Goals

The goal of this use case is to define the messages and actions that allow a device to request new identification certificates from the RA.

Background and Strategic Fit

The OBE decides to request an identification certificate from its preconfigured RA. 

Having determined which RA to submit the request to, the OBE creates a request, signs it with the enrollment certificate, encrypts the signed request for the RA and sends it to the RA. The RA checks to make sure that the request is correct and authorized.

Assumptions

In order to facilitate the certificate request process, the following prerequisites should be met:

  • The OBE has successfully completed Use Case 2: Bootstrapping

Process Steps

  1. The OBE downloads the Local Policy File (LPF) and the Local Certificate Chain File (LCCF) by using the API documented in RA - Download local policy file and RA - Download Local Certificate Chain File
    1. If there is an updated LCCF, the OBE applies all changes to its trust-store (necessary for PCA Certificate Validations)
    2. If there is an updated LPF, the OBE applies those changes
  2. The OBE creates the request, signs it with the enrollment certificate, encrypts the signed request for the RA and sends it to the RA using the API documented RA - Request Identification Certificate Provisioning.
  3. The RA ensures that the request is correct and authorized before it starts with Step 19.2: OBE Identification Certificate Generation

Error Handling 

  1. The OBE will abandon further interactions with the RA after a certain number of failed communication attempts resulted in errors
  2. The OBE will not attempt to execute the certificate provisioning process if it finds itself on the latest CRL (assumes that a willful violator has not compromised the device). The OBE will need to execute the certification/bootstrap process again to exit a revoked state.

Design

Diagram showing OBE-RA Communication

OBE-RA Communication

EE Request

The EE initiates the Certificate Provisioning Request message in order to provide the RA with critical information (key parameters, current time, etc.) necessary for the OBE identification certificate generation. New devices may experience some delay between the initial request and the time the first certificate is available for download to accommodate provisioning processes such as certificate generation and certificate encryption. The RA will store information from the initial Certificate Provisioning Request message and use for ongoing certificate pre-generation until:

  • The device provides new parameters in a subsequent Certificate Provisioning Request
  • The device is blacklisted at the RA due to misbehavior or malfunction

The Certificate Provisioning Request message shall be sent once for each unique request. No subsequent Certificate Provisioning Request is necessary to acquire new certificates.

Security / Privacy

The Certificate Provisioning Request message shall use signing and encryption to ensure:

  • The request has not been modified in transit
  • The RA can verify the message came from the device
  • The request is shared confidentially between the device and RA

The EE shall sign the request with the Enrollment Certificate. The EE shall also encrypt the request using the RA certificate and encapsulate in a 1609.2 frame of type encrypted. 

Message Contents

The EE shall use the ASN.1 defined for creating the Request Certificate message, details can be found at RA - Identification Certificate Provisioning Request . In order for a request to be validated by the RA, the EE shall include the following information in the Certificate Provisioning Request message:

  • Version
  • EE enrollment certificate
  • Butterfly public seed / expansion function (see Butterfly key for details) parameters for:
    • Certificate signing key (signed with enrollment certificate)
    • Response encryption key (to encrypt the created certificate towards EE)
    • Optionally certificate encryption key 
  • Current device time: 32-bit denoting number of seconds since the Epoch (as defined in 1609.2)
  • Requested certificate start time: 32-bit denoting number of seconds since the Epoch (as defined in 1609.2)

RA Response

The RA response to the Certificate Provisioning Request message may be accept (indicated by a Request Acknowledgement) or reject (indicated by a HTTP 500). Specific error codes should be hidden from EEs to avoid providing useful information to malicious actors. RA shall log the specific error for future investigation.

RA - EE Request Acknowledgement

The Request Acknowledge message is initiated by the RA in response to a Certificate Provisioning Request message successfully received from the EE. If the EE request is received and processed without triggering an error (invalid signature, blacklisted, etc.) the RA processes the certificate request and begins certificate pre-generation. The Request Acknowledge message provides the EE with the URL and the time where and at which the first certificates batches will be available for download.

Security / Privacy

The Request Acknowledge message shall use signing and encryption to ensure:

  • The request has not been modified in transit
  • The device can verify the message came from the RA
  • The request is shared confidentially between the device and RA

The RA shall sign and encrypt the Request Acknowledge message using the RA certificate and encapsulate in a 1609.2 frame of type encrypted. 

Message Contents

The RA shall use the ASN.1 defined for creating the Request Acknowledge message, which can be found at RA - Identification Certificate Provisioning Request and shall include the following information:

  • Case: Certificate Provisioning Request Accept
    • Version
    • Low order 8-bytes of the SHA-256 hash of the encoded "ToBeSigned" certificate request from the device. Returns 0 if RA cannot calculate hash of the original request.
    • Time at which the first certificate batches will be available for download (represented by IEEE 1609.2 Time32)
    • URL of the certificate repository (common for all devices serviced by an specific RA) 
  • Case: Certificate Provisioning Request Reject
    • HTTP-500 Error Code

EE Response

If the RA provides a positive acknowledgement (accept) to a Certificate Provisioning Request, the EE moves forward with the certificate batch download process using the provided URL and time both given in the acknowledge message.

If the EE does not receive an acknowledgement from the RA in response to the request within the defined time, the EE should retry. Several conditions may necessitate the EE sending the request more than once. This may be due to:

  • Request lost in transit (no TCP ack)
  • RA offline, unavailable or the RA network address has changed (EE must query DNS for latest RA network information)
  • The EE possesses an invalid RA certificate and cannot establish secure communications
  • The EE received HTTP-500 Error Code

The EE should not attempt to transmit the Request Certificate message without having completed the prerequisites.

ASN.1 Specification

ee-ra.asn
master  SCMS/scms-asn
--  (C) Copyright 2017, 2018 Crash Avoidance Metrics Partners LLC, VSC5 Consortium
-- 
--  Licensed under the Apache License, Version 2.0 (the "License");
--  you may not use this file except in compliance with the License.
--  You may obtain a copy of the License at
--
--     http://www.apache.org/licenses/LICENSE-2.0
--
--  Unless required by applicable law or agreed to in writing, software
--  distributed under the License is distributed on an "AS IS" BASIS,
--  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
--  See the License for the specific language governing permissions and
--  limitations under the License.
--

-------------------------------------------------------------------------------
-- EE-RA 
--
-- The structures in this file define the protocol for messages between an
-- EE (OBE or RSE) and the RA for the purposes of 
-- a) requesting and receiving the RA certificate in the event that the EE 
-- possess an expired or invalid RA certificate, as an alternative method
-- to aquiring the RA certificate through the DCM,
-- b) requesting a batch of pseudonym certificates, identity certificates
-- or application certificates
-- Both of these processes are initiated by the EE, possibly with the aid
-- of a DCM.  
-- This file is part of the SCMS protocol developed by CAMP VSC5
-- It depends on the IEEE 1609.2 protocol specification
-------------------------------------------------------------------------------

-- @namespace Ieee1609Dot2EndEntityRaInterface
Ieee1609Dot2EndEntityRaInterface
{iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609)
dot2(2) scms(4) interfaces(1) ee-ra(8) major-version-2(2)}

DEFINITIONS AUTOMATIC TAGS ::= BEGIN

EXPORTS ALL;

IMPORTS
  EccP256CurvePoint,
  Hostname,
  HashedId8,
  PublicEncryptionKey,
  PublicVerificationKey,
  Time32,
  Uint8,
  GeographicRegion
FROM IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111)
    standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2)
    base(1) base-types(2) major-version-2(2)}

  Certificate
FROM IEEE1609dot2 {iso(1) identified-organization(3) ieee(111)
    standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2)
    base(1) schema(1) major-version-2(2)}

  SecurityMgmtPsid
FROM Ieee1609dot2ScmsBaseTypes {iso(1) identified-organization(3) ieee(111)
    standards-association-numbered-series-standards(2) wave-stds(1609)  dot2(2)
    scms(4) interfaces(1) base-types(2) major-version-2(2)}

  CompositeCrl
FROM Ieee1609Dot2ScmsComponentCertificateManagement {iso(1)
    identified-organization(3) ieee(111) standards-association-numbered-series-standards(2)
    wave-stds(1609) dot2(2) scms(4) interfaces(1) component-certificate-management (3) major-version-2(2)}

;

---
-- @brief The EndEntityRaInterfacePDU is the parent message type for messages 
--        sent between end entities and the Registration Authority.
-- @class EndEntityRaInterfacePDU
-- @param eeRaCertRequest                      contains a message from an EE 
--                                             to the RA to request a copy of
--                                             the RA’s currently valid
--                                             certificate.
-- @param raEeCertResponse                     is a message from the RA to the 
--                                             EE as a response to
--                                             EeRaCertRequest.
-- @param eeRaPseudonymCertProvisioningRequest is a message from an EE to the 
--                                             RA to request pseudonym
--                                             certificates.
-- @param raEePseudonymCertProvisioningAck     is a message from the RA to the 
--                                             EE to acknowledge the receipt
--                                             of EeRaPseudonymCertProvisioningRequest.
-- @param eeRaIdCertProvisioningRequest        is a message from an EE to the 
--                                             RA to request an identification
--                                             certificate.
-- @param raEeIdCertProvisioningAck            is a message from the RA to the 
--                                             EE to acknowledge the receipt
--                                             of EeRaIdCertProvisioningRequest.
-- @param eeRaAppCertProvisioningRequest       is a message from an EE to the 
--                                             RA to request an application
--                                             certificate.
-- @param raEeAppCertProvisioningAck           is a message from the RA to the 
--                                             EE to acknowledge the receipt
--                                             of EeRaAppCertProvisioningRequest.
-- @param eeRaAuthenticatedDownloadRequest     is a message from an EE to the 
--                                             RA to request the download of
--                                             certificates (once they are ready).
EndEntityRaInterfacePDU::= CHOICE {
    eeRaCertRequest                      EeRaCertRequestMsg,
    raEeCertResponse                     RaEeCertResponseMsg,
    eeRaPseudonymCertProvisioningRequest EeRaPseudonymCertProvisioningRequest,
    raEePseudonymCertProvisioningAck     RaEePseudonymCertProvisioningAck,
    eeRaIdCertProvisioningRequest        EeRaIdCertProvisioningRequest,
    raEeIdCertProvisioningAck            RaEeIdCertProvisioningAck,
    eeRaAppCertProvisioningRequest       EeRaAppCertProvisioningRequest,
    raEeAppCertProvisioningAck           RaEeAppCertProvisioningAck,
    eeRaAuthenticatedDownloadRequest     AuthenticatedDownloadRequest,
    ...
}

---
-- @brief This message is sent from an EE to the RA to request the RAs
--        currently valid certificate.
-- @class EeRaCertRequestMsg
-- @param version contains the current version of the data type. The version 
--                specified in this document is version 1, represented by the
--                integer 1.
-- @see Uint8
EeRaCertRequestMsg ::= SEQUENCE {
    version         Uint8(1),
    ...
}

---
-- @brief This message contains an acknowledgement from the RA to an EE's
--        EeRaCertRequestMsg.
-- @class RaEeCertResponseMsg
-- @param version contains the current version of the data type. The version 
--                specified in this document is version 1, represented by the
--                integer 1.
-- @param reply   indicates the contents of the reply message. In this version 
--                of the document, only one choice option is supported, namely 
--                an acknowledgement (ack) of type RaEeCertResponseAck.
-- @see Uint8
RaEeCertResponseMsg ::= SEQUENCE {
    version         Uint8(1),
  	reply           CHOICE {
        ack           RaEeCertResponseAck,
        ...
    },
    ...
}

---
-- @brief This structure contains the RA's currently valid certificate and its 
--        Certificate Revocation List (CRL)
-- @class RaEeCertResponseAck
-- @param raCertificate contains the RA’s currently valid public key 
--                      certificate as defined in Section 6.4.2 of IEEE
--                      1609.2-2016
-- @param crl           contains the Certificate Revocation List pertinent to 
--                      the RA certificate. The Certificate Revocation List 
--                      type is defined in Section 7.3 and 7.4.1 of IEEE
--                      1609.2-2016
-- @see Certificate, CompositeCrl
RaEeCertResponseAck ::= SEQUENCE {
    raCertificate   Certificate,
    crl             CompositeCrl,
    ...
}

---
-- @brief This structure defines the parameters (seed and expansion keys) 
--        required for butterfly key expansion. The RA generates caterpillar keys using a linear formula based on the
--        two fields described in this structure.
-- @class UnsignedButterflyParams
-- @param seed-key  contains the butterfly seed key
-- @param expansion contains the expansion parameter needed to perform a 
--                  Butterfly key expansion Butterfly expansion is described
--                  in https://wiki.campllc.org/display/SCP/SCP1%3A+Butterfly+Keys
-- @see EccP256CurvePoint
UnsignedButterflyParams ::= SEQUENCE {
    seed-key              EccP256CurvePoint,
    expansion             OCTET STRING (SIZE (16))
}

---
-- @brief Identification certificate provisioning request sent by an EE (OBE) to the RA.
--        These are signed and encrypted before sending, see scms-protocol.asn. Note that
--        Identification certificates use Butterfly keys.
-- @class EeRaIdCertProvisioningRequest
-- @param version           contains the current version of the data type. The 
--                          version specified in this document is version 1.
-- @param verify-key-info   provides the information for the SCMS to generate 
--                          and embed multiple ID certificate signature public
--                          keys, one for each ID certificate.
-- @param cert-enc-key-info if included, provides the information for the SCMS 
--                          to generate and embed multiple ID certificate 
--                          optional encryption public keys, one for each ID
--                          certificate.
-- @param resp-enc-key-info provides the information for SCMS to uniquely 
--                          encrypt each ID certificate prior to responding to
--                          the EE.
-- @param region            indicates the operational region for the EE
--                          device. Describes a circular or rectangular
--							region. Must be a sub-region of the region 
--							contained in the EE's enrollment certificate.
-- @param common            provides the structure for indicating the time of 
--                          the request and the requested start time of the
--                          certificates.
-- @param current-time      indicates the time of request generation
-- @see Uint8, Time32, UnsignedButterflyParams
EeRaIdCertProvisioningRequest ::= SEQUENCE {
    version                      Uint8(1),
    verify-key-info              UnsignedButterflyParams,
    cert-enc-key-info            UnsignedButterflyParams OPTIONAL,
    resp-enc-key-info            UnsignedButterflyParams,
	region                       GeographicRegion,
    current-time                 Time32,
    ...
}

---
-- @brief Application certificate provisioning request sent by an EE (RSE) to the RA.
--        Similar to the EeRaIdCertProvisioningRequest defined above, except that 
--        butterfly keys are not used in this case.
-- @class EeRaAppCertProvisioningRequest
-- @param version                  contains the current version of the data 
--                                 type. The version specified in this
--                                 document is version 1.
-- @param verify-key               provides the public key to be embedded in 
--                                 the application certificate.
-- @param cert-encryption-key-info provides the discrete PublicEncryptionKey 
--                                 to be embedded in the application
--                                 certificate for application encryption
--                                 functions.
-- @param resp-encryption-key      provides the discrete PublicEncryptionKey 
--                                 to be used by the SCMS to encrypt the
--                                 certificate response back to the EE.
-- @param region                   indicates the operational region for the EE
--                                 device. Describes a circular or rectangular
--								   region. Must be a sub-region of the region 
--								   contained in the EE's enrollment certificate.
-- @param common                   provides the structure for indicating the 
--                                 time of the request and the requested start
--                                 time of the certificates.
-- @param current-time             indicates the time of request generation
-- @param requested-start-time     indicates the requested start time for the 
--                                 requested certificates to take effect (in terms
--                                 of validity).
-- @see Uint8, Time32 PublicVerificationKey, PublicEncryptionKey
EeRaAppCertProvisioningRequest ::= SEQUENCE {
    version                 Uint8(1),
    verify-key              PublicVerificationKey,
    cert-encryption-key     PublicEncryptionKey OPTIONAL,
    response-encryption-key PublicEncryptionKey,
	region                  GeographicRegion,
    current-time            Time32,
    requested-start-time    Time32,
    ...
}

---
-- @brief Pseudonym certificate provisioning: Pseudonym certificates use 
--        butterfly keys. Unlike identification certificates, they are 
--        shuffled and include linkage values. This differentiation is visible
--        in other interfaces only, in particular RA-PCA.
-- @class EeRaPseudonymCertProvisioningRequest
-- @param version           contains the current version of the data type. The 
--                          version specified in this document is version 1.
-- @param verify-key-info   provides the information for the SCMS to generate 
--                          and embed multiple pseudonym certificate signature
--                          public keys, one for each ID certificate.
-- @param resp-enc-key-info provides the information for the SCMS to uniquely 
--                          encrypt each pseudonym certificate prior to
--                          responding to the EE.
-- @param common            provides the structure for indicating the time of 
--                          the request and the requested start time of the
--                          certificates.
-- @param current-time      indicates the time of request generation
-- @see Uint8, Time32, UnsignedButterflyParams
EeRaPseudonymCertProvisioningRequest ::= SEQUENCE {
    version                      Uint8(1),
    verify-key-info              UnsignedButterflyParams,
    resp-enc-key-info            UnsignedButterflyParams,
    current-time                 Time32,
    ...
}

---
-- @brief This structure represents the acknowledgement of the RA that it has 
--        received an EE’s pseudonym certificate provisioning request. This 
--        message is signed and encrypted before sending to EE, see scms
--        protocol.asn.
-- @class RaEePseudonymCertProvisioningAck
-- @param version     contains the current version of the data type. The 
--                    version specified this document is version 1.
-- @param requestHash contains the hash of the original request, using the 
--                    HashedId8 type as defined in 1609dot2-base-types.asn.
-- @param reply       indicates the contents of the reply message. In this 
--                    version of the document, only one choice option is 
--                    supported, namely an acknowledgement (ack) of type
--                    PseudonymCertProvisioningAck.
-- @see Uint8, HashedId8
RaEePseudonymCertProvisioningAck ::= SEQUENCE {
    version     Uint8(1),
    requestHash HashedId8,
    reply       CHOICE {
        ack        PseudonymCertProvisioningAck,
        ...
    },
    ...
}

---
-- @brief This structure represents the acknowledgement of the RA that it has 
--        received an EE’s pseudonym certificate provisioning request.
-- @class PseudonymCertProvisioningAck
-- @param certDLTime contains the time at which the download of the generated 
--                   certificates is available.
-- @param certDLURL  contains the URL at which the EE may download the 
--                   pseudonym certificates at the indicated time.
-- @see Time32, Hostname
PseudonymCertProvisioningAck ::= SEQUENCE {
    certDLTime       Time32,
    certDLURL        Hostname,
    ...
}

---
-- @brief This structure represents the acknowledgement of the RA that it has 
--        received an EE's identity certificate provisioning request.
-- @class RaEeIdCertProvisioningAck
RaEeIdCertProvisioningAck ::= RaEePseudonymCertProvisioningAck

---
-- @brief This structure represents the acknowledgement of the RA that it has 
--        received an EE's application certificate provisioning request.
-- @class RaEeAppCertProvisioningAck
RaEeAppCertProvisioningAck ::= RaEePseudonymCertProvisioningAck

