--***************************************************************************--
-- IEEE Std 1609.2: Base Data Types --
--***************************************************************************--
/**
* @brief NOTE: Section references in this file are to clauses in IEEE Std
* 1609.2 unless indicated otherwise. Full forms of acronyms and
* abbreviations used in this file are specified in 3.2.
*/
Ieee1609Dot2BaseTypes {iso(1) identified-organization(3) ieee(111)
standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2)
base(1) base-types(2) major-version-2(2) minor-version-2(2)}
DEFINITIONS AUTOMATIC TAGS ::= BEGIN
EXPORTS ALL;
--***************************************************************************--
-- Integer Types --
--***************************************************************************--
/**
* @class Uint3
*
* @brief This atomic type is used in the definition of other data structures.
* It is for non-negative integers up to 7, i.e., (hex)07.
*/
Uint3 ::= INTEGER (0..7)
/**
* @class Uint8
*
* @brief This atomic type is used in the definition of other data structures.
* It is for non-negative integers up to 255, i.e., (hex)ff.
*/
Uint8 ::= INTEGER (0..255)
/**
* @class Uint16
*
* @brief This atomic type is used in the definition of other data structures.
* It is for non-negative integers up to 65,535, i.e., (hex)ff ff.
*/
Uint16 ::= INTEGER (0..65535)
/**
* @class Uint32
*
* @brief This atomic type is used in the definition of other data structures.
* It is for non-negative integers up to 4,294,967,295, i.e.,
* (hex)ff ff ff ff.
*/
Uint32 ::= INTEGER (0..4294967295)
/**
* @class Uint64
*
* @brief This atomic type is used in the definition of other data structures.
* It is for non-negative integers up to 18,446,744,073,709,551,615, i.e.,
* (hex)ff ff ff ff ff ff ff ff.
*/
Uint64 ::= INTEGER (0..18446744073709551615)
/**
* @class SequenceOfUint8
*
* @brief This type is used for clarity of definitions.
*/
SequenceOfUint8 ::= SEQUENCE OF Uint8
/**
* @class SequenceOfUint16
*
* @brief This type is used for clarity of definitions.
*/
SequenceOfUint16 ::= SEQUENCE OF Uint16
--***************************************************************************--
-- OCTET STRING Types --
--***************************************************************************--
/**
* @class Opaque
*
* @brief This is a synonym for ASN.1 OCTET STRING, and is used in the
* definition of other data structures.
*/
Opaque ::= OCTET STRING
/**
* @class HashedId3
*
* @brief This type contains the truncated hash of another data structure.
* The HashedId3 for a given data structure is calculated by calculating the
* hash of the encoded data structure and taking the low-order three bytes of
* the hash output. If the data structure is subject to canonicalization it
* is canonicalized before hashing. The low-order three bytes are the last
* three bytes of the hash when represented in network byte order. See
* Example below.
*
*
Example: Consider the SHA-256 hash of the empty string:
*
*
SHA-256("") =
* e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
*
*
The HashedId3 derived from this hash corresponds to the following:
*
*
HashedId3 = 52b855.
*/
HashedId3 ::= OCTET STRING (SIZE(3))
/**
* @class SequenceOfHashedId3
*
* @brief This type is used for clarity of definitions.
*/
SequenceOfHashedId3 ::= SEQUENCE OF HashedId3
/**
* @class HashedId8
*
* @brief This type contains the truncated hash of another data structure.
* The HashedId8 for a given data structure is calculated by calculating the
* hash of the encoded data structure and taking the low-order eight bytes of
* the hash output. If the data structure is subject to canonicalization it
* is canonicalized before hashing. The low-order eight bytes are the last
* eight bytes of the hash when represented in network byte order. See
* Example below.
*
*
The hash algorithm to be used to calculate a HashedId8 within a
* structure depends on the context. In this standard, for each structure
* that includes a HashedId8 field, the corresponding text indicates how the
* hash algorithm is determined.
*
*
Example: Consider the SHA-256 hash of the empty string:
*
*
SHA-256("") =
* e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
*
*
The HashedId8 derived from this hash corresponds to the following:
*
*
HashedId8 = a495991b7852b855.
*/
HashedId8 ::= OCTET STRING (SIZE(8))
/**
* @class HashedId10
*
* @brief This type contains the truncated hash of another data structure.
* The HashedId10 for a given data structure is calculated by calculating the
* hash of the encoded data structure and taking the low-order ten bytes of
* the hash output. If the data structure is subject to canonicalization it
* is canonicalized before hashing. The low-order ten bytes are the last ten
* bytes of the hash when represented in network byte order. See Example below.
*
*
The hash algorithm to be used to calculate a HashedId10 within a
* structure depends on the context. In this standard, for each structure
* that includes a HashedId10 field, the corresponding text indicates how the
* hash algorithm is determined.
*
*
Example: Consider the SHA-256 hash of the empty string:
*
*
SHA-256("") =
* e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
*
*
The HashedId10 derived from this hash corresponds to the following:
*
*
HashedId10 = 934ca495991b7852b855.
*/
HashedId10 ::= OCTET STRING (SIZE(10))
/**
* @class HashedId32
*
* @brief This type contains the truncated hash of another data structure.
