 BasicConstraints ::= SEQUENCE {
312 cA BOOLEAN OPTIONAL -- DEFAULT FALSE --,
313 pathLenConstraint INTEGER (0..4294967295) OPTIONAL
316 id-x509-ce-nameConstraints OBJECT IDENTIFIER ::= { id-x509-ce 30 }
318 BaseDistance ::= INTEGER -- (0..MAX) --
320 GeneralSubtree ::= SEQUENCE {
322 minimum [0] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL -- DEFAULT 0 --,
323 maximum [1] IMPLICIT -- BaseDistance -- INTEGER OPTIONAL
326 GeneralSubtrees ::= SEQUENCE -- SIZE (1..MAX) -- OF GeneralSubtree
328 NameConstraints ::= SEQUENCE {
329 permittedSubtrees [0] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL,
330 excludedSubtrees [1] IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL
333 id-x509-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-x509-ce 16 }
334 id-x509-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-x509-ce 32 }
335 id-x509-ce-policyMappings OBJECT IDENTIFIER ::= { id-x509-ce 33 }
336 id-x509-ce-subjectAltName OBJECT IDENTIFIER ::= { id-x509-ce 17 }
337 id-x509-ce-issuerAltName OBJECT IDENTIFIER ::= { id-x509-ce 18 }
338 id-x509-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-x509-ce 9 }
339 id-x509-ce-policyConstraints OBJECT IDENTIFIER ::= { id-x509-ce 36 }
341 id-x509-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-x509-ce 37}
343 ExtKeyUsage ::= SEQUENCE OF OBJECT IDENTIFIER
345 id-x509-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-x509-ce 31 }
346 id-x509-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-x509-ce 27 }
347 id-x509-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-x509-ce 28 }
348 id-x509-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-x509-ce 23 }
349 id-x509-ce-invalidityDate OBJECT IDENTIFIER ::= { id-x509-ce 24 }
350 id-x509-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-x509-ce 29 }
351 id-x509-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-x509-ce 54 }
353 DistributionPointReasonFlags ::= BIT STRING {
357 affiliationChanged (3),
359 cessationOfOperation (5),
361 privilegeWithdrawn (7),
365 DistributionPointName ::= CHOICE {
366 fullName [0] IMPLICIT -- GeneralNames -- SEQUENCE SIZE (1..MAX) OF GeneralName,
367 nameRelativeToCRLIssuer [1] RelativeDistinguishedName
370 DistributionPoint ::= SEQUENCE {
371 distributionPoint [0] IMPLICIT heim_any -- DistributionPointName -- OPTIONAL,
372 reasons [1] IMPLICIT heim_any -- DistributionPointReasonFlags -- OPTIONAL,
373 cRLIssuer [2] IMPLICIT heim_any -- GeneralNames -- OPTIONAL
376 CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
381 DSASigValue ::= SEQUENCE {
386 DSAPublicKey ::= INTEGER
388 DSAParams ::= SEQUENCE {
394 -- draft-ietf-pkix-ecc-subpubkeyinfo-11
396 ECPoint ::= OCTET STRING
398 ECParameters ::= CHOICE {
399 namedCurve OBJECT IDENTIFIER
400 -- implicitCurve NULL
401 -- specifiedCurve SpecifiedECDomain
404 ECDSA-Sig-Value ::= SEQUENCE {
411 RSAPublicKey ::= SEQUENCE {
412 modulus INTEGER, -- n
413 publicExponent INTEGER -- e
416 RSAPrivateKey ::= SEQUENCE {
417 version INTEGER (0..4294967295),
418 modulus INTEGER, -- n
419 publicExponent INTEGER, -- e
420 privateExponent INTEGER, -- d
423 exponent1 INTEGER, -- d mod (p-1)
424 exponent2 INTEGER, -- d mod (q-1)
425 coefficient INTEGER -- (inverse of q) mod p
428 DigestInfo ::= SEQUENCE {
429 digestAlgorithm AlgorithmIdentifier,
435 -- szOID_ENROLL_CERTTYPE_EXTENSION "1.3.6.1.4.1.311.20.2" is Encoded as a
437 -- UNICODESTRING (0x1E tag)
439 -- szOID_CERTIFICATE_TEMPLATE "1.3.6.1.4.1.311.21.7" is Encoded as:
441 -- TemplateVersion ::= INTEGER (0..4294967295)
