draft-ietf-smime-cms-auth-enveloped-03.txt   draft-ietf-smime-cms-auth-enveloped-04.txt 
S/MIME Working Group R. Housley S/MIME Working Group R. Housley
Internet-Draft Vigil Security Internet-Draft Vigil Security
Cryptographic Message Syntax (CMS) Cryptographic Message Syntax (CMS)
Authenticated-Enveloped-Data Content Type Authenticated-Enveloped-Data Content Type
<draft-ietf-smime-cms-auth-enveloped-03.txt> <draft-ietf-smime-cms-auth-enveloped-04.txt>
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other Task Force (IETF), its areas, and its working groups. Note that other
skipping to change at page 5, line 21 skipping to change at page 5, line 21
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) ct(1) 23 } smime(16) ct(1) 23 }
The authenticated-enveloped-data content type MUST have ASN.1 type The authenticated-enveloped-data content type MUST have ASN.1 type
AuthEnvelopedData: AuthEnvelopedData:
AuthEnvelopedData ::= SEQUENCE { AuthEnvelopedData ::= SEQUENCE {
version CMSVersion, version CMSVersion,
originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL, originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
recipientInfos RecipientInfos, recipientInfos RecipientInfos,
authAttrs [1] IMPLICIT AuthAttributes OPTIONAL,
authEncryptedContentInfo EncryptedContentInfo, authEncryptedContentInfo EncryptedContentInfo,
authAttrs [1] IMPLICIT AuthAttributes OPTIONAL,
mac MessageAuthenticationCode, mac MessageAuthenticationCode,
unauthAttrs [2] IMPLICIT UnauthAttributes OPTIONAL } unauthAttrs [2] IMPLICIT UnauthAttributes OPTIONAL }
The fields of type AuthEnvelopedData have the following meanings: The fields of type AuthEnvelopedData have the following meanings:
version is the syntax version number. It MUST be set to 0. version is the syntax version number. It MUST be set to 0.
originatorInfo optionally provides information about the originatorInfo optionally provides information about the
originator. It is present only if required by the key originator. It is present only if required by the key
management algorithm. It may contain certificates and CRLs, management algorithm. It may contain certificates and CRLs,
and the OriginatorInfo type is defined in Section 6.1 of [CMS]. and the OriginatorInfo type is defined in Section 6.1 of [CMS].
recipientInfos is a collection of per-recipient information. recipientInfos is a collection of per-recipient information.
There MUST be at least one element in the collection. The There MUST be at least one element in the collection. The
RecipientInfo type is defined in Section 6.2 of [CMS]. RecipientInfo type is defined in Section 6.2 of [CMS].
authEncryptedContentInfo is the authenticated and encrypted
content. The CMS enveloped-data content type uses the same
type to carry the encrypted content. The EncryptedContentInfo
type is defined in Section 6.1 of [CMS].
authAttrs optionally contains the authenticated attributes. The authAttrs optionally contains the authenticated attributes. The
CMS authenticated-data content type uses the same type to carry CMS authenticated-data content type uses the same type to carry
authenticated attributes. The authAttrs MUST be present if the authenticated attributes. The authAttrs MUST be present if the
content type carried in EncryptedContentInfo is not id-data. content type carried in EncryptedContentInfo is not id-data.
AuthAttributes MUST be DER encoded, even if the rest of the AuthAttributes MUST be DER encoded, even if the rest of the
AuthEnvelopedData structure is BER encoded. The AuthAttributes AuthEnvelopedData structure is BER encoded. The AuthAttributes
type is defined in Section 9.1 of [CMS]; however, in this case, type is defined in Section 9.1 of [CMS]; however, in this case,
the message-digest attribute SHOULD NOT be included. Useful the message-digest attribute SHOULD NOT be included. Useful
attribute types are defined in Section 11 of [CMS]. attribute types are defined in Section 11 of [CMS].
Note: Similar to AuthenticatedData, the DER encoded
AuthAttributes are carried in the AuthEnvelopedData structure
and used in the computation of the MAC. This is different than
SignedData, where slightly different encodings of the signed
attributes are used in the SigendData structure and the
computation of the digest value.
authEncryptedContentInfo is the authenticated and encrypted
content. The CMS enveloped-data content type uses the same
type to carry the encrypted content. The EncryptedContentInfo
type is defined in Section 6.1 of [CMS].
mac is the integrity check value (ICV) or message authentication mac is the integrity check value (ICV) or message authentication
code (MAC) that is generated by the authenticated encryption code (MAC) that is generated by the authenticated encryption
algorithm. The CMS authenticated-data content type uses the algorithm. The CMS authenticated-data content type uses the
same type to carry a MAC. In this case, the MAC covers the same type to carry a MAC. In this case, the MAC covers the
authenticated attributes and the content directly, and a digest authenticated attributes and the content directly, and a digest
algorithm is not used. The MessageAuthenticationCode type is algorithm is not used. The MessageAuthenticationCode type is
defined in Section 9.1 of [CMS]. defined in Section 9.1 of [CMS].
unauthAttrs optionally contains the unauthenticated attributes. unauthAttrs optionally contains the unauthenticated attributes.
