digest.asn1 revision 178826 
1214640Sdim-- $Id: digest.asn1 22152 2007-12-04 19:59:18Z lha $
2214640Sdim
3214640SdimDIGEST DEFINITIONS ::=
4214640SdimBEGIN
5214640Sdim
6214640SdimIMPORTS EncryptedData, Principal FROM krb5;
7214640Sdim
8214640SdimDigestTypes ::= BIT STRING {
9214640Sdim	ntlm-v1(0),
10214640Sdim	ntlm-v1-session(1),
11214640Sdim	ntlm-v2(2),
12214640Sdim	digest-md5(3),
13214640Sdim	chap-md5(4),
14214640Sdim	ms-chap-v2(5)
15214640Sdim}
16214640Sdim
17214640SdimDigestInit ::= SEQUENCE {
18214640Sdim    type		UTF8String, -- http, sasl, chap, cram-md5 --
19214640Sdim    channel		[0] SEQUENCE {
20214640Sdim    	cb-type		UTF8String,
21214640Sdim    	cb-binding	UTF8String
22214640Sdim    } OPTIONAL,
23214640Sdim    hostname		[1] UTF8String OPTIONAL -- for chap/cram-md5
24214640Sdim}
25214640Sdim
26214640SdimDigestInitReply ::= SEQUENCE {
27214640Sdim    nonce		UTF8String,	-- service nonce/challange
28214640Sdim    opaque		UTF8String,	-- server state
29214640Sdim    identifier		[0] UTF8String OPTIONAL
30214640Sdim}
31214640Sdim
32214640Sdim
33214640SdimDigestRequest ::= SEQUENCE  {
34214640Sdim    type		UTF8String, -- http, sasl-md5, chap, cram-md5 --
35214640Sdim    digest		UTF8String, -- http:md5/md5-sess sasl:clear/int/conf --
36214640Sdim    username		UTF8String, -- username user used
37214640Sdim    responseData	UTF8String, -- client response
38214640Sdim    authid		[0] UTF8String OPTIONAL,
39214640Sdim    authentication-user	[1] Principal OPTIONAL, -- principal to get key from
40214640Sdim    realm		[2] UTF8String OPTIONAL,
41214640Sdim    method		[3] UTF8String OPTIONAL,
42214640Sdim    uri			[4] UTF8String OPTIONAL,
43214640Sdim    serverNonce		UTF8String, -- same as "DigestInitReply.nonce"
44214640Sdim    clientNonce		[5] UTF8String OPTIONAL,
45214640Sdim    nonceCount		[6] UTF8String OPTIONAL,
46214640Sdim    qop			[7] UTF8String OPTIONAL,
47214640Sdim    identifier		[8] UTF8String OPTIONAL,
48214640Sdim    hostname		[9] UTF8String OPTIONAL,
49214640Sdim    opaque		UTF8String -- same as "DigestInitReply.opaque"
50214640Sdim}
51214640Sdim-- opaque = hex(cksum(type|serverNonce|identifier|hostname,digest-key))
52214640Sdim-- serverNonce = hex(time[4bytes]random[12bytes])(-cbType:cbBinding)
53214640Sdim
54214640Sdim
55214640SdimDigestError ::= SEQUENCE {
56214640Sdim    reason		UTF8String,
57214640Sdim    code		INTEGER (-2147483648..2147483647)
58214640Sdim}
59214640Sdim
60214640SdimDigestResponse ::= SEQUENCE  {
61214640Sdim    success		BOOLEAN,
62214640Sdim    rsp			[0] UTF8String OPTIONAL,
63214640Sdim    tickets		[1] SEQUENCE OF OCTET STRING OPTIONAL,
64214640Sdim    channel		[2] SEQUENCE {
65214640Sdim    	cb-type		UTF8String,
66214640Sdim    	cb-binding	UTF8String
67214640Sdim    } OPTIONAL,
68214640Sdim    session-key		[3] OCTET STRING OPTIONAL
69214640Sdim}
70214640Sdim
71214640SdimNTLMInit ::= SEQUENCE {
72214640Sdim    flags		[0] INTEGER (0..4294967295),
73214640Sdim    hostname		[1] UTF8String OPTIONAL,
74214640Sdim    domain		[1] UTF8String OPTIONAL
75214640Sdim}
76214640Sdim
77214640SdimNTLMInitReply ::= SEQUENCE {
78214640Sdim    flags		[0] INTEGER (0..4294967295),
79214640Sdim    opaque		[1] OCTET STRING,
80214640Sdim    targetname		[2] UTF8String,
81214640Sdim    challange		[3] OCTET STRING,
82214640Sdim    targetinfo		[4] OCTET STRING OPTIONAL
83214640Sdim}
