r20640: Commit part 2/2

[Samba.git] / source / heimdal / lib / asn1 / rfc2459.asn1

-- $Id$ --
-- Definitions from rfc2459/rfc3280

RFC2459 DEFINITIONS ::= BEGIN

IMPORTS heim_any FROM heim;

Version ::=  INTEGER {
        rfc3280_version_1(0), 
        rfc3280_version_2(1),
        rfc3280_version_3(2)
}

id-pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
        rsadsi(113549) pkcs(1) 1 }
id-pkcs1-rsaEncryption OBJECT IDENTIFIER ::=            { id-pkcs-1 1 }
id-pkcs1-md2WithRSAEncryption OBJECT IDENTIFIER ::=     { id-pkcs-1 2 }
id-pkcs1-md5WithRSAEncryption OBJECT IDENTIFIER ::=     { id-pkcs-1 4 }
id-pkcs1-sha1WithRSAEncryption OBJECT IDENTIFIER ::=    { id-pkcs-1 5 }
id-pkcs1-sha256WithRSAEncryption OBJECT IDENTIFIER ::=  { id-pkcs-1 11 }
id-pkcs1-sha384WithRSAEncryption OBJECT IDENTIFIER ::=  { id-pkcs-1 12 }
id-pkcs1-sha512WithRSAEncryption OBJECT IDENTIFIER ::=  { id-pkcs-1 13 }

id-pkcs-2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
        rsadsi(113549) pkcs(1) 2 }
id-pkcs2-md2 OBJECT IDENTIFIER ::=              { id-pkcs-2 2 }
id-pkcs2-md4 OBJECT IDENTIFIER ::=              { id-pkcs-2 4 }
id-pkcs2-md5 OBJECT IDENTIFIER ::=              { id-pkcs-2 5 }

id-rsa-digestAlgorithm OBJECT IDENTIFIER ::= 
{ iso(1) member-body(2) us(840) rsadsi(113549) 2 }

id-rsa-digest-md2 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 2 }
id-rsa-digest-md4 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 4 }
id-rsa-digest-md5 OBJECT IDENTIFIER ::= { id-rsa-digestAlgorithm 5 }

id-pkcs-3 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
        rsadsi(113549) pkcs(1) 3 }

id-pkcs3-rc2-cbc OBJECT IDENTIFIER ::=          { id-pkcs-3 2 }
id-pkcs3-rc4     OBJECT IDENTIFIER ::=          { id-pkcs-3 4 }
id-pkcs3-des-ede3-cbc OBJECT IDENTIFIER ::=     { id-pkcs-3 7 }

id-rsadsi-encalg OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
        rsadsi(113549) 3 }

id-rsadsi-rc2-cbc OBJECT IDENTIFIER ::=         { id-rsadsi-encalg 2 }
id-rsadsi-des-ede3-cbc OBJECT IDENTIFIER ::=    { id-rsadsi-encalg 7 }

id-secsig-sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
        oiw(14) secsig(3) algorithm(2) 26 }

id-nistAlgorithm OBJECT IDENTIFIER ::= {
   joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) 4 }
   
id-nist-aes-algs OBJECT IDENTIFIER ::= { id-nistAlgorithm 1 }

id-aes-128-cbc OBJECT IDENTIFIER ::=            { id-nist-aes-algs 2 }
id-aes-192-cbc OBJECT IDENTIFIER ::=            { id-nist-aes-algs 22 }
id-aes-256-cbc OBJECT IDENTIFIER ::=            { id-nist-aes-algs 42 }

id-nist-sha-algs OBJECT IDENTIFIER ::=          { id-nistAlgorithm 2 }

id-sha256 OBJECT IDENTIFIER ::=                 { id-nist-sha-algs 1 }
id-sha224 OBJECT IDENTIFIER ::=                 { id-nist-sha-algs 4 }
id-sha384 OBJECT IDENTIFIER ::=                 { id-nist-sha-algs 2 }
id-sha512 OBJECT IDENTIFIER ::=                 { id-nist-sha-algs 3 }

id-dhpublicnumber OBJECT IDENTIFIER ::= {
        iso(1) member-body(2) us(840) ansi-x942(10046)
        number-type(2) 1 }

id-x9-57 OBJECT IDENTIFIER ::= {
        iso(1) member-body(2) us(840) ansi-x942(10046)
        4 }

id-dsa OBJECT IDENTIFIER ::=            { id-x9-57 1 }
id-dsa-with-sha1 OBJECT IDENTIFIER ::=          { id-x9-57 3 }

