From 70eb7b5f5113052c385aa573ed84bcaecb7dd214 Mon Sep 17 00:00:00 2001 From: naslundma Date: Mon, 7 Oct 2024 11:37:47 +0000 Subject: [PATCH 01/10] Update file TS33128Payloads.asn --- 33128/r19/TS33128Payloads.asn | 263 +++++++++++++++++++++++++++++++++- 1 file changed, 262 insertions(+), 1 deletion(-) diff --git a/33128/r19/TS33128Payloads.asn b/33128/r19/TS33128Payloads.asn index 647a36da..71c9b516 100644 --- a/33128/r19/TS33128Payloads.asn +++ b/33128/r19/TS33128Payloads.asn @@ -1245,7 +1245,8 @@ AKMAAFID ::= SEQUENCE UAStarParams ::= CHOICE { tls12 [1] TLS12UAStarParams, - generic [2] GenericUAStarParams + generic [2] GenericUAStarParams, + tls13 [3] TLS13UAStarParams } GenericUAStarParams ::= SEQUENCE @@ -1301,6 +1302,266 @@ TLS12UAStarParams ::= SEQUENCE tLSClientExtensions [19] OCTET STRING (SIZE(0..65535)) OPTIONAL } +-- =========================================== +-- Specific UaStarParams for TLS 1.3 (RFC8446) +-- =========================================== + +-- RFC8846, clause 4.2: Available handshake extension types. + +TLS13ExtensionType ::= ENUMERATED +{ + serverName(0), + maxFragmentLength(1), + statusRequest(5), + supportedGroups(10), + signatureAlgorithms(13), + useSRTP(14), + heartbeat(15), + applicationLayerProtocolNegotiation(16), + signedCertificateTimestamp(18), + clientCertificateType(19), + serverCertificateType(20), + padding(21), + presharedKey(41), + earlyData(42), + supportedVersions(43), + cookie(44), + pSKKeyExchangeModes(45), + certificateAuthorities(47), + oIDFilters(48), + postHandshakeAuth(49), + signatureAlgorithmsCert(50), + keyShare(51) +} + +-- RFC8846, clause 4.2: Extensions. +-- Carried as extension to the client's and server's Hello, +-- or, in the server's EncryptedExtensions message. +TLS13Extension ::= SEQUENCE +{ + extensionType [1] TLS13ExtensionType, + extensionData [2] OCTET STRING (SIZE(0..65535)) +} + + +-- RFC8446, clauses 4.1, 4.2, 7.1, and B.4: Cryptographic transforms + +-- RFC8446, clauses 4.1.1 and 4.1.2: Ciphersuite +TLS13CipherSuite ::= CHOICE +{ + rfc8446 [1] TLSCipherSuite + -- Extensible for possible future purposes +} + +-- RFC8446, clause 7.1 and B.4: Key derivation function. +TLS13KDFAlgorithm ::= ENUMERATED +{ + rfc5869(1) -- HKDF +} + +-- RFC8846, clause 4.2.11 and B.4: Hash algorithm. +TLS13PSKHashAlgorithm ::= ENUMERATED +{ + sha256(1), + sha384(2), + sha512(3) +} + + +–- RFC8446, clause 4.4.2: Certificates. + +TLS13CertificateType ::= ENUMERATED +{ + X509(0), + RawPublicKey(2) +} + +TLS13CerificateEntry ::= SEQUENCE +{ + tLSCertificateType [1] TLS13CertificateType, + tLSCertificateData [2] OCTET STRING (SIZE(1..16777215)), + extensions [3] SEQUENCE OF TLS13Extension OPTIONAL +} + +-- This will typically correspond to a certificate chain. +TLS13Certificate ::= SEQUENCE +{ + tLSCertificateRequestContext [1] OCTET STRING (SIZE(0..255)), + tLSCertificateList [2] SEQUENCE OF TLS13CerificateEntry +} + + +-- RFC 8446, clause 4.2.9: Preshared key exchange mode. +TLS13PSKeyExchangeMode ::= ENUMERATED +{ + pSKKE(1), + pSKDHEKE(2) +} + +-- RFC8446, clause 4.2.11: Preshared keys (PSKs). +-- PSKs obtained from AKMA use a specific prefix as part +-- of the identity: "3GPP-AKMA" see TS 33.535 and 33.222. +TLS13PSKIdentity ::= SEQUENCE +{ + identity [1] OCTET STRING (SIZE(1..65535)), + obfuscatedTicketAge [2] INTEGER (0..4294967295) +} + +TLS13OfferedPSK ::= SEQUENCE +{ + identity [1] TLS13PSKIdentity, + binder [2] OCTET STRING (SIZE(32..255)), +} + +-- Actual PSK, either explicitly provisioned or derived from +-- an earlier issued TLS ticket and a resumptionMasterSectret. +-- For AKMA, the PSK is the AKMA key K_AF. +TLS13PSKInfo ::= SEQUENCE +{ + pSKIdentity [1] TLS13PSKIdentity, + pSKValue [2] OCTET STRING, + pSKKeyExchangeMode [3] TLS13PSKeyExchangeMode, + hashAlgorithm [4] TLS13PSKHashAlgorithm +} + + + +-- RFC 8446, clause 4.6.1: Tickets and resumption info. + +TLS13NewSessionTicket ::= SEQUENCE +{ + ticketLifeTime [1] INTEGER (0..4294967295), + ticketAgeAdd [2] INTEGER (0..4294967295), + ticketNonce [3] OCTET STRING (SIZE(0..255)), + ticket [4] OCTET STRING (SIZE(1..65535)), + extensions [5] SEQUENCE OF TLS13Extension +} + + +TLS13ResumptionInfo ::= SEQUENCE +{ + listOfTickets [1] SEQUENCE OF TLS13NewSessionTicket, + resumptionMasterSectret [2] OCTET STRING (SIZE(1..65535)) +} + + +-- RFC8446, clause 7.1 and 4.2.8: TLS-internal leys +-- These keys/secrets are never directly used to encrypt +-- data, and are therefore optional to provide as part of +-- TLS13UAStarParams. + +-- RFC8446, clause 4.2.8 +-- Shared Diffie-Hellman secret: derived from client's +-- and server's key shares (as included in extensions). +-- Can later be extended by adding PQC-based secrets, +-- see e.g. draft-ietf-tls-hybrid-design-10. +TLS13EstablishedSecrets ::= SEQUENCE +{ + dHE [1] OCTET STRING (SIZE(1..65535)) OPTIONAL +} + + +-- RFC8446, clause 7.1 +-- The actual traffic encryption keys are derived from the respective +-- secret values below and a provided hashed handshake-message-transcript. +TLS13EarlySecretInfo ::= SEQUENCE +{ + earlySecretValue [1] OCTET STRING (SIZE(1..65535)), + transcriptHash [2] OCTET STRING (SIZE(1..65535)) + -– Hash(ClientHello) +} + +TLS13HandshakeSecretInfo ::= SEQUENCE +{ + handshakeSecretValue [1] OCTET STRING (SIZE(1..65535)), + transcriptHash [2] OCTET STRING (SIZE(1..65535)) + -– Hash(ClientHello..ServerHello) +} + +-- RFC8446, clause 7.1 +TLS13MasterSecretInfo ::= SEQUENCE +{ + masterSecretValue [1] OCTET STRING (SIZE(1..65535)), + transcriptHashS [2] OCTET STRING (SIZE(1..65535)) + -– Hash(ClientHello..server Finished), + transcriptHashC [3] OCTET STRING (SIZE(1..65535)) + -– Hash(ClientHello..client Finished) + +} + + +-- Complete TLS 1.3 cryptographic context, all inline +-- references below are to clauses of RFC8446. +TLS13UAStarParams ::= SEQUENCE +{ + -- Basic