osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity
wireshark/asn1/pkinit/PKINIT.asn

151 lines
4.5 KiB
Groff
Raw Blame History

--NOTE: we have to accomodate BOTH existing users of early drafts, such as
--packetcable as well as new users once the protocol is standardized.
--
--This asn1 file is based on draft-ietf-cat-kerberos-pk-init-20.txt
--but has been modified to acocmodate the Wireshark asn2wrs compiler
--and our environment
--
--new structures are uncommented and added on demand as they are required
--
--Copyright (C) The Internet Society (2004). This document is subject
--to the rights, licenses and restrictions contained in BCP 78, and
--except as set forth therein, the authors retain all their rights.
--
--
--This document and the information contained herein are provided on an
--"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
--OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
--ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
--INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
--INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
--WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
--
KerberosV5-PK-INIT-SPEC {
iso(1) identified-organization(3) dod(6) internet(1)
security(5) kerberosV5(2) modules(4) pkinit(5) }
DEFINITIONS EXPLICIT TAGS ::=
BEGIN
IMPORTS
SubjectPublicKeyInfo, AlgorithmIdentifier, Name
FROM PKIX1Explicit88 { iso (1) identified-organization (3)
dod (6) internet (1) security (5) mechanisms (5)
pkix (7) id-mod (0) id-pkix1-explicit (18) }
ContentInfo, IssuerAndSerialNumber
FROM CryptographicMessageSyntax { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
modules(0) cms(1) }
KerberosTime, Checksum, TYPED-DATA, PrincipalName, Realm, EncryptionKey
FROM KerberosV5Spec2 { iso(1) identified-organization(3)
dod(6) internet(1) security(5) kerberosV5(2) modules(4)
krb5spec2(2) } ;
-- id-pkinit OBJECT IDENTIFIER ::=
-- { iso (1) org (3) dod (6) internet (1) security (5)
-- kerberosv5 (2) pkinit (3) }
--
--
-- id-pkauthdata OBJECT IDENTIFIER ::= { id-pkinit 1 }
-- id-pkdhkeydata OBJECT IDENTIFIER ::= { id-pkinit 2 }
-- id-pkrkeydata OBJECT IDENTIFIER ::= { id-pkinit 3 }
-- id-pkekuoid OBJECT IDENTIFIER ::= { id-pkinit 4 }
-- id-pkkdcekuoid OBJECT IDENTIFIER ::= { id-pkinit 5 }
--
--
-- pa-pk-as-req INTEGER ::= TBD
-- pa-pk-as-rep INTEGER ::= TBD
-- pa-pk-ocsp-req INTEGER ::= TBD
-- pa-pk-ocsp-rep INTEGER ::= TBD
--
--
-- ad-initial-verified-cas INTEGER ::= TBD
--
--
-- td-dh-parameters INTEGER ::= TBD
-- td-trusted-certifiers INTEGER ::= 104
-- td-certificate-index INTEGER ::= 105
PaPkAsReq ::= SEQUENCE {
signedAuthPack [0] ContentInfo,
trustedCertifiers [1] SEQUENCE OF TrustedCA OPTIONAL,
kdcCert [2] IssuerAndSerialNumber OPTIONAL,
...
}
TrustedCA ::= CHOICE {
caName [0] Name,
issuerAndSerial [2] IssuerAndSerialNumber,
...
}
AuthPack ::= SEQUENCE {
pkAuthenticator [0] PKAuthenticator,
clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL,
supportedCMSTypes [2] SEQUENCE OF AlgorithmIdentifier
OPTIONAL,
...
}
PKAuthenticator ::= SEQUENCE {
cusec [0] INTEGER,
ctime [1] KerberosTime,
nonce [2] INTEGER (0..4294967295),
paChecksum [3] Checksum,
...
}
--
-- TrustedCertifiers ::= SEQUENCE OF Name
--
--
-- CertificateIndex ::= IssuerAndSerialNumber
--
--
KRB5PrincipalName ::= SEQUENCE {
realm [0] Realm,
principalName [1] PrincipalName
}
--
--
-- InitialVerifiedCAs ::= SEQUENCE OF SEQUENCE {
-- ca [0] Name,
-- validated [1] BOOLEAN,
-- ...
-- }
--
PaPkAsRep ::= CHOICE {
dhSignedData [0] ContentInfo,
encKeyPack [1] ContentInfo,
...
}
KDCDHKeyInfo ::= SEQUENCE {
subjectPublicKey [0] BIT STRING,
nonce [1] INTEGER,
dhKeyExpiration [2] KerberosTime OPTIONAL,
...
}
--
-- ReplyKeyPack ::= SEQUENCE {
-- replyKey [0] EncryptionKey,
-- nonce [1] INTEGER (0..4294967295),
-- ...
-- }
END
View Git Blame Copy Permalink