summaryrefslogtreecommitdiff
path: root/asn1include/PKCS7.asn1
diff options
context:
space:
mode:
Diffstat (limited to 'asn1include/PKCS7.asn1')
-rw-r--r--asn1include/PKCS7.asn1342
1 files changed, 342 insertions, 0 deletions
diff --git a/asn1include/PKCS7.asn1 b/asn1include/PKCS7.asn1
new file mode 100644
index 0000000..ac449b5
--- /dev/null
+++ b/asn1include/PKCS7.asn1
@@ -0,0 +1,342 @@
+-- Module PKCS7 (X.420:06/1999)
+-- The ASN.1 in version 1.5 of the PKCS#7 document is not defined in an ASN.1 module. This prevents an IMPORT of it into other ASN.1 modules.
+-- This Annex contains a module of PKCS#7 ASN.1 definitions conforming to current ASN.1 standards rather than the obsolescent (and now deprecated) 1988/90 version of ASN.1 used in version 1.5 of PKCS#7.
+-- Extensions to PKCS#7 defined in RFC 2630 are included.
+-- If differences are found between the ASN.1 in the following module and that in PKCS#7, the latter is definitive.
+PKCS7 {iso member-body usa(840) rsadsi(113549) pkcs(1) 7
+ module(0) -- module not currently defined in PKCS#7 --} DEFINITIONS IMPLICIT
+TAGS ::=
+BEGIN
+
+IMPORTS
+ -- Directory Information Framework
+ Attribute, Name
+ --==
+ FROM InformationFramework {joint-iso-itu-t ds(5) module(1)
+ informationFramework(1) 3}
+ -- Directory Authentication Framework
+ AlgorithmIdentifier, AttributeCertificate, Certificate, CertificateList,
+ CertificateSerialNumber, HASH{}, SIGNED{}
+ --==
+ FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1)
+ authenticationFramework(7) 3};
+
+-- In PKCS#7 the HASHED parameterised type applies the hash function to the
+-- contents octets component of a DER encoding of a value of the parameter.
+-- The ENCRYPTED parameterised type is redefined here because PKCS#7 encrypted values are
+-- defined as OCTET STRING, instead of BIT STRING as in the Directory Authentication Framework
+ENCRYPTED{ToBeEnciphered} ::=
+ OCTET STRING
+ (CONSTRAINED BY {
+ -- must be the result of applying an encipherment procedure to the contents octets component
+ -- of a definite-length BER-encoding of a value of --ToBeEnciphered})
+
+ContentInfo ::= SEQUENCE {
+ content-type PKCS7-CONTENT-TYPE.&id({PKCS7ContentTable}),
+ pkcs7-content [0] PKCS7-CONTENT-TYPE.&Type({PKCS7ContentTable})
+}
+
+PKCS7-CONTENT-TYPE ::= TYPE-IDENTIFIER
+
+PKCS7ContentTable PKCS7-CONTENT-TYPE ::=
+ {data | signed-data | enveloped-data | signed-and-enveloped-data |
+ digested-data | encrypted-data | authenticated-data, ...}
+
+-- Data
+data PKCS7-CONTENT-TYPE ::= {Data
+ IDENTIFIED BY id-data
+}
+
+Data ::= OCTET STRING
+
+-- Signed Data
+signed-data PKCS7-CONTENT-TYPE ::= {SignedData
+ IDENTIFIED BY id-signed-data
+}
+
+SignedData ::= SEQUENCE {
+ version Version,
+ digestAlgorithms DigestAlgorithmIdentifiers,
+ contentInfo ContentInfo,
+ certificates [0] CertificateSet OPTIONAL,
+ crls [1] CertificateRevocationLists OPTIONAL,
+ signerInfos SignerInfos
+}
+
+Version ::= INTEGER
+
+DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
+
+DigestAlgorithmIdentifier ::= AlgorithmIdentifier
+
+CertificateSet ::= SET OF CertificateChoice
+
+CertificateChoice ::= CHOICE {
+ certificate Certificate,
+ extendedCertificate [0] ExtendedCertificate, -- Obsolete
+ attributeCertificate [1] AttributeCertificate
+}
+
+CertificateRevocationLists ::= SET OF CertificateList
+
+SignerInfos ::= SET OF SignerInfo
+
+SignerInfo ::= SEQUENCE {
+ version Version,
+ signerIdentifier SignerIdentifier,
