常见的 MIB 设计错误 - （MIB Smithy） 用户指南

– EXPORTS All –

IMPORTS
BigIntegerStr
FROM VdaEnhancedTypes
pkcs
FROM PKCS1-OIDS
;

– base OIDs for Apple, Apple Data Security
appleBaseOid OBJECT IDENTIFIER ::= { 1 2 840 113635 }
appleDataSecurity OBJECT IDENTIFIER ::= { appleBaseOid 100 }

– base OIDs for Apple Trust Policies and Algorithms
appleTrustPolicy OBJECT IDENTIFIER ::= { appleDataSecurity 1 }
appleSecurityAlgorithm OBJECT IDENTIFIER ::=蕒 appleDataSecurity 2 }

– Apple trust policy OIDs

appleISignTP OBJECT IDENTIFIER ::= { appleTrustPolicy 1 }
appleX509Basic OBJECT IDENTIFIER ::= { appleTrustPolicy 2 }
appleSSLPolicy OBJECT IDENTIFIER ::= { appleTrustPolicy 3 }

– Apple algorithms
appleFee OBJECT IDENTIFIER ::= { appleSecurityAlgorithm 1 }
appleAsc OBJECT IDENTIFIER ::= { appleSecurityAlgorithm 2 }
appleFeeMD5 OBJECT IDENTIFIER ::= { appleSecurityAlgorithm 3 }
appleFeeSHA1 OBJECT IDENTIFIER ::= { appleSecurityAlgorithm 4 }
appleFeed OBJECT IDENTIFIER ::= { appleSecurityAlgorithm 5 }
appleFeedExp OBJECT IDENTIFIER ::= { appleSecurityAlgorithm 6 }
appleECDSA OBJECT IDENTIFIER ::= { appleSecurityAlgorithm 7 }

– PKCS3 OIDs
pkcs-3 OBJECT IDENTIFIER ::= { pkcs 3 }
dhKeyAgreement OBJECT IDENTIFIER ::= { pkcs-3 1 }

– FEE ElGamal-style signature
FEEElGamalSignature ::= SEQUENCE {
u BigIntegerStr,
pmX BigIntegerStr
}

– FEE ECDSA-style signature
FEEECDSASignature ::= SEQUENCE {
c BigIntegerStr,
d BigIntegerStr
}

– FEE Curve parameters
FEEPrimeType ::= INTEGER { pt-mersenne(0), pt-fee(1), pt-general(2) }
FEECurveType ::= INTEGER { ct-montgomery(0), ct-weierstrass(1), ct-general(2) }

FEECurveParameters ::= SEQUENCE
{
primeType FEEPrimeType,
curveType FEECurveType,
q INTEGER, – unsigned
k INTEGER, – signed
m INTEGER,
a BigIntegerStr,
bb BigIntegerStr, – can’t use variable/field b
c BigIntegerStr,
x1Plus BigIntegerStr,
x1Minus BigIntegerStr,
cOrderPlus BigIntegerStr,
cOrderMinus BigIntegerStr,
x1OrderPlus BigIntegerStr,
x1OrderMinus BigIntegerStr,
basePrime BigIntegerStr OPTIONAL – iff FEEPrimeType == pt-general
}

– FEE keys

FEEPublicKey ::= SEQUENCE
{
version INTEGER,
curveParams FEECurveParameters,
plusX BigIntegerStr,
minusX BigIntegerStr,
plusY BigIntegerStr OPTIONAL – iff FEECurveType == ct-weierstrass
}

FEEPrivateKey ::= SEQUENCE
{
version INTEGER,
curveParams FEECurveParameters,
privData BigIntegerStr
}

– DSA keys

– DSA private keys are represented as a PrivateKeyInfo (pkcs8); DSA public keys
– are represented as SubjectPublicKeyInfo (sm_s509af). However, the public p, g,
– and q parameters are expressed in the AlgorithmIdentifier.parameters
– field which is an ANY type. To simplify encoding and decoding (AsnAny is a royal
– hassle to deal with), we define new structs for the entire keys here.
– NOTE: these definition are derived from reverse engineering the key blobs
– created by BSAFE 4.0 using info type KI_DSA{Public,Private}BER. The BSAFE
– documentation claims that this encoding is X9.20 compatible; however BSAFE
– adds a field to the dss-params (here called DSABSafeParams) struct which
– indicates the prime size in bits. The encoding and decoding implemented here
– is verified to be compatible with BSAFE 4.0 but no other implementations of
– DSA keys.

DSAPrivateKey ::= SEQUENCE
{
version INTEGER,
dsaAlg DSAAlgorithmId,
privateKey OCTET STRING
}

–
– The publicKey is actually the DER encoding of an ASN integer, wrapped in a
– BIT STRING.

DSAPublicKey ::= SEQUENCE
{
dsaAlg DSAAlgorithmId,
publicKey BIT STRING
}

–
– A convenient replacement for a DSA AlgorithmIdentifier

DSAAlgorithmId ::= SEQUENCE
{
algorithm OBJECT IDENTIFIER, – id_dsa from sm_cms
params DSABsafeParams
}

–
– This is the “ANY” parameter from AlgorithmIdentifier.

DSABsafeParams ::= SEQUENCE
{
keySizeInBits INTEGER,
p BigIntegerStr,
q BigIntegerStr,
g BigIntegerStr
}

–
– DSAPrivateKey.privateKey is actually the DER encoding, as an AsnOcts, of this.

DSAPrivateKeyOcts ::= SEQUENCE
{
privateKey BigIntegerStr
}

–
– DSA keys in openssl format.

– Public keys are SubjectPublicKeyInfo. AlgorithmIdentifier.parameters
– is a DSAAlgParams. We redefine the whole thing here to avoid AsnAny
– processing.

– The publicKey is actually the DER encoding of an ASN integer, wrapped in a
– BIT STRING.

DSAPublicKeyX509 ::= SEQUENCE
{
dsaAlg DSAAlgorithmIdX509,
publicKey BIT STRING
}

–
– A convenient replacement for a DSA AlgorithmIdentifier, X509 format

DSAAlgorithmIdX509 ::= SEQUENCE
{
algorithm OBJECT IDENTIFIER, – id_dsa from sm_cms
–
– this replaces AsnAny parameters; it is the DSA parameter format
– which is common to the CSP and to openssl
–
params DSAAlgParams
}

–
– Private keys are one of these, which appears to be specific to openssl.

DSAPrivateKeyOpenssl ::= SEQUENCE
{
version INTEGER,
p BigIntegerStr,
q BigIntegerStr,
g BigIntegerStr,
pub BigIntegerStr,
priv BigIntegerStr
}

–
– DSA signature

DSASignature ::= SEQUENCE
{
r BigIntegerStr,
s BigIntegerStr
}

–
– Encoding of the basic DSA parameters for use in a CDSA key generation context.

DSAAlgParams ::= SEQUENCE
{
p BigIntegerStr,
q BigIntegerStr,
g BigIntegerStr
}

– Diffie Hellman per PKCS3

DHPrivateKey ::= SEQUENCE
{
dHOid OBJECT IDENTIFIER, – dhKeyAgreement
params DHParameter,
secretPart BigIntegerStr
}

DHParameterBlock ::= SEQUENCE
{
oid OBJECT IDENTIFIER, – pkcs-3
params DHParameter
}

DHParameter ::= SEQUENCE
{
prime BigIntegerStr, – p
base BigIntegerStr, – g
privateValueLength BigIntegerStr OPTIONAL
}

END – APPLE-OIDS