aboutsummaryrefslogblamecommitdiffstats
path: root/lib/public_key/asn1/PKCS-7.asn1
blob: e76f928acba8f6867e349f0f87921ba719eb902b (plain) (tree)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

















                                                                      
           

                                                  
                                             
                         
                                                                             
 



                                                                       


                  










                                                    

                                                           
 

































                                                                        










































                                                                                         


                                          
                                                          





                                                            


                                                               











                                        
                                                           





                                                      
                                                





                                                       
                                                          




















                                                                  
                                                       









                                                      

                                        




























                                                                    

                                                                     



































                                                                       

                                                                     


                                            


                                                                      



                                                      

                                                                              










                                                                             








                                   




                                                   

                

                                                   

                                                  















                                            

                                                                     
























                                                                     

                                                 













                                                   

                                                                     






























                                                                    
                                 

                           

                                                 









                                            

                                                     















                                                            













                                                                           
   
PKCS-7 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-7(7)
        modules(0) pkcs-7(1)}

DEFINITIONS EXPLICIT TAGS ::=
BEGIN

--
-- 3. Definitions
--

-- EXPORTS All;

IMPORTS

informationFramework, authenticationFramework
    FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
                            usefulDefinitions(0) 3}

  ATTRIBUTE
    FROM InformationFramework informationFramework

  Name, Certificate, CertificateSerialNumber,
    CertificateList, Time
    FROM PKIX1Explicit88; -- AuthenticationFramework authenticationFramework;

--  contentType, messageDigest, signingTime
-- , counterSignature
--    FROM PKCS-9 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
--                 pkcs-9(9) modules(0) pkcs-9(1)};
--
-- 6. Useful types
--

-- inlined from AuthenticationFramework

ALGORITHM ::= CLASS {&Type  OPTIONAL,
                     &id    OBJECT IDENTIFIER UNIQUE
}WITH SYNTAX {[&Type]
              IDENTIFIED BY &id
}

-- inlined from PKCS-9

pkcs-9 OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840)
                              rsadsi(113549) pkcs(1) 9}

contentType ATTRIBUTE ::= {
        WITH SYNTAX ContentType
--        EQUALITY MATCHING RULE objectIdentifierMatch
        SINGLE VALUE TRUE
        ID pkcs-9-at-contentType
}

pkcs-9-at-contentType                   OBJECT IDENTIFIER ::= {pkcs-9 3}
pkcs-9-at-messageDigest                 OBJECT IDENTIFIER ::= {pkcs-9 4}
pkcs-9-at-signingTime                   OBJECT IDENTIFIER ::= {pkcs-9 5}
pkcs-9-at-counterSignature              OBJECT IDENTIFIER ::= {pkcs-9 6}

counterSignature ATTRIBUTE ::= {
        WITH SYNTAX SignerInfo
        ID pkcs-9-at-counterSignature
}
messageDigest ATTRIBUTE ::= {
        WITH SYNTAX MessageDigest
--        EQUALITY MATCHING RULE octetStringMatch
        SINGLE VALUE TRUE
        ID pkcs-9-at-messageDigest
}

MessageDigest ::= OCTET STRING

signingTime ATTRIBUTE ::= {
        WITH SYNTAX SigningTime
--        EQUALITY MATCHING RULE signingTimeMatch
        SINGLE VALUE TRUE
        ID pkcs-9-at-signingTime
}

SigningTime ::= Time -- imported from ISO/IEC 9594-8

-- begin added for VCE SCEP-support
transactionID ATTRIBUTE ::= {
        WITH SYNTAX PrintableString
        ID id-transId
}

messageType ATTRIBUTE ::= {
        WITH SYNTAX PrintableString
        ID id-messageType
}

pkiStatus ATTRIBUTE ::= {
        WITH SYNTAX PrintableString
        ID id-pkiStatus
}

failInfo ATTRIBUTE ::= {
        WITH SYNTAX PrintableString
        ID id-failInfo
}

senderNonce ATTRIBUTE ::= {
        WITH SYNTAX OCTET STRING
        ID id-senderNonce
}

recipientNonce ATTRIBUTE ::= {
        WITH SYNTAX OCTET STRING
        ID id-recipientNonce
}

