IPMSSecurityExtensions (X.420:06/1999)

-- Module IPMSSecurityExtensions (X.420:06/1999)
-- See also ITU-T X.420 (06/1999)
-- See also the index of all ASN.1 assignments needed in this document
IPMSSecurityExtensions {joint-iso-itu-t mhs(6) ipms(1) modules(0)
  ipm-security-extensions(14) version-1999(1)} DEFINITIONS IMPLICIT TAGS ::=
BEGIN

-- Prologue
-- Exports everything
IMPORTS
  -- MTS Abstract Service
  Certificates, Content, ContentIntegrityCheck, ExtendedCertificates,
    EXTENSION, MessageOriginAuthenticationCheck, MessageToken, EncryptionKey
    --==
    FROM MTSAbstractService {joint-iso-itu-t mhs(6) mts(3) modules(0)
      mts-abstract-service(1) version-1999(1)}
  -- IPMS Information Objects
  IPMS-EXTENSION
    --==
    FROM IPMSInformationObjects {joint-iso-itu-t mhs(6) ipms(1) modules(0)
      information-objects(2) version-1999(1)}
  -- IPMS Heading Extensions
  BodyPartNumber
    --==
    FROM IPMSHeadingExtensions {joint-iso-itu-t mhs(6) ipms(1) modules(0)
      heading-extensions(6) version-1999(1)}
  -- Directory Authentication Framework
  AlgorithmIdentifier, ENCRYPTED{}
    --==
    FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1)
      authenticationFramework(7) 3}
  -- Directory Certificate Extensions
  CertificateAssertion
    --==
    FROM CertificateExtensions {joint-iso-itu-t ds(5) module(1)
      certificateExtensions(26) 0}
  -- IPMS Object Identifiers
  id-sec-ipm-security-request, id-sec-security-common-fields
    --==
    FROM IPMSObjectIdentifiers {joint-iso-itu-t mhs(6) ipms(1) modules(0)
      object-identifiers(0) version-1999(1)};

-- Recipient Security Request
recipient-security-request IPMS-EXTENSION ::= {
  VALUE          RecipientSecurityRequest,
  IDENTIFIED BY  id-sec-ipm-security-request
}

RecipientSecurityRequest ::= BIT STRING {
  content-non-repudiation(0), content-proof(1), ipn-non-repudiation(2),
  ipn-proof(3)}

-- IPN Security Response
ipn-security-response IPMS-EXTENSION ::= {
  VALUE          IpnSecurityResponse,
  IDENTIFIED BY  id-sec-security-common-fields
}

IpnSecurityResponse ::= SET {
  content-or-arguments
    CHOICE {original-content             OriginalContent,
            original-security-arguments
              SET {original-content-integrity-check
                     [0]  OriginalContentIntegrityCheck OPTIONAL,
                   original-message-origin-authentication-check
                     [1]  OriginalMessageOriginAuthenticationCheck OPTIONAL,
                   original-message-token
                     [2]  OriginalMessageToken OPTIONAL}},
  security-diagnostic-code  SecurityDiagnosticCode OPTIONAL
}

-- MTS security fields
OriginalContent ::= Content

OriginalContentIntegrityCheck ::= ContentIntegrityCheck

OriginalMessageOriginAuthenticationCheck ::= MessageOriginAuthenticationCheck

OriginalMessageToken ::= MessageToken

-- Security Diagnostic Codes
SecurityDiagnosticCode ::= INTEGER {
  integrity-failure-on-subject-message(0),
  integrity-failure-on-forwarded-message(1),
  moac-failure-on-subject-message(2), unsupported-security-policy(3),
  unsupported-algorithm-identifier(4), decryption-failed(5), token-error(6),
  unable-to-sign-notification(7), unable-to-sign-message-receipt(8),
  authentication-failure-on-subject-message(9),
  security-context-failure-message(10), message-sequence-failure(11),
  message-security-labelling-failure(12), repudiation-failure-of-message(13),
  failure-of-proof-of-message(14), signature-key-unobtainable(15),
  decryption-key-unobtainable(16), key-failure(17),
  unsupported-request-for-security-service(18),
  inconsistent-request-for-security-service(19),
  ipn-non-repudiation-provided-instead-of-content-proof(20),
  token-decryption-failed(21), double-enveloping-message-restoring-failure(22),
  unauthorised-dl-member(23), reception-security-failure(24),
  unsuitable-alternate-recipient(25), security-services-refusal(26),
  unauthorised-recipient(27), unknown-certification-authority-name(28),
  unknown-dl-name(29), unknown-originator-name(30), unknown-recipient-name(31),
  security-policy-violation(32)}

-- Security Envelope Extensions
body-part-encryption-token EXTENSION ::= {
  BodyPartTokens,
  RECOMMENDED CRITICALITY  {for-delivery},
  IDENTIFIED BY            standard-extension:43
}

BodyPartTokens ::=
  SET OF
    SET {body-part-number  BodyPartNumber,
         body-part-choice
           CHOICE {encryption-token              EncryptionToken,
                   message-or-content-body-part  [0]  BodyPartTokens}
    }

EncryptionToken ::= SET {
  encryption-algorithm-identifier  AlgorithmIdentifier,
  encrypted-key                    ENCRYPTED{EncryptionKey},
  recipient-certificate-selector   [0]  CertificateAssertion OPTIONAL,
  recipient-certificate            [1]  Certificates OPTIONAL,
  originator-certificate-selector  [2]  CertificateAssertion OPTIONAL,
  originator-certificates          [3]  ExtendedCertificates OPTIONAL,
  ...
}

forwarded-content-token EXTENSION ::= {
  ForwardedContentToken,
  RECOMMENDED CRITICALITY  {for-delivery},
  IDENTIFIED BY            standard-extension:44
}

ForwardedContentToken ::=
  SET OF
    SET {body-part-number  BodyPartNumber,
         body-part-choice
           CHOICE {forwarding-token              MessageToken,
                   message-or-content-body-part  ForwardedContentToken
         }}

END -- of IPMSSecurityExtensions
-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D