diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100755 index 0000000000000000000000000000000000000000..8bce5d01f0b8cf898e9f63ecf4969f7173f52e59 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,19 @@ +include: + - project: 'forge-tools/asn2md' + file: '/gitlab-ci/base.yml' + +variables: + ASN1_SRC: '*.asn sec_ts103097/*.asn ieee1609.2/Ieee1609Dot2.asn ieee1609.2/Ieee1609Dot2BaseTypes.asn' + GIT_SUBMODULE_STRATEGY: normal + +validate: + extends: .validate + only: + changes: + - '*.asn' + +documentation: + extends: .documentation + only: + changes: + - '*.asn' diff --git a/.gitmodules b/.gitmodules new file mode 100755 index 0000000000000000000000000000000000000000..a7c5f9b798c7aa47952bbe6688d8c4d081d5f161 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,7 @@ +[submodule "sec_ts103097"] + path = sec_ts103097 + url = https://forge.etsi.org/rep/ITS/asn1/sec_ts103097.git + branch = release2 +[submodule "ieee1609.2"] + path = ieee1609.2 + url = https://forge.etsi.org/rep/ITS/asn1/ieee1609.2.git diff --git a/EtsiTs103759.asn b/EtsiTs103759.asn new file mode 100755 index 0000000000000000000000000000000000000000..f8accee4ddf998f7029edb4718cf27a968efb948 --- /dev/null +++ b/EtsiTs103759.asn @@ -0,0 +1,156 @@ +EtsiTs103759 {itu-t(0) identified-organization(4) etsi(0) + itsDomain(5) wg5(5) ts(103759) general(1) core(1) major-version-1(1) + minor-version-2 (2)} + +DEFINITIONS AUTOMATIC TAGS ::= BEGIN + +EXPORTS ALL; + +IMPORTS + EtsiTs103097Data-SignedAndEncrypted-Unicast +FROM EtsiTs103097Module {itu-t(0) identified-organization(4) etsi(0) + itsDomain(5) wg5(5) secHeaders(103097) core(1) major-version-3(3) + minor-version-1(1)} +WITH SUCCESSORS + + Psid, + ThreeDLocation, + Time64, + Uint8 +FROM Ieee1609Dot2BaseTypes {iso(1) identified-organization(3) ieee(111) + standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) + base(1) base-types(2) major-version-2(2) minor-version-4(4)} +WITH SUCCESSORS + + AsrAppAgnostic +FROM EtsiTs103759AsrAppAgnostic {itu-t(0) identified-organization(4) etsi(0) + itsDomain(5) wg5(5) ts(103759) aid-specific(2) appAgnostic(270549119) + major-version-1(1) minor-version-0(0)} +WITH SUCCESSORS + + AsrCam +FROM EtsiTs103759AsrCam {itu-t(0) identified-organization(4) etsi(0) + itsDomain(5) wg5(5) ts(103759) aid-specific(2) cam(36) + major-version-1(1) minor-version-0(0)} +WITH SUCCESSORS + + AsrDenm +FROM EtsiTs103759AsrDenm {itu-t(0) identified-organization(4) etsi(0) + itsDomain(5) wg5(5) ts(103759) aid-specific(2) denm(37) + major-version-1(1) minor-version-0(0)} +WITH SUCCESSORS + + AsrBsm +FROM SaeJ3287AsrBsm {joint-iso-itu-t (2) country (16) us (840) organization (1) + sae (114566) v2x-communications (1) technical-committees (1) v2x-security (4) + technical-reports (1) misbehavior-reporting (1) asn1-module (1) + aid-specific(2) bsm(32) version-1 (1) version-minor-0 (0)} +WITH SUCCESSORS +; + +/** + * @brief This data type is the general PDU for a misbehaviour report from an + * ITS-S to the MA responsible for reports of that type. AID-specific modules + * (EtsiTs103759AsrAppAgnostic, EtsiTs103759AsrCam, EtsiTs103759AsrDenm, + * SaeJ3287AsrBsm) have been imported using WITH SUCCESSORS to enable importing + * one or more of those modules with minor-version greater than 0 without + * requiring any change in the import statements. At least one of these + * AID-specific modules shall have minor-version greater than 0. + * + * @param version: contains the version number of this PDU definition. For this + * version of this data type it shall be equal to 2. + * + * @param generationTime: contains information on when this PDU was generated. + * + * @param observationLocation: is the location at which the last observation of + * a V2X PDU was made before the decision was taken to generate a report. + * + * @param report: contains the AID-specific misbehaviour report. + */ +EtsiTs103759Data ::= SEQUENCE { + version Uint8, + generationTime Time64, + observationLocation ThreeDLocation, + report AidSpecificReport +} + +/** + * @brief This structure is the SPDU used to send a signed and encrypted + * EtsiTs103759Data to the MA. For the signature to be valid the signing + * certificate shall conform to the authorization ticket profile given in + * clause 7.2.1 of ETSI TS 103 097 v2.1.1, where the appPermissions field in + * the authorization ticket allows signing misbehaviour reports. The signed + * EtsiTs103759Data shall be encrypted to the MA using the encryptionKey in + * the MA's certificate. + */ +EtsiTs103759Data-SignedAndEncrypted-Unicast ::= + EtsiTs103097Data-SignedAndEncrypted-Unicast { + EtsiTs103759Data +} + +/** + * @brief This data type is the whole report on issues detected for a specific + * ITS-AID. This ITS-AID may identify an individual application, or may identify + * cross-application or non-application-specific misbehaviour cases. + * + * @param aid: contains the respective ITS-AID. + * + * @param content: contains the report contents, e.g., AsrCam. This will be a + * TemplateAsr instantiated with AID-specific Information Object Sets. + */ +AidSpecificReport ::= SEQUENCE { + aid C-ASR.&aid ({SetAsr}), + content C-ASR.&Content ({SetAsr}{@.aid}) +} + +/** + * @brief This data type defines the IOC for AidSpecificReport. + * + * @param aid: contains the globally unique reference identifier of an + * AID-specific misbehaviour report. + * + * @param Content: contains the open type of the PDU identified by aid. This + * will be a TemplateAsr instantiated with AID-specific Information Object + * Sets. + */ +C-ASR ::= CLASS { + &aid Psid UNIQUE, + &Content +} WITH SYNTAX {&Content IDENTIFIED BY &aid} + +/** + * @brief This data type defines the IOS for AidSpecificReport. See the ASN.1 + * modules where each set is defined for a description of that set. + */ +SetAsr C-ASR ::= { + {AsrAppAgnostic IDENTIFIED BY c-AsrAppAgnostic} | + {AsrCam IDENTIFIED BY c-AsrCam} | + {AsrDenm IDENTIFIED BY c-AsrDenm}, + ..., + {AsrBsm IDENTIFIED BY c-AsrBsm} +} + +/** + * @brief This data type contains the ITS-AID of the unknown service. + * + * @note This value is used for suspicious observations that are not + * or cannot be linked to a specific application. + */ +c-AsrAppAgnostic Psid ::= 270549119 + +/** + * @brief This data type contains the ITS-AID of the CA service. + */ +c-AsrCam Psid ::= 36 + +/** + * @brief This data type contains the ITS-AID of the DEN service. + */ +c-AsrDenm Psid ::= 37 + +/** + * @brief This data type contains the ITS-AID of the BSM. + */ +c-AsrBsm Psid ::= 32 + +END \ No newline at end of file diff --git a/EtsiTs103759AsrAppAgnostic.asn b/EtsiTs103759AsrAppAgnostic.asn new file mode 100755 index 0000000000000000000000000000000000000000..59af4dfc14620b9c44c8ca0ac74b7ca89456a18f --- /dev/null +++ b/EtsiTs103759AsrAppAgnostic.asn @@ -0,0 +1,14 @@ +EtsiTs103759AsrAppAgnostic {itu-t(0) identified-organization(4) etsi(0) + itsDomain(5) wg5(5) ts(103759) aid-specific(2) appAgnostic(270549119) + major-version-1(1) minor-version-0(0)} + +DEFINITIONS AUTOMATIC TAGS ::= BEGIN + +EXPORTS ALL; + +/** + * @brief This data type is defined as NULL for this version of the standard. + */ +AsrAppAgnostic ::= NULL + +END \ No newline at end of file diff --git a/EtsiTs103759AsrCam.asn b/EtsiTs103759AsrCam.asn new file mode 100755 index 0000000000000000000000000000000000000000..d406aa334b44cdf868f7ac5aa666542fed30cd56 --- /dev/null +++ b/EtsiTs103759AsrCam.asn @@ -0,0 +1,221 @@ +EtsiTs103759AsrCam {itu-t(0) identified-organization(4) etsi(0) + itsDomain(5) wg5(5) ts(103759) aid-specific(2) cam(36) + major-version-1(1) minor-version-1(1)} + +DEFINITIONS AUTOMATIC TAGS ::= BEGIN + +EXPORTS ALL; + +IMPORTS + C-ASR-EV, + C-ASR-OBS-BY-TGT, + C-ASR-SINGLE-OBS, + MbSingleObservation, + TemplateAsr +FROM EtsiTs103759BaseTypes {itu-t(0) identified-organization(4) etsi(0) + itsDomain(5) wg5(5) ts(103759) general(1) base-types(3) major-version-1(1) + minor-version-1 (1)} +WITH SUCCESSORS + + obs-Beacon-IntervalTooSmall, + obs-Static-Change, + obs-Security-MessageIdIncWithHeaderInfo, + obs-Security-HeaderIncWithSecurityProfile, + obs-Security-HeaderPsidIncWithCertificate, + obs-Security-MessageIncWithSsp, + obs-Security-HeaderTimeOutsideCertificateValidity, + obs-Security-MessageLocationOutsideCertificateValidity, + obs-Security-HeaderLocationOutsideCertificateValidity, + obs-Position-ChangeTooLarge, + obs-Speed-ValueTooLarge-VehicleType, + obs-Speed-ValueTooLarge-DriveDirectionReverse, + obs-Speed-ChangeTooLarge, + obs-LongAcc-ValueTooLarge +FROM EtsiTs103759MbrCommonObservations {itu-t(0) identified-organization(4) + etsi(0) itsDomain(5) wg5(5) ts(103759) general(1) common-observations(2) + major-version-1(1) minor-version-1(1)} +WITH SUCCESSORS + + Uint8 +FROM Ieee1609Dot2BaseTypes {iso(1) identified-organization(3) ieee(111) + standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) + base(1) base-types(2) major-version-2(2) minor-version-4(4)} +WITH SUCCESSORS +; + +/** + * @brief This data type is for reporting CAM issues. + */ +AsrCam ::= TemplateAsr {{SetMbObsTgtsCam}, {SetMbEvCam}} + + +/* Identify target classes for CAM */ +IdCamTgt ::= Uint8 + +c-CamTgt-BeaconCommon IdCamTgt ::= 0 +c-CamTgt-StaticCommon IdCamTgt ::= 1 +c-CamTgt-SecurityCommon IdCamTgt ::= 2 +c-CamTgt-PositionCommon IdCamTgt ::= 3 +c-CamTgt-SpeedCommon IdCamTgt ::= 4 +c-CamTgt-LongAccCommon IdCamTgt ::= 5 + +SetMbObsCamBeacon C-ASR-SINGLE-OBS ::= { + obs-Beacon-IntervalTooSmall, + ... +} + +SetMbObsCamStatic C-ASR-SINGLE-OBS ::= { + obs-Static-Change, + ... +} + +SetMbObsCamSecurity C-ASR-SINGLE-OBS ::= { + obs-Security-MessageIdIncWithHeaderInfo | + obs-Security-HeaderIncWithSecurityProfile | + obs-Security-HeaderPsidIncWithCertificate | + obs-Security-MessageIncWithSsp | + obs-Security-HeaderTimeOutsideCertificateValidity | + obs-Security-MessageLocationOutsideCertificateValidity | + obs-Security-HeaderLocationOutsideCertificateValidity, + ... +} + +SetMbObsCamPosition C-ASR-SINGLE-OBS ::= { + obs-Position-ChangeTooLarge, + ... +} + +SetMbObsCamSpeed C-ASR-SINGLE-OBS ::= { + obs-Speed-ValueTooLarge-VehicleType | + obs-Speed-ValueTooLarge-DriveDirectionReverse | + obs-Speed-ChangeTooLarge, + ... +} + +SetMbObsCamLongAcc C-ASR-SINGLE-OBS ::= { + obs-LongAcc-ValueTooLarge, + ... +} + + + +/** + * @brief This is a complete set of observations for CAM. Application-specific + * trigger conditions and other relevant information are specified below. + * + * @param SetMbObsCamBeacon: + * - `Beacon-IntervalTooSmall`: The difference between the generation + * time of two consecutive CAMs is less than 80% of the value specified in TS + * 103 900 v2.0.0 section 6.1.3. The difference is calculated as the difference + * between the two values of generationDeltaTime. The two CAMs presented + * shall have the difference in the generationTime from the security + * headerInfo be less than 65,535 milliseconds, and the generationTime in the + * second CAM greater than the generationTime in the first. If the + * generationDeltaTime value in the second CAM is less than the + * generationDeltaTime in the first, 65,536 milliseconds shall be added to + * the value in the second for purposes of determining the difference between + * the two generationDeltaTime values. + * + * @param SetMbObsCamStatic: + * - `Static-Change`: Any change in the values of one or more of the + * following fields: performanceClass, specialTransportType, stationType, + * vehicleLength, vehicleRole, vehicleWidth. + * - `Semantics of the BIT STRING`: performanceClass(0), + * specialTransportType(1), stationType(2), vehicleLength(3), vehicleRole(4), + * vehicleWidth(5). + * + * + * @param SetMbObsCamSecurity: + * - `Security-MessageIdIncWithHeaderInfo`: The messageID is inconsistent + * with the security headerInfo, e.g., messageId = cam(2) but psid in the + * security headerInfo is not equal to 36, the PSID value of CAM. + * + * - `Security-HeaderIncWithSecurityProfile`: The security headerInfo is + * inconsistent with the security profile specified in ETSI TS 103 097 V2.1.1 + * (2021-10), e.g., generationTime is absent in the security headerInfo but + * is required to be present in the security profile. + * + * - `Security-HeaderPsidIncWithCertificate`: The psid in the security + * headerInfo is not contained in the appPermissions of the certificate, e.g., + * psid in the security headerInfo is equal to 36, but the appPermissions in the + * certificate does not include the value 36. + * + * - `Security-MessageIncWithSsp`: The message payload is inconsistent + * with the SSP in the certificate, as specified in TS 103 900 v2.0.0,e.g., + * publicTransportContainer is present in the specialVehicleContainer but the + * relevant SSP in the certificate does not permit publicTransportContainer. + * + * - `Security-HeaderTimeOutsideCertificateValidity`: The generationTime + * in the security headerInfo is outside the validityPeriod in the certificate. + * + * - `Security-MessageLocationOutsideCertificateValidity`: The + * referencePosition in the message is outside the region in the certificate. + * + * - `Security-HeaderLocationOutsideCertificateValidity`: The + * generationLocation in the security headerInfo is outside the region in the + * certificate. + * + * @param SetMbObsEtsiOnlyPosition: + * - `Position-ChangeTooLarge`: The speed calculated from the change in + * referencePosition of two consecutive CAMs meets the trigger conditions of + * Speed-ValueTooLarge-VehicleType. + * + * @param SetMbObsEtsiOnlySpeed: + * - `Speed-ValueTooLarge-VehicleType`: The trigger conditions depend on + * the stationType as follows: + * + * - `passengerCar(5)`: The speedValue is greater than 14,000. (Currently, the + * fastest car in the world has a top speed that is less than 500 km/h, i.e., + * 13,889 cm/s.) + * + * - `motorcycle(4), bus(6), lightTruck(7), heavyTruck(8), trailer(9)`: The + * speedValue is greater than 8,500. (Currently, the top speed on most popular + * cars is less than 300 km/h, i.e., 8,333 cm/s.) + * + * - `unknown(0), pedestrian(1), cyclist(2), moped(3), specialVehicles(10), + * tram(11)` : The speedValue is greater than 3,000. (Currently, non-highway + * speed limits are usually well below 100 km/h, i.e., 2,778 cm/s.) + * + * - `roadSideUnit(15)`: The speedValue is greater than 0. (Road side units + * shouldn't be transmitting while being transported.) + * + * - `Speed-ValueTooLarge-DriveDirectionReverse`: The driveDirection is + * backward (1) and the speedValue is greater than 3,000. (Usually, backward + * drives are far less than 50m long, and with maximum possible acceleration of + * 9 m/s^2 (see trigger conditions for LongAcc-ValueTooLarge), max attainable + * speed is sqrt(2*9*50) m/s, i.e., 3,000 cm/s.) + * + * - `Speed-ChangeTooLarge`: The acceleration calculated from the change + * in speedValue of two consecutive CAMs meets the trigger conditions of + * LongAcc-ValueTooLarge. + * + * @param SetMbObsEtsiOnlyLongAcc: + * - `LongAcc-ValueTooLarge`: The longitudinalAcceleration is greater + * than 90 dm/s^2. (Typical \mu (coefficient of friction between asphalt and + * rubber) is 0.9, so maximum possible acceleration is 0.9*9.8 m/s^2, i.e., + * 88.2 dm/s^2.) + */ +SetMbObsTgtsCam C-ASR-OBS-BY-TGT ::= { + {MbSingleObservation{{SetMbObsCamBeacon}} BY + c-CamTgt-BeaconCommon} | + {MbSingleObservation{{SetMbObsCamStatic}} BY + c-CamTgt-StaticCommon} | + {MbSingleObservation{{SetMbObsCamSecurity}} BY + c-CamTgt-SecurityCommon} | + {MbSingleObservation{{SetMbObsCamPosition}} BY + c-CamTgt-PositionCommon} | + {MbSingleObservation{{SetMbObsCamSpeed}} BY + c-CamTgt-SpeedCommon} | + {MbSingleObservation{{SetMbObsCamLongAcc}} BY + c-CamTgt-LongAccCommon}, + ... +} + +/** + * @brief This data type defines the IOS for CAM Evidence. + */ +SetMbEvCam C-ASR-EV ::= { + ... +} + +END \ No newline at end of file diff --git a/EtsiTs103759AsrDenm.asn b/EtsiTs103759AsrDenm.asn new file mode 100755 index 0000000000000000000000000000000000000000..d0b1d562809089a2e80c5f4f11c5c202c4ea1fd7 --- /dev/null +++ b/EtsiTs103759AsrDenm.asn @@ -0,0 +1,14 @@ +EtsiTs103759AsrDenm {itu-t(0) identified-organization(4) etsi(0) + itsDomain(5) wg5(5) ts(103759) aid-specific(2) denm(37) + major-version-1(1) minor-version-0(0)} + +DEFINITIONS AUTOMATIC TAGS ::= BEGIN + +EXPORTS ALL; + +/** + * @brief This data type is defined as NULL for version 0 of this file. + */ +AsrDenm ::= NULL + +END \ No newline at end of file diff --git a/EtsiTs103759BaseTypes.asn b/EtsiTs103759BaseTypes.asn new file mode 100755 index 0000000000000000000000000000000000000000..e52462b1341e69c464fb247921e5c48a5104cc4c --- /dev/null +++ b/EtsiTs103759BaseTypes.asn @@ -0,0 +1,203 @@ +EtsiTs103759BaseTypes {itu-t(0) identified-organization(4) etsi(0) + itsDomain(5) wg5(5) ts(103759) general(1) base-types(3) major-version-1(1) + minor-version-1 (1)} + +DEFINITIONS AUTOMATIC TAGS ::= BEGIN + +EXPORTS ALL; + +IMPORTS + Opaque, + Uint8 +FROM Ieee1609Dot2BaseTypes {iso(1) identified-organization(3) ieee(111) + standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) + base(1) base-types(2) major-version-2(2) minor-version-4(4)} +WITH SUCCESSORS + + Ieee1609Dot2Data, + Certificate +FROM Ieee1609Dot2 {iso(1) identified-organization(3) ieee(111) + standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) + base(1) schema(1) major-version-2(2) minor-version-6(6)} +WITH SUCCESSORS +; + +/** + * @brief This data type contains the template for a report on any ITS PDU. + * + * @param observations: identifies which detectors were triggered and why. It + * can include cross-references to the PDUs and evidence fields. The + * observations are drawn from a supplied application-specific observation + * Information Object Set. + * + * @param v2xPduEvidence: contains PDUs that triggered the detectors reported in + * the observations field, plus other PDUs sent for the same application (AID) + * by the same sender). + * + * @param nonV2xPduEvidence: is any information that was used by the + * detectors other than the V2X PDUs. If the report does not contain any + * observations that use other evidence (for example, if the report is simply + * that a speed value is implausibly high for any land vehicle, or that two + * V2X PDUs appear to show two different senders in the same physical + * space) then this field can be length 0. The evidence is drawn from a + * supplied application-specific evidence Information Object Set. + */ +TemplateAsr { + C-ASR-OBS-BY-TGT: ObservationSet, C-ASR-EV: NonV2xPduEvidenceSet +} ::= SEQUENCE { + observations ObservationsByTargetSequence {{ObservationSet}}, + v2xPduEvidence SEQUENCE (SIZE(1..MAX)) OF V2xPduStream, + nonV2xPduEvidence NonV2xPduEvidenceItemSequence {{NonV2xPduEvidenceSet}} +} + +/** + * @brief This data type contains all of the observations related to a + * particular "target" property, e.g., speed or security. + * + * @param tgtId: identifies the "target" of the observation, e.g., speed. This + * identifier is drawn from an application-specific Information Object Set of + * observations by target. + * + * @param observations: contains all the observations related to that target. + * The observations are drawn from the provided Information Object Set. + */ +ObservationsByTarget {C-ASR-OBS-BY-TGT: SetAsrObsByTgt} ::= SEQUENCE { + tgtId C-ASR-OBS-BY-TGT.&id ({SetAsrObsByTgt}), + observations SEQUENCE OF C-ASR-OBS-BY-TGT.&Val ({SetAsrObsByTgt}{@.tgtId}) +} + +ObservationsByTargetSequence { C-ASR-OBS-BY-TGT: SetAsrObsByTgt } ::= + SEQUENCE (SIZE(1..MAX)) OF ObservationsByTarget {{ SetAsrObsByTgt }} + +/** + * @brief This is the Information Object Class used to define observations- + * -by-target. + */ +C-ASR-OBS-BY-TGT ::= C-2ENT + +/** + * @brief This data type contains a single misbehaviour observation. + * + * @param obsId: identifies the observation within the set of observations + * for that target, e.g., target = speed, observation = "speed higher than + * plausible given the physical map". This identifier is drawn from an + * application-and-target-specific Information Object Set of single + * observations. + * + * @param obs: contains any parameters relevant to the observation. The + * observations are drawn from the provided Information Object Set. + */ +MbSingleObservation {C-ASR-SINGLE-OBS: SetMbSingleObs} ::= SEQUENCE { + obsId C-ASR-SINGLE-OBS.&id ({SetMbSingleObs}), + obs C-ASR-SINGLE-OBS.&Val ({SetMbSingleObs}{@.obsId}) +} + +/** + * @brief This is the Information Object Class used to define single + * observations. + */ +C-ASR-SINGLE-OBS ::= C-2ENT + +/** + * @brief This data type contains PDU stream from a single sender. + * + * @param id: identifies the type of the PDU, meaning in this case + * what protocol headers are included from the stack. + * + * @param v2xPdus: is the PDU stream, i.e., a series of PDUs for the same AID + * sent by the same sender (where "sent by the same sender" means "signed by + * the same certificate"). The PDUs are ordered in chronological order of + * reception by the reporter. All PDUs in this field are of the same type, + * i.e., correspond to the same IdObsPdu. This field will always contain a + * "subject PDU", i.e., a PDU that is the subject of the observations. + * Additional PDUs may be included depending on which observations appear in + * the observations field. A specification of an observation is expected to + * include a specification of which PDUs are to be included in this field. + * + * @param certificate: contains the certificate that signed the PDUs if it is + * not explicitly included in one of the PDUs. (There is no need to include + * the entire certificate chain from the ITS station up to the Root CA, just + * the ITS station certificate is enough, as the MA is expected to have the + * rest of the certificates in the chain.) Note that if the sender certificate + * changes, PDUs signed by the new certificate and included in this report + * will be in a separate V2xPduStream instance within the v2xPduEvidence + * field of the TemplateAsr. + * + * @param subjectPduIndex: identifies which PDU within the v2xPdus sequence + * is the "subject PDU", i.e., the PDU associated with the observations. + */ +V2xPduStream ::= SEQUENCE { + type C-OBS-PDU.&id ({SetObsPdu}), + v2xPdus SEQUENCE (SIZE(1..255)) OF C-OBS-PDU.&Val ({SetObsPdu}{@.type}), + certificate Certificate OPTIONAL, + subjectPduIndex Uint8, + ... +} + +/** + * @brief This is the Information Object Class used to define different types + * of observed PDUs. + */ +C-OBS-PDU ::= C-2ENT + +/** + * @brief This data type contains the IOS for the observed PDU. + */ +SetObsPdu C-OBS-PDU ::= { + {ObsPduEtsiGn BY c-ObsPdu-etsiGn} | + {Ieee1609Dot2Data BY c-ObsPdu-ieee1609Dot2Data}, + ... +} + +/** + * @brief This data type contains the identifier of the type of observed PDU. + * + * @param c-ObsPdu-etsiGn: is the identifier for ETSI GeoNetworking. + * + * @param c-ObsPdu-ieee1609Dot2Data: is the identifier for IEEE 1609.2. + */ +IdObsPdu ::= Uint8 +c-ObsPdu-etsiGn IdObsPdu ::= 1 +c-ObsPdu-ieee1609Dot2Data IdObsPdu ::= 2 + +/** + * @brief ObsPduEtsiGn shall contain an encoded ETSI geonetworking PDU + * according to ETSI TS 103 836-4-1, at GeoNetworking level, i.e. without + * Access Layer header. + */ +ObsPduEtsiGn ::= Opaque + +/** + * @brief This data type contains evidence, which may be referenced by one or + * more observations. + * + * @param id: identifies the evidence type. + * + * @param evidence: contains the evidence. + */ +NonV2xPduEvidenceItem {C-ASR-EV: SetMbEv} ::= SEQUENCE { + id C-ASR-EV.&id ({SetMbEv}), + evidence C-ASR-EV.