b8c76c0739
Asn1 modules are autogenerated and not covered by pep8 Change-Id: I7a4e9c308001ed3051e68d2a27e454977f6e787b
426 lines
13 KiB
Groff
426 lines
13 KiB
Groff
EnrollmentMessageSyntax-2011-v88
|
|
{ iso(1) identified-organization(3) dod(6) internet(1)
|
|
security(5) mechanisms(5) pkix(7) id-mod(0)
|
|
id-mod-enrollMsgSyntax-2011-88(76) }
|
|
|
|
DEFINITIONS IMPLICIT TAGS ::=
|
|
BEGIN
|
|
|
|
-- EXPORTS All --
|
|
-- The types and values defined in this module are exported for use
|
|
-- in the other ASN.1 modules. Other applications may use them for
|
|
-- their own purposes.
|
|
|
|
-- fake imports
|
|
|
|
-- PKIX Part 1 - Implicit From [RFC5280]
|
|
GeneralName ::= CHOICE { any ANY }
|
|
CRLReason ::= INTEGER
|
|
ReasonFlags ::= BIT STRING
|
|
GeneralNames ::= ANY
|
|
|
|
-- PKIX Part 1 - Explicit From [RFC5280]
|
|
AlgorithmIdentifier ::= ANY
|
|
Extension ::= ANY
|
|
Name ::= CHOICE { any ANY }
|
|
CertificateSerialNumber ::= INTEGER
|
|
|
|
-- Cryptographic Message Syntax FROM [CMS]
|
|
ContentInfo ::= ANY
|
|
Attribute ::= ANY
|
|
IssuerAndSerialNumber ::= ANY
|
|
|
|
-- CRMF FROM [RFC4211]
|
|
CertReqMsg ::= ANY
|
|
PKIPublicationInfo ::= ANY
|
|
CertTemplate ::= ANY
|
|
|
|
-- Global Types
|
|
-- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING
|
|
-- The content of this type conforms to RFC 3629.
|
|
|
|
id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
|
|
dod(6) internet(1) security(5) mechanisms(5) pkix(7) }
|
|
id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
|
|
id-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
|
|
|
|
id-cmc OBJECT IDENTIFIER ::= {id-pkix 7} -- CMC controls
|
|
id-cct OBJECT IDENTIFIER ::= {id-pkix 12} -- CMC content types
|
|
|
|
-- The following controls have the type OCTET STRING
|
|
|
|
id-cmc-identityProof OBJECT IDENTIFIER ::= {id-cmc 3}
|
|
id-cmc-dataReturn OBJECT IDENTIFIER ::= {id-cmc 4}
|
|
id-cmc-regInfo OBJECT IDENTIFIER ::= {id-cmc 18}
|
|
id-cmc-responseInfo OBJECT IDENTIFIER ::= {id-cmc 19}
|
|
id-cmc-queryPending OBJECT IDENTIFIER ::= {id-cmc 21}
|
|
id-cmc-popLinkRandom OBJECT IDENTIFIER ::= {id-cmc 22}
|
|
id-cmc-popLinkWitness OBJECT IDENTIFIER ::= {id-cmc 23}
|
|
|
|
-- The following controls have the type UTF8String
|
|
|
|
id-cmc-identification OBJECT IDENTIFIER ::= {id-cmc 2}
|
|
|
|
-- The following controls have the type INTEGER
|
|
|
|
id-cmc-transactionId OBJECT IDENTIFIER ::= {id-cmc 5}
|
|
|
|
-- The following controls have the type OCTET STRING
|
|
|
|
id-cmc-senderNonce OBJECT IDENTIFIER ::= {id-cmc 6}
|
|
id-cmc-recipientNonce OBJECT IDENTIFIER ::= {id-cmc 7}
|
|
|
|
-- This is the content type used for a request message
|
|
-- in the protocol
|
|
|
