| < draft-ietf-smime-3278bis-08.txt | draft-ietf-smime-3278bis-09.txt > | |||
|---|---|---|---|---|
| S/MIME WG Sean Turner, IECA | S/MIME WG Sean Turner, IECA | |||
| Internet Draft Dan Brown, Certicom | Internet Draft Dan Brown, Certicom | |||
| Intended Status: Informational May 29, 2009 | Intended Status: Informational June 5, 2009 | |||
| Obsoletes: 3278 (once approved) | Obsoletes: 3278 (once approved) | |||
| Expires: November 29, 2009 | Expires: December 5, 2009 | |||
| Use of Elliptic Curve Cryptography (ECC) Algorithms | Use of Elliptic Curve Cryptography (ECC) Algorithms | |||
| in Cryptographic Message Syntax (CMS) | in Cryptographic Message Syntax (CMS) | |||
| draft-ietf-smime-3278bis-08.txt | draft-ietf-smime-3278bis-09.txt | |||
| Status of this Memo | Status of this Memo | |||
| This Internet-Draft is submitted to IETF in full conformance with the | This Internet-Draft is submitted to IETF in full conformance with the | |||
| provisions of BCP 78 and BCP 79. This document may contain material | provisions of BCP 78 and BCP 79. This document may contain material | |||
| from IETF Documents or IETF Contributions published or made publicly | from IETF Documents or IETF Contributions published or made publicly | |||
| available before November 10, 2008. The person(s) controlling the | available before November 10, 2008. The person(s) controlling the | |||
| copyright in some of this material may not have granted the IETF | copyright in some of this material may not have granted the IETF | |||
| Trust the right to allow modifications of such material outside the | Trust the right to allow modifications of such material outside the | |||
| IETF Standards Process. Without obtaining an adequate license from | IETF Standards Process. Without obtaining an adequate license from | |||
| skipping to change at page 1, line 42 ¶ | skipping to change at page 2, line 4 ¶ | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/ietf/1id-abstracts.txt | http://www.ietf.org/ietf/1id-abstracts.txt | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html | http://www.ietf.org/shadow.html | |||
| This Internet-Draft will expire on December 5, 2009. | ||||
| This Internet-Draft will expire on November 29, 2009. | ||||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2009 IETF Trust and the persons identified as the | Copyright (c) 2009 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents in effect on the date of | Provisions Relating to IETF Documents in effect on the date of | |||
| publication of this document (http://trustee.ietf.org/license-info). | publication of this document (http://trustee.ietf.org/license-info). | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| skipping to change at page 2, line 43 ¶ | skipping to change at page 2, line 44 ¶ | |||
| single word subscribe in the body of the message. There is a Web site | single word subscribe in the body of the message. There is a Web site | |||
| for the mailing list at <http://www.imc.org/ietf-smime/>. | for the mailing list at <http://www.imc.org/ietf-smime/>. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction...................................................3 | 1. Introduction...................................................3 | |||
| 1.1. Requirements Terminology..................................4 | 1.1. Requirements Terminology..................................4 | |||
| 2. SignedData using ECC...........................................4 | 2. SignedData using ECC...........................................4 | |||
| 2.1. SignedData using ECDSA....................................4 | 2.1. SignedData using ECDSA....................................4 | |||
| 3. EnvelopedData using ECC Algorithms.............................5 | 3. EnvelopedData using ECC Algorithms.............................5 | |||
| 3.1. EnvelopedData using (ephemeral-static) ECDH...............5 | 3.1. EnvelopedData using (ephemeral-static) ECDH...............6 | |||
| 3.2. EnvelopedData using 1-Pass ECMQV..........................8 | 3.2. EnvelopedData using 1-Pass ECMQV..........................8 | |||
| 4. AuthenticatedData and AuthEnvelopedData using ECC.............10 | 4. AuthenticatedData and AuthEnvelopedData using ECC.............11 | |||
| 4.1. AuthenticatedData using 1-pass ECMQV.....................11 | 4.1. AuthenticatedData using 1-pass ECMQV.....................11 | |||
| 4.2. AuthEnvelopedData using 1-pass ECMQV.....................12 | 4.2. AuthEnvelopedData using 1-pass ECMQV.....................12 | |||
| 5. Certificates using ECC........................................13 | 5. Certificates using ECC........................................13 | |||
| 6. SMIMECapabilities Attribute and ECC...........................13 | 6. SMIMECapabilities Attribute and ECC...........................13 | |||
| 7. ASN.1 Syntax..................................................21 | 7. ASN.1 Syntax..................................................21 | |||
| 7.1. Algorithm Identifiers....................................21 | 7.1. Algorithm Identifiers....................................21 | |||
| 7.2. Other Syntax.............................................24 | 7.2. Other Syntax.............................................25 | |||
| 8. Recommended Algorithms and Elliptic Curves....................26 | 8. Recommended Algorithms and Elliptic Curves....................27 | |||
| 9. Security Considerations.......................................28 | 9. Security Considerations.......................................29 | |||
| 10. IANA Considerations..........................................33 | 10. IANA Considerations..........................................34 | |||
| 11. References...................................................33 | 11. References...................................................34 | |||
| 11.1. Normative...............................................33 | 11.1. Normative...............................................34 | |||
| 11.2. Informative.............................................35 | 11.2. Informative.............................................36 | |||
| Appendix A ASN.1 Modules.........................................36 | Appendix A ASN.1 Modules.........................................37 | |||
| Appendix A.1 1988 ASN.1 Module................................36 | Appendix A.1 1988 ASN.1 Module................................37 | |||
| Appendix A.2 2004 ASN.1 Module................................43 | Appendix A.2 2004 ASN.1 Module................................46 | |||
| Appendix B Changes since RFC 3278................................57 | Appendix B Changes since RFC 3278................................61 | |||
| Acknowledgements.................................................59 | Acknowledgements.................................................63 | |||
| Author's Addresses...............................................59 | Author's Addresses...............................................63 | |||
| 1. Introduction | 1. Introduction | |||
| The Cryptographic Message Syntax (CMS) is cryptographic algorithm | The Cryptographic Message Syntax (CMS) is cryptographic algorithm | |||
| independent. This specification defines a profile for the use of | independent. This specification defines a profile for the use of | |||
| Elliptic Curve Cryptography (ECC) public key algorithms in the CMS. | Elliptic Curve Cryptography (ECC) public key algorithms in the CMS. | |||
