[apple/security.git] / OSX / libsecurity_asn1 / asn1 / sm_cms.asn


-- @(#) sm_cms.asn 1.13 12/17/98 14:17:10 
-- FROM cms.txt:   <http://ietf.org/internet-drafts/draft-ietf-smime-cms-13.txt>

   CryptographicMessageSyntax
       { 1 2 840 113549 1 9 16 0 1 }
       --RWC;{ iso(1) member-body(2) us(840) rsadsi(113549)
       --RWC;  pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1) }

   DEFINITIONS IMPLICIT TAGS ::=
   BEGIN

   -- EXPORTS All
   -- The types and values defined in this module are exported for use in
   -- the other ASN.1 modules.  Other applications may use them for their
   -- own purposes.

   IMPORTS

  -- MB;KeyIdentifier (replaces SubjectKeyIdentifier)
     KeyIdentifier
	   FROM CertificateExtensions

  -- MB;PKCS1-OIDS
     rsadsi, pkcs --MB;rsaEncryption, md5
	   FROM PKCS1-OIDS

  -- Useful Definitions from X.501
     informationFramework, authenticationFramework
       FROM UsefulDefinitions  { usefulDefinitions }

  -- Directory Information Framework (X.501)
       Name, Attribute, Attributes, AttributeValue
         FROM InformationFramework --RWC; { joint-iso-itu-t ds(5) rWCmodules(1)
         --RWC; "modules(1)" re-defined from above "CrytpgraphicMessageSyntax".
         --RWC;    informationFramework(1) 3 }

   -- Directory Authentication Framework (X.509)
      AlgorithmIdentifier, AttributeCertificate, Certificate,
      CertificateList, CertificateSerialNumber, Time
        FROM AuthenticationFramework; --RWC;{ joint-iso-itu-t rWCds(5)
        --RWC; "ds(1)" re-defined.
        --RWC;module(1) rWCauthenticationFramework(7) 3 } ;


   -- Cryptographic Message Syntax

   ContentInfo ::= SEQUENCE {
     contentType ContentType,
     content [0] EXPLICIT ANY } --RWC;DEFINED BY contentType }

   ContentType ::= OBJECT IDENTIFIER

   SignedData ::= SEQUENCE {
     version CMSVersion,
     digestAlgorithms DigestAlgorithmIdentifiers,
     encapContentInfo EncapsulatedContentInfo,
     certificates [0] IMPLICIT CertificateSet OPTIONAL,
     crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
     signerInfos SignerInfos }

   DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier

   SignerInfos ::= SET OF SignerInfo


   EncapsulatedContentInfo ::= SEQUENCE {
     eContentType ContentType,
     eContent [0] EXPLICIT OCTET STRING OPTIONAL }

   SignerInfo ::= SEQUENCE {
     version CMSVersion,
     sid SignerIdentifier,
     digestAlgorithm DigestAlgorithmIdentifier,
     signedAttrs [0] IMPLICIT Attributes OPTIONAL, --MB;SignedAttributes OPTIONAL,
     signatureAlgorithm SignatureAlgorithmIdentifier,
     signature SignatureValue,
     unsignedAttrs [1] IMPLICIT Attributes OPTIONAL } --MB;UnsignedAttributes OPTIONAL }

   SignerIdentifier ::= CHOICE {
     issuerAndSerialNumber IssuerAndSerialNumber,
     subjectKeyIdentifier [0] KeyIdentifier } --MB;SubjectKeyIdentifier }

   --MB;SignedAttributes ::= SET SIZE (1..MAX) OF Attribute

   --MB;UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute

   --MB;Attribute ::= SEQUENCE {
   --MB;  attrType OBJECT IDENTIFIER,
   --MB;  attrValues SET OF AttributeValue }

   --MB;AttributeValue ::= ANY

   SignatureValue ::= OCTET STRING

   EnvelopedData ::= SEQUENCE {
     version CMSVersion,
     originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
     recipientInfos RecipientInfos,
     encryptedContentInfo EncryptedContentInfo,
     unprotectedAttrs [1] IMPLICIT Attributes OPTIONAL } --MB;UnprotectedAttributes OPTIONAL }

   OriginatorInfo ::= SEQUENCE {
     certs [0] IMPLICIT CertificateSet OPTIONAL,
     crls [1] IMPLICIT CertificateRevocationLists OPTIONAL }

   RecipientInfos ::= SET OF RecipientInfo

   EncryptedContentInfo ::= SEQUENCE {
     contentType ContentType,
     contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
     encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL }

