1 files changed, 387 insertions, 0 deletions
diff --git a/lib/public_key/asn1/PKCS-7.asn1 b/lib/public_key/asn1/PKCS-7.asn1
new file mode 100644
index 0000000000..a6dfd57d80
--- /dev/null
+++ b/lib/public_key/asn1/PKCS-7.asn1
@@ -0,0 +1,387 @@
+PKCS-7 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-7(7)
+        modules(0) pkcs-7(1)}
+
+DEFINITIONS EXPLICIT TAGS ::=
+BEGIN
+
+--
+-- 3. Definitions
+--
+
+-- EXPORTS All;
+
+IMPORTS
+
+informationFramework, authenticationFramework
+    FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
+                            usefulDefinitions(0) 3}
+
+  ATTRIBUTE
+    FROM InformationFramework informationFramework
+
+  Name, Certificate, CertificateSerialNumber,
+    CertificateList, Time
+    FROM PKIX1Explicit88; -- AuthenticationFramework authenticationFramework;
+
+--  contentType, messageDigest, signingTime
+-- , counterSignature
+--    FROM PKCS-9 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
+--                 pkcs-9(9) modules(0) pkcs-9(1)};
+--
+-- 6. Useful types
+--
+
+-- inlined from AuthenticationFramework
+
+ALGORITHM ::= CLASS {&Type  OPTIONAL,
+                     &id    OBJECT IDENTIFIER UNIQUE
+}WITH SYNTAX {[&Type]
+              IDENTIFIED BY &id
+}
+
+-- inlined from PKCS-9
+
+pkcs-9 OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840)
+                              rsadsi(113549) pkcs(1) 9}
+
+contentType ATTRIBUTE ::= {
+        WITH SYNTAX ContentType
+--        EQUALITY MATCHING RULE objectIdentifierMatch
+        SINGLE VALUE TRUE
+        ID pkcs-9-at-contentType
+}
+
+pkcs-9-at-contentType                   OBJECT IDENTIFIER ::= {pkcs-9 3}
+pkcs-9-at-messageDigest                 OBJECT IDENTIFIER ::= {pkcs-9 4}
+pkcs-9-at-signingTime                   OBJECT IDENTIFIER ::= {pkcs-9 5}
+pkcs-9-at-counterSignature              OBJECT IDENTIFIER ::= {pkcs-9 6}
+
+counterSignature ATTRIBUTE ::= {
+        WITH SYNTAX SignerInfo
+        ID pkcs-9-at-counterSignature
+}
+messageDigest ATTRIBUTE ::= {
+        WITH SYNTAX MessageDigest
+--        EQUALITY MATCHING RULE octetStringMatch
+        SINGLE VALUE TRUE
+        ID pkcs-9-at-messageDigest
+}
+
+MessageDigest ::= OCTET STRING
+
+signingTime ATTRIBUTE ::= {
+        WITH SYNTAX SigningTime
+--        EQUALITY MATCHING RULE signingTimeMatch
+        SINGLE VALUE TRUE
+        ID pkcs-9-at-signingTime
+}
+
+SigningTime ::= Time -- imported from ISO/IEC 9594-8
+
+
+-- Also defined in X.509
+-- Redeclared here as a parameterized type
+AlgorithmIdentifierPKSC-7 {ALGORITHM:IOSet} ::= SEQUENCE {
+   algorithm   ALGORITHM.&id({IOSet}),
+   parameters  ALGORITHM.&Type({IOSet}{@algorithm}) OPTIONAL
+}
+
+-- Also defined in X.501
+-- Redeclared here as a parameterized type
+AttributePKCS-7 { ATTRIBUTE:IOSet } ::= SEQUENCE {
+   type    ATTRIBUTE.&id({IOSet}),
+   values  SET SIZE (1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type})
+}
+
+CertificateRevocationLists ::=
+  SET OF CertificateList
+
+Certificates ::=
+  SEQUENCE OF Certificate
+
+CRLSequence ::=
+  SEQUENCE OF CertificateList
