LI-PS-PDU,ver21.txt 15.2 KB
Newer Older
1
LI-PS-PDU
2
{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) li-ps(5) genHeader(1) version21(21)}
3
4
5
6
7
8
9
10
11

DEFINITIONS IMPLICIT TAGS ::=

BEGIN

IMPORTS
	-- Any of the IMPORTs may be commented out if they are not used (see clause A.3)

	-- from TS 101 671 [4]
12
13
	LawfulInterceptionIdentifier,
	IRI-Parameters,
14
15
16
	IRIsContent,
	Network-Element-Identifier
		FROM HI2Operations
17
		{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) hi2(1) version18(18)}
18
19
20
21
22
23
24
25

	-- from TS 101 671 [4]
	HI1-Operation
		FROM HI1NotificationOperations
		{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) hi1(0) notificationOperations(1) version6(6)}

	-- from TS 102 232-02 [5]
	EmailCC,
26
27
	EmailIRI,
	MessagingCC,
28
	MessagingMMCC,
29
	MessagingIRI
30
		FROM EmailPDU
31
		{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) li-ps(5) email(2) version14(14)}
32
33
34
35
36
37

	-- from TS 102 232-03 [6]
	IPCC,
	IPIRI,
	IPIRIOnly
		FROM IPAccessPDU
38
		{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) li-ps(5) iPAccess(3) version10(10)}
39
40
41
42
43
44

	-- from TS 102 232-04 [32]
	L2CC,
	L2IRI,
	L2IRIOnly
		FROM L2AccessPDU
45
		{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) li-ps(5) l2Access(4) version7(7)}
46
47
48
49
50

	-- from TS 102 232-05 [37]
	IPMMCC,
	IPMMIRI
		FROM IPMultimediaPDU
51
		{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) li-ps(5) iPMultimedia(5) version7(7)}
52
53
54
55
56

	-- from TS 102 232-06 [36]
	PstnIsdnCC,
	PstnIsdnIRI
		FROM PstnIsdnPDU
57
		{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) li-ps(5) pstnIsdn(6) version5(5)}
58
59
60
61

	-- from 3GPP TS 33.108 [9]
	IRI-Parameters,
	UmtsIRIsContent,
62
63
	CorrelationValues,
	Location
64
65
66
67
68
69
70
71
72
73
74
75
76
		FROM UmtsHI2Operations
		{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) threeGPP(4) hi2(1)}
			-- The relevant module (including the UMTS release and version number) needs
			-- to be chosen when compiling the application.

	-- from 3GPP TS 33.108 [9]
	IRI-Parameters,
	UmtsCS-IRIsContent
		FROM UmtsCS-HI2Operations
		{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) threeGPP(4) hi2CS(3)}
			-- The relevant module (including the UMTS release and version number) needs
			-- to be chosen when compiling the application.

77
78
	-- from 3GPP TS 33.108 [9]
	IRI-Parameters,
79
80
	EpsIRIsContent,
	EPSLocation
81
82
83
84
		FROM EpsHI2Operations
		{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) threeGPP(4) hi2eps(8)}
			-- The relevant module (including the UMTS release and version number) needs
			-- to be chosen when compiling the application.
85
86
	
	-- from 3GPP TS 33.108 [9]
87
88
89
90
91
92
93
94
95
96
97
98
    CC-PDU
        FROM Umts-HI3-PS
        {itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) threeGPP(4) hi3(2)}
            -- The relevant module (including the UMTS release and version number)
            -- needs to be chosen when compiling the application.

    -- from 3GPP TS 33.108 [9]
    CC-PDU
        FROM Eps-HI3-PS
        {itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) threeGPP(4) hi3eps(9)}
            -- The relevant module (including the UMTS release and version number)
            -- needs to be chosen when compiling the application.
99

100
101
102
103
104
105
106
107
108
109
110
111
	-- from 3GPP TS 33.108 [9]
	ThreeGPP-HI1-Operation
        FROM ThreeGPP-HI1NotificationOperations
        {itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) threeGPP(4) hi1(0) notificationOperations(1)}
            -- The relevant module (including the release and version number)
            -- needs to be chosen when compiling the application. 
			-- TS 101 671 HI1 and 3GPP HI1 are related to the same functionality but are
			-- corresponding to different implementations and exclusive usage each other.
			-- The implementation depends of national regulations or LEA/CSP negotiations. 
			-- 3GPP HI1 may be used with other services/networks than 3GPPs one.


