Loading 33128/r18/TS33128Payloads.asn +259 −1 Original line number Diff line number Diff line Loading @@ -1255,7 +1255,8 @@ AKMAAFID ::= SEQUENCE UAStarParams ::= CHOICE { tls12 [1] TLS12UAStarParams, generic [2] GenericUAStarParams generic [2] GenericUAStarParams, tls13 [3] TLS13UAStarParams } GenericUAStarParams ::= SEQUENCE Loading Loading @@ -1311,6 +1312,263 @@ TLS12UAStarParams ::= SEQUENCE tLSClientExtensions [19] OCTET STRING (SIZE(0..65535)) OPTIONAL } -- ================================================== -- Specific UaStarParams for TLS 1.3 (RFC8446) -- Inline references below are to clauses of RFC8446. -- ================================================== -- RFC8846, clause 4.2: Available handshake extension types. TLS13ExtensionType ::= ENUMERATED { serverName(1), maxFragmentLength(2), statusRequest(3), supportedGroups(4), signatureAlgorithms(5), useSRTP(6), heartbeat(7), applicationLayerProtocolNegotiation(8), signedCertificateTimestamp(9), clientCertificateType(10), serverCertificateType(11), padding(12), presharedKey(13), earlyData(14), supportedVersions(15), cookie(16), pSKKeyExchangeModes(17), certificateAuthorities(18), oIDFilters(19), postHandshakeAuth(20), signatureAlgorithmsCert(21), keyShare(22) } -- RFC8846, clause 4.2: Extensions. -- Carried as extension to the client's and server's -- Hello, or, in the server's EncryptedExtensions message. TLS13Extension ::= SEQUENCE { extensionType [1] TLS13ExtensionType, extensionData [2] OCTET STRING (SIZE(0..65535)) } -- RFC8446, clauses 4.1, 4.2, 7.1, and B.4: Cryptographic transforms -- RFC8446, clauses 4.1.1 and 4.1.2: Ciphersuite TLS13CipherSuite ::= CHOICE { rfc8446 [1] TLSCipherSuite -- Extensible for possible future purposes } -- RFC8446, clause 7.1 and B.4: Key derivation function. TLS13KDFAlgorithm ::= ENUMERATED { rfc5869(1) -- HKDF } -- RFC8846, clause 4.2.11 and B.4: Hash algorithm. TLS13PSKHashAlgorithm ::= ENUMERATED { sha256(1), sha384(2), sha512(3) } -- RFC8446, clause 4.4.2: Certificates. TLS13CertificateType ::= ENUMERATED { x509(1), rawPublicKey(2) } TLS13CerificateEntry ::= SEQUENCE { tLSCertificateType [1] TLS13CertificateType, tLSCertificateData [2] OCTET STRING (SIZE(1..16777215)), extensions [3] SEQUENCE OF TLS13Extension OPTIONAL } -- This will typically correspond to a certificate chain. TLS13Certificate ::= SEQUENCE { tLSCertificateRequestContext [1] OCTET STRING (SIZE(0..255)), tLSCertificateList [2] SEQUENCE OF TLS13CerificateEntry } -- RFC 8446, clause 4.2.9: Preshared key exchange mode. TLS13PSKKeyExchangeMode ::= ENUMERATED { pSKKE(1), pSKDHEKE(2) } -- RFC8446, clause 4.2.11: Preshared keys (PSKs). -- PSKs obtained from AKMA use a specific prefix as part -- of the identity: 3GPP-AKMA, see TS 33.535 and 33.222. TLS13PSKIdentity ::= SEQUENCE { identity [1] OCTET STRING (SIZE(1..65535)), obfuscatedTicketAge [2] INTEGER (0..4294967295) } TLS13OfferedPSK ::= SEQUENCE { identity [1] TLS13PSKIdentity, binder [2] OCTET STRING (SIZE(32..255)) } -- Actual TLS PSK, either explicitly provisioned or derived from -- an earlier issued TLS ticket and a resumptionMasterSecret. -- For AKMA, the PSK is the AKMA key K_AF. TLS13PSKInfo ::= SEQUENCE { pSKIdentity [1] TLS13PSKIdentity, pSKValue [2] OCTET STRING, pSKKeyExchangeMode [3] TLS13PSKKeyExchangeMode, hashAlgorithm [4] TLS13PSKHashAlgorithm } -- RFC 8446, clause 4.6.1: Tickets/resumption info. TLS13NewSessionTicket ::= SEQUENCE { ticketLifeTime [1] INTEGER (0..4294967295), ticketAgeAdd [2] INTEGER (0..4294967295), ticketNonce [3] OCTET STRING (SIZE(0..255)), ticket [4] OCTET STRING (SIZE(1..65535)), extensions [5] SEQUENCE OF TLS13Extension OPTIONAL } -- RFC8446, clause 7.1 and 4.2.8: TLS-internal keys -- These keys/secrets are never directly used to encrypt -- data, and are therefore optional to provide as part of -- TLS13UAStarParams. -- RFC8446, clause 4.2.8 -- Shared Diffie-Hellman secret: derived from client's -- and server's key shares (as included in extensions). -- Can later be extended by adding PQC-based secrets, -- see e.g. draft-ietf-tls-hybrid-design-10. TLS13EstablishedSecrets ::= SEQUENCE { dHE [1] OCTET STRING (SIZE(1..65535)) OPTIONAL } -- RFC8446, clause 7.1 -- The actual encryption keys are derived from the respective secret -- values below and the provided hashed handshake-message-transcript. TLS13EarlySecretInfo ::= SEQUENCE { earlySecretValue [1] OCTET STRING (SIZE(1..65535)), transcriptHash [2] OCTET STRING (SIZE(1..65535)) -- Hash(ClientHello) } TLS13HandshakeSecretInfo ::= SEQUENCE { handshakeSecretValue [1] OCTET STRING (SIZE(1..65535)), transcriptHash [2] OCTET STRING (SIZE(1..65535)) -- Hash(ClientHello..ServerHello) } TLS13MasterSecretInfo ::= SEQUENCE { masterSecretValue [1] OCTET STRING (SIZE(1..65535)), transcriptHashS [2] OCTET STRING (SIZE(1..65535)), -- Hash(ClientHello..server Finished) transcriptHashC [3] OCTET STRING (SIZE(1..65535)) -- Hash(ClientHello..client Finished) } -- Complete TLS 1.3 cryptographic context. TLS13UAStarParams ::= SEQUENCE { -- Basic cryptographic information. -- -- The offeredPSKs, offeredPSKModes and selectedPSK -- parameters are also provided as part of client and -- server extensions below. -- -- PSKs and key exchange modes offered by the client, see -- clause 4.2.9, 4.2.11. When AKMA (or other CSP-provided) -- keys are used, at least one offered PSK and key exchange mode -- will always be present in the client extensions offeredPSKs [1] SEQUENCE OF TLS13OfferedPSK, offeredPSKKeyExchangeModes [2] SEQUENCE OF TLS13PSKKeyExchangeMode, -- The server-selected PSK, clause 4.2.11 -- selectedPSKIdentity = j means the server selects j:th offered PSK. selectedPSKIdentity [3] INTEGER (0..65535), -- The actual TLS PSK. When AKMA is used, this key will typically also -- be provided as an associated AFKeyInfo IRI, see below. selectedPSK [4] TLS13PSKInfo, -- Cryptographic state: transforms and sequence numbers. kDFAlgorithm [5] TLS13KDFAlgorithm, -- clause 7.1. clientSupportedCipherSuites [6] SEQUENCE OF TLS13CipherSuite OPTIONAL, selectedCipherSuite [7] TLS13CipherSuite, -- clause 4.2 and B.4. clientSequenceNumber [8] INTEGER, -- clause 5.3 serverSequenceNumber [9] INTEGER, -- clause 5.3 -- Handshake parameters, clause 4.1.2 and 4.1.3. clientRandom [10] OCTET STRING (SIZE(32)), serverRandom [11] OCTET STRING (SIZE(32)), legacySessionID [12] OCTET STRING (SIZE(0..32)), -- Complete contents of handshake extensions, clause 4.2. tLSClientHelloExtensions [13] SEQUENCE OF TLS13Extension, tLSServerHelloExtensions [14] SEQUENCE OF TLS13Extension, -- Encrypted server extensions, clause 4.3.1 (here provided in plaintext). tLSPlaintextEncryptedExtensions [15] SEQUENCE OF TLS13Extension OPTIONAL, -- Authentication related parameters, clause 4.4 -- Certificates are encrypted between client and server, -- these are the unencrypted certificate(s). tLSPlaintextClientCertificate [16] TLS13Certificate OPTIONAL, tLSPlaintextServerCertificate [17] TLS13Certificate OPTIONAL, -- Session key information fields, clause 