-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
43 changed files
with
8,814 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,169 @@ | ||
-- Module BasicAccessControl (X.501:08/1997) | ||
|
||
BasicAccessControl {joint-iso-itu-t ds(5) module(1) basicAccessControl(24) 3} | ||
DEFINITIONS ::= | ||
BEGIN | ||
|
||
-- EXPORTS All | ||
-- The types and values defined in this module are exported for use in the other ASN.1 modules contained | ||
-- within the Directory Specifications, and for the use of other applications which will use them to access | ||
-- Directory services. Other applications may use them for their own purposes, but this will not constrain | ||
-- extensions and modifications needed to maintain or improve the Directory service. | ||
|
||
IMPORTS | ||
id-aca, id-acScheme, informationFramework, upperBounds, | ||
selectedAttributeTypes, directoryAbstractService | ||
FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) usefulDefinitions(0) 3} | ||
ATTRIBUTE, AttributeType, DistinguishedName, ContextAssertion, | ||
SubtreeSpecification, SupportedAttributes, MATCHING-RULE, | ||
objectIdentifierMatch, Refinement | ||
FROM InformationFramework informationFramework | ||
Filter | ||
FROM DirectoryAbstractService directoryAbstractService | ||
ub-tag | ||
FROM UpperBounds upperBounds | ||
NameAndOptionalUID, directoryStringFirstComponentMatch, DirectoryString{} | ||
FROM SelectedAttributeTypes selectedAttributeTypes; | ||
|
||
ACIItem ::= SEQUENCE { | ||
identificationTag DirectoryString{ub-tag}, | ||
precedence Precedence, | ||
authenticationLevel AuthenticationLevel, | ||
itemOrUserFirst CHOICE { | ||
itemFirst [0] SEQUENCE { | ||
protectedItems ProtectedItems, | ||
itemPermissions SET OF ItemPermission | ||
}, | ||
userFirst [1] SEQUENCE { | ||
userClasses UserClasses, | ||
userPermissions SET OF UserPermission | ||
} | ||
} | ||
} | ||
|
||
Precedence ::= INTEGER(0..255) | ||
|
||
ProtectedItems ::= SEQUENCE { | ||
entry [0] NULL OPTIONAL, | ||
allUserAttributeTypes [1] NULL OPTIONAL, | ||
attributeType [2] SET SIZE (1..MAX) OF AttributeType OPTIONAL, | ||
allAttributeValues [3] SET SIZE (1..MAX) OF AttributeType OPTIONAL, | ||
allUserAttributeTypesAndValues [4] NULL OPTIONAL, | ||
attributeValue [5] SET SIZE (1..MAX) OF AttributeTypeAndValue OPTIONAL, | ||
selfValue [6] SET SIZE (1..MAX) OF AttributeType OPTIONAL, | ||
rangeOfValues [7] Filter OPTIONAL, | ||
maxValueCount [8] SET SIZE (1..MAX) OF MaxValueCount OPTIONAL, | ||
maxImmSub [9] INTEGER OPTIONAL, | ||
restrictedBy [10] SET SIZE (1..MAX) OF RestrictedValue OPTIONAL, | ||
contexts [11] SET SIZE (1..MAX) OF ContextAssertion OPTIONAL, | ||
classes [12] Refinement OPTIONAL | ||
} | ||
|
||
MaxValueCount ::= SEQUENCE { | ||
type AttributeType, | ||
maxCount INTEGER } | ||
|
||
RestrictedValue ::= SEQUENCE { | ||
type AttributeType, | ||
valuesIn AttributeType } | ||
|
||
UserClasses ::= SEQUENCE { | ||
allUsers [0] NULL OPTIONAL, | ||
thisEntry [1] NULL OPTIONAL, | ||
name [2] SET SIZE (1..MAX) OF NameAndOptionalUID OPTIONAL, | ||
