diff options
Diffstat (limited to 'epan/dissectors/asn1/pkcs12/pkcs12.asn')
-rw-r--r-- | epan/dissectors/asn1/pkcs12/pkcs12.asn | 275 |
1 files changed, 275 insertions, 0 deletions
diff --git a/epan/dissectors/asn1/pkcs12/pkcs12.asn b/epan/dissectors/asn1/pkcs12/pkcs12.asn new file mode 100644 index 0000000000..b55e718b6e --- /dev/null +++ b/epan/dissectors/asn1/pkcs12/pkcs12.asn @@ -0,0 +1,275 @@ +PKCS-12 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) + pkcs-12(12) modules(0) pkcs-12(1)} + +DEFINITIONS IMPLICIT TAGS ::= + +BEGIN + +-- EXPORTS ALL +-- All types and values defined in this module is exported for use in +-- other ASN.1 modules. + +IMPORTS + +informationFramework + FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1) + usefulDefinitions(0) 3} + +Attribute + FROM InformationFramework informationFramework + +ContentInfo, --DigestInfo-- Digest, DigestAlgorithmIdentifier + FROM PKCS-7 {iso(1) member-body(2) us(840) rsadsi(113549) + pkcs(1) pkcs-7(7) modules(0) pkcs-7(1)} + +--PrivateKeyInfo, EncryptedPrivateKeyInfo +-- FROM PKCS-8 {iso(1) member-body(2) us(840) rsadsi(113549) +-- pkcs(1) pkcs-8(8) modules(1) pkcs-8(1)} +-- +--pkcs-9, friendlyName, localKeyId, certTypes, crlTypes +-- FROM PKCS-9 {iso(1) member-body(2) us(840) rsadsi(113549) +-- pkcs(1) pkcs-9(9) modules(0) pkcs-9(1) };-- + +-- A PKCS#8 IMPORT from below +AlgorithmIdentifier, ALGORITHM-IDENTIFIER + FROM PKCS-5 {iso(1) member-body(2) us(840) rsadsi(113549) + pkcs(1) pkcs-5(5) modules(16) pkcs-5(1)}; + + +-- Object identifiers + +--rsadsi OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549)} +--pkcs OBJECT IDENTIFIER ::= {rsadsi pkcs(1)} +--pkcs-12 OBJECT IDENTIFIER ::= {pkcs 12} +--pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1} +--pbeWithSHAAnd128BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 1} +--pbeWithSHAAnd40BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 2} +--pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} +--pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} +--pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} +--pbewithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} + +--bagtypes OBJECT IDENTIFIER ::= {pkcs-12 10 1} + +-- The PFX PDU + +PFX ::= SEQUENCE { + version INTEGER {v3(3)}(v3,...), + authSafe ContentInfo, + macData MacData OPTIONAL +} + +MacData ::= SEQUENCE { + mac DigestInfo, + macSalt OCTET STRING, + iterations INTEGER DEFAULT 1 +-- Note: The default is for historical reasons and its use is +-- deprecated. A higher value, like 1024 is recommended. +} + +-- Imported from PKCS#7 +DigestInfo ::= SEQUENCE { + digestAlgorithm DigestAlgorithmIdentifier, + digest Digest +} + +AuthenticatedSafe ::= SEQUENCE OF ContentInfo + -- Data if unencrypted + -- EncryptedData if password-encrypted + -- EnvelopedData if public key-encrypted + +SafeContents ::= SEQUENCE OF SafeBag + +SafeBag ::= SEQUENCE { + bagId -- BAG-TYPE.&id ({PKCS12BagSet}) -- OBJECT IDENTIFIER, + bagValue [0] EXPLICIT --BAG-TYPE.&Type({PKCS12BagSet}{@bagId}) -- ANY, + bagAttributes SET OF PKCS12Attribute OPTIONAL +} + +-- Bag types + +--keyBag BAG-TYPE ::= +-- {KeyBag IDENTIFIED BY {bagtypes 1}} +--pkcs8ShroudedKeyBag BAG-TYPE ::= +-- {PKCS8ShroudedKeyBag IDENTIFIED BY {bagtypes 2}} +--certBag BAG-TYPE ::= +-- {CertBag IDENTIFIED BY {bagtypes 3}} +--crlBag BAG-TYPE ::= +-- {CRLBag IDENTIFIED BY {bagtypes 4}} +--secretBag BAG-TYPE ::= +-- {SecretBag IDENTIFIED BY {bagtypes 5}} +--safeContentsBag BAG-TYPE ::= +-- {SafeContents IDENTIFIED BY {bagtypes 6}} + +--PKCS12BagSet BAG-TYPE ::= { +-- keyBag | +-- pkcs8ShroudedKeyBag | +-- certBag | +-- crlBag | +-- secretBag | +-- safeContentsBag, +-- ... - - For future extensions +--} + +--BAG-TYPE ::= TYPE-IDENTIFIER + +-- KeyBag + +KeyBag ::= PrivateKeyInfo + +-- Shrouded KeyBag + +PKCS8ShroudedKeyBag ::= EncryptedPrivateKeyInfo + +-- CertBag + +CertBag ::= SEQUENCE { + certId --BAG-TYPE.