7.1 earlySecret [18] TLS13EarlySecretInfo OPTIONAL, binderKey [19] OCTET STRING (SIZE(1..65535)) OPTIONAL, -- The key used by the cipher suite to encrypt early data is -- derived from clientEarlyTrafficSecret as described in clause 7.3. clientEarlyTrafficSecret [20] OCTET STRING (SIZE(1..65535)), earlyExporterMasterSecret [21] OCTET STRING (SIZE(1..65535)), -- Established shared key (from Diffie-Hellman or similar). sharedKey [22] TLS13EstablishedSecrets OPTIONAL, handshakeSecret [23] TLS13HandshakeSecretInfo OPTIONAL, -- The keys used by the cipher suite to encrypt the handshake are -- derived from client- and serverHandshakeTrafficSecret as -- described in clause 7.3. clientHandshakeTrafficSecret [24] OCTET STRING (SIZE(1..65535)), serverHandshakeTrafficSecret [25] OCTET STRING (SIZE(1..65535)), masterSecret [26] TLS13MasterSecretInfo OPTIONAL, -- The client and server application traffic secrets -- can change value during an ongoing session due to -- KeyUdpateRequest messages. The values to be provided below -- refer to the currently valid ones when the IRI message is -- generated. -- The keys used by the cipher suite to encrypt the application -- traffic are derived from client- and serverApplicationTrafficSecret -- as described in clause 7.3. clientApplicationTrafficSecret [27] OCTET STRING (SIZE(1..65535)), serverApplicationTrafficSecret [28] OCTET STRING (SIZE(1..65535)), -- Other session-specific keys. exporterMasterSecret [29] OCTET STRING (SIZE(1..65535)), resumptionMasterSecret [30] OCTET STRING (SIZE(1..65535)), -- Tickets for resumption (issued during current session), clause 4.6.2. tLSResumptionTickets [31] SEQUENCE OF TLS13NewSessionTicket OPTIONAL } KAF ::= OCTET STRING KAKMA ::= OCTET STRING Loading Loading
33128/r18/TS33128Payloads.asn +259 −1 Original line number Diff line number Diff line Loading @@ -1255,7 +1255,8 @@ AKMAAFID ::= SEQUENCE UAStarParams ::= CHOICE { tls12 [1] TLS12UAStarParams, generic [2] GenericUAStarParams generic [2] GenericUAStarParams, tls13 [3] TLS13UAStarParams } GenericUAStarParams ::= SEQUENCE Loading Loading @@ -1311,6 +1312,263 @@ TLS12UAStarParams ::= SEQUENCE tLSClientExtensions [19] OCTET STRING (SIZE(0..65535)) OPTIONAL } -- ================================================== -- Specific UaStarParams for TLS 1.3 (RFC8446) -- Inline references below are to clauses of RFC8446. -- ================================================== -- RFC8846, clause 4.2: Available handshake extension types. TLS13ExtensionType ::= ENUMERATED { serverName(1), maxFragmentLength(2), statusRequest(3), supportedGroups(4), signatureAlgorithms(5), useSRTP(6), heartbeat(7), applicationLayerProtocolNegotiation(8), signedCertificateTimestamp(9), clientCertificateType(10), serverCertificateType(11), padding(12), presharedKey(13), earlyData(14), supportedVersions(15), cookie(16), pSKKeyExchangeModes(17), certificateAuthorities(18), oIDFilters(19), postHandshakeAuth(20), signatureAlgorithmsCert(21), keyShare(22) } -- RFC8846, clause 4.2: Extensions. -- Carried as extension to the client's and server's -- Hello, or, in the server's EncryptedExtensions message. TLS13Extension ::= SEQUENCE { extensionType [1] TLS13ExtensionType, extensionData [2] OCTET STRING (SIZE(0..65535)) } -- RFC8446, clauses 4.1, 4.2, 7.1, and B.4: Cryptographic transforms -- RFC8446, clauses 4.1.1 and 4.1.2: Ciphersuite TLS13CipherSuite ::= CHOICE { rfc8446 [1] TLSCipherSuite -- Extensible for possible future purposes } -- RFC8446, clause 7.1 and