Loading asn1/Security/1609Dot2/IEEE1609dot2BaseTypes.asn +8 −8 Original line number Original line Diff line number Diff line Loading @@ -100,8 +100,8 @@ SequenceOfRectangularRegion ::= SEQUENCE OF RectangularRegion PolygonalRegion ::= SEQUENCE SIZE(3..MAX) OF TwoDLocation PolygonalRegion ::= SEQUENCE SIZE(3..MAX) OF TwoDLocation TwoDLocation ::= SEQUENCE { TwoDLocation ::= SEQUENCE { latitude Latitude, latitude SecLatitude, longitude Longitude longitude SecLongitude } } IdentifiedRegion ::= CHOICE { IdentifiedRegion ::= CHOICE { Loading Loading @@ -133,14 +133,14 @@ RegionAndSubregions ::= SEQUENCE { SequenceOfRegionAndSubregions ::= SEQUENCE OF RegionAndSubregions SequenceOfRegionAndSubregions ::= SEQUENCE OF RegionAndSubregions ThreeDLocation ::= SEQUENCE { ThreeDLocation ::= SEQUENCE { latitude Latitude, latitude SecLatitude, longitude Longitude, longitude SecLongitude, elevation Elevation elevation SecElevation } } Latitude ::= NinetyDegreeInt SecLatitude ::= NinetyDegreeInt Longitude ::= OneEightyDegreeInt SecLongitude ::= OneEightyDegreeInt Elevation ::= ElevInt SecElevation ::= ElevInt NinetyDegreeInt ::= INTEGER { NinetyDegreeInt ::= INTEGER { min (-900000000), min (-900000000), Loading asn1/Security/EtsiTs102941BaseTypes.asn 0 → 100755 +124 −0 Original line number Original line Diff line number Diff line EtsiTs102941BaseTypes { itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) baseTypes(0) version1(1) } -- draft version r6 of 28.09.2017 DEFINITIONS AUTOMATIC TAGS ::= BEGIN IMPORTS HashedId8, Time32, PublicEncryptionKey, PublicVerificationKey FROM IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2)} CertificateId, SubjectAssurance, SequenceOfPsidSsp, SequenceOfPsidGroupPermissions, ValidityPeriod, GeographicRegion FROM IEEE1609dot2 {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base (1) schema (1) major-version-2(2)} EtsiTs103097Data-Encrypted, EtsiTs103097Data-SignedExternalPayload FROM EtsiTs103097Module { itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103097) securedMessageV1(0)} ; AuthorizationResponseCode ::= ENUMERATED { ok(0), -- ITS->AA its-aa-cantparse, -- valid for any structure its-aa-badcontenttype, -- not encrypted, not signed, not authorizationrequest its-aa-imnottherecipient, -- the “recipients” of the outermost encrypted data doesn’t include me its-aa-unknownencryptionalgorithm, -- either kexalg or contentencryptionalgorithm its-aa-decryptionfailed, -- works for ECIES-HMAC and AES-CCM its-aa-keysdontmatch, -- HMAC keyTag verification fails its-aa-incompleterequest, -- some elements are missing its-aa-invalidencryptionkey, -- the responseEncryptionKey is bad its-aa-outofsyncrequest, -- signingTime is outside acceptable limits its-aa-unknownea, -- the EA identified by eaId is unknown to me its-aa-invalidea, -- the EA certificate is revoked its-aa-deniedpermissions, -- I, the AA, deny the requested permissions -- AA->EA aa-ea-cantreachea, -- the EA is unreachable (network error?) -- EA->AA ea-aa-cantparse, -- valid for any structure ea-aa-badcontenttype, -- not encrypted, not signed, not authorizationrequest ea-aa-imnottherecipient, -- the “recipients” of the outermost encrypted data doesn’t include me ea-aa-unknownencryptionalgorithm, -- either kexalg or contentencryptionalgorithm ea-aa-decryptionfailed, -- works for ECIES-HMAC and AES-CCM -- TODO: to be continued... invalidaa, -- the AA certificate presented is invalid/revoked/whatever invalidaasignature, -- the AA certificate presented can’t validate the request signature wrongea, -- the encrypted signature doesn’t designate me as the EA unknownits, -- can’t retrieve the EC/ITS in my DB invalidsignature, -- signature verification of the request by the EC fails invalidencryptionkey, -- signature is good, but the key is bad deniedpermissions, -- permissions not