CMS

priv/cms/BasicAccessControl.asn1

@@ -0,0 +1,169 @@
+-- Module BasicAccessControl (X.501:08/1997)
+
+BasicAccessControl {joint-iso-itu-t ds(5) module(1) basicAccessControl(24) 3}
+DEFINITIONS ::=
+BEGIN
+
+-- EXPORTS All 
+-- The types and values defined in this module are exported for use in the other ASN.1 modules contained 
+-- within the Directory Specifications, and for the use of other applications which will use them to access 
+-- Directory services. Other applications may use them for their own purposes, but this will not constrain
+-- extensions and modifications needed to maintain or improve the Directory service.
+
+IMPORTS
+       id-aca, id-acScheme, informationFramework, upperBounds,
+       selectedAttributeTypes, directoryAbstractService
+  FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) usefulDefinitions(0) 3}
+       ATTRIBUTE, AttributeType, DistinguishedName, ContextAssertion,
+       SubtreeSpecification, SupportedAttributes, MATCHING-RULE,
+       objectIdentifierMatch, Refinement
+  FROM InformationFramework informationFramework
+       Filter
+  FROM DirectoryAbstractService directoryAbstractService
+       ub-tag
+  FROM UpperBounds upperBounds
+       NameAndOptionalUID, directoryStringFirstComponentMatch, DirectoryString{}
+  FROM SelectedAttributeTypes selectedAttributeTypes;
+
+ACIItem ::= SEQUENCE {
+  identificationTag DirectoryString{ub-tag},
+  precedence Precedence,
+  authenticationLevel AuthenticationLevel,
+  itemOrUserFirst CHOICE {
+    itemFirst [0] SEQUENCE {
+       protectedItems ProtectedItems,
+       itemPermissions SET OF ItemPermission
+    },
+    userFirst [1] SEQUENCE {
+       userClasses UserClasses,
+       userPermissions SET OF UserPermission
+    }
+  }
+}
+
+Precedence ::= INTEGER(0..255)
+
+ProtectedItems ::= SEQUENCE {
+  entry                 [0]  NULL OPTIONAL,
+  allUserAttributeTypes [1]  NULL OPTIONAL,
+  attributeType         [2]  SET SIZE (1..MAX) OF AttributeType OPTIONAL,
+  allAttributeValues    [3]  SET SIZE (1..MAX) OF AttributeType OPTIONAL,
+  allUserAttributeTypesAndValues  [4]  NULL OPTIONAL,
+  attributeValue        [5]  SET SIZE (1..MAX) OF AttributeTypeAndValue OPTIONAL,
+  selfValue             [6]  SET SIZE (1..MAX) OF AttributeType OPTIONAL,
+  rangeOfValues         [7]  Filter OPTIONAL,
+  maxValueCount         [8]  SET SIZE (1..MAX) OF MaxValueCount OPTIONAL,
+  maxImmSub             [9]  INTEGER OPTIONAL,
+  restrictedBy         [10]  SET SIZE (1..MAX) OF RestrictedValue OPTIONAL,
+  contexts             [11]  SET SIZE (1..MAX) OF ContextAssertion OPTIONAL,
+  classes              [12]  Refinement OPTIONAL
+}
+
+MaxValueCount ::= SEQUENCE {
+  type      AttributeType,
+  maxCount  INTEGER }
+
+RestrictedValue ::= SEQUENCE {
+  type      AttributeType,
+  valuesIn  AttributeType }
+
+UserClasses ::= SEQUENCE {
+  allUsers   [0]  NULL OPTIONAL,
+  thisEntry  [1]  NULL OPTIONAL,
+  name       [2]  SET SIZE (1..MAX) OF NameAndOptionalUID OPTIONAL,
+  userGroup  [3]  SET SIZE (1..MAX) OF NameAndOptionalUID OPTIONAL,
+  -- dn component must be the name of an
+  -- entry of GroupOfUniqueNames 
+  subtree    [4]  SET SIZE (1..MAX) OF SubtreeSpecification OPTIONAL
+}
+
+ItemPermission ::= SEQUENCE {
+  precedence        Precedence OPTIONAL,
+  -- defaults to precedence in ACIItem
+  userClasses       UserClasses,
+  grantsAndDenials  GrantsAndDenials
+}
+
+UserPermission ::= SEQUENCE {
+  precedence        Precedence OPTIONAL,
+  -- defaults to precedence in ACIItem
+  protectedItems    ProtectedItems,
+  grantsAndDenials  GrantsAndDenials
+}
+
+AuthenticationLevel ::= CHOICE {
+  basicLevels
+    SEQUENCE {level           ENUMERATED {none(0), simple(1), strong(2)},