&id ({CertTypes}) -- OBJECT IDENTIFIER, + certValue [0] EXPLICIT --BAG-TYPE.&Type ({CertTypes}{@certId})-- ANY +} + +--x509Certificate BAG-TYPE ::= +-- {OCTET STRING IDENTIFIED BY {certTypes 1}} + -- DER-encoded X.509 certificate stored in OCTET STRING +--sdsiCertificate BAG-TYPE ::= +-- {IA5String IDENTIFIED BY {certTypes 2}} + -- Base64-encoded SDSI certificate stored in IA5String + +--CertTypes BAG-TYPE ::= { +-- x509Certificate | +-- sdsiCertificate, +-- ... - - For future extensions +--} + +-- CRLBag + +CRLBag ::= SEQUENCE { + crlId --BAG-TYPE.&id ({CRLTypes})-- OBJECT IDENTIFIER, + crlValue [0] EXPLICIT --BAG-TYPE.&Type ({CRLTypes}{@crlId})-- ANY +} + +--x509CRL BAG-TYPE ::= +-- {OCTET STRING IDENTIFIED BY {crlTypes 1}} + -- DER-encoded X.509 CRL stored in OCTET STRING + +--CRLTypes BAG-TYPE ::= { +-- x509CRL, +-- ... - - For future extensions +--} + +-- Secret Bag + +SecretBag ::= SEQUENCE { + secretTypeId --BAG-TYPE.&id ({SecretTypes})-- OBJECT IDENTIFIER, + secretValue [0] EXPLICIT --BAG-TYPE.&Type ({SecretTypes}{@secretTypeId})-- ANY +} + +--SecretTypes BAG-TYPE ::= { +-- ... - - For future extensions +--} + +-- Attributes + +PKCS12Attribute ::= SEQUENCE { + attrId --ATTRIBUTE.&id ({PKCS12AttrSet})-- OBJECT IDENTIFIER, + attrValues SET OF --ATTRIBUTE.&Type ({PKCS12AttrSet}{@attrId})-- ANY +} -- This type is compatible with the X.500 type 'Attribute' + +--PKCS12AttrSet ATTRIBUTE ::= { +-- friendlyName | +-- localKeyId, +-- ... - - Other attributes are allowed +--} + +--END + +-- We import PKCS#8 here directly rather than creating another dissector + +--PKCS-8 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-8(8) +-- modules(1) pkcs-8(1)} + +-- $Revision: 1.5 $ + +-- This module has been checked for conformance with the ASN.1 +-- standard by the OSS ASN.1 Tools + +--DEFINITIONS IMPLICIT TAGS ::= + +--BEGIN + +-- EXPORTS All -- +-- All types and values defined in this module is exported for use in other +-- ASN.1 modules. + +--IMPORTS + +--informationFramework +-- FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1) +-- usefulDefinitions(0) 3} + +--Attribute +-- FROM InformationFramework informationFramework + +--AlgorithmIdentifier, ALGORITHM-IDENTIFIER +-- FROM PKCS-5 {iso(1) member-body(2) us(840) rsadsi(113549) +-- pkcs(1) pkcs-5(5) modules(16) pkcs-5(1)}; + +-- Private-key information syntax + +PrivateKeyInfo ::= SEQUENCE { + version Version, + privateKeyAlgorithm AlgorithmIdentifier --{{PrivateKeyAlgorithms}}--, + privateKey PrivateKey, + attributes [0] Attributes OPTIONAL } + +Version ::= INTEGER {v1(0)} (v1,...) + +PrivateKey ::= OCTET STRING + +Attributes ::= SET OF Attribute + +-- Encrypted private-key information syntax + +EncryptedPrivateKeyInfo ::= SEQUENCE { + encryptionAlgorithm AlgorithmIdentifier --{{KeyEncryptionAlgorithms}}--, + encryptedData EncryptedData +} + +EncryptedData ::= OCTET STRING + +--PrivateKeyAlgorithms ALGORITHM-IDENTIFIER ::= { +-- ... - - For local profiles +--} + +--KeyEncryptionAlgorithms ALGORITHM-IDENTIFIER ::= { +-- ... - - For local profiles +--} + +-- From RFC 2898 +PBEParameter ::= SEQUENCE { + salt OCTET STRING, + iterationCount INTEGER +} + + +PBKDF2Params ::= SEQUENCE { + salt CHOICE { + specified OCTET STRING, + otherSource AlgorithmIdentifier --{{PBKDF2-SaltSources}}-- + }, + iterationCount INTEGER --(1..MAX)--, + keyLength INTEGER (1..MAX) OPTIONAL, + prf AlgorithmIdentifier --{{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1-- OPTIONAL } + +PBES2Params ::= SEQUENCE { + keyDerivationFunc AlgorithmIdentifier --{{PBES2-KDFs}}--, + encryptionScheme AlgorithmIdentifier --{{PBES2-Encs}}-- } + +PBMAC1Params ::= SEQUENCE { + keyDerivationFunc AlgorithmIdentifier --{{PBMAC1-KDFs}}--, + messageAuthScheme AlgorithmIdentifier --{{PBMAC1-MACs}}-- } + + +END + + |