From cb4c9b305391e2c511afd2e80fe38c7c85aad993 Mon Sep 17 00:00:00 2001 From: Dimitri Sokolyuk Date: Thu, 29 Oct 2015 22:33:02 +0100 Subject: Solve build problem --- asn1include/EnhancedSecurity.asn1 | 367 -------------------------------------- 1 file changed, 367 deletions(-) delete mode 100644 asn1include/EnhancedSecurity.asn1 (limited to 'asn1include/EnhancedSecurity.asn1') diff --git a/asn1include/EnhancedSecurity.asn1 b/asn1include/EnhancedSecurity.asn1 deleted file mode 100644 index 3879987..0000000 --- a/asn1include/EnhancedSecurity.asn1 +++ /dev/null @@ -1,367 +0,0 @@ --- Module EnhancedSecurity (X.501:02/2001) -EnhancedSecurity {joint-iso-itu-t ds(5) module(1) enhancedSecurity(28) 4} -DEFINITIONS IMPLICIT TAGS ::= -BEGIN - --- EXPORTS All -IMPORTS - -- from ITU-T Rec. X.501 | ISO/IEC 9594-2 - authenticationFramework, basicAccessControl, certificateExtensions, - id-at, id-avc, id-mr, informationFramework, upperBounds - FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1) - usefulDefinitions(0) 4} - Attribute, ATTRIBUTE, AttributeType, Context, CONTEXT, MATCHING-RULE, - Name, objectIdentifierMatch, SupportedAttributes - FROM InformationFramework {joint-iso-itu-t ds(5) module(1) - informationFramework(1) 4} - AttributeTypeAndValue - FROM BasicAccessControl {joint-iso-itu-t ds(5) module(1) - basicAccessControl(24) 4} - -- from ITU-T Rec. X.509 | ISO/IEC 9594-8 - AlgorithmIdentifier, CertificateSerialNumber, ENCRYPTED{}, HASH{}, - SIGNED{} - FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1) - authenticationFramework(7) 4} - GeneralName, KeyIdentifier - FROM CertificateExtensions {joint-iso-itu-t ds(5) module(1) - certificateExtensions(26) 4} - ub-privacy-mark-length - FROM UpperBounds {joint-iso-itu-t ds(5) module(1) upperBounds(10) 4}; - --- from GULS --- SECURITY-TRANSFORMATION, PROTECTION-MAPPING, PROTECTED --- FROM Notation { joint-iso-ccitt genericULS (20) modules (1) notation (1) } ---dirSignedTransformation, KEY-INFORMATION --- FROM GulsSecurityTransformations { joint-iso-ccitt genericULS (20) modules (1) --- gulsSecurityTransformations (3) } --- signed --- FROM GulsSecurityTransformations { joint-iso-ccitt genericULS (20) modules (1) --- dirProtectionMappings (4) }; --- The "signed" Protection Mapping and associated "dirSignedTransformations" imported --- from the Generic Upper Layers Security specification (ITU-T Rec. X.830 | ISO/IEC 11586-1) --- results in identical encoding as the same data type used with the SIGNED as defined in --- ITU-T REC. X.509 | ISO/IEC 9594-8 --- The three statements below are provided temporarily to allow signed operations to be supported as in edition 3. -OPTIONALLY-PROTECTED{Type} ::= CHOICE {unsigned Type, - signed SIGNED{Type} -} - -OPTIONALLY-PROTECTED-SEQ{Type} ::= CHOICE { - unsigned Type, - signed [0] SIGNED{Type} -} - --- The following out-commented ASN.1 specification are know to be erroneous and are therefore deprecated. --- genEncryptedTransform {KEY-INFORMATION: SupportedKIClasses } SECURITY-TRANSFORMATION ::= --- { --- IDENTIFIER { enhancedSecurity gen-encrypted(2) } --- INITIAL-ENCODING-RULES { joint-iso-itu-t asn1(1) ber(1) } --- This default for initial encoding rules may be overridden --- using a static protected parameter (initEncRules). --- XFORMED-DATA-TYPE SEQUENCE { --- initEncRules OBJECT IDENTIFIER DEFAULT { joint-iso-itu-t asn1(1) ber(1) }, --- encAlgorithm AlgorithmIdentifier OPTIONAL, -- -- Identifies the encryption algorithm, --- keyInformation SEQUENCE { --- kiClass KEY-INFORMATION.&kiClass ({SupportedKIClasses}), --- keyInfo KEY-INFORMATION.&KiType ({SupportedKIClasses} {@kiClass}) --- } OPTIONAL, --- Key information may assume various formats, governed by supported members --- of the KEY-INFORMATION information object class (defined in ITU-T --- Rec. X.830 | ISO/IEC 11586-1) --- encData BIT STRING ( CONSTRAINED BY { --- the encData value shall be generated following --- the procedure specified in 17.3.1-- -- }) --- } --- } --- encrypted PROTECTION-MAPPING ::= { --- SECURITY-TRANSFORMATION { genEncryptedTransform } } --- signedAndEncrypt PROTECTION-MAPPING ::= { --- SECURITY-TRANSFORMATION { signedAndEncryptedTransform } } --- signedAndEncryptedTransform {KEY-INFORMATION: SupportedKIClasses} --- SECURITY-TRANSFORMATION ::= { --- IDENTIFIER { enhancedSecurity dir-encrypt-sign (1) } --- INITIAL-ENCODING-RULES { joint-iso-itu-t asn1 (1) ber-derived (2) distinguished-encoding (1) } --- XFORMED-DATA-TYPE --- PROTECTED --- { --- PROTECTED --- { --- ABSTRACT-SYNTAX.&Type, --- signed --- }, --- encrypted --- } --- } --- OPTIONALLY-PROTECTED {ToBeProtected, PROTECTION-MAPPING:generalProtection} ::= --- CHOICE { --- toBeProtected ToBeProtected, ---no DIRQOP specified for operation --- signed PROTECTED {ToBeProtected, signed}, ---DIRQOP is Signed --- protected [APPLICATION 0] --- PROTECTED { ToBeProtected, generalProtection } } ---DIRQOP is other than Signed --- defaultDirQop ATTRIBUTE ::= { --- WITH SYNTAX OBJECT IDENTIFIER --- EQUALITY MATCHING RULE objectIdentifierMatch --- USAGE directoryOperation --- ID id-at-defaultDirQop } --- DIRQOP ::= CLASS --- This information object class is used to define the quality of protection --- required throughout directory operation. --- The Quality Of Protection can be signed, encrypted, signedAndEncrypt --- { --- &dirqop-Id OBJECT IDENTIFIER UNIQUE, --- &dirBindError-QOP PROTECTION-MAPPING:protectionReqd, --- &dirErrors-QOP PROTECTION-MAPPING:protectionReqd, --- &dapReadArg-QOP PROTECTION-MAPPING:protectionReqd, --- &dapReadRes-QOP PROTECTION-MAPPING:protectionReqd, --- &dapCompareArg-QOP PROTECTION-MAPPING:protectionReqd, --- &dapCompareRes-QOP PROTECTION-MAPPING:protectionReqd, --- &dapListArg-QOP PROTECTION-MAPPING:protectionReqd, --- &dapListRes-QOP PROTECTION-MAPPING:protectionReqd, --- &dapSearchArg-QOP PROTECTION-MAPPING:protectionReqd, --- &dapSearchRes-QOP PROTECTION-MAPPING:protectionReqd, --- &dapAbandonArg-QOP