1326 lines
46 KiB
Groff
1326 lines
46 KiB
Groff
--***************************************************************************--
|
||
-- IEEE Std 1609.2: Base Data Types --
|
||
--***************************************************************************--
|
||
|
||
/**
|
||
* @brief NOTE: Section references in this file are to clauses in IEEE Std
|
||
* 1609.2 unless indicated otherwise. Full forms of acronyms and
|
||
* abbreviations used in this file are specified in 3.2.
|
||
*/
|
||
|
||
Ieee1609Dot2BaseTypes {iso(1) identified-organization(3) ieee(111)
|
||
standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2)
|
||
base(1) base-types(2) major-version-2(2) minor-version-2(2)}
|
||
|
||
DEFINITIONS AUTOMATIC TAGS ::= BEGIN
|
||
|
||
EXPORTS ALL;
|
||
|
||
--***************************************************************************--
|
||
-- Integer Types --
|
||
--***************************************************************************--
|
||
|
||
/**
|
||
* @class Uint3
|
||
*
|
||
* @brief This atomic type is used in the definition of other data structures.
|
||
* It is for non-negative integers up to 7, i.e., (hex)07.
|
||
*/
|
||
Uint3 ::= INTEGER (0..7)
|
||
|
||
/**
|
||
* @class Uint8
|
||
*
|
||
* @brief This atomic type is used in the definition of other data structures.
|
||
* It is for non-negative integers up to 255, i.e., (hex)ff.
|
||
*/
|
||
Uint8 ::= INTEGER (0..255)
|
||
|
||
/**
|
||
* @class Uint16
|
||
*
|
||
* @brief This atomic type is used in the definition of other data structures.
|
||
* It is for non-negative integers up to 65,535, i.e., (hex)ff ff.
|
||
*/
|
||
Uint16 ::= INTEGER (0..65535)
|
||
|
||
/**
|
||
* @class Uint32
|
||
*
|
||
* @brief This atomic type is used in the definition of other data structures.
|
||
* It is for non-negative integers up to 4,294,967,295, i.e.,
|
||
* (hex)ff ff ff ff.
|
||
*/
|
||
Uint32 ::= INTEGER (0..4294967295)
|
||
|
||
/**
|
||
* @class Uint64
|
||
*
|
||
* @brief This atomic type is used in the definition of other data structures.
|
||
* It is for non-negative integers up to 18,446,744,073,709,551,615, i.e.,
|
||
* (hex)ff ff ff ff ff ff ff ff.
|
||
*/
|
||
Uint64 ::= INTEGER (0..18446744073709551615)
|
||
|
||
/**
|
||
* @class SequenceOfUint8
|
||
*
|
||
* @brief This type is used for clarity of definitions.
|
||
*/
|
||
SequenceOfUint8 ::= SEQUENCE OF Uint8
|
||
|
||
/**
|
||
* @class SequenceOfUint16
|
||
*
|
||
* @brief This type is used for clarity of definitions.
|
||
*/
|
||
SequenceOfUint16 ::= SEQUENCE OF Uint16
|
||
|
||
|
||
--***************************************************************************--
|
||
-- OCTET STRING Types --
|
||
--***************************************************************************--
|
||
|
||
/**
|
||
* @class Opaque
|
||
*
|
||
* @brief This is a synonym for ASN.1 OCTET STRING, and is used in the
|
||
* definition of other data structures.
|
||
*/
|
||
Opaque ::= OCTET STRING
|
||
|
||
/**
|
||
* @class HashedId3
|
||
*
|
||
* @brief This type contains the truncated hash of another data structure.
|
||
* The HashedId3 for a given data structure is calculated by calculating the
|
||
* hash of the encoded data structure and taking the low-order three bytes of
|
||
* the hash output. If the data structure is subject to canonicalization it
|
||
* is canonicalized before hashing. The low-order three bytes are the last
|
||
* three bytes of the hash when represented in network byte order. See
|
||
* Example below.
|
||
*
|
||
* <br><br><b>Example</b>: Consider the SHA-256 hash of the empty string:
|
||
*
|
||
* <br>SHA-256("") =
|
||
* e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b78<b>52b855</b>
|
||
*
|
||
* <br><br>The HashedId3 derived from this hash corresponds to the following:
|
||
*
|
||
* <br>HashedId3 = 52b855.
|
||
*/
|
||
HashedId3 ::= OCTET STRING (SIZE(3))
|
||
|
||
/**
|
||
* @class SequenceOfHashedId3
|
||
*
|
||
* @brief This type is used for clarity of definitions.
|
||
*/
|
||
SequenceOfHashedId3 ::= SEQUENCE OF HashedId3
|
||
|
||
/**
|
||
* @class HashedId8
|
||
*
|
||
* @brief This type contains the truncated hash of another data structure.
|
||
* The HashedId8 for a given data structure is calculated by calculating the
|
||
* hash of the encoded data structure and taking the low-order eight bytes of
|
||
* the hash output. If the data structure is subject to canonicalization it
|
||
* is canonicalized before hashing. The low-order eight bytes are the last
|
||
* eight bytes of the hash when represented in network byte order. See
|
||
* Example below.
|
||
*
|
||
* <br><br>The hash algorithm to be used to calculate a HashedId8 within a
|
||
* structure depends on the context. In this standard, for each structure
|
||
* that includes a HashedId8 field, the corresponding text indicates how the
|
||
* hash algorithm is determined.
|
||
*
|
||
* <br><br><b>Example</b>: Consider the SHA-256 hash of the empty string:
|
||
*
|
||
* <br>SHA-256("") =
|
||
* e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934c<b>a495991b7852b855</b>
|
||
*
|
||
* <br><br>The HashedId8 derived from this hash corresponds to the following:
|
||
*
|
||
* <br>HashedId8 = a495991b7852b855.
|
||
*/
|
||
HashedId8 ::= OCTET STRING (SIZE(8))
|
||
|
||
/**
|
||
* @class HashedId10
|
||
*
|
||
* @brief This type contains the truncated hash of another data structure.
|
||
* The HashedId10 for a given data structure is calculated by calculating the
|
||
* hash of the encoded data structure and taking the low-order ten bytes of
|
||
* the hash output. If the data structure is subject to canonicalization it
|
||
* is canonicalized before hashing. The low-order ten bytes are the last ten
|
||
* bytes of the hash when represented in network byte order. See Example below.
|
||
*
|
||
* <br><br>The hash algorithm to be used to calculate a HashedId10 within a
|
||
* structure depends on the context. In this standard, for each structure
|
||
* that includes a HashedId10 field, the corresponding text indicates how the
|
||
* hash algorithm is determined.
|
||
*
|
||
* <br><br><b>Example</b>: Consider the SHA-256 hash of the empty string:
|
||
*
|
||
* <br>SHA-256("") =
|
||
* e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b<b>934ca495991b7852b855</b>
|
||
*
|
||
* <br><br>The HashedId10 derived from this hash corresponds to the following:
|
||
*
|
||
* <br>HashedId10 = 934ca495991b7852b855.
