Goals
The goal is to define messages and other requirements for an RSE to request an application certificate.
Background and Strategic Fit
The RSE decides to request an application certificate from its preconfigured RA.
Having determined which RA to submit the request to, the RSE creates a request, signs it with the enrollment certificate, encrypts the signed request for the RA and sends it to the RA. The RA checks to make sure that the request is correct and authorized.
RSE will attempt to download the local certificate chain file (LCCF) and the local policy file (LPF) before submitting the request. Note that any EE should download the local policy file and local certificate chain file each time it connects to RA.
Assumptions
The RSE has successfully completed Use Case 12: RSE Bootstrapping (Manual).
Process Steps
- The RSE downloads the Local Policy File (LPF) and the Local Certificate Chain File (LCCF) using the API documented in RA - Download local policy file and RA - Download Local Certificate Chain File
- If there is an updated LCCF, the RSE applies all changes to its trust-store (necessary for PCA Certificate Validations)
- If there is an updated LPF, the RSE applies those changes
- The RSE creates the request, signs it with the enrollment certificate, encrypts the signed request to the RA and sends it to the RA using the API documented in RA - Request Application Certificate Provisioning
- The RA ensures that the certificate batch request is correct and authorized, before it starts Step 13.2: Generate RSE Application Certificate
Error Handling
- The RSE will abandon further interactions with the RA after a certain number of failed communication attempts result in errors.
Design
EE Request
The EE initiates the certificate request message in order to provide the RA with critical information (key parameters, current time, etc.) necessary for RSE application certificate generation. EE will send a certificate request message each time it requires a new certificate.
Security / Privacy
The Certificate Provisioning Request message shall use signing and encryption to ensure:
- The request has not been modified in transit
- The RA can verify the message came from the device
- The request is shared confidentially between the device and RA
The EE shall sign the request with the enrollment certificate. The EE shall also encrypt the request using the RA certificate and encapsulate in a 1609.2 frame of type encrypted.
Message Contents
The EE shall use the ASN.1 defined for creating the request certificate message, details can be found at RA - Request Application Certificate Provisioning. In order for a request to be validated by the RA, the EE shall include the following information in the certificate provisioning request message:
- Version
- EE enrollment certificate
- A signed certificate signature key (signed with enrollment certificate)
- A response encryption key that PCA would use to encrypt the issued certificate to EE
- Optionally: a certificate encryption key that PCA would include in the issued certificate
- Current device time: 32-bit denoting number of seconds since the Epoch (as defined in 1609.2)
- Requested certificate start time: 32-bit denoting number of seconds since the Epoch (as defined in 1609.2)
RA Response
The RA response to the certificate provisioning request message may be accept (indicated by a request acknowledgement) or reject (indicated by a HTTP 500). In case of reject, RA shall return error code "HTTP 500" to EEs. Specific error codes should be hidden from EEs and not provide useful information to malicious actors. The RA shall log the specific error for future investigation.
RA - EE Request Acknowledgement
The request acknowledge message is initiated by the RA in response to a certificate provisioning request message successfully received from the EE. If the EE request is received and processed without triggering an error (invalid signature, blacklisted, etc.), the RA processes the certificate request and begins certificate pre-generation. The request acknowledge message provides the EE with an URL and the time where and at which the first certificate batches will be available for download.
Security / Privacy
The request acknowledge message shall use signing and encryption to ensure:
- The request has not been modified in transit
- The device can verify that the message came from the RA
- The request is shared confidentially between the device and RA
The RA shall sign and encrypt the request acknowledge message using the RA certificate and encapsulate in a 1609.2 frame of type encrypted.
Message Contents
The RA shall use the ASN.1 defined for creating the request acknowledge message in RA - Request Application Certificate Provisioning and shall include the following information:
- Case: Certificate Provisioning Request Accept
- Version
- Low order 8-bytes of the SHA-256 hash of the encoded "ToBeSigned" certificate request from the device. Returns 0 if RA cannot calculate hash of the original request
- Time at which the first certificate file will be available for download (represented by IEEE 1609.2 Time32)
- URL of the certificate repository (common for all devices serviced by an specific RA)
- Case: Certificate Provisioning Request Reject
- HTTP-500 Error Code
EE Response
If the RA provides a positive acknowledgement (accept) to a certificate provisioning request, the EE moves forward with the certificate download process using the provided URL given in the acknowledge message.
