49112d11c4
sourcefiles to generate H235 dissector using Tomas's ASN1 to Ethereal compiler svn path=/trunk/; revision=10984
313 lines
14 KiB
Groff
313 lines
14 KiB
Groff
--
|
|
-- Taken from ITU ASN.1 database
|
|
-- http://www.itu.int/ITU-T/asn1/database/itu-t/h/h235/2003-amd1/H235-SECURITY-MESSAGES.asn
|
|
--
|
|
-- Features unbacked with ASN.1 to Ethereal compiler was commented out
|
|
--
|
|
|
|
|
|
-- Module H235-SECURITY-MESSAGES (H.235:08/2003)
|
|
H235-SECURITY-MESSAGES DEFINITIONS AUTOMATIC TAGS ::=
|
|
BEGIN
|
|
|
|
-- EXPORTS All
|
|
ChallengeString ::= OCTET STRING(SIZE (8..128))
|
|
|
|
TimeStamp ::= INTEGER(1..4294967295) -- seconds since 00:00 1/1/1970 UTC
|
|
|
|
|
|
RandomVal ::= INTEGER -- 32-bit Integer
|
|
|
|
Password ::= BMPString(SIZE (1..128))
|
|
|
|
Identifier ::= BMPString(SIZE (1..128))
|
|
|
|
KeyMaterial ::= BIT STRING(SIZE (1..2048))
|
|
|
|
NonStandardParameter ::= SEQUENCE {
|
|
nonStandardIdentifier OBJECT IDENTIFIER,
|
|
data OCTET STRING
|
|
}
|
|
|
|
-- if local octet representations of these bit strings are used they shall
|
|
-- utilize standard Network Octet ordering (e.g. Big Endian)
|
|
DHset ::= SEQUENCE {
|
|
halfkey BIT STRING(SIZE (0..2048)), -- = g^x mod n
|
|
modSize BIT STRING(SIZE (0..2048)), -- n
|
|
generator BIT STRING(SIZE (0..2048)), -- g
|
|
...
|
|
}
|
|
|
|
ECpoint ::=
|
|
SEQUENCE -- uncompressed (x, y) affine coordinate representation of an elliptic curve point
|
|
{
|
|
x BIT STRING(SIZE (0..511)) OPTIONAL,
|
|
y BIT STRING(SIZE (0..511)) OPTIONAL,
|
|
...
|
|
}
|
|
|
|
ECKASDH ::=
|
|
CHOICE -- parameters for elliptic curve key agreement scheme Diffie-Hellman
|
|
{
|
|
eckasdhp
|
|
SEQUENCE-- parameters for elliptic curves of prime field-- {public-key
|
|
ECpoint, -- This field contains representation of the ECKAS-DHp public key value.--
|
|
--This field contains the initiator's ECKAS-DHp public key value (aP) when this information
|
|
-- element is sent from originator to receiver. This field contains the responder's ECKAS-DHp
|
|
-- public key value (bP) when this information element is sent back from receiver
|
|
-- to originator.
|
|
modulus
|
|
BIT STRING
|
|
(SIZE (0..
|
|
511)), -- This field contains representation of the--
|
|
-- ECKAS-DHp public modulus value (p).
|
|
base
|
|
ECpoint, -- This field contains representation of the ECKAS-DHp public base (P).--
|
|
weierstrassA
|
|
BIT STRING
|
|
(SIZE (0..
|
|
511)), --This field contains representation of the--
|
|
-- ECKAS-DHp Weierstrass coefficient (a).
|
|
weierstrassB
|
|
BIT STRING
|
|
(SIZE (0..
|
|
511))--This field contains representation of the--
|
|
-- ECKAS-DHp Weierstrass coefficient (b).
|
|
},
|
|
eckasdh2
|
|
SEQUENCE-- parameters for elliptic curves of characteristic 2 -- {public-key
|
|
|
|
ECpoint, -- This field contains representation of the ECKAS-DH2 public key value. --
|
|
-- This field contains the initiator's ECKAS-DH2 public key value (aP) when this information
|
|
-- element is sent from originator to receiver. This field contains the responder's ECKAS-DH2
|
|
-- public key value (bP) when this information element is sent back from receiver to originator.
|
|
fieldSize
|
|
|
|
BIT STRING
|
|
(SIZE (0..
|
|
511)), -- This field contains representation of the--
|
|
-- ECKAS-DH2 field size value (m).
|
|
base
|
|
|
|
ECpoint, -- This field contains representation of the ECKAS-DH2 public base (P).--
|
|
weierstrassA
|
|
|
|
BIT STRING
|
|
(SIZE (0..
|
|
511)), --This field contains representation of the--
|
|
-- ECKAS-DH2 Weierstrass coefficient (a).
|
|
weierstrassB
|
|
|
|
BIT STRING
|
|
(SIZE (0..