   EncryptedContent ::= OCTET STRING


   --MB;UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute

   RecipientInfo ::= CHOICE {
     ktri KeyTransRecipientInfo,
     kari [1] KeyAgreeRecipientInfo,
     kekri [2] KEKRecipientInfo }

   EncryptedKey ::= OCTET STRING

   KeyTransRecipientInfo ::= SEQUENCE {
     version CMSVersion,  -- always set to 0 or 2
     rid RecipientIdentifier,
     keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
     encryptedKey EncryptedKey }

   RecipientIdentifier ::= CHOICE {
     issuerAndSerialNumber IssuerAndSerialNumber,
     subjectKeyIdentifier [0] KeyIdentifier } --MB;SubjectKeyIdentifier }

   KeyAgreeRecipientInfo ::= SEQUENCE {
     version CMSVersion,  -- always set to 3
     originator [0] EXPLICIT OriginatorIdentifierOrKey,
     ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL,
     keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
     recipientEncryptedKeys RecipientEncryptedKeys }

   OriginatorIdentifierOrKey ::= CHOICE {
     issuerAndSerialNumber IssuerAndSerialNumber,
     subjectKeyIdentifier [0] KeyIdentifier, --MB;SubjectKeyIdentifier,
     originatorKey [1] OriginatorPublicKey }

   OriginatorPublicKey ::= SEQUENCE {
     algorithm AlgorithmIdentifier,
     publicKey BIT STRING }

   RecipientEncryptedKeys ::= SEQUENCE OF RecipientEncryptedKey

   RecipientEncryptedKey ::= SEQUENCE {
     rid KeyAgreeRecipientIdentifier,
     encryptedKey EncryptedKey }

   KeyAgreeRecipientIdentifier ::= CHOICE {
     issuerAndSerialNumber IssuerAndSerialNumber,
     rKeyId [0] IMPLICIT RecipientKeyIdentifier }


   RecipientKeyIdentifier ::= SEQUENCE {
     subjectKeyIdentifier KeyIdentifier, --MB;SubjectKeyIdentifier,
     date GeneralizedTime OPTIONAL,
     other OtherKeyAttribute OPTIONAL }

   --MB;SubjectKeyIdentifier ::= OCTET STRING

   KEKRecipientInfo ::= SEQUENCE {
     version CMSVersion,  -- always set to 4
     kekid KEKIdentifier,
     keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
     encryptedKey EncryptedKey }

   KEKIdentifier ::= SEQUENCE {
     keyIdentifier OCTET STRING,
     date GeneralizedTime OPTIONAL,
     other OtherKeyAttribute OPTIONAL }

   DigestedData ::= SEQUENCE {
     version CMSVersion,
     digestAlgorithm DigestAlgorithmIdentifier,
     encapContentInfo EncapsulatedContentInfo,
     digest Digest }

   Digest ::= OCTET STRING

   EncryptedData ::= SEQUENCE {
     version CMSVersion,
     encryptedContentInfo EncryptedContentInfo }

   AuthenticatedData ::= SEQUENCE {
     version CMSVersion,
     originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
     recipientInfos RecipientInfos,
     macAlgorithm MessageAuthenticationCodeAlgorithm,
     digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL,
     encapContentInfo EncapsulatedContentInfo,
     authenctiatedAttributes [2] IMPLICIT Attributes OPTIONAL, --MB;AuthAttributes OPTIONAL,
     mac MessageAuthenticationCode,
     unauthenticatedAttributes [3] IMPLICIT Attributes OPTIONAL } --MB;UnauthAttributes OPTIONAL }

   --MB;AuthAttributes ::= SET SIZE (1..MAX) OF Attribute

   --MB;UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute

   MessageAuthenticationCode ::= OCTET STRING

   DigestAlgorithmIdentifier ::= AlgorithmIdentifier


   SignatureAlgorithmIdentifier ::= AlgorithmIdentifier

   KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier

   ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier

   MessageAuthenticationCodeAlgorithm ::= AlgorithmIdentifier

   CertificateRevocationLists ::= SET OF CertificateList

   CertificateChoices ::= CHOICE {
     certificate Certificate,  -- See X.509
     extendedCertificate [0] IMPLICIT ExtendedCertificate,  -- Obsolete
     attrCert [1] IMPLICIT AttributeCertificate }  -- See X.509 & X9.57

   CertificateSet ::= SET OF CertificateChoices

   IssuerAndSerialNumber ::= SEQUENCE {
     issuer Name,
     serialNumber CertificateSerialNumber }

