1 files changed, 376 insertions, 0 deletions
diff --git a/lib/public_key/asn1/CryptographicMessageSyntax.asn1 b/lib/public_key/asn1/CryptographicMessageSyntax.asn1
new file mode 100644
index 0000000000..05ecdf2448
--- /dev/null
+++ b/lib/public_key/asn1/CryptographicMessageSyntax.asn1
@@ -0,0 +1,376 @@
+CryptographicMessageSyntax {iso(1) member-body(2) us(840) rsadsi(113549)
+  pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1)}
+--
+-- Copyright (C) The Internet Society (1999). This version of
+-- this ASN.1 module is part of RFC 2630;
+-- see the RFC itself for full legal notices.
+--
+DEFINITIONS IMPLICIT TAGS ::=
+BEGIN
+
+-- EXPORTS All
+-- The types and values defined in this module are exported for use in
+-- the other ASN.1 modules.  Other applications may use them for their
+-- own purposes.
+IMPORTS
+  -- Directory Information Framework (X.501)
+  Name
+    FROM InformationFramework {joint-iso-itu-t ds(5) module(1)
+      informationFramework(1) 3}
+  -- Directory Authentication Framework (X.509)
+  AlgorithmIdentifier, AttributeCertificate, Certificate, CertificateList,
+    CertificateSerialNumber
+    FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1)
+      authenticationFramework(7) 3};
+
+ContentInfo ::= SEQUENCE {
+  content-type   CMS-CONTENT-TYPE.&id({CMSContentTable}),
+  pkcs7-content  [0]  CMS-CONTENT-TYPE.&Type({CMSContentTable})
+}
+
+CMS-CONTENT-TYPE ::= TYPE-IDENTIFIER
+
+CMSContentTable CMS-CONTENT-TYPE ::=
+  {...}
+
+ContentType ::= OBJECT IDENTIFIER
+
+SignedData ::= SEQUENCE {
+  version           CMSVersion,
+  digestAlgorithms  DigestAlgorithmIdentifiers,
+  encapContentInfo  EncapsulatedContentInfo,
+  certificates      [0] IMPLICIT CertificateSet OPTIONAL,
+  crls              [1] IMPLICIT CertificateRevocationLists OPTIONAL,
+  signerInfos       SignerInfos
+}
+
+DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
+
+SignerInfos ::= SET OF SignerInfo
+
+EncapsulatedContentInfo ::= SEQUENCE {
+  eContentType  ContentType,
+  eContent      [0] EXPLICIT OCTET STRING OPTIONAL
+}
+
+SignerInfo ::= SEQUENCE {
+  version             CMSVersion,
+  sid                 SignerIdentifier,
+  digestAlgorithm     DigestAlgorithmIdentifier,
+  signedAttrs         [0] IMPLICIT SignedAttributes OPTIONAL,
+  signatureAlgorithm  SignatureAlgorithmIdentifier,
+  signature           SignatureValue,
+  unsignedAttrs       [1] IMPLICIT UnsignedAttributes OPTIONAL
+}
+
+SignerIdentifier ::= CHOICE {
+  issuerAndSerialNumber  IssuerAndSerialNumber,
+  subjectKeyIdentifier   [0]  SubjectKeyIdentifier
+}
+
+SignedAttributes ::= SET SIZE (1..MAX) OF Attribute
+
+UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute
+
+Attribute ::= SEQUENCE {
+  attrType    OBJECT IDENTIFIER,
+  attrValues  SET OF AttributeValue
+}
+
+OPEN ::= CLASS {&Type
+}WITH SYNTAX {TYPE &Type
+}
+
+AttributeValue ::= OPEN.&Type
+
+SignatureValue ::= OCTET STRING
+
+EnvelopedData ::= SEQUENCE {
+  version               CMSVersion,
+  originatorInfo        [0] IMPLICIT OriginatorInfo OPTIONAL,
+  recipientInfos        RecipientInfos,
+  encryptedContentInfo  EncryptedContentInfo,
+  unprotectedAttrs      [1] IMPLICIT UnprotectedAttributes OPTIONAL
+}
+
+OriginatorInfo ::= SEQUENCE {
+  certs  [0] IMPLICIT CertificateSet OPTIONAL,
+  crls   [1] IMPLICIT CertificateRevocationLists OPTIONAL
+}
+
+RecipientInfos ::= SET OF RecipientInfo
+
+EncryptedContentInfo ::= SEQUENCE {
+  contentType                 ContentType,
+  contentEncryptionAlgorithm  ContentEncryptionAlgorithmIdentifier,
+  encryptedContent            [0] IMPLICIT EncryptedContent OPTIONAL
+}
+
+EncryptedContent ::= OCTET STRING
+
+UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute
+
+RecipientInfo ::= CHOICE {
+  ktri   KeyTransRecipientInfo,
+  kari   [1]  KeyAgreeRecipientInfo,
+  kekri  [2]  KEKRecipientInfo
+}
+
+EncryptedKey ::= OCTET STRING