* The HashedId32 for a given data structure is calculated by calculating the
* hash of the encoded data structure and taking the low-order thirty two
* bytes of the hash output. If the data structure is subject to
* canonicalization it is canonicalized before hashing. The low-order thirty
* two bytes are the last thirty two bytes of the hash when represented in
* network byte order. See Example below.
*
*
The hash algorithm to be used to calculate a HashedId32 within a
* structure depends on the context. In this standard, for each structure
* that includes a HashedId32 field, the corresponding text indicates how the
* hash algorithm is determined.
*
*
Example: Consider the SHA-256 hash of the empty string:
*
*
SHA-256("") =
* e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
*
*
The HashedId32 derived from this hash corresponds to the following:
*
*
HashedId32 =
* e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855.
*/
HashedId32 ::= OCTET STRING (SIZE(32))
--***************************************************************************--
-- Time Structures --
--***************************************************************************--
/**
* @class Time32
*
* @brief This type gives the number of (TAI) seconds since 00:00:00 UTC, 1
* January, 2004.
*/
Time32 ::= Uint32
/**
* @class Time64
*
* @brief This type gives the number of (TAI) microseconds since 00:00:00
* UTC, 1 January, 2004.
*/
Time64 ::= Uint64
/**
* @class ValidityPeriod
*
* @brief This structure gives the validity period of a certificate. The
* start of the validity period is given by start and the end is given by
* start + duration.
*
* @param start contains the starting time of the validity period.
*
* @param duration contains the duration of the validity period.
*/
ValidityPeriod ::= SEQUENCE {
start Time32,
duration Duration
}
/**
* @class Duration
*
* @brief This structure represents the duration of validity of a
* certificate. The Uint16 value is the duration, given in the units denoted
* by the indicated choice. A year is considered to be 31556952 seconds,
* which is the average number of seconds in a year; if it is desired to map
* years more closely to wall-clock days, this can be done using the hours
* choice for up to seven years and the sixtyHours choice for up to 448. In
* this structure:
*
* @param microseconds contains the duration in microseconds.
*
* @param milliseconds contains the duration in milliseconds.
*
* @param seconds contains the duration in seconds.
*
* @param minutes contains the duration in minutes.
*
* @param hours contains the duration in hours.
*
* @param sixtyHours contains the duration in sixty-hour periods.
*
* @param years contains the duration in years.
*/
Duration ::= CHOICE {
microseconds Uint16,
milliseconds Uint16,
seconds Uint16,
minutes Uint16,
hours Uint16,
sixtyHours Uint16,
years Uint16
}
--***************************************************************************--
-- Location Structures --
--***************************************************************************--
/**
* @class GeographicRegion
*
* @brief This structure represents a geographic region of a specified form.
* A certificate is not valid if any part of the region indicated in its
* scope field lies outside the region indicated in the scope of its issuer.
*
*
Critical information fields:
*
* - If present, this is a critical information field as defined in 5.2.6.
* An implementation that does not recognize the indicated CHOICE when
* verifying a signed SPDU shall indicate that the signed SPDU is invalid.
*
* - If selected, rectangularRegion is a critical information field as
* defined in 5.2.6. An implementation that does not support the number of
* RectangularRegion in rectangularRegions when verifying a signed SPDU shall
* indicate that the signed SPDU is invalid. A compliant implementation shall
* support rectangularRegions fields containing at least eight entries.
*
* - If selected, identifiedRegion is a critical information field as
* defined in 5.2.6. An implementation that does not support the number of
* IdentifiedRegion in identifiedRegion shall reject the signed SPDU as
* invalid. A compliant implementation shall support identifiedRegion fields
* containing at least eight entries.
*
*
* Parameters:
*
* @param circularRegion contains a single instance of the CircularRegion
* structure.
*
* @param rectangularRegion is an array of RectangularRegion structures
* containing at least one entry. This field is interpreted as a series of
* rectangles, which may overlap or be disjoint. The permitted region is any
* point within any of the rectangles.
*
* @param polygonalRegion contains a single instance of the PolygonalRegion
* structure.
*
* @param identifiedRegion is an array of IdentifiedRegion structures
* containing at least one entry. The permitted region is any point within
* any of the identified regions.
*/
GeographicRegion ::= CHOICE {
circularRegion CircularRegion,
rectangularRegion SequenceOfRectangularRegion,
polygonalRegion PolygonalRegion,
identifiedRegion SequenceOfIdentifiedRegion,
...
}
/**
* @class CircularRegion
*
* @brief This structure specifies a circle with its center at center, its
* radius given in meters, and located tangential to the reference ellipsoid.
* The indicated region is all the points on the surface of the reference
* ellipsoid whose distance to the center point over the reference ellipsoid
* is less than or equal to the radius. A point which contains an elevation
* component is considered to be within the circular region if its horizontal
* projection onto the reference ellipsoid lies within the region.
