# CMS.cnf
# CMS conformation file

#.IMPORT ../x509af/x509af-exp.cnf
#.IMPORT ../x509ce/x509ce-exp.cnf
#.IMPORT ../x509if/x509if-exp.cnf
#.IMPORT ../x509sat/x509sat-exp.cnf

#.OMIT_ASSIGNMENT
CBCParameter
ExtendedCertificateOrCertificate
#.END

#.EXPORTS
ContentInfo
ContentType
Countersignature
Digest
DigestAlgorithmIdentifier
DigestAlgorithmIdentifiers
DigestInfo
EncapsulatedContentInfo
EnvelopedData
AuthEnvelopedData
IssuerAndSerialNumber
SignedAttributes
SignedData
SignerIdentifier
SignerInfo
SignerInfos
SignatureValue
UnsignedAttributes

#.REGISTER
ContentInfo			B "1.2.840.113549.1.9.16.1.6" "id-ct-contentInfo"
#OctetString		B "1.2.840.113549.1.7.1"      "id-data"			 see x509sat.cnf
SignedData			B "1.2.840.113549.1.7.2"      "id-signedData"
EnvelopedData		B "1.2.840.113549.1.7.3"      "id-envelopedData"
DigestedData		B "1.2.840.113549.1.7.5"      "id-digestedData"
EncryptedData		B "1.2.840.113549.1.7.6"      "id-encryptedData"
AuthenticatedData	B "1.2.840.113549.1.9.16.1.2" "id-ct-authenticatedData"
EncryptedContentInfo	B "1.2.840.113549.1.9.16.1.9" "id-ct-compressedData"
AuthEnvelopedData	B "1.2.840.113549.1.9.16.1.23" "id-ct-authEnvelopedData"

ContentType			B "1.2.840.113549.1.9.3"	"id-contentType"
MessageDigest		B "1.2.840.113549.1.9.4"	"id-messageDigest"
SigningTime			B "1.2.840.113549.1.9.5"	"id-signingTime"
Countersignature	B "1.2.840.113549.1.9.6"	"id-counterSignature"

ContentInfo			B "2.6.1.4.18" "id-et-pkcs7"

IssuerAndSerialNumber	B "1.3.6.1.4.1.311.16.4" "ms-oe-encryption-key-preference"
SMIMECapabilities 	B "1.2.840.113549.1.9.15" "id-smime-capabilities"
SMIMEEncryptionKeyPreference B "1.2.840.113549.1.9.16.2.11" "id-encryption-key-preference"

# I think the following should be RC2CBCParameter - but that appears to be incorrect
RC2CBCParameters 	B "1.2.840.113549.3.4" "id-alg-rc4"

KeyEncryptionAlgorithmIdentifier	B "0.4.0.127.0.7.1.1.5.1.1.3"	"ecka-eg-X963KDF-SHA256"
KeyEncryptionAlgorithmIdentifier	B "0.4.0.127.0.7.1.1.5.1.1.4"	"ecka-eg-X963KDF-SHA384"
KeyEncryptionAlgorithmIdentifier	B "0.4.0.127.0.7.1.1.5.1.1.5"	"ecka-eg-X963KDF-SHA512"

KeyEncryptionAlgorithmIdentifier	B "2.16.840.1.101.3.4.1.5"	"id-aes128-wrap"
KeyEncryptionAlgorithmIdentifier	B "2.16.840.1.101.3.4.1.25"	"id-aes192-wrap"
KeyEncryptionAlgorithmIdentifier	B "2.16.840.1.101.3.4.1.45"	"id-aes256-wrap"

GCMParameters		B "2.16.840.1.101.3.4.1.6"	"id-aes128-GCM"
GCMParameters		B "2.16.840.1.101.3.4.1.26"	"id-aes192-GCM"
GCMParameters		B "2.16.840.1.101.3.4.1.46"	"id-aes256-GCM"

CCMParameters		B "2.16.840.1.101.3.4.1.7"	"id-aes128-CCM"
CCMParameters		B "2.16.840.1.101.3.4.1.27"	"id-aes192-CCM"
CCMParameters		B "2.16.840.1.101.3.4.1.44"	"id-aes256-CCM"

