summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib/hx509/crmf.asn1
blob: 4f02b268724e85a152de0e4b6b1d17cf795f4d80 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
-- $Id: crmf.asn1,v 1.1 2006/04/18 13:05:21 lha Exp $
PKCS10 DEFINITIONS ::=

BEGIN

IMPORTS
	Time,
	GeneralName,
	SubjectPublicKeyInfo,
	RelativeDistinguishedName,
	AttributeTypeAndValue,
	Extension,
	AlgorithmIdentifier
	FROM rfc2459
	heim_any
	FROM heim;

CRMFRDNSequence ::= SEQUENCE OF RelativeDistinguishedName

Controls  ::= SEQUENCE -- SIZE(1..MAX) -- OF AttributeTypeAndValue

-- XXX IMPLICIT brokenness
POPOSigningKey ::= SEQUENCE {
	poposkInput           [0] IMPLICIT POPOSigningKeyInput OPTIONAL,
	algorithmIdentifier   AlgorithmIdentifier,
	signature             BIT STRING }

PKMACValue ::= SEQUENCE {
	algId  AlgorithmIdentifier,
	value  BIT STRING
}

-- XXX IMPLICIT brokenness
POPOSigningKeyInput ::= SEQUENCE {
	authInfo            CHOICE {
		sender              [0] IMPLICIT GeneralName,
		publicKeyMAC        PKMACValue
	},
	publicKey           SubjectPublicKeyInfo
}  -- from CertTemplate


PBMParameter ::= SEQUENCE {
   salt                OCTET STRING,
   owf                 AlgorithmIdentifier,
   iterationCount      INTEGER,
   mac                 AlgorithmIdentifier
}

SubsequentMessage ::= INTEGER {
	encrCert (0),
	challengeResp (1)
}

-- XXX IMPLICIT brokenness
POPOPrivKey ::= CHOICE {
	thisMessage       [0] BIT STRING,         -- Deprecated
	subsequentMessage [1] IMPLICIT SubsequentMessage,
	dhMAC             [2] BIT STRING,         -- Deprecated
	agreeMAC          [3] IMPLICIT PKMACValue,
	encryptedKey      [4] heim_any
}

-- XXX IMPLICIT brokenness
ProofOfPossession ::= CHOICE {
	raVerified        [0] NULL,
	signature         [1] POPOSigningKey,
	keyEncipherment   [2] POPOPrivKey,
	keyAgreement      [3] POPOPrivKey
}

CertTemplate ::= SEQUENCE {
	version      [0] INTEGER OPTIONAL,
	serialNumber [1] INTEGER OPTIONAL,
	signingAlg   [2] SEQUENCE {
		algorithm	OBJECT IDENTIFIER,
		parameters	heim_any OPTIONAL
	} -- AlgorithmIdentifier --   OPTIONAL,
	issuer       [3] IMPLICIT CHOICE {
		rdnSequence  CRMFRDNSequence
	} -- Name --  OPTIONAL,
	validity     [4] SEQUENCE {
		notBefore  [0] Time OPTIONAL,
		notAfter   [1] Time OPTIONAL
	} -- OptionalValidity -- OPTIONAL,
	subject      [5] IMPLICIT CHOICE {
		rdnSequence  CRMFRDNSequence
	} -- Name -- OPTIONAL,
	publicKey    [6] IMPLICIT SEQUENCE  {
		algorithm            AlgorithmIdentifier,
		subjectPublicKey     BIT STRING OPTIONAL
	} -- SubjectPublicKeyInfo -- OPTIONAL,
	issuerUID    [7] IMPLICIT BIT STRING OPTIONAL,
	subjectUID   [8] IMPLICIT BIT STRING OPTIONAL,
	extensions   [9] IMPLICIT SEQUENCE OF Extension OPTIONAL
}

CertRequest ::= SEQUENCE {
	certReqId	INTEGER,
	certTemplate	CertTemplate,
	controls	Controls OPTIONAL
}

CertReqMsg ::= SEQUENCE {
	certReq		CertRequest,
	popo		ProofOfPossession  OPTIONAL,
	regInfo		SEQUENCE OF AttributeTypeAndValue OPTIONAL }

CertReqMessages ::= SEQUENCE OF CertReqMsg


END