From f102c2015121c6c5f0eefadf63d15555f5ea589e Mon Sep 17 00:00:00 2001 From: Ronnie Sahlberg Date: Mon, 22 Nov 2004 03:36:26 +0000 Subject: New protocol: RFC2634 ExtendedSecurityServices updates to cms to accomodate the new protocol add author to some files svn path=/trunk/; revision=12573 --- asn1/ess/ExtendedSecurityServices.asn | 248 ++++++++++++++++++++++++++++++++++ 1 file changed, 248 insertions(+) create mode 100644 asn1/ess/ExtendedSecurityServices.asn (limited to 'asn1/ess/ExtendedSecurityServices.asn') diff --git a/asn1/ess/ExtendedSecurityServices.asn b/asn1/ess/ExtendedSecurityServices.asn new file mode 100644 index 0000000000..7ba3b89271 --- /dev/null +++ b/asn1/ess/ExtendedSecurityServices.asn @@ -0,0 +1,248 @@ +-- ExtendedSecurityServices as defined in RFC2634 +-- +-- The ASN definition has been modified to suit the Ethereal ASN2ETH compiler +-- +-- +-- +-- The original ASN.1 definition from RFC2634 contains the following +-- copyright statement: +-- +-- Full Copyright Statement +-- +-- Copyright (C) The Internet Society (1999). All Rights Reserved. +-- +-- This document and translations of it may be copied and furnished to +-- others, and derivative works that comment on or otherwise explain it +-- or assist in its implementation may be prepared, copied, published +-- and distributed, in whole or in part, without restriction of any +-- kind, provided that the above copyright notice and this paragraph are +-- included on all such copies and derivative works. However, this +-- document itself may not be modified in any way, such as by removing +-- the copyright notice or references to the Internet Society or other +-- Internet organizations, except as needed for the purpose of +-- developing Internet standards in which case the procedures for +-- copyrights defined in the Internet Standards process must be +-- followed, or as required to translate it into languages other than +-- English. +-- +-- The limited permissions granted above are perpetual and will not be +-- revoked by the Internet Society or its successors or assigns. +-- +-- This document and the information contained herein is provided on an +-- "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING +-- TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING +-- BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION +-- HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF +-- MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. +-- + +ExtendedSecurityServices + { iso(1) member-body(2) us(840) rsadsi(113549) + pkcs(1) pkcs-9(9) smime(16) modules(0) ess(2) } + +DEFINITIONS IMPLICIT TAGS ::= +BEGIN + +IMPORTS + +-- Cryptographic Message Syntax (CMS) + ContentType, IssuerAndSerialNumber + FROM CryptographicMessageSyntax { iso(1) member-body(2) us(840) + rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1)} + +-- X.509 + CertificateSerialNumber FROM AuthenticationFramework + + SubjectKeyIdentifier, PolicyInformation, GeneralNames + FROM CertificateExtensions + {joint-iso-ccitt ds(5) module(1) certificateExtensions(26) 0}; + + +-- Extended Security Services + +-- The construct "SEQUENCE SIZE (1..MAX) OF" appears in several ASN.1 +-- constructs in this module. A valid ASN.1 SEQUENCE can have zero or +-- more entries. The SIZE (1..MAX) construct constrains the SEQUENCE to +-- have at least one entry. MAX indicates the upper bound is unspecified. +-- Implementations are free to choose an upper bound that suits their +-- environment. + +-- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING + -- The contents are formatted as described in [UTF8] + +-- Section 2.7 + +ReceiptRequest ::= SEQUENCE { + signedContentIdentifier ContentIdentifier, + receiptsFrom ReceiptsFrom, + receiptsTo SEQUENCE OF GeneralNames } + +-- ub-receiptsTo INTEGER ::= 16 +-- +-- +-- id-aa-receiptRequest OBJECT IDENTIFIER ::= { iso(1) member-body(2) +-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 1} + +ContentIdentifier ::= OCTET STRING + +-- id-aa-contentIdentifier OBJECT IDENTIFIER ::= { iso(1) member-body(2) +-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 7} + +ReceiptsFrom ::= CHOICE { + allOrFirstTier [0] AllOrFirstTier, + -- formerly "allOrNone [0]AllOrNone" + receiptList [1] SEQUENCE OF GeneralNames } + +AllOrFirstTier ::= INTEGER { -- Formerly AllOrNone + allReceipts (0), + firstTierRecipients (1) } + + +-- Section 2.8 + +Receipt ::= SEQUENCE { + version ESSVersion, + contentType ContentType, + signedContentIdentifier ContentIdentifier, + originatorSignatureValue OCTET STRING } + +-- id-ct-receipt OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) +-- rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-ct(1) 1} + +ESSVersion ::= INTEGER { v1(1) } + +-- Section 2.9 + +ContentHints ::= SEQUENCE { + contentDescription UTF8String OPTIONAL, + contentType ContentType } + +-- id-aa-contentHint OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) +-- rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 4} + +-- Section 2.10 + +MsgSigDigest ::= OCTET STRING + +-- id-aa-msgSigDigest OBJECT IDENTIFIER ::= { iso(1) member-body(2) +-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 5} + +-- Section 2.11 + +ContentReference ::= SEQUENCE { + contentType ContentType, + signedContentIdentifier ContentIdentifier, + originatorSignatureValue OCTET STRING } + +-- id-aa-contentReference OBJECT IDENTIFIER ::= { iso(1) member-body(2) +-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 10 } + + +-- Section 3.2 +-- ASN2ETH cant handle sets yet +--ESSSecurityLabel ::= SET { +-- security-policy-identifier SecurityPolicyIdentifier, +-- security-classification SecurityClassification OPTIONAL, +-- privacy-mark ESSPrivacyMark OPTIONAL, +-- security-categories SecurityCategories OPTIONAL } +-- +-- id-aa-securityLabel OBJECT IDENTIFIER ::= { iso(1) member-body(2) +-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 2} + +SecurityPolicyIdentifier ::= OBJECT IDENTIFIER + +SecurityClassification ::= INTEGER { + unmarked (0), + unclassified (1), + restricted (2), + confidential (3), + secret (4), + top-secret (5) } + +-- ub-integer-options INTEGER ::= 256 + +ESSPrivacyMark ::= CHOICE { + pString PrintableString, + utf8String UTF8String +} + +-- ub-privacy-mark-length INTEGER ::= 128 + +SecurityCategories ::= SET OF SecurityCategory + +-- ub-security-categories INTEGER ::= 64 + +SecurityCategory ::= SEQUENCE { + type [0] OBJECT IDENTIFIER, + value [1] ANY +} + +--Note: The aforementioned SecurityCategory syntax produces identical +--hex encodings as the following SecurityCategory syntax that is +--documented in the X.411 specification: +-- +--SecurityCategory ::= SEQUENCE { +-- type [0] SECURITY-CATEGORY, +-- value [1] ANY DEFINED BY type } +-- +--SECURITY-CATEGORY MACRO ::= +--BEGIN +--TYPE NOTATION ::= type | empty +--VALUE NOTATION ::= value (VALUE OBJECT IDENTIFIER) +--END + +-- Section 3.4 + +-- ASN2ETH cant generate code for ESSSecurityLabel yet +--EquivalentLabels ::= SEQUENCE OF ESSSecurityLabel + +-- id-aa-equivalentLabels OBJECT IDENTIFIER ::= { iso(1) member-body(2) +-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 9} + + +-- Section 4.4 + +MLExpansionHistory ::= SEQUENCE OF MLData + +-- id-aa-mlExpandHistory OBJECT IDENTIFIER ::= { iso(1) member-body(2) +-- us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 3} + +-- ub-ml-expansion-history INTEGER ::= 64 + +MLData ::= SEQUENCE { + mailListIdentifier EntityIdentifier, + expansionTime GeneralizedTime, + mlReceiptPolicy MLReceiptPolicy OPTIONAL } + +EntityIdentifier ::= CHOICE { + issuerAndSerialNumber IssuerAndSerialNumber, + subjectKeyIdentifier SubjectKeyIdentifier } + +MLReceiptPolicy ::= CHOICE { + none [0] NULL, + insteadOf [1] SEQUENCE OF GeneralNames, + inAdditionTo [2] SEQUENCE OF GeneralNames } + +SigningCertificate ::= SEQUENCE { + certs SEQUENCE OF ESSCertID, + policies SEQUENCE OF PolicyInformation OPTIONAL +} + +-- id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1) +-- member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) +-- smime(16) id-aa(2) 12 } + +ESSCertID ::= SEQUENCE { + certHash Hash, + issuerSerial IssuerSerial OPTIONAL +} + +Hash ::= OCTET STRING -- SHA1 hash of entire certificate + +IssuerSerial ::= SEQUENCE { + issuer GeneralNames, + serialNumber CertificateSerialNumber +} + +END -- of ExtendedSecurityServices + -- cgit v1.2.3