# EC algorithms from RFC 3278 / RFC 5753
KeyWrapAlgorithm B "1.3.133.16.840.63.0.2"  "dhSinglePass-stdDH-sha1kdf-scheme"
KeyWrapAlgorithm B "1.3.132.1.11.0"         "dhSinglePass-stdDH-sha224kdf-scheme"
KeyWrapAlgorithm B "1.3.132.1.11.1"         "dhSinglePass-stdDH-sha256kdf-scheme"
KeyWrapAlgorithm B "1.3.132.1.11.2"         "dhSinglePass-stdDH-sha384kdf-scheme"
KeyWrapAlgorithm B "1.3.132.1.11.3"         "dhSinglePass-stdDH-sha512kdf-scheme"
KeyWrapAlgorithm B "1.3.133.16.840.63.0.3"  "dhSinglePass-cofactorDH-sha1kdf-scheme"
KeyWrapAlgorithm B "1.3.132.1.14.0"         "dhSinglePass-cofactorDH-sha224kdf-scheme"
KeyWrapAlgorithm B "1.3.132.1.14.1"         "dhSinglePass-cofactorDH-sha256kdf-scheme"
KeyWrapAlgorithm B "1.3.132.1.14.2"         "dhSinglePass-cofactorDH-sha384kdf-scheme"
KeyWrapAlgorithm B "1.3.132.1.14.3"         "dhSinglePass-cofactorDH-sha512kdf-scheme"
KeyWrapAlgorithm B "1.3.133.16.840.63.0.16" "mqvSinglePass-sha1kdf-scheme"
KeyWrapAlgorithm B "1.3.132.1.15.0"         "mqvSinglePass-sha224kdf-scheme"
KeyWrapAlgorithm B "1.3.132.1.15.1"         "mqvSinglePass-sha256kdf-scheme"
KeyWrapAlgorithm B "1.3.132.1.15.2"         "mqvSinglePass-sha384kdf-scheme"
KeyWrapAlgorithm B "1.3.132.1.15.3"         "mqvSinglePass-sha512kdf-scheme"

# RFC 3370 [CMS-ASN] (and RFC 5911 section 3)
# - section 4.3.1 - registered in packet-cms-template.c
# NULL B "1.2.840.113549.1.9.16.3.6" "id-alg-CMS3DESwrap"
# - section 4.3.2
RC2WrapParameter	B "1.2.840.113549.1.9.16.3.7" "id-alg-CMSRC2-wrap"
# - section 4.4.1 - PBKDF2-params defined in PKCS#5 / RFC 8018 - not yet implemented
# PBKDF2-params	B "1.2.840.113549.1.5.12" "id-PBKDF2"
# - section 5.1
IV 	B "1.2.840.113549.3.7" "des-ede3-cbc"
# - section 5.2
RC2CBCParameters 	B "1.2.840.113549.3.2" "rc2-cbc"

# RFC 2798 Attributes - see master list in x509sat.cnf
SignedData		B "2.16.840.1.113730.3.1.40"      "userSMIMECertificate"

# RFC 4108 Attributes (in CMSFirmwareWrapper.asn)
FirmwarePkgData		              B "1.2.840.113549.1.9.16.1.16"	"id-ct-firmwarePackage"
FirmwarePackageIdentifier		    B "1.2.840.113549.1.9.16.2.35"	"id-aa-firmwarePackageID"
TargetHardwareIdentifiers		    B "1.2.840.113549.1.9.16.2.36"	"id-aa-targetHardwareIDs"
DecryptKeyIdentifier		        B "1.2.840.113549.1.9.16.2.37"	"id-aa-decryptKeyID"
ImplementedCryptoAlgorithms		  B "1.2.840.113549.1.9.16.2.38"	"id-aa-implCryptoAlgs"
ImplementedCompressAlgorithms		B "1.2.840.113549.1.9.16.2.43"	"id-aa-implCompressAlgs"
CommunityIdentifiers		        B "1.2.840.113549.1.9.16.2.40"	"id-aa-communityIdentifiers"
FirmwarePackageInfo		          B "1.2.840.113549.1.9.16.2.42"	"id-aa-firmwarePackageInfo"
WrappedFirmwareKey		          B "1.2.840.113549.1.9.16.2.39"	"id-aa-wrappedFirmwareKey"
FirmwarePackageLoadReceipt	    B "1.2.840.113549.1.9.16.1.17"	"id-ct-firmwareLoadReceipt"
FirmwarePackageLoadError		    B "1.2.840.113549.1.9.16.1.18"	"id-ct-firmwareLoadError"
HardwareModuleName		          B "1.3.6.1.5.5.7.8.4"	          "id-on-hardwareModuleName"
FirmwarePackageMessageDigest		B "1.2.840.113549.1.9.16.2.41"	"id-aa-fwPkgMessageDigest"

#.NO_EMIT

#.TYPE_RENAME

#.FIELD_RENAME
SignerInfo/signature	signatureValue
RecipientEncryptedKey/rid	rekRid
EncryptedContentInfo/contentType	encryptedContentType
AttributeCertificateV1/signature	signatureValue_v1
AttributeCertificateV1/signatureAlgorithm	signatureAlgorithm_v1
AttributeCertificateInfoV1/attributes	attributes_v1
AttributeCertificateInfoV1/issuer	issuer_v1
AttributeCertificateInfoV1/signature	signature_v1
AttributeCertificateInfoV1/version	version_v1
RevocationInfoChoice/other		otherRIC
FirmwarePackageLoadReceipt/version		fwReceiptVersion
FirmwarePackageLoadError/version		fwErrorVersion

#.FN_BODY ContentInfo
  top_tree = tree;
  %(DEFAULT_BODY)s
  top_tree = NULL;

#.FN_PARS ContentType
  FN_VARIANT = _str VAL_PTR = &cms_data->object_identifier_id

#.FN_BODY ContentType
  struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
  cms_data->object_identifier_id = NULL;
  const char *name = NULL;