&Val ({SetMbEv}{@.id}) +} + +NonV2xPduEvidenceItemSequence {C-ASR-EV: NonV2xPduEvidenceSet} ::= + SEQUENCE (SIZE(0..MAX)) OF NonV2xPduEvidenceItem {{ NonV2xPduEvidenceSet }} + +/** + * @brief This is the Information Object Class used to define evidence. + * + * @note No instances of this class are defined in this version of this document. + */ +C-ASR-EV ::= C-2ENT + +/** + * @brief This structures uses single-byte IDs. If we run out of ID space + * in future, the Val type associated with ID 255 can also be structured + * hierarchically to extend the space. + */ +C-2ENT ::= CLASS { + &id Uint8, + &Val +} WITH SYNTAX {&Val BY &id} + +END diff --git a/EtsiTs103759CommonObservations.asn b/EtsiTs103759CommonObservations.asn new file mode 100644 index 0000000000000000000000000000000000000000..58c6215f6b60ceef160bfa28651356d006084169 --- /dev/null +++ b/EtsiTs103759CommonObservations.asn @@ -0,0 +1,405 @@ +EtsiTs103759MbrCommonObservations {itu-t(0) identified-organization(4) + etsi(0) itsDomain(5) wg5(5) ts(103759) general(1) common-observations(2) + major-version-1(1) minor-version-1(1)} + +DEFINITIONS AUTOMATIC TAGS ::= BEGIN + +EXPORTS ALL; + +IMPORTS + C-ASR-SINGLE-OBS +FROM EtsiTs103759BaseTypes {itu-t(0) identified-organization(4) etsi(0) + itsDomain(5) wg5(5) ts(103759) general(1) base-types(3) major-version-1(1) + minor-version-1 (1)} +WITH SUCCESSORS + + Uint8 +FROM Ieee1609Dot2BaseTypes {iso(1) identified-organization(3) ieee(111) + standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) + base(1) base-types(2) major-version-2(2) minor-version-4(4)} +WITH SUCCESSORS +; + +/** + * @brief Identifier type for observations: synonym for Uint8 + */ +IdMbObs ::= Uint8 + +/* + * Beacon issues + */ + +/** + * @brief This data type is provided for an observation of beacon interval + * that is too small. This doesn't apply to repeated PDUs, but only to two + * distinct PDUs. The trigger conditions are provided in the + * application-specific files. + * - `v2xPduEvidence`: The v2xPduEvidence field must contain at least + * one entry. The observation applies to the first entry. The subjectPduIndex + * in that V2xPduStream points to the PDU whose interval since the previous + * PDU is being flagged as too small. The v2xPdus field in that entry must + * contain at least the subject PDU and the PDU that immediately preceded it. + * The PDUs may be of any supported type and shall be of type + * c-MbObsMsg-ieee1609Dot2Data unless another observation included in the same + * report requires a different PDU type. + * + * - `nonV2xPduEvidence`: No other evidence is required to be included + * to support this observation. + */ +Beacon-IntervalTooSmall ::= NULL + +-- IDs +c-ObsBeacon-IntervalTooSmall IdMbObs::= 1 -- Class 2 + +-- Individual Information Objects +obs-Beacon-IntervalTooSmall C-ASR-SINGLE-OBS ::= + {Beacon-IntervalTooSmall BY c-ObsBeacon-IntervalTooSmall} + + +/* + * Static field issues + */ + +/** + * @brief This data type is provided for an observation of change in static + * fields. The semantics of the BIT STRING and trigger conditions are provided + * in the application-specific files. + * - `v2xPduEvidence`: The v2xPduEvidence field must contain at least + * one entry. The observation applies to the first entry. The subjectPduIndex + * in that V2xPduStream points to the PDU whose one or more static fields + * since the previous PDU is being flagged as changed. The v2xPdus field in + * that entry must contain at least the subject PDU and the PDU that + * immediately preceded it. The PDUs may be of any supported type and shall be + * of type c-MbObsMsg-ieee1609Dot2Data unless another observation included in + * the same report requires a different PDU type. + * + * - `nonV2xPduEvidence`: No other evidence is required to be included + * to support this observation. + */ +Static-Change ::= BIT STRING + +-- IDs +c-ObsStatic-Change IdMbObs::= 1 + +-- Individual Information Objects +obs-Static-Change C-ASR-SINGLE-OBS ::= + {Static-Change BY c-ObsStatic-Change} + + +/* + * Security issues + */ + +/** + * @brief This data type is provided for an observation, where the messageID + * is inconsistent with the psid in the security headerInfo. The trigger + * conditions are provided in the application-specific files. + * - `v2xPduEvidence`: The v2xPduEvidence field must contain at least + * one entry. The observation applies to the first entry. The subjectPduIndex + * in that V2xPduStream points to the PDU for which the messageID is being + * flagged as inconsistent with the psid in the security headerInfo. The + * v2xPdus field in that entry must contain at least the subject PDU. The + * PDU may be of any supported type and shall be of type + * c-MbObsMsg-ieee1609Dot2Data unless another observation included in the + * same report requires a different PDU type. + * + * - `nonV2xPduEvidence`: No other evidence is required to be included + * to support this observation. + */ +Security-MessageIdIncWithHeaderInfo ::= NULL + +/** + * @brief This data type is provided for an observation, where the security + * headerInfo is inconsistent with the security profile for that psid. The + * trigger conditions are provided in the application-specific files. + * - `v2xPduEvidence`: The v2xPduEvidence field must contain at least + * one entry. The observation applies to the first entry. The subjectPduIndex + * in that V2xPduStream points to the PDU for which the security headerInfo + * is being flagged as inconsistent with the security profile for that psid. + * The v2xPdus field in that entry must contain at least the subject PDU. The + * PDU may be of any supported type and shall be of type + * c-MbObsMsg-ieee1609Dot2Data unless another observation included in the same + * report requires a different PDU type. + * + * - `nonV2xPduEvidence`: No other evidence is required to be included + * to support this observation. + */ +Security-HeaderIncWithSecurityProfile ::= NULL + +/** + * @brief This data type is provided for an observation, where the psid in the + * security headerInfo is inconsistent with the psid in the certificate. The + * trigger conditions are provided in the application-specific files. + * - `v2xPduEvidence`: The v2xPduEvidence field must contain at least + * one entry. The observation applies to the first entry. The subjectPduIndex + * in that V2xPduStream points to the PDU for which the psid in the security + * headerInfo is being flagged as inconsistent with the psid in the + * certificate. The v2xPdus field in that entry must contain at least the + * subject PDU. The PDU may be of any supported type and shall be of type + * c-MbObsMsg-ieee1609Dot2Data unless another observation included in the + * same report requires a different PDU type. + * + * - `nonV2xPduEvidence`: No other evidence is required to be included + * to support this observation. + */ +Security-HeaderPsidIncWithCertificate ::= NULL + +/** + * @brief This data type is provided for an observation, where the message is + * is inconsistent with the SSP in the certificate. The trigger conditions are + * provided in the application-specific files. + * - `v2xPduEvidence`: The v2xPduEvidence field must contain at least + * one entry. The observation applies to the first entry. The subjectPduIndex + * in that V2xPduStream points to the PDU whose content is being flagged as + * inconsisent with the SSP in the certificate. The v2xPdus field in that + * entry must contain at least the subject PDU. The PDU may be of any + * supported type and shall be of type c-MbObsMsg-ieee1609Dot2Data unless + * another observation included in the same report requires a different PDU + * type. + * + * - `nonV2xPduEvidence`: No other evidence is required to be included + * to support this observation. + */ +Security-MessageIncWithSsp ::= NULL + +/** + * @brief This data type is provided for an observation, where the + * generationTime in the security headerInfo is outside the validity period of + * the certificate. The trigger conditions are provided in the + * application-specific files. + * - `v2xPduEvidence`: The v2xPduEvidence field must contain at least + * one entry. The observation applies to the first entry. The subjectPduIndex + * in that V2xPduStream points to the PDU for which the generationTime in the + * security headerInfo is being flagged as outside the validity period in the + * certificate. The v2xPdus field in that entry must contain at least the + * subject PDU. The PDU may be of any supported type and shall be of type + * c-MbObsMsg-ieee1609Dot2Data unless another observation included in the + * same report requires a different PDU type. + * + * - `nonV2xPduEvidence`: No other evidence is required to be included + * to support this observation. + */ +Security-HeaderTimeOutsideCertificateValidity ::= NULL + +/** + * @brief This data type is provided for an observation, where the location + * in the message is outside the validity region in the certificate. The + * trigger conditions are provided in the application-specific files. + * - `v2xPduEvidence`: The v2xPduEvidence field must contain at least + * one entry. The observation applies to the first entry. The subjectPduIndex + * in that V2xPduStream points to the PDU for which the location in the PDU is + * being flagged as outside the validity region in the certificate. The + * v2xPdus field in that entry must contain at least the subject PDU. The PDU + * may be of any supported type and shall be of type + * c-MbObsMsg-ieee1609Dot2Data unless another observation included in the same + * report requires a different PDU type. + * + * - `nonV2xPduEvidence`: No other evidence is required to be included + * to support this observation. + */ +Security-MessageLocationOutsideCertificateValidity ::= NULL + +/** + * @brief This data type is provided for an observation, where the + * generationLocation in the security headerInfo is outside the validity region + * in the certificate. The trigger conditions are provided in the + * application-specific files. + * - `v2xPduEvidence`: The v2xPduEvidence field must contain at least + * one entry. The observation applies to the first entry. The subjectPduIndex + * in that V2xPduStream points to the PDU for which the generationLocation in + * the security headerInfo is being flagged as outside the validity region in + * the certificate. The v2xPdus field in that entry must contain at least the + * subject PDU. The PDU may be of any supported type and shall be of type + * c-MbObsMsg-ieee1609Dot2Data unless another observation included in the same + * report requires a different PDU type. + * + * - `nonV2xPduEvidence`: No other evidence is required to be included + * to support this observation. + */ +Security-HeaderLocationOutsideCertificateValidity ::= NULL + +-- IDs +c-ObsSecurity-MessageIdIncWithHeaderInfo IdMbObs ::= 1 +c-ObsSecurity-HeaderIncWithSecurityProfile IdMbObs ::= 2 +c-ObsSecurity-HeaderPsidIncWithCertificate IdMbObs ::= 3 +c-ObsSecurity-MessageIncWithSsp IdMbObs ::= 4 +c-ObsSecurity-HeaderTimeOutsideCertificateValidity IdMbObs ::= 5 +c-ObsSecurity-MessageLocationOutsideCertificateValidity IdMbObs ::= 6 +c-ObsSecurity-HeaderLocationOutsideCertificateValidity IdMbObs ::= 7 + +-- Individual Information Objects +obs-Security-MessageIdIncWithHeaderInfo C-ASR-SINGLE-OBS ::= { + Security-MessageIdIncWithHeaderInfo BY + c-ObsSecurity-MessageIdIncWithHeaderInfo +} + +obs-Security-HeaderIncWithSecurityProfile C-ASR-SINGLE-OBS ::= { + Security-HeaderIncWithSecurityProfile BY + c-ObsSecurity-HeaderIncWithSecurityProfile +} + +obs-Security-HeaderPsidIncWithCertificate C-ASR-SINGLE-OBS ::= { + Security-HeaderPsidIncWithCertificate BY + c-ObsSecurity-HeaderPsidIncWithCertificate +} + +obs-Security-MessageIncWithSsp C-ASR-SINGLE-OBS ::= { + Security-MessageIncWithSsp BY c-ObsSecurity-MessageIncWithSsp +} + +obs-Security-HeaderTimeOutsideCertificateValidity C-ASR-SINGLE-OBS ::= { + Security-HeaderTimeOutsideCertificateValidity BY + c-ObsSecurity-HeaderTimeOutsideCertificateValidity +} + +obs-Security-MessageLocationOutsideCertificateValidity + C-ASR-SINGLE-OBS ::= { + Security-MessageLocationOutsideCertificateValidity BY + c-ObsSecurity-MessageLocationOutsideCertificateValidity +} + +obs-Security-HeaderLocationOutsideCertificateValidity + C-ASR-SINGLE-OBS ::= { + Security-HeaderLocationOutsideCertificateValidity BY + c-ObsSecurity-HeaderLocationOutsideCertificateValidity +} + +/* + * Position issues + */ + +/** + * @brief This data type is provided for an observation of change in position + * that is too large. The trigger conditions are provided in the + * application-specific files. + * - `v2xPduEvidence`: The v2xPduEvidence field must contain at least + * one entry. The observation applies to the first entry. The subjectPduIndex + * in that V2xPduStream points to the PDU whose position is being flagged as + * inconsistent with the previous PDU. The v2xPdus field in that entry must + * contain at least the subject PDU and the PDU that immediately preceded it. + * The PDU may be of any supported type and shall be of type + * c-MbObsMsg-ieee1609Dot2Data unless another observation included in the same + * report requires a different PDU type. + * + * - `nonV2xPduEvidence`: No other evidence is required to be included + * to support this observation. + */ +Position-ChangeTooLarge ::= NULL + +-- IDs +c-ObsPosition-ChangeTooLarge IdMbObs ::= 4 + +-- Individual Information Objects + +obs-Position-ChangeTooLarge C-ASR-SINGLE-OBS ::= { + Position-ChangeTooLarge BY c-ObsPosition-ChangeTooLarge +} + + +/* + * Speed issues + */ + +/** + * @brief This data type is provided for an observation of speed too large + * for a given vehicle type. The trigger conditions are provided in the + * application-specific files. + * - `v2xPduEvidence`: The v2xPduEvidence field must contain at least + * one entry. The observation applies to the first entry. The subjectPduIndex + * in that V2xPduStream points to the PDU whose speed is being flagged as too + * large for the vehicle type. The v2xPdus field in that entry must contain at + * least the subject PDU. The PDU may be of any supported type and shall be of + * type c-MbObsMsg-ieee1609Dot2Data unless another observation included in the + * same report requires a different PDU type. + * + * - `nonV2xPduEvidence`: No other evidence is required to be included + * to support this observation. + */ +Speed-ValueTooLarge-VehicleType ::= NULL + +/** + * @brief This data type is provided for an observation of speed too large + * for the reverse drive direction. The trigger conditions are provided in + * the application-specific files. + * - `v2xPduEvidence`: The v2xPduEvidence field must contain at least + * one entry. The observation applies to the first entry. The subjectPduIndex + * in that V2xPduStream points to the PDU whose speed is being flagged as too + * large for the reverse drive direction. The v2xPdus field in that entry must + * contain at least the subject PDU. The PDU may be of any supported type and + * shall be of type c-MbObsMsg-ieee1609Dot2Data unless another observation + * included in the same report requires a different PDU type. + * + * - `nonV2xPduEvidence`: No other evidence is required to be included + * to support this observation. + */ +Speed-ValueTooLarge-DriveDirectionReverse ::= NULL + +/** + * @brief This data type is provided for an observation of change in speed + * that is too large. The trigger conditions are provided in the + * application-specific files. + * - `v2xPduEvidence`: The v2xPduEvidence field must contain at least + * one entry. The observation applies to the first entry. The subjectPduIndex + * in that V2xPduStream points to the PDU whose speed is being flagged as + * inconsistent with the speed in the previous PDU. The v2xPdus field in that + * entry must contain at least the subject PDU and the PDU that immediately + * preceded it. The PDU may be of any supported type and shall be of type + * c-MbObsMsg-ieee1609Dot2Data unless another observation included in the + * same report requires a different PDU type. + * + * - `nonV2xPduEvidence`: No other evidence is required to be included + * to support this observation. + */ +Speed-ChangeTooLarge ::= NULL + +-- IDs +c-ObsSpeed-ValueTooLarge-VehicleType IdMbObs::= 3 +c-ObsSpeed-ValueTooLarge-DriveDirectionReverse IdMbObs::= 4 +c-ObsSpeed-ChangeTooLarge IdMbObs::= 5 + +-- Individual Information Objects +obs-Speed-ValueTooLarge-VehicleType C-ASR-SINGLE-OBS ::= { + Speed-ValueTooLarge-VehicleType BY c-ObsSpeed-ValueTooLarge-VehicleType +} + +obs-Speed-ValueTooLarge-DriveDirectionReverse C-ASR-SINGLE-OBS ::= { + Speed-ValueTooLarge-DriveDirectionReverse BY + c-ObsSpeed-ValueTooLarge-DriveDirectionReverse +} + +obs-Speed-ChangeTooLarge C-ASR-SINGLE-OBS ::= { + Speed-ChangeTooLarge BY c-ObsSpeed-ChangeTooLarge +} + + +/* + * Longitudinal acceleration issues + */ + +/** + * @brief This data type is provided for an observation of longitudinal + * acceleration that is too large. The trigger conditions are provided in the + * application-specific files. + * - `v2xPduEvidence`: The v2xPduEvidence field must contain at least + * one entry. The observation applies to the first entry. The subjectPduIndex + * in that V2xPduStream points to the PDU whose longitudinal acceleration is + * being flagged as too large. The v2xPdus field in that entry must contain at + * least the subject PDU. The PDU may be of any supported type and shall be of + * type c-MbObsMsg-ieee1609Dot2Data unless another observation included in the + * same report requires a different PDU type. + * + * - `nonV2xPduEvidence`: No other evidence is required to be included + * to support this observation. + */ +LongAcc-ValueTooLarge ::= NULL + +-- IDs +c-ObsLongAcc-ValueTooLarge IdMbObs::= 4 + +-- Individual Information Objects + +obs-LongAcc-ValueTooLarge C-ASR-SINGLE-OBS ::= { + LongAcc-ValueTooLarge BY c-ObsLongAcc-ValueTooLarge +} + +END \ No newline at end of file diff --git a/README.md b/README.md index 38b9b40dfe38756f5d25685515afddfa764cecf6..2b68c2cdf9a9feba78a042df3d28b22dfb28fd8a 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,18 @@ -# MBMR TS 103 759 +# ASN.1 modules for ETSI ITS Misbehaviour Reporting Service (ETSI TS 103 759) -ASN.1 modules for TS 103 759: Misbehaviour Reporting service \ No newline at end of file +The modules are published as a part of delivery **[ETSI TS 103 759 v2.1.1](https://www.etsi.org/deliver/etsi_ts/103700_103799/103759/02.01.01_60/ts_103759v020101p.pdf)** + +## License + +The content of this repository and the files contained are released under the BSD-3-Clause license. + +See the attached LICENSE file or visit https://forge.etsi.org/legal-matters. + +## Dependencies + +The module dependens of the following external modules and repositories: + +* The **[EtsiTs103097Module](https://forge.etsi.org/rep/ITS/asn1/sec_ts103097)** module from the **[ETSI TS 103 097 v.2.1.1](http://www.etsi.org/deliver/etsi_ts/103000_103099/103097/02.01.01_60/ts_103097v020101p.pdf)** - ITS Security Headers +* The **[IEEE1609Dot2](https://forge.etsi.org/rep/ITS/asn1/ieee1609.2)** module from the **IEEE Std 1609.2** - WAVE - Security Services for Applications and Management Messages + +*NOTE: Please use `--recurse-submodules` option in order to clone the module with all necessary dependencies.* diff --git a/SaeJ3287AsrBsm.asn b/SaeJ3287AsrBsm.asn new file mode 100644 index 0000000000000000000000000000000000000000..7577a12cddc91a3f9d17397b4fe3113e2c33d618 --- /dev/null +++ b/SaeJ3287AsrBsm.asn @@ -0,0 +1,12 @@ +SaeJ3287AsrBsm {joint-iso-itu-t (2) country (16) us (840) organization (1) + sae (114566) v2x-communications (1) technical-committees (1) v2x-security (4) + technical-reports (1) misbehavior-reporting (1) asn1-module (1) + aid-specific(2) bsm(32) version-1 (1) version-minor-0 (0)} + +DEFINITIONS AUTOMATIC TAGS ::= BEGIN + +EXPORTS ALL; + +AsrBsm ::= NULL + +END diff --git a/docs/EtsiTs103097ExtensionModule.md b/docs/EtsiTs103097ExtensionModule.md new file mode 100644 index 0000000000000000000000000000000000000000..2d89933b48772d2226b65071080fa2499a42949f --- /dev/null +++ b/docs/EtsiTs103097ExtensionModule.md @@ -0,0 +1,101 @@ +# ASN.1 module EtsiTs103097ExtensionModule + OID: _{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) secHeaders(103097) extension(2) major-version-1(1) minor-version-1(1)}_ + +## Imports: + * **[Ieee1609Dot2BaseTypes](Ieee1609Dot2BaseTypes.md)** *{iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2 (2) minor-version-3 (3)} WITH SUCCESSORS*
+ +## Data Elements: + +### ExtensionModuleVersion +```asn1 +ExtensionModuleVersion::= INTEGER(1) +``` + +### Extension + +Fields: +* id of type [**EXT-TYPE**](#EXT-TYPE) .&extId({ExtensionTypes})
+* content of type [**EXT-TYPE**](#EXT-TYPE) .&ExtContent({ExtensionTypes}{@.id})
+ +```asn1 +Extension {EXT-TYPE : ExtensionTypes} ::= SEQUENCE { + id EXT-TYPE.&extId({ExtensionTypes}), + content EXT-TYPE.&ExtContent({ExtensionTypes}{@.id}) +} +``` + +### EXT-TYPE + +Fields: +* extId of type [**ExtId**](#ExtId)
+```asn1 +EXT-TYPE ::= CLASS { + &extId ExtId, + &ExtContent +} WITH SYNTAX {&ExtContent IDENTIFIED BY &extId} +``` + + +### ExtId +```asn1 +ExtId ::= INTEGER(0..255) +``` + + +### EtsiOriginatingHeaderInfoExtension +```asn1 +EtsiOriginatingHeaderInfoExtension ::= Extension{{EtsiTs103097HeaderInfoExtensions}} +``` + + +### EtsiTs103097HeaderInfoExtensionId +```asn1 +EtsiTs103097HeaderInfoExtensionId ::= ExtId + etsiTs102941CrlRequestId EtsiTs103097HeaderInfoExtensionId ::= 1 + etsiTs102941DeltaCtlRequestId EtsiTs103097HeaderInfoExtensionId ::= 2 +``` + + +### EtsiTs103097HeaderInfoExtensions +```asn1 +EtsiTs103097HeaderInfoExtensions EXT-TYPE ::= { + { EtsiTs102941CrlRequest IDENTIFIED BY etsiTs102941CrlRequestId } | + { EtsiTs102941DeltaCtlRequest IDENTIFIED BY etsiTs102941DeltaCtlRequestId }, + ... +} +``` + +### EtsiTs102941CrlRequest + +Fields: +* issuerId of type [**HashedId8**](Ieee1609Dot2BaseTypes.md#HashedId8)
+* lastKnownUpdate of type [**Time32**](Ieee1609Dot2BaseTypes.md#Time32) OPTIONAL
+ +```asn1 +EtsiTs102941CrlRequest::= SEQUENCE { + issuerId HashedId8, + lastKnownUpdate Time32 OPTIONAL +} +``` + +### EtsiTs102941CtlRequest + +Fields: +* issuerId of type [**HashedId8**](Ieee1609Dot2BaseTypes.md#HashedId8)
+* lastKnownCtlSequence of type **INTEGER** (0..255) OPTIONAL
+ +```asn1 +EtsiTs102941CtlRequest::= SEQUENCE { + issuerId HashedId8, + lastKnownCtlSequence INTEGER (0..255) OPTIONAL +} +``` + + +### EtsiTs102941DeltaCtlRequest +```asn1 +EtsiTs102941DeltaCtlRequest::= EtsiTs102941CtlRequest +``` + + + diff --git a/docs/EtsiTs103097Module.md b/docs/EtsiTs103097Module.md new file mode 100644 index 0000000000000000000000000000000000000000..91d7844954a938d43620a1d84ebbd431cf090167 --- /dev/null +++ b/docs/EtsiTs103097Module.md @@ -0,0 +1,151 @@ +# ASN.1 module EtsiTs103097Module + OID: _{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) secHeaders(103097) core(1) major-version-3(3) minor-version-1(1)}_ + +## Imports: + * **[Ieee1609Dot2](Ieee1609Dot2.md)** *{iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) schema(1) major-version-2(2) minor-version-4(4)} WITH SUCCESSORS*
+ + * **[EtsiTs103097ExtensionModule](EtsiTs103097ExtensionModule.md)** *{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) secHeaders(103097) extension(2) major-version-1(1) minor-version-1(1)}*
+ +## Data Elements: + +### EtsiTs103097Certificate +```asn1 +EtsiTs103097Certificate::= Certificate (WITH COMPONENTS{..., + toBeSigned (WITH COMPONENTS{..., + id (WITH COMPONENTS{..., + linkageData ABSENT, + binaryId ABSENT + }), + certRequestPermissions ABSENT, + canRequestRollover ABSENT + }) +}) +``` + + +### EtsiTs103097Data +```asn1 +EtsiTs103097Data::=Ieee1609Dot2Data (WITH COMPONENTS {..., + content (WITH COMPONENTS {..., + signedData (WITH COMPONENTS {..., + tbsData (WITH COMPONENTS { + headerInfo (WITH COMPONENTS {..., + generationTime PRESENT, + p2pcdLearningRequest ABSENT, + missingCrlIdentifier ABSENT + }) + }), + signer (WITH COMPONENTS {..., + certificate ((WITH COMPONENT (EtsiTs103097Certificate))^(SIZE(1))) + }) + }), + encryptedData (WITH COMPONENTS {..., + recipients (WITH COMPONENT ( + (WITH COMPONENTS {..., + pskRecipInfo ABSENT, + symmRecipInfo ABSENT, + rekRecipInfo ABSENT + }) + )) + }), + signedCertificateRequest ABSENT + }) +}) +``` + + +### EtsiTs103097Data-Unsecured +```asn1 +EtsiTs103097Data-Unsecured {ToBeSentDataContent} ::= EtsiTs103097Data (WITH COMPONENTS {..., + content (WITH COMPONENTS { + unsecuredData (CONTAINING ToBeSentDataContent) + }) +}) +``` + + +### EtsiTs103097Data-Signed +```asn1 +EtsiTs103097Data-Signed {ToBeSignedDataContent} ::= EtsiTs103097Data (WITH COMPONENTS {..., + content (WITH COMPONENTS { + signedData (WITH COMPONENTS {..., + tbsData (WITH COMPONENTS { + payload (WITH COMPONENTS { + data (WITH COMPONENTS {..., + content (WITH COMPONENTS { + unsecuredData (CONTAINING ToBeSignedDataContent) + }) + }) PRESENT + }) + }) + }) + }) +}) +``` + + +### EtsiTs103097Data-SignedExternalPayload +```asn1 +EtsiTs103097Data-SignedExternalPayload ::= EtsiTs103097Data (WITH COMPONENTS {..., + content (WITH COMPONENTS { + signedData (WITH COMPONENTS {..., + tbsData (WITH COMPONENTS { + payload (WITH COMPONENTS { + extDataHash (WITH COMPONENTS { + sha256HashedData PRESENT + }) PRESENT + }) + }) + }) + }) +}) +``` + + +### EtsiTs103097Data-Encrypted +```asn1 +EtsiTs103097Data-Encrypted {ToBeEncryptedDataContent} ::= EtsiTs103097Data (WITH COMPONENTS {..., + content (WITH COMPONENTS { + encryptedData (WITH COMPONENTS {..., + ciphertext (WITH COMPONENTS {..., + aes128ccm (WITH COMPONENTS {..., + ccmCiphertext (CONSTRAINED BY { ToBeEncryptedDataContent}) + }) + }) + }) + }) +}) +``` + + +### EtsiTs103097Data-SignedAndEncrypted +```asn1 +EtsiTs103097Data-SignedAndEncrypted {ToBesignedAndEncryptedDataContent} ::= EtsiTs103097Data-Encrypted {EtsiTs103097Data-Signed {ToBesignedAndEncryptedDataContent}} +``` + + +### EtsiTs103097Data-Encrypted-Unicast +```asn1 +EtsiTs103097Data-Encrypted-Unicast {ToBeEncryptedDataContent} ::= EtsiTs103097Data-Encrypted { EtsiTs103097Data-Unsecured{ToBeEncryptedDataContent}} (WITH COMPONENTS {..., + content (WITH COMPONENTS { + encryptedData (WITH COMPONENTS {..., + recipients (SIZE(1)) + }) + }) +}) +``` + + +### EtsiTs103097Data-SignedAndEncrypted-Unicast +```asn1 +EtsiTs103097Data-SignedAndEncrypted-Unicast {ToBesignedAndEncryptedDataContent} ::= EtsiTs103097Data-Encrypted {EtsiTs103097Data-Signed {ToBesignedAndEncryptedDataContent}} (WITH COMPONENTS {..., + content (WITH COMPONENTS { + encryptedData (WITH COMPONENTS {..., + recipients (SIZE(1)) + }) + }) +}) +``` + + + diff --git a/docs/EtsiTs103759.html b/docs/EtsiTs103759.html new file mode 100644 index 0000000000000000000000000000000000000000..0251eb0a488f8f90ed602662ffec486fe92ebd7b --- /dev/null +++ b/docs/EtsiTs103759.html @@ -0,0 +1,1005 @@ + + + + + EtsiTs103759 + + +