cryptographic information. + -- + -- The offeredPSKs, offeredPSKModes and selectedPSK + -- parameters are also provided as part of client and + -- server extensions below. + -- + -- PSKs and key exchange modes offered by the client + -- clause 4.2.9, 4.2.11. When AKMA (or other CSP-provided) + -- keys are used, at least one offered PSK and key exchange mode + -- will always be present + offeredPSKs [1] SEQUENCE OF TLS13OfferedPSK, + offeredPSKKeyExchangeModes [2] SEQUENCE OF TLS13PSKeyExchangeMode, + -- The server-selected PSK, clause 4.2.11 + -- selectedPSKIdentity = j means the server selects j:th offered PSK. + selectedPSKIdentity [3] INTEGER (0..65535), + -- Cryptographic state: transforms and sequence numbers. + kDFAlgorithm [4] TLS13KDFAlgorithm, -- clause 7.1. + clientSupportedCipherSuites [5] SEQUENCE OF TLS13CipherSuite OPTIONAL, + selectedCipherSuite [6] TLS13CipherSuite, -- clause 4.2 and B.4. + clientSequenceNumber [7] INTEGER, -- clause 5.3 + serverSequenceNumber [8] INTEGER, -- clause 5.3 + -- Handshake parameters, clause 4.1.2 and 4.1.3. + clientRandom [9] OCTET STRING (SIZE(32)), + serverRandom [10] OCTET STRING (SIZE(32)), + legacySessionID [11] OCTET STRING (SIZE(0..32)), + -- Complete contents of handshake extensions, clause 4.2. + tLSClientHelloExtensions [12] SEQUENCE OF TLS13Extension, + tLSServerHelloExtensions [13] SEQUENCE OF TLS13Extension, + -- Encrypted server extensions, clause 4.3.1 (provided in plaintext). + tLSPlaintextEncryptedExtensions [14] SEQUENCE OF TLS13Extension OPTIONAL, + -- Authentication related parameters, clause 4.4 + -- Certifcates are encrypted between client and server, + -- these are the unencrypted certificate(s). + tLSPlaintextClientCertificate [15] TLS13Certificate OPTIONAL, + tLSPlaintextServerCertificate [16] TLS13Certificate OPTIONAL, + -- Session key information fields, clause 7.1 + earlySecret [17] TLS13EarlySecretInfo OPTIONAL, + binderKey [18] OCTET STRING (SIZE(1..65535)) OPTIONAL, + -- The key used by the cipher suite to encrypt early data is + -- derived from clientEarlyTrafficSecret as described in clause 7.3. + clientEarlyTrafficSecret [19] OCTET STRING (SIZE(1..65535)), + earlyExporterMasterSecret [20] OCTET STRING (SIZE(1..65535)), + -- Establised shared key (from Diffie-Hellman or similar). + sharedKey [21] TLS13EstablishedSecrets OPTIONAL, + handshakeSecret [22] TLS13HandshakeSecretInfo OPTIONAL, + -- The keys used by the cipher suite to encrypt the handshake are + -- derived from client- and serverHandshakeTrafficSecret as + -- described in clause 7.3. + clientHandshakeTrafficSecret [23] OCTET STRING (SIZE(1..65535)), + serverHandshakeTrafficSecret [24] OCTET STRING (SIZE(1..65535)), + masterSecret [25] TLS13MasterSecretInfo OPTIONAL, + exporterMasterSectret [26] OCTET STRING (SIZE(1..65535)), + -- The client and server application traffic secrets + -- can change value during an ongoing session due to + -- KeyUdpateRequest messages. The values to be provided below + -- refer to the currently valid ones when the IRI message is + -- generated. + -- The keys used by the cipher suite to encrypt the application + -- traffic are derived from client- and serverApplicationTrafficSecret + -- as described in clause 7.3. + clientApplicationTrafficSecret [27] OCTET STRING (SIZE(1..65535)), + serverApplicationTrafficSecret [28] OCTET STRING (SIZE(1..65535)), + -- Tickets for resumption, issued during current session, clause 4.6.2. + tLSResumptionInfo [29] TLS13ResumptionInfo OPTIONAL +} + + + KAF ::= OCTET STRING KAKMA ::= OCTET STRING -- GitLab From 78f05c902d559627d5825ff411c38b2860445e6e Mon Sep 17 00:00:00 2001 From: naslundma Date: Mon, 7 Oct 2024 11:48:18 +0000 Subject: [PATCH 02/10] Update file TS33128Payloads.asn --- 33128/r19/TS33128Payloads.asn | 265 +++++++++++++++++----------------- 1 file changed, 132 insertions(+), 133 deletions(-) diff --git a/33128/r19/TS33128Payloads.asn b/33128/r19/TS33128Payloads.asn index 71c9b516..f8f2c6a8 100644 --- a/33128/r19/TS33128Payloads.asn +++ b/33128/r19/TS33128Payloads.asn @@ -1310,37 +1310,37 @@ TLS12UAStarParams ::= SEQUENCE TLS13ExtensionType ::= ENUMERATED { - serverName(0), - maxFragmentLength(1), - statusRequest(5), - supportedGroups(10), - signatureAlgorithms(13), - useSRTP(14), - heartbeat(15), - applicationLayerProtocolNegotiation(16), - signedCertificateTimestamp(18), - clientCertificateType(19), - serverCertificateType(20), - padding(21), - presharedKey(41), - earlyData(42), - supportedVersions(43), - cookie(44), - pSKKeyExchangeModes(45), - certificateAuthorities(47), - oIDFilters(48), - postHandshakeAuth(49), - signatureAlgorithmsCert(50), - keyShare(51) + serverName(0), + maxFragmentLength(1), + statusRequest(5), + supportedGroups(10), + signatureAlgorithms(13), + useSRTP(14), + heartbeat(15), + applicationLayerProtocolNegotiation(16), + signedCertificateTimestamp(18), + clientCertificateType(19), + serverCertificateType(20), + padding(21), + presharedKey(41), + earlyData(42), + supportedVersions(43), + cookie(44), + pSKKeyExchangeModes(45), + certificateAuthorities(47), + oIDFilters(48), + postHandshakeAuth(49), + signatureAlgorithmsCert(50), + keyShare(51) } -- RFC8846, clause 4.2: Extensions. --- Carried as extension to the client's and server's Hello, --- or, in the server's EncryptedExtensions message. +-- Carried as extension to the client's and server's Hello, +-- or, in the server's EncryptedExtensions message. TLS13Extension ::= SEQUENCE { - extensionType [1] TLS13ExtensionType, - extensionData [2] OCTET STRING (SIZE(0..65535)) + extensionType [1] TLS13ExtensionType, + extensionData [2] OCTET STRING (SIZE(0..65535)) } @@ -1356,45 +1356,45 @@ TLS13CipherSuite ::= CHOICE -- RFC8446, clause 7.1 and B.4: Key derivation function. TLS13KDFAlgorithm ::= ENUMERATED { - rfc5869(1) -- HKDF + rfc5869(1) -- HKDF } -- RFC8846, clause 4.2.11 and B.4: Hash algorithm. TLS13PSKHashAlgorithm ::= ENUMERATED { - sha256(1), - sha384(2), - sha512(3) + sha256(1), + sha384(2), + sha512(3) } –- RFC8446, clause 4.4.2: Certificates. -TLS13CertificateType ::= ENUMERATED -{ - X509(0), - RawPublicKey(2) +TLS13CertificateType ::= ENUMERATED +{ + X509(0), + RawPublicKey(2) } -TLS13CerificateEntry ::= SEQUENCE +TLS13CerificateEntry ::= SEQUENCE { - tLSCertificateType [1] TLS13CertificateType, - tLSCertificateData [2] OCTET STRING (SIZE(1..16777215)), - extensions [3] SEQUENCE OF TLS13Extension OPTIONAL + tLSCertificateType [1] TLS13CertificateType, + tLSCertificateData [2] OCTET STRING (SIZE(1..16777215)), + extensions [3] SEQUENCE OF TLS13Extension OPTIONAL } -- This will typically correspond to a certificate chain. -TLS13Certificate ::= SEQUENCE +TLS13Certificate ::= SEQUENCE { - tLSCertificateRequestContext [1] OCTET STRING (SIZE(0..255)), - tLSCertificateList [2] SEQUENCE OF TLS13CerificateEntry + tLSCertificateRequestContext [1] OCTET STRING (SIZE(0..255)), + tLSCertificateList [2] SEQUENCE OF TLS13CerificateEntry } -- RFC 8446, clause 4.2.9: Preshared key exchange mode. TLS13PSKeyExchangeMode ::= ENUMERATED { - pSKKE(1), + pSKKE(1), pSKDHEKE(2) } @@ -1418,10 +1418,10 @@ TLS13OfferedPSK ::= SEQUENCE -- For AKMA, the PSK is the AKMA key K_AF. TLS13PSKInfo ::= SEQUENCE { - pSKIdentity [1] TLS13PSKIdentity, - pSKValue [2] OCTET STRING, - pSKKeyExchangeMode [3] TLS13PSKeyExchangeMode, - hashAlgorithm [4] TLS13PSKHashAlgorithm + pSKIdentity [1] TLS13PSKIdentity, + pSKValue [2] OCTET STRING, + pSKKeyExchangeMode [3] TLS13PSKeyExchangeMode, + hashAlgorithm [4] TLS13PSKHashAlgorithm } @@ -1430,18 +1430,18 @@ TLS13PSKInfo ::= SEQUENCE TLS13NewSessionTicket ::= SEQUENCE { - ticketLifeTime [1] INTEGER (0..4294967295), - ticketAgeAdd [2] INTEGER (0..4294967295), - ticketNonce [3] OCTET STRING (SIZE(0..255)), - ticket [4] OCTET STRING (SIZE(1..65535)), - extensions [5] SEQUENCE OF TLS13Extension + ticketLifeTime [1] INTEGER (0..4294967295), + ticketAgeAdd [2] INTEGER (0..4294967295), + ticketNonce [3] OCTET STRING (SIZE(0..255)), + ticket [4] OCTET STRING (SIZE(1..65535)), + extensions [5] SEQUENCE OF TLS13Extension } -TLS13ResumptionInfo ::= SEQUENCE +TLS13ResumptionInfo ::= SEQUENCE { - listOfTickets [1] SEQUENCE OF TLS13NewSessionTicket, - resumptionMasterSectret [2] OCTET STRING (SIZE(1..65535)) + listOfTickets [1] SEQUENCE OF TLS13NewSessionTicket, + resumptionMasterSectret [2] OCTET STRING (SIZE(1..65535)) } @@ -1457,36 +1457,35 @@ TLS13ResumptionInfo ::= SEQUENCE -- see e.g. draft-ietf-tls-hybrid-design-10. TLS13EstablishedSecrets ::= SEQUENCE { - dHE [1] OCTET STRING (SIZE(1..65535)) OPTIONAL + dHE [1] OCTET STRING (SIZE(1..65535)) OPTIONAL } -- RFC8446, clause 7.1 -- The actual traffic encryption keys are derived from the respective -- secret values below and a provided hashed handshake-message-transcript. -TLS13EarlySecretInfo ::= SEQUENCE +TLS13EarlySecretInfo ::= SEQUENCE { - earlySecretValue [1] OCTET STRING (SIZE(1..65535)), - transcriptHash [2] OCTET STRING (SIZE(1..65535)) - -– Hash(ClientHello) + earlySecretValue [1] OCTET STRING (SIZE(1..65535)), + transcriptHash [2] OCTET STRING (SIZE(1..65535)) + -– Hash(ClientHello) } -TLS13HandshakeSecretInfo ::= SEQUENCE +TLS13HandshakeSecretInfo ::= SEQUENCE { - handshakeSecretValue [1] OCTET STRING (SIZE(1..65535)), - transcriptHash [2] OCTET STRING (SIZE(1..65535)) - -– Hash(ClientHello..ServerHello) + handshakeSecretValue [1] OCTET STRING (SIZE(1..65535)), + transcriptHash [2] OCTET STRING (SIZE(1..65535)) + -– Hash(ClientHello..ServerHello) } -- RFC8446, clause 7.1 TLS13MasterSecretInfo ::= SEQUENCE { - masterSecretValue [1] OCTET STRING (SIZE(1..65535)), - transcriptHashS [2] OCTET STRING (SIZE(1..65535)) - -– Hash(ClientHello..server Finished), - transcriptHashC [3] OCTET STRING (SIZE(1..65535)) - -– Hash(ClientHello..client Finished) - + masterSecretValue [1] OCTET STRING (SIZE(1..65535)), + transcriptHashS [2] OCTET STRING (SIZE(1..65535)), + -– Hash(ClientHello..server Finished) + transcriptHashC [3] OCTET STRING (SIZE(1..65535)) + -– Hash(ClientHello..client Finished) } @@ -1494,70 +1493,70 @@ TLS13MasterSecretInfo ::= SEQUENCE -- references below are to clauses of RFC8446. TLS13UAStarParams ::= SEQUENCE { - -- Basic cryptographic information. - -- - -- The offeredPSKs, offeredPSKModes and selectedPSK - -- parameters are also provided as part of client and - -- server extensions below. - -- - -- PSKs and key exchange modes offered by the client - -- clause 4.2.9, 4.2.11. When AKMA (or other CSP-provided) - -- keys are used, at least one offered PSK and key exchange mode - -- will always be present - offeredPSKs [1] SEQUENCE OF TLS13OfferedPSK, - offeredPSKKeyExchangeModes [2] SEQUENCE OF TLS13PSKeyExchangeMode, - -- The server-selected PSK, clause 4.2.11 - -- selectedPSKIdentity = j means the server selects j:th offered PSK. - selectedPSKIdentity [3] INTEGER (0..65535), - -- Cryptographic state: transforms and sequence numbers. - kDFAlgorithm [4] TLS13KDFAlgorithm, -- clause 7.1. - clientSupportedCipherSuites [5] SEQUENCE OF TLS13CipherSuite OPTIONAL, - selectedCipherSuite [6] TLS13CipherSuite, -- clause 4.2 and B.4. - clientSequenceNumber [7] INTEGER, -- clause 5.3 - serverSequenceNumber [8] INTEGER, -- clause 5.3 - -- Handshake parameters, clause 4.1.2 and 4.1.3. - clientRandom [9] OCTET STRING (SIZE(32)), - serverRandom [10] OCTET STRING (SIZE(32)), - legacySessionID [11] OCTET STRING (SIZE(0..32)), - -- Complete contents of handshake extensions, clause 4.2. - tLSClientHelloExtensions [12] SEQUENCE OF TLS13Extension, - tLSServerHelloExtensions [13] SEQUENCE OF TLS13Extension, - -- Encrypted server extensions, clause 4.3.1 (provided in plaintext). - tLSPlaintextEncryptedExtensions [14] SEQUENCE OF