From a8df27b0ff80b356bc244d1273c00edf10b7b030 Mon Sep 17 00:00:00 2001 From: 5HT Date: Tue, 4 Jul 2023 15:37:33 +0300 Subject: [PATCH] CMS --- priv/cms/BasicAccessControl.asn1 | 169 +++++ priv/cms/CMS-AES-CCM-and-AES-GCM-2009.asn1 | 97 +++ priv/cms/CMSAesRsaesOaep-2009.asn1 | 94 +++ priv/cms/CMSECCAlgs-2009-02.asn1 | 599 +++++++++++++++++ priv/cms/CMSECDHAlgs-2017.asn1 | 109 +++ priv/cms/CertificateExtensions.asn1 | 456 +++++++++++++ priv/cms/Character-Coding-Attributes.asn1 | 12 + .../Character-Presentation-Attributes.asn1 | 120 ++++ priv/cms/Colour-Attributes.asn1 | 187 ++++++ priv/cms/CryptographicMessageSyntax-2010.asn1 | 481 ++++++++++++++ priv/cms/DOR-definition.asn1 | 130 ++++ priv/cms/Default-Value-Lists.asn1 | 138 ++++ priv/cms/DirectoryAbstractService.asn1 | 227 +++++++ priv/cms/Document-Profile-Descriptor.asn1 | 459 +++++++++++++ priv/cms/EnrollmentMessageSyntax-2009.asn1 | 544 +++++++++++++++ priv/cms/ExtendedSecurityServices-2009.asn1 | 267 ++++++++ priv/cms/Geo-Gr-Coding-Attributes.asn1 | 16 + priv/cms/Geo-Gr-Presentation-Attributes.asn1 | 260 ++++++++ priv/cms/Identifiers-and-Expressions.asn1 | 121 ++++ priv/cms/Layout-Descriptors.asn1 | 263 ++++++++ priv/cms/Link-Descriptors.asn1 | 80 +++ priv/cms/Location-Expressions.asn1 | 333 ++++++++++ priv/cms/Logical-Descriptors.asn1 | 90 +++ priv/cms/MultipleSignatures-2010.asn1 | 64 ++ priv/cms/PKCS-12.asn1 | 174 +++++ priv/cms/PKCS-4.asn1 | 196 ++++++ priv/cms/PKCS-5.asn1 | 196 ++++++ priv/cms/PKCS-8.asn1 | 61 ++ priv/cms/PKCS-9.asn1 | 2 +- priv/cms/PKIX1Explicit88.asn1 | 619 ++++++++++++++++++ priv/cms/PKIX1Implicit88.asn1 | 349 ++++++++++ priv/cms/PKIXCMP-2009.asn1 | 495 ++++++++++++++ priv/cms/PKIXCRMF-2009.asn1 | 409 ++++++++++++ priv/cms/Raster-Gr-Coding-Attributes.asn1 | 70 ++ .../Raster-Gr-Presentation-Attributes.asn1 | 87 +++ .../SMIMESymmetricKeyDistribution-2009.asn1 | 358 ++++++++++ priv/cms/SelectedAttributeTypes.asn1 | 23 +- priv/cms/Style-Descriptors.asn1 | 185 ++++++ priv/cms/Subprofiles.asn1 | 91 +++ priv/cms/Temporal-Relationships.asn1 | 87 +++ priv/cms/Text-Units.asn1 | 67 ++ priv/cms/Videotex-Coding-Attributes.asn1 | 30 + priv/cms/clean.sh | 3 + 43 files changed, 8814 insertions(+), 4 deletions(-) create mode 100644 priv/cms/BasicAccessControl.asn1 create mode 100644 priv/cms/CMS-AES-CCM-and-AES-GCM-2009.asn1 create mode 100644 priv/cms/CMSAesRsaesOaep-2009.asn1 create mode 100644 priv/cms/CMSECCAlgs-2009-02.asn1 create mode 100644 priv/cms/CMSECDHAlgs-2017.asn1 create mode 100644 priv/cms/CertificateExtensions.asn1 create mode 100644 priv/cms/Character-Coding-Attributes.asn1 create mode 100644 priv/cms/Character-Presentation-Attributes.asn1 create mode 100644 priv/cms/Colour-Attributes.asn1 create mode 100644 priv/cms/CryptographicMessageSyntax-2010.asn1 create mode 100644 priv/cms/DOR-definition.asn1 create mode 100644 priv/cms/Default-Value-Lists.asn1 create mode 100644 priv/cms/DirectoryAbstractService.asn1 create mode 100644 priv/cms/Document-Profile-Descriptor.asn1 create mode 100644 priv/cms/EnrollmentMessageSyntax-2009.asn1 create mode 100644 priv/cms/ExtendedSecurityServices-2009.asn1 create mode 100644 priv/cms/Geo-Gr-Coding-Attributes.asn1 create mode 100644 priv/cms/Geo-Gr-Presentation-Attributes.asn1 create mode 100644 priv/cms/Identifiers-and-Expressions.asn1 create mode 100644 priv/cms/Layout-Descriptors.asn1 create mode 100644 priv/cms/Link-Descriptors.asn1 create mode 100644 priv/cms/Location-Expressions.asn1 create mode 100644 priv/cms/Logical-Descriptors.asn1 create mode 100644 priv/cms/MultipleSignatures-2010.asn1 create mode 100644 priv/cms/PKCS-12.asn1 create mode 100644 priv/cms/PKCS-4.asn1 create mode 100644 priv/cms/PKCS-5.asn1 create mode 100644 priv/cms/PKCS-8.asn1 create mode 100644 priv/cms/PKIX1Explicit88.asn1 create mode 100644 priv/cms/PKIX1Implicit88.asn1 create mode 100644 priv/cms/PKIXCMP-2009.asn1 create mode 100644 priv/cms/PKIXCRMF-2009.asn1 create mode 100644 priv/cms/Raster-Gr-Coding-Attributes.asn1 create mode 100644 priv/cms/Raster-Gr-Presentation-Attributes.asn1 create mode 100644 priv/cms/SMIMESymmetricKeyDistribution-2009.asn1 create mode 100644 priv/cms/Style-Descriptors.asn1 create mode 100644 priv/cms/Subprofiles.asn1 create mode 100644 priv/cms/Temporal-Relationships.asn1 create mode 100644 priv/cms/Text-Units.asn1 create mode 100644 priv/cms/Videotex-Coding-Attributes.asn1 create mode 100755 priv/cms/clean.sh diff --git a/priv/cms/BasicAccessControl.asn1 b/priv/cms/BasicAccessControl.asn1 new file mode 100644 index 0000000..8f74f63 --- /dev/null +++ b/priv/cms/BasicAccessControl.asn1 @@ -0,0 +1,169 @@ +-- Module BasicAccessControl (X.501:08/1997) + +BasicAccessControl {joint-iso-itu-t ds(5) module(1) basicAccessControl(24) 3} +DEFINITIONS ::= +BEGIN + +-- EXPORTS All +-- The types and values defined in this module are exported for use in the other ASN.1 modules contained +-- within the Directory Specifications, and for the use of other applications which will use them to access +-- Directory services. Other applications may use them for their own purposes, but this will not constrain +-- extensions and modifications needed to maintain or improve the Directory service. + +IMPORTS + id-aca, id-acScheme, informationFramework, upperBounds, + selectedAttributeTypes, directoryAbstractService + FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) usefulDefinitions(0) 3} + ATTRIBUTE, AttributeType, DistinguishedName, ContextAssertion, + SubtreeSpecification, SupportedAttributes, MATCHING-RULE, + objectIdentifierMatch, Refinement + FROM InformationFramework informationFramework + Filter + FROM DirectoryAbstractService directoryAbstractService + ub-tag + FROM UpperBounds upperBounds + NameAndOptionalUID, directoryStringFirstComponentMatch, DirectoryString{} + FROM SelectedAttributeTypes selectedAttributeTypes; + +ACIItem ::= SEQUENCE { + identificationTag DirectoryString{ub-tag}, + precedence Precedence, + authenticationLevel AuthenticationLevel, + itemOrUserFirst CHOICE { + itemFirst [0] SEQUENCE { + protectedItems ProtectedItems, + itemPermissions SET OF ItemPermission + }, + userFirst [1] SEQUENCE { + userClasses UserClasses, + userPermissions SET OF UserPermission + } + } +} + +Precedence ::= INTEGER(0..255) + +ProtectedItems ::= SEQUENCE { + entry [0] NULL OPTIONAL, + allUserAttributeTypes [1] NULL OPTIONAL, + attributeType [2] SET SIZE (1..MAX) OF AttributeType OPTIONAL, + allAttributeValues [3] SET SIZE (1..MAX) OF AttributeType OPTIONAL, + allUserAttributeTypesAndValues [4] NULL OPTIONAL, + attributeValue [5] SET SIZE (1..MAX) OF AttributeTypeAndValue OPTIONAL, + selfValue [6] SET SIZE (1..MAX) OF AttributeType OPTIONAL, + rangeOfValues [7] Filter OPTIONAL, + maxValueCount [8] SET SIZE (1..MAX) OF MaxValueCount OPTIONAL, + maxImmSub [9] INTEGER OPTIONAL, + restrictedBy [10] SET SIZE (1..MAX) OF RestrictedValue OPTIONAL, + contexts [11] SET SIZE (1..MAX) OF ContextAssertion OPTIONAL, + classes [12] Refinement OPTIONAL +} + +MaxValueCount ::= SEQUENCE { + type AttributeType, + maxCount INTEGER } + +RestrictedValue ::= SEQUENCE { + type AttributeType, + valuesIn AttributeType } + +UserClasses ::= SEQUENCE { + allUsers [0] NULL OPTIONAL, + thisEntry [1] NULL OPTIONAL, + name [2] SET SIZE (1..MAX) OF NameAndOptionalUID OPTIONAL, + userGroup [3] SET SIZE (1..MAX) OF NameAndOptionalUID OPTIONAL, + -- dn component must be the name of an + -- entry of GroupOfUniqueNames + subtree [4] SET SIZE (1..MAX) OF SubtreeSpecification OPTIONAL +} + +ItemPermission ::= SEQUENCE { + precedence Precedence OPTIONAL, + -- defaults to precedence in ACIItem + userClasses UserClasses, + grantsAndDenials GrantsAndDenials +} + +UserPermission ::= SEQUENCE { + precedence Precedence OPTIONAL, + -- defaults to precedence in ACIItem + protectedItems ProtectedItems, + grantsAndDenials GrantsAndDenials +} + +AuthenticationLevel ::= CHOICE { + basicLevels + SEQUENCE {level ENUMERATED {none(0), simple(1), strong(2)}, + localQualifier INTEGER OPTIONAL, + signed BOOLEAN DEFAULT FALSE}, + other EXTERNAL +} + +GrantsAndDenials ::= BIT STRING { + -- permissions that may be used in conjunction + -- with any component of ProtectedItems + grantAdd(0), denyAdd(1), grantDiscloseOnError(2), denyDiscloseOnError(3), + grantRead(4), denyRead(5), grantRemove(6), + denyRemove(7), + -- permissions that may be used only in conjunction + -- with the entry component + grantBrowse(8), denyBrowse(9), grantExport(10), denyExport(11), + grantImport(12), denyImport(13), grantModify(14), denyModify(15), + grantRename(16), denyRename(17), grantReturnDN(18), + denyReturnDN(19), + -- permissions that may be used in conjunction + -- with any component, except entry, of ProtectedItems + grantCompare(20), denyCompare(21), grantFilterMatch(22), denyFilterMatch(23), + grantInvoke(24), denyInvoke(25)} + +AttributeTypeAndValue ::= SEQUENCE { + type ATTRIBUTE.&id({SupportedAttributes}), + value ATTRIBUTE.&Type({SupportedAttributes}{@type}) +} + +-- attributes +accessControlScheme ATTRIBUTE ::= { + WITH SYNTAX OBJECT IDENTIFIER + EQUALITY MATCHING RULE objectIdentifierMatch + SINGLE VALUE TRUE + USAGE directoryOperation + ID id-aca-accessControlScheme +} + +prescriptiveACI ATTRIBUTE ::= { + WITH SYNTAX ACIItem + EQUALITY MATCHING RULE directoryStringFirstComponentMatch + USAGE directoryOperation + ID id-aca-prescriptiveACI +} + +entryACI ATTRIBUTE ::= { + WITH SYNTAX ACIItem + EQUALITY MATCHING RULE directoryStringFirstComponentMatch + USAGE directoryOperation + ID id-aca-entryACI +} + +subentryACI ATTRIBUTE ::= { + WITH SYNTAX ACIItem + EQUALITY MATCHING RULE directoryStringFirstComponentMatch + USAGE directoryOperation + ID id-aca-subentryACI +} + +-- object identifier assignments +-- attributes +id-aca-accessControlScheme OBJECT IDENTIFIER ::= {id-aca 1} +id-aca-prescriptiveACI OBJECT IDENTIFIER ::= {id-aca 4} +id-aca-entryACI OBJECT IDENTIFIER ::= {id-aca 5} +id-aca-subentryACI OBJECT IDENTIFIER ::= {id-aca 6} + +-- access control schemes - +basicAccessControlScheme OBJECT IDENTIFIER ::= {id-acScheme 1} +simplifiedAccessControlScheme OBJECT IDENTIFIER ::= {id-acScheme 2} +rule-based-access-control OBJECT IDENTIFIER ::= {id-acScheme 3} +rule-and-basic-access-control OBJECT IDENTIFIER ::= {id-acScheme 4} +rule-and-simple-access-control OBJECT IDENTIFIER ::= {id-acScheme 5} + +END -- BasicAccessControl + diff --git a/priv/cms/CMS-AES-CCM-and-AES-GCM-2009.asn1 b/priv/cms/CMS-AES-CCM-and-AES-GCM-2009.asn1 new file mode 100644 index 0000000..68708bb --- /dev/null +++ b/priv/cms/CMS-AES-CCM-and-AES-GCM-2009.asn1 @@ -0,0 +1,97 @@ +CMS-AES-CCM-and-AES-GCM-2009 + { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) + pkcs-9(9) smime(16) modules(0) id-mod-cms-aes-ccm-gcm-02(44) } + + DEFINITIONS IMPLICIT TAGS ::= + BEGIN + EXPORTS ALL; + IMPORTS + + CONTENT-ENCRYPTION, SMIME-CAPS + FROM AlgorithmInformation-2009 + {iso(1) identified-organization(3) dod(6) internet(1) security(5) + mechanisms(5) pkix(7) id-mod(0) + id-mod-algorithmInformation-02(58)}; + + -- Add this algorithm set to include all of the algorithms defined in + -- this document + +-- ContentEncryptionAlgs CONTENT-ENCRYPTION ::= { +-- cea-aes128-CCM | cea-aes192-CCM | cea-aes256-CCM | +-- cea-aes128-GCM | cea-aes192-GCM | cea-aes256-GCM, ... } + + SMimeCaps SMIME-CAPS ::= { + cea-aes128-CCM.&smimeCaps | + cea-aes192-CCM.&smimeCaps | + cea-aes256-CCM.&smimeCaps | + cea-aes128-GCM.&smimeCaps | + cea-aes192-GCM.&smimeCaps | + cea-aes256-GCM.&smimeCaps, + ... + } + + -- Defining objects + + aes OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) + organization(1) gov(101) csor(3) nistAlgorithms(4) 1 } + + id-aes128-CCM OBJECT IDENTIFIER ::= { aes 7 } + id-aes192-CCM OBJECT IDENTIFIER ::= { aes 27 } + id-aes256-CCM OBJECT IDENTIFIER ::= { aes 47 } + + id-aes128-GCM OBJECT IDENTIFIER ::= { aes 6 } + id-aes192-GCM OBJECT IDENTIFIER ::= { aes 26 } + id-aes256-GCM OBJECT IDENTIFIER ::= { aes 46 } + + cea-aes128-CCM CONTENT-ENCRYPTION ::= { + IDENTIFIER id-aes128-CCM + PARAMS TYPE CCMParameters ARE required + SMIME-CAPS { IDENTIFIED BY id-aes128-CCM } + } + + cea-aes192-CCM CONTENT-ENCRYPTION ::= { + IDENTIFIER id-aes192-CCM + PARAMS TYPE CCMParameters ARE required + SMIME-CAPS { IDENTIFIED BY id-aes192-CCM } + } + + cea-aes256-CCM CONTENT-ENCRYPTION ::= { + IDENTIFIER id-aes256-CCM + PARAMS TYPE CCMParameters ARE required + SMIME-CAPS { IDENTIFIED BY id-aes256-CCM } + } + + + cea-aes128-GCM CONTENT-ENCRYPTION ::= { + IDENTIFIER id-aes128-GCM + PARAMS TYPE GCMParameters ARE required + SMIME-CAPS { IDENTIFIED BY id-aes128-GCM } + } + + cea-aes192-GCM CONTENT-ENCRYPTION ::= { + IDENTIFIER id-aes128-GCM + PARAMS TYPE GCMParameters ARE required + SMIME-CAPS { IDENTIFIED BY id-aes192-GCM } + } + + cea-aes256-GCM CONTENT-ENCRYPTION ::= { + IDENTIFIER id-aes128-GCM + PARAMS TYPE GCMParameters ARE required + SMIME-CAPS { IDENTIFIED BY id-aes256-GCM } + } + + -- Parameters for AlgorithmIdentifier + + CCMParameters ::= SEQUENCE { + aes-nonce OCTET STRING (SIZE(7..13)), + aes-ICVlen AES-CCM-ICVlen DEFAULT 12 } + + AES-CCM-ICVlen ::= INTEGER (4 | 6 | 8 | 10 | 12 | 14 | 16) + + GCMParameters ::= SEQUENCE { + aes-nonce OCTET STRING, -- recommended size is 12 octets + aes-ICVlen AES-GCM-ICVlen DEFAULT 12 } + + AES-GCM-ICVlen ::= INTEGER (12 | 13 | 14 | 15 | 16) + + END diff --git a/priv/cms/CMSAesRsaesOaep-2009.asn1 b/priv/cms/CMSAesRsaesOaep-2009.asn1 new file mode 100644 index 0000000..175b262 --- /dev/null +++ b/priv/cms/CMSAesRsaesOaep-2009.asn1 @@ -0,0 +1,94 @@ +-- RFC 5911 + + CMSAesRsaesOaep-2009 {iso(1) member-body(2) us(840) rsadsi(113549) + pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-aes-02(38)} + DEFINITIONS IMPLICIT TAGS ::= + BEGIN + IMPORTS + + CONTENT-ENCRYPTION, KEY-WRAP, SMIME-CAPS + FROM AlgorithmInformation-2009 + {iso(1) identified-organization(3) dod(6) internet(1) security(5) + mechanisms(5) pkix(7) id-mod(0) + id-mod-algorithmInformation-02(58)}; + + AES-ContentEncryption CONTENT-ENCRYPTION ::= { + cea-aes128-cbc | cea-aes192-cbc | cea-aes256-cbc, ... + } + + AES-KeyWrap KEY-WRAP ::= { + kwa-aes128-wrap | kwa-aes192-wrap | kwa-aes256-wrap, ... + } + + SMimeCaps SMIME-CAPS ::= { + cea-aes128-cbc.&smimeCaps | + cea-aes192-cbc.&smimeCaps | + cea-aes256-cbc.&smimeCaps | + kwa-aes128-wrap.&smimeCaps | + kwa-aes192-wrap.&smimeCaps | + kwa-aes256-wrap.&smimeCaps, ... + } + + -- AES information object identifiers -- + + aes OBJECT IDENTIFIER ::= + { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) + csor(3) nistAlgorithms(4) 1 } + + -- AES using CBC mode for key sizes of 128, 192, 256 + + cea-aes128-cbc CONTENT-ENCRYPTION ::= { + IDENTIFIER id-aes128-CBC + PARAMS TYPE AES-IV ARE required + SMIME-CAPS { IDENTIFIED BY id-aes128-CBC } + } + id-aes128-CBC OBJECT IDENTIFIER ::= { aes 2 } + + cea-aes192-cbc CONTENT-ENCRYPTION ::= { + IDENTIFIER id-aes192-CBC + PARAMS TYPE AES-IV ARE required + SMIME-CAPS { IDENTIFIED BY id-aes192-CBC } + } + id-aes192-CBC OBJECT IDENTIFIER ::= { aes 22 } + + cea-aes256-cbc CONTENT-ENCRYPTION ::= { + IDENTIFIER id-aes256-CBC + PARAMS TYPE AES-IV ARE required + SMIME-CAPS { IDENTIFIED BY id-aes256-CBC } + } + id-aes256-CBC OBJECT IDENTIFIER ::= { aes 42 } + + -- AES-IV is the parameter for all the above object identifiers. + + AES-IV ::= OCTET STRING (SIZE(16)) + + -- AES Key Wrap Algorithm Identifiers - Parameter is absent + + kwa-aes128-wrap KEY-WRAP ::= { + IDENTIFIER id-aes128-wrap + PARAMS ARE absent + SMIME-CAPS { IDENTIFIED BY id-aes128-wrap } + } + id-aes128-wrap OBJECT IDENTIFIER ::= { aes 5 } + + kwa-aes192-wrap KEY-WRAP ::= { + IDENTIFIER id-aes192-wrap + PARAMS ARE absent + SMIME-CAPS { IDENTIFIED BY id-aes192-wrap } + } + id-aes192-wrap OBJECT IDENTIFIER ::= { aes 25 } + + kwa-aes256-wrap KEY-WRAP ::= { + IDENTIFIER id-aes256-wrap + PARAMS ARE absent + SMIME-CAPS { IDENTIFIED BY id-aes256-wrap } + } + id-aes256-wrap OBJECT IDENTIFIER ::= { aes 45 } + + END + + + + + + diff --git a/priv/cms/CMSECCAlgs-2009-02.asn1 b/priv/cms/CMSECCAlgs-2009-02.asn1 new file mode 100644 index 0000000..d7738c1 --- /dev/null +++ b/priv/cms/CMSECCAlgs-2009-02.asn1 @@ -0,0 +1,599 @@ +CMSECCAlgs-2009-02 + { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) + smime(16) modules(0) id-mod-cms-ecc-alg-2009-02(46) } + +DEFINITIONS IMPLICIT TAGS ::= + +BEGIN + +-- EXPORTS ALL + +IMPORTS + +-- From [PKI-ASN] + +mda-sha1, sa-ecdsaWithSHA1, sa-ecdsaWithSHA224, sa-ecdsaWithSHA256, +sa-ecdsaWithSHA384, sa-ecdsaWithSHA512, id-ecPublicKey, +ECDSA-Sig-Value, ECPoint, ECParameters + FROM PKIXAlgs-2009 + { iso(1) identified-organization(3) dod(6) internet(1) + security(5) mechanisms(5) pkix(7) id-mod(0) + id-mod-pkix1-algorithms2008-02(56) } + +-- From [PKI-ASN] + +mda-sha224, mda-sha256, mda-sha384, mda-sha512 + FROM PKIX1-PSS-OAEP-Algorithms-2009 + { iso(1) identified-organization(3) dod(6) internet(1) + security(5) mechanisms(5) pkix(7) id-mod(0) + id-mod-pkix1-rsa-pkalgs-02(54) } + +-- FROM [CMS-ASN] + +KEY-WRAP, SIGNATURE-ALGORITHM, DIGEST-ALGORITHM, ALGORITHM, +PUBLIC-KEY, MAC-ALGORITHM, CONTENT-ENCRYPTION, KEY-AGREE, SMIME-CAPS, +AlgorithmIdentifier{} + FROM AlgorithmInformation-2009 + { iso(1) identified-organization(3) dod(6) internet(1) + security(5) mechanisms(5) pkix(7) id-mod(0) + id-mod-algorithmInformation-02(58) } + +-- From [CMS-ASN] + +OriginatorPublicKey, UserKeyingMaterial + FROM CryptographicMessageSyntax-2009 + { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) + smime(16) modules(0) id-mod-cms-2004-02(41) } + +-- From [CMS-ASN] + +maca-hMAC-SHA1, cea-3DES-cbc, kwa-3DESWrap, CBCParameter + FROM CryptographicMessageSyntaxAlgorithms-2009 + { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) + smime(16) modules(0) id-mod-cmsalg-2001-02(37) } + +-- From [CMS-ASN] + +cea-aes128-cbc, cea-aes192-cbc, cea-aes256-cbc, kwa-aes128-wrap, +kwa-aes192-wrap, kwa-aes256-wrap + FROM CMSAesRsaesOaep-2009 + { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) + smime(16) modules(0) id-mod-cms-aes-02(38) } + +-- From [CMS-ASN] + +cea-aes128-CCM, cea-aes192-CCM, cea-aes256-CCM, cea-aes128-GCM, +cea-aes192-GCM, cea-aes256-GCM + FROM CMS-AES-CCM-and-AES-GCM-2009 + { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) + smime(16) modules(0) id-mod-cms-aes-ccm-gcm-02(44) } + +; + +-- Constrains the SignedData digestAlgorithms field +-- Constrains the SignedData SignerInfo digestAlgorithm field +-- Constrains the AuthenticatedData digestAlgorithm field + +-- Message Digest Algorithms: Imported from [PKI-ASN] + +-- MessageDigestAlgs DIGEST-ALGORITHM ::= { +-- mda-sha1 | +-- mda-sha224 | +-- mda-sha256 | +-- mda-sha384 | +-- mda-sha512, +-- ... +-- } + +-- Constrains the SignedData SignerInfo signatureAlgorithm field + +-- Signature Algorithms: Imported from [PKI-ASN] + +-- SignatureAlgs SIGNATURE-ALGORITHM ::= { +-- sa-ecdsaWithSHA1 | +-- sa-ecdsaWithSHA224 | +-- sa-ecdsaWithSHA256 | +-- sa-ecdsaWithSHA384 | +-- sa-ecdsaWithSHA512, +-- ... +-- } + +-- ECDSA Signature Value: Imported from [PKI-ALG] +-- Contents of SignatureValue OCTET STRING + +-- ECDSA-Sig-Value ::= SEQUENCE { +-- r INTEGER, +-- s INTEGER +-- } + +-- +-- Key Agreement Algorithms +-- + +-- Constrains the EnvelopedData RecipientInfo KeyAgreeRecipientInfo +-- keyEncryption Algorithm field +-- Constrains the AuthenticatedData RecipientInfo +-- KeyAgreeRecipientInfo keyEncryption Algorithm field +-- Constrains the AuthEnvelopedData RecipientInfo +-- KeyAgreeRecipientInfo keyEncryption Algorithm field + +-- DH variants are not used with AuthenticatedData or +-- AuthEnvelopedData + +KeyAgreementAlgs KEY-AGREE ::= { + kaa-dhSinglePass-stdDH-sha1kdf-scheme | + kaa-dhSinglePass-stdDH-sha224kdf-scheme | + kaa-dhSinglePass-stdDH-sha256kdf-scheme | + kaa-dhSinglePass-stdDH-sha384kdf-scheme | + kaa-dhSinglePass-stdDH-sha512kdf-scheme | + kaa-dhSinglePass-cofactorDH-sha1kdf-scheme | + kaa-dhSinglePass-cofactorDH-sha224kdf-scheme | + kaa-dhSinglePass-cofactorDH-sha256kdf-scheme | + kaa-dhSinglePass-cofactorDH-sha384kdf-scheme | + kaa-dhSinglePass-cofactorDH-sha512kdf-scheme | + kaa-mqvSinglePass-sha1kdf-scheme | + kaa-mqvSinglePass-sha224kdf-scheme | + kaa-mqvSinglePass-sha256kdf-scheme | + kaa-mqvSinglePass-sha384kdf-scheme | + kaa-mqvSinglePass-sha512kdf-scheme, + ... +} + +x9-63-scheme OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) tc68(133) country(16) x9(840) + x9-63(63) schemes(0) } + +secg-scheme OBJECT IDENTIFIER ::= { + iso(1) identified-organization(3) certicom(132) schemes(1) } + +-- +-- Diffie-Hellman Single Pass, Standard, with KDFs +-- + +-- Parameters are always present and indicate the Key Wrap Algorithm + +kaa-dhSinglePass-stdDH-sha1kdf-scheme KEY-AGREE ::= { + IDENTIFIER dhSinglePass-stdDH-sha1kdf-scheme + PARAMS TYPE KeyWrapAlgorithm ARE required + UKM -- TYPE unencoded data -- ARE preferredPresent + SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha1kdf-scheme +} + +dhSinglePass-stdDH-sha1kdf-scheme OBJECT IDENTIFIER ::= { + x9-63-scheme 2 } + +kaa-dhSinglePass-stdDH-sha224kdf-scheme KEY-AGREE ::= { + IDENTIFIER dhSinglePass-stdDH-sha224kdf-scheme + PARAMS TYPE KeyWrapAlgorithm ARE required + UKM -- TYPE unencoded data -- ARE preferredPresent + SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha224kdf-scheme +} + +dhSinglePass-stdDH-sha224kdf-scheme OBJECT IDENTIFIER ::= { + secg-scheme 11 0 } + +kaa-dhSinglePass-stdDH-sha256kdf-scheme KEY-AGREE ::= { + IDENTIFIER dhSinglePass-stdDH-sha256kdf-scheme + PARAMS TYPE KeyWrapAlgorithm ARE required + UKM -- TYPE unencoded data -- ARE preferredPresent + SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha256kdf-scheme +} + +dhSinglePass-stdDH-sha256kdf-scheme OBJECT IDENTIFIER ::= { + secg-scheme 11 1 } + +kaa-dhSinglePass-stdDH-sha384kdf-scheme KEY-AGREE ::= { + IDENTIFIER dhSinglePass-stdDH-sha384kdf-scheme + PARAMS TYPE KeyWrapAlgorithm ARE required + UKM -- TYPE unencoded data -- ARE preferredPresent + SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha384kdf-scheme +} + +dhSinglePass-stdDH-sha384kdf-scheme OBJECT IDENTIFIER ::= { + secg-scheme 11 2 } + +kaa-dhSinglePass-stdDH-sha512kdf-scheme KEY-AGREE ::= { + IDENTIFIER dhSinglePass-stdDH-sha512kdf-scheme + PARAMS TYPE KeyWrapAlgorithm ARE required + UKM -- TYPE unencoded data -- ARE preferredPresent + SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha512kdf-scheme +} + +dhSinglePass-stdDH-sha512kdf-scheme OBJECT IDENTIFIER ::= { + secg-scheme 11 3 } + +-- +-- Diffie-Hellman Single Pass, Cofactor, with KDFs +-- + +kaa-dhSinglePass-cofactorDH-sha1kdf-scheme KEY-AGREE ::= { + IDENTIFIER dhSinglePass-cofactorDH-sha1kdf-scheme + PARAMS TYPE KeyWrapAlgorithm ARE required + UKM -- TYPE unencoded data -- ARE preferredPresent + SMIME-CAPS cap-kaa-dhSinglePass-cofactorDH-sha1kdf-scheme +} + +dhSinglePass-cofactorDH-sha1kdf-scheme OBJECT IDENTIFIER ::= { + x9-63-scheme 3 } + +kaa-dhSinglePass-cofactorDH-sha224kdf-scheme KEY-AGREE ::= { + IDENTIFIER dhSinglePass-cofactorDH-sha224kdf-scheme + PARAMS TYPE KeyWrapAlgorithm ARE required + UKM -- TYPE unencoded data -- ARE preferredPresent + SMIME-CAPS cap-kaa-dhSinglePass-cofactorDH-sha224kdf-scheme +} + +dhSinglePass-cofactorDH-sha224kdf-scheme OBJECT IDENTIFIER ::= { + secg-scheme 14 0 } + +kaa-dhSinglePass-cofactorDH-sha256kdf-scheme KEY-AGREE ::= { + IDENTIFIER dhSinglePass-cofactorDH-sha256kdf-scheme + PARAMS TYPE KeyWrapAlgorithm ARE required + UKM -- TYPE unencoded data -- ARE preferredPresent + SMIME-CAPS cap-kaa-dhSinglePass-cofactorDH-sha256kdf-scheme +} + +dhSinglePass-cofactorDH-sha256kdf-scheme OBJECT IDENTIFIER ::= { + secg-scheme 14 1 } + +kaa-dhSinglePass-cofactorDH-sha384kdf-scheme KEY-AGREE ::= { + IDENTIFIER dhSinglePass-cofactorDH-sha384kdf-scheme + PARAMS TYPE KeyWrapAlgorithm ARE required + UKM -- TYPE unencoded data -- ARE preferredPresent + SMIME-CAPS cap-kaa-dhSinglePass-cofactorDH-sha384kdf-scheme +} + +dhSinglePass-cofactorDH-sha384kdf-scheme OBJECT IDENTIFIER ::= { + secg-scheme 14 2 } + +kaa-dhSinglePass-cofactorDH-sha512kdf-scheme KEY-AGREE ::= { + IDENTIFIER dhSinglePass-cofactorDH-sha512kdf-scheme + PARAMS TYPE KeyWrapAlgorithm ARE required + UKM -- TYPE unencoded data -- ARE preferredPresent + SMIME-CAPS cap-kaa-dhSinglePass-cofactorDH-sha512kdf-scheme +} + +dhSinglePass-cofactorDH-sha512kdf-scheme OBJECT IDENTIFIER ::= { + secg-scheme 14 3 } + +-- +-- MQV Single Pass, Cofactor, with KDFs +-- + +kaa-mqvSinglePass-sha1kdf-scheme KEY-AGREE ::= { + IDENTIFIER mqvSinglePass-sha1kdf-scheme + PARAMS TYPE KeyWrapAlgorithm ARE required + UKM -- TYPE unencoded data -- ARE preferredPresent + SMIME-CAPS cap-kaa-mqvSinglePass-sha1kdf-scheme +} + +mqvSinglePass-sha1kdf-scheme OBJECT IDENTIFIER ::= { + x9-63-scheme 16 } + +kaa-mqvSinglePass-sha224kdf-scheme KEY-AGREE ::= { + IDENTIFIER mqvSinglePass-sha224kdf-scheme + PARAMS TYPE KeyWrapAlgorithm ARE required + UKM -- TYPE unencoded data -- ARE preferredPresent + SMIME-CAPS cap-kaa-mqvSinglePass-sha224kdf-scheme +} + +mqvSinglePass-sha224kdf-scheme OBJECT IDENTIFIER ::= { + secg-scheme 15 0 } + +kaa-mqvSinglePass-sha256kdf-scheme KEY-AGREE ::= { + IDENTIFIER mqvSinglePass-sha256kdf-scheme + PARAMS TYPE KeyWrapAlgorithm ARE required + UKM -- TYPE unencoded data -- ARE preferredPresent + SMIME-CAPS cap-kaa-mqvSinglePass-sha256kdf-scheme +} + +mqvSinglePass-sha256kdf-scheme OBJECT IDENTIFIER ::= { + secg-scheme 15 1 } + +kaa-mqvSinglePass-sha384kdf-scheme KEY-AGREE ::= { + IDENTIFIER mqvSinglePass-sha384kdf-scheme + PARAMS TYPE KeyWrapAlgorithm ARE required + UKM -- TYPE unencoded data -- ARE preferredPresent + SMIME-CAPS cap-kaa-mqvSinglePass-sha384kdf-scheme +} + +mqvSinglePass-sha384kdf-scheme OBJECT IDENTIFIER ::= { + secg-scheme 15 2 } + +kaa-mqvSinglePass-sha512kdf-scheme KEY-AGREE ::= { + IDENTIFIER mqvSinglePass-sha512kdf-scheme + PARAMS TYPE KeyWrapAlgorithm ARE required + UKM -- TYPE unencoded data -- ARE preferredPresent + SMIME-CAPS cap-kaa-mqvSinglePass-sha512kdf-scheme +} + +mqvSinglePass-sha512kdf-scheme OBJECT IDENTIFIER ::= { + secg-scheme 15 3 } + +-- +-- Key Wrap Algorithms: Imported from [CMS-ASN] +-- + +KeyWrapAlgorithm ::= AlgorithmIdentifier { KEY-WRAP, { KeyWrapAlgs } } + +KeyWrapAlgs KEY-WRAP ::= { + kwa-3DESWrap | + kwa-aes128-wrap | + kwa-aes192-wrap | + kwa-aes256-wrap, + ... +} + +-- +-- Content Encryption Algorithms: Imported from [CMS-ASN] +-- + +-- Constrains the EnvelopedData EncryptedContentInfo encryptedContent +-- field and the AuthEnvelopedData EncryptedContentInfo +-- contentEncryptionAlgorithm field + +-- ContentEncryptionAlgs CONTENT-ENCRYPTION ::= { +-- cea-3DES-cbc | +-- cea-aes128-cbc | +-- cea-aes192-cbc | +-- cea-aes256-cbc | +-- cea-aes128-ccm | +-- cea-aes192-ccm | +-- cea-aes256-ccm | +-- cea-aes128-gcm | +-- cea-aes192-gcm | +-- cea-aes256-gcm, +-- ... +-- } + +-- des-ede3-cbc and aes*-cbc are used with EnvelopedData and +-- EncryptedData +-- aes*-ccm are used with AuthEnvelopedData +-- aes*-gcm are used with AuthEnvelopedData +-- (where * is 128, 192, and 256) + +-- +-- Message Authentication Code Algorithms +-- + +-- Constrains the AuthenticatedData +-- MessageAuthenticationCodeAlgorithm field +-- + +MessageAuthAlgs MAC-ALGORITHM ::= { +-- maca-hMAC-SHA1 | + maca-hMAC-SHA224 | + maca-hMAC-SHA256 | + maca-hMAC-SHA384 | + maca-hMAC-SHA512, + ... +} + +maca-hMAC-SHA224 MAC-ALGORITHM ::= { + IDENTIFIER id-hmacWithSHA224 + PARAMS ARE absent + IS-KEYED-MAC TRUE + SMIME-CAPS cap-hMAC-SHA224 +} + +id-hmacWithSHA224 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) rsadsi(113549) + digestAlgorithm(2) 8 } + +maca-hMAC-SHA256 MAC-ALGORITHM ::= { + IDENTIFIER id-hmacWithSHA256 + PARAMS ARE absent + IS-KEYED-MAC TRUE + SMIME-CAPS cap-hMAC-SHA256 +} + +id-hmacWithSHA256 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) rsadsi(113549) + digestAlgorithm(2) 9 } + +maca-hMAC-SHA384 MAC-ALGORITHM ::= { + IDENTIFIER id-hmacWithSHA384 + PARAMS ARE absent + IS-KEYED-MAC TRUE + SMIME-CAPS cap-hMAC-SHA384 +} + +id-hmacWithSHA384 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) rsadsi(113549) + digestAlgorithm(2) 10 } + +maca-hMAC-SHA512 MAC-ALGORITHM ::= { + IDENTIFIER id-hmacWithSHA512 + PARAMS ARE absent + IS-KEYED-MAC TRUE + SMIME-CAPS cap-hMAC-SHA512 +} + +id-hmacWithSHA512 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) rsadsi(113549) + digestAlgorithm(2) 11 } + +-- +-- Originator Public Key Algorithms +-- + +-- Constraints on KeyAgreeRecipientInfo OriginatorIdentifierOrKey +-- OriginatorPublicKey algorithm field + +OriginatorPKAlgorithms PUBLIC-KEY ::= { + opka-ec, + ... +} + +opka-ec PUBLIC-KEY ::={ + IDENTIFIER id-ecPublicKey + KEY ECPoint + PARAMS TYPE CHOICE { n NULL, p ECParameters } ARE preferredAbsent +} + +-- Format for both ephemeral and static public keys: Imported from +-- [PKI-ALG] + +-- ECPoint ::= OCTET STRING + +-- ECParameters ::= CHOICE { +-- namedCurve CURVE.&id({NamedCurve}) +-- commented out in [PKI-ALG] implicitCurve NULL +-- commented out in [PKI-ALG] specifiedCurve SpecifiedECDomain +-- commented out in [PKI-ALG] ... +-- } + -- implicitCurve and specifiedCurve MUST NOT be used in PKIX. + -- Details for SpecifiedECDomain can be found in [X9.62]. + -- Any future additions to this CHOICE should be coordinated + -- with ANSI X.9. + +-- Format of KeyAgreeRecipientInfo ukm field when used with +-- ECMQV + +MQVuserKeyingMaterial ::= SEQUENCE { + ephemeralPublicKey OriginatorPublicKey, + addedukm [0] EXPLICIT UserKeyingMaterial OPTIONAL +} + +-- 'SharedInfo' for input to KDF when using ECDH and ECMQV with +-- EnvelopedData, AuthenticatedData, or AuthEnvelopedData + +ECC-CMS-SharedInfo ::= SEQUENCE { + keyInfo KeyWrapAlgorithm, + entityUInfo [0] EXPLICIT OCTET STRING OPTIONAL, + suppPubInfo [2] EXPLICIT OCTET STRING +} + +-- +-- S/MIME CAPS for algorithms in this document +-- + +SMimeCAPS SMIME-CAPS ::= { +-- mda-sha1.&smimeCaps | +-- mda-sha224.&smimeCaps | +-- mda-sha256.&smimeCaps | +-- mda-sha384.&smimeCaps | +-- mda-sha512.&smimeCaps | +-- sa-ecdsaWithSHA1.&smimeCaps | +-- sa-ecdsaWithSHA224.&smimeCaps | +-- sa-ecdsaWithSHA256.&smimeCaps | +-- sa-ecdsaWithSHA384.&smimeCaps | +-- sa-ecdsaWithSHA512.&smimeCaps | + kaa-dhSinglePass-stdDH-sha1kdf-scheme.&smimeCaps | + kaa-dhSinglePass-stdDH-sha224kdf-scheme.&smimeCaps | + kaa-dhSinglePass-stdDH-sha256kdf-scheme.&smimeCaps | + kaa-dhSinglePass-stdDH-sha384kdf-scheme.&smimeCaps | + kaa-dhSinglePass-stdDH-sha512kdf-scheme.&smimeCaps | + kaa-dhSinglePass-cofactorDH-sha1kdf-scheme.&smimeCaps | + kaa-dhSinglePass-cofactorDH-sha224kdf-scheme.&smimeCaps | + kaa-dhSinglePass-cofactorDH-sha256kdf-scheme.&smimeCaps | + kaa-dhSinglePass-cofactorDH-sha384kdf-scheme.&smimeCaps | + kaa-dhSinglePass-cofactorDH-sha512kdf-scheme.&smimeCaps | + kaa-mqvSinglePass-sha1kdf-scheme.&smimeCaps | + kaa-mqvSinglePass-sha224kdf-scheme.&smimeCaps | + kaa-mqvSinglePass-sha256kdf-scheme.&smimeCaps | + kaa-mqvSinglePass-sha384kdf-scheme.&smimeCaps | + kaa-mqvSinglePass-sha512kdf-scheme.&smimeCaps | +-- kwa-3des.&smimeCaps | +-- kwa-aes128.&smimeCaps | +-- kwa-aes192.&smimeCaps | +-- kwa-aes256.&smimeCaps | +-- cea-3DES-cbc.&smimeCaps | +-- cea-aes128-cbc.&smimeCaps | +-- cea-aes192-cbc.&smimeCaps | +-- cea-aes256-cbc.&smimeCaps | +-- cea-aes128-ccm.&smimeCaps | +-- cea-aes192-ccm.&smimeCaps | +-- cea-aes256-ccm.&smimeCaps | +-- cea-aes128-gcm.&smimeCaps | +-- cea-aes192-gcm.&smimeCaps | +-- cea-aes256-gcm.&smimeCaps | +-- maca-hMAC-SHA1.&smimeCaps | + maca-hMAC-SHA224.&smimeCaps | + maca-hMAC-SHA256.&smimeCaps | + maca-hMAC-SHA384.&smimeCaps | + maca-hMAC-SHA512.&smimeCaps, + ... +} + +cap-kaa-dhSinglePass-stdDH-sha1kdf-scheme SMIME-CAPS ::= { + TYPE KeyWrapAlgorithm + IDENTIFIED BY dhSinglePass-stdDH-sha1kdf-scheme +} + +cap-kaa-dhSinglePass-stdDH-sha224kdf-scheme SMIME-CAPS ::= { + TYPE KeyWrapAlgorithm + IDENTIFIED BY dhSinglePass-stdDH-sha224kdf-scheme +} + +cap-kaa-dhSinglePass-stdDH-sha256kdf-scheme SMIME-CAPS ::= { + TYPE KeyWrapAlgorithm + IDENTIFIED BY dhSinglePass-stdDH-sha256kdf-scheme +} + +cap-kaa-dhSinglePass-stdDH-sha384kdf-scheme SMIME-CAPS ::= { + TYPE KeyWrapAlgorithm + IDENTIFIED BY dhSinglePass-stdDH-sha384kdf-scheme +} + +cap-kaa-dhSinglePass-stdDH-sha512kdf-scheme SMIME-CAPS ::= { + TYPE KeyWrapAlgorithm + IDENTIFIED BY dhSinglePass-stdDH-sha512kdf-scheme +} + +cap-kaa-dhSinglePass-cofactorDH-sha1kdf-scheme SMIME-CAPS ::={ + TYPE KeyWrapAlgorithm + IDENTIFIED BY dhSinglePass-cofactorDH-sha1kdf-scheme +} + +cap-kaa-dhSinglePass-cofactorDH-sha224kdf-scheme SMIME-CAPS ::={ + TYPE KeyWrapAlgorithm + IDENTIFIED BY dhSinglePass-cofactorDH-sha224kdf-scheme +} + +cap-kaa-dhSinglePass-cofactorDH-sha256kdf-scheme SMIME-CAPS ::={ + TYPE KeyWrapAlgorithm + IDENTIFIED BY dhSinglePass-cofactorDH-sha256kdf-scheme +} + +cap-kaa-dhSinglePass-cofactorDH-sha384kdf-scheme SMIME-CAPS ::={ + TYPE KeyWrapAlgorithm + IDENTIFIED BY dhSinglePass-cofactorDH-sha384kdf-scheme +} + +cap-kaa-dhSinglePass-cofactorDH-sha512kdf-scheme SMIME-CAPS ::={ + TYPE KeyWrapAlgorithm + IDENTIFIED BY dhSinglePass-cofactorDH-sha512kdf-scheme +} + +cap-kaa-mqvSinglePass-sha1kdf-scheme SMIME-CAPS ::={ + TYPE KeyWrapAlgorithm + IDENTIFIED BY mqvSinglePass-sha1kdf-scheme +} + +cap-kaa-mqvSinglePass-sha224kdf-scheme SMIME-CAPS ::={ + TYPE KeyWrapAlgorithm + IDENTIFIED BY mqvSinglePass-sha224kdf-scheme +} + +cap-kaa-mqvSinglePass-sha256kdf-scheme SMIME-CAPS ::={ + TYPE KeyWrapAlgorithm + IDENTIFIED BY mqvSinglePass-sha256kdf-scheme +} + +cap-kaa-mqvSinglePass-sha384kdf-scheme SMIME-CAPS ::={ + TYPE KeyWrapAlgorithm + IDENTIFIED BY mqvSinglePass-sha384kdf-scheme +} + +cap-kaa-mqvSinglePass-sha512kdf-scheme SMIME-CAPS ::={ + TYPE KeyWrapAlgorithm + IDENTIFIED BY mqvSinglePass-sha512kdf-scheme +} + +cap-hMAC-SHA224 SMIME-CAPS ::={ IDENTIFIED BY id-hmacWithSHA224 } +cap-hMAC-SHA256 SMIME-CAPS ::={ IDENTIFIED BY id-hmacWithSHA256 } +cap-hMAC-SHA384 SMIME-CAPS ::={ IDENTIFIED BY id-hmacWithSHA384 } +cap-hMAC-SHA512 SMIME-CAPS ::={ IDENTIFIED BY id-hmacWithSHA512 } + +END \ No newline at end of file diff --git a/priv/cms/CMSECDHAlgs-2017.asn1 b/priv/cms/CMSECDHAlgs-2017.asn1 new file mode 100644 index 0000000..3ed2bc0 --- /dev/null +++ b/priv/cms/CMSECDHAlgs-2017.asn1 @@ -0,0 +1,109 @@ + CMSECDHAlgs-2017 + { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) + smime(16) modules(0) id-mod-cms-ecdh-alg-2017(67) } + + DEFINITIONS IMPLICIT TAGS ::= + BEGIN + + -- EXPORTS ALL + + IMPORTS + + KeyWrapAlgorithm + FROM CryptographicMessageSyntaxAlgorithms-2009 -- in [CMSASN1] + { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) + pkcs-9(9) smime(16) modules(0) id-mod-cmsalg-2001-02(37) } + + KEY-AGREE, SMIME-CAPS + FROM AlgorithmInformation-2009 -- in [CMSASN1] + { iso(1) identified-organization(3) dod(6) internet(1) + security(5) mechanisms(5) pkix(7) id-mod(0) + id-mod-algorithmInformation-02(58) } + + dhSinglePass-stdDH-sha256kdf-scheme, + dhSinglePass-stdDH-sha384kdf-scheme, + dhSinglePass-stdDH-sha512kdf-scheme, + kaa-dhSinglePass-stdDH-sha256kdf-scheme, + kaa-dhSinglePass-stdDH-sha384kdf-scheme, + kaa-dhSinglePass-stdDH-sha512kdf-scheme, + cap-kaa-dhSinglePass-stdDH-sha256kdf-scheme, + cap-kaa-dhSinglePass-stdDH-sha384kdf-scheme, + cap-kaa-dhSinglePass-stdDH-sha512kdf-scheme + FROM CMSECCAlgs-2009-02 -- in [CMSECC] + { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) + pkcs-9(9) smime(16) modules(0) + id-mod-cms-ecc-alg-2009-02(46) } + ; + + -- + -- Object Identifiers + -- + + smime-alg OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) + pkcs-9(9) smime(16) alg(3) } + + dhSinglePass-stdDH-hkdf-sha256-scheme OBJECT IDENTIFIER ::= { + smime-alg 19 } + + dhSinglePass-stdDH-hkdf-sha384-scheme OBJECT IDENTIFIER ::= { + smime-alg 20 } + + dhSinglePass-stdDH-hkdf-sha512-scheme OBJECT IDENTIFIER ::= { + smime-alg 21 } + + -- + -- Extend the Key Agreement Algorithms in [CMSECC] + -- + + KeyAgreementAlgs KEY-AGREE ::= { ..., + kaa-dhSinglePass-stdDH-sha256kdf-scheme | + kaa-dhSinglePass-stdDH-sha384kdf-scheme | + kaa-dhSinglePass-stdDH-sha512kdf-scheme | + kaa-dhSinglePass-stdDH-hkdf-sha256-scheme | + kaa-dhSinglePass-stdDH-hkdf-sha384-scheme | + kaa-dhSinglePass-stdDH-hkdf-sha512-scheme } + + kaa-dhSinglePass-stdDH-hkdf-sha256-scheme KEY-AGREE ::= { + IDENTIFIER dhSinglePass-stdDH-hkdf-sha256-scheme + PARAMS TYPE KeyWrapAlgorithm ARE required + UKM -- TYPE unencoded data -- ARE preferredPresent + SMIME-CAPS cap-kaa-dhSinglePass-stdDH-hkdf-sha256-scheme } + + kaa-dhSinglePass-stdDH-hkdf-sha384-scheme KEY-AGREE ::= { + IDENTIFIER dhSinglePass-stdDH-hkdf-sha384-scheme + PARAMS TYPE KeyWrapAlgorithm ARE required + UKM -- TYPE unencoded data -- ARE preferredPresent + SMIME-CAPS cap-kaa-dhSinglePass-stdDH-hkdf-sha384-scheme } + + kaa-dhSinglePass-stdDH-hkdf-sha512-scheme KEY-AGREE ::= { + IDENTIFIER dhSinglePass-stdDH-hkdf-sha512-scheme + PARAMS TYPE KeyWrapAlgorithm ARE required + UKM -- TYPE unencoded data -- ARE preferredPresent + SMIME-CAPS cap-kaa-dhSinglePass-stdDH-hkdf-sha512-scheme } + + -- + -- Extend the S/MIME CAPS in [CMSECC] + -- + + SMimeCAPS SMIME-CAPS ::= { ..., + kaa-dhSinglePass-stdDH-sha256kdf-scheme.