projects / apple / security.git / blame
| Commit | Line | Data |
|---|---|---|
| bac41a7b A |
1 | -- @(#) sm_ess.asn 1.13 12/17/98 14:17:02 |
| 2 | -- FROM ess.txt: draft-ietf-smime-ess-09.txt | |
| 3 | ExtendedSecurityServices | |
| 4 | { 1 2 840 113549 1 9 16 0 2 } --MB;{ iso(1) member-body(2) us(840) rsadsi(113549) | |
| 5 | --MB; pkcs(1) pkcs-9(9) smime(16) modules(0) ess(2) } | |
| 6 | ||
| 7 | DEFINITIONS IMPLICIT TAGS ::= | |
| 8 | BEGIN | |
| 9 | ||
| 10 | IMPORTS | |
| 11 | ||
| 12 | KeyIdentifier, PolicyQualifierInfo, PolicyInformation, CertPolicyId | |
| 13 | FROM CertificateExtensions | |
| 14 | ||
| 15 | pkcs-9 | |
| 16 | FROM PKCS9-OIDS | |
| 17 | ||
| 18 | -- Cryptographic Message Syntax (CMS) | |
| 19 | ContentType, IssuerAndSerialNumber, CMSVersion | |
| 20 | FROM CryptographicMessageSyntax { 1 2 840 113549 1 9 16 0 1 } | |
| 21 | --RWC;iso(1) member-body(2) us(840) | |
| 22 | --RWC;rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1)} | |
| 23 | ||
| 24 | -- PKIX Certificate and CRL Profile, Sec A.2 Implicitly Tagged Module, | |
| 25 | -- 1988 Syntax | |
| 26 | --RWC;PolicyInformation FROM PKIX1Implicit88 {iso(1) RWC; Added ")" | |
| 27 | --RWC;identified-organization(3)dod(6) internet(1) security(5) | |
| 28 | --RWC;mechanisms(5) pkix(7)id-mod(0) id-pkix1-implicit-88(2)} | |
| 29 | ||
| 30 | -- X.509 | |
| 31 | --RWC;GeneralNames, CertificateSerialNumber FROM CertificateExtensions RWC; Removed "," | |
| 32 | --RWC;{joint-iso-ccitt ds(5) module(1) certificateExtensions(26) 0} | |
| 33 | ||
| 34 | ub-security-categories, ub-privacy-mark-length, ub-integer-options FROM UpperBounds | |
| 35 | -- RWC; Added to avoid SNACC ASN.1 Compiler link errors. | |
| 36 | ||
| 37 | CertificateSerialNumber, IssuerSerial | |
| 38 | FROM AuthenticationFramework --RWC; Added | |
| 39 | ||
| 40 | GeneralNames FROM CommonX509Definitions ; --RWC; Added | |
| 41 | ||
| 42 | ||
| 43 | -- Extended Security Services | |
| 44 | ||
| 45 | -- The construct "SEQUENCE SIZE (1..MAX) OF" appears in several ASN.1 | |
| 46 | -- constructs in this module. A valid ASN.1 SEQUENCE can have zero or | |
| 47 | -- more entries. The SIZE (1..MAX) construct constrains the SEQUENCE to | |
| 48 | -- have at least one entry. MAX indicates the upper bound is unspecified. | |
| 49 | -- Implementations are free to choose an upper bound that suits their | |
| 50 | -- environment. | |
| 51 | ||
| 52 | -- Section 2.7 | |
| 53 | ||
| 54 | ReceiptRequest ::= SEQUENCE { | |
| 55 | signedContentIdentifier ContentIdentifier, | |
| 56 | receiptsFrom ReceiptsFrom, | |
| 57 | receiptsTo SEQUENCE SIZE (1..ub-receiptsTo) OF GeneralNames } | |
| 58 | ||
| 59 | ub-receiptsTo INTEGER ::= 16 | |
