pkinit.asn1 revision 256281
1178825Sdfr-- $Id$ -- 2178825Sdfr 3178825SdfrPKINIT DEFINITIONS ::= BEGIN 4178825Sdfr 5178825SdfrIMPORTS EncryptionKey, PrincipalName, Realm, KerberosTime, Checksum, Ticket FROM krb5 6178825Sdfr IssuerAndSerialNumber, ContentInfo FROM cms 7178825Sdfr SubjectPublicKeyInfo, AlgorithmIdentifier FROM rfc2459 8178825Sdfr heim_any FROM heim; 9178825Sdfr 10178825Sdfrid-pkinit OBJECT IDENTIFIER ::= 11178825Sdfr { iso (1) org (3) dod (6) internet (1) security (5) 12178825Sdfr kerberosv5 (2) pkinit (3) } 13178825Sdfr 14178825Sdfrid-pkauthdata OBJECT IDENTIFIER ::= { id-pkinit 1 } 15178825Sdfrid-pkdhkeydata OBJECT IDENTIFIER ::= { id-pkinit 2 } 16178825Sdfrid-pkrkeydata OBJECT IDENTIFIER ::= { id-pkinit 3 } 17178825Sdfrid-pkekuoid OBJECT IDENTIFIER ::= { id-pkinit 4 } 18178825Sdfrid-pkkdcekuoid OBJECT IDENTIFIER ::= { id-pkinit 5 } 19178825Sdfr 20178825Sdfrid-pkinit-kdf OBJECT IDENTIFIER ::= { id-pkinit 6 } 21178825Sdfrid-pkinit-kdf-ah-sha1 OBJECT IDENTIFIER ::= { id-pkinit-kdf 1 } 22178825Sdfrid-pkinit-kdf-ah-sha256 OBJECT IDENTIFIER ::= { id-pkinit-kdf 2 } 23178825Sdfrid-pkinit-kdf-ah-sha512 OBJECT IDENTIFIER ::= { id-pkinit-kdf 3 } 24178825Sdfr 25178825Sdfrid-pkinit-san OBJECT IDENTIFIER ::= 26178825Sdfr { iso(1) org(3) dod(6) internet(1) security(5) kerberosv5(2) 27178825Sdfr x509-sanan(2) } 28178825Sdfr 29178825Sdfrid-pkinit-ms-eku OBJECT IDENTIFIER ::= 30178825Sdfr { iso(1) org(3) dod(6) internet(1) private(4) 31178825Sdfr enterprise(1) microsoft(311) 20 2 2 } 32178825Sdfr 33178825Sdfrid-pkinit-ms-san OBJECT IDENTIFIER ::= 34178825Sdfr { iso(1) org(3) dod(6) internet(1) private(4) 35178825Sdfr enterprise(1) microsoft(311) 20 2 3 } 36178825Sdfr 37178825SdfrMS-UPN-SAN ::= UTF8String 38178825Sdfr 39178825Sdfrpa-pk-as-req INTEGER ::= 16 40178825Sdfrpa-pk-as-rep INTEGER ::= 17 41178825Sdfr 42178825Sdfrtd-trusted-certifiers INTEGER ::= 104 43178825Sdfrtd-invalid-certificates INTEGER ::= 105 44178825Sdfrtd-dh-parameters INTEGER ::= 109 45178825Sdfr 46178825SdfrDHNonce ::= OCTET STRING 47178825Sdfr 48178825SdfrKDFAlgorithmId ::= SEQUENCE { 49178825Sdfr kdf-id [0] OBJECT IDENTIFIER, 50178825Sdfr ... 51178825Sdfr} 52178825Sdfr 53178825SdfrTrustedCA ::= SEQUENCE { 54178825Sdfr caName [0] IMPLICIT OCTET STRING, 55178825Sdfr certificateSerialNumber [1] INTEGER OPTIONAL, 56178825Sdfr subjectKeyIdentifier [2] OCTET STRING OPTIONAL, 57178825Sdfr ... 