Skip to content
GitLab
Find file Normal viewHistoryPermalink
EtsiTs102941TypesAuthorization.asn 4.43 KB
Newer Older
ASN.1 Documenter's avatar
update to the March package  
ASN.1 Documenter committed
1 
EtsiTs102941TypesAuthorization
ASN.1 Documenter's avatar
sync wit the lates IEEE 1609.2 and 1609.2.1 versions  
ASN.1 Documenter committed
2 
  { itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) authorization(5) major-version-3(3) minor-version-3(3)}
ASN.1 Documenter's avatar
update to the March package  
ASN.1 Documenter committed
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 

DEFINITIONS AUTOMATIC TAGS ::=
BEGIN

IMPORTS

EtsiTs103097Certificate,
EtsiTs103097Data-Signed
FROM EtsiTs103097Module
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) secHeaders(103097) core(1) major-version-3(3) minor-version-1(1) } 
WITH SUCCESSORS

CertificateFormat, CertificateSubjectAttributes, EcSignature, HashedId8, PublicKeys, Version
FROM EtsiTs102941BaseTypes
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) baseTypes(3) major-version-3(3) minor-version-1(1) }
WITH SUCCESSORS

EeRaInterfacePdu
FROM Ieee1609Dot2Dot1EeRaInterface
ASN.1 Documenter's avatar
sync wit the lates IEEE 1609.2 and 1609.2.1 versions  
ASN.1 Documenter committed
22 
{ iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) extension-standards(255) dot1(1) interfaces(1) ee-ra(11) major-version-3(3) minor-version-1(1)}
ASN.1 Documenter's avatar
update to the March package  
ASN.1 Documenter committed
23 24 25 26 
WITH SUCCESSORS

Ieee1609Dot2Data-SignedX509AuthenticatedCertRequest, ScmsPdu-Scoped, SignerSingleX509Cert
FROM Ieee1609Dot2Dot1Protocol
ASN.1 Documenter's avatar
sync wit the lates IEEE 1609.2 and 1609.2.1 versions  
ASN.1 Documenter committed
27 
{ iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) extension-standards(255) dot1(1) interfaces(1) protocol(17) major-version-3(3) minor-version-1(1)}
ASN.1 Documenter's avatar
update to the March package  
ASN.1 Documenter committed
28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 
WITH SUCCESSORS

;

/************
-- AuthorizationRequest/Response
************/

AuthorizationResponseCode ::= ENUMERATED {
  ok(0),
  -- ITS->AA
  its-aa-cantparse, -- valid for any structure
  its-aa-badcontenttype, -- not encrypted, not signed, not authorizationrequest
  its-aa-imnottherecipient, -- the "recipients" of the outermost encrypted data doesn't include me
  its-aa-unknownencryptionalgorithm, -- either kexalg or contentencryptionalgorithm
  its-aa-decryptionfailed, -- works for ECIES-HMAC and AES-CCM
  its-aa-keysdontmatch, -- HMAC keyTag verification fails
  its-aa-incompleterequest, -- some elements are missing
  its-aa-invalidencryptionkey, -- the responseEncryptionKey is bad
  its-aa-outofsyncrequest, -- signingTime is outside acceptable limits
  its-aa-unknownea, -- the EA identified by eaId is unknown to me
  its-aa-invalidea, -- the EA certificate is revoked
  its-aa-deniedpermissions, -- I, the AA, deny the requested permissions
  -- AA->EA
  aa-ea-cantreachea, -- the EA is unreachable (network error?)
  -- EA->AA
  ea-aa-cantparse, -- valid for any structure
  ea-aa-badcontenttype, -- not encrypted, not signed, not authorizationrequest
  ea-aa-imnottherecipient, -- the "recipients" of the outermost encrypted data doesn't include me
  ea-aa-unknownencryptionalgorithm, -- either kexalg or contentencryptionalgorithm
  ea-aa-decryptionfailed, -- works for ECIES-HMAC and AES-CCM
  -- TODO: to be continued...
  invalidaa, -- the AA certificate presented is invalid/revoked/whatever
  invalidaasignature, -- the AA certificate presented can't validate the request signature
  wrongea, -- the encrypted signature doesn't designate me as the EA
  unknownits, -- can't retrieve the EC/ITS in my DB
  invalidsignature, -- signature verification of the request by the EC fails
  invalidencryptionkey, -- signature is good, but the key is bad
  deniedpermissions, -- permissions not granted
  deniedtoomanycerts, -- parallel limit
  ... }


InnerAtRequest ::= SEQUENCE {
  publicKeys                    PublicKeys,
  hmacKey                       OCTET STRING (SIZE(32)),
  sharedAtRequest               SharedAtRequest, 
  ecSignature                   EcSignature,
  ...
  } 

SharedAtRequest ::= SEQUENCE {
  eaId                          HashedId8,
  keyTag                        OCTET STRING (SIZE(16)),
  certificateFormat             CertificateFormat,
  requestedSubjectAttributes    CertificateSubjectAttributes (WITH COMPONENTS{..., certIssuePermissions ABSENT}),
  ...
  }

InnerAtResponse ::= SEQUENCE {
  requestHash                   OCTET STRING (SIZE(16)),
  responseCode                  AuthorizationResponseCode,
  certificate                   EtsiTs103097Certificate OPTIONAL,
  ... 
 }
  (WITH COMPONENTS { responseCode (ok), certificate PRESENT }
  | WITH COMPONENTS { responseCode (ALL EXCEPT ok), certificate ABSENT }
  )

EtsiTs102941ButterflyAuthorizationRequest-X509Signed ::= Ieee1609Dot2Data-SignedX509AuthenticatedCertRequest {
	ScmsPdu-Scoped {
		EeRaInterfacePdu (WITH COMPONENTS {
			eeRaCertRequest})
		},
	SignerSingleX509Cert
}

END