|
||
*/
|
||
HashedId10 ::= OCTET STRING (SIZE(10))
|
||
|
||
/**
|
||
* @class HashedId32
|
||
*
|
||
* @brief This type contains the truncated hash of another data structure.
|
||
* The HashedId32 for a given data structure is calculated by calculating the
|
||
* hash of the encoded data structure and taking the low-order thirty two
|
||
* bytes of the hash output. If the data structure is subject to
|
||
* canonicalization it is canonicalized before hashing. The low-order thirty
|
||
* two bytes are the last thirty two bytes of the hash when represented in
|
||
* network byte order. See Example below.
|
||
*
|
||
* <br><br>The hash algorithm to be used to calculate a HashedId32 within a
|
||
* structure depends on the context. In this standard, for each structure
|
||
* that includes a HashedId32 field, the corresponding text indicates how the
|
||
* hash algorithm is determined.
|
||
*
|
||
* <br><br><b>Example</b>: Consider the SHA-256 hash of the empty string:
|
||
*
|
||
* <br>SHA-256("") =
|
||
* e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
||
*
|
||
* <br><br>The HashedId32 derived from this hash corresponds to the following:
|
||
*
|
||
* <br>HashedId32 =
|
||
* e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855.
|
||
*/
|
||
HashedId32 ::= OCTET STRING (SIZE(32))
|
||
|
||
--***************************************************************************--
|
||
-- Time Structures --
|
||
--***************************************************************************--
|
||
|
||
/**
|
||
* @class Time32
|
||
*
|
||
* @brief This type gives the number of (TAI) seconds since 00:00:00 UTC, 1
|
||
* January, 2004.
|
||
*/
|
||
Time32 ::= Uint32
|
||
|
||
/**
|
||
* @class Time64
|
||
*
|
||
* @brief This type gives the number of (TAI) microseconds since 00:00:00
|
||
* UTC, 1 January, 2004.
|
||
*/
|
||
Time64 ::= Uint64
|
||
|
||
/**
|
||
* @class ValidityPeriod
|
||
*
|
||
* @brief This structure gives the validity period of a certificate. The
|
||
* start of the validity period is given by start and the end is given by
|
||
* start + duration.
|
||
*
|
||
* @param start contains the starting time of the validity period.
|
||
*
|
||
* @param duration contains the duration of the validity period.
|
||
*/
|
||
ValidityPeriod ::= SEQUENCE {
|
||
start Time32,
|
||
duration Duration
|
||
}
|
||
|
||
/**
|
||
* @class Duration
|
||
*
|
||
* @brief This structure represents the duration of validity of a
|
||
* certificate. The Uint16 value is the duration, given in the units denoted
|
||
* by the indicated choice. A year is considered to be 31556952 seconds,
|
||
* which is the average number of seconds in a year; if it is desired to map
|
||
* years more closely to wall-clock days, this can be done using the hours
|
||
* choice for up to seven years and the sixtyHours choice for up to 448. In
|
||
* this structure:
|
||
*
|
||
* @param microseconds contains the duration in microseconds.
|
||
*
|
||
* @param milliseconds contains the duration in milliseconds.
|
||
*
|
||
* @param seconds contains the duration in seconds.
|
||
*
|
||
* @param minutes contains the duration in minutes.
|
||
*
|
||
* @param hours contains the duration in hours.
|
||
*
|
||
* @param sixtyHours contains the duration in sixty-hour periods.
|
||
*
|
||
* @param years contains the duration in years.
|
||
*/
|
||
Duration ::= CHOICE {
|
||
microseconds Uint16,
|
||
milliseconds Uint16,
|
||
seconds Uint16,
|
||
minutes Uint16,
|
||
hours Uint16,
|
||
sixtyHours Uint16,
|
||
years Uint16
|
||
}
|
||
|
||
|
||
--***************************************************************************--
|
||
-- Location Structures --
|
||
--***************************************************************************--
|
||
|
||
/**
|
||
* @class GeographicRegion
|
||
*
|
||
* @brief This structure represents a geographic region of a specified form.
|
||
* A certificate is not valid if any part of the region indicated in its
|
||
* scope field lies outside the region indicated in the scope of its issuer.
|
||
*
|
||
* <br><br><b>Critical information fields</b>:
|
||
* <ul>
|
||
* <li> If present, this is a critical information field as defined in 5.2.6.
|
||
* An implementation that does not recognize the indicated CHOICE when
|
||
* verifying a signed SPDU shall indicate that the signed SPDU is invalid.</li>
|
||
*
|
||
* <li> If selected, rectangularRegion is a critical information field as
|
||
* defined in 5.2.6. An implementation that does not support the number of
|
||
* RectangularRegion in rectangularRegions when verifying a signed SPDU shall
|
||
* indicate that the signed SPDU is invalid. A compliant implementation shall
|
||
* support rectangularRegions fields containing at least eight entries.</li>
|
||
*
|
||
* <li> If selected, identifiedRegion is a critical information field as
|
||
* defined in 5.2.6. An implementation that does not support the number of
|
||
* IdentifiedRegion in identifiedRegion shall reject the signed SPDU as
|
||
* invalid. A compliant implementation shall support identifiedRegion fields
|
||
* containing at least eight entries.</li>
|
||
* </ul>
|
||
*
|
||
* <b>Parameters</b>:
|
||
*
|
||
* @param circularRegion contains a single instance of the CircularRegion
|
||
* structure.
|
||
*
|
||
* @param rectangularRegion is an array of RectangularRegion structures
|
||
* containing at least one entry. This field is interpreted as a series of
|
||
* rectangles, which may overlap or be disjoint. The permitted region is any
|
||
* point within any of the rectangles.
|
||
*
|
||
* @param polygonalRegion contains a single instance of the PolygonalRegion
|
||
* structure.
|
||
*
|
||
* @param identifiedRegion is an array of IdentifiedRegion structures
|
||
* containing at least one entry. The permitted region is any point within
|
||
* any of the identified regions.
|
||
*/
|
||
GeographicRegion ::= CHOICE {
|
||
circularRegion CircularRegion,
|
||
rectangularRegion SequenceOfRectangularRegion,
|
||
polygonalRegion PolygonalRegion,
|
||
identifiedRegion SequenceOfIdentifiedRegion,
|
||
...
|
||
}
|
||
|
||
/**
|
||
* @class CircularRegion
|
||
*
|
||
* @brief This structure specifies a circle with its center at center, its
|
||
* radius given in meters, and located tangential to the reference ellipsoid.
|
||
* The indicated region is all the points on the surface of the reference
|
||
* ellipsoid whose distance to the center point over the reference ellipsoid
|
||
* is less than or equal to the radius. A point which contains an elevation
|
||
* component is considered to be within the circular region if its horizontal
|
||
* projection onto the reference ellipsoid lies within the region.
