1 files changed, 297 insertions, 0 deletions
diff --git a/epan/dissectors/asn1/ess/ExtendedSecurityServices.asn b/epan/dissectors/asn1/ess/ExtendedSecurityServices.asn
new file mode 100644
index 0000000000..a484535197
--- /dev/null
+++ b/epan/dissectors/asn1/ess/ExtendedSecurityServices.asn
@@ -0,0 +1,297 @@
+-- ExtendedSecurityServices as defined in RFC5035
+-- 
+-- The ASN definition has been modified to suit the Wireshark asn2wrs compiler
+-- 
+-- 
+-- 
+-- The original ASN.1 definition from RFC5035 contains the following 
+-- copyright statement:
+-- 
+-- Full Copyright Statement
+-- 
+--    Copyright (C) The IETF Trust (2007).
+--
+--    This document is subject to the rights, licenses and restrictions
+--    contained in BCP 78, and except as set forth therein, the authors
+--    retain all their rights.
+--
+--    This document and the information contained herein are provided on an
+--    "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+--    OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
+--    THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
+--    OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
+--    THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+--    WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+-- 
+
+ExtendedSecurityServices
+     { iso(1) member-body(2) us(840) rsadsi(113549)
+       pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-ess-2006(30) }
+
+DEFINITIONS IMPLICIT TAGS ::=
+BEGIN
+
+IMPORTS
+
+-- Cryptographic Message Syntax (CMS)
+    ContentType, IssuerAndSerialNumber
+       FROM CryptographicMessageSyntax {iso(1) member-body(2)
+                us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
+                modules(0) cms-2004(24)}
+
+-- X.509
+    AlgorithmIdentifier, CertificateSerialNumber
+       FROM AuthenticationFramework 
+       {joint-iso-itu-t ds(5) module(1) authenticationFramework(7) 3}
+
+    SubjectKeyIdentifier, PolicyInformation, GeneralNames
+       FROM CertificateExtensions
+       {joint-iso-ccitt ds(5) module(1) certificateExtensions(26) 0};
+
+
+-- Extended Security Services
+
+-- The construct "SEQUENCE SIZE (1..MAX) OF" appears in several ASN.1
+-- constructs in this module. A valid ASN.1 SEQUENCE can have zero or
+-- more entries. The SIZE (1..MAX) construct constrains the SEQUENCE to
+-- have at least one entry. MAX indicates the upper bound is unspecified.
+-- Implementations are free to choose an upper bound that suits their
+-- environment.
+
+-- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING
+
+-- The contents are formatted as described in [UTF8]
+
+-- Section 2.7
+
+ReceiptRequest ::= SEQUENCE {
+  signedContentIdentifier ContentIdentifier,
+  receiptsFrom ReceiptsFrom,
+  receiptsTo SEQUENCE SIZE (1..ub-receiptsTo) OF GeneralNames
+}
+
+ub-receiptsTo INTEGER ::= 16
+
+id-aa-receiptRequest OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+    us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 1}
+
+ContentIdentifier ::= OCTET STRING
+
+id-aa-contentIdentifier OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+    us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 7}
+
+ReceiptsFrom ::= CHOICE {
+  allOrFirstTier [0] AllOrFirstTier,  -- formerly "allOrNone [0]AllOrNone"
+  receiptList [1] SEQUENCE OF GeneralNames
+}
+
+AllOrFirstTier ::= INTEGER { -- Formerly AllOrNone
+  allReceipts (0),
+  firstTierRecipients (1)
+}
+
+-- Section 2.8
+
+Receipt ::= SEQUENCE {
+  version ESSVersion,
+  contentType ContentType,
+  signedContentIdentifier ContentIdentifier,
+  originatorSignatureValue OCTET STRING
+}
+
+id-ct-receipt OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
+   rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-ct(1) 1}
+
+ESSVersion ::= INTEGER  { v1(1) }
+
+-- Section 2.9
+
+ContentHints ::= SEQUENCE {
+  contentDescription UTF8String (SIZE (1..MAX)) OPTIONAL,
+  contentType ContentType
+}
+
+id-aa-contentHint OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
+    rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 4}
+
+-- Section 2.10
+
+MsgSigDigest ::= OCTET STRING
+
+id-aa-msgSigDigest OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+    us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 5}
+
+-- Section 2.11
+
+ContentReference ::= SEQUENCE {
+  contentType ContentType,
+  signedContentIdentifier ContentIdentifier,
+  originatorSignatureValue OCTET STRING
+}
+
