Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
EtsiTs102941TypesEnrolment
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) enrolment(4) version1(1)}
DEFINITIONS AUTOMATIC TAGS ::=
BEGIN
IMPORTS
EtsiTs103097Certificate,
EtsiTs103097Data-Signed
FROM EtsiTs103097Module
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103097) securedMessageV1(0)}
CertificateFormat, CertificateSubjectAttributes, EcSignature, HashedId8, PublicKeys, Version
FROM EtsiTs102941BaseTypes
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) baseTypes(3) version1(1) }
;
/************
-- EnrolmentRequest/Response
************/
EnrolmentResponseCode ::= ENUMERATED {
ok(0),
cantparse, -- valid for any structure
badcontenttype, -- not encrypted, not signed, not enrolmentrequest
imnottherecipient, -- the “recipients” doesn’t include me
unknownencryptionalgorithm, -- either kexalg or contentencryptionalgorithm
decryptionfailed, -- works for ECIES-HMAC and AES-CCM
unknownits, -- can’t retrieve the ITS from the itsId
invalidsignature, -- signature verification of the request fails
invalidencryptionkey, -- signature is good, but the responseEncryptionKey is bad
baditsstatus, -- revoked, not yet active
incompleterequest, -- some elements are missing
deniedpermissions, -- requested permissions are not granted
invalidkeys, -- either the verification_key of the encryption_key is bad
deniedrequest, -- any other reason?
... }
InnerEcRequestSignedForPop::= EtsiTs103097Data-Signed{InnerEcRequest}
InnerEcRequest ::= SEQUENCE {
itsId OCTET STRING,
certificateFormat CertificateFormat,
publicKeys PublicKeys,
requestedSubjectAttributes CertificateSubjectAttributes (WITH COMPONENTS{certIssuePermissions ABSENT}),
...
}
InnerEcResponse ::= SEQUENCE {
requestHash OCTET STRING (SIZE(16)),
responseCode EnrolmentResponseCode,
certificate EtsiTs103097Certificate OPTIONAL,
...
}
(WITH COMPONENTS { responseCode (ok), certificate PRESENT }
| WITH COMPONENTS { responseCode (ALL EXCEPT ok), certificate ABSENT }
)
END