fixeria
/
pycrate
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
pycrate/pycrate_asn1dir/ITUT_X509_2012-10/EnhancedSecurity.asn

193 lines
6.0 KiB
Groff
Raw Blame History

EnhancedSecurity {joint-iso-itu-t ds(5) modules(1) enhancedSecurity(28) 7}
DEFINITIONS IMPLICIT TAGS ::=
BEGIN
-- EXPORTS All
IMPORTS
-- from Rec. ITU-T X.501 | ISO/IEC 9594-2
authenticationFramework, basicAccessControl, certificateExtensions,
id-at, id-avc, id-mr, id-oc, informationFramework
FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) usefulDefinitions(0) 7}
Attribute{}, ATTRIBUTE, AttributeType, AttributeTypeAndValue, Context, CONTEXT,
Name, OBJECT-CLASS, objectIdentifierMatch, SupportedAttributes, top
FROM InformationFramework informationFramework
-- from Rec. ITU-T X.509 | ISO/IEC 9594-8
CertificateSerialNumber, HASH{}, SIGNED{}
FROM AuthenticationFramework authenticationFramework
GeneralName, KeyIdentifier
FROM CertificateExtensions certificateExtensions ;
OPTIONALLY-PROTECTED{Type} ::= CHOICE {
unsigned Type,
signed SIGNED{Type} }
OPTIONALLY-PROTECTED-SEQ{Type} ::= CHOICE {
unsigned Type,
signed [0] SIGNED{Type} }
attributeValueSecurityLabelContext CONTEXT ::= {
WITH SYNTAX SignedSecurityLabel -- At most one security label context can
-- be assigned to an attribute value
ID id-avc-attributeValueSecurityLabelContext }
SignedSecurityLabel ::= SIGNED{SignedSecurityLabelContent}
SignedSecurityLabelContent ::= SEQUENCE {
attHash HASH{AttributeTypeAndValue},
issuer Name OPTIONAL, -- name of labelling authority
keyIdentifier KeyIdentifier OPTIONAL,
securityLabel SecurityLabel,
... }
SecurityLabel ::= SET {
security-policy-identifier SecurityPolicyIdentifier OPTIONAL,
security-classification SecurityClassification OPTIONAL,
privacy-mark PrivacyMark OPTIONAL,
security-categories SecurityCategories OPTIONAL,
... }
(ALL EXCEPT ({ -- none, at least one component shall be present --}))
SecurityPolicyIdentifier ::= OBJECT IDENTIFIER
SecurityClassification ::= INTEGER {
unmarked (0),
unclassified (1),
restricted (2),
confidential (3),
secret (4),
top-secret (5)}
PrivacyMark ::= PrintableString(SIZE (1..MAX))
SecurityCategories ::= SET SIZE (1..MAX) OF SecurityCategory
clearance ATTRIBUTE ::= {
WITH SYNTAX Clearance
ID id-at-clearance }
Clearance ::= SEQUENCE {
policyId OBJECT IDENTIFIER,
classList ClassList DEFAULT {unclassified},
securityCategories SET SIZE (1..MAX) OF SecurityCategory OPTIONAL,
... }
ClassList ::= BIT STRING {
unmarked (0),
unclassified (1),
restricted (2),
confidential (3),
secret (4),
topSecret (5)}
SecurityCategory ::= SEQUENCE {
type [0] SECURITY-CATEGORY.&id({SecurityCategoriesTable}),
value [1] EXPLICIT SECURITY-CATEGORY.&Type({SecurityCategoriesTable}{@type}),
... }
SECURITY-CATEGORY ::= TYPE-IDENTIFIER
SecurityCategoriesTable SECURITY-CATEGORY ::= {...}
attributeIntegrityInfo ATTRIBUTE ::= {
WITH SYNTAX AttributeIntegrityInfo
SINGLE VALUE TRUE
ID id-at-attributeIntegrityInfo }
AttributeIntegrityInfo ::= SIGNED{AttributeIntegrityInfoContent}
AttributeIntegrityInfoContent ::= SEQUENCE {
scope Scope, -- Identifies the attributes protected
signer Signer OPTIONAL, -- Authority or data originators name
attribsHash AttribsHash, -- Hash value of protected attributes
... }
Signer ::= CHOICE {
thisEntry [0] EXPLICIT ThisEntry,
thirdParty [1] SpecificallyIdentified,
... }
ThisEntry ::= CHOICE {
onlyOne NULL,
specific IssuerAndSerialNumber,
... }
IssuerAndSerialNumber ::= SEQUENCE {
issuer Name,
serial CertificateSerialNumber,
... }
SpecificallyIdentified ::= SEQUENCE {
name GeneralName,
issuer GeneralName OPTIONAL,
serial CertificateSerialNumber OPTIONAL }
(WITH COMPONENTS { ..., issuer PRESENT, serial PRESENT } |
(WITH COMPONENTS { ..., issuer ABSENT, serial ABSENT }))
Scope ::= CHOICE {
wholeEntry [0] NULL, -- Signature protects all attribute values in this entry
selectedTypes [1] SelectedTypes,
-- Signature protects all attribute values of the selected attribute types
... }
SelectedTypes ::= SEQUENCE SIZE (1..MAX) OF AttributeType
AttribsHash ::= HASH{HashedAttributes}
HashedAttributes ::= SEQUENCE SIZE (1..MAX) OF Attribute{{SupportedAttributes}}
-- Attribute type and values with associated context values for the selected Scope
integrityInfo OBJECT-CLASS ::= {
SUBCLASS OF {top}
KIND auxiliary
MUST CONTAIN {attributeIntegrityInfo}
ID id-oc-integrityInfo }
attributeValueIntegrityInfoContext CONTEXT ::= {
WITH SYNTAX AttributeValueIntegrityInfo
ID id-avc-attributeValueIntegrityInfoContext }
AttributeValueIntegrityInfo ::= SIGNED{AttributeValueIntegrityInfoContent}
AttributeValueIntegrityInfoContent ::= SEQUENCE {
signer Signer OPTIONAL, -- Authority or data originators name
aVIHash AVIHash, -- Hash value of protected attribute
... }
AVIHash ::= HASH{AttributeTypeValueContexts}
-- Attribute type and value with associated context values
AttributeTypeValueContexts ::= SEQUENCE {
type ATTRIBUTE.&id({SupportedAttributes}),
value ATTRIBUTE.&Type({SupportedAttributes}{@type}),
contextList SET SIZE (1..MAX) OF Context OPTIONAL,
... }
-- Object identifier assignments
-- object classes
id-oc-integrityInfo OBJECT IDENTIFIER ::= {id-oc 40}
-- attributes
id-at-clearance OBJECT IDENTIFIER ::= {id-at 55}
-- id-at-defaultDirQop OBJECT IDENTIFIER ::= {id-at 56}
id-at-attributeIntegrityInfo OBJECT IDENTIFIER ::= {id-at 57}
-- id-at-confKeyInfo OBJECT IDENTIFIER ::= {id-at 60}
-- matching rules
-- id-mr-readerAndKeyIDMatch OBJECT IDENTIFIER ::= {id-mr 43}
-- contexts
id-avc-attributeValueSecurityLabelContext OBJECT IDENTIFIER ::= {id-avc 3}
id-avc-attributeValueIntegrityInfoContext OBJECT IDENTIFIER ::= {id-avc 4}
END -- EnhancedSecurity
Reference in New Issue View Git Blame Copy Permalink