   CMSVersion ::= INTEGER  { v0(0), v1(1), v2(2), v3(3), v4(4) }

   UserKeyingMaterial ::= OCTET STRING

   UserKeyingMaterials ::= SET SIZE (1..MAX) OF UserKeyingMaterial

   OtherKeyAttribute ::= SEQUENCE {
     keyAttrId OBJECT IDENTIFIER,
     keyAttr ANY  OPTIONAL } --RWC;DEFINED BY keyAttrId OPTIONAL }


   -- CMS Attributes

   MessageDigest ::= OCTET STRING

   SigningTime  ::= Time

   --MB;Time ::= CHOICE {
   --MB;  utcTime UTCTime,
   --MB;  generalTime GeneralizedTime }

   Countersignature ::= SignerInfo


   -- Algorithm Identifiers

   sha-1 OBJECT IDENTIFIER ::= { 1 3 14 3 2 26 } --MB;{ iso(1) identified-organization(3)
       --MB;oiw(14) secsig(3) algorithm(2) 26 }

   --MB;md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
   --MB;    rsadsi(113549) digestAlgorithm(2) 5 }

   id-dsa-with-sha1 OBJECT IDENTIFIER ::= { 1 2 840 10040 4 3 } --MB;{ iso(1) member-body(2)
       --MB;us(840) x9-57 (10040) x9cm(4) 3 }

   --MB;rsaEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2)
   --MB;    us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1 }

   dh-public-number OBJECT IDENTIFIER ::= { 1 2 840 10046 2 1 } --MB;{ iso(1) member-body(2)
       --MB;us(840) ansi-x942(10046) number-type(2) 1 }

   id-alg-ESDH OBJECT IDENTIFIER ::= { pkcs 9 16 3 5 } --MB;{ iso(1) member-body(2) us(840)
       --MB;rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 5 }

   id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= { pkcs 9 16 3 6 } --MB;{ iso(1) member-body(2)
       --MB;us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 6 }

   id-alg-CMSRC2wrap OBJECT IDENTIFIER ::= { pkcs 9 16 3 7 } --MB;{ iso(1) member-body(2)
       --MB;us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 7 }

   des-ede3-cbc OBJECT IDENTIFIER ::= { rsadsi 3 7 } --MB;{ iso(1) member-body(2)
       --MB;us(840) rsadsi(113549) encryptionAlgorithm(3) 7 }

   rc2-cbc OBJECT IDENTIFIER ::= { rsadsi 3 2 } --MB;{ iso(1) member-body(2) us(840)
       --MB;rsadsi(113549) encryptionAlgorithm(3) 2 }

   hMAC-SHA1 OBJECT IDENTIFIER ::= { 1 3 6 1 5 5 8 1 2 } --MB;{ iso(1) identified-organization(3)
       --MB;dod(6) internet(1) security(5) mechanisms(5) 8 1 2 }

   -- some more algorithms added by dmitch 
   
   rc2-ecb OBJECT IDENTIFIER ::= { rsadsi 3 3 }

   rc4 OBJECT IDENTIFIER ::= { rsadsi 3 4 }

   rc4WithMAC OBJECT IDENTIFIER ::= { rsadsi 3 5 }

   desx-CBC OBJECT IDENTIFIER ::= { rsadsi 3 6 }

   rc5CBC OBJECT IDENTIFIER ::= { rsadsi 3 8 }
   
   rc5-CBCPad OBJECT IDENTIFIER ::= { rsadsi 3 9 }
   
   desCDMF OBJECT IDENTIFIER ::= { rsadsi 3 10 }
   
   -- this is the OID used by BSAFE when generating DSA keys. It is not
   -- the same as id_dsa from sm_x501ud...
   
   dsa-bsafe OBJECT IDENTIFIER ::= {1 3 14 3 2 12}
   
   -- end of dmitch addenda
   
   
   -- Algorithm Parameters

   KeyWrapAlgorithm ::= AlgorithmIdentifier

   RC2wrapParameter ::= RC2ParameterVersion

   RC2ParameterVersion ::= INTEGER

   CBCParameter ::= IV

   IV ::= OCTET STRING  -- exactly 8 octets

   RC2CBCParameter ::= SEQUENCE {
     rc2ParameterVersion INTEGER,
     iv OCTET STRING  }  -- exactly 8 octets