+
+KeyTransRecipientInfo ::= SEQUENCE {
+  version                 CMSVersion, -- always set to 0 or 2
+  rid                     RecipientIdentifier,
+  keyEncryptionAlgorithm  KeyEncryptionAlgorithmIdentifier,
+  encryptedKey            EncryptedKey
+}
+
+RecipientIdentifier ::= CHOICE {
+  issuerAndSerialNumber  IssuerAndSerialNumber,
+  subjectKeyIdentifier   [0]  SubjectKeyIdentifier
+}
+
+KeyAgreeRecipientInfo ::= SEQUENCE {
+  version                 CMSVersion, -- always set to 3
+  originator              [0] EXPLICIT OriginatorIdentifierOrKey,
+  ukm                     [1] EXPLICIT UserKeyingMaterial OPTIONAL,
+  keyEncryptionAlgorithm  KeyEncryptionAlgorithmIdentifier,
+  recipientEncryptedKeys  RecipientEncryptedKeys
+}
+
+OriginatorIdentifierOrKey ::= CHOICE {
+  issuerAndSerialNumber  IssuerAndSerialNumber,
+  subjectKeyIdentifier   [0]  SubjectKeyIdentifier,
+  originatorKey          [1]  OriginatorPublicKey
+}
+
+OriginatorPublicKey ::= SEQUENCE {
+  algorithm  AlgorithmIdentifier,
+  publicKey  BIT STRING
+}
+
+RecipientEncryptedKeys ::= SEQUENCE OF RecipientEncryptedKey
+
+RecipientEncryptedKey ::= SEQUENCE {
+  rid           KeyAgreeRecipientIdentifier,
+  encryptedKey  EncryptedKey
+}
+
+KeyAgreeRecipientIdentifier ::= CHOICE {
+  issuerAndSerialNumber  IssuerAndSerialNumber,
+  rKeyId                 [0] IMPLICIT RecipientKeyIdentifier
+}
+
+RecipientKeyIdentifier ::= SEQUENCE {
+  subjectKeyIdentifier  SubjectKeyIdentifier,
+  date                  GeneralizedTime OPTIONAL,
+  other                 OtherKeyAttribute OPTIONAL
+}
+
+SubjectKeyIdentifier ::= OCTET STRING
+
+KEKRecipientInfo ::= SEQUENCE {
+  version                 CMSVersion, -- always set to 4
+  kekid                   KEKIdentifier,
+  keyEncryptionAlgorithm  KeyEncryptionAlgorithmIdentifier,
+  encryptedKey            EncryptedKey
+}
+
+KEKIdentifier ::= SEQUENCE {
+  keyIdentifier  OCTET STRING,
+  date           GeneralizedTime OPTIONAL,
+  other          OtherKeyAttribute OPTIONAL
+}
+
+DigestedData ::= SEQUENCE {
+  version           CMSVersion,
+  digestAlgorithm   DigestAlgorithmIdentifier,
+  encapContentInfo  EncapsulatedContentInfo,
+  digest            Digest
+}
+
+Digest ::= OCTET STRING
+
+EncryptedData ::= SEQUENCE {
+  version               CMSVersion,
+  encryptedContentInfo  EncryptedContentInfo,
+  unprotectedAttrs      [1] IMPLICIT UnprotectedAttributes OPTIONAL
+}
+
+AuthenticatedData ::= SEQUENCE {
+  version                    CMSVersion,
+  originatorInfo             [0] IMPLICIT OriginatorInfo OPTIONAL,
+  recipientInfos             RecipientInfos,
+  macAlgorithm               MessageAuthenticationCodeAlgorithm,
+  digestAlgorithm            [1]  DigestAlgorithmIdentifier OPTIONAL,
+  encapContentInfo           EncapsulatedContentInfo,
+  authenticatedAttributes    [2] IMPLICIT AuthAttributes OPTIONAL,
+  mac                        MessageAuthenticationCode,
+  unauthenticatedAttributes  [3] IMPLICIT UnauthAttributes OPTIONAL
+}
+
+AuthAttributes ::= SET SIZE (1..MAX) OF Attribute
+
+UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute
+
+MessageAuthenticationCode ::= OCTET STRING
+
+DigestAlgorithmIdentifier ::= AlgorithmIdentifier
+
+SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
+
+KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
+
+ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
+
+MessageAuthenticationCodeAlgorithm ::= AlgorithmIdentifier
+
+CertificateRevocationLists ::= SET OF CertificateList
+
+CertificateChoices ::= CHOICE {
+  certificate          Certificate, -- See X.509
+  extendedCertificate  [0] IMPLICIT ExtendedCertificate, -- Obsolete
+  attrCert             [1] IMPLICIT AttributeCertificate
+} -- See X.509 & X9.57
+
+CertificateSet ::= SET OF CertificateChoices
+
+IssuerAndSerialNumber ::= SEQUENCE {
+  issuer        Name,
