pkcs-15v1_1.asn

读写Smart卡加解密接口的程序

PKCS-15 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
         pkcs-15(15) modules(1) pkcs-15(1)} 

-- $Revision: 1.1 $ --

DEFINITIONS IMPLICIT TAGS ::=

BEGIN

IMPORTS

informationFramework, authenticationFramework, certificateExtensions
        FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1)
                                usefulDefinitions(0) 3} 

Name, Attribute
        FROM InformationFramework informationFramework

Certificate, AttributeCertificate, CertificateSerialNumber,
        SubjectPublicKeyInfo
        FROM AuthenticationFramework authenticationFramework

GeneralNames, KeyUsage
        FROM CertificateExtensions certificateExtensions

RecipientInfos, RecipientInfo, OriginatorInfo, sha-1,
	id-alg-CMS3DESwrap, id-alg-CMSRC2wrap, hMAC-SHA1, des-ede3-cbc
	FROM CryptographicMessageSyntax {iso(1) member-body(2)
	us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0)
	cms(1)}

RSAPublicKey
	FROM PKCS-1 {iso(1) member-body(2) us(840) rsadsi(113549)
	pkcs(1) pkcs-1(1) modules(0) pkcs-1(1)} 

AlgorithmIdentifier, SupportingAlgorithms, PBKDF2Algorithms,
	ALGORITHM-IDENTIFIER, id-hmacWithSHA1
	FROM PKCS-5 {iso(1) member-body(2) us(840) rsadsi(113549)
	pkcs(1) pkcs-5(5) modules(16) pkcs-5(1)} 

ECPoint, Parameters
        FROM ANSI-X9-62 {iso(1) member-body(2) us(840)
        ansi-x962(10045) module(4) 1} 

DiffieHellmanPublicNumber, DomainParameters
        FROM ANSI-X9-42 {iso(1) member-body(2) us(840)
        ansi-x942(10046) module(5) 1}

OOBCertHash
        FROM PKIXCMP {iso(1) identified-organization(3) dod(6)
        internet(1) security(5) mechanisms(5) pkix(7) id-mod(0)
        id-mod-cmp(9)};

-- Constants

pkcs15-ub-identifier          INTEGER ::= 255
pkcs15-ub-reference           INTEGER ::= 255
pkcs15-ub-index               INTEGER ::= 65535
pkcs15-ub-label               INTEGER ::= pkcs15-ub-identifier
pkcs15-lb-minPinLength        INTEGER ::= 4
pkcs15-ub-minPinLength        INTEGER ::= 8
pkcs15-ub-storedPinLength     INTEGER ::= 64
pkcs15-ub-recordLength        INTEGER ::= 16383
pkcs15-ub-userConsent         INTEGER ::= 15
pkcs15-ub-securityConditions  INTEGER ::= 255
pkcs15-ub-seInfo              INTEGER ::= 255

-- Object Identifiers

pkcs15 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
                               rsadsi(113549) pkcs(1) pkcs-15(15)}
pkcs15-mo OBJECT IDENTIFIER ::= {pkcs15 1} -- Modules branch
pkcs15-at OBJECT IDENTIFIER ::= {pkcs15 2} -- Attribute branch
pkcs15-ct OBJECT IDENTIFIER ::= {pkcs15 3} -- Content type branch

-- Content Types

pkcs15-ct-PKCS15Token OBJECT IDENTIFIER ::= {pkcs15-ct 1}

-- Basic types

Identifier ::= OCTET STRING (SIZE (0..pkcs15-ub-identifier))

Reference ::= INTEGER (0..pkcs15-ub-reference)

Label ::= UTF8String (SIZE(0..pkcs15-ub-label))

KEY-IDENTIFIER ::= CLASS {
    &id  INTEGER UNIQUE,
    &Value
} WITH SYNTAX {
    SYNTAX &Value IDENTIFIED BY &id
}

CredentialIdentifier {KEY-IDENTIFIER : IdentifierSet} ::= SEQUENCE {
    idType  KEY-IDENTIFIER.&id ({IdentifierSet}),
    idValue KEY-IDENTIFIER.&Value ({IdentifierSet}{@idType})
}

