-- ASN module extracted from ITU-T X.894 (10/2018)
-- 19 Module TransientKey
TransientKey {iso(1) identified-organization(3) tc68(133) country(16) x9(840) x9Standards(9) x9-95(95) module(0) tk(2) version(0) v2010-2016(1)}
DEFINITIONS IMPLICIT TAGS ::= BEGIN
-- EXPORTS All; --
IMPORTS
-- X9.73 Cryptographic Message Syntax (CMS) ASN.1 and XML --
Digest, DigestAlgorithmIdentifier, SignatureAlgorithmIdentifier
FROM CryptographicMessageSyntax-2010 {
iso(1) member-body(2) us(840) rsadsi(113549)
pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2009(58)}
-- X9.95 Trusted Time Stamp --
ALGORITHM, OID, TSTInfo
FROM TrustedTimeStamp {
iso(1) identified-organization(3) tc68(133) country(16) x9(840)
x9Standards(9) x9-95(95) module(0) tts(1) v2010-2016(1) }
Certificate
FROM AuthenticationFramework {
joint-iso-itu-t ds(5) module(1) authenticationFramework(7) 8};
transientKeySignedTST OID ::= {
iso(1) identified-organization(3) tc68(133) country(16) x9(840)
x9Standards(9) x9-95(95) module(0) tk(2) contentType(1)}
tsp-req-tk OID ::= {
iso(1) identified-organization(3) tc68(133) country(16) x9(840)
x9Standards(9) x9-95(95) module(0) tk(2) method(2)}
TransientKeySignedTST ::= SEQUENCE {
version TKSVersion,
tstAndInterval TSTAndInterval,
digest Digest,
previousDigest [0] Digest OPTIONAL,
signature Signature
}
TKSVersion ::= INTEGER { version1(1) } (version1, ...)
TSTAndInterval ::= SEQUENCE {
tstInfo TSTInfo,
intervalInfo IntervalInfo
}
IntervalInfo ::= SEQUENCE {
version IIVersion,
signedIntervalSpec SignedIntervalSpec,
archiveTree ArchiveTree,
certifierList UriList OPTIONAL
}
IIVersion ::= INTEGER { version1(1) } (version1, ...)
SignedIntervalSpec ::= SEQUENCE {
intervalSpec IntervalSpec,
signature Signature,
identitySignature IdentitySignature
}
IntervalSpec ::= SEQUENCE {
chainSpec ChainSpec,
intervalStart GeneralizedTime,
intervalStop GeneralizedTime,
publicKey PublicKey,
previousPublicKey [0] PublicKey OPTIONAL,
previousMetaDigest [1] OCTET STRING OPTIONAL
}
ChainSpec ::= SEQUENCE {
serverId Uri,
chainStart GeneralizedTime,
digestAlgorithm DigestAlgorithmIdentifier,
signatureAlgorithm SignatureAlgorithmIdentifier,
publicVerificationServer Uri OPTIONAL
}
Uri ::= IA5String
PublicKey ::= OCTET STRING
Signature ::= BIT STRING
IdentitySignature ::= SEQUENCE {
signatureAlgorithm SignatureAlgorithmIdentifier,
signature Signature,
certificate EncodedCertificate OPTIONAL
}
EncodedCertificate ::= TYPE-IDENTIFIER.&Type( Certificate )
ArchiveTree ::= SEQUENCE {
archive Uri,
children ArchiveTreeList OPTIONAL
}
ArchiveTreeList ::= SEQUENCE SIZE(1..MAX) OF ArchiveTree
UriList ::= SEQUENCE SIZE(1..MAX) OF Uri
END -- TransientKey
6) Add a new clause 20 in Annex A
20 Module TrustedTimestamp
TrustedTimeStamp {
iso(1) identified-organization(3) tc68(133) country(16) x9(840)
x9Standards(9) x9-95(95) module(0) tts(1) v2010-2016(1) }
DEFINITIONS IMPLICIT TAGS ::= BEGIN
-- EXPORTS All; --
IMPORTS
-- ISO/IEC 9594-8 | ITU-T Rec. X.509 AuthenticationFramework --
EXTENSION
FROM AuthenticationFramework {
joint-iso-itu-t ds(5) module(1) authenticationFramework(7) 8 }
-- ISO/IEC 9594-8 | ITU-T Rec. X.509 CertificateExtensions --
GeneralName
FROM CertificateExtensions {
joint-iso-itu-t ds(5) module(1) certificateExtensions(26) 8 }
-- X9.73 Cryptographic Message Syntax (CMS) - ASN.1 and XML --
AuthenticatedData, DigestAlgorithmIdentifier, SignedData
FROM CryptographicMessageSyntax-2010 {
iso(1) member-body(2) us(840) rsadsi(113549)
pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2009(58) }
-- X9.95 TransientKey –
TransientKeySignedTST, transientKeySignedTST, tsp-req-tk
FROM TransientKey {
iso(1) identified-organization(3) tc68(133) country(16) x9(840)
x9Standards(9) x9-95(95) module(0) tk(2) version(0) v2010-2016(1) };
-- Time stamp Request --
TimeStampReq ::= SEQUENCE {
version Version,
messageImprint MessageImprint,
reqPolicy TSAPolicyId OPTIONAL,
nonce Nonce OPTIONAL,
certReq BOOLEAN DEFAULT FALSE,
extensions [0] Extensions OPTIONAL
}
MessageImprint ::= SEQUENCE {
