fixeria
/
pycrate
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
pycrate/pycrate_asn1dir/ETSI_ITS_IEEE1609_2_1/Ieee1609Dot2Dot1EeRaInterfa...

328 lines
12 KiB
Groff
Raw Permalink Blame History

--***************************************************************************--
-- IEEE Std 1609.2.1: EE - RA Interface --
--***************************************************************************--
/**
* @brief NOTE: Section references in this file are to clauses in IEEE Std
* 1609.2.1 unless indicated otherwise. Full forms of acronyms and
* abbreviations used in this file are specified in 3.2.
*/
Ieee1609Dot2Dot1EeRaInterface {iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2)
extension-standards(255) dot1(1) interfaces(1) ee-ra(11) major-version-2(2)
minor-version-2(2)}
DEFINITIONS AUTOMATIC TAGS ::= BEGIN
EXPORTS ALL;
IMPORTS
HashedId8,
IValue,
PublicEncryptionKey,
Time32,
Uint8
FROM Ieee1609Dot2BaseTypes {iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2)
base(1) base-types(2) major-version-2(2) minor-version-3(3)}
WITH SUCCESSORS
CertificateType
FROM Ieee1609Dot2 {iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2)
base(1) schema(1) major-version-2(2) minor-version-4(4)}
WITH SUCCESSORS
EeEcaCertRequestSpdu,
PublicVerificationKey,
ToBeSignedCertificate
FROM Ieee1609Dot2Dot1Protocol {iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2)
extension-standards(255) dot1(1) interfaces(1) protocol(17)
major-version-2(2) minor-version-2(2)}
WITH SUCCESSORS
AcpcTreeId
FROM Ieee1609Dot2Dot1Acpc {iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2)
extension-standards(255) dot1(1) interfaces(1) acpc(18) major-version-1(1)
minor-version-2(2)}
WITH SUCCESSORS
;
/**
* @class EeRaInterfacePDU
*
* @brief This is the parent structure for all structures exchanged between
* the EE and the RA. An overview of this structure is as follows:
*
* <br><br>NOTE: This CHOICE does not include a PDU type for encrypted
* misbehavior report upload; see 4.1.5.
*
* @param eeRaCertRequest contains the certificate generation request sent by
* the EE to the RA.
*
* @param raEeCertAck contains the RA's acknowledgement of the receipt of
* EeRaCertRequestSpdu.
*
* @param raEeCertInfo contains the information about certificate download.
*
* @param eeRaDownloadRequest contains the download request sent by the EE to
* the RA.
*
* @param eeRaSuccessorEnrollmentCertRequest contains a self-signed request
* for an enrollment certificate, identical in format to the one submitted
* for an initial enrollment certificate. (This becomes a request for a
* successor enrollment certificate by virtue of being signed by the current
* enrollment certificate.)
*/
EeRaInterfacePdu ::= CHOICE {
eeRaCertRequest EeRaCertRequest,
raEeCertAck RaEeCertAck,
raEeCertInfo RaEeCertInfo,
eeRaDownloadRequest EeRaDownloadRequest,
eeRaSuccessorEnrollmentCertRequest EeEcaCertRequestSpdu,
...
}
/**
* @class EeRaCertRequest
*
* @brief This structure contains parameters needed to request different types
* of authorization certificates. An overview of this structure is as follows:
*
* <br><br>NOTE 1: In the case where the butterfly key mechanism is used to
* derive the certificate encryption key, the value j is not communicated to
* the ACA. However, the EE that receives the certificate response can only
* decrypt the response if it knows j. The RA is therefore anticipated to
* store j so that it can be associated with the appropriate certificate
* response.
*
* <br><br>NOTE 2: The EE uses the type field to indicate whether it is
* requesting an explicit or an implicit authorization certificate. A policy
* is anticipated that determines what type of certificate is appropriate for
* a given set of circumstances (such as PSIDs, other end entity information,
* locality, ...) and that if the EE has requested a kind of certificate that
* is not allowed by policy, the ACA returns an error to the EE. This implies
* that the certificate issued by the ACA is always of type indicated in the
* EeRaCertRequest.
*
* <br><br>NOTE 3 This document does not specify a method to include an
* encryptionKey in the requested certificates, if the butterfly key
* mechanism is used. The EE using such a certificate to sign a message can
* request an encrypted response using the tbsData.headerInfo.encryptionKey
* field of the SignedData; see 6.3.9, 6.3.33, 6.3.34, and 6.3.36 of
* IEEE Std 1609.2 for more details.
*
* @param version contains the current version of the structure.
*
* @param generationTime contains the generation time of EeRaCertRequest.
*
* @param type indicates whether the request is for an explicit or implicit
* certificate (see 4.1.1 and 4.1.4.3.1).
*
* @param tbsCert contains the parameters to be used by the ACA to generate
* authorization certificate(s).
