[apple/security.git] / OSX / libsecurity_asn1 / asn1 / rfc3161.asn1

PKIXTSP {iso(1) identified-organization(3) dod(6) internet(1)
   security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-tsp(13)}

DEFINITIONS IMPLICIT TAGS ::=

BEGIN

-- EXPORTS ALL --

IMPORTS

     Extensions, AlgorithmIdentifier
     FROM PKIX1Explicit88 {iso(1) identified-organization(3)
     dod(6) internet(1) security(5) mechanisms(5) pkix(7)
     id-mod(0) id-pkix1-explicit-88(1)}

     GeneralName FROM PKIX1Implicit88 {iso(1)
     identified-organization(3) dod(6) internet(1) security(5)
     mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit-88(2)}

     ContentInfo FROM CryptographicMessageSyntax {iso(1)
     member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
     smime(16) modules(0) cms(1)}

     PKIFreeText FROM PKIXCMP {iso(1) identified-organization(3)
     dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
     id-mod-cmp(9)} ;

                     --  Locally defined OIDs  --

-- eContentType for a time-stamp token

id-ct-TSTInfo  OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 4}

-- 2.4.1

TimeStampReq ::= SEQUENCE  {
   version                  INTEGER  { v1(1) },
   messageImprint           MessageImprint,
     --a hash algorithm OID and the hash value of the data to be
     --time-stamped
   reqPolicy                TSAPolicyId                OPTIONAL,
   nonce                    INTEGER                    OPTIONAL,
   certReq                  BOOLEAN                    DEFAULT FALSE,
   extensions               [0] IMPLICIT Extensions    OPTIONAL  }

MessageImprint ::= SEQUENCE  {
     hashAlgorithm                AlgorithmIdentifier,
     hashedMessage                OCTET STRING  }

TSAPolicyId ::= OBJECT IDENTIFIER

-- 2.4.2

TimeStampResp ::= SEQUENCE  {
     status                  PKIStatusInfo,
     timeStampToken          TimeStampToken     OPTIONAL  }

-- The status is based on the definition of status
-- in section 3.2.3 of [RFC2510]

PKIStatusInfo ::= SEQUENCE {
    status        PKIStatus,
    statusString  PKIFreeText     OPTIONAL,
    failInfo      PKIFailureInfo  OPTIONAL  }

PKIStatus ::= INTEGER {
    granted                (0),
    -- when the PKIStatus contains the value zero a TimeStampToken, as
       requested, is present.
    grantedWithMods        (1),
     -- when the PKIStatus contains the value one a TimeStampToken,
       with modifications, is present.
    rejection              (2),
    waiting                (3),
    revocationWarning      (4),
     -- this message contains a warning that a revocation is
     -- imminent
    revocationNotification (5)
     -- notification that a revocation has occurred   }

    -- When the TimeStampToken is not present
    -- failInfo indicates the reason why the
    -- time-stamp request was rejected and
    -- may be one of the following values.

PKIFailureInfo ::= BIT STRING {
    badAlg               (0),
      -- unrecognized or unsupported Algorithm Identifier
    badRequest           (2),
      -- transaction not permitted or supported
    badDataFormat        (5),
      -- the data submitted has the wrong format
    timeNotAvailable    (14),
      -- the TSA's time source is not available
    unacceptedPolicy    (15),
      -- the requested TSA policy is not supported by the TSA.
    unacceptedExtension (16),
      -- the requested extension is not supported by the TSA.
    addInfoNotAvailable (17)
      -- the additional information requested could not be understood
      -- or is not available
    systemFailure       (25)
      -- the request cannot be handled due to system failure  }

TimeStampToken ::= ContentInfo

     -- contentType is id-signedData as defined in [CMS]
     -- content is SignedData as defined in([CMS])
     -- eContentType within SignedData is id-ct-TSTInfo
     -- eContent within SignedData is TSTInfo

TSTInfo ::= SEQUENCE  {
    version                      INTEGER  { v1(1) },
    policy                       TSAPolicyId,
    messageImprint               MessageImprint,
      -- MUST have the same value as the similar field in
      -- TimeStampReq
    serialNumber                 INTEGER,
     -- Time-Stamping users MUST be ready to accommodate integers
     -- up to 160 bits.
    genTime                      GeneralizedTime,
    accuracy                     Accuracy                 OPTIONAL,
    ordering                     BOOLEAN             DEFAULT FALSE,
    nonce                        INTEGER                  OPTIONAL,
      -- MUST be present if the similar field was present
      -- in TimeStampReq.  In that case it MUST have the same value.
    tsa                          [0] GeneralName          OPTIONAL,
    extensions                   [1] IMPLICIT Extensions  OPTIONAL   }

