Current Path : /usr/src/crypto/heimdal/lib/asn1/ |
FreeBSD hs32.drive.ne.jp 9.1-RELEASE FreeBSD 9.1-RELEASE #1: Wed Jan 14 12:18:08 JST 2015 root@hs32.drive.ne.jp:/sys/amd64/compile/hs32 amd64 |
Current File : //usr/src/crypto/heimdal/lib/asn1/pkinit.asn1 |
-- $Id$ -- PKINIT DEFINITIONS ::= BEGIN IMPORTS EncryptionKey, PrincipalName, Realm, KerberosTime, Checksum, Ticket FROM krb5 IssuerAndSerialNumber, ContentInfo FROM cms SubjectPublicKeyInfo, AlgorithmIdentifier FROM rfc2459 heim_any FROM heim; id-pkinit OBJECT IDENTIFIER ::= { iso (1) org (3) dod (6) internet (1) security (5) kerberosv5 (2) pkinit (3) } id-pkauthdata OBJECT IDENTIFIER ::= { id-pkinit 1 } id-pkdhkeydata OBJECT IDENTIFIER ::= { id-pkinit 2 } id-pkrkeydata OBJECT IDENTIFIER ::= { id-pkinit 3 } id-pkekuoid OBJECT IDENTIFIER ::= { id-pkinit 4 } id-pkkdcekuoid OBJECT IDENTIFIER ::= { id-pkinit 5 } id-pkinit-san OBJECT IDENTIFIER ::= { iso(1) org(3) dod(6) internet(1) security(5) kerberosv5(2) x509-sanan(2) } id-pkinit-ms-eku OBJECT IDENTIFIER ::= { iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) microsoft(311) 20 2 2 } id-pkinit-ms-san OBJECT IDENTIFIER ::= { iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) microsoft(311) 20 2 3 } MS-UPN-SAN ::= UTF8String pa-pk-as-req INTEGER ::= 16 pa-pk-as-rep INTEGER ::= 17 td-trusted-certifiers INTEGER ::= 104 td-invalid-certificates INTEGER ::= 105 td-dh-parameters INTEGER ::= 109 DHNonce ::= OCTET STRING KDFAlgorithmId ::= SEQUENCE { kdf-id [0] OBJECT IDENTIFIER, ... } TrustedCA ::= SEQUENCE { caName [0] IMPLICIT OCTET STRING, certificateSerialNumber [1] INTEGER OPTIONAL, subjectKeyIdentifier [2] OCTET STRING OPTIONAL, ... } ExternalPrincipalIdentifier ::= SEQUENCE { subjectName [0] IMPLICIT OCTET STRING OPTIONAL, issuerAndSerialNumber [1] IMPLICIT OCTET STRING OPTIONAL, subjectKeyIdentifier [2] IMPLICIT OCTET STRING OPTIONAL, ... } ExternalPrincipalIdentifiers ::= SEQUENCE OF ExternalPrincipalIdentifier PA-PK-AS-REQ ::= SEQUENCE { signedAuthPack [0] IMPLICIT OCTET STRING, trustedCertifiers [1] ExternalPrincipalIdentifiers OPTIONAL, kdcPkId [2] IMPLICIT OCTET STRING OPTIONAL, ... } PKAuthenticator ::= SEQUENCE { cusec [0] INTEGER -- (0..999999) --, ctime [1] KerberosTime, nonce [2] INTEGER (0..4294967295), paChecksum [3] OCTET STRING OPTIONAL, ... } AuthPack ::= SEQUENCE { pkAuthenticator [0] PKAuthenticator, clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL, supportedCMSTypes [2] SEQUENCE OF AlgorithmIdentifier OPTIONAL, clientDHNonce [3] DHNonce OPTIONAL, ..., supportedKDFs [4] SEQUENCE OF KDFAlgorithmId OPTIONAL, ... } TD-TRUSTED-CERTIFIERS ::= ExternalPrincipalIdentifiers TD-INVALID-CERTIFICATES ::= ExternalPrincipalIdentifiers KRB5PrincipalName ::= SEQUENCE { realm [0] Realm, principalName [1] PrincipalName } AD-INITIAL-VERIFIED-CAS ::= SEQUENCE OF ExternalPrincipalIdentifier DHRepInfo ::= SEQUENCE { dhSignedData [0] IMPLICIT OCTET STRING, serverDHNonce [1] DHNonce OPTIONAL, ..., kdf [2] KDFAlgorithmId OPTIONAL, ... } PA-PK-AS-REP ::= CHOICE { dhInfo [0] DHRepInfo, encKeyPack [1] IMPLICIT OCTET STRING, ... } KDCDHKeyInfo ::= SEQUENCE { subjectPublicKey [0] BIT STRING, nonce [1] INTEGER (0..4294967295), dhKeyExpiration [2] KerberosTime OPTIONAL, ... } ReplyKeyPack ::= SEQUENCE { replyKey [0] EncryptionKey, asChecksum [1] Checksum, ... } TD-DH-PARAMETERS ::= SEQUENCE OF AlgorithmIdentifier -- Windows compat glue -- PKAuthenticator-Win2k ::= SEQUENCE { kdcName [0] PrincipalName, kdcRealm [1] Realm, cusec [2] INTEGER (0..4294967295), ctime [3] KerberosTime, nonce [4] INTEGER (-2147483648..2147483647) } AuthPack-Win2k ::= SEQUENCE { pkAuthenticator [0] PKAuthenticator-Win2k, clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL } TrustedCA-Win2k ::= CHOICE { caName [1] heim_any, issuerAndSerial [2] IssuerAndSerialNumber } PA-PK-AS-REQ-Win2k ::= SEQUENCE { signed-auth-pack [0] IMPLICIT OCTET STRING, trusted-certifiers [2] SEQUENCE OF TrustedCA-Win2k OPTIONAL, kdc-cert [3] IMPLICIT OCTET STRING OPTIONAL, encryption-cert [4] IMPLICIT OCTET STRING OPTIONAL } PA-PK-AS-REP-Win2k ::= CHOICE { dhSignedData [0] IMPLICIT OCTET STRING, encKeyPack [1] IMPLICIT OCTET STRING } KDCDHKeyInfo-Win2k ::= SEQUENCE { nonce [0] INTEGER (-2147483648..2147483647), subjectPublicKey [2] BIT STRING } ReplyKeyPack-Win2k ::= SEQUENCE { replyKey [0] EncryptionKey, nonce [1] INTEGER (-2147483648..2147483647), ... } PkinitSuppPubInfo ::= SEQUENCE { enctype [0] INTEGER (-2147483648..2147483647), as-REQ [1] OCTET STRING, pk-as-rep [2] OCTET STRING, ticket [3] Ticket, ... } END