|
||
*/
|
||
CircularRegion ::= SEQUENCE {
|
||
center TwoDLocation,
|
||
radius Uint16
|
||
}
|
||
|
||
/**
|
||
* @class RectangularRegion
|
||
*
|
||
* @brief This structure specifies a rectangle formed by connecting in
|
||
* sequence: (northWest.latitude, northWest.longitude), (southEast.latitude,
|
||
* northWest.longitude), (southEast.latitude, southEast.longitude), and
|
||
* (northWest.latitude, southEast.longitude). The points are connected by
|
||
* lines of constant latitude or longitude. A point which contains an
|
||
* elevation component is considered to be within the rectangular region if
|
||
* its horizontal projection onto the reference ellipsoid lies within the
|
||
* region. A RectangularRegion is valid only if the northWest value is north
|
||
* and west of the southEast value, i.e., the two points cannot have equal
|
||
* latitude or equal longitude.
|
||
*/
|
||
RectangularRegion ::= SEQUENCE {
|
||
northWest TwoDLocation,
|
||
southEast TwoDLocation
|
||
}
|
||
|
||
/**
|
||
* @class SequenceOfRectangularRegion
|
||
*
|
||
* @brief This type is used for clarity of definitions.
|
||
*/
|
||
SequenceOfRectangularRegion ::= SEQUENCE OF RectangularRegion
|
||
|
||
/**
|
||
* @class PolygonalRegion
|
||
*
|
||
* @brief This structure defines a region using a series of distinct
|
||
* geographic points, defined on the surface of the reference ellipsoid. The
|
||
* region is specified by connecting the points in the order they appear,
|
||
* with each pair of points connected by the geodesic on the reference
|
||
* ellipsoid. The polygon is completed by connecting the final point to the
|
||
* first point. The allowed region is the interior of the polygon and its
|
||
* boundary.
|
||
*
|
||
* <br><br>A point which contains an elevation component is considered to be
|
||
* within the polygonal region if its horizontal projection onto the
|
||
* reference ellipsoid lies within the region.
|
||
*
|
||
* <br><br>A valid PolygonalRegion contains at least three points. In a valid
|
||
* PolygonalRegion, the implied lines that make up the sides of the polygon
|
||
* do not intersect.
|
||
*
|
||
* <br><br><b>Critical information fields</b>:
|
||
* <ul>
|
||
* <li> If present, this is a critical information field as defined in 5.2.6.
|
||
* An implementation that does not support the number of TwoDLocation in the
|
||
* PolygonalRegion when verifying a signed SPDU shall indicate that the signed
|
||
* SPDU is invalid. A compliant implementation shall support PolygonalRegions
|
||
* containing at least eight TwoDLocation entries.</li>
|
||
* </ul>
|
||
*/
|
||
PolygonalRegion ::= SEQUENCE SIZE (3..MAX) OF TwoDLocation
|
||
|
||
/**
|
||
* @class TwoDLocation
|
||
*
|
||
* @brief This structure is used to define validity regions for use in
|
||
* certificates. The latitude and longitude fields contain the latitude and
|
||
* longitude as defined above.
|
||
*
|
||
* <br><br>NOTE: This data structure is consistent with the location encoding
|
||
* used in SAE J2735, except that values 900 000 001 for latitude (used to
|
||
* indicate that the latitude was not available) and 1 800 000 001 for
|
||
* longitude (used to indicate that the longitude was not available) are not
|
||
* valid.
|
||
*/
|
||
TwoDLocation ::= SEQUENCE {
|
||
latitude Latitude,
|
||
longitude Longitude
|
||
}
|
||
|
||
/**
|
||
* @class IdentifiedRegion
|
||
*
|
||
* @brief This structure indicates the region of validity of a certificate
|
||
* using region identifiers.
|
||
*
|
||
* <br><br><b>Critical information fields</b>:
|
||
* <ul>
|
||
* <li> If present, this is a critical information field as defined in 5.2.6.
|
||
* An implementation that does not recognize the indicated CHOICE when
|
||
* verifying a signed SPDU shall indicate that the signed SPDU is invalid.</li>
|
||
* </ul>
|
||
*/
|
||
IdentifiedRegion ::= CHOICE {
|
||
countryOnly CountryOnly,
|
||
countryAndRegions CountryAndRegions,
|
||
countryAndSubregions CountryAndSubregions,
|
||
...
|
||
}
|
||
|
||
/**
|
||
* @class SequenceOfIdentifiedRegion
|
||
*
|
||
* @brief This type is used for clarity of definitions.
|
||
*/
|
||
SequenceOfIdentifiedRegion ::= SEQUENCE OF IdentifiedRegion
|
||
|
||
/**
|
||
* @class CountryOnly
|
||
*
|
||
* @brief This is the integer representation of the country or area
|
||
* identifier as defined by the United Nations Statistics Division in October
|
||
* 2013 (see normative references in Clause 2).
|
||
*/
|
||
CountryOnly ::= Uint16
|
||
|
||
/**
|
||
* @class CountryAndRegions
|
||
*
|
||
* @brief In this structure:
|
||
*
|
||
* @param countryOnly is a CountryOnly as defined above.
|
||
*
|
||
* @param region identifies one or more regions within the country. If
|
||
* countryOnly indicates the United States of America, the values in this
|
||
* field identify the state or statistically equivalent entity using the
|
||
* integer version of the 2010 FIPS codes as provided by the U.S. Census
|
||
* Bureau (see normative references in Clause 2). For other values of
|
||
* countryOnly, the meaning of region is not defined in this version of this
|
||
* standard.
|
||
*/
|
||
CountryAndRegions ::= SEQUENCE {
|
||
countryOnly CountryOnly,
|
||
regions SequenceOfUint8
|
||
}
|
||
|
||
/**
|
||
* @class CountryAndSubregions
|
||
*
|
||
* @brief In this structure:
|
||
* <br><br><b>Critical information fields</b>:
|
||
* <ul>
|
||
* <li> If present, this is a critical information field as defined in 5.2.6.
|
||
* An implementation that does not recognize RegionAndSubregions or
|
||
* CountryAndSubregions values when verifying a signed SPDU shall indicate
|
||
* that the signed SPDU is invalid. A compliant implementation shall support
|
||
* CountryAndSubregions containing at least eight RegionAndSubregions
|
||
* entries.</li>
|
||
* </ul>
|
||
*
|
||
* <b>Parameters</b>:
|
||
*
|
||
* @param country is a CountryOnly as defined above.
|
||
*
|
||
* @param regionAndSubregions identifies one or more subregions within
|
||
* country. If country indicates the United States of America, the values in
|
||
* this field identify the county or county equivalent entity using the
|
||
* integer version of the 2010 FIPS codes as provided by the U.S. Census
|
||
* Bureau (see normative references in Clause 2). For other values of
|
||
* country, the meaning of regionAndSubregions is not defined in this version
|
||
* of this standard.
|
||
*/
|
||
CountryAndSubregions ::= SEQUENCE {
|
||
country CountryOnly,
|
||
regionAndSubregions SequenceOfRegionAndSubregions
|
||
}
|
||
|
||
/**
|
||
* @class RegionAndSubregions
|
||
*
|
||
* @brief In this structure:
|
||
* <br><br><b>Critical information fields</b>:
|
||
* <ul>
|
||
* <li> RegionAndSubregions is a critical information field as defined in
|
||
* 5.2.5. An implementation that does not detect or recognize the the region
|
||
* or subregions values when verifying a signed SPDU shall indicate that the
|
||
* signed SPDU is invalid.</li>
|
||
* </ul>
|
||
*
|
||
* <b>Parameters</b>:
|
||
*
|
||
* @param region identifies a region within a country as specified under
|
||
* CountryAndRegions.
