TS103097 and TS102941 modules

EtsiTs102941BaseTypes

{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) baseTypes(3) version1(1) }

DEFINITIONS AUTOMATIC TAGS ::=

BEGIN

IMPORTS

HashedId8, Time32, PublicEncryptionKey, PublicVerificationKey, Signature

FROM

IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111) 

standards-association-numbered-series-standards(2) wave-stds(1609)  

dot2(2) base(1) base-types(2) major-version-2(2)}

CertificateId, SubjectAssurance, SequenceOfPsidSsp, SequenceOfPsidGroupPermissions, ValidityPeriod, GeographicRegion

FROM 

IEEE1609dot2 {iso(1) identified-organization(3) ieee(111) 

standards-association-numbered-series-standards(2) wave-stds(1609)  

dot2(2) base (1) schema (1) major-version-2(2)}

EtsiTs103097Data-Encrypted, EtsiTs103097Data-Signed, EtsiTs103097Data-SignedExternalPayload

FROM EtsiTs103097Module

{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103097) securedMessageV1(0)}

;

CertificateFormat::= INTEGER {

  ts103097v131 (1)

  }(1..255)

CertificateSubjectAttributes ::= SEQUENCE {

  id 			CertificateId OPTIONAL,

  validityPeriod        ValidityPeriod OPTIONAL,

  region                GeographicRegion OPTIONAL,

  assuranceLevel        SubjectAssurance OPTIONAL,

  appPermissions        SequenceOfPsidSsp OPTIONAL,

  certIssuePermissions  SequenceOfPsidGroupPermissions OPTIONAL,

  ...

  }(WITH COMPONENTS { ..., appPermissions PRESENT} |

   WITH COMPONENTS { ..., certIssuePermissions PRESENT})

EcSignature::= CHOICE {

  encryptedEcSignature 	EtsiTs103097Data-Encrypted{EtsiTs103097Data-SignedExternalPayload}, 

  ecSignature           EtsiTs103097Data-SignedExternalPayload

  }

PublicKeys ::= SEQUENCE {

  verificationKey       PublicVerificationKey,

  encryptionKey         PublicEncryptionKey OPTIONAL

  }

Version ::= INTEGER {v1(1)}

EtsiTs103097Data-Encrypted-Unicast {ToBeEncryptedDataContent} ::= EtsiTs103097Data-Encrypted {ToBeEncryptedDataContent}

(WITH COMPONENTS {...,

  content (WITH COMPONENTS {

    encryptedData (WITH COMPONENTS {...,

       recipients (SIZE(1))

    })

  })

})

EtsiTs103097Data-SignedAndEncrypted-Unicast {ToBesignedAndEncryptedDataContent} ::= EtsiTs103097Data-Encrypted-Unicast {EtsiTs103097Data-Signed {ToBesignedAndEncryptedDataContent}} 

END

/*************************************************************************************

   This file contains the EtsiTs102941Messages module containing all possible PKI messages.

   It should be used when all PKI messages needs to be implemented (for example, for CA development)

**************************************************************************************/

EtsiTs102941MessagesCa

  { itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) messagesCa(0) version1(1)}

DEFINITIONS AUTOMATIC TAGS ::=

BEGIN

IMPORTS

EtsiTs103097Data-Signed,

--EtsiTs103097Data-Encrypted,

EtsiTs103097Data-SignedExternalPayload

--EtsiTs103097Data-SignedAndEncrypted

FROM EtsiTs103097Module

{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103097) securedMessageV1(0)}

Version,

EtsiTs103097Data-Encrypted-Unicast,

EtsiTs103097Data-SignedAndEncrypted-Unicast

FROM EtsiTs102941BaseTypes

{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) baseTypes(3) version1(1) }

InnerEcRequestSignedForPop, InnerEcResponse

FROM EtsiTs102941TypesEnrolment

{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) enrolment(4) version1(1) }

InnerAtRequest, InnerAtResponse

FROM EtsiTs102941TypesAuthorization

{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) authorization(5) version1(1) }

ToBeSignedCrl, ToBeSignedTlmCtl, ToBeSignedRcaCtl

FROM EtsiTs102941TrustLists

{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) trustLists(6) version1(1) }

AuthorizationValidationRequest, AuthorizationValidationResponse

FROM EtsiTs102941TypesAuthorizationValidation

{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) authValidation(7) version1(1) }

