Hide keyboard shortcuts

Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved. 

2# 

3# This software is provided under under a slightly modified version 

4# of the Apache Software License. See the accompanying LICENSE file 

5# for more information. 

6# 

7# Author: Alberto Solino (@agsolino) 

8# 

9# Description: 

10# Constants for krb5.asn1 package. I took them out from the RFC plus 

11# some data from [MS-KILE] as well.  

12# 

13# 

14 

15from impacket.dcerpc.v5.enum import Enum 

16 

17def encodeFlags(flags): 

18 finalFlags = list() 

19 

20 for i in range(0,32): 

21 finalFlags.append(0,) 

22 

23 

24 for f in flags: 

25 finalFlags[f] = 1 

26 

27 return finalFlags 

28 

29class ApplicationTagNumbers(Enum): 

30 Ticket = 1 

31 Authenticator = 2 

32 EncTicketPart = 3 

33 AS_REQ = 10 

34 AS_REP = 11 

35 TGS_REQ = 12 

36 TGS_REP = 13 

37 AP_REQ = 14 

38 AP_REP = 15 

39 RESERVED16 = 16 

40 RESERVED17 = 17 

41 KRB_SAFE = 20 

42 KRB_PRIV = 21 

43 KRB_CRED = 22 

44 EncASRepPart = 25 

45 EncTGSRepPart = 26 

46 EncApRepPart = 27 

47 EncKrbPrivPart = 28 

48 EncKrbCredPart = 29 

49 KRB_ERROR = 30 

50 

51class PrincipalNameType(Enum): 

52 NT_UNKNOWN = 0 

53 NT_PRINCIPAL = 1 

54 NT_SRV_INST = 2 

55 NT_SRV_HST = 3 

56 NT_SRV_XHST = 4 

57 NT_UID = 5 

58 NT_X500_PRINCIPAL = 6 

59 NT_SMTP_NAME = 7 

60 NT_ENTERPRISE = 10 

61 NT_WELLKNOWN = 11 

62 NT_SRV_HST_DOMAIN = 12 

63 NT_MS_PRINCIPAL = -128 

64 NT_MS_PRINCIPAL_AND_ID = -129 

65 NT_ENT_PRINCIPAL_AND_ID = -130 

66 

67class PreAuthenticationDataTypes(Enum): 

68 PA_TGS_REQ = 1 

69 PA_ENC_TIMESTAMP = 2 

70 PA_PW_SALT = 3 

71 PA_ENC_UNIX_TIME = 5 

72 PA_SANDIA_SECUREID = 6 

73 PA_SESAME = 7 

74 PA_OSF_DCE = 8 

75 PA_CYBERSAFE_SECUREID = 9 

76 PA_AFS3_SALT = 10 

77 PA_ETYPE_INFO = 11 

78 PA_SAM_CHALLENGE = 12 

79 PA_SAM_RESPONSE = 13 

80 PA_PK_AS_REQ_OLD = 14 

81 PA_PK_AS_REP_OLD = 15 

82 PA_PK_AS_REQ = 16 

83 PA_PK_AS_REP = 17 

84 PA_ETYPE_INFO2 = 19 

85 PA_USE_SPECIFIED_KVNO = 20 

86 PA_SAM_REDIRECT = 21 

87 PA_GET_FROM_TYPED_DATA = 22 

88 TD_PADATA = 22 

89 PA_SAM_ETYPE_INFO = 23 

90 PA_ALT_PRINC = 24 

91 PA_SAM_CHALLENGE2 = 30 

92 PA_SAM_RESPONSE2 = 31 

93 PA_EXTRA_TGT = 41 

94 TD_PKINIT_CMS_CERTIFICATES = 101 

95 TD_KRB_PRINCIPAL = 102 

96 TD_KRB_REALM = 103 

97 TD_TRUSTED_CERTIFIERS = 104 

98 TD_CERTIFICATE_INDEX = 105 

99 TD_APP_DEFINED_ERROR = 106 

100 TD_REQ_NONCE = 107 

101 TD_REQ_SEQ = 108 

102 PA_PAC_REQUEST = 128 

103 PA_FOR_USER = 129 

104 PA_FX_COOKIE = 133 

105 PA_FX_FAST = 136 

106 PA_FX_ERROR = 137 

107 PA_ENCRYPTED_CHALLENGE = 138 

108 KERB_KEY_LIST_REQ = 161 

109 KERB_KEY_LIST_REP = 162 

110 PA_SUPPORTED_ENCTYPES = 165 

111 PA_PAC_OPTIONS = 167 

112 

113class AddressType(Enum): 

