xref: /minix3/crypto/external/bsd/heimdal/dist/lib/asn1/digest.asn1 (revision ebfedea0ce5bbe81e252ddf32d732e40fb633fae) 
1*ebfedea0SLionel Sambuc-- Id
2*ebfedea0SLionel Sambuc
3*ebfedea0SLionel SambucDIGEST DEFINITIONS ::=
4*ebfedea0SLionel SambucBEGIN
5*ebfedea0SLionel Sambuc
6*ebfedea0SLionel SambucIMPORTS EncryptedData, Principal FROM krb5;
7*ebfedea0SLionel Sambuc
8*ebfedea0SLionel SambucDigestTypes ::= BIT STRING {
9*ebfedea0SLionel Sambuc	ntlm-v1(0),
10*ebfedea0SLionel Sambuc	ntlm-v1-session(1),
11*ebfedea0SLionel Sambuc	ntlm-v2(2),
12*ebfedea0SLionel Sambuc	digest-md5(3),
13*ebfedea0SLionel Sambuc	chap-md5(4),
14*ebfedea0SLionel Sambuc	ms-chap-v2(5)
15*ebfedea0SLionel Sambuc}
16*ebfedea0SLionel Sambuc
17*ebfedea0SLionel SambucDigestInit ::= SEQUENCE {
18*ebfedea0SLionel Sambuc    type		UTF8String, -- http, sasl, chap, cram-md5 --
19*ebfedea0SLionel Sambuc    channel		[0] SEQUENCE {
20*ebfedea0SLionel Sambuc    	cb-type		UTF8String,
21*ebfedea0SLionel Sambuc    	cb-binding	UTF8String
22*ebfedea0SLionel Sambuc    } OPTIONAL,
23*ebfedea0SLionel Sambuc    hostname		[1] UTF8String OPTIONAL -- for chap/cram-md5
24*ebfedea0SLionel Sambuc}
25*ebfedea0SLionel Sambuc
26*ebfedea0SLionel SambucDigestInitReply ::= SEQUENCE {
27*ebfedea0SLionel Sambuc    nonce		UTF8String,	-- service nonce/challange
28*ebfedea0SLionel Sambuc    opaque		UTF8String,	-- server state
29*ebfedea0SLionel Sambuc    identifier		[0] UTF8String OPTIONAL
30*ebfedea0SLionel Sambuc}
31*ebfedea0SLionel Sambuc
32*ebfedea0SLionel Sambuc
33*ebfedea0SLionel SambucDigestRequest ::= SEQUENCE  {
34*ebfedea0SLionel Sambuc    type		UTF8String, -- http, sasl-md5, chap, cram-md5 --
35*ebfedea0SLionel Sambuc    digest		UTF8String, -- http:md5/md5-sess sasl:clear/int/conf --
36*ebfedea0SLionel Sambuc    username		UTF8String, -- username user used
37*ebfedea0SLionel Sambuc    responseData	UTF8String, -- client response
38*ebfedea0SLionel Sambuc    authid		[0] UTF8String OPTIONAL,
39*ebfedea0SLionel Sambuc    authentication-user	[1] Principal OPTIONAL, -- principal to get key from
40*ebfedea0SLionel Sambuc    realm		[2] UTF8String OPTIONAL,
41*ebfedea0SLionel Sambuc    method		[3] UTF8String OPTIONAL,
42*ebfedea0SLionel Sambuc    uri			[4] UTF8String OPTIONAL,
43*ebfedea0SLionel Sambuc    serverNonce		UTF8String, -- same as "DigestInitReply.nonce"
44*ebfedea0SLionel Sambuc    clientNonce		[5] UTF8String OPTIONAL,
45*ebfedea0SLionel Sambuc    nonceCount		[6] UTF8String OPTIONAL,
46*ebfedea0SLionel Sambuc    qop			[7] UTF8String OPTIONAL,
47*ebfedea0SLionel Sambuc    identifier		[8] UTF8String OPTIONAL,
48*ebfedea0SLionel Sambuc    hostname		[9] UTF8String OPTIONAL,
49*ebfedea0SLionel Sambuc    opaque		UTF8String -- same as "DigestInitReply.opaque"
50*ebfedea0SLionel Sambuc}
51*ebfedea0SLionel Sambuc-- opaque = hex(cksum(type|serverNonce|identifier|hostname,digest-key))
52*ebfedea0SLionel Sambuc-- serverNonce = hex(time[4bytes]random[12bytes])(-cbType:cbBinding)
53*ebfedea0SLionel Sambuc
54*ebfedea0SLionel Sambuc
55*ebfedea0SLionel SambucDigestError ::= SEQUENCE {
56*ebfedea0SLionel Sambuc    reason		UTF8String,
57*ebfedea0SLionel Sambuc    code		INTEGER (-2147483648..2147483647)
58*ebfedea0SLionel Sambuc}
59*ebfedea0SLionel Sambuc
60*ebfedea0SLionel SambucDigestResponse ::= SEQUENCE  {
61*ebfedea0SLionel Sambuc    success		BOOLEAN,
62*ebfedea0SLionel Sambuc    rsp			[0] UTF8String OPTIONAL,
63*ebfedea0SLionel Sambuc    tickets		[1] SEQUENCE OF OCTET STRING OPTIONAL,
64*ebfedea0SLionel Sambuc    channel		[2] SEQUENCE {
65*ebfedea0SLionel Sambuc    	cb-type		UTF8String,
66*ebfedea0SLionel Sambuc    	cb-binding	UTF8String
67*ebfedea0SLionel Sambuc    } OPTIONAL,