+              localQualifier  INTEGER OPTIONAL,
+              signed          BOOLEAN DEFAULT FALSE},
+  other        EXTERNAL
+}
+
+GrantsAndDenials ::= BIT STRING {
+  -- permissions that may be used in conjunction
+  -- with any component of ProtectedItems 
+  grantAdd(0), denyAdd(1), grantDiscloseOnError(2), denyDiscloseOnError(3),
+  grantRead(4), denyRead(5), grantRemove(6),
+  denyRemove(7),
+  -- permissions that may be used only in conjunction
+  -- with the entry component
+  grantBrowse(8), denyBrowse(9), grantExport(10), denyExport(11),
+  grantImport(12), denyImport(13), grantModify(14), denyModify(15),
+  grantRename(16), denyRename(17), grantReturnDN(18),
+  denyReturnDN(19),
+  -- permissions that may be used in conjunction
+  -- with any component, except entry, of ProtectedItems
+  grantCompare(20), denyCompare(21), grantFilterMatch(22), denyFilterMatch(23),
+  grantInvoke(24), denyInvoke(25)}
+
+AttributeTypeAndValue ::= SEQUENCE {
+  type   ATTRIBUTE.&id({SupportedAttributes}),
+  value  ATTRIBUTE.&Type({SupportedAttributes}{@type})
+}
+
+-- attributes 
+accessControlScheme ATTRIBUTE ::= {
+  WITH SYNTAX             OBJECT IDENTIFIER
+  EQUALITY MATCHING RULE  objectIdentifierMatch
+  SINGLE VALUE            TRUE
+  USAGE                   directoryOperation
+  ID                      id-aca-accessControlScheme
+}
+
+prescriptiveACI ATTRIBUTE ::= {
+  WITH SYNTAX             ACIItem
+  EQUALITY MATCHING RULE  directoryStringFirstComponentMatch
+  USAGE                   directoryOperation
+  ID                      id-aca-prescriptiveACI
+}
+
+entryACI ATTRIBUTE ::= {
+  WITH SYNTAX             ACIItem
+  EQUALITY MATCHING RULE  directoryStringFirstComponentMatch
+  USAGE                   directoryOperation
+  ID                      id-aca-entryACI
+}
+
+subentryACI ATTRIBUTE ::= {
+  WITH SYNTAX             ACIItem
+  EQUALITY MATCHING RULE  directoryStringFirstComponentMatch
+  USAGE                   directoryOperation
+  ID                      id-aca-subentryACI
+}
+
+-- object identifier assignments 
+-- attributes 
+id-aca-accessControlScheme OBJECT IDENTIFIER ::= {id-aca 1}
+id-aca-prescriptiveACI OBJECT IDENTIFIER ::= {id-aca 4}
+id-aca-entryACI OBJECT IDENTIFIER ::= {id-aca 5}
+id-aca-subentryACI OBJECT IDENTIFIER ::= {id-aca 6}
+
+-- access control schemes -
+basicAccessControlScheme OBJECT IDENTIFIER ::= {id-acScheme 1}
+simplifiedAccessControlScheme OBJECT IDENTIFIER ::= {id-acScheme 2}
+rule-based-access-control OBJECT IDENTIFIER ::= {id-acScheme 3}
+rule-and-basic-access-control OBJECT IDENTIFIER ::= {id-acScheme 4}
+rule-and-simple-access-control OBJECT IDENTIFIER ::= {id-acScheme 5}
+
+END -- BasicAccessControl
+

priv/cms/CMS-AES-CCM-and-AES-GCM-2009.asn1

@@ -0,0 +1,97 @@
+CMS-AES-CCM-and-AES-GCM-2009
+      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
+      pkcs-9(9) smime(16) modules(0) id-mod-cms-aes-ccm-gcm-02(44) }
+
+  DEFINITIONS IMPLICIT TAGS ::=
+  BEGIN
+  EXPORTS ALL;
+  IMPORTS
+
+  CONTENT-ENCRYPTION, SMIME-CAPS
+  FROM AlgorithmInformation-2009
+      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+      mechanisms(5) pkix(7) id-mod(0)
+      id-mod-algorithmInformation-02(58)};
+
+  --  Add this algorithm set to include all of the algorithms defined in
+  --      this document
+
+--  ContentEncryptionAlgs CONTENT-ENCRYPTION ::= {
+--     cea-aes128-CCM | cea-aes192-CCM | cea-aes256-CCM |
+--     cea-aes128-GCM | cea-aes192-GCM | cea-aes256-GCM, ... }
+
+  SMimeCaps SMIME-CAPS ::= {
+     cea-aes128-CCM.&smimeCaps |
+     cea-aes192-CCM.&smimeCaps |
+     cea-aes256-CCM.&smimeCaps |
+     cea-aes128-GCM.&smimeCaps |
+     cea-aes192-GCM.&smimeCaps |
+     cea-aes256-GCM.&smimeCaps,
+     ...
