401 lines
12 KiB
Groff
401 lines
12 KiB
Groff
-- Extracted from RFC5652
|
|
-- and massaged/modified so it passes through our asn2wrs compiler
|
|
|
|
CryptographicMessageSyntax
|
|
{ iso(1) member-body(2) us(840) rsadsi(113549)
|
|
pkcs(1) pkcs-9(9) smime(16) modules(0) cms-2004(24) }
|
|
|
|
DEFINITIONS IMPLICIT TAGS ::=
|
|
BEGIN
|
|
|
|
-- EXPORTS All
|
|
-- The types and values defined in this module are exported for use
|
|
-- in the other ASN.1 modules. Other applications may use them for
|
|
-- their own purposes.
|
|
|
|
IMPORTS
|
|
-- Directory Information Framework (X.501)
|
|
Name
|
|
FROM InformationFramework { joint-iso-itu-t ds(5) modules(1)
|
|
informationFramework(1) 3 }
|
|
|
|
-- Directory Authentication Framework (X.509)
|
|
AlgorithmIdentifier, AttributeCertificate, Certificate,
|
|
CertificateList, CertificateSerialNumber
|
|
FROM AuthenticationFramework { joint-iso-itu-t ds(5)
|
|
module(1) authenticationFramework(7) 3 } ;
|
|
|
|
|
|
-- Cryptographic Message Syntax
|
|
|
|
ContentInfo ::= SEQUENCE {
|
|
contentType ContentType,
|
|
content [0] EXPLICIT ANY DEFINED BY contentType }
|
|
|
|
ContentType ::= OBJECT IDENTIFIER
|
|
|
|
SignedData ::= SEQUENCE {
|
|
version CMSVersion,
|
|
digestAlgorithms DigestAlgorithmIdentifiers,
|
|
encapContentInfo EncapsulatedContentInfo,
|
|
certificates [0] IMPLICIT CertificateSet OPTIONAL,
|
|
crls [1] IMPLICIT RevocationInfoChoices OPTIONAL,
|
|
signerInfos SignerInfos }
|
|
|
|
DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
|
|
|
|
SignerInfos ::= SET OF SignerInfo
|
|
|
|
-- Implemented by hand in the template
|
|
EncapsulatedContentInfo ::= SEQUENCE {
|
|
eContentType ContentType,
|
|
eContent [0] EXPLICIT OCTET STRING OPTIONAL }
|
|
|
|
SignerInfo ::= SEQUENCE {
|
|
version CMSVersion,
|
|
sid SignerIdentifier,
|
|
digestAlgorithm DigestAlgorithmIdentifier,
|
|
signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
|
|
signatureAlgorithm SignatureAlgorithmIdentifier,
|
|
signature SignatureValue,
|
|
unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL }
|
|
|
|
SignerIdentifier ::= CHOICE {
|
|
issuerAndSerialNumber IssuerAndSerialNumber,
|
|
subjectKeyIdentifier [0] SubjectKeyIdentifier }
|
|
|
|
SignedAttributes ::= SET SIZE (1..MAX) OF Attribute
|
|
|
|
UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute
|
|
|
|
Attribute ::= SEQUENCE {
|
|
attrType OBJECT IDENTIFIER,
|
|
attrValues SET OF AttributeValue }
|
|
|
|
AttributeValue ::= ANY
|
|
|
|
SignatureValue ::= OCTET STRING
|
|
|
|
EnvelopedData ::= SEQUENCE {
|
|
version CMSVersion,
|
|
originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
|
|
recipientInfos RecipientInfos,
|
|
encryptedContentInfo EncryptedContentInfo,
|
|
unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL }
|
|
|
|
OriginatorInfo ::= SEQUENCE {
|
|
certs [0] IMPLICIT CertificateSet OPTIONAL,
|
|
crls [1] IMPLICIT RevocationInfoChoices OPTIONAL }
|
|
|
|
RecipientInfos ::= SET SIZE (1..MAX) OF RecipientInfo
|
|
|
|
EncryptedContentInfo ::= SEQUENCE {
|
|
contentType ContentType,
|
|
contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
|
|
encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL }
|
|
|
|
