forked from lamps-wg/csr-attestation
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCSR-ATTESTATION-2025.asn
103 lines (80 loc) · 2.69 KB
/
CSR-ATTESTATION-2025.asn
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
CSR-ATTESTATION-2025
{ iso(1) identified-organization(3) dod(6) internet(1) security(5)
mechanisms(5) pkix(7) id-mod(0) id-mod-pkix-attest-01(TBDMOD) }
CsrAttestation DEFINITIONS IMPLICIT TAGS ::= BEGIN
EXPORTS ALL;
IMPORTS
Certificate, id-pkix
FROM PKIX1Explicit-2009 -- from [RFC5912]
{ iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-pkix1-explicit-02(51) }
CertificateChoices
FROM CryptographicMessageSyntax-2010
{ iso(1) member-body(2) us(840) rsadsi(113549)
pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-cms-2009(58) }
EXTENSION, ATTRIBUTE, AttributeSet{}, SingleAttribute{}
FROM PKIX-CommonTypes-2009 -- from [RFC5912]
{ iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) id-mod(0)
id-mod-pkixCommon-02(57) }
id-aa
FROM SecureMimeMessageV3dot1
{ iso(1) member-body(2) us(840) rsadsi(113549)
pkcs(1) pkcs-9(9) smime(16) modules(0) msg-v3dot1(21) }
;
-- Branch for attestation statement types
id-ata OBJECT IDENTIFIER ::= { id-aa (TBD1) }
EVIDENCE-STATEMENT ::= TYPE-IDENTIFIER
EvidenceStatementSet EVIDENCE-STATEMENT ::= {
... -- None defined in this document --
}
ATTESTATION-RESULT ::= TYPE-IDENTIFIER
AttestationResultSet ATTESTATION-RESULT ::= {
... -- None defined in this document --
}
EvidenceStatement ::= SEQUENCE {
type EVIDENCE-STATEMENT.&id({EvidenceStatementSet}),
stmt EVIDENCE-STATEMENT.&Type({EvidenceStatementSet}{@type}),
hint UTF8String OPTIONAL
}
AttestationResult ::= SEQUENCE {
type ATTESTATION-RESULT.&id({AttestationResultSet}),
stmt ATTESTATION-RESULT.&Type({AttestationResultSet}{@type}),
}
-- Arc for Evidence types
id-aa-evidence OBJECT IDENTIFIER ::= { id-aa 59 }
-- Arc for Attestation Result types
id-aa-ar OBJECT IDENTIFIER ::= { id-ata (TBD2) }
-- For PKCS#10 (Evidence)
attr-evidence ATTRIBUTE ::= {
TYPE EvidenceBundle
COUNTS MAX 1
IDENTIFIED BY id-aa-evidence
}
-- For CRMF (Evidence)
ext-evidence EXTENSION ::= {
SYNTAX EvidenceBundle
IDENTIFIED BY id-aa-evidence
}
-- For PKCS#10 (Attestation Result)
attr-ar ATTRIBUTE ::= {
TYPE AttestationResultBundle
COUNTS MAX 1
IDENTIFIED BY id-aa-ar
}
-- For CRMF (Attestation Result)
ext-ar EXTENSION ::= {
SYNTAX AttestationResultBundle
IDENTIFIED BY id-aa-ar
}
EvidenceBundle ::= SEQUENCE {
evidences SEQUENCE SIZE (1..MAX) OF EvidenceStatement,
certs SEQUENCE SIZE (1..MAX) OF CertificateChoices OPTIONAL
-- CertificateChoices MUST NOT contain the depreciated
-- certificate structures or attribute certificates,
-- see Section 10.2.2 of [RFC5652]
}
AttestationResultBundle ::= SEQUENCE SIZE (1..MAX)
OF AttestationResult
END