userGroup [3] SET SIZE (1..MAX) OF NameAndOptionalUID OPTIONAL, | ||
-- dn component must be the name of an | ||
-- entry of GroupOfUniqueNames | ||
subtree [4] SET SIZE (1..MAX) OF SubtreeSpecification OPTIONAL | ||
} | ||
|
||
ItemPermission ::= SEQUENCE { | ||
precedence Precedence OPTIONAL, | ||
-- defaults to precedence in ACIItem | ||
userClasses UserClasses, | ||
grantsAndDenials GrantsAndDenials | ||
} | ||
|
||
UserPermission ::= SEQUENCE { | ||
precedence Precedence OPTIONAL, | ||
-- defaults to precedence in ACIItem | ||
protectedItems ProtectedItems, | ||
grantsAndDenials GrantsAndDenials | ||
} | ||
|
||
AuthenticationLevel ::= CHOICE { | ||
basicLevels | ||
SEQUENCE {level ENUMERATED {none(0), simple(1), strong(2)}, | ||
localQualifier INTEGER OPTIONAL, | ||
signed BOOLEAN DEFAULT FALSE}, | ||
other EXTERNAL | ||
} | ||
|
||
GrantsAndDenials ::= BIT STRING { | ||
-- permissions that may be used in conjunction | ||
-- with any component of ProtectedItems | ||
grantAdd(0), denyAdd(1), grantDiscloseOnError(2), denyDiscloseOnError(3), | ||
grantRead(4), denyRead(5), grantRemove(6), | ||
denyRemove(7), | ||
-- permissions that may be used only in conjunction | ||
-- with the entry component | ||
grantBrowse(8), denyBrowse(9), grantExport(10), denyExport(11), | ||
grantImport(12), denyImport(13), grantModify(14), denyModify(15), | ||
grantRename(16), denyRename(17), grantReturnDN(18), | ||
denyReturnDN(19), | ||
-- permissions that may be used in conjunction | ||
-- with any component, except entry, of ProtectedItems | ||
grantCompare(20), denyCompare(21), grantFilterMatch(22), denyFilterMatch(23), | ||
grantInvoke(24), denyInvoke(25)} | ||
|
||
AttributeTypeAndValue ::= SEQUENCE { | ||
type ATTRIBUTE.&id({SupportedAttributes}), | ||
value ATTRIBUTE.&Type({SupportedAttributes}{@type}) | ||
} | ||
|
||
-- attributes | ||
accessControlScheme ATTRIBUTE ::= { | ||
WITH SYNTAX OBJECT IDENTIFIER | ||
EQUALITY MATCHING RULE objectIdentifierMatch | ||
SINGLE VALUE TRUE | ||
USAGE directoryOperation | ||
ID id-aca-accessControlScheme | ||
} | ||
|
||
prescriptiveACI ATTRIBUTE ::= { | ||
WITH SYNTAX ACIItem | ||
EQUALITY MATCHING RULE directoryStringFirstComponentMatch | ||
USAGE directoryOperation | ||
ID id-aca-prescriptiveACI | ||
} | ||
|
||
entryACI ATTRIBUTE ::= { | ||
WITH SYNTAX ACIItem | ||
EQUALITY MATCHING RULE directoryStringFirstComponentMatch | ||
USAGE directoryOperation | ||
ID id-aca-entryACI | ||
} | ||
|
||
subentryACI ATTRIBUTE ::= { | ||
WITH SYNTAX ACIItem | ||
EQUALITY MATCHING RULE directoryStringFirstComponentMatch | ||
USAGE directoryOperation | ||
ID id-aca-subentryACI | ||
} | ||
|
||
-- object identifier assignments | ||
-- attributes | ||
id-aca-accessControlScheme OBJECT IDENTIFIER ::= {id-aca 1} | ||
id-aca-prescriptiveACI OBJECT IDENTIFIER ::= {id-aca 4} | ||
id-aca-entryACI OBJECT IDENTIFIER ::= {id-aca 5} | ||
id-aca-subentryACI OBJECT IDENTIFIER ::= {id-aca 6} | ||
|
||
-- access control schemes - | ||
basicAccessControlScheme OBJECT IDENTIFIER ::= {id-acScheme 1} | ||
