Merge v4.0-test

(This used to be commit 977dbdeaf363c8905ed9fd0570eba4be80582833)

1 files changed, 20 insertions, 3 deletions

diff --git a/source4/heimdal/lib/asn1/pkinit.asn1 b/source4/heimdal/lib/asn1/pkinit.asn1
index 1bfc11ad74..989b26581b 100644
--- a/source4/heimdal/lib/asn1/pkinit.asn1
+++ b/source4/heimdal/lib/asn1/pkinit.asn1
@@ -2,7 +2,7 @@
 
 PKINIT DEFINITIONS ::= BEGIN
 
-IMPORTS EncryptionKey, PrincipalName, Realm, KerberosTime, Checksum FROM krb5
+IMPORTS EncryptionKey, PrincipalName, Realm, KerberosTime, Checksum, Ticket FROM krb5
 	IssuerAndSerialNumber, ContentInfo FROM cms
 	SubjectPublicKeyInfo, AlgorithmIdentifier FROM rfc2459
 	heim_any FROM heim;
@@ -40,6 +40,11 @@ td-dh-parameters INTEGER ::=             109
 
 DHNonce ::= OCTET STRING
 
+KDFAlgorithmId ::= SEQUENCE {
+       kdf-id            [0] OBJECT IDENTIFIER,
+       ...
+}
+
 TrustedCA ::= SEQUENCE {
 	caName                  [0] IMPLICIT OCTET STRING,
 	certificateSerialNumber [1] INTEGER OPTIONAL,
@@ -76,6 +81,8 @@ AuthPack ::= SEQUENCE {
 	clientPublicValue       [1] SubjectPublicKeyInfo OPTIONAL,
 	supportedCMSTypes       [2] SEQUENCE OF AlgorithmIdentifier OPTIONAL,
 	clientDHNonce           [3] DHNonce OPTIONAL,
+	...,
+	supportedKDFs		[4] SEQUENCE OF KDFAlgorithmId OPTIONAL,
 	...
 }
 
@@ -89,10 +96,12 @@ KRB5PrincipalName ::= SEQUENCE {
 
 AD-INITIAL-VERIFIED-CAS ::= SEQUENCE OF ExternalPrincipalIdentifier
 
-
 DHRepInfo ::= SEQUENCE {
 	dhSignedData            [0] IMPLICIT OCTET STRING,
-	serverDHNonce           [1] DHNonce OPTIONAL
+	serverDHNonce           [1] DHNonce OPTIONAL,
+	...,
+	kdf			[2] KDFAlgorithmId OPTIONAL,
+	...
 }
 
 PA-PK-AS-REP ::= CHOICE {
@@ -162,4 +171,12 @@ ReplyKeyPack-Win2k ::= SEQUENCE {
 	...
 }
 
+PkinitSuppPubInfo ::= SEQUENCE {
+       enctype           [0] INTEGER (-2147483648..2147483647),
+       as-REQ            [1] OCTET STRING,
+       pk-as-rep         [2] OCTET STRING,
+       ticket            [3] Ticket,
+       ...
+}
+
 END