Newer
Older
LI-PS-PDU
{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) li-ps(5) genHeader(1) version13(13)}

Mark Canterbury
committed
DEFINITIONS IMPLICIT TAGS ::=
BEGIN
IMPORTS
-- Any of the IMPORTs may be commented out if they are not used (see clause A.3)
-- from TS 101 671 [4]
LawfulInterceptionIdentifier,
IRI-Parameters,
IRIsContent,
Network-Element-Identifier
FROM HI2Operations
{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) hi2(1) version14(14)}

Mark Canterbury
committed
-- from TS 101 671 [4]
HI1-Operation
FROM HI1NotificationOperations
{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) hi1(0) notificationOperations(1) version6(6)}
-- from TS 102 232-02 [5]
EmailCC,
EmailIRI,
MessagingCC,
MessagingIRI

Mark Canterbury
committed
FROM EmailPDU
{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) li-ps(5) email(2) version8(8)}

Mark Canterbury
committed
-- from TS 102 232-03 [6]
IPCC,
IPIRI,
IPIRIOnly
FROM IPAccessPDU
{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) li-ps(5) iPAccess(3) version9(9)}

Mark Canterbury
committed
-- from TS 102 232-04 [32]
L2CC,
L2IRI,
L2IRIOnly
FROM L2AccessPDU
{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) li-ps(5) l2Access(4) version6(6)}

Mark Canterbury
committed
-- from TS 102 232-05 [37]
IPMMCC,
IPMMIRI
FROM IPMultimediaPDU
{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) li-ps(5) iPMultimedia(5) version6(6)}

Mark Canterbury
committed
-- from TS 102 232-06 [36]
PstnIsdnCC,
PstnIsdnIRI
FROM PstnIsdnPDU
{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) li-ps(5) pstnIsdn(6) version4(4)}

Mark Canterbury
committed
-- from 3GPP TS 33.108 [9]
IRI-Parameters,
UmtsIRIsContent,
CorrelationValues
FROM UmtsHI2Operations
{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) threeGPP(4) hi2(1)}
-- The relevant module (including the UMTS release and version number) needs
-- to be chosen when compiling the application.
-- from 3GPP TS 33.108 [9]
IRI-Parameters,
UmtsCS-IRIsContent
FROM UmtsCS-HI2Operations
{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) threeGPP(4) hi2CS(3)}
-- The relevant module (including the UMTS release and version number) needs
-- to be chosen when compiling the application.
-- from 3GPP TS 33.108 [9]
IRI-Parameters,
EpsIRIsContent
FROM EpsHI2Operations
{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) threeGPP(4) hi2eps(8)}
-- The relevant module (including the UMTS release and version number) needs
-- to be chosen when compiling the application.

Mark Canterbury
committed
-- from TS 101 909-20-1 [33]
TARGETACTIVITYMONITOR-1,
TTRAFFIC,
CTTRAFFIC
FROM TS101909201
{itu-t(0) identified-organization(4) etsi(0) ts101909(1909) part20(20) subpart1(1) interceptVersion(0)}
-- from TS 101 909-20-2 [34]
TARGETACTIVITYMONITOR,
TTRAFFIC,
CTTRAFFIC
FROM TS101909202

Mark Canterbury
committed
{itu-t(0) identified-organization(4) etsi(0) ts101909(1909) part20(20) subpart2(2) interceptVersion(0)}
-- from J-STD-025-B [39]
LAESProtocol
FROM Laesp-j-std-025-b
{iso(1) member-body(2) us(840) tia(113737) laes(2) tr45(0) j-std-025(0) j-std-025-b(2) version-1(0)}
CDMA2000LAESMessage
FROM CDMA2000CIIModule
{iso(1) member-body(2) us(840) tia(113737) laes(2) tr45(0) cdma2000(1) cii(0) version-2(1)}
CCIPPacketHeader
FROM CDMA2000CCModule
{iso(1) member-body(2) us(840) tia(113737) laes(2) tr45(0) cdma2000(1) cc(1) version-1(0)};