58178825Sdfr} 59178825Sdfr 60178825SdfrExternalPrincipalIdentifier ::= SEQUENCE { 61178825Sdfr subjectName [0] IMPLICIT OCTET STRING OPTIONAL, 62178825Sdfr issuerAndSerialNumber [1] IMPLICIT OCTET STRING OPTIONAL, 63178825Sdfr subjectKeyIdentifier [2] IMPLICIT OCTET STRING OPTIONAL, 64178825Sdfr ... 65178825Sdfr} 66178825Sdfr 67178825SdfrExternalPrincipalIdentifiers ::= SEQUENCE OF ExternalPrincipalIdentifier 68178825Sdfr 69178825SdfrPA-PK-AS-REQ ::= SEQUENCE { 70178825Sdfr signedAuthPack [0] IMPLICIT OCTET STRING, 71178825Sdfr trustedCertifiers [1] ExternalPrincipalIdentifiers OPTIONAL, 72178825Sdfr kdcPkId [2] IMPLICIT OCTET STRING OPTIONAL, 73178825Sdfr ... 74178825Sdfr} 75178825Sdfr 76178825SdfrPKAuthenticator ::= SEQUENCE { 77178825Sdfr cusec [0] INTEGER -- (0..999999) --, 78178825Sdfr ctime [1] KerberosTime, 79178825Sdfr nonce [2] INTEGER (0..4294967295), 80178825Sdfr paChecksum [3] OCTET STRING OPTIONAL, 81178825Sdfr ... 82178825Sdfr} 83178825Sdfr 84178825SdfrAuthPack ::= SEQUENCE { 85178825Sdfr pkAuthenticator [0] PKAuthenticator, 86178825Sdfr clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL, 87178825Sdfr supportedCMSTypes [2] SEQUENCE OF AlgorithmIdentifier OPTIONAL, 88178825Sdfr clientDHNonce [3] DHNonce OPTIONAL, 89178825Sdfr ..., 90178825Sdfr supportedKDFs [4] SEQUENCE OF KDFAlgorithmId OPTIONAL, 91178825Sdfr ... 92178825Sdfr} 93178825Sdfr 94178825SdfrTD-TRUSTED-CERTIFIERS ::= ExternalPrincipalIdentifiers 95178825SdfrTD-INVALID-CERTIFICATES ::= ExternalPrincipalIdentifiers 96178825Sdfr 97178825SdfrKRB5PrincipalName ::= SEQUENCE { 98178825Sdfr realm [0] Realm, 99178825Sdfr principalName [1] PrincipalName 100178825Sdfr} 101178825Sdfr 102178825SdfrAD-INITIAL-VERIFIED-CAS ::= SEQUENCE OF ExternalPrincipalIdentifier 103178825Sdfr 104178825SdfrDHRepInfo ::= SEQUENCE { 105178825Sdfr dhSignedData [0] IMPLICIT OCTET STRING, 106178825Sdfr serverDHNonce [1] DHNonce OPTIONAL, 107178825Sdfr ..., 108178825Sdfr kdf [2] KDFAlgorithmId OPTIONAL, 109178825Sdfr ... 110178825Sdfr} 111178825Sdfr 112178825SdfrPA-PK-AS-REP ::= CHOICE { 113178825Sdfr dhInfo [0] DHRepInfo, 114178825Sdfr encKeyPack [1] IMPLICIT OCTET STRING, 115178825Sdfr ... 116178825Sdfr} 117178825Sdfr 118178825SdfrKDCDHKeyInfo ::= SEQUENCE { 119178825Sdfr subjectPublicKey [0] BIT STRING, 120178825Sdfr nonce [1] INTEGER (0..4294967295), 121178825Sdfr dhKeyExpiration [2] KerberosTime OPTIONAL, 122178825Sdfr ... 123178825Sdfr} 124178825Sdfr 125178825SdfrReplyKeyPack ::= SEQUENCE { 126178825Sdfr replyKey [0] EncryptionKey, 127178825Sdfr asChecksum [1] Checksum, 128178825Sdfr ... 