Goals
The goal of this use case is to define the messages and actions that allow a device to request new identification certificates from the RA.
Background and Strategic Fit
The OBE decides to request an identification certificate from its preconfigured RA.
Having determined which RA to submit the request to, the OBE creates a request, signs it with the enrollment certificate, encrypts the signed request for the RA and sends it to the RA. The RA checks to make sure that the request is correct and authorized.
Assumptions
In order to facilitate the certificate request process, the following prerequisites should be met:
- The OBE has successfully completed Use Case 2: Bootstrapping
Process Steps
- The OBE downloads the Local Policy File (LPF) and the Local Certificate Chain File (LCCF) by using the API documented in RA - Download local policy file and RA - Download Local Certificate Chain File
- If there is an updated LCCF, the OBE applies all changes to its trust-store (necessary for PCA Certificate Validations)
- If there is an updated LPF, the OBE applies those changes
- The OBE creates the request, signs it with the enrollment certificate, encrypts the signed request for the RA and sends it to the RA using the API documented RA - Request Identification Certificate Provisioning.
- The RA ensures that the request is correct and authorized before it starts with Step 19.2: OBE Identification Certificate Generation
Error Handling
- The OBE will abandon further interactions with the RA after a certain number of failed communication attempts resulted in errors
- The OBE will not attempt to execute the certificate provisioning process if it finds itself on the latest CRL (assumes that a willful violator has not compromised the device). The OBE will need to execute the certification/bootstrap process again to exit a revoked state.
Design
EE Request
The EE initiates the Certificate Provisioning Request message in order to provide the RA with critical information (key parameters, current time, etc.) necessary for the OBE identification certificate generation. New devices may experience some delay between the initial request and the time the first certificate is available for download to accommodate provisioning processes such as certificate generation and certificate encryption. The RA will store information from the initial Certificate Provisioning Request message and use for ongoing certificate pre-generation until:
- The device provides new parameters in a subsequent Certificate Provisioning Request
- The device is blacklisted at the RA due to misbehavior or malfunction
The Certificate Provisioning Request message shall be sent once for each unique request. No subsequent Certificate Provisioning Request is necessary to acquire new certificates.
Security / Privacy
The Certificate Provisioning Request message shall use signing and encryption to ensure:
- The request has not been modified in transit
- The RA can verify the message came from the device
- The request is shared confidentially between the device and RA
The EE shall sign the request with the Enrollment Certificate. The EE shall also encrypt the request using the RA certificate and encapsulate in a 1609.2 frame of type encrypted.
Message Contents
The EE shall use the ASN.1 defined for creating the Request Certificate message, details can be found at RA - Identification Certificate Provisioning Request . In order for a request to be validated by the RA, the EE shall include the following information in the Certificate Provisioning Request message:
- Version
- EE enrollment certificate
- Butterfly public seed / expansion function (see Butterfly key for details) parameters for:
- Certificate signing key (signed with enrollment certificate)
- Response encryption key (to encrypt the created certificate towards EE)
- Optionally certificate encryption key
- Current device time: 32-bit denoting number of seconds since the Epoch (as defined in 1609.2)
- Requested certificate start time: 32-bit denoting number of seconds since the Epoch (as defined in 1609.2)
RA Response
The RA response to the Certificate Provisioning Request message may be accept (indicated by a Request Acknowledgement) or reject (indicated by a HTTP 500). Specific error codes should be hidden from EEs to avoid providing useful information to malicious actors. RA shall log the specific error for future investigation.
RA - EE Request Acknowledgement
The Request Acknowledge message is initiated by the RA in response to a Certificate Provisioning Request message successfully received from the EE. If the EE request is received and processed without triggering an error (invalid signature, blacklisted, etc.) the RA processes the certificate request and begins certificate pre-generation. The Request Acknowledge message provides the EE with the URL and the time where and at which the first certificates batches will be available for download.
Security / Privacy
The Request Acknowledge message shall use signing and encryption to ensure:
- The request has not been modified in transit
- The device can verify the message came from the RA
- The request is shared confidentially between the device and RA
The RA shall sign and encrypt the Request Acknowledge message using the RA certificate and encapsulate in a 1609.2 frame of type encrypted.
Message Contents
The RA shall use the ASN.1 defined for creating the Request Acknowledge message, which can be found at RA - Identification Certificate Provisioning Request and shall include the following information:
- Case: Certificate Provisioning Request Accept
- Version
- Low order 8-bytes of the SHA-256 hash of the encoded "ToBeSigned" certificate request from the device. Returns 0 if RA cannot calculate hash of the original request.
- Time at which the first certificate batches will be available for download (represented by IEEE 1609.2 Time32)
- URL of the certificate repository (common for all devices serviced by an specific RA)
- Case: Certificate Provisioning Request Reject
- HTTP-500 Error Code
EE Response
If the RA provides a positive acknowledgement (accept) to a Certificate Provisioning Request, the EE moves forward with the certificate batch download process using the provided URL and time both given in the acknowledge message.
If the EE does not receive an acknowledgement from the RA in response to the request within the defined time, the EE should retry. Several conditions may necessitate the EE sending the request more than once. This may be due to:
- Request lost in transit (no TCP ack)
- RA offline, unavailable or the RA network address has changed (EE must query DNS for latest RA network information)
- The EE possesses an invalid RA certificate and cannot establish secure communications
- The EE received HTTP-500 Error Code
The EE should not attempt to transmit the Request Certificate message without having completed the prerequisites.
ASN.1 Specification
-- (C) Copyright 2017, 2018 Crash Avoidance Metrics Partners LLC, VSC5 Consortium -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. -- ------------------------------------------------------------------------------- -- EE-RA -- -- The structures in this file define the protocol for messages between an -- EE (OBE or RSE) and the RA for the purposes of -- a) requesting and receiving the RA certificate in the event that the EE -- possess an expired or invalid RA certificate, as an alternative method -- to aquiring the RA certificate through the DCM, -- b) requesting a batch of pseudonym certificates, identity certificates -- or application certificates -- Both of these processes are initiated by the EE, possibly with the aid -- of a DCM. -- This file is part of the SCMS protocol developed by CAMP VSC5 -- It depends on the IEEE 1609.2 protocol specification ------------------------------------------------------------------------------- -- @namespace Ieee1609Dot2EndEntityRaInterface Ieee1609Dot2EndEntityRaInterface {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) ee-ra(8) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; IMPORTS EccP256CurvePoint, Hostname, HashedId8, PublicEncryptionKey, PublicVerificationKey, Time32, Uint8, GeographicRegion FROM IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2)} Certificate FROM IEEE1609dot2 {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) schema(1) major-version-2(2)} SecurityMgmtPsid FROM Ieee1609dot2ScmsBaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) base-types(2) major-version-2(2)} CompositeCrl FROM Ieee1609Dot2ScmsComponentCertificateManagement {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) component-certificate-management (3) major-version-2(2)} ; --- -- @brief The EndEntityRaInterfacePDU is the parent message type for messages -- sent between end entities and the Registration Authority. -- @class EndEntityRaInterfacePDU -- @param eeRaCertRequest contains a message from an EE -- to the RA to request a copy of -- the RA’s currently valid -- certificate. -- @param raEeCertResponse is a message from the RA to the -- EE as a response to -- EeRaCertRequest. -- @param eeRaPseudonymCertProvisioningRequest is a message from an EE to the -- RA to request pseudonym -- certificates. -- @param raEePseudonymCertProvisioningAck is a message from the RA to the -- EE to acknowledge the receipt -- of EeRaPseudonymCertProvisioningRequest. -- @param eeRaIdCertProvisioningRequest is a message from an EE to the -- RA to request an identification -- certificate. -- @param raEeIdCertProvisioningAck is a message from the RA to the -- EE to acknowledge the receipt -- of EeRaIdCertProvisioningRequest. -- @param eeRaAppCertProvisioningRequest is a message from an EE to the -- RA to request an application -- certificate. -- @param raEeAppCertProvisioningAck is a message from the RA to the -- EE to acknowledge the receipt -- of EeRaAppCertProvisioningRequest. -- @param eeRaAuthenticatedDownloadRequest is a message from an EE to the -- RA to request the download of -- certificates (once they are ready). EndEntityRaInterfacePDU::= CHOICE { eeRaCertRequest EeRaCertRequestMsg, raEeCertResponse RaEeCertResponseMsg, eeRaPseudonymCertProvisioningRequest EeRaPseudonymCertProvisioningRequest, raEePseudonymCertProvisioningAck RaEePseudonymCertProvisioningAck, eeRaIdCertProvisioningRequest EeRaIdCertProvisioningRequest, raEeIdCertProvisioningAck RaEeIdCertProvisioningAck, eeRaAppCertProvisioningRequest EeRaAppCertProvisioningRequest, raEeAppCertProvisioningAck RaEeAppCertProvisioningAck, eeRaAuthenticatedDownloadRequest AuthenticatedDownloadRequest, ... } --- -- @brief This message is sent from an EE to the RA to request the RAs -- currently valid certificate. -- @class EeRaCertRequestMsg -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- @see Uint8 EeRaCertRequestMsg ::= SEQUENCE { version Uint8(1), ... } --- -- @brief This message contains an acknowledgement from the RA to an EE's -- EeRaCertRequestMsg. -- @class RaEeCertResponseMsg -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- @param reply indicates the contents of the reply message. In this version -- of the document, only one choice option is supported, namely -- an acknowledgement (ack) of type RaEeCertResponseAck. -- @see Uint8 RaEeCertResponseMsg ::= SEQUENCE { version Uint8(1), reply CHOICE { ack RaEeCertResponseAck, ... }, ... } --- -- @brief This structure contains the RA's currently valid certificate and its -- Certificate Revocation List (CRL) -- @class RaEeCertResponseAck -- @param raCertificate contains the RA’s currently valid public key -- certificate as defined in Section 6.4.2 of IEEE -- 1609.2-2016 -- @param crl contains the Certificate Revocation List pertinent to -- the RA certificate. The Certificate Revocation List -- type is defined in Section 7.3 and 7.4.1 of IEEE -- 1609.2-2016 -- @see Certificate, CompositeCrl RaEeCertResponseAck ::= SEQUENCE { raCertificate Certificate, crl CompositeCrl, ... } --- -- @brief This structure defines the parameters (seed and expansion keys) -- required for butterfly key expansion. The RA generates caterpillar keys using a linear formula based on the -- two fields described in this structure. -- @class UnsignedButterflyParams -- @param seed-key contains the butterfly seed key -- @param expansion contains the expansion parameter needed to perform a -- Butterfly key expansion Butterfly expansion is described -- in https://wiki.campllc.org/display/SCP/SCP1%3A+Butterfly+Keys -- @see EccP256CurvePoint UnsignedButterflyParams ::= SEQUENCE { seed-key EccP256CurvePoint, expansion OCTET STRING (SIZE (16)) } --- -- @brief Identification certificate provisioning request sent by an EE (OBE) to the RA. -- These are signed and encrypted before sending, see scms-protocol.asn. Note that -- Identification certificates use Butterfly keys. -- @class EeRaIdCertProvisioningRequest -- @param version contains the current version of the data type. The -- version specified in this document is version 1. -- @param verify-key-info provides the information for the SCMS to generate -- and embed multiple ID certificate signature public -- keys, one for each ID certificate. -- @param cert-enc-key-info if included, provides the information for the SCMS -- to generate and embed multiple ID certificate -- optional encryption public keys, one for each ID -- certificate. -- @param resp-enc-key-info provides the information for SCMS to uniquely -- encrypt each ID certificate prior to responding to -- the EE. -- @param region indicates the operational region for the EE -- device. Describes a circular or rectangular -- region. Must be a sub-region of the region -- contained in the EE's enrollment certificate. -- @param common provides the structure for indicating the time of -- the request and the requested start time of the -- certificates. -- @param current-time indicates the time of request generation -- @see Uint8, Time32, UnsignedButterflyParams EeRaIdCertProvisioningRequest ::= SEQUENCE { version Uint8(1), verify-key-info UnsignedButterflyParams, cert-enc-key-info UnsignedButterflyParams OPTIONAL, resp-enc-key-info UnsignedButterflyParams, region GeographicRegion, current-time Time32, ... } --- -- @brief Application certificate provisioning request sent by an EE (RSE) to the RA. -- Similar to the EeRaIdCertProvisioningRequest defined above, except that -- butterfly keys are not used in this case. -- @class EeRaAppCertProvisioningRequest -- @param version contains the current version of the data -- type. The version specified in this -- document is version 1. -- @param verify-key provides the public key to be embedded in -- the application certificate. -- @param cert-encryption-key-info provides the discrete PublicEncryptionKey -- to be embedded in the application -- certificate for application encryption -- functions. -- @param resp-encryption-key provides the discrete PublicEncryptionKey -- to be used by the SCMS to encrypt the -- certificate response back to the EE. -- @param region indicates the operational region for the EE -- device. Describes a circular or rectangular -- region. Must be a sub-region of the region -- contained in the EE's enrollment certificate. -- @param common provides the structure for indicating the -- time of the request and the requested start -- time of the certificates. -- @param current-time indicates the time of request generation -- @param requested-start-time indicates the