-- @(#) sm_cms.asn 1.13 12/17/98 14:17:10 -- FROM cms.txt: CryptographicMessageSyntax { 1 2 840 113549 1 9 16 0 1 } --RWC;{ iso(1) member-body(2) us(840) rsadsi(113549) --RWC; pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1) } DEFINITIONS IMPLICIT TAGS ::= BEGIN -- EXPORTS All -- The types and values defined in this module are exported for use in -- the other ASN.1 modules. Other applications may use them for their -- own purposes. IMPORTS -- MB;KeyIdentifier (replaces SubjectKeyIdentifier) KeyIdentifier FROM CertificateExtensions -- MB;PKCS1-OIDS rsadsi, pkcs --MB;rsaEncryption, md5 FROM PKCS1-OIDS -- Useful Definitions from X.501 informationFramework, authenticationFramework FROM UsefulDefinitions { usefulDefinitions } -- Directory Information Framework (X.501) Name, Attribute, Attributes, AttributeValue FROM InformationFramework --RWC; { joint-iso-itu-t ds(5) rWCmodules(1) --RWC; "modules(1)" re-defined from above "CrytpgraphicMessageSyntax". --RWC; informationFramework(1) 3 } -- Directory Authentication Framework (X.509) AlgorithmIdentifier, AttributeCertificate, Certificate, CertificateList, CertificateSerialNumber, Time FROM AuthenticationFramework; --RWC;{ joint-iso-itu-t rWCds(5) --RWC; "ds(1)" re-defined. --RWC;module(1) rWCauthenticationFramework(7) 3 } ; -- Cryptographic Message Syntax ContentInfo ::= SEQUENCE { contentType ContentType, content [0] EXPLICIT ANY } --RWC;DEFINED BY contentType } ContentType ::= OBJECT IDENTIFIER SignedData ::= SEQUENCE { version CMSVersion, digestAlgorithms DigestAlgorithmIdentifiers, encapContentInfo EncapsulatedContentInfo, certificates [0] IMPLICIT CertificateSet OPTIONAL, crls [1] IMPLICIT CertificateRevocationLists OPTIONAL, signerInfos SignerInfos } DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier SignerInfos ::= SET OF SignerInfo EncapsulatedContentInfo ::= SEQUENCE { eContentType ContentType, eContent [0] EXPLICIT OCTET STRING OPTIONAL } SignerInfo ::= SEQUENCE { version CMSVersion, sid SignerIdentifier, digestAlgorithm DigestAlgorithmIdentifier, signedAttrs [0] IMPLICIT Attributes OPTIONAL, --MB;SignedAttributes OPTIONAL, signatureAlgorithm SignatureAlgorithmIdentifier, signature SignatureValue, unsignedAttrs [1] IMPLICIT Attributes OPTIONAL } --MB;UnsignedAttributes OPTIONAL } SignerIdentifier ::= CHOICE { issuerAndSerialNumber IssuerAndSerialNumber, subjectKeyIdentifier [0] KeyIdentifier } --MB;SubjectKeyIdentifier } --MB;SignedAttributes ::= SET SIZE (1..MAX) OF Attribute --MB;UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute --MB;Attribute ::= SEQUENCE { --MB; attrType OBJECT IDENTIFIER, --MB; attrValues SET OF AttributeValue } --MB;AttributeValue ::= ANY SignatureValue ::= OCTET STRING EnvelopedData ::= SEQUENCE { version CMSVersion, originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL, recipientInfos RecipientInfos, encryptedContentInfo EncryptedContentInfo, unprotectedAttrs [1] IMPLICIT Attributes OPTIONAL } --MB;UnprotectedAttributes OPTIONAL } OriginatorInfo ::= SEQUENCE { certs [0] IMPLICIT CertificateSet OPTIONAL, crls [1] IMPLICIT CertificateRevocationLists OPTIONAL } RecipientInfos ::= SET