Hide keyboard shortcuts

Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1# Impacket - Collection of Python classes for working with network protocols. 

2# 

3# SECUREAUTH LABS. Copyright (C) 2020 SecureAuth Corporation. All rights reserved. 

4# 

5# This software is provided under a slightly modified version 

6# of the Apache Software License. See the accompanying LICENSE file 

7# for more information. 

8# 

9# Description: 

10# Constants for krb5.asn1 package. I took them out from the RFC plus 

11# some data from [MS-KILE] as well. 

12# 

13# Author: 

14# Alberto Solino (@agsolino) 

15# 

16from impacket.dcerpc.v5.enum import Enum 

17 

18def encodeFlags(flags): 

19 finalFlags = list() 

20 

21 for i in range(0,32): 

22 finalFlags.append(0,) 

23 

24 

25 for f in flags: 

26 finalFlags[f] = 1 

27 

28 return finalFlags 

29 

30class ApplicationTagNumbers(Enum): 

31 Ticket = 1 

32 Authenticator = 2 

33 EncTicketPart = 3 

34 AS_REQ = 10 

35 AS_REP = 11 

36 TGS_REQ = 12 

37 TGS_REP = 13 

38 AP_REQ = 14 

39 AP_REP = 15 

40 RESERVED16 = 16 

41 RESERVED17 = 17 

42 KRB_SAFE = 20 

43 KRB_PRIV = 21 

44 KRB_CRED = 22 

45 EncASRepPart = 25 

46 EncTGSRepPart = 26 

47 EncApRepPart = 27 

48 EncKrbPrivPart = 28 

49 EncKrbCredPart = 29 

50 KRB_ERROR = 30 

51 

52class PrincipalNameType(Enum): 

53 NT_UNKNOWN = 0 

54 NT_PRINCIPAL = 1 

55 NT_SRV_INST = 2 

56 NT_SRV_HST = 3 

57 NT_SRV_XHST = 4 

58 NT_UID = 5 

59 NT_X500_PRINCIPAL = 6 

60 NT_SMTP_NAME = 7 

61 NT_ENTERPRISE = 10 

62 NT_WELLKNOWN = 11 

63 NT_SRV_HST_DOMAIN = 12 

64 NT_MS_PRINCIPAL = -128 

65 NT_MS_PRINCIPAL_AND_ID = -129 

66 NT_ENT_PRINCIPAL_AND_ID = -130 

67 

68class PreAuthenticationDataTypes(Enum): 

69 PA_TGS_REQ = 1 

70 PA_ENC_TIMESTAMP = 2 

71 PA_PW_SALT = 3 

72 PA_ENC_UNIX_TIME = 5 

73 PA_SANDIA_SECUREID = 6 

74 PA_SESAME = 7 

75 PA_OSF_DCE = 8 

76 PA_CYBERSAFE_SECUREID = 9 

77 PA_AFS3_SALT = 10 

78 PA_ETYPE_INFO = 11 

79 PA_SAM_CHALLENGE = 12 

80 PA_SAM_RESPONSE = 13 

81 PA_PK_AS_REQ_OLD = 14 

82 PA_PK_AS_REP_OLD = 15 

83 PA_PK_AS_REQ = 16 

84 PA_PK_AS_REP = 17 

85 PA_ETYPE_INFO2 = 19 

86 PA_USE_SPECIFIED_KVNO = 20 

87 PA_SAM_REDIRECT = 21 

88 PA_GET_FROM_TYPED_DATA = 22 

89 TD_PADATA = 22 

90 PA_SAM_ETYPE_INFO = 23 

91 PA_ALT_PRINC = 24 

92 PA_SAM_CHALLENGE2 = 30 

93 PA_SAM_RESPONSE2 = 31 

94 PA_EXTRA_TGT = 41 

95 TD_PKINIT_CMS_CERTIFICATES = 101 

96 TD_KRB_PRINCIPAL = 102 

97 TD_KRB_REALM = 103 

98 TD_TRUSTED_CERTIFIERS = 104 

99 TD_CERTIFICATE_INDEX = 105 

100 TD_APP_DEFINED_ERROR = 106 

101 TD_REQ_NONCE = 107 

102 TD_REQ_SEQ = 108 

103 PA_PAC_REQUEST = 128 

104 PA_FOR_USER = 129 

105 PA_FX_COOKIE = 133 

106 PA_FX_FAST = 136 

107 PA_FX_ERROR = 137 

108 PA_ENCRYPTED_CHALLENGE = 138 

109 KERB_KEY_LIST_REQ = 161 

110 KERB_KEY_LIST_REP = 162 

111 PA_SUPPORTED_ENCTYPES = 165 

112 PA_PAC_OPTIONS = 167 

113 

114class AddressType(Enum): 

