OSX/libsecurity_asn1/asn1/sm_cms.asn

   1
   2 -- @(#) sm_cms.asn 1.13 12/17/98 14:17:10
   3 -- FROM cms.txt:   <http://ietf.org/internet-drafts/draft-ietf-smime-cms-13.txt>
   4
   5    CryptographicMessageSyntax
   6        { 1 2 840 113549 1 9 16 0 1 }
   7        --RWC;{ iso(1) member-body(2) us(840) rsadsi(113549)
   8        --RWC;  pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1) }
   9
  10    DEFINITIONS IMPLICIT TAGS ::=
  11    BEGIN
  12
  13    -- EXPORTS All
  14    -- The types and values defined in this module are exported for use in
  15    -- the other ASN.1 modules.  Other applications may use them for their
  16    -- own purposes.
  17
  18    IMPORTS
  19
  20   -- MB;KeyIdentifier (replaces SubjectKeyIdentifier)
  21      KeyIdentifier
  22            FROM CertificateExtensions
  23
  24   -- MB;PKCS1-OIDS
  25      rsadsi, pkcs --MB;rsaEncryption, md5
  26            FROM PKCS1-OIDS
  27
  28   -- Useful Definitions from X.501
  29      informationFramework, authenticationFramework
  30        FROM UsefulDefinitions  { usefulDefinitions }
  31
  32   -- Directory Information Framework (X.501)
  33        Name, Attribute, Attributes, AttributeValue
  34          FROM InformationFramework --RWC; { joint-iso-itu-t ds(5) rWCmodules(1)
  35          --RWC; "modules(1)" re-defined from above "CrytpgraphicMessageSyntax".
  36          --RWC;    informationFramework(1) 3 }
  37
  38    -- Directory Authentication Framework (X.509)
  39       AlgorithmIdentifier, AttributeCertificate, Certificate,
  40       CertificateList, CertificateSerialNumber, Time
  41         FROM AuthenticationFramework; --RWC;{ joint-iso-itu-t rWCds(5)
  42         --RWC; "ds(1)" re-defined.
  43         --RWC;module(1) rWCauthenticationFramework(7) 3 } ;
  44
  45
  46
  47
  48
  49    -- Cryptographic Message Syntax
  50
  51    ContentInfo ::= SEQUENCE {
  52      contentType ContentType,
  53      content [0] EXPLICIT ANY } --RWC;DEFINED BY contentType }
  54
  55    ContentType ::= OBJECT IDENTIFIER
  56
  57    SignedData ::= SEQUENCE {
  58      version CMSVersion,
  59      digestAlgorithms DigestAlgorithmIdentifiers,
  60      encapContentInfo EncapsulatedContentInfo,
  61      certificates [0] IMPLICIT CertificateSet OPTIONAL,
  62      crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
  63      signerInfos SignerInfos }
  64
  65    DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
  66
  67    SignerInfos ::= SET OF SignerInfo
  68
  69
  70
  71    EncapsulatedContentInfo ::= SEQUENCE {
  72      eContentType ContentType,
  73      eContent [0] EXPLICIT OCTET STRING OPTIONAL }
  74
  75    SignerInfo ::= SEQUENCE {
  76      version CMSVersion,
  77      sid SignerIdentifier,
  78      digestAlgorithm DigestAlgorithmIdentifier,
  79      signedAttrs [0] IMPLICIT Attributes OPTIONAL, --MB;SignedAttributes OPTIONAL,
  80      signatureAlgorithm SignatureAlgorithmIdentifier,
  81      signature SignatureValue,
  82      unsignedAttrs [1] IMPLICIT Attributes OPTIONAL } --MB;UnsignedAttributes OPTIONAL }
  83
  84    SignerIdentifier ::= CHOICE {
  85      issuerAndSerialNumber IssuerAndSerialNumber,
  86      subjectKeyIdentifier [0] KeyIdentifier } --MB;SubjectKeyIdentifier }