Mark Canterbury
committed
-- end of IMPORTS
-- =============================
-- Object Identifier Definitions
-- =============================
lawfulInterceptDomainId OBJECT IDENTIFIER ::= {itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2)}
li-psDomainId OBJECT IDENTIFIER ::= {lawfulInterceptDomainId li-ps(5) genHeader(1) version13(13)}

Mark Canterbury
committed
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
-- ====================
-- Top-level definition
-- ====================
PS-PDU ::= SEQUENCE
{
pSHeader [1] PSHeader,
payload [2] Payload
}
PSHeader ::= SEQUENCE
{
li-psDomainId [0] OBJECT IDENTIFIER,
lawfulInterceptionIdentifier [1] LawfulInterceptionIdentifier,
authorizationCountryCode [2] PrintableString (SIZE (2)) OPTIONAL,
-- see clause 5.2.3
communicationIdentifier [3] CommunicationIdentifier,
sequenceNumber [4] INTEGER (0..4294967295),
timeStamp [5] GeneralizedTime OPTIONAL,
-- see clause 5.2.6
...,
interceptionPointID [6] PrintableString (SIZE (1..8)) OPTIONAL,
-- see clause 5.2.11
microSecondTimeStamp [7] MicroSecondTimeStamp OPTIONAL,
timeStampQualifier [8] TimeStampQualifier OPTIONAL
}
Payload ::= CHOICE
{
iRIPayloadSequence [0] SEQUENCE OF IRIPayload,
cCPayloadSequence [1] SEQUENCE OF CCPayload,
-- Clause 6.2.3 explains how to include more than one payload in the same PDU
tRIPayload [2] TRIPayload,
...,
hI1-Operation [3] HI1-Operation,
encryptionContainer [4] EncryptionContainer

Mark Canterbury
committed
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
}
TimeStampQualifier ::= ENUMERATED
{
unknown(0),
timeOfInterception(1),
timeOfMediation(2),
...
}
-- ====================================
-- Items contained within the PS-Header
-- ====================================
CommunicationIdentifier ::= SEQUENCE
{
networkIdentifier [0] NetworkIdentifier,
communicationIdentityNumber [1] INTEGER (0..4294967295) OPTIONAL,
-- in case of transport of HI1 messages not required
-- Mandatory for CC and IRI, with certain exceptions (see 5.2.4)
deliveryCountryCode [2] PrintableString (SIZE (2)) OPTIONAL,
-- see clause 5.2.4
...,
cINExtension [3] CorrelationValues OPTIONAL
-- To be used when a single INTEGER is not sufficient to identify
-- a particular session (see clause 5.2.4)
}
NetworkIdentifier ::= SEQUENCE
{
operatorIdentifier [0] OCTET STRING (SIZE(1..16)),
networkElementIdentifier [1] OCTET STRING (SIZE(1..16)) OPTIONAL,
...,
eTSI671NEID [2] Network-Element-Identifier OPTIONAL
-- For Network Element Identifier, use either OCTET STRING or ETSI671 definition
}
-- ==========================
-- Definitions for CC Payload
-- ==========================
CCPayload ::= SEQUENCE
{
payloadDirection [0] PayloadDirection OPTIONAL,
timeStamp [1] GeneralizedTime OPTIONAL,
-- For aggregated payloads (see clause 6.2.3)
cCContents [2] CCContents,
...,
microSecondTimeStamp [3] MicroSecondTimeStamp OPTIONAL
-- For aggregated payloads (see clause 6.2.3)
}
PayloadDirection ::= ENUMERATED
{
fromTarget(0),
toTarget(1),
...,
indeterminate(2),
-- Indication whether intercepted CC was travelling to or from the target
-- or that the direction was indeterminate
combined(3),
-- Indication applicable to some services that the traffic is actually a combination
-- of To and From
notapplicable(4)
-- Indication that direction of interceptable service does not make sense
}
CCContents ::= CHOICE
-- Any of these choices may be commented out if they are not being used, see clause A.3
{

