Network Working Group                                         P. Hoffman
Internet-Draft                                            VPN Consortium
Updates: 3370, 3565, 3851, 3852,                               J. Schaad
4108, 4998, 5035, 5083, 5084                     Soaring Hawk Consulting
(if approved)                                          December 21, 2007
Expires: June 23,                                              July 10, 2008
Intended status: Standards Track
Expires: January 11, 2009

                  New ASN.1 Modules for CMS and S/MIME
                    draft-ietf-smime-new-asn1-00.txt
                    draft-ietf-smime-new-asn1-01.txt

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on June 23, 2008. January 11, 2009.

Copyright Notice

   Copyright (C) The IETF Trust (2007). (2008).

Abstract

   The Cryptographic Message Syntax (CMS) format, and many associated
   formats, are expressed using ASN.1.  The current ASN.1 modules
   conform to the 1988 version of ASN.1.  This document updates those
   ASN.1 modules to conform to the 2002 version of ASN.1.  There are no
   bits-on-the-wire changes to any of the formats; this is simply a
   change to the syntax.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
     1.1.  Issues . . . . . . . . . . . . . . . . . . . . . . . . . .  3  4
       1.1.1.  More Modules To Be Added . . . . . . . . . . . . . . .  3  4
       1.1.2.  Algorithm Structure  . . . . . . . . . . . . . . . . .  4
       1.1.3.  Module OIDs Changing . . . . . . . . . . . . . . . . .  4
   2.  ASN.1 Module AlgorithmInformation  . . . . . . . . . . . . . .  4
   3.  ASN.1 Module for RFC 3370  . . . . . . . . . . . . . . . . . .  4
   3. 12
   4.  ASN.1 Module for RFC 3565  . . . . . . . . . . . . . . . . . .  9
   4. 19
   5.  ASN.1 Module for RFC 3851  . . . . . . . . . . . . . . . . . .  9
   5. 19
   6.  ASN.1 Module for RFC 3852  . . . . . . . . . . . . . . . . . . 12
   6. 22
   7.  ASN.1 Module for RFC 4108  . . . . . . . . . . . . . . . . . . 21
   7. 32
   8.  ASN.1 Module for RFC 4998  . . . . . . . . . . . . . . . . . . 27
   8. 37
   9.  ASN.1 Module for RFC 5035  . . . . . . . . . . . . . . . . . . 29
   9. 39
   10. ASN.1 Module for RFC 5083  . . . . . . . . . . . . . . . . . . 35
   10. 45
   11. ASN.1 Module for RFC 5084  . . . . . . . . . . . . . . . . . . 36
   11. 46
   12. ASN.1 Module for RFC 5275  . . . . . . . . . . . . . . . . . . 46
   13. Security Considerations  . . . . . . . . . . . . . . . . . . . 36
   12. 53
   14. Normative References . . . . . . . . . . . . . . . . . . . . . 37 53
   Appendix A.  Change History  . . . . . . . . . . . . . . . . . . . 37 54
     A.1.  Changes between draft-hoffman-cms-new-asn1-00 and
           draft-ietf-smime-new-asn1-00 . . . . . . . . . . . . . . . 38 55
     A.2.  Changes between draft-ietf-smime-new-asn1-00 and -01 . . . 55
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 38 55
   Intellectual Property and Copyright Statements . . . . . . . . . . 39 56

1.  Introduction

   Some developers would like the IETF to use the latest version of
   ASN.1 in its standards.  Most of the RFCs that relate to security
   protocols still use ASN.1 from the 1988 standard, which has been
   deprecated.  This is particularly true for the standards that relate
   to PKIX, CMS, and S/MIME.

   This document updates the following RFCs to use ASN.1 modules that
   conform to the 2002 version of ASN.1 [ASN1-2002].  Note that not all
   the modules are updated; some are included to simply make the set
   compete.
   complete.

   o  RFC 3370, CMS Algorithms [RFC3370]

   o  RFC 3565, Use of AES in CMS [RFC3565]

   o  RFC 3851, S/MIME Version 3.1 Message Specification [RFC3851]

   o  RFC 3852, CMS main [RFC3852]

   o  RFC 4108, Using CMS to Protect Firmware Packages [RFC4108]

   o  RFC 4998, Evidence Record Syntax (ERS) [RFC4998]

   o  RFC 5035, Enhanced Security Services (ESS) [RFC5035]

   o  RFC 5083, CMS Authenticated-Enveloped-Data Content Type [RFC5083]

   o  RFC 5084, Using AES-CCM and AES-GCM Authenticated Encryption in
      CMS [RFC5084]

   o  RFC 5275, CMS Symmetric Key Management and Distribution [RFC5275]

   Note that some of the modules in this document get some of their
   definitions from places different than the modules in the original
   RFCs.  The idea is that these modules, when combined with the modules
   in [NEW-PKIX] can stand on their own and do not need to import
   definitions from anywhere else.

   The document also includes a module of common defintions called
   "AlgorithmInformation".  These definitions are used here and in
   [NEW-PKIX].

   Note that some of the modules here import definitions from the common
   definitions module, "PKIX-
   CommonTypes", "PKIX-CommonTypes", in [NEW-PKIX].

1.1.  Issues

   This section will be removed before final publication.

1.1.1.  More Modules To Be Added

   There are many modules from standards-track RFCs that are not listed
   in this document or the companion document on PKIX.  We will discuss
   with the two communities which modules are appropriate for the two
   documents.  We will also consider making "super-modules", individual
   modules which might update multiple RFCs at one time.  We may also
   add objects to some of the modules.

1.1.2.  Algorithm Structure

   Algorithms are currently not defined here.  We need to discuss what
   structure we want for algorithm objects.  Currently, we just do
   "parameter, OID", but we could add more.  Because we don't know what
   the final structure is, the object sets in the various modules are
   commented out.  We will fix this before finishing this project.

1.1.3.  Module OIDs Changing

   The OIDs given in the modules in this version of the document are the
   same as the OIDs from the original modules, even though some of the
   modules have changed syntax.  That is clearly incorrect.  In a later
   version of this document, we will change the OIDs for every changed
   module.

2.  ASN.1 Module for RFC 3370

  CryptographicMessageSyntaxAlgorithms
      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
      smime(16) modules(0) cmsalg-2001(16) }
  DEFINITIONS IMPLICIT TAGS ::=
  BEGIN

  IMPORTS

  ALGORITHM
  FROM PKIX-CommonTypes AlgorithmInformation

   This section contains a module that is imported by many other modules
   in this document and in [NEW-PKIX].  This module does not come from
   any existing RFC.

   AlgorithmInformation
       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
       mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon(43) }; id-mod-algorithInformation(99)}

   DEFINITIONS ::=
   BEGIN

   EXPORTS ALL;
   IMPORTS ;

   --  Suggested prefixes for algorithm objects are:
   --
   --  mda-   Message Digest Algorithms
   --  sa-    Signature Algorithms
   --  kta-   Key Transport Algorithms (Asymetric)
   --  kaa-   Key Agreement Algorithms  (Asymetric)
   --  kwa-   Key Wrap Algorithms (Symetric)
   --  kda-   Key Derivation Algorithms
   --  maca-  Message Authentication Code Algorithms
   --  pk-    Public Key
   --  sea-   Symmetric Encryption Algorithm Identifiers

  sha-1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
     oiw(14) secsig(3) algorithm(2) 26 }

  md5 OBJECT IDENTIFIER

   ParamOptions ::= ENUMERATED { iso(1) member-body(2) us(840)
     rsadsi(113549) digestAlgorithm(2) 5
       required,        -- Parameters MUST be encoded in structure
       preferedPresent, -- Parameters SHOULD be encoded in structure
       preferedAbsent,  -- Parameters SHOULD NOT be encoded in structure
       absent,          -- Parameters MUST NOT be encoded in structure
       notPresent,
       inheritable      -- Parameters are inheritied if not present
   }

  id-dsa OBJECT IDENTIFIER ::=  { iso(1) member-body(2) us(840)
     x9-57(10040) x9cm(4) 1 }
  id-dsa-with-sha1 OBJECT IDENTIFIER

   --  DIGEST-ALGORITHM
   --
   --  Describes the basic information for ASN.1 and a digest
   --      algorithm.
   --
   --  &id - contains the OID identifying the digest algorithm
   --  &Params - contains the type for the algoithm parameters,
   --               if present; absent implies no paameters
   --  &paramPresence - parameter presence requirement
   --
   --  Additional information such as the length of the hash could also
   --      be encoded.
   --
   --  Example:
   --  sha1 DIGEST-ALGORITHM ::= { iso(1) member-body(2)
     us(840) x9-57(10040) x9cm(4) 3 }

  rsaEncryption OBJECT
   --      IDENTIFIER ::= { iso(1) member-body(2)
     us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 1 id-sha1
   --      PARAM NULL
   --      PARMS ARE preferedAbsent
   --  }

  md5WithRSAEncryption OBJECT IDENTIFIER

   DIGEST-ALGORITHM ::= CLASS { iso(1)
     member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 4 }

  sha1WithRSAEncryption
       &id                 OBJECT IDENTIFIER ::= { iso(1)
     member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 5 IDENTIFIER,
       &Params             OPTIONAL,
       &paramPresence      ParamOptions DEFAULT required
   }

  dh-public-number OBJECT IDENTIFIER ::= WITH SYNTAX { iso(1) member-body(2)
     us(840) ansi-x942(10046) number-type(2) 1 }

  id-alg-ESDH OBJECT
       IDENTIFIER ::= { iso(1) member-body(2) us(840)
     rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 5 &id
       [PARAMS [&Params] [ARE &paramPresence] ]
   }

  id-alg-SSDH OBJECT IDENTIFIER
   --  SIGNATURE-ALGORITHM
   --
   --  Describes the basic properities of a signature algorithm
   --
   --  &id - contains the OID identifying the signature algoithm
   --  &Params - contains the type for the algoithm parameters,
   --               if present; absent implies no paameters
   --  &paramPresence - parameter presence requirement
   --  &HashSet - The set of hash algorithms used with this
   --                  signature algoirthm
   --  &PublicKeySet - the set of public key algorithms for this
   --                  signature algorithm
   --  Example:
   --  sig-RSA-PSS SIGNATURE-ALGORITHM ::= { iso(1) member-body(2) us(840)
     rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 10 }

  id-alg-CMS3DESwrap OBJECT
   --     IDENTIFIER ::= { iso(1) member-body(2)
     us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 6 id-RSASSA-PSS
   --      PARAMS RSASSA-PSS-params
   --      ARE required
   --      HASH SET {sha1 | md5, ... }

  id-alg-CMSRC2wrap OBJECT IDENTIFIER ::=
   --      PUBLIC KEY SET { iso(1) member-body(2)
     us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 7 pk-rsa | pk-rsa-pss }

  des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2)
     us(840) rsadsi(113549) encryptionAlgorithm(3) 7
   -- }

  rc2-cbc OBJECT IDENTIFIER

   SIGNATURE-ALGORITHM ::= CLASS { iso(1) member-body(2) us(840)
     rsadsi(113549) encryptionAlgorithm(3) 2 }

  hMAC-SHA1
       &id             OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
     dod(6) internet(1) security(5) mechanisms(5) 8 1 2 IDENTIFIER,
       &Params         OPTIONAL,
       &Value          OPTIONAL,
       &paramPresence  ParamOptions DEFAULT required,
       &HashSet        DIGEST-ALGORITHM OPTIONAL,
       &PublicKeySet   PUBLIC-KEY OPTIONAL
   }

  id-PBKDF2 OBJECT IDENTIFIER ::= WITH SYNTAX { iso(1) member-body(2) us(840)
     rsadsi(113549) pkcs(1) pkcs-5(5) 12
       IDENTIFIER &id
       [VALUE &Value]
       [PARAMS [&Params] ARE &paramPresence ]
       [USES &HashSet]
       [PUBKEYS &PublicKeySet]
   }

   -- Public Key Types

  Dss-Pub-Key ::= INTEGER  PUBLIC-KEY
   -- Y

  RSAPublicKey ::= SEQUENCE {
      modulus INTEGER,
   -- n
      publicExponent INTEGER }  Describes the basic properities of a public key
   -- e

  DHPublicKey ::= INTEGER
   -- y = g^x mod p  &id - contains the OID identifying the public key
   -- Signature Value Types

  Dss-Sig-Value ::= SEQUENCE {
      r INTEGER,
      s INTEGER }  &Params - contains the type for the algoithm parameters,
   -- Algorithm Identifier Parameter Types

  Dss-Parms ::= SEQUENCE {
      p INTEGER,
      q INTEGER,
      g INTEGER }

  DHDomainParameters               if present; absent implies no paameters
   --  &paramPresence - parameter presence requirement
   --  &KeyValue - contains the type for the key value
   --
   --  Could add information about the keyUsage bits
   --
   --  Example:
   --  pk-rsa-pss PUBLIC-KEY ::= SEQUENCE {
      p INTEGER,
   -- odd prime, p=jq +1
      g INTEGER,      IDENTIFIER id-RSASSA-PSS
   -- generator, g
      q INTEGER,      KEY RSAPublicKey
   -- factor of p-1
      j INTEGER OPTIONAL,      HAS PARAMS RSASSA-PSS-params
   --      PARAMS ARE optional
   -- subgroup factor
      validationParms ValidationParms OPTIONAL  }

  ValidationParms

   PUBLIC-KEY ::= SEQUENCE CLASS {
      seed BIT STRING,
      pgenCounter INTEGER
       &id             OBJECT IDENTIFIER,
       &Params         OPTIONAL,
       &paramPresence  ParamOptions DEFAULT required,
       &KeyValue,
       &PrivateKey     OPTIONAL
   }

  KeyWrapAlgorithm ::=
      AlgorithmIdentifier {{SupportedKeyWrapAlgorithms}}

  SupportedKeyWrapAlgorithms ALGORITHM ::= WITH SYNTAX { ...
       IDENTIFIER &id
       KEY &KeyValue
       [PARAMS [&Params] ARE &paramPresence]
       [PRIVATE KEY &PrivateKey]
   }

  RC2wrapParameter ::= RC2ParameterVersion

  RC2ParameterVersion ::= INTEGER

  CBCParameter ::= IV

  IV ::= OCTET STRING

   -- exactly 8 octets

  RC2CBCParameter ::= SEQUENCE {
      rc2ParameterVersion INTEGER (1..256),
      iv OCTET STRING  }  KEY-TRANSPORT
   -- exactly 8 octets

  algid-hMAC-SHA1 ALGORITHM ::= { OID hMAC-SHA1 PARAMS NULL  }
   -- Another way to do  Describes the following would be: basic properities of a key transport algorithm
   -- alg-hMAC-SHA1 AlgorithmIdentifier{{PBKDF2-PRFs}} ::=
   --  { algorithm hMAC-SHA1, parameters NULL:NULL }

  PBKDF2-PRFsAlgorithmIdentifier ::= AlgorithmIdentifier{{PBKDF2-PRFs}}
  alg-hMAC-SHA1 PBKDF2-PRFsAlgorithmIdentifier ::=
      {  &id - contains the OID identifying the key transport algorithm hMAC-SHA1, parameters NULL:NULL }

  PBKDF2-SaltSources ALGORITHM ::= { ... }

  PBKDF2-PRFs ALGORITHM ::= { algid-hMAC-SHA1, ... }

  PBKDF2-SaltSourcesAlgorithmIdentifier ::=
      AlgorithmIdentifier {{PBKDF2-SaltSources}}

  PBKDF2-params
   --  &Params - contains the type for the algoithm parameters,
   --               if present; absent implies no paameters
   --  &paramPresence - parameter presence requirement
   --  &PublicKeySet - specify which public keys are used with
   --                       this algorithm
   --
   --  Example:
   --  rsaTransport KEY-TRANSPORT ::= SEQUENCE {
      salt CHOICE
   --      &id rsaEncryption
   --      &Params NULL
   --      &paramPresence required
   --      &PublicKeySet {
          specified OCTET STRING,
          otherSource PBKDF2-SaltSourcesAlgorithmIdentifier },
      iterationCount INTEGER (1..MAX),
      keyLength INTEGER (1..MAX) OPTIONAL,
      prf PBKDF2-PRFsAlgorithmIdentifier DEFAULT
              alg-hMAC-SHA1 pk-rsa | pk-rsa-pss }

  AlgorithmIdentifier { ALGORITHM:InfoObjectSet
   --  }

   KEY-TRANSPORT ::= SEQUENCE CLASS {
      algorithm ALGORITHM.&id({InfoObjectSet}),
      parameters ALGORITHM.&Type({InfoObjectSet}{@algorithm})
       &id OBJECT IDENTIFIER UNIQUE,
       &Params,
       &paramPresnce   ParamOptions,
       &PublicKeySet   PUBLIC-KEY OPTIONAL
   }

  MessageDigestAlgorithms ALGORITHM

   --  KEY-AGREE
   --
   --  Describes the basic properities of a key agreement algorithm
   --
   --  &id - contains the OID identifying the key transport algorithm
   --  &Params - contains the type for the algoithm parameters,
   --               if present; absent implies no paameters
   --  &paramPresence - parameter presence requirement
   --  &Ukm - type of user keying material used
   --  &PublicKeySet - specify which public keys are used with
   --                        this algorithm
   --
   --  Additional items could be a restricted set of key wrap algoithms
   --
   --  Example:
   --  dh-static-ephemerial KEY-TRANSPORT ::= {
          alg-sha1-null,... }

  alg-sha1-null ALGORITHM ::=
   --      &id id-alg-ESDH
   --      &Params KeyWrapAlgorithm
   --      &paramPresence required
   --      - - user key material is not ASN.1 encoded.
   --      &PublicKeySet { OID sha-1
   --         {IDENTIFIER dh-public-number KEY DHPublicKey
   --            HASH PARAMS NULL DHDomainParamters PARAMS ARE inheritable }
  alg-sha1-noNull ALGORITHM ::= { OID sha-1
   --      }
  alg-md5 ALGORITHM ::= { OID md5 PARAMS NULL
   --  }
  alg-md5-noNull ALGORITHM

   KEY-AGREE ::= CLASS { OID md5
       &id            OBJECT IDENTIFIER UNIQUE,
       &Params         OPTIONAL,
       &paramPresence  ParamOptions DEFAULT required,
       &Ukm            OPTIONAL,
       &PublicKeySet   PUBLIC-KEY OPTIONAL
   }

