diff options
Diffstat (limited to 'epan/dissectors/asn1/ess/ExtendedSecurityServices.asn')
-rw-r--r-- | epan/dissectors/asn1/ess/ExtendedSecurityServices.asn | 297 |
1 files changed, 297 insertions, 0 deletions
diff --git a/epan/dissectors/asn1/ess/ExtendedSecurityServices.asn b/epan/dissectors/asn1/ess/ExtendedSecurityServices.asn new file mode 100644 index 00000000..a4845351 --- /dev/null +++ b/epan/dissectors/asn1/ess/ExtendedSecurityServices.asn @@ -0,0 +1,297 @@ +-- ExtendedSecurityServices as defined in RFC5035 +-- +-- The ASN definition has been modified to suit the Wireshark asn2wrs compiler +-- +-- +-- +-- The original ASN.1 definition from RFC5035 contains the following +-- copyright statement: +-- +-- Full Copyright Statement +-- +-- Copyright (C) The IETF Trust (2007). +-- +-- This document is subject to the rights, licenses and restrictions +-- contained in BCP 78, and except as set forth therein, the authors +-- retain all their rights. +-- +-- This document and the information contained herein are provided on an +-- "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS +-- OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND +-- THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS +-- OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF +-- THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED +-- WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. +-- + +ExtendedSecurityServices + { iso(1) member-body(2) us(840) rsadsi(113549) + pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-ess-2006(30) } + +DEFINITIONS IMPLICIT TAGS ::= +BEGIN + +IMPORTS + +-- Cryptographic Message Syntax (CMS) + ContentType, IssuerAndSerialNumber + FROM CryptographicMessageSyntax {iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) + modules(0) cms-2004(24)} + +-- X.509 + AlgorithmIdentifier, CertificateSerialNumber + FROM AuthenticationFramework + {joint-iso-itu-t ds(5) module(1) authenticationFramework(7) 3} + + SubjectKeyIdentifier, PolicyInformation, GeneralNames + FROM CertificateExtensions + {joint-iso-ccitt ds(5) module(1) certificateExtensions(26) 0}; + + +-- Extended Security Services + +-- The construct "SEQUENCE SIZE (1..MAX) OF" appears in several ASN.1 +-- constructs in this module. A valid ASN.1 SEQUENCE can have zero or +-- more entries. The SIZE (1..MAX) construct constrains the SEQUENCE to +-- have at least one entry. MAX indicates the upper bound is unspecified. +-- Implementations are free to choose an upper bound that suits their +-- environment. + +-- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING + +-- The contents are formatted as described in [UTF8] + +-- Section 2.7 + +ReceiptRequest ::= SEQUENCE { + signedContentIdentifier ContentIdentifier, + receiptsFrom ReceiptsFrom, + receiptsTo SEQUENCE SIZE (1..ub-receiptsTo) OF GeneralNames +} + +ub-receiptsTo INTEGER ::= 16 + +id-aa-receiptRequest OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 1} + +ContentIdentifier ::= OCTET STRING + +id-aa-contentIdentifier OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 7} + +ReceiptsFrom ::= CHOICE { + allOrFirstTier [0] AllOrFirstTier, -- formerly "allOrNone [0]AllOrNone" + receiptList [1] SEQUENCE OF GeneralNames +} + +AllOrFirstTier ::= INTEGER { -- Formerly AllOrNone + allReceipts (0), + firstTierRecipients (1) +} + +-- Section 2.8 + +Receipt ::= SEQUENCE { + version ESSVersion, + contentType ContentType, + signedContentIdentifier ContentIdentifier, + originatorSignatureValue OCTET STRING +} + +id-ct-receipt OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) + rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-ct(1) 1} + +ESSVersion ::= INTEGER { v1(1) } + +-- Section 2.9 + +ContentHints ::= SEQUENCE { + contentDescription UTF8String (SIZE (1..MAX)) OPTIONAL, + contentType ContentType +} + +id-aa-contentHint OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) + rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 4} + +-- Section 2.10 + +MsgSigDigest ::= OCTET STRING + +id-aa-msgSigDigest OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 5} + +-- Section 2.11 + +ContentReference ::= SEQUENCE { + contentType