aboutsummaryrefslogtreecommitdiff
path: root/crypto/heimdal/lib/asn1/k5.asn1
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/lib/asn1/k5.asn1')
-rw-r--r--crypto/heimdal/lib/asn1/k5.asn1448
1 files changed, 0 insertions, 448 deletions
diff --git a/crypto/heimdal/lib/asn1/k5.asn1 b/crypto/heimdal/lib/asn1/k5.asn1
deleted file mode 100644
index 1fa8b7b2b980..000000000000
--- a/crypto/heimdal/lib/asn1/k5.asn1
+++ /dev/null
@@ -1,448 +0,0 @@
--- $Id: k5.asn1,v 1.25 2001/05/14 06:12:13 assar Exp $
-
-KERBEROS5 DEFINITIONS ::=
-BEGIN
-
-NAME-TYPE ::= INTEGER {
- KRB5_NT_UNKNOWN(0), -- Name type not known
- KRB5_NT_PRINCIPAL(1), -- Just the name of the principal as in
- KRB5_NT_SRV_INST(2), -- Service and other unique instance (krbtgt)
- KRB5_NT_SRV_HST(3), -- Service with host name as instance
- KRB5_NT_SRV_XHST(4), -- Service with host as remaining components
- KRB5_NT_UID(5), -- Unique ID
- KRB5_NT_X500_PRINCIPAL(6) -- PKINIT
-}
-
--- message types
-
-MESSAGE-TYPE ::= INTEGER {
- krb-as-req(10), -- Request for initial authentication
- krb-as-rep(11), -- Response to KRB_AS_REQ request
- krb-tgs-req(12), -- Request for authentication based on TGT
- krb-tgs-rep(13), -- Response to KRB_TGS_REQ request
- krb-ap-req(14), -- application request to server
- krb-ap-rep(15), -- Response to KRB_AP_REQ_MUTUAL
- krb-safe(20), -- Safe (checksummed) application message
- krb-priv(21), -- Private (encrypted) application message
- krb-cred(22), -- Private (encrypted) message to forward credentials
- krb-error(30) -- Error response
-}
-
-
--- pa-data types
-
-PADATA-TYPE ::= INTEGER {
- KRB5-PADATA-NONE(0),
- KRB5-PADATA-TGS-REQ(1),
- KRB5-PADATA-AP-REQ(1),
- KRB5-PADATA-ENC-TIMESTAMP(2),
- KRB5-PADATA-PW-SALT(3),
- KRB5-PADATA-ENC-UNIX-TIME(5),
- KRB5-PADATA-SANDIA-SECUREID(6),
- KRB5-PADATA-SESAME(7),
- KRB5-PADATA-OSF-DCE(8),
- KRB5-PADATA-CYBERSAFE-SECUREID(9),
- KRB5-PADATA-AFS3-SALT(10),
- KRB5-PADATA-ETYPE-INFO(11),
- KRB5-PADATA-SAM-CHALLENGE(12), -- (sam/otp)
- KRB5-PADATA-SAM-RESPONSE(13), -- (sam/otp)
- KRB5-PADATA-PK-AS-REQ(14), -- (PKINIT)
- KRB5-PADATA-PK-AS-REP(15), -- (PKINIT)
- KRB5-PADATA-PK-AS-SIGN(16), -- (PKINIT)
- KRB5-PADATA-PK-KEY-REQ(17), -- (PKINIT)
- KRB5-PADATA-PK-KEY-REP(18), -- (PKINIT)
- KRB5-PADATA-USE-SPECIFIED-KVNO(20),
- KRB5-PADATA-SAM-REDIRECT(21), -- (sam/otp)
- KRB5-PADATA-GET-FROM-TYPED-DATA(22),
- KRB5-PADATA-SAM-ETYPE-INFO(23)
-}
-
--- checksumtypes
-
-CKSUMTYPE ::= INTEGER {
- CKSUMTYPE_NONE(0),
- CKSUMTYPE_CRC32(1),
- CKSUMTYPE_RSA_MD4(2),
- CKSUMTYPE_RSA_MD4_DES(3),
- CKSUMTYPE_DES_MAC(4),
- CKSUMTYPE_DES_MAC_K(5),
- CKSUMTYPE_RSA_MD4_DES_K(6),
- CKSUMTYPE_RSA_MD5(7),
- CKSUMTYPE_RSA_MD5_DES(8),
- CKSUMTYPE_RSA_MD5_DES3(9),
- -- CKSUMTYPE_SHA1(10),
- CKSUMTYPE_HMAC_SHA1_DES3(12),
- CKSUMTYPE_SHA1(1000), -- correct value? 10 (9 also)
- CKSUMTYPE_HMAC_MD5(-138), -- unofficial microsoft number
- CKSUMTYPE_HMAC_MD5_ENC(-1138) -- even more unofficial
-}
-
---enctypes
-ENCTYPE ::= INTEGER {
