]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_asn1/asn1/sm_cms.asn
Security-57336.1.9.tar.gz
[apple/security.git] / OSX / libsecurity_asn1 / asn1 / sm_cms.asn
1
2 -- @(#) sm_cms.asn 1.13 12/17/98 14:17:10
3 -- FROM cms.txt: <http://ietf.org/internet-drafts/draft-ietf-smime-cms-13.txt>
4
5 CryptographicMessageSyntax
6 { 1 2 840 113549 1 9 16 0 1 }
7 --RWC;{ iso(1) member-body(2) us(840) rsadsi(113549)
8 --RWC; pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1) }
9
10 DEFINITIONS IMPLICIT TAGS ::=
11 BEGIN
12
13 -- EXPORTS All
14 -- The types and values defined in this module are exported for use in
15 -- the other ASN.1 modules. Other applications may use them for their
16 -- own purposes.
17
18 IMPORTS
19
20 -- MB;KeyIdentifier (replaces SubjectKeyIdentifier)
21 KeyIdentifier
22 FROM CertificateExtensions
23
24 -- MB;PKCS1-OIDS
25 rsadsi, pkcs --MB;rsaEncryption, md5
26 FROM PKCS1-OIDS
27
28 -- Useful Definitions from X.501
29 informationFramework, authenticationFramework
30 FROM UsefulDefinitions { usefulDefinitions }
31
32 -- Directory Information Framework (X.501)
33 Name, Attribute, Attributes, AttributeValue
34 FROM InformationFramework --RWC; { joint-iso-itu-t ds(5) rWCmodules(1)
35 --RWC; "modules(1)" re-defined from above "CrytpgraphicMessageSyntax".
36 --RWC; informationFramework(1) 3 }
37
38 -- Directory Authentication Framework (X.509)
39 AlgorithmIdentifier, AttributeCertificate, Certificate,
40 CertificateList, CertificateSerialNumber, Time
41 FROM AuthenticationFramework; --RWC;{ joint-iso-itu-t rWCds(5)
42 --RWC; "ds(1)" re-defined.
43 --RWC;module(1) rWCauthenticationFramework(7) 3 } ;
44
45
46
47
48
49 -- Cryptographic Message Syntax
50
51 ContentInfo ::= SEQUENCE {
52 contentType ContentType,
53 content [0] EXPLICIT ANY } --RWC;DEFINED BY contentType }
54
55 ContentType ::= OBJECT IDENTIFIER
56
57 SignedData ::= SEQUENCE {
58 version CMSVersion,
59 digestAlgorithms DigestAlgorithmIdentifiers,
60 encapContentInfo EncapsulatedContentInfo,
61 certificates [0] IMPLICIT CertificateSet OPTIONAL,
62 crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
63 signerInfos SignerInfos }
64
65 DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
66
67 SignerInfos ::= SET OF SignerInfo
68
69
70
71 EncapsulatedContentInfo ::= SEQUENCE {
72 eContentType ContentType,
73 eContent [0] EXPLICIT OCTET STRING OPTIONAL }
74
75 SignerInfo ::= SEQUENCE {
76 version CMSVersion,
77 sid SignerIdentifier,
78 digestAlgorithm DigestAlgorithmIdentifier,
79 signedAttrs [0] IMPLICIT Attributes OPTIONAL, --MB;SignedAttributes OPTIONAL,
80 signatureAlgorithm SignatureAlgorithmIdentifier,
81 signature SignatureValue,
82 unsignedAttrs [1] IMPLICIT Attributes OPTIONAL } --MB;UnsignedAttributes OPTIONAL }
83
84 SignerIdentifier ::= CHOICE {
85 issuerAndSerialNumber IssuerAndSerialNumber,
86 subjectKeyIdentifier [0] KeyIdentifier } --MB;SubjectKeyIdentifier }
87
88 --MB;SignedAttributes ::= SET SIZE (1..MAX) OF Attribute
89
90 --MB;UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute
91
92 --MB;Attribute ::= SEQUENCE {
93 --MB; attrType OBJECT IDENTIFIER,
94 --MB; attrValues SET OF AttributeValue }
95
96 --MB;AttributeValue ::= ANY
97
98 SignatureValue ::= OCTET STRING
99
100 EnvelopedData ::= SEQUENCE {
101 version CMSVersion,
102 originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
103 recipientInfos RecipientInfos,
104 encryptedContentInfo EncryptedContentInfo,
105 unprotectedAttrs [1] IMPLICIT Attributes OPTIONAL } --MB;UnprotectedAttributes OPTIONAL }
106
107 OriginatorInfo ::= SEQUENCE {