*/
CircularRegion ::= SEQUENCE {
center TwoDLocation,
radius Uint16
}
/**
* @class RectangularRegion
*
* @brief This structure specifies a rectangle formed by connecting in
* sequence: (northWest.latitude, northWest.longitude), (southEast.latitude,
* northWest.longitude), (southEast.latitude, southEast.longitude), and
* (northWest.latitude, southEast.longitude). The points are connected by
* lines of constant latitude or longitude. A point which contains an
* elevation component is considered to be within the rectangular region if
* its horizontal projection onto the reference ellipsoid lies within the
* region. A RectangularRegion is valid only if the northWest value is north
* and west of the southEast value, i.e., the two points cannot have equal
* latitude or equal longitude.
*/
RectangularRegion ::= SEQUENCE {
northWest TwoDLocation,
southEast TwoDLocation
}
/**
* @class SequenceOfRectangularRegion
*
* @brief This type is used for clarity of definitions.
*/
SequenceOfRectangularRegion ::= SEQUENCE OF RectangularRegion
/**
* @class PolygonalRegion
*
* @brief This structure defines a region using a series of distinct
* geographic points, defined on the surface of the reference ellipsoid. The
* region is specified by connecting the points in the order they appear,
* with each pair of points connected by the geodesic on the reference
* ellipsoid. The polygon is completed by connecting the final point to the
* first point. The allowed region is the interior of the polygon and its
* boundary.
*
*
A point which contains an elevation component is considered to be
* within the polygonal region if its horizontal projection onto the
* reference ellipsoid lies within the region.
*
*
A valid PolygonalRegion contains at least three points. In a valid
* PolygonalRegion, the implied lines that make up the sides of the polygon
* do not intersect.
*
*
Critical information fields:
*
* - If present, this is a critical information field as defined in 5.2.6.
* An implementation that does not support the number of TwoDLocation in the
* PolygonalRegion when verifying a signed SPDU shall indicate that the signed
* SPDU is invalid. A compliant implementation shall support PolygonalRegions
* containing at least eight TwoDLocation entries.
*
*/
PolygonalRegion ::= SEQUENCE SIZE (3..MAX) OF TwoDLocation
/**
* @class TwoDLocation
*
* @brief This structure is used to define validity regions for use in
* certificates. The latitude and longitude fields contain the latitude and
* longitude as defined above.
*
*
NOTE: This data structure is consistent with the location encoding
* used in SAE J2735, except that values 900 000 001 for latitude (used to
* indicate that the latitude was not available) and 1 800 000 001 for
* longitude (used to indicate that the longitude was not available) are not
* valid.
*/
TwoDLocation ::= SEQUENCE {
latitude Latitude,
longitude Longitude
}
/**
* @class IdentifiedRegion
*
* @brief This structure indicates the region of validity of a certificate
* using region identifiers.
*
*
Critical information fields:
*
* - If present, this is a critical information field as defined in 5.2.6.
* An implementation that does not recognize the indicated CHOICE when
* verifying a signed SPDU shall indicate that the signed SPDU is invalid.
*
*/
IdentifiedRegion ::= CHOICE {
countryOnly CountryOnly,
countryAndRegions CountryAndRegions,
countryAndSubregions CountryAndSubregions,
...
}
/**
* @class SequenceOfIdentifiedRegion
*
* @brief This type is used for clarity of definitions.
*/
SequenceOfIdentifiedRegion ::= SEQUENCE OF IdentifiedRegion
/**
* @class CountryOnly
*
* @brief This is the integer representation of the country or area
* identifier as defined by the United Nations Statistics Division in October
* 2013 (see normative references in Clause 2).
*/
CountryOnly ::= Uint16
/**
* @class CountryAndRegions
*
* @brief In this structure:
*
* @param countryOnly is a CountryOnly as defined above.
*
* @param region identifies one or more regions within the country. If
* countryOnly indicates the United States of America, the values in this
* field identify the state or statistically equivalent entity using the
* integer version of the 2010 FIPS codes as provided by the U.S. Census
* Bureau (see normative references in Clause 2). For other values of
* countryOnly, the meaning of region is not defined in this version of this
* standard.
*/
CountryAndRegions ::= SEQUENCE {
countryOnly CountryOnly,
regions SequenceOfUint8
}
/**
* @class CountryAndSubregions
*
* @brief In this structure:
*
Critical information fields:
*
* - If present, this is a critical information field as defined in 5.2.6.
* An implementation that does not recognize RegionAndSubregions or
* CountryAndSubregions values when verifying a signed SPDU shall indicate
* that the signed SPDU is invalid. A compliant implementation shall support
* CountryAndSubregions containing at least eight RegionAndSubregions
* entries.
*
*
* Parameters:
*
* @param country is a CountryOnly as defined above.
*
* @param regionAndSubregions identifies one or more subregions within
* country. If country indicates the United States of America, the values in
* this field identify the county or county equivalent entity using the
* integer version of the 2010 FIPS codes as provided by the U.S. Census
* Bureau (see normative references in Clause 2). For other values of
* country, the meaning of regionAndSubregions is not defined in this version
* of this standard.
*/
CountryAndSubregions ::= SEQUENCE {
country CountryOnly,
regionAndSubregions SequenceOfRegionAndSubregions
}
/**
* @class RegionAndSubregions
*
* @brief In this structure:
*
Critical information fields:
*
* - RegionAndSubregions is a critical information field as defined in
* 5.2.5. An implementation that does not detect or recognize the the region
* or subregions values when verifying a signed SPDU shall indicate that the
* signed SPDU is invalid.
