Proposed List of 1609.2 Mechanisms
Requiring SAPs
Deliverable Del-2.1.4.1 of the1609.2 Update Project
William Whyte, NTRU Cryptosystems
June 2009
Introduction
This document presents the list of mechanisms based on 1609.2-2006 that require SAPs to be called
from the application layer or the WME. These mechanisms are:





Sign WSA
Verify WSA
Sign 1609.2 Message
Encrypt 1609.2 Message
Process Incoming 1609.2 Secured Message
SAPs that are only used for security management are considered to be internal to a Security
Management Entity and are omitted. These include:


CRL processing (request and response).
Certificate Request messages and the appropriate responses
Each mechanism description is organized under the following headings:





Input: the message to be processed, a byte array
Parameters: configuration choices and other information that is obtained from a different
source from the message itself and may have a different lifetime from the message.
Output: the result of the processing. On success this will consist at least of a byte array
containing the processed message. It may additionally contain information relevant to the
parameters.
Errors: issues that may prevent correct processing of the input (or the processing that would be
expected if the input was correct).
Newly Stored Parameters: Changes to stored parameters made as a result of processing.
The distinction between Input and Parameters is not intended at this point to be a recommendation for
how the SAPs should be defined; it is simply an aid to clarity. Since some of the mechanisms described in
this document have a large number of Parameters, we intend to seek guidance from the Working Group
as to how best to specify parameters and parameter management within the SAPs.
For outgoing messages, this document assumes that there are no errors due to badly formed inputs to
the SAP. For incoming messages, it is possible that the input has been corrupted in transmission. This
document attempts to distinguish between errors due to corruption and errors due to an attack, but it
should be noted that there are many errors that may be due to either cause.
Sign WSA
Input

An unsigned WSA
Parameters



The set of private keys, and the corresponding certificates, that might be used to sign a WSA
The list of revoked certificates
***
Output

A signed WSA
Errors

No cert available
o No cert exists
o Cert exists, but…
 Application scope error
 Geographic scope error
 Expired
 Revoked
 Some cert in chain expired
 Some cert in chain revoked
Newly Stored Parameters
None
Verify WSA
Input

A signed WSA
Parameters


The set of certificates that might be used to construct and verify a cert chain back to the root
cert
The list of revoked certificates



Current time
Current position
Last accepted WSA
Output
On success:




The contents of the secured WSA
Transmission location
Generation time
Expiry time
Errors
Parsing
 Protocol version mismatch
 Parse error
o Nonsensical length
 Other “errors” may actually be parse errors
Processing
 Problem with WSA
o Possible parse error, possible genuine error
 Cryptographic verification failed
 WSA too old
 WSA from future
 WSA from too far away
 Expected but did not find field:
 Generation time
 Transmission location
 Expiry time
o Cert / WSA mismatch error
 WSA outside geographic bounds in cert
 WSA PSID-and-Priorities not matched by cert PSID-and-Priorities
 Problem with some certificate in chain (note: can distinguish between signer cert and CA cert if
necessary)
o Could not construct cert chain to known root
o Maybe parse error
 Cryptographic verification failed
 Invalid subject type
 Invalid key
 Invalid key algorithm
 Scope fields have unexpected form
o
 PSIDAndPriority
 Location
Genuine error
 Expired
 Revoked
Newly Stored Parameters

WSA certificate if not previously encountered
Sign Message
Input

An application data payload to sign
Parameters








The set of private keys and certificates belonging to the application that might be used to sign a
message
The list of revoked certificates
Current time
Current position
Do we use generation time?
Do we use transmission location?
Do we use expiry time?
PSID associated with the message
Output
On success, the signed message.
Errors

No cert available
o No cert exists
o Cert exists, but…
 Application scope error
 Geographic scope error
 Expired
 Revoked
 Some cert in chain expired
 Some cert in chain revoked
Newly Stored Parameters
None.
Encrypt Message
Input


An application data payload to encrypt
An appropriate identifier for each recipient (for example, the certificate to use to encrypt the
message)
Parameters



The list of revoked certificates
Current time
***
Output
On success, the encrypted message.
On failure, a list of the recipients for which encryption failed, with the error indicator below.
Errors
*** A message can be intended to be encrypted for multiple recipients. It’s possible that one of these
encryptions will fail for one of the reasons noted below. This document assumes that a single failure will
cause the entire operation to fail – in other words, the options are “succeed” or “fail”. It would also be
possible to have “partial success” – in other words, if one recipient encryption fails but the other
succeeds, to output the result as if the caller had requested to encrypt only for the recipients who
succeeded. I think success/failure is cleaner but I’m open to discussion on this.
Errors:


Unknown recipient
Problem with recipient’s cert
o Revoked
o Expired
Newly Stored Parameters
None.
Process Received Secured Message
Input
A received secured message
Parameters

The set of keys that might be used to decrypt an encrypted message










The set of certificates that might be used to construct and verify a cert chain back to the root
cert
The list of revoked certificates
Current time
Current position
Replay cache
Do we expect to see generation time?
Do we expect to see transmission location?
Do we expect to see expiry time?
Acceptable PSID
***
Output
On success:







The contents of the secured message
Content type of message
Inner content type of message if message was encrypted
Message transmission location if available
Message generation time if available
Message expiry time if available
Sender identity if available
Errors
Parsing
 Protocol version mismatch
 Parse error
o Nonsensical length
 Other “errors” may actually be parse errors
Processing – signed including WSAs
 Problem with message
o Processing error
 Duplicate message, possible replay attack
o Possible parse error, possible genuine error
 Cryptographic verification failed
 Message too old
 Message from future
 Message from too far away
 PSID was not acceptable
 Expected but did not find field:

 Generation time
 Transmission location
 Expiry time
o Cert / message mismatch error
 Message outside geographic bounds in cert
 Message PSIDs not matched by cert PSIDs
Problem with some certificate in chain (note: can distinguish between signer cert and CA cert if
necessary)
o Could not construct cert chain to known root
o Maybe parse error
 Cryptographic verification failed
 Invalid subject type
 Invalid key
 Invalid key algorithm
 Scope fields have unexpected form
 AppID
 Location
o Genuine error
 Expired
 Revoked
Processing – encrypted
 Problem with decryption key
o Couldn’t find decryption key
o Key corresponds to expired local cert
o Key corresponds to revoked local cert
 Crypto processing error
o Error decrypting symmetric key with private key
o Error decrypting message with private key
Newly Stored Parameters


Sender public encryption key if available
Sender cert chain
Other Message Types
Do these need SAPs? They seem like they may be internal SAPs within the Security Management entity



Certificate Request?
Certificate Response processing?
CRL processing?