granted deniedtoomanycerts, -- parallel limit ... } AuthorizationValidationResponseCode ::= ENUMERATED { ok(0), cantparse, -- valid for any structure badcontenttype, -- not encrypted, not signed, not permissionsverificationrequest imnottherecipient, -- the “recipients” of the outermost encrypted data doesn’t include me unknownencryptionalgorithm, -- either kexalg or contentencryptionalgorithm decryptionfailed, -- works for ECIES-HMAC and AES-CCM invalidaa, -- the AA certificate presented is invalid/revoked/whatever invalidaasignature, -- the AA certificate presented can’t validate the request signature wrongea, -- the encrypted signature doesn’t designate me as the EA unknownits, -- can’t retrieve the EC/ITS in my DB invalidsignature, -- signature verification of the request by the EC fails invalidencryptionkey, -- signature is good, but the responseEncryptionKey is bad deniedpermissions, -- requested permissions not granted deniedtoomanycerts, -- parallel limit deniedrequest, -- any other reason? ... } CertificateFormat::= INTEGER{ ts103097v211 (1) }(1..255) CertificateSubjectAttributes::= SEQUENCE { id CertificateId OPTIONAL, validityPeriod ValidityPeriod OPTIONAL, region GeographicRegion OPTIONAL, assuranceLevel SubjectAssurance OPTIONAL, appPermissions SequenceOfPsidSsp OPTIONAL, certIssuePermissions SequenceOfPsidGroupPermissions OPTIONAL, ... }(WITH COMPONENTS { ..., appPermissions PRESENT} | WITH COMPONENTS { ..., certIssuePermissions PRESENT}) EnrolmentResponseCode ::= ENUMERATED { ok(0), cantparse, -- valid for any structure badcontenttype, -- not encrypted, not signed, not enrolmentrequest imnottherecipient, -- the “recipients” doesn’t include me unknownencryptionalgorithm, -- either kexalg or contentencryptionalgorithm decryptionfailed, -- works for ECIES-HMAC and AES-CCM unknownits, -- can’t retrieve the ITS from the itsId invalidsignature, -- signature verification of the request fails invalidencryptionkey, -- signature is good, but the responseEncryptionKey is bad baditsstatus, -- revoked, not yet active incompleterequest, -- some elements are missing deniedpermissions, -- requested permissions are not granted invalidkeys, -- either the verification_key of the encryption_key is bad deniedrequest, -- any other reason? ... } EcSignature::= CHOICE{ encryptedEcSignature EtsiTs103097Data-Encrypted{EtsiTs103097Data-SignedExternalPayload}, ecSignature EtsiTs103097Data-SignedExternalPayload } PublicKeys ::= SEQUENCE { verificationKey PublicVerificationKey, encryptionKey PublicEncryptionKey OPTIONAL } Version ::= INTEGER {v1(1)} END asn1/Security/EtsiTs102941Its-sMessages.asn 0 → 100755 +135 −0 Original line number Original line Diff line number Diff line EtsiTs102941Its-sMessages { itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) its-sMessages(1) version1(1)} -- draft version r6 of 28.09.2017 DEFINITIONS AUTOMATIC TAGS ::= BEGIN IMPORTS EtsiTs103097Certificate, EtsiTs103097Data-Signed, EtsiTs103097Data-Encrypted, EtsiTs103097Data-SignedExternalPayload, EtsiTs103097Data-SignedAndEncrypted FROM EtsiTs103097Module { itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103097) securedMessageV1(0)} AuthorizationResponseCode, AuthorizationValidationResponseCode, CertificateFormat, CertificateSubjectAttributes,EnrolmentResponseCode, EcSignature, HashedId8, PublicKeys, Version FROM EtsiTs102941BaseTypes { itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) baseTypes(0) version1(1) } ; /************ -- Messages ************/ EnrolmentRequestMessage::= EtsiTs103097Data-SignedAndEncrypted {EtsiTS102941DataIts-s (WITH COMPONENTS{..., content (WITH COMPONENTS{enrolmentRequest PRESENT})})} EnrolmentResponseMessage::= EtsiTs103097Data-SignedAndEncrypted {EtsiTS102941DataIts-s (WITH COMPONENTS{..., content (WITH COMPONENTS{enrolmentResponse