| The ECC algorithms are incorporated into the following CMS content | The ECC algorithms are incorporated into the following CMS content | |||
| types: | types: | |||
| - 'SignedData' to support ECC-based digital signature methods | - 'SignedData' to support ECC-based digital signature methods | |||
| skipping to change at page 29, line 26 ¶ | skipping to change at page 30, line 26 ¶ | |||
| AuthEnvelopedData, there are five algorithm related choices that need | AuthEnvelopedData, there are five algorithm related choices that need | |||
| to be made: | to be made: | |||
| 1) What is the public key size? | 1) What is the public key size? | |||
| 2) What is the KDF? | 2) What is the KDF? | |||
| 3) What is the key wrap algorithm? | 3) What is the key wrap algorithm? | |||
| 4) What is the content encryption algorithm? | 4) What is the content encryption algorithm? | |||
| 5) What is the curve? | 5) What is the curve? | |||
| Consideration must be given to the strength of the security provided | Consideration must be given to the strength of the security provided | |||
| by each of these choices. Security is measured in bits, where a | by each of these choices. Security algorithm strength is measured in | |||
| strong symmetric cipher with a key of X bits is said to provide X | bits, where bits is measured in equivalence to a symmetric cipher | |||
| bits of security. It is recommended that the bits of security | algorithm. Thus a strong symmetric cipher algorithm with a key of X | |||
| provided by each are roughly equivalent. The following table provides | bits is said to provide X bits of security. For other algorithms, the | |||
| comparable minimum bits of security [SP800-57] for the ECDH/ECMQV key | key size is mapped to an equivalent symmetric cipher strength. It is | |||
| sizes, KDFs, key wrapping algorithms, and content encryption | recommended that the bits of security provided by each are roughly | |||
| algorithms. It also lists curves [PKI-ALG] for the key sizes. | equivalent. The following table provides comparable minimum bits of | |||
| security [SP800-57] for the ECDH/ECMQV key sizes, KDFs, key wrapping | ||||
| algorithms, and content encryption algorithms. It also lists curves | ||||
| [PKI-ALG] for the key sizes. | ||||
| Minimum | ECDH or | Key | Key | Content | Curves | Minimum | ECDH or | Key | Key | Content | Curves | |||
| Bits of | ECQMV | Derivation | Wrap | Encryption | | Bits of | ECQMV | Derivation | Wrap | Encryption | | |||
| Security | Key Size | Function | Alg. | Alg. | | Security | Key Size | Function | Alg. | Alg. | | |||
| ---------+----------+------------+----------+-------------+---------- | ---------+----------+------------+----------+-------------+---------- | |||
| 80 | 160-223 | SHA-1 | 3DES | 3DES CBC | sect163k1 | 80 | 160-223 | SHA-1 | 3DES | 3DES CBC | sect163k1 | |||
| | | SHA-224 | AES-128 | AES-128 CBC | secp163r2 | | | SHA-224 | AES-128 | AES-128 CBC | secp163r2 | |||
| | | SHA-256 | AES-192 | AES-192 CBC | secp192r1 | | | SHA-256 | AES-192 | AES-192 CBC | secp192r1 | |||
| | | SHA-384 | AES-256 | AES-256 CBC | | | | SHA-384 | AES-256 | AES-256 CBC | | |||
| | | SHA-512 | | | | | | SHA-512 | | | | |||
| skipping to change at page 35, line 38 ¶ | skipping to change at page 36, line 42 ¶ | |||
| [K] B. Kaliski, "MQV Vulnerability", Posting to ANSI X9F1 | [K] B. Kaliski, "MQV Vulnerability", Posting to ANSI X9F1 | |||
| and IEEE P1363 newsgroups, 1998. | and IEEE P1363 newsgroups, 1998. | |||
| [PKI-ASN] Hoffman, P., and J. Schaad, "New ASN.1 Modules for | [PKI-ASN] Hoffman, P., and J. Schaad, "New ASN.1 Modules for | |||
| PKIX", draft-ietf-pkix-new-asn1, work-in-progress. | PKIX", draft-ietf-pkix-new-asn1, work-in-progress. | |||
| [SP800-57] National Institute of Standards and Technology | [SP800-57] National Institute of Standards and Technology | |||
| (NIST), Special Publication 800-57: Recommendation | (NIST), Special Publication 800-57: Recommendation | |||
| for Key Management - Part 1 (Revised), March 2007. | for Key Management - Part 1 (Revised), March 2007. | |||
| [X.680] ITU-T Recommendation X.680 (2002) | ISO/IEC 8824- | ||||
| 1:2002. Information Technology - Abstract Syntax | ||||
| Notation One. | ||||
| [X.681] ITU-T Recommendation X.681 (2002) | ISO/IEC 8824- | [X.681] ITU-T Recommendation X.681 (2002) | ISO/IEC 8824- | |||
| 2:2002. Information Technology - Abstract Syntax | 2:2002. Information Technology - Abstract Syntax | |||
| Notation One: Information Object Specification. | Notation One: Information Object Specification. | |||
| [X.682] ITU-T Recommendation X.682 (2002) | ISO/IEC 8824- | [X.682] ITU-T Recommendation X.682 (2002) | ISO/IEC 8824- | |||
| 3:2002. Information Technology - Abstract Syntax | 3:2002. Information Technology - Abstract Syntax | |||
| Notation One: Constraint Specification. | Notation One: Constraint Specification. | |||
| [X.683] ITU-T Recommendation X.683 (2002) | ISO/IEC 8824- | [X.683] ITU-T Recommendation X.683 (2002) | ISO/IEC 8824- | |||
| 4:2002. Information Technology - Abstract Syntax | 4:2002. Information Technology - Abstract Syntax | |||
| skipping to change at page 36, line 29 ¶ | skipping to change at page 37, line 29 ¶ | |||
| 2002 ASN.1. This appendix contains the same information as Appendix | 2002 ASN.1. This appendix contains the same information as Appendix | |||
| A.1 in a more recent (and precise) ASN.1 notation, however Appendix | A.1 in a more recent (and precise) ASN.1 notation, however Appendix | |||
| A.1 takes precedence in case of conflict. | A.1 takes precedence in case of conflict. | |||
| NOTE: The values for the TBAs will be included during AUTH48. | NOTE: The values for the TBAs will be included during AUTH48. | |||
| //** RFC Editor: Remove this note prior to publication **// | //** RFC Editor: Remove this note prior to publication **// | |||
| Appendix A.1 1988 ASN.1 Module | Appendix A.1 1988 ASN.1 Module | |||
| SMIMEECCAlgs-1988 | CMSECCAlgs-2009-88 | |||
| { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | |||
| smime(16) modules(0) TBA1 } | smime(16) modules(0) id-mod-cms-ecc-alg-2009-88(45) } | |||
| DEFINITIONS IMPLICIT TAGS ::= | DEFINITIONS IMPLICIT TAGS ::= | |||
| BEGIN | BEGIN | |||
| -- | ||||
| -- Copyright (c) 2009 IETF Trust and the persons identified as | ||||
| -- authors of the code. All rights reserved. | ||||
| -- | ||||
| -- Redistribution and use in source and binary forms, with or | ||||
| -- without modification, are permitted provided that the following | ||||
| -- conditions are met: | ||||
| -- | ||||
| -- - Redistributions of source code must retain the above copyright | ||||
| -- notice, this list of conditions and the following disclaimer. | ||||
| -- | ||||
| -- - Redistributions in binary form must reproduce the above | ||||
| -- copyright notice, this list of conditions and the following | ||||
| -- disclaimer in the documentation and/or other materials provided | ||||
| -- with the distribution. | ||||
| -- | ||||
| -- - Neither the name of Internet Society, IETF or IETF Trust, nor | ||||
| -- the names of specific contributors, may be used to endorse or | ||||
| -- promote products derived from this software without specific | ||||
| -- prior written permission. | ||||
| -- | ||||
| -- | ||||
| -- | ||||
| -- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND | ||||
| -- CONTRIBUTORS 'AS IS' AND ANY EXPRESS OR IMPLIED WARRANTIES, | ||||
