LI-PS-PDU,ver13.txt 12.7 KB
Newer Older
1
2
LI-PS-PDU
{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) li-ps(5) genHeader(1) version13(13)}
3
4
5
6
7
8
9
10
11
12
13
14
15
16

DEFINITIONS IMPLICIT TAGS ::=

BEGIN

IMPORTS
	-- Any of the IMPORTs may be commented out if they are not used (see clause A.3)

	-- from TS 101 671 [4]
	LawfulInterceptionIdentifier, 
	IRI-Parameters, 
	IRIsContent,
	Network-Element-Identifier
		FROM HI2Operations
17
		{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) hi2(1) version14(14)}
18
19
20
21
22
23
24
25

	-- from TS 101 671 [4]
	HI1-Operation
		FROM HI1NotificationOperations
		{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) hi1(0) notificationOperations(1) version6(6)}

	-- from TS 102 232-02 [5]
	EmailCC,
26
27
28
	EmailIRI,
	MessagingCC,
	MessagingIRI
29
		FROM EmailPDU
30
		{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) li-ps(5) email(2) version8(8)}
31
32
33
34
35
36

	-- from TS 102 232-03 [6]
	IPCC,
	IPIRI,
	IPIRIOnly
		FROM IPAccessPDU
37
		{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) li-ps(5) iPAccess(3) version9(9)}
38
39
40
41
42
43

	-- from TS 102 232-04 [32]
	L2CC,
	L2IRI,
	L2IRIOnly
		FROM L2AccessPDU
44
		{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) li-ps(5) l2Access(4) version6(6)}
45
46
47
48
49

	-- from TS 102 232-05 [37]
	IPMMCC,
	IPMMIRI
		FROM IPMultimediaPDU
50
		{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) li-ps(5) iPMultimedia(5) version6(6)}
51
52
53
54
55

	-- from TS 102 232-06 [36]
	PstnIsdnCC,
	PstnIsdnIRI
		FROM PstnIsdnPDU
56
		{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) li-ps(5) pstnIsdn(6) version4(4)}
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74

	-- from 3GPP TS 33.108 [9]
	IRI-Parameters,
	UmtsIRIsContent,
	CorrelationValues
		FROM UmtsHI2Operations
		{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) threeGPP(4) hi2(1)}
			-- The relevant module (including the UMTS release and version number) needs
			-- to be chosen when compiling the application.

	-- from 3GPP TS 33.108 [9]
	IRI-Parameters,
	UmtsCS-IRIsContent
		FROM UmtsCS-HI2Operations
		{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) threeGPP(4) hi2CS(3)}
			-- The relevant module (including the UMTS release and version number) needs
			-- to be chosen when compiling the application.

75
76
77
78
79
80
81
82
	-- from 3GPP TS 33.108 [9]
	IRI-Parameters,
	EpsIRIsContent
		FROM EpsHI2Operations
		{itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2) threeGPP(4) hi2eps(8)}
			-- The relevant module (including the UMTS release and version number) needs
			-- to be chosen when compiling the application.

83
84
85
86
87
88
89
90
91
92
93
94
	-- from TS 101 909-20-1 [33]
	TARGETACTIVITYMONITOR-1,
	TTRAFFIC,
	CTTRAFFIC
		FROM TS101909201
		{itu-t(0) identified-organization(4) etsi(0) ts101909(1909) part20(20) subpart1(1) interceptVersion(0)}

	-- from TS 101 909-20-2 [34]
	TARGETACTIVITYMONITOR,
	TTRAFFIC,
	CTTRAFFIC
		FROM TS101909202
95
96
97
98
99
100
101
102
103
104
105
106
		{itu-t(0) identified-organization(4) etsi(0) ts101909(1909) part20(20) subpart2(2) interceptVersion(0)}

	-- from J-STD-025-B [39]
	LAESProtocol
		FROM Laesp-j-std-025-b 
		{iso(1) member-body(2) us(840) tia(113737) laes(2) tr45(0) j-std-025(0) j-std-025-b(2) version-1(0)}
	CDMA2000LAESMessage
		FROM CDMA2000CIIModule 
		{iso(1) member-body(2) us(840) tia(113737) laes(2) tr45(0) cdma2000(1) cii(0) version-2(1)}
	CCIPPacketHeader
		FROM CDMA2000CCModule 
		{iso(1) member-body(2) us(840) tia(113737) laes(2) tr45(0) cdma2000(1) cc(1) version-1(0)};
107
108
109
110
111
112
113
114
115