|
id-cct-PKIData OBJECT IDENTIFIER ::= { id-cct 2 }
|
|
|
|
PKIData ::= SEQUENCE {
|
|
controlSequence SEQUENCE SIZE(0..MAX) OF TaggedAttribute,
|
|
reqSequence SEQUENCE SIZE(0..MAX) OF TaggedRequest,
|
|
cmsSequence SEQUENCE SIZE(0..MAX) OF TaggedContentInfo,
|
|
otherMsgSequence SEQUENCE SIZE(0..MAX) OF OtherMsg
|
|
}
|
|
|
|
bodyIdMax INTEGER ::= 4294967295
|
|
|
|
BodyPartID ::= INTEGER(0..bodyIdMax)
|
|
|
|
TaggedAttribute ::= SEQUENCE {
|
|
bodyPartID BodyPartID,
|
|
attrType OBJECT IDENTIFIER,
|
|
attrValues SET OF AttributeValue
|
|
}
|
|
|
|
AttributeValue ::= ANY
|
|
|
|
TaggedRequest ::= CHOICE {
|
|
tcr [0] TaggedCertificationRequest,
|
|
crm [1] CertReqMsg,
|
|
orm [2] SEQUENCE {
|
|
bodyPartID BodyPartID,
|
|
requestMessageType OBJECT IDENTIFIER,
|
|
requestMessageValue ANY DEFINED BY requestMessageType
|
|
}
|
|
}
|
|
|
|
TaggedCertificationRequest ::= SEQUENCE {
|
|
bodyPartID BodyPartID,
|
|
certificationRequest CertificationRequest
|
|
}
|
|
|
|
CertificationRequest ::= SEQUENCE {
|
|
certificationRequestInfo SEQUENCE {
|
|
version INTEGER,
|
|
subject Name,
|
|
subjectPublicKeyInfo SEQUENCE {
|
|
algorithm AlgorithmIdentifier,
|
|
subjectPublicKey BIT STRING },
|
|
attributes [0] IMPLICIT SET OF Attribute },
|
|
signatureAlgorithm AlgorithmIdentifier,
|
|
signature BIT STRING
|
|
}
|
|
|
|
TaggedContentInfo ::= SEQUENCE {
|
|
bodyPartID BodyPartID,
|
|
contentInfo ContentInfo
|
|
}
|
|
|
|
OtherMsg ::= SEQUENCE {
|
|
bodyPartID BodyPartID,
|
|
otherMsgType OBJECT IDENTIFIER,
|
|
otherMsgValue ANY DEFINED BY otherMsgType }
|
|
|
|
-- This defines the response message in the protocol
|
|
id-cct-PKIResponse OBJECT IDENTIFIER ::= { id-cct 3 }
|
|
|
|
|
|
ResponseBody ::= PKIResponse
|
|
|
|
PKIResponse ::= SEQUENCE {
|
|
controlSequence SEQUENCE SIZE(0..MAX) OF TaggedAttribute,
|
|
cmsSequence SEQUENCE SIZE(0..MAX) OF TaggedContentInfo,
|
|
otherMsgSequence SEQUENCE SIZE(0..MAX) OF OtherMsg
|
|
|
|
}
|
|
|
|
-- Used to return status state in a response
|
|
|
|
id-cmc-statusInfo OBJECT IDENTIFIER ::= {id-cmc 1}
|
|
|
|
CMCStatusInfo ::= SEQUENCE {
|
|
cMCStatus CMCStatus,
|
|
bodyList SEQUENCE SIZE (1..MAX) OF BodyPartID,
|
|
statusString UTF8String OPTIONAL,
|
|
otherInfo CHOICE {
|
|
failInfo CMCFailInfo,
|
|
pendInfo PendInfo } OPTIONAL
|
|
}
|
|
|
|
PendInfo ::= SEQUENCE {
|
|
pendToken OCTET STRING,
|
|
pendTime GeneralizedTime
|
|
}
|
|
|
|
CMCStatus ::= INTEGER {
|
|
success (0),
|
|
failed (2),
|
|
pending (3),
|
|
noSupport (4),
|
|
confirmRequired (5),
|
|
popRequired (6),
|
|
partial (7)
|
|
}
|
|
|
|
|
|
-- Note:
|
|
-- The spelling of unsupportedExt is corrected in this version.
|
|
-- In RFC 2797, it was unsuportedExt.