*
*
* Parameters:
*
* @param region identifies a region within a country as specified under
* CountryAndRegions.
*
* @param subregions identifies one or more subregions as specified under
* CountryAndSubregions.
*/
RegionAndSubregions ::= SEQUENCE {
region Uint8,
subregions SequenceOfUint16
}
/**
* @class SequenceOfRegionAndSubregions
*
* @brief This type is used for clarity of definitions.
*/
SequenceOfRegionAndSubregions ::= SEQUENCE OF RegionAndSubregions
/**
* @class ThreeDLocation
*
* @brief This structure contains an estimate of 3D location. The details of
* the structure are given in the definitions of the individual fields below.
*
*
NOTE: The units used in this data structure are consistent with the
* location data structures used in SAE J2735, though the encoding is
* incompatible.
*/
ThreeDLocation ::= SEQUENCE {
latitude Latitude,
longitude Longitude,
elevation Elevation
}
/**
* @class Latitude
*
* @brief This type contains an INTEGER encoding an estimate of the latitude
* with precision 1/10th microdegree relative to the World Geodetic System
* (WGS)-84 datum as defined in NIMA Technical Report TR8350.2.
*/
Latitude ::= NinetyDegreeInt
/**
* @class Longitude
*
* @brief This type contains an INTEGER encoding an estimate of the longitude
* with precision 1/10th microdegree relative to the World Geodetic System
* (WGS)-84 datum as defined in NIMA Technical Report TR8350.2.
*/
Longitude ::= OneEightyDegreeInt
/**
* @class Elevation
*
* @brief This structure contains an estimate of the geodetic altitude above
* or below the WGS84 ellipsoid. The 16-bit value is interpreted as an
* integer number of decimeters representing the height above a minimum
* height of −409.5 m, with the maximum height being 6143.9 m.
*/
Elevation ::= Uint16
/**
* @class NinetyDegreeInt
*
* @brief The integer in the latitude field is no more than 900,000,000 and
* no less than −900,000,000, except that the value 900,000,001 is used to
* indicate the latitude was not available to the sender.
*/
NinetyDegreeInt ::= INTEGER {
min (-900000000),
max (900000000),
unknown (900000001)
} (-900000000..900000001)
/**
* @class KnownLatitude
*
* @brief The known latitudes are from -900,000,000 to +900,000,000 in 0.1
* microdegree intervals.
*/
KnownLatitude ::= NinetyDegreeInt (min..max)
/**
* @class UnknownLatitude
*
* @brief The value 900,000,001 indicates that the latitude was not
* available to the sender.
*/
UnknownLatitude ::= NinetyDegreeInt (unknown)
/**
* @class OneEightyDegreeInt
*
* @brief The integer in the longitude field is no more than 1,800,000,000
* and no less than −1,799,999,999, except that the value 1,800,000,001 is
* used to indicate that the longitude was not available to the sender.
*/
OneEightyDegreeInt ::= INTEGER {
min (-1799999999),
max (1800000000),
unknown (1800000001)
} (-1799999999..1800000001)
/**
* @class KnownLongitude
*
* @brief The known longitudes are from -1,799,999,999 to +1,800,000,000 in
* 0.1 microdegree intervals.
*/
KnownLongitude ::= OneEightyDegreeInt (min..max)
/**
* @class UnknownLongitude
*
* @brief The value 1,800,000,001 indicates that the longitude was not
* available to the sender.
*/
UnknownLongitude ::= OneEightyDegreeInt (unknown)
--***************************************************************************--
-- Crypto Structures --
--***************************************************************************--
/**
* @class Signature
*
* @brief This structure represents a signature for a supported public key
* algorithm. It may be contained within SignedData or Certificate.
*
*
Critical information fields: If present, this is a critical
* information field as defined in 5.2.5. An implementation that does not
* recognize the indicated CHOICE for this type when verifying a signed SPDU
* shall indicate that the signed SPDU is invalid.
*/
Signature ::= CHOICE {
ecdsaNistP256Signature EcdsaP256Signature,
ecdsaBrainpoolP256r1Signature EcdsaP256Signature,
...,
ecdsaBrainpoolP384r1Signature EcdsaP384Signature
}
/**
* @class EcdsaP256Signature
*
* @brief This structure represents an ECDSA signature. The signature is
* generated as specified in 5.3.1.
*
*
If the signature process followed the specification of FIPS 186-4
* and output the integer r, r is represented as an EccP256CurvePoint
* indicating the selection x-only.
*
*
If the signature process followed the specification of SEC 1 and
* output the elliptic curve point R to allow for fast verification, R is
* represented as an EccP256CurvePoint indicating the choice compressed-y-0,
* compressed-y-1, or uncompressed at the sender’s discretion.
*
*
Encoding considerations: If this structure is encoded for hashing,
* the EccP256CurvePoint in rSig shall be taken to be of form x-only.