  SignatureAlgorithms ALGORITHM ::= WITH SYNTAX { ...
       IDENTIFIER &id
       [PARAMS [&Params] ARE &paramPresence]
       [PUBLIC KEY &PublicKeySet]
       [UKM &Ukm]
   }

  param-dsa ALGORITHM ::= {

   --  KEY-WRAP
   --
   --  Describes the basic properities of a key wrap algorithm
   --
   --  &id - contains the OID id-dsa PARAMS Dss-Parms }
  pubkey-dsa ALGORITHM identifying the key transport algorithm
   --  &Params - contains the type for the algoithm parameters,
   --               if present; absent implies no paameters
   --  &paramPresence - parameter presence requirement
   --
   --  Example:

   --  cms3DESwrap KEY-WRAP ::= { OID id-dsa PARAMS Dss-Pub-Key }
   -- sig-dsa-with-sha1 ALGORITHM      &id id-alg-CMS3DESwrap
   --      &Params NULL
   --      &paramPresence required
   --  }

   KEY-WRAP ::= CLASS { OID id-dsa-with-sha1
       &id                OBJECT IDENTIFIER UNIQUE,
       &Params             OPTIONAL,
       &paramPresence      ParamOptions DEFAULT required
   }
  sigVal-dsa-with-sha1 ALGORITHM ::= WITH SYNTAX { OID id-dsa-with-sha1
                                         PARAMS Dss-Sig-Value
       IDENTIFIER &id
       [PARAMS [&Params] ARE &paramPresence]
   }

  param-rsa ALGORITHM ::= {

   --  KEY-DERIVATION
   --
   --  Describes the basic properities of a key transport algorithm
   --
   --  &id - contains the OID rsaEncryption PARAMS NULL}
  pubkey-rsa ALGORITHM identifying the key transport algorithm
   --  &Params - contains the type for the algoithm parameters,
   --               if present; absent implies no paameters
   --  &paramPresence - parameter presence requirement
   --
   --  Could add information about defaults for the derivation algorithm
   --      such as PRFs
   --
   --  Example:
   --  pbkdf2 KEY-DERIVATION ::= { OID rsaEncryption PARAMS RSAPublicKey
   --      &id id-PBKF2
   --      &Params PBKDF2-params
   --      &paramPresence required
   --  }

  sig-rsa ALGORITHM ::= { OID rsaEncryption PARAMS NULL}
  sig-rsa-sha1 ALGORITHM

   KEY-DERIVATION ::= CLASS { OID sha1WithRSAEncryption PARAMS NULL}
  sig-rsa-md5 ALGORITHM ::=
       &id                OBJECT IDENTIFIER UNIQUE,
       &Params             OPTIONAL,
       &paramPresence      ParamOptions DEFAULT required
   } WITH SYNTAX { OID md5WithRSAEncryption
        IDENTIFIER &id
        PARAMS NULL} [&Params] ARE &paramPresence
   }

   -- No ASN.1 encoding is applied to  BULK-ENCRYPTION
   --
   --  Describes the signature value basic properities of a bulk encryption algorithm
   --
   --  &id - contains the OID identifying the key transport algorithm
   --  &Params - contains the type for these items
  KeyAgreementAlgorithms ALGORITHM ::= {...} the algoithm parameters,
   -- pubkey-dh ALGORITHM               if present; absent implies no paameters
   --  &paramPresence - parameter presence requirement
   --
   --  Example:
   --  aes128 BULK-ENCRYPTION ::= { ABSENT OID dh-public-number
   --      &id id-aes128-CBC
   --      &Params AES-IV
   --      &paramPresence required
   --  }

  kea-esdh ALGORITHM

   BULK-ENCRYPTION ::= CLASS { OID id-alg-ESDH PARAMS KeyWrapAlgorithm
       &id    OBJECT IDENTIFIER UNIQUE,
       &Params,
       &paramPresence      ParamOptions DEFAULT required
   }
  kea-ssdh ALGORITHM ::= WITH SYNTAX {
       OID id-alg-SSDH &id
       PARAMS KeyWrapAlgorithm }

  KeyTransportAlgorithms ALGORITHM ::= {...}

  SymmetricKeyEncryptionAlgorthms ALGORITHM ::=
      { alg-3DESWrap | alg-RC2Wrap &Params [ARE &paramPresence]
   }

  alg-3DESWrap ALGORITHM

   -- MAC-ALGORITHM
   --
   --  Describes the basic properities of a key transport algorithm
   --
   --  &id - contains the OID identifying the key transport algorithm
   --  &Params - contains the type for the algoithm parameters,
   --               if present; absent implies no paameters
   --  &paramPresence - parameter presence requirement
   --
   --  It would make sense to also add minimum and maximum MAC lengths
   --
   --  Example:
   --  hmac-sha1 MAC-ALGORITHM ::= { OID id-alg-CMS3DESwrap PARAMS
   --      &id hMAC-SHA1
   --      &Params NULL
   --      &paramPresence perferedAbsent
   --  }
  alg-RC2Wrap ALGORITHM

   MAC-ALGORITHM ::= CLASS { OID id-alg-CMSRC2wrap
                                PARAMS RC2wrapParameter
       &id    OBJECT IDENTIFIER UNIQUE,
       &Params             OPTIONAL,
       &paramPresence      ParamOptions DEFAULT required
   }

  KeyDerivationAlgorithms ALGORITHM ::= {alg-PBKDF2}

  alg-PBKDF2 ALGORITHM ::= WITH SYNTAX {
       OID id-PBKDF2 PARAMS PBKDF2-params &id
       [PARAMS [&Params] [ARE &paramPresence]]
   }

  ContentEncryptionAlgorthms ALGORITHM ::= {...}

  END

3.  ASN.1 Module

   --  CONTENT-ENCRYPTION
   --
   --  Describes the basic properities of a symetric encryption
   --      algorithm
   --
   --  &id - contains the OID identifying the key transport algorithm
   --  &Params - contains the type for RFC 3565

   CMSAesRsaesOaep {iso(1) member-body(2) us(840) rsadsi(113549)
       pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-aes(19) }
   DEFINITIONS IMPLICIT TAGS ::=
   BEGIN the algoithm parameters,
   -- AES information object identifiers               if present; absent implies no paameters
   --

   aes OBJECT IDENTIFIER  &paramPresence - parameter presence requirement
   --
   --  Example:
   --  cms3DESwrap KEY-WRAP ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
       csor(3) nistAlgorithms(4)  1 }
   -- AES using CBC-chaining mode for key sizes of 128, 192, 256

   id-aes128-CBC OBJECT IDENTIFIER      &id id-alg-CMS3DESwrap
   --      &Params NULL
   --      &paramPresence required
   --  }

   CONTENT-ENCRYPTION ::= CLASS { aes 2 }
   id-aes192-CBC
       &id                OBJECT IDENTIFIER ::= { aes 22 UNIQUE,
       &Params             OPTIONAL,
       &paramPresence      ParamOptions DEFAULT required
   }
   id-aes256-CBC OBJECT WITH SYNTAX {
       IDENTIFIER &id
       [PARAMS [&Params] ARE &paramPresence]
   }

   AlgorithmIdentifier{ALGORITHM-TYPE, ALGORITHM-TYPE:AlgorithmSet} ::=
   SEQUENCE { aes 42
       algorithm   ALGORITHM-TYPE.&id({AlgorithmSet}),
       parameters  ALGORITHM-TYPE.
              &Params({AlgorithmSet}{@algorithm}) OPTIONAL
   }

   -- AES-IV is ALGORITHM
   --
   -- Describes a generic algorithm identifier
   --
   --  &id - contains the parameter for all OID identifying the above object identifiers.

   AES-IV ::= OCTET STRING (SIZE(16)) key transport algorithm
   -- AES Key Wrap Algorithm Identifiers  &Params - Parameter is contains the type for the algoithm parameters,
   --               if present; absent

   id-aes128-wrap OBJECT IDENTIFIER implies no paameters
   --
   --  This would be used for cases where an unknown algorithm is
   --  used.  One should consider using TYPE-IDENTIFIER in these cases.

   ALGORITHM ::= CLASS { aes 5 }
   id-aes192-wrap
       &id OBJECT   IDENTIFIER ::= { aes 25 UNIQUE,
       &Params      OPTIONAL
   }
   id-aes256-wrap OBJECT IDENTIFIER ::= WITH SYNTAX { aes 45
       IDENTIFIER &id [PARAMS &Params]
   }

   END

4.

3.  ASN.1 Module for RFC 3851

  SecureMimeMessageV3dot1 3370

  CryptographicMessageSyntaxAlgorithms
      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
      smime(16) modules(0) msg-v3dot1(21) cmsalg-2001(16) }
  DEFINITIONS IMPLICIT TAGS ::=
  BEGIN

  IMPORTS

  SubjectKeyIdentifier, IssuerAndSerialNumber, RecipientKeyIdentifier,
  CMS-ATTRIBUTE

  ParamOptions, DIGEST-ALGORITHM, SIGNATURE-ALGORITHM,
     PUBLIC-KEY, KEY-DERIVATION, KEY-WRAP, MAC-ALGORITHM,
     KEY-AGREE, KEY-TRANSPORT, CONTENT-ENCRYPTION, ALGORITHM,
     AlgorithmIdentifier
  FROM CryptographicMessageSyntax2004
      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
      smime(16) modules(0) cms-2004(24) }

  rc2-cbc
  FROM CryptographicMessageSyntaxAlgorithms
      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
      smime(16) modules(0) cmsalg-2001(16) };

  SMimeAttributeSet CMS-ATTRIBUTE ::=
      { attr-smimeCapabilities | attr-encrypKeyPref AlgorithmInformation
      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
      mechanisms(5) pkix(7) id-mod(0) id-mod-algorithInformation(99)}

  --FROM PKIX-CommonTypes
  --    {iso(1) identified-organization(3) dod(6) internet(1)
  --    security(5) mechanisms(5) pkix(7) id-mod(0)
  --    id-mod-pkixCommon(43) }
      ;

  --  id-aa
  --  Create the object sets for each of the different type of signature
  --  algorithms defined by this module.
  --
  --  Philosophy:  Sean Turner raised the question about wheither theses
  --  object sets should be defined as being extensible.  My response is
  --  as follows:
  --
  --  If the arc with all working group believes that this document would be updated
  --    in the future for the definition of new authenticated and unauthenticated algorithms, or that
  --  attributes produced    this document would be updated to reference (and thus include)
  --    new algorithms defined in other documents, then these object
  --    sets need to be marked as extensible.
  --  If the working group believes that new algorithms will be defined
  --     by S/MIME Working Group

  id-aa OBJECT IDENTIFIER the creation of new documents, then these object sets do not
  --     need to be extensible.
  --  In either case, documents that are referencing these objects sets
  --     should probably be marked as being extensible in the location
  --     they are being used. Thus in the main PKIX document you would
  --     have
  --
  --  SIGNED{ToBeSigned} ::= SEQUENCE { iso(1) member-body(2) usa(840) rsadsi(113549) pkcs(1) pkcs-9(9)
      smime(16) attributes(2)}
  -- S/MIME Capabilities provides a method of broadcasting the symmetric      toBeSigned  ToBeSigned,
  -- capabilities understood.  Algorithms SHOULD be ordered by      algorithm   AlgorithmIdentifier
  -- preference         {SIGNATURE-ALGORITHM, {Sa-PKIXAlgorithms, ...}},
  --      signature   BIT STRING
  --  }
  --
  --  Future versions might include additional algorithm drafts and grouped by type

  attr-smimeCapabilities CMS-ATTRIBUTE
  --      use the line
  --      algorithm   AlgorithmIdentifier
  --          {SIGNATURE-ALGORITHM,
  --             {Sa-PKIXAlgorithms, ..., Sa-NewPKIXAlgorithms}},
  --

  --  Signature algorithms in this document

  Sa-CMSAlgorithms SIGNATURE-ALGORITHM ::= { TYPE SMIMECapabilities IDENTIFIED BY smimeCapabilities
          sa-dsa-with-sha1 |
          sa-md5WithRSAEncryption |
          sa-sha1WithRSAEncryption }

  smimeCapabilities OBJECT IDENTIFIER

  --  Hash algorthms in this document

  Mda-CMSAlgorithms DIGEST-ALGORITHM ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
      15 mda-md5 |
          mda-sha1 }

  SMIME-CAPS

  --  Public Key Algorithms in this document

  Pk-CMSAlgorithms PUBLIC-KEY ::= CLASS {
      &Type   OPTIONAL,
      &id     OBJECT IDENTIFIER UNIQUE
  }
  WITH SYNTAX {TYPE &Type IDENTIFIED BY &id pk-dsa | pk-rsa | pk-dh  }

  SMIMECapability

  --

  Kta-CMSAlgorithms KEY-TRANSPORT ::= SEQUENCE {
     capabilityID   SMIME-CAPS.
                        &id({SMimeCapsSet}),
     parameters     SMIME-CAPS.
                         &Type({SMimeCapsSet}{@capabilityID}) OPTIONAL
  }

  SMimeCapsSet SMIME-CAPS {...}

  --  Key Agreement Algorithms

  Kaa-CMSAlgorithms KEY-AGREE ::=
      { cap-preferBinaryInside {kaa-esdh | cap-RC2CBC, kaa-ssdh}

  --  Key Wrap Algorithms

  Kwa-CMSAlgorithms KEY-WRAP ::= { ... }

  SMIMECapabilities

  -- Message Authenticaiton Code Algorithms
  Mac-CMSAlgorithms MAC-ALGORITHM ::= SEQUENCE OF SMIMECapability {...}

  -- Encryption Key Preference provides a method of broadcasting the

  Cea-CMSAlgorithms CONTENT-ENCRYPTION ::= {...}

  -- preferred encryption certificate.

  attr-encrypKeyPref CMS-ATTRIBUTE Algorithm Identifiers

  sha-1 OBJECT IDENTIFIER ::= { TYPE SMIMEEncryptionKeyPreference
          IDENTIFIED BY id-aa-encrypKeyPref iso(1) identified-organization(3)
     oiw(14) secsig(3) algorithm(2) 26 }

  id-aa-encrypKeyPref

  md5 OBJECT IDENTIFIER ::= {id-aa 11}

  SMIMEEncryptionKeyPreference { iso(1) member-body(2) us(840)
     rsadsi(113549) digestAlgorithm(2) 5 }

  id-dsa OBJECT IDENTIFIER ::= CHOICE  {
     issuerAndSerialNumber   [0] IssuerAndSerialNumber,
     receipentKeyId          [1] RecipientKeyIdentifier,
     subjectAltKeyIdentifier [2] SubjectKeyIdentifier iso(1) member-body(2) us(840)
     x9-57(10040) x9cm(4) 1 }

  id-smime

  id-dsa-with-sha1 OBJECT IDENTIFIER ::=  { iso(1) member-body(2)
     us(840) x9-57(10040) x9cm(4) 3 }

  rsaEncryption OBJECT IDENTIFIER ::= { iso(1) member-body(2)
     us(840) rsadsi(113549) pkcs(1) pkcs9(9) 16 pkcs-1(1) 1 }

  id-cap

  md5WithRSAEncryption OBJECT IDENTIFIER ::= { id-smime 11 iso(1)
     member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 4 }

  -- The preferBinaryInside indicates an ability to receive messages
  -- with binary encoding inside the CMS wrapper

  cap-preferBinaryInside SMIME-CAPS

  sha1WithRSAEncryption OBJECT IDENTIFIER ::= { TYPE NULL IDENTIFIED BY id-cap-preferBinaryInside iso(1)
     member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) 5 }

  id-cap-preferBinaryInside

  dh-public-number OBJECT IDENTIFIER ::= { id-cap iso(1) member-body(2)
     us(840) ansi-x942(10046) number-type(2) 1 }

  --  The following list the OIDs to be used with S/MIME V3

  -- Signature Algorithms Not Found in [CMSALG]
  --
  -- md2WithRSAEncryption

  id-alg-ESDH OBJECT IDENTIFIER ::=
  --    {iso(1) { iso(1) member-body(2) us(840)
     rsadsi(113549) pkcs(1) pkcs-1(1)
  --     2}
  --
  -- Other Signed Attributes
  --
  -- signingTime pkcs-9(9) smime(16) alg(3) 5 }

  id-alg-SSDH OBJECT IDENTIFIER ::=
  --    {iso(1) { iso(1) member-body(2) us(840)
     rsadsi(113549) pkcs(1) pkcs-9(9)
  --     5}
  --    See [CMS] for a description of how to encode the attribute
  --    value.

  cap-RC2CBC SMIME-CAPS smime(16) alg(3) 10 }

  id-alg-CMS3DESwrap OBJECT IDENTIFIER ::= { TYPE SMIMECapabilitiesParametersForRC2CBC
          IDENTIFIED BY rc2-cbc}
  SMIMECapabilitiesParametersForRC2CBC ::= INTEGER (40 | 128, ...)
  --    (RC2 Key Length iso(1) member-body(2)
     us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 6 }

  id-alg-CMSRC2wrap OBJECT IDENTIFIER ::= { iso(1) member-body(2)
     us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) alg(3) 7 }

  des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2)
     us(840) rsadsi(113549) encryptionAlgorithm(3) 7 }
  rc2-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
     rsadsi(113549) encryptionAlgorithm(3) 2 }

  hMAC-SHA1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
     dod(6) internet(1) security(5) mechanisms(5) 8 1 2 }

  id-PBKDF2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
     rsadsi(113549) pkcs(1) pkcs-5(5) 12 }

  -- Public Key Types

  Dss-Pub-Key ::= INTEGER  -- Y

  RSAPublicKey ::= SEQUENCE {
      modulus INTEGER,  -- n
      publicExponent INTEGER }  -- e

  DHPublicKey ::= INTEGER  -- y = g^x mod p

  -- Signature Value Types

  Dss-Sig-Value ::= SEQUENCE {
      r INTEGER,
      s INTEGER }

  -- Algorithm Identifier Parameter Types

  Dss-Parms ::= SEQUENCE {
      p INTEGER,
      q INTEGER,
      g INTEGER }

  DHDomainParameters ::= SEQUENCE {
      p INTEGER,  -- odd prime, p=jq +1
      g INTEGER,  -- generator, g
      q INTEGER,  -- factor of p-1
      j INTEGER OPTIONAL,  -- subgroup factor
      validationParms ValidationParms OPTIONAL }

