oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

cleanup formatting

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@3991 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
1997-11-12 16:27:41 +00:00
parent 41209781ec
commit b6e700d75e
1 changed files with 241 additions and 249 deletions
Download Patch File Download Diff File Expand all files Collapse all files

490
lib/asn1/k5.asn1
View File

@@ -8,327 +8,319 @@ nt-srv-hst INTEGER ::= 3 -- Service with host name as instance
nt-srv-xhst INTEGER ::= 4 -- Service with host as remaining components nt-srv-xhst INTEGER ::= 4 -- Service with host as remaining components
nt-uid INTEGER ::= 5 -- Unique ID nt-uid INTEGER ::= 5 -- Unique ID
Realm ::= GeneralString
Realm ::= GeneralString PrincipalName ::= SEQUENCE {
PrincipalName ::= SEQUENCE { name-type[0] INTEGER,
name-type[0] INTEGER, name-string[1] SEQUENCE OF GeneralString
name-string[1] SEQUENCE OF GeneralString
} }
-- this is not part of RFC1510 -- this is not part of RFC1510
Principal ::= SEQUENCE { Principal ::= SEQUENCE {
name[0] PrincipalName, name[0] PrincipalName,
realm[1] Realm realm[1] Realm
} }
HostAddress ::= SEQUENCE { HostAddress ::= SEQUENCE {
addr-type[0] INTEGER, addr-type[0] INTEGER,
address[1] OCTET STRING address[1] OCTET STRING
} }
-- This is from RFC1510. -- This is from RFC1510.
-- --
-- HostAddresses ::= SEQUENCE OF SEQUENCE { -- HostAddresses ::= SEQUENCE OF SEQUENCE {
-- addr-type[0] INTEGER, -- addr-type[0] INTEGER,
-- address[1] OCTET STRING -- address[1] OCTET STRING
-- } -- }
-- This seems much better. -- This seems much better.
HostAddresses ::= SEQUENCE OF HostAddress HostAddresses ::= SEQUENCE OF HostAddress
KerberosTime ::= GeneralizedTime -- Specifying UTC time zone (Z) KerberosTime ::= GeneralizedTime -- Specifying UTC time zone (Z)
AuthorizationData ::= SEQUENCE OF SEQUENCE { AuthorizationData ::= SEQUENCE OF SEQUENCE {
ad-type[0] INTEGER, ad-type[0] INTEGER,
ad-data[1] OCTET STRING ad-data[1] OCTET STRING
} }
APOptions ::= BIT STRING { APOptions ::= BIT STRING {
reserved(0), reserved(0),
use-session-key(1), use-session-key(1),
mutual-required(2) mutual-required(2)
}
TicketFlags ::= BIT STRING {
reserved(0),
forwardable(1),
forwarded(2),
proxiable(3),
proxy(4),
may-postdate(5),
postdated(6),
invalid(7),
renewable(8),
initial(9),
pre-authent(10),
hw-authent(11),
transited-policy-checked(12),
ok-as-delegate(13),
anonymous(14)
}
KDCOptions ::= BIT STRING {
reserved(0),
forwardable(1),
forwarded(2),
proxiable(3),
proxy(4),
allow-postdate(5),
postdated(6),
unused7(7),
renewable(8),
unused9(9),
unused10(10),
unused11(11),
request-anonymous(14),
disable-transited-check(26),
renewable-ok(27),
enc-tkt-in-skey(28),
renew(30),
validate(31)
} }
TicketFlags ::= BIT STRING { LastReq ::= SEQUENCE OF SEQUENCE {
reserved(0), lr-type[0] INTEGER,
forwardable(1), lr-value[1] KerberosTime
forwarded(2),
proxiable(3),
proxy(4),
may-postdate(5),
postdated(6),