Accuracy ::= SEQUENCE {
                seconds        INTEGER           OPTIONAL,
                millis     [0] INTEGER  (1..999) OPTIONAL,
                micros     [1] INTEGER  (1..999) OPTIONAL  }
Commit	Line	Data
b1ab9ed8 A	1	PKIXTSP {iso(1) identified-organization(3) dod(6) internet(1)
	2	security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-tsp(13)}
	3
	4	DEFINITIONS IMPLICIT TAGS ::=
	5
	6	BEGIN
	7
	8	-- EXPORTS ALL --
	9
	10	IMPORTS
	11
	12	Extensions, AlgorithmIdentifier
	13	FROM PKIX1Explicit88 {iso(1) identified-organization(3)
	14	dod(6) internet(1) security(5) mechanisms(5) pkix(7)
	15	id-mod(0) id-pkix1-explicit-88(1)}
	16
	17	GeneralName FROM PKIX1Implicit88 {iso(1)
	18	identified-organization(3) dod(6) internet(1) security(5)
	19	mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit-88(2)}
	20
	21	ContentInfo FROM CryptographicMessageSyntax {iso(1)
	22	member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
	23	smime(16) modules(0) cms(1)}
	24
	25	PKIFreeText FROM PKIXCMP {iso(1) identified-organization(3)
	26	dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
	27	id-mod-cmp(9)} ;
	28
	29	-- Locally defined OIDs --
	30
	31	-- eContentType for a time-stamp token
	32
	33	id-ct-TSTInfo OBJECT IDENTIFIER ::= { iso(1) member-body(2)
	34	us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 4}
	35
	36	-- 2.4.1
	37
	38	TimeStampReq ::= SEQUENCE {
	39	version INTEGER { v1(1) },
	40	messageImprint MessageImprint,
	41	--a hash algorithm OID and the hash value of the data to be
	42	--time-stamped
	43	reqPolicy TSAPolicyId OPTIONAL,
	44	nonce INTEGER OPTIONAL,
	45	certReq BOOLEAN DEFAULT FALSE,
	46	extensions [0] IMPLICIT Extensions OPTIONAL }
	47
	48	MessageImprint ::= SEQUENCE {
	49	hashAlgorithm AlgorithmIdentifier,
	50	hashedMessage OCTET STRING }
	51
	52	TSAPolicyId ::= OBJECT IDENTIFIER
	53
	54	-- 2.4.2
	55
	56	TimeStampResp ::= SEQUENCE {
	57	status PKIStatusInfo,
	58	timeStampToken TimeStampToken OPTIONAL }
	59
	60	-- The status is based on the definition of status
	61	-- in section 3.2.3 of [RFC2510]
	62
	63	PKIStatusInfo ::= SEQUENCE {
	64	status PKIStatus,
65	statusString PKIFreeText OPTIONAL,
66	failInfo PKIFailureInfo OPTIONAL }
67
68	PKIStatus ::= INTEGER {
69	granted (0),
70	-- when the PKIStatus contains the value zero a TimeStampToken, as
71	requested, is present.
72	grantedWithMods (1),
73	-- when the PKIStatus contains the value one a TimeStampToken,
74	with modifications, is present.
75	rejection (2),
76	waiting (3),
77	revocationWarning (4),
78	-- this message contains a warning that a revocation is
79	-- imminent
80	revocationNotification (5)
81	-- notification that a revocation has occurred }
82
83	-- When the TimeStampToken is not present
84	-- failInfo indicates the reason why the
85	-- time-stamp request was rejected and
86	-- may be one of the following values.
87
88	PKIFailureInfo ::= BIT STRING {
89	badAlg (0),
90	-- unrecognized or unsupported Algorithm Identifier
91	badRequest (2),
92	-- transaction not permitted or supported
93	badDataFormat (5),
94	-- the data submitted has the wrong format
95	timeNotAvailable (14),
96	-- the TSA's time source is not available
97	unacceptedPolicy (15),
98	-- the requested TSA policy is not supported by the TSA.
99	unacceptedExtension (16),
100	-- the requested extension is not supported by the TSA.
101	addInfoNotAvailable (17)
102	-- the additional information requested could not be understood
103	-- or is not available
104	systemFailure (25)
105	-- the request cannot be handled due to system failure }
106
107	TimeStampToken ::= ContentInfo
108
109	-- contentType is id-signedData as defined in [CMS]
110	-- content is SignedData as defined in([CMS])
111	-- eContentType within SignedData is id-ct-TSTInfo
112	-- eContent within SignedData is TSTInfo
113
114	TSTInfo ::= SEQUENCE {
115	version INTEGER { v1(1) },
116	policy TSAPolicyId,
117	messageImprint MessageImprint,
118	-- MUST have the same value as the similar field in
119	-- TimeStampReq
120	serialNumber INTEGER,
121	-- Time-Stamping users MUST be ready to accommodate integers
122	-- up to 160 bits.
123	genTime GeneralizedTime,
124	accuracy Accuracy OPTIONAL,
125	ordering BOOLEAN DEFAULT FALSE,
126	nonce INTEGER OPTIONAL,
127	-- MUST be present if the similar field was present
128	-- in TimeStampReq. In that case it MUST have the same value.
129	tsa [0] GeneralName OPTIONAL,
130	extensions [1] IMPLICIT Extensions OPTIONAL }
131
132	Accuracy ::= SEQUENCE {
133	seconds INTEGER OPTIONAL,
134	millis [0] INTEGER (1..999) OPTIONAL,
135	micros [1] INTEGER (1..999) OPTIONAL }
136
137