  87
  88    --MB;SignedAttributes ::= SET SIZE (1..MAX) OF Attribute
  89
  90    --MB;UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute
  91
  92    --MB;Attribute ::= SEQUENCE {
  93    --MB;  attrType OBJECT IDENTIFIER,
  94    --MB;  attrValues SET OF AttributeValue }
  95
  96    --MB;AttributeValue ::= ANY
  97
  98    SignatureValue ::= OCTET STRING
  99
 100    EnvelopedData ::= SEQUENCE {
 101      version CMSVersion,
 102      originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
 103      recipientInfos RecipientInfos,
 104      encryptedContentInfo EncryptedContentInfo,
 105      unprotectedAttrs [1] IMPLICIT Attributes OPTIONAL } --MB;UnprotectedAttributes OPTIONAL }
 106
 107    OriginatorInfo ::= SEQUENCE {
 108      certs [0] IMPLICIT CertificateSet OPTIONAL,
 109      crls [1] IMPLICIT CertificateRevocationLists OPTIONAL }
 110
 111    RecipientInfos ::= SET OF RecipientInfo
 112
 113    EncryptedContentInfo ::= SEQUENCE {
 114      contentType ContentType,
 115      contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
 116      encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL }
 117
 118    EncryptedContent ::= OCTET STRING
 119
 120
 121
 122    --MB;UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute
 123
 124    RecipientInfo ::= CHOICE {
 125      ktri KeyTransRecipientInfo,
 126      kari [1] KeyAgreeRecipientInfo,
 127      kekri [2] KEKRecipientInfo }
 128
 129    EncryptedKey ::= OCTET STRING
 130
 131    KeyTransRecipientInfo ::= SEQUENCE {
 132      version CMSVersion,  -- always set to 0 or 2
 133      rid RecipientIdentifier,
 134      keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
 135      encryptedKey EncryptedKey }
 136
 137    RecipientIdentifier ::= CHOICE {
 138      issuerAndSerialNumber IssuerAndSerialNumber,
 139      subjectKeyIdentifier [0] KeyIdentifier } --MB;SubjectKeyIdentifier }
 140
 141    KeyAgreeRecipientInfo ::= SEQUENCE {
 142      version CMSVersion,  -- always set to 3
 143      originator [0] EXPLICIT OriginatorIdentifierOrKey,
 144      ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL,
 145      keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
 146      recipientEncryptedKeys RecipientEncryptedKeys }
 147
 148    OriginatorIdentifierOrKey ::= CHOICE {
 149      issuerAndSerialNumber IssuerAndSerialNumber,
 150      subjectKeyIdentifier [0] KeyIdentifier, --MB;SubjectKeyIdentifier,
 151      originatorKey [1] OriginatorPublicKey }
 152
 153    OriginatorPublicKey ::= SEQUENCE {
 154      algorithm AlgorithmIdentifier,
 155      publicKey BIT STRING }
 156
 157    RecipientEncryptedKeys ::= SEQUENCE OF RecipientEncryptedKey
 158
 159    RecipientEncryptedKey ::= SEQUENCE {
 160      rid KeyAgreeRecipientIdentifier,
 161      encryptedKey EncryptedKey }
 162
 163    KeyAgreeRecipientIdentifier ::= CHOICE {
 164      issuerAndSerialNumber IssuerAndSerialNumber,
 165      rKeyId [0] IMPLICIT RecipientKeyIdentifier }
 166
 167
 168
 169
 170    RecipientKeyIdentifier ::= SEQUENCE {
 171      subjectKeyIdentifier KeyIdentifier, --MB;SubjectKeyIdentifier,
 172      date GeneralizedTime OPTIONAL,
 173      other OtherKeyAttribute OPTIONAL }