hashAlgorithm DigestAlgorithmIdentifier,
hashedMessage OCTET STRING
}
MessageImprints ::= SEQUENCE SIZE(1..MAX) OF MessageImprint
TSAPolicyId ::= POLICY.&id({TSAPolicies})
TSAPolicies POLICY ::= {
--
... -- Any supported TSA policy --
}
TSAPolicyId ::= POLICY.&id({TSAPolicies})
TSAPolicies POLICY ::= {
--
... -- Any supported TSA policy --
}
POLICY ::= OIDS -- Supported TSA policies --
Nonce ::= INTEGER
-- Time Stamp Response –
TimeStampResp ::= SEQUENCE {
status PKIStatusInfo,
timeStampToken TimeStampToken OPTIONAL
}
Nonce ::= INTEGER
-- Time Stamp Response –
TimeStampResp ::= SEQUENCE {
status PKIStatusInfo,
timeStampToken TimeStampToken OPTIONAL
}
PKIStatusInfo ::= SEQUENCE {
status PKIStatus,
statusString PKIFreeText OPTIONAL,
failInfo PKIFailureInfo OPTIONAL
}
PKIStatus ::= INTEGER {
granted (0), -- request is completely granted
grantedWithMods (1), -- modifications were needed, requester is
-- responsible for asserting the differences
rejection (2), -- request not fulfilled, the failure code
-- provides additional information
waiting (3), -- request not yet processed, requester
-- receives a receipt that the
-- request has been received
revocationWarning (4), -- a revocation is imminent
revocationNotification (5) -- a revocation has occurred
}
PKIFreeText ::= SEQUENCE SIZE(1..MAX) OF UTF8String
PKIFailureInfo ::= BIT STRING {
badAlg (0), -- unrecognized or unsupported algorithm
badRequest (2), -- transaction not permitted or supported
badDataFormat (5), -- data submitted has the wrong format
timeNotAvailable (14), -- TSAs service is not available
unacceptedPolicy (15), -- requested TSA policy is not supported
unacceptedExtension (16), -- requested TSA extension is not supported
addInfoNotAvailable (17), -- requested additional info not available
systemNotAvailable (24), -- system is not available
systemFailure (25), -- system failure
verificationFailure (27) -- verification of time stamp has failed
}
-- Time stamp token --
TimeStampToken ::= SEQUENCE {
contentType CONTENTS.&id({Contents}),
content [0] EXPLICIT CONTENTS.&Type({Contents}{@contentType})
}
Contents CONTENTS ::= {
{ SignedData IDENTIFIED BY id-signedData } |
{ AuthenticatedData IDENTIFIED BY id-ct-authData } |
{ DigestedData IDENTIFIED BY id-digestedData } |
{ TransientKeySignedTST IDENTIFIED BY transientKeySignedTST },
--
... -- Expect additional time-stamp encapsulations --
}
TSTInfo ::= SEQUENCE {
version Version,
policy TSAPolicyId,
messageImprint MessageImprint,
serialNumber SerialNumber,
genTime GeneralizedTime,
accuracy Accuracy OPTIONAL,
ordering BOOLEAN DEFAULT FALSE,
nonce Nonce OPTIONAL,
tsa [0] EXPLICIT GeneralName OPTIONAL,
extensions [1] Extensions OPTIONAL
}
Version ::= INTEGER { v1(1) }
SerialNumber ::= INTEGER -- Expect large values --
Accuracy ::= SEQUENCE {
seconds INTEGER OPTIONAL,
millis [0] INTEGER(1..999) OPTIONAL,
micros [1] INTEGER(1..999) OPTIONAL
} (ALL EXCEPT({ -- No components present -- }))
-- TSTInfo encapsulation --
ETSTInfo ::= OCTET STRING (CONTAINING TSTInfo)
id-ct-TSTInfo OID ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-9(9) smime(16) ct(1) tstInfo(4) }
EContents CONTENTS ::= {
{ ETSTInfo IDENTIFIED BY id-ct-TSTInfo },
--
... -- Expect additional content types --
}
EncapsulatedContentInfo::= SEQUENCE {
eContentType CONTENTS.&id({EContents}),
eContent [0] EXPLICIT CONTENTS.&Type({EContents}{@eContentType})
}
-- Verification of a time stamp token --
VerifyReq ::= SEQUENCE {
version Version,
tst TimeStampToken,
requestID RequestID OPTIONAL
}
VerifyResp ::= SEQUENCE {
version Version,
status PKIStatusInfo,
tst TimeStampToken,
requestID RequestID OPTIONAL
}
-- Extend operation on a time stamp token –
ExtendReq ::= SEQUENCE {
version Version,
tst TimeStampToken,
requestID [0] OCTET STRING OPTIONAL
}
ExtendResp ::= SEQUENCE {
version Version,
status PKIStatusInfo,
tst TimeStampToken,
requestID [0] OCTET STRING OPTIONAL
}
RequestID ::= OCTET STRING (SIZE(1..MAX))
-- Time stamping extensions --
