-- ASN module extracted from ITU-T X.510 (10/2023)
Wrapper {joint-iso-itu-t ds(5) module(1) wrapper(43) 10}
DEFINITIONS IMPLICIT TAGS ::=
BEGIN
-- EXPORTS All
IMPORTS
AlgoInvoke{}, ALGORITHM, AlgorithmIdentifier{}, AttributeCertificate
AlgorithmWithInvoke{}, PkiPath
FROM PKI-Stub
{joint-iso-itu-t ds(5) module(1) pki-stub(999) 10} WITH SUCCESSORS
AUTHEN-ENCRYPT{}, choiceDataPhaseProtection,
choiceKeyEstablishmentAlgoInvoke, choiceSignatureAlgo,
ENCIPHERED{}, ICV-Invoke{},
multipleDataPhaseProtection, multipleKeyEstablishmentAlgoInvoke,
multipleSignaturesAlgo, Signed{},
SupportedAuthenEncryptAlgorithms, SupportedKeyEstablishmentAlgos,
SupportedSignatureAlgorithms, SupportedSymmetricKeyAlgorithms
FROM CryptoTools
{joint-iso-itu-t ds(5) module(1) cryptoTools(42) 10} WITH SUCCESSORS
SupportedProtSet
FROM ProtProtocols
{joint-iso-itu-t ds(5) module(1) protProtocols(47) 10} WITH SUCCESSORS;
WRAPPED-PROT ::= TYPE-IDENTIFIER
WrappedProt {WRAPPED-PROT:SupportedProtSet} ::= SEQUENCE {
id WRAPPED-PROT.&id({SupportedProtSet}),
prot WRAPPED-PROT.&Type({SupportedProtSet}{@id}),
... }
WrapperPDU ::= CHOICE {
handshakeReq [0] HandshakeReq,
handshakeAcc [1] HandshakeAcc,
handshakeWrpRej [2] HandshakeWrpRej,
handshakeProRej [3] HandshakeProRej,
handshakeSecAbort [4] HandshakeSecAbort,
handshakeProAbort [5] HandshakeProAbort,
dtSecAbort [6] DtSecAbort,
applAbort [7] ApplAbort,
releaseReq [8] ReleaseReq,
releaseRsp [9] ReleaseRsp,
dataTransferClient [10] DataTransferClient,
dataTransferServer [11] DataTransferServer,
... }
HandshakeReq ::= Signed{TbsHandshakeReq}
TbsHandshakeReq ::= SEQUENCE {
called-entity URL,
calling-entity URL,
version Version DEFAULT {v1},
prProt WRAPPED-PROT.&id({SupportedProtSet}),
sigAlg AlgorithmIdentifier{{multipleSignaturesAlgo}},
pkiPath DER-PkiPath,
assoID AssoID,
time TimeStamp,
keyEst AlgorithmIdentifier{{multipleKeyEstablishmentAlgoInvoke}},
encr-mode AlgorithmIdentifier{{multipleDataPhaseProtection}},
attCert DER-AttributeCertificate OPTIONAL,
applData [4] WrappedProt{{SupportedProtSet}} OPTIONAL,
... }
URL ::= UTF8String
Version ::= BIT STRING {
v1 (0) -- version 1
}
DER-PkiPath ::= OCTET STRING
(CONTAINING PkiPath ENCODED BY der)
DER-AttributeCertificate ::= OCTET STRING
(CONTAINING AttributeCertificate ENCODED BY der)
der OBJECT IDENTIFIER ::=
{joint-iso-itu-t asn1(1) ber-derived(2) distinguished-encoding(1)}
AssoID ::= INTEGER (0..32767)
TimeStamp ::= GeneralizedTime
HandshakeAcc ::= Signed{TbsHandshakeAcc}
TbsHandshakeAcc ::= SEQUENCE {
calling-entity URL,
accepting-entity URL,
version Version DEFAULT {v1},
sigSel AlgorithmIdentifier{{choiceSignatureAlgo}},
pkiPath DER-PkiPath,
assoID AssoID,
time TimeStamp,
keyEst AlgorithmIdentifier{{choiceKeyEstablishmentAlgoInvoke}},
encr-mode AlgorithmIdentifier{{choiceDataPhaseProtection}},
attCert DER-AttributeCertificate OPTIONAL,
applData [4] WrappedProt{{SupportedProtSet}} OPTIONAL,
... }
HandshakeWrpRej ::= Signed{TbsHandshakeWrpRej}
TbsHandshakeWrpRej ::= SEQUENCE {
calling-entity URL,
accepting-entity URL,
version Version DEFAULT {v1},
sigSel AlgorithmIdentifier{{SupportedSignatureAlgorithms}},
assoID AssoID,
time TimeStamp,
pkiPath DER-PkiPath,
diag WrpError OPTIONAL,
... }
HandshakeProRej ::= Signed{TbsHandshakeProRej}
TbsHandshakeProRej ::= SEQUENCE {
calling-entity URL,
accepting-entity URL,
sigSel AlgorithmIdentifier{{choiceSignatureAlgo}},
assoID AssoID,
time TimeStamp,
pkiPath DER-PkiPath,
applData WrappedProt{{SupportedProtSet}},
... }
HandshakeSecAbort ::= Signed{TbsHandshakeSecAbort}
TbsHandshakeSecAbort ::= SEQUENCE {
version Version DEFAULT {v1},
sigAlg AlgorithmIdentifier{{SupportedSignatureAlgorithms}},
assoID AssoID,
time TimeStamp,
pkiPath DER-PkiPath,
diag WrpError OPTIONAL,
... }
HandshakeProAbort ::= Signed{TbsHandshakeProAbort}
TbsHandshakeProAbort ::= SEQUENCE {
sigAlg AlgorithmIdentifier{{SupportedSignatureAlgorithms}},
assoID AssoID,