+
+ContentEncryptionAlgorithmIdentifier ::=
+  AlgorithmIdentifierPKSC-7 {{ContentEncryptionAlgorithms}}
+
+ContentEncryptionAlgorithms ALGORITHM ::= {
+  ...  -- add any application-specific algorithms here
+}
+
+DigestAlgorithmIdentifier ::=
+  AlgorithmIdentifierPKSC-7 {{DigestAlgorithms}}
+
+DigestAlgorithms ALGORITHM ::= {
+   ...  -- add any application-specific algorithms here
+}
+
+DigestEncryptionAlgorithmIdentifier ::=
+  AlgorithmIdentifierPKSC-7 {{DigestEncryptionAlgorithms}}
+
+DigestEncryptionAlgorithms ALGORITHM ::= {
+  ...  -- add any application-specific algorithms here
+}
+
+ExtendedCertificateOrCertificate ::= CHOICE {
+  certificate          Certificate,                      -- X.509
+  extendedCertificate  [0] IMPLICIT ExtendedCertificate  -- PKCS#6
+}
+
+ExtendedCertificate ::= Certificate -- cheating
+
+ExtendedCertificatesAndCertificates ::=
+  SET OF ExtendedCertificateOrCertificate
+
+IssuerAndSerialNumber ::= SEQUENCE {
+  issuer        Name,
+  serialNumber  CertificateSerialNumber
+}
+
+KeyEncryptionAlgorithmIdentifier ::=
+  AlgorithmIdentifierPKSC-7 {{KeyEncryptionAlgorithms}}
+
+KeyEncryptionAlgorithms ALGORITHM ::= {
+  ...  -- add any application-specific algorithms here
+}
+
+--
+-- 7. General syntax
+--
+
+ContentInfo ::= SEQUENCE {
+--  contentType  ContentType,
+  contentType  CONTENTS.&id({Contents}),
+  content      [0] EXPLICIT CONTENTS.&Type({Contents}{@contentType})
+OPTIONAL
+}
+
+CONTENTS ::= TYPE-IDENTIFIER
+
+Contents CONTENTS ::= {
+  {Data                    IDENTIFIED BY data}                   |
+  {SignedData              IDENTIFIED BY signedData}             |
+  {EnvelopedData           IDENTIFIED BY envelopedData}          |
+  {SignedAndEnvelopedData  IDENTIFIED BY signedAndEnvelopedData} |
+  {DigestedData            IDENTIFIED BY digestedData}           |
+  {EncryptedData           IDENTIFIED BY encryptedData},
+  ...  -- add any application-specific types/contents here
+}
+
+ContentType ::= CONTENTS.&id({Contents})
+
+--
+-- 8. Data content type
+--
+
+Data ::= OCTET STRING
+
+--
+-- 9. Signed-data content type
+--
+
+SignedData ::= SEQUENCE {
+--  version         INTEGER {sdVer1(1), sdVer2(2)} (sdVer1 | sdVer2),
+  version         INTEGER {sdVer1(1), sdVer2(2)},
+  digestAlgorithms
+                  DigestAlgorithmIdentifiers,
+  contentInfo     ContentInfo,
+  certificates CHOICE {
+    certSet       [0] IMPLICIT ExtendedCertificatesAndCertificates,
+    certSequence  [2] IMPLICIT Certificates
+  } OPTIONAL,
+  crls CHOICE {
+    crlSet        [1] IMPLICIT CertificateRevocationLists,
+    crlSequence   [3] IMPLICIT CRLSequence
+  } OPTIONAL,
+  signerInfos     SignerInfos
+} (WITH COMPONENTS { ..., version (sdVer1),
+     digestAlgorithms   (WITH COMPONENTS { ..., daSet PRESENT }),
+     certificates       (WITH COMPONENTS { ..., certSequence ABSENT }),
+     crls               (WITH COMPONENTS { ..., crlSequence ABSENT }),
+     signerInfos        (WITH COMPONENTS { ..., siSet PRESENT })
+   } |
+   WITH COMPONENTS { ..., version (sdVer2),
