heimdal/lib/asn1/cms.asn1

-- From RFC 3369 --
-- $Id$ --

CMS DEFINITIONS ::= BEGIN

IMPORTS CertificateSerialNumber, AlgorithmIdentifier, Name,
	Attribute, Certificate, SubjectKeyIdentifier FROM rfc2459
	HEIM_ANY FROM heim;

id-pkcs7 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
         us(840) rsadsi(113549) pkcs(1) pkcs7(7) }

id-pkcs7-data OBJECT IDENTIFIER ::= 			{ id-pkcs7 1 }
id-pkcs7-signedData OBJECT IDENTIFIER ::= 		{ id-pkcs7 2 }
id-pkcs7-envelopedData OBJECT IDENTIFIER ::= 		{ id-pkcs7 3 }
id-pkcs7-signedAndEnvelopedData OBJECT IDENTIFIER ::= 	{ id-pkcs7 4 }
id-pkcs7-digestedData OBJECT IDENTIFIER ::= 		{ id-pkcs7 5 }
id-pkcs7-encryptedData OBJECT IDENTIFIER ::= 		{ id-pkcs7 6 }

CMSVersion ::= INTEGER {
	   cMSVersion-v0(0),
	   cMSVersion-v1(1),
	   cMSVersion-v2(2),
	   cMSVersion-v3(3),
	   cMSVersion-v4(4)
}

DigestAlgorithmIdentifier ::= AlgorithmIdentifier
DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
SignatureAlgorithmIdentifier ::= AlgorithmIdentifier

ContentType ::= OBJECT IDENTIFIER
MessageDigest ::= OCTET STRING

EncapsulatedContentInfo ::= SEQUENCE {
	eContentType ContentType,
	eContent [0] EXPLICIT OCTET STRING OPTIONAL
}

CertificateChoices ::= CHOICE {
    certificate Certificate,
    any HEIM_ANY
}

-- Really, for us this is strictly a Certificate.  See RFC 5911.
CertificateSet ::= SET OF CertificateChoices

CertificateList ::= Certificate

CertificateRevocationLists ::= SET OF CertificateList

IssuerAndSerialNumber ::= SEQUENCE {
	issuer Name,
	serialNumber CertificateSerialNumber
}

-- RecipientIdentifier is same as SignerIdentifier,
-- lets glue them togheter and save some bytes and share code for them

CMSIdentifier ::= CHOICE {
	issuerAndSerialNumber IssuerAndSerialNumber,
	subjectKeyIdentifier [0] SubjectKeyIdentifier
}

SignerIdentifier ::= CMSIdentifier
RecipientIdentifier ::= CMSIdentifier

--- CMSAttributes are the combined UnsignedAttributes and SignedAttributes
--- to store space and share code

CMSAttributes ::= SET OF Attribute		-- SIZE (1..MAX)

SignatureValue ::= OCTET STRING

SignerInfo ::= SEQUENCE {
	version CMSVersion,
	sid SignerIdentifier,
	digestAlgorithm DigestAlgorithmIdentifier,
	signedAttrs [0] IMPLICIT CMSAttributes OPTIONAL,
	signatureAlgorithm SignatureAlgorithmIdentifier,
	signature SignatureValue,
	unsignedAttrs [1] IMPLICIT CMSAttributes OPTIONAL
}

SignerInfos ::= SET OF SignerInfo

SignedData ::= SEQUENCE {
	version CMSVersion,
	digestAlgorithms DigestAlgorithmIdentifiers,
	encapContentInfo EncapsulatedContentInfo,
	certificates [0] IMPLICIT CertificateSet OPTIONAL,
	crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
	signerInfos SignerInfos
}

OriginatorInfo ::= SEQUENCE {
	certs [0] IMPLICIT CertificateSet OPTIONAL,
	crls [1] IMPLICIT CertificateRevocationLists OPTIONAL
}

KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier

EncryptedKey ::= OCTET STRING

KeyTransRecipientInfo ::= SEQUENCE {
	version CMSVersion,  -- always set to 0 or 2
	rid RecipientIdentifier,
	keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
	encryptedKey EncryptedKey
}

RecipientInfo ::= KeyTransRecipientInfo

RecipientInfos ::= SET OF RecipientInfo

EncryptedContent ::= OCTET STRING

EncryptedContentInfo ::= SEQUENCE {
	contentType ContentType,
	contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
	encryptedContent [0] IMPLICIT OCTET STRING OPTIONAL
}

UnprotectedAttributes ::= SET OF Attribute	-- SIZE (1..MAX)

CMSEncryptedData ::= SEQUENCE {
	version CMSVersion,
	encryptedContentInfo EncryptedContentInfo,
        unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL
}

EnvelopedData ::= SEQUENCE {
	version CMSVersion,
	originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
	recipientInfos RecipientInfos,
	encryptedContentInfo EncryptedContentInfo,
	unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL
}

-- Data ::= OCTET STRING

CMSRC2CBCParameter ::= SEQUENCE {
	rc2ParameterVersion	INTEGER (0..4294967295),
	iv			OCTET STRING -- exactly 8 octets
}

CMSCBCParameter ::= OCTET STRING

-- We don't have a) a builtin TYPE-IDENTIFIER class, b) class equality
-- assignment yet!
_CONTENT-TYPE ::= CLASS {
        &id OBJECT IDENTIFIER UNIQUE,
        &Type OPTIONAL
}

ContentInfo{_CONTENT-TYPE:ContentSet} ::= SEQUENCE {
    contentType     _CONTENT-TYPE.&id({ContentSet}),
    content         [0] EXPLICIT _CONTENT-TYPE.&Type({ContentSet}{@contentType}) OPTIONAL
}

-- Content Type Object Identifiers and Objects

id-ct-contentInfo OBJECT IDENTIFIER ::= { iso(1) member-body(2)
 us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) ct(1) 6 }

id-data OBJECT IDENTIFIER ::= { iso(1) member-body(2)
 us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 }

OctetString ::= OCTET STRING -- workaround compiler bug
ct-Data _CONTENT-TYPE ::= { &id id-data, &Type OctetString }

id-signedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
 us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2 }

ct-SignedData _CONTENT-TYPE ::= { &id id-signedData, &Type SignedData }

id-envelopedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
 us(840) rsadsi(113549) pkcs(1) pkcs7(7) 3 }

ct-EnvelopedData _CONTENT-TYPE ::= { &id id-envelopedData, &Type EnvelopedData }

id-digestedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
 us(840) rsadsi(113549) pkcs(1) pkcs7(7) 5 }
-- ct-DigestedData _CONTENT-TYPE ::= { &id id-digestedData, &Type DigestedData }

id-encryptedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
 us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6 }

-- ct-EncryptedData _CONTENT-TYPE ::= { &id id-encryptedData, &Type EncryptedData }

id-ct-authData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 2 }

-- ct-AuthenticatedData _CONTENT-TYPE ::=
--     { &id id-ct-authData, &Type AuthenticatedData }

ContentSet _CONTENT-TYPE ::= {
      --  Define the set of content types to be recognized.
      ct-Data | ct-SignedData | ct-EnvelopedData
      -- | ct-EncryptedData
      -- | ct-AuthenticatedData | ct-DigestedData
}

ContentInfo ::= ContentInfo{ContentSet}

END