179 lines
5 KiB
Groff
179 lines
5 KiB
Groff
--#comment "Copyright (C) Microsoft Corporation, 1995-1999. All rights reserved."--
|
|
--#comment "ASN.1 definitions for H.235 Security Messages v1 (H.235)"--
|
|
|
|
--#SS.basic slinked#-- -- set of and sequence of w/o size constraint
|
|
--#SS.sized array#-- -- set of and sequence of w/ size constraint
|
|
|
|
H235-SECURITY-MESSAGES DEFINITIONS AUTOMATIC TAGS ::=
|
|
BEGIN
|
|
|
|
-- EXPORTS All
|
|
|
|
ChallengeString ::= OCTET STRING (SIZE(8..128))
|
|
TimeStamp ::= INTEGER(1..4294967295) -- seconds since 00:00 1/1/1970 UTC
|
|
RandomVal ::= INTEGER
|
|
Password ::= BMPString (SIZE (1..128))
|
|
Identifier ::= BMPString (SIZE (1..128))
|
|
KeyMaterial ::= BIT STRING(SIZE(1..2048))
|
|
|
|
NonStandardParameter ::= SEQUENCE
|
|
{
|
|
nonStandardIdentifier OBJECT IDENTIFIER,
|
|
data OCTET STRING
|
|
}--#type "H235NonStandardParameter"--
|
|
|
|
-- if local octet representations of these bit strings are used they shall
|
|
-- utilize standard Network Octet ordering (e.g. Big Endian)
|
|
DHset ::= SEQUENCE
|
|
{
|
|
halfkey BIT STRING (SIZE(0..2048)), -- = g^x mod n
|
|
modSize BIT STRING (SIZE(0..2048)), -- n
|
|
generator BIT STRING (SIZE(0..2048)), -- g
|
|
...
|
|
}
|
|
|
|
TypedCertificate ::= SEQUENCE
|
|
{
|
|
type OBJECT IDENTIFIER,
|
|
certificate OCTET STRING,
|
|
...
|
|
}
|
|
|
|
AuthenticationMechanism ::=CHOICE
|
|
{
|
|
dhExch NULL, -- Diffe-Hellman
|
|
pwdSymEnc NULL, -- password with symmetric encryption
|
|
pwdHash NULL, -- password with hashing
|
|
certSign NULL, -- Certificate with signature
|
|
ipsec NULL, -- IPSEC based connection
|
|
tls NULL,
|
|
nonStandard NonStandardParameter, -- something else.
|
|
...
|
|
}
|
|
|
|
ClearToken ::= SEQUENCE -- a `token' may contain multiple value types.
|
|
{
|
|
tokenOID OBJECT IDENTIFIER,
|
|
timeStamp TimeStamp OPTIONAL,
|
|
password Password OPTIONAL,
|
|
dhkey DHset OPTIONAL,
|
|
challenge ChallengeString OPTIONAL,
|
|
random RandomVal OPTIONAL,
|
|
certificate TypedCertificate OPTIONAL,
|
|
generalID Identifier OPTIONAL,
|
|
nonStandard NonStandardParameter OPTIONAL,
|
|
...
|
|
}
|
|
|
|
|
|
--
|
|
-- Start all the cryptographic parameterized types here....
|
|
--
|
|
|
|
|
|
SIGNED { ToBeSigned } ::= SEQUENCE {
|
|
toBeSigned ToBeSigned,
|
|
algorithmOID OBJECT IDENTIFIER,
|
|
paramS Params, -- any 'runtime' parameters
|
|
signature BIT STRING
|
|
} ( CONSTRAINED BY { -- Verify or Sign Certificate -- } )
|
|
|
|
|
|
ENCRYPTED { ToBeEncrypted } ::= SEQUENCE {
|
|
algorithmOID OBJECT IDENTIFIER,
|
|
paramS Params, -- any 'runtime' parameters
|
|
encryptedData OCTET STRING
|
|
} ( CONSTRAINED BY { -- Encrypt or Decrypt -- ToBeEncrypted } )
|
|
|
|
HASHED { ToBeHashed } ::= SEQUENCE {
|
|
algorithmOID OBJECT IDENTIFIER,
|
|
paramS Params, -- any 'runtime' parameters
|
|
hash BIT STRING
|
|
} ( CONSTRAINED BY { -- Hash -- ToBeHashed } )
|
|
|
|
IV8 ::= OCTET STRING (SIZE(8))
|
|
|
|
-- signing algorithm used must select one of these types of parameters
|
|
-- needed by receiving end of signature.