EncryptedContent ::= OCTET STRING
|
|
|
|
UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute
|
|
|
|
RecipientInfo ::= CHOICE {
|
|
ktri KeyTransRecipientInfo,
|
|
kari [1] KeyAgreeRecipientInfo,
|
|
kekri [2] KEKRecipientInfo,
|
|
pwri [3] PasswordRecipientInfo,
|
|
ori [4] OtherRecipientInfo }
|
|
|
|
EncryptedKey ::= OCTET STRING
|
|
|
|
KeyTransRecipientInfo ::= SEQUENCE {
|
|
version CMSVersion, -- always set to 0 or 2
|
|
rid RecipientIdentifier,
|
|
keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
|
|
encryptedKey EncryptedKey }
|
|
|
|
RecipientIdentifier ::= CHOICE {
|
|
issuerAndSerialNumber IssuerAndSerialNumber,
|
|
subjectKeyIdentifier [0] SubjectKeyIdentifier }
|
|
|
|
KeyAgreeRecipientInfo ::= SEQUENCE {
|
|
version CMSVersion, -- always set to 3
|
|
originator [0] EXPLICIT OriginatorIdentifierOrKey,
|
|
ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL,
|
|
keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
|
|
recipientEncryptedKeys RecipientEncryptedKeys }
|
|
|
|
OriginatorIdentifierOrKey ::= CHOICE {
|
|
issuerAndSerialNumber IssuerAndSerialNumber,
|
|
subjectKeyIdentifier [0] SubjectKeyIdentifier,
|
|
originatorKey [1] OriginatorPublicKey }
|
|
|
|
OriginatorPublicKey ::= SEQUENCE {
|
|
algorithm AlgorithmIdentifier,
|
|
publicKey BIT STRING }
|
|
|
|
RecipientEncryptedKeys ::= SEQUENCE OF RecipientEncryptedKey
|
|
|
|
RecipientEncryptedKey ::= SEQUENCE {
|
|
rid KeyAgreeRecipientIdentifier,
|
|
encryptedKey EncryptedKey }
|
|
|
|
KeyAgreeRecipientIdentifier ::= CHOICE {
|
|
issuerAndSerialNumber IssuerAndSerialNumber,
|
|
rKeyId [0] IMPLICIT RecipientKeyIdentifier }
|
|
|
|
RecipientKeyIdentifier ::= SEQUENCE {
|
|
subjectKeyIdentifier SubjectKeyIdentifier,
|
|
date GeneralizedTime OPTIONAL,
|
|
other OtherKeyAttribute OPTIONAL }
|
|
|
|
SubjectKeyIdentifier ::= OCTET STRING
|
|
|
|
KEKRecipientInfo ::= SEQUENCE {
|
|
version CMSVersion, -- always set to 4
|
|
kekid KEKIdentifier,
|
|
keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
|
|
encryptedKey EncryptedKey }
|
|
|
|
KEKIdentifier ::= SEQUENCE {
|
|
keyIdentifier OCTET STRING,
|
|
date GeneralizedTime OPTIONAL,
|
|
other OtherKeyAttribute OPTIONAL }
|
|
|
|
PasswordRecipientInfo ::= SEQUENCE {
|
|
version CMSVersion, -- always set to 0
|
|
keyDerivationAlgorithm [0] KeyDerivationAlgorithmIdentifier
|
|
OPTIONAL,
|
|
keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
|
|
encryptedKey EncryptedKey }
|
|
|
|
OtherRecipientInfo ::= SEQUENCE {
|
|
oriType OBJECT IDENTIFIER,
|
|
oriValue ANY DEFINED BY oriType }
|
|
|
|
DigestedData ::= SEQUENCE {
|
|
version CMSVersion,
|
|
digestAlgorithm DigestAlgorithmIdentifier,
|
|
encapContentInfo EncapsulatedContentInfo,
|
|
digest Digest }
|
|
|
|
Digest ::= OCTET STRING
|
|
|
|
EncryptedData ::= SEQUENCE {
|
|
version CMSVersion,
|
|
encryptedContentInfo EncryptedContentInfo,
|
|
unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL }
|
|
|
|
AuthenticatedData ::= SEQUENCE {
|
|
version CMSVersion,
|
|
originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
|
|
recipientInfos RecipientInfos,
|
|
macAlgorithm MessageAuthenticationCodeAlgorithm,
|
|
digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL,