| -- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF | ||||
| -- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | ||||
| -- DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR | ||||
| -- CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||||
| -- SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT | ||||
| -- LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS | ||||
| -- OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER | ||||
| -- CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||||
| -- STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||||
| -- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF | ||||
| -- ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||||
| -- | ||||
| -- This version of the ASN.1 module is part of RFC XXXX; | ||||
| -- see the RFC itself for full legal notices. | ||||
| -- | ||||
| -- EXPORTS ALL | -- EXPORTS ALL | |||
| IMPORTS | IMPORTS | |||
| -- From [PKI] | -- From [PKI] | |||
| AlgorithmIdentifier | AlgorithmIdentifier | |||
| FROM PKIX1Explicit88 | FROM PKIX1Explicit88 | |||
| { iso(1) identified-organization(3) dod(6) | { iso(1) identified-organization(3) dod(6) | |||
| internet(1) security(5) mechanisms(5) pkix(7) mod(0) | internet(1) security(5) mechanisms(5) pkix(7) mod(0) | |||
| skipping to change at page 38, line 8 ¶ | skipping to change at page 40, line 16 ¶ | |||
| id-aes128-CCM, id-aes192-CCM, id-aes256-CCM, CCMParameters | id-aes128-CCM, id-aes192-CCM, id-aes256-CCM, CCMParameters | |||
| id-aes128-GCM, id-aes192-GCM, id-aes256-GCM, GCMParameters | id-aes128-GCM, id-aes192-GCM, id-aes256-GCM, GCMParameters | |||
| FROM CMS-AES-CCM-and-AES-GCM | FROM CMS-AES-CCM-and-AES-GCM | |||
| { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | |||
| smime(16) modules(0) id-mod-cms-aes(32) } | smime(16) modules(0) id-mod-cms-aes(32) } | |||
| ; | ; | |||
| -- | -- | |||
| -- Message Digest Algorithms | -- Message Digest Algorithms: Imported from [PKI-ALG] and [RSAOAEP] | |||
| -- | -- | |||
| -- id-sha1 Parameters are preferred absent | -- id-sha1 Parameters are preferred absent | |||
| -- id-sha224 Parameters are preferred absent | -- id-sha224 Parameters are preferred absent | |||
| -- id-sha256 Parameters are preferred absent | -- id-sha256 Parameters are preferred absent | |||
| -- id-sha384 Parameters are preferred absent | -- id-sha384 Parameters are preferred absent | |||
| -- id-sha512 Parameters are preferred absent | -- id-sha512 Parameters are preferred absent | |||
| -- | -- | |||
| -- Signature Algorithms | -- Signature Algorithms: Imported from [PKI-ALG] | |||
| -- | -- | |||
| -- ecdsa-with-SHA1 Parameters are NULL | -- ecdsa-with-SHA1 Parameters are NULL | |||
| -- ecdsa-with-SHA224 Parameters are absent | -- ecdsa-with-SHA224 Parameters are absent | |||
| -- ecdsa-with-SHA256 Parameters are absent | -- ecdsa-with-SHA256 Parameters are absent | |||
| -- ecdsa-with-SHA384 Parameters are absent | -- ecdsa-with-SHA384 Parameters are absent | |||
| -- ecdsa-with-SHA512 Parameters are absent | -- ecdsa-with-SHA512 Parameters are absent | |||
| -- ECDSA Signature Value | -- ECDSA Signature Value | |||
| -- Contents of SignatureValue OCTET STRING | -- Contents of SignatureValue OCTET STRING | |||
| skipping to change at page 40, line 18 ¶ | skipping to change at page 42, line 25 ¶ | |||
| mqvSinglePass-sha256kdf-scheme OBJECT IDENTIFIER ::= { | mqvSinglePass-sha256kdf-scheme OBJECT IDENTIFIER ::= { | |||
| secg-scheme 15 1 } | secg-scheme 15 1 } | |||
| mqvSinglePass-sha384kdf-scheme OBJECT IDENTIFIER ::= { | mqvSinglePass-sha384kdf-scheme OBJECT IDENTIFIER ::= { | |||
| secg-scheme 15 2 } | secg-scheme 15 2 } | |||
| mqvSinglePass-sha512kdf-scheme OBJECT IDENTIFIER ::= { | mqvSinglePass-sha512kdf-scheme OBJECT IDENTIFIER ::= { | |||
| secg-scheme 15 3 } | secg-scheme 15 3 } | |||
| -- | -- | |||
| -- Key Wrap Algorithms | -- Key Wrap Algorithms: Imported from [CMS-ALG] and [CMS-AES] | |||
| -- | -- | |||
| KeyWrapAlgorithm ::= AlgorithmIdentifier | KeyWrapAlgorithm ::= AlgorithmIdentifier | |||
| -- id-alg-CMS3DESwrap Parameters are NULL | -- id-alg-CMS3DESwrap Parameters are NULL | |||
| -- id-aes128-wrap Parameters are absent | -- id-aes128-wrap Parameters are absent | |||
| -- id-aes192-wrap Parameters are absent | -- id-aes192-wrap Parameters are absent | |||
| -- id-aes256-wrap Parameters are absent | -- id-aes256-wrap Parameters are absent | |||
| -- | -- | |||
| -- Content Encryption Algorithms | -- Content Encryption Algorithms: Imported from [CMS-ALG] | |||
| -- and [CMS-AES] | ||||
| -- | -- | |||
| -- des-ede3-cbc Parameters are CBCParameter | -- des-ede3-cbc Parameters are CBCParameter | |||
| -- id-aes128-CBC Parameters are AES-IV | -- id-aes128-CBC Parameters are AES-IV | |||
| -- id-aes192-CBC Parameters are AES-IV | -- id-aes192-CBC Parameters are AES-IV | |||
| -- id-aes256-CBC Parameters are AES-IV | -- id-aes256-CBC Parameters are AES-IV | |||
| -- id-aes128-CCM Parameters are CCMParameters | -- id-aes128-CCM Parameters are CCMParameters | |||
| -- id-aes192-CCM Parameters are CCMParameters | -- id-aes192-CCM Parameters are CCMParameters | |||
| -- id-aes256-CCM Parameters are CCMParameters | -- id-aes256-CCM Parameters are CCMParameters | |||
| -- id-aes128-GCM Parameters are GCMParameters | -- id-aes128-GCM Parameters are GCMParameters | |||
| skipping to change at page 40, line 42 ¶ | skipping to change at page 43, line 4 ¶ | |||
| -- des-ede3-cbc Parameters are CBCParameter | -- des-ede3-cbc Parameters are CBCParameter | |||
| -- id-aes128-CBC Parameters are AES-IV | -- id-aes128-CBC Parameters are AES-IV | |||
| -- id-aes192-CBC Parameters are AES-IV | -- id-aes192-CBC Parameters are AES-IV | |||
| -- id-aes256-CBC Parameters are AES-IV | -- id-aes256-CBC Parameters are AES-IV | |||
| -- id-aes128-CCM Parameters are CCMParameters | -- id-aes128-CCM Parameters are CCMParameters | |||
| -- id-aes192-CCM Parameters are CCMParameters | -- id-aes192-CCM Parameters are CCMParameters | |||
| -- id-aes256-CCM Parameters are CCMParameters | -- id-aes256-CCM Parameters are CCMParameters | |||
| -- id-aes128-GCM Parameters are GCMParameters | -- id-aes128-GCM Parameters are GCMParameters | |||
| -- id-aes192-GCM Parameters are GCMParameters | -- id-aes192-GCM Parameters are GCMParameters | |||
| -- id-aes256-GCM Parameters are GCMParameters | -- id-aes256-GCM Parameters are GCMParameters | |||
| -- | -- | |||
| -- Message Authentication Code Algorithms | -- Message Authentication Code Algorithms | |||
| -- | -- | |||
| -- hMAC-SHA1 Parameters are preferred absent | -- hMAC-SHA1 Parameters are preferred absent | |||
| -- HMAC with SHA-224, SHA-256, SHA_384, and SHA-512 Parameters are | -- HMAC with SHA-224, SHA-256, SHA_384, and SHA-512 Parameters are | |||
| -- absent | -- absent | |||
| id-hmacWithSHA224 OBJECT IDENTIFIER ::= { | id-hmacWithSHA224 OBJECT IDENTIFIER ::= { | |||
| iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 8 } | iso(1) member-body(2) us(840) rsadsi(113549) | |||
| digestAlgorithm(2) 8 } | ||||
| id-hmacWithSHA256 OBJECT IDENTIFIER ::= { | id-hmacWithSHA256 OBJECT IDENTIFIER ::= { | |||
| iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 9 } | iso(1) member-body(2) us(840) rsadsi(113549) | |||
| digestAlgorithm(2) 9 } | ||||
| id-hmacWithSHA384 OBJECT IDENTIFIER ::= { | id-hmacWithSHA384 OBJECT IDENTIFIER ::= { | |||
| iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 10 | iso(1) member-body(2) us(840) rsadsi(113549) | |||
