summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib/asn1/cms.asn1
blob: ae547e57360e9037cc9f372316080b8f4083c26b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
-- From RFC 3369 --
-- $Id$ --

CMS DEFINITIONS ::= BEGIN

IMPORTS CertificateSerialNumber, AlgorithmIdentifier, Name,
	Attribute, Certificate, SubjectKeyIdentifier FROM rfc2459
	HEIM_ANY FROM heim;

id-pkcs7 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
         us(840) rsadsi(113549) pkcs(1) pkcs7(7) }

id-pkcs7-data OBJECT IDENTIFIER ::= 			{ id-pkcs7 1 }
id-pkcs7-signedData OBJECT IDENTIFIER ::= 		{ id-pkcs7 2 }
id-pkcs7-envelopedData OBJECT IDENTIFIER ::= 		{ id-pkcs7 3 }
id-pkcs7-signedAndEnvelopedData OBJECT IDENTIFIER ::= 	{ id-pkcs7 4 }
id-pkcs7-digestedData OBJECT IDENTIFIER ::= 		{ id-pkcs7 5 }
id-pkcs7-encryptedData OBJECT IDENTIFIER ::= 		{ id-pkcs7 6 }

CMSVersion ::= INTEGER {
	   cMSVersion-v0(0),
	   cMSVersion-v1(1),
	   cMSVersion-v2(2),
	   cMSVersion-v3(3),
	   cMSVersion-v4(4)
}

DigestAlgorithmIdentifier ::= AlgorithmIdentifier
DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
SignatureAlgorithmIdentifier ::= AlgorithmIdentifier

ContentType ::= OBJECT IDENTIFIER
MessageDigest ::= OCTET STRING

ContentInfo ::= SEQUENCE {
	contentType ContentType,
	content [0] EXPLICIT HEIM_ANY OPTIONAL --  DEFINED BY contentType
}

EncapsulatedContentInfo ::= SEQUENCE {
	eContentType ContentType,
	eContent [0] EXPLICIT OCTET STRING OPTIONAL
}

CertificateSet ::= SET OF HEIM_ANY

CertificateList ::= Certificate

CertificateRevocationLists ::= SET OF CertificateList

IssuerAndSerialNumber ::= SEQUENCE {
	issuer Name,
	serialNumber CertificateSerialNumber
}

-- RecipientIdentifier is same as SignerIdentifier,
-- lets glue them togheter and save some bytes and share code for them

CMSIdentifier ::= CHOICE {
	issuerAndSerialNumber IssuerAndSerialNumber,
	subjectKeyIdentifier [0] SubjectKeyIdentifier
}

SignerIdentifier ::= CMSIdentifier
RecipientIdentifier ::= CMSIdentifier

--- CMSAttributes are the combined UnsignedAttributes and SignedAttributes
--- to store space and share code

CMSAttributes ::= SET OF Attribute		-- SIZE (1..MAX)

SignatureValue ::= OCTET STRING

SignerInfo ::= SEQUENCE {
	version CMSVersion,
	sid SignerIdentifier,
	digestAlgorithm DigestAlgorithmIdentifier,
	signedAttrs [0] IMPLICIT CMSAttributes OPTIONAL,
	signatureAlgorithm SignatureAlgorithmIdentifier,
	signature SignatureValue,
	unsignedAttrs [1] IMPLICIT CMSAttributes OPTIONAL
}

SignerInfos ::= SET OF SignerInfo

SignedData ::= SEQUENCE {
	version CMSVersion,
	digestAlgorithms DigestAlgorithmIdentifiers,
	encapContentInfo EncapsulatedContentInfo,
	certificates [0] IMPLICIT CertificateSet OPTIONAL,
	crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
	signerInfos SignerInfos
}

OriginatorInfo ::= SEQUENCE {
	certs [0] IMPLICIT CertificateSet OPTIONAL,
	crls [1] IMPLICIT CertificateRevocationLists OPTIONAL
}

KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier

EncryptedKey ::= OCTET STRING

KeyTransRecipientInfo ::= SEQUENCE {
	version CMSVersion,  -- always set to 0 or 2
	rid RecipientIdentifier,
	keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
	encryptedKey EncryptedKey
}

RecipientInfo ::= KeyTransRecipientInfo

RecipientInfos ::= SET OF RecipientInfo

EncryptedContent ::= OCTET STRING

EncryptedContentInfo ::= SEQUENCE {
	contentType ContentType,
	contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
	encryptedContent [0] IMPLICIT OCTET STRING OPTIONAL
}

UnprotectedAttributes ::= SET OF Attribute	-- SIZE (1..MAX)

CMSEncryptedData ::= SEQUENCE {
	version CMSVersion,
	encryptedContentInfo EncryptedContentInfo,
        unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL
}

EnvelopedData ::= SEQUENCE {
	version CMSVersion,
	originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
	recipientInfos RecipientInfos,
	encryptedContentInfo EncryptedContentInfo,
	unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL
}

-- Data ::= OCTET STRING

CMSRC2CBCParameter ::= SEQUENCE {
	rc2ParameterVersion	INTEGER (0..4294967295),
	iv			OCTET STRING -- exactly 8 octets
}

CMSCBCParameter ::= OCTET STRING

END