PRESENT})})} AuthorizationRequestMessage::= EtsiTs103097Data-Encrypted {EtsiTS102941DataIts-s (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationRequest PRESENT})})} AuthorizationRequestMessageWithPop::= EtsiTs103097Data-Encrypted {EtsiTS102941DataIts-s (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationRequestWithPop PRESENT})})} AuthorizationResponseMessage::= EtsiTs103097Data-SignedAndEncrypted {EtsiTS102941DataIts-s (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationResponse PRESENT})})} AuthorizationValidationRequestMessage::= EtsiTs103097Data-SignedAndEncrypted {EtsiTS102941DataIts-s (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationValidationRequest PRESENT})})} AuthorizationValidationResponseMessage::= EtsiTs103097Data-SignedAndEncrypted {EtsiTS102941DataIts-s (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationValidationResponse PRESENT})})} /************ -- EtsiTS102941Data ************/ EtsiTS102941DataIts-s::= SEQUENCE{ version Version (v1), content Content} Content ::= CHOICE{ enrolmentRequest InnerEcRequestSignedForPop, enrolmentResponse InnerEcResponse, authorizationRequest InnerAtRequest, authorizationRequestWithPop InnerAtRequestSignedForPop, authorizationResponse InnerAtResponse, authorizationValidationRequest AuthorizationValidationRequest, authorizationValidationResponse AuthorizationValidationResponse, caCertificateRequest NULL, caCertificateResponse NULL, ... } /************ -- EnrolmentRequest/Response ************/ InnerEcRequestSignedForPop::= EtsiTs103097Data-Signed{InnerEcRequest} InnerEcRequest::= SEQUENCE { itsId IA5String, certificateFormat CertificateFormat, publicKeys PublicKeys, requestedSubjectAttributes CertificateSubjectAttributes (WITH COMPONENTS{certIssuePermissions ABSENT}), ... } InnerEcResponse ::= SEQUENCE { requestHash OCTET STRING (SIZE(16)), responseCode EnrolmentResponseCode, certificate EtsiTs103097Certificate OPTIONAL, ... } (WITH COMPONENTS { responseCode (ok), certificate PRESENT } | WITH COMPONENTS { responseCode (ALL EXCEPT ok), certificate ABSENT } ) /************ -- AuthorizationRequest/Response ************/ InnerAtRequestSignedForPop::= EtsiTs103097Data-Signed{InnerAtRequest} InnerAtRequest ::= SEQUENCE { publicKeys PublicKeys, hmacKey OCTET STRING (SIZE(32)), sharedAtRequest SharedAtRequest, ecSignature EcSignature, ... } SharedAtRequest ::= SEQUENCE { eaId HashedId8, keyTag OCTET STRING (SIZE(16)), ertificateFormat CertificateFormat, requestedSubjectAttributes CertificateSubjectAttributes (WITH COMPONENTS{certIssuePermissions ABSENT}), ... } InnerAtResponse ::= SEQUENCE { requestHash OCTET STRING (SIZE(16)), responseCode AuthorizationResponseCode, certificate EtsiTs103097Certificate OPTIONAL, ... } (WITH COMPONENTS { responseCode (ok), certificate PRESENT } | WITH COMPONENTS { responseCode (ALL EXCEPT ok), certificate ABSENT } ) /************ -- AuthorizationValidationRequest/Response ************/ AuthorizationValidationRequest ::= SEQUENCE { sharedAtRequest SharedAtRequest, ecSignature EcSignature, ... } AuthorizationValidationResponse ::= SEQUENCE { requestHash OCTET STRING (SIZE(16)), responseCode AuthorizationValidationResponseCode, confirmedSubjectAttributes CertificateSubjectAttributes (WITH COMPONENTS{certIssuePermissions ABSENT}) OPTIONAL, ... } END asn1/Security/EtsiTs102941OfflineDataStructures.asn 0 → 100755 +66 −0 Original line number Original line Diff line number Diff line EtsiTs102941OfflineDataStructures { itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) offlineDataStructures(3) version1(1)} -- draft version r6 of 28.09.2017 DEFINITIONS AUTOMATIC TAGS ::= BEGIN IMPORTS EtsiTs103097Certificate, EtsiTs103097Data-SignedAndEncrypted, EtsiTs103097Data-Signed FROM EtsiTs103097Module {itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103097) securedMessageV1(0)} HashedId8, PublicKeys, CertificateSubjectAttributes, EnrolmentResponseCode, Time32, Version FROM EtsiTs102941BaseTypes { itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941)baseTypes(0) version1(1)} ; /************ -- Messages ************/ CaCertificateRequestMessage ::= EtsiTs103097Data-Signed {EtsiTS102941DataCa(WITH COMPONENTS{..., content (WITH COMPONENTS{caCertificateRequest PRESENT})})} CaCertificateResponseMessage ::= EtsiTs103097Data-Signed {EtsiTS102941DataCa(WITH COMPONENTS{..., content (WITH COMPONENTS{caCertificateResponse PRESENT})})} /************ -- EtsiTS102941Data ************/ EtsiTS102941DataCa::= SEQUENCE{ version Version (v1), content CaContent} CaContent ::= CHOICE{ caCertificateRequest CaCertificateRequest, caCertificateResponse CaCertificateResponse, ... } /************ -- CA certificate request ************/ CaCertificateRequest ::= SEQUENCE { publicKeys PublicKeys, reqquestedSubjectAttributes CertificateSubjectAttributes, ... } CaCertificateResponse::=SEQUENCE { requestHash OCTET STRING (SIZE(16)), responseCode EnrolmentResponseCode, certificate EtsiTs103097Certificate OPTIONAL, ... } (WITH COMPONENTS { responseCode (ok), certificate PRESENT } | WITH COMPONENTS { responseCode (ALL EXCEPT ok), certificate ABSENT } ) END asn1/Security/EtsiTs102941TrustLists.asn 0 → 100755 +144 −0 Original line number Original line Diff line number Diff line EtsiTs102941TrustLists { itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) trustLists(2) version(1)} -- draft version r6 of 28.09.2017 DEFINITIONS AUTOMATIC TAGS ::= BEGIN IMPORTS ItsPduHeader FROM ITS-Container {itu-t (0) identified-organization (4) etsi (0) itsDomain (5) wg1 (1) ts (102894) cdd (2) version (1)} EtsiTs103097Certificate, EtsiTs103097Data-SignedAndEncrypted, EtsiTs103097Data-Signed FROM EtsiTs103097Module {itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103097) securedMessageV1(0)} HashedId8, Time32, Version FROM EtsiTs102941BaseTypes {itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) baseTypes(0) version1(1)} ; /************ -- Messages ************/ CTLM::= SEQUENCE { header ItsPduHeader, ctl Ctl, ... } CRLM::= SEQUENCE { header ItsPduHeader, crl Crl, ... } /************ -- CRL ************/ Crl ::= EtsiTs103097Data-Signed{ToBeSignedCrl} ToBeSignedCrl ::= SEQUENCE { version Version, thisUpdate Time32, nextUpdate Time32, entries SEQUENCE OF CRLEntry, ... } CRLEntry ::= HashedId8 /************ -- CTL ************/ Ctl ::= EtsiTs103097Data-Signed{ToBeSignedCtl} ToBeSignedCtl::= CtlFormat (FullCtl | DeltaCtl) FullCtl::= CtlFormat(WITH COMPONENTS {..., isFullCtl(TRUE), ctlCommands(WITH COMPONENT( (WITH COMPONENTS {..., delete ABSENT }) )) }) DeltaCtl::= CtlFormat (WITH COMPONENTS {..., isFullCtl(FALSE) }) CtlFormat ::= SEQUENCE { version Version, nextUpdate Time32, isFullCtl BOOLEAN, ctlSequence INTEGER (0..255), ctlCommands SEQUENCE OF CtlCommand, ... } CtlCommand::= CHOICE{ add CtlEntry, delete CtlDelete, ... } CtlEntry ::= CHOICE { rca RootCaEntry, ea EaEntry, aa AaEntry, dc DcEntry, tlm TlmEntry, ... } CtlDelete ::= CHOICE { cert HashedId8, dc DcDelete, ... } RootCaEntry ::= SEQUENCE { selfsignedRootCa EtsiTs103097Certificate, linkRootCaCertificate EtsiTs103097Certificate OPTIONAL, constraints OCTET STRING OPTIONAL } EaEntry ::= SEQUENCE { eaCertificate EtsiTs103097Certificate, linkEaCertificate EtsiTs103097Certificate OPTIONAL, aaAccessPoint Url, itsAccessPoint Url OPTIONAL } -- First URL is to be used by AA (AuthorizationValidationRequest) -- second URL is to be used by ITS-S (AuthorizationRequest) AaEntry ::= SEQUENCE { aaCertificate EtsiTs103097Certificate, accessPoint Url } DcEntry::= Url DcDelete::= Url TlmEntry::= SEQUENCE { selfSignedTLMCertificate EtsiTs103097Certificate, linkTLMCertificate EtsiTs103097Certificate OPTIONAL } Url::= IA5String END Loading