108 certs [0] IMPLICIT CertificateSet OPTIONAL,
109 crls [1] IMPLICIT CertificateRevocationLists OPTIONAL }
110
111 RecipientInfos ::= SET OF RecipientInfo
112
113 EncryptedContentInfo ::= SEQUENCE {
114 contentType ContentType,
115 contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
116 encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL }
117
118 EncryptedContent ::= OCTET STRING
119
120
121
122 --MB;UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute
123
124 RecipientInfo ::= CHOICE {
125 ktri KeyTransRecipientInfo,
126 kari [1] KeyAgreeRecipientInfo,
127 kekri [2] KEKRecipientInfo }
128
129 EncryptedKey ::= OCTET STRING
130
131 KeyTransRecipientInfo ::= SEQUENCE {
132 version CMSVersion, -- always set to 0 or 2
133 rid RecipientIdentifier,
134 keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
135 encryptedKey EncryptedKey }
136
137 RecipientIdentifier ::= CHOICE {
138 issuerAndSerialNumber IssuerAndSerialNumber,
139 subjectKeyIdentifier [0] KeyIdentifier } --MB;SubjectKeyIdentifier }
140
141 KeyAgreeRecipientInfo ::= SEQUENCE {
142 version CMSVersion, -- always set to 3
143 originator [0] EXPLICIT OriginatorIdentifierOrKey,
144 ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL,
145 keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
146 recipientEncryptedKeys RecipientEncryptedKeys }
147
148 OriginatorIdentifierOrKey ::= CHOICE {
149 issuerAndSerialNumber IssuerAndSerialNumber,
150 subjectKeyIdentifier [0] KeyIdentifier, --MB;SubjectKeyIdentifier,
151 originatorKey [1] OriginatorPublicKey }
152
153 OriginatorPublicKey ::= SEQUENCE {
154 algorithm AlgorithmIdentifier,
155 publicKey BIT STRING }
156
157 RecipientEncryptedKeys ::= SEQUENCE OF RecipientEncryptedKey
158
159 RecipientEncryptedKey ::= SEQUENCE {
160 rid KeyAgreeRecipientIdentifier,
161 encryptedKey EncryptedKey }
162
163 KeyAgreeRecipientIdentifier ::= CHOICE {
164 issuerAndSerialNumber IssuerAndSerialNumber,
165 rKeyId [0] IMPLICIT RecipientKeyIdentifier }
166
167
168
169
170 RecipientKeyIdentifier ::= SEQUENCE {
171 subjectKeyIdentifier KeyIdentifier, --MB;SubjectKeyIdentifier,
172 date GeneralizedTime OPTIONAL,
173 other OtherKeyAttribute OPTIONAL }
174
175 --MB;SubjectKeyIdentifier ::= OCTET STRING
176
177 KEKRecipientInfo ::= SEQUENCE {
178 version CMSVersion, -- always set to 4
179 kekid KEKIdentifier,
180 keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
181 encryptedKey EncryptedKey }
182
183 KEKIdentifier ::= SEQUENCE {
184 keyIdentifier OCTET STRING,
185 date GeneralizedTime OPTIONAL,
186 other OtherKeyAttribute OPTIONAL }
187
188 DigestedData ::= SEQUENCE {
189 version CMSVersion,
190 digestAlgorithm DigestAlgorithmIdentifier,
191 encapContentInfo EncapsulatedContentInfo,
192 digest Digest }
193
194 Digest ::= OCTET STRING
195
196 EncryptedData ::= SEQUENCE {
197 version CMSVersion,
198 encryptedContentInfo EncryptedContentInfo }
199
200 AuthenticatedData ::= SEQUENCE {
201 version CMSVersion,
202 originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
203 recipientInfos RecipientInfos,
204 macAlgorithm MessageAuthenticationCodeAlgorithm,
205 digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL,
206 encapContentInfo EncapsulatedContentInfo,
207 authenctiatedAttributes [2] IMPLICIT Attributes OPTIONAL, --MB;AuthAttributes OPTIONAL,
208 mac MessageAuthenticationCode,
209 unauthenticatedAttributes [3] IMPLICIT Attributes OPTIONAL } --MB;UnauthAttributes OPTIONAL }
210
211 --MB;AuthAttributes ::= SET SIZE (1..MAX) OF Attribute
212
213 --MB;UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute
214
