summaryrefslogtreecommitdiff
path: root/crypto/heimdal/lib/asn1/k5.asn1
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/lib/asn1/k5.asn1')
-rw-r--r--crypto/heimdal/lib/asn1/k5.asn1385
1 files changed, 0 insertions, 385 deletions
diff --git a/crypto/heimdal/lib/asn1/k5.asn1 b/crypto/heimdal/lib/asn1/k5.asn1
deleted file mode 100644
index a7f41992280a4..0000000000000
--- a/crypto/heimdal/lib/asn1/k5.asn1
+++ /dev/null
@@ -1,385 +0,0 @@
-KERBEROS5 DEFINITIONS ::=
-BEGIN
-
-nt-unknown INTEGER ::= 0 -- Name type not known
-nt-principal INTEGER ::= 1 -- Just the name of the principal as in
-nt-srv-inst INTEGER ::= 2 -- Service and other unique instance (krbtgt)
-nt-srv-hst INTEGER ::= 3 -- Service with host name as instance
-nt-srv-xhst INTEGER ::= 4 -- Service with host as remaining components
-nt-uid INTEGER ::= 5 -- Unique ID
-
-Realm ::= GeneralString
-PrincipalName ::= SEQUENCE {
- name-type[0] INTEGER,
- name-string[1] SEQUENCE OF GeneralString
-}
-
--- this is not part of RFC1510
-Principal ::= SEQUENCE {
- name[0] PrincipalName,
- realm[1] Realm
-}
-
-HostAddress ::= SEQUENCE {
- addr-type[0] INTEGER,
- address[1] OCTET STRING
-}
-
--- This is from RFC1510.
---
--- HostAddresses ::= SEQUENCE OF SEQUENCE {
--- addr-type[0] INTEGER,
--- address[1] OCTET STRING
--- }
-
--- This seems much better.
-HostAddresses ::= SEQUENCE OF HostAddress
-
-
-KerberosTime ::= GeneralizedTime -- Specifying UTC time zone (Z)
-
-AuthorizationData ::= SEQUENCE OF SEQUENCE {
- ad-type[0] INTEGER,
- ad-data[1] OCTET STRING
-}
-
-APOptions ::= BIT STRING {
- reserved(0),
- use-session-key(1),
- mutual-required(2)
-}
-
-TicketFlags ::= BIT STRING {
- reserved(0),
- forwardable(1),
- forwarded(2),
- proxiable(3),
- proxy(4),
- may-postdate(5),
- postdated(6),
- invalid(7),
- renewable(8),
- initial(9),
- pre-authent(10),
- hw-authent(11),
- transited-policy-checked(12),
- ok-as-delegate(13),
- anonymous(14)
-}
-
-KDCOptions ::= BIT STRING {
- reserved(0),
- forwardable(1),
- forwarded(2),
- proxiable(3),
- proxy(4),
- allow-postdate(5),
- postdated(6),
- unused7(7),
- renewable(8),
- unused9(9),
- unused10(10),
- unused11(11),
- request-anonymous(14),
- disable-transited-check(26),
- renewable-ok(27),
- enc-tkt-in-skey(28),
- renew(30),
- validate(31)
-}
-
-
-LastReq ::= SEQUENCE OF SEQUENCE {
- lr-type[0] INTEGER,
- lr-value[1] KerberosTime
-}
-
-EncryptedData ::= SEQUENCE {
- etype[0] INTEGER, -- EncryptionType
- kvno[1] INTEGER OPTIONAL,
- cipher[2] OCTET STRING -- ciphertext
-}
-
-EncryptionKey ::= SEQUENCE {