Extension{EXTENSION:ExtensionSet} ::= SEQUENCE {
extnId EXTENSION.&id({ExtensionSet}),
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING
}
Extensions ::= SEQUENCE OF Extension{{TSExtensions}}
TSExtensions EXTENSION ::= {
extHash |
extMethod |
extRenewal,
--
... -- Expect additional extensions --
}
extHash EXTENSION ::= {
SYNTAX ExtHash IDENTIFIED BY tsp-ext-hash
}
ExtHash ::= SEQUENCE SIZE(1..MAX) OF MessageImprint
extMethod EXTENSION ::= {
SYNTAX ExtMethod IDENTIFIED BY tsp-ext-meth
}
ExtMethod ::= SEQUENCE SIZE(1..MAX) OF Method
Method ::= METHOD.&id({Methods})
Methods METHOD ::= {
{ OID tsp-itm-ds } |
{ OID tsp-itm-mac } |
{ OID tsp-req-link } |
{ OID tsp-req-link-ds } |
{ OID tsp-req-tk },
--
... -- Any time stamping method --
}
extRenewal EXTENSION ::= {
SYNTAX ExtRenewal IDENTIFIED BY tsp-ext-renewal
}
ExtRenewal ::= TimeStampToken
tsp-ext-renewal OID ::= {
iso(1) standard(0) time-stamp(18014) extensions(1) renewal(3) }
-- Information object identifiers
tsp-ext-hash OID ::= {
iso(1) standard(0) time-stamp(18014) extensions(1) hash(1)}
tsp-ext-meth OID ::= {
iso(1) standard(0) time-stamp(18014) extensions(1) meth(2) }
tsp-itm-ds OID ::= {
iso(1) standard(0) time-stamp(18014) itm(2) ds(1)}
tsp-itm-mac OID ::= {
iso(1) standard(0) time-stamp(18014) itm(2) mac(2)}
tsp-req-link OID ::= {
iso(1) standard(0) time-stamp(18014) lt(3) link(1)}
tsp-req-link-ds OID ::= {
iso(1) standard(0) time-stamp(18014) lt(3) link-ds(2)}
id-signedData OID ::= {
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2 }
id-ct-authData OID ::= {
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-9(9) smime(16) ct(1) authData(2) }
id-digestedData OID ::= {
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 5 }
-- Linked token encapsulation object identifiers --
tsp-digestedData OID ::= {
iso(1) standard(0) time-stamp(18014) lt(3) digestedData(8) }
tsp-signedData OID ::= {
iso(1) standard(0) time-stamp(18014) lt(3) signedData(9) }
-- Link token types –
DigestedData ::= SEQUENCE {
version DDVersion95,
digestAlgorithm DigestAlgorithmIdentifier,
encapContentInfo EncapsulatedContentInfo,
digest Digest
}
DDVersion95 ::= INTEGER { version2(2) } (version2, ...)
Digest ::= OCTET STRING
BindingInfo ::= SEQUENCE {
version Version,
msgImprints MessageImprints,
aggregate [0] Chains OPTIONAL,
links Links,
publish [1] Chains OPTIONAL,
extensions [2] BindingInfoExtensions OPTIONAL
}
Chains ::= SEQUENCE SIZE(1..MAX) OF Chain
Chain ::= SEQUENCE {
algorithm ChainAlgorithmIdentifier,
links Links
}
ChainAlgorithmIdentifier ::= AlgorithmIdentifier {{ ChainAlgorithms }}
ChainAlgorithms ALGORITHM ::= {
--
... -- Expect additional chain algorithms --
}
Links ::= SEQUENCE SIZE(1..MAX) OF Link
Link ::= SEQUENCE {
algorithm [0] LinkAlgorithmIdentifier OPTIONAL,
identifier [1] INTEGER OPTIONAL,
members Nodes
}
LinkAlgorithmIdentifier ::= AlgorithmIdentifier {{ LinkAlgorithms }}
LinkAlgorithms ALGORITHM ::= {
--
... -- Expect additional link algorithms --
}
Nodes ::= SEQUENCE SIZE(1..MAX) OF Node
Node ::= CHOICE {
imprints [0] Imprints,
reference [1] INTEGER
}
Imprints ::= SEQUENCE SIZE(1..MAX) OF Imprint
Imprint ::= OCTET STRING
-- BindingInfo extensions --
BindingInfoExtensions ::= SEQUENCE OF Extension{{BIExtensions}}
BIExtensions EXTENSION ::= {
extName |
extTime |
extPublication,
--
... -- Expect additional extensions --
}
extName EXTENSION ::= { SYNTAX ExtName IDENTIFIED BY tsp-ext-name }
ExtName ::= GeneralName
tsp-ext-name OID ::= {
iso(1) standard(0) time-stamp(18014) lt(3) name(5) }
extTime EXTENSION ::= { SYNTAX ExtTime IDENTIFIED BY tsp-ext-time }
ExtTime ::= GeneralizedTime
tsp-ext-time OID ::= {
iso(1) standard(0) time-stamp(18014) lt(3) time (6) }
extPublication EXTENSION ::= {
SYNTAX ExtPublication IDENTIFIED BY tsp-ext-publication
}
ExtPublication ::= SEQUENCE SIZE (1..MAX) OF PublicationInfo
tsp-ext-publication OID ::= {
iso(1) standard(0) time-stamp(18014) lt(3) publication (7) }
PublicationInfo ::= SEQUENCE {
pubTime GeneralizedTime OPTIONAL,
