OSX/libsecurity_asn1/asn1/appleoids.asn

   1 APPLE-OIDS
   2 DEFINITIONS IMPLICIT TAGS  ::=
   3 BEGIN
   4 -- EXPORTS All --
   5
   6 IMPORTS
   7   BigIntegerStr
   8     FROM VdaEnhancedTypes
   9   pkcs
  10         FROM PKCS1-OIDS
  11 ;
  12
  13 -- base OIDs for Apple, Apple Data Security
  14 appleBaseOid OBJECT IDENTIFIER ::= { 1 2 840 113635 }
  15 appleDataSecurity OBJECT IDENTIFIER ::= { appleBaseOid 100 }
  16
  17 -- base OIDs for Apple Trust Policies and Algorithms
  18 appleTrustPolicy OBJECT IDENTIFIER ::= { appleDataSecurity 1 }
  19 appleSecurityAlgorithm OBJECT IDENTIFIER ::=Ê{ appleDataSecurity 2 }
  20
  21 -- Apple trust policy OIDs
  22
  23 appleISignTP OBJECT IDENTIFIER          ::= { appleTrustPolicy 1 }
  24 appleX509Basic OBJECT IDENTIFIER        ::= { appleTrustPolicy 2 }
  25 appleSSLPolicy OBJECT IDENTIFIER    ::= { appleTrustPolicy 3 }
  26
  27 -- Apple algorithms
  28 appleFee OBJECT IDENTIFIER ::= { appleSecurityAlgorithm 1 }
  29 appleAsc OBJECT IDENTIFIER ::= { appleSecurityAlgorithm 2 }
  30 appleFeeMD5 OBJECT IDENTIFIER ::= { appleSecurityAlgorithm 3 }
  31 appleFeeSHA1 OBJECT IDENTIFIER ::= { appleSecurityAlgorithm 4 }
  32 appleFeed OBJECT IDENTIFIER ::= { appleSecurityAlgorithm 5 }
  33 appleFeedExp OBJECT IDENTIFIER ::= { appleSecurityAlgorithm 6 }
  34 appleECDSA OBJECT IDENTIFIER ::= { appleSecurityAlgorithm 7 }
  35
  36 -- PKCS3 OIDs
  37 pkcs-3 OBJECT IDENTIFIER ::= { pkcs 3 }
  38 dhKeyAgreement OBJECT IDENTIFIER ::= { pkcs-3 1 }
  39
  40 -- FEE ElGamal-style signature
  41 FEEElGamalSignature ::= SEQUENCE {
  42   u     BigIntegerStr,
  43   pmX   BigIntegerStr
  44 }
  45
  46 -- FEE ECDSA-style signature
  47 FEEECDSASignature ::= SEQUENCE {
  48   c     BigIntegerStr,
  49   d     BigIntegerStr
  50 }
  51
  52 -- FEE Curve parameters
  53 FEEPrimeType ::=    INTEGER { pt-mersenne(0), pt-fee(1), pt-general(2) }
  54 FEECurveType ::=    INTEGER { ct-montgomery(0), ct-weierstrass(1), ct-general(2) }
  55
  56 FEECurveParameters ::= SEQUENCE
  57 {
  58         primeType               FEEPrimeType,
  59         curveType               FEECurveType,
  60         q                               INTEGER,                        -- unsigned
  61         k                               INTEGER,                        -- signed
  62         m                               INTEGER,
  63         a                               BigIntegerStr,
  64         bb                              BigIntegerStr,          -- can't use variable/field b
  65         c                               BigIntegerStr,
  66         x1Plus                  BigIntegerStr,
  67         x1Minus                 BigIntegerStr,
  68         cOrderPlus              BigIntegerStr,
  69         cOrderMinus             BigIntegerStr,
  70         x1OrderPlus             BigIntegerStr,
  71         x1OrderMinus    BigIntegerStr,
  72         basePrime               BigIntegerStr   OPTIONAL        -- iff FEEPrimeType == pt-general
  73 }
  74
  75 -- FEE keys
  76
  77 FEEPublicKey ::= SEQUENCE
  78 {
  79         version                 INTEGER,
  80         curveParams             FEECurveParameters,
  81         plusX                   BigIntegerStr,
  82         minusX                  BigIntegerStr,
  83         plusY                   BigIntegerStr   OPTIONAL        -- iff FEECurveType == ct-weierstrass
  84 }
  85
  86 FEEPrivateKey ::= SEQUENCE
  87 {
  88         version                 INTEGER,
  89         curveParams             FEECurveParameters,
  90         privData                BigIntegerStr
  91 }
  92
  93 -- DSA keys
  94 --
  95 -- DSA private keys are represented as a PrivateKeyInfo (pkcs8); DSA public keys
  96 -- are represented as SubjectPublicKeyInfo (sm_s509af). However, the public p, g,
  97 -- and q parameters are expressed in the AlgorithmIdentifier.parameters
  98 -- field which is an ANY type. To simplify encoding and decoding (AsnAny is a royal
  99 -- hassle to deal with), we define new structs for the entire keys here.
