xref: /freebsd/crypto/heimdal/lib/asn1/digest.asn1 (revision c19800e8) 
1c19800e8SDoug Rabson-- $Id$
2c19800e8SDoug Rabson
3c19800e8SDoug RabsonDIGEST DEFINITIONS ::=
4c19800e8SDoug RabsonBEGIN
5c19800e8SDoug Rabson
6c19800e8SDoug RabsonIMPORTS EncryptedData, Principal FROM krb5;
7c19800e8SDoug Rabson
8c19800e8SDoug RabsonDigestTypes ::= BIT STRING {
9c19800e8SDoug Rabson	ntlm-v1(0),
10c19800e8SDoug Rabson	ntlm-v1-session(1),
11c19800e8SDoug Rabson	ntlm-v2(2),
12c19800e8SDoug Rabson	digest-md5(3),
13c19800e8SDoug Rabson	chap-md5(4),
14c19800e8SDoug Rabson	ms-chap-v2(5)
15c19800e8SDoug Rabson}
16c19800e8SDoug Rabson
17c19800e8SDoug RabsonDigestInit ::= SEQUENCE {
18c19800e8SDoug Rabson    type		UTF8String, -- http, sasl, chap, cram-md5 --
19c19800e8SDoug Rabson    channel		[0] SEQUENCE {
20c19800e8SDoug Rabson    	cb-type		UTF8String,
21c19800e8SDoug Rabson    	cb-binding	UTF8String
22c19800e8SDoug Rabson    } OPTIONAL,
23c19800e8SDoug Rabson    hostname		[1] UTF8String OPTIONAL -- for chap/cram-md5
24c19800e8SDoug Rabson}
25c19800e8SDoug Rabson
26c19800e8SDoug RabsonDigestInitReply ::= SEQUENCE {
27c19800e8SDoug Rabson    nonce		UTF8String,	-- service nonce/challange
28c19800e8SDoug Rabson    opaque		UTF8String,	-- server state
29c19800e8SDoug Rabson    identifier		[0] UTF8String OPTIONAL
30c19800e8SDoug Rabson}
31c19800e8SDoug Rabson
32c19800e8SDoug Rabson
33c19800e8SDoug RabsonDigestRequest ::= SEQUENCE  {
34c19800e8SDoug Rabson    type		UTF8String, -- http, sasl-md5, chap, cram-md5 --
35c19800e8SDoug Rabson    digest		UTF8String, -- http:md5/md5-sess sasl:clear/int/conf --
36c19800e8SDoug Rabson    username		UTF8String, -- username user used
37c19800e8SDoug Rabson    responseData	UTF8String, -- client response
38c19800e8SDoug Rabson    authid		[0] UTF8String OPTIONAL,
39c19800e8SDoug Rabson    authentication-user	[1] Principal OPTIONAL, -- principal to get key from
40c19800e8SDoug Rabson    realm		[2] UTF8String OPTIONAL,
41c19800e8SDoug Rabson    method		[3] UTF8String OPTIONAL,
42c19800e8SDoug Rabson    uri			[4] UTF8String OPTIONAL,
43c19800e8SDoug Rabson    serverNonce		UTF8String, -- same as "DigestInitReply.nonce"
44c19800e8SDoug Rabson    clientNonce		[5] UTF8String OPTIONAL,
45c19800e8SDoug Rabson    nonceCount		[6] UTF8String OPTIONAL,
46c19800e8SDoug Rabson    qop			[7] UTF8String OPTIONAL,
47c19800e8SDoug Rabson    identifier		[8] UTF8String OPTIONAL,
48c19800e8SDoug Rabson    hostname		[9] UTF8String OPTIONAL,
49c19800e8SDoug Rabson    opaque		UTF8String -- same as "DigestInitReply.opaque"
50c19800e8SDoug Rabson}
51c19800e8SDoug Rabson-- opaque = hex(cksum(type|serverNonce|identifier|hostname,digest-key))
52c19800e8SDoug Rabson-- serverNonce = hex(time[4bytes]random[12bytes])(-cbType:cbBinding)
53c19800e8SDoug Rabson
54c19800e8SDoug Rabson
55c19800e8SDoug RabsonDigestError ::= SEQUENCE {
56c19800e8SDoug Rabson    reason		UTF8String,
