1-- Extracted from RFC5652 2-- and massaged/modified so it passes through our asn2wrs compiler 3 4CryptographicMessageSyntax 5 { iso(1) member-body(2) us(840) rsadsi(113549) 6 pkcs(1) pkcs-9(9) smime(16) modules(0) cms-2004(24) } 7 8DEFINITIONS IMPLICIT TAGS ::= 9BEGIN 10 11-- EXPORTS All 12-- The types and values defined in this module are exported for use 13-- in the other ASN.1 modules. Other applications may use them for 14-- their own purposes. 15 16IMPORTS 17 -- Directory Information Framework (X.501) 18 Name 19 FROM InformationFramework { joint-iso-itu-t ds(5) modules(1) 20 informationFramework(1) 3 } 21 22 -- Directory Authentication Framework (X.509) 23 AlgorithmIdentifier, AttributeCertificate, Certificate, 24 CertificateList, CertificateSerialNumber 25 FROM AuthenticationFramework { joint-iso-itu-t ds(5) 26 module(1) authenticationFramework(7) 3 } ; 27 28 29-- Cryptographic Message Syntax 30 31ContentInfo ::= SEQUENCE { 32 contentType ContentType, 33 content [0] EXPLICIT ANY DEFINED BY contentType } 34 35ContentType ::= OBJECT IDENTIFIER 36 37SignedData ::= SEQUENCE { 38 version CMSVersion, 39 digestAlgorithms DigestAlgorithmIdentifiers, 40 encapContentInfo EncapsulatedContentInfo, 41 certificates [0] IMPLICIT CertificateSet OPTIONAL, 42 crls [1] IMPLICIT RevocationInfoChoices OPTIONAL, 43 signerInfos SignerInfos } 44 45DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier 46 47SignerInfos ::= SET OF SignerInfo 48 49-- Implemented by hand in the template 50EncapsulatedContentInfo ::= SEQUENCE { 51 eContentType ContentType, 52 eContent [0] EXPLICIT OCTET STRING OPTIONAL } 53 54SignerInfo ::= SEQUENCE { 55 version CMSVersion, 56 sid SignerIdentifier, 57 digestAlgorithm DigestAlgorithmIdentifier, 58 signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL, 59 signatureAlgorithm SignatureAlgorithmIdentifier, 60 signature SignatureValue, 61 unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL } 62 63SignerIdentifier ::= CHOICE { 64 issuerAndSerialNumber IssuerAndSerialNumber, 65 subjectKeyIdentifier [0] SubjectKeyIdentifier } 66 67SignedAttributes ::= SET SIZE (1..MAX) OF Attribute 68 69UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute 70 71Attribute ::= SEQUENCE { 72 attrType OBJECT IDENTIFIER, 73 attrValues SET OF AttributeValue } 74 75AttributeValue ::= ANY 76 77SignatureValue ::= OCTET STRING 78 79EnvelopedData ::= SEQUENCE { 80 version CMSVersion, 81 originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL, 82 recipientInfos RecipientInfos, 83 encryptedContentInfo EncryptedContentInfo, 84 unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL } 85 86OriginatorInfo ::= SEQUENCE { 87 certs [0] IMPLICIT CertificateSet OPTIONAL, 88 crls [1] IMPLICIT RevocationInfoChoices OPTIONAL } 89 90RecipientInfos ::= SET SIZE (1..MAX) OF RecipientInfo 91 92EncryptedContentInfo ::= SEQUENCE { 93 contentType ContentType, 94 contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier, 95 encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL } 96 97EncryptedContent ::= OCTET STRING 98 99UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute 100 101RecipientInfo ::= CHOICE { 102 ktri KeyTransRecipientInfo, 103 kari [1] KeyAgreeRecipientInfo, 104 kekri [2] KEKRecipientInfo, 105 pwri [3] PasswordRecipientInfo, 106 ori [4] OtherRecipientInfo } 107 108EncryptedKey ::= OCTET STRING 109 110KeyTransRecipientInfo ::= SEQUENCE { 111 version CMSVersion, -- always set to 0 or 2 112 rid RecipientIdentifier, 113 keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, 114 encryptedKey EncryptedKey } 115 116RecipientIdentifier ::= CHOICE { 117 issuerAndSerialNumber IssuerAndSerialNumber, 118 subjectKeyIdentifier [0] SubjectKeyIdentifier } 119 120KeyAgreeRecipientInfo ::= SEQUENCE { 121 version CMSVersion, -- always set to 3 122 originator [0] EXPLICIT OriginatorIdentifierOrKey, 123 ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL, 124 keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, 125 recipientEncryptedKeys RecipientEncryptedKeys } 126 127OriginatorIdentifierOrKey ::= CHOICE { 128 issuerAndSerialNumber IssuerAndSerialNumber, 129 subjectKeyIdentifier [0] SubjectKeyIdentifier, 130 originatorKey [1] OriginatorPublicKey } 131 132OriginatorPublicKey ::= SEQUENCE { 133 algorithm AlgorithmIdentifier, 134 publicKey