  ValidationParms ::= SEQUENCE {
      seed BIT STRING,
      pgenCounter INTEGER }

  KeyWrapAlgorithm ::=
      AlgorithmIdentifier {KEY-WRAP, {Kwa-CMSAlgorithms }}

  RC2wrapParameter ::= RC2ParameterVersion
  RC2ParameterVersion ::= INTEGER

  CBCParameter ::= IV

  IV ::= OCTET STRING  -- exactly 8 octets

  RC2CBCParameter ::= SEQUENCE {
      rc2ParameterVersion INTEGER (1..256),
      iv OCTET STRING  }  -- exactly 8 octets

  maca-hMAC-SHA1 MAC-ALGORITHM ::= {
      OID hMAC-SHA1
      PARAMS NULL ARE required
  }

  -- Another way to do the following would be:
  -- alg-hMAC-SHA1 AlgorithmIdentifier{{PBKDF2-PRFs}} ::=
  --  { algorithm hMAC-SHA1, parameters NULL:NULL }

  PBKDF2-PRFsAlgorithmIdentifier ::= AlgorithmIdentifier{ ALGORITHM,
                                         {PBKDF2-PRFs} }

  alg-hMAC-SHA1 -- PBKDF2-PRFsAlgorithmIdentifier ::=
  ALGORITHM ::=
      { IDENTIFIER hMAC-SHA1 PARAMS NULL }

  PBKDF2-SaltSources ALGORITHM ::= { ... }

  PBKDF2-PRFs ALGORITHM ::= { alg-hMAC-SHA1, ... }

  PBKDF2-SaltSourcesAlgorithmIdentifier ::=
      AlgorithmIdentifier {ALGORITHM, {PBKDF2-SaltSources}}

  defaultPBKDF2 PBKDF2-PRFsAlgorithmIdentifier ::=
      { algorithm alg-hMAC-SHA1.&id, parameters NULL:NULL }

  PBKDF2-params ::= SEQUENCE {
      salt CHOICE {
          specified OCTET STRING,
          otherSource PBKDF2-SaltSourcesAlgorithmIdentifier },
      iterationCount INTEGER (1..MAX),
      keyLength INTEGER (1..MAX) OPTIONAL,
      prf PBKDF2-PRFsAlgorithmIdentifier DEFAULT
              defaultPBKDF2
          }

  mda-sha1 DIGEST-ALGORITHM ::= {
          IDENTIFIER sha-1 PARAMS NULL ARE preferedAbsent }
  mda-md5 DIGEST-ALGORITHM ::= {
          IDENTIFIER md5 PARAMS NULL ARE preferedAbsent }

  pk-dsa PUBLIC-KEY ::= {
          IDENTIFIER id-dsa
          KEY Dss-Pub-Key
          PARAMS Dss-Parms ARE inheritable
  }

  sa-dsa-with-sha1 SIGNATURE-ALGORITHM ::= {
          IDENTIFIER id-dsa-with-sha1
          VALUE Dss-Sig-Value
          PARAMS Dss-Parms ARE inheritable
          USES {mda-sha1}
          PUBKEYS {pk-dsa}
          }

  pk-rsa PUBLIC-KEY ::= {
          IDENTIFIER rsaEncryption
          KEY RSAPublicKey
          PARAMS NULL ARE required
  }

  sa-rsa SIGNATURE-ALGORITHM ::= {
          IDENTIFIER rsaEncryption
          -- value is not ASN.1 encoded
          PARAMS NULL ARE required
          USES {mda-sha1 | mda-md5, ...}
          PUBKEYS { pk-rsa}
  }

  sa-sha1WithRSAEncryption SIGNATURE-ALGORITHM ::= {
          IDENTIFIER sha1WithRSAEncryption
          -- value is not ASN.1 encoded
          PARAMS NULL ARE required
          USES {mda-sha1}
          PUBKEYS {pk-rsa}
  }

  sa-md5WithRSAEncryption SIGNATURE-ALGORITHM ::= {
          IDENTIFIER md5WithRSAEncryption
          -- value is not ASN.1 encoded
          PARAMS NULL ARE required
          USES {mda-md5}
          PUBKEYS {pk-rsa}
  }

  -- No ASN.1 encoding is applied to the signature value
  --    for these items

  pk-dh PUBLIC-KEY ::= {
       IDENTIFIER dh-public-number
       KEY DHPublicKey
       PARAMS DHDomainParameters ARE inheritable
  }

  kaa-esdh KEY-AGREE ::= {
       IDENTIFIER id-alg-ESDH
       PARAMS KeyWrapAlgorithm ARE required
       PUBLIC KEY { pk-dh }
  }

  kaa-ssdh KEY-AGREE ::= {
       IDENTIFIER id-alg-SSDH
       PARAMS KeyWrapAlgorithm ARE required
       PUBLIC KEY {pk-dh}
  }

  KeyTransportAlgorithms ALGORITHM ::= {...}

  SymmetricKeyEncryptionAlgorthms KEY-WRAP ::=
      { kwa-3DESWrap | kwa-RC2Wrap }

  kwa-3DESWrap KEY-WRAP ::= {
       IDENTIFIER id-alg-CMS3DESwrap PARAMS NULL ARE required
  }
  kwa-RC2Wrap KEY-WRAP ::= {
       IDENTIFIER id-alg-CMSRC2wrap PARAMS RC2wrapParameter ARE required
  }

  KeyDerivationAlgorithms KEY-DERIVATION ::= {
          kda-PBKDF2}

  kda-PBKDF2 KEY-DERIVATION ::= {
      IDENTIFIER id-PBKDF2
      PARAMS PBKDF2-params ARE required
  }

  ContentEncryptionAlgorthms ALGORITHM ::= {...}

  END

4.  ASN.1 Module for RFC 3565

   CMSAesRsaesOaep {iso(1) member-body(2) us(840) rsadsi(113549)
       pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-aes(19) }
   DEFINITIONS IMPLICIT TAGS ::=
   BEGIN

   -- AES information object identifiers --

   aes OBJECT IDENTIFIER ::=
       { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
       csor(3) nistAlgorithms(4)  1 }

   -- AES using CBC-chaining mode for key sizes of 128, 192, 256

   id-aes128-CBC OBJECT IDENTIFIER ::= { aes 2 }
   id-aes192-CBC OBJECT IDENTIFIER ::= { aes 22 }
   id-aes256-CBC OBJECT IDENTIFIER ::= { aes 42 }

   -- AES-IV is a the parameter for all the above object identifiers.

   AES-IV ::= OCTET STRING (SIZE(16))

   -- AES Key Wrap Algorithm Identifiers  - Parameter is absent

   id-aes128-wrap OBJECT IDENTIFIER ::= { aes 5 }
   id-aes192-wrap OBJECT IDENTIFIER ::= { aes 25 }
   id-aes256-wrap OBJECT IDENTIFIER ::= { aes 45 }

   END

5.  ASN.1 Module for RFC 3851

  SecureMimeMessageV3dot1
        { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
        smime(16) modules(0) msg-v3dot1(21) }
  DEFINITIONS IMPLICIT TAGS ::=
  BEGIN

  IMPORTS

  SubjectKeyIdentifier, IssuerAndSerialNumber, RecipientKeyIdentifier,
  CMS-ATTRIBUTE
  FROM CryptographicMessageSyntax2004
      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
      smime(16) modules(0) cms-2004(24) }

  rc2-cbc
  FROM CryptographicMessageSyntaxAlgorithms
      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
      smime(16) modules(0) cmsalg-2001(16) };

  SMimeAttributeSet CMS-ATTRIBUTE ::=
      { attr-smimeCapabilities | attr-encrypKeyPref }

  --  id-aa is the arc with all new authenticated and unauthenticated
  --  attributes produced the by S/MIME Working Group

  id-aa OBJECT IDENTIFIER ::=
      { iso(1) member-body(2) usa(840) rsadsi(113549) pkcs(1) pkcs-9(9)
      smime(16) attributes(2)}

  -- S/MIME Capabilities provides a method of broadcasting the symmetric
  -- capabilities understood.  Algorithms SHOULD be ordered by
  -- preference and grouped by type

  attr-smimeCapabilities CMS-ATTRIBUTE ::=
      { TYPE SMIMECapabilities IDENTIFIED BY smimeCapabilities }

  smimeCapabilities OBJECT IDENTIFIER ::=
      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
      15 }

  SMIME-CAPS ::= CLASS {
      &Type   OPTIONAL,
      &id     OBJECT IDENTIFIER UNIQUE
  }
  WITH SYNTAX {TYPE &Type IDENTIFIED BY &id }

  SMIMECapability ::= SEQUENCE {
     capabilityID   SMIME-CAPS.
                        &id({SMimeCapsSet}),
     parameters     SMIME-CAPS.
                         &Type({SMimeCapsSet}{@capabilityID}) OPTIONAL
  }

  SMimeCapsSet SMIME-CAPS ::=
      { cap-preferBinaryInside | cap-RC2CBC, ... }

  SMIMECapabilities ::= SEQUENCE OF SMIMECapability
  -- Encryption Key Preference provides a method of broadcasting the
  -- preferred encryption certificate.

  attr-encrypKeyPref CMS-ATTRIBUTE ::=
      { TYPE SMIMEEncryptionKeyPreference
          IDENTIFIED BY id-aa-encrypKeyPref }

  id-aa-encrypKeyPref OBJECT IDENTIFIER ::= {id-aa 11}

  SMIMEEncryptionKeyPreference ::= CHOICE {
     issuerAndSerialNumber   [0] IssuerAndSerialNumber,
     receipentKeyId          [1] RecipientKeyIdentifier,
     subjectAltKeyIdentifier [2] SubjectKeyIdentifier
  }

  id-smime OBJECT IDENTIFIER ::= { iso(1) member-body(2)
     us(840) rsadsi(113549) pkcs(1) pkcs9(9) 16 }

  id-cap  OBJECT IDENTIFIER ::= { id-smime 11 }

  -- The preferBinaryInside indicates an ability to receive messages
  -- with binary encoding inside the CMS wrapper

  cap-preferBinaryInside SMIME-CAPS ::=
      { TYPE NULL IDENTIFIED BY id-cap-preferBinaryInside }

  id-cap-preferBinaryInside  OBJECT IDENTIFIER ::= { id-cap 1 }

  --  The following list the OIDs to be used with S/MIME V3

  -- Signature Algorithms Not Found in [CMSALG]
  --
  -- md2WithRSAEncryption OBJECT IDENTIFIER ::=
  --    {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1)
  --     2}
  --
  -- Other Signed Attributes
  --
  -- signingTime OBJECT IDENTIFIER ::=
  --    {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
  --     5}
  --    See [CMS] for a description of how to encode the attribute
  --    value.

  cap-RC2CBC SMIME-CAPS ::=
      { TYPE SMIMECapabilitiesParametersForRC2CBC
          IDENTIFIED BY rc2-cbc}
  SMIMECapabilitiesParametersForRC2CBC ::= INTEGER (40 | 128, ...)
  --    (RC2 Key Length (number of bits))

  END

5.

6.  ASN.1 Module for RFC 3852

   This module has an ASN.1 idiom for noting in which noting in which version of CMS
   changes were made from the original PKCS #10; that idiom is "[[v:",
   where "v" is an integer.  For example:

   RevocationInfoChoice ::= CHOICE {
       crl CertificateList,
       ...,
       [[5: other [1] IMPLICIT OtherRevocationInfoFormat ]] }

   Similarly, this module adds the ASN.1 idiom for extensiblity (the
   "...,") in all places that have been extended in the past.  See the
   example above.

   CryptographicMessageSyntax2004
       { iso(1) member-body(2) us(840) rsadsi(113549)
       pkcs(1) pkcs-9(9) smime(16) modules(0) cms-2004(24) }
   DEFINITIONS IMPLICIT TAGS ::=
   BEGIN

   IMPORTS

   ParamOptions, DIGEST-ALGORITHM, SIGNATURE-ALGORITHM,
      PUBLIC-KEY, KEY-DERIVATION, KEY-WRAP, MAC-ALGORITHM,
      KEY-AGREE, KEY-TRANSPORT, CONTENT-ENCRYPTION, ALGORITHM,
      AlgorithmIdentifier
   FROM AlgorithmInformation
       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
       mechanisms(5) pkix(7) id-mod(0) id-mod-algorithInformation(99)}

   Sa-CMSAlgorithms, Mda-CMSAlgorithms, Kaa-CMSAlgorithms,
   Mac-CMSAlgorithms, Kwa-CMSAlgorithms, Cea-CMSAlgorithms,
   Kta-CMSAlgorithms
   FROM CryptographicMessageSyntaxAlgorithms
       { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
       smime(16) modules(0) cmsalg-2001(16) }

   Certificate, CertificateList, CertificateSerialNumber,
       Name, ATTRIBUTE
   FROM PKIX1Explicit88
       { iso(1) identified-organization(3) dod(6) internet(1)
       security(5) mechanisms(5) pkix(7) id-mod(0)
       id-pkix1-explicit(18) }

   AttributeCertificate
   FROM PKIXAttributeCertificate
       { iso(1) identified-organization(3) dod(6) internet(1)
       security(5) mechanisms(5) pkix(7) id-mod(0)
       id-mod-attribute-cert(12) }

   AttributeCertificateV1
   FROM AttributeCertificateVersion1
       { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
       smime(16) modules(0) v1AttrCert(15) } ;

   -- Cryptographic Message Syntax

   -- The following are used for version of CMS
   changes were made from numbers using the original PKCS #10; that ASN.1
   --   idiom is "[[v:",
   where "v" is an integer.  For example:

   RevocationInfoChoice "[[n:"
   --   Version 1 = PKCS #7
   --   Version 2 = S/MIME V2
   --   Version 3 = RFC 2630
   --   Version 4 = RFC 3369
   --   Version 5 = RFC 3852

   CONTENT-TYPE ::= TYPE-IDENTIFIER
   ContentType ::= CONTENT-TYPE.&id

   ContentInfo ::= SEQUENCE {
       contentType        CONTENT-TYPE.
                       &id({ContentSet}),
       content            [0] EXPLICIT CONTENT-TYPE.
                       &Type({ContentSet}{@contentType})}

   ContentSet CONTENT-TYPE ::= {
       --  Define the set of content types to be recognized.
       ct-Data | ct-SignedData | ct-EncryptedData | ct-EnvelopedData |
       ct-AuthenticatedData | ct-DigestedData, ... }

   SignedData ::= SEQUENCE {
       version CMSVersion,
       digestAlgorithms SET OF DigestAlgorithmIdentifier,
       encapContentInfo EncapsulatedContentInfo,
       certificates [0] IMPLICIT CertificateSet OPTIONAL,
       crls [1] IMPLICIT RevocationInfoChoices OPTIONAL,
       signerInfos SignerInfos }

   SignerInfos ::= SET OF SignerInfo
   EncapsulatedContentInfo ::= SEQUENCE {
       eContentType       CONTENT-TYPE.&id({ContentSet}),
       eContent           [0] EXPLICIT OCTET STRING
               ( CONTAINING CONTENT-TYPE.
                   &Type({ContentSet}{@eContentType})) OPTIONAL }

   SignerInfo ::= SEQUENCE {
       version CMSVersion,
       sid SignerIdentifier,
       digestAlgorithm DigestAlgorithmIdentifier,
       signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL,
       signatureAlgorithm SignatureAlgorithmIdentifier,
       signature SignatureValue,
       unsignedAttrs [1] IMPLICIT Attributes
           {{UnsignedAttributes}} OPTIONAL }

   SignedAttributes ::= Attributes {{ SignedAttributesSet }}

   SignerIdentifier ::= CHOICE {
       issuerAndSerialNumber IssuerAndSerialNumber,
       ...,
       [[3: subjectKeyIdentifier [0] SubjectKeyIdentifier ]] }

   SignedAttributesSet CMS-ATTRIBUTE ::=
       { attr-signingTime | attr-messageDigest | attr-contentType, ... }

   UnsignedAttributes CMS-ATTRIBUTE ::= { attr-countersignature, ... }

   SignatureValue ::= OCTET STRING

   EnvelopedData ::= CHOICE SEQUENCE {
       crl CertificateList,
       version CMSVersion,
       originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
       recipientInfos RecipientInfos,
       encryptedContentInfo EncryptedContentInfo,
       ...,
       [[5: other
       [[2: unprotectedAttrs [1] IMPLICIT OtherRevocationInfoFormat Attributes
           {{ UnprotectedAttributes }} OPTIONAL ]] }

   Similarly, this module adds the ASN.1 idiom for extensiblity (the
   "...,") in all places that have been extended in the past.  See the
   example above.