115 IPv4 = 2 

116 Directional = 3 

117 ChaosNet = 5 

118 XNS = 6 

119 ISO = 7 

120 DECNET_Phase_IV = 12 

121 AppleTalk_DDP = 16 

122 NetBios = 20 

123 IPv6 = 24 

124 

125# 3.1.5.9 Key Usage Numbers 

126KERB_NON_KERB_SALT = 16 

127KERB_NON_KERB_CKSUM_SALT = 17 

128 

129# 7.5.4. Authorization Data Types 

130class AuthorizationDataType(Enum): 

131 AD_IF_RELEVANT = 1 

132 AD_INTENDED_FOR_SERVER = 2 

133 AD_INTENDED_FOR_APPLICATION_CLASS = 3 

134 AD_KDC_ISSUED = 4 

135 AD_AND_OR = 5 

136 AD_MANDATORY_TICKET_EXTENSIONS = 6 

137 AD_IN_TICKET_EXTENSIONS = 7 

138 AD_MANDATORY_FOR_KDC = 8 

139 #Reserved values = 9-63 

140 OSF_DCE = 64 

141 SESAME = 65 

142 AD_OSF_DCE_PKI_CERTID = 66 

143 AD_WIN2K_PAC = 128 

144 AD_ETYPE_NEGOTIATION = 129 

145 

146# 7.5.5. Transited Encoding Types 

147class TransitedEncodingTypes(Enum): 

148 DOMAIN_X500_COMPRESS = 1 

149 

150# 7.5.6. Protocol Version Number 

151class ProtocolVersionNumber(Enum): 

152 pvno = 5 

153 

154# 7.5.7. Kerberos Message Types 

155class KerberosMessageTypes(Enum): 

156 KRB_AS_REQ = 10 # Request for initial authentication 

157 KRB_AS_REP = 11 # Response to KRB_AS_REQ request 

158 KRB_TGS_REQ = 12 # Request for authentication based on TGT 

159 KRB_TGS_REP = 13 # Response to KRB_TGS_REQ request 

160 KRB_AP_REQ = 14 # Application request to server 

161 KRB_AP_REP = 15 # Response to KRB_AP_REQ_MUTUAL 

162 KRB_RESERVED16 = 16 # Reserved for user-to-user krb_tgt_request 

163 KRB_RESERVED17 = 17 # Reserved for user-to-user krb_tgt_reply 

164 KRB_SAFE = 20 # Safe (checksummed) application message 

165 KRB_PRIV = 21 # Private (encrypted) application message 

166 KRB_CRED = 22 # Private (encrypted) message to forward 

167 # credentials 

168 KRB_ERROR = 30 # Error response 

169 

170# 7.5.8. Name Types 

171class NameTypes(Enum): 

172 KRB_NT_UNKNOWN = 0 # Name type not known 

173 KRB_NT_PRINCIPAL = 1 # Just the name of the principal as in DCE, 

174 # or for users 

175 KRB_NT_SRV_INST = 2 # Service and other unique instance (krbtgt) 

176 KRB_NT_SRV_HST = 3 # Service with host name as instance 

177 # (telnet, rcommands) 

178 KRB_NT_SRV_XHST = 4 # Service with host as remaining components 

179 KRB_NT_UID = 5 # Unique ID 

180 KRB_NT_X500_PRINCIPAL = 6 # Encoded X.509 Distinguished name [RFC2253] 

181 KRB_NT_SMTP_NAME = 7 # Name in form of SMTP email name 

182 # (e.g., user@example.com) 

183 KRB_NT_ENTERPRISE = 10 # Enterprise name; may be mapped to 

184 # principal name 

185 # Other Name Types 

186 KRB_NT_WELLKNOWN = 11 

187 KRB_NT_SRV_HST_DOMAIN = 12 

188 KRB_NT_MS_PRINCIPAL = -128 

189 KRB_NT_MS_PRINCIPAL_AND_ID = -129 

190 KRB_NT_ENT_PRINCIPAL_AND_ID = -130 

191 

192# 7.5.9. Error Codes 

193class ErrorCodes(Enum): 

