aboutsummaryrefslogtreecommitdiffstats
path: root/lib/public_key/asn1/CryptographicMessageSyntax.asn1
diff options
context:
space:
mode:
Diffstat (limited to 'lib/public_key/asn1/CryptographicMessageSyntax.asn1')
-rw-r--r--lib/public_key/asn1/CryptographicMessageSyntax.asn1376
1 files changed, 376 insertions, 0 deletions
diff --git a/lib/public_key/asn1/CryptographicMessageSyntax.asn1 b/lib/public_key/asn1/CryptographicMessageSyntax.asn1
new file mode 100644
index 0000000000..05ecdf2448
--- /dev/null
+++ b/lib/public_key/asn1/CryptographicMessageSyntax.asn1
@@ -0,0 +1,376 @@
+CryptographicMessageSyntax {iso(1) member-body(2) us(840) rsadsi(113549)
+ pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1)}
+--
+-- Copyright (C) The Internet Society (1999). This version of
+-- this ASN.1 module is part of RFC 2630;
+-- see the RFC itself for full legal notices.
+--
+DEFINITIONS IMPLICIT TAGS ::=
+BEGIN
+
+-- EXPORTS All
+-- The types and values defined in this module are exported for use in
+-- the other ASN.1 modules. Other applications may use them for their
+-- own purposes.
+IMPORTS
+ -- Directory Information Framework (X.501)
+ Name
+ FROM InformationFramework {joint-iso-itu-t ds(5) module(1)
+ informationFramework(1) 3}
+ -- Directory Authentication Framework (X.509)
+ AlgorithmIdentifier, AttributeCertificate, Certificate, CertificateList,
+ CertificateSerialNumber
+ FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1)
+ authenticationFramework(7) 3};
+
+ContentInfo ::= SEQUENCE {
+ content-type CMS-CONTENT-TYPE.&id({CMSContentTable}),
+ pkcs7-content [0] CMS-CONTENT-TYPE.&Type({CMSContentTable})
+}
+
+CMS-CONTENT-TYPE ::= TYPE-IDENTIFIER
+
+CMSContentTable CMS-CONTENT-TYPE ::=
+ {...}
+
+ContentType ::= OBJECT IDENTIFIER
+
+SignedData ::= SEQUENCE {
+ version CMSVersion,
+ digestAlgorithms DigestAlgorithmIdentifiers,
+ encapContentInfo EncapsulatedContentInfo,
+ certificates [0] IMPLICIT CertificateSet OPTIONAL,
+ crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
+ signerInfos SignerInfos
+}
+
+DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
+
+SignerInfos ::= SET OF SignerInfo
+
+EncapsulatedContentInfo ::= SEQUENCE {
+ eContentType ContentType,
+ eContent [0] EXPLICIT OCTET STRING OPTIONAL
+}
+
+SignerInfo ::= SEQUENCE {
+ version CMSVersion,
+ sid SignerIdentifier,
+ digestAlgorithm DigestAlgorithmIdentifier,
+ signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
+ signatureAlgorithm SignatureAlgorithmIdentifier,
+ signature SignatureValue,
+ unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL
+}
+
+SignerIdentifier ::= CHOICE {
+ issuerAndSerialNumber IssuerAndSerialNumber,
+ subjectKeyIdentifier [0] SubjectKeyIdentifier
+}
+
+SignedAttributes ::= SET SIZE (1..MAX) OF Attribute
+
+UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute
+
+Attribute ::= SEQUENCE {
+ attrType OBJECT IDENTIFIER,
+ attrValues SET OF AttributeValue
+}
+
+OPEN ::= CLASS {&Type
+}WITH SYNTAX {TYPE &Type
+}
+
+AttributeValue ::= OPEN.&Type
+
+SignatureValue ::= OCTET STRING
+
+EnvelopedData ::= SEQUENCE {
+ version CMSVersion,
+ originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
+ recipientInfos RecipientInfos,
+ encryptedContentInfo EncryptedContentInfo,
+ unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL
+}
+
+OriginatorInfo ::= SEQUENCE {
+ certs [0] IMPLICIT CertificateSet OPTIONAL,
+ crls [1] IMPLICIT CertificateRevocationLists OPTIONAL
+}
+
+RecipientInfos ::= SET OF RecipientInfo
+
+EncryptedContentInfo ::= SEQUENCE {
+ contentType ContentType,
+ contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
+ encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL
+}
+
