2004-07-19 09:03:28 +00:00
|
|
|
-- Extracted from RFC2630
|
2006-05-23 15:17:14 +00:00
|
|
|
-- and massaged/modified so it passws through our asn2wrs compiler
|
2004-07-19 09:03:28 +00:00
|
|
|
|
|
|
|
CryptographicMessageSyntax { iso(1) member-body(2) us(840) rsadsi(113549)
|
|
|
|
pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1) } DEFINITIONS IMPLICIT TAGS ::=
|
|
|
|
BEGIN
|
|
|
|
|
|
|
|
-- EXPORTS All
|
|
|
|
-- The types and values defined in this module are exported for use in
|
|
|
|
-- the other ASN.1 modules. Other applications may use them for their
|
|
|
|
-- own purposes.
|
|
|
|
|
|
|
|
IMPORTS
|
|
|
|
-- Directory Information Framework (X.501)
|
|
|
|
Name
|
|
|
|
FROM InformationFramework { joint-iso-itu-t ds(5) modules(1)
|
|
|
|
informationFramework(1) 3 }
|
|
|
|
|
|
|
|
-- Directory Authentication Framework (X.509)
|
|
|
|
AlgorithmIdentifier, AttributeCertificate, Certificate,
|
|
|
|
CertificateList, CertificateSerialNumber
|
|
|
|
FROM AuthenticationFramework { joint-iso-itu-t ds(5)
|
|
|
|
module(1) authenticationFramework(7) 3 } ;
|
|
|
|
|
|
|
|
|
|
|
|
-- Cryptographic Message Syntax
|
|
|
|
--
|
2004-09-16 08:31:01 +00:00
|
|
|
|
|
|
|
|
2004-10-29 12:11:42 +00:00
|
|
|
ContentInfo ::= SEQUENCE {
|
|
|
|
contentType ContentType,
|
2004-11-06 02:06:55 +00:00
|
|
|
content [0] EXPLICIT ANY
|
2004-10-29 12:11:42 +00:00
|
|
|
}
|
2004-09-16 08:31:01 +00:00
|
|
|
|
2004-07-19 09:03:28 +00:00
|
|
|
|
|
|
|
ContentType ::= OBJECT IDENTIFIER
|
|
|
|
|
|
|
|
SignedData ::= SEQUENCE {
|
|
|
|
version CMSVersion,
|
|
|
|
digestAlgorithms DigestAlgorithmIdentifiers,
|
|
|
|
encapContentInfo EncapsulatedContentInfo,
|
|
|
|
certificates [0] IMPLICIT CertificateSet OPTIONAL,
|
|
|
|
crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
|
|
|
|
signerInfos SignerInfos }
|
|
|
|
|
|
|
|
DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
|
|
|
|
|
|
|
|
SignerInfos ::= SET OF SignerInfo
|
|
|
|
|
2004-10-28 22:06:55 +00:00
|
|
|
-- Implemented by hand in the template
|
2004-07-19 09:03:28 +00:00
|
|
|
EncapsulatedContentInfo ::= SEQUENCE {
|
|
|
|
eContentType ContentType,
|
|
|
|
eContent [0] EXPLICIT OCTET STRING OPTIONAL }
|
|
|
|
|
|
|
|
SignerInfo ::= SEQUENCE {
|
|
|
|
version CMSVersion,
|
|
|
|
sid SignerIdentifier,
|
|
|
|
digestAlgorithm DigestAlgorithmIdentifier,
|
|
|
|
signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
|
|
|
|
signatureAlgorithm SignatureAlgorithmIdentifier,
|
|
|
|
signature SignatureValue,
|
|
|
|
unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL }
|
|
|
|
|
|
|
|
SignerIdentifier ::= CHOICE {
|
|
|
|
issuerAndSerialNumber IssuerAndSerialNumber,
|
|
|
|
subjectKeyIdentifier [0] SubjectKeyIdentifier }
|
|
|
|
|
|
|
|
SignedAttributes ::= SET SIZE (1..MAX) OF Attribute
|
|
|
|
|
|
|
|
UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute
|
|
|
|
|
|
|
|
Attribute ::= SEQUENCE {
|
2005-10-03 05:16:57 +00:00
|
|
|
attrType OBJECT IDENTIFIER,
|
|
|
|
attrValues SET OF AttributeValue
|
2004-07-19 09:03:28 +00:00
|
|
|
}
|
|
|
|
|
2005-10-03 05:16:57 +00:00
|
|
|
AttributeValue ::= ANY
|
2004-07-19 09:03:28 +00:00
|
|
|
|
|
|
|
SignatureValue ::= OCTET STRING
|
|
|
|
|
2004-07-25 10:34:07 +00:00
|
|
|
EnvelopedData ::= SEQUENCE {
|
|
|
|
version CMSVersion,
|
|
|
|
originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
|
|
|
|
recipientInfos RecipientInfos,
|
|
|
|
encryptedContentInfo EncryptedContentInfo,
|
|
|