-- x.520 names types

id-x520-at      OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 }

id-at-commonName                OBJECT IDENTIFIER ::= { id-x520-at 3 }
id-at-surname                   OBJECT IDENTIFIER ::= { id-x520-at 4 }
id-at-serialNumber              OBJECT IDENTIFIER ::= { id-x520-at 5 }
id-at-countryName               OBJECT IDENTIFIER ::= { id-x520-at 6 }
id-at-localityName              OBJECT IDENTIFIER ::= { id-x520-at 7 }
id-at-stateOrProvinceName       OBJECT IDENTIFIER ::= { id-x520-at 8 }
id-at-organizationName          OBJECT IDENTIFIER ::= { id-x520-at 10 }
id-at-organizationalUnitName    OBJECT IDENTIFIER ::= { id-x520-at 11 }
id-at-name                      OBJECT IDENTIFIER ::= { id-x520-at 41 }
id-at-givenName                 OBJECT IDENTIFIER ::= { id-x520-at 42 }
id-at-initials                  OBJECT IDENTIFIER ::= { id-x520-at 43 }
id-at-generationQualifier       OBJECT IDENTIFIER ::= { id-x520-at 44 }
id-at-pseudonym                 OBJECT IDENTIFIER ::= { id-x520-at 65 }
-- RFC 2247
id-Userid                       OBJECT IDENTIFIER ::=
                          { 0 9 2342 19200300 100 1 1 }
id-domainComponent              OBJECT IDENTIFIER ::=
                          { 0 9 2342 19200300 100 1 25 }


-- rfc3280

id-x509-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29}

AlgorithmIdentifier ::= SEQUENCE {
        algorithm       OBJECT IDENTIFIER,
        parameters      heim_any OPTIONAL
}

AttributeType ::=   OBJECT IDENTIFIER

AttributeValue ::=   heim_any

TeletexStringx ::= [UNIVERSAL 20] IMPLICIT OCTET STRING

DirectoryString ::= CHOICE {
        ia5String       IA5String,
        teletexString   TeletexStringx,
        printableString PrintableString,
        universalString UniversalString,
        utf8String      UTF8String,
        bmpString       BMPString
}

Attribute ::= SEQUENCE {
        type    AttributeType,
        value   SET OF -- AttributeValue -- heim_any
}

AttributeTypeAndValue ::= SEQUENCE {
        type    AttributeType,
        value   DirectoryString
}

RelativeDistinguishedName ::= SET OF AttributeTypeAndValue

RDNSequence ::= SEQUENCE OF RelativeDistinguishedName

Name ::= CHOICE {
        rdnSequence  RDNSequence
}

CertificateSerialNumber ::= INTEGER

Time ::= CHOICE {
     utcTime        UTCTime,
     generalTime    GeneralizedTime
}

Validity ::= SEQUENCE {
     notBefore      Time,
     notAfter       Time
}

UniqueIdentifier  ::=  BIT STRING

SubjectPublicKeyInfo  ::=  SEQUENCE  {
     algorithm            AlgorithmIdentifier,
     subjectPublicKey     BIT STRING
}

Extension  ::=  SEQUENCE  {
     extnID      OBJECT IDENTIFIER,
     critical    BOOLEAN OPTIONAL, -- DEFAULT FALSE XXX
     extnValue   OCTET STRING
}

Extensions  ::=  SEQUENCE OF Extension --  SIZE (1..MAX) 

TBSCertificate  ::=  SEQUENCE  {
     version         [0]  Version OPTIONAL, -- EXPLICIT nnn DEFAULT 1,
     serialNumber         CertificateSerialNumber,
     signature            AlgorithmIdentifier,
     issuer               Name,
     validity             Validity,
     subject              Name,
     subjectPublicKeyInfo SubjectPublicKeyInfo,
     issuerUniqueID  [1]  IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
                          -- If present, version shall be v2 or v3
     subjectUniqueID [2]  IMPLICIT BIT STRING -- UniqueIdentifier -- OPTIONAL,
                          -- If present, version shall be v2 or v3
     extensions      [3]  EXPLICIT Extensions OPTIONAL
                          -- If present, version shall be v3
}

Certificate  ::=  SEQUENCE  {
     tbsCertificate       TBSCertificate,
     signatureAlgorithm   AlgorithmIdentifier,
     signatureValue       BIT STRING
}

Certificates ::= SEQUENCE OF Certificate

ValidationParms ::= SEQUENCE {
        seed            BIT STRING,
        pgenCounter     INTEGER
}

DomainParameters ::= SEQUENCE {
        p               INTEGER, -- odd prime, p=jq +1
        g               INTEGER, -- generator, g
        q               INTEGER, -- factor of p-1
        j               INTEGER OPTIONAL, -- subgroup factor
        validationParms ValidationParms OPTIONAL -- ValidationParms
}

DHPublicKey ::= INTEGER

OtherName ::= SEQUENCE {
        type-id    OBJECT IDENTIFIER,
        value      [0] EXPLICIT heim_any
}