+EncryptedContent ::= OCTET STRING
+
+UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute
+
+RecipientInfo ::= CHOICE {
+ ktri KeyTransRecipientInfo,
+ kari [1] KeyAgreeRecipientInfo,
+ kekri [2] KEKRecipientInfo
+}
+
+EncryptedKey ::= OCTET STRING
+
+KeyTransRecipientInfo ::= SEQUENCE {
+ version CMSVersion, -- always set to 0 or 2
+ rid RecipientIdentifier,
+ keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
+ encryptedKey EncryptedKey
+}
+
+RecipientIdentifier ::= CHOICE {
+ issuerAndSerialNumber IssuerAndSerialNumber,
+ subjectKeyIdentifier [0] SubjectKeyIdentifier
+}
+
+KeyAgreeRecipientInfo ::= SEQUENCE {
+ version CMSVersion, -- always set to 3
+ originator [0] EXPLICIT OriginatorIdentifierOrKey,
+ ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL,
+ keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
+ recipientEncryptedKeys RecipientEncryptedKeys
+}
+
+OriginatorIdentifierOrKey ::= CHOICE {
+ issuerAndSerialNumber IssuerAndSerialNumber,
+ subjectKeyIdentifier [0] SubjectKeyIdentifier,
+ originatorKey [1] OriginatorPublicKey
+}
+
+OriginatorPublicKey ::= SEQUENCE {
+ algorithm AlgorithmIdentifier,
+ publicKey BIT STRING
+}
+
+RecipientEncryptedKeys ::= SEQUENCE OF RecipientEncryptedKey
+
+RecipientEncryptedKey ::= SEQUENCE {
+ rid KeyAgreeRecipientIdentifier,
+ encryptedKey EncryptedKey
+}
+
+KeyAgreeRecipientIdentifier ::= CHOICE {
+ issuerAndSerialNumber IssuerAndSerialNumber,
+ rKeyId [0] IMPLICIT RecipientKeyIdentifier
+}
+
+RecipientKeyIdentifier ::= SEQUENCE {
+ subjectKeyIdentifier SubjectKeyIdentifier,
+ date GeneralizedTime OPTIONAL,
+ other OtherKeyAttribute OPTIONAL
+}
+
+SubjectKeyIdentifier ::= OCTET STRING
+
+KEKRecipientInfo ::= SEQUENCE {
+ version CMSVersion, -- always set to 4
+ kekid KEKIdentifier,
+ keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
+ encryptedKey EncryptedKey
+}
+
+KEKIdentifier ::= SEQUENCE {
+ keyIdentifier OCTET STRING,
+ date GeneralizedTime OPTIONAL,
+ other OtherKeyAttribute OPTIONAL
+}
+
+DigestedData ::= SEQUENCE {
+ version CMSVersion,
+ digestAlgorithm DigestAlgorithmIdentifier,
+ encapContentInfo EncapsulatedContentInfo,
+ digest Digest
+}
+
+Digest ::= OCTET STRING
+
+EncryptedData ::= SEQUENCE {
+ version CMSVersion,
+ encryptedContentInfo EncryptedContentInfo,
+ unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL
+}
+
+AuthenticatedData ::= SEQUENCE {
+ version CMSVersion,
+ originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
+ recipientInfos RecipientInfos,
+ macAlgorithm MessageAuthenticationCodeAlgorithm,
+ digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL,
+ encapContentInfo EncapsulatedContentInfo,
+ authenticatedAttributes [2] IMPLICIT AuthAttributes OPTIONAL,
+ mac MessageAuthenticationCode,
+ unauthenticatedAttributes [3] IMPLICIT UnauthAttributes OPTIONAL
+}
+
+AuthAttributes ::= SET SIZE (1..MAX) OF Attribute
+
+UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute
+
+MessageAuthenticationCode ::= OCTET STRING
+
+DigestAlgorithmIdentifier ::= AlgorithmIdentifier
+
+SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
+
+KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
+
+ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
+
+MessageAuthenticationCodeAlgorithm ::= AlgorithmIdentifier
+
+CertificateRevocationLists ::= SET OF CertificateList
+
+CertificateChoices ::= CHOICE {
+ certificate Certificate, -- See X.509
+ extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete
+ attrCert [1] IMPLICIT AttributeCertificate
+} -- See X.509 & X9.57
+
+CertificateSet ::= SET OF CertificateChoices
+
+IssuerAndSerialNumber ::= SEQUENCE {
+ issuer Name,
+ serialNumber CertificateSerialNumber
+}
+