---
-- @brief This structure represents the EE’s request for download from the RA. 
--        The request indicates the time of the download request in addition
--        to the requested filename.
-- @class AuthenticatedDownloadRequest
-- @param timestamp contains the time at which the download request for the 
--                  file (filename) was generated.
-- @param filename  contains the name of the file to download.
-- @see Time32
AuthenticatedDownloadRequest ::= SEQUENCE {
    timestamp      Time32,
    filename       UTF8String (SIZE(0..255)),
    ...
}

END

scms-protocol.asn
master  SCMS/scms-asn
--  (C) Copyright 2017, 2018 Crash Avoidance Metrics Partners LLC, VSC5 Consortium
-- 
--  Licensed under the Apache License, Version 2.0 (the "License");
--  you may not use this file except in compliance with the License.
--  You may obtain a copy of the License at
-- 
--     http://www.apache.org/licenses/LICENSE-2.0
-- 
--  Unless required by applicable law or agreed to in writing, software
--  distributed under the License is distributed on an "AS IS" BASIS,
--  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
--  See the License for the specific language governing permissions and
--  limitations under the License.
-- 

-------------------------------------------------------------------------------
-- SCMS-Protocol
--
-- Describes the high level messages exchanged between components in the SCMS
-- system. Each pair of communicating entities has a defined interface for
-- communication. Unsecured communication over these interfaces is encapsulated
-- in a series of Scoped messages. These Scoped messages can then be further
-- encapsulated as a Signed message, and further as a Secured message (i.e.,
-- a Scoped message that has been Signed and then Encrypted).
--
-- This file is part of the SCMS protocol developed by CAMP VSC5
-- It depends on the IEEE 1609.2 protocol specification
-------------------------------------------------------------------------------

-- @namespace IEEE1609dot2ScmsProtocol 
IEEE1609dot2ScmsProtocol {iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609)
dot2(2) scms(4) interfaces(1) protocol(1) major-version-2(2)}

DEFINITIONS AUTOMATIC TAGS ::= BEGIN

EXPORTS ALL;

IMPORTS
  HashAlgorithm,
  SequenceOfPsid,
  SequenceOfPsidSsp,
  Uint8,
  Uint16
FROM IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609)
dot2(2) base(1) base-types(2) major-version-2(2)}

  Certificate,
  Ieee1609Dot2Data,
  SequenceOfCertificate,
  Signature,
  SignerIdentifier
FROM IEEE1609dot2 {iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609)
dot2(2) base(1) schema(1) major-version-2(2)}

  MisbehaviorReportingPsid,
  SecurityMgmtPsid
FROM Ieee1609dot2ScmsBaseTypes {iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2)
scms(4) interfaces(1) base-types(2) major-version-2(2)}

  ScmsComponentCertificateManagementPDU
FROM Ieee1609Dot2ScmsComponentCertificateManagement
{iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609)
dot2(2) scms(4) interfaces(1) component-certificate-management(3) major-version-2(2)}

  EcaEndEntityInterfacePDU
FROM Ieee1609Dot2EcaEndEntityInterface
{iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609)
dot2(2) scms(4) interfaces(1) eca-ee(5) major-version-2(2)}

  EndEntityMaInterfacePDU
FROM Ieee1609Dot2EndEntityMaInterface
{iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609)
dot2(2) scms(4) interfaces(1) ee-ma(7) major-version-2(2)}

  EndEntityRaInterfacePDU
FROM Ieee1609Dot2EndEntityRaInterface
{iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609)
dot2(2) scms(4) interfaces(1) ee-ra(8) major-version-2(2)}

  LaMaInterfacePDU
FROM Ieee1609Dot2LaMaInterface
{iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609)
dot2(2) scms(4) interfaces(1) la-ma(9) major-version-2(2)}

  LaPcaInterfacePDU
FROM Ieee1609Dot2LaPcaInterface
{iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609)
dot2(2) scms(4) interfaces(1) la-pca(10) major-version-2(2)}

  LaRaInterfacePDU
FROM Ieee1609Dot2LaRaInterface
{iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609)
dot2(2) scms(4) interfaces(1) la-ra(11) major-version-2(2)}

  MaPcaInterfacePDU
FROM Ieee1609Dot2MaPcaInterface
{iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609)
dot2(2) scms(4) interfaces(1) ma-pca(13) major-version-2(2)}

  MaRaInterfacePDU
FROM Ieee1609Dot2MaRaInterface
{iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609)
dot2(2) scms(4) interfaces(1) ma-ra(14) major-version-2(2)}

  PcaRaInterfacePDU
FROM Ieee1609Dot2PcaRaInterface
{iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609)
dot2(2) scms(4) interfaces(1) pca-ra(15) major-version-2(2)}

  RaPgInterfacePDU
FROM Ieee1609Dot2RaPgInterface
{iso(1) identified-organization(3) ieee(111) 
standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2)
scms(4) interfaces(1) ra-pg(16) major-version-2(2)}

  CertificateChainFiles
FROM IEEE1609dot2-cert-chains {iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609)
dot2(2) base (1) cert-chains (4) major-version-2(2)}

  PolicyFiles
FROM Ieee1609dot2ScmsPolicyTypes {iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609)  dot2(2)
scms(4) interfaces(1) policy-types(500) major-version-2(2)}
;

---
-- @brief The ScmsPDU is the parent structure that encompasses all parent 
--        structures of interfaces defined in the SCMS.
-- @class ScmsPDU
-- @param version contains the current version of the data type. The version 
--                specified in this document is version 1, represented by the
--                integer 1.
-- @param content encloses the information of an SCMS interface.
-- @param ccm     contains the component certificate management interface
--                structure.
-- @param eca-ee  contains the interface structure defined for interaction 
--                between Enrollment Certificate Authority (ECA) and an End
--                Entity (EE).
-- @param ee-ma   contains the interface structure defined for interaction 
--                between an End Entity (EE) and Misbehavior Authority (MA).
-- @param ee-ra   contains the interface structure defined for interaction 
--                between an End Entity (EE) and Registration Authority (RA).
-- @param la-ma   contains the interface structure defined for interaction 
--                between Linkage Authority (LA) and Misbehavior Authority (MA).
-- @param la-pca  contains the interface structure defined for interaction 
--                between Linkage Authority (LA) and Pseudonym Certificate
--                Authority (PCA).
-- @param la-ra   contains the interface structure defined for interaction 
--                between Linkage Authority (LA) and Registration Authority (RA).
-- @param ma-pca  contains the interface st@ucture defined for interaction 
--                between Misbehavior Authority (MA) and Pseudonym Certificate
--                Authority (PCA).
-- @param ma-ra   contains the interface structure defined for interactions 
--                between Misbehavior Authority (MA) and Registration Authority
--                (RA).
-- @param pca-ra  contains the interface structure defined for interactions 
--                between Pseudonym Certificate Authority (PCA) and Registration
--                Authority (RA).
-- @param ra-pg   contains the interface structure defined for interactions 
--                between Registration Authority (RA) and Policy Generator (PG).
ScmsPDU ::= SEQUENCE {
  version  Uint8(1),
  content  CHOICE {
    ccm       ScmsComponentCertificateManagementPDU,
    eca-ee    EcaEndEntityInterfacePDU,
    ee-ma     EndEntityMaInterfacePDU,
    ee-ra     EndEntityRaInterfacePDU,
    la-ma     LaMaInterfacePDU,
    la-pca    LaPcaInterfacePDU,
    la-ra     LaRaInterfacePDU,
    ma-pca    MaPcaInterfacePDU,
    ma-ra     MaRaInterfacePDU,
    pca-ra    PcaRaInterfacePDU,
    ra-pg     RaPgInterfacePDU,
    ...
 }
}

---
-- @brief This is a collection structure designed for transferring certificate 
--        and policy files among SCMS entities.
-- @class ScmsFile
-- @param version    contains the current version of the data type. The 
--                   version specified in this document is version 1,
--                   represented by the integer 1.
-- @param content    encloses information of an SCMS file. 
-- @param cert-chain contains the chain of certificates through which the 
--                   necessary entities can be recursively verified.
-- @param policy     contains files that define policies about certificates 
--                   (e.g. certificate lifetimes)
ScmsFile ::= SEQUENCE {
  version Uint8(1),
  content CHOICE {
    cert-chain CertificateChainFiles,
    policy PolicyFiles,
    ...
  }
}

-- *************************************************************************
--
--             Scoped
--
-- *************************************************************************

-- *************************************************************************
--
--             EE-ECA (Scoped)
--
-- *************************************************************************

---
-- @brief This structure defines the EeEcaCertRequest as a scoped version of
--        the ScmsPDU.
-- @class ScopedEeEnrollmentCertRequest
ScopedEeEnrollmentCertRequest ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      eca-ee (WITH COMPONENTS {
        eeEcaCertRequest
      })
    })
 })

---
-- @brief This structure defines the EcaEeCertResponse as a scoped version of
--        the ScmsPDU.
-- @class ScopedEeEnrollmentCertResponse
ScopedEeEnrollmentCertResponse ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      eca-ee (WITH COMPONENTS {
        ecaEeCertResponse
      })
    })
 })

-- *************************************************************************
--
--             EE-MA (Scoped)
--
-- *************************************************************************

---
-- @brief This structure defines the MisbehaviorReport as a scoped version of
--        the ScmsPDU.
-- @class ScopedMisbehaviorReport
ScopedMisbehaviorReport ::=
  ScmsPDU (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      ee-ma (WITH COMPONENTS {
        misbehaviorReport
      })
    })
 })

-- *************************************************************************
--
--             EE-RA (Scoped)
--
-- *************************************************************************

---
-- @brief This structure defines the EeRaCertRequest as a scoped version of the
--        ScmsPDU.
-- @class ScopedEeRaCertRequest
ScopedEeRaCertRequest ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      ee-ra (WITH COMPONENTS {
        eeRaCertRequest
      })
    })
 })

---
-- @brief This structure defines the RaEeCertResponse as a scoped version of
--        the ScmsPDU.
-- @class ScopedRaEeCertResponse
ScopedRaEeCertResponse ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      ee-ra (WITH COMPONENTS {
        raEeCertResponse
      })
    })
 })

---
-- @brief This structure defines the EeRaPseudonymCertProvisioningRequest as a
--        scoped version of the ScmsPDU.
-- @class ScopedPseudonymCertProvisioningRequest
ScopedPseudonymCertProvisioningRequest ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      ee-ra (WITH COMPONENTS {
        eeRaPseudonymCertProvisioningRequest
      })
    })
  })

---
-- @brief This structure defines the RaEePseudonymCertProvisioningAck as a 
--        scoped version of the ScmsPDU.
-- @class ScopedPseudonymCertProvisioningAck
ScopedPseudonymCertProvisioningAck ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      ee-ra (WITH COMPONENTS {
        raEePseudonymCertProvisioningAck
      })
    })
  })

---
-- @brief This structure defines the EeRaIdCertProvisioningRequest as a scoped
--        version of the ScmsPDU.
-- @class ScopedIdCertProvisioningRequest
ScopedIdCertProvisioningRequest ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      ee-ra (WITH COMPONENTS {
        eeRaIdCertProvisioningRequest
      })
    })
  })

---
-- @brief This structure defines the RaEeIdCertProvisioningAck as a scoped 
--        version of the ScmsPDU. 
-- @class ScopedIdCertProvisioningAck
ScopedIdCertProvisioningAck ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      ee-ra (WITH COMPONENTS {
        raEeIdCertProvisioningAck
      })
    })
  })

---
-- @brief This structure defines the EeRaAppCertProvisioningRequest as a 
--        scoped version of the ScmsPDU.
-- @class ScopedAppCertProvisioningRequest
ScopedAppCertProvisioningRequest ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      ee-ra (WITH COMPONENTS {
        eeRaAppCertProvisioningRequest
      })
    })
  })

---
-- @brief This structure defines the RaEeAppCertProvisioningAck as a scoped 
--        version of the ScmsPDU.
-- @class ScopedAppCertProvisioningAck
ScopedAppCertProvisioningAck ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      ee-ra (WITH COMPONENTS {
        raEeAppCertProvisioningAck
      })
    })
  })

---
-- @brief This structure defines the GlobalCertificateChainFile as a scoped 
--        version of the ScmsPDU.
-- @class ScopedGlobalCertificateChainFile
ScopedGlobalCertificateChainFile ::=
  ScmsFile (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      cert-chain( WITH COMPONENTS {
        globalCertificateChainFile
       })
    })
  })

---
-- @brief This structure defines the LocalCertificateChainFile as a scoped 
--        version of the ScmsPDU.
-- @class ScopedLocalCertificateChainFile
ScopedLocalCertificateChainFile ::=
  ScmsFile (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      cert-chain( WITH COMPONENTS {
        localCertificateChainFile
      })
    })
  })

---
-- @brief This structure defines the GlobalPolicyFile as a scoped version of 
--        the ScmsPDU.
-- @class ScopedGlobalPolicyFile
ScopedGlobalPolicyFile ::=
  ScmsFile (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      policy( WITH COMPONENTS {
        globalPolicyFile
      })
    })
  })

---
-- @brief This structure defines the LocalPolicyFile as a scoped version of 
--        the ScmsPDU.
-- @class ScopedLocalPolicyFile
ScopedLocalPolicyFile ::=
  ScmsFile (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      policy( WITH COMPONENTS {
        localPolicyFile
      })
    })
  })

---
-- @brief This structure defines the EeRaAuthenticatedDownloadRequest as a 
--        scoped version of the ScmsPDU.
-- @class ScopedAuthenticatedDownloadRequest
ScopedAuthenticatedDownloadRequest ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      ee-ra (WITH COMPONENTS {
        eeRaAuthenticatedDownloadRequest
      })
    })
  })

-- *************************************************************************
--
--             LA-MA (Scoped)
--
-- *************************************************************************

---
-- @brief This structure defines the MaLaLinkageInfoRequest as a scoped 
--        version of the ScmsPDU.
-- @class ScopedLIRequest
ScopedLIRequest ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      la-ma (WITH COMPONENTS {
        maLaLinkageInfoRequest
      })
    })
  })

---
-- @brief This structure defines the LaMaLinkageInfoResponse as a scoped 
--        version of the ScmsPDU.
-- @class ScopedLIReply
ScopedLIReply ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      la-ma (WITH COMPONENTS {
        laMaLinkageInfoResponse
      })
    })
  })

---
-- @brief This structure defines the MaLaLinkageSeedRequest as a scoped 
--        version of the ScmsPDU.
-- @class ScopedLSRequest
ScopedLSRequest ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      la-ma (WITH COMPONENTS {
        maLaLinkageSeedRequest
      })
    })
  })

---
-- @brief This structure defines the LaMaLinkageSeedResponse as a scoped 
--        version of the ScmsPDU.
-- @class ScopedLSReply
ScopedLSReply ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      la-ma (WITH COMPONENTS {
        laMaLinkageSeedResponse
      })
    })
  })

-- *************************************************************************
--
--             LA-PCA (Scoped)
--
-- *************************************************************************

---
-- @brief This structure defines the PcaLaKeyAgreementRequest as a scoped 
--        version of the ScmsPDU.
-- @class ScopedPcaLaKeyAgreementRequest
ScopedPcaLaKeyAgreementRequest ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      la-pca (WITH COMPONENTS {
        pcaLaKeyAgreementRequest
      })
    })
  })

---
-- @brief This structure defines the LaPcaKeyAgreementResponse as a scoped 
--        version of the ScmsPDU.
-- @class ScopedLaPcaKeyAgreementResponse
ScopedLaPcaKeyAgreementResponse ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      la-pca (WITH COMPONENTS {
        laPcaKeyAgreementResponse
      })
    })
  })

---
-- @brief This structure defines the PcaLaKeyAgreementAck as a scoped version 
--        of the ScmsPDU.
-- @class ScopedPcaLaKeyAgreementAck
ScopedPcaLaKeyAgreementAck ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      la-pca (WITH COMPONENTS {
        pcaLaKeyAgreementAck
      })
    })
  })

-- *************************************************************************
--
--             LA-RA (Scoped)
--
-- *************************************************************************

---
-- @brief This structure defines the RaLaIndividualPreLinkageValueRequest as a 
--        scoped version of the ScmsPDU.
-- @class ScopedRaLaIndividualPreLinkageValueRequest
ScopedRaLaIndividualPreLinkageValueRequest ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      la-ra (WITH COMPONENTS {
        raLaIndividualPreLinkageValueRequest
      })
    })
  })

---
-- @brief This structure defines the RaLaGroupPreLinkageValueRequest as a 
--        scoped version of the ScmsPDU.
-- @class ScopedRaLaGroupPreLinkageValueRequest
ScopedRaLaGroupPreLinkageValueRequest ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      la-ra (WITH COMPONENTS {
        raLaGroupPreLinkageValueRequest
      })
    })
  })


---
-- @brief This structure defines the LaRaPreLinkageValueResponse as a scoped 
--        version of the ScmsPDU.
-- @class ScopedLaRaPreLinkageValueResponse
ScopedLaRaPreLinkageValueResponse ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      la-ra (WITH COMPONENTS {
        laRaPreLinkageValueResponse
      })
    })
  })

-- *************************************************************************
--
--             MA-PCA (Scoped)
--
-- *************************************************************************

---
-- @brief This structure defines the MaPcaPreLinkageValueRequest as a scoped 
--        version of the ScmsPDU.
-- @class ScopedMaPcaPreLinkageValueRequest
ScopedMaPcaPreLinkageValueRequest ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      ma-pca (WITH COMPONENTS {
        maPcaPreLinkageValueRequest
      })
    })
  })


---
-- @brief This structure defines the PcaMaPreLinkageValueResponse as a scoped 
--        version of the ScmsPDU.
-- @class ScopedPcaMaPreLinkageValueResponse
ScopedPcaMaPreLinkageValueResponse ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      ma-pca (WITH COMPONENTS {
        pcaMaPreLinkageValueResponse
      })
    })
  })


---
-- @brief This structure defines the MaPcaHPCRRequest as a scoped version of 
--        the ScmsPDU.
-- @class ScopedMaPcaHPCRRequest
ScopedMaPcaHPCRRequest ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      ma-pca (WITH COMPONENTS {
        maPcaHPCRRequest
      })
    })
  })


---
-- @brief This structure defines the PcaMaHPCRResponse as a scoped version of 
--        the ScmsPDU.
-- @class ScopedPcaMaHPCRResponse
ScopedPcaMaHPCRResponse ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      ma-pca (WITH COMPONENTS {
        pcaMaHPCRResponse
      })
    })
  })

-- *************************************************************************
--
--             MA-RA (Scoped)
--
-- *************************************************************************

---
-- @brief This structure defines the MaRaBlacklistRequest as a scoped version 
--        of the ScmsPDU.
-- @class ScopedBlacklistRequest
ScopedBlacklistRequest ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      ma-ra (WITH COMPONENTS {
        maRaBlacklistRequest
      })
    })
  })

---
-- @brief This structure defines the RaMaBlacklistResponse as a scoped version 
--        of the ScmsPDU.
-- @class ScopedBlacklistResponse
ScopedBlacklistResponse ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      ma-ra (WITH COMPONENTS {
        raMaBlacklistResponse
      })
    })
  })

