From dab8d695015acd7574c4b35217c319b13f661234 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Tue, 6 Nov 2012 16:08:09 +0100 Subject: public_key: Add PKCS-7 First attempt to add PKCS-7 does not compile --- .../asn1/CryptographicMessageSyntax.asn1 | 376 +++++++++++++++++++++ 1 file changed, 376 insertions(+) create mode 100644 lib/public_key/asn1/CryptographicMessageSyntax.asn1 (limited to 'lib/public_key/asn1/CryptographicMessageSyntax.asn1') diff --git a/lib/public_key/asn1/CryptographicMessageSyntax.asn1 b/lib/public_key/asn1/CryptographicMessageSyntax.asn1 new file mode 100644 index 0000000000..05ecdf2448 --- /dev/null +++ b/lib/public_key/asn1/CryptographicMessageSyntax.asn1 @@ -0,0 +1,376 @@ +CryptographicMessageSyntax {iso(1) member-body(2) us(840) rsadsi(113549) + pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1)} +-- +-- Copyright (C) The Internet Society (1999). This version of +-- this ASN.1 module is part of RFC 2630; +-- see the RFC itself for full legal notices. +-- +DEFINITIONS IMPLICIT TAGS ::= +BEGIN + +-- EXPORTS All +-- The types and values defined in this module are exported for use in +-- the other ASN.1 modules. Other applications may use them for their +-- own purposes. +IMPORTS + -- Directory Information Framework (X.501) + Name + FROM InformationFramework {joint-iso-itu-t ds(5) module(1) + informationFramework(1) 3} + -- Directory Authentication Framework (X.509) + AlgorithmIdentifier, AttributeCertificate, Certificate, CertificateList, + CertificateSerialNumber + FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1) + authenticationFramework(7) 3}; + +ContentInfo ::= SEQUENCE { + content-type CMS-CONTENT-TYPE.&id({CMSContentTable}), + pkcs7-content [0] CMS-CONTENT-TYPE.&Type({CMSContentTable}) +} + +CMS-CONTENT-TYPE ::= TYPE-IDENTIFIER + +CMSContentTable CMS-CONTENT-TYPE ::= + {...} + +ContentType ::= OBJECT IDENTIFIER + +SignedData ::= SEQUENCE { + version CMSVersion, + digestAlgorithms DigestAlgorithmIdentifiers, + encapContentInfo EncapsulatedContentInfo, + certificates [0] IMPLICIT CertificateSet OPTIONAL, + crls [1] IMPLICIT CertificateRevocationLists OPTIONAL, + signerInfos SignerInfos +} + +DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier + +SignerInfos ::= SET OF SignerInfo + +EncapsulatedContentInfo ::= SEQUENCE { + eContentType ContentType, + eContent [0] EXPLICIT OCTET STRING OPTIONAL +} + +SignerInfo ::= SEQUENCE { + version CMSVersion, + sid SignerIdentifier, + digestAlgorithm DigestAlgorithmIdentifier, + signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL, + signatureAlgorithm SignatureAlgorithmIdentifier, + signature SignatureValue, + unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL +} + +SignerIdentifier ::= CHOICE { + issuerAndSerialNumber IssuerAndSerialNumber, + subjectKeyIdentifier [0] SubjectKeyIdentifier +} + +SignedAttributes ::= SET SIZE (1..MAX) OF Attribute + +UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute + +Attribute ::= SEQUENCE { + attrType OBJECT IDENTIFIER, + attrValues SET OF AttributeValue +} + +OPEN ::= CLASS {&Type +}WITH SYNTAX {TYPE &Type +} + +AttributeValue ::= OPEN.&Type + +SignatureValue ::= OCTET STRING + +EnvelopedData ::= SEQUENCE { + version CMSVersion, + originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL, + recipientInfos RecipientInfos, + encryptedContentInfo EncryptedContentInfo, + unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL +} + +OriginatorInfo ::= SEQUENCE { + certs [0] IMPLICIT CertificateSet OPTIONAL, + crls [1] IMPLICIT CertificateRevocationLists OPTIONAL +} + +RecipientInfos ::= SET OF RecipientInfo + +EncryptedContentInfo ::= SEQUENCE { + contentType ContentType, + contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier, + encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL +} + +EncryptedContent ::= OCTET STRING + +UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute + +RecipientInfo ::= CHOICE { + ktri KeyTransRecipientInfo, + kari [1] KeyAgreeRecipientInfo, + kekri [2] KEKRecipientInfo +} + +EncryptedKey ::= OCTET STRING + +KeyTransRecipientInfo ::= SEQUENCE { + version CMSVersion, -- always set to 0 or 2 + rid RecipientIdentifier, + keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, + encryptedKey EncryptedKey +} + +RecipientIdentifier ::= CHOICE { + issuerAndSerialNumber IssuerAndSerialNumber, + subjectKeyIdentifier [0] SubjectKeyIdentifier +} + +KeyAgreeRecipientInfo ::= SEQUENCE { + version CMSVersion, -- always set to 3 + originator [0] EXPLICIT OriginatorIdentifierOrKey, + ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL, + keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, + recipientEncryptedKeys RecipientEncryptedKeys +} + +OriginatorIdentifierOrKey ::= CHOICE { + issuerAndSerialNumber IssuerAndSerialNumber, + subjectKeyIdentifier [0] SubjectKeyIdentifier, + originatorKey [1] OriginatorPublicKey +} + +OriginatorPublicKey ::= SEQUENCE { + algorithm AlgorithmIdentifier, + publicKey BIT STRING +} + +RecipientEncryptedKeys ::= SEQUENCE OF RecipientEncryptedKey + +RecipientEncryptedKey ::= SEQUENCE { + rid KeyAgreeRecipientIdentifier, + encryptedKey EncryptedKey +} + +KeyAgreeRecipientIdentifier ::= CHOICE { + issuerAndSerialNumber IssuerAndSerialNumber, + rKeyId [0] IMPLICIT RecipientKeyIdentifier +} + +RecipientKeyIdentifier ::= SEQUENCE { + subjectKeyIdentifier SubjectKeyIdentifier, + date GeneralizedTime OPTIONAL, + other OtherKeyAttribute OPTIONAL +} + +SubjectKeyIdentifier ::= OCTET STRING + +KEKRecipientInfo ::= SEQUENCE { + version CMSVersion, -- always set to 4 + kekid KEKIdentifier, + keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, + encryptedKey EncryptedKey +} + +KEKIdentifier ::= SEQUENCE { + keyIdentifier OCTET STRING, + date GeneralizedTime OPTIONAL, + other OtherKeyAttribute OPTIONAL +} + +DigestedData ::= SEQUENCE { + version CMSVersion, + digestAlgorithm DigestAlgorithmIdentifier, + encapContentInfo EncapsulatedContentInfo, + digest Digest +} + +Digest ::= OCTET STRING + +EncryptedData ::= SEQUENCE { + version CMSVersion, + encryptedContentInfo EncryptedContentInfo, + unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL +} + +AuthenticatedData ::= SEQUENCE { + version CMSVersion, + originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL, + recipientInfos RecipientInfos, + macAlgorithm MessageAuthenticationCodeAlgorithm, + digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL, + encapContentInfo EncapsulatedContentInfo, + authenticatedAttributes [2] IMPLICIT AuthAttributes OPTIONAL, + mac MessageAuthenticationCode, + unauthenticatedAttributes [3] IMPLICIT UnauthAttributes OPTIONAL +} + +AuthAttributes ::= SET SIZE (1..MAX) OF Attribute + +UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute + +MessageAuthenticationCode ::= OCTET STRING + +DigestAlgorithmIdentifier ::= AlgorithmIdentifier + +SignatureAlgorithmIdentifier ::= AlgorithmIdentifier + +KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier + +ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier + +MessageAuthenticationCodeAlgorithm ::= AlgorithmIdentifier + +CertificateRevocationLists ::= SET OF CertificateList + +CertificateChoices ::= CHOICE { + certificate Certificate, -- See X.509 + extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete + attrCert [1] IMPLICIT AttributeCertificate +} -- See X.509 & X9.57 + +CertificateSet ::= SET OF CertificateChoices + +IssuerAndSerialNumber ::= SEQUENCE { + issuer Name, + serialNumber CertificateSerialNumber +} + +CMSVersion ::= INTEGER {v0(0), v1(1), v2(2), v3(3), v4(4)} + +UserKeyingMaterial ::= OCTET STRING + +OtherKeyAttribute ::= SEQUENCE { + keyAttributeIdentifier OTHER-KEY-ATTRIBUTE.