pubId [0] GeneralName OPTIONAL,
pubChains [1] Chains OPTIONAL,
sourceId [2] GeneralName OPTIONAL
}
-- Merkle chain algorithm object identifier from Annex E --
id-merkle-chain OID ::= {
iso(1) identified-organization(3) tc68(133) country(16) x9(840)
x9Standards(9) x9-95(95) ids(1) merkle-chain(1) }
merkle-chain ALGORITHM ::= {
OID id-merkle-chain PARMS MerkleChainParms
}
MerkleChainParms ::= SEQUENCE SIZE(1..MAX) OF HashFunction
HashFunction ::= DigestAlgorithmIdentifier
-- Time calibration --
TimeCalibrationReport ::= SEQUENCE {
version Version,
tseInfo EntityInfo,
tsaInfo EntityInfo,
dutInfo [0] EntityInfo OPTIONAL,
timingMetrics TimingMetrics
}
EntityInfo ::= SEQUENCE {
entityName UTF8String OPTIONAL,
entityID OBJECT IDENTIFIER OPTIONAL,
entityOption OCTET STRING OPTIONAL
} (ALL EXCEPT ({ -- None; at least one component shall be present -- }))
TimingMetrics ::= SEQUENCE {
ntpTime GeneralizedTime, -- Time at which certification took place
offset Accuracy, -- Current lower clock offset
delay Accuracy, -- Path propagation delay
leapSecond LeapSecond OPTIONAL
}
LeapSecond ::= SEQUENCE {
leapDay GeneralizedTime,
action INTEGER(0..1) -- 1: last minute has 61 seconds --
-- 0: last minute has 59 seconds --
}
-- Supporting definitions --
OID ::= OBJECT IDENTIFIER -- Alias
OIDS ::= CLASS {
&id OBJECT IDENTIFIER UNIQUE
}
WITH SYNTAX { OID &id }
CONTENTS ::= TYPE-IDENTIFIER -- ISO/IEC 8824-2, Annex A --
AlgorithmIdentifier { ALGORITHM:IOSet } ::= SEQUENCE {
algorithm ALGORITHM.&id({IOSet}),
parameters ALGORITHM.&Type({IOSet}{@algorithm}) OPTIONAL
}
ALGORITHM ::= CLASS {
&id OBJECT IDENTIFIER UNIQUE,
&Type OPTIONAL
}
WITH SYNTAX { OID &id [PARMS &Type] }
METHOD ::= CLASS {
&id OBJECT IDENTIFIER UNIQUE
}
WITH SYNTAX { OID &id }
END -- TrustedTimeStamp --
7) Add a new clause 21 in Annex A
21 Module ANSI-X9-42
ANSI-X-9-42 {iso(1) member-body(2) us(840) ansi-x942(10046) module(5) 1 }
DEFINITIONS EXPLICIT TAGS ::= BEGIN
-- X9.42 Diffie-Hellman and MQV Symmetric Key Agreement
-- EXPORTS All;
-- IMPORTS None;
FIELD-ID ::= TYPE-IDENTIFIER
FieldID { FIELD-ID:IOSet } ::= SEQUENCE {
fieldType FIELD-ID.&id({IOSet}),
parameters FIELD-ID.&Type({IOSet}{@fieldType})
}
FiniteFields ::= FieldID {{ FieldTypes }}
FieldTypes FIELD-ID ::= {
{ DomainParameters IDENTIFIED BY gfPrime }, -- GF(p)
...
}
DomainParameters ::= SEQUENCE { -- Galois field group parameters
p INTEGER, -- odd prime, p = jq + 1
g INTEGER, -- generator, g ^ q = 1 mod p
q INTEGER, -- prime factor of p-1
j INTEGER OPTIONAL, -- cofactor, j ? 2
validationParms ValidationParms OPTIONAL
}
-- Note: The domain parameter cofactor is required when using the cofactor method.
ValidationParms ::= SEQUENCE {
seed BIT STRING, -- seed for prime number generation
pGenCounter INTEGER -- parameter verification
}
-- Diffie-Hellman Public Number
SubjectPublicKeyInfo ::= SEQUENCE {
algorithm AlgorithmIdentifier {{ DHPublicNumbers }},
subjectPublicKey BIT STRING
}
DHPublicNumbers ALGORITHM-ID ::= {
{ OID dhPublicNumber PARMS DomainParameters },
...
}
DiffieHellmanPublicNumber ::= INTEGER
-- Key Agreement Schemes
SchemeSyntax { KeyDerivationMethod: kdm } ::= CHOICE {
schemeId SchemeIdentifier,
oid SchemeOID,
number SchemeNumber
} (CONSTRAINED BY { KeyDerivationMethod: kdm } )
KeyDerivationMethod ::= OBJECT IDENTIFIER
SchemeIdentifier ::= SEQUENCE {
scheme KEY-AGREEMENT.&id({Schemes}),
parameters KEY-AGREEMENT.&Type({Schemes}{@scheme}) OPTIONAL
}
Schemes KEY-AGREEMENT ::= {
{ OID dhStatic PARMS SchemeParameters } |
{ OID dhEphem PARMS SchemeParameters } |
{ OID dhOneFlow PARMS SchemeParameters } |
{ OID dhHybrid1 PARMS SchemeParameters } |
{ OID dhHybrid2 PARMS SchemeParameters } |
{ OID dhHybridOneFlow PARMS SchemeParameters } |
{ OID mqv2 PARMS SchemeParameters } |
{ OID mqv1 PARMS SchemeParameters } |
--
NamedSchemes,
...
}
KEY-AGREEMENT ::= ALGORITHM-ID
SchemeParameters ::= AlgorithmIdentifier {{ KeyDerivationAlgorithm }}
KeyDerivationAlgorithm ALGORITHM-ID ::= {
{ OID id-sha1 PARMS NULL }, -- From ANS X9.30
...
