1*ae771770SStanislav Sedov-- From RFC 3369 -- 2*ae771770SStanislav Sedov-- $Id$ -- 3*ae771770SStanislav Sedov 4*ae771770SStanislav SedovCMS DEFINITIONS ::= BEGIN 5*ae771770SStanislav Sedov 6*ae771770SStanislav SedovIMPORTS CertificateSerialNumber, AlgorithmIdentifier, Name, 7*ae771770SStanislav Sedov Attribute, Certificate, SubjectKeyIdentifier FROM rfc2459 8*ae771770SStanislav Sedov heim_any, heim_any_set FROM heim; 9*ae771770SStanislav Sedov 10*ae771770SStanislav Sedovid-pkcs7 OBJECT IDENTIFIER ::= { iso(1) member-body(2) 11*ae771770SStanislav Sedov us(840) rsadsi(113549) pkcs(1) pkcs7(7) } 12*ae771770SStanislav Sedov 13*ae771770SStanislav Sedovid-pkcs7-data OBJECT IDENTIFIER ::= { id-pkcs7 1 } 14*ae771770SStanislav Sedovid-pkcs7-signedData OBJECT IDENTIFIER ::= { id-pkcs7 2 } 15*ae771770SStanislav Sedovid-pkcs7-envelopedData OBJECT IDENTIFIER ::= { id-pkcs7 3 } 16*ae771770SStanislav Sedovid-pkcs7-signedAndEnvelopedData OBJECT IDENTIFIER ::= { id-pkcs7 4 } 17*ae771770SStanislav Sedovid-pkcs7-digestedData OBJECT IDENTIFIER ::= { id-pkcs7 5 } 18*ae771770SStanislav Sedovid-pkcs7-encryptedData OBJECT IDENTIFIER ::= { id-pkcs7 6 } 19*ae771770SStanislav Sedov 20*ae771770SStanislav SedovCMSVersion ::= INTEGER { 21*ae771770SStanislav Sedov CMSVersion_v0(0), 22*ae771770SStanislav Sedov CMSVersion_v1(1), 23*ae771770SStanislav Sedov CMSVersion_v2(2), 24*ae771770SStanislav Sedov CMSVersion_v3(3), 25*ae771770SStanislav Sedov CMSVersion_v4(4) 26*ae771770SStanislav Sedov} 27*ae771770SStanislav Sedov 28*ae771770SStanislav SedovDigestAlgorithmIdentifier ::= AlgorithmIdentifier 29*ae771770SStanislav SedovDigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier 30*ae771770SStanislav SedovSignatureAlgorithmIdentifier ::= AlgorithmIdentifier 31*ae771770SStanislav Sedov 32*ae771770SStanislav SedovContentType ::= OBJECT IDENTIFIER 33*ae771770SStanislav SedovMessageDigest ::= OCTET STRING 34*ae771770SStanislav Sedov 35*ae771770SStanislav SedovContentInfo ::= SEQUENCE { 36*ae771770SStanislav Sedov contentType ContentType, 37*ae771770SStanislav Sedov content [0] EXPLICIT heim_any OPTIONAL -- DEFINED BY contentType 38*ae771770SStanislav Sedov} 39*ae771770SStanislav Sedov 40*ae771770SStanislav SedovEncapsulatedContentInfo ::= SEQUENCE { 41*ae771770SStanislav Sedov eContentType ContentType, 42*ae771770SStanislav Sedov eContent [0] EXPLICIT OCTET STRING OPTIONAL 43*ae771770SStanislav Sedov} 44*ae771770SStanislav Sedov 45*ae771770SStanislav SedovCertificateSet ::= SET OF heim_any 46*ae771770SStanislav Sedov 47*ae771770SStanislav SedovCertificateList ::= Certificate 48*ae771770SStanislav Sedov 49*ae771770SStanislav SedovCertificateRevocationLists ::= SET OF CertificateList 50*ae771770SStanislav Sedov 51*ae771770SStanislav SedovIssuerAndSerialNumber ::= SEQUENCE { 52*ae771770SStanislav Sedov issuer Name, 53*ae771770SStanislav Sedov serialNumber CertificateSerialNumber 54*ae771770SStanislav Sedov} 55*ae771770SStanislav Sedov 56*ae771770SStanislav Sedov-- RecipientIdentifier is same as SignerIdentifier, 57*ae771770SStanislav Sedov-- lets glue them togheter and save some bytes and share code for them 58*ae771770SStanislav Sedov 59*ae771770SStanislav SedovCMSIdentifier ::= CHOICE { 60*ae771770SStanislav Sedov issuerAndSerialNumber IssuerAndSerialNumber, 61*ae771770SStanislav Sedov subjectKeyIdentifier [0] SubjectKeyIdentifier 62*ae771770SStanislav Sedov} 63*ae771770SStanislav Sedov 64*ae771770SStanislav SedovSignerIdentifier ::= CMSIdentifier 65*ae771770SStanislav SedovRecipientIdentifier ::= CMSIdentifier 66*ae771770SStanislav Sedov 67*ae771770SStanislav Sedov--- CMSAttributes are the combined UnsignedAttributes and SignedAttributes 68*ae771770SStanislav Sedov--- to store space and share code 69*ae771770SStanislav Sedov 70*ae771770SStanislav SedovCMSAttributes ::= SET OF Attribute -- SIZE (1..MAX) 71*ae771770SStanislav Sedov 72*ae771770SStanislav SedovSignatureValue ::= OCTET STRING 73*ae771770SStanislav Sedov 74*ae771770SStanislav SedovSignerInfo ::= SEQUENCE { 75*ae771770SStanislav Sedov version CMSVersion, 76*ae771770SStanislav Sedov sid SignerIdentifier, 77*ae771770SStanislav Sedov digestAlgorithm DigestAlgorithmIdentifier, 78*ae771770SStanislav Sedov signedAttrs [0] IMPLICIT -- CMSAttributes -- 79*ae771770SStanislav Sedov SET OF Attribute OPTIONAL, 80*ae771770SStanislav Sedov signatureAlgorithm SignatureAlgorithmIdentifier, 81*ae771770SStanislav Sedov signature SignatureValue, 82*ae771770SStanislav Sedov unsignedAttrs [1] IMPLICIT -- CMSAttributes -- 83*ae771770SStanislav Sedov SET OF Attribute OPTIONAL 84*ae771770SStanislav Sedov} 85*ae771770SStanislav Sedov 86*ae771770SStanislav SedovSignerInfos ::= SET OF SignerInfo 87*ae771770SStanislav Sedov 88*ae771770SStanislav SedovSignedData ::= SEQUENCE { 89*ae771770SStanislav Sedov version CMSVersion, 90*ae771770SStanislav Sedov digestAlgorithms DigestAlgorithmIdentifiers, 91*ae771770SStanislav Sedov encapContentInfo EncapsulatedContentInfo, 92*ae771770SStanislav Sedov certificates [0] IMPLICIT -- CertificateSet -- 93*ae771770SStanislav Sedov SET OF heim_any OPTIONAL, 94*ae771770SStanislav Sedov crls [1] IMPLICIT -- CertificateRevocationLists -- 95*ae771770SStanislav Sedov heim_any OPTIONAL, 96*ae771770SStanislav Sedov signerInfos SignerInfos 97*ae771770SStanislav Sedov} 98*ae771770SStanislav Sedov 99*ae771770SStanislav SedovOriginatorInfo ::= SEQUENCE { 100*ae771770SStanislav Sedov certs [0] IMPLICIT -- CertificateSet -- 101*ae771770SStanislav Sedov SET OF heim_any OPTIONAL, 102*ae771770SStanislav Sedov crls [1] IMPLICIT --CertificateRevocationLists -- 103*ae771770SStanislav Sedov heim_any OPTIONAL 104*ae771770SStanislav Sedov} 105*ae771770SStanislav Sedov 106*ae771770SStanislav SedovKeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier 107*ae771770SStanislav SedovContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier 108*ae771770SStanislav Sedov 109*ae771770SStanislav SedovEncryptedKey ::= OCTET STRING 110*ae771770SStanislav Sedov 111*ae771770SStanislav SedovKeyTransRecipientInfo ::= SEQUENCE { 112*ae771770SStanislav Sedov version CMSVersion, -- always set to 0 or 2 113*ae771770SStanislav Sedov rid RecipientIdentifier, 114*ae771770SStanislav Sedov keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, 115*ae771770SStanislav Sedov encryptedKey EncryptedKey 116*ae771770SStanislav Sedov} 117*ae771770SStanislav Sedov 118*ae771770SStanislav SedovRecipientInfo ::= KeyTransRecipientInfo 119*ae771770SStanislav Sedov 120*ae771770SStanislav SedovRecipientInfos ::= SET OF RecipientInfo 121*ae771770SStanislav Sedov 122*ae771770SStanislav SedovEncryptedContent ::= OCTET STRING 123*ae771770SStanislav Sedov 124*ae771770SStanislav SedovEncryptedContentInfo ::= SEQUENCE { 125*ae771770SStanislav Sedov contentType ContentType, 126*ae771770SStanislav Sedov contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier, 127*ae771770SStanislav Sedov encryptedContent [0] IMPLICIT OCTET STRING OPTIONAL 128*ae771770SStanislav Sedov} 129*ae771770SStanislav Sedov 130*ae771770SStanislav SedovUnprotectedAttributes ::= SET OF Attribute -- SIZE (1..MAX) 131*ae771770SStanislav Sedov 132*ae771770SStanislav SedovCMSEncryptedData ::= SEQUENCE { 133*ae771770SStanislav Sedov version CMSVersion, 134*ae771770SStanislav Sedov encryptedContentInfo EncryptedContentInfo, 135*ae771770SStanislav Sedov unprotectedAttrs [1] IMPLICIT -- UnprotectedAttributes -- 136*ae771770SStanislav Sedov heim_any OPTIONAL 137*ae771770SStanislav Sedov} 138*ae771770SStanislav Sedov 139*ae771770SStanislav SedovEnvelopedData ::= SEQUENCE { 140*ae771770SStanislav Sedov version CMSVersion, 141*ae771770SStanislav Sedov originatorInfo [0] IMPLICIT -- OriginatorInfo -- heim_any OPTIONAL, 142*ae771770SStanislav Sedov recipientInfos RecipientInfos, 143*ae771770SStanislav Sedov encryptedContentInfo EncryptedContentInfo, 144*ae771770SStanislav Sedov unprotectedAttrs [1] IMPLICIT -- UnprotectedAttributes -- 145*ae771770SStanislav Sedov heim_any OPTIONAL 146*ae771770SStanislav Sedov} 147*ae771770SStanislav Sedov 148*ae771770SStanislav Sedov-- Data ::= OCTET STRING 149*ae771770SStanislav Sedov 150*ae771770SStanislav SedovCMSRC2CBCParameter ::= SEQUENCE { 151*ae771770SStanislav Sedov rc2ParameterVersion INTEGER (0..4294967295), 152*ae771770SStanislav Sedov iv OCTET STRING -- exactly 8 octets 153*ae771770SStanislav Sedov} 154*ae771770SStanislav Sedov 155*ae771770SStanislav SedovCMSCBCParameter ::= OCTET STRING 156*ae771770SStanislav Sedov 157*ae771770SStanislav SedovEND 158