Loading 33128/r19/TS33128Payloads.asn +262 −1 Original line number Diff line number Diff line Loading @@ -1245,7 +1245,8 @@ AKMAAFID ::= SEQUENCE UAStarParams ::= CHOICE { tls12 [1] TLS12UAStarParams, generic [2] GenericUAStarParams generic [2] GenericUAStarParams, tls13 [3] TLS13UAStarParams } GenericUAStarParams ::= SEQUENCE Loading Loading @@ -1301,6 +1302,266 @@ TLS12UAStarParams ::= SEQUENCE tLSClientExtensions [19] OCTET STRING (SIZE(0..65535)) OPTIONAL } -- =========================================== -- Specific UaStarParams for TLS 1.3 (RFC8446) -- =========================================== -- RFC8846, clause 4.2: Available handshake extension types. TLS13ExtensionType ::= ENUMERATED { serverName(0), maxFragmentLength(1), statusRequest(5), supportedGroups(10), signatureAlgorithms(13), useSRTP(14), heartbeat(15), applicationLayerProtocolNegotiation(16), signedCertificateTimestamp(18), clientCertificateType(19), serverCertificateType(20), padding(21), presharedKey(41), earlyData(42), supportedVersions(43), cookie(44), pSKKeyExchangeModes(45), certificateAuthorities(47), oIDFilters(48), postHandshakeAuth(49), signatureAlgorithmsCert(50), keyShare(51) } -- RFC8846, clause 4.2: Extensions. -- Carried as extension to the client's and server's Hello, -- or, in the server's EncryptedExtensions message. TLS13Extension ::= SEQUENCE { extensionType [1] TLS13ExtensionType, extensionData [2] OCTET STRING (SIZE(0..65535)) } -- RFC8446, clauses 4.1, 4.2, 7.1, and B.4: Cryptographic transforms -- RFC8446, clauses 4.1.1 and 4.1.2: Ciphersuite TLS13CipherSuite ::= CHOICE { rfc8446 [1] TLSCipherSuite -- Extensible for possible future purposes } -- RFC8446, clause 7.1 and B.4: Key derivation function. TLS13KDFAlgorithm ::= ENUMERATED { rfc5869(1) -- HKDF } -- RFC8846, clause 4.2.11 and B.4: Hash algorithm. TLS13PSKHashAlgorithm ::= ENUMERATED { sha256(1), sha384(2), sha512(3) } –- RFC8446, clause 4.4.2: Certificates. TLS13CertificateType ::= ENUMERATED { X509(0), RawPublicKey(2) } TLS13CerificateEntry ::= SEQUENCE { tLSCertificateType [1] TLS13CertificateType, tLSCertificateData [2] OCTET STRING (SIZE(1..16777215)), extensions [3] SEQUENCE OF TLS13Extension OPTIONAL } -- This will typically correspond to a certificate chain. TLS13Certificate ::= SEQUENCE { tLSCertificateRequestContext [1] OCTET STRING (SIZE(0..255)), tLSCertificateList [2] SEQUENCE OF TLS13CerificateEntry } -- RFC 8446, clause 4.2.9: Preshared key exchange mode. TLS13PSKeyExchangeMode ::= ENUMERATED { pSKKE(1), pSKDHEKE(2) } -- RFC8446, clause 4.2.11: Preshared keys (PSKs). -- PSKs obtained from AKMA use a specific prefix as part -- of the identity: "3GPP-AKMA" see TS 33.535 and 33.222. TLS13PSKIdentity ::= SEQUENCE { identity [1] OCTET STRING (SIZE(1..65535)), obfuscatedTicketAge [2] INTEGER (0..4294967295) } TLS13OfferedPSK ::= SEQUENCE { identity [1] TLS13PSKIdentity, binder [2] OCTET STRING (SIZE(32..255)), } -- Actual PSK, either explicitly provisioned or derived from -- an earlier issued TLS ticket and a resumptionMasterSectret. -- For AKMA, the PSK is the AKMA key K_AF. TLS13PSKInfo ::= SEQUENCE { pSKIdentity [1] TLS13PSKIdentity, pSKValue [2] OCTET STRING, pSKKeyExchangeMode [3] TLS13PSKeyExchangeMode, hashAlgorithm [4] TLS13PSKHashAlgorithm } -- RFC 8446, clause 4.6.1: Tickets and resumption info. TLS13NewSessionTicket ::= SEQUENCE { ticketLifeTime [1] INTEGER (0..4294967295), ticketAgeAdd [2] INTEGER (0..4294967295), ticketNonce [3] OCTET STRING (SIZE(0..255)), ticket [4] OCTET STRING (SIZE(1..65535)), extensions [5] SEQUENCE OF TLS13Extension } TLS13ResumptionInfo ::= SEQUENCE { listOfTickets [1] SEQUENCE OF TLS13NewSessionTicket, resumptionMasterSectret [2] OCTET STRING (SIZE(1..65535)) } -- RFC8446, clause 7.1 and 4.2.8: TLS-internal leys -- These keys/secrets are never directly used to encrypt -- data, and are therefore optional to provide as part of -- TLS13UAStarParams. -- RFC8446, clause 4.2.8 -- Shared Diffie-Hellman secret: derived from client's -- and server's key shares (as included in extensions). -- Can later be extended by adding PQC-based secrets, -- see e.g. draft-ietf-tls-hybrid-design-10. TLS13EstablishedSecrets ::= SEQUENCE { dHE [1] OCTET STRING (SIZE(1..65535)) OPTIONAL } -- RFC8446, clause 7.1 -- The actual traffic encryption keys are derived from the respective -- secret values below and a provided hashed handshake-message-transcript. TLS13EarlySecretInfo ::= SEQUENCE { earlySecretValue [1] OCTET STRING (SIZE(1..65535)), transcriptHash [2] OCTET STRING (SIZE(1..65535)) -– Hash(ClientHello) } TLS13HandshakeSecretInfo ::= SEQUENCE { handshakeSecretValue [1] OCTET STRING (SIZE(1..65535)), transcriptHash [2] OCTET STRING (SIZE(1..65535)) -– Hash(ClientHello..ServerHello) } -- RFC8446, clause 7.1 TLS13MasterSecretInfo ::= SEQUENCE { masterSecretValue [1] OCTET STRING (SIZE(1..65535)), transcriptHashS [2] OCTET STRING (SIZE(1..65535)) -– Hash(ClientHello..server Finished), transcriptHashC [3] OCTET STRING (SIZE(1..65535)) -– Hash(ClientHello..client Finished) } -- Complete TLS 1.3 cryptographic context, all inline -- references below are to clauses of RFC8446. TLS13UAStarParams ::= SEQUENCE { -- Basic cryptographic information. -- -- The offeredPSKs, offeredPSKModes and selectedPSK -- parameters are also provided as part of client and -- server extensions below. -- -- PSKs and key exchange modes offered by the client -- clause 4.2.9, 4.2.11. When AKMA (or other CSP-provided) -- keys are used, at least one offered PSK and key exchange mode -- will always be present offeredPSKs [1] SEQUENCE OF TLS13OfferedPSK, offeredPSKKeyExchangeModes [2] SEQUENCE OF TLS13PSKeyExchangeMode, -- The server-selected PSK, clause 4.2.11 -- selectedPSKIdentity = j means the server selects j:th offered PSK. selectedPSKIdentity [3] INTEGER (0..65535), -- Cryptographic state: transforms and sequence numbers. kDFAlgorithm [4] TLS13KDFAlgorithm, -- clause 7.1. clientSupportedCipherSuites [5] SEQUENCE OF TLS13CipherSuite OPTIONAL, selectedCipherSuite [6] TLS13CipherSuite, -- clause 4.2 and B.4. clientSequenceNumber [7] INTEGER, -- clause 5.3 serverSequenceNumber [8] INTEGER, -- clause 5.3 -- Handshake parameters, clause 4.1.2 and 4.1.3. clientRandom [9] OCTET STRING (SIZE(32)), serverRandom [10] OCTET STRING (SIZE(32)), legacySessionID [11] OCTET STRING (SIZE(0..32)), -- Complete contents of handshake extensions, clause 4.2. tLSClientHelloExtensions [12] SEQUENCE OF TLS13Extension, tLSServerHelloExtensions [13] SEQUENCE OF TLS13Extension, -- Encrypted server extensions, clause 4.3.1 (provided in plaintext). tLSPlaintextEncryptedExtensions [14] SEQUENCE OF TLS13Extension OPTIONAL, -- Authentication related parameters, clause 4.4 -- Certifcates are encrypted between client and server, -- these are the unencrypted certificate(s). tLSPlaintextClientCertificate [15] TLS13Certificate OPTIONAL, tLSPlaintextServerCertificate [16] TLS13Certificate OPTIONAL, -- Session key information fields, clause 7.1 earlySecret [17] TLS13EarlySecretInfo OPTIONAL, binderKey [18] OCTET STRING (SIZE(1..65535)) OPTIONAL, -- The key used by the cipher suite to encrypt early data is -- derived from clientEarlyTrafficSecret as described in clause 7.3. clientEarlyTrafficSecret [19] OCTET STRING (SIZE(1..65535)), earlyExporterMasterSecret [20] OCTET STRING (SIZE(1..65535)), -- Establised shared key (from Diffie-Hellman or similar). sharedKey [21] TLS13EstablishedSecrets OPTIONAL, handshakeSecret [22] TLS13HandshakeSecretInfo OPTIONAL, -- The keys used by the cipher suite to encrypt the handshake are -- derived from client- and serverHandshakeTrafficSecret as -- described in clause 7.3. clientHandshakeTrafficSecret [23] OCTET STRING (SIZE(1..65535)), serverHandshakeTrafficSecret [24] OCTET STRING (SIZE(1..65535)), masterSecret [25] TLS13MasterSecretInfo OPTIONAL, exporterMasterSectret [26] OCTET STRING (SIZE(1..65535)), -- The client and server application traffic secrets -- can change value during an ongoing session due to -- KeyUdpateRequest messages. The values to be provided below -- refer to the currently valid ones when the IRI message is -- generated. -- The keys used by the cipher suite to encrypt the application -- traffic are derived from client- and serverApplicationTrafficSecret -- as described in clause 7.3. clientApplicationTrafficSecret [27] OCTET STRING (SIZE(1..65535)), serverApplicationTrafficSecret [28] OCTET STRING (SIZE(1..65535)), -- Tickets for resumption, issued during current session, clause 4.6.2. tLSResumptionInfo [29] TLS13ResumptionInfo OPTIONAL } KAF ::= OCTET STRING KAKMA ::= OCTET STRING Loading Loading
33128/r19/TS33128Payloads.asn +262 −1 Original line number Diff line number Diff line Loading @@ -1245,7 +1245,8 @@ AKMAAFID ::= SEQUENCE UAStarParams ::= CHOICE { tls12 [1] TLS12UAStarParams, generic [2] GenericUAStarParams generic [2] GenericUAStarParams, tls13 [3] TLS13UAStarParams } GenericUAStarParams ::= SEQUENCE Loading Loading @@ -1301,6 +1302,266 @@ TLS12UAStarParams ::= SEQUENCE tLSClientExtensions [19] OCTET STRING (SIZE(0..65535)) OPTIONAL } -- =========================================== -- Specific UaStarParams for TLS 1.3 (RFC8446) -- =========================================== -- RFC8846, clause 4.2: Available handshake extension types. TLS13ExtensionType ::= ENUMERATED { serverName(0), maxFragmentLength(1), statusRequest(5), supportedGroups(10), signatureAlgorithms(13), useSRTP(14), heartbeat(15), applicationLayerProtocolNegotiation(16), signedCertificateTimestamp(18), clientCertificateType(19), serverCertificateType(20), padding(21), presharedKey(41), earlyData(42), supportedVersions(43), cookie(44), pSKKeyExchangeModes(45), certificateAuthorities(47), oIDFilters(48), postHandshakeAuth(49), signatureAlgorithmsCert(50), keyShare(51) } -- RFC8846, clause 4.2: Extensions. -- Carried as extension to the client's and server's Hello, -- or, in the server's EncryptedExtensions message. TLS13Extension ::= SEQUENCE { extensionType [1] TLS13ExtensionType, extensionData [2] OCTET STRING (SIZE(0..65535)) } -- RFC8446, clauses 4.1, 4.2, 7.1, and B.4: Cryptographic transforms -- RFC8446, clauses 4.1.1 and 4.1.2: Ciphersuite TLS13CipherSuite ::= CHOICE { rfc8446 [1] TLSCipherSuite -- Extensible for possible future purposes } -- RFC8446, clause 7.1 and B.4: Key derivation