-- From RFC 3369 -- -- $Id$ -- CMS DEFINITIONS ::= BEGIN IMPORTS CertificateSerialNumber, AlgorithmIdentifier, Name, Attribute, Certificate, SubjectKeyIdentifier FROM rfc2459 HEIM_ANY FROM heim; id-pkcs7 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) } id-pkcs7-data OBJECT IDENTIFIER ::= { id-pkcs7 1 } id-pkcs7-signedData OBJECT IDENTIFIER ::= { id-pkcs7 2 } id-pkcs7-envelopedData OBJECT IDENTIFIER ::= { id-pkcs7 3 } id-pkcs7-signedAndEnvelopedData OBJECT IDENTIFIER ::= { id-pkcs7 4 } id-pkcs7-digestedData OBJECT IDENTIFIER ::= { id-pkcs7 5 } id-pkcs7-encryptedData OBJECT IDENTIFIER ::= { id-pkcs7 6 } CMSVersion ::= INTEGER { cMSVersion-v0(0), cMSVersion-v1(1), cMSVersion-v2(2), cMSVersion-v3(3), cMSVersion-v4(4) } DigestAlgorithmIdentifier ::= AlgorithmIdentifier DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier SignatureAlgorithmIdentifier ::= AlgorithmIdentifier ContentType ::= OBJECT IDENTIFIER MessageDigest ::= OCTET STRING EncapsulatedContentInfo ::= SEQUENCE { eContentType ContentType, eContent [0] EXPLICIT OCTET STRING OPTIONAL } CertificateChoices ::= CHOICE { certificate Certificate, any HEIM_ANY } -- Really, for us this is strictly a Certificate. See RFC 5911. CertificateSet ::= SET OF CertificateChoices CertificateList ::= Certificate CertificateRevocationLists ::= SET OF CertificateList IssuerAndSerialNumber ::= SEQUENCE { issuer Name, serialNumber CertificateSerialNumber } -- RecipientIdentifier is same as SignerIdentifier, -- lets glue them togheter and save some bytes and share code for them CMSIdentifier ::= CHOICE { issuerAndSerialNumber IssuerAndSerialNumber, subjectKeyIdentifier [0] SubjectKeyIdentifier } SignerIdentifier ::= CMSIdentifier RecipientIdentifier ::= CMSIdentifier --- CMSAttributes are the combined UnsignedAttributes and SignedAttributes --- to store space and share code CMSAttributes ::= SET OF Attribute -- SIZE (1..MAX) SignatureValue ::= OCTET STRING SignerInfo ::= SEQUENCE { version CMSVersion, sid SignerIdentifier, digestAlgorithm DigestAlgorithmIdentifier, signedAttrs [0] IMPLICIT CMSAttributes OPTIONAL, signatureAlgorithm SignatureAlgorithmIdentifier, signature SignatureValue, unsignedAttrs [1] IMPLICIT CMSAttributes OPTIONAL } SignerInfos ::= SET OF SignerInfo SignedData ::= SEQUENCE { version CMSVersion, digestAlgorithms DigestAlgorithmIdentifiers, encapContentInfo EncapsulatedContentInfo, certificates [0] IMPLICIT CertificateSet OPTIONAL, crls [1] IMPLICIT CertificateRevocationLists OPTIONAL, signerInfos SignerInfos } OriginatorInfo ::= SEQUENCE { certs [0] IMPLICIT CertificateSet OPTIONAL, crls [1] IMPLICIT CertificateRevocationLists OPTIONAL } KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier EncryptedKey ::= OCTET STRING KeyTransRecipientInfo ::= SEQUENCE { version CMSVersion, -- always set to 0 or 2 rid RecipientIdentifier, keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, encryptedKey EncryptedKey } RecipientInfo ::= KeyTransRecipientInfo RecipientInfos ::= SET OF RecipientInfo EncryptedContent ::= OCTET STRING EncryptedContentInfo ::= SEQUENCE { contentType ContentType, contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier, encryptedContent [0] IMPLICIT OCTET STRING OPTIONAL } UnprotectedAttributes ::= SET OF Attribute -- SIZE (1..MAX) CMSEncryptedData ::= SEQUENCE { version CMSVersion, encryptedContentInfo EncryptedContentInfo, unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL } EnvelopedData ::= SEQUENCE { version CMSVersion, originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL, recipientInfos RecipientInfos, encryptedContentInfo EncryptedContentInfo, unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL } -- Data ::= OCTET STRING CMSRC2CBCParameter ::= SEQUENCE { rc2ParameterVersion INTEGER (0..4294967295), iv OCTET STRING -- exactly 8 octets } CMSCBCParameter ::= OCTET STRING -- We don't have a) a builtin TYPE-IDENTIFIER class, b) class equality -- assignment yet! _CONTENT-TYPE ::= CLASS { &id OBJECT IDENTIFIER UNIQUE, &Type OPTIONAL } ContentInfo{_CONTENT-TYPE:ContentSet} ::= SEQUENCE { contentType _CONTENT-TYPE.&id({ContentSet}), content [0] EXPLICIT _CONTENT-TYPE.&Type({ContentSet}{@contentType}) OPTIONAL } -- Content Type Object Identifiers and Objects id-ct-contentInfo OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) ct(1) 6 } id-data OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 } OctetString ::= OCTET STRING -- workaround compiler bug ct-Data _CONTENT-TYPE ::= { &id id-data, &Type OctetString } id-signedData OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2 } ct-SignedData _CONTENT-TYPE ::= { &id id-signedData, &Type SignedData } id-envelopedData OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 3 } ct-EnvelopedData _CONTENT-TYPE ::= { &id id-envelopedData, &Type EnvelopedData } id-digestedData OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 5 } -- ct-DigestedData _CONTENT-TYPE ::= { &id id-digestedData, &Type DigestedData } id-encryptedData OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6 } -- ct-EncryptedData _CONTENT-TYPE ::= { &id id-encryptedData, &Type EncryptedData } id-ct-authData OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 2 } -- ct-AuthenticatedData _CONTENT-TYPE ::= -- { &id id-ct-authData, &Type AuthenticatedData } ContentSet _CONTENT-TYPE ::= { -- Define the set of content types to be recognized. ct-Data | ct-SignedData | ct-EnvelopedData -- | ct-EncryptedData -- | ct-AuthenticatedData | ct-DigestedData } ContentInfo ::= ContentInfo{ContentSet} END