IEEE1609dot2 {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) schema(1) major-version-2(2)} -- Minor version: 1 --****************************************************************************** -- -- IEEE P1609.2 Data Types -- --****************************************************************************** DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; IMPORTS CrlSeries, EccP256CurvePoint, EciesP256EncryptedKey, EncryptionKey, GeographicRegion, GroupLinkageValue, HashAlgorithm, HashedId3, HashedId8, Hostname, IValue, LinkageValue, Opaque, Psid, PsidSsp, PsidSspRange, PublicEncryptionKey, PublicVerificationKey, SequenceOfHashedId3, SequenceOfPsidSsp, SequenceOfPsidSspRange, ServiceSpecificPermissions, Signature, SubjectAssurance, SymmetricEncryptionKey, ThreeDLocation, Time64, Uint3, Uint8, Uint16, Uint32, ValidityPeriod FROM IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2 (2)} ; -- --********************************************************************* -- -- Structures for describing secured data -- --********************************************************************* -- Necessary to get certain tools to generate sample PDUs -- TestIeee1609Dot2Data ::= Ieee1609Dot2Data -- TestCertificate ::= Certificate -- this structure belongs later in the file but putting it here avoids -- compiler errors with certain tools SignedDataPayload ::= SEQUENCE { data Ieee1609Dot2Data OPTIONAL, extDataHash HashedData OPTIONAL, ... } (WITH COMPONENTS {..., data PRESENT} | WITH COMPONENTS {..., extDataHash PRESENT}) Ieee1609Dot2Data ::= SEQUENCE { protocolVersion Uint8(3), content Ieee1609Dot2Content } Ieee1609Dot2Content ::= CHOICE { unsecuredData Opaque, signedData SignedData, encryptedData EncryptedData, signedCertificateRequest Opaque, ... } SignedData ::= SEQUENCE { hashId HashAlgorithm, tbsData ToBeSignedData, signer SignerIdentifier, signature Signature } SignerIdentifier ::= CHOICE { digest HashedId8, certificate SequenceOfCertificate, self NULL, ... } ToBeSignedData ::= SEQUENCE { payload SignedDataPayload, headerInfo HeaderInfo } HashedData::= CHOICE { sha256HashedData OCTET STRING (SIZE(32)), ... } HeaderInfo ::= SEQUENCE { psid Psid, generationTime Time64 OPTIONAL, expiryTime Time64 OPTIONAL, generationLocation ThreeDLocation OPTIONAL, p2pcdLearningRequest HashedId3 OPTIONAL, missingCrlIdentifier MissingCrlIdentifier OPTIONAL, encryptionKey EncryptionKey OPTIONAL, ..., inlineP2pcdRequest SequenceOfHashedId3 OPTIONAL, requestedCertificate Certificate OPTIONAL } MissingCrlIdentifier ::= SEQUENCE { cracaId HashedId3, crlSeries CrlSeries, ... } Countersignature ::= Ieee1609Dot2Data (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data ABSENT, extDataHash PRESENT }), headerInfo(WITH COMPONENTS {..., generationTime PRESENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --********************************************************************** -- -- Structures for describing encrypted data -- --********************************************************************** EncryptedData ::= SEQUENCE { recipients SequenceOfRecipientInfo, ciphertext SymmetricCiphertext } RecipientInfo ::= CHOICE { pskRecipInfo PreSharedKeyRecipientInfo, symmRecipInfo SymmRecipientInfo, certRecipInfo PKRecipientInfo, signedDataRecipInfo PKRecipientInfo, rekRecipInfo PKRecipientInfo } SequenceOfRecipientInfo ::= SEQUENCE OF RecipientInfo PreSharedKeyRecipientInfo ::= HashedId8 SymmRecipientInfo ::= SEQUENCE { recipientId HashedId8, encKey SymmetricCiphertext } PKRecipientInfo ::= SEQUENCE { recipientId HashedId8, encKey EncryptedDataEncryptionKey } EncryptedDataEncryptionKey ::= CHOICE { eciesNistP256 EciesP256EncryptedKey, eciesBrainpoolP256r1 EciesP256EncryptedKey, ... } SymmetricCiphertext ::= CHOICE { aes128ccm AesCcmCiphertext, ... } AesCcmCiphertext ::= SEQUENCE { nonce OCTET STRING (SIZE (12)), ccmCiphertext Opaque -- 16 bytes longer than plaintext } --********************************************************************** -- -- Certificates and other security management data structures -- --********************************************************************** -- Certificates are implicit (type = implicit, toBeSigned includes -- reconstruction value, signature absent) or explicit (type = explicit, -- toBeSigned includes verification key, signature present). Certificate ::= CertificateBase (ImplicitCertificate | ExplicitCertificate) SequenceOfCertificate ::= SEQUENCE OF Certificate CertificateBase ::= SEQUENCE { version Uint8(3), type CertificateType, issuer IssuerIdentifier, toBeSigned ToBeSignedCertificate, signature Signature OPTIONAL } CertificateType ::= ENUMERATED { explicit, implicit, ... } ImplicitCertificate ::= CertificateBase (WITH COMPONENTS {..., type(implicit), toBeSigned(WITH COMPONENTS {..., verifyKeyIndicator(WITH COMPONENTS {reconstructionValue}) }), signature ABSENT }) ExplicitCertificate ::= CertificateBase (WITH COMPONENTS {..., type(explicit), toBeSigned(WITH COMPONENTS {..., verifyKeyIndicator(WITH COMPONENTS {verificationKey}) }), signature PRESENT }) IssuerIdentifier ::= CHOICE { sha256AndDigest HashedId8, self HashAlgorithm, ..., sha384AndDigest HashedId8 } ToBeSignedCertificate ::= SEQUENCE { id CertificateId, cracaId HashedId3, crlSeries CrlSeries, validityPeriod ValidityPeriod, region GeographicRegion OPTIONAL, assuranceLevel SubjectAssurance OPTIONAL, appPermissions SequenceOfPsidSsp OPTIONAL, certIssuePermissions SequenceOfPsidGroupPermissions OPTIONAL, certRequestPermissions SequenceOfPsidGroupPermissions OPTIONAL, canRequestRollover NULL OPTIONAL, encryptionKey PublicEncryptionKey OPTIONAL, verifyKeyIndicator VerificationKeyIndicator, ... } (WITH COMPONENTS { ..., appPermissions PRESENT} | WITH COMPONENTS { ..., certIssuePermissions PRESENT} | WITH COMPONENTS { ..., certRequestPermissions PRESENT}) CertificateId ::= CHOICE { linkageData LinkageData, name Hostname, binaryId OCTET STRING(SIZE(1..64)), none NULL, ... } LinkageData ::= SEQUENCE { iCert IValue, linkage-value LinkageValue, group-linkage-value GroupLinkageValue OPTIONAL } EndEntityType ::= BIT STRING {app (0), enrol (1) } (SIZE (8)) PsidGroupPermissions ::= SEQUENCE { subjectPermissions SubjectPermissions, minChainLength INTEGER DEFAULT 1, chainLengthRange INTEGER DEFAULT 0, eeType EndEntityType DEFAULT {app} } SequenceOfPsidGroupPermissions ::= SEQUENCE OF PsidGroupPermissions SubjectPermissions ::= CHOICE { explicit SequenceOfPsidSspRange, all NULL, ... } VerificationKeyIndicator ::= CHOICE { verificationKey PublicVerificationKey, reconstructionValue EccP256CurvePoint, ... } END IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2)} -- Minor version: 1 -- --******************************************************************** -- IEEE P1609.2 Base Data Types -- --******************************************************************** DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; -- ------------------------------------------------------------------ -- -- Integers -- -- ------------------------------------------------------------------ Uint3 ::= INTEGER (0..7) -- (hex) 07 Uint8 ::= INTEGER (0..255) -- (hex) ff Uint16 ::= INTEGER (0..65535) -- (hex) ff ff Uint32 ::= INTEGER (0..4294967295)---- -- (hex) ff ff ff ff Uint64 ::= INTEGER (0..18446744073709551615) -- (hex) ff ff ff ff ff ff ff ff SequenceOfUint8 ::= SEQUENCE OF Uint8 SequenceOfUint16 ::= SEQUENCE OF Uint16 -- ------------------------------------------------------------------ -- -- OCTET STRING types -- -- ------------------------------------------------------------------ Opaque ::= OCTET STRING HashedId10 ::= OCTET STRING (SIZE(10)) HashedId8 ::= OCTET STRING (SIZE(8)) HashedId3 ::= OCTET STRING (SIZE(3)) SequenceOfHashedId3 ::= SEQUENCE OF HashedId3 -- ------------------------------------------------------------------ -- -- Time -- -- ------------------------------------------------------------------ Time32 ::= Uint32 Time64 ::= Uint64 ValidityPeriod ::= SEQUENCE { start Time32, duration Duration } Duration ::= CHOICE { microseconds Uint16, milliseconds Uint16, seconds Uint16, minutes Uint16, hours Uint16, sixtyHours Uint16, years Uint16 } -- ------------------------------------------------------------------ -- -- Location -- -- ------------------------------------------------------------------ GeographicRegion ::= CHOICE { circularRegion CircularRegion, rectangularRegion SequenceOfRectangularRegion, polygonalRegion PolygonalRegion, identifiedRegion SequenceOfIdentifiedRegion, ... } CircularRegion ::= SEQUENCE { center TwoDLocation, radius Uint16 } RectangularRegion ::= SEQUENCE { northWest TwoDLocation, southEast TwoDLocation } SequenceOfRectangularRegion ::= SEQUENCE OF RectangularRegion PolygonalRegion ::= SEQUENCE SIZE(3..MAX) OF TwoDLocation TwoDLocation ::= SEQUENCE { latitude Latitude, longitude Longitude } IdentifiedRegion ::= CHOICE { countryOnly CountryOnly, countryAndRegions CountryAndRegions, countryAndSubregions CountryAndSubregions, ... } SequenceOfIdentifiedRegion ::= SEQUENCE OF IdentifiedRegion CountryOnly ::= Uint16 CountryAndRegions ::= SEQUENCE { countryOnly CountryOnly, regions SequenceOfUint8 } CountryAndSubregions ::= SEQUENCE { country CountryOnly, regionAndSubregions SequenceOfRegionAndSubregions } RegionAndSubregions ::= SEQUENCE { region Uint8, subregions SequenceOfUint16 } SequenceOfRegionAndSubregions ::= SEQUENCE OF RegionAndSubregions ThreeDLocation ::= SEQUENCE { latitude Latitude, longitude Longitude, elevation Elevation } Latitude ::= NinetyDegreeInt Longitude ::= OneEightyDegreeInt Elevation ::= ElevInt NinetyDegreeInt ::= INTEGER { min (-900000000), max (900000000), unknown (900000001) } (-900000000..900000001) KnownLatitude ::= NinetyDegreeInt (min..max) -- Minus 90deg to +90deg in microdegree intervals UnknownLatitude ::= NinetyDegreeInt (unknown) OneEightyDegreeInt ::= INTEGER { min (-1799999999), max (1800000000), unknown (1800000001) } (-1799999999..1800000001) KnownLongitude ::= OneEightyDegreeInt (min..max) UnknownLongitude ::= OneEightyDegreeInt (unknown) ElevInt ::= Uint16 -- Range is from -4096 to 61439 in units of one-tenth of a meter -- ------------------------------------------------------------------ -- -- Crypto -- -- ------------------------------------------------------------------ Signature ::= CHOICE { ecdsaNistP256Signature EcdsaP256Signature, ecdsaBrainpoolP256r1Signature EcdsaP256Signature, ..., ecdsaBrainpoolP384r1Signature EcdsaP384Signature } EcdsaP256Signature ::= SEQUENCE { rSig EccP256CurvePoint, sSig OCTET STRING (SIZE (32)) } EcdsaP384Signature ::= SEQUENCE { rSig EccP384CurvePoint, sSig OCTET STRING (SIZE (48)) } EccP256CurvePoint ::= CHOICE { x-only OCTET STRING (SIZE (32)), fill NULL, -- consistency with 1363 / X9.62 compressed-y-0 OCTET STRING (SIZE (32)), compressed-y-1 OCTET STRING (SIZE (32)), uncompressedP256 SEQUENCE { x OCTET STRING (SIZE (32)), y OCTET STRING (SIZE (32)) } } EccP384CurvePoint::= CHOICE { x-only OCTET STRING (SIZE (48)), fill NULL, -- consistency w 1363 / X9.62 compressed-y-0 OCTET STRING (SIZE (48)), compressed-y-1 OCTET STRING (SIZE (48)), uncompressedP384 SEQUENCE { x OCTET STRING (SIZE (48)), y OCTET STRING (SIZE (48)) } } SymmAlgorithm ::= ENUMERATED { aes128Ccm, ... } HashAlgorithm ::= ENUMERATED { sha256, ..., sha384 } EciesP256EncryptedKey ::= SEQUENCE { v EccP256CurvePoint, c OCTET STRING (SIZE (16)), t OCTET STRING (SIZE (16)) } EncryptionKey ::= CHOICE { public PublicEncryptionKey, symmetric SymmetricEncryptionKey } PublicEncryptionKey ::= SEQUENCE { supportedSymmAlg SymmAlgorithm, publicKey BasePublicEncryptionKey } BasePublicEncryptionKey ::= CHOICE { eciesNistP256 EccP256CurvePoint, eciesBrainpoolP256r1 EccP256CurvePoint, ... } PublicVerificationKey ::= CHOICE { ecdsaNistP256 EccP256CurvePoint, ecdsaBrainpoolP256r1 EccP256CurvePoint, ..., ecdsaBrainpoolP384r1 EccP384CurvePoint } SymmetricEncryptionKey ::= CHOICE { aes128Ccm OCTET STRING(SIZE(16)), ... } -- ------------------------------------------------------------------ -- -- PSID / ITS-AID -- -- ------------------------------------------------------------------ PsidSsp ::= SEQUENCE { psid Psid, ssp ServiceSpecificPermissions OPTIONAL } SequenceOfPsidSsp ::= SEQUENCE OF PsidSsp Psid ::= INTEGER (0..MAX) SequenceOfPsid ::= SEQUENCE OF Psid ServiceSpecificPermissions ::= CHOICE { opaque OCTET STRING (SIZE(0..MAX)), ..., bitmapSsp BitmapSsp } BitmapSsp ::= OCTET STRING (SIZE(0..31)) PsidSspRange ::= SEQUENCE { psid Psid, sspRange SspRange OPTIONAL } SequenceOfPsidSspRange ::= SEQUENCE OF PsidSspRange SspRange ::= CHOICE { opaque SequenceOfOctetString, all NULL, ... , bitmapSspRange BitmapSspRange } BitmapSspRange ::= SEQUENCE { sspValue OCTET STRING (SIZE(1..32)), sspBitmask OCTET STRING (SIZE(1..32)) } SequenceOfOctetString ::= SEQUENCE (SIZE (0..MAX)) OF OCTET STRING (SIZE(0..MAX)) -- ------------------------------------------------------------------ -- -- Goes in certs -- -- ------------------------------------------------------------------ SubjectAssurance ::= OCTET STRING (SIZE(1)) CrlSeries ::= Uint16 -- ------------------------------------------------------------------ -- -- Pseudonym Linkage -- -- ------------------------------------------------------------------ IValue ::= Uint16 Hostname ::= UTF8String (SIZE(0..255)) LinkageValue ::= OCTET STRING (SIZE(9)) GroupLinkageValue ::= SEQUENCE { jValue OCTET STRING (SIZE(4)), value OCTET STRING (SIZE(9)) } LaId ::= OCTET STRING (SIZE(2)) LinkageSeed ::= OCTET STRING (SIZE(16)) END IEEE1609dot2CrlBaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) crl(3) base-types(2) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; IMPORTS CrlSeries, GeographicRegion, HashedId8, HashedId10, IValue, LaId, LinkageSeed, Opaque, Psid, Signature, Time32, Uint3, Uint8, Uint16, Uint32, ValidityPeriod FROM IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2 (2)} ; -- -- -- CRL contents -- -- CrlContents ::= SEQUENCE { version Uint8 (1), crlSeries CrlSeries, cracaId HashedId8, issueDate Time32, nextCrl Time32, priorityInfo CrlPriorityInfo, typeSpecific CHOICE { fullHashCrl ToBeSignedHashIdCrl, deltaHashCrl ToBeSignedHashIdCrl, fullLinkedCrl ToBeSignedLinkageValueCrl, deltaLinkedCrl ToBeSignedLinkageValueCrl, ... } } CrlPriorityInfo ::= SEQUENCE { priority Uint8 OPTIONAL, ... } ToBeSignedHashIdCrl ::= SEQUENCE { crlSerial Uint32, entries SequenceOfHashBasedRevocationInfo, ... } HashBasedRevocationInfo ::= SEQUENCE { id HashedId10, expiry Time32 } SequenceOfHashBasedRevocationInfo ::= SEQUENCE OF HashBasedRevocationInfo ToBeSignedLinkageValueCrl ::= SEQUENCE { iRev IValue, indexWithinI Uint8, individual SequenceOfJMaxGroup OPTIONAL, groups SequenceOfGroupCrlEntry OPTIONAL, ... } (WITH COMPONENTS {..., individual PRESENT} | WITH COMPONENTS {..., groups PRESENT}) JMaxGroup ::= SEQUENCE { jmax Uint8, contents SequenceOfLAGroup, ... } SequenceOfJMaxGroup ::= SEQUENCE OF JMaxGroup LAGroup ::= SEQUENCE { la1Id LaId, la2Id LaId, contents SequenceOfIMaxGroup, ... } SequenceOfLAGroup ::= SEQUENCE OF LAGroup IMaxGroup ::= SEQUENCE { iMax Uint16, contents SequenceOfIndividualRevocation, ... } SequenceOfIMaxGroup ::= SEQUENCE OF IMaxGroup IndividualRevocation ::= SEQUENCE { linkage-seed1 LinkageSeed, linkage-seed2 LinkageSeed, ... } SequenceOfIndividualRevocation ::= SEQUENCE OF IndividualRevocation GroupCrlEntry ::= SEQUENCE { iMax Uint16, la1Id LaId, linkageSeed1 LinkageSeed, la2Id LaId, linkageSeed2 LinkageSeed, ... } SequenceOfGroupCrlEntry ::= SEQUENCE OF GroupCrlEntry END IEEE1609dot2Crl {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) crl(3) protocol(1) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; IMPORTS Ieee1609Dot2Data FROM IEEE1609dot2 {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base (1) schema (1) major-version-2 (2)} Opaque, Psid FROM IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2 (2)} CrlContents FROM IEEE1609dot2CrlBaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) crl(3) base-types(2) major-version-2 (2)} ; CrlPsid ::= Psid(256) -- PSID = 0x100, 0p8080 SecuredCrl ::= Ieee1609Dot2Data (WITH COMPONENTS {..., content (WITH COMPONENTS { signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS { payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING CrlContents) }) }) }), headerInfo (WITH COMPONENTS {..., psid (CrlPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) END IEEE1609dot2CrlSsp {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) crl(3) service-specific-permissions (3) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; IMPORTS CrlSeries, Uint8 FROM IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2 (2)} ; CrlSsp::= SEQUENCE { version Uint8(1), associatedCraca CracaType, crls PermissibleCrls, ... } CracaType ::= ENUMERATED {isCraca, issuerIsCraca} PermissibleCrls ::= SEQUENCE OF CrlSeries END -- -- Copyright 2017 Crash Avoidance Metrics Partner, VSC5 Consortium -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. -- -- @namespace Ieee1609Dot2ScmsComponentCertificateManagementError Ieee1609Dot2ScmsComponentCertificateManagementError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) component-certificate-management (3) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; --- -- @brief -- @class ComponentCertificateManagementError -- @param -- @see ComponentCertificateManagementError ::= ENUMERATED { baseline(1), ... } END -- -- Copyright 2017 Crash Avoidance Metrics Partner, VSC5 Consortium -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. -- -- @namespace Ieee1609Dot2ScmsComponentCertificateManagement Ieee1609Dot2ScmsComponentCertificateManagement {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) component-certificate-management (3) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; IMPORTS Uint8 FROM IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2)} ScopedComponentCertificateManagementError FROM Ieee1609dot2ScmsError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) complete (1) major-version-2(2)} ExplicitCertificate FROM IEEE1609dot2 {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) schema(1) major-version-2(2)} Time32 FROM IEEE1609dot2 {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2)} SecuredCrl FROM IEEE1609dot2Crl {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) crl(3) protocol(1) major-version-2(2)} SignedElectorEndorsement FROM IEEE1609dot2ScmsProtocol {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) protocol(1) major-version-2(2)} ; HashedId32 ::= OCTET STRING (SIZE(32)) --- -- @brief This data type is the parent structure for all component certificate -- management data types. -- @class ScmsComponentCertificateManagementPDU -- @param tbsElectorEndorsement contains the elector endorsement/ballots to be -- signed by the respective Elector. ScmsComponentCertificateManagementPDU::= CHOICE { tbsElectorEndorsement TbsElectorEndorsement, electorBallot ElectorBallot, ... } --- -- @brief An "endorsement" is a structure with a command type (add/remove for -- root or elector) along with the certificate to be added or removed. -- A signed endorsement is a copy of that whole structure with a -- signature. -- @class TbsElectorEndorsement -- @param type Defines the action (add/remove) to be taken over a -- certificate. -- @param certificateHash The hash of the certificate with respect to which the -- action is to be taken. -- @param generationTime Defines the time at which the message was generated. -- The message takes effect immediately on generation. -- For an add action type, the added certificate is considered -- to be valid from the start of its validity period, no matter -- what the generation time value in this message is. For a -- revoke action type, the revoked certificate is considered -- revoked from the time of the earliest generation time on -- a valid revoke message. -- @see HashedId32 TbsElectorEndorsement ::= SEQUENCE { type EndorsementType, certificateHash HashedId32, generationTime Time32, ... } --- -- @brief This data type defines the action (add/remove) to be taken on a Root -- CA or Elector certificate. -- @class EndorsementType -- @param addRoot defines the action to add a Root CA. -- @param addElector defines the action to add an elector. -- @param removeRoot defines the action to remove a Root CA. -- @param removeElector defines the action to remove an elector. EndorsementType ::= ENUMERATED { addRoot (0), addElector (1), removeRoot (2), removeElector (3), ... } --- -- @brief This data type defines the structure of an elector ballot. A "ballot" -- is a list of signed endorsements. To be valid, a ballot must contain -- signatures from a quorum of electors. -- @class ElectorBallot -- @param endorsements are the signatures are generated by the Electors (i.e. -- endorsement ballots). Each signature shall contain a -- copy of the same TbsElectorEndorsement -- @see SignedElectorEndorsement ElectorBallot ::= SEQUENCE { -- ballot TbsBallot, -- each signature shall contain a copy of the same TbsElectorEndorsement certificate ExplicitCertificate, -- root CA or elector endorsements SEQUENCE SIZE(1..MAX) OF SignedElectorEndorsement, ... } --- -- @brief This data type defines a composite CRL structure which contains a -- list of 1609.2 CRLs, one per CRL series. It may also contain ballots -- to remove Root CAs and Electors -- @class CompositeCrl -- @param securedCrlSeries is the list of CRLs for all SCMS components except -- a Root CA and Electors. -- @param revokedRootCAs is the list of Elector endorsements that were used -- to revoke a Root CA. -- @param revokedElectors is the list of Elector endorsements that were used -- to revoke an Elector. -- @see SecuredCrl CompositeCrl ::= SEQUENCE { securedCrlSeries SEQUENCE SIZE(0..MAX) OF SecuredCrl, revokedRootCAs SEQUENCE SIZE(0..MAX) OF ElectorBallot, revokedElectors SEQUENCE SIZE(0..MAX) OF ElectorBallot, ... } END -- -- Copyright 2017 Crash Avoidance Metrics Partner, VSC5 Consortium -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. -- -- @namespace Ieee1609dot2ScmsBaseTypes Ieee1609dot2ScmsBaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) base-types(2) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; IMPORTS CrlSeries, CountryOnly, Duration, Hostname, IValue, LaId, LinkageSeed, Opaque, Psid, Signature, HashedId8, Uint8, Uint16, Uint32 FROM IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2)} RecipientInfo, EncryptedData, SignerIdentifier FROM IEEE1609dot2 {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) schema(1) major-version-2(2)} ; --- -- @brief This data type is used for any operations in Canada. -- @class Canada Canada ::= CountryOnly (124) --- -- @brief This data type is used for any operations in Mexico. -- @class Mexico Mexico ::= CountryOnly (484) --- -- @brief This data type is used for any operations in the USA. -- @class USA USA ::= CountryOnly (840) --- -- @brief This data type denotes the expiration period of a CRL certificate. -- @class CrlgCertExpiration CrlgCertExpiration ::= Duration (WITH COMPONENTS {hours(26448)}) -- 3 years + 1 week = 26448 hourss --- -- @brief This data type denotes the expiration period of a DCM certificate. -- @class DcmCertExpiration DcmCertExpiration ::= Duration (WITH COMPONENTS {hours(26448)}) --- -- @brief This data type denotes the expiration period of a ECA certificate -- for CV pilots. -- @class EcaCertExpirationCvp EcaCertExpirationCvp ::= Duration (WITH COMPONENTS {years(7)}) --- -- @brief This data type denotes the expiration period of a ECA certificate -- for Proof-of-Concept. -- @class EcaCertExpirationPoc EcaCertExpirationPoc ::= Duration (WITH COMPONENTS {years(40)}) --- -- @brief This data type denotes the expiration period of an Elector -- certificate. -- @class ElectorCertExpiration ElectorCertExpiration ::= Duration (WITH COMPONENTS {years(60)}) --- -- @brief This data type denotes the expiration period of a ICA certificate -- for CV pilots. -- @class IcaCertExpirationCvp IcaCertExpirationCvp ::= Duration (WITH COMPONENTS {years(11)}) --- -- @brief This data type denotes the expiration period of a ICA certificate -- for Proof-of-Concept. -- @class IcaCertExpirationPoc IcaCertExpirationPoc ::= Duration (WITH COMPONENTS {years(50)}) --- -- @brief This data type denotes the expiration period of a LA certificate. -- @class LaCertExpiration LaCertExpiration ::= Duration (WITH COMPONENTS {hours(26448)}) --- -- @brief This data type denotes the expiration period of a MA certificate. -- @class MaCertExpiration MaCertExpiration ::= Duration (WITH COMPONENTS {hours(26448)}) --- -- @brief This data type denotes the expiration period of a PCA certificate. -- @class PcaCertExpiration PcaCertExpiration ::= Duration (WITH COMPONENTS {years(4)}) --- -- @brief This data type denotes the expiration period of a PG certificate. -- @class PgCertExpiration PgCertExpiration ::= Duration (WITH COMPONENTS {hours(26448)}) --- -- @brief This data type denotes the expiration period of a OBE enrollment -- certificate for CV pilots. -- @class ObeEnrollmentCertExpirationCvp ObeEnrollmentCertExpirationCvp ::= Duration (WITH COMPONENTS {years(1..7)}) --- -- @brief This data type denotes the expiration period of a OBE enrollment -- certificate for Proof-of-Concept. -- @class ObeEnrollmentCertExpirationPoc ObeEnrollmentCertExpirationPoc ::= Duration (WITH COMPONENTS {years(30)}) --- -- @brief This data type denotes the expiration period of a OBE identification -- certificate. -- @class ObeIdentificationCertExpiration ObeIdentificationCertExpiration ::= Duration (WITH COMPONENTS {hours(721)}) -- 1 month + 1 hour = 721 hours --- -- @brief This data type denotes the expiration period of a OBE pseudonym -- certificate. -- @class ObePseudonymCertExpiration ObePseudonymCertExpiration ::= Duration (WITH COMPONENTS {hours(169)}) -- 1 week + 1 hour = 169 hours --- -- @brief This data type denotes the expiration period of a RA certificate. -- @class RaCertExpiration RaCertExpiration ::= Duration (WITH COMPONENTS {hours(26448)}) --- -- @brief This data type denotes the expiration period of a RSE application -- certificate. -- @class RseApplicationCertExpiration RseApplicationCertExpiration ::= Duration (WITH COMPONENTS {hours(169)}) --- -- @brief This data type denotes the expiration period of a RSE enrollment -- certificate for CV pilots. -- @class RseEnrollmentCertExpirationCvp RseEnrollmentCertExpirationCvp ::= Duration (WITH COMPONENTS {years(1..7)}) --- -- @brief This data type denotes the expiration period of a RSE enrollment -- certificate for Proof-of-Concept. -- @class RseEnrollmentCertExpirationPoc RseEnrollmentCertExpirationPoc ::= Duration (WITH COMPONENTS {years(30)}) --- -- @brief This data type denotes the expiration period of a Root CA certificate. -- @class RootCaCertExpiration RootCaCertExpiration ::= Duration (WITH COMPONENTS {years(70)}) --- -- @brief This data type denotes the PSID for BSM usage i.e. 0x20. -- @class BsmPsid BsmPsid ::= Psid (32) --- -- @brief This data type denotes the PSID for security management i.e. 0x23. -- @class SecurityMgmtPsid SecurityMgmtPsid ::= Psid (35) --- -- @brief This data type denotes the PSID for misbehavior reporting i.e. 0x26. -- @class MisbehaviorReportingPsid MisbehaviorReportingPsid ::= Psid (38) --- -- @brief This data type denotes the PSID for misbehavior reporting i.e. 0x27. -- @class VulnerableRoadUsersSafetyPsid VulnerableRoadUsersSafetyPsid ::= Psid (39) --- -- @brief This data type denotes the PSID for uncompressed differential GPS -- corrections i.e. 0x80 -- @class DifferentialGpsCorrectionsUncompressedPsid DifferentialGpsCorrectionsUncompressedPsid ::= Psid (128) --- -- @brief This data type denotes the PSID for compressed differential GPS -- corrections i.e. 0x81 -- @class DifferentialGpsCorrectionsCompressedPsid DifferentialGpsCorrectionsCompressedPsid ::= Psid (129) --- -- @brief This data type denotes the PSID for intersection and safety -- awareness application i.e. 0x82 -- @class IntersectionSafetyAndAwarenessPsid IntersectionSafetyAndAwarenessPsid ::= Psid (130) --- -- @brief This data type denotes the PSID for traveller information and road -- side signage application i.e. 0x83 -- @class TravellerInformationAndRoadsideSignagePsid TravellerInformationAndRoadsideSignagePsid ::= Psid (131) --- -- @brief This data type denotes the PSID for WAVE service advertisement -- application i.e. 0x87 -- @class WaveServiceAdvertisementPsid WaveServiceAdvertisementPsid ::= Psid (135) --- -- @brief This data type denotes the PSID for Vehicle initiated distress -- notification applicaiton i.e. 0x4082 -- @class VehicleInitiatedDistressNotificationPsid VehicleInitiatedDistressNotificationPsid ::= Psid (16514) --- -- @brief This data type denotes the PSID for Transcore software update -- application i.e. 0x204083 -- @class TranscoreSoftwareUpdatePsid TranscoreSoftwareUpdatePsid ::= Psid (2113667) --- -- @brief This data type denotes the PSID for reserved CV pilot application #1 -- i.e. 0x204088 -- @class CVPApplication1Psid CVPApplication1Psid ::= Psid (2113672) --- -- @brief This data type denotes the PSID for reserved CV pilot application #2 -- i.e. 0x204089 -- @class CVPApplication2Psid CVPApplication2Psid ::= Psid (2113673) --- -- @brief This data type denotes the PSID for reserved CV pilot application #3 -- i.e. 0x20408A -- @class CVPApplication3Psid CVPApplication3Psid ::= Psid (2113674) --- -- @brief This data type denotes the PSID for reserved CV pilot application #4 -- i.e. 0x20408B -- @class CVPApplication4Psid CVPApplication4Psid ::= Psid (2113675) --- -- @brief This data type denotes the PSID for reserved CV pilot application #5 -- i.e. 0x20408C -- @class CVPApplication5Psid CVPApplication5Psid ::= Psid (2113676) --- -- @brief This data type denotes the PSID for reserved CV pilot application #6 -- i.e. 0x20408D -- @class CVPApplication6Psid CVPApplication6Psid ::= Psid (2113677) --- -- @brief This data type denotes the PSID for reserved CV pilot application #7 -- i.e. 0x20408E -- @class CVPApplication7Psid CVPApplication7Psid ::= Psid (2113678) --- -- @brief This data type denotes the PSID for reserved CV pilot application #8 -- i.e. 0x20408F -- @class CVPApplication8Psid CVPApplication8Psid ::= Psid (2113679) --- -- @brief This data type denotes the PSID for reserved CV pilot application #9 -- i.e. 0x204090 -- @class CVPApplication9Psid CVPApplication9Psid ::= Psid (2113680) --- -- @brief This data type denotes the PSID for reserved CV pilot application -- 10 i.e. 0x204091 -- @class CVPApplication10Psid CVPApplication10Psid ::= Psid (2113681) --- -- @brief This data type denotes the PSID for reserved CV pilot application -- 11 i.e. 0x204092 -- @class CVPApplication11Psid CVPApplication11Psid ::= Psid (2113682) --- -- @brief This data type denotes the PSID for reserved CV pilot application -- 12 i.e. 0x204093 -- @class CVPApplication12Psid CVPApplication12Psid ::= Psid (2113683) --- -- @brief This data type denotes the PSID for reserved CV pilot application -- 13 i.e. 0x204094 -- @class CVPApplication13Psid CVPApplication13Psid ::= Psid (2113684) --- -- @brief This data type denotes the PSID for reserved CV pilot application -- 14 i.e. 0x204095 -- @class CVPApplication14Psid CVPApplication14Psid ::= Psid (2113685) --- -- @brief This data type denotes the PSID for reserved CV pilot application -- 15 i.e. 0x204096 -- @class CVPApplication15Psid CVPApplication15Psid ::= Psid (2113686) --- -- @brief This data type denotes the PSID for reserved CV pilot application -- 16 i.e. 0x204097 -- @class CVPApplication16Psid CVPApplication16Psid ::= Psid (2113687) --- -- @brief This data type denotes CRL series for EE enrollment. -- @class EeEnrollmentCrlSeries EeEnrollmentCrlSeries ::= CrlSeries (4) --- -- @brief This data type denotes CRL series for EE non pseudonym certificates. -- @class EeNonPseudonymCrlSeries EeNonPseudonymCrlSeries ::= CrlSeries (3) --- -- @brief This data type denotes CRL series for OBE pseudonym certificates. -- @class ObePseudonymCrlSeries ObePseudonymCrlSeries ::= CrlSeries (1) --- -- @brief This data type denotes CRL series for SCMS components. -- @class ScmsComponentCrlSeries ScmsComponentCrlSeries ::= CrlSeries (2) --- -- @brief This data type denotes CRL series for special SCMS components. -- @class ScmsSpclComponentCrlSeries ScmsSpclComponentCrlSeries ::= CrlSeries (256) --- -- @brief This data type denotes a 256 bit private reconstruction key. -- @class EccP256PrivateKeyReconstruction EccP256PrivateKeyReconstruction ::= OCTET STRING(SIZE(32)) --- -- @brief This data type is used by LA to respond to linkage value requests -- from MA. -- @class EncryptedIndividualPLV -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- @param LaId identifies which LA created PLV. -- @param enc-plv the ciphertext field in enc-plv decrypts to a -- ToBeEncryptedIndividualPLV. It contains a Pointer to the -- used encryption key. The encryption key is identified by the -- hash of key agreement (PCA’s initial request). -- @see Uint8, LaId, EncryptedData EncryptedIndividualPLV ::= SEQUENCE { version Uint8(1), laId LaId, enc-plv EncryptedData (WITH COMPONENTS { recipients (SIZE (1) INTERSECTION (WITH COMPONENT ( RecipientInfo (WITH COMPONENTS { symmRecipInfo })))) }) } --- -- @brief This data type encloses all information to define an encrypted group -- PLV. -- @class EncryptedGroupPLV -- @param version contains the current version of the data type. The -- version specified in this document is version 1, -- represented by the integer 1. -- @param LaId identifies which LA created PLV. -- @param encGroupIndex decrypts to a ToBeEncryptedGroupIndex. -- @param enc-group-plv the ciphertext field in enc-plv decrypts to a -- ToBeEncryptedGroupPLV. It contains a Pointer to the -- used encryption key. The encryption key is identified -- by the hash of key agreement (PCA’s initial request). -- @see Uint8, LaId, EncryptedData EncryptedGroupPLV ::= SEQUENCE { version Uint8(1), laId LaId, encGroupIndex OCTET STRING (SIZE(16)), enc-group-plv EncryptedData (WITH COMPONENTS { recipients (SIZE (1) INTERSECTION (WITH COMPONENT ( RecipientInfo (WITH COMPONENTS { symmRecipInfo })))) }) } --- -- @brief This data type denotes 64 0-bits. It is used for padding purposes. -- @class zero8 zero8 OCTET STRING ::= '0000000000000000'H --- -- @brief This data type encloses j number of group identifiers. -- @class ToBeEncryptedGroupIndex -- @param padding is a padding of 64 0-bits. -- @param groupIdentifier is a 32-bit group identifier. -- @param j denotes the number of indexes per week. -- @see Uint32 ToBeEncryptedGroupIndex ::= SEQUENCE { padding OCTET STRING (SIZE(8)) (zero8), groupIdentifier OCTET STRING (SIZE(4)), j Uint32 } --- -- @brief This data type contains the PLV information that is signed by PCA at -- scms-protocol level. -- @class ToBeEncryptedIndividualPLV --- @param iValue denotes the week number from i=0 (i.e. 4:00 am Eastern Time -- on Tuesday, January 6, 2015) -- @param plv denotes a pre-linkage value. -- @see IValue ToBeEncryptedIndividualPLV ::= SEQUENCE { iValue IValue, plv PreLinkageValue } --- -- @brief This data type contains the group PLV information that is signed by -- PCA at scms-protocol level. -- @class ToBeEncryptedGroupPLV -- @param iValue denotes the week number from i=0 (i.e. 4:00 am Eastern Time on -- Tuesday, January 6, 2015) -- @param j denotes the number of PLVs per iValue. -- @param plv denotes a pre-linkage value. -- @see IValue, Uint32 ToBeEncryptedGroupPLV ::= SEQUENCE { iValue IValue, j Uint32, plv PreLinkageValue } --- -- @brief This data type encloses all information for a Linkage Chain -- Identifier (LCI). -- @class LinkageChainId -- @param recipients contains the information of who is going to receive the -- LCI. -- @param ciphertext contains the encrypted LinkageSeed information. LinkageChainId ::= EncryptedData (WITH COMPONENTS { recipients (SIZE (1) INTERSECTION (WITH COMPONENT ( RecipientInfo (WITH COMPONENTS { symmRecipInfo })))), ciphertext } ) --- -- @brief This data type denotes a 72 bit (9 byte) pre-linkage value. -- @class PreLinkageValue PreLinkageValue ::= OCTET STRING (SIZE(9)) --- -- @brief This data type denotes a 32 byte hash value. -- @class FullSizeHash FullSizeHash ::= OCTET STRING (SIZE(32)) --- -- @brief This data type denotes the 255 bit unique hostname of RA. -- @class RaHostnameId RaHostnameId ::= Hostname --- -- @brief This data type denotes the 255 bit unique hostname of PCA. -- @class PcaHostnameId PcaHostnameId ::= Hostname --- -- @brief This data type denotes the 255 bit unique hostname of MA. -- @class MaHostnameId MaHostnameId ::= Hostname --- -- @brief This data type denotes the 255 bit unique hostname of LA. -- @class LaHostnameId LaHostnameId ::= Hostname --- -- @brief This data type denotes the Hash of Pseudonym Certificate Request. -- @class HPCR HPCR ::= FullSizeHash --- -- @brief This data type encloses a linkage seed and the ID of an LA providing -- it. -- @class LinkageSeedAndLaId -- @param linkageSeed denotes a linkage seed corresponding to an entity in the -- SCMS. -- @param laId is the 16 bit unique ID of an LA. -- @see LinkageSeed, LaId LinkageSeedAndLaId ::= SEQUENCE { linkageSeed LinkageSeed, laId LaId } --- -- @brief This data type encloses a signature and the corresponding signer. -- @class SignatureAndSignerIdentifier -- @param signer is the entity putting its signature. -- @param signature is the digital signature corresponding to the signer. -- @see SignerIdentifier, Signature SignatureAndSignerIdentifier ::= SEQUENCE { signer SignerIdentifier, signature Signature } --- -- @brief This data type encloses an encrypted PLV and its corresponding host. -- @class EncryptedPlvAndHostInfo -- @param encryptedPLV is the encrypted PLV corresponding to hostname. -- @param hostname is the name of the host corresponding to encrypted PLV -- in this data type. -- @see Hostname EncryptedPlvAndHostInfo ::= SEQUENCE { encryptedPLV EncryptedIndividualPLV, hostname Hostname } --- -- @brief This data type encloses an encrypted group PLV and its corresponding -- host. -- @class EncryptedGroupPlvAndHostInfo -- @param encryptedGPLV is the encrypted group PLV corresponding to hostname. -- @param hostname is the name of the host corresponding to encrypted -- group PLV in this data type. -- @see Hostname EncryptedGroupPlvAndHostInfo ::= SEQUENCE { encryptedGPLV EncryptedGroupPLV, hostname Hostname } --- -- @brief This data type encloses an HPCR and its corresponding host. -- @class HPCRAndHostInfo -- @param hpcr is the hash of pseudonym certificate of the host. -- @param hostname is the name of the host corresponding to hpcr in this data -- type. -- @see Hostname HPCRAndHostInfo ::= SEQUENCE { hpcr HPCR, hostname Hostname } --- -- @brief This data type encloses the LCI and its host information. -- @class LCIAndHostInfo -- @param iMax denotes the upper bound of i for which the PLVs are requested. -- @param la1-lci is the linkage chain ID of LA1. -- @param la2-lci is the linkage chain ID of LA2. -- @param la1-id is a 256 bit unique hostname ID of LA1. -- @param la2-id is a 256 bit unique hostname ID of LA2. LCIAndHostInfo ::= SEQUENCE { iMax OCTET STRING (SIZE (4)), la1-lci LinkageChainId, la2-lci LinkageChainId, la1-id LaHostnameId, la2-id LaHostnameId } --- -- @brief This data type is called a Revocation Identifier (RIF) and is an -- 8-byte hash of an enrollment certificate. -- @class RIF RIF ::= HashedId8 END -- -- Copyright 2017 Crash Avoidance Metrics Partner, VSC5 Consortium -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. -- -- @namespace IEEE1609dot2-cert-chains IEEE1609dot2-cert-chains {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) cert-chains(4) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; IMPORTS Hostname, Time64, Uint16 FROM IEEE1609dot2 {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2)} SignedData, Certificate, ImplicitCertificate, ExplicitCertificate FROM IEEE1609dot2 {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) schema(1) major-version-2(2)} ElectorBallot FROM Ieee1609Dot2ScmsComponentCertificateManagement {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) component-certificate-management(3) major-version-2(2)} ; --- -- @brief The CertificateChainFiles is the parent message type for enclosing -- all types of certificate chain files transferred between SCMS -- components. -- @class CertificateChainFiles -- @param globalCertificateChainFile contains the global certificate chain. -- @param localCertificateChainFile contains the local certificate chain. CertificateChainFiles ::= CHOICE { globalCertificateChainFile GlobalCertificateChainFile, localCertificateChainFile LocalCertificateChainFile, ... } --- -- @brief This data type contains the full certificate of all SCMS components. -- This file is signed by the Policy Generator. -- @class GlobalCertificateChainFile -- @param version is the unique version number for this GCCF. -- @param certStore is the list of certificats and all issuers. -- @see Uint16 GlobalCertificateChainFile ::= SEQUENCE { version Uint16, certStore CertificateStore, ... } --- -- @brief This data type contains a minimum set of full certificates as -- required by policy and the selection of the local RA that generated -- this file. This file is signed by the Policy Generator. -- @class LocalCertificateChainFile -- @param version is the composite version for this file. -- @param requiredCertStore is the required list of certificates. -- @param optionalCertList is the list of optional certificates. -- @see Certificate LocalCertificateChainFile ::= SEQUENCE { version CompositeVersion, requiredCertStore CertificateStore, optionalCertList SEQUENCE SIZE(0..MAX) OF Certificate, ... } --- -- @brief This data type contains the version numbers of each type of -- certificate chain file. -- @class CompositeVersion -- @param gccfVersion is the GCCF version that was used to generate this file. -- @param lccfVersion is the unique local version for this LCCF. -- @param raHostname is the name of the RA that generated this LCCF. -- @see Uint16, Hostname CompositeVersion ::= SEQUENCE { gccfVersion Uint16, lccfVersion Uint16, raHostname Hostname } --- -- @brief A certificate store is a list of root and elector endorsements plus -- lists of ICA and PCA certificates needed by EEs to validate message. -- This base type is used to construct the GCCF and the LCCF. The PG -- creates the GCCF by assembling all certificates needed to validate -- all EE certificates in the SCMS. An RA creates the LCCF by pruning -- the GCCF down to the lists needed by the EEs that are assigned to -- that RA. Note that these are lists of certificates, not certificate -- chains as defined in 1609.2. The primary reason for not using a list -- of certificate chains is to eliminate redundancy. If we used a list -- of certificate chains, each chain would have a copy of the same root -- CA and some chains would have copies of the same ICA. -- @class CertificateStore -- @param rootCAEndorsements are optional for as long as the SCMS OPs project -- does not have Electors. As soon as they are -- introduced, a minimum of 1 rootCAEndorsement is -- required. -- @param electorEndorsements are required by the SCMS components (including -- EEs) to validate non-expired certificates before -- adding a new Elector and storing new elector -- certificate in the certificate store. -- @param maCertificate is the MA certificate. -- @param certs is a list of cerificates of all other SCMS -- components. -- @see Certificate CertificateStore ::= SEQUENCE { rootCAEndorsements SEQUENCE SIZE(0..MAX) OF ElectorBallot, electorEndorsements SEQUENCE SIZE(0..MAX) OF ElectorBallot, maCertificate Certificate, certs SEQUENCE SIZE(0..MAX) OF Certificate, ... } END -- -- Copyright 2017 Crash Avoidance Metrics Partner, VSC5 Consortium -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. -- -- @namespace Ieee1609dot2ScmsPolicyTypes Ieee1609dot2ScmsPolicyTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) policy-types(500) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; IMPORTS Countersignature, ExplicitCertificate, Ieee1609Dot2Data, SequenceOfCertificate FROM IEEE1609dot2 {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) schema(1) major-version-2(2)} Duration, Hostname, Opaque, Time64, Uint8, Uint16, Uint32, Uint64 FROM IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2)} LaHostnameId, PcaHostnameId, RaHostnameId FROM Ieee1609dot2ScmsBaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) base-types(2) major-version-2(2)} ; --- -- @brief The PolicyFiles structure defines the parent structure for all -- policy files (GCCF & LCCF). Each policy file resides in its own file -- and its signed by one or more components. to ensure the policy is -- valid. -- @class PolicyFiles -- @param globalPolicyFile contains the global policy file generated by Policy -- Generator (PG). -- @param localPolicyFile contains the local policy file genrated by a -- Registration Authority (RA). Note that RA has to -- get this signed by PG before sending to EEs. PolicyFiles ::= CHOICE { globalPolicyFile GlobalPolicyFile, localPolicyFile LocalPolicyFile, ... } --- -- @brief This data type defines the inherent policy file structure created -- either by PG or RA. -- @class BasePolicyFile -- @param version defines the version of BasePolicyFile. Currently, it is -- denoted by integer 1. -- @param tbsData is the policy data that is signed by PG at the scms -- protocol level. -- @param signatures denote the counter signatures that are generated by -- auditors of the policy file. Note that PG or RA must -- obtain these signatures before sending to any EE. -- @see Uint8, Countersignature BasePolicyFile ::= SEQUENCE { version Uint8(1), tbsData ToBeSignedPolicyData, -- countersignatures generated by auditors of the policy file signatures SEQUENCE SIZE(1..MAX) OF Countersignature, ... } --- -- @brief This data type contains the policy file data that is signed by the -- PG at scms-protocol level. -- @class ToBeSignedPolicyData -- @param policyID denotes the unique identifier for a policy file. -- @param generationTime is the point of time when a policy file was generated. -- @param activeTime is the duration of time for which the policy file is -- valid. -- @param policy is the policy data for either global, local or custom -- file. -- @see Time64 ToBeSignedPolicyData ::= SEQUENCE { policyID OCTET STRING (SIZE (0..32)), generationTime Time64, activeTime Time64, policy Policy, ... } --- -- @brief This data type is generated by PG and contains global policy data. -- @class GlobalPolicyFile -- @param tbsData is the policy data that is signed by PG at scms-protocol level. GlobalPolicyFile ::= BasePolicyFile (WITH COMPONENTS {..., tbsData( WITH COMPONENTS {..., policy(WITH COMPONENTS {..., global PRESENT }) }) }) --- -- @brief This data type is generated by an RA and contains local policy data -- derived from global policy data. -- @class LocalPolicyFile -- @param globalParameters denotes all the values inherited from -- GlobalPolicyFile. -- @param localParameters denotes all values defined by RA for local policy -- file specifically. LocalPolicyFile ::= SEQUENCE { globalParameters BasePolicyFile (WITH COMPONENTS {..., tbsData( WITH COMPONENTS {..., policy( WITH COMPONENTS {..., custom PRESENT }) }) }), localParamters BasePolicyFile (WITH COMPONENTS {..., tbsData( WITH COMPONENTS {..., policy( WITH COMPONENTS {..., local PRESENT }) }) }) } --- -- @brief This data type contains policy file data depending on the type of -- policy file i.e. global, local or custom. -- @class Policy -- @param global denotes global policy data. -- @param custom denotes custom policy data. -- @param local denotes local policy data. Policy ::= CHOICE { global GlobalPolicyData, custom CustomPolicyData, local LocalPolicyData, ... } --- -- @brief This data type contains global policy data generated by PG. -- @class GlobalPolicyData -- @param temporalSeriesOfScmsVersion SCMS Version, default value is 1 -- @param temporalSeriesOfCertChainFileID File ID number of the current GCCF -- @param temporalSeriesOfOverdueCrlTolerance max time to operate without a new -- CRL, specified in weeks (4 bytes) -- @param temporalSeriesOfIPeriod i-value / i-period; default: 1 week -- @param temporalSeriesOfMinCertsPerIPeriod minimum certs per i-period; default: 20 -- @param temporalSeriesOfCertValidityModel pseudonym cert validity model - -- "concurrent" or "non-concurrent" -- @param temporalSeriesOfMaxAvailableCertSupply max time covered by a certificate -- batch in years, default: 3 years -- @param temporalSeriesOfMaxCertRequestAge maximum time for individual cert -- request; to remain in aggregator; -- default: 2 days -- @param temporalSeriesOfShuffleThreshold minimum # of individual cert requests -- before shuffle/send to PCA; default: 1000 -- @param temporalSeriesOfHashOfRequestSize bytes in "hash of request" between -- PCA and RA for individual cert requests; default: 32 -- @param temporalSeriesOfMaxGpfGccfRetrievalInterval maximum interval (in hours) before -- retreiving new GPF or GCCF; default: 1 hour -- @param temporalSeriesOfRseApplicationCertValidity validity time for an RSE cert (in hours) -- Default value is 1 week + 1 hour = 168 hours -- @param temporalSeriesOfRseApplicationCertOVerlap RSE application cert overlap; Default value is 1 hour -- @see Time64 GlobalPolicyData ::= SEQUENCE { temporalSeriesOfScmsVersion SEQUENCE { initialScmsVersion ScmsVersion DEFAULT 1, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, scmsVersion ScmsVersion } } OPTIONAL, temporalSeriesOfCertChainFileID SEQUENCE { initialGlobalCertChainFileID GlobalCertChainFileID, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, globalCertChainFileID GlobalCertChainFileID } } OPTIONAL, temporalSeriesOfOverdueCrlTolerance SEQUENCE { initialOverdueCrlTolerance OverdueCrlTolerance, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, overdueCrlTolerance OverdueCrlTolerance } } OPTIONAL, temporalSeriesOfIPeriod SEQUENCE { initialIPeriod IPeriod, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, iPeriod IPeriod } } OPTIONAL, temporalSeriesOfMinCertsPerIPeriod SEQUENCE { initialMinCertsPerIPeriod MinCertsPerIPeriod DEFAULT 20, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, minCertsPerIPeriod MinCertsPerIPeriod } } OPTIONAL, temporalSeriesOfCertValidityModel SEQUENCE { initialCertValidityModel CertValidityModel, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, certValidityModel CertValidityModel } } OPTIONAL, temporalSeriesOfMaxAvailableCertSupply SEQUENCE { initialMaxAvailableCertSupply MaxAvailableCertSupply, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, maxAvailableCertSupply MaxAvailableCertSupply } } OPTIONAL, temporalSeriesOfMaxCertRequestAge SEQUENCE { initialMaxCertRequestAge MaxCertRequestAge, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, maxCertRequestAge MaxCertRequestAge } } OPTIONAL, temporalSeriesOfShuffleThreshold SEQUENCE { initialShuffleThreshold ShuffleThreshold DEFAULT 1000, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, shuffleThreshold ShuffleThreshold } } OPTIONAL, temporalSeriesOfHashOfRequestSize SEQUENCE { initialHashOfRequestSize HashOfRequestSize DEFAULT 32, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, hashOfRequestSize HashOfRequestSize } } OPTIONAL, temporalSeriesOfMaxGpfGccfRetrievalInterval SEQUENCE { initialMaxGpfGccfRetrievalInterval MaxGpfGccfRetrievalInterval, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, maxGpfGccfRetrievalInterval MaxGpfGccfRetrievalInterval } } OPTIONAL, temporalSeriesOfRseApplicationCertValidity SEQUENCE { initialRseApplicationCertValidity RseApplicationCertValidity, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, rseApplicationCertValidity RseApplicationCertValidity } } OPTIONAL, temporalSeriesOfRseApplicationCertOVerlap SEQUENCE { initialRseApplicationCertOverlap RseApplicationCertOverlap, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, rseApplicationCertOverlap RseApplicationCertOverlap } } OPTIONAL, ... } --- -- @brief This data type defines the current scms version. -- @class ScmsVersion ScmsVersion ::= Uint8 --- -- @brief This data type denotes the 16-byte global certificate chain ID. -- @class GlobalCertChainFileID GlobalCertChainFileID ::= Uint16 --- -- @brief This data type denotes the maximum time to operate without a new CRL, -- specified in weeks (4 bytes) -- @class OverdueCrlTolerance OverdueCrlTolerance ::= Duration --- -- @brief This data type denotes the i-value / i-period; default -- @class IPeriod IPeriod ::= Duration --- -- @brief This data type denotes the minimum certs per i-period -- @class MinCertsPerIPeriod MinCertsPerIPeriod ::= Uint8 --- -- @brief This data type denotes the pseudonym cert validity model - -- concurrent" or "non-concurrent" -- @class CertValidityModel -- @param concurrent denotes the certificate can be used with other active -- certificates. -- @param non-concurrent denotes the certificate cannot be used with other -- active certificates. CertValidityModel ::= ENUMERATED { concurrent (1), non-concurrent (2), ... } --- -- @brief This data type denotes the maximum time covered by a certificate -- batch in years. -- @class MaxAvailableCertSupply MaxAvailableCertSupply ::= Duration --- -- @brief This data type denotes the maximum time for individual certificate -- request. -- @class MaxCertRequestAge MaxCertRequestAge ::= Duration --- -- @brief This data type denotes the minimum number of individual certificate -- requests before shuffle/send to PCA. -- @class ShuffleThreshold ShuffleThreshold ::= Uint32 --- -- @brief This data type denotes the number of bytes in "has of request" -- between PCA and RA for indicidaul certificate requests. -- @class HashOfRequestSize HashOfRequestSize ::= Uint8 --- -- @brief This data type denotes the maximum interval (in hours) before -- retrieving new GPF and GCCF. -- @class MaxGpfGccfRetrievalInterval MaxGpfGccfRetrievalInterval ::= Duration --- -- @brief This data type denotes the validity time for an RSE certificate (in -- hours). -- @class RseApplicationCertValidity RseApplicationCertValidity ::= Duration --- -- @brief This data type denotes the RSE certificate overlap period (in hours). -- @class RseApplicationCertOverlap RseApplicationCertOverlap ::= Duration --- -- @brief This type is used by an RA that wants to create a custom version of -- the GlobalPolicyData. This structure adds an element with the RA's -- ID to differentiate it from a conventional GlobalPolicyFile. -- @class CustomPolicyData -- @param requestingRaHostname is the 256-bit unique hostname of the RA -- requesting custom policy data. -- @param globalPolicy is the global policy file data. -- @see RaHostnameId CustomPolicyData ::= SEQUENCE { requestingRaHostname RaHostnameId OPTIONAL, -- Hostname of the RA that customized this policy data globalPolicy GlobalPolicyData, ... } --- -- @brief This data type contains local policy data generated by RA from -- global policy data derived from GPF of PG. -- @class LocalPolicyData -- @param temporalSeriesOfShuffleThreshold minimum # of individual cert -- requests before shuffle/send -- to PCA. -- @param temporalSeriesOfCertsPerIPeriod certs per i-period. -- overrides global value); -- default: 20 -- @param temporalSeriesOfLaOneHost LA1 256-bit unique hostname. -- @param temporalSeriesOfLaTwoHost LA2 256-bit unique hostname. -- @param temporalSeriesOfPcaHost PCA 256-bit unique hostname. -- @param temporalSeriesOfRaX509TlsCert RA TLS certificate for -- connection over HTTP. -- @param temporalSeriesOfLaX509TlsCert LA TLS certificate. -- @param temporalSeriesOfPcaX509TlsCert PCA TLS certificate. -- @param temporalSeriesOfSharedKeyUpdateInterval maximum time between changes -- to pre-linkage value enc/dec -- key. -- @see Time64, LaHostnameId, RaHostnameId, PcaHostnameId LocalPolicyData ::= SEQUENCE { temporalSeriesOfShuffleThreshold SEQUENCE { initialShuffleThreshold ShuffleThreshold, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, shuffleThreshold ShuffleThreshold } } OPTIONAL, temporalSeriesOfCertsPerIPeriod SEQUENCE { initialCertsPerIPeriod CertsPerIPeriod DEFAULT 20, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, certsPerIPeriod CertsPerIPeriod } } OPTIONAL, temporalSeriesOfLaOneHost SEQUENCE { initialLaOneHost LaHostnameId, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, laOneHost LaHostnameId } } OPTIONAL, temporalSeriesOfLaTwoHost SEQUENCE { initialLaTwoHost LaHostnameId, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, laTwoHost LaHostnameId } } OPTIONAL, temporalSeriesOfPcaHost SEQUENCE { initialPcaHost PcaHostnameId, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, pcaHost PcaHostnameId } } OPTIONAL, temporalSeriesOfRaX509TlsCert SEQUENCE { initialRaX509TlsCert X509TlsCert, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, raX509TlsCert X509TlsCert } } OPTIONAL, temporalSeriesOfLaX509TlsCert SEQUENCE { initialLaX509TlsCert X509TlsCert, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, laX509TlsCert X509TlsCert } } OPTIONAL, temporalSeriesOfPcaX509TlsCert SEQUENCE { initialPcaX509TlsCert X509TlsCert, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, pcaX509TlsCert X509TlsCert } } OPTIONAL, temporalSeriesOfSharedKeyUpdateInterval SEQUENCE { initialSharedKeyUpdateInterval SharedKeyUpdateInterval, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, sharedKeyUpdateInterval SharedKeyUpdateInterval } } OPTIONAL, ... } --- -- @brief This data type denotes the certificates per i-period. This overrides -- the global value. -- @class CertsPerIPeriod CertsPerIPeriod ::= Uint8 --- -- @brief This data type denotes the TLS certificate for secure communication -- over HTTP. -- @class X509TlsCert X509TlsCert ::= Opaque --- -- @brief This data type denotes the maximum time between changes to pre -- linkage value encryption/decryption key. -- @class SharedKeyUpdateInterval SharedKeyUpdateInterval ::= Duration END -- -- Copyright 2017 Crash Avoidance Metrics Partner, VSC5 Consortium -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. -- -- @namespace Ieee1609dot2ScmsCommonError Ieee1609dot2ScmsCommonError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) common(2) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; --- -- @brief -- @class ScmsCommonError -- @param -- @see ScmsCommonError ::= ENUMERATED { baseline(1), ... } END -- -- Copyright 2017 Crash Avoidance Metrics Partner, VSC5 Consortium -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. -- -- @namespace Ieee1609Dot2EcaEndEntityError Ieee1609Dot2EcaEndEntityError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) eca-ee (5) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; --- -- @brief -- @class EcaEndEntityError -- @param -- @see EcaEndEntityError ::= ENUMERATED { ecaInvalidCurrentTime, -- currentTime out of range ecaInvalidRequestedStartTime, -- requestedStartTime out of range ecaInvalidPsid, -- passed PSID is invalid for the enrollment ecaInvalidValidityPeriod, --ValidityPeriod out of range ecaInvalidRegion, --GeographicRegion out of range ecaInvalidAssuranceLevel, --SubjectAssurance out of range ecaInvalidEncryptionKey, --response encryption key (PublicEncryptionKey) is invalid ecaInvalidVerifyKey, -- enrollment key (SignedPublicKey) is invalid ecaMalformedRequest, -- everything else that can go wrong in the request ecaInternalServerError, -- ECA failed to process Enrollment ecaResponseTimeout, -- ECA response timeout ... } END -- -- Copyright 2017 Crash Avoidance Metrics Partner, VSC5 Consortium -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. -- -- @namespace Ieee1609Dot2EcaEndEntityInterface Ieee1609Dot2EcaEndEntityInterface {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) eca-ee (5) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; IMPORTS HashedId8, Time32, Uint8 FROM IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2)} Certificate, ImplicitCertificate, ToBeSignedCertificate FROM IEEE1609dot2 {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base (1) schema (1) major-version-2(2)} EccP256PrivateKeyReconstruction FROM Ieee1609dot2ScmsBaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) base-types (2) major-version-2(2)} ; --- -- @brief The EcaEndEntityInterfacePDU is the parent message type for messages -- sent between Enrollment Certificate Authority (ECA) and End Entities -- (EE). -- @class EcaEndEntityInterfacePDU -- @param eeEcaCertRequest contains the enrollment certificate request sent -- by the EE to the ECA. -- @param ecaEeCertResponse contains the enrollment certificate response sent -- by the ECA to an EE. EcaEndEntityInterfacePDU::= CHOICE { eeEcaCertRequest EeEcaCertRequest, ecaEeCertResponse EcaEeCertResponse, ... } --- -- @brief This data type is used by the EE to request an enrollment -- certificate from the ECA. It is signed using the private key -- generated by the EE and the corresponding public key is placed in -- verificationKey for use by the ECA to generate the enrollment -- certificate. All the fields of ToBeSignedCertificate are filled by -- the EE/DCM, but the ECA may override them. -- @class EeEcaCertRequest -- @param version contains the current version of the data type. The -- version specified in this document is version 1, -- represented by the integer 1. -- @param currentTime contains the time of creation of EeEcaCertRequest. -- @param tbsData contains the ToBeSignedCertificate data used by the ECA -- to generate the EE’s enrollment certificate. The -- ToBeSignedCertificate is specified in Section 6.4.8 of -- IEEE 1609.2-2016. -- @see Uint8, Time32, ToBeSignedCertificate EeEcaCertRequest ::= SEQUENCE { version Uint8(1), currentTime Time32, tbsData ToBeSignedCertificate (WITH COMPONENTS { ..., id(WITH COMPONENTS { ..., linkageData ABSENT }), region PRESENT, appPermissions ABSENT, certIssuePermissions ABSENT, certRequestPermissions PRESENT, encryptionKey ABSENT, verifyKeyIndicator (WITH COMPONENTS { verificationKey }) }), ... } --- -- @brief This data type is used by the ECA to respond to an EE’s enrollment -- certificate request. Additional bootstrapping information including -- the RA's certificate are provided by the DCM in a zipped file. -- @class EcaEeCertResponse -- @param version contains the current version of the data type. -- The version specified in this document is -- version 1, represented by the integer 1. -- @param requestHash contains the hash of the original -- EeEcaCertRequest message. -- @param ecaCert contains the Enrollment Certificate Authority -- certificate. -- @param enrollmentCert contains the Implicit Certificate structure of -- the enrollment certificate, as specified in -- Section 6.4.5 of IEEE 1609.2-2016. -- @param privKeyReconstruction contains the private key reconstruction value -- required by the EE to transform its private -- key into an operational private key. -- @see Uint8, HashedId8, Certificate, ImplicitCertificate, -- EccP256PrivateKeyReconstruction EcaEeCertResponse ::= SEQUENCE { version Uint8(1), requestHash HashedId8, ecaCert Certificate, enrollmentCert ImplicitCertificate, privKeyReconstruction EccP256PrivateKeyReconstruction, ... } END -- -- Copyright 2017 Crash Avoidance Metrics Partner, VSC5 Consortium -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. -- -- @namespace Ieee1609Dot2EndEntityMaInterface Ieee1609Dot2EndEntityMaInterface {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) ee-ma (7) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; IMPORTS Opaque, Signature, Time32, ThreeDLocation, Uint8 FROM IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2)} ; --- -- @brief The EndEntityMaInterfacePDU is the parent message type for messages sent between End -- Entities (EE) and the Misbehavior Authority (MA). -- @class EndEntityMaInterfacePDU -- @param misbehaviorReport contains the misbehavior report sent by an end entity to the MA. EndEntityMaInterfacePDU::= CHOICE { misbehaviorReport MisbehaviorReportContents, ... } --- -- @brief This data type contains the structure of a misbehavior report sent by an end entity to the MA. -- @class MisbehaviorReportContents -- @param version contains the current version of the data type. The version specified -- in this document is version 1, represented by the integer 1. -- @param misbehavingDeviceInfo opaque and currently unused. -- @param misbehavingDeviceBSMs contains BSMs of an alleged, misbehaving EE in the form of an array -- of BSMs. -- @param reporterDeviceBSMs contains BSMs of the reporting EE in the form of an array of BSMs. -- @param sensorInfo opaque and currently unused. -- @see Uint8, Opaque, BasicSafetyMessage MisbehaviorReportContents ::= SEQUENCE { version Uint8(1), misbehavingDeviceInfo Opaque, -- placeholder misbehavingDeviceBSMs OCTET STRING OPTIONAL, -- non-OER encoded ASN.1 messages reporterDeviceBSMs OCTET STRING OPTIONAL, -- non-OER encoded ASN.1 messages sensorInfo Opaque OPTIONAL, -- placeholder: non-V2V related sensor information, if available ... } END -- -- Copyright 2017 Crash Avoidance Metrics Partner, VSC5 Consortium -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. -- -- @namespace Ieee1609Dot2EndEntityRaInterface Ieee1609Dot2EndEntityRaInterface {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) ee-ra(8) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; IMPORTS EccP256CurvePoint, EncryptionKey, HashAlgorithm, Hostname, Signature, HashedId8, PublicEncryptionKey, PublicVerificationKey, Time32, Time64, Uint8, Uint16, Uint32 FROM IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2)} Certificate, ExplicitCertificate, Ieee1609Dot2Data, ImplicitCertificate, SignerIdentifier FROM IEEE1609dot2 {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) schema(1) major-version-2(2)} SecurityMgmtPsid FROM Ieee1609dot2ScmsBaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) base-types(2) major-version-2(2)} CompositeCrl FROM Ieee1609Dot2ScmsComponentCertificateManagement {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) component-certificate-management (3) major-version-2(2)} ; --- -- @brief The EndEntityRaInterfacePDU is the parent message type for messages -- sent between end entities and the Registration Authority. -- @class EndEntityRaInterfacePDU -- @param eeRaCertRequest contains a message from an EE -- to the RA to request a copy of -- the RA’s currently valid -- certificate. -- @param raEeCertResponse is a message from the RA to the -- EE as a response to -- EeRaCertRequest. -- @param eeRaPseudonymCertProvisioningRequest is a message from an EE to the -- RA to request pseudonym -- certificates. -- @param raEePseudonymCertProvisioningAck is a message from the RA to the -- EE to acknowledge the receipt -- of EeRaPseudonymCertProvisioningRequest. -- @param eeRaIdCertProvisioningRequest is a message from an EE to the -- RA to request an identification -- certificate. -- @param raEeIdCertProvisioningAck is a message from the RA to the -- EE to acknowledge the receipt -- of EeRaIdCertProvisioningRequest. -- @param eeRaAppCertProvisioningRequest is a message from an EE to the -- RA to request an application -- certificate. -- @param raEeAppCertProvisioningAck is a message from the RA to the -- EE to acknowledge the receipt -- of EeRaAppCertProvisioningRequest. -- @param eeRaAuthenticatedDownloadRequest is a message from an EE to the -- RA to request the download of -- certificates (once they are ready). EndEntityRaInterfacePDU::= CHOICE { eeRaCertRequest EeRaCertRequestMsg, raEeCertResponse RaEeCertResponseMsg, eeRaPseudonymCertProvisioningRequest EeRaPseudonymCertProvisioningRequest, raEePseudonymCertProvisioningAck RaEePseudonymCertProvisioningAck, eeRaIdCertProvisioningRequest EeRaIdCertProvisioningRequest, raEeIdCertProvisioningAck RaEeIdCertProvisioningAck, eeRaAppCertProvisioningRequest EeRaAppCertProvisioningRequest, raEeAppCertProvisioningAck RaEeAppCertProvisioningAck, eeRaAuthenticatedDownloadRequest AuthenticatedDownloadRequest, ... } --- -- @brief This message is sent from an EE to the RA to request the RAs -- currently valid certificate. -- @class EeRaCertRequestMsg -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- @see Uint8 EeRaCertRequestMsg ::= SEQUENCE { version Uint8(1), ... } --- -- @brief This message contains an acknowledgement from the RA to an EE's -- EeRaCertRequestMsg. -- @class RaEeCertResponseMsg -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- @param reply indicates the contents of the reply message. In this version -- of the document, only one choice option is supported, namely -- an acknowledgement (ack) of type RaEeCertResponseAck. -- @see Uint8 RaEeCertResponseMsg ::= SEQUENCE { version Uint8(1), reply CHOICE { ack RaEeCertResponseAck, ... }, ... } --- -- @brief This structure contains the RA's currently valid certificate and its -- Certificate Revocation List (CRL) -- @class RaEeCertResponseAck -- @param raCertificate contains the RA’s currently valid public key -- certificate as defined in Section 6.4.2 of IEEE -- 1609.2-2016 -- @param crl contains the Certificate Revocation List pertinent to -- the RA certificate. The Certificate Revocation List -- type is defined in Section 7.3 and 7.4.1 of IEEE -- 1609.2-2016 -- @see Certificate, CompositeCrl RaEeCertResponseAck ::= SEQUENCE { raCertificate Certificate, crl CompositeCrl, ... } --- -- @brief This structure defines the time when (and for which start date of -- validity) a request is made to obtain pseudonym certificates. -- @class CommonProvisioningRequestFields -- @param current-time indicates the time of request generation -- @param requested-start-time indicates the requested start time for the -- requested certificates to take effect (in terms -- of validity). -- @see Time32 CommonProvisioningRequestFields ::= SEQUENCE { current-time Time32, requested-start-time Time32, ... } --- -- @brief This structure defines the parameters (seed and expansion keys) -- required for butterfly key expansion -- @class UnsignedButterflyParams -- @param seed-key contains the butterfly seed key -- @param expansion contains the expansion parameter needed to perform a -- Butterfly key expansion Butterfly expansion is described -- in https://wiki.campllc.org/display/SCP/SCP1%3A+Butterfly+Keys -- @see EccP256CurvePoint UnsignedButterflyParams ::= SEQUENCE { seed-key EccP256CurvePoint, expansion OCTET STRING (SIZE (16)) } --- -- @brief These are signed and encrypted before sending, see scms-protocol.asn -- . Note that Identification certificates use Butterfly keys. -- @class EeRaIdCertProvisioningRequest -- @param version contains the current version of the data type. The -- version specified in this document is version 1. -- @param verify-key-info provides the information for the SCMS to generate -- and embed multiple ID certificate signature public -- keys, one for each ID certificate. -- @param cert-enc-key-info if included, provides the information for the SCMS -- to generate and embed multiple ID certificate -- optional encryption public keys, one for each ID -- certificate. -- @param resp-enc-key-info provides the information for SCMS to uniquely -- encrypt each ID certificate prior to responding to -- the EE. -- @param common provides the structure for indicating the time of -- the request and the requested start time of the -- certificates. -- @see Uint8 EeRaIdCertProvisioningRequest ::= SEQUENCE { version Uint8(1), verify-key-info UnsignedButterflyParams, cert-enc-key-info UnsignedButterflyParams OPTIONAL, resp-enc-key-info UnsignedButterflyParams, common CommonProvisioningRequestFields, ... } --- -- @brief Application certificate provisioning requests are similar to -- Identification cert except there is no use of butterfly keys. -- @class EeRaAppCertProvisioningRequest -- @param version contains the current version of the data -- type. The version specified in this -- document is version 1. -- @param verify-key provides the public key to be embedded in -- the application certificate. -- @param cert-encryption-key-info provides the discrete PublicEncryptionKey -- to be embedded in the application -- certificate for application encryption -- functions. -- @param resp-encryption-key provides the discrete PublicEncryptionKey -- to be used by the SCMS to encrypt the -- certificate response back to the EE. -- @param common provides the structure for indicating the -- time of the request and the requested start -- time of the certificates. -- @see Uint8, PublicVerificationKey, PublicEncryptionKey, PublicEncryptionKey EeRaAppCertProvisioningRequest ::= SEQUENCE { version Uint8(1), verify-key PublicVerificationKey, cert-encryption-key PublicEncryptionKey OPTIONAL, response-encryption-key PublicEncryptionKey, common CommonProvisioningRequestFields, ... } --- -- @brief Pseudonym certificate provisioning: Pseudonym certificates use -- butterfly keys. Unlike identification certificates, they are -- shuffled and include linkage values. This differentiation is visible -- in other interfaces only, in particular RA-PCA. -- @class EeRaPseudonymCertProvisioningRequest -- @param version contains the current version of the data type. The -- version specified in this document is version 1. -- @param verify-key-info provides the information for the SCMS to generate -- and embed multiple pseudonym certificate signature -- public keys, one for each ID certificate. -- @param resp-enc-key-info provides the information for the SCMS to uniquely -- encrypt each pseudonym certificate prior to -- responding to the EE. -- @param common provides the structure for indicating the time of -- the request and the requested start time of the -- certificates. -- @see Uint8 EeRaPseudonymCertProvisioningRequest ::= SEQUENCE { version Uint8(1), verify-key-info UnsignedButterflyParams, resp-enc-key-info UnsignedButterflyParams, common CommonProvisioningRequestFields, ... } --- -- @brief Enrollment certificate of the end entity, for pseudonym certificate -- requests -- @class EndEntityEnrollmentPseudonymCertificate -- @param toBeSigned contains certificate permissions that are signed by the -- EE at scms-protocol level. -- @see ImplicitCertificate EndEntityEnrollmentPseudonymCertificate ::= ImplicitCertificate (WITH COMPONENTS {..., toBeSigned(WITH COMPONENTS {..., certRequestPermissions PRESENT }) }) --- -- @brief This structure represents the acknowledgement of the RA that it has -- received an EE’s pseudonym certificate provisioning request. This -- message is signed and encrypted before sending to EE, see scms -- protocol.asn. -- @class RaEePseudonymCertProvisioningAck -- @param version contains the current version of the data type. The -- version specified this document is version 1. -- @param requestHash contains the hash of the original request, using the -- HashedId8 type as defined in 1609dot2-base-types.asn. In -- the case when the RA cannot calculate the hash of the -- original request due to a hardError, this field shall be -- all zeroes. -- @param reply indicates the contents of the reply message. In this -- version of the document, only one choice option is -- supported, namely an acknowledgement (ack) of type -- PseudonymCertProvisioningAck. -- @see Uint8, HashedId8 RaEePseudonymCertProvisioningAck ::= SEQUENCE { version Uint8(1), requestHash HashedId8, reply CHOICE { ack PseudonymCertProvisioningAck, ... }, ... } --- -- @brief This structure represents the acknowledgement of the RA that it has -- received an EE’s pseudonym certificate provisioning request. -- @class PseudonymCertProvisioningAck -- @param certDLTime contains the time at which the download of the generated -- certificates is available. -- @param certDLURL contains the URL at which the EE may download the -- pseudonym certificates at the indicated time. -- @see Time32, Hostname PseudonymCertProvisioningAck ::= SEQUENCE { certDLTime Time32, certDLURL Hostname, ... } --- -- @brief This structure represents the acknowledgement of the RA that it has -- received an EE's identity certificate provisioning request. -- @class RaEeIdCertProvisioningAck RaEeIdCertProvisioningAck ::= RaEePseudonymCertProvisioningAck --- -- @brief This structure represents the acknowledgement of the RA that it has -- received an EE's application certificate provisioning request. -- @class RaEeAppCertProvisioningAck RaEeAppCertProvisioningAck ::= RaEePseudonymCertProvisioningAck --- -- @brief This structure represents the EE’s request for download from the RA. -- The request indicates the time of the download request in addition -- to the requested filename. -- @class AuthenticatedDownloadRequest -- @param timestamp contains the time at which the download request for the -- file (filename) was generated. -- @param filename contains the name of the file to download. -- @see Time32 AuthenticatedDownloadRequest ::= SEQUENCE { timestamp Time32, filename UTF8String (SIZE(0..255)), ... } END -- -- Copyright 2017 Crash Avoidance Metrics Partner, VSC5 Consortium -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. -- -- @namespace Ieee1609Dot2LaMaError Ieee1609Dot2LaMaError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) la-ma(9) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; --- -- @brief -- @class LaMaError -- @param -- @see LaMaError ::= CHOICE { la-ma-base-error LaMaBaseErrorCode, la-ma-linkage-info-error LaMaLinkageInfoErrorCode, la-ma-linkage-seed-error LaMaLinkageSeedErrorCode, ... } --- -- @brief -- @class LaMaBaseErrorCode -- @param -- @see LaMaBaseErrorCode ::= ENUMERATED { laNoMaAuthorizationSignature, laInvalidMaAuthorizationSignature, numberOfRequestsExceeded, -- not used yet noSecureConnectionToRequestor, -- not used yet laInternalTimeout, maRequestTimeout, laInvalidInputValueFormat, ... } --- -- @brief -- @class LaMaLinkageInfoErrorCode -- @param -- @see LaMaLinkageInfoErrorCode ::= ENUMERATED { atLeastOnePrelinkageValueUnknown, -- not used yet allPrelinkageValuesUnknown, -- not used yet onlyOnePrelinkageValuePresented, -- not used yet laInvalidPrelinkageValuePresented, ... } --- -- @brief -- @class LaMaLinkageSeedErrorCode -- @param -- @see LaMaLinkageSeedErrorCode ::= ENUMERATED { linkageChainIdentifierUnknown, -- not used yet laInvalidLinkageValue, laNumberOfLciValuesExceeded, ... } END -- -- Copyright 2017 Crash Avoidance Metrics Partner, VSC5 Consortium -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. -- -- @namespace Ieee1609Dot2LaMaInterface Ieee1609Dot2LaMaInterface {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) la-ma(9) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; IMPORTS Uint8, HashedId8 FROM IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2)} Countersignature FROM IEEE1609dot2 {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base (1) schema (1) major-version-2(2)} LinkageSeedAndLaId, PreLinkageValue, LinkageChainId, MaHostnameId, LaHostnameId, EncryptedGroupPLV, EncryptedIndividualPLV FROM Ieee1609dot2ScmsBaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) base-types (2) major-version-2(2)} ScopedLaMaLIError, ScopedLaMaLSError FROM Ieee1609dot2ScmsError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) complete(1) major-version-2(2)} ; --- -- @brief The LaMaInterfacePDU is the parent message type for messages -- sent between Linkage Authority (LA) and Misbehavior Authority (MA). -- @class LaMaInterfacePDU -- @param maLaLinkageInfoRequest contains message to request linkage values -- from LA. -- @param laMaLinkageInfoResponse contains response to MaLaLinkageInfoRequestMsg -- with requested linkage values. -- @param maLaLinkageSeedRequest contains message to request linkage seed -- information LA. -- @param laMaLinkageSeedResponse contains response to MaLaLinkageSeedRequest -- with requested linkage seed. LaMaInterfacePDU::= CHOICE { maLaLinkageInfoRequest MaLaLinkageInfoRequestMsg, laMaLinkageInfoResponse LaMaLinkageInfoResponseMsg, maLaLinkageSeedRequest MaLaLinkageSeedRequestMsg, laMaLinkageSeedResponse LaMaLinkageSeedResponseMsg, ... } --- -- @brief This data type is used by the MA to request linkage information from -- LA. -- @class MaLaLinkageInfoRequestMsg -- @param version contains the current version of the data type. The version -- specified in this document is version 1, -- @param tbs contains the request with linkage information that is -- signed by MA at scms-protocol level. -- @param signatures contains signatures that the MA has to obtain from -- auditors before sending this data type. Size 0 is used -- when MA creates an initial request to be signed by -- auditors. -- @see Uint8, Countersignature MaLaLinkageInfoRequestMsg ::= SEQUENCE { version Uint8(1), tbs ToBeSignedLIRequestMsg, signatures SEQUENCE (SIZE (0..MAX)) OF Countersignature } --- -- @brief The MA encloses all the required data to request linkage information -- in this data type. -- @class ToBeSignedLIRequestMsg -- @param maId is the system-wide unique hostname ID. -- @param encryptedPLVsAndFlags contains the encrypted pre-linkage values -- (ePLVs) of each EE. -- @param encryptedGPLVsAndFlags contains the encrypted pre-linkage values of -- a group of EEs. -- @param expectedReply contains the possible formats for a reply -- from LA. -- @see MaHostnameId ToBeSignedLIRequestMsg ::= SEQUENCE { maId MaHostnameId, encryptedPLVsAndFlags SEQUENCE (SIZE(0..MAX)) OF EncryptedPrelinkageValueAndDontCareFlag, encryptedGPLVsAndFlags SEQUENCE (SIZE(0..MAX)) OF EncryptedGroupPrelinkageValueAndDontCareFlag, expectedReply ExpectedReply, ... } --- -- @brief As the name suggests, this data type contains the ePLV and its -- corresponding don't care flag. -- @class EncryptedPrelinkageValueAndDontCareFlag -- @param encryptedPLV is the encrypted pre-linkage value corresponding to an -- EE pseudonym certificate. -- @param dontCareFlag defines if an LA should process this ePLV. EncryptedPrelinkageValueAndDontCareFlag ::= SEQUENCE { encryptedPLV EncryptedIndividualPLV, dontCareFlag BOOLEAN } --- -- @brief As the name suggests, this data type contains a group's ePLV and its -- corresponding don't care flag. -- @class EncryptedGroupPrelinkageValueAndDontCareFlag -- @param encryptedGroupPLV is the encrypted pre-linkage value corresponding -- to a group of EE pseudonym certificates. -- @param dontCareFlag defines if an LA should process this group ePLV. -- @see EncryptedGroupPLV EncryptedGroupPrelinkageValueAndDontCareFlag ::= SEQUENCE { encryptedGroupPLV EncryptedGroupPLV, dontCareFlag BOOLEAN } --- -- @brief This data type defines the types of responses an MA expects from LA -- when MA requests linkage information. -- @class ExpectedReply -- @param scalarAnswer denotes the information LA has for a requested ePLV. -- @param indicesLists denotes a list of unknown, rejected, and associated PLVs. ExpectedReply ::= ENUMERATED { scalarAnswer, indicesLists } --- -- @brief This data type is used by the LA to respond to -- MaLaLinkageInfoRequestMsg from MA for Misbehavior Detection. -- @class LaMaLinkageInfoResponseMsg -- @param version contains the current version of the data type. The -- version specified in this document is version 1, -- @param requestHash contains the hash of the original request. -- @param laId is the unique hostname ID of an LA. -- @param linkageInfo if there are no errors in request from MA, the LA -- responds with the requested linkage information. -- Otherwise, LA responds with a suitable error code. -- @see Uint8, HashedId8, LaHostnameId, ScopedLaMaLIError LaMaLinkageInfoResponseMsg ::= SEQUENCE { version Uint8(1), requestHash HashedId8, laId LaHostnameId, linkageInfo CHOICE { success LinkageInformation, failure ScopedLaMaLIError } } --- -- @brief This data type is used by the LA to enclose all linkage information -- that is sent to MA on request. -- @class LinkageInformation -- @param scalar denotes if LA has the linkage information for a -- requested ePLV. -- @param indicesList is the list of unknown, rejected, and associated PLVs. -- @see PreLinkageValue LinkageInformation ::= CHOICE { scalar SEQUENCE { matches INTEGER, lowerBound BOOLEAN -- lower bound is used or not }, --- indices_list should be optional, not yet implemented! indicesList SEQUENCE { unkownPlv SEQUENCE OF PreLinkageValue, rejectPlv SEQUENCE OF PreLinkageValue, assocPlv SEQUENCE OF SEQUENCE OF PreLinkageValue } } --- -- @brief This data type is used by the MA to request a linkage seed from LA -- for Revocation purposes. -- @class MaLaLinkageSeedRequestMsg -- @param version contains the current version of the data type. The version -- specified in this document is version 1, -- @param tbs contains the linkage seed information which is signed by -- LA at scms-protocol level. -- @param signatures contains the counter signatures that an MA has to obtain -- form auditors before sending this request. Size 0 is used -- when MA creates an initial request to be signed by -- auditors. -- @see MaLaLinkageSeedRequestMsg ::= SEQUENCE { version Uint8(1), tbs ToBeSignedLSRequestMsg, signatures SEQUENCE (SIZE (0..MAX)) OF Countersignature } --- -- @brief The MA encloses all the required data to request a linkage seed in -- this data type. -- @class ToBeSignedLSRequestMsg -- @param maId is the system-wide unique hostname ID. -- @param lci is a list of linkage chain IDs for which the MA requests -- linkage seeds. -- @see MaHostnameId, LinkageChainId ToBeSignedLSRequestMsg ::= SEQUENCE { maId MaHostnameId, lci SEQUENCE OF LinkageChainId, ... } --- -- @brief This data type is used by LA to respond to MaLaLinkageSeedRequestMsg -- from MA for Revocation purposes. -- @class LaMaLinkageSeedResponseMsg -- @param version contains the current version of the data type. The -- version specified in this document is version 1, -- @param requestHash contains the hash of the original request. -- @param laId is the unique hostname ID of an LA. -- @param lsInfo contains linkage seed and LCI requested by MA. -- @see Uint8, HashedId8, LaHostnameId LaMaLinkageSeedResponseMsg ::= SEQUENCE { version Uint8(1), requestHash HashedId8, laId LaHostnameId, lsInfo SEQUENCE OF LCI2LS } --- -- @brief This data type is used by LA to send requested linkage chain ID and -- linkage seed by MA. -- @class LCI2LS -- @param lci contains the requested linkage chain ID by MA. -- @param reply contains the requested linkage seed and ID of the responding -- LA if request from MA has no errors. Otherwise an appropriate -- error code is sent in response. -- @see LinkageChainId, LinkageSeedAndLaId, ScopedLaMaLSError LCI2LS ::= SEQUENCE { lci LinkageChainId, reply CHOICE { success LinkageSeedAndLaId, failure ScopedLaMaLSError } } END -- -- Copyright 2017 Crash Avoidance Metrics Partner, VSC5 Consortium -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. -- -- @namespace Ieee1609Dot2LaPcaError Ieee1609Dot2LaPcaError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) la-pca(10) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; --- -- @brief -- @class LaPcaError -- @param -- @see LaPcaError ::= CHOICE { la-pca LaPcaErrorCode, ... } --- -- @brief -- @class LaPcaErrorCode -- @param -- @see LaPcaErrorCode ::= ENUMERATED { invalidSignature, invalidCertificate, invalidStartTime, invalidEndTime, invalidAlgorithm, invalidMacValue, ... } END -- -- Copyright 2017 Crash Avoidance Metrics Partner, VSC5 Consortium -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. -- -- @namespace Ieee1609Dot2LaPcaInterface Ieee1609Dot2LaPcaInterface {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) la-pca (10) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; IMPORTS HashedId8, Signature, Time32, Uint8, Uint32 FROM IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2)} Certificate, EncryptedData, RecipientInfo FROM IEEE1609dot2 {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) schema(1) major-version-2(2)} ScopedLaPcaError FROM Ieee1609dot2ScmsError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) complete(1) major-version-2(2)} FullSizeHash, LaHostnameId, PcaHostnameId FROM Ieee1609dot2ScmsBaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) base-types(2) major-version-2(2)} ; --- -- @brief The LaPcaInterfacePDU is the parent message type for messages sent -- between Linkage Authority (LA) and Pseudonym Certificate Authority -- (PCA). -- @class LaPcaInterfacePDU -- @param pcaLaKeyAgreementRequest contains the key agreement request sent -- from PCA to LA. -- @param laPcaKeyAgreementResponse contains the response to key agreement -- request. Sent from LA to PCA. -- @param pcaLaKeyAgreementAck contains the acknowledgement of receipt of -- response from LA for key agreement. LaPcaInterfacePDU::= CHOICE { pcaLaKeyAgreementRequest PcaLaKeyAgreementRequestMsg, laPcaKeyAgreementResponse LaPcaKeyAgreementResponseMsg, pcaLaKeyAgreementAck PcaLaKeyAgreementAckMsg, ... } --- -- @brief PCA uses this data type to initiate key agreement with an LA. -- @class PcaLaKeyAgreementRequestMsg -- @param version contains the current version of the data type. The -- version specified in this document is version 1, -- represented by the integer 1. -- @param pcaId is the unique hostname ID of a PCA. -- @param pcaCertificate encloses PCA's certificate. This field is optional in -- the case when LA already has PCA's certificate. -- @param enc-R-pca is the encrypted data generated by using PCA's random -- contribution. The encrypted data contains recipient's -- certificate information. -- @param startDate denotes the start date from which the request is -- valid. -- @param endDate denotes the end date until which the request in valid. -- @see Uint8, PcaHostnameId, Certificate, EncryptedData, Time32 PcaLaKeyAgreementRequestMsg ::= SEQUENCE { version Uint8(1), pcaId PcaHostnameId, pcaCertificate Certificate OPTIONAL, enc-R-pca EncryptedData (WITH COMPONENTS { recipients (SIZE (1) INTERSECTION (WITH COMPONENT ( RecipientInfo (WITH COMPONENTS { certRecipInfo -- using hash of the LA certificate })))), ciphertext -- when decrypted it contains PcaRandomContribution, R_pca }), startDate Time32, endDate Time32 } --- -- @brief This data type denotes the 256 bit random number from PCA. It is -- used to encrypt data while requesting key agreement with an LA by -- PCA. -- @class PcaRandomContribution PcaRandomContribution ::= OCTET STRING (SIZE(32)) --- -- @brief This data type is used by the LA to respond to a -- PcaLaKeyAgreementRequestMsg from a PCA. -- @class LaPcaKeyAgreementResponseMsg --- @param version contains the current version of the data type. The -- version specified in this document is version 1, -- represented by the integer 1. -- @param requestHash is the hash of the original request. -- @param laId is the unique