ASN.1 module EtsiTs103759

+

OID: {itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) general(1) core(1) major-version-1(1) minor-version-1 (1)}

+

Imports:

+ +

Data Elements:

+

EtsiTs103759Data

+

This data type is the general PDU for a misbehaviour report from an + ITS-S to the MA responsible for reports of that type. AID-specific modules + (EtsiTs103759AsrAppAgnostic, EtsiTs103759AsrCam, EtsiTs103759AsrDenm) have + been imported using WITH SUCCESSORS to enable importing one or more of those + modules with minor-version greater than 0 without requiring any change in the + import statements. At least one of these AID-specific modules shall have + minor-version greater than 0.

+

Fields:

+ +
EtsiTs103759Data ::= SEQUENCE {
version Uint8,
generationTime Time64,
observationLocation ThreeDLocation,
report AidSpecificReport
}
+

EtsiTs103759Data-SignedAndEncrypted-Unicast

+

This structure is the SPDU used to send a signed and encrypted + EtsiTs103759Data to the MA. For the signature to be valid the signing + certificate shall conform to the authorization ticket profile given in + clause 7.2.1 of ETSI TS 103 097 v2.1.1, where the appPermissions field in + the authorization ticket allows signing misbehaviour reports. The signed + EtsiTs103759Data shall be encrypted to the MA using the encryptionKey in + the MA's certificate.

+
EtsiTs103759Data-SignedAndEncrypted-Unicast ::=
EtsiTs103097Data-SignedAndEncrypted-Unicast {
EtsiTs103759Data
}
+

AidSpecificReport

+

This data type is the whole report on issues detected for a specific + ITS-AID. This ITS-AID may identify an individual application, or may identify + cross-application or non-application-specific misbehaviour cases.

+

Fields:

+ +
AidSpecificReport ::= SEQUENCE {
aid C-ASR.&aid ({SetAsr}),
content C-ASR.&Content ({SetAsr}{@.aid})
}
+

C-ASR

+

This data type defines the IOC for AidSpecificReport.

+
C-ASR ::= CLASS {
&aid Psid UNIQUE,
&Content
} WITH SYNTAX {&Content IDENTIFIED BY &aid}
+

SetAsr

+

This data type defines the IOS for AidSpecificReport. See the ASN.1 + modules where each set is defined for a description of that set.

+
SetAsr C-ASR ::= {
{AsrAppAgnostic IDENTIFIED BY c-AsrAppAgnostic} |
{AsrCam IDENTIFIED BY c-AsrCam} |
{AsrDenm IDENTIFIED BY c-AsrDenm},
...
}
+
c-AsrAppAgnostic Psid ::= 270549119
+
c-AsrCam Psid ::= 36
+
c-AsrDenm Psid ::= 37
+
} ::= SEQUENCE {
observations SEQUENCE (SIZE(1..MAX)) OF ObservationsByTarget
{{ObservationSet}},
v2xPduEvidence SEQUENCE (SIZE(1..MAX)) OF V2xPduStream,
nonV2xPduEvidence SEQUENCE (SIZE(0..MAX)) OF NonV2xPduEvidenceItem
{{NonV2xPduEvidenceSet}}
}
+

ObservationsByTarget

+

This data type contains all of the observations related to a + particular "target" property, e.g., speed or security.

+

Fields:

+ +
ObservationsByTarget {C-ASR-OBS-BY-TGT: SetAsrObsByTgt} ::= SEQUENCE {
tgtId C-ASR-OBS-BY-TGT.&id ({SetAsrObsByTgt}),
observations SEQUENCE OF C-ASR-OBS-BY-TGT.&Val
({SetAsrObsByTgt}{@.tgtId})
}
+

C-ASR-OBS-BY-TGT

+

This is the Information Object Class used to define observations- + -by-target.

+
C-ASR-OBS-BY-TGT ::= C-2ENT
+

MbSingleObservation

+

This data type contains a single misbehaviour observation.

+

Fields:

+ +
MbSingleObservation {C-ASR-SINGLE-OBS: SetMbSingleObs} ::= SEQUENCE {
obsId C-ASR-SINGLE-OBS.&id ({SetMbSingleObs}),
obs C-ASR-SINGLE-OBS.&Val ({SetMbSingleObs}{@.obsId})
}
+

C-ASR-SINGLE-OBS

+

This is the Information Object Class used to define single + observations.

+
C-ASR-SINGLE-OBS ::= C-2ENT
+

V2xPduStream

+

This data type contains PDU stream from a single sender.

+

Fields:

+ +
V2xPduStream ::= SEQUENCE {
type C-OBS-PDU.&id ({SetObsPdu}),
v2xPdus SEQUENCE (SIZE(1..255)) OF C-OBS-PDU.&Val
({SetObsPdu}{@.type}),
certificate EtsiTs103097Certificate OPTIONAL,
subjectPduIndex Uint8,
...
}
+

C-OBS-PDU

+

This is the Information Object Class used to define different types + of observed PDUs.

+
C-OBS-PDU ::= C-2ENT
+

SetObsPdu

+

This data type contains the IOS for the observed PDU.

+
SetObsPdu C-OBS-PDU ::= {
{ObsPduEtsiGn BY c-ObsPdu-etsiGn} |
{ObsPduIeee1609Dot2Data BY c-ObsPdu-ieee1609Dot2Data} |
{ObsPduWsmp BY c-ObsPdu-wsmp},
...
}
+

IdObsPdu

+

This data type contains the identifier of the type of observed PDU.

+
IdObsPdu ::= Uint8
+
c-ObsPdu-etsiGn IdObsPdu ::= 1
c-ObsPdu-ieee1609Dot2Data IdObsPdu ::= 2
c-ObsPdu-wsmp IdObsPdu ::= 3
+

ObsPduEtsiGn

+

ObsPduEtsiGn contains an ETSI geonetworking PDU, i.e., the first + byte of every PDU in the v2xPdus array is the first byte of the + geonetworking Basic Header.

+
ObsPduEtsiGn ::= Opaque
+

ObsPduIeee1609Dot2Data

+

ObsPduIeee1609Dot2Data contains an Ieee1609Dot2Data, i.e., the first + byte of every PDU in the v2xPdus array is the version byte of the + Ieee1609Dot2Data.

+
ObsPduIeee1609Dot2Data ::= Opaque
+

ObsPduWsmp

+

ObsPduWsmp contains a WAVE Short Messaging Protocol PDU, i.e., the + first byte of every PDU in the v2xPdus array is the first byte of the WSMP + N-Header.

+
ObsPduWsmp ::= Opaque
+

NonV2xPduEvidenceItem

+

This data type contains evidence, which may be referenced by one or + more observations.

+

Fields:

+ +
NonV2xPduEvidenceItem {C-ASR-EV: SetMbEv} ::= SEQUENCE {
id C-ASR-EV.&id ({SetMbEv}),
evidence C-ASR-EV.&Val ({SetMbEv}{@.id})
}
+

C-ASR-EV

+

This is the Information Object Class used to define evidence.

+

@note No instances of this class are defined in this version of this document.

+
C-ASR-EV ::= C-2ENT
+

C-2ENT

+

This structures uses single-byte IDs. If we run out of ID space + in future, the Val type associated with ID 255 can also be structured + hierarchically to extend the space.

+
C-2ENT ::= CLASS {
&id Uint8,
&Val
} WITH SYNTAX {&Val BY &id}
+ diff --git a/docs/EtsiTs103759.md b/docs/EtsiTs103759.md new file mode 100644 index 0000000000000000000000000000000000000000..dc3c791d10166061f688c271dc4ece0527d2bdf2 --- /dev/null +++ b/docs/EtsiTs103759.md @@ -0,0 +1,179 @@ +# ASN.1 module EtsiTs103759 + OID: _{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) general(1) core(1) major-version-1(1) minor-version-2 (2)}_ + +## Imports: + * **[EtsiTs103097Module](EtsiTs103097Module.md)** *{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) secHeaders(103097) core(1) major-version-3(3) minor-version-1(1)} WITH SUCCESSORS*
+ + * **[Ieee1609Dot2BaseTypes](Ieee1609Dot2BaseTypes.md)** *{iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2) minor-version-4(4)} WITH SUCCESSORS*
+ + * **[EtsiTs103759AsrAppAgnostic](EtsiTs103759AsrAppAgnostic.md)** *{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) aid-specific(2) appAgnostic(270549119) major-version-1(1) minor-version-0(0)} WITH SUCCESSORS*
+ + * **[EtsiTs103759AsrCam](EtsiTs103759AsrCam.md)** *{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) aid-specific(2) cam(36) major-version-1(1) minor-version-0(0)} WITH SUCCESSORS*
+ + * **[EtsiTs103759AsrDenm](EtsiTs103759AsrDenm.md)** *{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) aid-specific(2) denm(37) major-version-1(1) minor-version-0(0)} WITH SUCCESSORS*
+ + * **[SaeJ3287AsrBsm](SaeJ3287AsrBsm.md)** *{joint-iso-itu-t (2) country (16) us (840) organization (1) sae (114566) v2x-communications (1) technical-committees (1) v2x-security (4) technical-reports (1) misbehavior-reporting (1) asn1-module (1) aid-specific(2) bsm(32) version-1 (1) version-minor-0 (0)} WITH SUCCESSORS*
+ +## Data Elements: +### EtsiTs103759Data +This data type is the general PDU for a misbehaviour report from an + ITS-S to the MA responsible for reports of that type. AID-specific modules + (EtsiTs103759AsrAppAgnostic, EtsiTs103759AsrCam, EtsiTs103759AsrDenm, + SaeJ3287AsrBsm) have been imported using WITH SUCCESSORS to enable importing + one or more of those modules with minor-version greater than 0 without + requiring any change in the import statements. At least one of these + AID-specific modules shall have minor-version greater than 0. + +Fields: +* version of type [**Uint8**](Ieee1609Dot2BaseTypes.md#Uint8)
+ contains the version number of this PDU definition. For this + version of this data type it shall be equal to 2. + + +* generationTime of type [**Time64**](Ieee1609Dot2BaseTypes.md#Time64)
+ contains information on when this PDU was generated. + + + +* observationLocation of type [**ThreeDLocation**](Ieee1609Dot2BaseTypes.md#ThreeDLocation)
+ is the location at which the last observation of + a V2X PDU was made before the decision was taken to generate a report. + + + +* report of type [**AidSpecificReport**](#AidSpecificReport)
+ contains the AID-specific misbehaviour report. + + + + +```asn1 +EtsiTs103759Data ::= SEQUENCE { + version Uint8, + generationTime Time64, + observationLocation ThreeDLocation, + report AidSpecificReport +} +``` + + +### EtsiTs103759Data-SignedAndEncrypted-Unicast +This structure is the SPDU used to send a signed and encrypted + EtsiTs103759Data to the MA. For the signature to be valid the signing + certificate shall conform to the authorization ticket profile given in + clause 7.2.1 of ETSI TS 103 097 v2.1.1, where the appPermissions field in + the authorization ticket allows signing misbehaviour reports. The signed + EtsiTs103759Data shall be encrypted to the MA using the encryptionKey in + the MA's certificate. +```asn1 +EtsiTs103759Data-SignedAndEncrypted-Unicast ::= + EtsiTs103097Data-SignedAndEncrypted-Unicast { + EtsiTs103759Data +} +``` + +### AidSpecificReport +This data type is the whole report on issues detected for a specific + ITS-AID. This ITS-AID may identify an individual application, or may identify + cross-application or non-application-specific misbehaviour cases. + +Fields: +* aid of type [**C-ASR**](#C-ASR) .&aid ({SetAsr})
+ contains the respective ITS-AID. + + +* content of type [**C-ASR**](#C-ASR) .&Content ({SetAsr}{@.aid})
+ contains the report contents, e.g., AsrCam. This will be a + TemplateAsr instantiated with AID-specific Information Object Sets. + + + + +```asn1 +AidSpecificReport ::= SEQUENCE { + aid C-ASR.&aid ({SetAsr}), + content C-ASR.&Content ({SetAsr}{@.aid}) +} +``` + +### C-ASR +This data type defines the IOC for AidSpecificReport. + +Fields: +* aid of type [**Psid**](Ieee1609Dot2BaseTypes.md#Psid) UNIQUE
+ contains the globally unique reference identifier of an + AID-specific misbehaviour report. + + + contains the open type of the PDU identified by aid. This + will be a TemplateAsr instantiated with AID-specific Information Object + Sets. + + + + +```asn1 +C-ASR ::= CLASS { + &aid Psid UNIQUE, + &Content +} WITH SYNTAX {&Content IDENTIFIED BY &aid} +``` + + +### SetAsr +This data type defines the IOS for AidSpecificReport. See the ASN.1 + modules where each set is defined for a description of that set. +```asn1 +SetAsr C-ASR ::= { + {AsrAppAgnostic IDENTIFIED BY c-AsrAppAgnostic} | + {AsrCam IDENTIFIED BY c-AsrCam} | + {AsrDenm IDENTIFIED BY c-AsrDenm}, + ..., + {AsrBsm IDENTIFIED BY c-AsrBsm} +} +``` + + +>>> +NOTE: This value is used for suspicious observations that are not + or cannot be linked to a specific application. +>>> +```asn1 +c-AsrAppAgnostic Psid ::= 270549119 +``` + +```asn1 +c-AsrCam Psid ::= 36 +``` + +```asn1 +c-AsrDenm Psid ::= 37 +``` + +```asn1 +c-AsrBsm Psid ::= 32 +``` + + + +This data type defines the IOC for AidSpecificReport. + + @param aid: contains the globally unique reference identifier of an + AID-specific misbehaviour report. + + @param Content: contains the open type of the PDU identified by aid. This + will be a TemplateAsr instantiated with AID-specific Information Object + Sets. + This data type defines the IOS for AidSpecificReport. See the ASN.1 + modules where each set is defined for a description of that set. + This data type contains the ITS-AID of the unknown service. + +>>> +NOTE: This value is used for suspicious observations that are not + or cannot be linked to a specific application. + This data type contains the ITS-AID of the CA service. + This data type contains the ITS-AID of the DEN service. + This data type contains the ITS-AID of the BSM. +>>> + + diff --git a/docs/EtsiTs103759AsrAppAgnostic.html b/docs/EtsiTs103759AsrAppAgnostic.html new file mode 100644 index 0000000000000000000000000000000000000000..073abfcd881ca95c8e0a07d977ead2326bfe48a0 --- /dev/null +++ b/docs/EtsiTs103759AsrAppAgnostic.html @@ -0,0 +1,812 @@ + + + + + EtsiTs103759AsrAppAgnostic + + +

ASN.1 module EtsiTs103759AsrAppAgnostic

+

OID: {itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) aid-specific(2) appAgnostic(270549119) major-version-1(1) minor-version-0(0)}

+

Data Elements:

+

AsrAppAgnostic

+

This data type is defined as NULL for this version of the standard.

+
AsrAppAgnostic ::= NULL
+ diff --git a/docs/EtsiTs103759AsrAppAgnostic.md b/docs/EtsiTs103759AsrAppAgnostic.md new file mode 100644 index 0000000000000000000000000000000000000000..6d6e02e5ac0efd54879d584d834b6a1c0ac04f71 --- /dev/null +++ b/docs/EtsiTs103759AsrAppAgnostic.md @@ -0,0 +1,13 @@ +# ASN.1 module EtsiTs103759AsrAppAgnostic + OID: _{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) aid-specific(2) appAgnostic(270549119) major-version-1(1) minor-version-0(0)}_ + +## Data Elements: + +### AsrAppAgnostic +This data type is defined as NULL for this version of the standard. +```asn1 +AsrAppAgnostic ::= NULL +``` + + + diff --git a/docs/EtsiTs103759AsrCam.html b/docs/EtsiTs103759AsrCam.html new file mode 100644 index 0000000000000000000000000000000000000000..6e685af4fb2cf346939cac8477d154bb4a03dccf --- /dev/null +++ b/docs/EtsiTs103759AsrCam.html @@ -0,0 +1,886 @@ + + + + + EtsiTs103759AsrCam + + +

ASN.1 module EtsiTs103759AsrCam

+

OID: {itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) aid-specific(2) cam(36) major-version-1(1) minor-version-1(1)}

+

Imports:

+ +

Data Elements:

+

AsrCam

+

This data type is for reporting CAM issues.

+
AsrCam ::= TemplateAsr {{SetMbObsTgtsCam}, {SetMbEvCam}}
+

IdCamTgt

+
IdCamTgt ::= Uint8
+
c-CamTgt-BeaconCommon IdCamTgt ::= 0
c-CamTgt-StaticCommon IdCamTgt ::= 1
c-CamTgt-SecurityCommon IdCamTgt ::= 2
c-CamTgt-PositionCommon IdCamTgt ::= 3
c-CamTgt-SpeedCommon IdCamTgt ::= 4
c-CamTgt-LongAccCommon IdCamTgt ::= 5
+

SetMbObsTgtsCam

+

This is a complete set of observations for CAM. Application-specific + trigger conditions and other relevant information are specified below.

+ +

SetMbEvCam

+

This data type defines the IOS for CAM Evidence.

+
SetMbEvCam C-ASR-EV ::= {
...
}
+ diff --git a/docs/EtsiTs103759AsrCam.md b/docs/EtsiTs103759AsrCam.md new file mode 100644 index 0000000000000000000000000000000000000000..b5a217178cdbd951afa4c40a4eaf5c4c8c423ccf --- /dev/null +++ b/docs/EtsiTs103759AsrCam.md @@ -0,0 +1,182 @@ +# ASN.1 module EtsiTs103759AsrCam + OID: _{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) aid-specific(2) cam(36) major-version-1(1) minor-version-1(1)}_ + +## Imports: + * **[EtsiTs103759BaseTypes](EtsiTs103759BaseTypes.md)** *{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) general(1) base-types(3) major-version-1(1) minor-version-1 (1)} WITH SUCCESSORS*
+ + * **[EtsiTs103759MbrCommonObservations](EtsiTs103759MbrCommonObservations.md)** *{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) general(1) common-observations(2) major-version-1(1) minor-version-1(1)} WITH SUCCESSORS*
+ + * **[Ieee1609Dot2BaseTypes](Ieee1609Dot2BaseTypes.md)** *{iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2) minor-version-4(4)} WITH SUCCESSORS*
+ +## Data Elements: + +### AsrCam +This data type is for reporting CAM issues. +```asn1 +AsrCam ::= TemplateAsr {{SetMbObsTgtsCam}, {SetMbEvCam}} +``` + + +### IdCamTgt +```asn1 +IdCamTgt ::= Uint8 +``` + +```asn1 +c-CamTgt-BeaconCommon IdCamTgt ::= 0 +c-CamTgt-StaticCommon IdCamTgt ::= 1 +c-CamTgt-SecurityCommon IdCamTgt ::= 2 +c-CamTgt-PositionCommon IdCamTgt ::= 3 +c-CamTgt-SpeedCommon IdCamTgt ::= 4 +c-CamTgt-LongAccCommon IdCamTgt ::= 5 +``` + + +### SetMbObsCamBeacon +```asn1 +SetMbObsCamBeacon C-ASR-SINGLE-OBS ::= { + obs-Beacon-IntervalTooSmall, + ... +} +``` + + +### SetMbObsCamStatic +```asn1 +SetMbObsCamStatic C-ASR-SINGLE-OBS ::= { + obs-Static-Change, + ... +} +``` + + +### SetMbObsCamSecurity +```asn1 +SetMbObsCamSecurity C-ASR-SINGLE-OBS ::= { + obs-Security-MessageIdIncWithHeaderInfo | + obs-Security-HeaderIncWithSecurityProfile | + obs-Security-HeaderPsidIncWithCertificate | + obs-Security-MessageIncWithSsp | + obs-Security-HeaderTimeOutsideCertificateValidity | + obs-Security-MessageLocationOutsideCertificateValidity | + obs-Security-HeaderLocationOutsideCertificateValidity, + ... +} +``` + + +### SetMbObsCamPosition +```asn1 +SetMbObsCamPosition C-ASR-SINGLE-OBS ::= { + obs-Position-ChangeTooLarge, + ... +} +``` + + +### SetMbObsCamSpeed +```asn1 +SetMbObsCamSpeed C-ASR-SINGLE-OBS ::= { + obs-Speed-ValueTooLarge-VehicleType | + obs-Speed-ValueTooLarge-DriveDirectionReverse | + obs-Speed-ChangeTooLarge, + ... +} +``` + + +### SetMbObsCamLongAcc +```asn1 +SetMbObsCamLongAcc C-ASR-SINGLE-OBS ::= { + obs-LongAcc-ValueTooLarge, + ... +} +``` + + +### SetMbObsTgtsCam +This is a complete set of observations for CAM. Application-specific + trigger conditions and other relevant information are specified below. +- `Security-HeaderIncWithSecurityProfile`: The security headerInfo is + inconsistent with the security profile specified in ETSI TS 103 097 V2.1.1 + (2021-10), e.g., generationTime is absent in the security headerInfo but + is required to be present in the security profile. + + - `Security-HeaderPsidIncWithCertificate`: The psid in the security + headerInfo is not contained in the appPermissions of the certificate, e.g., + psid in the security headerInfo is equal to 36, but the appPermissions in the + certificate does not include the value 36. + + - `Security-MessageIncWithSsp`: The message payload is inconsistent + with the SSP in the certificate, as specified in TS 103 900 v2.0.0,e.g., + publicTransportContainer is present in the specialVehicleContainer but the + relevant SSP in the certificate does not permit publicTransportContainer. + + - `Security-HeaderTimeOutsideCertificateValidity`: The generationTime + in the security headerInfo is outside the validityPeriod in the certificate. + + - `Security-MessageLocationOutsideCertificateValidity`: The + referencePosition in the message is outside the region in the certificate. + + - `Security-HeaderLocationOutsideCertificateValidity`: The + generationLocation in the security headerInfo is outside the region in the + certificate. + + + + - `passengerCar(5)`: The speedValue is greater than 14,000. (Currently, the + fastest car in the world has a top speed that is less than 500 km/h, i.e., + 13,889 cm/s.) + + - `motorcycle(4), bus(6), lightTruck(7), heavyTruck(8), trailer(9)`: The + speedValue is greater than 8,500. (Currently, the top speed on most popular + cars is less than 300 km/h, i.e., 8,333 cm/s.) + + - `unknown(0), pedestrian(1), cyclist(2), moped(3), specialVehicles(10), + tram(11)` : The speedValue is greater than 3,000. (Currently, non-highway + speed limits are usually well below 100 km/h, i.e., 2,778 cm/s.) + + - `roadSideUnit(15)`: The speedValue is greater than 0. (Road side units + shouldn't be transmitting while being transported.) + + - `Speed-ValueTooLarge-DriveDirectionReverse`: The driveDirection is + backward (1) and the speedValue is greater than 3,000. (Usually, backward + drives are far less than 50m long, and with maximum possible acceleration of + 9 m/s^2 (see trigger conditions for LongAcc-ValueTooLarge), max attainable + speed is sqrt(2*9*50) m/s, i.e., 3,000 cm/s.) + + - `Speed-ChangeTooLarge`: The acceleration calculated from the change + in speedValue of two consecutive CAMs meets the trigger conditions of + LongAcc-ValueTooLarge. +```asn1 +SetMbObsTgtsCam C-ASR-OBS-BY-TGT ::= { + {MbSingleObservation{{SetMbObsCamBeacon}} BY + c-CamTgt-BeaconCommon} | + {MbSingleObservation{{SetMbObsCamStatic}} BY + c-CamTgt-StaticCommon} | + {MbSingleObservation{{SetMbObsCamSecurity}} BY + c-CamTgt-SecurityCommon} | + {MbSingleObservation{{SetMbObsCamPosition}} BY + c-CamTgt-PositionCommon} | + {MbSingleObservation{{SetMbObsCamSpeed}} BY + c-CamTgt-SpeedCommon} | + {MbSingleObservation{{SetMbObsCamLongAcc}} BY + c-CamTgt-LongAccCommon}, + ... +} +``` + + +### SetMbEvCam +This data type defines the IOS for CAM Evidence. +```asn1 +SetMbEvCam C-ASR-EV ::= { + ... +} +``` + + + +This data type defines the IOS for CAM Evidence. + + diff --git a/docs/EtsiTs103759AsrDenm.html b/docs/EtsiTs103759AsrDenm.html new file mode 100644 index 0000000000000000000000000000000000000000..150338817540d6b95bec562a9544eb1743bed4ca --- /dev/null +++ b/docs/EtsiTs103759AsrDenm.html @@ -0,0 +1,812 @@ + + + + + EtsiTs103759AsrDenm + + +

ASN.1 module EtsiTs103759AsrDenm

+

OID: {itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) aid-specific(2) denm(37) major-version-1(1) minor-version-0(0)}

+

Data Elements:

+

AsrDenm

+

This data type is defined as NULL for version 0 of this file.