-- end of IMPORTS

-- =============================
-- Object Identifier Definitions
-- =============================

lawfulInterceptDomainId OBJECT IDENTIFIER ::= {itu-t(0) identified-organization(4) etsi(0) securityDomain(2) lawfulIntercept(2)}

116
li-psDomainId OBJECT IDENTIFIER ::= {lawfulInterceptDomainId li-ps(5) genHeader(1) version13(13)}
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152

-- ====================
-- Top-level definition
-- ====================

PS-PDU			::= SEQUENCE
{
	pSHeader	[1] PSHeader,
	payload		[2] Payload
}

PSHeader		::= SEQUENCE
{
	li-psDomainId					[0] OBJECT IDENTIFIER,
	lawfulInterceptionIdentifier	[1] LawfulInterceptionIdentifier,
	authorizationCountryCode		[2] PrintableString (SIZE (2)) OPTIONAL,
		-- see clause 5.2.3
	communicationIdentifier			[3] CommunicationIdentifier, 
	sequenceNumber					[4] INTEGER (0..4294967295),
	timeStamp						[5] GeneralizedTime OPTIONAL,
		-- see clause 5.2.6
	...,
	interceptionPointID				[6] PrintableString (SIZE (1..8)) OPTIONAL,
		-- see clause 5.2.11
	microSecondTimeStamp			[7] MicroSecondTimeStamp OPTIONAL,
	timeStampQualifier				[8] TimeStampQualifier OPTIONAL
}

Payload ::= CHOICE
{
	iRIPayloadSequence		[0] SEQUENCE OF IRIPayload,
	cCPayloadSequence		[1] SEQUENCE OF CCPayload,
		-- Clause 6.2.3 explains how to include more than one payload in the same PDU
	tRIPayload				[2] TRIPayload,
	...,
	hI1-Operation			[3] HI1-Operation,
153
	encryptionContainer		[4] EncryptionContainer
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
}

TimeStampQualifier	::= ENUMERATED
{
	unknown(0),
	timeOfInterception(1),
	timeOfMediation(2),
	...
}

-- ====================================
-- Items contained within the PS-Header
-- ====================================

CommunicationIdentifier		::= SEQUENCE 
{
	networkIdentifier				[0] NetworkIdentifier,
	communicationIdentityNumber		[1] INTEGER (0..4294967295) OPTIONAL,
		-- in case of transport of HI1 messages not required
		-- Mandatory for CC and IRI, with certain exceptions (see 5.2.4)
	deliveryCountryCode				[2] PrintableString (SIZE (2)) OPTIONAL,
		-- see clause 5.2.4
	...,
	cINExtension					[3] CorrelationValues OPTIONAL
		-- To be used when a single INTEGER is not sufficient to identify
		-- a particular session (see clause 5.2.4)
}

NetworkIdentifier	::= SEQUENCE 
{
	operatorIdentifier			[0] OCTET STRING (SIZE(1..16)),
	networkElementIdentifier	[1] OCTET STRING (SIZE(1..16)) OPTIONAL,
	...,
	eTSI671NEID					[2] Network-Element-Identifier OPTIONAL
		-- For Network Element Identifier, use either OCTET STRING or ETSI671 definition
}

-- ==========================
-- Definitions for CC Payload
-- ==========================

CCPayload	::= SEQUENCE
{
	payloadDirection		[0] PayloadDirection OPTIONAL,
	timeStamp				[1] GeneralizedTime OPTIONAL,
		-- For aggregated payloads (see clause 6.2.3)
	cCContents				[2] CCContents,
	...,
	microSecondTimeStamp	[3] MicroSecondTimeStamp OPTIONAL
		-- For aggregated payloads (see clause 6.2.3)
}

PayloadDirection ::= ENUMERATED
{
	fromTarget(0),
	toTarget(1),
	...,
	indeterminate(2),
		-- Indication whether intercepted CC was travelling to or from the target 
		-- or that the direction was indeterminate
	combined(3),
		-- Indication applicable to some services that the traffic is actually a combination
		-- of To and From
	notapplicable(4)
		-- Indication that direction of interceptable service does not make sense
}