 174
 175    --MB;SubjectKeyIdentifier ::= OCTET STRING
 176
 177    KEKRecipientInfo ::= SEQUENCE {
 178      version CMSVersion,  -- always set to 4
 179      kekid KEKIdentifier,
 180      keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
 181      encryptedKey EncryptedKey }
 182
 183    KEKIdentifier ::= SEQUENCE {
 184      keyIdentifier OCTET STRING,
 185      date GeneralizedTime OPTIONAL,
 186      other OtherKeyAttribute OPTIONAL }
 187
 188    DigestedData ::= SEQUENCE {
 189      version CMSVersion,
 190      digestAlgorithm DigestAlgorithmIdentifier,
 191      encapContentInfo EncapsulatedContentInfo,
 192      digest Digest }
 193
 194    Digest ::= OCTET STRING
 195
 196    EncryptedData ::= SEQUENCE {
 197      version CMSVersion,
 198      encryptedContentInfo EncryptedContentInfo }
 199
 200    AuthenticatedData ::= SEQUENCE {
 201      version CMSVersion,
 202      originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
 203      recipientInfos RecipientInfos,
 204      macAlgorithm MessageAuthenticationCodeAlgorithm,
 205      digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL,
 206      encapContentInfo EncapsulatedContentInfo,
 207      authenctiatedAttributes [2] IMPLICIT Attributes OPTIONAL, --MB;AuthAttributes OPTIONAL,
 208      mac MessageAuthenticationCode,
 209      unauthenticatedAttributes [3] IMPLICIT Attributes OPTIONAL } --MB;UnauthAttributes OPTIONAL }
 210
 211    --MB;AuthAttributes ::= SET SIZE (1..MAX) OF Attribute
 212
 213    --MB;UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute
 214
 215    MessageAuthenticationCode ::= OCTET STRING
 216
 217    DigestAlgorithmIdentifier ::= AlgorithmIdentifier
 218
 219
 220
 221    SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
 222
 223    KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
 224
 225    ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
 226
 227    MessageAuthenticationCodeAlgorithm ::= AlgorithmIdentifier
 228
 229    CertificateRevocationLists ::= SET OF CertificateList
 230
 231    CertificateChoices ::= CHOICE {
 232      certificate Certificate,  -- See X.509
 233      extendedCertificate [0] IMPLICIT ExtendedCertificate,  -- Obsolete
 234      attrCert [1] IMPLICIT AttributeCertificate }  -- See X.509 & X9.57
 235
 236    CertificateSet ::= SET OF CertificateChoices
 237
 238    IssuerAndSerialNumber ::= SEQUENCE {
 239      issuer Name,
 240      serialNumber CertificateSerialNumber }
 241
 242    CMSVersion ::= INTEGER  { v0(0), v1(1), v2(2), v3(3), v4(4) }
 243
 244    UserKeyingMaterial ::= OCTET STRING
 245
 246    UserKeyingMaterials ::= SET SIZE (1..MAX) OF UserKeyingMaterial
 247
 248    OtherKeyAttribute ::= SEQUENCE {
 249      keyAttrId OBJECT IDENTIFIER,
 250      keyAttr ANY  OPTIONAL } --RWC;DEFINED BY keyAttrId OPTIONAL }
 251
 252
 253    -- CMS Attributes
 254
 255    MessageDigest ::= OCTET STRING
 256
 257    SigningTime  ::= Time
 258
 259    --MB;Time ::= CHOICE {
 260    --MB;  utcTime UTCTime,
 261    --MB;  generalTime GeneralizedTime }
 262
 263    Countersignature ::= SignerInfo
 264
 265
 266
 267    -- Algorithm Identifiers
 268
 269    sha-1 OBJECT IDENTIFIER ::= { 1 3 14 3 2 26 } --MB;{ iso(1) identified-organization(3)