|
||
*
|
||
* @param subregions identifies one or more subregions as specified under
|
||
* CountryAndSubregions.
|
||
*/
|
||
RegionAndSubregions ::= SEQUENCE {
|
||
region Uint8,
|
||
subregions SequenceOfUint16
|
||
}
|
||
|
||
/**
|
||
* @class SequenceOfRegionAndSubregions
|
||
*
|
||
* @brief This type is used for clarity of definitions.
|
||
*/
|
||
SequenceOfRegionAndSubregions ::= SEQUENCE OF RegionAndSubregions
|
||
|
||
/**
|
||
* @class ThreeDLocation
|
||
*
|
||
* @brief This structure contains an estimate of 3D location. The details of
|
||
* the structure are given in the definitions of the individual fields below.
|
||
*
|
||
* <br><br>NOTE: The units used in this data structure are consistent with the
|
||
* location data structures used in SAE J2735, though the encoding is
|
||
* incompatible.
|
||
*/
|
||
ThreeDLocation ::= SEQUENCE {
|
||
latitude Latitude,
|
||
longitude Longitude,
|
||
elevation Elevation
|
||
}
|
||
|
||
/**
|
||
* @class Latitude
|
||
*
|
||
* @brief This type contains an INTEGER encoding an estimate of the latitude
|
||
* with precision 1/10th microdegree relative to the World Geodetic System
|
||
* (WGS)-84 datum as defined in NIMA Technical Report TR8350.2.
|
||
*/
|
||
Latitude ::= NinetyDegreeInt
|
||
|
||
/**
|
||
* @class Longitude
|
||
*
|
||
* @brief This type contains an INTEGER encoding an estimate of the longitude
|
||
* with precision 1/10th microdegree relative to the World Geodetic System
|
||
* (WGS)-84 datum as defined in NIMA Technical Report TR8350.2.
|
||
*/
|
||
Longitude ::= OneEightyDegreeInt
|
||
|
||
/**
|
||
* @class Elevation
|
||
*
|
||
* @brief This structure contains an estimate of the geodetic altitude above
|
||
* or below the WGS84 ellipsoid. The 16-bit value is interpreted as an
|
||
* integer number of decimeters representing the height above a minimum
|
||
* height of −409.5 m, with the maximum height being 6143.9 m.
|
||
*/
|
||
Elevation ::= Uint16
|
||
|
||
/**
|
||
* @class NinetyDegreeInt
|
||
*
|
||
* @brief The integer in the latitude field is no more than 900,000,000 and
|
||
* no less than −900,000,000, except that the value 900,000,001 is used to
|
||
* indicate the latitude was not available to the sender.
|
||
*/
|
||
NinetyDegreeInt ::= INTEGER {
|
||
min (-900000000),
|
||
max (900000000),
|
||
unknown (900000001)
|
||
} (-900000000..900000001)
|
||
|
||
/**
|
||
* @class KnownLatitude
|
||
*
|
||
* @brief The known latitudes are from -900,000,000 to +900,000,000 in 0.1
|
||
* microdegree intervals.
|
||
*/
|
||
KnownLatitude ::= NinetyDegreeInt (min..max)
|
||
|
||
/**
|
||
* @class UnknownLatitude
|
||
*
|
||
* @brief The value 900,000,001 indicates that the latitude was not
|
||
* available to the sender.
|
||
*/
|
||
UnknownLatitude ::= NinetyDegreeInt (unknown)
|
||
|
||
/**
|
||
* @class OneEightyDegreeInt
|
||
*
|
||
* @brief The integer in the longitude field is no more than 1,800,000,000
|
||
* and no less than −1,799,999,999, except that the value 1,800,000,001 is
|
||
* used to indicate that the longitude was not available to the sender.
|
||
*/
|
||
OneEightyDegreeInt ::= INTEGER {
|
||
min (-1799999999),
|
||
max (1800000000),
|
||
unknown (1800000001)
|
||
} (-1799999999..1800000001)
|
||
|
||
/**
|
||
* @class KnownLongitude
|
||
*
|
||
* @brief The known longitudes are from -1,799,999,999 to +1,800,000,000 in
|
||
* 0.1 microdegree intervals.
|
||
*/
|
||
KnownLongitude ::= OneEightyDegreeInt (min..max)
|
||
|
||
/**
|
||
* @class UnknownLongitude
|
||
*
|
||
* @brief The value 1,800,000,001 indicates that the longitude was not
|
||
* available to the sender.
|
||
*/
|
||
UnknownLongitude ::= OneEightyDegreeInt (unknown)
|
||
|
||
|
||
--***************************************************************************--
|
||
-- Crypto Structures --
|
||
--***************************************************************************--
|
||
|
||
/**
|
||
* @class Signature
|
||
*
|
||
* @brief This structure represents a signature for a supported public key
|
||
* algorithm. It may be contained within SignedData or Certificate.
|
||
*
|
||
* <br><br><b>Critical information fields</b>: If present, this is a critical
|
||
* information field as defined in 5.2.5. An implementation that does not
|
||
* recognize the indicated CHOICE for this type when verifying a signed SPDU
|
||
* shall indicate that the signed SPDU is invalid.
|
||
*/
|
||
Signature ::= CHOICE {
|
||
ecdsaNistP256Signature EcdsaP256Signature,
|
||
ecdsaBrainpoolP256r1Signature EcdsaP256Signature,
|
||
...,
|
||
ecdsaBrainpoolP384r1Signature EcdsaP384Signature
|
||
}
|
||
|
||
/**
|
||
* @class EcdsaP256Signature
|
||
*
|
||
* @brief This structure represents an ECDSA signature. The signature is
|
||
* generated as specified in 5.3.1.
|
||
*
|
||
* <br><br>If the signature process followed the specification of FIPS 186-4
|
||
* and output the integer r, r is represented as an EccP256CurvePoint
|
||
* indicating the selection x-only.
|
||
*
|
||
* <br><br>If the signature process followed the specification of SEC 1 and
|
||
* output the elliptic curve point R to allow for fast verification, R is
|
||
* represented as an EccP256CurvePoint indicating the choice compressed-y-0,
|
||
* compressed-y-1, or uncompressed at the sender’s discretion.
|
||
*
|
||
* <br><br>Encoding considerations: If this structure is encoded for hashing,
|
||
* the EccP256CurvePoint in rSig shall be taken to be of form x-only.
