Coverage for /root/GitHubProjects/impacket/impacket/krb5/asn1.py : 91%

Hot-keys on this page
r m x p toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# Copyright (c) 2013, Marc Horowitz
2# All rights reserved.
3#
4# Redistribution and use in source and binary forms, with or without
5# modification, are permitted provided that the following conditions are
6# met:
7#
8# Redistributions of source code must retain the above copyright notice,
9# this list of conditions and the following disclaimer.
10#
11# Redistributions in binary form must reproduce the above copyright
12# notice, this list of conditions and the following disclaimer in the
13# documentation and/or other materials provided with the distribution.
14#
15# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
18# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
19# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
20# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
21# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
25# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26#
27# Altered source by Alberto Solino (@agsolino)
28#
29# Changed some of the classes names to match the RFC 4120
30# Added [MS-KILE] data
31# Adapted to Enum
32#
35from pyasn1.type import tag, namedtype, univ, constraint, char, useful
37from . import constants
40def _application_tag(tag_value):
41 return univ.Sequence.tagSet.tagExplicitly(
42 tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed,
43 int(tag_value)))
45def _vno_component(tag_value, name="pvno"):
46 return _sequence_component(
47 name, tag_value, univ.Integer(),
48 subtypeSpec=constraint.ValueRangeConstraint(5, 5))
50def _msg_type_component(tag_value, values):
51 c = constraint.ConstraintsUnion(
52 *(constraint.SingleValueConstraint(int(v)) for v in values))
53 return _sequence_component('msg-type', tag_value, univ.Integer(),
54 subtypeSpec=c)
56def _sequence_component(name, tag_value, type, **subkwargs):
57 return namedtype.NamedType(name, type.subtype(
58 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple,
59 tag_value),
60 **subkwargs))
62def _sequence_optional_component(name, tag_value, type, **subkwargs):
63 return namedtype.OptionalNamedType(name, type.subtype(
64 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple,
65 tag_value),
66 **subkwargs))
68def seq_set(seq, name, builder=None, *args, **kwargs):
69 component = seq.setComponentByName(name).getComponentByName(name)
70 if builder is not None:
71 seq.setComponentByName(name, builder(component, *args, **kwargs))
72 else:
73 seq.setComponentByName(name)
74 return seq.getComponentByName(name)
76def seq_set_dict(seq, name, pairs, *args, **kwargs):
77 component = seq.setComponentByName(name).getComponentByName(name)
78 for k, v in pairs.items():
79 component.setComponentByName(k, v)
81def seq_set_iter(seq, name, iterable):
82 component = seq.setComponentByName(name).getComponentByName(name)
83 for pos, v in enumerate(iterable):
84 component.setComponentByPosition(pos, v)
86def seq_set_flags(seq, name, flags):
87 seq_set(seq, name, flags.to_asn1)
89def seq_append(seq, name, pairs):
90 component = seq.getComponentByName(name)
91 if component is None:
92 component = seq.setComponentByName(name).getComponentByName(name)
93 index = len(component)
94 element = component.setComponentByPosition(index
95 ).getComponentByPosition(index)
96 for k, v in pairs.items():
97 element.setComponentByName(k, v)
99class Int32(univ.Integer):
100 subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(
101 -2147483648, 2147483647)
103class UInt32(univ.Integer):
104 pass
105# subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(
106# 0, 4294967295)
108class Microseconds(univ.Integer):
109 subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint(
110 0, 999999)
112class KerberosString(char.GeneralString):
113 # TODO marc: I'm not sure how to express this constraint in the API.
114 # For now, we will be liberal in what we accept.
115 # subtypeSpec = constraint.PermittedAlphabetConstraint(char.IA5String())
116 pass
118class Realm(KerberosString):
119 pass
121class PrincipalName(univ.Sequence):
122 componentType = namedtype.NamedTypes(
123 _sequence_component("name-type", 0, Int32()),
124 _sequence_component("name-string", 1,
125 univ.SequenceOf(componentType=KerberosString()))
126 )
128class KerberosTime(useful.GeneralizedTime):
129 pass
131class HostAddress(univ.Sequence):
132 componentType = namedtype.NamedTypes(
133 _sequence_component("addr-type", 0, Int32()),
134 _sequence_component("address", 1, univ.OctetString())
135 )
137class HostAddresses(univ.SequenceOf):
138 componentType = HostAddress()
140class AuthorizationData(univ.SequenceOf):
141 componentType = univ.Sequence(componentType=namedtype.NamedTypes(
142 _sequence_component('ad-type', 0, Int32()),
143 _sequence_component('ad-data', 1, univ.OctetString())
144 ))
146class PA_DATA(univ.Sequence):
147 componentType = namedtype.NamedTypes(
148 _sequence_component('padata-type', 1, Int32()),
149 _sequence_component('padata-value', 2, univ.OctetString())
150 )
152class KerberosFlags(univ.BitString):
153 # TODO marc: it doesn't look like there's any way to specify the
154 # SIZE (32.. MAX) parameter to the encoder. However, we can
155 # arrange at a higher layer to pass in >= 32 bits to the encoder.