TLS13Extension OPTIONAL, - -- Authentication related parameters, clause 4.4 - -- Certifcates are encrypted between client and server, - -- these are the unencrypted certificate(s). - tLSPlaintextClientCertificate [15] TLS13Certificate OPTIONAL, - tLSPlaintextServerCertificate [16] TLS13Certificate OPTIONAL, - -- Session key information fields, clause 7.1 - earlySecret [17] TLS13EarlySecretInfo OPTIONAL, - binderKey [18] OCTET STRING (SIZE(1..65535)) OPTIONAL, - -- The key used by the cipher suite to encrypt early data is - -- derived from clientEarlyTrafficSecret as described in clause 7.3. - clientEarlyTrafficSecret [19] OCTET STRING (SIZE(1..65535)), - earlyExporterMasterSecret [20] OCTET STRING (SIZE(1..65535)), - -- Establised shared key (from Diffie-Hellman or similar). - sharedKey [21] TLS13EstablishedSecrets OPTIONAL, - handshakeSecret [22] TLS13HandshakeSecretInfo OPTIONAL, - -- The keys used by the cipher suite to encrypt the handshake are - -- derived from client- and serverHandshakeTrafficSecret as - -- described in clause 7.3. - clientHandshakeTrafficSecret [23] OCTET STRING (SIZE(1..65535)), - serverHandshakeTrafficSecret [24] OCTET STRING (SIZE(1..65535)), - masterSecret [25] TLS13MasterSecretInfo OPTIONAL, - exporterMasterSectret [26] OCTET STRING (SIZE(1..65535)), - -- The client and server application traffic secrets - -- can change value during an ongoing session due to - -- KeyUdpateRequest messages. The values to be provided below - -- refer to the currently valid ones when the IRI message is - -- generated. - -- The keys used by the cipher suite to encrypt the application - -- traffic are derived from client- and serverApplicationTrafficSecret - -- as described in clause 7.3. - clientApplicationTrafficSecret [27] OCTET STRING (SIZE(1..65535)), - serverApplicationTrafficSecret [28] OCTET STRING (SIZE(1..65535)), - -- Tickets for resumption, issued during current session, clause 4.6.2. - tLSResumptionInfo [29] TLS13ResumptionInfo OPTIONAL + -- Basic cryptographic information. + -- + -- The offeredPSKs, offeredPSKModes and selectedPSK + -- parameters are also provided as part of client and + -- server extensions below. + -- + -- PSKs and key exchange modes offered by the client + -- clause 4.2.9, 4.2.11. When AKMA (or other CSP-provided) + -- keys are used, at least one offered PSK and key exchange mode + -- will always be present + offeredPSKs [1] SEQUENCE OF TLS13OfferedPSK, + offeredPSKKeyExchangeModes [2] SEQUENCE OF TLS13PSKeyExchangeMode, + -- The server-selected PSK, clause 4.2.11 + -- selectedPSKIdentity = j means the server selects j:th offered PSK. + selectedPSKIdentity [3] INTEGER (0..65535), + -- Cryptographic state: transforms and sequence numbers. + kDFAlgorithm [4] TLS13KDFAlgorithm, -- clause 7.1. + clientSupportedCipherSuites [5] SEQUENCE OF TLS13CipherSuite OPTIONAL, + selectedCipherSuite [6] TLS13CipherSuite, -- clause 4.2 and B.4. + clientSequenceNumber [7] INTEGER, -- clause 5.3 + serverSequenceNumber [8] INTEGER, -- clause 5.3 + -- Handshake parameters, clause 4.1.2 and 4.1.3. + clientRandom [9] OCTET STRING (SIZE(32)), + serverRandom [10] OCTET STRING (SIZE(32)), + legacySessionID [11] OCTET STRING (SIZE(0..32)), + -- Complete contents of handshake extensions, clause 4.2. + tLSClientHelloExtensions [12] SEQUENCE OF TLS13Extension, + tLSServerHelloExtensions [13] SEQUENCE OF TLS13Extension, + -- Encrypted server extensions, clause 4.3.1 (provided in plaintext). + tLSPlaintextEncryptedExtensions [14] SEQUENCE OF TLS13Extension OPTIONAL, + -- Authentication related parameters, clause 4.4 + -- Certifcates are encrypted between client and server, + -- these are the unencrypted certificate(s). + tLSPlaintextClientCertificate [15] TLS13Certificate OPTIONAL, + tLSPlaintextServerCertificate [16] TLS13Certificate OPTIONAL, + -- Session key information fields, clause 7.1 + earlySecret [17] TLS13EarlySecretInfo OPTIONAL, + binderKey [18] OCTET STRING (SIZE(1..65535)) OPTIONAL, + -- The key used by the cipher suite to encrypt early data is + -- derived from clientEarlyTrafficSecret as described in clause 7.3. + clientEarlyTrafficSecret [19] OCTET STRING (SIZE(1..65535)), + earlyExporterMasterSecret [20] OCTET STRING (SIZE(1..65535)), + -- Establised shared key (from Diffie-Hellman or similar). + sharedKey [21] TLS13EstablishedSecrets OPTIONAL, + handshakeSecret [22] TLS13HandshakeSecretInfo OPTIONAL, + -- The keys used by the cipher suite to encrypt the handshake are + -- derived from client- and serverHandshakeTrafficSecret as + -- described in clause 7.3. + clientHandshakeTrafficSecret [23] OCTET STRING (SIZE(1..65535)), + serverHandshakeTrafficSecret [24] OCTET STRING (SIZE(1..65535)), + masterSecret [25] TLS13MasterSecretInfo OPTIONAL, + exporterMasterSectret [26] OCTET STRING (SIZE(1..65535)), + -- The client and server application traffic secrets + -- can change value during an ongoing session due to + -- KeyUdpateRequest messages. The values to be provided below + -- refer to the currently valid ones when the IRI message is + -- generated. + -- The keys used by the cipher suite to encrypt the application + -- traffic are derived from client- and serverApplicationTrafficSecret + -- as described in clause 7.3. + clientApplicationTrafficSecret [27] OCTET STRING (SIZE(1..65535)), + serverApplicationTrafficSecret [28] OCTET STRING (SIZE(1..65535)), + -- Tickets for resumption, issued during current session, clause 4.6.2. + tLSResumptionInfo [29] TLS13ResumptionInfo OPTIONAL } -- GitLab From 0b38ff0ca9b01ff25484e607b320edd729e2db0e Mon Sep 17 00:00:00 2001 From: naslundma Date: Mon, 7 Oct 2024 12:02:11 +0000 Subject: [PATCH 03/10] Update file TS33128Payloads.asn --- 33128/r19/TS33128Payloads.asn | 48 +++++++++++++++++------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/33128/r19/TS33128Payloads.asn