114 IPv4 = 2 

115 Directional = 3 

116 ChaosNet = 5 

117 XNS = 6 

118 ISO = 7 

119 DECNET_Phase_IV = 12 

120 AppleTalk_DDP = 16 

121 NetBios = 20 

122 IPv6 = 24 

123 

124# 3.1.5.9 Key Usage Numbers 

125KERB_NON_KERB_SALT = 16 

126KERB_NON_KERB_CKSUM_SALT = 17 

127 

128# 7.5.4. Authorization Data Types 

129class AuthorizationDataType(Enum): 

130 AD_IF_RELEVANT = 1 

131 AD_INTENDED_FOR_SERVER = 2 

132 AD_INTENDED_FOR_APPLICATION_CLASS = 3 

133 AD_KDC_ISSUED = 4 

134 AD_AND_OR = 5 

135 AD_MANDATORY_TICKET_EXTENSIONS = 6 

136 AD_IN_TICKET_EXTENSIONS = 7 

137 AD_MANDATORY_FOR_KDC = 8 

138 #Reserved values = 9-63 

139 OSF_DCE = 64 

140 SESAME = 65 

141 AD_OSF_DCE_PKI_CERTID = 66 

142 AD_WIN2K_PAC = 128 

143 AD_ETYPE_NEGOTIATION = 129 

144 

145# 7.5.5. Transited Encoding Types 

146class TransitedEncodingTypes(Enum): 

147 DOMAIN_X500_COMPRESS = 1 

148 

149# 7.5.6. Protocol Version Number 

150class ProtocolVersionNumber(Enum): 

151 pvno = 5 

152 

153# 7.5.7. Kerberos Message Types 

154class KerberosMessageTypes(Enum): 

155 KRB_AS_REQ = 10 # Request for initial authentication 

156 KRB_AS_REP = 11 # Response to KRB_AS_REQ request 

157 KRB_TGS_REQ = 12 # Request for authentication based on TGT 

158 KRB_TGS_REP = 13 # Response to KRB_TGS_REQ request 

159 KRB_AP_REQ = 14 # Application request to server 

160 KRB_AP_REP = 15 # Response to KRB_AP_REQ_MUTUAL 

161 KRB_RESERVED16 = 16 # Reserved for user-to-user krb_tgt_request 

162 KRB_RESERVED17 = 17 # Reserved for user-to-user krb_tgt_reply 

163 KRB_SAFE = 20 # Safe (checksummed) application message 

164 KRB_PRIV = 21 # Private (encrypted) application message 

165 KRB_CRED = 22 # Private (encrypted) message to forward 

166 # credentials 

167 KRB_ERROR = 30 # Error response 

168 

169# 7.5.8. Name Types 

170class NameTypes(Enum): 

171 KRB_NT_UNKNOWN = 0 # Name type not known 

172 KRB_NT_PRINCIPAL = 1 # Just the name of the principal as in DCE, 

173 # or for users 

174 KRB_NT_SRV_INST = 2 # Service and other unique instance (krbtgt) 

175 KRB_NT_SRV_HST = 3 # Service with host name as instance 

176 # (telnet, rcommands) 

177 KRB_NT_SRV_XHST = 4 # Service with host as remaining components 

178 KRB_NT_UID = 5 # Unique ID 

179 KRB_NT_X500_PRINCIPAL = 6 # Encoded X.509 Distinguished name [RFC2253] 

180 KRB_NT_SMTP_NAME = 7 # Name in form of SMTP email name 

181 # (e.g., user@example.com) 

182 KRB_NT_ENTERPRISE = 10 # Enterprise name; may be mapped to 

183 # principal name 

184 # Other Name Types 

185 KRB_NT_WELLKNOWN = 11 

186 KRB_NT_SRV_HST_DOMAIN = 12 

187 KRB_NT_MS_PRINCIPAL = -128 

188 KRB_NT_MS_PRINCIPAL_AND_ID = -129 

189 KRB_NT_ENT_PRINCIPAL_AND_ID = -130 

190 

191# 7.5.9. Error Codes 

192class ErrorCodes(Enum): 