|
|
|
|
CMCFailInfo ::= INTEGER {
|
|
badAlg (0),
|
|
badMessageCheck (1),
|
|
badRequest (2),
|
|
badTime (3),
|
|
badCertId (4),
|
|
unsupportedExt (5),
|
|
mustArchiveKeys (6),
|
|
badIdentity (7),
|
|
popRequired (8),
|
|
popFailed (9),
|
|
noKeyReuse (10),
|
|
internalCAError (11),
|
|
tryLater (12),
|
|
authDataFail (13)
|
|
}
|
|
|
|
-- Used for RAs to add extensions to certification requests
|
|
id-cmc-addExtensions OBJECT IDENTIFIER ::= {id-cmc 8}
|
|
|
|
AddExtensions ::= SEQUENCE {
|
|
pkiDataReference BodyPartID,
|
|
certReferences SEQUENCE OF BodyPartID,
|
|
extensions SEQUENCE OF Extension
|
|
}
|
|
|
|
|
|
id-cmc-encryptedPOP OBJECT IDENTIFIER ::= {id-cmc 9}
|
|
id-cmc-decryptedPOP OBJECT IDENTIFIER ::= {id-cmc 10}
|
|
|
|
EncryptedPOP ::= SEQUENCE {
|
|
request TaggedRequest,
|
|
cms ContentInfo,
|
|
thePOPAlgID AlgorithmIdentifier,
|
|
witnessAlgID AlgorithmIdentifier,
|
|
witness OCTET STRING
|
|
}
|
|
|
|
DecryptedPOP ::= SEQUENCE {
|
|
bodyPartID BodyPartID,
|
|
thePOPAlgID AlgorithmIdentifier,
|
|
thePOP OCTET STRING
|
|
}
|
|
|
|
id-cmc-lraPOPWitness OBJECT IDENTIFIER ::= {id-cmc 11}
|
|
|
|
LraPopWitness ::= SEQUENCE {
|
|
pkiDataBodyid BodyPartID,
|
|
bodyIds SEQUENCE OF BodyPartID
|
|
}
|
|
|
|
--
|
|
id-cmc-getCert OBJECT IDENTIFIER ::= {id-cmc 15}
|
|
|
|
GetCert ::= SEQUENCE {
|
|
issuerName GeneralName,
|
|
serialNumber INTEGER }
|
|
|
|
id-cmc-getCRL OBJECT IDENTIFIER ::= {id-cmc 16}
|
|
|
|
GetCRL ::= SEQUENCE {
|
|
issuerName Name,
|
|
cRLName GeneralName OPTIONAL,
|
|
time GeneralizedTime OPTIONAL,
|
|
reasons ReasonFlags OPTIONAL }
|
|
|
|
id-cmc-revokeRequest OBJECT IDENTIFIER ::= {id-cmc 17}
|
|
|
|
RevokeRequest ::= SEQUENCE {
|
|
issuerName Name,
|
|
serialNumber INTEGER,
|
|
reason CRLReason,
|
|
invalidityDate GeneralizedTime OPTIONAL,
|
|
passphrase OCTET STRING OPTIONAL,
|
|
comment UTF8String OPTIONAL }
|
|
|
|
id-cmc-confirmCertAcceptance OBJECT IDENTIFIER ::= {id-cmc 24}
|
|
|
|
CMCCertId ::= IssuerAndSerialNumber
|
|
|
|
-- The following is used to request V3 extensions be added to a
|
|
-- certificate
|
|
|
|
id-ExtensionReq OBJECT IDENTIFIER ::= {iso(1) member-body(2)
|
|
us(840) rsadsi(113549) pkcs(1) pkcs-9(9) 14}
|
|
|
|
ExtensionReq ::= SEQUENCE SIZE (1..MAX) OF Extension
|
|
|
|
-- The following exists to allow Diffie-Hellman Certification
|
|
-- Request Messages to be well-formed
|
|
|
|
id-alg-noSignature OBJECT IDENTIFIER ::= {id-pkix id-alg(6) 2}
|
|
|
|
NoSignatureValue ::= OCTET STRING
|
|
|
|
-- Unauthenticated attribute to carry removable data.
|
|
-- This could be used in an update of "CMC Extensions: Server
|
|
-- Side Key Generation and Key Escrow" (February 2005) and in
|
|
-- other documents.
|
|
|
|
id-aa OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
|
|
rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2)}
|
|
id-aa-cmc-unsignedData OBJECT IDENTIFIER ::= {id-aa 34}
|
|
|
|
CMCUnsignedData ::= SEQUENCE {
|
|
bodyPartPath BodyPartPath,
|
|
identifier OBJECT IDENTIFIER,
|
|
content ANY DEFINED BY identifier
|
|
}
|
|
|
|
-- Replaces CMC Status Info
|
|
--
|
|
|
|
id-cmc-statusInfoV2 OBJECT IDENTIFIER ::= {id-cmc 25}
|
|
|
|
CMCStatusInfoV2 ::= SEQUENCE {
|
|
cMCStatus CMCStatus,
|
|
bodyList SEQUENCE SIZE (1..MAX) OF