---
-- @brief This structure defines the MaRaLCIRequest as a scoped version of the 
--        ScmsPDU.
-- @class ScopedLCIRequest
ScopedLCIRequest ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      ma-ra (WITH COMPONENTS {
        maRaLCIRequest
      })
    })
  })

---
-- @brief This structure defines the RaMaLCIResponse as a scoped version of 
--        the ScmsPDU.
-- @class ScopedLCIResponse
ScopedLCIResponse ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      ma-ra (WITH COMPONENTS {
        raMaLCIResponse
      })
    })
  })

---
-- @brief This structure defines the MaRaRseObeIdBlacklistRequest as a scoped 
--        version of the ScmsPDU.
-- @class ScopedRseObeIdBlacklistRequest
ScopedRseObeIdBlacklistRequest ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      ma-ra (WITH COMPONENTS {
        maRaRseObeIdBlacklistRequest
      })
    })
  })

---
-- @brief This structure defines the RaMaRseObeIdBlacklistResponse as a scoped 
--        version of the ScmsPDU.
-- @class ScopedRseObeIdBlacklistResponse
ScopedRseObeIdBlacklistResponse ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      ma-ra (WITH COMPONENTS {
        raMaRseObeIdBlacklistResponse
      })
    })
  })

-- *************************************************************************
--
--             PCA-RA (Scoped)
--
-- *************************************************************************

---
-- @brief This structure defines the RaPcaCertRequest as a scoped version of 
--        the ScmsPDU.
-- @class ScopedRaPcaCertificateRequest
ScopedRaPcaCertificateRequest ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      pca-ra (WITH COMPONENTS {
        raPcaCertRequest
      })
    })
  })


---
-- @brief This structure defines the PcaRaCertResponse as a scoped version of 
--        the ScmsPDU.
-- @class ScopedPcaRaCertificateRequestReply
ScopedPcaRaCertificateRequestReply ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      pca-ra (WITH COMPONENTS {
        pcaRaCertResponse
      })
    })
  })

-- *************************************************************************
--
--             RA-PG (Scoped)
--
-- *************************************************************************

---
-- @brief This structure defines the RaPgPolicySignatureRequest as a scoped 
--        version of the ScmsPDU.
-- @class ScopedRaPgPolicySignatureRequest
ScopedRaPgPolicySignatureRequest ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      ra-pg (WITH COMPONENTS {
        raPgPolicySignatureRequest
      })
    })
  })


---
-- @brief This structure defines the RaPgPolicySignatureRequestReply as a 
--        scoped version of the ScmsPDU.
-- @class ScopedRaPgPolicySignatureRequestReply
ScopedRaPgPolicySignatureRequestReply ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      ra-pg (WITH COMPONENTS {
        raPgPolicySignatureRequestReply
      })
    })
  })

  
-- *** Scoped certificate requests   **************************************

---
-- @brief This structure defines the all certificate requests messages as 
--        scoped version of the ScmsPDU.
-- @class ScopedCertificateRequest
ScopedCertificateRequest ::= ScmsPDU (
     ScopedEeRaCertRequest |
     ScopedEeEnrollmentCertRequest |
     ScopedPseudonymCertProvisioningRequest |
     ScopedIdCertProvisioningRequest  |
     ScopedAppCertProvisioningRequest  |
     ScopedRaPcaCertificateRequest |
     ScopedAuthenticatedDownloadRequest
)


--*************************************************************************
--
--  Certificate Request
--
--**********************************************************************

---
-- @brief This structure defines the a format of a signed certificate 
--        request.
-- @class SignedCertificateRequest
-- @param hashId     is the hash of the current request.
-- @param tbsRequest contains the certificate request information that
--                   is signed by the recipient.
-- @param signer     denotes the signing entity's identifier.
-- @param signature  contains the request sender's signature.
  SignedCertificateRequest ::= SEQUENCE  {
    hashId          HashAlgorithm,
    tbsRequest      ScopedCertificateRequest,
    signer          SignerIdentifier,
    signature       Signature
  }



-- *************************************************************************
-- *************************************************************************
--
--             Secured
--
-- *************************************************************************
-- *************************************************************************
---
-- @brief This structure contains either secured (encrypted) or unsecured
--        (plaintext) data as per need. It follows the same structure defined
--        for Ieee1609Dot2Data in 1609dot2-schema.asn.
-- Each of the Scoped messages defined above has a corresponding secured
-- version. Each secured PDU is an Ieee1609dot2Data whose content is either
-- signed data or encrypted data. 
-- 
-- A Signed*** PDU has content of type SignedData or SignedCertificateRequest
--
-- A Secured*** PDU has content of type EncryptedData which decrypts to
-- the corresponding Signed*** PDU (with a few exceptions).
-- @class SecuredScmsPDU
SecuredScmsPDU ::= Ieee1609Dot2Data

-- *************************************************************************
--
--             EE-ECA (Secured)
--
-- *************************************************************************

---
-- @brief This structure contains the ScopedEeEnrollmentCertRequest which 
--        encloses the EeEcaCertRequest. EE sends this message to the ECA to 
--        request enrollment certificates for itself. EE signs this message 
--        using its private key generated during bootstrapping.
-- @class SignedEeEnrollmentCertRequest
-- @param content contains an EEs enrollment certificate request and the EEs
--        self signature.
-- @see EeEcaCertRequest 
SignedEeEnrollmentCertRequest ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    signedCertificateRequest  (CONTAINING
      SignedCertificateRequest (WITH COMPONENTS {...,
        tbsRequest (ScopedEeEnrollmentCertRequest),
        signer (WITH COMPONENTS {
          self
        })
      })
    )
  })
})

---
-- @brief This structure contains the ScopedEeEnrollmentCertResponse which 
--        encloses the EcaEeCertResponse. ECA responds on an EE's 
--        SignedEeEnrollmentCertRequest using this message. ECA signs this 
--        message using its private key corresponding to its EcaCertificate.
-- @class SignedEeEnrollmentCertResponse
-- @param content contains the ScopedEeEnrollmentCertResponse.
-- @see EcaEeCertResponse, EcaCertificate
SignedEeEnrollmentCertResponse ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    signedData  (WITH COMPONENTS {...,
      tbsData (WITH COMPONENTS {...,
        payload (WITH COMPONENTS {...,
          data (WITH COMPONENTS {...,
             content (WITH COMPONENTS {
                unsecuredData (CONTAINING ScopedEeEnrollmentCertResponse)
            })
          })
        }),
        headerInfo (WITH COMPONENTS {...,
          psid (SecurityMgmtPsid),
          generationTime ABSENT,
          expiryTime ABSENT,
          generationLocation ABSENT,
          p2pcdLearningRequest ABSENT,
          missingCrlIdentifier ABSENT,
          encryptionKey ABSENT
        })
      })
    })
  })
})

-- *************************************************************************
--
--             EE-MA (Secured)
--
-- *************************************************************************

---
-- @brief This structure contains SignedMisbehaviorReport and is sent by an EE 
--        to MA through RA. EE sends this misbehavior reports to MA using 
--        using structure. EE encrypts this message using MA's public key from 
--        MaCertificate that it obtains during bootstrapping.
-- @class SecuredMisbehaviorReport
-- @param content contains the encrypted misbehavior reports generated by an
--                EE; decrypts to a SignedMisbehaviorReport.
-- @see   MisbehaviorReportContents, MaCertificate  
SecuredMisbehaviorReport ::= SecuredScmsPDU(WITH COMPONENTS {...,
  content(WITH COMPONENTS {...,
    encryptedData 
  })
})

---
-- @brief This structure contains the misbehavior reports generated by an EE 
--        and sent to the RA. The RA forwards this message to the MA in the 
--        form of SecuredMisbehaviorReport. The reporting EE signs this message
--        using its private key corresponding to its active
--        ObePseudonymCertificate.
-- @class SignedMisbehaviorReport, ObePseudonymCertificate
-- @param content contains the misbehavior report in the form of 
--                ScopedMisbehaviorReport generated by the reporting EE.
-- @see   MisbehaviorReportContents
SignedMisbehaviorReport ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    signedData  (WITH COMPONENTS {...,
      tbsData (WITH COMPONENTS {...,
        payload (WITH COMPONENTS {...,
          data (WITH COMPONENTS {...,
             content (WITH COMPONENTS {
                unsecuredData (CONTAINING ScopedMisbehaviorReport)
            })
          })
        }),
        headerInfo (WITH COMPONENTS {...,
          psid (MisbehaviorReportingPsid),
          generationTime PRESENT,
          expiryTime ABSENT,
          generationLocation PRESENT,
          p2pcdLearningRequest ABSENT,
          missingCrlIdentifier ABSENT,
          encryptionKey ABSENT
        })
      }),
      signer (WITH COMPONENTS {...,
		certificate (SequenceOfCertificate (SIZE(1)))
	  })
    })
  })
})

-- *************************************************************************
--
--             EE-RA (Secured)
--
-- *************************************************************************

---
-- @brief This structure contains the encrypted ScopedEeRaCertRequest which 
--        contains the EeRaCertRequestMsg. EE sends this message to RA to 
--        request RA's currently active RaCertificate. EE encrypts this message 
--        using the  RA's public key obtained from RaCertificate. If EE 
--        requests RA's certificate for the first time, it will encrypt using
--        the key obtained at the time of device bootstrapping.
-- @class SecuredRACertRequest
-- @param content contains the ScopedEeRaCertRequest.
-- @see   EeRaCertRequestMsg, RaCertificate
SecuredRACertRequest ::= SecuredScmsPDU (WITH COMPONENTS {...,
    content (WITH COMPONENTS {...,
      unsecuredData (CONTAINING ScopedEeRaCertRequest)
    })
  })

---
-- @brief This structure contains the ScopedPseudonymCertProvisioningRequest 
--        which contains the EeRaPseudonymCertProvisioningRequest structure. 
--        EE sends this message to PCA through RA to request 
--        ObePseudonymCertificate. EE signs this message using its private key
--        corresponding to its ObeEnrollmentCertificate and encrypts it to RA.
-- @class SignedPseudonymCertProvisioningRequest
-- @param content contains the pseudonym certificate provisioning request and 
--        requesting EE's ObeEnrollmentCertificate.
-- @see EeRaPseudonymCertProvisioningRequest, ObePseudonymCertificate,
--      ObeEnrollmentCertificate 
SignedPseudonymCertProvisioningRequest ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    signedCertificateRequest  (CONTAINING
      SignedCertificateRequest (WITH COMPONENTS {...,
        tbsRequest (ScopedPseudonymCertProvisioningRequest),
        signer (WITH COMPONENTS {
          certificate (SequenceOfCertificate (SIZE(1)))
        })
      })
    )
  })
})

---
-- @brief This structure contains SignedPseudonymCertProvisioningRequest 
--        generated by the requesting EE and sent to the RA. The RA forwards 
--        this request to the PCA. EE encrypts this message using PCA's public
--        key obtained during device bootstrapping.
-- @class SecuredPseudonymCertProvisioningRequest
-- @param content contains the encrypted pseudonym certificate provisioning 
--                request generated by an EE; decrypts to a
--                SignedPseudonymCertProvisioningRequest.
-- @see   EeRaPseudonymCertProvisioningRequest 
SecuredPseudonymCertProvisioningRequest ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    encryptedData
  })
})

---
-- @brief This structure contains ScopedPseudonymCertProvisioningAck which 
--        contains RaEePseudonymCertProvisioningAck. RA acknowledges receipt 
--        of an EE's SignedPseudonymCertProvisioningRequest using this 
--        structure. RA signs this message using its private key corresponding 
--        to its RaCertificate.
-- @class SignedPseudonymCertProvisioningAck
-- @param content contains the ScopedPseudonymCertProvisioningAck.
-- @see RaEePseudonymCertProvisioningAck, RaCertificate
SignedPseudonymCertProvisioningAck ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    signedData  (WITH COMPONENTS {...,
      tbsData (WITH COMPONENTS {...,
        payload (WITH COMPONENTS {...,
          data (WITH COMPONENTS {...,
             content (WITH COMPONENTS {
                unsecuredData (CONTAINING ScopedPseudonymCertProvisioningAck)
            })
          })
        }),
        headerInfo (WITH COMPONENTS {...,
          psid (SecurityMgmtPsid),
          generationTime ABSENT,
          expiryTime ABSENT,
          generationLocation ABSENT,
          p2pcdLearningRequest ABSENT,
          missingCrlIdentifier ABSENT,
          encryptionKey ABSENT
        })
      })
    })
  })
})

---
-- @brief This structure contains the ScopedIdCertProvisioningRequest 
--        which contains the EeRaIdCertProvisioningRequest structure. 
--        EE signs this message using its private key corresponding to its
--        ObeEnrollmentCertificate, encrypts and sends it to RA to request 
--        provisioning of ID certificates.
-- @class SignedIdCertProvisioningRequest
-- @param content contains the pseudonym certificate provisioning request and 
--        requesting EE's enrollment certificate.
-- @see   EeRaIdCertProvisioningRequest, ObeEnrollmentCertificate 
SignedIdCertProvisioningRequest ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    signedCertificateRequest  (CONTAINING
      SignedCertificateRequest (WITH COMPONENTS {...,
        tbsRequest (ScopedIdCertProvisioningRequest),
        signer (WITH COMPONENTS {
          certificate (SequenceOfCertificate (SIZE(1)))
        })
      })
    )
  })
})

---
-- @brief This structure contains SignedIdCertProvisioningRequest 
--        generated by the requesting EE and sent to the RA. The RA forwards 
--        this request to the PCA. EE encrypts this message using PCA's public
--        key obtained during device bootstrapping.
-- @class SecuredIdCertProvisioningRequest
-- @param content contains the encrypted pseudonym certificate provisioning 
--                request generated by an EE; decrypts to a
--                SignedIdCertProvisioningRequest.
-- @see EeRaIdCertProvisioningRequest 
SecuredIdCertProvisioningRequest ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    encryptedData 
  })
})

---
-- @brief This structure contains the ScopedIdCertProvisioningAck which 
--        contains the RaEeIdCertProvisioningAck. RA signs this message using 
--        its private key corresponding to its RaCertificate. RA sends this 
--        message to an EE in the form of SecuredIdCertProvisioningAck. 
-- @class SignedIdCertProvisioningAck
-- @param content contains the ScopedIdCertProvisioningAck which encloses the
--                RaEeIdCertProvisioningAck.
-- @see   RaEeIdCertProvisioningAck, RaCertificate
SignedIdCertProvisioningAck ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    signedData  (WITH COMPONENTS {...,
      tbsData (WITH COMPONENTS {...,
        payload (WITH COMPONENTS {...,
          data (WITH COMPONENTS {...,
             content (WITH COMPONENTS {
                unsecuredData (CONTAINING ScopedIdCertProvisioningAck)
            })
          })
        }),
        headerInfo (WITH COMPONENTS {...,
          psid (SecurityMgmtPsid),
          generationTime ABSENT,
          expiryTime ABSENT,
          generationLocation ABSENT,
          p2pcdLearningRequest ABSENT,
          missingCrlIdentifier ABSENT,
          encryptionKey ABSENT
        })
      })
    })
  })
})

---
-- @brief This structure contains the ScopedAppCertProvisioningRequest 
--        which contains the EeRaAppCertProvisioningRequest structure. 
--        EE signs this message using its private key corresponding to its
--        ObeEnrollmentCertificate.
-- @class SignedAppCertProvisioningRequest
-- @param content contains the pseudonym certificate provisioning request and 
--        requesting EE's enrollment certificate.
-- @see EeRaAppCertProvisioningRequest 
SignedAppCertProvisioningRequest ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    signedCertificateRequest  (CONTAINING
      SignedCertificateRequest (WITH COMPONENTS {...,
        tbsRequest (ScopedAppCertProvisioningRequest),
        signer (WITH COMPONENTS {
          certificate (SequenceOfCertificate (SIZE(1)))
        })
      })
    )
  })
})

---
-- @brief This structure contains SignedAppCertProvisioningRequest 
--        generated by the requesting EE and sent to the RA. The RA forwards 
--        this request to the PCA. EE encrypts this message using PCA's public
--        key obtained during device bootstrapping.
-- @class SecuredAppCertProvisioningRequest
-- @param content contains the encrypted pseudonym certificate provisioning 
--                request generated by an EE; decrypts to a
--                SignedAppCertProvisioningRequest.
-- @see EeRaAppCertProvisioningRequest 
SecuredAppCertProvisioningRequest ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    encryptedData
  })
})

---
-- @brief This structure contains the ScopedAppCertProvisioningAck which 
--        contains the RaEeAppCertProvisioningAck. RA signs this message using 
--        its private key corresponding to its RaCertificate. RA sends this 
--        message to an EE in the form of SecuredAppCertProvisioningAck. 
-- @class SignedAppCertProvisioningAck
-- @param content contains the ScopedAppCertProvisioningAck which encloses the
--                RaEeAppCertProvisioningAck.
-- @see RaEeAppCertProvisioningAck, RaCertificate
SignedAppCertProvisioningAck ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    signedData  (WITH COMPONENTS {...,
      tbsData (WITH COMPONENTS {...,
        payload (WITH COMPONENTS {...,
          data (WITH COMPONENTS {...,
             content (WITH COMPONENTS {
                unsecuredData (CONTAINING ScopedAppCertProvisioningAck)
            })
          })
        }),
        headerInfo (WITH COMPONENTS {...,
          psid (SecurityMgmtPsid),
          generationTime ABSENT,
          expiryTime ABSENT,
          generationLocation ABSENT,
          p2pcdLearningRequest ABSENT,
          missingCrlIdentifier ABSENT,
          encryptionKey ABSENT
        })
      })
    })
  })
})

---
-- @brief This structure contains the ScopedAuthenticatedDownloadRequest which 
--        contains the AuthenticatedDownloadRequest. EE signs this message 
--        using its private key corresponding to its ObeEnrollmentCertificate. 
--        EE sends this message to RA in the form of
--        SecuredAuthenticatedDownloadRequest.
-- @class SignedAuthenticatedDownloadRequest
-- @param content contains the authenticated download request and EE's
--                enrollment certificate.
-- @see AuthenticatedDownloadRequest, ObeEnrollmentCertificate
SignedAuthenticatedDownloadRequest ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    signedCertificateRequest  (CONTAINING
      SignedCertificateRequest (WITH COMPONENTS {...,
        tbsRequest (ScopedAuthenticatedDownloadRequest),
        signer (WITH COMPONENTS {
          certificate (SequenceOfCertificate (SIZE(1)))
        })
      })
    )
  })
})

---
-- @brief This structure contains the SignedAuthenticatedDownloadRequest and 
--        is sent by an EE to the RA. EE encrypts this message using RA's 
--        public key obtained at device bootstrapping.
-- @class SecuredAuthenticatedDownloadRequest
-- @param content contains the authenticated download request signed by an EE; 
--                decrypts to SignedAuthenticatedDownloadRequest.
-- @see AuthenticatedDownloadRequest
SecuredAuthenticatedDownloadRequest  ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    encryptedData
  })
})