193 KDC_ERR_NONE = 0 # No error 

194 KDC_ERR_NAME_EXP = 1 # Client's entry in database 

195 # has expired 

196 KDC_ERR_SERVICE_EXP = 2 # Server's entry in database 

197 # has expired 

198 KDC_ERR_BAD_PVNO = 3 # Requested protocol version 

199 # number not supported 

200 KDC_ERR_C_OLD_MAST_KVNO = 4 # Client's key encrypted in 

201 # old master key 

202 KDC_ERR_S_OLD_MAST_KVNO = 5 # Server's key encrypted in 

203 # old master key 

204 KDC_ERR_C_PRINCIPAL_UNKNOWN = 6 # Client not found in 

205 # Kerberos database 

206 KDC_ERR_S_PRINCIPAL_UNKNOWN = 7 # Server not found in 

207 # Kerberos database 

208 KDC_ERR_PRINCIPAL_NOT_UNIQUE = 8 # Multiple principal entries 

209 # in database 

210 KDC_ERR_NULL_KEY = 9 # The client or server has a 

211 # null key 

212 KDC_ERR_CANNOT_POSTDATE = 10 # Ticket not eligible for 

213 # postdating 

214 KDC_ERR_NEVER_VALID = 11 # Requested starttime is 

215 # later than end time 

216 KDC_ERR_POLICY = 12 # KDC policy rejects request 

217 KDC_ERR_BADOPTION = 13 # KDC cannot accommodate 

218 # requested option 

219 KDC_ERR_ETYPE_NOSUPP = 14 # KDC has no support for 

220 # encryption type 

221 KDC_ERR_SUMTYPE_NOSUPP = 15 # KDC has no support for 

222 # checksum type 

223 KDC_ERR_PADATA_TYPE_NOSUPP = 16 # KDC has no support for 

224 # padata type 

225 KDC_ERR_TRTYPE_NOSUPP = 17 # KDC has no support for 

226 # transited type 

227 KDC_ERR_CLIENT_REVOKED = 18 # Clients credentials have 

228 # been revoked 

229 KDC_ERR_SERVICE_REVOKED = 19 # Credentials for server have 

230 # been revoked 

231 KDC_ERR_TGT_REVOKED = 20 # TGT has been revoked 

232 KDC_ERR_CLIENT_NOTYET = 21 # Client not yet valid; try 

233 # again later 

234 KDC_ERR_SERVICE_NOTYET = 22 # Server not yet valid; try 

235 # again later 

236 KDC_ERR_KEY_EXPIRED = 23 # Password has expired; 

237 # change password to reset 

238 KDC_ERR_PREAUTH_FAILED = 24 # Pre-authentication 

239 # information was invalid 

240 KDC_ERR_PREAUTH_REQUIRED = 25 # Additional pre- 

241 # authentication required 

242 KDC_ERR_SERVER_NOMATCH = 26 # Requested server and ticket 

243 # don't match 

244 KDC_ERR_MUST_USE_USER2USER = 27 # Server principal valid for 

245 # user2user only 

246 KDC_ERR_PATH_NOT_ACCEPTED = 28 # KDC Policy rejects 

247 # transited path 

248 KDC_ERR_SVC_UNAVAILABLE = 29 # A service is not available 

249 KRB_AP_ERR_BAD_INTEGRITY = 31 # Integrity check on 

250 # decrypted field failed 

251 KRB_AP_ERR_TKT_EXPIRED = 32 # Ticket expired 

252 KRB_AP_ERR_TKT_NYV = 33 # Ticket not yet valid 

253 KRB_AP_ERR_REPEAT = 34 # Request is a replay 

254 KRB_AP_ERR_NOT_US = 35 # The ticket isn't for us 

255 KRB_AP_ERR_BADMATCH = 36 # Ticket and authenticator 

256 # don't match 

257 KRB_AP_ERR_SKEW = 37 # Clock skew too great 

258 KRB_AP_ERR_BADADDR = 38 # Incorrect net address 

259 KRB_AP_ERR_BADVERSION = 39 # Protocol version mismatch 

260 KRB_AP_ERR_MSG_TYPE = 40 # Invalid msg type 

261 KRB_AP_ERR_MODIFIED = 41 # Message stream modified 

262 KRB_AP_ERR_BADORDER = 42 # Message out of order 

263 KRB_AP_ERR_BADKEYVER = 44 # Specified version of key is 

264 # not available 

265 KRB_AP_ERR_NOKEY = 45 # Service key not available 