b/33128/r19/TS33128Payloads.asn index f8f2c6a8..98bed4ff 100644 --- a/33128/r19/TS33128Payloads.asn +++ b/33128/r19/TS33128Payloads.asn @@ -1374,10 +1374,10 @@ TLS13CertificateType ::= ENUMERATED { X509(0), RawPublicKey(2) -} +} TLS13CerificateEntry ::= SEQUENCE -{ +{ tLSCertificateType [1] TLS13CertificateType, tLSCertificateData [2] OCTET STRING (SIZE(1..16777215)), extensions [3] SEQUENCE OF TLS13Extension OPTIONAL @@ -1385,7 +1385,7 @@ TLS13CerificateEntry ::= SEQUENCE -- This will typically correspond to a certificate chain. TLS13Certificate ::= SEQUENCE -{ +{ tLSCertificateRequestContext [1] OCTET STRING (SIZE(0..255)), tLSCertificateList [2] SEQUENCE OF TLS13CerificateEntry } @@ -1399,7 +1399,7 @@ TLS13PSKeyExchangeMode ::= ENUMERATED } -- RFC8446, clause 4.2.11: Preshared keys (PSKs). --- PSKs obtained from AKMA use a specific prefix as part +-- PSKs obtained from AKMA use a specific prefix as part -- of the identity: "3GPP-AKMA" see TS 33.535 and 33.222. TLS13PSKIdentity ::= SEQUENCE { @@ -1413,7 +1413,7 @@ TLS13OfferedPSK ::= SEQUENCE binder [2] OCTET STRING (SIZE(32..255)), } --- Actual PSK, either explicitly provisioned or derived from +-- Actual PSK, either explicitly provisioned or derived from -- an earlier issued TLS ticket and a resumptionMasterSectret. -- For AKMA, the PSK is the AKMA key K_AF. TLS13PSKInfo ::= SEQUENCE @@ -1446,14 +1446,14 @@ TLS13ResumptionInfo ::= SEQUENCE -- RFC8446, clause 7.1 and 4.2.8: TLS-internal leys --- These keys/secrets are never directly used to encrypt --- data, and are therefore optional to provide as part of +-- These keys/secrets are never directly used to encrypt +-- data, and are therefore optional to provide as part of -- TLS13UAStarParams. -- RFC8446, clause 4.2.8 --- Shared Diffie-Hellman secret: derived from client's --- and server's key shares (as included in extensions). --- Can later be extended by adding PQC-based secrets, +-- Shared Diffie-Hellman secret: derived from client's +-- and server's key shares (as included in extensions). +-- Can later be extended by adding PQC-based secrets, -- see e.g. draft-ietf-tls-hybrid-design-10. TLS13EstablishedSecrets ::= SEQUENCE { @@ -1463,7 +1463,7 @@ TLS13EstablishedSecrets ::= SEQUENCE -- RFC8446, clause 7.1 -- The actual traffic encryption keys are derived from the respective --- secret values below and a provided hashed handshake-message-transcript. +-- secret values below and a provided hashed handshake-message-transcript. TLS13EarlySecretInfo ::= SEQUENCE { earlySecretValue [1] OCTET STRING (SIZE(1..65535)), @@ -1479,12 +1479,12 @@ TLS13HandshakeSecretInfo ::= SEQUENCE } -- RFC8446, clause 7.1 -TLS13MasterSecretInfo ::= SEQUENCE +TLS13MasterSecretInfo ::= SEQUENCE { masterSecretValue [1] OCTET STRING (SIZE(1..65535)), transcriptHashS [2] OCTET STRING (SIZE(1..65535)), -– Hash(ClientHello..server Finished) - transcriptHashC [3] OCTET STRING (SIZE(1..65535)) + transcriptHashC [3] OCTET STRING (SIZE(1..65535)) -– Hash(ClientHello..client Finished) } @@ -1499,7 +1499,7 @@ TLS13UAStarParams ::= SEQUENCE -- parameters are also provided as part of client and -- server extensions below. -- - -- PSKs and key exchange modes offered by the client + -- PSKs and key exchange modes offered by the client -- clause 4.2.9, 4.2.11. When AKMA (or other CSP-provided) -- keys are used, at least one offered PSK and key exchange mode -- will always be present @@ -1512,7 +1512,7 @@ TLS13UAStarParams ::= SEQUENCE kDFAlgorithm [4] TLS13KDFAlgorithm, -- clause 7.1. clientSupportedCipherSuites [5] SEQUENCE OF TLS13CipherSuite OPTIONAL, selectedCipherSuite [6] TLS13CipherSuite, -- clause 4.2 and B.4. - clientSequenceNumber [7] INTEGER, -- clause 5.3 + clientSequenceNumber [7] INTEGER, -- clause 5.3 serverSequenceNumber [8] INTEGER, -- clause 5.3 -- Handshake parameters, clause 4.1.2 and 4.1.3. clientRandom [9] OCTET STRING (SIZE(32)), @@ -1539,21 +1539,21 @@ TLS13UAStarParams ::= SEQUENCE sharedKey [21] TLS13EstablishedSecrets OPTIONAL, handshakeSecret [22] TLS13HandshakeSecretInfo OPTIONAL, -- The keys used by the cipher suite to encrypt the handshake are - -- derived from client- and serverHandshakeTrafficSecret as - -- described in clause 7.3. + -- derived from client- and serverHandshakeTrafficSecret as + -- described in clause 7.3. clientHandshakeTrafficSecret [23] OCTET STRING (SIZE(1..65535)), serverHandshakeTrafficSecret [24] OCTET STRING (SIZE(1..65535)), - masterSecret [25] TLS13MasterSecretInfo OPTIONAL, + masterSecret [25] TLS13MasterSecretInfo OPTIONAL, exporterMasterSectret [26] OCTET STRING (SIZE(1..65535)), - -- The client and server application traffic secrets - -- can change value during an ongoing session due to - -- KeyUdpateRequest messages. The values to be provided below + -- The client and server application traffic secrets + -- can change value during an ongoing session due to + -- KeyUdpateRequest messages. The values to be provided below -- refer to the currently valid ones when the IRI message is -- generated. - -- The keys used by the cipher suite to encrypt the application - -- traffic are derived from client- and serverApplicationTrafficSecret + -- The keys used by the cipher suite to encrypt the application + -- traffic are derived from client- and serverApplicationTrafficSecret -- as described in clause 7.3. - clientApplicationTrafficSecret [27] OCTET STRING (SIZE(1..65535)), + clientApplicationTrafficSecret [27] OCTET STRING (SIZE(1..65535)), serverApplicationTrafficSecret [28] OCTET STRING (SIZE(1..65535)), -- Tickets for resumption, issued during current session, clause 4.6.2. tLSResumptionInfo [29] TLS13ResumptionInfo OPTIONAL -- GitLab From 351ffd6d544f3665abd2061fe9a8b61735e473af Mon Sep 17 00:00:00 2001 From: naslundma Date: Tue, 8 Oct 2024 06:53:04 +0000 Subject: [PATCH 04/10] Update file TS33128Payloads.asn --- 