129178825Sdfr} 130178825Sdfr 131178825SdfrTD-DH-PARAMETERS ::= SEQUENCE OF AlgorithmIdentifier 132178825Sdfr 133178825Sdfr 134178825Sdfr-- Windows compat glue -- 135178825Sdfr 136178825SdfrPKAuthenticator-Win2k ::= SEQUENCE { 137178825Sdfr kdcName [0] PrincipalName, 138178825Sdfr kdcRealm [1] Realm, 139178825Sdfr cusec [2] INTEGER (0..4294967295), 140178825Sdfr ctime [3] KerberosTime, 141178825Sdfr nonce [4] INTEGER (-2147483648..2147483647) 142178825Sdfr} 143178825Sdfr 144178825SdfrAuthPack-Win2k ::= SEQUENCE { 145178825Sdfr pkAuthenticator [0] PKAuthenticator-Win2k, 146178825Sdfr clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL 147178825Sdfr} 148178825Sdfr 149178825Sdfr 150178825SdfrTrustedCA-Win2k ::= CHOICE { 151178825Sdfr caName [1] heim_any, 152178825Sdfr issuerAndSerial [2] IssuerAndSerialNumber 153178825Sdfr} 154178825Sdfr 155178825SdfrPA-PK-AS-REQ-Win2k ::= SEQUENCE { 156178825Sdfr signed-auth-pack [0] IMPLICIT OCTET STRING, 157178825Sdfr trusted-certifiers [2] SEQUENCE OF TrustedCA-Win2k OPTIONAL, 158178825Sdfr kdc-cert [3] IMPLICIT OCTET STRING OPTIONAL, 159178825Sdfr encryption-cert [4] IMPLICIT OCTET STRING OPTIONAL 160178825Sdfr} 161178825Sdfr 162178825SdfrPA-PK-AS-REP-Win2k ::= CHOICE { 163178825Sdfr dhSignedData [0] IMPLICIT OCTET STRING, 164178825Sdfr encKeyPack [1] IMPLICIT OCTET STRING 165178825Sdfr} 166178825Sdfr 167178825SdfrKDCDHKeyInfo-Win2k ::= SEQUENCE { 168178825Sdfr nonce [0] INTEGER (-2147483648..2147483647), 169178825Sdfr subjectPublicKey [2] BIT STRING 170178825Sdfr} 171178825Sdfr 172178825SdfrReplyKeyPack-Win2k ::= SEQUENCE { 173178825Sdfr replyKey [0] EncryptionKey, 174178825Sdfr nonce [1] INTEGER (-2147483648..2147483647), 175178825Sdfr ... 176178825Sdfr} 177178825Sdfr 178178825SdfrPA-PK-AS-REP-BTMM ::= SEQUENCE { 179178825Sdfr dhSignedData [0] heim_any OPTIONAL, 180178825Sdfr encKeyPack [1] heim_any OPTIONAL 181178825Sdfr} 182178825Sdfr 183178825Sdfr 184178825SdfrPkinitSP80056AOtherInfo ::= SEQUENCE { 185178825Sdfr algorithmID AlgorithmIdentifier, 186178825Sdfr partyUInfo [0] OCTET STRING, 187178825Sdfr partyVInfo [1] OCTET STRING, 188178825Sdfr suppPubInfo [2] OCTET STRING OPTIONAL, 189178825Sdfr suppPrivInfo [3] OCTET STRING OPTIONAL 190178825Sdfr} 191178825Sdfr 192178825SdfrPkinitSuppPubInfo ::= SEQUENCE { 193178825Sdfr enctype [0] INTEGER (-2147483648..2147483647), 194 as-REQ [1] OCTET STRING, 195 pk-as-rep [2] OCTET STRING, 196 ticket [3] Ticket, 197 ... 198} 199 200END 201