Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

178 lines
5.0 KiB

  1. --#comment "Copyright (C) Microsoft Corporation, 1995-1999. All rights reserved."--
  2. --#comment "ASN.1 definitions for H.235 Security Messages v1 (H.235)"--
  3. --#SS.basic slinked#-- -- set of and sequence of w/o size constraint
  4. --#SS.sized array#-- -- set of and sequence of w/ size constraint
  5. H235-SECURITY-MESSAGES DEFINITIONS AUTOMATIC TAGS ::=
  6. BEGIN
  7. -- EXPORTS All
  8. ChallengeString ::= OCTET STRING (SIZE(8..128))
  9. TimeStamp ::= INTEGER(1..4294967295) -- seconds since 00:00 1/1/1970 UTC
  10. RandomVal ::= INTEGER
  11. Password ::= BMPString (SIZE (1..128))
  12. Identifier ::= BMPString (SIZE (1..128))
  13. KeyMaterial ::= BIT STRING(SIZE(1..2048))
  14. NonStandardParameter ::= SEQUENCE
  15. {
  16. nonStandardIdentifier OBJECT IDENTIFIER,
  17. data OCTET STRING
  18. }--#type "H235NonStandardParameter"--
  19. -- if local octet representations of these bit strings are used they shall
  20. -- utilize standard Network Octet ordering (e.g. Big Endian)
  21. DHset ::= SEQUENCE
  22. {
  23. halfkey BIT STRING (SIZE(0..2048)), -- = g^x mod n
  24. modSize BIT STRING (SIZE(0..2048)), -- n
  25. generator BIT STRING (SIZE(0..2048)), -- g
  26. ...
  27. }
  28. TypedCertificate ::= SEQUENCE
  29. {
  30. type OBJECT IDENTIFIER,
  31. certificate OCTET STRING,
  32. ...
  33. }
  34. AuthenticationMechanism ::=CHOICE
  35. {
  36. dhExch NULL, -- Diffe-Hellman
  37. pwdSymEnc NULL, -- password with symmetric encryption
  38. pwdHash NULL, -- password with hashing
  39. certSign NULL, -- Certificate with signature
  40. ipsec NULL, -- IPSEC based connection
  41. tls NULL,
  42. nonStandard NonStandardParameter, -- something else.
  43. ...
  44. }
  45. ClearToken ::= SEQUENCE -- a `token' may contain multiple value types.
  46. {
  47. tokenOID OBJECT IDENTIFIER,
  48. timeStamp TimeStamp OPTIONAL,
  49. password Password OPTIONAL,
  50. dhkey DHset OPTIONAL,
  51. challenge ChallengeString OPTIONAL,
  52. random RandomVal OPTIONAL,
  53. certificate TypedCertificate OPTIONAL,
  54. generalID Identifier OPTIONAL,
  55. nonStandard NonStandardParameter OPTIONAL,
  56. ...
  57. }
  58. --
  59. -- Start all the cryptographic parameterized types here....
  60. --
  61. SIGNED { ToBeSigned } ::= SEQUENCE {
  62. toBeSigned ToBeSigned,
  63. algorithmOID OBJECT IDENTIFIER,
  64. paramS Params, -- any 'runtime' parameters
  65. signature BIT STRING
  66. } ( CONSTRAINED BY { -- Verify or Sign Certificate -- } )
  67. ENCRYPTED { ToBeEncrypted } ::= SEQUENCE {
  68. algorithmOID OBJECT IDENTIFIER,
  69. paramS Params, -- any 'runtime' parameters
  70. encryptedData OCTET STRING
  71. } ( CONSTRAINED BY { -- Encrypt or Decrypt -- ToBeEncrypted } )
  72. HASHED { ToBeHashed } ::= SEQUENCE {
  73. algorithmOID OBJECT IDENTIFIER,
  74. paramS Params, -- any 'runtime' parameters
  75. hash BIT STRING
  76. } ( CONSTRAINED BY { -- Hash -- ToBeHashed } )
  77. IV8 ::= OCTET STRING (SIZE(8))
  78. -- signing algorithm used must select one of these types of parameters
  79. -- needed by receiving end of signature.
  80. Params ::= SEQUENCE {
  81. ranInt INTEGER OPTIONAL, -- some integer value
  82. iv8 IV8 OPTIONAL, -- 8 octet initialization vector
  83. ...
  84. }
  85. EncodedGeneralToken ::= TYPE-IDENTIFIER.&Type (ClearToken -- general usage token -- )
  86. PwdCertToken ::= ClearToken (WITH COMPONENTS {..., timeStamp PRESENT, generalID PRESENT})
  87. EncodedPwdCertToken ::= TYPE-IDENTIFIER.&Type (PwdCertToken)
  88. CryptoToken::= CHOICE
  89. {
  90. cryptoEncryptedToken SEQUENCE -- General purpose/application specific token
  91. {
  92. tokenOID OBJECT IDENTIFIER,
  93. token ENCRYPTED { EncodedGeneralToken }
  94. },
  95. cryptoSignedToken SEQUENCE -- General purpose/application specific token
  96. {
  97. tokenOID OBJECT IDENTIFIER,
  98. token SIGNED { EncodedGeneralToken }
  99. },
  100. cryptoHashedToken SEQUENCE -- General purpose/application specific token
  101. {
  102. tokenOID OBJECT IDENTIFIER,
  103. hashedVals ClearToken,
  104. token HASHED { EncodedGeneralToken }
  105. },
  106. cryptoPwdEncr ENCRYPTED { EncodedPwdCertToken },
  107. ...
  108. }
  109. -- These allow the passing of session keys within the H.245 OLC structure.
  110. -- They are encoded as standalone ASN.1 and based as an OCTET STRING within H.245
  111. H235Key ::=CHOICE -- this is used with the H.245 'h235Key' field
  112. {
  113. secureChannel KeyMaterial,
  114. sharedSecret ENCRYPTED {EncodedKeySyncMaterial},
  115. certProtectedKey SIGNED { EncodedKeySignedMaterial },
  116. ...
  117. }
  118. KeySignedMaterial ::= SEQUENCE {
  119. generalId Identifier, -- slave's alias
  120. mrandom RandomVal, -- master's random value
  121. srandom RandomVal OPTIONAL, -- slave's random value
  122. timeStamp TimeStamp OPTIONAL, -- master's timestamp for unsolicted EU
  123. encrptval ENCRYPTED {EncodedKeySyncMaterial }
  124. }
  125. EncodedKeySignedMaterial ::= TYPE-IDENTIFIER.&Type (KeySignedMaterial)
  126. KeySyncMaterial ::=SEQUENCE
  127. {
  128. generalID Identifier,
  129. keyMaterial KeyMaterial,
  130. ...
  131. }
  132. EncodedKeySyncMaterial ::=TYPE-IDENTIFIER.&Type (KeySyncMaterial)
  133. H235CertificateSignature ::=SEQUENCE
  134. {
  135. certificate TypedCertificate,
  136. responseRandom RandomVal,
  137. requesterRandom RandomVal OPTIONAL,
  138. signature SIGNED { EncodedReturnSig },
  139. ...
  140. }
  141. ReturnSig ::= SEQUENCE {
  142. generalId Identifier, -- slave's alias
  143. responseRandom RandomVal,
  144. requestRandom RandomVal OPTIONAL,
  145. certificate TypedCertificate OPTIONAL -- requested certificate
  146. }
  147. EncodedReturnSig ::= TYPE-IDENTIFIER.&Type (ReturnSig)
  148. END -- End of H235-SECURITY-MESSAGES DEFINITIONS