asn1/Security/1609Dot2/IEEE1609dot2BaseTypes.asn +8 −8 Original line number Original line Diff line number Diff line Loading @@ -100,8 +100,8 @@ SequenceOfRectangularRegion ::= SEQUENCE OF RectangularRegion PolygonalRegion ::= SEQUENCE SIZE(3..MAX) OF TwoDLocation PolygonalRegion ::= SEQUENCE SIZE(3..MAX) OF TwoDLocation TwoDLocation ::= SEQUENCE { TwoDLocation ::= SEQUENCE { latitude Latitude, latitude SecLatitude, longitude Longitude longitude SecLongitude } } IdentifiedRegion ::= CHOICE { IdentifiedRegion ::= CHOICE { Loading Loading @@ -133,14 +133,14 @@ RegionAndSubregions ::= SEQUENCE { SequenceOfRegionAndSubregions ::= SEQUENCE OF RegionAndSubregions SequenceOfRegionAndSubregions ::= SEQUENCE OF RegionAndSubregions ThreeDLocation ::= SEQUENCE { ThreeDLocation ::= SEQUENCE { latitude Latitude, latitude SecLatitude, longitude Longitude, longitude SecLongitude, elevation Elevation elevation SecElevation } } Latitude ::= NinetyDegreeInt SecLatitude ::= NinetyDegreeInt Longitude ::= OneEightyDegreeInt SecLongitude ::= OneEightyDegreeInt Elevation ::= ElevInt SecElevation ::= ElevInt NinetyDegreeInt ::= INTEGER { NinetyDegreeInt ::= INTEGER { min (-900000000), min (-900000000), Loading
asn1/Security/EtsiTs102941BaseTypes.asn 0 → 100755 +124 −0 Original line number Original line Diff line number Diff line EtsiTs102941BaseTypes { itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) baseTypes(0) version1(1) } -- draft version r6 of 28.09.2017 DEFINITIONS AUTOMATIC TAGS ::= BEGIN IMPORTS HashedId8, Time32, PublicEncryptionKey, PublicVerificationKey FROM IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2)} CertificateId, SubjectAssurance, SequenceOfPsidSsp, SequenceOfPsidGroupPermissions, ValidityPeriod, GeographicRegion FROM IEEE1609dot2 {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base (1) schema (1) major-version-2(2)} EtsiTs103097Data-Encrypted, EtsiTs103097Data-SignedExternalPayload FROM EtsiTs103097Module { itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103097) securedMessageV1(0)} ; AuthorizationResponseCode ::= ENUMERATED { ok(0), -- ITS->AA its-aa-cantparse, -- valid for any structure its-aa-badcontenttype, -- not encrypted, not signed, not authorizationrequest its-aa-imnottherecipient, -- the “recipients” of the outermost encrypted data doesn’t include me its-aa-unknownencryptionalgorithm, -- either kexalg or contentencryptionalgorithm its-aa-decryptionfailed, -- works for ECIES-HMAC and AES-CCM its-aa-keysdontmatch, -- HMAC keyTag verification fails its-aa-incompleterequest, -- some elements are missing its-aa-invalidencryptionkey, -- the responseEncryptionKey is bad its-aa-outofsyncrequest, -- signingTime is outside acceptable limits its-aa-unknownea, -- the EA identified by eaId is unknown to me its-aa-invalidea, -- the EA certificate is revoked its-aa-deniedpermissions, -- I, the AA, deny the requested permissions -- AA->EA aa-ea-cantreachea, -- the EA is unreachable (network error?) -- EA->AA ea-aa-cantparse, -- valid for any structure ea-aa-badcontenttype, -- not encrypted, not signed, not authorizationrequest ea-aa-imnottherecipient, -- the “recipients” of the outermost encrypted data doesn’t include me ea-aa-unknownencryptionalgorithm, -- either kexalg or contentencryptionalgorithm ea-aa-decryptionfailed, -- works for ECIES-HMAC and AES-CCM -- TODO: to be continued... invalidaa, -- the AA certificate presented is invalid/revoked/whatever invalidaasignature, -- the AA certificate presented can’t validate the request signature wrongea, -- the encrypted signature doesn’t designate me as the EA unknownits, -- can’t retrieve the EC/ITS in my DB invalidsignature, -- signature verification of the request by the EC fails invalidencryptionkey, -- signature is good, but the key is bad deniedpermissions, -- permissions not