-- ASN module extracted from ITU-T X.894 (10/2018)
-- 22 Module ANSI-X9-62
ANSI-X9-62 {iso(1) member-body(2) us(840) 10045 module(0) 2}
DEFINITIONS EXPLICIT TAGS ::= BEGIN
-- EXPORTS All;
-- IMPORTS None;
-- ============================================
-- Notes
-- ============================================
-- 1. Definitions in this module are arranged to minimize forward references,
-- Reading backwards gives a top-down approach more like X9.62-1998.
-- 2. Most comments briefly explain subsequent definition.
-- ============================================
-- Common Object Identifier (see E.2)
-- ============================================
-- The root OID for this module.
ansi-X9-62 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) 10045 }
-- ============================================
-- Definition for Algorithm Identifiers (see E.3)
-- ============================================
-- Information object class used to for algorithm identifiers.
-- Note: Original X9.62-1998 was TYPE-IDENTIFIER
-- New version here agrees with X9.63-2001
ALGORITHM ::= CLASS {
&id OBJECT IDENTIFIER UNIQUE,
&Type OPTIONAL
}
WITH SYNTAX { OID &id [PARMS &Type] }
-- X9.62 profile of a common ASN.1 type AlgorithmIdentifier,
-- The X9.62 version is a parameterized type, to allow restrictions.
AlgorithmIdentifier { ALGORITHM:IOSet } ::= SEQUENCE {
algorithm ALGORITHM.&id({IOSet}),
parameters ALGORITHM.&Type({IOSet}{@algorithm}) OPTIONAL
}
-- ============================================
-- Hash Functions (see E.4)
-- ============================================
-- Inherited OID for SHA1
sha-1 OBJECT IDENTIFIER ::= { iso(1)
identified-organization(3) oiw(14) secsig(3) algorithm(2) 26 }
-- New OID for SHA224
id-SHA224 OBJECT IDENTIFIER ::= {
joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 }
-- Inherited OID for SHA256
id-SHA256 OBJECT IDENTIFIER ::= {
joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 }
-- Inherited OID for SHA384
id-SHA384 OBJECT IDENTIFIER ::= {
joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 }
-- Inherited OID for SHA512
id-SHA512 OBJECT IDENTIFIER ::= {
joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 }
-- Information object set of Approved hash functions
ANSIX9HashFunctions ALGORITHM ::= {
{ OID sha-1 } |
{ OID sha-1 PARMS NULL } |
{ OID id-SHA224 } |
{ OID id-SHA224 PARMS NULL } |
{ OID id-SHA256 } |
{ OID id-SHA256 PARMS NULL } |
{ OID id-SHA384 } |
{ OID id-SHA384 PARMS NULL } |
{ OID id-SHA512 } |
{ OID id-SHA512 PARMS NULL } ,
... -- Additional hash functions may be added
}
-- Type (parameterized) to indicate the hash function with
-- the OID ecdsa-with-Specified
HashAlgorithm::= AlgorithmIdentifier {{ ANSIX9HashFunctions }}
-- ============================================
-- Finite Field Identification (see E.5)
-- ============================================
-- Finite field element
FieldElement ::= OCTET STRING
-- Root OID for identifying field types
id-fieldType OBJECT IDENTIFIER ::= { ansi-X9-62 fieldType(1) }
-- OID identifying prime field types
prime-field OBJECT IDENTIFIER ::= { id-fieldType prime(1) }
-- Parameters for prime field
Prime-p ::= INTEGER -- Finite field F(p), where p is an odd prime
-- OID for identifying binary field
characteristic-two-field OBJECT IDENTIFIER ::= {
id-fieldType characteristic-two(2) }
-- Root OID for identifying binary field basis types
id-characteristic-two-basis OBJECT IDENTIFIER ::= {
characteristic-two-field basisType(3) }
-- OID to identify a Gaussian normal basis.
gnBasis OBJECT IDENTIFIER ::= { id-characteristic-two-basis gaussian(1) }
-- OID to identify a trinomial basis.