|
|
encapContentInfo EncapsulatedContentInfo,
|
|
authAttrs [2] IMPLICIT AuthAttributes OPTIONAL,
|
|
mac MessageAuthenticationCode,
|
|
unauthAttrs [3] IMPLICIT UnauthAttributes OPTIONAL }
|
|
|
|
AuthAttributes ::= SET SIZE (1..MAX) OF Attribute
|
|
|
|
UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute
|
|
|
|
MessageAuthenticationCode ::= OCTET STRING
|
|
|
|
DigestAlgorithmIdentifier ::= AlgorithmIdentifier
|
|
|
|
SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
|
|
|
|
KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
|
|
|
|
ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
|
|
|
|
MessageAuthenticationCodeAlgorithm ::= AlgorithmIdentifier
|
|
|
|
KeyDerivationAlgorithmIdentifier ::= AlgorithmIdentifier
|
|
|
|
RevocationInfoChoices ::= SET OF RevocationInfoChoice
|
|
|
|
RevocationInfoChoice ::= CHOICE {
|
|
crl CertificateList,
|
|
other [1] IMPLICIT OtherRevocationInfoFormat }
|
|
|
|
OtherRevocationInfoFormat ::= SEQUENCE {
|
|
otherRevInfoFormat OBJECT IDENTIFIER,
|
|
otherRevInfo ANY DEFINED BY otherRevInfoFormat }
|
|
|
|
CertificateChoices ::= CHOICE {
|
|
certificate Certificate,
|
|
extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete
|
|
v1AttrCert [1] IMPLICIT AttributeCertificateV1, -- Obsolete
|
|
v2AttrCert [2] IMPLICIT AttributeCertificateV2 }
|
|
|
|
AttributeCertificateV2 ::= AttributeCertificate
|
|
|
|
CertificateSet ::= SET OF CertificateChoices
|
|
|
|
IssuerAndSerialNumber ::= SEQUENCE {
|
|
issuer Name,
|
|
serialNumber CertificateSerialNumber }
|
|
|
|
CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4), v5(5) }
|
|
|
|
UserKeyingMaterial ::= OCTET STRING
|
|
|
|
OtherKeyAttribute ::= SEQUENCE {
|
|
keyAttrId OBJECT IDENTIFIER,
|
|
keyAttr ANY DEFINED BY keyAttrId OPTIONAL }
|
|
|
|
-- Content Type Object Identifiers
|
|
|
|
id-ct-contentInfo OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) ct(1) 6 }
|
|
|
|
id-data OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 }
|
|
|
|
id-signedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2 }
|
|
|
|
id-envelopedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
us(840) rsadsi(113549) pkcs(1) pkcs7(7) 3 }
|
|
|
|
id-digestedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
us(840) rsadsi(113549) pkcs(1) pkcs7(7) 5 }
|
|
|
|
id-encryptedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6 }
|
|
|
|
id-ct-authData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 2 }
|
|
|
|
-- The CMS Attributes
|
|
|
|
MessageDigest ::= OCTET STRING
|
|
|
|
SigningTime ::= Time
|
|
|
|
Time ::= CHOICE {
|
|
utcTime UTCTime,
|
|
generalTime GeneralizedTime }
|
|
|
|
Countersignature ::= SignerInfo
|
|
|
|
-- Algorithm Identifiers
|
|
--
|
|
-- sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
|
|
-- oiw(14) secsig(3) algorithm(2) 26 }
|
|
--
|
|
-- md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
|
|
-- rsadsi(113549) digestAlgorithm(2) 5 }
|
|
--
|
|
-- id-dsa-with-sha1 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
-- us(840) x9-57 (10040) x9cm(4) 3 }
|
|
--
|
|
-- rsaEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
-- us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1 }
|
|
--