|
||
*
|
||
* <br><br>NOTE: When the signature is of form x-only, the x-value in rSig is
|
||
* an integer mod n, the order of the group; when the signature is of form
|
||
* compressed-y-*, the x-value in rSig is an integer mod p, the underlying
|
||
* prime defining the finite field. In principle this means that to convert a
|
||
* signature from form compressed-y-* to form x-only, the x-value should be
|
||
* checked to see if it lies between n and p and reduced mod n if so. In
|
||
* practice this check is unnecessary: Haase’s Theorem states that difference
|
||
* between n and p is always less than 2*square-root(p), and so the chance
|
||
* that an integer lies between n and p, for a 256-bit curve, is bounded
|
||
* above by approximately square-root(p)/p or 2^(−128). For the 256-bit
|
||
* curves in this standard, the exact values of n and p in hexadecimal are:
|
||
*
|
||
* <br><br>NISTp256:
|
||
* <ul>
|
||
* <li> p = FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF
|
||
* </li>
|
||
* <li> n = FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551
|
||
* </li>
|
||
* </ul>
|
||
*
|
||
* Brainpoolp256:
|
||
* <ul>
|
||
* <li> p = A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377
|
||
* </li>
|
||
* <li> n = A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7
|
||
* </li>
|
||
* </ul>
|
||
*/
|
||
EcdsaP256Signature ::= SEQUENCE {
|
||
rSig EccP256CurvePoint,
|
||
sSig OCTET STRING (SIZE (32))
|
||
}
|
||
|
||
/**
|
||
* @class EcdsaP384Signature
|
||
*
|
||
* @brief This structure represents an ECDSA signature. The signature is
|
||
* generated as specified in 5.3.1.
|
||
*
|
||
* <br><br>If the signature process followed the specification of FIPS 186-4
|
||
* and output the integer r, r is represented as an EccP384CurvePoint
|
||
* indicating the selection x-only.
|
||
*
|
||
* <br><br>If the signature process followed the specification of SEC 1 and
|
||
* output the elliptic curve point R to allow for fast verification, R is
|
||
* represented as an EccP384CurvePoint indicating the choice compressed-y-0,
|
||
* compressed-y-1, or uncompressed at the sender’s discretion.
|
||
*
|
||
* <br><br>Encoding considerations: If this structure is encoded for hashing,
|
||
* the EccP256CurvePoint in rSig shall be taken to be of form x-only.
|
||
*
|
||
* <br><br>NOTE: When the signature is of form x-only, the x-value in rSig is
|
||
* an integer mod n, the order of the group; when the signature is of form
|
||
* compressed-y-*, the x-value in rSig is an integer mod p, the underlying
|
||
* prime defining the finite field. In principle this means that to convert a
|
||
* signature from form compressed-y-* to form x-only, the x-value should be
|
||
* checked to see if it lies between n and p and reduced mod n if so. In
|
||
* practice this check is unnecessary: Haase’s Theorem states that difference
|
||
* between n and p is always less than 2*square-root(p), and so the chance
|
||
* that an integer lies between n and p, for a 384-bit curve, is bounded
|
||
* above by approximately square-root(p)/p or 2^(−192). For the 384-bit curve
|
||
* in this standard, the exact values of n and p in hexadecimal are:
|
||
* <ul>
|
||
* <li> p = 8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123
|
||
* ACD3A729901D1A71874700133107EC53</li>
|
||
*
|
||
* <li> n = 8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7
|
||
* CF3AB6AF6B7FC3103B883202E9046565</li>
|
||
* </ul>
|
||
*/
|
||
EcdsaP384Signature ::= SEQUENCE {
|
||
rSig EccP384CurvePoint,
|
||
sSig OCTET STRING (SIZE (48))
|
||
}
|
||
|
||
/**
|
||
* @class EccP256CurvePoint
|
||
*
|
||
* @brief This structure specifies a point on an elliptic curve in
|
||
* Weierstrass form defined over a 256-bit prime number. This encompasses
|
||
* both NIST p256 as defined in FIPS 186-4 and Brainpool p256r1 as defined in
|
||
* RFC 5639. The fields in this structure are OCTET STRINGS produced with the
|
||
* elliptic curve point encoding and decoding methods defined in subclause
|
||
* 5.5.6 of IEEE Std 1363-2000. The x-coordinate is encoded as an unsigned
|
||
* integer of length 32 octets in network byte order for all values of the
|
||
* CHOICE; the encoding of the y-coordinate y depends on whether the point is
|
||
* x-only, compressed, or uncompressed. If the point is x-only, y is omitted.
|
||
* If the point is compressed, the value of type depends on the least
|
||
* significant bit of y: if the least significant bit of y is 0, type takes
|
||
* the value compressed-y-0, and if the least significant bit of y is 1, type
|
||
* takes the value compressed-y-1. If the point is uncompressed, y is encoded
|
||
* explicitly as an unsigned integer of length 32 octets in network byte order.
|
||
*/
|
||
EccP256CurvePoint ::= CHOICE {
|
||
x-only OCTET STRING (SIZE (32)),
|
||
fill NULL,
|
||
compressed-y-0 OCTET STRING (SIZE (32)),
|
||
compressed-y-1 OCTET STRING (SIZE (32)),
|
||
uncompressedP256 SEQUENCE {
|
||
x OCTET STRING (SIZE (32)),
|
||
y OCTET STRING (SIZE (32))
|
||
}
|
||
}
|
||
|
||
/**
|
||
* @class EccP384CurvePoint
|
||
*
|
||
* @brief This structure specifies a point on an elliptic curve in
|
||
* Weierstrass form defined over a 384-bit prime number. The only supported
|
||
* such curve in this standard is Brainpool p384r1 as defined in RFC 5639.
|
||
* The fields in this structure are OCTET STRINGS produced with the elliptic
|
||
* curve point encoding and decoding methods defined in subclause 5.5.6 of
|
||
* IEEE Std 1363-2000. The x-coordinate is encoded as an unsigned integer of
|
||
* length 48 octets in network byte order for all values of the CHOICE; the
|
||
* encoding of the y-coordinate y depends on whether the point is x-only,
|
||
* compressed, or uncompressed. If the point is x-only, y is omitted. If the
|
||
* point is compressed, the value of type depends on the least significant
|
||
* bit of y: if the least significant bit of y is 0, type takes the value
|
||
* compressed-y-0, and if the least significant bit of y is 1, type takes the
|
||
* value compressed-y-1. If the point is uncompressed, y is encoded
|
||
* explicitly as an unsigned integer of length 48 octets in network byte order.
|
||
*/
|
||
EccP384CurvePoint ::= CHOICE {
|
||
x-only OCTET STRING (SIZE (48)),
|
||
fill NULL,
|
||
compressed-y-0 OCTET STRING (SIZE (48)),
|
||
compressed-y-1 OCTET STRING (SIZE (48)),
|
||
uncompressedP384 SEQUENCE {
|
||
x OCTET STRING (SIZE (48)),
|
||
y OCTET STRING (SIZE (48))
|
||
}
|
||
}
|
||
|
||
/**
|
||
* @class SymmAlgorithm
|
||
*
|
||
* @brief This enumerated value indicates supported symmetric algorithms. The
|
||
* only symmetric algorithm supported in this version of this standard is
|
||
* AES-CCM as specified in 5.3.7.
|
||
*/
|
||
SymmAlgorithm ::= ENUMERATED {
|
||
aes128Ccm,
|
||
...
