New protocol: RFC2634 ExtendedSecurityServices

updates to cms to accomodate the new protocol

add author to some files


svn path=/trunk/; revision=12573

1 files changed, 248 insertions, 0 deletions

diff --git a/asn1/ess/ExtendedSecurityServices.asn b/asn1/ess/ExtendedSecurityServices.asn
new file mode 100644
index 0000000000..7ba3b89271
--- /dev/null
+++ b/asn1/ess/ExtendedSecurityServices.asn
@@ -0,0 +1,248 @@
+-- ExtendedSecurityServices as defined in RFC2634
+-- 
+-- The ASN definition has been modified to suit the Ethereal ASN2ETH compiler
+-- 
+-- 
+-- 
+-- The original ASN.1 definition from RFC2634 contains the following 
+-- copyright statement:
+-- 
+-- Full Copyright Statement
+-- 
+--    Copyright (C) The Internet Society (1999).  All Rights Reserved.
+-- 
+--    This document and translations of it may be copied and furnished to
+--    others, and derivative works that comment on or otherwise explain it
+--    or assist in its implementation may be prepared, copied, published
+--    and distributed, in whole or in part, without restriction of any
+--    kind, provided that the above copyright notice and this paragraph are
+--    included on all such copies and derivative works.  However, this
+--    document itself may not be modified in any way, such as by removing
+--    the copyright notice or references to the Internet Society or other
+--    Internet organizations, except as needed for the purpose of
+--    developing Internet standards in which case the procedures for
+--    copyrights defined in the Internet Standards process must be
+--    followed, or as required to translate it into languages other than
+--    English.
+-- 
+--    The limited permissions granted above are perpetual and will not be
+--    revoked by the Internet Society or its successors or assigns.
+-- 
+--    This document and the information contained herein is provided on an
+--    "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+--    TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+--    BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+--    HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+--    MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+-- 
+
+ExtendedSecurityServices
+     { iso(1) member-body(2) us(840) rsadsi(113549)
+       pkcs(1) pkcs-9(9) smime(16) modules(0) ess(2) }
+
+DEFINITIONS IMPLICIT TAGS ::=
+BEGIN
+
+IMPORTS
+
+-- Cryptographic Message Syntax (CMS)
+    ContentType, IssuerAndSerialNumber
+    FROM CryptographicMessageSyntax { iso(1) member-body(2) us(840)
+    rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1)}
+
+-- X.509
+    CertificateSerialNumber FROM AuthenticationFramework
+
+    SubjectKeyIdentifier, PolicyInformation, GeneralNames 
+    FROM CertificateExtensions
+    {joint-iso-ccitt ds(5) module(1) certificateExtensions(26) 0};
+
+
+-- Extended Security Services
+
+-- The construct "SEQUENCE SIZE (1..MAX) OF" appears in several ASN.1
+-- constructs in this module. A valid ASN.1 SEQUENCE can have zero or
+-- more entries. The SIZE (1..MAX) construct constrains the SEQUENCE to
+-- have at least one entry. MAX indicates the upper bound is unspecified.
+-- Implementations are free to choose an upper bound that suits their
+-- environment.
+
+-- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING
+    -- The contents are formatted as described in [UTF8]
+
+-- Section 2.7
+
+ReceiptRequest ::= SEQUENCE {
+  signedContentIdentifier ContentIdentifier,
+  receiptsFrom ReceiptsFrom,
+  receiptsTo SEQUENCE OF GeneralNames }
+
+-- ub-receiptsTo INTEGER ::= 16
+-- 
+-- 
+-- id-aa-receiptRequest OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+--     us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 1}
+
+ContentIdentifier ::= OCTET STRING
+
+-- id-aa-contentIdentifier OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+--     us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 7}
+
+ReceiptsFrom ::= CHOICE {
+  allOrFirstTier [0] AllOrFirstTier,
+  -- formerly "allOrNone [0]AllOrNone"
+  receiptList [1] SEQUENCE OF GeneralNames }
+
+AllOrFirstTier ::= INTEGER { -- Formerly AllOrNone
+  allReceipts (0),
+  firstTierRecipients (1) }
+
+
+-- Section 2.8