|
|
511))--This field contains representation of the--
|
|
-- ECKAS-DH2 Weierstrass coefficient (b).
|
|
},
|
|
...
|
|
}
|
|
|
|
ECGDSASignature ::=
|
|
SEQUENCE -- parameters for elliptic curve digital signature algorithm
|
|
{
|
|
r BIT STRING(SIZE (0..511)), -- This field contains the representation of the r component of the
|
|
|
|
-- ECGDSA digital signature.
|
|
s
|
|
BIT STRING
|
|
(SIZE (0..511))-- This field contains the representation of the s component of the--
|
|
-- ECGDSA digital signature.
|
|
}
|
|
|
|
TypedCertificate ::= SEQUENCE {
|
|
type OBJECT IDENTIFIER,
|
|
certificate OCTET STRING,
|
|
...
|
|
}
|
|
|
|
AuthenticationBES ::= CHOICE {
|
|
default NULL, -- encrypted ClearToken
|
|
radius NULL, -- RADIUS-challenge/response
|
|
...
|
|
}
|
|
|
|
AuthenticationMechanism ::= CHOICE {
|
|
dhExch NULL, -- Diffie-Hellman
|
|
pwdSymEnc NULL, -- password with symmetric encryption
|
|
pwdHash NULL, -- password with hashing
|
|
certSign NULL, -- Certificate with signature
|
|
ipsec NULL, -- IPSEC based connection
|
|
tls NULL,
|
|
nonStandard NonStandardParameter, -- something else.
|
|
...,
|
|
authenticationBES AuthenticationBES -- user authentication for BES
|
|
}
|
|
|
|
ClearToken ::= SEQUENCE -- a "token" may contain multiple value types.
|
|
{
|
|
tokenOID OBJECT IDENTIFIER,
|
|
timeStamp TimeStamp OPTIONAL,
|
|
password Password OPTIONAL,
|
|
dhkey DHset OPTIONAL,
|
|
challenge ChallengeString OPTIONAL,
|
|
random RandomVal OPTIONAL,
|
|
certificate TypedCertificate OPTIONAL,
|
|
generalID Identifier OPTIONAL,
|
|
nonStandard NonStandardParameter OPTIONAL,
|
|
...,
|
|
eckasdhkey ECKASDH OPTIONAL, -- elliptic curve Key Agreement Scheme-Diffie
|
|
|
|
-- Hellman Analogue (ECKAS-DH)
|
|
sendersID Identifier OPTIONAL,
|
|
h235Key H235Key OPTIONAL -- central distributed key in V3
|
|
}
|
|
|
|
-- An object identifier should be placed in the tokenOID field when a
|
|
-- ClearToken is included directly in a message (as opposed to being
|
|
-- encrypted). In all other cases, an application should use the
|
|
-- object identifier { 0 0 } to indicate that the tokenOID value is not present.
|
|
--
|
|
-- Start all the cryptographic parameterized types here...
|
|
--
|
|
SIGNED{ToBeSigned} ::= SEQUENCE {
|
|
toBeSigned ToBeSigned,
|
|
algorithmOID OBJECT IDENTIFIER,
|
|
paramS Params, -- any "runtime" parameters
|
|
signature BIT STRING -- could be an RSA or an ASN.1 coded ECGDSASignature
|
|
}(CONSTRAINED BY { -- Verify or Sign Certificate --})
|
|
|
|
ENCRYPTED{ToBeEncrypted} ::= SEQUENCE {
|
|
algorithmOID OBJECT IDENTIFIER,
|
|
paramS Params, -- any "runtime" parameters
|
|
encryptedData OCTET STRING
|
|
}(CONSTRAINED BY { -- Encrypt or Decrypt --ToBeEncrypted})
|
|
|
|
HASHED{ToBeHashed} ::= SEQUENCE {
|
|
algorithmOID OBJECT IDENTIFIER,
|
|
paramS Params, -- any "runtime" parameters
|
|
hash BIT STRING
|
|
}(CONSTRAINED BY { -- Hash --ToBeHashed})
|
|
|
|
IV8 ::= OCTET STRING(SIZE (8)) -- initial value for 64-bit block ciphers
|
|
|
|
|
|
IV16 ::= OCTET STRING(SIZE (16)) -- initial value for 128-bit block ciphers
|
|
|
|
|
|
-- signing algorithm used must select one of these types of parameters
|
|
-- needed by receiving end of signature.