- ETYPE_NULL(0),
- ETYPE_DES_CBC_CRC(1),
- ETYPE_DES_CBC_MD4(2),
- ETYPE_DES_CBC_MD5(3),
- ETYPE_DES3_CBC_MD5(5),
- ETYPE_OLD_DES3_CBC_SHA1(7),
- ETYPE_SIGN_DSA_GENERATE(8),
- ETYPE_ENCRYPT_RSA_PRIV(9),
- ETYPE_ENCRYPT_RSA_PUB(10),
- ETYPE_DES3_CBC_SHA1(16), -- with key derivation
- ETYPE_ARCFOUR_HMAC_MD5(23),
- ETYPE_ARCFOUR_HMAC_MD5_56(24),
- ETYPE_ENCTYPE_PK_CROSS(48),
--- these are for Heimdal internal use
- ETYPE_DES_CBC_NONE(-0x1000),
- ETYPE_DES3_CBC_NONE(-0x1001),
- ETYPE_DES_CFB64_NONE(-0x1002),
- ETYPE_DES_PCBC_NONE(-0x1003),
- ETYPE_DES3_CBC_NONE_IVEC(-0x1004)
-}
-
--- this is sugar to make something ASN1 does not have: unsigned
-
-UNSIGNED ::= INTEGER (0..4294967295)
-
-Realm ::= GeneralString
-PrincipalName ::= SEQUENCE {
- name-type[0] NAME-TYPE,
- name-string[1] SEQUENCE OF GeneralString
-}
-
--- this is not part of RFC1510
-Principal ::= SEQUENCE {
- name[0] PrincipalName,
- realm[1] Realm
-}
-
-HostAddress ::= SEQUENCE {
- addr-type[0] INTEGER,
- address[1] OCTET STRING
-}
-
--- This is from RFC1510.
---
--- HostAddresses ::= SEQUENCE OF SEQUENCE {
--- addr-type[0] INTEGER,
--- address[1] OCTET STRING
--- }
-
--- This seems much better.
-HostAddresses ::= SEQUENCE OF HostAddress
-
-
-KerberosTime ::= GeneralizedTime -- Specifying UTC time zone (Z)
-
-AuthorizationData ::= SEQUENCE OF SEQUENCE {
- ad-type[0] INTEGER,
- ad-data[1] OCTET STRING
-}
-
-APOptions ::= BIT STRING {
- reserved(0),
- use-session-key(1),
- mutual-required(2)
-}
-
-TicketFlags ::= BIT STRING {
- reserved(0),
- forwardable(1),
- forwarded(2),
- proxiable(3),
- proxy(4),
- may-postdate(5),
- postdated(6),
- invalid(7),
- renewable(8),
- initial(9),
- pre-authent(10),
- hw-authent(11),
- transited-policy-checked(12),
- ok-as-delegate(13),
- anonymous(14)
-}
-
-KDCOptions ::= BIT STRING {
- reserved(0),
- forwardable(1),
- forwarded(2),
- proxiable(3),
- proxy(4),
- allow-postdate(5),
- postdated(6),
- unused7(7),
- renewable(8),
- unused9(9),
- unused10(10),
- unused11(11),
- request-anonymous(14),
- canonicalize(15),
- disable-transited-check(26),
- renewable-ok(27),
- enc-tkt-in-skey(28),
- renew(30),
- validate(31)
-}
-
-LR-TYPE ::= INTEGER {
- LR_NONE(0), -- no information
- LR_INITIAL_TGT(1), -- last initial TGT request
- LR_INITIAL(2), -- last initial request
- LR_ISSUE_USE_TGT(3), -- time of newest TGT used
- LR_RENEWAL(4), -- time of last renewal
- LR_REQUEST(5), -- time of last request (of any type)
- LR_PW_EXPTIME(6), -- expiration time of password
- LR_ACCT_EXPTIME(7) -- expiration time of account
-}
-
-LastReq ::= SEQUENCE OF SEQUENCE {
- lr-type[0] LR-TYPE,
- lr-value[1] KerberosTime
-}
-
-
-EncryptedData ::= SEQUENCE {
- etype[0] ENCTYPE, -- EncryptionType
- kvno[1] INTEGER OPTIONAL,
- cipher[2] OCTET STRING -- ciphertext
-}
-
-EncryptionKey ::= SEQUENCE {
- keytype[0] INTEGER,
- keyvalue[1] OCTET STRING
-}
-
--- encoded Transited field
-TransitedEncoding ::= SEQUENCE {
- tr-type[0] INTEGER, -- must be registered