|
unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL }
|
|
|
|
|
|
|
|
OriginatorInfo ::= SEQUENCE {
|
|
|
|
certs [0] IMPLICIT CertificateSet OPTIONAL,
|
|
|
|
crls [1] IMPLICIT CertificateRevocationLists OPTIONAL }
|
|
|
|
|
|
|
|
RecipientInfos ::= SET OF RecipientInfo
|
|
|
|
|
|
|
|
EncryptedContentInfo ::= SEQUENCE {
|
|
|
|
contentType ContentType,
|
|
|
|
contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
|
|
|
|
encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL }
|
|
|
|
|
|
|
|
EncryptedContent ::= OCTET STRING
|
|
|
|
|
|
|
|
UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute
|
|
|
|
|
|
|
|
RecipientInfo ::= CHOICE {
|
|
|
|
ktri KeyTransRecipientInfo,
|
|
|
|
kari [1] KeyAgreeRecipientInfo,
|
|
|
|
kekri [2] KEKRecipientInfo }
|
|
|
|
|
|
|
|
EncryptedKey ::= OCTET STRING
|
|
|
|
|
|
|
|
KeyTransRecipientInfo ::= SEQUENCE {
|
|
|
|
version CMSVersion,
|
2004-07-19 09:03:28 +00:00
|
|
|
-- always set to 0 or 2
|
2004-07-25 10:34:07 +00:00
|
|
|
rid RecipientIdentifier,
|
|
|
|
keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
|
|
|
|
encryptedKey EncryptedKey }
|
2004-07-19 09:03:28 +00:00
|
|
|
|
|
|
|
RecipientIdentifier ::= CHOICE {
|
|
|
|
issuerAndSerialNumber IssuerAndSerialNumber,
|
|
|
|
subjectKeyIdentifier [0] SubjectKeyIdentifier }
|
|
|
|
|
2004-07-25 10:34:07 +00:00
|
|
|
KeyAgreeRecipientInfo ::= SEQUENCE {
|
|
|
|
version CMSVersion,
|
2004-07-19 09:03:28 +00:00
|
|
|
-- always set to 3
|
2004-07-25 10:34:07 +00:00
|
|
|
originator [0] EXPLICIT OriginatorIdentifierOrKey,
|
|
|
|
ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL,
|
|
|
|
keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
|
|
|
|
recipientEncryptedKeys RecipientEncryptedKeys }
|
|
|
|
|
|
|
|
OriginatorIdentifierOrKey ::= CHOICE {
|
|
|
|
issuerAndSerialNumber IssuerAndSerialNumber,
|
|
|
|
subjectKeyIdentifier [0] SubjectKeyIdentifier,
|
|
|
|
originatorKey [1] OriginatorPublicKey }
|
|
|
|
|
|
|
|
OriginatorPublicKey ::= SEQUENCE {
|
|
|
|
algorithm AlgorithmIdentifier,
|
|
|
|
publicKey BIT STRING }
|
|
|
|
|
|
|
|
RecipientEncryptedKeys ::= SEQUENCE OF RecipientEncryptedKey
|
|
|
|
|
|
|
|
RecipientEncryptedKey ::= SEQUENCE {
|
|
|
|
rid KeyAgreeRecipientIdentifier,
|
|
|
|
encryptedKey EncryptedKey }
|
|
|
|
|
|
|
|
KeyAgreeRecipientIdentifier ::= CHOICE {
|
|
|
|
issuerAndSerialNumber IssuerAndSerialNumber,
|
|
|
|
rKeyId [0] IMPLICIT RecipientKeyIdentifier }
|
|
|
|
|
|
|
|
RecipientKeyIdentifier ::= SEQUENCE {
|
|
|
|
subjectKeyIdentifier SubjectKeyIdentifier,
|
|
|
|
date GeneralizedTime OPTIONAL,
|
|
|
|
other OtherKeyAttribute OPTIONAL }
|
2004-07-19 09:03:28 +00:00
|
|
|
|
|
|
|
SubjectKeyIdentifier ::= OCTET STRING
|
|
|
|
|
2004-07-25 10:34:07 +00:00
|
|
|
KEKRecipientInfo ::= SEQUENCE {
|
|
|
|
version CMSVersion,
|
2004-07-19 09:03:28 +00:00
|
|
|
-- always set to 4
|
2004-07-25 10:34:07 +00:00
|
|
|
kekid KEKIdentifier,
|
|
|
|
keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
|
|
|
|
encryptedKey EncryptedKey }
|
|
|
|
|
|
|
|
KEKIdentifier ::= SEQUENCE {
|
|
|
|
keyIdentifier OCTET STRING,
|
|
|
|
date GeneralizedTime OPTIONAL,
|
|
|
|
other OtherKeyAttribute OPTIONAL }
|
|
|
|
|
|
|
|
DigestedData ::= SEQUENCE {
|
|
|
|
version CMSVersion,
|
|
|
|
digestAlgorithm DigestAlgorithmIdentifier,
|
|
|
|
encapContentInfo EncapsulatedContentInfo,
|
|
|
|
digest Digest }
|
2004-07-19 09:03:28 +00:00
|
|
|
|
|
|
|
Digest ::= OCTET STRING