68*ebfedea0SLionel Sambuc    session-key		[3] OCTET STRING OPTIONAL
69*ebfedea0SLionel Sambuc}
70*ebfedea0SLionel Sambuc
71*ebfedea0SLionel SambucNTLMInit ::= SEQUENCE {
72*ebfedea0SLionel Sambuc    flags		[0] INTEGER (0..4294967295),
73*ebfedea0SLionel Sambuc    hostname		[1] UTF8String OPTIONAL,
74*ebfedea0SLionel Sambuc    domain		[1] UTF8String OPTIONAL
75*ebfedea0SLionel Sambuc}
76*ebfedea0SLionel Sambuc
77*ebfedea0SLionel SambucNTLMInitReply ::= SEQUENCE {
78*ebfedea0SLionel Sambuc    flags		[0] INTEGER (0..4294967295),
79*ebfedea0SLionel Sambuc    opaque		[1] OCTET STRING,
80*ebfedea0SLionel Sambuc    targetname		[2] UTF8String,
81*ebfedea0SLionel Sambuc    challange		[3] OCTET STRING,
82*ebfedea0SLionel Sambuc    targetinfo		[4] OCTET STRING OPTIONAL
83*ebfedea0SLionel Sambuc}
84*ebfedea0SLionel Sambuc
85*ebfedea0SLionel SambucNTLMRequest ::= SEQUENCE {
86*ebfedea0SLionel Sambuc    flags		[0] INTEGER (0..4294967295),
87*ebfedea0SLionel Sambuc    opaque		[1] OCTET STRING,
88*ebfedea0SLionel Sambuc    username		[2] UTF8String,
89*ebfedea0SLionel Sambuc    targetname		[3] UTF8String,
90*ebfedea0SLionel Sambuc    targetinfo		[4] OCTET STRING OPTIONAL,
91*ebfedea0SLionel Sambuc    lm			[5] OCTET STRING,
92*ebfedea0SLionel Sambuc    ntlm		[6] OCTET STRING,
93*ebfedea0SLionel Sambuc    sessionkey		[7] OCTET STRING OPTIONAL
94*ebfedea0SLionel Sambuc}
95*ebfedea0SLionel Sambuc
96*ebfedea0SLionel SambucNTLMResponse ::= SEQUENCE {
97*ebfedea0SLionel Sambuc    success		[0] BOOLEAN,
98*ebfedea0SLionel Sambuc    flags		[1] INTEGER (0..4294967295),
99*ebfedea0SLionel Sambuc    sessionkey		[2] OCTET STRING OPTIONAL,
100*ebfedea0SLionel Sambuc    tickets		[3] SEQUENCE OF OCTET STRING OPTIONAL
101*ebfedea0SLionel Sambuc}
102*ebfedea0SLionel Sambuc
103*ebfedea0SLionel SambucNTLMRequest2 ::= SEQUENCE {
104*ebfedea0SLionel Sambuc    loginUserName	[0] UTF8String,
105*ebfedea0SLionel Sambuc    loginDomainName	[1] UTF8String,
106*ebfedea0SLionel Sambuc    flags		[2] INTEGER (0..4294967295),
107*ebfedea0SLionel Sambuc    lmchallenge		[3] OCTET STRING SIZE (8),
108*ebfedea0SLionel Sambuc    ntChallengeResponce [4] OCTET STRING,
109*ebfedea0SLionel Sambuc    lmChallengeResponce [5] OCTET STRING
110*ebfedea0SLionel Sambuc}
111*ebfedea0SLionel Sambuc
112*ebfedea0SLionel SambucNTLMReply ::= SEQUENCE {
113*ebfedea0SLionel Sambuc    success		[0] BOOLEAN,
114*ebfedea0SLionel Sambuc    flags		[1] INTEGER (0..4294967295),
115*ebfedea0SLionel Sambuc    sessionkey		[2] OCTET STRING OPTIONAL
116*ebfedea0SLionel Sambuc}
117*ebfedea0SLionel Sambuc
118*ebfedea0SLionel SambucDigestReqInner ::= CHOICE {
119*ebfedea0SLionel Sambuc    init		[0] DigestInit,
120*ebfedea0SLionel Sambuc    digestRequest	[1] DigestRequest,
121*ebfedea0SLionel Sambuc    ntlmInit		[2] NTLMInit,
122*ebfedea0SLionel Sambuc    ntlmRequest		[3] NTLMRequest,
123*ebfedea0SLionel Sambuc    supportedMechs	[4] NULL
124*ebfedea0SLionel Sambuc}
125*ebfedea0SLionel Sambuc
126*ebfedea0SLionel SambucDigestREQ ::= [APPLICATION 128] SEQUENCE {
127*ebfedea0SLionel Sambuc    apReq		[0] OCTET STRING,
128*ebfedea0SLionel Sambuc    innerReq		[1] EncryptedData
129*ebfedea0SLionel Sambuc}
130*ebfedea0SLionel Sambuc
131*ebfedea0SLionel SambucDigestRepInner ::= CHOICE {
132*ebfedea0SLionel Sambuc    error		[0] DigestError,
133*ebfedea0SLionel Sambuc    initReply		[1] DigestInitReply,
134*ebfedea0SLionel Sambuc    response		[2] DigestResponse,
135*ebfedea0SLionel Sambuc    ntlmInitReply	[3] NTLMInitReply,
136*ebfedea0SLionel Sambuc    ntlmResponse	[4] NTLMResponse,
137*ebfedea0SLionel Sambuc    supportedMechs	[5] DigestTypes,
138*ebfedea0SLionel Sambuc    ...