function. TLS13KDFAlgorithm ::= ENUMERATED { rfc5869(1) -- HKDF } -- RFC8846, clause 4.2.11 and B.4: Hash algorithm. TLS13PSKHashAlgorithm ::= ENUMERATED { sha256(1), sha384(2), sha512(3) } –- RFC8446, clause 4.4.2: Certificates. TLS13CertificateType ::= ENUMERATED { X509(0), RawPublicKey(2) } TLS13CerificateEntry ::= SEQUENCE { tLSCertificateType [1] TLS13CertificateType, tLSCertificateData [2] OCTET STRING (SIZE(1..16777215)), extensions [3] SEQUENCE OF TLS13Extension OPTIONAL } -- This will typically correspond to a certificate chain. TLS13Certificate ::= SEQUENCE { tLSCertificateRequestContext [1] OCTET STRING (SIZE(0..255)), tLSCertificateList [2] SEQUENCE OF TLS13CerificateEntry } -- RFC 8446, clause 4.2.9: Preshared key exchange mode. TLS13PSKeyExchangeMode ::= ENUMERATED { pSKKE(1), pSKDHEKE(2) } -- RFC8446, clause 4.2.11: Preshared keys (PSKs). -- PSKs obtained from AKMA use a specific prefix as part -- of the identity: "3GPP-AKMA" see TS 33.535 and 33.222. TLS13PSKIdentity ::= SEQUENCE { identity [1] OCTET STRING (SIZE(1..65535)), obfuscatedTicketAge [2] INTEGER (0..4294967295) } TLS13OfferedPSK ::= SEQUENCE { identity [1] TLS13PSKIdentity, binder [2] OCTET STRING (SIZE(32..255)), } -- Actual PSK, either explicitly provisioned or derived from -- an earlier issued TLS ticket and a resumptionMasterSectret. -- For AKMA, the PSK is the AKMA key K_AF. TLS13PSKInfo ::= SEQUENCE { pSKIdentity [1] TLS13PSKIdentity, pSKValue [2] OCTET STRING, pSKKeyExchangeMode [3] TLS13PSKeyExchangeMode, hashAlgorithm [4] TLS13PSKHashAlgorithm } -- RFC 8446, clause 4.6.1: Tickets and resumption info. TLS13NewSessionTicket ::= SEQUENCE { ticketLifeTime [1] INTEGER (0..4294967295), ticketAgeAdd [2] INTEGER (0..4294967295), ticketNonce [3] OCTET STRING (SIZE(0..255)), ticket [4] OCTET STRING (SIZE(1..65535)), extensions [5] SEQUENCE OF TLS13Extension } TLS13ResumptionInfo ::= SEQUENCE { listOfTickets [1] SEQUENCE OF TLS13NewSessionTicket, resumptionMasterSectret [2] OCTET STRING (SIZE(1..65535)) } -- RFC8446, clause 7.1 and 4.2.8: TLS-internal leys -- These keys/secrets are never directly used to encrypt -- data, and are therefore optional to provide as part of -- TLS13UAStarParams. -- RFC8446, clause 4.2.8 -- Shared Diffie-Hellman secret: derived from client's -- and server's key shares (as included in extensions). -- Can later be extended by adding PQC-based secrets, -- see e.g. draft-ietf-tls-hybrid-design-10. TLS13EstablishedSecrets ::= SEQUENCE { dHE [1] OCTET STRING (SIZE(1..65535)) OPTIONAL } -- RFC8446, clause 7.1 -- The actual traffic encryption keys are derived from the respective -- secret values below and a provided hashed handshake-message-transcript. TLS13EarlySecretInfo ::= SEQUENCE { earlySecretValue [1] OCTET STRING (SIZE(1..65535)), transcriptHash [2] OCTET STRING (SIZE(1..65535)) -– Hash(ClientHello) } TLS13HandshakeSecretInfo ::= SEQUENCE { handshakeSecretValue [1] OCTET STRING (SIZE(1..65535)), transcriptHash [2] OCTET STRING (SIZE(1..65535)) -– Hash(ClientHello..ServerHello) } -- RFC8446, clause 7.1 TLS13MasterSecretInfo ::= SEQUENCE { masterSecretValue [1] OCTET STRING (SIZE(1..65535)), transcriptHashS [2] OCTET STRING (SIZE(1..65535)) -– Hash(ClientHello..server Finished), transcriptHashC [3] OCTET STRING (SIZE(1..65535)) -– Hash(ClientHello..client Finished) } -- Complete TLS 1.3 cryptographic context, all inline -- references below are to clauses of RFC8446. TLS13UAStarParams ::= SEQUENCE { -- Basic cryptographic information. -- -- The offeredPSKs, offeredPSKModes and selectedPSK -- parameters are also provided as part of client and -- server extensions below. -- -- PSKs and key exchange modes offered by the client -- clause 4.2.9, 4.2.11. When AKMA (or other CSP-provided) -- keys are used, at least one offered PSK and key exchange mode -- will always be present offeredPSKs [1] SEQUENCE OF TLS13OfferedPSK, offeredPSKKeyExchangeModes [2] SEQUENCE OF TLS13PSKeyExchangeMode, -- The server-selected PSK, clause 4.2.11 -- selectedPSKIdentity = j means the server selects j:th offered PSK. selectedPSKIdentity [3] INTEGER (0..65535), -- Cryptographic state: transforms and sequence numbers. kDFAlgorithm [4] TLS13KDFAlgorithm, -- clause 7.1. clientSupportedCipherSuites [5] SEQUENCE OF TLS13CipherSuite OPTIONAL, selectedCipherSuite [6] TLS13CipherSuite, -- clause 4.2 and B.4. clientSequenceNumber [7] INTEGER, -- clause 5.3 serverSequenceNumber [8] INTEGER, -- clause 5.3 -- Handshake parameters, clause 4.1.2 and 4.1.3. clientRandom [9] OCTET STRING (SIZE(32)), serverRandom [10] OCTET STRING (SIZE(32)), legacySessionID [11] OCTET STRING (SIZE(0..32)), -- Complete contents of handshake extensions, clause 4.2. tLSClientHelloExtensions [12] SEQUENCE OF TLS13Extension, tLSServerHelloExtensions [13] SEQUENCE OF TLS13Extension, -- Encrypted server extensions, clause 4.3.1 (provided in plaintext). tLSPlaintextEncryptedExtensions [14] SEQUENCE OF TLS13Extension OPTIONAL, -- Authentication related parameters, clause 4.4 -- Certifcates are encrypted between client and server, -- these are the unencrypted certificate(s). tLSPlaintextClientCertificate [15] TLS13Certificate OPTIONAL, tLSPlaintextServerCertificate [16] TLS13Certificate OPTIONAL, -- Session key information fields, clause 7.1 earlySecret [17] TLS13EarlySecretInfo OPTIONAL, binderKey [18] OCTET STRING (SIZE(1..65535)) OPTIONAL, -- The key used by the cipher suite to encrypt early data is -- derived from clientEarlyTrafficSecret as described in clause 7.3. clientEarlyTrafficSecret [19] OCTET STRING (SIZE(1..65535)), earlyExporterMasterSecret [20] OCTET STRING (SIZE(1..65535)), -- Establised shared key (from Diffie-Hellman or similar). sharedKey [21] TLS13EstablishedSecrets OPTIONAL, handshakeSecret [22] TLS13HandshakeSecretInfo OPTIONAL, -- The keys used by the cipher suite to encrypt the handshake are -- derived from client- and serverHandshakeTrafficSecret as -- described in clause 7.3. clientHandshakeTrafficSecret [23] OCTET STRING (SIZE(1..65535)), serverHandshakeTrafficSecret [24] OCTET STRING (SIZE(1..65535)), masterSecret [25] TLS13MasterSecretInfo OPTIONAL, exporterMasterSectret [26] OCTET STRING (SIZE(1..65535)), -- The client and server application traffic secrets -- can change value during an ongoing session due to -- KeyUdpateRequest messages. The values to be provided below -- refer to the currently valid ones when the IRI message is -- generated. -- The keys used by the cipher suite to encrypt the application -- traffic are derived from client- and serverApplicationTrafficSecret -- as described in clause 7.3. clientApplicationTrafficSecret [27] OCTET STRING (SIZE(1..65535)), serverApplicationTrafficSecret [28] OCTET STRING (SIZE(1..65535)), -- Tickets for resumption, issued during current session, clause 4.6.2. tLSResumptionInfo [29] TLS13ResumptionInfo OPTIONAL } KAF ::= OCTET STRING KAKMA ::= OCTET STRING Loading
