-- ExtendedSecurityServices as defined in RFC2634 -- -- The ASN definition has been modified to suit the Wireshark asn2wrs compiler -- -- -- -- The original ASN.1 definition from RFC2634 contains the following -- copyright statement: -- -- Full Copyright Statement -- -- Copyright (C) The Internet Society (1999). All Rights Reserved. -- -- This document and translations of it may be copied and furnished to -- others, and derivative works that comment on or otherwise explain it -- or assist in its implementation may be prepared, copied, published -- and distributed, in whole or in part, without restriction of any -- kind, provided that the above copyright notice and this paragraph are -- included on all such copies and derivative works. However, this -- document itself may not be modified in any way, such as by removing -- the copyright notice or references to the Internet Society or other -- Internet organizations, except as needed for the purpose of -- developing Internet standards in which case the procedures for -- copyrights defined in the Internet Standards process must be -- followed, or as required to translate it into languages other than -- English. -- -- The limited permissions granted above are perpetual and will not be -- revoked by the Internet Society or its successors or assigns. -- -- This document and the information contained herein is provided on an -- "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING -- TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING -- BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION -- HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF -- MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. -- ExtendedSecurityServices { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) ess(2) } DEFINITIONS IMPLICIT TAGS ::= BEGIN IMPORTS -- Cryptographic Message Syntax (CMS) ContentType, IssuerAndSerialNumber FROM CryptographicMessageSyntax { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1)} -- X.509 CertificateSerialNumber FROM AuthenticationFramework SubjectKeyIdentifier, PolicyInformation, GeneralNames FROM CertificateExtensions {joint-iso-ccitt ds(5) module(1) certificateExtensions(26) 0}; -- Extended Security Services -- The construct "SEQUENCE SIZE (1..MAX) OF" appears in several ASN.1 -- constructs in this module. A valid ASN.1 SEQUENCE can have zero or -- more entries. The SIZE (1..MAX) construct constrains the SEQUENCE to -- have at least one entry. MAX indicates the upper bound is unspecified. -- Implementations are free to choose an upper bound that suits their -- environment. -- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING -- The contents are formatted as described in [UTF8] -- Section 2.7 ReceiptRequest ::= SEQUENCE { signedContentIdentifier ContentIdentifier, receiptsFrom ReceiptsFrom, receiptsTo SEQUENCE OF GeneralNames } -- ub-receiptsTo INTEGER ::= 16 -- -- -- id-aa-receiptRequest OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 1} ContentIdentifier ::= OCTET STRING -- id-aa-contentIdentifier OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 7} ReceiptsFrom ::= CHOICE { allOrFirstTier [0] AllOrFirstTier, -- formerly "allOrNone [0]AllOrNone" receiptList [1] SEQUENCE OF GeneralNames } AllOrFirstTier ::= INTEGER { -- Formerly AllOrNone allReceipts (0), firstTierRecipients (1) } -- Section 2.8 Receipt ::= SEQUENCE { version ESSVersion, contentType ContentType, signedContentIdentifier ContentIdentifier, originatorSignatureValue OCTET STRING } -- id-ct-receipt OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) -- rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-ct(1) 1} ESSVersion ::= INTEGER { v1(1) } -- Section 2.9 ContentHints ::= SEQUENCE { contentDescription UTF8String OPTIONAL, contentType ContentType } -- id-aa-contentHint OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) -- rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 4} -- Section 2.10 MsgSigDigest ::= OCTET STRING -- id-aa-msgSigDigest OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 5} -- Section 2.11 ContentReference ::= SEQUENCE { contentType ContentType, signedContentIdentifier ContentIdentifier, originatorSignatureValue OCTET STRING } -- id-aa-contentReference OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 10 } -- Section 3.2 ESSSecurityLabel ::= SET { security-policy-identifier SecurityPolicyIdentifier, security-classification SecurityClassification OPTIONAL, privacy-mark ESSPrivacyMark OPTIONAL, security-categories SecurityCategories OPTIONAL } -- id-aa-securityLabel OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 2} SecurityPolicyIdentifier ::= OBJECT IDENTIFIER SecurityClassification ::= INTEGER { unmarked (0), unclassified (1), restricted (2), confidential (3), secret (4), top-secret (5) } -- ub-integer-options INTEGER ::= 256 ESSPrivacyMark ::= CHOICE { pString PrintableString, utf8String UTF8String } -- ub-privacy-mark-length INTEGER ::= 128 SecurityCategories ::= SET OF SecurityCategory -- ub-security-categories INTEGER ::= 64 SecurityCategory ::= SEQUENCE { type [0] OBJECT IDENTIFIER, value [1] EXPLICIT ANY } --Note: The aforementioned SecurityCategory syntax produces identical --hex encodings as the following SecurityCategory syntax that is --documented in the X.411 specification: -- --SecurityCategory ::= SEQUENCE { -- type [0] SECURITY-CATEGORY, -- value [1] ANY DEFINED BY type } -- --SECURITY-CATEGORY MACRO ::= --BEGIN --TYPE NOTATION ::= type | empty --VALUE NOTATION ::= value (VALUE OBJECT IDENTIFIER) --END -- this is a commonly used definition of security categories RestrictiveTag ::= SEQUENCE { tagName OBJECT IDENTIFIER, attributeFlags BIT STRING } EnumeratedTag ::= SEQUENCE { tagName OBJECT IDENTIFIER, attributeList SET OF SecurityAttribute } PermissiveTag ::= SEQUENCE { tagName OBJECT IDENTIFIER, attributeFlags BIT STRING } SecurityAttribute ::= INTEGER InformativeTag ::= SEQUENCE { tagName OBJECT IDENTIFIER, attributes FreeFormField } FreeFormField ::= CHOICE { bitSetAttributes BIT STRING, securityAttributes SET OF SecurityAttribute } -- Section 3.4 EquivalentLabels ::= SEQUENCE OF ESSSecurityLabel -- id-aa-equivalentLabels OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 9} -- Section 4.4 MLExpansionHistory ::= SEQUENCE OF MLData -- id-aa-mlExpandHistory OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 3} -- ub-ml-expansion-history INTEGER ::= 64 MLData ::= SEQUENCE { mailListIdentifier EntityIdentifier, expansionTime GeneralizedTime, mlReceiptPolicy MLReceiptPolicy OPTIONAL } EntityIdentifier ::= CHOICE { issuerAndSerialNumber IssuerAndSerialNumber, subjectKeyIdentifier SubjectKeyIdentifier } MLReceiptPolicy ::= CHOICE { none [0] NULL, insteadOf [1] SEQUENCE OF GeneralNames, inAdditionTo [2] SEQUENCE OF GeneralNames } SigningCertificate ::= SEQUENCE { certs SEQUENCE OF ESSCertID, policies SEQUENCE OF PolicyInformation OPTIONAL } -- id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1) -- member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) -- smime(16) id-aa(2) 12 } ESSCertID ::= SEQUENCE { certHash Hash, issuerSerial IssuerSerial OPTIONAL } Hash ::= OCTET STRING -- SHA1 hash of entire certificate IssuerSerial ::= SEQUENCE { issuer GeneralNames, serialNumber CertificateSerialNumber } END -- of ExtendedSecurityServices