invalid(7),
renewable(8),
initial(9),
pre-authent(10),
hw-authent(11),
transited-policy-checked(12),
ok-as-delegate(13),
anonymous(14)
} }
KDCOptions ::= BIT STRING { EncryptedData ::= SEQUENCE {
reserved(0), etype[0] INTEGER, -- EncryptionType
forwardable(1), kvno[1] INTEGER OPTIONAL,
forwarded(2), cipher[2] OCTET STRING -- ciphertext
proxiable(3),
proxy(4),
allow-postdate(5),
postdated(6),
unused7(7),
renewable(8),
unused9(9),
unused10(10),
unused11(11),
request-version4(13), -- non-standard
request-anonymous(14),
disable-transited-check(26),
renewable-ok(27),
enc-tkt-in-skey(28),
renew(30),
validate(31)
} }
EncryptionKey ::= SEQUENCE {
LastReq ::= SEQUENCE OF SEQUENCE { keytype[0] INTEGER,
lr-type[0] INTEGER, keyvalue[1] OCTET STRING
lr-value[1] KerberosTime
}
EncryptedData ::= SEQUENCE {
etype[0] INTEGER, -- EncryptionType
kvno[1] INTEGER OPTIONAL,
cipher[2] OCTET STRING -- ciphertext
}
EncryptionKey ::= SEQUENCE {
keytype[0] INTEGER,
keyvalue[1] OCTET STRING
} }
-- encoded Transited field -- encoded Transited field
TransitedEncoding ::= SEQUENCE { TransitedEncoding ::= SEQUENCE {
tr-type[0] INTEGER, -- must be registered tr-type[0] INTEGER, -- must be registered
contents[1] OCTET STRING contents[1] OCTET STRING
} }
Ticket ::= [APPLICATION 1] SEQUENCE { Ticket ::= [APPLICATION 1] SEQUENCE {
tkt-vno[0] INTEGER, tkt-vno[0] INTEGER,
realm[1] Realm, realm[1] Realm,
sname[2] PrincipalName, sname[2] PrincipalName,
enc-part[3] EncryptedData enc-part[3] EncryptedData
} }
-- Encrypted part of ticket -- Encrypted part of ticket
EncTicketPart ::= [APPLICATION 3] SEQUENCE { EncTicketPart ::= [APPLICATION 3] SEQUENCE {
flags[0] TicketFlags, flags[0] TicketFlags,
key[1] EncryptionKey, key[1] EncryptionKey,
crealm[2] Realm, crealm[2] Realm,
cname[3] PrincipalName, cname[3] PrincipalName,
transited[4] TransitedEncoding, transited[4] TransitedEncoding,
authtime[5] KerberosTime, authtime[5] KerberosTime,
starttime[6] KerberosTime OPTIONAL, starttime[6] KerberosTime OPTIONAL,
endtime[7] KerberosTime, endtime[7] KerberosTime,
renew-till[8] KerberosTime OPTIONAL, renew-till[8] KerberosTime OPTIONAL,
caddr[9] HostAddresses OPTIONAL, caddr[9] HostAddresses OPTIONAL,
authorization-data[10] AuthorizationData OPTIONAL authorization-data[10] AuthorizationData OPTIONAL
} }
Checksum ::= SEQUENCE { Checksum ::= SEQUENCE {
cksumtype[0] INTEGER, cksumtype[0] INTEGER,
checksum[1] OCTET STRING checksum[1] OCTET STRING
} }
Authenticator ::= [APPLICATION 2] SEQUENCE { Authenticator ::= [APPLICATION 2] SEQUENCE {
authenticator-vno[0] INTEGER, authenticator-vno[0] INTEGER,
crealm[1] Realm, crealm[1] Realm,
cname[2] PrincipalName, cname[2] PrincipalName,
cksum[3] Checksum OPTIONAL, cksum[3] Checksum OPTIONAL,
cusec[4] INTEGER, cusec[4] INTEGER,
ctime[5] KerberosTime, ctime[5] KerberosTime,
subkey[6] EncryptionKey OPTIONAL, subkey[6] EncryptionKey OPTIONAL,
seq-number[7] INTEGER OPTIONAL, seq-number[7] INTEGER OPTIONAL,