57c19800e8SDoug Rabson    code		INTEGER (-2147483648..2147483647)
58c19800e8SDoug Rabson}
59c19800e8SDoug Rabson
60c19800e8SDoug RabsonDigestResponse ::= SEQUENCE  {
61c19800e8SDoug Rabson    success		BOOLEAN,
62c19800e8SDoug Rabson    rsp			[0] UTF8String OPTIONAL,
63c19800e8SDoug Rabson    tickets		[1] SEQUENCE OF OCTET STRING OPTIONAL,
64c19800e8SDoug Rabson    channel		[2] SEQUENCE {
65c19800e8SDoug Rabson    	cb-type		UTF8String,
66c19800e8SDoug Rabson    	cb-binding	UTF8String
67c19800e8SDoug Rabson    } OPTIONAL,
68c19800e8SDoug Rabson    session-key		[3] OCTET STRING OPTIONAL
69c19800e8SDoug Rabson}
70c19800e8SDoug Rabson
71c19800e8SDoug RabsonNTLMInit ::= SEQUENCE {
72c19800e8SDoug Rabson    flags		[0] INTEGER (0..4294967295),
73c19800e8SDoug Rabson    hostname		[1] UTF8String OPTIONAL,
74c19800e8SDoug Rabson    domain		[1] UTF8String OPTIONAL
75c19800e8SDoug Rabson}
76c19800e8SDoug Rabson
77c19800e8SDoug RabsonNTLMInitReply ::= SEQUENCE {
78c19800e8SDoug Rabson    flags		[0] INTEGER (0..4294967295),
79c19800e8SDoug Rabson    opaque		[1] OCTET STRING,
80c19800e8SDoug Rabson    targetname		[2] UTF8String,
81c19800e8SDoug Rabson    challange		[3] OCTET STRING,
82c19800e8SDoug Rabson    targetinfo		[4] OCTET STRING OPTIONAL
83c19800e8SDoug Rabson}
84c19800e8SDoug Rabson
85c19800e8SDoug RabsonNTLMRequest ::= SEQUENCE {
86c19800e8SDoug Rabson    flags		[0] INTEGER (0..4294967295),
87c19800e8SDoug Rabson    opaque		[1] OCTET STRING,
88c19800e8SDoug Rabson    username		[2] UTF8String,
89c19800e8SDoug Rabson    targetname		[3] UTF8String,
90c19800e8SDoug Rabson    targetinfo		[4] OCTET STRING OPTIONAL,
91c19800e8SDoug Rabson    lm			[5] OCTET STRING,
92c19800e8SDoug Rabson    ntlm		[6] OCTET STRING,
93c19800e8SDoug Rabson    sessionkey		[7] OCTET STRING OPTIONAL
94c19800e8SDoug Rabson}
95c19800e8SDoug Rabson
96c19800e8SDoug RabsonNTLMResponse ::= SEQUENCE {
97c19800e8SDoug Rabson    success		[0] BOOLEAN,
98c19800e8SDoug Rabson    flags		[1] INTEGER (0..4294967295),
99c19800e8SDoug Rabson    sessionkey		[2] OCTET STRING OPTIONAL,
100c19800e8SDoug Rabson    tickets		[3] SEQUENCE OF OCTET STRING OPTIONAL
101c19800e8SDoug Rabson}
102c19800e8SDoug Rabson
103c19800e8SDoug RabsonNTLMRequest2 ::= SEQUENCE {
104c19800e8SDoug Rabson    loginUserName	[0] UTF8String,
105c19800e8SDoug Rabson    loginDomainName	[1] UTF8String,
106c19800e8SDoug Rabson    flags		[2] INTEGER (0..4294967295),
107c19800e8SDoug Rabson    lmchallenge		[3] OCTET STRING SIZE (8),
108c19800e8SDoug Rabson    ntChallengeResponce [4] OCTET STRING,
109c19800e8SDoug Rabson    lmChallengeResponce [5] OCTET STRING
110c19800e8SDoug Rabson}
111c19800e8SDoug Rabson
112c19800e8SDoug RabsonNTLMReply ::= SEQUENCE {
113c19800e8SDoug Rabson    success		[0] BOOLEAN,
114c19800e8SDoug Rabson    flags		[1] INTEGER (0..4294967295),
115c19800e8SDoug Rabson    sessionkey		[2] OCTET STRING OPTIONAL
116c19800e8SDoug Rabson}
117c19800e8SDoug Rabson