+ digestAlgorithm DigestAlgorithmIdentifier,
+ authenticatedAttributes [0] Attributes OPTIONAL,
+ digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier,
+ encryptedDigest EncryptedDigest,
+ unauthenticatedAttributes [1] Attributes OPTIONAL
+}
+
+SignerIdentifier ::= CHOICE {
+ issuerAndSerialNumber IssuerAndSerialNumber,
+ subjectKeyIdentifier [2] SubjectKeyIdentifier
+}
+
+IssuerAndSerialNumber ::= SEQUENCE {
+ issuer Name,
+ serialNumber CertificateSerialNumber
+}
+
+SubjectKeyIdentifier ::= OCTET STRING
+
+DigestEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
+
+EncryptedDigest ::= ENCRYPTED{DigestInfo}
+
+DigestInfo ::= SEQUENCE {
+ digestAlgorithm DigestAlgorithmIdentifier,
+ digest Digest
+}
+
+Digest ::=
+ HASH
+ {CHOICE {content
+ [1] PKCS7-CONTENT-TYPE.&Type({PKCS7ContentTable}),
+ authenticated-attributes [0] EXPLICIT Attributes}}
+
+-- Enveloped Data
+enveloped-data PKCS7-CONTENT-TYPE ::= {
+ EnvelopedData
+ IDENTIFIED BY id-enveloped-data
+}
+
+EnvelopedData ::= SEQUENCE {
+ version Version,
+ originatorInfo [0] OriginatorInfo OPTIONAL,
+ recipientInfos RecipientInfos,
+ encryptedContentInfo EncryptedContentInfo,
+ unprotectedAttributes [1] Attributes OPTIONAL
+}
+
+OriginatorInfo ::= SEQUENCE {
+ certificates [0] CertificateSet OPTIONAL,
+ crls [1] CertificateRevocationLists OPTIONAL
+}
+
+RecipientInfos ::= SET SIZE (1..MAX) OF RecipientInfo
+
+RecipientInfo ::= CHOICE {
+ keyTransportRecipientInfo KeyTransportRecipientInfo,
+ keyAgreementRecipientInfo [1] KeyAgreementRecipientInfo,
+ keyEncryptionKeyRecipientInfo [2] KeyEncryptionKeyRecipientInfo
+}
+
+KeyTransportRecipientInfo ::= SEQUENCE {
+ version Version,
+ recipientIdentifier RecipientIdentifier,
+ keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
+ encryptedKey EncryptedKey
+}
+
+RecipientIdentifier ::= CHOICE {
+ issuerAndSerialNumber IssuerAndSerialNumber,
+ subjectKeyIdentifier [0] SubjectKeyIdentifier
+}
+
+KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
+
+EncryptedKey ::= OCTET STRING
+
+KeyAgreementRecipientInfo ::= SEQUENCE {
+ version Version,
+ originator [0] OriginatorIdentifierOrKey,
+ userKeyingMaterial [1] EXPLICIT OCTET STRING OPTIONAL,
+ keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
+ recipientEncryptedKeys RecipientEncryptedKeys
+}
+
+OriginatorIdentifierOrKey ::= CHOICE {
+ issuerAndSerialNumber IssuerAndSerialNumber,
+ subjectKeyIdentifier [0] SubjectKeyIdentifier,
+ originatorPublicKey [1] OriginatorPublicKey
+}
+
+OriginatorPublicKey ::= SEQUENCE {
+ algorithm AlgorithmIdentifier,
+ publicKey BIT STRING
+}
+
+RecipientEncryptedKeys ::= SEQUENCE OF RecipientEncryptedKey
+
+RecipientEncryptedKey ::= SEQUENCE {
+ recipientIdentifier KeyAgreementRecipientIdentifier,
+ encryptedKey EncryptedKey
+}
+
+KeyAgreementRecipientIdentifier ::= CHOICE {
+ issuerAndSerialNumber IssuerAndSerialNumber,
+ recipientKeyIdentifier [0] RecipientKeyIdentifier
+}
+
+RecipientKeyIdentifier ::= SEQUENCE {
+ subjectKeyIdentifier SubjectKeyIdentifier,
+ date GeneralizedTime OPTIONAL,
+ otherKeyAttribute OtherKeyAttribute OPTIONAL
+}
+
+OtherKeyAttribute ::= SEQUENCE {
+ keyAttributeIdentifier OTHER-KEY-ATTRIBUTE.&id({OtherKeyAttributeTable}),
+ keyAttribute
+ OTHER-KEY-ATTRIBUTE.&Type
+ ({OtherKeyAttributeTable}{@keyAttributeIdentifier}) OPTIONAL
+}
+
+OTHER-KEY-ATTRIBUTE ::= TYPE-IDENTIFIER
+
+OtherKeyAttributeTable OTHER-KEY-ATTRIBUTE ::=
+ {...}
+
+KeyEncryptionKeyRecipientInfo ::= SEQUENCE {
