Context Navigation

pkinit.asn1

Visit:

Last change on this file was 414, checked in by Herwig Bauernfeind, 16 years ago
Samba 3.5.0: Initial import
File size: 5.5 KB

Line
1	-- $Id$ --
2
3	PKINIT DEFINITIONS ::= BEGIN
4
5	IMPORTS EncryptionKey, PrincipalName, Realm, KerberosTime, Checksum, Ticket FROM krb5
6	IssuerAndSerialNumber, ContentInfo FROM cms
7	SubjectPublicKeyInfo, AlgorithmIdentifier FROM rfc2459
8	heim_any FROM heim;
9
10	id-pkinit OBJECT IDENTIFIER ::=
11	{ iso (1) org (3) dod (6) internet (1) security (5)
12	kerberosv5 (2) pkinit (3) }
13
14	id-pkauthdata OBJECT IDENTIFIER ::= { id-pkinit 1 }
15	id-pkdhkeydata OBJECT IDENTIFIER ::= { id-pkinit 2 }
16	id-pkrkeydata OBJECT IDENTIFIER ::= { id-pkinit 3 }
17	id-pkekuoid OBJECT IDENTIFIER ::= { id-pkinit 4 }
18	id-pkkdcekuoid OBJECT IDENTIFIER ::= { id-pkinit 5 }
19
20	id-pkinit-kdf OBJECT IDENTIFIER ::= { id-pkinit 6 }
21	id-pkinit-kdf-ah-sha1 OBJECT IDENTIFIER ::= { id-pkinit-kdf 1 }
22	id-pkinit-kdf-ah-sha256 OBJECT IDENTIFIER ::= { id-pkinit-kdf 2 }
23	id-pkinit-kdf-ah-sha512 OBJECT IDENTIFIER ::= { id-pkinit-kdf 3 }
24
25	id-pkinit-san OBJECT IDENTIFIER ::=
26	{ iso(1) org(3) dod(6) internet(1) security(5) kerberosv5(2)
27	x509-sanan(2) }
28
29	id-pkinit-ms-eku OBJECT IDENTIFIER ::=
30	{ iso(1) org(3) dod(6) internet(1) private(4)
31	enterprise(1) microsoft(311) 20 2 2 }
32
33	id-pkinit-ms-san OBJECT IDENTIFIER ::=
34	{ iso(1) org(3) dod(6) internet(1) private(4)
35	enterprise(1) microsoft(311) 20 2 3 }
36
37	MS-UPN-SAN ::= UTF8String
38
39	pa-pk-as-req INTEGER ::= 16
40	pa-pk-as-rep INTEGER ::= 17
41
42	td-trusted-certifiers INTEGER ::= 104
43	td-invalid-certificates INTEGER ::= 105
44	td-dh-parameters INTEGER ::= 109
45
46	DHNonce ::= OCTET STRING
47
48	KDFAlgorithmId ::= SEQUENCE {
49	kdf-id [0] OBJECT IDENTIFIER,
50	...
51	}
52
53	TrustedCA ::= SEQUENCE {
54	caName [0] IMPLICIT OCTET STRING,
55	certificateSerialNumber [1] INTEGER OPTIONAL,
56	subjectKeyIdentifier [2] OCTET STRING OPTIONAL,
57	...
58	}
59
60	ExternalPrincipalIdentifier ::= SEQUENCE {
61	subjectName [0] IMPLICIT OCTET STRING OPTIONAL,
62	issuerAndSerialNumber [1] IMPLICIT OCTET STRING OPTIONAL,
63	subjectKeyIdentifier [2] IMPLICIT OCTET STRING OPTIONAL,
64	...
65	}
66
67	ExternalPrincipalIdentifiers ::= SEQUENCE OF ExternalPrincipalIdentifier
68
69	PA-PK-AS-REQ ::= SEQUENCE {
70	signedAuthPack [0] IMPLICIT OCTET STRING,
71	trustedCertifiers [1] ExternalPrincipalIdentifiers OPTIONAL,
72	kdcPkId [2] IMPLICIT OCTET STRING OPTIONAL,
73	...
74	}
75
76	PKAuthenticator ::= SEQUENCE {
77	cusec [0] INTEGER -- (0..999999) --,
78	ctime [1] KerberosTime,
79	nonce [2] INTEGER (0..4294967295),
80	paChecksum [3] OCTET STRING OPTIONAL,
81	...
82	}
83
84	AuthPack ::= SEQUENCE {
85	pkAuthenticator [0] PKAuthenticator,
86	clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL,
87	supportedCMSTypes [2] SEQUENCE OF AlgorithmIdentifier OPTIONAL,