33128/r19/TS33128Payloads.asn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/33128/r19/TS33128Payloads.asn b/33128/r19/TS33128Payloads.asn index 98bed4ff..fb220080 100644 --- a/33128/r19/TS33128Payloads.asn +++ b/33128/r19/TS33128Payloads.asn @@ -1400,7 +1400,7 @@ TLS13PSKeyExchangeMode ::= ENUMERATED -- RFC8446, clause 4.2.11: Preshared keys (PSKs). -- PSKs obtained from AKMA use a specific prefix as part --- of the identity: "3GPP-AKMA" see TS 33.535 and 33.222. +-- of the identity: 3GPP-AKMA, see TS 33.535 and 33.222. TLS13PSKIdentity ::= SEQUENCE { identity [1] OCTET STRING (SIZE(1..65535)), -- GitLab From b41f680949bb09bcdd9c900ce89fe4f7dbfe5bc8 Mon Sep 17 00:00:00 2001 From: mark Date: Tue, 8 Oct 2024 08:36:42 +0100 Subject: [PATCH 05/10] Fixing issues --- 33128/r19/TS33128Payloads.asn | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/33128/r19/TS33128Payloads.asn b/33128/r19/TS33128Payloads.asn index fb220080..68580979 100644 --- a/33128/r19/TS33128Payloads.asn +++ b/33128/r19/TS33128Payloads.asn @@ -1368,12 +1368,12 @@ TLS13PSKHashAlgorithm ::= ENUMERATED } -–- RFC8446, clause 4.4.2: Certificates. +-- RFC8446, clause 4.4.2: Certificates. TLS13CertificateType ::= ENUMERATED { - X509(0), - RawPublicKey(2) + x509(0), + rawPublicKey(2) } TLS13CerificateEntry ::= SEQUENCE @@ -1410,7 +1410,7 @@ TLS13PSKIdentity ::= SEQUENCE TLS13OfferedPSK ::= SEQUENCE { identity [1] TLS13PSKIdentity, - binder [2] OCTET STRING (SIZE(32..255)), + binder [2] OCTET STRING (SIZE(32..255)) } -- Actual PSK, either explicitly provisioned or derived from @@ -1468,14 +1468,14 @@ TLS13EarlySecretInfo ::= SEQUENCE { earlySecretValue [1] OCTET STRING (SIZE(1..65535)), transcriptHash [2] OCTET STRING (SIZE(1..65535)) - -– Hash(ClientHello) + -- Hash(ClientHello) } TLS13HandshakeSecretInfo ::= SEQUENCE { handshakeSecretValue [1] OCTET STRING (SIZE(1..65535)), transcriptHash [2] OCTET STRING (SIZE(1..65535)) - -– Hash(ClientHello..ServerHello) + -- Hash(ClientHello..ServerHello) } -- RFC8446, clause 7.1 @@ -1483,9 +1483,9 @@ TLS13MasterSecretInfo ::= SEQUENCE { masterSecretValue [1] OCTET STRING (SIZE(1..65535)), transcriptHashS [2] OCTET STRING (SIZE(1..65535)), - -– Hash(ClientHello..server Finished) + -- Hash(ClientHello..server Finished) transcriptHashC [3] OCTET STRING (SIZE(1..65535)) - -– Hash(ClientHello..client Finished) + -- Hash(ClientHello..client Finished) } -- GitLab From 018d492c3212d50bf4526b36aaf75ea0dc98b4ea Mon Sep 17 00:00:00 2001 From: naslundma Date: Thu, 10 Oct 2024 15:27:10 +0000 Subject: [PATCH 06/10] Update file TS33128Payloads.asn --- 33128/r19/TS33128Payloads.asn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/33128/r19/TS33128Payloads.asn b/33128/r19/TS33128Payloads.asn index 68580979..f6032072 100644 --- a/33128/r19/TS33128Payloads.asn +++ b/33128/r19/TS33128Payloads.asn @@ -1372,7 +1372,7 @@ TLS13PSKHashAlgorithm ::= ENUMERATED TLS13CertificateType ::= ENUMERATED { - x509(0), + x509(1), rawPublicKey(2) } -- GitLab From 67f023260d79dd043c36fb0534001279380677f5 Mon Sep 17 00:00:00 2001 From: naslundma Date: Thu, 10 Oct 2024 15:31:16 +0000 Subject: [PATCH 07/10] Update file TS33128Payloads.asn --- 33128/r19/TS33128Payloads.asn | 46 +++++++++++++++++------------------ 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/33128/r19/TS33128Payloads.asn b/33128/r19/TS33128Payloads.asn index f6032072..cec4963b 100644 --- a/33128/r19/TS33128Payloads.asn +++ b/33128/r19/TS33128Payloads.asn @@ -1310,28 +1310,28 @@ TLS12UAStarParams ::= SEQUENCE TLS13ExtensionType ::= ENUMERATED { - serverName(0), - maxFragmentLength(1), - statusRequest(5), - supportedGroups(10), - signatureAlgorithms(13), - useSRTP(14), - heartbeat(15), - applicationLayerProtocolNegotiation(16), - signedCertificateTimestamp(18), - clientCertificateType(19), - serverCertificateType(20), - padding(21), - presharedKey(41), - earlyData(42), - supportedVersions(43), - cookie(44), - pSKKeyExchangeModes(45), - certificateAuthorities(47), - oIDFilters(48), - postHandshakeAuth(49), - signatureAlgorithmsCert(50), - keyShare(51) + serverName(1), + maxFragmentLength(2), + statusRequest(3), + supportedGroups(4), + signatureAlgorithms(5), + useSRTP(6), + heartbeat(7), + applicationLayerProtocolNegotiation(8), + signedCertificateTimestamp(9), + clientCertificateType(10), + serverCertificateType(11), + padding(12), + presharedKey(13), + earlyData(14), + supportedVersions(15), + cookie(16), + pSKKeyExchangeModes(17), + certificateAuthorities(18), + oIDFilters(19), + postHandshakeAuth(20), + signatureAlgorithmsCert(21), + keyShare(22) } -- RFC8846, clause 4.2: Extensions. @@ -1434,7 +1434,7 @@ TLS13NewSessionTicket ::= SEQUENCE ticketAgeAdd [2] INTEGER (0..4294967295), ticketNonce [3] OCTET STRING (SIZE(0..255)), ticket [4] OCTET STRING (SIZE(1..65535)), - extensions [5] SEQUENCE OF TLS13Extension + extensions [5] SEQUENCE OF TLS13Extension OPTIONAL } -- GitLab From 395f4533fbd08a2ba8b446c5c3b62422b3fa5531 Mon Sep 17 00:00:00 2001 From: naslundma Date: Fri, 11 Oct 2024 08:43:41 +0000 Subject: [PATCH 08/10] Update file TS33128Payloads.asn --- 33128/r19/TS33128Payloads.asn | 72 +++++++++++++++++------------------ 1 file changed, 35 insertions(+), 37 deletions(-) diff --git a/33128/r19/TS33128Payloads.asn b/33128/r19/TS33128Payloads.asn index cec4963b..0fed7dd9 100644 --- a/33128/r19/TS33128Payloads.asn +++ b/33128/r19/TS33128Payloads.asn @@ -1413,7 +1413,7 @@ TLS13OfferedPSK ::= SEQUENCE binder [2] OCTET STRING (SIZE(32..255)) } --- Actual PSK, either explicitly provisioned or derived from +-- Actual TLS PSK, either explicitly provisioned or derived from -- an earlier issued TLS ticket and a resumptionMasterSectret. -- For AKMA, the PSK is the AKMA key K_AF. TLS13PSKInfo ::= SEQUENCE @@ -1426,7 +1426,7 @@ TLS13PSKInfo ::= SEQUENCE --- RFC 8446, clause 4.6.1: Tickets and resumption