+      digestAlgorithms  (WITH COMPONENTS { ..., daSequence PRESENT }),
+      certificates      (WITH COMPONENTS { ..., certSet ABSENT }),
+      crls              (WITH COMPONENTS { ..., crlSet ABSENT }),
+      signerInfos       (WITH COMPONENTS { ..., siSequence PRESENT })
+})
+
+SignerInfos ::= CHOICE {
+    siSet         SET OF SignerInfo,
+    siSequence    SEQUENCE OF SignerInfo
+}
+
+DigestAlgorithmIdentifiers ::= CHOICE {
+  daSet           SET OF DigestAlgorithmIdentifier,
+  daSequence      SEQUENCE OF DigestAlgorithmIdentifier
+}
+
+SignerInfo ::= SEQUENCE {
+--  version         INTEGER {siVer1(1), siVer2(2)} (siVer1 | siVer2),
+  version         INTEGER {siVer1(1), siVer2(2)},
+  issuerAndSerialNumber
+                  IssuerAndSerialNumber,
+  digestAlgorithm DigestAlgorithmIdentifier,
+  authenticatedAttributes CHOICE {
+    aaSet         [0] IMPLICIT SET OF AttributePKCS-7 {{Authenticated}},
+    aaSequence    [2] EXPLICIT SEQUENCE OF AttributePKCS-7 {{Authenticated}}
+    -- Explicit because easier to compute digest on sequence of attributes and then reuse
+    -- encoded sequence in aaSequence.
+  } OPTIONAL,
+  digestEncryptionAlgorithm
+                  DigestEncryptionAlgorithmIdentifier,
+  encryptedDigest EncryptedDigest,
+  unauthenticatedAttributes CHOICE {
+    uaSet         [1] IMPLICIT SET OF AttributePKCS-7 {{Unauthenticated}},
+    uaSequence    [3] IMPLICIT SEQUENCE OF AttributePKCS-7 {{Unauthenticated}}
+  } OPTIONAL
+} (WITH COMPONENTS { ..., version (siVer1),
+  authenticatedAttributes       (WITH COMPONENTS { ..., aaSequence ABSENT }),
+  unauthenticatedAttributes     (WITH COMPONENTS { ..., uaSequence ABSENT })
+} | WITH COMPONENTS { ..., version (siVer2),
+  authenticatedAttributes       (WITH COMPONENTS { ..., aaSet ABSENT }),
+  unauthenticatedAttributes     (WITH COMPONENTS { ..., uaSet ABSENT })
+})
+
+Authenticated ATTRIBUTE ::= {
+  contentType |
+  messageDigest,
+  ...,  -- add application-specific attributes here
+  signingTime
+}
+
+Unauthenticated ATTRIBUTE ::= {
+  contentType |
+  messageDigest,
+  ...,  -- add application-specific attributes here
+  counterSignature
+--  ...,  add application-specific attributes here
+--  counterSignature
+}
+
+EncryptedDigest ::= OCTET STRING
+
+DigestInfo ::= SEQUENCE {
+  digestAlgorithm DigestAlgorithmIdentifier,
+  digest          Digest
+}
+
+Digest ::= OCTET STRING
+
+--
+-- 10. Enveloped-data content type
+--
+
+EnvelopedData ::= SEQUENCE {
+--  version         INTEGER {edVer0(0), edVer1(1)} (edVer0 | edVer1),
+  version         INTEGER {edVer0(0), edVer1(1)},
+  recipientInfos  RecipientInfos,
+  encryptedContentInfo
+                  EncryptedContentInfo
+} (WITH COMPONENTS { ..., version (edVer0),
+    recipientInfos      (WITH COMPONENTS { ..., riSet PRESENT })
+} | WITH COMPONENTS { ..., version (edVer1),
+    recipientInfos      (WITH COMPONENTS { ..., riSequence PRESENT })
+})
+
+RecipientInfos ::= CHOICE {
+  riSet           SET OF RecipientInfo,
+  riSequence      SEQUENCE OF RecipientInfo
+}
+
+EncryptedContentInfo ::= SEQUENCE {
