1
H235-SECURITY-MESSAGES DEFINITIONS AUTOMATIC TAGS ::=
6
ChallengeString ::= OCTET STRING (SIZE(8..128))
7
TimeStamp ::= INTEGER(1..4294967295) -- seconds since 00:00 1/1/1970 UTC
9
Password ::= BMPString (SIZE (1..128))
10
Identifier ::= BMPString (SIZE (1..128))
11
KeyMaterial ::= BIT STRING(SIZE(1..2048))
13
NonStandardParameter ::= SEQUENCE
15
nonStandardIdentifier OBJECT IDENTIFIER,
19
-- if local octet representations of these bit strings are used they shall
20
-- utilize standard Network Octet ordering (e.g. Big Endian)
23
halfkey BIT STRING (SIZE(0..2048)), -- = g^x mod n
24
modSize BIT STRING (SIZE(0..2048)), -- n
25
generator BIT STRING (SIZE(0..2048)), -- g
29
TypedCertificate ::= SEQUENCE
31
type OBJECT IDENTIFIER,
32
certificate OCTET STRING,
36
AuthenticationMechanism ::=CHOICE
38
dhExch NULL, -- Diffe-Hellman
39
pwdSymEnc NULL, -- password with symmetric encryption
40
pwdHash NULL, -- password with hashing
41
certSign NULL, -- Certificate with signature
42
ipsec NULL, -- IPSEC based connection
44
nonStandard NonStandardParameter, -- something else.
48
ClearToken ::= SEQUENCE -- a `token' may contain multiple value types.
50
timeStamp TimeStamp OPTIONAL,
51
password Password OPTIONAL,
53
challenge ChallengeString OPTIONAL,
54
random RandomVal OPTIONAL,
55
certificate TypedCertificate OPTIONAL,
56
generalID Identifier OPTIONAL,
57
nonStandard NonStandardParameter OPTIONAL,
62
-- Start all the cryptographic parameterized types here....
66
SIGNED { ToBeSigned } ::= SEQUENCE {
67
toBeSigned ToBeSigned,
68
algorithmOID OBJECT IDENTIFIER,
69
paramS Params, -- any 'runtime' parameters
71
} ( CONSTRAINED BY { -- Verify or Sign Certificate -- } )
74
ENCRYPTED { ToBeEncrypted } ::= SEQUENCE {
75
algorithmOID OBJECT IDENTIFIER,
76
paramS Params, -- any 'runtime' parameters
77
encryptedData OCTET STRING
78
} ( CONSTRAINED BY { -- Encrypt or Decrypt -- ToBeEncrypted } )
80
HASHED { ToBeHashed } ::= SEQUENCE {
81
algorithmOID OBJECT IDENTIFIER,
82
paramS Params, -- any 'runtime' parameters
84
} ( CONSTRAINED BY { -- Hash -- ToBeHashed } )
86
IV8 ::= OCTET STRING (SIZE(8))
88
-- signing algorithm used must select one of these types of parameters
89
-- needed by receiving end of signature.
92
ranInt INTEGER OPTIONAL, -- some integer value
93
iv8 IV8 OPTIONAL, -- 8 octet initialization vector
97
EncodedGeneralToken ::= TYPE-IDENTIFIER.&Type (ClearToken -- general usage token -- )
98
PwdCertToken ::= ClearToken (WITH COMPONENTS {..., timeStamp PRESENT, generalID PRESENT})
99
EncodedPwdCertToken ::= TYPE-IDENTIFIER.&Type (PwdCertToken)
101
CryptoToken::= CHOICE
104
cryptoEncryptedToken SEQUENCE -- General purpose/application specific token
106
tokenOID OBJECT IDENTIFIER,
107
token ENCRYPTED { EncodedGeneralToken }
109
cryptoSignedToken SEQUENCE -- General purpose/application specific token
111
tokenOID OBJECT IDENTIFIER,
112
token SIGNED { EncodedGeneralToken }
114
cryptoHashedToken SEQUENCE -- General purpose/application specific token
116
tokenOID OBJECT IDENTIFIER,
117
hashedVals ClearToken,
118
token HASHED { EncodedGeneralToken }
120
cryptoPwdEncr ENCRYPTED { EncodedPwdCertToken },
124
-- These allow the passing of session keys within the H.245 OLC structure.
125
-- They are encoded as standalone ASN.1 and based as an OCTET STRING within H.245
126
H235Key ::=CHOICE -- this is used with the H.245 'h235Key' field
128
secureChannel KeyMaterial,
129
sharedSecret ENCRYPTED {EncodedKeySyncMaterial},
130
certProtectedKey SIGNED { EncodedKeySignedMaterial },
134
KeySignedMaterial ::= SEQUENCE {
135
generalId Identifier, -- slave's alias
136
mrandom RandomVal, -- master's random value
137
srandom RandomVal OPTIONAL, -- slave's random value
138
timeStamp TimeStamp OPTIONAL, -- master's timestamp for unsolicted EU
139
encrptval ENCRYPTED {EncodedKeySyncMaterial }
141
EncodedKeySignedMaterial ::= TYPE-IDENTIFIER.&Type (KeySignedMaterial)
143
KeySyncMaterial ::=SEQUENCE
145
generalID Identifier,
146
keyMaterial KeyMaterial,
149
EncodedKeySyncMaterial ::=TYPE-IDENTIFIER.&Type (KeySyncMaterial)
151
H235CertificateSignature ::=SEQUENCE
153
certificate TypedCertificate,
154
responseRandom RandomVal,
155
requesterRandom RandomVal OPTIONAL,
156
signature SIGNED { EncodedReturnSig },
160
ReturnSig ::= SEQUENCE {
161
generalId Identifier, -- slave's alias
162
responseRandom RandomVal,
163
requestRandom RandomVal OPTIONAL,
164
certificate TypedCertificate OPTIONAL -- requested certificate
167
EncodedReturnSig ::= TYPE-IDENTIFIER.&Type (ReturnSig)
170
END -- End of H235-SECURITY-MESSAGES DEFINITIONS