authorization-data[8] AuthorizationData OPTIONAL authorization-data[8] AuthorizationData OPTIONAL
} }
PA-DATA ::= SEQUENCE { PA-DATA ::= SEQUENCE {
padata-type[1] INTEGER, -- might be encoded AP-REQ
padata-value[2] OCTET STRING padata-type[1] INTEGER,
-- , padata-value[2] OCTET STRING
-- might be encoded AP-REQ
} }
METHOD-DATA ::= SEQUENCE OF PA-DATA METHOD-DATA ::= SEQUENCE OF PA-DATA
KDC-REQ-BODY ::= SEQUENCE { KDC-REQ-BODY ::= SEQUENCE {
kdc-options[0] KDCOptions, kdc-options[0] KDCOptions,
cname[1] PrincipalName OPTIONAL, cname[1] PrincipalName OPTIONAL, -- Used only in AS-REQ
-- Used only in AS-REQ realm[2] Realm, -- Server's realm
realm[2] Realm, -- Server's realm -- Also client's in AS-REQ
-- Also client's in AS-REQ sname[3] PrincipalName OPTIONAL,
sname[3] PrincipalName OPTIONAL, from[4] KerberosTime OPTIONAL,
from[4] KerberosTime OPTIONAL, till[5] KerberosTime OPTIONAL,
till[5] KerberosTime OPTIONAL, rtime[6] KerberosTime OPTIONAL,
rtime[6] KerberosTime OPTIONAL, nonce[7] INTEGER,
nonce[7] INTEGER, etype[8] SEQUENCE OF INTEGER, -- EncryptionType,
etype[8] SEQUENCE OF INTEGER, -- EncryptionType, -- in preference order
-- in preference order addresses[9] HostAddresses OPTIONAL,
addresses[9] HostAddresses OPTIONAL, enc-authorization-data[10] EncryptedData OPTIONAL,
enc-authorization-data[10] EncryptedData OPTIONAL, -- Encrypted AuthorizationData encoding
-- Encrypted AuthorizationData encoding additional-tickets[11] SEQUENCE OF Ticket OPTIONAL
additional-tickets[11] SEQUENCE OF Ticket OPTIONAL
} }
KDC-REQ ::= SEQUENCE { KDC-REQ ::= SEQUENCE {
pvno[1] INTEGER, pvno[1] INTEGER,
msg-type[2] INTEGER, msg-type[2] INTEGER,
padata[3] METHOD-DATA OPTIONAL, padata[3] METHOD-DATA OPTIONAL,
req-body[4] KDC-REQ-BODY req-body[4] KDC-REQ-BODY
} }
AS-REQ ::= [APPLICATION 10] KDC-REQ AS-REQ ::= [APPLICATION 10] KDC-REQ
TGS-REQ ::= [APPLICATION 12] KDC-REQ TGS-REQ ::= [APPLICATION 12] KDC-REQ
-- padata-type ::= PA-ENC-TIMESTAMP -- padata-type ::= PA-ENC-TIMESTAMP
-- padata-value ::= EncryptedData - PA-ENC-TS-ENC -- padata-value ::= EncryptedData - PA-ENC-TS-ENC
PA-ENC-TS-ENC ::= SEQUENCE { PA-ENC-TS-ENC ::= SEQUENCE {
patimestamp[0] KerberosTime, -- client's time patimestamp[0] KerberosTime, -- client's time
pausec[1] INTEGER OPTIONAL pausec[1] INTEGER OPTIONAL
} }
KDC-REP ::= SEQUENCE { KDC-REP ::= SEQUENCE {
pvno[0] INTEGER, pvno[0] INTEGER,
msg-type[1] INTEGER, msg-type[1] INTEGER,
padata[2] METHOD-DATA OPTIONAL, padata[2] METHOD-DATA OPTIONAL,
crealm[3] Realm, crealm[3] Realm,
cname[4] PrincipalName, cname[4] PrincipalName,
ticket[5] Ticket, ticket[5] Ticket,
enc-part[6] EncryptedData enc-part[6] EncryptedData
} }
AS-REP ::= [APPLICATION 11] KDC-REP AS-REP ::= [APPLICATION 11] KDC-REP
TGS-REP ::= [APPLICATION 13] KDC-REP TGS-REP ::= [APPLICATION 13] KDC-REP
EncKDCRepPart ::= SEQUENCE { EncKDCRepPart ::= SEQUENCE {
key[0] EncryptionKey, key[0] EncryptionKey,
last-req[1] LastReq, last-req[1] LastReq,