CCContents ::= CHOICE
	-- Any of these choices may be commented out if they are not being used, see clause A.3
{
224
225
226
227
228
	undefinedCC			[0] OCTET STRING,
	emailCC				[1] EmailCC,
	iPCC				[2] IPCC,
	uMTSCC				[4] OCTET STRING,
	eTSI671CC			[5] OCTET STRING,
229
	...,
230
231
232
233
234
235
236
	l2CC				[6] L2CC,
	tTRAFFIC-1			[7] TS101909201.TTRAFFIC,
	cTTRAFFIC-1			[8] TS101909201.CTTRAFFIC,
	tTRAFFIC-2			[9] TS101909202.TTRAFFIC,
	cTTRAFFIC-2			[10] TS101909202.CTTRAFFIC,
	pstnIsdnCC			[11] PstnIsdnCC,
	iPMMCC				[12] IPMMCC,
237
238
239
	cCIPPacketHeader	[13] CDMA2000CCModule.CCIPPacketHeader,
	messagingCC         [14] MessagingCC,
	ePSCC               [15] OCTET STRING
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
}

MicroSecondTimeStamp ::= SEQUENCE
{
	seconds			[0] INTEGER (0..18446744073709551615),
		-- number of seconds since 1970-1-1 00:00Z also known as unix time epoch
	microSeconds	[1] INTEGER (0..999999),
	...
}

-- ===========================
-- Definitions for IRI Payload
-- ===========================

IRIPayload ::= SEQUENCE
{
	iRIType			[0] IRIType OPTIONAL,
		-- See clause 5.2.10
	timeStamp		[1] GeneralizedTime OPTIONAL,
		-- For aggregated payloads (see clause 6.2.3)
	iRIContents		[2] IRIContents,
	...
}

IRIType		::= ENUMERATED
{
	iRI-Begin(1),
	iRI-End(2),
	iRI-Continue(3),
	iRI-Report(4)
}

IRIContents		::= CHOICE
	-- Any of these choices may be commented out if they are not being used (see clause A.3)
{
	undefinedIRI			[0] OCTET STRING,
	emailIRI				[1] EmailIRI,
	iPIRI					[2] IPIRI,
	iPIRIOnly				[3] IPIRIOnly,
	uMTSIRI					[4] UMTSIRI,
	eTSI671IRI				[5] ETSI671IRI,
	...,
	l2IRI					[6] L2IRI,
	l2IRIOnly				[7] L2IRIOnly,
	tARGETACTIVITYMONITOR-1	[8] TS101909201.TARGETACTIVITYMONITOR-1,
	tARGETACTIVITYMONITOR-2	[9] TS101909202.TARGETACTIVITYMONITOR,
	pstnIsdnIRI				[10] PstnIsdnIRI,
287
288
	iPMMIRI					[11] IPMMIRI,
	lAESProtocol			[12] Laesp-j-std-025-b.LAESProtocol,
289
290
291
	cDMA2000LAESMessage		[13] CDMA2000CIIModule.CDMA2000LAESMessage,
	messagingIRI            [14] MessagingIRI,
	ePSIRI                  [15] EPSIRI
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
}

UMTSIRI			::= CHOICE
	-- This structure may be commented out if not used
{
	iRI-Parameters		[0] UmtsHI2Operations.IRI-Parameters,
	umtsIRIsContent		[1] UmtsIRIsContent,
	...,
	iRI-CS-Parameters	[2] UmtsCS-HI2Operations.IRI-Parameters,
	umtsCS-IRIsContent	[3] UmtsCS-IRIsContent
}

ETSI671IRI		::= CHOICE
	-- This structure may be commented out if not used
{
	iRI-Parameters	[0] HI2Operations.IRI-Parameters,
	iRIsContent		[1] IRIsContent,
	...
}

312
313
314
315
316
317
318
319
EPSIRI          ::= CHOICE
    -- This structure may be commented out if not used
{
    iRI-EPS-Parameters [0] EpsHI2Operations.IRI-Parameters,
	epsIRIsContent     [1] EpsIRIsContent,
	...
}

320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
-- ===========================
-- Definitions for TRI Payload
-- ===========================

