Update to pkinit-27

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15761 ec53bebd-3082-4978-b11e-865c3cabbd6b

lib/asn1/Makefile.am

@@ -228,41 +228,40 @@ gen_files_rfc2459 =					\
 	asn1_RSAPublicKey.x				\
 	asn1_DigestInfo.x
 
-
-gen_files_pkinit =				\
-	asn1_id_pkinit.x			\
-	asn1_id_pkauthdata.x			\
-	asn1_id_pkdhkeydata.x			\
-	asn1_id_pkrkeydata.x			\
-	asn1_id_pkekuoid.x			\
-	asn1_id_pkkdcekuoid.x			\
-	asn1_DHNonce.x				\
-	asn1_TrustedCA.x			\
-	asn1_PA_PK_AS_REQ.x			\
-	asn1_PKAuthenticator.x			\
-	asn1_AuthPack.x				\
-	asn1_TD_TRUSTED_CERTIFIERS.x		\
-	asn1_TD_INVALID_CERTIFICATES.x		\
-	asn1_KRB5PrincipalName.x		\
-	asn1_AD_INITIAL_VERIFIED_CAS.x		\
-	asn1_DHRepInfo.x			\
-	asn1_PA_PK_AS_REP.x			\
-	asn1_KDCDHKeyInfo.x			\
-	asn1_ReplyKeyPack.x			\
-	asn1_TD_DH_PARAMETERS.x			\
-	asn1_PKAuthenticator_Win2k.x		\
-	asn1_AuthPack_Win2k.x			\
-	asn1_PA_PK_AS_REP_Win2k.x		\
-	asn1_KDCDHKeyInfo_Win2k.x		\
-	asn1_TrustedCA_19.x			\
-	asn1_PA_PK_AS_REQ_19.x			\
-	asn1_PA_PK_AS_REQ_Win2k.x		\
-	asn1_PKAuthenticator_19.x		\
-	asn1_AuthPack_19.x			\
-	asn1_PA_PK_AS_REP_19.x			\
+gen_files_pkinit =					\
+	asn1_id_pkinit.x				\
+	asn1_id_pkauthdata.x				\
+	asn1_id_pkdhkeydata.x				\
+	asn1_id_pkrkeydata.x				\
+	asn1_id_pkekuoid.x				\
+	asn1_id_pkkdcekuoid.x				\
+	asn1_DHNonce.x					\
+	asn1_TrustedCA.x				\
+	asn1_ExternalPrincipalIdentifier.x		\
+	asn1_PA_PK_AS_REQ.x				\
+	asn1_PKAuthenticator.x				\
+	asn1_AuthPack.x					\
+	asn1_TD_TRUSTED_CERTIFIERS.x			\
+	asn1_TD_INVALID_CERTIFICATES.x			\
+	asn1_KRB5PrincipalName.x			\
+	asn1_AD_INITIAL_VERIFIED_CAS.x			\
+	asn1_DHRepInfo.x				\
+	asn1_PA_PK_AS_REP.x				\
+	asn1_KDCDHKeyInfo.x				\
+	asn1_ReplyKeyPack.x				\
+	asn1_TD_DH_PARAMETERS.x				\
+	asn1_PKAuthenticator_Win2k.x			\
+	asn1_AuthPack_Win2k.x				\
+	asn1_PA_PK_AS_REP_Win2k.x			\
+	asn1_KDCDHKeyInfo_Win2k.x			\
+	asn1_TrustedCA_19.x				\
+	asn1_PA_PK_AS_REQ_19.x				\
+	asn1_PA_PK_AS_REQ_Win2k.x			\
+	asn1_PKAuthenticator_19.x			\
+	asn1_AuthPack_19.x				\
+	asn1_PA_PK_AS_REP_19.x				\
 	asn1_ReplyKeyPack_19.x
 
-
 gen_files_pkcs12 =					\
 	asn1_id_pkcs_12.x				\
 	asn1_id_pkcs_12PbeIds.x				\

lib/asn1/pkinit.asn1

@@ -17,6 +17,10 @@ id-pkrkeydata  OBJECT IDENTIFIER  ::= { id-pkinit 3 }
 id-pkekuoid    OBJECT IDENTIFIER  ::= { id-pkinit 4 }
 id-pkkdcekuoid OBJECT IDENTIFIER  ::= { id-pkinit 5 }
 
+id-pksan	OBJECT IDENTIFIER ::=
+  { iso(1) org(3) dod(6) internet(1) security(5) kerberosv5(2)
+    x509-sanan(2) }
+
 pa-pk-as-req INTEGER ::=                  16
 pa-pk-as-rep INTEGER ::=                  17
 
@@ -35,9 +39,17 @@ TrustedCA ::= SEQUENCE {
 	...
 }
 
+ExternalPrincipalIdentifier ::= SEQUENCE {
+	subjectName		[0] IMPLICIT OCTET STRING OPTIONAL,
+	issuerAndSerialNumber	[1] IMPLICIT OCTET STRING OPTIONAL,
+	subjectKeyIdentifier	[2] IMPLICIT OCTET STRING OPTIONAL,
+	...
+}
+
 PA-PK-AS-REQ ::= SEQUENCE {
-	signedAuthPack          [0] IMPLICIT OCTET STRING,
-	trustedCertifiers       [1] SEQUENCE OF TrustedCA OPTIONAL,
+        signedAuthPack          [0] IMPLICIT OCTET STRING,
+        trustedCertifiers       [1] SEQUENCE OF 
+			ExternalPrincipalIdentifier OPTIONAL,
 	kdcPkId                 [2] IMPLICIT OCTET STRING OPTIONAL,
 	...
 }
@@ -58,15 +70,15 @@ AuthPack ::= SEQUENCE {
 	...
 }
 
-TD-TRUSTED-CERTIFIERS ::= SEQUENCE OF TrustedCA
-TD-INVALID-CERTIFICATES ::= SEQUENCE OF OCTET STRING
+TD-TRUSTED-CERTIFIERS ::= SEQUENCE OF ExternalPrincipalIdentifier
+TD-INVALID-CERTIFICATES ::= SEQUENCE OF ExternalPrincipalIdentifier
 
 KRB5PrincipalName ::= SEQUENCE {
 	realm                   [0] Realm,
 	principalName           [1] PrincipalName
 }
 
-AD-INITIAL-VERIFIED-CAS ::= SEQUENCE OF TrustedCA
+AD-INITIAL-VERIFIED-CAS ::= SEQUENCE OF ExternalPrincipalIdentifier
 
 
 DHRepInfo ::= SEQUENCE {
@@ -89,7 +101,7 @@ KDCDHKeyInfo ::= SEQUENCE {
 
 ReplyKeyPack ::= SEQUENCE {
 	replyKey                [0] EncryptionKey,
-	nonce                   [1] INTEGER (0..4294967295),
+	asChecksum		[1] Checksum,
 	...
 }