heimdal/lib/asn1/CMS.asn1

-- From RFC 3369 --
-- $Id$ --

CMS DEFINITIONS ::= BEGIN

IMPORTS CertificateSerialNumber, AlgorithmIdentifier, Name,
	Attribute, Certificate, Name, SubjectKeyIdentifier FROM rfc2459
	heim_any, heim_any_set FROM heim;

id-pkcs7 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
         us(840) rsadsi(113549) pkcs(1) pkcs7(7) }

id-pkcs7-data OBJECT IDENTIFIER ::= 			{ id-pkcs7 1 }
id-pkcs7-signedData OBJECT IDENTIFIER ::= 		{ id-pkcs7 2 }
id-pkcs7-envelopedData OBJECT IDENTIFIER ::= 		{ id-pkcs7 3 }
id-pkcs7-signedAndEnvelopedData OBJECT IDENTIFIER ::= 	{ id-pkcs7 4 }
id-pkcs7-digestedData OBJECT IDENTIFIER ::= 		{ id-pkcs7 5 }
id-pkcs7-encryptedData OBJECT IDENTIFIER ::= 		{ id-pkcs7 6 }

CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4) }

DigestAlgorithmIdentifier ::= AlgorithmIdentifier
DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
SignatureAlgorithmIdentifier ::= AlgorithmIdentifier

ContentType ::= OBJECT IDENTIFIER

ContentInfo ::= SEQUENCE {
	contentType ContentType,
	content [0] EXPLICIT heim_any OPTIONAL --  DEFINED BY contentType 
}

EncapsulatedContentInfo ::= SEQUENCE {
	eContentType ContentType,
	eContent [0] EXPLICIT OCTET STRING OPTIONAL
}

CertificateSet ::= heim_any_set -- SET OF
CertificateSetReal ::= SET OF heim_any

CertificateList ::= Certificate

CertificateRevocationLists ::= SET OF CertificateList

IssuerAndSerialNumber ::= SEQUENCE {
	issuer Name,
	serialNumber CertificateSerialNumber
}

-- RecipientIdentifier is same as SignerIdentifier, 
-- lets glue them togheter and save some bytes and share code for them

CMSIdentifier ::= CHOICE {
	issuerAndSerialNumber IssuerAndSerialNumber,
	subjectKeyIdentifier [0] SubjectKeyIdentifier
}

SignerIdentifier ::= CMSIdentifier
RecipientIdentifier ::= CMSIdentifier

SignedAttributes ::= SET OF Attribute		-- SIZE (1..MAX) 
UnsignedAttributes ::= SET OF Attribute		-- SIZE (1..MAX) 

SignatureValue ::= OCTET STRING

SignerInfo ::= SEQUENCE {
	version CMSVersion,
	sid SignerIdentifier,
	digestAlgorithm DigestAlgorithmIdentifier,
	signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
	signatureAlgorithm SignatureAlgorithmIdentifier,
	signature SignatureValue,
	unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL
}

SignerInfos ::= SET OF SignerInfo

SignedData ::= SEQUENCE {
	version CMSVersion,
	digestAlgorithms DigestAlgorithmIdentifiers,
	encapContentInfo EncapsulatedContentInfo,
	certificates [0] IMPLICIT CertificateSet OPTIONAL,
	crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
	signerInfos SignerInfos
}

OriginatorInfo ::= SEQUENCE {
	certs [0] IMPLICIT CertificateSet OPTIONAL,
	crls [1] IMPLICIT CertificateRevocationLists OPTIONAL
}

KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier

EncryptedKey ::= OCTET STRING

KeyTransRecipientInfo ::= SEQUENCE {
	version CMSVersion,  -- always set to 0 or 2
	rid RecipientIdentifier,
	keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
	encryptedKey EncryptedKey
}

RecipientInfo ::= KeyTransRecipientInfo

RecipientInfos ::= SET OF RecipientInfo

EncryptedContent ::= OCTET STRING

EncryptedContentInfo ::= SEQUENCE {
	contentType ContentType,
	contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
	encryptedContent [0] IMPLICIT OCTET STRING OPTIONAL
}

UnprotectedAttributes ::= SET OF Attribute	-- SIZE (1..MAX)

CMSEncryptedData ::= SEQUENCE {
	version CMSVersion,
	encryptedContentInfo EncryptedContentInfo,
        unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL
}

EnvelopedData ::= SEQUENCE {
	version CMSVersion,
	originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
	recipientInfos RecipientInfos,
	encryptedContentInfo EncryptedContentInfo,
	unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL
}

-- Data ::= OCTET STRING

CMSRC2CBCParameter ::= SEQUENCE {
	rc2ParameterVersion	INTEGER,
	iv			OCTET STRING -- exactly 8 octets
}

CMSCBCParameter ::= OCTET STRING

END