PKIX-CommonTypes-2009.asn1


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166

PKIX-CommonTypes-2009
    {iso(1) identified-organization(3) dod(6) internet(1) security(5)
    mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57)}

DEFINITIONS EXPLICIT TAGS ::=
BEGIN

--  ATTRIBUTE
--
--  Describe the set of data associated with an attribute of some type
--
--  &id is an OID identifying the attribute
--  &Type is the ASN.1 type structure for the attribute; not all
--      attributes have a data structure, so this field is optional
--  &minCount contains the minimum number of times the attribute can
--      occur in an AttributeSet
--  &maxCount contains the maximum number of times the attribute can
--      appear in an AttributeSet
--      Note: this cannot be automatically enforced as the field
--      cannot be defaulted to MAX.
--  &equality-match contains information about how matching should be
--      done
--
--  Currently we are using two different prefixes for attributes.
--
--  at- for certificate attributes
--  aa- for CMS attributes
--

ATTRIBUTE ::= CLASS {
    &id             OBJECT IDENTIFIER UNIQUE,
    &Type           OPTIONAL,
    &equality-match MATCHING-RULE OPTIONAL,
    &minCount       INTEGER DEFAULT 1,
    &maxCount       INTEGER OPTIONAL
} WITH SYNTAX {
    [TYPE &Type]
    [EQUALITY MATCHING RULE &equality-match]
    [COUNTS [MIN &minCount] [MAX &maxCount]]
    IDENTIFIED BY &id
}

-- Specification of MATCHING-RULE information object class
--

MATCHING-RULE ::= CLASS {
  &ParentMatchingRules   MATCHING-RULE OPTIONAL,
  &AssertionType         OPTIONAL,
  &uniqueMatchIndicator  ATTRIBUTE OPTIONAL,
  &id                    OBJECT IDENTIFIER UNIQUE
}
WITH SYNTAX {
  [PARENT &ParentMatchingRules]
  [SYNTAX &AssertionType]
  [UNIQUE-MATCH-INDICATOR &uniqueMatchIndicator]
  ID &id
}

--  AttributeSet
--
--  Used when a set of attributes is to occur.
--
--  type contains the identifier of the attribute
--  values contains a set of values where the structure of the ASN.1
--      is defined by the attribute
--
--  The parameter contains the set of objects describing
--      those attributes that can occur in this location.
--

AttributeSet{ATTRIBUTE:AttrSet} ::= SEQUENCE {
    type      ATTRIBUTE.&id({AttrSet}),
    values    SET SIZE (1..MAX) OF ATTRIBUTE.
                  &Type({AttrSet}{@type})
}

--  SingleAttribute
--
--  Used for a single valued attribute
--
--  The parameter contains the set of objects describing the
--      attributes that can occur in this location
--

SingleAttribute{ATTRIBUTE:AttrSet} ::= SEQUENCE {
    type      ATTRIBUTE.&id({AttrSet}),
    value     ATTRIBUTE.&Type({AttrSet}{@type})
}

--  EXTENSION
--
--  This class definition is used to describe the association of
--      object identifier and ASN.1 type structure for extensions
--
--  All extensions are prefixed with ext-
--
--  &id contains the object identifier for the extension
--  &ExtnType specifies the ASN.1 type structure for the extension
--  &Critical contains the set of legal values for the critical field.
--      This is normally {TRUE|FALSE} but in some instances may be
--      restricted to just one of these values.
--

EXTENSION ::= CLASS {
    &id  OBJECT IDENTIFIER UNIQUE,
    &ExtnType,
    &Critical    BOOLEAN DEFAULT {TRUE | FALSE }
} WITH SYNTAX {
    SYNTAX &ExtnType IDENTIFIED BY &id
    [CRITICALITY &Critical]
}

--  Extensions
--
--  Used for a sequence of extensions.
--
--  The parameter contains the set of legal extensions that can
--  occur in this sequence.
--

Extensions{EXTENSION:ExtensionSet} ::=
    SEQUENCE SIZE (1..MAX) OF Extension{{ExtensionSet}}

--  Extension
--
--  Used for a single extension
--
--  The parameter contains the set of legal extensions that can
--      occur in this extension.
--
--  The restriction on the critical field has been commented out
--  the authors are not completely sure it is correct.
--  The restriction could be done using custom code rather than
--  compiler-generated code, however.
--

Extension{EXTENSION:ExtensionSet} ::= SEQUENCE {
    extnID      EXTENSION.&id({ExtensionSet}),
    critical    BOOLEAN
--                     (EXTENSION.&Critical({ExtensionSet}{@extnID}))
                     DEFAULT FALSE,
    extnValue   OCTET STRING (CONTAINING
                EXTENSION.&ExtnType({ExtensionSet}{@extnID}))
                --  contains the DER encoding of the ASN.1 value
                --  corresponding to the extension type identified
                --  by extnID
}

--  Security Category
--
--  Security categories are used both for specifying clearances and
--  for labeling objects.  We move this here from RFC 3281 so that
--  they will use a common single object class to express this
--  information.
--

SECURITY-CATEGORY ::= TYPE-IDENTIFIER

SecurityCategory{SECURITY-CATEGORY:Supported} ::= SEQUENCE {
    type      [0]  IMPLICIT SECURITY-CATEGORY.
            &id({Supported}),
    value     [1]  EXPLICIT SECURITY-CATEGORY.
            &Type({Supported}{@type})
}

END