CaCertificateRequest

FROM EtsiTs102941TypesCaManagement

{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) caManagement(8) version1(1) }

;

/************

-- Messages

************/

EnrolmentRequestMessage ::= EtsiTs103097Data-SignedAndEncrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{enrolmentRequest PRESENT})})} 

EnrolmentResponseMessage ::= EtsiTs103097Data-SignedAndEncrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{enrolmentResponse PRESENT})})} 

AuthorizationRequestMessage ::= EtsiTs103097Data-Encrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationRequest PRESENT})})} 

AuthorizationRequestMessageWithPop ::= EtsiTs103097Data-SignedAndEncrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationRequest PRESENT})})} 

AuthorizationResponseMessage ::= EtsiTs103097Data-SignedAndEncrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationResponse PRESENT})})} 

CertificateRevocationListMessage ::= EtsiTs103097Data-Signed{EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{certificateRevocationList PRESENT})})}

TlmCertificateTrustListMessage ::= EtsiTs103097Data-Signed{EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{certificateTrustListTlm PRESENT})})}

RcaCertificateTrustListMessage ::= EtsiTs103097Data-Signed{EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{certificateTrustListRca PRESENT})})}

AuthorizationValidationRequestMessage ::= EtsiTs103097Data-SignedAndEncrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationValidationRequest PRESENT})})} 

AuthorizationValidationResponseMessage ::= EtsiTs103097Data-SignedAndEncrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationValidationResponse PRESENT})})} 

CaCertificateRequestMessage ::= EtsiTs103097Data-Signed {EtsiTs102941Data(WITH COMPONENTS{..., content (WITH COMPONENTS{caCertificateRequest PRESENT})})}

CaCertificateRekeyingMessage ::= EtsiTs103097Data-Signed {EtsiTs103097Data-Signed {EtsiTs102941Data(WITH COMPONENTS{..., content (WITH COMPONENTS{caCertificateRequest PRESENT})})}}

/************

-- EtsiTs102941Data

************/

EtsiTs102941Data::= SEQUENCE {

  version Version (v1),

  content EtsiTs102941DataContent

  }

EtsiTs102941DataContent ::= CHOICE {

  enrolmentRequest                        InnerEcRequestSignedForPop,

  enrolmentResponse                       InnerEcResponse,

  authorizationRequest                    InnerAtRequest,

  authorizationResponse                   InnerAtResponse,

  certificateRevocationList               ToBeSignedCrl,

  certificateTrustListTlm                 ToBeSignedTlmCtl,

  certificateTrustListRca                 ToBeSignedRcaCtl,

  authorizationValidationRequest          AuthorizationValidationRequest,

  authorizationValidationResponse         AuthorizationValidationResponse,

  caCertificateRequest                    CaCertificateRequest,

  ...

  }

END

/*************************************************************************************

   This file contains the EtsiTs102941MessagesItss module providing the ITS-S subset 

   of messages defined in the module EtsiTs102941MessagesCA

   It should **NEVER** be imported together with the module EtsiTs102941MessagesCA.

   Use the EtsiTs102941MessagesCA if all possible PKI message types are needed.

   This module blocks the usage of unencrypted EC signature for AA requests.

**************************************************************************************/

EtsiTs102941MessagesItss

  { itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) messagesItss(1) version1(1)}

DEFINITIONS AUTOMATIC TAGS ::=

BEGIN

IMPORTS

EtsiTs103097Data-Signed

--EtsiTs103097Data-Encrypted,

--EtsiTs103097Data-SignedAndEncrypted

FROM EtsiTs103097Module

{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103097) securedMessageV1(0) }

EtsiTs103097Data-Encrypted-Unicast,

EtsiTs103097Data-SignedAndEncrypted-Unicast,

Version

FROM EtsiTs102941BaseTypes

{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) baseTypes(3) version1(1) }

InnerEcRequestSignedForPop, InnerEcResponse

FROM EtsiTs102941TypesEnrolment

{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) enrolment(4) version1(1) }

InnerAtRequest, InnerAtResponse

FROM EtsiTs102941TypesAuthorization

{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) authorization(5) version1(1) }

ToBeSignedCrl, ToBeSignedTlmCtl, ToBeSignedRcaCtl

FROM EtsiTs102941TrustLists

{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) trustLists(6) version1(1) }

;