194 KDC_ERR_NONE = 0 # No error 

195 KDC_ERR_NAME_EXP = 1 # Client's entry in database 

196 # has expired 

197 KDC_ERR_SERVICE_EXP = 2 # Server's entry in database 

198 # has expired 

199 KDC_ERR_BAD_PVNO = 3 # Requested protocol version 

200 # number not supported 

201 KDC_ERR_C_OLD_MAST_KVNO = 4 # Client's key encrypted in 

202 # old master key 

203 KDC_ERR_S_OLD_MAST_KVNO = 5 # Server's key encrypted in 

204 # old master key 

205 KDC_ERR_C_PRINCIPAL_UNKNOWN = 6 # Client not found in 

206 # Kerberos database 

207 KDC_ERR_S_PRINCIPAL_UNKNOWN = 7 # Server not found in 

208 # Kerberos database 

209 KDC_ERR_PRINCIPAL_NOT_UNIQUE = 8 # Multiple principal entries 

210 # in database 

211 KDC_ERR_NULL_KEY = 9 # The client or server has a 

212 # null key 

213 KDC_ERR_CANNOT_POSTDATE = 10 # Ticket not eligible for 

214 # postdating 

215 KDC_ERR_NEVER_VALID = 11 # Requested starttime is 

216 # later than end time 

217 KDC_ERR_POLICY = 12 # KDC policy rejects request 

218 KDC_ERR_BADOPTION = 13 # KDC cannot accommodate 

219 # requested option 

220 KDC_ERR_ETYPE_NOSUPP = 14 # KDC has no support for 

221 # encryption type 

222 KDC_ERR_SUMTYPE_NOSUPP = 15 # KDC has no support for 

223 # checksum type 

224 KDC_ERR_PADATA_TYPE_NOSUPP = 16 # KDC has no support for 

225 # padata type 

226 KDC_ERR_TRTYPE_NOSUPP = 17 # KDC has no support for 

227 # transited type 

228 KDC_ERR_CLIENT_REVOKED = 18 # Clients credentials have 

229 # been revoked 

230 KDC_ERR_SERVICE_REVOKED = 19 # Credentials for server have 

231 # been revoked 

232 KDC_ERR_TGT_REVOKED = 20 # TGT has been revoked 

233 KDC_ERR_CLIENT_NOTYET = 21 # Client not yet valid; try 

234 # again later 

235 KDC_ERR_SERVICE_NOTYET = 22 # Server not yet valid; try 

236 # again later 

237 KDC_ERR_KEY_EXPIRED = 23 # Password has expired; 

238 # change password to reset 

239 KDC_ERR_PREAUTH_FAILED = 24 # Pre-authentication 

240 # information was invalid 

241 KDC_ERR_PREAUTH_REQUIRED = 25 # Additional pre- 

242 # authentication required 

243 KDC_ERR_SERVER_NOMATCH = 26 # Requested server and ticket 

244 # don't match 

245 KDC_ERR_MUST_USE_USER2USER = 27 # Server principal valid for 

246 # user2user only 

247 KDC_ERR_PATH_NOT_ACCEPTED = 28 # KDC Policy rejects 

248 # transited path 

249 KDC_ERR_SVC_UNAVAILABLE = 29 # A service is not available 

250 KRB_AP_ERR_BAD_INTEGRITY = 31 # Integrity check on 

251 # decrypted field failed 

252 KRB_AP_ERR_TKT_EXPIRED = 32 # Ticket expired 

253 KRB_AP_ERR_TKT_NYV = 33 # Ticket not yet valid 

254 KRB_AP_ERR_REPEAT = 34 # Request is a replay 

255 KRB_AP_ERR_NOT_US = 35 # The ticket isn't for us 

256 KRB_AP_ERR_BADMATCH = 36 # Ticket and authenticator 

257 # don't match 

258 KRB_AP_ERR_SKEW = 37 # Clock skew too great 

259 KRB_AP_ERR_BADADDR = 38 # Incorrect net address 

260 KRB_AP_ERR_BADVERSION = 39 # Protocol version mismatch 

261 KRB_AP_ERR_MSG_TYPE = 40 # Invalid msg type 

262 KRB_AP_ERR_MODIFIED = 41 # Message stream modified 

263 KRB_AP_ERR_BADORDER = 42 # Message out of order 

264 KRB_AP_ERR_BADKEYVER = 44 # Specified version of key is 

265 # not available 

266 KRB_AP_ERR_NOKEY = 45 # Service key not available 