+
AsrDenm ::= NULL
+ diff --git a/docs/EtsiTs103759AsrDenm.md b/docs/EtsiTs103759AsrDenm.md new file mode 100644 index 0000000000000000000000000000000000000000..0e37b5a4889ec740f8bb3a61719347649fba3721 --- /dev/null +++ b/docs/EtsiTs103759AsrDenm.md @@ -0,0 +1,13 @@ +# ASN.1 module EtsiTs103759AsrDenm + OID: _{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) aid-specific(2) denm(37) major-version-1(1) minor-version-0(0)}_ + +## Data Elements: + +### AsrDenm +This data type is defined as NULL for version 0 of this file. +```asn1 +AsrDenm ::= NULL +``` + + + diff --git a/docs/EtsiTs103759BaseTypes.md b/docs/EtsiTs103759BaseTypes.md new file mode 100644 index 0000000000000000000000000000000000000000..eecb9162f5eaafb811f7ec18988c7c3aa6ac624e --- /dev/null +++ b/docs/EtsiTs103759BaseTypes.md @@ -0,0 +1,259 @@ +# ASN.1 module EtsiTs103759BaseTypes + OID: _{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) general(1) base-types(3) major-version-1(1) minor-version-1 (1)}_ + +## Imports: + * **[Ieee1609Dot2BaseTypes](Ieee1609Dot2BaseTypes.md)** *{iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2) minor-version-4(4)} WITH SUCCESSORS*
+ + * **[Ieee1609Dot2](Ieee1609Dot2.md)** *{iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) schema(1) major-version-2(2) minor-version-6(6)} WITH SUCCESSORS*
+ +## Data Elements: +* `observations` identifies which detectors were triggered and why. It + can include cross-references to the PDUs and evidence fields. The + observations are drawn from a supplied application-specific observation + Information Object Set. + +* `v2xPduEvidence` contains PDUs that triggered the detectors reported in + the observations field, plus other PDUs sent for the same application (AID) + by the same sender). + +* `nonV2xPduEvidence` is any information that was used by the + detectors other than the V2X PDUs. If the report does not contain any + observations that use other evidence (for example, if the report is simply + that a speed value is implausibly high for any land vehicle, or that two + V2X PDUs appear to show two different senders in the same physical + space) then this field can be length 0. The evidence is drawn from a + supplied application-specific evidence Information Object Set. + + +```asn1 +} ::= SEQUENCE { + observations ObservationsByTargetSequence {{ObservationSet}}, + v2xPduEvidence SEQUENCE (SIZE(1..MAX)) OF V2xPduStream, + nonV2xPduEvidence NonV2xPduEvidenceItemSequence {{NonV2xPduEvidenceSet}} +} +``` + +### ObservationsByTarget +This data type contains all of the observations related to a + particular "target" property, e.g., speed or security. + +Fields: +* tgtId of type [**C-ASR-OBS-BY-TGT**](EtsiTs103759BaseTypes.md#C-ASR-OBS-BY-TGT) .&id ({SetAsrObsByTgt})
+ identifies the "target" of the observation, e.g., speed. This + identifier is drawn from an application-specific Information Object Set of + observations by target. + + +* observations of type **SEQUENCE** OF C-ASR-OBS-BY-TGT.&Val ({SetAsrObsByTgt}{@.tgtId})
+ contains all the observations related to that target. + The observations are drawn from the provided Information Object Set. + + + + +```asn1 +ObservationsByTarget {C-ASR-OBS-BY-TGT: SetAsrObsByTgt} ::= SEQUENCE { + tgtId C-ASR-OBS-BY-TGT.&id ({SetAsrObsByTgt}), + observations SEQUENCE OF C-ASR-OBS-BY-TGT.&Val ({SetAsrObsByTgt}{@.tgtId}) +} +``` + + +### ObservationsByTargetSequence +```asn1 +ObservationsByTargetSequence { C-ASR-OBS-BY-TGT: SetAsrObsByTgt } ::= + SEQUENCE (SIZE(1..MAX)) OF ObservationsByTarget {{ SetAsrObsByTgt }} +``` + + +### C-ASR-OBS-BY-TGT +This is the Information Object Class used to define observations- + -by-target. +```asn1 +C-ASR-OBS-BY-TGT ::= C-2ENT +``` + +### MbSingleObservation +This data type contains a single misbehaviour observation. + +Fields: +* obsId of type [**C-ASR-SINGLE-OBS**](EtsiTs103759BaseTypes.md#C-ASR-SINGLE-OBS) .&id ({SetMbSingleObs})
+ identifies the observation within the set of observations + for that target, e.g., target = speed, observation = "speed higher than + plausible given the physical map". This identifier is drawn from an + application-and-target-specific Information Object Set of single + observations. + + +* obs of type [**C-ASR-SINGLE-OBS**](EtsiTs103759BaseTypes.md#C-ASR-SINGLE-OBS) .&Val ({SetMbSingleObs}{@.obsId})
+ contains any parameters relevant to the observation. The + observations are drawn from the provided Information Object Set. + + + + +```asn1 +MbSingleObservation {C-ASR-SINGLE-OBS: SetMbSingleObs} ::= SEQUENCE { + obsId C-ASR-SINGLE-OBS.&id ({SetMbSingleObs}), + obs C-ASR-SINGLE-OBS.&Val ({SetMbSingleObs}{@.obsId}) +} +``` + + +### C-ASR-SINGLE-OBS +This is the Information Object Class used to define single + observations. +```asn1 +C-ASR-SINGLE-OBS ::= C-2ENT +``` + +### V2xPduStream +This data type contains PDU stream from a single sender. + +Fields: +* type of type [**C-OBS-PDU**](#C-OBS-PDU) .&id ({SetObsPdu})
+* v2xPdus of type **SEQUENCE** (SIZE(1..255)) OF C-OBS-PDU.&Val ({SetObsPdu}{@.type})
+ is the PDU stream, i.e., a series of PDUs for the same AID + sent by the same sender (where "sent by the same sender" means "signed by + the same certificate"). The PDUs are ordered in chronological order of + reception by the reporter. All PDUs in this field are of the same type, + i.e., correspond to the same IdObsPdu. This field will always contain a + "subject PDU", i.e., a PDU that is the subject of the observations. + Additional PDUs may be included depending on which observations appear in + the observations field. A specification of an observation is expected to + include a specification of which PDUs are to be included in this field. + + + +* certificate of type [**Certificate**](Ieee1609Dot2.md#Certificate) OPTIONAL
+ contains the certificate that signed the PDUs if it is + not explicitly included in one of the PDUs. (There is no need to include + the entire certificate chain from the ITS station up to the Root CA, just + the ITS station certificate is enough, as the MA is expected to have the + rest of the certificates in the chain.) Note that if the sender certificate + changes, PDUs signed by the new certificate and included in this report + will be in a separate V2xPduStream instance within the v2xPduEvidence + field of the TemplateAsr. + + + +* subjectPduIndex of type [**Uint8**](Ieee1609Dot2BaseTypes.md#Uint8)
+ identifies which PDU within the v2xPdus sequence + is the "subject PDU", i.e., the PDU associated with the observations. + + + + +```asn1 +V2xPduStream ::= SEQUENCE { + type C-OBS-PDU.&id ({SetObsPdu}), + v2xPdus SEQUENCE (SIZE(1..255)) OF C-OBS-PDU.&Val ({SetObsPdu}{@.type}), + certificate Certificate OPTIONAL, + subjectPduIndex Uint8, + ... +} +``` + + +### C-OBS-PDU +This is the Information Object Class used to define different types + of observed PDUs. +```asn1 +C-OBS-PDU ::= C-2ENT +``` + + +### SetObsPdu +This data type contains the IOS for the observed PDU. +```asn1 +SetObsPdu C-OBS-PDU ::= { + {ObsPduEtsiGn BY c-ObsPdu-etsiGn} | + {Ieee1609Dot2Data BY c-ObsPdu-ieee1609Dot2Data}, + ... +} +``` + + +### IdObsPdu +This data type contains the identifier of the type of observed PDU. +```asn1 +IdObsPdu ::= Uint8 +c-ObsPdu-etsiGn IdObsPdu ::= 1 +c-ObsPdu-ieee1609Dot2Data IdObsPdu ::= 2 +``` + + +### ObsPduEtsiGn +ObsPduEtsiGn shall contain an encoded ETSI geonetworking PDU + according to ETSI TS 103 836-4-1, at GeoNetworking level, i.e. without + Access Layer header. +```asn1 +ObsPduEtsiGn ::= Opaque +``` + +### NonV2xPduEvidenceItem +This data type contains evidence, which may be referenced by one or + more observations. + +Fields: +* id of type [**C-ASR-EV**](EtsiTs103759BaseTypes.md#C-ASR-EV) .&id ({SetMbEv})
+ identifies the evidence type. + + +* evidence of type [**C-ASR-EV**](EtsiTs103759BaseTypes.md#C-ASR-EV) .&Val ({SetMbEv}{@.id})
+ contains the evidence. + + + + +```asn1 +NonV2xPduEvidenceItem {C-ASR-EV: SetMbEv} ::= SEQUENCE { + id C-ASR-EV.&id ({SetMbEv}), + evidence C-ASR-EV.&Val ({SetMbEv}{@.id}) +} +``` + + +### NonV2xPduEvidenceItemSequence +```asn1 +NonV2xPduEvidenceItemSequence {C-ASR-EV: NonV2xPduEvidenceSet} ::= + SEQUENCE (SIZE(0..MAX)) OF NonV2xPduEvidenceItem {{ NonV2xPduEvidenceSet }} +``` + + +### C-ASR-EV +This is the Information Object Class used to define evidence. + +>>> +NOTE: No instances of this class are defined in this version of this document. +>>> +```asn1 +C-ASR-EV ::= C-2ENT +``` + +### C-2ENT +This structures uses single-byte IDs. If we run out of ID space + in future, the Val type associated with ID 255 can also be structured + hierarchically to extend the space. + +Fields: +* id of type [**Uint8**](Ieee1609Dot2BaseTypes.md#Uint8)
+```asn1 +C-2ENT ::= CLASS { + &id Uint8, + &Val +} WITH SYNTAX {&Val BY &id} +``` + + + +This is the Information Object Class used to define evidence. + +>>> +NOTE: No instances of this class are defined in this version of this document. + This structures uses single-byte IDs. If we run out of ID space + in future, the Val type associated with ID 255 can also be structured + hierarchically to extend the space. +>>> + + diff --git a/docs/EtsiTs103759MbrCommonObservations.html b/docs/EtsiTs103759MbrCommonObservations.html new file mode 100644 index 0000000000000000000000000000000000000000..4fb9d757c64d6e4698624ea086b053d5ab583e4b --- /dev/null +++ b/docs/EtsiTs103759MbrCommonObservations.html @@ -0,0 +1,1141 @@ + + + + + EtsiTs103759MbrCommonObservations + + +

ASN.1 module EtsiTs103759MbrCommonObservations

+

OID: {itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) general(1) common-observations(2) major-version-1(1) minor-version-1(1)}

+

Imports:

+ +

Data Elements:

+

IdMbObs

+

Identifier type for observations: synonym for Uint8

+
IdMbObs ::= Uint8
+

Beacon-IntervalTooSmall

+

This data type is provided for an observation of beacon interval + that is too small. This doesn’t apply to repeated PDUs, but only to two + distinct PDUs. The trigger conditions are provided in the + application-specific files.

+ +
Beacon-IntervalTooSmall ::= NULL
+
c-ObsBeacon-IntervalTooSmall IdMbObs::= 1
+
obs-Beacon-IntervalTooSmall C-ASR-SINGLE-OBS ::=
{Beacon-IntervalTooSmall BY c-ObsBeacon-IntervalTooSmall}
+

SetMbObsCamBeacon

+
SetMbObsCamBeacon C-ASR-SINGLE-OBS ::= {
obs-Beacon-IntervalTooSmall,
...
}
+

Static-Change

+

This data type is provided for an observation of change in static + fields. The semantics of the BIT STRING and trigger conditions are provided + in the application-specific files.

+ +
Static-Change ::= BIT STRING
+
c-ObsStatic-Change IdMbObs::= 1
+
obs-Static-Change C-ASR-SINGLE-OBS ::=
{Static-Change BY c-ObsStatic-Change}
+

SetMbObsCamStatic

+
SetMbObsCamStatic C-ASR-SINGLE-OBS ::= {
obs-Static-Change,
...
}
+

Security-MessageIdIncWithHeaderInfo

+

This data type is provided for an observation, where the messageID + is inconsistent with the psid in the security headerInfo. The trigger + conditions are provided in the application-specific files.

+ +
Security-MessageIdIncWithHeaderInfo ::= NULL
+

Security-HeaderIncWithSecurityProfile

+

This data type is provided for an observation, where the security + headerInfo is inconsistent with the security profile for that psid. The + trigger conditions are provided in the application-specific files.

+ +
Security-HeaderIncWithSecurityProfile ::= NULL
+

Security-HeaderPsidIncWithCertificate

+

This data type is provided for an observation, where the psid in the + security headerInfo is inconsistent with the psid in the certificate. The + trigger conditions are provided in the application-specific files.

+ +
Security-HeaderPsidIncWithCertificate ::= NULL
+

Security-MessageIncWithSsp

+

This data type is provided for an observation, where the message is + is inconsistent with the SSP in the certificate. The trigger conditions are + provided in the application-specific files.

+ +
Security-MessageIncWithSsp ::= NULL
+

Security-HeaderTimeOutsideCertificateValidity

+

This data type is provided for an observation, where the + generationTime in the security headerInfo is outside the validity period of + the certificate. The trigger conditions are provided in the + application-specific files.

+ +
Security-HeaderTimeOutsideCertificateValidity ::= NULL
+

Security-MessageLocationOutsideCertificateValidity

+

This data type is provided for an observation, where the location + in the message is outside the validity region in the certificate. The + trigger conditions are provided in the application-specific files.

+ +
Security-MessageLocationOutsideCertificateValidity ::= NULL
+

Security-HeaderLocationOutsideCertificateValidity

+

This data type is provided for an observation, where the + generationLocation in the security headerInfo is outside the validity region + in the certificate. The trigger conditions are provided in the + application-specific files.

+ +
Security-HeaderLocationOutsideCertificateValidity ::= NULL
+
c-ObsSecurity-MessageIdIncWithHeaderInfo IdMbObs ::= 1
c-ObsSecurity-HeaderIncWithSecurityProfile IdMbObs ::= 2
c-ObsSecurity-HeaderPsidIncWithCertificate IdMbObs ::= 3
c-ObsSecurity-MessageIncWithSsp IdMbObs ::= 4
c-ObsSecurity-HeaderTimeOutsideCertificateValidity IdMbObs ::= 5
c-ObsSecurity-MessageLocationOutsideCertificateValidity IdMbObs ::= 6
c-ObsSecurity-HeaderLocationOutsideCertificateValidity IdMbObs ::= 7
+
obs-Security-MessageIdIncWithHeaderInfo C-ASR-SINGLE-OBS ::= {
Security-MessageIdIncWithHeaderInfo BY
c-ObsSecurity-MessageIdIncWithHeaderInfo
}
+
obs-Security-HeaderIncWithSecurityProfile C-ASR-SINGLE-OBS ::= {
Security-HeaderIncWithSecurityProfile BY
c-ObsSecurity-HeaderIncWithSecurityProfile
}
+
obs-Security-HeaderPsidIncWithCertificate C-ASR-SINGLE-OBS ::= {
Security-HeaderPsidIncWithCertificate BY
c-ObsSecurity-HeaderPsidIncWithCertificate
}
+
obs-Security-MessageIncWithSsp C-ASR-SINGLE-OBS ::= {
Security-MessageIncWithSsp BY c-ObsSecurity-MessageIncWithSsp
}
+
obs-Security-HeaderTimeOutsideCertificateValidity C-ASR-SINGLE-OBS ::= {
Security-HeaderTimeOutsideCertificateValidity BY
c-ObsSecurity-HeaderTimeOutsideCertificateValidity
}
+

C-ASR-SINGLE-OBS

+

Fields:

+ +

C-ASR-SINGLE-OBS

+

Fields:

+ +

SetMbObsCamSecurity

+

Values:

+ +

Position-ChangeTooLarge

+

This data type is provided for an observation of change in position + that is too large. The trigger conditions are provided in the + application-specific files.

+ +
Position-ChangeTooLarge ::= NULL
+
c-ObsPosition-ChangeTooLarge IdMbObs ::= 4
+
obs-Position-ChangeTooLarge C-ASR-SINGLE-OBS ::= {
Position-ChangeTooLarge BY c-ObsPosition-ChangeTooLarge
}
+

SetMbObsCamPosition

+
SetMbObsCamPosition C-ASR-SINGLE-OBS ::= {
obs-Position-ChangeTooLarge,
...
}
+

Speed-ValueTooLarge-VehicleType

+

This data type is provided for an observation of speed too large + for a given vehicle type. The trigger conditions are provided in the + application-specific files.

+ +
Speed-ValueTooLarge-VehicleType ::= NULL
+

Speed-ValueTooLarge-DriveDirectionReverse

+

This data type is provided for an observation of speed too large + for the reverse drive direction. The trigger conditions are provided in + the application-specific files.

+ +
Speed-ValueTooLarge-DriveDirectionReverse ::= NULL
+

Speed-ChangeTooLarge

+

This data type is provided for an observation of change in speed + that is too large. The trigger conditions are provided in the + application-specific files.

+ +
Speed-ChangeTooLarge ::= NULL
+
c-ObsSpeed-ValueTooLarge-VehicleType IdMbObs::= 3
c-ObsSpeed-ValueTooLarge-DriveDirectionReverse IdMbObs::= 4
c-ObsSpeed-ChangeTooLarge IdMbObs::= 5
+
obs-Speed-ValueTooLarge-VehicleType C-ASR-SINGLE-OBS ::= {
Speed-ValueTooLarge-VehicleType BY c-ObsSpeed-ValueTooLarge-VehicleType
}
+
obs-Speed-ValueTooLarge-DriveDirectionReverse C-ASR-SINGLE-OBS ::= {
Speed-ValueTooLarge-DriveDirectionReverse BY
c-ObsSpeed-ValueTooLarge-DriveDirectionReverse
}
+
obs-Speed-ChangeTooLarge C-ASR-SINGLE-OBS ::= {
Speed-ChangeTooLarge BY c-ObsSpeed-ChangeTooLarge
}
+

SetMbObsCamSpeed

+

Values:

+ +

LongAcc-ValueTooLarge

+

This data type is provided for an observation of longitudinal + acceleration that is too large. The trigger conditions are provided in the + application-specific files.

+ +
LongAcc-ValueTooLarge ::= NULL
+
c-ObsLongAcc-ValueTooLarge IdMbObs::= 4
+
obs-LongAcc-ValueTooLarge C-ASR-SINGLE-OBS ::= {
LongAcc-ValueTooLarge BY c-ObsLongAcc-ValueTooLarge
}
+