| } | digestAlgorithm(2) 10 } | |||
| id-hmacWithSHA512 OBJECT IDENTIFIER ::= { | id-hmacWithSHA512 OBJECT IDENTIFIER ::= { | |||
| iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 11 | iso(1) member-body(2) us(840) rsadsi(113549) | |||
| } | digestAlgorithm(2) 11 } | |||
| -- | -- | |||
| -- Originator Public Key Algorithms | -- Originator Public Key Algorithms: Imported from [PKI-ALG] | |||
| -- | -- | |||
| -- id-ecPublicKey Parameters are absent, NULL, or ECParameters | -- id-ecPublicKey Parameters are absent, NULL, or ECParameters | |||
| -- Format for both ephemeral and static public keys | -- Format for both ephemeral and static public keys: Imported from | |||
| -- [PKI-ALG] | ||||
| -- ECPoint ::= OCTET STRING | -- ECPoint ::= OCTET STRING | |||
| -- ECParameters ::= CHOICE { | -- ECParameters ::= CHOICE { | |||
| -- namedCurve OBJECT IDENTIFIER | -- namedCurve OBJECT IDENTIFIER | |||
| -- commented out in [PKI-ALG] implicitCurve NULL | -- commented out in [PKI-ALG] implicitCurve NULL | |||
| -- commented out in [PKI-ALG] specifiedCurve SpecifiedECDomain | -- commented out in [PKI-ALG] specifiedCurve SpecifiedECDomain | |||
| -- commented out in [PKI-ALG] Extensible | -- commented out in [PKI-ALG] ... | |||
| -- } | -- } | |||
| -- implicitCurve and specifiedCurve MUST NOT be used in PKIX. | -- implicitCurve and specifiedCurve MUST NOT be used in PKIX. | |||
| -- Details for SpecifiedECDomain can be found in [X9.62]. | -- Details for SpecifiedECDomain can be found in [X9.62]. | |||
| -- Any future additions to this CHOICE should be coordinated | -- Any future additions to this CHOICE should be coordinated | |||
| -- with ANSI X9. | -- with ANSI X9. | |||
| -- Format of KeyAgreeRecipientInfo ukm field when used with | -- Format of KeyAgreeRecipientInfo ukm field when used with | |||
| -- ECMQV | -- ECMQV | |||
| MQVuserKeyingMaterial ::= SEQUENCE { | MQVuserKeyingMaterial ::= SEQUENCE { | |||
| skipping to change at page 43, line 17 ¶ | skipping to change at page 46, line 4 ¶ | |||
| -- | -- | |||
| -- S/MIME Capabilities: ECMQV, Single Pass, Standard | -- S/MIME Capabilities: ECMQV, Single Pass, Standard | |||
| -- | -- | |||
| -- mqvSinglePass-sha1kdf Type is the KeyWrapAlgorithm | -- mqvSinglePass-sha1kdf Type is the KeyWrapAlgorithm | |||
| -- mqvSinglePass-sha224kdf Type is the KeyWrapAlgorithm | -- mqvSinglePass-sha224kdf Type is the KeyWrapAlgorithm | |||
| -- mqvSinglePass-sha256kdf Type is the KeyWrapAlgorithm | -- mqvSinglePass-sha256kdf Type is the KeyWrapAlgorithm | |||
| -- mqvSinglePass-sha384kdf Type is the KeyWrapAlgorithm | -- mqvSinglePass-sha384kdf Type is the KeyWrapAlgorithm | |||
| -- mqvSinglePass-sha512kdf Type is the KeyWrapAlgorithm | -- mqvSinglePass-sha512kdf Type is the KeyWrapAlgorithm | |||
| -- | -- | |||
| -- S/MIME Capabilities: Message Authentication Code Algorithms | -- S/MIME Capabilities: Message Authentication Code Algorithms | |||
| -- | -- | |||
| -- hMACSHA1 Type is preferred absent | -- hMACSHA1 Type is preferred absent | |||
| -- id-hmacWithSHA224 Type is absent | -- id-hmacWithSHA224 Type is absent | |||
| -- if-hmacWithSHA256 Type is absent | -- if-hmacWithSHA256 Type is absent | |||
| -- id-hmacWithSHA384 Type is absent | -- id-hmacWithSHA384 Type is absent | |||
| -- id-hmacWithSHA512 Type is absent | -- id-hmacWithSHA512 Type is absent | |||
| END | END | |||
| Appendix A.2 2004 ASN.1 Module | Appendix A.2 2004 ASN.1 Module | |||
| SMIMEECCAlgs-2008 | CMSECCAlgs-2009-02 | |||
| { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | |||
| smime(16) modules(0) TBA2 } | smime(16) modules(0) id-mod-cms-ecc-alg-2009-02(46) } | |||
| DEFINITIONS IMPLICIT TAGS ::= | DEFINITIONS IMPLICIT TAGS ::= | |||
| BEGIN | BEGIN | |||
| -- | ||||
| -- Copyright (c) 2009 IETF Trust and the persons identified as | ||||
| -- authors of the code. All rights reserved. | ||||
| -- | ||||
| -- Redistribution and use in source and binary forms, with or | ||||
| -- without modification, are permitted provided that the following | ||||
| -- conditions are met: | ||||
| -- | ||||
| -- - Redistributions of source code must retain the above copyright | ||||
| -- notice, this list of conditions and the following disclaimer. | ||||
| -- | ||||
| -- - Redistributions in binary form must reproduce the above | ||||
| -- copyright notice, this list of conditions and the following | ||||
| -- disclaimer in the documentation and/or other materials provided | ||||
| -- with the distribution. | ||||
| -- | ||||
| -- - Neither the name of Internet Society, IETF or IETF Trust, nor | ||||
| -- the names of specific contributors, may be used to endorse or | ||||
| -- promote products derived from this software without specific | ||||
| -- prior written permission. | ||||
| -- | ||||
| -- | ||||
| -- | ||||
| -- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND | ||||
| -- CONTRIBUTORS 'AS IS' AND ANY EXPRESS OR IMPLIED WARRANTIES, | ||||
| -- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF | ||||
| -- MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | ||||
| -- DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR | ||||
| -- CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||||
| -- SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT | ||||
| -- LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS | ||||
| -- OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER | ||||
| -- CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||||
| -- STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||||
| -- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF | ||||
| -- ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||||
| -- | ||||
| -- This version of the ASN.1 module is part of RFC XXXX; | ||||
| -- see the RFC itself for full legal notices. | ||||
| -- | ||||
| -- EXPORTS ALL | -- EXPORTS ALL | |||
| IMPORTS | IMPORTS | |||
| -- From [PKI-ASN] | -- From [PKI-ASN] | |||
| mda-sha1, sa-ecdsaWithSHA1, sa-ecdsaWithSHA224, sa-ecdsaWithSHA256, | mda-sha1, sa-ecdsaWithSHA1, sa-ecdsaWithSHA224, sa-ecdsaWithSHA256, | |||
| sa-ecdsaWithSHA384, sa-ecdsaWithSHA512, id-ecPublicKey, | sa-ecdsaWithSHA384, sa-ecdsaWithSHA512, id-ecPublicKey, | |||
| ECDSA-Sig-Value, ECPoint, ECParameters | ECDSA-Sig-Value, ECPoint, ECParameters | |||
| FROM PKIXAlgs-2009 | FROM PKIXAlgs-2009 | |||
| { iso(1) identified-organization(3) dod(6) internet(1) | { iso(1) identified-organization(3) dod(6) internet(1) | |||
| security(5) mechanisms(5) pkix(7) id-mod(0) | security(5) mechanisms(5) pkix(7) id-mod(0) | |||
| id-mod-pkix1-algorithms2008-02(56) } | id-mod-pkix1-algorithms2008-02(56) } | |||
| skipping to change at page 44, line 25 ¶ | skipping to change at page 48, line 8 ¶ | |||
| mda-sha224, mda-sha256, mda-sha384, mda-sha512 | mda-sha224, mda-sha256, mda-sha384, mda-sha512 | |||
| FROM PKIX1-PSS-OAEP-Algorithms-2009 | FROM PKIX1-PSS-OAEP-Algorithms-2009 | |||
| { iso(1) identified-organization(3) dod(6) internet(1) | { iso(1) identified-organization(3) dod(6) internet(1) | |||
| security(5) mechanisms(5) pkix(7) id-mod(0) | security(5) mechanisms(5) pkix(7) id-mod(0) | |||
| id-mod-pkix1-rsa-pkalgs-02(54) } | id-mod-pkix1-rsa-pkalgs-02(54) } | |||
| -- FROM [CMS-ASN] | -- FROM [CMS-ASN] | |||
| KEY-WRAP, SIGNATURE-ALGORITHM, DIGEST-ALGORITHM, ALGORITHM, | KEY-WRAP, SIGNATURE-ALGORITHM, DIGEST-ALGORITHM, ALGORITHM, | |||
