diff --git a/lib/asn1/Makefile.am b/lib/asn1/Makefile.am index 74ef2be33..fc589bab7 100644 --- a/lib/asn1/Makefile.am +++ b/lib/asn1/Makefile.am @@ -228,41 +228,40 @@ gen_files_rfc2459 = \ asn1_RSAPublicKey.x \ asn1_DigestInfo.x - -gen_files_pkinit = \ - asn1_id_pkinit.x \ - asn1_id_pkauthdata.x \ - asn1_id_pkdhkeydata.x \ - asn1_id_pkrkeydata.x \ - asn1_id_pkekuoid.x \ - asn1_id_pkkdcekuoid.x \ - asn1_DHNonce.x \ - asn1_TrustedCA.x \ - asn1_PA_PK_AS_REQ.x \ - asn1_PKAuthenticator.x \ - asn1_AuthPack.x \ - asn1_TD_TRUSTED_CERTIFIERS.x \ - asn1_TD_INVALID_CERTIFICATES.x \ - asn1_KRB5PrincipalName.x \ - asn1_AD_INITIAL_VERIFIED_CAS.x \ - asn1_DHRepInfo.x \ - asn1_PA_PK_AS_REP.x \ - asn1_KDCDHKeyInfo.x \ - asn1_ReplyKeyPack.x \ - asn1_TD_DH_PARAMETERS.x \ - asn1_PKAuthenticator_Win2k.x \ - asn1_AuthPack_Win2k.x \ - asn1_PA_PK_AS_REP_Win2k.x \ - asn1_KDCDHKeyInfo_Win2k.x \ - asn1_TrustedCA_19.x \ - asn1_PA_PK_AS_REQ_19.x \ - asn1_PA_PK_AS_REQ_Win2k.x \ - asn1_PKAuthenticator_19.x \ - asn1_AuthPack_19.x \ - asn1_PA_PK_AS_REP_19.x \ +gen_files_pkinit = \ + asn1_id_pkinit.x \ + asn1_id_pkauthdata.x \ + asn1_id_pkdhkeydata.x \ + asn1_id_pkrkeydata.x \ + asn1_id_pkekuoid.x \ + asn1_id_pkkdcekuoid.x \ + asn1_DHNonce.x \ + asn1_TrustedCA.x \ + asn1_ExternalPrincipalIdentifier.x \ + asn1_PA_PK_AS_REQ.x \ + asn1_PKAuthenticator.x \ + asn1_AuthPack.x \ + asn1_TD_TRUSTED_CERTIFIERS.x \ + asn1_TD_INVALID_CERTIFICATES.x \ + asn1_KRB5PrincipalName.x \ + asn1_AD_INITIAL_VERIFIED_CAS.x \ + asn1_DHRepInfo.x \ + asn1_PA_PK_AS_REP.x \ + asn1_KDCDHKeyInfo.x \ + asn1_ReplyKeyPack.x \ + asn1_TD_DH_PARAMETERS.x \ + asn1_PKAuthenticator_Win2k.x \ + asn1_AuthPack_Win2k.x \ + asn1_PA_PK_AS_REP_Win2k.x \ + asn1_KDCDHKeyInfo_Win2k.x \ + asn1_TrustedCA_19.x \ + asn1_PA_PK_AS_REQ_19.x \ + asn1_PA_PK_AS_REQ_Win2k.x \ + asn1_PKAuthenticator_19.x \ + asn1_AuthPack_19.x \ + asn1_PA_PK_AS_REP_19.x \ asn1_ReplyKeyPack_19.x - gen_files_pkcs12 = \ asn1_id_pkcs_12.x \ asn1_id_pkcs_12PbeIds.x \ diff --git a/lib/asn1/pkinit.asn1 b/lib/asn1/pkinit.asn1 index 224702cc5..4bdfb4faf 100644 --- a/lib/asn1/pkinit.asn1 +++ b/lib/asn1/pkinit.asn1 @@ -17,6 +17,10 @@ id-pkrkeydata OBJECT IDENTIFIER ::= { id-pkinit 3 } id-pkekuoid OBJECT IDENTIFIER ::= { id-pkinit 4 } id-pkkdcekuoid OBJECT IDENTIFIER ::= { id-pkinit 5 } +id-pksan OBJECT IDENTIFIER ::= + { iso(1) org(3) dod(6) internet(1) security(5) kerberosv5(2) + x509-sanan(2) } + pa-pk-as-req INTEGER ::= 16 pa-pk-as-rep INTEGER ::= 17 @@ -35,9 +39,17 @@ TrustedCA ::= SEQUENCE { ... } +ExternalPrincipalIdentifier ::= SEQUENCE { + subjectName [0] IMPLICIT OCTET STRING OPTIONAL, + issuerAndSerialNumber [1] IMPLICIT OCTET STRING OPTIONAL, + subjectKeyIdentifier [2] IMPLICIT OCTET STRING OPTIONAL, + ... +} + PA-PK-AS-REQ ::= SEQUENCE { - signedAuthPack [0] IMPLICIT OCTET STRING, - trustedCertifiers [1] SEQUENCE OF TrustedCA OPTIONAL, + signedAuthPack [0] IMPLICIT OCTET STRING, + trustedCertifiers [1] SEQUENCE OF + ExternalPrincipalIdentifier OPTIONAL, kdcPkId [2] IMPLICIT OCTET STRING OPTIONAL, ... } @@ -58,15 +70,15 @@ AuthPack ::= SEQUENCE { ... } -TD-TRUSTED-CERTIFIERS ::= SEQUENCE OF TrustedCA -TD-INVALID-CERTIFICATES ::= SEQUENCE OF OCTET STRING +TD-TRUSTED-CERTIFIERS ::= SEQUENCE OF ExternalPrincipalIdentifier +TD-INVALID-CERTIFICATES ::= SEQUENCE OF ExternalPrincipalIdentifier KRB5PrincipalName ::= SEQUENCE { realm [0] Realm, principalName [1] PrincipalName } -AD-INITIAL-VERIFIED-CAS ::= SEQUENCE OF TrustedCA +AD-INITIAL-VERIFIED-CAS ::= SEQUENCE OF ExternalPrincipalIdentifier DHRepInfo ::= SEQUENCE { @@ -89,7 +101,7 @@ KDCDHKeyInfo ::= SEQUENCE { ReplyKeyPack ::= SEQUENCE { replyKey [0] EncryptionKey, - nonce [1] INTEGER (0..4294967295), + asChecksum [1] Checksum, ... }