nonce[2] INTEGER, nonce[2] INTEGER,
key-expiration[3] KerberosTime OPTIONAL, key-expiration[3] KerberosTime OPTIONAL,
flags[4] TicketFlags, flags[4] TicketFlags,
authtime[5] KerberosTime, authtime[5] KerberosTime,
starttime[6] KerberosTime OPTIONAL, starttime[6] KerberosTime OPTIONAL,
endtime[7] KerberosTime, endtime[7] KerberosTime,
renew-till[8] KerberosTime OPTIONAL, renew-till[8] KerberosTime OPTIONAL,
srealm[9] Realm, srealm[9] Realm,
sname[10] PrincipalName, sname[10] PrincipalName,
caddr[11] HostAddresses OPTIONAL caddr[11] HostAddresses OPTIONAL
} }
EncASRepPart ::= [APPLICATION 25] EncKDCRepPart EncASRepPart ::= [APPLICATION 25] EncKDCRepPart
EncTGSRepPart ::= [APPLICATION 26] EncKDCRepPart EncTGSRepPart ::= [APPLICATION 26] EncKDCRepPart
AP-REQ ::= [APPLICATION 14] SEQUENCE { AP-REQ ::= [APPLICATION 14] SEQUENCE {
pvno[0] INTEGER, pvno[0] INTEGER,
msg-type[1] INTEGER, msg-type[1] INTEGER,
ap-options[2] APOptions, ap-options[2] APOptions,
ticket[3] Ticket, ticket[3] Ticket,
authenticator[4] EncryptedData authenticator[4] EncryptedData
} }
AP-REP ::= [APPLICATION 15] SEQUENCE {
AP-REP ::= [APPLICATION 15] SEQUENCE { pvno[0] INTEGER,
pvno[0] INTEGER, msg-type[1] INTEGER,
msg-type[1] INTEGER, enc-part[2] EncryptedData
enc-part[2] EncryptedData
} }
EncAPRepPart ::= [APPLICATION 27] SEQUENCE { EncAPRepPart ::= [APPLICATION 27] SEQUENCE {
ctime[0] KerberosTime, ctime[0] KerberosTime,
cusec[1] INTEGER, cusec[1] INTEGER,
subkey[2] EncryptionKey OPTIONAL, subkey[2] EncryptionKey OPTIONAL,
seq-number[3] INTEGER OPTIONAL seq-number[3] INTEGER OPTIONAL
} }
KRB-SAFE-BODY ::= SEQUENCE { KRB-SAFE-BODY ::= SEQUENCE {
user-data[0] OCTET STRING, user-data[0] OCTET STRING,
timestamp[1] KerberosTime OPTIONAL, timestamp[1] KerberosTime OPTIONAL,
usec[2] INTEGER OPTIONAL, usec[2] INTEGER OPTIONAL,
seq-number[3] INTEGER OPTIONAL, seq-number[3] INTEGER OPTIONAL,
s-address[4] HostAddress OPTIONAL, s-address[4] HostAddress OPTIONAL,
r-address[5] HostAddress OPTIONAL r-address[5] HostAddress OPTIONAL
} }
KRB-SAFE ::= [APPLICATION 20] SEQUENCE { KRB-SAFE ::= [APPLICATION 20] SEQUENCE {
pvno[0] INTEGER, pvno[0] INTEGER,
msg-type[1] INTEGER, msg-type[1] INTEGER,
safe-body[2] KRB-SAFE-BODY, safe-body[2] KRB-SAFE-BODY,
cksum[3] Checksum cksum[3] Checksum
} }
KRB-PRIV ::= [APPLICATION 21] SEQUENCE { KRB-PRIV ::= [APPLICATION 21] SEQUENCE {
pvno[0] INTEGER, pvno[0] INTEGER,
msg-type[1] INTEGER, msg-type[1] INTEGER,
enc-part[3] EncryptedData enc-part[3] EncryptedData
} }
EncKrbPrivPart ::= [APPLICATION 28] SEQUENCE { EncKrbPrivPart ::= [APPLICATION 28] SEQUENCE {
user-data[0] OCTET STRING, user-data[0] OCTET STRING,
timestamp[1] KerberosTime OPTIONAL, timestamp[1] KerberosTime OPTIONAL,
usec[2] INTEGER OPTIONAL, usec[2] INTEGER OPTIONAL,
seq-number[3] INTEGER OPTIONAL, seq-number[3] INTEGER OPTIONAL,
s-address[4] HostAddress OPTIONAL, -- sender's addr s-address[4] HostAddress OPTIONAL, -- sender's addr