| PUBLIC-KEY, MAC-ALGORITHM, CONTENT-ENCRYPTION, KEY-AGREE, SMIME-CAPS | PUBLIC-KEY, MAC-ALGORITHM, CONTENT-ENCRYPTION, KEY-AGREE, SMIME-CAPS, | |||
| AlgorithmIdentifier{} | ||||
| FROM AlgorithmInformation-2009 | FROM AlgorithmInformation-2009 | |||
| { iso(1) identified-organization(3) dod(6) internet(1) | { iso(1) identified-organization(3) dod(6) internet(1) | |||
| security(5) mechanisms(5) pkix(7) id-mod(0) | security(5) mechanisms(5) pkix(7) id-mod(0) | |||
| id-mod-algorithmInformation-02(58) } | id-mod-algorithmInformation-02(58) } | |||
| -- From [CMS-ASN] | -- From [CMS-ASN] | |||
| OriginatorPublicKey, UserKeyingMaterial | OriginatorPublicKey, UserKeyingMaterial | |||
| FROM CryptographicMessageSyntax-2009 | FROM CryptographicMessageSyntax-2009 | |||
| { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | |||
| smime(16) modules(0) id-mod-cms-2004-02(41) } | smime(16) modules(0) id-mod-cms-2004-02(41) } | |||
| -- From [CMS-ASN] | -- From [CMS-ASN] | |||
| maca-hMAC-SHA1, cea-des-ede3-cbc, kwa-3DESWrap, CBCParameter | maca-hMAC-SHA1, cea-3DES-cbc, kwa-3DESWrap, CBCParameter | |||
| FROM CryptographicMessageSyntaxAlgorithms-2009 | FROM CryptographicMessageSyntaxAlgorithms-2009 | |||
| { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | |||
| smime(16) modules(0) id-mod-cmsalg-2001-02(37) } | smime(16) modules(0) id-mod-cmsalg-2001-02(37) } | |||
| -- From [CMS-ASN] | -- From [CMS-ASN] | |||
| cea-aes128-CBC, cea-aes192-CBC, cea-aes256-CBC, kwa-aes128-wrap, | cea-aes128-cbc, cea-aes192-cbc, cea-aes256-cbc, kwa-aes128-wrap, | |||
| kwa-aes192-wrap, kwa-aes256-wrap | kwa-aes192-wrap, kwa-aes256-wrap | |||
| FROM CMSAesRsaesOaep-2009 | FROM CMSAesRsaesOaep-2009 | |||
| { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | |||
| smime(16) modules(0) id-mod-cms-aes-02(38) } | smime(16) modules(0) id-mod-cms-aes-02(38) } | |||
| -- From [CMS-ASN] | -- From [CMS-ASN] | |||
| cea-aes128-ccm, cea-aes192-ccm, cea-aes256-ccm, cea-aes128-gcm, | cea-aes128-CCM, cea-aes192-CCM, cea-aes256-CCM, cea-aes128-GCM, | |||
| cea-aes192-gcm, cea-aes256-gcm | cea-aes192-GCM, cea-aes256-GCM | |||
| FROM CMS-AES-CCM-and-AES-GCM-2009 | FROM CMS-AES-CCM-and-AES-GCM-2009 | |||
| { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) | |||
| smime(16) modules(0) id-mod-cms-aes-ccm-gcm-02(44) } | smime(16) modules(0) id-mod-cms-aes-ccm-gcm-02(44) } | |||
| ; | ; | |||
| -- Constrains the SignedData digestAlgorithms field | -- Constrains the SignedData digestAlgorithms field | |||
| -- Constrains the SignedData SignerInfo digestAlgorithm field | -- Constrains the SignedData SignerInfo digestAlgorithm field | |||
| -- Constrains the AuthenticatedData digestAlgorithm field | -- Constrains the AuthenticatedData digestAlgorithm field | |||
| -- Message Digest Algorithms: Imported from [PKI-ASN] | ||||
| -- MessageDigestAlgs DIGEST-ALGORITHM ::= { | -- MessageDigestAlgs DIGEST-ALGORITHM ::= { | |||
| -- mda-sha1 | | -- mda-sha1 | | |||
| -- mda-sha224 | | -- mda-sha224 | | |||
| -- mda-sha256 | | -- mda-sha256 | | |||
| -- mda-sha384 | | -- mda-sha384 | | |||
| -- mda-sha512, | -- mda-sha512, | |||
| -- ... -- Extensible | -- ... | |||
| -- } | -- } | |||
| -- Constrains the SignedData SignerInfo signatureAlgorithm field | -- Constrains the SignedData SignerInfo signatureAlgorithm field | |||
| -- Signature Algorithms: Imported from [PKI-ASN] | ||||
| -- SignatureAlgs SIGNATURE-ALGORITHM ::= { | -- SignatureAlgs SIGNATURE-ALGORITHM ::= { | |||
| -- sa-ecdsaWithSHA1 | | -- sa-ecdsaWithSHA1 | | |||
| -- sa-ecdsaWithSHA224 | | -- sa-ecdsaWithSHA224 | | |||
| -- sa-ecdsaWithSHA256 | | -- sa-ecdsaWithSHA256 | | |||
| -- sa-ecdsaWithSHA384 | | -- sa-ecdsaWithSHA384 | | |||
| -- sa-ecdsaWithSHA512, | -- sa-ecdsaWithSHA512, | |||
| -- ... -- Extensible | -- ... | |||
| -- } | -- } | |||
| -- ECDSA Signature Value | ||||
| -- ECDSA Signature Value: Imported from [PKI-ALG] | ||||
| -- Contents of SignatureValue OCTET STRING | -- Contents of SignatureValue OCTET STRING | |||
| -- ECDSA-Sig-Value ::= SEQUENCE { | -- ECDSA-Sig-Value ::= SEQUENCE { | |||
| -- r INTEGER, | -- r INTEGER, | |||
| -- s INTEGER | -- s INTEGER | |||
| -- } | -- } | |||
| -- | -- | |||
| -- Key Agreement Algorithms | -- Key Agreement Algorithms | |||
| -- | -- | |||
| skipping to change at page 46, line 42 ¶ | skipping to change at page 50, line 26 ¶ | |||
| kaa-dhSinglePass-cofactorDH-sha1kdf-scheme | | kaa-dhSinglePass-cofactorDH-sha1kdf-scheme | | |||
| kaa-dhSinglePass-cofactorDH-sha224kdf-scheme | | kaa-dhSinglePass-cofactorDH-sha224kdf-scheme | | |||
| kaa-dhSinglePass-cofactorDH-sha256kdf-scheme | | kaa-dhSinglePass-cofactorDH-sha256kdf-scheme | | |||
| kaa-dhSinglePass-cofactorDH-sha384kdf-scheme | | kaa-dhSinglePass-cofactorDH-sha384kdf-scheme | | |||
| kaa-dhSinglePass-cofactorDH-sha512kdf-scheme | | kaa-dhSinglePass-cofactorDH-sha512kdf-scheme | | |||
| kaa-mqvSinglePass-sha1kdf-scheme | | kaa-mqvSinglePass-sha1kdf-scheme | | |||
| kaa-mqvSinglePass-sha224kdf-scheme | | kaa-mqvSinglePass-sha224kdf-scheme | | |||
| kaa-mqvSinglePass-sha256kdf-scheme | | kaa-mqvSinglePass-sha256kdf-scheme | | |||
| kaa-mqvSinglePass-sha384kdf-scheme | | kaa-mqvSinglePass-sha384kdf-scheme | | |||
| kaa-mqvSinglePass-sha512kdf-scheme, | kaa-mqvSinglePass-sha512kdf-scheme, | |||
| ... -- Extensible | ... | |||
| } | } | |||
| x9-63-scheme OBJECT IDENTIFIER ::= { | x9-63-scheme OBJECT IDENTIFIER ::= { | |||
| iso(1) identified-organization(3) tc68(133) country(16) x9(840) | iso(1) identified-organization(3) tc68(133) country(16) x9(840) | |||
| x9-63(63) schemes(0) } | x9-63(63) schemes(0) } | |||
| secg-scheme OBJECT IDENTIFIER ::= { | secg-scheme OBJECT IDENTIFIER ::= { | |||
| iso(1) identified-organization(3) certicom(132) schemes(1) } | iso(1) identified-organization(3) certicom(132) schemes(1) } | |||
| -- | -- | |||
| -- Diffie-Hellman Single Pass, Standard, with KDFs | -- Diffie-Hellman Single Pass, Standard, with KDFs | |||
| -- | -- | |||
| -- Parameters are always present and indicate the Key Wrap Algorithm | -- Parameters are always present and indicate the Key Wrap Algorithm | |||
| kaa-dhSinglePass-stdDH-sha1kdf-scheme KEY-AGREE ::= { | kaa-dhSinglePass-stdDH-sha1kdf-scheme KEY-AGREE ::= { | |||
| IDENTIFIER dhSinglePass-stdDH-sha1kdf-scheme | IDENTIFIER dhSinglePass-stdDH-sha1kdf-scheme | |||
| PARAMS TYPE KeyWrapAlgorithm ARE required | PARAMS TYPE KeyWrapAlgorithm ARE required | |||
| UKM -- TYPE unencoded data -- IS preferredPresent | UKM -- TYPE unencoded data -- ARE preferredPresent | |||
| SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha1kdf-scheme | SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha1kdf-scheme | |||
| } | } | |||
| dhSinglePass-stdDH-sha1kdf-scheme OBJECT IDENTIFIER ::= { | dhSinglePass-stdDH-sha1kdf-scheme OBJECT IDENTIFIER ::= { | |||
| x9-63-scheme 2 } | x9-63-scheme 2 } | |||
| kaa-dhSinglePass-stdDH-sha224kdf-scheme KEY-AGREE ::= { | kaa-dhSinglePass-stdDH-sha224kdf-scheme KEY-AGREE ::= { | |||
| IDENTIFIER dhSinglePass-stdDH-sha224kdf-scheme | IDENTIFIER dhSinglePass-stdDH-sha224kdf-scheme | |||
| PARAMS TYPE KeyWrapAlgorithm ARE required | PARAMS TYPE KeyWrapAlgorithm ARE required | |||
| UKM -- TYPE unencoded data -- IS preferredPresent | UKM -- TYPE unencoded data -- ARE preferredPresent | |||
| SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha224kdf-scheme | SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha224kdf-scheme | |||