*
*
NOTE: When the signature is of form x-only, the x-value in rSig is
* an integer mod n, the order of the group; when the signature is of form
* compressed-y-*, the x-value in rSig is an integer mod p, the underlying
* prime defining the finite field. In principle this means that to convert a
* signature from form compressed-y-* to form x-only, the x-value should be
* checked to see if it lies between n and p and reduced mod n if so. In
* practice this check is unnecessary: Haase’s Theorem states that difference
* between n and p is always less than 2*square-root(p), and so the chance
* that an integer lies between n and p, for a 256-bit curve, is bounded
* above by approximately square-root(p)/p or 2^(−128). For the 256-bit
* curves in this standard, the exact values of n and p in hexadecimal are:
*
*
NISTp256:
*
* - p = FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF
*
* - n = FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551
*
*
*
* Brainpoolp256:
*
* - p = A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377
*
* - n = A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7
*
*
*/
EcdsaP256Signature ::= SEQUENCE {
rSig EccP256CurvePoint,
sSig OCTET STRING (SIZE (32))
}
/**
* @class EcdsaP384Signature
*
* @brief This structure represents an ECDSA signature. The signature is
* generated as specified in 5.3.1.
*
*
If the signature process followed the specification of FIPS 186-4
* and output the integer r, r is represented as an EccP384CurvePoint
* indicating the selection x-only.
*
*
If the signature process followed the specification of SEC 1 and
* output the elliptic curve point R to allow for fast verification, R is
* represented as an EccP384CurvePoint indicating the choice compressed-y-0,
* compressed-y-1, or uncompressed at the sender’s discretion.
*
*
Encoding considerations: If this structure is encoded for hashing,
* the EccP256CurvePoint in rSig shall be taken to be of form x-only.
*
*
NOTE: When the signature is of form x-only, the x-value in rSig is
* an integer mod n, the order of the group; when the signature is of form
* compressed-y-*, the x-value in rSig is an integer mod p, the underlying
* prime defining the finite field. In principle this means that to convert a
* signature from form compressed-y-* to form x-only, the x-value should be
* checked to see if it lies between n and p and reduced mod n if so. In
* practice this check is unnecessary: Haase’s Theorem states that difference
* between n and p is always less than 2*square-root(p), and so the chance
* that an integer lies between n and p, for a 384-bit curve, is bounded
* above by approximately square-root(p)/p or 2^(−192). For the 384-bit curve
* in this standard, the exact values of n and p in hexadecimal are:
*
* - p = 8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123
* ACD3A729901D1A71874700133107EC53
*
* - n = 8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7
* CF3AB6AF6B7FC3103B883202E9046565
*
*/
EcdsaP384Signature ::= SEQUENCE {
rSig EccP384CurvePoint,
sSig OCTET STRING (SIZE (48))
}
/**
* @class EccP256CurvePoint
*
* @brief This structure specifies a point on an elliptic curve in
* Weierstrass form defined over a 256-bit prime number. This encompasses
* both NIST p256 as defined in FIPS 186-4 and Brainpool p256r1 as defined in
* RFC 5639. The fields in this structure are OCTET STRINGS produced with the
* elliptic curve point encoding and decoding methods defined in subclause
* 5.5.6 of IEEE Std 1363-2000. The x-coordinate is encoded as an unsigned
* integer of length 32 octets in network byte order for all values of the
* CHOICE; the encoding of the y-coordinate y depends on whether the point is
* x-only, compressed, or uncompressed. If the point is x-only, y is omitted.
* If the point is compressed, the value of type depends on the least
* significant bit of y: if the least significant bit of y is 0, type takes
* the value compressed-y-0, and if the least significant bit of y is 1, type
* takes the value compressed-y-1. If the point is uncompressed, y is encoded
* explicitly as an unsigned integer of length 32 octets in network byte order.
*/
EccP256CurvePoint ::= CHOICE {
x-only OCTET STRING (SIZE (32)),
fill NULL,
compressed-y-0 OCTET STRING (SIZE (32)),
compressed-y-1 OCTET STRING (SIZE (32)),
uncompressedP256 SEQUENCE {
x OCTET STRING (SIZE (32)),
y OCTET STRING (SIZE (32))
}
}
/**
* @class EccP384CurvePoint
*
* @brief This structure specifies a point on an elliptic curve in
* Weierstrass form defined over a 384-bit prime number. The only supported
* such curve in this standard is Brainpool p384r1 as defined in RFC 5639.
* The fields in this structure are OCTET STRINGS produced with the elliptic
* curve point encoding and decoding methods defined in subclause 5.5.6 of
* IEEE Std 1363-2000. The x-coordinate is encoded as an unsigned integer of
* length 48 octets in network byte order for all values of the CHOICE; the
* encoding of the y-coordinate y depends on whether the point is x-only,
* compressed, or uncompressed. If the point is x-only, y is omitted. If the
* point is compressed, the value of type depends on the least significant
* bit of y: if the least significant bit of y is 0, type takes the value
* compressed-y-0, and if the least significant bit of y is 1, type takes the
* value compressed-y-1. If the point is uncompressed, y is encoded
* explicitly as an unsigned integer of length 48 octets in network byte order.
*/
EccP384CurvePoint ::= CHOICE {
x-only OCTET STRING (SIZE (48)),
fill NULL,
compressed-y-0 OCTET STRING (SIZE (48)),
compressed-y-1 OCTET STRING (SIZE (48)),
uncompressedP384 SEQUENCE {
x OCTET STRING (SIZE (48)),
y OCTET STRING (SIZE (48))
}
}
/**
* @class SymmAlgorithm
*
* @brief This enumerated value indicates supported symmetric algorithms. The
* only symmetric algorithm supported in this version of this standard is
* AES-CCM as specified in 5.3.7.
