diff options
author | Stig Bjørlykke <stig@bjorlykke.org> | 2010-01-12 14:31:08 +0000 |
---|---|---|
committer | Stig Bjørlykke <stig@bjorlykke.org> | 2010-01-12 14:31:08 +0000 |
commit | 3d32eed0b547513eb52f947c9608c77c3451f3f2 (patch) | |
tree | 156dea5ab8b46be8f80cf03cdf5c8da8a72bbe18 /asn1 | |
parent | d215938257616b1e209c5eb3a19828574de4ce30 (diff) |
Update to RFC5035.
svn path=/trunk/; revision=31502
Diffstat (limited to 'asn1')
-rw-r--r-- | asn1/ess/ExtendedSecurityServices.asn | 194 | ||||
-rw-r--r-- | asn1/ess/Makefile.common | 2 | ||||
-rw-r--r-- | asn1/ess/ess.cnf | 2 | ||||
-rw-r--r-- | asn1/ess/packet-ess-template.c | 5 | ||||
-rw-r--r-- | asn1/ess/packet-ess-template.h | 3 |
5 files changed, 116 insertions, 90 deletions
diff --git a/asn1/ess/ExtendedSecurityServices.asn b/asn1/ess/ExtendedSecurityServices.asn index 9c686c16f6..a484535197 100644 --- a/asn1/ess/ExtendedSecurityServices.asn +++ b/asn1/ess/ExtendedSecurityServices.asn @@ -1,44 +1,32 @@ --- ExtendedSecurityServices as defined in RFC2634 +-- ExtendedSecurityServices as defined in RFC5035 -- -- The ASN definition has been modified to suit the Wireshark asn2wrs compiler -- -- -- --- The original ASN.1 definition from RFC2634 contains the following +-- The original ASN.1 definition from RFC5035 contains the following -- copyright statement: -- -- Full Copyright Statement -- --- Copyright (C) The Internet Society (1999). All Rights Reserved. --- --- This document and translations of it may be copied and furnished to --- others, and derivative works that comment on or otherwise explain it --- or assist in its implementation may be prepared, copied, published --- and distributed, in whole or in part, without restriction of any --- kind, provided that the above copyright notice and this paragraph are --- included on all such copies and derivative works. However, this --- document itself may not be modified in any way, such as by removing --- the copyright notice or references to the Internet Society or other --- Internet organizations, except as needed for the purpose of --- developing Internet standards in which case the procedures for --- copyrights defined in the Internet Standards process must be --- followed, or as required to translate it into languages other than --- English. --- --- The limited permissions granted above are perpetual and will not be --- revoked by the Internet Society or its successors or assigns. --- --- This document and the information contained herein is provided on an --- "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING --- TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING --- BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION --- HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF --- MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. +-- Copyright (C) The IETF Trust (2007). +-- +-- This document is subject to the rights, licenses and restrictions +-- contained in BCP 78, and except as set forth therein, the authors +-- retain all their rights. +-- +-- This document and the information contained herein are provided on an +-- "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS +-- OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND +-- THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS +-- OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF +-- THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED +-- WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. -- ExtendedSecurityServices { iso(1) member-body(2) us(840) rsadsi(113549) - pkcs(1) pkcs-9(9) smime(16) modules(0) ess(2) } + pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-ess-2006(30) } DEFINITIONS IMPLICIT TAGS ::= BEGIN @@ -47,15 +35,18 @@ IMPORTS -- Cryptographic Message Syntax (CMS) ContentType, IssuerAndSerialNumber - FROM CryptographicMessageSyntax { iso(1) member-body(2) us(840) - rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1)} + FROM CryptographicMessageSyntax {iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) + modules(0) cms-2004(24)} -- X.509 - CertificateSerialNumber FROM AuthenticationFramework + AlgorithmIdentifier, CertificateSerialNumber + FROM AuthenticationFramework + {joint-iso-itu-t ds(5) module(1) authenticationFramework(7) 3} - SubjectKeyIdentifier, PolicyInformation, GeneralNames - FROM CertificateExtensions - {joint-iso-ccitt ds(5) module(1) certificateExtensions(26) 0}; + SubjectKeyIdentifier, PolicyInformation, GeneralNames + FROM CertificateExtensions + {joint-iso-ccitt ds(5) module(1) certificateExtensions(26) 0}; -- Extended Security Services @@ -68,35 +59,36 @@ IMPORTS -- environment. -- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING - -- The contents are formatted as described in [UTF8] + +-- The contents are formatted as described in [UTF8] -- Section 2.7 ReceiptRequest ::= SEQUENCE { signedContentIdentifier ContentIdentifier, receiptsFrom ReceiptsFrom, - receiptsTo SEQUENCE OF GeneralNames } + receiptsTo SEQUENCE SIZE (1..ub-receiptsTo) OF GeneralNames +} --- ub-receiptsTo INTEGER ::= 16 --- --- --- id-aa-receiptRequest OBJECT IDENTIFIER ::= { iso(1) member-body(2) --- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 1} +ub-receiptsTo INTEGER ::= 16 + +id-aa-receiptRequest OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 1} ContentIdentifier ::= OCTET STRING --- id-aa-contentIdentifier OBJECT IDENTIFIER ::= { iso(1) member-body(2) --- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 7} +id-aa-contentIdentifier OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 7} ReceiptsFrom ::= CHOICE { - allOrFirstTier [0] AllOrFirstTier, - -- formerly "allOrNone [0]AllOrNone" - receiptList [1] SEQUENCE OF GeneralNames } + allOrFirstTier [0] AllOrFirstTier, -- formerly "allOrNone [0]AllOrNone" + receiptList [1] SEQUENCE OF GeneralNames +} AllOrFirstTier ::= INTEGER { -- Formerly AllOrNone allReceipts (0), - firstTierRecipients (1) } - + firstTierRecipients (1) +} -- Section 2.8 @@ -104,39 +96,41 @@ Receipt ::= SEQUENCE { version ESSVersion, contentType ContentType, signedContentIdentifier ContentIdentifier, - originatorSignatureValue OCTET STRING } + originatorSignatureValue OCTET STRING +} --- id-ct-receipt OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) --- rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-ct(1) 1} +id-ct-receipt OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) + rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-ct(1) 1} ESSVersion ::= INTEGER { v1(1) } -- Section 2.9 ContentHints ::= SEQUENCE { - contentDescription UTF8String OPTIONAL, - contentType ContentType } + contentDescription UTF8String (SIZE (1..MAX)) OPTIONAL, + contentType ContentType +} --- id-aa-contentHint OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) --- rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 4} +id-aa-contentHint OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) + rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 4} -- Section 2.10 MsgSigDigest ::= OCTET STRING --- id-aa-msgSigDigest OBJECT IDENTIFIER ::= { iso(1) member-body(2) --- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 5} +id-aa-msgSigDigest OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 5} -- Section 2.11 ContentReference ::= SEQUENCE { contentType ContentType, signedContentIdentifier ContentIdentifier, - originatorSignatureValue OCTET STRING } - --- id-aa-contentReference OBJECT IDENTIFIER ::= { iso(1) member-body(2) --- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 10 } + originatorSignatureValue OCTET STRING +} +id-aa-contentReference OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 10 } -- Section 3.2 @@ -144,10 +138,11 @@ ESSSecurityLabel ::= SET { security-policy-identifier SecurityPolicyIdentifier, security-classification SecurityClassification OPTIONAL, privacy-mark ESSPrivacyMark OPTIONAL, - security-categories SecurityCategories OPTIONAL } + security-categories SecurityCategories OPTIONAL +} --- id-aa-securityLabel OBJECT IDENTIFIER ::= { iso(1) member-body(2) --- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 2} + id-aa-securityLabel OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 2} SecurityPolicyIdentifier ::= OBJECT IDENTIFIER @@ -157,24 +152,25 @@ SecurityClassification ::= INTEGER { restricted (2), confidential (3), secret (4), - top-secret (5) } + top-secret (5) +}(0..ub-integer-options) --- ub-integer-options INTEGER ::= 256 +ub-integer-options INTEGER ::= 256 ESSPrivacyMark ::= CHOICE { - pString PrintableString, - utf8String UTF8String + pString PrintableString (SIZE (1..ub-privacy-mark-length)), + utf8String UTF8String (SIZE (1..MAX)) } --- ub-privacy-mark-length INTEGER ::= 128 +ub-privacy-mark-length INTEGER ::= 128 -SecurityCategories ::= SET OF SecurityCategory +SecurityCategories ::= SET SIZE (1..ub-security-categories) OF SecurityCategory --- ub-security-categories INTEGER ::= 64 +ub-security-categories INTEGER ::= 64 SecurityCategory ::= SEQUENCE { type [0] OBJECT IDENTIFIER, - value [1] EXPLICIT ANY + value [1] ANY DEFINED BY type } --Note: The aforementioned SecurityCategory syntax produces identical @@ -222,44 +218,68 @@ FreeFormField ::= CHOICE { -- Section 3.4 - EquivalentLabels ::= SEQUENCE OF ESSSecurityLabel --- id-aa-equivalentLabels OBJECT IDENTIFIER ::= { iso(1) member-body(2) --- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 9} - +id-aa-equivalentLabels OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 9} -- Section 4.4 -MLExpansionHistory ::= SEQUENCE OF MLData +MLExpansionHistory ::= SEQUENCE + SIZE (1..ub-ml-expansion-history) OF MLData --- id-aa-mlExpandHistory OBJECT IDENTIFIER ::= { iso(1) member-body(2) --- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 3} +id-aa-mlExpandHistory OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 3} --- ub-ml-expansion-history INTEGER ::= 64 +ub-ml-expansion-history INTEGER ::= 64 MLData ::= SEQUENCE { mailListIdentifier EntityIdentifier, expansionTime GeneralizedTime, - mlReceiptPolicy MLReceiptPolicy OPTIONAL } + mlReceiptPolicy MLReceiptPolicy OPTIONAL +} EntityIdentifier ::= CHOICE { issuerAndSerialNumber IssuerAndSerialNumber, - subjectKeyIdentifier SubjectKeyIdentifier } + subjectKeyIdentifier SubjectKeyIdentifier +} MLReceiptPolicy ::= CHOICE { none [0] NULL, - insteadOf [1] SEQUENCE OF GeneralNames, - inAdditionTo [2] SEQUENCE OF GeneralNames } + insteadOf [1] SEQUENCE SIZE (1..MAX) OF GeneralNames, + inAdditionTo [2] SEQUENCE SIZE (1..MAX) OF GeneralNames +} + +-- Section 5.4 SigningCertificate ::= SEQUENCE { certs SEQUENCE OF ESSCertID, policies SEQUENCE OF PolicyInformation OPTIONAL } --- id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1) --- member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) --- smime(16) id-aa(2) 12 } +id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1) + member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) + smime(16) id-aa(2) 12 } + +SigningCertificateV2 ::= SEQUENCE { + certs SEQUENCE OF ESSCertIDv2, + policies SEQUENCE OF PolicyInformation OPTIONAL +} + +id-aa-signingCertificateV2 OBJECT IDENTIFIER ::= { iso(1) + member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) + smime(16) id-aa(2) 47 } + +id-sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) + country(16) us(840) organization(1) gov(101) + csor(3) nistalgorithm(4) hashalgs(2) 1 } + +ESSCertIDv2 ::= SEQUENCE { + hashAlgorithm AlgorithmIdentifier + DEFAULT {algorithm id-sha256}, + certHash Hash, + issuerSerial IssuerSerial OPTIONAL +} ESSCertID ::= SEQUENCE { certHash Hash, diff --git a/asn1/ess/Makefile.common b/asn1/ess/Makefile.common index 43481e19c9..5c5cc519be 100644 --- a/asn1/ess/Makefile.common +++ b/asn1/ess/Makefile.common @@ -43,7 +43,7 @@ SRC_FILES = \ $(EXTRA_DIST) \ $(EXT_ASN_FILE_LIST) -A2W_FLAGS= -b -k +A2W_FLAGS= -b -e -k -C EXTRA_CNF= \ ../cms/cms-exp.cnf \ diff --git a/asn1/ess/ess.cnf b/asn1/ess/ess.cnf index 23f2650566..bc449f2411 100644 --- a/asn1/ess/ess.cnf +++ b/asn1/ess/ess.cnf @@ -22,6 +22,7 @@ ESSSecurityLabel B "1.2.840.113549.1.9.16.2.2" "id-aa-securityLabel" EquivalentLabels B "1.2.840.113549.1.9.16.2.9" "id-aa-equivalentLabels" MLExpansionHistory B "1.2.840.113549.1.9.16.2.3" "id-aa-mlExpandHistory" SigningCertificate B "1.2.840.113549.1.9.16.2.12" "id-aa-signingCertificate" +SigningCertificateV2 B "1.2.840.113549.1.9.16.2.47" "id-aa-signingCertificateV2" RestrictiveTag B "2.16.840.1.101.2.1.8.3.0" "id-restrictiveAttributes" EnumeratedTag B "2.16.840.1.101.2.1.8.3.1" "id-enumeratedPermissiveAttributes" @@ -34,6 +35,7 @@ EnumeratedTag B "2.16.840.1.101.2.1.8.3.4" "id-enumeratedRestrictiveAttribu #.TYPE_RENAME #.FIELD_RENAME +SigningCertificateV2/certs certsV2 #.FN_PARS SecurityCategory/type FN_VARIANT = _str HF_INDEX = hf_ess_SecurityCategory_type_OID VAL_PTR = &object_identifier_id diff --git a/asn1/ess/packet-ess-template.c b/asn1/ess/packet-ess-template.c index 12a20057df..a5498e4d26 100644 --- a/asn1/ess/packet-ess-template.c +++ b/asn1/ess/packet-ess-template.c @@ -1,6 +1,7 @@ /* packet-ess.c - * Routines for RFC2634 Extended Security Services packet dissection + * Routines for RFC5035 Extended Security Services packet dissection * Ronnie Sahlberg 2004 + * Stig Bjorlykke 2010 * * $Id$ * @@ -49,6 +50,8 @@ static int proto_ess = -1; static int hf_ess_SecurityCategory_type_OID = -1; #include "packet-ess-hf.c" +#include "packet-ess-val.h" + /* Initialize the subtree pointers */ #include "packet-ess-ett.c" diff --git a/asn1/ess/packet-ess-template.h b/asn1/ess/packet-ess-template.h index 15243f330a..b6c45469ce 100644 --- a/asn1/ess/packet-ess-template.h +++ b/asn1/ess/packet-ess-template.h @@ -1,6 +1,7 @@ /* packet-ess.h - * Routines for RFC2634 Extended Security Services packet dissection + * Routines for RFC5035 Extended Security Services packet dissection * Ronnie Sahlberg 2004 + * Stig Bjorlykke 2010 * * $Id$ * |