ContentType, + signedContentIdentifier ContentIdentifier, + originatorSignatureValue OCTET STRING +} + +id-aa-contentReference OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 10 } + +-- Section 3.2 + +ESSSecurityLabel ::= SET { + security-policy-identifier SecurityPolicyIdentifier, + security-classification SecurityClassification OPTIONAL, + privacy-mark ESSPrivacyMark OPTIONAL, + security-categories SecurityCategories OPTIONAL +} + + id-aa-securityLabel OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 2} + +SecurityPolicyIdentifier ::= OBJECT IDENTIFIER + +SecurityClassification ::= INTEGER { + unmarked (0), + unclassified (1), + restricted (2), + confidential (3), + secret (4), + top-secret (5) +}(0..ub-integer-options) + +ub-integer-options INTEGER ::= 256 + +ESSPrivacyMark ::= CHOICE { + pString PrintableString (SIZE (1..ub-privacy-mark-length)), + utf8String UTF8String (SIZE (1..MAX)) +} + +ub-privacy-mark-length INTEGER ::= 128 + +SecurityCategories ::= SET SIZE (1..ub-security-categories) OF SecurityCategory + +ub-security-categories INTEGER ::= 64 + +SecurityCategory ::= SEQUENCE { + type [0] OBJECT IDENTIFIER, + value [1] ANY DEFINED BY type +} + +--Note: The aforementioned SecurityCategory syntax produces identical +--hex encodings as the following SecurityCategory syntax that is +--documented in the X.411 specification: +-- +--SecurityCategory ::= SEQUENCE { +-- type [0] SECURITY-CATEGORY, +-- value [1] ANY DEFINED BY type } +-- +--SECURITY-CATEGORY MACRO ::= +--BEGIN +--TYPE NOTATION ::= type | empty +--VALUE NOTATION ::= value (VALUE OBJECT IDENTIFIER) +--END + +-- this is a commonly used definition of security categories + +RestrictiveTag ::= SEQUENCE { + tagName OBJECT IDENTIFIER, + attributeFlags BIT STRING +} + +EnumeratedTag ::= SEQUENCE { + tagName OBJECT IDENTIFIER, + attributeList SET OF SecurityAttribute +} + +PermissiveTag ::= SEQUENCE { + tagName OBJECT IDENTIFIER, + attributeFlags BIT STRING +} + +SecurityAttribute ::= INTEGER + +InformativeTag ::= SEQUENCE { + tagName OBJECT IDENTIFIER, + attributes FreeFormField +} + +FreeFormField ::= CHOICE { + bitSetAttributes BIT STRING, + securityAttributes SET OF SecurityAttribute +} + +-- Section 3.4 + +EquivalentLabels ::= SEQUENCE OF ESSSecurityLabel + +id-aa-equivalentLabels OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 9} + +-- Section 4.4 + +MLExpansionHistory ::= SEQUENCE + SIZE (1..ub-ml-expansion-history) OF MLData + +id-aa-mlExpandHistory OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 3} + +ub-ml-expansion-history INTEGER ::= 64 + +MLData ::= SEQUENCE { + mailListIdentifier EntityIdentifier, + expansionTime GeneralizedTime, + mlReceiptPolicy MLReceiptPolicy OPTIONAL +} + +EntityIdentifier ::= CHOICE { + issuerAndSerialNumber IssuerAndSerialNumber, + subjectKeyIdentifier SubjectKeyIdentifier +} + +MLReceiptPolicy ::= CHOICE { + none [0] NULL, + insteadOf [1] SEQUENCE SIZE (1..MAX) OF GeneralNames, + inAdditionTo [2] SEQUENCE SIZE (1..MAX) OF GeneralNames +} + +-- Section 5.4 + +SigningCertificate ::= SEQUENCE { + certs SEQUENCE OF ESSCertID, + policies SEQUENCE OF PolicyInformation OPTIONAL +} + +id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1) + member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) + smime(16) id-aa(2) 12 } + +SigningCertificateV2 ::= SEQUENCE { + certs SEQUENCE OF ESSCertIDv2, + policies SEQUENCE OF PolicyInformation OPTIONAL +} + +id-aa-signingCertificateV2 OBJECT IDENTIFIER ::= { iso(1) + member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) + smime(16) id-aa(2) 47 } + +id-sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) + country(16) us(840) organization(1) gov(101) + csor(3) nistalgorithm(4) hashalgs(2) 1 } + +ESSCertIDv2 ::= SEQUENCE { + hashAlgorithm AlgorithmIdentifier + DEFAULT {algorithm id-sha256}, + certHash Hash, + issuerSerial IssuerSerial OPTIONAL +} + +ESSCertID ::= SEQUENCE { + certHash Hash, + issuerSerial IssuerSerial OPTIONAL +} + +Hash ::= OCTET STRING -- SHA1 hash of entire certificate + +IssuerSerial ::= SEQUENCE { + issuer GeneralNames, + serialNumber CertificateSerialNumber +} + +END -- of ExtendedSecurityServices + |