- keytype[0] INTEGER,
- keyvalue[1] OCTET STRING
-}
-
--- encoded Transited field
-TransitedEncoding ::= SEQUENCE {
- tr-type[0] INTEGER, -- must be registered
- contents[1] OCTET STRING
-}
-
-Ticket ::= [APPLICATION 1] SEQUENCE {
- tkt-vno[0] INTEGER,
- realm[1] Realm,
- sname[2] PrincipalName,
- enc-part[3] EncryptedData
-}
--- Encrypted part of ticket
-EncTicketPart ::= [APPLICATION 3] SEQUENCE {
- flags[0] TicketFlags,
- key[1] EncryptionKey,
- crealm[2] Realm,
- cname[3] PrincipalName,
- transited[4] TransitedEncoding,
- authtime[5] KerberosTime,
- starttime[6] KerberosTime OPTIONAL,
- endtime[7] KerberosTime,
- renew-till[8] KerberosTime OPTIONAL,
- caddr[9] HostAddresses OPTIONAL,
- authorization-data[10] AuthorizationData OPTIONAL
-}
-
-Checksum ::= SEQUENCE {
- cksumtype[0] INTEGER,
- checksum[1] OCTET STRING
-}
-
-Authenticator ::= [APPLICATION 2] SEQUENCE {
- authenticator-vno[0] INTEGER,
- crealm[1] Realm,
- cname[2] PrincipalName,
- cksum[3] Checksum OPTIONAL,
- cusec[4] INTEGER,
- ctime[5] KerberosTime,
- subkey[6] EncryptionKey OPTIONAL,
- seq-number[7] INTEGER OPTIONAL,
- authorization-data[8] AuthorizationData OPTIONAL
- }
-
-PA-DATA ::= SEQUENCE {
- -- might be encoded AP-REQ
- padata-type[1] INTEGER,
- padata-value[2] OCTET STRING
-}
-
-ETYPE-INFO-ENTRY ::= SEQUENCE {
- etype[0] INTEGER,
- salt[1] OCTET STRING OPTIONAL,
- salttype[2] INTEGER OPTIONAL
-}
-
-ETYPE-INFO ::= SEQUENCE OF ETYPE-INFO-ENTRY
-
-METHOD-DATA ::= SEQUENCE OF PA-DATA
-
-KDC-REQ-BODY ::= SEQUENCE {
- kdc-options[0] KDCOptions,
- cname[1] PrincipalName OPTIONAL, -- Used only in AS-REQ
- realm[2] Realm, -- Server's realm
- -- Also client's in AS-REQ
- sname[3] PrincipalName OPTIONAL,
- from[4] KerberosTime OPTIONAL,
- till[5] KerberosTime OPTIONAL,
- rtime[6] KerberosTime OPTIONAL,
- nonce[7] INTEGER,
- etype[8] SEQUENCE OF INTEGER, -- EncryptionType,
- -- in preference order
- addresses[9] HostAddresses OPTIONAL,
- enc-authorization-data[10] EncryptedData OPTIONAL,
- -- Encrypted AuthorizationData encoding
- additional-tickets[11] SEQUENCE OF Ticket OPTIONAL
-}
-
-KDC-REQ ::= SEQUENCE {
- pvno[1] INTEGER,
- msg-type[2] INTEGER,
- padata[3] METHOD-DATA OPTIONAL,
- req-body[4] KDC-REQ-BODY
-}
-
-AS-REQ ::= [APPLICATION 10] KDC-REQ
-TGS-REQ ::= [APPLICATION 12] KDC-REQ
-
--- padata-type ::= PA-ENC-TIMESTAMP
--- padata-value ::= EncryptedData - PA-ENC-TS-ENC
-
-PA-ENC-TS-ENC ::= SEQUENCE {
- patimestamp[0] KerberosTime, -- client's time
- pausec[1] INTEGER OPTIONAL
-}
-
-KDC-REP ::= SEQUENCE {