&smimeCaps | + kaa-dhSinglePass-stdDH-sha384kdf-scheme.&smimeCaps | + kaa-dhSinglePass-stdDH-sha512kdf-scheme.&smimeCaps | + kaa-dhSinglePass-stdDH-hkdf-sha256-scheme.&smimeCaps | + kaa-dhSinglePass-stdDH-hkdf-sha384-scheme.&smimeCaps | + kaa-dhSinglePass-stdDH-hkdf-sha512-scheme.&smimeCaps } + + cap-kaa-dhSinglePass-stdDH-hkdf-sha256-scheme SMIME-CAPS ::= { + TYPE KeyWrapAlgorithm + IDENTIFIED BY dhSinglePass-stdDH-hkdf-sha256-scheme } + + cap-kaa-dhSinglePass-stdDH-hkdf-sha384-scheme SMIME-CAPS ::= { + TYPE KeyWrapAlgorithm + IDENTIFIED BY dhSinglePass-stdDH-hkdf-sha384-scheme} + + cap-kaa-dhSinglePass-stdDH-hkdf-sha512-scheme SMIME-CAPS ::= { + TYPE KeyWrapAlgorithm + IDENTIFIED BY dhSinglePass-stdDH-hkdf-sha512-scheme } + + END diff --git a/priv/cms/CertificateExtensions.asn1 b/priv/cms/CertificateExtensions.asn1 new file mode 100644 index 0000000..d573c42 --- /dev/null +++ b/priv/cms/CertificateExtensions.asn1 @@ -0,0 +1,456 @@ +-- Module CertificateExtensions (X.509:08/1997) + +CertificateExtensions {joint-iso-itu-t ds(5) module(1) + certificateExtensions(26) 0} DEFINITIONS IMPLICIT TAGS ::= +BEGIN + +IMPORTS id-at, id-ce, id-mr, informationFramework, authenticationFramework, + selectedAttributeTypes, upperBounds + FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) usefulDefinitions(0) 3} + + Name, RelativeDistinguishedName, ATTRIBUTE, Attribute, MATCHING-RULE + FROM InformationFramework informationFramework + + CertificateSerialNumber, CertificateList, AlgorithmIdentifier, EXTENSION, Time + FROM AuthenticationFramework authenticationFramework + + DirectoryString{} + FROM SelectedAttributeTypes selectedAttributeTypes + + ub-name + FROM UpperBounds upperBounds; + +-- Unless explicitly noted otherwise, there is no significance to the ordering +-- of components of a SEQUENCE OF construct in this Specification. +-- Key and policy information extensions +authorityKeyIdentifier EXTENSION ::= { + SYNTAX AuthorityKeyIdentifier + IDENTIFIED BY id-ce-authorityKeyIdentifier +} + +AuthorityKeyIdentifier ::= SEQUENCE { + keyIdentifier [0] KeyIdentifier OPTIONAL, + authorityCertIssuer [1] GeneralNames OPTIONAL, + authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL +} +(WITH COMPONENTS { + ..., + authorityCertIssuer PRESENT, + authorityCertSerialNumber PRESENT + } | + WITH COMPONENTS { + ..., + authorityCertIssuer ABSENT, + authorityCertSerialNumber ABSENT + }) + +KeyIdentifier ::= OCTET STRING + +subjectKeyIdentifier EXTENSION ::= { + SYNTAX SubjectKeyIdentifier + IDENTIFIED BY id-ce-subjectKeyIdentifier +} + +SubjectKeyIdentifier ::= KeyIdentifier + +keyUsage EXTENSION ::= {SYNTAX KeyUsage + IDENTIFIED BY id-ce-keyUsage +} + +KeyUsage ::= BIT STRING { + digitalSignature(0), nonRepudiation(1), keyEncipherment(2), + dataEncipherment(3), keyAgreement(4), keyCertSign(5), cRLSign(6), + encipherOnly(7), decipherOnly(8)} + +extKeyUsage EXTENSION ::= { + SYNTAX SEQUENCE SIZE (1..MAX) OF KeyPurposeId + IDENTIFIED BY id-ce-extKeyUsage +} + +KeyPurposeId ::= OBJECT IDENTIFIER + +privateKeyUsagePeriod EXTENSION ::= { + SYNTAX PrivateKeyUsagePeriod + IDENTIFIED BY id-ce-privateKeyUsagePeriod +} + +PrivateKeyUsagePeriod ::= SEQUENCE { + notBefore [0] GeneralizedTime OPTIONAL, + notAfter [1] GeneralizedTime OPTIONAL +} +(WITH COMPONENTS { + ..., + notBefore PRESENT + } | WITH COMPONENTS { + ..., + notAfter PRESENT + }) + +certificatePolicies EXTENSION ::= { + SYNTAX CertificatePoliciesSyntax + IDENTIFIED BY id-ce-certificatePolicies +} + +CertificatePoliciesSyntax ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation + +PolicyInformation ::= SEQUENCE { + policyIdentifier CertPolicyId, + policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo OPTIONAL +} + +CertPolicyId ::= OBJECT IDENTIFIER + +PolicyQualifierInfo ::= SEQUENCE { + policyQualifierId CERT-POLICY-QUALIFIER.&id({SupportedPolicyQualifiers}), + qualifier + CERT-POLICY-QUALIFIER.&Qualifier + ({SupportedPolicyQualifiers}{@policyQualifierId}) OPTIONAL +} + +SupportedPolicyQualifiers CERT-POLICY-QUALIFIER ::= + {...} + +CERT-POLICY-QUALIFIER ::= CLASS { + &id OBJECT IDENTIFIER UNIQUE, + &Qualifier OPTIONAL +}WITH SYNTAX {POLICY-QUALIFIER-ID &id + [QUALIFIER-TYPE &Qualifier] +} + +policyMappings EXTENSION ::= { + SYNTAX PolicyMappingsSyntax + IDENTIFIED BY id-ce-policyMappings +} + +PolicyMappingsSyntax ::= + SEQUENCE SIZE (1..MAX) OF + SEQUENCE {issuerDomainPolicy CertPolicyId, + subjectDomainPolicy CertPolicyId} + +supportedAlgorithms ATTRIBUTE ::= { + WITH SYNTAX SupportedAlgorithm + EQUALITY MATCHING RULE algorithmIdentifierMatch + ID id-at-supportedAlgorithms +} + +SupportedAlgorithm ::= SEQUENCE { + algorithmIdentifier AlgorithmIdentifier, + intendedUsage [0] KeyUsage OPTIONAL, + intendedCertificatePolicies [1] CertificatePoliciesSyntax OPTIONAL +} + +-- Certificate subject and certificate issuer attributes extensions +subjectAltName EXTENSION ::= { + SYNTAX GeneralNames + IDENTIFIED BY id-ce-subjectAltName +} + +GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName + +GeneralName ::= CHOICE { + otherName [0] INSTANCE OF OTHER-NAME, + rfc822Name [1] IA5String, + dNSName [2] IA5String, + directoryName [4] Name, + ediPartyName [5] EDIPartyName, + uniformResourceIdentifier [6] IA5String, + iPAddress [7] OCTET STRING, + registeredID [8] OBJECT IDENTIFIER +} + +OTHER-NAME ::= TYPE-IDENTIFIER + +EDIPartyName ::= SEQUENCE { + nameAssigner [0] DirectoryString{ub-name} OPTIONAL, + partyName [1] DirectoryString{ub-name} +} + +issuerAltName EXTENSION ::= { + SYNTAX GeneralNames + IDENTIFIED BY id-ce-issuerAltName +} + +subjectDirectoryAttributes EXTENSION ::= { + SYNTAX AttributesSyntax + IDENTIFIED BY id-ce-subjectDirectoryAttributes +} + +AttributesSyntax ::= SEQUENCE SIZE (1..MAX) OF Attribute + +-- Certification path constraints extensions +basicConstraints EXTENSION ::= { + SYNTAX BasicConstraintsSyntax + IDENTIFIED BY id-ce-basicConstraints +} + +BasicConstraintsSyntax ::= SEQUENCE { + cA BOOLEAN DEFAULT FALSE, + pathLenConstraint INTEGER(0..MAX) OPTIONAL +} + +nameConstraints EXTENSION ::= { + SYNTAX NameConstraintsSyntax + IDENTIFIED BY id-ce-nameConstraint +} + +NameConstraintsSyntax ::= SEQUENCE { + permittedSubtrees [0] GeneralSubtrees OPTIONAL, + excludedSubtrees [1] GeneralSubtrees OPTIONAL, + requiredNameForms [2] NameForms OPTIONAL +} + +GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree + +GeneralSubtree ::= SEQUENCE { + base GeneralName, + minimum [0] BaseDistance DEFAULT 0, + maximum [1] BaseDistance OPTIONAL +} + +BaseDistance ::= INTEGER(0..MAX) + +NameForms ::= SEQUENCE { + basicNameForms [0] BasicNameForms OPTIONAL, + otherNameForms [1] SEQUENCE SIZE (1..MAX) OF OBJECT IDENTIFIER OPTIONAL +}(ALL EXCEPT ({ --none; i.e.:at least one component shall be present--})) + +BasicNameForms ::= BIT STRING { + rfc822Name(0), dNSName(1), x400Address(2), directoryName(3), ediPartyName(4), + uniformResourceIdentifier(5), iPAddress(6), registeredID(7)}(SIZE (1..MAX)) + +policyConstraints EXTENSION ::= { + SYNTAX PolicyConstraintsSyntax + IDENTIFIED BY id-ce-policyConstraints +} + +PolicyConstraintsSyntax ::= SEQUENCE { + requireExplicitPolicy [0] SkipCerts OPTIONAL, + inhibitPolicyMapping [1] SkipCerts OPTIONAL +} + +SkipCerts ::= INTEGER(0..MAX) + +CertPolicySet ::= SEQUENCE SIZE (1..MAX) OF CertPolicyId + +-- Basic CRL extensions +cRLNumber EXTENSION ::= { + SYNTAX CRLNumber + IDENTIFIED BY id-ce-cRLNumber +} + +CRLNumber ::= INTEGER(0..MAX) + +reasonCode EXTENSION ::= { + SYNTAX CRLReason + IDENTIFIED BY id-ce-reasonCode +} + +CRLReason ::= ENUMERATED { + unspecified(0), keyCompromise(1), cACompromise(2), affiliationChanged(3), + superseded(4), cessationOfOperation(5), certificateHold(6), removeFromCRL(8) +} + +instructionCode EXTENSION ::= { + SYNTAX HoldInstruction + IDENTIFIED BY id-ce-instructionCode +} + +HoldInstruction ::= OBJECT IDENTIFIER + +invalidityDate EXTENSION ::= { + SYNTAX GeneralizedTime + IDENTIFIED BY id-ce-invalidityDate +} + +-- CRL distribution points and delta-CRL extensions +cRLDistributionPoints EXTENSION ::= { + SYNTAX CRLDistPointsSyntax + IDENTIFIED BY id-ce-cRLDistributionPoints +} + +CRLDistPointsSyntax ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint + +DistributionPoint ::= SEQUENCE { + distributionPoint [0] DistributionPointName OPTIONAL, + reasons [1] ReasonFlags OPTIONAL, + cRLIssuer [2] GeneralNames OPTIONAL +} + +DistributionPointName ::= CHOICE { + fullName [0] GeneralNames, + nameRelativeToCRLIssuer [1] RelativeDistinguishedName +} + +ReasonFlags ::= BIT STRING { + unused(0), keyCompromise(1), caCompromise(2), affiliationChanged(3), + superseded(4), cessationOfOperation(5), certificateHold(6)} + +issuingDistributionPoint EXTENSION ::= { + SYNTAX IssuingDistPointSyntax + IDENTIFIED BY id-ce-issuingDistributionPoint +} + +IssuingDistPointSyntax ::= SEQUENCE { + distributionPoint [0] DistributionPointName OPTIONAL, + onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE, + onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE, + onlySomeReasons [3] ReasonFlags OPTIONAL, + indirectCRL [4] BOOLEAN DEFAULT FALSE +} + +certificateIssuer EXTENSION ::= { + SYNTAX GeneralNames + IDENTIFIED BY id-ce-certificateIssuer +} + +deltaCRLIndicator EXTENSION ::= { + SYNTAX BaseCRLNumber + IDENTIFIED BY id-ce-deltaCRLIndicator +} + +BaseCRLNumber ::= CRLNumber + +deltaRevocationList ATTRIBUTE ::= { + WITH SYNTAX CertificateList + EQUALITY MATCHING RULE certificateListExactMatch + ID id-at-deltaRevocationList +} + +-- Matching rules +certificateExactMatch MATCHING-RULE ::= { + SYNTAX CertificateExactAssertion + ID id-mr-certificateExactMatch +} + +CertificateExactAssertion ::= SEQUENCE { + serialNumber CertificateSerialNumber, + issuer Name +} + +certificateMatch MATCHING-RULE ::= { + SYNTAX CertificateAssertion + ID id-mr-certificateMatch +} + +CertificateAssertion ::= SEQUENCE { + serialNumber [0] CertificateSerialNumber OPTIONAL, + issuer [1] Name OPTIONAL, + subjectKeyIdentifier [2] SubjectKeyIdentifier OPTIONAL, + authorityKeyIdentifier [3] AuthorityKeyIdentifier OPTIONAL, + certificateValid [4] Time OPTIONAL, + privateKeyValid [5] GeneralizedTime OPTIONAL, + subjectPublicKeyAlgID [6] OBJECT IDENTIFIER OPTIONAL, + keyUsage [7] KeyUsage OPTIONAL, + subjectAltName [8] AltNameType OPTIONAL, + policy [9] CertPolicySet OPTIONAL, + pathToName [10] Name OPTIONAL +} + +AltNameType ::= CHOICE { + builtinNameForm + ENUMERATED {rfc822Name(1), dNSName(2), x400Address(3), directoryName(4), + ediPartyName(5), uniformResourceIdentifier(6), iPAddress(7), + registeredId(8)}, + otherNameForm OBJECT IDENTIFIER +} + +certificatePairExactMatch MATCHING-RULE ::= { + SYNTAX CertificatePairExactAssertion + ID id-mr-certificatePairExactMatch +} + +CertificatePairExactAssertion ::= SEQUENCE { + forwardAssertion [0] CertificateExactAssertion OPTIONAL, + reverseAssertion [1] CertificateExactAssertion OPTIONAL +} +(WITH COMPONENTS { + ..., + forwardAssertion PRESENT + } | WITH COMPONENTS { + ..., + reverseAssertion PRESENT + }) + +certificatePairMatch MATCHING-RULE ::= { + SYNTAX CertificatePairAssertion + ID id-mr-certificatePairMatch +} + +CertificatePairAssertion ::= SEQUENCE { + forwardAssertion [0] CertificateAssertion OPTIONAL, + reverseAssertion [1] CertificateAssertion OPTIONAL +} +(WITH COMPONENTS { + ..., + forwardAssertion PRESENT + } | WITH COMPONENTS { + ..., + reverseAssertion PRESENT + }) + +certificateListExactMatch MATCHING-RULE ::= { + SYNTAX CertificateListExactAssertion + ID id-mr-certificateListExactMatch +} + +CertificateListExactAssertion ::= SEQUENCE { + issuer Name, + thisUpdate Time, + distributionPoint DistributionPointName OPTIONAL +} + +certificateListMatch MATCHING-RULE ::= { + SYNTAX CertificateListAssertion + ID id-mr-certificateListMatch +} + +CertificateListAssertion ::= SEQUENCE { + issuer Name OPTIONAL, + minCRLNumber [0] CRLNumber OPTIONAL, + maxCRLNumber [1] CRLNumber OPTIONAL, + reasonFlags ReasonFlags OPTIONAL, + dateAndTime Time OPTIONAL, + distributionPoint [2] DistributionPointName OPTIONAL +} + +algorithmIdentifierMatch MATCHING-RULE ::= { + SYNTAX AlgorithmIdentifier + ID id-mr-algorithmIdentifierMatch +} + +-- Object identifier assignments +id-at-supportedAlgorithms OBJECT IDENTIFIER ::= {id-at 52} +id-at-deltaRevocationList OBJECT IDENTIFIER ::= {id-at 53} +id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= {id-ce 9} +id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= {id-ce 14} +id-ce-keyUsage OBJECT IDENTIFIER ::= {id-ce 15} +id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= {id-ce 16} +id-ce-subjectAltName OBJECT IDENTIFIER ::= {id-ce 17} +id-ce-issuerAltName OBJECT IDENTIFIER ::= {id-ce 18} +id-ce-basicConstraints OBJECT IDENTIFIER ::= {id-ce 19} +id-ce-cRLNumber OBJECT IDENTIFIER ::= {id-ce 20} +id-ce-reasonCode OBJECT IDENTIFIER ::= {id-ce 21} +id-ce-instructionCode OBJECT IDENTIFIER ::= {id-ce 23} +id-ce-invalidityDate OBJECT IDENTIFIER ::= {id-ce 24} +id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= {id-ce 27} +id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= {id-ce 28} +id-ce-certificateIssuer OBJECT IDENTIFIER ::= {id-ce 29} +id-ce-nameConstraint OBJECT IDENTIFIER ::= {id-ce 30 1} +id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= {id-ce 31} +id-ce-certificatePolicies OBJECT IDENTIFIER ::= {id-ce 32} +id-ce-policyMappings OBJECT IDENTIFIER ::= {id-ce 33} +id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= {id-ce 35} +id-ce-policyConstraints OBJECT IDENTIFIER ::= {id-ce 36} +id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37} +id-mr-certificateExactMatch OBJECT IDENTIFIER ::= {id-mr 34} +id-mr-certificateMatch OBJECT IDENTIFIER ::= {id-mr 35} +id-mr-certificatePairExactMatch OBJECT IDENTIFIER ::= {id-mr 36} +id-mr-certificatePairMatch OBJECT IDENTIFIER ::= {id-mr 37} +id-mr-certificateListExactMatch OBJECT IDENTIFIER ::= {id-mr 38} +id-mr-certificateListMatch OBJECT IDENTIFIER ::= {id-mr 39} +id-mr-algorithmIdentifierMatch OBJECT IDENTIFIER ::= {id-mr 40} +id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= {id-ce 54} + +END + + diff --git a/priv/cms/Character-Coding-Attributes.asn1 b/priv/cms/Character-Coding-Attributes.asn1 new file mode 100644 index 0000000..e4377c3 --- /dev/null +++ b/priv/cms/Character-Coding-Attributes.asn1 @@ -0,0 +1,12 @@ +Character-Coding-Attributes {2 8 1 6 3} DEFINITIONS ::= +BEGIN + +EXPORTS Character-Coding-Attributes; + +Character-Coding-Attributes ::= SET { +} + +-- no character coding attributes +-- are defined in this part of +-- ITU-T Rec. T.410-Series | ISO/IEC 8613 +END diff --git a/priv/cms/Character-Presentation-Attributes.asn1 b/priv/cms/Character-Presentation-Attributes.asn1 new file mode 100644 index 0000000..01cff3c --- /dev/null +++ b/priv/cms/Character-Presentation-Attributes.asn1 @@ -0,0 +1,120 @@ +Character-Presentation-Attributes {2 8 1 6 2} DEFINITIONS ::= +BEGIN + +EXPORTS + Character-Attributes, One-Of-Four-Angles, One-Of-Two-Angles, Measure-Pair, + Alignment, Layout-Table, Graphic-Rendition, Formatting-Indicator, + Character-Fonts, Itemization, Kerning-Offset, Proportional-Line-Spacing, + Pairwise-Kerning; + +Character-Attributes ::= SET { + character-path [0] IMPLICIT One-Of-Four-Angles OPTIONAL, + line-progression [1] IMPLICIT One-Of-Two-Angles OPTIONAL, + character-orientation [2] IMPLICIT One-Of-Four-Angles OPTIONAL, + initial-offset [3] IMPLICIT Measure-Pair OPTIONAL, + character-spacing [6] IMPLICIT INTEGER OPTIONAL, + line-spacing [7] IMPLICIT INTEGER OPTIONAL, + alignment [8] IMPLICIT Alignment OPTIONAL, + line-layout-table [9] IMPLICIT Layout-Table OPTIONAL, + graphic-rendition [10] IMPLICIT Graphic-Rendition OPTIONAL, + formatting-indicator [11] IMPLICIT Formatting-Indicator OPTIONAL, + character-fonts [12] IMPLICIT Character-Fonts OPTIONAL, + graphic-char-subrepertoire [13] IMPLICIT INTEGER OPTIONAL, + itemization [14] IMPLICIT Itemization OPTIONAL, + widow-size [15] IMPLICIT INTEGER OPTIONAL, + orphan-size [16] IMPLICIT INTEGER OPTIONAL, + graphic-character-sets [17] IMPLICIT OCTET STRING OPTIONAL, + indentation [19] IMPLICIT INTEGER OPTIONAL, + kerning-offset [20] IMPLICIT Kerning-Offset OPTIONAL, + proportional-line-spacing [21] IMPLICIT Proportional-Line-Spacing OPTIONAL, + pairwise-kerning [22] IMPLICIT Pairwise-Kerning OPTIONAL, + first-line-offset [23] IMPLICIT INTEGER OPTIONAL, + code-extension-announcers [24] IMPLICIT OCTET STRING OPTIONAL +} + +One-Of-Four-Angles ::= INTEGER {d0(0), d90(1), d180(2), d270(3)} + +One-Of-Two-Angles ::= INTEGER {d90(1), d270(3)} + +Measure-Pair ::= SEQUENCE { + horizontal [0] IMPLICIT INTEGER, + vertical [1] IMPLICIT INTEGER +} + +Alignment ::= INTEGER { + start-aligned(0), end-aligned(1), centred(2), justified(3)} + +Layout-Table ::= SET OF Tabulation-Stop + +Tabulation-Stop ::= SET { + tabulation-reference [0] IMPLICIT NumericString, + tabulation-position [1] IMPLICIT INTEGER, + alignment + [2] IMPLICIT INTEGER {start-aligned(0), end-aligned(1), centred(2), + aligned-around(3)}, + alignment-character-string [3] IMPLICIT OCTET STRING OPTIONAL +} + +-- string of graphic characters +-- from the set of graphic elements +-- specified by the presentation +-- attributes "graphic character +-- sets" and "graphic character +-- subrepertoire" +Graphic-Rendition ::= SET OF Graphic-Rendition-Aspect + +Character-Fonts ::= SET { + primary-font [0] IMPLICIT Font-Type OPTIONAL, + first-alternative-font [1] IMPLICIT Font-Type OPTIONAL, + second-alternative-font [2] IMPLICIT Font-Type OPTIONAL, + third-alternative-font [3] IMPLICIT Font-Type OPTIONAL, + fourth-alternative-font [4] IMPLICIT Font-Type OPTIONAL, + fifth-alternative-font [5] IMPLICIT Font-Type OPTIONAL, + sixth-alternative-font [6] IMPLICIT Font-Type OPTIONAL, + seventh-alternative-font [7] IMPLICIT Font-Type OPTIONAL, + eighth-alternative-font [8] IMPLICIT Font-Type OPTIONAL, + ninth-alternative-font [9] IMPLICIT Font-Type OPTIONAL +} + +Font-Type ::= SET { + font-size [0] IMPLICIT INTEGER, + font-identifier [1] IMPLICIT INTEGER +} + +Graphic-Rendition-Aspect ::= INTEGER { + cancel(0), increased-intensity(1), decreased-intensity(2), italicized(3), + underlined(4), slowly-blinking(5), rapidly-blinking(6), negative-image(7), + crossed-out(9), primary-font(10), first-alternative-font(11), + second-alternative-font(12), third-alternative-font(13), + fourth-alternative-font(14), fifth-alternative-font(15), + sixth-alternative-font(16), seventh-alternative-font(17), + eighth-alternative-font(18), ninth-alternative-font(19), + doubly-underlined(21), normal-intensity(22), not-italicized(23), + not-underlined(24), steady(25), variable-spacing(26), positive-image(27), + not-crossed-out(29), black-foreground(30), red-foreground(31), + green-foreground(32), yellow-foreground(33), blue-foreground(34), + magenta-foreground(35), cyan-foreground(36), white-foreground(37), + select-char-foreground-colour(38), black-background(40), red-background(41), + green-background(42), yellow-background(43), blue-background(44), + magenta-background(45), cyan-background(46), white-background(47), + select-char-background-colour(48), not-variable-spacing(50)} + +Formatting-Indicator ::= INTEGER {no(0), yes(1)} + +Itemization ::= SET { + identifier-alignment + [0] IMPLICIT INTEGER {no-itemization(0), start-aligned(1), end-aligned(2)}, + identifier-start-offset [1] IMPLICIT INTEGER OPTIONAL, + identifier-end-offset [2] IMPLICIT INTEGER OPTIONAL +} + +Kerning-Offset ::= SET { + start-offset [0] IMPLICIT INTEGER, + end-offset [1] IMPLICIT INTEGER +} + +Proportional-Line-Spacing ::= INTEGER {no(0), yes(1)} + +Pairwise-Kerning ::= INTEGER {no(0), yes(1)} + +END \ No newline at end of file diff --git a/priv/cms/Colour-Attributes.asn1 b/priv/cms/Colour-Attributes.asn1 new file mode 100644 index 0000000..83b4fa2 --- /dev/null +++ b/priv/cms/Colour-Attributes.asn1 @@ -0,0 +1,187 @@ +Colour-Attributes {2 8 1 5 14} DEFINITIONS ::= +BEGIN + +EXPORTS + Colour-Expression, Colour-Table, Colour-Spaces-List, Colour-Characteristics; + +IMPORTS Character-Data + FROM Document-Profile-Descriptor; -- see 7.7 + +Real-Or-Int ::= CHOICE {a REAL, + b INTEGER +} + +Colour-Expression ::= SEQUENCE { + colour-access-mode [0] IMPLICIT INTEGER {direct(0), indexed(1)}, + a + [1] CHOICE {direct-colour [0] IMPLICIT Direct-Colour, + indexed-colour [1] IMPLICIT Indexed-Colour} +} + +Direct-Colour ::= SET { + colour-space-id [0] IMPLICIT INTEGER OPTIONAL, + colour-specification [1] Colour-Specification OPTIONAL, + colour-tolerance [2] Colour-Tolerance OPTIONAL +} + +Colour-Specification ::= CHOICE { + cmyk-colour [0] IMPLICIT CMYK-Colour, + rgb-colour [1] IMPLICIT RGB-Colour, + cie-colour [2] IMPLICIT CIE-Colour +} + +CMYK-Colour ::= SET { + c-value [0] Real-Or-Int, + m-value [1] Real-Or-Int, + y-value [2] Real-Or-Int, + k-value [3] Real-Or-Int OPTIONAL +} + +RGB-Colour ::= SET { + r-value [0] Real-Or-Int, + g-value [1] Real-Or-Int, + b-value [2] Real-Or-Int +} + +CIE-Colour ::= SET { + x-value [0] Real-Or-Int, + y-value [1] Real-Or-Int, + z-value [2] Real-Or-Int +} + +Colour-Tolerance ::= CHOICE { + unspecified-tolerance [0] IMPLICIT NULL, + specified-tolerance [1] IMPLICIT Specified-Tolerance +} + +Specified-Tolerance ::= SET { + tolerance-value [0] Real-Or-Int, + tolerance-space [1] IMPLICIT INTEGER {cieluv(3), cielab(4)} +} + +Indexed-Colour ::= SET {index [0] IMPLICIT INTEGER OPTIONAL +} + +Colour-Table ::= SET { + colour-space-id [0] IMPLICIT INTEGER, + colour-table-entries + [1] IMPLICIT SET OF + SET {index [0] IMPLICIT INTEGER, + colour-coordinates [1] Colour-Specification, + colour-tolerance [2] Colour-Tolerance OPTIONAL + } +} + +Colour-Characteristics ::= SET { + colour-spaces-present + [0] IMPLICIT SEQUENCE OF + SET {colour-space-type [0] IMPLICIT Colour-Space-Type, + colour-calibration-type + [1] IMPLICIT Colour-Space-Calibration-Type}, + colour-modes-present [1] IMPLICIT Colour-Modes-Present, + minimum-colour-tolerance [2] Colour-Tolerance OPTIONAL, + maximum-colour-table-length [3] IMPLICIT INTEGER OPTIONAL, + -- "maximum number of colour table entries" + maximum-rgb-lut-length [4] IMPLICIT INTEGER OPTIONAL, + -- "maximum number of look-up table entries" + maximum-cmy-k-grid-size [5] IMPLICIT INTEGER OPTIONAL +} + +Colour-Space-Type ::= INTEGER {rgb(0), cmyk(1), cmy(2), cieluv(3), cielab(4)} + +Colour-Space-Calibration-Type ::= INTEGER { + no-calibration(0), matrices(1), lookup-tables(2), + matrices-and-lookup-tables(3)} + +Colour-Modes-Present ::= INTEGER {direct(0), indexed(1), both(2)} + +Colour-Spaces-List ::= SET OF Colour-Space + +Colour-Space ::= SET { + colour-space-id [0] IMPLICIT INTEGER, + colour-space-type [1] IMPLICIT Colour-Space-Type, + colour-space-name [2] IMPLICIT Character-Data OPTIONAL, + colour-data-scaling [3] Colour-Data-Scaling OPTIONAL, + calibration-data [4] Calibration-Data OPTIONAL +} + +Colour-Data-Scaling ::= SET { + first-component [0] IMPLICIT Scale-And-Offset, + second-component [1] IMPLICIT Scale-And-Offset, + third-component [2] IMPLICIT Scale-And-Offset, + fourth-component [3] IMPLICIT Scale-And-Offset OPTIONAL +} + +Scale-And-Offset ::= SET { + colour-scale [0] Real-Or-Int, + colour-offset [1] Real-Or-Int +} + +Calibration-Data ::= CHOICE { + rgb [0] IMPLICIT RGB-Calibration, + cmyk [1] IMPLICIT CMY-K-Calibration, + cmy [2] IMPLICIT CMY-K-Calibration, + cieluv [3] IMPLICIT CIE-Calibration, + cielab [4] IMPLICIT CIE-Calibration +} + +CIE-Calibration ::= SET {reference-white [0] IMPLICIT CIE-Ref +} + +RGB-Calibration ::= SET { + reference-white [0] IMPLICIT CIE-Ref, + matrix1 [1] IMPLICIT Three-by-Three-Matrix OPTIONAL, + lookup-table [3] IMPLICIT Colour-Lookup-Table OPTIONAL, + matrix2 [2] IMPLICIT Three-by-Three-Matrix OPTIONAL +} + +Three-by-Three-Matrix ::= SEQUENCE { + row-1 Three-Nums, + row-2 Three-Nums, + row-3 Three-Nums +} + +Three-Nums ::= SEQUENCE { + column-1 Real-Or-Int, + column-2 Real-Or-Int, + column-3 Real-Or-Int +} + +Colour-Lookup-Table ::= SET { + number-of-entries [0] IMPLICIT INTEGER, + m [1] IMPLICIT INTEGER, + n [2] IMPLICIT INTEGER, + colour-table [3] IMPLICIT SET OF Colour-Table-Entry +} + +Colour-Table-Entry ::= SET { + index [3] IMPLICIT INTEGER, + r [0] Real-Or-Int, + g [1] Real-Or-Int, + b [2] Real-Or-Int +} + +CMY-K-Calibration ::= SET { + reference-white [0] IMPLICIT CIE-Ref, + comment [1] IMPLICIT Character-Data OPTIONAL, + cmyk-lut [2] IMPLICIT Grid-Specification +} + +Grid-Specification ::= + SET OF + SET {grid-location [0] IMPLICIT CMYK-Colour, + grid-value [1] IMPLICIT Grid-Value} + +Grid-Value ::= SET { + x-value [0] IMPLICIT REAL, + y-value [1] IMPLICIT REAL, + z-value [2] IMPLICIT REAL +} + +CIE-Ref ::= SET { + xn-value [0] Real-Or-Int, + yn-value [1] Real-Or-Int, + zn-value [2] Real-Or-Int +} + +END \ No newline at end of file diff --git a/priv/cms/CryptographicMessageSyntax-2010.asn1 b/priv/cms/CryptographicMessageSyntax-2010.asn1 new file mode 100644 index 0000000..d4f18cd --- /dev/null +++ b/priv/cms/CryptographicMessageSyntax-2010.asn1 @@ -0,0 +1,481 @@ +-- RFC 6268 + + CryptographicMessageSyntax-2010 + { iso(1) member-body(2) us(840) rsadsi(113549) + pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2009(58) } + DEFINITIONS IMPLICIT TAGS ::= + BEGIN + IMPORTS + + ParamOptions, DIGEST-ALGORITHM, SIGNATURE-ALGORITHM, + PUBLIC-KEY, KEY-DERIVATION, KEY-WRAP, MAC-ALGORITHM, + KEY-AGREE, KEY-TRANSPORT, CONTENT-ENCRYPTION, ALGORITHM, + AlgorithmIdentifier{} + FROM AlgorithmInformation-2009 + {iso(1) identified-organization(3) dod(6) internet(1) security(5) + mechanisms(5) pkix(7) id-mod(0) + id-mod-algorithmInformation-02(58)} + + SignatureAlgs, MessageDigestAlgs, KeyAgreementAlgs, + MessageAuthAlgs, KeyWrapAlgs, ContentEncryptionAlgs, + KeyTransportAlgs, KeyDerivationAlgs, KeyAgreePublicKeys + FROM CryptographicMessageSyntaxAlgorithms-2009 + { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) + smime(16) modules(0) id-mod-cmsalg-2001-02(37) } + + Certificate, CertificateList, CertificateSerialNumber, + Name, ATTRIBUTE + FROM PKIX1Explicit-2009 + { iso(1) identified-organization(3) dod(6) internet(1) + security(5) mechanisms(5) pkix(7) id-mod(0) + id-mod-pkix1-explicit-02(51) } + + AttributeCertificate + FROM PKIXAttributeCertificate-2009 + { iso(1) identified-organization(3) dod(6) internet(1) + security(5) mechanisms(5) pkix(7) id-mod(0) + id-mod-attribute-cert-02(47) } + + AttributeCertificateV1 + FROM AttributeCertificateVersion1-2009 + { iso(1) identified-organization(3) dod(6) internet(1) + security(5) mechanisms(5) pkix(7) id-mod(0) + id-mod-v1AttrCert-02(49) } ; + + -- Cryptographic Message Syntax + + -- The following are used for version numbers using the ASN.1 + -- NOTE: The document reference represents where the versioned + -- feature was introduced to the module. + -- + -- idiom "[[n:" + -- Version 1 = PKCS #7 + -- Version 2 = S/MIME V2 + -- Version 3 = RFC 2630 + -- Version 4 = RFC 3369 + -- Version 5 = RFC 3852 + + CONTENT-TYPE ::= CLASS { + &id OBJECT IDENTIFIER UNIQUE, + &Type OPTIONAL + } WITH SYNTAX { + [TYPE &Type] IDENTIFIED BY &id + } + + ContentType ::= CONTENT-TYPE.&id + + ContentInfo ::= SEQUENCE { + contentType CONTENT-TYPE. + &id({ContentSet}), + content [0] EXPLICIT CONTENT-TYPE. + &Type({ContentSet}{@contentType})} + + ContentSet CONTENT-TYPE ::= { + -- Define the set of content types to be recognized. + ct-Data | ct-SignedData | ct-EncryptedData | ct-EnvelopedData | + ct-AuthenticatedData | ct-DigestedData, ... } + + SignedData ::= SEQUENCE { + version CMSVersion, + digestAlgorithms SET OF DigestAlgorithmIdentifier, + encapContentInfo EncapsulatedContentInfo, + certificates [0] IMPLICIT CertificateSet OPTIONAL, + crls [1] IMPLICIT RevocationInfoChoices OPTIONAL, + signerInfos SignerInfos } + + SignerInfos ::= SET OF SignerInfo + + EncapsulatedContentInfo ::= SEQUENCE { + eContentType CONTENT-TYPE.&id({ContentSet}), + eContent [0] EXPLICIT OCTET STRING + ( CONTAINING CONTENT-TYPE. + &Type({ContentSet}{@eContentType})) OPTIONAL } + + SignerInfo ::= SEQUENCE { + version CMSVersion, + sid SignerIdentifier, + digestAlgorithm DigestAlgorithmIdentifier, + signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL, + signatureAlgorithm SignatureAlgorithmIdentifier, + signature SignatureValue, + unsignedAttrs [1] IMPLICIT Attributes + {{UnsignedAttributes}} OPTIONAL } + + SignedAttributes ::= Attributes {{ SignedAttributesSet }} + + SignerIdentifier ::= CHOICE { + issuerAndSerialNumber IssuerAndSerialNumber, + ..., + [[3: subjectKeyIdentifier [0] SubjectKeyIdentifier ]] } + + SignedAttributesSet ATTRIBUTE ::= + { aa-signingTime | aa-messageDigest | aa-contentType, ... } + + UnsignedAttributes ATTRIBUTE ::= { aa-countersignature, ... } + + SignatureValue ::= OCTET STRING + + EnvelopedData ::= SEQUENCE { + version CMSVersion, + originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL, + recipientInfos RecipientInfos, + encryptedContentInfo EncryptedContentInfo, + ..., + [[2: unprotectedAttrs [1] IMPLICIT Attributes + {{ UnprotectedEnvAttributes }} OPTIONAL ]] } + + OriginatorInfo ::= SEQUENCE { + certs [0] IMPLICIT CertificateSet OPTIONAL, + crls [1] IMPLICIT RevocationInfoChoices OPTIONAL } + + RecipientInfos ::= SET SIZE (1..MAX) OF RecipientInfo + + EncryptedContentInfo ::= + EncryptedContentInfoType { ContentEncryptionAlgorithmIdentifier } + + EncryptedContentInfoType { AlgorithmIdentifierType } ::= SEQUENCE { + contentType CONTENT-TYPE.&id({ContentSet}), + contentEncryptionAlgorithm AlgorithmIdentifierType, + encryptedContent [0] IMPLICIT OCTET STRING OPTIONAL } + + -- If you want to do constraints, you might use: + -- EncryptedContentInfo ::= SEQUENCE { + -- contentType CONTENT-TYPE.&id({ContentSet}), + -- contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier, + -- encryptedContent [0] IMPLICIT ENCRYPTED {CONTENT-TYPE. + -- &Type({ContentSet}{@contentType}) OPTIONAL } + -- ENCRYPTED {ToBeEncrypted} ::= OCTET STRING ( CONSTRAINED BY + -- { ToBeEncrypted } ) + + UnprotectedEnvAttributes ATTRIBUTE ::= { ... } + UnprotectedEncAttributes ATTRIBUTE ::= { ... } + + RecipientInfo ::= CHOICE { + ktri KeyTransRecipientInfo, + ..., + [[3: kari [1] KeyAgreeRecipientInfo ]], + [[4: kekri [2] KEKRecipientInfo]], + [[5: pwri [3] PasswordRecipientInfo, + ori [4] OtherRecipientInfo ]] } + + EncryptedKey ::= OCTET STRING + + KeyTransRecipientInfo ::= SEQUENCE { + version CMSVersion, -- always set to 0 or 2 + rid RecipientIdentifier, + keyEncryptionAlgorithm AlgorithmIdentifier + {KEY-TRANSPORT, {KeyTransportAlgorithmSet}}, + encryptedKey EncryptedKey } + + KeyTransportAlgorithmSet KEY-TRANSPORT ::= { KeyTransportAlgs, ... } + + RecipientIdentifier ::= CHOICE { + issuerAndSerialNumber IssuerAndSerialNumber, + ..., + [[2: subjectKeyIdentifier [0] SubjectKeyIdentifier ]] } + KeyAgreeRecipientInfo ::= SEQUENCE { + version CMSVersion, -- always set to 3 + originator [0] EXPLICIT OriginatorIdentifierOrKey, + ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL, + keyEncryptionAlgorithm AlgorithmIdentifier + {KEY-AGREE, {KeyAgreementAlgorithmSet}}, + recipientEncryptedKeys RecipientEncryptedKeys } + + KeyAgreementAlgorithmSet KEY-AGREE ::= { KeyAgreementAlgs, ... } + + OriginatorIdentifierOrKey ::= CHOICE { + issuerAndSerialNumber IssuerAndSerialNumber, + subjectKeyIdentifier [0] SubjectKeyIdentifier, + originatorKey [1] OriginatorPublicKey } + + OriginatorPublicKey ::= SEQUENCE { + algorithm AlgorithmIdentifier {PUBLIC-KEY, {OriginatorKeySet}}, + publicKey BIT STRING } + + OriginatorKeySet PUBLIC-KEY ::= { KeyAgreePublicKeys, ... } + + RecipientEncryptedKeys ::= SEQUENCE OF RecipientEncryptedKey + + RecipientEncryptedKey ::= SEQUENCE { + rid KeyAgreeRecipientIdentifier, + encryptedKey EncryptedKey } + + KeyAgreeRecipientIdentifier ::= CHOICE { + issuerAndSerialNumber IssuerAndSerialNumber, + rKeyId [0] IMPLICIT RecipientKeyIdentifier } + + RecipientKeyIdentifier ::= SEQUENCE { + subjectKeyIdentifier SubjectKeyIdentifier, + date GeneralizedTime OPTIONAL, + other OtherKeyAttribute OPTIONAL } + + SubjectKeyIdentifier ::= OCTET STRING + + KEKRecipientInfo ::= SEQUENCE { + version CMSVersion, -- always set to 4 + kekid KEKIdentifier, + keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, + encryptedKey EncryptedKey } + + KEKIdentifier ::= SEQUENCE { + keyIdentifier OCTET STRING, + date GeneralizedTime OPTIONAL, + other OtherKeyAttribute OPTIONAL } + PasswordRecipientInfo ::= SEQUENCE { + version CMSVersion, -- always set to 0 + keyDerivationAlgorithm [0] KeyDerivationAlgorithmIdentifier + OPTIONAL, + keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, + encryptedKey EncryptedKey } + + OTHER-RECIPIENT ::= TYPE-IDENTIFIER + + OtherRecipientInfo ::= SEQUENCE { + oriType OTHER-RECIPIENT. + &id({SupportedOtherRecipInfo}), + oriValue OTHER-RECIPIENT. + &Type({SupportedOtherRecipInfo}{@oriType})} + + SupportedOtherRecipInfo OTHER-RECIPIENT ::= { ... } + + DigestedData ::= SEQUENCE { + version CMSVersion, + digestAlgorithm DigestAlgorithmIdentifier, + encapContentInfo EncapsulatedContentInfo, + digest Digest, ... } + + Digest ::= OCTET STRING + + EncryptedData ::= SEQUENCE { + version CMSVersion, + encryptedContentInfo EncryptedContentInfo, + ..., + [[2: unprotectedAttrs [1] IMPLICIT Attributes + {{UnprotectedEncAttributes}} OPTIONAL ]] } + + AuthenticatedData ::= SEQUENCE { + version CMSVersion, + originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL, + recipientInfos RecipientInfos, + macAlgorithm MessageAuthenticationCodeAlgorithm, + digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL, + encapContentInfo EncapsulatedContentInfo, + authAttrs [2] IMPLICIT AuthAttributes OPTIONAL, + mac MessageAuthenticationCode, + unauthAttrs [3] IMPLICIT UnauthAttributes OPTIONAL } + + AuthAttributes ::= SET SIZE (1..MAX) OF Attribute + {{AuthAttributeSet}} + + AuthAttributeSet ATTRIBUTE ::= { aa-contentType | aa-messageDigest + | aa-signingTime, ...} + + MessageAuthenticationCode ::= OCTET STRING + + UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute + {{UnauthAttributeSet}} + + UnauthAttributeSet ATTRIBUTE ::= {...} + + -- + -- General algorithm definitions + -- + + DigestAlgorithmIdentifier ::= AlgorithmIdentifier + {DIGEST-ALGORITHM, {DigestAlgorithmSet}} + + DigestAlgorithmSet DIGEST-ALGORITHM ::= { + CryptographicMessageSyntaxAlgorithms-2009.MessageDigestAlgs, ... } + + SignatureAlgorithmIdentifier ::= AlgorithmIdentifier + {SIGNATURE-ALGORITHM, {SignatureAlgorithmSet}} + + SignatureAlgorithmSet SIGNATURE-ALGORITHM ::= + { SignatureAlgs, ... } + + KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier + {KEY-WRAP, {KeyEncryptionAlgorithmSet}} + + KeyEncryptionAlgorithmSet KEY-WRAP ::= { KeyWrapAlgs, ... } + + ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier + {CONTENT-ENCRYPTION, {ContentEncryptionAlgorithmSet}} + + ContentEncryptionAlgorithmSet CONTENT-ENCRYPTION ::= + { ContentEncryptionAlgs, ... } + + MessageAuthenticationCodeAlgorithm ::= AlgorithmIdentifier + {MAC-ALGORITHM, {MessageAuthenticationCodeAlgorithmSet}} + + MessageAuthenticationCodeAlgorithmSet MAC-ALGORITHM ::= + { MessageAuthAlgs, ... } + + KeyDerivationAlgorithmIdentifier ::= AlgorithmIdentifier + {KEY-DERIVATION, {KeyDerivationAlgs, ...