appleoids.asn   [plain text]


APPLE-OIDS
DEFINITIONS IMPLICIT TAGS  ::=
BEGIN
-- EXPORTS All --

IMPORTS
  BigIntegerStr
    FROM VdaEnhancedTypes
  pkcs
	FROM PKCS1-OIDS
;

-- base OIDs for Apple, Apple Data Security
appleBaseOid OBJECT IDENTIFIER ::= { 1 2 840 113635 }
appleDataSecurity OBJECT IDENTIFIER ::= { appleBaseOid 100 }

-- base OIDs for Apple Trust Policies and Algorithms
appleTrustPolicy OBJECT IDENTIFIER ::= { appleDataSecurity 1 }
appleSecurityAlgorithm OBJECT IDENTIFIER ::={ appleDataSecurity 2 }

-- Apple trust policy OIDs

appleISignTP OBJECT IDENTIFIER 		::= { appleTrustPolicy 1 }
appleX509Basic OBJECT IDENTIFIER 	::= { appleTrustPolicy 2 }
appleSSLPolicy OBJECT IDENTIFIER    ::= { appleTrustPolicy 3 } 

-- Apple algorithms
appleFee OBJECT IDENTIFIER ::= { appleSecurityAlgorithm 1 }
appleAsc OBJECT IDENTIFIER ::= { appleSecurityAlgorithm 2 }
appleFeeMD5 OBJECT IDENTIFIER ::= { appleSecurityAlgorithm 3 }
appleFeeSHA1 OBJECT IDENTIFIER ::= { appleSecurityAlgorithm 4 }
appleFeed OBJECT IDENTIFIER ::= { appleSecurityAlgorithm 5 }
appleFeedExp OBJECT IDENTIFIER ::= { appleSecurityAlgorithm 6 }
appleECDSA OBJECT IDENTIFIER ::= { appleSecurityAlgorithm 7 }

-- PKCS3 OIDs
pkcs-3 OBJECT IDENTIFIER ::= { pkcs 3 }
dhKeyAgreement OBJECT IDENTIFIER ::= { pkcs-3 1 }

-- FEE ElGamal-style signature
FEEElGamalSignature ::= SEQUENCE {
  u     BigIntegerStr,
  pmX 	BigIntegerStr
}

-- FEE ECDSA-style signature
FEEECDSASignature ::= SEQUENCE {
  c     BigIntegerStr, 
  d     BigIntegerStr
}

-- FEE Curve parameters
FEEPrimeType ::=    INTEGER { pt-mersenne(0), pt-fee(1), pt-general(2) }
FEECurveType ::=    INTEGER { ct-montgomery(0), ct-weierstrass(1), ct-general(2) }

FEECurveParameters ::= SEQUENCE
{
	primeType		FEEPrimeType,
	curveType		FEECurveType,
	q				INTEGER,			-- unsigned
	k				INTEGER,			-- signed 
	m				INTEGER,
	a				BigIntegerStr,
	bb				BigIntegerStr,		-- can't use variable/field b
	c				BigIntegerStr,
	x1Plus			BigIntegerStr,
	x1Minus			BigIntegerStr,
	cOrderPlus		BigIntegerStr,
	cOrderMinus		BigIntegerStr,
	x1OrderPlus		BigIntegerStr,
	x1OrderMinus	BigIntegerStr,
	basePrime		BigIntegerStr	OPTIONAL	-- iff FEEPrimeType == pt-general
}

-- FEE keys

FEEPublicKey ::= SEQUENCE
{
	version			INTEGER,
	curveParams		FEECurveParameters,
	plusX			BigIntegerStr,
	minusX			BigIntegerStr,
	plusY			BigIntegerStr	OPTIONAL	-- iff FEECurveType == ct-weierstrass
}

FEEPrivateKey ::= SEQUENCE 
{
	version			INTEGER,
	curveParams		FEECurveParameters,
	privData		BigIntegerStr
}