simplifiedAccessControlScheme OBJECT IDENTIFIER ::= {id-acScheme 2} | ||
rule-based-access-control OBJECT IDENTIFIER ::= {id-acScheme 3} | ||
rule-and-basic-access-control OBJECT IDENTIFIER ::= {id-acScheme 4} | ||
rule-and-simple-access-control OBJECT IDENTIFIER ::= {id-acScheme 5} | ||
|
||
END -- BasicAccessControl | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,97 @@ | ||
CMS-AES-CCM-and-AES-GCM-2009 | ||
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) | ||
pkcs-9(9) smime(16) modules(0) id-mod-cms-aes-ccm-gcm-02(44) } | ||
|
||
DEFINITIONS IMPLICIT TAGS ::= | ||
BEGIN | ||
EXPORTS ALL; | ||
IMPORTS | ||
|
||
CONTENT-ENCRYPTION, SMIME-CAPS | ||
FROM AlgorithmInformation-2009 | ||
{iso(1) identified-organization(3) dod(6) internet(1) security(5) | ||
mechanisms(5) pkix(7) id-mod(0) | ||
id-mod-algorithmInformation-02(58)}; | ||
|
||
-- Add this algorithm set to include all of the algorithms defined in | ||
-- this document | ||
|
||
-- ContentEncryptionAlgs CONTENT-ENCRYPTION ::= { | ||
-- cea-aes128-CCM | cea-aes192-CCM | cea-aes256-CCM | | ||
-- cea-aes128-GCM | cea-aes192-GCM | cea-aes256-GCM, ... } | ||
|
||
SMimeCaps SMIME-CAPS ::= { | ||
cea-aes128-CCM.&smimeCaps | | ||
cea-aes192-CCM.&smimeCaps | | ||
cea-aes256-CCM.&smimeCaps | | ||
cea-aes128-GCM.&smimeCaps | | ||
cea-aes192-GCM.&smimeCaps | | ||
cea-aes256-GCM.&smimeCaps, | ||
... | ||
} | ||
|
||
-- Defining objects | ||
|
||
aes OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) | ||
organization(1) gov(101) csor(3) nistAlgorithms(4) 1 } | ||
|
||
id-aes128-CCM OBJECT IDENTIFIER ::= { aes 7 } | ||
id-aes192-CCM OBJECT IDENTIFIER ::= { aes 27 } | ||
id-aes256-CCM OBJECT IDENTIFIER ::= { aes 47 } | ||
|
||
id-aes128-GCM OBJECT IDENTIFIER ::= { aes 6 } | ||
id-aes192-GCM OBJECT IDENTIFIER ::= { aes 26 } | ||
id-aes256-GCM OBJECT IDENTIFIER ::= { aes 46 } | ||
|
||
cea-aes128-CCM CONTENT-ENCRYPTION ::= { | ||
IDENTIFIER id-aes128-CCM | ||
PARAMS TYPE CCMParameters ARE required | ||
SMIME-CAPS { IDENTIFIED BY id-aes128-CCM } | ||
} | ||
|
||
cea-aes192-CCM CONTENT-ENCRYPTION ::= { | ||
IDENTIFIER id-aes192-CCM | ||
PARAMS TYPE CCMParameters ARE required | ||
SMIME-CAPS { IDENTIFIED BY id-aes192-CCM } | ||
} | ||
|
||
cea-aes256-CCM CONTENT-ENCRYPTION ::= { | ||
IDENTIFIER id-aes256-CCM | ||
PARAMS TYPE CCMParameters ARE required | ||
SMIME-CAPS { IDENTIFIED BY id-aes256-CCM } | ||
} | ||
|
||
|
||
cea-aes128-GCM CONTENT-ENCRYPTION ::= { | ||
IDENTIFIER id-aes128-GCM | ||
PARAMS TYPE GCMParameters ARE required | ||
SMIME-CAPS { IDENTIFIED BY id-aes128-GCM } | ||
} | ||
|
||
cea-aes192-GCM CONTENT-ENCRYPTION ::= { | ||
IDENTIFIER id-aes128-GCM | ||
PARAMS TYPE GCMParameters ARE required | ||
SMIME-CAPS { IDENTIFIED BY id-aes192-GCM } | ||
} | ||
|
||
cea-aes256-GCM CONTENT-ENCRYPTION ::= { | ||
IDENTIFIER id-aes128-GCM | ||
PARAMS TYPE GCMParameters ARE required | ||
SMIME-CAPS { IDENTIFIED BY id-aes256-GCM } | ||
} | ||
|
||
-- Parameters for AlgorithmIdentifier | ||
|
||
CCMParameters ::= SEQUENCE { | ||
aes-nonce OCTET STRING (SIZE(7..13)), | ||
aes-ICVlen AES-CCM-ICVlen DEFAULT 12 } | ||