266 KRB_AP_ERR_MUT_FAIL = 46 # Mutual authentication 

267 # failed 

268 KRB_AP_ERR_BADDIRECTION = 47 # Incorrect message direction 

269 KRB_AP_ERR_METHOD = 48 # Alternative authentication 

270 # method required 

271 KRB_AP_ERR_BADSEQ = 49 # Incorrect sequence number 

272 # in message 

273 KRB_AP_ERR_INAPP_CKSUM = 50 # Inappropriate type of 

274 # checksum in message 

275 KRB_AP_PATH_NOT_ACCEPTED = 51 # Policy rejects transited 

276 # path 

277 KRB_ERR_RESPONSE_TOO_BIG = 52 # Response too big for UDP; 

278 # retry with TCP 

279 KRB_ERR_GENERIC = 60 # Generic error (description 

280 # in e-text) 

281 KRB_ERR_FIELD_TOOLONG = 61 # Field is too long for this 

282 # implementation 

283 KDC_ERROR_CLIENT_NOT_TRUSTED = 62 # Reserved for PKINIT 

284 KDC_ERROR_KDC_NOT_TRUSTED = 63 # Reserved for PKINIT 

285 KDC_ERROR_INVALID_SIG = 64 # Reserved for PKINIT 

286 KDC_ERR_KEY_TOO_WEAK = 65 # Reserved for PKINIT 

287 KDC_ERR_CERTIFICATE_MISMATCH = 66 # Reserved for PKINIT 

288 KRB_AP_ERR_NO_TGT = 67 # No TGT available to 

289 # validate USER-TO-USER 

290 KDC_ERR_WRONG_REALM = 68 # Reserved for future use 

291 KRB_AP_ERR_USER_TO_USER_REQUIRED = 69 # Ticket must be for 

292 # USER-TO-USER 

293 KDC_ERR_CANT_VERIFY_CERTIFICATE = 70 # Reserved for PKINIT 

294 KDC_ERR_INVALID_CERTIFICATE = 71 # Reserved for PKINIT 

295 KDC_ERR_REVOKED_CERTIFICATE = 72 # Reserved for PKINIT 

296 KDC_ERR_REVOCATION_STATUS_UNKNOWN = 73 # Reserved for PKINIT 

297 KDC_ERR_REVOCATION_STATUS_UNAVAILABLE = 74 # Reserved for PKINIT 

298 KDC_ERR_CLIENT_NAME_MISMATCH = 75 # Reserved for PKINIT 

299 KDC_ERR_KDC_NAME_MISMATCH = 76 # Reserved for PKINIT 

300 

301ERROR_MESSAGES = { 

302 0 : ('KDC_ERR_NONE', 'No error'), 

303 1 : ('KDC_ERR_NAME_EXP', 'Client\'s entry in database has expired'), 

304 2 : ('KDC_ERR_SERVICE_EXP', 'Server\'s entry in database has expired'), 

305 3 : ('KDC_ERR_BAD_PVNO', 'Requested protocol version number not supported'), 

306 4 : ('KDC_ERR_C_OLD_MAST_KVNO', 'Client\'s key encrypted in old master key'), 

307 5 : ('KDC_ERR_S_OLD_MAST_KVNO', 'Server\'s key encrypted in old master key'), 

308 6 : ('KDC_ERR_C_PRINCIPAL_UNKNOWN', 'Client not found in Kerberos database'), 

309 7 : ('KDC_ERR_S_PRINCIPAL_UNKNOWN', 'Server not found in Kerberos database'), 

310 8 : ('KDC_ERR_PRINCIPAL_NOT_UNIQUE', 'Multiple principal entries in database'), 

311 9 : ('KDC_ERR_NULL_KEY', 'The client or server has a null key'), 

312 10 : ('KDC_ERR_CANNOT_POSTDATE', 'Ticket not eligible for postdating'), 

313 11 : ('KDC_ERR_NEVER_VALID', 'Requested starttime is later than end time'), 

314 12 : ('KDC_ERR_POLICY', 'KDC policy rejects request'), 

315 13 : ('KDC_ERR_BADOPTION', 'KDC cannot accommodate requested option'), 

316 14 : ('KDC_ERR_ETYPE_NOSUPP', 'KDC has no support for encryption type'), 

317 15 : ('KDC_ERR_SUMTYPE_NOSUPP', 'KDC has no support for checksum type'), 

318 16 : ('KDC_ERR_PADATA_TYPE_NOSUPP', 'KDC has no support for padata type'), 

319 17 : ('KDC_ERR_TRTYPE_NOSUPP', 'KDC has no support for transited type'), 

320 18 : ('KDC_ERR_CLIENT_REVOKED', 'Clients credentials have been revoked'), 

321 19 : ('KDC_ERR_SERVICE_REVOKED', 'Credentials for server have been revoked'), 