* <ol>
* <li> id contains the identity information sent by the requester. If the
* type is LinkageData, the RA replaces that in the certificates with the
* linkage values generated with the help of the LAs and the ACA; see Annex
* D.</li>
*
* <li> validityPeriod contains the requested validity period of the first
* batch of certificates.</li>
*
* <li> region, assuranceLevel, canRequestRollover, and encryptionKey, if
* present, contain the information sent by the requester for the requested
* certificates.</li>
*
* <li> verifyKeyIndicator.verificationKey contains the public key
* information sent by the requester. The verifyKeyIndicator field indicates
* the choice verificationKey even if type is implicit, as this allows the
* requester to indicate which signature algorithm and curve they are
* requesting.</li>
*
* <ol>
* <li> If the certificate issued in response to this request is explicit and
* butterfly expansion is not used, the value in this field is the
* verification key that appears in that certificate.</li>
*
* <li> If the certificate issued in response to this request is implicit and
* butterfly expansion is not used, the value in this field is the input
* public key value for implicit certificate generation.</li>
*
* <li> If butterfly expansion is used, that is, if one of (original, unified,
* compactUnified) options is present in the field additionalParams, the
* value in this field is combined with the values in the additionalParams
* field as specified in 9.3.</li>
* </ol>
* </ol>
*
* @param additionalParams contains relevant parameters for generating the
* requested certificates using the butterfly key mechanism as specified in
* 9.3, or for encrypting the certificates without using the butterfly key
* mechanism. If present, the field tbsCert.verifyKeyIndicator shall be used
* as the caterpillar public key for signing in the butterfly key mechanism.
*/
EeRaCertRequest ::= SEQUENCE {
version Uint8 (2),
generationTime Time32,
type CertificateType,
tbsCert ToBeSignedCertificate (WITH COMPONENTS {
...,
cracaId ('000000'H),
crlSeries (0),
appPermissions PRESENT,
certIssuePermissions ABSENT,
certRequestPermissions ABSENT,
verifyKeyIndicator (WITH COMPONENTS {
verificationKey
})
}),
additionalParams AdditionalParams OPTIONAL,
...
}
/**
* @class AdditionalParams
*
* @brief This structure contains parameters for the butterfly key mechanism.
* An overview of this structure is as follows:
*
* @param original contains the parameters for the original variant.
*
* @param unified contains the expansion function for signing to be used for
* the unified variant. The caterpillar public key and expansion function for
* encryption are the same as those for signing.
*
* @param compactUnified contains the expansion function for signing to be
* used for the compact unified variant. The caterpillar public key and
* expansion function for encryption are the same as those for signing.
*
* @param encryptionKey contains the public key for encrypting the
* certificate if the butterfly key mechanism is not used.
*/
AdditionalParams ::= CHOICE {
original ButterflyParamsOriginal,
unified ButterflyExpansion,
compactUnified ButterflyExpansion,
encryptionKey PublicEncryptionKey,
...
}
/**
* @class ButterflyParamsOriginal
*
* @brief This structure contains parameters for the original variation of the
* butterfly key mechanism. An overview of this structure is as follows:
*
* @param signingExpansion contains the expansion function for signing.
*
* @param encryptionKey contains the caterpillar public key for encryption.
*
* @param encryptionExpansion contains the expansion function for encryption.
*/
ButterflyParamsOriginal ::= SEQUENCE {
signingExpansion ButterflyExpansion,
encryptionKey PublicEncryptionKey,
encryptionExpansion ButterflyExpansion
}
/**
* @class ButterflyExpansion
*
* @brief This structure contains material used in the butterfly key
* calculations as specified in 9.3.5.1 and 9.3.5.2. An overview of this
* structure is as follows:
*
* @param aes128 indicates that the symmetric algorithm used in the expansion
* function is AES-128 with the indicated 16 byte string used as the key.
*/
ButterflyExpansion ::= CHOICE {
aes128 OCTET STRING (SIZE(16)),
...
}
/**
* @class RaEeCertAck
*
* @brief This structure is used to create the acknowledgement for certificate
* requests. An overview of this structure is as follows:
*
* @param version contains the current version of the structure.
*
* @param generationTime contains the generation time of RaEeCertAck.
*
* @param requestHash contains the hash of the corresponding
* EeRaCertRequestSpdu.
*
* @param firstI contains the i-value that will be associated with the first
* certificate or certificate batch that will be made available to the EE. The
* EE uses this to form the download filename for the download request as
* specified in 8.2.2.
*
* @param nextDlTime contains the time after which the EE should connect to
* the RA to download the certificates.
*/
RaEeCertAck ::= SEQUENCE {
version Uint8 (2),
generationTime Time32,
requestHash HashedId8,
firstI IValue OPTIONAL,
nextDlTime Time32,
...
}
/**
* @class RaEeCertInfo
*
* @brief This structure is used to create the info file that accompanies a
* batch of certificates for download as specified in 8.2.3. It is used when
* certificates were generated using the butterfly key expansion mechanism
* specified in 9.3. An overview of this structure is as follows:
*
* @param version contains the current version of the structure.
*
* @param generationTime contains the generation time of RaEeCertInfo.
*
* @param currentI contains the i-value associated with the batch of
* certificates.
*
* @param requestHash contains the hash of the corresponding
* EeRaCertRequestSpdu.
*
* @param nextDlTime contains the time after which the EE should connect to
* the RA to download the certificates.
*
* @param acpcTreeId contains the ACPC Tree Id if the certificates were
* generated using ACPC as specified in 9.5.
*/
RaEeCertInfo ::= SEQUENCE {
version Uint8 (2),
generationTime Time32,
currentI IValue,
requestHash HashedId8,
nextDlTime Time32,
acpcTreeId AcpcTreeId OPTIONAL,
...
}
/**
* @class EeRaDownloadRequest
*
* @brief This structure contains parameters needed to request the download of
* certificates from the RA. An overview of this structure is as follows:
*
* @param generationTime contains the generation time of EeRaDownloadRequest.
*
* @param filename contains the name of the file requested for download,
* formed as specified in 8.2.2.
*/
EeRaDownloadRequest ::= SEQUENCE {
generationTime Time32,
filename UTF8String (SIZE (0..255)),
...
}
END
Reference in New Issue View Git Blame Copy Permalink