}
HMAC ::= OCTET STRING
SchemeOID ::= KEY-AGREEMENT.&id({NamedSchemes})
NamedSchemes KEY-AGREEMENT ::= {
{ OID dhStatic-sha1 } | -- { dhStatic, {id-sha1,NULL} }
{ OID dhEphem-sha1 } | -- { dhEphem, {id-sha1,NULL} }
{ OID dhOneFlow-sha1 } | -- { dhOneFlow, {id-sha1,NULL} }
{ OID dhHybrid1-sha1 } | -- { dhHybrid1, {id-sha1,NULL} }
{ OID dhHybrid2-sha1 } | -- { dhHybrid2, {id-sha1,NULL} }
{ OID dhHybridOneFlow-sha1 } | -- { dhHybridOneFlow, {id-sha1,NULL} }
{ OID mqv2-sha1 } | -- { mqv2, {id-sha1,NULL} }
{ OID mqv1-sha1 }, -- { mqv1, {id-sha1,NULL} }
...
}
SchemeNumber ::= ENUMERATED {
dhStatic-sha1 (0), -- { dhStatic, {id-sha1,NULL} }
dhEphem-sha1 (1), -- { dhEphem, {id-sha1,NULL} }
dhOneFlow-sha1 (2), -- { dhOneFlow, {id-sha1,NULL} }
dhHybrid1-sha1 (3), -- { dhHybrid1, {id-sha1,NULL} }
dhHybrid2-sha1 (4), -- { dhHybrid2, {id-sha1,NULL} }
dhHybridOneFlow-sha1 (5), -- { dhHybridOneFlow, {id-sha1,NULL} }
mqv2-sha1 (6), -- { mqv2, {id-sha1,NULL} }
mqv1-sha1 (7), -- { mqv1, {id-sha1,NULL} }
...
}
-- Per-Party Public Information
OtherInfo ::= SEQUENCE {
keyInfo AlgorithmIdentifier {{ KeySpecificAlgorithms }},
partyUInfo [0] OCTET STRING OPTIONAL,
partyVInfo [1] OCTET STRING OPTIONAL,
suppPubInfo [2] OCTET STRING OPTIONAL,
suppPrivInfo [3] OCTET STRING OPTIONAL
}
KeySpecificAlgorithms ALGORITHM-ID ::= {
{ OID tripleDES PARMS Counter },
...
}
Counter ::= OCTET STRING (SIZE (4))
TripleDES ::= SEQUENCE SIZE(oneKey..threeKeys) OF INTEGER
oneKey INTEGER ::= 1 -- 1-key: for backwards compatability
threeKeys INTEGER ::= 3 -- 3-key: the best, though 2-key gains
-- most of the Triple DES strength.
-- Object identifiers
ansi-X9-42 OBJECT IDENTIFIER ::= {
iso(1) member-body(2) us(840) ansi-x942(10046) }
fieldType OBJECT IDENTIFIER ::= { ansi-X9-42 fieldType(0) }
gfPrime OBJECT IDENTIFIER ::= { fieldType 1 } -- GF(p)
algorithm OBJECT IDENTIFIER ::= { ansi-X9-42 algorithms(1) }
tripleDES OBJECT IDENTIFIER ::= { algorithm triple-des(2) }
numberType OBJECT IDENTIFIER ::= { ansi-X9-42 numberTypes(2) }
dhPublicNumber OBJECT IDENTIFIER ::= {numberType 1 } -- Diffie-Hellman public number
scheme OBJECT IDENTIFIER ::= { ansi-X9-42 schemes(3) }
dhStatic OBJECT IDENTIFIER ::= {scheme 1 } -- Diffie-Hellman, Static Only
dhEphem OBJECT IDENTIFIER ::= {scheme 2 } -- Diffie-Hellman, Ephemeral Only
dhOneFlow OBJECT IDENTIFIER ::= {scheme 3 } -- Diffie-Hellman, One Flow
dhHybrid1 OBJECT IDENTIFIER ::= {scheme 4 } -- Diffie-Hellman, Hybrid, One Group
dhHybrid2 OBJECT IDENTIFIER ::= {scheme 5 } -- Diffie-Hellman, Hybrid, Two Groups
dhHybridOneFlow OBJECT IDENTIFIER ::= {scheme 6 } -- Diffie-Hellman, Hybrid, OneFlow
mqv2 OBJECT IDENTIFIER ::= {scheme 7 }
-- Menezes-Qu-Vanstone Method, Two pairs/Two pairs
mqv1 OBJECT IDENTIFIER ::= {scheme 8 }
-- Menezes-Qu-Vanstone Method, Two pairs/one pair
namedScheme OBJECT IDENTIFIER ::= { ansi-X9-42 names(4) }
dhStatic-sha1 OBJECT IDENTIFIER ::= { namedScheme 1 }
dhEphem-sha1 OBJECT IDENTIFIER ::= { namedScheme 2 }
dhOneFlow-sha1 OBJECT IDENTIFIER ::= { namedScheme 3 }
dhHybrid1-sha1 OBJECT IDENTIFIER ::= { namedScheme 4 }
dhHybrid2-sha1 OBJECT IDENTIFIER ::= { namedScheme 5 }
dhHybridOneFlow-sha1 OBJECT IDENTIFIER ::= { namedScheme 6 }
mqv2-sha1 OBJECT IDENTIFIER ::= { namedScheme 7 }
mqv1-sha1 OBJECT IDENTIFIER ::= { namedScheme 8 }
keyDerivationMethod OBJECT IDENTIFIER ::= { ansi-X9-42 kdMethods(5) }
kdasn1der OBJECT IDENTIFIER ::=
{ keyDerivationMethod asn1der(0) }
kdConcatenation OBJECT IDENTIFIER ::= {keyDerivationMethod concatenation(1)}
id-sha1 OBJECT IDENTIFIER ::= { iso(1)
identified-organization(3) oiw(14) secsig(3) algorithm(2) sha1(26) }
-- Supporting definitions
AlgorithmIdentifier { ALGORITHM-ID:IOSet } ::= SEQUENCE {
algorithm ALGORITHM-ID.&id({IOSet}),
parameters ALGORITHM-ID.&Type({IOSet}{@algorithm}) OPTIONAL
}
ALGORITHM-ID ::= CLASS {
&id OBJECT IDENTIFIER UNIQUE,
&Type OPTIONAL
}
WITH SYNTAX { OID &id [PARMS &Type] }
END -- ANSI-X9-42 --
8) Add a new clause 22 in Annex A
22 Module ANSI-X9-62
ANSI-X9-62 { iso(1) member-body(2) us(840) 10045 module(0) 2 }
DEFINITIONS EXPLICIT TAGS ::= BEGIN
-- EXPORTS All;
-- IMPORTS None;
-- ============================================
-- Notes
-- ============================================
-- 1. Definitions in this module are arranged to minimize forward references,
-- Reading backwards gives a top-down approach more like X9.62-1998.