BIT STRING } 135 136RecipientEncryptedKeys ::= SEQUENCE OF RecipientEncryptedKey 137 138RecipientEncryptedKey ::= SEQUENCE { 139 rid KeyAgreeRecipientIdentifier, 140 encryptedKey EncryptedKey } 141 142KeyAgreeRecipientIdentifier ::= CHOICE { 143 issuerAndSerialNumber IssuerAndSerialNumber, 144 rKeyId [0] IMPLICIT RecipientKeyIdentifier } 145 146RecipientKeyIdentifier ::= SEQUENCE { 147 subjectKeyIdentifier SubjectKeyIdentifier, 148 date GeneralizedTime OPTIONAL, 149 other OtherKeyAttribute OPTIONAL } 150 151SubjectKeyIdentifier ::= OCTET STRING 152 153KEKRecipientInfo ::= SEQUENCE { 154 version CMSVersion, -- always set to 4 155 kekid KEKIdentifier, 156 keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, 157 encryptedKey EncryptedKey } 158 159KEKIdentifier ::= SEQUENCE { 160 keyIdentifier OCTET STRING, 161 date GeneralizedTime OPTIONAL, 162 other OtherKeyAttribute OPTIONAL } 163 164PasswordRecipientInfo ::= SEQUENCE { 165 version CMSVersion, -- always set to 0 166 keyDerivationAlgorithm [0] KeyDerivationAlgorithmIdentifier 167 OPTIONAL, 168 keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, 169 encryptedKey EncryptedKey } 170 171OtherRecipientInfo ::= SEQUENCE { 172 oriType OBJECT IDENTIFIER, 173 oriValue ANY DEFINED BY oriType } 174 175DigestedData ::= SEQUENCE { 176 version CMSVersion, 177 digestAlgorithm DigestAlgorithmIdentifier, 178 encapContentInfo EncapsulatedContentInfo, 179 digest Digest } 180 181Digest ::= OCTET STRING 182 183EncryptedData ::= SEQUENCE { 184 version CMSVersion, 185 encryptedContentInfo EncryptedContentInfo, 186 unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL } 187 188AuthenticatedData ::= SEQUENCE { 189 version CMSVersion, 190 originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL, 191 recipientInfos RecipientInfos, 192 macAlgorithm MessageAuthenticationCodeAlgorithm, 193 digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL, 194 encapContentInfo EncapsulatedContentInfo, 195 authAttrs [2] IMPLICIT AuthAttributes OPTIONAL, 196 mac MessageAuthenticationCode, 197 unauthAttrs [3] IMPLICIT UnauthAttributes OPTIONAL } 198 199AuthAttributes ::= SET SIZE (1..MAX) OF Attribute 200 201UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute 202 203MessageAuthenticationCode ::= OCTET STRING 204 205DigestAlgorithmIdentifier ::= AlgorithmIdentifier 206 207SignatureAlgorithmIdentifier ::= AlgorithmIdentifier 208 209KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier 210 211ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier 212 213MessageAuthenticationCodeAlgorithm ::= AlgorithmIdentifier 214 215KeyDerivationAlgorithmIdentifier ::= AlgorithmIdentifier 216 217RevocationInfoChoices ::= SET OF RevocationInfoChoice 218 219RevocationInfoChoice ::= CHOICE { 220 crl CertificateList, 221 other [1] IMPLICIT OtherRevocationInfoFormat } 222 223OtherRevocationInfoFormat ::= SEQUENCE { 224 otherRevInfoFormat OBJECT IDENTIFIER, 225 otherRevInfo ANY DEFINED BY otherRevInfoFormat } 226 227CertificateChoices ::= CHOICE { 228 certificate Certificate, 229 extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete 230 v1AttrCert [1] IMPLICIT AttributeCertificateV1, -- Obsolete 231 v2AttrCert [2] IMPLICIT AttributeCertificateV2 } 232 233AttributeCertificateV2 ::= AttributeCertificate 234 235CertificateSet ::= SET OF CertificateChoices 236 237IssuerAndSerialNumber ::= SEQUENCE { 238 issuer Name, 239 serialNumber CertificateSerialNumber } 240 241CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4), v5(5) } 242 243UserKeyingMaterial ::= OCTET STRING 244 245OtherKeyAttribute ::= SEQUENCE { 246 keyAttrId OBJECT IDENTIFIER, 247 keyAttr ANY DEFINED BY keyAttrId OPTIONAL } 248 249-- Content Type Object Identifiers 250 251id-ct-contentInfo OBJECT IDENTIFIER ::= { iso(1) member-body(2) 252 us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) ct(1) 6 } 253 254id-data OBJECT IDENTIFIER ::= { iso(1) member-body(2) 255 us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 } 256 257id-signedData OBJECT IDENTIFIER ::= { iso(1) member-body(2) 258 us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2 } 259 260id-envelopedData OBJECT IDENTIFIER ::= { iso(1) member-body(2) 261 us(840) rsadsi(113549) pkcs(1) pkcs7(7) 3 } 262 263id-digestedData OBJECT IDENTIFIER ::= { iso(1) member-body(2) 264 