1 -- Extracted from RFC5652
2 -- and massaged/modified so it passes through our asn2wrs compiler
5 CryptographicMessageSyntax { iso(1) member-body(2) us(840) rsadsi(113549)
6 pkcs(1) pkcs-9(9) smime(16) modules(0) cms-2004(24) } DEFINITIONS IMPLICIT TAGS ::=
10 -- The types and values defined in this module are exported for use in
11 -- the other ASN.1 modules. Other applications may use them for their
15 -- Directory Information Framework (X.501)
17 FROM InformationFramework { joint-iso-itu-t ds(5) modules(1)
18 informationFramework(1) 3 }
20 -- Directory Authentication Framework (X.509)
21 AlgorithmIdentifier, AttributeCertificate, Certificate,
22 CertificateList, CertificateSerialNumber
23 FROM AuthenticationFramework { joint-iso-itu-t ds(5)
24 module(1) authenticationFramework(7) 3 } ;
27 -- Cryptographic Message Syntax
31 ContentInfo ::= SEQUENCE {
32 contentType ContentType,
33 content [0] EXPLICIT ANY DEFINED BY contentType
36 ContentType ::= OBJECT IDENTIFIER
38 SignedData ::= SEQUENCE {
40 digestAlgorithms DigestAlgorithmIdentifiers,
41 encapContentInfo EncapsulatedContentInfo,
42 certificates [0] IMPLICIT CertificateSet OPTIONAL,
43 crls [1] IMPLICIT RevocationInfoChoices OPTIONAL,
44 signerInfos SignerInfos }
46 DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier
48 SignerInfos ::= SET OF SignerInfo
50 -- Implemented by hand in the template
51 EncapsulatedContentInfo ::= SEQUENCE {
52 eContentType ContentType,
53 eContent [0] EXPLICIT OCTET STRING OPTIONAL }
55 SignerInfo ::= SEQUENCE {
58 digestAlgorithm DigestAlgorithmIdentifier,
59 signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
60 signatureAlgorithm SignatureAlgorithmIdentifier,
61 signature SignatureValue,
62 unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL }
64 SignerIdentifier ::= CHOICE {
65 issuerAndSerialNumber IssuerAndSerialNumber,
66 subjectKeyIdentifier [0] SubjectKeyIdentifier }
68 SignedAttributes ::= SET SIZE (1..MAX) OF Attribute
70 UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute
72 Attribute ::= SEQUENCE {
73 attrType OBJECT IDENTIFIER,
74 attrValues SET OF AttributeValue
77 AttributeValue ::= ANY
79 SignatureValue ::= OCTET STRING
81 EnvelopedData ::= SEQUENCE {
83 originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
84 recipientInfos RecipientInfos,
85 encryptedContentInfo EncryptedContentInfo,
86 unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL }
88 OriginatorInfo ::= SEQUENCE {
89 certs [0] IMPLICIT CertificateSet OPTIONAL,
90 crls [1] IMPLICIT RevocationInfoChoices OPTIONAL }
92 RecipientInfos ::= SET SIZE (1..MAX) OF RecipientInfo
94 EncryptedContentInfo ::= SEQUENCE {
95 contentType ContentType,
96 contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
97 encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL }
99 EncryptedContent ::= OCTET STRING
101 UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute
103 RecipientInfo ::= CHOICE {
104 ktri KeyTransRecipientInfo,
105 kari [1] KeyAgreeRecipientInfo,
106 kekri [2] KEKRecipientInfo,
107 pwri [3] PasswordRecipientInfo,
108 ori [4] OtherRecipientInfo }
110 EncryptedKey ::= OCTET STRING
112 KeyTransRecipientInfo ::= SEQUENCE {
113 version CMSVersion, -- always set to 0 or 2
114 rid RecipientIdentifier,
115 keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
116 encryptedKey EncryptedKey }
118 RecipientIdentifier ::= CHOICE {
119 issuerAndSerialNumber IssuerAndSerialNumber,
120 subjectKeyIdentifier [0] SubjectKeyIdentifier }
122 KeyAgreeRecipientInfo ::= SEQUENCE {
123 version CMSVersion, -- always set to 3
124 originator [0] EXPLICIT OriginatorIdentifierOrKey,
125 ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL,
126 keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
127 recipientEncryptedKeys RecipientEncryptedKeys }
129 OriginatorIdentifierOrKey ::= CHOICE {
130 issuerAndSerialNumber IssuerAndSerialNumber,
131 subjectKeyIdentifier [0] SubjectKeyIdentifier,
132 originatorKey [1] OriginatorPublicKey }