-- This is the authenticatedAttributes -member from SignerInfo
-- added here to generate decode/encode functions for it which are
-- needed to build the pkcs-7 used by SCEP, the resulting encoding are
-- used to make a signed digest
SignerInfoAuthenticatedAttributes ::= CHOICE {
    aaSet         [0] IMPLICIT SET OF AttributePKCS-7 {{Authenticated}},
    aaSequence    [2] EXPLICIT SEQUENCE OF AttributePKCS-7 {{Authenticated}}
    -- Explicit because easier to compute digest on sequence of attributes and then reuse
    -- encoded sequence in aaSequence.
  }
-- end added for VCE SCEP-support


-- Also defined in X.509
-- Redeclared here as a parameterized type
AlgorithmIdentifierPKSC-7 {ALGORITHM:IOSet} ::= SEQUENCE {
   algorithm   ALGORITHM.&id({IOSet}),
   parameters  ALGORITHM.&Type({IOSet}{@algorithm}) OPTIONAL
}

-- Also defined in X.501
-- Redeclared here as a parameterized type
AttributePKCS-7 { ATTRIBUTE:IOSet } ::= SEQUENCE {
   type    ATTRIBUTE.&id({IOSet}),
   values  SET SIZE (1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type})
}

CertificateRevocationLists ::=
  SET OF CertificateList

Certificates ::=
  SEQUENCE OF Certificate

CRLSequence ::=
  SEQUENCE OF CertificateList

ContentEncryptionAlgorithmIdentifier ::=
  AlgorithmIdentifierPKSC-7 {{ContentEncryptionAlgorithms}}

ContentEncryptionAlgorithms ALGORITHM ::= {
  ...  -- add any application-specific algorithms here
}

DigestAlgorithmIdentifier ::=
  AlgorithmIdentifierPKSC-7 {{DigestAlgorithms}}

DigestAlgorithms ALGORITHM ::= {
   ...  -- add any application-specific algorithms here
}

DigestEncryptionAlgorithmIdentifier ::=
  AlgorithmIdentifierPKSC-7 {{DigestEncryptionAlgorithms}}

DigestEncryptionAlgorithms ALGORITHM ::= {
  ...  -- add any application-specific algorithms here
}

ExtendedCertificateOrCertificate ::= CHOICE {
  certificate          Certificate,                      -- X.509
  extendedCertificate  [0] IMPLICIT ExtendedCertificate  -- PKCS#6
}

ExtendedCertificate ::= Certificate -- cheating

ExtendedCertificatesAndCertificates ::=
  SET OF ExtendedCertificateOrCertificate

IssuerAndSerialNumber ::= SEQUENCE {
  issuer        Name,
  serialNumber  CertificateSerialNumber
}

KeyEncryptionAlgorithmIdentifier ::=
  AlgorithmIdentifierPKSC-7 {{KeyEncryptionAlgorithms}}

KeyEncryptionAlgorithms ALGORITHM ::= {
  ...  -- add any application-specific algorithms here
}

--
-- 7. General syntax
--

ContentInfo ::= SEQUENCE {
--  contentType  ContentType,
  contentType  CONTENTS.&id({Contents}),
  content      [0] EXPLICIT CONTENTS.&Type({Contents}{@contentType})
OPTIONAL
}

CONTENTS ::= TYPE-IDENTIFIER

Contents CONTENTS ::= {
  {Data                    IDENTIFIED BY data}                   |
  {SignedData              IDENTIFIED BY signedData}             |
  {EnvelopedData           IDENTIFIED BY envelopedData}          |
  {SignedAndEnvelopedData  IDENTIFIED BY signedAndEnvelopedData} |
  {DigestedData            IDENTIFIED BY digestedData}           |
  {EncryptedData           IDENTIFIED BY encryptedData},
  ...  -- add any application-specific types/contents here
}

ContentType ::= CONTENTS.&id({Contents})

--
-- 8. Data content type
--

Data ::= OCTET STRING

--
-- 9. Signed-data content type
--

SignedData ::= SEQUENCE {
--  version         INTEGER {sdVer1(1), sdVer2(2)} (sdVer1 | sdVer2),
  version         INTEGER {sdVer1(1), sdVer2(2)},
  digestAlgorithms
                  DigestAlgorithmIdentifiers,
  contentInfo     ContentInfo,
  certificates CHOICE {
    certSet       [0] IMPLICIT ExtendedCertificatesAndCertificates,
    certSequence  [2] IMPLICIT Certificates
  } OPTIONAL,
  crls CHOICE {
    crlSet        [1] IMPLICIT CertificateRevocationLists,
    crlSequence   [3] IMPLICIT CRLSequence
  } OPTIONAL,
  signerInfos     SignerInfos
} (WITH COMPONENTS { ..., version (sdVer1),
     digestAlgorithms   (WITH COMPONENTS { ..., daSet PRESENT }),
     certificates       (WITH COMPONENTS { ..., certSequence ABSENT }),
     crls               (WITH COMPONENTS { ..., crlSequence ABSENT }),
     signerInfos        (WITH COMPONENTS { ..., siSet PRESENT })
   } |
   WITH COMPONENTS { ..., version (sdVer2),
      digestAlgorithms  (WITH COMPONENTS { ..., daSequence PRESENT }),
      certificates      (WITH COMPONENTS { ..., certSet ABSENT }),
      crls              (WITH COMPONENTS { ..., crlSet ABSENT }),
      signerInfos       (WITH COMPONENTS { ..., siSequence PRESENT })
})