- pvno[0] INTEGER,
- msg-type[1] INTEGER,
- padata[2] METHOD-DATA OPTIONAL,
- crealm[3] Realm,
- cname[4] PrincipalName,
- ticket[5] Ticket,
- enc-part[6] EncryptedData
-}
-
-AS-REP ::= [APPLICATION 11] KDC-REP
-TGS-REP ::= [APPLICATION 13] KDC-REP
-
-EncKDCRepPart ::= SEQUENCE {
- key[0] EncryptionKey,
- last-req[1] LastReq,
- nonce[2] INTEGER,
- key-expiration[3] KerberosTime OPTIONAL,
- flags[4] TicketFlags,
- authtime[5] KerberosTime,
- starttime[6] KerberosTime OPTIONAL,
- endtime[7] KerberosTime,
- renew-till[8] KerberosTime OPTIONAL,
- srealm[9] Realm,
- sname[10] PrincipalName,
- caddr[11] HostAddresses OPTIONAL
-}
-
-EncASRepPart ::= [APPLICATION 25] EncKDCRepPart
-EncTGSRepPart ::= [APPLICATION 26] EncKDCRepPart
-
-AP-REQ ::= [APPLICATION 14] SEQUENCE {
- pvno[0] INTEGER,
- msg-type[1] INTEGER,
- ap-options[2] APOptions,
- ticket[3] Ticket,
- authenticator[4] EncryptedData
-}
-
-AP-REP ::= [APPLICATION 15] SEQUENCE {
- pvno[0] INTEGER,
- msg-type[1] INTEGER,
- enc-part[2] EncryptedData
-}
-
-EncAPRepPart ::= [APPLICATION 27] SEQUENCE {
- ctime[0] KerberosTime,
- cusec[1] INTEGER,
- subkey[2] EncryptionKey OPTIONAL,
- seq-number[3] INTEGER OPTIONAL
-}
-
-KRB-SAFE-BODY ::= SEQUENCE {
- user-data[0] OCTET STRING,
- timestamp[1] KerberosTime OPTIONAL,
- usec[2] INTEGER OPTIONAL,
- seq-number[3] INTEGER OPTIONAL,
- s-address[4] HostAddress OPTIONAL,
- r-address[5] HostAddress OPTIONAL
-}
-
-KRB-SAFE ::= [APPLICATION 20] SEQUENCE {
- pvno[0] INTEGER,
- msg-type[1] INTEGER,
- safe-body[2] KRB-SAFE-BODY,
- cksum[3] Checksum
-}
-
-KRB-PRIV ::= [APPLICATION 21] SEQUENCE {
- pvno[0] INTEGER,
- msg-type[1] INTEGER,
- enc-part[3] EncryptedData
-}
-EncKrbPrivPart ::= [APPLICATION 28] SEQUENCE {
- user-data[0] OCTET STRING,
- timestamp[1] KerberosTime OPTIONAL,
- usec[2] INTEGER OPTIONAL,
- seq-number[3] INTEGER OPTIONAL,
- s-address[4] HostAddress OPTIONAL, -- sender's addr
- r-address[5] HostAddress OPTIONAL -- recip's addr
-}
-
-KRB-CRED ::= [APPLICATION 22] SEQUENCE {
- pvno[0] INTEGER,
- msg-type[1] INTEGER, -- KRB_CRED
- tickets[2] SEQUENCE OF Ticket,
- enc-part[3] EncryptedData
-}
-
-KrbCredInfo ::= SEQUENCE {
- key[0] EncryptionKey,
- prealm[1] Realm OPTIONAL,
- pname[2] PrincipalName OPTIONAL,
- flags[3] TicketFlags OPTIONAL,
- authtime[4] KerberosTime OPTIONAL,
- starttime[5] KerberosTime OPTIONAL,
- endtime[6] KerberosTime OPTIONAL,
- renew-till[7] KerberosTime OPTIONAL,
- srealm[8] Realm OPTIONAL,
- sname[9] PrincipalName OPTIONAL,
- caddr[10] HostAddresses OPTIONAL