+CMSVersion ::= INTEGER {v0(0), v1(1), v2(2), v3(3), v4(4)}
+
+UserKeyingMaterial ::= OCTET STRING
+
+OtherKeyAttribute ::= SEQUENCE {
+ keyAttributeIdentifier OTHER-KEY-ATTRIBUTE.&id({OtherKeyAttributeTable}),
+ keyAttribute
+ OTHER-KEY-ATTRIBUTE.&Type
+ ({OtherKeyAttributeTable}{@keyAttributeIdentifier}) OPTIONAL
+}
+
+OTHER-KEY-ATTRIBUTE ::= TYPE-IDENTIFIER
+
+OtherKeyAttributeTable OTHER-KEY-ATTRIBUTE ::=
+ {...}
+
+-- CMS Attributes
+MessageDigest ::= OCTET STRING
+
+SigningTime ::= Time
+
+Time ::= CHOICE {utcTime UTCTime,
+ generalTime GeneralizedTime
+}
+
+Countersignature ::= SignerInfo
+
+-- Algorithm Identifiers
+sha-1 OBJECT IDENTIFIER ::=
+ {iso(1) identified-organization(3) oiw(14) secsig(3) algorithm(2) 26}
+
+md5 OBJECT IDENTIFIER ::=
+ {iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5}
+
+id-dsa-with-sha1 OBJECT IDENTIFIER ::=
+ {iso(1) member-body(2) us(840) x9-57(10040) x9cm(4) 3}
+
+rsaEncryption OBJECT IDENTIFIER ::=
+ {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1}
+
+dh-public-number OBJECT IDENTIFIER ::=
+ {iso(1) member-body(2) us(840) ansi-x942(10046) number-type(2) 1}
+
+id-alg-ESDH OBJECT IDENTIFIER ::=
+ {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
+ alg(3) 5}
+
+id-alg-CMS3DESwrap OBJECT IDENTIFIER ::=
+ {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
+ alg(3) 6}
+
+id-alg-CMSRC2wrap OBJECT IDENTIFIER ::=
+ {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
+ alg(3) 7}
+
+des-ede3-cbc OBJECT IDENTIFIER ::=
+ {iso(1) member-body(2) us(840) rsadsi(113549) encryptionAlgorithm(3) 7}
+
+rc2-cbc OBJECT IDENTIFIER ::=
+ {iso(1) member-body(2) us(840) rsadsi(113549) encryptionAlgorithm(3) 2}
+
+hMAC-SHA1 OBJECT IDENTIFIER ::=
+ {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+ mechanisms(5) 8 1 2}
+
+-- Algorithm Parameters
+KeyWrapAlgorithm ::= AlgorithmIdentifier
+
+RC2wrapParameter ::= RC2ParameterVersion
+
+RC2ParameterVersion ::= INTEGER
+
+CBCParameter ::= IV
+
+IV ::= OCTET STRING -- exactly 8 octets
+
+RC2CBCParameter ::= SEQUENCE {
+ rc2ParameterVersion INTEGER,
+ iv OCTET STRING
+} -- exactly 8 octets
+
+-- Content Type Object Identifiers
+id-ct-contentInfo OBJECT IDENTIFIER ::=
+ {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
+ ct(1) 6}
+
+id-data OBJECT IDENTIFIER ::=
+ {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1}
+
+id-signedData OBJECT IDENTIFIER ::=
+ {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2}
+
+id-envelopedData OBJECT IDENTIFIER ::=
+ {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 3}
+
+id-digestedData OBJECT IDENTIFIER ::=
+ {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 5}
+
+id-encryptedData OBJECT IDENTIFIER ::=
+ {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6}
+
+id-ct-authData OBJECT IDENTIFIER ::=
+ {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
+ ct(1) 2}
+
+-- Attribute Object Identifiers
+id-contentType OBJECT IDENTIFIER ::=
+ {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) 3}
+
+id-messageDigest OBJECT IDENTIFIER ::=
+ {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) 4}
+
+id-signingTime OBJECT IDENTIFIER ::=
+ {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) 5}
+
+id-countersignature OBJECT IDENTIFIER ::=
+ {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) 6}
+
+-- Obsolete Extended Certificate syntax from PKCS#6
+ExtendedCertificate ::= SEQUENCE {
+ extendedCertificateInfo ExtendedCertificateInfo,
+ signatureAlgorithm SignatureAlgorithmIdentifier,
+ signature Signature
+}
+
+ExtendedCertificateInfo ::= SEQUENCE {
+ version CMSVersion,
+ certificate Certificate,
+ attributes UnauthAttributes
+}
+
+Signature ::= BIT STRING
+
+END -- of CryptographicMessageSyntax