-- Module H235-SECURITY-MESSAGES (H.235.0:01/2014)
-- See also ITU-T H.235.0 (01/2014)
-- See also the index of all ASN.1 assignments needed in this document
H235-SECURITY-MESSAGES DEFINITIONS AUTOMATIC TAGS ::=
BEGIN
-- EXPORTS All
ChallengeString ::= OCTET STRING(SIZE (8..128))
TimeStamp ::= INTEGER(1..4294967295) -- seconds since 00:00
-- 1/1/1970 UTC
RandomVal ::= INTEGER -- 32-bit Integer
Password ::= BMPString(SIZE (1..128))
Identifier ::= BMPString(SIZE (1..128))
KeyMaterial ::= BIT STRING(SIZE (1..2048))
KeyMaterialExt ::= BIT STRING(SIZE (2049..65536))
NonStandardParameter ::= SEQUENCE {
nonStandardIdentifier OBJECT IDENTIFIER,
data OCTET STRING
}
-- if local octet representations of these bit strings are used they shall
-- utilize standard Network Octet ordering (e.g., Big Endian)
-- for keylengths up to 2048
DHset ::= SEQUENCE {
halfkey BIT STRING(SIZE (0..2048)), -- = g^x mod n
modSize BIT STRING(SIZE (0..2048)), -- n
generator BIT STRING(SIZE (0..2048)), -- g
...
}
-- for keylengths exceeding 2048
DHsetExt ::= SEQUENCE {
halfkey BIT STRING(SIZE (2049..65536)), -- = g^x mod n
modSize BIT STRING(SIZE (2049..65536)) OPTIONAL, -- n
generator BIT STRING(SIZE (2049..65536)) OPTIONAL, -- g
...
}
ECpoint ::= SEQUENCE {
x BIT STRING(SIZE (0..511)) OPTIONAL,
y BIT STRING(SIZE (0..511)) OPTIONAL,
...
} -- uncompressed (x, y) affine coordinate representation of
-- an elliptic curve point
ECKASDH ::=
CHOICE -- parameters for elliptic curve key agreement scheme Diffie-Hellman
{
eckasdhp
SEQUENCE {public-key ECpoint, -- This field contains representation of --
-- the ECKAS-DHp public key value. This field contains the
-- initiator's ECKAS-DHp public key value (aP) when this
-- information element is sent from originator to receiver. This
-- field contains the responder's ECKAS-DHp public key value (bP)
-- when this information element is sent back from receiver to
-- originator.
modulus BIT STRING(SIZE (0..511)), -- This field contains representation of the ECKAS-DHp public modulus value (p).--
base ECpoint, -- This field contains representation of the ECKAS-DHp public base (P). --
weierstrassA BIT STRING(SIZE (0..511)), -- This field contains representation of the ECKAS-DHp Weierstrass coefficient (a). --
weierstrassB BIT STRING(SIZE (0..511)) -- This field contains representation of the ECKAS-DHp Weierstrass coefficient (b).
}, -- parameters for elliptic curves of prime field
eckasdh2
SEQUENCE {public-key ECpoint, -- This field contains representation of --
-- the ECKAS-DH2 public key value.
-- This field contains the initiator's ECKAS-DH2 public key value
-- (aP) when this information element is sent from originator to
-- receiver. This field contains the responder's ECKAS-DH2 public
-- key value (bP) when this information element is sent back from
-- receiver to originator.
fieldSize BIT STRING(SIZE (0..511)), -- This field contains representation of the ECKAS-DH2 field size value (m). --
base ECpoint, -- This field contains representation of the ECKAS-DH2 public base (P). --
weierstrassA BIT STRING(SIZE (0..511)), -- This field contains representation of the ECKAS-DH2 Weierstrass coefficient (a). --
weierstrassB BIT STRING(SIZE (0..511)) -- This field contains representation of the ECKAS-DH2 Weierstrass coefficient (b).
}, -- parameters for elliptic curves of characteristic 2
...
