Newer
Older
LI-PS-PDU
{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) li-ps(5) genHeader(1) version13(13)}
DEFINITIONS IMPLICIT TAGS ::=
BEGIN
IMPORTS
-- Any of the IMPORTs may be commented out if they are not used (see clause A.3)
-- from TS 101 671 [4]
LawfulInterceptionIdentifier,
IRI-Parameters,
IRIsContent,
Network-Element-Identifier
FROM HI2Operations
{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) hi2(1) version14(14)}
-- from TS 101 671 [4]
HI1-Operation
FROM HI1NotificationOperations
{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) hi1(0) notificationOperations(1) version6(6)}
-- from TS 102 232-02 [5]
EmailCC,
EmailIRI,
MessagingCC,
MessagingIRI
FROM EmailPDU
{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) li-ps(5) email(2) version8(8)}
-- from TS 102 232-03 [6]
IPCC,
IPIRI,
IPIRIOnly
FROM IPAccessPDU
{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) li-ps(5) iPAccess(3) version9(9)}
-- from TS 102 232-04 [32]
L2CC,
L2IRI,
L2IRIOnly
FROM L2AccessPDU
{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) li-ps(5) l2Access(4) version6(6)}
-- from TS 102 232-05 [37]
IPMMCC,
IPMMIRI
FROM IPMultimediaPDU
{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) li-ps(5) iPMultimedia(5) version6(6)}
-- from TS 102 232-06 [36]
PstnIsdnCC,
PstnIsdnIRI
FROM PstnIsdnPDU
{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) li-ps(5) pstnIsdn(6) version4(4)}
-- from 3GPP TS 33.108 [9]
IRI-Parameters,
UmtsIRIsContent,
CorrelationValues
FROM UmtsHI2Operations
{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) threeGPP(4) hi2(1)}
-- The relevant module (including the UMTS release and version number) needs
-- to be chosen when compiling the application.
-- from 3GPP TS 33.108 [9]
IRI-Parameters,
UmtsCS-IRIsContent
FROM UmtsCS-HI2Operations
{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) threeGPP(4) hi2CS(3)}
-- The relevant module (including the UMTS release and version number) needs
-- to be chosen when compiling the application.
-- from 3GPP TS 33.108 [9]
IRI-Parameters,
EpsIRIsContent
FROM EpsHI2Operations
{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) threeGPP(4) hi2eps(8)}
-- The relevant module (including the UMTS release and version number) needs
-- to be chosen when compiling the application.
-- from TS 101 909-20-1 [33]
TARGETACTIVITYMONITOR-1,
TTRAFFIC,
CTTRAFFIC
FROM TS101909201
{itu-t(0) identified-organization(4) etsi(0) ts101909(1909) part20(20) subpart1(1) interceptVersion(0)}
-- from TS 101 909-20-2 [34]
TARGETACTIVITYMONITOR,
TTRAFFIC,
CTTRAFFIC
FROM TS101909202
canterburym
committed
{itu-t(0) identified-organization(4) etsi(0) ts101909(1909) part20(20) subpart2(2) interceptVersion(0)}
-- from J-STD-025-B [39]
LAESProtocol
FROM Laesp-j-std-025-b
{iso(1) member-body(2) us(840) tia(113737) laes(2) tr45(0) j-std-025(0) j-std-025-b(2) version-1(0)}
CDMA2000LAESMessage
FROM CDMA2000CIIModule
{iso(1) member-body(2) us(840) tia(113737) laes(2) tr45(0) cdma2000(1) cii(0) version-2(1)}
CCIPPacketHeader
FROM CDMA2000CCModule
{iso(1) member-body(2) us(840) tia(113737) laes(2) tr45(0) cdma2000(1) cc(1) version-1(0)};
-- end of IMPORTS
-- =============================
-- Object Identifier Definitions
-- =============================
lawfulInterceptDomainId OBJECT IDENTIFIER ::= {itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2)}
li-psDomainId OBJECT IDENTIFIER ::= {lawfulInterceptDomainId li-ps(5) genHeader(1) version13(13)}
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
-- ====================
-- Top-level definition
-- ====================
PS-PDU ::= SEQUENCE
{
pSHeader [1] PSHeader,
payload [2] Payload
}
PSHeader ::= SEQUENCE
{
li-psDomainId [0] OBJECT IDENTIFIER,
lawfulInterceptionIdentifier [1] LawfulInterceptionIdentifier,
authorizationCountryCode [2] PrintableString (SIZE (2)) OPTIONAL,
-- see clause 5.2.3
communicationIdentifier [3] CommunicationIdentifier,
sequenceNumber [4] INTEGER (0..4294967295),
timeStamp [5] GeneralizedTime OPTIONAL,
-- see clause 5.2.6
...,
interceptionPointID [6] PrintableString (SIZE (1..8)) OPTIONAL,
-- see clause 5.2.11
microSecondTimeStamp [7] MicroSecondTimeStamp OPTIONAL,
timeStampQualifier [8] TimeStampQualifier OPTIONAL
}
Payload ::= CHOICE
{
iRIPayloadSequence [0] SEQUENCE OF IRIPayload,
cCPayloadSequence [1] SEQUENCE OF CCPayload,
-- Clause 6.2.3 explains how to include more than one payload in the same PDU
tRIPayload [2] TRIPayload,
...,
hI1-Operation [3] HI1-Operation,
encryptionContainer [4] EncryptionContainer
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
}
TimeStampQualifier ::= ENUMERATED
{
unknown(0),
timeOfInterception(1),
timeOfMediation(2),
...
