pike.git / lib / modules / Standards.pmod / PKCS.pmod / Identifiers.pmod

version» Context lines:

pike.git/lib/modules/Standards.pmod/PKCS.pmod/Identifiers.pmod:1:   //   // Object identifiers      #pike __REAL_VERSION__   #pragma strict_types      //! Various ASN.1 identifiers used by PKCS. + //! + //! @seealso + //! @rfc{2459@}, @rfc{3279@}, @rfc{3280@}, @rfc{3447@}, @rfc{4055@}, + //! @rfc{4985@}, @rfc{5480@}, @rfc{5639@}      /* Attributes (from http://leangen.uninett.no:29659/~hta/ietf/oid/2.5.4.html):    (by 1999-01-25, a better URL is http://www.alvestrand.no/objectid/top.html)       2.5.4.0 - id-at-objectClass    2.5.4.1 - id-at-aliasedEntryName    2.5.4.2 - id-at-knowldgeinformation    2.5.4.3 - id-at-commonName    2.5.4.4 - id-at-surname    2.5.4.5 - id-at-serialNumber
pike.git/lib/modules/Standards.pmod/PKCS.pmod/Identifiers.pmod:65:    2.5.4.52 - id-at-supportedAlgorithms    2.5.4.53 - id-at-deltaRevocationList   */      import Standards.ASN1.Types;      Identifier pkcs_id = Identifier(1, 2, 840, 113549, 1);   Identifier pkcs_1_id = pkcs_id->append(1);   Identifier pkcs_9_id = pkcs_id->append(9);    - /* For public key */ + /* For public key (RFC 4055 1.2). */   Identifier rsa_id = pkcs_1_id->append(1);      /* Signature algorithms */ -  + // RFC 3279 2.2.1:   Identifier rsa_md2_id = pkcs_1_id->append(2);   // Identifier rsa_md4_id = pkcs_1_id->append(3);   Identifier rsa_md5_id = pkcs_1_id->append(4);   Identifier rsa_sha1_id = pkcs_1_id->append(5); -  + // RFC 4055 5:   Identifier rsa_sha256_id = pkcs_1_id->append(11);   Identifier rsa_sha384_id = pkcs_1_id->append(12);   Identifier rsa_sha512_id = pkcs_1_id->append(13); -  + Identifier rsa_sha224_id = pkcs_1_id->append(14);    -  + // RFC 8017 a.2.4 + Identifier rsa_sha512_224_id = pkcs_1_id->append(15); + Identifier rsa_sha512_256_id = pkcs_1_id->append(16); +  + // RFC 4055 2.2: + Identifier mgf1_id = pkcs_1_id->append(8); +  + // RFC 3447 a.2.1: + Identifier pspecified_id = pkcs_1_id->append(9); +  + // RFC 4055 3.1: + Identifier rsassa_pss_id = pkcs_1_id->append(10); +  + // RFC 4055 4.1: + Identifier rsaes_oaep_id = pkcs_1_id->append(7); +  + Identifier ecdsa_sha1_id = Identifier(1, 2, 840, 10045, 4, 1);   Identifier ecdsa_sha224_id = Identifier(1, 2, 840, 10045, 4, 3, 1);   Identifier ecdsa_sha256_id = Identifier(1, 2, 840, 10045, 4, 3, 2);   Identifier ecdsa_sha384_id = Identifier(1, 2, 840, 10045, 4, 3, 3);   Identifier ecdsa_sha512_id = Identifier(1, 2, 840, 10045, 4, 3, 4);      /* For public key (unrestricted) from RFC 5480. */   Identifier ec_id = Identifier(1, 2, 840, 10045, 2, 1); -  + Identifier ec_public_key_id = ec_id;    -  + Identifier ec_dh_id = Identifier(1, 3, 132, 1, 12); + Identifier ec_mqw_id = Identifier(1, 3, 132, 1, 13); +    /* Elliptic Curves from RFC 5480 */   Identifier ecc_secp192r1_id = Identifier(1, 2, 840, 10045, 3, 1, 1);   Identifier ecc_sect163k1_id = Identifier(1, 3, 132, 0, 1); -  + Identifier ecc_sect163r1_id = Identifier(1, 3, 132, 0, 2); + Identifier ecc_sect239k1_id = Identifier(1, 3, 132, 0, 3); + Identifier ecc_sect113r1_id = Identifier(1, 3, 132, 0, 4); + Identifier ecc_sect113r2_id = Identifier(1, 3, 132, 0, 5); + Identifier ecc_secp112r1_id = Identifier(1, 3, 132, 0, 6); + Identifier ecc_secp112r2_id = Identifier(1, 3, 132, 0, 7); + Identifier ecc_secp160r1_id = Identifier(1, 3, 132, 0, 8); + Identifier ecc_secp160k1_id = Identifier(1, 3, 132, 0, 9); + Identifier ecc_secp256k1_id= Identifier(1, 3, 132, 0, 10);   Identifier ecc_sect163r2_id = Identifier(1, 3, 