EmailPDU 
{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) li-ps(5) email(2) version5(5)}

DEFINITIONS IMPLICIT TAGS ::=
BEGIN

IMPORTS

	-- from TS 101 671 [4]
	IPAddress
		FROM HI2Operations
		{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) hi2(1) version12(12)};


-- ============================
-- Object Identifier Definition
-- ============================

emailIRIObjId RELATIVE-OID	::= {li-ps(5) email(2) version5(5) iRI(1)}
emailCCObjId RELATIVE-OID	::= {li-ps(5) email(2) version5(5) cC(2)}
	-- definitions are relative to 
	-- {itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulintercept(2)}


-- =============================
-- Email Communications Contents
-- =============================

EmailCC				::= SEQUENCE
	-- EmailCC is the PDU sent for each "piece" of E-mail captured content
{
	emailCCObjId		[0] RELATIVE-OID,
	email-Format		[1] Email-Format,
	content				[2] OCTET STRING
		-- Network byte order
}

Email-Format		::= ENUMERATED
{
	ip-packet(1),
		-- When this is the email format, the content will contain the bytes of the IP packet from 
		-- the IP header through to the end of the IP packet
		-- Meets requirement E.2.7.
	application(2)
		-- Only the IP stack Layer 4 payload, (i.e. no IP or TCP headers)
		-- Meets requirement E.2.8
}

-- =======================================
-- Intercept-related information for Email
-- =======================================

EmailIRI			::= SEQUENCE
	-- EmailIRI is the PDU sent for each "piece" of E-mail IRI
{
	emailIRIObjId				[0] RELATIVE-OID,
	eventType					[1] E-mail-Event,
	client-Address				[2] IPAddress OPTIONAL,
		-- Provided if available
	server-Address				[3] IPAddress OPTIONAL,
		-- Provided if available
	client-Port					[4] INTEGER OPTIONAL,
		-- Provided if available
	server-Port					[5] INTEGER OPTIONAL,
		-- Provided if available
	server-Octets-Sent			[6] INTEGER,
	client-Octets-Sent			[7] INTEGER,
	protocol-ID					[8] E-mail-Protocol,
	e-mail-Sender				[9] UTF8String (SIZE (0..255)) OPTIONAL,
		-- Not available in some cases; if a value is available, it must be provided
	e-mail-Recipients			[10] E-mail-Address-List OPTIONAL,
		-- Not available in some cases; if a value is available, it must be provided
	status						[11] E-mail-Status,
	total-Recipient-Count 		[12] INTEGER (0..4294967295) OPTIONAL,
	message-ID					[13] OCTET STRING OPTIONAL,
		-- Network byte order
	nationalParameter			[14] OCTET STRING OPTIONAL,
		-- Completely defined on a national basis, including byte ordering
	...,
	national-EM-ASN1parameters	[15] National-EM-ASN1parameters OPTIONAL,
		-- Completely defined on a national basis
	aAAInformation				[16] AAAInformation OPTIONAL
}

E-mail-Status	::= ENUMERATED
{
	status-unknown(1),
	operation-failed(2),
	operation-succeeded(3)
}

E-mail-Event	::= ENUMERATED
{
	e-mail-send(1),
	e-mail-receive(2),
	e-mail-download(3),
	...,
	e-mail-logon-attempt(4),
	e-mail-logon(5),
	e-mail-logon-failure(6),
	e-mail-logoff(7),
	e-mail-partial-download(8),
	e-mail-upload(9)
}

E-mail-Protocol		::= ENUMERATED
{
	smtp(1),
	pop3(2),
	undefined(255),
		-- The protocol is not known or not representable by the current enumeration
	...,
	imap4(3)
}

E-mail-Address-List		::= SEQUENCE (SIZE (0..1023)) OF UTF8String(SIZE (0..255))

National-EM-ASN1parameters 		::= SEQUENCE
{
	countryCode		[1] PrintableString (SIZE (2)),
		-- Country Code according to ISO 3166-1 [12],
		-- the country to which the parameters inserted after the extension marker apply
	...
		-- In case a given country wants to use additional national parameters according to its law,
		-- these national parameters should be defined using the ASN.1 syntax and added after the 
		-- extension marker (...)
}

AAAInformation			::= CHOICE
	-- The AAAInformation field allows for POP3 and authenticated SMTP AAA information
{
	pOP3AAAInformation			[0] POP3AAAInformation,
	aSMTPAAAInformation			[1] ASMTPAAAInformation,
	...,
	iMAPAAAInformation			[2] IMAPAAAInformation
}

POP3AAAInformation			::= SEQUENCE
	-- The POP3AAAInformation field contains the POP3 username & optionally the password
{
	username					[0] UTF8String (SIZE (0..64)),
	password					[1] UTF8String (SIZE (0..64)) OPTIONAL,
	aAAResult					[2] AAAResult OPTIONAL,
	...
}

ASMTPAAAInformation			::= SEQUENCE
	-- The ASMTPAAAInformation field contains the SMTP username and
	-- optionally the authentication fields
{
	username					[0] UTF8String (SIZE (0..64)),
	authMethod					[1] AAAauthMethod OPTIONAL,
		-- The hashing method used, i.e. CRAM-MD5, DIGEST-MD5, etc
	challenge					[2] OCTET STRING OPTIONAL,
		-- A BASE64 encoded challenge send by the SMTP server
	response					[3] OCTET STRING OPTIONAL,
		-- A BASE64 encoded hashed response returned by the client
	aAAResult					[4] AAAResult OPTIONAL,
	...
}

IMAPAAAInformation			::= SEQUENCE
	--- The iMAPAAAInformation field contains the IMAP username & optionally the password
{
	username					[0] UTF8String (SIZE (0..64)),
	password					[1] UTF8String (SIZE (0..64)) OPTIONAL,
	aAAResult					[2] AAAResult OPTIONAL,
	...
}

AAAResult	::= ENUMERATED
{
	resultUnknown(1),
	aAAFailed(2),
	aAASucceeded(3),
	...
}

AAAauthMethod	::= ENUMERATED
{
	undefinedAuthMethod(1),
	cramMD5(2),
	digestMD5(3),
	...
}

END -- end of EmailPDU