--***************************************************************************--
-- IEEE Std 1609.2.1: ACA - EE Interface --
--***************************************************************************--
/**
* @brief NOTE: Section references in this file are to clauses in IEEE Std
* 1609.2.1 unless indicated otherwise. Full forms of acronyms and
* abbreviations used in this file are specified in 3.2.
*/
Ieee1609Dot2Dot1AcaEeInterface {iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2)
extension-standards(255) dot1(1) interfaces(1) aca-ee(1) major-version-2(2)
minor-version-4(4)}
DEFINITIONS AUTOMATIC TAGS ::= BEGIN
EXPORTS ALL;
IMPORTS
Time32,
Uint8
FROM Ieee1609Dot2BaseTypes {iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2)
base(1) base-types(2) major-version-2(2) minor-version-4(4)}
--WITH SUCCESSORSthe
Certificate
FROM Ieee1609Dot2 {iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2)
base(1) schema(1) major-version-2(2) minor-version-6(6)}
--WITH SUCCESSORSthe
;
/**
* @class AcaEeInterfacePdu
*
* @brief This is the parent structure for all structures exchanged between
* the ACA and the EE. The ACA � EE interface is a logical interface rather
* than a direct communications interface in that there is no direct message
* flow between the ACA and the EE: Messages from the ACA are stored
* by the RA and subsequently forwarded to the EE. The PDUs are identified as
* ACA-EE PDUs even though the RA acts as a forwarder for them because those
* PDUs are created by the ACA and encrypted for the EE, and not modified and
* frequently not read by the RA. An overview of this structure is as follows:
*
* @param acaEeCertResponse contains the ACA's response to
* RaAcaCertRequestSPDU, which is meant for the EE and sent via the RA.
*/
AcaEeInterfacePdu ::= CHOICE {
acaEeCertResponse AcaEeCertResponse,
...
}
/**
* @class AcaEeCertResponse
*
* @brief This structure contains a certificate and associated data as
* generated by the ACA for the EE that will be the holder of that
* certificate. An overview of this structure is as follows:
*
*
NOTE: In the case where the butterfly expansion function is used
* to set certEncKey in RaAcaCertRequest, the value j is not communicated to
* the ACA. However, the EE that receives the certificate response can only
* decrypt the response if it knows j. The RA is therefore anticipated to
* store j so that it can be associated with the appropriate certificate
* response. The RA encodes j in the filename.
*
* @param version contains the current version of the structure.
*
* @param generationTime contains the generation time of AcaEeCertResponse.
*
* @param certificate contains an authorization certificate generated by the
* ACA. It is of the type indicated by the type field in the corresponding
* request (if the requester requested an incorrect type, the response would
* be an error not an instance of this structure).
*
* @param privateKeyInfo is an optional field that is as follows:
*
* - Present and contains the private key randomization value, if the
* field certificate.type is explicit and the butterfly key mechanism was used
* to generate the certificate. This is used by the EE in deriving the
* butterfly private key for explicit certificates as specified in 9.3.
*
* - Present and contains the private key reconstruction value, if the
* field certificate.type is implicit. This is used by the EE as specified in
* 5.3.2 of IEEE Std 1609.2a-2017 (also 9.3 if the butterfly key mechanism is
* used).
*
* - Absent otherwise.
*
*/
AcaEeCertResponse ::= SEQUENCE {
version Uint8 (2),
generationTime Time32,
certificate Certificate,
privateKeyInfo OCTET STRING (SIZE (32)) OPTIONAL,
...
}
END