If the EE does not receive an acknowledgement from the RA in response to the request within defined time, EE should retry. Several conditions may necessitate the EE sending the request more than once. This may be due to:
- Request lost in transit (no TCP ack)
- RA offline, unavailable or RA network address has changed (EE must query DNS for latest RA network information)
- EE possesses an invalid RA certificate and cannot establish secure communications
- EE received HTTP-500 Error Code
The EE should not attempt to transmit the Request Certificate message without completing the prerequisites.
ASN.1 Specification
-- (C) Copyright 2017, 2018 Crash Avoidance Metrics Partners LLC, VSC5 Consortium -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. -- ------------------------------------------------------------------------------- -- EE-RA -- -- The structures in this file define the protocol for messages between an -- EE (OBE or RSE) and the RA for the purposes of -- a) requesting and receiving the RA certificate in the event that the EE -- possess an expired or invalid RA certificate, as an alternative method -- to aquiring the RA certificate through the DCM, -- b) requesting a batch of pseudonym certificates, identity certificates -- or application certificates -- Both of these processes are initiated by the EE, possibly with the aid -- of a DCM. -- This file is part of the SCMS protocol developed by CAMP VSC5 -- It depends on the IEEE 1609.2 protocol specification ------------------------------------------------------------------------------- -- @namespace Ieee1609Dot2EndEntityRaInterface Ieee1609Dot2EndEntityRaInterface {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) ee-ra(8) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; IMPORTS EccP256CurvePoint, Hostname, HashedId8, PublicEncryptionKey, PublicVerificationKey, Time32, Uint8, GeographicRegion FROM IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2)} Certificate FROM IEEE1609dot2 {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) schema(1) major-version-2(2)} SecurityMgmtPsid FROM Ieee1609dot2ScmsBaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) base-types(2) major-version-2(2)} CompositeCrl FROM Ieee1609Dot2ScmsComponentCertificateManagement {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) component-certificate-management (3) major-version-2(2)} ; --- -- @brief The EndEntityRaInterfacePDU is the parent message type for messages -- sent between end entities and the Registration Authority. -- @class EndEntityRaInterfacePDU -- @param eeRaCertRequest contains a message from an EE -- to the RA to request a copy of -- the RA’s currently valid -- certificate. -- @param raEeCertResponse is a message from the RA to the -- EE as a response to -- EeRaCertRequest. -- @param eeRaPseudonymCertProvisioningRequest is a message from an EE to the -- RA to request pseudonym -- certificates. -- @param raEePseudonymCertProvisioningAck is a message from the RA to the -- EE to acknowledge the receipt -- of EeRaPseudonymCertProvisioningRequest. -- @param eeRaIdCertProvisioningRequest is a message from an EE to the -- RA to request an identification -- certificate. -- @param raEeIdCertProvisioningAck is a message from the RA to the -- EE to acknowledge the receipt -- of EeRaIdCertProvisioningRequest. -- @param eeRaAppCertProvisioningRequest is a message from an EE to the -- RA to request an application -- certificate. -- @param raEeAppCertProvisioningAck is a message from the RA to the -- EE to acknowledge the receipt -- of EeRaAppCertProvisioningRequest. -- @param eeRaAuthenticatedDownloadRequest is a message from an EE to the -- RA to request the download of -- certificates (once they are ready). EndEntityRaInterfacePDU::= CHOICE { eeRaCertRequest EeRaCertRequestMsg, raEeCertResponse RaEeCertResponseMsg, eeRaPseudonymCertProvisioningRequest EeRaPseudonymCertProvisioningRequest, raEePseudonymCertProvisioningAck RaEePseudonymCertProvisioningAck, eeRaIdCertProvisioningRequest EeRaIdCertProvisioningRequest, raEeIdCertProvisioningAck RaEeIdCertProvisioningAck, eeRaAppCertProvisioningRequest EeRaAppCertProvisioningRequest, raEeAppCertProvisioningAck RaEeAppCertProvisioningAck, eeRaAuthenticatedDownloadRequest AuthenticatedDownloadRequest, ... } --- -- @brief This message is sent from an EE to the RA to request the RAs -- currently valid certificate. -- @class EeRaCertRequestMsg -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- @see Uint8 EeRaCertRequestMsg ::= SEQUENCE { version Uint8(1), ... } --- -- @brief This message contains an acknowledgement from the RA to an EE's -- EeRaCertRequestMsg. -- @class RaEeCertResponseMsg -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- @param reply indicates the contents of the reply message. In this version -- of the document, only one choice option is supported, namely -- an acknowledgement (ack) of type RaEeCertResponseAck. -- @see Uint8 RaEeCertResponseMsg ::= SEQUENCE { version Uint8(1), reply CHOICE { ack RaEeCertResponseAck, ... }, ... } --- -- @brief This structure contains the RA's currently valid certificate and its -- Certificate Revocation List (CRL) -- @class RaEeCertResponseAck -- @param raCertificate contains the RA’s currently valid public key -- certificate as defined in Section 6.4.2 of IEEE -- 1609.2-2016 -- @param crl contains the Certificate Revocation List pertinent to -- the RA certificate. The Certificate Revocation List -- type is defined in Section 7.3 and 7.4.1 of IEEE -- 1609.2-2016 -- @see Certificate, CompositeCrl RaEeCertResponseAck ::= SEQUENCE { raCertificate Certificate, crl CompositeCrl, ... } --- -- @brief This structure defines the parameters (seed and expansion keys) -- required for butterfly key expansion. The RA generates caterpillar keys using a linear formula based on the -- two fields described in this structure. -- @class UnsignedButterflyParams -- @param seed-key contains the butterfly seed key -- @param expansion contains the expansion parameter needed to perform a -- Butterfly key expansion Butterfly expansion is described -- in https://wiki.campllc.org/display/SCP/SCP1%3A+Butterfly+Keys -- @see EccP256CurvePoint UnsignedButterflyParams ::= SEQUENCE { seed-key EccP256CurvePoint, expansion OCTET STRING (SIZE (16)) } --- -- @brief Identification certificate provisioning request sent by an EE (OBE) to the RA. -- These are signed and encrypted before sending, see scms-protocol.asn. Note that -- Identification certificates use Butterfly keys. -- @class EeRaIdCertProvisioningRequest -- @param version contains the current version of the data type. The -- version specified in this document is version 1. -- @param verify-key-info provides the information for the SCMS to generate -- and embed multiple ID certificate signature public -- keys, one for each ID certificate. -- @param cert-enc-key-info if included, provides the information for the SCMS -- to generate and embed multiple ID certificate -- optional encryption public keys, one for each ID -- certificate. -- @param resp-enc-key-info provides the information for SCMS to uniquely -- encrypt each ID certificate prior to responding to -- the EE. -- @param region indicates the operational region for the EE -- device. Describes a circular or rectangular -- region. Must be a sub-region of the region -- contained in the EE's enrollment certificate. -- @param common provides the structure for indicating the time of -- the request and the requested start time of the -- certificates. -- @param current-time indicates the time of request generation -- @see Uint8, Time32, UnsignedButterflyParams EeRaIdCertProvisioningRequest ::= SEQUENCE { version Uint8(1), verify-key-info UnsignedButterflyParams, cert-enc-key-info UnsignedButterflyParams OPTIONAL, resp-enc-key-info UnsignedButterflyParams, region GeographicRegion, current-time Time32, ... } --- -- @brief Application certificate provisioning request sent by an EE (RSE) to the RA. -- Similar to the EeRaIdCertProvisioningRequest defined above, except that -- butterfly keys are not used in this case. -- @class EeRaAppCertProvisioningRequest -- @param version contains the current version of the data -- type. The version specified in this -- document is version 1. -- @param verify-key provides the public key to be embedded in -- the application certificate. -- @param cert-encryption-key-info provides the discrete PublicEncryptionKey -- to be embedded in the application -- certificate for application encryption -- functions. -- @param resp-encryption-key provides the discrete PublicEncryptionKey -- to be used by the SCMS to encrypt the -- certificate response back to the EE. -- @param region indicates the operational region for the EE -- device. Describes a circular or rectangular -- region. Must be a sub-region of the region -- contained in the EE's enrollment certificate. -- @param