tpBasis OBJECT IDENTIFIER ::= { id-characteristic-two-basis trinomial(2) }
-- Trinomial basis representation of F2^m
-- Integer k for reduction polynomial x^m + x^k + 1
Trinomial ::= INTEGER
-- OID to identify a pentanomial basis.
ppBasis OBJECT IDENTIFIER ::= { id-characteristic-two-basis pentanomial(3) }
-- Pentanomial basis representation of F2^m
-- reduction polynomial integers k1, k2, k3
-- f(x) = x^m + x^k3 + x^k2 + x^k1 + 1
Pentanomial ::= SEQUENCE {
k1 INTEGER,
k2 INTEGER,
k3 INTEGER
}
-- The object class for binary field basis types
CHARACTERISTIC-TWO ::= TYPE-IDENTIFIER
-- Allowable basis types are given the following info object set
BasisTypes CHARACTERISTIC-TWO ::= {
{ NULL IDENTIFIED BY gnBasis } |
{ Trinomial IDENTIFIED BY tpBasis } |
{ Pentanomial IDENTIFIED BY ppBasis },
... -- Additional basis types may be added
}
-- Parameters for a binary field
Characteristic-two ::= SEQUENCE {
m INTEGER, -- Field size is 2^m
basis CHARACTERISTIC-TWO.&id({BasisTypes}),
parameters CHARACTERISTIC-TWO.&Type({BasisTypes}{@basis})
}
-- Information object class used to constrain fields
FIELD-ID ::= TYPE-IDENTIFIER -- ISO/IEC 8824-2:1995(E), Annex A
-- Field types are constrained with this information object set
FieldTypes FIELD-ID ::= {
{ Prime-p IDENTIFIED BY prime-field } |
{ Characteristic-two IDENTIFIED BY characteristic-two-field },
... -- Additional field types may be added
}
-- Finite fields have a type (prime or binary) and parameters (size and basis)
FieldID { FIELD-ID:IOSet } ::= SEQUENCE {-- Finite field
fieldType FIELD-ID.&id({IOSet}),
parameters FIELD-ID.&Type({IOSet}{@fieldType})
}
-- ============================================
-- Elliptic Curve Points (see E.6)
-- ============================================
ECPoint ::= OCTET STRING
-- ============================================
-- Elliptic Curve Domain Parameters (see E.7)
-- ============================================
-- Identifying an elliptic curve by its coefficients (and optional seed)
Curve ::= SEQUENCE {
a FieldElement, -- Elliptic curve coefficient a
b FieldElement, -- Elliptic curve coefficient b
seed BIT STRING OPTIONAL
-- Shall be present if used in SpecifiedECDomain with version of
-- ecdpVer2 or ecdpVer3
}
-- Type used to control version of EC domain parameters
SpecifiedECDomainVersion ::= INTEGER { ecdpVer1(1) , ecdpVer2(2) , ecdpVer3(3) }
-- Identifying elliptic curve domain parameters explicitly with this type
SpecifiedECDomain ::= SEQUENCE {
version SpecifiedECDomainVersion ( ecdpVer1 | ecdpVer2 | ecdpVer3 ),
fieldID FieldID {{FieldTypes}},
curve Curve,
base ECPoint, -- Base point G
order INTEGER, -- Order n of the base point
cofactor INTEGER OPTIONAL, -- The integer h = #E(Fq)/n