}} + + RevocationInfoChoices ::= SET OF RevocationInfoChoice + + RevocationInfoChoice ::= CHOICE { + crl CertificateList, + ..., + [[5: other [1] IMPLICIT OtherRevocationInfoFormat ]] } + + OTHER-REVOK-INFO ::= TYPE-IDENTIFIER + + OtherRevocationInfoFormat ::= SEQUENCE { + otherRevInfoFormat OTHER-REVOK-INFO. + &id({SupportedOtherRevokInfo}), + otherRevInfo OTHER-REVOK-INFO. + &Type({SupportedOtherRevokInfo}{@otherRevInfoFormat})} + + SupportedOtherRevokInfo OTHER-REVOK-INFO ::= { ... } + + CertificateChoices ::= CHOICE { + certificate Certificate, + extendedCertificate [0] IMPLICIT ExtendedCertificate, + -- Obsolete + ..., + [[3: v1AttrCert [1] IMPLICIT AttributeCertificateV1]], + -- Obsolete + [[4: v2AttrCert [2] IMPLICIT AttributeCertificateV2]], + [[5: other [3] IMPLICIT OtherCertificateFormat]] } + + AttributeCertificateV2 ::= AttributeCertificate + + OTHER-CERT-FMT ::= TYPE-IDENTIFIER + + OtherCertificateFormat ::= SEQUENCE { + otherCertFormat OTHER-CERT-FMT. + &id({SupportedCertFormats}), + otherCert OTHER-CERT-FMT. + &Type({SupportedCertFormats}{@otherCertFormat})} + + SupportedCertFormats OTHER-CERT-FMT ::= { ... } + + CertificateSet ::= SET OF CertificateChoices + + IssuerAndSerialNumber ::= SEQUENCE { + issuer Name, + serialNumber CertificateSerialNumber } + + CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4), v5(5) } + + UserKeyingMaterial ::= OCTET STRING + + KEY-ATTRIBUTE ::= TYPE-IDENTIFIER + + OtherKeyAttribute ::= SEQUENCE { + keyAttrId KEY-ATTRIBUTE. + &id({SupportedKeyAttributes}), + keyAttr KEY-ATTRIBUTE. + &Type({SupportedKeyAttributes}{@keyAttrId})} + + SupportedKeyAttributes KEY-ATTRIBUTE ::= { ... } + + -- Content Type Object Identifiers + + id-ct-contentInfo OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) ct(1) 6 } + + ct-Data CONTENT-TYPE ::= { IDENTIFIED BY id-data } + + id-data OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 } + + ct-SignedData CONTENT-TYPE ::= + { TYPE SignedData IDENTIFIED BY id-signedData} + + id-signedData OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2 } + + ct-EnvelopedData CONTENT-TYPE ::= + { TYPE EnvelopedData IDENTIFIED BY id-envelopedData} + + id-envelopedData OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs7(7) 3 } + + ct-DigestedData CONTENT-TYPE ::= + { TYPE DigestedData IDENTIFIED BY id-digestedData} + + id-digestedData OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs7(7) 5 } + + ct-EncryptedData CONTENT-TYPE ::= + { TYPE EncryptedData IDENTIFIED BY id-encryptedData} + + id-encryptedData OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6 } + + ct-AuthenticatedData CONTENT-TYPE ::= + { TYPE AuthenticatedData IDENTIFIED BY id-ct-authData} + + id-ct-authData OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 2 } + + -- + -- The CMS Attributes + -- + + MessageDigest ::= OCTET STRING + + SigningTime ::= Time + + Time ::= CHOICE { + utcTime UTCTime, + generalTime GeneralizedTime } + + Countersignature ::= SignerInfo + + -- Attribute Object Identifiers + + aa-contentType ATTRIBUTE ::= + { TYPE ContentType IDENTIFIED BY id-contentType } + id-contentType OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs9(9) 3 } + + aa-messageDigest ATTRIBUTE ::= + { TYPE MessageDigest IDENTIFIED BY id-messageDigest} + id-messageDigest OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs9(9) 4 } + + aa-signingTime ATTRIBUTE ::= + { TYPE SigningTime IDENTIFIED BY id-signingTime } + id-signingTime OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs9(9) 5 } + + aa-countersignature ATTRIBUTE ::= + { TYPE Countersignature IDENTIFIED BY id-countersignature } + id-countersignature OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs9(9) 6 } + + -- + -- Obsolete Extended Certificate syntax from PKCS#6 + -- + + ExtendedCertificateOrCertificate ::= CHOICE { + certificate Certificate, + extendedCertificate [0] IMPLICIT ExtendedCertificate } + + ExtendedCertificate ::= SEQUENCE { + extendedCertificateInfo ExtendedCertificateInfo, + signatureAlgorithm SignatureAlgorithmIdentifier, + signature Signature } + + ExtendedCertificateInfo ::= SEQUENCE { + version CMSVersion, + certificate Certificate, + attributes UnauthAttributes } + + Signature ::= BIT STRING + + Attribute{ ATTRIBUTE:AttrList } ::= SEQUENCE { + attrType ATTRIBUTE. + &id({AttrList}), + attrValues SET OF ATTRIBUTE. + &Type({AttrList}{@attrType}) } + + Attributes { ATTRIBUTE:AttrList } ::= + SET SIZE (1..MAX) OF Attribute {{ AttrList }} + + END + diff --git a/priv/cms/DOR-definition.asn1 b/priv/cms/DOR-definition.asn1 new file mode 100644 index 0000000..3ef73a6 --- /dev/null +++ b/priv/cms/DOR-definition.asn1 @@ -0,0 +1,130 @@ +DOR-definition {joint-iso-itu-t dor(4) reference-definition(0)} DEFINITIONS ::= +BEGIN + +EXPORTS + AE-Identifier, Altered-value, DOR, dor-abstract-syntax, dor-syntax-asn1, + dorx, Extend-QoS, Local-reference, Locational-identifier, Produce-QoS, + QoS-level, Quality-of-Service, Requested-QoS-level, + Single-use-of-reference, Token; + +IMPORTS + DistinguishedName + FROM InformationFramework {joint-iso-itu-t ds(5) module(1) + informationFramework(1) 3} + PresentationAddress + FROM SelectedAttributeTypes {joint-iso-itu-t ds(5) module(1) + selectedAttributeTypes(5) 3}; + +-- Defined Object Identifiers +dorx OBJECT IDENTIFIER ::= + {joint-iso-itu-t dor(11)} + +-- Object identifier for abstract syntax of DOR +dor-abstract-syntax OBJECT IDENTIFIER ::= + {dorx reference-abstract-syntax(1)} + +-- Object identifier for abstract syntax of DOR with basic ASN.1 encodings in +-- EXTERNAL +dor-syntax-asn1 OBJECT IDENTIFIER ::= + {dorx reference-syntax(2) asn1(0)} + +-- Definition of DOR type +DOR ::= SEQUENCE { + ae-identifier [0] AE-Identifier OPTIONAL, + -- mandatory in case of produce-operations and consume-operations + local-reference [1] Local-reference, + data-object-type OBJECT IDENTIFIER, + -- identifying the abstract syntax and the transfer syntax of the + -- referenced data value + quality-of-service [2] Quality-of-Service DEFAULT {}, + token [3] Token OPTIONAL +} + +AE-Identifier ::= SEQUENCE { -- at least one component shall be present + locational-identifier [0] Locational-identifier OPTIONAL, + direct-logical-identifier [1] DistinguishedName OPTIONAL, + indirect-logical-identifier [2] DistinguishedName OPTIONAL +} + +Locational-identifier ::= SEQUENCE { + presentation-address [0] PresentationAddress, + ae-title [1] AE-title OPTIONAL, + -- as defined in ISO 8650:1988/Cor.1:1990 + application-contexts SET OF OBJECT IDENTIFIER +} + +Local-reference ::= SEQUENCE { + application [0] OCTET STRING OPTIONAL, + specific-reference [1] OCTET STRING +} + +Quality-of-Service ::= SEQUENCE { + qoS-level [0] QoS-level DEFAULT level-1:NULL, + usage-of-reference Single-use-of-reference DEFAULT TRUE +} + +QoS-level ::= CHOICE { + level-1 [1] IMPLICIT NULL, + level-2 [2] IMPLICIT GeneralizedTime, + -- specifying the produce time + level-3 + [3] IMPLICIT SEQUENCE {produce-time GeneralizedTime, + fidelity-time GeneralizedTime} +} + +Single-use-of-reference ::= BOOLEAN + +Token ::= CHOICE { + simpletoken OCTET STRING, + -- used to validate an access which use this DOR + externaltoken EXTERNAL -- for future proxy mechanism +} + +-- Data types for produce-operations +Produce-QoS ::= SEQUENCE { + qoS-level [0] Requested-QoS-level DEFAULT level-1:NULL, + usage-of-reference Single-use-of-reference DEFAULT TRUE +} + +Requested-QoS-level ::= CHOICE { + level-1 [1] IMPLICIT NULL, + level-2 [2] IMPLICIT NULL, + level-3 [3] IMPLICIT GeneralizedTime + -- specifying the requested fidelity-time +} + +-- Data types for extending a specific QoS +Extend-QoS ::= SEQUENCE { + qoS-level [0] Requested-QoS-level OPTIONAL, + -- if omitted, no change required + usage-of-reference Single-use-of-reference OPTIONAL + -- if omitted, no change required +} + +-- Data types for requesting / indicating value alteration in produce-operation +-- or access-operation +Altered-value ::= ENUMERATED { + value-not-altered(1), value-altered(2), undefined(3)} + +-- dw: definition of AE-title, as defined in ISO 8650:1988/Cor.1:1990 +-- dw: defined in-line here so we don't need to import it, original comments +-- dw: are as they appear in the 8650:1988 Annex E +AP-title ::= TYPE-IDENTIFIER.&Type + +-- The exact definition and values used for AP-title +-- should be chosen taking into account the ongoing +-- work in areas of naming, the Directory, and the +-- Registration Authority procedures for AE titles, +-- AE titles, and AE qualifiers +AE-qualifier ::= TYPE-IDENTIFIER.&Type + +-- The exact definition and values used for AE-qualifier +-- should be chosen taking into account the ongoing +-- work in areas of naming, the Directory, and the +-- Registration Authority procedures for AE titles, +-- AE titles, and AE qualifiers +AE-title ::= SEQUENCE {ap AP-title, + ae AE-qualifier +} + +END -- of DOR-definition diff --git a/priv/cms/Default-Value-Lists.asn1 b/priv/cms/Default-Value-Lists.asn1 new file mode 100644 index 0000000..0cb3671 --- /dev/null +++ b/priv/cms/Default-Value-Lists.asn1 @@ -0,0 +1,138 @@ +Default-Value-Lists {2 8 1 5 11} DEFINITIONS ::= +BEGIN + +EXPORTS Default-Value-Lists-Logical, Default-Value-Lists-Layout; + +IMPORTS + Style-Identifier, Category-Name + FROM Identifiers-and-Expressions -- see 7.8 + + Measure-Pair, One-Of-Four-Angles, Medium-Type, Dimension-Pair, Transparency, + Colour, Border, Content-Background-Colour, Content-Foreground-Colour, + Sealed + FROM Layout-Descriptors -- see 7.9 + + Protection + FROM Logical-Descriptors -- see 7.10 + + Presentation-Attributes + FROM Style-Descriptors -- see 7.11 + + Colour-Expression, Colour-Table + FROM Colour-Attributes; -- see 7.14 + +Default-Value-Lists-Layout ::= SET { + page-set-attributes [1] IMPLICIT Page-Set-Attributes OPTIONAL, + page-attributes [2] IMPLICIT Page-Attributes OPTIONAL, + frame-attributes [3] IMPLICIT Frame-Attributes OPTIONAL, + block-attributes [4] IMPLICIT Block-Attributes OPTIONAL +} + +Default-Value-Lists-Logical ::= SET { + composite-logical-attributes + [5] IMPLICIT Composite-Logical-Attributes OPTIONAL, + basic-logical-attributes [6] IMPLICIT Basic-Logical-Attributes OPTIONAL +} + +Page-Set-Attributes ::= SET { + layout-stream-categories layout-stream-categories < Attribute OPTIONAL, + layout-stream-sub-categories + layout-stream-sub-categories < Attribute OPTIONAL +} + +Page-Attributes ::= SET { + dimensions dimensions < Attribute OPTIONAL, + transparency transparency < Attribute OPTIONAL, + presentation-attributes presentation-attributes < Attribute OPTIONAL, + page-position page-position < Attribute OPTIONAL, + medium-type medium-type < Attribute OPTIONAL, + presentation-style presentation-style < Attribute OPTIONAL, + layout-stream-categories layout-stream-categories < Attribute OPTIONAL, + layout-stream-sub-categories + layout-stream-sub-categories < Attribute OPTIONAL, + colour colour < Attribute OPTIONAL, + colour-of-layout-object colour-of-layout-object < Attribute OPTIONAL, + object-colour-table object-colour-table < Attribute OPTIONAL, + content-background-colour content-background-colour < Attribute OPTIONAL, + content-foreground-colour content-foreground-colour < Attribute OPTIONAL, + content-colour-table content-colour-table < Attribute OPTIONAL, + sealed sealed < Attribute OPTIONAL +} + +Frame-Attributes ::= SET { + position position < Attribute OPTIONAL, + dimensions dimensions < Attribute OPTIONAL, + transparency transparency < Attribute OPTIONAL, + layout-path layout-path < Attribute OPTIONAL, + permitted-categories permitted-categories < Attribute OPTIONAL, + layout-stream-categories layout-stream-categories < Attribute OPTIONAL, + layout-stream-sub-categories + layout-stream-sub-categories < Attribute OPTIONAL, + colour colour < Attribute OPTIONAL, + colour-of-layout-object colour-of-layout-object < Attribute OPTIONAL, + object-colour-table object-colour-table < Attribute OPTIONAL, + border border < Attribute OPTIONAL, + sealed sealed < Attribute OPTIONAL +} + +Block-Attributes ::= SET { + position position < Attribute OPTIONAL, + dimensions dimensions < Attribute OPTIONAL, + transparency transparency < Attribute OPTIONAL, + presentation-attributes presentation-attributes < Attribute OPTIONAL, + presentation-style presentation-style < Attribute OPTIONAL, + layout-stream-categories layout-stream-categories < Attribute OPTIONAL, + layout-stream-sub-categories + layout-stream-sub-categories < Attribute OPTIONAL, + colou colour < Attribute OPTIONAL, + colour-of-layout-object colour-of-layout-object < Attribute OPTIONAL, + object-colour-table object-colour-table < Attribute OPTIONAL, + content-background-colour content-background-colour < Attribute OPTIONAL, + content-foreground-colour content-foreground-colour < Attribute OPTIONAL, + content-colour-table content-colour-table < Attribute OPTIONAL, + border border < Attribute OPTIONAL, + sealed sealed < Attribute OPTIONAL +} + +Composite-Logical-Attributes ::= SET { + protection protection < Attribute OPTIONAL, + layout-style layout-style < Attribute OPTIONAL, + sealed sealed < Attribute OPTIONAL +} + +Basic-Logical-Attributes ::= SET { + presentation-attributes presentation-attributes < Attribute OPTIONAL, + -- only for use for the attribute content-architecture-class; + -- the content architecture specific attributes can only be referenced by + -- use of presentation style + protection protection < Attribute OPTIONAL, + presentation-style presentation-style < Attribute OPTIONAL, + layout-style layout-style < Attribute OPTIONAL, + sealed sealed < Attribute OPTIONAL +} + +Attribute ::= CHOICE { + position [0] IMPLICIT Measure-Pair, + dimensions [1] IMPLICIT Dimension-Pair, + transparency [2] IMPLICIT Transparency, + presentation-attributes [3] IMPLICIT Presentation-Attributes, + layout-path [4] IMPLICIT One-Of-Four-Angles, + page-position [5] IMPLICIT Measure-Pair, + medium-type [6] IMPLICIT Medium-Type, + permitted-categories [7] IMPLICIT SET OF Category-Name, + layout-stream-categories [19] IMPLICIT SET OF Category-Name, + layout-stream-sub-categories [20] IMPLICIT SET OF Category-Name, + protection [8] IMPLICIT Protection, + presentation-style [9] IMPLICIT Style-Identifier, + layout-style [10] IMPLICIT Style-Identifier, + colour [11] IMPLICIT Colour, + colour-of-layout-object [14] Colour-Expression, + object-colour-table [15] IMPLICIT Colour-Table, + content-background-colour [16] Content-Background-Colour, + content-foreground-colour [17] Content-Foreground-Colour, + content-colour-table [18] IMPLICIT Colour-Table, + border [12] IMPLICIT Border, + sealed [13] IMPLICIT Sealed +} + +END \ No newline at end of file diff --git a/priv/cms/DirectoryAbstractService.asn1 b/priv/cms/DirectoryAbstractService.asn1 new file mode 100644 index 0000000..7905ebb --- /dev/null +++ b/priv/cms/DirectoryAbstractService.asn1 @@ -0,0 +1,227 @@ +-- Module DirectoryAbstractService (X.511:08/1997) +DirectoryAbstractService {joint-iso-itu-t ds(5) module(1) + directoryAbstractService(2) 3} DEFINITIONS ::= +BEGIN + +-- EXPORTS All +-- The types and values defined in this module are exported for use in the other ASN.1 modules contained +-- within the Directory Specifications, and for the use of other applications which will use them to access +-- Directory services. Other applications may use them for their own purposes, but this will not constrain +-- extensions and modifications needed to maintain or improve the Directory service. + +IMPORTS + informationFramework, authenticationFramework, basicAccessControl + FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) usefulDefinitions(0) 3} + AttributeTypeAndValue FROM BasicAccessControl basicAccessControl + Attribute, AttributeType, AttributeValue, AttributeValueAssertion, + DistinguishedName, Name, RelativeDistinguishedName, SupportedAttributes, + ATTRIBUTE, MATCHING-RULE, ContextAssertion, AttributeTypeAssertion, + OBJECT-CLASS, RelaxationPolicy + FROM InformationFramework informationFramework + CertificationPath, SIGNED{}, SIGNATURE{}, ENCRYPTED{}, AlgorithmIdentifier, AttributeCertificationPath + FROM AuthenticationFramework authenticationFramework; + +-- Common data types +-- Parameterized type for representing optional signing + +OPTIONALLY-SIGNED {Type} ::= CHOICE { + unsigned Type, + signed SIGNED {Type} +} + +AgreementID ::= SEQUENCE { + identifier INTEGER, + version INTEGER } + +Code ::= CHOICE { + local INTEGER, + global OBJECT IDENTIFIER } + +OperationProgress ::= SET { + nameResolutionPhase [0] ENUMERATED {notStarted(1), proceeding(2), completed(3)}, + nextRDNToBeResolved [1] INTEGER OPTIONAL } + +ReferenceType ::= ENUMERATED { + superior(1), subordinate(2), cross(3), nonSpecificSubordinate(4), + supplier(5), master(6), immediateSuperior(7), self(8)} + +CommonArguments ::= SET { + serviceControls [30] ServiceControls DEFAULT {}, + securityParameters [29] SecurityParameters OPTIONAL, + requestor [28] DistinguishedName OPTIONAL, + operationProgress [27] OperationProgress DEFAULT { + nameResolutionPhase notStarted }, + aliasedRDNs [26] INTEGER OPTIONAL, + criticalExtensions [25] BIT STRING OPTIONAL, + referenceType [24] ReferenceType OPTIONAL, + entryOnly [23] BOOLEAN DEFAULT TRUE, + nameResolveOnMaste [21] BOOLEAN DEFAULT FALSE, + operationContexts [20] ContextSelection OPTIONAL, + familyGrouping [19] FamilyGrouping DEFAULT entryOnly +} + +FamilyGrouping ::= ENUMERATED { + entryOnly(1), compoundEntry(2), strands(3), multiStrand(4)} + +CommonResults ::= SET { + securityParameters [30] SecurityParameters OPTIONAL, + performer [29] DistinguishedName OPTIONAL, + aliasDereferenced [28] BOOLEAN DEFAULT FALSE, + notification [27] SEQUENCE SIZE (1..MAX) OF Attribute OPTIONAL +} + +CommonResultsSeq ::= SEQUENCE { + securityParameters [30] SecurityParameters OPTIONAL, + performer [29] DistinguishedName OPTIONAL, + aliasDereferenced [28] BOOLEAN DEFAULT FALSE +} + +ServiceControls ::= SET { + options [0] ServiceControlOptions DEFAULT {}, + priority [1] INTEGER {low(0), medium(1), high(2)} DEFAULT medium, + timeLimit [2] INTEGER OPTIONAL, + sizeLimit [3] INTEGER OPTIONAL, + scopeOfReferral [4] INTEGER {dmd(0), country(1)} OPTIONAL, + attributeSizeLimit [5] INTEGER OPTIONAL, + manageDSAITPlaneRef [6] SEQUENCE { + dsaName Name, + agreementID AgreementID } OPTIONAL, + serviceType [7] OBJECT IDENTIFIER OPTIONAL, + userClass [8] INTEGER OPTIONAL +} + +ServiceControlOptions ::= BIT STRING { + preferChaining(0), chainingProhibited(1), localScope(2), dontUseCopy(3), + dontDereferenceAliases(4), subentries(5), copyShallDo(6), + partialNameResolution(7), manageDSAIT(8), noSubtypeMatch(9), + noSubtypeSelection(10), countFamily(11)} + +EntryInformationSelection ::= SET { + attributes CHOICE { + allUserAttributes [0] NULL, + select [1] SET OF AttributeType + } DEFAULT allUserAttributes:NULL, + infoTypes [2] INTEGER { + attributeTypesOnly(0), + attributeTypesAndValues(1) } DEFAULT attributeTypesAndValues, + extraAttributes CHOICE { + allOperationalAttributes [3] NULL, + select [4] SET OF AttributeType} OPTIONAL, + contextSelection ContextSelection OPTIONAL, + returnContexts BOOLEAN DEFAULT FALSE, + familyReturn FamilyReturn DEFAULT {memberSelect contributingEntriesOnly} +} + +ContextSelection ::= CHOICE { + allContexts NULL, + selectedContexts SET OF TypeAndContextAssertion +} + +TypeAndContextAssertion ::= SEQUENCE { + type AttributeType, + contextAssertions CHOICE { + preference SEQUENCE OF ContextAssertion, + all SET OF ContextAssertion + } +} + +FamilyReturn ::= SEQUENCE { + memberSelect ENUMERATED {contributingEntriesOnly(1), participatingEntriesOnly(2), compoundEntry(3)}, + familySelect SEQUENCE SIZE (1..MAX) OF OBJECT-CLASS.&id OPTIONAL +} + +FamilyEntries ::= SEQUENCE { + family-class OBJECT-CLASS.&id, -- structural object class value + familyEntries SEQUENCE OF FamilyEntry } + +FamilyEntry ::= SEQUENCE { + rdn RelativeDistinguishedName, + information SEQUENCE OF CHOICE {attributeType AttributeType,attribute Attribute}, + family-info SEQUENCE SIZE (1..MAX) OF FamilyEntries OPTIONAL } + +EntryInformation ::= SEQUENCE { + name Name, + fromEntry BOOLEAN DEFAULT TRUE, + information SET SIZE (1..MAX) OF CHOICE { + attributeType AttributeType, + attribute Attribute} OPTIONAL, + incompleteEntry [3] BOOLEAN DEFAULT FALSE, -- not in 1988-edition systems + partialNameResolution [4] BOOLEAN DEFAULT FALSE -- not in 1988 or 1993 edition systems -- +} + +Filter ::= CHOICE { + item [0] FilterItem, + and [1] SET OF Filter, + or [2] SET OF Filter, + not [3] Filter } + +FilterItem ::= CHOICE { + equality [0] AttributeValueAssertion, + substrings [1] SEQUENCE { + type ATTRIBUTE.&id({SupportedAttributes}), + strings SEQUENCE OF CHOICE { + initial [0] ATTRIBUTE.&Type ({SupportedAttributes}{@substrings.type}), + any [1] ATTRIBUTE.&Type ({SupportedAttributes}{@substrings.type}), + final [2] ATTRIBUTE.&Type ({SupportedAttributes}{@substrings.type}), + control Attribute}}, + greaterOrEqual [2] AttributeValueAssertion, + lessOrEqual [3] AttributeValueAssertion, + present [4] AttributeType, + approximateMatch [5] AttributeValueAssertion, + extensibleMatch [6] MatchingRuleAssertion, + contextPresent [7] AttributeTypeAssertion +} + +MatchingRuleAssertion ::= SEQUENCE { + matchingRule [1] SET SIZE (1..MAX) OF MATCHING-RULE.&id, + type [2] AttributeType OPTIONAL, + matchValue [3] MATCHING-RULE.&AssertionType (CONSTRAINED BY {}), + dnAttributes [4] BOOLEAN DEFAULT FALSE +} + +PagedResultsRequest ::= CHOICE { + newRequest SEQUENCE { + pageSize INTEGER, + sortKeys SEQUENCE SIZE (1..MAX) OF SortKey OPTIONAL, + reverse [1] BOOLEAN DEFAULT FALSE, + unmerged [2] BOOLEAN DEFAULT FALSE}, + queryReference OCTET STRING } + +SortKey ::= SEQUENCE { + type AttributeType, + orderingRule MATCHING-RULE.&id OPTIONAL } + +SecurityParameters ::= SET { + certification-path [0] CertificationPath OPTIONAL, + name [1] DistinguishedName OPTIONAL, + time [2] Time OPTIONAL, + random [3] BIT STRING OPTIONAL, + target [4] ProtectionRequest OPTIONAL, + response [5] BIT STRING OPTIONAL, + operationCode [6] Code OPTIONAL, + attributeCertificationPath [7] AttributeCertificationPath OPTIONAL, + errorProtection [8] ErrorProtectionRequest OPTIONAL, + errorCode [9] Code OPTIONAL } + +HierarchySelections ::= BIT STRING { + self(0), children(1), parent(2), hierarchy(3), top(4), subtree(5), + siblings(6), siblingChildren(7), siblingSubtree(8), all(9)} + +SearchControlOptions ::= BIT STRING { + searchAliases(0), matchedValuesOnly(1), checkOverspecified(2), + performExactly(3), includeAllAreas(4), noSystemRelaxation(5), dnAttribute(6), + matchOnResidualName(7), entryCount(8), useSubset(9), + separateFamilyMembers(10), searchFamily(11)} + +ProtectionRequest ::= INTEGER { + none(0), signed(1), encrypted(2), signed-encrypted(3)} + +Time ::= CHOICE { + utcTime UTCTime, + generalizedTime GeneralizedTime } + +ErrorProtectionRequest ::= INTEGER { + none(0), signed(1), encrypted(2), signed-encrypted(3)} + +END -- DirectoryAbstractService + diff --git a/priv/cms/Document-Profile-Descriptor.asn1 b/priv/cms/Document-Profile-Descriptor.asn1 new file mode 100644 index 0000000..d924a8f --- /dev/null +++ b/priv/cms/Document-Profile-Descriptor.asn1 @@ -0,0 +1,459 @@ +Document-Profile-Descriptor {2 8 1 5 6} DEFINITIONS ::= +BEGIN + +EXPORTS + Document-Profile-Descriptor, Character-Data, Document-Reference, + Date-and-Time, Dates-and-Times, Personal-Name, Originators, + Other-User-Information, Local-File-References, Security-Information, + Document-Description, + External-References , + Sealed-Doc-Bodyparts, ODA-Version; + +IMPORTS + Resource-Name, Object-or-Class-Identifier, Protected-Part-Identifier, + Style-Identifier + FROM Identifiers-and-Expressions -- see 7.8 + + Measure-Pair, Transparency, Colour, Dimension-Pair, One-Of-Four-Angles, + Border, Medium-Type, Comment-String, Content-Background-Colour, + Content-Foreground-Colour + FROM Layout-Descriptors -- see 7.9 + + Protection + FROM Logical-Descriptors -- see 7.10 + + Content-Architecture-Class, Content-Type, Block-Alignment, Fill-Order + FROM Style-Descriptors -- see 7.11 + + Type-Of-Coding + FROM Text-Units -- see 7.13 + + Colour-Characteristics, Colour-Spaces-List, Colour-Expression, Colour-Table + FROM Colour-Attributes -- see 7.14 + + Character-Content-Defaults, Character-Presentation-Feature, + Character-Coding-Attribute + FROM Character-Profile-Attributes {2 8 1 6 4 + } -- see ITU-T Rec. T.416 | ISO/IEC 8613-6 + Raster-Gr-Content-Defaults, Ra-Gr-Presentation-Feature, + Ra-Gr-Coding-Attribute + FROM Raster-Gr-Profile-Attributes {2 8 1 7 4 + } -- see ITU-T Rec. T.417 | ISO/IEC 8613-7 + Geo-Gr-Content-Defaults, Geo-Gr-Presentation-Feature, Geo-Gr-Coding-Attribute + FROM Geo-Gr-Profile-Attributes {2 8 1 8 4 + } -- see ITU-T Rec. T.418 | ISO/IEC 8613-8 + Font-Attribute-Set + FROM ISO-STANDARD-9541-FONT-ATTRIBUTE-SET {1 0 9541 2 2 + } -- see ISO/IEC 9541-2 + Document-Presentation-Time, Time-Scaling + FROM Temporal-Relationships {2 8 1 14 0}; + +-- See ITU-T Rec. T.424 | ISO/IEC 8613-14 +Document-Profile-Descriptor ::= SET { + generic-layout-structure [0] IMPLICIT NumericString OPTIONAL, + specific-layout-structure [1] IMPLICIT NumericString OPTIONAL, + generic-logical-structure [4] IMPLICIT NumericString OPTIONAL, + specific-logical-structure [5] IMPLICIT NumericString OPTIONAL, + presentation-styles [6] IMPLICIT NumericString OPTIONAL, + layout-styles [7] IMPLICIT NumericString OPTIONAL, + sealed-profiles [12] IMPLICIT NumericString OPTIONAL, + enciphered-profiles [13] IMPLICIT NumericString OPTIONAL, + preenciphered-bodyparts [14] IMPLICIT NumericString OPTIONAL, + postenciphered-bodyparts [15] IMPLICIT NumericString OPTIONAL, + -- for the generic structures, + -- 'partial-generator-set' is represented by "0", 'complete-generator-set' + -- is represented by "1", 'factor-set' is represented by "2"; + -- for the other cases, the numeric string has the value 'present' + -- represented by "1" + external-document-class [9] Document-Reference OPTIONAL, + resource-document [10] Document-Reference OPTIONAL, + resources + [11] IMPLICIT SET OF + SET {resource-identifier Resource-Name, + object-class-identifier Object-or-Class-Identifier + } OPTIONAL, + document-characteristics [2] IMPLICIT Document-Characteristics, + document-management-attributes + [3] IMPLICIT Document-Management-Attributes OPTIONAL, + document-security-attributes + [16] IMPLICIT Document-Security-Attributes OPTIONAL, + links [17] IMPLICIT NumericString OPTIONAL, + link-classes [18] IMPLICIT NumericString OPTIONAL, + enciphered-links [19] IMPLICIT NumericString OPTIONAL, + temporal-relations [20] IMPLICIT NumericString OPTIONAL +} + +Document-Characteristics ::= SET { + document-application-profile + CHOICE {a [0] IMPLICIT INTEGER {group-4-facsimile(2)}, + b [4] IMPLICIT OBJECT IDENTIFIER} OPTIONAL, + doc-appl-profile-defaults + [10] IMPLICIT Doc-Appl-Profile-Defaults OPTIONAL, + document-architecture-class + [1] IMPLICIT INTEGER {formatted(0), processable(1), + formatted-processable(2)}, + content-architecture-classes [5] IMPLICIT SET OF OBJECT IDENTIFIER, + interchange-format-class [6] IMPLICIT INTEGER {if-a(0), if-b(1)}, + oda-version [8] IMPLICIT ODA-Version, + alternative-feature-sets + [11] IMPLICIT SET OF SET OF OBJECT IDENTIFIER OPTIONAL, + non-basic-doc-characteristics + [2] IMPLICIT Non-Basic-Doc-Characteristics OPTIONAL, + non-basic-struc-characteristics + [3] IMPLICIT Non-Basic-Struc-Characteristics OPTIONAL, + additional-doc-characteristics + [9] IMPLICIT Additional-Doc-Characteristics OPTIONAL +} + +ODA-Version ::= SEQUENCE { + standard-or-recommendation Character-Data, + publication-date Date-and-Time +} + +Doc-Appl-Profile-Defaults ::= SET { + document-architecture-defaults + [0] IMPLICIT Document-Architecture-Defaults OPTIONAL, + character-content-defaults + [1] IMPLICIT Character-Content-Defaults OPTIONAL, + raster-gr-content-defaults + [2] IMPLICIT Raster-Gr-Content-Defaults OPTIONAL, + geo-gr-content-defaults + [3] IMPLICIT Geo-Gr-Content-Defaults OPTIONAL, + -- the following tags are reserved for additional types + -- of content defaults: + -- [4] videotex, for use in conjunction with CCITT Recommendations + -- [5] audio + -- [6] dynamic-graphics + external-content-architecture-defaults + [7] IMPLICIT SEQUENCE OF EXTERNAL OPTIONAL +} + +Document-Architecture-Defaults ::= SET { + content-architecture-class + CHOICE {a [0] IMPLICIT Content-Architecture-Class, + b [1] IMPLICIT Content-Type} OPTIONAL, + page-dimensions [2] IMPLICIT Measure-Pair OPTIONAL, + transparency [3] IMPLICIT Transparency OPTIONAL, + colour [4] IMPLICIT Colour OPTIONAL, + colour-of-layout-object [11] Colour-Expression OPTIONAL, + object-colour-table [12] IMPLICIT Colour-Table OPTIONAL, + content-background-colour [13] Content-Background-Colour OPTIONAL, + content-foreground-colour [14] Content-Foreground-Colour OPTIONAL, + content-colour-table [15] IMPLICIT Colour-Table OPTIONAL, + layout-path [5] IMPLICIT One-Of-Four-Angles OPTIONAL, + medium-type [6] IMPLICIT Medium-Type OPTIONAL, + block-alignment [7] IMPLICIT Block-Alignment OPTIONAL, + border [8] IMPLICIT Border OPTIONAL, + page-position [9] IMPLICIT Measure-Pair OPTIONAL, + type-of-coding [10] Type-Of-Coding OPTIONAL +} + +Non-Basic-Doc-Characteristics ::= SET { + profile-character-sets [5] IMPLICIT OCTET STRING OPTIONAL, + comments-character-sets [1] IMPLICIT OCTET STRING OPTIONAL, + alternative-repr-char-sets [6] IMPLICIT OCTET STRING OPTIONAL, + -- each of these octet strings represents a string of escape sequences + page-dimensions [2] IMPLICIT SET OF Dimension-Pair OPTIONAL, + medium-types [8] IMPLICIT SET OF Medium-Type OPTIONAL, + layout-paths + [21] IMPLICIT SET OF One-Of-Four-Angles OPTIONAL, + transparencies [22] IMPLICIT SET OF Transparency OPTIONAL, + protections [23] IMPLICIT SET OF Protection OPTIONAL, + block-alignments + [24] IMPLICIT SET OF Block-Alignment OPTIONAL, + fill-orders [25] IMPLICIT SET OF Fill-Order OPTIONAL, + colours [26] IMPLICIT SET OF Colour OPTIONAL, + colours-of-layout-object + [30] IMPLICIT SET OF Colour-Expression OPTIONAL, + object-colour-tables [31] IMPLICIT SET OF Colour-Table OPTIONAL, + content-background-colours + [32] IMPLICIT SET OF Content-Background-Colour OPTIONAL, + content-foreground-colours + [33] IMPLICIT SET OF Content-Foreground-Colour OPTIONAL, + content-colour-tables [34] IMPLICIT SET OF Colour-Table OPTIONAL, + borders [27] IMPLICIT SET OF Border OPTIONAL, + page-positions [28] IMPLICIT SET OF Measure-Pair OPTIONAL, + types-of-coding [29] IMPLICIT SET OF Type-Of-Coding OPTIONAL, + character-presentation-features + [9] IMPLICIT SET OF Character-Presentation-Feature OPTIONAL, + ra-gr-presentation-features + [4] IMPLICIT SET OF Ra-Gr-Presentation-Feature OPTIONAL, + geo-gr-presentation-features + [12] IMPLICIT SET OF Geo-Gr-Presentation-Feature OPTIONAL, + character-coding-attributes + [16] IMPLICIT SET OF Character-Coding-Attribute OPTIONAL, + ra-gr-coding-attributes + [3] IMPLICIT SET OF Ra-Gr-Coding-Attribute OPTIONAL, + geo-gr-coding-attributes + [17] IMPLICIT SET OF Geo-Gr-Coding-Attribute OPTIONAL, + ext-non-basic-pres-features [10] IMPLICIT SEQUENCE OF EXTERNAL OPTIONAL, + ext-non-basic-coding-attributes [11] IMPLICIT SEQUENCE OF EXTERNAL OPTIONAL +} + +Non-Basic-Struc-Characteristics ::= SET { + number-of-objects-per-page [0] IMPLICIT INTEGER OPTIONAL +} + +Additional-Doc-Characteristics ::= SET { + unit-scaling [3] IMPLICIT SEQUENCE {a INTEGER, + b INTEGER} OPTIONAL, + fonts-list [2] IMPLICIT Fonts-List OPTIONAL, + colour-characteristics [0] IMPLICIT Colour-Characteristics OPTIONAL, + colour-spaces-list [1] IMPLICIT Colour-Spaces-List OPTIONAL, + assured-reproduction-areas [5] IMPLICIT Assured-Reproduction-Areas OPTIONAL, + time-scaling [6] IMPLICIT Time-Scaling OPTIONAL, + document-presentation-time [7] IMPLICIT Document-Presentation-Time OPTIONAL +} + +Fonts-List ::= + SET OF SET {font-identifier INTEGER, + font-reference Font-Reference} + +Font-Reference ::= SET { + user-visible-name [0] IMPLICIT Comment-String OPTIONAL, + user-readable-comment [1] IMPLICIT Comment-String OPTIONAL, + reference-properties + [2] IMPLICIT SET OF + SET {precedence-number [0] IMPLICIT INTEGER OPTIONAL, + properties [1] IMPLICIT Font-Attribute-Set, + user-readable-comment + [2] IMPLICIT Comment-String OPTIONAL} +} + +Assured-Reproduction-Areas ::= + SET OF + SET {nominal-page-size [0] IMPLICIT Measure-Pair, + assured-reproduction-area + [1] SET {position [0] IMPLICIT Measure-Pair, + dimensions [1] IMPLICIT Measure-Pair}} + +Document-Management-Attributes ::= SET { + document-description [7] IMPLICIT Document-Description OPTIONAL, + dates-and-times [0] IMPLICIT Dates-and-Times OPTIONAL, + originators [1] IMPLICIT Originators OPTIONAL, + other-user-information [2] IMPLICIT Other-User-Information OPTIONAL, + external-references [3] IMPLICIT External-References OPTIONAL, + local-file-references [4] IMPLICIT Local-File-References OPTIONAL, + content-attributes [5] IMPLICIT Content-Attributes OPTIONAL, + security-information [6] IMPLICIT Security-Information OPTIONAL +} + +Document-Description ::= SET { + title [0] IMPLICIT Character-Data OPTIONAL, + subject [1] IMPLICIT Character-Data OPTIONAL, + document-type [2] IMPLICIT Character-Data OPTIONAL, + abstract [3] IMPLICIT Character-Data OPTIONAL, + keywords [4] IMPLICIT SET OF Character-Data OPTIONAL, + document-reference [5] Document-Reference OPTIONAL +} + +Character-Data ::= [APPLICATION 3] IMPLICIT OCTET STRING + +-- string of characters from the sets designated by the attribute +-- "profile character sets", plus space, carriage return and line feed +Document-Reference ::= CHOICE { + unique-reference OBJECT IDENTIFIER, + descriptive-reference Character-Data +} + +Dates-and-Times ::= SET { + document-date-and-time [0] IMPLICIT Date-and-Time OPTIONAL, + creation-date-and-time [1] IMPLICIT Date-and-Time OPTIONAL, + local-filing-date-and-time [2] IMPLICIT SEQUENCE OF Date-and-Time OPTIONAL, + expiry-date-and-time [3] IMPLICIT Date-and-Time OPTIONAL, + start-date-and-time [4] IMPLICIT Date-and-Time OPTIONAL, + purge-date-and-time [5] IMPLICIT Date-and-Time OPTIONAL, + release-date-and-time [6] IMPLICIT Date-and-Time OPTIONAL, + revision-history + [7] IMPLICIT SEQUENCE OF + SET {revision-date-and-time + [0] IMPLICIT Date-and-Time OPTIONAL, + version-identifier + [1] IMPLICIT Character-Data OPTIONAL, + revisers + [2] IMPLICIT SET OF + SET {names + [0] IMPLICIT SET OF + Personal-Name + OPTIONAL, + position + [1] IMPLICIT Character-Data + OPTIONAL, + organization + [2] IMPLICIT Character-Data + OPTIONAL} OPTIONAL, + version-reference + [3] Document-Reference OPTIONAL, + user-comments + [4] IMPLICIT Character-Data OPTIONAL} OPTIONAL +} + +Date-and-Time ::= [APPLICATION 4] IMPLICIT PrintableString + +Originators ::= SET { + organizations [0] IMPLICIT SET OF Character-Data OPTIONAL, + preparers + [1] IMPLICIT SEQUENCE OF + SET {personal-name [0] IMPLICIT Personal-Name OPTIONAL, + organization [1] IMPLICIT Character-Data OPTIONAL + } OPTIONAL, + owners + [2] IMPLICIT SEQUENCE OF + SET {personal-name [0] IMPLICIT Personal-Name OPTIONAL, + organization [1] IMPLICIT Character-Data OPTIONAL + } OPTIONAL, + authors + [3] IMPLICIT SEQUENCE OF + SET {personal-name [0] IMPLICIT Personal-Name OPTIONAL, + organization [1] IMPLICIT Character-Data OPTIONAL + } OPTIONAL +} + +Personal-Name ::= [APPLICATION 6] IMPLICIT SET { + surname [0] IMPLICIT Character-Data, + givenname [1] IMPLICIT Character-Data OPTIONAL, + initials [2] IMPLICIT Character-Data OPTIONAL, + generation-qualifier [3] IMPLICIT Character-Data OPTIONAL +} + +Other-User-Information ::= SET { + copyright + [0] IMPLICIT SET OF + SET {copyright-information + [0] IMPLICIT SET OF Character-Data OPTIONAL, + copyright-dates + [1] IMPLICIT SET OF Date-and-Time OPTIONAL} OPTIONAL, + status [1] IMPLICIT Character-Data OPTIONAL, + user-specific-codes [2] IMPLICIT SET OF Character-Data OPTIONAL, + distribution-list + [3] IMPLICIT SEQUENCE OF + SET {personal-name [0] IMPLICIT Personal-Name OPTIONAL, + organization [1] IMPLICIT Character-Data OPTIONAL + } OPTIONAL, + additional-information [5] TYPE-IDENTIFIER.