+  contentType     ContentType,
+  contentEncryptionAlgorithm
+                  ContentEncryptionAlgorithmIdentifier,
+  encryptedContent
+                  [0] IMPLICIT EncryptedContent OPTIONAL
+}
+
+EncryptedContent ::= OCTET STRING
+
+RecipientInfo ::= SEQUENCE {
+--  version         INTEGER {riVer0(0)} (riVer0),
+  version         INTEGER {riVer0(0)},
+  issuerAndSerialNumber
+                  IssuerAndSerialNumber,
+  keyEncryptionAlgorithm
+                  KeyEncryptionAlgorithmIdentifier,
+  encryptedKey    EncryptedKey
+}
+
+EncryptedKey ::= OCTET STRING
+
+--
+-- 11. Signed-and-enveloped-data content type
+--
+
+SignedAndEnvelopedData ::= SEQUENCE {
+--  version         INTEGER {seVer1(1), seVer2(2)} (seVer1 | seVer2),
+  version         INTEGER {seVer1(1), seVer2(2)},
+  recipientInfos  RecipientInfos,
+  digestAlgorithms
+                  DigestAlgorithmIdentifiers,
+  encryptedContentInfo
+                  EncryptedContentInfo,
+  certificates CHOICE {
+    certSet       [0] IMPLICIT ExtendedCertificatesAndCertificates,
+    certSequence  [2] IMPLICIT Certificates
+  } OPTIONAL,
+  crls CHOICE {
+    crlSet        [1] IMPLICIT CertificateRevocationLists,
+    crlSequence   [3] IMPLICIT CRLSequence
+  } OPTIONAL,
+  signerInfos     SignerInfos
+} (WITH COMPONENTS { ..., version (seVer1),
+    recipientInfos   (WITH COMPONENTS { ..., riSet PRESENT }),
+    digestAlgorithms (WITH COMPONENTS { ..., daSet PRESENT }),
+    certificates     (WITH COMPONENTS { ..., certSequence ABSENT }),
+    crls             (WITH COMPONENTS { ..., crlSequence ABSENT }),
+    signerInfos      (WITH COMPONENTS { ..., siSet PRESENT })
+} |
+  WITH COMPONENTS { ..., version (seVer2),
+    recipientInfos   (WITH COMPONENTS { ..., riSequence PRESENT }),
+    digestAlgorithms (WITH COMPONENTS { ..., daSequence PRESENT }),
+    certificates     (WITH COMPONENTS { ..., certSet ABSENT }),
+    crls             (WITH COMPONENTS { ..., crlSet ABSENT }),
+    signerInfos      (WITH COMPONENTS { ..., siSequence PRESENT })
+})
+
+--
+-- 12. Digested-data content type
+--pbeWithSHAAnd3-KeyTripleDES-CBC
+
+DigestedData ::= SEQUENCE {
+--  version         INTEGER {ddVer0(0)} (ddVer0),
+  version         INTEGER {ddVer0(0)},
+  digestAlgorithm DigestAlgorithmIdentifier,
+  contentInfo     ContentInfo,
+  digest          Digest
+}
+
+--
+-- 13. Encrypted-data content type
+--
+
+EncryptedData ::= SEQUENCE {
+--  version		INTEGER {edVer0(0)} (edVer0),
+  version		INTEGER {edVer0(0)},
+  encryptedContentInfo  EncryptedContentInfo
+}
+
+--
+-- 14. Object Identifiers
+--
+
+pkcs-7                  OBJECT IDENTIFIER ::=
+  { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 7 }
+data                    OBJECT IDENTIFIER ::= { pkcs-7 1 }
+signedData              OBJECT IDENTIFIER ::= { pkcs-7 2 }
+envelopedData           OBJECT IDENTIFIER ::= { pkcs-7 3 }
+signedAndEnvelopedData  OBJECT IDENTIFIER ::= { pkcs-7 4 }
+digestedData            OBJECT IDENTIFIER ::= { pkcs-7 5 }
+encryptedData           OBJECT IDENTIFIER ::= { pkcs-7 6 }
+
+END