*/
SymmAlgorithm ::= ENUMERATED {
aes128Ccm,
...
}
/**
* @class HashAlgorithm
*
* @brief This structure identifies a hash algorithm. The value is sha256,
* indicates SHA-256 as specified in 5.3.3. The value sha384 indicates
* SHA-384 as specified in 5.3.3.
*
*
Critical information fields: This is a critical information
* field as defined in 5.2.6. An implementation that does not recognize the
* enumerated value of this type in a signed SPDU when verifying a signed
* SPDU shall indicate that the signed SPDU is invalid.
*/
HashAlgorithm ::= ENUMERATED {
sha256,
...,
sha384
}
/**
* @class EciesP256EncryptedKey
*
* @brief This data structure is used to transfer a 16-byte symmetric key
* encrypted using ECIES as specified in IEEE Std 1363a-2004.
*
*
Encryption and decryption are carried out as specified in 5.3.4.
*
*
Parameters:
*
* @param v is the sender’s ephemeral public key, which is the output V from
* encryption as specified in 5.3.4.
*
* @param c is the encrypted symmetric key, which is the output C from
* encryption as specified in 5.3.4. The algorithm for the symmetric key is
* identified by the CHOICE indicated in the following SymmetricCiphertext.
*
* @param t is the authentication tag, which is the output tag from
* encryption as specified in 5.3.4.
*/
EciesP256EncryptedKey ::= SEQUENCE {
v EccP256CurvePoint,
c OCTET STRING (SIZE (16)),
t OCTET STRING (SIZE (16))
}
/**
* @class EncryptionKey
*
* @brief This structure contains an encryption key, which may be a public or
* a symmetric key.
*/
EncryptionKey ::= CHOICE {
public PublicEncryptionKey,
symmetric SymmetricEncryptionKey
}
/**
* @class PublicEncryptionKey
*
* @brief This structure specifies a public encryption key and the associated
* symmetric algorithm which is used for bulk data encryption when encrypting
* for that public key.
*/
PublicEncryptionKey ::= SEQUENCE {
supportedSymmAlg SymmAlgorithm,
publicKey BasePublicEncryptionKey
}
/**
* @class BasePublicEncryptionKey
*
* @brief This structure specifies the bytes of a public encryption key for a
* particular algorithm. The only algorithm supported is ECIES over either
* the NIST P256 or the Brainpool P256r1 curve as specified in 5.3.4.
*/
BasePublicEncryptionKey ::= CHOICE {
eciesNistP256 EccP256CurvePoint,
eciesBrainpoolP256r1 EccP256CurvePoint,
...
}
/**
* @class PublicVerificationKey
*
* @brief This structure represents a public key and states with what
* algorithm the public key is to be used. Cryptographic mechanisms are
* defined in 5.3.
*
*
An EccP256CurvePoint or EccP384CurvePoint within a
* PublicVerificationKey structure is invalid if it indicates the choice
* x-only.
*
*
Critical information fields: If present, this is a critical
* information field as defined in 5.2.6. An implementation that does not
* recognize the indicated CHOICE when verifying a signed SPDU shall indicate
* that the signed SPDU is invalid.
*/
PublicVerificationKey ::= CHOICE {
ecdsaNistP256 EccP256CurvePoint,
ecdsaBrainpoolP256r1 EccP256CurvePoint,
...,
ecdsaBrainpoolP384r1 EccP384CurvePoint
}
/**
* @class SymmetricEncryptionKey
*
* @brief This structure provides the key bytes for use with an identified
* symmetric algorithm. The only supported symmetric algorithm is AES-128 in
* CCM mode as specified in 5.3.7.
*/
SymmetricEncryptionKey ::= CHOICE {
aes128Ccm OCTET STRING(SIZE(16)),
...
}
--***************************************************************************--
-- PSID / ITS-AID --
--***************************************************************************--
/**
* @class PsidSsp
*
* @brief This structure represents the permissions that the certificate
* holder has with respect to data for a single application area, identified
* by a Psid. If the ServiceSpecificPermissions field is omitted, it
* indicates that the certificate holder has the default permissions
* associated with that Psid.
*
*
Consistency with signed SPDU. As noted in 5.1.1,
* consistency between the SSP and the signed SPDU is defined by rules
* specific to the given PSID and is out of scope for this standard.
*
*
Consistency with issuing certificate.
*
*
If a certificate has an appPermissions entry A for which the ssp
* field is omitted, A is consistent with the issuing certificate if the
* issuing certificate contains a PsidSspRange P for which the following holds:
*
* - The psid field in P is equal to the psid field in A and one of the
* following is true:
*
* - The sspRange field in P indicates all.
*
* - The sspRange field in P indicates opaque and one of the entries in
* opaque is an OCTET STRING of length 0.
*
*
*
* For consistency rules for other forms of the ssp field, see the
* following subclauses.