   -- Content Type Object Identifiers

   id-data OBJECT IDENTIFIER ::= { pkcs 7 1 } --MB; { iso(1) member-body(2)
       --MB;us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 }

   id-signedData OBJECT IDENTIFIER ::= { pkcs 7 2 } --MB;{ iso(1) member-body(2)
       --MB;us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2 }

   id-envelopedData OBJECT IDENTIFIER ::= { pkcs 7 3 } --MB;{ iso(1) member-body(2)
       --MB;us(840) rsadsi(113549) pkcs(1) pkcs7(7) 3 }

   id-digestedData OBJECT IDENTIFIER ::= { pkcs 7 5 } --MB;{ iso(1) member-body(2)
       --MB;us(840) rsadsi(113549) pkcs(1) pkcs7(7) 5 }

   id-encryptedData OBJECT IDENTIFIER ::= { pkcs 7 6 } --MB;{ iso(1) member-body(2)
       --MB;us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6 }

   id-ct-authData OBJECT IDENTIFIER ::= { pkcs 9 16 1 2 } --MB;{ iso(1) member-body(2)
       --MB;us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
       --MB;ct(1) 2 }


   -- Attribute Object Identifiers

   id-contentType OBJECT IDENTIFIER ::= { pkcs 9 3 } --MB;{ iso(1) member-body(2)
       --MB;us(840) rsadsi(113549) pkcs(1) pkcs9(9) 3 }

   id-messageDigest OBJECT IDENTIFIER ::= { pkcs 9 4 } --MB;{ iso(1) member-body(2)
       --MB;us(840) rsadsi(113549) pkcs(1) pkcs9(9) 4 }

   id-signingTime OBJECT IDENTIFIER ::= { pkcs 9 5 } --MB;{ iso(1) member-body(2)
       --MB;us(840) rsadsi(113549) pkcs(1) pkcs9(9) 5 }

   id-countersignature OBJECT IDENTIFIER ::= { pkcs 9 6 } --MB;{ iso(1) member-body(2)
       --MB;us(840) rsadsi(113549) pkcs(1) pkcs9(9) 6 }


   -- Obsolete Extended Certificate syntax from PKCS#6

   ExtendedCertificateOrCertificate ::= CHOICE {
     certificate Certificate,
     extendedCertificate [0] IMPLICIT ExtendedCertificate }

   ExtendedCertificate ::= SEQUENCE {
     extendedCertificateInfo ExtendedCertificateInfo,
     signatureAlgorithm SignatureAlgorithmIdentifier,
     signature Signature }

   ExtendedCertificateInfo ::= SEQUENCE {
     version CMSVersion,
     certificate Certificate,
     attributes Attributes } --MB;UnauthAttributes }

   Signature ::= BIT STRING


   -- Everything below this line is not part of draft-ietf-smime-cms-13.txt


   -- Attribute Object Identifiers

   id-macValue OBJECT IDENTIFIER ::= { pkcs 9 16 2 8 } --MB;{ iso(1) member-body(2)
       --MB;us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) aa(2) 8 }


   -- Algorithm Identifiers

   id-dsa OBJECT IDENTIFIER ::= { 1 2 840 10040 4 1 } --MB;{iso(1) member-body(2)
       --MB;us(840) x9-57(10040) x9cm(4) 1 }


   -- Content Encryption Algorithms
   --        For the effective-key-bits (key size) greater than 32 and less
   --        than 256, the RC2-CBC algorithm parameters are encoded as:
   --        RC2-CBC parameter ::=  SEQUENCE {
   --                rc2ParameterVersion INTEGER,
   --                iv OCTET STRING (8) }
   --        For the effective-key-bits of 40, 64, and 128, the
   --        rc2ParameterVersion values are 160, 120, 58 respectively.


   -- Normally in PKCS#7
   DigestInfo ::= SEQUENCE { -- Defined in PKCS#7 but not IETF-CMS
     digestAlgorithm DigestAlgorithmIdentifier,
     digest Digest }