-- 2. Most comments briefly explain subsequent definition.
-- ============================================
-- Common Object Identifier (see E.2)
-- ============================================
-- The root OID for this module.
ansi-X9-62 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) 10045 }
-- ============================================
-- Definition for Algorithm Identifiers (see E.3)
-- ============================================
-- Information object class used to for algorithm identifiers.
-- Note: Original X9.62-1998 was TYPE-IDENTIFIER
-- New version here agrees with X9.63-2001
ALGORITHM ::= CLASS {
&id OBJECT IDENTIFIER UNIQUE,
&Type OPTIONAL
}
WITH SYNTAX { OID &id [PARMS &Type] }
-- X9.62 profile of a common ASN.1 type AlgorithmIdentifier,
-- The X9.62 version is a parameterized type, to allow restrictions.
AlgorithmIdentifier { ALGORITHM:IOSet } ::= SEQUENCE {
algorithm ALGORITHM.&id({IOSet}),
parameters ALGORITHM.&Type({IOSet}{@algorithm}) OPTIONAL
}
-- ============================================
-- Hash Functions (see E.4)
-- ============================================
-- Inherited OID for SHA1
sha-1 OBJECT IDENTIFIER ::= { iso(1)
identified-organization(3) oiw(14) secsig(3) algorithm(2) 26 }
-- New OID for SHA224
id-SHA224 OBJECT IDENTIFIER ::= {
joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 }
-- Inherited OID for SHA256
id-SHA256 OBJECT IDENTIFIER ::= {
joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 }
-- Inherited OID for SHA384
id-SHA384 OBJECT IDENTIFIER ::= {
joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 }
-- Inherited OID for SHA512
id-SHA512 OBJECT IDENTIFIER ::= {
joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 }
-- Information object set of Approved hash functions
ANSIX9HashFunctions ALGORITHM ::= {
{ OID sha-1 } |
{ OID sha-1 PARMS NULL } |
{ OID id-SHA224 } |
{ OID id-SHA224 PARMS NULL } |
{ OID id-SHA256 } |
{ OID id-SHA256 PARMS NULL } |
{ OID id-SHA384 } |
{ OID id-SHA384 PARMS NULL } |
{ OID id-SHA512 } |
{ OID id-SHA512 PARMS NULL } ,
... -- Additional hash functions may be added
}
-- Type (parameterized) to indicate the hash function with
-- the OID ecdsa-with-Specified
HashAlgorithm::= AlgorithmIdentifier {{ ANSIX9HashFunctions }}
-- ============================================
-- Finite Field Identification (see E.5)
-- ============================================
-- Finite field element
FieldElement ::= OCTET STRING
-- Root OID for identifying field types
id-fieldType OBJECT IDENTIFIER ::= { ansi-X9-62 fieldType(1) }
-- OID identifying prime field types
prime-field OBJECT IDENTIFIER ::= { id-fieldType prime(1) }
-- Parameters for prime field
Prime-p ::= INTEGER -- Finite field F(p), where p is an odd prime
-- OID for identifying binary field
characteristic-two-field OBJECT IDENTIFIER ::= {
id-fieldType characteristic-two(2) }
-- Root OID for identifying binary field basis types
id-characteristic-two-basis OBJECT IDENTIFIER ::= {
characteristic-two-field basisType(3) }
-- OID to identify a Gaussian normal basis.
gnBasis OBJECT IDENTIFIER ::= { id-characteristic-two-basis gaussian(1) }
-- OID to identify a trinomial basis.
tpBasis OBJECT IDENTIFIER ::= { id-characteristic-two-basis trinomial(2) }
-- Trinomial basis representation of F2^m
-- Integer k for reduction polynomial x^m + x^k + 1
Trinomial ::= INTEGER
-- OID to identify a pentanomial basis.
