24f30a8850
svn path=/trunk/; revision=12426
153 lines
4.6 KiB
Groff
153 lines
4.6 KiB
Groff
--NOTE: we have to accomodate BOTH existing users of early drafts, such as
|
|
--packetcable as well as new users once the protocol is standardized.
|
|
--
|
|
--This asn1 file is based on draft-ietf-cat-kerberos-pk-init-20.txt
|
|
--but has been modified to acocmodate the ethereal asn2eth compiler
|
|
--and our environment
|
|
--
|
|
--new structures are uncommented and added on demand as they are required
|
|
--
|
|
--Copyright (C) The Internet Society (2004). This document is subject
|
|
--to the rights, licenses and restrictions contained in BCP 78, and
|
|
--except as set forth therein, the authors retain all their rights.
|
|
--
|
|
--
|
|
--This document and the information contained herein are provided on an
|
|
--"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
|
|
--OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
|
|
--ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
|
|
--INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
|
|
--INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
|
|
--WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
|
--
|
|
|
|
KerberosV5-PK-INIT-SPEC {
|
|
iso(1) identified-organization(3) dod(6) internet(1)
|
|
security(5) kerberosV5(2) modules(4) pkinit(0) }
|
|
-- security(5) kerberosV5(2) modules(4) pkinit(TBD) }
|
|
-- TBD makes the asn2eth compiler upset
|
|
DEFINITIONS EXPLICIT TAGS ::=
|
|
BEGIN
|
|
|
|
|
|
IMPORTS
|
|
SubjectPublicKeyInfo, AlgorithmIdentifier, Name
|
|
FROM PKIX1Explicit88 { iso (1) identified-organization (3)
|
|
dod (6) internet (1) security (5) mechanisms (5)
|
|
pkix (7) id-mod (0) id-pkix1-explicit (18) }
|
|
|
|
|
|
ContentInfo, IssuerAndSerialNumber
|
|
FROM CryptographicMessageSyntax { iso(1) member-body(2)
|
|
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16)
|
|
modules(0) cms(1) }
|
|
|
|
|
|
KerberosTime, Checksum, TYPED-DATA, PrincipalName, Realm, EncryptionKey
|
|
FROM KerberosV5Spec2 { iso(1) identified-organization(3)
|
|
dod(6) internet(1) security(5) kerberosV5(2) modules(4)
|
|
krb5spec2(2) } ;
|
|
|
|
|
|
-- id-pkinit OBJECT IDENTIFIER ::=
|
|
-- { iso (1) org (3) dod (6) internet (1) security (5)
|
|
-- kerberosv5 (2) pkinit (3) }
|
|
--
|
|
--
|
|
-- id-pkauthdata OBJECT IDENTIFIER ::= { id-pkinit 1 }
|
|
-- id-pkdhkeydata OBJECT IDENTIFIER ::= { id-pkinit 2 }
|
|
-- id-pkrkeydata OBJECT IDENTIFIER ::= { id-pkinit 3 }
|
|
-- id-pkekuoid OBJECT IDENTIFIER ::= { id-pkinit 4 }
|
|
-- id-pkkdcekuoid OBJECT IDENTIFIER ::= { id-pkinit 5 }
|
|
--
|
|
--
|
|
-- pa-pk-as-req INTEGER ::= TBD
|
|
-- pa-pk-as-rep INTEGER ::= TBD
|
|
-- pa-pk-ocsp-req INTEGER ::= TBD
|
|
-- pa-pk-ocsp-rep INTEGER ::= TBD
|
|
--
|
|
--
|
|
-- ad-initial-verified-cas INTEGER ::= TBD
|
|
--
|
|
--
|
|
-- td-dh-parameters INTEGER ::= TBD
|
|
-- td-trusted-certifiers INTEGER ::= 104
|
|
-- td-certificate-index INTEGER ::= 105
|
|
|
|
|
|
PaPkAsReq ::= SEQUENCE {
|
|
signedAuthPack [0] ContentInfo,
|
|
trustedCertifiers [1] SEQUENCE OF TrustedCA OPTIONAL,
|
|
kdcCert [2] IssuerAndSerialNumber OPTIONAL,
|
|
...
|
|
}
|
|
|
|
|
|
TrustedCA ::= CHOICE {
|
|
caName [0] Name,
|
|
issuerAndSerial [2] IssuerAndSerialNumber,
|
|
...
|
|
}
|
|
|
|
|
|
AuthPack ::= SEQUENCE {
|
|
pkAuthenticator [0] PKAuthenticator,
|
|
clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL,
|
|
supportedCMSTypes [2] SEQUENCE OF AlgorithmIdentifier
|
|
OPTIONAL,
|
|
...
|
|
}
|
|
|
|
|
|
PKAuthenticator ::= SEQUENCE {
|
|
cusec [0] INTEGER,
|
|
ctime [1] KerberosTime,
|
|
nonce [2] INTEGER (0..4294967295),
|
|
paChecksum [3] Checksum,
|
|
...
|
|
}
|
|
|
|
--
|
|
-- TrustedCertifiers ::= SEQUENCE OF Name
|
|
--
|
|
--
|
|
-- CertificateIndex ::= IssuerAndSerialNumber
|
|
--
|
|
--
|
|
-- KRB5PrincipalName ::= SEQUENCE {
|
|
-- realm [0] Realm,
|
|
-- principalName [1] PrincipalName
|
|
-- }
|
|
--
|
|
--
|
|
-- InitialVerifiedCAs ::= SEQUENCE OF SEQUENCE {
|
|
-- ca [0] Name,
|
|
-- validated [1] BOOLEAN,
|
|
-- ...
|
|
-- }
|
|
--
|
|
|
|
PaPkAsRep ::= CHOICE {
|
|
dhSignedData [0] ContentInfo,
|
|
encKeyPack [1] ContentInfo,
|
|
...
|
|
}
|
|
|
|
|
|
KDCDHKeyInfo ::= SEQUENCE {
|
|
subjectPublicKey [0] BIT STRING,
|
|
nonce [1] INTEGER,
|
|
dhKeyExpiration [2] KerberosTime OPTIONAL,
|
|
...
|
|
}
|
|
|
|
--
|
|
-- ReplyKeyPack ::= SEQUENCE {
|
|
-- replyKey [0] EncryptionKey,
|
|
-- nonce [1] INTEGER (0..4294967295),
|
|
-- ...
|
|
-- }
|
|
|
|
END
|
|
|