aboutsummaryrefslogtreecommitdiffstats
path: root/lib/asn1/test/asn1_SUITE_data/H235-SECURITY-MESSAGES.asn
blob: 3401f9599f588f2fa028e46425b8720b11b32648 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
H235-SECURITY-MESSAGES DEFINITIONS AUTOMATIC TAGS ::=
BEGIN

-- EXPORTS All

ChallengeString	::= OCTET STRING (SIZE(8..128))
TimeStamp			::= INTEGER(1..4294967295) -- seconds since 00:00 1/1/1970 UTC
RandomVal			::= INTEGER
Password				::= BMPString (SIZE (1..128))
Identifier			::= BMPString (SIZE (1..128))
KeyMaterial			::= BIT STRING(SIZE(1..2048))

NonStandardParameter ::= SEQUENCE
{
	nonStandardIdentifier	OBJECT IDENTIFIER,
	data			OCTET STRING
}

-- if local octet representations of these bit strings are used they shall 
-- utilize standard Network Octet ordering (e.g. Big Endian)
DHset ::= SEQUENCE  
{
	halfkey		BIT STRING (SIZE(0..2048)), -- = g^x mod n
	modSize		BIT STRING (SIZE(0..2048)), --  n
	generator	BIT STRING (SIZE(0..2048)), -- g
	...
}

TypedCertificate ::= SEQUENCE
{
	type			OBJECT IDENTIFIER,
	certificate	OCTET STRING,
	...
}

AuthenticationMechanism	 ::=CHOICE 
{
	dhExch     	NULL, -- Diffe-Hellman
	pwdSymEnc	NULL, -- password with symmetric encryption
	pwdHash		NULL, -- password with hashing
	certSign		NULL, -- Certificate with signature
	ipsec		NULL, -- IPSEC based connection
	tls			NULL,
	nonStandard 	NonStandardParameter, -- something else.
	...
}

ClearToken		::= SEQUENCE  -- a `token' may contain multiple value types.
{	
	timeStamp		TimeStamp OPTIONAL,
	password			Password OPTIONAL,
	dhkey			DHset OPTIONAL,
	challenge		ChallengeString OPTIONAL,
	random			RandomVal OPTIONAL,
	certificate		TypedCertificate OPTIONAL,
	generalID		Identifier OPTIONAL,
	nonStandard 		NonStandardParameter OPTIONAL,
	...
}

--
-- Start all the cryptographic parameterized types here....
--


SIGNED { ToBeSigned } ::= SEQUENCE {
   toBeSigned  	ToBeSigned,
   algorithmOID  OBJECT IDENTIFIER, 
   paramS 		Params,	-- any 'runtime' parameters
   signature   	BIT STRING
} ( CONSTRAINED BY { -- Verify or Sign Certificate -- } )


ENCRYPTED { ToBeEncrypted } ::= SEQUENCE {
   algorithmOID  	OBJECT IDENTIFIER, 
   paramS 			Params,	-- any 'runtime' parameters
   encryptedData  	OCTET STRING
} ( CONSTRAINED BY { -- Encrypt or Decrypt -- ToBeEncrypted } )

HASHED { ToBeHashed } ::= SEQUENCE {
   algorithmOID  	OBJECT IDENTIFIER, 
   paramS 			Params,	-- any 'runtime' parameters
   hash				BIT STRING
} ( CONSTRAINED BY { -- Hash -- ToBeHashed } )

IV8 ::= OCTET STRING (SIZE(8))

-- signing algorithm used must select one of these types of parameters 
-- needed by receiving end of signature.

Params ::= SEQUENCE {
	ranInt	INTEGER OPTIONAL, -- some integer value
	iv8		IV8 OPTIONAL,	-- 8 octet initialization vector
	...
}

EncodedGeneralToken ::= TYPE-IDENTIFIER.&Type (ClearToken -- general usage token -- )
PwdCertToken ::= ClearToken (WITH COMPONENTS {..., timeStamp PRESENT, generalID PRESENT})
EncodedPwdCertToken ::= TYPE-IDENTIFIER.&Type (PwdCertToken) 

CryptoToken::= CHOICE
{

	cryptoEncryptedToken SEQUENCE -- General purpose/application specific token
	{
		tokenOID  	OBJECT IDENTIFIER, 
		token 		ENCRYPTED { EncodedGeneralToken }
	},
	cryptoSignedToken  SEQUENCE -- General purpose/application specific token
	{
		tokenOID  OBJECT IDENTIFIER, 
		token 		SIGNED { EncodedGeneralToken }
	},
	cryptoHashedToken SEQUENCE -- General purpose/application specific token
	{
		tokenOID  		OBJECT IDENTIFIER, 
		hashedVals		ClearToken,
		token HASHED { EncodedGeneralToken }
	},
	cryptoPwdEncr 	ENCRYPTED { EncodedPwdCertToken },
	...
}

-- These allow the passing of session keys within the H.245 OLC structure.
-- They are encoded as standalone ASN.1 and based as an OCTET STRING within H.245
H235Key	::=CHOICE  -- this is used with the H.245 'h235Key' field
{
	secureChannel	KeyMaterial,
	sharedSecret		ENCRYPTED {EncodedKeySyncMaterial},
	certProtectedKey	SIGNED { EncodedKeySignedMaterial },
	...
}

KeySignedMaterial ::= SEQUENCE {
	generalId		Identifier, -- slave's alias
	mrandom	RandomVal, -- master's random value
	srandom	RandomVal OPTIONAL, -- slave's random value
	timeStamp	TimeStamp OPTIONAL, -- master's timestamp for unsolicted EU
	encrptval	ENCRYPTED {EncodedKeySyncMaterial }
}
EncodedKeySignedMaterial ::= TYPE-IDENTIFIER.&Type (KeySignedMaterial)

KeySyncMaterial	::=SEQUENCE
{
	generalID		Identifier,
	keyMaterial 	KeyMaterial,
	...
}
EncodedKeySyncMaterial	::=TYPE-IDENTIFIER.&Type (KeySyncMaterial)

H235CertificateSignature	::=SEQUENCE
{
	certificate			TypedCertificate,
	responseRandom		RandomVal,
	requesterRandom	RandomVal OPTIONAL,
	signature			SIGNED { EncodedReturnSig },
	...
}

ReturnSig ::= SEQUENCE {
	generalId			Identifier, -- slave's alias
 	responseRandom 	RandomVal,
 	requestRandom 		RandomVal OPTIONAL,
 	certificate  		TypedCertificate OPTIONAL -- requested certificate
}

EncodedReturnSig ::= TYPE-IDENTIFIER.&Type (ReturnSig)


END	-- End of H235-SECURITY-MESSAGES DEFINITIONS