-- $Id: crmf.asn1 17102 2006-04-18 13:05:21Z lha $
PKCS10 DEFINITIONS ::=

BEGIN

IMPORTS
	Time,
	GeneralName,
	SubjectPublicKeyInfo,
	RelativeDistinguishedName,
	AttributeTypeAndValue,
	Extension,
	AlgorithmIdentifier
	FROM rfc2459
	heim_any
	FROM heim;

CRMFRDNSequence ::= SEQUENCE OF RelativeDistinguishedName

Controls  ::= SEQUENCE -- SIZE(1..MAX) -- OF AttributeTypeAndValue

-- XXX IMPLICIT brokenness
POPOSigningKey ::= SEQUENCE {
	poposkInput           [0] IMPLICIT POPOSigningKeyInput OPTIONAL,
	algorithmIdentifier   AlgorithmIdentifier,
	signature             BIT STRING }

PKMACValue ::= SEQUENCE {
	algId  AlgorithmIdentifier,
	value  BIT STRING
}

-- XXX IMPLICIT brokenness
POPOSigningKeyInput ::= SEQUENCE {
	authInfo            CHOICE {
		sender              [0] IMPLICIT GeneralName,
		publicKeyMAC        PKMACValue
	},
	publicKey           SubjectPublicKeyInfo
}  -- from CertTemplate


PBMParameter ::= SEQUENCE {
   salt                OCTET STRING,
   owf                 AlgorithmIdentifier,
   iterationCount      INTEGER,
   mac                 AlgorithmIdentifier
}

SubsequentMessage ::= INTEGER {
	encrCert (0),
	challengeResp (1)
}

-- XXX IMPLICIT brokenness
POPOPrivKey ::= CHOICE {
	thisMessage       [0] BIT STRING,         -- Deprecated
	subsequentMessage [1] IMPLICIT SubsequentMessage,
	dhMAC             [2] BIT STRING,         -- Deprecated
	agreeMAC          [3] IMPLICIT PKMACValue,
	encryptedKey      [4] heim_any
}

-- XXX IMPLICIT brokenness
ProofOfPossession ::= CHOICE {
	raVerified        [0] NULL,
	signature         [1] POPOSigningKey,
	keyEncipherment   [2] POPOPrivKey,
	keyAgreement      [3] POPOPrivKey
}

CertTemplate ::= SEQUENCE {
	version      [0] INTEGER OPTIONAL,
	serialNumber [1] INTEGER OPTIONAL,
	signingAlg   [2] SEQUENCE {
		algorithm	OBJECT IDENTIFIER,
		parameters	heim_any OPTIONAL
	} -- AlgorithmIdentifier --   OPTIONAL,
	issuer       [3] IMPLICIT CHOICE {
		rdnSequence  CRMFRDNSequence
	} -- Name --  OPTIONAL,
	validity     [4] SEQUENCE {
		notBefore  [0] Time OPTIONAL,
		notAfter   [1] Time OPTIONAL
	} -- OptionalValidity -- OPTIONAL,
	subject      [5] IMPLICIT CHOICE {
		rdnSequence  CRMFRDNSequence
	} -- Name -- OPTIONAL,
	publicKey    [6] IMPLICIT SEQUENCE  {
		algorithm            AlgorithmIdentifier,
		subjectPublicKey     BIT STRING OPTIONAL
	} -- SubjectPublicKeyInfo -- OPTIONAL,
	issuerUID    [7] IMPLICIT BIT STRING OPTIONAL,
	subjectUID   [8] IMPLICIT BIT STRING OPTIONAL,
	extensions   [9] IMPLICIT SEQUENCE OF Extension OPTIONAL
}

CertRequest ::= SEQUENCE {
	certReqId	INTEGER,
	certTemplate	CertTemplate,
	controls	Controls OPTIONAL
}

CertReqMsg ::= SEQUENCE {
	certReq		CertRequest,
	popo		ProofOfPossession  OPTIONAL,
	regInfo		SEQUENCE OF AttributeTypeAndValue OPTIONAL }

CertReqMessages ::= SEQUENCE OF CertReqMsg


END