88	clientDHNonce [3] DHNonce OPTIONAL,
89	...,
90	supportedKDFs [4] SEQUENCE OF KDFAlgorithmId OPTIONAL,
91	...
92	}
93
94	TD-TRUSTED-CERTIFIERS ::= ExternalPrincipalIdentifiers
95	TD-INVALID-CERTIFICATES ::= ExternalPrincipalIdentifiers
96
97	KRB5PrincipalName ::= SEQUENCE {
98	realm [0] Realm,
99	principalName [1] PrincipalName
100	}
101
102	AD-INITIAL-VERIFIED-CAS ::= SEQUENCE OF ExternalPrincipalIdentifier
103
104	DHRepInfo ::= SEQUENCE {
105	dhSignedData [0] IMPLICIT OCTET STRING,
106	serverDHNonce [1] DHNonce OPTIONAL,
107	...,
108	kdf [2] KDFAlgorithmId OPTIONAL,
109	...
110	}
111
112	PA-PK-AS-REP ::= CHOICE {
113	dhInfo [0] DHRepInfo,
114	encKeyPack [1] IMPLICIT OCTET STRING,
115	...
116	}
117
118	KDCDHKeyInfo ::= SEQUENCE {
119	subjectPublicKey [0] BIT STRING,
120	nonce [1] INTEGER (0..4294967295),
121	dhKeyExpiration [2] KerberosTime OPTIONAL,
122	...
123	}
124
125	ReplyKeyPack ::= SEQUENCE {
126	replyKey [0] EncryptionKey,
127	asChecksum [1] Checksum,
128	...
129	}
130
131	TD-DH-PARAMETERS ::= SEQUENCE OF AlgorithmIdentifier
132
133
134	-- Windows compat glue --
135
136	PKAuthenticator-Win2k ::= SEQUENCE {
137	kdcName [0] PrincipalName,
138	kdcRealm [1] Realm,
139	cusec [2] INTEGER (0..4294967295),
140	ctime [3] KerberosTime,
141	nonce [4] INTEGER (-2147483648..2147483647)
142	}
143
144	AuthPack-Win2k ::= SEQUENCE {
145	pkAuthenticator [0] PKAuthenticator-Win2k,
146	clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL
147	}
148
149
150	TrustedCA-Win2k ::= CHOICE {
151	caName [1] heim_any,
152	issuerAndSerial [2] IssuerAndSerialNumber
153	}
154
155	PA-PK-AS-REQ-Win2k ::= SEQUENCE {
156	signed-auth-pack [0] IMPLICIT OCTET STRING,
157	trusted-certifiers [2] SEQUENCE OF TrustedCA-Win2k OPTIONAL,
158	kdc-cert [3] IMPLICIT OCTET STRING OPTIONAL,
159	encryption-cert [4] IMPLICIT OCTET STRING OPTIONAL
160	}
161
162	PA-PK-AS-REP-Win2k ::= CHOICE {
163	dhSignedData [0] IMPLICIT OCTET STRING,
164	encKeyPack [1] IMPLICIT OCTET STRING
165	}
166
167	KDCDHKeyInfo-Win2k ::= SEQUENCE {
168	nonce [0] INTEGER (-2147483648..2147483647),
169	subjectPublicKey [2] BIT STRING
170	}
171
172	ReplyKeyPack-Win2k ::= SEQUENCE {
173	replyKey [0] EncryptionKey,
174	nonce [1] INTEGER (-2147483648..2147483647),
175	...
176	}
177
178	PA-PK-AS-REP-BTMM ::= SEQUENCE {
179	dhSignedData [0] heim_any OPTIONAL,
180	encKeyPack [1] heim_any OPTIONAL
181	}
182
183
184	PkinitSP80056AOtherInfo ::= SEQUENCE {
185	algorithmID AlgorithmIdentifier,
186	partyUInfo [0] OCTET STRING,
187	partyVInfo [1] OCTET STRING,
188	suppPubInfo [2] OCTET STRING OPTIONAL,
189	suppPrivInfo [3] OCTET STRING OPTIONAL
190	}
191
192	PkinitSuppPubInfo ::= SEQUENCE {
193	enctype [0] INTEGER (-2147483648..2147483647),
194	as-REQ [1] OCTET STRING,
195	pk-as-rep [2] OCTET STRING,
196	ticket [3] Ticket,
197	...
198	}
199
200	END

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format