315 lines
8.4 KiB
Groff
315 lines
8.4 KiB
Groff
IEEE1609dot2 {iso(1) identified-organization(3) ieee(111)
|
|
standards-association-numbered-series-standards(2) wave-stds(1609)
|
|
dot2(2) base(1) schema(1) major-version-2(2)}
|
|
|
|
-- Minor version: 1
|
|
|
|
--******************************************************************************
|
|
--
|
|
-- IEEE P1609.2 Data Types
|
|
--
|
|
--******************************************************************************
|
|
|
|
DEFINITIONS AUTOMATIC TAGS ::= BEGIN
|
|
|
|
EXPORTS ALL;
|
|
|
|
IMPORTS
|
|
CrlSeries,
|
|
EccP256CurvePoint,
|
|
EciesP256EncryptedKey,
|
|
EncryptionKey,
|
|
GeographicRegion,
|
|
GroupLinkageValue,
|
|
HashAlgorithm,
|
|
HashedId3,
|
|
HashedId8,
|
|
Hostname,
|
|
IValue,
|
|
LinkageValue,
|
|
Opaque,
|
|
Psid,
|
|
PsidSsp,
|
|
PsidSspRange,
|
|
PublicEncryptionKey,
|
|
PublicVerificationKey,
|
|
SequenceOfHashedId3,
|
|
SequenceOfPsidSsp,
|
|
SequenceOfPsidSspRange,
|
|
ServiceSpecificPermissions,
|
|
Signature,
|
|
SubjectAssurance,
|
|
SymmetricEncryptionKey,
|
|
ThreeDLocation,
|
|
Time64,
|
|
Uint3,
|
|
Uint8,
|
|
Uint16,
|
|
Uint32,
|
|
ValidityPeriod
|
|
FROM IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111)
|
|
standards-association-numbered-series-standards(2) wave-stds(1609)
|
|
dot2(2) base(1) base-types(2) major-version-2 (2)}
|
|
|
|
;
|
|
|
|
--
|
|
--*********************************************************************
|
|
--
|
|
-- Structures for describing secured data
|
|
--
|
|
--*********************************************************************
|
|
|
|
-- Necessary to get certain tools to generate sample PDUs
|
|
-- TestIeee1609Dot2Data ::= Ieee1609Dot2Data
|
|
-- TestCertificate ::= Certificate
|
|
|
|
-- this structure belongs later in the file but putting it here avoids
|
|
-- compiler errors with certain tools
|
|
SignedDataPayload ::= SEQUENCE {
|
|
data Ieee1609Dot2Data OPTIONAL,
|
|
extDataHash HashedData OPTIONAL,
|
|
...
|
|
}
|
|
(WITH COMPONENTS {..., data PRESENT} |
|
|
WITH COMPONENTS {..., extDataHash PRESENT})
|
|
|
|
Ieee1609Dot2Data ::= SEQUENCE {
|
|
protocolVersion Uint8(3),
|
|
content Ieee1609Dot2Content
|
|
}
|
|
|
|
Ieee1609Dot2Content ::= CHOICE {
|
|
unsecuredData Opaque,
|
|
signedData SignedData,
|
|
encryptedData EncryptedData,
|
|
signedCertificateRequest Opaque,
|
|
...
|
|
}
|
|
|
|
SignedData ::= SEQUENCE {
|
|
hashId HashAlgorithm,
|
|
tbsData ToBeSignedData,
|
|
signer SignerIdentifier,
|
|
signature Signature
|
|
}
|
|
|
|
SignerIdentifier ::= CHOICE {
|
|
digest HashedId8,
|
|
certificate SequenceOfCertificate,
|
|
self NULL,
|
|
...
|
|
}
|
|
|
|
ToBeSignedData ::= SEQUENCE {
|
|
payload SignedDataPayload,
|
|
headerInfo HeaderInfo
|
|
}
|
|
|
|
HashedData::= CHOICE {
|
|
sha256HashedData OCTET STRING (SIZE(32)),
|
|
...