+id-aa-contentReference   OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+    us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 10 }
+
+-- Section 3.2
+
+ESSSecurityLabel ::= SET {
+  security-policy-identifier SecurityPolicyIdentifier,
+  security-classification SecurityClassification OPTIONAL,
+  privacy-mark ESSPrivacyMark OPTIONAL,
+  security-categories SecurityCategories OPTIONAL
+}
+
+ id-aa-securityLabel OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+     us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 2}
+
+SecurityPolicyIdentifier ::= OBJECT IDENTIFIER
+
+SecurityClassification ::= INTEGER {
+  unmarked (0),
+  unclassified (1),
+  restricted (2),
+  confidential (3),
+  secret (4),
+  top-secret (5)
+}(0..ub-integer-options)
+
+ub-integer-options INTEGER ::= 256
+
+ESSPrivacyMark ::= CHOICE {
+    pString      PrintableString (SIZE (1..ub-privacy-mark-length)),
+    utf8String   UTF8String (SIZE (1..MAX))
+}
+
+ub-privacy-mark-length INTEGER ::= 128
+
+SecurityCategories ::= SET SIZE (1..ub-security-categories) OF SecurityCategory
+
+ub-security-categories INTEGER ::= 64
+
+SecurityCategory ::= SEQUENCE {
+  type  [0] OBJECT IDENTIFIER,
+  value [1] ANY DEFINED BY type
+}
+
+--Note: The aforementioned SecurityCategory syntax produces identical
+--hex encodings as the following SecurityCategory syntax that is
+--documented in the X.411 specification:
+--
+--SecurityCategory ::= SEQUENCE {
+--     type  [0]  SECURITY-CATEGORY,
+--     value [1]  ANY DEFINED BY type }
+--
+--SECURITY-CATEGORY MACRO ::=
+--BEGIN
+--TYPE NOTATION ::= type | empty
+--VALUE NOTATION ::= value (VALUE OBJECT IDENTIFIER)
+--END
+
+-- this is a commonly used definition of security categories
+
+RestrictiveTag ::= SEQUENCE {
+  tagName		OBJECT IDENTIFIER,
+  attributeFlags	BIT STRING
+}
+
+EnumeratedTag ::= SEQUENCE {
+  tagName		OBJECT IDENTIFIER,
+  attributeList		SET OF SecurityAttribute
+}
+
+PermissiveTag ::= SEQUENCE {
+  tagName		OBJECT IDENTIFIER,
+  attributeFlags	BIT STRING
+}
+
+SecurityAttribute ::= INTEGER
+
+InformativeTag ::= SEQUENCE {
+  tagName		OBJECT IDENTIFIER,
+  attributes		FreeFormField
+}
+
+FreeFormField ::= CHOICE {
+  bitSetAttributes 	BIT STRING,
+  securityAttributes	SET OF SecurityAttribute
+}
+
+-- Section 3.4
+
+EquivalentLabels ::= SEQUENCE OF ESSSecurityLabel
+
+id-aa-equivalentLabels OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+    us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 9}
+
+-- Section 4.4
+
+MLExpansionHistory ::= SEQUENCE
+      SIZE (1..ub-ml-expansion-history) OF MLData
+
+id-aa-mlExpandHistory OBJECT IDENTIFIER ::= { iso(1) member-body(2)
+    us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 3}
+
+ub-ml-expansion-history INTEGER ::= 64
+
+MLData ::= SEQUENCE {
+  mailListIdentifier EntityIdentifier,
+  expansionTime GeneralizedTime,
+  mlReceiptPolicy MLReceiptPolicy OPTIONAL
+}
+
+EntityIdentifier ::= CHOICE {
+  issuerAndSerialNumber IssuerAndSerialNumber,
+  subjectKeyIdentifier SubjectKeyIdentifier
+}
+
+MLReceiptPolicy ::= CHOICE {
+  none [0] NULL,
+  insteadOf [1] SEQUENCE SIZE (1..MAX) OF GeneralNames,
+  inAdditionTo [2] SEQUENCE SIZE (1..MAX) OF GeneralNames
+}
+
+-- Section 5.4
+
+SigningCertificate ::=  SEQUENCE {
+    certs        SEQUENCE OF ESSCertID,
+    policies     SEQUENCE OF PolicyInformation OPTIONAL
+}
+
+id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1)
+    member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
+    smime(16) id-aa(2) 12 }
+
+SigningCertificateV2 ::=  SEQUENCE {
+    certs        SEQUENCE OF ESSCertIDv2,
+    policies     SEQUENCE OF PolicyInformation OPTIONAL
+}
+
+id-aa-signingCertificateV2 OBJECT IDENTIFIER ::= { iso(1)
+    member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
+    smime(16) id-aa(2) 47 }
+
+id-sha256  OBJECT IDENTIFIER  ::=  { joint-iso-itu-t(2)
+    country(16) us(840) organization(1) gov(101)
+    csor(3) nistalgorithm(4) hashalgs(2) 1 }
+
+ESSCertIDv2 ::= SEQUENCE {
+     hashAlgorithm           AlgorithmIdentifier
+            DEFAULT {algorithm id-sha256},
+     certHash                Hash,
+     issuerSerial            IssuerSerial OPTIONAL
+}
+
+ESSCertID ::=  SEQUENCE {
+     certHash                 Hash,
+     issuerSerial             IssuerSerial OPTIONAL
+}
+
+Hash ::= OCTET STRING -- SHA1 hash of entire certificate
+
+IssuerSerial ::= SEQUENCE {
+     issuer                   GeneralNames,
+     serialNumber             CertificateSerialNumber
+}
+
+END -- of ExtendedSecurityServices
+