-}
-
-EncKrbCredPart ::= [APPLICATION 29] SEQUENCE {
- ticket-info[0] SEQUENCE OF KrbCredInfo,
- nonce[1] INTEGER OPTIONAL,
- timestamp[2] KerberosTime OPTIONAL,
- usec[3] INTEGER OPTIONAL,
- s-address[4] HostAddress OPTIONAL,
- r-address[5] HostAddress OPTIONAL
-}
-
-KRB-ERROR ::= [APPLICATION 30] SEQUENCE {
- pvno[0] INTEGER,
- msg-type[1] INTEGER,
- ctime[2] KerberosTime OPTIONAL,
- cusec[3] INTEGER OPTIONAL,
- stime[4] KerberosTime,
- susec[5] INTEGER,
- error-code[6] INTEGER,
- crealm[7] Realm OPTIONAL,
- cname[8] PrincipalName OPTIONAL,
- realm[9] Realm, -- Correct realm
- sname[10] PrincipalName, -- Correct name
- e-text[11] GeneralString OPTIONAL,
- e-data[12] OCTET STRING OPTIONAL
-}
-
-pvno INTEGER ::= 5 -- current Kerberos protocol version number
-
--- message types
-
-krb-as-req INTEGER ::= 10 -- Request for initial authentication
-krb-as-rep INTEGER ::= 11 -- Response to KRB_AS_REQ request
-krb-tgs-req INTEGER ::= 12 -- Request for authentication based on TGT
-krb-tgs-rep INTEGER ::= 13 -- Response to KRB_TGS_REQ request
-krb-ap-req INTEGER ::= 14 -- application request to server
-krb-ap-rep INTEGER ::= 15 -- Response to KRB_AP_REQ_MUTUAL
-krb-safe INTEGER ::= 20 -- Safe (checksummed) application message
-krb-priv INTEGER ::= 21 -- Private (encrypted) application message
-krb-cred INTEGER ::= 22 -- Private (encrypted) message to forward credentials
-krb-error INTEGER ::= 30 -- Error response
-
--- pa-data types
-
-pa-tgs-req INTEGER ::= 1
-pa-enc-timestamp INTEGER ::= 2
-pa-pw-salt INTEGER ::= 3
-pa-enc-unix-time INTEGER ::= 5
-pa-sandia-secureid INTEGER ::= 6
-pa-sesame INTEGER ::= 7
-pa-osf-dce INTEGER ::= 8
-pa-cybersafe-secureid INTEGER ::= 9
-pa-afs3-salt INTEGER ::= 10
-pa-etype-info INTEGER ::= 11
-sam-challenge INTEGER ::= 12 -- (sam/otp)
-sam-response INTEGER ::= 13 -- (sam/otp)
-pa-pk-as-req INTEGER ::= 14 -- (pkinit)
-pa-pk-as-rep INTEGER ::= 15 -- (pkinit)
-pa-pk-as-sign INTEGER ::= 16 -- (pkinit)
-pa-pk-key-req INTEGER ::= 17 -- (pkinit)
-pa-pk-key-rep INTEGER ::= 18 -- (pkinit)
--- checksumtypes
-
-CRC32 INTEGER ::= 1
-rsa-md4 INTEGER ::= 2
-rsa-md4-des INTEGER ::= 3
-des-mac INTEGER ::= 4
-des-mac-k INTEGER ::= 5
-rsa-md4-des-k INTEGER ::= 6
-rsa-md5 INTEGER ::= 7
-rsa-md5-des INTEGER ::= 8
-rsa-md5-des3 INTEGER ::= 9
-hmac-sha1-des3 INTEGER ::= 12
-
--- transited encodings
-
-DOMAIN-X500-COMPRESS INTEGER ::= 1
-
-END
-
--- etags -r '/\([A-Za-z][-A-Za-z0-9]*\).*::=/\1/' k5.asn1
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-02 13:33:53 +0000