112
113
114
115
116
117
118
119
120
121
122
123
	-- from TS 101 909-20-1 [33]
	TARGETACTIVITYMONITOR-1,
	TTRAFFIC,
	CTTRAFFIC
		FROM TS101909201
		{itu-t(0) identified-organization(4) etsi(0) ts101909(1909) part20(20) subpart1(1) interceptVersion(0)}

	-- from TS 101 909-20-2 [34]
	TARGETACTIVITYMONITOR,
	TTRAFFIC,
	CTTRAFFIC
		FROM TS101909202
124
125
126
127
128
129
130
131
132
133
134
135
		{itu-t(0) identified-organization(4) etsi(0) ts101909(1909) part20(20) subpart2(2) interceptVersion(0)}

	-- from J-STD-025-B [39]
	LAESProtocol
		FROM Laesp-j-std-025-b 
		{iso(1) member-body(2) us(840) tia(113737) laes(2) tr45(0) j-std-025(0) j-std-025-b(2) version-1(0)}
	CDMA2000LAESMessage
		FROM CDMA2000CIIModule 
		{iso(1) member-body(2) us(840) tia(113737) laes(2) tr45(0) cdma2000(1) cii(0) version-2(1)}
	CCIPPacketHeader
		FROM CDMA2000CCModule 
		{iso(1) member-body(2) us(840) tia(113737) laes(2) tr45(0) cdma2000(1) cc(1) version-1(0)};
136
137
138
139
140
141
142
143
144

-- end of IMPORTS

-- =============================
-- Object Identifier Definitions
-- =============================

lawfulInterceptDomainId OBJECT IDENTIFIER ::= {itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2)}

145
li-psDomainId OBJECT IDENTIFIER ::= {lawfulInterceptDomainId li-ps(5) genHeader(1) version21(21)}
146
147
148
149
150

-- ====================
-- Top-level definition
-- ====================

151
PS-PDU ::= SEQUENCE
152
153
154
155
156
{
	pSHeader	[1] PSHeader,
	payload		[2] Payload
}

157
PSHeader ::= SEQUENCE
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
{
	li-psDomainId					[0] OBJECT IDENTIFIER,
	lawfulInterceptionIdentifier	[1] LawfulInterceptionIdentifier,
	authorizationCountryCode		[2] PrintableString (SIZE (2)) OPTIONAL,
		-- see clause 5.2.3
	communicationIdentifier			[3] CommunicationIdentifier, 
	sequenceNumber					[4] INTEGER (0..4294967295),
	timeStamp						[5] GeneralizedTime OPTIONAL,
		-- see clause 5.2.6
	...,
	interceptionPointID				[6] PrintableString (SIZE (1..8)) OPTIONAL,
		-- see clause 5.2.11
	microSecondTimeStamp			[7] MicroSecondTimeStamp OPTIONAL,
	timeStampQualifier				[8] TimeStampQualifier OPTIONAL
}

Payload ::= CHOICE
{
	iRIPayloadSequence		[0] SEQUENCE OF IRIPayload,
	cCPayloadSequence		[1] SEQUENCE OF CCPayload,
		-- Clause 6.2.3 explains how to include more than one payload in the same PDU
	tRIPayload				[2] TRIPayload,
	...,
	hI1-Operation			[3] HI1-Operation,
182
183
184
185
	encryptionContainer		[4] EncryptionContainer,
	threeGPP-HI1-Operation	[5] ThreeGPP-HI1-Operation
		-- This structure may be functionally redundant with hI1-Operation from TS 101 671

186
187
}

188
TimeStampQualifier ::= ENUMERATED
189
190
191
192
{
	unknown(0),
	timeOfInterception(1),
	timeOfMediation(2),
193
194
	...,
	timeOfAggregation(3)
195
196
197
198
199
200
}

-- ====================================
-- Items contained within the PS-Header
-- ====================================