---
-- @brief This structure contains ScopedGlobalPolicyFile which contains 
--        GlobalPolicyFile. PG signs this message using its private key 
--        corresponding to its PgCertificate. 
-- @class SignedGlobalPolicyFile
-- @param content contains the ScopedGlobalPolicyFile.
-- @see GlobalPolicyFile, PgCertificate 
SignedGlobalPolicyFile ::= Ieee1609Dot2Data( WITH COMPONENTS{...,
    content( WITH COMPONENTS{...,
      signedData( WITH COMPONENTS{...,
        tbsData( WITH COMPONENTS{...,
          payload( WITH COMPONENTS{...,
            data( WITH COMPONENTS{...,
              content( WITH COMPONENTS{...,
                unsecuredData( CONTAINING ScopedGlobalPolicyFile )
              })
            })
          })
        })
      })
   })
})

---
-- @brief This structure contains ScopedLocalPolicyFile which contains 
--        LocalPolicyFile. PG signs this message using its private key
--        corressponding to its PgCertificate.
-- @class SignedLocalPolicyFile
-- @param content contains the ScopedLocalPolicyFile.
-- @see LocalPolicyFile, PgCertificate
SignedLocalPolicyFile ::= Ieee1609Dot2Data( WITH COMPONENTS{...,
    content( WITH COMPONENTS{...,
      signedData( WITH COMPONENTS{...,
        tbsData( WITH COMPONENTS{...,
          payload( WITH COMPONENTS{...,
            data( WITH COMPONENTS{...,
              content( WITH COMPONENTS{...,
                unsecuredData( CONTAINING ScopedLocalPolicyFile )
              })
            })
          })
        })
      })
   })
})

-- *************************************************************************
--
--             LA-MA (Secured)
--
-- *************************************************************************

---
-- @brief This structure contains ScopedLIRequest which contains 
--        MaLaLinkageInfoRequest. MA signs this message using its private key
--        corresponding to its MaCertificate.
-- @class SignedLIRequest
-- @param content contains the ScopedLIRequest.
-- @see MaLaLinkageInfoRequest
SignedLIRequest ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    signedData  (WITH COMPONENTS {...,
      tbsData (WITH COMPONENTS {...,
        payload (WITH COMPONENTS {...,
          data (WITH COMPONENTS {...,
             content (WITH COMPONENTS {
                unsecuredData (CONTAINING ScopedLIRequest)
            })
          })
        }),
        headerInfo (WITH COMPONENTS {...,
          psid (SecurityMgmtPsid),
          generationTime ABSENT,
          expiryTime ABSENT,
          generationLocation ABSENT,
          p2pcdLearningRequest ABSENT,
          missingCrlIdentifier ABSENT,
          encryptionKey ABSENT
        })
      })
    })
  })
})

---
-- @brief This stucture contains SignedLIRequest and is sent by MA to LA.
--        MA encrypts this message using LA's public key that it obtains
--        from LaCertificate received from ICA at Add LA stage.
-- @class SecuredLIRequest
-- @param contains encrypted linkage information signed by MA; decrypts to a
--                 SignedLIRequest.
-- @see MaLaLinkageInfoRequest, LaCertificate 
SecuredLIRequest ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    encryptedData
  })
})

---
-- @brief This structure contains ScopedLIReply which contains 
--        LaMaLinkageInfoResponseMsg. LA signs this message using its private
--        key corresponding to its LaCertificate.
-- @class SignedLIReply
-- @param content contains ScopedLIReply.
-- @see LaMaLinkageInfoResponseMsg, LaCertificate 
SignedLIReply ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    signedData  (WITH COMPONENTS {...,
      tbsData (WITH COMPONENTS {...,
        payload (WITH COMPONENTS {...,
          data (WITH COMPONENTS {...,
             content (WITH COMPONENTS {
                unsecuredData (CONTAINING ScopedLIReply)
            })
          })
        }),
        headerInfo (WITH COMPONENTS {...,
          psid (SecurityMgmtPsid),
          generationTime ABSENT,
          expiryTime ABSENT,
          generationLocation ABSENT,
          p2pcdLearningRequest ABSENT,
          missingCrlIdentifier ABSENT,
          encryptionKey ABSENT
        })
      })
    })
  })
})

---
-- @brief This structure contains SignedLIReply and is sent by LA to an MA's 
--        SecuredLIRequest. LA encrypts this message using encryptionKey
--        obtained from MaCertificate.
-- @class SecuredLIReply
-- @param content contains LA's response with linkage information; decrypts to
--                a SignedLIReply.
-- @see LaMaLinkageInfoResponseMsg, MaCertificate
SecuredLIReply ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    encryptedData
  })
})

---
-- @brief This structure contains ScopedLSRequest which contains 
--        MaLaLinkageSeedRequestMsg. MA signs this message using its private
--        key corresponding to its MaCertificate.
-- @class SignedLSRequest
-- @param content contains ScopedLSRequest.
-- @see MaLaLinkageSeedRequestMsg, MaCertificate
SignedLSRequest ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    signedData  (WITH COMPONENTS {...,
      tbsData (WITH COMPONENTS {...,
        payload (WITH COMPONENTS {...,
          data (WITH COMPONENTS {...,
             content (WITH COMPONENTS {
                unsecuredData (CONTAINING ScopedLSRequest)
            })
          })
        }),
        headerInfo (WITH COMPONENTS {...,
          psid (SecurityMgmtPsid),
          generationTime ABSENT,
          expiryTime ABSENT,
          generationLocation ABSENT,
          p2pcdLearningRequest ABSENT,
          missingCrlIdentifier ABSENT,
          encryptionKey ABSENT
        })
      })
    })
  })
})

---
-- @brief This structure contains SignedLSRequest that is sent by MA to LA to 
--        request linkage seed information for misbehavior report analysis. MA 
--        encrypts this request using LA's public key that it obtains from
--        LaCertificate received from ICA at Add LA stage.
-- @class SecuredLSRequest
-- @param content contains encrypted linkage seed request message signed by MA
--                ; decrypts to a SignedLSRequest.
-- @see MaLaLinkageSeedRequestMsg, LaCertificate
SecuredLSRequest ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    encryptedData
  })
})

---
-- @brief This structure contains ScopedLSReply which contains 
--        LaMaLinkageSeedResponseMsg. LA signs this message using its private
--        key corresponding to its LaCertificate.
-- @class SignedLSReply
-- @param content contains ScopedLSReply.
-- @see LaMaLinkageSeedResponseMsg, LaCertificate
SignedLSReply ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    signedData  (WITH COMPONENTS {...,
      tbsData (WITH COMPONENTS {...,
        payload (WITH COMPONENTS {...,
          data (WITH COMPONENTS {...,
             content (WITH COMPONENTS {
                unsecuredData (CONTAINING ScopedLSReply)
            })
          })
        }),
        headerInfo (WITH COMPONENTS {...,
          psid (SecurityMgmtPsid),
          generationTime ABSENT,
          expiryTime ABSENT,
          generationLocation ABSENT,
          p2pcdLearningRequest ABSENT,
          missingCrlIdentifier ABSENT,
          encryptionKey ABSENT
        })
      })
    })
  })
})

---
-- @brief This structure contains SignedLSReply and is sent by LA to an MA's 
--        SecuredLSRequest. LA encrypts this message using encryptionKey in
--        MaCertificate.
-- @class SecuredLSReply
-- @param content contains LA's response with linkage information; decrypts to
--                a SignedLSReply.
-- @see LaMaLinkageSeedResponseMsg
SecuredLSReply ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    encryptedData  -- decrypts to a SignedLSReply
  })
})

-- *************************************************************************
--
--             LA-PCA (Secured)
--
-- *************************************************************************

---
-- @brief This structure contains ScopedPcaLaKeyAgreementRequest which 
--        contains PcaLaKeyAgreementRequestMsg and is sent from PCA to LA to 
--        initiate key agreement. PCA signs this message using its private key
--        corresponding to its PcaCertificate.
-- @class SignedPcaLaKeyAgreementRequest
-- @param content contains ScopedPcaLaKeyAgreementRequest.
-- @see PcaLaKeyAgreementRequestMsg
SignedPcaLaKeyAgreementRequest ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    signedData  (WITH COMPONENTS {...,
      tbsData (WITH COMPONENTS {...,
        payload (WITH COMPONENTS {...,
          data (WITH COMPONENTS {...,
             content (WITH COMPONENTS {
                unsecuredData (CONTAINING ScopedPcaLaKeyAgreementRequest)
            })
          })
        }),
        headerInfo (WITH COMPONENTS {...,
          psid (SecurityMgmtPsid),
          generationTime ABSENT,
          expiryTime ABSENT,
          generationLocation ABSENT,
          p2pcdLearningRequest ABSENT,
          missingCrlIdentifier ABSENT,
          encryptionKey ABSENT
        })
      })
    })
  })
})

---
-- @brief This structure contains ScopedLaPcaKeyAgreementResponse which
--        contains LaPcaKeyAgreementResponse and is sent from LA to PCA. LA
--        signs this message using its private key corresponding to its
--        LaCertificate.
-- @class SignedLaPcaKeyAgreementResponse
-- @param content contains ScopedLaPcaKeyAgreementResponse.
-- @see LaPcaKeyAgreementResponse, LaCertificate
SignedLaPcaKeyAgreementResponse ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    signedData  (WITH COMPONENTS {...,
      tbsData (WITH COMPONENTS {...,
        payload (WITH COMPONENTS {...,
          data (WITH COMPONENTS {...,
             content (WITH COMPONENTS {
                unsecuredData (CONTAINING ScopedLaPcaKeyAgreementResponse)
            })
          })
        }),
        headerInfo (WITH COMPONENTS {...,
          psid (SecurityMgmtPsid),
          generationTime ABSENT,
          expiryTime ABSENT,
          generationLocation ABSENT,
          p2pcdLearningRequest ABSENT,
          missingCrlIdentifier ABSENT,
          encryptionKey ABSENT
        })
      })
    })
  })
})

---
-- @brief This structure contains ScopedPcaLaKeyAgreementAck which contains
--        PcaLaKeyAgreementAck and is sent from PCA to LA. PCA signs this
--        message using private key corresponding to its PcaCertificate.
-- @class SignedPcaLaKeyAgreementAck
-- @param content contains ScopedPcaLaKeyAgreementAck.
-- @see PcaLaKeyAgreementAck, PcaCertificate
SignedPcaLaKeyAgreementAck ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    signedData  (WITH COMPONENTS {...,
      tbsData (WITH COMPONENTS {...,
        payload (WITH COMPONENTS {...,
          data (WITH COMPONENTS {...,
             content (WITH COMPONENTS {
                unsecuredData (CONTAINING ScopedPcaLaKeyAgreementAck)
            })
          })
        }),
        headerInfo (WITH COMPONENTS {...,
          psid (SecurityMgmtPsid),
          generationTime ABSENT,
          expiryTime ABSENT,
          generationLocation ABSENT,
          p2pcdLearningRequest ABSENT,
          missingCrlIdentifier ABSENT,
          encryptionKey ABSENT
        })
      })
    })
  })
})

-- *************************************************************************
--
--             LA-RA (Secured)
--
-- *************************************************************************

---
-- @brief This structure contains ScopedRaLaIndividualPreLinkageValueRequest
--        which contains RaLaIndividualPreLinkageValueRequest and is sent from
--        RA to LA. RA signs this message using its private key corresponding
--        to its RaCertificate. Generation time is present to prevent replay,
--        keep message for replay check until time corresponding to iMin has
--        been reached.
-- @class SignedRaLaIndividualPreLinkageValueRequest
-- @param content contains ScopedRaLaIndividualPreLinkageValueRequest.
-- @see RaLaIndividualPreLinkageValueRequest, RaCertificate
SignedRaLaIndividualPreLinkageValueRequest ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    signedData  (WITH COMPONENTS {...,
      tbsData (WITH COMPONENTS {...,
        payload (WITH COMPONENTS {...,
          data (WITH COMPONENTS {...,
             content (WITH COMPONENTS {
                unsecuredData (CONTAINING ScopedRaLaIndividualPreLinkageValueRequest)
            })
          })
        }),
        headerInfo (WITH COMPONENTS {...,
          psid (SecurityMgmtPsid),
          generationTime PRESENT,
          expiryTime ABSENT,
          generationLocation ABSENT,
          p2pcdLearningRequest ABSENT,
          missingCrlIdentifier ABSENT,
          encryptionKey ABSENT
        })
      })
    })
  })
})


---
-- @brief This structure contains ScopedRaLaGroupPreLinkageValueRequest which
--        contains RaLaGroupPreLinkageValueRequest and is sent by RA to LA. RA
--        signs this message using its private key corresponding to its
--        RaCertificate. Generation time is present to prevent replay,
--        keep message for replay check until time corresponding to iMin has
--        been reached.
-- @class SignedRaLaGroupPreLinkageValueRequest
-- @param content contains ScopedRaLaGroupPreLinkageValueRequest.
-- @see RaLaGroupPreLinkageValueRequest, RaCertificate
SignedRaLaGroupPreLinkageValueRequest ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    signedData  (WITH COMPONENTS {...,
      tbsData (WITH COMPONENTS {...,
        payload (WITH COMPONENTS {...,
          data (WITH COMPONENTS {...,
             content (WITH COMPONENTS {
                unsecuredData (CONTAINING ScopedRaLaGroupPreLinkageValueRequest)
            })
          })
        }),
        headerInfo (WITH COMPONENTS {...,
          psid (SecurityMgmtPsid),
          generationTime PRESENT,
          expiryTime ABSENT,
          generationLocation ABSENT,
          p2pcdLearningRequest ABSENT,
          missingCrlIdentifier ABSENT,
          encryptionKey ABSENT
        })
      })
    })
  })
})


---
-- @brief This structure contains ScopedLaRaPreLinkageValueResponse which
--        contains LaRaPreLinkageValueResponse and is sent by LA to RA. LA
--        signs this message using its private key corresponding to its
--        LaCertificate. Generation time is present to prevent replay,
--        keep message for replay check until time corresponding to iMin has
--        been reached.
-- @class SignedLaRaPreLinkageValueResponse
-- @param content contains ScopedLaRaPreLinkageValueResponse.
-- @see LaRaPreLinkageValueResponse, LaCertificate
SignedLaRaPreLinkageValueResponse ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    signedData  (WITH COMPONENTS {...,
      tbsData (WITH COMPONENTS {...,
        payload (WITH COMPONENTS {...,
          data (WITH COMPONENTS {...,
             content (WITH COMPONENTS {
                unsecuredData (CONTAINING ScopedLaRaPreLinkageValueResponse)
            })
          })
        }),
        headerInfo (WITH COMPONENTS {...,
          psid (SecurityMgmtPsid),
          generationTime PRESENT,
          expiryTime ABSENT,
          generationLocation ABSENT,
          p2pcdLearningRequest ABSENT,
          missingCrlIdentifier ABSENT,
          encryptionKey ABSENT
        })
      })
    })
  })
})

-- *************************************************************************
--
--             MA-PCA (Secured)
--
-- *************************************************************************

---
-- @brief This structure contains ScopedMaPcaPreLinkageValueRequest which
--        contains MaPcaPreLinkageValueRequest and is sent from MA to PCA. MA
--        signs this message using its private key corresponding to its
--        MaCertificate.
-- @class SignedMaPcaPreLinkageValueRequest
-- @param content contains ScopedMaPcaPreLinkageValueRequest.
-- @see MaPcaPreLinkageValueRequest, MaCertificate
SignedMaPcaPreLinkageValueRequest ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    signedData  (WITH COMPONENTS {...,
      tbsData (WITH COMPONENTS {...,
        payload (WITH COMPONENTS {...,
          data (WITH COMPONENTS {...,
             content (WITH COMPONENTS {
                unsecuredData (CONTAINING ScopedMaPcaPreLinkageValueRequest)
            })
          })
        }),
        headerInfo (WITH COMPONENTS {...,
          psid (SecurityMgmtPsid),
          generationTime ABSENT,
          expiryTime ABSENT,
          generationLocation ABSENT,
          p2pcdLearningRequest ABSENT,
          missingCrlIdentifier ABSENT,
          encryptionKey ABSENT
        })
      })
    })
  })
})

---
-- @brief This structure contains SignedMaPcaPreLinkageValueRequest and is
--        sent by MA to PCA. MA encrypts this message using encryptionKey from
--        PCA's PcaCertificate.
-- @class SecuredMaPcaPreLinkageValueRequest
-- @param content contains MA's request to gain pre-linkage values from PCA;
--                decrypts to a SignedMaPcaPreLinkageValueRequest.
-- @see PcaCertificate
SecuredMaPcaPreLinkageValueRequest ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    encryptedData
  })
})


---
-- @brief This structure contains ScopedPcaMaPreLinkageValueResponse which
--        contains PcaMaPreLinkageValueResponse and is sent by PCA to MA. PCA
--        signs this message using its private key corresponding to its
--        PcaCertificate.
-- @class SignedPcaMaPreLinkageValueResponse
-- @param content contains ScopedPcaMaPreLinkageValueResponse.
-- @see PcaMaPreLinkageValueResponse, PcaCertificate
SignedPcaMaPreLinkageValueResponse ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    signedData  (WITH COMPONENTS {...,
      tbsData (WITH COMPONENTS {...,
        payload (WITH COMPONENTS {...,
          data (WITH COMPONENTS {...,
             content (WITH COMPONENTS {
                unsecuredData (CONTAINING ScopedPcaMaPreLinkageValueResponse)
            })
          })
        }),
        headerInfo (WITH COMPONENTS {...,
          psid (SecurityMgmtPsid),
          generationTime ABSENT,
          expiryTime ABSENT,
          generationLocation ABSENT,
          p2pcdLearningRequest ABSENT,
          missingCrlIdentifier ABSENT,
          encryptionKey ABSENT
        })
      })
    })
  })
})

---
-- @brief This structure contains SignedPcaMaPreLinkageValueResponse and is
--        sent by PCA to MA. PCA encrypts this message using the encryptionKey
--        in MaCertificate.
-- @class SecuredPcaMaPreLinkageValueResponse
-- @param content contains response from PCA with pre-linkage values requested
--                by MA; decrypts to a SignedPcaMaPreLinkageValueResponse.
-- @see MaCertificate
SecuredPcaMaPreLinkageValueResponse ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    encryptedData
  })
})


---
-- @brief This structure contains ScopedMaPcaHPCRRequest which contains
--        MaPcaHPCRRequest and is sent by MA to PCA. MA signs this message
--        using its private key corresponding to its MaCertificate.
-- @class SignedMaPcaHPCRRequest
-- @param content contains ScopedMaPcaHPCRRequest.
-- @see MaPcaHPCRRequest, MaCertificate
SignedMaPcaHPCRRequest ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    signedData  (WITH COMPONENTS {...,
      tbsData (WITH COMPONENTS {...,
        payload (WITH COMPONENTS {...,
          data (WITH COMPONENTS {...,
             content (WITH COMPONENTS {
                unsecuredData (CONTAINING ScopedMaPcaHPCRRequest)
            })
          })
        }),
        headerInfo (WITH COMPONENTS {...,
          psid (SecurityMgmtPsid),
          generationTime ABSENT,
          expiryTime ABSENT,
          generationLocation ABSENT,
          p2pcdLearningRequest ABSENT,
          missingCrlIdentifier ABSENT,
          encryptionKey ABSENT
        })
      })
    })
  })
})

