From 9654cf5d6fe794d8abc4164d2460e08775e7b2e1 Mon Sep 17 00:00:00 2001 From: Dimitri Sokolyuk Date: Thu, 29 Oct 2015 21:42:01 +0100 Subject: Get rebar working --- asn1include/PKCS7.asn | 342 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 342 insertions(+) create mode 100644 asn1include/PKCS7.asn (limited to 'asn1include/PKCS7.asn') diff --git a/asn1include/PKCS7.asn b/asn1include/PKCS7.asn new file mode 100644 index 0000000..ac449b5 --- /dev/null +++ b/asn1include/PKCS7.asn @@ -0,0 +1,342 @@ +-- Module PKCS7 (X.420:06/1999) +-- The ASN.1 in version 1.5 of the PKCS#7 document is not defined in an ASN.1 module. This prevents an IMPORT of it into other ASN.1 modules. +-- This Annex contains a module of PKCS#7 ASN.1 definitions conforming to current ASN.1 standards rather than the obsolescent (and now deprecated) 1988/90 version of ASN.1 used in version 1.5 of PKCS#7. +-- Extensions to PKCS#7 defined in RFC 2630 are included. +-- If differences are found between the ASN.1 in the following module and that in PKCS#7, the latter is definitive. +PKCS7 {iso member-body usa(840) rsadsi(113549) pkcs(1) 7 + module(0) -- module not currently defined in PKCS#7 --} DEFINITIONS IMPLICIT +TAGS ::= +BEGIN + +IMPORTS + -- Directory Information Framework + Attribute, Name + --== + FROM InformationFramework {joint-iso-itu-t ds(5) module(1) + informationFramework(1) 3} + -- Directory Authentication Framework + AlgorithmIdentifier, AttributeCertificate, Certificate, CertificateList, + CertificateSerialNumber, HASH{}, SIGNED{} + --== + FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1) + authenticationFramework(7) 3}; + +-- In PKCS#7 the HASHED parameterised type applies the hash function to the +-- contents octets component of a DER encoding of a value of the parameter. +-- The ENCRYPTED parameterised type is redefined here because PKCS#7 encrypted values are +-- defined as OCTET STRING, instead of BIT STRING as in the Directory Authentication Framework +ENCRYPTED{ToBeEnciphered} ::= + OCTET STRING + (CONSTRAINED BY { + -- must be the result of applying an encipherment procedure to the contents octets component + -- of a definite-length BER-encoding of a value of --ToBeEnciphered}) + +ContentInfo ::= SEQUENCE { + content-type PKCS7-CONTENT-TYPE.&id({PKCS7ContentTable}), + pkcs7-content [0] PKCS7-CONTENT-TYPE.&Type({PKCS7ContentTable}) +} + +PKCS7-CONTENT-TYPE ::= TYPE-IDENTIFIER + +PKCS7ContentTable PKCS7-CONTENT-TYPE ::= + {data | signed-data | enveloped-data | signed-and-enveloped-data | + digested-data | encrypted-data | authenticated-data, ...} + +-- Data +data PKCS7-CONTENT-TYPE ::= {Data + IDENTIFIED BY id-data +} + +Data ::= OCTET STRING + +-- Signed Data +signed-data PKCS7-CONTENT-TYPE ::= {SignedData + IDENTIFIED BY id-signed-data +} + +SignedData ::= SEQUENCE { + version Version, + digestAlgorithms DigestAlgorithmIdentifiers, + contentInfo ContentInfo, + certificates [0] CertificateSet OPTIONAL, + crls [1] CertificateRevocationLists OPTIONAL, + signerInfos SignerInfos +} + +Version ::= INTEGER + +DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier + +DigestAlgorithmIdentifier ::= AlgorithmIdentifier + +CertificateSet ::= SET OF CertificateChoice + +CertificateChoice ::= CHOICE { + certificate Certificate, + extendedCertificate [0] ExtendedCertificate, -- Obsolete + attributeCertificate [1] AttributeCertificate +} + +CertificateRevocationLists ::= SET OF CertificateList + +SignerInfos ::= SET OF SignerInfo + +SignerInfo ::= SEQUENCE { + version Version, + signerIdentifier SignerIdentifier, + digestAlgorithm DigestAlgorithmIdentifier, + authenticatedAttributes [0] Attributes OPTIONAL, + digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier, + encryptedDigest EncryptedDigest, + unauthenticatedAttributes [1] Attributes OPTIONAL +} + +SignerIdentifier ::= CHOICE { + issuerAndSerialNumber IssuerAndSerialNumber, + subjectKeyIdentifier [2] SubjectKeyIdentifier +} + +IssuerAndSerialNumber ::= SEQUENCE { + issuer Name, + serialNumber CertificateSerialNumber +} + +SubjectKeyIdentifier ::= OCTET STRING + +DigestEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier + +EncryptedDigest ::= ENCRYPTED{DigestInfo} + +DigestInfo ::= SEQUENCE { + digestAlgorithm DigestAlgorithmIdentifier, + digest Digest +} + +Digest ::= + HASH + {CHOICE {content + [1] PKCS7-CONTENT-TYPE.&Type({PKCS7ContentTable}), + authenticated-attributes [0] EXPLICIT Attributes}} + +-- Enveloped Data +enveloped-data PKCS7-CONTENT-TYPE ::= { + EnvelopedData + IDENTIFIED BY id-enveloped-data +} + +EnvelopedData ::= SEQUENCE { + version Version, + originatorInfo [0] OriginatorInfo OPTIONAL, + recipientInfos RecipientInfos, + encryptedContentInfo EncryptedContentInfo, + unprotectedAttributes [1] Attributes OPTIONAL +} + +OriginatorInfo ::= SEQUENCE { + certificates [0] CertificateSet OPTIONAL, + crls [1] CertificateRevocationLists OPTIONAL +} + +RecipientInfos ::= SET SIZE (1..MAX) OF RecipientInfo + +RecipientInfo ::= CHOICE { + keyTransportRecipientInfo KeyTransportRecipientInfo, + keyAgreementRecipientInfo [1] KeyAgreementRecipientInfo, + keyEncryptionKeyRecipientInfo [2] KeyEncryptionKeyRecipientInfo +} + +KeyTransportRecipientInfo ::= SEQUENCE { + version Version, + recipientIdentifier RecipientIdentifier, + keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, + encryptedKey EncryptedKey +} + +RecipientIdentifier ::= CHOICE { + issuerAndSerialNumber IssuerAndSerialNumber, + subjectKeyIdentifier [0] SubjectKeyIdentifier +} + +KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier + +EncryptedKey ::= OCTET STRING + +KeyAgreementRecipientInfo ::= SEQUENCE { + version Version, + originator [0] OriginatorIdentifierOrKey, + userKeyingMaterial [1] EXPLICIT OCTET STRING OPTIONAL, + keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, + recipientEncryptedKeys RecipientEncryptedKeys +} + +OriginatorIdentifierOrKey ::= CHOICE { + issuerAndSerialNumber IssuerAndSerialNumber, + subjectKeyIdentifier [0] SubjectKeyIdentifier, + originatorPublicKey [1] OriginatorPublicKey +} + +OriginatorPublicKey ::= SEQUENCE { + algorithm AlgorithmIdentifier, + publicKey BIT STRING +} + +RecipientEncryptedKeys ::= SEQUENCE OF RecipientEncryptedKey + +RecipientEncryptedKey ::= SEQUENCE { + recipientIdentifier KeyAgreementRecipientIdentifier, + encryptedKey EncryptedKey +} + +KeyAgreementRecipientIdentifier ::= CHOICE { + issuerAndSerialNumber IssuerAndSerialNumber, + recipientKeyIdentifier [0] RecipientKeyIdentifier +} + +RecipientKeyIdentifier ::= SEQUENCE { + subjectKeyIdentifier SubjectKeyIdentifier, + date GeneralizedTime OPTIONAL, + otherKeyAttribute OtherKeyAttribute OPTIONAL +} + +OtherKeyAttribute ::= SEQUENCE { + keyAttributeIdentifier OTHER-KEY-ATTRIBUTE.&id({OtherKeyAttributeTable}), + keyAttribute + OTHER-KEY-ATTRIBUTE.&Type + ({OtherKeyAttributeTable}{@keyAttributeIdentifier}) OPTIONAL +} + +OTHER-KEY-ATTRIBUTE ::= TYPE-IDENTIFIER + +OtherKeyAttributeTable OTHER-KEY-ATTRIBUTE ::= + {...