1178825Sdfr-- $Id$ -- 2178825Sdfr 372445SassarPKINIT DEFINITIONS ::= BEGIN 472445Sassar 5178825SdfrIMPORTS EncryptionKey, PrincipalName, Realm, KerberosTime, Checksum, Ticket FROM krb5 6178825Sdfr IssuerAndSerialNumber, ContentInfo FROM cms 7178825Sdfr SubjectPublicKeyInfo, AlgorithmIdentifier FROM rfc2459 8178825Sdfr heim_any FROM heim; 972445Sassar 10178825Sdfrid-pkinit OBJECT IDENTIFIER ::= 11178825Sdfr { iso (1) org (3) dod (6) internet (1) security (5) 12178825Sdfr kerberosv5 (2) pkinit (3) } 1372445Sassar 14178825Sdfrid-pkauthdata OBJECT IDENTIFIER ::= { id-pkinit 1 } 15178825Sdfrid-pkdhkeydata OBJECT IDENTIFIER ::= { id-pkinit 2 } 16178825Sdfrid-pkrkeydata OBJECT IDENTIFIER ::= { id-pkinit 3 } 17178825Sdfrid-pkekuoid OBJECT IDENTIFIER ::= { id-pkinit 4 } 18178825Sdfrid-pkkdcekuoid OBJECT IDENTIFIER ::= { id-pkinit 5 } 1972445Sassar 20233294Sstasid-pkinit-kdf OBJECT IDENTIFIER ::= { id-pkinit 6 } 21233294Sstasid-pkinit-kdf-ah-sha1 OBJECT IDENTIFIER ::= { id-pkinit-kdf 1 } 22233294Sstasid-pkinit-kdf-ah-sha256 OBJECT IDENTIFIER ::= { id-pkinit-kdf 2 } 23233294Sstasid-pkinit-kdf-ah-sha512 OBJECT IDENTIFIER ::= { id-pkinit-kdf 3 } 24233294Sstas 25178825Sdfrid-pkinit-san OBJECT IDENTIFIER ::= 26178825Sdfr { iso(1) org(3) dod(6) internet(1) security(5) kerberosv5(2) 27178825Sdfr x509-sanan(2) } 2872445Sassar 29178825Sdfrid-pkinit-ms-eku OBJECT IDENTIFIER ::= 30233294Sstas { iso(1) org(3) dod(6) internet(1) private(4) 31178825Sdfr enterprise(1) microsoft(311) 20 2 2 } 3272445Sassar 33178825Sdfrid-pkinit-ms-san OBJECT IDENTIFIER ::= 34233294Sstas { iso(1) org(3) dod(6) internet(1) private(4) 35178825Sdfr enterprise(1) microsoft(311) 20 2 3 } 3672445Sassar 37178825SdfrMS-UPN-SAN ::= UTF8String 3872445Sassar 39178825Sdfrpa-pk-as-req INTEGER ::= 16 40178825Sdfrpa-pk-as-rep INTEGER ::= 17 4172445Sassar 42178825Sdfrtd-trusted-certifiers INTEGER ::= 104 43178825Sdfrtd-invalid-certificates INTEGER ::= 105 44178825Sdfrtd-dh-parameters INTEGER ::= 109 4572445Sassar 46178825SdfrDHNonce ::= OCTET STRING 4772445Sassar 48178825SdfrKDFAlgorithmId ::= SEQUENCE { 49178825Sdfr kdf-id [0] OBJECT IDENTIFIER, 50178825Sdfr ... 51178825Sdfr} 5272445Sassar 53178825SdfrTrustedCA ::= SEQUENCE { 54178825Sdfr caName [0] IMPLICIT OCTET STRING, 55178825Sdfr certificateSerialNumber [1] INTEGER OPTIONAL, 56178825Sdfr subjectKeyIdentifier [2] OCTET STRING OPTIONAL, 57178825Sdfr ... 