84214640Sdim
85214640SdimNTLMRequest ::= SEQUENCE {
86214640Sdim    flags		[0] INTEGER (0..4294967295),
87214640Sdim    opaque		[1] OCTET STRING,
88214640Sdim    username		[2] UTF8String,
89214640Sdim    targetname		[3] UTF8String,
90214640Sdim    targetinfo		[4] OCTET STRING OPTIONAL,
91214640Sdim    lm			[5] OCTET STRING,
92214640Sdim    ntlm		[6] OCTET STRING,
93214640Sdim    sessionkey		[7] OCTET STRING OPTIONAL
94214640Sdim}
95214640Sdim
96214640SdimNTLMResponse ::= SEQUENCE {
97214640Sdim    success		[0] BOOLEAN,
98214640Sdim    flags		[1] INTEGER (0..4294967295),
99214640Sdim    sessionkey		[2] OCTET STRING OPTIONAL,
100214640Sdim    tickets		[3] SEQUENCE OF OCTET STRING OPTIONAL
101214640Sdim}
102214640Sdim
103214640SdimDigestReqInner ::= CHOICE {
104214640Sdim    init		[0] DigestInit,
105214640Sdim    digestRequest	[1] DigestRequest,
106214640Sdim    ntlmInit		[2] NTLMInit,
107214640Sdim    ntlmRequest		[3] NTLMRequest,
108214640Sdim    supportedMechs	[4] NULL
109214640Sdim}
110214640Sdim
111214640SdimDigestREQ ::= [APPLICATION 128] SEQUENCE {
112214640Sdim    apReq		[0] OCTET STRING,
113214640Sdim    innerReq		[1] EncryptedData
114214640Sdim}
115214640Sdim
116214640SdimDigestRepInner ::= CHOICE {
117214640Sdim    error		[0] DigestError,
118214640Sdim    initReply		[1] DigestInitReply,
119214640Sdim    response		[2] DigestResponse,
120214640Sdim    ntlmInitReply	[3] NTLMInitReply,
121214640Sdim    ntlmResponse	[4] NTLMResponse,
122214640Sdim    supportedMechs	[5] DigestTypes,
123214640Sdim    ...
124214640Sdim}
125214640Sdim
126214640SdimDigestREP ::= [APPLICATION 129] SEQUENCE {
127214640Sdim    apRep		[0] OCTET STRING,
128214640Sdim    innerRep		[1] EncryptedData
129214640Sdim}
130214640Sdim
131214640Sdim
132214640Sdim-- HTTP
133214640Sdim
134214640Sdim-- md5
135214640Sdim-- A1 = unq(username-value) ":" unq(realm-value) ":" passwd
136214640Sdim-- md5-sess
137214640Sdim-- A1 = HEX(H(unq(username-value) ":" unq(realm-value) ":" passwd ) ":" unq(nonce-value) ":" unq(cnonce-value))
138214640Sdim
139214640Sdim-- qop == auth
140214640Sdim-- A2 = Method ":" digest-uri-value
141214640Sdim-- qop == auth-int
142214640Sdim-- A2 = Method ":" digest-uri-value ":" H(entity-body) 
143214640Sdim
144214640Sdim-- request-digest  = HEX(KD(HEX(H(A1)),
145214640Sdim--    unq(nonce-value) ":" nc-value ":" unq(cnonce-value) ":" unq(qop-value) ":" HEX(H(A2))))
146214640Sdim-- no "qop"
147214640Sdim-- request-digest  = HEX(KD(HEX(H(A1)), unq(nonce-value) ":" HEX(H(A2))))
148214640Sdim
149214640Sdim
150214640Sdim-- SASL:
151214640Sdim-- SS = H( { unq(username-value), ":", unq(realm-value), ":", password } )
152214640Sdim-- A1 = { SS, ":", unq(nonce-value), ":", unq(cnonce-value) }
153214640Sdim-- A1 = { SS, ":", unq(nonce-value), ":", unq(cnonce-value), ":", unq(authzid-value) }
154214640Sdim
155214640Sdim-- A2 = "AUTHENTICATE:", ":", digest-uri-value
156214640Sdim-- qop == auth-int,auth-conf
157214640Sdim-- A2 = "AUTHENTICATE:", ":", digest-uri-value, ":00000000000000000000000000000000"
158214640Sdim
159214640Sdim-- response-value = HEX( KD ( HEX(H(A1)),
160214640Sdim--                 { unq(nonce-value), ":" nc-value, ":",
161214640Sdim--                   unq(cnonce-value), ":", qop-value, ":",
162214640Sdim--                   HEX(H(A2)) }))
163214640Sdim
164214640SdimEND
165214640Sdim