diff options
Diffstat (limited to 'epan/dissectors/asn1/cms/CryptographicMessageSyntax.asn')
-rw-r--r-- | epan/dissectors/asn1/cms/CryptographicMessageSyntax.asn | 396 |
1 files changed, 396 insertions, 0 deletions
diff --git a/epan/dissectors/asn1/cms/CryptographicMessageSyntax.asn b/epan/dissectors/asn1/cms/CryptographicMessageSyntax.asn new file mode 100644 index 0000000000..3a78b24fa4 --- /dev/null +++ b/epan/dissectors/asn1/cms/CryptographicMessageSyntax.asn @@ -0,0 +1,396 @@ +-- Extracted from RFC5652 +-- and massaged/modified so it passes through our asn2wrs compiler + +CryptographicMessageSyntax { iso(1) member-body(2) us(840) rsadsi(113549) + pkcs(1) pkcs-9(9) smime(16) modules(0) cms-2004(24) } DEFINITIONS IMPLICIT TAGS ::= +BEGIN + +-- EXPORTS All +-- The types and values defined in this module are exported for use in +-- the other ASN.1 modules. Other applications may use them for their +-- own purposes. + +IMPORTS + -- Directory Information Framework (X.501) + Name + FROM InformationFramework { joint-iso-itu-t ds(5) modules(1) + informationFramework(1) 3 } + + -- Directory Authentication Framework (X.509) + AlgorithmIdentifier, AttributeCertificate, Certificate, + CertificateList, CertificateSerialNumber + FROM AuthenticationFramework { joint-iso-itu-t ds(5) + module(1) authenticationFramework(7) 3 } ; + + +-- Cryptographic Message Syntax +-- + + +ContentInfo ::= SEQUENCE { + contentType ContentType, + content [0] EXPLICIT ANY DEFINED BY contentType +} + +ContentType ::= OBJECT IDENTIFIER + +SignedData ::= SEQUENCE { + version CMSVersion, + digestAlgorithms DigestAlgorithmIdentifiers, + encapContentInfo EncapsulatedContentInfo, + certificates [0] IMPLICIT CertificateSet OPTIONAL, + crls [1] IMPLICIT RevocationInfoChoices OPTIONAL, + signerInfos SignerInfos } + +DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier + +SignerInfos ::= SET OF SignerInfo + +-- Implemented by hand in the template +EncapsulatedContentInfo ::= SEQUENCE { + eContentType ContentType, + eContent [0] EXPLICIT OCTET STRING OPTIONAL } + +SignerInfo ::= SEQUENCE { + version CMSVersion, + sid SignerIdentifier, + digestAlgorithm DigestAlgorithmIdentifier, + signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL, + signatureAlgorithm SignatureAlgorithmIdentifier, + signature SignatureValue, + unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL } + +SignerIdentifier ::= CHOICE { + issuerAndSerialNumber IssuerAndSerialNumber, + subjectKeyIdentifier [0] SubjectKeyIdentifier } + +SignedAttributes ::= SET SIZE (1..MAX) OF Attribute + +UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute + +Attribute ::= SEQUENCE { + attrType OBJECT IDENTIFIER, + attrValues SET OF AttributeValue +} + +AttributeValue ::= ANY + +SignatureValue ::= OCTET STRING + +EnvelopedData ::= SEQUENCE { + version CMSVersion, + originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL, + recipientInfos RecipientInfos, + encryptedContentInfo EncryptedContentInfo, + unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL } + +OriginatorInfo ::= SEQUENCE { + certs [0] IMPLICIT CertificateSet OPTIONAL, + crls [1] IMPLICIT RevocationInfoChoices OPTIONAL } + +RecipientInfos ::= SET SIZE (1..MAX) OF RecipientInfo + +EncryptedContentInfo ::= SEQUENCE { + contentType ContentType, + contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier, + encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL } + +EncryptedContent ::= OCTET STRING + +UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute + +RecipientInfo ::= CHOICE { + ktri KeyTransRecipientInfo, + kari [1] KeyAgreeRecipientInfo, + kekri [2] KEKRecipientInfo, + pwri [3] PasswordRecipientInfo, + ori [4] OtherRecipientInfo } + +EncryptedKey ::= OCTET STRING + +KeyTransRecipientInfo ::= SEQUENCE { + version CMSVersion, -- always set to 0 or 2 + rid RecipientIdentifier, + keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, + encryptedKey EncryptedKey } + +RecipientIdentifier ::= CHOICE { + issuerAndSerialNumber IssuerAndSerialNumber, + subjectKeyIdentifier [0] SubjectKeyIdentifier } + +KeyAgreeRecipientInfo ::= SEQUENCE { + version CMSVersion, -- always set to 3 + originator [0] EXPLICIT OriginatorIdentifierOrKey, + ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL, + keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, + recipientEncryptedKeys RecipientEncryptedKeys } + +OriginatorIdentifierOrKey ::= CHOICE { + issuerAndSerialNumber IssuerAndSerialNumber, + subjectKeyIdentifier [0] SubjectKeyIdentifier, + originatorKey [1] OriginatorPublicKey } + +OriginatorPublicKey ::= SEQUENCE { + algorithm AlgorithmIdentifier, + publicKey BIT STRING } + +RecipientEncryptedKeys ::= SEQUENCE OF RecipientEncryptedKey + +RecipientEncryptedKey ::= SEQUENCE { + rid KeyAgreeRecipientIdentifier, + encryptedKey EncryptedKey } + +KeyAgreeRecipientIdentifier ::= CHOICE { + issuerAndSerialNumber IssuerAndSerialNumber, + rKeyId [0] IMPLICIT RecipientKeyIdentifier } + +RecipientKeyIdentifier ::= SEQUENCE { + subjectKeyIdentifier SubjectKeyIdentifier, + date GeneralizedTime OPTIONAL, + other OtherKeyAttribute OPTIONAL } + +SubjectKeyIdentifier ::= OCTET STRING + +KEKRecipientInfo ::= SEQUENCE { + version CMSVersion, -- always set to 4 + kekid KEKIdentifier, + keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, + encryptedKey EncryptedKey } + +KEKIdentifier ::= SEQUENCE { + keyIdentifier OCTET STRING, + date GeneralizedTime OPTIONAL, + other OtherKeyAttribute OPTIONAL } + +PasswordRecipientInfo ::= SEQUENCE { + version CMSVersion, -- always set to 0 + keyDerivationAlgorithm [0] KeyDerivationAlgorithmIdentifier + OPTIONAL, + keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, + encryptedKey EncryptedKey } + +OtherRecipientInfo ::= SEQUENCE { + oriType OBJECT IDENTIFIER, + oriValue ANY DEFINED BY oriType } + +DigestedData ::= SEQUENCE { + version CMSVersion, + digestAlgorithm DigestAlgorithmIdentifier, + encapContentInfo EncapsulatedContentInfo, + digest Digest } + +Digest ::= OCTET STRING + +EncryptedData ::= SEQUENCE { + version CMSVersion, + encryptedContentInfo EncryptedContentInfo, + unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL } + +AuthenticatedData ::= SEQUENCE { + version CMSVersion, + originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL, + recipientInfos RecipientInfos, + macAlgorithm MessageAuthenticationCodeAlgorithm, + digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL, + encapContentInfo EncapsulatedContentInfo, + authAttrs [2] IMPLICIT AuthAttributes OPTIONAL, + mac MessageAuthenticationCode, + unauthAttrs [3] IMPLICIT UnauthAttributes OPTIONAL } + +AuthAttributes ::= SET SIZE (1..MAX) OF Attribute + +UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute + +MessageAuthenticationCode ::= OCTET STRING + +DigestAlgorithmIdentifier ::= AlgorithmIdentifier + +SignatureAlgorithmIdentifier ::= AlgorithmIdentifier + +KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier + +ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier + +MessageAuthenticationCodeAlgorithm ::= AlgorithmIdentifier + +KeyDerivationAlgorithmIdentifier ::= AlgorithmIdentifier + +RevocationInfoChoices ::= SET OF RevocationInfoChoice + +RevocationInfoChoice ::= CHOICE { + crl CertificateList, + other [1] IMPLICIT OtherRevocationInfoFormat } + +OtherRevocationInfoFormat ::= SEQUENCE { + otherRevInfoFormat OBJECT IDENTIFIER, + otherRevInfo ANY DEFINED BY otherRevInfoFormat } + +CertificateChoices ::= CHOICE { + certificate Certificate, + extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete + v1AttrCert [1] IMPLICIT AttributeCertificateV1, -- Obsolete + v2AttrCert [2] IMPLICIT AttributeCertificateV2 } + +AttributeCertificateV2 ::= AttributeCertificate + +CertificateSet ::= SET OF CertificateChoices + +IssuerAndSerialNumber ::= SEQUENCE { + issuer Name, + serialNumber CertificateSerialNumber } + +CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4), v5(5) } + +UserKeyingMaterial ::= OCTET STRING + +OtherKeyAttribute ::= SEQUENCE { + keyAttrId OBJECT IDENTIFIER, + keyAttr ANY DEFINED BY keyAttrId OPTIONAL +} + +-- Content Type Object