+  }
+
+  --  Defining objects
+
+  aes OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840)
+      organization(1) gov(101) csor(3) nistAlgorithms(4) 1 }
+
+  id-aes128-CCM OBJECT IDENTIFIER ::= { aes 7 }
+  id-aes192-CCM OBJECT IDENTIFIER ::= { aes 27 }
+  id-aes256-CCM OBJECT IDENTIFIER ::= { aes 47 }
+
+  id-aes128-GCM OBJECT IDENTIFIER ::= { aes 6 }
+  id-aes192-GCM OBJECT IDENTIFIER ::= { aes 26 }
+  id-aes256-GCM OBJECT IDENTIFIER ::= { aes 46 }
+
+  cea-aes128-CCM CONTENT-ENCRYPTION ::= {
+          IDENTIFIER id-aes128-CCM
+          PARAMS TYPE CCMParameters ARE required
+          SMIME-CAPS { IDENTIFIED BY id-aes128-CCM }
+  }
+
+  cea-aes192-CCM CONTENT-ENCRYPTION ::= {
+          IDENTIFIER id-aes192-CCM
+          PARAMS TYPE CCMParameters ARE required
+          SMIME-CAPS { IDENTIFIED BY id-aes192-CCM }
+  }
+
+  cea-aes256-CCM CONTENT-ENCRYPTION ::= {
+          IDENTIFIER id-aes256-CCM
+          PARAMS TYPE CCMParameters ARE required
+          SMIME-CAPS { IDENTIFIED BY id-aes256-CCM }
+  }
+
+
+  cea-aes128-GCM CONTENT-ENCRYPTION ::= {
+          IDENTIFIER id-aes128-GCM
+          PARAMS TYPE GCMParameters ARE required
+          SMIME-CAPS { IDENTIFIED BY id-aes128-GCM }
+  }
+
+  cea-aes192-GCM CONTENT-ENCRYPTION ::= {
+          IDENTIFIER id-aes128-GCM
+          PARAMS TYPE GCMParameters ARE required
+          SMIME-CAPS { IDENTIFIED BY id-aes192-GCM }
+  }
+
+  cea-aes256-GCM CONTENT-ENCRYPTION ::= {
+          IDENTIFIER id-aes128-GCM
+          PARAMS TYPE GCMParameters ARE required
+          SMIME-CAPS { IDENTIFIED BY id-aes256-GCM }
+  }
+
+  -- Parameters for AlgorithmIdentifier
+
+  CCMParameters ::= SEQUENCE {
+      aes-nonce         OCTET STRING (SIZE(7..13)),
+      aes-ICVlen        AES-CCM-ICVlen DEFAULT 12 }
+
+  AES-CCM-ICVlen ::= INTEGER (4 | 6 | 8 | 10 | 12 | 14 | 16)
+
+  GCMParameters ::= SEQUENCE {
+      aes-nonce        OCTET STRING, -- recommended size is 12 octets
+      aes-ICVlen       AES-GCM-ICVlen DEFAULT 12 }
+
+  AES-GCM-ICVlen ::= INTEGER (12 | 13 | 14 | 15 | 16)
+
+  END

priv/cms/CMSAesRsaesOaep-2009.asn1

@@ -0,0 +1,94 @@
+-- RFC 5911
+
+   CMSAesRsaesOaep-2009 {iso(1) member-body(2) us(840) rsadsi(113549)
+       pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-aes-02(38)}
+   DEFINITIONS IMPLICIT TAGS ::=
+   BEGIN
+   IMPORTS
+
+   CONTENT-ENCRYPTION, KEY-WRAP, SMIME-CAPS
+   FROM AlgorithmInformation-2009
+       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+       mechanisms(5) pkix(7) id-mod(0)
+       id-mod-algorithmInformation-02(58)};
+
+   AES-ContentEncryption CONTENT-ENCRYPTION ::= {
+       cea-aes128-cbc | cea-aes192-cbc | cea-aes256-cbc, ...