156 pass
158class EncryptedData(univ.Sequence):
159 componentType = namedtype.NamedTypes(
160 _sequence_component("etype", 0, Int32()),
161 _sequence_optional_component("kvno", 1, UInt32()),
162 _sequence_component("cipher", 2, univ.OctetString())
163 )
165class EncryptionKey(univ.Sequence):
166 componentType = namedtype.NamedTypes(
167 _sequence_component('keytype', 0, Int32()),
168 _sequence_component('keyvalue', 1, univ.OctetString()))
170class Checksum(univ.Sequence):
171 componentType = namedtype.NamedTypes(
172 _sequence_component('cksumtype', 0, Int32()),
173 _sequence_component('checksum', 1, univ.OctetString()))
175class Ticket(univ.Sequence):
176 tagSet = _application_tag(constants.ApplicationTagNumbers.Ticket.value)
177 componentType = namedtype.NamedTypes(
178 _vno_component(name="tkt-vno", tag_value=0),
179 _sequence_component("realm", 1, Realm()),
180 _sequence_component("sname", 2, PrincipalName()),
181 _sequence_component("enc-part", 3, EncryptedData())
182 )
184class TicketFlags(KerberosFlags):
185 pass
187class TransitedEncoding(univ.Sequence):
188 componentType = namedtype.NamedTypes(
189 _sequence_component('tr-type', 0, Int32()),
190 _sequence_component('contents', 1, univ.OctetString()))
192class EncTicketPart(univ.Sequence):
193 tagSet = _application_tag(constants.ApplicationTagNumbers.EncTicketPart.value)
194 componentType = namedtype.NamedTypes(
195 _sequence_component("flags", 0, TicketFlags()),
196 _sequence_component("key", 1, EncryptionKey()),
197 _sequence_component("crealm", 2, Realm()),
198 _sequence_component("cname", 3, PrincipalName()),
199 _sequence_component("transited", 4, TransitedEncoding()),
200 _sequence_component("authtime", 5, KerberosTime()),
201 _sequence_optional_component("starttime", 6, KerberosTime()),
202 _sequence_component("endtime", 7, KerberosTime()),
203 _sequence_optional_component("renew-till", 8, KerberosTime()),
204 _sequence_optional_component("caddr", 9, HostAddresses()),
205 _sequence_optional_component("authorization-data", 10, AuthorizationData())
206 )
208class KDCOptions(KerberosFlags):
209 pass
211class KDC_REQ_BODY(univ.Sequence):
212 componentType = namedtype.NamedTypes(
213 _sequence_component('kdc-options', 0, KDCOptions()),
214 _sequence_optional_component('cname', 1, PrincipalName()),
215 _sequence_component('realm', 2, Realm()),
216 _sequence_optional_component('sname', 3, PrincipalName()),
217 _sequence_optional_component('from', 4, KerberosTime()),
218 _sequence_component('till', 5, KerberosTime()),
219 _sequence_optional_component('rtime', 6, KerberosTime()),
220 _sequence_component('nonce', 7, UInt32()),
221 _sequence_component('etype', 8,
222 univ.SequenceOf(componentType=Int32())),
223 _sequence_optional_component('addresses', 9, HostAddresses()),
224 _sequence_optional_component('enc-authorization-data', 10,
225 EncryptedData()),
226 _sequence_optional_component('additional-tickets', 11,
227 univ.SequenceOf(componentType=Ticket()))
228 )
230class KDC_REQ(univ.Sequence):
231 componentType = namedtype.NamedTypes(
232 _vno_component(1),
233 _msg_type_component(2, (constants.ApplicationTagNumbers.AS_REQ.value,
234 constants.ApplicationTagNumbers.TGS_REQ.value)),
235 _sequence_optional_component('padata', 3,
236 univ.SequenceOf(componentType=PA_DATA())),
237 _sequence_component('req-body', 4, KDC_REQ_BODY())
238 )
240class AS_REQ(KDC_REQ):
241 tagSet = _application_tag(constants.ApplicationTagNumbers.AS_REQ.value)
243class TGS_REQ(KDC_REQ):
244 tagSet = _application_tag(constants.ApplicationTagNumbers.TGS_REQ.value)
246class KDC_REP(univ.Sequence):
247 componentType = namedtype.NamedTypes(
248 _vno_component(0),