|
|
|
|
|
2004-07-25 10:34:07 +00:00
|
|
|
EncryptedData ::= SEQUENCE {
|
|
|
|
version CMSVersion,
|
|
|
|
encryptedContentInfo EncryptedContentInfo,
|
|
|
|
unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL }
|
|
|
|
|
|
|
|
AuthenticatedData ::= SEQUENCE {
|
|
|
|
version CMSVersion,
|
|
|
|
originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
|
|
|
|
recipientInfos RecipientInfos,
|
|
|
|
macAlgorithm MessageAuthenticationCodeAlgorithm,
|
|
|
|
digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL,
|
|
|
|
encapContentInfo EncapsulatedContentInfo,
|
|
|
|
authenticatedAttributes [2] IMPLICIT AuthAttributes OPTIONAL,
|
|
|
|
mac MessageAuthenticationCode,
|
|
|
|
unauthenticatedAttributes [3] IMPLICIT UnauthAttributes OPTIONAL }
|
2004-07-19 09:03:28 +00:00
|
|
|
|
|
|
|
AuthAttributes ::= SET SIZE (1..MAX) OF Attribute
|
|
|
|
|
|
|
|
UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute
|
|
|
|
|
|
|
|
MessageAuthenticationCode ::= OCTET STRING
|
|
|
|
|
|
|
|
DigestAlgorithmIdentifier ::= AlgorithmIdentifier
|
|
|
|
|
|
|
|
SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
|
|
|
|
|
|
|
|
KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
|
|
|
|
|
|
|
|
ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
|
|
|
|
|
|
|
|
MessageAuthenticationCodeAlgorithm ::= AlgorithmIdentifier
|
|
|
|
|
|
|
|
CertificateRevocationLists ::= SET OF CertificateList
|
|
|
|
|
|
|
|
CertificateChoices ::= CHOICE {
|
|
|
|
certificate Certificate,
|
|
|
|
extendedCertificate [0] IMPLICIT ExtendedCertificate,
|
|
|
|
attrCert [1] IMPLICIT AttributeCertificate }
|
|
|
|
|
|
|
|
CertificateSet ::= SET OF CertificateChoices
|
|
|
|
|
|
|
|
IssuerAndSerialNumber ::= SEQUENCE {
|
2004-07-25 10:41:39 +00:00
|
|
|
issuer Name,
|
2004-07-19 09:03:28 +00:00
|
|
|
serialNumber CertificateSerialNumber }
|
|
|
|
|
|
|
|
CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4) }
|
|
|
|
|
2004-07-25 10:34:07 +00:00
|
|
|
UserKeyingMaterial ::= OCTET STRING
|
|
|
|
|
|
|
|
OtherKeyAttribute ::= SEQUENCE {
|
2004-10-29 12:11:42 +00:00
|
|
|
keyAttrId OBJECT IDENTIFIER,
|
2004-11-06 02:06:55 +00:00
|
|
|
keyAttr ANY OPTIONAL
|
2004-07-25 10:34:07 +00:00
|
|
|
}
|
|
|
|
|
2004-07-19 09:03:28 +00:00
|
|
|
-- CMS Attributes
|
|
|
|
--
|
2005-10-03 05:16:57 +00:00
|
|
|
MessageDigest ::= OCTET STRING
|
|
|
|
|
|
|
|
SigningTime ::= Time
|
|
|
|
|
|
|
|
Time ::= CHOICE {
|
|
|
|
utcTime UTCTime,
|
|
|
|
generalTime GeneralizedTime }
|
2004-07-19 09:03:28 +00:00
|
|
|
|
|
|
|
Countersignature ::= SignerInfo
|
|
|
|
|
|
|
|
-- Algorithm Identifiers
|
|
|
|
--
|
|
|
|
-- sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
|
|
|
|
-- oiw(14) secsig(3) algorithm(2) 26 }
|
|
|
|
--
|
|
|
|
-- md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
|
|
|
|
-- rsadsi(113549) digestAlgorithm(2) 5 }
|
|
|
|
--
|
|
|
|
-- id-dsa-with-sha1 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
|
|
-- us(840) x9-57 (10040) x9cm(4) 3 }
|
|
|
|
--
|
|
|
|
-- rsaEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
|
|
-- us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1 }
|
|
|
|
--
|
|
|
|
-- dh-public-number OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
|
|
-- us(840) ansi-x942(10046) number-type(2) 1 }
|
|
|
|
--
|
|
|
|
-- id-alg-ESDH OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
|
|
|
|
-- rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 5 }
|
|
|
|
--
|
|
|
|