B.4: Key derivation function. TLS13KDFAlgorithm ::= ENUMERATED { rfc5869(1) -- HKDF } -- RFC8846, clause 4.2.11 and B.4: Hash algorithm. TLS13PSKHashAlgorithm ::= ENUMERATED { sha256(1), sha384(2), sha512(3) } -- RFC8446, clause 4.4.2: Certificates. TLS13CertificateType ::= ENUMERATED { x509(1), rawPublicKey(2) } TLS13CerificateEntry ::= SEQUENCE { tLSCertificateType [1] TLS13CertificateType, tLSCertificateData [2] OCTET STRING (SIZE(1..16777215)), extensions [3] SEQUENCE OF TLS13Extension OPTIONAL } -- This will typically correspond to a certificate chain. TLS13Certificate ::= SEQUENCE { tLSCertificateRequestContext [1] OCTET STRING (SIZE(0..255)), tLSCertificateList [2] SEQUENCE OF TLS13CerificateEntry } -- RFC 8446, clause 4.2.9: Preshared key exchange mode. TLS13PSKKeyExchangeMode ::= ENUMERATED { pSKKE(1), pSKDHEKE(2) } -- RFC8446, clause 4.2.11: Preshared keys (PSKs). -- PSKs obtained from AKMA use a specific prefix as part -- of the identity: 3GPP-AKMA, see TS 33.535 and 33.222. TLS13PSKIdentity ::= SEQUENCE { identity [1] OCTET STRING (SIZE(1..65535)), obfuscatedTicketAge [2] INTEGER (0..4294967295) } TLS13OfferedPSK ::= SEQUENCE { identity [1] TLS13PSKIdentity, binder [2] OCTET STRING (SIZE(32..255)) } -- Actual TLS PSK, either explicitly provisioned or derived from -- an earlier issued TLS ticket and a resumptionMasterSecret. -- For AKMA, the PSK is the AKMA key K_AF. TLS13PSKInfo ::= SEQUENCE { pSKIdentity [1] TLS13PSKIdentity, pSKValue [2] OCTET STRING, pSKKeyExchangeMode [3] TLS13PSKKeyExchangeMode, hashAlgorithm [4] TLS13PSKHashAlgorithm } -- RFC 8446, clause 4.6.1: Tickets/resumption info. TLS13NewSessionTicket ::= SEQUENCE { ticketLifeTime [1] INTEGER (0..4294967295), ticketAgeAdd [2] INTEGER (0..4294967295), ticketNonce [3] OCTET STRING (SIZE(0..255)), ticket [4] OCTET STRING (SIZE(1..65535)), extensions [5] SEQUENCE OF TLS13Extension OPTIONAL } -- RFC8446, clause 7.1 and 4.2.8: TLS-internal keys -- These keys/secrets are never directly used to encrypt -- data, and are therefore optional to provide as part of -- TLS13UAStarParams. -- RFC8446, clause 4.2.8 -- Shared Diffie-Hellman secret: derived from client's -- and server's key shares (as included in extensions). -- Can later be extended by adding PQC-based secrets, -- see e.g. draft-ietf-tls-hybrid-design-10. TLS13EstablishedSecrets ::= SEQUENCE { dHE [1] OCTET STRING (SIZE(1..65535)) OPTIONAL } -- RFC8446, clause 7.1 -- The actual encryption keys are derived from the respective secret -- values below and the provided hashed handshake-message-transcript. TLS13EarlySecretInfo ::= SEQUENCE { earlySecretValue [1] OCTET STRING (SIZE(1..65535)), transcriptHash [2] OCTET STRING (SIZE(1..65535)) -- Hash(ClientHello) } TLS13HandshakeSecretInfo ::= SEQUENCE { handshakeSecretValue [1] OCTET STRING (SIZE(1..65535)), transcriptHash [2] OCTET STRING (SIZE(1..65535)) -- Hash(ClientHello..ServerHello) } TLS13MasterSecretInfo ::= SEQUENCE { masterSecretValue [1] OCTET STRING (SIZE(1..65535)), transcriptHashS [2] OCTET STRING (SIZE(1..65535)), -- Hash(ClientHello..server Finished) transcriptHashC [3] OCTET STRING (SIZE(1..65535)) -- Hash(ClientHello..client Finished) } -- Complete TLS 1.3 cryptographic context. TLS13UAStarParams ::= SEQUENCE { -- Basic cryptographic information. -- -- The offeredPSKs, offeredPSKModes and selectedPSK -- parameters are also provided as part of client and -- server extensions below. -- -- PSKs and key exchange modes offered by the client, see -- clause 