*/
PsidSsp ::= SEQUENCE {
psid Psid,
ssp ServiceSpecificPermissions OPTIONAL
}
/**
* @class SequenceOfPsidSsp
*
* @brief This type is used for clarity of definitions.
*/
SequenceOfPsidSsp ::= SEQUENCE OF PsidSsp
/**
* @class Psid
*
* @brief This type represents the PSID defined in IEEE Std 1609.12.
*/
Psid ::= INTEGER (0..MAX)
/**
* @class SequenceOfPsid
*
* @brief This type is used for clarity of definitions.
*/
SequenceOfPsid ::= SEQUENCE OF Psid
/**
* @class ServiceSpecificPermissions
*
* @brief This structure represents the Service Specific Permissions (SSP)
* relevant to a given entry in a PsidSsp. The meaning of the SSP is specific
* to the associated Psid. SSPs may be PSID-specific octet strings or
* bitmap-based. See Annex C for further discussion of how application
* specifiers may choose which SSP form to use.
*
*
Consistency with issuing certificate.
*
*
If a certificate has an appPermissions entry A for which the ssp
* field is opaque, A is consistent with the issuing certificate if the
* issuing certificate contains one of the following:
*
* - (OPTION 1) A SubjectPermissions field indicating the choice all and
* no PsidSspRange field containing the psid field in A;
*
* - (OPTION 2) A PsidSspRange P for which the following holds:
*
* - The psid field in P is equal to the psid field in A and one of the
* following is true:
*
* - The sspRange field in P indicates all.
*
* - The sspRange field in P indicates opaque and one of the entries in
* the opaque field in P is an OCTET STRING identical to the opaque field in
* A.
*
*
*
*
* For consistency rules for other types of ServiceSpecificPermissions,
* see the following subclauses.
*/
ServiceSpecificPermissions ::= CHOICE {
opaque OCTET STRING (SIZE(0..MAX)),
...,
bitmapSsp BitmapSsp
}
/**
* @class BitmapSsp
*
* @brief This structure represents a bitmap representation of a SSP. The
* mapping of the bits of the bitmap to constraints on the signed SPDU is
* PSID-specific.
*
*
Consistency with issuing certificate.
*
*
If a certificate has an appPermissions entry A for which the ssp
* field is bitmapSsp, A is consistent with the issuing certificate if the
* issuing certificate contains one of the following:
*
* - (OPTION 1) A SubjectPermissions field indicating the choice all and
* no PsidSspRange field containing the psid field in A;
*
* - (OPTION 2) A PsidSspRange P for which the following holds:
*
* - The psid field in P is equal to the psid field in A and one of the
* following is true:
*
* - EITHER The sspRange field in P indicates all
*
* - OR The sspRange field in P indicates bitmapSspRange and for every
* bit set to 1 in the sspBitmask in P, the bit in the identical position in
* the sspValue in A is set equal to the bit in that position in the
* sspValue in P.
*
*
*
*
* NOTE: A BitmapSsp B is consistent with a BitmapSspRange R if for every
* bit set to 1 in the sspBitmask in R, the bit in the identical position in
* B is set equal to the bit in that position in the sspValue in R. For each
* bit set to 0 in the sspBitmask in R, the corresponding bit in the
* identical position in B may be freely set to 0 or 1, i.e., if a bit is
* set to 0 in the sspBitmask in R, the value of corresponding bit in the
* identical position in B has no bearing on whether B and R are consistent.
*/
BitmapSsp ::= OCTET STRING (SIZE(0..31))
/**
* @class PsidSspRange
*
* @brief This structure represents the certificate issuing or requesting
* permissions of the certificate holder with respect to one particular set
* of application permissions.
*
* @param psid identifies the application area.
*
* @param sspRange identifies the SSPs associated with that PSID for which
* the holder may issue or request certificates. If sspRange is omitted, the
* holder may issue or request certificates for any SSP for that PSID.
*/
PsidSspRange ::= SEQUENCE {
psid Psid,
sspRange SspRange OPTIONAL
}
/**
* @class SequenceOfPsidSspRange
*
* @brief This type is used for clarity of definitions.
*/
SequenceOfPsidSspRange ::= SEQUENCE OF PsidSspRange
/**
* @class SspRange
*
* @brief This structure identifies the SSPs associated with a PSID for
* which the holder may issue or request certificates.
*
*
Consistency with issuing certificate.
*
*
If a certificate has a PsidSspRange A for which the ssp field is
* opaque, A is consistent with the issuing certificate if the issuing
* certificate contains one of the following:
*
* - (OPTION 1) A SubjectPermissions field indicating the choice all and
* no PsidSspRange field containing the psid field in A;
*
* - (OPTION 2) a PsidSspRange P for which the following holds:
*
* - The psid field in P is equal to the psid field in A and one of the
* following is true:
*
* - The sspRange field in P indicates all.
*
* - The sspRange field in P indicates opaque, and the sspRange field in
* A indicates opaque, and every OCTET STRING within the opaque in A is a
* duplicate of an OCTET STRING within the opaque in P.
*
*
*
*
* If a certificate has a PsidSspRange A for which the ssp field is all,
* A is consistent with the issuing certificate if the issuing certificate
* contains a PsidSspRange P for which the following holds:
*
* - (OPTION 1) A SubjectPermissions field indicating the choice all and
* no PsidSspRange field containing the psid field in A;
*
* - (OPTION 2) A PsidSspRange P for which the psid field in P is equal to
* the psid field in A and the sspRange field in P indicates all.
