wireshark/asn1/ess/ExtendedSecurityServices.asn

-- ExtendedSecurityServices as defined in RFC2634
-- 
-- The ASN definition has been modified to suit the Ethereal ASN2ETH compiler
-- 
-- 
-- 
-- The original ASN.1 definition from RFC2634 contains the following 
-- copyright statement:
-- 
-- Full Copyright Statement
-- 
--    Copyright (C) The Internet Society (1999).  All Rights Reserved.
-- 
--    This document and translations of it may be copied and furnished to
--    others, and derivative works that comment on or otherwise explain it
--    or assist in its implementation may be prepared, copied, published
--    and distributed, in whole or in part, without restriction of any
--    kind, provided that the above copyright notice and this paragraph are
--    included on all such copies and derivative works.  However, this
--    document itself may not be modified in any way, such as by removing
--    the copyright notice or references to the Internet Society or other
--    Internet organizations, except as needed for the purpose of
--    developing Internet standards in which case the procedures for
--    copyrights defined in the Internet Standards process must be
--    followed, or as required to translate it into languages other than
--    English.
-- 
--    The limited permissions granted above are perpetual and will not be
--    revoked by the Internet Society or its successors or assigns.
-- 
--    This document and the information contained herein is provided on an
--    "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
--    TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
--    BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
--    HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
--    MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-- 

ExtendedSecurityServices
     { iso(1) member-body(2) us(840) rsadsi(113549)
       pkcs(1) pkcs-9(9) smime(16) modules(0) ess(2) }

DEFINITIONS IMPLICIT TAGS ::=
BEGIN

IMPORTS

-- Cryptographic Message Syntax (CMS)
    ContentType, IssuerAndSerialNumber
    FROM CryptographicMessageSyntax { iso(1) member-body(2) us(840)
    rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1)}

-- X.509
    CertificateSerialNumber FROM AuthenticationFramework

    SubjectKeyIdentifier, PolicyInformation, GeneralNames 
    FROM CertificateExtensions
    {joint-iso-ccitt ds(5) module(1) certificateExtensions(26) 0};


-- Extended Security Services

-- The construct "SEQUENCE SIZE (1..MAX) OF" appears in several ASN.1
-- constructs in this module. A valid ASN.1 SEQUENCE can have zero or
-- more entries. The SIZE (1..MAX) construct constrains the SEQUENCE to
-- have at least one entry. MAX indicates the upper bound is unspecified.
-- Implementations are free to choose an upper bound that suits their
-- environment.

-- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING
    -- The contents are formatted as described in [UTF8]

-- Section 2.7

ReceiptRequest ::= SEQUENCE {
  signedContentIdentifier ContentIdentifier,
  receiptsFrom ReceiptsFrom,
  receiptsTo SEQUENCE OF GeneralNames }

-- ub-receiptsTo INTEGER ::= 16
-- 
-- 
-- id-aa-receiptRequest OBJECT IDENTIFIER ::= { iso(1) member-body(2)
--     us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 1}

ContentIdentifier ::= OCTET STRING

-- id-aa-contentIdentifier OBJECT IDENTIFIER ::= { iso(1) member-body(2)
--     us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 7}

ReceiptsFrom ::= CHOICE {
  allOrFirstTier [0] AllOrFirstTier,
  -- formerly "allOrNone [0]AllOrNone"
  receiptList [1] SEQUENCE OF GeneralNames }

AllOrFirstTier ::= INTEGER { -- Formerly AllOrNone
  allReceipts (0),
  firstTierRecipients (1) }


-- Section 2.8

Receipt ::= SEQUENCE {
  version ESSVersion,
  contentType ContentType,
  signedContentIdentifier ContentIdentifier,
  originatorSignatureValue OCTET STRING }

-- id-ct-receipt OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
--    rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-ct(1) 1}

ESSVersion ::= INTEGER  { v1(1) }

-- Section 2.9

ContentHints ::= SEQUENCE {
  contentDescription UTF8String OPTIONAL,
  contentType ContentType }

-- id-aa-contentHint OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
--     rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 4}