| } | } | |||
| dhSinglePass-stdDH-sha224kdf-scheme OBJECT IDENTIFIER ::= { | dhSinglePass-stdDH-sha224kdf-scheme OBJECT IDENTIFIER ::= { | |||
| secg-scheme 11 0 } | secg-scheme 11 0 } | |||
| kaa-dhSinglePass-stdDH-sha256kdf-scheme KEY-AGREE ::= { | kaa-dhSinglePass-stdDH-sha256kdf-scheme KEY-AGREE ::= { | |||
| IDENTIFIER dhSinglePass-stdDH-sha256kdf-scheme | IDENTIFIER dhSinglePass-stdDH-sha256kdf-scheme | |||
| PARAMS TYPE KeyWrapAlgorithm ARE required | PARAMS TYPE KeyWrapAlgorithm ARE required | |||
| UKM -- TYPE unencoded data -- IS preferredPresent | UKM -- TYPE unencoded data -- ARE preferredPresent | |||
| SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha256kdf-scheme | SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha256kdf-scheme | |||
| } | } | |||
| dhSinglePass-stdDH-sha256kdf-scheme OBJECT IDENTIFIER ::= { | dhSinglePass-stdDH-sha256kdf-scheme OBJECT IDENTIFIER ::= { | |||
| secg-scheme 11 1 } | secg-scheme 11 1 } | |||
| kaa-dhSinglePass-stdDH-sha384kdf-scheme KEY-AGREE ::= { | kaa-dhSinglePass-stdDH-sha384kdf-scheme KEY-AGREE ::= { | |||
| IDENTIFIER dhSinglePass-stdDH-sha384kdf-scheme | IDENTIFIER dhSinglePass-stdDH-sha384kdf-scheme | |||
| PARAMS TYPE KeyWrapAlgorithm ARE required | PARAMS TYPE KeyWrapAlgorithm ARE required | |||
| UKM -- TYPE unencoded data -- IS preferredPresent | UKM -- TYPE unencoded data -- ARE preferredPresent | |||
| SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha384kdf-scheme | SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha384kdf-scheme | |||
| } | } | |||
| dhSinglePass-stdDH-sha384kdf-scheme OBJECT IDENTIFIER ::= { | dhSinglePass-stdDH-sha384kdf-scheme OBJECT IDENTIFIER ::= { | |||
| secg-scheme 11 2 } | secg-scheme 11 2 } | |||
| kaa-dhSinglePass-stdDH-sha512kdf-scheme KEY-AGREE ::= { | kaa-dhSinglePass-stdDH-sha512kdf-scheme KEY-AGREE ::= { | |||
| IDENTIFIER dhSinglePass-stdDH-sha512kdf-scheme | IDENTIFIER dhSinglePass-stdDH-sha512kdf-scheme | |||
| PARAMS TYPE KeyWrapAlgorithm ARE required | PARAMS TYPE KeyWrapAlgorithm ARE required | |||
| UKM -- TYPE unencoded data -- IS preferredPresent | UKM -- TYPE unencoded data -- ARE preferredPresent | |||
| SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha512kdf-scheme } | SMIME-CAPS cap-kaa-dhSinglePass-stdDH-sha512kdf-scheme | |||
| } | } | |||
| dhSinglePass-stdDH-sha512kdf-scheme OBJECT IDENTIFIER ::= { | dhSinglePass-stdDH-sha512kdf-scheme OBJECT IDENTIFIER ::= { | |||
| secg-scheme 11 3 } | secg-scheme 11 3 } | |||
| -- | -- | |||
| -- Diffie-Hellman Single Pass, Cofactor, with KDFs | -- Diffie-Hellman Single Pass, Cofactor, with KDFs | |||
| -- | -- | |||
| kaa-dhSinglePass-cofactorDH-sha1kdf-scheme KEY-AGREE ::= { | kaa-dhSinglePass-cofactorDH-sha1kdf-scheme KEY-AGREE ::= { | |||
| IDENTIFIER dhSinglePass-cofactorDH-sha1kdf-scheme | IDENTIFIER dhSinglePass-cofactorDH-sha1kdf-scheme | |||
| PARAMS TYPE KeyWrapAlgorithm ARE required | PARAMS TYPE KeyWrapAlgorithm ARE required | |||
| UKM -- TYPE unencoded data -- IS preferredPresent | UKM -- TYPE unencoded data -- ARE preferredPresent | |||
| SMIME-CAPS cap-kaa-dhSinglePass-cofactorDH-sha1kdf-scheme | SMIME-CAPS cap-kaa-dhSinglePass-cofactorDH-sha1kdf-scheme | |||
| } | } | |||
| dhSinglePass-cofactorDH-sha1kdf-scheme OBJECT IDENTIFIER ::= { | dhSinglePass-cofactorDH-sha1kdf-scheme OBJECT IDENTIFIER ::= { | |||
| x9-63-scheme 3 } | x9-63-scheme 3 } | |||
| kaa-dhSinglePass-cofactorDH-sha224kdf-scheme KEY-AGREE ::= { | kaa-dhSinglePass-cofactorDH-sha224kdf-scheme KEY-AGREE ::= { | |||
| IDENTIFIER dhSinglePass-cofactorDH-sha224kdf-scheme | IDENTIFIER dhSinglePass-cofactorDH-sha224kdf-scheme | |||
| PARAMS TYPE KeyWrapAlgorithm ARE required | PARAMS TYPE KeyWrapAlgorithm ARE required | |||
| UKM -- TYPE unencoded data -- IS preferredPresent | UKM -- TYPE unencoded data -- ARE preferredPresent | |||
| SMIME-CAPS cap-kaa-dhSinglePass-cofactorDH-sha224kdf-scheme | SMIME-CAPS cap-kaa-dhSinglePass-cofactorDH-sha224kdf-scheme | |||
| } | } | |||
| dhSinglePass-cofactorDH-sha224kdf-scheme OBJECT IDENTIFIER ::= { | dhSinglePass-cofactorDH-sha224kdf-scheme OBJECT IDENTIFIER ::= { | |||
| secg-scheme 14 0 } | secg-scheme 14 0 } | |||
| kaa-dhSinglePass-cofactorDH-sha256kdf-scheme KEY-AGREE ::= { | kaa-dhSinglePass-cofactorDH-sha256kdf-scheme KEY-AGREE ::= { | |||
| IDENTIFIER dhSinglePass-cofactorDH-sha256kdf-scheme | IDENTIFIER dhSinglePass-cofactorDH-sha256kdf-scheme | |||
| PARAMS TYPE KeyWrapAlgorithm ARE required | PARAMS TYPE KeyWrapAlgorithm ARE required | |||
| UKM -- TYPE unencoded data -- IS preferredPresent | UKM -- TYPE unencoded data -- ARE preferredPresent | |||
| SMIME-CAPS cap-kaa-dhSinglePass-cofactorDH-sha256kdf-scheme | SMIME-CAPS cap-kaa-dhSinglePass-cofactorDH-sha256kdf-scheme | |||
| } | } | |||
| dhSinglePass-cofactorDH-sha256kdf-scheme OBJECT IDENTIFIER ::= { | dhSinglePass-cofactorDH-sha256kdf-scheme OBJECT IDENTIFIER ::= { | |||
| secg-scheme 14 1 } | secg-scheme 14 1 } | |||
| kaa-dhSinglePass-cofactorDH-sha384kdf-scheme KEY-AGREE ::= { | kaa-dhSinglePass-cofactorDH-sha384kdf-scheme KEY-AGREE ::= { | |||
| IDENTIFIER dhSinglePass-cofactorDH-sha384kdf-scheme | IDENTIFIER dhSinglePass-cofactorDH-sha384kdf-scheme | |||
| PARAMS TYPE KeyWrapAlgorithm ARE required | PARAMS TYPE KeyWrapAlgorithm ARE required | |||
| UKM -- TYPE unencoded data -- IS preferredPresent | UKM -- TYPE unencoded data -- ARE preferredPresent | |||
| SMIME-CAPS cap-kaa-dhSinglePass-cofactorDH-sha384kdf-scheme | SMIME-CAPS cap-kaa-dhSinglePass-cofactorDH-sha384kdf-scheme | |||
| } | } | |||
| dhSinglePass-cofactorDH-sha384kdf-scheme OBJECT IDENTIFIER ::= { | dhSinglePass-cofactorDH-sha384kdf-scheme OBJECT IDENTIFIER ::= { | |||
| secg-scheme 14 2 } | secg-scheme 14 2 } | |||
| kaa-dhSinglePass-cofactorDH-sha512kdf-scheme KEY-AGREE ::= { | kaa-dhSinglePass-cofactorDH-sha512kdf-scheme KEY-AGREE ::= { | |||
| IDENTIFIER dhSinglePass-cofactorDH-sha512kdf-scheme | IDENTIFIER dhSinglePass-cofactorDH-sha512kdf-scheme | |||
| PARAMS TYPE KeyWrapAlgorithm ARE required | PARAMS TYPE KeyWrapAlgorithm ARE required | |||
| UKM -- TYPE unencoded data -- IS preferredPresent | UKM -- TYPE unencoded data -- ARE preferredPresent | |||
| SMIME-CAPS cap-kaa-dhSinglePass-cofactorDH-sha512kdf-scheme | SMIME-CAPS cap-kaa-dhSinglePass-cofactorDH-sha512kdf-scheme | |||
| } | } | |||
| dhSinglePass-cofactorDH-sha512kdf-scheme OBJECT IDENTIFIER ::= { | dhSinglePass-cofactorDH-sha512kdf-scheme OBJECT IDENTIFIER ::= { | |||
| secg-scheme 14 3 } | secg-scheme 14 3 } | |||
| -- | -- | |||
| -- MQV Single Pass, Cofactor, with KDFs | -- MQV Single Pass, Cofactor, with KDFs | |||
| -- | -- | |||
| kaa-mqvSinglePass-sha1kdf-scheme KEY-AGREE ::= { | kaa-mqvSinglePass-sha1kdf-scheme KEY-AGREE ::= { | |||
| IDENTIFIER mqvSinglePass-sha1kdf-scheme | IDENTIFIER mqvSinglePass-sha1kdf-scheme | |||
| PARAMS TYPE KeyWrapAlgorithm ARE required | PARAMS TYPE KeyWrapAlgorithm ARE required | |||
| UKM -- TYPE unencoded data -- IS preferredPresent | UKM -- TYPE unencoded data -- ARE preferredPresent | |||
| SMIME-CAPS cap-kaa-mqvSinglePass-sha1kdf-scheme | SMIME-CAPS cap-kaa-mqvSinglePass-sha1kdf-scheme | |||
| } | } | |||
| mqvSinglePass-sha1kdf-scheme OBJECT IDENTIFIER ::= { | mqvSinglePass-sha1kdf-scheme OBJECT IDENTIFIER ::= { | |||
| x9-63-scheme 16 } | x9-63-scheme 16 } | |||
| kaa-mqvSinglePass-sha224kdf-scheme KEY-AGREE ::= { | kaa-mqvSinglePass-sha224kdf-scheme KEY-AGREE ::= { | |||