KeyIdentifiers KEY-IDENTIFIER ::= {
    issuerAndSerialNumber|
    issuerAndSerialNumberHash|
    subjectKeyId|
    subjectKeyHash |
    issuerKeyHash |
    issuerNameHash |
    subjectNameHash,
    ...
}

issuerAndSerialNumber KEY-IDENTIFIER::= 
        {SYNTAX PKCS15-OPAQUE.&Type IDENTIFIED BY 1}
        -- As defined in RFC 2630
subjectKeyId KEY-IDENTIFIER ::= 
        {SYNTAX OCTET STRING IDENTIFIED BY 2}
        -- From x509v3 certificate extension
issuerAndSerialNumberHash KEY-IDENTIFIER ::= 
        {SYNTAX OCTET STRING IDENTIFIED BY 3}
        -- Assumes SHA-1 hash of DER encoding of IssuerAndSerialNumber
subjectKeyHash KEY-IDENTIFIER ::= 
        {SYNTAX OCTET STRING IDENTIFIED BY 4}
issuerKeyHash KEY-IDENTIFIER ::= 
        {SYNTAX OCTET STRING IDENTIFIED BY 5}
issuerNameHash KEY-IDENTIFIER ::=
	{SYNTAX OCTET STRING IDENTIFIED BY 6}
	-- SHA-1 hash of DER-encoded issuer name
subjectNameHash KEY-IDENTIFIER ::=
        {SYNTAX OCTET STRING IDENTIFIED BY 7}
	-- SHA-1 hash of DER-encoded subject name

ReferencedValue {Type} ::= CHOICE {
    path	Path,
    url		URL
} (CONSTRAINED BY {-- 'path' or 'url' shall point to an object of
   -- type -- Type}) 

URL ::= CHOICE {
    url		PrintableString,
    urlWithDigest [3] SEQUENCE {
    	url	IA5String,
    	digest	DigestInfoWithDefault
    	}
}

alg-id-sha1 AlgorithmIdentifier {{DigestAlgorithms}} ::= {
    algorithm  sha-1, 
    parameters SHA1Parameters : NULL} 

SHA1Parameters ::= NULL

DigestInfoWithDefault ::= SEQUENCE {
    digestAlg	AlgorithmIdentifier {{DigestAlgorithms}} DEFAULT alg-id-sha1,
    digest	OCTET STRING (SIZE(8..128))
}

Path ::= SEQUENCE {
    path 	OCTET STRING,
    index  	INTEGER (0..pkcs15-ub-index) OPTIONAL,
    length 	[0] INTEGER (0..pkcs15-ub-index) OPTIONAL
    }( WITH COMPONENTS {..., index PRESENT, length PRESENT}| 
       WITH COMPONENTS {..., index ABSENT, length ABSENT})

ObjectValue { Type } ::= CHOICE {
    indirect 	        ReferencedValue {Type},
    direct 	        [0] Type,
    indirect-protected	[1] ReferencedValue {EnvelopedData {Type}},
    direct-protected	[2] EnvelopedData {Type}
    }(CONSTRAINED BY {-- if indirection is being used, then it is
    -- expected that the reference points either to a (possibly
    -- enveloped) object of type -- Type -- or (key case) to a card- 
    -- specific key file --})

PathOrObjects {ObjectType} ::= CHOICE {
    path  	Path,
    objects  	[0] SEQUENCE OF ObjectType,
    ...,
    indirect-protected [1] ReferencedValue {EnvelopedData {SEQUENCE OF ObjectType}},
    direct-protected [2] EnvelopedData {SEQUENCE OF ObjectType}
    }

CommonObjectAttributes ::= SEQUENCE {
    label		Label OPTIONAL,
    flags  		CommonObjectFlags OPTIONAL,
    authId 		Identifier OPTIONAL,
    ...,
    userConsent 	INTEGER (1..pkcs15-ub-userConsent) OPTIONAL,
    accessControlRules	SEQUENCE SIZE (1..MAX) OF AccessControlRule OPTIONAL
} (CONSTRAINED BY {-- authId should be present in the IC card case if
    -- flags.private is set. It must equal an authID in one AuthRecord
    -- in the AODF -- }) 

CommonObjectFlags ::= BIT STRING {
    private	(0),
    modifiable 	(1)
}

AccessControlRule ::= SEQUENCE {
    accessMode		AccessMode,
    securityCondition 	SecurityCondition,
    ... -- For future extensions
}

AccessMode ::= BIT STRING {
    read	(0),
    update	(1),
    execute	(2)
}

SecurityCondition ::= CHOICE {
    authId	Identifier,
    not    	[0] SecurityCondition,
    and    	[1] SEQUENCE SIZE (2..pkcs15-ub-securityConditions)
                OF SecurityCondition, 
    or     	[2] SEQUENCE SIZE (2..pkcs15-ub-securityConditions)
                OF SecurityCondition, 
    ... -- For future extensions
}

