summaryrefslogtreecommitdiff
path: root/asn1/SpkmGssTokens.asn1
diff options
context:
space:
mode:
Diffstat (limited to 'asn1/SpkmGssTokens.asn1')
-rw-r--r--asn1/SpkmGssTokens.asn1257
1 files changed, 0 insertions, 257 deletions
diff --git a/asn1/SpkmGssTokens.asn1 b/asn1/SpkmGssTokens.asn1
deleted file mode 100644
index 02205bd..0000000
--- a/asn1/SpkmGssTokens.asn1
+++ /dev/null
@@ -1,257 +0,0 @@
--- Module SpkmGssTokens (RFC 2025:10/1996)
-SpkmGssTokens {iso(1) identified-organization(3) dod(6) internet(1) security(5)
- mechanisms(5) spkm(1) spkmGssTokens(10)}
---
--- Copyright (C) The Internet Society (1996). This version of
--- this ASN.1 module is part of RFC 2025;
--- see the RFC itself for full legal notices.
---
-DEFINITIONS IMPLICIT TAGS ::=
-BEGIN
-
--- EXPORTS ALL
-IMPORTS
- Name
- FROM InformationFramework {joint-iso-itu-t(2) ds(5) module(1)
- informationFramework(1) 3}
- Certificate, CertificateList, CertificatePair, AlgorithmIdentifier, Validity
- FROM AuthenticationFramework {joint-iso-itu-t(2) ds(5) module(1)
- authenticationFramework(7) 3};
-
--- types
-SPKM-REQ ::= SEQUENCE {
- requestToken REQ-TOKEN,
- certif-data [0] CertificationData OPTIONAL,
- auth-data [1] AuthorizationData OPTIONAL
-}
-
-CertificationData ::= SEQUENCE {
- certificationPath [0] CertificationPath OPTIONAL,
- certificateRevocationList [1] CertificateList OPTIONAL
-} -- at least one of the above shall be present
-
-CertificationPath ::= SEQUENCE {
- userKeyId [0] OCTET STRING OPTIONAL,
- userCertif [1] Certificate OPTIONAL,
- verifKeyId [2] OCTET STRING OPTIONAL,
- userVerifCertif [3] Certificate OPTIONAL,
- theCACertificates [4] SEQUENCE OF CertificatePair OPTIONAL
-} -- Presence of [2] or [3] implies that [0] or [1] must also be
-
--- present. Presence of [4] implies that at least one of [0], [1],
--- [2], and [3] must also be present.
-REQ-TOKEN ::= SEQUENCE {
- req-contents Req-contents,
- algId AlgorithmIdentifier,
- req-integrity Integrity -- "token" is Req-contents
-}
-
-Integrity ::= BIT STRING
-
--- If corresponding algId specifies a signing algorithm,
--- "Integrity" holds the result of applying the signing procedure
--- specified in algId to the BER-encoded octet string which results
--- from applying the hashing procedure (also specified in algId) to
--- the DER-encoded octets of "token".
--- Alternatively, if corresponding algId specifies a MACing
--- algorithm, "Integrity" holds the result of applying the MACing
--- procedure specified in algId to the DER-encoded octets of
--- "token"
-Req-contents ::= SEQUENCE {
- tok-id INTEGER(256), -- shall contain 0100 (hex)
- context-id Random-Integer,
- pvno BIT STRING,
- timestamp UTCTime OPTIONAL, -- mandatory for SPKM-2
- randSrc Random-Integer,
- targ-name Name,
- src-name [0] Name OPTIONAL,
- req-data Context-Data,
- validity [1] Validity OPTIONAL,
- key-estb-set Key-Estb-Algs,
- key-estb-req BIT STRING OPTIONAL,
- key-src-bind OCTET STRING OPTIONAL
- -- This field must be present for the case of SPKM-2
- -- unilateral authen. if the K-ALG in use does not provide
- -- such a binding (but is optional for all other cases).
- -- The octet string holds the result of applying the
- -- mandatory hashing procedure (in MANDATORY I-ALG;
- -- see Section 2.1) as follows: MD5(src || context_key),
- -- where "src" is the DER-encoded octets of src-name,
- -- "context-key" is the symmetric key (i.e., the
- -- unprotected version of what is transmitted in
- -- key-estb-req), and "||" is the concatenation operation.