requested start time for the -- requested certificates to take effect (in terms -- of validity). -- @see Uint8, Time32 PublicVerificationKey, PublicEncryptionKey EeRaAppCertProvisioningRequest ::= SEQUENCE { version Uint8(1), verify-key PublicVerificationKey, cert-encryption-key PublicEncryptionKey OPTIONAL, response-encryption-key PublicEncryptionKey, region GeographicRegion, current-time Time32, requested-start-time Time32, ... } --- -- @brief Pseudonym certificate provisioning: Pseudonym certificates use -- butterfly keys. Unlike identification certificates, they are -- shuffled and include linkage values. This differentiation is visible -- in other interfaces only, in particular RA-PCA. -- @class EeRaPseudonymCertProvisioningRequest -- @param version contains the current version of the data type. The -- version specified in this document is version 1. -- @param verify-key-info provides the information for the SCMS to generate -- and embed multiple pseudonym certificate signature -- public keys, one for each ID certificate. -- @param resp-enc-key-info provides the information for the SCMS to uniquely -- encrypt each pseudonym certificate prior to -- responding to the EE. -- @param common provides the structure for indicating the time of -- the request and the requested start time of the -- certificates. -- @param current-time indicates the time of request generation -- @see Uint8, Time32, UnsignedButterflyParams EeRaPseudonymCertProvisioningRequest ::= SEQUENCE { version Uint8(1), verify-key-info UnsignedButterflyParams, resp-enc-key-info UnsignedButterflyParams, current-time Time32, ... } --- -- @brief This structure represents the acknowledgement of the RA that it has -- received an EE’s pseudonym certificate provisioning request. This -- message is signed and encrypted before sending to EE, see scms -- protocol.asn. -- @class RaEePseudonymCertProvisioningAck -- @param version contains the current version of the data type. The -- version specified this document is version 1. -- @param requestHash contains the hash of the original request, using the -- HashedId8 type as defined in 1609dot2-base-types.asn. -- @param reply indicates the contents of the reply message. In this -- version of the document, only one choice option is -- supported, namely an acknowledgement (ack) of type -- PseudonymCertProvisioningAck. -- @see Uint8, HashedId8 RaEePseudonymCertProvisioningAck ::= SEQUENCE { version Uint8(1), requestHash HashedId8, reply CHOICE { ack PseudonymCertProvisioningAck, ... }, ... } --- -- @brief This structure represents the acknowledgement of the RA that it has -- received an EE’s pseudonym certificate provisioning request. -- @class PseudonymCertProvisioningAck -- @param certDLTime contains the time at which the download of the generated -- certificates is available. -- @param certDLURL contains the URL at which the EE may download the -- pseudonym certificates at the indicated time. -- @see Time32, Hostname PseudonymCertProvisioningAck ::= SEQUENCE { certDLTime Time32, certDLURL Hostname, ... } --- -- @brief This structure represents the acknowledgement of the RA that it has -- received an EE's identity certificate provisioning request. -- @class RaEeIdCertProvisioningAck RaEeIdCertProvisioningAck ::= RaEePseudonymCertProvisioningAck --- -- @brief This structure represents the acknowledgement of the RA that it has -- received an EE's application certificate provisioning request. -- @class RaEeAppCertProvisioningAck RaEeAppCertProvisioningAck ::= RaEePseudonymCertProvisioningAck --- -- @brief This structure represents the EE’s request for download from the RA. -- The request indicates the time of the download request in addition -- to the requested filename. -- @class AuthenticatedDownloadRequest -- @param timestamp contains the time at which the download request for the -- file (filename) was generated. -- @param filename contains the name of the file to download. -- @see Time32 AuthenticatedDownloadRequest ::= SEQUENCE { timestamp Time32, filename UTF8String (SIZE(0..255)), ... } END
-- (C) Copyright 2017, 2018 Crash Avoidance Metrics Partners LLC, VSC5 Consortium -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. -- ------------------------------------------------------------------------------- -- SCMS-Protocol -- -- Describes the high level messages exchanged between components in the SCMS -- system. Each pair of communicating entities has a defined interface for -- communication. Unsecured communication over these interfaces is encapsulated -- in a series of Scoped messages. These Scoped messages can then be further -- encapsulated as a Signed message, and further as a Secured message (i.e., -- a Scoped message that has been Signed and then Encrypted). -- -- This file is part of the SCMS protocol developed by CAMP VSC5 -- It depends on the IEEE 1609.2 protocol specification ------------------------------------------------------------------------------- -- @namespace IEEE1609dot2ScmsProtocol IEEE1609dot2ScmsProtocol {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) protocol(1) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; IMPORTS HashAlgorithm, SequenceOfPsid, SequenceOfPsidSsp, Uint8, Uint16 FROM IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2)} Certificate, Ieee1609Dot2Data, SequenceOfCertificate, Signature, SignerIdentifier FROM IEEE1609dot2 {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) schema(1) major-version-2(2)} MisbehaviorReportingPsid, SecurityMgmtPsid FROM Ieee1609dot2ScmsBaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) base-types(2) major-version-2(2)} ScmsComponentCertificateManagementPDU FROM Ieee1609Dot2ScmsComponentCertificateManagement {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) component-certificate-management(3) major-version-2(2)} EcaEndEntityInterfacePDU FROM Ieee1609Dot2EcaEndEntityInterface {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) eca-ee(5) major-version-2(2)} EndEntityMaInterfacePDU FROM Ieee1609Dot2EndEntityMaInterface {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) ee-ma(7) major-version-2(2)} EndEntityRaInterfacePDU FROM Ieee1609Dot2EndEntityRaInterface {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) ee-ra(8) major-version-2(2)} LaMaInterfacePDU FROM Ieee1609Dot2LaMaInterface {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) la-ma(9) major-version-2(2)} LaPcaInterfacePDU FROM Ieee1609Dot2LaPcaInterface {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) la-pca(10) major-version-2(2)} LaRaInterfacePDU FROM Ieee1609Dot2LaRaInterface {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) la-ra(11) major-version-2(2)} MaPcaInterfacePDU FROM Ieee1609Dot2MaPcaInterface {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) ma-pca(13) major-version-2(2)} MaRaInterfacePDU FROM Ieee1609Dot2MaRaInterface {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) ma-ra(14) major-version-2(2)} PcaRaInterfacePDU FROM Ieee1609Dot2PcaRaInterface {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) pca-ra(15) major-version-2(2)} RaPgInterfacePDU FROM Ieee1609Dot2RaPgInterface {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) ra-pg(16) major-version-2(2)} CertificateChainFiles FROM IEEE1609dot2-cert-chains {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base (1) cert-chains (4) major-version-2(2)} PolicyFiles FROM Ieee1609dot2ScmsPolicyTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) policy-types(500) major-version-2(2)} ; --- -- @brief The ScmsPDU is the parent structure that encompasses all parent -- structures of interfaces defined in the SCMS. -- @class ScmsPDU -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- @param content encloses the information of an SCMS interface. -- @param ccm contains the component certificate management interface -- structure. -- @param eca-ee contains the interface structure defined for interaction -- between Enrollment Certificate Authority (ECA) and an End -- Entity (EE). -- @param ee-ma contains the interface structure defined for interaction -- between an End Entity (EE) and Misbehavior Authority (MA). -- @param ee-ra contains the interface structure defined for interaction -- between an End Entity (EE) and Registration Authority (RA). -- @param la-ma contains the interface structure defined for interaction -- between Linkage Authority (LA) and Misbehavior Authority (MA). -- @param la-pca contains the interface structure defined for interaction -- between Linkage Authority (LA) and Pseudonym Certificate -- Authority (PCA). -- @param la-ra contains the interface structure defined for interaction -- between Linkage Authority (LA) and Registration Authority (RA). -- @param ma-pca contains the interface st@ucture defined for interaction -- between Misbehavior Authority (MA) and Pseudonym Certificate -- Authority (PCA). -- @param ma-ra contains the interface structure defined for interactions -- between Misbehavior Authority (MA) and Registration Authority -- (RA). -- @param pca-ra contains the interface structure defined for interactions -- between Pseudonym Certificate Authority (PCA) and Registration -- Authority (RA). -- @param ra-pg contains the interface structure defined for interactions -- between Registration Authority (RA) and Policy Generator (PG). ScmsPDU ::= SEQUENCE { version Uint8(1), content CHOICE { ccm ScmsComponentCertificateManagementPDU, eca-ee EcaEndEntityInterfacePDU, ee-ma EndEntityMaInterfacePDU, ee-ra EndEntityRaInterfacePDU, la-ma LaMaInterfacePDU, la-pca LaPcaInterfacePDU, la-ra LaRaInterfacePDU, ma-pca MaPcaInterfacePDU, ma-ra MaRaInterfacePDU, pca-ra PcaRaInterfacePDU, ra-pg RaPgInterfacePDU, ... } } --- -- @brief This is a collection structure designed for transferring certificate -- and policy files among SCMS entities. -- @class ScmsFile -- @param version contains the current version of the data type. The -- version specified in this document is version 1, -- represented by the integer 1. -- @param content encloses information of an SCMS file. -- @param cert-chain contains the chain of certificates through which the -- necessary entities can be recursively verified. -- @param policy contains files that define policies about certificates -- (e.g. certificate lifetimes) ScmsFile ::= SEQUENCE { version Uint8(1), content CHOICE { cert-chain CertificateChainFiles, policy PolicyFiles, ... } } -- ************************************************************************* -- -- Scoped -- -- ************************************************************************* -- ************************************************************************* -- -- EE-ECA (Scoped) -- -- ************************************************************************* --- -- @brief This structure defines the EeEcaCertRequest as a scoped version of -- the ScmsPDU. -- @class ScopedEeEnrollmentCertRequest ScopedEeEnrollmentCertRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { eca-ee (WITH COMPONENTS { eeEcaCertRequest }) }) }) --- -- @brief This structure defines the EcaEeCertResponse as a scoped version of -- the ScmsPDU. -- @class ScopedEeEnrollmentCertResponse ScopedEeEnrollmentCertResponse ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { eca-ee (WITH COMPONENTS { ecaEeCertResponse }) }) }) -- ************************************************************************* -- -- EE-MA (Scoped) -- -- ************************************************************************* --- -- @brief This structure defines the MisbehaviorReport as a scoped version of -- the ScmsPDU. -- @class ScopedMisbehaviorReport ScopedMisbehaviorReport ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ee-ma (WITH COMPONENTS { misbehaviorReport }) }) }) -- ************************************************************************* -- -- EE-RA (Scoped) -- -- ************************************************************************* --- -- @brief This structure defines the EeRaCertRequest as a scoped version of the -- ScmsPDU. -- @class ScopedEeRaCertRequest ScopedEeRaCertRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ee-ra (WITH COMPONENTS { eeRaCertRequest }) }) }) --- -- @brief This structure defines the RaEeCertResponse as a scoped version of -- the ScmsPDU. -- @class ScopedRaEeCertResponse ScopedRaEeCertResponse ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ee-ra (WITH COMPONENTS { raEeCertResponse }) }) }) --- -- @brief This structure defines the EeRaPseudonymCertProvisioningRequest as a -- scoped version of the ScmsPDU. -- @class ScopedPseudonymCertProvisioningRequest ScopedPseudonymCertProvisioningRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ee-ra (WITH COMPONENTS { eeRaPseudonymCertProvisioningRequest }) }) }) --- -- @brief This structure defines the RaEePseudonymCertProvisioningAck as a -- scoped version of the ScmsPDU. -- @class ScopedPseudonymCertProvisioningAck ScopedPseudonymCertProvisioningAck ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ee-ra (WITH COMPONENTS { raEePseudonymCertProvisioningAck }) }) }) --- -- @brief This structure defines the EeRaIdCertProvisioningRequest as a scoped -- version of the ScmsPDU. -- @class ScopedIdCertProvisioningRequest ScopedIdCertProvisioningRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ee-ra (WITH COMPONENTS { eeRaIdCertProvisioningRequest }) }) }) --- -- @brief This structure defines the RaEeIdCertProvisioningAck as a scoped -- version of the ScmsPDU. -- @class ScopedIdCertProvisioningAck ScopedIdCertProvisioningAck ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ee-ra (WITH COMPONENTS { raEeIdCertProvisioningAck }) }) }) --- -- @brief This structure defines the EeRaAppCertProvisioningRequest as a -- scoped version of the ScmsPDU. -- @class ScopedAppCertProvisioningRequest ScopedAppCertProvisioningRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ee-ra (WITH COMPONENTS { eeRaAppCertProvisioningRequest }) }) }) --- -- @brief This structure defines the RaEeAppCertProvisioningAck as a scoped -- version of the ScmsPDU. -- @class ScopedAppCertProvisioningAck ScopedAppCertProvisioningAck ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ee-ra (WITH COMPONENTS { raEeAppCertProvisioningAck }) }) }) --- -- @brief This structure defines the GlobalCertificateChainFile as a scoped -- version of the ScmsPDU. -- @class ScopedGlobalCertificateChainFile ScopedGlobalCertificateChainFile ::= ScmsFile (WITH COMPONENTS {..., content (WITH COMPONENTS { cert-chain( WITH COMPONENTS { globalCertificateChainFile }) }) }) --- -- @brief This structure defines the LocalCertificateChainFile as a scoped -- version of the ScmsPDU. -- @class ScopedLocalCertificateChainFile ScopedLocalCertificateChainFile ::= ScmsFile (WITH COMPONENTS {..., content (WITH COMPONENTS { cert-chain( WITH COMPONENTS { localCertificateChainFile }) }) }) --- -- @brief This structure defines the GlobalPolicyFile as a scoped version of -- the ScmsPDU. -- @class ScopedGlobalPolicyFile ScopedGlobalPolicyFile ::= ScmsFile (WITH COMPONENTS {..., content (WITH COMPONENTS { policy( WITH COMPONENTS { globalPolicyFile }) }) }) --- -- @brief This structure defines the LocalPolicyFile as a scoped version of -- the ScmsPDU. -- @class ScopedLocalPolicyFile ScopedLocalPolicyFile ::= ScmsFile (WITH COMPONENTS {..., content (WITH COMPONENTS { policy( WITH COMPONENTS { localPolicyFile }) }) }) --- -- @brief This structure defines the EeRaAuthenticatedDownloadRequest as a -- scoped version of the ScmsPDU. -- @class ScopedAuthenticatedDownloadRequest ScopedAuthenticatedDownloadRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ee-ra (WITH COMPONENTS { eeRaAuthenticatedDownloadRequest }) }) }) -- ************************************************************************* -- -- LA-MA (Scoped) -- -- ************************************************************************* --- -- @brief This structure defines the MaLaLinkageInfoRequest as a scoped -- version of the ScmsPDU. -- @class ScopedLIRequest ScopedLIRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { la-ma (WITH COMPONENTS { maLaLinkageInfoRequest }) }) }) --- -- @brief This structure defines the LaMaLinkageInfoResponse as a scoped -- version of the ScmsPDU. -- @class ScopedLIReply ScopedLIReply ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { la-ma (WITH COMPONENTS { laMaLinkageInfoResponse }) }) }) --- -- @brief This structure defines the MaLaLinkageSeedRequest as a scoped -- version of the ScmsPDU. -- @class ScopedLSRequest ScopedLSRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { la-ma (WITH COMPONENTS { maLaLinkageSeedRequest }) }) }) --- -- @brief This structure defines the LaMaLinkageSeedResponse as a scoped -- version of the ScmsPDU. -- @class ScopedLSReply ScopedLSReply ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { la-ma (WITH COMPONENTS { laMaLinkageSeedResponse }) }) }) -- ************************************************************************* -- -- LA-PCA (Scoped) -- -- ************************************************************************* --- -- @brief This structure defines the PcaLaKeyAgreementRequest as a scoped -- version of the ScmsPDU. -- @class ScopedPcaLaKeyAgreementRequest ScopedPcaLaKeyAgreementRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { la-pca (WITH COMPONENTS { pcaLaKeyAgreementRequest }) }) }) --- -- @brief This structure defines the LaPcaKeyAgreementResponse as a scoped -- version of the ScmsPDU. -- @class ScopedLaPcaKeyAgreementResponse ScopedLaPcaKeyAgreementResponse ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { la-pca (WITH COMPONENTS { laPcaKeyAgreementResponse }) }) }) --- -- @brief This structure defines the PcaLaKeyAgreementAck as a scoped version -- of the ScmsPDU. -- @class ScopedPcaLaKeyAgreementAck ScopedPcaLaKeyAgreementAck ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { la-pca (WITH COMPONENTS { pcaLaKeyAgreementAck }) }) }) -- ************************************************************************* -- -- LA-RA (Scoped) -- -- ************************************************************************* --- -- @brief This structure defines the RaLaIndividualPreLinkageValueRequest as a -- scoped version of the ScmsPDU. -- @class ScopedRaLaIndividualPreLinkageValueRequest ScopedRaLaIndividualPreLinkageValueRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { la-ra (WITH COMPONENTS { raLaIndividualPreLinkageValueRequest }) }) }) --- -- @brief This structure defines the RaLaGroupPreLinkageValueRequest as a -- scoped version of the ScmsPDU. -- @class ScopedRaLaGroupPreLinkageValueRequest ScopedRaLaGroupPreLinkageValueRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { la-ra (WITH COMPONENTS { raLaGroupPreLinkageValueRequest }) }) }) --- -- @brief This structure defines the LaRaPreLinkageValueResponse as a scoped -- version of the ScmsPDU. -- @class ScopedLaRaPreLinkageValueResponse ScopedLaRaPreLinkageValueResponse ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { la-ra (WITH COMPONENTS { laRaPreLinkageValueResponse }) }) }) -- ************************************************************************* -- -- MA-PCA (Scoped) -- -- ************************************************************************* --- -- @brief This structure defines the MaPcaPreLinkageValueRequest as a scoped -- version of the ScmsPDU. -- @class ScopedMaPcaPreLinkageValueRequest ScopedMaPcaPreLinkageValueRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ma-pca (WITH COMPONENTS { maPcaPreLinkageValueRequest }) }) }) --- -- @brief This structure defines the PcaMaPreLinkageValueResponse as a scoped -- version of the ScmsPDU. -- @class ScopedPcaMaPreLinkageValueResponse ScopedPcaMaPreLinkageValueResponse ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ma-pca (WITH COMPONENTS { pcaMaPreLinkageValueResponse }) }) }) --- -- @brief This structure defines the MaPcaHPCRRequest as a scoped version of -- the ScmsPDU. -- @class ScopedMaPcaHPCRRequest ScopedMaPcaHPCRRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ma-pca (WITH COMPONENTS { maPcaHPCRRequest }) }) }) --- -- @brief This structure defines the PcaMaHPCRResponse as a scoped version of -- the ScmsPDU. -- @class ScopedPcaMaHPCRResponse ScopedPcaMaHPCRResponse ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ma-pca (WITH COMPONENTS { pcaMaHPCRResponse }) }) }) -- ************************************************************************* -- -- MA-RA (Scoped) -- -- ************************************************************************* --- -- @brief This structure defines the MaRaBlacklistRequest as a scoped version -- of the ScmsPDU. -- @class ScopedBlacklistRequest ScopedBlacklistRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ma-ra (WITH COMPONENTS { maRaBlacklistRequest }) }) }) --- -- @brief This structure defines the RaMaBlacklistResponse as a scoped version -- of the ScmsPDU. -- @class ScopedBlacklistResponse ScopedBlacklistResponse ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ma-ra (WITH COMPONENTS { raMaBlacklistResponse }) }) }) --- -- @brief This structure defines the MaRaLCIRequest as a scoped version of the -- ScmsPDU. -- @class ScopedLCIRequest ScopedLCIRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ma-ra (WITH COMPONENTS { maRaLCIRequest }) }) }) --- -- @brief This structure defines the RaMaLCIResponse as a scoped version of -- the ScmsPDU. -- @class ScopedLCIResponse ScopedLCIResponse ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ma-ra (WITH COMPONENTS { raMaLCIResponse }) }) }) --- -- @brief This structure defines the MaRaRseObeIdBlacklistRequest as a scoped -- version of the ScmsPDU. -- @class ScopedRseObeIdBlacklistRequest ScopedRseObeIdBlacklistRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ma-ra (WITH COMPONENTS { maRaRseObeIdBlacklistRequest }) }) }) --- -- @brief This structure defines the RaMaRseObeIdBlacklistResponse as a scoped -- version of the ScmsPDU. -- @class ScopedRseObeIdBlacklistResponse ScopedRseObeIdBlacklistResponse ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ma-ra (WITH COMPONENTS { raMaRseObeIdBlacklistResponse }) }) }) -- ************************************************************************* -- -- PCA-RA (Scoped) -- -- ************************************************************************* --- -- @brief This structure defines the RaPcaCertRequest as a scoped version of -- the ScmsPDU. -- @class ScopedRaPcaCertificateRequest ScopedRaPcaCertificateRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { pca-ra (WITH COMPONENTS { raPcaCertRequest }) }) }) --- -- @brief This structure defines the PcaRaCertResponse as a scoped version of -- the ScmsPDU. -- @class ScopedPcaRaCertificateRequestReply ScopedPcaRaCertificateRequestReply ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { pca-ra (WITH COMPONENTS { pcaRaCertResponse }) }) }) -- ************************************************************************* -- -- RA-PG (Scoped) -- -- ************************************************************************* --- -- @brief This structure defines the RaPgPolicySignatureRequest as a scoped -- version of the ScmsPDU. -- @class ScopedRaPgPolicySignatureRequest ScopedRaPgPolicySignatureRequest ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ra-pg (WITH COMPONENTS { raPgPolicySignatureRequest }) }) }) --- -- @brief This structure defines the RaPgPolicySignatureRequestReply as a -- scoped version of the ScmsPDU. -- @class ScopedRaPgPolicySignatureRequestReply ScopedRaPgPolicySignatureRequestReply ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ra-pg (WITH COMPONENTS { raPgPolicySignatureRequestReply }) }) }) -- *** Scoped certificate requests ************************************** --- -- @brief This structure defines the all certificate requests messages as -- scoped version of the ScmsPDU. -- @class ScopedCertificateRequest ScopedCertificateRequest ::= ScmsPDU ( ScopedEeRaCertRequest | ScopedEeEnrollmentCertRequest | ScopedPseudonymCertProvisioningRequest | ScopedIdCertProvisioningRequest | ScopedAppCertProvisioningRequest | ScopedRaPcaCertificateRequest | ScopedAuthenticatedDownloadRequest ) --************************************************************************* -- -- Certificate Request -- --********************************************************************** --- -- @brief This structure defines the a format of a signed certificate -- request. -- @class SignedCertificateRequest -- @param hashId is the hash of the current request. -- @param tbsRequest contains the certificate request information that -- is signed by the recipient. -- @param signer denotes the signing entity's identifier. -- @param signature contains the request sender's signature. SignedCertificateRequest ::= SEQUENCE { hashId HashAlgorithm, tbsRequest ScopedCertificateRequest, signer SignerIdentifier, signature Signature } -- ************************************************************************* -- ************************************************************************* -- -- Secured -- -- ************************************************************************* -- ************************************************************************* --- -- @brief This structure contains either secured (encrypted) or unsecured -- (plaintext) data as per need. It follows the same structure defined -- for Ieee1609Dot2Data in 1609dot2-schema.asn. -- Each of the Scoped messages defined above has a corresponding secured -- version. Each secured PDU is an Ieee1609dot2Data whose content is either -- signed data or encrypted data. -- -- A Signed*** PDU has content of type SignedData or SignedCertificateRequest -- -- A Secured*** PDU has content of type EncryptedData which decrypts to -- the corresponding Signed*** PDU (with a few exceptions). -- @class SecuredScmsPDU SecuredScmsPDU ::= Ieee1609Dot2Data -- ************************************************************************* -- -- EE-ECA (Secured) -- -- ************************************************************************* --- -- @brief This structure contains the ScopedEeEnrollmentCertRequest which -- encloses the EeEcaCertRequest. EE sends this message to the ECA to -- request enrollment certificates for itself. EE signs this message -- using its private key generated during bootstrapping. -- @class SignedEeEnrollmentCertRequest -- @param content contains an EEs enrollment certificate request and the EEs -- self signature. -- @see EeEcaCertRequest SignedEeEnrollmentCertRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedCertificateRequest (CONTAINING SignedCertificateRequest (WITH COMPONENTS {..., tbsRequest (ScopedEeEnrollmentCertRequest), signer (WITH COMPONENTS { self }) }) ) }) }) --- -- @brief This structure contains the ScopedEeEnrollmentCertResponse which -- encloses the EcaEeCertResponse. ECA responds on an EE's -- SignedEeEnrollmentCertRequest using this message. ECA signs this -- message using its private key corresponding to its EcaCertificate. -- @class SignedEeEnrollmentCertResponse -- @param content contains the ScopedEeEnrollmentCertResponse. -- @see EcaEeCertResponse, EcaCertificate SignedEeEnrollmentCertResponse ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedEeEnrollmentCertResponse) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) -- ************************************************************************* -- -- EE-MA (Secured) -- -- ************************************************************************* --- -- @brief This structure contains SignedMisbehaviorReport and is sent by an EE -- to MA through RA. EE sends this misbehavior reports to MA using -- using structure. EE encrypts this message using MA's public key from -- MaCertificate that it obtains during bootstrapping. -- @class SecuredMisbehaviorReport -- @param content contains the encrypted misbehavior reports generated by an -- EE; decrypts to a SignedMisbehaviorReport. -- @see MisbehaviorReportContents, MaCertificate SecuredMisbehaviorReport ::= SecuredScmsPDU(WITH COMPONENTS {..., content(WITH COMPONENTS {..., encryptedData }) }) --- -- @brief This structure contains the misbehavior reports generated by an EE -- and sent to the RA. The RA forwards this message to the MA in the -- form of SecuredMisbehaviorReport. The reporting EE signs this message -- using its private key corresponding to its active -- ObePseudonymCertificate. -- @class SignedMisbehaviorReport, ObePseudonymCertificate -- @param content contains the misbehavior report in the form of -- ScopedMisbehaviorReport generated by the reporting EE. -- @see MisbehaviorReportContents SignedMisbehaviorReport ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedMisbehaviorReport) }) }) }), headerInfo (WITH COMPONENTS {..., psid (MisbehaviorReportingPsid), generationTime PRESENT, expiryTime ABSENT, generationLocation PRESENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }), signer (WITH COMPONENTS {..., certificate (SequenceOfCertificate (SIZE(1))) }) }) }) }) -- ************************************************************************* -- -- EE-RA (Secured) -- -- ************************************************************************* --- -- @brief This structure contains the encrypted ScopedEeRaCertRequest which -- contains the EeRaCertRequestMsg. EE sends this message to RA to -- request RA's currently active RaCertificate. EE encrypts this message -- using the RA's public key obtained from RaCertificate. If EE -- requests RA's certificate for the first time, it will encrypt using -- the key obtained at the time of device bootstrapping. -- @class SecuredRACertRequest -- @param content contains the ScopedEeRaCertRequest. -- @see EeRaCertRequestMsg, RaCertificate SecuredRACertRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., unsecuredData (CONTAINING ScopedEeRaCertRequest) }) }) --- -- @brief This structure contains the ScopedPseudonymCertProvisioningRequest -- which contains the EeRaPseudonymCertProvisioningRequest structure. -- EE sends this message to PCA through RA to request -- ObePseudonymCertificate. EE signs this message using its private key -- corresponding to its ObeEnrollmentCertificate and encrypts it to RA. -- @class SignedPseudonymCertProvisioningRequest -- @param content contains the pseudonym certificate provisioning request and -- requesting EE's ObeEnrollmentCertificate. -- @see EeRaPseudonymCertProvisioningRequest, ObePseudonymCertificate, -- ObeEnrollmentCertificate SignedPseudonymCertProvisioningRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedCertificateRequest (CONTAINING SignedCertificateRequest (WITH COMPONENTS {..., tbsRequest (ScopedPseudonymCertProvisioningRequest), signer (WITH COMPONENTS { certificate (SequenceOfCertificate (SIZE(1))) }) }) ) }) }) --- -- @brief This structure contains SignedPseudonymCertProvisioningRequest -- generated by the requesting EE and sent to the RA. The RA forwards -- this request to the PCA. EE