| IDENTIFIER mqvSinglePass-sha224kdf-scheme | IDENTIFIER mqvSinglePass-sha224kdf-scheme | |||
| PARAMS TYPE KeyWrapAlgorithm ARE required | PARAMS TYPE KeyWrapAlgorithm ARE required | |||
| UKM -- TYPE unencoded data -- IS preferredPresent | UKM -- TYPE unencoded data -- ARE preferredPresent | |||
| SMIME-CAPS cap-kaa-mqvSinglePass-sha224kdf-scheme | SMIME-CAPS cap-kaa-mqvSinglePass-sha224kdf-scheme | |||
| } | } | |||
| mqvSinglePass-sha224kdf-scheme OBJECT IDENTIFIER ::= { | mqvSinglePass-sha224kdf-scheme OBJECT IDENTIFIER ::= { | |||
| secg-scheme 15 0 } | secg-scheme 15 0 } | |||
| kaa-mqvSinglePass-sha256kdf-scheme KEY-AGREE ::= { | kaa-mqvSinglePass-sha256kdf-scheme KEY-AGREE ::= { | |||
| IDENTIFIER mqvSinglePass-sha256kdf-scheme | IDENTIFIER mqvSinglePass-sha256kdf-scheme | |||
| PARAMS TYPE KeyWrapAlgorithm ARE required | PARAMS TYPE KeyWrapAlgorithm ARE required | |||
| UKM -- TYPE unencoded data -- IS preferredPresent | UKM -- TYPE unencoded data -- ARE preferredPresent | |||
| SMIME-CAPS cap-kaa-mqvSinglePass-sha256kdf-scheme | SMIME-CAPS cap-kaa-mqvSinglePass-sha256kdf-scheme | |||
| } | } | |||
| mqvSinglePass-sha256kdf-scheme OBJECT IDENTIFIER ::= { | mqvSinglePass-sha256kdf-scheme OBJECT IDENTIFIER ::= { | |||
| secg-scheme 15 1 } | secg-scheme 15 1 } | |||
| kaa-mqvSinglePass-sha384kdf-scheme KEY-AGREE ::= { | kaa-mqvSinglePass-sha384kdf-scheme KEY-AGREE ::= { | |||
| IDENTIFIER mqvSinglePass-sha384kdf-scheme | IDENTIFIER mqvSinglePass-sha384kdf-scheme | |||
| PARAMS TYPE KeyWrapAlgorithm ARE required | PARAMS TYPE KeyWrapAlgorithm ARE required | |||
| UKM -- TYPE unencoded data -- IS preferredPresent | UKM -- TYPE unencoded data -- ARE preferredPresent | |||
| SMIME-CAPS cap-kaa-mqvSinglePass-sha384kdf-scheme | SMIME-CAPS cap-kaa-mqvSinglePass-sha384kdf-scheme | |||
| } | } | |||
| mqvSinglePass-sha384kdf-scheme OBJECT IDENTIFIER ::= { | mqvSinglePass-sha384kdf-scheme OBJECT IDENTIFIER ::= { | |||
| secg-scheme 15 2 } | secg-scheme 15 2 } | |||
| kaa-mqvSinglePass-sha512kdf-scheme KEY-AGREE ::= { | kaa-mqvSinglePass-sha512kdf-scheme KEY-AGREE ::= { | |||
| IDENTIFIER mqvSinglePass-sha512kdf-scheme | IDENTIFIER mqvSinglePass-sha512kdf-scheme | |||
| PARAMS TYPE KeyWrapAlgorithm ARE required | PARAMS TYPE KeyWrapAlgorithm ARE required | |||
| UKM -- TYPE unencoded data -- IS preferredPresent | UKM -- TYPE unencoded data -- ARE preferredPresent | |||
| SMIME-CAPS cap-kaa-mqvSinglePass-sha512kdf-scheme | SMIME-CAPS cap-kaa-mqvSinglePass-sha512kdf-scheme | |||
| } | } | |||
| mqvSinglePass-sha512kdf-scheme OBJECT IDENTIFIER ::= { | mqvSinglePass-sha512kdf-scheme OBJECT IDENTIFIER ::= { | |||
| secg-scheme 15 3 } | secg-scheme 15 3 } | |||
| -- | -- | |||
| -- Key Wrap Algorithms | -- Key Wrap Algorithms: Imported from [CMS-ASN] | |||
| -- | -- | |||
| KeyWrapAlgorithm ::= KeyWrapAlgs | KeyWrapAlgorithm ::= AlgorithmIdentifier {KEY-WRAP, { KeyWrapAlgs } } | |||
| KeyWrapAlgs KEY-WRAP ::= { | KeyWrapAlgs KEY-WRAP ::= { | |||
| kwa-3des | | kwa-3DESWrap | | |||
| kwa-aes128 | | kwa-aes128-wrap | | |||
| kwa-aes192 | | kwa-aes192-wrap | | |||
| kwa-aes256, | kwa-aes256-wrap, | |||
| ... -- Extensible | ... | |||
| } | } | |||
| -- | -- | |||
| -- Content Encryption Algorithms | -- Content Encryption Algorithms: Imported from [CMS-ASN] | |||
| -- | -- | |||
| -- Constrains the EnvelopedData EncryptedContentInfo encryptedContent | -- Constrains the EnvelopedData EncryptedContentInfo encryptedContent | |||
| -- field and the AuthEnvelopedData EncryptedContentInfo | -- field and the AuthEnvelopedData EncryptedContentInfo | |||
| -- contentEncryptionAlgorithm field | -- contentEncryptionAlgorithm field | |||
| -- ContentEncryptionAlgs CONTENT-ENCRYPTION ::= { | -- ContentEncryptionAlgs CONTENT-ENCRYPTION ::= { | |||
| -- cea-des-ede3-cbc | | -- cea-3DES-cbc | | |||
| -- cea-aes128-cbc | | -- cea-aes128-cbc | | |||
| -- cea-aes192-cbc | | -- cea-aes192-cbc | | |||
| -- cea-aes256-cbc | | -- cea-aes256-cbc | | |||
| -- cea-aes128-ccm | | -- cea-aes128-ccm | | |||
| -- cea-aes192-ccm | | -- cea-aes192-ccm | | |||
| -- cea-aes256-ccm | | -- cea-aes256-ccm | | |||
| -- cea-aes128-gcm | | -- cea-aes128-gcm | | |||
| -- cea-aes192-gcm | | -- cea-aes192-gcm | | |||
| -- cea-aes256-gcm, | -- cea-aes256-gcm, | |||
| -- ... -- Extensible | -- ... | |||
| -- } | -- } | |||
| -- des-ede3-cbc and aes*-cbc are used with EnvelopedData and | -- des-ede3-cbc and aes*-cbc are used with EnvelopedData and | |||
| -- EncryptedData | -- EncryptedData | |||
| -- aes*-ccm are used with AuthEnvelopedData | -- aes*-ccm are used with AuthEnvelopedData | |||
| -- aes*-gcm are used with AuthEnvelopedData | -- aes*-gcm are used with AuthEnvelopedData | |||
| -- (where * is 128, 192, and 256) | -- (where * is 128, 192, and 256) | |||
| -- | -- | |||
| -- Message Authentication Code Algorithms | -- Message Authentication Code Algorithms | |||
| -- | -- | |||
| -- Constrains the AuthenticatedData | -- Constrains the AuthenticatedData | |||
| -- MessageAuthenticationCodeAlgorithm field | -- MessageAuthenticationCodeAlgorithm field | |||
| -- | -- | |||
| MessageAuthAlgs MAC-ALGORITHM ::= { | MessageAuthAlgs MAC-ALGORITHM ::= { | |||
| -- maca-hMAC-SHA1 | | -- maca-hMAC-SHA1 | | |||
| maca-hMAC-SHA224 | | maca-hMAC-SHA224 | | |||
| maca-hMAC-SHA256 | | maca-hMAC-SHA256 | | |||
| maca-hMAC-SHA384 | | maca-hMAC-SHA384 | | |||
| maca-hMAC-SHA512, | maca-hMAC-SHA512, | |||
| ... -- Extensible | ... | |||
| } | } | |||
| maca-hMAC-SHA224 MAC-ALGORITHM ::= { | maca-hMAC-SHA224 MAC-ALGORITHM ::= { | |||
| IDENTIFIER hMAC-SHA1 | IDENTIFIER id-hmacWithSHA224 | |||
| PARAMS TYPE ARE absent | PARAMS ARE absent | |||
| IS-KEYED-MAC TRUE | IS-KEYED-MAC TRUE | |||
| SMIME-CAPS cap-hMAC-SHA224 | SMIME-CAPS cap-hMAC-SHA224 | |||
| } | } | |||
| id-hmacWithSHA224 OBJECT IDENTIFIER ::= { | id-hmacWithSHA224 OBJECT IDENTIFIER ::= { | |||
| iso(1) member-body(2) us(840) rsadsi(113549) | iso(1) member-body(2) us(840) rsadsi(113549) | |||
| digestAlgorithm(2) 8 } | digestAlgorithm(2) 8 } | |||
| maca-hMAC-SHA256 MAC-ALGORITHM ::= { | maca-hMAC-SHA256 MAC-ALGORITHM ::= { | |||
| IDENTIFIER id-hmacWithSHA256 | IDENTIFIER id-hmacWithSHA256 | |||
| PARAMS TYPE ARE absent | PARAMS ARE absent | |||
| IS-KEYED-MAC TRUE | IS-KEYED-MAC TRUE | |||
| SMIME-CAPS cap-hMAC-SHA256 | SMIME-CAPS cap-hMAC-SHA256 | |||
| } | } | |||
| id-hmacWithSHA256 OBJECT IDENTIFIER ::= { | id-hmacWithSHA256 OBJECT IDENTIFIER ::= { | |||
| iso(1) member-body(2) us(840) rsadsi(113549) | iso(1) member-body(2) us(840) rsadsi(113549) | |||
| digestAlgorithm(2) 9 } | digestAlgorithm(2) 9 } | |||
| maca-hMAC-SHA384 MAC-ALGORITHM ::= { | maca-hMAC-SHA384 MAC-ALGORITHM ::= { | |||
| IDENTIFIER id-hmacWithSHA384 | IDENTIFIER id-hmacWithSHA384 | |||
| PARAMS TYPE ARE absent | PARAMS ARE absent | |||
| IS-KEYED-MAC TRUE | IS-KEYED-MAC TRUE | |||
| SMIME-CAPS cap-hMAC-SHA384 | SMIME-CAPS cap-hMAC-SHA384 | |||
| } | } | |||
| id-hmacWithSHA384 OBJECT IDENTIFIER ::= { | id-hmacWithSHA384 OBJECT IDENTIFIER ::= { | |||
| iso(1) member-body(2) us(840) rsadsi(113549) | iso(1) member-body(2) us(840) rsadsi(113549) | |||
| digestAlgorithm(2) 10 } | digestAlgorithm(2) 10 } | |||
| maca-hMAC-SHA512 MAC-ALGORITHM ::= { | maca-hMAC-SHA512 MAC-ALGORITHM ::= { | |||
| IDENTIFIER id-hmacWithSHA512 | IDENTIFIER id-hmacWithSHA512 | |||
| PARAMS TYPE ARE absent | PARAMS ARE absent | |||
| IS-KEYED-MAC TRUE | IS-KEYED-MAC TRUE | |||