5872445Sassar} 5972445Sassar 60178825SdfrExternalPrincipalIdentifier ::= SEQUENCE { 61178825Sdfr subjectName [0] IMPLICIT OCTET STRING OPTIONAL, 62178825Sdfr issuerAndSerialNumber [1] IMPLICIT OCTET STRING OPTIONAL, 63178825Sdfr subjectKeyIdentifier [2] IMPLICIT OCTET STRING OPTIONAL, 64178825Sdfr ... 6572445Sassar} 6672445Sassar 67178825SdfrExternalPrincipalIdentifiers ::= SEQUENCE OF ExternalPrincipalIdentifier 6872445Sassar 69178825SdfrPA-PK-AS-REQ ::= SEQUENCE { 70178825Sdfr signedAuthPack [0] IMPLICIT OCTET STRING, 71178825Sdfr trustedCertifiers [1] ExternalPrincipalIdentifiers OPTIONAL, 72178825Sdfr kdcPkId [2] IMPLICIT OCTET STRING OPTIONAL, 73178825Sdfr ... 7472445Sassar} 7572445Sassar 76178825SdfrPKAuthenticator ::= SEQUENCE { 77178825Sdfr cusec [0] INTEGER -- (0..999999) --, 78178825Sdfr ctime [1] KerberosTime, 79178825Sdfr nonce [2] INTEGER (0..4294967295), 80178825Sdfr paChecksum [3] OCTET STRING OPTIONAL, 8172445Sassar ... 8272445Sassar} 8372445Sassar 84178825SdfrAuthPack ::= SEQUENCE { 85178825Sdfr pkAuthenticator [0] PKAuthenticator, 86178825Sdfr clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL, 87178825Sdfr supportedCMSTypes [2] SEQUENCE OF AlgorithmIdentifier OPTIONAL, 88178825Sdfr clientDHNonce [3] DHNonce OPTIONAL, 89178825Sdfr ..., 90178825Sdfr supportedKDFs [4] SEQUENCE OF KDFAlgorithmId OPTIONAL, 91178825Sdfr ... 9272445Sassar} 9372445Sassar 94178825SdfrTD-TRUSTED-CERTIFIERS ::= ExternalPrincipalIdentifiers 95178825SdfrTD-INVALID-CERTIFICATES ::= ExternalPrincipalIdentifiers 9672445Sassar 97178825SdfrKRB5PrincipalName ::= SEQUENCE { 98178825Sdfr realm [0] Realm, 99178825Sdfr principalName [1] PrincipalName 100178825Sdfr} 10172445Sassar 102178825SdfrAD-INITIAL-VERIFIED-CAS ::= SEQUENCE OF ExternalPrincipalIdentifier 10372445Sassar 104178825SdfrDHRepInfo ::= SEQUENCE { 105178825Sdfr dhSignedData [0] IMPLICIT OCTET STRING, 106178825Sdfr serverDHNonce [1] DHNonce OPTIONAL, 107178825Sdfr ..., 108178825Sdfr kdf [2] KDFAlgorithmId OPTIONAL, 109178825Sdfr ... 110178825Sdfr} 11172445Sassar 112178825SdfrPA-PK-AS-REP ::= CHOICE { 113178825Sdfr dhInfo [0] DHRepInfo, 114178825Sdfr encKeyPack [1] IMPLICIT OCTET STRING, 115178825Sdfr ... 116178825Sdfr} 11772445Sassar 118178825SdfrKDCDHKeyInfo ::= SEQUENCE { 119178825Sdfr subjectPublicKey [0] BIT STRING, 120178825Sdfr nonce [1] INTEGER (0..4294967295), 121178825Sdfr dhKeyExpiration [2] KerberosTime OPTIONAL, 122178825Sdfr ... 12372445Sassar} 12472445Sassar 125178825SdfrReplyKeyPack ::= SEQUENCE { 126178825Sdfr replyKey [0] EncryptionKey, 127178825Sdfr asChecksum [1] Checksum, 128178825Sdfr ... 