- contents[1] OCTET STRING
-}
-
-Ticket ::= [APPLICATION 1] SEQUENCE {
- tkt-vno[0] INTEGER,
- realm[1] Realm,
- sname[2] PrincipalName,
- enc-part[3] EncryptedData
-}
--- Encrypted part of ticket
-EncTicketPart ::= [APPLICATION 3] SEQUENCE {
- flags[0] TicketFlags,
- key[1] EncryptionKey,
- crealm[2] Realm,
- cname[3] PrincipalName,
- transited[4] TransitedEncoding,
- authtime[5] KerberosTime,
- starttime[6] KerberosTime OPTIONAL,
- endtime[7] KerberosTime,
- renew-till[8] KerberosTime OPTIONAL,
- caddr[9] HostAddresses OPTIONAL,
- authorization-data[10] AuthorizationData OPTIONAL
-}
-
-Checksum ::= SEQUENCE {
- cksumtype[0] CKSUMTYPE,
- checksum[1] OCTET STRING
-}
-
-Authenticator ::= [APPLICATION 2] SEQUENCE {
- authenticator-vno[0] INTEGER,
- crealm[1] Realm,
- cname[2] PrincipalName,
- cksum[3] Checksum OPTIONAL,
- cusec[4] INTEGER,
- ctime[5] KerberosTime,
- subkey[6] EncryptionKey OPTIONAL,
- seq-number[7] UNSIGNED OPTIONAL,
- authorization-data[8] AuthorizationData OPTIONAL
- }
-
-PA-DATA ::= SEQUENCE {
- -- might be encoded AP-REQ
- padata-type[1] PADATA-TYPE,
- padata-value[2] OCTET STRING
-}
-
-ETYPE-INFO-ENTRY ::= SEQUENCE {
- etype[0] ENCTYPE,
- salt[1] OCTET STRING OPTIONAL,
- salttype[2] INTEGER OPTIONAL
-}
-
-ETYPE-INFO ::= SEQUENCE OF ETYPE-INFO-ENTRY
-
-METHOD-DATA ::= SEQUENCE OF PA-DATA
-
-KDC-REQ-BODY ::= SEQUENCE {
- kdc-options[0] KDCOptions,
- cname[1] PrincipalName OPTIONAL, -- Used only in AS-REQ
- realm[2] Realm, -- Server's realm
- -- Also client's in AS-REQ
- sname[3] PrincipalName OPTIONAL,
- from[4] KerberosTime OPTIONAL,
- till[5] KerberosTime OPTIONAL,
- rtime[6] KerberosTime OPTIONAL,
- nonce[7] INTEGER,
- etype[8] SEQUENCE OF ENCTYPE, -- EncryptionType,
- -- in preference order
- addresses[9] HostAddresses OPTIONAL,
- enc-authorization-data[10] EncryptedData OPTIONAL,
- -- Encrypted AuthorizationData encoding
- additional-tickets[11] SEQUENCE OF Ticket OPTIONAL
-}
-
-KDC-REQ ::= SEQUENCE {
- pvno[1] INTEGER,
- msg-type[2] MESSAGE-TYPE,
- padata[3] METHOD-DATA OPTIONAL,
- req-body[4] KDC-REQ-BODY
-}
-
-AS-REQ ::= [APPLICATION 10] KDC-REQ
-TGS-REQ ::= [APPLICATION 12] KDC-REQ
-
--- padata-type ::= PA-ENC-TIMESTAMP
--- padata-value ::= EncryptedData - PA-ENC-TS-ENC
-
-PA-ENC-TS-ENC ::= SEQUENCE {
- patimestamp[0] KerberosTime, -- client's time
- pausec[1] INTEGER OPTIONAL
-}
-
-KDC-REP ::= SEQUENCE {
- pvno[0] INTEGER,
- msg-type[1] MESSAGE-TYPE,
- padata[2] METHOD-DATA OPTIONAL,
- crealm[3] Realm,
- cname[4] PrincipalName,
- ticket[5] Ticket,
- enc-part[6] EncryptedData
-}
-
-AS-REP ::= [APPLICATION 11] KDC-REP
-TGS-REP ::= [APPLICATION 13] KDC-REP
-
-EncKDCRepPart ::= SEQUENCE {
- key[0] EncryptionKey,
- last-req[1] LastReq,
- nonce[2] INTEGER,
- key-expiration[3] KerberosTime OPTIONAL,
- flags[4] TicketFlags,
- authtime[5] KerberosTime,
- starttime[6] KerberosTime OPTIONAL,
- endtime[7] KerberosTime,
- renew-till[8] KerberosTime OPTIONAL,
- srealm[9] Realm,