|
|
|
|
Params ::= SEQUENCE {
|
|
ranInt INTEGER OPTIONAL, -- some integer value
|
|
iv8 IV8 OPTIONAL, -- 8 octet initialization vector
|
|
...
|
|
}
|
|
|
|
EncodedGeneralToken ::= TYPE-IDENTIFIER.&Type (ClearToken -- general usage token -- )
|
|
PwdCertToken ::= ClearToken (WITH COMPONENTS {..., timeStamp PRESENT, generalID PRESENT})
|
|
EncodedPwdCertToken ::= TYPE-IDENTIFIER.&Type (PwdCertToken)
|
|
|
|
CryptoToken::= CHOICE
|
|
{
|
|
|
|
cryptoEncryptedToken SEQUENCE -- General purpose/application specific token
|
|
{
|
|
tokenOID OBJECT IDENTIFIER,
|
|
token ENCRYPTED { EncodedGeneralToken }
|
|
},
|
|
cryptoSignedToken SEQUENCE -- General purpose/application specific token
|
|
{
|
|
tokenOID OBJECT IDENTIFIER,
|
|
token SIGNED { EncodedGeneralToken }
|
|
},
|
|
cryptoHashedToken SEQUENCE -- General purpose/application specific token
|
|
{
|
|
tokenOID OBJECT IDENTIFIER,
|
|
hashedVals ClearToken,
|
|
token HASHED { EncodedGeneralToken }
|
|
},
|
|
cryptoPwdEncr ENCRYPTED { EncodedPwdCertToken },
|
|
...
|
|
}
|
|
|
|
-- These allow the passing of session keys within the H.245 OLC structure.
|
|
-- They are encoded as standalone ASN.1 and based as an OCTET STRING within H.245
|
|
H235Key ::=CHOICE -- this is used with the H.245 'h235Key' field
|
|
{
|
|
secureChannel KeyMaterial,
|
|
sharedSecret ENCRYPTED {EncodedKeySyncMaterial},
|
|
certProtectedKey SIGNED { EncodedKeySignedMaterial },
|
|
...
|
|
}
|
|
|
|
KeySignedMaterial ::= SEQUENCE {
|
|
generalId Identifier, -- slave's alias
|
|
mrandom RandomVal, -- master's random value
|
|
srandom RandomVal OPTIONAL, -- slave's random value
|
|
timeStamp TimeStamp OPTIONAL, -- master's timestamp for unsolicted EU
|
|
encrptval ENCRYPTED {EncodedKeySyncMaterial }
|
|
}
|
|
EncodedKeySignedMaterial ::= TYPE-IDENTIFIER.&Type (KeySignedMaterial)
|
|
|
|
KeySyncMaterial ::=SEQUENCE
|
|
{
|
|
generalID Identifier,
|
|
keyMaterial KeyMaterial,
|
|
...
|
|
}
|
|
EncodedKeySyncMaterial ::=TYPE-IDENTIFIER.&Type (KeySyncMaterial)
|
|
|
|
H235CertificateSignature ::=SEQUENCE
|
|
{
|
|
certificate TypedCertificate,
|
|
responseRandom RandomVal,
|
|
requesterRandom RandomVal OPTIONAL,
|
|
signature SIGNED { EncodedReturnSig },
|
|
...
|
|
}
|
|
|
|
ReturnSig ::= SEQUENCE {
|
|
generalId Identifier, -- slave's alias
|
|
responseRandom RandomVal,
|
|
requestRandom RandomVal OPTIONAL,
|
|
certificate TypedCertificate OPTIONAL -- requested certificate
|
|
}
|
|
|
|
EncodedReturnSig ::= TYPE-IDENTIFIER.&Type (ReturnSig)
|
|
|
|
|
|
END -- End of H235-SECURITY-MESSAGES DEFINITIONS
|