249 _msg_type_component(1, (constants.ApplicationTagNumbers.AS_REP.value,
250 constants.ApplicationTagNumbers.TGS_REP.value)),
251 _sequence_optional_component('padata', 2,
252 univ.SequenceOf(componentType=PA_DATA())),
253 _sequence_component('crealm', 3, Realm()),
254 _sequence_component('cname', 4, PrincipalName()),
255 _sequence_component('ticket', 5, Ticket()),
256 _sequence_component('enc-part', 6, EncryptedData())
257 )
259class LastReq(univ.SequenceOf):
260 componentType = univ.Sequence(componentType=namedtype.NamedTypes(
261 _sequence_component('lr-type', 0, Int32()),
262 _sequence_component('lr-value', 1, KerberosTime())
263 ))
265class METHOD_DATA(univ.SequenceOf):
266 componentType = PA_DATA()
268class EncKDCRepPart(univ.Sequence):
269 componentType = namedtype.NamedTypes(
270 _sequence_component('key', 0, EncryptionKey()),
271 _sequence_component('last-req', 1, LastReq()),
272 _sequence_component('nonce', 2, UInt32()),
273 _sequence_optional_component('key-expiration', 3, KerberosTime()),
274 _sequence_component('flags', 4, TicketFlags()),
275 _sequence_component('authtime', 5, KerberosTime()),
276 _sequence_optional_component('starttime', 6, KerberosTime()),
277 _sequence_component('endtime', 7, KerberosTime()),
278 _sequence_optional_component('renew-till', 8, KerberosTime()),
279 _sequence_component('srealm', 9, Realm()),
280 _sequence_component('sname', 10, PrincipalName()),
281 _sequence_optional_component('caddr', 11, HostAddresses()),
282 _sequence_optional_component('encrypted_pa_data', 12, METHOD_DATA())
283 )
285class EncASRepPart(EncKDCRepPart):
286 tagSet = _application_tag(constants.ApplicationTagNumbers.EncASRepPart.value)
288class EncTGSRepPart(EncKDCRepPart):
289 tagSet = _application_tag(constants.ApplicationTagNumbers.EncTGSRepPart.value)
291class AS_REP(KDC_REP):
292 tagSet = _application_tag(constants.ApplicationTagNumbers.AS_REP.value)
294class TGS_REP(KDC_REP):
295 tagSet = _application_tag(constants.ApplicationTagNumbers.TGS_REP.value)
297class APOptions(KerberosFlags):
298 pass
300class Authenticator(univ.Sequence):
301 tagSet = _application_tag(constants.ApplicationTagNumbers.Authenticator.value)
302 componentType = namedtype.NamedTypes(
303 _vno_component(name='authenticator-vno', tag_value=0),
304 _sequence_component('crealm', 1, Realm()),
305 _sequence_component('cname', 2, PrincipalName()),
306 _sequence_optional_component('cksum', 3, Checksum()),
307 _sequence_component('cusec', 4, Microseconds()),
308 _sequence_component('ctime', 5, KerberosTime()),
309 _sequence_optional_component('subkey', 6, EncryptionKey()),
310 _sequence_optional_component('seq-number', 7, UInt32()),
311 _sequence_optional_component('authorization-data', 8,
312 AuthorizationData())
313 )
315class AP_REQ(univ.Sequence):
316 tagSet = _application_tag(constants.ApplicationTagNumbers.AP_REQ.value)
317 componentType = namedtype.NamedTypes(
318 _vno_component(0),
319 _msg_type_component(1, (constants.ApplicationTagNumbers.AP_REQ.value,)),
320 _sequence_component('ap-options', 2, APOptions()),
321 _sequence_component('ticket', 3, Ticket()),
322 _sequence_component('authenticator', 4, EncryptedData())
323 )
325class AP_REP(univ.Sequence):
326 tagSet = _application_tag(constants.ApplicationTagNumbers.AP_REP.value)
327 componentType = namedtype.NamedTypes(
328 _vno_component(0),
329 _msg_type_component(1, (constants.ApplicationTagNumbers.AP_REP.value,)),
330 _sequence_component('enc-part', 2, EncryptedData()),
331 )
333class EncAPRepPart(univ.Sequence):
334 tagSet = _application_tag(constants.ApplicationTagNumbers.EncApRepPart.value)
335 componentType = namedtype.NamedTypes(