&Type OPTIONAL +} + +External-References ::= + SET { + references-to-other-documents + [0] IMPLICIT SET OF Document-Reference OPTIONAL, + superseded-documents + [1] IMPLICIT SET OF Document-Reference OPTIONAL +} + +Local-File-References ::= + SET OF + SET {file-name [0] IMPLICIT Character-Data OPTIONAL, + location [1] IMPLICIT Character-Data OPTIONAL, + user-comments [2] IMPLICIT Character-Data OPTIONAL} + +Content-Attributes ::= SET { + document-size [1] IMPLICIT INTEGER OPTIONAL, + number-of-pages [2] IMPLICIT INTEGER OPTIONAL, + languages [4] IMPLICIT SET OF Character-Data OPTIONAL +} + +Security-Information ::= SET { + authorization + CHOICE {person [0] IMPLICIT Personal-Name, + organization [4] IMPLICIT Character-Data} OPTIONAL, + security-classification [1] IMPLICIT Character-Data OPTIONAL, + access-rights [2] IMPLICIT SET OF Character-Data OPTIONAL +} + +Document-Security-Attributes ::= SET { + sealed-info-encoding [7] IMPLICIT OBJECT IDENTIFIER OPTIONAL, + oda-security-label [0] IMPLICIT Oda-Security-Label OPTIONAL, + sealed-doc-profiles [1] IMPLICIT Sealed-Doc-Profiles OPTIONAL, + presealed-doc-bodyparts [2] IMPLICIT Sealed-Doc-Bodyparts OPTIONAL, + postsealed-doc-bodyparts [3] IMPLICIT Sealed-Doc-Bodyparts OPTIONAL, + enciphered-doc-profiles [4] IMPLICIT Protected-Doc-Parts OPTIONAL, + preenciphered-doc-bodyparts [5] IMPLICIT Protected-Doc-Parts OPTIONAL, + postenciphered-doc-bodyparts [6] IMPLICIT Protected-Doc-Parts OPTIONAL, + sealed-links [8] IMPLICIT Sealed-Doc-Bodyparts OPTIONAL +} + +Oda-Security-Label ::= SEQUENCE { + oda-label-text [0] IMPLICIT Character-Data OPTIONAL, + oda-label-data [1] IMPLICIT OCTET STRING OPTIONAL +} + +Seal-Data ::= SEQUENCE { + seal-method [0] IMPLICIT Seal-Method OPTIONAL, + sealed-information [1] IMPLICIT Sealed-Information OPTIONAL, + seal [2] IMPLICIT OCTET STRING +} + +Seal-Method ::= SEQUENCE { + fingerprint-method [0] IMPLICIT Method-Information OPTIONAL, + fingerprint-key-information [1] IMPLICIT Key-Information OPTIONAL, + sealing-method [2] IMPLICIT Method-Information OPTIONAL, + sealing-key-information [3] IMPLICIT Key-Information OPTIONAL +} + +Sealed-Information ::= SEQUENCE { + fingerprint [0] IMPLICIT OCTET STRING OPTIONAL, + time [1] IMPLICIT Date-and-Time OPTIONAL, + sealing-orig-id [2] IMPLICIT Personal-Name OPTIONAL, + location [3] IMPLICIT Location OPTIONAL +} + +Method-Information ::= SEQUENCE { + unique-method-info [0] IMPLICIT OBJECT IDENTIFIER OPTIONAL, + descriptive-method-info [1] IMPLICIT Character-Data OPTIONAL +} + +Key-Information ::= SEQUENCE { + method-information [0] IMPLICIT Method-Information OPTIONAL, + additional-information [1] IMPLICIT Additional-Information OPTIONAL +} + +Additional-Information ::= SEQUENCE { + descriptive-information [0] IMPLICIT Character-Data OPTIONAL, + octet-string [1] IMPLICIT OCTET STRING OPTIONAL +} + +Location ::= SEQUENCE { + unique-location [0] IMPLICIT OBJECT IDENTIFIER OPTIONAL, + descriptive-location [1] IMPLICIT Character-Data OPTIONAL +} + +Sealed-Doc-Profiles ::= + SET OF + SEQUENCE {sealed-doc-prof-descriptor-id + [0] IMPLICIT Protected-Part-Identifier, + privileged-recipients + [1] IMPLICIT SET OF Personal-Name OPTIONAL, + doc-prof-seal [2] IMPLICIT Seal-Data} + +Sealed-Doc-Bodyparts ::= + SET OF + SEQUENCE {seal-id [0] IMPLICIT INTEGER, + sealed-constituents [1] IMPLICIT Sealed-Constituents, + privileged-recipients [2] IMPLICIT SET OF Personal-Name OPTIONAL, + doc-bodypart-seal [3] IMPLICIT Seal-Data} + +Sealed-Constituents ::= SEQUENCE { + object-class-identifiers + [0] IMPLICIT SEQUENCE OF Object-or-Class-Identifier OPTIONAL, + presentation-style-identifiers + [1] IMPLICIT SEQUENCE OF Style-Identifier OPTIONAL, + layout-style-identifiers + [2] IMPLICIT SEQUENCE OF Style-Identifier OPTIONAL, + object-identifiers + [3] IMPLICIT SEQUENCE OF Object-or-Class-Identifier OPTIONAL +} + +Protected-Doc-Parts ::= + SET OF + SEQUENCE {protected-doc-part-id [0] IMPLICIT Protected-Part-Identifier, + priv-recipients-info [1] IMPLICIT SET OF Priv-Recipients-Info + } + +Priv-Recipients-Info ::= SEQUENCE { + privileged-recipients [0] IMPLICIT SET OF Personal-Name OPTIONAL, + encipherment-method-info [1] IMPLICIT Method-Information OPTIONAL, + encipherment-key-info [2] IMPLICIT Key-Information OPTIONAL +} + +END diff --git a/priv/cms/EnrollmentMessageSyntax-2009.asn1 b/priv/cms/EnrollmentMessageSyntax-2009.asn1 new file mode 100644 index 0000000..365e878 --- /dev/null +++ b/priv/cms/EnrollmentMessageSyntax-2009.asn1 @@ -0,0 +1,544 @@ +-- RFC 6402 + EnrollmentMessageSyntax-2009 + {iso(1) identified-organization(3) dod(6) internet(1) + security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-cmc2002-02(53)} + DEFINITIONS IMPLICIT TAGS ::= + BEGIN + EXPORTS ALL; + IMPORTS + + AttributeSet{}, Extension{}, EXTENSION, ATTRIBUTE + FROM PKIX-CommonTypes-2009 + {iso(1) identified-organization(3) dod(6) internet(1) security(5) + mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57)} + AlgorithmIdentifier{}, DIGEST-ALGORITHM, KEY-WRAP, KEY-DERIVATION, + MAC-ALGORITHM, SIGNATURE-ALGORITHM, PUBLIC-KEY + FROM AlgorithmInformation-2009 + {iso(1) identified-organization(3) dod(6) internet(1) security(5) + mechanisms(5) pkix(7) id-mod(0) + id-mod-algorithmInformation-02(58)} + + CertificateSerialNumber, GeneralName, CRLReason, ReasonFlags, + CertExtensions + FROM PKIX1Implicit-2009 + {iso(1) identified-organization(3) dod(6) internet(1) security(5) + mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)} + + Name, id-pkix, PublicKeyAlgorithms, SignatureAlgorithms + FROM PKIX1Explicit-2009 + {iso(1) identified-organization(3) dod(6) internet(1) security(5) + mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51)} + + ContentInfo, IssuerAndSerialNumber, CONTENT-TYPE + FROM CryptographicMessageSyntax-2009 + { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) + smime(16) modules(0) id-mod-cms-2004-02(41)} + + CertReqMsg, PKIPublicationInfo, CertTemplate + FROM PKIXCRMF-2009 + {iso(1) identified-organization(3) dod(6) internet(1) security(5) + mechanisms(5) pkix(7) id-mod(0) id-mod-crmf2005-02(55)} + + mda-sha1 + FROM PKIXAlgs-2009 + { iso(1) identified-organization(3) dod(6) + internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) + id-mod-pkix1-algorithms2008-02(56)} + + kda-PBKDF2, maca-hMAC-SHA1 + FROM CryptographicMessageSyntaxAlgorithms-2009 + { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) + smime(16) modules(0) id-mod-cmsalg-2001-02(37) } + + mda-sha256 + FROM PKIX1-PSS-OAEP-Algorithms-2009 + { iso(1) identified-organization(3) dod(6) + internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) + id-mod-pkix1-rsa-pkalgs-02(54) } ; + + -- CMS Content types defined in this document + CMC-ContentTypes CONTENT-TYPE ::= { ct-PKIData | ct-PKIResponse, ... } + + -- Signature Algorithms defined in this document + + SignatureAlgs SIGNATURE-ALGORITHM ::= { sa-noSignature } + + -- CMS Unsigned Attributes + + CMC-UnsignedAtts ATTRIBUTE ::= { aa-cmc-unsignedData } + + -- + -- + + id-cmc OBJECT IDENTIFIER ::= {id-pkix 7} -- CMC controls + id-cct OBJECT IDENTIFIER ::= {id-pkix 12} -- CMC content types + + -- This is the content type for a request message in the protocol + + ct-PKIData CONTENT-TYPE ::= + { PKIData IDENTIFIED BY id-cct-PKIData } + id-cct-PKIData OBJECT IDENTIFIER ::= { id-cct 2 } + + PKIData ::= SEQUENCE { + controlSequence SEQUENCE SIZE(0..MAX) OF TaggedAttribute, + reqSequence SEQUENCE SIZE(0..MAX) OF TaggedRequest, + cmsSequence SEQUENCE SIZE(0..MAX) OF TaggedContentInfo, + otherMsgSequence SEQUENCE SIZE(0..MAX) OF OtherMsg + } + + BodyPartID ::= INTEGER(0..4294967295) + + TaggedAttribute ::= SEQUENCE { + bodyPartID BodyPartID, + attrType CMC-CONTROL.&id({Cmc-Control-Set}), + attrValues SET OF CMC-CONTROL. + &Type({Cmc-Control-Set}{@attrType}) + } + + Cmc-Control-Set CMC-CONTROL ::= { + cmc-identityProof | cmc-dataReturn | cmc-regInfo | + cmc-responseInfo | cmc-queryPending | cmc-popLinkRandom | + cmc-popLinkWitness | cmc-identification | cmc-transactionId | + cmc-senderNonce | cmc-recipientNonce | cmc-statusInfo | + cmc-addExtensions | cmc-encryptedPOP | cmc-decryptedPOP | + cmc-lraPOPWitness | cmc-getCert | cmc-getCRL | + cmc-revokeRequest | cmc-confirmCertAcceptance | + cmc-statusInfoV2 | cmc-trustedAnchors | cmc-authData | + cmc-batchRequests | cmc-batchResponses | cmc-publishCert | + cmc-modCertTemplate | cmc-controlProcessed | + cmc-identityProofV2 | cmc-popLinkWitnessV2, ... } + + OTHER-REQUEST ::= TYPE-IDENTIFIER + + -- We do not define any other requests in this document; + -- examples might be attribute certification requests + + OtherRequests OTHER-REQUEST ::= {...} + + TaggedRequest ::= CHOICE { + tcr [0] TaggedCertificationRequest, + crm [1] CertReqMsg, + orm [2] SEQUENCE { + bodyPartID BodyPartID, + requestMessageType OTHER-REQUEST.&id({OtherRequests}), + requestMessageValue OTHER-REQUEST.&Type({OtherRequests} + {@.requestMessageType}) + } + } + + TaggedCertificationRequest ::= SEQUENCE { + bodyPartID BodyPartID, + certificationRequest CertificationRequest + } + + AttributeList ATTRIBUTE ::= {at-extension-req, ...} + + CertificationRequest ::= SEQUENCE { + certificationRequestInfo SEQUENCE { + version INTEGER, + subject Name, + subjectPublicKeyInfo SEQUENCE { + algorithm AlgorithmIdentifier{PUBLIC-KEY, + {PublicKeyAlgorithms}}, + subjectPublicKey BIT STRING + }, + attributes [0] IMPLICIT SET OF + AttributeSet{{AttributeList}} + }, + signatureAlgorithm AlgorithmIdentifier + {SIGNATURE-ALGORITHM, + {SignatureAlgorithms}}, + signature BIT STRING + } + + TaggedContentInfo ::= SEQUENCE { + bodyPartID BodyPartID, + contentInfo ContentInfo + } + + OTHER-MSG ::= TYPE-IDENTIFIER + + -- No other messages currently defined + + OtherMsgSet OTHER-MSG ::= {...} + + OtherMsg ::= SEQUENCE { + bodyPartID BodyPartID, + otherMsgType OTHER-MSG.&id({OtherMsgSet}), + otherMsgValue OTHER-MSG.&Type({OtherMsgSet}{@otherMsgType}) } + + -- This defines the response message in the protocol + + ct-PKIResponse CONTENT-TYPE ::= + { PKIResponse IDENTIFIED BY id-cct-PKIResponse } + id-cct-PKIResponse OBJECT IDENTIFIER ::= { id-cct 3 } + + ResponseBody ::= PKIResponse + + PKIResponse ::= SEQUENCE { + controlSequence SEQUENCE SIZE(0..MAX) OF TaggedAttribute, + cmsSequence SEQUENCE SIZE(0..MAX) OF TaggedContentInfo, + otherMsgSequence SEQUENCE SIZE(0..MAX) OF OtherMsg + } + + CMC-CONTROL ::= TYPE-IDENTIFIER + + -- The following controls have the type OCTET STRING + + cmc-identityProof CMC-CONTROL ::= + { OCTET STRING IDENTIFIED BY id-cmc-identityProof } + id-cmc-identityProof OBJECT IDENTIFIER ::= {id-cmc 3} + + cmc-dataReturn CMC-CONTROL ::= + { OCTET STRING IDENTIFIED BY id-cmc-dataReturn } + id-cmc-dataReturn OBJECT IDENTIFIER ::= {id-cmc 4} + + cmc-regInfo CMC-CONTROL ::= + { OCTET STRING IDENTIFIED BY id-cmc-regInfo } + id-cmc-regInfo OBJECT IDENTIFIER ::= {id-cmc 18} + + cmc-responseInfo CMC-CONTROL ::= + { OCTET STRING IDENTIFIED BY id-cmc-responseInfo } + id-cmc-responseInfo OBJECT IDENTIFIER ::= {id-cmc 19} + + cmc-queryPending CMC-CONTROL ::= + { OCTET STRING IDENTIFIED BY id-cmc-queryPending } + id-cmc-queryPending OBJECT IDENTIFIER ::= {id-cmc 21} + + cmc-popLinkRandom CMC-CONTROL ::= + { OCTET STRING IDENTIFIED BY id-cmc-popLinkRandom } + id-cmc-popLinkRandom OBJECT IDENTIFIER ::= {id-cmc 22} + + cmc-popLinkWitness CMC-CONTROL ::= + { OCTET STRING IDENTIFIED BY id-cmc-popLinkWitness } + id-cmc-popLinkWitness OBJECT IDENTIFIER ::= {id-cmc 23} + + -- The following controls have the type UTF8String + + cmc-identification CMC-CONTROL ::= + { UTF8String IDENTIFIED BY id-cmc-identification } + id-cmc-identification OBJECT IDENTIFIER ::= {id-cmc 2} + + -- The following controls have the type INTEGER + + cmc-transactionId CMC-CONTROL ::= + { INTEGER IDENTIFIED BY id-cmc-transactionId } + id-cmc-transactionId OBJECT IDENTIFIER ::= {id-cmc 5} + + -- The following controls have the type OCTET STRING + + cmc-senderNonce CMC-CONTROL ::= + { OCTET STRING IDENTIFIED BY id-cmc-senderNonce } + + id-cmc-senderNonce OBJECT IDENTIFIER ::= {id-cmc 6} + + cmc-recipientNonce CMC-CONTROL ::= + { OCTET STRING IDENTIFIED BY id-cmc-recipientNonce } + id-cmc-recipientNonce OBJECT IDENTIFIER ::= {id-cmc 7} + + -- Used to return status in a response + + cmc-statusInfo CMC-CONTROL ::= + { CMCStatusInfo IDENTIFIED BY id-cmc-statusInfo } + id-cmc-statusInfo OBJECT IDENTIFIER ::= {id-cmc 1} + + CMCStatusInfo ::= SEQUENCE { + cMCStatus CMCStatus, + bodyList SEQUENCE SIZE (1..MAX) OF BodyPartID, + statusString UTF8String OPTIONAL, + otherInfo CHOICE { + failInfo CMCFailInfo, + pendInfo PendInfo + } OPTIONAL + } + + PendInfo ::= SEQUENCE { + pendToken OCTET STRING, + pendTime GeneralizedTime + } + + CMCStatus ::= INTEGER { + success (0), + failed (2), + pending (3), + noSupport (4), + confirmRequired (5), + popRequired (6), + partial (7) + } + + -- Note: + -- The spelling of unsupportedExt is corrected in this version. + -- In RFC 2797, it was unsuportedExt. + + CMCFailInfo ::= INTEGER { + badAlg (0), + badMessageCheck (1), + badRequest (2), + badTime (3), + badCertId (4), + unsuportedExt (5), + mustArchiveKeys (6), + badIdentity (7), + popRequired (8), + popFailed (9), + noKeyReuse (10), + internalCAError (11), + tryLater (12), + authDataFail (13) + } + + -- Used for RAs to add extensions to certification requests + + cmc-addExtensions CMC-CONTROL ::= + { AddExtensions IDENTIFIED BY id-cmc-addExtensions } + id-cmc-addExtensions OBJECT IDENTIFIER ::= {id-cmc 8} + + AddExtensions ::= SEQUENCE { + pkiDataReference BodyPartID, + certReferences SEQUENCE OF BodyPartID, + extensions SEQUENCE OF Extension{{CertExtensions}} + } + + cmc-encryptedPOP CMC-CONTROL ::= + { EncryptedPOP IDENTIFIED BY id-cmc-encryptedPOP } + cmc-decryptedPOP CMC-CONTROL ::= + { DecryptedPOP IDENTIFIED BY id-cmc-decryptedPOP } + id-cmc-encryptedPOP OBJECT IDENTIFIER ::= {id-cmc 9} + id-cmc-decryptedPOP OBJECT IDENTIFIER ::= {id-cmc 10} + + EncryptedPOP ::= SEQUENCE { + request TaggedRequest, + cms ContentInfo, + thePOPAlgID AlgorithmIdentifier{MAC-ALGORITHM, {POPAlgs}}, + witnessAlgID AlgorithmIdentifier{DIGEST-ALGORITHM, + {WitnessAlgs}}, + witness OCTET STRING + } + + POPAlgs MAC-ALGORITHM ::= {maca-hMAC-SHA1, ...} + WitnessAlgs DIGEST-ALGORITHM ::= {mda-sha1, ...} + + DecryptedPOP ::= SEQUENCE { + bodyPartID BodyPartID, + thePOPAlgID AlgorithmIdentifier{MAC-ALGORITHM, {POPAlgs}}, + thePOP OCTET STRING + } + + cmc-lraPOPWitness CMC-CONTROL ::= + { LraPopWitness IDENTIFIED BY id-cmc-lraPOPWitness } + + id-cmc-lraPOPWitness OBJECT IDENTIFIER ::= {id-cmc 11} + + LraPopWitness ::= SEQUENCE { + pkiDataBodyid BodyPartID, + bodyIds SEQUENCE OF BodyPartID + } + + -- + + cmc-getCert CMC-CONTROL ::= + { GetCert IDENTIFIED BY id-cmc-getCert } + id-cmc-getCert OBJECT IDENTIFIER ::= {id-cmc 15} + + GetCert ::= SEQUENCE { + issuerName GeneralName, + serialNumber INTEGER } + + cmc-getCRL CMC-CONTROL ::= + { GetCRL IDENTIFIED BY id-cmc-getCRL } + id-cmc-getCRL OBJECT IDENTIFIER ::= {id-cmc 16} + GetCRL ::= SEQUENCE { + issuerName Name, + cRLName GeneralName OPTIONAL, + time GeneralizedTime OPTIONAL, + reasons ReasonFlags OPTIONAL } + + cmc-revokeRequest CMC-CONTROL ::= + { RevokeRequest IDENTIFIED BY id-cmc-revokeRequest} + id-cmc-revokeRequest OBJECT IDENTIFIER ::= {id-cmc 17} + + RevokeRequest ::= SEQUENCE { + issuerName Name, + serialNumber INTEGER, + reason CRLReason, + invalidityDate GeneralizedTime OPTIONAL, + passphrase OCTET STRING OPTIONAL, + comment UTF8String OPTIONAL } + + cmc-confirmCertAcceptance CMC-CONTROL ::= + { CMCCertId IDENTIFIED BY id-cmc-confirmCertAcceptance } + id-cmc-confirmCertAcceptance OBJECT IDENTIFIER ::= {id-cmc 24} + + CMCCertId ::= IssuerAndSerialNumber + + -- The following is used to request v3 extensions be added + -- to a certificate + + at-extension-req ATTRIBUTE ::= + { TYPE ExtensionReq IDENTIFIED BY id-ExtensionReq } + id-ExtensionReq OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) + rsadsi(113549) pkcs(1) pkcs-9(9) 14} + + ExtensionReq ::= SEQUENCE SIZE (1..MAX) OF + Extension{{CertExtensions}} + + -- The following allows Diffie-Hellman Certification Request + -- Messages to be well-formed + + sa-noSignature SIGNATURE-ALGORITHM ::= { + IDENTIFIER id-alg-noSignature + VALUE NoSignatureValue + PARAMS TYPE NULL ARE required + HASHES { mda-sha1 } + } + id-alg-noSignature OBJECT IDENTIFIER ::= {id-pkix id-alg(6) 2} + + NoSignatureValue ::= OCTET STRING + -- Unauthenticated attribute to carry removable data. + + id-aa OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) + rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2)} + + aa-cmc-unsignedData ATTRIBUTE ::= + { TYPE CMCUnsignedData IDENTIFIED BY id-aa-cmc-unsignedData } + id-aa-cmc-unsignedData OBJECT IDENTIFIER ::= {id-aa 34} + + CMCUnsignedData ::= SEQUENCE { + bodyPartPath BodyPartPath, + identifier TYPE-IDENTIFIER.&id, + content TYPE-IDENTIFIER.&Type + } + + -- Replaces CMC Status Info + -- + + cmc-statusInfoV2 CMC-CONTROL ::= + { CMCStatusInfoV2 IDENTIFIED BY id-cmc-statusInfoV2 } + id-cmc-statusInfoV2 OBJECT IDENTIFIER ::= {id-cmc 25} + + EXTENDED-FAILURE-INFO ::= TYPE-IDENTIFIER + + ExtendedFailures EXTENDED-FAILURE-INFO ::= {...} + + CMCStatusInfoV2 ::= SEQUENCE { + cMCStatus CMCStatus, + bodyList SEQUENCE SIZE (1..MAX) OF + BodyPartReference, + statusString UTF8String OPTIONAL, + otherInfo CHOICE { + failInfo CMCFailInfo, + pendInfo PendInfo, + extendedFailInfo [1] SEQUENCE { + failInfoOID TYPE-IDENTIFIER.&id + ({ExtendedFailures}), + failInfoValue TYPE-IDENTIFIER.&Type + ({ExtendedFailures} + {@.failInfoOID}) + } + } OPTIONAL + } + + BodyPartReference ::= CHOICE { + bodyPartID BodyPartID, + bodyPartPath BodyPartPath + } + + BodyPartPath ::= SEQUENCE SIZE (1..MAX) OF BodyPartID + + -- Allow for distribution of trust anchors + -- + + cmc-trustedAnchors CMC-CONTROL ::= + { PublishTrustAnchors IDENTIFIED BY id-cmc-trustedAnchors } + id-cmc-trustedAnchors OBJECT IDENTIFIER ::= {id-cmc 26} + + PublishTrustAnchors ::= SEQUENCE { + seqNumber INTEGER, + hashAlgorithm AlgorithmIdentifier{DIGEST-ALGORITHM, + {HashAlgorithms}}, + anchorHashes SEQUENCE OF OCTET STRING + } + + HashAlgorithms DIGEST-ALGORITHM ::= { + mda-sha1 | mda-sha256, ... + } + + cmc-authData CMC-CONTROL ::= + { AuthPublish IDENTIFIED BY id-cmc-authData } + id-cmc-authData OBJECT IDENTIFIER ::= {id-cmc 27} + + AuthPublish ::= BodyPartID + + -- These two items use BodyPartList + + cmc-batchRequests CMC-CONTROL ::= + { BodyPartList IDENTIFIED BY id-cmc-batchRequests } + id-cmc-batchRequests OBJECT IDENTIFIER ::= {id-cmc 28} + + cmc-batchResponses CMC-CONTROL ::= + { BodyPartList IDENTIFIED BY id-cmc-batchResponses } + id-cmc-batchResponses OBJECT IDENTIFIER ::= {id-cmc 29} + + BodyPartList ::= SEQUENCE SIZE (1..MAX) OF BodyPartID + + cmc-publishCert CMC-CONTROL ::= + { CMCPublicationInfo IDENTIFIED BY id-cmc-publishCert } + id-cmc-publishCert OBJECT IDENTIFIER ::= {id-cmc 30} + + CMCPublicationInfo ::= SEQUENCE { + hashAlg AlgorithmIdentifier{DIGEST-ALGORITHM, + {HashAlgorithms}}, + certHashes SEQUENCE OF OCTET STRING, + pubInfo PKIPublicationInfo + } + + cmc-modCertTemplate CMC-CONTROL ::= + { ModCertTemplate IDENTIFIED BY id-cmc-modCertTemplate } + id-cmc-modCertTemplate OBJECT IDENTIFIER ::= {id-cmc 31} + + ModCertTemplate ::= SEQUENCE { + pkiDataReference BodyPartPath, + certReferences BodyPartList, + replace BOOLEAN DEFAULT TRUE, + certTemplate CertTemplate + } + + -- Inform follow-on servers that one or more controls have + -- already been processed + + cmc-controlProcessed CMC-CONTROL ::= + { ControlsProcessed IDENTIFIED BY id-cmc-controlProcessed } + id-cmc-controlProcessed OBJECT IDENTIFIER ::= {id-cmc 32} + + ControlsProcessed ::= SEQUENCE { + bodyList SEQUENCE SIZE(1..MAX) OF BodyPartReference + } + + -- Identity Proof control w/ algorithm agility + + cmc-identityProofV2 CMC-CONTROL ::= + { IdentityProofV2 IDENTIFIED BY id-cmc-identityProofV2 } + id-cmc-identityProofV2 OBJECT IDENTIFIER ::= { id-cmc 33 } + + IdentityProofV2 ::= SEQUENCE { + proofAlgID AlgorithmIdentifier{DIGEST-ALGORITHM, + {WitnessAlgs}}, + macAlgId AlgorithmIdentifier{MAC-ALGORITHM, {POPAlgs}}, + witness OCTET STRING + } + + cmc-popLinkWitnessV2 CMC-CONTROL ::= + { PopLinkWitnessV2 IDENTIFIED BY id-cmc-popLinkWitnessV2 } + id-cmc-popLinkWitnessV2 OBJECT IDENTIFIER ::= { id-cmc 34 } + + PopLinkWitnessV2 ::= SEQUENCE { + keyGenAlgorithm AlgorithmIdentifier{KEY-DERIVATION, + {KeyDevAlgs}}, + macAlgorithm AlgorithmIdentifier{MAC-ALGORITHM, {POPAlgs}}, + witness OCTET STRING + } + + KeyDevAlgs KEY-DERIVATION ::= {kda-PBKDF2, ...} + + END \ No newline at end of file diff --git a/priv/cms/ExtendedSecurityServices-2009.asn1 b/priv/cms/ExtendedSecurityServices-2009.asn1 new file mode 100644 index 0000000..058d8d6 --- /dev/null +++ b/priv/cms/ExtendedSecurityServices-2009.asn1 @@ -0,0 +1,267 @@ + + ExtendedSecurityServices-2009 + { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) + smime(16) modules(0) id-mod-ess-2006-02(42) } + DEFINITIONS IMPLICIT TAGS ::= + BEGIN + IMPORTS + + AttributeSet{}, ATTRIBUTE, SECURITY-CATEGORY, SecurityCategory{} + FROM PKIX-CommonTypes-2009 + { iso(1) identified-organization(3) dod(6) internet(1) security(5) + mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57) } + + AlgorithmIdentifier{}, ALGORITHM, DIGEST-ALGORITHM + FROM AlgorithmInformation-2009 + {iso(1) identified-organization(3) dod(6) internet(1) security(5) + mechanisms(5) pkix(7) id-mod(0) + id-mod-algorithmInformation-02(58)} + + ContentType, IssuerAndSerialNumber, SubjectKeyIdentifier, + CONTENT-TYPE + FROM CryptographicMessageSyntax-2009 + { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) + smime(16) modules(0) id-mod-cms-2004-02(41) } + + CertificateSerialNumber + FROM PKIX1Explicit-2009 + { iso(1) identified-organization(3) dod(6) internet(1) security(5) + mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51) } + + PolicyInformation, GeneralNames + FROM PKIX1Implicit-2009 + { iso(1) identified-organization(3) dod(6) internet(1) security(5) + mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)} + + mda-sha256 + FROM PKIX1-PSS-OAEP-Algorithms-2009 + { iso(1) identified-organization(3) dod(6) + internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) + id-mod-pkix1-rsa-pkalgs-02(54) } ; + + EssSignedAttributes ATTRIBUTE ::= { + aa-receiptRequest | aa-contentIdentifier | aa-contentHint | + aa-msgSigDigest | aa-contentReference | aa-securityLabel | + aa-equivalentLabels | aa-mlExpandHistory | aa-signingCertificate | + aa-signingCertificateV2, ... } + + EssContentTypes CONTENT-TYPE ::= { ct-receipt, ... } + + -- Extended Security Services + -- The construct "SEQUENCE SIZE (1..MAX) OF" appears in several ASN.1 + -- constructs in this module. A valid ASN.1 SEQUENCE can have zero or + -- more entries. The SIZE (1..MAX) construct constrains the SEQUENCE + -- to have at least one entry. MAX indicates the upper bound is + -- unspecified. Implementations are free to choose an upper bound + -- that suits their environment. + + -- Section 2.7 + + aa-receiptRequest ATTRIBUTE ::= + { TYPE ReceiptRequest IDENTIFIED BY id-aa-receiptRequest} + + ReceiptRequest ::= SEQUENCE { + signedContentIdentifier ContentIdentifier, + receiptsFrom ReceiptsFrom, + receiptsTo SEQUENCE SIZE (1..ub-receiptsTo) OF GeneralNames + } + + ub-receiptsTo INTEGER ::= 16 + + aa-contentIdentifier ATTRIBUTE ::= + { TYPE ContentIdentifier IDENTIFIED BY id-aa-contentIdentifier} + id-aa-receiptRequest OBJECT IDENTIFIER ::= + { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) + smime(16) id-aa(2) 1} + + ContentIdentifier ::= OCTET STRING + + id-aa-contentIdentifier OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 7} + + ct-receipt CONTENT-TYPE ::= + { Receipt IDENTIFIED BY id-ct-receipt } + id-ct-receipt OBJECT IDENTIFIER ::= + { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) + smime(16) id-ct(1) 1} + + ReceiptsFrom ::= CHOICE { + allOrFirstTier [0] AllOrFirstTier, + -- formerly "allOrNone [0]AllOrNone" + receiptList [1] SEQUENCE OF GeneralNames } + + AllOrFirstTier ::= INTEGER { -- Formerly AllOrNone + allReceipts (0), + firstTierRecipients (1) } + + -- Section 2.8 + + Receipt ::= SEQUENCE { + version ESSVersion, + contentType ContentType, + signedContentIdentifier ContentIdentifier, + originatorSignatureValue OCTET STRING + } + + ESSVersion ::= INTEGER { v1(1) } + + -- Section 2.9 + + aa-contentHint ATTRIBUTE ::= + { TYPE ContentHints IDENTIFIED BY id-aa-contentHint } + id-aa-contentHint OBJECT IDENTIFIER ::= + { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) + smime(16) id-aa(2) 4} + + ContentHints ::= SEQUENCE { + contentDescription UTF8String (SIZE (1..MAX)) OPTIONAL, + contentType ContentType } + + -- Section 2.10 + + aa-msgSigDigest ATTRIBUTE ::= + { TYPE MsgSigDigest IDENTIFIED BY id-aa-msgSigDigest } + id-aa-msgSigDigest OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 5} + + MsgSigDigest ::= OCTET STRING + + -- Section 2.11 + + aa-contentReference ATTRIBUTE ::= + { TYPE ContentReference IDENTIFIED BY id-aa-contentReference } + id-aa-contentReference OBJECT IDENTIFIER ::= + { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) + smime(16) id-aa(2) 10 } + + ContentReference ::= SEQUENCE { + contentType ContentType, + signedContentIdentifier ContentIdentifier, + originatorSignatureValue OCTET STRING } + + -- Section 3.2 + + aa-securityLabel ATTRIBUTE ::= + { TYPE ESSSecurityLabel IDENTIFIED BY id-aa-securityLabel } + id-aa-securityLabel OBJECT IDENTIFIER ::= + { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) + smime(16) id-aa(2) 2} + + ESSSecurityLabel ::= SET { + security-policy-identifier SecurityPolicyIdentifier, + security-classification SecurityClassification OPTIONAL, + privacy-mark ESSPrivacyMark OPTIONAL, + security-categories SecurityCategories OPTIONAL } + + SecurityPolicyIdentifier ::= OBJECT IDENTIFIER + + SecurityClassification ::= INTEGER { + unmarked (0), + unclassified (1), + restricted (2), + confidential (3), + secret (4), + top-secret (5) + } (0..ub-integer-options) + + ub-integer-options INTEGER ::= 256 + + ESSPrivacyMark ::= CHOICE { + pString PrintableString (SIZE (1..ub-privacy-mark-length)), + utf8String UTF8String (SIZE (1..MAX)) + } + + ub-privacy-mark-length INTEGER ::= 128 + + SecurityCategories ::= + SET SIZE (1..ub-security-categories) OF SecurityCategory + {{SupportedSecurityCategories}} + + ub-security-categories INTEGER ::= 64 + + SupportedSecurityCategories SECURITY-CATEGORY ::= { ... } + + -- Section 3.4 + + aa-equivalentLabels ATTRIBUTE ::= + { TYPE EquivalentLabels IDENTIFIED BY id-aa-equivalentLabels } + id-aa-equivalentLabels OBJECT IDENTIFIER ::= + { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) + smime(16) id-aa(2) 9} + + EquivalentLabels ::= SEQUENCE OF ESSSecurityLabel + + -- Section 4.4 + + aa-mlExpandHistory ATTRIBUTE ::= + { TYPE MLExpansionHistory IDENTIFIED BY id-aa-mlExpandHistory } + id-aa-mlExpandHistory OBJECT IDENTIFIER ::= + { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) + smime(16) id-aa(2) 3 } + + MLExpansionHistory ::= SEQUENCE + SIZE (1..ub-ml-expansion-history) OF MLData + + ub-ml-expansion-history INTEGER ::= 64 + + MLData ::= SEQUENCE { + mailListIdentifier EntityIdentifier, + expansionTime GeneralizedTime, + mlReceiptPolicy MLReceiptPolicy OPTIONAL } + + EntityIdentifier ::= CHOICE { + issuerAndSerialNumber IssuerAndSerialNumber, + subjectKeyIdentifier SubjectKeyIdentifier } + + MLReceiptPolicy ::= CHOICE { + none [0] NULL, + insteadOf [1] SEQUENCE SIZE (1..MAX) OF GeneralNames, + inAdditionTo [2] SEQUENCE SIZE (1..MAX) OF GeneralNames } + + -- Section 5.4 + + aa-signingCertificate ATTRIBUTE ::= + { TYPE SigningCertificate IDENTIFIED BY + id-aa-signingCertificate } + id-aa-signingCertificate OBJECT IDENTIFIER ::= + { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) + smime(16) id-aa(2) 12 } + + SigningCertificate ::= SEQUENCE { + certs SEQUENCE OF ESSCertID, + policies SEQUENCE OF PolicyInformation OPTIONAL + } + + aa-signingCertificateV2 ATTRIBUTE ::= + { TYPE SigningCertificateV2 IDENTIFIED BY + id-aa-signingCertificateV2 } + id-aa-signingCertificateV2 OBJECT IDENTIFIER ::= + { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) + smime(16) id-aa(2) 47 } + + SigningCertificateV2 ::= SEQUENCE { + certs SEQUENCE OF ESSCertIDv2, + policies SEQUENCE OF PolicyInformation OPTIONAL + } + + HashAlgorithm ::= AlgorithmIdentifier{DIGEST-ALGORITHM, + {mda-sha256, ...}} + + ESSCertIDv2 ::= SEQUENCE { + hashAlgorithm HashAlgorithm DEFAULT { algorithm mda-sha256.&id }, + certHash Hash, + issuerSerial IssuerSerial OPTIONAL + } + ESSCertID ::= SEQUENCE { + certHash Hash, + issuerSerial IssuerSerial OPTIONAL + } + + Hash ::= OCTET STRING + + IssuerSerial ::= SEQUENCE { + issuer GeneralNames, + serialNumber CertificateSerialNumber + } + + END diff --git a/priv/cms/Geo-Gr-Coding-Attributes.asn1 b/priv/cms/Geo-Gr-Coding-Attributes.asn1 new file mode 100644 index 0000000..60acbb3 --- /dev/null +++ b/priv/cms/Geo-Gr-Coding-Attributes.asn1 @@ -0,0 +1,16 @@ +-- Module Geo-Gr-Coding-Attributes (T.418:03/1993) + +Geo-Gr-Coding-Attributes {2 8 1 8 3} DEFINITIONS ::= +BEGIN + +EXPORTS Geo-Gr-Coding-Attributes; + +Geo-Gr-Coding-Attributes ::= SET { +} + +-- no geometric graphics coding attributes are defined +-- in this Specification +END + +-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D + diff --git a/priv/cms/Geo-Gr-Presentation-Attributes.asn1 b/priv/cms/Geo-Gr-Presentation-Attributes.asn1 new file mode 100644 index 0000000..816cdb7 --- /dev/null +++ b/priv/cms/Geo-Gr-Presentation-Attributes.asn1 @@ -0,0 +1,260 @@ +Geo-Gr-Presentation-Attributes {2 8 1 8 2} DEFINITIONS IMPLICIT TAGS ::= +BEGIN + +EXPORTS + Geometric-Graphics-Attributes, Line-Rendition, Marker-Rendition, + Text-Rendition, Filled-Area-Rendition, Edge-Rendition, + Colour-Representations, Transparency-Specification, + Transformation-Specification, Region-Of-Interest-Specification, + Picture-Orientation, Picture-Dimensions, ASF-Type, VDC-Pair, + One-Of-Four-Angles; + +Geometric-Graphics-Attributes ::= SET { + line-rendition [1] Line-Rendition OPTIONAL, + marker-rendition [2] Marker-Rendition OPTIONAL, + text-rendition [3] Text-Rendition OPTIONAL, + filled-area-rendition [4] Filled-Area-Rendition OPTIONAL, + edge-rendition [5] Edge-Rendition OPTIONAL, + colour-representations [6] Colour-Representations OPTIONAL, + transparency-specification [7] Transparency-Specification OPTIONAL, + transformation-specification [8] Transformation-Specification OPTIONAL, + region-of-interest-specification + [9] Region-Of-Interest-Specification OPTIONAL, + picture-orientation [10] Picture-Orientation OPTIONAL, + picture-dimensions [11] Picture-Dimensions OPTIONAL +} + +ASF-Type ::= ENUMERATED {bundled(0), individual(1)} + +Colour ::= CHOICE {indexed [0] INTEGER, + direct [1] RGB +} + +RGB ::= SEQUENCE {red REAL, + green REAL, + blue REAL +} + +SpecificationMode ::= ENUMERATED {absolute(0), scaled(1)} + +Line-Rendition ::= SEQUENCE { + line-width-specification-mode [0] SpecificationMode OPTIONAL, + line-bundle-index [1] INTEGER OPTIONAL, + line-type [2] INTEGER OPTIONAL, + line-width [3] Scaled-or-Absolute OPTIONAL, + line-colour [4] Colour OPTIONAL, + line-aspect-source-flags + [5] SEQUENCE {line-type-asf ASF-Type, + line-width-asf ASF-Type, + line-colour-asf ASF-Type} OPTIONAL, + line-bundle-specifications + [6] SEQUENCE OF + SEQUENCE {line-bundle-index INTEGER, + line-bundle-representation + SEQUENCE {line-type INTEGER, + line-width Scaled-or-Absolute, + line-colour Colour}} OPTIONAL +} + +Scaled-or-Absolute ::= CHOICE { + absolute + [0] CHOICE { -- absolute--vdc-int [0] INTEGER, -- for VDC Type INTEGER-- + vdc-real [1] REAL}, -- for VDC Type REAL + scaled [1] REAL +} -- scaled + +Marker-Rendition ::= SEQUENCE { + marker-size-specification-mode [0] SpecificationMode OPTIONAL, + marker-bundle-index [1] INTEGER OPTIONAL, + marker-type [2] INTEGER OPTIONAL, + marker-size [3] Scaled-or-Absolute OPTIONAL, + marker-colour [4] Colour OPTIONAL, + marker-aspect-source-flags + [5] SEQUENCE {marker-type-asf ASF-Type, + marker-size-asf ASF-Type, + marker-colour-asf ASF-Type} OPTIONAL, + marker-bundle-specifications + [6] SEQUENCE OF + SEQUENCE {marker-bundle-index INTEGER, + marker-bundle-representation + SEQUENCE {marker-type INTEGER, + marker-size Scaled-or-Absolute, + marker-colour Colour}} OPTIONAL +} + +Text-Rendition ::= SEQUENCE { + font-list [0] SEQUENCE OF GeneralString OPTIONAL, + character-set-list + [1] SEQUENCE {character-set-type + ENUMERATED {n94-char-sets(0), n96-char-sets(1), + n94-char-multibyte-sets(2), + n96-char-multibyte-sets(3), comp-code(4)}, + designation-sequence-tail GeneralString} OPTIONAL, + character-coding-announcer + [2] ENUMERATED {basic-7-bit(0), basic-8-bit(1), extended-7-bit(2), + extended-8-bit(3)} OPTIONAL, + text-bundle-index [3] INTEGER OPTIONAL, + text-font-index [4] INTEGER OPTIONAL, + text-precision + [5] ENUMERATED {string(0), character(1), stroke(2)} OPTIONAL, + character-expansion-factor [6] REAL OPTIONAL, + character-spacing [7] REAL OPTIONAL, + text-colour [8] Colour OPTIONAL, + character-height [9] VDC-Value OPTIONAL, + character-orientation [10] SEQUENCE {a VDC-Pair, + b VDC-Pair} OPTIONAL, + text-path + [11] ENUMERATED {right(0), left(1), up(2), down(3)} OPTIONAL, + text-alignment + [12] SEQUENCE {horizontal-alignment + ENUMERATED {normal-horizontal(0), left(1), centre(2), + right(3), continuous-horizontal(4)}, + vertical-alignment + ENUMERATED {normal-vertical(0), top(1), cap(2), + half(3), base(4), bottom(5), + continuous-vertical(6)}, + continuous-horizontal-alignment [0] REAL OPTIONAL, + continuous-vertical-alignment [1] REAL OPTIONAL + } OPTIONAL, + character-set-index [13] INTEGER OPTIONAL, + alternate-character-set-index [14] INTEGER OPTIONAL, + text-aspect-source-flags + [15] SEQUENCE {text-font-asf ASF-Type, + text-precision-asf ASF-Type, + character-expansion-factor-asf ASF-Type, + character-spacing-asf ASF-Type, + text-colour-asf ASF-Type} OPTIONAL, + text-bundle-specifications + [16] SEQUENCE OF + SEQUENCE {text-bundle-index INTEGER, + text-bundle-representation + SEQUENCE {text-font-index INTEGER, + text-precision + ENUMERATED {string(0), character(1), + stroke(2)}, + character-expansion-factor REAL, + character-spacing REAL, + text-colour Colour} + } OPTIONAL +} + +VDC-Value ::= CHOICE {a INTEGER, + b REAL +} + +VDC-Pair ::= SEQUENCE {x VDC-Value, + y VDC-Value +} + +Filled-Area-Rendition ::= SEQUENCE { + fill-bundle-index [1] INTEGER OPTIONAL, + interior-style + [2] ENUMERATED {hollow(0), solid(1), pattern(2), hatch(3), empty(4)} + OPTIONAL, + fill-colour [3] Colour OPTIONAL, + hatch-index [4] INTEGER OPTIONAL, + pattern-index [5] INTEGER OPTIONAL, + fill-reference-point [6] VDC-Pair OPTIONAL, + pattern-size + [7] SEQUENCE {height-x-component VDC-Value, + height-y-component VDC-Value, + width-x-component VDC-Value, + width-y-component VDC-Value} OPTIONAL, + pattern-table-specifications [8] SEQUENCE OF PatternTableElement OPTIONAL, + fill-aspect-source-flags + [9] SEQUENCE {interior-style-asf ASF-Type, + fill-colour-asf ASF-Type, + hatch-index-asf ASF-Type, + pattern-index-asf ASF-Type} OPTIONAL, + fill-bundle-specifications + [10] SEQUENCE {fill-bundle-index INTEGER, + fill-bundle-representation + SEQUENCE {interior-style + ENUMERATED {hollow(0), solid(1), pattern(2), + hatch(3), empty(4)}, + fill-colour Colour, + hatch-index INTEGER, + patttern-index INTEGER}} OPTIONAL +} + +PatternTableElement ::= SEQUENCE { + pattern-table-index INTEGER, + nx INTEGER, + ny INTEGER, + local-colour-precision INTEGER, + colour SEQUENCE OF Colour +} + +Edge-Rendition ::= SEQUENCE { + edge-width-spec-mode [0] SpecificationMode OPTIONAL, + edge-visibility [1] On-or-Off OPTIONAL, + edge-bundle-index [2] INTEGER OPTIONAL, + edge-type [3] INTEGER OPTIONAL, + edge-width [4] Scaled-or-Absolute OPTIONAL, + edge-colour [5] Colour OPTIONAL, + edge-aspect-source-flags + [6] SEQUENCE {edge-type-asf ASF-Type, + edge-width-asf ASF-Type, + edge-colour-asf ASF-Type} OPTIONAL, + edge-bundle-specifications + [7] SEQUENCE OF + SEQUENCE {edge-bundle-index INTEGER, + edge-bundle-representation + SEQUENCE {edge-type INTEGER, + edge-width Scaled-or-Absolute, + edge-colour Colour}} OPTIONAL +} + +On-or-Off ::= ENUMERATED {off(0), on(1)} + +Colour-Representations ::= SEQUENCE { + background-colour [0] RGB OPTIONAL, + colour-table-specification + [1] SEQUENCE OF + SEQUENCE {starting-index INTEGER, + colour-list SEQUENCE OF RGB} OPTIONAL +} + +Transparency-Specification ::= SEQUENCE { + transparency [0] On-or-Off OPTIONAL, + auxiliary-colour [1] Colour OPTIONAL +} + +Transformation-Specification ::= SEQUENCE { + vdc-extent [0] Rectangle OPTIONAL, + clip-rectangle [1] Rectangle OPTIONAL, + clip-indicator [2] On-or-Off OPTIONAL +} + +Rectangle ::= SEQUENCE {first-corner VDC-Pair, + second-corner VDC-Pair +} + +Region-Of-Interest-Specification ::= CHOICE { + automatic [0] NULL, + rectangle [1] SEQUENCE {a VDC-Pair, + b VDC-Pair} +} + +Picture-Orientation ::= One-Of-Four-Angles + +One-Of-Four-Angles ::= ENUMERATED {d0(0), d90(1), d180(2), d270(3)} + +Picture-Dimensions ::= CHOICE { + width-controlled + [0] SEQUENCE {minimum-width INTEGER, + preferred-width INTEGER}, + height-controlled + [1] SEQUENCE {minimum-height INTEGER, + preferred-height INTEGER}, + area-controlled + [2] SEQUENCE {minimum-width INTEGER, + preferred-width INTEGER, + minimum-height INTEGER, + preferred-height INTEGER, + aspect-ratio-flag ENUMERATED {fixed(0), variable(1)} + }, + automatic [3] NULL +} + +END \ No newline at end of file diff --git a/priv/cms/Identifiers-and-Expressions.asn1 b/priv/cms/Identifiers-and-Expressions.asn1 new file mode 100644 index 0000000..9ed37ad --- /dev/null +++ b/priv/cms/Identifiers-and-Expressions.asn1 @@ -0,0 +1,121 @@ +Identifiers-and-Expressions {2 8 1 5 7} DEFINITIONS ::= +BEGIN + +EXPORTS + Content-Portion-Identifier, Object-or-Class-Identifier, Style-Identifier, + Protected-Part-Identifier, Category-Name, Resource-Name, Binding-Name, + Construction-Expression, Object-Id-Expression, Numeric-Expression, + String-Expression; + +IMPORTS + Layout-Object-Type + FROM Layout-Descriptors -- see 7.9 + + Logical-Object-Type + FROM Logical-Descriptors; -- see 7.10 + +Content-Portion-Identifier ::= [APPLICATION 0] IMPLICIT PrintableString + +-- only digits and space are used in the present version +-- of this Specification; other characters are reserved for extensions +Object-or-Class-Identifier ::= [APPLICATION 1] IMPLICIT PrintableString + +-- only digits and space are used in the present version +-- of this Specification; other