+ version Version,
+ keyEncryptionKeyIdentifier KeyEncryptionKeyIdentifier,
+ keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
+ encryptedKey EncryptedKey
+}
+
+KeyEncryptionKeyIdentifier ::= SEQUENCE {
+ keyIdentifier OCTET STRING,
+ date GeneralizedTime OPTIONAL,
+ otherKeyAttribute OtherKeyAttribute OPTIONAL
+}
+
+EncryptedContentInfo ::= SEQUENCE {
+ contentType PKCS7-CONTENT-TYPE.&id({PKCS7ContentTable}),
+ contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
+ encryptedContent
+ [0] ENCRYPTED{PKCS7-CONTENT-TYPE.&Type({PKCS7ContentTable}{@.contentType})}
+ OPTIONAL
+}
+
+ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
+
+-- Signed and Enveloped Data
+signed-and-enveloped-data PKCS7-CONTENT-TYPE ::= {
+ SignedAndEnvelopedData
+ IDENTIFIED BY id-signed-and-enveloped-data
+}
+
+SignedAndEnvelopedData ::= SEQUENCE {
+ version Version,
+ recipientInfos SET SIZE (1..MAX) OF KeyTransportRecipientInfo,
+ digestAlgorithms DigestAlgorithmIdentifiers,
+ encryptedContentInfo EncryptedContentInfo,
+ certificates [0] CertificateSet OPTIONAL,
+ crls [1] CertificateRevocationLists OPTIONAL,
+ signerInfos
+ SET SIZE (1..MAX) OF
+ SignerInfo
+ (WITH COMPONENTS {
+ ...,
+ signerIdentifier (WITH COMPONENTS {
+ issuerAndSerialNumber PRESENT
+ }),
+ authenticatedAttributes ABSENT,
+ unauthenticatedAttributes ABSENT
+ })
+}
+
+-- Digested Data
+digested-data PKCS7-CONTENT-TYPE ::= {
+ DigestedData
+ IDENTIFIED BY id-digested-data
+}
+
+DigestedData ::= SEQUENCE {
+ version Version,
+ digestAlgorithm DigestAlgorithmIdentifier,
+ contentInfo ContentInfo,
+ digest HASH{PKCS7-CONTENT-TYPE.&Type({PKCS7ContentTable})}
+}
+
+-- Encrypted Data
+encrypted-data PKCS7-CONTENT-TYPE ::= {
+ EncryptedData
+ IDENTIFIED BY id-encrypted-data
+}
+
+EncryptedData ::= SEQUENCE {
+ version Version,
+ encryptedContentInfo EncryptedContentInfo,
+ unprotectedAttributes [1] Attributes OPTIONAL
+}
+
+-- Authenticated Data
+authenticated-data PKCS7-CONTENT-TYPE ::= {
+ AuthenticatedData
+ IDENTIFIED BY id-authenticated-data
+}
+
+AuthenticatedData ::= SEQUENCE {
+ version Version,
+ originatorInfo [0] OriginatorInfo OPTIONAL,
+ recipientInfos RecipientInfos,
+ macAlgorithm MessageAuthenticationCodeAlgorithmIdentifier,
+ digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL,
+ contentInfo ContentInfo,
+ authenticatedAttributes [2] Attributes OPTIONAL,
+ messageAuthenticationCode MessageAuthenticationCode,
+ unauthenticatedAttributes [3] Attributes OPTIONAL
+}
+
+MessageAuthenticationCodeAlgorithmIdentifier ::= AlgorithmIdentifier
+
+MessageAuthenticationCode ::= OCTET STRING
+
+-- Object Identifiers
+id-pkcs OBJECT IDENTIFIER ::=
+ {iso member-body usa(840) rsadsi(113549) pkcs(1)}
+
+id-data OBJECT IDENTIFIER ::= {id-pkcs 7 1}
+
+id-signed-data OBJECT IDENTIFIER ::= {id-pkcs 7 2}
+
+id-enveloped-data OBJECT IDENTIFIER ::= {id-pkcs 7 3}
+
+id-signed-and-enveloped-data OBJECT IDENTIFIER ::= {id-pkcs 7 4}
+
+id-digested-data OBJECT IDENTIFIER ::= {id-pkcs 7 5}
+
+id-encrypted-data OBJECT IDENTIFIER ::= {id-pkcs 7 6}
+
+id-authenticated-data OBJECT IDENTIFIER ::= {id-pkcs 9 16 1 2}
+
+-- Definitions from PKCS#6
+ExtendedCertificate ::=
+ SIGNED{ExtendedCertificateInfo}
+
+ExtendedCertificateInfo ::= SEQUENCE {
+ version Version,
+ certificate Certificate,
+ attributes Attributes
+}
+
+Attributes ::= SET OF Attribute
+
+END -- of PKCS#7
+
+-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D
+