+  serialNumber  CertificateSerialNumber
+}
+
+CMSVersion ::= INTEGER {v0(0), v1(1), v2(2), v3(3), v4(4)}
+
+UserKeyingMaterial ::= OCTET STRING
+
+OtherKeyAttribute ::= SEQUENCE {
+  keyAttributeIdentifier  OTHER-KEY-ATTRIBUTE.&id({OtherKeyAttributeTable}),
+  keyAttribute
+    OTHER-KEY-ATTRIBUTE.&Type
+      ({OtherKeyAttributeTable}{@keyAttributeIdentifier}) OPTIONAL
+}
+
+OTHER-KEY-ATTRIBUTE ::= TYPE-IDENTIFIER
+
+OtherKeyAttributeTable OTHER-KEY-ATTRIBUTE ::=
+  {...}
+
+-- CMS Attributes
+MessageDigest ::= OCTET STRING
+
+SigningTime ::= Time
+
+Time ::= CHOICE {utcTime      UTCTime,
+                 generalTime  GeneralizedTime
+}
+
+Countersignature ::= SignerInfo
+
+-- Algorithm Identifiers
+sha-1 OBJECT IDENTIFIER ::=
+  {iso(1) identified-organization(3) oiw(14) secsig(3) algorithm(2) 26}
+
+md5 OBJECT IDENTIFIER ::=
+  {iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5}
+
+id-dsa-with-sha1 OBJECT IDENTIFIER ::=
+  {iso(1) member-body(2) us(840) x9-57(10040) x9cm(4) 3}
+
+rsaEncryption OBJECT IDENTIFIER ::=
+  {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1}
+
+dh-public-number OBJECT IDENTIFIER ::=
+  {iso(1) member-body(2) us(840) ansi-x942(10046) number-type(2) 1}
+
+id-alg-ESDH OBJECT IDENTIFIER ::=
+  {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
+   alg(3) 5}
+
+id-alg-CMS3DESwrap OBJECT IDENTIFIER ::=
+  {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
+   alg(3) 6}
+
+id-alg-CMSRC2wrap OBJECT IDENTIFIER ::=
+  {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
+   alg(3) 7}
+
+des-ede3-cbc OBJECT IDENTIFIER ::=
+  {iso(1) member-body(2) us(840) rsadsi(113549) encryptionAlgorithm(3) 7}
+
+rc2-cbc OBJECT IDENTIFIER ::=
+  {iso(1) member-body(2) us(840) rsadsi(113549) encryptionAlgorithm(3) 2}
+
+hMAC-SHA1 OBJECT IDENTIFIER ::=
+  {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+   mechanisms(5) 8 1 2}
+
+-- Algorithm Parameters
+KeyWrapAlgorithm ::= AlgorithmIdentifier
+
+RC2wrapParameter ::= RC2ParameterVersion
+
+RC2ParameterVersion ::= INTEGER
+
+CBCParameter ::= IV
+
+IV ::= OCTET STRING -- exactly 8 octets
+
+RC2CBCParameter ::= SEQUENCE {
+  rc2ParameterVersion  INTEGER,
+  iv                   OCTET STRING
+} -- exactly 8 octets
+
+-- Content Type Object Identifiers
+id-ct-contentInfo OBJECT IDENTIFIER ::=
+  {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
+   ct(1) 6}
+
+id-data OBJECT IDENTIFIER ::=
+  {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1}
+
+id-signedData OBJECT IDENTIFIER ::=
+  {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2}
+
+id-envelopedData OBJECT IDENTIFIER ::=
+  {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 3}
+
+id-digestedData OBJECT IDENTIFIER ::=
+  {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 5}
+
+id-encryptedData OBJECT IDENTIFIER ::=
+  {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6}
+
+id-ct-authData OBJECT IDENTIFIER ::=
+  {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
+   ct(1) 2}
+
+-- Attribute Object Identifiers
+id-contentType OBJECT IDENTIFIER ::=
+  {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) 3}
+
+id-messageDigest OBJECT IDENTIFIER ::=
+  {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) 4}
+
+id-signingTime OBJECT IDENTIFIER ::=
+  {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) 5}
+
+id-countersignature OBJECT IDENTIFIER ::=
+  {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) 6}
+
+-- Obsolete Extended Certificate syntax from PKCS#6
+ExtendedCertificate ::= SEQUENCE {
+  extendedCertificateInfo  ExtendedCertificateInfo,
+  signatureAlgorithm       SignatureAlgorithmIdentifier,
+  signature                Signature
+}
+
+ExtendedCertificateInfo ::= SEQUENCE {
+  version      CMSVersion,
+  certificate  Certificate,
+  attributes   UnauthAttributes
+}
+
+Signature ::= BIT STRING
+
+END -- of CryptographicMessageSyntax