   END -- of CryptographicMessageSyntax
Commit	Line	Data
b1ab9ed8 A	1
	2	-- @(#) sm_cms.asn 1.13 12/17/98 14:17:10
	3	-- FROM cms.txt: <http://ietf.org/internet-drafts/draft-ietf-smime-cms-13.txt>
	4
	5	CryptographicMessageSyntax
	6	{ 1 2 840 113549 1 9 16 0 1 }
	7	--RWC;{ iso(1) member-body(2) us(840) rsadsi(113549)
	8	--RWC; pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1) }
	9
	10	DEFINITIONS IMPLICIT TAGS ::=
	11	BEGIN
	12
	13	-- EXPORTS All
	14	-- The types and values defined in this module are exported for use in
	15	-- the other ASN.1 modules. Other applications may use them for their
	16	-- own purposes.
	17
	18	IMPORTS
	19
	20	-- MB;KeyIdentifier (replaces SubjectKeyIdentifier)
	21	KeyIdentifier
	22	FROM CertificateExtensions
	23
	24	-- MB;PKCS1-OIDS
	25	rsadsi, pkcs --MB;rsaEncryption, md5
	26	FROM PKCS1-OIDS
	27
	28	-- Useful Definitions from X.501
	29	informationFramework, authenticationFramework
	30	FROM UsefulDefinitions { usefulDefinitions }
	31
	32	-- Directory Information Framework (X.501)
	33	Name, Attribute, Attributes, AttributeValue
	34	FROM InformationFramework --RWC; { joint-iso-itu-t ds(5) rWCmodules(1)
	35	--RWC; "modules(1)" re-defined from above "CrytpgraphicMessageSyntax".
	36	--RWC; informationFramework(1) 3 }
	37
	38	-- Directory Authentication Framework (X.509)
	39	AlgorithmIdentifier, AttributeCertificate, Certificate,
	40	CertificateList, CertificateSerialNumber, Time
	41	FROM AuthenticationFramework; --RWC;{ joint-iso-itu-t rWCds(5)
	42	--RWC; "ds(1)" re-defined.
	43	--RWC;module(1) rWCauthenticationFramework(7) 3 } ;
	44
	45
	46
	47
	48
	49	-- Cryptographic Message Syntax
	50
	51	ContentInfo ::= SEQUENCE {
	52	contentType ContentType,
	53	content [0] EXPLICIT ANY } --RWC;DEFINED BY contentType }
	54
	55	ContentType ::= OBJECT IDENTIFIER
	56
	57	SignedData ::= SEQUENCE {
	58	version CMSVersion,
	59	digestAlgorithms DigestAlgorithmIdentifiers,
	60	encapContentInfo EncapsulatedContentInfo,
	61	certificates [0] IMPLICIT CertificateSet OPTIONAL,
	62	crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
	63	signerInfos SignerInfos }
	64
65	DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
66
67	SignerInfos ::= SET OF SignerInfo
68
69
70
71	EncapsulatedContentInfo ::= SEQUENCE {
72	eContentType ContentType,
73	eContent [0] EXPLICIT OCTET STRING OPTIONAL }
74
75	SignerInfo ::= SEQUENCE {
76	version CMSVersion,
77	sid SignerIdentifier,
78	digestAlgorithm DigestAlgorithmIdentifier,
79	signedAttrs [0] IMPLICIT Attributes OPTIONAL, --MB;SignedAttributes OPTIONAL,
80	signatureAlgorithm SignatureAlgorithmIdentifier,
81	signature SignatureValue,
82	unsignedAttrs [1] IMPLICIT Attributes OPTIONAL } --MB;UnsignedAttributes OPTIONAL }
83
84	SignerIdentifier ::= CHOICE {
85	issuerAndSerialNumber IssuerAndSerialNumber,
86	subjectKeyIdentifier [0] KeyIdentifier } --MB;SubjectKeyIdentifier }
87
88	--MB;SignedAttributes ::= SET SIZE (1..MAX) OF Attribute
89
90	--MB;UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute
91
92	--MB;Attribute ::= SEQUENCE {
93	--MB; attrType OBJECT IDENTIFIER,
94	--MB; attrValues SET OF AttributeValue }
95
96	--MB;AttributeValue ::= ANY
97
98	SignatureValue ::= OCTET STRING
99
100	EnvelopedData ::= SEQUENCE {
101	version CMSVersion,
102	originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
103	recipientInfos RecipientInfos,
104	encryptedContentInfo EncryptedContentInfo,
105	unprotectedAttrs [1] IMPLICIT Attributes OPTIONAL } --MB;UnprotectedAttributes OPTIONAL }
106
107	OriginatorInfo ::= SEQUENCE {
108	certs [0] IMPLICIT CertificateSet OPTIONAL,