   CryptographicMessageSyntax2004
       { iso(1) member-body(2) us(840) rsadsi(113549)
       pkcs(1) pkcs-9(9) smime(16) modules(0) cms-2004(24) }
   DEFINITIONS IMPLICIT TAGS

   OriginatorInfo ::=
   BEGIN

   IMPORTS

   ALGORITHM, Certificate, CertificateList, CertificateSerialNumber,
       Name, ATTRIBUTE
   FROM PKIX1Explicit88
       { iso(1) identified-organization(3) dod(6) internet(1)
       security(5) mechanisms(5) pkix(7) id-mod(0)
       id-pkix1-explicit(18) }

   AttributeCertificate
   FROM PKIXAttributeCertificate SEQUENCE { iso(1) identified-organization(3) dod(6) internet(1)
       security(5) mechanisms(5) pkix(7) id-mod(0)
       id-mod-attribute-cert(12)
       certs [0] IMPLICIT CertificateSet OPTIONAL,
       crls [1] IMPLICIT RevocationInfoChoices OPTIONAL }

   AttributeCertificateV1
   FROM AttributeCertificateVersion1

   RecipientInfos ::= SET SIZE (1..MAX) OF RecipientInfo

   EncryptedContentInfo ::= SEQUENCE { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
       smime(16) modules(0) v1AttrCert(15)
       contentType        CONTENT-TYPE.&id({ContentSet}),
       contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
       encryptedContent   [0] IMPLICIT OCTET STRING OPTIONAL } ;

   -- Cryptographic Message Syntax If you want to do constraints, you might use:
   -- The following are used for version numbers using the ASN.1 EncryptedContentInfo ::= SEQUENCE {
   --   idiom "[[n:"  contentType        CONTENT-TYPE.&id({ContentSet}),
   --   Version 1 = PKCS #7  contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
   --   Version 2 = S/MIME V2  encryptedContent   [0] IMPLICIT ENCRYPTED {CONTENT-TYPE.
   --   Version 3 = RFC 2630      &Type({ContentSet}{@contentType}) OPTIONAL }
   --   Version 4 = RFC 3369 ENCRYPTED {ToBeEncrypted} ::= OCTET STRING ( CONSTRAINED BY
   --   Version 5 = RFC 3852

   CONTENT-TYPE        { ToBeEncrypted } )

   UnprotectedAttributes CMS-ATTRIBUTE ::= TYPE-IDENTIFIER
   ContentType  { ... }

   RecipientInfo ::= CONTENT-TYPE.&id

   ContentInfo CHOICE {
       ktri       KeyTransRecipientInfo,
       ...,
       [[3: kari [1] KeyAgreeRecipientInfo ]],
       [[4: kekri [2] KEKRecipientInfo]],
       [[5: pwri [3] PasswordRecipientInfo,
            ori  [4] OtherRecipientInfo ]] }

   EncryptedKey ::= SEQUENCE {
       contentType        CONTENT-TYPE.
                       &id({ContentSet}),
       content            [0] EXPLICIT CONTENT-TYPE.
                       &Type({ContentSet}{@contentType})}

   ContentSet CONTENT-TYPE OCTET STRING

   KeyTransRecipientInfo ::= SEQUENCE {
       version CMSVersion,  --  Define the always set of content types to be recognized.
       ct-Data | ct-SignedData | ct-EncryptedData | ct-EnvelopedData |
       ct-AuthenticatedData | ct-DigestedData, 0 or 2
       rid RecipientIdentifier,
       keyEncryptionAlgorithm AlgorithmIdentifier
           {KEY-TRANSPORT, {KeyTransportAlgorithmSet}},
       encryptedKey EncryptedKey }

   KeyTransportAlgorithmSet KEY-TRANSPORT ::= { Kta-CMSAlgorithms, ... }

   SignedData

   RecipientIdentifier ::= CHOICE {
       issuerAndSerialNumber IssuerAndSerialNumber,
       ...,
       [[2: subjectKeyIdentifier [0] SubjectKeyIdentifier ]] }

   KeyAgreeRecipientInfo ::= SEQUENCE {
       version CMSVersion,
       digestAlgorithms SET OF DigestAlgorithmIdentifier,
       encapContentInfo EncapsulatedContentInfo,
       certificates  -- always set to 3
       originator [0] IMPLICIT CertificateSet OPTIONAL,
       crls EXPLICIT OriginatorIdentifierOrKey,
       ukm [1] IMPLICIT RevocationInfoChoices EXPLICIT UserKeyingMaterial OPTIONAL,
       signerInfos SignerInfos
       keyEncryptionAlgorithm AlgorithmIdentifier
           {KEY-AGREE, {KeyAgreementAlgorithmSet}},
       recipientEncryptedKeys RecipientEncryptedKeys }

   DigestAlgorithmList ALGORITHM

   KeyAgreementAlgorithmSet KEY-AGREE ::= { -- alg-sha-1 | alg-md5, -- Kaa-CMSAlgorithms, ... }

   SignatureAlgorithmList ALGORITHM

   OriginatorIdentifierOrKey ::= CHOICE { -- alg-dsa-with-sha1 | alg-md5WithRSAEncryption --
           -- | alg-sha1WithRSAEncryption, -- ...
       issuerAndSerialNumber IssuerAndSerialNumber,
       subjectKeyIdentifier [0] SubjectKeyIdentifier,
       originatorKey [1] OriginatorPublicKey }

   SignerInfos

   OriginatorPublicKey ::= SET SEQUENCE {
       algorithm AlgorithmIdentifier {PUBLIC-KEY, {...}},
       publicKey BIT STRING }

   RecipientEncryptedKeys ::= SEQUENCE OF SignerInfo

   EncapsulatedContentInfo RecipientEncryptedKey

   RecipientEncryptedKey ::= SEQUENCE {
       eContentType       CONTENT-TYPE.&id({ContentSet}),
       eContent
       rid KeyAgreeRecipientIdentifier,
       encryptedKey EncryptedKey }

   KeyAgreeRecipientIdentifier ::= CHOICE {
       issuerAndSerialNumber IssuerAndSerialNumber,
       rKeyId [0] EXPLICIT IMPLICIT RecipientKeyIdentifier }

   RecipientKeyIdentifier ::= SEQUENCE {
       subjectKeyIdentifier SubjectKeyIdentifier,
       date GeneralizedTime OPTIONAL,
       other OtherKeyAttribute OPTIONAL }

   SubjectKeyIdentifier ::= OCTET STRING
               ( CONTAINING CONTENT-TYPE.
                   &Type({ContentSet}{@eContentType}))

   KEKRecipientInfo ::= SEQUENCE {
       version CMSVersion,  -- always set to 4
       kekid KEKIdentifier,
       keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
       encryptedKey EncryptedKey }

   KEKIdentifier ::= SEQUENCE {
       keyIdentifier OCTET STRING,
       date GeneralizedTime OPTIONAL,
       other OtherKeyAttribute OPTIONAL }

   SignerInfo

   PasswordRecipientInfo ::= SEQUENCE {
       version CMSVersion,
       sid SignerIdentifier,
       digestAlgorithm DigestAlgorithmIdentifier,
       signedAttrs   -- always set to 0
       keyDerivationAlgorithm [0] IMPLICIT SignedAttributes KeyDerivationAlgorithmIdentifier
                               OPTIONAL,
       signatureAlgorithm SignatureAlgorithmIdentifier,
       signature SignatureValue,
       unsignedAttrs [1] IMPLICIT Attributes
           {{UnsignedAttributes}} OPTIONAL
       keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
       encryptedKey EncryptedKey }

   SignedAttributes

   OTHER-RECIPIENT ::= Attributes {{ SignedAttributesSet }}

   SignerIdentifier TYPE-IDENTIFIER

   OtherRecipientInfo ::= CHOICE SEQUENCE {
       issuerAndSerialNumber IssuerAndSerialNumber,
       ...,
       [[3: subjectKeyIdentifier [0] SubjectKeyIdentifier ]] }

   SignedAttributesSet CMS-ATTRIBUTE
       oriType    OTHER-RECIPIENT.
               &id({SupportedOtherRecipInfo}),
       oriValue   OTHER-RECIPIENT.
               &Type({SupportedOtherRecipInfo}{@oriType})}

   SupportedOtherRecipInfo OTHER-RECIPIENT ::= { attr-signingTime | attr-messageDigest | attr-contentType, ... }

   UnsignedAttributes CMS-ATTRIBUTE

   DigestedData ::= SEQUENCE { attr-countersignature, ...
       version CMSVersion,
       digestAlgorithm DigestAlgorithmIdentifier,
       encapContentInfo EncapsulatedContentInfo,
       digest Digest }

   SignatureValue

   Digest ::= OCTET STRING

   EnvelopedData

   EncryptedData ::= SEQUENCE {
       version CMSVersion,
       originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
       recipientInfos RecipientInfos,
       encryptedContentInfo EncryptedContentInfo,
       ...,
       [[2: unprotectedAttrs [1] IMPLICIT Attributes
           {{ UnprotectedAttributes }}
           {{UnprotectedAttributes}} OPTIONAL ]] }

   OriginatorInfo

   AuthenticatedData ::= SEQUENCE {
       certs
       version CMSVersion,
       originatorInfo [0] IMPLICIT CertificateSet OriginatorInfo OPTIONAL,
       crls
       recipientInfos RecipientInfos,
       macAlgorithm MessageAuthenticationCodeAlgorithm,
       digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL,
       encapContentInfo EncapsulatedContentInfo,
       authAttrs [2] IMPLICIT RevocationInfoChoices AuthAttributes OPTIONAL,
       mac MessageAuthenticationCode,
       unauthAttrs [3] IMPLICIT UnauthAttributes OPTIONAL }

   RecipientInfos

   AuthAttributes ::= SET SIZE (1..MAX) OF RecipientInfo

   EncryptedContentInfo Attribute
       {{SupportedAttributes}}

   UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute
       {{SupportedAttributes}}

   MessageAuthenticationCode ::= SEQUENCE {
       contentType        CONTENT-TYPE.&id({ContentSet}),
       contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
       encryptedContent   [0] IMPLICIT OCTET STRING OPTIONAL }

   -- If you want to do constraints, you might use:
   -- EncryptedContentInfo

   DigestAlgorithmIdentifier ::= SEQUENCE {
   --  contentType        CONTENT-TYPE.&id({ContentSet}),
   --  contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,
   --  encryptedContent   [0] IMPLICIT ENCRYPTED {CONTENT-TYPE.
   --      &Type({ContentSet}{@contentType}) OPTIONAL }
   -- ENCRYPTED {ToBeEncrypted} AlgorithmIdentifier
       {DIGEST-ALGORITHM, {DigestAlgorithmSet}}

   DigestAlgorithmSet DIGEST-ALGORITHM ::= OCTET STRING ( CONSTRAINED BY
   -- { ToBeEncrypted Mda-CMSAlgorithms, ... } )
   ContentEncryptionAlgorithmList ALGORITHM

   SignatureAlgorithmIdentifier ::= AlgorithmIdentifier
       {SIGNATURE-ALGORITHM, {SignatureAlgorithmSet}}

   SignatureAlgorithmSet SIGNATURE-ALGORITHM ::=
       { -- alg-des-ede3-cbc | alg-rd2-cbc, -- Sa-CMSAlgorithms, ... }

   UnprotectedAttributes CMS-ATTRIBUTE

   KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
       {KEY-WRAP, {KeyEncryptionAlgorithmSet}}

   KeyEncryptionAlgorithmSet KEY-WRAP ::= { Kwa-CMSAlgorithms, ... }

   RecipientInfo

   ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
       {CONTENT-ENCRYPTION, {ContentEncryptionAlgorithmSet}}

   ContentEncryptionAlgorithmSet CONTENT-ENCRYPTION ::= CHOICE
       {
       ktri       KeyTransRecipientInfo,
       ...,
       [[3: kari [1] KeyAgreeRecipientInfo ]],
       [[4: kekri [2] KEKRecipientInfo]],
       [[5: pwri [3] PasswordRecipientInfo,
            ori  [4] OtherRecipientInfo ]] Cea-CMSAlgorithms, ... }

   EncryptedKey ::= OCTET STRING

   KeyTransRecipientInfo

   MessageAuthenticationCodeAlgorithm ::= SEQUENCE {
       version CMSVersion,  -- always set to 0 or 2
       rid RecipientIdentifier,
       keyEncryptionAlgorithm AlgorithmIdentifier
           {{KeyTransportAlgorithmList}},
       encryptedKey EncryptedKey }

   KeyTransportAlgorithmList ALGORITHM
       {MAC-ALGORITHM, {MessageAuthenticationCodeAlgorithmSet}}

   MessageAuthenticationCodeAlgorithmSet MAC-ALGORITHM ::=
       { -- alg-rsaEncryption, -- Mac-CMSAlgorithms, ... }

   RecipientIdentifier

   KeyDerivationAlgorithmIdentifier ::= AlgorithmIdentifier
       {KEY-DERIVATION, {...}}

   RevocationInfoChoices ::= SET OF RevocationInfoChoice

   RevocationInfoChoice ::= CHOICE {
       issuerAndSerialNumber IssuerAndSerialNumber,
       crl CertificateList,
       ...,
       [[2: subjectKeyIdentifier [0] SubjectKeyIdentifier
       [[5: other [1] IMPLICIT OtherRevocationInfoFormat ]] }

   KeyAgreeRecipientInfo

   OTHER-REVOK-INFO ::= TYPE-IDENTIFIER

   OtherRevocationInfoFormat ::= SEQUENCE {
       version CMSVersion,  -- always set to 3
       originator [0] EXPLICIT OriginatorIdentifierOrKey,
       ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL,
       keyEncryptionAlgorithm AlgorithmIdentifier
           {{KeyAgreementAlgorithmList}},
       recipientEncryptedKeys RecipientEncryptedKeys }

   KeyAgreementAlgorithmList ALGORITHM
       otherRevInfoFormat    OTHER-REVOK-INFO.
               &id({SupportedOtherRevokInfo}),
       otherRevInfo          OTHER-REVOK-INFO.
               &Type({SupportedOtherRevokInfo}{@otherRevInfoFormat})}

   SupportedOtherRevokInfo OTHER-REVOK-INFO ::= { -- alg-ESDH | alg-SSDH, -- ... }

   OriginatorIdentifierOrKey

   CertificateChoices ::= CHOICE {
       issuerAndSerialNumber IssuerAndSerialNumber,
       subjectKeyIdentifier
       certificate Certificate,
       extendedCertificate [0] SubjectKeyIdentifier,
       originatorKey IMPLICIT ExtendedCertificate,
            -- Obsolete
       ...,
       [[3: v1AttrCert [1] OriginatorPublicKey IMPLICIT AttributeCertificateV1]],
            -- Obsolete
       [[4: v2AttrCert [2] IMPLICIT AttributeCertificateV2]],
       [[5: other      [3] IMPLICIT OtherCertificateFormat]] }

   OriginatorPublicKey
   AttributeCertificateV2 ::= AttributeCertificate

   OTHER-CERT-FMT ::= TYPE-IDENTIFIER

   OtherCertificateFormat ::= SEQUENCE {
       algorithm AlgorithmIdentifier {{AlgorithmList}},
       publicKey BIT STRING
       otherCertFormat OTHER-CERT-FMT.
               &id({SupportedCertFormats}),
       otherCert       OTHER-CERT-FMT.
               &Type({SupportedCertFormats}{@otherCertFormat})}

   SupportedCertFormats OTHER-CERT-FMT ::= { ... }

   RecipientEncryptedKeys

   CertificateSet ::= SEQUENCE SET OF RecipientEncryptedKey

   RecipientEncryptedKey CertificateChoices

   IssuerAndSerialNumber ::= SEQUENCE {
       rid KeyAgreeRecipientIdentifier,
       encryptedKey EncryptedKey
       issuer Name,
       serialNumber CertificateSerialNumber }

   KeyEncryptKeyAlgorithmList ALGORITHM

   CMSVersion ::= INTEGER  { -- alg-CMS3DESwrap | alg-CMSRC2wrap, -- ... v0(0), v1(1), v2(2), v3(3), v4(4), v5(5) }

   KeyEncryptionAlgorithmList ALGORITHM

   UserKeyingMaterial ::= OCTET STRING

   KEY-ATTRIBUTE ::= TYPE-IDENTIFIER

   OtherKeyAttribute ::= SEQUENCE { ... }

   KeyAgreeRecipientIdentifier
       keyAttrId  KEY-ATTRIBUTE.
               &id({SupportedKeyAttributes}),
       keyAttr    KEY-ATTRIBUTE.
               &Type({SupportedKeyAttributes}{@keyAttrId})}

   SupportedKeyAttributes KEY-ATTRIBUTE ::= CHOICE {
       issuerAndSerialNumber IssuerAndSerialNumber,
       rKeyId [0] IMPLICIT RecipientKeyIdentifier ... }

   RecipientKeyIdentifier

   -- Content Type Object Identifiers

   id-ct-contentInfo OBJECT IDENTIFIER ::= SEQUENCE {
       subjectKeyIdentifier SubjectKeyIdentifier,
       date GeneralizedTime OPTIONAL,
       other OtherKeyAttribute OPTIONAL iso(1) member-body(2)
      us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) ct(1) 6 }

   SubjectKeyIdentifier

   ct-Data CONTENT-TYPE ::= OCTET {OCTET STRING

   KEKRecipientInfo IDENTIFIED BY id-data}

   id-data OBJECT IDENTIFIER ::= SEQUENCE {
       version CMSVersion,  -- always set to 4
       kekid KEKIdentifier,
       keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
       encryptedKey EncryptedKey iso(1) member-body(2)
      us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 }

   KEKIdentifier

   ct-SignedData CONTENT-TYPE ::= SEQUENCE
       {
       keyIdentifier OCTET STRING,
       date GeneralizedTime OPTIONAL,
       other OtherKeyAttribute OPTIONAL }

   PasswordRecipientInfo SignedData IDENTIFIED BY id-signedData}

   id-signedData OBJECT IDENTIFIER ::= SEQUENCE {
       version CMSVersion,   -- always set to 0
       keyDerivationAlgorithm [0] KeyDerivationAlgorithmIdentifier
                               OPTIONAL,
       keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,
       encryptedKey EncryptedKey iso(1) member-body(2)
      us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2 }

   OTHER-RECIPIENT
   ct-EnvelopedData CONTENT-TYPE ::= TYPE-IDENTIFIER

   OtherRecipientInfo
       { EnvelopedData IDENTIFIED BY id-envelopedData}

   id-envelopedData OBJECT IDENTIFIER ::= SEQUENCE {
       oriType    OTHER-RECIPIENT.
               &id({SupportedOtherRecipInfo}),
       oriValue   OTHER-RECIPIENT.