-- DSA keys
--
-- DSA private keys are represented as a PrivateKeyInfo (pkcs8); DSA public keys
-- are represented as SubjectPublicKeyInfo (sm_s509af). However, the public p, g, 
-- and q parameters are expressed in the AlgorithmIdentifier.parameters
-- field which is an ANY type. To simplify encoding and decoding (AsnAny is a royal
-- hassle to deal with), we define new structs for the entire keys here.
-- NOTE: these definition are derived from reverse engineering the key blobs
-- created by BSAFE 4.0 using info type KI_DSA{Public,Private}BER. The BSAFE 
-- documentation claims that this encoding is X9.20 compatible; however BSAFE
-- adds a field to the dss-params (here called DSABSafeParams) struct which 
-- indicates the prime size in bits. The encoding and decoding implemented here
-- is verified to be compatible with BSAFE 4.0 but no other implementations of
-- DSA keys.
-- 
DSAPrivateKey ::= SEQUENCE
{
	version			INTEGER,
	dsaAlg			DSAAlgorithmId,
	privateKey		OCTET STRING
}	

--
-- The publicKey is actually the DER encoding of an ASN integer, wrapped in a
-- BIT STRING. 
--
DSAPublicKey ::= SEQUENCE
{
	dsaAlg			DSAAlgorithmId,
	publicKey		BIT STRING
}

--
-- A convenient replacement for a DSA AlgorithmIdentifier
--
DSAAlgorithmId ::= SEQUENCE
{
	algorithm       OBJECT IDENTIFIER,	-- id_dsa from sm_cms
	params			DSABsafeParams
}

--
-- This is the "ANY" parameter from AlgorithmIdentifier.
--
DSABsafeParams ::= SEQUENCE
{
	keySizeInBits	INTEGER,	
	p				BigIntegerStr,
	q				BigIntegerStr,
	g				BigIntegerStr
}

--
-- DSAPrivateKey.privateKey is actually the DER encoding, as an AsnOcts, of this.
--
DSAPrivateKeyOcts ::= SEQUENCE
{
	privateKey		BigIntegerStr
}
	
-- 
-- DSA keys in openssl format. 
--
-- Public keys are SubjectPublicKeyInfo. AlgorithmIdentifier.parameters 
-- is a DSAAlgParams. We redefine the whole thing here to avoid AsnAny 
-- processing.
--
-- The publicKey is actually the DER encoding of an ASN integer, wrapped in a
-- BIT STRING. 
--
DSAPublicKeyX509 ::= SEQUENCE
{
	dsaAlg			DSAAlgorithmIdX509,
	publicKey		BIT STRING
}

--
-- A convenient replacement for a DSA AlgorithmIdentifier, X509 format
--
DSAAlgorithmIdX509 ::= SEQUENCE
{
	algorithm       OBJECT IDENTIFIER,	-- id_dsa from sm_cms
	--
	-- this replaces AsnAny parameters; it is the DSA parameter format
	-- which is common to the CSP and to openssl
	--
	params			DSAAlgParams	
}

--
-- Private keys are one of these, which appears to be specific to openssl.
--
DSAPrivateKeyOpenssl ::= SEQUENCE
{
	version			INTEGER,
	p				BigIntegerStr,
	q				BigIntegerStr,
	g				BigIntegerStr,
	pub				BigIntegerStr,
	priv			BigIntegerStr
}

--
-- DSA signature
--
DSASignature ::= SEQUENCE
{
	r				BigIntegerStr,
	s				BigIntegerStr
}

--
-- Encoding of the basic DSA parameters for use in a CDSA key generation context.
-- 
DSAAlgParams ::= SEQUENCE
{
	p				BigIntegerStr,
	q				BigIntegerStr,
	g				BigIntegerStr
}

-- Diffie Hellman per PKCS3

DHPrivateKey ::= SEQUENCE
{
	dHOid			OBJECT IDENTIFIER,			-- dhKeyAgreement
	params			DHParameter,
	secretPart		BigIntegerStr
}

DHParameterBlock ::= SEQUENCE
{
	oid				OBJECT IDENTIFIER,			-- pkcs-3
	params			DHParameter
}

DHParameter ::= SEQUENCE
{
	prime				BigIntegerStr,			-- p
	base				BigIntegerStr,			-- g
	privateValueLength 	BigIntegerStr OPTIONAL
}

END -- APPLE-OIDS