GeneralName ::= CHOICE {
        otherName                       [0]     IMPLICIT -- OtherName -- SEQUENCE {
                type-id    OBJECT IDENTIFIER,
                value      [0] EXPLICIT heim_any
        },
        rfc822Name                      [1]     IMPLICIT IA5String,
        dNSName                         [2]     IMPLICIT IA5String,
--      x400Address                     [3]     IMPLICIT ORAddress,--
        directoryName                   [4]     IMPLICIT -- Name -- CHOICE {
                rdnSequence  RDNSequence
        },
--      ediPartyName                    [5]     IMPLICIT EDIPartyName, --
        uniformResourceIdentifier       [6]     IMPLICIT IA5String,
        iPAddress                       [7]     IMPLICIT OCTET STRING,
        registeredID                    [8]     IMPLICIT OBJECT IDENTIFIER
}

GeneralNames ::= SEQUENCE -- SIZE (1..MAX) -- OF GeneralName

id-x509-ce-keyUsage OBJECT IDENTIFIER ::=  { id-x509-ce 15 }

KeyUsage ::= BIT STRING {
        digitalSignature        (0),
        nonRepudiation          (1),
        keyEncipherment         (2),
        dataEncipherment        (3),
        keyAgreement            (4),
        keyCertSign             (5),
        cRLSign                 (6),
        encipherOnly            (7),
        decipherOnly            (8)
}

id-x509-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-x509-ce 35 }

KeyIdentifier ::= OCTET STRING

AuthorityKeyIdentifier ::= SEQUENCE {
        keyIdentifier             [0] IMPLICIT OCTET STRING OPTIONAL,
        authorityCertIssuer       [1] IMPLICIT -- GeneralName -- 
                SEQUENCE -- SIZE (1..MAX) -- OF GeneralName OPTIONAL, 
        authorityCertSerialNumber [2] IMPLICIT INTEGER OPTIONAL
}

id-x509-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-x509-ce 14 }

SubjectKeyIdentifier ::= KeyIdentifier

id-x509-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-x509-ce 19 }

BasicConstraints ::= SEQUENCE {
        cA                      BOOLEAN OPTIONAL -- DEFAULT FALSE --,
        pathLenConstraint       INTEGER (0..4294967295) OPTIONAL 
}

id-x509-ce-nameConstraints OBJECT IDENTIFIER ::=  { id-x509-ce 30 }

BaseDistance ::= INTEGER -- (0..MAX) --

GeneralSubtree ::= SEQUENCE {
        base                    GeneralName,
        minimum         [0]     IMPLICIT -- BaseDistance -- INTEGER OPTIONAL -- DEFAULT 0 --,
        maximum         [1]     IMPLICIT -- BaseDistance -- INTEGER OPTIONAL
}

GeneralSubtrees ::= SEQUENCE -- SIZE (1..MAX) -- OF GeneralSubtree

NameConstraints ::= SEQUENCE {
        permittedSubtrees       [0]     IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL,
        excludedSubtrees        [1]     IMPLICIT -- GeneralSubtrees -- SEQUENCE OF GeneralSubtree OPTIONAL
}

id-x509-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::=  { id-x509-ce 16 }
id-x509-ce-certificatePolicies OBJECT IDENTIFIER ::=  { id-x509-ce 32 }
id-x509-ce-policyMappings OBJECT IDENTIFIER ::=  { id-x509-ce 33 }
id-x509-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-x509-ce 17 }
id-x509-ce-issuerAltName OBJECT IDENTIFIER ::=  { id-x509-ce 18 }
id-x509-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::=  { id-x509-ce 9 }
id-x509-ce-policyConstraints OBJECT IDENTIFIER ::=  { id-x509-ce 36 }

id-x509-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-x509-ce 37}

ExtKeyUsage ::= SEQUENCE OF OBJECT IDENTIFIER

id-x509-ce-cRLDistributionPoints OBJECT IDENTIFIER ::=  { id-x509-ce 31 }
id-x509-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-x509-ce 27 }
id-x509-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-x509-ce 28 }
id-x509-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-x509-ce 23 }
id-x509-ce-invalidityDate OBJECT IDENTIFIER ::= { id-x509-ce 24 }
id-x509-ce-certificateIssuer   OBJECT IDENTIFIER ::= { id-x509-ce 29 }
id-x509-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::=  { id-x509-ce 54 }

-- rfc3279

DSASigValue  ::=  SEQUENCE {
        r       INTEGER,
        s       INTEGER
}

DSAPublicKey ::= INTEGER

DSAParams  ::=  SEQUENCE {
        p       INTEGER,
        q       INTEGER,
        g       INTEGER
}

-- really pkcs1

RSAPublicKey ::= SEQUENCE {
        modulus INTEGER, -- n
        publicExponent INTEGER -- e
}

