APPLE-OIDS
DEFINITIONS IMPLICIT TAGS ::=
BEGIN
-- EXPORTS All --
IMPORTS
BigIntegerStr
FROM VdaEnhancedTypes
pkcs
FROM PKCS1-OIDS
;
-- base OIDs for Apple, Apple Data Security
appleBaseOid OBJECT IDENTIFIER ::= { 1 2 840 113635 }
appleDataSecurity OBJECT IDENTIFIER ::= { appleBaseOid 100 }
-- base OIDs for Apple Trust Policies and Algorithms
appleTrustPolicy OBJECT IDENTIFIER ::= { appleDataSecurity 1 }
appleSecurityAlgorithm OBJECT IDENTIFIER ::=Ê{ appleDataSecurity 2 }
-- Apple trust policy OIDs
appleISignTP OBJECT IDENTIFIER ::= { appleTrustPolicy 1 }
appleX509Basic OBJECT IDENTIFIER ::= { appleTrustPolicy 2 }
appleSSLPolicy OBJECT IDENTIFIER ::= { appleTrustPolicy 3 }
-- Apple algorithms
appleFee OBJECT IDENTIFIER ::= { appleSecurityAlgorithm 1 }
appleAsc OBJECT IDENTIFIER ::= { appleSecurityAlgorithm 2 }
appleFeeMD5 OBJECT IDENTIFIER ::= { appleSecurityAlgorithm 3 }
appleFeeSHA1 OBJECT IDENTIFIER ::= { appleSecurityAlgorithm 4 }
appleFeed OBJECT IDENTIFIER ::= { appleSecurityAlgorithm 5 }
appleFeedExp OBJECT IDENTIFIER ::= { appleSecurityAlgorithm 6 }
appleECDSA OBJECT IDENTIFIER ::= { appleSecurityAlgorithm 7 }
-- PKCS3 OIDs
pkcs-3 OBJECT IDENTIFIER ::= { pkcs 3 }
dhKeyAgreement OBJECT IDENTIFIER ::= { pkcs-3 1 }
-- FEE ElGamal-style signature
FEEElGamalSignature ::= SEQUENCE {
u BigIntegerStr,
pmX BigIntegerStr
}
-- FEE ECDSA-style signature
FEEECDSASignature ::= SEQUENCE {
c BigIntegerStr,
d BigIntegerStr
}
-- FEE Curve parameters
FEEPrimeType ::= INTEGER { pt-mersenne(0), pt-fee(1), pt-general(2) }
FEECurveType ::= INTEGER { ct-montgomery(0), ct-weierstrass(1), ct-general(2) }
FEECurveParameters ::= SEQUENCE
{
primeType FEEPrimeType,
curveType FEECurveType,
q INTEGER, -- unsigned
k INTEGER, -- signed
m INTEGER,
a BigIntegerStr,
bb BigIntegerStr, -- can't use variable/field b
c BigIntegerStr,
x1Plus BigIntegerStr,
x1Minus BigIntegerStr,
cOrderPlus BigIntegerStr,
cOrderMinus BigIntegerStr,
x1OrderPlus BigIntegerStr,
x1OrderMinus BigIntegerStr,
basePrime BigIntegerStr OPTIONAL -- iff FEEPrimeType == pt-general
}
-- FEE keys
FEEPublicKey ::= SEQUENCE
{
version INTEGER,
curveParams FEECurveParameters,
plusX BigIntegerStr,
minusX BigIntegerStr,
plusY BigIntegerStr OPTIONAL -- iff FEECurveType == ct-weierstrass
}
FEEPrivateKey ::= SEQUENCE
{
version INTEGER,
curveParams FEECurveParameters,
privData BigIntegerStr
}
-- DSA keys
--
-- DSA private keys are represented as a PrivateKeyInfo (pkcs8); DSA public keys
-- are represented as SubjectPublicKeyInfo (sm_s509af). However, the public p, g,
-- and q parameters are expressed in the AlgorithmIdentifier.parameters
-- field which is an ANY type. To simplify encoding and decoding (AsnAny is a royal
-- hassle to deal with), we define new structs for the entire keys here.
