]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_asn1/asn1/sm_ess.asn
Security-58286.1.32.tar.gz
[apple/security.git] / OSX / libsecurity_asn1 / asn1 / sm_ess.asn
1 -- @(#) sm_ess.asn 1.13 12/17/98 14:17:02
2 -- FROM ess.txt: draft-ietf-smime-ess-09.txt
3 ExtendedSecurityServices
4 { 1 2 840 113549 1 9 16 0 2 } --MB;{ iso(1) member-body(2) us(840) rsadsi(113549)
5 --MB; pkcs(1) pkcs-9(9) smime(16) modules(0) ess(2) }
6
7 DEFINITIONS IMPLICIT TAGS ::=
8 BEGIN
9
10 IMPORTS
11
12 KeyIdentifier, PolicyQualifierInfo, PolicyInformation, CertPolicyId
13 FROM CertificateExtensions
14
15 pkcs-9
16 FROM PKCS9-OIDS
17
18 -- Cryptographic Message Syntax (CMS)
19 ContentType, IssuerAndSerialNumber, CMSVersion
20 FROM CryptographicMessageSyntax { 1 2 840 113549 1 9 16 0 1 }
21 --RWC;iso(1) member-body(2) us(840)
22 --RWC;rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) cms(1)}
23
24 -- PKIX Certificate and CRL Profile, Sec A.2 Implicitly Tagged Module,
25 -- 1988 Syntax
26 --RWC;PolicyInformation FROM PKIX1Implicit88 {iso(1) RWC; Added ")"
27 --RWC;identified-organization(3)dod(6) internet(1) security(5)
28 --RWC;mechanisms(5) pkix(7)id-mod(0) id-pkix1-implicit-88(2)}
29
30 -- X.509
31 --RWC;GeneralNames, CertificateSerialNumber FROM CertificateExtensions RWC; Removed ","
32 --RWC;{joint-iso-ccitt ds(5) module(1) certificateExtensions(26) 0}
33
34 ub-security-categories, ub-privacy-mark-length, ub-integer-options FROM UpperBounds
35 -- RWC; Added to avoid SNACC ASN.1 Compiler link errors.
36
37 CertificateSerialNumber, IssuerSerial
38 FROM AuthenticationFramework --RWC; Added
39
40 GeneralNames FROM CommonX509Definitions ; --RWC; Added
41
42
43 -- Extended Security Services
44
45 -- The construct "SEQUENCE SIZE (1..MAX) OF" appears in several ASN.1
46 -- constructs in this module. A valid ASN.1 SEQUENCE can have zero or
47 -- more entries. The SIZE (1..MAX) construct constrains the SEQUENCE to
48 -- have at least one entry. MAX indicates the upper bound is unspecified.
49 -- Implementations are free to choose an upper bound that suits their
50 -- environment.
51
52 -- Section 2.7
53
54 ReceiptRequest ::= SEQUENCE {
55 signedContentIdentifier ContentIdentifier,
56 receiptsFrom ReceiptsFrom,
57 receiptsTo SEQUENCE SIZE (1..ub-receiptsTo) OF GeneralNames }
58
59 ub-receiptsTo INTEGER ::= 16
60
61 smime OBJECT IDENTIFIER ::= { pkcs-9 smime(16) }
62
63 id-aa OBJECT IDENTIFIER ::= { pkcs-9 smime(16) 2 }
64
65 id-aa-receiptRequest OBJECT IDENTIFIER ::= { id-aa 1 }
66
67 ContentIdentifier ::= OCTET STRING
68
69 id-aa-contentIdentifier OBJECT IDENTIFIER ::= { id-aa 7 }
70
71 ReceiptsFrom ::= CHOICE {
72 allOrFirstTier [0] AllOrFirstTier,
73 -- formerly "allOrNone [0]AllOrNone"
74 receiptList [1] SEQUENCE OF GeneralNames }
75
76 AllOrFirstTier ::= INTEGER { -- Formerly AllOrNone
77 allReceipts (0),
78 firstTierRecipients (1) }
79
80
81 -- Section 2.8
82
83 Receipt ::= SEQUENCE {
84 version CMSVersion, -- Version is imported from [CMS]
85 contentType ContentType,
86 signedContentIdentifier ContentIdentifier,
87 originatorSignatureValue OCTET STRING }
88
89 id-ct-receipt OBJECT IDENTIFIER ::= { smime id-ct(1) 1 }
90
91 -- Section 2.9
92
93 ContentHints ::= SEQUENCE {
94 contentDescription UTF8String OPTIONAL, --RWC;SIZE (1..MAX) OPTIONAL,
95 contentType ContentType }
96
97 id-aa-contentHint OBJECT IDENTIFIER ::= { id-aa 4 }
98
99 -- Section 2.10
100
101 MsgSigDigest ::= OCTET STRING
102
103 id-aa-msgSigDigest OBJECT IDENTIFIER ::= { id-aa 5 }
104
105 -- Section 2.11
106
107 ContentReference ::= SEQUENCE {
108 contentType ContentType,
109 signedContentIdentifier ContentIdentifier,
