diff options
Diffstat (limited to 'epan/dissectors/asn1/pkix1implicit/PKIX1IMPLICIT93.asn')
| -rw-r--r-- | epan/dissectors/asn1/pkix1implicit/PKIX1IMPLICIT93.asn | 414 |
1 files changed, 414 insertions, 0 deletions
diff --git a/epan/dissectors/asn1/pkix1implicit/PKIX1IMPLICIT93.asn b/epan/dissectors/asn1/pkix1implicit/PKIX1IMPLICIT93.asn new file mode 100644 index 0000000000..23b8a402f1 --- /dev/null +++ b/epan/dissectors/asn1/pkix1implicit/PKIX1IMPLICIT93.asn @@ -0,0 +1,414 @@ +-- This file is based on PKIX1Implicit93 definition in +-- RFC2459 section b.2 +-- +--Appendix F of RFC2459 +--Appendix F. Full Copyright Statement +-- +-- Copyright (C) The Internet Society (1999). All Rights Reserved. +-- +-- This document and translations of it may be copied and furnished to +-- others, and derivative works that comment on or otherwise explain it +-- or assist in its implementation may be prepared, copied, published +-- and distributed, in whole or in part, without restriction of any +-- kind, provided that the above copyright notice and this paragraph are +-- included on all such copies and derivative works. However, this +-- document itself may not be modified in any way, such as by removing +-- the copyright notice or references to the Internet Society or other +-- Internet organizations, except as needed for the purpose of +-- developing Internet standards in which case the procedures for +-- copyrights defined in the Internet Standards process must be +-- followed, or as required to translate it into languages other than +-- English. +-- +-- The limited permissions granted above are perpetual and will not be +-- revoked by the Internet Society or its successors or assigns. +-- +-- This document and the information contained herein is provided on an +-- "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING +-- TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING +-- BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION +-- HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF +-- MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. +-- +-- +--NOTE: This ASN1 definition have been significantly modified from the original +--version in RFC2459 in order to accomodate the featuresets available +--in the Wireshark projects asn2wrs compiler. +--It has also been modified and structures have been commented out that +--are already implemented in the X509 dissectors. +--Dissectors present already in the X509 dissectors should be implemented in +--the template by hand as stubs that will just call the original +--dissector functions in X509 in order not to duplicate code. +-- +--Structures and constructs in this definition are uncommented and +--implemented on-demand when someone needs them. +-- +--If you export new types from this file, make sure to update the +--pkix1implicit_exp.cnf file with the proper definitions + + +PKIX1Implicit93 {iso(1) identified-organization(3) dod(6) internet(1) + security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit-93(4)} + +DEFINITIONS IMPLICIT TAGS::= + +BEGIN + +--EXPORTS ALL + +IMPORTS + id-pe, id-qt, id-kp, id-ad, id-qt-unotice, + ORAddress, Name, RelativeDistinguishedName, + CertificateSerialNumber, CertificateList, + AlgorithmIdentifier, ub-name, DirectoryString, + Attribute, EXTENSION + FROM PKIX1Explicit93 {iso(1) identified-organization(3) + dod(6) internet(1) security(5) mechanisms(5) pkix(7) + id-mod(0) id-pkix1-explicit-93(3)} + GeneralName FROM CertificateExtensions; + + +-- Key and policy information extensions +-- +--authorityKeyIdentifier EXTENSION ::= { +-- SYNTAX AuthorityKeyIdentifier +-- IDENTIFIED BY id-ce-authorityKeyIdentifier } +-- +--AuthorityKeyIdentifier ::= SEQUENCE { +-- keyIdentifier [0] KeyIdentifier OPTIONAL, +-- authorityCertIssuer [1] GeneralNames OPTIONAL, +-- authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } +-- ( WITH COMPONENTS {..., authorityCertIssuer PRESENT, +-- authorityCertSerialNumber PRESENT} | +-- WITH COMPONENTS {..., authorityCertIssuer ABSENT, +-- authorityCertSerialNumber ABSENT} ) +-- +KeyIdentifier ::= OCTET STRING +-- +--subjectKeyIdentifier EXTENSION ::= { +-- SYNTAX SubjectKeyIdentifier +-- IDENTIFIED BY id-ce-subjectKeyIdentifier } +-- +--SubjectKeyIdentifier ::= KeyIdentifier +-- +--keyUsage EXTENSION ::= { +-- SYNTAX KeyUsage +-- IDENTIFIED BY id-ce-keyUsage } +-- +--KeyUsage ::= BIT STRING { +-- digitalSignature (0), +-- nonRepudiation (1), +-- keyEncipherment (2), +-- dataEncipherment (3), +-- keyAgreement (4), +-- keyCertSign (5), +-- cRLSign (6), +-- encipherOnly (7), +-- decipherOnly (8) } +-- +--extendedKeyUsage EXTENSION ::= { +-- SYNTAX SEQUENCE SIZE (1..MAX) OF KeyPurposeId +-- IDENTIFIED BY id-ce-extKeyUsage } +-- +Dummy ::= NULL +--KeyPurposeId ::= OBJECT IDENTIFIER +-- +-- PKIX-defined extended key purpose OIDs +--id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } +--id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } +--id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } +--id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } +--id-kp-ipsecEndSystem OBJECT IDENTIFIER ::= { id-kp 5 } +--id-kp-ipsecTunnel OBJECT IDENTIFIER ::= { id-kp 6 } +--id-kp-ipsecUser OBJECT IDENTIFIER ::= { id-kp 7 } +--id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } +-- +--privateKeyUsagePeriod EXTENSION ::= { +-- SYNTAX PrivateKeyUsagePeriod +-- IDENTIFIED BY { id-ce-privateKeyUsagePeriod } } +-- +--PrivateKeyUsagePeriod ::= SEQUENCE { +-- notBefore [0] GeneralizedTime OPTIONAL, +-- notAfter [1] GeneralizedTime OPTIONAL } +-- ( WITH COMPONENTS {..., notBefore PRESENT} | +-- WITH COMPONENTS {..., notAfter PRESENT} ) +-- +--certificatePolicies EXTENSION ::= { +-- SYNTAX CertificatePoliciesSyntax +-- IDENTIFIED BY id-ce-certificatePolicies } +-- +--CertificatePoliciesSyntax ::= +-- SEQUENCE SIZE (1..MAX) OF PolicyInformation +-- +--PolicyInformation ::= SEQUENCE { +-- policyIdentifier CertPolicyId, +-- policyQualifiers SEQUENCE SIZE (1..MAX) OF +-- PolicyQualifierInfo OPTIONAL } +-- +--CertPolicyId ::= OBJECT IDENTIFIER +-- +--PolicyQualifierInfo ::= SEQUENCE { +-- policyQualifierId CERT-POLICY-QUALIFIER.&id +-- ({SupportedPolicyQualifiers}), +-- qualifier CERT-POLICY-QUALIFIER.&Qualifier +-- ({SupportedPolicyQualifiers} +-- {@policyQualifierId})OPTIONAL } +-- +--SupportedPolicyQualifiers CERT-POLICY-QUALIFIER ::= { noticeToUser | +-- pointerToCPS } +-- +--CERT-POLICY-QUALIFIER ::= CLASS { +-- &id OBJECT IDENTIFIER UNIQUE, +-- &Qualifier OPTIONAL } +--WITH SYNTAX { +-- POLICY-QUALIFIER-ID &id +-- [QUALIFIER-TYPE &Qualifier] } +-- +--policyMappings EXTENSION ::= { +-- SYNTAX PolicyMappingsSyntax +-- IDENTIFIED BY id-ce-policyMappings } +-- +--PolicyMappingsSyntax ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { +-- issuerDomainPolicy CertPolicyId, +-- subjectDomainPolicy CertPolicyId } +-- +-- Certificate subject and certificate issuer attributes extensions +-- +--subjectAltName EXTENSION ::= { +-- SYNTAX GeneralNames +-- IDENTIFIED BY id-ce-subjectAltName } +-- +--GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName +-- +--Imported from X509CE +--GeneralName ::= CHOICE { +-- otherName [0] INSTANCE OF OTHER-NAME, +-- rfc822Name [1] IA5String, +-- dNSName [2] IA5String, +-- x400Address [3] ORAddress, +-- directoryName [4] Name, +-- ediPartyName [5] EDIPartyName, +-- uniformResourceIdentifier [6] IA5String, +-- iPAddress [7] OCTET STRING, +-- registeredID [8] OBJECT IDENTIFIER +--} + +--OTHER-NAME ::= TYPE-IDENTIFIER + +EDIPartyName ::= SEQUENCE { + nameAssigner [0] DirectoryString OPTIONAL, + partyName [1] DirectoryString } + +--issuerAltName EXTENSION ::= { +-- SYNTAX GeneralNames +-- IDENTIFIED BY id-ce-issuerAltName } +-- +--subjectDirectoryAttributes EXTENSION ::= { +-- SYNTAX AttributesSyntax +-- IDENTIFIED BY id-ce-subjectDirectoryAttributes } +-- +--AttributesSyntax ::= SEQUENCE SIZE (1..MAX) OF Attribute +-- +-- Certification path constraints extensions +-- +--basicConstraints EXTENSION ::= { +-- SYNTAX BasicConstraintsSyntax +-- IDENTIFIED BY id-ce-basicConstraints } +-- +--BasicConstraintsSyntax ::= SEQUENCE { +-- cA BOOLEAN DEFAULT FALSE, +-- pathLenConstraint INTEGER (0..MAX) OPTIONAL } +-- +--nameConstraints EXTENSION ::= { +-- SYNTAX NameConstraintsSyntax +-- IDENTIFIED BY id-ce-nameConstraints } +-- +--NameConstraintsSyntax ::= SEQUENCE { +-- permittedSubtrees [0] GeneralSubtrees OPTIONAL, +-- excludedSubtrees [1] GeneralSubtrees OPTIONAL } +-- +--GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree +-- +--GeneralSubtree ::= SEQUENCE { +-- base GeneralName, +-- minimum [0] BaseDistance DEFAULT 0, +-- maximum [1] BaseDistance OPTIONAL } +-- +--BaseDistance ::= INTEGER (0..MAX) +-- +--policyConstraints EXTENSION ::= { +-- SYNTAX PolicyConstraintsSyntax +-- IDENTIFIED BY id-ce-policyConstraints } +-- +--PolicyConstraintsSyntax ::= SEQUENCE { +-- requireExplicitPolicy [0] SkipCerts OPTIONAL, +-- inhibitPolicyMapping [1] SkipCerts OPTIONAL } +-- +-- +--SkipCerts ::= INTEGER (0..MAX) +-- +-- Basic CRL extensions +-- +--cRLNumber EXTENSION ::= { +-- SYNTAX CRLNumber +-- IDENTIFIED BY id-ce-cRLNumber } +-- +--CRLNumber ::= INTEGER (0..MAX) +-- +--reasonCode EXTENSION ::= { +-- SYNTAX CRLReason +-- IDENTIFIED BY id-ce-reasonCode } +-- +--CRLReason ::= ENUMERATED { +-- unspecified (0), +-- keyCompromise (1), +-- cACompromise (2), +-- affiliationChanged (3), +-- superseded (4), +-- cessationOfOperation (5), +-- certificateHold (6), +-- removeFromCRL (8) } +-- +--instructionCode EXTENSION ::= { +-- SYNTAX HoldInstruction +-- IDENTIFIED BY id-ce-instructionCode } +-- +--HoldInstruction ::= OBJECT IDENTIFIER +-- +-- holdinstructions described in this specification, from ANSI x9 +-- +-- ANSI x9 arc holdinstruction arc +--holdInstruction OBJECT IDENTIFIER ::= { +-- joint-iso-ccitt(2) member-body(2) us(840) x9cm(10040) 2} +-- +-- ANSI X9 holdinstructions referenced by this standard +--id-holdinstruction-none OBJECT IDENTIFIER ::= {holdInstruction 1} +--id-holdinstruction-callissuer OBJECT IDENTIFIER ::= {holdInstruction 2} +--id-holdinstruction-reject OBJECT IDENTIFIER ::= {holdInstruction 3} +-- +--invalidityDate EXTENSION ::= { +-- SYNTAX GeneralizedTime +-- IDENTIFIED BY id-ce-invalidityDate } +-- +-- CRL distribution points and delta-CRL extensions +-- +--cRLDistributionPoints EXTENSION ::= { +-- +-- SYNTAX CRLDistPointsSyntax +-- IDENTIFIED BY id-ce-cRLDistributionPoints } +-- +--CRLDistPointsSyntax ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint +-- +--DistributionPoint ::= SEQUENCE { +-- distributionPoint [0] DistributionPointName OPTIONAL, +-- reasons [1] ReasonFlags OPTIONAL, +-- cRLIssuer [2] GeneralNames OPTIONAL } +-- +--DistributionPointName ::= CHOICE { +-- fullName [0] GeneralNames, +-- nameRelativeToCRLIssuer [1] RelativeDistinguishedName } +-- +--ReasonFlags ::= BIT STRING { +-- unused (0), +-- keyCompromise (1), +-- caCompromise (2), +-- affiliationChanged (3), +-- superseded (4), +-- cessationOfOperation (5), +-- certificateHold (6) } +-- +--issuingDistributionPoint EXTENSION ::= { +-- SYNTAX IssuingDistPointSyntax +-- IDENTIFIED BY id-ce-issuingDistributionPoint } +-- +--IssuingDistPointSyntax ::= SEQUENCE { +-- distributionPoint [0] DistributionPointName OPTIONAL, +-- onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE, +-- onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE, +-- onlySomeReasons [3] ReasonFlags OPTIONAL, +-- indirectCRL [4] BOOLEAN DEFAULT FALSE } +-- +--certificateIssuer EXTENSION ::= { +-- SYNTAX GeneralNames +-- IDENTIFIED BY id-ce-certificateIssuer } +-- +--deltaCRLIndicator EXTENSION ::= { +-- SYNTAX BaseCRLNumber +-- IDENTIFIED BY id-ce-deltaCRLIndicator } +-- +--BaseCRLNumber ::= CRLNumber +-- +-- Object identifier assignments for ISO certificate extensions +--id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} +-- +--id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= {id-ce 9} +-- +--id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= {id-ce 14} +--id-ce-keyUsage OBJECT IDENTIFIER ::= {id-ce 15} +--id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= {id-ce 16} +--id-ce-subjectAltName OBJECT IDENTIFIER ::= {id-ce 17} +--id-ce-issuerAltName OBJECT IDENTIFIER ::= {id-ce 18} +--id-ce-basicConstraints OBJECT IDENTIFIER ::= {id-ce 19} +--id-ce-cRLNumber OBJECT IDENTIFIER ::= {id-ce 20} +--id-ce-reasonCode OBJECT IDENTIFIER ::= {id-ce 21} +--id-ce-instructionCode OBJECT IDENTIFIER ::= {id-ce 23} +--id-ce-invalidityDate OBJECT IDENTIFIER ::= {id-ce 24} +--id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= {id-ce 27} +--id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= {id-ce 28} +--id-ce-certificateIssuer OBJECT IDENTIFIER ::= {id-ce 29} +--id-ce-nameConstraints OBJECT IDENTIFIER ::= {id-ce 30} +--id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= {id-ce 31} +--id-ce-certificatePolicies OBJECT IDENTIFIER ::= {id-ce 32} +--id-ce-policyMappings OBJECT IDENTIFIER ::= {id-ce 33} +--id-ce-policyConstraints OBJECT IDENTIFIER ::= {id-ce 36} +--id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= {id-ce 35} +--id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37} +-- +-- PKIX 1 extensions +-- +--authorityInfoAccess EXTENSION ::= { +-- SYNTAX AuthorityInfoAccessSyntax +-- IDENTIFIED BY id-pe-authorityInfoAccess } + +AuthorityInfoAccessSyntax ::= + SEQUENCE SIZE (1..MAX) OF AccessDescription + +AccessDescription ::= SEQUENCE { + accessMethod OBJECT IDENTIFIER, + accessLocation GeneralName } + +--id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 } +-- +--id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 } +--id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 } +-- +-- PKIX policy qualifier definitions +-- +--noticeToUser CERT-POLICY-QUALIFIER ::= { +-- POLICY-QUALIFIER-ID id-qt-cps QUALIFIER-TYPE CPSuri} +-- +--pointerToCPS CERT-POLICY-QUALIFIER ::= { +-- POLICY-QUALIFIER-ID id-qt-unotice QUALIFIER-TYPE UserNotice} +-- +--id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 } +-- +--id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 } +-- +--CPSuri ::= IA5String +-- +UserNotice ::= SEQUENCE { + noticeRef NoticeReference OPTIONAL, + explicitText DisplayText OPTIONAL} + +NoticeReference ::= SEQUENCE { + organization DisplayText, + noticeNumbers SEQUENCE OF INTEGER } + +DisplayText ::= CHOICE { + ia5String IA5String, + visibleString VisibleString, + bmpString BMPString, + utf8String UTF8String } + + +END |