12972445Sassar} 13072445Sassar 131178825SdfrTD-DH-PARAMETERS ::= SEQUENCE OF AlgorithmIdentifier 132178825Sdfr 133178825Sdfr 134178825Sdfr-- Windows compat glue -- 135178825Sdfr 136178825SdfrPKAuthenticator-Win2k ::= SEQUENCE { 137178825Sdfr kdcName [0] PrincipalName, 138178825Sdfr kdcRealm [1] Realm, 139178825Sdfr cusec [2] INTEGER (0..4294967295), 140178825Sdfr ctime [3] KerberosTime, 141178825Sdfr nonce [4] INTEGER (-2147483648..2147483647) 14272445Sassar} 14372445Sassar 144178825SdfrAuthPack-Win2k ::= SEQUENCE { 145178825Sdfr pkAuthenticator [0] PKAuthenticator-Win2k, 146178825Sdfr clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL 14772445Sassar} 14872445Sassar 14972445Sassar 150178825SdfrTrustedCA-Win2k ::= CHOICE { 151178825Sdfr caName [1] heim_any, 152178825Sdfr issuerAndSerial [2] IssuerAndSerialNumber 153178825Sdfr} 15472445Sassar 155233294SstasPA-PK-AS-REQ-Win2k ::= SEQUENCE { 156233294Sstas signed-auth-pack [0] IMPLICIT OCTET STRING, 157233294Sstas trusted-certifiers [2] SEQUENCE OF TrustedCA-Win2k OPTIONAL, 158233294Sstas kdc-cert [3] IMPLICIT OCTET STRING OPTIONAL, 159178825Sdfr encryption-cert [4] IMPLICIT OCTET STRING OPTIONAL 16072445Sassar} 16172445Sassar 162178825SdfrPA-PK-AS-REP-Win2k ::= CHOICE { 163233294Sstas dhSignedData [0] IMPLICIT OCTET STRING, 164178825Sdfr encKeyPack [1] IMPLICIT OCTET STRING 165178825Sdfr} 16672445Sassar 167178825SdfrKDCDHKeyInfo-Win2k ::= SEQUENCE { 168178825Sdfr nonce [0] INTEGER (-2147483648..2147483647), 169178825Sdfr subjectPublicKey [2] BIT STRING 170178825Sdfr} 17172445Sassar 172178825SdfrReplyKeyPack-Win2k ::= SEQUENCE { 173178825Sdfr replyKey [0] EncryptionKey, 174178825Sdfr nonce [1] INTEGER (-2147483648..2147483647), 175178825Sdfr ... 17672445Sassar} 17772445Sassar 178233294SstasPA-PK-AS-REP-BTMM ::= SEQUENCE { 179233294Sstas dhSignedData [0] heim_any OPTIONAL, 180233294Sstas encKeyPack [1] heim_any OPTIONAL 181233294Sstas} 182233294Sstas 183233294Sstas 184233294SstasPkinitSP80056AOtherInfo ::= SEQUENCE { 185233294Sstas algorithmID AlgorithmIdentifier, 186233294Sstas partyUInfo [0] OCTET STRING, 187233294Sstas partyVInfo [1] OCTET STRING, 188233294Sstas suppPubInfo [2] OCTET STRING OPTIONAL, 189233294Sstas suppPrivInfo [3] OCTET STRING OPTIONAL 190233294Sstas} 191233294Sstas 192178825SdfrPkinitSuppPubInfo ::= SEQUENCE { 193178825Sdfr enctype [0] INTEGER (-2147483648..2147483647), 194178825Sdfr as-REQ [1] OCTET STRING, 195178825Sdfr pk-as-rep [2] OCTET STRING, 196178825Sdfr ticket [3] Ticket, 197178825Sdfr ... 198178825Sdfr} 19972445Sassar 20072445SassarEND 201