Identifiers + +id-ct-contentInfo OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) ct(1) 6 } + +id-data OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 } + +id-signedData OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2 } + +id-envelopedData OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs7(7) 3 } + +id-digestedData OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs7(7) 5 } + +id-encryptedData OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6 } + +id-ct-authData OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 2 } + +-- The CMS Attributes + +MessageDigest ::= OCTET STRING + +SigningTime ::= Time + +Time ::= CHOICE { + utcTime UTCTime, + generalTime GeneralizedTime } + +Countersignature ::= SignerInfo + +-- Algorithm Identifiers +-- +-- sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) +-- oiw(14) secsig(3) algorithm(2) 26 } +-- +-- md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) +-- rsadsi(113549) digestAlgorithm(2) 5 } +-- +-- id-dsa-with-sha1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) +-- us(840) x9-57 (10040) x9cm(4) 3 } +-- +-- rsaEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2) +-- us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1 } +-- +-- dh-public-number OBJECT IDENTIFIER ::= { iso(1) member-body(2) +-- us(840) ansi-x942(10046) number-type(2) 1 } +-- +-- id-alg-ESDH OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) +-- rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 5 } +-- +-- id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= { iso(1) member-body(2) +-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 6 } +-- +-- id-alg-CMSRC2wrap OBJECT IDENTIFIER ::= { iso(1) member-body(2) +-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 7 } +-- +-- des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) +-- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } +-- +-- rc2-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) +-- rsadsi(113549) encryptionAlgorithm(3) 2 } +-- +-- hMAC-SHA1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) +-- dod(6) internet(1) security(5) mechanisms(5) 8 1 2 } +-- +-- +-- Algorithm Parameters +-- +KeyWrapAlgorithm ::= AlgorithmIdentifier + +RC2WrapParameter ::= RC2ParameterVersion + +RC2ParameterVersion ::= INTEGER + +CBCParameter ::= IV + +IV ::= OCTET STRING + +RC2CBCParameter ::= SEQUENCE { + rc2ParameterVersion INTEGER, + iv OCTET STRING } + +-- Attribute Object Identifiers + +id-contentType OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs9(9) 3 } + +id-messageDigest OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs9(9) 4 } + +id-signingTime OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs9(9) 5 } + +id-countersignature OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs9(9) 6 } + +-- Obsolete Extended Certificate syntax from PKCS#6 + +ExtendedCertificateOrCertificate ::= CHOICE { + certificate Certificate, + extendedCertificate [0] IMPLICIT ExtendedCertificate } + +ExtendedCertificate ::= SEQUENCE { + extendedCertificateInfo ExtendedCertificateInfo, + signatureAlgorithm SignatureAlgorithmIdentifier, + signature Signature } + +ExtendedCertificateInfo ::= SEQUENCE { + version CMSVersion, + certificate Certificate, + attributes UnauthAttributes } + +Signature ::= BIT STRING + +-- From S/MIME + +SMIMECapabilities ::= SEQUENCE OF SMIMECapability + +SMIMECapability ::= SEQUENCE { + capability OBJECT IDENTIFIER, + parameters ANY OPTIONAL +} + +SMIMEEncryptionKeyPreference ::= CHOICE { + issuerAndSerialNumber [0] IssuerAndSerialNumber, + recipientKeyId [1] RecipientKeyIdentifier, + subjectAltKeyIdentifier [2] SubjectKeyIdentifier + +} + +-- some implememtations do not seem to use the RC2CBCParameter with 1.2.840.113549.3.2 as per RFC 2630 12.4.2 +-- so we create this CHOICE to workaround this problem until we understand what is really the correct solution + +RC2CBCParameters ::= CHOICE { + rc2WrapParameter RC2WrapParameter, + rc2CBCParameter RC2CBCParameter + +} + + +END -- of CryptographicMessageSyntax2004 |