---
-- @brief This structure contains SignedMaPcaHPCRRequest and is sent by MA to
--        PCA. MA encrypts this message using encryptionKey in PCA's
--        PcaCertificate.
-- @class SecuredMaPcaHPCRRequest
-- @param content contains the encrypted HPCR request from MA; decrypts to a
--                SignedMaPcaHPCRRequest.
SecuredMaPcaHPCRRequest ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    encryptedData
  })
})


---
-- @brief This structure contains ScopedPcaMaHPCRResponse which contains
--        PcaMaHPCRResponse and is sent by PCA to MA. PCA signs this message
--        using its private key corresponding to its PcaCertificate.
-- @class SignedPcaMaHPCRResponse
-- @param content contains ScopedPcaMaHPCRResponse.
-- @see PcaMaHPCRResponse, PcaCertificate
SignedPcaMaHPCRResponse ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    signedData  (WITH COMPONENTS {...,
      tbsData (WITH COMPONENTS {...,
        payload (WITH COMPONENTS {...,
          data (WITH COMPONENTS {...,
             content (WITH COMPONENTS {
                unsecuredData (CONTAINING ScopedPcaMaHPCRResponse)
            })
          })
        }),
        headerInfo (WITH COMPONENTS {...,
          psid (SecurityMgmtPsid),
          generationTime ABSENT,
          expiryTime ABSENT,
          generationLocation ABSENT,
          p2pcdLearningRequest ABSENT,
          missingCrlIdentifier ABSENT,
          encryptionKey ABSENT
        })
      })
    })
  })
})

---
-- @brief This structure contains SignedPcaMaHPCRResponse and is sent by PCA
--        to MA as a response to MA's SecuredMaPcaHPCRRequest. PCA encrypts
--        data in this message using encryptionKey in MaCertificate.
-- @class SecuredPcaMaHPCRResponse
-- @param content contains the encrypted response from PCA wih HPCR; decrypts
--                to a SignedPcaMaHPCRResponse.
-- @see MaCertificate
SecuredPcaMaHPCRResponse ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    encryptedData  --
  })
})

-- *************************************************************************
--
--             MA-RA (Secured)
--
-- *************************************************************************

---
-- @brief This structure contains ScopedBlacklistRequest which contains
--        MaRaBlacklistRequest and is sent by MA to RA. MA signs this message
--        using the private key corresponding to its MaCertificate.
-- @class SignedBlacklistRequest
-- @param content contains ScopedBlacklistRequest that indicates which
--                pseudonym certificates have been revoked by MA.
-- @see MaRaBlacklistRequest, MaCertificate
SignedBlacklistRequest ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    signedData  (WITH COMPONENTS {...,
      tbsData (WITH COMPONENTS {...,
        payload (WITH COMPONENTS {...,
          data (WITH COMPONENTS {...,
             content (WITH COMPONENTS {
                unsecuredData (CONTAINING ScopedBlacklistRequest)
            })
          })
        }),
        headerInfo (WITH COMPONENTS {...,
          psid (SecurityMgmtPsid),
          generationTime ABSENT,
          expiryTime ABSENT,
          generationLocation ABSENT,
          p2pcdLearningRequest ABSENT,
          missingCrlIdentifier ABSENT,
          encryptionKey ABSENT
        })
      })
    })
  })
})

---
-- @brief This structure contains SignedBlacklistRequest and is sent my MA to
--        RA. MA encrypts the data in this message using encryptionKey in RA's
--        RaCertificate.
-- @class SecuredBlacklistRequest
-- @param content contains encrypted request to update RA's internal blacklist;
--                decrypts to a SignedBlacklistRequest.
-- @see RaCertificate
SecuredBlacklistRequest ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    encryptedData
  })
})

---
-- @brief This structure contains ScopedBlacklistResponse which contains
--        RaMaBlacklistResponse and is sent by RA to MA. RA signs this message
--        using the private key corresponding to its RaCertificate.
-- @class SignedBlacklistResponse
-- @param content contains ScopedBlacklistResponse that indicates status of
--                revoked pseudonym certificates.
-- @see RaMaBlacklistResponse, RaCertificate
SignedBlacklistResponse ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    signedData  (WITH COMPONENTS {...,
      tbsData (WITH COMPONENTS {...,
        payload (WITH COMPONENTS {...,
          data (WITH COMPONENTS {...,
             content (WITH COMPONENTS {
                unsecuredData (CONTAINING ScopedBlacklistResponse)
            })
          })
        }),
        headerInfo (WITH COMPONENTS {...,
          psid (SecurityMgmtPsid),
          generationTime ABSENT,
          expiryTime ABSENT,
          generationLocation ABSENT,
          p2pcdLearningRequest ABSENT,
          missingCrlIdentifier ABSENT,
          encryptionKey ABSENT
        })
      })
    })
  })
})

---
-- @brief This structure contains SignedBlacklistResponse and is sent as a
--        response by RA to MA's SecuredBlacklistRequest. RA encrypts the data
--        in this message using encryptionKey in MA's MaCertificate.
-- @class SecuredBlacklistResponse
-- @param content contains encrypted status of revoked pseudonym certificates; 
--                decrypts to a SignedBlacklistResponse.
-- @see MaCertificate
SecuredBlacklistResponse ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    encryptedData
  })
})

---
-- @brief This structure contains ScopedRseObeIdBlacklistRequest which
--        contains MaRaRseObeIdBlacklistRequest and is sent by MA to RA. MA
--        signs this message using the private key corresponding to its
--        MaCertificate.
-- @class SignedRseObeIdBlacklistRequest
-- @param content contains ScopedRseObeIdBlacklistRequest.
-- @see MaRaRseObeIdBlacklistRequest, MaCertificate
SignedRseObeIdBlacklistRequest ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    signedData  (WITH COMPONENTS {...,
      tbsData (WITH COMPONENTS {...,
        payload (WITH COMPONENTS {...,
          data (WITH COMPONENTS {...,
             content (WITH COMPONENTS {
                unsecuredData (CONTAINING ScopedRseObeIdBlacklistRequest)
            })
          })
        }),
        headerInfo (WITH COMPONENTS {...,
          psid (SecurityMgmtPsid),
          generationTime ABSENT,
          expiryTime ABSENT,
          generationLocation ABSENT,
          p2pcdLearningRequest ABSENT,
          missingCrlIdentifier ABSENT,
          encryptionKey ABSENT
        })
      })
    })
  })
})

---
-- @brief This structure contains SignedRseObeIdBlacklistRequest and is sent
--        by MA to RA. MA encrypts this message using the encryptionKey in RA's
--        RaCertificate.
-- @class SecuredRseObeIdBlacklistRequest
-- @param content contains the encrypted status report of revoked 
--                identification and application certificates; decrypts to a
--                SignedRseObeIdBlacklistRequest.
-- @see RaCertificate
SecuredRseObeIdBlacklistRequest ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    encryptedData
  })
})

---
-- @brief This structure contains ScopedBlacklistResponse which contains
--        RaMaBlacklistResponse and is sent by RA to MA. RA signs this message
--        using the private key corresponding to its RaCertificate.
-- @class SignedRseObeIdBlacklistResponse
-- @param content contains ScopedBlacklistResponse that notifies the status of
--                revoked identification certificates and application
--                certificates.
-- @see RaMaBlacklistResponse, RaCertificate
SignedRseObeIdBlacklistResponse ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    signedData  (WITH COMPONENTS {...,
      tbsData (WITH COMPONENTS {...,
        payload (WITH COMPONENTS {...,
          data (WITH COMPONENTS {...,
             content (WITH COMPONENTS {
                unsecuredData (CONTAINING ScopedBlacklistResponse)
            })
          })
        }),
        headerInfo (WITH COMPONENTS {...,
          psid (SecurityMgmtPsid),
          generationTime ABSENT,
          expiryTime ABSENT,
          generationLocation ABSENT,
          p2pcdLearningRequest ABSENT,
          missingCrlIdentifier ABSENT,
          encryptionKey ABSENT
        })
      })
    })
  })
})

---
-- @brief This structure contains SignedRseObeIdBlacklistResponse and is sent
--        by RA to MA. RA encrypts this message using the encryptionKey in MA's
--        MaCertificate.
-- @class SecuredRseObeIdBlacklistResponse
-- @param content contains encrypted status report of revoked identification
--                and pseudonym certificates; decrypts to a
--                SignedRseObeIdBlacklistResponse.
-- @see MaCertificate
SecuredRseObeIdBlacklistResponse ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    encryptedData
  })
})

---
-- @brief This structure contains ScopedLCIRequest which contains
--        MaRaLCIRequest and is sent by MA to RA. MA signs this message using
--        the private key corresponding to its MaCertificate.
-- @class SignedLCIRequest
-- @param content contains ScopedLCIRequest.
-- @see MaRaLCIRequest, MaCertificate
SignedLCIRequest ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    signedData  (WITH COMPONENTS {...,
      tbsData (WITH COMPONENTS {...,
        payload (WITH COMPONENTS {...,
          data (WITH COMPONENTS {...,
             content (WITH COMPONENTS {
                unsecuredData (CONTAINING ScopedLCIRequest)
            })
          })
        }),
        headerInfo (WITH COMPONENTS {...,
          psid (SecurityMgmtPsid),
          generationTime ABSENT,
          expiryTime ABSENT,
          generationLocation ABSENT,
          p2pcdLearningRequest ABSENT,
          missingCrlIdentifier ABSENT,
          encryptionKey ABSENT
        })
      })
    })
  })
})

---
-- @brief This structure contains SignedLCIRequest and is sent by MA to RA. MA
--        encrypts the data in this message using the encryptionKey in RA's
--        RaCertificate.
-- @class SecuredLCIRequest
-- @param content contains encrypted request for linkage chain identifiers;
--                decrypts to a SignedLCIRequest.
-- @see RaCertificate
SecuredLCIRequest ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    encryptedData  --
  })
})

---
-- @brief This structure contains ScopedLCIResponse which contains
--        RaMaLCIResponse and is sent by RA to MA. RA signs this message using
--        the private key corresponding to its RaCertificate.
-- @class SignedLCIResponse
-- @param content contains ScopedLCIResponse
-- @see RaMaLCIResponse, RaCertificate
SignedLCIResponse ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    signedData  (WITH COMPONENTS {...,
      tbsData (WITH COMPONENTS {...,
        payload (WITH COMPONENTS {...,
          data (WITH COMPONENTS {...,
             content (WITH COMPONENTS {
                unsecuredData (CONTAINING ScopedLCIResponse)
            })
          })
        }),
        headerInfo (WITH COMPONENTS {...,
          psid (SecurityMgmtPsid),
          generationTime ABSENT,
          expiryTime ABSENT,
          generationLocation ABSENT,
          p2pcdLearningRequest ABSENT,
          missingCrlIdentifier ABSENT,
          encryptionKey ABSENT
        })
      })
    })
  })
})

---
-- @brief This structure contains SignedLCIResponse and is sent by RA to MA.
--        RA signs the data in this message using the encryptionKey in MA's
--        MaCertificate.
-- @class SecuredLCIResponse
-- @param content contains encrypted linkage chain identifiers sent by RA;
--                decrypts to a SignedLCIResponse.
-- @see MaCertificate
SecuredLCIResponse ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    encryptedData
  })
})

-- *************************************************************************
--
--             PCA-RA (Secured)
--
-- *************************************************************************

---
-- @brief This structure contains ScopedRaPcaCertificateRequest which contains 
--        RaPcaCertRequestMsg. RA signs this message before sending it to 
--        PCA.
-- @class SecuredRaPcaCertificateRequest
-- @param content contains ScopedRaPcaCertificateRequest and RA's certificate.
-- @see RaPcaCertRequestMsg
SecuredRaPcaCertificateRequest ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    signedCertificateRequest  (CONTAINING
      SignedCertificateRequest (WITH COMPONENTS {...,
        tbsRequest (ScopedRaPcaCertificateRequest),
        signer (WITH COMPONENTS {
          certificate (SequenceOfCertificate (SIZE(1))
          )
        })
      })
    )
  })
})

---
-- @brief This structure contains ScopedPcaRaCertificateRequestReply which 
--        contains PcaRaCertResponseMsg. PCA encrypts this message before 
--        sending it to RA using the encryptionKey in RA's RaCertificate.
-- @class SecuredPcaRaCertificateRequestReply
-- @param content contains ScopedPcaRaCertificateRequestReply.
-- @see PcaRaCertResponseMsg
SecuredPcaRaCertificateRequestReply ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    signedData  (WITH COMPONENTS {...,
      tbsData (WITH COMPONENTS {...,
        payload (WITH COMPONENTS {...,
          data (WITH COMPONENTS {...,
             content (WITH COMPONENTS {
                unsecuredData (CONTAINING ScopedPcaRaCertificateRequestReply)
            })
          })
        }),
        headerInfo (WITH COMPONENTS {...,
          psid (SecurityMgmtPsid),
          generationTime ABSENT,
          expiryTime ABSENT,
          generationLocation ABSENT,
          p2pcdLearningRequest ABSENT,
          missingCrlIdentifier ABSENT,
          encryptionKey ABSENT
        })
      })
    })
  })
})

-- *************************************************************************
--
--             Root Management / Electors (Secured)
--
-- *************************************************************************

---
-- @brief This structure defines the TbsElectorEndorsement as a scoped version 
--        of the ScmsPDU.
-- @class ScopedElectorEndorsement
-- @param content contains TbsElectorEndorsement
-- @see TbsElectorEndorsement
ScopedElectorEndorsement ::=
  ScmsPDU  (WITH COMPONENTS {...,
    content (WITH COMPONENTS {
      ccm (WITH COMPONENTS {
        tbsElectorEndorsement
      })
    })
 })

---
-- @brief This structure contains ScopedElectorEndorsement which contains
--        TbsElectorEndorsement and is used by Electors to endorse addition of
--        a new Elector to the SCMS. The existing Electors sign their
--        endorsements using their private keys corresponding to their
--        respective ElectorCertificate.
-- @class SignedElectorEndorsement
-- @param content contains ScopedElectorEndorsement.
-- @see TbsElectorEndorsement
SignedElectorEndorsement ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    signedData  (WITH COMPONENTS {...,
      tbsData (WITH COMPONENTS {...,
        payload (WITH COMPONENTS {...,
         data (WITH COMPONENTS {...,
             content (WITH COMPONENTS {
                unsecuredData (CONTAINING ScopedElectorEndorsement)
            })
          })
        }),
        headerInfo (WITH COMPONENTS {...,
          psid (SecurityMgmtPsid),
          generationTime PRESENT,
          expiryTime ABSENT,
          generationLocation ABSENT,
          p2pcdLearningRequest ABSENT,
          missingCrlIdentifier ABSENT,
          encryptionKey ABSENT
        })
      })
    })
  })
})

ScopedElectorBallot ::= ScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {
    ccm (WITH COMPONENTS {
      electorBallot
    })
  })
})

SecuredElectorBallot ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    unsecuredData (CONTAINING ScopedElectorBallot)
  })
})

-- Note: even though this is an "unsecured" message, this merely states that
-- "UnsecuredElectorBallot" (ie. Ieee1609Dot2Data wrapper) is not a signed or
-- encrypted message. However, the ScopedElectorBallot contains contents
-- that has been signed.
UnsecuredElectorBallot ::= SecuredScmsPDU (WITH COMPONENTS {...,
  content (WITH COMPONENTS {...,
    unsecuredData (CONTAINING ScopedElectorBallot) -- signed payload
  })
})

-- *************************************************************************
--
--             SSP
--
-- *************************************************************************

---
-- @brief The ScmsSsp is the parent structure that encompasses all Service 
--        Specific Permission (SSP) structures defined in the SCMS.
-- @class ScmsSsp
-- @param elector contains SSP defined for an Elector.
-- @param root contains SSP defined for a Root CA.
-- @param pg contains SSP defined for a Policy Generator (PG).
-- @param ica contains SSP defined for an Intermediate Certification Authority (ICA).
-- @param eca contains SSP defined for an Enrollment Certification Authority (ECA).
-- @param pca contains SSP defined for a Pseudonym Certification Authority (PCA).
-- @param crl contains SSP defined for a Certification Revocation List (CRL).
-- @param dcm contains SSP defined for a Device Configuration Manager (DCM).
-- @param la contains SSP defined for a Linkage Authority (LA).
-- @param lop contains SSP defined for a Location Obscurer Proxy (LOP).
-- @param ma contains SSP defined for a Misbehavior Authority (MA).
-- @param ra contains SSP defined for a Registration Authority (RA).
ScmsSsp ::= CHOICE {
  elector ElectorSsp,
  root RootCaSsp,
  pg   PGSsp,
  ica  IcaSsp,
  eca  EcaSsp,
  pca  PcaSsp,
  crl  CrlSignerSsp,
  dcm  DcmSsp,
  la   LaSsp,
  lop  LopSsp,
  ma   MaSsp,
  ra   RaSsp,
  ...
}

---
-- @brief This structure defines the SSP for an Elector.
-- @class ElectorSsp
-- @param version contains the current version of the data type. The version 
--                specified in this document is version 1, represented by the
--                integer 1.
-- @see Uint8
ElectorSsp ::= SEQUENCE {
  version Uint8(1),
  ...
}

---
-- @brief This structure defines the SSP for a Root CA.
-- @class RootCaSsp
-- @param version contains the current version of the data type. The version 
--                specified in this document is version 1, represented by the
--                integer 1.
-- @see Uint8
RootCaSsp ::= SEQUENCE {
  version Uint8(1),
  ...
}

---
-- @brief This structure defines the SSP for a PG.
-- @class PGSsp
-- @param version contains the current version of the data type. The version 
--                specified in this document is version 1, represented by the
--                integer 1.
-- @see Uint8
PGSsp ::= SEQUENCE {
  version Uint8(1),
  ...
}

---
-- @brief This structure defines the SSP for an ICA.
-- @class IcaSsp
-- @param version contains the current version of the data type. The version 
--                specified in this document is version 1, represented by the
--                integer 1.
-- @see Uint8
IcaSsp ::= SEQUENCE {
  version Uint8(1),
  ...
}

---
-- @brief This structure defines the SSP for an ECA.
-- @class EcaSsp
-- @param version contains the current version of the data type. The version 
--                specified in this document is version 1, represented by the
--                integer 1.
-- @see Uint8
EcaSsp ::= SEQUENCE {
  version Uint8(1),
  ...
}

---
-- @brief This structure defines the SSP for a PCA.
-- @class PcaSsp
-- @param version contains the current version of the data type. The version 
--                specified in this document is version 1, represented by the
--                integer 1.
--                specified in this document is version 1, represented by the
--                integer 1.
-- @see Uint8
PcaSsp ::= SEQUENCE {
  version Uint8(1),
  ...
}

---
-- @brief This structure defines the SSP for a CRL signer.
-- @class CrlSignerSsp
-- @param version contains the current version of the data type. The version 
--                specified in this document is version 1, represented by the
--                integer 1.
-- @see Uint8
CrlSignerSsp ::= SEQUENCE {
  version Uint8(1),
  ...
}