443 -- CertificateTemplate ::= SEQUENCE {
444 -- templateID OBJECT IDENTIFIER,
445 -- templateMajorVersion TemplateVersion,
446 -- templateMinorVersion TemplateVersion OPTIONAL
454 TBSCRLCertList ::= SEQUENCE {
455 version Version OPTIONAL, -- if present, MUST be v2
456 signature AlgorithmIdentifier,
459 nextUpdate Time OPTIONAL,
460 revokedCertificates SEQUENCE OF SEQUENCE {
461 userCertificate CertificateSerialNumber,
463 crlEntryExtensions Extensions OPTIONAL
464 -- if present, MUST be v2
466 crlExtensions [0] EXPLICIT Extensions OPTIONAL
467 -- if present, MUST be v2
471 CRLCertificateList ::= SEQUENCE {
472 tbsCertList TBSCRLCertList,
473 signatureAlgorithm AlgorithmIdentifier,
474 signatureValue BIT STRING
477 id-x509-ce-cRLNumber OBJECT IDENTIFIER ::= { id-x509-ce 20 }
478 id-x509-ce-freshestCRL OBJECT IDENTIFIER ::= { id-x509-ce 46 }
479 id-x509-ce-cRLReason OBJECT IDENTIFIER ::= { id-x509-ce 21 }
481 CRLReason ::= ENUMERATED {
485 affiliationChanged (3),
487 cessationOfOperation (5),
490 privilegeWithdrawn (9),
494 PKIXXmppAddr ::= UTF8String
496 id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
497 dod(6) internet(1) security(5) mechanisms(5) pkix(7) }
499 id-pkix-on OBJECT IDENTIFIER ::= { id-pkix 8 }
500 id-pkix-on-xmppAddr OBJECT IDENTIFIER ::= { id-pkix-on 5 }
501 id-pkix-on-dnsSRV OBJECT IDENTIFIER ::= { id-pkix-on 7 }
503 id-pkix-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
504 id-pkix-kp-serverAuth OBJECT IDENTIFIER ::= { id-pkix-kp 1 }
505 id-pkix-kp-clientAuth OBJECT IDENTIFIER ::= { id-pkix-kp 2 }
506 id-pkix-kp-emailProtection OBJECT IDENTIFIER ::= { id-pkix-kp 4 }
507 id-pkix-kp-timeStamping OBJECT IDENTIFIER ::= { id-pkix-kp 8 }
508 id-pkix-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-pkix-kp 9 }
510 id-pkix-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
512 id-pkix-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pkix-pe 1 }
514 AccessDescription ::= SEQUENCE {
515 accessMethod OBJECT IDENTIFIER,
516 accessLocation GeneralName
519 AuthorityInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescription
521 -- RFC 3820 Proxy Certificate Profile
523 id-pkix-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pkix-pe 14 }
525 id-pkix-ppl OBJECT IDENTIFIER ::= { id-pkix 21 }
527 id-pkix-ppl-anyLanguage OBJECT IDENTIFIER ::= { id-pkix-ppl 0 }
528 id-pkix-ppl-inheritAll OBJECT IDENTIFIER ::= { id-pkix-ppl 1 }
529 id-pkix-ppl-independent OBJECT IDENTIFIER ::= { id-pkix-ppl 2 }
531 ProxyPolicy ::= SEQUENCE {
532 policyLanguage OBJECT IDENTIFIER,
533 policy OCTET STRING OPTIONAL
536 ProxyCertInfo ::= SEQUENCE {
537 pCPathLenConstraint INTEGER (0..4294967295) OPTIONAL, -- really MAX
538 proxyPolicy ProxyPolicy
541 --- U.S. Federal PKI Common Policy Framework
542 -- Card Authentication key
543 id-uspkicommon-card-id OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 6 }
544 id-uspkicommon-piv-interim OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 6 9 1 }
546 --- Netscape extentions
548 id-netscape OBJECT IDENTIFIER ::=
549 { joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730) }
550 id-netscape-cert-comment OBJECT IDENTIFIER ::= { id-netscape 1 13 }
554 id-ms-cert-enroll-domaincontroller OBJECT IDENTIFIER ::=
555 { 1 3 6 1 4 1 311 20 2 }
557 id-ms-client-authentication OBJECT IDENTIFIER ::=
558 { 1 3 6 1 5 5 7 3 2 }
560 -- DER:1e:20:00:44:00:6f:00:6d:00:61:00:69:00:6e:00:43:00:6f:00:6e:00:74:00:72:00:6f:00:6c:00:6c:00:65:00:72
projects / FreeBSD / releng / 10.0.git / blob