TRIPayload		::= CHOICE
{
	integrityCheck		[0] IntegrityCheck,
	testPDU				[1] NULL,
	paddingPDU			[2] OCTET STRING,
		-- Undefined contents (will be discarded)
	keep-alive			[3] NULL,
	keep-aliveResponse	[4] NULL,
	firstSegmentFlag	[5] NULL,
	lastSegmentFlag		[6] NULL,
	...,
	cINReset			[7] NULL,
	operatorLeaMessage	[8] OperatorLeaMessage
}

IntegrityCheck		::= SEQUENCE
{
	includedSequenceNumbers	[0] SEQUENCE OF INTEGER (0..4294967295),
		-- gives the order the PDUs were processed
	checkType				[1] CheckType,
	dataType				[2] DataType OPTIONAL,
		-- From version5(5) the dataType is mandatory for hashes and for signatures
		-- (see clause 7.2.3)
	checkValue				[3] OCTET STRING,
		-- Network byte order
		-- In case of a DSA/DSS signature, the r and s values shall be concatenated
	...
}

CheckType	::= ENUMERATED 
{
	hash(1),
		-- SHA-1 hash value
	signature(2),
		-- DSS/DSA signature
	...
}

DataType	::= ENUMERATED
{
	iRI(1),
	cC(2),
	...
}

-- ==================================
-- Definitions for OperatorLeaMessage
-- ==================================

OperatorLeaMessage		::= SEQUENCE
{
	messagePriority		[0] OperatorLeaMessagePriority,
	message				[1] OCTET STRING (SIZE(1..255)),
	...
}

OperatorLeaMessagePriority		::= ENUMERATED
{
	error(1),
		-- reporting of error conditions that have impact on the quality of the
		-- intercepted data
	informational(2),
		-- reporting of conditions that will not have direct impact on the quality of
		-- the intercepted data
	...
}

-- ================================
392
-- Definitions for EncryptionContainer
393
394
-- ================================

395
EncryptionContainer		::= SEQUENCE 
396
397
398
{
	encryptionType			[0] EncryptionType,
	encryptedPayload		[1] OCTET STRING,
399
		-- once decrypted, it can be interpreted as EncryptedPayload
400
401
	...,
	encryptedPayloadType	[2] EncryptedPayloadType OPTIONAL
402
403
404
405
406
}

EncryptionType			::= ENUMERATED
{
	none(1),
407
		-- No encryption is applied.
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
	national-option(2),
		-- Use this option when an encryption scheme is negotiated on a national level
	aES-192-CBC(3),
		-- The Advanced Encryption Standard using a 192 bit key in CBC mode
	aES-256-CBC(4),
		-- The Advanced Encryption Standard using a 256 bit key in CBC mode
	blowfish-192-CBC(5),
		-- Blowfish (www.schneier.com/blowfish.html) using a 192 bit key in CBC mode
	blowfish-256-CBC(6),
		-- Blowfish using a 256 bit key in CBC mode
	threedes-cbc(7),
		-- Triple-DES using a 192 bit key in CBC mode
	...
}

EncryptedPayload		::= SEQUENCE 
{
425
	byteCounter			[0] INTEGER (0..18446744073709551615),
426
		-- The sum of the sizes of all PDUs before this PDU.
427
		-- It is initialized with the unixTime (number of seconds since 01-01-1970)
428
		-- multiplied by 2^32 at first use.
429
		-- Where N is sequencenumber of the n-th PDU in transfer, and size(PDU(N))
430
		-- as defined in Annex I:
431
432
433
434
435
436
		-- 		IF N > 0 THEN
		-- 		PDU[N].byteCounter = PDU[N-1].byteCounter + size(PDU[N-1])
		-- 		ELSE
		-- 		PDU[N].byteCounter = ( unixTime(now) << 32 )
		-- 		ENDIF
	payload				[1] Payload,
437
	...
438
439
}

440
441
EncryptedPayloadType	::= ENUMERATED 
{
442
443
444
	unknown(0),
	part1(1),
		-- encrypted payload is TS 102 232 part 1
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
	part2(2),
		-- encrypted payload is TS 102 232 part 2 [5]
	part3(3),
		-- encrypted payload is TS 102 232 part 3 [6]
	part4(4),
		-- encrypted payload is TS 102 232 part 4 [32]
	part5(5),
		-- encrypted payload is TS 102 232 part 5 [37]
	part6(6),
		-- encrypted payload is TS 102 232 part 6 [36]
	part7(7),
		-- encrypted payload is TS 102 232 part 7 [38]
	...
}

460
END --end of LI-PS-PDU
461