us(840) rsadsi(113549) pkcs(1) pkcs7(7) 5 } 265 266id-encryptedData OBJECT IDENTIFIER ::= { iso(1) member-body(2) 267 us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6 } 268 269id-ct-authData OBJECT IDENTIFIER ::= { iso(1) member-body(2) 270 us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 2 } 271 272-- The CMS Attributes 273 274MessageDigest ::= OCTET STRING 275 276SigningTime ::= Time 277 278Time ::= CHOICE { 279 utcTime UTCTime, 280 generalTime GeneralizedTime } 281 282Countersignature ::= SignerInfo 283 284-- Algorithm Identifiers 285-- 286-- sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) 287-- oiw(14) secsig(3) algorithm(2) 26 } 288-- 289-- md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) 290-- rsadsi(113549) digestAlgorithm(2) 5 } 291-- 292-- id-dsa-with-sha1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) 293-- us(840) x9-57 (10040) x9cm(4) 3 } 294-- 295-- rsaEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2) 296-- us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1 } 297-- 298-- dh-public-number OBJECT IDENTIFIER ::= { iso(1) member-body(2) 299-- us(840) ansi-x942(10046) number-type(2) 1 } 300-- 301-- id-alg-ESDH OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) 302-- rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 5 } 303-- 304-- id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= { iso(1) member-body(2) 305-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 6 } 306-- 307-- id-alg-CMSRC2wrap OBJECT IDENTIFIER ::= { iso(1) member-body(2) 308-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 7 } 309-- 310-- des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) 311-- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } 312-- 313-- rc2-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) 314-- rsadsi(113549) encryptionAlgorithm(3) 2 } 315-- 316-- hMAC-SHA1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) 317-- dod(6) internet(1) security(5) mechanisms(5) 8 1 2 } 318-- 319-- 320-- Algorithm Parameters 321-- 322KeyWrapAlgorithm ::= AlgorithmIdentifier 323 324RC2WrapParameter ::= RC2ParameterVersion 325 326RC2ParameterVersion ::= INTEGER 327 328CBCParameter ::= IV 329 330IV ::= OCTET STRING 331 332RC2CBCParameter ::= SEQUENCE { 333 rc2ParameterVersion INTEGER, 334 iv OCTET STRING } 335 336-- Attribute Object Identifiers 337 338id-contentType OBJECT IDENTIFIER ::= { iso(1) member-body(2) 339 us(840) rsadsi(113549) pkcs(1) pkcs9(9) 3 } 340 341id-messageDigest OBJECT IDENTIFIER ::= { iso(1) member-body(2) 342 us(840) rsadsi(113549) pkcs(1) pkcs9(9) 4 } 343 344id-signingTime OBJECT IDENTIFIER ::= { iso(1) member-body(2) 345 us(840) rsadsi(113549) pkcs(1) pkcs9(9) 5 } 346 347id-countersignature OBJECT IDENTIFIER ::= { iso(1) member-body(2) 348 us(840) rsadsi(113549) pkcs(1) pkcs9(9) 6 } 349 350-- Obsolete Extended Certificate syntax from PKCS #6 351 352ExtendedCertificateOrCertificate ::= CHOICE { 353 certificate Certificate, 354 extendedCertificate [0] IMPLICIT ExtendedCertificate } 355 356ExtendedCertificate ::= SEQUENCE { 357 extendedCertificateInfo ExtendedCertificateInfo, 358 signatureAlgorithm SignatureAlgorithmIdentifier, 359 signature Signature } 360 361ExtendedCertificateInfo ::= SEQUENCE { 362 version CMSVersion, 363 certificate Certificate, 364 attributes UnauthAttributes } 365 366Signature ::= BIT STRING 367 368-- PKCS #7 type that was removed from CMS 369 370DigestInfo ::= SEQUENCE { 371 digestAlgorithm DigestAlgorithmIdentifier, 372 digest Digest } 373 374-- From S/MIME 375 376SMIMECapabilities ::= SEQUENCE OF SMIMECapability 377 378SMIMECapability ::= SEQUENCE { 379 capability OBJECT IDENTIFIER, 380 parameters ANY OPTIONAL 381} 382 383SMIMEEncryptionKeyPreference ::= CHOICE { 384 issuerAndSerialNumber [0] IssuerAndSerialNumber, 385 recipientKeyId [1] RecipientKeyIdentifier, 386 subjectAltKeyIdentifier [2] SubjectKeyIdentifier 387 388} 389 390-- some implememtations do not seem to use the RC2CBCParameter with 1.2.840.113549.3.2 as per RFC 2630 12.4.2 391-- so we create this CHOICE to workaround this problem until we understand what is really the correct solution 392 393RC2CBCParameters ::= CHOICE { 394 rc2WrapParameter RC2WrapParameter, 395 rc2CBCParameter RC2CBCParameter 396 397} 398 399 400END -- of CryptographicMessageSyntax2004 401