201
CommunicationIdentifier ::= SEQUENCE
202
203
204
205
206
207
208
209
210
211
212
213
214
{
	networkIdentifier				[0] NetworkIdentifier,
	communicationIdentityNumber		[1] INTEGER (0..4294967295) OPTIONAL,
		-- in case of transport of HI1 messages not required
		-- Mandatory for CC and IRI, with certain exceptions (see 5.2.4)
	deliveryCountryCode				[2] PrintableString (SIZE (2)) OPTIONAL,
		-- see clause 5.2.4
	...,
	cINExtension					[3] CorrelationValues OPTIONAL
		-- To be used when a single INTEGER is not sufficient to identify
		-- a particular session (see clause 5.2.4)
}

215
NetworkIdentifier ::= SEQUENCE
216
217
218
219
220
{
	operatorIdentifier			[0] OCTET STRING (SIZE(1..16)),
	networkElementIdentifier	[1] OCTET STRING (SIZE(1..16)) OPTIONAL,
	...,
	eTSI671NEID					[2] Network-Element-Identifier OPTIONAL
221
		-- For network element identifier, use either networkElementIdentifier or eTSI671NEID
222
223
224
225
226
227
}

-- ==========================
-- Definitions for CC Payload
-- ==========================

228
CCPayload ::= SEQUENCE
229
230
231
232
233
234
{
	payloadDirection		[0] PayloadDirection OPTIONAL,
	timeStamp				[1] GeneralizedTime OPTIONAL,
		-- For aggregated payloads (see clause 6.2.3)
	cCContents				[2] CCContents,
	...,
235
	microSecondTimeStamp	[3] MicroSecondTimeStamp OPTIONAL,
236
		-- For aggregated payloads (see clause 6.2.3)
237
	timeStampQualifier		[4] TimeStampQualifier OPTIONAL
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
}

PayloadDirection ::= ENUMERATED
{
	fromTarget(0),
	toTarget(1),
	...,
	indeterminate(2),
		-- Indication whether intercepted CC was travelling to or from the target 
		-- or that the direction was indeterminate
	combined(3),
		-- Indication applicable to some services that the traffic is actually a combination
		-- of To and From
	notapplicable(4)
		-- Indication that direction of interceptable service does not make sense
}

CCContents ::= CHOICE
	-- Any of these choices may be commented out if they are not being used, see clause A.3
{
258
259
260
	emailCC				[1] EmailCC,
	iPCC				[2] IPCC,
	uMTSCC				[4] OCTET STRING,
261
	...,
262
263
264
265
266
267
268
	l2CC				[6] L2CC,
	tTRAFFIC-1			[7] TS101909201.TTRAFFIC,
	cTTRAFFIC-1			[8] TS101909201.CTTRAFFIC,
	tTRAFFIC-2			[9] TS101909202.TTRAFFIC,
	cTTRAFFIC-2			[10] TS101909202.CTTRAFFIC,
	pstnIsdnCC			[11] PstnIsdnCC,
	iPMMCC				[12] IPMMCC,
269
	cCIPPacketHeader	[13] CDMA2000CCModule.CCIPPacketHeader,
270
	messagingCC			[14] MessagingCC,
271
	ePSCC				[15] OCTET STRING,
272
273
	uMTSCC-CC-PDU		[16] Umts-HI3-PS.CC-PDU,
    ePSCC-CC-PDU		[17] Eps-HI3-PS.CC-PDU,
274
	messagingMMCC		[18] MessagingMMCC
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
}

MicroSecondTimeStamp ::= SEQUENCE
{
	seconds			[0] INTEGER (0..18446744073709551615),
		-- number of seconds since 1970-1-1 00:00Z also known as unix time epoch
	microSeconds	[1] INTEGER (0..999999),
	...
}

-- ===========================
-- Definitions for IRI Payload
-- ===========================

IRIPayload ::= SEQUENCE
{
	iRIType			[0] IRIType OPTIONAL,
		-- See clause 5.2.10
	timeStamp		[1] GeneralizedTime OPTIONAL,
		-- For aggregated payloads (see clause 6.2.3)
	iRIContents		[2] IRIContents,
296
297
298
299
	...,
	microSecondTimeStamp	[3] MicroSecondTimeStamp OPTIONAL,
		-- For aggregated payloads (see clause 6.2.3)
	timeStampQualifier		[4] TimeStampQualifier OPTIONAL
300
301
}

