OSX/libsecurity_asn1/asn1/sm_ess.asn

   1 -- @(#) sm_ess.asn 1.13 12/17/98 14:17:02
   2 -- FROM ess.txt:  draft-ietf-smime-ess-09.txt
   3 ExtendedSecurityServices
   4      { 1 2 840 113549 1 9 16 0 2 } --MB;{ iso(1) member-body(2) us(840) rsadsi(113549)
   5       --MB; pkcs(1) pkcs-9(9) smime(16) modules(0) ess(2) }
   6
   7 DEFINITIONS IMPLICIT TAGS ::=
   8 BEGIN
   9
  10 IMPORTS
  11
  12      KeyIdentifier, PolicyQualifierInfo, PolicyInformation, CertPolicyId
  13            FROM CertificateExtensions
  14
  15     pkcs-9
  16     FROM PKCS9-OIDS
  17
  18 -- Cryptographic Message Syntax (CMS)
  19     ContentType, IssuerAndSerialNumber, CMSVersion
  20     FROM CryptographicMessageSyntax { 1 2 840 113549 1 9 16 0 1 }
  21    --RWC;iso(1) member-body(2) us(840)
  22     --RWC;rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1)}
  23
  24 -- PKIX Certificate and CRL Profile, Sec A.2 Implicitly Tagged Module,
  25 --  1988 Syntax
  26     --RWC;PolicyInformation FROM PKIX1Implicit88 {iso(1)   RWC; Added ")"
  27     --RWC;identified-organization(3)dod(6) internet(1) security(5)
  28     --RWC;mechanisms(5) pkix(7)id-mod(0) id-pkix1-implicit-88(2)}
  29
  30 -- X.509
  31     --RWC;GeneralNames, CertificateSerialNumber FROM CertificateExtensions  RWC; Removed ","
  32     --RWC;{joint-iso-ccitt ds(5) module(1) certificateExtensions(26) 0}
  33
  34    ub-security-categories, ub-privacy-mark-length, ub-integer-options FROM UpperBounds
  35                   -- RWC; Added to avoid SNACC ASN.1 Compiler link errors.
  36
  37    CertificateSerialNumber, IssuerSerial
  38       FROM AuthenticationFramework  --RWC; Added
  39
  40    GeneralNames FROM CommonX509Definitions ;   --RWC; Added
  41
  42
  43 -- Extended Security Services
  44
  45 -- The construct "SEQUENCE SIZE (1..MAX) OF" appears in several ASN.1
  46 -- constructs in this module. A valid ASN.1 SEQUENCE can have zero or
  47 -- more entries. The SIZE (1..MAX) construct constrains the SEQUENCE to
  48 -- have at least one entry. MAX indicates the upper bound is unspecified.
  49 -- Implementations are free to choose an upper bound that suits their
  50 -- environment.
  51
  52 -- Section 2.7
  53
  54 ReceiptRequest ::= SEQUENCE {
  55   signedContentIdentifier ContentIdentifier,
  56   receiptsFrom ReceiptsFrom,
  57   receiptsTo SEQUENCE SIZE (1..ub-receiptsTo) OF GeneralNames }
  58
  59 ub-receiptsTo INTEGER ::= 16
  60
  61 smime OBJECT IDENTIFIER ::= { pkcs-9 smime(16) }
  62
  63 id-aa OBJECT IDENTIFIER ::= { pkcs-9 smime(16) 2 }
  64
  65 id-aa-receiptRequest OBJECT IDENTIFIER ::= { id-aa 1 }
  66
  67 ContentIdentifier ::= OCTET STRING
  68
  69 id-aa-contentIdentifier OBJECT IDENTIFIER ::= { id-aa 7 }
  70
  71 ReceiptsFrom ::= CHOICE {
  72   allOrFirstTier [0] AllOrFirstTier,
  73   -- formerly "allOrNone [0]AllOrNone"
  74   receiptList [1] SEQUENCE OF GeneralNames }
  75
  76 AllOrFirstTier ::= INTEGER { -- Formerly AllOrNone
  77   allReceipts (0),
  78   firstTierRecipients (1) }
  79
  80
  81 -- Section 2.8
  82
  83 Receipt ::= SEQUENCE {
  84   version CMSVersion,  -- Version is imported from [CMS]
  85   contentType ContentType,
  86   signedContentIdentifier ContentIdentifier,
  87   originatorSignatureValue OCTET STRING }
  88
  89 id-ct-receipt OBJECT IDENTIFIER ::= { smime id-ct(1) 1 }
  90
  91 -- Section 2.9
  92
  93 ContentHints ::= SEQUENCE {
  94   contentDescription UTF8String OPTIONAL, --RWC;SIZE (1..MAX) OPTIONAL,
  95   contentType ContentType }
  96
  97 id-aa-contentHint OBJECT IDENTIFIER ::= { id-aa 4 }
  98
  99 -- Section 2.10
 100
 101 MsgSigDigest ::= OCTET STRING
 102
 103 id-aa-msgSigDigest OBJECT IDENTIFIER ::= { id-aa 5 }
 104
 105 -- Section 2.11
 106
 107 ContentReference ::= SEQUENCE {
 108   contentType ContentType,
 109   signedContentIdentifier ContentIdentifier,
 110   originatorSignatureValue OCTET STRING }
 111