SignerInfos ::= CHOICE {
    siSet         SET OF SignerInfo,
    siSequence    SEQUENCE OF SignerInfo
}

DigestAlgorithmIdentifiers ::= CHOICE {
  daSet           SET OF DigestAlgorithmIdentifier,
  daSequence      SEQUENCE OF DigestAlgorithmIdentifier
}

SignerInfo ::= SEQUENCE {
--  version         INTEGER {siVer1(1), siVer2(2)} (siVer1 | siVer2),
  version         INTEGER {siVer1(1), siVer2(2)},
  issuerAndSerialNumber
                  IssuerAndSerialNumber,
  digestAlgorithm DigestAlgorithmIdentifier,
  -- Added explicit type for authenticatedAttributes to be able to
  -- encode/decode this type separately
  authenticatedAttributes SignerInfoAuthenticatedAttributes OPTIONAL, 
  digestEncryptionAlgorithm
                  DigestEncryptionAlgorithmIdentifier,
  encryptedDigest EncryptedDigest,
  unauthenticatedAttributes CHOICE {
    uaSet         [1] IMPLICIT SET OF AttributePKCS-7 {{Unauthenticated}},
    uaSequence    [3] IMPLICIT SEQUENCE OF AttributePKCS-7 {{Unauthenticated}}
  } OPTIONAL
} (WITH COMPONENTS { ..., version (siVer1),
  authenticatedAttributes       (WITH COMPONENTS { ..., aaSequence ABSENT }),
  unauthenticatedAttributes     (WITH COMPONENTS { ..., uaSequence ABSENT })
} | WITH COMPONENTS { ..., version (siVer2),
  authenticatedAttributes       (WITH COMPONENTS { ..., aaSet ABSENT }),
  unauthenticatedAttributes     (WITH COMPONENTS { ..., uaSet ABSENT })
})

Authenticated ATTRIBUTE ::= {
  contentType |
  messageDigest |
-- begin added for VCE SCEP-support
  transactionID |
  messageType |
  pkiStatus |
  failInfo |
  senderNonce |
  recipientNonce,
-- end added for VCE SCEP-support
  ...,  -- add application-specific attributes here
  signingTime
}

Unauthenticated ATTRIBUTE ::= {
  contentType |
  messageDigest,
  ...,  -- add application-specific attributes here
  counterSignature
--  ...,  add application-specific attributes here
--  counterSignature
}

EncryptedDigest ::= OCTET STRING

DigestInfo ::= SEQUENCE {
  digestAlgorithm DigestAlgorithmIdentifier,
  digest          Digest
}

Digest ::= OCTET STRING

--
-- 10. Enveloped-data content type
--

EnvelopedData ::= SEQUENCE {
--  version         INTEGER {edVer0(0), edVer1(1)} (edVer0 | edVer1),
  version         INTEGER {edVer0(0), edVer1(1)},
  recipientInfos  RecipientInfos,
  encryptedContentInfo
                  EncryptedContentInfo
} (WITH COMPONENTS { ..., version (edVer0),
    recipientInfos      (WITH COMPONENTS { ..., riSet PRESENT })
} | WITH COMPONENTS { ..., version (edVer1),
    recipientInfos      (WITH COMPONENTS { ..., riSequence PRESENT })
})

RecipientInfos ::= CHOICE {
  riSet           SET OF RecipientInfo,
  riSequence      SEQUENCE OF RecipientInfo
}

EncryptedContentInfo ::= SEQUENCE {
  contentType     ContentType,
  contentEncryptionAlgorithm
                  ContentEncryptionAlgorithmIdentifier,
  encryptedContent
                  [0] IMPLICIT EncryptedContent OPTIONAL
}