109	crls [1] IMPLICIT CertificateRevocationLists OPTIONAL }
110
111	RecipientInfos ::= SET OF RecipientInfo
112
113	EncryptedContentInfo ::= SEQUENCE {
114	contentType ContentType,
115	contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
116	encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL }
117
118	EncryptedContent ::= OCTET STRING
119
120
121
122	--MB;UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute
123
124	RecipientInfo ::= CHOICE {
125	ktri KeyTransRecipientInfo,
126	kari [1] KeyAgreeRecipientInfo,
127	kekri [2] KEKRecipientInfo }
128
129	EncryptedKey ::= OCTET STRING
130
131	KeyTransRecipientInfo ::= SEQUENCE {
132	version CMSVersion, -- always set to 0 or 2
133	rid RecipientIdentifier,
134	keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
135	encryptedKey EncryptedKey }
136
137	RecipientIdentifier ::= CHOICE {
138	issuerAndSerialNumber IssuerAndSerialNumber,
139	subjectKeyIdentifier [0] KeyIdentifier } --MB;SubjectKeyIdentifier }
140
141	KeyAgreeRecipientInfo ::= SEQUENCE {
142	version CMSVersion, -- always set to 3
143	originator [0] EXPLICIT OriginatorIdentifierOrKey,
144	ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL,
145	keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
146	recipientEncryptedKeys RecipientEncryptedKeys }
147
148	OriginatorIdentifierOrKey ::= CHOICE {
149	issuerAndSerialNumber IssuerAndSerialNumber,
150	subjectKeyIdentifier [0] KeyIdentifier, --MB;SubjectKeyIdentifier,
151	originatorKey [1] OriginatorPublicKey }
152
153	OriginatorPublicKey ::= SEQUENCE {
154	algorithm AlgorithmIdentifier,
155	publicKey BIT STRING }
156
157	RecipientEncryptedKeys ::= SEQUENCE OF RecipientEncryptedKey
158
159	RecipientEncryptedKey ::= SEQUENCE {
160	rid KeyAgreeRecipientIdentifier,
161	encryptedKey EncryptedKey }
162
163	KeyAgreeRecipientIdentifier ::= CHOICE {
164	issuerAndSerialNumber IssuerAndSerialNumber,
165	rKeyId [0] IMPLICIT RecipientKeyIdentifier }
166
167
168
169
170	RecipientKeyIdentifier ::= SEQUENCE {
171	subjectKeyIdentifier KeyIdentifier, --MB;SubjectKeyIdentifier,
172	date GeneralizedTime OPTIONAL,
173	other OtherKeyAttribute OPTIONAL }
174
175	--MB;SubjectKeyIdentifier ::= OCTET STRING
176
177	KEKRecipientInfo ::= SEQUENCE {
178	version CMSVersion, -- always set to 4
179	kekid KEKIdentifier,
180	keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
181	encryptedKey EncryptedKey }
182
183	KEKIdentifier ::= SEQUENCE {
184	keyIdentifier OCTET STRING,
185	date GeneralizedTime OPTIONAL,
186	other OtherKeyAttribute OPTIONAL }
187
188	DigestedData ::= SEQUENCE {
189	version CMSVersion,
190	digestAlgorithm DigestAlgorithmIdentifier,
191	encapContentInfo EncapsulatedContentInfo,
192	digest Digest }
193
194	Digest ::= OCTET STRING
195
196	EncryptedData ::= SEQUENCE {
197	version CMSVersion,
198	encryptedContentInfo EncryptedContentInfo }
199
200	AuthenticatedData ::= SEQUENCE {
201	version CMSVersion,
202	originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
203	recipientInfos RecipientInfos,
204	macAlgorithm MessageAuthenticationCodeAlgorithm,
205	digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL,
206	encapContentInfo EncapsulatedContentInfo,
207	authenctiatedAttributes [2] IMPLICIT Attributes OPTIONAL, --MB;AuthAttributes OPTIONAL,
208	mac MessageAuthenticationCode,
209	unauthenticatedAttributes [3] IMPLICIT Attributes OPTIONAL } --MB;UnauthAttributes OPTIONAL }
210
211	--MB;AuthAttributes ::= SET SIZE (1..MAX) OF Attribute
212
213	--MB;UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute
214
215	MessageAuthenticationCode ::= OCTET STRING
216
217	DigestAlgorithmIdentifier ::= AlgorithmIdentifier