SetMbObsCamLongAcc

+
SetMbObsCamLongAcc C-ASR-SINGLE-OBS ::= {
obs-LongAcc-ValueTooLarge,
...
}
+ diff --git a/docs/EtsiTs103759MbrCommonObservations.md b/docs/EtsiTs103759MbrCommonObservations.md new file mode 100644 index 0000000000000000000000000000000000000000..9707681f2401b28ba9c32fdeed878f4ca1b8943a --- /dev/null +++ b/docs/EtsiTs103759MbrCommonObservations.md @@ -0,0 +1,441 @@ +# ASN.1 module EtsiTs103759MbrCommonObservations + OID: _{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) general(1) common-observations(2) major-version-1(1) minor-version-1(1)}_ + +## Imports: + * **[EtsiTs103759BaseTypes](EtsiTs103759BaseTypes.md)** *{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) general(1) base-types(3) major-version-1(1) minor-version-1 (1)} WITH SUCCESSORS*
+ + * **[Ieee1609Dot2BaseTypes](Ieee1609Dot2BaseTypes.md)** *{iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2) minor-version-4(4)} WITH SUCCESSORS*
+ +## Data Elements: + +### IdMbObs +Identifier type for observations: synonym for Uint8 +```asn1 +IdMbObs ::= Uint8 +``` + + +### Beacon-IntervalTooSmall +This data type is provided for an observation of beacon interval + that is too small. This doesn't apply to repeated PDUs, but only to two + distinct PDUs. The trigger conditions are provided in the + application-specific files. + - `v2xPduEvidence`: The v2xPduEvidence field must contain at least + one entry. The observation applies to the first entry. The subjectPduIndex + in that V2xPduStream points to the PDU whose interval since the previous + PDU is being flagged as too small. The v2xPdus field in that entry must + contain at least the subject PDU and the PDU that immediately preceded it. + The PDUs may be of any supported type and shall be of type + c-MbObsMsg-ieee1609Dot2Data unless another observation included in the same + report requires a different PDU type. + + + - `nonV2xPduEvidence`: No other evidence is required to be included + to support this observation. +```asn1 +Beacon-IntervalTooSmall ::= NULL +``` + +```asn1 +c-ObsBeacon-IntervalTooSmall IdMbObs::= 1 +``` + +```asn1 +obs-Beacon-IntervalTooSmall C-ASR-SINGLE-OBS ::= + {Beacon-IntervalTooSmall BY c-ObsBeacon-IntervalTooSmall} +``` + + +### Static-Change +This data type is provided for an observation of change in static + fields. The semantics of the BIT STRING and trigger conditions are provided + in the application-specific files. + - `v2xPduEvidence`: The v2xPduEvidence field must contain at least + one entry. The observation applies to the first entry. The subjectPduIndex + in that V2xPduStream points to the PDU whose one or more static fields + since the previous PDU is being flagged as changed. The v2xPdus field in + that entry must contain at least the subject PDU and the PDU that + immediately preceded it. The PDUs may be of any supported type and shall be + of type c-MbObsMsg-ieee1609Dot2Data unless another observation included in + the same report requires a different PDU type. + + + - `nonV2xPduEvidence`: No other evidence is required to be included + to support this observation. +```asn1 +Static-Change ::= BIT STRING +``` + +```asn1 +c-ObsStatic-Change IdMbObs::= 1 +``` + +```asn1 +obs-Static-Change C-ASR-SINGLE-OBS ::= + {Static-Change BY c-ObsStatic-Change} +``` + + +### Security-MessageIdIncWithHeaderInfo +This data type is provided for an observation, where the messageID + is inconsistent with the psid in the security headerInfo. The trigger + conditions are provided in the application-specific files. + - `v2xPduEvidence`: The v2xPduEvidence field must contain at least + one entry. The observation applies to the first entry. The subjectPduIndex + in that V2xPduStream points to the PDU for which the messageID is being + flagged as inconsistent with the psid in the security headerInfo. The + v2xPdus field in that entry must contain at least the subject PDU. The + PDU may be of any supported type and shall be of type + c-MbObsMsg-ieee1609Dot2Data unless another observation included in the + same report requires a different PDU type. + + + - `nonV2xPduEvidence`: No other evidence is required to be included + to support this observation. +```asn1 +Security-MessageIdIncWithHeaderInfo ::= NULL +``` + + +### Security-HeaderIncWithSecurityProfile +This data type is provided for an observation, where the security + headerInfo is inconsistent with the security profile for that psid. The + trigger conditions are provided in the application-specific files. + - `v2xPduEvidence`: The v2xPduEvidence field must contain at least + one entry. The observation applies to the first entry. The subjectPduIndex + in that V2xPduStream points to the PDU for which the security headerInfo + is being flagged as inconsistent with the security profile for that psid. + The v2xPdus field in that entry must contain at least the subject PDU. The + PDU may be of any supported type and shall be of type + c-MbObsMsg-ieee1609Dot2Data unless another observation included in the same + report requires a different PDU type. + + + - `nonV2xPduEvidence`: No other evidence is required to be included + to support this observation. +```asn1 +Security-HeaderIncWithSecurityProfile ::= NULL +``` + + +### Security-HeaderPsidIncWithCertificate +This data type is provided for an observation, where the psid in the + security headerInfo is inconsistent with the psid in the certificate. The + trigger conditions are provided in the application-specific files. + - `v2xPduEvidence`: The v2xPduEvidence field must contain at least + one entry. The observation applies to the first entry. The subjectPduIndex + in that V2xPduStream points to the PDU for which the psid in the security + headerInfo is being flagged as inconsistent with the psid in the + certificate. The v2xPdus field in that entry must contain at least the + subject PDU. The PDU may be of any supported type and shall be of type + c-MbObsMsg-ieee1609Dot2Data unless another observation included in the + same report requires a different PDU type. + + + - `nonV2xPduEvidence`: No other evidence is required to be included + to support this observation. +```asn1 +Security-HeaderPsidIncWithCertificate ::= NULL +``` + + +### Security-MessageIncWithSsp +This data type is provided for an observation, where the message is + is inconsistent with the SSP in the certificate. The trigger conditions are + provided in the application-specific files. + - `v2xPduEvidence`: The v2xPduEvidence field must contain at least + one entry. The observation applies to the first entry. The subjectPduIndex + in that V2xPduStream points to the PDU whose content is being flagged as + inconsisent with the SSP in the certificate. The v2xPdus field in that + entry must contain at least the subject PDU. The PDU may be of any + supported type and shall be of type c-MbObsMsg-ieee1609Dot2Data unless + another observation included in the same report requires a different PDU + type. + + + - `nonV2xPduEvidence`: No other evidence is required to be included + to support this observation. +```asn1 +Security-MessageIncWithSsp ::= NULL +``` + + +### Security-HeaderTimeOutsideCertificateValidity +This data type is provided for an observation, where the + generationTime in the security headerInfo is outside the validity period of + the certificate. The trigger conditions are provided in the + application-specific files. + - `v2xPduEvidence`: The v2xPduEvidence field must contain at least + one entry. The observation applies to the first entry. The subjectPduIndex + in that V2xPduStream points to the PDU for which the generationTime in the + security headerInfo is being flagged as outside the validity period in the + certificate. The v2xPdus field in that entry must contain at least the + subject PDU. The PDU may be of any supported type and shall be of type + c-MbObsMsg-ieee1609Dot2Data unless another observation included in the + same report requires a different PDU type. + + + - `nonV2xPduEvidence`: No other evidence is required to be included + to support this observation. +```asn1 +Security-HeaderTimeOutsideCertificateValidity ::= NULL +``` + + +### Security-MessageLocationOutsideCertificateValidity +This data type is provided for an observation, where the location + in the message is outside the validity region in the certificate. The + trigger conditions are provided in the application-specific files. + - `v2xPduEvidence`: The v2xPduEvidence field must contain at least + one entry. The observation applies to the first entry. The subjectPduIndex + in that V2xPduStream points to the PDU for which the location in the PDU is + being flagged as outside the validity region in the certificate. The + v2xPdus field in that entry must contain at least the subject PDU. The PDU + may be of any supported type and shall be of type + c-MbObsMsg-ieee1609Dot2Data unless another observation included in the same + report requires a different PDU type. + + + - `nonV2xPduEvidence`: No other evidence is required to be included + to support this observation. +```asn1 +Security-MessageLocationOutsideCertificateValidity ::= NULL +``` + + +### Security-HeaderLocationOutsideCertificateValidity +This data type is provided for an observation, where the + generationLocation in the security headerInfo is outside the validity region + in the certificate. The trigger conditions are provided in the + application-specific files. + - `v2xPduEvidence`: The v2xPduEvidence field must contain at least + one entry. The observation applies to the first entry. The subjectPduIndex + in that V2xPduStream points to the PDU for which the generationLocation in + the security headerInfo is being flagged as outside the validity region in + the certificate. The v2xPdus field in that entry must contain at least the + subject PDU. The PDU may be of any supported type and shall be of type + c-MbObsMsg-ieee1609Dot2Data unless another observation included in the same + report requires a different PDU type. + + + - `nonV2xPduEvidence`: No other evidence is required to be included + to support this observation. +```asn1 +Security-HeaderLocationOutsideCertificateValidity ::= NULL +``` + +```asn1 +c-ObsSecurity-MessageIdIncWithHeaderInfo IdMbObs ::= 1 +c-ObsSecurity-HeaderIncWithSecurityProfile IdMbObs ::= 2 +c-ObsSecurity-HeaderPsidIncWithCertificate IdMbObs ::= 3 +c-ObsSecurity-MessageIncWithSsp IdMbObs ::= 4 +c-ObsSecurity-HeaderTimeOutsideCertificateValidity IdMbObs ::= 5 +c-ObsSecurity-MessageLocationOutsideCertificateValidity IdMbObs ::= 6 +c-ObsSecurity-HeaderLocationOutsideCertificateValidity IdMbObs ::= 7 +``` + +```asn1 +obs-Security-MessageIdIncWithHeaderInfo C-ASR-SINGLE-OBS ::= { + Security-MessageIdIncWithHeaderInfo BY + c-ObsSecurity-MessageIdIncWithHeaderInfo +} +``` + +```asn1 +obs-Security-HeaderIncWithSecurityProfile C-ASR-SINGLE-OBS ::= { + Security-HeaderIncWithSecurityProfile BY + c-ObsSecurity-HeaderIncWithSecurityProfile +} +``` + +```asn1 +obs-Security-HeaderPsidIncWithCertificate C-ASR-SINGLE-OBS ::= { + Security-HeaderPsidIncWithCertificate BY + c-ObsSecurity-HeaderPsidIncWithCertificate +} +``` + +```asn1 +obs-Security-MessageIncWithSsp C-ASR-SINGLE-OBS ::= { + Security-MessageIncWithSsp BY c-ObsSecurity-MessageIncWithSsp +} +``` + +```asn1 +obs-Security-HeaderTimeOutsideCertificateValidity C-ASR-SINGLE-OBS ::= { + Security-HeaderTimeOutsideCertificateValidity BY + c-ObsSecurity-HeaderTimeOutsideCertificateValidity +} +``` + +### C-ASR-SINGLE-OBS + +Fields: +* Security-MessageLocationOutsideCertificateValidity of type [**BY**](#BY)
+```asn1 +C-ASR-SINGLE-OBS ::= { + Security-MessageLocationOutsideCertificateValidity BY + c-ObsSecurity-MessageLocationOutsideCertificateValidity +} +``` + +### C-ASR-SINGLE-OBS + +Fields: +* Security-HeaderLocationOutsideCertificateValidity of type [**BY**](#BY)
+```asn1 +C-ASR-SINGLE-OBS ::= { + Security-HeaderLocationOutsideCertificateValidity BY + c-ObsSecurity-HeaderLocationOutsideCertificateValidity +} +``` + + +### Position-ChangeTooLarge +This data type is provided for an observation of change in position + that is too large. The trigger conditions are provided in the + application-specific files. + - `v2xPduEvidence`: The v2xPduEvidence field must contain at least + one entry. The observation applies to the first entry. The subjectPduIndex + in that V2xPduStream points to the PDU whose position is being flagged as + inconsistent with the previous PDU. The v2xPdus field in that entry must + contain at least the subject PDU and the PDU that immediately preceded it. + The PDU may be of any supported type and shall be of type + c-MbObsMsg-ieee1609Dot2Data unless another observation included in the same + report requires a different PDU type. + + + - `nonV2xPduEvidence`: No other evidence is required to be included + to support this observation. +```asn1 +Position-ChangeTooLarge ::= NULL +``` + +```asn1 +c-ObsPosition-ChangeTooLarge IdMbObs ::= 4 +``` + +```asn1 +obs-Position-ChangeTooLarge C-ASR-SINGLE-OBS ::= { + Position-ChangeTooLarge BY c-ObsPosition-ChangeTooLarge +} +``` + + +### Speed-ValueTooLarge-VehicleType +This data type is provided for an observation of speed too large + for a given vehicle type. The trigger conditions are provided in the + application-specific files. + - `v2xPduEvidence`: The v2xPduEvidence field must contain at least + one entry. The observation applies to the first entry. The subjectPduIndex + in that V2xPduStream points to the PDU whose speed is being flagged as too + large for the vehicle type. The v2xPdus field in that entry must contain at + least the subject PDU. The PDU may be of any supported type and shall be of + type c-MbObsMsg-ieee1609Dot2Data unless another observation included in the + same report requires a different PDU type. + + + - `nonV2xPduEvidence`: No other evidence is required to be included + to support this observation. +```asn1 +Speed-ValueTooLarge-VehicleType ::= NULL +``` + + +### Speed-ValueTooLarge-DriveDirectionReverse +This data type is provided for an observation of speed too large + for the reverse drive direction. The trigger conditions are provided in + the application-specific files. + - `v2xPduEvidence`: The v2xPduEvidence field must contain at least + one entry. The observation applies to the first entry. The subjectPduIndex + in that V2xPduStream points to the PDU whose speed is being flagged as too + large for the reverse drive direction. The v2xPdus field in that entry must + contain at least the subject PDU. The PDU may be of any supported type and + shall be of type c-MbObsMsg-ieee1609Dot2Data unless another observation + included in the same report requires a different PDU type. + + + - `nonV2xPduEvidence`: No other evidence is required to be included + to support this observation. +```asn1 +Speed-ValueTooLarge-DriveDirectionReverse ::= NULL +``` + + +### Speed-ChangeTooLarge +This data type is provided for an observation of change in speed + that is too large. The trigger conditions are provided in the + application-specific files. + - `v2xPduEvidence`: The v2xPduEvidence field must contain at least + one entry. The observation applies to the first entry. The subjectPduIndex + in that V2xPduStream points to the PDU whose speed is being flagged as + inconsistent with the speed in the previous PDU. The v2xPdus field in that + entry must contain at least the subject PDU and the PDU that immediately + preceded it. The PDU may be of any supported type and shall be of type + c-MbObsMsg-ieee1609Dot2Data unless another observation included in the + same report requires a different PDU type. + + + - `nonV2xPduEvidence`: No other evidence is required to be included + to support this observation. +```asn1 +Speed-ChangeTooLarge ::= NULL +``` + +```asn1 +c-ObsSpeed-ValueTooLarge-VehicleType IdMbObs::= 3 +c-ObsSpeed-ValueTooLarge-DriveDirectionReverse IdMbObs::= 4 +c-ObsSpeed-ChangeTooLarge IdMbObs::= 5 +``` + +```asn1 +obs-Speed-ValueTooLarge-VehicleType C-ASR-SINGLE-OBS ::= { + Speed-ValueTooLarge-VehicleType BY c-ObsSpeed-ValueTooLarge-VehicleType +} +``` + +```asn1 +obs-Speed-ValueTooLarge-DriveDirectionReverse C-ASR-SINGLE-OBS ::= { + Speed-ValueTooLarge-DriveDirectionReverse BY + c-ObsSpeed-ValueTooLarge-DriveDirectionReverse +} +``` + +```asn1 +obs-Speed-ChangeTooLarge C-ASR-SINGLE-OBS ::= { + Speed-ChangeTooLarge BY c-ObsSpeed-ChangeTooLarge +} +``` + + +### LongAcc-ValueTooLarge +This data type is provided for an observation of longitudinal + acceleration that is too large. The trigger conditions are provided in the + application-specific files. + - `v2xPduEvidence`: The v2xPduEvidence field must contain at least + one entry. The observation applies to the first entry. The subjectPduIndex + in that V2xPduStream points to the PDU whose longitudinal acceleration is + being flagged as too large. The v2xPdus field in that entry must contain at + least the subject PDU. The PDU may be of any supported type and shall be of + type c-MbObsMsg-ieee1609Dot2Data unless another observation included in the + same report requires a different PDU type. + + + - `nonV2xPduEvidence`: No other evidence is required to be included + to support this observation. +```asn1 +LongAcc-ValueTooLarge ::= NULL +``` + +```asn1 +c-ObsLongAcc-ValueTooLarge IdMbObs::= 4 +``` + +```asn1 +obs-LongAcc-ValueTooLarge C-ASR-SINGLE-OBS ::= { + LongAcc-ValueTooLarge BY c-ObsLongAcc-ValueTooLarge +} +``` + + + diff --git a/docs/Ieee1609Dot2.md b/docs/Ieee1609Dot2.md new file mode 100644 index 0000000000000000000000000000000000000000..9f4a789b811dac3c30401312c96c8b2431db271f --- /dev/null +++ b/docs/Ieee1609Dot2.md @@ -0,0 +1,1787 @@ +# ASN.1 module Ieee1609Dot2 + OID: _{iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) schema(1) major-version-2(2) minor-version-6(6)}_ + @note Section references in this file are to clauses in IEEE Std + 1609.2 unless indicated otherwise. Full forms of acronyms and + abbreviations used in this file are specified in 3.2. + + +## Imports: + * **[Ieee1609Dot2BaseTypes](Ieee1609Dot2BaseTypes.md)** *{iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2) minor-version-4(4)} WITH SUCCESSORS*
+ + * **[EtsiTs103097ExtensionModule](EtsiTs103097ExtensionModule.md)** *{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) secHeaders(103097) extension(2) major-version-1(1) minor-version-0(0)} WITH SUCCESSORS*
+ +## Data Elements: +### Ieee1609Dot2Data +This data type is used to contain the other data types in this + clause. The fields in the Ieee1609Dot2Data have the following meanings: + +Fields: +* protocolVersion of type [**Uint8**](Ieee1609Dot2BaseTypes.md#Uint8) (3)
+ contains the current version of the protocol. The + version specified in this standard is version 3, represented by the + integer 3. There are no major or minor version numbers. + + +* content of type [**Ieee1609Dot2Content**](#Ieee1609Dot2Content)
+ contains the content in the form of an Ieee1609Dot2Content. + + + + +>>> +NOTE: Canonicalization: This data structure is subject to canonicalization + for the relevant operations specified in 6.1.2. The canonicalization + applies to the Ieee1609Dot2Content. +>>> +```asn1 +Ieee1609Dot2Data ::= SEQUENCE { + protocolVersion Uint8(3), + content Ieee1609Dot2Content +} +``` + +### Ieee1609Dot2Content +In this structure: + +Fields: +* unsecuredData of type [**Opaque**](Ieee1609Dot2BaseTypes.md#Opaque)
+ indicates that the content is an OCTET STRING to be + consumed outside the SDS. + + +* signedData of type [**SignedData**](#SignedData)
+ indicates that the content has been signed according to + this standard. + + + +* encryptedData of type [**EncryptedData**](#EncryptedData)
+ indicates that the content has been encrypted + according to this standard. + + + +* signedCertificateRequest of type [**Opaque**](Ieee1609Dot2BaseTypes.md#Opaque)
+ indicates that the content is a + certificate request signed by an IEEE 1609.2 certificate or self-signed. + + + +* signedX509CertificateRequest of type [**Opaque**](Ieee1609Dot2BaseTypes.md#Opaque)
+ indicates that the content is a + certificate request signed by an ITU-T X.509 certificate. + + + + ..., + +>>> +NOTE: Canonicalization: This data structure is subject to canonicalization + for the relevant operations specified in 6.1.2 if it is of type signedData. + The canonicalization applies to the SignedData. +>>> +```asn1 +Ieee1609Dot2Content ::= CHOICE { + unsecuredData Opaque, + signedData SignedData, + encryptedData EncryptedData, + signedCertificateRequest Opaque, + ..., + signedX509CertificateRequest Opaque +} +``` + +### SignedData +In this structure: + +Fields: +* hashId of type [**HashAlgorithm**](Ieee1609Dot2BaseTypes.md#HashAlgorithm)
+ indicates the hash algorithm to be used to generate the hash + of the message for signing and verification. + + +* tbsData of type [**ToBeSignedData**](#ToBeSignedData)
+ contains the data that is hashed as input to the signature. + + + +* signer of type [**SignerIdentifier**](#SignerIdentifier)
+ determines the keying material and hash algorithm used to + sign the data. + + + +* signature of type [**Signature**](Ieee1609Dot2BaseTypes.md#Signature)
+ contains the digital signature itself, calculated as + specified in 5.3.1. + - If signer indicates the choice self, then the signature calculation + is parameterized as follows: + - Data input is equal to the COER encoding of the tbsData field + canonicalized according to the encoding considerations given in 6.3.6. + - Verification type is equal to self. + - Signer identifier input is equal to the empty string. + - If signer indicates certificate or digest, then the signature + calculation is parameterized as follows: + - Data input is equal to the COER encoding of the tbsData field + canonicalized according to the encoding considerations given in 6.3.6. + - Verification type is equal to certificate. + - Signer identifier input equal to the COER-encoding of the + Certificate that is to be used to verify the SPDU, canonicalized according + to the encoding considerations given in 6.4.3. + + + + +>>> +NOTE: Canonicalization: This data structure is subject to canonicalization + for the relevant operations specified in 6.1.2. The canonicalization + applies to the ToBeSignedData and the Signature. +>>> +```asn1 +SignedData ::= SEQUENCE { + hashId HashAlgorithm, + tbsData ToBeSignedData, + signer SignerIdentifier, + signature Signature +} +``` + +### ToBeSignedData +This structure contains the data to be hashed when generating or + verifying a signature. See 6.3.4 for the specification of the input to the + hash. + +Fields: +* payload of type [**SignedDataPayload**](#SignedDataPayload)
+ contains data that is provided by the entity that invokes + the SDS. + + +* headerInfo of type [**HeaderInfo**](#HeaderInfo)
+ contains additional data that is inserted by the SDS. + This structure is used as follows to determine the "data input" to the + hash operation for signing or verification as specified in 5.3.1.2.2 or + 5.3.1.3. + - If payload does not contain the field omitted, the data input to the + hash operation is the COER encoding of the ToBeSignedData. + - If payload field in this ToBeSignedData instance contains the field + omitted, the data input to the hash operation is the COER encoding of the + ToBeSignedData, concatenated with the hash of the omitted payload. The hash + of the omitted payload is calculated with the same hash algorithm that is + used to calculate the hash of the data input for signing or verification. + The data input to the hash operation is simply the COER enocding of the + ToBeSignedData, concatenated with the hash of the omitted payload: there is + no additional wrapping or length indication. As noted in 5.2.4.3.4, the + means by which the signer and verifier establish the contents of the + omitted payload are out of scope for this standard. + + + + +>>> +NOTE: Canonicalization: This data structure is subject to canonicalization + for the relevant operations specified in 6.1.2. The canonicalization + applies to the SignedDataPayload if it is of type data, and to the + HeaderInfo. +>>> +```asn1 +ToBeSignedData ::= SEQUENCE { + payload SignedDataPayload, + headerInfo HeaderInfo +} +``` + +### SignedDataPayload +This structure contains the data payload of a ToBeSignedData. This + structure contains at least one of the optional elements, and may contain + more than one. See 5.2.4.3.4 for more details. + The security profile in Annex C allows an implementation of this standard + to state which forms of Signed¬Data¬Payload are supported by that + implementation, and also how the signer and verifier are intended to obtain + the external data for hashing. The specification of an SDEE that uses + external data is expected to be explicit and unambiguous about how this + data is obtained and how it is formatted prior to processing by the hash + function. + +Fields: +* data of type [**Ieee1609Dot2Data**](Ieee1609Dot2.md#Ieee1609Dot2Data) OPTIONAL
+ contains data that is explicitly transported within the + structure. + + +* extDataHash of type [**HashedData**](#HashedData) OPTIONAL
+ contains the hash of data that is not explicitly + transported within the structure, and which the creator of the structure + wishes to cryptographically bind to the signature. + + + +* omitted of type **NULL** OPTIONAL
+ indicates that there is external data to be included in the + hash calculation for the signature.The mechanism for including the external + data in the hash calculation is specified in 6.3.6. + + + + ..., + +>>> +NOTE: Canonicalization: This data structure is subject to canonicalization + for the relevant operations specified in 6.1.2. The canonicalization + applies to the Ieee1609Dot2Data. +>>> +```asn1 +SignedDataPayload ::= SEQUENCE { + data Ieee1609Dot2Data OPTIONAL, + extDataHash HashedData OPTIONAL, + ..., + omitted NULL OPTIONAL +} (WITH COMPONENTS {..., data PRESENT} | + WITH COMPONENTS {..., extDataHash PRESENT} | + WITH COMPONENTS {..., omitted PRESENT}) +``` + +### HashedData +This structure contains the hash of some data with a specified hash + algorithm. See 5.3.3 for specification of the permitted hash algorithms. + +Fields: +* sha256HashedData of type [**HashedId32**](Ieee1609Dot2BaseTypes.md#HashedId32)
+ indicates data hashed with SHA-256. + + +* sha384HashedData of type [**HashedId48**](Ieee1609Dot2BaseTypes.md#HashedId48)
+ indicates data hashed with SHA-384. + + + + ..., +* sm3HashedData of type [**HashedId32**](Ieee1609Dot2BaseTypes.md#HashedId32)
+ indicates data hashed with SM3. + + + + +>>> +NOTE: Critical information fields: If present, this is a critical + information field as defined in 5.2.6. An implementation that does not + recognize the indicated CHOICE for this type when verifying a signed SPDU + shall indicate that the signed SPDU is invalid in the sense of 4.2.2.3.2, + that is, it is invalid in the sense that its validity cannot be established. +>>> +```asn1 +HashedData::= CHOICE { + sha256HashedData HashedId32, + ..., + sha384HashedData HashedId48, + sm3HashedData HashedId32 +} +``` + +### HeaderInfo +This structure contains information that is used to establish + validity by the criteria of 5.2. + +Fields: +* psid of type [**Psid**](Ieee1609Dot2BaseTypes.md#Psid)
+ indicates the application area with which the sender is + claiming the payload is to be associated. + + +* generationTime of type [**Time64**](Ieee1609Dot2BaseTypes.md#Time64) OPTIONAL
+ indicates the time at which the structure was + generated. See 5.2.5.2.2 and 5.2.5.2.3 for discussion of the use of this + field. + + + +* expiryTime of type [**Time64**](Ieee1609Dot2BaseTypes.md#Time64) OPTIONAL
+ if present, contains the time after which the data + is no longer considered relevant. If both generationTime and + expiryTime are present, the signed SPDU is invalid if generationTime is + not strictly earlier than expiryTime. + + + +* generationLocation of type [**ThreeDLocation**](Ieee1609Dot2BaseTypes.md#ThreeDLocation) OPTIONAL
+ if present, contains the location at which the + signature was generated. + + + +* p2pcdLearningRequest of type [**HashedId3**](Ieee1609Dot2BaseTypes.md#HashedId3) OPTIONAL
+ if present, is used by the SDS to request + certificates for which it has seen identifiers and does not know the + entire certificate. A specification of this peer-to-peer certificate + distribution (P2PCD) mechanism is given in Clause 8. This field is used + for the separate-certificate-pdu flavor of P2PCD and shall only be present + if inlineP2pcdRequest is not present. The HashedId3 is calculated with the + whole-certificate hash algorithm, determined as described in 6.4.3, + applied to the COER-encoded certificate, canonicalized as defined in the + definition of Certificate. + + + +* missingCrlIdentifier of type [**MissingCrlIdentifier**](#MissingCrlIdentifier) OPTIONAL
+ if present, is used by the SDS to request + CRLs which it knows to have been issued and have not received. This is + provided for future use and the associated mechanism is not defined in + this version of this standard. + + + +* encryptionKey of type [**EncryptionKey**](Ieee1609Dot2BaseTypes.md#EncryptionKey) OPTIONAL
+ if present, is used to provide a key that is to + be used to encrypt at least one response to this SPDU. The SDEE + specification is expected to specify which response SPDUs are to be + encrypted with this key. One possible use of this key to encrypt a + response is specified in 6.3.35, 6.3.37, and 6.3.34. An encryptionKey + field of type symmetric should only be used if the SignedData containing + this field is securely encrypted by some means. + + + +* inlineP2pcdRequest of type [**SequenceOfHashedId3**](Ieee1609Dot2BaseTypes.md#SequenceOfHashedId3) OPTIONAL
+ if present, is used by the SDS to request + unknown certificates per the inline peer-to-peer certificate distribution + mechanism is given in Clause 8. This field shall only be present if + p2pcdLearningRequest is not present. The HashedId3 is calculated with the + whole-certificate hash algorithm, determined as described in 6.4.3, applied + to the COER-encoded certificate, canonicalized as defined in the definition + of Certificate. + + + + ..., +* requestedCertificate of type [**Certificate**](Ieee1609Dot2.md#Certificate) OPTIONAL
+ if present, is used by the SDS to provide + certificates per the "inline" version of the peer-to-peer certificate + distribution mechanism given in Clause 8. + + + +* pduFunctionalType of type [**PduFunctionalType**](#PduFunctionalType) OPTIONAL
+ if present, is used to indicate that the SPDU is + to be consumed by a process other than an application process as defined + in ISO 21177 [B14a]. See 6.3.23b for more details. + + + +* contributedExtensions of type [**ContributedExtensionBlocks**](#ContributedExtensionBlocks) OPTIONAL
+ if present, is used to contain additional + extensions defined using the ContributedExtensionBlocks structure. + + + + +>>> +NOTE: Canonicalization: This data structure is subject to canonicalization + for the relevant operations specified in 6.1.2. The canonicalization + applies to the EncryptionKey. If encryptionKey is present, and indicates + the choice public, and contains a BasePublicEncryptionKey that is an + elliptic curve point (i.e., of type EccP256CurvePoint or + EccP384CurvePoint), then the elliptic curve point is encoded in compressed + form, i.e., such that the choice indicated within the Ecc*CurvePoint is + compressed-y-0 or compressed-y-1. + The canonicalization does not apply to any fields after the extension + marker, including any fields in contributedExtensions. +>>> +```asn1 +HeaderInfo ::= SEQUENCE { + psid Psid, + generationTime Time64 OPTIONAL, + expiryTime Time64 OPTIONAL, + generationLocation ThreeDLocation OPTIONAL, + p2pcdLearningRequest HashedId3 OPTIONAL, + missingCrlIdentifier MissingCrlIdentifier OPTIONAL, + encryptionKey EncryptionKey OPTIONAL, + ..., + inlineP2pcdRequest SequenceOfHashedId3 OPTIONAL, + requestedCertificate Certificate OPTIONAL, + pduFunctionalType PduFunctionalType OPTIONAL, + contributedExtensions ContributedExtensionBlocks OPTIONAL +} +``` + +### MissingCrlIdentifier +This structure may be used to request a CRL that the SSME knows to + have been issued and has not yet received. It is provided for future use + and its use is not defined in this version of this standard. + +Fields: +* cracaId of type [**HashedId3**](Ieee1609Dot2BaseTypes.md#HashedId3)
+ is the HashedId3 of the CRACA, as defined in 5.1.3. The + HashedId3 is calculated with the whole-certificate hash algorithm, + determined as described in 6.4.3, applied to the COER-encoded certificate, + canonicalized as defined in the definition of Certificate. + + +* crlSeries of type [**CrlSeries**](Ieee1609Dot2BaseTypes.md#CrlSeries)