|
|
}
|
|
|
|
HeaderInfo ::= SEQUENCE {
|
|
psid Psid,
|
|
generationTime Time64 OPTIONAL,
|
|
expiryTime Time64 OPTIONAL,
|
|
generationLocation ThreeDLocation OPTIONAL,
|
|
p2pcdLearningRequest HashedId3 OPTIONAL,
|
|
missingCrlIdentifier MissingCrlIdentifier OPTIONAL,
|
|
encryptionKey EncryptionKey OPTIONAL,
|
|
...,
|
|
inlineP2pcdRequest SequenceOfHashedId3 OPTIONAL,
|
|
requestedCertificate Certificate OPTIONAL
|
|
}
|
|
|
|
MissingCrlIdentifier ::= SEQUENCE {
|
|
cracaId HashedId3,
|
|
crlSeries CrlSeries,
|
|
...
|
|
}
|
|
|
|
Countersignature ::= Ieee1609Dot2Data (WITH COMPONENTS {...,
|
|
content (WITH COMPONENTS {...,
|
|
signedData (WITH COMPONENTS {...,
|
|
tbsData (WITH COMPONENTS {...,
|
|
payload (WITH COMPONENTS {...,
|
|
data ABSENT,
|
|
extDataHash PRESENT
|
|
}),
|
|
headerInfo(WITH COMPONENTS {...,
|
|
generationTime PRESENT,
|
|
expiryTime ABSENT,
|
|
generationLocation ABSENT,
|
|
p2pcdLearningRequest ABSENT,
|
|
missingCrlIdentifier ABSENT,
|
|
encryptionKey ABSENT
|
|
})
|
|
})
|
|
})
|
|
})
|
|
})
|
|
|
|
--**********************************************************************
|
|
--
|
|
-- Structures for describing encrypted data
|
|
--
|
|
--**********************************************************************
|
|
|
|
|
|
EncryptedData ::= SEQUENCE {
|
|
recipients SequenceOfRecipientInfo,
|
|
ciphertext SymmetricCiphertext
|
|
}
|
|
RecipientInfo ::= CHOICE {
|
|
pskRecipInfo PreSharedKeyRecipientInfo,
|
|
symmRecipInfo SymmRecipientInfo,
|
|
certRecipInfo PKRecipientInfo,
|
|
signedDataRecipInfo PKRecipientInfo,
|
|
rekRecipInfo PKRecipientInfo
|
|
}
|
|
|
|
SequenceOfRecipientInfo ::= SEQUENCE OF RecipientInfo
|
|
|
|
PreSharedKeyRecipientInfo ::= HashedId8
|
|
SymmRecipientInfo ::= SEQUENCE {
|
|
recipientId HashedId8,
|
|
encKey SymmetricCiphertext
|
|
}
|
|
|
|
PKRecipientInfo ::= SEQUENCE {
|
|
recipientId HashedId8,
|
|
encKey EncryptedDataEncryptionKey
|
|
}
|
|
|
|
EncryptedDataEncryptionKey ::= CHOICE {
|
|
eciesNistP256 EciesP256EncryptedKey,
|
|
eciesBrainpoolP256r1 EciesP256EncryptedKey,
|
|
...
|
|
}
|
|
|
|
SymmetricCiphertext ::= CHOICE {
|
|
aes128ccm AesCcmCiphertext,
|
|
...
|
|
}
|
|
|
|
AesCcmCiphertext ::= SEQUENCE {
|
|
nonce OCTET STRING (SIZE (12)),
|
|
ccmCiphertext Opaque -- 16 bytes longer than plaintext
|
|
}
|
|
|
|
|
|
--**********************************************************************
|
|
--
|
|
-- Certificates and other security management data structures
|
|
--
|
|
--**********************************************************************
|
|
|
|
-- Certificates are implicit (type = implicit, toBeSigned includes
|
|
-- reconstruction value, signature absent) or explicit (type = explicit,
|
|
-- toBeSigned includes verification key, signature present).