encrypts this message using PCA's public -- key obtained during device bootstrapping. -- @class SecuredPseudonymCertProvisioningRequest -- @param content contains the encrypted pseudonym certificate provisioning -- request generated by an EE; decrypts to a -- SignedPseudonymCertProvisioningRequest. -- @see EeRaPseudonymCertProvisioningRequest SecuredPseudonymCertProvisioningRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData }) }) --- -- @brief This structure contains ScopedPseudonymCertProvisioningAck which -- contains RaEePseudonymCertProvisioningAck. RA acknowledges receipt -- of an EE's SignedPseudonymCertProvisioningRequest using this -- structure. RA signs this message using its private key corresponding -- to its RaCertificate. -- @class SignedPseudonymCertProvisioningAck -- @param content contains the ScopedPseudonymCertProvisioningAck. -- @see RaEePseudonymCertProvisioningAck, RaCertificate SignedPseudonymCertProvisioningAck ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedPseudonymCertProvisioningAck) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains the ScopedIdCertProvisioningRequest -- which contains the EeRaIdCertProvisioningRequest structure. -- EE signs this message using its private key corresponding to its -- ObeEnrollmentCertificate, encrypts and sends it to RA to request -- provisioning of ID certificates. -- @class SignedIdCertProvisioningRequest -- @param content contains the pseudonym certificate provisioning request and -- requesting EE's enrollment certificate. -- @see EeRaIdCertProvisioningRequest, ObeEnrollmentCertificate SignedIdCertProvisioningRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedCertificateRequest (CONTAINING SignedCertificateRequest (WITH COMPONENTS {..., tbsRequest (ScopedIdCertProvisioningRequest), signer (WITH COMPONENTS { certificate (SequenceOfCertificate (SIZE(1))) }) }) ) }) }) --- -- @brief This structure contains SignedIdCertProvisioningRequest -- generated by the requesting EE and sent to the RA. The RA forwards -- this request to the PCA. EE encrypts this message using PCA's public -- key obtained during device bootstrapping. -- @class SecuredIdCertProvisioningRequest -- @param content contains the encrypted pseudonym certificate provisioning -- request generated by an EE; decrypts to a -- SignedIdCertProvisioningRequest. -- @see EeRaIdCertProvisioningRequest SecuredIdCertProvisioningRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData }) }) --- -- @brief This structure contains the ScopedIdCertProvisioningAck which -- contains the RaEeIdCertProvisioningAck. RA signs this message using -- its private key corresponding to its RaCertificate. RA sends this -- message to an EE in the form of SecuredIdCertProvisioningAck. -- @class SignedIdCertProvisioningAck -- @param content contains the ScopedIdCertProvisioningAck which encloses the -- RaEeIdCertProvisioningAck. -- @see RaEeIdCertProvisioningAck, RaCertificate SignedIdCertProvisioningAck ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedIdCertProvisioningAck) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains the ScopedAppCertProvisioningRequest -- which contains the EeRaAppCertProvisioningRequest structure. -- EE signs this message using its private key corresponding to its -- ObeEnrollmentCertificate. -- @class SignedAppCertProvisioningRequest -- @param content contains the pseudonym certificate provisioning request and -- requesting EE's enrollment certificate. -- @see EeRaAppCertProvisioningRequest SignedAppCertProvisioningRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedCertificateRequest (CONTAINING SignedCertificateRequest (WITH COMPONENTS {..., tbsRequest (ScopedAppCertProvisioningRequest), signer (WITH COMPONENTS { certificate (SequenceOfCertificate (SIZE(1))) }) }) ) }) }) --- -- @brief This structure contains SignedAppCertProvisioningRequest -- generated by the requesting EE and sent to the RA. The RA forwards -- this request to the PCA. EE encrypts this message using PCA's public -- key obtained during device bootstrapping. -- @class SecuredAppCertProvisioningRequest -- @param content contains the encrypted pseudonym certificate provisioning -- request generated by an EE; decrypts to a -- SignedAppCertProvisioningRequest. -- @see EeRaAppCertProvisioningRequest SecuredAppCertProvisioningRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData }) }) --- -- @brief This structure contains the ScopedAppCertProvisioningAck which -- contains the RaEeAppCertProvisioningAck. RA signs this message using -- its private key corresponding to its RaCertificate. RA sends this -- message to an EE in the form of SecuredAppCertProvisioningAck. -- @class SignedAppCertProvisioningAck -- @param content contains the ScopedAppCertProvisioningAck which encloses the -- RaEeAppCertProvisioningAck. -- @see RaEeAppCertProvisioningAck, RaCertificate SignedAppCertProvisioningAck ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedAppCertProvisioningAck) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains the ScopedAuthenticatedDownloadRequest which -- contains the AuthenticatedDownloadRequest. EE signs this message -- using its private key corresponding to its ObeEnrollmentCertificate. -- EE sends this message to RA in the form of -- SecuredAuthenticatedDownloadRequest. -- @class SignedAuthenticatedDownloadRequest -- @param content contains the authenticated download request and EE's -- enrollment certificate. -- @see AuthenticatedDownloadRequest, ObeEnrollmentCertificate SignedAuthenticatedDownloadRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedCertificateRequest (CONTAINING SignedCertificateRequest (WITH COMPONENTS {..., tbsRequest (ScopedAuthenticatedDownloadRequest), signer (WITH COMPONENTS { certificate (SequenceOfCertificate (SIZE(1))) }) }) ) }) }) --- -- @brief This structure contains the SignedAuthenticatedDownloadRequest and -- is sent by an EE to the RA. EE encrypts this message using RA's -- public key obtained at device bootstrapping. -- @class SecuredAuthenticatedDownloadRequest -- @param content contains the authenticated download request signed by an EE; -- decrypts to SignedAuthenticatedDownloadRequest. -- @see AuthenticatedDownloadRequest SecuredAuthenticatedDownloadRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData }) }) --- -- @brief This structure contains ScopedGlobalPolicyFile which contains -- GlobalPolicyFile. PG signs this message using its private key -- corresponding to its PgCertificate. -- @class SignedGlobalPolicyFile -- @param content contains the ScopedGlobalPolicyFile. -- @see GlobalPolicyFile, PgCertificate SignedGlobalPolicyFile ::= Ieee1609Dot2Data( WITH COMPONENTS{..., content( WITH COMPONENTS{..., signedData( WITH COMPONENTS{..., tbsData( WITH COMPONENTS{..., payload( WITH COMPONENTS{..., data( WITH COMPONENTS{..., content( WITH COMPONENTS{..., unsecuredData( CONTAINING ScopedGlobalPolicyFile ) }) }) }) }) }) }) }) --- -- @brief This structure contains ScopedLocalPolicyFile which contains -- LocalPolicyFile. PG signs this message using its private key -- corressponding to its PgCertificate. -- @class SignedLocalPolicyFile -- @param content contains the ScopedLocalPolicyFile. -- @see LocalPolicyFile, PgCertificate SignedLocalPolicyFile ::= Ieee1609Dot2Data( WITH COMPONENTS{..., content( WITH COMPONENTS{..., signedData( WITH COMPONENTS{..., tbsData( WITH COMPONENTS{..., payload( WITH COMPONENTS{..., data( WITH COMPONENTS{..., content( WITH COMPONENTS{..., unsecuredData( CONTAINING ScopedLocalPolicyFile ) }) }) }) }) }) }) }) -- ************************************************************************* -- -- LA-MA (Secured) -- -- ************************************************************************* --- -- @brief This structure contains ScopedLIRequest which contains -- MaLaLinkageInfoRequest. MA signs this message using its private key -- corresponding to its MaCertificate. -- @class SignedLIRequest -- @param content contains the ScopedLIRequest. -- @see MaLaLinkageInfoRequest SignedLIRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedLIRequest) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This stucture contains SignedLIRequest and is sent by MA to LA. -- MA encrypts this message using LA's public key that it obtains -- from LaCertificate received from ICA at Add LA stage. -- @class SecuredLIRequest -- @param contains encrypted linkage information signed by MA; decrypts to a -- SignedLIRequest. -- @see MaLaLinkageInfoRequest, LaCertificate SecuredLIRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData }) }) --- -- @brief This structure contains ScopedLIReply which contains -- LaMaLinkageInfoResponseMsg. LA signs this message using its private -- key corresponding to its LaCertificate. -- @class SignedLIReply -- @param content contains ScopedLIReply. -- @see LaMaLinkageInfoResponseMsg, LaCertificate SignedLIReply ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedLIReply) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains SignedLIReply and is sent by LA to an MA's -- SecuredLIRequest. LA encrypts this message using encryptionKey -- obtained from MaCertificate. -- @class SecuredLIReply -- @param content contains LA's response with linkage information; decrypts to -- a SignedLIReply. -- @see LaMaLinkageInfoResponseMsg, MaCertificate SecuredLIReply ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData }) }) --- -- @brief This structure contains ScopedLSRequest which contains -- MaLaLinkageSeedRequestMsg. MA signs this message using its private -- key corresponding to its MaCertificate. -- @class SignedLSRequest -- @param content contains ScopedLSRequest. -- @see MaLaLinkageSeedRequestMsg, MaCertificate SignedLSRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedLSRequest) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains SignedLSRequest that is sent by MA to LA to -- request linkage seed information for misbehavior report analysis. MA -- encrypts this request using LA's public key that it obtains from -- LaCertificate received from ICA at Add LA stage. -- @class SecuredLSRequest -- @param content contains encrypted linkage seed request message signed by MA -- ; decrypts to a SignedLSRequest. -- @see MaLaLinkageSeedRequestMsg, LaCertificate SecuredLSRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData }) }) --- -- @brief This structure contains ScopedLSReply which contains -- LaMaLinkageSeedResponseMsg. LA signs this message using its private -- key corresponding to its LaCertificate. -- @class SignedLSReply -- @param content contains ScopedLSReply. -- @see LaMaLinkageSeedResponseMsg, LaCertificate SignedLSReply ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedLSReply) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains SignedLSReply and is sent by LA to an MA's -- SecuredLSRequest. LA encrypts this message using encryptionKey in -- MaCertificate. -- @class SecuredLSReply -- @param content contains LA's response with linkage information; decrypts to -- a SignedLSReply. -- @see LaMaLinkageSeedResponseMsg SecuredLSReply ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData -- decrypts to a SignedLSReply }) }) -- ************************************************************************* -- -- LA-PCA (Secured) -- -- ************************************************************************* --- -- @brief This structure contains ScopedPcaLaKeyAgreementRequest which -- contains PcaLaKeyAgreementRequestMsg and is sent from PCA to LA to -- initiate key agreement. PCA signs this message using its private key -- corresponding to its PcaCertificate. -- @class SignedPcaLaKeyAgreementRequest -- @param content contains ScopedPcaLaKeyAgreementRequest. -- @see PcaLaKeyAgreementRequestMsg SignedPcaLaKeyAgreementRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedPcaLaKeyAgreementRequest) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains ScopedLaPcaKeyAgreementResponse which -- contains LaPcaKeyAgreementResponse and is sent from LA to PCA. LA -- signs this message using its private key corresponding to its -- LaCertificate. -- @class SignedLaPcaKeyAgreementResponse -- @param content contains ScopedLaPcaKeyAgreementResponse. -- @see LaPcaKeyAgreementResponse, LaCertificate SignedLaPcaKeyAgreementResponse ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedLaPcaKeyAgreementResponse) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains ScopedPcaLaKeyAgreementAck which contains -- PcaLaKeyAgreementAck and is sent from PCA to LA. PCA signs this -- message using private key corresponding to its PcaCertificate. -- @class SignedPcaLaKeyAgreementAck -- @param content contains ScopedPcaLaKeyAgreementAck. -- @see PcaLaKeyAgreementAck, PcaCertificate SignedPcaLaKeyAgreementAck ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedPcaLaKeyAgreementAck) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) -- ************************************************************************* -- -- LA-RA (Secured) -- -- ************************************************************************* --- -- @brief This structure contains ScopedRaLaIndividualPreLinkageValueRequest -- which contains RaLaIndividualPreLinkageValueRequest and is sent from -- RA to LA. RA signs this message using its private key corresponding -- to its RaCertificate. Generation time is present to prevent replay, -- keep message for replay check until time corresponding to iMin has -- been reached. -- @class SignedRaLaIndividualPreLinkageValueRequest -- @param content contains ScopedRaLaIndividualPreLinkageValueRequest. -- @see RaLaIndividualPreLinkageValueRequest, RaCertificate SignedRaLaIndividualPreLinkageValueRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedRaLaIndividualPreLinkageValueRequest) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime PRESENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains ScopedRaLaGroupPreLinkageValueRequest which -- contains RaLaGroupPreLinkageValueRequest and is sent by RA to LA. RA -- signs this message using its private key corresponding to its -- RaCertificate. Generation time is present to prevent replay, -- keep message for replay check until time corresponding to iMin has -- been reached. -- @class SignedRaLaGroupPreLinkageValueRequest -- @param content contains ScopedRaLaGroupPreLinkageValueRequest. -- @see RaLaGroupPreLinkageValueRequest, RaCertificate SignedRaLaGroupPreLinkageValueRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedRaLaGroupPreLinkageValueRequest) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime PRESENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains ScopedLaRaPreLinkageValueResponse which -- contains LaRaPreLinkageValueResponse and is sent by LA to RA. LA -- signs this message using its private key corresponding to its -- LaCertificate. Generation time is present to prevent replay, -- keep message for replay check until time corresponding to iMin has -- been reached. -- @class SignedLaRaPreLinkageValueResponse -- @param content contains ScopedLaRaPreLinkageValueResponse. -- @see LaRaPreLinkageValueResponse, LaCertificate SignedLaRaPreLinkageValueResponse ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedLaRaPreLinkageValueResponse) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime PRESENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) -- ************************************************************************* -- -- MA-PCA (Secured) -- -- ************************************************************************* --- -- @brief This structure contains ScopedMaPcaPreLinkageValueRequest which -- contains MaPcaPreLinkageValueRequest and is sent from MA to PCA. MA -- signs this message using its private key corresponding to its -- MaCertificate. -- @class SignedMaPcaPreLinkageValueRequest -- @param content contains ScopedMaPcaPreLinkageValueRequest. -- @see MaPcaPreLinkageValueRequest, MaCertificate SignedMaPcaPreLinkageValueRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedMaPcaPreLinkageValueRequest) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains SignedMaPcaPreLinkageValueRequest and is -- sent by MA to PCA. MA encrypts this message using encryptionKey from -- PCA's PcaCertificate. -- @class SecuredMaPcaPreLinkageValueRequest -- @param content contains MA's request to gain pre-linkage values from PCA; -- decrypts to a SignedMaPcaPreLinkageValueRequest. -- @see PcaCertificate SecuredMaPcaPreLinkageValueRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData }) }) --- -- @brief This structure contains ScopedPcaMaPreLinkageValueResponse which -- contains PcaMaPreLinkageValueResponse and is sent by PCA to MA. PCA -- signs this message using its private key corresponding to its -- PcaCertificate. -- @class SignedPcaMaPreLinkageValueResponse -- @param content contains ScopedPcaMaPreLinkageValueResponse. -- @see PcaMaPreLinkageValueResponse, PcaCertificate SignedPcaMaPreLinkageValueResponse ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedPcaMaPreLinkageValueResponse) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains SignedPcaMaPreLinkageValueResponse and is -- sent by PCA to MA. PCA encrypts this message using the encryptionKey -- in MaCertificate. -- @class SecuredPcaMaPreLinkageValueResponse -- @param content contains response from PCA with pre-linkage values requested -- by MA; decrypts to a SignedPcaMaPreLinkageValueResponse. -- @see MaCertificate SecuredPcaMaPreLinkageValueResponse ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData }) }) --- -- @brief This structure contains ScopedMaPcaHPCRRequest which contains -- MaPcaHPCRRequest and is sent by MA to PCA. MA signs this message -- using its private key corresponding to its MaCertificate. -- @class SignedMaPcaHPCRRequest -- @param content contains ScopedMaPcaHPCRRequest. -- @see MaPcaHPCRRequest, MaCertificate SignedMaPcaHPCRRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedMaPcaHPCRRequest) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains SignedMaPcaHPCRRequest and is sent by MA to -- PCA. MA encrypts this message using encryptionKey in PCA's -- PcaCertificate. -- @class SecuredMaPcaHPCRRequest -- @param content contains the encrypted HPCR request from MA; decrypts to a -- SignedMaPcaHPCRRequest. SecuredMaPcaHPCRRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData }) }) --- -- @brief This structure contains ScopedPcaMaHPCRResponse which contains -- PcaMaHPCRResponse and is sent by PCA to MA. PCA signs this message -- using its private key corresponding to its PcaCertificate. -- @class SignedPcaMaHPCRResponse -- @param content contains ScopedPcaMaHPCRResponse. -- @see PcaMaHPCRResponse, PcaCertificate SignedPcaMaHPCRResponse ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedPcaMaHPCRResponse) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains SignedPcaMaHPCRResponse and is sent by PCA -- to MA as a response to MA's SecuredMaPcaHPCRRequest. PCA encrypts -- data in this message using encryptionKey in MaCertificate. -- @class SecuredPcaMaHPCRResponse -- @param content contains the encrypted response from PCA wih HPCR; decrypts -- to a SignedPcaMaHPCRResponse. -- @see MaCertificate SecuredPcaMaHPCRResponse ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData -- }) }) -- ************************************************************************* -- -- MA-RA (Secured) -- -- ************************************************************************* --- -- @brief This structure contains ScopedBlacklistRequest which contains -- MaRaBlacklistRequest and is sent by MA to RA. MA signs this message -- using the private key corresponding to its MaCertificate. -- @class SignedBlacklistRequest -- @param content contains ScopedBlacklistRequest that indicates which -- pseudonym certificates have been revoked by MA. -- @see MaRaBlacklistRequest, MaCertificate SignedBlacklistRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedBlacklistRequest) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains SignedBlacklistRequest and is sent my MA to -- RA. MA encrypts the data in this message using encryptionKey in RA's -- RaCertificate. -- @class SecuredBlacklistRequest -- @param content contains encrypted request to update RA's internal blacklist; -- decrypts to a SignedBlacklistRequest. -- @see RaCertificate SecuredBlacklistRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData }) }) --- -- @brief This structure contains ScopedBlacklistResponse which contains -- RaMaBlacklistResponse and is sent by RA to MA. RA signs this message -- using the private key corresponding to its RaCertificate. -- @class SignedBlacklistResponse -- @param content contains ScopedBlacklistResponse that indicates status of -- revoked pseudonym certificates. -- @see RaMaBlacklistResponse, RaCertificate SignedBlacklistResponse ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedBlacklistResponse) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains SignedBlacklistResponse and is sent as a -- response by RA to MA's SecuredBlacklistRequest. RA encrypts the data -- in this message using encryptionKey in MA's MaCertificate. -- @class SecuredBlacklistResponse -- @param content contains encrypted status of revoked pseudonym certificates; -- decrypts to a SignedBlacklistResponse. -- @see MaCertificate SecuredBlacklistResponse ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData }) }) --- -- @brief This structure contains ScopedRseObeIdBlacklistRequest which -- contains MaRaRseObeIdBlacklistRequest and is sent by MA to RA. MA -- signs this message using the private key corresponding to its -- MaCertificate. -- @class SignedRseObeIdBlacklistRequest -- @param content contains ScopedRseObeIdBlacklistRequest. -- @see MaRaRseObeIdBlacklistRequest, MaCertificate SignedRseObeIdBlacklistRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedRseObeIdBlacklistRequest) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains SignedRseObeIdBlacklistRequest and is sent -- by MA to RA. MA encrypts this message using the encryptionKey in RA's -- RaCertificate. -- @class SecuredRseObeIdBlacklistRequest -- @param content contains the encrypted status report of revoked -- identification and application certificates; decrypts to a -- SignedRseObeIdBlacklistRequest. -- @see RaCertificate SecuredRseObeIdBlacklistRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData }) }) --- -- @brief This structure contains ScopedBlacklistResponse which contains -- RaMaBlacklistResponse and is sent by RA to MA. RA signs this message -- using the private key corresponding to its RaCertificate. -- @class SignedRseObeIdBlacklistResponse -- @param content contains ScopedBlacklistResponse that notifies the status of -- revoked identification certificates and application -- certificates. -- @see RaMaBlacklistResponse, RaCertificate SignedRseObeIdBlacklistResponse ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedBlacklistResponse) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains SignedRseObeIdBlacklistResponse and is sent -- by RA to MA. RA encrypts this message using the encryptionKey in MA's -- MaCertificate. -- @class SecuredRseObeIdBlacklistResponse -- @param content contains encrypted status report of revoked identification -- and pseudonym certificates; decrypts to a -- SignedRseObeIdBlacklistResponse. -- @see MaCertificate SecuredRseObeIdBlacklistResponse ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData }) }) --- -- @brief This structure contains ScopedLCIRequest which contains -- MaRaLCIRequest and is sent by MA to RA. MA signs this message using -- the private key corresponding to its MaCertificate. -- @class SignedLCIRequest -- @param content contains ScopedLCIRequest. -- @see MaRaLCIRequest, MaCertificate SignedLCIRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedLCIRequest) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains SignedLCIRequest and is sent by MA to RA. MA -- encrypts the data in this message using the encryptionKey in RA's -- RaCertificate. -- @class SecuredLCIRequest -- @param content contains encrypted request for linkage chain identifiers; -- decrypts to a SignedLCIRequest. -- @see RaCertificate SecuredLCIRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData -- }) }) --- -- @brief This structure contains ScopedLCIResponse which contains -- RaMaLCIResponse and is sent by RA to MA. RA signs this message using -- the private key corresponding to its RaCertificate. -- @class SignedLCIResponse -- @param content contains ScopedLCIResponse -- @see RaMaLCIResponse, RaCertificate SignedLCIResponse ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedLCIResponse) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) --- -- @brief This structure contains SignedLCIResponse and is sent by RA to MA. -- RA signs the data in this message using the encryptionKey in MA's -- MaCertificate. -- @class SecuredLCIResponse -- @param content contains encrypted linkage chain identifiers sent by RA; -- decrypts to a SignedLCIResponse. -- @see MaCertificate SecuredLCIResponse ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., encryptedData }) }) -- ************************************************************************* -- -- PCA-RA (Secured) -- -- ************************************************************************* --- -- @brief This structure contains ScopedRaPcaCertificateRequest which contains -- RaPcaCertRequestMsg. RA signs this message before sending it to -- PCA. -- @class SecuredRaPcaCertificateRequest -- @param content contains ScopedRaPcaCertificateRequest and RA's certificate. -- @see RaPcaCertRequestMsg SecuredRaPcaCertificateRequest ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedCertificateRequest (CONTAINING SignedCertificateRequest (WITH COMPONENTS {..., tbsRequest (ScopedRaPcaCertificateRequest), signer (WITH COMPONENTS { certificate (SequenceOfCertificate (SIZE(1)) ) }) }) ) }) }) --- -- @brief This structure contains ScopedPcaRaCertificateRequestReply which -- contains PcaRaCertResponseMsg. PCA encrypts this message before -- sending it to RA using the encryptionKey in RA's RaCertificate. -- @class SecuredPcaRaCertificateRequestReply -- @param content contains ScopedPcaRaCertificateRequestReply. -- @see PcaRaCertResponseMsg SecuredPcaRaCertificateRequestReply ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedPcaRaCertificateRequestReply) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime ABSENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) -- ************************************************************************* -- -- Root Management / Electors (Secured) -- -- ************************************************************************* --- -- @brief This structure defines the TbsElectorEndorsement as a scoped version -- of the ScmsPDU. -- @class ScopedElectorEndorsement -- @param content contains TbsElectorEndorsement -- @see TbsElectorEndorsement ScopedElectorEndorsement ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ccm (WITH COMPONENTS { tbsElectorEndorsement }) }) }) --- -- @brief This structure contains ScopedElectorEndorsement which contains -- TbsElectorEndorsement and is used by Electors to endorse addition of -- a new Elector to the SCMS. The existing Electors sign their -- endorsements using their private keys corresponding to their -- respective ElectorCertificate. -- @class SignedElectorEndorsement -- @param content contains ScopedElectorEndorsement. -- @see TbsElectorEndorsement SignedElectorEndorsement ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., signedData (WITH COMPONENTS {..., tbsData (WITH COMPONENTS {..., payload (WITH COMPONENTS {..., data (WITH COMPONENTS {..., content (WITH COMPONENTS { unsecuredData (CONTAINING ScopedElectorEndorsement) }) }) }), headerInfo (WITH COMPONENTS {..., psid (SecurityMgmtPsid), generationTime PRESENT, expiryTime ABSENT, generationLocation ABSENT, p2pcdLearningRequest ABSENT, missingCrlIdentifier ABSENT, encryptionKey ABSENT }) }) }) }) }) ScopedElectorBallot ::= ScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS { ccm (WITH COMPONENTS { electorBallot }) }) }) SecuredElectorBallot ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., unsecuredData (CONTAINING ScopedElectorBallot) }) }) -- Note: even though this is an "unsecured" message, this merely states that -- "UnsecuredElectorBallot" (ie. Ieee1609Dot2Data wrapper) is not a signed or -- encrypted message. However, the ScopedElectorBallot contains contents -- that has been signed. UnsecuredElectorBallot ::= SecuredScmsPDU (WITH COMPONENTS {..., content (WITH COMPONENTS {..., unsecuredData (CONTAINING ScopedElectorBallot) -- signed payload }) }) -- ************************************************************************* -- -- SSP -- -- ************************************************************************* --- -- @brief The ScmsSsp is the parent structure that encompasses all Service -- Specific Permission (SSP) structures defined in the SCMS. -- @class ScmsSsp -- @param elector contains SSP defined for an Elector. -- @param root contains SSP defined for a Root CA. -- @param pg contains SSP defined for a Policy Generator (PG). -- @param ica contains SSP defined for an Intermediate Certification Authority (ICA). -- @param eca contains SSP defined for an Enrollment Certification Authority (ECA). -- @param pca contains SSP defined for a Pseudonym Certification Authority (PCA). -- @param crl contains SSP defined for a Certification Revocation List (CRL). -- @param dcm contains SSP defined for a Device Configuration Manager (DCM). -- @param la contains SSP defined for a Linkage Authority (LA). -- @param lop contains SSP defined for a Location Obscurer Proxy (LOP). -- @param ma contains SSP defined for a Misbehavior Authority (MA). -- @param ra contains SSP defined for a Registration Authority (RA). ScmsSsp ::= CHOICE { elector ElectorSsp, root RootCaSsp, pg PGSsp, ica IcaSsp, eca EcaSsp, pca PcaSsp, crl CrlSignerSsp, dcm DcmSsp, la LaSsp, lop LopSsp, ma MaSsp, ra RaSsp, ... } --- -- @brief This structure defines the SSP for an Elector. -- @class ElectorSsp -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- @see Uint8 ElectorSsp ::= SEQUENCE { version Uint8(1), ... } --- -- @brief This structure defines the SSP for a Root CA. -- @class RootCaSsp -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- @see Uint8 RootCaSsp ::= SEQUENCE { version Uint8(1), ... } --- -- @brief This structure defines the SSP for a PG. -- @class PGSsp -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- @see Uint8 PGSsp ::= SEQUENCE { version Uint8(1), ... } --- -- @brief This structure defines the SSP for an ICA. -- @class IcaSsp -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- @see Uint8 IcaSsp ::= SEQUENCE { version Uint8(1), ... } --- -- @brief This structure defines the SSP for an ECA. -- @class EcaSsp -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- @see Uint8 EcaSsp ::= SEQUENCE { version Uint8(1), ... } --- -- @brief This structure defines the SSP for a PCA. -- @class PcaSsp -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- specified in this document is version 1, represented by the -- integer 1. -- @see Uint8 PcaSsp ::= SEQUENCE { version Uint8(1), ... } --- -- @brief This structure defines the SSP for a CRL signer. -- @class CrlSignerSsp -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- @see Uint8 CrlSignerSsp ::= SEQUENCE { version Uint8(1), ... } --- -- @brief This structure defines the SSP for a DCM. -- @class DcmSsp -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- @see Uint8 DcmSsp ::= SEQUENCE { version Uint8(1), ... } --- -- @brief This structure defines the SSP for an LA. -- @class LaSsp -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- @see Uint8 LaSsp ::= SEQUENCE { version Uint8(1), laId Uint16, ... } --- -- @brief This structure defines the SSP for an LOP. -- @class LopSsp -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- @see Uint8 LopSsp ::= SEQUENCE { version Uint8(1), ... } --- -- @brief This structure defines the SSP for an MA. -- @class MaSsp -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- @see Uint8 MaSsp ::= SEQUENCE { version Uint8(1), relevantPsids SequenceOfPsid, ... } --- -- @brief This structure defines the SSP for an RA. -- @class RaSsp -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- @see Uint8 RaSsp ::= SEQUENCE { version Uint8(1), ... } END