336 _sequence_component('ctime', 0, KerberosTime()),
337 _sequence_component('cusec', 1, Microseconds()),
338 _sequence_optional_component('subkey', 2, EncryptionKey()),
339 _sequence_optional_component('seq-number', 3, UInt32()),
340 )
342class KRB_SAFE_BODY(univ.Sequence):
343 componentType = namedtype.NamedTypes(
344 _sequence_component('user-data', 0, univ.OctetString()),
345 _sequence_optional_component('timestamp', 1, KerberosTime()),
346 _sequence_optional_component('usec', 2, Microseconds()),
347 _sequence_optional_component('seq-number', 3, UInt32()),
348 _sequence_component('s-address', 4, HostAddress()),
349 _sequence_optional_component('r-address', 5, HostAddress()),
350 )
352class KRB_SAFE(univ.Sequence):
353 tagSet = _application_tag(constants.ApplicationTagNumbers.KRB_SAFE.value)
354 componentType = namedtype.NamedTypes(
355 _vno_component(0),
356 _msg_type_component(1, (constants.ApplicationTagNumbers.KRB_SAFE.value,)),
357 _sequence_component('safe-body', 2, KRB_SAFE_BODY()),
358 _sequence_component('cksum', 3, Checksum()),
359 )
361class KRB_PRIV(univ.Sequence):
362 tagSet = _application_tag(constants.ApplicationTagNumbers.KRB_PRIV.value)
363 componentType = namedtype.NamedTypes(
364 _vno_component(0),
365 _msg_type_component(1, (constants.ApplicationTagNumbers.KRB_PRIV.value,)),
366 _sequence_component('enc-part', 3, EncryptedData()),
367 )
369class EncKrbPrivPart(univ.Sequence):
370 tagSet = _application_tag(constants.ApplicationTagNumbers.EncKrbPrivPart.value)
371 componentType = namedtype.NamedTypes(
372 _sequence_component('user-data', 0, univ.OctetString()),
373 _sequence_optional_component('timestamp', 1, KerberosTime()),
374 _sequence_optional_component('cusec', 2, Microseconds()),
375 _sequence_optional_component('seq-number', 3, UInt32()),
376 _sequence_component('s-address', 4, HostAddress()),
377 _sequence_optional_component('r-address', 5, HostAddress()),
378 )
380class KRB_CRED(univ.Sequence):
381 tagSet = _application_tag(constants.ApplicationTagNumbers.KRB_CRED.value)
382 componentType = namedtype.NamedTypes(
383 _vno_component(0),
384 _msg_type_component(1, (constants.ApplicationTagNumbers.KRB_CRED.value,)),
385 _sequence_optional_component('tickets', 2,
386 univ.SequenceOf(componentType=Ticket())),
387 _sequence_component('enc-part', 3, EncryptedData()),
388 )
390class KrbCredInfo(univ.Sequence):
391 componentType = namedtype.NamedTypes(
392 _sequence_component('key', 0, EncryptionKey()),
393 _sequence_optional_component('prealm', 1, Realm()),
394 _sequence_optional_component('pname', 2, PrincipalName()),
395 _sequence_optional_component('flags', 3, TicketFlags()),
396 _sequence_optional_component('authtime', 4, KerberosTime()),
397 _sequence_optional_component('starttime', 5, KerberosTime()),
398 _sequence_optional_component('endtime', 6, KerberosTime()),
399 _sequence_optional_component('renew-till', 7, KerberosTime()),
400 _sequence_optional_component('srealm', 8, Realm()),
401 _sequence_optional_component('sname', 9, PrincipalName()),
402 _sequence_optional_component('caddr', 10, HostAddresses()),
403 )
405class EncKrbCredPart(univ.Sequence):
406 tagSet = _application_tag(constants.ApplicationTagNumbers.EncKrbCredPart.value)
407 componentType = namedtype.NamedTypes(
408 _sequence_component('ticket-info', 0, univ.SequenceOf(componentType=KrbCredInfo())),
409 _sequence_optional_component('nonce', 1, UInt32()),
410 _sequence_optional_component('timestamp', 2, KerberosTime()),
411 _sequence_optional_component('usec', 3, Microseconds()),
412 _sequence_optional_component('s-address', 4, HostAddress()),
413 _sequence_optional_component('r-address', 5, HostAddress()),