OF RecipientInfo EncryptedContentInfo ::= SEQUENCE { contentType ContentType, contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier, encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL } EncryptedContent ::= OCTET STRING --MB;UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute RecipientInfo ::= CHOICE { ktri KeyTransRecipientInfo, kari [1] KeyAgreeRecipientInfo, kekri [2] KEKRecipientInfo } EncryptedKey ::= OCTET STRING KeyTransRecipientInfo ::= SEQUENCE { version CMSVersion, -- always set to 0 or 2 rid RecipientIdentifier, keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, encryptedKey EncryptedKey } RecipientIdentifier ::= CHOICE { issuerAndSerialNumber IssuerAndSerialNumber, subjectKeyIdentifier [0] KeyIdentifier } --MB;SubjectKeyIdentifier } KeyAgreeRecipientInfo ::= SEQUENCE { version CMSVersion, -- always set to 3 originator [0] EXPLICIT OriginatorIdentifierOrKey, ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL, keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, recipientEncryptedKeys RecipientEncryptedKeys } OriginatorIdentifierOrKey ::= CHOICE { issuerAndSerialNumber IssuerAndSerialNumber, subjectKeyIdentifier [0] KeyIdentifier, --MB;SubjectKeyIdentifier, originatorKey [1] OriginatorPublicKey } OriginatorPublicKey ::= SEQUENCE { algorithm AlgorithmIdentifier, publicKey BIT STRING } RecipientEncryptedKeys ::= SEQUENCE OF RecipientEncryptedKey RecipientEncryptedKey ::= SEQUENCE { rid KeyAgreeRecipientIdentifier, encryptedKey EncryptedKey } KeyAgreeRecipientIdentifier ::= CHOICE { issuerAndSerialNumber IssuerAndSerialNumber, rKeyId [0] IMPLICIT RecipientKeyIdentifier } RecipientKeyIdentifier ::= SEQUENCE { subjectKeyIdentifier KeyIdentifier, --MB;SubjectKeyIdentifier, date GeneralizedTime OPTIONAL, other OtherKeyAttribute OPTIONAL } --MB;SubjectKeyIdentifier ::= OCTET STRING KEKRecipientInfo ::= SEQUENCE { version CMSVersion, -- always set to 4 kekid KEKIdentifier, keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, encryptedKey EncryptedKey } KEKIdentifier ::= SEQUENCE { keyIdentifier OCTET STRING, date GeneralizedTime OPTIONAL, other OtherKeyAttribute OPTIONAL } DigestedData ::= SEQUENCE { version CMSVersion, digestAlgorithm DigestAlgorithmIdentifier, encapContentInfo EncapsulatedContentInfo, digest Digest } Digest ::= OCTET STRING EncryptedData ::= SEQUENCE { version CMSVersion, encryptedContentInfo EncryptedContentInfo } AuthenticatedData ::= SEQUENCE { version CMSVersion, originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL, recipientInfos RecipientInfos, macAlgorithm MessageAuthenticationCodeAlgorithm, digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL, encapContentInfo EncapsulatedContentInfo, authenctiatedAttributes [2] IMPLICIT Attributes OPTIONAL, --MB;AuthAttributes OPTIONAL, mac MessageAuthenticationCode, unauthenticatedAttributes [3] IMPLICIT Attributes OPTIONAL } --MB;UnauthAttributes OPTIONAL } --MB;AuthAttributes ::= SET SIZE (1..MAX) OF Attribute --MB;UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute MessageAuthenticationCode ::= OCTET STRING DigestAlgorithmIdentifier ::= AlgorithmIdentifier