267 KRB_AP_ERR_MUT_FAIL = 46 # Mutual authentication 

268 # failed 

269 KRB_AP_ERR_BADDIRECTION = 47 # Incorrect message direction 

270 KRB_AP_ERR_METHOD = 48 # Alternative authentication 

271 # method required 

272 KRB_AP_ERR_BADSEQ = 49 # Incorrect sequence number 

273 # in message 

274 KRB_AP_ERR_INAPP_CKSUM = 50 # Inappropriate type of 

275 # checksum in message 

276 KRB_AP_PATH_NOT_ACCEPTED = 51 # Policy rejects transited 

277 # path 

278 KRB_ERR_RESPONSE_TOO_BIG = 52 # Response too big for UDP; 

279 # retry with TCP 

280 KRB_ERR_GENERIC = 60 # Generic error (description 

281 # in e-text) 

282 KRB_ERR_FIELD_TOOLONG = 61 # Field is too long for this 

283 # implementation 

284 KDC_ERROR_CLIENT_NOT_TRUSTED = 62 # Reserved for PKINIT 

285 KDC_ERROR_KDC_NOT_TRUSTED = 63 # Reserved for PKINIT 

286 KDC_ERROR_INVALID_SIG = 64 # Reserved for PKINIT 

287 KDC_ERR_KEY_TOO_WEAK = 65 # Reserved for PKINIT 

288 KDC_ERR_CERTIFICATE_MISMATCH = 66 # Reserved for PKINIT 

289 KRB_AP_ERR_NO_TGT = 67 # No TGT available to 

290 # validate USER-TO-USER 

291 KDC_ERR_WRONG_REALM = 68 # Reserved for future use 

292 KRB_AP_ERR_USER_TO_USER_REQUIRED = 69 # Ticket must be for 

293 # USER-TO-USER 

294 KDC_ERR_CANT_VERIFY_CERTIFICATE = 70 # Reserved for PKINIT 

295 KDC_ERR_INVALID_CERTIFICATE = 71 # Reserved for PKINIT 

296 KDC_ERR_REVOKED_CERTIFICATE = 72 # Reserved for PKINIT 

297 KDC_ERR_REVOCATION_STATUS_UNKNOWN = 73 # Reserved for PKINIT 

298 KDC_ERR_REVOCATION_STATUS_UNAVAILABLE = 74 # Reserved for PKINIT 

299 KDC_ERR_CLIENT_NAME_MISMATCH = 75 # Reserved for PKINIT 

300 KDC_ERR_KDC_NAME_MISMATCH = 76 # Reserved for PKINIT 

301 

302ERROR_MESSAGES = { 

303 0 : ('KDC_ERR_NONE', 'No error'), 

304 1 : ('KDC_ERR_NAME_EXP', 'Client\'s entry in database has expired'), 

305 2 : ('KDC_ERR_SERVICE_EXP', 'Server\'s entry in database has expired'), 

306 3 : ('KDC_ERR_BAD_PVNO', 'Requested protocol version number not supported'), 

307 4 : ('KDC_ERR_C_OLD_MAST_KVNO', 'Client\'s key encrypted in old master key'), 

308 5 : ('KDC_ERR_S_OLD_MAST_KVNO', 'Server\'s key encrypted in old master key'), 

309 6 : ('KDC_ERR_C_PRINCIPAL_UNKNOWN', 'Client not found in Kerberos database'), 

310 7 : ('KDC_ERR_S_PRINCIPAL_UNKNOWN', 'Server not found in Kerberos database'), 

311 8 : ('KDC_ERR_PRINCIPAL_NOT_UNIQUE', 'Multiple principal entries in database'), 

312 9 : ('KDC_ERR_NULL_KEY', 'The client or server has a null key'), 

313 10 : ('KDC_ERR_CANNOT_POSTDATE', 'Ticket not eligible for postdating'), 

314 11 : ('KDC_ERR_NEVER_VALID', 'Requested starttime is later than end time'), 

315 12 : ('KDC_ERR_POLICY', 'KDC policy rejects request'), 

316 13 : ('KDC_ERR_BADOPTION', 'KDC cannot accommodate requested option'), 

317 14 : ('KDC_ERR_ETYPE_NOSUPP', 'KDC has no support for encryption type'), 

318 15 : ('KDC_ERR_SUMTYPE_NOSUPP', 'KDC has no support for checksum type'), 

319 16 : ('KDC_ERR_PADATA_TYPE_NOSUPP', 'KDC has no support for padata type'), 

320 17 : ('KDC_ERR_TRTYPE_NOSUPP', 'KDC has no support for transited type'), 

321 18 : ('KDC_ERR_CLIENT_REVOKED', 'Clients credentials have been revoked'), 

322 19 : ('KDC_ERR_SERVICE_REVOKED', 'Credentials for server have been revoked'), 