characters are reserved for extensions; +-- a 'null' value is represented by an empty string +Style-Identifier ::= [APPLICATION 5] IMPLICIT PrintableString + +-- only digits and space are used in the present version +-- of this Specification; other characters are reserved for extensions; +-- a 'null' value is represented by an empty string +Protected-Part-Identifier ::= [APPLICATION 7] IMPLICIT PrintableString + +-- only digits and space are used in the present version +-- of this Specification; other characters are reserved for extensions; +-- a 'null' value is represented by an empty string +Category-Name ::= PrintableString + +-- a 'null' value is represented by an empty string +Resource-Name ::= PrintableString + +Binding-Name ::= PrintableString + +Construction-Expression ::= CHOICE { + construction-type Construction-Type, + single-term-construction [3] Construction-Term +} + +Construction-Type ::= CHOICE { + sequence-construction [0] IMPLICIT Term-Sequence, + aggregate-construction [1] IMPLICIT Term-Sequence, + choice-construction [2] IMPLICIT Term-Sequence +} + +Term-Sequence ::= SEQUENCE OF Construction-Term + +Construction-Term ::= CHOICE { + required-construction-factor [0] Construction-Factor, + optional-construction-factor [1] Construction-Factor, + repetitive-construction-factor [2] Construction-Factor, + optional-repetitive-factor [3] Construction-Factor +} + +Construction-Factor ::= CHOICE { + object-class-identifier Object-or-Class-Identifier, + construction-type Construction-Type +} + +Object-Id-Expression ::= CHOICE { + current-object-function [0] IMPLICIT NULL, + preceding-object-function [1] Object-Id-Expression, + superior-object-function [3] Object-Id-Expression, + current-instance-function [4] Current-Instance-Function +} + +Numeric-Expression ::= CHOICE { + numeric-literal [0] IMPLICIT INTEGER, + increment-application [1] Numeric-Expression, + decrement-application [2] Numeric-Expression, + ordinal-application + [3] CHOICE {identifier Object-or-Class-Identifier, + expression Object-Id-Expression}, + binding-reference [4] IMPLICIT Binding-Reference +} + +Binding-Reference ::= SET { + object-reference + CHOICE {identifier Object-or-Class-Identifier, + expression Binding-Selection-Function}, + binding-identifier Binding-Name +} + +Binding-Selection-Function ::= CHOICE { + current-object-function [0] IMPLICIT NULL, + preceding-function [1] Object-Id-Expression, + superior-function [3] Object-Id-Expression, + current-instance-function [4] Current-Instance-Function +} + +Current-Instance-Function ::= SEQUENCE { + first-parameter + CHOICE {identifier [0] IMPLICIT Object-or-Class-Identifier, + layout-object-type [1] IMPLICIT Layout-Object-Type, + logical-object-type [2] IMPLICIT Logical-Object-Type}, + second-parameter + CHOICE {identifier Object-or-Class-Identifier, + expression Object-Id-Expression} +} + +String-Expression ::= SEQUENCE OF Atomic-String-Expression + +Atomic-String-Expression ::= CHOICE { + string-literal [0] IMPLICIT OCTET STRING, + binding-reference [2] IMPLICIT Binding-Reference, + make-string-application [3] Numeric-Expression, + upper-alpha-application [4] Numeric-Expression, + lower-alpha-application [5] Numeric-Expression, + upper-roman-application [6] Numeric-Expression, + lower-roman-application [7] Numeric-Expression +} + +END diff --git a/priv/cms/Layout-Descriptors.asn1 b/priv/cms/Layout-Descriptors.asn1 new file mode 100644 index 0000000..a22883f --- /dev/null +++ b/priv/cms/Layout-Descriptors.asn1 @@ -0,0 +1,263 @@ +Layout-Descriptors {2 8 1 5 8} DEFINITIONS ::= +BEGIN + +EXPORTS + Layout-Object-Descriptor, Layout-Class-Descriptor, Layout-Object-Type, + Transparency, Comment-String, Binding-Pair, One-Of-Four-Angles, + Measure-Pair, Dimension-Pair, Medium-Type, Colour, Border, + Content-Background-Colour, Content-Foreground-Colour, Enciphered, + Sealed; + +IMPORTS + Object-or-Class-Identifier, Style-Identifier, Protected-Part-Identifier, + Category-Name, Resource-Name, Binding-Name, Construction-Expression, + Object-Id-Expression, Numeric-Expression, String-Expression + FROM Identifiers-and-Expressions -- see 7.8 + + Presentation-Attributes + FROM Style-Descriptors -- see 7.11 + + Default-Value-Lists-Layout + FROM Default-Value-Lists -- see 7.12 + + Colour-Expression, Colour-Table + FROM Colour-Attributes -- see 7.14 + + Presentation-Time + FROM Temporal-Relationships {2 8 1 14 0}; + +-- See ITU-T Rec. T.424 | ISO/IEC 8613-14 +Position-Spec ::= SET { + offset + [0] IMPLICIT SET {leading [0] IMPLICIT INTEGER OPTIONAL, + trailing [1] IMPLICIT INTEGER OPTIONAL, + left-hand [2] IMPLICIT INTEGER OPTIONAL, + right-hand [3] IMPLICIT INTEGER OPTIONAL} OPTIONAL, + separation + [1] IMPLICIT SET {leading [0] IMPLICIT INTEGER OPTIONAL, + trailing [1] IMPLICIT INTEGER OPTIONAL, + centre [2] IMPLICIT INTEGER OPTIONAL} OPTIONAL, + alignment + [2] IMPLICIT INTEGER {right-hand(0), centred(1), left-hand(2)} OPTIONAL, + fill-order [3] IMPLICIT INTEGER {normal(0), reverse(1)} OPTIONAL +} + +Dimension-Pair ::= SEQUENCE { + horizontal + CHOICE {fixed [0] IMPLICIT INTEGER, + not-present [4] IMPLICIT NULL}, + vertical + CHOICE {fixed [0] IMPLICIT INTEGER, + variable [1] IMPLICIT INTEGER, + not-present [4] IMPLICIT NULL} +} + +-- the choice 'not-present' indicates that the parameter is not present +Dimension-Spec ::= SEQUENCE {horizontal Dimension, + vertical Dimension +} + +Dimension ::= CHOICE { + fixed [0] IMPLICIT INTEGER, + rule-a + [1] IMPLICIT SET {minimum [0] IMPLICIT INTEGER OPTIONAL, + maximum [1] IMPLICIT INTEGER OPTIONAL}, + rule-b + [2] IMPLICIT SET {minimum [0] IMPLICIT INTEGER OPTIONAL, + maximum [1] IMPLICIT INTEGER OPTIONAL}, + maximum-size [3] IMPLICIT NULL, + not-present [4] IMPLICIT NULL +} + +-- the choice 'not-present' indicates that the parameter is not present +Transparency ::= INTEGER {transparent(0), opaque(1)} + +Comment-String ::= OCTET STRING + +-- string of characters from the sets designated by +-- the document profile attribute "comments character sets", +-- plus code extension control functions, +-- space, carriage return and line feed +Binding-Pair ::= SET { + binding-identifier [0] IMPLICIT Binding-Name, + binding-value + CHOICE {a [1] Object-Id-Expression, + b [2] Numeric-Expression, + c [3] String-Expression, + d [4] IMPLICIT Object-or-Class-Identifier, + e [5] IMPLICIT INTEGER, + f [6] IMPLICIT OCTET STRING} +} + +One-Of-Four-Angles ::= INTEGER {d0(0), d90(1), d180(2), d270(3)} + +Measure-Pair ::= SEQUENCE { + horizontal + CHOICE {fixed [0] IMPLICIT INTEGER, + not-present [4] IMPLICIT NULL}, + vertical + CHOICE {fixed [0] IMPLICIT INTEGER, + not-present [4] IMPLICIT NULL} +} + +-- the choice 'not-present' indicates that the parameter is not present +Medium-Type ::= SEQUENCE { + nominal-page-size Measure-Pair OPTIONAL, + side-of-sheet INTEGER {unspecified(0), recto(1), verso(2)} OPTIONAL, + colour-of-medium [3] Colour-Of-Medium OPTIONAL +} + +Colour ::= INTEGER {colour-of-media(0), coloured(1)} + +Border ::= SET { + left-hand-edge [0] IMPLICIT Border-Edge OPTIONAL, + right-hand-edge [1] IMPLICIT Border-Edge OPTIONAL, + trailing-edge [2] IMPLICIT Border-Edge OPTIONAL, + leading-edge [3] IMPLICIT Border-Edge OPTIONAL +} + +Border-Edge ::= SET { + line-width [0] IMPLICIT INTEGER OPTIONAL, + line-type + [1] IMPLICIT INTEGER {invisible(0), solid(1), dashed(2), dot(3), + dash-dot(4), dash-dot-dot(5)} OPTIONAL, + freespace-width [2] IMPLICIT INTEGER OPTIONAL, + border-line-colour [3] Border-Line-Colour OPTIONAL +} + +-- a 'null' border edge is represented by an empty set +Colour-Of-Medium ::= CHOICE { + unspecified-colour [3] IMPLICIT NULL, + specified-colour Colour-Expression +} + +Border-Line-Colour ::= CHOICE { + implementation-defined [3] IMPLICIT NULL, + colour-expression Colour-Expression +} + +Content-Background-Colour ::= CHOICE { + content-background-transparency [2] IMPLICIT NULL, + colour-expression Colour-Expression +} + +Content-Foreground-Colour ::= CHOICE { + implementation-defined [3] IMPLICIT NULL, + content-foreground-transparency [2] IMPLICIT NULL, + colour-expression Colour-Expression +} + +Enciphered ::= SEQUENCE { + enciphered-subordinates + CHOICE {none-all [0] IMPLICIT INTEGER {none(0), all(1)}, + partial [1] IMPLICIT SEQUENCE OF NumericString}, + protected-part-id [2] IMPLICIT Protected-Part-Identifier OPTIONAL +} + +Sealed ::= SEQUENCE { + sealed-status [0] IMPLICIT INTEGER {no(0), yes(1)}, + seal-ids [1] IMPLICIT SET OF INTEGER OPTIONAL +} + +Layout-Object-Descriptor ::= SEQUENCE { + object-type Layout-Object-Type OPTIONAL, + descriptor-body Layout-Object-Descriptor-Body OPTIONAL +} + +Layout-Object-Type ::= INTEGER { + document-layout-root(0), page-set(1), page(2), frame(3), block(4)} + +Layout-Object-Descriptor-Body ::= SET { + object-identifier Object-or-Class-Identifier OPTIONAL, + subordinates [0] IMPLICIT SEQUENCE OF NumericString OPTIONAL, + content-portions [1] IMPLICIT SEQUENCE OF NumericString OPTIONAL, + object-class + [2] IMPLICIT Object-or-Class-Identifier OPTIONAL, + position [3] IMPLICIT Measure-Pair OPTIONAL, + dimensions [4] IMPLICIT Dimension-Pair OPTIONAL, + transparency [5] IMPLICIT Transparency OPTIONAL, + presentation-attributes [6] IMPLICIT Presentation-Attributes OPTIONAL, + default-value-lists + [7] IMPLICIT Default-Value-Lists-Layout OPTIONAL, + user-readable-comments [8] IMPLICIT Comment-String OPTIONAL, + bindings [9] IMPLICIT SET OF Binding-Pair OPTIONAL, + layout-path [11] IMPLICIT One-Of-Four-Angles OPTIONAL, + imaging-order + [12] IMPLICIT SEQUENCE OF NumericString OPTIONAL, + layout-stream-categories [36] IMPLICIT SET OF Category-Name OPTIONAL, + layout-stream-sub-categories [37] IMPLICIT SET OF Category-Name OPTIONAL, + permitted-categories [13] IMPLICIT SET OF Category-Name OPTIONAL, + -- a 'null' value is represented by an empty set + user-visible-name [14] IMPLICIT Comment-String OPTIONAL, + page-position [15] IMPLICIT Measure-Pair OPTIONAL, + medium-type [16] IMPLICIT Medium-Type OPTIONAL, + presentation-style [17] IMPLICIT Style-Identifier OPTIONAL, + balance + [21] IMPLICIT SEQUENCE OF Object-or-Class-Identifier OPTIONAL, + -- a 'null' value is represented by an empty sequence + colour [22] IMPLICIT Colour OPTIONAL, + colour-of-layout-object [29] Colour-Expression OPTIONAL, + object-colour-table [30] IMPLICIT Colour-Table OPTIONAL, + content-background-colour [31] Content-Background-Colour OPTIONAL, + content-foreground-colour [32] Content-Foreground-Colour OPTIONAL, + content-colour-table [33] IMPLICIT Colour-Table OPTIONAL, + border [23] IMPLICIT Border OPTIONAL, + application-comments [25] IMPLICIT OCTET STRING OPTIONAL, + primary + [27] IMPLICIT Object-or-Class-Identifier OPTIONAL, + alternative + [28] IMPLICIT Object-or-Class-Identifier OPTIONAL, + enciphered [34] IMPLICIT Enciphered OPTIONAL, + sealed [35] IMPLICIT Sealed OPTIONAL, + presentation-time [52] IMPLICIT Presentation-Time OPTIONAL +} + +Layout-Class-Descriptor ::= SEQUENCE { + object-type Layout-Object-Type, + descriptor-body Layout-Class-Descriptor-Body +} + +Layout-Class-Descriptor-Body ::= SET { + object-class-identifier Object-or-Class-Identifier, + generator-for-subordinates [0] Construction-Expression OPTIONAL, + content-portions [1] IMPLICIT SEQUENCE OF NumericString OPTIONAL, + position + CHOICE {fixed-position [3] IMPLICIT Measure-Pair, + variable-position [26] IMPLICIT Position-Spec} OPTIONAL, + dimensions [4] IMPLICIT Dimension-Spec OPTIONAL, + transparency [5] IMPLICIT Transparency OPTIONAL, + presentation-attributes [6] IMPLICIT Presentation-Attributes OPTIONAL, + default-value-lists + [7] IMPLICIT Default-Value-Lists-Layout OPTIONAL, + user-readable-comments [8] IMPLICIT Comment-String OPTIONAL, + bindings [9] IMPLICIT SET OF Binding-Pair OPTIONAL, + content-generator [10] IMPLICIT String-Expression OPTIONAL, + layout-path [11] IMPLICIT One-Of-Four-Angles OPTIONAL, + layout-stream-categories [36] IMPLICIT SET OF Category-Name OPTIONAL, + layout-stream-sub-categories [37] IMPLICIT SET OF Category-Name OPTIONAL, + permitted-categories [13] IMPLICIT SET OF Category-Name OPTIONAL, + -- a 'null' value is represented by an empty set + user-visible-name [14] IMPLICIT Comment-String OPTIONAL, + page-position [15] IMPLICIT Measure-Pair OPTIONAL, + medium-type [16] IMPLICIT Medium-Type OPTIONAL, + presentation-style [17] IMPLICIT Style-Identifier OPTIONAL, + logical-source + [18] IMPLICIT Object-or-Class-Identifier OPTIONAL, + balance + [21] IMPLICIT SEQUENCE OF Object-or-Class-Identifier OPTIONAL, + -- a 'null' value is represented by an empty sequence + colour [22] IMPLICIT Colour OPTIONAL, + colour-of-layout-object [29] Colour-Expression OPTIONAL, + object-colour-table [30] IMPLICIT Colour-Table OPTIONAL, + content-background-colour [31] Content-Background-Colour OPTIONAL, + content-foreground-colour [32] Content-Foreground-Colour OPTIONAL, + content-colour-table [33] IMPLICIT Colour-Table OPTIONAL, + border [23] IMPLICIT Border OPTIONAL, + resource [24] IMPLICIT Resource-Name OPTIONAL, + application-comments [25] IMPLICIT OCTET STRING OPTIONAL, + enciphered [34] IMPLICIT Enciphered OPTIONAL, + sealed [35] IMPLICIT Sealed OPTIONAL, + presentation-time [52] IMPLICIT Presentation-Time OPTIONAL +} + +END diff --git a/priv/cms/Link-Descriptors.asn1 b/priv/cms/Link-Descriptors.asn1 new file mode 100644 index 0000000..64fc443 --- /dev/null +++ b/priv/cms/Link-Descriptors.asn1 @@ -0,0 +1,80 @@ +-- Module Link-Descriptors (T.424:07/1996) + +Link-Descriptors {2 8 1 14 3} DEFINITIONS ::= +BEGIN + +EXPORTS + Link-Class-Descriptor, Link-Descriptor, Link-or-Link-Class-Identifier, + Enciphered-Link-Descriptor; + +IMPORTS + Reference-Name + FROM External-References {2 8 1 12 1} + -- see ITU-T Rec. T.422 | ISO/IEC 8613-12 + Location-Expression + FROM Location-Expressions {2 8 1 12 0} + -- see ITU-T Rec. T.422 | ISO/IEC 8613-12 + Style-Identifier, Protected-Part-Identifier + FROM Identifiers-and-Expressions {2 8 1 5 7} + -- see ITU-T Rec. T.415 | ISO/IEC 8613-5 + Comment-String, Sealed + FROM Layout-Descriptors {2 8 1 5 8} + -- see ITU-T Rec. T.415 | ISO/IEC 8613-5 + Temporal-Relations, Presentation-Time + FROM Temporal-Relationships; + +-- see 7.5 +Link-or-Link-Class-Identifier ::= [APPLICATION 9] IMPLICIT PrintableString + +-- only digits and space are used in the present version of this Recommendation | International Standard; +-- other characters are reserved for extensions +Link-Class-Descriptor ::= SET { + link-class-identifier Link-or-Link-Class-Identifier, + link-roles [1] SEQUENCE OF Link-Role OPTIONAL, + user-readable-comments [2] IMPLICIT Comment-String OPTIONAL, + user-visible-name [3] IMPLICIT Comment-String OPTIONAL, + application-comments [25] IMPLICIT OCTET STRING OPTIONAL, + sealed [35] IMPLICIT Sealed OPTIONAL, + temporal-relations [38] IMPLICIT Temporal-Relations OPTIONAL, + presentation-time [39] IMPLICIT Presentation-Time OPTIONAL +} + +Link-Descriptor ::= SET { + link-identifier Link-or-Link-Class-Identifier, + link-class [0] IMPLICIT Link-or-Link-Class-Identifier OPTIONAL, + link-roles [1] SEQUENCE OF Link-Role OPTIONAL, + user-readable-comments [2] IMPLICIT Comment-String OPTIONAL, + user-visible-name [3] IMPLICIT Comment-String OPTIONAL, + application-comments [25] IMPLICIT OCTET STRING OPTIONAL, + sealed [35] IMPLICIT Sealed OPTIONAL, + temporal-relations [38] IMPLICIT Temporal-Relations OPTIONAL, + presentation-time [39] IMPLICIT Presentation-Time OPTIONAL +} + +Link-Role ::= SET { + link-ends SET OF Link-End, + user-readable-comments [2] IMPLICIT Comment-String OPTIONAL, + user-visible-name [3] IMPLICIT Comment-String OPTIONAL, + application-comments [25] IMPLICIT OCTET STRING OPTIONAL +} + +Link-End ::= SET { + reference + SET {reference-name [0] Reference-Name OPTIONAL, + reference-qualifier [1] Location-Expression OPTIONAL}, + user-readable-comments [2] IMPLICIT Comment-String OPTIONAL, + user-visible-name [3] IMPLICIT Comment-String OPTIONAL, + presentation-style [17] IMPLICIT Style-Identifier OPTIONAL, + layout-style [19] IMPLICIT Style-Identifier OPTIONAL, + application-comments [25] IMPLICIT OCTET STRING OPTIONAL +} + +Enciphered-Link-Descriptor ::= SEQUENCE { + protected-part-identifier Protected-Part-Identifier, + enciphered-information OCTET STRING +} + +END + +-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D + diff --git a/priv/cms/Location-Expressions.asn1 b/priv/cms/Location-Expressions.asn1 new file mode 100644 index 0000000..1f9274b --- /dev/null +++ b/priv/cms/Location-Expressions.asn1 @@ -0,0 +1,333 @@ +Location-Expressions {2 8 1 12 0} DEFINITIONS IMPLICIT TAGS ::= +BEGIN + +EXPORTS Location-Expression, Basic-Location-Expression, Constituent-Locator; + +IMPORTS + Object-or-Class-Identifier, Content-Portion-Identifier, Style-Identifier + FROM Identifiers-and-Expressions {2 8 1 5 7} + -- see ITU-T Rec. T.415 | ISO/IEC 8613-5 + Layout-Class-Descriptor, Layout-Object-Descriptor + FROM Layout-Descriptors {2 8 1 5 8} + -- see ITU-T Rec. T.415 | ISO/IEC 8613-5 + Logical-Class-Descriptor, Logical-Object-Descriptor + FROM Logical-Descriptors {2 8 1 5 9} + -- see ITU-T Rec. T.415 | ISO/IEC 8613-5 + Presentation-Style-Descriptor, Layout-Style-Descriptor + FROM Style-Descriptors {2 8 1 5 10} + -- see ITU-T Rec. T.415 | ISO/IEC 8613-5 + Text-Unit + FROM Text-Units {2 8 1 5 12} + -- see ITU-T Rec. T.415 | ISO/IEC 8613-5 + Subprofile-Descriptor, Subprofile-Identifier + FROM Subprofiles {2 8 1 12 2} + -- see 9.3 + Link-Class-Descriptor, Link-Descriptor, Link-or-Link-Class-Identifier + FROM Link-Descriptors {2 8 1 14 3}; + +-- see ITU-T Rec. T.424 | ISO/IEC 8613-14 +-- Location expression +Location-Expression ::= CHOICE { + basic [0] Basic-Location-Expression, + composite [1] Composite-Location-Expression +} + +Composite-Location-Expression ::= CHOICE { + complement [0] Location-Expression, + intersection [1] SEQUENCE OF Location-Expression, + union [2] SEQUENCE OF Location-Expression +} + +Basic-Location-Expression ::= CHOICE { + region [0] Region-Locator, + subtree [1] Subtree-Locator, + constituent [2] Constituent-Locator +} + +Region-Locator ::= SEQUENCE { + start [0] Start-End-Object-Locator, + end [1] Start-End-Object-Locator +} + +Start-End-Object-Locator ::= SEQUENCE { + object [0] Object-Locator, + not-included [1] BOOLEAN DEFAULT TRUE +} + +Subtree-Locator ::= Object-Locator + +Constituent-Locator ::= CHOICE { + documentProfile [0] NULL, + subprofile [1] Subprofile-Locator, + component [2] Component-Locator, + contentPortion [3] Content-Portion-Locator, + style [4] Style-Locator, + link-or-link-class [5] Link-or-Link-Class-Locator, + constituent-of-type [6] Constituent-Type +} + +Constituent-Type ::= ENUMERATED { + layout-object-class(1), layout-object(2), content-portion(3), + logical-object-class(5), logical-object(6), presentation-style(7), + layout-style(8), sealed-doc-prof-descriptor(9), + enciphered-doc-prof-descriptor(10), preenciphered-bodypart-descriptor(11), + postenciphered-bodypart-descriptor(12), link-class(13), link(14), + enciphered-link-descriptor(15), subprofile(16)} + +-- Subprofile +Subprofile-Locator ::= CHOICE { + subprofile [0] Subprofile-Identifier, + subprofile-of [1] Subprofile-of-argument, + subprofile-with [2] Subprofile-with-argument +} + +Subprofile-of-argument ::= Constituent-Locator + +Subprofile-with-argument ::= + AttributeValue-Subprofile-Specification -- The "attribute" and "value" + +-- arguments are grouped together +-- Component locator +Component-Locator ::= CHOICE { + objectClass [0] Object-Class-Locator, + object [1] Object-Locator +} + +Object-Class-Locator ::= CHOICE { + objectClass [0] Object-or-Class-Identifier, + object-class-of [1] Object-Class-of-argument, + object-class-with [2] Object-Class-with-argument +} + +Object-Class-of-argument ::= Object-Locator + +Object-Class-with-argument ::= SEQUENCE { + attributeValueObject [0] AttributeValue-Class-Specification, -- The "attribute" and "value" + + -- arguments are grouped together + defaulting [1] BOOLEAN DEFAULT FALSE +} + +-- Object locator +Object-Locator ::= CHOICE { + object [0] Object-or-Class-Identifier, + subord [1] Subord-argument, + object-with [2] Object-with-argument +} + +Subord-argument ::= SEQUENCE { + object [0] Object-Locator, + counters [1] CountersType OPTIONAL +} + +Object-with-argument ::= SEQUENCE { + attributeValueObject [0] AttributeValue-Object-Specification, -- The "attribute" and "value" + + -- arguments are grouped together + object [1] Object-Locator OPTIONAL, + counters [2] CountersType OPTIONAL, + not-defaulting [3] BOOLEAN DEFAULT FALSE +} + +-- Links +Link-or-Link-Class-Locator ::= CHOICE { + linkClass [0] Link-Class-Locator, + link [1] Link-Locator +} + +Link-Class-Locator ::= CHOICE { + link [0] Link-or-Link-Class-Identifier, + link-class-of [1] Link-Class-of-argument, + link-class-with [2] Link-Class-with-arguments +} + +Link-Class-of-argument ::= Link-Locator + +Link-Class-with-arguments ::= + AttributeValue-Link-Class-Specification -- The "attribute" and "value" + +-- arguments are grouped together +Link-Locator ::= CHOICE { + link [0] Link-or-Link-Class-Identifier, + link-with [1] Link-with-arguments +} + +Link-with-arguments ::= SEQUENCE { + attributeValueLink [0] AttributeValue-Link-Specification, -- The "attribute" and "value" + + -- arguments are grouped together + not-defaulting [1] BOOLEAN DEFAULT FALSE +} + +-- Content portion locator +Content-Portion-Locator ::= CHOICE { + contentPortion [0] Content-Portion-Identifier, + assoc [1] Assoc-argument, + content-with [2] Content-with-argument +} + +Assoc-argument ::= SEQUENCE { + component [0] Component-Locator, + counters [1] CountersType OPTIONAL +} + +Content-with-argument ::= SEQUENCE { + attributeValueContent [0] AttributeValue-Content-Specification, -- The "attribute" and "value" + + -- arguments are grouped together + component [1] Component-Locator OPTIONAL, + counters [2] CountersType OPTIONAL, + not-defaulting [3] BOOLEAN DEFAULT FALSE +} + +-- Styles +Style-Locator ::= CHOICE { + style [0] Style-Identifier, + layout-style-of [1] Layout-Style-of-argument, + presentation-style-of [2] Presentation-Style-of-argument, + layout-style-with [3] Layout-Style-with-argument, + presentation-style-with [4] Presentation-Style-with-argument +} + +Layout-Style-of-argument ::= Component-Locator + +Presentation-Style-of-argument ::= Component-Locator + +Layout-Style-with-argument ::= SEQUENCE { + attributeValueLayoutStyle [0] AttributeValue-LayoutStyle-Specification, -- The "attribute" and + + -- "value" arguments are grouped together + not-defaulting [1] BOOLEAN DEFAULT FALSE +} + +Presentation-Style-with-argument ::= SEQUENCE { + attributeValuePresentationStyle + [0] AttributeValue-PresentationStyle-Specification, + -- The "attribute" and + -- "value" arguments are grouped together + not-defaulting [1] BOOLEAN DEFAULT FALSE +} + +-- Counters +CountersType ::= SEQUENCE { + start [0] INTEGER OPTIONAL, + end [1] INTEGER OPTIONAL +} + +-- Attribute-Value specifications +-- Classes +AttributeValue-Class-Specification ::= CHOICE { + value [0] Simple-AttributeValue-Class-Specification, + range + [1] SEQUENCE {start + [0] Simple-AttributeValue-Class-Specification OPTIONAL, + end + [1] Simple-AttributeValue-Class-Specification OPTIONAL + } +} + +Simple-AttributeValue-Class-Specification ::= CHOICE { + layout [0] Layout-Class-Descriptor, + logical [1] Logical-Class-Descriptor +} + +-- Objects +AttributeValue-Object-Specification ::= CHOICE { + value [0] Simple-AttributeValue-Object-Specification, + range + [1] SEQUENCE {start + [0] Simple-AttributeValue-Object-Specification OPTIONAL, + end + [1] Simple-AttributeValue-Object-Specification OPTIONAL + } +} + +Simple-AttributeValue-Object-Specification ::= CHOICE { + layout [0] Layout-Object-Descriptor, + logical [1] Logical-Object-Descriptor +} + +-- Link classes +AttributeValue-Link-Class-Specification ::= CHOICE { + value [0] Simple-AttributeValue-Link-Class-Specification, + range + [1] SEQUENCE {start + [0] Simple-AttributeValue-Link-Class-Specification + OPTIONAL, + end + [1] Simple-AttributeValue-Link-Class-Specification + OPTIONAL} +} + +Simple-AttributeValue-Link-Class-Specification ::= Link-Class-Descriptor + +-- Links +AttributeValue-Link-Specification ::= CHOICE { + value [0] Simple-AttributeValue-Link-Specification, + range + [1] SEQUENCE {start + [0] Simple-AttributeValue-Link-Specification OPTIONAL, + end + [1] Simple-AttributeValue-Link-Specification OPTIONAL + } +} + +Simple-AttributeValue-Link-Specification ::= Link-Descriptor + +-- Contents +AttributeValue-Content-Specification ::= CHOICE { + value [0] Simple-AttributeValue-Content-Specification, + range + [1] SEQUENCE {start + [0] Simple-AttributeValue-Content-Specification OPTIONAL, + end + [1] Simple-AttributeValue-Content-Specification OPTIONAL + } +} + +Simple-AttributeValue-Content-Specification ::= Text-Unit + +-- Layout Styles +AttributeValue-LayoutStyle-Specification ::= CHOICE { + value [0] Simple-AttributeValue-LayoutStyle-Specification, + range + [1] SEQUENCE {start + [0] Simple-AttributeValue-LayoutStyle-Specification + OPTIONAL, + end + [1] Simple-AttributeValue-LayoutStyle-Specification + OPTIONAL} +} + +Simple-AttributeValue-LayoutStyle-Specification ::= Layout-Style-Descriptor + +-- Presentation Styles +AttributeValue-PresentationStyle-Specification ::= CHOICE { + value [0] Simple-AttributeValue-PresentationStyle-Specification, + range + [1] SEQUENCE {start + [0] Simple-AttributeValue-PresentationStyle-Specification + OPTIONAL, + end + [1] Simple-AttributeValue-PresentationStyle-Specification + OPTIONAL} +} + +Simple-AttributeValue-PresentationStyle-Specification ::= + Presentation-Style-Descriptor + +-- Subprofiles +AttributeValue-Subprofile-Specification ::= CHOICE { + value [0] Simple-AttributeValue-Subprofile-Specification, + range + [1] SEQUENCE {start + [0] Simple-AttributeValue-Subprofile-Specification + OPTIONAL, + end + [1] Simple-AttributeValue-Subprofile-Specification + OPTIONAL} +} + +Simple-AttributeValue-Subprofile-Specification ::= Subprofile-Descriptor + +END diff --git a/priv/cms/Logical-Descriptors.asn1 b/priv/cms/Logical-Descriptors.asn1 new file mode 100644 index 0000000..e2ab7c1 --- /dev/null +++ b/priv/cms/Logical-Descriptors.asn1 @@ -0,0 +1,90 @@ +Logical-Descriptors {2 8 1 5 9} DEFINITIONS ::= +BEGIN + +EXPORTS + Logical-Object-Descriptor, Logical-Class-Descriptor, Logical-Object-Type, + Protection; + +IMPORTS + Object-or-Class-Identifier, Style-Identifier, Resource-Name, + Construction-Expression, String-Expression + FROM Identifiers-and-Expressions -- see 7.8 + + Comment-String, Binding-Pair, Enciphered, Sealed + FROM Layout-Descriptors -- see 7.9 + + Presentation-Attributes + FROM Style-Descriptors -- see 7.11 + + Default-Value-Lists-Logical + FROM Default-Value-Lists -- see 7.12 + + Temporal-Relations + FROM Temporal-Relationships {2 8 1 14 0}; + +-- See ITU-T Rec. T.424 | ISO/IEC 8613-14 +Logical-Object-Descriptor ::= SEQUENCE { + object-type Logical-Object-Type OPTIONAL, + descriptor-body Logical-Object-Descriptor-Body OPTIONAL +} + +Logical-Object-Type ::= INTEGER { + document-logical-root(0), composite-logical-object(1), + basic-logical-object(2)} + +Logical-Object-Descriptor-Body ::= SET { + object-identifier Object-or-Class-Identifier OPTIONAL, + subordinates [0] IMPLICIT SEQUENCE OF NumericString OPTIONAL, + content-portions [1] IMPLICIT SEQUENCE OF NumericString OPTIONAL, + object-class [2] IMPLICIT Object-or-Class-Identifier OPTIONAL, + presentation-attributes [6] IMPLICIT Presentation-Attributes OPTIONAL, + -- only for use for the attribute content-architecture-class; + -- the content architecture specific attributes can only be referenced by + -- use of presentation style + default-value-lists [7] IMPLICIT Default-Value-Lists-Logical OPTIONAL, + user-readable-comments [8] IMPLICIT Comment-String OPTIONAL, + bindings [9] IMPLICIT SET OF Binding-Pair OPTIONAL, + content-generator [10] IMPLICIT String-Expression OPTIONAL, + user-visible-name [14] IMPLICIT Comment-String OPTIONAL, + presentation-style [17] IMPLICIT Style-Identifier OPTIONAL, + layout-style [19] IMPLICIT Style-Identifier OPTIONAL, + protection [20] IMPLICIT Protection OPTIONAL, + application-comments [25] IMPLICIT OCTET STRING OPTIONAL, + primary [27] IMPLICIT Object-or-Class-Identifier OPTIONAL, + alternative [28] IMPLICIT Object-or-Class-Identifier OPTIONAL, + enciphered [34] IMPLICIT Enciphered OPTIONAL, + sealed [35] IMPLICIT Sealed OPTIONAL, + temporal-relations [36] IMPLICIT Temporal-Relations OPTIONAL +} + +Logical-Class-Descriptor ::= SEQUENCE { + object-type Logical-Object-Type, + descriptor-body Logical-Class-Descriptor-Body +} + +Logical-Class-Descriptor-Body ::= SET { + object-class-identifier Object-or-Class-Identifier, + generator-for-subordinates [0] Construction-Expression OPTIONAL, + content-portions [1] IMPLICIT SEQUENCE OF NumericString OPTIONAL, + presentation-attributes [6] IMPLICIT Presentation-Attributes OPTIONAL, + -- only for use for the attribute content-architecture-class; + -- the content architecture specific attributes can only be referenced by + -- use of presentation style + default-value-lists [7] IMPLICIT Default-Value-Lists-Logical OPTIONAL, + user-readable-comments [8] IMPLICIT Comment-String OPTIONAL, + bindings [9] IMPLICIT SET OF Binding-Pair OPTIONAL, + content-generator [10] IMPLICIT String-Expression OPTIONAL, + user-visible-name [14] IMPLICIT Comment-String OPTIONAL, + presentation-style [17] IMPLICIT Style-Identifier OPTIONAL, + layout-style [19] IMPLICIT Style-Identifier OPTIONAL, + protection [20] IMPLICIT Protection OPTIONAL, + resource [24] IMPLICIT Resource-Name OPTIONAL, + application-comments [25] IMPLICIT OCTET STRING OPTIONAL, + enciphered [34] IMPLICIT Enciphered OPTIONAL, + sealed [35] IMPLICIT Sealed OPTIONAL, + temporal-relations [36] IMPLICIT Temporal-Relations OPTIONAL +} + +Protection ::= INTEGER {unprotected(0), protected(1)} + +END diff --git a/priv/cms/MultipleSignatures-2010.asn1 b/priv/cms/MultipleSignatures-2010.asn1 new file mode 100644 index 0000000..ff87044 --- /dev/null +++ b/priv/cms/MultipleSignatures-2010.asn1 @@ -0,0 +1,64 @@ + MultipleSignatures-2010 + { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) + smime(16) modules(0) id-mod-multipleSign-2009(59) } + DEFINITIONS IMPLICIT TAGS ::= + BEGIN + -- EXPORTS All + -- The types and values defined in this module are exported for use + -- in the other ASN.1 modules. Other applications may use them for + -- their own purposes. + + IMPORTS + + -- Imports from PKIX-Common-Types-2009 [RFC5912] + + ATTRIBUTE + FROM PKIX-CommonTypes-2009 + { iso(1) identified-organization(3) dod(6) internet(1) + security(5) mechanisms(5) pkix(7) id-mod(0) + id-mod-pkixCommon-02(57)} + + -- Imports from CryptographicMessageSyntax-2010 [RFC6268] + + DigestAlgorithmIdentifier, SignatureAlgorithmIdentifier + FROM CryptographicMessageSyntax-2010 + { iso(1) member-body(2) us(840) rsadsi(113549) + pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2009(58) } + + -- Imports from ExtendedSecurityServices-2009 [RFC5911] + + ESSCertIDv2 + FROM ExtendedSecurityServices-2009 + { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) + smime(16) modules(0) id-mod-ess-2006-02(42) } + ; + + -- + -- Section 3.0 + -- + -- at-multipleSignatures should be added ONLY to the + -- SignedAttributesSet defined in [RFC5652] + -- + + at-multipleSignatures ATTRIBUTE ::= { + TYPE MultipleSignatures + IDENTIFIED BY id-aa-multipleSignatures + } + + id-aa-multipleSignatures OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) + id-aa(2) 51 } + + MultipleSignatures ::= SEQUENCE { + bodyHashAlg DigestAlgorithmIdentifier, + signAlg SignatureAlgorithmIdentifier, + signAttrsHash SignAttrsHash, + cert ESSCertIDv2 OPTIONAL + } + + SignAttrsHash ::= SEQUENCE { + algID DigestAlgorithmIdentifier, + hash OCTET STRING + } + + END diff --git a/priv/cms/PKCS-12.asn1 b/priv/cms/PKCS-12.asn1 new file mode 100644 index 0000000..078089f --- /dev/null +++ b/priv/cms/PKCS-12.asn1 @@ -0,0 +1,174 @@ +PKCS-12 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) + pkcs-12(12) modules(0) pkcs-12(1)} + +-- $Revision$ + +DEFINITIONS IMPLICIT TAGS ::= + +BEGIN + +-- EXPORTS ALL +-- All types and values defined in this module is exported for use in +-- other ASN.1 modules. + +IMPORTS + +informationFramework + FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1) + usefulDefinitions(0) 3} + +ATTRIBUTE + FROM InformationFramework informationFramework + +ContentInfo, DigestInfo + FROM PKCS-7 {iso(1) member-body(2) us(840) rsadsi(113549) + pkcs(1) pkcs-7(7) modules(0) pkcs-7(1)} + +PrivateKeyInfo, EncryptedPrivateKeyInfo + FROM PKCS-8 {iso(1) member-body(2) us(840) rsadsi(113549) + pkcs(1) pkcs-8(8) modules(1) pkcs-8(1)} + +pkcs-9, friendlyName, localKeyId, certTypes, crlTypes + FROM PKCS-9 {iso(1) member-body(2) us(840) rsadsi(113549) + pkcs(1) pkcs-9(9) modules(0) pkcs-9(1)}; + +-- Object identifiers + +rsadsi OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549)} +pkcs OBJECT IDENTIFIER ::= {rsadsi pkcs(1)} +pkcs-12 OBJECT IDENTIFIER ::= {pkcs 12} +pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1} +pbeWithSHAAnd128BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 1} +pbeWithSHAAnd40BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 2} +pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} +pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} +pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} +pbewithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} + +bagtypes OBJECT IDENTIFIER ::= {pkcs-12 10 1} + +-- The PFX PDU + +PFX ::= SEQUENCE { + version INTEGER {v3(3)}(v3,...), + authSafe ContentInfo, + macData MacData OPTIONAL +} + +MacData ::= SEQUENCE { + mac DigestInfo, + macSalt OCTET STRING, + iterations INTEGER DEFAULT 1 +-- Note: The default is for historical reasons and its use is +-- deprecated. A higher value, like 1024 is recommended. +} + +AuthenticatedSafe ::= SEQUENCE OF ContentInfo + -- Data if unencrypted + -- EncryptedData if password-encrypted + -- EnvelopedData if public key-encrypted + +SafeContents ::= SEQUENCE OF SafeBag + +SafeBag ::= SEQUENCE { + bagId BAG-TYPE.&id ({PKCS12BagSet}), + bagValue [0] EXPLICIT BAG-TYPE.&Type({PKCS12BagSet}{@bagId}), + bagAttributes SET OF PKCS12Attribute OPTIONAL +} + +-- Bag types + +keyBag BAG-TYPE ::= + {KeyBag IDENTIFIED BY {bagtypes 1}} +pkcs8ShroudedKeyBag BAG-TYPE ::= + {PKCS8ShroudedKeyBag IDENTIFIED BY {bagtypes 2}} +certBag BAG-TYPE ::= + {CertBag IDENTIFIED BY {bagtypes 3}} +crlBag BAG-TYPE ::= + {CRLBag IDENTIFIED BY {bagtypes 4}} +secretBag BAG-TYPE ::= + {SecretBag IDENTIFIED BY {bagtypes 5}} +safeContentsBag BAG-TYPE ::= + {SafeContents IDENTIFIED BY {bagtypes 6}} + +PKCS12BagSet BAG-TYPE ::= { + keyBag | + pkcs8ShroudedKeyBag | + certBag | + crlBag | + secretBag | + safeContentsBag, + ... -- For future extensions +} + +BAG-TYPE ::= TYPE-IDENTIFIER + +-- KeyBag + +KeyBag ::= PrivateKeyInfo + +-- Shrouded KeyBag + +PKCS8ShroudedKeyBag ::= EncryptedPrivateKeyInfo + +-- CertBag + +CertBag ::= SEQUENCE { + certId BAG-TYPE.&id ({CertTypes}), + certValue [0] EXPLICIT BAG-TYPE.&Type ({CertTypes}{@certId}) +} + +x509Certificate BAG-TYPE ::= + {OCTET STRING IDENTIFIED BY {certTypes 1}} + -- DER-encoded X.509 certificate stored in OCTET STRING +sdsiCertificate BAG-TYPE ::= + {IA5String IDENTIFIED BY {certTypes 2}} + -- Base64-encoded SDSI certificate stored in IA5String + +CertTypes BAG-TYPE ::= { + x509Certificate | + sdsiCertificate, + ... -- For future extensions +} + +-- CRLBag + +CRLBag ::= SEQUENCE { + crlId BAG-TYPE.&id ({CRLTypes}), + crlValue [0] EXPLICIT BAG-TYPE.&Type ({CRLTypes}{@crlId}) +} + +x509CRL BAG-TYPE ::= + {OCTET STRING IDENTIFIED BY {crlTypes 1}} + -- DER-encoded X.509 CRL stored in OCTET STRING + +CRLTypes BAG-TYPE ::= { + x509CRL, + ... -- For future extensions +} + +-- Secret Bag + +SecretBag ::= SEQUENCE { + secretTypeId BAG-TYPE.&id ({SecretTypes}), + secretValue [0] EXPLICIT BAG-TYPE.&Type ({SecretTypes}{@secretTypeId}) +} + +SecretTypes BAG-TYPE ::= { + ... -- For future extensions +} + +-- Attributes + +PKCS12Attribute ::= SEQUENCE { + attrId ATTRIBUTE.&id ({PKCS12AttrSet}), + attrValues SET OF ATTRIBUTE.