-- NOTE: these definition are derived from reverse engineering the key blobs
-- created by BSAFE 4.0 using info type KI_DSA{Public,Private}BER. The BSAFE
-- documentation claims that this encoding is X9.20 compatible; however BSAFE
-- adds a field to the dss-params (here called DSABSafeParams) struct which
-- indicates the prime size in bits. The encoding and decoding implemented here
-- is verified to be compatible with BSAFE 4.0 but no other implementations of
-- DSA keys.
--
DSAPrivateKey ::= SEQUENCE
{
version INTEGER,
dsaAlg DSAAlgorithmId,
privateKey OCTET STRING
}
--
-- The publicKey is actually the DER encoding of an ASN integer, wrapped in a
-- BIT STRING.
--
DSAPublicKey ::= SEQUENCE
{
dsaAlg DSAAlgorithmId,
publicKey BIT STRING
}
--
-- A convenient replacement for a DSA AlgorithmIdentifier
--
DSAAlgorithmId ::= SEQUENCE
{
algorithm OBJECT IDENTIFIER, -- id_dsa from sm_cms
params DSABsafeParams
}
--
-- This is the "ANY" parameter from AlgorithmIdentifier.
--
DSABsafeParams ::= SEQUENCE
{
keySizeInBits INTEGER,
p BigIntegerStr,
q BigIntegerStr,
g BigIntegerStr
}
--
-- DSAPrivateKey.privateKey is actually the DER encoding, as an AsnOcts, of this.
--
DSAPrivateKeyOcts ::= SEQUENCE
{
privateKey BigIntegerStr
}
--
-- DSA keys in openssl format.
--
-- Public keys are SubjectPublicKeyInfo. AlgorithmIdentifier.parameters
-- is a DSAAlgParams. We redefine the whole thing here to avoid AsnAny
-- processing.
--
-- The publicKey is actually the DER encoding of an ASN integer, wrapped in a
-- BIT STRING.
--
DSAPublicKeyX509 ::= SEQUENCE
{
dsaAlg DSAAlgorithmIdX509,
publicKey BIT STRING
}
--
-- A convenient replacement for a DSA AlgorithmIdentifier, X509 format
--
DSAAlgorithmIdX509 ::= SEQUENCE
{
algorithm OBJECT IDENTIFIER, -- id_dsa from sm_cms
--
-- this replaces AsnAny parameters; it is the DSA parameter format
-- which is common to the CSP and to openssl
--
params DSAAlgParams
}
--
-- Private keys are one of these, which appears to be specific to openssl.
--
DSAPrivateKeyOpenssl ::= SEQUENCE
{
version INTEGER,
p BigIntegerStr,
q BigIntegerStr,
g BigIntegerStr,
pub BigIntegerStr,
priv BigIntegerStr
}
--
-- DSA signature
--
DSASignature ::= SEQUENCE
{
r BigIntegerStr,
s BigIntegerStr
}
--
-- Encoding of the basic DSA parameters for use in a CDSA key generation context.
--
DSAAlgParams ::= SEQUENCE
{
p BigIntegerStr,
q BigIntegerStr,
g BigIntegerStr
}
-- Diffie Hellman per PKCS3
DHPrivateKey ::= SEQUENCE
{
dHOid OBJECT IDENTIFIER, -- dhKeyAgreement
params DHParameter,
secretPart BigIntegerStr
}
DHParameterBlock ::= SEQUENCE
{
oid OBJECT IDENTIFIER, -- pkcs-3
params DHParameter
}
DHParameter ::= SEQUENCE
{
prime BigIntegerStr, -- p
base BigIntegerStr, -- g
privateValueLength BigIntegerStr OPTIONAL
}
END -- APPLE-OIDS