414 )
416class KRB_ERROR(univ.Sequence):
417 tagSet = _application_tag(constants.ApplicationTagNumbers.KRB_ERROR.value)
418 componentType = namedtype.NamedTypes(
419 _vno_component(0),
420 _msg_type_component(1, (constants.ApplicationTagNumbers.KRB_ERROR.value,)),
421 _sequence_optional_component('ctime', 2, KerberosTime()),
422 _sequence_optional_component('cusec', 3, Microseconds()),
423 _sequence_component('stime', 4, KerberosTime()),
424 _sequence_component('susec', 5, Microseconds()),
425 _sequence_component('error-code', 6, Int32()),
426 _sequence_optional_component('crealm', 7, Realm()),
427 _sequence_optional_component('cname', 8, PrincipalName()),
428 _sequence_component('realm', 9, Realm()),
429 _sequence_component('sname', 10, PrincipalName()),
430 _sequence_optional_component('e-text', 11, KerberosString()),
431 _sequence_optional_component('e-data', 12, univ.OctetString())
432 )
434class TYPED_DATA(univ.SequenceOf):
435 componentType = namedtype.NamedTypes(
436 _sequence_component('data-type', 0, Int32()),
437 _sequence_optional_component('data-value', 1, univ.OctetString()),
438 )
440class PA_ENC_TIMESTAMP(EncryptedData):
441 pass
443class PA_ENC_TS_ENC(univ.Sequence):
444 componentType = namedtype.NamedTypes(
445 _sequence_component('patimestamp', 0, KerberosTime()),
446 _sequence_optional_component('pausec', 1, Microseconds()))
448class ETYPE_INFO_ENTRY(univ.Sequence):
449 componentType = namedtype.NamedTypes(
450 _sequence_component('etype', 0, Int32()),
451 _sequence_optional_component('salt', 1, univ.OctetString()))
453class ETYPE_INFO(univ.SequenceOf):
454 componentType = ETYPE_INFO_ENTRY()
456class ETYPE_INFO2_ENTRY(univ.Sequence):
457 componentType = namedtype.NamedTypes(
458 _sequence_component('etype', 0, Int32()),
459 _sequence_optional_component('salt', 1, KerberosString()),
460 _sequence_optional_component('s2kparams', 2, univ.OctetString()))
462class ETYPE_INFO2(univ.SequenceOf):
463 componentType = ETYPE_INFO2_ENTRY()
465class AD_IF_RELEVANT(AuthorizationData):
466 pass
468class AD_KDCIssued(univ.Sequence):
469 componentType = namedtype.NamedTypes(
470 _sequence_component('ad-checksum', 0, Checksum()),
471 _sequence_optional_component('i-realm', 1, Realm()),
472 _sequence_optional_component('i-sname', 2, PrincipalName()),
473 _sequence_component('elements', 3, AuthorizationData()))
475class AD_AND_OR(univ.Sequence):
476 componentType = namedtype.NamedTypes(
477 _sequence_component('condition-count', 0, Int32()),
478 _sequence_optional_component('elements', 1, AuthorizationData()))
480class AD_MANDATORY_FOR_KDC(AuthorizationData):
481 pass
483class KERB_PA_PAC_REQUEST(univ.Sequence):
484 componentType = namedtype.NamedTypes(
485 namedtype.NamedType('include-pac', univ.Boolean().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
486 )
488class PA_FOR_USER_ENC(univ.Sequence):
489 componentType = namedtype.NamedTypes(
490 _sequence_component('userName', 0, PrincipalName()),
491 _sequence_optional_component('userRealm', 1, Realm()),
492 _sequence_optional_component('cksum', 2, Checksum()),
493 _sequence_optional_component('auth-package', 3, KerberosString()))
495class KERB_ERROR_DATA(univ.Sequence):
496 componentType = namedtype.NamedTypes(
497 _sequence_component('data-type', 1, Int32()),
498 _sequence_component('data-value', 2, univ.OctetString()))
500class PA_PAC_OPTIONS(univ.Sequence):
501 componentType = namedtype.NamedTypes(
502 _sequence_component('flags', 0, KerberosFlags()),
503 )
505class KERB_KEY_LIST_REQ(univ.SequenceOf):
506 componentType = Int32()
508class KERB_KEY_LIST_REP(univ.SequenceOf):
509 componentType = EncryptionKey()