| SMIME-CAPS cap-hMAC-SHA512 | SMIME-CAPS cap-hMAC-SHA512 | |||
| } | } | |||
| id-hmacWithSHA512 OBJECT IDENTIFIER ::= { | id-hmacWithSHA512 OBJECT IDENTIFIER ::= { | |||
| iso(1) member-body(2) us(840) rsadsi(113549) | iso(1) member-body(2) us(840) rsadsi(113549) | |||
| digestAlgorithm(2) 11 } | digestAlgorithm(2) 11 } | |||
| -- | -- | |||
| -- Originator Public Key Algorithms | -- Originator Public Key Algorithms | |||
| -- | -- | |||
| -- Constraints on KeyAgreeRecipientInfo OriginatorIdentifierOrKey | -- Constraints on KeyAgreeRecipientInfo OriginatorIdentifierOrKey | |||
| -- OriginatorPublicKey algorithm field | -- OriginatorPublicKey algorithm field | |||
| -- PARAMS are NULL | ||||
| OriginatorPKAlgorithms PUBLIC-KEY ::= { | OriginatorPKAlgorithms PUBLIC-KEY ::= { | |||
| opka-ec, | opka-ec, | |||
| ... -- Extensible | ... | |||
| } | } | |||
| opka-ec PUBLIC-KEY ::={ | opka-ec PUBLIC-KEY ::={ | |||
| IDENTIFIER id-ecPublicKey | IDENTIFIER id-ecPublicKey | |||
| KEY ECPoint | KEY ECPoint | |||
| PARAMS TYPE CHOICE { n NULL, p ECParameters } ARE preferredAbsent | PARAMS TYPE CHOICE { n NULL, p ECParameters } ARE preferredAbsent | |||
| } | } | |||
| -- Format for both ephemeral and static public keys | -- Format for both ephemeral and static public keys: Imported from | |||
| -- [PKI-ALG] | ||||
| -- ECPoint ::= OCTET STRING | -- ECPoint ::= OCTET STRING | |||
| -- ECParameters ::= CHOICE { | -- ECParameters ::= CHOICE { | |||
| -- namedCurve CURVE.&id({NamedCurve}) | -- namedCurve CURVE.&id({NamedCurve}) | |||
| -- commented out in [PKI-ALG] implicitCurve NULL | -- commented out in [PKI-ALG] implicitCurve NULL | |||
| -- commented out in [PKI-ALG] specifiedCurve SpecifiedECDomain | -- commented out in [PKI-ALG] specifiedCurve SpecifiedECDomain | |||
| -- commented out in [PKI-ALG] ... Extensible | -- commented out in [PKI-ALG] ... | |||
| -- } | -- } | |||
| -- implicitCurve and specifiedCurve MUST NOT be used in PKIX. | -- implicitCurve and specifiedCurve MUST NOT be used in PKIX. | |||
| -- Details for SpecifiedECDomain can be found in [X9.62]. | -- Details for SpecifiedECDomain can be found in [X9.62]. | |||
| -- Any future additions to this CHOICE should be coordinated | -- Any future additions to this CHOICE should be coordinated | |||
| -- with ANSI X.9. | -- with ANSI X.9. | |||
| -- Format of KeyAgreeRecipientInfo ukm field when used with | -- Format of KeyAgreeRecipientInfo ukm field when used with | |||
| -- ECMQV | -- ECMQV | |||
| MQVuserKeyingMaterial ::= SEQUENCE { | MQVuserKeyingMaterial ::= SEQUENCE { | |||
| ephemeralPublicKey OriginatorPublicKey, | ephemeralPublicKey OriginatorPublicKey, | |||
| addedukm [0] EXPLICIT UserKeyingMaterial OPTIONAL | addedukm [0] EXPLICIT UserKeyingMaterial OPTIONAL | |||
| } | } | |||
| -- 'SharedInfo' for input to KDF when using ECDH and ECMQV with | -- 'SharedInfo' for input to KDF when using ECDH and ECMQV with | |||
| -- EnvelopedData, AuthenticatedData, or AuthEnvelopedData | -- EnvelopedData, AuthenticatedData, or AuthEnvelopedData | |||
| ECC-CMS-SharedInfo ::= SEQUENCE { | ECC-CMS-SharedInfo ::= SEQUENCE { | |||
| keyInfo AlgorithmIdentifier { KeyWrapAlgorithm }, | keyInfo KeyWrapAlgorithm, | |||
| entityUInfo [0] EXPLICIT OCTET STRING OPTIONAL, | entityUInfo [0] EXPLICIT OCTET STRING OPTIONAL, | |||
| suppPubInfo [2] EXPLICIT OCTET STRING | suppPubInfo [2] EXPLICIT OCTET STRING | |||
| } | } | |||
| -- | -- | |||
| -- S/MIME CAPS for algorithms in this document | -- S/MIME CAPS for algorithms in this document | |||
| -- | -- | |||
| SMimeCAPS SMIME-CAPS ::= { | SMimeCAPS SMIME-CAPS ::= { | |||
| -- mda-sha1.&smimeCaps | | -- mda-sha1.&smimeCaps | | |||
| skipping to change at page 54, line 47 ¶ | skipping to change at page 58, line 47 ¶ | |||
| kaa-dhSinglePass-cofactorDH-sha512kdf-scheme.&smimeCaps | | kaa-dhSinglePass-cofactorDH-sha512kdf-scheme.&smimeCaps | | |||
| kaa-mqvSinglePass-sha1kdf-scheme.&smimeCaps | | kaa-mqvSinglePass-sha1kdf-scheme.&smimeCaps | | |||
| kaa-mqvSinglePass-sha224kdf-scheme.&smimeCaps | | kaa-mqvSinglePass-sha224kdf-scheme.&smimeCaps | | |||
| kaa-mqvSinglePass-sha256kdf-scheme.&smimeCaps | | kaa-mqvSinglePass-sha256kdf-scheme.&smimeCaps | | |||
| kaa-mqvSinglePass-sha384kdf-scheme.&smimeCaps | | kaa-mqvSinglePass-sha384kdf-scheme.&smimeCaps | | |||
| kaa-mqvSinglePass-sha512kdf-scheme.&smimeCaps | | kaa-mqvSinglePass-sha512kdf-scheme.&smimeCaps | | |||
| -- kwa-3des.&smimeCaps | | -- kwa-3des.&smimeCaps | | |||
| -- kwa-aes128.&smimeCaps | | -- kwa-aes128.&smimeCaps | | |||
| -- kwa-aes192.&smimeCaps | | -- kwa-aes192.&smimeCaps | | |||
| -- kwa-aes256.&smimeCaps | | -- kwa-aes256.&smimeCaps | | |||
| -- cea-des-ede3-cbc.&smimeCaps | | -- cea-3DES-cbc.&smimeCaps | | |||
| -- cea-aes128-cbc.&smimeCaps | | -- cea-aes128-cbc.&smimeCaps | | |||
| -- cea-aes192-cbc.&smimeCaps | | -- cea-aes192-cbc.&smimeCaps | | |||
| -- cea-aes256-cbc.&smimeCaps | | -- cea-aes256-cbc.&smimeCaps | | |||
| -- cea-aes128-ccm.&smimeCaps | | -- cea-aes128-ccm.&smimeCaps | | |||
| -- cea-aes192-ccm.&smimeCaps | | -- cea-aes192-ccm.&smimeCaps | | |||
| -- cea-aes256-ccm.&smimeCaps | | -- cea-aes256-ccm.&smimeCaps | | |||
| -- cea-aes128-gcm.&smimeCaps | | -- cea-aes128-gcm.&smimeCaps | | |||
| -- cea-aes192-gcm.&smimeCaps | | -- cea-aes192-gcm.&smimeCaps | | |||
| -- cea-aes256-gcm.&smimeCaps | | -- cea-aes256-gcm.&smimeCaps | | |||
| -- maca-hMAC-SHA1.&smimeCaps | | -- maca-hMAC-SHA1.&smimeCaps | | |||
| maca-hMAC-SHA224.&smimeCaps | | maca-hMAC-SHA224.&smimeCaps | | |||
| maca-hMAC-SHA256.&smimeCaps | | maca-hMAC-SHA256.&smimeCaps | | |||
| maca-hMAC-SHA384.&smimeCaps | | maca-hMAC-SHA384.&smimeCaps | | |||
| maca-hMAC-SHA512.&smimeCaps, | maca-hMAC-SHA512.&smimeCaps, | |||
| ... - Extensible | ... | |||
| } | } | |||
| cap-kaa-dhSinglePass-stdDH-sha1kdf-scheme SMIME-CAPS ::= { | cap-kaa-dhSinglePass-stdDH-sha1kdf-scheme SMIME-CAPS ::= { | |||
| TYPE KeyWrapAlgorithm | TYPE KeyWrapAlgorithm | |||
| IDENTIFIED BY dhSinglePass-stdDH-sha1kdf-scheme | IDENTIFIED BY dhSinglePass-stdDH-sha1kdf-scheme | |||
| } | } | |||
| cap-kaa-dhSinglePass-stdDH-sha224kdf-scheme SMIME-CAPS ::= { | cap-kaa-dhSinglePass-stdDH-sha224kdf-scheme SMIME-CAPS ::= { | |||
| TYPE KeyWrapAlgorithm | TYPE KeyWrapAlgorithm | |||
| IDENTIFIED BY dhSinglePass-stdDH-sha224kdf-scheme } | IDENTIFIED BY dhSinglePass-stdDH-sha224kdf-scheme | |||
| } | ||||
| cap-kaa-dhSinglePass-stdDH-sha256kdf-scheme SMIME-CAPS ::= { | cap-kaa-dhSinglePass-stdDH-sha256kdf-scheme SMIME-CAPS ::= { | |||
| TYPE KeyWrapAlgorithm | TYPE KeyWrapAlgorithm | |||
| IDENTIFIED BY dhSinglePass-stdDH-sha256kdf-scheme } | IDENTIFIED BY dhSinglePass-stdDH-sha256kdf-scheme | |||
| } | ||||
| cap-kaa-dhSinglePass-stdDH-sha384kdf-scheme SMIME-CAPS ::= { | cap-kaa-dhSinglePass-stdDH-sha384kdf-scheme SMIME-CAPS ::= { | |||
| TYPE KeyWrapAlgorithm | TYPE KeyWrapAlgorithm | |||
| IDENTIFIED BY dhSinglePass-stdDH-sha384kdf-scheme | IDENTIFIED BY dhSinglePass-stdDH-sha384kdf-scheme | |||
| } | } | |||
| cap-kaa-dhSinglePass-stdDH-sha512kdf-scheme SMIME-CAPS ::= { | cap-kaa-dhSinglePass-stdDH-sha512kdf-scheme SMIME-CAPS ::= { | |||
| TYPE KeyWrapAlgorithm | TYPE KeyWrapAlgorithm | |||
| IDENTIFIED BY dhSinglePass-stdDH-sha512kdf-scheme | IDENTIFIED BY dhSinglePass-stdDH-sha512kdf-scheme | |||
| } | } | |||
| End of changes. 81 change blocks. | ||||
| 106 lines changed or deleted | 194 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||