1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
|
-- $Id$
PKCS10 DEFINITIONS ::=
BEGIN
IMPORTS
Time,
GeneralName,
SubjectPublicKeyInfo,
RelativeDistinguishedName,
AttributeTypeAndValue,
Extension,
AlgorithmIdentifier
FROM rfc2459
HEIM_ANY
FROM heim;
CRMFRDNSequence ::= SEQUENCE OF RelativeDistinguishedName
Controls ::= SEQUENCE -- SIZE(1..MAX) -- OF AttributeTypeAndValue
PKMACValue ::= SEQUENCE {
algId AlgorithmIdentifier,
value BIT STRING
}
-- XXX IMPLICIT brokenness
POPOSigningKeyInput ::= SEQUENCE {
authInfo CHOICE {
sender [0] IMPLICIT GeneralName,
publicKeyMAC PKMACValue
},
publicKey SubjectPublicKeyInfo
} -- from CertTemplate
-- XXX IMPLICIT brokenness
POPOSigningKey ::= SEQUENCE {
poposkInput [0] IMPLICIT POPOSigningKeyInput OPTIONAL,
algorithmIdentifier AlgorithmIdentifier,
signature BIT STRING }
PBMParameter ::= SEQUENCE {
salt OCTET STRING,
owf AlgorithmIdentifier,
iterationCount INTEGER,
mac AlgorithmIdentifier
}
SubsequentMessage ::= INTEGER {
encrCert (0),
challengeResp (1)
}
POPOPrivKey ::= CHOICE {
thisMessage [0] BIT STRING, -- Deprecated
subsequentMessage [1] IMPLICIT SubsequentMessage,
dhMAC [2] BIT STRING, -- Deprecated
agreeMAC [3] IMPLICIT PKMACValue,
encryptedKey [4] HEIM_ANY
}
ProofOfPossession ::= CHOICE {
raVerified [0] NULL,
signature [1] POPOSigningKey,
keyEncipherment [2] POPOPrivKey,
keyAgreement [3] POPOPrivKey
}
CertTemplate ::= SEQUENCE {
version [0] INTEGER OPTIONAL,
serialNumber [1] INTEGER OPTIONAL,
signingAlg [2] SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters HEIM_ANY OPTIONAL
} -- AlgorithmIdentifier -- OPTIONAL,
issuer [3] IMPLICIT CHOICE {
rdnSequence CRMFRDNSequence
} -- Name -- OPTIONAL,
validity [4] SEQUENCE {
notBefore [0] Time OPTIONAL,
notAfter [1] Time OPTIONAL
} -- OptionalValidity -- OPTIONAL,
subject [5] IMPLICIT CHOICE {
rdnSequence CRMFRDNSequence
} -- Name -- OPTIONAL,
publicKey [6] IMPLICIT SEQUENCE {
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING OPTIONAL
} -- SubjectPublicKeyInfo -- OPTIONAL,
issuerUID [7] IMPLICIT BIT STRING OPTIONAL,
subjectUID [8] IMPLICIT BIT STRING OPTIONAL,
extensions [9] IMPLICIT SEQUENCE OF Extension OPTIONAL
}
CertRequest ::= SEQUENCE {
certReqId INTEGER,
certTemplate CertTemplate,
controls Controls OPTIONAL
}
CertReqMsg ::= SEQUENCE {
certReq CertRequest,
popo ProofOfPossession OPTIONAL,
regInfo SEQUENCE OF AttributeTypeAndValue OPTIONAL }
CertReqMessages ::= SEQUENCE OF CertReqMsg
END
|