132, 0, 15); -  + Identifier ecc_sect131r1_id = Identifier(1, 3, 132, 0, 22); + Identifier ecc_sect131r2_id = Identifier(1, 3, 132, 0, 23); + Identifier ecc_sect193r1_id = Identifier(1, 3, 132, 0, 24); + Identifier ecc_sect193r2_id = Identifier(1, 3, 132, 0, 25);   Identifier ecc_secp224r1_id = Identifier(1, 3, 132, 0, 33);   Identifier ecc_sect233k1_id = Identifier(1, 3, 132, 0, 26);   Identifier ecc_sect233r1_id = Identifier(1, 3, 132, 0, 27); -  + Identifier ecc_secp128r1_id = Identifier(1, 3, 132, 0, 28); + Identifier ecc_secp128r2_id = Identifier(1, 3, 132, 0, 29); + Identifier ecc_secp160r2_id = Identifier(1, 3, 132, 0, 30); + Identifier ecc_secp192k1r1_id = Identifier(1, 3, 132, 0, 31);   Identifier ecc_secp256r1_id = Identifier(1, 2, 840, 10045, 3, 1, 7);   Identifier ecc_sect283k1_id = Identifier(1, 3, 132, 0, 16);   Identifier ecc_sect283r1_id = Identifier(1, 3, 132, 0, 17);   Identifier ecc_secp384r1_id = Identifier(1, 3, 132, 0, 34);   Identifier ecc_sect409k1_id = Identifier(1, 3, 132, 0, 36);   Identifier ecc_sect409r1_id = Identifier(1, 3, 132, 0, 37);   Identifier ecc_secp521r1_id = Identifier(1, 3, 132, 0, 35);   Identifier ecc_sect571k1_id = Identifier(1, 3, 132, 0, 38);   Identifier ecc_sect571r1_id = Identifier(1, 3, 132, 0, 39);    -  + /* Brainpool curves from RFC 5639. */ + protected Identifier ec_sign_id = Identifier(1, 3, 36, 3, 3, 2); + Identifier ec_std_curves_and_generation_id = ec_sign_id->append(8); + protected Identifier ec_curve_id = ec_std_curves_and_generation_id->append(1); + protected Identifier ec_curve_ver1_id = ec_curve_id->append(1); + Identifier brainpool_p160r1 = ec_curve_ver1_id->append(1); + Identifier brainpool_p160t1 = ec_curve_ver1_id->append(2); + Identifier brainpool_p192r1 = ec_curve_ver1_id->append(3); + Identifier brainpool_p192t1 = ec_curve_ver1_id->append(4); + Identifier brainpool_p224r1 = ec_curve_ver1_id->append(5); + Identifier brainpool_p224t1 = ec_curve_ver1_id->append(6); + Identifier brainpool_p256r1 = ec_curve_ver1_id->append(7); + Identifier brainpool_p256t1 = ec_curve_ver1_id->append(8); + Identifier brainpool_p320r1 = ec_curve_ver1_id->append(9); + Identifier brainpool_p320t1 = ec_curve_ver1_id->append(10); + Identifier brainpool_p384r1 = ec_curve_ver1_id->append(11); + Identifier brainpool_p384t1 = ec_curve_ver1_id->append(12); + Identifier brainpool_p521r1 = ec_curve_ver1_id->append(13); + Identifier brainpool_p521t1 = ec_curve_ver1_id->append(14); +  + /* Edwards curves from draft-ietf-curdle-pkix-03. */ + protected Identifier ed_curve_algs_id = Identifier(1, 3, 101); + Identifier x25519_id = ed_curve_algs_id->append(110); + Identifier x448_id = ed_curve_algs_id->append(111); + Identifier eddsa25519_id = ed_curve_algs_id->append(112); + Identifier eddsa448_id = ed_curve_algs_id->append(113); + Identifier eddsa25519ph_id = ed_curve_algs_id->append(114); /* pre-hash */ + Identifier eddsa448ph_id = ed_curve_algs_id->append(115); /* pre-hash */ +    /* For public key    id-dsa ID ::= { iso(1) member-body(2) us(840) x9-57(10040)    x9cm(4) 1 }   */   Identifier dsa_id = Identifier(1, 2, 840, 10040, 4, 1);      /* Signature algorithm    id-dsa-with-sha1 ID ::= {    iso(1) member-body(2) us(840) x9-57 (10040)    x9cm(4) 3 }   */   Identifier dsa_sha_id = Identifier(1, 2, 840, 10040, 4, 3);   Identifier dsa_sha224_id = Identifier(2, 16, 840, 1, 101, 3, 4, 3, 1);   Identifier dsa_sha256_id = Identifier(2, 16, 840, 1, 101, 3, 4, 3, 2);    -  + // RFC 3279 2.2.1:   Identifier md2_id = Identifier(1, 2, 840, 113549, 2, 