Update to pkinit-27

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15761 ec53bebd-3082-4978-b11e-865c3cabbd6b
2005-07-26 18:38:08 +00:00
parent 7e8fdbc14d
commit 9b6c2d438b
2 changed files with 50 additions and 39 deletions
--- a/lib/asn1/Makefile.am
+++ b/lib/asn1/Makefile.am
@@ -228,7 +228,6 @@ gen_files_rfc2459 =					\
 	asn1_RSAPublicKey.x				\
 	asn1_DigestInfo.x

-
 gen_files_pkinit =					\
 	asn1_id_pkinit.x				\
 	asn1_id_pkauthdata.x				\
@@ -238,6 +237,7 @@ gen_files_pkinit =				\
 	asn1_id_pkkdcekuoid.x				\
 	asn1_DHNonce.x					\
 	asn1_TrustedCA.x				\
+	asn1_ExternalPrincipalIdentifier.x		\
 	asn1_PA_PK_AS_REQ.x				\
 	asn1_PKAuthenticator.x				\
 	asn1_AuthPack.x					\
@@ -262,7 +262,6 @@ gen_files_pkinit =				\
 	asn1_PA_PK_AS_REP_19.x				\
 	asn1_ReplyKeyPack_19.x

-
 gen_files_pkcs12 =					\
 	asn1_id_pkcs_12.x				\
 	asn1_id_pkcs_12PbeIds.x				\
--- a/lib/asn1/pkinit.asn1
+++ b/lib/asn1/pkinit.asn1
@@ -17,6 +17,10 @@ id-pkrkeydata  OBJECT IDENTIFIER  ::= { id-pkinit 3 }
 id-pkekuoid    OBJECT IDENTIFIER  ::= { id-pkinit 4 }
 id-pkkdcekuoid OBJECT IDENTIFIER  ::= { id-pkinit 5 }

+id-pksan	OBJECT IDENTIFIER ::=
+  { iso(1) org(3) dod(6) internet(1) security(5) kerberosv5(2)
+    x509-sanan(2) }
+
 pa-pk-as-req INTEGER ::=                  16
 pa-pk-as-rep INTEGER ::=                  17

@@ -35,9 +39,17 @@ TrustedCA ::= SEQUENCE {
 	...
 }

+ExternalPrincipalIdentifier ::= SEQUENCE {
+	subjectName		[0] IMPLICIT OCTET STRING OPTIONAL,
+	issuerAndSerialNumber	[1] IMPLICIT OCTET STRING OPTIONAL,
+	subjectKeyIdentifier	[2] IMPLICIT OCTET STRING OPTIONAL,
+	...
+}
+
 PA-PK-AS-REQ ::= SEQUENCE {
        signedAuthPack          [0] IMPLICIT OCTET STRING,
-	trustedCertifiers       [1] SEQUENCE OF TrustedCA OPTIONAL,
+        trustedCertifiers       [1] SEQUENCE OF 
+			ExternalPrincipalIdentifier OPTIONAL,
 	kdcPkId                 [2] IMPLICIT OCTET STRING OPTIONAL,
 	...
 }
@@ -58,15 +70,15 @@ AuthPack ::= SEQUENCE {
 	...
 }

-TD-TRUSTED-CERTIFIERS ::= SEQUENCE OF TrustedCA
-TD-INVALID-CERTIFICATES ::= SEQUENCE OF OCTET STRING
+TD-TRUSTED-CERTIFIERS ::= SEQUENCE OF ExternalPrincipalIdentifier
+TD-INVALID-CERTIFICATES ::= SEQUENCE OF ExternalPrincipalIdentifier

 KRB5PrincipalName ::= SEQUENCE {
 	realm                   [0] Realm,
 	principalName           [1] PrincipalName
 }

-AD-INITIAL-VERIFIED-CAS ::= SEQUENCE OF TrustedCA
+AD-INITIAL-VERIFIED-CAS ::= SEQUENCE OF ExternalPrincipalIdentifier


 DHRepInfo ::= SEQUENCE {
@@ -89,7 +101,7 @@ KDCDHKeyInfo ::= SEQUENCE {

 ReplyKeyPack ::= SEQUENCE {
 	replyKey                [0] EncryptionKey,
-	nonce                   [1] INTEGER (0..4294967295),
+	asChecksum		[1] Checksum,
 	...
 }