SignatureAlgorithmIdentifier ::= AlgorithmIdentifier KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier MessageAuthenticationCodeAlgorithm ::= AlgorithmIdentifier CertificateRevocationLists ::= SET OF CertificateList CertificateChoices ::= CHOICE { certificate Certificate, -- See X.509 extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete attrCert [1] IMPLICIT AttributeCertificate } -- See X.509 & X9.57 CertificateSet ::= SET OF CertificateChoices IssuerAndSerialNumber ::= SEQUENCE { issuer Name, serialNumber CertificateSerialNumber } CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4) } UserKeyingMaterial ::= OCTET STRING UserKeyingMaterials ::= SET SIZE (1..MAX) OF UserKeyingMaterial OtherKeyAttribute ::= SEQUENCE { keyAttrId OBJECT IDENTIFIER, keyAttr ANY OPTIONAL } --RWC;DEFINED BY keyAttrId OPTIONAL } -- CMS Attributes MessageDigest ::= OCTET STRING SigningTime ::= Time --MB;Time ::= CHOICE { --MB; utcTime UTCTime, --MB; generalTime GeneralizedTime } Countersignature ::= SignerInfo -- Algorithm Identifiers sha-1 OBJECT IDENTIFIER ::= { 1 3 14 3 2 26 } --MB;{ iso(1) identified-organization(3) --MB;oiw(14) secsig(3) algorithm(2) 26 } --MB;md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) --MB; rsadsi(113549) digestAlgorithm(2) 5 } id-dsa-with-sha1 OBJECT IDENTIFIER ::= { 1 2 840 10040 4 3 } --MB;{ iso(1) member-body(2) --MB;us(840) x9-57 (10040) x9cm(4) 3 } --MB;rsaEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2) --MB; us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1 } dh-public-number OBJECT IDENTIFIER ::= { 1 2 840 10046 2 1 } --MB;{ iso(1) member-body(2) --MB;us(840) ansi-x942(10046) number-type(2) 1 } id-alg-ESDH OBJECT IDENTIFIER ::= { pkcs 9 16 3 5 } --MB;{ iso(1) member-body(2) us(840) --MB;rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 5 } id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= { pkcs 9 16 3 6 } --MB;{ iso(1) member-body(2) --MB;us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 6 } id-alg-CMSRC2wrap OBJECT IDENTIFIER ::= { pkcs 9 16 3 7 } --MB;{ iso(1) member-body(2) --MB;us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 7 } des-ede3-cbc OBJECT IDENTIFIER ::= { rsadsi 3 7 } --MB;{ iso(1) member-body(2) --MB;us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } rc2-cbc OBJECT IDENTIFIER ::= { rsadsi 3 2 } --MB;{ iso(1) member-body(2) us(840) --MB;rsadsi(113549) encryptionAlgorithm(3) 2 } hMAC-SHA1 OBJECT IDENTIFIER ::= { 1 3 6 1 5 5 8 1 2 } --MB;{ iso(1) identified-organization(3) --MB;dod(6) internet(1) security(5) mechanisms(5) 8 1 2 } -- some more algorithms added by dmitch rc2-ecb OBJECT IDENTIFIER ::= { rsadsi 3 3 } rc4 OBJECT IDENTIFIER ::= { rsadsi 3 4 } rc4WithMAC OBJECT IDENTIFIER ::= { rsadsi 3 5 } desx-CBC OBJECT IDENTIFIER ::= { rsadsi 3 6 } rc5CBC OBJECT IDENTIFIER ::= { rsadsi 3 8 } rc5-CBCPad OBJECT IDENTIFIER ::= { rsadsi 3 9 } desCDMF OBJECT IDENTIFIER ::= { rsadsi 3 10 } -- this is the OID used by BSAFE when generating DSA keys. It is not -- the same as id_dsa from sm_x501ud... dsa-bsafe OBJECT IDENTIFIER ::= {1 3 14 3 2 12} -- end of dmitch addenda -- Algorithm Parameters