 270        --MB;oiw(14) secsig(3) algorithm(2) 26 }
 271
 272    --MB;md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
 273    --MB;    rsadsi(113549) digestAlgorithm(2) 5 }
 274
 275    id-dsa-with-sha1 OBJECT IDENTIFIER ::= { 1 2 840 10040 4 3 } --MB;{ iso(1) member-body(2)
 276        --MB;us(840) x9-57 (10040) x9cm(4) 3 }
 277
 278    --MB;rsaEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2)
 279    --MB;    us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1 }
 280
 281    dh-public-number OBJECT IDENTIFIER ::= { 1 2 840 10046 2 1 } --MB;{ iso(1) member-body(2)
 282        --MB;us(840) ansi-x942(10046) number-type(2) 1 }
 283
 284    id-alg-ESDH OBJECT IDENTIFIER ::= { pkcs 9 16 3 5 } --MB;{ iso(1) member-body(2) us(840)
 285        --MB;rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 5 }
 286
 287    id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= { pkcs 9 16 3 6 } --MB;{ iso(1) member-body(2)
 288        --MB;us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 6 }
 289
 290    id-alg-CMSRC2wrap OBJECT IDENTIFIER ::= { pkcs 9 16 3 7 } --MB;{ iso(1) member-body(2)
 291        --MB;us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 7 }
 292
 293    des-ede3-cbc OBJECT IDENTIFIER ::= { rsadsi 3 7 } --MB;{ iso(1) member-body(2)
 294        --MB;us(840) rsadsi(113549) encryptionAlgorithm(3) 7 }
 295
 296    rc2-cbc OBJECT IDENTIFIER ::= { rsadsi 3 2 } --MB;{ iso(1) member-body(2) us(840)
 297        --MB;rsadsi(113549) encryptionAlgorithm(3) 2 }
 298
 299    hMAC-SHA1 OBJECT IDENTIFIER ::= { 1 3 6 1 5 5 8 1 2 } --MB;{ iso(1) identified-organization(3)
 300        --MB;dod(6) internet(1) security(5) mechanisms(5) 8 1 2 }
 301
 302    -- some more algorithms added by dmitch
 303
 304    rc2-ecb OBJECT IDENTIFIER ::= { rsadsi 3 3 }
 305
 306    rc4 OBJECT IDENTIFIER ::= { rsadsi 3 4 }
 307
 308    rc4WithMAC OBJECT IDENTIFIER ::= { rsadsi 3 5 }
 309
 310    desx-CBC OBJECT IDENTIFIER ::= { rsadsi 3 6 }
 311
 312    rc5CBC OBJECT IDENTIFIER ::= { rsadsi 3 8 }
 313
 314    rc5-CBCPad OBJECT IDENTIFIER ::= { rsadsi 3 9 }
 315
 316    desCDMF OBJECT IDENTIFIER ::= { rsadsi 3 10 }
 317
 318    -- this is the OID used by BSAFE when generating DSA keys. It is not
 319    -- the same as id_dsa from sm_x501ud...
 320
 321    dsa-bsafe OBJECT IDENTIFIER ::= {1 3 14 3 2 12}
 322
 323    -- end of dmitch addenda
 324
 325
 326    -- Algorithm Parameters
 327
 328    KeyWrapAlgorithm ::= AlgorithmIdentifier
 329
 330    RC2wrapParameter ::= RC2ParameterVersion
 331
 332    RC2ParameterVersion ::= INTEGER
 333
 334    CBCParameter ::= IV
 335
 336    IV ::= OCTET STRING  -- exactly 8 octets
 337
 338    RC2CBCParameter ::= SEQUENCE {
 339      rc2ParameterVersion INTEGER,
 340      iv OCTET STRING  }  -- exactly 8 octets
 341
 342
 343    -- Content Type Object Identifiers
 344
 345    id-data OBJECT IDENTIFIER ::= { pkcs 7 1 } --MB; { iso(1) member-body(2)
 346        --MB;us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 }
 347
 348    id-signedData OBJECT IDENTIFIER ::= { pkcs 7 2 } --MB;{ iso(1) member-body(2)
 349        --MB;us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2 }
 350
