generated from martinthomson/internet-draft-template
-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathCSR-ATTESTATION-2023.asn
102 lines (75 loc) · 2.56 KB
/
CSR-ATTESTATION-2023.asn
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
CSR-ATTESTATION-2023
{iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) id-mod(0) id-mod-pkix-attest-01(TBDMOD)}
DEFINITIONS IMPLICIT TAGS ::= BEGIN
EXPORTS ALL;
IMPORTS
Certificate, id-pkix
FROM PKIX1Explicit-2009
{iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51)}
CertificateChoices
FROM CryptographicMessageSyntax-2010
{ iso(1) member-body(2) us(840) rsadsi(113549)
pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2009(58) }
EXTENSION, ATTRIBUTE, AttributeSet{}, SingleAttribute{}
FROM PKIX-CommonTypes-2009 -- from [RFC5912]
{ iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57) }
id-aa
FROM SecureMimeMessageV3dot1
{ iso(1) member-body(2) us(840) rsadsi(113549)
pkcs(1) pkcs-9(9) smime(16) modules(0) msg-v3dot1(21) }
;
-- Branch for attestation statement types
id-ata OBJECT IDENTIFIER ::= { id-pkix (TBD1) }
CertificateAlternatives ::=
CHOICE {
cert Certificate,
-- Using the Certificate ASN.1
-- structure as defined in RFC 5280.
typedCert [0] TypedCert,
typedFlatCert [1] TypedFlatCert,
...
}
TYPED-CERT ::= TYPE-IDENTIFIER
TypedCert ::= SEQUENCE {
certType TYPED-CERT.&id({TypedCertSet}),
content TYPED-CERT.&Type ({TypedCertSet}{@certType})
}
TypedCertSet TYPED-CERT ::= {
... -- None defined in this document --
}
TypedFlatCert ::= SEQUENCE {
certType OBJECT IDENTIFIER,
certBody OCTET STRING
}
EVIDENCE-STATEMENT ::= TYPE-IDENTIFIER
EvidenceStatementSet EVIDENCE-STATEMENT ::= {
... -- None defined in this document --
}
EvidenceStatements ::= SEQUENCE SIZE (1..MAX) OF EvidenceStatement
EvidenceStatement ::= SEQUENCE {
type EVIDENCE-STATEMENT.&id({EvidenceStatementSet}),
stmt EVIDENCE-STATEMENT.&Type({EvidenceStatementSet}{@type}),
hint UTF8String OPTIONAL
}
id-aa-evidence OBJECT IDENTIFIER ::= { id-aa 59 }
-- For PKCS#10
attr-evidence ATTRIBUTE ::= {
TYPE EvidenceBundles
COUNTS MAX 1
IDENTIFIED BY id-aa-evidence
}
-- For CRMF
ext-evidence EXTENSION ::= {
SYNTAX EvidenceBundles
IDENTIFIED BY id-aa-evidence
}
EvidenceBundles ::= SEQUENCE SIZE (1..MAX) OF EvidenceBundle
EvidenceBundle ::= SEQUENCE {
evidence EvidenceStatements,
certs SEQUENCE SIZE (1..MAX) OF CertificateChoices OPTIONAL
-- CertificateChoices MUST only contain certificate or other
}
END