1 -- $Id: digest.asn1,v 1.10 2006/12/15 19:13:39 lha Exp $
6 IMPORTS EncryptedData, Principal FROM krb5;
8 DigestInit ::= SEQUENCE {
9 type UTF8String, -- http, sasl, chap, cram-md5 --
10 channel [0] SEQUENCE {
14 hostname [1] UTF8String OPTIONAL -- for chap/cram-md5
17 DigestInitReply ::= SEQUENCE {
18 nonce UTF8String, -- service nonce/challange
19 opaque UTF8String, -- server state
20 identifier [0] UTF8String OPTIONAL
24 DigestRequest ::= SEQUENCE {
25 type UTF8String, -- http, sasl-md5, chap, cram-md5 --
26 digest UTF8String, -- http:md5/md5-sess sasl:clear/int/conf --
27 username UTF8String, -- username user used
28 authid [0] UTF8String OPTIONAL,
29 authentication-user [1] Principal OPTIONAL, -- principal to get key from
30 realm [2] UTF8String OPTIONAL,
31 method [3] UTF8String OPTIONAL,
32 uri [4] UTF8String OPTIONAL,
33 serverNonce UTF8String, -- same as "DigestInitReply.nonce"
34 clientNonce [5] UTF8String OPTIONAL,
35 nonceCount [6] UTF8String OPTIONAL,
36 qop [7] UTF8String OPTIONAL,
37 identifier [8] UTF8String OPTIONAL,
38 hostname [9] UTF8String OPTIONAL,
39 opaque UTF8String -- same as "DigestInitReply.opaque"
41 -- opaque = hex(cksum(type|serverNonce|identifier|hostname,digest-key))
42 -- serverNonce = hex(time[4bytes]random[12bytes])(-cbType:cbBinding)
45 DigestError ::= SEQUENCE {
47 code INTEGER (-2147483648..2147483647)
50 DigestResponse ::= SEQUENCE {
51 responseData UTF8String,
52 rsp [0] UTF8String OPTIONAL,
53 tickets [1] SEQUENCE OF OCTET STRING OPTIONAL,
54 channel [2] SEQUENCE {
58 hash-a1 [3] OCTET STRING OPTIONAL
61 NTLMInit ::= SEQUENCE {
62 flags [0] INTEGER (0..4294967295),
63 hostname [1] UTF8String OPTIONAL,
64 domain [1] UTF8String OPTIONAL
67 NTLMInitReply ::= SEQUENCE {
68 flags [0] INTEGER (0..4294967295),
69 opaque [1] OCTET STRING,
70 targetname [2] UTF8String,
71 challange [3] OCTET STRING,
72 targetinfo [4] OCTET STRING OPTIONAL
75 NTLMRequest ::= SEQUENCE {
76 flags [0] INTEGER (0..4294967295),
77 opaque [1] OCTET STRING,
78 username [2] UTF8String,
79 targetname [3] UTF8String,
80 targetinfo [4] OCTET STRING OPTIONAL,
82 ntlm [6] OCTET STRING,
83 sessionkey [7] OCTET STRING OPTIONAL
86 NTLMResponse ::= SEQUENCE {
88 flags [1] INTEGER (0..4294967295),
89 sessionkey [2] OCTET STRING OPTIONAL,
90 tickets [3] SEQUENCE OF OCTET STRING OPTIONAL
93 DigestReqInner ::= CHOICE {
95 digestRequest [1] DigestRequest,
96 ntlmInit [2] NTLMInit,
97 ntlmRequest [3] NTLMRequest
100 DigestREQ ::= [APPLICATION 128] SEQUENCE {
101 apReq [0] OCTET STRING,
102 innerReq [1] EncryptedData
105 DigestRepInner ::= CHOICE {
106 error [0] DigestError,
107 initReply [1] DigestInitReply,
108 response [2] DigestResponse,
109 ntlmInitReply [3] NTLMInitReply,
110 ntlmResponse [4] NTLMResponse
113 DigestREP ::= [APPLICATION 129] SEQUENCE {
114 apRep [0] OCTET STRING,
115 innerRep [1] EncryptedData
122 -- A1 = unq(username-value) ":" unq(realm-value) ":" passwd
124 -- A1 = HEX(H(unq(username-value) ":" unq(realm-value) ":" passwd ) ":" unq(nonce-value) ":" unq(cnonce-value))
127 -- A2 = Method ":" digest-uri-value
129 -- A2 = Method ":" digest-uri-value ":" H(entity-body)
131 -- request-digest = HEX(KD(HEX(H(A1)),
132 -- unq(nonce-value) ":" nc-value ":" unq(cnonce-value) ":" unq(qop-value) ":" HEX(H(A2))))
134 -- request-digest = HEX(KD(HEX(H(A1)), unq(nonce-value) ":" HEX(H(A2))))
138 -- SS = H( { unq(username-value), ":", unq(realm-value), ":", password } )
139 -- A1 = { SS, ":", unq(nonce-value), ":", unq(cnonce-value) }
140 -- A1 = { SS, ":", unq(nonce-value), ":", unq(cnonce-value), ":", unq(authzid-value) }
142 -- A2 = "AUTHENTICATE:", ":", digest-uri-value
143 -- qop == auth-int,auth-conf
144 -- A2 = "AUTHENTICATE:", ":", digest-uri-value, ":00000000000000000000000000000000"
146 -- response-value = HEX( KD ( HEX(H(A1)),
147 -- { unq(nonce-value), ":" nc-value, ":",
148 -- unq(cnonce-value), ":", qop-value, ":",