---
-- @brief This structure defines the SSP for a DCM.
-- @class DcmSsp
-- @param version contains the current version of the data type. The version 
--                specified in this document is version 1, represented by the
--                integer 1.
-- @see Uint8
DcmSsp ::= SEQUENCE {
  version Uint8(1),
  ...
}

---
-- @brief This structure defines the SSP for an LA.
-- @class LaSsp
-- @param version contains the current version of the data type. The version 
--                specified in this document is version 1, represented by the
--                integer 1.
-- @see Uint8
LaSsp ::= SEQUENCE {
  version Uint8(1),
  laId Uint16,
  ...
}

---
-- @brief This structure defines the SSP for an LOP.
-- @class LopSsp
-- @param version contains the current version of the data type. The version 
--                specified in this document is version 1, represented by the
--                integer 1.
-- @see Uint8
LopSsp ::= SEQUENCE {
  version Uint8(1),
  ...
}

---
-- @brief This structure defines the SSP for an MA.
-- @class MaSsp
-- @param version contains the current version of the data type. The version 
--                specified in this document is version 1, represented by the
--                integer 1.
-- @see Uint8
MaSsp ::= SEQUENCE {
  version        Uint8(1),
  relevantPsids  SequenceOfPsid,
  ...
}

---
-- @brief This structure defines the SSP for an RA.
-- @class RaSsp
-- @param version contains the current version of the data type. The version 
--                specified in this document is version 1, represented by the
--                integer 1.
-- @see Uint8
RaSsp ::= SEQUENCE {
  version  Uint8(1),
  ...
}

END

scms-base-types.asn
master  SCMS/scms-asn
--  (C) Copyright 2017, 2018 Crash Avoidance Metrics Partners LLC, VSC5 Consortium
-- 
--  Licensed under the Apache License, Version 2.0 (the "License");
--  you may not use this file except in compliance with the License.
--  You may obtain a copy of the License at
-- 
--     http://www.apache.org/licenses/LICENSE-2.0
-- 
--  Unless required by applicable law or agreed to in writing, software
--  distributed under the License is distributed on an "AS IS" BASIS,
--  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
--  See the License for the specific language governing permissions and
--  limitations under the License.
-- 

-------------------------------------------------------------------------------
-- SCMS-BASE-TYPES 
--
-- The structures in this file define some common messages, or base types, used
-- by different entities in the system, as well some constants related to the 
-- SCMS protocols.
--
-- This file is part of the SCMS protocol developed by CAMP VSC5
-- It depends on the IEEE 1609.2 protocol specification
-------------------------------------------------------------------------------

-- @namespace Ieee1609dot2ScmsBaseTypes 
Ieee1609dot2ScmsBaseTypes {iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609)  dot2(2)
scms(4) interfaces(1) base-types(2) major-version-2(2)}

DEFINITIONS AUTOMATIC TAGS ::= BEGIN 

EXPORTS ALL;
 
IMPORTS 
  CrlSeries,
  CountryOnly,
  Duration,
  Hostname,
  IValue,
  LaId,
  LinkageSeed,
  Psid,
  Signature,
  HashedId8,
  Uint8
FROM IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111) 
    standards-association-numbered-series-standards(2) wave-stds(1609)  
    dot2(2) base(1) base-types(2) major-version-2(2)}

  RecipientInfo,
  EncryptedData,
  SignerIdentifier
FROM IEEE1609dot2 {iso(1) identified-organization(3) ieee(111) 
    standards-association-numbered-series-standards(2) wave-stds(1609)  
    dot2(2) base(1) schema(1) major-version-2(2)}
;

---
-- @brief This data type is used for any operations in Canada.
-- @class Canada 
Canada ::= CountryOnly (124)

---
-- @brief This data type is used for any operations in Mexico.
-- @class Mexico 
Mexico ::= CountryOnly (484)

---
-- @brief This data type is used for any operations in the USA.
-- @class USA 
USA ::= CountryOnly (840)

---
-- @brief This data type denotes the expiration period of a CRL certificate.
--        for Proof-of-Concept.
-- @class CrlgCertExpirationPoc 
CrlgCertExpirationPoc::= Duration (WITH COMPONENTS {hours(35208)}) -- 4 years + 1 week = 35,208 hours

---
-- @brief This data type denotes the expiration period of a CRL certificate.
--        for CV pilots.
-- @class CrlgCertExpirationCvp 
CrlgCertExpirationCvp::= Duration (WITH COMPONENTS {hours(17688)}) -- 2 years + 1 week = 17,688 hours

---
-- @brief This data type denotes the expiration period of a DCM certificate.
--        for Proof-of-Concept.
-- @class DcmCertExpirationPoc 
DcmCertExpirationPoc ::= Duration (WITH COMPONENTS {hours(26448)})  -- 3 years + 1 week = 26,448 hours

---
-- @brief This data type denotes the expiration period of a DCM certificate.
--        for QA CV pilots.
-- @class DcmCertExpirationCvp 
DcmCertExpirationCvpQa ::= Duration (WITH COMPONENTS {hours(17688)})  -- 2 years + 1 week = 17,688 hours

---
-- @brief This data type denotes the expiration period of a DCM certificate.
--        for PROD CV pilots.
-- @class DcmCertExpirationCvpPrd1
-- @class DcmCertExpirationCvpPrd2
-- @class DcmCertExpirationCvpPrd3
DcmCertExpirationCvpPrd1 ::= Duration (WITH COMPONENTS {hours(26472)})  -- 1,103 days
DcmCertExpirationCvpPrd2 ::= Duration (WITH COMPONENTS {hours(26448)})  -- 1,102 days
DcmCertExpirationCvpPrd3 ::= Duration (WITH COMPONENTS {hours(12456)})  -- 519 days

---
-- @brief This data type denotes the expiration period of a ECA certificate
--        for Proof-of-Concept.
-- @class EcaCertExpirationPoc 
EcaCertExpirationPoc ::= Duration (WITH COMPONENTS {years(11)})

---
-- @brief This data type denotes the expiration period of a ECA certificate
--        for QA CV pilots.
-- @class EcaCertExpirationCvpQa
EcaCertExpirationCvpQa ::= Duration (WITH COMPONENTS {years(3)})

---
-- @brief This data type denotes the expiration period of a ECA certificate
--        for PROD CV pilots.
-- @class EcaCertExpirationCvpPrd1
-- @class EcaCertExpirationCvpPrd2
EcaCertExpirationCvpPrd1 ::= Duration (WITH COMPONENTS {sixtyHours(1084)}) -- 2,710 days, ~7.42 years
EcaCertExpirationCvpPrd2 ::= Duration (WITH COMPONENTS {hours(38736)}) -- 1,614 days, ~4.42 years

---
-- @brief This data type denotes the expiration period of an Elector
--        certificate for Proof-of-Concept.
-- @class ElectorCertExpirationPoc 
ElectorCertExpirationPoc ::= Duration (WITH COMPONENTS {years(12)})

---
-- @brief This data type denotes the expiration period of an Elector
--        certificate for CV pilots.
-- @class ElectorCertExpirationCvp 
ElectorCertExpirationCvp ::= Duration (WITH COMPONENTS {years(6)})

---
-- @brief This data type denotes the expiration period of a ICA certificate
--        for Proof-of-Concept.
-- @class IcaCertExpirationPoc 
IcaCertExpirationPoc ::= Duration (WITH COMPONENTS {years(13)})

---
-- @brief This data type denotes the expiration period of a ICA certificate
--        for QA CV pilots.
-- @class IcaCertExpirationCvpQa
IcaCertExpirationCvpQa ::= Duration (WITH COMPONENTS {years(5)})

---
-- @brief This data type denotes the expiration period of a ICA certificate
--        for PROD CV pilots.
-- @class IcaCertExpirationCvpPrd
IcaCertExpirationCvpPrd ::= Duration (WITH COMPONENTS {sixtyHours(1169)}) -- 2,922.5 days, ~8 years

---
-- @brief This data type denotes the expiration period of a LA certificate
--        for Proof-of-Concept.
-- @class LaCertExpirationPoc
LaCertExpirationPoc ::= Duration (WITH COMPONENTS {hours(26448)}) -- 3 years + 1 week = 26,448 hours

---
-- @brief This data type denotes the expiration period of a LA certificate
--        for QA CV pilots.
-- @class LaCertExpirationCvpQa
LaCertExpirationCvpQa ::= Duration (WITH COMPONENTS {hours(17688)}) -- 2 years + 1 week = 17,688 hours

---
-- @brief This data type denotes the expiration period of a LA certificate
--        for PROD CV pilots.
-- @class LaCertExpirationCvpPrd1
-- @class LaCertExpirationCvpPrd2
-- @class LaCertExpirationCvpPrd3
LaCertExpirationCvpPrd1 ::= Duration (WITH COMPONENTS {hours(26472)}) -- 1,103 days
LaCertExpirationCvpPrd2 ::= Duration (WITH COMPONENTS {hours(26448)}) -- 1,102 days
LaCertExpirationCvpPrd3 ::= Duration (WITH COMPONENTS {hours(12456)}) -- 519 days

---
-- @brief This data type denotes the expiration period of a MA certificate
--        for Proof-of-Concept.
-- @class MaCertExpirationPoc 
MaCertExpirationPoc ::= Duration (WITH COMPONENTS {hours(35208)}) -- 4 years + 1 week = 35,208 hours

---
-- @brief This data type denotes the expiration period of a MA certificate
--        for QA CV pilots.
-- @class MaCertExpirationCvpQa 
MaCertExpirationCvpQa ::= Duration (WITH COMPONENTS {hours(17688)}) -- 2 years + 1 week = 17,688 hours

---
-- @brief This data type denotes the expiration period of a PCA certificate
--        for Proof-of-Concept.
-- @class PcaCertExpirationPoc 
PcaCertExpirationPoc ::= Duration (WITH COMPONENTS {years(4)})

---
-- @brief This data type denotes the expiration period of a PCA certificate
--        for QA CV pilots.
-- @class PcaCertExpirationCvpQa 
PcaCertExpirationCvpQa ::= Duration (WITH COMPONENTS {hours(13140)}) -- 1.5 years = 13,140 hours

---
-- @brief This data type denotes the expiration period of a PCA certificate
--        for PROD CV pilots.
-- @class PcaCertExpirationCvpPrd1 
-- @class PcaCertExpirationCvpPrd2 
-- @class PcaCertExpirationCvpPrd3 
-- @class PcaCertExpirationCvpPrd4 
-- @class PcaCertExpirationCvpPrd5 
-- @class PcaCertExpirationCvpPrd6
PcaCertExpirationCvpPrd1 ::= Duration (WITH COMPONENTS {hours(35281)}) -- 35,281 hours, ~1,470.04 days, ~ 4.02 years
PcaCertExpirationCvpPrd2 ::= Duration (WITH COMPONENTS {hours(35113)}) -- 35,113 hours, ~1,463.04 days, ~ 4.008 years
PcaCertExpirationCvpPrd3 ::= Duration (WITH COMPONENTS {hours(30099)}) -- 30,099 hours = 1,254.125 days, ~ 3.44 years
PcaCertExpirationCvpPrd4 ::= Duration (WITH COMPONENTS {hours(21363)}) -- 21,363 hours = 890.125 days, ~ 2.44 years
PcaCertExpirationCvpPrd5 ::= Duration (WITH COMPONENTS {hours(12459)}) -- 12,459 hours = 519.125 days, ~ 1.42 years
PcaCertExpirationCvpPrd6 ::= Duration (WITH COMPONENTS {hours(3723)}) -- 3,723 hours = 155.125 days = 0.425 years

---
-- @brief This data type denotes the expiration period of a PG certificate
--        for Proof-of-Concept.
-- @class PgCertExpirationPoc 
PgCertExpirationPoc ::= Duration (WITH COMPONENTS {hours(35208)}) -- 4 years + 1 week = 35,208 hours

---
-- @brief This data type denotes the expiration period of a PG certificate
--        for QA CV pilots.
-- @class PgCertExpirationCvpQa
PgCertExpirationCvpQa ::= Duration (WITH COMPONENTS {hours(17688)}) -- 2 years + 1 week = 17,688 hours

---
-- @brief This data type denotes the expiration period of a OBE enrollment
--        certificate for Proof-of-Concept.
-- @class ObeEnrollmentCertExpirationPoc 
ObeEnrollmentCertExpirationPoc ::= Duration (WITH COMPONENTS {years(6)})

---
-- @brief This data type denotes the expiration period of a OBE enrollment
--        certificate for QA CV pilots.
-- @class ObeEnrollmentCertExpirationCvpQa 
ObeEnrollmentCertExpirationCvpQa ::= Duration (WITH COMPONENTS {hours(0..4380)}) -- 6 month = 4,380 hours

---
-- @brief This data type denotes the expiration period of a OBE enrollment
--        certificate for PROD CV pilots.
-- @class ObeEnrollmentCertExpirationCvpPrd 
ObeEnrollmentCertExpirationCvpPrd ::= Duration (WITH COMPONENTS {years(1..7)})

---
-- @brief This data type denotes the expiration period of a OBE identification
--        certificate.
-- @class ObeIdentificationCertExpiration 
ObeIdentificationCertExpiration ::= Duration (WITH COMPONENTS {hours(721)}) -- 1 month + 1 hour = 721 hours

---
-- @brief This data type denotes the expiration period of a OBE pseudonym
--        certificate.
-- @class ObePseudonymCertExpiration 
ObePseudonymCertExpiration ::= Duration (WITH COMPONENTS {hours(169)}) -- 1 week + 1 hour = 169 hours

---
-- @brief This data type denotes the expiration period of a RA certificate
--        for Proof-of-Concept.
-- @class RaCertExpirationPoc 
RaCertExpirationPoc ::= Duration (WITH COMPONENTS {hours(26448)}) -- 3 years + 1 week = 26,448 hours

---
-- @brief This data type denotes the expiration period of a RA certificate
--        for QA CV pilots.
-- @class RaCertExpirationCvpQa 
RaCertExpirationCvpQa ::= Duration (WITH COMPONENTS {hours(17688)}) -- 2 years + 1 week = 17,688 hours

---
-- @brief This data type denotes the expiration period of a RA certificate
--        for PROD CV pilots.
-- @class RaCertExpirationCvpPrd1
-- @class RaCertExpirationCvpPrd2
-- @class RaCertExpirationCvpPrd3
RaCertExpirationCvpPrd1 ::= Duration (WITH COMPONENTS {hours(26472)})  -- 1,103 days
RaCertExpirationCvpPrd2 ::= Duration (WITH COMPONENTS {hours(26448)})  -- 1,102 days
RaCertExpirationCvpPrd3 ::= Duration (WITH COMPONENTS {hours(12456)})  -- 519 days

---
-- @brief This data type denotes the expiration period of a RSE application
--        certificate.
-- @class RseApplicationCertExpiration 
RseApplicationCertExpiration ::= Duration (WITH COMPONENTS {hours(169)}) -- 1 week + 1 hour = 169 hours

---
-- @brief This data type denotes the expiration period of a RSE enrollment
--        certificate for Proof-of-Concept.
-- @class RseEnrollmentCertExpirationPoc 
RseEnrollmentCertExpirationPoc ::= Duration (WITH COMPONENTS {years(6)})

---
-- @brief This data type denotes the expiration period of a RSE enrollment
--        certificate for QA CV pilots.
-- @class RseEnrollmentCertExpirationCvpQa
RseEnrollmentCertExpirationCvpQa ::= Duration (WITH COMPONENTS {years(0..1)})

---
-- @brief This data type denotes the expiration period of a RSE enrollment
--        certificate for PROD CV pilots.
-- @class RseEnrollmentCertExpirationCvpPrd
RseEnrollmentCertExpirationCvpPrd ::= Duration (WITH COMPONENTS {years(1..7)})

---
-- @brief This data type denotes the expiration period of a Root CA certificate.
-- @class RootCaCertExpirationPoc 
RootCaCertExpirationPoc ::= Duration (WITH COMPONENTS {years(17)})

---
-- @brief This data type denotes the expiration period of a Root CA certificate
-- for QA CV pilots
-- @class RootCaCertExpirationCvpQa 
RootCaCertExpirationCvpQa ::= Duration (WITH COMPONENTS {years(9)})

---
-- @brief This data type denotes the expiration period of a Root CA certificate
-- for PROD CV pilots
-- @class RootCaCertExpirationCvpPrd 
RootCaCertExpirationCvpPrd ::= Duration (WITH COMPONENTS {years(70)})

---
-- @brief This data type denotes the PSID for BSM usage i.e. 0x20.
-- @class BsmPsid 
BsmPsid ::= Psid (32)

---
-- @brief This data type denotes the PSID for security management i.e. 0x23.
-- @class SecurityMgmtPsid 
SecurityMgmtPsid ::= Psid (35)

---
-- @brief This data type denotes the PSID for misbehavior reporting i.e. 0x26.
-- @class MisbehaviorReportingPsid 
MisbehaviorReportingPsid ::= Psid (38)

---
-- @brief This data type denotes the PSID for misbehavior reporting i.e. 0x27.
-- @class VulnerableRoadUsersSafetyPsid 
VulnerableRoadUsersSafetyPsid ::= Psid (39)

---
-- @brief This data type denotes the PSID for uncompressed differential GPS
--        corrections i.e. 0x80
-- @class DifferentialGpsCorrectionsUncompressedPsid 
DifferentialGpsCorrectionsUncompressedPsid ::= Psid (128)

---
-- @brief This data type denotes the PSID for compressed differential GPS
--        corrections i.e. 0x81
-- @class DifferentialGpsCorrectionsCompressedPsid 
DifferentialGpsCorrectionsCompressedPsid ::= Psid (129)

---
-- @brief This data type denotes the PSID for intersection and safety
--        awareness application i.e. 0x82
-- @class IntersectionSafetyAndAwarenessPsid 
IntersectionSafetyAndAwarenessPsid ::= Psid (130)

---
-- @brief This data type denotes the PSID for traveller information and road
--        side signage application i.e. 0x83
-- @class TravellerInformationAndRoadsideSignagePsid 
TravellerInformationAndRoadsideSignagePsid ::= Psid (131)

---
-- @brief This data type denotes the PSID for WAVE service advertisement
--        application i.e. 0x87
-- @class WaveServiceAdvertisementPsid 
WaveServiceAdvertisementPsid ::= Psid (135)

---
-- @brief This data type denotes the PSID for Vehicle initiated distress
--        notification applicaiton i.e. 0x4082
-- @class VehicleInitiatedDistressNotificationPsid 
VehicleInitiatedDistressNotificationPsid ::= Psid (16514)

---
-- @brief This data type denotes the PSID for Transcore software update
--        application i.e. 0x204083
-- @class TranscoreSoftwareUpdatePsid 
TranscoreSoftwareUpdatePsid ::= Psid (2113667)

---
-- @brief This data type denotes the PSID for reserved CV pilot application #1
--        i.e. 0x204088
-- @class CVPApplication1Psid 
CVPApplication1Psid ::= Psid (2113672)

---
-- @brief This data type denotes the PSID for reserved CV pilot application #2
--        i.e. 0x204089
-- @class CVPApplication2Psid 
CVPApplication2Psid ::= Psid (2113673)