110 originatorSignatureValue OCTET STRING }
111
112 id-aa-contentReference OBJECT IDENTIFIER ::= { id-aa 10 }
113
114
115 -- Section 3.2
116
117 ESSSecurityLabel ::= SET {
118 security-policy-identifier SecurityPolicyIdentifier,
119 security-classification SecurityClassification OPTIONAL,
120 privacy-mark ESSPrivacyMark OPTIONAL,
121 security-categories SecurityCategories OPTIONAL }
122
123 id-aa-securityLabel OBJECT IDENTIFIER ::= { id-aa 2}
124
125 SecurityPolicyIdentifier ::= OBJECT IDENTIFIER
126
127 SecurityClassification ::= INTEGER {
128 unmarked (0),
129 unclassified (1),
130 restricted (2),
131 confidential (3),
132 secret (4),
133 top-secret (5) } (0..ub-integer-options)
134
135 --RWC; IMPORTED;ub-integer-options INTEGER ::= 256
136
137 ESSPrivacyMark ::= CHOICE {
138 pStringááááá PrintableString, --RWC;SIZE (1..ub-privacy-mark-length),
139 utf8Stringáá UTF8String --RWC;SIZE (1..MAX)
140 }
141
142 --RWC; IMPORTED;ub-privacy-mark-length INTEGER ::= 128
143
144 SecurityCategories ::= SET SIZE (1..ub-security-categories) OF
145 SecurityCategory
146
147 --RWC; IMPORTED;ub-security-categories INTEGER ::= 64
148
149 SecurityCategory ::= SEQUENCE {
150 type [0] OBJECT IDENTIFIER,
151 value [1] ANY --RWC;DEFINED BY type
152 }
153
154 --Note: The aforementioned SecurityCategory syntax produces identical
155 --hex encodings as the following SecurityCategory syntax that is
156 --documented in the X.411 specification:
157 --
158 --SecurityCategory ::= SEQUENCE {
159 -- type [0] SECURITY-CATEGORY,
160 -- value [1] ANY DEFINED BY type }
161 --
162 --SECURITY-CATEGORY MACRO ::=
163 --BEGIN
164 --TYPE NOTATION ::= type | empty
165 --VALUE NOTATION ::= value (VALUE OBJECT IDENTIFIER)
166 --END
167
168 -- Section 3.4
169
170 EquivalentLabels ::= SEQUENCE OF ESSSecurityLabel
171
172 id-aa-equivalentLabels OBJECT IDENTIFIER ::= { id-aa 9}
173
174
175 -- Section 4.4
176
177 MLExpansionHistory ::= SEQUENCE
178 SIZE (1..ub-ml-expansion-history) OF MLData
179
180 id-aa-mlExpandHistory OBJECT IDENTIFIER ::= { id-aa 3}
181
182 ub-ml-expansion-history INTEGER ::= 64
183
184 MLData ::= SEQUENCE {
185 mailListIdentifier EntityIdentifier,
186 -- EntityIdentifier is imported from [CMS]
187 expansionTime GeneralizedTime,
188 mlReceiptPolicy MLReceiptPolicy OPTIONAL }
189
190 EntityIdentifier ::= CHOICE {
191 issuerAndSerialNumber IssuerAndSerialNumber,
192 subjectKeyIdentifier KeyIdentifier }
193
194 MLReceiptPolicy ::= CHOICE {
195 none [0] NULL,
196 insteadOf [1] SEQUENCE SIZE (1..MAX) OF GeneralNames,
197 inAdditionTo [2] SEQUENCE SIZE (1..MAX) OF GeneralNames }
198
199
200 -- Section 5.4
201
202 SigningCertificate ::= SEQUENCE {
203 certs SEQUENCE OF ESSCertID,
204 policies SEQUENCE OF PolicyInformation OPTIONAL
205 }
206
207 id-aa-signingCertificate OBJECT IDENTIFIER ::= { id-aa 4444 } --RWC;Removed <TBD> }
208
209 ESSCertID ::= SEQUENCE {
210 certHash CertHash,
211 issuerSerial IssuerSerial OPTIONAL
212 }
213
214 CertHash ::= OCTET STRING -- SHA1 hash of entire certificate
215 --RWC; Modified "Hash" to "CertHash" to avoid crypto++ library contention.
216
217 --RWC;
218 --RWC; Added for completeness
219 --RWC;
220
221
222 -- policyQualifierIds for Internet policy qualifiers
223
224 id-pkix OBJECT IDENTIFIER ::=
225 { iso(1) identified-organization(3) dod(6) internet(1)
226 security(5) mechanisms(5) pkix(7) }
227
228 id-qt OBJECT IDENTIFIER ::= { id-pkix 2 }
229 id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 }
230 id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 }
231
232 PolicyQualifierId ::=
233 OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
234
235
236
237
238 END