1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
-- Module IPMSSecurityExtensions (X.420:06/1999)
IPMSSecurityExtensions {joint-iso-itu-t mhs(6) ipms(1) modules(0)
ipm-security-extensions(14) version-1999(1)} DEFINITIONS IMPLICIT TAGS ::=
BEGIN
-- Prologue
-- Exports everything
IMPORTS
-- MTS Abstract Service
Certificates, Content, ContentIntegrityCheck, ExtendedCertificates,
EXTENSION, MessageOriginAuthenticationCheck, MessageToken, EncryptionKey
--==
FROM MTSAbstractService {joint-iso-itu-t mhs(6) mts(3) modules(0)
mts-abstract-service(1) version-1999(1)}
-- IPMS Information Objects
IPMS-EXTENSION
--==
FROM IPMSInformationObjects {joint-iso-itu-t mhs(6) ipms(1) modules(0)
information-objects(2) version-1999(1)}
-- IPMS Heading Extensions
BodyPartNumber
--==
FROM IPMSHeadingExtensions {joint-iso-itu-t mhs(6) ipms(1) modules(0)
heading-extensions(6) version-1999(1)}
-- Directory Authentication Framework
AlgorithmIdentifier, ENCRYPTED{}
--==
FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1)
authenticationFramework(7) 3}
-- Directory Certificate Extensions
CertificateAssertion
--==
FROM CertificateExtensions {joint-iso-itu-t ds(5) module(1)
certificateExtensions(26) 0}
-- IPMS Object Identifiers
id-sec-ipm-security-request, id-sec-security-common-fields
--==
FROM IPMSObjectIdentifiers {joint-iso-itu-t mhs(6) ipms(1) modules(0)
object-identifiers(0) version-1999(1)};
-- Recipient Security Request
recipient-security-request IPMS-EXTENSION ::= {
VALUE RecipientSecurityRequest,
IDENTIFIED BY id-sec-ipm-security-request
}
RecipientSecurityRequest ::= BIT STRING {
content-non-repudiation(0), content-proof(1), ipn-non-repudiation(2),
ipn-proof(3)}
-- IPN Security Response
ipn-security-response IPMS-EXTENSION ::= {
VALUE IpnSecurityResponse,
IDENTIFIED BY id-sec-security-common-fields
}
IpnSecurityResponse ::= SET {
content-or-arguments
CHOICE {original-content OriginalContent,
original-security-arguments
SET {original-content-integrity-check
[0] OriginalContentIntegrityCheck OPTIONAL,
original-message-origin-authentication-check
[1] OriginalMessageOriginAuthenticationCheck OPTIONAL,
original-message-token
[2] OriginalMessageToken OPTIONAL}},
security-diagnostic-code SecurityDiagnosticCode OPTIONAL
}
-- MTS security fields
OriginalContent ::= Content
OriginalContentIntegrityCheck ::= ContentIntegrityCheck
OriginalMessageOriginAuthenticationCheck ::= MessageOriginAuthenticationCheck
OriginalMessageToken ::= MessageToken
-- Security Diagnostic Codes
SecurityDiagnosticCode ::= INTEGER {
integrity-failure-on-subject-message(0),
integrity-failure-on-forwarded-message(1),
moac-failure-on-subject-message(2), unsupported-security-policy(3),
unsupported-algorithm-identifier(4), decryption-failed(5), token-error(6),
unable-to-sign-notification(7), unable-to-sign-message-receipt(8),
authentication-failure-on-subject-message(9),
security-context-failure-message(10), message-sequence-failure(11),
message-security-labelling-failure(12), repudiation-failure-of-message(13),
failure-of-proof-of-message(14), signature-key-unobtainable(15),
decryption-key-unobtainable(16), key-failure(17),
unsupported-request-for-security-service(18),
inconsistent-request-for-security-service(19),
ipn-non-repudiation-provided-instead-of-content-proof(20),
token-decryption-failed(21), double-enveloping-message-restoring-failure(22),
unauthorised-dl-member(23), reception-security-failure(24),
unsuitable-alternate-recipient(25), security-services-refusal(26),
unauthorised-recipient(27), unknown-certification-authority-name(28),
unknown-dl-name(29), unknown-originator-name(30), unknown-recipient-name(31),
security-policy-violation(32)}
-- Security Envelope Extensions
body-part-encryption-token EXTENSION ::= {
BodyPartTokens,
RECOMMENDED CRITICALITY {for-delivery},
IDENTIFIED BY standard-extension:43
}
BodyPartTokens ::=
SET OF
SET {body-part-number BodyPartNumber,
body-part-choice
CHOICE {encryption-token EncryptionToken,
message-or-content-body-part [0] BodyPartTokens}
}
EncryptionToken ::= SET {
encryption-algorithm-identifier AlgorithmIdentifier,
encrypted-key ENCRYPTED{EncryptionKey},
recipient-certificate-selector [0] CertificateAssertion OPTIONAL,
recipient-certificate [1] Certificates OPTIONAL,
originator-certificate-selector [2] CertificateAssertion OPTIONAL,
originator-certificates [3] ExtendedCertificates OPTIONAL,
...
}
forwarded-content-token EXTENSION ::= {
ForwardedContentToken,
RECOMMENDED CRITICALITY {for-delivery},
IDENTIFIED BY standard-extension:44
}
ForwardedContentToken ::=
SET OF
SET {body-part-number BodyPartNumber,
body-part-choice
CHOICE {forwarding-token MessageToken,
message-or-content-body-part ForwardedContentToken
}}
END -- of IPMSSecurityExtensions
-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D
|
