1 -- Extracted from RFC5652
2 -- and massaged/modified so it passes through our asn2wrs compiler
4 CryptographicMessageSyntax { iso(1) member-body(2) us(840) rsadsi(113549)
5 pkcs(1) pkcs-9(9) smime(16) modules(0) cms-2004(24) } DEFINITIONS IMPLICIT TAGS ::=
9 -- The types and values defined in this module are exported for use in
10 -- the other ASN.1 modules. Other applications may use them for their
14 -- Directory Information Framework (X.501)
16 FROM InformationFramework { joint-iso-itu-t ds(5) modules(1)
17 informationFramework(1) 3 }
19 -- Directory Authentication Framework (X.509)
20 AlgorithmIdentifier, AttributeCertificate, Certificate,
21 CertificateList, CertificateSerialNumber
22 FROM AuthenticationFramework { joint-iso-itu-t ds(5)
23 module(1) authenticationFramework(7) 3 } ;
26 -- Cryptographic Message Syntax
30 ContentInfo ::= SEQUENCE {
31 contentType ContentType,
32 content [0] EXPLICIT ANY DEFINED BY contentType
35 ContentType ::= OBJECT IDENTIFIER
37 SignedData ::= SEQUENCE {
39 digestAlgorithms DigestAlgorithmIdentifiers,
40 encapContentInfo EncapsulatedContentInfo,
41 certificates [0] IMPLICIT CertificateSet OPTIONAL,
42 crls [1] IMPLICIT RevocationInfoChoices OPTIONAL,
43 signerInfos SignerInfos }
45 DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
47 SignerInfos ::= SET OF SignerInfo
49 -- Implemented by hand in the template
50 EncapsulatedContentInfo ::= SEQUENCE {
51 eContentType ContentType,
52 eContent [0] EXPLICIT OCTET STRING OPTIONAL }
54 SignerInfo ::= SEQUENCE {
57 digestAlgorithm DigestAlgorithmIdentifier,
58 signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
59 signatureAlgorithm SignatureAlgorithmIdentifier,
60 signature SignatureValue,
61 unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL }
63 SignerIdentifier ::= CHOICE {
64 issuerAndSerialNumber IssuerAndSerialNumber,
65 subjectKeyIdentifier [0] SubjectKeyIdentifier }
67 SignedAttributes ::= SET SIZE (1..MAX) OF Attribute
69 UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute
71 Attribute ::= SEQUENCE {
72 attrType OBJECT IDENTIFIER,
73 attrValues SET OF AttributeValue
76 AttributeValue ::= ANY
78 SignatureValue ::= OCTET STRING
80 EnvelopedData ::= SEQUENCE {
82 originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
83 recipientInfos RecipientInfos,
84 encryptedContentInfo EncryptedContentInfo,
85 unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL }
87 OriginatorInfo ::= SEQUENCE {
88 certs [0] IMPLICIT CertificateSet OPTIONAL,
89 crls [1] IMPLICIT RevocationInfoChoices OPTIONAL }
91 RecipientInfos ::= SET SIZE (1..MAX) OF RecipientInfo
93 EncryptedContentInfo ::= SEQUENCE {
94 contentType ContentType,
95 contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
96 encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL }
98 EncryptedContent ::= OCTET STRING
100 UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute
102 RecipientInfo ::= CHOICE {
103 ktri KeyTransRecipientInfo,
104 kari [1] KeyAgreeRecipientInfo,
105 kekri [2] KEKRecipientInfo,
106 pwri [3] PasswordRecipientInfo,
107 ori [4] OtherRecipientInfo }
109 EncryptedKey ::= OCTET STRING
111 KeyTransRecipientInfo ::= SEQUENCE {
112 version CMSVersion, -- always set to 0 or 2
113 rid RecipientIdentifier,
114 keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
115 encryptedKey EncryptedKey }
117 RecipientIdentifier ::= CHOICE {
118 issuerAndSerialNumber IssuerAndSerialNumber,
119 subjectKeyIdentifier [0] SubjectKeyIdentifier }
121 KeyAgreeRecipientInfo ::= SEQUENCE {
122 version CMSVersion, -- always set to 3
123 originator [0] EXPLICIT OriginatorIdentifierOrKey,
124 ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL,
125 keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
126 recipientEncryptedKeys RecipientEncryptedKeys }
128 OriginatorIdentifierOrKey ::= CHOICE {
129 issuerAndSerialNumber IssuerAndSerialNumber,
130 subjectKeyIdentifier [0] SubjectKeyIdentifier,
131 originatorKey [1] OriginatorPublicKey }
