diff options
| author | Ken Hornstein <kenh@cmf.nrl.navy.mil> | 2002-10-24 06:49:59 +0000 |
|---|---|---|
| committer | Ken Hornstein <kenh@cmf.nrl.navy.mil> | 2002-10-24 06:49:59 +0000 |
| commit | 5ffe972e2c0e6c3748b6b6a33a4f5f68736a6dc7 (patch) | |
| tree | bea2ed9545782a2999e54a0da60d51c5741fa7c3 /src/lib/krb5/asn.1/KRB5-asn.py | |
| parent | a706a2d0d05ecea7a844db7d291493a5d282ed57 (diff) | |
| download | krb5-5ffe972e2c0e6c3748b6b6a33a4f5f68736a6dc7.zip krb5-5ffe972e2c0e6c3748b6b6a33a4f5f68736a6dc7.tar.gz krb5-5ffe972e2c0e6c3748b6b6a33a4f5f68736a6dc7.tar.bz2 | |
Client code lacks support for draft-ietf-krb-wg-kerberos-sam-01.txt
This widely-spread commit implements support for the so-called "new"
hardware preauth protocol, defined in the IETF internet-draft
draft-ietf-krb-wg-kerberos-sam-01.txt. Note that this code is client-side
only.
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14939 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5/asn.1/KRB5-asn.py')
| -rw-r--r-- | src/lib/krb5/asn.1/KRB5-asn.py | 45 |
1 files changed, 40 insertions, 5 deletions
diff --git a/src/lib/krb5/asn.1/KRB5-asn.py b/src/lib/krb5/asn.1/KRB5-asn.py index 365debc..867ac67 100644 --- a/src/lib/krb5/asn.1/KRB5-asn.py +++ b/src/lib/krb5/asn.1/KRB5-asn.py @@ -368,13 +368,32 @@ PA-SAM-CHALLENGE ::= SEQUENCE { sam-cksum[9] Checksum OPTIONAL } --- these are [0].. [2] in the draft -SAMFlags ::= BIT STRING { - use-sad-as-key(0), - send-encrypted-sad(1), - must-pk-encrypt-sad(2) +PA-SAM-CHALLENGE-2 ::= SEQUENCE { + sam-body[0] PA-SAM-CHALLENGE-2-BODY, + sam-cksum[1] SEQUENCE (1..MAX) OF Checksum, + ... +} + +PA-SAM-CHALLENGE-2-BODY ::= SEQUENCE { + sam-type[0] INTEGER, + sam-flags[1] SAMFlags, + sam-type-name[2] GeneralString OPTIONAL, + sam-track-id[3] GeneralString OPTIONAL, + sam-challenge-label[4] GeneralString OPTIONAL, + sam-challenge[5] GeneralString OPTIONAL, + sam-response-prompt[6] GeneralString OPTIONAL, + sam-pk-for-sad[7] EncryptionKey OPTIONAL, + sam-nonce[8] INTEGER, + sam-etype[9] INTEGER, + ... } +-- these are [0].. [2] in the draft +SAMFlags ::= BIT STRING (SIZE (32..MAX)) + -- use-sad-as-key(0) + -- send-encrypted-sad(1) + -- must-pk-encrypt-sad(2) + PA-SAM-RESPONSE ::= SEQUENCE { sam-type[0] INTEGER, sam-flags[1] SAMFlags, @@ -388,6 +407,16 @@ PA-SAM-RESPONSE ::= SEQUENCE { sam-patimestamp[6] KerberosTime OPTIONAL } +PA-SAM-RESPONSE-2 ::= SEQUENCE { + sam-type[0] INTEGER, + sam-flags[1] SAMFlags, + sam-track-id[2] GeneralString OPTIONAL, + sam-enc-nonce-or-sad[3] EncryptedData, + -- PA-ENC-SAM-RESPONSE-ENC + sam-nonce[4] INTEGER, + ... +} + PA-ENC-SAM-KEY ::= SEQUENCE { sam-key[0] EncryptionKey } @@ -398,4 +427,10 @@ PA-ENC-SAM-RESPONSE-ENC ::= SEQUENCE { sam-usec[2] INTEGER OPTIONAL, sam-passcode[3] GeneralString OPTIONAL } + +PA-ENC-SAM-RESPONSE-ENC-2 ::= SEQUENCE { + sam-nonce[0] INTEGER, + sam-sad[1] GeneralString OPTIONAL, + ... +} END |