302
IRIType ::= ENUMERATED
303
304
305
306
307
308
309
{
	iRI-Begin(1),
	iRI-End(2),
	iRI-Continue(3),
	iRI-Report(4)
}

310
IRIContents ::= CHOICE
311
312
313
314
315
316
317
318
319
320
321
322
323
	-- Any of these choices may be commented out if they are not being used (see clause A.3)
{
	emailIRI				[1] EmailIRI,
	iPIRI					[2] IPIRI,
	iPIRIOnly				[3] IPIRIOnly,
	uMTSIRI					[4] UMTSIRI,
	eTSI671IRI				[5] ETSI671IRI,
	...,
	l2IRI					[6] L2IRI,
	l2IRIOnly				[7] L2IRIOnly,
	tARGETACTIVITYMONITOR-1	[8] TS101909201.TARGETACTIVITYMONITOR-1,
	tARGETACTIVITYMONITOR-2	[9] TS101909202.TARGETACTIVITYMONITOR,
	pstnIsdnIRI				[10] PstnIsdnIRI,
324
325
	iPMMIRI					[11] IPMMIRI,
	lAESProtocol			[12] Laesp-j-std-025-b.LAESProtocol,
326
	cDMA2000LAESMessage		[13] CDMA2000CIIModule.CDMA2000LAESMessage,
327
328
	messagingIRI			[14] MessagingIRI,
	ePSIRI					[15] EPSIRI
329
330
}

331
UMTSIRI ::= CHOICE
332
333
334
335
336
337
338
339
340
	-- This structure may be commented out if not used
{
	iRI-Parameters		[0] UmtsHI2Operations.IRI-Parameters,
	umtsIRIsContent		[1] UmtsIRIsContent,
	...,
	iRI-CS-Parameters	[2] UmtsCS-HI2Operations.IRI-Parameters,
	umtsCS-IRIsContent	[3] UmtsCS-IRIsContent
}

341
ETSI671IRI ::= CHOICE
342
343
344
345
346
347
348
	-- This structure may be commented out if not used
{
	iRI-Parameters	[0] HI2Operations.IRI-Parameters,
	iRIsContent		[1] IRIsContent,
	...
}

349
350
EPSIRI ::= CHOICE
	-- This structure may be commented out if not used
351
{
352
353
	iRI-EPS-Parameters	[0] EpsHI2Operations.IRI-Parameters,
	epsIRIsContent		[1] EpsIRIsContent,
354
355
356
	...
}

357
358
359
360
-- ===========================
-- Definitions for TRI Payload
-- ===========================

361
TRIPayload ::= CHOICE
362
{
363
364
365
	integrityCheck					[0] IntegrityCheck,
	testPDU							[1] NULL,
	paddingPDU						[2] OCTET STRING,
366
		-- Undefined contents (will be discarded)
367
368
369
370
	keep-alive						[3] NULL,
	keep-aliveResponse				[4] NULL,
	firstSegmentFlag				[5] NULL,
	lastSegmentFlag					[6] NULL,
371
	...,
372
373
374
375
376
377
378
	cINReset						[7] NULL,
	operatorLeaMessage				[8] OperatorLeaMessage,
	optionRequest					[9] OptionRequest,
	optionResponse					[10] OptionResponse,
	optionComplete					[11] NULL,
	pDUAcknowledgementRequest		[12] NULL,
	pDUAcknowledgementResponse		[13] NULL
379
380
}

381
IntegrityCheck ::= SEQUENCE
382
383
384
385
386
387
388
389
390
391
392
393
394
{
	includedSequenceNumbers	[0] SEQUENCE OF INTEGER (0..4294967295),
		-- gives the order the PDUs were processed
	checkType				[1] CheckType,
	dataType				[2] DataType OPTIONAL,
		-- From version5(5) the dataType is mandatory for hashes and for signatures
		-- (see clause 7.2.3)
	checkValue				[3] OCTET STRING,
		-- Network byte order
		-- In case of a DSA/DSS signature, the r and s values shall be concatenated
	...
}

395
CheckType ::= ENUMERATED
396
397
398
399
400
401
402
403
{
	hash(1),
		-- SHA-1 hash value
	signature(2),
		-- DSS/DSA signature
	...
}

404
DataType ::= ENUMERATED
405
406
407
408
409
410
{
	iRI(1),
	cC(2),
	...
}

411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
Option ::= CHOICE
{
	pDUAcknowledgement	[0] NULL,
	...
}