133 OriginatorPublicKey ::= SEQUENCE {
134 algorithm AlgorithmIdentifier,
135 publicKey BIT STRING }
137 RecipientEncryptedKeys ::= SEQUENCE OF RecipientEncryptedKey
139 RecipientEncryptedKey ::= SEQUENCE {
140 rid KeyAgreeRecipientIdentifier,
141 encryptedKey EncryptedKey }
143 KeyAgreeRecipientIdentifier ::= CHOICE {
144 issuerAndSerialNumber IssuerAndSerialNumber,
145 rKeyId [0] IMPLICIT RecipientKeyIdentifier }
147 RecipientKeyIdentifier ::= SEQUENCE {
148 subjectKeyIdentifier SubjectKeyIdentifier,
149 date GeneralizedTime OPTIONAL,
150 other OtherKeyAttribute OPTIONAL }
152 SubjectKeyIdentifier ::= OCTET STRING
154 KEKRecipientInfo ::= SEQUENCE {
155 version CMSVersion, -- always set to 4
157 keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
158 encryptedKey EncryptedKey }
160 KEKIdentifier ::= SEQUENCE {
161 keyIdentifier OCTET STRING,
162 date GeneralizedTime OPTIONAL,
163 other OtherKeyAttribute OPTIONAL }
165 PasswordRecipientInfo ::= SEQUENCE {
166 version CMSVersion, -- always set to 0
167 keyDerivationAlgorithm [0] KeyDerivationAlgorithmIdentifier
169 keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
170 encryptedKey EncryptedKey }
172 OtherRecipientInfo ::= SEQUENCE {
173 oriType OBJECT IDENTIFIER,
174 oriValue ANY DEFINED BY oriType }
176 DigestedData ::= SEQUENCE {
178 digestAlgorithm DigestAlgorithmIdentifier,
179 encapContentInfo EncapsulatedContentInfo,
182 Digest ::= OCTET STRING
184 EncryptedData ::= SEQUENCE {
186 encryptedContentInfo EncryptedContentInfo,
187 unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL }
189 AuthenticatedData ::= SEQUENCE {
191 originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
192 recipientInfos RecipientInfos,
193 macAlgorithm MessageAuthenticationCodeAlgorithm,
194 digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL,
195 encapContentInfo EncapsulatedContentInfo,
196 authAttrs [2] IMPLICIT AuthAttributes OPTIONAL,
197 mac MessageAuthenticationCode,
198 unauthAttrs [3] IMPLICIT UnauthAttributes OPTIONAL }
200 AuthAttributes ::= SET SIZE (1..MAX) OF Attribute
202 UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute
204 MessageAuthenticationCode ::= OCTET STRING
206 DigestAlgorithmIdentifier ::= AlgorithmIdentifier
208 SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
210 KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
212 ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
214 MessageAuthenticationCodeAlgorithm ::= AlgorithmIdentifier
216 KeyDerivationAlgorithmIdentifier ::= AlgorithmIdentifier
218 RevocationInfoChoices ::= SET OF RevocationInfoChoice
220 RevocationInfoChoice ::= CHOICE {
222 other [1] IMPLICIT OtherRevocationInfoFormat }
224 OtherRevocationInfoFormat ::= SEQUENCE {
225 otherRevInfoFormat OBJECT IDENTIFIER,
226 otherRevInfo ANY DEFINED BY otherRevInfoFormat }
228 CertificateChoices ::= CHOICE {
229 certificate Certificate,
230 extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete
231 v1AttrCert [1] IMPLICIT AttributeCertificateV1, -- Obsolete
232 v2AttrCert [2] IMPLICIT AttributeCertificateV2 }
234 AttributeCertificateV2 ::= AttributeCertificate
236 CertificateSet ::= SET OF CertificateChoices
238 IssuerAndSerialNumber ::= SEQUENCE {
240 serialNumber CertificateSerialNumber }
242 CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4), v5(5) }
244 UserKeyingMaterial ::= OCTET STRING
246 OtherKeyAttribute ::= SEQUENCE {
247 keyAttrId OBJECT IDENTIFIER,
248 keyAttr ANY DEFINED BY keyAttrId OPTIONAL
251 -- Content Type Object Identifiers
253 id-ct-contentInfo OBJECT IDENTIFIER ::= { iso(1) member-body(2)
254 us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) ct(1) 6 }
256 id-data OBJECT IDENTIFIER ::= { iso(1) member-body(2)
257 us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 }
259 id-signedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
260 us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2 }
262 id-envelopedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
