Import

.dialyzer.ignore

@@ -0,0 +1,9 @@
+src/AttributeCertificateVersion1.erl:424:5: Unknown function asn1rt_nif:decode_ber_tlv/1
+src/CryptographicMessageSyntax2004.erl:3752:5: Unknown function asn1rt_nif:decode_ber_tlv/1
+src/CryptographicMessageSyntax2004.erl:3759:5: Unknown function asn1rt_nif:encode_ber_tlv/1
+src/PKIX1Explicit88.erl:5458:5: Unknown function asn1rt_nif:decode_ber_tlv/1
+src/PKIX1Explicit88.erl:5465:5: Unknown function asn1rt_nif:encode_ber_tlv/1
+src/PKIX1Implicit88.erl:2768:5: Unknown function asn1rt_nif:decode_ber_tlv/1
+src/PKIX1Implicit88.erl:2775:5: Unknown function asn1rt_nif:encode_ber_tlv/1
+src/PKIXAttributeCertificate.erl:1960:5: Unknown function asn1rt_nif:decode_ber_tlv/1
+src/PKIXAttributeCertificate.erl:1967:5: Unknown function asn1rt_nif:encode_ber_tlv/1

.formatter.exs

@@ -0,0 +1,4 @@
+# Used by "mix format"
+[
+  inputs: ["{mix,.formatter}.exs", "{config,lib,test}/**/*.{ex,exs}"]
+]

.github/dependabot.yml

@@ -0,0 +1,7 @@
+version: 2
+updates:
+- package-ecosystem: mix
+  directory: "/"
+  schedule:
+    interval: weekly
+  open-pull-requests-limit: 999

.github/workflows/test.yml

@@ -0,0 +1,66 @@
+name: Continuous Integration
+
+on:
+  pull_request:
+    types: [opened, reopened, synchronize]
+  push:
+    branches:
+      - 'main'
+
+jobs:
+  test:
+    env:
+      MIX_ENV: test
+    runs-on: ubuntu-20.04
+    name: Test (OTP ${{ matrix.otp }} / Elixir ${{ matrix.elixir }})
+    strategy:
+      matrix:
+        elixir: ['1.15', '1.14', '1.13', '1.12', '1.11']
+        otp: ['26', '25', '24', '23']
+        exclude:
+          - {otp: '23', elixir: '1.15'}
+          - {otp: '24', elixir: '1.15'}
+          - {otp: '25', elixir: '1.11'}
+          - {otp: '25', elixir: '1.12'}
+          - {otp: '26', elixir: '1.11'}
+          - {otp: '26', elixir: '1.12'}
+          - {otp: '26', elixir: '1.13'}
+    steps:
+      - uses: actions/checkout@v3
+      - uses: erlef/setup-beam@v1
+        with:
+          otp-version: ${{ matrix.otp }}
+          elixir-version: ${{ matrix.elixir }}
+      - run: mix deps.get
+      - run: mix compile.asn1
+      - run: mix test
+
+  lint:
+    runs-on: ubuntu-latest
+    name: Linting
+    strategy:
+      matrix:
+        elixir: ['1.15']
+        otp: ['26']
+    steps:
+      - uses: actions/checkout@v3
+      - uses: erlef/setup-beam@v1
+        id: beam
+        with:
+          otp-version: ${{ matrix.otp }}
+          elixir-version: ${{ matrix.elixir }}
+      - name: PLT cache
+        uses: actions/cache@v3
+        with:
+          key: |
+            ${{ runner.os }}-${{ steps.beam.outputs.elixir-version }}-${{ steps.beam.outputs.otp-version }}-plt
+          restore-keys: |
+            ${{ runner.os }}-${{ steps.beam.outputs.elixir-version }}-${{ steps.beam.outputs.otp-version }}-plt
+          path: |
+            priv/plts
+      - run: mix deps.get
+      - run: mix deps.unlock --check-unused
+      - run: mix compile --warnings-as-errors
+      - run: mix format --check-formatted
+      - run: mix credo --strict --all
+      - run: mix dialyzer --halt-exit-status

.gitignore

@@ -0,0 +1,28 @@
+# The directory Mix will write compiled artifacts to.
+/_build/
+
+# If you run "mix test --cover", coverage assets end up here.
+/cover/
+
+# The directory Mix downloads your dependencies sources to.
+/deps/
+
+# Where third-party dependencies like ExDoc output generated docs.
+/doc/
+
+# Ignore .fetch files in case you like to edit your project deps locally.
+/.fetch
+
+# If the VM crashes, it generates a dump, let's ignore it too.
+erl_crash.dump
+
+# Also ignore archive artifacts (built via "mix archive.build").
+*.ez
+
+# Ignore package tarball (built via "mix hex.build").
+cmsex-*.tar
+
+# Temporary files, for example, from tests.
+/tmp/
+
+/src/*.asn1db

