Newer
Older
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) authorization(5) major-version-3(3) minor-version-3(3)}
DEFINITIONS AUTOMATIC TAGS ::=
BEGIN
IMPORTS
EtsiTs103097Certificate,
EtsiTs103097Data-Signed
FROM EtsiTs103097Module
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) secHeaders(103097) core(1) major-version-3(3) minor-version-1(1) }
WITH SUCCESSORS
CertificateFormat, CertificateSubjectAttributes, EcSignature, HashedId8, PublicKeys, Version
FROM EtsiTs102941BaseTypes
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) baseTypes(3) major-version-3(3) minor-version-1(1) }
WITH SUCCESSORS
EeRaInterfacePdu
FROM Ieee1609Dot2Dot1EeRaInterface
{ iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) extension-standards(255) dot1(1) interfaces(1) ee-ra(11) major-version-2(2) minor-version-2(2)}
WITH SUCCESSORS
Ieee1609Dot2Data-SignedX509AuthenticatedCertRequest, ScmsPdu-Scoped, SignerSingleX509Cert
FROM Ieee1609Dot2Dot1Protocol
{ iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) extension-standards(255) dot1(1) interfaces(1) protocol(17) major-version-2(2) minor-version-2(2)}
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
WITH SUCCESSORS
;
/************
-- AuthorizationRequest/Response
************/
AuthorizationResponseCode ::= ENUMERATED {
ok(0),
-- ITS->AA
its-aa-cantparse, -- valid for any structure
its-aa-badcontenttype, -- not encrypted, not signed, not authorizationrequest
its-aa-imnottherecipient, -- the "recipients" of the outermost encrypted data doesn't include me
its-aa-unknownencryptionalgorithm, -- either kexalg or contentencryptionalgorithm
its-aa-decryptionfailed, -- works for ECIES-HMAC and AES-CCM
its-aa-keysdontmatch, -- HMAC keyTag verification fails
its-aa-incompleterequest, -- some elements are missing
its-aa-invalidencryptionkey, -- the responseEncryptionKey is bad
its-aa-outofsyncrequest, -- signingTime is outside acceptable limits
its-aa-unknownea, -- the EA identified by eaId is unknown to me
its-aa-invalidea, -- the EA certificate is revoked
its-aa-deniedpermissions, -- I, the AA, deny the requested permissions
-- AA->EA
aa-ea-cantreachea, -- the EA is unreachable (network error?)
-- EA->AA
ea-aa-cantparse, -- valid for any structure
ea-aa-badcontenttype, -- not encrypted, not signed, not authorizationrequest
ea-aa-imnottherecipient, -- the "recipients" of the outermost encrypted data doesn't include me
ea-aa-unknownencryptionalgorithm, -- either kexalg or contentencryptionalgorithm
ea-aa-decryptionfailed, -- works for ECIES-HMAC and AES-CCM
-- TODO: to be continued...
invalidaa, -- the AA certificate presented is invalid/revoked/whatever
invalidaasignature, -- the AA certificate presented can't validate the request signature
wrongea, -- the encrypted signature doesn't designate me as the EA
unknownits, -- can't retrieve the EC/ITS in my DB
invalidsignature, -- signature verification of the request by the EC fails
invalidencryptionkey, -- signature is good, but the key is bad
deniedpermissions, -- permissions not granted
deniedtoomanycerts, -- parallel limit
... }
InnerAtRequest ::= SEQUENCE {
publicKeys PublicKeys,
hmacKey OCTET STRING (SIZE(32)),
sharedAtRequest SharedAtRequest,
ecSignature EcSignature,
...
}
SharedAtRequest ::= SEQUENCE {
eaId HashedId8,
keyTag OCTET STRING (SIZE(16)),
certificateFormat CertificateFormat,
requestedSubjectAttributes CertificateSubjectAttributes (WITH COMPONENTS{..., certIssuePermissions ABSENT}),
...
}
InnerAtResponse ::= SEQUENCE {
requestHash OCTET STRING (SIZE(16)),
responseCode AuthorizationResponseCode,
certificate EtsiTs103097Certificate OPTIONAL,
...
}
(WITH COMPONENTS { responseCode (ok), certificate PRESENT }
| WITH COMPONENTS { responseCode (ALL EXCEPT ok), certificate ABSENT }
)
EtsiTs102941ButterflyAuthorizationRequest-X509Signed ::= Ieee1609Dot2Data-SignedX509AuthenticatedCertRequest {
ScmsPdu-Scoped {
EeRaInterfacePdu (WITH COMPONENTS {
eeRaCertRequest})
},
SignerSingleX509Cert
}
END