source: heimdal/trunk/lib/asn1/cms.asn1

-- From RFC 3369 --
-- $Id$ --

CMS DEFINITIONS ::= BEGIN

IMPORTS CertificateSerialNumber, AlgorithmIdentifier, Name,
        Attribute, Certificate, SubjectKeyIdentifier FROM rfc2459
        heim_any, heim_any_set FROM heim;

id-pkcs7 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
         us(840) rsadsi(113549) pkcs(1) pkcs7(7) }

id-pkcs7-data OBJECT IDENTIFIER ::=                     { id-pkcs7 1 }
id-pkcs7-signedData OBJECT IDENTIFIER ::=               { id-pkcs7 2 }
id-pkcs7-envelopedData OBJECT IDENTIFIER ::=            { id-pkcs7 3 }
id-pkcs7-signedAndEnvelopedData OBJECT IDENTIFIER ::=   { id-pkcs7 4 }
id-pkcs7-digestedData OBJECT IDENTIFIER ::=             { id-pkcs7 5 }
id-pkcs7-encryptedData OBJECT IDENTIFIER ::=            { id-pkcs7 6 }

CMSVersion ::= INTEGER {
           CMSVersion_v0(0),
           CMSVersion_v1(1),
           CMSVersion_v2(2),
           CMSVersion_v3(3),
           CMSVersion_v4(4)
}

DigestAlgorithmIdentifier ::= AlgorithmIdentifier
DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
SignatureAlgorithmIdentifier ::= AlgorithmIdentifier

ContentType ::= OBJECT IDENTIFIER
MessageDigest ::= OCTET STRING

ContentInfo ::= SEQUENCE {
        contentType ContentType,
        content [0] EXPLICIT heim_any OPTIONAL --  DEFINED BY contentType
}

EncapsulatedContentInfo ::= SEQUENCE {
        eContentType ContentType,
        eContent [0] EXPLICIT OCTET STRING OPTIONAL
}

CertificateSet ::= SET OF heim_any

CertificateList ::= Certificate

CertificateRevocationLists ::= SET OF CertificateList

IssuerAndSerialNumber ::= SEQUENCE {
        issuer Name,
        serialNumber CertificateSerialNumber
}

-- RecipientIdentifier is same as SignerIdentifier,
-- lets glue them togheter and save some bytes and share code for them

CMSIdentifier ::= CHOICE {
        issuerAndSerialNumber IssuerAndSerialNumber,
        subjectKeyIdentifier [0] SubjectKeyIdentifier
}

SignerIdentifier ::= CMSIdentifier
RecipientIdentifier ::= CMSIdentifier

--- CMSAttributes are the combined UnsignedAttributes and SignedAttributes
--- to store space and share code

CMSAttributes ::= SET OF Attribute              -- SIZE (1..MAX)

SignatureValue ::= OCTET STRING

SignerInfo ::= SEQUENCE {
        version CMSVersion,
        sid SignerIdentifier,
        digestAlgorithm DigestAlgorithmIdentifier,
        signedAttrs [0] IMPLICIT -- CMSAttributes --
                SET OF Attribute OPTIONAL,
        signatureAlgorithm SignatureAlgorithmIdentifier,
        signature SignatureValue,
        unsignedAttrs [1] IMPLICIT -- CMSAttributes --
                SET OF Attribute OPTIONAL
}

SignerInfos ::= SET OF SignerInfo

SignedData ::= SEQUENCE {
        version CMSVersion,
        digestAlgorithms DigestAlgorithmIdentifiers,
        encapContentInfo EncapsulatedContentInfo,
        certificates [0] IMPLICIT -- CertificateSet --
                SET OF heim_any OPTIONAL,
        crls [1] IMPLICIT -- CertificateRevocationLists --
                heim_any OPTIONAL,
        signerInfos SignerInfos
}

OriginatorInfo ::= SEQUENCE {
        certs [0] IMPLICIT -- CertificateSet --
                SET OF heim_any OPTIONAL,
        crls [1] IMPLICIT --CertificateRevocationLists --
                heim_any OPTIONAL
}

KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier

EncryptedKey ::= OCTET STRING

KeyTransRecipientInfo ::= SEQUENCE {
        version CMSVersion,  -- always set to 0 or 2
        rid RecipientIdentifier,
        keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
        encryptedKey EncryptedKey
}

RecipientInfo ::= KeyTransRecipientInfo

RecipientInfos ::= SET OF RecipientInfo

EncryptedContent ::= OCTET STRING

EncryptedContentInfo ::= SEQUENCE {
        contentType ContentType,
        contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
        encryptedContent [0] IMPLICIT OCTET STRING OPTIONAL
}

UnprotectedAttributes ::= SET OF Attribute      -- SIZE (1..MAX)

CMSEncryptedData ::= SEQUENCE {
        version CMSVersion,
        encryptedContentInfo EncryptedContentInfo,
        unprotectedAttrs [1] IMPLICIT -- UnprotectedAttributes --
                heim_any OPTIONAL
}

EnvelopedData ::= SEQUENCE {
        version CMSVersion,
        originatorInfo [0] IMPLICIT -- OriginatorInfo -- heim_any OPTIONAL,
        recipientInfos RecipientInfos,
        encryptedContentInfo EncryptedContentInfo,
        unprotectedAttrs [1] IMPLICIT -- UnprotectedAttributes --
                heim_any OPTIONAL
}

-- Data ::= OCTET STRING

CMSRC2CBCParameter ::= SEQUENCE {
        rc2ParameterVersion     INTEGER (0..4294967295),
        iv                      OCTET STRING -- exactly 8 octets
}

CMSCBCParameter ::= OCTET STRING

END