55600fb60a
asn2eth -> asn2wrs svn path=/trunk/; revision=18214
278 lines
8 KiB
Groff
278 lines
8 KiB
Groff
-- ExtendedSecurityServices as defined in RFC2634
|
|
--
|
|
-- The ASN definition has been modified to suit the Wireshark asn2wrs compiler
|
|
--
|
|
--
|
|
--
|
|
-- The original ASN.1 definition from RFC2634 contains the following
|
|
-- copyright statement:
|
|
--
|
|
-- Full Copyright Statement
|
|
--
|
|
-- Copyright (C) The Internet Society (1999). All Rights Reserved.
|
|
--
|
|
-- This document and translations of it may be copied and furnished to
|
|
-- others, and derivative works that comment on or otherwise explain it
|
|
-- or assist in its implementation may be prepared, copied, published
|
|
-- and distributed, in whole or in part, without restriction of any
|
|
-- kind, provided that the above copyright notice and this paragraph are
|
|
-- included on all such copies and derivative works. However, this
|
|
-- document itself may not be modified in any way, such as by removing
|
|
-- the copyright notice or references to the Internet Society or other
|
|
-- Internet organizations, except as needed for the purpose of
|
|
-- developing Internet standards in which case the procedures for
|
|
-- copyrights defined in the Internet Standards process must be
|
|
-- followed, or as required to translate it into languages other than
|
|
-- English.
|
|
--
|
|
-- The limited permissions granted above are perpetual and will not be
|
|
-- revoked by the Internet Society or its successors or assigns.
|
|
--
|
|
-- This document and the information contained herein is provided on an
|
|
-- "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
|
-- TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
|
-- BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
|
-- HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
|
-- MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
|
--
|
|
|
|
ExtendedSecurityServices
|
|
{ iso(1) member-body(2) us(840) rsadsi(113549)
|
|
pkcs(1) pkcs-9(9) smime(16) modules(0) ess(2) }
|
|
|
|
DEFINITIONS IMPLICIT TAGS ::=
|
|
BEGIN
|
|
|
|
IMPORTS
|
|
|
|
-- Cryptographic Message Syntax (CMS)
|
|
ContentType, IssuerAndSerialNumber
|
|
FROM CryptographicMessageSyntax { iso(1) member-body(2) us(840)
|
|
rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1)}
|
|
|
|
-- X.509
|
|
CertificateSerialNumber FROM AuthenticationFramework
|
|
|
|
SubjectKeyIdentifier, PolicyInformation, GeneralNames
|
|
FROM CertificateExtensions
|
|
{joint-iso-ccitt ds(5) module(1) certificateExtensions(26) 0};
|
|
|
|
|
|
-- Extended Security Services
|
|
|
|
-- The construct "SEQUENCE SIZE (1..MAX) OF" appears in several ASN.1
|
|
-- constructs in this module. A valid ASN.1 SEQUENCE can have zero or
|
|
-- more entries. The SIZE (1..MAX) construct constrains the SEQUENCE to
|
|
-- have at least one entry. MAX indicates the upper bound is unspecified.
|
|
-- Implementations are free to choose an upper bound that suits their
|
|
-- environment.
|
|
|
|
-- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING
|
|
-- The contents are formatted as described in [UTF8]
|
|
|
|
-- Section 2.7
|
|
|
|
ReceiptRequest ::= SEQUENCE {
|
|
signedContentIdentifier ContentIdentifier,
|
|
receiptsFrom ReceiptsFrom,
|
|
receiptsTo SEQUENCE OF GeneralNames }
|
|
|
|
-- ub-receiptsTo INTEGER ::= 16
|
|
--
|
|
--
|
|
-- id-aa-receiptRequest OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 1}
|
|
|
|
ContentIdentifier ::= OCTET STRING
|
|
|
|
-- id-aa-contentIdentifier OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 7}
|
|
|
|
ReceiptsFrom ::= CHOICE {
|
|
allOrFirstTier [0] AllOrFirstTier,
|
|
-- formerly "allOrNone [0]AllOrNone"
|
|
receiptList [1] SEQUENCE OF GeneralNames }
|
|
|
|
AllOrFirstTier ::= INTEGER { -- Formerly AllOrNone
|
|
allReceipts (0),
|
|
firstTierRecipients (1) }
|
|
|
|
|
|
-- Section 2.8
|
|
|
|
Receipt ::= SEQUENCE {
|
|
version ESSVersion,
|
|
contentType ContentType,
|
|
signedContentIdentifier ContentIdentifier,
|
|
originatorSignatureValue OCTET STRING }
|
|
|
|
-- id-ct-receipt OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
|
|
-- rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-ct(1) 1}
|
|
|
|
ESSVersion ::= INTEGER { v1(1) }
|
|
|