-}
-
-Random-Integer ::= BIT STRING
-
-Context-Data ::= SEQUENCE {
- channelId ChannelId OPTIONAL,
- seq-number INTEGER OPTIONAL,
- options Options,
- conf-alg Conf-Algs,
- intg-alg Intg-Algs,
- owf-alg OWF-Algs
-}
-
-ChannelId ::= OCTET STRING
-
-Options ::= BIT STRING {
- delegation-state(0), mutual-state(1), replay-det-state(2), sequence-state(3),
- conf-avail(4), integ-avail(5), target-certif-data-required(6)}
-
-Conf-Algs ::= CHOICE {
- algs [0] SEQUENCE OF AlgorithmIdentifier,
- null [1] NULL
-}
-
-Intg-Algs ::= SEQUENCE OF AlgorithmIdentifier
-
-OWF-Algs ::= SEQUENCE OF AlgorithmIdentifier
-
-Key-Estb-Algs ::= SEQUENCE OF AlgorithmIdentifier
-
-SPKM-REP-TI ::= SEQUENCE {
- responseToken REP-TI-TOKEN,
- certif-data CertificationData OPTIONAL
- -- present if target-certif-data-required option was
-} -- set to TRUE in SPKM-REQ
-
-REP-TI-TOKEN ::= SEQUENCE {
- rep-ti-contents Rep-ti-contents,
- algId AlgorithmIdentifier,
- rep-ti-integ Integrity -- "token" is Rep-ti-contents
-}
-
-Rep-ti-contents ::= SEQUENCE {
- tok-id INTEGER(512), -- shall contain 0200 (hex)
- context-id Random-Integer,
- pvno [0] BIT STRING OPTIONAL,
- timestamp UTCTime OPTIONAL, -- mandatory for SPKM-2
- randTarg Random-Integer,
- src-name [1] Name OPTIONAL,
- targ-name Name,
- randSrc Random-Integer,
- rep-data Context-Data,
- validity [2] Validity OPTIONAL,
- key-estb-id AlgorithmIdentifier OPTIONAL,
- key-estb-str BIT STRING OPTIONAL
-}
-
-SPKM-REP-IT ::= SEQUENCE {
- responseToken REP-IT-TOKEN,
- algId AlgorithmIdentifier,
- rep-it-integ Integrity -- "token" is REP-IT-TOKEN
-}
-
-REP-IT-TOKEN ::= SEQUENCE {
- tok-id INTEGER(768), -- shall contain 0300 (hex)
- context-id Random-Integer,
- randSrc Random-Integer,
- randTarg Random-Integer,
- targ-name Name,
- src-name Name OPTIONAL,
- key-estb-rep BIT STRING OPTIONAL
-}
-
-SPKM-ERROR ::= SEQUENCE {
- errorToken ERROR-TOKEN,
- algId AlgorithmIdentifier,
- integrity Integrity -- "token" is ERROR-TOKEN
-}
-
-ERROR-TOKEN ::= SEQUENCE {
- tok-id INTEGER(1024), -- shall contain 0400 (hex)
- context-id Random-Integer
-}
-
-SPKM-MIC ::= SEQUENCE {mic-header Mic-Header,
- int-cksum BIT STRING
-}
-
-Mic-Header ::= SEQUENCE {
- tok-id INTEGER(257), -- shall contain 0101 (hex)
- context-id Random-Integer,
- int-alg [0] AlgorithmIdentifier OPTIONAL,
- snd-seq [1] SeqNum OPTIONAL
-}
-
-SeqNum ::= SEQUENCE {num INTEGER,
- dir-ind BOOLEAN
-}
-
-SPKM-WRAP ::= SEQUENCE {wrap-header Wrap-Header,
- wrap-body Wrap-Body
-}
-
-Wrap-Header ::= SEQUENCE {
- tok-id INTEGER(513), -- shall contain 0201 (hex)
- context-id Random-Integer,
- int-alg [0] AlgorithmIdentifier OPTIONAL,
- conf-alg [1] Conf-Alg OPTIONAL,
- snd-seq [2] SeqNum OPTIONAL
-}
-
-Wrap-Body ::= SEQUENCE {int-cksum BIT STRING,
- data BIT STRING
-}
-
-Conf-Alg ::= CHOICE {algId [0] AlgorithmIdentifier,
- null [1] NULL
-}
-
-SPKM-DEL ::= SEQUENCE {del-header Del-Header,
- int-cksum BIT STRING
-}
-
-Del-Header ::= SEQUENCE {
- tok-id INTEGER(769), -- shall contain 0301 (hex)
- context-id Random-Integer,
- int-alg [0] AlgorithmIdentifier OPTIONAL,
- snd-seq [1] SeqNum OPTIONAL
-}
-
--- other types
--- from [RFC-1508]
-MechType ::= OBJECT IDENTIFIER
-
-InitialContextToken ::= [APPLICATION 0] IMPLICIT SEQUENCE {
- thisMech MechType,
- innerContextToken SPKMInnerContextToken
-} -- when thisMech is SPKM-1 or SPKM-2
-
-SPKMInnerContextToken ::= CHOICE {
- req [0] SPKM-REQ,
- rep-ti [1] SPKM-REP-TI,
- rep-it [2] SPKM-REP-IT,
- error [3] SPKM-ERROR,
- mic [4] SPKM-MIC,
- wrap [5] SPKM-WRAP,
- del [6] SPKM-DEL
-}
-
--- from [RFC-1510]
-AuthorizationData ::=
- SEQUENCE OF SEQUENCE {ad-type INTEGER,
- ad-data OCTET STRING}
-
--- object identifier assignments
-md5-DES-CBC OBJECT IDENTIFIER ::=
- {iso(1) identified-organization(3) dod(6) internet(1) security(5)
- integrity(3) md5-DES-CBC(1)}
-
-sum64-DES-CBC OBJECT IDENTIFIER ::=
- {iso(1) identified-organization(3) dod(6) internet(1) security(5)
- integrity(3) sum64-DES-CBC(2)}
-
-spkm-1 OBJECT IDENTIFIER ::=
- {iso(1) identified-organization(3) dod(6) internet(1) security(5)
- mechanisms(5) spkm(1) spkm-1(1)}
-
-spkm-2 OBJECT IDENTIFIER ::=
- {iso(1) identified-organization(3) dod(6) internet(1) security(5)
- mechanisms(5) spkm(1) spkm-2(2)}
-
-END
-
--- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D
-