windows-nt/Source/XPSP1/NT/net/rras/ip/nath323/h235.asn

179 lines
5 KiB
Plaintext
Raw Permalink Normal View History

2020-09-26 03:20:57 -05:00
--#comment "Copyright (C) Microsoft Corporation, 1995-1999. All rights reserved."--
--#comment "ASN.1 definitions for H.235 Security Messages v1 (H.235)"--
--#SS.basic slinked#-- -- set of and sequence of w/o size constraint
--#SS.sized array#-- -- set of and sequence of w/ size constraint
H235-SECURITY-MESSAGES DEFINITIONS AUTOMATIC TAGS ::=
BEGIN
-- EXPORTS All
ChallengeString ::= OCTET STRING (SIZE(8..128))
TimeStamp ::= INTEGER(1..4294967295) -- seconds since 00:00 1/1/1970 UTC
RandomVal ::= INTEGER
Password ::= BMPString (SIZE (1..128))
Identifier ::= BMPString (SIZE (1..128))
KeyMaterial ::= BIT STRING(SIZE(1..2048))
NonStandardParameter ::= SEQUENCE
{
nonStandardIdentifier OBJECT IDENTIFIER,
data OCTET STRING
}--#type "H235NonStandardParameter"--
-- if local octet representations of these bit strings are used they shall
-- utilize standard Network Octet ordering (e.g. Big Endian)
DHset ::= SEQUENCE
{
halfkey BIT STRING (SIZE(0..2048)), -- = g^x mod n
modSize BIT STRING (SIZE(0..2048)), -- n
generator BIT STRING (SIZE(0..2048)), -- g
...
}
TypedCertificate ::= SEQUENCE
{
type OBJECT IDENTIFIER,
certificate OCTET STRING,
...
}
AuthenticationMechanism ::=CHOICE
{
dhExch NULL, -- Diffe-Hellman
pwdSymEnc NULL, -- password with symmetric encryption
pwdHash NULL, -- password with hashing
certSign NULL, -- Certificate with signature
ipsec NULL, -- IPSEC based connection
tls NULL,
nonStandard NonStandardParameter, -- something else.
...
}
ClearToken ::= SEQUENCE -- a `token' may contain multiple value types.
{
tokenOID OBJECT IDENTIFIER,
timeStamp TimeStamp OPTIONAL,
password Password OPTIONAL,
dhkey DHset OPTIONAL,
challenge ChallengeString OPTIONAL,
random RandomVal OPTIONAL,
certificate TypedCertificate OPTIONAL,
generalID Identifier OPTIONAL,
nonStandard NonStandardParameter OPTIONAL,
...
}
--
-- Start all the cryptographic parameterized types here....
--
SIGNED { ToBeSigned } ::= SEQUENCE {
toBeSigned ToBeSigned,
algorithmOID OBJECT IDENTIFIER,
paramS Params, -- any 'runtime' parameters
signature BIT STRING
} ( CONSTRAINED BY { -- Verify or Sign Certificate -- } )
ENCRYPTED { ToBeEncrypted } ::= SEQUENCE {
algorithmOID OBJECT IDENTIFIER,
paramS Params, -- any 'runtime' parameters
encryptedData OCTET STRING
} ( CONSTRAINED BY { -- Encrypt or Decrypt -- ToBeEncrypted } )
HASHED { ToBeHashed } ::= SEQUENCE {
algorithmOID OBJECT IDENTIFIER,
paramS Params, -- any 'runtime' parameters
hash BIT STRING
} ( CONSTRAINED BY { -- Hash -- ToBeHashed } )
IV8 ::= OCTET STRING (SIZE(8))
-- signing algorithm used must select one of these types of parameters
-- needed by receiving end of signature.
Params ::= SEQUENCE {
ranInt INTEGER OPTIONAL, -- some integer value
iv8 IV8 OPTIONAL, -- 8 octet initialization vector
...
}
EncodedGeneralToken ::= TYPE-IDENTIFIER.&Type (ClearToken -- general usage token -- )
PwdCertToken ::= ClearToken (WITH COMPONENTS {..., timeStamp PRESENT, generalID PRESENT})
EncodedPwdCertToken ::= TYPE-IDENTIFIER.&Type (PwdCertToken)
CryptoToken::= CHOICE
{
cryptoEncryptedToken SEQUENCE -- General purpose/application specific token
{
tokenOID OBJECT IDENTIFIER,
token ENCRYPTED { EncodedGeneralToken }
},
cryptoSignedToken SEQUENCE -- General purpose/application specific token
{
tokenOID OBJECT IDENTIFIER,
token SIGNED { EncodedGeneralToken }
},
cryptoHashedToken SEQUENCE -- General purpose/application specific token
{
tokenOID OBJECT IDENTIFIER,
hashedVals ClearToken,
token HASHED { EncodedGeneralToken }
},
cryptoPwdEncr ENCRYPTED { EncodedPwdCertToken },
...
}
-- These allow the passing of session keys within the H.245 OLC structure.
-- They are encoded as standalone ASN.1 and based as an OCTET STRING within H.245
H235Key ::=CHOICE -- this is used with the H.245 'h235Key' field
{
secureChannel KeyMaterial,
sharedSecret ENCRYPTED {EncodedKeySyncMaterial},
certProtectedKey SIGNED { EncodedKeySignedMaterial },
...
}
KeySignedMaterial ::= SEQUENCE {
generalId Identifier, -- slave's alias
mrandom RandomVal, -- master's random value
srandom RandomVal OPTIONAL, -- slave's random value
timeStamp TimeStamp OPTIONAL, -- master's timestamp for unsolicted EU
encrptval ENCRYPTED {EncodedKeySyncMaterial }
}
EncodedKeySignedMaterial ::= TYPE-IDENTIFIER.&Type (KeySignedMaterial)
KeySyncMaterial ::=SEQUENCE
{
generalID Identifier,
keyMaterial KeyMaterial,
...
}
EncodedKeySyncMaterial ::=TYPE-IDENTIFIER.&Type (KeySyncMaterial)
H235CertificateSignature ::=SEQUENCE
{
certificate TypedCertificate,
responseRandom RandomVal,
requesterRandom RandomVal OPTIONAL,
signature SIGNED { EncodedReturnSig },
...
}
ReturnSig ::= SEQUENCE {
generalId Identifier, -- slave's alias
responseRandom RandomVal,
requestRandom RandomVal OPTIONAL,
certificate TypedCertificate OPTIONAL -- requested certificate
}
EncodedReturnSig ::= TYPE-IDENTIFIER.&Type (ReturnSig)
END -- End of H235-SECURITY-MESSAGES DEFINITIONS