&id({OtherKeyAttributeTable}), + keyAttribute + OTHER-KEY-ATTRIBUTE.&Type + ({OtherKeyAttributeTable}{@keyAttributeIdentifier}) OPTIONAL +} + +OTHER-KEY-ATTRIBUTE ::= TYPE-IDENTIFIER + +OtherKeyAttributeTable OTHER-KEY-ATTRIBUTE ::= + {...} + +-- CMS Attributes +MessageDigest ::= OCTET STRING + +SigningTime ::= Time + +Time ::= CHOICE {utcTime UTCTime, + generalTime GeneralizedTime +} + +Countersignature ::= SignerInfo + +-- Algorithm Identifiers +sha-1 OBJECT IDENTIFIER ::= + {iso(1) identified-organization(3) oiw(14) secsig(3) algorithm(2) 26} + +md5 OBJECT IDENTIFIER ::= + {iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5} + +id-dsa-with-sha1 OBJECT IDENTIFIER ::= + {iso(1) member-body(2) us(840) x9-57(10040) x9cm(4) 3} + +rsaEncryption OBJECT IDENTIFIER ::= + {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1} + +dh-public-number OBJECT IDENTIFIER ::= + {iso(1) member-body(2) us(840) ansi-x942(10046) number-type(2) 1} + +id-alg-ESDH OBJECT IDENTIFIER ::= + {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) + alg(3) 5} + +id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= + {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) + alg(3) 6} + +id-alg-CMSRC2wrap OBJECT IDENTIFIER ::= + {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) + alg(3) 7} + +des-ede3-cbc OBJECT IDENTIFIER ::= + {iso(1) member-body(2) us(840) rsadsi(113549) encryptionAlgorithm(3) 7} + +rc2-cbc OBJECT IDENTIFIER ::= + {iso(1) member-body(2) us(840) rsadsi(113549) encryptionAlgorithm(3) 2} + +hMAC-SHA1 OBJECT IDENTIFIER ::= + {iso(1) identified-organization(3) dod(6) internet(1) security(5) + mechanisms(5) 8 1 2} + +-- Algorithm Parameters +KeyWrapAlgorithm ::= AlgorithmIdentifier + +RC2wrapParameter ::= RC2ParameterVersion + +RC2ParameterVersion ::= INTEGER + +CBCParameter ::= IV + +IV ::= OCTET STRING -- exactly 8 octets + +RC2CBCParameter ::= SEQUENCE { + rc2ParameterVersion INTEGER, + iv OCTET STRING +} -- exactly 8 octets + +-- Content Type Object Identifiers +id-ct-contentInfo OBJECT IDENTIFIER ::= + {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) + ct(1) 6} + +id-data OBJECT IDENTIFIER ::= + {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1} + +id-signedData OBJECT IDENTIFIER ::= + {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2} + +id-envelopedData OBJECT IDENTIFIER ::= + {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 3} + +id-digestedData OBJECT IDENTIFIER ::= + {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 5} + +id-encryptedData OBJECT IDENTIFIER ::= + {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6} + +id-ct-authData OBJECT IDENTIFIER ::= + {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) + ct(1) 2} + +-- Attribute Object Identifiers +id-contentType OBJECT IDENTIFIER ::= + {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) 3} + +id-messageDigest OBJECT IDENTIFIER ::= + {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) 4} + +id-signingTime OBJECT IDENTIFIER ::= + {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) 5} + +id-countersignature OBJECT IDENTIFIER ::= + {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) 6} + +-- Obsolete Extended Certificate syntax from PKCS#6 +ExtendedCertificate ::= SEQUENCE { + extendedCertificateInfo ExtendedCertificateInfo, + signatureAlgorithm SignatureAlgorithmIdentifier, + signature Signature +} + +ExtendedCertificateInfo ::= SEQUENCE { + version CMSVersion, + certificate Certificate, + attributes UnauthAttributes +} + +Signature ::= BIT STRING + +END -- of CryptographicMessageSyntax -- cgit v1.2.3