118c19800e8SDoug RabsonDigestReqInner ::= CHOICE {
119c19800e8SDoug Rabson    init		[0] DigestInit,
120c19800e8SDoug Rabson    digestRequest	[1] DigestRequest,
121c19800e8SDoug Rabson    ntlmInit		[2] NTLMInit,
122c19800e8SDoug Rabson    ntlmRequest		[3] NTLMRequest,
123c19800e8SDoug Rabson    supportedMechs	[4] NULL
124c19800e8SDoug Rabson}
125c19800e8SDoug Rabson
126c19800e8SDoug RabsonDigestREQ ::= [APPLICATION 128] SEQUENCE {
127c19800e8SDoug Rabson    apReq		[0] OCTET STRING,
128c19800e8SDoug Rabson    innerReq		[1] EncryptedData
129c19800e8SDoug Rabson}
130c19800e8SDoug Rabson
131c19800e8SDoug RabsonDigestRepInner ::= CHOICE {
132c19800e8SDoug Rabson    error		[0] DigestError,
133c19800e8SDoug Rabson    initReply		[1] DigestInitReply,
134c19800e8SDoug Rabson    response		[2] DigestResponse,
135c19800e8SDoug Rabson    ntlmInitReply	[3] NTLMInitReply,
136c19800e8SDoug Rabson    ntlmResponse	[4] NTLMResponse,
137c19800e8SDoug Rabson    supportedMechs	[5] DigestTypes,
138c19800e8SDoug Rabson    ...
139c19800e8SDoug Rabson}
140c19800e8SDoug Rabson
141c19800e8SDoug RabsonDigestREP ::= [APPLICATION 129] SEQUENCE {
142c19800e8SDoug Rabson    apRep		[0] OCTET STRING,
143c19800e8SDoug Rabson    innerRep		[1] EncryptedData
144c19800e8SDoug Rabson}
145c19800e8SDoug Rabson
146c19800e8SDoug Rabson
147c19800e8SDoug Rabson-- HTTP
148c19800e8SDoug Rabson
149c19800e8SDoug Rabson-- md5
150c19800e8SDoug Rabson-- A1 = unq(username-value) ":" unq(realm-value) ":" passwd
151c19800e8SDoug Rabson-- md5-sess
152c19800e8SDoug Rabson-- A1 = HEX(H(unq(username-value) ":" unq(realm-value) ":" passwd ) ":" unq(nonce-value) ":" unq(cnonce-value))
153c19800e8SDoug Rabson
154c19800e8SDoug Rabson-- qop == auth
155c19800e8SDoug Rabson-- A2 = Method ":" digest-uri-value
156c19800e8SDoug Rabson-- qop == auth-int
157c19800e8SDoug Rabson-- A2 = Method ":" digest-uri-value ":" H(entity-body)
158c19800e8SDoug Rabson
159c19800e8SDoug Rabson-- request-digest  = HEX(KD(HEX(H(A1)),
160c19800e8SDoug Rabson--    unq(nonce-value) ":" nc-value ":" unq(cnonce-value) ":" unq(qop-value) ":" HEX(H(A2))))
161c19800e8SDoug Rabson-- no "qop"
162c19800e8SDoug Rabson-- request-digest  = HEX(KD(HEX(H(A1)), unq(nonce-value) ":" HEX(H(A2))))
163c19800e8SDoug Rabson
164c19800e8SDoug Rabson
165-- SASL:
166-- SS = H( { unq(username-value), ":", unq(realm-value), ":", password } )
167-- A1 = { SS, ":", unq(nonce-value), ":", unq(cnonce-value) }
168-- A1 = { SS, ":", unq(nonce-value), ":", unq(cnonce-value), ":", unq(authzid-value) }
169
170-- A2 = "AUTHENTICATE:", ":", digest-uri-value
171-- qop == auth-int,auth-conf
172-- A2 = "AUTHENTICATE:", ":", digest-uri-value, ":00000000000000000000000000000000"
173
174-- response-value = HEX( KD ( HEX(H(A1)),
175--                 { unq(nonce-value), ":" nc-value, ":",
176--                   unq(cnonce-value), ":", qop-value, ":",
177--                   HEX(H(A2)) }))
178
179END
180