|
|
-- dh-public-number OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
-- us(840) ansi-x942(10046) number-type(2) 1 }
|
|
--
|
|
-- id-alg-ESDH OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
|
|
-- rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 5 }
|
|
--
|
|
-- id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 6 }
|
|
--
|
|
-- id-alg-CMSRC2wrap OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 7 }
|
|
--
|
|
-- des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
-- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 }
|
|
--
|
|
-- rc2-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
|
|
-- rsadsi(113549) encryptionAlgorithm(3) 2 }
|
|
--
|
|
-- hMAC-SHA1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
|
|
-- dod(6) internet(1) security(5) mechanisms(5) 8 1 2 }
|
|
--
|
|
--
|
|
-- Algorithm Parameters
|
|
--
|
|
KeyWrapAlgorithm ::= AlgorithmIdentifier
|
|
|
|
RC2WrapParameter ::= RC2ParameterVersion
|
|
|
|
RC2ParameterVersion ::= INTEGER
|
|
|
|
CBCParameter ::= IV
|
|
|
|
IV ::= OCTET STRING
|
|
|
|
RC2CBCParameter ::= SEQUENCE {
|
|
rc2ParameterVersion INTEGER,
|
|
iv OCTET STRING }
|
|
|
|
-- Attribute Object Identifiers
|
|
|
|
id-contentType OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
us(840) rsadsi(113549) pkcs(1) pkcs9(9) 3 }
|
|
|
|
id-messageDigest OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
us(840) rsadsi(113549) pkcs(1) pkcs9(9) 4 }
|
|
|
|
id-signingTime OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
us(840) rsadsi(113549) pkcs(1) pkcs9(9) 5 }
|
|
|
|
id-countersignature OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
us(840) rsadsi(113549) pkcs(1) pkcs9(9) 6 }
|
|
|
|
-- Obsolete Extended Certificate syntax from PKCS #6
|
|
|
|
ExtendedCertificateOrCertificate ::= CHOICE {
|
|
certificate Certificate,
|
|
extendedCertificate [0] IMPLICIT ExtendedCertificate }
|
|
|
|
ExtendedCertificate ::= SEQUENCE {
|
|
extendedCertificateInfo ExtendedCertificateInfo,
|
|
signatureAlgorithm SignatureAlgorithmIdentifier,
|
|
signature Signature }
|
|
|
|
ExtendedCertificateInfo ::= SEQUENCE {
|
|
version CMSVersion,
|
|
certificate Certificate,
|
|
attributes UnauthAttributes }
|
|
|
|
Signature ::= BIT STRING
|
|
|
|
-- PKCS #7 type that was removed from CMS
|
|
|
|
DigestInfo ::= SEQUENCE {
|
|
digestAlgorithm DigestAlgorithmIdentifier,
|
|
digest Digest }
|
|
|
|
-- From S/MIME
|
|
|
|
SMIMECapabilities ::= SEQUENCE OF SMIMECapability
|
|
|
|
SMIMECapability ::= SEQUENCE {
|
|
capability OBJECT IDENTIFIER,
|
|
parameters ANY OPTIONAL
|
|
}
|
|
|
|
SMIMEEncryptionKeyPreference ::= CHOICE {
|
|
issuerAndSerialNumber [0] IssuerAndSerialNumber,
|
|
recipientKeyId [1] RecipientKeyIdentifier,
|
|
subjectAltKeyIdentifier [2] SubjectKeyIdentifier
|
|
|
|
}
|
|
|
|
-- some implememtations do not seem to use the RC2CBCParameter with 1.2.840.113549.3.2 as per RFC 2630 12.4.2
|
|
-- so we create this CHOICE to workaround this problem until we understand what is really the correct solution
|
|
|
|
RC2CBCParameters ::= CHOICE {
|
|
rc2WrapParameter RC2WrapParameter,
|
|
rc2CBCParameter RC2CBCParameter
|
|
|
|
}
|
|
|
|
|
|
END -- of CryptographicMessageSyntax2004
|