hash HashAlgorithm OPTIONAL,
... -- Additional parameters may be added
}
-- Arc in X9.62 for naming EC domain parameters that are not named elsewhere
ellipticCurve OBJECT IDENTIFIER ::= { ansi-X9-62 curves(3) }
-- Arc in X9.62 for identifying prime order elliptic curve domain parameters
primeCurve OBJECT IDENTIFIER ::= { ellipticCurve prime(1) }
-- Arc from SEC2 that names EC domain parameters and is used again in X9.62
secgCurve OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
certicom(132) curve(0) }
-- Named EC domain parameters in X9.62
ansix9t163k1 OBJECT IDENTIFIER ::= {secgCurve 1 }
ansix9t163r1 OBJECT IDENTIFIER ::= {secgCurve 2 }
ansix9t163r2 OBJECT IDENTIFIER ::= {secgCurve 15 }
ansix9t193r1 OBJECT IDENTIFIER ::= {secgCurve 24 }
ansix9t193r2 OBJECT IDENTIFIER ::= {secgCurve 25 }
ansix9t233k1 OBJECT IDENTIFIER ::= {secgCurve 26 }
ansix9t233r1 OBJECT IDENTIFIER ::= {secgCurve 27 }
ansix9t239k1 OBJECT IDENTIFIER ::= {secgCurve 3 }
ansix9t283k1 OBJECT IDENTIFIER ::= {secgCurve 16 }
ansix9t283r1 OBJECT IDENTIFIER ::= {secgCurve 17 }
ansix9t409k1 OBJECT IDENTIFIER ::= {secgCurve 36 }
ansix9t409r1 OBJECT IDENTIFIER ::= {secgCurve 37 }
ansix9t571k1 OBJECT IDENTIFIER ::= {secgCurve 38 }
ansix9t571r1 OBJECT IDENTIFIER ::= {secgCurve 39 }
ansix9p160k1 OBJECT IDENTIFIER ::= {secgCurve 9 }
ansix9p160r1 OBJECT IDENTIFIER ::= {secgCurve 8 }
ansix9p160r2 OBJECT IDENTIFIER ::= {secgCurve 30 }
ansix9p192k1 OBJECT IDENTIFIER ::= {secgCurve 31 }
ansix9p192r1 OBJECT IDENTIFIER ::= {primeCurve 1 }
ansix9p224k1 OBJECT IDENTIFIER ::= {secgCurve 32 }
ansix9p224r1 OBJECT IDENTIFIER ::= {secgCurve 33 }
ansix9p256k1 OBJECT IDENTIFIER ::= {secgCurve 10 }
ansix9p256r1 OBJECT IDENTIFIER ::= {primeCurve 7 }
ansix9p384r1 OBJECT IDENTIFIER ::= {secgCurve 34 }
ansix9p521r1 OBJECT IDENTIFIER ::= {secgCurve 35 }
-- The object class and syntax for naming elliptic curve domain parameters.
ECDOMAIN ::= CLASS {
&id OBJECT IDENTIFIER UNIQUE
}
WITH SYNTAX { ID &id }
-- Information object set for named elliptic curve domain parameter
ANSIX9NamedDomains ECDOMAIN ::= {
{ ID ansix9t163k1 } | -- L.5.2.2
{ ID ansix9t163r2 } | -- L.5.2.3
{ ID ansix9t233k1 } | -- L.5.3.2
{ ID ansix9t233r1 } | -- L.5.3.3
{ ID ansix9t283k1 } | -- L.5.4.2
{ ID ansix9t283r1 } | -- L.5.4.3
{ ID ansix9t409k1 } | -- L.5.5.2
{ ID ansix9t409r1 } | -- L.5.5.3
{ ID ansix9t571k1 } | -- L.5.6.2
{ ID ansix9t571r1 } | -- L.5.6.3
{ ID ansix9p192k1 } | -- L.6.2.2
{ ID ansix9p192r1 } | -- L.6.2.3
{ ID ansix9p224k1 } | -- L.6.3.2
{ ID ansix9p224r1 } | -- L.6.3.3
{ ID ansix9p256k1 } | -- L.6.4.2
{ ID ansix9p256r1 } | -- L.6.4.3
{ ID ansix9p384r1 } | -- L.6.5.2
{ ID ansix9p521r1 } , -- L.6.6.2
... -- Additional named EC domain parameters may be added.