CHANGELOG.md

@@ -0,0 +1,5 @@
+# Changelog
+
+## 0.1.0 (2023-09-13)
+
+Initial release with signed data support (@ashabhasa, @lucacorti)

README.md

@@ -0,0 +1,28 @@
+# CMSEx
+
+This library contains an Elixir library to parse the `CMS` file format as described in [RFC 5652](https://datatracker.ietf.org/doc/html/rfc5652) and related RFCs.
+
+This includes for instance `PKCS7` files with a `.p7m` extension.
+
+## Installation
+
+If [available in Hex](https://hex.pm/docs/publish), the package can be installed
+by adding `cmsex` to your list of dependencies in `mix.exs`:
+
+```elixir
+def deps do
+  [
+    {:cmsex, "~> 0.1.0"}
+  ]
+end
+```
+
+# Development
+
+The parser is generated from `ASN.1` specifications copied from their RFCs  using the `asn1ct` module included with OTP. The ASN.1 specs were only slightly tweaked by removing primitive type definitions, to be compatible with `asn1ct`.
+
+The source `ASN.1` specifications are stored in `asn1/`, and the generated Erlang code  is stored in `src/`. For development purposes, the Erlang code can be regenerated by running the `mix compile.asn1` task.
+
+Documentation can be generated with [ExDoc](https://github.com/elixir-lang/ex_doc)
+and published on [HexDocs](https://hexdocs.pm). Once published, the docs can
+be found at <https://hexdocs.pm/cmsex>.

asn1/AttributeCertificateVersion1.asn1

@@ -0,0 +1,60 @@
+AttributeCertificateVersion1
+       { iso(1) member-body(2) us(840) rsadsi(113549)
+         pkcs(1) pkcs-9(9) smime(16) modules(0) v1AttrCert(15) }
+
+   DEFINITIONS EXPLICIT TAGS ::=
+   BEGIN
+
+   -- EXPORTS All
+
+   IMPORTS
+
+     -- Imports from RFC 5280 [PROFILE], Appendix A.1
+           AlgorithmIdentifier, Attribute, CertificateSerialNumber,
+           Extensions, UniqueIdentifier
+              FROM PKIX1Explicit88
+                   { iso(1) identified-organization(3) dod(6)
+                     internet(1) security(5) mechanisms(5) pkix(7)
+                     mod(0) pkix1-explicit(18) }
+
+     -- Imports from RFC 5280 [PROFILE], Appendix A.2
+           GeneralNames
+              FROM PKIX1Implicit88
+                   { iso(1) identified-organization(3) dod(6)
+                     internet(1) security(5) mechanisms(5) pkix(7)
+                     mod(0) pkix1-implicit(19) }
+
+     -- Imports from RFC 3281 [ACPROFILE], Appendix B
+           AttCertValidityPeriod, IssuerSerial
+              FROM PKIXAttributeCertificate
+                   { iso(1) identified-organization(3) dod(6)
+                     internet(1) security(5) mechanisms(5) pkix(7)
+                     mod(0) attribute-cert(12) } ;
+
+   -- Definition extracted from X.509-1997 [X.509-97], but
+   -- different type names are used to avoid collisions.
+
+   AttributeCertificateV1 ::= SEQUENCE {
+     acInfo AttributeCertificateInfoV1,
+     signatureAlgorithm AlgorithmIdentifier,
+     signature BIT STRING }
+
+   AttributeCertificateInfoV1 ::= SEQUENCE {
+     version AttCertVersionV1 DEFAULT v1,
+     subject CHOICE {
+       baseCertificateID [0] IssuerSerial,
+         -- associated with a Public Key Certificate
+       subjectName [1] GeneralNames },
+         -- associated with a name
+     issuer GeneralNames,
+     signature AlgorithmIdentifier,
+     serialNumber CertificateSerialNumber,
+     attCertValidityPeriod AttCertValidityPeriod,
+     attributes SEQUENCE OF Attribute,
+     issuerUniqueID UniqueIdentifier OPTIONAL,
+     extensions Extensions OPTIONAL }
+
+   AttCertVersionV1 ::= INTEGER { v1(0) }
+
+   END -- of AttributeCertificateVersion1
+