-- id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
|
|
-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 6 }
|
|
|
|
--
|
|
|
|
-- id-alg-CMSRC2wrap OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
|
|
-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 7 }
|
|
|
|
--
|
|
|
|
-- des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
|
|
-- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 }
|
|
|
|
--
|
|
|
|
-- rc2-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
|
|
|
|
-- rsadsi(113549) encryptionAlgorithm(3) 2 }
|
|
|
|
--
|
|
|
|
-- hMAC-SHA1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
|
|
|
|
-- dod(6) internet(1) security(5) mechanisms(5) 8 1 2 }
|
|
|
|
--
|
|
|
|
--
|
|
|
|
-- Algorithm Parameters
|
|
|
|
--
|
|
|
|
-- KeyWrapAlgorithm ::= AlgorithmIdentifier
|
|
|
|
--
|
|
|
|
-- RC2wrapParameter ::= RC2ParameterVersion
|
|
|
|
--
|
|
|
|
-- RC2ParameterVersion ::= INTEGER
|
|
|
|
--
|
|
|
|
-- CBCParameter ::= IV
|
|
|
|
--
|
|
|
|
-- IV ::= OCTET STRING
|
|
|
|
--
|
|
|
|
-- RC2CBCParameter ::= SEQUENCE {
|
|
|
|
-- rc2ParameterVersion INTEGER,
|
|
|
|
-- iv OCTET STRING }
|
|
|
|
--
|
|
|
|
--
|
|
|
|
-- Content Type Object Identifiers
|
|
|
|
--
|
|
|
|
-- id-ct-contentInfo OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
|
|
-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
|
|
|
|
-- ct(1) 6 }
|
|
|
|
--
|
|
|
|
-- id-data OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
|
|
-- us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 }
|
|
|
|
--
|
|
|
|
-- id-signedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
|
|
-- us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2 }
|
|
|
|
--
|
|
|
|
-- id-envelopedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
|
|
-- us(840) rsadsi(113549) pkcs(1) pkcs7(7) 3 }
|
|
|
|
--
|
|
|
|
-- id-digestedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
|
|
-- us(840) rsadsi(113549) pkcs(1) pkcs7(7) 5 }
|
|
|
|
--
|
|
|
|
-- id-encryptedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
|
|
-- us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6 }
|
|
|
|
--
|
|
|
|
-- id-ct-authData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
|
|
-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
|
|
|
|
-- ct(1) 2 }
|
|
|
|
--
|
|
|
|
--
|
|
|
|
-- Attribute Object Identifiers
|
|
|
|
--
|
|
|
|
-- id-contentType OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
|
|
-- us(840) rsadsi(113549) pkcs(1) pkcs9(9) 3 }
|
|
|
|
--
|
|
|
|
-- id-messageDigest OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
|
|
-- us(840) rsadsi(113549) pkcs(1) pkcs9(9) 4 }
|
|
|
|
--
|
|
|
|
-- id-signingTime OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
|
|
-- us(840) rsadsi(113549) pkcs(1) pkcs9(9) 5 }
|
|
|
|
--
|
|
|
|
-- id-countersignature OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
|
|
-- us(840) rsadsi(113549) pkcs(1) pkcs9(9) 6 }
|
|
|
|
--
|
|
|
|
--
|
|
|
|
-- Obsolete Extended Certificate syntax from PKCS#6
|
|
|
|
|
|
|
|
ExtendedCertificate ::= SEQUENCE {
|
|
|
|
extendedCertificateInfo ExtendedCertificateInfo,
|
|
|
|
signatureAlgorithm SignatureAlgorithmIdentifier,
|
|
|
|
signature Signature }
|
|
|
|
|
|
|
|
ExtendedCertificateInfo ::= SEQUENCE {
|
|
|
|
version CMSVersion,
|
|
|
|
certificate Certificate,
|
|
|
|
attributes UnauthAttributes }
|
|
|
|
|
|
|
|
Signature ::= BIT STRING
|
|
|
|
|
|
|
|
|
|
|
|
END -- of CryptographicMessageSyntax
|