               &Type({SupportedOtherRecipInfo}{@oriType})}

   SupportedOtherRecipInfo OTHER-RECIPIENT iso(1) member-body(2)
      us(840) rsadsi(113549) pkcs(1) pkcs7(7) 3 }

   ct-DigestedData CONTENT-TYPE ::=
       { ... } DigestedData IDENTIFIED BY id-digestedData}

   id-digestedData OBJECT IDENTIFIER ::= SEQUENCE {
       version CMSVersion,
       digestAlgorithm DigestAlgorithmIdentifier,
       encapContentInfo EncapsulatedContentInfo,
       digest Digest iso(1) member-body(2)
      us(840) rsadsi(113549) pkcs(1) pkcs7(7) 5 }

   Digest

   ct-EncryptedData CONTENT-TYPE ::= OCTET STRING
       { EncryptedData IDENTIFIED BY id-encryptedData}

   id-encryptedData OBJECT IDENTIFIER ::= SEQUENCE {
       version CMSVersion,
       encryptedContentInfo EncryptedContentInfo,
       ...,
       [[2: unprotectedAttrs [1] IMPLICIT Attributes
           {{UnprotectedAttributes}} OPTIONAL ]] iso(1) member-body(2)
      us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6 }

   ct-AuthenticatedData CONTENT-TYPE ::=
       { AuthenticatedData IDENTIFIED BY id-ct-authData}

   id-ct-authData OBJECT IDENTIFIER ::= SEQUENCE {
       version CMSVersion,
       originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
       recipientInfos RecipientInfos,
       macAlgorithm MessageAuthenticationCodeAlgorithm,
       digestAlgorithm [1] DigestAlgorithmIdentifier OPTIONAL,
       encapContentInfo EncapsulatedContentInfo,
       authAttrs [2] IMPLICIT AuthAttributes OPTIONAL,
       mac MessageAuthenticationCode,
       unauthAttrs [3] IMPLICIT UnauthAttributes OPTIONAL iso(1) member-body(2)
      us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 2 }

   AuthAttributes ::= SET SIZE (1..MAX) OF Attribute
       {{SupportedAttributes}}

   UnauthAttributes ::= SET SIZE (1..MAX) OF Attribute
       {{SupportedAttributes}}

   MessageAuthenticationCode

   -- The CMS Attributes

   MessageDigest ::= OCTET STRING

   DigestAlgorithmIdentifier

   SigningTime  ::= AlgorithmIdentifier
       {{DigestAlgorithmList}}

   SignatureAlgorithmIdentifier Time

   Time ::= AlgorithmIdentifier
       {{SignatureAlgorithmList}}

   KeyEncryptionAlgorithmIdentifier CHOICE {
       utcTime UTCTime,
       generalTime GeneralizedTime }

   Countersignature ::= AlgorithmIdentifier
       {{KeyEncryptionAlgorithmList}}

   ContentEncryptionAlgorithmIdentifier SignerInfo

   -- Attribute Object Identifiers

   attr-contentType CMS-ATTRIBUTE ::= AlgorithmIdentifier
       {{ContentEncryptionAlgorithmList}}

   MessageAuthenticationCodeAlgorithm
       { TYPE ContentType IDENTIFIED BY id-contentType }

   id-contentType OBJECT IDENTIFIER ::= AlgorithmIdentifier
       {{AlgorithmList}}

   KeyDerivationAlgorithmIdentifier { iso(1) member-body(2)
      us(840) rsadsi(113549) pkcs(1) pkcs9(9) 3 }

   attr-messageDigest CMS-ATTRIBUTE ::= AlgorithmIdentifier
       {{AlgorithmList}}

   AlgorithmList ALGORITHM
       { TYPE MessageDigest IDENTIFIED BY id-messageDigest}

   id-messageDigest OBJECT IDENTIFIER ::= { ... iso(1) member-body(2)
      us(840) rsadsi(113549) pkcs(1) pkcs9(9) 4 }

   RevocationInfoChoices ::= SET OF RevocationInfoChoice

   RevocationInfoChoice

   attr-signingTime CMS-ATTRIBUTE ::= CHOICE
       {
       crl CertificateList,
       ...,
       [[5: other [1] IMPLICIT OtherRevocationInfoFormat ]] TYPE SigningTime IDENTIFIED BY id-signingTime }

   OTHER-REVOK-INFO

   id-signingTime OBJECT IDENTIFIER ::= TYPE-IDENTIFIER

   OtherRevocationInfoFormat { iso(1) member-body(2)
      us(840) rsadsi(113549) pkcs(1) pkcs9(9) 5 }

   attr-countersignature CMS-ATTRIBUTE ::= SEQUENCE
       {
       otherRevInfoFormat    OTHER-REVOK-INFO.
               &id({SupportedOtherRevokInfo}),
       otherRevInfo          OTHER-REVOK-INFO.
               &Type({SupportedOtherRevokInfo}{@otherRevInfoFormat})}

   SupportedOtherRevokInfo OTHER-REVOK-INFO TYPE Countersignature IDENTIFIED BY id-countersignature }

   id-countersignature OBJECT IDENTIFIER ::= { ... iso(1) member-body(2)
      us(840) rsadsi(113549) pkcs(1) pkcs9(9) 6 }

   CertificateChoices

   -- Obsolete Extended Certificate syntax from PKCS#6

   ExtendedCertificateOrCertificate ::= CHOICE {
       certificate Certificate,
       extendedCertificate [0] IMPLICIT ExtendedCertificate,
            -- Obsolete
       ...,
       [[3: v1AttrCert [1] IMPLICIT AttributeCertificateV1]],
            -- Obsolete
       [[4: v2AttrCert [2] IMPLICIT AttributeCertificateV2]],
       [[5: other      [3] IMPLICIT OtherCertificateFormat]] ExtendedCertificate }

   AttributeCertificateV2

   ExtendedCertificate ::= AttributeCertificate

   OTHER-CERT-FMT SEQUENCE {
       extendedCertificateInfo ExtendedCertificateInfo,
       signatureAlgorithm SignatureAlgorithmIdentifier,
       signature Signature }

   ExtendedCertificateInfo ::= TYPE-IDENTIFIER

   OtherCertificateFormat SEQUENCE {
       version CMSVersion,
       certificate Certificate,
       attributes UnauthAttributes }

   Signature ::= BIT STRING

   --  Class definitions used in the module

   CMS-ATTRIBUTE ::= ATTRIBUTE

   Attribute{ CMS-ATTRIBUTE:AttrList } ::= SEQUENCE {
       otherCertFormat OTHER-CERT-FMT.
               &id({SupportedCertFormats}),
       otherCert       OTHER-CERT-FMT.
               &Type({SupportedCertFormats}{@otherCertFormat})}

   SupportedCertFormats OTHER-CERT-FMT
       attrType           CMS-ATTRIBUTE.
               &id({AttrList}),
       attrValues         SET OF CMS-ATTRIBUTE.
               &Type({AttrList}{@attrType})  }

   SupportedAttributes CMS-ATTRIBUTE ::= { ... }
   CertificateSet

   Attributes { CMS-ATTRIBUTE:AttrList } ::=
       SET SIZE (1..MAX) OF CertificateChoices

   IssuerAndSerialNumber ::= SEQUENCE Attribute {{ AttrList }}

   END

7.  ASN.1 Module for RFC 4108

  CMSFirmwareWrapper
      {
       issuer Name,
       serialNumber CertificateSerialNumber iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
      smime(16) modules(0) cms-firmware-wrap(22) }

   CMSVersion
  DEFINITIONS IMPLICIT TAGS ::= INTEGER
  BEGIN

  IMPORTS

  OTHER-NAME
  FROM PKIX1Implicit88
      { v0(0), v1(1), v2(2), v3(3), v4(4), v5(5) iso(1) identified-organization(3) dod(6) internet(1) security(5)
      mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit(19) }

   UserKeyingMaterial

  EnvelopedData, CONTENT-TYPE, CMS-ATTRIBUTE
  FROM CryptographicMessageSyntax
      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
      smime(16) modules(0) cms-2004(24) };

  FirmwareContentTypes CONTENT-TYPE ::= OCTET STRING

   KEY-ATTRIBUTE {
          ct-firmwarePackage | ct-firmwareLoadReceipt |
          ct-firmwareLoadError }

  FirmwareSignedAttrs CMS-ATTRIBUTE ::= TYPE-IDENTIFIER

   OtherKeyAttribute {
          aa-firmwarePackageID | aa-targetHardwareIDs |
          aa-decryptKeyID | aa-implCryptoAlgs | aa-implCompressAlgs |
          aa-communityIdentifiers | aa-firmwarePackageInfo }

  FirmwareUnsignedAttrs CMS-ATTRIBUTE ::= SEQUENCE {
       keyAttrId  KEY-ATTRIBUTE.
               &id({SupportedKeyAttributes}),
       keyAttr    KEY-ATTRIBUTE.
               &Type({SupportedKeyAttributes}{@keyAttrId})}

   SupportedKeyAttributes KEY-ATTRIBUTE
          aa-wrappedFirmwareKey }

  FirmwareOtherNames OTHER-NAME ::= { ...
          on-hardwareModuleName }

  -- Firmware Package Content Type and Object Identifiers

   id-ct-contentInfo OBJECT IDENTIFIER ::= { iso(1) member-body(2)
      us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) ct(1) 6 }

   ct-Data Identifier

  ct-firmwarePackage CONTENT-TYPE ::= {OCTET STRING
          { FirmwarePkgData IDENTIFIED BY id-data}

   id-data id-ct-firmwarePackage }

  id-ct-firmwarePackage OBJECT IDENTIFIER ::= {
      iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 1 pkcs9(9)
      smime(16) ct(1) 16 }

   ct-SignedData CONTENT-TYPE

  FirmwarePkgData ::= OCTET STRING

  -- Firmware Package Signed Attributes and Object Identifiers
  aa-firmwarePackageID CMS-ATTRIBUTE ::=
      { SignedData TYPE FirmwarePackageIdentifier IDENTIFIED BY id-signedData}

   id-signedData
          id-aa-firmwarePackageID }

  id-aa-firmwarePackageID OBJECT IDENTIFIER ::= {
      iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2 pkcs9(9)
      smime(16) aa(2) 35 }

   ct-EnvelopedData CONTENT-TYPE

  FirmwarePackageIdentifier ::= SEQUENCE { EnvelopedData IDENTIFIED BY id-envelopedData}

   id-envelopedData
      name PreferredOrLegacyPackageIdentifier,
      stale PreferredOrLegacyStalePackageIdentifier OPTIONAL }

  PreferredOrLegacyPackageIdentifier ::= CHOICE {
      preferred PreferredPackageIdentifier,
      legacy OCTET STRING }

  PreferredPackageIdentifier ::= SEQUENCE {
      fwPkgID OBJECT IDENTIFIER IDENTIFIER,
      verNum INTEGER (0..MAX) }

  PreferredOrLegacyStalePackageIdentifier ::= CHOICE { iso(1) member-body(2)
      us(840) rsadsi(113549) pkcs(1) pkcs7(7) 3
      preferredStaleVerNum INTEGER (0..MAX),
      legacyStaleVersion OCTET STRING }

   ct-DigestedData CONTENT-TYPE

  aa-targetHardwareIDs CMS-ATTRIBUTE ::=
      { DigestedData TYPE TargetHardwareIdentifiers IDENTIFIED BY id-digestedData}

   id-digestedData
          id-aa-targetHardwareIDs }

  id-aa-targetHardwareIDs OBJECT IDENTIFIER ::= {
      iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 5 pkcs9(9)
      smime(16) aa(2) 36 }
   ct-EncryptedData CONTENT-TYPE

  TargetHardwareIdentifiers ::= SEQUENCE OF OBJECT IDENTIFIER

  aa-decryptKeyID CMS-ATTRIBUTE ::=
          { EncryptedData TYPE DecryptKeyIdentifier IDENTIFIED BY id-encryptedData}

   id-encryptedData id-aa-decryptKeyID}

  id-aa-decryptKeyID OBJECT IDENTIFIER ::= {
      iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 6 pkcs9(9)
      smime(16) aa(2) 37 }

   ct-AuthenticatedData CONTENT-TYPE

  DecryptKeyIdentifier ::= OCTET STRING

  aa-implCryptoAlgs CMS-ATTRIBUTE ::=
      { AuthenticatedData TYPE ImplementedCryptoAlgorithms IDENTIFIED BY id-ct-authData}

   id-ct-authData
          id-aa-implCryptoAlgs }

  id-aa-implCryptoAlgs OBJECT IDENTIFIER ::= {
      iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) pkcs9(9)
      smime(16) ct(1) 2 }

   -- The CMS Attributes

   MessageDigest ::= OCTET STRING

   SigningTime  ::= Time

   Time ::= CHOICE {
       utcTime UTCTime,
       generalTime GeneralizedTime aa(2) 38 }

   Countersignature

  ImplementedCryptoAlgorithms ::= SignerInfo

   -- Attribute Object Identifiers

   attr-contentType SEQUENCE OF OBJECT IDENTIFIER

  aa-implCompressAlgs CMS-ATTRIBUTE ::=
      { TYPE ContentType ImplementedCompressAlgorithms IDENTIFIED BY id-contentType
          id-aa-implCompressAlgs }

   id-contentType

  id-aa-implCompressAlgs OBJECT IDENTIFIER ::= {
      iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) 3
      smime(16) aa(2) 43 }

   attr-messageDigest

  ImplementedCompressAlgorithms ::= SEQUENCE OF OBJECT IDENTIFIER

  aa-communityIdentifiers CMS-ATTRIBUTE ::=
      { TYPE MessageDigest CommunityIdentifiers IDENTIFIED BY id-messageDigest}

   id-messageDigest
          id-aa-communityIdentifiers }

  id-aa-communityIdentifiers OBJECT IDENTIFIER ::= {
      iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) 4
      smime(16) aa(2) 40 }

   attr-signingTime CMS-ATTRIBUTE

  CommunityIdentifiers ::= SEQUENCE OF CommunityIdentifier

  CommunityIdentifier ::= CHOICE { TYPE SigningTime IDENTIFIED BY id-signingTime
      communityOID OBJECT IDENTIFIER,
      hwModuleList HardwareModules }

   id-signingTime

  HardwareModules ::= SEQUENCE {
      hwType OBJECT IDENTIFIER IDENTIFIER,
      hwSerialEntries SEQUENCE OF HardwareSerialEntry }

  HardwareSerialEntry ::= CHOICE {
      all NULL,
      single OCTET STRING,
      block SEQUENCE { iso(1) member-body(2)
      us(840) rsadsi(113549) pkcs(1) pkcs9(9) 5
      low OCTET STRING,
      high OCTET STRING }

   attr-countersignature }

  aa-firmwarePackageInfo CMS-ATTRIBUTE ::=
      { TYPE Countersignature FirmwarePackageInfo IDENTIFIED BY id-countersignature
          id-aa-firmwarePackageInfo }

   id-countersignature

  id-aa-firmwarePackageInfo OBJECT IDENTIFIER ::= {
      iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) 6 }

   -- Obsolete Extended Certificate syntax from PKCS#6

   ExtendedCertificateOrCertificate ::= CHOICE {
       certificate Certificate,
       extendedCertificate [0] IMPLICIT ExtendedCertificate }

   ExtendedCertificate ::= SEQUENCE {
       extendedCertificateInfo ExtendedCertificateInfo,
       signatureAlgorithm SignatureAlgorithmIdentifier,
       signature Signature }

   ExtendedCertificateInfo ::= SEQUENCE {
       version CMSVersion,
       certificate Certificate,
       attributes UnauthAttributes }

   Signature ::= BIT STRING

   --  Class definitions used in the module

   AlgorithmIdentifier { ALGORITHM:IOSet
      smime(16) aa(2) 42 }
  FirmwarePackageInfo ::= SEQUENCE {
       algorithm  ALGORITHM.&id({IOSet}),
       parameters ALGORITHM.&Type({IOSet}{@algorithm}) OPTIONAL }

   CMS-ATTRIBUTE ::= ATTRIBUTE

   Attribute{ CMS-ATTRIBUTE:AttrList } ::=
      fwPkgType INTEGER OPTIONAL,
      dependencies SEQUENCE {
       attrType           CMS-ATTRIBUTE.
               &id({AttrList}),
       attrValues         SET OF CMS-ATTRIBUTE.
               &Type({AttrList}{@attrType})
      PreferredOrLegacyPackageIdentifier OPTIONAL }

   SupportedAttributes

  -- Firmware Package Unsigned Attributes and Object Identifiers

  aa-wrappedFirmwareKey CMS-ATTRIBUTE ::=
      { ... }

   Attributes { CMS-ATTRIBUTE:AttrList TYPE WrappedFirmwareKey IDENTIFIED BY
          id-aa-wrappedFirmwareKey }

  id-aa-wrappedFirmwareKey OBJECT IDENTIFIER ::=
       SET SIZE (1..MAX) OF Attribute {{ AttrList }}

   END

6.  ASN.1 Module for RFC 4108

  CMSFirmwareWrapper {
      iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) pkcs9(9)
      smime(16) modules(0) cms-firmware-wrap(22) aa(2) 39 }
  DEFINITIONS IMPLICIT TAGS

  WrappedFirmwareKey ::= EnvelopedData

  -- Firmware Package Load Receipt Content Type and Object Identifier

  ct-firmwareLoadReceipt CONTENT-TYPE ::=
  BEGIN

  IMPORTS

  OTHER-NAME
  FROM PKIX1Implicit88
      { iso(1) identified-organization(3) dod(6) internet(1) security(5)
      mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit(19) FirmwarePackageLoadReceipt IDENTIFIED BY
          id-ct-firmwareLoadReceipt }

  EnvelopedData, CONTENT-TYPE, CMS-ATTRIBUTE
  FROM CryptographicMessageSyntax

  id-ct-firmwareLoadReceipt OBJECT IDENTIFIER ::= {
      iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) pkcs9(9)
      smime(16) modules(0) cms-2004(24) };

  FirmwareContentTypes CONTENT-TYPE ::= {
          ct-firmwarePackage | ct-firmwareLoadReceipt |
          ct-firmwareLoadError }

  FirmwareSignedAttrs CMS-ATTRIBUTE ::= {
          aa-firmwarePackageID | aa-targetHardwareIDs |
          aa-decryptKeyID | aa-implCryptoAlgs | aa-implCompressAlgs |
          aa-communityIdentifiers | aa-firmwarePackageInfo ct(1) 17 }

  FirmwareUnsignedAttrs CMS-ATTRIBUTE

  FirmwarePackageLoadReceipt ::= SEQUENCE {
          aa-wrappedFirmwareKey
      version FWReceiptVersion DEFAULT v1,
      hwType OBJECT IDENTIFIER,
      hwSerialNum OCTET STRING,
      fwPkgName PreferredOrLegacyPackageIdentifier,
      trustAnchorKeyID OCTET STRING OPTIONAL,
      decryptKeyID [1] OCTET STRING OPTIONAL }

  FirmwareOtherNames OTHER-NAME

  FWReceiptVersion ::= INTEGER {
          on-hardwareModuleName v1(1) }

  -- Firmware Package Load Error Report Content Type
  -- and Object Identifier

  ct-firmwarePackage

  ct-firmwareLoadError CONTENT-TYPE ::=
      { FirmwarePkgData FirmwarePackageLoadError
          IDENTIFIED BY id-ct-firmwarePackage id-ct-firmwareLoadError }

  id-ct-firmwarePackage

  id-ct-firmwareLoadError OBJECT IDENTIFIER ::= {
      iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
      smime(16) ct(1) 16 18 }