263 us(840) rsadsi(113549) pkcs(1) pkcs7(7) 3 }
265 id-digestedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
266 us(840) rsadsi(113549) pkcs(1) pkcs7(7) 5 }
268 id-encryptedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
269 us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6 }
271 id-ct-authData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
272 us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 2 }
274 -- The CMS Attributes
276 MessageDigest ::= OCTET STRING
282 generalTime GeneralizedTime }
284 Countersignature ::= SignerInfo
286 -- Algorithm Identifiers
288 -- sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
289 -- oiw(14) secsig(3) algorithm(2) 26 }
291 -- md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
292 -- rsadsi(113549) digestAlgorithm(2) 5 }
294 -- id-dsa-with-sha1 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
295 -- us(840) x9-57 (10040) x9cm(4) 3 }
297 -- rsaEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2)
298 -- us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1 }
300 -- dh-public-number OBJECT IDENTIFIER ::= { iso(1) member-body(2)
301 -- us(840) ansi-x942(10046) number-type(2) 1 }
303 -- id-alg-ESDH OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
304 -- rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 5 }
306 -- id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= { iso(1) member-body(2)
307 -- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 6 }
309 -- id-alg-CMSRC2wrap OBJECT IDENTIFIER ::= { iso(1) member-body(2)
310 -- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 7 }
312 -- des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2)
313 -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 }
315 -- rc2-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
316 -- rsadsi(113549) encryptionAlgorithm(3) 2 }
318 -- hMAC-SHA1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
319 -- dod(6) internet(1) security(5) mechanisms(5) 8 1 2 }
322 -- Algorithm Parameters
324 KeyWrapAlgorithm ::= AlgorithmIdentifier
326 RC2WrapParameter ::= RC2ParameterVersion
328 RC2ParameterVersion ::= INTEGER
334 RC2CBCParameter ::= SEQUENCE {
335 rc2ParameterVersion INTEGER,
338 -- Attribute Object Identifiers
340 id-contentType OBJECT IDENTIFIER ::= { iso(1) member-body(2)
341 us(840) rsadsi(113549) pkcs(1) pkcs9(9) 3 }
343 id-messageDigest OBJECT IDENTIFIER ::= { iso(1) member-body(2)
344 us(840) rsadsi(113549) pkcs(1) pkcs9(9) 4 }
346 id-signingTime OBJECT IDENTIFIER ::= { iso(1) member-body(2)
347 us(840) rsadsi(113549) pkcs(1) pkcs9(9) 5 }
349 id-countersignature OBJECT IDENTIFIER ::= { iso(1) member-body(2)
350 us(840) rsadsi(113549) pkcs(1) pkcs9(9) 6 }
352 -- Obsolete Extended Certificate syntax from PKCS#6
354 ExtendedCertificateOrCertificate ::= CHOICE {
355 certificate Certificate,
356 extendedCertificate [0] IMPLICIT ExtendedCertificate }
358 ExtendedCertificate ::= SEQUENCE {
359 extendedCertificateInfo ExtendedCertificateInfo,
360 signatureAlgorithm SignatureAlgorithmIdentifier,
361 signature Signature }
363 ExtendedCertificateInfo ::= SEQUENCE {
365 certificate Certificate,
366 attributes UnauthAttributes }
368 Signature ::= BIT STRING
372 SMIMECapabilities ::= SEQUENCE OF SMIMECapability
374 SMIMECapability ::= SEQUENCE {
375 capability OBJECT IDENTIFIER,
376 parameters ANY OPTIONAL
379 SMIMEEncryptionKeyPreference ::= CHOICE {
380 issuerAndSerialNumber [0] IssuerAndSerialNumber,
381 recipientKeyId [1] RecipientKeyIdentifier,
382 subjectAltKeyIdentifier [2] SubjectKeyIdentifier
386 -- some implememtations do not seem to use the RC2CBCParameter with 1.2.840.113549.3.2 as per RFC 2630 12.4.2
387 -- so we create this CHOICE to workaround this problem until we understand what is really the correct solution
389 RC2CBCParameters ::= CHOICE {
390 rc2WrapParameter RC2WrapParameter,
391 rc2CBCParameter RC2CBCParameter
396 END -- of CryptographicMessageSyntax2004