+ is the requested CRL Series value. See 5.1.3 for more + information. + + + + +```asn1 +MissingCrlIdentifier ::= SEQUENCE { + cracaId HashedId3, + crlSeries CrlSeries, + ... +} +``` + + +### PduFunctionalType +This data structure identifies the functional entity that is + intended to consume an SPDU, for the case where that functional entity is + not an application process, and are instead security support services for an + application process. Further details and the intended use of this field are + defined in ISO 21177 [B20]. +```asn1 +PduFunctionalType ::= INTEGER (0..255) +``` + +```asn1 +tlsHandshake PduFunctionalType ::= 1 +iso21177ExtendedAuth PduFunctionalType ::= 2 +iso21177SessionExtension PduFunctionalType ::= 3 +``` + + +### ContributedExtensionBlocks +This type is used for clarity of definitions. +```asn1 +ContributedExtensionBlocks ::= SEQUENCE (SIZE(1..MAX)) OF + ContributedExtensionBlock +``` + +### ContributedExtensionBlock +This data structure defines the format of an extension block + provided by an identified contributor by using the temnplate provided + in the class IEEE1609DOT2-HEADERINFO-CONTRIBUTED-EXTENSION constraint + to the objects in the set Ieee1609Dot2HeaderInfoContributedExtensions. + +Fields: +* contributorId of type [**IEEE1609DOT2-HEADERINFO-CONTRIBUTED-EXTENSION**](#IEEE1609DOT2-HEADERINFO-CONTRIBUTED-EXTENSION) .&id({ + Ieee1609Dot2HeaderInfoContributedExtensions + })
+ uniquely identifies the contributor. + + +* extns of type **SEQUENCE** (SIZE(1..MAX)) OF
+ contains a list of extensions from that contributor. + Extensions are expected and not required to follow the format specified + in 6.5. + + + + +```asn1 +ContributedExtensionBlock ::= SEQUENCE { + contributorId IEEE1609DOT2-HEADERINFO-CONTRIBUTED-EXTENSION.&id({ + Ieee1609Dot2HeaderInfoContributedExtensions + }), + extns SEQUENCE (SIZE(1..MAX)) OF + IEEE1609DOT2-HEADERINFO-CONTRIBUTED-EXTENSION.&Extn({ + Ieee1609Dot2HeaderInfoContributedExtensions + }{@.contributorId}) +} +``` + +### IEEE1609DOT2-HEADERINFO-CONTRIBUTED-EXTENSION +This Information Object Class defines the class that provides a + template for defining extension blocks. + +Fields: +* id of type [**HeaderInfoContributorId**](#HeaderInfoContributorId) UNIQUE
+```asn1 +IEEE1609DOT2-HEADERINFO-CONTRIBUTED-EXTENSION ::= CLASS { + &id HeaderInfoContributorId UNIQUE, + &Extn +} WITH SYNTAX {&Extn IDENTIFIED BY &id} +``` + + +### Ieee1609Dot2HeaderInfoContributedExtensions +This structure is an ASN.1 Information Object Set listing the + defined contributed extension types and the associated + HeaderInfoContributorId values. In this version of this standard two + extension types are defined: Ieee1609ContributedHeaderInfoExtension and + EtsiOriginatingHeaderInfoExtension. +```asn1 +Ieee1609Dot2HeaderInfoContributedExtensions + IEEE1609DOT2-HEADERINFO-CONTRIBUTED-EXTENSION ::= { + {Ieee1609ContributedHeaderInfoExtension IDENTIFIED BY + ieee1609HeaderInfoContributorId} | + {EtsiOriginatingHeaderInfoExtension IDENTIFIED BY + etsiHeaderInfoContributorId}, + ... +} +``` + + +### HeaderInfoContributorId +This is an integer used to identify a HeaderInfo extension + contributing organization. In this version of this standard two values are + defined: + - ieee1609OriginatingExtensionId indicating extensions originating with + IEEE 1609. + - etsiOriginatingExtensionId indicating extensions originating with + ETSI TC ITS. +```asn1 +HeaderInfoContributorId ::= INTEGER (0..255) +``` + +```asn1 +ieee1609HeaderInfoContributorId HeaderInfoContributorId ::= 1 +etsiHeaderInfoContributorId HeaderInfoContributorId ::= 2 +``` + +### SignerIdentifier +This structure allows the recipient of data to determine which + keying material to use to authenticate the data. It also indicates the + verification type to be used to generate the hash for verification, as + specified in 5.3.1. + +Fields: +* digest of type [**HashedId8**](Ieee1609Dot2BaseTypes.md#HashedId8)
+ If the choice indicated is digest: + - The structure contains the HashedId8 of the relevant certificate. The + HashedId8 is calculated with the whole-certificate hash algorithm, + determined as described in 6.4.3. + - The verification type is certificate and the certificate data + passed to the hash function as specified in 5.3.1 is the authorization + certificate. + + +* certificate of type [**SequenceOfCertificate**](#SequenceOfCertificate)
+ If the choice indicated is certificate: + - The structure contains one or more Certificate structures, in order + such that the first certificate is the authorization certificate and each + subsequent certificate is the issuer of the one before it. + - The verification type is certificate and the certificate data + passed to the hash function as specified in 5.3.1 is the authorization + certificate. + + + +* self of type **NULL**
+ If the choice indicated is self: + - The structure does not contain any data beyond the indication that + the choice value is self. + - The verification type is self-signed. + + + + +>>> +NOTE: Canonicalization: This data structure is subject to canonicalization + for the relevant operations specified in 6.1.2. The canonicalization + applies to every Certificate in the certificate field. +>>> +```asn1 +SignerIdentifier ::= CHOICE { + digest HashedId8, + certificate SequenceOfCertificate, + self NULL, + ... +} +``` + + +### Countersignature +This data structure is used to perform a countersignature over an + already-signed SPDU. This is the profile of an Ieee1609Dot2Data containing + a signedData. The tbsData within content is composed of a payload + containing the hash (extDataHash) of the externally generated, pre-signed + SPDU over which the countersignature is performed. +```asn1 +Countersignature ::= Ieee1609Dot2Data (WITH COMPONENTS {..., + content (WITH COMPONENTS {..., + signedData (WITH COMPONENTS {..., + tbsData (WITH COMPONENTS {..., + payload (WITH COMPONENTS {..., + data ABSENT, + extDataHash PRESENT + }), + headerInfo(WITH COMPONENTS {..., + generationTime PRESENT, + expiryTime ABSENT, + generationLocation ABSENT, + p2pcdLearningRequest ABSENT, + missingCrlIdentifier ABSENT, + encryptionKey ABSENT + }) + }) + }) + }) +}) +``` + +### EncryptedData +This data structure encodes data that has been encrypted to one or + more recipients using the recipients’ public or symmetric keys as + specified in 5.3.4. + +Fields: +* recipients of type [**SequenceOfRecipientInfo**](#SequenceOfRecipientInfo)
+ contains one or more RecipientInfos. These entries may + be more than one RecipientInfo, and more than one type of RecipientInfo, + as long as all entries are indicating or containing the same data encryption + key. + + +* ciphertext of type [**SymmetricCiphertext**](#SymmetricCiphertext)
+ contains the encrypted data. This is the encryption of + an encoded Ieee1609Dot2Data structure as specified in 5.3.4.2. + + + + +>>> +NOTE: If the plaintext is raw data, i.e., it has not been output from a + previous operation of the SDS, then it is trivial to encapsulate it in an + Ieee1609Dot2Data of type unsecuredData as noted in 4.2.2.2.2. For example, + '03 80 08 01 23 45 67 89 AB CD EF' is the C-OER encoding of '01 23 45 67 + 89 AB CD EF' encapsulated in an Ieee1609Dot2Data of type unsecuredData. + The first byte of the encoding 03 is the protocolVersion, the second byte + 80 indicates the choice unsecuredData, and the third byte 08 is the length + of the raw data '01 23 45 67 89 AB CD EF'. +>>> +```asn1 +EncryptedData ::= SEQUENCE { + recipients SequenceOfRecipientInfo, + ciphertext SymmetricCiphertext +} +``` + +### RecipientInfo +This data structure is used to transfer the data encryption key to + an individual recipient of an EncryptedData. The option pskRecipInfo is + selected if the EncryptedData was encrypted using the static encryption + key approach specified in 5.3.4. The other options are selected if the + EncryptedData was encrypted using the ephemeral encryption key approach + specified in 5.3.4. The meanings of the choices are: + + + See Annex C.7 for guidance on when it may be appropriate to use + each of these approaches. + +Fields: +* pskRecipInfo of type [**PreSharedKeyRecipientInfo**](#PreSharedKeyRecipientInfo)
+ The data was encrypted directly using a pre-shared + symmetric key. + + +* symmRecipInfo of type [**SymmRecipientInfo**](#SymmRecipientInfo)
+ The data was encrypted with a data encryption key, + and the data encryption key was encrypted using a symmetric key. + + + +* certRecipInfo of type [**PKRecipientInfo**](#PKRecipientInfo)
+ The data was encrypted with a data encryption key, + the data encryption key was encrypted using a public key encryption scheme, + where the public encryption key was obtained from a certificate. In this + case, the parameter P1 to ECIES as defined in 5.3.5 is the hash of the + certificate, calculated with the whole-certificate hash algorithm, + determined as described in 6.4.3, applied to the COER-encoded certificate, + canonicalized as defined in the definition of Certificate. + + + +* signedDataRecipInfo of type [**PKRecipientInfo**](#PKRecipientInfo)
+ The data was encrypted with a data encryption + key, the data encryption key was encrypted using a public key encryption + scheme, where the public encryption key was obtained as the public response + encryption key from a SignedData. In this case, if ECIES is the encryption + algorithm, then the parameter P1 to ECIES as defined in 5.3.5 is the + SHA-256 hash of the Ieee1609Dot2Data of type signedData containing the + response encryption key, canonicalized as defined in the definition of + Ieee1609Dot2Data. + + + +* rekRecipInfo of type [**PKRecipientInfo**](#PKRecipientInfo)
+ The data was encrypted with a data encryption key, + the data encryption key was encrypted using a public key encryption scheme, + where the public encryption key was not obtained from a Signed-Data or a + certificate. In this case, the SDEE specification is expected to specify + how the public key is obtained, and if ECIES is the encryption algorithm, + then the parameter P1 to ECIES as defined in 5.3.5 is the hash of the + empty string. + + + + +>>> +NOTE: The material input to encryption is the bytes of the encryption key + with no headers, encapsulation, or length indication. Contrast this to + encryption of data, where the data is encapsulated in an Ieee1609Dot2Data. +>>> +```asn1 +RecipientInfo ::= CHOICE { + pskRecipInfo PreSharedKeyRecipientInfo, + symmRecipInfo SymmRecipientInfo, + certRecipInfo PKRecipientInfo, + signedDataRecipInfo PKRecipientInfo, + rekRecipInfo PKRecipientInfo +} +``` + + +### SequenceOfRecipientInfo +This type is used for clarity of definitions. +```asn1 +SequenceOfRecipientInfo ::= SEQUENCE OF RecipientInfo +``` + + +### PreSharedKeyRecipientInfo +This data structure is used to indicate a symmetric key that may + be used directly to decrypt a SymmetricCiphertext. It consists of the + low-order 8 bytes of the hash of the COER encoding of a + SymmetricEncryptionKey structure containing the symmetric key in question. + The HashedId8 is calculated with the hash algorithm determined as + specified in 5.3.9.3. The symmetric key may be established by any + appropriate means agreed by the two parties to the exchange. +```asn1 +PreSharedKeyRecipientInfo ::= HashedId8 +``` + +### SymmRecipientInfo +This data structure contains the following fields: + +Fields: +* recipientId of type [**HashedId8**](Ieee1609Dot2BaseTypes.md#HashedId8)
+ contains the hash of the symmetric key encryption key + that may be used to decrypt the data encryption key. It consists of the + low-order 8 bytes of the hash of the COER encoding of a + SymmetricEncryptionKey structure containing the symmetric key in question. + The HashedId8 is calculated with the hash algorithm determined as + specified in 5.3.9.4. The symmetric key may be established by any + appropriate means agreed by the two parties to the exchange. + + +* encKey of type [**SymmetricCiphertext**](#SymmetricCiphertext)
+ contains the encrypted data encryption key within a + SymmetricCiphertext, where the data encryption key is input to the data + encryption key encryption process with no headers, encapsulation, or + length indication. + + + + +```asn1 +SymmRecipientInfo ::= SEQUENCE { + recipientId HashedId8, + encKey SymmetricCiphertext +} +``` + +### PKRecipientInfo +This data structure contains the following fields: + +Fields: +* recipientId of type [**HashedId8**](Ieee1609Dot2BaseTypes.md#HashedId8)
+ contains the hash of the container for the encryption + public key as specified in the definition of RecipientInfo. Specifically, + depending on the choice indicated by the containing RecipientInfo structure: + - If the containing RecipientInfo structure indicates certRecipInfo, + this field contains the HashedId8 of the certificate. The HashedId8 is + calculated with the whole-certificate hash algorithm, determined as + described in 6.4.3, applied to the COER-encoded certificate, canonicalized + as defined in the definition of Certificate. + - If the containing RecipientInfo structure indicates + signedDataRecipInfo, this field contains the HashedId8 of the + Ieee1609Dot2Data of type signedData that contained the encryption key, + with that Ieee¬¬1609¬Dot2¬¬Data canonicalized per 6.3.4. The HashedId8 is + calculated with the hash algorithm determined as specified in 5.3.9.5. + - If the containing RecipientInfo structure indicates rekRecipInfo, this + field contains the HashedId8 of the COER encoding of a PublicEncryptionKey + structure containing the response encryption key. The HashedId8 is + calculated with the hash algorithm determined as specified in 5.3.9.5. + + +* encKey of type [**EncryptedDataEncryptionKey**](#EncryptedDataEncryptionKey)
+ contains the encrypted data encryption key, where the data + encryption key is input to the data encryption key encryption process with + no headers, encapsulation, or length indication. + + + + +```asn1 +PKRecipientInfo ::= SEQUENCE { + recipientId HashedId8, + encKey EncryptedDataEncryptionKey +} +``` + +### EncryptedDataEncryptionKey +This data structure contains an encrypted data encryption key, + where the data encryption key is input to the data encryption key + encryption process with no headers, encapsulation, or length indication. + + + Critical information fields: If present and applicable to + the receiving SDEE, this is a critical information field as defined in + 5.2.6. If an implementation receives an encrypted SPDU and determines that + one or more RecipientInfo fields are relevant to it, and if all of those + RecipientInfos contain an EncryptedDataEncryptionKey such that the + implementation does not recognize the indicated CHOICE, the implementation + shall indicate that the encrypted SPDU is not decryptable. + +Fields: +* eciesNistP256 of type [**EciesP256EncryptedKey**](Ieee1609Dot2BaseTypes.md#EciesP256EncryptedKey)
+* eciesBrainpoolP256r1 of type [**EciesP256EncryptedKey**](Ieee1609Dot2BaseTypes.md#EciesP256EncryptedKey)
+ +* ecencSm2256 of type [**EcencP256EncryptedKey**](Ieee1609Dot2BaseTypes.md#EcencP256EncryptedKey)
+ + ..., +```asn1 +EncryptedDataEncryptionKey ::= CHOICE { + eciesNistP256 EciesP256EncryptedKey, + eciesBrainpoolP256r1 EciesP256EncryptedKey, + ..., + ecencSm2256 EcencP256EncryptedKey +} +``` + +### SymmetricCiphertext +This data structure encapsulates a ciphertext generated with an + approved symmetric algorithm. + +Fields: +* aes128ccm of type [**One28BitCcmCiphertext**](#One28BitCcmCiphertext)
+* sm4Ccm of type [**One28BitCcmCiphertext**](#One28BitCcmCiphertext)
+ + ..., + +>>> +NOTE: Critical information fields: If present, this is a critical + information field as defined in 5.2.6. An implementation that does not + recognize the indicated CHOICE value for this type in an encrypted SPDU + shall indicate that the signed SPDU is invalid in the sense of 4.2.2.3.2, + that is, it is invalid in the sense that its validity cannot be established. +>>> +```asn1 +SymmetricCiphertext ::= CHOICE { + aes128ccm One28BitCcmCiphertext, + ..., + sm4Ccm One28BitCcmCiphertext +} +``` + +### One28BitCcmCiphertext +This data structure encapsulates an encrypted ciphertext for any + symmetric algorithm with 128-bit blocks in CCM mode. The ciphertext is + 16 bytes longer than the corresponding plaintext due to the inclusion of + the message authentication code (MAC). The plaintext resulting from a + correct decryption of the ciphertext is either a COER-encoded + Ieee1609Dot2Data structure (see 6.3.41), or a 16-byte symmetric key + (see 6.3.44). + + + The ciphertext is 16 bytes longer than the corresponding plaintext. + + The plaintext resulting from a correct decryption of the + ciphertext is a COER-encoded Ieee1609Dot2Data structure. + +Fields: +* nonce of type **OCTET STRING** (SIZE (12))
+ contains the nonce N as specified in 5.3.8. + + +* ccmCiphertext of type [**Opaque**](Ieee1609Dot2BaseTypes.md#Opaque)
+ contains the ciphertext C as specified in 5.3.8. + + + + +>>> +NOTE: In the name of this structure, "One28" indicates that the + symmetric cipher block size is 128 bits. It happens to also be the case + that the keys used for both AES-128-CCM and SM4-CCM are also 128 bits long. + This is, however, not what “One28” refers to. Since the cipher is used in + counter mode, i.e., as a stream cipher, the fact that that block size is 128 + bits affects only the size of the MAC and does not affect the size of the + raw ciphertext. +>>> +```asn1 +One28BitCcmCiphertext ::= SEQUENCE { + nonce OCTET STRING (SIZE (12)), + ccmCiphertext Opaque +} +``` + + +### Aes128CcmCiphertext +This type is defined only for backwards compatibility. +```asn1 +Aes128CcmCiphertext ::= One28BitCcmCiphertext +``` + + +### TestCertificate +This structure is a profile of the structure CertificateBase which + specifies the valid combinations of fields to transmit implicit and + explicit certificates. + +>>> +NOTE: Canonicalization: This data structure is subject to canonicalization + for the relevant operations specified in 6.1.2. The canonicalization + applies to the CertificateBase. +>>> +```asn1 +TestCertificate ::= Certificate +``` + + +### SequenceOfCertificate +This type is used for clarity of definitions. +```asn1 +SequenceOfCertificate ::= SEQUENCE OF Certificate +``` + +### CertificateBase +The fields in this structure have the following meaning: + +Fields: +* version of type [**Uint8**](Ieee1609Dot2BaseTypes.md#Uint8) (3)
+ contains the version of the certificate format. In this + version of the data structures, this field is set to 3. + + +* type of type [**CertificateType**](#CertificateType)
+ states whether the certificate is implicit or explicit. This + field is set to explicit for explicit certificates and to implicit for + implicit certificates. See ExplicitCertificate and ImplicitCertificate for + more details. + + + +* issuer of type [**IssuerIdentifier**](#IssuerIdentifier)
+ identifies the issuer of the certificate. + + + +* toBeSigned of type [**ToBeSignedCertificate**](#ToBeSignedCertificate)
+ is the certificate contents. This field is an input to + the hash when generating or verifying signatures for an explicit + certificate, or generating or verifying the public key from the + reconstruction value for an implicit certificate. The details of how this + field are encoded are given in the description of the + ToBeSignedCertificate type. + + + +* signature of type [**Signature**](Ieee1609Dot2BaseTypes.md#Signature) OPTIONAL
+ is included in an ExplicitCertificate. It is the + signature, calculated by the signer identified in the issuer field, over + the hash of toBeSigned. The hash is calculated as specified in 5.3.1, where: + - Data input is the encoding of toBeSigned following the COER. + - Signer identifier input depends on the verification type, which in + turn depends on the choice indicated by issuer. If the choice indicated by + issuer is self, the verification type is self-signed and the signer + identifier input is the empty string. If the choice indicated by issuer is + not self, the verification type is certificate and the signer identifier + input is the canonicalized COER encoding of the certificate indicated by + issuer. The canonicalization is carried out as specified in the + Canonicalization section of this subclause. + + + + +>>> +NOTE: Whole-certificate hash: If the entirety of a certificate is hashed + to calculate a HashedId3, HashedId8, or HashedId10, the algorithm used for + this purpose is known as the whole-certificate hash. The method used to + determine the whole-certificate hash algorithm is specified in 5.3.9.2. +>>> +```asn1 +CertificateBase ::= SEQUENCE { + version Uint8(3), + type CertificateType, + issuer IssuerIdentifier, + toBeSigned ToBeSignedCertificate, + signature Signature OPTIONAL +} +``` + + +### CertificateType +This enumerated type indicates whether a certificate is explicit or + implicit. + +>>> +NOTE: Critical information fields: If present, this is a critical + information field as defined in 5.2.5. An implementation that does not + recognize the indicated CHOICE for this type when verifying a signed SPDU + shall indicate that the signed SPDU is invalid in the sense of 4.2.2.3.2, + that is, it is invalid in the sense that its validity cannot be + established. +>>> +```asn1 +CertificateType ::= ENUMERATED { + explicit, + implicit, + ... +} +``` + + +### ImplicitCertificate +This is a profile of the CertificateBase structure providing all + the fields necessary for an implicit certificate, and no others. +```asn1 +ImplicitCertificate ::= CertificateBase (WITH COMPONENTS {..., + type(implicit), + toBeSigned(WITH COMPONENTS {..., + verifyKeyIndicator(WITH COMPONENTS {reconstructionValue}) + }), + signature ABSENT +}) +``` + + +### ExplicitCertificate +This is a profile of the CertificateBase structure providing all + the fields necessary for an explicit certificate, and no others. +```asn1 +ExplicitCertificate ::= CertificateBase (WITH COMPONENTS {..., + type(explicit), + toBeSigned (WITH COMPONENTS {..., + verifyKeyIndicator(WITH COMPONENTS {verificationKey}) + }), + signature PRESENT +}) +``` + +### IssuerIdentifier +This structure allows the recipient of a certificate to determine + which keying material to use to authenticate the certificate. + + + If the choice indicated is sha256AndDigest, sha384AndDigest, or + sm3AndDigest: + - The structure contains the HashedId8 of the issuing certificate. The + HashedId8 is calculated with the whole-certificate hash algorithm, + determined as described in 6.4.3, applied to the COER-encoded certificate, + canonicalized as defined in the definition of Certificate. + - The hash algorithm to be used to generate the hash of the certificate + for verification is SHA-256 (in the case of sha256AndDigest), SM3 (in the + case of sm3AndDigest) or SHA-384 (in the case of sha384AndDigest). + - The certificate is to be verified with the public key of the + indicated issuing certificate. + + If the choice indicated is self: + - The structure indicates what hash algorithm is to be used to generate + the hash of the certificate for verification. + - The certificate is to be verified with the public key indicated by + the verifyKeyIndicator field in theToBeSignedCertificate. + +Fields: +* sha256AndDigest of type [**HashedId8**](Ieee1609Dot2BaseTypes.md#HashedId8)
+* self of type [**HashAlgorithm**](Ieee1609Dot2BaseTypes.md#HashAlgorithm)
+ +* sha384AndDigest of type [**HashedId8**](Ieee1609Dot2BaseTypes.md#HashedId8)
+ + ..., +* sm3AndDigest of type [**HashedId8**](Ieee1609Dot2BaseTypes.md#HashedId8)
+ + +>>> +NOTE: Critical information fields: If present, this is a critical + information field as defined in 5.2.5. An implementation that does not + recognize the indicated CHOICE for this type when verifying a signed SPDU + shall indicate that the signed SPDU is invalid in the sense of 4.2.2.3.2, + that is, it is invalid in the sense that its validity cannot be + established. +>>> +```asn1 +IssuerIdentifier ::= CHOICE { + sha256AndDigest HashedId8, + self HashAlgorithm, + ..., + sha384AndDigest HashedId8, + sm3AndDigest HashedId8 +} +``` + +### ToBeSignedCertificate +The fields in the ToBeSignedCertificate structure have the + following meaning: + + + For both implicit and explicit certificates, when the certificate + is hashed to create or recover the public key (in the case of an implicit + certificate) or to generate or verify the signature (in the case of an + explicit certificate), the hash is Hash (Data input) || Hash ( + Signer identifier input), where: + - Data input is the COER encoding of toBeSigned, canonicalized + as described above. + - Signer identifier input depends on the verification type, + which in turn depends on the choice indicated by issuer. If the choice + indicated by issuer is self, the verification type is self-signed and the + signer identifier input is the empty string. If the choice indicated by + issuer is not self, the verification type is certificate and the signer + identifier input is the COER encoding of the canonicalization per 6.4.3 of + the certificate indicated by issuer. + + In other words, for implicit certificates, the value H (CertU) in SEC 4, + section 3, is for purposes of this standard taken to be H [H + (canonicalized ToBeSignedCertificate from the subordinate certificate) || + H (entirety of issuer Certificate)]. See 5.3.2 for further discussion, + including material differences between this standard and SEC 4 regarding + how the hash function output is converted from a bit string to an integer. + +Fields: +* id of type [**CertificateId**](#CertificateId)
+ contains information that is used to identify the certificate + holder if necessary. + + +* cracaId of type [**HashedId3**](Ieee1609Dot2BaseTypes.md#HashedId3)
+ identifies the Certificate Revocation Authorization CA + (CRACA) responsible for certificate revocation lists (CRLs) on which this + certificate might appear. Use of the cracaId is specified in 5.1.3. The + HashedId3 is calculated with the whole-certificate hash algorithm, + determined as described in 6.4.3, applied to the COER-encoded certificate, + canonicalized as defined in the definition of Certificate. + + + +* crlSeries of type [**CrlSeries**](Ieee1609Dot2BaseTypes.md#CrlSeries)
+ represents the CRL series relevant to a particular + Certificate Revocation Authorization CA (CRACA) on which the certificate + might appear. Use of this field is specified in 5.1.3. + + + +* validityPeriod of type [**ValidityPeriod**](Ieee1609Dot2BaseTypes.md#ValidityPeriod)
+ contains the validity period of the certificate. + + + +* region of type [**GeographicRegion**](Ieee1609Dot2BaseTypes.md#GeographicRegion) OPTIONAL
+ if present, indicates the validity region of the + certificate. If it is omitted the validity region is indicated as follows: + - If enclosing certificate is self-signed, i.e., the choice indicated + by the issuer field in the enclosing certificate structure is self, the + certificate is valid worldwide. + - Otherwise, the certificate has the same validity region as the + certificate that issued it. + + + +* assuranceLevel of type [**SubjectAssurance**](Ieee1609Dot2BaseTypes.md#SubjectAssurance) OPTIONAL
+ indicates the assurance level of the certificate + holder. + + + +* appPermissions of type [**SequenceOfPsidSsp**](Ieee1609Dot2BaseTypes.md#SequenceOfPsidSsp) OPTIONAL
+ indicates the permissions that the certificate + holder has to sign application data with this certificate. A valid + instance of appPermissions contains any particular Psid value in at most + one entry. + + + +* certIssuePermissions of type [**SequenceOfPsidGroupPermissions**](#SequenceOfPsidGroupPermissions) OPTIONAL
+ indicates the permissions that the certificate + holder has to sign certificates with this certificate. A valid instance of + this array contains no more than one entry whose psidSspRange field + indicates all. If the array has multiple entries and one entry has its + psidSspRange field indicate all, then the entry indicating all specifies + the permissions for all PSIDs other than the ones explicitly specified in + the other entries. See the description of PsidGroupPermissions for further + discussion. + + + +* certRequestPermissions of type [**SequenceOfPsidGroupPermissions**](#SequenceOfPsidGroupPermissions) OPTIONAL
+ indicates the permissions that the + certificate holder can request in its certificate. A valid instance of this + array contains no more than one entry whose psidSspRange field indicates + all. If the array has multiple entries and one entry has its psidSspRange + field indicate all, then the entry indicating all specifies the permissions + for all PSIDs other than the ones explicitly specified in the other entries. + See the description of PsidGroupPermissions for further discussion. + + + +* canRequestRollover of type **NULL** OPTIONAL
+ indicates that the certificate may be used to + sign a request for another certificate with the same permissions. This + field is provided for future use and its use is not defined in this + version of this standard. + + + +* encryptionKey of type [**PublicEncryptionKey**](Ieee1609Dot2BaseTypes.md#PublicEncryptionKey) OPTIONAL
+ contains a public key for encryption for which the + certificate holder holds the corresponding private key. + + + +* verifyKeyIndicator of type [**VerificationKeyIndicator**](#VerificationKeyIndicator)
+ contains material that may be used to recover + the public key that may be used to verify data signed by this certificate. + + + +* flags of type **BIT STRING** {usesCubk (0)} (SIZE (8)) OPTIONAL
+ indicates additional yes/no properties of the certificate + holder. The only bit with defined semantics in this string in this version + of this standard is usesCubk. If set, the usesCubk bit indicates that the + certificate holder supports the compact unified butterfly key response. + Further material about the compact unified butterfly key response can be + found in IEEE Std 1609.2.1. + + + + ..., +* appExtensions of type [**SequenceOfAppExtensions**](#SequenceOfAppExtensions)
+ indicates additional permissions that may be applied + to application activities that the certificate holder is carrying out. + + + +* certIssueExtensions of type [**SequenceOfCertIssueExtensions**](#SequenceOfCertIssueExtensions)
+ indicates additional permissions to issue + certificates containing endEntityExtensions. + + + +* certRequestExtension of type [**SequenceOfCertRequestExtensions**](#SequenceOfCertRequestExtensions)