|
-- Section 2.9
|
|
|
|
ContentHints ::= SEQUENCE {
|
|
contentDescription UTF8String OPTIONAL,
|
|
contentType ContentType }
|
|
|
|
-- id-aa-contentHint OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
|
|
-- rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 4}
|
|
|
|
-- Section 2.10
|
|
|
|
MsgSigDigest ::= OCTET STRING
|
|
|
|
-- id-aa-msgSigDigest OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 5}
|
|
|
|
-- Section 2.11
|
|
|
|
ContentReference ::= SEQUENCE {
|
|
contentType ContentType,
|
|
signedContentIdentifier ContentIdentifier,
|
|
originatorSignatureValue OCTET STRING }
|
|
|
|
-- id-aa-contentReference OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 10 }
|
|
|
|
|
|
-- Section 3.2
|
|
|
|
ESSSecurityLabel ::= SET {
|
|
security-policy-identifier SecurityPolicyIdentifier,
|
|
security-classification SecurityClassification OPTIONAL,
|
|
privacy-mark ESSPrivacyMark OPTIONAL,
|
|
security-categories SecurityCategories OPTIONAL }
|
|
|
|
-- id-aa-securityLabel OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 2}
|
|
|
|
SecurityPolicyIdentifier ::= OBJECT IDENTIFIER
|
|
|
|
SecurityClassification ::= INTEGER {
|
|
unmarked (0),
|
|
unclassified (1),
|
|
restricted (2),
|
|
confidential (3),
|
|
secret (4),
|
|
top-secret (5) }
|
|
|
|
-- ub-integer-options INTEGER ::= 256
|
|
|
|
ESSPrivacyMark ::= CHOICE {
|
|
pString PrintableString,
|
|
utf8String UTF8String
|
|
}
|
|
|
|
-- ub-privacy-mark-length INTEGER ::= 128
|
|
|
|
SecurityCategories ::= SET OF SecurityCategory
|
|
|
|
-- ub-security-categories INTEGER ::= 64
|
|
|
|
SecurityCategory ::= SEQUENCE {
|
|
type [0] OBJECT IDENTIFIER,
|
|
value [1] EXPLICIT ANY
|
|
}
|
|
|
|
--Note: The aforementioned SecurityCategory syntax produces identical
|
|
--hex encodings as the following SecurityCategory syntax that is
|
|
--documented in the X.411 specification:
|
|
--
|
|
--SecurityCategory ::= SEQUENCE {
|
|
-- type [0] SECURITY-CATEGORY,
|
|
-- value [1] ANY DEFINED BY type }
|
|
--
|
|
--SECURITY-CATEGORY MACRO ::=
|
|
--BEGIN
|
|
--TYPE NOTATION ::= type | empty
|
|
--VALUE NOTATION ::= value (VALUE OBJECT IDENTIFIER)
|
|
--END
|
|
|
|
-- this is a commonly used definition of security categories
|
|
|
|
RestrictiveTag ::= SEQUENCE {
|
|
tagName OBJECT IDENTIFIER,
|
|
attributeFlags BIT STRING
|
|
}
|
|
|
|
EnumeratedTag ::= SEQUENCE {
|
|
tagName OBJECT IDENTIFIER,
|
|
attributeList SET OF SecurityAttribute
|
|
}
|
|
|
|
PermissiveTag ::= SEQUENCE {
|
|
tagName OBJECT IDENTIFIER,
|
|
attributeFlags BIT STRING
|
|
}
|
|
|
|
SecurityAttribute ::= INTEGER
|
|
|
|
InformativeTag ::= SEQUENCE {
|
|
tagName OBJECT IDENTIFIER,
|
|
attributes FreeFormField
|
|
}
|
|
|
|
FreeFormField ::= CHOICE {
|
|
bitSetAttributes BIT STRING,
|
|
securityAttributes SET OF SecurityAttribute
|
|
}
|
|
|
|
-- Section 3.4
|
|
|
|
|
|
EquivalentLabels ::= SEQUENCE OF ESSSecurityLabel
|
|
|
|
-- id-aa-equivalentLabels OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 9}
|
|
|
|
|
|
-- Section 4.4
|
|
|
|
MLExpansionHistory ::= SEQUENCE OF MLData
|
|
|
|
-- id-aa-mlExpandHistory OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 3}
|
|
|
|
-- ub-ml-expansion-history INTEGER ::= 64
|
|
|
|
MLData ::= SEQUENCE {
|
|
mailListIdentifier EntityIdentifier,
|
|
expansionTime GeneralizedTime,
|
|
mlReceiptPolicy MLReceiptPolicy OPTIONAL }
|
|
|
|
EntityIdentifier ::= CHOICE {
|
|
issuerAndSerialNumber IssuerAndSerialNumber,
|
|
subjectKeyIdentifier SubjectKeyIdentifier }
|
|
|
|
MLReceiptPolicy ::= CHOICE {
|
|
none [0] NULL,
|
|
insteadOf [1] SEQUENCE OF GeneralNames,
|
|
inAdditionTo [2] SEQUENCE OF GeneralNames }
|
|
|
|
SigningCertificate ::= SEQUENCE {
|
|
certs SEQUENCE OF ESSCertID,
|
|
policies SEQUENCE OF PolicyInformation OPTIONAL
|
|
}
|
|
|
|
-- id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1)
|
|
-- member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
|
|
-- smime(16) id-aa(2) 12 }
|
|
|
|
ESSCertID ::= SEQUENCE {
|
|
certHash Hash,
|
|
issuerSerial IssuerSerial OPTIONAL
|
|
}
|
|
|
|
Hash ::= OCTET STRING -- SHA1 hash of entire certificate
|
|
|
|
IssuerSerial ::= SEQUENCE {
|
|
issuer GeneralNames,
|
|
serialNumber CertificateSerialNumber
|
|
}
|
|
|
|
END -- of ExtendedSecurityServices
|
|
|