granted deniedtoomanycerts, -- parallel limit ... } AuthorizationValidationResponseCode ::= ENUMERATED { ok(0), cantparse, -- valid for any structure badcontenttype, -- not encrypted, not signed, not permissionsverificationrequest imnottherecipient, -- the “recipients” of the outermost encrypted data doesn’t include me unknownencryptionalgorithm, -- either kexalg or contentencryptionalgorithm decryptionfailed, -- works for ECIES-HMAC and AES-CCM invalidaa, -- the AA certificate presented is invalid/revoked/whatever invalidaasignature, -- the AA certificate presented can’t validate the request signature wrongea, -- the encrypted signature doesn’t designate me as the EA unknownits, -- can’t retrieve the EC/ITS in my DB invalidsignature, -- signature verification of the request by the EC fails invalidencryptionkey, -- signature is good, but the responseEncryptionKey is bad deniedpermissions, -- requested permissions not granted deniedtoomanycerts, -- parallel limit deniedrequest, -- any other reason? ... } CertificateFormat::= INTEGER{ ts103097v211 (1) }(1..255) CertificateSubjectAttributes::= SEQUENCE { id CertificateId OPTIONAL, validityPeriod ValidityPeriod OPTIONAL, region GeographicRegion OPTIONAL, assuranceLevel SubjectAssurance OPTIONAL, appPermissions SequenceOfPsidSsp OPTIONAL, certIssuePermissions SequenceOfPsidGroupPermissions OPTIONAL, ... }(WITH COMPONENTS { ..., appPermissions PRESENT} | WITH COMPONENTS { ..., certIssuePermissions PRESENT}) EnrolmentResponseCode ::= ENUMERATED { ok(0), cantparse, -- valid for any structure badcontenttype, -- not encrypted, not signed, not enrolmentrequest imnottherecipient, -- the “recipients” doesn’t include me unknownencryptionalgorithm, -- either kexalg or contentencryptionalgorithm decryptionfailed, -- works for ECIES-HMAC and AES-CCM unknownits, -- can’t retrieve the ITS from the itsId invalidsignature, -- signature verification of the request fails invalidencryptionkey, -- signature is good, but the responseEncryptionKey is bad baditsstatus, -- revoked, not yet active incompleterequest, -- some elements are missing deniedpermissions, -- requested permissions are not granted invalidkeys, -- either the verification_key of the encryption_key is bad deniedrequest, -- any other reason? ... } EcSignature::= CHOICE{ encryptedEcSignature EtsiTs103097Data-Encrypted{EtsiTs103097Data-SignedExternalPayload}, ecSignature EtsiTs103097Data-SignedExternalPayload } PublicKeys ::= SEQUENCE { verificationKey PublicVerificationKey, encryptionKey PublicEncryptionKey OPTIONAL } Version ::= INTEGER {v1(1)} END
asn1/Security/EtsiTs102941Its-sMessages.asn 0 → 100755 +135 −0 Original line number Original line Diff line number Diff line EtsiTs102941Its-sMessages { itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) its-sMessages(1) version1(1)} -- draft version r6 of 28.09.2017 DEFINITIONS AUTOMATIC TAGS ::= BEGIN IMPORTS EtsiTs103097Certificate, EtsiTs103097Data-Signed, EtsiTs103097Data-Encrypted, EtsiTs103097Data-SignedExternalPayload, EtsiTs103097Data-SignedAndEncrypted FROM EtsiTs103097Module { itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103097) securedMessageV1(0)} AuthorizationResponseCode, AuthorizationValidationResponseCode, CertificateFormat, CertificateSubjectAttributes,EnrolmentResponseCode, EcSignature, HashedId8, PublicKeys, Version FROM EtsiTs102941BaseTypes { itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) baseTypes(0) version1(1) } ; /************ -- Messages ************/ EnrolmentRequestMessage::= EtsiTs103097Data-SignedAndEncrypted {EtsiTS102941DataIts-s (WITH COMPONENTS{..., content (WITH COMPONENTS{enrolmentRequest PRESENT})})} EnrolmentResponseMessage::= EtsiTs103097Data-SignedAndEncrypted {EtsiTS102941DataIts-s (WITH COMPONENTS{..., content (WITH COMPONENTS{enrolmentResponse