+ +If the PublicEncryptionKey contains a BasePublicEncryptionKey that is an + elliptic curve point (i.e., of type EccP256CurvePoint or EccP384CurvePoint), + then the elliptic curve point is encoded in compressed form, i.e., such + that the choice indicated within the Ecc*CurvePoint is compressed-y-0 or + compressed-y-1. + +>>> +NOTE: Critical information fields: + - If present, appPermissions is a critical information field as defined + in 5.2.6. If an implementation of verification does not support the number + of PsidSsp in the appPermissions field of a certificate that signed a + signed SPDU, that implementation shall indicate that the signed SPDU is + invalid in the sense of 4.2.2.3.2, that is, it is invalid in the sense + that its validity cannot be established.. A conformant implementation + shall support appPermissions fields containing at least eight entries. + It may be the case that an implementation of verification does not support + the number of entries in the appPermissions field and the appPermissions + field is not relevant to the verification: this will occur, for example, + if the certificate in question is a CA certificate and so the + certIssuePermissions field is relevant to the verification and the + appPermissions field is not. In this case, whether the implementation + indicates that the signed SPDU is valid (because it could validate all + relevant fields) or invalid (because it could not parse the entire + certificate) is implementation-specific. + - If present, certIssuePermissions is a critical information field as + defined in 5.2.6. If an implementation of verification does not support + the number of PsidGroupPermissions in the certIssuePermissions field of a + CA certificate in the chain of a signed SPDU, the implementation shall + indicate that the signed SPDU is invalid in the sense of 4.2.2.3.2, that + is, it is invalid in the sense that its validity cannot be established. + A conformant implementation shall support certIssuePermissions fields + containing at least eight entries. + It may be the case that an implementation of verification does not support + the number of entries in the certIssuePermissions field and the + certIssuePermissions field is not relevant to the verification: this will + occur, for example, if the certificate in question is the signing + certificate for the SPDU and so the appPermissions field is relevant to + the verification and the certIssuePermissions field is not. In this case, + whether the implementation indicates that the signed SPDU is valid + (because it could validate all relevant fields) or invalid (because it + could not parse the entire certificate) is implementation-specific. + - If present, certRequestPermissions is a critical information field as + defined in 5.2.6. If an implementaiton of verification of a certificate + request does not support the number of PsidGroupPermissions in + certRequestPermissions, the implementation shall indicate that the signed + SPDU is invalid in the sense of 4.2.2.3.2, that is, it is invalid in the + sense that its validity cannot be established. A conformant implementation + shall support certRequestPermissions fields containing at least eight + entries. + It may be the case that an implementation of verification does not support + the number of entries in the certRequestPermissions field and the + certRequestPermissions field is not relevant to the verification: this will + occur, for example, if the certificate in question is the signing + certificate for the SPDU and so the appPermissions field is relevant to + the verification and the certRequestPermissions field is not. In this + case, whether the implementation indicates that the signed SPDU is valid + (because it could validate all relevant fields) or invalid (because it + could not parse the entire certificate) is implementation-specific. +>>> +```asn1 +ToBeSignedCertificate ::= SEQUENCE { + id CertificateId, + cracaId HashedId3, + crlSeries CrlSeries, + validityPeriod ValidityPeriod, + region GeographicRegion OPTIONAL, + assuranceLevel SubjectAssurance OPTIONAL, + appPermissions SequenceOfPsidSsp OPTIONAL, + certIssuePermissions SequenceOfPsidGroupPermissions OPTIONAL, + certRequestPermissions SequenceOfPsidGroupPermissions OPTIONAL, + canRequestRollover NULL OPTIONAL, + encryptionKey PublicEncryptionKey OPTIONAL, + verifyKeyIndicator VerificationKeyIndicator, + ..., + flags BIT STRING {usesCubk (0)} (SIZE (8)) OPTIONAL, + appExtensions SequenceOfAppExtensions, + certIssueExtensions SequenceOfCertIssueExtensions, + certRequestExtension SequenceOfCertRequestExtensions +} +(WITH COMPONENTS { ..., appPermissions PRESENT} | + WITH COMPONENTS { ..., certIssuePermissions PRESENT} | + WITH COMPONENTS { ..., certRequestPermissions PRESENT}) +``` + +### CertificateId +This structure contains information that is used to identify the + certificate holder if necessary. + +Fields: +* linkageData of type [**LinkageData**](#LinkageData)
+ is used to identify the certificate for revocation + purposes in the case of certificates that appear on linked certificate + CRLs. See 5.1.3 and 7.3 for further discussion. + + +* name of type [**Hostname**](Ieee1609Dot2BaseTypes.md#Hostname)
+ is used to identify the certificate holder in the case of + non-anonymous certificates. The contents of this field are a matter of + policy and are expected to be human-readable. + + + +* binaryId of type **OCTET STRING** (SIZE(1..64))
+ supports identifiers that are not human-readable. + + + +* none of type **NULL**
+ indicates that the certificate does not include an identifier. + + + + +>>> +NOTE: Critical information fields: + - If present, this is a critical information field as defined in 5.2.6. + An implementation that does not recognize the choice indicated in this + field shall reject a signed SPDU as invalid. +>>> +```asn1 +CertificateId ::= CHOICE { + linkageData LinkageData, + name Hostname, + binaryId OCTET STRING(SIZE(1..64)), + none NULL, + ... +} +``` + +### LinkageData +This structure contains information that is matched against + information obtained from a linkage ID-based CRL to determine whether the + containing certificate has been revoked. See 5.1.3.4 and 7.3 for details + of use. + +Fields: +* iCert of type [**IValue**](Ieee1609Dot2BaseTypes.md#IValue)
+* linkage-value of type [**LinkageValue**](Ieee1609Dot2BaseTypes.md#LinkageValue)
+ +* group-linkage-value of type [**GroupLinkageValue**](Ieee1609Dot2BaseTypes.md#GroupLinkageValue) OPTIONAL
+ +```asn1 +LinkageData ::= SEQUENCE { + iCert IValue, + linkage-value LinkageValue, + group-linkage-value GroupLinkageValue OPTIONAL +} +``` + +### PsidGroupPermissions +This type indicates which type of permissions may appear in + end-entity certificates the chain of whose permissions passes through the + PsidGroupPermissions field containing this value. If app is indicated, the + end-entity certificate may contain an appPermissions field. If enroll is + indicated, the end-entity certificate may contain a certRequestPermissions + field. + +This structure states the permissions that a certificate holder has + with respect to issuing and requesting certificates for a particular set + of PSIDs. For examples, see D.5.3 and D.5.4. + +Fields: +* subjectPermissions of type [**SubjectPermissions**](#SubjectPermissions)
+ indicates PSIDs and SSP Ranges covered by this + field. + + +* minChainLength of type **INTEGER** DEFAULT 1
+ and chainLengthRange indicate how long the + certificate chain from this certificate to the end-entity certificate is + permitted to be. As specified in 5.1.2.1, the length of the certificate + chain is the number of certificates "below" this certificate in the chain, + down to and including the end-entity certificate. The length is permitted + to be (a) greater than or equal to minChainLength certificates and (b) + less than or equal to minChainLength + chainLengthRange certificates. A + value of 0 for minChainLength is not permitted when this type appears in + the certIssuePermissions field of a ToBeSignedCertificate; a certificate + that has a value of 0 for this field is invalid. The value -1 for + chainLengthRange is a special case: if the value of chainLengthRange is -1 + it indicates that the certificate chain may be any length equal to or + greater than minChainLength. See the examples below for further discussion. + + + +* chainLengthRange of type **INTEGER** DEFAULT 0
+ +* eeType of type [**EndEntityType**](#EndEntityType) DEFAULT {app}
+ takes one or more of the values app and enroll and indicates + the type of certificates or requests that this instance of + PsidGroupPermissions in the certificate is entitled to authorize. + Different instances of PsidGroupPermissions within a ToBeSignedCertificate + may have different values for eeType. + - If this field indicates app, the chain is allowed to end in an + authorization certificate, i.e., a certficate in which these permissions + appear in an appPermissions field (in other words, if the field does not + indicate app and the chain ends in an authorization certificate, the + chain shall be considered invalid). + - If this field indicates enroll, the chain is allowed to end in an + enrollment certificate, i.e., a certificate in which these permissions + appear in a certReqPermissions permissions field (in other words, if the + field does not indicate enroll and the chain ends in an enrollment + certificate, the chain shall be considered invalid). + + + + +```asn1 +PsidGroupPermissions ::= SEQUENCE { + subjectPermissions SubjectPermissions, + minChainLength INTEGER DEFAULT 1, + chainLengthRange INTEGER DEFAULT 0, + eeType EndEntityType DEFAULT {app} +} +``` + + +### SequenceOfPsidGroupPermissions +This type is used for clarity of definitions. +```asn1 +SequenceOfPsidGroupPermissions ::= SEQUENCE OF PsidGroupPermissions +``` + +### SubjectPermissions +This indicates the PSIDs and associated SSPs for which certificate + issuance or request permissions are granted by a PsidGroupPermissions + structure. If this takes the value explicit, the enclosing + PsidGroupPermissions structure grants certificate issuance or request + permissions for the indicated PSIDs and SSP Ranges. If this takes the + value all, the enclosing PsidGroupPermissions structure grants certificate + issuance or request permissions for all PSIDs not indicated by other + PsidGroupPermissions in the same certIssuePermissions or + certRequestPermissions field. + +Fields: +* explicit of type [**SequenceOfPsidSspRange**](Ieee1609Dot2BaseTypes.md#SequenceOfPsidSspRange)
+* all of type **NULL**
+ + +>>> +NOTE: Critical information fields: + - If present, this is a critical information field as defined in 5.2.6. + An implementation that does not recognize the indicated CHOICE when + verifying a signed SPDU shall indicate that the signed SPDU is + invalidin the sense of 4.2.2.3.2, that is, it is invalid in the sense that + its validity cannot be established. + - If present, explicit is a critical information field as defined in + 5.2.6. An implementation that does not support the number of PsidSspRange + in explicit when verifying a signed SPDU shall indicate that the signed + SPDU is invalid in the sense of 4.2.2.3.2, that is, it is invalid in the + sense that its validity cannot be established. A conformant implementation + shall support explicit fields containing at least eight entries. +>>> +```asn1 +SubjectPermissions ::= CHOICE { + explicit SequenceOfPsidSspRange, + all NULL, + ... +} +``` + +### VerificationKeyIndicator +The contents of this field depend on whether the certificate is an + implicit or an explicit certificate. + +Fields: +* verificationKey of type [**PublicVerificationKey**](Ieee1609Dot2BaseTypes.md#PublicVerificationKey)
+ is included in explicit certificates. It contains + the public key to be used to verify signatures generated by the holder of + the Certificate. + + +* reconstructionValue of type [**EccP256CurvePoint**](Ieee1609Dot2BaseTypes.md#EccP256CurvePoint)
+ is included in implicit certificates. It + contains the reconstruction value, which is used to recover the public key + as specified in SEC 4 and 5.3.2. + + + + +>>> +NOTE: Canonicalization: This data structure is subject to canonicalization + for the relevant operations specified in 6.1.2. The canonicalization + applies to the PublicVerificationKey and to the EccP256CurvePoint. The + EccP256CurvePoint is encoded in compressed form, i.e., such that the + choice indicated within the EccP256CurvePoint is compressed-y-0 or + compressed-y-1. +>>> +```asn1 +VerificationKeyIndicator ::= CHOICE { + verificationKey PublicVerificationKey, + reconstructionValue EccP256CurvePoint, + ... +} +``` + + +### Ieee1609HeaderInfoExtensionId +This structure uses the parameterized type Extension to define an + Ieee1609ContributedHeaderInfoExtension as an open Extension Content field + identified by an extension identifier. The extension identifier value is + unique to extensions defined by ETSI and need not be unique among all + extension identifier values defined by all contributing organizations. + +This is an integer used to identify an + Ieee1609ContributedHeaderInfoExtension. +```asn1 +Ieee1609HeaderInfoExtensionId ::= ExtId +``` + +```asn1 +p2pcd8ByteLearningRequestId Ieee1609HeaderInfoExtensionId ::= 1 +``` + + +### Ieee1609HeaderInfoExtensions +This is the ASN.1 Information Object Class that associates IEEE + 1609 HeaderInfo contributed extensions with the appropriate + Ieee1609HeaderInfoExtensionId value. +```asn1 +Ieee1609HeaderInfoExtensions EXT-TYPE ::= { + {HashedId8 IDENTIFIED BY p2pcd8ByteLearningRequestId}, + ... +} +``` + + +### SequenceOfAppExtensions +This structure contains any AppExtensions that apply to the + certificate holder. As specified in 5.2.4.2.3, each individual + AppExtension type is associated with consistency conditions, specific to + that extension, that govern its consistency with SPDUs signed by the + certificate holder and with the CertIssueExtensions in the CA certificates + in that certificate holder’s chain. Those consistency conditions are + specified for each individual AppExtension below. +```asn1 +SequenceOfAppExtensions ::= SEQUENCE (SIZE(1..MAX)) OF AppExtension +``` + +### AppExtension +This structure contains an individual AppExtension. AppExtensions + specified in this standard are drawn from the ASN.1 Information Object Set + SetCertExtensions. This set, and its use in the AppExtension type, is + structured so that each AppExtension is associated with a + CertIssueExtension and a CertRequestExtension and all are identified by + the same id value. In this structure: + +Fields: +* id of type [**CERT-EXT-TYPE**](Ieee1609Dot2BaseTypes.md#CERT-EXT-TYPE) .&id({SetCertExtensions})
+ identifies the extension type. + + +* content of type [**CERT-EXT-TYPE**](Ieee1609Dot2BaseTypes.md#CERT-EXT-TYPE) .&App({SetCertExtensions}{@.id})
+ provides the content of the extension. + + + + +```asn1 +AppExtension ::= SEQUENCE { + id CERT-EXT-TYPE.&id({SetCertExtensions}), + content CERT-EXT-TYPE.&App({SetCertExtensions}{@.id}) +} +``` + + +### SequenceOfCertIssueExtensions +This field contains any CertIssueExtensions that apply to the + certificate holder. As specified in 5.2.4.2.3, each individual + CertIssueExtension type is associated with consistency conditions, + specific to that extension, that govern its consistency with + AppExtensions in certificates issued by the certificate holder and with + the CertIssueExtensions in the CA certificates in that certificate + holder’s chain. Those consistency conditions are specified for each + individual CertIssueExtension below. +```asn1 +SequenceOfCertIssueExtensions ::= + SEQUENCE (SIZE(1..MAX)) OF CertIssueExtension +``` + +### CertIssueExtension +This field contains an individual CertIssueExtension. + CertIssueExtensions specified in this standard are drawn from the ASN.1 + Information Object Set SetCertExtensions. This set, and its use in the + CertIssueExtension type, is structured so that each CertIssueExtension + is associated with a AppExtension and a CertRequestExtension and all are + identified by the same id value. In this structure: + +Fields: +* id of type [**CERT-EXT-TYPE**](Ieee1609Dot2BaseTypes.md#CERT-EXT-TYPE) .&id({SetCertExtensions})
+ identifies the extension type. + + +* permissions of type [**CHOICE**](#CHOICE) { + specific CERT-EXT-TYPE.&Issue({SetCertExtensions}{@.id})
+ indicates the permissions. Within this field. + - all indicates that the certificate is entitled to issue all values of + the extension. + - specific is used to specify which values of the extension may be + issued in the case where all does not apply. + + + + +* all of type **NULL**
+ +```asn1 +CertIssueExtension ::= SEQUENCE { + id CERT-EXT-TYPE.&id({SetCertExtensions}), + permissions CHOICE { + specific CERT-EXT-TYPE.&Issue({SetCertExtensions}{@.id}), + all NULL + } +} +``` + + +### SequenceOfCertRequestExtensions +This field contains any CertRequestExtensions that apply to the + certificate holder. As specified in 5.2.4.2.3, each individual + CertRequestExtension type is associated with consistency conditions, + specific to that extension, that govern its consistency with + AppExtensions in certificates issued by the certificate holder and with + the CertRequestExtensions in the CA certificates in that certificate + holder’s chain. Those consistency conditions are specified for each + individual CertRequestExtension below. +```asn1 +SequenceOfCertRequestExtensions ::= SEQUENCE (SIZE(1..MAX)) OF CertRequestExtension +``` + +### CertRequestExtension +This field contains an individual CertRequestExtension. + CertRequestExtensions specified in this standard are drawn from the + ASN.1 Information Object Set SetCertExtensions. This set, and its use in + the CertRequestExtension type, is structured so that each + CertRequestExtension is associated with a AppExtension and a + CertRequestExtension and all are identified by the same id value. In this + structure: + +Fields: +* id of type [**CERT-EXT-TYPE**](Ieee1609Dot2BaseTypes.md#CERT-EXT-TYPE) .&id({SetCertExtensions})
+ identifies the extension type. + + +* permissions of type [**CHOICE**](#CHOICE) { + content CERT-EXT-TYPE.&Req({SetCertExtensions}{@.id})
+ indicates the permissions. Within this field. + - all indicates that the certificate is entitled to issue all values of + the extension. + - specific is used to specify which values of the extension may be + issued in the case where all does not apply. + + + + +* all of type **NULL**
+ +```asn1 +CertRequestExtension ::= SEQUENCE { + id CERT-EXT-TYPE.&id({SetCertExtensions}), + permissions CHOICE { + content CERT-EXT-TYPE.&Req({SetCertExtensions}{@.id}), + all NULL + } +} +``` + + +### OperatingOrganizationId +This type is the AppExtension used to identify an operating + organization. The associated CertIssueExtension and CertRequestExtension + are both of type OperatingOrganizationId. + To determine consistency between this type and an SPDU, the SDEE + specification for that SPDU is required to specify how the SPDU can be + used to determine an OBJECT IDENTIFIER (for example, by including the + full OBJECT IDENTIFIER in the SPDU, or by including a RELATIVE-OID with + clear instructions about how a full OBJECT IDENTIFIER can be obtained from + the RELATIVE-OID). The SPDU is then consistent with this type if the + OBJECT IDENTIFIER determined from the SPDU is identical to the OBJECT + IDENTIFIER contained in this field. + This AppExtension does not have consistency conditions with a + corresponding CertIssueExtension. It can appear in a certificate issued + by any CA. +```asn1 +OperatingOrganizationId ::= OBJECT IDENTIFIER +``` + +```asn1 +certExtId-OperatingOrganization ExtId ::= 1 +``` + +```asn1 +instanceOperatingOrganizationCertExtensions CERT-EXT-TYPE ::= { + ID certExtId-OperatingOrganization + APP OperatingOrganizationId + ISSUE NULL + REQUEST NULL +} +``` + + +### SetCertExtensions +This Information Object Set is a collection of Information Objects + used to contain the AppExtension, CertIssueExtension, and + CertRequestExtension types associated with a specific use of certificate + extensions. In this version of this standard it only has a single entry + instanceOperatingOrganizationCertExtensions. +```asn1 +SetCertExtensions CERT-EXT-TYPE ::= { + instanceOperatingOrganizationCertExtensions, + ... +} +``` + + + +This Information Object is an instance of the Information Object + Class CERT-EXT-TYPE. It is defined to bind together the AppExtension, + CertIssueExtension, and CertRequestExtension types associated with the + use of an operating organization identifier, and to assocaute them all + with the extension identifier value certExtId-OperatingOrganization. + This Information Object Set is a collection of Information Objects + used to contain the AppExtension, CertIssueExtension, and + CertRequestExtension types associated with a specific use of certificate + extensions. In this version of this standard it only has a single entry + instanceOperatingOrganizationCertExtensions. + + diff --git a/docs/Ieee1609Dot2BaseTypes.md b/docs/Ieee1609Dot2BaseTypes.md new file mode 100644 index 0000000000000000000000000000000000000000..4cbd3bc62430bdf233f4b674bffa66b1b1615767 --- /dev/null +++ b/docs/Ieee1609Dot2BaseTypes.md @@ -0,0 +1,1726 @@ +# ASN.1 module Ieee1609Dot2BaseTypes + OID: _{iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2) minor-version-4(4)}_ + @note Section references in this file are to clauses in IEEE Std + 1609.2 unless indicated otherwise. Full forms of acronyms and + abbreviations used in this file are specified in 3.2. + + +## Data Elements: + +### Uint3 +This atomic type is used in the definition of other data structures. + It is for non-negative integers up to 7, i.e., (hex)07. +```asn1 +Uint3 ::= INTEGER (0..7) +``` + + +### Uint8 +This atomic type is used in the definition of other data structures. + It is for non-negative integers up to 255, i.e., (hex)ff. +```asn1 +Uint8 ::= INTEGER (0..255) +``` + + +### Uint16 +This atomic type is used in the definition of other data structures. + It is for non-negative integers up to 65,535, i.e., (hex)ff ff. +```asn1 +Uint16 ::= INTEGER (0..65535) +``` + + +### Uint32 +This atomic type is used in the definition of other data structures. + It is for non-negative integers up to 4,294,967,295, i.e., + (hex)ff ff ff ff. +```asn1 +Uint32 ::= INTEGER (0..4294967295) +``` + + +### Uint64 +This atomic type is used in the definition of other data structures. + It is for non-negative integers up to 18,446,744,073,709,551,615, i.e., + (hex)ff ff ff ff ff ff ff ff. +```asn1 +Uint64 ::= INTEGER (0..18446744073709551615) +``` + + +### SequenceOfUint8 +This type is used for clarity of definitions. +```asn1 +SequenceOfUint8 ::= SEQUENCE OF Uint8 +``` + + +### SequenceOfUint16 +This type is used for clarity of definitions. +```asn1 +SequenceOfUint16 ::= SEQUENCE OF Uint16 +``` + + +### Opaque +This is a synonym for ASN.1 OCTET STRING, and is used in the + definition of other data structures. +```asn1 +Opaque ::= OCTET STRING +``` + + +### HashedId3 +This type contains the truncated hash of another data structure. + The HashedId3 for a given data structure is calculated by calculating the + hash of the encoded data structure and taking the low-order three bytes of + the hash output. The low-order three bytes are the last three bytes of the + 32-byte hash when represented in network byte order. If the data structure + is subject to canonicalization it is canonicalized before hashing. See + Example below. + + + The hash algorithm to be used to calculate a HashedId3 within a + structure depends on the context. In this standard, for each structure + that includes a HashedId3 field, the corresponding text indicates how the + hash algorithm is determined. See also the discussion in 5.3.9. + + Example: Consider the SHA-256 hash of the empty string: + + SHA-256("") = + e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + + The HashedId3 derived from this hash corresponds to the following: + + HashedId3 = 52b855. +```asn1 +HashedId3 ::= OCTET STRING (SIZE(3)) +``` + + +### SequenceOfHashedId3 +This type is used for clarity of definitions. +```asn1 +SequenceOfHashedId3 ::= SEQUENCE OF HashedId3 +``` + + +### HashedId8 +This type contains the truncated hash of another data structure. + The HashedId8 for a given data structure is calculated by calculating the + hash of the encoded data structure and taking the low-order eight bytes of + the hash output. The low-order eight bytes are the last eight bytes of the + hash when represented in network byte order. If the data structure + is subject to canonicalization it is canonicalized before hashing. See + Example below. + + + The hash algorithm to be used to calculate a HashedId8 within a + structure depends on the context. In this standard, for each structure + that includes a HashedId8 field, the corresponding text indicates how the + hash algorithm is determined. See also the discussion in 5.3.9. + + Example: Consider the SHA-256 hash of the empty string: + + SHA-256("") = + e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + + The HashedId8 derived from this hash corresponds to the following: + + HashedId8 = a495991b7852b855. +```asn1 +HashedId8 ::= OCTET STRING (SIZE(8)) +``` + + +### HashedId10 +This type contains the truncated hash of another data structure. + The HashedId10 for a given data structure is calculated by calculating the + hash of the encoded data structure and taking the low-order ten bytes of + the hash output. The low-order ten bytes are the last ten bytes of the + hash when represented in network byte order. If the data structure + is subject to canonicalization it is canonicalized before hashing. See + Example below. + + + The hash algorithm to be used to calculate a HashedId10 within a + structure depends on the context. In this standard, for each structure + that includes a HashedId10 field, the corresponding text indicates how the + hash algorithm is determined. See also the discussion in 5.3.9. + + Example: Consider the SHA-256 hash of the empty string: + + SHA-256("") = + e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + + The HashedId10 derived from this hash corresponds to the following: + + HashedId10 = 934ca495991b7852b855. +```asn1 +HashedId10 ::= OCTET STRING (SIZE(10)) +``` + + +### HashedId32 +This data structure contains the truncated hash of another data + structure. The HashedId32 for a given data structure is calculated by + calculating the hash of the encoded data structure and taking the + low-order 32 bytes of the hash output. The low-order 32 bytes are the last + 32 bytes of the hash when represented in network byte order. If the data + structure is subject to canonicalization it is canonicalized before + hashing. See Example below. + + + The hash algorithm to be used to calculate a HashedId32 within a + structure depends on the context. In this standard, for each structure + that includes a HashedId32 field, the corresponding text indicates how the + hash algorithm is determined. See also the discussion in 5.3.9. + + Example: Consider the SHA-256 hash of the empty string: + + SHA-256("") = + e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 + + The HashedId32 derived from this hash corresponds to the following: + + HashedId32 = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b8 + 55. +```asn1 +HashedId32 ::= OCTET STRING (SIZE(32)) +``` + + +### HashedId48 +This data structure contains the truncated hash of another data + structure. The HashedId48 for a given data structure is calculated by + calculating the hash of the encoded data structure and taking the + low-order 48 bytes of the hash output. The low-order 48 bytes are the last + 48 bytes of the hash when represented in network byte order. If the data + structure is subject to canonicalization it is canonicalized before + hashing. See Example below. + + + The hash algorithm to be used to calculate a HashedId48 within a + structure depends on the context. In this standard, for each structure + that includes a HashedId48 field, the corresponding text indicates how the + hash algorithm is determined. See also the discussion in 5.3.9. + + Example: Consider the SHA-384 hash of the empty string: + + SHA-384("") = 38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6 + e1da274edebfe76f65fbd51ad2f14898b95b + + The HashedId48 derived from this hash corresponds to the following: + + HashedId48 = 38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e + 1da274edebfe76f65fbd51ad2f14898b95b. +```asn1 +HashedId48 ::= OCTET STRING(SIZE(48)) +``` + + +### Time32 +This type gives the number of (TAI) seconds since 00:00:00 UTC, 1 + January, 2004. +```asn1 +Time32 ::= Uint32 +``` + + +### Time64 +This data structure is a 64-bit integer giving an estimate of the + number of (TAI) microseconds since 00:00:00 UTC, 1 January, 2004. +```asn1 +Time64 ::= Uint64 +``` + +### ValidityPeriod +This type gives the validity period of a certificate. The start of + the validity period is given by start and the end is given by + start + duration. + +Fields: +* start of type [**Time32**](Ieee1609Dot2BaseTypes.md#Time32)
+* duration of type [**Duration**](#Duration)
+ +```asn1 +ValidityPeriod ::= SEQUENCE { + start Time32, + duration Duration +} +``` + +### Duration +This structure represents the duration of validity of a + certificate. The Uint16 value is the duration, given in the units denoted + by the indicated choice. A year is considered to be 31556952 seconds, + which is the average number of seconds in a year. + +Fields: +* microseconds of type [**Uint16**](Ieee1609Dot2BaseTypes.md#Uint16)
+* milliseconds of type [**Uint16**](Ieee1609Dot2BaseTypes.md#Uint16)
+ +* seconds of type [**Uint16**](Ieee1609Dot2BaseTypes.md#Uint16)
+ +* minutes of type [**Uint16**](Ieee1609Dot2BaseTypes.md#Uint16)
+ +* hours of type [**Uint16**](Ieee1609Dot2BaseTypes.md#Uint16)
+ +* sixtyHours of type [**Uint16**](Ieee1609Dot2BaseTypes.md#Uint16)
+ +* years of type [**Uint16**](Ieee1609Dot2BaseTypes.md#Uint16)
+ + +>>> +NOTE: Years can be mapped more closely to wall-clock days using the hours + choice for up to 7 years and the sixtyHours choice for up to 448 years. +>>> +```asn1 +Duration ::= CHOICE { + microseconds Uint16, + milliseconds Uint16, + seconds Uint16, + minutes Uint16, + hours Uint16, + sixtyHours Uint16, + years Uint16 +} +``` + +### GeographicRegion +This structure represents a geographic region of a specified form. + A certificate is not valid if any part of the region indicated in its + scope field lies outside the region indicated in the scope of its issuer. + +Fields: +* circularRegion of type [**CircularRegion**](#CircularRegion)
+ contains a single instance of the CircularRegion + structure. + + +* rectangularRegion of type [**SequenceOfRectangularRegion**](#SequenceOfRectangularRegion)
+ is an array of RectangularRegion structures + containing at least one entry. This field is interpreted as a series of + rectangles, which may overlap or be disjoint. The permitted region is any + point within any of the rectangles. + + + +* polygonalRegion of type [**PolygonalRegion**](#PolygonalRegion)
+ contains a single instance of the PolygonalRegion + structure. + + + +* identifiedRegion of type [**SequenceOfIdentifiedRegion**](#SequenceOfIdentifiedRegion)
+ is an array of IdentifiedRegion structures + containing at least one entry. The permitted region is any point within + any of the identified regions. + + + + +>>> +NOTE: Critical information fields: + - If present, this is a critical information field as defined in 5.2.6. + An implementation that does not recognize the indicated CHOICE when + verifying a signed SPDU shall indicate that the signed SPDU is invalid in + the sense of 4.2.2.3.2, that is, it is invalid in the sense that its + validity cannot be established. + - If selected, rectangularRegion is a critical information field as + defined in 5.2.6. An implementation that does not support the number of + RectangularRegion in rectangularRegions when verifying a signed SPDU shall + indicate that the signed SPDU is invalid in the sense of 4.2.2.3.2, that + is, it is invalid in the sense that its validity cannot be established. + A conformant implementation shall support rectangularRegions fields + containing at least eight entries. + - If selected, identifiedRegion is a critical information field as + defined in 5.2.6. An implementation that does not support the number of + IdentifiedRegion in identifiedRegion shall reject the signed SPDU as + invalid in the sense of 4.2.2.3.2, that is, it is invalid in the sense + that its validity cannot be established. A conformant implementation shall + support identifiedRegion fields containing at least eight entries. +>>> +```asn1 +GeographicRegion ::= CHOICE { + circularRegion CircularRegion, + rectangularRegion SequenceOfRectangularRegion, + polygonalRegion PolygonalRegion, + identifiedRegion SequenceOfIdentifiedRegion, + ... +} +``` + +### CircularRegion +This structure specifies a circle with its center at center, its + radius given in meters, and located tangential to the reference ellipsoid. + The indicated region is all the points on the surface of the reference + ellipsoid whose distance to the center point over the reference ellipsoid + is less than or equal to the radius. A point which contains an elevation + component is considered to be within the circular region if its horizontal + projection onto the reference ellipsoid lies within the region. + +Fields: +* center of type [**TwoDLocation**](#TwoDLocation)
+* radius of type [**Uint16**](Ieee1609Dot2BaseTypes.md#Uint16)
+ +```asn1 +CircularRegion ::= SEQUENCE { + center TwoDLocation, + radius Uint16 +} +``` + +### RectangularRegion +This structure specifies a “rectangle” on the surface of the WGS84 ellipsoid where the + sides are given by lines of constant latitude or longitude. + A point which contains an elevation component is considered to be within the rectangular region + if its horizontal projection onto the reference ellipsoid lies within the region. + A RectangularRegion is invalid if the northWest value is south of the southEast value, or if the + latitude values in the two points are equal, or if the longitude values in the two points are + equal; otherwise it is valid. A certificate that contains an invalid RectangularRegion is invalid. + +Fields: +* northWest of type [**TwoDLocation**](#TwoDLocation)