| 60 | ||
| 61 | smime OBJECT IDENTIFIER ::= { pkcs-9 smime(16) } | |
| 62 | ||
| 63 | id-aa OBJECT IDENTIFIER ::= { pkcs-9 smime(16) 2 } | |
| 64 | ||
| 65 | id-aa-receiptRequest OBJECT IDENTIFIER ::= { id-aa 1 } | |
| 66 | ||
| 67 | ContentIdentifier ::= OCTET STRING | |
| 68 | ||
| 69 | id-aa-contentIdentifier OBJECT IDENTIFIER ::= { id-aa 7 } | |
| 70 | ||
| 71 | ReceiptsFrom ::= CHOICE { | |
| 72 | allOrFirstTier [0] AllOrFirstTier, | |
| 73 | -- formerly "allOrNone [0]AllOrNone" | |
| 74 | receiptList [1] SEQUENCE OF GeneralNames } | |
| 75 | ||
| 76 | AllOrFirstTier ::= INTEGER { -- Formerly AllOrNone | |
| 77 | allReceipts (0), | |
| 78 | firstTierRecipients (1) } | |
| 79 | ||
| 80 | ||
| 81 | -- Section 2.8 | |
| 82 | ||
| 83 | Receipt ::= SEQUENCE { | |
| 84 | version CMSVersion, -- Version is imported from [CMS] | |
| 85 | contentType ContentType, | |
| 86 | signedContentIdentifier ContentIdentifier, | |
| 87 | originatorSignatureValue OCTET STRING } | |
| 88 | ||
| 89 | id-ct-receipt OBJECT IDENTIFIER ::= { smime id-ct(1) 1 } | |
| 90 | ||
| 91 | -- Section 2.9 | |
| 92 | ||
| 93 | ContentHints ::= SEQUENCE { | |
| 94 | contentDescription UTF8String OPTIONAL, --RWC;SIZE (1..MAX) OPTIONAL, | |
| 95 | contentType ContentType } | |
| 96 | ||
| 97 | id-aa-contentHint OBJECT IDENTIFIER ::= { id-aa 4 } | |
| 98 | ||
| 99 | -- Section 2.10 | |
| 100 | ||
| 101 | MsgSigDigest ::= OCTET STRING | |
| 102 | ||
| 103 | id-aa-msgSigDigest OBJECT IDENTIFIER ::= { id-aa 5 } | |
| 104 | ||
| 105 | -- Section 2.11 | |
| 106 | ||
| 107 | ContentReference ::= SEQUENCE { | |
| 108 | contentType ContentType, | |
| 109 | signedContentIdentifier ContentIdentifier, | |
| 110 | originatorSignatureValue OCTET STRING } | |
| 111 | ||
| 112 | id-aa-contentReference OBJECT IDENTIFIER ::= { id-aa 10 } | |
| 113 | ||
| 114 | ||
| 115 | -- Section 3.2 | |
| 116 | ||
| 117 | ESSSecurityLabel ::= SET { | |
| 118 | security-policy-identifier SecurityPolicyIdentifier, | |
| 119 | security-classification SecurityClassification OPTIONAL, | |
| 120 | privacy-mark ESSPrivacyMark OPTIONAL, | |
| 121 | security-categories SecurityCategories OPTIONAL } | |
| 122 | ||
| 123 | id-aa-securityLabel OBJECT IDENTIFIER ::= { id-aa 2} | |
| 124 | ||
| 125 | SecurityPolicyIdentifier ::= OBJECT IDENTIFIER | |
| 126 | ||
| 127 | SecurityClassification ::= INTEGER { | |
| 128 | unmarked (0), | |
| 129 | unclassified (1), | |
| 130 | restricted (2), | |
| 131 | confidential (3), | |
| 132 | secret (4), | |
| 133 | top-secret (5) } (0..ub-integer-options) | |
| 134 | ||
| 135 | --RWC; IMPORTED;ub-integer-options INTEGER ::= 256 | |
| 136 | ||
| 137 | ESSPrivacyMark ::= CHOICE { | |
| 138 |