}
-- Type for identifying elliptic curve domain parameters
ECDomainParameters ::= CHOICE {
specified SpecifiedECDomain, -- Full specification
named ECDOMAIN.&id({ANSIX9NamedDomains}), -- Named
implicitCA NULL -- Parameters same as issuer CA
}
-- ============================================
-- Elliptic Curve Digital Signatures (see E.8)
-- ============================================
-- Format for an actual signature
ECDSA-Sig-Value ::= SEQUENCE {
r INTEGER,
s INTEGER
}
-- Root OID to identify types of signatures
id-ecSigType OBJECT IDENTIFIER ::= { ansi-X9-62 signatures(4) }
-- Original X9.62-1998 OID for ECDSA
ecdsa-with-Sha1 OBJECT IDENTIFIER ::= {id-ecSigType sha1(1)}
-- New OID indicating the message digest to be the natural size hash
-- Note: the natural size hash is strongly recommended
ecdsa-with-Recommended OBJECT IDENTIFIER ::= {id-ecSigType recommended(2)}
-- New OID that indicates the message digest to be specified by the parameters
ecdsa-with-Specified OBJECT IDENTIFIER ::= {id-ecSigType specified(3)}
-- New OIDs that indicates the message digest directly
ecdsa-with-Sha224 OBJECT IDENTIFIER ::= {ecdsa-with-Specified 1}
ecdsa-with-Sha256 OBJECT IDENTIFIER ::= {ecdsa-with-Specified 2}
ecdsa-with-Sha384 OBJECT IDENTIFIER ::= {ecdsa-with-Specified 3}
ecdsa-with-Sha512 OBJECT IDENTIFIER ::= {ecdsa-with-Specified 4}
-- An information object set used to constrain ECC algorithms
ECCAlgorithmSet ALGORITHM ::= {
{OID ecdsa-with-Sha1} |
{OID ecdsa-with-Sha1 PARMS NULL} |
{OID ecdsa-with-Recommended} |
{OID ecdsa-with-Recommended PARMS NULL} |
{OID ecdsa-with-Specified PARMS HashAlgorithm } |
{OID ecdsa-with-Sha224} |
{OID ecdsa-with-Sha256} |
{OID ecdsa-with-Sha384} |
{OID ecdsa-with-Sha512},
... -- More ECC algorithms might be added, including key agreement.
}
-- A type identifying an ECC algorithm
ECCAlgorithm ::= AlgorithmIdentifier {{ECCAlgorithmSet}}
-- A type identifying one or more ECC algorithms with possible preference
ECCAlgorithms ::= SEQUENCE OF ECCAlgorithm
-- ============================================
-- Elliptic Curve Public Keys (see E.9)
-- ============================================
-- Root OID for identifying types of public keys for X9.62
id-publicKeyType OBJECT IDENTIFIER ::= { ansi-X9-62 keyType(2) }
-- Original X9.62-1998 OID for identifying unrestricted EC public key
id-ecPublicKey OBJECT IDENTIFIER ::= {
id-publicKeyType unrestricted(1)
}
-- Algorithm identifier (original X9.62-1998) for
-- EC public key without restrictions
ecPublicKeyType ALGORITHM ::= {
OID id-ecPublicKey PARMS DomainParameters
}
-- New OID for identifying EC public key with algorithm restrictions
id-ecPublicKeyRestricted OBJECT IDENTIFIER ::= {
id-publicKeyType restricted(2)
}
-- Type identified by id-ecPublicKeyRestricted
ECPKRestrictions ::= SEQUENCE {
ecDomain ECDomainParameters,
-- Identifies the EC domain parameters
eccAlgorithms ECCAlgorithms -- Lists the algorithms supported
-- for this public key
}
-- Algorithm identifier (new) with feature to restrict algorithm usage.
ecPublicKeyTypeRestricted ALGORITHM ::= {
OID id-ecPublicKeyRestricted PARMS ECPKRestrictions
}
-- Information object set of allowable algorithm identifiers
-- in a SubjectPublicKeyInfo of a certificate
ECPKAlgorithms ALGORITHM ::= {
ecPublicKeyType |
ecPublicKeyTypeRestricted,
... -- Additional algorithm identifiers may be added
}
-- An instantiation of Alg. Id.
ECPKAlgorithm ::= AlgorithmIdentifier {{ ECPKAlgorithms}}
-- X9.62 profile of an X.509 (ASN.1) field contained
-- in X.509 and PKIX certificates
SubjectPublicKeyInfo ::= SEQUENCE {
algorithm ECPKAlgorithm,
subjectPublicKey BIT STRING
}
END -- ANSI X9.62