+
+Receipt ::= SEQUENCE {
+  version ESSVersion,
+  contentType ContentType,
+  signedContentIdentifier ContentIdentifier,
+  originatorSignatureValue OCTET STRING }
+
+-- id-ct-receipt OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
+--    rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-ct(1) 1}
+
+ESSVersion ::= INTEGER  { v1(1) }
+
+-- Section 2.9
+
+ContentHints ::= SEQUENCE {
+  contentDescription UTF8String OPTIONAL,
+  contentType ContentType }
+
+-- id-aa-contentHint OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
+--     rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 4}
+
+-- Section 2.10
+
+MsgSigDigest ::= OCTET STRING
+
+-- id-aa-msgSigDigest OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+--     us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 5}
+
+-- Section 2.11
+
+ContentReference ::= SEQUENCE {
+  contentType ContentType,
+  signedContentIdentifier ContentIdentifier,
+  originatorSignatureValue OCTET STRING }
+
+-- id-aa-contentReference   OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+--     us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 10 }
+
+
+-- Section 3.2
+-- ASN2ETH cant handle sets yet
+--ESSSecurityLabel ::= SET {
+--  security-policy-identifier SecurityPolicyIdentifier,
+--  security-classification SecurityClassification OPTIONAL,
+--  privacy-mark ESSPrivacyMark OPTIONAL,
+--  security-categories SecurityCategories OPTIONAL }
+--
+-- id-aa-securityLabel OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+--     us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 2}
+
+SecurityPolicyIdentifier ::= OBJECT IDENTIFIER
+
+SecurityClassification ::= INTEGER {
+  unmarked (0),
+  unclassified (1),
+  restricted (2),
+  confidential (3),
+  secret (4),
+  top-secret (5) }
+
+-- ub-integer-options INTEGER ::= 256
+
+ESSPrivacyMark ::= CHOICE {
+    pString      PrintableString,
+    utf8String   UTF8String
+}
+
+-- ub-privacy-mark-length INTEGER ::= 128
+
+SecurityCategories ::= SET OF SecurityCategory
+
+-- ub-security-categories INTEGER ::= 64
+
+SecurityCategory ::= SEQUENCE {
+  type  [0] OBJECT IDENTIFIER,
+  value [1] ANY 
+}
+
+--Note: The aforementioned SecurityCategory syntax produces identical
+--hex encodings as the following SecurityCategory syntax that is
+--documented in the X.411 specification:
+--
+--SecurityCategory ::= SEQUENCE {
+--     type  [0]  SECURITY-CATEGORY,
+--     value [1]  ANY DEFINED BY type }
+--
+--SECURITY-CATEGORY MACRO ::=
+--BEGIN
+--TYPE NOTATION ::= type | empty
+--VALUE NOTATION ::= value (VALUE OBJECT IDENTIFIER)
+--END
+
+-- Section 3.4
+
+-- ASN2ETH cant generate code for ESSSecurityLabel yet
+--EquivalentLabels ::= SEQUENCE OF ESSSecurityLabel
+
+-- id-aa-equivalentLabels OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+--     us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 9}
+
+
+-- Section 4.4
+
+MLExpansionHistory ::= SEQUENCE OF MLData
+
+-- id-aa-mlExpandHistory OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+--     us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 3}
+
+-- ub-ml-expansion-history INTEGER ::= 64
+
+MLData ::= SEQUENCE {
+  mailListIdentifier EntityIdentifier,
+  expansionTime GeneralizedTime,
+  mlReceiptPolicy MLReceiptPolicy OPTIONAL }
+
+EntityIdentifier ::= CHOICE {
+  issuerAndSerialNumber IssuerAndSerialNumber,
+  subjectKeyIdentifier SubjectKeyIdentifier }
+
+MLReceiptPolicy ::= CHOICE {
+  none [0] NULL,
+  insteadOf [1] SEQUENCE OF GeneralNames,
+  inAdditionTo [2] SEQUENCE OF GeneralNames }
+
+SigningCertificate ::=  SEQUENCE {
+    certs        SEQUENCE OF ESSCertID,
+    policies     SEQUENCE OF PolicyInformation OPTIONAL
+}
+
+-- id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1)
+--     member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
+--     smime(16) id-aa(2) 12 }
+
+ESSCertID ::=  SEQUENCE {
+     certHash                 Hash,
+     issuerSerial             IssuerSerial OPTIONAL
+}
+
+Hash ::= OCTET STRING -- SHA1 hash of entire certificate
+
+IssuerSerial ::= SEQUENCE {
+     issuer                   GeneralNames,
+     serialNumber             CertificateSerialNumber
+}
+
+END -- of ExtendedSecurityServices
+