4.2.9, 4.2.11. When AKMA (or other CSP-provided) -- keys are used, at least one offered PSK and key exchange mode -- will always be present in the client extensions offeredPSKs [1] SEQUENCE OF TLS13OfferedPSK, offeredPSKKeyExchangeModes [2] SEQUENCE OF TLS13PSKKeyExchangeMode, -- The server-selected PSK, clause 4.2.11 -- selectedPSKIdentity = j means the server selects j:th offered PSK. selectedPSKIdentity [3] INTEGER (0..65535), -- The actual TLS PSK. When AKMA is used, this key will typically also -- be provided as an associated AFKeyInfo IRI, see below. selectedPSK [4] TLS13PSKInfo, -- Cryptographic state: transforms and sequence numbers. kDFAlgorithm [5] TLS13KDFAlgorithm, -- clause 7.1. clientSupportedCipherSuites [6] SEQUENCE OF TLS13CipherSuite OPTIONAL, selectedCipherSuite [7] TLS13CipherSuite, -- clause 4.2 and B.4. clientSequenceNumber [8] INTEGER, -- clause 5.3 serverSequenceNumber [9] INTEGER, -- clause 5.3 -- Handshake parameters, clause 4.1.2 and 4.1.3. clientRandom [10] OCTET STRING (SIZE(32)), serverRandom [11] OCTET STRING (SIZE(32)), legacySessionID [12] OCTET STRING (SIZE(0..32)), -- Complete contents of handshake extensions, clause 4.2. tLSClientHelloExtensions [13] SEQUENCE OF TLS13Extension, tLSServerHelloExtensions [14] SEQUENCE OF TLS13Extension, -- Encrypted server extensions, clause 4.3.1 (here provided in plaintext). tLSPlaintextEncryptedExtensions [15] SEQUENCE OF TLS13Extension OPTIONAL, -- Authentication related parameters, clause 4.4 -- Certificates are encrypted between client and server, -- these are the unencrypted certificate(s). tLSPlaintextClientCertificate [16] TLS13Certificate OPTIONAL, tLSPlaintextServerCertificate [17] TLS13Certificate OPTIONAL, -- Session key information fields, clause 7.1 earlySecret [18] TLS13EarlySecretInfo OPTIONAL, binderKey [19] OCTET STRING (SIZE(1..65535)) OPTIONAL, -- The key used by the cipher suite to encrypt early data is -- derived from clientEarlyTrafficSecret as described in clause 7.3. clientEarlyTrafficSecret [20] OCTET STRING (SIZE(1..65535)), earlyExporterMasterSecret [21] OCTET STRING (SIZE(1..65535)), -- Established shared key (from Diffie-Hellman or similar). sharedKey [22] TLS13EstablishedSecrets OPTIONAL, handshakeSecret [23] TLS13HandshakeSecretInfo OPTIONAL, -- The keys used by the cipher suite to encrypt the handshake are -- derived from client- and serverHandshakeTrafficSecret as -- described in clause 7.3. clientHandshakeTrafficSecret [24] OCTET STRING (SIZE(1..65535)), serverHandshakeTrafficSecret [25] OCTET STRING (SIZE(1..65535)), masterSecret [26] TLS13MasterSecretInfo OPTIONAL, -- The client and server application traffic secrets -- can change value during an ongoing session due to -- KeyUdpateRequest messages. The values to be provided below -- refer to the currently valid ones when the IRI message is -- generated. -- The keys used by the cipher suite to encrypt the application -- traffic are derived from client- and serverApplicationTrafficSecret -- as described in clause 7.3. clientApplicationTrafficSecret [27] OCTET STRING (SIZE(1..65535)), serverApplicationTrafficSecret [28] OCTET STRING (SIZE(1..65535)), -- Other session-specific keys. exporterMasterSecret [29] OCTET STRING (SIZE(1..65535)), resumptionMasterSecret [30] OCTET STRING (SIZE(1..65535)), -- Tickets for resumption (issued during current session), clause 4.6.2. tLSResumptionTickets [31] SEQUENCE OF TLS13NewSessionTicket OPTIONAL } KAF ::= OCTET STRING KAKMA ::= OCTET STRING Loading