215 MessageAuthenticationCode ::= OCTET STRING
216
217 DigestAlgorithmIdentifier ::= AlgorithmIdentifier
218
219
220
221 SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
222
223 KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
224
225 ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
226
227 MessageAuthenticationCodeAlgorithm ::= AlgorithmIdentifier
228
229 CertificateRevocationLists ::= SET OF CertificateList
230
231 CertificateChoices ::= CHOICE {
232 certificate Certificate, -- See X.509
233 extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete
234 attrCert [1] IMPLICIT AttributeCertificate } -- See X.509 & X9.57
235
236 CertificateSet ::= SET OF CertificateChoices
237
238 IssuerAndSerialNumber ::= SEQUENCE {
239 issuer Name,
240 serialNumber CertificateSerialNumber }
241
242 CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4) }
243
244 UserKeyingMaterial ::= OCTET STRING
245
246 UserKeyingMaterials ::= SET SIZE (1..MAX) OF UserKeyingMaterial
247
248 OtherKeyAttribute ::= SEQUENCE {
249 keyAttrId OBJECT IDENTIFIER,
250 keyAttr ANY OPTIONAL } --RWC;DEFINED BY keyAttrId OPTIONAL }
251
252
253 -- CMS Attributes
254
255 MessageDigest ::= OCTET STRING
256
257 SigningTime ::= Time
258
259 --MB;Time ::= CHOICE {
260 --MB; utcTime UTCTime,
261 --MB; generalTime GeneralizedTime }
262
263 Countersignature ::= SignerInfo
264
265
266
267 -- Algorithm Identifiers
268
269 sha-1 OBJECT IDENTIFIER ::= { 1 3 14 3 2 26 } --MB;{ iso(1) identified-organization(3)
270 --MB;oiw(14) secsig(3) algorithm(2) 26 }
271
272 --MB;md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
273 --MB; rsadsi(113549) digestAlgorithm(2) 5 }
274
275 id-dsa-with-sha1 OBJECT IDENTIFIER ::= { 1 2 840 10040 4 3 } --MB;{ iso(1) member-body(2)
276 --MB;us(840) x9-57 (10040) x9cm(4) 3 }
277
278 --MB;rsaEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2)
279 --MB; us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1 }
280
281 dh-public-number OBJECT IDENTIFIER ::= { 1 2 840 10046 2 1 } --MB;{ iso(1) member-body(2)
282 --MB;us(840) ansi-x942(10046) number-type(2) 1 }
283
284 id-alg-ESDH OBJECT IDENTIFIER ::= { pkcs 9 16 3 5 } --MB;{ iso(1) member-body(2) us(840)
285 --MB;rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 5 }
286
287 id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= { pkcs 9 16 3 6 } --MB;{ iso(1) member-body(2)
288 --MB;us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 6 }
289
290 id-alg-CMSRC2wrap OBJECT IDENTIFIER ::= { pkcs 9 16 3 7 } --MB;{ iso(1) member-body(2)
291 --MB;us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 7 }
292
293 des-ede3-cbc OBJECT IDENTIFIER ::= { rsadsi 3 7 } --MB;{ iso(1) member-body(2)
294 --MB;us(840) rsadsi(113549) encryptionAlgorithm(3) 7 }
295
296 rc2-cbc OBJECT IDENTIFIER ::= { rsadsi 3 2 } --MB;{ iso(1) member-body(2) us(840)
297 --MB;rsadsi(113549) encryptionAlgorithm(3) 2 }
298
299 hMAC-SHA1 OBJECT IDENTIFIER ::= { 1 3 6 1 5 5 8 1 2 } --MB;{ iso(1) identified-organization(3)
300 --MB;dod(6) internet(1) security(5) mechanisms(5) 8 1 2 }
301
302 -- some more algorithms added by dmitch
303
304 rc2-ecb OBJECT IDENTIFIER ::= { rsadsi 3 3 }
305
306 rc4 OBJECT IDENTIFIER ::= { rsadsi 3 4 }
307
308 rc4WithMAC OBJECT IDENTIFIER ::= { rsadsi 3 5 }
309
310 desx-CBC OBJECT IDENTIFIER ::= { rsadsi 3 6 }
311
312 rc5CBC OBJECT IDENTIFIER ::= { rsadsi 3 8 }
313
314 rc5-CBCPad OBJECT IDENTIFIER ::= { rsadsi 3 9 }
315
316 desCDMF OBJECT IDENTIFIER ::= { rsadsi 3 10 }
317
318 -- this is the OID used by BSAFE when generating DSA keys. It is not
319 -- the same as id_dsa from sm_x501ud...