|
|
Params ::= SEQUENCE {
|
|
ranInt INTEGER OPTIONAL, -- some integer value
|
|
iv8 IV8 OPTIONAL, -- 8 octet initialization vector
|
|
...,
|
|
iv16 IV16 OPTIONAL, -- 16 octet initialization vector
|
|
iv OCTET STRING OPTIONAL, -- arbitrary length initialization vector
|
|
clearSalt OCTET STRING OPTIONAL -- unencrypted salting key for encryption
|
|
}
|
|
|
|
--EncodedGeneralToken ::=
|
|
-- TYPE-IDENTIFIER.&Type(ClearToken ++ general usage token ++)
|
|
|
|
PwdCertToken ::=
|
|
ClearToken(WITH COMPONENTS {
|
|
...,
|
|
timeStamp PRESENT,
|
|
generalID PRESENT
|
|
})
|
|
|
|
--EncodedPwdCertToken ::= TYPE-IDENTIFIER.&Type(PwdCertToken)
|
|
|
|
CryptoToken ::= CHOICE {
|
|
cryptoEncryptedToken
|
|
SEQUENCE-- General purpose/application specific token-- {tokenOID
|
|
OBJECT
|
|
IDENTIFIER,
|
|
token
|
|
ENCRYPTED
|
|
{EncodedGeneralToken}
|
|
},
|
|
cryptoSignedToken
|
|
SEQUENCE-- General purpose/application specific token-- {tokenOID
|
|
OBJECT
|
|
IDENTIFIER,
|
|
token
|
|
SIGNED
|
|
{EncodedGeneralToken}
|
|
},
|
|
cryptoHashedToken
|
|
SEQUENCE-- General purpose/application specific token-- {tokenOID
|
|
OBJECT
|
|
IDENTIFIER,
|
|
hashedVals
|
|
ClearToken,
|
|
token
|
|
HASHED
|
|
{EncodedGeneralToken}
|
|
},
|
|
cryptoPwdEncr ENCRYPTED{EncodedPwdCertToken},
|
|
...
|
|
}
|
|
|
|
-- These allow the passing of session keys within the H.245 OLC structure.
|
|
-- They are encoded as standalone ASN.1 and based as an OCTET STRING within H.245
|
|
H235Key ::=
|
|
CHOICE -- this is used with the H.245 or ClearToken "h235Key" field
|
|
{
|
|
secureChannel KeyMaterial,
|
|
sharedSecret ENCRYPTED{EncodedKeySyncMaterial},
|
|
certProtectedKey SIGNED{EncodedKeySignedMaterial},
|
|
...,
|
|
secureSharedSecret V3KeySyncMaterial -- for H.235 V3 end points
|
|
}
|
|
|
|
KeySignedMaterial ::= SEQUENCE {
|
|
generalId Identifier, -- slave's alias
|
|
mrandom RandomVal, -- master's random value
|
|
srandom RandomVal OPTIONAL, -- slave's random value
|
|
timeStamp TimeStamp OPTIONAL, -- master's timestamp for unsolicited EU
|
|
encrptval ENCRYPTED{EncodedKeySyncMaterial}
|
|
}
|
|
|
|
--EncodedKeySignedMaterial ::= TYPE-IDENTIFIER.&Type(KeySignedMaterial)
|
|
|
|
H235CertificateSignature ::= SEQUENCE {
|
|
certificate TypedCertificate,
|
|
responseRandom RandomVal,
|
|
requesterRandom RandomVal OPTIONAL,
|
|
signature SIGNED{EncodedReturnSig},
|
|
...
|
|
}
|
|
|
|
ReturnSig ::= SEQUENCE {
|
|
generalId Identifier, -- slave's alias
|
|
responseRandom RandomVal,
|
|
requestRandom RandomVal OPTIONAL,
|
|
certificate TypedCertificate OPTIONAL -- requested certificate
|
|
}
|
|
|
|
--EncodedReturnSig ::= TYPE-IDENTIFIER.&Type(ReturnSig)
|
|
|
|
KeySyncMaterial ::= SEQUENCE {
|
|
generalID Identifier,
|
|
keyMaterial KeyMaterial,
|
|
...
|
|
}
|
|
|
|
--EncodedKeySyncMaterial ::= TYPE-IDENTIFIER.&Type(KeySyncMaterial)
|
|
|
|
V3KeySyncMaterial ::= SEQUENCE {
|
|
generalID Identifier OPTIONAL, -- peer terminal ID
|
|
algorithmOID OBJECT IDENTIFIER OPTIONAL, -- encryption algorithm
|
|
paramS Params, -- IV
|
|
encryptedSessionKey OCTET STRING OPTIONAL, -- encrypted session key
|
|
encryptedSaltingKey OCTET STRING OPTIONAL, -- encrypted media salting key
|
|
clearSaltingKey OCTET STRING OPTIONAL, -- unencrypted media salting key
|
|
paramSsalt Params OPTIONAL, -- IV (and clear salt) for salting key encryption
|
|
keyDerivationOID OBJECT IDENTIFIER OPTIONAL, -- key derivation method
|
|
...
|
|
}
|
|
|
|
END -- End of H235-SECURITY-MESSAGES DEFINITIONS
|
|
|
|
-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D
|
|
|