summaryrefslogtreecommitdiffstats
path: root/third_party/heimdal/lib/asn1/pkinit.asn1
diff options
context:
space:
mode:
Diffstat (limited to 'third_party/heimdal/lib/asn1/pkinit.asn1')
-rw-r--r--third_party/heimdal/lib/asn1/pkinit.asn1200
1 files changed, 200 insertions, 0 deletions
diff --git a/third_party/heimdal/lib/asn1/pkinit.asn1 b/third_party/heimdal/lib/asn1/pkinit.asn1
new file mode 100644
index 0000000..9de0059
--- /dev/null
+++ b/third_party/heimdal/lib/asn1/pkinit.asn1
@@ -0,0 +1,200 @@
+-- $Id$ --
+
+PKINIT DEFINITIONS ::= BEGIN
+
+IMPORTS EncryptionKey, PrincipalName, Realm, KerberosTime, Checksum, Ticket FROM krb5
+ IssuerAndSerialNumber FROM cms
+ SubjectPublicKeyInfo, AlgorithmIdentifier FROM rfc2459
+ HEIM_ANY FROM heim;
+
+id-pkinit OBJECT IDENTIFIER ::=
+ { iso (1) org (3) dod (6) internet (1) security (5)
+ kerberosv5 (2) pkinit (3) }
+
+id-pkauthdata OBJECT IDENTIFIER ::= { id-pkinit 1 }
+id-pkdhkeydata OBJECT IDENTIFIER ::= { id-pkinit 2 }
+id-pkrkeydata OBJECT IDENTIFIER ::= { id-pkinit 3 }
+id-pkekuoid OBJECT IDENTIFIER ::= { id-pkinit 4 }
+id-pkkdcekuoid OBJECT IDENTIFIER ::= { id-pkinit 5 }
+
+id-heim-eku-pkinit-certlife-is-max-life OBJECT IDENTIFIER ::=
+ { iso(1) member-body(2) se(752) su(43) heim-pkix(16) 3 }
+
+id-apple-system-id OBJECT IDENTIFIER ::= { 1 2 840 113635 100 4 4 }
+
+id-pkinit-kdf OBJECT IDENTIFIER ::= { id-pkinit 6 }
+id-pkinit-kdf-ah-sha1 OBJECT IDENTIFIER ::= { id-pkinit-kdf 1 }
+id-pkinit-kdf-ah-sha256 OBJECT IDENTIFIER ::= { id-pkinit-kdf 2 }
+id-pkinit-kdf-ah-sha512 OBJECT IDENTIFIER ::= { id-pkinit-kdf 3 }
+
+id-pkinit-san OBJECT IDENTIFIER ::=
+ { iso(1) org(3) dod(6) internet(1) security(5) kerberosv5(2)
+ x509-sanan(2) }
+
+id-pkinit-ms-eku OBJECT IDENTIFIER ::=
+ { iso(1) org(3) dod(6) internet(1) private(4)
+ enterprise(1) microsoft(311) 20 2 2 }
+
+id-pkinit-ms-san OBJECT IDENTIFIER ::=
+ { iso(1) org(3) dod(6) internet(1) private(4)
+ enterprise(1) microsoft(311) 20 2 3 }
+
+MS-UPN-SAN ::= UTF8String
+
+pa-pk-as-req INTEGER ::= 16
+pa-pk-as-rep INTEGER ::= 17
+
+td-trusted-certifiers INTEGER ::= 104
+td-invalid-certificates INTEGER ::= 105
+td-dh-parameters INTEGER ::= 109
+
+DHNonce ::= OCTET STRING
+
+KDFAlgorithmId ::= SEQUENCE {
+ kdf-id [0] OBJECT IDENTIFIER,
+ ...
+}
+
+TrustedCA ::= SEQUENCE {
+ caName [0] IMPLICIT OCTET STRING,
+ certificateSerialNumber [1] INTEGER OPTIONAL,
+ subjectKeyIdentifier [2] OCTET STRING OPTIONAL,
+ ...
+}
+
+ExternalPrincipalIdentifier ::= SEQUENCE {
+ subjectName [0] IMPLICIT OCTET STRING OPTIONAL,
+ issuerAndSerialNumber [1] IMPLICIT OCTET STRING OPTIONAL,
+ subjectKeyIdentifier [2] IMPLICIT OCTET STRING OPTIONAL,
+ ...
+}
+
+ExternalPrincipalIdentifiers ::= SEQUENCE OF ExternalPrincipalIdentifier
+
+PA-PK-AS-REQ ::= SEQUENCE {
+ signedAuthPack [0] IMPLICIT OCTET STRING,
+ trustedCertifiers [1] ExternalPrincipalIdentifiers OPTIONAL,
+ kdcPkId [2] IMPLICIT OCTET STRING OPTIONAL,
+ ...