139*ebfedea0SLionel Sambuc}
140*ebfedea0SLionel Sambuc
141*ebfedea0SLionel SambucDigestREP ::= [APPLICATION 129] SEQUENCE {
142*ebfedea0SLionel Sambuc    apRep		[0] OCTET STRING,
143*ebfedea0SLionel Sambuc    innerRep		[1] EncryptedData
144*ebfedea0SLionel Sambuc}
145*ebfedea0SLionel Sambuc
146*ebfedea0SLionel Sambuc
147*ebfedea0SLionel Sambuc-- HTTP
148*ebfedea0SLionel Sambuc
149*ebfedea0SLionel Sambuc-- md5
150*ebfedea0SLionel Sambuc-- A1 = unq(username-value) ":" unq(realm-value) ":" passwd
151*ebfedea0SLionel Sambuc-- md5-sess
152*ebfedea0SLionel Sambuc-- A1 = HEX(H(unq(username-value) ":" unq(realm-value) ":" passwd ) ":" unq(nonce-value) ":" unq(cnonce-value))
153*ebfedea0SLionel Sambuc
154*ebfedea0SLionel Sambuc-- qop == auth
155*ebfedea0SLionel Sambuc-- A2 = Method ":" digest-uri-value
156*ebfedea0SLionel Sambuc-- qop == auth-int
157*ebfedea0SLionel Sambuc-- A2 = Method ":" digest-uri-value ":" H(entity-body)
158*ebfedea0SLionel Sambuc
159*ebfedea0SLionel Sambuc-- request-digest  = HEX(KD(HEX(H(A1)),
160*ebfedea0SLionel Sambuc--    unq(nonce-value) ":" nc-value ":" unq(cnonce-value) ":" unq(qop-value) ":" HEX(H(A2))))
161*ebfedea0SLionel Sambuc-- no "qop"
162*ebfedea0SLionel Sambuc-- request-digest  = HEX(KD(HEX(H(A1)), unq(nonce-value) ":" HEX(H(A2))))
163*ebfedea0SLionel Sambuc
164*ebfedea0SLionel Sambuc
165*ebfedea0SLionel Sambuc-- SASL:
166*ebfedea0SLionel Sambuc-- SS = H( { unq(username-value), ":", unq(realm-value), ":", password } )
167*ebfedea0SLionel Sambuc-- A1 = { SS, ":", unq(nonce-value), ":", unq(cnonce-value) }
168*ebfedea0SLionel Sambuc-- A1 = { SS, ":", unq(nonce-value), ":", unq(cnonce-value), ":", unq(authzid-value) }
169*ebfedea0SLionel Sambuc
170*ebfedea0SLionel Sambuc-- A2 = "AUTHENTICATE:", ":", digest-uri-value
171*ebfedea0SLionel Sambuc-- qop == auth-int,auth-conf
172*ebfedea0SLionel Sambuc-- A2 = "AUTHENTICATE:", ":", digest-uri-value, ":00000000000000000000000000000000"
173*ebfedea0SLionel Sambuc
174*ebfedea0SLionel Sambuc-- response-value = HEX( KD ( HEX(H(A1)),
175*ebfedea0SLionel Sambuc--                 { unq(nonce-value), ":" nc-value, ":",
176*ebfedea0SLionel Sambuc--                   unq(cnonce-value), ":", qop-value, ":",
177*ebfedea0SLionel Sambuc--                   HEX(H(A2)) }))
178*ebfedea0SLionel Sambuc
179*ebfedea0SLionel SambucEND
180