PROTECTION-MAPPING:protectionReqd, --- &dapAbandonRes-QOP PROTECTION-MAPPING:protectionReqd, --- &dapAddEntryArg-QOP PROTECTION-MAPPING:protectionReqd, --- &dapAddEntryRes-QOP PROTECTION-MAPPING:protectionReqd, --- &dapRemoveEntryArg-QOP PROTECTION-MAPPING:protectionReqd, --- &dapRemoveEntryRes-QOP PROTECTION-MAPPING:protectionReqd, --- &dapModifyEntryArg-QOP PROTECTION-MAPPING:protectionReqd, --- &dapModifyEntryRes-QOP PROTECTION-MAPPING:protectionReqd, --- &dapModifyDNArg-QOP PROTECTION-MAPPING:protectionReqd, --- &dapModifyDNRes-QOP PROTECTION-MAPPING:protectionReqd, --- &dspChainedOp-QOP PROTECTION-MAPPING:protectionReqd, --- &dispShadowAgreeInfo-QOP PROTECTION-MAPPING:protectionReqd, --- &dispCoorShadowArg-QOP PROTECTION-MAPPING:protectionReqd, --- &dispCoorShadowRes-QOP PROTECTION-MAPPING:protectionReqd, --- &dispUpdateShadowArg-QOP PROTECTION-MAPPING:protectionReqd, --- &dispUpdateShadowRes-QOP PROTECTION-MAPPING:protectionReqd, --- &dispRequestShadowUpdateArg-QOP PROTECTION-MAPPING:protectionReqd, --- &dispRequestShadowUpdateRes-QOP PROTECTION-MAPPING:protectionReqd, --- &dopEstablishOpBindArg-QOP PROTECTION-MAPPING:protectionReqd, --- &dopEstablishOpBindRes-QOP PROTECTION-MAPPING:protectionReqd, --- &dopModifyOpBindArg-QOP PROTECTION-MAPPING:protectionReqd, --- &dopModifyOpBindRes-QOP PROTECTION-MAPPING:protectionReqd, --- &dopTermOpBindArg-QOP PROTECTION-MAPPING:protectionReqd, --- &dopTermOpBindRes-QOP PROTECTION-MAPPING:protectionReqd --- } --- WITH SYNTAX --- { --- DIRQOP-ID &dirqop-Id --- DIRECTORYBINDERROR-QOP &dirBindError-QOP --- DIRERRORS-QOP &dirErrors-QOP --- DAPREADARG-QOP &dapReadArg-QOP --- DAPREADRES-QOP &dapReadRes-QOP --- DAPCOMPAREARG-QOP &dapCompareArg-QOP --- DAPCOMPARERES-QOP &dapCompareRes-QOP --- DAPLISTARG-QOP &dapListArg-QOP --- DAPLISTRES-QOP &dapListRes-QOP --- DAPSEARCHARG-QOP &dapSearchArg-QOP --- DAPSEARCHRES-QOP &dapSearchRes-QOP --- DAPABANDONARG-QOP &dapAbandonArg-QOP --- DAPABANDONRES-QOP &dapAbandonRes-QOP --- DAPADDENTRYARG-QOP &dapAddEntryArg-QOP --- DAPADDENTRYRES-QOP &dapAddEntryRes-QOP --- DAPREMOVEENTRYARG-QOP &dapRemoveEntryArg-QOP --- DAPREMOVEENTRYRES-QOP &dapRemoveEntryRes-QOP --- DAPMODIFYENTRYARG-QOP &dapModifyEntryArg-QOP --- DAPMODIFYENTRYRES-QOP &dapModifyEntryRes-QOP --- DAPMODIFYDNARG-QOP &dapModifyDNArg-QOP --- DAPMODIFYDNRES-QOP &dapModifyDNRes-QOP --- DSPCHAINEDOP-QOP &dspChainedOp-QOP --- DISPSHADOWAGREEINFO-QOP &dispShadowAgreeInfo-QOP --- DISPCOORSHADOWARG-QOP &dispCoorShadowArg-QOP --- DISPCOORSHADOWRES-QOP &dispCoorShadowRes-QOP --- DISPUPDATESHADOWARG-QOP &dispUpdateShadowArg-QOP --- DISPUPDATESHADOWRES-QOP &dispUpdateShadowRes-QOP --- DISPREQUESTSHADOWUPDATEARG-QOP &dispRequestShadowUpdateArg-QOP --- DISPREQUESTSHADOWUPDATERES-QOP &dispRequestShadowUpdateRes-QOP --- DOPESTABLISHOPBINDARG-QOP &dopEstablishOpBindArg-QOP --- DOPESTABLISHOPBINDRES-QOP &dopEstablishOpBindRes-QOP --- DOPMODIFYOPBINDARG-QOP &dopModifyOpBindArg-QOP --- DOPMODIFYOPBINDRES-QOP &dopModifyOpBindRes-QOP --- DOPTERMINATEOPBINDARG-QOP &dopTermOpBindArg-QOP --- DOPTERMINATEOPBINDRES-QOP &dopTermOpBindRes-QOP ---} -attributeValueSecurityLabelContext CONTEXT ::= { - WITH SYNTAX - SignedSecurityLabel -- At most one security label context can be assigned to an - -- attribute value - ID id-avc-attributeValueSecurityLabelContext -} - -SignedSecurityLabel ::= - SIGNED - {SEQUENCE {attHash HASH{AttributeTypeAndValue}, - issuer Name OPTIONAL, -- name of labelling authority - keyIdentifier KeyIdentifier OPTIONAL, - securityLabel SecurityLabel}} - -SecurityLabel ::= SET { - security-policy-identifier SecurityPolicyIdentifier OPTIONAL, - security-classification SecurityClassification OPTIONAL, - privacy-mark PrivacyMark OPTIONAL, - security-categories SecurityCategories OPTIONAL -}(ALL EXCEPT ({ --none, at least one component shall be presen--})) - -SecurityPolicyIdentifier ::= OBJECT IDENTIFIER - -SecurityClassification ::= INTEGER { - unmarked(0), unclassified(1), restricted(2), confidential(3), secret(4), - top-secret(5)} - -PrivacyMark ::= PrintableString(SIZE (1..ub-privacy-mark-length)) - -SecurityCategories ::= SET SIZE (1..MAX) OF SecurityCategory - -clearance ATTRIBUTE ::= {WITH SYNTAX Clearance - ID id-at-clearance -} - -Clearance ::= SEQUENCE { - policyId OBJECT IDENTIFIER, - classList ClassList DEFAULT {unclassified}, - securityCategories SET SIZE (1..MAX) OF SecurityCategory OPTIONAL -} - -ClassList ::= BIT STRING { - unmarked(0), unclassified(1), restricted(2), confidential(3), secret(4), - topSecret(5)} - -SecurityCategory ::= SEQUENCE { - type [0] SECURITY-CATEGORY.&id({SecurityCategoriesTable}), - value [1] EXPLICIT SECURITY-CATEGORY.&Type({SecurityCategoriesTable}{@type}) -} - -SECURITY-CATEGORY ::= TYPE-IDENTIFIER - -SecurityCategoriesTable SECURITY-CATEGORY ::= - {...} - -attributeIntegrityInfo ATTRIBUTE ::= { - WITH SYNTAX AttributeIntegrityInfo - ID id-at-attributeIntegrityInfo -} - -AttributeIntegrityInfo ::= - SIGNED - {SEQUENCE {scope Scope, -- Identifies the attributes protected - signer Signer OPTIONAL, -- Authority or data originators name - attribsHash AttribsHash}} -- Hash value of protected attributes - -Signer ::= CHOICE { - thisEntry [0] EXPLICIT ThisEntry, - thirdParty [1] SpecificallyIdentified -} - -ThisEntry ::= CHOICE {onlyOne NULL, - specific IssuerAndSerialNumber -} - -IssuerAndSerialNumber ::= SEQUENCE { - issuer Name, - serial CertificateSerialNumber -} - -SpecificallyIdentified ::= SEQUENCE { - name GeneralName, - issuer GeneralName OPTIONAL, - serial CertificateSerialNumber OPTIONAL -} -(WITH COMPONENTS { - ..., - issuer PRESENT, - serial PRESENT - } | (WITH COMPONENTS { - ..., - issuer ABSENT, - serial ABSENT - })) - -Scope ::= CHOICE { - wholeEntry [0] NULL, -- Signature protects all attribute values in this entry - selectedTypes [1] SelectedTypes - -- Signature protects all attribute values of the selected