&Type ({PKCS12AttrSet}{@attrId}) +} -- This type is compatible with the X.500 type 'Attribute' + +PKCS12AttrSet ATTRIBUTE ::= { + friendlyName | + localKeyId, + ... -- Other attributes are allowed +} + +END diff --git a/priv/cms/PKCS-4.asn1 b/priv/cms/PKCS-4.asn1 new file mode 100644 index 0000000..6dbe58c --- /dev/null +++ b/priv/cms/PKCS-4.asn1 @@ -0,0 +1,196 @@ +PKCS-5 { + iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-5(5) modules(16) + pkcs5v2-1(2)} + +DEFINITIONS EXPLICIT TAGS ::= + +BEGIN + +-- ============================ +-- Basic object identifiers +-- ============================ + +nistAlgorithms OBJECT IDENTIFIER ::= + {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) 4} +oiw OBJECT IDENTIFIER ::= {iso(1) identified-organization(3) 14} +rsadsi OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) 113549} +pkcs OBJECT IDENTIFIER ::= {rsadsi 1} +pkcs-5 OBJECT IDENTIFIER ::= {pkcs 5} + + +-- ============================ +-- Basic types and classes +-- ============================ + +AlgorithmIdentifier { ALGORITHM-IDENTIFIER:InfoObjectSet } ::= SEQUENCE { + algorithm ALGORITHM-IDENTIFIER.&id({InfoObjectSet}), + parameters ALGORITHM-IDENTIFIER.&Type({InfoObjectSet} {@algorithm}) OPTIONAL +} + +ALGORITHM-IDENTIFIER ::= TYPE-IDENTIFIER + + +-- ============================ +-- PBKDF2 +-- ============================ + +PBKDF2Algorithms ALGORITHM-IDENTIFIER ::= + { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ...} + +id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} + +algid-hmacWithSHA1 AlgorithmIdentifier {{PBKDF2-PRFs}} ::= + {algorithm id-hmacWithSHA1, parameters NULL : NULL} + +PBKDF2-params ::= SEQUENCE { + salt CHOICE { + specified OCTET STRING, + otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}} + }, + iterationCount INTEGER (1..MAX), + keyLength INTEGER (1..MAX) OPTIONAL, + prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1 +} + +PBKDF2-SaltSources ALGORITHM-IDENTIFIER ::= { ... } + +PBKDF2-PRFs ALGORITHM-IDENTIFIER ::= { + {NULL IDENTIFIED BY id-hmacWithSHA1} | + {NULL IDENTIFIED BY id-hmacWithSHA224} | + {NULL IDENTIFIED BY id-hmacWithSHA256} | + {NULL IDENTIFIED BY id-hmacWithSHA384} | + {NULL IDENTIFIED BY id-hmacWithSHA512} | + {NULL IDENTIFIED BY id-hmacWithSHA512-224} | + {NULL IDENTIFIED BY id-hmacWithSHA512-256}, + ... +} + + +-- ============================ + -- PBES1 +-- ============================ + +PBES1Algorithms ALGORITHM-IDENTIFIER ::= { + {PBEParameter IDENTIFIED BY pbeWithMD2AndDES-CBC} | + {PBEParameter IDENTIFIED BY pbeWithMD2AndRC2-CBC} | + {PBEParameter IDENTIFIED BY pbeWithMD5AndDES-CBC} | + {PBEParameter IDENTIFIED BY pbeWithMD5AndRC2-CBC} | + {PBEParameter IDENTIFIED BY pbeWithSHA1AndDES-CBC} | + {PBEParameter IDENTIFIED BY pbeWithSHA1AndRC2-CBC}, + ... +} + +pbeWithMD2AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 1} +pbeWithMD2AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 4} +pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3} +pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6} +pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} +pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} + +PBEParameter ::= SEQUENCE { + salt OCTET STRING (SIZE(8)), + iterationCount INTEGER +} + + +-- ============================ +-- PBES2 +-- ============================ + +PBES2Algorithms ALGORITHM-IDENTIFIER ::= { + {PBES2-params IDENTIFIED BY id-PBES2}, + ... +} + +id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} + +PBES2-params ::= SEQUENCE { + keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}}, + encryptionScheme AlgorithmIdentifier {{PBES2-Encs}} +} + +PBES2-KDFs ALGORITHM-IDENTIFIER ::= { + {PBKDF2-params IDENTIFIED BY id-PBKDF2}, + ... +} + +PBES2-Encs ALGORITHM-IDENTIFIER ::= { ... } + + +-- ============================ +-- PBMAC1 +-- ============================ + +PBMAC1Algorithms ALGORITHM-IDENTIFIER ::= { + {PBMAC1-params IDENTIFIED BY id-PBMAC1}, + ... +} + +id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14} + +PBMAC1-params ::= SEQUENCE { + keyDerivationFunc AlgorithmIdentifier {{PBMAC1-KDFs}}, + messageAuthScheme AlgorithmIdentifier {{PBMAC1-MACs}} +} + +PBMAC1-KDFs ALGORITHM-IDENTIFIER ::= { + {PBKDF2-params IDENTIFIED BY id-PBKDF2}, + ... +} + +PBMAC1-MACs ALGORITHM-IDENTIFIER ::= { ... } + +-- ============================ +-- Supporting techniques +-- ============================ + +digestAlgorithm OBJECT IDENTIFIER ::= {rsadsi 2} +encryptionAlgorithm OBJECT IDENTIFIER ::= {rsadsi 3} + +SupportingAlgorithms ALGORITHM-IDENTIFIER ::= { + {NULL IDENTIFIED BY id-hmacWithSHA1} | + {OCTET STRING (SIZE(8)) IDENTIFIED BY desCBC} | + {OCTET STRING (SIZE(8)) IDENTIFIED BY des-EDE3-CBC} | + {RC2-CBC-Parameter IDENTIFIED BY rc2CBC} | + {RC5-CBC-Parameters IDENTIFIED BY rc5-CBC-PAD} | + {OCTET STRING (SIZE(16)) IDENTIFIED BY aes128-CBC-PAD} | + {OCTET STRING (SIZE(16)) IDENTIFIED BY aes192-CBC-PAD} | + {OCTET STRING (SIZE(16)) IDENTIFIED BY aes256-CBC-PAD}, + ... +} + +id-hmacWithSHA1 OBJECT IDENTIFIER ::= {digestAlgorithm 7} +id-hmacWithSHA224 OBJECT IDENTIFIER ::= {digestAlgorithm 8} +id-hmacWithSHA256 OBJECT IDENTIFIER ::= {digestAlgorithm 9} +id-hmacWithSHA384 OBJECT IDENTIFIER ::= {digestAlgorithm 10} +id-hmacWithSHA512 OBJECT IDENTIFIER ::= {digestAlgorithm 11} +id-hmacWithSHA512-224 OBJECT IDENTIFIER ::= {digestAlgorithm 12} +id-hmacWithSHA512-256 OBJECT IDENTIFIER ::= {digestAlgorithm 13} + +-- from OIW +desCBC OBJECT IDENTIFIER ::= {oiw secsig(3) algorithms(2) 7} + +des-EDE3-CBC OBJECT IDENTIFIER ::= {encryptionAlgorithm 7} + +rc2CBC OBJECT IDENTIFIER ::= {encryptionAlgorithm 2} + +RC2-CBC-Parameter ::= SEQUENCE { + rc2ParameterVersion INTEGER OPTIONAL, + iv OCTET STRING (SIZE(8)) +} + +rc5-CBC-PAD OBJECT IDENTIFIER ::= {encryptionAlgorithm 9} + +RC5-CBC-Parameters ::= SEQUENCE { + version INTEGER {v1-0(16)} (v1-0), + rounds INTEGER (8..127), + blockSizeInBits INTEGER (64 | 128), + iv OCTET STRING OPTIONAL +} + +aes OBJECT IDENTIFIER ::= { nistAlgorithms 1 } +aes128-CBC-PAD OBJECT IDENTIFIER ::= { aes 2 } +aes192-CBC-PAD OBJECT IDENTIFIER ::= { aes 22 } +aes256-CBC-PAD OBJECT IDENTIFIER ::= { aes 42 } + +END \ No newline at end of file diff --git a/priv/cms/PKCS-5.asn1 b/priv/cms/PKCS-5.asn1 new file mode 100644 index 0000000..6dbe58c --- /dev/null +++ b/priv/cms/PKCS-5.asn1 @@ -0,0 +1,196 @@ +PKCS-5 { + iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-5(5) modules(16) + pkcs5v2-1(2)} + +DEFINITIONS EXPLICIT TAGS ::= + +BEGIN + +-- ============================ +-- Basic object identifiers +-- ============================ + +nistAlgorithms OBJECT IDENTIFIER ::= + {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) 4} +oiw OBJECT IDENTIFIER ::= {iso(1) identified-organization(3) 14} +rsadsi OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) 113549} +pkcs OBJECT IDENTIFIER ::= {rsadsi 1} +pkcs-5 OBJECT IDENTIFIER ::= {pkcs 5} + + +-- ============================ +-- Basic types and classes +-- ============================ + +AlgorithmIdentifier { ALGORITHM-IDENTIFIER:InfoObjectSet } ::= SEQUENCE { + algorithm ALGORITHM-IDENTIFIER.&id({InfoObjectSet}), + parameters ALGORITHM-IDENTIFIER.&Type({InfoObjectSet} {@algorithm}) OPTIONAL +} + +ALGORITHM-IDENTIFIER ::= TYPE-IDENTIFIER + + +-- ============================ +-- PBKDF2 +-- ============================ + +PBKDF2Algorithms ALGORITHM-IDENTIFIER ::= + { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ...} + +id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} + +algid-hmacWithSHA1 AlgorithmIdentifier {{PBKDF2-PRFs}} ::= + {algorithm id-hmacWithSHA1, parameters NULL : NULL} + +PBKDF2-params ::= SEQUENCE { + salt CHOICE { + specified OCTET STRING, + otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}} + }, + iterationCount INTEGER (1..MAX), + keyLength INTEGER (1..MAX) OPTIONAL, + prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1 +} + +PBKDF2-SaltSources ALGORITHM-IDENTIFIER ::= { ... } + +PBKDF2-PRFs ALGORITHM-IDENTIFIER ::= { + {NULL IDENTIFIED BY id-hmacWithSHA1} | + {NULL IDENTIFIED BY id-hmacWithSHA224} | + {NULL IDENTIFIED BY id-hmacWithSHA256} | + {NULL IDENTIFIED BY id-hmacWithSHA384} | + {NULL IDENTIFIED BY id-hmacWithSHA512} | + {NULL IDENTIFIED BY id-hmacWithSHA512-224} | + {NULL IDENTIFIED BY id-hmacWithSHA512-256}, + ... +} + + +-- ============================ + -- PBES1 +-- ============================ + +PBES1Algorithms ALGORITHM-IDENTIFIER ::= { + {PBEParameter IDENTIFIED BY pbeWithMD2AndDES-CBC} | + {PBEParameter IDENTIFIED BY pbeWithMD2AndRC2-CBC} | + {PBEParameter IDENTIFIED BY pbeWithMD5AndDES-CBC} | + {PBEParameter IDENTIFIED BY pbeWithMD5AndRC2-CBC} | + {PBEParameter IDENTIFIED BY pbeWithSHA1AndDES-CBC} | + {PBEParameter IDENTIFIED BY pbeWithSHA1AndRC2-CBC}, + ... +} + +pbeWithMD2AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 1} +pbeWithMD2AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 4} +pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3} +pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6} +pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} +pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} + +PBEParameter ::= SEQUENCE { + salt OCTET STRING (SIZE(8)), + iterationCount INTEGER +} + + +-- ============================ +-- PBES2 +-- ============================ + +PBES2Algorithms ALGORITHM-IDENTIFIER ::= { + {PBES2-params IDENTIFIED BY id-PBES2}, + ... +} + +id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} + +PBES2-params ::= SEQUENCE { + keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}}, + encryptionScheme AlgorithmIdentifier {{PBES2-Encs}} +} + +PBES2-KDFs ALGORITHM-IDENTIFIER ::= { + {PBKDF2-params IDENTIFIED BY id-PBKDF2}, + ... +} + +PBES2-Encs ALGORITHM-IDENTIFIER ::= { ... } + + +-- ============================ +-- PBMAC1 +-- ============================ + +PBMAC1Algorithms ALGORITHM-IDENTIFIER ::= { + {PBMAC1-params IDENTIFIED BY id-PBMAC1}, + ... +} + +id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14} + +PBMAC1-params ::= SEQUENCE { + keyDerivationFunc AlgorithmIdentifier {{PBMAC1-KDFs}}, + messageAuthScheme AlgorithmIdentifier {{PBMAC1-MACs}} +} + +PBMAC1-KDFs ALGORITHM-IDENTIFIER ::= { + {PBKDF2-params IDENTIFIED BY id-PBKDF2}, + ... +} + +PBMAC1-MACs ALGORITHM-IDENTIFIER ::= { ... } + +-- ============================ +-- Supporting techniques +-- ============================ + +digestAlgorithm OBJECT IDENTIFIER ::= {rsadsi 2} +encryptionAlgorithm OBJECT IDENTIFIER ::= {rsadsi 3} + +SupportingAlgorithms ALGORITHM-IDENTIFIER ::= { + {NULL IDENTIFIED BY id-hmacWithSHA1} | + {OCTET STRING (SIZE(8)) IDENTIFIED BY desCBC} | + {OCTET STRING (SIZE(8)) IDENTIFIED BY des-EDE3-CBC} | + {RC2-CBC-Parameter IDENTIFIED BY rc2CBC} | + {RC5-CBC-Parameters IDENTIFIED BY rc5-CBC-PAD} | + {OCTET STRING (SIZE(16)) IDENTIFIED BY aes128-CBC-PAD} | + {OCTET STRING (SIZE(16)) IDENTIFIED BY aes192-CBC-PAD} | + {OCTET STRING (SIZE(16)) IDENTIFIED BY aes256-CBC-PAD}, + ... +} + +id-hmacWithSHA1 OBJECT IDENTIFIER ::= {digestAlgorithm 7} +id-hmacWithSHA224 OBJECT IDENTIFIER ::= {digestAlgorithm 8} +id-hmacWithSHA256 OBJECT IDENTIFIER ::= {digestAlgorithm 9} +id-hmacWithSHA384 OBJECT IDENTIFIER ::= {digestAlgorithm 10} +id-hmacWithSHA512 OBJECT IDENTIFIER ::= {digestAlgorithm 11} +id-hmacWithSHA512-224 OBJECT IDENTIFIER ::= {digestAlgorithm 12} +id-hmacWithSHA512-256 OBJECT IDENTIFIER ::= {digestAlgorithm 13} + +-- from OIW +desCBC OBJECT IDENTIFIER ::= {oiw secsig(3) algorithms(2) 7} + +des-EDE3-CBC OBJECT IDENTIFIER ::= {encryptionAlgorithm 7} + +rc2CBC OBJECT IDENTIFIER ::= {encryptionAlgorithm 2} + +RC2-CBC-Parameter ::= SEQUENCE { + rc2ParameterVersion INTEGER OPTIONAL, + iv OCTET STRING (SIZE(8)) +} + +rc5-CBC-PAD OBJECT IDENTIFIER ::= {encryptionAlgorithm 9} + +RC5-CBC-Parameters ::= SEQUENCE { + version INTEGER {v1-0(16)} (v1-0), + rounds INTEGER (8..127), + blockSizeInBits INTEGER (64 | 128), + iv OCTET STRING OPTIONAL +} + +aes OBJECT IDENTIFIER ::= { nistAlgorithms 1 } +aes128-CBC-PAD OBJECT IDENTIFIER ::= { aes 2 } +aes192-CBC-PAD OBJECT IDENTIFIER ::= { aes 22 } +aes256-CBC-PAD OBJECT IDENTIFIER ::= { aes 42 } + +END \ No newline at end of file diff --git a/priv/cms/PKCS-8.asn1 b/priv/cms/PKCS-8.asn1 new file mode 100644 index 0000000..266f901 --- /dev/null +++ b/priv/cms/PKCS-8.asn1 @@ -0,0 +1,61 @@ +PKCS-8 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-8(8) + modules(1) pkcs-8(1)} + +-- $Revision: 1.5 $ + +-- This module has been checked for conformance with the ASN.1 +-- standard by the OSS ASN.1 Tools + +DEFINITIONS IMPLICIT TAGS ::= + +BEGIN + +-- EXPORTS All -- +-- All types and values defined in this module is exported for use in other +-- ASN.1 modules. + +IMPORTS + +informationFramework + FROM UsefulDefinitions {joint-iso-itu-t(2) ds(5) module(1) + usefulDefinitions(0) 3} + +Attribute + FROM InformationFramework informationFramework + +AlgorithmIdentifier, ALGORITHM-IDENTIFIER + FROM PKCS-5 {iso(1) member-body(2) us(840) rsadsi(113549) + pkcs(1) pkcs-5(5) modules(16) pkcs-5(1)}; + +-- Private-key information syntax + +PrivateKeyInfo ::= SEQUENCE { + version Version, + privateKeyAlgorithm AlgorithmIdentifier {{PrivateKeyAlgorithms}}, + privateKey PrivateKey, + attributes [0] Attributes OPTIONAL } + +Version ::= INTEGER {v1(0)} (v1,...) + +PrivateKey ::= OCTET STRING + +Attributes ::= SET OF Attribute + +-- Encrypted private-key information syntax + +EncryptedPrivateKeyInfo ::= SEQUENCE { + encryptionAlgorithm AlgorithmIdentifier {{KeyEncryptionAlgorithms}}, + encryptedData EncryptedData +} + +EncryptedData ::= OCTET STRING + +PrivateKeyAlgorithms ALGORITHM-IDENTIFIER ::= { + ... -- For local profiles +} + +KeyEncryptionAlgorithms ALGORITHM-IDENTIFIER ::= { + ... -- For local profiles +} + +END diff --git a/priv/cms/PKCS-9.asn1 b/priv/cms/PKCS-9.asn1 index cd561f4..66e4563 100644 --- a/priv/cms/PKCS-9.asn1 +++ b/priv/cms/PKCS-9.asn1 @@ -388,4 +388,4 @@ signingTimeMatch MATCHING-RULE ::= { ID pkcs-9-mr-signingTimeMatch } -END \ No newline at end of file +END diff --git a/priv/cms/PKIX1Explicit88.asn1 b/priv/cms/PKIX1Explicit88.asn1 new file mode 100644 index 0000000..03e9da3 --- /dev/null +++ b/priv/cms/PKIX1Explicit88.asn1 @@ -0,0 +1,619 @@ +PKIX1Explicit88 { iso(1) identified-organization(3) dod(6) internet(1) + security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit(18) } + +DEFINITIONS EXPLICIT TAGS ::= + +BEGIN + +-- EXPORTS ALL -- + +-- IMPORTS NONE -- + +-- UNIVERSAL Types defined in 1993 and 1998 ASN.1 +-- and required by this specification + +-- UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING + -- UniversalString is defined in ASN.1:1993 + +-- BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING + -- BMPString is the subtype of UniversalString and models + -- the Basic Multilingual Plane of ISO/IEC/ITU 10646-1 + +-- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING + -- The content of this type conforms to RFC 2279. + +-- PKIX specific OIDs + +id-pkix OBJECT IDENTIFIER ::= + { iso(1) identified-organization(3) dod(6) internet(1) + security(5) mechanisms(5) pkix(7) } + +-- PKIX arcs + +id-pe OBJECT IDENTIFIER ::= { id-pkix 1 } + -- arc for private certificate extensions +id-qt OBJECT IDENTIFIER ::= { id-pkix 2 } + -- arc for policy qualifier types +id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } + -- arc for extended key purpose OIDS +id-ad OBJECT IDENTIFIER ::= { id-pkix 48 } + -- arc for access descriptors + +-- policyQualifierIds for Internet policy qualifiers + +id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 } + -- OID for CPS qualifier +id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 } + -- OID for user notice qualifier + +-- access descriptor definitions + +id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 } +id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 } +id-ad-timeStamping OBJECT IDENTIFIER ::= { id-ad 3 } +id-ad-caRepository OBJECT IDENTIFIER ::= { id-ad 5 } + +-- attribute data types + +Attribute ::= SEQUENCE { + type AttributeType, + values SET OF AttributeValue } + -- at least one value is required + +AttributeType ::= OBJECT IDENTIFIER + +AttributeValue ::= ANY + +AttributeTypeAndValue ::= SEQUENCE { + type AttributeType, + value AttributeValue } + +-- suggested naming attributes: Definition of the following +-- information object set may be augmented to meet local +-- requirements. Note that deleting members of the set may +-- prevent interoperability with conforming implementations. +-- presented in pairs: the AttributeType followed by the +-- type definition for the corresponding AttributeValue +--Arc for standard naming attributes +id-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 } + +-- Naming attributes of type X520name + +id-at-name AttributeType ::= { id-at 41 } +id-at-surname AttributeType ::= { id-at 4 } +id-at-givenName AttributeType ::= { id-at 42 } +id-at-initials AttributeType ::= { id-at 43 } +id-at-generationQualifier AttributeType ::= { id-at 44 } + +X520name ::= CHOICE { + teletexString TeletexString (SIZE (1..ub-name)), + printableString PrintableString (SIZE (1..ub-name)), + universalString UniversalString (SIZE (1..ub-name)), + utf8String UTF8String (SIZE (1..ub-name)), + bmpString BMPString (SIZE (1..ub-name)) } + +-- Naming attributes of type X520CommonName + +id-at-commonName AttributeType ::= { id-at 3 } + +X520CommonName ::= CHOICE { + teletexString TeletexString (SIZE (1..ub-common-name)), + printableString PrintableString (SIZE (1..ub-common-name)), + universalString UniversalString (SIZE (1..ub-common-name)), + utf8String UTF8String (SIZE (1..ub-common-name)), + bmpString BMPString (SIZE (1..ub-common-name)) } + +-- Naming attributes of type X520LocalityName + +id-at-localityName AttributeType ::= { id-at 7 } + +X520LocalityName ::= CHOICE { + teletexString TeletexString (SIZE (1..ub-locality-name)), + printableString PrintableString (SIZE (1..ub-locality-name)), + universalString UniversalString (SIZE (1..ub-locality-name)), + utf8String UTF8String (SIZE (1..ub-locality-name)), + bmpString BMPString (SIZE (1..ub-locality-name)) } + +-- Naming attributes of type X520StateOrProvinceName + +id-at-stateOrProvinceName AttributeType ::= { id-at 8 } + +X520StateOrProvinceName ::= CHOICE { + teletexString TeletexString (SIZE (1..ub-state-name)), + printableString PrintableString (SIZE (1..ub-state-name)), + universalString UniversalString (SIZE (1..ub-state-name)), + utf8String UTF8String (SIZE (1..ub-state-name)), + bmpString BMPString (SIZE(1..ub-state-name)) } + +-- Naming attributes of type X520OrganizationName + +id-at-organizationName AttributeType ::= { id-at 10 } + +X520OrganizationName ::= CHOICE { + teletexString TeletexString + (SIZE (1..ub-organization-name)), + printableString PrintableString + (SIZE (1..ub-organization-name)), + universalString UniversalString + (SIZE (1..ub-organization-name)), + utf8String UTF8String + (SIZE (1..ub-organization-name)), + bmpString BMPString + (SIZE (1..ub-organization-name)) } + +-- Naming attributes of type X520OrganizationalUnitName + +id-at-organizationalUnitName AttributeType ::= { id-at 11 } + +X520OrganizationalUnitName ::= CHOICE { + teletexString TeletexString + (SIZE (1..ub-organizational-unit-name)), + printableString PrintableString + (SIZE (1..ub-organizational-unit-name)), + universalString UniversalString + (SIZE (1..ub-organizational-unit-name)), + utf8String UTF8String + (SIZE (1..ub-organizational-unit-name)), + bmpString BMPString + (SIZE (1..ub-organizational-unit-name)) } + +-- Naming attributes of type X520Title + +id-at-title AttributeType ::= { id-at 12 } + +X520Title ::= CHOICE { + teletexString TeletexString (SIZE (1..ub-title)), + printableString PrintableString (SIZE (1..ub-title)), + universalString UniversalString (SIZE (1..ub-title)), + utf8String UTF8String (SIZE (1..ub-title)), + bmpString BMPString (SIZE (1..ub-title)) } + +-- Naming attributes of type X520dnQualifier + +id-at-dnQualifier AttributeType ::= { id-at 46 } + +X520dnQualifier ::= PrintableString + +-- Naming attributes of type X520countryName (digraph from IS 3166) + +id-at-countryName AttributeType ::= { id-at 6 } + +X520countryName ::= PrintableString (SIZE (2)) + +-- Naming attributes of type X520SerialNumber + +id-at-serialNumber AttributeType ::= { id-at 5 } + +X520SerialNumber ::= PrintableString (SIZE (1..ub-serial-number)) + +-- Naming attributes of type X520Pseudonym + +id-at-pseudonym AttributeType ::= { id-at 65 } + +X520Pseudonym ::= CHOICE { + teletexString TeletexString (SIZE (1..ub-pseudonym)), + printableString PrintableString (SIZE (1..ub-pseudonym)), + universalString UniversalString (SIZE (1..ub-pseudonym)), + utf8String UTF8String (SIZE (1..ub-pseudonym)), + bmpString BMPString (SIZE (1..ub-pseudonym)) } + +-- Naming attributes of type DomainComponent (from RFC 2247) + +id-domainComponent AttributeType ::= + { 0 9 2342 19200300 100 1 25 } + +DomainComponent ::= IA5String + +-- Legacy attributes + +pkcs-9 OBJECT IDENTIFIER ::= + { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } + +id-emailAddress AttributeType ::= { pkcs-9 1 } + +EmailAddress ::= IA5String (SIZE (1..ub-emailaddress-length)) + +-- naming data types -- + +Name ::= CHOICE { -- only one possibility for now -- + rdnSequence RDNSequence } + +RDNSequence ::= SEQUENCE OF RelativeDistinguishedName + +DistinguishedName ::= RDNSequence + +RelativeDistinguishedName ::= + SET SIZE (1 .. MAX) OF AttributeTypeAndValue + +-- Directory string type -- + +DirectoryString ::= CHOICE { + teletexString TeletexString (SIZE (1..MAX)), + printableString PrintableString (SIZE (1..MAX)), + universalString UniversalString (SIZE (1..MAX)), + utf8String UTF8String (SIZE (1..MAX)), + bmpString BMPString (SIZE (1..MAX)) } + +-- certificate and CRL specific structures begin here + +Certificate ::= SEQUENCE { + tbsCertificate TBSCertificate, + signatureAlgorithm AlgorithmIdentifier, + signature BIT STRING } + +TBSCertificate ::= SEQUENCE { + version [0] Version DEFAULT v1, + serialNumber CertificateSerialNumber, + signature AlgorithmIdentifier, + issuer Name, + validity Validity, + subject Name, + subjectPublicKeyInfo SubjectPublicKeyInfo, + issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, + -- If present, version MUST be v2 or v3 + subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, + -- If present, version MUST be v2 or v3 + extensions [3] Extensions OPTIONAL + -- If present, version MUST be v3 -- } + +Version ::= INTEGER { v1(0), v2(1), v3(2) } + +CertificateSerialNumber ::= INTEGER + +Validity ::= SEQUENCE { + notBefore Time, + notAfter Time } + +Time ::= CHOICE { + utcTime UTCTime, + generalTime GeneralizedTime } + +UniqueIdentifier ::= BIT STRING + +SubjectPublicKeyInfo ::= SEQUENCE { + algorithm AlgorithmIdentifier, + subjectPublicKey BIT STRING } + +Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension + +Extension ::= SEQUENCE { + extnID OBJECT IDENTIFIER, + critical BOOLEAN DEFAULT FALSE, + extnValue OCTET STRING } + +-- CRL structures + +CertificateList ::= SEQUENCE { + tbsCertList TBSCertList, + signatureAlgorithm AlgorithmIdentifier, + signature BIT STRING } + +TBSCertList ::= SEQUENCE { + version Version OPTIONAL, + -- if present, MUST be v2 + signature AlgorithmIdentifier, + issuer Name, + thisUpdate Time, + nextUpdate Time OPTIONAL, + revokedCertificates SEQUENCE OF SEQUENCE { + userCertificate CertificateSerialNumber, + revocationDate Time, + crlEntryExtensions Extensions OPTIONAL + -- if present, MUST be v2 + } OPTIONAL, + crlExtensions [0] Extensions OPTIONAL } + -- if present, MUST be v2 + +-- Version, Time, CertificateSerialNumber, and Extensions were +-- defined earlier for use in the certificate structure + +AlgorithmIdentifier ::= SEQUENCE { + algorithm OBJECT IDENTIFIER, + parameters ANY DEFINED BY algorithm OPTIONAL } + -- contains a value of the type + -- registered for use with the + -- algorithm object identifier value + +-- X.400 address syntax starts here + +ORAddress ::= SEQUENCE { + built-in-standard-attributes BuiltInStandardAttributes, + built-in-domain-defined-attributes + BuiltInDomainDefinedAttributes OPTIONAL, + -- see also teletex-domain-defined-attributes + extension-attributes ExtensionAttributes OPTIONAL } + +-- Built-in Standard Attributes + +BuiltInStandardAttributes ::= SEQUENCE { + country-name CountryName OPTIONAL, + administration-domain-name AdministrationDomainName OPTIONAL, + network-address [0] IMPLICIT NetworkAddress OPTIONAL, + -- see also extended-network-address + terminal-identifier [1] IMPLICIT TerminalIdentifier OPTIONAL, + private-domain-name [2] PrivateDomainName OPTIONAL, + organization-name [3] IMPLICIT OrganizationName OPTIONAL, + -- see also teletex-organization-name + numeric-user-identifier [4] IMPLICIT NumericUserIdentifier + OPTIONAL, + personal-name [5] IMPLICIT PersonalName OPTIONAL, + -- see also teletex-personal-name + organizational-unit-names [6] IMPLICIT OrganizationalUnitNames + OPTIONAL } + -- see also teletex-organizational-unit-names + +CountryName ::= [APPLICATION 1] CHOICE { + x121-dcc-code NumericString + (SIZE (ub-country-name-numeric-length)), + iso-3166-alpha2-code PrintableString + (SIZE (ub-country-name-alpha-length)) } + +AdministrationDomainName ::= [APPLICATION 2] CHOICE { + numeric NumericString (SIZE (0..ub-domain-name-length)), + printable PrintableString (SIZE (0..ub-domain-name-length)) } + +NetworkAddress ::= X121Address -- see also extended-network-address + +X121Address ::= NumericString (SIZE (1..ub-x121-address-length)) + +TerminalIdentifier ::= PrintableString (SIZE +(1..ub-terminal-id-length)) + +PrivateDomainName ::= CHOICE { + numeric NumericString (SIZE (1..ub-domain-name-length)), + printable PrintableString (SIZE (1..ub-domain-name-length)) } + +OrganizationName ::= PrintableString + (SIZE (1..ub-organization-name-length)) + -- see also teletex-organization-name + +NumericUserIdentifier ::= NumericString + (SIZE (1..ub-numeric-user-id-length)) + +PersonalName ::= SET { + surname [0] IMPLICIT PrintableString + (SIZE (1..ub-surname-length)), + given-name [1] IMPLICIT PrintableString + (SIZE (1..ub-given-name-length)) OPTIONAL, + initials [2] IMPLICIT PrintableString + (SIZE (1..ub-initials-length)) OPTIONAL, + generation-qualifier [3] IMPLICIT PrintableString + (SIZE (1..ub-generation-qualifier-length)) + OPTIONAL } + -- see also teletex-personal-name + +OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units) + OF OrganizationalUnitName + -- see also teletex-organizational-unit-names + +OrganizationalUnitName ::= PrintableString (SIZE + (1..ub-organizational-unit-name-length)) + +-- Built-in Domain-defined Attributes + +BuiltInDomainDefinedAttributes ::= SEQUENCE SIZE + (1..ub-domain-defined-attributes) OF + BuiltInDomainDefinedAttribute + +BuiltInDomainDefinedAttribute ::= SEQUENCE { + type PrintableString (SIZE + (1..ub-domain-defined-attribute-type-length)), + value PrintableString (SIZE + (1..ub-domain-defined-attribute-value-length)) } + +-- Extension Attributes + +ExtensionAttributes ::= SET SIZE (1..ub-extension-attributes) OF + ExtensionAttribute + +ExtensionAttribute ::= SEQUENCE { + extension-attribute-type [0] IMPLICIT INTEGER + (0..ub-extension-attributes), + extension-attribute-value [1] + ANY DEFINED BY extension-attribute-type } + +-- Extension types and attribute values + +common-name INTEGER ::= 1 + +CommonName ::= PrintableString (SIZE (1..ub-common-name-length)) + +teletex-common-name INTEGER ::= 2 + +TeletexCommonName ::= TeletexString (SIZE (1..ub-common-name-length)) + +teletex-organization-name INTEGER ::= 3 + +TeletexOrganizationName ::= + TeletexString (SIZE (1..ub-organization-name-length)) + +teletex-personal-name INTEGER ::= 4 + +TeletexPersonalName ::= SET { + surname [0] IMPLICIT TeletexString + (SIZE (1..ub-surname-length)), + given-name [1] IMPLICIT TeletexString + (SIZE (1..ub-given-name-length)) OPTIONAL, + initials [2] IMPLICIT TeletexString + (SIZE (1..ub-initials-length)) OPTIONAL, + generation-qualifier [3] IMPLICIT TeletexString + (SIZE (1..ub-generation-qualifier-length)) + OPTIONAL } + +teletex-organizational-unit-names INTEGER ::= 5 + +TeletexOrganizationalUnitNames ::= SEQUENCE SIZE + (1..ub-organizational-units) OF TeletexOrganizationalUnitName + +TeletexOrganizationalUnitName ::= TeletexString + (SIZE (1..ub-organizational-unit-name-length)) + +pds-name INTEGER ::= 7 + +PDSName ::= PrintableString (SIZE (1..ub-pds-name-length)) + +physical-delivery-country-name INTEGER ::= 8 + +PhysicalDeliveryCountryName ::= CHOICE { + x121-dcc-code NumericString (SIZE +(ub-country-name-numeric-length)), + iso-3166-alpha2-code PrintableString + (SIZE (ub-country-name-alpha-length)) } + +postal-code INTEGER ::= 9 + +PostalCode ::= CHOICE { + numeric-code NumericString (SIZE (1..ub-postal-code-length)), + printable-code PrintableString (SIZE (1..ub-postal-code-length)) } + +physical-delivery-office-name INTEGER ::= 10 + +PhysicalDeliveryOfficeName ::= PDSParameter + +physical-delivery-office-number INTEGER ::= 11 + +PhysicalDeliveryOfficeNumber ::= PDSParameter + +extension-OR-address-components INTEGER ::= 12 + +ExtensionORAddressComponents ::= PDSParameter + +physical-delivery-personal-name INTEGER ::= 13 + +PhysicalDeliveryPersonalName ::= PDSParameter + +physical-delivery-organization-name INTEGER ::= 14 + +PhysicalDeliveryOrganizationName ::= PDSParameter + +extension-physical-delivery-address-components INTEGER ::= 15 + +ExtensionPhysicalDeliveryAddressComponents ::= PDSParameter + +unformatted-postal-address INTEGER ::= 16 + +UnformattedPostalAddress ::= SET { + printable-address SEQUENCE SIZE (1..ub-pds-physical-address-lines) + OF PrintableString (SIZE (1..ub-pds-parameter-length)) + OPTIONAL, + teletex-string TeletexString + (SIZE (1..ub-unformatted-address-length)) OPTIONAL } + +street-address INTEGER ::= 17 + +StreetAddress ::= PDSParameter + +post-office-box-address INTEGER ::= 18 + +PostOfficeBoxAddress ::= PDSParameter + +poste-restante-address INTEGER ::= 19 + +PosteRestanteAddress ::= PDSParameter + +unique-postal-name INTEGER ::= 20 + +UniquePostalName ::= PDSParameter + +local-postal-attributes INTEGER ::= 21 + +LocalPostalAttributes ::= PDSParameter + +PDSParameter ::= SET { + printable-string PrintableString + (SIZE(1..ub-pds-parameter-length)) OPTIONAL, + teletex-string TeletexString + (SIZE(1..ub-pds-parameter-length)) OPTIONAL } + +extended-network-address INTEGER ::= 22 + +ExtendedNetworkAddress ::= CHOICE { + e163-4-address SEQUENCE { + number [0] IMPLICIT NumericString + (SIZE (1..ub-e163-4-number-length)), + sub-address [1] IMPLICIT NumericString + (SIZE (1..ub-e163-4-sub-address-length)) + OPTIONAL }, + psap-address [0] IMPLICIT PresentationAddress } + +PresentationAddress ::= SEQUENCE { + pSelector [0] EXPLICIT OCTET STRING OPTIONAL, + sSelector [1] EXPLICIT OCTET STRING OPTIONAL, + tSelector [2] EXPLICIT OCTET STRING OPTIONAL, + nAddresses [3] EXPLICIT SET SIZE (1..MAX) OF OCTET STRING } + +terminal-type INTEGER ::= 23 + +TerminalType ::= INTEGER { + telex (3), + teletex (4), + g3-facsimile (5), + g4-facsimile (6), + ia5-terminal (7), + videotex (8) } (0..ub-integer-options) + +-- Extension Domain-defined Attributes + +teletex-domain-defined-attributes INTEGER ::= 6 + +TeletexDomainDefinedAttributes ::= SEQUENCE SIZE + (1..ub-domain-defined-attributes) OF TeletexDomainDefinedAttribute + +TeletexDomainDefinedAttribute ::= SEQUENCE { + type TeletexString + (SIZE (1..ub-domain-defined-attribute-type-length)), + value TeletexString + (SIZE (1..ub-domain-defined-attribute-value-length)) } + +-- specifications of Upper Bounds MUST be regarded as mandatory +-- from Annex B of ITU-T X.411 Reference Definition of MTS Parameter +-- Upper Bounds + +-- Upper Bounds +ub-name INTEGER ::= 32768 +ub-common-name INTEGER ::= 64 +ub-locality-name INTEGER ::= 128 +ub-state-name INTEGER ::= 128 +ub-organization-name INTEGER ::= 64 +ub-organizational-unit-name INTEGER ::= 64 +ub-title INTEGER ::= 64 +ub-serial-number INTEGER ::= 64 +ub-match INTEGER ::= 128 +ub-emailaddress-length INTEGER ::= 255 +ub-common-name-length INTEGER ::= 64 +ub-country-name-alpha-length INTEGER ::= 2 +ub-country-name-numeric-length INTEGER ::= 3 +ub-domain-defined-attributes INTEGER ::= 4 +ub-domain-defined-attribute-type-length INTEGER ::= 8 +ub-domain-defined-attribute-value-length INTEGER ::= 128 +ub-domain-name-length INTEGER ::= 16 +ub-extension-attributes INTEGER ::= 256 +ub-e163-4-number-length INTEGER ::= 15 +ub-e163-4-sub-address-length INTEGER ::= 40 +ub-generation-qualifier-length INTEGER ::= 3 +ub-given-name-length INTEGER ::= 16 +ub-initials-length INTEGER ::= 5 +ub-integer-options INTEGER ::= 256 +ub-numeric-user-id-length INTEGER ::= 32 +ub-organization-name-length INTEGER ::= 64 +ub-organizational-unit-name-length INTEGER ::= 32 +ub-organizational-units INTEGER ::= 4 +ub-pds-name-length INTEGER ::= 16 +ub-pds-parameter-length INTEGER ::= 30 +ub-pds-physical-address-lines INTEGER ::= 6 +ub-postal-code-length INTEGER ::= 16 +ub-pseudonym INTEGER ::= 128 +ub-surname-length INTEGER ::= 40 +ub-terminal-id-length INTEGER ::= 24 +ub-unformatted-address-length INTEGER ::= 180 +ub-x121-address-length INTEGER ::= 16 + +-- Note - upper bounds on string types, such as TeletexString, are +-- measured in characters. Excepting PrintableString or IA5String, a +-- significantly greater number of octets will be required to hold +-- such a value. As a minimum, 16 octets, or twice the specified +-- upper bound, whichever is the larger, should be allowed for +-- TeletexString. For UTF8String or UniversalString at least four +-- times the upper bound should be allowed. + +END diff --git a/priv/cms/PKIX1Implicit88.asn1 b/priv/cms/PKIX1Implicit88.asn1 new file mode 100644 index 0000000..ced270b --- /dev/null +++ b/priv/cms/PKIX1Implicit88.asn1 @@ -0,0 +1,349 @@ +PKIX1Implicit88 { iso(1) identified-organization(3) dod(6) internet(1) + security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit(19) } + +DEFINITIONS IMPLICIT TAGS ::= + +BEGIN + +-- EXPORTS ALL -- + +IMPORTS + id-pe, id-kp, id-qt-unotice, id-qt-cps, + -- delete following line if "new" types are supported -- + -- BMPString, + -- UTF8String, end "new" types -- + ORAddress, Name, RelativeDistinguishedName, + CertificateSerialNumber, Attribute, DirectoryString + FROM PKIX1Explicit88 { iso(1) identified-organization(3) + dod(6) internet(1) security(5) mechanisms(5) pkix(7) + id-mod(0) id-pkix1-explicit(18) }; + + +-- ISO arc for standard certificate and CRL extensions + +id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} + +-- authority key identifier OID and syntax + +id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } + +AuthorityKeyIdentifier ::= SEQUENCE { + keyIdentifier [0] KeyIdentifier OPTIONAL, + authorityCertIssuer [1] GeneralNames OPTIONAL, + authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } + -- authorityCertIssuer and authorityCertSerialNumber MUST both + -- be present or both be absent + +KeyIdentifier ::= OCTET STRING + +-- subject key identifier OID and syntax + +id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } + +SubjectKeyIdentifier ::= KeyIdentifier + +-- key usage extension OID and syntax + +id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } + +KeyUsage ::= BIT STRING { + digitalSignature (0), + nonRepudiation (1), + keyEncipherment (2), + dataEncipherment (3), + keyAgreement (4), + keyCertSign (5), + cRLSign (6), + encipherOnly (7), + decipherOnly (8) } + +-- private key usage period extension OID and syntax + +id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-ce 16 } + +PrivateKeyUsagePeriod ::= SEQUENCE { + notBefore [0] GeneralizedTime OPTIONAL, + notAfter [1] GeneralizedTime OPTIONAL } + -- either notBefore or notAfter MUST be present + +-- certificate policies extension OID and syntax + +id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } + +anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } + +CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation + +PolicyInformation ::= SEQUENCE { + policyIdentifier CertPolicyId, + policyQualifiers SEQUENCE SIZE (1..MAX) OF + PolicyQualifierInfo OPTIONAL } + +CertPolicyId ::= OBJECT IDENTIFIER + +PolicyQualifierInfo ::= SEQUENCE { + policyQualifierId PolicyQualifierId, + qualifier ANY DEFINED BY policyQualifierId } + +-- Implementations that recognize additional policy qualifiers MUST +-- augment the following definition for PolicyQualifierId + +PolicyQualifierId ::= + OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice ) + +-- CPS pointer qualifier + +CPSuri ::= IA5String + +-- user notice qualifier + +UserNotice ::= SEQUENCE { + noticeRef NoticeReference OPTIONAL, + explicitText DisplayText OPTIONAL} + +NoticeReference ::= SEQUENCE { + organization DisplayText, + noticeNumbers SEQUENCE OF INTEGER } + +DisplayText ::= CHOICE { + ia5String IA5String (SIZE (1..200)), + visibleString VisibleString (SIZE (1..200)), + bmpString BMPString (SIZE (1..200)), + utf8String UTF8String (SIZE (1..200)) } + +-- policy mapping extension OID and syntax + +id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } + +PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { + issuerDomainPolicy