*
*
* For consistency rules for other types of SspRange, see the following
* subclauses.
*
*
NOTE: The choice "all" may also be indicated by omitting the
* SspRange in the enclosing PsidSspRange structure. Omitting the SspRange is
* preferred to explicitly indicating "all".
*/
SspRange ::= CHOICE {
opaque SequenceOfOctetString,
all NULL,
... ,
bitmapSspRange BitmapSspRange
}
/**
* @class BitmapSspRange
*
* @brief This structure represents a bitmap representation of a SSP. The
* sspValue indicates permissions. The sspBitmask contains an octet string
* used to permit or constrain sspValue fields in issued certificates. The
* sspValue and sspBitmask fields shall be of the same length.
*
*
Consistency with issuing certificate.
*
*
If a certificate has an PsidSspRange value P for which the
* sspRange field is bitmapSspRange, P is consistent with the issuing
* certificate if the issuing certificate contains one of the following:
*
* - (OPTION 1) A SubjectPermissions field indicating the choice all and
* no PsidSspRange field containing the psid field in P;
*
* - (OPTION 2) A PsidSspRange R for which the following holds:
*
* - The psid field in R is equal to the psid field in P and one of the
* following is true:
*
* - EITHER The sspRange field in R indicates all
*
* - OR The sspRange field in R indicates bitmapSspRange and for every
* bit set to 1 in the sspBitmask in R:
*
* - The bit in the identical position in the sspBitmask in P is set
* equal to 1, AND
*
* - The bit in the identical position in the sspValue in P is set equal
* to the bit in that position in the sspValue in R.
*
*
*
*
*
*
Reference ETSI TS 103 097 [B7] for more information on bitmask SSPs.
*/
BitmapSspRange ::= SEQUENCE {
sspValue OCTET STRING (SIZE(1..32)),
sspBitmask OCTET STRING (SIZE(1..32))
}
/**
* @class SequenceOfOctetString
*
* @brief This type is used for clarity of definitions.
*/
SequenceOfOctetString ::=
SEQUENCE (SIZE (0..MAX)) OF OCTET STRING (SIZE(0..MAX))
--***************************************************************************--
-- Certificate Components --
--***************************************************************************--
/**
* @class SubjectAssurance
*
* @brief This field contains the certificate holder’s assurance level, which
* indicates the security of both the platform and storage of secret keys as
* well as the confidence in this assessment.
*
*
This field is encoded as defined in Table 1, where "A" denotes bit
* fields specifying an assurance level, "R" reserved bit fields, and "C" bit
* fields specifying the confidence.
*
*
Table 1: Bitwise encoding of subject assurance
*
*
*
* Bit number | 7 | 6 | 5 | 4 |
* 3 | 2 | 1 | 0 |
*
*
* Interpretation | A | A | A | R |
* R | R | C | C |
*
*
*
* In Table 1, bit number 0 denotes the least significant bit. Bit 7
* to bit 5 denote the device's assurance levels, bit 4 to bit 2 are reserved
* for future use, and bit 1 and bit 0 denote the confidence.
*
*
The specification of these assurance levels as well as the
* encoding of the confidence levels is outside the scope of the present
* document. It can be assumed that a higher assurance value indicates that
* the holder is more trusted than the holder of a certificate with lower
* assurance value and the same confidence value.
*
*
NOTE: This field was originally specified in ETSI TS 103 097 [B7]
* and future uses of this field are anticipated to be consistent with future
* versions of that document.
*/
SubjectAssurance ::= OCTET STRING (SIZE(1))
/**
* @class CrlSeries
*
* @brief This integer identifies a series of CRLs issued under the authority
* of a particular CRACA.
*/
CrlSeries ::= Uint16
--***************************************************************************--
-- Pseudonym Linkage --
--***************************************************************************--
/**
* @class IValue
*
* @brief This atomic type is used in the definition of other data structures.
*/
IValue ::= Uint16
/**
* @class Hostname
*
* @brief This is a UTF-8 string as defined in IETF RFC 3629. The contents
* are determined by policy.
*/
Hostname ::= UTF8String (SIZE(0..255))
/**
* @class LinkageValue
*
* @brief This is the individual linkage value. See 5.1.3 and 7.3 for details
* of use.
*/
LinkageValue ::= OCTET STRING (SIZE(9))
/**
* @class GroupLinkageValue
*
* @brief This is the group linkage value. See 5.1.3 and 7.3 for details of
* use.
*/
GroupLinkageValue ::= SEQUENCE {
jValue OCTET STRING (SIZE(4)),
value OCTET STRING (SIZE(9))
}
/**
* @class LaId
*
* @brief This structure contains a LA Identifier for use in the algorithms
* specified in 5.1.3.4.
*/
LaId ::= OCTET STRING (SIZE(2))
/**
* @class LinkageSeed
*
* @brief This structure contains a linkage seed value for use in the
* algorithms specified in 5.1.3.4.
*/
LinkageSeed ::= OCTET STRING (SIZE(16))
END