--#comment "Copyright (C) Microsoft Corporation, 1995-1999. All rights reserved."-- --#comment "ASN.1 definitions for H.235 Security Messages v1 (H.235)"-- --#SS.basic slinked#-- -- set of and sequence of w/o size constraint --#SS.sized array#-- -- set of and sequence of w/ size constraint H235-SECURITY-MESSAGES DEFINITIONS AUTOMATIC TAGS ::= BEGIN -- EXPORTS All ChallengeString ::= OCTET STRING (SIZE(8..128)) TimeStamp ::= INTEGER(1..4294967295) -- seconds since 00:00 1/1/1970 UTC RandomVal ::= INTEGER Password ::= BMPString (SIZE (1..128)) Identifier ::= BMPString (SIZE (1..128)) KeyMaterial ::= BIT STRING(SIZE(1..2048)) NonStandardParameter ::= SEQUENCE { nonStandardIdentifier OBJECT IDENTIFIER, data OCTET STRING }--#type "H235NonStandardParameter"-- -- if local octet representations of these bit strings are used they shall -- utilize standard Network Octet ordering (e.g. Big Endian) DHset ::= SEQUENCE { halfkey BIT STRING (SIZE(0..2048)), -- = g^x mod n modSize BIT STRING (SIZE(0..2048)), -- n generator BIT STRING (SIZE(0..2048)), -- g ... } TypedCertificate ::= SEQUENCE { type OBJECT IDENTIFIER, certificate OCTET STRING, ... } AuthenticationMechanism ::=CHOICE { dhExch NULL, -- Diffe-Hellman pwdSymEnc NULL, -- password with symmetric encryption pwdHash NULL, -- password with hashing certSign NULL, -- Certificate with signature ipsec NULL, -- IPSEC based connection tls NULL, nonStandard NonStandardParameter, -- something else. ... } ClearToken ::= SEQUENCE -- a `token' may contain multiple value types. { tokenOID OBJECT IDENTIFIER, timeStamp TimeStamp OPTIONAL, password Password OPTIONAL, dhkey DHset OPTIONAL, challenge ChallengeString OPTIONAL, random RandomVal OPTIONAL, certificate TypedCertificate OPTIONAL, generalID Identifier OPTIONAL, nonStandard NonStandardParameter OPTIONAL, ... } -- -- Start all the cryptographic parameterized types here.... -- SIGNED { ToBeSigned } ::= SEQUENCE { toBeSigned ToBeSigned, algorithmOID OBJECT IDENTIFIER, paramS Params, -- any 'runtime' parameters signature BIT STRING } ( CONSTRAINED BY { -- Verify or Sign Certificate -- } ) ENCRYPTED { ToBeEncrypted } ::= SEQUENCE { algorithmOID OBJECT IDENTIFIER, paramS Params, -- any 'runtime' parameters encryptedData OCTET STRING } ( CONSTRAINED BY { -- Encrypt or Decrypt -- ToBeEncrypted } ) HASHED { ToBeHashed } ::= SEQUENCE { algorithmOID OBJECT IDENTIFIER, paramS Params, -- any 'runtime' parameters hash BIT STRING } ( CONSTRAINED BY { -- Hash -- ToBeHashed } ) IV8 ::= OCTET STRING (SIZE(8)) -- signing algorithm used must select one of these types of parameters -- needed by receiving end of signature. Params ::= SEQUENCE { ranInt INTEGER OPTIONAL, -- some integer value iv8 IV8 OPTIONAL, -- 8 octet initialization vector ... } EncodedGeneralToken ::= TYPE-IDENTIFIER.&Type (ClearToken -- general usage token -- ) PwdCertToken ::= ClearToken (WITH COMPONENTS {..., timeStamp PRESENT, generalID PRESENT}) EncodedPwdCertToken ::= TYPE-IDENTIFIER.&Type (PwdCertToken) CryptoToken::= CHOICE { cryptoEncryptedToken SEQUENCE -- General purpose/application specific token { tokenOID OBJECT IDENTIFIER, token ENCRYPTED { EncodedGeneralToken } }, cryptoSignedToken SEQUENCE -- General purpose/application specific token { tokenOID OBJECT IDENTIFIER, token SIGNED { EncodedGeneralToken } }, cryptoHashedToken SEQUENCE -- General purpose/application specific token { tokenOID OBJECT IDENTIFIER, hashedVals ClearToken, token HASHED { EncodedGeneralToken } }, cryptoPwdEncr ENCRYPTED { EncodedPwdCertToken }, ... } -- These allow the passing of session keys within the H.245 OLC structure. -- They are encoded as standalone ASN.1 and based as an OCTET STRING within H.245 H235Key ::=CHOICE -- this is used with the H.245 'h235Key' field { secureChannel KeyMaterial, sharedSecret ENCRYPTED {EncodedKeySyncMaterial}, certProtectedKey SIGNED { EncodedKeySignedMaterial }, ... } KeySignedMaterial ::= SEQUENCE { generalId Identifier, -- slave's alias mrandom RandomVal, -- master's random value srandom RandomVal OPTIONAL, -- slave's random value timeStamp TimeStamp OPTIONAL, -- master's timestamp for unsolicted EU encrptval ENCRYPTED {EncodedKeySyncMaterial } } EncodedKeySignedMaterial ::= TYPE-IDENTIFIER.&Type (KeySignedMaterial) KeySyncMaterial ::=SEQUENCE { generalID Identifier, keyMaterial KeyMaterial, ... } EncodedKeySyncMaterial ::=TYPE-IDENTIFIER.&Type (KeySyncMaterial) H235CertificateSignature ::=SEQUENCE { certificate TypedCertificate, responseRandom RandomVal, requesterRandom RandomVal OPTIONAL, signature SIGNED { EncodedReturnSig }, ... } ReturnSig ::= SEQUENCE { generalId Identifier, -- slave's alias responseRandom RandomVal, requestRandom RandomVal OPTIONAL, certificate TypedCertificate OPTIONAL -- requested certificate } EncodedReturnSig ::= TYPE-IDENTIFIER.&Type (ReturnSig) END -- End of H235-SECURITY-MESSAGES DEFINITIONS