 100 -- NOTE: these definition are derived from reverse engineering the key blobs
 101 -- created by BSAFE 4.0 using info type KI_DSA{Public,Private}BER. The BSAFE
 102 -- documentation claims that this encoding is X9.20 compatible; however BSAFE
 103 -- adds a field to the dss-params (here called DSABSafeParams) struct which
 104 -- indicates the prime size in bits. The encoding and decoding implemented here
 105 -- is verified to be compatible with BSAFE 4.0 but no other implementations of
 106 -- DSA keys.
 107 --
 108 DSAPrivateKey ::= SEQUENCE
 109 {
 110         version                 INTEGER,
 111         dsaAlg                  DSAAlgorithmId,
 112         privateKey              OCTET STRING
 113 }
 114
 115 --
 116 -- The publicKey is actually the DER encoding of an ASN integer, wrapped in a
 117 -- BIT STRING.
 118 --
 119 DSAPublicKey ::= SEQUENCE
 120 {
 121         dsaAlg                  DSAAlgorithmId,
 122         publicKey               BIT STRING
 123 }
 124
 125 --
 126 -- A convenient replacement for a DSA AlgorithmIdentifier
 127 --
 128 DSAAlgorithmId ::= SEQUENCE
 129 {
 130         algorithm       OBJECT IDENTIFIER,      -- id_dsa from sm_cms
 131         params                  DSABsafeParams
 132 }
 133
 134 --
 135 -- This is the "ANY" parameter from AlgorithmIdentifier.
 136 --
 137 DSABsafeParams ::= SEQUENCE
 138 {
 139         keySizeInBits   INTEGER,
 140         p                               BigIntegerStr,
 141         q                               BigIntegerStr,
 142         g                               BigIntegerStr
 143 }
 144
 145 --
 146 -- DSAPrivateKey.privateKey is actually the DER encoding, as an AsnOcts, of this.
 147 --
 148 DSAPrivateKeyOcts ::= SEQUENCE
 149 {
 150         privateKey              BigIntegerStr
 151 }
 152
 153 --
 154 -- DSA keys in openssl format.
 155 --
 156 -- Public keys are SubjectPublicKeyInfo. AlgorithmIdentifier.parameters
 157 -- is a DSAAlgParams. We redefine the whole thing here to avoid AsnAny
 158 -- processing.
 159 --
 160 -- The publicKey is actually the DER encoding of an ASN integer, wrapped in a
 161 -- BIT STRING.
 162 --
 163 DSAPublicKeyX509 ::= SEQUENCE
 164 {
 165         dsaAlg                  DSAAlgorithmIdX509,
 166         publicKey               BIT STRING
 167 }
 168
 169 --
 170 -- A convenient replacement for a DSA AlgorithmIdentifier, X509 format
 171 --
 172 DSAAlgorithmIdX509 ::= SEQUENCE
 173 {
 174         algorithm       OBJECT IDENTIFIER,      -- id_dsa from sm_cms
 175         --
 176         -- this replaces AsnAny parameters; it is the DSA parameter format
 177         -- which is common to the CSP and to openssl
 178         --
 179         params                  DSAAlgParams
 180 }
 181
 182 --
 183 -- Private keys are one of these, which appears to be specific to openssl.
 184 --
 185 DSAPrivateKeyOpenssl ::= SEQUENCE
 186 {
 187         version                 INTEGER,
 188         p                               BigIntegerStr,
 189         q                               BigIntegerStr,
 190         g                               BigIntegerStr,
 191         pub                             BigIntegerStr,
 192         priv                    BigIntegerStr
 193 }
 194
 195 --
 196 -- DSA signature
 197 --
 198 DSASignature ::= SEQUENCE
 199 {
 200         r                               BigIntegerStr,
 201         s                               BigIntegerStr
 202 }
 203
 204 --
 205 -- Encoding of the basic DSA parameters for use in a CDSA key generation context.
 206 --
 207 DSAAlgParams ::= SEQUENCE
 208 {
 209         p                               BigIntegerStr,
 210         q                               BigIntegerStr,
 211         g                               BigIntegerStr
 212 }
 213
 214 -- Diffie Hellman per PKCS3
 215
 216 DHPrivateKey ::= SEQUENCE
 217 {
 218         dHOid                   OBJECT IDENTIFIER,                      -- dhKeyAgreement
 219         params                  DHParameter,
 220         secretPart              BigIntegerStr
 221 }
 222
 223 DHParameterBlock ::= SEQUENCE
 224 {
 225         oid                             OBJECT IDENTIFIER,                      -- pkcs-3
 226         params                  DHParameter
 227 }
 228
 229 DHParameter ::= SEQUENCE
 230 {
 231         prime                           BigIntegerStr,                  -- p
 232         base                            BigIntegerStr,                  -- g
 233         privateValueLength      BigIntegerStr OPTIONAL
 234 }
 235
 236 END -- APPLE-OIDS
 237