|
||
}
|
||
|
||
/**
|
||
* @class HashAlgorithm
|
||
*
|
||
* @brief This structure identifies a hash algorithm. The value is sha256,
|
||
* indicates SHA-256 as specified in 5.3.3. The value sha384 indicates
|
||
* SHA-384 as specified in 5.3.3.
|
||
*
|
||
* <br><br><b>Critical information fields</b>: This is a critical information
|
||
* field as defined in 5.2.6. An implementation that does not recognize the
|
||
* enumerated value of this type in a signed SPDU when verifying a signed
|
||
* SPDU shall indicate that the signed SPDU is invalid.
|
||
*/
|
||
HashAlgorithm ::= ENUMERATED {
|
||
sha256,
|
||
...,
|
||
sha384
|
||
}
|
||
|
||
/**
|
||
* @class EciesP256EncryptedKey
|
||
*
|
||
* @brief This data structure is used to transfer a 16-byte symmetric key
|
||
* encrypted using ECIES as specified in IEEE Std 1363a-2004.
|
||
*
|
||
* <br><br>Encryption and decryption are carried out as specified in 5.3.4.
|
||
*
|
||
* <br><br><b>Parameters</b>:
|
||
*
|
||
* @param v is the sender’s ephemeral public key, which is the output V from
|
||
* encryption as specified in 5.3.4.
|
||
*
|
||
* @param c is the encrypted symmetric key, which is the output C from
|
||
* encryption as specified in 5.3.4. The algorithm for the symmetric key is
|
||
* identified by the CHOICE indicated in the following SymmetricCiphertext.
|
||
*
|
||
* @param t is the authentication tag, which is the output tag from
|
||
* encryption as specified in 5.3.4.
|
||
*/
|
||
EciesP256EncryptedKey ::= SEQUENCE {
|
||
v EccP256CurvePoint,
|
||
c OCTET STRING (SIZE (16)),
|
||
t OCTET STRING (SIZE (16))
|
||
}
|
||
|
||
/**
|
||
* @class EncryptionKey
|
||
*
|
||
* @brief This structure contains an encryption key, which may be a public or
|
||
* a symmetric key.
|
||
*/
|
||
EncryptionKey ::= CHOICE {
|
||
public PublicEncryptionKey,
|
||
symmetric SymmetricEncryptionKey
|
||
}
|
||
|
||
/**
|
||
* @class PublicEncryptionKey
|
||
*
|
||
* @brief This structure specifies a public encryption key and the associated
|
||
* symmetric algorithm which is used for bulk data encryption when encrypting
|
||
* for that public key.
|
||
*/
|
||
PublicEncryptionKey ::= SEQUENCE {
|
||
supportedSymmAlg SymmAlgorithm,
|
||
publicKey BasePublicEncryptionKey
|
||
}
|
||
|
||
/**
|
||
* @class BasePublicEncryptionKey
|
||
*
|
||
* @brief This structure specifies the bytes of a public encryption key for a
|
||
* particular algorithm. The only algorithm supported is ECIES over either
|
||
* the NIST P256 or the Brainpool P256r1 curve as specified in 5.3.4.
|
||
*/
|
||
BasePublicEncryptionKey ::= CHOICE {
|
||
eciesNistP256 EccP256CurvePoint,
|
||
eciesBrainpoolP256r1 EccP256CurvePoint,
|
||
...
|
||
}
|
||
|
||
/**
|
||
* @class PublicVerificationKey
|
||
*
|
||
* @brief This structure represents a public key and states with what
|
||
* algorithm the public key is to be used. Cryptographic mechanisms are
|
||
* defined in 5.3.
|
||
*
|
||
* <br><br>An EccP256CurvePoint or EccP384CurvePoint within a
|
||
* PublicVerificationKey structure is invalid if it indicates the choice
|
||
* x-only.
|
||
*
|
||
* <br><br><b>Critical information fields</b>: If present, this is a critical
|
||
* information field as defined in 5.2.6. An implementation that does not
|
||
* recognize the indicated CHOICE when verifying a signed SPDU shall indicate
|
||
* that the signed SPDU is invalid.
|
||
*/
|
||
PublicVerificationKey ::= CHOICE {
|
||
ecdsaNistP256 EccP256CurvePoint,
|
||
ecdsaBrainpoolP256r1 EccP256CurvePoint,
|
||
...,
|
||
ecdsaBrainpoolP384r1 EccP384CurvePoint
|
||
}
|
||
|
||
/**
|
||
* @class SymmetricEncryptionKey
|
||
*
|
||
* @brief This structure provides the key bytes for use with an identified
|
||
* symmetric algorithm. The only supported symmetric algorithm is AES-128 in
|
||
* CCM mode as specified in 5.3.7.
|
||
*/
|
||
SymmetricEncryptionKey ::= CHOICE {
|
||
aes128Ccm OCTET STRING(SIZE(16)),
|
||
...
|
||
}
|
||
|
||
|
||
--***************************************************************************--
|
||
-- PSID / ITS-AID --
|
||
--***************************************************************************--
|
||
|
||
/**
|
||
* @class PsidSsp
|
||
*
|
||
* @brief This structure represents the permissions that the certificate
|
||
* holder has with respect to data for a single application area, identified
|
||
* by a Psid. If the ServiceSpecificPermissions field is omitted, it
|
||
* indicates that the certificate holder has the default permissions
|
||
* associated with that Psid.
|
||
*
|
||
* <br><br><b>Consistency with signed SPDU</b>. As noted in 5.1.1,
|
||
* consistency between the SSP and the signed SPDU is defined by rules
|
||
* specific to the given PSID and is out of scope for this standard.
|
||
*
|
||
* <br><br><b>Consistency with issuing certificate</b>.
|
||
*
|
||
* <br><br>If a certificate has an appPermissions entry A for which the ssp
|
||
* field is omitted, A is consistent with the issuing certificate if the
|
||
* issuing certificate contains a PsidSspRange P for which the following holds:
|
||
* <ul>
|
||
* <li> The psid field in P is equal to the psid field in A and one of the
|
||
* following is true:</li>
|
||
* <ul>
|
||
* <li> The sspRange field in P indicates all.</li>
|
||
*
|
||
* <li> The sspRange field in P indicates opaque and one of the entries in
|
||
* opaque is an OCTET STRING of length 0.</li>
|
||
* </ul>
|
||
* </ul>
|
||
*
|
||
* For consistency rules for other forms of the ssp field, see the
|
||
* following subclauses.
|
||
*/
|
||
PsidSsp ::= SEQUENCE {
|
||
psid Psid,
|
||
ssp ServiceSpecificPermissions OPTIONAL
|
||
}
|
||
|
||
/**
|
||
* @class SequenceOfPsidSsp
|
||
*
|
||
* @brief This type is used for clarity of definitions.
|
||
*/
|
||
SequenceOfPsidSsp ::= SEQUENCE OF PsidSsp
|
||
|
||
/**
|
||
* @class Psid
|
||
*
|
||
* @brief This type represents the PSID defined in IEEE Std 1609.12.
|
||
*/
|
||
Psid ::= INTEGER (0..MAX)
|
||
|
||
/**
|
||
* @class SequenceOfPsid
|
||
*
|
||
* @brief This type is used for clarity of definitions.