CertPolicyId, + subjectDomainPolicy CertPolicyId } + +-- subject alternative name extension OID and syntax + +id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } + +SubjectAltName ::= GeneralNames + +GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName + +GeneralName ::= CHOICE { + otherName [0] AnotherName, + rfc822Name [1] IA5String, + dNSName [2] IA5String, + x400Address [3] ORAddress, + directoryName [4] Name, + ediPartyName [5] EDIPartyName, + uniformResourceIdentifier [6] IA5String, + iPAddress [7] OCTET STRING, + registeredID [8] OBJECT IDENTIFIER } + +-- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as +-- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax + +AnotherName ::= SEQUENCE { + type-id OBJECT IDENTIFIER, + value [0] EXPLICIT ANY DEFINED BY type-id } + +EDIPartyName ::= SEQUENCE { + nameAssigner [0] DirectoryString OPTIONAL, + partyName [1] DirectoryString } + +-- issuer alternative name extension OID and syntax + +id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 } + +IssuerAltName ::= GeneralNames + +id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 } + +SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF Attribute + +-- basic constraints extension OID and syntax + +id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } + +BasicConstraints ::= SEQUENCE { + cA BOOLEAN DEFAULT FALSE, + pathLenConstraint INTEGER (0..MAX) OPTIONAL } + +-- name constraints extension OID and syntax + +id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 } + +NameConstraints ::= SEQUENCE { + permittedSubtrees [0] GeneralSubtrees OPTIONAL, + excludedSubtrees [1] GeneralSubtrees OPTIONAL } + +GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree + +GeneralSubtree ::= SEQUENCE { + base GeneralName, + minimum [0] BaseDistance DEFAULT 0, + maximum [1] BaseDistance OPTIONAL } + +BaseDistance ::= INTEGER (0..MAX) + +-- policy constraints extension OID and syntax + +id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 } + +PolicyConstraints ::= SEQUENCE { + requireExplicitPolicy [0] SkipCerts OPTIONAL, + inhibitPolicyMapping [1] SkipCerts OPTIONAL } + +SkipCerts ::= INTEGER (0..MAX) + +-- CRL distribution points extension OID and syntax + +id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= {id-ce 31} + +CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint + +DistributionPoint ::= SEQUENCE { + distributionPoint [0] DistributionPointName OPTIONAL, + reasons [1] ReasonFlags OPTIONAL, + cRLIssuer [2] GeneralNames OPTIONAL } + +DistributionPointName ::= CHOICE { + fullName [0] GeneralNames, + nameRelativeToCRLIssuer [1] RelativeDistinguishedName } + +ReasonFlags ::= BIT STRING { + unused (0), + keyCompromise (1), + cACompromise (2), + affiliationChanged (3), + superseded (4), + cessationOfOperation (5), + certificateHold (6), + privilegeWithdrawn (7), + aACompromise (8) } + +-- extended key usage extension OID and syntax + +id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37} + +ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId + + +KeyPurposeId ::= OBJECT IDENTIFIER + +-- permit unspecified key uses + +anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } + +-- extended key purpose OIDs + +id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } +id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } +id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } +id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } +id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } +id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } + +-- inhibit any policy OID and syntax + +id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } + +InhibitAnyPolicy ::= SkipCerts + +-- freshest (delta)CRL extension OID and syntax + +id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 } + +FreshestCRL ::= CRLDistributionPoints + +-- authority info access + +id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 } + +AuthorityInfoAccessSyntax ::= + SEQUENCE SIZE (1..MAX) OF AccessDescription + +AccessDescription ::= SEQUENCE { + accessMethod OBJECT IDENTIFIER, + accessLocation GeneralName } + +-- subject info access + +id-pe-subjectInfoAccess OBJECT IDENTIFIER ::= { id-pe 11 } + +SubjectInfoAccessSyntax ::= + SEQUENCE SIZE (1..MAX) OF AccessDescription + +-- CRL number extension OID and syntax + +id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } + +CRLNumber ::= INTEGER (0..MAX) + +-- issuing distribution point extension OID and syntax + +id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 } + +IssuingDistributionPoint ::= SEQUENCE { + distributionPoint [0] DistributionPointName OPTIONAL, + onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE, + onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE, + onlySomeReasons [3] ReasonFlags OPTIONAL, + indirectCRL [4] BOOLEAN DEFAULT FALSE, + onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE } + +id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-ce 27 } + +BaseCRLNumber ::= CRLNumber + +-- CRL reasons extension OID and syntax + +id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 } + +CRLReason ::= ENUMERATED { + unspecified (0), + keyCompromise (1), + cACompromise (2), + affiliationChanged (3), + superseded (4), + cessationOfOperation (5), + certificateHold (6), + removeFromCRL (8), + privilegeWithdrawn (9), + aACompromise (10) } + +-- certificate issuer CRL entry extension OID and syntax + +id-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-ce 29 } + +CertificateIssuer ::= GeneralNames + +-- hold instruction extension OID and syntax + +id-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-ce 23 } + +HoldInstructionCode ::= OBJECT IDENTIFIER + +-- ANSI x9 holdinstructions + +-- ANSI x9 arc holdinstruction arc + +holdInstruction OBJECT IDENTIFIER ::= + {joint-iso-itu-t(2) member-body(2) us(840) x9cm(10040) 2} + +-- ANSI X9 holdinstructions referenced by this standard + +id-holdinstruction-none OBJECT IDENTIFIER ::= + {holdInstruction 1} -- deprecated + +id-holdinstruction-callissuer OBJECT IDENTIFIER ::= + {holdInstruction 2} + +id-holdinstruction-reject OBJECT IDENTIFIER ::= + {holdInstruction 3} + +-- invalidity date CRL entry extension OID and syntax + +id-ce-invalidityDate OBJECT IDENTIFIER ::= { id-ce 24 } + +InvalidityDate ::= GeneralizedTime + +END diff --git a/priv/cms/PKIXCMP-2009.asn1 b/priv/cms/PKIXCMP-2009.asn1 new file mode 100644 index 0000000..3e86c16 --- /dev/null +++ b/priv/cms/PKIXCMP-2009.asn1 @@ -0,0 +1,495 @@ +PKIXCMP-2009 + { iso(1) identified-organization(3) dod(6) internet(1) security(5) + mechanisms(5) pkix(7) id-mod(0) id-mod-cmp2000-02(50) } + DEFINITIONS EXPLICIT TAGS ::= + BEGIN + IMPORTS + + AttributeSet{}, Extensions{}, EXTENSION, ATTRIBUTE + FROM PKIX-CommonTypes-2009 + {iso(1) identified-organization(3) dod(6) internet(1) security(5) + mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57)} + + AlgorithmIdentifier{}, SIGNATURE-ALGORITHM, ALGORITHM, + DIGEST-ALGORITHM, MAC-ALGORITHM + FROM AlgorithmInformation-2009 + {iso(1) identified-organization(3) dod(6) internet(1) security(5) + mechanisms(5) pkix(7) id-mod(0) + id-mod-algorithmInformation-02(58)} + + Certificate, CertificateList + FROM PKIX1Explicit-2009 + {iso(1) identified-organization(3) dod(6) internet(1) security(5) + mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51)} + + GeneralName, KeyIdentifier + FROM PKIX1Implicit-2009 + {iso(1) identified-organization(3) dod(6) internet(1) security(5) + mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)} + + CertTemplate, PKIPublicationInfo, EncryptedValue, CertId, + CertReqMessages + FROM PKIXCRMF-2009 + { iso(1) identified-organization(3) dod(6) internet(1) security(5) + mechanisms(5) pkix(7) id-mod(0) id-mod-crmf2005-02(55) } + -- see also the behavioral clarifications to CRMF codified in + -- Appendix C of this specification + + CertificationRequest + FROM PKCS-10 + {iso(1) identified-organization(3) dod(6) internet(1) security(5) + mechanisms(5) pkix(7) id-mod(0) id-mod-pkcs10-2009(69)} + -- (specified in RFC 2986 with 1993 ASN.1 syntax and IMPLICIT + -- tags). Alternatively, implementers may directly include + -- the [PKCS10] syntax in this module + ; + + -- the rest of the module contains locally defined OIDs and + -- constructs + + CMPCertificate ::= CHOICE { x509v3PKCert Certificate, ... } + -- This syntax, while bits-on-the-wire compatible with the + -- standard X.509 definition of "Certificate", allows the + -- possibility of future certificate types (such as X.509 + -- attribute certificates, WAP WTLS certificates, or other kinds + -- of certificates) within this certificate management protocol, + -- should a need ever arise to support such generality. Those + -- implementations that do not foresee a need to ever support + -- other certificate types MAY, if they wish, comment out the + -- above structure and "uncomment" the following one prior to + -- compiling this ASN.1 module. (Note that interoperability + -- with implementations that don't do this will be unaffected by + -- this change.) + + -- CMPCertificate ::= Certificate + + PKIMessage ::= SEQUENCE { + header PKIHeader, + body PKIBody, + protection [0] PKIProtection OPTIONAL, + extraCerts [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate + OPTIONAL } + + PKIMessages ::= SEQUENCE SIZE (1..MAX) OF PKIMessage + + PKIHeader ::= SEQUENCE { + pvno INTEGER { cmp1999(1), cmp2000(2) }, + sender GeneralName, + -- identifies the sender + recipient GeneralName, + -- identifies the intended recipient + messageTime [0] GeneralizedTime OPTIONAL, + -- time of production of this message (used when sender + -- believes that the transport will be "suitable"; i.e., + -- that the time will still be meaningful upon receipt) + protectionAlg [1] AlgorithmIdentifier{ALGORITHM, {...}} + OPTIONAL, + -- algorithm used for calculation of protection bits + senderKID [2] KeyIdentifier OPTIONAL, + recipKID [3] KeyIdentifier OPTIONAL, + -- to identify specific keys used for protection + transactionID [4] OCTET STRING OPTIONAL, + -- identifies the transaction; i.e., this will be the same in + -- corresponding request, response, certConf, and PKIConf + -- messages + senderNonce [5] OCTET STRING OPTIONAL, + recipNonce [6] OCTET STRING OPTIONAL, + -- nonces used to provide replay protection, senderNonce + -- is inserted by the creator of this message; recipNonce + -- is a nonce previously inserted in a related message by + -- the intended recipient of this message + freeText [7] PKIFreeText OPTIONAL, + -- this may be used to indicate context-specific instructions + -- (this field is intended for human consumption) + generalInfo [8] SEQUENCE SIZE (1..MAX) OF + InfoTypeAndValue OPTIONAL + -- this may be used to convey context-specific information + -- (this field not primarily intended for human consumption) + } + + PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String + -- text encoded as UTF-8 String [RFC3629] (note: each + -- UTF8String MAY include an [RFC3066] language tag + -- to indicate the language of the contained text; + -- see [RFC2482] for details) + + PKIBody ::= CHOICE { -- message-specific body elements + ir [0] CertReqMessages, --Initialization Request + ip [1] CertRepMessage, --Initialization Response + cr [2] CertReqMessages, --Certification Request + cp [3] CertRepMessage, --Certification Response + p10cr [4] CertificationRequest, --imported from [PKCS10] + popdecc [5] POPODecKeyChallContent, --pop Challenge + popdecr [6] POPODecKeyRespContent, --pop Response + kur [7] CertReqMessages, --Key Update Request + kup [8] CertRepMessage, --Key Update Response + krr [9] CertReqMessages, --Key Recovery Request + krp [10] KeyRecRepContent, --Key Recovery Response + rr [11] RevReqContent, --Revocation Request + rp [12] RevRepContent, --Revocation Response + ccr [13] CertReqMessages, --Cross-Cert. Request + ccp [14] CertRepMessage, --Cross-Cert. Response + ckuann [15] CAKeyUpdAnnContent, --CA Key Update Ann. + cann [16] CertAnnContent, --Certificate Ann. + rann [17] RevAnnContent, --Revocation Ann. + crlann [18] CRLAnnContent, --CRL Announcement + pkiconf [19] PKIConfirmContent, --Confirmation + nested [20] NestedMessageContent, --Nested Message + genm [21] GenMsgContent, --General Message + genp [22] GenRepContent, --General Response + error [23] ErrorMsgContent, --Error Message + certConf [24] CertConfirmContent, --Certificate confirm + pollReq [25] PollReqContent, --Polling request + pollRep [26] PollRepContent --Polling response + } + + PKIProtection ::= BIT STRING + + ProtectedPart ::= SEQUENCE { + header PKIHeader, + body PKIBody } + + id-PasswordBasedMac OBJECT IDENTIFIER ::= { iso(1) member-body(2) + usa(840) nt(113533) nsn(7) algorithms(66) 13 } + PBMParameter ::= SEQUENCE { + salt OCTET STRING, + -- note: implementations MAY wish to limit acceptable sizes + -- of this string to values appropriate for their environment + -- in order to reduce the risk of denial-of-service attacks + owf AlgorithmIdentifier{DIGEST-ALGORITHM, {...}}, + -- AlgId for a One-Way Function (SHA-1 recommended) + iterationCount INTEGER, + -- number of times the OWF is applied + -- note: implementations MAY wish to limit acceptable sizes + -- of this integer to values appropriate for their environment + -- in order to reduce the risk of denial-of-service attacks + mac AlgorithmIdentifier{MAC-ALGORITHM, {...}} + -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11], + -- or HMAC [RFC2104, RFC2202]) + } + + id-DHBasedMac OBJECT IDENTIFIER ::= { iso(1) member-body(2) + usa(840) nt(113533) nsn(7) algorithms(66) 30 } + DHBMParameter ::= SEQUENCE { + owf AlgorithmIdentifier{DIGEST-ALGORITHM, {...}}, + -- AlgId for a One-Way Function (SHA-1 recommended) + mac AlgorithmIdentifier{MAC-ALGORITHM, {...}} + -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11], + -- or HMAC [RFC2104, RFC2202]) + } + + PKIStatus ::= INTEGER { + accepted (0), + -- you got exactly what you asked for + grantedWithMods (1), + -- you got something like what you asked for; the + -- requester is responsible for ascertaining the differences + rejection (2), + -- you don't get it, more information elsewhere in the message + waiting (3), + -- the request body part has not yet been processed; expect to + -- hear more later (note: proper handling of this status + -- response MAY use the polling req/rep PKIMessages specified + -- in Section 5.3.22; alternatively, polling in the underlying + -- transport layer MAY have some utility in this regard) + revocationWarning (4), + -- this message contains a warning that a revocation is + -- imminent + revocationNotification (5), + -- notification that a revocation has occurred + keyUpdateWarning (6) + -- update already done for the oldCertId specified in + -- CertReqMsg + } + + PKIFailureInfo ::= BIT STRING { + -- since we can fail in more than one way! + -- More codes may be added in the future if/when required. + badAlg (0), + -- unrecognized or unsupported Algorithm Identifier + badMessageCheck (1), + -- integrity check failed (e.g., signature did not verify) + badRequest (2), + -- transaction not permitted or supported + badTime (3), + -- messageTime was not sufficiently close to the system time, + -- as defined by local policy + badCertId (4), + -- no certificate could be found matching the provided criteria + badDataFormat (5), + -- the data submitted has the wrong format + wrongAuthority (6), + -- the authority indicated in the request is different from the + -- one creating the response token + incorrectData (7), + -- the requester's data is incorrect (for notary services) + missingTimeStamp (8), + -- when the timestamp is missing but should be there + -- (by policy) + badPOP (9), + -- the proof-of-possession failed + certRevoked (10), + -- the certificate has already been revoked + certConfirmed (11), + -- the certificate has already been confirmed + wrongIntegrity (12), + -- invalid integrity, password based instead of signature or + -- vice versa + badRecipientNonce (13), + -- invalid recipient nonce, either missing or wrong value + timeNotAvailable (14), + -- the TSA's time source is not available + unacceptedPolicy (15), + -- the requested TSA policy is not supported by the TSA + unacceptedExtension (16), + -- the requested extension is not supported by the TSA + addInfoNotAvailable (17), + -- the additional information requested could not be + -- understood or is not available + badSenderNonce (18), + -- invalid sender nonce, either missing or wrong size + badCertTemplate (19), + -- invalid cert. template or missing mandatory information + signerNotTrusted (20), + -- signer of the message unknown or not trusted + transactionIdInUse (21), + -- the transaction identifier is already in use + unsupportedVersion (22), + -- the version of the message is not supported + notAuthorized (23), + -- the sender was not authorized to make the preceding + -- request or perform the preceding action + systemUnavail (24), + -- the request cannot be handled due to system unavailability + systemFailure (25), + -- the request cannot be handled due to system failure + duplicateCertReq (26) + -- certificate cannot be issued because a duplicate + -- certificate already exists + } + + PKIStatusInfo ::= SEQUENCE { + status PKIStatus, + statusString PKIFreeText OPTIONAL, + failInfo PKIFailureInfo OPTIONAL } + + OOBCert ::= CMPCertificate + + OOBCertHash ::= SEQUENCE { + hashAlg [0] AlgorithmIdentifier{DIGEST-ALGORITHM, {...}} + OPTIONAL, + certId [1] CertId OPTIONAL, + hashVal BIT STRING + -- hashVal is calculated over the DER encoding of the + -- self-signed certificate with the identifier certID. + } + + POPODecKeyChallContent ::= SEQUENCE OF Challenge + -- One Challenge per encryption key certification request (in the + -- same order as these requests appear in CertReqMessages). + + Challenge ::= SEQUENCE { + owf AlgorithmIdentifier{DIGEST-ALGORITHM, {...}} + OPTIONAL, + -- MUST be present in the first Challenge; MAY be omitted in + -- any subsequent Challenge in POPODecKeyChallContent (if + -- omitted, then the owf used in the immediately preceding + -- Challenge is to be used). + witness OCTET STRING, + -- the result of applying the one-way function (owf) to a + -- randomly-generated INTEGER, A. [Note that a different + -- INTEGER MUST be used for each Challenge.] + challenge OCTET STRING + -- the encryption (under the public key for which the cert. + -- request is being made) of Rand, where Rand is specified as + -- Rand ::= SEQUENCE { + -- int INTEGER, + -- - the randomly-generated INTEGER A (above) + -- sender GeneralName + -- - the sender's name (as included in PKIHeader) + -- } + } + + POPODecKeyRespContent ::= SEQUENCE OF INTEGER + -- One INTEGER per encryption key certification request (in the + -- same order as these requests appear in CertReqMessages). The + -- retrieved INTEGER A (above) is returned to the sender of the + -- corresponding Challenge. + + CertRepMessage ::= SEQUENCE { + caPubs [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate + OPTIONAL, + response SEQUENCE OF CertResponse } + + CertResponse ::= SEQUENCE { + certReqId INTEGER, + -- to match this response with the corresponding request (a value + -- of -1 is to be used if certReqId is not specified in the + -- corresponding request) + status PKIStatusInfo, + certifiedKeyPair CertifiedKeyPair OPTIONAL, + rspInfo OCTET STRING OPTIONAL + -- analogous to the id-regInfo-utf8Pairs string defined + -- for regInfo in CertReqMsg [RFC4211] + } + + CertifiedKeyPair ::= SEQUENCE { + certOrEncCert CertOrEncCert, + privateKey [0] EncryptedValue OPTIONAL, + -- see [RFC4211] for comment on encoding + publicationInfo [1] PKIPublicationInfo OPTIONAL } + + CertOrEncCert ::= CHOICE { + certificate [0] CMPCertificate, + encryptedCert [1] EncryptedValue } + KeyRecRepContent ::= SEQUENCE { + status PKIStatusInfo, + newSigCert [0] CMPCertificate OPTIONAL, + caCerts [1] SEQUENCE SIZE (1..MAX) OF + CMPCertificate OPTIONAL, + keyPairHist [2] SEQUENCE SIZE (1..MAX) OF + CertifiedKeyPair OPTIONAL } + + RevReqContent ::= SEQUENCE OF RevDetails + + RevDetails ::= SEQUENCE { + certDetails CertTemplate, + -- allows requester to specify as much as they can about + -- the cert. for which revocation is requested + -- (e.g., for cases in which serialNumber is not available) + crlEntryDetails Extensions{{...}} OPTIONAL + -- requested crlEntryExtensions + } + + RevRepContent ::= SEQUENCE { + status SEQUENCE SIZE (1..MAX) OF PKIStatusInfo, + -- in same order as was sent in RevReqContent + revCerts [0] SEQUENCE SIZE (1..MAX) OF CertId OPTIONAL, + -- IDs for which revocation was requested + -- (same order as status) + crls [1] SEQUENCE SIZE (1..MAX) OF CertificateList OPTIONAL + -- the resulting CRLs (there may be more than one) + } + + CAKeyUpdAnnContent ::= SEQUENCE { + oldWithNew CMPCertificate, -- old pub signed with new priv + newWithOld CMPCertificate, -- new pub signed with old priv + newWithNew CMPCertificate -- new pub signed with new priv + } + + CertAnnContent ::= CMPCertificate + + RevAnnContent ::= SEQUENCE { + status PKIStatus, + certId CertId, + willBeRevokedAt GeneralizedTime, + badSinceDate GeneralizedTime, + crlDetails Extensions{{...}} OPTIONAL + -- extra CRL details (e.g., crl number, reason, location, etc.) + } + + CRLAnnContent ::= SEQUENCE OF CertificateList + PKIConfirmContent ::= NULL + + NestedMessageContent ::= PKIMessages + + INFO-TYPE-AND-VALUE ::= TYPE-IDENTIFIER + + InfoTypeAndValue ::= SEQUENCE { + infoType INFO-TYPE-AND-VALUE. + &id({SupportedInfoSet}), + infoValue INFO-TYPE-AND-VALUE. + &Type({SupportedInfoSet}{@infoType}) } + + SupportedInfoSet INFO-TYPE-AND-VALUE ::= { ... } + + -- Example InfoTypeAndValue contents include, but are not limited + -- to, the following (uncomment in this ASN.1 module and use as + -- appropriate for a given environment): + -- + -- id-it-caProtEncCert OBJECT IDENTIFIER ::= {id-it 1} + -- CAProtEncCertValue ::= CMPCertificate + -- id-it-signKeyPairTypes OBJECT IDENTIFIER ::= {id-it 2} + -- SignKeyPairTypesValue ::= SEQUENCE OF + -- AlgorithmIdentifier{{...}} + -- id-it-encKeyPairTypes OBJECT IDENTIFIER ::= {id-it 3} + -- EncKeyPairTypesValue ::= SEQUENCE OF + -- AlgorithmIdentifier{{...}} + -- id-it-preferredSymmAlg OBJECT IDENTIFIER ::= {id-it 4} + -- PreferredSymmAlgValue ::= AlgorithmIdentifier{{...}} + -- id-it-caKeyUpdateInfo OBJECT IDENTIFIER ::= {id-it 5} + -- CAKeyUpdateInfoValue ::= CAKeyUpdAnnContent + -- id-it-currentCRL OBJECT IDENTIFIER ::= {id-it 6} + -- CurrentCRLValue ::= CertificateList + -- id-it-unsupportedOIDs OBJECT IDENTIFIER ::= {id-it 7} + -- UnsupportedOIDsValue ::= SEQUENCE OF OBJECT IDENTIFIER + -- id-it-keyPairParamReq OBJECT IDENTIFIER ::= {id-it 10} + -- KeyPairParamReqValue ::= OBJECT IDENTIFIER + -- id-it-keyPairParamRep OBJECT IDENTIFIER ::= {id-it 11} + -- KeyPairParamRepValue ::= AlgorithmIdentifer + -- id-it-revPassphrase OBJECT IDENTIFIER ::= {id-it 12} + -- RevPassphraseValue ::= EncryptedValue + -- id-it-implicitConfirm OBJECT IDENTIFIER ::= {id-it 13} + -- ImplicitConfirmValue ::= NULL + -- id-it-confirmWaitTime OBJECT IDENTIFIER ::= {id-it 14} + -- ConfirmWaitTimeValue ::= GeneralizedTime + -- id-it-origPKIMessage OBJECT IDENTIFIER ::= {id-it 15} + -- OrigPKIMessageValue ::= PKIMessages + -- id-it-suppLangTags OBJECT IDENTIFIER ::= {id-it 16} + -- SuppLangTagsValue ::= SEQUENCE OF UTF8String + -- + -- where + -- + -- id-pkix OBJECT IDENTIFIER ::= { + -- iso(1) identified-organization(3) + -- dod(6) internet(1) security(5) mechanisms(5) pkix(7)} + -- and + -- id-it OBJECT IDENTIFIER ::= {id-pkix 4} + -- + -- + -- This construct MAY also be used to define new PKIX Certificate + -- Management Protocol request and response messages, or general- + -- purpose (e.g., announcement) messages for future needs or for + -- specific environments. + + GenMsgContent ::= SEQUENCE OF InfoTypeAndValue + + -- May be sent by EE, RA, or CA (depending on message content). + -- The OPTIONAL infoValue parameter of InfoTypeAndValue will + -- typically be omitted for some of the examples given above. + -- The receiver is free to ignore any contained OBJECT IDs that it + -- does not recognize. If sent from EE to CA, the empty set + -- indicates that the CA may send + -- any/all information that it wishes. + + GenRepContent ::= SEQUENCE OF InfoTypeAndValue + -- Receiver MAY ignore any contained OIDs that it does not + -- recognize. + + ErrorMsgContent ::= SEQUENCE { + pKIStatusInfo PKIStatusInfo, + errorCode INTEGER OPTIONAL, + -- implementation-specific error codes + errorDetails PKIFreeText OPTIONAL + -- implementation-specific error details + } + + CertConfirmContent ::= SEQUENCE OF CertStatus + + CertStatus ::= SEQUENCE { + certHash OCTET STRING, + -- the hash of the certificate, using the same hash algorithm + -- as is used to create and verify the certificate signature + certReqId INTEGER, + -- to match this confirmation with the corresponding req/rep + statusInfo PKIStatusInfo OPTIONAL } + + PollReqContent ::= SEQUENCE OF SEQUENCE { + certReqId INTEGER } + + PollRepContent ::= SEQUENCE OF SEQUENCE { + certReqId INTEGER, + checkAfter INTEGER, -- time in seconds + reason PKIFreeText OPTIONAL } + + END diff --git a/priv/cms/PKIXCRMF-2009.asn1 b/priv/cms/PKIXCRMF-2009.asn1 new file mode 100644 index 0000000..7e4611d --- /dev/null +++ b/priv/cms/PKIXCRMF-2009.asn1 @@ -0,0 +1,409 @@ + PKIXCRMF-2009 + {iso(1) identified-organization(3) dod(6) internet(1) security(5) + mechanisms(5) pkix(7) id-mod(0) id-mod-crmf2005-02(55)} + DEFINITIONS IMPLICIT TAGS ::= + BEGIN + IMPORTS + + AttributeSet{}, Extensions{}, EXTENSION, ATTRIBUTE, + SingleAttribute{} + FROM PKIX-CommonTypes-2009 + {iso(1) identified-organization(3) dod(6) internet(1) + security(5) mechanisms(5) pkix(7) id-mod(0) + id-mod-pkixCommon-02(57) } + + AlgorithmIdentifier{}, SIGNATURE-ALGORITHM, ALGORITHM, + DIGEST-ALGORITHM, MAC-ALGORITHM, PUBLIC-KEY + FROM AlgorithmInformation-2009 + {iso(1) identified-organization(3) dod(6) internet(1) security(5) + mechanisms(5) pkix(7) id-mod(0) + id-mod-algorithmInformation-02(58)} + + Version, Name, Time, SubjectPublicKeyInfo, UniqueIdentifier, id-pkix, + SignatureAlgorithms + FROM PKIX1Explicit-2009 + {iso(1) identified-organization(3) dod(6) internet(1) security(5) + mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51)} + + GeneralName, CertExtensions + FROM PKIX1Implicit-2009 + {iso(1) identified-organization(3) dod(6) internet(1) security(5) + mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59)} + + EnvelopedData, CONTENT-TYPE + FROM CryptographicMessageSyntax-2009 + { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) + smime(16) modules(0) id-mod-cms-2004-02(41)} + maca-hMAC-SHA1 + FROM CryptographicMessageSyntaxAlgorithms-2009 + { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) + smime(16) modules(0) id-mod-cmsalg-2001-02(37) } + + mda-sha1 + FROM PKIXAlgs-2009 + { iso(1) identified-organization(3) dod(6) + internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) + id-mod-pkix1-algorithms2008-02(56) } ; + + -- arc for Internet X.509 PKI protocols and their components + + id-pkip OBJECT IDENTIFIER ::= { id-pkix 5 } + + id-smime OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs9(9) 16 } + + id-ct OBJECT IDENTIFIER ::= { id-smime 1 } -- content types + + -- Core definitions for this module + + CertReqMessages ::= SEQUENCE SIZE (1..MAX) OF CertReqMsg + + CertReqMsg ::= SEQUENCE { + certReq CertRequest, + popo ProofOfPossession OPTIONAL, + -- content depends upon key type + regInfo SEQUENCE SIZE(1..MAX) OF + SingleAttribute{{RegInfoSet}} OPTIONAL } + + CertRequest ::= SEQUENCE { + certReqId INTEGER, + -- ID for matching request and reply + certTemplate CertTemplate, + -- Selected fields of cert to be issued + controls Controls OPTIONAL } + -- Attributes affecting issuance + + CertTemplate ::= SEQUENCE { + version [0] Version OPTIONAL, + serialNumber [1] INTEGER OPTIONAL, + signingAlg [2] AlgorithmIdentifier{SIGNATURE-ALGORITHM, + {SignatureAlgorithms}} OPTIONAL, + issuer [3] Name OPTIONAL, + validity [4] OptionalValidity OPTIONAL, + subject [5] Name OPTIONAL, + publicKey [6] SubjectPublicKeyInfo OPTIONAL, + issuerUID [7] UniqueIdentifier OPTIONAL, + subjectUID [8] UniqueIdentifier OPTIONAL, + extensions [9] Extensions{{CertExtensions}} OPTIONAL } + + OptionalValidity ::= SEQUENCE { + notBefore [0] Time OPTIONAL, + notAfter [1] Time OPTIONAL } -- at least one MUST be present + + Controls ::= SEQUENCE SIZE(1..MAX) OF SingleAttribute + {{RegControlSet}} + + ProofOfPossession ::= CHOICE { + raVerified [0] NULL, + -- used if the RA has already verified that the requester is in + -- possession of the private key + signature [1] POPOSigningKey, + keyEncipherment [2] POPOPrivKey, + keyAgreement [3] POPOPrivKey } + + POPOSigningKey ::= SEQUENCE { + poposkInput [0] POPOSigningKeyInput OPTIONAL, + algorithmIdentifier AlgorithmIdentifier{SIGNATURE-ALGORITHM, + {SignatureAlgorithms}}, + signature BIT STRING } + -- The signature (using "algorithmIdentifier") is on the + -- DER-encoded value of poposkInput. NOTE: If the CertReqMsg + -- certReq CertTemplate contains the subject and publicKey values, + -- then poposkInput MUST be omitted and the signature MUST be + -- computed over the DER-encoded value of CertReqMsg certReq. If + -- the CertReqMsg certReq CertTemplate does not contain both the + -- public key and subject values (i.e., if it contains only one + -- of these, or neither), then poposkInput MUST be present and + -- MUST be signed. + + POPOSigningKeyInput ::= SEQUENCE { + authInfo CHOICE { + sender [0] GeneralName, + -- used only if an authenticated identity has been + -- established for the sender (e.g., a DN from a + -- previously-issued and currently-valid certificate) + publicKeyMAC PKMACValue }, + -- used if no authenticated GeneralName currently exists for + -- the sender; publicKeyMAC contains a password-based MAC + -- on the DER-encoded value of publicKey + publicKey SubjectPublicKeyInfo } -- from CertTemplate + + PKMACValue ::= SEQUENCE { + algId AlgorithmIdentifier{MAC-ALGORITHM, + {Password-MACAlgorithms}}, + value BIT STRING } + + -- + -- Define the currently only acceptable MAC algorithm to be used + -- for the PKMACValue structure + -- + + id-PasswordBasedMac OBJECT IDENTIFIER ::= { iso(1) member-body(2) + usa(840) nt(113533) nsn(7) algorithms(66) 13 } + + Password-MACAlgorithms MAC-ALGORITHM ::= { + {IDENTIFIER id-PasswordBasedMac + PARAMS TYPE PBMParameter ARE required + IS-KEYED-MAC TRUE + }, ... + } + + PBMParameter ::= SEQUENCE { + salt OCTET STRING, + owf AlgorithmIdentifier{DIGEST-ALGORITHM, + {DigestAlgorithms}}, + -- AlgId for a One-Way Function (SHA-1 recommended) + iterationCount INTEGER, + -- number of times the OWF is applied + mac AlgorithmIdentifier{MAC-ALGORITHM, + {MACAlgorithms}} + -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC, or HMAC + } + + DigestAlgorithms DIGEST-ALGORITHM ::= { + mda-sha1, ... + } + + MACAlgorithms MAC-ALGORITHM ::= { + -- The modules containing the ASN.1 for the DES and 3DES MAC + -- algorithms have not been updated at the time that this is + -- being published. Users of this module should define the + -- appropriate MAC-ALGORITHM objects and uncomment the + -- following lines if they support these MAC algorithms. + -- maca-des-mac | maca-3des-mac -- + maca-hMAC-SHA1, + ... + } + + POPOPrivKey ::= CHOICE { + thisMessage [0] BIT STRING, -- Deprecated + -- possession is proven in this message (which contains + -- the private key itself (encrypted for the CA)) + subsequentMessage [1] SubsequentMessage, + -- possession will be proven in a subsequent message + dhMAC [2] BIT STRING, -- Deprecated + agreeMAC [3] PKMACValue, + encryptedKey [4] EnvelopedData } + -- for keyAgreement (only), possession is proven in this message + -- (which contains a MAC (over the DER-encoded value of the + -- certReq parameter in CertReqMsg, which MUST include both + -- subject and publicKey) based on a key derived from the end + -- entity's private DH key and the CA's public DH key); + + SubsequentMessage ::= INTEGER { + encrCert (0), + -- requests that resulting certificate be encrypted for the + -- end entity (following which, POP will be proven in a + -- confirmation message) + challengeResp (1) } + -- requests that CA engage in challenge-response exchange with + -- end entity in order to prove private key possession + + -- + -- id-ct-encKeyWithID content type used as the content type for the + -- EnvelopedData in POPOPrivKey. + -- It contains both a private key and an identifier for key escrow + -- agents to check against recovery requestors. + -- + + ct-encKeyWithID CONTENT-TYPE ::= + { EncKeyWithID IDENTIFIED BY id-ct-encKeyWithID } + + id-ct-encKeyWithID OBJECT IDENTIFIER ::= {id-ct 21} + + EncKeyWithID ::= SEQUENCE { + privateKey PrivateKeyInfo, + identifier CHOICE { + string UTF8String, + generalName GeneralName + } OPTIONAL + } + + PrivateKeyInfo ::= SEQUENCE { + version INTEGER, + privateKeyAlgorithm AlgorithmIdentifier{PUBLIC-KEY, {...}}, + privateKey OCTET STRING, + -- Structure of public key is in PUBLIC-KEY.&PrivateKey + attributes [0] IMPLICIT Attributes OPTIONAL + } + + Attributes ::= SET OF AttributeSet{{PrivateKeyAttributes}} + PrivateKeyAttributes ATTRIBUTE ::= {...} + + -- + -- 6. Registration Controls in CRMF + -- + + id-regCtrl OBJECT IDENTIFIER ::= { id-pkip 1 } + + RegControlSet ATTRIBUTE ::= { + regCtrl-regToken | regCtrl-authenticator | + regCtrl-pkiPublicationInfo | regCtrl-pkiArchiveOptions | + regCtrl-oldCertID | regCtrl-protocolEncrKey, ... } + + -- + -- 6.1. Registration Token Control + -- + + regCtrl-regToken ATTRIBUTE ::= + { TYPE RegToken IDENTIFIED BY id-regCtrl-regToken } + + id-regCtrl-regToken OBJECT IDENTIFIER ::= { id-regCtrl 1 } + + RegToken ::= UTF8String + + -- + -- 6.2. Authenticator Control + -- + + regCtrl-authenticator ATTRIBUTE ::= + { TYPE Authenticator IDENTIFIED BY id-regCtrl-authenticator } + + id-regCtrl-authenticator OBJECT IDENTIFIER ::= { id-regCtrl 2 } + + Authenticator ::= UTF8String + + -- + -- 6.3. Publication Information Control + -- + + regCtrl-pkiPublicationInfo ATTRIBUTE ::= + { TYPE PKIPublicationInfo IDENTIFIED BY + id-regCtrl-pkiPublicationInfo } + + id-regCtrl-pkiPublicationInfo OBJECT IDENTIFIER ::= { id-regCtrl 3 } + + PKIPublicationInfo ::= SEQUENCE { + action INTEGER { + dontPublish (0), + pleasePublish (1) }, + pubInfos SEQUENCE SIZE (1..MAX) OF SinglePubInfo OPTIONAL } + -- pubInfos MUST NOT be present if action is "dontPublish" + -- (if action is "pleasePublish" and pubInfos is omitted, + -- "dontCare" is assumed) + + SinglePubInfo ::= SEQUENCE { + pubMethod INTEGER { + dontCare (0), + x500 (1), + web (2), + ldap (3) }, + pubLocation GeneralName OPTIONAL } + + -- + -- 6.4. Archive Options Control + -- + + regCtrl-pkiArchiveOptions ATTRIBUTE ::= + { TYPE PKIArchiveOptions IDENTIFIED BY + id-regCtrl-pkiArchiveOptions } + + id-regCtrl-pkiArchiveOptions OBJECT IDENTIFIER ::= { id-regCtrl 4 } + + PKIArchiveOptions ::= CHOICE { + encryptedPrivKey [0] EncryptedKey, + -- the actual value of the private key + keyGenParameters [1] KeyGenParameters, + -- parameters that allow the private key to be re-generated + archiveRemGenPrivKey [2] BOOLEAN } + -- set to TRUE if sender wishes receiver to archive the private + -- key of a key pair that the receiver generates in response to + -- this request; set to FALSE if no archive is desired. + + EncryptedKey ::= CHOICE { + encryptedValue EncryptedValue, -- Deprecated + envelopedData [0] EnvelopedData } + -- The encrypted private key MUST be placed in the envelopedData + -- encryptedContentInfo encryptedContent OCTET STRING. + + -- + -- We skipped doing the full constraints here since this structure + -- has been deprecated in favor of EnvelopedData + -- + + EncryptedValue ::= SEQUENCE { + intendedAlg [0] AlgorithmIdentifier{ALGORITHM, {...}} OPTIONAL, + -- the intended algorithm for which the value will be used + symmAlg [1] AlgorithmIdentifier{ALGORITHM, {...}} OPTIONAL, + -- the symmetric algorithm used to encrypt the value + encSymmKey [2] BIT STRING OPTIONAL, + -- the (encrypted) symmetric key used to encrypt the value + keyAlg [3] AlgorithmIdentifier{ALGORITHM, {...