134 OriginatorPublicKey ::= SEQUENCE {
135 algorithm AlgorithmIdentifier,
136 publicKey BIT STRING }
138 RecipientEncryptedKeys ::= SEQUENCE OF RecipientEncryptedKey
140 RecipientEncryptedKey ::= SEQUENCE {
141 rid KeyAgreeRecipientIdentifier,
142 encryptedKey EncryptedKey }
144 KeyAgreeRecipientIdentifier ::= CHOICE {
145 issuerAndSerialNumber IssuerAndSerialNumber,
146 rKeyId [0] IMPLICIT RecipientKeyIdentifier }
148 RecipientKeyIdentifier ::= SEQUENCE {
149 subjectKeyIdentifier SubjectKeyIdentifier,
150 date GeneralizedTime OPTIONAL,
151 other OtherKeyAttribute OPTIONAL }
153 SubjectKeyIdentifier ::= OCTET STRING
155 KEKRecipientInfo ::= SEQUENCE {
156 version CMSVersion, -- always set to 4
158 keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
159 encryptedKey EncryptedKey }
161 KEKIdentifier ::= SEQUENCE {
162 keyIdentifier OCTET STRING,
163 date GeneralizedTime OPTIONAL,
164 other OtherKeyAttribute OPTIONAL }
166 PasswordRecipientInfo ::= SEQUENCE {
167 version CMSVersion, -- always set to 0
168 keyDerivationAlgorithm [0] KeyDerivationAlgorithmIdentifier
170 keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
171 encryptedKey EncryptedKey }
173 OtherRecipientInfo ::= SEQUENCE {
174 oriType OBJECT IDENTIFIER,
175 oriValue ANY DEFINED BY oriType }
177 DigestedData ::= SEQUENCE {
179 digestAlgorithm DigestAlgorithmIdentifier,
180 encapContentInfo EncapsulatedContentInfo,
183 Digest ::= OCTET STRING
185 EncryptedData ::= SEQUENCE {
187 encryptedContentInfo EncryptedContentInfo,
188 unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL }
190 AuthenticatedData ::= SEQUENCE {
192 originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
193 recipientInfos RecipientInfos,
194 macAlgorithm MessageAuthenticationCodeAlgorithm,
195 digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL,
196 encapContentInfo EncapsulatedContentInfo,
197 authAttrs [2] IMPLICIT AuthAttributes OPTIONAL,
198 mac MessageAuthenticationCode,
199 unauthAttrs [3] IMPLICIT UnauthAttributes OPTIONAL }
201 AuthAttributes ::= SET SIZE (1..MAX) OF Attribute
203 UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute
205 MessageAuthenticationCode ::= OCTET STRING
207 DigestAlgorithmIdentifier ::= AlgorithmIdentifier
209 SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
211 KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
213 ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
215 MessageAuthenticationCodeAlgorithm ::= AlgorithmIdentifier
217 KeyDerivationAlgorithmIdentifier ::= AlgorithmIdentifier
219 RevocationInfoChoices ::= SET OF RevocationInfoChoice
221 RevocationInfoChoice ::= CHOICE {
223 other [1] IMPLICIT OtherRevocationInfoFormat }
225 OtherRevocationInfoFormat ::= SEQUENCE {
226 otherRevInfoFormat OBJECT IDENTIFIER,
227 otherRevInfo ANY DEFINED BY otherRevInfoFormat }
229 CertificateChoices ::= CHOICE {
230 certificate Certificate,
231 extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete
232 v1AttrCert [1] IMPLICIT AttributeCertificateV1, -- Obsolete
233 v2AttrCert [2] IMPLICIT AttributeCertificateV2 }
235 AttributeCertificateV2 ::= AttributeCertificate
237 CertificateSet ::= SET OF CertificateChoices
239 IssuerAndSerialNumber ::= SEQUENCE {
241 serialNumber CertificateSerialNumber }
243 CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4), v5(5) }
245 UserKeyingMaterial ::= OCTET STRING
247 OtherKeyAttribute ::= SEQUENCE {
248 keyAttrId OBJECT IDENTIFIER,
249 keyAttr ANY DEFINED BY keyAttrId OPTIONAL
252 -- Content Type Object Identifiers
254 id-ct-contentInfo OBJECT IDENTIFIER ::= { iso(1) member-body(2)
255 us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) ct(1) 6 }
257 id-data OBJECT IDENTIFIER ::= { iso(1) member-body(2)
258 us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 }
260 id-signedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
261 us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2 }
263 id-envelopedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
264 us(840) rsadsi(113549) pkcs(1) pkcs7(7) 3 }
266 id-digestedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
267 us(840) rsadsi(113549) pkcs(1) pkcs7(7) 5 }
269 id-encryptedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
270 us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6 }
272 id-ct-authData OBJECT IDENTIFIER ::= { iso(1) member-body(2)
273 us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 2 }
275 -- The CMS Attributes
277 MessageDigest ::= OCTET STRING
283 generalTime GeneralizedTime }
285 Countersignature ::= SignerInfo
287 -- Algorithm Identifiers
289 -- sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
290 -- oiw(14) secsig(3) algorithm(2) 26 }
292 -- md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
293 -- rsadsi(113549) digestAlgorithm(2) 5 }
295 -- id-dsa-with-sha1 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
296 -- us(840) x9-57 (10040) x9cm(4) 3 }
298 -- rsaEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2)
299 -- us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1 }
301 -- dh-public-number OBJECT IDENTIFIER ::= { iso(1) member-body(2)
302 -- us(840) ansi-x942(10046) number-type(2) 1 }
304 -- id-alg-ESDH OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
305 -- rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 5 }
307 -- id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= { iso(1) member-body(2)
308 -- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 6 }
310 -- id-alg-CMSRC2wrap OBJECT IDENTIFIER ::= { iso(1) member-body(2)
311 -- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 7 }
313 -- des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2)
314 -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 }
316 -- rc2-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
317 -- rsadsi(113549) encryptionAlgorithm(3) 2 }
319 -- hMAC-SHA1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
320 -- dod(6) internet(1) security(5) mechanisms(5) 8 1 2 }
323 -- Algorithm Parameters
325 KeyWrapAlgorithm ::= AlgorithmIdentifier
327 RC2WrapParameter ::= RC2ParameterVersion
329 RC2ParameterVersion ::= INTEGER
335 RC2CBCParameter ::= SEQUENCE {
336 rc2ParameterVersion INTEGER,
339 -- Attribute Object Identifiers
341 id-contentType OBJECT IDENTIFIER ::= { iso(1) member-body(2)
342 us(840) rsadsi(113549) pkcs(1) pkcs9(9) 3 }
344 id-messageDigest OBJECT IDENTIFIER ::= { iso(1) member-body(2)
345 us(840) rsadsi(113549) pkcs(1) pkcs9(9) 4 }
347 id-signingTime OBJECT IDENTIFIER ::= { iso(1) member-body(2)
348 us(840) rsadsi(113549) pkcs(1) pkcs9(9) 5 }
350 id-countersignature OBJECT IDENTIFIER ::= { iso(1) member-body(2)
351 us(840) rsadsi(113549) pkcs(1) pkcs9(9) 6 }
353 -- Obsolete Extended Certificate syntax from PKCS#6
355 ExtendedCertificateOrCertificate ::= CHOICE {
356 certificate Certificate,
357 extendedCertificate [0] IMPLICIT ExtendedCertificate }
359 ExtendedCertificate ::= SEQUENCE {
360 extendedCertificateInfo ExtendedCertificateInfo,
361 signatureAlgorithm SignatureAlgorithmIdentifier,
362 signature Signature }
364 ExtendedCertificateInfo ::= SEQUENCE {
366 certificate Certificate,
367 attributes UnauthAttributes }
369 Signature ::= BIT STRING
373 SMIMECapabilities ::= SEQUENCE OF SMIMECapability
375 SMIMECapability ::= SEQUENCE {
376 capability OBJECT IDENTIFIER,
377 parameters ANY OPTIONAL
380 SMIMEEncryptionKeyPreference ::= CHOICE {
381 issuerAndSerialNumber [0] IssuerAndSerialNumber,
382 recipientKeyId [1] RecipientKeyIdentifier,
383 subjectAltKeyIdentifier [2] SubjectKeyIdentifier
387 -- some implememtations do not seem to use the RC2CBCParameter with 1.2.840.113549.3.2 as per RFC 2630 12.4.2
388 -- so we create this CHOICE to workaround this problem until we understand what is really the correct solution
390 RC2CBCParameters ::= CHOICE {
391 rc2WrapParameter RC2WrapParameter,
392 rc2CBCParameter RC2CBCParameter
397 END -- of CryptographicMessageSyntax2004