KeyWrapAlgorithm ::= AlgorithmIdentifier RC2wrapParameter ::= RC2ParameterVersion RC2ParameterVersion ::= INTEGER CBCParameter ::= IV IV ::= OCTET STRING -- exactly 8 octets RC2CBCParameter ::= SEQUENCE { rc2ParameterVersion INTEGER, iv OCTET STRING } -- exactly 8 octets -- Content Type Object Identifiers id-data OBJECT IDENTIFIER ::= { pkcs 7 1 } --MB; { iso(1) member-body(2) --MB;us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 } id-signedData OBJECT IDENTIFIER ::= { pkcs 7 2 } --MB;{ iso(1) member-body(2) --MB;us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2 } id-envelopedData OBJECT IDENTIFIER ::= { pkcs 7 3 } --MB;{ iso(1) member-body(2) --MB;us(840) rsadsi(113549) pkcs(1) pkcs7(7) 3 } id-digestedData OBJECT IDENTIFIER ::= { pkcs 7 5 } --MB;{ iso(1) member-body(2) --MB;us(840) rsadsi(113549) pkcs(1) pkcs7(7) 5 } id-encryptedData OBJECT IDENTIFIER ::= { pkcs 7 6 } --MB;{ iso(1) member-body(2) --MB;us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6 } id-ct-authData OBJECT IDENTIFIER ::= { pkcs 9 16 1 2 } --MB;{ iso(1) member-body(2) --MB;us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) --MB;ct(1) 2 } -- Attribute Object Identifiers id-contentType OBJECT IDENTIFIER ::= { pkcs 9 3 } --MB;{ iso(1) member-body(2) --MB;us(840) rsadsi(113549) pkcs(1) pkcs9(9) 3 } id-messageDigest OBJECT IDENTIFIER ::= { pkcs 9 4 } --MB;{ iso(1) member-body(2) --MB;us(840) rsadsi(113549) pkcs(1) pkcs9(9) 4 } id-signingTime OBJECT IDENTIFIER ::= { pkcs 9 5 } --MB;{ iso(1) member-body(2) --MB;us(840) rsadsi(113549) pkcs(1) pkcs9(9) 5 } id-countersignature OBJECT IDENTIFIER ::= { pkcs 9 6 } --MB;{ iso(1) member-body(2) --MB;us(840) rsadsi(113549) pkcs(1) pkcs9(9) 6 } -- Obsolete Extended Certificate syntax from PKCS#6 ExtendedCertificateOrCertificate ::= CHOICE { certificate Certificate, extendedCertificate [0] IMPLICIT ExtendedCertificate } ExtendedCertificate ::= SEQUENCE { extendedCertificateInfo ExtendedCertificateInfo, signatureAlgorithm SignatureAlgorithmIdentifier, signature Signature } ExtendedCertificateInfo ::= SEQUENCE { version CMSVersion, certificate Certificate, attributes Attributes } --MB;UnauthAttributes } Signature ::= BIT STRING -- Everything below this line is not part of draft-ietf-smime-cms-13.txt -- Attribute Object Identifiers id-macValue OBJECT IDENTIFIER ::= { pkcs 9 16 2 8 } --MB;{ iso(1) member-body(2) --MB;us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) aa(2) 8 } -- Algorithm Identifiers id-dsa OBJECT IDENTIFIER ::= { 1 2 840 10040 4 1 } --MB;{iso(1) member-body(2) --MB;us(840) x9-57(10040) x9cm(4) 1 } -- Content Encryption Algorithms -- For the effective-key-bits (key size) greater than 32 and less -- than 256, the RC2-CBC algorithm parameters are encoded as: -- RC2-CBC parameter ::= SEQUENCE { -- rc2ParameterVersion INTEGER, -- iv OCTET STRING (8) } -- For the effective-key-bits of 40, 64, and 128, the -- rc2ParameterVersion values are 160, 120, 58 respectively. -- Normally in PKCS#7 DigestInfo ::= SEQUENCE { -- Defined in PKCS#7 but not IETF-CMS digestAlgorithm DigestAlgorithmIdentifier, digest Digest } END -- of CryptographicMessageSyntax