1 -- $Id: digest.asn1 20138 2007-02-02 21:08:24Z lha $
6 IMPORTS EncryptedData, Principal FROM krb5;
8 DigestInit ::= SEQUENCE {
9 type UTF8String, -- http, sasl, chap, cram-md5 --
10 channel [0] SEQUENCE {
14 hostname [1] UTF8String OPTIONAL -- for chap/cram-md5
17 DigestInitReply ::= SEQUENCE {
18 nonce UTF8String, -- service nonce/challange
19 opaque UTF8String, -- server state
20 identifier [0] UTF8String OPTIONAL
24 DigestRequest ::= SEQUENCE {
25 type UTF8String, -- http, sasl-md5, chap, cram-md5 --
26 digest UTF8String, -- http:md5/md5-sess sasl:clear/int/conf --
27 username UTF8String, -- username user used
28 responseData UTF8String, -- client response
29 authid [0] UTF8String OPTIONAL,
30 authentication-user [1] Principal OPTIONAL, -- principal to get key from
31 realm [2] UTF8String OPTIONAL,
32 method [3] UTF8String OPTIONAL,
33 uri [4] UTF8String OPTIONAL,
34 serverNonce UTF8String, -- same as "DigestInitReply.nonce"
35 clientNonce [5] UTF8String OPTIONAL,
36 nonceCount [6] UTF8String OPTIONAL,
37 qop [7] UTF8String OPTIONAL,
38 identifier [8] UTF8String OPTIONAL,
39 hostname [9] UTF8String OPTIONAL,
40 opaque UTF8String -- same as "DigestInitReply.opaque"
42 -- opaque = hex(cksum(type|serverNonce|identifier|hostname,digest-key))
43 -- serverNonce = hex(time[4bytes]random[12bytes])(-cbType:cbBinding)
46 DigestError ::= SEQUENCE {
48 code INTEGER (-2147483648..2147483647)
51 DigestResponse ::= SEQUENCE {
53 rsp [0] UTF8String OPTIONAL,
54 tickets [1] SEQUENCE OF OCTET STRING OPTIONAL,
55 channel [2] SEQUENCE {
59 session-key [3] OCTET STRING OPTIONAL
62 NTLMInit ::= SEQUENCE {
63 flags [0] INTEGER (0..4294967295),
64 hostname [1] UTF8String OPTIONAL,
65 domain [1] UTF8String OPTIONAL
68 NTLMInitReply ::= SEQUENCE {
69 flags [0] INTEGER (0..4294967295),
70 opaque [1] OCTET STRING,
71 targetname [2] UTF8String,
72 challange [3] OCTET STRING,
73 targetinfo [4] OCTET STRING OPTIONAL
76 NTLMRequest ::= SEQUENCE {
77 flags [0] INTEGER (0..4294967295),
78 opaque [1] OCTET STRING,
79 username [2] UTF8String,
80 targetname [3] UTF8String,
81 targetinfo [4] OCTET STRING OPTIONAL,
83 ntlm [6] OCTET STRING,
84 sessionkey [7] OCTET STRING OPTIONAL
87 NTLMResponse ::= SEQUENCE {
89 flags [1] INTEGER (0..4294967295),
90 sessionkey [2] OCTET STRING OPTIONAL,
91 tickets [3] SEQUENCE OF OCTET STRING OPTIONAL
94 DigestReqInner ::= CHOICE {
96 digestRequest [1] DigestRequest,
97 ntlmInit [2] NTLMInit,
98 ntlmRequest [3] NTLMRequest
101 DigestREQ ::= [APPLICATION 128] SEQUENCE {
102 apReq [0] OCTET STRING,
103 innerReq [1] EncryptedData
106 DigestRepInner ::= CHOICE {
107 error [0] DigestError,
108 initReply [1] DigestInitReply,
109 response [2] DigestResponse,
110 ntlmInitReply [3] NTLMInitReply,
111 ntlmResponse [4] NTLMResponse
114 DigestREP ::= [APPLICATION 129] SEQUENCE {
115 apRep [0] OCTET STRING,
116 innerRep [1] EncryptedData
123 -- A1 = unq(username-value) ":" unq(realm-value) ":" passwd
125 -- A1 = HEX(H(unq(username-value) ":" unq(realm-value) ":" passwd ) ":" unq(nonce-value) ":" unq(cnonce-value))
128 -- A2 = Method ":" digest-uri-value
130 -- A2 = Method ":" digest-uri-value ":" H(entity-body)
132 -- request-digest = HEX(KD(HEX(H(A1)),
133 -- unq(nonce-value) ":" nc-value ":" unq(cnonce-value) ":" unq(qop-value) ":" HEX(H(A2))))
135 -- request-digest = HEX(KD(HEX(H(A1)), unq(nonce-value) ":" HEX(H(A2))))
139 -- SS = H( { unq(username-value), ":", unq(realm-value), ":", password } )
140 -- A1 = { SS, ":", unq(nonce-value), ":", unq(cnonce-value) }
141 -- A1 = { SS, ":", unq(nonce-value), ":", unq(cnonce-value), ":", unq(authzid-value) }
143 -- A2 = "AUTHENTICATE:", ":", digest-uri-value
144 -- qop == auth-int,auth-conf
145 -- A2 = "AUTHENTICATE:", ":", digest-uri-value, ":00000000000000000000000000000000"
147 -- response-value = HEX( KD ( HEX(H(A1)),
148 -- { unq(nonce-value), ":" nc-value, ":",
149 -- unq(cnonce-value), ":", qop-value, ":",