EncryptedContent ::= OCTET STRING

RecipientInfo ::= SEQUENCE {
--  version         INTEGER {riVer0(0)} (riVer0),
  version         INTEGER {riVer0(0)},
  issuerAndSerialNumber
                  IssuerAndSerialNumber,
  keyEncryptionAlgorithm
                  KeyEncryptionAlgorithmIdentifier,
  encryptedKey    EncryptedKey
}

EncryptedKey ::= OCTET STRING

--
-- 11. Signed-and-enveloped-data content type
--

SignedAndEnvelopedData ::= SEQUENCE {
--  version         INTEGER {seVer1(1), seVer2(2)} (seVer1 | seVer2),
  version         INTEGER {seVer1(1), seVer2(2)},
  recipientInfos  RecipientInfos,
  digestAlgorithms
                  DigestAlgorithmIdentifiers,
  encryptedContentInfo
                  EncryptedContentInfo,
  certificates CHOICE {
    certSet       [0] IMPLICIT ExtendedCertificatesAndCertificates,
    certSequence  [2] IMPLICIT Certificates
  } OPTIONAL,
  crls CHOICE {
    crlSet        [1] IMPLICIT CertificateRevocationLists,
    crlSequence   [3] IMPLICIT CRLSequence
  } OPTIONAL,
  signerInfos     SignerInfos
} (WITH COMPONENTS { ..., version (seVer1),
    recipientInfos   (WITH COMPONENTS { ..., riSet PRESENT }),
    digestAlgorithms (WITH COMPONENTS { ..., daSet PRESENT }),
    certificates     (WITH COMPONENTS { ..., certSequence ABSENT }),
    crls             (WITH COMPONENTS { ..., crlSequence ABSENT }),
    signerInfos      (WITH COMPONENTS { ..., siSet PRESENT })
} |
  WITH COMPONENTS { ..., version (seVer2),
    recipientInfos   (WITH COMPONENTS { ..., riSequence PRESENT }),
    digestAlgorithms (WITH COMPONENTS { ..., daSequence PRESENT }),
    certificates     (WITH COMPONENTS { ..., certSet ABSENT }),
    crls             (WITH COMPONENTS { ..., crlSet ABSENT }),
    signerInfos      (WITH COMPONENTS { ..., siSequence PRESENT })
})

--
-- 12. Digested-data content type
--pbeWithSHAAnd3-KeyTripleDES-CBC

DigestedData ::= SEQUENCE {
--  version         INTEGER {ddVer0(0)} (ddVer0),
  version         INTEGER {ddVer0(0)},
  digestAlgorithm DigestAlgorithmIdentifier,
  contentInfo     ContentInfo,
  digest          Digest
}

--
-- 13. Encrypted-data content type
--

EncryptedData ::= SEQUENCE {
--  version		INTEGER {edVer0(0)} (edVer0),
  version		INTEGER {edVer0(0)},
  encryptedContentInfo  EncryptedContentInfo
}

--
-- 14. Object Identifiers
--

pkcs-7                  OBJECT IDENTIFIER ::=
  { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 7 }
data                    OBJECT IDENTIFIER ::= { pkcs-7 1 }
signedData              OBJECT IDENTIFIER ::= { pkcs-7 2 }
envelopedData           OBJECT IDENTIFIER ::= { pkcs-7 3 }
signedAndEnvelopedData  OBJECT IDENTIFIER ::= { pkcs-7 4 }
digestedData            OBJECT IDENTIFIER ::= { pkcs-7 5 }
encryptedData           OBJECT IDENTIFIER ::= { pkcs-7 6 }

-- begin added for VCE SCEP-support
id-VeriSign        OBJECT IDENTIFIER ::= {2 16 us(840) 1  veriSign(113733)}
id-pki             OBJECT IDENTIFIER ::= {id-VeriSign pki(1)}
id-attributes      OBJECT IDENTIFIER ::= {id-pki attributes(9)}
id-messageType     OBJECT IDENTIFIER ::= {id-attributes messageType(2)}
id-pkiStatus       OBJECT IDENTIFIER ::= {id-attributes pkiStatus(3)}
id-failInfo        OBJECT IDENTIFIER ::= {id-attributes failInfo(4)}
id-senderNonce     OBJECT IDENTIFIER ::= {id-attributes senderNonce(5)}
id-recipientNonce  OBJECT IDENTIFIER ::= {id-attributes recipientNonce(6)}
id-transId         OBJECT IDENTIFIER ::= {id-attributes transId(7)}
id-extensionReq    OBJECT IDENTIFIER ::= {id-attributes extensionReq(8)}
-- end added for VCE SCEP-support


END