Newer
Older
--***************************************************************************--
-- IEEE Std 1609.2.1: ACA - RA Interface --
--***************************************************************************--
/**
* @brief NOTE: Section references in this file are to clauses in IEEE Std
* 1609.2.1 unless indicated otherwise. Full forms of acronyms and
* abbreviations used in this file are specified in 3.2.
*/
Ieee1609Dot2Dot1AcaRaInterface {iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2)
extension-standards(255) dot1(1) interfaces(1) aca-ra(4) major-version-2(2)
DEFINITIONS AUTOMATIC TAGS ::= BEGIN
EXPORTS ALL;
IMPORTS
HashAlgorithm,
HashedId8,
LaId,
PublicEncryptionKey,
Time32,
Uint8
FROM Ieee1609Dot2BaseTypes {iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2)
base(1) base-types(2) major-version-2(2) minor-version-4(4)}
--WITH SUCCESSORSthe
CertificateType,
ToBeSignedCertificate
FROM Ieee1609Dot2 {iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2)
base(1) schema(1) major-version-2(2) minor-version-6(6)}
--WITH SUCCESSORSthe
AcaEeCertResponsePlainSpdu,
AcaEeCertResponseCubkSpdu,
Ieee1609Dot2Data-SymmEncryptedSingleRecipient
FROM Ieee1609Dot2Dot1Protocol {iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2)
extension-standards(255) dot1(1) interfaces(1) protocol(17)
major-version-2(2) minor-version-2(2)}
--WITH SUCCESSORSthe
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
;
/**
* @class AcaRaInterfacePDU
*
* @brief This is the parent structure for all structures exchanged between
* the ACA and the RA. An overview of this structure is as follows:
*
* @param raAcaCertRequest contains the request for an authorization
* certificate from the RA to the ACA on behalf of the EE.
*
* @param acaRaCertResponse contains the ACA's response to RaAcaCertRequest.
*/
AcaRaInterfacePdu ::= CHOICE {
raAcaCertRequest RaAcaCertRequest,
acaRaCertResponse AcaRaCertResponse,
...
}
/**
* @class RaAcaCertRequest
*
* @brief This structure contains parameters needed to request an individual
* authorization certificate. An overview of this structure is as follows:
*
* <br><br>NOTE 1: In the case where the butterfly key mechanism is used to set
* certEncKey, the value of j is not communicated to the ACA. However, the EE
* that receives the certificate response can only decrypt the response if it
* knows j. The RA is therefore anticipated to store j so that it can be
* associated with the appropriate certificate response.
*
* <br><br>NOTE 2: The cracaId and crlSeries are set to the indicated values
* in the request. The ACA replaces these values with the appropriate values
* in the response.
*
* <br><br>NOTE 3: The ACA is not bound by the contents of the request and can
* issue certificates that are different from those requested, if so directed
* by policy.
*
* @param version contains the current version of the structure.
*
* @param generationTime contains the generation time of RaAcaCertRequest.
*
* @param type indicates whether the request is for an explicit or implicit
* certificate (see 4.1.1, 4.1.3.3.1).
*
* @param flags contains the flags related to the use of the butterfly key
* mechanism, and provides the following instructions to the ACA as to how
* to generate the response:
* <ol>
* <li> If the flag butterflyExplicit is set, the request is valid only if
* the type field is set to explicit. In this case, the ACA uses the
* butterfly key derivation for explicit certificates as specified in 9.3.
* The field tbsCert.verifyKeyIndicator.verificationKey is used by the ACA as
* the cocoon public key for signing. The field privateKeyInfo in the
* corresponding AcaEeCertResponse is used by the EE as the random integer to
* recover the butterfly private key for signing.</li>
*
* <li> If the flag cubk is set, the request is valid only if the certEncKey
* field is absent. In this case, the ACA uses the compact unified variation
* of the butterfly key mechanism as specified in 9.3. This means that the
* ACA generates an AcaEeCertResponseCubkSpdu instead of an
* AcaEeCertResponsePrivateSpdu, and the response is valid only if the ACA
* certificate has the flag cubk set.</li>
* </ol>
*
* @param linkageInfo contains the encrypted prelinkage values needed to
* generate the linkage value for the certificate. If linkageInfo is present,
* the field tbsCert.id is of type LinkageData, where the iCert field is set
* to the actual i-period value and the linkage-value field is set to a dummy
* value to be replaced by the ACA with the actual linkage value. The
* encrypted prelinkage values are encrypted for the ACA by the LAs.
