digest.asn1 revision 178826
1214640Sdim-- $Id: digest.asn1 22152 2007-12-04 19:59:18Z lha $ 2214640Sdim 3214640SdimDIGEST DEFINITIONS ::= 4214640SdimBEGIN 5214640Sdim 6214640SdimIMPORTS EncryptedData, Principal FROM krb5; 7214640Sdim 8214640SdimDigestTypes ::= BIT STRING { 9214640Sdim ntlm-v1(0), 10214640Sdim ntlm-v1-session(1), 11214640Sdim ntlm-v2(2), 12214640Sdim digest-md5(3), 13214640Sdim chap-md5(4), 14214640Sdim ms-chap-v2(5) 15214640Sdim} 16214640Sdim 17214640SdimDigestInit ::= SEQUENCE { 18214640Sdim type UTF8String, -- http, sasl, chap, cram-md5 -- 19214640Sdim channel [0] SEQUENCE { 20214640Sdim cb-type UTF8String, 21214640Sdim cb-binding UTF8String 22214640Sdim } OPTIONAL, 23214640Sdim hostname [1] UTF8String OPTIONAL -- for chap/cram-md5 24214640Sdim} 25214640Sdim 26214640SdimDigestInitReply ::= SEQUENCE { 27214640Sdim nonce UTF8String, -- service nonce/challange 28214640Sdim opaque UTF8String, -- server state 29214640Sdim identifier [0] UTF8String OPTIONAL 30214640Sdim} 31214640Sdim 32214640Sdim 33214640SdimDigestRequest ::= SEQUENCE { 34214640Sdim type UTF8String, -- http, sasl-md5, chap, cram-md5 -- 35214640Sdim digest UTF8String, -- http:md5/md5-sess sasl:clear/int/conf -- 36214640Sdim username UTF8String, -- username user used 37214640Sdim responseData UTF8String, -- client response 38214640Sdim authid [0] UTF8String OPTIONAL, 39214640Sdim authentication-user [1] Principal OPTIONAL, -- principal to get key from 40214640Sdim realm [2] UTF8String OPTIONAL, 41214640Sdim method [3] UTF8String OPTIONAL, 42214640Sdim uri [4] UTF8String OPTIONAL, 43214640Sdim serverNonce UTF8String, -- same as "DigestInitReply.nonce" 44214640Sdim clientNonce [5] UTF8String OPTIONAL, 45214640Sdim nonceCount [6] UTF8String OPTIONAL, 46214640Sdim qop [7] UTF8String OPTIONAL, 47214640Sdim identifier [8] UTF8String OPTIONAL, 48214640Sdim hostname [9] UTF8String OPTIONAL, 49214640Sdim opaque UTF8String -- same as "DigestInitReply.opaque" 50214640Sdim} 51214640Sdim-- opaque = hex(cksum(type|serverNonce|identifier|hostname,digest-key)) 52214640Sdim-- serverNonce = hex(time[4bytes]random[12bytes])(-cbType:cbBinding) 53214640Sdim 54214640Sdim 55214640SdimDigestError ::= SEQUENCE { 56214640Sdim reason UTF8String, 57214640Sdim code INTEGER (-2147483648..2147483647) 58214640Sdim} 59214640Sdim 60214640SdimDigestResponse ::= SEQUENCE { 61214640Sdim success BOOLEAN, 62214640Sdim rsp [0] UTF8String OPTIONAL, 63214640Sdim tickets [1] SEQUENCE OF OCTET STRING OPTIONAL, 64214640Sdim channel [2] SEQUENCE { 65214640Sdim cb-type UTF8String, 66214640Sdim cb-binding UTF8String 67214640Sdim } OPTIONAL, 68214640Sdim session-key [3] OCTET STRING OPTIONAL 69214640Sdim} 70214640Sdim 71214640SdimNTLMInit ::= SEQUENCE { 72214640Sdim flags [0] INTEGER (0..4294967295), 73214640Sdim hostname [1] UTF8String OPTIONAL, 74214640Sdim domain [1] UTF8String OPTIONAL 75214640Sdim} 76214640Sdim 77214640SdimNTLMInitReply ::= SEQUENCE { 78214640Sdim flags [0] INTEGER (0..4294967295), 79214640Sdim opaque [1] OCTET STRING, 80214640Sdim targetname [2] UTF8String, 81214640Sdim challange [3] OCTET STRING, 82214640Sdim targetinfo [4] OCTET STRING OPTIONAL 83214640Sdim} 