 351    id-envelopedData OBJECT IDENTIFIER ::= { pkcs 7 3 } --MB;{ iso(1) member-body(2)
 352        --MB;us(840) rsadsi(113549) pkcs(1) pkcs7(7) 3 }
 353
 354    id-digestedData OBJECT IDENTIFIER ::= { pkcs 7 5 } --MB;{ iso(1) member-body(2)
 355        --MB;us(840) rsadsi(113549) pkcs(1) pkcs7(7) 5 }
 356
 357    id-encryptedData OBJECT IDENTIFIER ::= { pkcs 7 6 } --MB;{ iso(1) member-body(2)
 358        --MB;us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6 }
 359
 360    id-ct-authData OBJECT IDENTIFIER ::= { pkcs 9 16 1 2 } --MB;{ iso(1) member-body(2)
 361        --MB;us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
 362        --MB;ct(1) 2 }
 363
 364
 365    -- Attribute Object Identifiers
 366
 367    id-contentType OBJECT IDENTIFIER ::= { pkcs 9 3 } --MB;{ iso(1) member-body(2)
 368        --MB;us(840) rsadsi(113549) pkcs(1) pkcs9(9) 3 }
 369
 370    id-messageDigest OBJECT IDENTIFIER ::= { pkcs 9 4 } --MB;{ iso(1) member-body(2)
 371        --MB;us(840) rsadsi(113549) pkcs(1) pkcs9(9) 4 }
 372
 373    id-signingTime OBJECT IDENTIFIER ::= { pkcs 9 5 } --MB;{ iso(1) member-body(2)
 374        --MB;us(840) rsadsi(113549) pkcs(1) pkcs9(9) 5 }
 375
 376    id-countersignature OBJECT IDENTIFIER ::= { pkcs 9 6 } --MB;{ iso(1) member-body(2)
 377        --MB;us(840) rsadsi(113549) pkcs(1) pkcs9(9) 6 }
 378
 379
 380    -- Obsolete Extended Certificate syntax from PKCS#6
 381
 382    ExtendedCertificateOrCertificate ::= CHOICE {
 383      certificate Certificate,
 384      extendedCertificate [0] IMPLICIT ExtendedCertificate }
 385
 386    ExtendedCertificate ::= SEQUENCE {
 387      extendedCertificateInfo ExtendedCertificateInfo,
 388      signatureAlgorithm SignatureAlgorithmIdentifier,
 389      signature Signature }
 390
 391    ExtendedCertificateInfo ::= SEQUENCE {
 392      version CMSVersion,
 393      certificate Certificate,
 394      attributes Attributes } --MB;UnauthAttributes }
 395
 396    Signature ::= BIT STRING
 397
 398
 399
 400    -- Everything below this line is not part of draft-ietf-smime-cms-13.txt
 401
 402
 403    -- Attribute Object Identifiers
 404
 405    id-macValue OBJECT IDENTIFIER ::= { pkcs 9 16 2 8 } --MB;{ iso(1) member-body(2)
 406        --MB;us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) aa(2) 8 }
 407
 408
 409    -- Algorithm Identifiers
 410
 411    id-dsa OBJECT IDENTIFIER ::= { 1 2 840 10040 4 1 } --MB;{iso(1) member-body(2)
 412        --MB;us(840) x9-57(10040) x9cm(4) 1 }
 413
 414
 415    -- Content Encryption Algorithms
 416    --        For the effective-key-bits (key size) greater than 32 and less
 417    --        than 256, the RC2-CBC algorithm parameters are encoded as:
 418    --        RC2-CBC parameter ::=  SEQUENCE {
 419    --                rc2ParameterVersion INTEGER,
 420    --                iv OCTET STRING (8) }
 421    --        For the effective-key-bits of 40, 64, and 128, the
 422    --        rc2ParameterVersion values are 160, 120, 58 respectively.
 423
 424
 425    -- Normally in PKCS#7
 426    DigestInfo ::= SEQUENCE { -- Defined in PKCS#7 but not IETF-CMS
 427      digestAlgorithm DigestAlgorithmIdentifier,
 428      digest Digest }
 429
 430
 431    END -- of CryptographicMessageSyntax