info. +-- RFC 8446, clause 4.6.1: Tickets/resumption info. TLS13NewSessionTicket ::= SEQUENCE { @@ -1438,12 +1438,6 @@ TLS13NewSessionTicket ::= SEQUENCE } -TLS13ResumptionInfo ::= SEQUENCE -{ - listOfTickets [1] SEQUENCE OF TLS13NewSessionTicket, - resumptionMasterSectret [2] OCTET STRING (SIZE(1..65535)) -} - -- RFC8446, clause 7.1 and 4.2.8: TLS-internal leys -- These keys/secrets are never directly used to encrypt @@ -1462,7 +1456,7 @@ TLS13EstablishedSecrets ::= SEQUENCE -- RFC8446, clause 7.1 --- The actual traffic encryption keys are derived from the respective +-- The actual encryption keys are derived from the respective -- secret values below and a provided hashed handshake-message-transcript. TLS13EarlySecretInfo ::= SEQUENCE { @@ -1478,7 +1472,6 @@ TLS13HandshakeSecretInfo ::= SEQUENCE -- Hash(ClientHello..ServerHello) } --- RFC8446, clause 7.1 TLS13MasterSecretInfo ::= SEQUENCE { masterSecretValue [1] OCTET STRING (SIZE(1..65535)), @@ -1502,49 +1495,51 @@ TLS13UAStarParams ::= SEQUENCE -- PSKs and key exchange modes offered by the client -- clause 4.2.9, 4.2.11. When AKMA (or other CSP-provided) -- keys are used, at least one offered PSK and key exchange mode - -- will always be present + -- will always be present in the client extensions offeredPSKs [1] SEQUENCE OF TLS13OfferedPSK, offeredPSKKeyExchangeModes [2] SEQUENCE OF TLS13PSKeyExchangeMode, -- The server-selected PSK, clause 4.2.11 -- selectedPSKIdentity = j means the server selects j:th offered PSK. selectedPSKIdentity [3] INTEGER (0..65535), + -- The actual TLS PSK. When AKMA is used, this key will typically also + -- be provided as an associated AFKeyInfo IRI, see below. + selectedPSK [4] TLS13PSKInfo, -- Cryptographic state: transforms and sequence numbers. - kDFAlgorithm [4] TLS13KDFAlgorithm, -- clause 7.1. - clientSupportedCipherSuites [5] SEQUENCE OF TLS13CipherSuite OPTIONAL, - selectedCipherSuite [6] TLS13CipherSuite, -- clause 4.2 and B.4. - clientSequenceNumber [7] INTEGER, -- clause 5.3 - serverSequenceNumber [8] INTEGER, -- clause 5.3 + kDFAlgorithm [5] TLS13KDFAlgorithm, -- clause 7.1. + clientSupportedCipherSuites [6] SEQUENCE OF TLS13CipherSuite OPTIONAL, + selectedCipherSuite [7] TLS13CipherSuite, -- clause 4.2 and B.4. + clientSequenceNumber [8] INTEGER, -- clause 5.3 + serverSequenceNumber [9] INTEGER, -- clause 5.3 -- Handshake parameters, clause 4.1.2 and 4.1.3. - clientRandom [9] OCTET STRING (SIZE(32)), - serverRandom [10] OCTET STRING (SIZE(32)), - legacySessionID [11] OCTET STRING (SIZE(0..32)), + clientRandom [10] OCTET STRING (SIZE(32)), + serverRandom [11] OCTET STRING (SIZE(32)), + legacySessionID [12] OCTET STRING (SIZE(0..32)), -- Complete contents of handshake extensions, clause 4.2. - tLSClientHelloExtensions [12] SEQUENCE OF TLS13Extension, - tLSServerHelloExtensions [13] SEQUENCE OF TLS13Extension, - -- Encrypted server extensions, clause 4.3.1 (provided in plaintext). - tLSPlaintextEncryptedExtensions [14] SEQUENCE OF TLS13Extension OPTIONAL, + tLSClientHelloExtensions [13] SEQUENCE OF TLS13Extension, + tLSServerHelloExtensions [14] SEQUENCE OF TLS13Extension, + -- Encrypted server extensions, clause 4.3.1 (here provided in plaintext). + tLSPlaintextEncryptedExtensions [15] SEQUENCE OF TLS13Extension OPTIONAL, -- Authentication related parameters, clause 4.4 -- Certifcates are encrypted between client and server, -- these are the unencrypted certificate(s). - tLSPlaintextClientCertificate [15] TLS13Certificate OPTIONAL, - tLSPlaintextServerCertificate [16] TLS13Certificate OPTIONAL, + tLSPlaintextClientCertificate [16] TLS13Certificate OPTIONAL, + tLSPlaintextServerCertificate [17] TLS13Certificate OPTIONAL, -- Session key information fields, clause 7.1 - earlySecret [17] TLS13EarlySecretInfo OPTIONAL, - binderKey [18] OCTET STRING (SIZE(1..65535)) OPTIONAL, + earlySecret [18] TLS13EarlySecretInfo OPTIONAL, + binderKey [19] OCTET STRING (SIZE(1..65535)) OPTIONAL, -- The key used by the cipher suite to encrypt early data is -- derived from clientEarlyTrafficSecret as described in clause 7.3. - clientEarlyTrafficSecret [19] OCTET STRING (SIZE(1..65535)), - earlyExporterMasterSecret [20] OCTET STRING (SIZE(1..65535)), + clientEarlyTrafficSecret [20] OCTET STRING (SIZE(1..65535)), + earlyExporterMasterSecret [21] OCTET STRING (SIZE(1..65535)), -- Establised shared key (from Diffie-Hellman or similar). - sharedKey [21] TLS13EstablishedSecrets OPTIONAL, - handshakeSecret [22] TLS13HandshakeSecretInfo OPTIONAL, + sharedKey [22] TLS13EstablishedSecrets OPTIONAL, + handshakeSecret [23] TLS13HandshakeSecretInfo OPTIONAL, -- The keys used by the cipher suite to encrypt the handshake are -- derived from client- and serverHandshakeTrafficSecret as -- described in clause 7.3. - clientHandshakeTrafficSecret [23] OCTET STRING (SIZE(1..65535)), - serverHandshakeTrafficSecret [24] OCTET STRING (SIZE(1..65535)), - masterSecret [25] TLS13MasterSecretInfo OPTIONAL, - exporterMasterSectret [26] OCTET STRING (SIZE(1..65535)), + clientHandshakeTrafficSecret [24] OCTET STRING (SIZE(1..65535)), + serverHandshakeTrafficSecret [25] OCTET STRING (SIZE(1..65535)), + masterSecret [26] TLS13MasterSecretInfo OPTIONAL, -- The client and server application traffic secrets -- can change value during an ongoing session due to -- KeyUdpateRequest messages. The values to be provided below @@ -1555,8 +1550,11 @@ TLS13UAStarParams ::= SEQUENCE -- as described in clause 7.3. clientApplicationTrafficSecret [27] OCTET STRING (SIZE(1..65535)), serverApplicationTrafficSecret [28] OCTET STRING (SIZE(1..65535)), - -- Tickets for resumption, issued during current session, clause 4.6.2. - tLSResumptionInfo [29] TLS13ResumptionInfo OPTIONAL + -- Other session-specific keys. + exporterMasterSecret [29] OCTET STRING (SIZE(1..65535)), + resumptionMasterSecret [30] OCTET