r-address[5] HostAddress OPTIONAL r-address[5] HostAddress OPTIONAL -- recip's addr
-- recip's addr
} }
KRB-CRED ::= [APPLICATION 22] SEQUENCE { KRB-CRED ::= [APPLICATION 22] SEQUENCE {
pvno[0] INTEGER, pvno[0] INTEGER,
msg-type[1] INTEGER, -- KRB_CRED msg-type[1] INTEGER, -- KRB_CRED
tickets[2] SEQUENCE OF Ticket, tickets[2] SEQUENCE OF Ticket,
enc-part[3] EncryptedData enc-part[3] EncryptedData
} }
KrbCredInfo ::= SEQUENCE { KrbCredInfo ::= SEQUENCE {
key[0] EncryptionKey, key[0] EncryptionKey,
prealm[1] Realm OPTIONAL, prealm[1] Realm OPTIONAL,
pname[2] PrincipalName OPTIONAL, pname[2] PrincipalName OPTIONAL,
flags[3] TicketFlags OPTIONAL, flags[3] TicketFlags OPTIONAL,
authtime[4] KerberosTime OPTIONAL, authtime[4] KerberosTime OPTIONAL,
starttime[5] KerberosTime OPTIONAL, starttime[5] KerberosTime OPTIONAL,
endtime[6] KerberosTime OPTIONAL, endtime[6] KerberosTime OPTIONAL,
renew-till[7] KerberosTime OPTIONAL, renew-till[7] KerberosTime OPTIONAL,
srealm[8] Realm OPTIONAL, srealm[8] Realm OPTIONAL,
sname[9] PrincipalName OPTIONAL, sname[9] PrincipalName OPTIONAL,
caddr[10] HostAddresses OPTIONAL caddr[10] HostAddresses OPTIONAL
} }
EncKrbCredPart ::= [APPLICATION 29] SEQUENCE { EncKrbCredPart ::= [APPLICATION 29] SEQUENCE {
ticket-info[0] SEQUENCE OF KrbCredInfo, ticket-info[0] SEQUENCE OF KrbCredInfo,
nonce[1] INTEGER OPTIONAL, nonce[1] INTEGER OPTIONAL,
timestamp[2] KerberosTime OPTIONAL, timestamp[2] KerberosTime OPTIONAL,
usec[3] INTEGER OPTIONAL, usec[3] INTEGER OPTIONAL,
s-address[4] HostAddress OPTIONAL, s-address[4] HostAddress OPTIONAL,
r-address[5] HostAddress OPTIONAL r-address[5] HostAddress OPTIONAL
} }
KRB-ERROR ::= [APPLICATION 30] SEQUENCE { KRB-ERROR ::= [APPLICATION 30] SEQUENCE {
pvno[0] INTEGER, pvno[0] INTEGER,
msg-type[1] INTEGER, msg-type[1] INTEGER,
ctime[2] KerberosTime OPTIONAL, ctime[2] KerberosTime OPTIONAL,
cusec[3] INTEGER OPTIONAL, cusec[3] INTEGER OPTIONAL,
stime[4] KerberosTime, stime[4] KerberosTime,
susec[5] INTEGER, susec[5] INTEGER,
error-code[6] INTEGER, error-code[6] INTEGER,
crealm[7] Realm OPTIONAL, crealm[7] Realm OPTIONAL,
cname[8] PrincipalName OPTIONAL, cname[8] PrincipalName OPTIONAL,
realm[9] Realm, -- Correct realm realm[9] Realm, -- Correct realm
sname[10] PrincipalName, -- Correct name sname[10] PrincipalName, -- Correct name
e-text[11] GeneralString OPTIONAL, e-text[11] GeneralString OPTIONAL,
e-data[12] OCTET STRING OPTIONAL e-data[12] OCTET STRING OPTIONAL
} }
pvno INTEGER ::= 5 -- current Kerberos protocol version number pvno INTEGER ::= 5 -- current Kerberos protocol version number
-- message types -- message types
@@ -366,12 +358,12 @@ pa-pk-key-rep INTEGER ::= 18 -- (pkinit)
-- checksumtypes -- checksumtypes
CRC32 INTEGER ::= 1 -- CRC32 INTEGER ::= 1 --
rsa-md4 INTEGER ::= 2 -- rsa-md4 INTEGER ::= 2 --
-- transited encodings -- transited encodings
DOMAIN-X500-COMPRESS INTEGER ::= 1 DOMAIN-X500-COMPRESS INTEGER ::= 1
END END