PRESENT})})} AuthorizationRequestMessage::= EtsiTs103097Data-Encrypted {EtsiTS102941DataIts-s (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationRequest PRESENT})})} AuthorizationRequestMessageWithPop::= EtsiTs103097Data-Encrypted {EtsiTS102941DataIts-s (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationRequestWithPop PRESENT})})} AuthorizationResponseMessage::= EtsiTs103097Data-SignedAndEncrypted {EtsiTS102941DataIts-s (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationResponse PRESENT})})} AuthorizationValidationRequestMessage::= EtsiTs103097Data-SignedAndEncrypted {EtsiTS102941DataIts-s (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationValidationRequest PRESENT})})} AuthorizationValidationResponseMessage::= EtsiTs103097Data-SignedAndEncrypted {EtsiTS102941DataIts-s (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationValidationResponse PRESENT})})} /************ -- EtsiTS102941Data ************/ EtsiTS102941DataIts-s::= SEQUENCE{ version Version (v1), content Content} Content ::= CHOICE{ enrolmentRequest InnerEcRequestSignedForPop, enrolmentResponse InnerEcResponse, authorizationRequest InnerAtRequest, authorizationRequestWithPop InnerAtRequestSignedForPop, authorizationResponse InnerAtResponse, authorizationValidationRequest AuthorizationValidationRequest, authorizationValidationResponse AuthorizationValidationResponse, caCertificateRequest NULL, caCertificateResponse NULL, ... } /************ -- EnrolmentRequest/Response ************/ InnerEcRequestSignedForPop::= EtsiTs103097Data-Signed{InnerEcRequest} InnerEcRequest::= SEQUENCE { itsId IA5String, certificateFormat CertificateFormat, publicKeys PublicKeys, requestedSubjectAttributes CertificateSubjectAttributes (WITH COMPONENTS{certIssuePermissions ABSENT}), ... } InnerEcResponse ::= SEQUENCE { requestHash OCTET STRING (SIZE(16)), responseCode EnrolmentResponseCode, certificate EtsiTs103097Certificate OPTIONAL, ... } (WITH COMPONENTS { responseCode (ok), certificate PRESENT } | WITH COMPONENTS { responseCode (ALL EXCEPT ok), certificate ABSENT } ) /************ -- AuthorizationRequest/Response ************/ InnerAtRequestSignedForPop::= EtsiTs103097Data-Signed{InnerAtRequest} InnerAtRequest ::= SEQUENCE { publicKeys PublicKeys, hmacKey OCTET STRING (SIZE(32)), sharedAtRequest SharedAtRequest, ecSignature EcSignature, ... } SharedAtRequest ::= SEQUENCE { eaId HashedId8, keyTag OCTET STRING (SIZE(16)), ertificateFormat CertificateFormat, requestedSubjectAttributes CertificateSubjectAttributes (WITH COMPONENTS{certIssuePermissions ABSENT}), ... } InnerAtResponse ::= SEQUENCE { requestHash OCTET STRING (SIZE(16)), responseCode AuthorizationResponseCode, certificate EtsiTs103097Certificate OPTIONAL, ... } (WITH COMPONENTS { responseCode (ok), certificate PRESENT } | WITH COMPONENTS { responseCode (ALL EXCEPT ok), certificate ABSENT } ) /************ -- AuthorizationValidationRequest/Response ************/ AuthorizationValidationRequest ::= SEQUENCE { sharedAtRequest SharedAtRequest, ecSignature EcSignature, ... } AuthorizationValidationResponse ::= SEQUENCE { requestHash OCTET STRING (SIZE(16)), responseCode AuthorizationValidationResponseCode, confirmedSubjectAttributes CertificateSubjectAttributes (WITH COMPONENTS{certIssuePermissions ABSENT}) OPTIONAL, ... } END