|
|
BodyPartReference,
|
|
statusString UTF8String OPTIONAL,
|
|
otherInfo CHOICE {
|
|
failInfo CMCFailInfo,
|
|
pendInfo PendInfo,
|
|
extendedFailInfo SEQUENCE {
|
|
failInfoOID OBJECT IDENTIFIER,
|
|
failInfoValue AttributeValue
|
|
}
|
|
} OPTIONAL
|
|
}
|
|
|
|
BodyPartReference ::= CHOICE {
|
|
bodyPartID BodyPartID,
|
|
bodyPartPath BodyPartPath
|
|
}
|
|
|
|
BodyPartPath ::= SEQUENCE SIZE (1..MAX) OF BodyPartID
|
|
|
|
-- Allow for distribution of trust anchors
|
|
--
|
|
|
|
id-cmc-trustedAnchors OBJECT IDENTIFIER ::= {id-cmc 26}
|
|
|
|
PublishTrustAnchors ::= SEQUENCE {
|
|
seqNumber INTEGER,
|
|
hashAlgorithm AlgorithmIdentifier,
|
|
anchorHashes SEQUENCE OF OCTET STRING
|
|
}
|
|
|
|
id-cmc-authData OBJECT IDENTIFIER ::= {id-cmc 27}
|
|
|
|
AuthPublish ::= BodyPartID
|
|
|
|
-- These two items use BodyPartList
|
|
id-cmc-batchRequests OBJECT IDENTIFIER ::= {id-cmc 28}
|
|
id-cmc-batchResponses OBJECT IDENTIFIER ::= {id-cmc 29}
|
|
|
|
BodyPartList ::= SEQUENCE SIZE (1..MAX) OF BodyPartID
|
|
|
|
--
|
|
id-cmc-publishCert OBJECT IDENTIFIER ::= {id-cmc 30}
|
|
|
|
CMCPublicationInfo ::= SEQUENCE {
|
|
hashAlg AlgorithmIdentifier,
|
|
certHashes SEQUENCE OF OCTET STRING,
|
|
pubInfo PKIPublicationInfo
|
|
}
|
|
|
|
id-cmc-modCertTemplate OBJECT IDENTIFIER ::= {id-cmc 31}
|
|
|
|
ModCertTemplate ::= SEQUENCE {
|
|
pkiDataReference BodyPartPath,
|
|
certReferences BodyPartList,
|
|
replace BOOLEAN DEFAULT TRUE,
|
|
certTemplate CertTemplate
|
|
}
|
|
|
|
-- Inform follow-on servers that one or more controls have already
|
|
-- been processed
|
|
|
|
id-cmc-controlProcessed OBJECT IDENTIFIER ::= {id-cmc 32}
|
|
|
|
ControlsProcessed ::= SEQUENCE {
|
|
bodyList SEQUENCE SIZE(1..MAX) OF BodyPartReference
|
|
}
|
|
|
|
-- Identity Proof control w/ algorithm agility
|
|
|
|
id-cmc-identityProofV2 OBJECT IDENTIFIER ::= { id-cmc 34 }
|
|
|
|
|
|
|
|
IdentifyProofV2 ::= SEQUENCE {
|
|
proofAlgID AlgorithmIdentifier,
|
|
macAlgId AlgorithmIdentifier,
|
|
witness OCTET STRING
|
|
}
|
|
|
|
id-cmc-popLinkWitnessV2 OBJECT IDENTIFIER ::= { id-cmc 33 }
|
|
PopLinkWitnessV2 ::= SEQUENCE {
|
|
keyGenAlgorithm AlgorithmIdentifier,
|
|
macAlgorithm AlgorithmIdentifier,
|
|
witness OCTET STRING
|
|
}
|
|
|
|
--
|
|
|
|
id-cmc-raIdentityWitness OBJECT IDENTIFIER ::= {id-cmc 35}
|
|
|
|
|
|
--
|
|
-- Allow for an End-Entity to request a change in name.
|
|
-- This item is added to RegControlSet in CRMF.
|
|
--
|
|
|
|
id-cmc-changeSubjectName OBJECT IDENTIFIER ::= {id-cmc 36}
|
|
|
|
ChangeSubjectName ::= SEQUENCE {
|
|
subject Name OPTIONAL,
|
|
subjectAlt GeneralNames OPTIONAL
|
|
}
|
|
-- (WITH COMPONENTS {..., subject PRESENT} |
|
|
-- WITH COMPONENTS {..., subjectAlt PRESENT} )
|
|
|
|
--
|
|
-- Embedded response from a third party for processing
|
|
--
|
|
|
|
id-cmc-responseBody OBJECT IDENTIFIER ::= {id-cmc 37}
|
|
|
|
--
|
|
-- Key purpose identifiers are in the Extended Key Usage extension
|
|
--
|
|
|
|
id-kp-cmcCA OBJECT IDENTIFIER ::= { id-kp 27 }
|
|
id-kp-cmcRA OBJECT IDENTIFIER ::= { id-kp 28 }
|
|
id-kp-cmcArchive OBJECT IDENTIFIER ::= { id-kp 28 }
|
|
|
|
|
|
|
|
--
|
|
-- Subject Information Access identifier
|
|
--
|
|
|
|
id-ad-cmc OBJECT IDENTIFIER ::= { id-ad 12 }
|
|
|
|
END
|