|
||
AES-CCM-ICVlen ::= INTEGER (4 | 6 | 8 | 10 | 12 | 14 | 16) | ||
|
||
GCMParameters ::= SEQUENCE { | ||
aes-nonce OCTET STRING, -- recommended size is 12 octets | ||
aes-ICVlen AES-GCM-ICVlen DEFAULT 12 } | ||
|
||
AES-GCM-ICVlen ::= INTEGER (12 | 13 | 14 | 15 | 16) | ||
|
||
END |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
-- RFC 5911 | ||
|
||
CMSAesRsaesOaep-2009 {iso(1) member-body(2) us(840) rsadsi(113549) | ||
pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-aes-02(38)} | ||
DEFINITIONS IMPLICIT TAGS ::= | ||
BEGIN | ||
IMPORTS | ||
|
||
CONTENT-ENCRYPTION, KEY-WRAP, SMIME-CAPS | ||
FROM AlgorithmInformation-2009 | ||
{iso(1) identified-organization(3) dod(6) internet(1) security(5) | ||
mechanisms(5) pkix(7) id-mod(0) | ||
id-mod-algorithmInformation-02(58)}; | ||
|
||
AES-ContentEncryption CONTENT-ENCRYPTION ::= { | ||
cea-aes128-cbc | cea-aes192-cbc | cea-aes256-cbc, ... | ||
} | ||
|
||
AES-KeyWrap KEY-WRAP ::= { | ||
kwa-aes128-wrap | kwa-aes192-wrap | kwa-aes256-wrap, ... | ||
} | ||
|
||
SMimeCaps SMIME-CAPS ::= { | ||
cea-aes128-cbc.&smimeCaps | | ||
cea-aes192-cbc.&smimeCaps | | ||
cea-aes256-cbc.&smimeCaps | | ||
kwa-aes128-wrap.&smimeCaps | | ||
kwa-aes192-wrap.&smimeCaps | | ||
kwa-aes256-wrap.&smimeCaps, ... | ||
} | ||
|
||
-- AES information object identifiers -- | ||
|
||
aes OBJECT IDENTIFIER ::= | ||
{ joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) | ||
csor(3) nistAlgorithms(4) 1 } | ||
|
||
-- AES using CBC mode for key sizes of 128, 192, 256 | ||
|
||
cea-aes128-cbc CONTENT-ENCRYPTION ::= { | ||
IDENTIFIER id-aes128-CBC | ||
PARAMS TYPE AES-IV ARE required | ||
SMIME-CAPS { IDENTIFIED BY id-aes128-CBC } | ||
} | ||
id-aes128-CBC OBJECT IDENTIFIER ::= { aes 2 } | ||
|
||
cea-aes192-cbc CONTENT-ENCRYPTION ::= { | ||
IDENTIFIER id-aes192-CBC | ||
PARAMS TYPE AES-IV ARE required | ||
SMIME-CAPS { IDENTIFIED BY id-aes192-CBC } | ||
} | ||
id-aes192-CBC OBJECT IDENTIFIER ::= { aes 22 } | ||
|
||
cea-aes256-cbc CONTENT-ENCRYPTION ::= { | ||
IDENTIFIER id-aes256-CBC | ||
PARAMS TYPE AES-IV ARE required | ||
SMIME-CAPS { IDENTIFIED BY id-aes256-CBC } | ||
} | ||
id-aes256-CBC OBJECT IDENTIFIER ::= { aes 42 } | ||
|
||
-- AES-IV is the parameter for all the above object identifiers. | ||
|
||
AES-IV ::= OCTET STRING (SIZE(16)) | ||
|
||
-- AES Key Wrap Algorithm Identifiers - Parameter is absent | ||
|
||
kwa-aes128-wrap KEY-WRAP ::= { | ||
IDENTIFIER id-aes128-wrap | ||
PARAMS ARE absent | ||
SMIME-CAPS { IDENTIFIED BY id-aes128-wrap } | ||
} | ||
id-aes128-wrap OBJECT IDENTIFIER ::= { aes 5 } | ||
|
||
kwa-aes192-wrap KEY-WRAP ::= { | ||
IDENTIFIER id-aes192-wrap | ||
PARAMS ARE absent | ||
SMIME-CAPS { IDENTIFIED BY id-aes192-wrap } | ||
} | ||
id-aes192-wrap OBJECT IDENTIFIER ::= { aes 25 } | ||
|
||
kwa-aes256-wrap KEY-WRAP ::= { | ||
IDENTIFIER id-aes256-wrap | ||
PARAMS ARE absent | ||
SMIME-CAPS { IDENTIFIED BY id-aes256-wrap } | ||
} | ||
id-aes256-wrap OBJECT IDENTIFIER ::= { aes 45 } | ||
|
||
END | ||
|
||
|
||
|
||
|
||
|
||
|
Oops, something went wrong.