diff options
Diffstat (limited to 'epan/dissectors/asn1/pkinit/PKINIT.asn')
-rw-r--r-- | epan/dissectors/asn1/pkinit/PKINIT.asn | 150 |
1 files changed, 150 insertions, 0 deletions
diff --git a/epan/dissectors/asn1/pkinit/PKINIT.asn b/epan/dissectors/asn1/pkinit/PKINIT.asn new file mode 100644 index 0000000000..2af0321a84 --- /dev/null +++ b/epan/dissectors/asn1/pkinit/PKINIT.asn @@ -0,0 +1,150 @@ +--NOTE: we have to accomodate BOTH existing users of early drafts, such as +--packetcable as well as new users once the protocol is standardized. +-- +--This asn1 file is based on draft-ietf-cat-kerberos-pk-init-20.txt +--but has been modified to acocmodate the Wireshark asn2wrs compiler +--and our environment +-- +--new structures are uncommented and added on demand as they are required +-- +--Copyright (C) The Internet Society (2004). This document is subject +--to the rights, licenses and restrictions contained in BCP 78, and +--except as set forth therein, the authors retain all their rights. +-- +-- +--This document and the information contained herein are provided on an +--"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS +--OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET +--ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, +--INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE +--INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED +--WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. +-- + +KerberosV5-PK-INIT-SPEC { + iso(1) identified-organization(3) dod(6) internet(1) + security(5) kerberosV5(2) modules(4) pkinit(5) } +DEFINITIONS EXPLICIT TAGS ::= +BEGIN + + + IMPORTS + SubjectPublicKeyInfo, AlgorithmIdentifier, Name + FROM PKIX1Explicit88 { iso (1) identified-organization (3) + dod (6) internet (1) security (5) mechanisms (5) + pkix (7) id-mod (0) id-pkix1-explicit (18) } + + + ContentInfo, IssuerAndSerialNumber + FROM CryptographicMessageSyntax { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) + modules(0) cms(1) } + + + KerberosTime, Checksum, TYPED-DATA, PrincipalName, Realm, EncryptionKey + FROM KerberosV5Spec2 { iso(1) identified-organization(3) + dod(6) internet(1) security(5) kerberosV5(2) modules(4) + krb5spec2(2) } ; + + +-- id-pkinit OBJECT IDENTIFIER ::= +-- { iso (1) org (3) dod (6) internet (1) security (5) +-- kerberosv5 (2) pkinit (3) } +-- +-- +-- id-pkauthdata OBJECT IDENTIFIER ::= { id-pkinit 1 } +-- id-pkdhkeydata OBJECT IDENTIFIER ::= { id-pkinit 2 } +-- id-pkrkeydata OBJECT IDENTIFIER ::= { id-pkinit 3 } +-- id-pkekuoid OBJECT IDENTIFIER ::= { id-pkinit 4 } +-- id-pkkdcekuoid OBJECT IDENTIFIER ::= { id-pkinit 5 } +-- +-- +-- pa-pk-as-req INTEGER ::= TBD +-- pa-pk-as-rep INTEGER ::= TBD +-- pa-pk-ocsp-req INTEGER ::= TBD +-- pa-pk-ocsp-rep INTEGER ::= TBD +-- +-- +-- ad-initial-verified-cas INTEGER ::= TBD +-- +-- +-- td-dh-parameters INTEGER ::= TBD +-- td-trusted-certifiers INTEGER ::= 104 +-- td-certificate-index INTEGER ::= 105 + + +PaPkAsReq ::= SEQUENCE { + signedAuthPack [0] ContentInfo, + trustedCertifiers [1] SEQUENCE OF TrustedCA OPTIONAL, + kdcCert [2] IssuerAndSerialNumber OPTIONAL, + ... +} + + +TrustedCA ::= CHOICE { + caName [0] Name, + issuerAndSerial [2] IssuerAndSerialNumber, + ... +} + + +AuthPack ::= SEQUENCE { + pkAuthenticator [0] PKAuthenticator, + clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL, + supportedCMSTypes [2] SEQUENCE OF AlgorithmIdentifier + OPTIONAL, + ... +} + + +PKAuthenticator ::= SEQUENCE { + cusec [0] INTEGER, + ctime [1] KerberosTime, + nonce [2] INTEGER (0..4294967295), + paChecksum [3] Checksum, + ... +} + +-- +-- TrustedCertifiers ::= SEQUENCE OF Name +-- +-- +-- CertificateIndex ::= IssuerAndSerialNumber +-- +-- +KRB5PrincipalName ::= SEQUENCE { + realm [0] Realm, + principalName [1] PrincipalName +} +-- +-- +-- InitialVerifiedCAs ::= SEQUENCE OF SEQUENCE { +-- ca [0] Name, +-- validated [1] BOOLEAN, +-- ... +-- } +-- + +PaPkAsRep ::= CHOICE { + dhSignedData [0] ContentInfo, + encKeyPack [1] ContentInfo, + ... +} + + +KDCDHKeyInfo ::= SEQUENCE { + subjectPublicKey [0] BIT STRING, + nonce [1] INTEGER, + dhKeyExpiration [2] KerberosTime OPTIONAL, + ... +} + +-- +-- ReplyKeyPack ::= SEQUENCE { +-- replyKey [0] EncryptionKey, +-- nonce [1] INTEGER (0..4294967295), +-- ... +-- } + +END + |