+}
+
+PKAuthenticator ::= SEQUENCE {
+ cusec [0] INTEGER -- (0..999999) --,
+ ctime [1] KerberosTime,
+ nonce [2] INTEGER (0..4294967295),
+ paChecksum [3] OCTET STRING OPTIONAL,
+ ...
+}
+
+AuthPack ::= SEQUENCE {
+ pkAuthenticator [0] PKAuthenticator,
+ clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL,
+ supportedCMSTypes [2] SEQUENCE OF AlgorithmIdentifier OPTIONAL,
+ clientDHNonce [3] DHNonce OPTIONAL,
+ ...,
+ supportedKDFs [4] SEQUENCE OF KDFAlgorithmId OPTIONAL,
+ ...
+}
+
+TD-TRUSTED-CERTIFIERS ::= ExternalPrincipalIdentifiers
+TD-INVALID-CERTIFICATES ::= ExternalPrincipalIdentifiers
+
+AD-INITIAL-VERIFIED-CAS ::= SEQUENCE OF ExternalPrincipalIdentifier
+
+DHRepInfo ::= SEQUENCE {
+ dhSignedData [0] IMPLICIT OCTET STRING,
+ serverDHNonce [1] DHNonce OPTIONAL,
+ ...,
+ kdf [2] KDFAlgorithmId OPTIONAL,
+ ...
+}
+
+PA-PK-AS-REP ::= CHOICE {
+ dhInfo [0] DHRepInfo,
+ encKeyPack [1] IMPLICIT OCTET STRING,
+ ...
+}
+
+KDCDHKeyInfo ::= SEQUENCE {
+ subjectPublicKey [0] BIT STRING,
+ nonce [1] INTEGER (0..4294967295),
+ dhKeyExpiration [2] KerberosTime OPTIONAL,
+ ...
+}
+
+ReplyKeyPack ::= SEQUENCE {
+ replyKey [0] EncryptionKey,
+ asChecksum [1] Checksum,
+ ...
+}
+
+TD-DH-PARAMETERS ::= SEQUENCE OF AlgorithmIdentifier
+
+
+-- Windows compat glue --
+
+PKAuthenticator-Win2k ::= SEQUENCE {
+ kdcName [0] PrincipalName,
+ kdcRealm [1] Realm,
+ cusec [2] INTEGER (0..4294967295),
+ ctime [3] KerberosTime,
+ nonce [4] INTEGER (-2147483648..2147483647)
+}
+
+AuthPack-Win2k ::= SEQUENCE {
+ pkAuthenticator [0] PKAuthenticator-Win2k,
+ clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL
+}
+
+
+TrustedCA-Win2k ::= CHOICE {
+ caName [1] HEIM_ANY,
+ issuerAndSerial [2] IssuerAndSerialNumber
+}
+
+PA-PK-AS-REQ-Win2k ::= SEQUENCE {
+ signed-auth-pack [0] IMPLICIT OCTET STRING,
+ trusted-certifiers [2] SEQUENCE OF TrustedCA-Win2k OPTIONAL,
+ kdc-cert [3] IMPLICIT OCTET STRING OPTIONAL,
+ encryption-cert [4] IMPLICIT OCTET STRING OPTIONAL
+}
+
+PA-PK-AS-REP-Win2k ::= CHOICE {
+ dhSignedData [0] IMPLICIT OCTET STRING,
+ encKeyPack [1] IMPLICIT OCTET STRING
+}
+
+KDCDHKeyInfo-Win2k ::= SEQUENCE {
+ nonce [0] INTEGER (-2147483648..2147483647),
+ subjectPublicKey [2] BIT STRING
+}
+
+ReplyKeyPack-Win2k ::= SEQUENCE {
+ replyKey [0] EncryptionKey,
+ nonce [1] INTEGER (-2147483648..2147483647),
+ ...
+}
+
+PA-PK-AS-REP-BTMM ::= SEQUENCE {
+ dhSignedData [0] HEIM_ANY OPTIONAL,
+ encKeyPack [1] HEIM_ANY OPTIONAL
+}
+
+
+PkinitSP80056AOtherInfo ::= SEQUENCE {
+ algorithmID AlgorithmIdentifier,
+ partyUInfo [0] OCTET STRING,
+ partyVInfo [1] OCTET STRING,
+ suppPubInfo [2] OCTET STRING OPTIONAL,
+ suppPrivInfo [3] OCTET STRING OPTIONAL
+}
+
+PkinitSuppPubInfo ::= SEQUENCE {
+ enctype [0] INTEGER (-2147483648..2147483647),
+ as-REQ [1] OCTET STRING,
+ pk-as-rep [2] OCTET STRING,
+ ticket [3] Ticket,
+ ...
+}
+
+END