|
|
|
|
Certificate ::= CertificateBase (ImplicitCertificate | ExplicitCertificate)
|
|
|
|
TestCertificate ::= Certificate
|
|
|
|
SequenceOfCertificate ::= SEQUENCE OF Certificate
|
|
|
|
CertificateBase ::= SEQUENCE {
|
|
version Uint8(3),
|
|
type CertificateType,
|
|
issuer IssuerIdentifier,
|
|
toBeSigned ToBeSignedCertificate,
|
|
signature Signature OPTIONAL
|
|
}
|
|
|
|
CertificateType ::= ENUMERATED {
|
|
explicit,
|
|
implicit,
|
|
...
|
|
}
|
|
|
|
ImplicitCertificate ::= CertificateBase (WITH COMPONENTS {...,
|
|
type(implicit),
|
|
toBeSigned(WITH COMPONENTS {...,
|
|
verifyKeyIndicator(WITH COMPONENTS {reconstructionValue})
|
|
}),
|
|
signature ABSENT
|
|
})
|
|
|
|
ExplicitCertificate ::= CertificateBase (WITH COMPONENTS {...,
|
|
type(explicit),
|
|
toBeSigned(WITH COMPONENTS {...,
|
|
verifyKeyIndicator(WITH COMPONENTS {verificationKey})
|
|
}),
|
|
signature PRESENT
|
|
})
|
|
|
|
IssuerIdentifier ::= CHOICE {
|
|
sha256AndDigest HashedId8,
|
|
self HashAlgorithm,
|
|
...,
|
|
sha384AndDigest HashedId8
|
|
}
|
|
|
|
ToBeSignedCertificate ::= SEQUENCE {
|
|
id CertificateId,
|
|
cracaId HashedId3,
|
|
crlSeries CrlSeries,
|
|
validityPeriod ValidityPeriod,
|
|
region GeographicRegion OPTIONAL,
|
|
assuranceLevel SubjectAssurance OPTIONAL,
|
|
appPermissions SequenceOfPsidSsp OPTIONAL,
|
|
certIssuePermissions SequenceOfPsidGroupPermissions OPTIONAL,
|
|
certRequestPermissions SequenceOfPsidGroupPermissions OPTIONAL,
|
|
canRequestRollover NULL OPTIONAL,
|
|
encryptionKey PublicEncryptionKey OPTIONAL,
|
|
verifyKeyIndicator VerificationKeyIndicator,
|
|
...
|
|
}
|
|
(WITH COMPONENTS { ..., appPermissions PRESENT} |
|
|
WITH COMPONENTS { ..., certIssuePermissions PRESENT} |
|
|
WITH COMPONENTS { ..., certRequestPermissions PRESENT})
|
|
|
|
CertificateId ::= CHOICE {
|
|
linkageData LinkageData,
|
|
name Hostname,
|
|
binaryId OCTET STRING(SIZE(1..64)),
|
|
none NULL,
|
|
...
|
|
}
|
|
|
|
LinkageData ::= SEQUENCE {
|
|
iCert IValue,
|
|
linkage-value LinkageValue,
|
|
group-linkage-value GroupLinkageValue OPTIONAL
|
|
}
|
|
|
|
-- EndEntityType ::= BIT STRING {app (0), enrol (1) } (SIZE (8)) (ALL EXCEPT {})
|
|
EndEntityType ::= BIT STRING {app (0), enrol (1) } (SIZE (8))
|
|
|
|
PsidGroupPermissions ::= SEQUENCE {
|
|
subjectPermissions SubjectPermissions,
|
|
minChainLength INTEGER DEFAULT 1,
|
|
chainLengthRange INTEGER DEFAULT 0,
|
|
eeType EndEntityType DEFAULT {app}
|
|
}
|
|
|
|
SequenceOfPsidGroupPermissions ::= SEQUENCE OF PsidGroupPermissions
|
|
|
|
SubjectPermissions ::= CHOICE {
|
|
explicit SequenceOfPsidSspRange,
|
|
all NULL,
|
|
...
|
|
}
|
|
|
|
VerificationKeyIndicator ::= CHOICE {
|
|
verificationKey PublicVerificationKey,
|
|
reconstructionValue EccP256CurvePoint,
|
|
...
|
|
}
|
|
|
|
END
|
|
|