ppBasis OBJECT IDENTIFIER ::= { id-characteristic-two-basis pentanomial(3) }
-- Pentanomial basis representation of F2^m
-- reduction polynomial integers k1, k2, k3
-- f(x) = x^m + x^k3 + x^k2 + x^k1 + 1
Pentanomial ::= SEQUENCE {
k1 INTEGER,
k2 INTEGER,
k3 INTEGER
}
-- The object class for binary field basis types
CHARACTERISTIC-TWO ::= TYPE-IDENTIFIER
-- Allowable basis types are given the following info object set
BasisTypes CHARACTERISTIC-TWO ::= {
{ NULL IDENTIFIED BY gnBasis } |
{ Trinomial IDENTIFIED BY tpBasis } |
{ Pentanomial IDENTIFIED BY ppBasis },
... -- Additional basis types may be added
}
-- Parameters for a binary field
Characteristic-two ::= SEQUENCE {
m INTEGER, -- Field size is 2^m
basis CHARACTERISTIC-TWO.&id({BasisTypes}),
parameters CHARACTERISTIC-TWO.&Type({BasisTypes}{@basis})
}
-- Information object class used to constrain fields
FIELD-ID ::= TYPE-IDENTIFIER -- ISO/IEC 8824-2:1995(E), Annex A
-- Field types are constrained with this information object set
FieldTypes FIELD-ID ::= {
{ Prime-p IDENTIFIED BY prime-field } |
{ Characteristic-two IDENTIFIED BY characteristic-two-field },
... -- Additional field types may be added
}
-- Finite fields have a type (prime or binary) and parameters (size and basis)
FieldID { FIELD-ID:IOSet } ::= SEQUENCE {-- Finite field
fieldType FIELD-ID.&id({IOSet}),
parameters FIELD-ID.&Type({IOSet}{@fieldType})
}
-- ============================================
-- Elliptic Curve Points (see E.6)
-- ============================================
ECPoint ::= OCTET STRING
-- ============================================
-- Elliptic Curve Domain Parameters (see E.7)
-- ============================================
-- Identifying an elliptic curve by its coefficients (and optional seed)
Curve ::= SEQUENCE {
a FieldElement, -- Elliptic curve coefficient a
b FieldElement, -- Elliptic curve coefficient b
seed BIT STRING OPTIONAL
-- Shall be present if used in SpecifiedECDomain with version of
-- ecdpVer2 or ecdpVer3
}
-- Type used to control version of EC domain parameters
SpecifiedECDomainVersion ::= INTEGER { ecdpVer1(1) , ecdpVer2(2) , ecdpVer3(3) }
-- Identifying elliptic curve domain parameters explicitly with this type
SpecifiedECDomain ::= SEQUENCE {
version SpecifiedECDomainVersion ( ecdpVer1 | ecdpVer2 | ecdpVer3 ),
fieldID FieldID {{FieldTypes}},
curve Curve,
base ECPoint, -- Base point G
order INTEGER, -- Order n of the base point
cofactor INTEGER OPTIONAL, -- The integer h = #E(Fq)/n
hash HashAlgorithm OPTIONAL,
... -- Additional parameters may be added
}
-- Arc in X9.62 for naming EC domain parameters that are not named elsewhere
ellipticCurve OBJECT IDENTIFIER ::= { ansi-X9-62 curves(3) }
-- Arc in X9.62 for identifying prime order elliptic curve domain parameters
primeCurve OBJECT IDENTIFIER ::= { ellipticCurve prime(1) }
-- Arc from SEC2 that names EC domain parameters and is used again in X9.62
secgCurve OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
certicom(132) curve(0) }
-- Named EC domain parameters in X9.62
ansix9t163k1 OBJECT IDENTIFIER ::= {secgCurve 1 }
ansix9t163r1 OBJECT IDENTIFIER ::= {secgCurve 2 }
ansix9t163r2 OBJECT IDENTIFIER ::= {secgCurve 15 }
ansix9t193r1 OBJECT IDENTIFIER ::= {secgCurve 24 }
ansix9t193r2 OBJECT IDENTIFIER ::= {secgCurve 25 }
ansix9t233k1 OBJECT IDENTIFIER ::= {secgCurve 26 }
ansix9t233r1 OBJECT IDENTIFIER ::= {secgCurve 27 }
ansix9t239k1 OBJECT IDENTIFIER ::= {secgCurve 3 }
ansix9t283k1 OBJECT IDENTIFIER ::= {secgCurve 16 }
ansix9t283r1 OBJECT IDENTIFIER ::= {secgCurve 17 }
ansix9t409k1 OBJECT IDENTIFIER ::= {secgCurve 36 }
ansix9t409r1 OBJECT IDENTIFIER ::= {secgCurve 37 }
ansix9t571k1 OBJECT IDENTIFIER ::= {secgCurve 38 }
ansix9t571r1 OBJECT IDENTIFIER ::= {secgCurve 39 }
ansix9p160k1 OBJECT IDENTIFIER ::= {secgCurve 9 }
ansix9p160r1 OBJECT IDENTIFIER ::= {secgCurve 8 }
ansix9p160r2 OBJECT IDENTIFIER ::= {secgCurve 30 }
ansix9p192k1 OBJECT IDENTIFIER ::= {secgCurve 31 }
ansix9p192r1 OBJECT IDENTIFIER ::= {primeCurve 1 }
ansix9p224k1 OBJECT IDENTIFIER ::= {secgCurve 32 }
ansix9p224r1 OBJECT IDENTIFIER ::= {secgCurve 33 }
ansix9p256k1 OBJECT IDENTIFIER ::= {secgCurve 10 }
ansix9p256r1 OBJECT IDENTIFIER ::= {primeCurve 7 }
ansix9p384r1 OBJECT IDENTIFIER ::= {secgCurve 34 }
ansix9p521r1 OBJECT IDENTIFIER ::= {secgCurve 35 }
-- The object class and syntax for naming elliptic curve domain parameters.