Mark Canterbury
committed
undefinedCC [0] OCTET STRING,
emailCC [1] EmailCC,
iPCC [2] IPCC,
uMTSCC [4] OCTET STRING,
eTSI671CC [5] OCTET STRING,

Mark Canterbury
committed
...,

Mark Canterbury
committed
l2CC [6] L2CC,
tTRAFFIC-1 [7] TS101909201.TTRAFFIC,
cTTRAFFIC-1 [8] TS101909201.CTTRAFFIC,
tTRAFFIC-2 [9] TS101909202.TTRAFFIC,
cTTRAFFIC-2 [10] TS101909202.CTTRAFFIC,
pstnIsdnCC [11] PstnIsdnCC,
iPMMCC [12] IPMMCC,
cCIPPacketHeader [13] CDMA2000CCModule.CCIPPacketHeader,
messagingCC [14] MessagingCC,
ePSCC [15] OCTET STRING

Mark Canterbury
committed
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
}
MicroSecondTimeStamp ::= SEQUENCE
{
seconds [0] INTEGER (0..18446744073709551615),
-- number of seconds since 1970-1-1 00:00Z also known as unix time epoch
microSeconds [1] INTEGER (0..999999),
...
}
-- ===========================
-- Definitions for IRI Payload
-- ===========================
IRIPayload ::= SEQUENCE
{
iRIType [0] IRIType OPTIONAL,
-- See clause 5.2.10
timeStamp [1] GeneralizedTime OPTIONAL,
-- For aggregated payloads (see clause 6.2.3)
iRIContents [2] IRIContents,
...
}
IRIType ::= ENUMERATED
{
iRI-Begin(1),
iRI-End(2),
iRI-Continue(3),
iRI-Report(4)
}
IRIContents ::= CHOICE
-- Any of these choices may be commented out if they are not being used (see clause A.3)
{
undefinedIRI [0] OCTET STRING,
emailIRI [1] EmailIRI,
iPIRI [2] IPIRI,
iPIRIOnly [3] IPIRIOnly,
uMTSIRI [4] UMTSIRI,
eTSI671IRI [5] ETSI671IRI,
...,
l2IRI [6] L2IRI,
l2IRIOnly [7] L2IRIOnly,
tARGETACTIVITYMONITOR-1 [8] TS101909201.TARGETACTIVITYMONITOR-1,
tARGETACTIVITYMONITOR-2 [9] TS101909202.TARGETACTIVITYMONITOR,
pstnIsdnIRI [10] PstnIsdnIRI,

Mark Canterbury
committed
iPMMIRI [11] IPMMIRI,
lAESProtocol [12] Laesp-j-std-025-b.LAESProtocol,
cDMA2000LAESMessage [13] CDMA2000CIIModule.CDMA2000LAESMessage,
messagingIRI [14] MessagingIRI,
ePSIRI [15] EPSIRI

Mark Canterbury
committed
}
UMTSIRI ::= CHOICE
-- This structure may be commented out if not used
{
iRI-Parameters [0] UmtsHI2Operations.IRI-Parameters,
umtsIRIsContent [1] UmtsIRIsContent,
...,
iRI-CS-Parameters [2] UmtsCS-HI2Operations.IRI-Parameters,
umtsCS-IRIsContent [3] UmtsCS-IRIsContent
}
ETSI671IRI ::= CHOICE
-- This structure may be commented out if not used
{
iRI-Parameters [0] HI2Operations.IRI-Parameters,
iRIsContent [1] IRIsContent,
...
}
EPSIRI ::= CHOICE
-- This structure may be commented out if not used
{
iRI-EPS-Parameters [0] EpsHI2Operations.IRI-Parameters,
epsIRIsContent [1] EpsIRIsContent,
...
}