STRING (SIZE(1..65535)), + -- Tickets for resumption (issued during current session), clause 4.6.2. + tLSResumptionTickets [31] SEQUENCE OF TLS13NewSessionTicket OPTIONAL } -- GitLab From d0000890e4c979e1fc0ae272949c1a3239b068ed Mon Sep 17 00:00:00 2001 From: naslundma Date: Fri, 11 Oct 2024 10:47:13 +0000 Subject: [PATCH 09/10] Update file TS33128Payloads.asn --- 33128/r19/TS33128Payloads.asn | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/33128/r19/TS33128Payloads.asn b/33128/r19/TS33128Payloads.asn index 0fed7dd9..f203df14 100644 --- a/33128/r19/TS33128Payloads.asn +++ b/33128/r19/TS33128Payloads.asn @@ -1302,9 +1302,10 @@ TLS12UAStarParams ::= SEQUENCE tLSClientExtensions [19] OCTET STRING (SIZE(0..65535)) OPTIONAL } --- =========================================== +-- ================================================== -- Specific UaStarParams for TLS 1.3 (RFC8446) --- =========================================== +-- Inline references below are to clauses of RFC8446. +-- ================================================== -- RFC8846, clause 4.2: Available handshake extension types. @@ -1335,8 +1336,8 @@ TLS13ExtensionType ::= ENUMERATED } -- RFC8846, clause 4.2: Extensions. --- Carried as extension to the client's and server's Hello, --- or, in the server's EncryptedExtensions message. +-- Carried as extension to the client's and server's +-- Hello, or, in the server's EncryptedExtensions message. TLS13Extension ::= SEQUENCE { extensionType [1] TLS13ExtensionType, @@ -1392,7 +1393,7 @@ TLS13Certificate ::= SEQUENCE -- RFC 8446, clause 4.2.9: Preshared key exchange mode. -TLS13PSKeyExchangeMode ::= ENUMERATED +TLS13PSKKeyExchangeMode ::= ENUMERATED { pSKKE(1), pSKDHEKE(2) @@ -1414,13 +1415,13 @@ TLS13OfferedPSK ::= SEQUENCE } -- Actual TLS PSK, either explicitly provisioned or derived from --- an earlier issued TLS ticket and a resumptionMasterSectret. +-- an earlier issued TLS ticket and a resumptionMasterSecret. -- For AKMA, the PSK is the AKMA key K_AF. TLS13PSKInfo ::= SEQUENCE { pSKIdentity [1] TLS13PSKIdentity, pSKValue [2] OCTET STRING, - pSKKeyExchangeMode [3] TLS13PSKeyExchangeMode, + pSKKeyExchangeMode [3] TLS13PSKKeyExchangeMode, hashAlgorithm [4] TLS13PSKHashAlgorithm } @@ -1439,7 +1440,7 @@ TLS13NewSessionTicket ::= SEQUENCE --- RFC8446, clause 7.1 and 4.2.8: TLS-internal leys +-- RFC8446, clause 7.1 and 4.2.8: TLS-internal keys -- These keys/secrets are never directly used to encrypt -- data, and are therefore optional to provide as part of -- TLS13UAStarParams. @@ -1456,8 +1457,8 @@ TLS13EstablishedSecrets ::= SEQUENCE -- RFC8446, clause 7.1 --- The actual encryption keys are derived from the respective --- secret values below and a provided hashed handshake-message-transcript. +-- The actual encryption keys are derived from the respective secret +-- values below and the provided hashed handshake-message-transcript. TLS13EarlySecretInfo ::= SEQUENCE { earlySecretValue [1] OCTET STRING (SIZE(1..65535)), @@ -1482,8 +1483,8 @@ TLS13MasterSecretInfo ::= SEQUENCE } --- Complete TLS 1.3 cryptographic context, all inline --- references below are to clauses of RFC8446. +-- Complete TLS 1.3 cryptographic context. + TLS13UAStarParams ::= SEQUENCE { -- Basic cryptographic information. @@ -1492,12 +1493,12 @@ TLS13UAStarParams ::= SEQUENCE -- parameters are also provided as part of client and -- server extensions below. -- - -- PSKs and key exchange modes offered by the client + -- PSKs and key exchange modes offered by the client, see -- clause 4.2.9, 4.2.11. When AKMA (or other CSP-provided) -- keys are used, at least one offered PSK and key exchange mode -- will always be present in the client extensions offeredPSKs [1] SEQUENCE OF TLS13OfferedPSK, - offeredPSKKeyExchangeModes [2] SEQUENCE OF TLS13PSKeyExchangeMode, + offeredPSKKeyExchangeModes [2] SEQUENCE OF TLS13PSKKeyExchangeMode, -- The server-selected PSK, clause 4.2.11 -- selectedPSKIdentity = j means the server selects j:th offered PSK. selectedPSKIdentity [3] INTEGER (0..65535), @@ -1520,7 +1521,7 @@ TLS13UAStarParams ::= SEQUENCE -- Encrypted server extensions, clause 4.3.1 (here provided in plaintext). tLSPlaintextEncryptedExtensions [15] SEQUENCE OF TLS13Extension OPTIONAL, -- Authentication related parameters, clause 4.4 - -- Certifcates are encrypted between client and server, + -- Certificates are encrypted between client and server, -- these are the unencrypted certificate(s). tLSPlaintextClientCertificate [16] TLS13Certificate OPTIONAL, tLSPlaintextServerCertificate [17] TLS13Certificate OPTIONAL, @@ -1531,7 +1532,7 @@ TLS13UAStarParams ::= SEQUENCE -- derived from clientEarlyTrafficSecret as described in clause 7.3. clientEarlyTrafficSecret [20] OCTET STRING (SIZE(1..65535)), earlyExporterMasterSecret [21] OCTET STRING (SIZE(1..65535)), - -- Establised shared key (from Diffie-Hellman or similar). + -- Established shared key (from Diffie-Hellman or similar). sharedKey [22] TLS13EstablishedSecrets OPTIONAL, handshakeSecret [23] TLS13HandshakeSecretInfo OPTIONAL, -- The keys used by the cipher suite to encrypt the handshake are -- GitLab From b8044a594b2bc97b8d6e553c35fe84243c84ff74 Mon Sep 17 00:00:00 2001 From: naslundma Date: Fri, 11 Oct 2024 10:49:58 +0000 Subject: [PATCH 10/10] Update file TS33128Payloads.asn --- 33128/r19/TS33128Payloads.asn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/33128/r19/TS33128Payloads.asn b/33128/r19/TS33128Payloads.asn index f203df14..182730dd 100644 --- a/33128/r19/TS33128Payloads.asn +++ b/33128/r19/TS33128Payloads.asn @@ -1336,7 +1336,7 @@ TLS13ExtensionType ::= ENUMERATED } -- RFC8846, clause 4.2: Extensions. --- Carried as extension to the client's and server's +-- Carried as extension to the client's and server's -- Hello, or, in the server's EncryptedExtensions message. TLS13Extension ::= SEQUENCE { -- GitLab