ECDOMAIN ::= CLASS {
&id OBJECT IDENTIFIER UNIQUE
}
WITH SYNTAX { ID &id }
-- Information object set for named elliptic curve domain parameter
ANSIX9NamedDomains ECDOMAIN ::= {
{ ID ansix9t163k1 } | -- L.5.2.2
{ ID ansix9t163r2 } | -- L.5.2.3
{ ID ansix9t233k1 } | -- L.5.3.2
{ ID ansix9t233r1 } | -- L.5.3.3
{ ID ansix9t283k1 } | -- L.5.4.2
{ ID ansix9t283r1 } | -- L.5.4.3
{ ID ansix9t409k1 } | -- L.5.5.2
{ ID ansix9t409r1 } | -- L.5.5.3
{ ID ansix9t571k1 } | -- L.5.6.2
{ ID ansix9t571r1 } | -- L.5.6.3
{ ID ansix9p192k1 } | -- L.6.2.2
{ ID ansix9p192r1 } | -- L.6.2.3
{ ID ansix9p224k1 } | -- L.6.3.2
{ ID ansix9p224r1 } | -- L.6.3.3
{ ID ansix9p256k1 } | -- L.6.4.2
{ ID ansix9p256r1 } | -- L.6.4.3
{ ID ansix9p384r1 } | -- L.6.5.2
{ ID ansix9p521r1 } , -- L.6.6.2
... -- Additional named EC domain parameters may be added.
}
-- Type for identifying elliptic curve domain parameters
ECDomainParameters ::= CHOICE {
specified SpecifiedECDomain, -- Full specification
named ECDOMAIN.&id({ANSIX9NamedDomains}), -- Named
implicitCA NULL -- Parameters same as issuer CA
}
-- ============================================
-- Elliptic Curve Digital Signatures (see E.8)
-- ============================================
-- Format for an actual signature
ECDSA-Sig-Value ::= SEQUENCE {
r INTEGER,
s INTEGER
}
-- Root OID to identify types of signatures
id-ecSigType OBJECT IDENTIFIER ::= { ansi-X9-62 signatures(4) }
-- Original X9.62-1998 OID for ECDSA
ecdsa-with-Sha1 OBJECT IDENTIFIER ::= {id-ecSigType sha1(1)}
-- New OID indicating the message digest to be the natural size hash
-- Note: the natural size hash is strongly recommended
ecdsa-with-Recommended OBJECT IDENTIFIER ::= {id-ecSigType recommended(2)}
-- New OID that indicates the message digest to be specified by the parameters
ecdsa-with-Specified OBJECT IDENTIFIER ::= {id-ecSigType specified(3)}
-- New OIDs that indicates the message digest directly
ecdsa-with-Sha224 OBJECT IDENTIFIER ::= {ecdsa-with-Specified 1}
ecdsa-with-Sha256 OBJECT IDENTIFIER ::= {ecdsa-with-Specified 2}
ecdsa-with-Sha384 OBJECT IDENTIFIER ::= {ecdsa-with-Specified 3}
ecdsa-with-Sha512 OBJECT IDENTIFIER ::= {ecdsa-with-Specified 4}
-- An information object set used to constrain ECC algorithms
ECCAlgorithmSet ALGORITHM ::= {
{OID ecdsa-with-Sha1} |
{OID ecdsa-with-Sha1 PARMS NULL} |
{OID ecdsa-with-Recommended} |
{OID ecdsa-with-Recommended PARMS NULL} |
{OID ecdsa-with-Specified PARMS HashAlgorithm } |
{OID ecdsa-with-Sha224} |
{OID ecdsa-with-Sha256} |
{OID ecdsa-with-Sha384} |
{OID ecdsa-with-Sha512},
... -- More ECC algorithms might be added, including key agreement.
}
-- A type identifying an ECC algorithm
ECCAlgorithm ::= AlgorithmIdentifier {{ECCAlgorithmSet}}
-- A type identifying one or more ECC algorithms with possible preference
ECCAlgorithms ::= SEQUENCE OF ECCAlgorithm
-- ============================================
-- Elliptic Curve Public Keys (see E.9)
-- ============================================
-- Root OID for identifying types of public keys for X9.62
id-publicKeyType OBJECT IDENTIFIER ::= { ansi-X9-62 keyType(2) }
-- Original X9.62-1998 OID for identifying unrestricted EC public key
id-ecPublicKey OBJECT IDENTIFIER ::= {
id-publicKeyType unrestricted(1)
}
-- Algorithm identifier (original X9.62-1998) for
-- EC public key without restrictions
ecPublicKeyType ALGORITHM ::= {
OID id-ecPublicKey PARMS DomainParameters
}
-- New OID for identifying EC public key with algorithm restrictions
id-ecPublicKeyRestricted OBJECT IDENTIFIER ::= {
id-publicKeyType restricted(2)
}
-- Type identified by id-ecPublicKeyRestricted
ECPKRestrictions ::= SEQUENCE {
ecDomain ECDomainParameters,
-- Identifies the EC domain parameters
eccAlgorithms ECCAlgorithms -- Lists the algorithms supported
-- for this public key
}
-- Algorithm identifier (new) with feature to restrict algorithm usage.
ecPublicKeyTypeRestricted ALGORITHM ::= {
OID id-ecPublicKeyRestricted PARMS ECPKRestrictions
}
-- Information object set of allowable algorithm identifiers
-- in a SubjectPublicKeyInfo of a certificate
ECPKAlgorithms ALGORITHM ::= {
ecPublicKeyType |
ecPublicKeyTypeRestricted,
... -- Additional algorithm identifiers may be added
}
-- An instantiation of Alg. Id.
ECPKAlgorithm ::= AlgorithmIdentifier {{ ECPKAlgorithms}}
-- X9.62 profile of an X.509 (ASN.1) field contained
-- in X.509 and PKIX certificates
SubjectPublicKeyInfo ::= SEQUENCE {
algorithm ECPKAlgorithm,
subjectPublicKey BIT STRING
}
END -- ANSI X9.62