hostname ID of a LA. -- @param enc-R-la is the encrypted data generated by using LA's random -- contribution. The encrypted data contains recipient's -- certificate information. -- @param reply in case of no errors in PCA's request, LA responds with -- a full hash that is computed as follows: -- MAC_la computed as HMAC(mac_key, R_pca || R_la || "scms-la") -- where (enc_key, mac_key) = KDF(R_pca || R_la || "scms-la-pca") -- enc_key is the negotiated symmetric key to be used by LA -- for PLV encryption. In case of an error, an appropriate -- error code is sent in the response. -- @see Uint8, HashedId8, LaHostnameId, EncryptedData, FullSizeHash, -- ScopedLaPcaError LaPcaKeyAgreementResponseMsg ::= SEQUENCE { version Uint8(1), requestHash HashedId8, -- hash of the original request laId LaHostnameId, enc-R-la EncryptedData (WITH COMPONENTS { recipients (SIZE (1) INTERSECTION (WITH COMPONENT ( RecipientInfo (WITH COMPONENTS { certRecipInfo -- using hash of the PCA certificate })))), ciphertext -- when decrypted it contains LaRandomContribution, R_la }), reply CHOICE { success FullSizeHash, failure ScopedLaPcaError } } --- -- @brief This data type denotes the 256 bit random number from LA. It is used -- to encrypt data while reponding to a key agreement request from LA -- to PCA. -- @class LaRandomContribution LaRandomContribution ::= OCTET STRING (SIZE(32)) --- -- @brief This data type is used by the PCA to acknowledge receipt of key -- agreement response sent by LA. -- @class PcaLaKeyAgreementAckMsg --- @param version contains the current version of the data type. The -- version specified in this document is version 1, -- represented by the integer 1. -- @param requestHash is the hash of the original request. -- @param pcaId is the unique hostname ID of a PCA. -- @param reply in case of no errors in LA's response, PCA responds with -- a full hash that is computed as follows: -- MAC_pca computed as HMAC(mac_key, R_pca || R_la || "scms-pca") -- where (enc_key, mac_key) = KDF(R_pca || R_la || "scms-la-pca") -- enc_key is the negotiated symmetric key to be used by -- PCA for PLV decryption. In the case of an error, an -- appropriate error code is sent in the acknowledgement. -- @see Uint8, HashedId8, PcaHostnameId, FullSizeHash, ScopedLaPcaError PcaLaKeyAgreementAckMsg ::= SEQUENCE { version Uint8(1), requestHash HashedId8, -- hash of the initial request pcaId PcaHostnameId, reply CHOICE { success FullSizeHash, failure ScopedLaPcaError } } END -- -- Copyright 2017 Crash Avoidance Metrics Partner, VSC5 Consortium -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. -- -- @namespace Ieee1609Dot2LaRaError Ieee1609Dot2LaRaError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) la-ra(11) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; --- -- @brief -- @class LaRaError -- @param -- @see LaRaError ::= CHOICE { la-ra LaRaErrorCode, ... } --- -- @brief -- @class LaRaErrorCode -- @param -- @see LaRaErrorCode ::= ENUMERATED { invalidPcaKey, -- no valid key for encryption to PCA available invalidIMin, -- iMin is invalid invalidIMax, -- iMax is invalid invalidContinueChain, -- continue chain is neither 0 nor 1 invalidLinkagechainId,-- linkagechainId is invalid invalidJMax, -- invalid jMax value (e.g. too large) ... } END -- -- Copyright 2017 Crash Avoidance Metrics Partner, VSC5 Consortium -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. -- -- @namespace Ieee1609Dot2LaRaInterface Ieee1609Dot2LaRaInterface {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) la-ra(11) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; IMPORTS GroupLinkageValue, HashedId8, LaId, LinkageValue, Uint8, Uint16, Uint32 FROM IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2)} EncryptedGroupPLV, EncryptedIndividualPLV, LinkageChainId, PcaHostnameId, RaHostnameId, LaHostnameId FROM Ieee1609dot2ScmsBaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) base-types(2) major-version-2(2)} ScopedLaRaError FROM Ieee1609dot2ScmsError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) complete(1) major-version-2(2)} ; --- -- @brief The LaRaInterfacePDU is the parent message type for messages sent -- between Linkage Authority (LA) and the Registration Authority (RA). -- @class LaRaInterfacePDU -- @param raLaIndividualPreLinkageValueRequest contains the PLV request sent -- by RA to LA. -- @param raLaGroupPreLinkageValueRequest contains the group PLV request -- sent by RA to LA. -- @param laRaPreLinkageValueResponse contains the response to both -- individual and group PLV -- requests from RA. LaRaInterfacePDU::= CHOICE { raLaIndividualPreLinkageValueRequest RaLaIndividualPreLinkageValueRequestMsg, raLaGroupPreLinkageValueRequest RaLaGroupPreLinkageValueRequestMsg, laRaPreLinkageValueResponse LaRaPreLinkageValueResponseMsg, ... } --- -- @brief This data type is the header of pre-linkage value request sent by RA -- to LA. -- @class RaLaPreLinkageValueRequestMsgHeader -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- @param raId denotes the unique hostname ID of RA. -- @param pcaId denotes the unique hostname ID of PCA. -- @param iMin denotes the lower bound of i for which the PLVs are requested. -- @param iMax denotes the upper bound of i for which the PLVs are requested. -- @see Uint8, RaHostnameId, PcaHostnameId, Uint16 RaLaPreLinkageValueRequestMsgHeader ::= SEQUENCE { version Uint8(1), raId RaHostnameId, pcaId PcaHostnameId, iMin Uint16, iMax Uint16 } --- -- @brief This data type is used by RA to request PLVs from an LA. -- @class RaLaIndividualPreLinkageValueRequestMsg -- @param header encloses the header information of the request. -- @param jMax denotes the maximum count of linkage values -- requested per i. -- @param numberOfFreshInd denotes number of fresh chains for individual -- certificates requested. -- @param continuationsInd denotes the continuation values for individual -- certificates. -- @see Uint8, Uint32, LinkageChainId RaLaIndividualPreLinkageValueRequestMsg ::= SEQUENCE { header RaLaPreLinkageValueRequestMsgHeader, jMax Uint8, numberOfFreshInd Uint32 OPTIONAL, continuationsInd SEQUENCE OF LinkageChainId OPTIONAL } (WITH COMPONENTS {..., numberOfFreshInd PRESENT} | WITH COMPONENTS {..., continuationsInd PRESENT}) --- -- @brief This data type is used by RA to request group PLVs from an LA. -- @class RaLaGroupPreLinkageValueRequestMsg -- @param header encloses the header information of the request. -- @param jMax denotes the maximum count of linkage values -- requested per i. -- @param otherLa is the unique 16 bit ID of the second LA. -- @param groupIdentifier is the group identifier to be created or continued. -- @see RaLaGroupPreLinkageValueRequestMsg ::= SEQUENCE { header RaLaPreLinkageValueRequestMsgHeader, jMax Uint32, otherLa LaId, groupIdentifier OCTET STRING (SIZE(4)) } --- -- @brief This data type is used by the LA to respond to a -- RaLaIndividualPreLinkageValueRequestMsg or a -- RaLaGroupPreLinkageValueRequestMsg with the requested PLVs. -- @class LaRaPreLinkageValueResponseMsg -- @param version contains the current version of the data type. The -- version specified in this document is version 1, -- represented by the integer 1. -- @param requestHash is the has of the original request. -- @param laId denotes the unique hostname ID of the responding LA. -- @param reply contains the requested PLVs if no errors occur, -- otherwise an appropriate error code is sent. -- @see Uint8, HashedId8, LaHostnameId, ScopedLaRaError LaRaPreLinkageValueResponseMsg ::= SEQUENCE { version Uint8(1), requestHash HashedId8, -- hash of the original request laId LaHostnameId, reply CHOICE { success PreLinkageValueRequestResponse, failure ScopedLaRaError } } --- -- @brief LA uses this data type to enclose all requested PLV information in a -- response to RA. -- @class PreLinkageValueRequestResponse -- @param iMin denotes the lower bound of i for which the PLVs are -- requested. -- @param iMax denotes the upper bound of i for which the PLVs are -- requested. -- @param individual contains the linkage chain information for individual PLVs. -- @param group contains the linkage chain information for group PLVs. -- @see Uint16 PreLinkageValueRequestResponse ::= SEQUENCE { iMin Uint16, iMax Uint16, individual SEQUENCE (SIZE (0..MAX)) OF IndividualPlvResponseLinkageChain, group SEQUENCE (SIZE (0..MAX)) OF GroupPlvResponseLinkageChain, ... } --- -- @brief LA uses this data type to send individual PLV linkage chain -- information to RA. -- @class IndividualPlvResponseLinkageChain -- @param jMax denotes the maximum count of linkage values to be -- sent per i. -- @param values is the outer sequence of size equal to the difference: -- iMax-iMin. It contains an inner sequence of encrypted -- PLVs of size jMax. -- @param linkageChainId is the LCI of the requested PLV. -- @see Uint8, EncryptedIndividualPLV, LinkageChainId IndividualPlvResponseLinkageChain ::= SEQUENCE { jMax Uint8, values SEQUENCE OF SEQUENCE OF EncryptedIndividualPLV, linkageChainId LinkageChainId } --- -- @brief LA uses this data type to send group PLV linkage chain information -- to RA. -- @class GroupPlvResponseLinkageChain -- @param jMax denotes the maximum count of linkage values to be -- sent per i. -- @param otherLa is the unique 16 bit ID of the second LA. -- @param values is the outer sequence of size equal to the -- difference: iMax-iMin. It contains an inner sequence -- of encrypted PLVs of size jMax. -- @param groupIdentifier denotes the 32 bit string ID of a group. -- @see Uint32, LaId, EncryptedGroupPLV GroupPlvResponseLinkageChain ::= SEQUENCE { jMax Uint32, otherLa LaId, values SEQUENCE OF SEQUENCE OF EncryptedGroupPLV, groupIdentifier OCTET STRING (SIZE(4)) } END -- -- Copyright 2017 Crash Avoidance Metrics Partner, VSC5 Consortium -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. -- -- @namespace Ieee1609Dot2MaPcaError Ieee1609Dot2MaPcaError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) ma-pca (13) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; --- -- @brief -- @class MaPcaError -- @param -- @see MaPcaError ::= CHOICE { ma-pca MaPcaErrorCode, ... } --- -- @brief -- @class MaPcaErrorCode -- @param -- @see MaPcaErrorCode ::= ENUMERATED { pcaInternalTimeout, maRequestTimeout, pcaNoMaAuthorizationSignature, pcaInvalidMaAuthorizationSignature, numberofRequestsExceeded, -- not used yet pcaNumberOfLinkageValuesExceeded, noSecureConnectiontoRequestor, -- not used yet tooManyUsers, -- not used yet linkageValueUnknown, -- not used yet pcaInvalidLinkageValue, pcaInvalidInputValueFormat, ... } END -- -- Copyright 2017 Crash Avoidance Metrics Partner, VSC5 Consortium -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. -- -- @namespace Ieee1609Dot2MaPcaInterface Ieee1609Dot2MaPcaInterface {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces (1) ma-pca(13) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; IMPORTS GroupLinkageValue, HashedId8, LinkageValue, Uint8 FROM IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2)} Countersignature FROM IEEE1609dot2 {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) schema(1) major-version-2(2)} HPCRAndHostInfo, MaHostnameId, PcaHostnameId, EncryptedPlvAndHostInfo FROM Ieee1609dot2ScmsBaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) base-types(2) major-version-2(2)} ScopedMaPcaError FROM Ieee1609dot2ScmsError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) complete(1) major-version-2(2)} ; --- -- @brief The MaPcaInterfacePDU is the parent message type for messages sent -- between Misbehavior Authority (MA) and Pseudonym Certificate -- Authority (PCA). -- @class MaPcaInterfacePDU -- @param maPcaPreLinkageValueRequest contains the PLV request message sent -- form MA to PCA. -- @param pcaMaPreLinkageValueResponse contains the response message with -- requested PLVs, sent from PCA to MA. -- @param maPcaHPCRRequest contains the HPCR request message sent -- from MA to PCA. -- @param pcaMaHPCRResponse contains the response message with -- requested HPCR, sent from PCA to MA. MaPcaInterfacePDU ::= CHOICE { maPcaPreLinkageValueRequest MaPcaPreLinkageValueRequestMsg, pcaMaPreLinkageValueResponse PcaMaPreLinkageValueResponseMsg, maPcaHPCRRequest MaPcaHPCRRequestMsg, pcaMaHPCRResponse PcaMaHPCRResponseMsg, ... } --- -- @brief MA uses this data type to request pre-linkage value from PCA for -- misbehavior detection. Note that this is actually signed by the MA -- at the scms-protocol level. -- @class MaPcaPreLinkageValueRequestMsg -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by -- the integer 1. -- @param tbs is the request message data that is signed by the MA at -- scms-protocol level. -- @param signatures contains countersignatures that the MA has to obtain from -- auditors before requesting PLVs from PCA. Size 0 is used -- when no countersignatures are necessary. -- @see Uint8, Countersignature MaPcaPreLinkageValueRequestMsg ::= SEQUENCE { version Uint8(1), tbs ToBeSignedMaPcaPreLinkageValueRequestMsg, signatures SEQUENCE (SIZE (0..MAX)) OF Countersignature } --- -- @brief MA encloses all PLV request information in this data type. It signs -- this message at scms-protocol level. -- @class ToBeSignedMaPcaPreLinkageValueRequestMsg -- @param maId is the system-wide unique 256 bit hostname ID of -- the MA. -- @param linkageValues contains the list of linkage values for which MA -- requests ePLVs from PCA. -- @param groupLinkageValues contains the list of group linkage values for -- which MA requests group ePLVs from PCA. -- @see maHostnameId, LinkageValue, GroupLinkageValue ToBeSignedMaPcaPreLinkageValueRequestMsg ::= SEQUENCE { maId MaHostnameId, linkageValues SEQUENCE (SIZE (0..MAX)) OF LinkageValue, groupLinkageValues SEQUENCE (SIZE (0..MAX)) OF GroupLinkageValue, ... } --- -- @brief PCA uses this data type to respond to MaPcaPreLinkageValueRequestMsg -- from MA with PLVs for misbehavior detection. -- @class PcaMaPreLinkageValueResponseMsg -- @param version contains the current version of the data type. The -- version specified in this document is version 1, -- represented by the integer 1. -- @param requestHash is the hash of the original request. -- @param pcaId is the 256 bit unique hostname ID of PCA. -- @param plvInfo is a list of linkage values and their corresponding PLVs. -- @see Uint8, HashedId8, PcaHostnameId PcaMaPreLinkageValueResponseMsg ::= SEQUENCE { version Uint8(1), requestHash HashedId8, pcaId PcaHostnameId, plvInfo SEQUENCE OF Lv2Plv } --- -- @brief This data type is used by PCA to enclose linkage values and -- corresponding ePLVs or error codes. -- @class Lv2Plv -- @param lv contains linkage value sent by MA in its request. -- @param reply contains an encrypted PLV information when requested by MA -- when there is no error in MA request. Otherwise, an -- appropriate error code is sent. -- @see LinkageValue, EncryptedPlvAndHostInfo, ScopedMaPcaError Lv2Plv ::= SEQUENCE { lv LinkageValue, reply CHOICE { success EncryptedPlvAndHostInfo, failure ScopedMaPcaError } } --- -- @brief This data type is used by MA to request the hash( -- pseudonym_certificate_request_by_RA), HPCR, sent by MA to PCA for -- revocation purposes. Note that this is actually signed by the MA at -- the scms-protocol level. -- @class MaPcaHPCRRequestMsg -- @param version contains the current version of the data type. The -- version specified in this document is version 1, -- represented by the integer 1. -- @param tbs is the request message data that is signed by the MA at -- scms-protocol level. -- @param signatures contains counter signatures that the MA has to obtain -- from auditors before requesting HPCR from PCA. Size 0 is -- used when no countersignatures are necessary. -- @see Uint8, Countersignature MaPcaHPCRRequestMsg ::= SEQUENCE { version Uint8(1), tbs ToBeSignedMaPcaHPCRRequestMsg, signatures SEQUENCE (SIZE (0..MAX)) OF Countersignature } --- -- @brief MA encloses all HPCR request information in this data type. It signs -- this message at scms-protocol level. -- @class ToBeSignedMaPcaHPCRRequestMsg -- @param maId is the 256 bit system-wide unique hostname ID. -- @param linkage-values is a list of linkage values for which the MA requests -- HPCR. -- @see MaHostnameId, LinkageValue ToBeSignedMaPcaHPCRRequestMsg ::= SEQUENCE { maId MaHostnameId, linkage-values SEQUENCE OF LinkageValue, ... -- FIX LATER } --- -- @brief PCA uses this data type to respond to a MaPcaHPCRRequestMsg from MA -- for revocation purposes. -- @class PcaMaHPCRResponseMsg -- @param version contains the current version of the data type. The -- version specified in this document is version 1, -- represented by the integer 1. -- @param requestHash is the hash of the original request. -- @param pcaId is the 256 bit unique hostname ID of PCA. -- @param hpcrinfo contains the HPCRs for the requested linkage values by MA. -- @see Uint8, HashedId8, PcaHostnameId PcaMaHPCRResponseMsg ::= SEQUENCE { version Uint8(1), requestHash HashedId8, pcaId PcaHostnameId, hpcrinfo SEQUENCE OF Lv2HPCR } --- -- @brief This data type is used by PCA to enclose linkage values and -- corresponding HPCRs or error codes. -- @class Lv2HPCR -- @param lv contains linkage value sent by MA in its request. -- @param reply contains an HPCR information when requested by MA when there -- is no error in MA request. Otherwise, an appropriate error -- code is sent. -- @see LinkageValue, HPCRAndHostInfo, ScopedMaPcaError Lv2HPCR ::= SEQUENCE { lv LinkageValue, reply CHOICE { success HPCRAndHostInfo, failure ScopedMaPcaError } } END -- -- Copyright 2017 Crash Avoidance Metrics Partner, VSC5 Consortium -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. -- -- @namespace Ieee1609Dot2MaRaError Ieee1609Dot2MaRaError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) ma-ra(14) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; --- -- @brief -- @class MaRaError -- @param -- @see MaRaError ::= CHOICE { ma-ra-base-error MaRaBaseErrorCode, ma-ra-blacklist-error MaRaBlacklistErrorCode, ma-ra-lci-error MaRaLCIErrorCode, ma-ra-cdv-error MaRaCDVErrorCode, -- Added for RSE revocation ... } --- -- @brief -- @class MaRaBaseErrorCode -- @param -- @see MaRaBaseErrorCode ::= ENUMERATED { raInternalTimeout, maRequestTimeout, raNoMaAuthorizationSignature, raInvalidMaAuthorizationSignature, raInvalidInputValueFormat, raInvalidHashRequest, raInvalidRIFValue, raInvalidLinkageValue, raNumberOfRequestsExceeded, noSecureConnectionToRequestor, -- not used yet hpcrIsUnknownToRA, -- not used yet ... } --- -- @brief -- @class MaRaBlacklistErrorCode -- @param -- @see MaRaBlacklistErrorCode ::= ENUMERATED { -- HPCR points to already blacklisted certificate alreadyBlacklisted, -- raCertificateAlreadyBlacklisted, ... } --- -- @brief -- @class MaRaLCIErrorCode -- @param -- @see MaRaLCIErrorCode ::= ENUMERATED { noLinkageChainIdentifiersKnownForHPCR, -- not used yet ... } -- Added for RSE application and OBE identification cert revocation --- -- @brief -- @class MaRaCDVErrorCode -- @param -- @see MaRaCDVErrorCode ::= ENUMERATED { noCertificateDigestValuesKnownForRIF, ... } END -- -- Copyright 2017 Crash Avoidance Metrics Partner, VSC5 Consortium -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. -- -- @namespace Ieee1609Dot2MaRaInterface Ieee1609Dot2MaRaInterface {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) ma-ra(14) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; IMPORTS HashedId8, HashedId10, Hostname, Opaque, Uint8, Uint32 FROM IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2)} Countersignature, SignerIdentifier FROM IEEE1609dot2 {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) schema(1) major-version-2(2)} HPCR, HPCRAndHostInfo, LCIAndHostInfo, RaHostnameId, MaHostnameId, RIF FROM Ieee1609dot2ScmsBaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) base-types(2) major-version-2(2)} ScopedMaRaBlacklistError, ScopedMaRaLCIError FROM Ieee1609dot2ScmsError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) complete(1) major-version-2(2)} ; --- -- @brief The MaRaInterfacePDU is the parent message type for messages sent -- between Misbehavior Authority (MA) and Registration Authority (RA). -- @class MaRaInterfacePDU -- @param maRaBlacklistRequest contains request from MA to obtain -- internal blacklist of RA for pseudonym -- certificate. -- @param raMaBlacklistResponse contains response from RA to -- MaRaBlacklistRequestMsg from MA. -- @param maRaLCIRequest contains request from MA to obtain -- linkage chain ID from RA. -- @param raMaLCIResponse contains response from RA to -- MaRaLCIRequestMsg from MA. -- @param maRaRseObeIdBlacklistRequest contains request from MA to obtain -- internal blacklist of RA for all -- certificates expect pseudonym -- certificate. -- @param raMaRseObeIdBlacklistResponse contains response from RA to -- MaRaRseObeIdBlacklistRequest from MA. -- @param maRaCDVRequest contains request from MA to obtain -- certificate digest values (CDV) from RA. -- @param raMaCDVResponse contains response from RA to -- MaRaCDVRequest from MA. MaRaInterfacePDU ::= CHOICE { maRaBlacklistRequest MaRaBlacklistRequestMsg, raMaBlacklistResponse RaMaBlacklistResponseMsg, maRaLCIRequest MaRaLCIRequestMsg, raMaLCIResponse RaMaLCIResponseMsg, maRaRseObeIdBlacklistRequest MaRaRseObeIdBlacklistRequestMsg, raMaRseObeIdBlacklistResponse RaMaRseObeIdBlacklistResponseMsg, maRaCDVRequest MaRaCDVRequestMsg, raMaCDVResponse RaMaCDVResponseMsg, ... } --- -- @brief This data type is used by MA to request internal blacklist of RA. -- Note that this is actually signed by the MA at the scms-protocol -- level. -- @class MaRaBlacklistRequestMsg -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by -- the integer 1. -- @param tbs contains information of MA and requested HPCR. MA signs -- this at scms-protocol level. -- @param signatures is the list of counter signatures that the MA has to -- obtain from Auditors before sending this request. Size 0 -- is used when no countersignatures are necessary -- @see Uint8, Countersignature MaRaBlacklistRequestMsg ::= SEQUENCE { version Uint8(1), tbs ToBeSignedBlacklistingInstructionMsg, signatures SEQUENCE SIZE (0..MAX) OF Countersignature } --- -- @brief This data type is used by MA to enclose its information and the -- HPCRs for which it wants to request the blacklist. -- @class ToBeSignedBlacklistingInstructionMsg -- @param maId is the 256 bit system-wide unique MA hostname ID. -- @param hpcr is the list of HPCRs for which the MA requests internal -- blacklist of RA. -- @see MaHostnameId, HPCR ToBeSignedBlacklistingInstructionMsg ::= SEQUENCE { maId MaHostnameId, hpcr SEQUENCE OF HPCR, ... } --- -- @brief RA uses this data type to respond to MaRaBlacklistRequestMsg from MA. -- @class RaMaBlacklistResponseMsg -- @param version contains the current version of the data type. The -- version specified in this document is version 1, -- represented by the integer 1. -- @param requestHash is the hash of the original request. -- @param raId is the 256 bit unique hostname ID of RA. -- @param status is the list that tells status of each requested HPCRs. -- @see Uint8, HashedId8, RaHostnameId RaMaBlacklistResponseMsg ::= SEQUENCE { version Uint8(1), requestHash HashedId8, raId RaHostnameId, status SEQUENCE OF BlacklistingStatus, ... } --- -- @brief RA uses this data type to enclose the blacklisting status of HPCRs. -- @class BlacklistingStatus -- @param hpcr is the hash of pseudonym certificate (HPCR). -- @param reply contains nothing in the case when request of MA is correct. -- Otherwise includes an appropriate error code. -- @see HPCR, ScopedMaRaBlacklistError BlacklistingStatus ::= SEQUENCE { hpcr HPCR, reply CHOICE { success NULL, failure ScopedMaRaBlacklistError } } --- -- @brief MA uses this data type to request linkage chain identifiers from RA. -- Note that this is actually signed by the MA at the scms-protocol -- level. -- @class MaRaLCIRequestMsg -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by -- the integer 1. -- @param tbs contains information of MA and requested LCI. MA signs -- this at scms-protocol level. -- @param signatures is the list of signatures that the MA has to obtain from -- auditors before sending this message. Size 0 is used when -- no countersignatures are necessary. -- @see Uint8, Countersignature MaRaLCIRequestMsg ::= SEQUENCE { version Uint8(1), tbs ToBeSignedLCIRequestMsg, signatures SEQUENCE SIZE (0..MAX) OF Countersignature } --- -- @brief This data type is used by MA to enclose its information and the LCIs -- for which it wants to request the blacklist. -- @class ToBeSignedLCIRequestMsg -- @param maId is the 256 bit system-wide unique MA hostname ID. -- @param hpcr is the list of HPCRs for which the MA requests LCIs. -- @see MaHostnameId, HPCR ToBeSignedLCIRequestMsg ::= SEQUENCE { maId MaHostnameId, hpcr SEQUENCE OF HPCR, ... } --- -- @brief RA uses this data type to respond to MaRaLCIRequestMsg from MA. -- @class RaMaLCIResponseMsg -- @param version contains the current version of the data type. The -- version specified in this document is version 1, -- represented by the integer 1. -- @param requestHash is the hash of the original request. -- @param raId is the 256 bit unique hostname ID of RA. -- @param lciInfo is the list of mapping between HPCR and their LCIs. -- @see Uint8, HashedId8, RaHostnameId RaMaLCIResponseMsg ::= SEQUENCE { version Uint8(1), requestHash HashedId8, raId RaHostnameId, lciInfo SEQUENCE OF HPCR2LCI, ... } --- -- @brief RA uses this data type to map HPCR with their LCIs. -- @class HPCR2LCI -- @param hpcr is the hash of pseudonym certificate (HPCR). -- @param reply contains the LCI and group identifier information in case of -- no errors in request from MA. Otherwise, an appropriate error -- code is included. -- @see HPCR, LCIAndHostInfo, ScopedMaRaLCIError HPCR2LCI ::= SEQUENCE { hpcr HPCR, reply CHOICE { success SEQUENCE { groupIdentifier OCTET STRING (SIZE(4)), info LCIAndHostInfo }, failure ScopedMaRaLCIError } } --- -- @brief MA uses this data type to request blacklist of RA for components -- with certificates other than pseudonym certificates. Revocation is -- done using a Revocation Identifier (RIF). MA signs this at scms -- protocol level. -- @class MaRaRseObeIdBlacklistRequestMsg -- @param version contains the current version of the data type. The -- version specified in this document is version 1, -- represented by the integer 1. -- @param tbs contains information of MA and requested RIFs. MA signs -- this at scms-protocol level. -- @param signatures is the list of signatures that the MA has to obtain from -- auditors before sending this message. Size 0 is used when -- no countersignatures are necessary. -- @see Uint8, Countersignature MaRaRseObeIdBlacklistRequestMsg ::= SEQUENCE { version Uint8(1), tbs ToBeSignedRseObeIdBlacklistingInstructionMsg, signatures SEQUENCE SIZE (0..MAX) OF Countersignature } --- -- @brief This data type is used by MA to enclose its information and the RIFs -- for which it wants to request the blacklist. -- @class ToBeSignedRseObeIdBlacklistingInstructionMsg -- @param maId is the 256 bit system-wide unique ID of MA. -- @param rif is an 8-byte revocation identifier array in scms-base-types.asn. -- @see MaHostnameId, RIF ToBeSignedRseObeIdBlacklistingInstructionMsg ::= SEQUENCE { maId MaHostnameId, rif SEQUENCE OF RIF, ... } --- -- @brief RA uses this data type to respond to MaRaRseObeIdBlacklistRequestMsg -- from MA. -- @class RaMaRseObeIdBlacklistResponseMsg -- @param version contains the current version of the data type. The -- version specified in this document is version 1, -- represented by the integer 1. -- @param requestHash is the hash of the original request. -- @param raId is the 256 bit unique hostname ID of RA. -- @param status is the list that tells blacklisting status of each -- requested RIFs. -- @see Uint8, HashedId8, RaHostnameId RaMaRseObeIdBlacklistResponseMsg ::= SEQUENCE { version Uint8(1), requestHash HashedId8, -- hash of the original request raId RaHostnameId, status SEQUENCE OF RseObeIdBlacklistingStatus, ... } --- -- @brief RA uses this data type to enclose the blacklisting status of RIFs. -- @class RseObeIdBlacklistingStatus -- @param rif is an 8-byte revocation identifier array in scms-base-types.asn. -- @param reply contains nothing in the case when request of MA is correct. -- Otherwise includes an appropriate error code. -- @see RIF, ScopedMaRaBlacklistError RseObeIdBlacklistingStatus ::= SEQUENCE { rif RIF, reply CHOICE { success NULL, failure ScopedMaRaBlacklistError } } --- -- @brief MA uses this data type to request certificate digest values (CDV) -- from RA MA signs this at scms-protocol level. -- @class MaRaCDVRequestMsg -- @param version contains the current version of the data type. The -- version specified in this document is version 1, -- represented by the integer 1. -- @param tbs contains information of MA and requested CDVs. MA signs -- this at scms-protocol level. -- @param signatures is the list of signatures that the MA has to obtain from -- auditors before sending this message. Size 0 is used when -- no countersignatures are necessary. -- @see Uint8, Countersignature MaRaCDVRequestMsg ::= SEQUENCE { version Uint8(1), tbs ToBeSignedCDVRequestMsg, signatures SEQUENCE SIZE (0..MAX) OF Countersignature } --- -- @brief This data type is used by MA to enclose its information and the RIFs -- for which it wants to request the blacklist. -- @class ToBeSignedCDVRequestMsg -- @param maId is the 256 bit system-wide unique ID of MA. -- @param rifValues is an 8-byte revocation identifier array in scms-base-types.asn. -- @see MaHostnameId, RIF ToBeSignedCDVRequestMsg ::= SEQUENCE { maId MaHostnameId, rifValues SEQUENCE OF RIF, ... } --- -- @brief RA uses this data type to respond to MaRaCDVRequestMsg from MA. -- @class RaMaCDVResponseMsg -- @param version contains the current version of the data type. The -- version specified in this document is version 1, -- represented by the integer 1. -- @param requestHash is the hash of the original request. -- @param raId is the 256 bit unique hostname ID of RA. -- @param cdvInfo is the list of mapping between RIFs and their CDVs. -- requested RIFs. -- @see Uint8, HashedId8, RaHostnameId