323 20 : ('KDC_ERR_TGT_REVOKED', 'TGT has been revoked'), 

324 21 : ('KDC_ERR_CLIENT_NOTYET', 'Client not yet valid; try again later'), 

325 22 : ('KDC_ERR_SERVICE_NOTYET', 'Server not yet valid; try again later'), 

326 23 : ('KDC_ERR_KEY_EXPIRED', 'Password has expired; change password to reset'), 

327 24 : ('KDC_ERR_PREAUTH_FAILED', 'Pre-authentication information was invalid'), 

328 25 : ('KDC_ERR_PREAUTH_REQUIRED', 'Additional pre-authentication required'), 

329 26 : ('KDC_ERR_SERVER_NOMATCH', 'Requested server and ticket don\'t match'), 

330 27 : ('KDC_ERR_MUST_USE_USER2USER', 'Server principal valid for user2user only'), 

331 28 : ('KDC_ERR_PATH_NOT_ACCEPTED', 'KDC Policy rejects transited path'), 

332 29 : ('KDC_ERR_SVC_UNAVAILABLE', 'A service is not available'), 

333 31 : ('KRB_AP_ERR_BAD_INTEGRITY', 'Integrity check on decrypted field failed'), 

334 32 : ('KRB_AP_ERR_TKT_EXPIRED', 'Ticket expired'), 

335 33 : ('KRB_AP_ERR_TKT_NYV', 'Ticket not yet valid'), 

336 34 : ('KRB_AP_ERR_REPEAT', 'Request is a replay'), 

337 35 : ('KRB_AP_ERR_NOT_US', 'The ticket isn\'t for us'), 

338 36 : ('KRB_AP_ERR_BADMATCH', 'Ticket and authenticator don\'t match'), 

339 37 : ('KRB_AP_ERR_SKEW', 'Clock skew too great'), 

340 38 : ('KRB_AP_ERR_BADADDR', 'Incorrect net address'), 

341 39 : ('KRB_AP_ERR_BADVERSION', 'Protocol version mismatch'), 

342 40 : ('KRB_AP_ERR_MSG_TYPE', 'Invalid msg type'), 

343 41 : ('KRB_AP_ERR_MODIFIED', 'Message stream modified'), 

344 42 : ('KRB_AP_ERR_BADORDER', 'Message out of order'), 

345 44 : ('KRB_AP_ERR_BADKEYVER', 'Specified version of key is not available'), 

346 45 : ('KRB_AP_ERR_NOKEY', 'Service key not available'), 

347 46 : ('KRB_AP_ERR_MUT_FAIL', 'Mutual authentication failed'), 

348 47 : ('KRB_AP_ERR_BADDIRECTION', 'Incorrect message direction'), 

349 48 : ('KRB_AP_ERR_METHOD', 'Alternative authentication method required'), 

350 49 : ('KRB_AP_ERR_BADSEQ', 'Incorrect sequence number in message'), 

351 50 : ('KRB_AP_ERR_INAPP_CKSUM', 'Inappropriate type of checksum in message'), 

352 51 : ('KRB_AP_PATH_NOT_ACCEPTED', 'Policy rejects transited path'), 

353 52 : ('KRB_ERR_RESPONSE_TOO_BIG', 'Response too big for UDP; retry with TCP'), 

354 60 : ('KRB_ERR_GENERIC', 'Generic error (description in e-text)'), 

355 61 : ('KRB_ERR_FIELD_TOOLONG', 'Field is too long for this implementation'), 

356 62 : ('KDC_ERROR_CLIENT_NOT_TRUSTED', 'Reserved for PKINIT'), 

357 63 : ('KDC_ERROR_KDC_NOT_TRUSTED', 'Reserved for PKINIT'), 

358 64 : ('KDC_ERROR_INVALID_SIG', 'Reserved for PKINIT'), 

359 65 : ('KDC_ERR_KEY_TOO_WEAK', 'Reserved for PKINIT'), 

360 66 : ('KDC_ERR_CERTIFICATE_MISMATCH', 'Reserved for PKINIT'), 

361 67 : ('KRB_AP_ERR_NO_TGT', 'No TGT available to validate USER-TO-USER'), 

362 68 : ('KDC_ERR_WRONG_REALM', 'Reserved for future use'), 

363 69 : ('KRB_AP_ERR_USER_TO_USER_REQUIRED', 'Ticket must be for USER-TO-USER'), 

364 70 : ('KDC_ERR_CANT_VERIFY_CERTIFICATE', 'Reserved for PKINIT'), 

365 71 : ('KDC_ERR_INVALID_CERTIFICATE', 'Reserved for PKINIT'), 

366 72 : ('KDC_ERR_REVOKED_CERTIFICATE', 'Reserved for PKINIT'), 

367 73 : ('KDC_ERR_REVOCATION_STATUS_UNKNOWN', 'Reserved for PKINIT'), 

368 74 : ('KDC_ERR_REVOCATION_STATUS_UNAVAILABLE', 'Reserved for PKINIT'), 

369 75 : ('KDC_ERR_CLIENT_NAME_MISMATCH', 'Reserved for PKINIT'), 

370 76 : ('KDC_ERR_KDC_NAME_MISMATCH', 'Reserved for PKINIT'), 

371} 

372 

373class TicketFlags(Enum): 

374 reserved = 0 

375 forwardable = 1 

376 forwarded = 2 

377 proxiable = 3 

378 proxy = 4 

379 may_postdate = 5 

380 postdated = 6 

381 invalid = 7 

382 renewable = 8 

383 initial = 9 

384 pre_authent = 10 

385 hw_authent = 11 

386 transited_policy_checked = 12 

387 ok_as_delegate = 13 

388 enc_pa_rep = 15 

389 anonymous = 16 

390 

391class KDCOptions(Enum): 

392 reserved = 0 

393 forwardable = 1 

394 forwarded = 2 

395 proxiable = 3 

396 proxy = 4 

397 allow_postdate = 5 

398 postdated = 6 

399 unused7 = 7 

400 renewable = 8 

401 unused9 = 9 

402 unused10 = 10 

403 opt_hardware_auth = 11 

404 unused12 = 12 

405 unused13 = 13 

406 cname_in_addl_tkt = 14 

407 canonicalize = 15 

408 disable_transited_check = 26 

409 renewable_ok = 27 

410 enc_tkt_in_skey = 28 

411 renew = 30 

412 validate = 31 

413 

414class APOptions(Enum): 

415 reserved = 0 

416 use_session_key = 1 

417 mutual_required = 2 

418 

419class PAPacOptions(Enum): 

420 # [MS-KILE] 2.2.10 

421 claims = 0 

422 branch_aware = 1 

423 forward_to_full_dc = 2 

424 # [MS-SFU] 2.2.5 

425 resource_based_constrained_delegation = 3 

426 

427class EncryptionTypes(Enum): 

428 des_cbc_crc = 1 

429 des_cbc_md4 = 2 

430 des_cbc_md5 = 3 

431 _reserved_4 = 4 

432 des3_cbc_md5 = 5 

433 _reserved_6 = 6 

434 des3_cbc_sha1 = 7 

435 dsaWithSHA1_CmsOID = 9 

436 md5WithRSAEncryption_CmsOID = 10 

437 sha1WithRSAEncryption_CmsOID = 11 

438 rc2CBC_EnvOID = 12 

439 rsaEncryption_EnvOID = 13 

440 rsaES_OAEP_ENV_OID = 14 

441 des_ede3_cbc_Env_OID = 15 

442 des3_cbc_sha1_kd = 16 

443 aes128_cts_hmac_sha1_96 = 17 

444 aes256_cts_hmac_sha1_96 = 18 

445 rc4_hmac = 23 

446 rc4_hmac_exp = 24 

447 subkey_keymaterial = 65 

448 rc4_hmac_old_exp = -135 

449 

450class ChecksumTypes(Enum): 

451 rsa_md5_des = 8 

452 rsa_md4_des = 4 

453 hmac_md5 = -138 

454 hmac_sha1_des3_kd = 12 

455 hmac_sha1_96_aes128 = 15 

456 hmac_sha1_96_aes256 = 16