---
-- @brief This data type denotes the PSID for reserved CV pilot application #3
--        i.e. 0x20408A
-- @class CVPApplication3Psid 
CVPApplication3Psid ::= Psid (2113674)

---
-- @brief This data type denotes the PSID for reserved CV pilot application #4
--        i.e. 0x20408B
-- @class CVPApplication4Psid 
CVPApplication4Psid ::= Psid (2113675)

---
-- @brief This data type denotes the PSID for reserved CV pilot application #5
--        i.e. 0x20408C
-- @class CVPApplication5Psid 
CVPApplication5Psid ::= Psid (2113676)

---
-- @brief This data type denotes the PSID for reserved CV pilot application #6
--        i.e. 0x20408D
-- @class CVPApplication6Psid 
CVPApplication6Psid ::= Psid (2113677)

---
-- @brief This data type denotes the PSID for reserved CV pilot application #7
--        i.e. 0x20408E
-- @class CVPApplication7Psid 
CVPApplication7Psid ::= Psid (2113678)

---
-- @brief This data type denotes the PSID for reserved CV pilot application #8
--        i.e. 0x20408F
-- @class CVPApplication8Psid 
CVPApplication8Psid ::= Psid (2113679)

---
-- @brief This data type denotes the PSID for reserved CV pilot application #9
--        i.e. 0x204090
-- @class CVPApplication9Psid 
CVPApplication9Psid ::= Psid (2113680)

---
-- @brief This data type denotes the PSID for reserved CV pilot application 
--        10 i.e. 0x204091
-- @class CVPApplication10Psid 
CVPApplication10Psid ::= Psid (2113681)

---
-- @brief This data type denotes the PSID for reserved CV pilot application 
--        11 i.e. 0x204092
-- @class CVPApplication11Psid 
CVPApplication11Psid ::= Psid (2113682)

---
-- @brief This data type denotes the PSID for reserved CV pilot application 
--        12 i.e. 0x204093
-- @class CVPApplication12Psid 
CVPApplication12Psid ::= Psid (2113683)

---
-- @brief This data type denotes the PSID for reserved CV pilot application 
--        13 i.e. 0x204094
-- @class CVPApplication13Psid 
CVPApplication13Psid ::= Psid (2113684)

---
-- @brief This data type denotes the PSID for reserved CV pilot application 
--        14 i.e. 0x204095
-- @class CVPApplication14Psid 
CVPApplication14Psid ::= Psid (2113685)

---
-- @brief This data type denotes the PSID for reserved CV pilot application 
--        15 i.e. 0x204096
-- @class CVPApplication15Psid 
CVPApplication15Psid ::= Psid (2113686)

---
-- @brief This data type denotes the PSID for reserved CV pilot application 
--        16 i.e. 0x204097
-- @class CVPApplication16Psid 
CVPApplication16Psid ::= Psid (2113687)

---
-- @brief This data type denotes CRL series for EE enrollment.
-- @class EeEnrollmentCrlSeries 
EeEnrollmentCrlSeries ::= CrlSeries (4)

---
-- @brief  This data type denotes CRL series for EE non pseudonym certificates.
-- @class EeNonPseudonymCrlSeries 
EeNonPseudonymCrlSeries ::= CrlSeries (3)

---
-- @brief  This data type denotes CRL series for OBE pseudonym certificates.
-- @class ObePseudonymCrlSeries 
ObePseudonymCrlSeries ::= CrlSeries (1)

---
-- @brief  This data type denotes CRL series for SCMS components.
-- @class ScmsComponentCrlSeries 
ScmsComponentCrlSeries ::= CrlSeries (2)

---
-- @brief  This data type denotes CRL series for special SCMS components.
-- @class ScmsSpclComponentCrlSeries 
ScmsSpclComponentCrlSeries ::= CrlSeries (256)

---
-- @brief This data type denotes a 256 bit private reconstruction key.
-- @class EccP256PrivateKeyReconstruction 
EccP256PrivateKeyReconstruction ::= OCTET STRING(SIZE(32))

---
-- @brief This data type is used by LA to respond to linkage value requests
--        from MA with an encrypted individual pre-linkage value.
-- @class EncryptedIndividualPLV 
-- @param version contains the current version of the data type. The version 
--                specified in this document is version 1, represented by the
--                integer 1.
-- @param LaId    identifies which LA created PLV.
-- @param enc-plv the ciphertext field in enc-plv decrypts to a
--                ToBeEncryptedIndividualPLV. It contains a Pointer to the
--                used encryption key. The encryption key is identified by the
--                hash of key agreement (PCA's initial request).
-- @see Uint8, LaId, EncryptedData
EncryptedIndividualPLV ::= SEQUENCE {
    version         Uint8(1),
    laId            LaId,
    enc-plv         EncryptedData (WITH COMPONENTS {
      recipients (SIZE (1) INTERSECTION (WITH COMPONENT (
        RecipientInfo (WITH COMPONENTS {
            symmRecipInfo
      }))))
    })
}

---
-- @brief This data type denotes 64 0-bits. It is used for padding purposes.
-- @class zero8
zero8 OCTET STRING ::= '0000000000000000'H
   
---
-- @brief This data type contains the PLV information that is signed by PCA at
--        scms-protocol level.
-- @class ToBeEncryptedIndividualPLV 
--- @param iValue denotes the week number from i=0 (i.e. 4:00 am Eastern Time 
--                on Tuesday, January 6, 2015)
-- @param plv     denotes a pre-linkage value.
-- @see IValue
ToBeEncryptedIndividualPLV ::= SEQUENCE {
    iValue     IValue,
    plv        PreLinkageValue
} 

---
-- @brief This data type encloses all information for a Linkage Chain
--        Identifier (LCI).
-- @class LinkageChainId 
-- @param recipients contains the information of who is going to receive the
--                   LCI.
-- @param ciphertext contains the encrypted LinkageSeed information.
LinkageChainId ::= EncryptedData (WITH COMPONENTS {
    recipients (SIZE (1) INTERSECTION (WITH COMPONENT (
        RecipientInfo (WITH COMPONENTS {
            symmRecipInfo
    })))),
    ciphertext
  }  
)

---
-- @brief This data type denotes a 72 bit (9 byte) pre-linkage value.
-- @class PreLinkageValue 
PreLinkageValue ::= OCTET STRING (SIZE(9))

---
-- @brief This data type denotes a 32 byte hash value.
-- @class FullSizeHash 
FullSizeHash ::= OCTET STRING (SIZE(32))

---
-- @brief This data type denotes the 255 bit unique hostname of RA.
-- @class RaHostnameId  
RaHostnameId  ::= Hostname

---
-- @brief This data type denotes the 255 bit unique hostname of PCA.
-- @class PcaHostnameId 
PcaHostnameId ::= Hostname

---
-- @brief This data type denotes the 255 bit unique hostname of MA.
-- @class MaHostnameId  
MaHostnameId  ::= Hostname

---
-- @brief This data type denotes the 255 bit unique hostname of LA.
-- @class LaHostnameId  
LaHostnameId  ::= Hostname

---
-- @brief This data type denotes the Hash of Pseudonym Certificate Request.
-- @class HPCR            
HPCR            ::= FullSizeHash

---
-- @brief This data type encloses a linkage seed and the ID of an LA providing
--        it. This structure is sent by the LA to the MA in response to a 
--        linkage a seed request.
-- @class LinkageSeedAndLaId 
-- @param linkageSeed denotes a linkage seed corresponding to an entity in the
--                    SCMS.
-- @param laId        is the 16 bit unique ID of an LA.
-- @see LinkageSeed, LaId
LinkageSeedAndLaId ::= SEQUENCE {
	linkageSeed	LinkageSeed,
	laId		    LaId
}

---
-- @brief This data type encloses a signature and the corresponding signer.
-- @class SignatureAndSignerIdentifier 
-- @param signer    is the entity putting its signature.
-- @param signature is the digital signature corresponding to the signer.
-- @see SignerIdentifier, Signature
SignatureAndSignerIdentifier ::= SEQUENCE {
	signer 		SignerIdentifier,
	signature	Signature
}

---
-- @brief This data type encloses an encrypted PLV and its corresponding host.
-- @class EncryptedPlvAndHostInfo 
-- @param encryptedPLV is the encrypted PLV corresponding to hostname.
-- @param hostname     is the name of the host corresponding to encrypted PLV
--                     in this data type.
-- @see Hostname
EncryptedPlvAndHostInfo ::= SEQUENCE {
	encryptedPLV      EncryptedIndividualPLV,
	hostname	      Hostname
}

---
-- @brief This data type groups the hash of the pseudonym certificate 
--        request (HPCR) and the hostname of the RA that requested the 
--        certificate. Appears in messages exchanged between the MA and 
--        the PCA.
-- @class HPCRAndHostInfo 
-- @param hpcr     is the hash of pseudonym certificate of the host.
-- @param hostname is the name of the host corresponding to hpcr in this data
--                 type.
-- @see Hostname
HPCRAndHostInfo ::= SEQUENCE {
	hpcr		     HPCR,
	hostname		 Hostname
}

---
-- @brief This data type cotains pairs of LCI and its host information. This
--        structure appears in messages exchanged between the MA and the RA.
-- @class LCIAndHostInfo 
-- @param iMax    denotes the upper bound of i for which the PLVs are requested.
-- @param la1-lci is the linkage chain ID of LA1.
-- @param la2-lci is the linkage chain ID of LA2.
-- @param la1-id  is a 256 bit unique hostname ID of LA1.
-- @param la2-id  is a 256 bit unique hostname ID of LA2.
LCIAndHostInfo ::= SEQUENCE {
	iMax            OCTET STRING (SIZE (4)),
	la1-lci         LinkageChainId,
	la2-lci         LinkageChainId,
	la1-id          LaHostnameId,
	la2-id          LaHostnameId
}

---
-- @brief This data type is called a Revocation Identifier (RIF) and is an
--        8-byte hash of an enrollment certificate.
-- @class RIF 
RIF ::= HashedId8

END

scms-error.asn
master  SCMS/scms-asn
--  (C) Copyright 2017, 2018 Crash Avoidance Metrics Partners LLC, VSC5 Consortium
-- 
--  Licensed under the Apache License, Version 2.0 (the "License");
--  you may not use this file except in compliance with the License.
--  You may obtain a copy of the License at
-- 
--     http://www.apache.org/licenses/LICENSE-2.0
-- 
--  Unless required by applicable law or agreed to in writing, software
--  distributed under the License is distributed on an "AS IS" BASIS,
--  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
--  See the License for the specific language governing permissions and
--  limitations under the License.
-- 

-------------------------------------------------------------------------------
-- SCMS-ERRORS
--
-- The structure in this file defines the possible error occuring during the 
-- management of component certificates.
--
-- This file is part of the SCMS protocol developed by CAMP VSC5
-- It depends on the IEEE 1609.2 protocol specification
-------------------------------------------------------------------------------

-- @namespace Ieee1609dot2ScmsError 
Ieee1609dot2ScmsError {iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609)  dot2(2)
scms(4) errors(2) complete (1) major-version-2(2)}


DEFINITIONS AUTOMATIC TAGS ::= BEGIN 

EXPORTS ALL;

IMPORTS 

  ScmsCommonError
FROM Ieee1609dot2ScmsCommonError {iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2)
scms(4) errors(2) common(2) major-version-2(2)}

  ComponentCertificateManagementError
FROM Ieee1609Dot2ScmsComponentCertificateManagementError
    {iso(1) identified-organization(3) ieee(111) 
    standards-association-numbered-series-standards(2) wave-stds(1609)  
    dot2(2) scms(4) errors(2) component-certificate-management(3) major-version-2(2)}

  EcaEndEntityError
FROM Ieee1609Dot2EcaEndEntityError
    {iso(1) identified-organization(3) ieee(111) 
    standards-association-numbered-series-standards(2) wave-stds(1609)  
    dot2(2) scms(4) errors(2) eca-ee(5) major-version-2(2)}

  LaMaError
FROM Ieee1609Dot2LaMaError
    {iso(1) identified-organization(3) ieee(111) 
    standards-association-numbered-series-standards(2) wave-stds(1609)  
    dot2(2) scms(4) errors(2) la-ma(9) major-version-2(2)}

  LaPcaError
FROM Ieee1609Dot2LaPcaError
    {iso(1) identified-organization(3) ieee(111) 
    standards-association-numbered-series-standards(2) wave-stds(1609)  
    dot2(2) scms(4) errors(2) la-pca(10) major-version-2(2)}

  LaRaError
FROM Ieee1609Dot2LaRaError
    {iso(1) identified-organization(3) ieee(111) 
    standards-association-numbered-series-standards(2) wave-stds(1609)  
    dot2(2) scms(4) errors(2) la-ra(11) major-version-2(2)}

  MaPcaError
FROM Ieee1609Dot2MaPcaError
    {iso(1) identified-organization(3) ieee(111) 
    standards-association-numbered-series-standards(2) wave-stds(1609)  
    dot2(2) scms(4) errors(2) ma-pca(13) major-version-2(2)}

  MaRaError
FROM Ieee1609Dot2MaRaError
    {iso(1) identified-organization(3) ieee(111) 
    standards-association-numbered-series-standards(2) wave-stds(1609)  
    dot2(2) scms(4) errors(2) ma-ra(14) major-version-2(2)}

  PcaRaError
FROM Ieee1609Dot2PcaRaError
    {iso(1) identified-organization(3) ieee(111) 
    standards-association-numbered-series-standards(2) wave-stds(1609)  
    dot2(2) scms(4) errors(2) pca-ra(15) major-version-2(2)}
	
  RaPgError
FROM Ieee1609Dot2RaPgError
{iso(1) identified-organization(3) ieee(111) 
standards-association-numbered-series-standards(2) wave-stds(1609)  
dot2(2) scms(4) errors(2) ra-pg(16) major-version-2(2)}

;

---
-- @brief Possible errors in the SCMS
-- @class ScmsError 
-- @param
-- @see 
ScmsError ::= CHOICE {
  common  ScmsCommonError,
  ccm     ComponentCertificateManagementError,
  eca-ee  EcaEndEntityError,
  la-ma   LaMaError,
  la-pca  LaPcaError,
  la-ra   LaRaError,
  ma-pca  MaPcaError,
  ma-ra   MaRaError,
  pca-ra  PcaRaError,
  ra-pg   RaPgError,
  ...
}


---
-- @brief Management of certificates of SCMS component errors
-- @class ScopedComponentCertificateManagementError 
-- @param
-- @see 
ScopedComponentCertificateManagementError ::= 
  ScmsError (WITH COMPONENTS {common} | WITH COMPONENTS {ccm})

---
-- @brief ECA-EE errors
-- @class ScopedEcaEndEntityError 
-- @param
-- @see 
ScopedEcaEndEntityError ::= 
  ScmsError (WITH COMPONENTS {common} | WITH COMPONENTS {eca-ee})

---
-- @brief This type is not used (see following la-ma errors)
-- @class ScopedLaMaError 
-- @param
-- @see 
ScopedLaMaError ::=
  ScmsError (WITH COMPONENTS {common} | WITH COMPONENTS {la-ma})

---
-- @brief Linkage information request errors
-- @class ScopedLaMaLIError 
-- @param
-- @see 
ScopedLaMaLIError ::=
  ScmsError (WITH COMPONENTS {common} | 
             WITH COMPONENTS {la-ma 
                (WITH COMPONENTS {la-ma-base-error} |
                 WITH COMPONENTS {la-ma-linkage-info-error})}
            )
---
-- @brief Linkage seed request errors
-- @class ScopedLaMaLSError 
-- @param
-- @see 
ScopedLaMaLSError ::=
  ScmsError (WITH COMPONENTS {common} | 
             WITH COMPONENTS {la-ma 
                (WITH COMPONENTS {la-ma-base-error} |
                 WITH COMPONENTS {la-ma-linkage-seed-error})}
            )

---
-- @brief LA-PCA errors
-- @class ScopedLaPcaError 
-- @param
-- @see 
ScopedLaPcaError ::= 
  ScmsError (WITH COMPONENTS {common} | WITH COMPONENTS {la-pca})

---
-- @brief LA-RA errors
-- @class ScopedLaRaError 
-- @param
-- @see 
ScopedLaRaError ::= 
  ScmsError (WITH COMPONENTS {common} | WITH COMPONENTS {la-ra})

---
-- @brief MA-PCA errors
-- @class ScopedMaPcaError 
-- @param
-- @see 
ScopedMaPcaError ::= 
  ScmsError (WITH COMPONENTS {common} | WITH COMPONENTS {ma-pca})

---
-- @brief MA-RA errors 
-- @class ScopedMaRaError 
-- @param
-- @see 
ScopedMaRaError ::= 
  ScmsError (WITH COMPONENTS {common} | WITH COMPONENTS {ma-ra})
---
-- @brief Blacklist request errors
-- @class ScopedMaRaBlacklistError 
-- @param
-- @see 
ScopedMaRaBlacklistError ::=
  ScmsError (WITH COMPONENTS {common} | 
             WITH COMPONENTS {ma-ra
                (WITH COMPONENTS {ma-ra-base-error} |
                 WITH COMPONENTS {ma-ra-blacklist-error})}
            )
---
-- @brief Linkage chain identifier request errors
-- @class ScopedMaRaLCIError 
-- @param
-- @see 
ScopedMaRaLCIError ::=
  ScmsError (WITH COMPONENTS {common} | 
             WITH COMPONENTS {ma-ra
                (WITH COMPONENTS {ma-ra-base-error} |
                 WITH COMPONENTS {ma-ra-lci-error})}
            )



---
-- @brief PCA-RA errors
-- @class ScopedPcaRaError 
-- @param
-- @see 
ScopedPcaRaError ::= 
  ScmsError (WITH COMPONENTS {common} | WITH COMPONENTS {pca-ra})
  
---
-- @brief 
-- @class ScopedPcaRaError 
-- @param
-- @see 
ScopedRaPgError ::= 
  ScmsError (WITH COMPONENTS {common} | WITH COMPONENTS {ra-pg})


END

scms-policy.asn
master  SCMS/scms-asn
--  (C) Copyright 2017, 2018 Crash Avoidance Metrics Partners LLC, VSC5 Consortium
-- 
--  Licensed under the Apache License, Version 2.0 (the "License");
--  you may not use this file except in compliance with the License.
--  You may obtain a copy of the License at
-- 
--     http://www.apache.org/licenses/LICENSE-2.0
-- 
--  Unless required by applicable law or agreed to in writing, software
--  distributed under the License is distributed on an "AS IS" BASIS,
--  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
--  See the License for the specific language governing permissions and
--  limitations under the License.
-- 

-------------------------------------------------------------------------------
-- SCMS-POLICY
--
-- The structures in this file define the different policies in SCMS, such as
-- Global and Local Policy files.
--
-- Each resides in its own file and is signed by one or more components
-- to ensure the policy is valid. Policies affect not only EEs, but backend
-- SCMS components as well.
--
-- This file is part of the SCMS protocol developed by CAMP VSC5
-- It depends on the IEEE 1609.2 protocol specification
-------------------------------------------------------------------------------