OptionRequest ::= SEQUENCE
{
	requestedOptions	[0] SEQUENCE OF Option,
	...
}

OptionResponse ::= SEQUENCE
{
	acceptedOptions		[0] SEQUENCE OF Option,
	declinedOptions		[1] SEQUENCE OF Option,
	...
}

430
431
432
433
-- ==================================
-- Definitions for OperatorLeaMessage
-- ==================================

434
OperatorLeaMessage ::= SEQUENCE
435
436
437
438
439
440
{
	messagePriority		[0] OperatorLeaMessagePriority,
	message				[1] OCTET STRING (SIZE(1..255)),
	...
}

441
OperatorLeaMessagePriority ::= ENUMERATED
442
443
444
445
446
447
448
449
450
451
{
	error(1),
		-- reporting of error conditions that have impact on the quality of the
		-- intercepted data
	informational(2),
		-- reporting of conditions that will not have direct impact on the quality of
		-- the intercepted data
	...
}

452
-- ===================================
453
-- Definitions for EncryptionContainer
454
-- ===================================
455

456
EncryptionContainer ::= SEQUENCE
457
458
459
{
	encryptionType			[0] EncryptionType,
	encryptedPayload		[1] OCTET STRING,
460
		-- once decrypted, it can be interpreted as EncryptedPayload
461
462
	...,
	encryptedPayloadType	[2] EncryptedPayloadType OPTIONAL
463
464
}

465
EncryptionType ::= ENUMERATED
466
467
{
	none(1),
468
		-- No encryption is applied.
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
	national-option(2),
		-- Use this option when an encryption scheme is negotiated on a national level
	aES-192-CBC(3),
		-- The Advanced Encryption Standard using a 192 bit key in CBC mode
	aES-256-CBC(4),
		-- The Advanced Encryption Standard using a 256 bit key in CBC mode
	blowfish-192-CBC(5),
		-- Blowfish (www.schneier.com/blowfish.html) using a 192 bit key in CBC mode
	blowfish-256-CBC(6),
		-- Blowfish using a 256 bit key in CBC mode
	threedes-cbc(7),
		-- Triple-DES using a 192 bit key in CBC mode
	...
}

484
EncryptedPayload ::= SEQUENCE
485
{
486
	byteCounter			[0] INTEGER (0..18446744073709551615),
487
		-- The sum of the sizes of all PDUs before this PDU.
488
		-- It is initialized with the unixTime (number of seconds since 01-01-1970)
489
		-- multiplied by 2^32 at first use.
490
		-- Where N is sequencenumber of the n-th PDU in transfer, and size(PDU(N))
491
		-- as defined in annex G:
492
493
494
495
496
497
		-- 		IF N > 0 THEN
		-- 		PDU[N].byteCounter = PDU[N-1].byteCounter + size(PDU[N-1])
		-- 		ELSE
		-- 		PDU[N].byteCounter = ( unixTime(now) << 32 )
		-- 		ENDIF
	payload				[1] Payload,
498
	...
499
500
}

501
EncryptedPayloadType ::= ENUMERATED
502
{
503
	unknown(1),
504
505
506
507
508
509
510
511
512
513
514
515
	part2(2),
		-- encrypted payload is TS 102 232 part 2 [5]
	part3(3),
		-- encrypted payload is TS 102 232 part 3 [6]
	part4(4),
		-- encrypted payload is TS 102 232 part 4 [32]
	part5(5),
		-- encrypted payload is TS 102 232 part 5 [37]
	part6(6),
		-- encrypted payload is TS 102 232 part 6 [36]
	part7(7),
		-- encrypted payload is TS 102 232 part 7 [38]
516
517
518
	...,
	part1(8)
		-- encrypted payload is TS 102 232 part 1 (the present document)
519
520
}

521
522
523
524
525
526
527
528
529
530
531
532
-- ==================
-- Common Parameters
-- ==================

Location ::= SEQUENCE
	-- This is a common parameter, the use of this parameter is described in clause 4.5
{
	umtsHI2Location		[0] UmtsHI2Operations.Location OPTIONAL,
	epsLocation		[1] EpsHI2Operations.EPSLocation OPTIONAL,
	...
}

533
END --end of LI-PS-PDU