81195acafa
Commit 89389bc7a (asn1: Fix long-standing IMPLICIT tagging brokenness)
was incomplete. Removing the hacks in lib/asn1/cms.asn1 revealed this.
Now the ASN.1 compiler generates enums to indicate what is the class and
tag of each type. This is needed so the decoder functions generated by
the compiler can know what tag to restore.
Now, too, the compiler does handle IMPLICIT tags whose encoded length is
different from that of the underlying type.
However, we now don't handle indefinite BER and non-DER definite lengths
(DCE) following IMPLICIT tags. This would affect only CMS in-tree.
150 lines
4.0 KiB
Groff
150 lines
4.0 KiB
Groff
-- From RFC 3369 --
|
|
-- $Id$ --
|
|
|
|
CMS DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS CertificateSerialNumber, AlgorithmIdentifier, Name,
|
|
Attribute, Certificate, SubjectKeyIdentifier FROM rfc2459
|
|
heim_any, heim_any_set FROM heim;
|
|
|
|
id-pkcs7 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
us(840) rsadsi(113549) pkcs(1) pkcs7(7) }
|
|
|
|
id-pkcs7-data OBJECT IDENTIFIER ::= { id-pkcs7 1 }
|
|
id-pkcs7-signedData OBJECT IDENTIFIER ::= { id-pkcs7 2 }
|
|
id-pkcs7-envelopedData OBJECT IDENTIFIER ::= { id-pkcs7 3 }
|
|
id-pkcs7-signedAndEnvelopedData OBJECT IDENTIFIER ::= { id-pkcs7 4 }
|
|
id-pkcs7-digestedData OBJECT IDENTIFIER ::= { id-pkcs7 5 }
|
|
id-pkcs7-encryptedData OBJECT IDENTIFIER ::= { id-pkcs7 6 }
|
|
|
|
CMSVersion ::= INTEGER {
|
|
CMSVersion_v0(0),
|
|
CMSVersion_v1(1),
|
|
CMSVersion_v2(2),
|
|
CMSVersion_v3(3),
|
|
CMSVersion_v4(4)
|
|
}
|
|
|
|
DigestAlgorithmIdentifier ::= AlgorithmIdentifier
|
|
DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
|
|
SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
|
|
|
|
ContentType ::= OBJECT IDENTIFIER
|
|
MessageDigest ::= OCTET STRING
|
|
|
|
ContentInfo ::= SEQUENCE {
|
|
contentType ContentType,
|
|
content [0] EXPLICIT heim_any OPTIONAL -- DEFINED BY contentType
|
|
}
|
|
|
|
EncapsulatedContentInfo ::= SEQUENCE {
|
|
eContentType ContentType,
|
|
eContent [0] EXPLICIT OCTET STRING OPTIONAL
|
|
}
|
|
|
|
CertificateSet ::= SET OF heim_any
|
|
|
|
CertificateList ::= Certificate
|
|
|
|
CertificateRevocationLists ::= SET OF CertificateList
|
|
|
|
IssuerAndSerialNumber ::= SEQUENCE {
|
|
issuer Name,
|
|
serialNumber CertificateSerialNumber
|
|
}
|
|
|
|
-- RecipientIdentifier is same as SignerIdentifier,
|
|
-- lets glue them togheter and save some bytes and share code for them
|
|
|
|
CMSIdentifier ::= CHOICE {
|
|
issuerAndSerialNumber IssuerAndSerialNumber,
|
|
subjectKeyIdentifier [0] SubjectKeyIdentifier
|
|
}
|
|
|
|
SignerIdentifier ::= CMSIdentifier
|
|
RecipientIdentifier ::= CMSIdentifier
|
|
|
|
--- CMSAttributes are the combined UnsignedAttributes and SignedAttributes
|
|
--- to store space and share code
|
|
|
|
CMSAttributes ::= SET OF Attribute -- SIZE (1..MAX)
|
|
|
|
SignatureValue ::= OCTET STRING
|
|
|
|
SignerInfo ::= SEQUENCE {
|
|
version CMSVersion,
|
|
sid SignerIdentifier,
|
|
digestAlgorithm DigestAlgorithmIdentifier,
|
|
signedAttrs [0] IMPLICIT CMSAttributes OPTIONAL,
|
|
signatureAlgorithm SignatureAlgorithmIdentifier,
|
|
signature SignatureValue,
|
|
unsignedAttrs [1] IMPLICIT CMSAttributes OPTIONAL
|
|
}
|
|
|
|
SignerInfos ::= SET OF SignerInfo
|
|
|
|
SignedData ::= SEQUENCE {
|
|
version CMSVersion,
|
|
digestAlgorithms DigestAlgorithmIdentifiers,
|
|
encapContentInfo EncapsulatedContentInfo,
|
|
certificates [0] IMPLICIT CertificateSet OPTIONAL,
|
|
crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
|
|
signerInfos SignerInfos
|
|
}
|
|
|
|
OriginatorInfo ::= SEQUENCE {
|
|
certs [0] IMPLICIT CertificateSet OPTIONAL,
|
|
crls [1] IMPLICIT CertificateRevocationLists OPTIONAL
|
|
}
|
|
|
|
KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
|
|
ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
|
|
|
|
EncryptedKey ::= OCTET STRING
|
|
|
|
KeyTransRecipientInfo ::= SEQUENCE {
|
|
version CMSVersion, -- always set to 0 or 2
|
|
rid RecipientIdentifier,
|
|
keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
|
|
encryptedKey EncryptedKey
|
|
}
|
|
|
|
RecipientInfo ::= KeyTransRecipientInfo
|
|
|
|
RecipientInfos ::= SET OF RecipientInfo
|
|
|
|
EncryptedContent ::= OCTET STRING
|
|
|
|
EncryptedContentInfo ::= SEQUENCE {
|
|
contentType ContentType,
|
|
contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
|
|
encryptedContent [0] IMPLICIT OCTET STRING OPTIONAL
|
|
}
|
|
|
|
UnprotectedAttributes ::= SET OF Attribute -- SIZE (1..MAX)
|
|
|
|
CMSEncryptedData ::= SEQUENCE {
|
|
version CMSVersion,
|
|
encryptedContentInfo EncryptedContentInfo,
|
|
unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL
|
|
}
|
|
|
|
EnvelopedData ::= SEQUENCE {
|
|
version CMSVersion,
|
|
originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
|
|
recipientInfos RecipientInfos,
|
|
encryptedContentInfo EncryptedContentInfo,
|
|
unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL
|
|
}
|
|
|
|
-- Data ::= OCTET STRING
|
|
|
|
CMSRC2CBCParameter ::= SEQUENCE {
|
|
rc2ParameterVersion INTEGER (0..4294967295),
|
|
iv OCTET STRING -- exactly 8 octets
|
|
}
|
|
|
|
CMSCBCParameter ::= OCTET STRING
|
|
|
|
END
|