The CMS authenticated-data content type uses the same type to The CMS authenticated-data content type uses the same type to
skipping to change at page 6, line 34 skipping to change at page 6, line 27
defined in Section 11 of [CMS]. defined in Section 11 of [CMS].
2.2. Authentication and Encryption Process 2.2. Authentication and Encryption Process
The content-authenticated-encryption key for the desired content- The content-authenticated-encryption key for the desired content-
authenticated-encryption algorithm is randomly generated. authenticated-encryption algorithm is randomly generated.
If the authenticated encryption algorithm requires the content to be If the authenticated encryption algorithm requires the content to be
padded to a multiple of some block size, then the padding MUST be padded to a multiple of some block size, then the padding MUST be
added as described in Section 6.3 of [CMS]. This padding method is added as described in Section 6.3 of [CMS]. This padding method is
well defined if and only if the number of octets in the block size is well defined if and only if the block size is less than 256 octets.
less than 256.
If optional authenticated attributes are present, then they are DER If optional authenticated attributes are present, then they are DER
encoded. The result will be used as the authenticated associated encoded. A separate encoding of the authAttrs field is performed to
data (AAD) input to the authenticated encryption algorithm. If the construct the authenticated associated data (AAD) input to the
authenticated encryption algorithm requires the AAD to be padded to a authenticated encryption algorithm. The IMPLICIT [1] tag in the
multiple of some block size, then the padding MUST be added as authAttrs field is not used for the DER encoding, rather an EXPLICIT
described in Section 6.3 of [CMS]. This padding method is well SET OF tag is used. That is, the DER encoding of the SET OF tag,
defined if and only if number of octets in the block size is less rather than of the IMPLICIT [1] tag, is to be included in the
than 256. construction of the AAD along with the length and content octets of
the authAttrs value. If the authenticated encryption algorithm
requires the AAD to be padded to a multiple of some block size, then
the padding MUST be added as described in Section 6.3 of [CMS]. This
padding method is well defined if and only if block size is less than
256 octets.
The inputs to the authenticated encryption algorithm are the content The inputs to the authenticated encryption algorithm are the content
(the data, which is padded if necessary), the DER-encoded (the data, which is padded if necessary), the DER-encoded
authenticated attributes (the AAD, which is padded if necessary), and authenticated attributes (the AAD, which is padded if necessary), and
the content-authenticated-encryption key. Under control of a the content-authenticated-encryption key. Under control of a
content-authenticated-encryption key, the authenticated encryption content-authenticated-encryption key, the authenticated encryption
operation maps an arbitrary string of octets (the data) to another operation maps an arbitrary string of octets (the data) to another
string of octets (the ciphertext) and it computes an authentication string of octets (the ciphertext) and it computes an authentication
tag over the AAD and the data. The encrypted data is included in the tag over the AAD and the data. The encrypted data is included in the
AuthEnvelopedData authEncryptedContentInfo encryptedContent as an AuthEnvelopedData authEncryptedContentInfo encryptedContent as an
skipping to change at page 9, line 38 skipping to change at page 9, line 38
cms-2004(24) } ; cms-2004(24) } ;
id-ct-authEnvelopedData OBJECT IDENTIFIER ::= { iso(1) id-ct-authEnvelopedData OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
smime(16) ct(1) 23 } smime(16) ct(1) 23 }
AuthEnvelopedData ::= SEQUENCE { AuthEnvelopedData ::= SEQUENCE {
version CMSVersion, version CMSVersion,
originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL, originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
recipientInfos RecipientInfos, recipientInfos RecipientInfos,
authAttrs [1] IMPLICIT AuthAttributes OPTIONAL,
authEncryptedContentInfo EncryptedContentInfo, authEncryptedContentInfo EncryptedContentInfo,
authAttrs [1] IMPLICIT AuthAttributes OPTIONAL,
mac MessageAuthenticationCode, mac MessageAuthenticationCode,
unauthAttrs [2] IMPLICIT UnauthAttributes OPTIONAL } unauthAttrs [2] IMPLICIT UnauthAttributes OPTIONAL }
END -- of CMS-AuthEnvelopedData-2007 END -- of CMS-AuthEnvelopedData-2007
6. References 6. References
6.1. Normative References 6.1. Normative References
[CMS] Housley, R., "Cryptographic Message Syntax", [CMS] Housley, R., "Cryptographic Message Syntax",
 End of changes. 9 change blocks. 
24 lines changed or deleted 21 lines changed or added

This html diff was produced by rfcdiff 1.33. The latest version is available from http://tools.ietf.org/tools/rfcdiff/