}
-- ====================================
-- Items contained within the PS-Header
-- ====================================
CommunicationIdentifier ::= SEQUENCE
{
networkIdentifier [0] NetworkIdentifier,
communicationIdentityNumber [1] INTEGER (0..4294967295) OPTIONAL,
-- in case of transport of HI1 messages not required
-- Mandatory for CC and IRI, with certain exceptions (see 5.2.4)
deliveryCountryCode [2] PrintableString (SIZE (2)) OPTIONAL,
-- see clause 5.2.4
...,
cINExtension [3] CorrelationValues OPTIONAL
-- To be used when a single INTEGER is not sufficient to identify
-- a particular session (see clause 5.2.4)
}
NetworkIdentifier ::= SEQUENCE
{
operatorIdentifier [0] OCTET STRING (SIZE(1..16)),
networkElementIdentifier [1] OCTET STRING (SIZE(1..16)) OPTIONAL,
...,
eTSI671NEID [2] Network-Element-Identifier OPTIONAL
-- For Network Element Identifier, use either OCTET STRING or ETSI671 definition
}
-- ==========================
-- Definitions for CC Payload
-- ==========================
CCPayload ::= SEQUENCE
{
payloadDirection [0] PayloadDirection OPTIONAL,
timeStamp [1] GeneralizedTime OPTIONAL,
-- For aggregated payloads (see clause 6.2.3)
cCContents [2] CCContents,
...,
microSecondTimeStamp [3] MicroSecondTimeStamp OPTIONAL
-- For aggregated payloads (see clause 6.2.3)
}
PayloadDirection ::= ENUMERATED
{
fromTarget(0),
toTarget(1),
...,
indeterminate(2),
-- Indication whether intercepted CC was travelling to or from the target
-- or that the direction was indeterminate
combined(3),
-- Indication applicable to some services that the traffic is actually a combination
-- of To and From
notapplicable(4)
-- Indication that direction of interceptable service does not make sense
}
CCContents ::= CHOICE
-- Any of these choices may be commented out if they are not being used, see clause A.3
{
canterburym
committed
undefinedCC [0] OCTET STRING,
emailCC [1] EmailCC,
iPCC [2] IPCC,
uMTSCC [4] OCTET STRING,
eTSI671CC [5] OCTET STRING,
...,
canterburym
committed
l2CC [6] L2CC,
tTRAFFIC-1 [7] TS101909201.TTRAFFIC,
cTTRAFFIC-1 [8] TS101909201.CTTRAFFIC,
tTRAFFIC-2 [9] TS101909202.TTRAFFIC,
cTTRAFFIC-2 [10] TS101909202.CTTRAFFIC,
pstnIsdnCC [11] PstnIsdnCC,
iPMMCC [12] IPMMCC,
cCIPPacketHeader [13] CDMA2000CCModule.CCIPPacketHeader,
messagingCC [14] MessagingCC,
ePSCC [15] OCTET STRING
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
}
MicroSecondTimeStamp ::= SEQUENCE
{
seconds [0] INTEGER (0..18446744073709551615),
-- number of seconds since 1970-1-1 00:00Z also known as unix time epoch
microSeconds [1] INTEGER (0..999999),
...
}
-- ===========================
-- Definitions for IRI Payload
-- ===========================
IRIPayload ::= SEQUENCE
{
iRIType [0] IRIType OPTIONAL,
-- See clause 5.2.10
timeStamp [1] GeneralizedTime OPTIONAL,
-- For aggregated payloads (see clause 6.2.3)
iRIContents [2] IRIContents,
...
}
IRIType ::= ENUMERATED
{
iRI-Begin(1),
iRI-End(2),
iRI-Continue(3),
iRI-Report(4)
}
IRIContents ::= CHOICE
-- Any of these choices may be commented out if they are not being used (see clause A.3)
{
undefinedIRI [0] OCTET STRING,
emailIRI [1] EmailIRI,
iPIRI [2] IPIRI,
iPIRIOnly [3] IPIRIOnly,
uMTSIRI [4] UMTSIRI,
eTSI671IRI [5] ETSI671IRI,
...,
l2IRI [6] L2IRI,
l2IRIOnly [7] L2IRIOnly,
tARGETACTIVITYMONITOR-1 [8] TS101909201.TARGETACTIVITYMONITOR-1,
tARGETACTIVITYMONITOR-2 [9] TS101909202.TARGETACTIVITYMONITOR,
pstnIsdnIRI [10] PstnIsdnIRI,
canterburym
committed
iPMMIRI [11] IPMMIRI,
lAESProtocol [12] Laesp-j-std-025-b.LAESProtocol,
cDMA2000LAESMessage [13] CDMA2000CIIModule.CDMA2000LAESMessage,
messagingIRI [14] MessagingIRI,
ePSIRI [15] EPSIRI
}
UMTSIRI ::= CHOICE
-- This structure may be commented out if not used
{
iRI-Parameters [0] UmtsHI2Operations.IRI-Parameters,
umtsIRIsContent [1] UmtsIRIsContent,
...,
iRI-CS-Parameters [2] UmtsCS-HI2Operations.IRI-Parameters,
umtsCS-IRIsContent [3] UmtsCS-IRIsContent
}
ETSI671IRI ::= CHOICE
-- This structure may be commented out if not used
{
iRI-Parameters [0] HI2Operations.IRI-Parameters,
iRIsContent [1] IRIsContent,
...