2);   Identifier md4_id = Identifier(1, 2, 840, 113549, 2, 4);   Identifier md5_id = Identifier(1, 2, 840, 113549, 2, 5); -  +  + // RFC 4055 2.1:   Identifier sha1_id = Identifier(1, 3, 14, 3, 2, 26);   Identifier sha256_id = Identifier(2, 16, 840, 1, 101, 3, 4, 2, 1);   Identifier sha384_id = Identifier(2, 16, 840, 1, 101, 3, 4, 2, 2);   Identifier sha512_id = Identifier(2, 16, 840, 1, 101, 3, 4, 2, 3); -  + Identifier sha224_id = Identifier(2, 16, 840, 1, 101, 3, 4, 2, 4);    -  + // RFC 8017 B.1: + Identifier sha512_224_id = Identifier(2, 16, 840, 1, 101, 3, 4, 2, 5); + Identifier sha512_256_id = Identifier(2, 16, 840, 1, 101, 3, 4, 2, 6); +    /* dhpublicnumber OBJECT IDENTIFIER ::= { iso(1) member-body(2)    us(840) ansi-x942(10046) number-type(2) 1 } */      Identifier dh_id = Identifier(1, 2, 840, 10046, 2, 1);    -  + // RFC 3394 3: + Identifier aes_id = Identifier(2, 16, 840, 1, 101, 3, 4, 1); + Identifier aes128_wrap_id = aes_id->append(5); + Identifier aes192_wrap_id = aes_id->append(25); + Identifier aes256_wrap_id = aes_id->append(45); +    /* Object Identifiers used in X509 distinguished names */      Identifier at_id = Identifier(2, 5, 4);    - mapping(Identifier:string) short_name_ids = + mapping(Identifier:string(7bit)) short_name_ids =   ([    at_id->append(3) : "CN", /* printable string */    at_id->append(6) : "C", /* printable string */    at_id->append(7) : "L", /* printable string */    at_id->append(8) : "ST", /* printable string */    at_id->append(10) : "O", /* printable string */    at_id->append(11) : "OU", /* printable string */    Identifier(1, 2, 840, 113549, 1, 9, 1) : "E" /* printable string */   ]);    - mapping(string:Identifier) name_ids = + #define REVERSE(X) mkmapping(values(X),indices(X)) +  + mapping(string(7bit):Identifier) name_ids =   ([    /* layman.asc says "commonUnitName". Typo? */    "commonName" : at_id->append(3), /* printable string */    "countryName" : at_id->append(6), /* printable string */    "localityName" : at_id->append(7), /* printable string */    "stateOrProvinceName" : at_id->append(8), /* printable string */    "streetAddress" : at_id->append(9), /* printable string */    "organizationName" : at_id->append(10), /* printable string */    "organizationUnitName" : at_id->append(11), /* printable string */    "postalCode" : at_id->append(17), /* printable string */    ]);    - mapping(string:Identifier) attribute_ids = + mapping(Identifier:string(7bit)) reverse_name_ids = REVERSE(name_ids); +  + mapping(string(7bit):Identifier) attribute_ids =   ([    "emailAddress" : pkcs_9_id->append(1), /* IA5String */    "unstructuredName" : pkcs_9_id->append(2), /* IA5String */    "contentType" : pkcs_9_id->append(3), /* Identifier */    "messageDigest" : pkcs_9_id->append(4), /* Octet string */    "signingTime" : pkcs_9_id->append(5), /* UTCTime */    "countersignature" : pkcs_9_id->append(6), /* SignerInfo */    "challengePassword" : pkcs_9_id->append(7), /* Printable | T61    | Universal */    "unstructuredAddress" : pkcs_9_id->append(8), /* Printable | T61 */    "extendedCertificateAttributes" : pkcs_9_id->append(9), /* Attributes */    "friendlyName" : pkcs_9_id->append(20), /* BMPString */    "localKeyID" : pkcs_9_id->append(21) /* OCTET STRING */   ]);    -  + mapping(Identifier:string(7bit)) reverse_attribute_ids = +  REVERSE(attribute_ids); +    /* From RFC 2459 */    - mapping(string:Identifier) at_ids = + mapping(string(7bit):Identifier) at_ids =   ([ /* All attribute values are a CHOICE of most string types,    * including PrintableString, TeletexString (which in practice    * means latin1) and UTF8String. */    "commonName" : at_id->append(3),    "surname" : at_id->append(4),    "countryName" : at_id->append(6),    "localityName" : at_id->append(7),    "stateOrProvinceName" : at_id->append(8),    "organizationName" : at_id->append(10),    "organizationUnitName" : at_id->append(11),    "title" : at_id->append(12),    "name" : at_id->append(41),    "givenName" : at_id->append(42),    "initials" : at_id->append(43), -  "generationQualifier" : at_id->append(43), +  "generationQualifier" : at_id->append(44),    /* What does this attribute mean? */    "dnQualifier" : at_id->append(46),    /* Obsolete, not recommended. */    "emailAddress" : pkcs_9_id->append(1) /* IA5String */   ]);    -  + mapping(Identifier:string(7bit)) reverse_at_ids = REVERSE(at_ids); +    Identifier ce_id = Identifier(2, 5, 29); -  + // RFC 3280   Identifier pkix_id = Identifier(1, 3, 6, 1, 5, 5, 7);    -  + Identifier id_pe = pkix_id->append(1);    - mapping(string:Identifier) ce_ids = + mapping(string(7bit):Identifier) ce_ids =   ([    "subjectDirectoryAttributes" : ce_id->append(9),    "subjectKeyIdentifier" : ce_id->append(14),    "keyUsage" : ce_id->append(15),    "privateKeyUsagePeriod" : ce_id->append(16),    "subjectAltName" : ce_id->append(17),    "issuerAltName" : ce_id->append(18),    "basicConstraints" : ce_id->append(19),    "nameConstraints" : ce_id->append(30),    "cRLDistributionPoints" : ce_id->append(31),    "certificatePolicies" : ce_id->append(32),    "policyMappings" : ce_id->append(33),    "authorityKeyIdentifier" : ce_id->append(35),    "policyConstraints" : ce_id->append(36), -  "extKeyUsage" : ce_id->append(37) +  "extKeyUsage" : ce_id->append(37), +  +  // Private extensions (IANA security-related objects) +  "authorityInfoAccess" : id_pe->append(1), +  "biometricInfo" : id_pe->append(2), +  "qcStatements" : id_pe->append(3), +  "logotype" : id_pe->append(12), +  +  // 2.16.840.1.113730.1.1 Netscape Certificate type    ]);    -  + mapping(Identifier:string(7bit)) reverse_ce_ids = REVERSE(ce_ids); +    /* Policy qualifiers */   Identifier qt_id = pkix_id->append(2);    - mapping(string:Identifier) qt_ids = + mapping(string(7bit):Identifier) qt_ids =   ([ "cps" : qt_id->append(1),    "unotice" : qt_id->append(2) ]);    -  + mapping(Identifier:string(7bit)) reverse_qt_ids = REVERSE(qt_ids); +    /* Key purposes */      Identifier kp_id = pkix_id->append(3);    - mapping(string:Identifier) kp_ids = - ([ "serverAuth" : kp_id->append(1), -  "clientAuth" : kp_id->append(2), -  "codeSigning" : kp_id->append(3), + mapping(string(7bit):Identifier) kp_ids = + ([ "serverAuth" : kp_id->append(1), +  "clientAuth" : kp_id->append(2), +  "codeSigning" : kp_id->append(3),    "emailProtection" : kp_id->append(4), -  "timeStamping" : kp_id->append(8) ]); +  "timeStamping" : kp_id->append(8), +  "OCSPSigning" : kp_id->append(9), + ]);    -  + mapping(Identifier:string(7bit)) reverse_kp_ids = REVERSE(kp_ids); +    /* Private extensions */   Identifier pe_id = pkix_id->append(1);    -  + /* RFC 4985 - Subject Alternative Name for Expression of Service Name */ + Identifier on_id = pkix_id->append(8); + Identifier on_dnsSRV_id = on_id->append(7); +    /* Access descriptions */      Identifier ad_id = pkix_id->append(48);    - mapping(string:Identifier) ad_ids = + mapping(string(7bit):Identifier) ad_ids =   ([ "caIssuers" : ad_id->append(2) ]); -  +  + mapping(Identifier:string(7bit)) reverse_ad_ids = REVERSE(ad_ids);