  FirmwarePkgData
  FirmwarePackageLoadError ::= SEQUENCE {
      version FWErrorVersion DEFAULT v1,
      hwType OBJECT IDENTIFIER,
      hwSerialNum OCTET STRING STRING,
      errorCode FirmwarePackageLoadErrorCode,
      vendorErrorCode VendorLoadErrorCode OPTIONAL,
      fwPkgName PreferredOrLegacyPackageIdentifier OPTIONAL,
      config [1] SEQUENCE OF CurrentFWConfig OPTIONAL }

  FWErrorVersion ::= INTEGER { v1(1) }

  CurrentFWConfig ::= SEQUENCE {
      fwPkgType INTEGER OPTIONAL,
      fwPkgName PreferredOrLegacyPackageIdentifier }

  FirmwarePackageLoadErrorCode ::= ENUMERATED {
      decodeFailure                (1),
      badContentInfo               (2),
      badSignedData                (3),
      badEncapContent              (4),
      badCertificate               (5),
      badSignerInfo                (6),
      badSignedAttrs               (7),
      badUnsignedAttrs             (8),
      missingContent               (9),
      noTrustAnchor               (10),
      notAuthorized               (11),
      badDigestAlgorithm          (12),
      badSignatureAlgorithm       (13),
      unsupportedKeySize          (14),
      signatureFailure            (15),
      contentTypeMismatch         (16),
      badEncryptedData            (17),
      unprotectedAttrsPresent     (18),
      badEncryptContent           (19),
      badEncryptAlgorithm         (20),
      missingCiphertext           (21),
      noDecryptKey                (22),
      decryptFailure              (23),
      badCompressAlgorithm        (24),
      missingCompressedContent    (25),
      decompressFailure           (26),
      wrongHardware               (27),
      stalePackage                (28),
      notInCommunity              (29),
      unsupportedPackageType      (30),
      missingDependency           (31),
      wrongDependencyVersion      (32),
      insufficientMemory          (33),
      badFirmware                 (34),
      unsupportedParameters       (35),
      breaksDependency            (36),
      otherError                  (99) }

  VendorLoadErrorCode ::= INTEGER

  -- Firmware Package Signed Attributes and Object Identifiers

  aa-firmwarePackageID CMS-ATTRIBUTE Other Name syntax for Hardware Module Name

  on-hardwareModuleName OTHER-NAME ::=
          { TYPE FirmwarePackageIdentifier HardwareModuleName IDENTIFIED BY
          id-aa-firmwarePackageID id-on-hardwareModuleName }
  id-aa-firmwarePackageID

  id-on-hardwareModuleName OBJECT IDENTIFIER ::= {
      iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
      smime(16) aa(2) 35 identified-organization(3) dod(6) internet(1) security(5)
      mechanisms(5) pkix(7) on(8) 4 }

  FirmwarePackageIdentifier

  HardwareModuleName ::= SEQUENCE {
      name PreferredOrLegacyPackageIdentifier,
      stale PreferredOrLegacyStalePackageIdentifier OPTIONAL }

  PreferredOrLegacyPackageIdentifier ::= CHOICE {
      preferred PreferredPackageIdentifier,
      legacy
      hwType OBJECT IDENTIFIER,
      hwSerialNum OCTET STRING }

  PreferredPackageIdentifier ::= SEQUENCE {
      fwPkgID OBJECT IDENTIFIER,
      verNum INTEGER (0..MAX)

  END

8.  ASN.1 Module for RFC 4998

   ERS {iso(1) identified-organization(3) dod(6) internet(1)
       security(5) mechanisms(5) ltans(11) id-mod(0) id-mod-ers(1)
       id-mod-ers-v1(1) }

  PreferredOrLegacyStalePackageIdentifier
   DEFINITIONS IMPLICIT TAGS ::= CHOICE {
      preferredStaleVerNum INTEGER (0..MAX),
      legacyStaleVersion OCTET STRING
   BEGIN

   IMPORTS

   Attribute{}, AlgorithmIdentifier{}, ATTRIBUTE, ALGORITHM
   FROM PKIX-CommonTypes
       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
       mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon(43) }

  aa-targetHardwareIDs

   ContentInfo, CMS-ATTRIBUTE ::=
      { TYPE TargetHardwareIdentifiers IDENTIFIED BY
          id-aa-targetHardwareIDs }

  id-aa-targetHardwareIDs OBJECT IDENTIFIER ::=
   FROM CryptographicMessageSyntax2004
       { iso(1) member-body(2) us(840) rsadsi(113549)
       pkcs(1) pkcs9(9) pkcs-9(9) smime(16) aa(2) 36 modules(0) cms-2004(24) }

  TargetHardwareIdentifiers ::= SEQUENCE OF ;

   ltans OBJECT IDENTIFIER

  aa-decryptKeyID CMS-ATTRIBUTE ::=
       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
       mechanisms(5) ltans(11) }

   EvidenceRecord ::= SEQUENCE { TYPE DecryptKeyIdentifier IDENTIFIED BY id-aa-decryptKeyID}

  id-aa-decryptKeyID OBJECT IDENTIFIER
       version                   INTEGER { v1(1) } ,
       digestAlgorithms          SEQUENCE OF AlgorithmIdentifier{{...}},
       cryptoInfos               [0] CryptoInfos OPTIONAL,
       encryptionInfo            [1] EncryptionInfo OPTIONAL,
       archiveTimeStampSequence  ArchiveTimeStampSequence
   }

   CryptoInfos ::= SEQUENCE SIZE (1..MAX) OF Attribute{{...}}

   ArchiveTimeStamp ::= SEQUENCE {
      iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
      smime(16) aa(2) 37
      digestAlgorithm [0] AlgorithmIdentifier{{...}} OPTIONAL,
      attributes      [1] Attributes OPTIONAL,
      reducedHashtree [2] SEQUENCE OF PartialHashtree OPTIONAL,
      timeStamp       ContentInfo
   }

  DecryptKeyIdentifier

   PartialHashtree ::= SEQUENCE OF OCTET STRING

  aa-implCryptoAlgs CMS-ATTRIBUTE

   Attributes ::=
      { TYPE ImplementedCryptoAlgorithms IDENTIFIED BY
          id-aa-implCryptoAlgs }

  id-aa-implCryptoAlgs OBJECT IDENTIFIER SET SIZE (1..MAX) OF Attribute{{...}}

   ArchiveTimeStampChain    ::= {
      iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
      smime(16) aa(2) 38 }

  ImplementedCryptoAlgorithms SEQUENCE OF ArchiveTimeStamp

   ArchiveTimeStampSequence ::= SEQUENCE OF OBJECT IDENTIFIER
  aa-implCompressAlgs CMS-ATTRIBUTE ArchiveTimeStampChain

   EncryptionInfo       ::=     SEQUENCE { TYPE ImplementedCompressAlgorithms IDENTIFIED BY
          id-aa-implCompressAlgs
       encryptionInfoType   ENCINFO-TYPE.
                                &id({SupportedEncryptionAlgorithms}),
       encryptionInfoValue  ENCINFO-TYPE.
                                &Type({SupportedEncryptionAlgorithms}
                                    {@encryptionInfoType})
   }

  id-aa-implCompressAlgs OBJECT IDENTIFIER

   ENCINFO-TYPE ::= {
      iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
      smime(16) aa(2) 43 }

  ImplementedCompressAlgorithms TYPE-IDENTIFIER

   SupportedEncryptionAlgorithms ENCINFO-TYPE ::= SEQUENCE OF OBJECT IDENTIFIER

  aa-communityIdentifiers {...}

   er-Internal CMS-ATTRIBUTE ::=
       { TYPE CommunityIdentifiers EvidenceRecord IDENTIFIED BY
          id-aa-communityIdentifiers id-aa-er-internal }

  id-aa-communityIdentifiers

   id-aa-er-internal OBJECT IDENTIFIER ::=
       { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
       smime(16) aa(2) 40 }

  CommunityIdentifiers ::= SEQUENCE OF CommunityIdentifier

  CommunityIdentifier ::= CHOICE {
      communityOID OBJECT IDENTIFIER,
      hwModuleList HardwareModules }

  HardwareModules ::= SEQUENCE {
      hwType OBJECT IDENTIFIER,
      hwSerialEntries SEQUENCE OF HardwareSerialEntry }

  HardwareSerialEntry ::= CHOICE {
      all NULL,
      single OCTET STRING,
      block SEQUENCE {
      low OCTET STRING,
      high OCTET STRING } id-aa(2) 49 }

  aa-firmwarePackageInfo

   er-External CMS-ATTRIBUTE ::=
       { TYPE FirmwarePackageInfo EvidenceRecord IDENTIFIED BY
          id-aa-firmwarePackageInfo id-aa-er-external }

  id-aa-firmwarePackageInfo
   id-aa-er-external OBJECT IDENTIFIER ::=
       { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
       smime(16) aa(2) 42 id-aa(2) 50 }

  FirmwarePackageInfo

   END

9.  ASN.1 Module for RFC 5035

  ExtendedSecurityServices-2006
      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
      smime(16) modules(0) id-mod-ess-2006(30) }
  DEFINITIONS IMPLICIT TAGS ::= SEQUENCE
  BEGIN

  IMPORTS

  Attribute{}, AlgorithmIdentifier{}, ATTRIBUTE, ALGORITHM
  FROM PKIX-CommonTypes
      {
      fwPkgType INTEGER OPTIONAL,
      dependencies SEQUENCE OF
      PreferredOrLegacyPackageIdentifier OPTIONAL iso(1) identified-organization(3) dod(6) internet(1) security(5)
      mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon(43) }

  ContentType, IssuerAndSerialNumber, SubjectKeyIdentifier,
      CMS-ATTRIBUTE, CONTENT-TYPE
  FROM CryptographicMessageSyntax2004
      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
      smime(16) modules(0) cms-2004(24) }

  CertificateSerialNumber
  FROM PKIX1Explicit88
      { iso(1) identified-organization(3) dod(6) internet(1) security(5)
      mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit(18) }

  PolicyInformation, GeneralNames
  FROM PKIX1Implicit88
      { iso(1) identified-organization(3) dod(6) internet(1) security(5)
      mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit(19)};

  EssSignedAttributes CMS-ATTRIBUTE ::= {
      aa-receiptRequest | aa-contentIdentifier | aa-contentHint |
      aa-msgSigDigest | aa-contentReference | aa-securityLabel |
      aa-equivalentLabels | aa-mlExpandHistory | aa-signingCertificate |
      aa-signingCertificateV2 }

  EssContentTypes CONTENT-TYPE ::= { ct-receipt }
  -- Firmware Package Unsigned Attributes and Object Identifiers

  aa-wrappedFirmwareKey Extended Security Services
  -- The construct "SEQUENCE SIZE (1..MAX) OF" appears in several ASN.1
  -- constructs in this module.  A valid ASN.1 SEQUENCE can have zero or
  -- more entries.  The SIZE (1..MAX) construct constrains the SEQUENCE
  -- tp have at least one entry.  MAX indicates the upper bound is
  -- unspecified.  Implementations are free to choose an upper bound
  -- that suits their environment.

  -- Section 2.7

  aa-receiptRequest CMS-ATTRIBUTE ::=
      { TYPE WrappedFirmwareKey ReceiptRequest IDENTIFIED BY
          id-aa-wrappedFirmwareKey id-aa-receiptRequest}

  ReceiptRequest ::= SEQUENCE {
      signedContentIdentifier ContentIdentifier,
      receiptsFrom ReceiptsFrom,
      receiptsTo SEQUENCE SIZE (1..ub-receiptsTo) OF GeneralNames
  }

  id-aa-wrappedFirmwareKey

  ub-receiptsTo INTEGER ::= 16

  id-aa-receiptRequest OBJECT IDENTIFIER ::=
      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) pkcs-9(9)
      smime(16) aa(2) 39 }

  WrappedFirmwareKey ::= EnvelopedData

  -- Firmware Package Load Receipt Content Type and Object Identifier

  ct-firmwareLoadReceipt CONTENT-TYPE id-aa(2) 1}

  aa-contentIdentifier CMS-ATTRIBUTE ::=
      { FirmwarePackageLoadReceipt TYPE ContentIdentifier IDENTIFIED BY
          id-ct-firmwareLoadReceipt }

  id-ct-firmwareLoadReceipt id-aa-contentIdentifier}

  ContentIdentifier ::= OCTET STRING

  id-aa-contentIdentifier OBJECT IDENTIFIER ::= { iso(1) member-body(2)
      us(840) rsadsi(113549) pkcs(1) pkcs9(9) pkcs-9(9) smime(16) ct(1) 17 id-aa(2) 7}

  ct-receipt CONTENT-TYPE ::=
      { Receipt IDENTIFIED BY id-ct-receipt }

  FirmwarePackageLoadReceipt

  ReceiptsFrom ::= SEQUENCE CHOICE {
      version FWReceiptVersion DEFAULT v1,
      hwType OBJECT IDENTIFIER,
      hwSerialNum OCTET STRING,
      fwPkgName PreferredOrLegacyPackageIdentifier,
      trustAnchorKeyID OCTET STRING OPTIONAL,
      decryptKeyID
      allOrFirstTier [0] AllOrFirstTier,
          -- formerly "allOrNone [0]AllOrNone"
      receiptList [1] OCTET STRING OPTIONAL SEQUENCE OF GeneralNames }

  FWReceiptVersion

  AllOrFirstTier ::= INTEGER { v1(1) } -- Firmware Package Load Error Report Content Type Formerly AllOrNone
      allReceipts (0),
      firstTierRecipients (1) }

  -- and Object Identifier

  ct-firmwareLoadError CONTENT-TYPE Section 2.8
  Receipt ::= SEQUENCE { FirmwarePackageLoadError
          IDENTIFIED BY id-ct-firmwareLoadError
      version ESSVersion,
      contentType ContentType,
      signedContentIdentifier ContentIdentifier,
      originatorSignatureValue OCTET STRING }

  id-ct-firmwareLoadError

  id-ct-receipt OBJECT IDENTIFIER ::=
      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) pkcs-9(9)
      smime(16) ct(1) 18 }

  FirmwarePackageLoadError id-ct(1) 1}

  ESSVersion ::= SEQUENCE INTEGER  {
      version FWErrorVersion DEFAULT v1,
      hwType OBJECT IDENTIFIER,
      hwSerialNum OCTET STRING,
      errorCode FirmwarePackageLoadErrorCode,
      vendorErrorCode VendorLoadErrorCode OPTIONAL,
      fwPkgName PreferredOrLegacyPackageIdentifier OPTIONAL,
      config [1] SEQUENCE OF CurrentFWConfig OPTIONAL v1(1) }

  FWErrorVersion

  -- Section 2.9

  aa-contentHint CMS-ATTRIBUTE ::= INTEGER
      { v1(1) TYPE ContentHints IDENTIFIED BY id-aa-contentHint }

  CurrentFWConfig

  ContentHints ::= SEQUENCE {
      fwPkgType INTEGER
      contentDescription UTF8String (SIZE (1..MAX)) OPTIONAL,
      fwPkgName PreferredOrLegacyPackageIdentifier
      contentType ContentType }

  FirmwarePackageLoadErrorCode

  id-aa-contentHint OBJECT IDENTIFIER ::= ENUMERATED
      {
      decodeFailure                (1),
      badContentInfo               (2),
      badSignedData                (3),
      badEncapContent              (4),
      badCertificate               (5),
      badSignerInfo                (6),
      badSignedAttrs               (7),
      badUnsignedAttrs             (8),
      missingContent               (9),
      noTrustAnchor               (10),
      notAuthorized               (11),
      badDigestAlgorithm          (12),
      badSignatureAlgorithm       (13),
      unsupportedKeySize          (14),
      signatureFailure            (15),
      contentTypeMismatch         (16),
      badEncryptedData            (17),
      unprotectedAttrsPresent     (18),
      badEncryptContent           (19),
      badEncryptAlgorithm         (20),
      missingCiphertext           (21),
      noDecryptKey                (22),
      decryptFailure              (23),
      badCompressAlgorithm        (24),
      missingCompressedContent    (25),
      decompressFailure           (26),
      wrongHardware               (27),
      stalePackage                (28),
      notInCommunity              (29),
      unsupportedPackageType      (30),
      missingDependency           (31),
      wrongDependencyVersion      (32),
      insufficientMemory          (33),
      badFirmware                 (34),
      unsupportedParameters       (35),
      breaksDependency            (36),
      otherError                  (99) }
  VendorLoadErrorCode ::= INTEGER iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
      smime(16) id-aa(2) 4}

  -- Other Name syntax for Hardware Module Name

  on-hardwareModuleName OTHER-NAME Section 2.10

  aa-msgSigDigest CMS-ATTRIBUTE ::=
      { HardwareModuleName TYPE MsgSigDigest IDENTIFIED BY id-on-hardwareModuleName id-aa-msgSigDigest }

  id-on-hardwareModuleName

  MsgSigDigest ::= OCTET STRING

  id-aa-msgSigDigest OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5)
      mechanisms(5) pkix(7) on(8) 4 member-body(2)
      us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 5}

  -- Section 2.11

  aa-contentReference CMS-ATTRIBUTE ::=
      { TYPE ContentReference IDENTIFIED BY id-aa-contentReference }

  HardwareModuleName

  ContentReference ::= SEQUENCE {
      hwType OBJECT IDENTIFIER,
      hwSerialNum
      contentType ContentType,
      signedContentIdentifier ContentIdentifier,
      originatorSignatureValue OCTET STRING }

  END

7.  ASN.1 Module for RFC 4998

   ERS {iso(1) identified-organization(3) dod(6) internet(1)
       security(5) mechanisms(5) ltans(11) id-mod(0) id-mod-ers(1)
       id-mod-ers-v1(1) }
   DEFINITIONS IMPLICIT TAGS

  id-aa-contentReference OBJECT IDENTIFIER ::=
   BEGIN

   IMPORTS

   Attribute{}, AlgorithmIdentifier{}, Extensions{}, EXTENSION,
       ATTRIBUTE, ALGORITHM
   FROM PKIX-CommonTypes
       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
       mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon(43) }

   ContentInfo, CMS-ATTRIBUTE
   FROM CryptographicMessageSyntax2004
      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
      smime(16) modules(0) cms-2004(24) id-aa(2) 10 } ;

   ltans OBJECT IDENTIFIER

  -- Section 3.2

  aa-securityLabel CMS-ATTRIBUTE ::=
       {iso(1) identified-organization(3) dod(6) internet(1) security(5)
       mechanisms(5) ltans(11)
      { TYPE ESSSecurityLabel IDENTIFIED BY id-aa-securityLabel }