*
* @param certEncKey is used in combination with flags.cubk to indicate
* the type of response that is expected from the ACA. It is as follows:
* <ol>
* <li> Absent and flags.cubk is not set if the ACA's response doesn't need
* to be encrypted. In this case, the ACA responds with
* AcaEeCertResponsePlainSpdu.</li>
*
* <li> Absent and flags.cubk is set if the ACA's response is to be encrypted
* with the verification key from the request and not signed. In this case,
* the ACA responds with AcaEeCertResponseCubkSpdu.</li>
*
* <li> Present and flags.cubk is not set if the ACA's response is to be
* encrypted with certEncKey and then signed by the ACA. In this case, the
* ACA responds with AcaEeCertResponsePrivateSpdu.</li>
* </ol>
*
* @param tbsCert contains parameters of the requested certificate. The
* certificate type depends on the field type, as follows:
* <ol>
* <li> If type is explicit, the request is valid only if
* tbsCert.verifyKeyIndicator is a verificationKey.</li>
*
* <li> If type is implicit, the request is valid only if
* tbsCert.verifyKeyIndicator is a reconstructionValue.</li>
* </ol>
*/
RaAcaCertRequest ::= SEQUENCE {
version Uint8 (2),
generationTime Time32,
type CertificateType,
flags RaAcaCertRequestFlags,
linkageInfo LinkageInfo OPTIONAL,
certEncKey PublicEncryptionKey OPTIONAL,
tbsCert ToBeSignedCertificate (WITH COMPONENTS {
...,
cracaId ('000000'H),
crlSeries (0),
appPermissions PRESENT,
certIssuePermissions ABSENT,
certRequestPermissions ABSENT
}),
...
}
/**
* @class RaAcaCertRequestFlags
*
* @brief This structure is used to convey information from the RA to the ACA
* about operations to be carried out when generating the certificate. For
* more details see the specification of RaAcaCertRequest. An overview of
* this structure is as follows:
*/
RaAcaCertRequestFlags ::=
BIT STRING {butterflyExplicit (0), cubk (1)} (SIZE (8))
/**
* @class LinkageInfo
*
* @brief This structure contains parameters needed to generate a linkage
* value for a given (EE, i, j). An overview of this structure is as follows:
*
* <br><br>NOTE: See Annex D for further discussion of LAs.
*
* @param encPlv1 contains the EncryptedIndividualPLV from one of the LAs.
*
* @param encPlv2 contains the EncryptedIndividualPLV from the other LA.
*/
LinkageInfo ::= SEQUENCE {
encPlv1 EncryptedIndividualPLV,
encPlv2 EncryptedIndividualPLV,
...
}
/**
* @class EncryptedIndividualPLV
*
* @brief This structure contains an individual prelinkage value encrypted by
* the LA for the ACA using the shared secret key. An overview of this
* structure is as follows:
*
* <br><br>NOTE: How the ACA obtains the shared symmetric key and how the RA
* associates the encPlv1 and encPlv2 with the correct certificate request are
* outside the scope of this document.
*
* @param version contains the current version of the structure.
*
* @param laId contains the ID of the LA that created the prelinkage value.
* See Annex D for further discussion of LA IDs.
*
* @param encPlv contains the encrypted individual prelinkage value, that is,
* the ciphertext field decrypts to a PreLinkageValue. It contains a pointer
* (hash of the shared symmetric key) to the used shared secret encryption key.
*/
EncryptedIndividualPLV ::= SEQUENCE {
version Uint8 (2),
laId LaId,
encPlv Ieee1609Dot2Data-SymmEncryptedSingleRecipient {
PreLinkageValue
}
}
/**
* @class PreLinkageValue
*
* @brief This structure contains an individual prelinkage value. It is an
* octet string of length 9 octets.
*/
PreLinkageValue ::= OCTET STRING (SIZE(9))
/**
* @class AcaRaCertResponse
*
* @brief This structure contains a certificate response by the ACA,
* encapsulated for consumption by the EE, as well as associated data for
* consumption by the RA. The response is of form AcaEeCertResponsePlainSpdu,
* AcaEeCertResponsePrivateSpdu, or AcaEeCertResponseCubkSpdu, and is
* generated in response to a successful RaAcaCertRequestSpdu. In this
* structure:
*
* @param version contains the current version of the structure.
*
* @param generationTime contains the generation time of AcaRaCertResponse.
*
* @param requestHash contains the hash of the corresponding
* RaAcaCertRequestSPDU.
*
* @param acaResponse contains the certificate for the EE in a suitable form
* as determined from the corresponding RaAcaCertRequestSPDU.
*/
AcaRaCertResponse ::= SEQUENCE {
version Uint8 (2),
generationTime Time32,
requestHash HashedId8,
acaResponse AcaResponse,
...
}
/**
* @class AcaResponse
*
* @brief This structure contains the certificate for the EE in a suitable
* form as determined from the corresponding RaAcaCertRequestSPDU. In this
* structure:
*
* @param plain contains the certificate for the EE in plain, that is, without
* encryption or signature. This choice is used only when the field
* certEncKey is absent and flags.cubk is not set in the corresponding
* RaAcaCertRequest.
*
* @param private contains the certificate for the EE in an encrypted then
* signed form to protect the EE's privacy from the RA. This choice is used
* only when the field certEncKey is present and flags.cubk is not set in the
* corresponding RaAcaCertRequest.
*
* @param cubk contains the certificate for the EE in an encrypted form. This
* choice is used only when the field certEncKey is absent and flags.cubk is
* set in the corresponding RaAcaCertRequest.
*/
AcaResponse ::= CHOICE {
plain AcaEeCertResponsePlainSpdu,
-- private AcaEeCertResponsePrivateSpdu,
cubk AcaEeCertResponseCubkSpdu,
...
}
END