CommonKeyAttributes ::= SEQUENCE {
    iD 		 Identifier,
    usage 	 KeyUsageFlags,
    native	 BOOLEAN DEFAULT TRUE,
    accessFlags	 KeyAccessFlags OPTIONAL,
    keyReference Reference OPTIONAL,
    startDate 	 GeneralizedTime OPTIONAL,
    endDate  	 [0] GeneralizedTime OPTIONAL,
    ... -- For future extensions
}

KeyUsageFlags ::= BIT STRING {
    encrypt 			(0),
    decrypt 			(1),
    sign 			(2),
    signRecover 		(3),
    wrap 			(4),
    unwrap 			(5),
    verify 			(6),
    verifyRecover  		(7),
    derive 			(8),
    nonRepudiation		(9)
}

KeyAccessFlags ::= BIT STRING {
    sensitive  		(0),
    extractable 	(1),
    alwaysSensitive 	(2),
    neverExtractable	(3),
    local		(4)
}

CommonPrivateKeyAttributes ::= SEQUENCE {
    subjectName	Name OPTIONAL,
    keyIdentifiers 	[0] SEQUENCE OF CredentialIdentifier
                        {{KeyIdentifiers}} OPTIONAL, 
    ... -- For future extensions
}

CommonPublicKeyAttributes ::= SEQUENCE {
    subjectName	 Name OPTIONAL,
    ...,
    trustedUsage [0] Usage OPTIONAL
}

CommonSecretKeyAttributes ::= SEQUENCE {
    keyLen	INTEGER OPTIONAL, -- keylength (in bits)
    ... -- For future extensions
}

KeyInfo {ParameterType, OperationsType} ::= CHOICE {
    reference		Reference,
    paramsAndOps 	SEQUENCE {
    	parameters 		ParameterType,
    	supportedOperations 	OperationsType OPTIONAL
	}
}

CommonCertificateAttributes ::= SEQUENCE {
    iD 		Identifier, 
    authority	BOOLEAN DEFAULT FALSE,
    identifier 	CredentialIdentifier {{KeyIdentifiers}} OPTIONAL,
    certHash	[0] OOBCertHash OPTIONAL,
    ...,
    trustedUsage [1] Usage OPTIONAL,
    identifiers	[2] SEQUENCE OF CredentialIdentifier{{KeyIdentifiers}} OPTIONAL, 
    implicitTrust [3] BOOLEAN DEFAULT FALSE
}

Usage ::= SEQUENCE {
    keyUsage	KeyUsage OPTIONAL,
    extKeyUsage	SEQUENCE SIZE (1..MAX) OF OBJECT IDENTIFIER OPTIONAL
    }(WITH COMPONENTS {..., keyUsage PRESENT} |
      WITH COMPONENTS {..., extKeyUsage PRESENT})

CommonDataObjectAttributes ::= SEQUENCE {
    applicationName	Label OPTIONAL,
    applicationOID 	OBJECT IDENTIFIER OPTIONAL,
    ... -- For future extensions
    } (WITH COMPONENTS {..., applicationName PRESENT}| 
       WITH COMPONENTS {..., applicationOID PRESENT})

CommonAuthenticationObjectAttributes ::= SEQUENCE {
    authId Identifier,
    ... -- For future extensions
}

PKCS15Object {ClassAttributes, SubClassAttributes, TypeAttributes}
    ::= SEQUENCE {
    commonObjectAttributes	CommonObjectAttributes,
    classAttributes		ClassAttributes,
    subClassAttributes 		[0] SubClassAttributes OPTIONAL,
    typeAttributes		[1] TypeAttributes
}

PKCS15Objects ::= CHOICE {
    privateKeys 	[0] PrivateKeys,
    publicKeys 		[1] PublicKeys,
    trustedPublicKeys  	[2] PublicKeys,
    secretKeys 		[3] SecretKeys,
    certificates	[4] Certificates,
    trustedCertificates [5] Certificates,
    usefulCertificates 	[6] Certificates,
    dataObjects 	[7] DataObjects,
    authObjects 	[8] AuthObjects,
    ... -- For future extensions
}

