You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
243 lines
7.3 KiB
243 lines
7.3 KiB
--------------------------------------------------------------------------
|
|
-- ESS.ASN
|
|
--
|
|
-- ASN.1 definitions for S/MIME Extended Security Services
|
|
--------------------------------------------------------------------------
|
|
|
|
ExtendedSecurityServices
|
|
-- { iso(1) member-body(2) us(840) rsadsi(113549)
|
|
-- pkcs(1) pkcs-9(9) smime(16) modules(0) ess(2) }
|
|
DEFINITIONS IMPLICIT TAGS ::=
|
|
BEGIN
|
|
|
|
--IMPORTS
|
|
-- Cryptographic Message Syntax (CMS)
|
|
--- ContentType, EntityIdentifier, SubjectKeyIdentifier, Version
|
|
--- FROM CryptographicMessageSyntax { iso(1) member-body(2) us(840)
|
|
--- rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1) };
|
|
|
|
-- EntityIdentifier ::= CHOICE {
|
|
-- issuerAndSerialNumber IssuerAndSerialNumber,
|
|
-- subjectKeyIdentifier SubjectKeyIdentifier }
|
|
ObjectIdentifier ::= OBJECT IDENTIFIER --<PDU>-- --<OBJECTID 16>--
|
|
|
|
ContentType ::= ObjectIdentifier
|
|
Version ::= INTEGER { v0(0), v1(1), v2(2), v3(3) }
|
|
IssuerAndSerialNumber ::= SEQUENCE {
|
|
issuer NOCOPYANY,
|
|
serialNumber SerialNumber }
|
|
|
|
|
|
HUGEINTEGER ::= INTEGER --<HUGE>-- -- tag 0x02
|
|
|
|
SerialNumber ::= HUGEINTEGER
|
|
CertificateSerialNumber ::= SerialNumber
|
|
PolicyInformation ::= NOCOPYANY
|
|
|
|
-- X.509
|
|
-- GeneralNames FROM CertificateExtensions
|
|
-- {joint-iso-ccitt ds(5) module(1) certificateExtensions(26) 0};
|
|
|
|
|
|
OCTETSTRING ::= OCTET STRING --<UNBOUNDED>-- --<NOCOPY>-- -- tag 0x04
|
|
NOCOPYANY ::= ANY --<ENCODABLE>-- --<NOCOPY>--
|
|
|
|
SubjectKeyIdentifier ::= OCTETSTRING
|
|
GeneralNames ::= NOCOPYANY
|
|
|
|
-- UNIVERSAL type defined in ASN.1 1997 but required for
|
|
-- this specification
|
|
|
|
-- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING
|
|
|
|
-- Extended Security Services
|
|
|
|
-- The construct "SEQUENCE SIZE (1..MAX) OF" appears in several ASN.1
|
|
-- constructs in this module. A valid ASN.1 SEQUENCE can have zero or
|
|
-- more entries. The SIZE (1..MAX) construct constrains the SEQUENCE to
|
|
-- have at least one entry. MAX indicates the upper bound is unspecified.
|
|
-- Implementations are free to choose an upper bound that suits their
|
|
-- environment.
|
|
|
|
-- Section 2.7
|
|
|
|
ReceiptRequest ::= SEQUENCE {
|
|
signedContentIdentifier ContentIdentifier,
|
|
receiptsFrom ReceiptsFrom,
|
|
receiptsTo SEQUENCE SIZE (1..ub-receiptsTo) OF GeneralNames } --<PDU>--
|
|
|
|
ub-receiptsTo INTEGER ::= 16
|
|
|
|
id-aa-receiptRequest OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 1}
|
|
|
|
ContentIdentifier ::= OCTET STRING
|
|
|
|
id-aa-contentIdentifier OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 7}
|
|
|
|
ReceiptsFrom ::= CHOICE {
|
|
allOrFirstTier [0] AllOrFirstTier,
|
|
-- formerly "allOrNone [0]AllOrNone"
|
|
receiptList [1] SEQUENCE OF GeneralNames }
|
|
|
|
AllOrFirstTier ::= INTEGER { -- Formerly AllOrNone
|
|
allReceipts (0),
|
|
firstTierRecipients (1) }
|
|
|
|
|
|
-- Section 2.8
|
|
|
|
Receipt ::= SEQUENCE {
|
|
version Version, -- Version is imported from [CMS]
|
|
contentType ContentType,
|
|
signedContentIdentifier ContentIdentifier,
|
|
originatorSignatureValue OCTETSTRING } --<PDU>--
|
|
|
|
id-ct-receipt OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
|
|
rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-ct(1) 1}
|
|
|
|
|
|
-- Section 2.9
|
|
|
|
-- contentDescription UTF8String SIZE (1..MAX) OPTIONAL,
|
|
|
|
ContentHints ::= SEQUENCE {
|
|
contentDescription UTF8String (SIZE (1..MAX)) OPTIONAL,
|
|
-- If contentDescription is used, its contents MUST be in UTF8 format
|
|
contentType ObjectIdentifier } --<PDU>--
|
|
|
|