  %(DEFAULT_BODY)s

  if(cms_data->object_identifier_id) {
    name = oid_resolved_from_string(actx->pinfo->pool, cms_data->object_identifier_id);
    proto_item_append_text(tree, " (%%s)", name ? name : cms_data->object_identifier_id);
  }

#.FN_BODY ContentInfo/content
  struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
  offset=call_ber_oid_callback(cms_data->object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);


#.FN_BODY EncapsulatedContentInfo/eContent
  struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
  cms_data->content_tvb = NULL;
  offset = dissect_ber_octet_string(false, actx, tree, tvb, offset, hf_index, &cms_data->content_tvb);

  if(cms_data->content_tvb) {
    proto_item_set_text(actx->created_item, "eContent (%%u bytes)", tvb_reported_length(cms_data->content_tvb));

    call_ber_oid_callback(cms_data->object_identifier_id, cms_data->content_tvb, 0, actx->pinfo, top_tree ? top_tree : tree, NULL);
  }

#.FN_PARS OtherRecipientInfo/oriType
  FN_VARIANT = _str  VAL_PTR = &cms_data->object_identifier_id

#.FN_HDR OtherRecipientInfo/oriType
  struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
  cms_data->object_identifier_id = NULL;

#.FN_BODY OtherRecipientInfo/oriValue
  struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
  offset=call_ber_oid_callback(cms_data->object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);

#.FN_PARS OtherKeyAttribute/keyAttrId
  FN_VARIANT = _str  HF_INDEX = hf_cms_ci_contentType  VAL_PTR = &cms_data->object_identifier_id

#.FN_HDR OtherKeyAttribute/keyAttrId
  struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
  cms_data->object_identifier_id = NULL;

#.FN_BODY OtherKeyAttribute/keyAttr
  struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
  offset=call_ber_oid_callback(cms_data->object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);

#.FN_PARS OtherRevocationInfoFormat/otherRevInfoFormat
  FN_VARIANT = _str  VAL_PTR = &cms_data->object_identifier_id

#.FN_HDR OtherRevocationInfoFormat/otherRevInfoFormat
  struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
  cms_data->object_identifier_id = NULL;

#.FN_BODY OtherRevocationInfoFormat/otherRevInfo
  struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
  offset=call_ber_oid_callback(cms_data->object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);

#.FN_PARS Attribute/attrType
  FN_VARIANT = _str  HF_INDEX = hf_cms_attrType  VAL_PTR = &cms_data->object_identifier_id

#.FN_BODY Attribute/attrType
  struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
  cms_data->object_identifier_id = NULL;
  const char *name = NULL;

  %(DEFAULT_BODY)s

  if(cms_data->object_identifier_id) {
    name = oid_resolved_from_string(actx->pinfo->pool, cms_data->object_identifier_id);
    proto_item_append_text(tree, " (%%s)", name ? name : cms_data->object_identifier_id);
  }

#.FN_BODY AttributeValue
  struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);

  offset=call_ber_oid_callback(cms_data->object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);

#.FN_BODY MessageDigest
  struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
  proto_item *pi;
  int old_offset = offset;

  %(DEFAULT_BODY)s

  pi = actx->created_item;

  /* move past TLV */
  old_offset = get_ber_identifier(tvb, old_offset, NULL, NULL, NULL);
  old_offset = get_ber_length(tvb, old_offset, NULL, NULL);

  if(cms_data->content_tvb)
    cms_verify_msg_digest(pi, cms_data->content_tvb, x509af_get_last_algorithm_id(), tvb, old_offset);

#.FN_PARS SMIMECapability/capability
  FN_VARIANT = _str  HF_INDEX = hf_cms_attrType  VAL_PTR = &cms_data->object_identifier_id

#.FN_BODY SMIMECapability/capability
  struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);
  cms_data->object_identifier_id = NULL;
  const char *name = NULL;

  %(DEFAULT_BODY)s

  if(cms_data->object_identifier_id) {
    name = oid_resolved_from_string(actx->pinfo->pool, cms_data->object_identifier_id);
    proto_item_append_text(tree, " %%s", name ? name : cms_data->object_identifier_id);
    cap_tree = tree;
  }

#.FN_BODY SMIMECapability/parameters
  struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);

  offset=call_ber_oid_callback(cms_data->object_identifier_id, tvb, offset, actx->pinfo, tree, NULL);

#.FN_PARS RC2ParameterVersion
  VAL_PTR = &length

#.FN_BODY RC2ParameterVersion
  uint32_t length = 0;

  %(DEFAULT_BODY)s

  if(cap_tree != NULL)
    proto_item_append_text(cap_tree, " (%%d bits)", length);

#.FN_PARS EncryptedContent VAL_PTR = &encrypted_tvb

#.FN_HDR EncryptedContent
	tvbuff_t *encrypted_tvb;
	proto_item *item;
#.END

#.FN_FTR EncryptedContent
  struct cms_private_data *cms_data = cms_get_private_data(actx->pinfo);

  item = actx->created_item;

  PBE_decrypt_data(cms_data->object_identifier_id, encrypted_tvb, actx->pinfo, actx, item);

#.END