RSAPrivateKey ::= SEQUENCE {
        version INTEGER (0..4294967295),
        modulus INTEGER, -- n
        publicExponent INTEGER, -- e
        privateExponent INTEGER, -- d
        prime1 INTEGER, -- p
        prime2 INTEGER, -- q
        exponent1 INTEGER, -- d mod (p-1)
        exponent2 INTEGER, -- d mod (q-1)
        coefficient INTEGER -- (inverse of q) mod p
}

DigestInfo ::= SEQUENCE {
        digestAlgorithm AlgorithmIdentifier,
        digest OCTET STRING
}

-- some ms ext

-- szOID_ENROLL_CERTTYPE_EXTENSION "1.3.6.1.4.1.311.20.2" is Encoded as a

-- UNICODESTRING (0x1E tag)

-- szOID_CERTIFICATE_TEMPLATE "1.3.6.1.4.1.311.21.7" is Encoded as:

-- TemplateVersion ::= INTEGER (0..4294967295) 

-- CertificateTemplate ::= SEQUENCE {
--      templateID OBJECT IDENTIFIER,
--      templateMajorVersion TemplateVersion,
--      templateMinorVersion TemplateVersion OPTIONAL
-- }


--
-- CRL
-- 

TBSCRLCertList ::=  SEQUENCE  {
        version                 Version OPTIONAL, -- if present, MUST be v2
        signature               AlgorithmIdentifier,
        issuer                  Name,
        thisUpdate              Time,
        nextUpdate              Time OPTIONAL,
        revokedCertificates     SEQUENCE OF SEQUENCE  {
                userCertificate         CertificateSerialNumber,
                revocationDate          Time,
                crlEntryExtensions      Extensions OPTIONAL
                                                -- if present, MUST be v2
        } OPTIONAL,
        crlExtensions           [0] EXPLICIT Extensions OPTIONAL
                                                -- if present, MUST be v2
}


CRLCertificateList ::=  SEQUENCE  {
        tbsCertList          TBSCRLCertList,
        signatureAlgorithm   AlgorithmIdentifier,
        signatureValue       BIT STRING
}

id-x509-ce-cRLNumber OBJECT IDENTIFIER ::= { id-x509-ce 20 }
id-x509-ce-freshestCRL OBJECT IDENTIFIER ::=  { id-x509-ce 46 }
id-x509-ce-cRLReason OBJECT IDENTIFIER ::= { id-x509-ce 21 }

CRLReason ::= ENUMERATED {
        unspecified             (0),
        keyCompromise           (1),
        cACompromise            (2),
        affiliationChanged      (3),
        superseded              (4),
        cessationOfOperation    (5),
        certificateHold         (6),
        removeFromCRL           (8),
        privilegeWithdrawn      (9),
        aACompromise           (10)
}

id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
            dod(6) internet(1) security(5) mechanisms(5) pkix(7) }

id-pkix-on OBJECT IDENTIFIER ::= { id-pkix 8 }
id-pkix-on-dnsSRV OBJECT IDENTIFIER ::= { id-pkix-on 7 }

id-pkix-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
id-pkix-kp-serverAuth OBJECT IDENTIFIER ::= { id-pkix-kp 1 }
id-pkix-kp-clientAuth OBJECT IDENTIFIER ::= { id-pkix-kp 2 }
id-pkix-kp-emailProtection OBJECT IDENTIFIER ::= { id-pkix-kp 4 }
id-pkix-kp-timeStamping OBJECT IDENTIFIER ::= { id-pkix-kp 8 }
id-pkix-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-pkix-kp 9 }

-- RFC 3820 Proxy Certificate Profile

id-pkix-pe OBJECT IDENTIFIER ::= { id-pkix 1 }

id-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pkix-pe 14 }

id-pkix-ppl  OBJECT IDENTIFIER ::= { id-pkix 21 }

id-pkix-ppl-anyLanguage     OBJECT IDENTIFIER ::= { id-pkix-ppl 0 }
id-pkix-ppl-inheritAll      OBJECT IDENTIFIER ::= { id-pkix-ppl 1 }
id-pkix-ppl-independent     OBJECT IDENTIFIER ::= { id-pkix-ppl 2 }

ProxyPolicy ::= SEQUENCE {
        policyLanguage          OBJECT IDENTIFIER,
        policy                  OCTET STRING OPTIONAL
}

ProxyCertInfo ::= SEQUENCE {
        pCPathLenConstraint     INTEGER (0..4294967295) OPTIONAL, -- really MAX
        proxyPolicy             ProxyPolicy
}

END