} + +KeyEncryptionKeyRecipientInfo ::= SEQUENCE { + version Version, + keyEncryptionKeyIdentifier KeyEncryptionKeyIdentifier, + keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, + encryptedKey EncryptedKey +} + +KeyEncryptionKeyIdentifier ::= SEQUENCE { + keyIdentifier OCTET STRING, + date GeneralizedTime OPTIONAL, + otherKeyAttribute OtherKeyAttribute OPTIONAL +} + +EncryptedContentInfo ::= SEQUENCE { + contentType PKCS7-CONTENT-TYPE.&id({PKCS7ContentTable}), + contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier, + encryptedContent + [0] ENCRYPTED{PKCS7-CONTENT-TYPE.&Type({PKCS7ContentTable}{@.contentType})} + OPTIONAL +} + +ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier + +-- Signed and Enveloped Data +signed-and-enveloped-data PKCS7-CONTENT-TYPE ::= { + SignedAndEnvelopedData + IDENTIFIED BY id-signed-and-enveloped-data +} + +SignedAndEnvelopedData ::= SEQUENCE { + version Version, + recipientInfos SET SIZE (1..MAX) OF KeyTransportRecipientInfo, + digestAlgorithms DigestAlgorithmIdentifiers, + encryptedContentInfo EncryptedContentInfo, + certificates [0] CertificateSet OPTIONAL, + crls [1] CertificateRevocationLists OPTIONAL, + signerInfos + SET SIZE (1..MAX) OF + SignerInfo + (WITH COMPONENTS { + ..., + signerIdentifier (WITH COMPONENTS { + issuerAndSerialNumber PRESENT + }), + authenticatedAttributes ABSENT, + unauthenticatedAttributes ABSENT + }) +} + +-- Digested Data +digested-data PKCS7-CONTENT-TYPE ::= { + DigestedData + IDENTIFIED BY id-digested-data +} + +DigestedData ::= SEQUENCE { + version Version, + digestAlgorithm DigestAlgorithmIdentifier, + contentInfo ContentInfo, + digest HASH{PKCS7-CONTENT-TYPE.&Type({PKCS7ContentTable})} +} + +-- Encrypted Data +encrypted-data PKCS7-CONTENT-TYPE ::= { + EncryptedData + IDENTIFIED BY id-encrypted-data +} + +EncryptedData ::= SEQUENCE { + version Version, + encryptedContentInfo EncryptedContentInfo, + unprotectedAttributes [1] Attributes OPTIONAL +} + +-- Authenticated Data +authenticated-data PKCS7-CONTENT-TYPE ::= { + AuthenticatedData + IDENTIFIED BY id-authenticated-data +} + +AuthenticatedData ::= SEQUENCE { + version Version, + originatorInfo [0] OriginatorInfo OPTIONAL, + recipientInfos RecipientInfos, + macAlgorithm MessageAuthenticationCodeAlgorithmIdentifier, + digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL, + contentInfo ContentInfo, + authenticatedAttributes [2] Attributes OPTIONAL, + messageAuthenticationCode MessageAuthenticationCode, + unauthenticatedAttributes [3] Attributes OPTIONAL +} + +MessageAuthenticationCodeAlgorithmIdentifier ::= AlgorithmIdentifier + +MessageAuthenticationCode ::= OCTET STRING + +-- Object Identifiers +id-pkcs OBJECT IDENTIFIER ::= + {iso member-body usa(840) rsadsi(113549) pkcs(1)} + +id-data OBJECT IDENTIFIER ::= {id-pkcs 7 1} + +id-signed-data OBJECT IDENTIFIER ::= {id-pkcs 7 2} + +id-enveloped-data OBJECT IDENTIFIER ::= {id-pkcs 7 3} + +id-signed-and-enveloped-data OBJECT IDENTIFIER ::= {id-pkcs 7 4} + +id-digested-data OBJECT IDENTIFIER ::= {id-pkcs 7 5} + +id-encrypted-data OBJECT IDENTIFIER ::= {id-pkcs 7 6} + +id-authenticated-data OBJECT IDENTIFIER ::= {id-pkcs 9 16 1 2} + +-- Definitions from PKCS#6 +ExtendedCertificate ::= + SIGNED{ExtendedCertificateInfo} + +ExtendedCertificateInfo ::= SEQUENCE { + version Version, + certificate Certificate, + attributes Attributes +} + +Attributes ::= SET OF Attribute + +END -- of PKCS#7 + +-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D + -- cgit v1.2.3