asn1/Security/EtsiTs102941OfflineDataStructures.asn 0 → 100755 +66 −0 Original line number Original line Diff line number Diff line EtsiTs102941OfflineDataStructures { itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) offlineDataStructures(3) version1(1)} -- draft version r6 of 28.09.2017 DEFINITIONS AUTOMATIC TAGS ::= BEGIN IMPORTS EtsiTs103097Certificate, EtsiTs103097Data-SignedAndEncrypted, EtsiTs103097Data-Signed FROM EtsiTs103097Module {itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103097) securedMessageV1(0)} HashedId8, PublicKeys, CertificateSubjectAttributes, EnrolmentResponseCode, Time32, Version FROM EtsiTs102941BaseTypes { itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941)baseTypes(0) version1(1)} ; /************ -- Messages ************/ CaCertificateRequestMessage ::= EtsiTs103097Data-Signed {EtsiTS102941DataCa(WITH COMPONENTS{..., content (WITH COMPONENTS{caCertificateRequest PRESENT})})} CaCertificateResponseMessage ::= EtsiTs103097Data-Signed {EtsiTS102941DataCa(WITH COMPONENTS{..., content (WITH COMPONENTS{caCertificateResponse PRESENT})})} /************ -- EtsiTS102941Data ************/ EtsiTS102941DataCa::= SEQUENCE{ version Version (v1), content CaContent} CaContent ::= CHOICE{ caCertificateRequest CaCertificateRequest, caCertificateResponse CaCertificateResponse, ... } /************ -- CA certificate request ************/ CaCertificateRequest ::= SEQUENCE { publicKeys PublicKeys, reqquestedSubjectAttributes CertificateSubjectAttributes, ... } CaCertificateResponse::=SEQUENCE { requestHash OCTET STRING (SIZE(16)), responseCode EnrolmentResponseCode, certificate EtsiTs103097Certificate OPTIONAL, ... } (WITH COMPONENTS { responseCode (ok), certificate PRESENT } | WITH COMPONENTS { responseCode (ALL EXCEPT ok), certificate ABSENT } ) END
asn1/Security/EtsiTs102941TrustLists.asn 0 → 100755 +144 −0 Original line number Original line Diff line number Diff line EtsiTs102941TrustLists { itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) trustLists(2) version(1)} -- draft version r6 of 28.09.2017 DEFINITIONS AUTOMATIC TAGS ::= BEGIN IMPORTS ItsPduHeader FROM ITS-Container {itu-t (0) identified-organization (4) etsi (0) itsDomain (5) wg1 (1) ts (102894) cdd (2) version (1)} EtsiTs103097Certificate, EtsiTs103097Data-SignedAndEncrypted, EtsiTs103097Data-Signed FROM EtsiTs103097Module {itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103097) securedMessageV1(0)} HashedId8, Time32, Version FROM EtsiTs102941BaseTypes {itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) baseTypes(0) version1(1)} ; /************ -- Messages ************/ CTLM::= SEQUENCE { header ItsPduHeader, ctl Ctl, ... } CRLM::= SEQUENCE { header ItsPduHeader, crl Crl, ... } /************ -- CRL ************/ Crl ::= EtsiTs103097Data-Signed{ToBeSignedCrl} ToBeSignedCrl ::= SEQUENCE { version Version, thisUpdate Time32, nextUpdate Time32, entries SEQUENCE OF CRLEntry, ... } CRLEntry ::= HashedId8 /************ -- CTL ************/ Ctl ::= EtsiTs103097Data-Signed{ToBeSignedCtl} ToBeSignedCtl::= CtlFormat (FullCtl | DeltaCtl) FullCtl::= CtlFormat(WITH COMPONENTS {..., isFullCtl(TRUE), ctlCommands(WITH COMPONENT( (WITH COMPONENTS {..., delete ABSENT }) )) }) DeltaCtl::= CtlFormat (WITH COMPONENTS {..., isFullCtl(FALSE) }) CtlFormat ::= SEQUENCE { version Version, nextUpdate Time32, isFullCtl BOOLEAN, ctlSequence INTEGER (0..255), ctlCommands SEQUENCE OF CtlCommand, ... } CtlCommand::= CHOICE{ add CtlEntry, delete CtlDelete, ... } CtlEntry ::= CHOICE { rca RootCaEntry, ea EaEntry, aa AaEntry, dc DcEntry, tlm TlmEntry, ... } CtlDelete ::= CHOICE { cert HashedId8, dc DcDelete, ... } RootCaEntry ::= SEQUENCE { selfsignedRootCa EtsiTs103097Certificate, linkRootCaCertificate EtsiTs103097Certificate OPTIONAL, constraints OCTET STRING OPTIONAL } EaEntry ::= SEQUENCE { eaCertificate EtsiTs103097Certificate, linkEaCertificate EtsiTs103097Certificate OPTIONAL, aaAccessPoint Url, itsAccessPoint Url OPTIONAL } -- First URL is to be used by AA (AuthorizationValidationRequest) -- second URL is to be used by ITS-S (AuthorizationRequest) AaEntry ::= SEQUENCE { aaCertificate EtsiTs103097Certificate, accessPoint Url } DcEntry::= Url DcDelete::= Url TlmEntry::= SEQUENCE { selfSignedTLMCertificate EtsiTs103097Certificate, linkTLMCertificate EtsiTs103097Certificate OPTIONAL } Url::= IA5String END