218
219
220
221	SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
222
223	KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
224
225	ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
226
227	MessageAuthenticationCodeAlgorithm ::= AlgorithmIdentifier
228
229	CertificateRevocationLists ::= SET OF CertificateList
230
231	CertificateChoices ::= CHOICE {
232	certificate Certificate, -- See X.509
233	extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete
234	attrCert [1] IMPLICIT AttributeCertificate } -- See X.509 & X9.57
235
236	CertificateSet ::= SET OF CertificateChoices
237
238	IssuerAndSerialNumber ::= SEQUENCE {
239	issuer Name,
240	serialNumber CertificateSerialNumber }
241
242	CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4) }
243
244	UserKeyingMaterial ::= OCTET STRING
245
246	UserKeyingMaterials ::= SET SIZE (1..MAX) OF UserKeyingMaterial
247
248	OtherKeyAttribute ::= SEQUENCE {
249	keyAttrId OBJECT IDENTIFIER,
250	keyAttr ANY OPTIONAL } --RWC;DEFINED BY keyAttrId OPTIONAL }
251
252
253	-- CMS Attributes
254
255	MessageDigest ::= OCTET STRING
256
257	SigningTime ::= Time
258
259	--MB;Time ::= CHOICE {
260	--MB; utcTime UTCTime,
261	--MB; generalTime GeneralizedTime }
262
263	Countersignature ::= SignerInfo
264
265
266
267	-- Algorithm Identifiers
268
269	sha-1 OBJECT IDENTIFIER ::= { 1 3 14 3 2 26 } --MB;{ iso(1) identified-organization(3)
270	--MB;oiw(14) secsig(3) algorithm(2) 26 }
271
272	--MB;md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
273	--MB; rsadsi(113549) digestAlgorithm(2) 5 }
274
275	id-dsa-with-sha1 OBJECT IDENTIFIER ::= { 1 2 840 10040 4 3 } --MB;{ iso(1) member-body(2)
276	--MB;us(840) x9-57 (10040) x9cm(4) 3 }
277
278	--MB;rsaEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2)
279	--MB; us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1 }
280
281	dh-public-number OBJECT IDENTIFIER ::= { 1 2 840 10046 2 1 } --MB;{ iso(1) member-body(2)
282	--MB;us(840) ansi-x942(10046) number-type(2) 1 }
283
284	id-alg-ESDH OBJECT IDENTIFIER ::= { pkcs 9 16 3 5 } --MB;{ iso(1) member-body(2) us(840)
285	--MB;rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 5 }
286
287	id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= { pkcs 9 16 3 6 } --MB;{ iso(1) member-body(2)
288	--MB;us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 6 }
289
290	id-alg-CMSRC2wrap OBJECT IDENTIFIER ::= { pkcs 9 16 3 7 } --MB;{ iso(1) member-body(2)
291	--MB;us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 7 }
292
293	des-ede3-cbc OBJECT IDENTIFIER ::= { rsadsi 3 7 } --MB;{ iso(1) member-body(2)
294	--MB;us(840) rsadsi(113549) encryptionAlgorithm(3) 7 }
295
296	rc2-cbc OBJECT IDENTIFIER ::= { rsadsi 3 2 } --MB;{ iso(1) member-body(2) us(840)
297	--MB;rsadsi(113549) encryptionAlgorithm(3) 2 }
298
299	hMAC-SHA1 OBJECT IDENTIFIER ::= { 1 3 6 1 5 5 8 1 2 } --MB;{ iso(1) identified-organization(3)
300	--MB;dod(6) internet(1) security(5) mechanisms(5) 8 1 2 }
301
302	-- some more algorithms added by dmitch
303
304	rc2-ecb OBJECT IDENTIFIER ::= { rsadsi 3 3 }
305
306	rc4 OBJECT IDENTIFIER ::= { rsadsi 3 4 }
307
308	rc4WithMAC OBJECT IDENTIFIER ::= { rsadsi 3 5 }
309
310	desx-CBC OBJECT IDENTIFIER ::= { rsadsi 3 6 }
311
312	rc5CBC OBJECT IDENTIFIER ::= { rsadsi 3 8 }
313
314	rc5-CBCPad OBJECT IDENTIFIER ::= { rsadsi 3 9 }
315
316	desCDMF OBJECT IDENTIFIER ::= { rsadsi 3 10 }
317
318	-- this is the OID used by BSAFE when generating DSA keys. It is not
319	-- the same as id_dsa from sm_x501ud...
320
321	dsa-bsafe OBJECT IDENTIFIER ::= {1 3 14 3 2 12}
322
323	-- end of dmitch addenda