   EvidenceRecord

  ESSSecurityLabel ::= SEQUENCE {
       version                   INTEGER SET { v1(1) } ,
       digestAlgorithms          SEQUENCE OF AlgorithmIdentifier{{...}},
       cryptoInfos               [0] CryptoInfos
      security-policy-identifier SecurityPolicyIdentifier,
      security-classification SecurityClassification OPTIONAL,
       encryptionInfo            [1] EncryptionInfo
      privacy-mark ESSPrivacyMark OPTIONAL,
       archiveTimeStampSequence  ArchiveTimeStampSequence
      security-categories SecurityCategories OPTIONAL }

   CryptoInfos

  id-aa-securityLabel OBJECT IDENTIFIER ::= SEQUENCE SIZE (1..MAX) OF Attribute{{...}}

   ArchiveTimeStamp
      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
      smime(16) id-aa(2) 2}
  SecurityPolicyIdentifier ::= SEQUENCE OBJECT IDENTIFIER

  SecurityClassification ::= INTEGER {
      digestAlgorithm [0] AlgorithmIdentifier{{...}} OPTIONAL,
      attributes      [1] Attributes OPTIONAL,
      reducedHashtree [2] SEQUENCE OF PartialHashtree OPTIONAL,
      timeStamp       ContentInfo
      unmarked (0),
      unclassified (1),
      restricted (2),
      confidential (3),
      secret (4),
      top-secret (5)
  }

   PartialHashtree (0..ub-integer-options)

  ub-integer-options INTEGER ::= SEQUENCE OF OCTET STRING

   Attributes 256

  ESSPrivacyMark ::= CHOICE {
      pString      PrintableString (SIZE (1..ub-privacy-mark-length)),
      utf8String   UTF8String (SIZE (1..MAX))
  }

  ub-privacy-mark-length INTEGER ::= 128

  SecurityCategories ::=
      SET SIZE (1..MAX) (1..ub-security-categories) OF Attribute{{...}}

   ArchiveTimeStampChain SecurityCategory

  ub-security-categories INTEGER ::= SEQUENCE OF ArchiveTimeStamp

   ArchiveTimeStampSequence 64

  SECURITY-CATEGORY ::= TYPE-IDENTIFIER

  SecurityCategory ::= SEQUENCE OF ArchiveTimeStampChain

   EncryptionInfo {
      type  [0] SECURITY-CATEGORY.
              &id({SupportedSecurityCategories}),
      value [1] SECURITY-CATEGORY.
              &Type({SupportedSecurityCategories}{@type})
  }

  SupportedSecurityCategories SECURITY-CATEGORY ::= { ... }

  --Note: The aforementioned SecurityCategory syntax produces identical
  --hex encodings as the following SecurityCategory syntax that is
  --documented in the X.411 specification:
  --
  --SecurityCategory ::= SEQUENCE {
       encryptionInfoType   ENCINFO-TYPE.
                                &id({SupportedEncryptionAlgorithms}),
       encryptionInfoValue  ENCINFO-TYPE.
                                &Type({SupportedEncryptionAlgorithms}
                                    {@encryptionInfoType})
  --     type  [0]  SECURITY-CATEGORY,
  --     value [1]  ANY DEFINED BY type }

   ENCINFO-TYPE
  --
  --SECURITY-CATEGORY MACRO ::= TYPE-IDENTIFIER

   SupportedEncryptionAlgorithms ENCINFO-TYPE
  --BEGIN
  --TYPE NOTATION ::= {...}

   er-Internal type | empty
  --VALUE NOTATION ::= value (VALUE OBJECT IDENTIFIER)
  --END

  -- Section 3.4

  aa-equivalentLabels CMS-ATTRIBUTE ::=
      { TYPE EvidenceRecord EquivalentLabels IDENTIFIED BY id-aa-er-internal id-aa-equivalentLabels }

   id-aa-er-internal

  EquivalentLabels ::= SEQUENCE OF ESSSecurityLabel

  id-aa-equivalentLabels OBJECT IDENTIFIER ::=
      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) pkcs-9(9)
      smime(16) id-aa(2) 49 }

   er-External 9}

  -- Section 4.4

  aa-mlExpandHistory CMS-ATTRIBUTE ::=
      { TYPE EvidenceRecord MLExpansionHistory IDENTIFIED BY id-aa-er-external id-aa-mlExpandHistory }

   id-aa-er-external

  MLExpansionHistory ::= SEQUENCE
      SIZE (1..ub-ml-expansion-history) OF MLData

  id-aa-mlExpandHistory OBJECT IDENTIFIER ::=
      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
       smime(16) id-aa(2) 50 }
   END

8.  ASN.1 Module for RFC 5035

  ExtendedSecurityServices-2006
      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
      smime(16) modules(0) id-mod-ess-2006(30) id-aa(2) 3 }
  DEFINITIONS IMPLICIT TAGS

  ub-ml-expansion-history INTEGER ::=
  BEGIN

  IMPORTS

  Attribute{}, AlgorithmIdentifier{}, Extensions{}, EXTENSION,
      ATTRIBUTE, ALGORITHM
  FROM PKIX-CommonTypes
      { iso(1) identified-organization(3) dod(6) internet(1) security(5)
      mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon(43) }

  ContentType, IssuerAndSerialNumber, SubjectKeyIdentifier,
      CMS-ATTRIBUTE, CONTENT-TYPE
  FROM CryptographicMessageSyntax2004
      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
      smime(16) modules(0) cms-2004(24) }

  CertificateSerialNumber
  FROM PKIX1Explicit88
      { iso(1) identified-organization(3) dod(6) internet(1) security(5)
      mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit(18) }

  PolicyInformation, GeneralNames
  FROM PKIX1Implicit88
      { iso(1) identified-organization(3) dod(6) internet(1) security(5)
      mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit(19)};

  EssSignedAttributes CMS-ATTRIBUTE 64

  MLData ::= {
      aa-receiptRequest | aa-contentIdentifier | aa-contentHint |
      aa-msgSigDigest | aa-contentReference | aa-securityLabel |
      aa-equivalentLabels | aa-mlExpandHistory | aa-signingCertificate |
      aa-signingCertificateV2 SEQUENCE {
      mailListIdentifier EntityIdentifier,
      expansionTime GeneralizedTime,
      mlReceiptPolicy MLReceiptPolicy OPTIONAL }

  EssContentTypes CONTENT-TYPE
  EntityIdentifier ::= CHOICE { ct-receipt
      issuerAndSerialNumber IssuerAndSerialNumber,
      subjectKeyIdentifier SubjectKeyIdentifier }

  -- Extended Security Services
  -- The construct "SEQUENCE

  MLReceiptPolicy ::= CHOICE {
      none         [0] NULL,
      insteadOf    [1] SEQUENCE SIZE (1..MAX) OF" appears in several ASN.1
  -- constructs in this module.  A valid ASN.1 OF GeneralNames,
      inAdditionTo [2] SEQUENCE can have zero or
  -- more entries.  The SIZE (1..MAX) construct constrains the SEQUENCE
  -- tp have at least one entry.  MAX indicates the upper bound is
  -- unspecified.  Implementations are free to choose an upper bound
  -- that suits their environment. OF GeneralNames }

  -- Section 2.7

  aa-receiptRequest 5.4

  aa-signingCertificate CMS-ATTRIBUTE ::=
      { TYPE ReceiptRequest SigningCertificate IDENTIFIED BY id-aa-receiptRequest}

  ReceiptRequest
          id-aa-signingCertificate }

  SigningCertificate ::=  SEQUENCE {
      signedContentIdentifier ContentIdentifier,
      receiptsFrom ReceiptsFrom,
      receiptsTo
      certs        SEQUENCE SIZE (1..ub-receiptsTo) OF GeneralNames ESSCertID,
      policies     SEQUENCE OF PolicyInformation OPTIONAL
  }

  ub-receiptsTo INTEGER

  id-aa-signingCertificate OBJECT IDENTIFIER ::= 16

  id-aa-receiptRequest
      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
      smime(16) id-aa(2) 12 }

  aa-signingCertificateV2 CMS-ATTRIBUTE ::=
      { TYPE SigningCertificateV2 IDENTIFIED BY
          id-aa-signingCertificateV2 }

  SigningCertificateV2 ::=  SEQUENCE {
      certs        SEQUENCE OF ESSCertIDv2,
      policies     SEQUENCE OF PolicyInformation OPTIONAL
  }

  id-aa-signingCertificateV2 OBJECT IDENTIFIER ::=
      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
      smime(16) id-aa(2) 47 }

  id-sha256  OBJECT IDENTIFIER  ::=
      { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
      csor(3) nistalgorithm(4) hashalgs(2) 1 }

  HashAlgorithm ::= AlgorithmIdentifier{{...}}

  ESSCertIDv2 ::= SEQUENCE {
      hashAlgorithm    HashAlgorithm
                          DEFAULT { algorithm id-sha256 },
      certHash        Hash,
      issuerSerial    IssuerSerial OPTIONAL
  }

  ESSCertID ::=  SEQUENCE {
      certHash        Hash,
      issuerSerial    IssuerSerial OPTIONAL
  }

  Hash ::= OCTET STRING

  IssuerSerial ::= SEQUENCE {
      issuer          GeneralNames,
      serialNumber    CertificateSerialNumber
  }

  END

10.  ASN.1 Module for RFC 5083

   CMS-AuthEnvelopedData-2007
       { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
       pkcs-9(9) smime(16) modules(0) cms-authEnvelopedData(31) }
   DEFINITIONS IMPLICIT TAGS ::=
   BEGIN

   IMPORTS

   AuthAttributes, CMSVersion, EncryptedContentInfo,
       MessageAuthenticationCode, OriginatorInfo, RecipientInfos,
       UnauthAttributes
   FROM CryptographicMessageSyntax2004
       { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
       smime(16) id-aa(2) 1}

  aa-contentIdentifier CMS-ATTRIBUTE ::=
      { TYPE ContentIdentifier IDENTIFIED BY id-aa-contentIdentifier}

  ContentIdentifier ::= OCTET STRING

  id-aa-contentIdentifier modules(0) cms-2004(24) } ;

   id-ct-authEnvelopedData OBJECT IDENTIFIER ::=
       { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
       smime(16) id-aa(2) 7}

  ct-receipt CONTENT-TYPE ::=
      { Receipt IDENTIFIED BY id-ct-receipt }

  ReceiptsFrom ::= CHOICE {
      allOrFirstTier [0] AllOrFirstTier,
          -- formerly "allOrNone [0]AllOrNone"
      receiptList [1] SEQUENCE OF GeneralNames }

  AllOrFirstTier ::= INTEGER { -- Formerly AllOrNone
      allReceipts (0),
      firstTierRecipients (1) ct(1) 23 }

  -- Section 2.8

  Receipt

   AuthEnvelopedData ::= SEQUENCE {
       version ESSVersion,
      contentType ContentType,
      signedContentIdentifier ContentIdentifier,
      originatorSignatureValue OCTET STRING CMSVersion,
       originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
       recipientInfos RecipientInfos,
       authEncryptedContentInfo EncryptedContentInfo,
       authAttrs [1] IMPLICIT AuthAttributes OPTIONAL,
       mac MessageAuthenticationCode,
       unauthAttrs [2] IMPLICIT UnauthAttributes OPTIONAL }

  id-ct-receipt OBJECT IDENTIFIER ::=

   END

11.  ASN.1 Module for RFC 5084

   CMS-AES-CCM-and-AES-GCM
       { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
       pkcs-9(9) smime(16) id-ct(1) 1}

  ESSVersion modules(0) cms-aes-ccm-and-gcm(32) }
   DEFINITIONS IMPLICIT TAGS ::=
   BEGIN

   -- Object Identifiers

   aes OBJECT IDENTIFIER ::= INTEGER { v1(1) joint-iso-itu-t(2) country(16) us(840)
       organization(1) gov(101) csor(3) nistAlgorithm(4) 1 }

  -- Section 2.9

  aa-contentHint CMS-ATTRIBUTE

   id-aes128-CCM OBJECT IDENTIFIER ::= { TYPE ContentHints IDENTIFIED BY id-aa-contentHint aes 7 }

  ContentHints

   id-aes192-CCM OBJECT IDENTIFIER ::= SEQUENCE {
      contentDescription UTF8String (SIZE (1..MAX)) OPTIONAL,
      contentType ContentType aes 27 }

  id-aa-contentHint

   id-aes256-CCM OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
      smime(16) id-aa(2) 4}

  -- Section 2.10

  aa-msgSigDigest CMS-ATTRIBUTE aes 47 }

   id-aes128-GCM OBJECT IDENTIFIER ::= { TYPE MsgSigDigest IDENTIFIED BY id-aa-msgSigDigest aes 6 }

  MsgSigDigest

   id-aes192-GCM OBJECT IDENTIFIER ::= OCTET STRING

  id-aa-msgSigDigest { aes 26 }

   id-aes256-GCM OBJECT IDENTIFIER ::= { iso(1) member-body(2)
      us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 5} aes 46 }

   -- Section 2.11

  aa-contentReference CMS-ATTRIBUTE Parameters for AigorithmIdentifier

   CCMParameters ::= SEQUENCE { TYPE ContentReference IDENTIFIED BY id-aa-contentReference
       aes-nonce         OCTET STRING (SIZE(7..13)),
       aes-ICVlen        AES-CCM-ICVlen DEFAULT 12 }

  ContentReference

   AES-CCM-ICVlen ::= INTEGER (4 | 6 | 8 | 10 | 12 | 14 | 16)

   GCMParameters ::= SEQUENCE {
      contentType ContentType,
      signedContentIdentifier ContentIdentifier,
      originatorSignatureValue
       aes-nonce        OCTET STRING STRING, -- recommended size is 12 octets
       aes-ICVlen       AES-GCM-ICVlen DEFAULT 12 }

  id-aa-contentReference OBJECT IDENTIFIER

   AES-GCM-ICVlen ::= INTEGER (12 | 13 | 14 | 15 | 16)

   END

12.  ASN.1 Module for RFC 5275

  SMIMESymmetricKeyDistribution
      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
      smime(16) id-aa(2) 10 modules(0) symkeydist(12) }

  -- Section 3.2
  aa-securityLabel CMS-ATTRIBUTE
  DEFINITIONS IMPLICIT TAGS ::=
      { TYPE ESSSecurityLabel IDENTIFIED BY id-aa-securityLabel
  BEGIN

  IMPORTS

  Attribute{}, AlgorithmIdentifier{}, Extensions{}, EXTENSION,
      ATTRIBUTE, ALGORITHM
  FROM PKIX-CommonTypes
      {iso(1) identified-organization(3) dod(6) internet(1) security(5)
      mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon(43) }

  ESSSecurityLabel ::= SET

  GeneralName
  FROM PKIX1Implicit88
      {
      security-policy-identifier SecurityPolicyIdentifier,
      security-classification SecurityClassification OPTIONAL,
      privacy-mark ESSPrivacyMark OPTIONAL,
      security-categories SecurityCategories OPTIONAL iso(1) identified-organization(3) dod(6) internet(1) security(5)
      mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit(19) }

  id-aa-securityLabel OBJECT IDENTIFIER ::=

  Certificate
  FROM PKIX1Explicit88
      { iso(1) identified-organization(3) dod(6) internet(1) security(5)
      mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit(18) }

  RecipientInfos, KEKIdentifier,CertificateSet
  FROM CryptographicMessageSyntax2004
      {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
      smime(16) id-aa(2) 2}
  SecurityPolicyIdentifier ::= OBJECT IDENTIFIER

  SecurityClassification ::= INTEGER {
      unmarked (0),
      unclassified (1),
      restricted (2),
      confidential (3),
      secret (4),
      top-secret (5)
  } (0..ub-integer-options)

  ub-integer-options INTEGER ::= 256

  ESSPrivacyMark ::= CHOICE {
      pString      PrintableString (SIZE (1..ub-privacy-mark-length)),
      utf8String   UTF8String (SIZE (1..MAX))
  }

  ub-privacy-mark-length INTEGER ::= 128

  SecurityCategories ::=
      SET SIZE (1..ub-security-categories) OF SecurityCategory

  ub-security-categories INTEGER ::= 64

  SECURITY-CATEGORY ::= TYPE-IDENTIFIER

  SecurityCategory ::= SEQUENCE {
      type  [0] SECURITY-CATEGORY.
              &id({SupportedSecurityCategories}),
      value [1] SECURITY-CATEGORY.
              &Type({SupportedSecurityCategories}{@type})
  }

  SupportedSecurityCategories SECURITY-CATEGORY ::= { ... modules(0) cms-2004(24) }
  --Note: The aforementioned SecurityCategory syntax produces identical
  --hex encodings as the following SecurityCategory syntax that is
  --documented in the X.411 specification:
  --
  --SecurityCategory ::= SEQUENCE

  id-alg-CMS3DESwrap
  FROM CryptographicMessageSyntaxAlgorithms
      {
  --     type  [0]  SECURITY-CATEGORY,
  --     value [1]  ANY DEFINED BY type iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
      smime(16) modules(0) cmsalg-2001(16) }
  --
  --SECURITY-CATEGORY MACRO ::=
  --BEGIN
  --TYPE NOTATION ::= type | empty
  --VALUE NOTATION ::= value (VALUE OBJECT IDENTIFIER)
  --END

  -- Section 3.4

  aa-equivalentLabels CMS-ATTRIBUTE ::=

  AttributeCertificate
  FROM PKIXAttributeCertificate
      { TYPE EquivalentLabels IDENTIFIED BY id-aa-equivalentLabels iso(1) identified-organization(3) dod(6) internet(1) security(5)
      mechanisms(5) pkix(7) id-mod(0) id-mod-attribute-cert(12) }

  EquivalentLabels ::= SEQUENCE OF ESSSecurityLabel

  id-aa-equivalentLabels

  CMC-CONTROL
  FROM EnrollmentMessageSyntax
      { iso(1) identified-organization(3) dod(4) internet(1) security(5)
      mechansims(5) pkix(7) id-mod(0) id-mod-cmc2002(23) };

  -- This defines the GL symmetric key distribution object identifier
  -- arc.

