-- ExtendedSecurityServices as defined in RFC5035 -- -- The ASN definition has been modified to suit the Wireshark asn2wrs compiler -- -- -- -- The original ASN.1 definition from RFC5035 contains the following -- copyright statement: -- -- Full Copyright Statement -- -- Copyright (C) The IETF Trust (2007). -- -- This document is subject to the rights, licenses and restrictions -- contained in BCP 78, and except as set forth therein, the authors -- retain all their rights. -- -- This document and the information contained herein are provided on an -- "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS -- OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND -- THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS -- OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF -- THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED -- WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. -- ExtendedSecurityServices { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-ess-2006(30) } DEFINITIONS IMPLICIT TAGS ::= BEGIN IMPORTS -- Cryptographic Message Syntax (CMS) ContentType, IssuerAndSerialNumber FROM CryptographicMessageSyntax {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) cms-2004(24)} -- X.509 AlgorithmIdentifier, CertificateSerialNumber FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1) authenticationFramework(7) 3} SubjectKeyIdentifier, PolicyInformation, GeneralNames FROM CertificateExtensions {joint-iso-ccitt ds(5) module(1) certificateExtensions(26) 0}; -- Extended Security Services -- The construct "SEQUENCE SIZE (1..MAX) OF" appears in several ASN.1 -- constructs in this module. A valid ASN.1 SEQUENCE can have zero or -- more entries. The SIZE (1..MAX) construct constrains the SEQUENCE to -- have at least one entry. MAX indicates the upper bound is unspecified. -- Implementations are free to choose an upper bound that suits their -- environment. -- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING -- The contents are formatted as described in [UTF8] -- Section 2.7 ReceiptRequest ::= SEQUENCE { signedContentIdentifier ContentIdentifier, receiptsFrom ReceiptsFrom, receiptsTo SEQUENCE SIZE (1..ub-receiptsTo) OF GeneralNames } ub-receiptsTo INTEGER ::= 16 id-aa-receiptRequest OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 1} ContentIdentifier ::= OCTET STRING id-aa-contentIdentifier OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 7} ReceiptsFrom ::= CHOICE { allOrFirstTier [0] AllOrFirstTier, -- formerly "allOrNone [0]AllOrNone" receiptList [1] SEQUENCE OF GeneralNames } AllOrFirstTier ::= INTEGER { -- Formerly AllOrNone allReceipts (0), firstTierRecipients (1) } -- Section 2.8 Receipt ::= SEQUENCE { version ESSVersion, contentType ContentType, signedContentIdentifier ContentIdentifier, originatorSignatureValue OCTET STRING } id-ct-receipt OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-ct(1) 1} ESSVersion ::= INTEGER { v1(1) } -- Section 2.9 ContentHints ::= SEQUENCE { contentDescription UTF8String (SIZE (1..MAX)) OPTIONAL, contentType ContentType } id-aa-contentHint OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 4} -- Section 2.10 MsgSigDigest ::= OCTET STRING id-aa-msgSigDigest OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 5} -- Section 2.11 ContentReference ::= SEQUENCE { contentType ContentType, signedContentIdentifier ContentIdentifier, originatorSignatureValue OCTET STRING } id-aa-contentReference OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 10 } -- Section 3.2 ESSSecurityLabel ::= SET { security-policy-identifier SecurityPolicyIdentifier, security-classification SecurityClassification OPTIONAL, privacy-mark ESSPrivacyMark OPTIONAL, security-categories SecurityCategories OPTIONAL } id-aa-securityLabel OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 2} SecurityPolicyIdentifier ::= OBJECT IDENTIFIER SecurityClassification ::= INTEGER { unmarked (0), unclassified (1), restricted (2), confidential (3), secret (4), top-secret (5) }(0..ub-integer-options) ub-integer-options INTEGER ::= 256 ESSPrivacyMark ::= CHOICE { pString PrintableString (SIZE (1..ub-privacy-mark-length)), utf8String UTF8String (SIZE (1..MAX)) } ub-privacy-mark-length INTEGER ::= 128 SecurityCategories ::= SET SIZE (1..ub-security-categories) OF SecurityCategory ub-security-categories INTEGER ::= 64 SecurityCategory ::= SEQUENCE { type [0] OBJECT IDENTIFIER, value [1] ANY DEFINED BY type } --Note: The aforementioned SecurityCategory syntax produces identical --hex encodings as the following SecurityCategory syntax that is --documented in the X.411 specification: -- --SecurityCategory ::= SEQUENCE { -- type [0] SECURITY-CATEGORY, -- value [1] ANY DEFINED BY type } -- --SECURITY-CATEGORY MACRO ::= --BEGIN --TYPE NOTATION ::= type | empty --VALUE NOTATION ::= value (VALUE OBJECT IDENTIFIER) --END -- this is a commonly used definition of security categories RestrictiveTag ::= SEQUENCE { tagName OBJECT IDENTIFIER, attributeFlags BIT STRING } EnumeratedTag ::= SEQUENCE { tagName OBJECT IDENTIFIER, attributeList SET OF SecurityAttribute } PermissiveTag ::= SEQUENCE { tagName OBJECT IDENTIFIER, attributeFlags BIT STRING } SecurityAttribute ::= INTEGER InformativeTag ::= SEQUENCE { tagName OBJECT IDENTIFIER, attributes FreeFormField } FreeFormField ::= CHOICE { bitSetAttributes BIT STRING, securityAttributes SET OF SecurityAttribute } -- Section 3.4 EquivalentLabels ::= SEQUENCE OF ESSSecurityLabel id-aa-equivalentLabels OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 9} -- Section 4.4 MLExpansionHistory ::= SEQUENCE SIZE (1..ub-ml-expansion-history) OF MLData id-aa-mlExpandHistory OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 3} ub-ml-expansion-history INTEGER ::= 64 MLData ::= SEQUENCE { mailListIdentifier EntityIdentifier, expansionTime GeneralizedTime, mlReceiptPolicy MLReceiptPolicy OPTIONAL } EntityIdentifier ::= CHOICE { issuerAndSerialNumber IssuerAndSerialNumber, subjectKeyIdentifier SubjectKeyIdentifier } MLReceiptPolicy ::= CHOICE { none [0] NULL, insteadOf [1] SEQUENCE SIZE (1..MAX) OF GeneralNames, inAdditionTo [2] SEQUENCE SIZE (1..MAX) OF GeneralNames } -- Section 5.4 SigningCertificate ::= SEQUENCE { certs SEQUENCE OF ESSCertID, policies SEQUENCE OF PolicyInformation OPTIONAL } id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) id-aa(2) 12 } SigningCertificateV2 ::= SEQUENCE { certs SEQUENCE OF ESSCertIDv2, policies SEQUENCE OF PolicyInformation OPTIONAL } id-aa-signingCertificateV2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) id-aa(2) 47 } id-sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } ESSCertIDv2 ::= SEQUENCE { hashAlgorithm AlgorithmIdentifier DEFAULT {algorithm id-sha256}, certHash Hash, issuerSerial IssuerSerial OPTIONAL } ESSCertID ::= SEQUENCE { certHash Hash, issuerSerial IssuerSerial OPTIONAL } Hash ::= OCTET STRING -- SHA1 hash of entire certificate IssuerSerial ::= SEQUENCE { issuer GeneralNames, serialNumber CertificateSerialNumber } END -- of ExtendedSecurityServices