Mark Canterbury
committed
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
-- ===========================
-- Definitions for TRI Payload
-- ===========================
TRIPayload ::= CHOICE
{
integrityCheck [0] IntegrityCheck,
testPDU [1] NULL,
paddingPDU [2] OCTET STRING,
-- Undefined contents (will be discarded)
keep-alive [3] NULL,
keep-aliveResponse [4] NULL,
firstSegmentFlag [5] NULL,
lastSegmentFlag [6] NULL,
...,
cINReset [7] NULL,
operatorLeaMessage [8] OperatorLeaMessage
}
IntegrityCheck ::= SEQUENCE
{
includedSequenceNumbers [0] SEQUENCE OF INTEGER (0..4294967295),
-- gives the order the PDUs were processed
checkType [1] CheckType,
dataType [2] DataType OPTIONAL,
-- From version5(5) the dataType is mandatory for hashes and for signatures
-- (see clause 7.2.3)
checkValue [3] OCTET STRING,
-- Network byte order
-- In case of a DSA/DSS signature, the r and s values shall be concatenated
...
}
CheckType ::= ENUMERATED
{
hash(1),
-- SHA-1 hash value
signature(2),
-- DSS/DSA signature
...
}
DataType ::= ENUMERATED
{
iRI(1),
cC(2),
...
}
-- ==================================
-- Definitions for OperatorLeaMessage
-- ==================================
OperatorLeaMessage ::= SEQUENCE
{
messagePriority [0] OperatorLeaMessagePriority,
message [1] OCTET STRING (SIZE(1..255)),
...
}
OperatorLeaMessagePriority ::= ENUMERATED
{
error(1),
-- reporting of error conditions that have impact on the quality of the
-- intercepted data
informational(2),
-- reporting of conditions that will not have direct impact on the quality of
-- the intercepted data
...
}
-- ================================
-- Definitions for EncryptionContainer

Mark Canterbury
committed
-- ================================
EncryptionContainer ::= SEQUENCE

Mark Canterbury
committed
{
encryptionType [0] EncryptionType,
encryptedPayload [1] OCTET STRING,
-- once decrypted, it can be interpreted as EncryptedPayload
...,
encryptedPayloadType [2] EncryptedPayloadType OPTIONAL

Mark Canterbury
committed
}
EncryptionType ::= ENUMERATED
{
none(1),
-- No encryption is applied.

Mark Canterbury
committed
national-option(2),
-- Use this option when an encryption scheme is negotiated on a national level
aES-192-CBC(3),
-- The Advanced Encryption Standard using a 192 bit key in CBC mode
aES-256-CBC(4),
-- The Advanced Encryption Standard using a 256 bit key in CBC mode
blowfish-192-CBC(5),
-- Blowfish (www.schneier.com/blowfish.html) using a 192 bit key in CBC mode
blowfish-256-CBC(6),
-- Blowfish using a 256 bit key in CBC mode
threedes-cbc(7),
-- Triple-DES using a 192 bit key in CBC mode
...
}
EncryptedPayload ::= SEQUENCE
{
byteCounter [0] INTEGER (0..18446744073709551615),
-- The sum of the sizes of all PDUs before this PDU.

Mark Canterbury
committed
-- It is initialized with the unixTime (number of seconds since 01-01-1970)

Mark Canterbury
committed
-- multiplied by 2^32 at first use.

Mark Canterbury
committed
-- Where N is sequencenumber of the n-th PDU in transfer, and size(PDU(N))
-- as defined in Annex I:
-- IF N > 0 THEN
-- PDU[N].byteCounter = PDU[N-1].byteCounter + size(PDU[N-1])
-- ELSE
-- PDU[N].byteCounter = ( unixTime(now) << 32 )
-- ENDIF
payload [1] Payload,
...

Mark Canterbury
committed
}
EncryptedPayloadType ::= ENUMERATED
{
unknown(0),
part1(1),
-- encrypted payload is TS 102 232 part 1
part2(2),
-- encrypted payload is TS 102 232 part 2 [5]
part3(3),
-- encrypted payload is TS 102 232 part 3 [6]
part4(4),
-- encrypted payload is TS 102 232 part 4 [32]
part5(5),
-- encrypted payload is TS 102 232 part 5 [37]
part6(6),
-- encrypted payload is TS 102 232 part 6 [36]
part7(7),
-- encrypted payload is TS 102 232 part 7 [38]
...
}

Mark Canterbury
committed
END --end of LI-PS-PDU