  id-skd OBJECT IDENTIFIER ::=
      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
      smime(16) id-aa(2) 9} skd(8) }
  ControlSet CMC-CONTROL ::= {
      skd-glUseKEK | skd-glDelete | skd-glAddMember |
      skd-glDeleteMember | skd-glRekey | skd-glAddOwner |
      skd-glRemoveOwner | skd-glKeyCompromise |
      skd-glkRefresh | skd-glaQueryRequest | skd-glProvideCert |
      skd-glManageCert | skd-glKey, ... }

  -- Section 4.4

  aa-mlExpandHistory CMS-ATTRIBUTE This defines the GL Use KEK control attribute

  skd-glUseKEK CMC-CONTROL ::=
      { TYPE MLExpansionHistory GLUseKEK IDENTIFIED BY id-aa-mlExpandHistory id-skd-glUseKEK }

  MLExpansionHistory

  id-skd-glUseKEK OBJECT IDENTIFIER ::= { id-skd 1}

  GLUseKEK ::= SEQUENCE {
      glInfo            GLInfo,
      glOwnerInfo       SEQUENCE SIZE (1..ub-ml-expansion-history) (1..MAX) OF MLData

  id-aa-mlExpandHistory OBJECT IDENTIFIER GLOwnerInfo,
      glAdministration  GLAdministration DEFAULT 1,
      glKeyAttributes   GLKeyAttributes OPTIONAL
  }

  GLInfo ::= SEQUENCE { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
      smime(16) id-aa(2) 3
      glName     GeneralName,
      glAddress  GeneralName
  }

  ub-ml-expansion-history INTEGER ::= 64

  MLData

  GLOwnerInfo ::= SEQUENCE {
      mailListIdentifier EntityIdentifier,
      expansionTime GeneralizedTime,
      mlReceiptPolicy MLReceiptPolicy
      glOwnerName     GeneralName,
      glOwnerAddress  GeneralName,
      certificates    Certificates OPTIONAL
  }

  EntityIdentifier

  GLAdministration ::= CHOICE INTEGER {
      issuerAndSerialNumber IssuerAndSerialNumber,
      subjectKeyIdentifier SubjectKeyIdentifier
      unmanaged  (0),
      managed    (1),
      closed     (2)
  }
  MLReceiptPolicy

  KeyWrapAlgorithm ::= CHOICE AlgorithmIdentifier {{...}}

  GLKeyAttributes ::= SEQUENCE {
      none
      rekeyControlledByGLO       [0] NULL,
      insteadOf BOOLEAN DEFAULT FALSE,
      recipientsNotMutuallyAware [1] SEQUENCE SIZE (1..MAX) OF GeneralNames,
      inAdditionTo BOOLEAN DEFAULT TRUE,
      duration                   [2] SEQUENCE SIZE (1..MAX) OF GeneralNames INTEGER DEFAULT 0,
      generationCounter          [3] INTEGER DEFAULT 2,
      requestedAlgorithm         [4] KeyWrapAlgorithm
                         DEFAULT {algorithm id-alg-CMS3DESwrap}
  }
  -- Section 5.4

  aa-signingCertificate CMS-ATTRIBUTE This defines the Delete GL control attribute.
  -- It has the simple type GeneralName.

  skd-glDelete CMC-CONTROL ::=
      { TYPE SigningCertificate DeleteGL IDENTIFIED BY
          id-aa-signingCertificate id-skd-glDelete }

  SigningCertificate

  id-skd-glDelete OBJECT IDENTIFIER ::=  SEQUENCE {
      certs id-skd 2}
  DeleteGL ::= GeneralName

  -- This defines the Add GL Member control attribute

  skd-glAddMember CMC-CONTROL ::=
      { GLAddMember IDENTIFIED BY id-skd-glAddMember }

  id-skd-glAddMember OBJECT IDENTIFIER ::= { id-skd 3}
  GLAddMember ::= SEQUENCE OF ESSCertID,
      policies {
      glName    GeneralName,
      glMember  GLMember
  }

  GLMember ::= SEQUENCE OF PolicyInformation {
      glMemberName     GeneralName,
      glMemberAddress  GeneralName OPTIONAL,
      certificates     Certificates OPTIONAL
  }

  id-aa-signingCertificate OBJECT IDENTIFIER

  Certificates ::= SEQUENCE { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
      smime(16) id-aa(2) 12
      pKC       [0] Certificate OPTIONAL,
                    -- See [PROFILE]
      aC        [1] SEQUENCE SIZE (1.. MAX) OF
                      AttributeCertificate OPTIONAL,
                    -- See [ACPROF]
      certPath  [2] CertificateSet OPTIONAL
                    -- From [CMS]
  }

  aa-signingCertificateV2 CMS-ATTRIBUTE

  -- This defines the Delete GL Member control attribute

  skd-glDeleteMember CMC-CONTROL ::=
      { TYPE SigningCertificateV2 GLDeleteMember IDENTIFIED BY
          id-aa-signingCertificateV2 id-skd-glDeleteMember }

  SigningCertificateV2

  id-skd-glDeleteMember OBJECT IDENTIFIER ::=  SEQUENCE {
      certs        SEQUENCE OF ESSCertIDv2,
      policies id-skd 4}

  GLDeleteMember ::= SEQUENCE OF PolicyInformation OPTIONAL {
      glName            GeneralName,
      glMemberToDelete  GeneralName
  }

  id-aa-signingCertificateV2 OBJECT IDENTIFIER
  -- This defines the Delete GL Member control attribute

  skd-glRekey CMC-CONTROL ::=
      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
      smime(16) id-aa(2) 47 GLRekey IDENTIFIED BY id-skd-glRekey }

  id-sha256

  id-skd-glRekey OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)
      csor(3) nistalgorithm(4) hashalgs(2) 1 }

  HashAlgorithm ::= AlgorithmIdentifier{{...}}

  ESSCertIDv2 id-skd 5}

  GLRekey ::= SEQUENCE {
      hashAlgorithm    HashAlgorithm
                          DEFAULT { algorithm id-sha256 },
      certHash        Hash,
      issuerSerial    IssuerSerial
      glName              GeneralName,
      glAdministration    GLAdministration OPTIONAL,
      glNewKeyAttributes  GLNewKeyAttributes OPTIONAL,
      glRekeyAllGLKeys    BOOLEAN OPTIONAL
  }

  ESSCertID

  GLNewKeyAttributes ::= SEQUENCE {
      certHash        Hash,
      issuerSerial    IssuerSerial
      rekeyControlledByGLO       [0] BOOLEAN OPTIONAL,
      recipientsNotMutuallyAware [1] BOOLEAN OPTIONAL,
      duration                   [2] INTEGER OPTIONAL,
      generationCounter          [3] INTEGER OPTIONAL,
      requestedAlgorithm         [4] AlgorithmIdentifier{{...}}
                                         OPTIONAL
  }

  Hash

  -- This defines the Add and Delete GL Owner control attributes

  skd-glAddOwner CMC-CONTROL ::= OCTET STRING

  IssuerSerial
      { GLOwnerAdministration IDENTIFIED BY id-skd-glAddOwner }

  id-skd-glAddOwner OBJECT IDENTIFIER ::= { id-skd 6}

  skd-glRemoveOwner CMC-CONTROL ::=
      { GLOwnerAdministration IDENTIFIED BY id-skd-glRemoveOwner }

  id-skd-glRemoveOwner OBJECT IDENTIFIER ::= { id-skd 7}

  GLOwnerAdministration ::= SEQUENCE {
      issuer          GeneralNames,
      serialNumber    CertificateSerialNumber
      glName       GeneralName,
      glOwnerInfo  GLOwnerInfo
  }

  END

9.  ASN.1 Module for RFC 5083

   CMS-AuthEnvelopedData-2007

  -- This defines the GL Key Compromise control attribute.
  -- It has the simple type GeneralName.

  skd-glKeyCompromise CMC-CONTROL ::=
      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
       pkcs-9(9) smime(16) modules(0) cms-authEnvelopedData(31) GLKCompromise IDENTIFIED BY id-skd-glKeyCompromise }
   DEFINITIONS IMPLICIT TAGS

  id-skd-glKeyCompromise OBJECT IDENTIFIER ::=
   BEGIN

   IMPORTS

   AuthAttributes, CMSVersion, EncryptedContentInfo,
       MessageAuthenticationCode, OriginatorInfo, RecipientInfos,
       UnauthAttributes
   FROM CryptographicMessageSyntax2004 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
       smime(16) modules(0) cms-2004(24) id-skd 8}
  GLKCompromise ::= GeneralName
  -- This defines the GL Key Refresh control attribute.

  skd-glkRefresh CMC-CONTROL ::=
      { GLKRefresh IDENTIFIED BY id-skd-glkRefresh } ;

   id-ct-authEnvelopedData

  id-skd-glkRefresh OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9)
       smime(16) ct(1) 23 id-skd 9}

  GLKRefresh ::= SEQUENCE {
      glName  GeneralName,
      dates   SEQUENCE SIZE (1..MAX) OF Date
  }

   AuthEnvelopedData

  Date ::= SEQUENCE {
       version CMSVersion,
       originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL,
       recipientInfos RecipientInfos,
       authEncryptedContentInfo EncryptedContentInfo,
       authAttrs [1] IMPLICIT AuthAttributes OPTIONAL,
       mac MessageAuthenticationCode,
       unauthAttrs [2] IMPLICIT UnauthAttributes
      start GeneralizedTime,
      end   GeneralizedTime OPTIONAL
  }

   END

10.  ASN.1 Module for RFC 5084

   CMS-AES-CCM-and-AES-GCM

  -- This defines the GLA Query Request control attribute.

  skd-glaQueryRequest CMC-CONTROL ::=
      { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
       pkcs-9(9) smime(16) modules(0) cms-aes-ccm-and-gcm(32) GLAQueryRequest IDENTIFIED BY id-skd-glaQueryRequest }
   DEFINITIONS IMPLICIT TAGS

  id-skd-glaQueryRequest OBJECT IDENTIFIER ::= { id-skd 11}

  SKD-QUERY ::= TYPE-IDENTIFIER

  SkdQuerySet SKD-QUERY ::=
   BEGIN {...}

  GLAQueryRequest ::= SEQUENCE {
      glaRequestType   SKD-QUERY.&id ({SkdQuerySet}),
      glaRequestValue  SKD-QUERY.
                           &Type ({SkdQuerySet}{@glaRequestType})
  }

  -- Object Identifiers

   aes OBJECT IDENTIFIER This defines the GLA Query Response control attribute.

  skd-glaQueryResponse CMC-CONTROL ::=
      { joint-iso-itu-t(2) country(16) us(840)
       organization(1) gov(101) csor(3) nistAlgorithm(4) 1 GLAQueryResponse IDENTIFIED BY id-skd-glaQueryResponse }

   id-aes128-CCM

  id-skd-glaQueryResponse OBJECT IDENTIFIER ::= { aes 7 }

   id-aes192-CCM id-skd 12}

  SKD-RESPONSE ::= TYPE-IDENTIFIER

  SkdResponseSet SKD-RESPONSE ::= {...}

  GLAQueryResponse ::= SEQUENCE {
      glaResponseType   SKD-RESPONSE.
                            &id({SkdResponseSet}),
      glaResponseValue  SKD-RESPONSE.
                            &Type({SkdResponseSet}{@glaResponseType})}

  -- This defines the GLA Request/Response (glaRR) arc for
  -- glaRequestType/glaResponseType.

  id-cmc-glaRR OBJECT IDENTIFIER ::=
      { aes 27 iso(1) identified-organization(3) dod(6) internet(1) security(5)
      mechanisms(5) pkix(7) cmc(7) glaRR(99) }

   id-aes256-CCM

  -- This defines the Algorithm Request

  id-cmc-gla-skdAlgRequest OBJECT IDENTIFIER ::= { aes 47 id-cmc-glaRR 1 }

   id-aes128-GCM
  SKDAlgRequest ::= NULL

  -- This defines the Algorithm Response

  id-cmc-gla-skdAlgResponse OBJECT IDENTIFIER ::= { aes 6 id-cmc-glaRR 2 }

   id-aes192-GCM

  -- Note that the response for algorithmSupported request is the
  -- smimeCapabilities attribute as defined in MsgSpec [MSG].
  -- This defines the control attribute to request an updated
  -- certificate to the GLA.

  skd-glProvideCert CMC-CONTROL ::=
      { GLManageCert IDENTIFIED BY id-skd-glProvideCert }

  id-skd-glProvideCert OBJECT IDENTIFIER ::= { aes 26 id-skd 13}

  GLManageCert ::= SEQUENCE {
      glName    GeneralName,
      glMember  GLMember
  }

   id-aes256-GCM

  -- This defines the control attribute to return an updated
  -- certificate to the GLA. It has the type GLManageCert.

  skd-glManageCert CMC-CONTROL ::=
      { GLManageCert IDENTIFIED BY id-skd-glManageCert }

  id-skd-glManageCert OBJECT IDENTIFIER ::= { aes 46 } id-skd 14}

  -- Parameters for AigorithmIdentifier

   CCMParameters This defines the control attribute to distribute the GL shared
  -- KEK.

  skd-glKey CMC-CONTROL ::= SEQUENCE
      {
       aes-nonce         OCTET STRING (SIZE(7..13)),
       aes-ICVlen        AES-CCM-ICVlen DEFAULT 12 GLKey IDENTIFIED BY id-skd-glKey }

   AES-CCM-ICVlen
  id-skd-glKey OBJECT IDENTIFIER ::= INTEGER (4 | 6 | 8 | 10 | 12 | 14 | 16)

   GCMParameters { id-skd 15}

  GLKey ::= SEQUENCE {
       aes-nonce        OCTET STRING,
      glName        GeneralName,
      glIdentifier  KEKIdentifier,   -- recommended size is 12 octets
       aes-ICVlen       AES-GCM-ICVlen DEFAULT 12 See [CMS]
      glkWrapped    RecipientInfos,  -- See [CMS]
      glkAlgorithm  AlgorithmIdentifier{{...}},
      glkNotBefore  GeneralizedTime,
      glkNotAfter   GeneralizedTime
  }

   AES-GCM-ICVlen

  -- This defines the CMC error types

  id-cet-skdFailInfo  OBJECT IDENTIFIER ::=
      { iso(1) identified-organization(3) dod(6) internet(1) security(5)
      mechanisms(5) pkix(7) cet(15) skdFailInfo(1) }

  SKDFailInfo ::= INTEGER (12 | 13 | 14 | 15 | 16) {
      unspecified           (0),
      closedGL              (1),
      unsupportedDuration   (2),
      noGLACertificate      (3),
      invalidCert           (4),
      unsupportedAlgorithm  (5),
      noGLONameMatch        (6),
      invalidGLName         (7),
      nameAlreadyInUse      (8),
      noSpam                (9),
      deniedAccess          (10),
      alreadyAMember        (11),
      notAMember            (12),
      alreadyAnOwner        (13),
      notAnOwner            (14) }

  END

11.

13.  Security Considerations

   Even though all the RFCs in this document are security-related, the
   document itself does not have any security considerations.  The ASN.1
   modules keep the same bits-on-the-wire as the modules that they
   replace.

12.

14.  Normative References

   [ASN1-2002]
              ITU-T, "ITU-T Recommendation X.680 Information technology
              [ETH] Abstract Syntax Notation One (ASN.1): Specification
              of basic notation", ITU-T X.680, 2002.

   [NEW-PKIX]
              Hoffman, P. and J. Schaad, "New ASN.1 Modules for PKIX",
              draft-ietf-pkix-new-asn1 (work in progress),
              December 2007.

   [RFC3370]  Housley, R., "Cryptographic Message Syntax (CMS)
              Algorithms", RFC 3370, August 2002.

   [RFC3565]  Schaad, J., "Use of the Advanced Encryption Standard (AES)
              Encryption Algorithm in Cryptographic Message Syntax
              (CMS)", RFC 3565, July 2003.

   [RFC3851]  Ramsdell, B., "Secure/Multipurpose Internet Mail
              Extensions (S/MIME) Version 3.1 Message Specification",
              RFC 3851, July 2004.

   [RFC3852]  Housley, R., "Cryptographic Message Syntax (CMS)",
              RFC 3852, July 2004.

   [RFC4108]  Housley, R., "Using Cryptographic Message Syntax (CMS) to
              Protect Firmware Packages", RFC 4108, August 2005.

   [RFC4998]  Gondrom, T., Brandner, R., and U. Pordesch, "Evidence
              Record Syntax (ERS)", RFC 4998, August 2007.

   [RFC5035]  Schaad, J., "Enhanced Security Services (ESS) Update:
              Adding CertID Algorithm Agility", RFC 5035, August 2007.

   [RFC5083]  Housley, R., "Cryptographic Message Syntax (CMS)
              Authenticated-Enveloped-Data Content Type", RFC 5083,
              November 2007.

   [RFC5084]  Housley, R., "Using AES-CCM and AES-GCM Authenticated
              Encryption in the Cryptographic Message Syntax (CMS)",
              RFC 5084, November 2007.

   [RFC5275]  Turner, S., "CMS Symmetric Key Management and
              Distribution", RFC 5275, June 2008.

Appendix A.  Change History

   [[ This entire section is to be removed upon publication. ]]

A.1.  Changes between draft-hoffman-cms-new-asn1-00 and
      draft-ietf-smime-new-asn1-00

   Changed the draft name.

   Added RFC 3565,

   Added RFC 4998.

   Made RFCs-to-be 5083 and 5084 into RFCs.

   In RFC 3370, a line in the comment staring with "Another way to
   do..." was not commented out when it should have been.

   In RFC 3851, the name of the module from which we are importing was
   wrong, although the OID was right.

   In RFC 3852, added the "...," and "[[v:" ASN.1 idioms to indicate
   which version of CMS added the various extensions.

A.2.  Changes between draft-ietf-smime-new-asn1-00 and -01

   Added RFC 5275.

   Added module for algorithm classes, and modified RFC 3370 and RFC
   3852 to uses the classes defined.

Authors' Addresses

   Paul Hoffman
   VPN Consortium
   127 Segre Place
   Santa Cruz, CA  95060
   US

   Phone: 1-831-426-9827
   Email: paul.hoffman@vpnc.org

   Jim Schaad
   Soaring Hawk Consulting

   Email: jimsch@exmsft.com

Full Copyright Statement

   Copyright (C) The IETF Trust (2007). (2008).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
   THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.

Acknowledgment

   Funding for the RFC Editor function is provided by the IETF
   Administrative Support Activity (IASA).