324
325
326	-- Algorithm Parameters
327
328	KeyWrapAlgorithm ::= AlgorithmIdentifier
329
330	RC2wrapParameter ::= RC2ParameterVersion
331
332	RC2ParameterVersion ::= INTEGER
333
334	CBCParameter ::= IV
335
336	IV ::= OCTET STRING -- exactly 8 octets
337
338	RC2CBCParameter ::= SEQUENCE {
339	rc2ParameterVersion INTEGER,
340	iv OCTET STRING } -- exactly 8 octets
341
342
343	-- Content Type Object Identifiers
344
345	id-data OBJECT IDENTIFIER ::= { pkcs 7 1 } --MB; { iso(1) member-body(2)
346	--MB;us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 }
347
348	id-signedData OBJECT IDENTIFIER ::= { pkcs 7 2 } --MB;{ iso(1) member-body(2)
349	--MB;us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2 }
350
351	id-envelopedData OBJECT IDENTIFIER ::= { pkcs 7 3 } --MB;{ iso(1) member-body(2)
352	--MB;us(840) rsadsi(113549) pkcs(1) pkcs7(7) 3 }
353
354	id-digestedData OBJECT IDENTIFIER ::= { pkcs 7 5 } --MB;{ iso(1) member-body(2)
355	--MB;us(840) rsadsi(113549) pkcs(1) pkcs7(7) 5 }
356
357	id-encryptedData OBJECT IDENTIFIER ::= { pkcs 7 6 } --MB;{ iso(1) member-body(2)
358	--MB;us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6 }
359
360	id-ct-authData OBJECT IDENTIFIER ::= { pkcs 9 16 1 2 } --MB;{ iso(1) member-body(2)
361	--MB;us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
362	--MB;ct(1) 2 }
363
364
365	-- Attribute Object Identifiers
366
367	id-contentType OBJECT IDENTIFIER ::= { pkcs 9 3 } --MB;{ iso(1) member-body(2)
368	--MB;us(840) rsadsi(113549) pkcs(1) pkcs9(9) 3 }
369
370	id-messageDigest OBJECT IDENTIFIER ::= { pkcs 9 4 } --MB;{ iso(1) member-body(2)
371	--MB;us(840) rsadsi(113549) pkcs(1) pkcs9(9) 4 }
372
373	id-signingTime OBJECT IDENTIFIER ::= { pkcs 9 5 } --MB;{ iso(1) member-body(2)
374	--MB;us(840) rsadsi(113549) pkcs(1) pkcs9(9) 5 }
375
376	id-countersignature OBJECT IDENTIFIER ::= { pkcs 9 6 } --MB;{ iso(1) member-body(2)
377	--MB;us(840) rsadsi(113549) pkcs(1) pkcs9(9) 6 }
378
379
380	-- Obsolete Extended Certificate syntax from PKCS#6
381
382	ExtendedCertificateOrCertificate ::= CHOICE {
383	certificate Certificate,
384	extendedCertificate [0] IMPLICIT ExtendedCertificate }
385
386	ExtendedCertificate ::= SEQUENCE {
387	extendedCertificateInfo ExtendedCertificateInfo,
388	signatureAlgorithm SignatureAlgorithmIdentifier,
389	signature Signature }
390
391	ExtendedCertificateInfo ::= SEQUENCE {
392	version CMSVersion,
393	certificate Certificate,
394	attributes Attributes } --MB;UnauthAttributes }
395
396	Signature ::= BIT STRING
397
398
399
400	-- Everything below this line is not part of draft-ietf-smime-cms-13.txt
401
402
403	-- Attribute Object Identifiers
404
405	id-macValue OBJECT IDENTIFIER ::= { pkcs 9 16 2 8 } --MB;{ iso(1) member-body(2)
406	--MB;us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) aa(2) 8 }
407
408
409	-- Algorithm Identifiers
410
411	id-dsa OBJECT IDENTIFIER ::= { 1 2 840 10040 4 1 } --MB;{iso(1) member-body(2)
412	--MB;us(840) x9-57(10040) x9cm(4) 1 }
413
414
415	-- Content Encryption Algorithms
416	-- For the effective-key-bits (key size) greater than 32 and less
417	-- than 256, the RC2-CBC algorithm parameters are encoded as:
418	-- RC2-CBC parameter ::= SEQUENCE {
419	-- rc2ParameterVersion INTEGER,
420	-- iv OCTET STRING (8) }
421	-- For the effective-key-bits of 40, 64, and 128, the
422	-- rc2ParameterVersion values are 160, 120, 58 respectively.
423
424
425	-- Normally in PKCS#7
426	DigestInfo ::= SEQUENCE { -- Defined in PKCS#7 but not IETF-CMS
427	digestAlgorithm DigestAlgorithmIdentifier,
428	digest Digest }
429
430
431	END -- of CryptographicMessageSyntax