|
Packit |
fd8b60 |
OTPKerberos
|
|
Packit |
fd8b60 |
DEFINITIONS IMPLICIT TAGS ::=
|
|
Packit |
fd8b60 |
BEGIN
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
IMPORTS
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
KerberosTime, KerberosFlags, EncryptionKey, Int32,
|
|
Packit |
fd8b60 |
EncryptedData, LastReq, KerberosString
|
|
Packit |
fd8b60 |
FROM KerberosV5Spec2 {iso(1) identified-organization(3)
|
|
Packit |
fd8b60 |
dod(6) internet(1) security(5)
|
|
Packit |
fd8b60 |
kerberosV5(2) modules(4) krb5spec2(2)}
|
|
Packit |
fd8b60 |
-- as defined in RFC 4120.
|
|
Packit |
fd8b60 |
AlgorithmIdentifier
|
|
Packit |
fd8b60 |
FROM PKIX1Explicit88 { iso (1) identified-organization (3)
|
|
Packit |
fd8b60 |
dod (6) internet (1)
|
|
Packit |
fd8b60 |
security (5) mechanisms (5) pkix (7)
|
|
Packit |
fd8b60 |
id-mod (0) id-pkix1-explicit (18) };
|
|
Packit |
fd8b60 |
-- As defined in RFC 5280.
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
PA-OTP-CHALLENGE ::= SEQUENCE {
|
|
Packit |
fd8b60 |
nonce [0] OCTET STRING,
|
|
Packit |
fd8b60 |
otp-service [1] UTF8String OPTIONAL,
|
|
Packit |
fd8b60 |
otp-tokenInfo [2] SEQUENCE (SIZE(1..MAX)) OF
|
|
Packit |
fd8b60 |
OTP-TOKENINFO,
|
|
Packit |
fd8b60 |
salt [3] KerberosString OPTIONAL,
|
|
Packit |
fd8b60 |
s2kparams [4] OCTET STRING OPTIONAL,
|
|
Packit |
fd8b60 |
...
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
OTP-TOKENINFO ::= SEQUENCE {
|
|
Packit |
fd8b60 |
flags [0] OTPFlags,
|
|
Packit |
fd8b60 |
otp-vendor [1] UTF8String OPTIONAL,
|
|
Packit |
fd8b60 |
otp-challenge [2] OCTET STRING (SIZE(1..MAX))
|
|
Packit |
fd8b60 |
OPTIONAL,
|
|
Packit |
fd8b60 |
otp-length [3] Int32 OPTIONAL,
|
|
Packit |
fd8b60 |
otp-format [4] OTPFormat OPTIONAL,
|
|
Packit |
fd8b60 |
otp-tokenID [5] OCTET STRING OPTIONAL,
|
|
Packit |
fd8b60 |
otp-algID [6] AnyURI OPTIONAL,
|
|
Packit |
fd8b60 |
supportedHashAlg [7] SEQUENCE OF AlgorithmIdentifier
|
|
Packit |
fd8b60 |
OPTIONAL,
|
|
Packit |
fd8b60 |
iterationCount [8] Int32 OPTIONAL,
|
|
Packit |
fd8b60 |
...
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
OTPFormat ::= INTEGER {
|
|
Packit |
fd8b60 |
decimal(0),
|
|
Packit |
fd8b60 |
hexadecimal(1),
|
|
Packit |
fd8b60 |
alphanumeric(2),
|
|
Packit |
fd8b60 |
binary(3),
|
|
Packit |
fd8b60 |
base64(4)
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
OTPFlags ::= KerberosFlags
|
|
Packit |
fd8b60 |
-- reserved(0),
|
|
Packit |
fd8b60 |
-- nextOTP(1),
|
|
Packit |
fd8b60 |
-- combine(2),
|
|
Packit |
fd8b60 |
-- collect-pin(3),
|
|
Packit |
fd8b60 |
-- do-not-collect-pin(4),
|
|
Packit |
fd8b60 |
-- must-encrypt-nonce (5),
|
|
Packit |
fd8b60 |
-- separate-pin-required (6),
|
|
Packit |
fd8b60 |
-- check-digit (7)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
PA-OTP-REQUEST ::= SEQUENCE {
|
|
Packit |
fd8b60 |
flags [0] OTPFlags,
|
|
Packit |
fd8b60 |
nonce [1] OCTET STRING OPTIONAL,
|
|
Packit |
fd8b60 |
encData [2] EncryptedData,
|
|
Packit |
fd8b60 |
-- PA-OTP-ENC-REQUEST or PA-ENC-TS-ENC
|
|
Packit |
fd8b60 |
-- Key usage of KEY_USAGE_OTP_REQUEST
|
|
Packit |
fd8b60 |
hashAlg [3] AlgorithmIdentifier OPTIONAL,
|
|
Packit |
fd8b60 |
iterationCount [4] Int32 OPTIONAL,
|
|
Packit |
fd8b60 |
otp-value [5] OCTET STRING OPTIONAL,
|
|
Packit |
fd8b60 |
otp-pin [6] UTF8String OPTIONAL,
|
|
Packit |
fd8b60 |
otp-challenge [7] OCTET STRING (SIZE(1..MAX)) OPTIONAL,
|
|
Packit |
fd8b60 |
otp-time [8] KerberosTime OPTIONAL,
|
|
Packit |
fd8b60 |
otp-counter [9] OCTET STRING OPTIONAL,
|
|
Packit |
fd8b60 |
otp-format [10] OTPFormat OPTIONAL,
|
|
Packit |
fd8b60 |
otp-tokenID [11] OCTET STRING OPTIONAL,
|
|
Packit |
fd8b60 |
otp-algID [12] AnyURI OPTIONAL,
|
|
Packit |
fd8b60 |
otp-vendor [13] UTF8String OPTIONAL,
|
|
Packit |
fd8b60 |
...
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
PA-OTP-ENC-REQUEST ::= SEQUENCE {
|
|
Packit |
fd8b60 |
nonce [0] OCTET STRING,
|
|
Packit |
fd8b60 |
...
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
PA-OTP-PIN-CHANGE ::= SEQUENCE {
|
|
Packit |
fd8b60 |
flags [0] PinFlags,
|
|
Packit |
fd8b60 |
pin [1] UTF8String OPTIONAL,
|
|
Packit |
fd8b60 |
minLength [2] INTEGER OPTIONAL,
|
|
Packit |
fd8b60 |
maxLength [3] INTEGER OPTIONAL,
|
|
Packit |
fd8b60 |
last-req [4] LastReq OPTIONAL,
|
|
Packit |
fd8b60 |
format [5] OTPFormat OPTIONAL,
|
|
Packit |
fd8b60 |
...
|
|
Packit |
fd8b60 |
}
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
PinFlags ::= KerberosFlags
|
|
Packit |
fd8b60 |
-- reserved(0),
|
|
Packit |
fd8b60 |
-- systemSetPin(1),
|
|
Packit |
fd8b60 |
-- mandatory(2)
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
AnyURI ::= UTF8String
|
|
Packit |
fd8b60 |
(CONSTRAINED BY {
|
|
Packit |
fd8b60 |
-- MUST be a valid URI in accordance with IETF RFC 2396
|
|
Packit |
fd8b60 |
})
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
END
|