-- (C) Copyright 2017, 2018 Crash Avoidance Metrics Partners LLC, VSC5 Consortium -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. -- ------------------------------------------------------------------------------- -- SCMS-BASE-TYPES -- -- The structures in this file define some common messages, or base types, used -- by different entities in the system, as well some constants related to the -- SCMS protocols. -- -- This file is part of the SCMS protocol developed by CAMP VSC5 -- It depends on the IEEE 1609.2 protocol specification ------------------------------------------------------------------------------- -- @namespace Ieee1609dot2ScmsBaseTypes Ieee1609dot2ScmsBaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) base-types(2) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; IMPORTS CrlSeries, CountryOnly, Duration, Hostname, IValue, LaId, LinkageSeed, Psid, Signature, HashedId8, Uint8 FROM IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2)} RecipientInfo, EncryptedData, SignerIdentifier FROM IEEE1609dot2 {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) schema(1) major-version-2(2)} ; --- -- @brief This data type is used for any operations in Canada. -- @class Canada Canada ::= CountryOnly (124) --- -- @brief This data type is used for any operations in Mexico. -- @class Mexico Mexico ::= CountryOnly (484) --- -- @brief This data type is used for any operations in the USA. -- @class USA USA ::= CountryOnly (840) --- -- @brief This data type denotes the expiration period of a CRL certificate. -- for Proof-of-Concept. -- @class CrlgCertExpirationPoc CrlgCertExpirationPoc::= Duration (WITH COMPONENTS {hours(35208)}) -- 4 years + 1 week = 35,208 hours --- -- @brief This data type denotes the expiration period of a CRL certificate. -- for CV pilots. -- @class CrlgCertExpirationCvp CrlgCertExpirationCvp::= Duration (WITH COMPONENTS {hours(17688)}) -- 2 years + 1 week = 17,688 hours --- -- @brief This data type denotes the expiration period of a DCM certificate. -- for Proof-of-Concept. -- @class DcmCertExpirationPoc DcmCertExpirationPoc ::= Duration (WITH COMPONENTS {hours(26448)}) -- 3 years + 1 week = 26,448 hours --- -- @brief This data type denotes the expiration period of a DCM certificate. -- for QA CV pilots. -- @class DcmCertExpirationCvp DcmCertExpirationCvpQa ::= Duration (WITH COMPONENTS {hours(17688)}) -- 2 years + 1 week = 17,688 hours --- -- @brief This data type denotes the expiration period of a DCM certificate. -- for PROD CV pilots. -- @class DcmCertExpirationCvpPrd1 -- @class DcmCertExpirationCvpPrd2 -- @class DcmCertExpirationCvpPrd3 DcmCertExpirationCvpPrd1 ::= Duration (WITH COMPONENTS {hours(26472)}) -- 1,103 days DcmCertExpirationCvpPrd2 ::= Duration (WITH COMPONENTS {hours(26448)}) -- 1,102 days DcmCertExpirationCvpPrd3 ::= Duration (WITH COMPONENTS {hours(12456)}) -- 519 days --- -- @brief This data type denotes the expiration period of a ECA certificate -- for Proof-of-Concept. -- @class EcaCertExpirationPoc EcaCertExpirationPoc ::= Duration (WITH COMPONENTS {years(11)}) --- -- @brief This data type denotes the expiration period of a ECA certificate -- for QA CV pilots. -- @class EcaCertExpirationCvpQa EcaCertExpirationCvpQa ::= Duration (WITH COMPONENTS {years(3)}) --- -- @brief This data type denotes the expiration period of a ECA certificate -- for PROD CV pilots. -- @class EcaCertExpirationCvpPrd1 -- @class EcaCertExpirationCvpPrd2 EcaCertExpirationCvpPrd1 ::= Duration (WITH COMPONENTS {sixtyHours(1084)}) -- 2,710 days, ~7.42 years EcaCertExpirationCvpPrd2 ::= Duration (WITH COMPONENTS {hours(38736)}) -- 1,614 days, ~4.42 years --- -- @brief This data type denotes the expiration period of an Elector -- certificate for Proof-of-Concept. -- @class ElectorCertExpirationPoc ElectorCertExpirationPoc ::= Duration (WITH COMPONENTS {years(12)}) --- -- @brief This data type denotes the expiration period of an Elector -- certificate for CV pilots. -- @class ElectorCertExpirationCvp ElectorCertExpirationCvp ::= Duration (WITH COMPONENTS {years(6)}) --- -- @brief This data type denotes the expiration period of a ICA certificate -- for Proof-of-Concept. -- @class IcaCertExpirationPoc IcaCertExpirationPoc ::= Duration (WITH COMPONENTS {years(13)}) --- -- @brief This data type denotes the expiration period of a ICA certificate -- for QA CV pilots. -- @class IcaCertExpirationCvpQa IcaCertExpirationCvpQa ::= Duration (WITH COMPONENTS {years(5)}) --- -- @brief This data type denotes the expiration period of a ICA certificate -- for PROD CV pilots. -- @class IcaCertExpirationCvpPrd IcaCertExpirationCvpPrd ::= Duration (WITH COMPONENTS {sixtyHours(1169)}) -- 2,922.5 days, ~8 years --- -- @brief This data type denotes the expiration period of a LA certificate -- for Proof-of-Concept. -- @class LaCertExpirationPoc LaCertExpirationPoc ::= Duration (WITH COMPONENTS {hours(26448)}) -- 3 years + 1 week = 26,448 hours --- -- @brief This data type denotes the expiration period of a LA certificate -- for QA CV pilots. -- @class LaCertExpirationCvpQa LaCertExpirationCvpQa ::= Duration (WITH COMPONENTS {hours(17688)}) -- 2 years + 1 week = 17,688 hours --- -- @brief This data type denotes the expiration period of a LA certificate -- for PROD CV pilots. -- @class LaCertExpirationCvpPrd1 -- @class LaCertExpirationCvpPrd2 -- @class LaCertExpirationCvpPrd3 LaCertExpirationCvpPrd1 ::= Duration (WITH COMPONENTS {hours(26472)}) -- 1,103 days LaCertExpirationCvpPrd2 ::= Duration (WITH COMPONENTS {hours(26448)}) -- 1,102 days LaCertExpirationCvpPrd3 ::= Duration (WITH COMPONENTS {hours(12456)}) -- 519 days --- -- @brief This data type denotes the expiration period of a MA certificate -- for Proof-of-Concept. -- @class MaCertExpirationPoc MaCertExpirationPoc ::= Duration (WITH COMPONENTS {hours(35208)}) -- 4 years + 1 week = 35,208 hours --- -- @brief This data type denotes the expiration period of a MA certificate -- for QA CV pilots. -- @class MaCertExpirationCvpQa MaCertExpirationCvpQa ::= Duration (WITH COMPONENTS {hours(17688)}) -- 2 years + 1 week = 17,688 hours --- -- @brief This data type denotes the expiration period of a PCA certificate -- for Proof-of-Concept. -- @class PcaCertExpirationPoc PcaCertExpirationPoc ::= Duration (WITH COMPONENTS {years(4)}) --- -- @brief This data type denotes the expiration period of a PCA certificate -- for QA CV pilots. -- @class PcaCertExpirationCvpQa PcaCertExpirationCvpQa ::= Duration (WITH COMPONENTS {hours(13140)}) -- 1.5 years = 13,140 hours --- -- @brief This data type denotes the expiration period of a PCA certificate -- for PROD CV pilots. -- @class PcaCertExpirationCvpPrd1 -- @class PcaCertExpirationCvpPrd2 -- @class PcaCertExpirationCvpPrd3 -- @class PcaCertExpirationCvpPrd4 -- @class PcaCertExpirationCvpPrd5 -- @class PcaCertExpirationCvpPrd6 PcaCertExpirationCvpPrd1 ::= Duration (WITH COMPONENTS {hours(35281)}) -- 35,281 hours, ~1,470.04 days, ~ 4.02 years PcaCertExpirationCvpPrd2 ::= Duration (WITH COMPONENTS {hours(35113)}) -- 35,113 hours, ~1,463.04 days, ~ 4.008 years PcaCertExpirationCvpPrd3 ::= Duration (WITH COMPONENTS {hours(30099)}) -- 30,099 hours = 1,254.125 days, ~ 3.44 years PcaCertExpirationCvpPrd4 ::= Duration (WITH COMPONENTS {hours(21363)}) -- 21,363 hours = 890.125 days, ~ 2.44 years PcaCertExpirationCvpPrd5 ::= Duration (WITH COMPONENTS {hours(12459)}) -- 12,459 hours = 519.125 days, ~ 1.42 years PcaCertExpirationCvpPrd6 ::= Duration (WITH COMPONENTS {hours(3723)}) -- 3,723 hours = 155.125 days = 0.425 years --- -- @brief This data type denotes the expiration period of a PG certificate -- for Proof-of-Concept. -- @class PgCertExpirationPoc PgCertExpirationPoc ::= Duration (WITH COMPONENTS {hours(35208)}) -- 4 years + 1 week = 35,208 hours --- -- @brief This data type denotes the expiration period of a PG certificate -- for QA CV pilots. -- @class PgCertExpirationCvpQa PgCertExpirationCvpQa ::= Duration (WITH COMPONENTS {hours(17688)}) -- 2 years + 1 week = 17,688 hours --- -- @brief This data type denotes the expiration period of a OBE enrollment -- certificate for Proof-of-Concept. -- @class ObeEnrollmentCertExpirationPoc ObeEnrollmentCertExpirationPoc ::= Duration (WITH COMPONENTS {years(6)}) --- -- @brief This data type denotes the expiration period of a OBE enrollment -- certificate for QA CV pilots. -- @class ObeEnrollmentCertExpirationCvpQa ObeEnrollmentCertExpirationCvpQa ::= Duration (WITH COMPONENTS {hours(0..4380)}) -- 6 month = 4,380 hours --- -- @brief This data type denotes the expiration period of a OBE enrollment -- certificate for PROD CV pilots. -- @class ObeEnrollmentCertExpirationCvpPrd ObeEnrollmentCertExpirationCvpPrd ::= Duration (WITH COMPONENTS {years(1..7)}) --- -- @brief This data type denotes the expiration period of a OBE identification -- certificate. -- @class ObeIdentificationCertExpiration ObeIdentificationCertExpiration ::= Duration (WITH COMPONENTS {hours(721)}) -- 1 month + 1 hour = 721 hours --- -- @brief This data type denotes the expiration period of a OBE pseudonym -- certificate. -- @class ObePseudonymCertExpiration ObePseudonymCertExpiration ::= Duration (WITH COMPONENTS {hours(169)}) -- 1 week + 1 hour = 169 hours --- -- @brief This data type denotes the expiration period of a RA certificate -- for Proof-of-Concept. -- @class RaCertExpirationPoc RaCertExpirationPoc ::= Duration (WITH COMPONENTS {hours(26448)}) -- 3 years + 1 week = 26,448 hours --- -- @brief This data type denotes the expiration period of a RA certificate -- for QA CV pilots. -- @class RaCertExpirationCvpQa RaCertExpirationCvpQa ::= Duration (WITH COMPONENTS {hours(17688)}) -- 2 years + 1 week = 17,688 hours --- -- @brief This data type denotes the expiration period of a RA certificate -- for PROD CV pilots. -- @class RaCertExpirationCvpPrd1 -- @class RaCertExpirationCvpPrd2 -- @class RaCertExpirationCvpPrd3 RaCertExpirationCvpPrd1 ::= Duration (WITH COMPONENTS {hours(26472)}) -- 1,103 days RaCertExpirationCvpPrd2 ::= Duration (WITH COMPONENTS {hours(26448)}) -- 1,102 days RaCertExpirationCvpPrd3 ::= Duration (WITH COMPONENTS {hours(12456)}) -- 519 days --- -- @brief This data type denotes the expiration period of a RSE application -- certificate. -- @class RseApplicationCertExpiration RseApplicationCertExpiration ::= Duration (WITH COMPONENTS {hours(169)}) -- 1 week + 1 hour = 169 hours --- -- @brief This data type denotes the expiration period of a RSE enrollment -- certificate for Proof-of-Concept. -- @class RseEnrollmentCertExpirationPoc RseEnrollmentCertExpirationPoc ::= Duration (WITH COMPONENTS {years(6)}) --- -- @brief This data type denotes the expiration period of a RSE enrollment -- certificate for QA CV pilots. -- @class RseEnrollmentCertExpirationCvpQa RseEnrollmentCertExpirationCvpQa ::= Duration (WITH COMPONENTS {years(0..1)}) --- -- @brief This data type denotes the expiration period of a RSE enrollment -- certificate for PROD CV pilots. -- @class RseEnrollmentCertExpirationCvpPrd RseEnrollmentCertExpirationCvpPrd ::= Duration (WITH COMPONENTS {years(1..7)}) --- -- @brief This data type denotes the expiration period of a Root CA certificate. -- @class RootCaCertExpirationPoc RootCaCertExpirationPoc ::= Duration (WITH COMPONENTS {years(17)}) --- -- @brief This data type denotes the expiration period of a Root CA certificate -- for QA CV pilots -- @class RootCaCertExpirationCvpQa RootCaCertExpirationCvpQa ::= Duration (WITH COMPONENTS {years(9)}) --- -- @brief This data type denotes the expiration period of a Root CA certificate -- for PROD CV pilots -- @class RootCaCertExpirationCvpPrd RootCaCertExpirationCvpPrd ::= Duration (WITH COMPONENTS {years(70)}) --- -- @brief This data type denotes the PSID for BSM usage i.e. 0x20. -- @class BsmPsid BsmPsid ::= Psid (32) --- -- @brief This data type denotes the PSID for security management i.e. 0x23. -- @class SecurityMgmtPsid SecurityMgmtPsid ::= Psid (35) --- -- @brief This data type denotes the PSID for misbehavior reporting i.e. 0x26. -- @class MisbehaviorReportingPsid MisbehaviorReportingPsid ::= Psid (38) --- -- @brief This data type denotes the PSID for misbehavior reporting i.e. 0x27. -- @class VulnerableRoadUsersSafetyPsid VulnerableRoadUsersSafetyPsid ::= Psid (39) --- -- @brief This data type denotes the PSID for uncompressed differential GPS -- corrections i.e. 0x80 -- @class DifferentialGpsCorrectionsUncompressedPsid DifferentialGpsCorrectionsUncompressedPsid ::= Psid (128) --- -- @brief This data type denotes the PSID for compressed differential GPS -- corrections i.e. 0x81 -- @class DifferentialGpsCorrectionsCompressedPsid DifferentialGpsCorrectionsCompressedPsid ::= Psid (129) --- -- @brief This data type denotes the PSID for intersection and safety -- awareness application i.e. 0x82 -- @class IntersectionSafetyAndAwarenessPsid IntersectionSafetyAndAwarenessPsid ::= Psid (130) --- -- @brief This data type denotes the PSID for traveller information and road -- side signage application i.e. 0x83 -- @class TravellerInformationAndRoadsideSignagePsid TravellerInformationAndRoadsideSignagePsid ::= Psid (131) --- -- @brief This data type denotes the PSID for WAVE service advertisement -- application i.e. 0x87 -- @class WaveServiceAdvertisementPsid WaveServiceAdvertisementPsid ::= Psid (135) --- -- @brief This data type denotes the PSID for Vehicle initiated distress -- notification applicaiton i.e. 0x4082 -- @class VehicleInitiatedDistressNotificationPsid VehicleInitiatedDistressNotificationPsid ::= Psid (16514) --- -- @brief This data type denotes the PSID for Transcore software update -- application i.e. 0x204083 -- @class TranscoreSoftwareUpdatePsid TranscoreSoftwareUpdatePsid ::= Psid (2113667) --- -- @brief This data type denotes the PSID for reserved CV pilot application #1 -- i.e. 0x204088 -- @class CVPApplication1Psid CVPApplication1Psid ::= Psid (2113672) --- -- @brief