}} OPTIONAL, + -- algorithm used to encrypt the symmetric key + valueHint [4] OCTET STRING OPTIONAL, + -- a brief description or identifier of the encValue content + -- (may be meaningful only to the sending entity, and used only + -- if EncryptedValue might be re-examined by the sending entity + -- in the future) + encValue BIT STRING } + -- the encrypted value itself + -- When EncryptedValue is used to carry a private key (as opposed to + -- a certificate), implementations MUST support the encValue field + -- containing an encrypted PrivateKeyInfo as defined in [PKCS11], + -- section 12.11. If encValue contains some other format/encoding + -- for the private key, the first octet of valueHint MAY be used + -- to indicate the format/encoding (but note that the possible values + -- of this octet are not specified at this time). In all cases, the + -- intendedAlg field MUST be used to indicate at least the OID of + -- the intended algorithm of the private key, unless this information + -- is known a priori to both sender and receiver by some other means. + + KeyGenParameters ::= OCTET STRING + + -- + -- 6.5. OldCert ID Control + -- + + regCtrl-oldCertID ATTRIBUTE ::= + { TYPE OldCertId IDENTIFIED BY id-regCtrl-oldCertID } + + id-regCtrl-oldCertID OBJECT IDENTIFIER ::= { id-regCtrl 5 } + + OldCertId ::= CertId + + CertId ::= SEQUENCE { + issuer GeneralName, + serialNumber INTEGER } + + -- + -- 6.6. Protocol Encryption Key Control + -- + + regCtrl-protocolEncrKey ATTRIBUTE ::= + { TYPE ProtocolEncrKey IDENTIFIED BY id-regCtrl-protocolEncrKey } + id-regCtrl-protocolEncrKey OBJECT IDENTIFIER ::= { id-regCtrl 6 } + + ProtocolEncrKey ::= SubjectPublicKeyInfo + + -- + -- 7. Registration Info in CRMF + -- + + id-regInfo OBJECT IDENTIFIER ::= { id-pkip 2 } + + RegInfoSet ATTRIBUTE ::= + { regInfo-utf8Pairs | regInfo-certReq } + + -- + -- 7.1. utf8Pairs RegInfo Control + -- + + regInfo-utf8Pairs ATTRIBUTE ::= + { TYPE UTF8Pairs IDENTIFIED BY id-regInfo-utf8Pairs } + + id-regInfo-utf8Pairs OBJECT IDENTIFIER ::= { id-regInfo 1 } + --with syntax + UTF8Pairs ::= UTF8String + + -- + -- 7.2. certReq RegInfo Control + -- + + regInfo-certReq ATTRIBUTE ::= + { TYPE CertReq IDENTIFIED BY id-regInfo-certReq } + + id-regInfo-certReq OBJECT IDENTIFIER ::= { id-regInfo 2 } + --with syntax + CertReq ::= CertRequest + + END \ No newline at end of file diff --git a/priv/cms/Raster-Gr-Coding-Attributes.asn1 b/priv/cms/Raster-Gr-Coding-Attributes.asn1 new file mode 100644 index 0000000..07364b5 --- /dev/null +++ b/priv/cms/Raster-Gr-Coding-Attributes.asn1 @@ -0,0 +1,70 @@ +Raster-Gr-Coding-Attributes {2 8 1 7 3} DEFINITIONS ::= +BEGIN + +EXPORTS + Raster-Gr-Coding-Attributes, Compression, Tile-Type, + Bits-Per-Colour-Component, Subsampling; + +IMPORTS Coordinate-Pair + FROM Raster-Gr-Presentation-Attributes {2 8 1 7 2}; + +Raster-Gr-Coding-Attributes ::= SET { + number-of-pels-per-line [0] IMPLICIT INTEGER OPTIONAL, + number-of-lines [1] IMPLICIT INTEGER OPTIONAL, + compression [2] IMPLICIT Compression OPTIONAL, + number-of-discarded-pels [3] IMPLICIT INTEGER OPTIONAL, + bits-per-colour-component [4] Bits-Per-Colour-Component OPTIONAL, + interleaving-format + [5] IMPLICIT INTEGER {pel(0), line(1), plane(2), stripe(3)} OPTIONAL, + number-of-pels-per-tile-line [6] IMPLICIT INTEGER OPTIONAL, + number-of-lines-per-tile [7] IMPLICIT INTEGER OPTIONAL, + tiling-offset [8] IMPLICIT Coordinate-Pair OPTIONAL, + tile-types [9] IMPLICIT SEQUENCE OF Tile-Type OPTIONAL, + subsampling [10] IMPLICIT Subsampling OPTIONAL, + jpeg-coding-mode + [11] IMPLICIT INTEGER {-- Huffman coding + baseline(0), huffman-extended-sequential-DCT(1), + huffman-progressive-DCT(2), + huffman-spatial-lossless(3), + -- arithmetic coding + arithmetic-extended-sequential-DCT(9), + arithmetic-progressive-DCT(10), + arithmetic-spatial-lossless(11)}, + jpeg-quantization-table + [12] IMPLICIT INTEGER {associated(0), default(1)} OPTIONAL, + jpeg-huffman-table + [13] IMPLICIT INTEGER {associated(0), preferred(1)}, + -- basic and default value is "associated". + jbig-differential-layer + [17] IMPLICIT INTEGER {dl-not-present(0), dl-encoded-without-tp-and-dp(1), + dl-encoded-with-tp(2), dl-encoded-with-dp(3), + dl-encoded-with-dp-and-private-dp-table(4), + dl-encoded-with-tp-and-dp(5), + dl-encoded-with-tp-dp-and-private-dp-table(6)} + OPTIONAL, + number-of-lines-per-stripe [18] IMPLICIT INTEGER OPTIONAL +} + +Compression ::= INTEGER {uncompressed(0), compressed(1)} + +Tile-Type ::= INTEGER { + null-background(0), null-foreground(1), t6-encoded(2), + t4-one-dimensional-encoded(3), t4-two-dimensional-encoded(4), + bitmap-encoded(5), t6-encoded-msb(6), t4-one-dimensional-encoded-msb(7), + t4-two-dimensional-encoded-msb(8), jbig-bits-per-component-eq-1(9), + jpeg(10), jbig-bits-per-component-gr-1(11)} + +Bits-Per-Colour-Component ::= CHOICE { + single-integer INTEGER, + component-list SEQUENCE OF INTEGER +} + +Subsampling ::= OCTET STRING + +-- The value OCTET STRING shall be chosen from the +-- following table: +-- Semantic Meaning JPEG notations Octet strings +-- 4:1:1 ((2,2),(1,1),(1,1)) '221111'H +-- 2:1:1 or 4:2:2 ((2,1),(1,1),(1,1)) '211111'H +-- 1:1:1 ((1,1),(1,1),(1,1)) '111111'H +END diff --git a/priv/cms/Raster-Gr-Presentation-Attributes.asn1 b/priv/cms/Raster-Gr-Presentation-Attributes.asn1 new file mode 100644 index 0000000..202aa49 --- /dev/null +++ b/priv/cms/Raster-Gr-Presentation-Attributes.asn1 @@ -0,0 +1,87 @@ +Raster-Gr-Presentation-Attributes {2 8 1 7 2} DEFINITIONS ::= +BEGIN + +EXPORTS + Raster-Graphics-Attributes, Clipping, Measure-Pair, One-Of-Four-Angles, + One-Of-Two-Angles, Pel-Transmission-Density, Pel-Spacing, Spacing-Ratio, + Image-Dimensions, Coordinate-Pair; + +Raster-Graphics-Attributes ::= SET { + pel-path [0] IMPLICIT One-Of-Four-Angles OPTIONAL, + line-progression [1] IMPLICIT One-Of-Two-Angles OPTIONAL, + pel-transmission-density [2] IMPLICIT Pel-Transmission-Density OPTIONAL, + initial-offset [3] IMPLICIT Measure-Pair OPTIONAL, + clipping [4] IMPLICIT Clipping OPTIONAL, + pel-spacing [5] Pel-Spacing OPTIONAL, + spacing-ratio [6] IMPLICIT Spacing-Ratio OPTIONAL, + image-dimensions [7] Image-Dimensions OPTIONAL +} + +One-Of-Four-Angles ::= INTEGER { + d0(0), -- d0 + d90(1), -- d90 + d180(2), --d180 + d270(3) -- d270--} + +One-Of-Two-Angles ::= INTEGER {d90(1), -- d90 + d270(3) -- d270 --} + +Pel-Transmission-Density ::= INTEGER { + p5(2), -- 5 BMU (240 pels/25.4 mm) + p4(3), -- 4 BMU (300 pels/25.4 mm) + p3(4), -- 3 BMU (400 pels/25.4 mm) + p2(5), -- 2 BMU (600 pels/25.4 mm) + p1(6), -- 1 BMU (1200 pels/25.4 mm) + colour-grey-scale-p12(10), -- 12 BMU (100 pels/25.4 mm) + colour-grey-scale-p6(11), -- 6 BMU (200 pels/25.4 mm) + colour-grey-scale-p4(13), -- 4 BMU (300 pels/25.4 mm) + colour-grey-scale-p3(14), -- 3 BMU (400 pels/25.4 mm) + colour-grey-scale-p2(15), -- 2 BMU (600 pels/25.4 mm) + colour-grey-scale-p1(16), -- 1 BMU (1200 pels/25.4 mm) + p6(1)} -- 6 BMU (200 pels/25.4 mm) + +-- default and basic value is p6 (1) +Measure-Pair ::= SEQUENCE { + horizontal [0] IMPLICIT INTEGER, + vertical [0] IMPLICIT INTEGER +} + +Clipping ::= SEQUENCE { + first-coordinate-pair [0] IMPLICIT Coordinate-Pair OPTIONAL, + second-coordinate-pair [1] IMPLICIT Coordinate-Pair OPTIONAL +} + +Coordinate-Pair ::= SEQUENCE {x-coordinate INTEGER, + y-coordinate INTEGER +} + +Pel-Spacing ::= CHOICE { + spacing + [0] IMPLICIT SEQUENCE {length [0] INTEGER, + pel-spaces [0] INTEGER}, + null [1] IMPLICIT NULL +} + +Spacing-Ratio ::= SEQUENCE { + line-spacing-value INTEGER, + pel-spacing-value INTEGER +} + +Image-Dimensions ::= CHOICE { + width-controlled + [0] IMPLICIT SEQUENCE {minimum-width [0] INTEGER, + preferred-width [0] INTEGER}, + height-controlled + [1] IMPLICIT SEQUENCE {minimum-height INTEGER, + preferred-height INTEGER}, + area-controlled + [2] IMPLICIT SEQUENCE {minimum-width INTEGER, + preferred-width INTEGER, + minimum-height INTEGER, + preferred-height INTEGER, + aspect-ratio-flag INTEGER {fixed(0), variable(1)} + }, + automatic [3] IMPLICIT NULL +} + +END diff --git a/priv/cms/SMIMESymmetricKeyDistribution-2009.asn1 b/priv/cms/SMIMESymmetricKeyDistribution-2009.asn1 new file mode 100644 index 0000000..adb0dc3 --- /dev/null +++ b/priv/cms/SMIMESymmetricKeyDistribution-2009.asn1 @@ -0,0 +1,358 @@ + SMIMESymmetricKeyDistribution-2009 + {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) + smime(16) modules(0) id-mod-symkeydist-02(36)} + DEFINITIONS IMPLICIT TAGS ::= + BEGIN + EXPORTS ALL; + IMPORTS + + AlgorithmIdentifier{}, ALGORITHM, DIGEST-ALGORITHM, KEY-WRAP, + SMIMECapability{}, SMIMECapabilities{}, SMIME-CAPS + FROM AlgorithmInformation-2009 + {iso(1) identified-organization(3) dod(6) internet(1) security(5) + mechanisms(5) pkix(7) id-mod(0) + id-mod-algorithmInformation-02(58)} + + GeneralName + FROM PKIX1Implicit-2009 + { iso(1) identified-organization(3) dod(6) internet(1) security(5) + mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59) } + + Certificate + FROM PKIX1Explicit-2009 + { iso(1) identified-organization(3) dod(6) internet(1) security(5) + mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51) } + + RecipientInfos, KEKIdentifier,CertificateSet + FROM CryptographicMessageSyntax-2009 + {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) + smime(16) modules(0) id-mod-cms-2004-02(41) } + + cap-3DESwrap + FROM CryptographicMessageSyntaxAlgorithms-2009 + { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) + smime(16) modules(0) id-mod-cmsalg-2001-02(37) } + + AttributeCertificate + FROM PKIXAttributeCertificate-2009 + { iso(1) identified-organization(3) dod(6) internet(1) security(5) + mechanisms(5) pkix(7) id-mod(0) id-mod-attribute-cert-02(47) } + + CMC-CONTROL, EXTENDED-FAILURE-INFO + FROM EnrollmentMessageSyntax-2009 + { iso(1) identified-organization(3) dod(6) internet(1) security(5) + mechanisms(5) pkix(7) id-mod(0) id-mod-cmc2002-02(53) } + + kwa-aes128-wrap, kwa-aes192-wrap, kwa-aes256-wrap + FROM CMSAesRsaesOaep-2009 + { iso(1) member-body(2) us(840) rsadsi(113549) + pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-aes-02(38) } ; + + -- This defines the group list (GL symmetric key distribution OID arc + id-skd OBJECT IDENTIFIER ::= + { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) + smime(16) skd(8) } + + SKD-ControlSet CMC-CONTROL ::= { + skd-glUseKEK | skd-glDelete | skd-glAddMember | + skd-glDeleteMember | skd-glRekey | skd-glAddOwner | + skd-glRemoveOwner | skd-glKeyCompromise | + skd-glkRefresh | skd-glaQueryRequest | skd-glProvideCert | + skd-glManageCert | skd-glKey, ... } + + -- This defines the GL Use KEK control attribute + + skd-glUseKEK CMC-CONTROL ::= + { GLUseKEK IDENTIFIED BY id-skd-glUseKEK } + + id-skd-glUseKEK OBJECT IDENTIFIER ::= { id-skd 1} + + GLUseKEK ::= SEQUENCE { + glInfo GLInfo, + glOwnerInfo SEQUENCE SIZE (1..MAX) OF GLOwnerInfo, + glAdministration GLAdministration DEFAULT managed, + glKeyAttributes GLKeyAttributes OPTIONAL + } + + GLInfo ::= SEQUENCE { + glName GeneralName, + glAddress GeneralName + } + + GLOwnerInfo ::= SEQUENCE { + glOwnerName GeneralName, + glOwnerAddress GeneralName, + certificates Certificates OPTIONAL + } + + GLAdministration ::= INTEGER { + unmanaged (0), + managed (1), + closed (2) + } + + -- + -- The advertised set of algorithm capabilities for the document + -- + + SKD-Caps SMIME-CAPS ::= { + cap-3DESwrap | kwa-aes128-wrap.&smimeCaps | + kwa-aes192-wrap.&smimeCaps | kwa-aes256-wrap.&smimeCaps, ... + } + + cap-aes128-cbc KeyWrapAlgorithm ::= + { capabilityID kwa-aes128-wrap.&smimeCaps.&id } + + -- + -- The set of key wrap algorithms supported by this specification + -- + + KeyWrapAlgorithm ::= SMIMECapability{{SKD-Caps}} + + GLKeyAttributes ::= SEQUENCE { + rekeyControlledByGLO [0] BOOLEAN DEFAULT FALSE, + recipientsNotMutuallyAware [1] BOOLEAN DEFAULT TRUE, + duration [2] INTEGER DEFAULT 0, + generationCounter [3] INTEGER DEFAULT 2, + requestedAlgorithm [4] KeyWrapAlgorithm + DEFAULT cap-aes128-cbc + } + + -- This defines the Delete GL control attribute. + -- It has the simple type GeneralName. + + skd-glDelete CMC-CONTROL ::= + { DeleteGL IDENTIFIED BY id-skd-glDelete } + + id-skd-glDelete OBJECT IDENTIFIER ::= { id-skd 2} + DeleteGL ::= GeneralName + + -- This defines the Add GL Member control attribute + + skd-glAddMember CMC-CONTROL ::= + { GLAddMember IDENTIFIED BY id-skd-glAddMember } + + id-skd-glAddMember OBJECT IDENTIFIER ::= { id-skd 3} + GLAddMember ::= SEQUENCE { + glName GeneralName, + glMember GLMember + } + + GLMember ::= SEQUENCE { + glMemberName GeneralName, + glMemberAddress GeneralName OPTIONAL, + certificates Certificates OPTIONAL + } + + Certificates ::= SEQUENCE { + pKC [0] Certificate OPTIONAL, + -- See RFC 5280 + aC [1] SEQUENCE SIZE (1.. MAX) OF + AttributeCertificate OPTIONAL, + -- See RFC 3281 + certPath [2] CertificateSet OPTIONAL + -- From RFC 3852 + } + + -- This defines the Delete GL Member control attribute + + skd-glDeleteMember CMC-CONTROL ::= + { GLDeleteMember IDENTIFIED BY id-skd-glDeleteMember } + + id-skd-glDeleteMember OBJECT IDENTIFIER ::= { id-skd 4} + + GLDeleteMember ::= SEQUENCE { + glName GeneralName, + glMemberToDelete GeneralName + } + + -- This defines the Delete GL Member control attribute + + skd-glRekey CMC-CONTROL ::= + { GLRekey IDENTIFIED BY id-skd-glRekey } + + id-skd-glRekey OBJECT IDENTIFIER ::= { id-skd 5} + + GLRekey ::= SEQUENCE { + glName GeneralName, + glAdministration GLAdministration OPTIONAL, + glNewKeyAttributes GLNewKeyAttributes OPTIONAL, + glRekeyAllGLKeys BOOLEAN OPTIONAL + } + + GLNewKeyAttributes ::= SEQUENCE { + rekeyControlledByGLO [0] BOOLEAN OPTIONAL, + recipientsNotMutuallyAware [1] BOOLEAN OPTIONAL, + duration [2] INTEGER OPTIONAL, + generationCounter [3] INTEGER OPTIONAL, + requestedAlgorithm [4] KeyWrapAlgorithm OPTIONAL + } + + -- This defines the Add and Delete GL Owner control attributes + + skd-glAddOwner CMC-CONTROL ::= + { GLOwnerAdministration IDENTIFIED BY id-skd-glAddOwner } + id-skd-glAddOwner OBJECT IDENTIFIER ::= { id-skd 6} + + skd-glRemoveOwner CMC-CONTROL ::= + { GLOwnerAdministration IDENTIFIED BY id-skd-glRemoveOwner } + + id-skd-glRemoveOwner OBJECT IDENTIFIER ::= { id-skd 7} + + GLOwnerAdministration ::= SEQUENCE { + glName GeneralName, + glOwnerInfo GLOwnerInfo + } + + -- This defines the GL Key Compromise control attribute. + -- It has the simple type GeneralName. + + skd-glKeyCompromise CMC-CONTROL ::= + { GLKCompromise IDENTIFIED BY id-skd-glKeyCompromise } + + id-skd-glKeyCompromise OBJECT IDENTIFIER ::= { id-skd 8} + GLKCompromise ::= GeneralName + + -- This defines the GL Key Refresh control attribute. + + skd-glkRefresh CMC-CONTROL ::= + { GLKRefresh IDENTIFIED BY id-skd-glkRefresh } + + id-skd-glkRefresh OBJECT IDENTIFIER ::= { id-skd 9} + + GLKRefresh ::= SEQUENCE { + glName GeneralName, + dates SEQUENCE SIZE (1..MAX) OF Date + } + + Date ::= SEQUENCE { + start GeneralizedTime, + end GeneralizedTime OPTIONAL + } + + -- This defines the GLA Query Request control attribute. + + skd-glaQueryRequest CMC-CONTROL ::= + { GLAQueryRequest IDENTIFIED BY id-skd-glaQueryRequest } + + id-skd-glaQueryRequest OBJECT IDENTIFIER ::= { id-skd 11} + + SKD-QUERY ::= TYPE-IDENTIFIER + + SkdQuerySet SKD-QUERY ::= {skd-AlgRequest, ...} + GLAQueryRequest ::= SEQUENCE { + glaRequestType SKD-QUERY.&id ({SkdQuerySet}), + glaRequestValue SKD-QUERY. + &Type ({SkdQuerySet}{@glaRequestType}) + } + + -- This defines the GLA Query Response control attribute. + + skd-glaQueryResponse CMC-CONTROL ::= + { GLAQueryResponse IDENTIFIED BY id-skd-glaQueryResponse } + + id-skd-glaQueryResponse OBJECT IDENTIFIER ::= { id-skd 12} + + SKD-RESPONSE ::= TYPE-IDENTIFIER + + SkdResponseSet SKD-RESPONSE ::= {skd-AlgResponse, ...} + + GLAQueryResponse ::= SEQUENCE { + glaResponseType SKD-RESPONSE. + &id({SkdResponseSet}), + glaResponseValue SKD-RESPONSE. + &Type({SkdResponseSet}{@glaResponseType})} + + -- This defines the GLA Request/Response (glaRR) arc for + -- glaRequestType/glaResponseType. + + id-cmc-glaRR OBJECT IDENTIFIER ::= + { iso(1) identified-organization(3) dod(6) internet(1) security(5) + mechanisms(5) pkix(7) cmc(7) glaRR(99) } + + -- This defines the Algorithm Request + + skd-AlgRequest SKD-QUERY ::= { + SKDAlgRequest IDENTIFIED BY id-cmc-gla-skdAlgRequest + } + + id-cmc-gla-skdAlgRequest OBJECT IDENTIFIER ::= { id-cmc-glaRR 1 } + SKDAlgRequest ::= NULL + + -- This defines the Algorithm Response + + skd-AlgResponse SKD-RESPONSE ::= { + SMIMECapability{{SKD-Caps}} IDENTIFIED BY + id-cmc-gla-skdAlgResponse + } + + id-cmc-gla-skdAlgResponse OBJECT IDENTIFIER ::= { id-cmc-glaRR 2 } + -- Note that the response for algorithmSupported request is the + -- smimeCapabilities attribute as defined in RFC 3851. + + -- This defines the control attribute to request an updated + -- certificate to the GLA. + + skd-glProvideCert CMC-CONTROL ::= + { GLManageCert IDENTIFIED BY id-skd-glProvideCert } + + id-skd-glProvideCert OBJECT IDENTIFIER ::= { id-skd 13} + + GLManageCert ::= SEQUENCE { + glName GeneralName, + glMember GLMember + } + + -- This defines the control attribute to return an updated + -- certificate to the GLA. It has the type GLManageCert. + + skd-glManageCert CMC-CONTROL ::= + { GLManageCert IDENTIFIED BY id-skd-glManageCert } + + id-skd-glManageCert OBJECT IDENTIFIER ::= { id-skd 14} + + -- This defines the control attribute to distribute the GL shared + -- KEK. + + skd-glKey CMC-CONTROL ::= + { GLKey IDENTIFIED BY id-skd-glKey } + + id-skd-glKey OBJECT IDENTIFIER ::= { id-skd 15} + + GLKey ::= SEQUENCE { + glName GeneralName, + glIdentifier KEKIdentifier, -- See RFC 3852 + glkWrapped RecipientInfos, -- See RFC 3852 + glkAlgorithm KeyWrapAlgorithm, + glkNotBefore GeneralizedTime, + glkNotAfter GeneralizedTime + } + + -- This defines the CMC error types + + skd-ExtendedFailures EXTENDED-FAILURE-INFO ::= { + SKDFailInfo IDENTIFIED BY id-cet-skdFailInfo + } + + id-cet-skdFailInfo OBJECT IDENTIFIER ::= + { iso(1) identified-organization(3) dod(6) internet(1) security(5) + mechanisms(5) pkix(7) cet(15) skdFailInfo(1) } + + SKDFailInfo ::= INTEGER { + unspecified (0), + closedGL (1), + unsupportedDuration (2), + noGLACertificate (3), + invalidCert (4), + unsupportedAlgorithm (5), + noGLONameMatch (6), + invalidGLName (7), + nameAlreadyInUse (8), + noSpam (9), + deniedAccess (10), + alreadyAMember (11), + notAMember (12), + alreadyAnOwner (13), + notAnOwner (14) } + + END diff --git a/priv/cms/SelectedAttributeTypes.asn1 b/priv/cms/SelectedAttributeTypes.asn1 index 07bba30..29e9dcc 100644 --- a/priv/cms/SelectedAttributeTypes.asn1 +++ b/priv/cms/SelectedAttributeTypes.asn1 @@ -19,9 +19,9 @@ IMPORTS CONTEXT, ContextAssertion, AttributeCombination, ContextCombination, MAPPING-BASED-MATCHING, MRMapping, AttributeValueAssertion FROM InformationFramework informationFramework - G3FacsimileNonBasicParameters - FROM MTSAbstractService {joint-iso-itu-t mhs(6) mts(3) modules(0) - mts-abstract-service(1) version-1999(1)} +-- G3FacsimileNonBasicParameters +-- FROM MTSAbstractService {joint-iso-itu-t mhs(6) mts(3) modules(0) +-- mts-abstract-service(1) version-1999(1)} ub-answerback, ub-name, ub-common-name, ub-surname, ub-serial-number, ub-locality-name, ub-state-name, ub-street-address, ub-organization-name, ub-organizational-unit-name, ub-title, ub-description, @@ -36,6 +36,23 @@ IMPORTS FilterItem, HierarchySelections, SearchControlOptions, ServiceControlOptions FROM DirectoryAbstractService directoryAbstractService; +G3FacsimileNonBasicParameters ::= BIT STRING { + two-dimensional(8), -- As defined in ITU-T Recommendation T.30 + fine-resolution(9), -- + unlimited-length(20), -- These bit values are chosen such that when + b4-length(21), -- encoded using ASN.1 Basic Encoding Rules + a3-width(22), -- the resulting octets have the same values + b4-width(23), -- as for T.30 encoding + t6-coding(25), -- + uncompressed(30), -- Trailing zero bits are not significant. + width-middle-864-of-1728(37), -- It is recommended that implementations + width-middle-1216-of-1728(38), -- should not encode more than 32 bits unless + resolution-type(44), -- higher numbered bits are non-zero. + resolution-400x400(45), resolution-300x300(46), resolution-8x15(47), + edi(49), dtm(50), bft(51), mixed-mode(58), character-mode(60), + twelve-bits(65), preferred-huffmann(66), full-colour(67), jpeg(68), + processable-mode-26(71)} + -- Directory string type DirectoryString{INTEGER:maxSize} ::= CHOICE { teletexString TeletexString(SIZE (1..maxSize)), diff --git a/priv/cms/Style-Descriptors.asn1 b/priv/cms/Style-Descriptors.asn1 new file mode 100644 index 0000000..84abb87 --- /dev/null +++ b/priv/cms/Style-Descriptors.asn1 @@ -0,0 +1,185 @@ +Style-Descriptors {2 8 1 5 10} DEFINITIONS ::= +BEGIN + +EXPORTS + Presentation-Style-Descriptor, Presentation-Attributes, Content-Type, + Content-Architecture-Class, Layout-Style-Descriptor, Fill-Order, + Block-Alignment; + +IMPORTS + Object-or-Class-Identifier, Style-Identifier, Category-Name, + Object-Id-Expression + FROM Identifiers-and-Expressions -- see 7.8 + + Comment-String, Transparency, Colour, Border, Layout-Object-Type, + Content-Background-Colour, Content-Foreground-Colour, Sealed + FROM Layout-Descriptors -- see 7.9 + + Colour-Expression, Colour-Table + FROM Colour-Attributes -- see 7.14 + + Character-Attributes + FROM Character-Presentation-Attributes {2 8 1 6 2 + } -- see ITU-T Rec. T.416 | ISO/IEC 8613-6 + Raster-Graphics-Attributes + FROM Raster-Gr-Presentation-Attributes {2 8 1 7 2 + } -- see ITU-T Rec. T.417 | ISO/IEC 8613-7 + Geometric-Graphics-Attributes + FROM Geo-Gr-Presentation-Attributes {2 8 1 8 2}; -- see ITU-T Rec. T.418 | ISO/IEC 8613-8 + +Presentation-Style-Descriptor ::= SET { + style-identifier Style-Identifier, + user-readable-comments [0] IMPLICIT Comment-String OPTIONAL, + user-visible-name [1] IMPLICIT Comment-String OPTIONAL, + application-comments [25] IMPLICIT OCTET STRING OPTIONAL, + transparency [2] IMPLICIT Transparency OPTIONAL, + presentation-attributes [3] IMPLICIT Presentation-Attributes OPTIONAL, + colour [4] IMPLICIT Colour OPTIONAL, + colour-of-layout-object [29] Colour-Expression OPTIONAL, + object-colour-table [30] IMPLICIT Colour-Table OPTIONAL, + content-background-colour [31] Content-Background-Colour OPTIONAL, + content-foreground-colour [32] Content-Foreground-Colour OPTIONAL, + content-colour-table [33] IMPLICIT Colour-Table OPTIONAL, + border [5] IMPLICIT Border OPTIONAL, + sealed [6] IMPLICIT Sealed OPTIONAL, + derived-from [7] IMPLICIT Style-Identifier OPTIONAL +} + +Presentation-Attributes ::= SET { + content-architecture-class + CHOICE {a Content-Architecture-Class, + b Content-Type} OPTIONAL, + character-attributes [0] IMPLICIT Character-Attributes OPTIONAL, + raster-graphics-attributes + [1] IMPLICIT Raster-Graphics-Attributes OPTIONAL, + geometric-graphics-attributes + [2] IMPLICIT Geometric-Graphics-Attributes OPTIONAL, + -- the following tags are reserved for additional types + -- of presentation attributes: + -- [3] videotex, for use in conjunction with CCITT Recommendations + -- [4] audio + -- [5] dynamic-graphics + ext-cont-arch-pres-attributes [6] IMPLICIT SEQUENCE OF EXTERNAL OPTIONAL +} + +Content-Type ::= [APPLICATION 2] IMPLICIT INTEGER {formatted-raster-graphics(1) +} + +-- The integer representation for content architecture class, +-- Content-Type, is only to be used if the value of the document +-- profile attribute "document application profile" is an integer. +-- The value 'formatted-raster-graphics' represents the formatted raster +-- graphics content architecture as defined in ITU-T Rec. T.417 | ISO/IEC 8613-7. +Content-Architecture-Class ::= OBJECT IDENTIFIER + +Layout-Style-Descriptor ::= SET { + style-identifier Style-Identifier, + user-readable-comments [0] IMPLICIT Comment-String OPTIONAL, + user-visible-name [1] IMPLICIT Comment-String OPTIONAL, + application-comments [25] IMPLICIT OCTET STRING OPTIONAL, + layout-directives [4] IMPLICIT Layout-Directives OPTIONAL, + sealed [6] IMPLICIT Sealed OPTIONAL, + derived-from [7] IMPLICIT Style-Identifier OPTIONAL +} + +Layout-Directives ::= SET { + indivisibility + CHOICE {to-layout-object-class [0] IMPLICIT Object-or-Class-Identifier, + to-layout-category [1] IMPLICIT Category-Name, + to-layout-object-type [2] IMPLICIT Layout-Object-Type, + null [15] IMPLICIT NULL} OPTIONAL, + separation [3] IMPLICIT Separation OPTIONAL, + offset [4] IMPLICIT Offset OPTIONAL, + fill-order [5] IMPLICIT Fill-Order OPTIONAL, + concatenation [6] IMPLICIT Concatenation OPTIONAL, + new-layout-object + CHOICE {to-layout-object-class [7] IMPLICIT Object-or-Class-Identifier, + to-layout-category [8] IMPLICIT Category-Name, + to-layout-object-type [9] IMPLICIT Layout-Object-Type, + null [16] IMPLICIT NULL} OPTIONAL, + same-layout-object [10] IMPLICIT Same-Layout-Object OPTIONAL, + layout-object-class + [11] IMPLICIT Object-or-Class-Identifier OPTIONAL, + logical-stream-category [19] IMPLICIT Category-Name OPTIONAL, + logical-stream-sub-category [20] IMPLICIT Category-Name OPTIONAL, + layout-category [12] IMPLICIT Category-Name OPTIONAL, + synchronization + CHOICE {a [13] IMPLICIT Object-or-Class-Identifier, + b [17] Object-Id-Expression, + c [18] IMPLICIT NULL} OPTIONAL, + block-alignment [14] IMPLICIT Block-Alignment OPTIONAL, + floatability-range [24] IMPLICIT Floatability-Range OPTIONAL +} + +Separation ::= SET { + leading [0] IMPLICIT INTEGER OPTIONAL, + trailing [1] IMPLICIT INTEGER OPTIONAL, + centre [2] IMPLICIT INTEGER OPTIONAL +} + +Offset ::= SET { + leading [3] IMPLICIT INTEGER OPTIONAL, + trailing [2] IMPLICIT INTEGER OPTIONAL, + left-hand [1] IMPLICIT INTEGER OPTIONAL, + right-hand [0] IMPLICIT INTEGER OPTIONAL +} + +Fill-Order ::= INTEGER {normal(0), reverse(1)} + +Concatenation ::= INTEGER {non-concatenated(0), concatenated(1)} + +Same-Layout-Object ::= SET { + logical-object + CHOICE {a [0] IMPLICIT Object-or-Class-Identifier, + b [4] Object-Id-Expression, + c [5] IMPLICIT NULL}, + layout-object + CHOICE {d [1] IMPLICIT Object-or-Class-Identifier, + to-stream-root-category [6] IMPLICIT Category-Name, + to-stream-sub-category [7] IMPLICIT Category-Name, + to-layout-category [2] IMPLICIT Category-Name, + e [3] IMPLICIT Layout-Object-Type} OPTIONAL +} + +Floatability-Range ::= SET { + forward-limit + [0] SEQUENCE {logical-object + CHOICE {a [2] IMPLICIT Object-or-Class-Identifier, + b [3] Object-Id-Expression, + c [4] IMPLICIT NULL}, + layout-object + CHOICE {to-layout-object-class + [5] IMPLICIT Object-or-Class-Identifier, + to-stream-root-category + [6] IMPLICIT Category-Name, + to-stream-sub-category + [7] IMPLICIT Category-Name, + to-layout-category + [8] IMPLICIT Category-Name, + to-layout-object-type + [9] IMPLICIT Layout-Object-Type, + d [10] IMPLICIT NULL + } OPTIONAL} OPTIONAL, + backward-limit + [1] SEQUENCE {logical-object + CHOICE {e [2] IMPLICIT Object-or-Class-Identifier, + f [3] Object-Id-Expression, + g [4] IMPLICIT NULL}, + layout-object + CHOICE {to-layout-object-class + [5] IMPLICIT Object-or-Class-Identifier, + to-stream-root-category + [6] IMPLICIT Category-Name, + to-stream-sub-category + [7] IMPLICIT Category-Name, + to-layout-category + [8] IMPLICIT Category-Name, + to-layout-object-type + [9] IMPLICIT Layout-Object-Type, + h [10] IMPLICIT NULL + } OPTIONAL} OPTIONAL +} + +Block-Alignment ::= INTEGER {right-hand(0), left-hand(1), centred(2), null(3)} + +END diff --git a/priv/cms/Subprofiles.asn1 b/priv/cms/Subprofiles.asn1 new file mode 100644 index 0000000..4e05bb3 --- /dev/null +++ b/priv/cms/Subprofiles.asn1 @@ -0,0 +1,91 @@ +Subprofiles {2 8 1 12 2} DEFINITIONS IMPLICIT TAGS ::= +BEGIN + +EXPORTS Subprofile-Descriptor, Subprofile-Identifier; + +IMPORTS + Character-Data, Date-and-Time, Document-Reference, Personal-Name, + Originators, Other-User-Information, Local-File-References, + Security-Information + FROM Document-Profile-Descriptor {2 8 1 5 6} + -- see ITU-T Rec. T.415 | ISO/IEC 8613-5 + Location-Expression + FROM Location-Expressions {2 8 1 12 0}; + +Subprofile-Descriptor ::= SET { + subprofile-identifier [0] Subprofile-Identifier, + subprofile-reference [1] Subprofile-Reference OPTIONAL, + subprofile-precedence [2] INTEGER OPTIONAL, + document-fragment-reference [3] Location-Expression, + content-architecture-classes + [4] SET OF OBJECT IDENTIFIER OPTIONAL, -- shall always + + -- be present, except when used in a location expression + document-fragment-management-attributes + [5] Document-Fragment-Management-Attributes OPTIONAL +} + +Subprofile-Identifier ::= [APPLICATION 8] PrintableString + +-- only digits and spaces are used in the present version of this Specification; +-- other characters are reserved for extensions +Subprofile-Reference ::= CHOICE { + unique-reference [0] OBJECT IDENTIFIER, + descriptive-reference [1] Character-Data +} + +Document-Fragment-Management-Attributes ::= SET { + document-fragment-description [0] Document-Fragment-Description OPTIONAL, + dates-and-times [1] Dates-and-Times OPTIONAL, + originators [2] Originators OPTIONAL, + other-user-information [3] Other-User-Information OPTIONAL, + external-references [4] External-References2 OPTIONAL, + local-file-references [5] Local-File-References OPTIONAL, + languages [6] SET OF Character-Data OPTIONAL, + security-information [7] Security-Information OPTIONAL +} + +Document-Fragment-Description ::= SET { + title [0] Character-Data OPTIONAL, + subject [1] Character-Data OPTIONAL, + document-fragment-type [2] Character-Data OPTIONAL, + abstract [3] Character-Data OPTIONAL, + keywords [4] SET OF Character-Data OPTIONAL +} + +Dates-and-Times ::= SET { + document-fragment-date-and-time [0] Date-and-Time OPTIONAL, + creation-date-and-time [1] Date-and-Time OPTIONAL, + local-filing-date-and-time [2] SEQUENCE OF Date-and-Time OPTIONAL, + expiry-date-and-time [3] Date-and-Time OPTIONAL, + start-date-and-time [4] Date-and-Time OPTIONAL, + purge-date-and-time [5] Date-and-Time OPTIONAL, + release-date-and-time [6] Date-and-Time OPTIONAL, + revision-history + [7] SEQUENCE OF + SET {revision-date-and-time [0] Date-and-Time OPTIONAL, + version-identifier [1] Character-Data OPTIONAL, + revisers + [2] SET OF + SET {names [0] SET OF Personal-Name OPTIONAL, + position [1] Character-Data OPTIONAL, + organization [2] Character-Data OPTIONAL + } OPTIONAL, + version-reference + [3] Document-or-Document-Fragment-Reference OPTIONAL, + user-comments [4] Character-Data OPTIONAL} OPTIONAL +} + +External-References2 ::= SET { + references-to-other-documents-or-document-fragments + [0] SET OF Document-or-Document-Fragment-Reference OPTIONAL, + superseded-documents-or-document-fragments + [1] SET OF Document-or-Document-Fragment-Reference OPTIONAL +} + +Document-or-Document-Fragment-Reference ::= CHOICE { + document [0] Document-Reference, + document-fragment [1] Subprofile-Reference +} + +END diff --git a/priv/cms/Temporal-Relationships.asn1 b/priv/cms/Temporal-Relationships.asn1 new file mode 100644 index 0000000..9dcff63 --- /dev/null +++ b/priv/cms/Temporal-Relationships.asn1 @@ -0,0 +1,87 @@ +Temporal-Relationships {2 8 1 14 0} DEFINITIONS ::= +BEGIN + +EXPORTS + Temporal-Relations, Presentation-Time, Document-Presentation-Time, + Time-Scaling; + +IMPORTS + Date-and-Time + FROM Document-Profile-Descriptor {2 8 1 5 6} + -- see ITU-T Rec. T.415 | ISO/IEC 8613-5 and C.4 + Object-or-Class-Identifier + FROM Identifiers-and-Expressions {2 8 1 5 7}; + +-- see ITU-T Rec. T.415 | ISO/IEC 8613-5 +Temporal-Relations ::= SET { + synchronization-type [0] IMPLICIT Synchronization-Type, + subordinate-nodes + [1] SEQUENCE OF + SET {node-identifier [0] IMPLICIT Node-Identifier, + start-time [1] IMPLICIT Time-Delay OPTIONAL, + duration [2] Indefinite-or-Time-Delay OPTIONAL, + cyclic [3] IMPLICIT Cyclic OPTIONAL, + end-time [4] IMPLICIT Time-Delay OPTIONAL, + application-comments [5] IMPLICIT OCTET STRING OPTIONAL + } +} + +-- The value 'null' is represented by an empty set +Synchronization-Type ::= INTEGER { + parallel-last(0), parallel-first(1), parallel-selective(2), sequential(3) +} + +Node-Identifier ::= PrintableString + +-- only digits and spaces are used +-- the first digit is either 2 for a logical object class or 3 for a logical object +Cyclic ::= SET { + number-of-cycles [0] CHOICE {indefinite Indefinite, + a INTEGER}, + cycle-start-time [1] IMPLICIT Time-Delay OPTIONAL, + cycle-duration [2] Indefinite-or-Time-Delay OPTIONAL +} + +Indefinite ::= NULL + +Time-Delay ::= INTEGER {indefinite(-1)} + +Presentation-Time ::= SET { + timing + CHOICE {fixed-timing [0] IMPLICIT INTEGER, + variable-timing [1] IMPLICIT Time-Spec} OPTIONAL, + duration + CHOICE {fixed-duration + [2] CHOICE {indefinite-or-time-delay Indefinite-or-Time-Delay, + object-or-class-identifier + Object-or-Class-Identifier}, + rule-A [3] IMPLICIT Rule-Spec, + rule-B [4] IMPLICIT Rule-Spec} OPTIONAL, + cyclic [5] Cyclic OPTIONAL +} + +-- The value 'null' is represented by an empty set +Time-Spec ::= SET { + start-offset [0] IMPLICIT INTEGER OPTIONAL, + end-offset [1] IMPLICIT INTEGER OPTIONAL, + start-separation [2] IMPLICIT INTEGER OPTIONAL, + end-separation [3] IMPLICIT INTEGER OPTIONAL +} + +Rule-Spec ::= SET { + minimum-duration [0] IMPLICIT INTEGER OPTIONAL, + maximum-duration [1] IMPLICIT INTEGER OPTIONAL +} + +Indefinite-or-Time-Delay ::= CHOICE { + indefinite [0] IMPLICIT NULL, + fixed [1] Time-Delay +} + +Document-Presentation-Time ::= Date-and-Time + +Time-Scaling ::= [0] IMPLICIT SEQUENCE {a INTEGER, + b INTEGER +} + +END diff --git a/priv/cms/Text-Units.asn1 b/priv/cms/Text-Units.asn1 new file mode 100644 index 0000000..6ad46ee --- /dev/null +++ b/priv/cms/Text-Units.asn1 @@ -0,0 +1,67 @@ +Text-Units {2 8 1 5 12} DEFINITIONS ::= +BEGIN + +EXPORTS Text-Unit, Type-Of-Coding; + +IMPORTS + Content-Portion-Identifier + FROM Identifiers-and-Expressions -- see 7.8 + + Character-Coding-Attributes + FROM Character-Coding-Attributes {2 8 1 6 3 + } -- see ITU-T Rec. T.416 | ISO/IEC 8613-6 + Raster-Gr-Coding-Attributes + FROM Raster-Gr-Coding-Attributes {2 8 1 7 3 + } -- see ITU-T Rec. T.417 | ISO/IEC 8613-7 + Geo-Gr-Coding-Attributes + FROM Geo-Gr-Coding-Attributes {2 8 1 8 3 + } -- see ITU-T Rec. T.418 | ISO/IEC 8613-8 + Videotex-Coding-Attributes + FROM Videotex-Coding-Attributes ; + +Text-Unit ::= SEQUENCE { + content-portion-attributes Content-Portion-Attributes OPTIONAL, + content-information Content-Information OPTIONAL +} + +Content-Portion-Attributes ::= SET { + content-identifier-layout Content-Portion-Identifier OPTIONAL, + content-identifier-logical [4] IMPLICIT Content-Portion-Identifier OPTIONAL, + type-of-coding Type-Of-Coding OPTIONAL, + coding-attributes + CHOICE {character-coding-attributes + [1] IMPLICIT Character-Coding-Attributes, + raster-gr-coding-attributes + [2] IMPLICIT Raster-Gr-Coding-Attributes, + geo-gr-coding-attributes + [7] IMPLICIT Geo-Gr-Coding-Attributes, + videotex-coding-attributes + [8] IMPLICIT Videotex-Coding-Attributes, + -- the use of the data item "videotex-coding-attributes" is applicable to + -- ITU-T Rec. T.410 Series only + -- the following tags are reserved for additional types + -- of coding attributes: + -- [9] audio + -- [10] dynamic-graphics + ext-cont-arch-coding-attributes [11] IMPLICIT EXTERNAL} OPTIONAL, + alternative-representation [3] IMPLICIT Alternative-Representation OPTIONAL +} + +Content-Information ::= CHOICE { + content OCTET STRING, + tiled-content Tiled-Content +} + +Tiled-Content ::= SEQUENCE OF OCTET STRING + +Type-Of-Coding ::= CHOICE { + a [0] IMPLICIT INTEGER {t6(1)}, + b [6] IMPLICIT OBJECT IDENTIFIER +} + +Alternative-Representation ::= OCTET STRING + +-- string of characters from the sets designated by the document +-- profile attribute "alternative representation character sets", +-- plus carriage return and line feed +END diff --git a/priv/cms/Videotex-Coding-Attributes.asn1 b/priv/cms/Videotex-Coding-Attributes.asn1 new file mode 100644 index 0000000..18e51cb --- /dev/null +++ b/priv/cms/Videotex-Coding-Attributes.asn1 @@ -0,0 +1,30 @@ +-- Module Videotex-Coding-Attributes (T.101:11/1994) +Videotex-Coding-Attributes DEFINITIONS ::= +BEGIN + +EXPORTS Videotex-Coding-Attributes; + +Videotex-Coding-Attributes ::= SET { + subset [0] IMPLICIT Subset OPTIONAL, + rank [1] IMPLICIT Rank OPTIONAL, + profile [2] IMPLICIT Profile OPTIONAL +} + +Subset ::= INTEGER { + undefined(0), rank1(1), rank2(2), rank3(3), rank4(4), rank5(5), profile1(81), + profile2(82), profile3(83), profile4(84), profileX1-1(85), profileX1-2(86), + profileX1-3(87), profileX1-4(88), profileX2-1(89), profileX2-2(90), + profileX2-3(91), profileX2-4(92)} + +Rank ::= INTEGER { + undefined(0), rank1(1), rank2(2), rank3(3), rank4(4), rank5(5)} + +Profile ::= INTEGER { + undefined(0), profile1(81), profile2(82), profile3(83), profile4(84), + profileX1-1(85), profileX1-2(86), profileX1-3(87), profileX1-4(88), + profileX2-1(89), profileX2-2(90), profileX2-3(91), profileX2-4(92)} + +END + +-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D + diff --git a/priv/cms/clean.sh b/priv/cms/clean.sh new file mode 100755 index 0000000..3db9a41 --- /dev/null +++ b/priv/cms/clean.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +rm *.asn1db *.beam *.erl *.hrl \ No newline at end of file