}
EPSIRI ::= CHOICE
-- This structure may be commented out if not used
{
iRI-EPS-Parameters [0] EpsHI2Operations.IRI-Parameters,
epsIRIsContent [1] EpsIRIsContent,
...
}
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
-- ===========================
-- Definitions for TRI Payload
-- ===========================
TRIPayload ::= CHOICE
{
integrityCheck [0] IntegrityCheck,
testPDU [1] NULL,
paddingPDU [2] OCTET STRING,
-- Undefined contents (will be discarded)
keep-alive [3] NULL,
keep-aliveResponse [4] NULL,
firstSegmentFlag [5] NULL,
lastSegmentFlag [6] NULL,
...,
cINReset [7] NULL,
operatorLeaMessage [8] OperatorLeaMessage
}
IntegrityCheck ::= SEQUENCE
{
includedSequenceNumbers [0] SEQUENCE OF INTEGER (0..4294967295),
-- gives the order the PDUs were processed
checkType [1] CheckType,
dataType [2] DataType OPTIONAL,
-- From version5(5) the dataType is mandatory for hashes and for signatures
-- (see clause 7.2.3)
checkValue [3] OCTET STRING,
-- Network byte order
-- In case of a DSA/DSS signature, the r and s values shall be concatenated
...
}
CheckType ::= ENUMERATED
{
hash(1),
-- SHA-1 hash value
signature(2),
-- DSS/DSA signature
...
}
DataType ::= ENUMERATED
{
iRI(1),
cC(2),
...
}
-- ==================================
-- Definitions for OperatorLeaMessage
-- ==================================
OperatorLeaMessage ::= SEQUENCE
{
messagePriority [0] OperatorLeaMessagePriority,
message [1] OCTET STRING (SIZE(1..255)),
...
}
OperatorLeaMessagePriority ::= ENUMERATED
{
error(1),
-- reporting of error conditions that have impact on the quality of the
-- intercepted data
informational(2),
-- reporting of conditions that will not have direct impact on the quality of
-- the intercepted data
...
}
-- ================================
-- Definitions for EncryptionContainer
-- ================================
EncryptionContainer ::= SEQUENCE
{
encryptionType [0] EncryptionType,
encryptedPayload [1] OCTET STRING,
-- once decrypted, it can be interpreted as EncryptedPayload
...,
encryptedPayloadType [2] EncryptedPayloadType OPTIONAL
}
EncryptionType ::= ENUMERATED
{
none(1),
-- No encryption is applied.
national-option(2),
-- Use this option when an encryption scheme is negotiated on a national level
aES-192-CBC(3),
-- The Advanced Encryption Standard using a 192 bit key in CBC mode
aES-256-CBC(4),
-- The Advanced Encryption Standard using a 256 bit key in CBC mode
blowfish-192-CBC(5),
-- Blowfish (www.schneier.com/blowfish.html) using a 192 bit key in CBC mode
blowfish-256-CBC(6),
-- Blowfish using a 256 bit key in CBC mode
threedes-cbc(7),
-- Triple-DES using a 192 bit key in CBC mode
...
}
EncryptedPayload ::= SEQUENCE
{
byteCounter [0] INTEGER (0..18446744073709551615),
-- The sum of the sizes of all PDUs before this PDU.
-- It is initialized with the unixTime (number of seconds since 01-01-1970)
canterburym
committed
-- multiplied by 2^32 at first use.
-- Where N is sequencenumber of the n-th PDU in transfer, and size(PDU(N))
-- as defined in Annex I:
-- IF N > 0 THEN
-- PDU[N].byteCounter = PDU[N-1].byteCounter + size(PDU[N-1])
-- ELSE
-- PDU[N].byteCounter = ( unixTime(now) << 32 )
-- ENDIF
payload [1] Payload,
...
}
EncryptedPayloadType ::= ENUMERATED
{
unknown(0),
part1(1),
-- encrypted payload is TS 102 232 part 1
part2(2),
-- encrypted payload is TS 102 232 part 2 [5]
part3(3),
-- encrypted payload is TS 102 232 part 3 [6]
part4(4),
-- encrypted payload is TS 102 232 part 4 [32]
part5(5),
-- encrypted payload is TS 102 232 part 5 [37]
part6(6),
-- encrypted payload is TS 102 232 part 6 [36]
part7(7),
-- encrypted payload is TS 102 232 part 7 [38]
...
}
canterburym
committed
END --end of LI-PS-PDU