- sname[10] PrincipalName,
- caddr[11] HostAddresses OPTIONAL
-}
-
-EncASRepPart ::= [APPLICATION 25] EncKDCRepPart
-EncTGSRepPart ::= [APPLICATION 26] EncKDCRepPart
-
-AP-REQ ::= [APPLICATION 14] SEQUENCE {
- pvno[0] INTEGER,
- msg-type[1] MESSAGE-TYPE,
- ap-options[2] APOptions,
- ticket[3] Ticket,
- authenticator[4] EncryptedData
-}
-
-AP-REP ::= [APPLICATION 15] SEQUENCE {
- pvno[0] INTEGER,
- msg-type[1] MESSAGE-TYPE,
- enc-part[2] EncryptedData
-}
-
-EncAPRepPart ::= [APPLICATION 27] SEQUENCE {
- ctime[0] KerberosTime,
- cusec[1] INTEGER,
- subkey[2] EncryptionKey OPTIONAL,
- seq-number[3] UNSIGNED OPTIONAL
-}
-
-KRB-SAFE-BODY ::= SEQUENCE {
- user-data[0] OCTET STRING,
- timestamp[1] KerberosTime OPTIONAL,
- usec[2] INTEGER OPTIONAL,
- seq-number[3] UNSIGNED OPTIONAL,
- s-address[4] HostAddress OPTIONAL,
- r-address[5] HostAddress OPTIONAL
-}
-
-KRB-SAFE ::= [APPLICATION 20] SEQUENCE {
- pvno[0] INTEGER,
- msg-type[1] MESSAGE-TYPE,
- safe-body[2] KRB-SAFE-BODY,
- cksum[3] Checksum
-}
-
-KRB-PRIV ::= [APPLICATION 21] SEQUENCE {
- pvno[0] INTEGER,
- msg-type[1] MESSAGE-TYPE,
- enc-part[3] EncryptedData
-}
-EncKrbPrivPart ::= [APPLICATION 28] SEQUENCE {
- user-data[0] OCTET STRING,
- timestamp[1] KerberosTime OPTIONAL,
- usec[2] INTEGER OPTIONAL,
- seq-number[3] UNSIGNED OPTIONAL,
- s-address[4] HostAddress OPTIONAL, -- sender's addr
- r-address[5] HostAddress OPTIONAL -- recip's addr
-}
-
-KRB-CRED ::= [APPLICATION 22] SEQUENCE {
- pvno[0] INTEGER,
- msg-type[1] MESSAGE-TYPE, -- KRB_CRED
- tickets[2] SEQUENCE OF Ticket,
- enc-part[3] EncryptedData
-}
-
-KrbCredInfo ::= SEQUENCE {
- key[0] EncryptionKey,
- prealm[1] Realm OPTIONAL,
- pname[2] PrincipalName OPTIONAL,
- flags[3] TicketFlags OPTIONAL,
- authtime[4] KerberosTime OPTIONAL,
- starttime[5] KerberosTime OPTIONAL,
- endtime[6] KerberosTime OPTIONAL,
- renew-till[7] KerberosTime OPTIONAL,
- srealm[8] Realm OPTIONAL,
- sname[9] PrincipalName OPTIONAL,
- caddr[10] HostAddresses OPTIONAL
-}
-
-EncKrbCredPart ::= [APPLICATION 29] SEQUENCE {
- ticket-info[0] SEQUENCE OF KrbCredInfo,
- nonce[1] INTEGER OPTIONAL,
- timestamp[2] KerberosTime OPTIONAL,
- usec[3] INTEGER OPTIONAL,
- s-address[4] HostAddress OPTIONAL,
- r-address[5] HostAddress OPTIONAL
-}
-
-KRB-ERROR ::= [APPLICATION 30] SEQUENCE {
- pvno[0] INTEGER,
- msg-type[1] MESSAGE-TYPE,
- ctime[2] KerberosTime OPTIONAL,
- cusec[3] INTEGER OPTIONAL,
- stime[4] KerberosTime,
- susec[5] INTEGER,
- error-code[6] INTEGER,
- crealm[7] Realm OPTIONAL,
- cname[8] PrincipalName OPTIONAL,
- realm[9] Realm, -- Correct realm
- sname[10] PrincipalName, -- Correct name
- e-text[11] GeneralString OPTIONAL,
- e-data[12] OCTET STRING OPTIONAL
-}
-
-pvno INTEGER ::= 5 -- current Kerberos protocol version number
-
--- transited encodings
-
-DOMAIN-X500-COMPRESS INTEGER ::= 1
-
-END
-
--- etags -r '/\([A-Za-z][-A-Za-z0-9]*\).*::=/\1/' k5.asn1
generated by cgit v1.2.3 (git 2.25.1) at 2025-02-22 13:35:18 +0000