This data type denotes the PSID for reserved CV pilot application #2 -- i.e. 0x204089 -- @class CVPApplication2Psid CVPApplication2Psid ::= Psid (2113673) --- -- @brief This data type denotes the PSID for reserved CV pilot application #3 -- i.e. 0x20408A -- @class CVPApplication3Psid CVPApplication3Psid ::= Psid (2113674) --- -- @brief This data type denotes the PSID for reserved CV pilot application #4 -- i.e. 0x20408B -- @class CVPApplication4Psid CVPApplication4Psid ::= Psid (2113675) --- -- @brief This data type denotes the PSID for reserved CV pilot application #5 -- i.e. 0x20408C -- @class CVPApplication5Psid CVPApplication5Psid ::= Psid (2113676) --- -- @brief This data type denotes the PSID for reserved CV pilot application #6 -- i.e. 0x20408D -- @class CVPApplication6Psid CVPApplication6Psid ::= Psid (2113677) --- -- @brief This data type denotes the PSID for reserved CV pilot application #7 -- i.e. 0x20408E -- @class CVPApplication7Psid CVPApplication7Psid ::= Psid (2113678) --- -- @brief This data type denotes the PSID for reserved CV pilot application #8 -- i.e. 0x20408F -- @class CVPApplication8Psid CVPApplication8Psid ::= Psid (2113679) --- -- @brief This data type denotes the PSID for reserved CV pilot application #9 -- i.e. 0x204090 -- @class CVPApplication9Psid CVPApplication9Psid ::= Psid (2113680) --- -- @brief This data type denotes the PSID for reserved CV pilot application -- 10 i.e. 0x204091 -- @class CVPApplication10Psid CVPApplication10Psid ::= Psid (2113681) --- -- @brief This data type denotes the PSID for reserved CV pilot application -- 11 i.e. 0x204092 -- @class CVPApplication11Psid CVPApplication11Psid ::= Psid (2113682) --- -- @brief This data type denotes the PSID for reserved CV pilot application -- 12 i.e. 0x204093 -- @class CVPApplication12Psid CVPApplication12Psid ::= Psid (2113683) --- -- @brief This data type denotes the PSID for reserved CV pilot application -- 13 i.e. 0x204094 -- @class CVPApplication13Psid CVPApplication13Psid ::= Psid (2113684) --- -- @brief This data type denotes the PSID for reserved CV pilot application -- 14 i.e. 0x204095 -- @class CVPApplication14Psid CVPApplication14Psid ::= Psid (2113685) --- -- @brief This data type denotes the PSID for reserved CV pilot application -- 15 i.e. 0x204096 -- @class CVPApplication15Psid CVPApplication15Psid ::= Psid (2113686) --- -- @brief This data type denotes the PSID for reserved CV pilot application -- 16 i.e. 0x204097 -- @class CVPApplication16Psid CVPApplication16Psid ::= Psid (2113687) --- -- @brief This data type denotes CRL series for EE enrollment. -- @class EeEnrollmentCrlSeries EeEnrollmentCrlSeries ::= CrlSeries (4) --- -- @brief This data type denotes CRL series for EE non pseudonym certificates. -- @class EeNonPseudonymCrlSeries EeNonPseudonymCrlSeries ::= CrlSeries (3) --- -- @brief This data type denotes CRL series for OBE pseudonym certificates. -- @class ObePseudonymCrlSeries ObePseudonymCrlSeries ::= CrlSeries (1) --- -- @brief This data type denotes CRL series for SCMS components. -- @class ScmsComponentCrlSeries ScmsComponentCrlSeries ::= CrlSeries (2) --- -- @brief This data type denotes CRL series for special SCMS components. -- @class ScmsSpclComponentCrlSeries ScmsSpclComponentCrlSeries ::= CrlSeries (256) --- -- @brief This data type denotes a 256 bit private reconstruction key. -- @class EccP256PrivateKeyReconstruction EccP256PrivateKeyReconstruction ::= OCTET STRING(SIZE(32)) --- -- @brief This data type is used by LA to respond to linkage value requests -- from MA with an encrypted individual pre-linkage value. -- @class EncryptedIndividualPLV -- @param version contains the current version of the data type. The version -- specified in this document is version 1, represented by the -- integer 1. -- @param LaId identifies which LA created PLV. -- @param enc-plv the ciphertext field in enc-plv decrypts to a -- ToBeEncryptedIndividualPLV. It contains a Pointer to the -- used encryption key. The encryption key is identified by the -- hash of key agreement (PCA's initial request). -- @see Uint8, LaId, EncryptedData EncryptedIndividualPLV ::= SEQUENCE { version Uint8(1), laId LaId, enc-plv EncryptedData (WITH COMPONENTS { recipients (SIZE (1) INTERSECTION (WITH COMPONENT ( RecipientInfo (WITH COMPONENTS { symmRecipInfo })))) }) } --- -- @brief This data type denotes 64 0-bits. It is used for padding purposes. -- @class zero8 zero8 OCTET STRING ::= '0000000000000000'H --- -- @brief This data type contains the PLV information that is signed by PCA at -- scms-protocol level. -- @class ToBeEncryptedIndividualPLV --- @param iValue denotes the week number from i=0 (i.e. 4:00 am Eastern Time -- on Tuesday, January 6, 2015) -- @param plv denotes a pre-linkage value. -- @see IValue ToBeEncryptedIndividualPLV ::= SEQUENCE { iValue IValue, plv PreLinkageValue } --- -- @brief This data type encloses all information for a Linkage Chain -- Identifier (LCI). -- @class LinkageChainId -- @param recipients contains the information of who is going to receive the -- LCI. -- @param ciphertext contains the encrypted LinkageSeed information. LinkageChainId ::= EncryptedData (WITH COMPONENTS { recipients (SIZE (1) INTERSECTION (WITH COMPONENT ( RecipientInfo (WITH COMPONENTS { symmRecipInfo })))), ciphertext } ) --- -- @brief This data type denotes a 72 bit (9 byte) pre-linkage value. -- @class PreLinkageValue PreLinkageValue ::= OCTET STRING (SIZE(9)) --- -- @brief This data type denotes a 32 byte hash value. -- @class FullSizeHash FullSizeHash ::= OCTET STRING (SIZE(32)) --- -- @brief This data type denotes the 255 bit unique hostname of RA. -- @class RaHostnameId RaHostnameId ::= Hostname --- -- @brief This data type denotes the 255 bit unique hostname of PCA. -- @class PcaHostnameId PcaHostnameId ::= Hostname --- -- @brief This data type denotes the 255 bit unique hostname of MA. -- @class MaHostnameId MaHostnameId ::= Hostname --- -- @brief This data type denotes the 255 bit unique hostname of LA. -- @class LaHostnameId LaHostnameId ::= Hostname --- -- @brief This data type denotes the Hash of Pseudonym Certificate Request. -- @class HPCR HPCR ::= FullSizeHash --- -- @brief This data type encloses a linkage seed and the ID of an LA providing -- it. This structure is sent by the LA to the MA in response to a -- linkage a seed request. -- @class LinkageSeedAndLaId -- @param linkageSeed denotes a linkage seed corresponding to an entity in the -- SCMS. -- @param laId is the 16 bit unique ID of an LA. -- @see LinkageSeed, LaId LinkageSeedAndLaId ::= SEQUENCE { linkageSeed LinkageSeed, laId LaId } --- -- @brief This data type encloses a signature and the corresponding signer. -- @class SignatureAndSignerIdentifier -- @param signer is the entity putting its signature. -- @param signature is the digital signature corresponding to the signer. -- @see SignerIdentifier, Signature SignatureAndSignerIdentifier ::= SEQUENCE { signer SignerIdentifier, signature Signature } --- -- @brief This data type encloses an encrypted PLV and its corresponding host. -- @class EncryptedPlvAndHostInfo -- @param encryptedPLV is the encrypted PLV corresponding to hostname. -- @param hostname is the name of the host corresponding to encrypted PLV -- in this data type. -- @see Hostname EncryptedPlvAndHostInfo ::= SEQUENCE { encryptedPLV EncryptedIndividualPLV, hostname Hostname } --- -- @brief This data type groups the hash of the pseudonym certificate -- request (HPCR) and the hostname of the RA that requested the -- certificate. Appears in messages exchanged between the MA and -- the PCA. -- @class HPCRAndHostInfo -- @param hpcr is the hash of pseudonym certificate of the host. -- @param hostname is the name of the host corresponding to hpcr in this data -- type. -- @see Hostname HPCRAndHostInfo ::= SEQUENCE { hpcr HPCR, hostname Hostname } --- -- @brief This data type cotains pairs of LCI and its host information. This -- structure appears in messages exchanged between the MA and the RA. -- @class LCIAndHostInfo -- @param iMax denotes the upper bound of i for which the PLVs are requested. -- @param la1-lci is the linkage chain ID of LA1. -- @param la2-lci is the linkage chain ID of LA2. -- @param la1-id is a 256 bit unique hostname ID of LA1. -- @param la2-id is a 256 bit unique hostname ID of LA2. LCIAndHostInfo ::= SEQUENCE { iMax OCTET STRING (SIZE (4)), la1-lci LinkageChainId, la2-lci LinkageChainId, la1-id LaHostnameId, la2-id LaHostnameId } --- -- @brief This data type is called a Revocation Identifier (RIF) and is an -- 8-byte hash of an enrollment certificate. -- @class RIF RIF ::= HashedId8 END
-- (C) Copyright 2017, 2018 Crash Avoidance Metrics Partners LLC, VSC5 Consortium -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. -- ------------------------------------------------------------------------------- -- SCMS-ERRORS -- -- The structure in this file defines the possible error occuring during the -- management of component certificates. -- -- This file is part of the SCMS protocol developed by CAMP VSC5 -- It depends on the IEEE 1609.2 protocol specification ------------------------------------------------------------------------------- -- @namespace Ieee1609dot2ScmsError Ieee1609dot2ScmsError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) complete (1) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; IMPORTS ScmsCommonError FROM Ieee1609dot2ScmsCommonError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) common(2) major-version-2(2)} ComponentCertificateManagementError FROM Ieee1609Dot2ScmsComponentCertificateManagementError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) component-certificate-management(3) major-version-2(2)} EcaEndEntityError FROM Ieee1609Dot2EcaEndEntityError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) eca-ee(5) major-version-2(2)} LaMaError FROM Ieee1609Dot2LaMaError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) la-ma(9) major-version-2(2)} LaPcaError FROM Ieee1609Dot2LaPcaError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) la-pca(10) major-version-2(2)} LaRaError FROM Ieee1609Dot2LaRaError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) la-ra(11) major-version-2(2)} MaPcaError FROM Ieee1609Dot2MaPcaError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) ma-pca(13) major-version-2(2)} MaRaError FROM Ieee1609Dot2MaRaError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) ma-ra(14) major-version-2(2)} PcaRaError FROM Ieee1609Dot2PcaRaError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) pca-ra(15) major-version-2(2)} RaPgError FROM Ieee1609Dot2RaPgError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) ra-pg(16) major-version-2(2)} ; --- -- @brief Possible errors in the SCMS -- @class ScmsError -- @param -- @see ScmsError ::= CHOICE { common ScmsCommonError, ccm ComponentCertificateManagementError, eca-ee EcaEndEntityError, la-ma LaMaError, la-pca LaPcaError, la-ra LaRaError, ma-pca MaPcaError, ma-ra MaRaError, pca-ra PcaRaError, ra-pg RaPgError, ... } --- -- @brief Management of certificates of SCMS component errors -- @class ScopedComponentCertificateManagementError -- @param -- @see ScopedComponentCertificateManagementError ::= ScmsError (WITH COMPONENTS {common} | WITH COMPONENTS {ccm}) --- -- @brief ECA-EE errors -- @class ScopedEcaEndEntityError -- @param -- @see ScopedEcaEndEntityError ::= ScmsError (WITH COMPONENTS {common} | WITH COMPONENTS {eca-ee}) --- -- @brief This type is not used (see following la-ma errors) -- @class ScopedLaMaError -- @param -- @see ScopedLaMaError ::= ScmsError (WITH COMPONENTS {common} | WITH COMPONENTS {la-ma}) --- -- @brief Linkage information request errors -- @class ScopedLaMaLIError -- @param -- @see ScopedLaMaLIError ::= ScmsError (WITH COMPONENTS {common} | WITH COMPONENTS {la-ma (WITH COMPONENTS {la-ma-base-error} | WITH COMPONENTS {la-ma-linkage-info-error})} ) --- -- @brief Linkage seed request errors -- @class ScopedLaMaLSError -- @param -- @see ScopedLaMaLSError ::= ScmsError (WITH COMPONENTS {common} | WITH COMPONENTS {la-ma (WITH COMPONENTS {la-ma-base-error} | WITH COMPONENTS {la-ma-linkage-seed-error})} ) --- -- @brief LA-PCA errors -- @class ScopedLaPcaError -- @param -- @see ScopedLaPcaError ::= ScmsError (WITH COMPONENTS {common} | WITH COMPONENTS {la-pca}) --- -- @brief LA-RA errors -- @class ScopedLaRaError -- @param -- @see ScopedLaRaError ::= ScmsError (WITH COMPONENTS {common} | WITH COMPONENTS {la-ra}) --- -- @brief MA-PCA errors -- @class ScopedMaPcaError -- @param -- @see ScopedMaPcaError ::= ScmsError (WITH COMPONENTS {common} | WITH COMPONENTS {ma-pca}) --- -- @brief MA-RA errors -- @class ScopedMaRaError -- @param -- @see ScopedMaRaError ::= ScmsError (WITH COMPONENTS {common} | WITH COMPONENTS {ma-ra}) --- -- @brief Blacklist request errors -- @class ScopedMaRaBlacklistError -- @param -- @see ScopedMaRaBlacklistError ::= ScmsError (WITH COMPONENTS {common} | WITH COMPONENTS {ma-ra (WITH COMPONENTS {ma-ra-base-error} | WITH COMPONENTS {ma-ra-blacklist-error})} ) --- -- @brief Linkage chain identifier request errors -- @class ScopedMaRaLCIError -- @param -- @see ScopedMaRaLCIError ::= ScmsError (WITH COMPONENTS {common} | WITH COMPONENTS {ma-ra (WITH COMPONENTS {ma-ra-base-error} | WITH COMPONENTS {ma-ra-lci-error})} ) --- -- @brief PCA-RA errors -- @class ScopedPcaRaError -- @param -- @see ScopedPcaRaError ::= ScmsError (WITH COMPONENTS {common} | WITH COMPONENTS {pca-ra}) --- -- @brief -- @class ScopedPcaRaError -- @param -- @see ScopedRaPgError ::= ScmsError (WITH COMPONENTS {common} | WITH COMPONENTS {ra-pg}) END