common provides the structure for indicating the -- time of the request and the requested start -- time of the certificates. -- @param current-time indicates the time of request generation -- @param requested-start-time indicates the requested start time for the -- requested certificates to take effect (in terms -- of validity). -- @see Uint8, Time32 PublicVerificationKey, PublicEncryptionKey EeRaAppCertProvisioningRequest ::= SEQUENCE { version Uint8(1), verify-key PublicVerificationKey, cert-encryption-key PublicEncryptionKey OPTIONAL, response-encryption-key PublicEncryptionKey, region GeographicRegion, current-time Time32, requested-start-time Time32, ... } --- -- @brief Pseudonym certificate provisioning: Pseudonym certificates use -- butterfly keys. Unlike identification certificates, they are -- shuffled and include linkage values. This differentiation is visible -- in other interfaces only, in particular RA-PCA. -- @class EeRaPseudonymCertProvisioningRequest -- @param version contains the current version of the data type. The -- version specified in this document is version 1. -- @param verify-key-info provides the information for the SCMS to generate -- and embed multiple pseudonym certificate signature -- public keys, one for each ID certificate. -- @param resp-enc-key-info provides the information for the SCMS to uniquely -- encrypt each pseudonym certificate prior to -- responding to the EE. -- @param common provides the structure for indicating the time of -- the request and the requested start time of the -- certificates. -- @param current-time indicates the time of request generation -- @see Uint8, Time32, UnsignedButterflyParams EeRaPseudonymCertProvisioningRequest ::= SEQUENCE { version Uint8(1), verify-key-info UnsignedButterflyParams, resp-enc-key-info UnsignedButterflyParams, current-time Time32, ... } --- -- @brief This structure represents the acknowledgement of the RA that it has -- received an EE’s pseudonym certificate provisioning request. This -- message is signed and encrypted before sending to EE, see scms -- protocol.asn. -- @class RaEePseudonymCertProvisioningAck -- @param version contains the current version of the data type. The -- version specified this document is version 1. -- @param requestHash contains the hash of the original request, using the -- HashedId8 type as defined in 1609dot2-base-types.asn. -- @param reply indicates the contents of the reply message. In this -- version of the document, only one choice option is -- supported, namely an acknowledgement (ack) of type -- PseudonymCertProvisioningAck. -- @see Uint8, HashedId8 RaEePseudonymCertProvisioningAck ::= SEQUENCE { version Uint8(1), requestHash HashedId8, reply CHOICE { ack PseudonymCertProvisioningAck, ... }, ... } --- -- @brief This structure represents the acknowledgement of the RA that it has -- received an EE’s pseudonym certificate provisioning request. -- @class PseudonymCertProvisioningAck -- @param certDLTime contains the time at which the download of the generated -- certificates is available. -- @param certDLURL contains the URL at which the EE may download the -- pseudonym certificates at the indicated time. -- @see Time32, Hostname PseudonymCertProvisioningAck ::= SEQUENCE { certDLTime Time32, certDLURL Hostname, ... } --- -- @brief This structure represents the acknowledgement of the RA that it has -- received an EE's identity certificate provisioning request. -- @class RaEeIdCertProvisioningAck RaEeIdCertProvisioningAck ::= RaEePseudonymCertProvisioningAck --- -- @brief This structure represents the acknowledgement of the RA that it has -- received an EE's application certificate provisioning request. -- @class RaEeAppCertProvisioningAck RaEeAppCertProvisioningAck ::= RaEePseudonymCertProvisioningAck --- -- @brief This structure represents the EE’s request for download from the RA. -- The request indicates the time of the download request in addition -- to the requested filename. -- @class AuthenticatedDownloadRequest -- @param timestamp contains the time at which the download request for the -- file (filename) was generated. -- @param filename contains the name of the file to download. -- @see Time32 AuthenticatedDownloadRequest ::= SEQUENCE { timestamp Time32, filename UTF8String (SIZE(0..255)), ... } END
Attachments:
RequestRSEAppCertificates.png (image/png)
RequestRSEAppCertificates.png (image/png)
RequestRSEAppCertificates (application/drawio)