-- @namespace Ieee1609dot2ScmsPolicyTypes 
Ieee1609dot2ScmsPolicyTypes {iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609)  dot2(2)
scms(4) interfaces(1) policy-types(500) major-version-2(2)}

DEFINITIONS AUTOMATIC TAGS ::= BEGIN

EXPORTS ALL;

IMPORTS

    Countersignature,
    ExplicitCertificate,
    Ieee1609Dot2Data,
    SequenceOfCertificate

FROM IEEE1609dot2 {iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609)
dot2(2) base(1) schema(1) major-version-2(2)}

    Duration,
    Hostname,
    Opaque,
    Time64,
    Uint8,
    Uint16,
    Uint32,
    Uint64

FROM IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609)
dot2(2) base(1) base-types(2) major-version-2(2)}

    LaHostnameId,
    PcaHostnameId,
    RaHostnameId

FROM Ieee1609dot2ScmsBaseTypes {iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2)
scms(4) interfaces(1) base-types(2) major-version-2(2)}

;

---
-- @brief The PolicyFiles structure defines the parent structure for all 
--        policy files (GCCF & LCCF). Each policy file resides in its own file
--        and its signed by one or more components. to ensure the policy is
--        valid.
-- @class PolicyFiles 
-- @param globalPolicyFile contains the global policy file generated by Policy
--                         Generator (PG).
-- @param localPolicyFile  contains the local policy file genrated by a
--                         Registration Authority (RA). Note that RA has to
--                         get this signed by PG before sending to EEs.
PolicyFiles ::= CHOICE {
    globalPolicyFile GlobalPolicyFile,
    localPolicyFile LocalPolicyFile,
    ...
}

---
-- @brief This data type defines the inherent policy file structure created
--        either by PG or RA.
-- @class BasePolicyFile 
-- @param version    defines the version of BasePolicyFile. Currently, it is
--                   denoted by integer 1.
-- @param tbsData    is the policy data that is signed by PG at the scms
--                   protocol level.
-- @param signatures denote the counter signatures that are generated by
--                   auditors of the policy file. Note that PG or RA must
--                   obtain these signatures before sending to any EE.
-- @see Uint8, Countersignature
BasePolicyFile ::= SEQUENCE {
    version Uint8(1),
    tbsData ToBeSignedPolicyData,
    -- countersignatures generated by auditors of the policy file
    signatures SEQUENCE SIZE(1..MAX) OF Countersignature,
    ...
}

---
-- @brief This data type contains the policy file data that is signed by the
--        PG at scms-protocol level.
-- @class ToBeSignedPolicyData 
-- @param policyID denotes the unique identifier for a policy file.
-- @param generationTime is the point of time when a policy file was generated.
-- @param activeTime     is the duration of time for which the policy file is
--                       valid.
-- @param policy         is the policy data for either global, local or custom
--                       file.
-- @see Time64
ToBeSignedPolicyData ::= SEQUENCE {
    policyID OCTET STRING (SIZE (0..32)),
    generationTime Time64,
    activeTime Time64,
    policy Policy,
    ...
}

---
-- @brief This data type is generated by PG and contains global policy data.
-- @class GlobalPolicyFile 
-- @param tbsData is the policy data that is signed by PG at scms-protocol level.
GlobalPolicyFile ::= BasePolicyFile (WITH COMPONENTS {...,
    tbsData( WITH COMPONENTS {...,
        policy(WITH COMPONENTS {...,
            global PRESENT
        })
    })
})

---
-- @brief This data type is generated by an RA and contains local policy data
--        derived from global policy data. 
--        Because the RA is allowed to remove fields from the GPF which are not
--        relevant to the OBUs and/or RSUs under its jurisdiction, it must request
--        that Policy Generator signs the 'custom' portion. This ensures the customized
--        GPF is consistent with the actual GPF. The signature of the PG will appear in
--        the 'signatures' field of the 'globalParameters'.
--
--        The 'localParameters' section of the policy is signed by the RA, and its
--        signature should appear in the 'signatures' section as well as any other
--        auditors of the LPF.
--
--        The LocalPolicyFile is encapsulated by the SignedLocalPolicyFile defined
--        in scms-protocol.asn, which is signed by the RA.
-- @class LocalPolicyFile 
-- @param globalParameters denotes all the values inherited from
--                         GlobalPolicyFile.
-- @param localParameters  denotes all values defined by RA for local policy
--                         file specifically.
LocalPolicyFile ::= SEQUENCE {
    globalParameters BasePolicyFile (WITH COMPONENTS {...,
        tbsData( WITH COMPONENTS {...,
            policy( WITH COMPONENTS {...,
                custom PRESENT
            })
        })
    }),

    localParamters BasePolicyFile (WITH COMPONENTS {...,
        tbsData( WITH COMPONENTS {...,
            policy( WITH COMPONENTS {...,
                local PRESENT
            })
        })
    })
}

---
-- @brief This data type contains policy file data depending on the type of
--        policy file i.e. global, local or custom.
-- @class Policy 
-- @param global denotes global policy data.
-- @param custom denotes custom policy data.
-- @param local denotes local policy data.
Policy ::= CHOICE {
    global  GlobalPolicyData,
    custom  CustomPolicyData,
    local   LocalPolicyData,
    ...
}

---
-- @brief This data type contains global policy data generated by PG.
-- This structure defines the parameters of the Global Policy 
--
-- This structure contains an array of temporal series, where each temporal
-- serie applies to a particular parameter of the policy. The syntax of these
-- temporal series follows the following format:
--
-- temporalSeriesOfXXX {
--      initialXXX XXX
--      intervals SEQUENCE SIZE(0..N) OF SEQUENCE {
--          startTime Time64
--          xxx XXX
--      }
-- }
-- 
-- where:
--
--      initialXXX      initial value of parameter of type XXX
--      startTime       timestamp in future when value takes effect
--      xxx             value of parameter
--      XXX             type of parameter
-- @class GlobalPolicyData 
-- @param temporalSeriesOfScmsVersion                 SCMS Version, default value is 1
-- @param temporalSeriesOfCertChainFileID             File ID number of the current GCCF
-- @param temporalSeriesOfOverdueCrlTolerance         max time to operate without a new
--                                                    CRL, specified in weeks (4 bytes)
-- @param temporalSeriesOfIPeriod                     i-value / i-period; default: 1 week
-- @param temporalSeriesOfMinCertsPerIPeriod          minimum certs per i-period; default: 20
-- @param temporalSeriesOfCertValidityModel           pseudonym cert validity model -
--                                                    "concurrent" or "non-concurrent"
-- @param temporalSeriesOfMaxAvailableCertSupply      max time covered by a certificate
--                                                    batch in years, default: 3 years
-- @param temporalSeriesOfMaxCertRequestAge           maximum time for individual cert
--                                                    request; to remain in aggregator;
--                                                    default: 2 days
-- @param temporalSeriesOfShuffleThreshold            minimum # of individual cert requests
--                                                    before shuffle/send to PCA; default: 1000
-- @param temporalSeriesOfHashOfRequestSize           bytes in "hash of request" between
--                                                    PCA and RA for individual cert requests; default: 32
-- @param temporalSeriesOfMaxGpfGccfRetrievalInterval maximum interval (in hours) before
--                                                    retreiving new GPF or GCCF; default: 1 hour
-- @param temporalSeriesOfRseApplicationCertValidity  validity time for an RSE cert (in hours)
--                                                    Default value is 1 week + 1 hour = 168 hours
-- @param temporalSeriesOfRseApplicationCertOVerlap   RSE application cert overlap; Default value is 1 hour
-- @see Time64
GlobalPolicyData ::= SEQUENCE {
    temporalSeriesOfScmsVersion SEQUENCE {
        initialScmsVersion ScmsVersion DEFAULT 1,
        intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
            startTime Time64,
            scmsVersion ScmsVersion
        }
    } OPTIONAL,

    temporalSeriesOfCertChainFileID SEQUENCE {
        initialGlobalCertChainFileID GlobalCertChainFileID,
        intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
            startTime Time64,
            globalCertChainFileID GlobalCertChainFileID
        }
    } OPTIONAL,

    temporalSeriesOfOverdueCrlTolerance SEQUENCE {
        initialOverdueCrlTolerance OverdueCrlTolerance,
        intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
            startTime Time64,
            overdueCrlTolerance OverdueCrlTolerance
        }
    } OPTIONAL,

    temporalSeriesOfIPeriod SEQUENCE {
        initialIPeriod IPeriod,
        intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
            startTime Time64,
            iPeriod IPeriod
        }
    } OPTIONAL,

    temporalSeriesOfMinCertsPerIPeriod SEQUENCE {
        initialMinCertsPerIPeriod MinCertsPerIPeriod DEFAULT 20,
        intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
            startTime Time64,
            minCertsPerIPeriod MinCertsPerIPeriod
        }
    } OPTIONAL,

    temporalSeriesOfCertValidityModel SEQUENCE {
        initialCertValidityModel CertValidityModel,
        intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
            startTime Time64,
            certValidityModel CertValidityModel
        }
    } OPTIONAL,

    temporalSeriesOfMaxAvailableCertSupply SEQUENCE {
        initialMaxAvailableCertSupply MaxAvailableCertSupply,
        intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
            startTime Time64,
            maxAvailableCertSupply MaxAvailableCertSupply
        }
    } OPTIONAL,

    temporalSeriesOfMaxCertRequestAge SEQUENCE {
        initialMaxCertRequestAge MaxCertRequestAge,
        intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
            startTime Time64,
            maxCertRequestAge MaxCertRequestAge
        }
    } OPTIONAL,

    temporalSeriesOfShuffleThreshold SEQUENCE {
        initialShuffleThreshold ShuffleThreshold DEFAULT 1000,
        intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
            startTime Time64,
            shuffleThreshold ShuffleThreshold
        }
    } OPTIONAL,

    temporalSeriesOfHashOfRequestSize SEQUENCE {
        initialHashOfRequestSize HashOfRequestSize DEFAULT 32,
        intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
            startTime Time64,
            hashOfRequestSize HashOfRequestSize
        }
    } OPTIONAL,

    temporalSeriesOfMaxGpfGccfRetrievalInterval SEQUENCE {
        initialMaxGpfGccfRetrievalInterval MaxGpfGccfRetrievalInterval,
        intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
	    startTime Time64,
	    maxGpfGccfRetrievalInterval MaxGpfGccfRetrievalInterval
        }
    } OPTIONAL,

    temporalSeriesOfRseApplicationCertValidity SEQUENCE {
        initialRseApplicationCertValidity RseApplicationCertValidity,
        intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
            startTime Time64,
            rseApplicationCertValidity RseApplicationCertValidity
        }
    } OPTIONAL,

    temporalSeriesOfRseApplicationCertOVerlap SEQUENCE {
    initialRseApplicationCertOverlap RseApplicationCertOverlap,
        intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
            startTime Time64,
            rseApplicationCertOverlap RseApplicationCertOverlap
	}
    } OPTIONAL,	

    ...
}

---
-- @brief This data type defines the current scms version.
-- @class ScmsVersion 
ScmsVersion ::= Uint8                   

---
-- @brief This data type denotes the 16-byte global certificate chain ID.
-- @class GlobalCertChainFileID 
GlobalCertChainFileID ::= Uint16

---
-- @brief This data type denotes the maximum time to operate without a new CRL,
--        specified in weeks (4 bytes)
-- @class OverdueCrlTolerance 
OverdueCrlTolerance ::= Duration        

---
-- @brief This data type denotes the i-value / i-period; default
-- @class IPeriod 
IPeriod ::= Duration                    

---
-- @brief This data type denotes the minimum certs per i-period
-- @class MinCertsPerIPeriod 
MinCertsPerIPeriod ::= Uint8            

---
-- @brief This data type denotes the pseudonym cert validity model - 
--        concurrent" or "non-concurrent"
-- @class CertValidityModel
-- @param concurrent     certificates for an i-period are all simultaneous valid.
-- @param non-concurrent certificates for an i-period are sequentially valid.
CertValidityModel ::= ENUMERATED {
    concurrent      (1),
    non-concurrent  (2),
    ...
}

---
-- @brief This data type denotes the maximum time covered by a certificate
--        batch in years.
-- @class MaxAvailableCertSupply 
MaxAvailableCertSupply ::= Duration

---
-- @brief This data type denotes the maximum time for individual certificate
--        request.
-- @class MaxCertRequestAge 
MaxCertRequestAge ::= Duration          

---
-- @brief This data type denotes the minimum number of individual certificate
--        requests before shuffle/send to PCA.
-- @class ShuffleThreshold 
ShuffleThreshold ::= Uint32             

---
-- @brief This data type denotes the number of bytes in "has of request"
--        between PCA and RA for indicidaul certificate requests.
-- @class HashOfRequestSize 
HashOfRequestSize ::= Uint8            

---
-- @brief This data type denotes the maximum interval (in hours) before
--        retrieving new GPF and GCCF.
-- @class MaxGpfGccfRetrievalInterval 
MaxGpfGccfRetrievalInterval ::= Duration

---
-- @brief This data type denotes the validity time for an RSE certificate (in
--        hours).
-- @class RseApplicationCertValidity 
RseApplicationCertValidity ::= Duration

---
-- @brief This data type denotes the RSE certificate overlap period (in hours).
-- @class RseApplicationCertOverlap 
RseApplicationCertOverlap ::= Duration

---
-- @brief This type is used by an RA that wants to create a custom version of 
--        the GlobalPolicyData. This structure adds an element with the RA's 
--        ID to differentiate it from a conventional GlobalPolicyFile.  
-- @class CustomPolicyData 
-- @param requestingRaHostname is the 256-bit unique hostname of the RA
--                             requesting custom policy data.
-- @param globalPolicy         is the global policy file data.
-- @see RaHostnameId
CustomPolicyData ::= SEQUENCE {
    requestingRaHostname RaHostnameId OPTIONAL,
    -- Hostname of the RA that customized this policy data
    globalPolicy GlobalPolicyData,
    ...
}

---
-- @brief This data type contains local policy data generated by RA from
--        global policy data derived from GPF of PG.
-- @class LocalPolicyData 
-- @param temporalSeriesOfShuffleThreshold        minimum # of individual cert
--                                                requests before shuffle/send
--                                                to PCA.
-- @param temporalSeriesOfCertsPerIPeriod         certs per i-period.
--                                                overrides global value);
--                                                default: 20
-- @param temporalSeriesOfLaOneHost               LA1 256-bit unique hostname.
-- @param temporalSeriesOfLaTwoHost               LA2 256-bit unique hostname.
-- @param temporalSeriesOfPcaHost                 PCA 256-bit unique hostname.
-- @param temporalSeriesOfRaX509TlsCert           RA TLS certificate for
--                                                connection over HTTP.
-- @param temporalSeriesOfLaX509TlsCert           LA TLS certificate.
-- @param temporalSeriesOfPcaX509TlsCert          PCA TLS certificate.
-- @param temporalSeriesOfSharedKeyUpdateInterval maximum time between changes
--                                                to pre-linkage value enc/dec
--                                                key.
-- @see Time64, LaHostnameId, RaHostnameId, PcaHostnameId
LocalPolicyData ::= SEQUENCE {
    temporalSeriesOfShuffleThreshold SEQUENCE {
        initialShuffleThreshold ShuffleThreshold,
        intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
            startTime Time64,
            shuffleThreshold ShuffleThreshold
        }
    } OPTIONAL,
    temporalSeriesOfCertsPerIPeriod SEQUENCE {
        initialCertsPerIPeriod CertsPerIPeriod DEFAULT 20,
        intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
            startTime Time64,
            certsPerIPeriod CertsPerIPeriod
        }
    } OPTIONAL,
    temporalSeriesOfLaOneHost SEQUENCE {
        initialLaOneHost LaHostnameId,
        intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
            startTime Time64,
            laOneHost LaHostnameId
        }
    } OPTIONAL,
    temporalSeriesOfLaTwoHost SEQUENCE {
        initialLaTwoHost LaHostnameId,
        intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
            startTime Time64,
            laTwoHost LaHostnameId
        }
    } OPTIONAL,
    temporalSeriesOfPcaHost SEQUENCE {
        initialPcaHost PcaHostnameId,
        intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
            startTime Time64,
            pcaHost PcaHostnameId
        }
    } OPTIONAL,
    temporalSeriesOfRaX509TlsCert SEQUENCE {
        initialRaX509TlsCert X509TlsCert,
        intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
            startTime Time64,
            raX509TlsCert X509TlsCert
        }
    } OPTIONAL,
    temporalSeriesOfLaX509TlsCert SEQUENCE {
        initialLaX509TlsCert X509TlsCert,
        intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
            startTime Time64,
            laX509TlsCert X509TlsCert
        }
    } OPTIONAL,
    temporalSeriesOfPcaX509TlsCert SEQUENCE {
        initialPcaX509TlsCert X509TlsCert,
        intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
            startTime Time64,
            pcaX509TlsCert X509TlsCert
        }
    } OPTIONAL, 
    temporalSeriesOfSharedKeyUpdateInterval SEQUENCE {
        initialSharedKeyUpdateInterval SharedKeyUpdateInterval,
        intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE {
            startTime Time64,
            sharedKeyUpdateInterval SharedKeyUpdateInterval
        }
    } OPTIONAL,
    ...
}

---
-- @brief This data type denotes the certificates per i-period. This overrides
--        the global value.
-- @class CertsPerIPeriod
CertsPerIPeriod ::= Uint8                

---
-- @brief This data type denotes the TLS certificate for secure communication
--        over HTTP.
-- @class X509TlsCert 
X509TlsCert ::= Opaque

---
-- @brief This data type denotes the maximum time between changes to pre
--        linkage value encryption/decryption key.
-- @class SharedKeyUpdateInterval 
SharedKeyUpdateInterval ::= Duration    


END

scms-common-errors.asn
master  SCMS/scms-asn
--  (C) Copyright 2017, 2018 Crash Avoidance Metrics Partners LLC, VSC5 Consortium
-- 
--  Licensed under the Apache License, Version 2.0 (the "License");
--  you may not use this file except in compliance with the License.
--  You may obtain a copy of the License at
-- 
--     http://www.apache.org/licenses/LICENSE-2.0
-- 
--  Unless required by applicable law or agreed to in writing, software
--  distributed under the License is distributed on an "AS IS" BASIS,
--  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
--  See the License for the specific language governing permissions and
--  limitations under the License.
-- 

-------------------------------------------------------------------------------
-- SCMS-COMMON-ERRORS
--
-- The structure in this file defines a common error structure for the SCMS 
-- components.
--
-- This file is part of the SCMS protocol developed by CAMP VSC5
-- It depends on the IEEE 1609.2 protocol specification
-------------------------------------------------------------------------------

-- @namespace Ieee1609dot2ScmsCommonError 
Ieee1609dot2ScmsCommonError {iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2)
scms(4) errors(2) common(2) major-version-2(2)}


DEFINITIONS AUTOMATIC TAGS ::= BEGIN 

EXPORTS ALL;

---
-- @brief Common error structure
-- @class ScmsCommonError 
-- @param
-- @see 
ScmsCommonError ::= ENUMERATED {
  baseline(1),
  ...
}

END

1609dot2-schema.asn

1609dot2-base-types.asn

Attachments: