-- Module H235-SECURITY-MESSAGES (H.235:02/1998)
-- See also ITU-T H.235 (02/1998)
-- See also the index of all ASN.1 assignments needed in this document
H235-SECURITY-MESSAGES DEFINITIONS AUTOMATIC TAGS ::=
BEGIN
-- EXPORTS All
ChallengeString ::= OCTET STRING(SIZE (8..128))
TimeStamp ::= INTEGER(1..4294967295) -- seconds since 00:00 1/1/1970 UTC
RandomVal ::= INTEGER
Password ::= BMPString(SIZE (1..128))
Identifier ::= BMPString(SIZE (1..128))
KeyMaterial ::= BIT STRING(SIZE (1..2048))
NonStandardParameter ::= SEQUENCE {
nonStandardIdentifier OBJECT IDENTIFIER,
data OCTET STRING
}
-- if local octet representations of these bit strings are used they shall
-- utilize standard Network Octet ordering (e.g. Big Endian)
DHset ::= SEQUENCE {
halfkey BIT STRING(SIZE (0..2048)), -- = g^x mod n
modSize BIT STRING(SIZE (0..2048)), -- n
generator BIT STRING(SIZE (0..2048)), -- g
...
}
TypedCertificate ::= SEQUENCE {
type OBJECT IDENTIFIER,
certificate OCTET STRING,
...
}
AuthenticationMechanism ::= CHOICE {
dhExch NULL, -- Diffe-Hellman
pwdSymEnc NULL, -- password with symmetric encryption
pwdHash NULL, -- password with hashing
certSign NULL, -- Certificate with signature
ipsec NULL, -- IPSEC based connection
tls NULL,
nonStandard NonStandardParameter, -- something else.
...
}
ClearToken ::= SEQUENCE -- a "token" may contain multiple value types.
{
timeStamp TimeStamp OPTIONAL,
password Password OPTIONAL,
dhkey DHset OPTIONAL,
challenge ChallengeString OPTIONAL,
random RandomVal OPTIONAL,
certificate TypedCertificate OPTIONAL,
generalID Identifier OPTIONAL,
nonStandard NonStandardParameter OPTIONAL,
...
}
--
-- Start all the cryptographic parameterized types here...
--
SIGNED{ToBeSigned} ::= SEQUENCE {
toBeSigned ToBeSigned,
algorithmOID OBJECT IDENTIFIER,
paramS Params, -- any "runtime" parameters
signature BIT STRING
}(CONSTRAINED BY { -- Verify or Sign Certificate --})
ENCRYPTED{ToBeEncrypted} ::= SEQUENCE {
algorithmOID OBJECT IDENTIFIER,
paramS Params, -- any "runtime" parameters
encryptedData OCTET STRING
}(CONSTRAINED BY { -- Encrypt or Decrypt --ToBeEncrypted})
HASHED{ToBeHashed} ::= SEQUENCE {
algorithmOID OBJECT IDENTIFIER,
paramS Params, -- any "runtime" parameters
hash BIT STRING
}(CONSTRAINED BY { -- Hash --ToBeHashed})
IV8 ::= OCTET STRING(SIZE (8))
-- signing algorithm used must select one of these types of parameters
-- needed by receiving end of signature.
Params ::= SEQUENCE {
ranInt INTEGER OPTIONAL, -- some integer value
iv8 IV8 OPTIONAL, -- 8 octet initialization vector
...
}
EncodedGeneralToken ::= TYPE-IDENTIFIER.&Type(ClearToken)
PwdCertToken ::=
ClearToken(WITH COMPONENTS {
...,
timeStamp PRESENT,
generalID PRESENT
})
EncodedPwdCertToken ::= TYPE-IDENTIFIER.&Type(PwdCertToken)
CryptoToken ::= CHOICE {
cryptoEncryptedToken
SEQUENCE-- General purpose/application specific token-- {tokenOID
OBJECT
IDENTIFIER,
token
ENCRYPTED
{EncodedGeneralToken}
},
cryptoSignedToken
SEQUENCE-- General purpose/application specific token-- {tokenOID
OBJECT
IDENTIFIER,
token
SIGNED
{EncodedGeneralToken}
},
cryptoHashedToken
SEQUENCE-- General purpose/application specific token-- {tokenOID
OBJECT
IDENTIFIER,
hashedVals
ClearToken,
token
HASHED
{EncodedGeneralToken}
},
cryptoPwdEncr ENCRYPTED{EncodedPwdCertToken},
...
}
-- These allow the passing of session keys within the H.245 OLC structure.
-- They are encoded as standalone ASN.1 and based as an OCTET STRING within H.245
H235Key ::= CHOICE -- this is used with the H.245 "h235Key" field
{
secureChannel KeyMaterial,
sharedSecret ENCRYPTED{EncodedKeySyncMaterial},
certProtectedKey SIGNED{EncodedKeySignedMaterial},
...
}
KeySignedMaterial ::= SEQUENCE {
generalId Identifier, -- slave's alias
mrandom RandomVal, -- master's random value
srandom RandomVal OPTIONAL, -- slave's random value
timeStamp TimeStamp OPTIONAL, -- master's timestamp for unsolicited EU
encrptval ENCRYPTED{EncodedKeySyncMaterial}
}
EncodedKeySignedMaterial ::= TYPE-IDENTIFIER.&Type(KeySignedMaterial)
H235CertificateSignature ::= SEQUENCE {
certificate TypedCertificate,
responseRandom RandomVal,
requesterRandom RandomVal OPTIONAL,
signature SIGNED{EncodedReturnSig},
...
}
ReturnSig ::= SEQUENCE {
generalId Identifier, -- slave's alias
responseRandom RandomVal,
requestRandom RandomVal OPTIONAL,
certificate TypedCertificate OPTIONAL -- requested certificate
}
EncodedReturnSig ::= TYPE-IDENTIFIER.&Type(ReturnSig)
KeySyncMaterial ::= SEQUENCE {
generalID Identifier,
keyMaterial KeyMaterial,
...
}
EncodedKeySyncMaterial ::= TYPE-IDENTIFIER.&Type(KeySyncMaterial)
END -- End of H235-SECURITY-MESSAGES DEFINITIONS
-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D