+   }
+
+   AES-KeyWrap KEY-WRAP ::= {
+       kwa-aes128-wrap | kwa-aes192-wrap | kwa-aes256-wrap, ...
+   }
+
+   SMimeCaps SMIME-CAPS ::= {
+      cea-aes128-cbc.&smimeCaps |
+      cea-aes192-cbc.&smimeCaps |
+      cea-aes256-cbc.&smimeCaps |
+      kwa-aes128-wrap.&smimeCaps |
+      kwa-aes192-wrap.&smimeCaps |
+      kwa-aes256-wrap.&smimeCaps, ...
+   }
+
+   -- AES information object identifiers --
+
+   aes OBJECT IDENTIFIER ::=
+       { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
+       csor(3) nistAlgorithms(4)  1 }
+
+   -- AES using CBC mode for key sizes of 128, 192, 256
+
+   cea-aes128-cbc CONTENT-ENCRYPTION ::= {
+       IDENTIFIER id-aes128-CBC
+       PARAMS TYPE AES-IV ARE required
+       SMIME-CAPS { IDENTIFIED BY id-aes128-CBC }
+   }
+   id-aes128-CBC OBJECT IDENTIFIER ::= { aes 2 }
+
+   cea-aes192-cbc CONTENT-ENCRYPTION ::= {
+       IDENTIFIER id-aes192-CBC
+       PARAMS TYPE AES-IV ARE required
+       SMIME-CAPS { IDENTIFIED BY id-aes192-CBC }
+   }
+   id-aes192-CBC OBJECT IDENTIFIER ::= { aes 22 }
+
+   cea-aes256-cbc CONTENT-ENCRYPTION ::= {
+       IDENTIFIER id-aes256-CBC
+       PARAMS TYPE AES-IV ARE required
+       SMIME-CAPS { IDENTIFIED BY id-aes256-CBC }
+   }
+   id-aes256-CBC OBJECT IDENTIFIER ::= { aes 42 }
+
+   -- AES-IV is the parameter for all the above object identifiers.
+
+   AES-IV ::= OCTET STRING (SIZE(16))
+
+   -- AES Key Wrap Algorithm Identifiers  - Parameter is absent
+
+   kwa-aes128-wrap KEY-WRAP ::= {
+       IDENTIFIER id-aes128-wrap
+       PARAMS ARE absent
+       SMIME-CAPS { IDENTIFIED BY id-aes128-wrap }
+   }
+   id-aes128-wrap OBJECT IDENTIFIER ::= { aes 5 }
+
+   kwa-aes192-wrap KEY-WRAP ::= {
+       IDENTIFIER id-aes192-wrap
+       PARAMS ARE absent
+       SMIME-CAPS { IDENTIFIED BY id-aes192-wrap }
+   }
+   id-aes192-wrap OBJECT IDENTIFIER ::= { aes 25 }
+
+   kwa-aes256-wrap KEY-WRAP ::= {
+       IDENTIFIER id-aes256-wrap
+       PARAMS ARE absent
+       SMIME-CAPS { IDENTIFIED BY id-aes256-wrap }
+   }
+   id-aes256-wrap OBJECT IDENTIFIER ::= { aes 45 }
+
+   END
+
+
+
+
+
+