|
||
*/
|
||
SequenceOfPsid ::= SEQUENCE OF Psid
|
||
|
||
/**
|
||
* @class ServiceSpecificPermissions
|
||
*
|
||
* @brief This structure represents the Service Specific Permissions (SSP)
|
||
* relevant to a given entry in a PsidSsp. The meaning of the SSP is specific
|
||
* to the associated Psid. SSPs may be PSID-specific octet strings or
|
||
* bitmap-based. See Annex C for further discussion of how application
|
||
* specifiers may choose which SSP form to use.
|
||
*
|
||
* <br><br><b>Consistency with issuing certificate</b>.
|
||
*
|
||
* <br><br>If a certificate has an appPermissions entry A for which the ssp
|
||
* field is opaque, A is consistent with the issuing certificate if the
|
||
* issuing certificate contains one of the following:
|
||
* <ul>
|
||
* <li> (OPTION 1) A SubjectPermissions field indicating the choice all and
|
||
* no PsidSspRange field containing the psid field in A;</li>
|
||
*
|
||
* <li> (OPTION 2) A PsidSspRange P for which the following holds:</li>
|
||
* <ul>
|
||
* <li> The psid field in P is equal to the psid field in A and one of the
|
||
* following is true:</li>
|
||
* <ul>
|
||
* <li> The sspRange field in P indicates all.</li>
|
||
*
|
||
* <li> The sspRange field in P indicates opaque and one of the entries in
|
||
* the opaque field in P is an OCTET STRING identical to the opaque field in
|
||
* A.</li>
|
||
* </ul>
|
||
* </ul>
|
||
* </ul>
|
||
*
|
||
* For consistency rules for other types of ServiceSpecificPermissions,
|
||
* see the following subclauses.
|
||
*/
|
||
ServiceSpecificPermissions ::= CHOICE {
|
||
opaque OCTET STRING (SIZE(0..MAX)),
|
||
...,
|
||
bitmapSsp BitmapSsp
|
||
}
|
||
|
||
/**
|
||
* @class BitmapSsp
|
||
*
|
||
* @brief This structure represents a bitmap representation of a SSP. The
|
||
* mapping of the bits of the bitmap to constraints on the signed SPDU is
|
||
* PSID-specific.
|
||
*
|
||
* <br><br><b>Consistency with issuing certificate</b>.
|
||
*
|
||
* <br><br>If a certificate has an appPermissions entry A for which the ssp
|
||
* field is bitmapSsp, A is consistent with the issuing certificate if the
|
||
* issuing certificate contains one of the following:
|
||
* <ul>
|
||
* <li> (OPTION 1) A SubjectPermissions field indicating the choice all and
|
||
* no PsidSspRange field containing the psid field in A;</li>
|
||
*
|
||
* <li> (OPTION 2) A PsidSspRange P for which the following holds:</li>
|
||
* <ul>
|
||
* <li> The psid field in P is equal to the psid field in A and one of the
|
||
* following is true:</li>
|
||
* <ul>
|
||
* <li> EITHER The sspRange field in P indicates all</li>
|
||
*
|
||
* <li> OR The sspRange field in P indicates bitmapSspRange and for every
|
||
* bit set to 1 in the sspBitmask in P, the bit in the identical position in
|
||
* the sspValue in A is set equal to the bit in that position in the
|
||
* sspValue in P.</li>
|
||
* </ul>
|
||
* </ul>
|
||
* </ul>
|
||
*
|
||
* NOTE: A BitmapSsp B is consistent with a BitmapSspRange R if for every
|
||
* bit set to 1 in the sspBitmask in R, the bit in the identical position in
|
||
* B is set equal to the bit in that position in the sspValue in R. For each
|
||
* bit set to 0 in the sspBitmask in R, the corresponding bit in the
|
||
* identical position in B may be freely set to 0 or 1, i.e., if a bit is
|
||
* set to 0 in the sspBitmask in R, the value of corresponding bit in the
|
||
* identical position in B has no bearing on whether B and R are consistent.
|
||
*/
|
||
BitmapSsp ::= OCTET STRING (SIZE(0..31))
|
||
|
||
/**
|
||
* @class PsidSspRange
|
||
*
|
||
* @brief This structure represents the certificate issuing or requesting
|
||
* permissions of the certificate holder with respect to one particular set
|
||
* of application permissions.
|
||
*
|
||
* @param psid identifies the application area.
|
||
*
|
||
* @param sspRange identifies the SSPs associated with that PSID for which
|
||
* the holder may issue or request certificates. If sspRange is omitted, the
|
||
* holder may issue or request certificates for any SSP for that PSID.
|
||
*/
|
||
PsidSspRange ::= SEQUENCE {
|
||
psid Psid,
|
||
sspRange SspRange OPTIONAL
|
||
}
|
||
|
||
/**
|
||
* @class SequenceOfPsidSspRange
|
||
*
|
||
* @brief This type is used for clarity of definitions.
|
||
*/
|
||
SequenceOfPsidSspRange ::= SEQUENCE OF PsidSspRange
|
||
|
||
/**
|
||
* @class SspRange
|
||
*
|
||
* @brief This structure identifies the SSPs associated with a PSID for
|
||
* which the holder may issue or request certificates.
|
||
*
|
||
* <br><br><b>Consistency with issuing certificate</b>.
|
||
*
|
||
* <br><br>If a certificate has a PsidSspRange A for which the ssp field is
|
||
* opaque, A is consistent with the issuing certificate if the issuing
|
||
* certificate contains one of the following:
|
||
* <ul>
|
||
* <li> (OPTION 1) A SubjectPermissions field indicating the choice all and
|
||
* no PsidSspRange field containing the psid field in A;</li>
|
||
*
|
||
* <li> (OPTION 2) a PsidSspRange P for which the following holds:</li>
|
||
* <ul>
|
||
* <li> The psid field in P is equal to the psid field in A and one of the
|
||
* following is true:</li>
|
||
* <ul>
|
||
* <li> The sspRange field in P indicates all.</li>
|
||
*
|
||
* <li> The sspRange field in P indicates opaque, and the sspRange field in
|
||
* A indicates opaque, and every OCTET STRING within the opaque in A is a
|
||
* duplicate of an OCTET STRING within the opaque in P.</li>
|
||
* </ul>
|
||
* </ul>
|
||
* </ul>
|
||
*
|
||
* If a certificate has a PsidSspRange A for which the ssp field is all,
|
||
* A is consistent with the issuing certificate if the issuing certificate
|
||
* contains a PsidSspRange P for which the following holds:
|
||
* <ul>
|
||
* <li> (OPTION 1) A SubjectPermissions field indicating the choice all and
|
||
* no PsidSspRange field containing the psid field in A;</li>
|
||
*
|
||
* <li>(OPTION 2) A PsidSspRange P for which the psid field in P is equal to
|
||
* the psid field in A and the sspRange field in P indicates all.</li>
|
||
* </ul>
|
||
*
|
||
* For consistency rules for other types of SspRange, see the following
|
||
* subclauses.