322 20 : ('KDC_ERR_TGT_REVOKED', 'TGT has been revoked'), 

323 21 : ('KDC_ERR_CLIENT_NOTYET', 'Client not yet valid; try again later'), 

324 22 : ('KDC_ERR_SERVICE_NOTYET', 'Server not yet valid; try again later'), 

325 23 : ('KDC_ERR_KEY_EXPIRED', 'Password has expired; change password to reset'), 

326 24 : ('KDC_ERR_PREAUTH_FAILED', 'Pre-authentication information was invalid'), 

327 25 : ('KDC_ERR_PREAUTH_REQUIRED', 'Additional pre-authentication required'), 

328 26 : ('KDC_ERR_SERVER_NOMATCH', 'Requested server and ticket don\'t match'), 

329 27 : ('KDC_ERR_MUST_USE_USER2USER', 'Server principal valid for user2user only'), 

330 28 : ('KDC_ERR_PATH_NOT_ACCEPTED', 'KDC Policy rejects transited path'), 

331 29 : ('KDC_ERR_SVC_UNAVAILABLE', 'A service is not available'), 

332 31 : ('KRB_AP_ERR_BAD_INTEGRITY', 'Integrity check on decrypted field failed'), 

333 32 : ('KRB_AP_ERR_TKT_EXPIRED', 'Ticket expired'), 

334 33 : ('KRB_AP_ERR_TKT_NYV', 'Ticket not yet valid'), 

335 34 : ('KRB_AP_ERR_REPEAT', 'Request is a replay'), 

336 35 : ('KRB_AP_ERR_NOT_US', 'The ticket isn\'t for us'), 

337 36 : ('KRB_AP_ERR_BADMATCH', 'Ticket and authenticator don\'t match'), 

338 37 : ('KRB_AP_ERR_SKEW', 'Clock skew too great'), 

339 38 : ('KRB_AP_ERR_BADADDR', 'Incorrect net address'), 

340 39 : ('KRB_AP_ERR_BADVERSION', 'Protocol version mismatch'), 

341 40 : ('KRB_AP_ERR_MSG_TYPE', 'Invalid msg type'), 

342 41 : ('KRB_AP_ERR_MODIFIED', 'Message stream modified'), 

343 42 : ('KRB_AP_ERR_BADORDER', 'Message out of order'), 

344 44 : ('KRB_AP_ERR_BADKEYVER', 'Specified version of key is not available'), 

345 45 : ('KRB_AP_ERR_NOKEY', 'Service key not available'), 

346 46 : ('KRB_AP_ERR_MUT_FAIL', 'Mutual authentication failed'), 

347 47 : ('KRB_AP_ERR_BADDIRECTION', 'Incorrect message direction'), 

348 48 : ('KRB_AP_ERR_METHOD', 'Alternative authentication method required'), 

349 49 : ('KRB_AP_ERR_BADSEQ', 'Incorrect sequence number in message'), 

350 50 : ('KRB_AP_ERR_INAPP_CKSUM', 'Inappropriate type of checksum in message'), 

351 51 : ('KRB_AP_PATH_NOT_ACCEPTED', 'Policy rejects transited path'), 

352 52 : ('KRB_ERR_RESPONSE_TOO_BIG', 'Response too big for UDP; retry with TCP'), 

353 60 : ('KRB_ERR_GENERIC', 'Generic error (description in e-text)'), 

354 61 : ('KRB_ERR_FIELD_TOOLONG', 'Field is too long for this implementation'), 

355 62 : ('KDC_ERROR_CLIENT_NOT_TRUSTED', 'Reserved for PKINIT'), 

356 63 : ('KDC_ERROR_KDC_NOT_TRUSTED', 'Reserved for PKINIT'), 

357 64 : ('KDC_ERROR_INVALID_SIG', 'Reserved for PKINIT'), 

358 65 : ('KDC_ERR_KEY_TOO_WEAK', 'Reserved for PKINIT'), 

359 66 : ('KDC_ERR_CERTIFICATE_MISMATCH', 'Reserved for PKINIT'), 

360 67 : ('KRB_AP_ERR_NO_TGT', 'No TGT available to validate USER-TO-USER'), 

361 68 : ('KDC_ERR_WRONG_REALM', 'Reserved for future use'), 

362 69 : ('KRB_AP_ERR_USER_TO_USER_REQUIRED', 'Ticket must be for USER-TO-USER'), 

