From: John Kohl Date: Tue, 26 Dec 1989 11:35:42 +0000 (+0000) Subject: *** empty log message *** X-Git-Tag: krb5-1.0-alpha2~1321 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=2b16255d03b6deb9fb474e5a098df906a715cfc0;p=krb5.git *** empty log message *** git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@52 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/krb5/asn.1/KRB5-asn.py b/src/lib/krb5/asn.1/KRB5-asn.py new file mode 100644 index 000000000..9a9471d77 --- /dev/null +++ b/src/lib/krb5/asn.1/KRB5-asn.py @@ -0,0 +1,282 @@ +-- $Source$ +-- $Author$ +-- $Id$ +-- +-- Copyright 1989 by the Massachusetts Institute of Technology. +-- +-- For copying and distribution information, please see the file +-- . +-- +-- ASN.1 definitions for the kerberos network objects +-- + +KRB5 DEFINITIONS ::= +BEGIN + +-- Define "better" names + +SessionKey ::= OCTET STRING +Realm ::= GeneralString +PrincipalName ::= SEQUENCE OF GeneralString +EncryptedData ::= OCTET STRING +Checksum ::= OCTET STRING + +-- Message types from protocol spec + +-- Some predefined integer values for certain types of fields +MessageType ::= INTEGER { + asReq(2), + asRep(4), + apReq(6), + tgsReq(8), + apRep(10), + tgsRep(12), + safe(14), + priv(16), + error(32) +} + +AddressType ::= INTEGER { + internet(2), + chaosnet(5), + iso(7), + xns(6), + appletalk-ddp(16) +} + +KeyType ::= INTEGER { + null(0), + des(1), + lucifer(2) +} + +EncryptionType ::= INTEGER { + null(0), + des-cbc(1), + lucifer-cbc(2) +} + +ChecksumType ::= INTEGER { + crc(1), + -- xxx(2), + snefru(3), + des-mac(4) +} + +-- Unencrypted authenticator +Authenticator ::= SEQUENCE { + authenticator-vno[0] AuthenticatorVersion, + crealm[1] Realm, + cname[2] PrincipalName, + checksumType[3] ChecksumType, + checksum[4] Checksum, + cmsec[5] INTEGER, + ctime[6] UTCTime +} + +AuthenticatorVersion ::= INTEGER {krb5(5)} + +EncryptedAuthenticator ::= OCTET STRING + +-- Encrypted part of ticket +EncTicketPart ::= SEQUENCE { + flags[0] TicketFlags, + keytype[1] KeyType, + session[2] SessionKey, + crealm[3] Realm, + cname[4] PrincipalName, + transited[5] GeneralString, + authtime[6] UTCTime, + starttime[7] UTCTime, + endtime[8] UTCTime, + renewTill[9] UTCTime OPTIONAL, + caddr[10] HostAddresses, + authorization-data[11] AuthorizationData OPTIONAL +} + + +TicketFlags ::= BIT STRING { + reserved(0), + forwardable(1), + forwarded(2), + proxiable(3), + proxy(4), + may-postdate(5), + postdated(6), + invalid(7), + renewable(8), + initial(9), + duplicate-skey(10) +} + +HostAddresses ::= SEQUENCE { + addr-type[0] AddressType, + address[1] OCTET STRING +} + +AuthorizationData ::= SEQUENCE OF SEQUENCE { + ad-type[0] INTEGER, + ad-data[1] GeneralString +} + +KDCOptions ::= BIT STRING { + reserved(0), + forwardable(1), + forwarded(2), + proxiable(3), + proxy(4), + allow-postdate(5), + postdated(6), + unused7(7), + renewable(8), + unused9(9), + duplicate-skey(10), + renewable-ok(27), + enc-tkt-in-skey(28), + reuse-skey(29), + renew(30), + validate(31) +} + +Ticket ::= SEQUENCE { + tkt-vno[0] INTEGER, + srealm[1] Realm, + sname[2] PrincipalName, + etype[3] EncryptionType, + skvno[4] INTEGER, + enc-part[5] EncryptedData +} + +AS-REQ ::= [APPLICATION 0] SEQUENCE { + pvno[0] INTEGER, + msg-type[1] INTEGER, + kdc-options[2] KDCOptions, + ctime[3] UTCTime, + from[4] UTCTime, + till[5] UTCTime, + rtime[6] UTCTime OPTIONAL, + etype[7] EncryptionType, + crealm[8] Realm, + cname[9] PrincipalName, + addresses[10] HostAddresses, + sname[11] PrincipalName +} + +KDC-REP ::= [APPLICATION 1] SEQUENCE { + pvno[0] INTEGER, + msg-type[1] INTEGER, + crealm[2] Realm, + cname[3] PrincipalName, + etype[4] EncryptionType, + ckvno[5] INTEGER, + ticket[6] Ticket, + enc-part[7] EncryptedData +} + +EncKDCRepPart ::= SEQUENCE { + keytype[0] KeyType, + session[1] SessionKey, + last-req[2] LastReq, + ctime[3] UTCTime, + ktime[4] UTCTime, + key-exp[5] UTCTime, + flags[6] TicketFlags, + starttime[7] UTCTime, + endtime[8] UTCTime, + renew-till[6] UTCTime OPTIONAL, + srealm[9] Realm, + sname[10] PrincipalName, + caddr[11] HostAddresses +} + +KRB-ERROR ::= [APPLICATION 2] SEQUENCE { + pvno[0] INTEGER, + msg-type[1] INTEGER, + ctime[2] UTCTime, + cmsec[3] INTEGER, + stime[4] UTCTime, + smsec[5] INTEGER, + error[6] INTEGER, + crealm[7] Realm, + cname[8] PrincipalName, + srealm[9] Realm, + sname[10] PrincipalName, + e-text[11] GeneralString +} + +LastReq ::= SEQUENCE OF SEQUENCE { + lr-type[0] INTEGER, + lr-value[1] INTEGER +} + +AP-REQ ::= [APPLICATION 3] SEQUENCE { + pvno[0] INTEGER, + msg-type[1] INTEGER, + ap-options[2] APOptions, + ticket[3] Ticket, + authenticator[4] Authenticator +} + +APOptions ::= BIT STRING { + reserved(0), + use-session-key(1), + mutual-required(2) +} + +AP-REP ::= [APPLICATION 4] SEQUENCE { + pvno[0] INTEGER, + msg-type[1] INTEGER, + enc-part[2] EncryptedData +} + +EncAPRepPart ::= SEQUENCE { + ctime[0] UTCTime, + cmsec[1] INTEGER +} + +TGS-REQ ::= [APPLICATION 5] SEQUENCE { + header[0] AP-REQ, + pvno[1] INTEGER, + msg-type[2] INTEGER, + kdc-options[3] KDCOptions, + from[4] UTCTime, + till[5] UTCTime, + rtime[6] UTCTime OPTIONAL, + ctime[7] UTCTime, + etype[8] EncryptionType, + sname[9] PrincipalName, + addresses[10] HostAddresses, + enc-part[11] EncryptedData +} + +EncTgsReqPart ::= SEQUENCE { + authorization-data[0] AuthorizationData OPTIONAL, + second-ticket[1] Ticket OPTIONAL +} + +KRB-SAFE ::= [APPLICATION 6] SEQUENCE { + pvno[0] INTEGER, + msg-type[1] INTEGER, + user-data[2] OCTET STRING, + timestamp[3] UTCTime, + msec[4] INTEGER, + addresses[5] HostAddresses, + checksumType[6] ChecksumType, + checksum[7] Checksum +} + +KRB-PRIV ::= [APPLICATION 7] SEQUENCE { + pvno[0] INTEGER, + msg-type[1] INTEGER, + etype[2] EncryptionType, + enc-part[3] EncryptedData +} + +EncKrbPrivPart ::= SEQUENCE { + user-data[0] OCTET STRING, + timestamp[1] UTCTime, + msec[2] INTEGER, + addresses[3] HostAddresses +} + +END