320
321 dsa-bsafe OBJECT IDENTIFIER ::= {1 3 14 3 2 12}
322
323 -- end of dmitch addenda
324
325
326 -- Algorithm Parameters
327
328 KeyWrapAlgorithm ::= AlgorithmIdentifier
329
330 RC2wrapParameter ::= RC2ParameterVersion
331
332 RC2ParameterVersion ::= INTEGER
333
334 CBCParameter ::= IV
335
336 IV ::= OCTET STRING -- exactly 8 octets
337
338 RC2CBCParameter ::= SEQUENCE {
339 rc2ParameterVersion INTEGER,
340 iv OCTET STRING } -- exactly 8 octets
341
342
343 -- Content Type Object Identifiers
344
345 id-data OBJECT IDENTIFIER ::= { pkcs 7 1 } --MB; { iso(1) member-body(2)
346 --MB;us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 }
347
348 id-signedData OBJECT IDENTIFIER ::= { pkcs 7 2 } --MB;{ iso(1) member-body(2)
349 --MB;us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2 }
350
351 id-envelopedData OBJECT IDENTIFIER ::= { pkcs 7 3 } --MB;{ iso(1) member-body(2)
352 --MB;us(840) rsadsi(113549) pkcs(1) pkcs7(7) 3 }
353
354 id-digestedData OBJECT IDENTIFIER ::= { pkcs 7 5 } --MB;{ iso(1) member-body(2)
355 --MB;us(840) rsadsi(113549) pkcs(1) pkcs7(7) 5 }
356
357 id-encryptedData OBJECT IDENTIFIER ::= { pkcs 7 6 } --MB;{ iso(1) member-body(2)
358 --MB;us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6 }
359
360 id-ct-authData OBJECT IDENTIFIER ::= { pkcs 9 16 1 2 } --MB;{ iso(1) member-body(2)
361 --MB;us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
362 --MB;ct(1) 2 }
363
364
365 -- Attribute Object Identifiers
366
367 id-contentType OBJECT IDENTIFIER ::= { pkcs 9 3 } --MB;{ iso(1) member-body(2)
368 --MB;us(840) rsadsi(113549) pkcs(1) pkcs9(9) 3 }
369
370 id-messageDigest OBJECT IDENTIFIER ::= { pkcs 9 4 } --MB;{ iso(1) member-body(2)
371 --MB;us(840) rsadsi(113549) pkcs(1) pkcs9(9) 4 }
372
373 id-signingTime OBJECT IDENTIFIER ::= { pkcs 9 5 } --MB;{ iso(1) member-body(2)
374 --MB;us(840) rsadsi(113549) pkcs(1) pkcs9(9) 5 }
375
376 id-countersignature OBJECT IDENTIFIER ::= { pkcs 9 6 } --MB;{ iso(1) member-body(2)
377 --MB;us(840) rsadsi(113549) pkcs(1) pkcs9(9) 6 }
378
379
380 -- Obsolete Extended Certificate syntax from PKCS#6
381
382 ExtendedCertificateOrCertificate ::= CHOICE {
383 certificate Certificate,
384 extendedCertificate [0] IMPLICIT ExtendedCertificate }
385
386 ExtendedCertificate ::= SEQUENCE {
387 extendedCertificateInfo ExtendedCertificateInfo,
388 signatureAlgorithm SignatureAlgorithmIdentifier,
389 signature Signature }
390
391 ExtendedCertificateInfo ::= SEQUENCE {
392 version CMSVersion,
393 certificate Certificate,
394 attributes Attributes } --MB;UnauthAttributes }
395
396 Signature ::= BIT STRING
397
398
399
400 -- Everything below this line is not part of draft-ietf-smime-cms-13.txt
401
402
403 -- Attribute Object Identifiers
404
405 id-macValue OBJECT IDENTIFIER ::= { pkcs 9 16 2 8 } --MB;{ iso(1) member-body(2)
406 --MB;us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) aa(2) 8 }
407
408
409 -- Algorithm Identifiers
410
411 id-dsa OBJECT IDENTIFIER ::= { 1 2 840 10040 4 1 } --MB;{iso(1) member-body(2)
412 --MB;us(840) x9-57(10040) x9cm(4) 1 }
413
414
415 -- Content Encryption Algorithms
416 -- For the effective-key-bits (key size) greater than 32 and less
417 -- than 256, the RC2-CBC algorithm parameters are encoded as:
418 -- RC2-CBC parameter ::= SEQUENCE {
419 -- rc2ParameterVersion INTEGER,
420 -- iv OCTET STRING (8) }
421 -- For the effective-key-bits of 40, 64, and 128, the
422 -- rc2ParameterVersion values are 160, 120, 58 respectively.
423
424
425 -- Normally in PKCS#7
426 DigestInfo ::= SEQUENCE { -- Defined in PKCS#7 but not IETF-CMS
427 digestAlgorithm DigestAlgorithmIdentifier,
428 digest Digest }
429
430
431 END -- of CryptographicMessageSyntax