/************

-- Messages

************/

EnrolmentRequestMessage ::= EtsiTs103097Data-SignedAndEncrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{enrolmentRequest PRESENT})})} 

EnrolmentResponseMessage ::= EtsiTs103097Data-SignedAndEncrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{enrolmentResponse PRESENT})})} 

AuthorizationRequestMessage ::= EtsiTs103097Data-Encrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationRequest PRESENT})})} 

AuthorizationRequestMessageWithPop ::= EtsiTs103097Data-SignedAndEncrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationRequest PRESENT})})} 

AuthorizationResponseMessage ::= EtsiTs103097Data-SignedAndEncrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationResponse PRESENT})})} 

CertificateRevocationListMessage ::= EtsiTs103097Data-Signed{EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{certificateRevocationList PRESENT})})}

TlmCertificateTrustListMessage ::= EtsiTs103097Data-Signed{EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{certificateTrustListTlm PRESENT})})}

RcaCertificateTrustListMessage ::= EtsiTs103097Data-Signed{EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{certificateTrustListRca PRESENT})})}

/************

-- EtsiTs102941Data

************/

EtsiTs102941Data::= SEQUENCE {

  version Version (v1),

  content EtsiTs102941DataContent

  }

EtsiTs102941DataContent ::= CHOICE {

  enrolmentRequest                        InnerEcRequestSignedForPop,

  enrolmentResponse                       InnerEcResponse,

  authorizationRequest                    InnerAtRequest,

  authorizationResponse                   InnerAtResponse,

  certificateRevocationList               ToBeSignedCrl,

  certificateTrustListTlm                 ToBeSignedTlmCtl,

  certificateTrustListRca                 ToBeSignedRcaCtl,

  ...

  } (WITH COMPONENTS{...,

    authorizationRequest (WITH COMPONENTS{...,

      ecSignature (WITH COMPONENTS{...,

        encryptedEcSignature PRESENT

      })

    })

  })

END

/*************************************************************************************

   This file contains the EtsiTs102941MessagesItss-OptionalPrivacy module providing the

   same subset of messages as the EtsiTs102941MessagesItss module.

   It should **NEVER** be used together with the EtsiTs102941MessagesCA and EtsiTs102941MessagesItss

   This module allows the usage of unencrypted EC signature for AA requests.

**************************************************************************************/

EtsiTs102941MessagesItss-OptionalPrivacy

  { itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) messagesItssOp(2) version1(1)}

DEFINITIONS AUTOMATIC TAGS ::=

BEGIN

IMPORTS

EtsiTs103097Data-Signed

--EtsiTs103097Data-Encrypted,

--EtsiTs103097Data-SignedAndEncrypted

FROM EtsiTs103097Module

{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103097) securedMessageV1(0) }

EtsiTs103097Data-Encrypted-Unicast,

EtsiTs103097Data-SignedAndEncrypted-Unicast,

Version

FROM EtsiTs102941BaseTypes

{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) baseTypes(3) version1(1) }

InnerEcRequestSignedForPop, InnerEcResponse

FROM EtsiTs102941TypesEnrolment

{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) enrolment(4) version1(1) }

InnerAtRequest, InnerAtResponse

FROM EtsiTs102941TypesAuthorization

{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) authorization(5) version1(1) }

ToBeSignedCrl, ToBeSignedTlmCtl, ToBeSignedRcaCtl

FROM EtsiTs102941TrustLists

{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) trustLists(6) version1(1) }

;

/************

-- Messages

************/

EnrolmentRequestMessage ::= EtsiTs103097Data-SignedAndEncrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{enrolmentRequest PRESENT})})} 

EnrolmentResponseMessage ::= EtsiTs103097Data-SignedAndEncrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{enrolmentResponse PRESENT})})} 

AuthorizationRequestMessage ::= EtsiTs103097Data-Encrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationRequest PRESENT})})} 

AuthorizationRequestMessageWithPop ::= EtsiTs103097Data-SignedAndEncrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationRequest PRESENT})})} 

AuthorizationResponseMessage ::= EtsiTs103097Data-SignedAndEncrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationResponse PRESENT})})} 

CertificateRevocationListMessage ::= EtsiTs103097Data-Signed{EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{certificateRevocationList PRESENT})})}

TlmCertificateTrustListMessage ::= EtsiTs103097Data-Signed{EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{certificateTrustListTlm PRESENT})})}