-- (C) Copyright 2017, 2018 Crash Avoidance Metrics Partners LLC, VSC5 Consortium -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. -- ------------------------------------------------------------------------------- -- SCMS-POLICY -- -- The structures in this file define the different policies in SCMS, such as -- Global and Local Policy files. -- -- Each resides in its own file and is signed by one or more components -- to ensure the policy is valid. Policies affect not only EEs, but backend -- SCMS components as well. -- -- This file is part of the SCMS protocol developed by CAMP VSC5 -- It depends on the IEEE 1609.2 protocol specification ------------------------------------------------------------------------------- -- @namespace Ieee1609dot2ScmsPolicyTypes Ieee1609dot2ScmsPolicyTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) policy-types(500) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; IMPORTS Countersignature, ExplicitCertificate, Ieee1609Dot2Data, SequenceOfCertificate FROM IEEE1609dot2 {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) schema(1) major-version-2(2)} Duration, Hostname, Opaque, Time64, Uint8, Uint16, Uint32, Uint64 FROM IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2)} LaHostnameId, PcaHostnameId, RaHostnameId FROM Ieee1609dot2ScmsBaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) interfaces(1) base-types(2) major-version-2(2)} ; --- -- @brief The PolicyFiles structure defines the parent structure for all -- policy files (GCCF & LCCF). Each policy file resides in its own file -- and its signed by one or more components. to ensure the policy is -- valid. -- @class PolicyFiles -- @param globalPolicyFile contains the global policy file generated by Policy -- Generator (PG). -- @param localPolicyFile contains the local policy file genrated by a -- Registration Authority (RA). Note that RA has to -- get this signed by PG before sending to EEs. PolicyFiles ::= CHOICE { globalPolicyFile GlobalPolicyFile, localPolicyFile LocalPolicyFile, ... } --- -- @brief This data type defines the inherent policy file structure created -- either by PG or RA. -- @class BasePolicyFile -- @param version defines the version of BasePolicyFile. Currently, it is -- denoted by integer 1. -- @param tbsData is the policy data that is signed by PG at the scms -- protocol level. -- @param signatures denote the counter signatures that are generated by -- auditors of the policy file. Note that PG or RA must -- obtain these signatures before sending to any EE. -- @see Uint8, Countersignature BasePolicyFile ::= SEQUENCE { version Uint8(1), tbsData ToBeSignedPolicyData, -- countersignatures generated by auditors of the policy file signatures SEQUENCE SIZE(1..MAX) OF Countersignature, ... } --- -- @brief This data type contains the policy file data that is signed by the -- PG at scms-protocol level. -- @class ToBeSignedPolicyData -- @param policyID denotes the unique identifier for a policy file. -- @param generationTime is the point of time when a policy file was generated. -- @param activeTime is the duration of time for which the policy file is -- valid. -- @param policy is the policy data for either global, local or custom -- file. -- @see Time64 ToBeSignedPolicyData ::= SEQUENCE { policyID OCTET STRING (SIZE (0..32)), generationTime Time64, activeTime Time64, policy Policy, ... } --- -- @brief This data type is generated by PG and contains global policy data. -- @class GlobalPolicyFile -- @param tbsData is the policy data that is signed by PG at scms-protocol level. GlobalPolicyFile ::= BasePolicyFile (WITH COMPONENTS {..., tbsData( WITH COMPONENTS {..., policy(WITH COMPONENTS {..., global PRESENT }) }) }) --- -- @brief This data type is generated by an RA and contains local policy data -- derived from global policy data. -- Because the RA is allowed to remove fields from the GPF which are not -- relevant to the OBUs and/or RSUs under its jurisdiction, it must request -- that Policy Generator signs the 'custom' portion. This ensures the customized -- GPF is consistent with the actual GPF. The signature of the PG will appear in -- the 'signatures' field of the 'globalParameters'. -- -- The 'localParameters' section of the policy is signed by the RA, and its -- signature should appear in the 'signatures' section as well as any other -- auditors of the LPF. -- -- The LocalPolicyFile is encapsulated by the SignedLocalPolicyFile defined -- in scms-protocol.asn, which is signed by the RA. -- @class LocalPolicyFile -- @param globalParameters denotes all the values inherited from -- GlobalPolicyFile. -- @param localParameters denotes all values defined by RA for local policy -- file specifically. LocalPolicyFile ::= SEQUENCE { globalParameters BasePolicyFile (WITH COMPONENTS {..., tbsData( WITH COMPONENTS {..., policy( WITH COMPONENTS {..., custom PRESENT }) }) }), localParamters BasePolicyFile (WITH COMPONENTS {..., tbsData( WITH COMPONENTS {..., policy( WITH COMPONENTS {..., local PRESENT }) }) }) } --- -- @brief This data type contains policy file data depending on the type of -- policy file i.e. global, local or custom. -- @class Policy -- @param global denotes global policy data. -- @param custom denotes custom policy data. -- @param local denotes local policy data. Policy ::= CHOICE { global GlobalPolicyData, custom CustomPolicyData, local LocalPolicyData, ... } --- -- @brief This data type contains global policy data generated by PG. -- This structure defines the parameters of the Global Policy -- -- This structure contains an array of temporal series, where each temporal -- serie applies to a particular parameter of the policy. The syntax of these -- temporal series follows the following format: -- -- temporalSeriesOfXXX { -- initialXXX XXX -- intervals SEQUENCE SIZE(0..N) OF SEQUENCE { -- startTime Time64 -- xxx XXX -- } -- } -- -- where: -- -- initialXXX initial value of parameter of type XXX -- startTime timestamp in future when value takes effect -- xxx value of parameter -- XXX type of parameter -- @class GlobalPolicyData -- @param temporalSeriesOfScmsVersion SCMS Version, default value is 1 -- @param temporalSeriesOfCertChainFileID File ID number of the current GCCF -- @param temporalSeriesOfOverdueCrlTolerance max time to operate without a new -- CRL, specified in weeks (4 bytes) -- @param temporalSeriesOfIPeriod i-value / i-period; default: 1 week -- @param temporalSeriesOfMinCertsPerIPeriod minimum certs per i-period; default: 20 -- @param temporalSeriesOfCertValidityModel pseudonym cert validity model - -- "concurrent" or "non-concurrent" -- @param temporalSeriesOfMaxAvailableCertSupply max time covered by a certificate -- batch in years, default: 3 years -- @param temporalSeriesOfMaxCertRequestAge maximum time for individual cert -- request; to remain in aggregator; -- default: 2 days -- @param temporalSeriesOfShuffleThreshold minimum # of individual cert requests -- before shuffle/send to PCA; default: 1000 -- @param temporalSeriesOfHashOfRequestSize bytes in "hash of request" between -- PCA and RA for individual cert requests; default: 32 -- @param temporalSeriesOfMaxGpfGccfRetrievalInterval maximum interval (in hours) before -- retreiving new GPF or GCCF; default: 1 hour -- @param temporalSeriesOfRseApplicationCertValidity validity time for an RSE cert (in hours) -- Default value is 1 week + 1 hour = 168 hours -- @param temporalSeriesOfRseApplicationCertOVerlap RSE application cert overlap; Default value is 1 hour -- @see Time64 GlobalPolicyData ::= SEQUENCE { temporalSeriesOfScmsVersion SEQUENCE { initialScmsVersion ScmsVersion DEFAULT 1, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, scmsVersion ScmsVersion } } OPTIONAL, temporalSeriesOfCertChainFileID SEQUENCE { initialGlobalCertChainFileID GlobalCertChainFileID, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, globalCertChainFileID GlobalCertChainFileID } } OPTIONAL, temporalSeriesOfOverdueCrlTolerance SEQUENCE { initialOverdueCrlTolerance OverdueCrlTolerance, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, overdueCrlTolerance OverdueCrlTolerance } } OPTIONAL, temporalSeriesOfIPeriod SEQUENCE { initialIPeriod IPeriod, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, iPeriod IPeriod } } OPTIONAL, temporalSeriesOfMinCertsPerIPeriod SEQUENCE { initialMinCertsPerIPeriod MinCertsPerIPeriod DEFAULT 20, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, minCertsPerIPeriod MinCertsPerIPeriod } } OPTIONAL, temporalSeriesOfCertValidityModel SEQUENCE { initialCertValidityModel CertValidityModel, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, certValidityModel CertValidityModel } } OPTIONAL, temporalSeriesOfMaxAvailableCertSupply SEQUENCE { initialMaxAvailableCertSupply MaxAvailableCertSupply, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, maxAvailableCertSupply MaxAvailableCertSupply } } OPTIONAL, temporalSeriesOfMaxCertRequestAge SEQUENCE { initialMaxCertRequestAge MaxCertRequestAge, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, maxCertRequestAge MaxCertRequestAge } } OPTIONAL, temporalSeriesOfShuffleThreshold SEQUENCE { initialShuffleThreshold ShuffleThreshold DEFAULT 1000, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, shuffleThreshold ShuffleThreshold } } OPTIONAL, temporalSeriesOfHashOfRequestSize SEQUENCE { initialHashOfRequestSize HashOfRequestSize DEFAULT 32, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, hashOfRequestSize HashOfRequestSize } } OPTIONAL, temporalSeriesOfMaxGpfGccfRetrievalInterval SEQUENCE { initialMaxGpfGccfRetrievalInterval MaxGpfGccfRetrievalInterval, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, maxGpfGccfRetrievalInterval MaxGpfGccfRetrievalInterval } } OPTIONAL, temporalSeriesOfRseApplicationCertValidity SEQUENCE { initialRseApplicationCertValidity RseApplicationCertValidity, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, rseApplicationCertValidity RseApplicationCertValidity } } OPTIONAL, temporalSeriesOfRseApplicationCertOVerlap SEQUENCE { initialRseApplicationCertOverlap RseApplicationCertOverlap, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, rseApplicationCertOverlap RseApplicationCertOverlap } } OPTIONAL, ... } --- -- @brief This data type defines the current scms version. -- @class ScmsVersion ScmsVersion ::= Uint8 --- -- @brief This data type denotes the 16-byte global certificate chain ID. -- @class GlobalCertChainFileID GlobalCertChainFileID ::= Uint16 --- -- @brief This data type denotes the maximum time to operate without a new CRL, -- specified in weeks (4 bytes) -- @class OverdueCrlTolerance OverdueCrlTolerance ::= Duration --- -- @brief This data type denotes the i-value / i-period; default -- @class IPeriod IPeriod ::= Duration --- -- @brief This data type denotes the minimum certs per i-period -- @class MinCertsPerIPeriod MinCertsPerIPeriod ::= Uint8 --- -- @brief This data type denotes the pseudonym cert validity model - -- concurrent" or "non-concurrent" -- @class CertValidityModel -- @param concurrent certificates for an i-period are all simultaneous valid. -- @param non-concurrent certificates for an i-period are sequentially valid. CertValidityModel ::= ENUMERATED { concurrent (1), non-concurrent (2), ... } --- -- @brief This data type denotes the maximum time covered by a certificate -- batch in years. -- @class MaxAvailableCertSupply MaxAvailableCertSupply ::= Duration --- -- @brief This data type denotes the maximum time for individual certificate -- request. -- @class MaxCertRequestAge MaxCertRequestAge ::= Duration --- -- @brief This data type denotes the minimum number of individual certificate -- requests before shuffle/send to PCA. -- @class ShuffleThreshold ShuffleThreshold ::= Uint32 --- -- @brief This data type denotes the number of bytes in "has of request" -- between PCA and RA for indicidaul certificate requests. -- @class HashOfRequestSize HashOfRequestSize ::= Uint8 --- -- @brief This data type denotes the maximum interval (in hours) before -- retrieving new GPF and GCCF. -- @class MaxGpfGccfRetrievalInterval MaxGpfGccfRetrievalInterval ::= Duration --- -- @brief This data type denotes the validity time for an RSE certificate (in -- hours). -- @class RseApplicationCertValidity RseApplicationCertValidity ::= Duration --- -- @brief This data type denotes the RSE certificate overlap period (in hours). -- @class RseApplicationCertOverlap RseApplicationCertOverlap ::= Duration --- -- @brief This type is used by an RA that wants to create a custom version of -- the GlobalPolicyData. This structure adds an element with the RA's -- ID to differentiate it from a conventional GlobalPolicyFile. -- @class CustomPolicyData -- @param requestingRaHostname is the 256-bit unique hostname of the RA -- requesting custom policy data. -- @param globalPolicy is the global policy file data. -- @see RaHostnameId CustomPolicyData ::= SEQUENCE { requestingRaHostname RaHostnameId OPTIONAL, -- Hostname of the RA that customized this policy data globalPolicy GlobalPolicyData, ... } --- -- @brief This data type contains local policy data generated by RA from -- global policy data derived from GPF of PG. -- @class LocalPolicyData -- @param temporalSeriesOfShuffleThreshold minimum # of individual cert -- requests before shuffle/send -- to PCA. -- @param temporalSeriesOfCertsPerIPeriod certs per i-period. -- overrides global value); -- default: 20 -- @param temporalSeriesOfLaOneHost LA1 256-bit unique hostname. -- @param temporalSeriesOfLaTwoHost LA2 256-bit unique hostname. -- @param temporalSeriesOfPcaHost PCA 256-bit unique hostname. -- @param temporalSeriesOfRaX509TlsCert RA TLS certificate for -- connection over HTTP. -- @param temporalSeriesOfLaX509TlsCert LA TLS certificate. -- @param temporalSeriesOfPcaX509TlsCert PCA TLS certificate. -- @param temporalSeriesOfSharedKeyUpdateInterval maximum time between changes -- to pre-linkage value enc/dec -- key. -- @see Time64, LaHostnameId, RaHostnameId, PcaHostnameId LocalPolicyData ::= SEQUENCE { temporalSeriesOfShuffleThreshold SEQUENCE { initialShuffleThreshold ShuffleThreshold, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, shuffleThreshold ShuffleThreshold } } OPTIONAL, temporalSeriesOfCertsPerIPeriod SEQUENCE { initialCertsPerIPeriod CertsPerIPeriod DEFAULT 20, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, certsPerIPeriod CertsPerIPeriod } } OPTIONAL, temporalSeriesOfLaOneHost SEQUENCE { initialLaOneHost LaHostnameId, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, laOneHost LaHostnameId } } OPTIONAL, temporalSeriesOfLaTwoHost SEQUENCE { initialLaTwoHost LaHostnameId, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, laTwoHost LaHostnameId } } OPTIONAL, temporalSeriesOfPcaHost SEQUENCE { initialPcaHost PcaHostnameId, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, pcaHost PcaHostnameId } } OPTIONAL, temporalSeriesOfRaX509TlsCert SEQUENCE { initialRaX509TlsCert X509TlsCert, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, raX509TlsCert X509TlsCert } } OPTIONAL, temporalSeriesOfLaX509TlsCert SEQUENCE { initialLaX509TlsCert X509TlsCert, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, laX509TlsCert X509TlsCert } } OPTIONAL, temporalSeriesOfPcaX509TlsCert SEQUENCE { initialPcaX509TlsCert X509TlsCert, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, pcaX509TlsCert X509TlsCert } } OPTIONAL, temporalSeriesOfSharedKeyUpdateInterval SEQUENCE { initialSharedKeyUpdateInterval SharedKeyUpdateInterval, intervals SEQUENCE SIZE(0..MAX) OF SEQUENCE { startTime Time64, sharedKeyUpdateInterval SharedKeyUpdateInterval } } OPTIONAL, ... } --- -- @brief This data type denotes the certificates per i-period. This overrides -- the global value. -- @class CertsPerIPeriod CertsPerIPeriod ::= Uint8 --- -- @brief This data type denotes the TLS certificate for secure communication -- over HTTP. -- @class X509TlsCert X509TlsCert ::= Opaque --- -- @brief This data type denotes the maximum time between changes to pre -- linkage value encryption/decryption key. -- @class SharedKeyUpdateInterval SharedKeyUpdateInterval ::= Duration END
-- (C) Copyright 2017, 2018 Crash Avoidance Metrics Partners LLC, VSC5 Consortium -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. -- ------------------------------------------------------------------------------- -- SCMS-COMMON-ERRORS -- -- The structure in this file defines a common error structure for the SCMS -- components. -- -- This file is part of the SCMS protocol developed by CAMP VSC5 -- It depends on the IEEE 1609.2 protocol specification ------------------------------------------------------------------------------- -- @namespace Ieee1609dot2ScmsCommonError Ieee1609dot2ScmsCommonError {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) scms(4) errors(2) common(2) major-version-2(2)} DEFINITIONS AUTOMATIC TAGS ::= BEGIN EXPORTS ALL; --- -- @brief Common error structure -- @class ScmsCommonError -- @param -- @see ScmsCommonError ::= ENUMERATED { baseline(1), ... } END
1609dot2-schema.asn
1609dot2-base-types.asn
Attachments:
OBEIdentification Certificate (application/drawio)
OBEIdentification Certificate.png (image/png)
RequestIDCertificates (application/drawio)
RequestIDCertificates.png (image/png)