SecurityModule (Q.815:02/2000)

-- Module SecurityModule (Q.815:02/2000)
-- See also ITU-T Q.815 (02/2000)
-- See also the index of all ASN.1 assignments needed in this document
SecurityModule {itu-t(0) recommendation(0) q(17) q815(815) sm(0) messages(0)}
DEFINITIONS IMPLICIT TAGS ::=
BEGIN

-- EXPORTS everything
IMPORTS
  OPERATION
    FROM Remote-Operations-Information-Objects {joint-iso-itu-t
      remote-operations(4) informationObjects(5) version1(0)}
  InvokeId
    FROM Remote-Operations-Generic-ROS-PDUs {joint-iso-itu-t
      remote-operations(4) generic-ROS-PDUs(6) version1(0)}
  SR-APDU{}
    FROM Secure-Remote-Operations-APDUs {itu-t recommendation q(17) q813(813)
      stase(1) stase-pci(0) stase-data(2)};

-- Useful Types
AlgorithmIdentifier ::= SEQUENCE {
  algorithm   OBJECT IDENTIFIER,
  parameters  NULL
}

Version ::= INTEGER

v1999 Version ::= 0

-- General Syntax
SecureMessage{InvokeId:InvokeIdSet, OPERATION:Invokable, OPERATION:Returnable}
  ::= CHOICE {
  hashedMessage   [0] EXPLICIT HashedMessage,
  signedMessage   [1] EXPLICIT SignedMessage,
  messageReceipt  [2] EXPLICIT IaReceiptMessage,
  sr-APDU
    [3] EXPLICIT SR-APDU{{InvokeIdSet}, {Invokable}, {Returnable}},
  ...
}

-- Hashed Message Syntax 
HashedMessage ::= SEQUENCE {
  hashedVersion            Version DEFAULT v1999,
  hashAlgorithmIdentifier  AlgorithmIdentifier,
  hashedContent            HashedContent, -- Data
  messageDigest            OCTET STRING(SIZE (20))
}

HashedContent ::= CHOICE {
  hashedContent1  GeneralString,
  hashedContent2  IA5String
}

-- Signed Message Syntax
SignedMessage ::= SEQUENCE {
  signedVersion           Version DEFAULT v1999,
  signedDigestAlgorithms  SET OF AlgorithmIdentifier,
  signedContent           SignedContent, -- Data
  signerInfos
    SET OF
      SEQUENCE {signerVersion              Version DEFAULT v1999,
                issuerAndSerialNumber
                  SEQUENCE {issuerCountry
                              SEQUENCE OF
                                SET OF
                                  SEQUENCE {country       OBJECT IDENTIFIER,
                                            countryValue  PrintableString
                                  },
                            issuerOrg
                              SEQUENCE OF
                                SET OF
                                  SEQUENCE {organizationName
                                              OBJECT IDENTIFIER,
                                            organizationValue  PrintableString
                                  },
                            serialNumber   INTEGER},
                signedDigestAlgorithm      AlgorithmIdentifier,
                digestEncryptionAlgorithm  AlgorithmIdentifier,
                encryptedDigest            OCTET STRING}
}

SignedContent ::= CHOICE {
  signedContent1  GeneralString,
  signedContent2  IA5String
}

-- Receipt Message Syntax
IaReceiptMessage ::= SEQUENCE {
  uniqueIdentifier  OCTET STRING, -- A unique identifier within the message
  dateTimeStamp     PrintableString(SIZE (15)),
  enhancements      Enhancements OPTIONAL
}

Enhancements ::= CHOICE {
  withDigest  [0] EXPLICIT WithDigest,
  withDigSig  [1] EXPLICIT WithDigSig
}

WithDigest ::= SEQUENCE {
  receiptDigestAlgorithm  OBJECT IDENTIFIER,
  receiptMessageDigest    OCTET STRING
}

WithDigSig ::= SEQUENCE {
  receiptSignatureAlgorithm  OBJECT IDENTIFIER,
  receiptDigitalSignature    OCTET STRING
}

END
-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D