RaMaCDVResponseMsg ::= SEQUENCE { version Uint8(1), requestHash HashedId8, raId RaHostnameId, cdvInfo SEQUENCE OF CdvInfo } --- -- @brief RA uses this data type to map RIFs with their CDVs. -- @class CdvInfo -- @param rif is an 8-byte revocation identifier array in scms-base-types.asn. -- @param reply contains the CDV for each input in case of no errors in request -- from MA. Otherwise, an appropriate error code is included. -- @see RIF, HashedId8, ScopedMaRaBlacklistError CdvInfo ::= SEQUENCE { rif RIF, reply CHOICE { -- for each input rif, a list of certificate digests (HashedId8) is returned success SEQUENCE OF HashedId10, failure ScopedMaRaBlacklistError } } END -- -- Copyright 2017 Crash Avoidance Metrics Partner, VSC5 Consortium -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. -- -- @namespace Ieee1609Dot2PcaRaError Ieee1609Dot2PcaRaError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) pca-ra(15) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; --- -- @brief -- @class PcaRaError -- @param -- @see PcaRaError ::= CHOICE { pca-ra-base-error PcaRaBaseErrorCode, pca-ra-request-error PcaRaRequestErrorCode, ... } --- -- @brief -- @class PcaRaBaseErrorCode -- @param -- @see PcaRaBaseErrorCode ::= ENUMERATED { -- Unknown error unknownError, ... } --- -- @brief -- @class PcaRaRequestErrorCode -- @param -- @see PcaRaRequestErrorCode ::= ENUMERATED { -- invalid certificate type requested invalidCertificateRequestType, -- invalid type (neither implicit nor explicit certificate type) invalidType, -- invalid PSID or SSP invalidPsidSsp, -- invalid Region invalidRegion, -- invalid start, end, duration or expiration time invalidValidity, -- an invalid encryption public key is passed invalidEncryptionPublicKey, -- an invalid signing public key is passed invalidSignaturePublicKey, -- invalid encrypted prelinkage value is passed (e.g. cannot be decrypted) invalidEncryptedPreLinkageValue, -- invalid encrypted group prelinkage value is passed (e.g. cannot be decrypted) invalidEncryptedGroupPreLinkageValue, ... } END -- -- Copyright 2017 Crash Avoidance Metrics Partner, VSC5 Consortium -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. -- -- @namespace Ieee1609Dot2PcaRaInterface Ieee1609Dot2PcaRaInterface {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) pca-ra(15) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; IMPORTS Duration, EccP256CurvePoint, GroupLinkageValue, HashedId8, LinkageValue, Opaque, SequenceOfPsidSsp, Signature, SubjectAssurance, GeographicRegion, Time32, Uint8, Uint16, Uint32 FROM IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2)} Certificate, CertificateType, Ieee1609Dot2Data, RecipientInfo, SignedData, SignerIdentifier, SymmetricCiphertext, ToBeSignedCertificate FROM IEEE1609dot2 {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) schema(1) major-version-2(2)} EccP256PrivateKeyReconstruction, EncryptedIndividualPLV, EncryptedGroupPLV, IValue, LaHostnameId, RaHostnameId, PcaHostnameId, SecurityMgmtPsid FROM Ieee1609dot2ScmsBaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) base-types(2) major-version-2(2)} ScopedPcaRaError FROM Ieee1609dot2ScmsError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) complete(1) major-version-2(2)} ; --- -- @brief The PcaRaInterfacePDU is the parent message type for messages sent between Pseudonym -- Certificate Authority (PCA) and Registration Authority (RA). -- @class PcaRaInterfacePDU -- @param raPcaCertRequest contains a message from an RA to the PCA to request a copy of the PCA’s -- currently valid certificate. -- @param pcaRaCertResponse is a message from the PCA to the RA to acknowledge the receipt of -- raPcaCertRequest PcaRaInterfacePDU::= CHOICE { raPcaCertRequest RaPcaCertRequestMsg, pcaRaCertResponse PcaRaCertResponseMsg, ... } --- -- @brief This data type is used by the RA to request pseudonym certificates from the PCA. It is -- signed using the private key generated by the RA and the corresponding public key, -- verificationKey, is placed for use by the PCA to generate the pseudonym certificates. -- @class RaPcaCertRequestMsg -- @param version contains the current version of the data type. The version specified in this -- document is version 1, represented by the integer 1. -- @param raId contains the RA's hostname. -- @param cert-request-info contains the information to request certificates for OBEs. A -- PseudonymCertRequestInfo is included when the OBE requires pseudonimity -- and unlinkability. IdCertRequestInfo is included otherwise. -- @see Uint8, RaHostnameId RaPcaCertRequestMsg ::= SEQUENCE { version Uint8(1), raId RaHostnameId, cert-request-info CHOICE { pseudonym-cert-req PseudonymCertRequestInfo, auth-cert-req IdCertRequestInfo, ... } } --- -- @brief OBE Pseudonym Certificate info sent in the request certificate message. This version is only -- for implicit certs using butterfly keys. If other versions of pseudonym cert requests are -- developed with no butterfly keys or for explicit certs, that can be handled by defining an -- additional CertRequestInfo type within RaPcaCertRequestMsg. In particular, this doesn't -- allow pseudonym certs to have encryption keys, although it would in principle be possible to -- support this if the CA added a value to the encryption key as well as modifying the signing -- key. It's probably best for pseudonymous devices that want encrypted responses to do it via -- a response encryption key in the SignedData anyway. -- @class PseudonymCertRequestInfo -- @param psidSsp is a sequence of PSIDs with corresponding SSPs. -- @param performanceAssuranceLevel indicates the assurance level of the certificate holder. This field is optional. -- @param region defines the GeographicRegion for which a certificate is being -- requested. This field is optional. -- @param iValue denotes the week number from i=0 (i.e. 4:00 am Eastern Time on -- Tuesday, January 6, 2015) -- @param pca-id contains the PCA's hostname. -- @param sig-butterfly-key-B used to generate the hash of the pseudonym certificate request -- from RA. -- @param la1-id contains first LA's hostname (LA1). -- @param la2-id contains second LA's hostname (LA2). -- @param enc-plv1 contains encrypted pre-linkage value received from LA1 for an -- individual OBE. -- @param enc-plv2 contains encrypted pre-linkage value received from LA2 for an -- individual OBE. -- @param group-linkage-info DEPRECATED: is a sequence containing linkage value information -- of a group of OBEs. This field is optional. -- @param enc-butterfly-key-H contains RA's public key that is used by PCA to encrypt its responses. -- @see SequenceOfPsidSsp, SubjectAssurance, GeographicRegion, IValue PseudonymCertRequestInfo ::= SEQUENCE { -- -- these fields go directly into the cert -- psidSsp SequenceOfPsidSsp, performanceAssuranceLevel SubjectAssurance OPTIONAL, region GeographicRegion OPTIONAL, iValue IValue, -- -- used to create material that goes in the cert but not included in the -- cert directly -- pca-id PcaHostnameId, sig-butterfly-key-B EccP256CurvePoint, la1-id LaHostnameId, la2-id LaHostnameId, enc-plv1 EncryptedIndividualPLV, enc-plv2 EncryptedIndividualPLV, group-linkage-info SEQUENCE { gla1-id LaHostnameId, gla2-id LaHostnameId, enc-gplv1 EncryptedGroupPLV, enc-gplv2 EncryptedGroupPLV } OPTIONAL, -- used to encrypt the response enc-butterfly-key-H EccP256CurvePoint } --- -- @brief This structure defines the Identification Certificate information that is sent in the -- request certificate message. -- @class IdCertRequestInfo -- @param pca-id contains the PCA's hostname. -- @param type contains the type information of certificate requested i.e. explicit -- certificate or implicit certificate. -- @param to-be-signed-cert is the certificate that is signed by PCA when it responds with a -- PcaRaCertResponseMsg. It contains the crlSeries (value inserted by -- PCA) and appPermissions (the Identification certificate request PSID) -- to be hashed when. -- @param response-encryption-key is used by the PCA to encrypt the to-be-signed-cert. -- @see PcaHostnameId, CertificateType, ToBeSignedCertificate, EccP256CurvePoint IdCertRequestInfo ::= SEQUENCE { pca-id PcaHostnameId, type CertificateType, to-be-signed-cert ToBeSignedCertificate( WITH COMPONENTS { ..., crlSeries(0), appPermissions } ), response-encryption-key EccP256CurvePoint } --- -- @brief This structure defines the response message to RaPcaCertRequestMsg. It is sent by PCA to RA. -- @class PcaRaCertResponseMsg -- @param version the current version of the data type. The version specified in this -- document is version 1, represented by the integer 1. -- @param requestHash contains the hash of the original request, using the HashedId8 type as defined in -- 1609dot2-base-types.asn of [2]. In the case when the PCA cannot calculate the -- hash of the original request due to a hardError, this field shall be all zeroes. -- @param reply contains the encrypted pseudonym certificates with corresponding linkage values -- for an individual OBE. A failure is sent if any form of error arises in -- communication between PCA and RA. Refer pca-ra-error.asn. -- @see Uint8, HashedId8, PcaHostnameId, ScopedPcaRaError PcaRaCertResponseMsg ::= SEQUENCE { version Uint8(1), requestHash HashedId8, pca-id PcaHostnameId, reply CHOICE { success CHOICE { signed-encrypted SignedEncryptedCertificateResponse, raw PlaintextCertificateResponse }, failure ScopedPcaRaError }, ... } --- -- @brief SignedEncrypted responses are signed 1609.2 data, containing encrypted 1609.2 data, which -- decrypts to a DecryptedCertificateData containing the PlaintextCertificateResponse. -- -- This is implemented as follows. -- At the Signed level: -- * ToBeSignedEncryptedCertificateResponse is defined with all the fields relevant to both -- types of response plus optional i-value -- * SignedEncryptedCertificateResponse is defined. -- At the Encrypted level, the EncryptedCertificateData type is a 1609.2 data containing a -- single recipient info which is encrypted to a response encryption key. -- The EncryptedCertificateData decrypts to a DecryptedCertificateData, which is an unsecured -- 1609.2 data containing a PlaintextCertificateResponse. (It's a 1609.2 data to maintain -- the convention that all EncryptedData decrypts to a 1609.2 data). -- The PlaintextCertificateResponse distinguishes between: (implicit/explicit) and -- (butterfly/single-key) as all four combinations are potentially legal and a receiver needs -- to know which combination applies in order to recover the correct private key. -- @class SignedEncryptedCertificateResponse -- @param unsecuredData contains the response that is signed by the PCA. SignedEncryptedCertificateResponse ::= Ieee1609Dot2Data (WITH COMPONENTS {..., content (WITH COMPONENTS { signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS { payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ToBeSignedEncryptedCertificateResponse) }) }) PRESENT, extDataHash ABSENT }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief Certificate response that is signed by the PCA while sending pseudonym certificates to RA. -- @class ToBeSignedEncryptedCertificateResponse -- @param psidSsp is a sequence of PSIDs and their corresponding SSPs. -- @param expiration indicates the expiration date of the certificate. -- @param lifetime indicates the time duration for which the certificate will be valid. -- @param encrypted-data contains the Encrypted certificate sent from PCA to RA. -- @see SequenceOfPsidSsp, Time32, Duration ToBeSignedEncryptedCertificateResponse ::= SEQUENCE { psidSsp SequenceOfPsidSsp, expiration Time32, lifetime Duration, encrypted-cert EncryptedCertificateData } --- -- @brief This structure encloses the encrypted certificate data that decrypts to a -- DecryptedCertificateData by the EE. -- @class EncryptedCertificateData EncryptedCertificateData ::= Ieee1609Dot2Data (WITH COMPONENTS { content (WITH COMPONENTS {..., encryptedData (WITH COMPONENTS { ..., recipients (SIZE(1) INTERSECTION (WITH COMPONENT ( RecipientInfo (WITH COMPONENTS {rekRecipInfo}) ))) }) }) }) --- -- @brief This structure contains the certificate data in plain text which is obtained by the EE by -- decrypting EncryptedCertificateData. -- @class DecryptedCertificateData DecryptedCertificateData ::= Ieee1609Dot2Data (WITH COMPONENTS { content (WITH COMPONENTS {..., unsecuredData (CONTAINING PlaintextCertificateResponse ) }) }) --- -- @brief This structure contains the certificate data created by the PCA. -- @class PlaintextCertificateResponse -- @param implicit-butterfly denotes the butterfly key included in this structure when certificate -- sent by the PCA is of implicit type. -- @param implicit is the implicit certificate produced by the PCA. -- @param explicit-butterfly denotes the butterfly key included in this structure when certiciate -- sent by the PCA is of explicit type. -- @param explicit is the explicit certificate produced by the PCA. PlaintextCertificateResponse ::= CHOICE { implicit-butterfly ImplicitCertResponse, implicit ImplicitCertResponse, explicit-butterfly ButterflyExplicitCertResponse, explicit Certificate } --- -- @brief This structure defines the implicit certificate type which is sent as a response to an EE. -- @class ImplicitCertResponse -- @param certificate is the implicit certificate produced by the PCA. -- @param priv-key-reconstruction-s is the value required to reconstruct the PCA's public key. ImplicitCertResponse ::= SEQUENCE { certificate Certificate (WITH COMPONENTS { ..., type(implicit), issuer(WITH COMPONENTS {sha256AndDigest}) }), priv-key-reconstruction-s EccP256PrivateKeyReconstruction } --- -- @brief This structure defines the explicit certificate type which is sent as a response to an EE. -- @class ButterflyExplicitCertResponse -- @param certificate is the explicit certificate produced by the PCA. -- @param priv-key-reconstruction-s NOTE that this is actually a randomization value used by an EE -- to reconstruct the PCA's public key. ButterflyExplicitCertResponse ::= SEQUENCE { certificate Certificate (WITH COMPONENTS { ..., type(explicit), issuer(WITH COMPONENTS {sha256AndDigest}) }), priv-key-reconstruction-c EccP256PrivateKeyReconstruction } END -- -- Copyright 2017 Crash Avoidance Metrics Partner, VSC5 Consortium -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. -- -- @namespace Ieee1609Dot2RaPgError Ieee1609Dot2RaPgError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) ra-pg(16) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; --- -- @brief -- @class RaPgError -- @param -- @see RaPgError ::= ENUMERATED { raPgMalformedRequest, raPgSignatureFailed, raPgPolicyError, ... } END -- -- Copyright 2017 Crash Avoidance Metrics Partner, VSC5 Consortium -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. -- -- @namespace Ieee1609Dot2RaPgInterface Ieee1609Dot2RaPgInterface {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) ra-pg(16) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; IMPORTS HashedId8, Hostname, Opaque, Uint8, Uint32 FROM IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2)} Countersignature, SignerIdentifier FROM IEEE1609dot2 {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) schema(1) major-version-2(2)} HPCR, HPCRAndHostInfo, LCIAndHostInfo, RaHostnameId, MaHostnameId FROM Ieee1609dot2ScmsBaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) base-types(2) major-version-2(2)} ScopedMaRaBlacklistError, ScopedMaRaLCIError FROM Ieee1609dot2ScmsError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) complete(1) major-version-2(2)} RaPgError FROM Ieee1609Dot2RaPgError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) ra-pg(16) major-version-2(2)} BasePolicyFile, ToBeSignedPolicyData FROM Ieee1609dot2ScmsPolicyTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) policy-types (500) major-version-2(2)} ; --- -- @brief The RaPgInterfacePDU is the parent message type for messages sent -- between Registration Authority (RA) and Policy Generator (PG). -- @class RaPgInterfacePDU -- @param raPgPolicySignatureRequest contains the request from RA to -- obtain policy file from PG. -- @param raPgPolicySignatureRequestReply contains response from PG to -- RaPgPolicySignatureRequestMsg from RA. RaPgInterfacePDU ::= CHOICE { raPgPolicySignatureRequest RaPgPolicySignatureRequestMsg, raPgPolicySignatureRequestReply RaPgPolicySignatureRequestReplyMsg, ... } --- -- @brief This data type contains custom policy files generated by PG. PG -- signs this at the scms-protocol level. -- @class ToBeSignedCustomPolicyFile -- @param policy denotes the custom policy file generated by PG. ToBeSignedCustomPolicyFile ::= ToBeSignedPolicyData( WITH COMPONENTS {..., policy(WITH COMPONENTS {..., custom PRESENT }) }) --- -- @brief This data type is used by PG to enclose custom policy file. -- @class SignedCustomPolicyFile -- @param tbsData is the custom policy file data that is signed by PG at -- scms-protocol level. SignedCustomPolicyFile ::= BasePolicyFile (WITH COMPONENTS {..., tbsData( WITH COMPONENTS {..., policy(WITH COMPONENTS {..., custom PRESENT }) }) }) --- -- @brief RA uses this data type to request signed modified global parameters -- inside a local policy file (LPF). An RA may generate an LPF with a -- mix of global parameters and local parameters. The global portion -- must be approved and signed by the PG before it can be distributed -- to EEs. -- @class RaPgPolicySignatureRequestMsg -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- @param tbs contains the policy file data that is signed by PG. -- @see Uint8 RaPgPolicySignatureRequestMsg ::= SEQUENCE { version Uint8(1), tbs ToBeSignedCustomPolicyFile, ... } --- -- @brief PG uses this data type to respond to RaPgPolicySignatureRequestMsg -- from RA. -- @class RaPgPolicySignatureRequestReplyMsg -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by -- the integer 1. -- @param signedFile includes the policy file signed by PG if request from RA -- has no errors. Otherwise, an appropriate error code is -- included. -- @see Uint8, RaPgError RaPgPolicySignatureRequestReplyMsg ::= SEQUENCE { version Uint8(1), signedFile CHOICE { success SignedCustomPolicyFile, failure RaPgError } } END -- -- Copyright 2017 Crash Avoidance Metrics Partner, VSC5 Consortium -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. -- -- @namespace Ieee1609dot2ScmsError Ieee1609dot2ScmsError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) complete (1) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; IMPORTS ScmsCommonError FROM Ieee1609dot2ScmsCommonError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) common(2) major-version-2(2)} ComponentCertificateManagementError FROM Ieee1609Dot2ScmsComponentCertificateManagementErrorScmsComponentCertificateManagementError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) component-certificate-management(3) major-version-2(2)} EcaEndEntityError FROM Ieee1609Dot2EcaEndEntityErrorEcaEndEntityError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) eca-ee(5) major-version-2(2)} LaMaError FROM Ieee1609Dot2LaMaErrorLaMaError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) la-ma(9) major-version-2(2)} LaPcaError FROM Ieee1609Dot2LaPcaErrorLaPcaError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) la-pca(10) major-version-2(2)} LaRaError FROM Ieee1609Dot2LaRaErrorLaRaError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) la-ra(11) major-version-2(2)} MaPcaError FROM Ieee1609Dot2MaPcaErrorMaPcaError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) ma-pca(13) major-version-2(2)} MaRaError FROM Ieee1609Dot2MaRaErrorMaRaError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) ma-ra(14) major-version-2(2)} PcaRaError FROM Ieee1609Dot2PcaRaErrorPcaRaError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) pca-ra(15) major-version-2(2)} ; --- -- @brief -- @class ScmsError -- @param -- @see ScmsError ::= CHOICE { common ScmsCommonError, ccm ComponentCertificateManagementError, eca-ee EcaEndEntityError, la-ma LaMaError, la-pca LaPcaError, la-ra LaRaError, ma-pca MaPcaError, ma-ra MaRaError, pca-ra PcaRaError, ... } --- -- @brief -- @class ScopedComponentCertificateManagementError -- @param -- @see ScopedComponentCertificateManagementError ::= ScmsError (WITH COMPONENTS {common} | WITH COMPONENTS {ccm}) --- -- @brief -- @class ScopedEcaEndEntityError -- @param -- @see ScopedEcaEndEntityError ::= ScmsError (WITH COMPONENTS {common} | WITH COMPONENTS {eca-ee}) -- This type is not used (see following la-ma errors) --- -- @brief -- @class ScopedLaMaError -- @param -- @see ScopedLaMaError ::= ScmsError (WITH COMPONENTS {common} | WITH COMPONENTS {la-ma}) -- Linkage information request errors --- -- @brief -- @class ScopedLaMaLIError -- @param -- @see ScopedLaMaLIError ::= ScmsError (WITH COMPONENTS {common} | WITH COMPONENTS {la-ma (WITH COMPONENTS {la-ma-base-error} | WITH COMPONENTS {la-ma-linkage-info-error})} ) -- Linkage seed request errors --- -- @brief -- @class ScopedLaMaLSError -- @param -- @see ScopedLaMaLSError ::= ScmsError (WITH COMPONENTS {common} | WITH COMPONENTS {la-ma (WITH COMPONENTS {la-ma-base-error} | WITH COMPONENTS {la-ma-linkage-seed-error})} ) --- -- @brief -- @class ScopedLaPcaError -- @param -- @see ScopedLaPcaError ::= ScmsError (WITH COMPONENTS {common} | WITH COMPONENTS {la-pca}) --- -- @brief -- @class ScopedLaRaError -- @param -- @see ScopedLaRaError ::= ScmsError (WITH COMPONENTS {common} | WITH COMPONENTS {la-ra}) --- -- @brief -- @class ScopedMaPcaError -- @param -- @see ScopedMaPcaError ::= ScmsError (WITH COMPONENTS {common} | WITH COMPONENTS {ma-pca}) --- -- @brief -- @class ScopedMaRaError -- @param -- @see ScopedMaRaError ::= ScmsError (WITH COMPONENTS {common} | WITH COMPONENTS {ma-ra}) -- Blacklist request errors --- -- @brief -- @class ScopedMaRaBlacklistError -- @param -- @see ScopedMaRaBlacklistError ::= ScmsError (WITH COMPONENTS {common} | WITH COMPONENTS {ma-ra (WITH COMPONENTS {ma-ra-base-error} | WITH COMPONENTS {ma-ra-blacklist-error})} ) -- Linkage chain identifier request errors --- -- @brief -- @class ScopedMaRaLCIError -- @param -- @see ScopedMaRaLCIError ::= ScmsError (WITH COMPONENTS {common} | WITH COMPONENTS {ma-ra (WITH COMPONENTS {ma-ra-base-error} | WITH COMPONENTS {ma-ra-lci-error})} ) --- -- @brief -- @class ScopedPcaRaError -- @param -- @see ScopedPcaRaError ::= ScmsError (WITH COMPONENTS {common} | WITH COMPONENTS {pca-ra}) END -- -- Copyright 2017 Crash Avoidance Metrics Partner, VSC5 Consortium -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. -- -- @namespace IEEE1609dot2ScmsProtocol IEEE1609dot2ScmsProtocol {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) protocol(1) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; IMPORTS HashAlgorithm, SequenceOfPsid, SequenceOfPsidSsp, Uint8, Uint16 FROM IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2)} Certificate, Ieee1609Dot2Data, SequenceOfCertificate, Signature, SignerIdentifier FROM IEEE1609dot2 {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) schema(1) major-version-2(2)} MisbehaviorReportingPsid, SecurityMgmtPsid FROM Ieee1609dot2ScmsBaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) base-types(2) major-version-2(2)} ScmsComponentCertificateManagementPDU FROM Ieee1609Dot2ScmsComponentCertificateManagement {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) component-certificate-management(3) major-version-2(2)} EcaEndEntityInterfacePDU FROM Ieee1609Dot2EcaEndEntityInterface {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) eca-ee(5) major-version-2(2)} EndEntityMaInterfacePDU FROM Ieee1609Dot2EndEntityMaInterface {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) ee-ma(7) major-version-2(2)} EndEntityRaInterfacePDU FROM Ieee1609Dot2EndEntityRaInterface {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) ee-ra(8) major-version-2(2)} LaMaInterfacePDU FROM Ieee1609Dot2LaMaInterface {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) la-ma(9) major-version-2(2)} LaPcaInterfacePDU FROM Ieee1609Dot2LaPcaInterface {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) la-pca(10) major-version-2(2)} LaRaInterfacePDU FROM Ieee1609Dot2LaRaInterface {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) la-ra(11) major-version-2(2)} MaPcaInterfacePDU FROM Ieee1609Dot2MaPcaInterface {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) ma-pca(13) major-version-2(2)} MaRaInterfacePDU FROM Ieee1609Dot2MaRaInterface {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) ma-ra(14) major-version-2(2)} PcaRaInterfacePDU FROM Ieee1609Dot2PcaRaInterface {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) pca-ra(15) major-version-2(2)} RaPgInterfacePDU FROM Ieee1609Dot2RaPgInterface {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) ra-pg(16) major-version-2(2)} CertificateChainFiles FROM IEEE1609dot2-cert-chains {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base (1) cert-chains (4) major-version-2(2)} PolicyFiles FROM Ieee1609dot2ScmsPolicyTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) policy-types(500) major-version-2(2)} ; --- -- @brief The ScmsPDU is the parent structure that encompasses all parent -- structures of interfaces defined in the SCMS. -- @class ScmsPDU -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- @param content encloses the information of an SCMS interface. -- @param ccm contains the component certificate management interface -- structure. -- @param eca-ee contains the interface structure defined for interaction -- between Enrollment Certificate Authority (ECA) and an End -- Entity (EE). -- @param ee-ma contains the interface structure defined for interaction -- between an End Entity (EE) and Misbehavior Authority (MA). -- @param ee-ra contains the interface structure defined for interaction -- between an End Entity (EE) and Registration Authority (RA). -- @param la-ma contains the interface structure defined for interaction -- between Linkage Authority (LA) and Misbehavior Authority (MA). -- @param la-pca contains the interface structure defined for interaction -- between Linkage Authority (LA) and Pseudonym Certificate -- Authority (PCA). -- @param la-ra contains the interface structure defined for interaction -- between Linkage Authority (LA) and Registration Authority (RA). -- @param ma-pca contains the interface st@ucture defined for interaction -- between Misbehavior Authority (MA) and Pseudonym Certificate -- Authority (PCA). -- @param ma-ra contains the interface structure defined for interactions -- between Misbehavior Authority (MA) and Registration Authority -- (RA). -- @param pca-ra contains the interface structure defined for interactions -- between Pseudonym Certificate Authority (PCA) and Registration -- Authority (RA). -- @param ra-pg contains the interface structure defined for interactions -- between Registration Authority (RA) and Policy Generator (PG). ScmsPDU ::= SEQUENCE { version Uint8(1), content CHOICE { ccm ScmsComponentCertificateManagementPDU, eca-ee EcaEndEntityInterfacePDU, ee-ma EndEntityMaInterfacePDU, ee-ra EndEntityRaInterfacePDU, la-ma LaMaInterfacePDU, la-pca LaPcaInterfacePDU, la-ra LaRaInterfacePDU, ma-pca MaPcaInterfacePDU, ma-ra MaRaInterfacePDU, pca-ra PcaRaInterfacePDU, ra-pg RaPgInterfacePDU, ... } } --- -- @brief This is a collection structure designed for transferring certificate -- and policy files among SCMS entities. -- @class ScmsFile -- @param version contains the current version of the data type. The -- version specified in this document is version 1, -- represented by the integer 1. -- @param content encloses information of an SCMS file. -- @param cert-chain contains the chain of certificates through which the -- necessary entities can be recursively verified. -- @param policy contains files that define policies about certificates -- (e.g. certificate lifetimes) ScmsFile ::= SEQUENCE { version Uint8(1), content CHOICE { cert-chain CertificateChainFiles, policy PolicyFiles, ... } } -- ************************************************************************* -- -- Scoped -- -- ************************************************************************* -- *** EE-CA *************************************************************** --- -- @brief This structure defines the EeEcaCertRequest as a scoped version of -- the ScmsPDU. -- @class ScopedEeEnrollmentCertRequest ScopedEeEnrollmentCertRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { eca-ee (WITH COMPONENTS { eeEcaCertRequest }) }) }) --- -- @brief This structure defines the EcaEeCertResponse as a scoped version of -- the ScmsPDU. -- @class ScopedEeEnrollmentCertResponse ScopedEeEnrollmentCertResponse ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { eca-ee (WITH COMPONENTS { ecaEeCertResponse }) }) }) -- *** EE-MA *************************************************************** --- -- @brief This structure defines the MisbehaviorReport as a scoped version of -- the ScmsPDU. -- @class ScopedMisbehaviorReport ScopedMisbehaviorReport ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ee-ma (WITH COMPONENTS { misbehaviorReport }) }) }) -- *** EE-RA *************************************************************** --- -- @brief This structure defines the EeRaCertRequest as a scoped version of the -- ScmsPDU. -- @class ScopedEeRaCertRequest ScopedEeRaCertRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ee-ra (WITH COMPONENTS { eeRaCertRequest }) }) }) --- -- @brief This structure defines the RaEeCertResponse as a scoped version of -- the ScmsPDU. -- @class ScopedRaEeCertResponse ScopedRaEeCertResponse ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ee-ra (WITH COMPONENTS { raEeCertResponse }) }) }) --- -- @brief This structure defines the EeRaPseudonymCertProvisioningRequest as a -- scoped version of the ScmsPDU. -- @class ScopedPseudonymCertProvisioningRequest ScopedPseudonymCertProvisioningRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ee-ra (WITH COMPONENTS { eeRaPseudonymCertProvisioningRequest }) }) }) --- -- @brief This structure defines the RaEePseudonymCertProvisioningAck as a -- scoped version of the ScmsPDU. -- @class ScopedPseudonymCertProvisioningAck ScopedPseudonymCertProvisioningAck ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ee-ra (WITH COMPONENTS { raEePseudonymCertProvisioningAck }) }) }) --- -- @brief This structure defines the EeRaIdCertProvisioningRequest as a scoped -- version of the ScmsPDU. -- @class ScopedIdCertProvisioningRequest ScopedIdCertProvisioningRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ee-ra (WITH COMPONENTS { eeRaIdCertProvisioningRequest }) }) }) --- -- @brief This structure defines the RaEeIdCertProvisioningAck as a scoped -- version of the ScmsPDU. -- @class ScopedIdCertProvisioningAck ScopedIdCertProvisioningAck ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ee-ra (WITH COMPONENTS { raEeIdCertProvisioningAck }) }) }) --- -- @brief This structure defines the EeRaAppCertProvisioningRequest as a -- scoped version of the ScmsPDU. -- @class ScopedAppCertProvisioningRequest ScopedAppCertProvisioningRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ee-ra (WITH COMPONENTS { eeRaAppCertProvisioningRequest }) }) }) --- -- @brief This structure defines the RaEeAppCertProvisioningAck as a scoped -- version of the ScmsPDU. -- @class ScopedAppCertProvisioningAck ScopedAppCertProvisioningAck ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ee-ra (WITH COMPONENTS { raEeAppCertProvisioningAck }) }) }) --- -- @brief This structure defines the GlobalCertificateChainFile as a scoped -- version of the ScmsPDU. -- @class ScopedGlobalCertificateChainFile ScopedGlobalCertificateChainFile ::= ScmsFile (WITH COMPONENTS {..., content (WITH COMPONENTS { cert-chain( WITH COMPONENTS { globalCertificateChainFile }) }) }) --- -- @brief This structure defines the LocalCertificateChainFile as a scoped -- version of the ScmsPDU. -- @class ScopedLocalCertificateChainFile ScopedLocalCertificateChainFile ::= ScmsFile (WITH COMPONENTS {..., content (WITH COMPONENTS { cert-chain( WITH COMPONENTS { localCertificateChainFile }) }) }) --- -- @brief This structure defines the GlobalPolicyFile as a scoped version of -- the ScmsPDU. -- @class ScopedGlobalPolicyFile ScopedGlobalPolicyFile ::= ScmsFile (WITH COMPONENTS {..., content (WITH COMPONENTS { policy( WITH COMPONENTS { globalPolicyFile }) }) }) --- -- @brief This structure defines the LocalPolicyFile as a scoped version of -- the ScmsPDU. -- @class ScopedLocalPolicyFile ScopedLocalPolicyFile ::= ScmsFile (WITH COMPONENTS {..., content (WITH COMPONENTS { policy( WITH COMPONENTS { localPolicyFile }) }) }) --- -- @brief This structure defines the EeRaAuthenticatedDownloadRequest as a -- scoped version of the ScmsPDU. -- @class ScopedAuthenticatedDownloadRequest ScopedAuthenticatedDownloadRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ee-ra (WITH COMPONENTS { eeRaAuthenticatedDownloadRequest }) }) }) -- *** LA-MA *************************************************************** --- -- @brief This structure defines the MaLaLinkageInfoRequest as a scoped -- version of the ScmsPDU. -- @class ScopedLIRequest ScopedLIRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { la-ma (WITH COMPONENTS { maLaLinkageInfoRequest }) }) }) --- -- @brief This structure defines the LaMaLinkageInfoResponse as a scoped -- version of the ScmsPDU. -- @class ScopedLIReply ScopedLIReply ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { la-ma (WITH COMPONENTS { laMaLinkageInfoResponse }) }) }) --- -- @brief This structure defines the MaLaLinkageSeedRequest as a scoped -- version of the ScmsPDU. -- @class ScopedLSRequest ScopedLSRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { la-ma (WITH COMPONENTS { maLaLinkageSeedRequest }) }) }) --- -- @brief This structure defines the LaMaLinkageSeedResponse as a scoped -- version of the ScmsPDU. -- @class ScopedLSReply ScopedLSReply ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { la-ma (WITH COMPONENTS { laMaLinkageSeedResponse }) }) }) -- *** LA-PCA ************************************************************** --- -- @brief This structure defines the PcaLaKeyAgreementRequest as a scoped -- version of the ScmsPDU. -- @class ScopedPcaLaKeyAgreementRequest ScopedPcaLaKeyAgreementRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { la-pca (WITH COMPONENTS { pcaLaKeyAgreementRequest }) }) }) --- -- @brief This structure defines the LaPcaKeyAgreementResponse as a scoped -- version of the ScmsPDU. -- @class ScopedLaPcaKeyAgreementResponse ScopedLaPcaKeyAgreementResponse ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { la-pca (WITH COMPONENTS { laPcaKeyAgreementResponse }) }) }) --- -- @brief This structure defines the PcaLaKeyAgreementAck as a scoped version -- of the ScmsPDU. -- @class ScopedPcaLaKeyAgreementAck ScopedPcaLaKeyAgreementAck ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { la-pca (WITH COMPONENTS { pcaLaKeyAgreementAck }) }) }) -- *** LA-RA *************************************************************** --- -- @brief This structure defines the RaLaIndividualPreLinkageValueRequest as a -- scoped version of the ScmsPDU. -- @class ScopedRaLaIndividualPreLinkageValueRequest ScopedRaLaIndividualPreLinkageValueRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { la-ra (WITH COMPONENTS { raLaIndividualPreLinkageValueRequest }) }) }) --- -- @brief This structure defines the RaLaGroupPreLinkageValueRequest as a -- scoped version of the ScmsPDU. -- @class ScopedRaLaGroupPreLinkageValueRequest ScopedRaLaGroupPreLinkageValueRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { la-ra (WITH COMPONENTS { raLaGroupPreLinkageValueRequest }) }) }) --- -- @brief This structure defines the LaRaPreLinkageValueResponse as a scoped -- version of the ScmsPDU. -- @class ScopedLaRaPreLinkageValueResponse ScopedLaRaPreLinkageValueResponse ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { la-ra (WITH COMPONENTS { laRaPreLinkageValueResponse }) }) }) -- *** MA-PCA ************************************************************** --- -- @brief This structure defines the MaPcaPreLinkageValueRequest as a scoped -- version of the ScmsPDU. -- @class ScopedMaPcaPreLinkageValueRequest ScopedMaPcaPreLinkageValueRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ma-pca (WITH COMPONENTS { maPcaPreLinkageValueRequest }) }) }) --- -- @brief This structure defines the PcaMaPreLinkageValueResponse as a scoped -- version of the ScmsPDU. -- @class ScopedPcaMaPreLinkageValueResponse ScopedPcaMaPreLinkageValueResponse ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ma-pca (WITH COMPONENTS { pcaMaPreLinkageValueResponse }) }) }) --- -- @brief This structure defines the MaPcaHPCRRequest as a scoped version of -- the ScmsPDU. -- @class ScopedMaPcaHPCRRequest ScopedMaPcaHPCRRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ma-pca (WITH COMPONENTS { maPcaHPCRRequest }) }) }) --- -- @brief This structure defines the PcaMaHPCRResponse as a scoped version of -- the ScmsPDU. -- @class ScopedPcaMaHPCRResponse ScopedPcaMaHPCRResponse ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ma-pca (WITH COMPONENTS { pcaMaHPCRResponse }) }) }) -- *** MA-RA ************************************************************** --- -- @brief This structure defines the MaRaBlacklistRequest as a scoped version -- of the ScmsPDU. -- @class ScopedBlacklistRequest ScopedBlacklistRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ma-ra (WITH COMPONENTS { maRaBlacklistRequest }) }) }) --- -- @brief This structure defines the RaMaBlacklistResponse as a scoped version -- of the ScmsPDU. -- @class ScopedBlacklistResponse ScopedBlacklistResponse ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ma-ra (WITH COMPONENTS { raMaBlacklistResponse }) }) }) --- -- @brief This structure defines the MaRaLCIRequest as a scoped version of the -- ScmsPDU. -- @class ScopedLCIRequest ScopedLCIRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ma-ra (WITH COMPONENTS { maRaLCIRequest }) }) }) --- -- @brief This structure defines the RaMaLCIResponse as a scoped version of -- the ScmsPDU. -- @class ScopedLCIResponse ScopedLCIResponse ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ma-ra (WITH COMPONENTS { raMaLCIResponse }) }) }) --- -- @brief This structure defines the MaRaRseObeIdBlacklistRequest as a scoped -- version of the ScmsPDU. -- @class ScopedRseObeIdBlacklistRequest ScopedRseObeIdBlacklistRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ma-ra (WITH COMPONENTS { maRaRseObeIdBlacklistRequest }) }) }) --- -- @brief This structure defines the RaMaRseObeIdBlacklistResponse as a scoped -- version of the ScmsPDU. -- @class ScopedRseObeIdBlacklistResponse ScopedRseObeIdBlacklistResponse ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ma-ra (WITH COMPONENTS { raMaRseObeIdBlacklistResponse }) }) }) -- *** PCA-RA ************************************************************* --- -- @brief This structure defines the RaPcaCertRequest as a scoped version of -- the ScmsPDU. -- @class ScopedRaPcaCertificateRequest ScopedRaPcaCertificateRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { pca-ra (WITH COMPONENTS { raPcaCertRequest }) }) }) --- -- @brief This structure defines the PcaRaCertResponse as a scoped version of -- the ScmsPDU. -- @class ScopedPcaRaCertificateRequestReply ScopedPcaRaCertificateRequestReply ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { pca-ra (WITH COMPONENTS { pcaRaCertResponse }) }) }) -- *** RA-PG ************************************************************* --- -- @brief This structure defines the RaPgPolicySignatureRequest as a scoped -- version of the ScmsPDU. -- @class ScopedRaPgPolicySignatureRequest ScopedRaPgPolicySignatureRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ra-pg (WITH COMPONENTS { raPgPolicySignatureRequest }) }) }) --- -- @brief This structure defines the RaPgPolicySignatureRequestReply as a -- scoped version of the ScmsPDU. -- @class ScopedRaPgPolicySignatureRequestReply ScopedRaPgPolicySignatureRequestReply ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ra-pg (WITH COMPONENTS { raPgPolicySignatureRequestReply }) }) }) -- *** Scoped certificate requests ************************************** --- -- @brief This structure defines the all certificate requests messages as -- scoped version of the ScmsPDU. -- @class ScopedCertificateRequest ScopedCertificateRequest ::= ScmsPDU ( ScopedEeRaCertRequest | ScopedEeEnrollmentCertRequest | ScopedPseudonymCertProvisioningRequest | ScopedIdCertProvisioningRequest | ScopedAppCertProvisioningRequest | ScopedRaPcaCertificateRequest | ScopedAuthenticatedDownloadRequest ) --************************************************************************* -- -- Certificate Request -- --********************************************************************** --- -- @brief This structure defines the a format of a signed certificate -- request. -- @class SignedCertificateRequest -- @param hashId is the hash of the current request. -- @param tbsRequest contains the certificate request information that -- is signed by the recipient. -- @param signer denotes the signing entity's identifier. -- @param signature contains the request sender's signature. SignedCertificateRequest ::= SEQUENCE { hashId HashAlgorithm, tbsRequest ScopedCertificateRequest, signer SignerIdentifier, signature Signature } -- ************************************************************************* -- ************************************************************************* -- -- Secured -- -- ************************************************************************* -- ************************************************************************* --- -- @brief This structure contains either secured (encrypted) or unsecured -- (plaintext) data as per need. It follows the same structure defined -- for Ieee1609Dot2Data in -- 1609dot2-schema.asn. -- @class SecuredScmsPDU SecuredScmsPDU ::= Ieee1609Dot2Data -- ************************************************************************* -- -- EE-ECA -- -- ************************************************************************* --- -- @brief This structure contains the ScopedEeEnrollmentCertRequest which -- encloses the EeEcaCertRequest. EE sends this message to the ECA to -- request enrollment certificates for itself. EE signs this message -- using its private key generated during bootstrapping. -- @class SignedEeEnrollmentCertRequest -- @param content contains an EEs enrollment certificate request and the EEs -- self signature. -- @see EeEcaCertRequest SignedEeEnrollmentCertRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedCertificateRequest (CONTAINING SignedCertificateRequest (WITH COMPONENTS {..., tbsRequest (ScopedEeEnrollmentCertRequest), signer (WITH COMPONENTS { self }) }) ) }) }) --- -- @brief This structure contains the ScopedEeEnrollmentCertResponse which -- encloses the EcaEeCertResponse. ECA responds on an EE's -- SignedEeEnrollmentCertRequest using this message. ECA signs this -- message using its private key corresponding to its EcaCertificate. -- @class SignedEeEnrollmentCertResponse -- @param content contains the ScopedEeEnrollmentCertResponse. -- @see EcaEeCertResponse, EcaCertificate SignedEeEnrollmentCertResponse ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedEeEnrollmentCertResponse) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) -- ************************************************************************* -- -- EE-MA -- -- ************************************************************************* --- -- @brief This structure contains SignedMisbehaviorReport and is sent by an EE -- to MA through RA. EE sends this misbehavior reports to MA using -- using structure. EE encrypts this message using MA's public key from -- MaCertificate that it obtains during bootstrapping. -- @class SecuredMisbehaviorReport -- @param content contains the encrypted misbehavior reports generated by an -- EE; decrypts to a SignedMisbehaviorReport. -- @see MisbehaviorReportContents, MaCertificate SecuredMisbehaviorReport ::= SecuredScmsPDU(WITH COMPONENTS {..., content(WITH COMPONENTS {..., encryptedData }) }) --- -- @brief This structure contains the misbehavior reports generated by an EE -- and sent to the RA. The RA forwards this message to the MA in the -- form of SecuredMisbehaviorReport. The reporting EE signs this message -- using its private key corresponding to its active -- ObePseudonymCertificate. -- @class SignedMisbehaviorReport, ObePseudonymCertificate -- @param content contains the misbehavior report in the form of -- ScopedMisbehaviorReport generated by the reporting EE. -- @see MisbehaviorReportContents SignedMisbehaviorReport ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedMisbehaviorReport) }) }) }), headerInfo (WITH COMPONENTS {..., psid (MisbehaviorReportingPsid), generationTime PRESENT, expiryTime ABSENT, generationLocation PRESENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }), signer (WITH COMPONENTS {..., certificate (SequenceOfCertificate (SIZE(1))) }) }) }) }) -- ************************************************************************* -- -- EE-RA -- -- ************************************************************************* --- -- @brief This structure contains the encrypted ScopedEeRaCertRequest which -- contains the EeRaCertRequestMsg. EE sends this message to RA to -- request RA's currently active RaCertificate. EE encrypts this message -- using the RA's public key obtained from RaCertificate. If EE -- requests RA's certificate for the first time, it will encrypt using -- the key obtained at the time of device bootstrapping. -- @class SecuredRACertRequest -- @param content contains the ScopedEeRaCertRequest. -- @see EeRaCertRequestMsg, RaCertificate SecuredRACertRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., unsecuredData (CONTAINING ScopedEeRaCertRequest) }) }) --- -- @brief This structure contains the encrypted ScopedRaEeCertResponse which -- contains the RaEeCertResponseMsg. RA responds to -- SecuredRACertRequest using this structure with its active -- RaCertificate. -- NOTE ERROR: RA cannot encrypt this message since EE does not send its encryptionKey in its ObeEnrollmentCertificate with SecuredRACertRequest. -- @class SecuredRACertResponse -- @param content contains the ScopedRaEeCertResponse -- @see RaEeCertResponseMsg, ObeEnrollmentCertificate SecuredRACertResponse ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., unsecuredData (CONTAINING ScopedRaEeCertResponse) }) }) --- -- @brief This structure contains the ScopedPseudonymCertProvisioningRequest -- which contains the EeRaPseudonymCertProvisioningRequest structure. -- EE sends this message to PCA through RA to request -- ObePseudonymCertificate. EE signs this message using its private key -- corresponding to its ObeEnrollmentCertificate. -- @class SignedPseudonymCertProvisioningRequest -- @param content contains the pseudonym certificate provisioning request and -- requesting EE's ObeEnrollmentCertificate. -- @see EeRaPseudonymCertProvisioningRequest, ObePseudonymCertificate, -- ObeEnrollmentCertificate SignedPseudonymCertProvisioningRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedCertificateRequest (CONTAINING SignedCertificateRequest (WITH COMPONENTS {..., tbsRequest (ScopedPseudonymCertProvisioningRequest), signer (WITH COMPONENTS { certificate (SequenceOfCertificate (SIZE(1))) }) }) ) }) }) --- -- @brief This structure contains SignedPseudonymCertProvisioningRequest -- generated by the requesting EE and sent to the RA. The RA forwards -- this request to the PCA. EE encrypts this message using PCA's public -- key obtained during device bootstrapping. -- @class SecuredPseudonymCertProvisioningRequest -- @param content contains the encrypted pseudonym certificate provisioning -- request generated by an EE; decrypts to a -- SignedPseudonymCertProvisioningRequest. -- @see EeRaPseudonymCertProvisioningRequest SecuredPseudonymCertProvisioningRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData }) }) --- -- @brief This structure contains ScopedPseudonymCertProvisioningAck which -- contains RaEePseudonymCertProvisioningAck. RA acknowledges receipt -- of an EE's SignedPseudonymCertProvisioningRequest using this -- structure. RA signs this message using its private key corresponding -- to its RaCertificate. -- @class SignedPseudonymCertProvisioningAck -- @param content contains the ScopedPseudonymCertProvisioningAck. -- @see RaEePseudonymCertProvisioningAck, RaCertificate SignedPseudonymCertProvisioningAck ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedPseudonymCertProvisioningAck) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains the SignedPseudonymCertProvisioningAck. -- NOTE ERROR: PCA cannot encrypt this message since EE does not send an encryptionKey in ObeEnrollmentCertificate in SignedPseudonymCertProvisioningRequest. -- @class SecuredPseudonymCertProvisioningAck -- @param content contains the encrypted acknowledgement for pseudonym -- certificate provisioning; decrypts to -- SignedPseudonymCertProvisioningAck. -- @see RaEePseudonymCertProvisioningAck, ObeEnrollmentCertificate SecuredPseudonymCertProvisioningAck ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData }) }) --- -- @brief This structure contains the ScopedIdCertProvisioningRequest -- which contains the EeRaIdCertProvisioningRequest structure. -- EE signs this message using its private key corresponding to its -- ObeEnrollmentCertificate. -- @class SignedIdCertProvisioningRequest -- @param content contains the pseudonym certificate provisioning request and -- requesting EE's enrollment certificate. -- @see EeRaIdCertProvisioningRequest, ObeEnrollmentCertificate SignedIdCertProvisioningRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedCertificateRequest (CONTAINING SignedCertificateRequest (WITH COMPONENTS {..., tbsRequest (ScopedIdCertProvisioningRequest), signer (WITH COMPONENTS { certificate (SequenceOfCertificate (SIZE(1))) }) }) ) }) }) --- -- @brief This structure contains SignedIdCertProvisioningRequest -- generated by the requesting EE and sent to the RA. The RA forwards -- this request to the PCA. EE encrypts this message using PCA's public -- key obtained during device bootstrapping. -- @class SecuredIdCertProvisioningRequest -- @param content contains the encrypted pseudonym certificate provisioning -- request generated by an EE; decrypts to a -- SignedIdCertProvisioningRequest. -- @see EeRaIdCertProvisioningRequest SecuredIdCertProvisioningRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData }) }) --- -- @brief This structure contains the ScopedIdCertProvisioningAck which -- contains the RaEeIdCertProvisioningAck. RA signs this message using -- its private key corresponding to its RaCertificate. RA sends this -- message to an EE in the form of SecuredIdCertProvisioningAck. -- @class SignedIdCertProvisioningAck -- @param content contains the ScopedIdCertProvisioningAck which encloses the -- RaEeIdCertProvisioningAck. -- @see RaEeIdCertProvisioningAck, RaCertificate SignedIdCertProvisioningAck ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedIdCertProvisioningAck) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains the SignedIdCertProvisioningAck. -- NOTE ERROR: PCA cannot encrypt this message since EE does not send an encryptionKey in ObeEnrollmentCertificate in SignedIdCertProvisioningRequest. -- @class SecuredIdCertProvisioningAck -- @param content contains the encrypted acknowledgement for identification -- certificate provisioning; decrypts to -- SignedIdCertProvisioningAck. -- @see RaEeIdCertProvisioningAck, ObeEnrollmentCertificate SecuredIdCertProvisioningAck ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData }) }) --- -- @brief This structure contains the ScopedAppCertProvisioningRequest -- which contains the EeRaAppCertProvisioningRequest structure. -- EE signs this message using its private key corresponding to its -- ObeEnrollmentCertificate. -- @class SignedAppCertProvisioningRequest -- @param content contains the pseudonym certificate provisioning request and -- requesting EE's enrollment certificate. -- @see EeRaAppCertProvisioningRequest SignedAppCertProvisioningRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedCertificateRequest (CONTAINING SignedCertificateRequest (WITH COMPONENTS {..., tbsRequest (ScopedAppCertProvisioningRequest), signer (WITH COMPONENTS { certificate (SequenceOfCertificate (SIZE(1))) }) }) ) }) }) --- -- @brief This structure contains SignedAppCertProvisioningRequest -- generated by the requesting EE and sent to the RA. The RA forwards -- this request to the PCA. EE encrypts this message using PCA's public -- key obtained during device bootstrapping. -- @class SecuredAppCertProvisioningRequest -- @param content contains the encrypted pseudonym certificate provisioning -- request generated by an EE; decrypts to a -- SignedAppCertProvisioningRequest. -- @see EeRaAppCertProvisioningRequest SecuredAppCertProvisioningRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData }) }) --- -- @brief This structure contains the ScopedAppCertProvisioningAck which -- contains the RaEeAppCertProvisioningAck. RA signs this message using -- its private key corresponding to its RaCertificate. RA sends this -- message to an EE in the form of SecuredAppCertProvisioningAck. -- @class SignedAppCertProvisioningAck -- @param content contains the ScopedAppCertProvisioningAck which encloses the -- RaEeAppCertProvisioningAck. -- @see RaEeAppCertProvisioningAck, RaCertificate SignedAppCertProvisioningAck ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedAppCertProvisioningAck) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains the SignedAppCertProvisioningAck. -- NOTE ERROR: PCA cannot encrypt this message since EE does not send an encryptionKey in ObeEnrollmentCertificate in SignedAppCertProvisioningRequest. -- @class SecuredAppCertProvisioningAck -- @param content contains the encrypted acknowledgement for application -- certificate provisioning; decrypts to -- SignedAppCertProvisioningAck. -- @see RaEeAppCertProvisioningAck, ObeEnrollmentCertificate SecuredAppCertProvisioningAck ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData }) }) --- -- @brief This structure contains the ScopedAuthenticatedDownloadRequest which -- contains the AuthenticatedDownloadRequest. EE signs this message -- using its private key corresponding to its ObeEnrollmentCertificate. -- EE sends this message to RA in the form of -- SecuredAuthenticatedDownloadRequest. -- @class SignedAuthenticatedDownloadRequest -- @param content contains the authenticated download request and EE's -- enrollment certificate. -- @see AuthenticatedDownloadRequest, ObeEnrollmentCertificate SignedAuthenticatedDownloadRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedCertificateRequest (CONTAINING SignedCertificateRequest (WITH COMPONENTS {..., tbsRequest (ScopedAuthenticatedDownloadRequest), signer (WITH COMPONENTS { certificate (SequenceOfCertificate (SIZE(1))) }) }) ) }) }) --- -- @brief This structure contains the SignedAuthenticatedDownloadRequest and -- is sent by an EE to the RA. EE encrypts this message using RA's -- public key obtained at device bootstrapping. -- @class SecuredAuthenticatedDownloadRequest -- @param content contains the authenticated download request signed by an EE; -- decrypts to SignedAuthenticatedDownloadRequest. -- @see AuthenticatedDownloadRequest SecuredAuthenticatedDownloadRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData }) }) --- -- @brief This structure contains ScopedGlobalPolicyFile which contains -- GlobalPolicyFile. PG signs this message using its private key -- corresponding to its PgCertificate. -- @class SignedGlobalPolicyFile -- @param content contains the ScopedGlobalPolicyFile. -- @see GlobalPolicyFile, PgCertificate SignedGlobalPolicyFile ::= Ieee1609Dot2Data( WITH COMPONENTS{..., content( WITH COMPONENTS{..., signedData( WITH COMPONENTS{..., tbsData( WITH COMPONENTS{..., payload( WITH COMPONENTS{..., data( WITH COMPONENTS{..., content( WITH COMPONENTS{..., unsecuredData( CONTAINING ScopedGlobalPolicyFile ) }) }) }) }) }) }) }) --- -- @brief This structure contains ScopedLocalPolicyFile which contains -- LocalPolicyFile. PG signs this message using its private key -- corressponding to its PgCertificate. -- @class SignedLocalPolicyFile -- @param content contains the ScopedLocalPolicyFile. -- @see LocalPolicyFile, PgCertificate SignedLocalPolicyFile ::= Ieee1609Dot2Data( WITH COMPONENTS{..., content( WITH COMPONENTS{..., signedData( WITH COMPONENTS{..., tbsData( WITH COMPONENTS{..., payload( WITH COMPONENTS{..., data( WITH COMPONENTS{..., content( WITH COMPONENTS{..., unsecuredData( CONTAINING ScopedLocalPolicyFile ) }) }) }) }) }) }) }) -- ************************************************************************* -- -- LA-MA -- -- ************************************************************************* --- -- @brief This structure contains ScopedLIRequest which contains -- MaLaLinkageInfoRequest. MA signs this message using its private key -- corresponding to its MaCertificate. -- @class SignedLIRequest -- @param content contains the ScopedLIRequest. -- @see MaLaLinkageInfoRequest SignedLIRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedLIRequest) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This stucture contains SignedLIRequest and is sent by MA to LA. -- MA encrypts this message using LA's public key that it obtains -- from LaCertificate received from ICA at Add LA stage. -- @class SecuredLIRequest -- @param contains encrypted linkage information signed by MA; decrypts to a -- SignedLIRequest. -- @see MaLaLinkageInfoRequest, LaCertificate SecuredLIRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData }) }) --- -- @brief This structure contains ScopedLIReply which contains -- LaMaLinkageInfoResponseMsg. LA signs this message using its private -- key corresponding to its LaCertificate. -- @class SignedLIReply -- @param content contains ScopedLIReply. -- @see LaMaLinkageInfoResponseMsg, LaCertificate SignedLIReply ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedLIReply) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains SignedLIReply and is sent by LA to an MA's -- SecuredLIRequest. LA encrypts this message using encryptionKey -- obtained from MaCertificate. -- @class SecuredLIReply -- @param content contains LA's response with linkage information; decrypts to -- a SignedLIReply. -- @see LaMaLinkageInfoResponseMsg, MaCertificate SecuredLIReply ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData }) }) --- -- @brief This structure contains ScopedLSRequest which contains -- MaLaLinkageSeedRequestMsg. MA signs this message using its private -- key corresponding to its MaCertificate. -- @class SignedLSRequest -- @param content contains ScopedLSRequest. -- @see MaLaLinkageSeedRequestMsg, MaCertificate SignedLSRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedLSRequest) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains SignedLSRequest that is sent by MA to LA to -- request linkage seed information for misbehavior report analysis. MA -- encrypts this request using LA's public key that it obtains from -- LaCertificate received from ICA at Add LA stage. -- @class SecuredLSRequest -- @param content contains encrypted linkage seed request message signed by MA -- ; decrypts to a SignedLSRequest. -- @see MaLaLinkageSeedRequestMsg, LaCertificate SecuredLSRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData }) }) --- -- @brief This structure contains ScopedLSReply which contains -- LaMaLinkageSeedResponseMsg. LA signs this message using its private -- key corresponding to its LaCertificate. -- @class SignedLSReply -- @param content contains ScopedLSReply. -- @see LaMaLinkageSeedResponseMsg, LaCertificate SignedLSReply ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedLSReply) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains SignedLSReply and is sent by LA to an MA's -- SecuredLSRequest. LA encrypts this message using encryptionKey in -- MaCertificate. -- @class SecuredLSReply -- @param content contains LA's response with linkage information; decrypts to -- a SignedLSReply. -- @see LaMaLinkageSeedResponseMsg SecuredLSReply ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData -- decrypts to a SignedLSReply }) }) -- ************************************************************************* -- -- LA-PCA -- -- ************************************************************************* --- -- @brief This structure contains ScopedPcaLaKeyAgreementRequest which -- contains PcaLaKeyAgreementRequestMsg and is sent from PCA to LA to -- initiate key agreement. PCA signs this message using its private key -- corresponding to its PcaCertificate. -- @class SignedPcaLaKeyAgreementRequest -- @param content contains ScopedPcaLaKeyAgreementRequest. -- @see PcaLaKeyAgreementRequestMsg SignedPcaLaKeyAgreementRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedPcaLaKeyAgreementRequest) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains ScopedLaPcaKeyAgreementResponse which -- contains LaPcaKeyAgreementResponse and is sent from LA to PCA. LA -- signs this message using its private key corresponding to its -- LaCertificate. -- @class SignedLaPcaKeyAgreementResponse -- @param content contains ScopedLaPcaKeyAgreementResponse. -- @see LaPcaKeyAgreementResponse, LaCertificate SignedLaPcaKeyAgreementResponse ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedLaPcaKeyAgreementResponse) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains ScopedPcaLaKeyAgreementAck which contains -- PcaLaKeyAgreementAck and is sent from PCA to LA. PCA signs this -- message using private key corresponding to its PcaCertificate. -- @class SignedPcaLaKeyAgreementAck -- @param content contains ScopedPcaLaKeyAgreementAck. -- @see PcaLaKeyAgreementAck, PcaCertificate SignedPcaLaKeyAgreementAck ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedPcaLaKeyAgreementAck) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) -- ************************************************************************* -- -- LA-RA -- -- ************************************************************************* --- -- @brief This structure contains ScopedRaLaIndividualPreLinkageValueRequest -- which contains RaLaIndividualPreLinkageValueRequest and is sent from -- RA to LA. RA signs this message using its private key corresponding -- to its RaCertificate. Generation time is present to prevent replay, -- keep message for replay check until time corresponding to iMin has -- been reached. -- @class SignedRaLaIndividualPreLinkageValueRequest -- @param content contains ScopedRaLaIndividualPreLinkageValueRequest. -- @see RaLaIndividualPreLinkageValueRequest, RaCertificate SignedRaLaIndividualPreLinkageValueRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedRaLaIndividualPreLinkageValueRequest) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime PRESENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains ScopedRaLaGroupPreLinkageValueRequest which -- contains RaLaGroupPreLinkageValueRequest and is sent by RA to LA. RA -- signs this message using its private key corresponding to its -- RaCertificate. Generation time is present to prevent replay, -- keep message for replay check until time corresponding to iMin has -- been reached. -- @class SignedRaLaGroupPreLinkageValueRequest -- @param content contains ScopedRaLaGroupPreLinkageValueRequest. -- @see RaLaGroupPreLinkageValueRequest, RaCertificate SignedRaLaGroupPreLinkageValueRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedRaLaGroupPreLinkageValueRequest) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime PRESENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains ScopedLaRaPreLinkageValueResponse which -- contains LaRaPreLinkageValueResponse and is sent by LA to RA. LA -- signs this message using its private key corresponding to its -- LaCertificate. Generation time is present to prevent replay, -- keep message for replay check until time corresponding to iMin has -- been reached. -- @class SignedLaRaPreLinkageValueResponse -- @param content contains ScopedLaRaPreLinkageValueResponse. -- @see LaRaPreLinkageValueResponse, LaCertificate SignedLaRaPreLinkageValueResponse ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedLaRaPreLinkageValueResponse) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime PRESENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) -- ************************************************************************* -- -- MA-PCA -- -- ************************************************************************* --- -- @brief This structure contains ScopedMaPcaPreLinkageValueRequest which -- contains MaPcaPreLinkageValueRequest and is sent from MA to PCA. MA -- signs this message using its private key corresponding to its -- MaCertificate. -- @class SignedMaPcaPreLinkageValueRequest -- @param content contains ScopedMaPcaPreLinkageValueRequest. -- @see MaPcaPreLinkageValueRequest, MaCertificate SignedMaPcaPreLinkageValueRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedMaPcaPreLinkageValueRequest) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains SignedMaPcaPreLinkageValueRequest and is -- sent by MA to PCA. MA encrypts this message using encryptionKey from -- PCA's PcaCertificate. -- @class SecuredMaPcaPreLinkageValueRequest -- @param content contains MA's request to gain pre-linkage values from PCA; -- decrypts to a SignedMaPcaPreLinkageValueRequest. -- @see PcaCertificate SecuredMaPcaPreLinkageValueRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData }) }) --- -- @brief This structure contains ScopedPcaMaPreLinkageValueResponse which -- contains PcaMaPreLinkageValueResponse and is sent by PCA to MA. PCA -- signs this message using its private key corresponding to its -- PcaCertificate. -- @class SignedPcaMaPreLinkageValueResponse -- @param content contains ScopedPcaMaPreLinkageValueResponse. -- @see PcaMaPreLinkageValueResponse, PcaCertificate SignedPcaMaPreLinkageValueResponse ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedPcaMaPreLinkageValueResponse) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains SignedPcaMaPreLinkageValueResponse and is -- sent by PCA to MA. PCA encrypts this message using the encryptionKey -- in MaCertificate. -- @class SecuredPcaMaPreLinkageValueResponse -- @param content contains response from PCA with pre-linkage values requested -- by MA; decrypts to a SignedPcaMaPreLinkageValueResponse. -- @see MaCertificate SecuredPcaMaPreLinkageValueResponse ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData }) }) --- -- @brief This structure contains ScopedMaPcaHPCRRequest which contains -- MaPcaHPCRRequest and is sent by MA to PCA. MA signs this message -- using its private key corresponding to its MaCertificate. -- @class SignedMaPcaHPCRRequest -- @param content contains ScopedMaPcaHPCRRequest. -- @see MaPcaHPCRRequest, MaCertificate SignedMaPcaHPCRRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedMaPcaHPCRRequest) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains SignedMaPcaHPCRRequest and is sent by MA to -- PCA. MA encrypts this message using encryptionKey in PCA's -- PcaCertificate. -- @class SecuredMaPcaHPCRRequest -- @param content contains the encrypted HPCR request from MA; decrypts to a -- SignedMaPcaHPCRRequest. SecuredMaPcaHPCRRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData }) }) --- -- @brief This structure contains ScopedPcaMaHPCRResponse which contains -- PcaMaHPCRResponse and is sent by PCA to MA. PCA signs this message -- using its private key corresponding to its PcaCertificate. -- @class SignedPcaMaHPCRResponse -- @param content contains ScopedPcaMaHPCRResponse. -- @see PcaMaHPCRResponse, PcaCertificate SignedPcaMaHPCRResponse ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedPcaMaHPCRResponse) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains SignedPcaMaHPCRResponse and is sent by PCA -- to MA as a response to MA's SecuredMaPcaHPCRRequest. PCA encrypts -- data in this message using encryptionKey in MaCertificate. -- @class SecuredPcaMaHPCRResponse -- @param content contains the encrypted response from PCA wih HPCR; decrypts -- to a SignedPcaMaHPCRResponse. -- @see MaCertificate SecuredPcaMaHPCRResponse ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData -- }) }) -- ************************************************************************* -- -- MA-RA -- -- ************************************************************************* --- -- @brief This structure contains ScopedBlacklistRequest which contains -- MaRaBlacklistRequest and is sent by MA to RA. MA signs this message -- using the private key corresponding to its MaCertificate. -- @class SignedBlacklistRequest -- @param content contains ScopedBlacklistRequest that indicates which -- pseudonym certificates have been revoked by MA. -- @see MaRaBlacklistRequest, MaCertificate SignedBlacklistRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedBlacklistRequest) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains SignedBlacklistRequest and is sent my MA to -- RA. MA encrypts the data in this message using encryptionKey in RA's -- RaCertificate. -- @class SecuredBlacklistRequest -- @param content contains encrypted request to update RA's internal blacklist; -- decrypts to a SignedBlacklistRequest. -- @see RaCertificate SecuredBlacklistRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData }) }) --- -- @brief This structure contains ScopedBlacklistResponse which contains -- RaMaBlacklistResponse and is sent by RA to MA. RA signs this message -- using the private key corresponding to its RaCertificate. -- @class SignedBlacklistResponse -- @param content contains ScopedBlacklistResponse that indicates status of -- revoked pseudonym certificates. -- @see RaMaBlacklistResponse, RaCertificate SignedBlacklistResponse ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedBlacklistResponse) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains SignedBlacklistResponse and is sent as a -- response by RA to MA's SecuredBlacklistRequest. RA encrypts the data -- in this message using encryptionKey in MA's MaCertificate. -- @class SecuredBlacklistResponse -- @param content contains encrypted status of revoked pseudonym certificates; -- decrypts to a SignedBlacklistResponse. -- @see MaCertificate SecuredBlacklistResponse ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData }) }) --- -- @brief This structure contains ScopedRseObeIdBlacklistRequest which -- contains MaRaRseObeIdBlacklistRequest and is sent by MA to RA. MA -- signs this message using the private key corresponding to its -- MaCertificate. -- @class SignedRseObeIdBlacklistRequest -- @param content contains ScopedRseObeIdBlacklistRequest. -- @see MaRaRseObeIdBlacklistRequest, MaCertificate SignedRseObeIdBlacklistRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedRseObeIdBlacklistRequest) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains SignedRseObeIdBlacklistRequest and is sent -- by MA to RA. MA encrypts this message using the encryptionKey in RA's -- RaCertificate. -- @class SecuredRseObeIdBlacklistRequest -- @param content contains the encrypted status report of revoked -- identification and application certificates; decrypts to a -- SignedRseObeIdBlacklistRequest. -- @see RaCertificate SecuredRseObeIdBlacklistRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData }) }) --- -- @brief This structure contains ScopedBlacklistResponse which contains -- RaMaBlacklistResponse and is sent by RA to MA. RA signs this message -- using the private key corresponding to its RaCertificate. -- @class SignedRseObeIdBlacklistResponse -- @param content contains ScopedBlacklistResponse that notifies the status of -- revoked identification certificates and application -- certificates. -- @see RaMaBlacklistResponse, RaCertificate SignedRseObeIdBlacklistResponse ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedBlacklistResponse) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains SignedRseObeIdBlacklistResponse and is sent -- by RA to MA. RA encrypts this message using the encryptionKey in MA's -- MaCertificate. -- @class SecuredRseObeIdBlacklistResponse -- @param content contains encrypted status report of revoked identification -- and pseudonym certificates; decrypts to a -- SignedRseObeIdBlacklistResponse. -- @see MaCertificate SecuredRseObeIdBlacklistResponse ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData }) }) --- -- @brief This structure contains ScopedLCIRequest which contains -- MaRaLCIRequest and is sent by MA to RA. MA signs this message using -- the private key corresponding to its MaCertificate. -- @class SignedLCIRequest -- @param content contains ScopedLCIRequest. -- @see MaRaLCIRequest, MaCertificate SignedLCIRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedLCIRequest) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains SignedLCIRequest and is sent by MA to RA. MA -- encrypts the data in this message using the encryptionKey in RA's -- RaCertificate. -- @class SecuredLCIRequest -- @param content contains encrypted request for linkage chain identifiers; -- decrypts to a SignedLCIRequest. -- @see RaCertificate SecuredLCIRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData -- }) }) --- -- @brief This structure contains ScopedLCIResponse which contains -- RaMaLCIResponse and is sent by RA to MA. RA signs this message using -- the private key corresponding to its RaCertificate. -- @class SignedLCIResponse -- @param content contains ScopedLCIResponse -- @see RaMaLCIResponse, RaCertificate SignedLCIResponse ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedLCIResponse) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains SignedLCIResponse and is sent by RA to MA. -- RA signs the data in this message using the encryptionKey in MA's -- MaCertificate. -- @class SecuredLCIResponse -- @param content contains encrypted linkage chain identifiers sent by RA; -- decrypts to a SignedLCIResponse. -- @see MaCertificate SecuredLCIResponse ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData }) }) -- ************************************************************************* -- -- PCA-RA -- -- ************************************************************************* --- -- @brief This structure contains ScopedRaPcaCertificateRequest which contains -- RaPcaCertRequestMsg. RA encrypts this message before sending it to -- PCA using encryptionKey in PCA's PcaCertificate sent by the ICA -- during Add PCA stage. -- @class SecuredRaPcaCertificateRequest -- @param content contains ScopedRaPcaCertificateRequest and RA's certificate. -- @see RaPcaCertRequestMsg SecuredRaPcaCertificateRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedCertificateRequest (CONTAINING SignedCertificateRequest (WITH COMPONENTS {..., tbsRequest (ScopedRaPcaCertificateRequest), signer (WITH COMPONENTS { certificate (SequenceOfCertificate (SIZE(1)) ) -- certificate (SequenceOfCertificate (SIZE(1)) (CONSTRAINED BY { -- Certificate(EndEntityEnrollmentPseudonymCertificate) -- })) }) }) ) }) }) --- -- @brief This structure contains ScopedPcaRaCertificateRequestReply which -- contains PcaRaCertResponseMsg. PCA encrypts this message before -- sending it to RA using the encryptionKey in RA's RaCertificate. -- @class SecuredPcaRaCertificateRequestReply -- @param content contains ScopedPcaRaCertificateRequestReply. -- @see PcaRaCertResponseMsg SecuredPcaRaCertificateRequestReply ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedPcaRaCertificateRequestReply) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure defines the TbsElectorEndorsement as a scoped version -- of the ScmsPDU. -- @class ScopedElectorEndorsement -- @param content contains TbsElectorEndorsement -- @see TbsElectorEndorsement ScopedElectorEndorsement ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ccm (WITH COMPONENTS { tbsElectorEndorsement }) }) }) --- -- @brief This structure contains ScopedElectorEndorsement which contains -- TbsElectorEndorsement and is used by Electors to endorse addition of -- a new Elector to the SCMS. The existing Electors sign their -- endorsements using their private keys corresponding to their -- respective ElectorCertificate. -- @class SignedElectorEndorsement -- @param content contains ScopedElectorEndorsement. -- @see TbsElectorEndorsement SignedElectorEndorsement ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedElectorEndorsement) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime PRESENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) ScopedElectorBallot ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ccm (WITH COMPONENTS { electorBallot }) }) }) SecuredElectorBallot ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., unsecuredData (CONTAINING ScopedElectorBallot) }) }) -- Note: even though this is an "unsecured" message, this merely states that -- "UnsecuredElectorBallot" (ie. Ieee1609Dot2Data wrapper) is not a signed or -- encrypted message. However, the ScopedElectorBallot contains contents -- that has been signed. UnsecuredElectorBallot ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., unsecuredData (CONTAINING ScopedElectorBallot) -- signed payload }) }) -- ************************************************************************* -- -- SSP -- -- ************************************************************************* --- -- @brief The ScmsSsp is the parent structure that encompasses all Service -- Specific Permission (SSP) structures defined in the SCMS. -- @class ScmsSsp -- @param elector contains SSP defined for an Elector. -- @param root contains SSP defined for a Root CA. -- @param pg contains SSP defined for a Policy Generator (PG). -- @param ica contains SSP defined for an Intermediate Certification Authority (ICA). -- @param eca contains SSP defined for an Enrollment Certification Authority (ECA). -- @param pca contains SSP defined for a Pseudonym Certification Authority (PCA). -- @param crl contains SSP defined for a Certification Revocation List (CRL). -- @param dcm contains SSP defined for a Device Configuration Manager (DCM). -- @param la contains SSP defined for a Linkage Authority (LA). -- @param lop contains SSP defined for a Location Obscurer Proxy (LOP). -- @param ma contains SSP defined for a Misbehavior Authority (MA). -- @param ra contains SSP defined for a Registration Authority (RA). ScmsSsp ::= CHOICE { elector ElectorSsp, root RootCaSsp, pg PGSsp, ica IcaSsp, eca EcaSsp, pca PcaSsp, crl CrlSignerSsp, dcm DcmSsp, la LaSsp, lop LopSsp, ma MaSsp, ra RaSsp, ... } --- -- @brief This structure defines the SSP for an Elector. -- @class ElectorSsp -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- @see Uint8 ElectorSsp ::= SEQUENCE { version Uint8(1), ... } --- -- @brief This structure defines the SSP for a Root CA. -- @class RootCaSsp -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- @see Uint8 RootCaSsp ::= SEQUENCE { version Uint8(1), ... } --- -- @brief This structure defines the SSP for a PG. -- @class PGSsp -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- @see Uint8 PGSsp ::= SEQUENCE { version Uint8(1), ... } --- -- @brief This structure defines the SSP for an ICA. -- @class IcaSsp -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- @see Uint8 IcaSsp ::= SEQUENCE { version Uint8(1), ... } --- -- @brief This structure defines the SSP for an ECA. -- @class EcaSsp -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- @see Uint8 EcaSsp ::= SEQUENCE { version Uint8(1), ... } --- -- @brief This structure defines the SSP for a PCA. -- @class PcaSsp -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- specified in this document is version 1, represented by the -- integer 1. -- @see Uint8 PcaSsp ::= SEQUENCE { version Uint8(1), ... } --- -- @brief This structure defines the SSP for a CRL signer. -- @class CrlSignerSsp -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- @see Uint8 CrlSignerSsp ::= SEQUENCE { version Uint8(1), ... } --- -- @brief This structure defines the SSP for a DCM. -- @class DcmSsp -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- @see Uint8 DcmSsp ::= SEQUENCE { version Uint8(1), ... } --- -- @brief This structure defines the SSP for an LA. -- @class LaSsp -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- @see Uint8 LaSsp ::= SEQUENCE { version Uint8(1), laId Uint16, ... } --- -- @brief This structure defines the SSP for an LOP. -- @class LopSsp -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- @see Uint8 LopSsp ::= SEQUENCE { version Uint8(1), ... } --- -- @brief This structure defines the SSP for an MA. -- @class MaSsp -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- @see Uint8 MaSsp ::= SEQUENCE { version Uint8(1), relevantPsids SequenceOfPsid, ... } --- -- @brief This structure defines the SSP for an RA. -- @class RaSsp -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- @see Uint8 RaSsp ::= SEQUENCE { version Uint8(1), ... } END -- -- Copyright 2017 Crash Avoidance Metrics Partner, VSC5 Consortium -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. -- -- @namespace IEEE1609dot2-profiles IEEE1609dot2-profiles {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) profiles(3) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; IMPORTS Certificate, Countersignature, ExplicitCertificate, ImplicitCertificate, PsidGroupPermissions, PsidSsp, SequenceOfPsidGroupPermissions, SequenceOfPsidSsp, SequenceOfPsidSspRange FROM IEEE1609dot2 {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) schema(1) major-version-2(2)} CrlSeries, IdentifiedRegion, Psid, PsidSspRange, SequenceOfIdentifiedRegion FROM IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2)} CrlPsid -- PSID = 0x100 FROM IEEE1609dot2Crl {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) crl(3) protocol(1) major-version-2(2)} CrlSsp, PermissibleCrls FROM IEEE1609dot2CrlSsp {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) crl(3) service-specific-permissions(3) major-version-2(2)} Canada, Mexico, USA, CrlgCertExpiration, DcmCertExpiration, EcaCertExpirationCvp, EcaCertExpirationPoc, ElectorCertExpiration, IcaCertExpirationCvp, IcaCertExpirationPoc, LaCertExpiration, MaCertExpiration, ObeEnrollmentCertExpirationCvp, ObeEnrollmentCertExpirationPoc, ObeIdentificationCertExpiration, ObePseudonymCertExpiration, PcaCertExpiration, PgCertExpiration, RaCertExpiration, RootCaCertExpiration, RseApplicationCertExpiration, RseEnrollmentCertExpirationCvp, RseEnrollmentCertExpirationPoc, BsmPsid, --PSID = 0x20 SecurityMgmtPsid, -- PSID = 0x23 MisbehaviorReportingPsid, -- PSID = 0x26 VulnerableRoadUsersSafetyPsid, -- PSID = 0x27 DifferentialGpsCorrectionsUncompressedPsid, -- PSID = 0x80 DifferentialGpsCorrectionsCompressedPsid, -- PSID = 0x81 IntersectionSafetyAndAwarenessPsid, -- PSID = 0x82 TravellerInformationAndRoadsideSignagePsid, -- PSID = 0x83 WaveServiceAdvertisementPsid, -- PSID = 0x87 VehicleInitiatedDistressNotificationPsid, -- PSID = 0x4082 TranscoreSoftwareUpdatePsid, -- PSID = 0x204083 CVPApplication1Psid, -- PSID = 0x204088 CVPApplication2Psid, -- PSID = 0x204089 CVPApplication3Psid, -- PSID = 0x20408A CVPApplication4Psid, -- PSID = 0x20408B CVPApplication5Psid, -- PSID = 0x20408C CVPApplication6Psid, -- PSID = 0x20408D CVPApplication7Psid, -- PSID = 0x20408E CVPApplication8Psid, -- PSID = 0x20408F CVPApplication9Psid, -- PSID = 0x204090 CVPApplication10Psid, -- PSID = 0x204091 CVPApplication11Psid, -- PSID = 0x204092 CVPApplication12Psid, -- PSID = 0x204093 CVPApplication13Psid, -- PSID = 0x204094 CVPApplication14Psid, -- PSID = 0x204095 CVPApplication15Psid, -- PSID = 0x204096 CVPApplication16Psid, -- PSID = 0x204097 EeEnrollmentCrlSeries, EeNonPseudonymCrlSeries, ObePseudonymCrlSeries, ScmsComponentCrlSeries, ScmsSpclComponentCrlSeries FROM Ieee1609dot2ScmsBaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) base-types(2) major-version-2(2)} ; --- -- @brief This data type defines the CRL generator's certificate structure and -- its contents generated by the Root CA. The CRL generator does not -- provide a public key (encryptionKey) for encryption of data sent by -- other components in the SCMS ecosystem. -- @class CrlgCertificate -- @param issuer contains the hash of the certificate contents generated by -- the Root CA. -- @param toBeSigned contains certificate content that is signed by the CRL -- generator. -- @see IssuerIdentifier CrlgCertificate ::= ExplicitCertificate (WITH COMPONENTS { ..., issuer (WITH COMPONENTS {sha256AndDigest}), toBeSigned (WITH COMPONENTS { ..., id (WITH COMPONENTS { name ("crlg.v2xscms.com" | "crlg.cvp.v2xscms.com") -- !!TBD!! }), cracaId, --set to HashedId3 of the Root CA cert crlSeries(ScmsSpclComponentCrlSeries), validityPeriod (WITH COMPONENTS { ..., duration (CrlgCertExpiration) }), region ABSENT, assuranceLevel ABSENT, appPermissions (SequenceOfPsidSsp (SIZE(2)) (CONSTRAINED BY { PsidSsp (WITH COMPONENTS { psid (SecurityMgmtPsid), -- PSID = 0x23 ssp --OER encoding of ScmsSsp indicating CrlSignerSsp }), PsidSsp (WITH COMPONENTS { psid (CrlPsid), -- PSID = 0x100 ssp (WITH COMPONENTS {opaque(CONTAINING CrlSsp (WITH COMPONENTS {..., associatedCraca(issuerIsCraca), crls (PermissibleCrls (SIZE(4)) (CONSTRAINED BY { CrlSeries (EeEnrollmentCrlSeries), CrlSeries (EeNonPseudonymCrlSeries), CrlSeries (ObePseudonymCrlSeries), CrlSeries (ScmsComponentCrlSeries) })) }))}) }) })), certIssuePermissions ABSENT, certRequestPermissions ABSENT, canRequestRollover (NULL), encryptionKey ABSENT, verifyKeyIndicator (WITH COMPONENTS { verificationKey (WITH COMPONENTS { ecdsaNistP256 (WITH COMPONENTS { compressed-y-0, compressed-y-1 }) }) }) }) }) --- -- @brief This data type defines the Device Configuration Manager's (DCM) -- certificate structure and its contents generated by ???. DCM provides -- a public key (encryptionKey) so that other SCMS components can send -- data securely to the DCM. -- @class DcmCertificate -- @param issuer contains the hash of the certificate contents generated by -- the ???. -- @param toBeSigned contains certificate content that is signed by the DCM -- generator. -- @see IssuerIdentifier DcmCertificate ::= ExplicitCertificate (WITH COMPONENTS { ..., issuer (WITH COMPONENTS{sha256AndDigest}), toBeSigned (WITH COMPONENTS { ..., id (WITH COMPONENTS { name ("dcm.v2xscms.com" | "v2v-dcm.cvp.v2xscms.com" | "v2i-dcm.cvp.v2xscms.com") -- !!TBD!! }), cracaId, --set to HashedId3 of the Root CA cert crlSeries(ScmsComponentCrlSeries), validityPeriod (WITH COMPONENTS { ..., duration (DcmCertExpiration) }), region (WITH COMPONENTS { identifiedRegion (SequenceOfIdentifiedRegion (SIZE(1)) (CONSTRAINED BY { IdentifiedRegion ( WITH COMPONENTS { countryOnly(USA) }) })) }), assuranceLevel ABSENT, appPermissions (SequenceOfPsidSsp (SIZE(1)) (CONSTRAINED BY { PsidSsp (WITH COMPONENTS { psid (SecurityMgmtPsid), -- PSID = 0x23 ssp --OER encoding of ScmsSsp indicating Dcmssp }) })), certIssuePermissions ABSENT, certRequestPermissions (SequenceOfPsidGroupPermissions (SIZE(1)) (CONSTRAINED BY { PsidGroupPermissions ( WITH COMPONENTS {..., subjectPermissions (WITH COMPONENTS { explicit (SequenceOfPsidSspRange (SIZE (2)) (CONSTRAINED BY { PsidSspRange (WITH COMPONENTS { psid (BsmPsid), --PSID = 0x20 sspRange(WITH COMPONENTS{ opaque -- single OCTET STRING of length 0 }) }), PsidSspRange (WITH COMPONENTS { psid (MisbehaviorReportingPsid), -- PSID = 0x26 sspRange ABSENT }) })) }), minChainLength(0), chainLengthRange(0), eeType({enrol}) }) })), canRequestRollover(NULL), encryptionKey PRESENT, verifyKeyIndicator (WITH COMPONENTS { verificationKey (WITH COMPONENTS { ecdsaNistP256 (WITH COMPONENTS { compressed-y-0, compressed-y-1 }) }) }) }) }) --- -- @brief This data type defines an Elector's certificate structure and its -- contents generated by the SCMS Manager. An Elector does not provide -- a public key (encryptionKey). -- @class ElectorCertificate -- @param issuer contains the hash of the certificate contents generated by -- the SCMS Manager. -- @param toBeSigned contains certificate content that is signed by the CRL -- generator. -- @see IssuerIdentifier ElectorCertificate ::= ExplicitCertificate (WITH COMPONENTS { ..., issuer (WITH COMPONENTS {self}), toBeSigned (WITH COMPONENTS { ..., id (WITH COMPONENTS { binaryId (SIZE(1)) -- !!TBD!! }), cracaId('000000'H), crlSeries(0), validityPeriod (WITH COMPONENTS { ..., duration (ElectorCertExpiration) }), region ABSENT, assuranceLevel ABSENT, appPermissions (SequenceOfPsidSsp (SIZE(1)) (CONSTRAINED BY { PsidSsp (WITH COMPONENTS { psid (SecurityMgmtPsid), -- PSID = 0x23 ssp --OER encoding of ScmsSsp indicating ElectorSsp }) })), certIssuePermissions ABSENT, certRequestPermissions ABSENT, canRequestRollover ABSENT, encryptionKey ABSENT, verifyKeyIndicator (WITH COMPONENTS { verificationKey (WITH COMPONENTS { ecdsaNistP256 (WITH COMPONENTS { compressed-y-0, compressed-y-1 }) }) }) }) }) --- -- @brief This data type defines an Enrollment Certificate Authority's (ECA) -- certificate structure and its contents generated by the Intermediate -- Certificate Authority (ICA). The ECA provides a public key ( -- encryptionKey) so that other SCMS components can send data securely -- to this ECA. -- @class EcaCertificate -- @param issuer contains the hash of the certificate contents generated by -- the ICA. -- @param toBeSigned contains certificate content that is signed by the ECA. -- @see IssuerIdentifier EcaCertificate ::= ExplicitCertificate (WITH COMPONENTS { ..., issuer (WITH COMPONENTS {sha256AndDigest}), toBeSigned (WITH COMPONENTS { ..., id (WITH COMPONENTS { name ("eca.prod.v2xscms.com" | "eca.qa.v2xscms.com" | "eca.test.v2xscms.com") }), cracaId, --set to HashedId3 of the Root CA cert crlSeries(ScmsComponentCrlSeries), validityPeriod (WITH COMPONENTS { ..., duration (EcaCertExpirationPoc | EcaCertExpirationCvp) }), region (WITH COMPONENTS { identifiedRegion (SequenceOfIdentifiedRegion (SIZE(1)) (CONSTRAINED BY { IdentifiedRegion ( WITH COMPONENTS { countryOnly(USA) }) })) }), assuranceLevel ABSENT, appPermissions (SequenceOfPsidSsp (SIZE(1)) (CONSTRAINED BY { PsidSsp (WITH COMPONENTS { psid (SecurityMgmtPsid), -- PSID = 0x23 ssp --OER encoding of ScmsSsp indicating Ecassp }) })), certIssuePermissions (SequenceOfPsidGroupPermissions (SIZE (1)) (WITH COMPONENT (WITH COMPONENTS {..., subjectPermissions (WITH COMPONENTS {..., explicit (SequenceOfPsidSspRange (SIZE (26)) (CONSTRAINED BY{ PsidSspRange (WITH COMPONENTS { psid (BsmPsid), --PSID = 0x20 sspRange(WITH COMPONENTS{ opaque -- single OCTET STRING of length 0 }) }), PsidSspRange (WITH COMPONENTS { psid (MisbehaviorReportingPsid), -- PSID = 0x26 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (VulnerableRoadUsersSafetyPsid), -- PSID = 0x27 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (DifferentialGpsCorrectionsUncompressedPsid), -- PSID = 0x80 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (DifferentialGpsCorrectionsCompressedPsid), -- PSID = 0x81 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (IntersectionSafetyAndAwarenessPsid), -- PSID = 0x82 sspRange(WITH COMPONENTS{ opaque --SSP: 90-01, 90-FF-FF-01, 90-FF-FF-02, 90-FF-FF-03, 90-FF-FF-04 }) }), PsidSspRange (WITH COMPONENTS { psid (TravellerInformationAndRoadsideSignagePsid), -- PSID = 0x83 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (WaveServiceAdvertisementPsid), -- PSID = 0x87 sspRange(WITH COMPONENTS{ opaque -- single OCTET STRING of length 0 }) }), PsidSspRange (WITH COMPONENTS { psid (VehicleInitiatedDistressNotificationPsid), -- PSID = 0x4082 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (TranscoreSoftwareUpdatePsid), -- PSID = 0x204083 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication1Psid), -- PSID = 0x204088 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication2Psid), -- PSID = 0x204089 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication3Psid), -- PSID = 0x20408A sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication4Psid), -- PSID = 0x20408B sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication5Psid), -- PSID = 0x20408C sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication6Psid), -- PSID = 0x20408D sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication7Psid), -- PSID = 0x20408E sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication8Psid), -- PSID = 0x20408F sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication9Psid), -- PSID = 0x204090 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication10Psid), -- PSID = 0x204091 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication11Psid), -- PSID = 0x204092 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication12Psid), -- PSID = 0x204093 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication13Psid), -- PSID = 0x204094 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication14Psid), -- PSID = 0x204095 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication15Psid), -- PSID = 0x204096 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication16Psid), -- PSID = 0x204097 sspRange ABSENT }) })) }), minChainLength(1), chainLengthRange(0), eeType({enrol}) }))), certRequestPermissions ABSENT, canRequestRollover (NULL), encryptionKey PRESENT, verifyKeyIndicator (WITH COMPONENTS { verificationKey (WITH COMPONENTS { ecdsaNistP256 (WITH COMPONENTS { compressed-y-0, compressed-y-1 }) }) }) }) }) --- -- @brief This data type defines an Intermediate Certificate Authority's (ICA) -- certificate structure and its contents. An ICA certificate can be -- generated by another ICA. The ICA does not provide a public key -- (encryptionKey). -- @class IcaCertificate -- @param issuer contains the hash of the certificate contents generated by -- the ICA. -- @param toBeSigned contains certificate content that is signed by the ICA. -- @see IssuerIdentifier IcaCertificate ::= ExplicitCertificate (WITH COMPONENTS { ..., issuer (WITH COMPONENTS {sha256AndDigest}), toBeSigned (WITH COMPONENTS { ..., id (WITH COMPONENTS { name ("ica.prod.v2xscms.com" | "ica.qa.v2xscms.com" | "ica.test.v2xscms.com") }), cracaId, --set to HashedId3 of the Root CA cert crlSeries(ScmsComponentCrlSeries), validityPeriod (WITH COMPONENTS { ..., duration (IcaCertExpirationPoc | IcaCertExpirationCvp) }), region (WITH COMPONENTS { identifiedRegion (SequenceOfIdentifiedRegion (SIZE(1)) (CONSTRAINED BY { IdentifiedRegion ( WITH COMPONENTS { countryOnly(USA) }) })) }), assuranceLevel ABSENT, appPermissions (SequenceOfPsidSsp (SIZE(1)) (CONSTRAINED BY { PsidSsp (WITH COMPONENTS { psid (SecurityMgmtPsid), -- PSID = 0x23 ssp --OER encoding of ScmsSsp indicating Icassp }) })), certIssuePermissions (SequenceOfPsidGroupPermissions (SIZE(2)) (CONSTRAINED BY { PsidGroupPermissions ( WITH COMPONENTS {..., subjectPermissions (WITH COMPONENTS { all }), minChainLength(2), chainLengthRange(0), eeType ({app, enrol}) }), PsidGroupPermissions ( WITH COMPONENTS {..., subjectPermissions (WITH COMPONENTS { explicit (SequenceOfPsidSspRange (SIZE (26)) (CONSTRAINED BY{ PsidSspRange (WITH COMPONENTS { psid (BsmPsid), --PSID = 0x20 sspRange(WITH COMPONENTS{ opaque -- single OCTET STRING of length 0 }) }), PsidSspRange (WITH COMPONENTS { psid (MisbehaviorReportingPsid), -- PSID = 0x26 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (VulnerableRoadUsersSafetyPsid), -- PSID = 0x27 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (DifferentialGpsCorrectionsUncompressedPsid), -- PSID = 0x80 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (DifferentialGpsCorrectionsCompressedPsid), -- PSID = 0x81 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (IntersectionSafetyAndAwarenessPsid), -- PSID = 0x82 sspRange(WITH COMPONENTS{ opaque --SSP: 90-01, 90-FF-FF-01, 90-FF-FF-02, 90-FF-FF-03, 90-FF-FF-04 }) }), PsidSspRange (WITH COMPONENTS { psid (TravellerInformationAndRoadsideSignagePsid), -- PSID = 0x83 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (WaveServiceAdvertisementPsid), -- PSID = 0x87 sspRange(WITH COMPONENTS{ opaque -- single OCTET STRING of length 0 }) }), PsidSspRange (WITH COMPONENTS { psid (VehicleInitiatedDistressNotificationPsid), -- PSID = 0x4082 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (TranscoreSoftwareUpdatePsid), -- PSID = 0x204083 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication1Psid), -- PSID = 0x204088 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication2Psid), -- PSID = 0x204089 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication3Psid), -- PSID = 0x20408A sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication4Psid), -- PSID = 0x20408B sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication5Psid), -- PSID = 0x20408C sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication6Psid), -- PSID = 0x20408D sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication7Psid), -- PSID = 0x20408E sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication8Psid), -- PSID = 0x20408F sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication9Psid), -- PSID = 0x204090 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication10Psid), -- PSID = 0x204091 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication11Psid), -- PSID = 0x204092 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication12Psid), -- PSID = 0x204093 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication13Psid), -- PSID = 0x204094 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication14Psid), -- PSID = 0x204095 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication15Psid), -- PSID = 0x204096 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication16Psid), -- PSID = 0x204097 sspRange ABSENT }) })) }), minChainLength(1), chainLengthRange(-1), eeType ({app, enrol}) }) })), certRequestPermissions ABSENT, canRequestRollover (NULL), encryptionKey ABSENT, verifyKeyIndicator (WITH COMPONENTS { verificationKey (WITH COMPONENTS { ecdsaNistP256 (WITH COMPONENTS { compressed-y-0, compressed-y-1 }) }) }) }) }) --- -- @brief This data type defines a Linkage Authority's (LA) certificate -- structure and its contents generated by the Intermediate Certificate -- Authority (ICA). The LA does not provide a public key (encryptionKey) -- for secure communication. Instead it uses shared symmetric key -- encryption for secure communication with the PCA. -- @class LaCertificate -- @param issuer contains the hash of the certificate contents generated by -- the ICA. -- @param toBeSigned contains certificate content that is signed by the LA. -- @see IssuerIdentifier LaCertificate ::= ExplicitCertificate (WITH COMPONENTS { ..., issuer (WITH COMPONENTS{sha256AndDigest}), toBeSigned (WITH COMPONENTS { ..., id (WITH COMPONENTS { name ("la1.prod.v2xscms.com" | "la2.prod.v2xscms.com" | "la1.qa.v2xscms.com" | "la2.qa.v2xscms.com" | "la1.test.v2xscms.com" | "la2.test.v2xscms.com") }), cracaId, --set to HashedId3 of the Root CA cert crlSeries(ScmsComponentCrlSeries), validityPeriod (WITH COMPONENTS { ..., duration (LaCertExpiration) }), region (WITH COMPONENTS { identifiedRegion (SequenceOfIdentifiedRegion (SIZE(1)) (CONSTRAINED BY { IdentifiedRegion ( WITH COMPONENTS { countryOnly(USA) }) })) }), assuranceLevel ABSENT, appPermissions (SequenceOfPsidSsp (SIZE(1)) (CONSTRAINED BY { PsidSsp (WITH COMPONENTS { psid (SecurityMgmtPsid), -- PSID = 0x23 ssp --OER encoding of ScmsSsp indicating Lassp }) })), certIssuePermissions ABSENT, certRequestPermissions ABSENT, canRequestRollover (NULL), encryptionKey ABSENT, verifyKeyIndicator (WITH COMPONENTS { verificationKey (WITH COMPONENTS { ecdsaNistP256 (WITH COMPONENTS { compressed-y-0, compressed-y-1 }) }) }) }) }) --- -- @brief This data type defines a Misbehavior Authority's (MA) certificate -- structure and its contents. The MA provides a public key -- (encryptionKey) so that other SCMS components can send data securely -- to this MA. -- @class MaCertificate -- @param issuer contains the hash of the certificate contents. -- @param toBeSigned contains certificate content that is signed by the MA. -- @see IssuerIdentifier MaCertificate ::= ExplicitCertificate (WITH COMPONENTS { ..., issuer (WITH COMPONENTS {sha256AndDigest}), toBeSigned (WITH COMPONENTS { ..., id (WITH COMPONENTS { name ("ma.prod.v2xscms.com" | "ma.qa.v2xscms.com" | "ma.test.v2xscms.com") }), cracaId, --set to HashedId3 of the Root CA cert crlSeries(ScmsSpclComponentCrlSeries), validityPeriod (WITH COMPONENTS { ..., duration (MaCertExpiration) }), region ABSENT, assuranceLevel ABSENT, appPermissions (SequenceOfPsidSsp (SIZE(1)) (CONSTRAINED BY { PsidSsp (WITH COMPONENTS { psid (SecurityMgmtPsid), -- PSID = 0x23 ssp ABSENT --TBD in the MBD project. It is ABSENT only for POC. }) })), certIssuePermissions ABSENT, certRequestPermissions ABSENT, canRequestRollover (NULL), encryptionKey PRESENT, verifyKeyIndicator (WITH COMPONENTS { verificationKey (WITH COMPONENTS { ecdsaNistP256 (WITH COMPONENTS { compressed-y-0, compressed-y-1 }) }) }) }) }) --- -- @brief This data type defines an On-Board Equipment's (OBE) enrollment -- certificate structure and its contents. The ECA provides this -- certificate on request from the DCM while bootstrapping the device. -- @class ObeEnrollmentCertificate -- @param issuer contains the hash of the certificate contents. -- @param toBeSigned contains certificate content that is signed by the OBE. -- @see IssuerIdentifier ObeEnrollmentCertificate ::= ImplicitCertificate (WITH COMPONENTS { ..., issuer (WITH COMPONENTS{sha256AndDigest}), toBeSigned (WITH COMPONENTS { ..., id (WITH COMPONENTS { name("") }), cracaId, --set to HashedId3 of the Root CA cert crlSeries(EeEnrollmentCrlSeries), validityPeriod (WITH COMPONENTS { ..., duration (ObeEnrollmentCertExpirationPoc | ObeEnrollmentCertExpirationCvp) }), region (WITH COMPONENTS { identifiedRegion (SequenceOfIdentifiedRegion (SIZE(1)) (CONSTRAINED BY { IdentifiedRegion ( WITH COMPONENTS { countryOnly(USA) }) })) }), assuranceLevel ABSENT, appPermissions ABSENT, certIssuePermissions ABSENT, certRequestPermissions (SequenceOfPsidGroupPermissions (SIZE(1)) (CONSTRAINED BY { --THIS MAY CHANGE AS SPECIFIED BY SCMS MANAGER PsidGroupPermissions ( WITH COMPONENTS {..., subjectPermissions (WITH COMPONENTS { explicit (SequenceOfPsidSspRange (SIZE (2)) (CONSTRAINED BY { PsidSspRange (WITH COMPONENTS { psid (BsmPsid), --PSID = 0x20 sspRange(WITH COMPONENTS{ opaque -- single OCTET STRING of length 0 }) }), PsidSspRange (WITH COMPONENTS { psid (MisbehaviorReportingPsid), -- PSID = 0x26 sspRange(WITH COMPONENTS{ opaque -- single OCTET STRING of length 0 }) }) })) }), minChainLength(0), chainLengthRange(0), eeType({app}) }) })), canRequestRollover(NULL), encryptionKey ABSENT, verifyKeyIndicator (WITH COMPONENTS { reconstructionValue (WITH COMPONENTS { compressed-y-0, compressed-y-1 }) }) }) }) --- -- @brief This data type defines an On-Board Equipment's (OBE) identifcation -- certificate structure and its contents. The RA brokers the -- communication for provisioning this certificate from PCA to the OBE. -- @class ObeIdentificationCertificate -- @param issuer contains the hash of the certificate contents. -- @param toBeSigned contains certificate content that is signed by the OBE. -- @see IssuerIdentifier ObeIdentificationCertificate ::= ImplicitCertificate (WITH COMPONENTS { ..., issuer (WITH COMPONENTS {sha256AndDigest}), toBeSigned (WITH COMPONENTS { ..., id (WITH COMPONENTS { binaryId (SIZE (8)) -- RIF value shall be used as the certificate ID }), cracaId, --set to HashedId3 of the Root CA cert crlSeries(EeNonPseudonymCrlSeries), validityPeriod (WITH COMPONENTS { ..., duration (ObeIdentificationCertExpiration) }), region (WITH COMPONENTS { identifiedRegion (SequenceOfIdentifiedRegion (SIZE(1)) (CONSTRAINED BY { IdentifiedRegion ( WITH COMPONENTS { countryOnly(USA) }) })) }), assuranceLevel ABSENT, --appPermissions TO BE SPECIFIED BY SCMS MANAGER, certIssuePermissions ABSENT, certRequestPermissions ABSENT, canRequestRollover ABSENT, encryptionKey OPTIONAL, verifyKeyIndicator (WITH COMPONENTS { reconstructionValue (WITH COMPONENTS { compressed-y-0, compressed-y-1 }) }) }) }) --- -- @brief This data type defines an On-Board Equipment's (OBE) pseudonym -- certificate structure and its contents. The RA brokers the -- communication for provisioning this certificate from PCA to the OBE. -- @class ObePseudonymCertificate -- @param issuer contains the hash of the certificate contents. -- @param toBeSigned contains certificate content that is signed by the OBE. -- @see IssuerIdentifier ObePseudonymCertificate ::= ImplicitCertificate (WITH COMPONENTS { ..., issuer (WITH COMPONENTS {sha256AndDigest}), toBeSigned (WITH COMPONENTS { ..., id (WITH COMPONENTS { linkageData (WITH COMPONENTS { group-linkage-value PRESENT }) }), cracaId, --set to HashedId3 of the Root CA cert crlSeries(ObePseudonymCrlSeries), validityPeriod (WITH COMPONENTS { ..., duration (ObePseudonymCertExpiration) }), region (WITH COMPONENTS { identifiedRegion (SequenceOfIdentifiedRegion (SIZE(1)) (CONSTRAINED BY { IdentifiedRegion ( WITH COMPONENTS { countryOnly(USA) }) })) }), assuranceLevel ABSENT, appPermissions (SequenceOfPsidSsp (SIZE(2)) (CONSTRAINED BY { PsidSsp (WITH COMPONENTS { psid (BsmPsid), --PSID = 0x20 ssp -- single OCTET STRING of length 0 }), PsidSsp (WITH COMPONENTS { psid (MisbehaviorReportingPsid), -- PSID = 0x26 ssp -- single OCTET STRING of length 0 }) })), certIssuePermissions ABSENT, certRequestPermissions ABSENT, canRequestRollover ABSENT, encryptionKey OPTIONAL, verifyKeyIndicator (WITH COMPONENTS { reconstructionValue (WITH COMPONENTS { compressed-y-0, compressed-y-1 }) }) }) }) --- -- @brief This data type defines a Pseudonym Certificate Authority's (PCA) -- certificate structure and its contents generated by the ICA. The PCA -- provides a public key (encryptionKey) so that other SCMS components -- can send data securely to this PCA. -- @class PcaCertificate -- @param issuer contains the hash of the certificate contents. -- @param toBeSigned contains certificate content that is signed by the PCA. -- @see IssuerIdentifier PcaCertificate ::= ExplicitCertificate (WITH COMPONENTS { ..., issuer (WITH COMPONENTS {sha256AndDigest}), toBeSigned (WITH COMPONENTS { ..., id (WITH COMPONENTS { name ("pca.prod.v2xscms.com" | "pca.qa.v2xscms.com" | "pca.test.v2xscms.com") }), cracaId, --set to HashedId3 of the Root CA cert crlSeries(ScmsComponentCrlSeries), validityPeriod (WITH COMPONENTS { ..., duration (PcaCertExpiration) }), region (WITH COMPONENTS { identifiedRegion (SequenceOfIdentifiedRegion (SIZE(1)) (CONSTRAINED BY { IdentifiedRegion ( WITH COMPONENTS { countryOnly(USA) }) })) }), assuranceLevel ABSENT, appPermissions (SequenceOfPsidSsp (SIZE(1)) (CONSTRAINED BY { PsidSsp (WITH COMPONENTS { psid (SecurityMgmtPsid), -- PSID = 0x23 ssp --OER encoding of ScmsSsp indicating Pcassp }) })), certIssuePermissions (SequenceOfPsidGroupPermissions (SIZE (1)) (WITH COMPONENT (WITH COMPONENTS {..., subjectPermissions (WITH COMPONENTS {..., explicit (SequenceOfPsidSspRange (SIZE (26)) (CONSTRAINED BY{ PsidSspRange (WITH COMPONENTS { psid (BsmPsid), --PSID = 0x20 sspRange(WITH COMPONENTS{ opaque -- single OCTET STRING of length 0 }) }), PsidSspRange (WITH COMPONENTS { psid (MisbehaviorReportingPsid), -- PSID = 0x26 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (VulnerableRoadUsersSafetyPsid), -- PSID = 0x27 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (DifferentialGpsCorrectionsUncompressedPsid), -- PSID = 0x80 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (DifferentialGpsCorrectionsCompressedPsid), -- PSID = 0x81 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (IntersectionSafetyAndAwarenessPsid), -- PSID = 0x82 sspRange(WITH COMPONENTS{ opaque --SSP: 90-01, 90-FF-FF-01, 90-FF-FF-02, 90-FF-FF-03, 90-FF-FF-04 }) }), PsidSspRange (WITH COMPONENTS { psid (TravellerInformationAndRoadsideSignagePsid), -- PSID = 0x83 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (WaveServiceAdvertisementPsid), -- PSID = 0x87 sspRange(WITH COMPONENTS{ opaque -- single OCTET STRING of length 0 }) }), PsidSspRange (WITH COMPONENTS { psid (VehicleInitiatedDistressNotificationPsid), -- PSID = 0x4082 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (TranscoreSoftwareUpdatePsid), -- PSID = 0x204083 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication1Psid), -- PSID = 0x204088 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication2Psid), -- PSID = 0x204089 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication3Psid), -- PSID = 0x20408A sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication4Psid), -- PSID = 0x20408B sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication5Psid), -- PSID = 0x20408C sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication6Psid), -- PSID = 0x20408D sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication7Psid), -- PSID = 0x20408E sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication8Psid), -- PSID = 0x20408F sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication9Psid), -- PSID = 0x204090 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication10Psid), -- PSID = 0x204091 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication11Psid), -- PSID = 0x204092 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication12Psid), -- PSID = 0x204093 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication13Psid), -- PSID = 0x204094 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication14Psid), -- PSID = 0x204095 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication15Psid), -- PSID = 0x204096 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication16Psid), -- PSID = 0x204097 sspRange ABSENT }) })) }), minChainLength(1), chainLengthRange(0), eeType({app}) }))), certRequestPermissions ABSENT, canRequestRollover (NULL), encryptionKey PRESENT, verifyKeyIndicator (WITH COMPONENTS { verificationKey (WITH COMPONENTS { ecdsaNistP256 (WITH COMPONENTS { compressed-y-0, compressed-y-1 }) }) }) }) }) --- -- @brief This data type defines a Policy Generator's (PG) certificate -- structure and its contents generated by the Root CA. -- @class PgCertificate -- @param issuer contains the hash of the certificate contents. -- @param toBeSigned contains certificate content that is signed by the PG. -- @see IssuerIdentifier PgCertificate ::= ExplicitCertificate (WITH COMPONENTS { ..., issuer (WITH COMPONENTS {sha256AndDigest}), toBeSigned (WITH COMPONENTS { ..., id (WITH COMPONENTS { name ("pg.prod.v2xscms.com" | "pg.qa.v2xscms.com" | "pg.test.v2xscms.com") }), cracaId, --set to HashedId3 of the Root CA cert crlSeries(ScmsSpclComponentCrlSeries), validityPeriod (WITH COMPONENTS { ..., duration (PgCertExpiration) }), region ABSENT, assuranceLevel ABSENT, appPermissions (SequenceOfPsidSsp (SIZE(1)) (CONSTRAINED BY { PsidSsp (WITH COMPONENTS { psid (SecurityMgmtPsid), -- PSID = 0x23 ssp --OER encoding of ScmsSsp indicating Policy Generator }) })), certIssuePermissions ABSENT, certRequestPermissions ABSENT, canRequestRollover (NULL), encryptionKey ABSENT, verifyKeyIndicator (WITH COMPONENTS { verificationKey (WITH COMPONENTS { ecdsaNistP256 (WITH COMPONENTS { compressed-y-0, compressed-y-1 }) }) }) }) }) --- -- @brief This data type defines a Registration Authority's (RA) certificate -- structure and its contents generated by the ICA. The RA provides a -- public key (encryptionKey) so that other SCMS components can send -- data securely to this RA. -- @class RaCertificate -- @param issuer contains the hash of the certificate contents. -- @param toBeSigned contains certificate content that is signed by the RA. -- @see IssuerIdentifier RaCertificate ::= ExplicitCertificate (WITH COMPONENTS { ..., issuer (WITH COMPONENTS{sha256AndDigest}), toBeSigned (WITH COMPONENTS { ..., id (WITH COMPONENTS { name ("ra.prod.v2xscms.com" | "ra.qa.v2xscms.com" | "ra.test.v2xscms.com") }), cracaId, --set to HashedId3 of the Root CA cert crlSeries(ScmsComponentCrlSeries), validityPeriod (WITH COMPONENTS { ..., duration (RaCertExpiration) }), region (WITH COMPONENTS { identifiedRegion (SequenceOfIdentifiedRegion (SIZE(1)) (CONSTRAINED BY { IdentifiedRegion ( WITH COMPONENTS { countryOnly(USA) }) })) }), assuranceLevel ABSENT, appPermissions (SequenceOfPsidSsp (SIZE(1)) (CONSTRAINED BY { PsidSsp (WITH COMPONENTS { psid (SecurityMgmtPsid), -- PSID = 0x23 ssp --OER encoding of ScmsSsp indicating Rassp }) })), certIssuePermissions ABSENT, certRequestPermissions (SequenceOfPsidGroupPermissions (SIZE (1)) (WITH COMPONENT (WITH COMPONENTS {..., subjectPermissions (WITH COMPONENTS {..., explicit (SequenceOfPsidSspRange (SIZE (25)) (CONSTRAINED BY{ PsidSspRange (WITH COMPONENTS { psid (BsmPsid), --PSID = 0x20 sspRange(WITH COMPONENTS{ opaque -- single OCTET STRING of length 0 }) }), PsidSspRange (WITH COMPONENTS { psid (MisbehaviorReportingPsid), -- PSID = 0x26 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (VulnerableRoadUsersSafetyPsid), -- PSID = 0x27 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (DifferentialGpsCorrectionsUncompressedPsid), -- PSID = 0x80 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (DifferentialGpsCorrectionsCompressedPsid), -- PSID = 0x81 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (IntersectionSafetyAndAwarenessPsid), -- PSID = 0x82 sspRange(WITH COMPONENTS{ opaque --SSP: 90-01, 90-FF-FF-01, 90-FF-FF-02, 90-FF-FF-03, 90-FF-FF-04 }) }), PsidSspRange (WITH COMPONENTS { psid (TravellerInformationAndRoadsideSignagePsid), -- PSID = 0x83 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (WaveServiceAdvertisementPsid), -- PSID = 0x87 sspRange(WITH COMPONENTS{ opaque -- single OCTET STRING of length 0 }) }), PsidSspRange (WITH COMPONENTS { psid (VehicleInitiatedDistressNotificationPsid), -- PSID = 0x4082 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (TranscoreSoftwareUpdatePsid), -- PSID = 0x204083 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication1Psid), -- PSID = 0x204088 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication2Psid), -- PSID = 0x204089 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication3Psid), -- PSID = 0x20408A sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication4Psid), -- PSID = 0x20408B sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication5Psid), -- PSID = 0x20408C sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication6Psid), -- PSID = 0x20408D sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication7Psid), -- PSID = 0x20408E sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication8Psid), -- PSID = 0x20408F sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication9Psid), -- PSID = 0x204090 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication10Psid), -- PSID = 0x204091 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication11Psid), -- PSID = 0x204092 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication12Psid), -- PSID = 0x204093 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication13Psid), -- PSID = 0x204094 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication14Psid), -- PSID = 0x204095 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication15Psid), -- PSID = 0x204096 sspRange ABSENT }), PsidSspRange (WITH COMPONENTS { psid (CVPApplication16Psid), -- PSID = 0x204097 sspRange ABSENT }) })) }), minChainLength(0), chainLengthRange(0), eeType({app}) }))), canRequestRollover(NULL), encryptionKey PRESENT, verifyKeyIndicator (WITH COMPONENTS { verificationKey (WITH COMPONENTS { ecdsaNistP256 (WITH COMPONENTS { compressed-y-0, compressed-y-1 }) }) }) }) }) --- -- @brief This data type defines a Root Certificate Authority's (RCA) certificate -- structure and its contents generated by the SCMS Manager. -- @class RcaCertificate -- @param issuer contains the hash of the certificate contents. -- @param toBeSigned contains certificate content that is signed by the RCA. -- @see IssuerIdentifier RootCaCertificate ::= ExplicitCertificate (WITH COMPONENTS { ..., issuer (WITH COMPONENTS {self}), toBeSigned (WITH COMPONENTS { ..., id (WITH COMPONENTS { name ("v2xrootca.ghsiss.com" | "rca.qa.v2xscms.com" | "rca.test.v2xscms.com") }), cracaId('000000'H), crlSeries(0), validityPeriod (WITH COMPONENTS { ..., duration (RootCaCertExpiration) }), region ABSENT, assuranceLevel ABSENT, appPermissions (SequenceOfPsidSsp (SIZE(2)) (CONSTRAINED BY { PsidSsp (WITH COMPONENTS { psid (SecurityMgmtPsid), -- PSID = 0x23 ssp --OER encoding of ScmsSsp indicating RootCaSsp }), PsidSsp (WITH COMPONENTS { psid (CrlPsid), -- PSID = 0x100 ssp (WITH COMPONENTS {opaque(CONTAINING CrlSsp (WITH COMPONENTS {..., associatedCraca(isCraca), crls (PermissibleCrls (SIZE(1)) (CONSTRAINED BY { CrlSeries (ScmsSpclComponentCrlSeries) })) }))}) }) })), certIssuePermissions (SequenceOfPsidGroupPermissions (SIZE(4)) (CONSTRAINED BY { PsidGroupPermissions ( WITH COMPONENTS {..., subjectPermissions (WITH COMPONENTS { all }), minChainLength(3), chainLengthRange(-1), eeType ({app, enrol}) }), PsidGroupPermissions ( WITH COMPONENTS {..., subjectPermissions (WITH COMPONENTS{ explicit (SequenceOfPsidSspRange (SIZE (1)) (WITH COMPONENT (WITH COMPONENTS { psid (SecurityMgmtPsid), -- PSID = 0x23 sspRange ABSENT }))) }), minChainLength(1), chainLengthRange(-1), eeType ({app, enrol}) }), PsidGroupPermissions ( WITH COMPONENTS {..., subjectPermissions (WITH COMPONENTS{ explicit (SequenceOfPsidSspRange (SIZE (1)) (WITH COMPONENT (WITH COMPONENTS { psid (MisbehaviorReportingPsid), -- PSID = 0x26 sspRange ABSENT }))) }), minChainLength(1), chainLengthRange(-1), eeType ({app, enrol}) }), PsidGroupPermissions ( WITH COMPONENTS {..., subjectPermissions (WITH COMPONENTS{ explicit (SequenceOfPsidSspRange (SIZE (1)) (WITH COMPONENT (WITH COMPONENTS { psid (CrlPsid), -- PSID = 0x100 sspRange ABSENT }))) }), minChainLength(1), chainLengthRange(-1), eeType ({app, enrol}) }) })), certRequestPermissions ABSENT, canRequestRollover ABSENT, encryptionKey ABSENT, verifyKeyIndicator (WITH COMPONENTS { verificationKey (WITH COMPONENTS { ecdsaNistP256 (WITH COMPONENTS { compressed-y-0, compressed-y-1 }) }) }) }) }) --- -- @brief This data type defines a Road-Side Equipment's (RSE) application -- certificate structure and its contents. The RA brokers the -- communication for provisioning this certificate from PCA to the RSE. -- @class RseApplicationCertificate -- @param issuer contains the hash of the certificate contents. -- @param toBeSigned contains certificate content that is signed by the RSE. -- @see IssuerIdentifier RseApplicationCertificate ::= ImplicitCertificate (WITH COMPONENTS { ..., issuer (WITH COMPONENTS {sha256AndDigest}), toBeSigned (WITH COMPONENTS { ..., id (WITH COMPONENTS { binaryId (SIZE (8)) -- RIF value shall be used as the certificate ID }), cracaId, --set to HashedId3 of the Root CA cert crlSeries(EeNonPseudonymCrlSeries), validityPeriod (WITH COMPONENTS { ..., duration (RseApplicationCertExpiration) }), region (WITH COMPONENTS { identifiedRegion (SequenceOfIdentifiedRegion (SIZE(1)) (CONSTRAINED BY { IdentifiedRegion ( WITH COMPONENTS { countryOnly(USA) }) })) }), assuranceLevel ABSENT, --appPermissions TO BE SPECIFIED BY SCMS MANAGER, certIssuePermissions ABSENT, certRequestPermissions ABSENT, canRequestRollover ABSENT, encryptionKey OPTIONAL, verifyKeyIndicator (WITH COMPONENTS { reconstructionValue (WITH COMPONENTS { compressed-y-0, compressed-y-1 }) }) }) }) --- -- @brief This data type defines an Road-Side Equipment's (RSE) enrollment -- certificate structure and its contents. The ECA provides this -- certificate on request from the DCM while bootstrapping the device. -- @class RseEnrollmentCertificate -- @param issuer contains the hash of the certificate contents. -- @param toBeSigned contains certificate content that is signed by the RSE. -- @see IssuerIdentifier RseEnrollmentCertificate ::= ImplicitCertificate (WITH COMPONENTS { ..., issuer (WITH COMPONENTS{sha256AndDigest}), toBeSigned (WITH COMPONENTS { ..., id (WITH COMPONENTS { name("") }), cracaId, --set to HashedId3 of the Root CA cert crlSeries(EeEnrollmentCrlSeries), validityPeriod (WITH COMPONENTS { ..., duration (RseEnrollmentCertExpirationPoc | RseEnrollmentCertExpirationCvp) }), region (WITH COMPONENTS { identifiedRegion (SequenceOfIdentifiedRegion (SIZE(1)) (CONSTRAINED BY { IdentifiedRegion ( WITH COMPONENTS { countryOnly(USA) }) })) }), assuranceLevel ABSENT, appPermissions ABSENT, certIssuePermissions ABSENT, --certRequestPermissions TO BE SPECIFIED BY SCMS MANAGER, canRequestRollover(NULL), encryptionKey ABSENT, verifyKeyIndicator (WITH COMPONENTS { reconstructionValue (WITH COMPONENTS { compressed-y-0, compressed-y-1 }) }) }) }) END