-- Section 2.10

MsgSigDigest ::= OCTET STRING

-- id-aa-msgSigDigest OBJECT IDENTIFIER ::= { iso(1) member-body(2)
--     us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 5}

-- Section 2.11

ContentReference ::= SEQUENCE {
  contentType ContentType,
  signedContentIdentifier ContentIdentifier,
  originatorSignatureValue OCTET STRING }

-- id-aa-contentReference   OBJECT IDENTIFIER ::= { iso(1) member-body(2)
--     us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 10 }


-- Section 3.2
-- ASN2ETH cant handle sets yet
--ESSSecurityLabel ::= SET {
--  security-policy-identifier SecurityPolicyIdentifier,
--  security-classification SecurityClassification OPTIONAL,
--  privacy-mark ESSPrivacyMark OPTIONAL,
--  security-categories SecurityCategories OPTIONAL }
--
-- id-aa-securityLabel OBJECT IDENTIFIER ::= { iso(1) member-body(2)
--     us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 2}

SecurityPolicyIdentifier ::= OBJECT IDENTIFIER

SecurityClassification ::= INTEGER {
  unmarked (0),
  unclassified (1),
  restricted (2),
  confidential (3),
  secret (4),
  top-secret (5) }

-- ub-integer-options INTEGER ::= 256

ESSPrivacyMark ::= CHOICE {
    pString      PrintableString,
    utf8String   UTF8String
}

-- ub-privacy-mark-length INTEGER ::= 128

SecurityCategories ::= SET OF SecurityCategory

-- ub-security-categories INTEGER ::= 64

SecurityCategory ::= SEQUENCE {
  type  [0] OBJECT IDENTIFIER,
  value [1] ANY 
}

--Note: The aforementioned SecurityCategory syntax produces identical
--hex encodings as the following SecurityCategory syntax that is
--documented in the X.411 specification:
--
--SecurityCategory ::= SEQUENCE {
--     type  [0]  SECURITY-CATEGORY,
--     value [1]  ANY DEFINED BY type }
--
--SECURITY-CATEGORY MACRO ::=
--BEGIN
--TYPE NOTATION ::= type | empty
--VALUE NOTATION ::= value (VALUE OBJECT IDENTIFIER)
--END

-- Section 3.4

-- ASN2ETH cant generate code for ESSSecurityLabel yet
--EquivalentLabels ::= SEQUENCE OF ESSSecurityLabel

-- id-aa-equivalentLabels OBJECT IDENTIFIER ::= { iso(1) member-body(2)
--     us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 9}


-- Section 4.4

MLExpansionHistory ::= SEQUENCE OF MLData

-- id-aa-mlExpandHistory OBJECT IDENTIFIER ::= { iso(1) member-body(2)
--     us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 3}

-- ub-ml-expansion-history INTEGER ::= 64

MLData ::= SEQUENCE {
  mailListIdentifier EntityIdentifier,
  expansionTime GeneralizedTime,
  mlReceiptPolicy MLReceiptPolicy OPTIONAL }

EntityIdentifier ::= CHOICE {
  issuerAndSerialNumber IssuerAndSerialNumber,
  subjectKeyIdentifier SubjectKeyIdentifier }

MLReceiptPolicy ::= CHOICE {
  none [0] NULL,
  insteadOf [1] SEQUENCE OF GeneralNames,
  inAdditionTo [2] SEQUENCE OF GeneralNames }

SigningCertificate ::=  SEQUENCE {
    certs        SEQUENCE OF ESSCertID,
    policies     SEQUENCE OF PolicyInformation OPTIONAL
}

-- id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1)
--     member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
--     smime(16) id-aa(2) 12 }

ESSCertID ::=  SEQUENCE {
     certHash                 Hash,
     issuerSerial             IssuerSerial OPTIONAL
}

Hash ::= OCTET STRING -- SHA1 hash of entire certificate

IssuerSerial ::= SEQUENCE {
     issuer                   GeneralNames,
     serialNumber             CertificateSerialNumber
}

END -- of ExtendedSecurityServices