RcaCertificateTrustListMessage ::= EtsiTs103097Data-Signed{EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{certificateTrustListRca PRESENT})})}

/************

-- EtsiTs102941Data

************/

EtsiTs102941Data::= SEQUENCE {

  version Version (v1),

  content EtsiTs102941DataContent

  }

EtsiTs102941DataContent ::= CHOICE {

  enrolmentRequest                        InnerEcRequestSignedForPop,

  enrolmentResponse                       InnerEcResponse,

  authorizationRequest                    InnerAtRequest,

  authorizationResponse                   InnerAtResponse,

  certificateRevocationList               ToBeSignedCrl,

  certificateTrustListTlm                 ToBeSignedTlmCtl,

  certificateTrustListRca                 ToBeSignedRcaCtl,

  ...

  } 

END

EtsiTs102941TrustLists

  { itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) trustLists(6) version1(1)}

DEFINITIONS AUTOMATIC TAGS ::=

BEGIN

IMPORTS

EtsiTs103097Certificate, EtsiTs103097Data-SignedAndEncrypted, EtsiTs103097Data-Signed 

FROM	

EtsiTs103097Module

{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103097) securedMessageV1(0)}

HashedId8, Time32, Version --, CertificateAuthorityConstraints

FROM EtsiTs102941BaseTypes 

{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) baseTypes(3) version1(1)}

;

/************

-- CRL

************/

ToBeSignedCrl ::= SEQUENCE {

  version    Version,

  thisUpdate Time32,

  nextUpdate Time32,

  entries SEQUENCE OF CrlEntry,

  ...

}

CrlEntry ::= HashedId8

/************

-- TLM CTL

************/

ToBeSignedTlmCtl ::= CtlFormat (FullCtl | DeltaCtl) (WITH COMPONENTS {...,

  ctlCommands ( WITH COMPONENT( 

    ( WITH COMPONENTS {..., 

      add ( WITH COMPONENTS {..., 

        ea ABSENT,

        aa ABSENT

      })

    })

  ))

})

/************

-- RCA CTL

************/

ToBeSignedRcaCtl ::= CtlFormat (FullCtl | DeltaCtl) ( WITH COMPONENTS {...,

  ctlCommands ( WITH COMPONENT( 

    ( WITH COMPONENTS {..., 

      add ( WITH COMPONENTS {..., 

        rca ABSENT,

        tlm ABSENT

      })

    })

  ))

})

/************

-- CTL

************/

FullCtl::= CtlFormat ( WITH COMPONENTS {...,

  isFullCtl ( TRUE ),

  ctlCommands ( WITH COMPONENT( 

    ( WITH COMPONENTS {..., 

      delete ABSENT

    })

  )) 

})

DeltaCtl::= CtlFormat (WITH COMPONENTS {...,

  isFullCtl(FALSE)

})

CtlFormat ::= SEQUENCE {

  version     Version,

  nextUpdate  Time32, 

  isFullCtl   BOOLEAN,

  ctlSequence INTEGER (0..255),

  ctlCommands SEQUENCE OF CtlCommand,

  ...

}

CtlCommand ::= CHOICE {

  add 	  CtlEntry,

  delete  CtlDelete,

  ...

}

CtlEntry ::= CHOICE {

  rca   RootCaEntry,

  ea    EaEntry,

  aa    AaEntry,

  dc    DcEntry,

  tlm   TlmEntry,

  ...

}

CtlDelete ::= CHOICE {

  cert  HashedId8,

  dc    DcDelete,

  ...

}

TlmEntry::= SEQUENCE {

  selfSignedTLMCertificate EtsiTs103097Certificate,

  linkTLMCertificate       EtsiTs103097Certificate OPTIONAL,

  accessPoint              Url

}

RootCaEntry ::= SEQUENCE {

  selfsignedRootCa      EtsiTs103097Certificate,

  linkRootCaCertificate EtsiTs103097Certificate OPTIONAL

}

EaEntry ::= SEQUENCE {

  eaCertificate     EtsiTs103097Certificate,

  aaAccessPoint     Url,

  itsAccessPoint    Url OPTIONAL

}

AaEntry ::= SEQUENCE {

  aaCertificate EtsiTs103097Certificate,

  accessPoint Url

}

DcEntry ::= SEQUENCE {

  url   Url,

  cert  SEQUENCE OF HashedId8

}

DcDelete ::= Url

Url::= IA5String

END