xref: /freebsd/crypto/heimdal/lib/hx509/crmf.asn1 (revision 61e21613) 
1-- $Id$
2PKCS10 DEFINITIONS ::=
3
4BEGIN
5
6IMPORTS
7	Time,
8	GeneralName,
9	SubjectPublicKeyInfo,
10	RelativeDistinguishedName,
11	AttributeTypeAndValue,
12	Extension,
13	AlgorithmIdentifier
14	FROM rfc2459
15	heim_any
16	FROM heim;
17
18CRMFRDNSequence ::= SEQUENCE OF RelativeDistinguishedName
19
20Controls  ::= SEQUENCE -- SIZE(1..MAX) -- OF AttributeTypeAndValue
21
22-- XXX IMPLICIT brokenness
23POPOSigningKey ::= SEQUENCE {
24	poposkInput           [0] IMPLICIT POPOSigningKeyInput OPTIONAL,
25	algorithmIdentifier   AlgorithmIdentifier,
26	signature             BIT STRING }
27
28PKMACValue ::= SEQUENCE {
29	algId  AlgorithmIdentifier,
30	value  BIT STRING
31}
32
33-- XXX IMPLICIT brokenness
34POPOSigningKeyInput ::= SEQUENCE {
35	authInfo            CHOICE {
36		sender              [0] IMPLICIT GeneralName,
37		publicKeyMAC        PKMACValue
38	},
39	publicKey           SubjectPublicKeyInfo
40}  -- from CertTemplate
41
42
43PBMParameter ::= SEQUENCE {
44   salt                OCTET STRING,
45   owf                 AlgorithmIdentifier,
46   iterationCount      INTEGER,
47   mac                 AlgorithmIdentifier
48}
49
50SubsequentMessage ::= INTEGER {
51	encrCert (0),
52	challengeResp (1)
53}
54
55-- XXX IMPLICIT brokenness
56POPOPrivKey ::= CHOICE {
57	thisMessage       [0] BIT STRING,         -- Deprecated
58	subsequentMessage [1] IMPLICIT SubsequentMessage,
59	dhMAC             [2] BIT STRING,         -- Deprecated
60	agreeMAC          [3] IMPLICIT PKMACValue,
61	encryptedKey      [4] heim_any
62}
63
64-- XXX IMPLICIT brokenness
65ProofOfPossession ::= CHOICE {
66	raVerified        [0] NULL,
67	signature         [1] POPOSigningKey,
68	keyEncipherment   [2] POPOPrivKey,
69	keyAgreement      [3] POPOPrivKey
70}
71
72CertTemplate ::= SEQUENCE {
73	version      [0] INTEGER OPTIONAL,
74	serialNumber [1] INTEGER OPTIONAL,
75	signingAlg   [2] SEQUENCE {
76		algorithm	OBJECT IDENTIFIER,
77		parameters	heim_any OPTIONAL
78	} -- AlgorithmIdentifier --   OPTIONAL,
79	issuer       [3] IMPLICIT CHOICE {
80		rdnSequence  CRMFRDNSequence
81	} -- Name --  OPTIONAL,
82	validity     [4] SEQUENCE {
83		notBefore  [0] Time OPTIONAL,
84		notAfter   [1] Time OPTIONAL
85	} -- OptionalValidity -- OPTIONAL,
86	subject      [5] IMPLICIT CHOICE {
87		rdnSequence  CRMFRDNSequence
88	} -- Name -- OPTIONAL,
89	publicKey    [6] IMPLICIT SEQUENCE  {
90		algorithm            AlgorithmIdentifier,
91		subjectPublicKey     BIT STRING OPTIONAL
92	} -- SubjectPublicKeyInfo -- OPTIONAL,
93	issuerUID    [7] IMPLICIT BIT STRING OPTIONAL,
94	subjectUID   [8] IMPLICIT BIT STRING OPTIONAL,
95	extensions   [9] IMPLICIT SEQUENCE OF Extension OPTIONAL
96}
97
98CertRequest ::= SEQUENCE {
99	certReqId	INTEGER,
100	certTemplate	CertTemplate,
101	controls	Controls OPTIONAL
102}
103
104CertReqMsg ::= SEQUENCE {
105	certReq		CertRequest,
106	popo		ProofOfPossession  OPTIONAL,
107	regInfo		SEQUENCE OF AttributeTypeAndValue OPTIONAL }
108
109CertReqMessages ::= SEQUENCE OF CertReqMsg
110
111
112END
113
114