attribute types -} - -SelectedTypes ::= SEQUENCE SIZE (1..MAX) OF AttributeType - -AttribsHash ::= HASH{SEQUENCE SIZE (1..MAX) OF Attribute} - --- Attribute type and values with associated context values for the selected Scope -attributeValueIntegrityInfoContext CONTEXT ::= { - WITH SYNTAX AttributeValueIntegrityInfo - ID id-avc-attributeValueIntegrityInfoContext -} - -AttributeValueIntegrityInfo ::= - SIGNED - {SEQUENCE {signer Signer OPTIONAL, -- Authority or data originators name - aVIHash AVIHash}} -- Hash value of protected attribute - -AVIHash ::= HASH{AttributeTypeValueContexts} - --- Attribute type and value with associated context values -AttributeTypeValueContexts ::= SEQUENCE { - type ATTRIBUTE.&id({SupportedAttributes}), - value ATTRIBUTE.&Type({SupportedAttributes}{@type}), - contextList SET SIZE (1..MAX) OF Context OPTIONAL -} - --- The following out-commented ASN.1 specification are know to be erroneous and are therefore deprecated. --- EncryptedAttributeSyntax {AttributeSyntax} ::= SEQUENCE { --- keyInfo SEQUENCE OF KeyIdOrProtectedKey, --- encAlg AlgorithmIdentifier, --- encValue ENCRYPTED { AttributeSyntax } } --- KeyIdOrProtectedKey ::= SEQUENCE { --- keyIdentifier [0] KeyIdentifier OPTIONAL, --- protectedKeys [1] ProtectedKey OPTIONAL } --- At least one key identifier or protected key shall be present --- ProtectedKey ::= SEQUENCE { --- authReaders AuthReaders,-- -- if absent, use attribute in authorized reader entry --- keyEncAlg AlgorithmIdentifier OPTIONAL, -- -- algorithm to encrypt encAttrKey --- encAttKey EncAttKey } --- confidentiality key protected with authorized user's --- protection mechanism --- AuthReaders ::= SEQUENCE OF Name --- EncAttKey ::= PROTECTED {SymmetricKey, keyProtection} --- SymmetricKey ::= BIT STRING --- keyProtection PROTECTION-MAPPING ::= { --- SECURITY-TRANSFORMATION {genEncryption} } --- confKeyInfo ATTRIBUTE ::= { --- WITH SYNTAX ConfKeyInfo --- EQUALITY MATCHING RULE readerAndKeyIDMatch --- ID id-at-confKeyInfo } --- ConfKeyInfo ::= SEQUENCE { --- keyIdentifier KeyIdentifier, --- protectedKey ProtectedKey } --- readerAndKeyIDMatch MATCHING-RULE ::= { --- SYNTAX ReaderAndKeyIDAssertion --- ID id-mr-readerAndKeyIDMatch } --- ReaderAndKeyIDAssertion ::= SEQUENCE { --- keyIdentifier KeyIdentifier, --- authReaders AuthReaders OPTIONAL } --- Object identifier assignments --- attributes -id-at-clearance OBJECT IDENTIFIER ::= - {id-at 55} - --- id-at-defaultDirQop OBJECT IDENTIFIER ::= {id-at 56} -id-at-attributeIntegrityInfo OBJECT IDENTIFIER ::= - {id-at 57} - --- id-at-confKeyInfo OBJECT IDENTIFIER ::= {id-at 60} --- matching rules --- id-mr-readerAndKeyIDMatch OBJECT IDENTIFIER ::= {id-mr 43} --- contexts -id-avc-attributeValueSecurityLabelContext OBJECT IDENTIFIER ::= - {id-avc 3} - -id-avc-attributeValueIntegrityInfoContext OBJECT IDENTIFIER ::= {id-avc 4} - -END -- EnhancedSecurity - --- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D - -- cgit v1.2.3