 112 id-aa-contentReference   OBJECT IDENTIFIER ::= { id-aa 10 }
 113
 114
 115 -- Section 3.2
 116
 117 ESSSecurityLabel ::= SET {
 118   security-policy-identifier SecurityPolicyIdentifier,
 119   security-classification SecurityClassification OPTIONAL,
 120   privacy-mark ESSPrivacyMark OPTIONAL,
 121   security-categories SecurityCategories OPTIONAL }
 122
 123 id-aa-securityLabel OBJECT IDENTIFIER ::= { id-aa 2}
 124
 125 SecurityPolicyIdentifier ::= OBJECT IDENTIFIER
 126
 127 SecurityClassification ::= INTEGER {
 128   unmarked (0),
 129   unclassified (1),
 130   restricted (2),
 131   confidential (3),
 132   secret (4),
 133   top-secret (5) } (0..ub-integer-options)
 134
 135 --RWC; IMPORTED;ub-integer-options INTEGER ::= 256
 136
 137 ESSPrivacyMark ::= CHOICE {
 138   pStringááááá PrintableString, --RWC;SIZE (1..ub-privacy-mark-length),
 139   utf8Stringáá UTF8String --RWC;SIZE (1..MAX)
 140 }
 141
 142 --RWC; IMPORTED;ub-privacy-mark-length INTEGER ::= 128
 143
 144 SecurityCategories ::= SET SIZE (1..ub-security-categories) OF
 145         SecurityCategory
 146
 147 --RWC; IMPORTED;ub-security-categories INTEGER ::= 64
 148
 149 SecurityCategory ::= SEQUENCE {
 150   type  [0] OBJECT IDENTIFIER,
 151   value [1] ANY  --RWC;DEFINED BY type
 152 }
 153
 154 --Note: The aforementioned SecurityCategory syntax produces identical
 155 --hex encodings as the following SecurityCategory syntax that is
 156 --documented in the X.411 specification:
 157 --
 158 --SecurityCategory ::= SEQUENCE {
 159 --     type  [0]  SECURITY-CATEGORY,
 160 --     value [1]  ANY DEFINED BY type }
 161 --
 162 --SECURITY-CATEGORY MACRO ::=
 163 --BEGIN
 164 --TYPE NOTATION ::= type | empty
 165 --VALUE NOTATION ::= value (VALUE OBJECT IDENTIFIER)
 166 --END
 167
 168 -- Section 3.4
 169
 170 EquivalentLabels ::= SEQUENCE OF ESSSecurityLabel
 171
 172 id-aa-equivalentLabels OBJECT IDENTIFIER ::= { id-aa 9}
 173
 174
 175 -- Section 4.4
 176
 177 MLExpansionHistory ::= SEQUENCE
 178         SIZE (1..ub-ml-expansion-history) OF MLData
 179
 180 id-aa-mlExpandHistory OBJECT IDENTIFIER ::= { id-aa 3}
 181
 182 ub-ml-expansion-history INTEGER ::= 64
 183
 184 MLData ::= SEQUENCE {
 185   mailListIdentifier EntityIdentifier,
 186         -- EntityIdentifier is imported from [CMS]
 187   expansionTime GeneralizedTime,
 188   mlReceiptPolicy MLReceiptPolicy OPTIONAL }
 189
 190 EntityIdentifier ::= CHOICE {
 191   issuerAndSerialNumber IssuerAndSerialNumber,
 192   subjectKeyIdentifier KeyIdentifier }
 193
 194 MLReceiptPolicy ::= CHOICE {
 195   none [0] NULL,
 196   insteadOf [1] SEQUENCE SIZE (1..MAX) OF GeneralNames,
 197   inAdditionTo [2] SEQUENCE SIZE (1..MAX) OF GeneralNames }
 198
 199
 200 -- Section 5.4
 201
 202 SigningCertificate ::=  SEQUENCE {
 203     certs        SEQUENCE OF ESSCertID,
 204     policies     SEQUENCE OF PolicyInformation OPTIONAL
 205 }
 206
 207 id-aa-signingCertificate OBJECT IDENTIFIER ::= { id-aa 4444 } --RWC;Removed <TBD> }
 208
 209 ESSCertID ::=  SEQUENCE {
 210      certHash                 CertHash,
 211      issuerSerial             IssuerSerial OPTIONAL
 212 }
 213
 214 CertHash ::= OCTET STRING -- SHA1 hash of entire certificate
 215 --RWC; Modified "Hash" to "CertHash" to avoid crypto++ library contention.
 216
 217 --RWC;
 218 --RWC; Added for completeness
 219 --RWC;
 220
 221
 222    -- policyQualifierIds for Internet policy qualifiers
 223
 224    id-pkix  OBJECT IDENTIFIER  ::=
 225                { iso(1) identified-organization(3) dod(6) internet(1)
 226                        security(5) mechanisms(5) pkix(7) }
 227
 228    id-qt          OBJECT IDENTIFIER ::=  { id-pkix 2 }
 229    id-qt-cps      OBJECT IDENTIFIER ::=  { id-qt 1 }
 230    id-qt-unotice  OBJECT IDENTIFIER ::=  { id-qt 2 }
 231
 232    PolicyQualifierId ::=
 233         OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
 234
 235
 236
 237
 238 END