PrivateKeys  ::= PathOrObjects {PrivateKeyType}

SecretKeys   ::= PathOrObjects {SecretKeyType}

PublicKeys   ::= PathOrObjects {PublicKeyType}

Certificates ::= PathOrObjects {CertificateType}

DataObjects  ::= PathOrObjects {DataType}

AuthObjects  ::= PathOrObjects {AuthenticationType}

PrivateKeyType ::= CHOICE {
    privateRSAKey	PrivateKeyObject {PrivateRSAKeyAttributes},
    privateECKey 	[0] PrivateKeyObject {PrivateECKeyAttributes},
    privateDHKey 	[1] PrivateKeyObject {PrivateDHKeyAttributes},
    privateDSAKey	[2] PrivateKeyObject {PrivateDSAKeyAttributes},
    privateKEAKey	[3] PrivateKeyObject {PrivateKEAKeyAttributes},
    ... -- For future extensions
}

PrivateKeyObject {KeyAttributes} ::= PKCS15Object { 
    CommonKeyAttributes, CommonPrivateKeyAttributes, KeyAttributes}

PrivateRSAKeyAttributes ::= SEQUENCE {
    value 		ObjectValue {RSAPrivateKeyObject},
    modulusLength 	INTEGER, -- modulus length in bits, e.g. 1024
    keyInfo  		KeyInfo {NULL, PublicKeyOperations} OPTIONAL,
    ... -- For future extensions
} 

RSAPrivateKeyObject ::= SEQUENCE {
    modulus 		[0] INTEGER OPTIONAL, -- n
    publicExponent 	[1] INTEGER OPTIONAL, -- e
    privateExponent 	[2] INTEGER OPTIONAL, -- d
    prime1 		[3] INTEGER OPTIONAL, -- p
    prime2 		[4] INTEGER OPTIONAL, -- q
    exponent1  		[5] INTEGER OPTIONAL, -- d mod (p-1)
    exponent2  		[6] INTEGER OPTIONAL, -- d mod (q-1)
    coefficient 	[7] INTEGER OPTIONAL -- inv(q) mod p
} (CONSTRAINED BY {-- must be possible to reconstruct modulus and
   -- privateExponent from selected fields --}) 

PrivateECKeyAttributes ::= SEQUENCE {
    value  	ObjectValue {ECPrivateKey},
    keyInfo 	KeyInfo {Parameters, PublicKeyOperations} OPTIONAL,
    ... -- For future extensions
}

ECPrivateKey ::= INTEGER

PrivateDHKeyAttributes ::= SEQUENCE {
    value  	ObjectValue {DHPrivateKey},
    keyInfo 	KeyInfo {DomainParameters, PublicKeyOperations} OPTIONAL,
    ... -- For future extensions
}

DHPrivateKey ::= INTEGER -- Diffie-Hellman exponent

PrivateDSAKeyAttributes ::= SEQUENCE {
    value  	ObjectValue {DSAPrivateKey},
    keyInfo 	KeyInfo {DomainParameters, PublicKeyOperations} OPTIONAL,
    ... -- For future extensions
}

DSAPrivateKey ::= INTEGER

PrivateKEAKeyAttributes ::= SEQUENCE {
    value  	ObjectValue {KEAPrivateKey},
    keyInfo 	KeyInfo {DomainParameters, PublicKeyOperations} OPTIONAL,
    ... -- For future extensions
}

KEAPrivateKey ::= INTEGER

PublicKeyType ::= CHOICE {
    publicRSAKey 	PublicKeyObject {PublicRSAKeyAttributes},
    publicECKey 	[0] PublicKeyObject {PublicECKeyAttributes},
    publicDHKey 	[1] PublicKeyObject {PublicDHKeyAttributes},
    publicDSAKey 	[2] PublicKeyObject {PublicDSAKeyAttributes},
    publicKEAKey 	[3] PublicKeyObject {PublicKEAKeyAttributes},
    ... -- For future extensions
}

PublicKeyObject {KeyAttributes} ::= PKCS15Object { 
    CommonKeyAttributes, CommonPublicKeyAttributes, KeyAttributes}

PublicRSAKeyAttributes ::= SEQUENCE {
    value		ObjectValue {RSAPublicKeyChoice},
    modulusLength 	INTEGER, -- modulus length in bits, e.g. 1024
    keyInfo		KeyInfo {NULL, PublicKeyOperations} OPTIONAL,
    ... -- For future extensions
} 

RSAPublicKeyChoice ::= CHOICE {
    raw	 RSAPublicKey,
    spki [1] SubjectPublicKeyInfo, -- See X.509. Must contain a
    -- public RSA key 
    ...
}

PublicECKeyAttributes ::= SEQUENCE {
    value  	ObjectValue {ECPublicKeyChoice},
    keyInfo 	KeyInfo {Parameters, PublicKeyOperations} OPTIONAL,
    ... -- For future extensions
}

ECPublicKeyChoice ::= CHOICE {
    raw	 ECPoint,