id-aa-contentHint OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
|
|
rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 4}
|
|
|
|
|
|
-- Section 2.10
|
|
|
|
MsgSigDigest ::= OCTET STRING
|
|
|
|
id-aa-msgSigDigest OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 5}
|
|
|
|
-- Section 2.11
|
|
|
|
ContentReference ::= SEQUENCE {
|
|
contentType ContentType,
|
|
signedContentIdentifier ContentIdentifier,
|
|
originatorSignatureValue OCTET STRING }
|
|
|
|
id-aa-contentReference OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 10 }
|
|
|
|
-- Section 3.2
|
|
|
|
ESSSecurityLabel ::= SET {
|
|
security-policy-identifier SecurityPolicyIdentifier,
|
|
security-classification SecurityClassification OPTIONAL,
|
|
privacy-mark ESSPrivacyMark OPTIONAL,
|
|
security-categories SecurityCategories OPTIONAL } --<PDU>--
|
|
|
|
id-aa-securityLabel OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 2}
|
|
|
|
SecurityPolicyIdentifier ::= ObjectIdentifier
|
|
|
|
SecurityClassification ::= INTEGER {
|
|
unmarked (0),
|
|
unclassified (1),
|
|
restricted (2),
|
|
confidential (3),
|
|
secret (4),
|
|
top-secret (5) } (0..ub-integer-options)
|
|
|
|
ub-integer-options INTEGER ::= 256
|
|
|
|
ESSPrivacyMark ::= CHOICE {
|
|
pString PrintableString (SIZE (1..ub-privacy-mark-length)),
|
|
utf8String UTF8String (SIZE (1..MAX))
|
|
}
|
|
|
|
ub-privacy-mark-length INTEGER ::= 128
|
|
|
|
SecurityCategories ::= SET SIZE (1..ub-security-categories) OF
|
|
SecurityCategory
|
|
|
|
ub-security-categories INTEGER ::= 64
|
|
|
|
SecurityCategory ::= SEQUENCE {
|
|
type [0] ObjectIdentifier,
|
|
-- value [1] ANY - - defined by type
|
|
value [1] NOCOPYANY -- defined by type
|
|
}
|
|
|
|
-- Note: The aforementioned SecurityCategory syntax produces identical
|
|
-- hex encodings as the following SecurityCategory syntax that is
|
|
-- documented in the X.411 specification:
|
|
--
|
|
-- SecurityCategory ::= SEQUENCE {
|
|
-- type [0] SECURITY-CATEGORY,
|
|
-- value [1] ANY DEFINED BY type }
|
|
--
|
|
-- SECURITY-CATEGORY MACRO ::=
|
|
-- BEGIN
|
|
-- TYPE NOTATION ::= type | empty
|
|
-- VALUE NOTATION ::= value (VALUE OBJECT IDENTIFIER)
|
|
-- END
|
|
|
|
-- Section 3.4
|
|
|
|
EquivalentLabels ::= SEQUENCE OF ESSSecurityLabel
|
|
|
|
id-aa-equivalentLabels OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 9}
|
|
|
|
|
|
-- Section 4.4
|
|
|
|
MLExpansionHistory ::= SEQUENCE --<PDU>-- SIZE (1..ub-ml-expansion-history) OF MLData
|
|
|
|
id-aa-mlExpandHistory OBJECT IDENTIFIER ::= { iso(1) member-body(2)
|
|
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 3}
|
|
|
|
ub-ml-expansion-history INTEGER ::= 64
|
|
|
|
MLData ::= SEQUENCE {
|
|
mailListIdentifier EntityIdentifier,
|
|
-- EntityIdentifier is imported from [CMS]
|
|
expansionTime GeneralizedTime,
|
|
mlReceiptPolicy MLReceiptPolicy OPTIONAL }
|
|
|
|
EntityIdentifier ::= CHOICE {
|
|
issuerAndSerialNumber IssuerAndSerialNumber,
|
|
subjectKeyIdentifier SubjectKeyIdentifier }
|
|
|
|
MLReceiptPolicy ::= CHOICE {
|
|
none [0] NULL,
|
|
insteadOf [1] SEQUENCE SIZE (1..MAX) OF GeneralNames,
|
|
inAdditionTo [2] SEQUENCE SIZE (1..MAX) OF GeneralNames }
|
|
|
|
-- Section 5.4
|
|
|
|
SigningCertificate ::= SEQUENCE {
|
|
certs SEQUENCE OF ESSCertID,
|
|
policies SEQUENCE OF PolicyInformation OPTIONAL
|
|
}
|
|
|
|
id-aa-signingCertificate OBJECT IDENTIFIER ::= { iso(1)
|
|
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
|
|
smime(16) id-aa(2) 12 }
|
|
|
|
ESSCertID ::= SEQUENCE {
|
|
certHash Hash,
|
|
issuerSerial IssuerSerial OPTIONAL
|
|
}
|
|
|
|
Hash ::= OCTET STRING -- SHA1 hash of entire certificate
|
|
|
|
IssuerSerial ::= SEQUENCE {
|
|
issuer GeneralNames,
|
|
serialNumber CertificateSerialNumber
|
|
}
|
|
|
|
END -- of ExtendedSecurityServices
|
|
|
|
|