time TimeStamp,
pkiPath DER-PkiPath,
applData WrappedProt{{SupportedProtSet}},
... }
DtSecAbort ::= Signed{TbsDtSecAbort}
TbsDtSecAbort ::= SEQUENCE {
sigAlg AlgorithmIdentifier{{SupportedSignatureAlgorithms}},
assoID AssoID,
time TimeStamp,
pkiPath DER-PkiPath,
seq SequenceNumber,
diag WrpError OPTIONAL,
... }
ApplAbort ::= Signed{TbsApplAbort}
TbsApplAbort ::= SEQUENCE {
sigAlg AlgorithmIdentifier{{SupportedSignatureAlgorithms}},
assoID AssoID,
time TimeStamp,
pkiPath DER-PkiPath,
seq SequenceNumber,
applData WrappedProt{{SupportedProtSet}},
... }
ReleaseReq ::= Signed{TbsReleaseReq}
TbsReleaseReq ::= SEQUENCE {
version Version DEFAULT {v1},
sigAlg AlgorithmIdentifier{{SupportedSignatureAlgorithms}},
assoID AssoID,
time TimeStamp,
pkiPath DER-PkiPath,
... }
ReleaseRsp ::= Signed{TbsReleaseRsp}
TbsReleaseRsp ::= SEQUENCE {
version Version DEFAULT {v1},
sigAlg AlgorithmIdentifier{{SupportedSignatureAlgorithms}},
assoID AssoID,
time TimeStamp,
pkiPath DER-PkiPath,
... }
DataTransferClient ::= CHOICE {
aead [0] DataTransferClientAE,
non-aead [1] DataTransferClientNEA,
... }
DataTransferClientAE ::= AUTHEN-ENCRYPT{AadClientAE, WRAPPED-PROT.&Type}
AadClientAE ::= SEQUENCE {
COMPONENTS OF AadClient,
encInvoke [3] AlgoInvoke{{SupportedAuthenEncryptAlgorithms}} OPTIONAL,
... }
DataTransferClientNEA ::= ICV-Invoke{TbpDataTransferClient}
TbpDataTransferClient ::= SEQUENCE {
COMPONENTS OF AadClient,
encEnvoke [3] AlgoInvoke{{SupportedSymmetricKeyAlgorithms}} OPTIONAL,
conf CHOICE {
clear [4] WrappedProt{{SupportedProtSet}},
protected [5] ENCIPHERED{WRAPPED-PROT.&Type},
... },
... }
AadClient ::= SEQUENCE {
invokeID [0] InvokeID OPTIONAL,
assoID AssoID,
time TimeStamp,
seq SequenceNumber,
keyEst [2] AlgoInvoke{{SupportedKeyEstablishmentAlgos}} OPTIONAL }
InvokeID ::= OCTET STRING (SIZE (6))
SequenceNumber ::= INTEGER (0..2147483647)
DataTransferServer ::= CHOICE {
aead [0] DataTransferServerAE,
non-aead [1] DataTransferServerNEA,
... }
DataTransferServerAE ::= AUTHEN-ENCRYPT{AadServerAE, WRAPPED-PROT.&Type}
AadServerAE ::= SEQUENCE {
COMPONENTS OF AadServer,
encInvoke [3] AlgoInvoke{{SupportedAuthenEncryptAlgorithms}} OPTIONAL,
... }
DataTransferServerNEA ::= ICV-Invoke{TbpDataTransferServer}
TbpDataTransferServer ::= SEQUENCE {
COMPONENTS OF AadServer,
encInvoke [3] AlgoInvoke{{SupportedSymmetricKeyAlgorithms}} OPTIONAL,
conf CHOICE {
clear [4] WrappedProt{{SupportedProtSet}},
protected [5] ENCIPHERED{WRAPPED-PROT.&Type},
... },
... }
AadServer ::= SEQUENCE {
invokeID [0] InvokeID OPTIONAL,
assoID AssoID,
time TimeStamp,
seq SequenceNumber,
reqRekey [1] BOOLEAN DEFAULT FALSE,
changedKey [2] BOOLEAN DEFAULT FALSE }
WrpError ::= ENUMERATED {
protocol-error (0),
invalid-signatureAlgorithm (1),
unexpected-version (2),
protected-protocol-not-supported (3),
duplicate-assoID (4),
invalid-time-value (5),
key-estab-algorithm-not-supported (6),
encr-mode-aead-not-supported (7),
encryption-not-supported (8),
encryption-required (9),
aead-algorithms-not-supported (10),
aead-is-required (11),
symmetricKey-algorithms-not-supported (12),
icv-algorithms-not-supported (13),
invalid-attribute-certificate (14),
alt-signature-not-allowed (15),
only-one-version (16),
invalid-key-estab-algorithm (17),
invalid-alt-key-estab-algorithm (18),
invalid-aead-algorithm (19),
aead-not-allowed (20),
invalid-symmetricKey-algorithm (21),
invalid-icv-algorithm (22),
dynamic-aead-algo-parms-required (23),
invalid-dynamic-aead-algo-parms (24),
dynamic-aead-algo-parms-not-required (25),
dynamic-symKey-algo-parms-required (26),
invalid-dynamic-symKey-algo-parms (27),
dynamic-symKey-algo-parms-not-required (28),
dynamic-icv-algo-parms-required (29),
invalid-dynamic-icv-algo-parms (30),
dynamic-icv-algo-parms-not-required (31),
unexpected-invokeID-received (32),
rekey-out-of-sequence (33),
invalid-dynamic-keyEst-algo-parms (34),
changedKey-out-of-sequence (35),
... }
END -- Wrapper