1KerberosV5SPAKE { 2 iso(1) identified-organization(3) dod(6) internet(1) 3 security(5) kerberosV5(2) modules(4) spake(8) 4} DEFINITIONS EXPLICIT TAGS ::= BEGIN 5 6IMPORTS 7 EncryptedData, Int32 8 FROM KerberosV5Spec2 { iso(1) identified-organization(3) 9 dod(6) internet(1) security(5) kerberosV5(2) modules(4) 10 krb5spec2(2) }; 11 -- as defined in RFC 4120. 12 13SPAKESupport ::= SEQUENCE { 14 groups [0] SEQUENCE (SIZE(1..MAX)) OF Int32, 15 ... 16} 17 18SPAKEChallenge ::= SEQUENCE { 19 group [0] Int32, 20 pubkey [1] OCTET STRING, 21 factors [2] SEQUENCE (SIZE(1..MAX)) OF SPAKESecondFactor, 22 ... 23} 24 25SPAKESecondFactor ::= SEQUENCE { 26 type [0] Int32, 27 data [1] OCTET STRING OPTIONAL 28} 29 30SPAKEResponse ::= SEQUENCE { 31 pubkey [0] OCTET STRING, 32 factor [1] EncryptedData, -- SPAKESecondFactor 33 ... 34} 35 36PA-SPAKE ::= CHOICE { 37 support [0] SPAKESupport, 38 challenge [1] SPAKEChallenge, 39 response [2] SPAKEResponse, 40 encdata [3] EncryptedData, 41 ... 42} 43 44END 45