|
||
*
|
||
* <br><br>NOTE: The choice "all" may also be indicated by omitting the
|
||
* SspRange in the enclosing PsidSspRange structure. Omitting the SspRange is
|
||
* preferred to explicitly indicating "all".
|
||
*/
|
||
SspRange ::= CHOICE {
|
||
opaque SequenceOfOctetString,
|
||
all NULL,
|
||
... ,
|
||
bitmapSspRange BitmapSspRange
|
||
}
|
||
|
||
/**
|
||
* @class BitmapSspRange
|
||
*
|
||
* @brief This structure represents a bitmap representation of a SSP. The
|
||
* sspValue indicates permissions. The sspBitmask contains an octet string
|
||
* used to permit or constrain sspValue fields in issued certificates. The
|
||
* sspValue and sspBitmask fields shall be of the same length.
|
||
*
|
||
* <br><br><b>Consistency with issuing certificate</b>.
|
||
*
|
||
* <br><br>If a certificate has an PsidSspRange value P for which the
|
||
* sspRange field is bitmapSspRange, P is consistent with the issuing
|
||
* certificate if the issuing certificate contains one of the following:
|
||
* <ul>
|
||
* <li> (OPTION 1) A SubjectPermissions field indicating the choice all and
|
||
* no PsidSspRange field containing the psid field in P;</li>
|
||
*
|
||
* <li> (OPTION 2) A PsidSspRange R for which the following holds:</li>
|
||
* <ul>
|
||
* <li> The psid field in R is equal to the psid field in P and one of the
|
||
* following is true:</li>
|
||
* <ul>
|
||
* <li> EITHER The sspRange field in R indicates all</li>
|
||
*
|
||
* <li> OR The sspRange field in R indicates bitmapSspRange and for every
|
||
* bit set to 1 in the sspBitmask in R:</li>
|
||
* <ul>
|
||
* <li> The bit in the identical position in the sspBitmask in P is set
|
||
* equal to 1, AND</li>
|
||
*
|
||
* <li> The bit in the identical position in the sspValue in P is set equal
|
||
* to the bit in that position in the sspValue in R.</li>
|
||
* </ul>
|
||
* </ul>
|
||
* </ul>
|
||
* </ul>
|
||
*
|
||
* <br>Reference ETSI TS 103 097 [B7] for more information on bitmask SSPs.
|
||
*/
|
||
BitmapSspRange ::= SEQUENCE {
|
||
sspValue OCTET STRING (SIZE(1..32)),
|
||
sspBitmask OCTET STRING (SIZE(1..32))
|
||
}
|
||
|
||
/**
|
||
* @class SequenceOfOctetString
|
||
*
|
||
* @brief This type is used for clarity of definitions.
|
||
*/
|
||
SequenceOfOctetString ::=
|
||
SEQUENCE (SIZE (0..MAX)) OF OCTET STRING (SIZE(0..MAX))
|
||
|
||
|
||
--***************************************************************************--
|
||
-- Certificate Components --
|
||
--***************************************************************************--
|
||
|
||
/**
|
||
* @class SubjectAssurance
|
||
*
|
||
* @brief This field contains the certificate holder’s assurance level, which
|
||
* indicates the security of both the platform and storage of secret keys as
|
||
* well as the confidence in this assessment.
|
||
*
|
||
* <br><br>This field is encoded as defined in Table 1, where "A" denotes bit
|
||
* fields specifying an assurance level, "R" reserved bit fields, and "C" bit
|
||
* fields specifying the confidence.
|
||
*
|
||
* <br><br>Table 1: Bitwise encoding of subject assurance
|
||
*
|
||
* <table>
|
||
* <tr>
|
||
* <td><b>Bit number</b></td> <td>7</td> <td>6</td> <td>5</td> <td>4</td>
|
||
* <td>3</td> <td>2</td> <td>1</td> <td>0</td>
|
||
* </tr>
|
||
* <tr>
|
||
* <td><b>Interpretation</b></td> <td>A</td> <td>A</td> <td>A</td> <td>R</td>
|
||
* <td>R</td> <td>R</td> <td>C</td> <td>C</td>
|
||
* </tr>
|
||
* </table>
|
||
*
|
||
* In Table 1, bit number 0 denotes the least significant bit. Bit 7
|
||
* to bit 5 denote the device's assurance levels, bit 4 to bit 2 are reserved
|
||
* for future use, and bit 1 and bit 0 denote the confidence.
|
||
*
|
||
* <br><br>The specification of these assurance levels as well as the
|
||
* encoding of the confidence levels is outside the scope of the present
|
||
* document. It can be assumed that a higher assurance value indicates that
|
||
* the holder is more trusted than the holder of a certificate with lower
|
||
* assurance value and the same confidence value.
|
||
*
|
||
* <br><br>NOTE: This field was originally specified in ETSI TS 103 097 [B7]
|
||
* and future uses of this field are anticipated to be consistent with future
|
||
* versions of that document.
|
||
*/
|
||
SubjectAssurance ::= OCTET STRING (SIZE(1))
|
||
|
||
/**
|
||
* @class CrlSeries
|
||
*
|
||
* @brief This integer identifies a series of CRLs issued under the authority
|
||
* of a particular CRACA.
|
||
*/
|
||
CrlSeries ::= Uint16
|
||
|
||
|
||
--***************************************************************************--
|
||
-- Pseudonym Linkage --
|
||
--***************************************************************************--
|
||
|
||
/**
|
||
* @class IValue
|
||
*
|
||
* @brief This atomic type is used in the definition of other data structures.
|
||
*/
|
||
IValue ::= Uint16
|
||
|
||
/**
|
||
* @class Hostname
|
||
*
|
||
* @brief This is a UTF-8 string as defined in IETF RFC 3629. The contents
|
||
* are determined by policy.
|
||
*/
|
||
Hostname ::= UTF8String (SIZE(0..255))
|
||
|
||
/**
|
||
* @class LinkageValue
|
||
*
|
||
* @brief This is the individual linkage value. See 5.1.3 and 7.3 for details
|
||
* of use.
|
||
*/
|
||
LinkageValue ::= OCTET STRING (SIZE(9))
|
||
|
||
/**
|
||
* @class GroupLinkageValue
|
||
*
|
||
* @brief This is the group linkage value. See 5.1.3 and 7.3 for details of
|
||
* use.
|
||
*/
|
||
GroupLinkageValue ::= SEQUENCE {
|
||
jValue OCTET STRING (SIZE(4)),
|
||
value OCTET STRING (SIZE(9))
|
||
}
|
||
|
||
/**
|
||
* @class LaId
|
||
*
|
||
* @brief This structure contains a LA Identifier for use in the algorithms
|
||
* specified in 5.1.3.4.
|
||
*/
|
||
LaId ::= OCTET STRING (SIZE(2))
|
||
|
||
/**
|
||
* @class LinkageSeed
|
||
*
|
||
* @brief This structure contains a linkage seed value for use in the
|
||
* algorithms specified in 5.1.3.4.
|
||
*/
|
||
LinkageSeed ::= OCTET STRING (SIZE(16))
|
||
|
||
END
|