84214640Sdim 85214640SdimNTLMRequest ::= SEQUENCE { 86214640Sdim flags [0] INTEGER (0..4294967295), 87214640Sdim opaque [1] OCTET STRING, 88214640Sdim username [2] UTF8String, 89214640Sdim targetname [3] UTF8String, 90214640Sdim targetinfo [4] OCTET STRING OPTIONAL, 91214640Sdim lm [5] OCTET STRING, 92214640Sdim ntlm [6] OCTET STRING, 93214640Sdim sessionkey [7] OCTET STRING OPTIONAL 94214640Sdim} 95214640Sdim 96214640SdimNTLMResponse ::= SEQUENCE { 97214640Sdim success [0] BOOLEAN, 98214640Sdim flags [1] INTEGER (0..4294967295), 99214640Sdim sessionkey [2] OCTET STRING OPTIONAL, 100214640Sdim tickets [3] SEQUENCE OF OCTET STRING OPTIONAL 101214640Sdim} 102214640Sdim 103214640SdimDigestReqInner ::= CHOICE { 104214640Sdim init [0] DigestInit, 105214640Sdim digestRequest [1] DigestRequest, 106214640Sdim ntlmInit [2] NTLMInit, 107214640Sdim ntlmRequest [3] NTLMRequest, 108214640Sdim supportedMechs [4] NULL 109214640Sdim} 110214640Sdim 111214640SdimDigestREQ ::= [APPLICATION 128] SEQUENCE { 112214640Sdim apReq [0] OCTET STRING, 113214640Sdim innerReq [1] EncryptedData 114214640Sdim} 115214640Sdim 116214640SdimDigestRepInner ::= CHOICE { 117214640Sdim error [0] DigestError, 118214640Sdim initReply [1] DigestInitReply, 119214640Sdim response [2] DigestResponse, 120214640Sdim ntlmInitReply [3] NTLMInitReply, 121214640Sdim ntlmResponse [4] NTLMResponse, 122214640Sdim supportedMechs [5] DigestTypes, 123214640Sdim ... 124214640Sdim} 125214640Sdim 126214640SdimDigestREP ::= [APPLICATION 129] SEQUENCE { 127214640Sdim apRep [0] OCTET STRING, 128214640Sdim innerRep [1] EncryptedData 129214640Sdim} 130214640Sdim 131214640Sdim 132214640Sdim-- HTTP 133214640Sdim 134214640Sdim-- md5 135214640Sdim-- A1 = unq(username-value) ":" unq(realm-value) ":" passwd 136214640Sdim-- md5-sess 137214640Sdim-- A1 = HEX(H(unq(username-value) ":" unq(realm-value) ":" passwd ) ":" unq(nonce-value) ":" unq(cnonce-value)) 138214640Sdim 139214640Sdim-- qop == auth 140214640Sdim-- A2 = Method ":" digest-uri-value 141214640Sdim-- qop == auth-int 142214640Sdim-- A2 = Method ":" digest-uri-value ":" H(entity-body) 143214640Sdim 144214640Sdim-- request-digest = HEX(KD(HEX(H(A1)), 145214640Sdim-- unq(nonce-value) ":" nc-value ":" unq(cnonce-value) ":" unq(qop-value) ":" HEX(H(A2)))) 146214640Sdim-- no "qop" 147214640Sdim-- request-digest = HEX(KD(HEX(H(A1)), unq(nonce-value) ":" HEX(H(A2)))) 148214640Sdim 149214640Sdim 150214640Sdim-- SASL: 151214640Sdim-- SS = H( { unq(username-value), ":", unq(realm-value), ":", password } ) 152214640Sdim-- A1 = { SS, ":", unq(nonce-value), ":", unq(cnonce-value) } 153214640Sdim-- A1 = { SS, ":", unq(nonce-value), ":", unq(cnonce-value), ":", unq(authzid-value) } 154214640Sdim 155214640Sdim-- A2 = "AUTHENTICATE:", ":", digest-uri-value 156214640Sdim-- qop == auth-int,auth-conf 157214640Sdim-- A2 = "AUTHENTICATE:", ":", digest-uri-value, ":00000000000000000000000000000000" 158214640Sdim 159214640Sdim-- response-value = HEX( KD ( HEX(H(A1)), 160214640Sdim-- { unq(nonce-value), ":" nc-value, ":", 161214640Sdim-- unq(cnonce-value), ":", qop-value, ":", 162214640Sdim-- HEX(H(A2)) })) 163214640Sdim 164214640SdimEND 165214640Sdim