}
ECGDSASignature ::= SEQUENCE {
r BIT STRING(SIZE (0..511)), -- This field contains the
-- representation of the r component of the ECGDSA digital
-- signature.
s BIT STRING(SIZE (0..511))
} -- parameters for elliptic curve digital signature
-- algorithm
-- This field contains the
-- representation of the s component of the ECGDSA digital
-- signature.
TypedCertificate ::= SEQUENCE {
type OBJECT IDENTIFIER,
certificate OCTET STRING,
...
}
AuthenticationBES ::= CHOICE {
default NULL, -- encrypted ClearToken
radius NULL, -- RADIUS-challenge/response
...
}
AuthenticationMechanism ::= CHOICE {
dhExch NULL, -- Diffie-Hellman
pwdSymEnc NULL, -- password with symmetric encryption
pwdHash NULL, -- password with hashing
certSign NULL, -- Certificate with signature
ipsec NULL, -- IPSEC based connection
tls NULL,
nonStandard NonStandardParameter, -- something else.
...,
authenticationBES AuthenticationBES, -- user authentication for BES
keyExch OBJECT IDENTIFIER
} -- key exchange profile
ClearToken ::= SEQUENCE {
tokenOID OBJECT IDENTIFIER,
timeStamp TimeStamp OPTIONAL,
password Password OPTIONAL,
dhkey DHset OPTIONAL, -- for keylengths up to 2048
challenge ChallengeString OPTIONAL,
random RandomVal OPTIONAL,
certificate TypedCertificate OPTIONAL,
generalID Identifier OPTIONAL,
nonStandard NonStandardParameter OPTIONAL,
...,
eckasdhkey ECKASDH OPTIONAL, -- elliptic curve Key Agreement
-- Scheme-Diffie Hellman Analogue
-- (ECKAS-DH)
sendersID Identifier OPTIONAL,
h235Key H235Key OPTIONAL, -- central distributed key in V3
profileInfo SEQUENCE OF ProfileElement OPTIONAL, -- profile-specific
dhkeyext DHsetExt OPTIONAL -- for keylengths exceeding 2048
} -- a "token" may contain multiple value types.
-- An object identifier should be placed in the tokenOID field when a
-- ClearToken is included directly in a message (as opposed to being
-- encrypted). In all other cases, an application should use the
-- object identifier { 0 0 } to indicate that the tokenOID value is not
-- present.
-- Start all the cryptographic parameterized types here...
--
ProfileElement ::= SEQUENCE {
elementID INTEGER(0..255), -- element identifier, as defined by
-- profile
paramS Params OPTIONAL, -- any element-specific parameters
element Element OPTIONAL, -- value in required form
...
}
Element ::= CHOICE {
octets OCTET STRING,
integer INTEGER,
bits BIT STRING,
name BMPString,
flag BOOLEAN,
...
}
SIGNED{ToBeSigned} ::= SEQUENCE {
toBeSigned ToBeSigned,
algorithmOID OBJECT IDENTIFIER,
paramS Params, -- any "runtime" parameters
signature BIT STRING -- could be an RSA or an ASN.1 coded ECGDSA Signature
}(CONSTRAINED BY { -- Verify or Sign Certificate --})
ENCRYPTED{ToBeEncrypted} ::= SEQUENCE {
algorithmOID OBJECT IDENTIFIER,
paramS Params, -- any "runtime" parameters
encryptedData OCTET STRING
}(CONSTRAINED BY { -- Encrypt or Decrypt --ToBeEncrypted})
HASHED{ToBeHashed} ::= SEQUENCE {
algorithmOID OBJECT IDENTIFIER,
paramS Params, -- any "runtime" parameters
hash BIT STRING
}(CONSTRAINED BY { -- Hash --ToBeHashed})
IV8 ::= OCTET STRING(SIZE (8)) -- initial value for 64-bit block ciphers
IV16 ::= OCTET STRING(SIZE (16)) -- initial value for 128-bit block ciphers
-- signing algorithm used must select one of these types of parameters
-- needed by receiving end of signature.