363 70 : ('KDC_ERR_CANT_VERIFY_CERTIFICATE', 'Reserved for PKINIT'), 

364 71 : ('KDC_ERR_INVALID_CERTIFICATE', 'Reserved for PKINIT'), 

365 72 : ('KDC_ERR_REVOKED_CERTIFICATE', 'Reserved for PKINIT'), 

366 73 : ('KDC_ERR_REVOCATION_STATUS_UNKNOWN', 'Reserved for PKINIT'), 

367 74 : ('KDC_ERR_REVOCATION_STATUS_UNAVAILABLE', 'Reserved for PKINIT'), 

368 75 : ('KDC_ERR_CLIENT_NAME_MISMATCH', 'Reserved for PKINIT'), 

369 76 : ('KDC_ERR_KDC_NAME_MISMATCH', 'Reserved for PKINIT'), 

370} 

371 

372class TicketFlags(Enum): 

373 reserved = 0 

374 forwardable = 1 

375 forwarded = 2 

376 proxiable = 3 

377 proxy = 4 

378 may_postdate = 5 

379 postdated = 6 

380 invalid = 7 

381 renewable = 8 

382 initial = 9 

383 pre_authent = 10 

384 hw_authent = 11 

385 transited_policy_checked = 12 

386 ok_as_delegate = 13 

387 enc_pa_rep = 15 

388 anonymous = 16 

389 

390class KDCOptions(Enum): 

391 reserved = 0 

392 forwardable = 1 

393 forwarded = 2 

394 proxiable = 3 

395 proxy = 4 

396 allow_postdate = 5 

397 postdated = 6 

398 unused7 = 7 

399 renewable = 8 

400 unused9 = 9 

401 unused10 = 10 

402 opt_hardware_auth = 11 

403 unused12 = 12 

404 unused13 = 13 

405 cname_in_addl_tkt = 14 

406 canonicalize = 15 

407 disable_transited_check = 26 

408 renewable_ok = 27 

409 enc_tkt_in_skey = 28 

410 renew = 30 

411 validate = 31 

412 

413class APOptions(Enum): 

414 reserved = 0 

415 use_session_key = 1 

416 mutual_required = 2 

417 

418class PAPacOptions(Enum): 

419 # [MS-KILE] 2.2.10 

420 claims = 0 

421 branch_aware = 1 

422 forward_to_full_dc = 2 

423 # [MS-SFU] 2.2.5 

424 resource_based_constrained_delegation = 3 

425 

426class EncryptionTypes(Enum): 

427 des_cbc_crc = 1 

428 des_cbc_md4 = 2 

429 des_cbc_md5 = 3 

430 _reserved_4 = 4 

431 des3_cbc_md5 = 5 

432 _reserved_6 = 6 

433 des3_cbc_sha1 = 7 

434 dsaWithSHA1_CmsOID = 9 

435 md5WithRSAEncryption_CmsOID = 10 

436 sha1WithRSAEncryption_CmsOID = 11 

437 rc2CBC_EnvOID = 12 

438 rsaEncryption_EnvOID = 13 

439 rsaES_OAEP_ENV_OID = 14 

440 des_ede3_cbc_Env_OID = 15 

441 des3_cbc_sha1_kd = 16 

442 aes128_cts_hmac_sha1_96 = 17 

443 aes256_cts_hmac_sha1_96 = 18 

444 rc4_hmac = 23 

445 rc4_hmac_exp = 24 

446 subkey_keymaterial = 65 

447 rc4_hmac_old_exp = -135 

448 

449class ChecksumTypes(Enum): 

450 rsa_md5_des = 8 

451 rsa_md4_des = 4 

452 hmac_md5 = -138 

453 hmac_sha1_des3_kd = 12 

454 hmac_sha1_96_aes128 = 15 

455 hmac_sha1_96_aes256 = 16