Params ::= SEQUENCE {
ranInt INTEGER OPTIONAL, -- some integer value
iv8 IV8 OPTIONAL, -- 8-octet initialization vector
...,
iv16 IV16 OPTIONAL, -- 16-octet initialization vector
iv OCTET STRING OPTIONAL, -- arbitrary length initialization vector
clearSalt OCTET STRING OPTIONAL -- unencrypted salting key for encryption
}
EncodedGeneralToken ::=
TYPE-IDENTIFIER.&Type(ClearToken -- general usage token --)
PwdCertToken ::=
ClearToken(WITH COMPONENTS {
...,
timeStamp PRESENT,
generalID PRESENT
})
EncodedPwdCertToken ::= TYPE-IDENTIFIER.&Type(PwdCertToken)
CryptoToken ::= CHOICE {
cryptoEncryptedToken
SEQUENCE {tokenOID OBJECT IDENTIFIER,
token ENCRYPTED{EncodedGeneralToken}}, -- General purpose/application specific token
cryptoSignedToken
SEQUENCE {tokenOID OBJECT IDENTIFIER,
token SIGNED{EncodedGeneralToken}}, -- General purpose/application specific token
cryptoHashedToken
SEQUENCE {tokenOID OBJECT IDENTIFIER,
hashedVals ClearToken,
token HASHED{EncodedGeneralToken}}, -- General purpose/application specific token
cryptoPwdEncr ENCRYPTED{EncodedPwdCertToken},
...
}
-- These allow the passing of session keys within the H.245 OLC structure.
-- They are encoded as standalone ASN.1 and based as an OCTET STRING within
-- H.245
H235Key ::= CHOICE {
secureChannel KeyMaterial, -- For keylengths up to 2048
sharedSecret ENCRYPTED{EncodedKeySyncMaterial},
certProtectedKey SIGNED{EncodedKeySignedMaterial},
...,
secureSharedSecret V3KeySyncMaterial, -- for H.235 V3 endpoints
secureChannelExt KeyMaterialExt -- for keylengths exceeding 2048
} -- This is used with the H.245 or ClearToken "h235Key" field
KeySignedMaterial ::= SEQUENCE {
generalId Identifier, -- slave's alias
mrandom RandomVal, -- master's random value
srandom RandomVal OPTIONAL, -- slave's random value
timeStamp TimeStamp OPTIONAL, -- master's timestamp for unsolicited EU
encrptval ENCRYPTED{EncodedKeySyncMaterial}
}
EncodedKeySignedMaterial ::= TYPE-IDENTIFIER.&Type(KeySignedMaterial)
H235CertificateSignature ::= SEQUENCE {
certificate TypedCertificate,
responseRandom RandomVal,
requesterRandom RandomVal OPTIONAL,
signature SIGNED{EncodedReturnSig},
...
}
ReturnSig ::= SEQUENCE {
generalId Identifier, -- slave's alias
responseRandom RandomVal,
requestRandom RandomVal OPTIONAL,
certificate TypedCertificate OPTIONAL
} -- requested certificate
EncodedReturnSig ::= TYPE-IDENTIFIER.&Type(ReturnSig)
KeySyncMaterial ::= SEQUENCE {
generalID Identifier,
keyMaterial KeyMaterial,
...
}
EncodedKeySyncMaterial ::= TYPE-IDENTIFIER.&Type(KeySyncMaterial)
V3KeySyncMaterial ::= SEQUENCE {
generalID Identifier OPTIONAL, -- peer terminal ID
algorithmOID OBJECT IDENTIFIER OPTIONAL, -- encryption algorithm
paramS Params, -- IV
encryptedSessionKey OCTET STRING OPTIONAL, -- encrypted session key
encryptedSaltingKey OCTET STRING OPTIONAL, -- encrypted media salting
-- key
clearSaltingKey OCTET STRING OPTIONAL, -- unencrypted media salting
-- key
paramSsalt Params OPTIONAL, -- IV (and clear salt) for salting
-- key encryption
keyDerivationOID OBJECT IDENTIFIER OPTIONAL, -- key derivation
-- method
...,
genericKeyMaterial OCTET STRING OPTIONAL
} -- ASN.1-encoded key material
-- form is dependent on associated media encryption tag
END -- End of H235-SECURITY-MESSAGES DEFINITIONS
-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D