+ is the north-west corner of the rectangle. + + +* southEast of type [**TwoDLocation**](#TwoDLocation)
+ is the south-east corner of the rectangle. + + + + +```asn1 +RectangularRegion ::= SEQUENCE { + northWest TwoDLocation, + southEast TwoDLocation +} +``` + + +### SequenceOfRectangularRegion +This type is used for clarity of definitions. +```asn1 +SequenceOfRectangularRegion ::= SEQUENCE OF RectangularRegion +``` + + +### PolygonalRegion +This structure defines a region using a series of distinct + geographic points, defined on the surface of the reference ellipsoid. The + region is specified by connecting the points in the order they appear, + with each pair of points connected by the geodesic on the reference + ellipsoid. The polygon is completed by connecting the final point to the + first point. The allowed region is the interior of the polygon and its + boundary. + + + A point which contains an elevation component is considered to be + within the polygonal region if its horizontal projection onto the + reference ellipsoid lies within the region. + + A valid PolygonalRegion contains at least three points. In a valid + PolygonalRegion, the implied lines that make up the sides of the polygon + do not intersect. + +>>> +NOTE: Critical information fields: If present, this is a critical + information field as defined in 5.2.6. An implementation that does not + support the number of TwoDLocation in the PolygonalRegion when verifying a + signed SPDU shall indicate that the signed SPDU is invalid. A compliant + implementation shall support PolygonalRegions containing at least eight + TwoDLocation entries. +>>> +```asn1 +PolygonalRegion ::= SEQUENCE SIZE (3..MAX) OF TwoDLocation +``` + +### TwoDLocation +This structure is used to define validity regions for use in + certificates. The latitude and longitude fields contain the latitude and + longitude as defined above. + +Fields: +* latitude of type [**Latitude**](#Latitude)
+* longitude of type [**Longitude**](#Longitude)
+ + +>>> +NOTE: This data structure is consistent with the location encoding + used in SAE J2735, except that values 900 000 001 for latitude (used to + indicate that the latitude was not available) and 1 800 000 001 for + longitude (used to indicate that the longitude was not available) are not + valid. +>>> +```asn1 +TwoDLocation ::= SEQUENCE { + latitude Latitude, + longitude Longitude +} +``` + +### IdentifiedRegion +This structure indicates the region of validity of a certificate + using region identifiers. + A conformant implementation that supports this type shall support at least + one of the possible CHOICE values. The Protocol Implementation Conformance + Statement (PICS) provided in Annex A allows an implementation to state + which CountryOnly values it recognizes. + +Fields: +* countryOnly of type [**UnCountryId**](#UnCountryId)
+ indicates that only a country (or a geographic entity + included in a country list) is given. + + +* countryAndRegions of type [**CountryAndRegions**](#CountryAndRegions)
+ indicates that one or more top-level regions + within a country (as defined by the region listing associated with that + country) is given. + + + +* countryAndSubregions of type [**CountryAndSubregions**](#CountryAndSubregions)
+ indicates that one or more regions smaller + than the top-level regions within a country (as defined by the region + listing associated with that country) is given. + + + +Critical information fields: If present, this is a critical + information field as defined in 5.2.6. An implementation that does not + recognize the indicated CHOICE when verifying a signed SPDU shall indicate + that the signed SPDU is invalid in the sense of 4.2.2.3.2, that is, it is + invalid in the sense that its validity cannot be established. +```asn1 +IdentifiedRegion ::= CHOICE { + countryOnly UnCountryId, + countryAndRegions CountryAndRegions, + countryAndSubregions CountryAndSubregions, + ... +} +``` + + +### SequenceOfIdentifiedRegion +This type is used for clarity of definitions. +```asn1 +SequenceOfIdentifiedRegion ::= SEQUENCE OF IdentifiedRegion +``` + + +### UnCountryId +This type contains the integer representation of the country or + area identifier as defined by the United Nations Statistics Division in + October 2013 (see normative references in Clause 0). + A conformant implementation that implements IdentifiedRegion shall + recognize (in the sense of “be able to determine whether a two dimensional + location lies inside or outside the borders identified by”) at least one + value of UnCountryId. The Protocol Implementation Conformance Statement + (PICS) provided in Annex A allows an implementation to state which + UnCountryId values it recognizes. + Since 2013 and before the publication of this version of this standard, + three changes have been made to the country code list, to define the + region "sub-Saharan Africa" and remove the "developed regions", and + "developing regions". A conformant implementation may recognize these + region identifiers in the sense defined in the previous paragraph. + If a verifying implementation is required to check that relevant + geographic information in a signed SPDU is consistent with a certificate + containing one or more instances of this type, then the SDS is permitted + to indicate that the signed SPDU is valid even if some instances of this + type are unrecognized in the sense defined above, so long as the + recognized instances of this type completely contain the relevant + geographic information. Informally, if the recognized values in the + certificate allow the SDS to determine that the SPDU is valid, then it + can make that determination even if there are also unrecognized values in + the certificate. This field is therefore not a "critical information + field" as defined in 5.2.6, because unrecognized values are permitted so + long as the validity of the SPDU can be established with the recognized + values. However, as discussed in 5.2.6, the presence of an unrecognized + value in a certificate can make it impossible to determine whether the + certificate and the SPDU are valid. +```asn1 +UnCountryId ::= Uint16 +``` + + +### CountryOnly +This type is defined only for backwards compatibility. +```asn1 +CountryOnly ::= UnCountryId +``` + +### CountryAndRegions +A conformant implementation that supports CountryAndRegions shall + support a regions field containing at least eight entries. + A conformant implementation that implements this type shall recognize + (in the sense of "be able to determine whether a two dimensional location + lies inside or outside the borders identified by") at least one value of + UnCountryId and at least one value for a region within the country + indicated by that recognized UnCountryId value. In this version of this + standard, the only means to satisfy this is for a conformant + implementation to recognize the value of UnCountryId indicating USA and + at least one of the FIPS state codes for US states. The Protocol + Implementation Conformance Statement (PICS) provided in Annex A allows + an implementation to state which UnCountryId values it recognizes and + which region values are recognized within that country. + If a verifying implementation is required to check that an relevant + geographic information in a signed SPDU is consistent with a certificate + containing one or more instances of this type, then the SDS is permitted + to indicate that the signed SPDU is valid even if some values of country + or within regions are unrecognized in the sense defined above, so long + as the recognized instances of this type completely contain the relevant + geographic information. Informally, if the recognized values in the + certificate allow the SDS to determine that the SPDU is valid, then it + can make that determination even if there are also unrecognized values + in the certificate. This field is therefore not a "critical information + field" as defined in 5.2.6, because unrecognized values are permitted so + long as the validity of the SPDU can be established with the recognized + values. However, as discussed in 5.2.6, the presence of an unrecognized + value in a certificate can make it impossible to determine whether the + certificate is valid and so whether the SPDU is valid. + In this type: + +Fields: +* countryOnly of type [**UnCountryId**](#UnCountryId)
+ is a UnCountryId as defined above. + + +* regions of type [**SequenceOfUint8**](#SequenceOfUint8)
+ identifies one or more regions within the country. If + country indicates the United States of America, the values in this field + identify the state or statistically equivalent entity using the integer + version of the 2010 FIPS codes as provided by the U.S. Census Bureau + (see normative references in Clause 0). For other values of country, the + meaning of region is not defined in this version of this standard. + + + + +```asn1 +CountryAndRegions ::= SEQUENCE { + countryOnly UnCountryId, + regions SequenceOfUint8 +} +``` + +### CountryAndSubregions +A conformant implementation that supports CountryAndSubregions + shall support a regionAndSubregions field containing at least eight + entries. + A conformant implementation that implements this type shall recognize + (in the sense of “be able to determine whether a two dimensional location + lies inside or outside the borders identified by”) at least one value of + country and at least one value for a region within the country indicated + by that recognized country value. In this version of this standard, the + only means to satisfy this is for a conformant implementation to recognize + the value of UnCountryId indicating USA and at least one of the FIPS state + codes for US states. The Protocol Implementation Conformance Statement + (PICS) provided in Annex A allows an implementation to state which + UnCountryId values it recognizes and which region values are recognized + within that country. + If a verifying implementation is required to check that an relevant + geographic information in a signed SPDU is consistent with a certificate + containing one or more instances of this type, then the SDS is permitted + to indicate that the signed SPDU is valid even if some values of country + or within regionAndSubregions are unrecognized in the sense defined above, + so long as the recognized instances of this type completely contain the + relevant geographic information. Informally, if the recognized values in + the certificate allow the SDS to determine that the SPDU is valid, then + it can make that determination even if there are also unrecognized values + in the certificate. This field is therefore not a "critical information + field" as defined in 5.2.6, because unrecognized values are permitted so + long as the validity of the SPDU can be established with the recognized + values. However, as discussed in 5.2.6, the presence of an unrecognized + value in a certificate can make it impossible to determine whether the + certificate is valid and so whether the SPDU is valid. + In this structure: + +Fields: +* countryOnly of type [**UnCountryId**](#UnCountryId)
+ is a UnCountryId as defined above. + + +* regionAndSubregions of type [**SequenceOfRegionAndSubregions**](#SequenceOfRegionAndSubregions)
+ identifies one or more subregions within + country. + + + + +```asn1 +CountryAndSubregions ::= SEQUENCE { + countryOnly UnCountryId, + regionAndSubregions SequenceOfRegionAndSubregions +} +``` + +### RegionAndSubregions +The meanings of the fields in this structure are to be interpreted + in the context of a country within which the region is located, referred + to as the "enclosing country". If this structure is used in a + CountryAndSubregions structure, the enclosing country is the one indicated + by the country field in the CountryAndSubregions structure. If other uses + are defined for this structure in future, it is expected that that + definition will include a specification of how the enclosing country can + be determined. + If the enclosing country is the United States of America: + - The region field identifies the state or statistically equivalent + entity using the integer version of the 2010 FIPS codes as provided by the + U.S. Census Bureau (see normative references in Clause 0). + - The values in the subregions field identify the county or county + equivalent entity using the integer version of the 2010 FIPS codes as + provided by the U.S. Census Bureau. + If the enclosing country is a different country from the USA, the meaning + of regionAndSubregions is not defined in this version of this standard. + A conformant implementation that implements this type shall recognize (in + the sense of "be able to determine whether a two-dimensional location lies + inside or outside the borders identified by"), for at least one enclosing + country, at least one value for a region within that country and at least + one subregion for the indicated region. In this version of this standard, + the only means to satisfy this is for a conformant implementation to + recognize, for the USA, at least one of the FIPS state codes for US + states, and at least one of the county codes in at least one of the + recognized states. The Protocol Implementation Conformance Statement + (PICS) provided in Annex A allows an implementation to state which + UnCountryId values it recognizes and which region values are recognized + within that country. + If a verifying implementation is required to check that an relevant + geographic information in a signed SPDU is consistent with a certificate + containing one or more instances of this type, then the SDS is permitted + to indicate that the signed SPDU is valid even if some values within + subregions are unrecognized in the sense defined above, so long as the + recognized instances of this type completely contain the relevant + geographic information. Informally, if the recognized values in the + certificate allow the SDS to determine that the SPDU is valid, then it + can make that determination even if there are also unrecognized values + in the certificate. This field is therefore not not a "critical + information field" as defined in 5.2.6, because unrecognized values are + permitted so long as the validity of the SPDU can be established with the + recognized values. However, as discussed in 5.2.6, the presence of an + unrecognized value in a certificate can make it impossible to determine + whether the certificate is valid and so whether the SPDU is valid. + In this structure: + +Fields: +* region of type [**Uint8**](Ieee1609Dot2BaseTypes.md#Uint8)
+ identifies a region within a country. + + +* subregions of type [**SequenceOfUint16**](#SequenceOfUint16)
+ identifies one or more subregions within region. A + conformant implementation that supports RegionAndSubregions shall support + a subregions field containing at least eight entries. + + + + +```asn1 +RegionAndSubregions ::= SEQUENCE { + region Uint8, + subregions SequenceOfUint16 +} +``` + + +### SequenceOfRegionAndSubregions +This type is used for clarity of definitions. +```asn1 +SequenceOfRegionAndSubregions ::= SEQUENCE OF RegionAndSubregions +``` + +### ThreeDLocation +This structure contains an estimate of 3D location. The details of + the structure are given in the definitions of the individual fields below. + +Fields: +* latitude of type [**Latitude**](#Latitude)
+* longitude of type [**Longitude**](#Longitude)
+ +* elevation of type [**Elevation**](#Elevation)
+ + +>>> +NOTE: The units used in this data structure are consistent with the + location data structures used in SAE J2735 [B26], though the encoding is + incompatible. +>>> +```asn1 +ThreeDLocation ::= SEQUENCE { + latitude Latitude, + longitude Longitude, + elevation Elevation +} +``` + + +### Latitude +This type contains an INTEGER encoding an estimate of the latitude + with precision 1/10th microdegree relative to the World Geodetic System + (WGS)-84 datum as defined in NIMA Technical Report TR8350.2. + The integer in the latitude field is no more than 900 000 000 and no less + than ?900 000 000, except that the value 900 000 001 is used to indicate + the latitude was not available to the sender. +```asn1 +Latitude ::= NinetyDegreeInt +``` + + +### Longitude +This type contains an INTEGER encoding an estimate of the longitude + with precision 1/10th microdegree relative to the World Geodetic System + (WGS)-84 datum as defined in NIMA Technical Report TR8350.2. + The integer in the longitude field is no more than 1 800 000 000 and no + less than ?1 799 999 999, except that the value 1 800 000 001 is used to + indicate that the longitude was not available to the sender. +```asn1 +Longitude ::= OneEightyDegreeInt +``` + + +### Elevation +This structure contains an estimate of the geodetic altitude above + or below the WGS84 ellipsoid. The 16-bit value is interpreted as an + integer number of decimeters representing the height above a minimum + height of -409.5 m, with the maximum height being 6143.9 m. +```asn1 +Elevation ::= Uint16 +``` + + +### NinetyDegreeInt +The integer in the latitude field is no more than 900,000,000 and + no less than -900,000,000, except that the value 900,000,001 is used to + indicate the latitude was not available to the sender. +```asn1 +NinetyDegreeInt ::= INTEGER { + min (-900000000), + max (900000000), + unknown (900000001) +} (-900000000..900000001) +``` + + +### KnownLatitude +The known latitudes are from -900,000,000 to +900,000,000 in 0.1 + microdegree intervals. +```asn1 +KnownLatitude ::= NinetyDegreeInt (min..max) +``` + + +### UnknownLatitude +The value 900,000,001 indicates that the latitude was not + available to the sender. +```asn1 +UnknownLatitude ::= NinetyDegreeInt (unknown) +``` + + +### OneEightyDegreeInt +The integer in the longitude field is no more than 1,800,000,000 + and no less than -1,799,999,999, except that the value 1,800,000,001 is + used to indicate that the longitude was not available to the sender. +```asn1 +OneEightyDegreeInt ::= INTEGER { + min (-1799999999), + max (1800000000), + unknown (1800000001) +} (-1799999999..1800000001) +``` + + +### KnownLongitude +The known longitudes are from -1,799,999,999 to +1,800,000,000 in + 0.1 microdegree intervals. +```asn1 +KnownLongitude ::= OneEightyDegreeInt (min..max) +``` + + +### UnknownLongitude +The value 1,800,000,001 indicates that the longitude was not + available to the sender. +```asn1 +UnknownLongitude ::= OneEightyDegreeInt (unknown) +``` + +### Signature +This structure represents a signature for a supported public key + algorithm. It may be contained within SignedData or Certificate. + +Fields: +* ecdsaNistP256Signature of type [**EcdsaP256Signature**](#EcdsaP256Signature)
+* ecdsaBrainpoolP256r1Signature of type [**EcdsaP256Signature**](#EcdsaP256Signature)
+ +* ecdsaBrainpoolP384r1Signature of type [**EcdsaP384Signature**](#EcdsaP384Signature)
+ + ..., +* ecdsaNistP384Signature of type [**EcdsaP384Signature**](#EcdsaP384Signature)
+ +* sm2Signature of type [**EcsigP256Signature**](#EcsigP256Signature)
+ + +>>> +NOTE: Canonicalization: This data structure is subject to canonicalization + for the relevant operations specified in 6.1.2. The canonicalization + applies to instances of this data structure of form EcdsaP256Signature + and EcdsaP384Signature. +>>> +```asn1 +Signature ::= CHOICE { + ecdsaNistP256Signature EcdsaP256Signature, + ecdsaBrainpoolP256r1Signature EcdsaP256Signature, + ..., + ecdsaBrainpoolP384r1Signature EcdsaP384Signature, + ecdsaNistP384Signature EcdsaP384Signature, + sm2Signature EcsigP256Signature +} +``` + +### EcdsaP256Signature +This structure represents an ECDSA signature. The signature is + generated as specified in 5.3.1. + + + If the signature process followed the specification of FIPS 186-4 + and output the integer r, r is represented as an EccP256CurvePoint + indicating the selection x-only. + + If the signature process followed the specification of SEC 1 and + output the elliptic curve point R to allow for fast verification, R is + represented as an EccP256CurvePoint indicating the choice compressed-y-0, + compressed-y-1, or uncompressed at the sender's discretion. + + + + NISTp256: + - p = FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF + - n = FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551 + + Brainpoolp256: + - p = A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377 + - n = A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7 + +Fields: +* rSig of type [**EccP256CurvePoint**](Ieee1609Dot2BaseTypes.md#EccP256CurvePoint)
+* sSig of type **OCTET STRING** (SIZE (32))
+ + +>>> +NOTE: When the signature is of form x-only, the x-value in rSig is + an integer mod n, the order of the group; when the signature is of form + compressed-y-\*, the x-value in rSig is an integer mod p, the underlying + prime defining the finite field. In principle this means that to convert a + signature from form compressed-y-\* to form x-only, the converter checks + the x-value to see if it lies between n and p and reduces it mod n if so. + In practice this check is unnecessary: Haase's Theorem states that + difference between n and p is always less than 2*square-root(p), and so the + chance that an integer lies between n and p, for a 256-bit curve, is + bounded above by approximately square-root(p)/p or 2(-128). For the + 256-bit curves in this standard, the exact values of n and p in hexadecimal + are: +>>> +```asn1 +EcdsaP256Signature ::= SEQUENCE { + rSig EccP256CurvePoint, + sSig OCTET STRING (SIZE (32)) +} +``` + +### EcdsaP384Signature +This structure represents an ECDSA signature. The signature is + generated as specified in 5.3.1. + + + If the signature process followed the specification of FIPS 186-4 + and output the integer r, r is represented as an EccP384CurvePoint + indicating the selection x-only. + + If the signature process followed the specification of SEC 1 and + output the elliptic curve point R to allow for fast verification, R is + represented as an EccP384CurvePoint indicating the choice compressed-y-0, + compressed-y-1, or uncompressed at the sender's discretion. + +Fields: +* rSig of type [**EccP384CurvePoint**](#EccP384CurvePoint)
+* sSig of type **OCTET STRING** (SIZE (48))
+ + +>>> +NOTE: When the signature is of form x-only, the x-value in rSig is + an integer mod n, the order of the group; when the signature is of form + compressed-y-\*, the x-value in rSig is an integer mod p, the underlying + prime defining the finite field. In principle this means that to convert a + signature from form compressed-y-* to form x-only, the converter checks the + x-value to see if it lies between n and p and reduces it mod n if so. In + practice this check is unnecessary: Haase's Theorem states that difference + between n and p is always less than 2*square-root(p), and so the chance + that an integer lies between n and p, for a 384-bit curve, is bounded + above by approximately square-root(p)/p or 2(-192). For the 384-bit curve + in this standard, the exact values of n and p in hexadecimal are: + - p = 8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123 + ACD3A729901D1A71874700133107EC53 + - n = 8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7 + CF3AB6AF6B7FC3103B883202E9046565 +>>> +```asn1 +EcdsaP384Signature ::= SEQUENCE { + rSig EccP384CurvePoint, + sSig OCTET STRING (SIZE (48)) +} +``` + +### EcsigP256Signature +This structure represents a elliptic curve signature where the + component r is constrained to be an integer. This structure supports SM2 + signatures as specified in 5.3.1.3. + +Fields: +* rSig of type **OCTET STRING** (SIZE (32))
+* sSig of type **OCTET STRING** (SIZE (32))
+ +```asn1 +EcsigP256Signature ::= SEQUENCE { + rSig OCTET STRING (SIZE (32)), + sSig OCTET STRING (SIZE (32)) +} +``` + +### EccP256CurvePoint +This structure specifies a point on an elliptic curve in Weierstrass + form defined over a 256-bit prime number. The curves supported in this + standard are NIST p256 as defined in FIPS 186-4, Brainpool p256r1 as + defined in RFC 5639, and the SM2 curve as defined in GB/T 32918.5-2017. + The fields in this structure are OCTET STRINGS produced with the elliptic + curve point encoding and decoding methods defined in subclause 5.5.6 of + IEEE Std 1363-2000. The x-coordinate is encoded as an unsigned integer of + length 32 octets in network byte order for all values of the CHOICE; the + encoding of the y-coordinate y depends on whether the point is x-only, + compressed, or uncompressed. If the point is x-only, y is omitted. If the + point is compressed, the value of type depends on the least significant + bit of y: if the least significant bit of y is 0, type takes the value + compressed-y-0, and if the least significant bit of y is 1, type takes the + value compressed-y-1. If the point is uncompressed, y is encoded explicitly + as an unsigned integer of length 32 octets in network byte order. + +Fields: +* x-only of type **OCTET STRING** (SIZE (32))
+* fill of type **NULL**
+ +* compressed-y-0 of type **OCTET STRING** (SIZE (32))
+ +* compressed-y-1 of type **OCTET STRING** (SIZE (32))
+ +* uncompressedP256 of type **SEQUENCE** { + x OCTET STRING (SIZE (32)), + y OCTET STRING (SIZE (32)) + }
+ + +>>> +NOTE: Canonicalization: This data structure is subject to canonicalization + for the relevant operations specified in 6.1.2 if it appears in a + HeaderInfo or in a ToBeSignedCertificate. See the definitions of HeaderInfo + and ToBeSignedCertificate for a specification of the canonicalization + operations. +>>> +```asn1 +EccP256CurvePoint::= CHOICE { + x-only OCTET STRING (SIZE (32)), + fill NULL, + compressed-y-0 OCTET STRING (SIZE (32)), + compressed-y-1 OCTET STRING (SIZE (32)), + uncompressedP256 SEQUENCE { + x OCTET STRING (SIZE (32)), + y OCTET STRING (SIZE (32)) + } +} +``` + +### EccP384CurvePoint +This structure specifies a point on an elliptic curve in + Weierstrass form defined over a 384-bit prime number. The only supported + such curve in this standard is Brainpool p384r1 as defined in RFC 5639. + The fields in this structure are octet strings produced with the elliptic + curve point encoding and decoding methods defined in subclause 5.5.6 of + IEEE Std 1363-2000. The x-coordinate is encoded as an unsigned integer of + length 48 octets in network byte order for all values of the CHOICE; the + encoding of the y-coordinate y depends on whether the point is x-only, + compressed, or uncompressed. If the point is x-only, y is omitted. If the + point is compressed, the value of type depends on the least significant + bit of y: if the least significant bit of y is 0, type takes the value + compressed-y-0, and if the least significant bit of y is 1, type takes the + value compressed-y-1. If the point is uncompressed, y is encoded + explicitly as an unsigned integer of length 48 octets in network byte order. + +Fields: +* x-only of type **OCTET STRING** (SIZE (48))
+* fill of type **NULL**
+ +* compressed-y-0 of type **OCTET STRING** (SIZE (48))
+ +* compressed-y-1 of type **OCTET STRING** (SIZE (48))
+ +* uncompressedP384 of type **SEQUENCE** { + x OCTET STRING (SIZE (48)), + y OCTET STRING (SIZE (48)) + }
+ + +>>> +NOTE: Canonicalization: This data structure is subject to canonicalization + for the relevant operations specified in 6.1.2 if it appears in a + HeaderInfo or in a ToBeSignedCertificate. See the definitions of HeaderInfo + and ToBeSignedCertificate for a specification of the canonicalization + operations. +>>> +```asn1 +EccP384CurvePoint::= CHOICE { + x-only OCTET STRING (SIZE (48)), + fill NULL, + compressed-y-0 OCTET STRING (SIZE (48)), + compressed-y-1 OCTET STRING (SIZE (48)), + uncompressedP384 SEQUENCE { + x OCTET STRING (SIZE (48)), + y OCTET STRING (SIZE (48)) + } +} +``` + + +### SymmAlgorithm +This enumerated value indicates supported symmetric algorithms. The + algorithm identifier identifies both the algorithm itself and a specific + mode of operation. The symmetric algorithms supported in this version of + this standard are AES-128 and SM4. The only mode of operation supported is + Counter Mode Encryption With Cipher Block Chaining Message Authentication + Code (CCM). Full details are given in 5.3.8. +```asn1 +SymmAlgorithm ::= ENUMERATED { + aes128Ccm, + ..., + sm4Ccm +} +``` + + +### HashAlgorithm +This structure identifies a hash algorithm. The value sha256, + indicates SHA-256. The value sha384 indicates SHA-384. The value sm3 + indicates SM3. See 5.3.3 for more details. + +>>> +NOTE: Critical information fields: This is a critical information field as + defined in 5.2.6. An implementation that does not recognize the enumerated + value of this type in a signed SPDU when verifying a signed SPDU shall + indicate that the signed SPDU is invalid in the sense of 4.2.2.3.2, that + is, it is invalid in the sense that its validity cannot be established. +>>> +```asn1 +HashAlgorithm ::= ENUMERATED { + sha256, + ..., + sha384, + sm3 +} +``` + +### EciesP256EncryptedKey +This data structure is used to transfer a 16-byte symmetric key + encrypted using ECIES as specified in IEEE Std 1363a-2004. The symmetric + key is input to the key encryption process with no headers, encapsulation, + or length indication. Encryption and decryption are carried out as + specified in 5.3.5.1. + +Fields: +* v of type [**EccP256CurvePoint**](Ieee1609Dot2BaseTypes.md#EccP256CurvePoint)
+ is the sender's ephemeral public key, which is the output V from + encryption as specified in 5.3.5.1. + + +* c of type **OCTET STRING** (SIZE (16))
+ is the encrypted symmetric key, which is the output C from + encryption as specified in 5.3.5.1. The algorithm for the symmetric key + is identified by the CHOICE indicated in the following SymmetricCiphertext. + For ECIES this shall be AES-128. + + + +* t of type **OCTET STRING** (SIZE (16))
+ is the authentication tag, which is the output tag from + encryption as specified in 5.3.5.1. + + + + +```asn1 +EciesP256EncryptedKey ::= SEQUENCE { + v EccP256CurvePoint, + c OCTET STRING (SIZE (16)), + t OCTET STRING (SIZE (16)) +} +``` + +### EcencP256EncryptedKey +This data structure is used to transfer a 16-byte symmetric key + encrypted using SM2 encryption as specified in 5.3.3. The symmetric key is + input to the key encryption process with no headers, encapsulation, or + length indication. Encryption and decryption are carried out as specified + in 5.3.5.2. + +Fields: +* v of type [**EccP256CurvePoint**](Ieee1609Dot2BaseTypes.md#EccP256CurvePoint)
+ is the sender's ephemeral public key, which is the output V from + encryption as specified in 5.3.5.2. + + +* c of type **OCTET STRING** (SIZE (16))
+ is the encrypted symmetric key, which is the output C from + encryption as specified in 5.3.5.2. The algorithm for the symmetric key + is identified by the CHOICE indicated in the following SymmetricCiphertext. + For SM2 this algorithm shall be SM4. + + + +* t of type **OCTET STRING** (SIZE (32))
+ is the authentication tag, which is the output tag from + encryption as specified in 5.3.5.2. + + + + +```asn1 +EcencP256EncryptedKey ::= SEQUENCE { + v EccP256CurvePoint, + c OCTET STRING (SIZE (16)), + t OCTET STRING (SIZE (32)) +} +``` + +### EncryptionKey +This structure contains an encryption key, which may be a public or + a symmetric key. + +Fields: +* public of type [**PublicEncryptionKey**](Ieee1609Dot2BaseTypes.md#PublicEncryptionKey)
+* symmetric of type [**SymmetricEncryptionKey**](Ieee1609Dot2BaseTypes.md#SymmetricEncryptionKey)
+ + +>>> +NOTE: Canonicalization: This data structure is subject to canonicalization + for the relevant operations specified in 6.1.2 if it appears in a + HeaderInfo or in a ToBeSignedCertificate. The canonicalization applies to + the PublicEncryptionKey. See the definitions of HeaderInfo and + ToBeSignedCertificate for a specification of the canonicalization + operations. +>>> +```asn1 +EncryptionKey ::= CHOICE { + public PublicEncryptionKey, + symmetric SymmetricEncryptionKey +} +``` + +### PublicEncryptionKey +This structure specifies a public encryption key and the associated + symmetric algorithm which is used for bulk data encryption when encrypting + for that public key. + +Fields: +* supportedSymmAlg of type [**SymmAlgorithm**](#SymmAlgorithm)
+* publicKey of type [**BasePublicEncryptionKey**](#BasePublicEncryptionKey)
+ + +>>> +NOTE: Canonicalization: This data structure is subject to canonicalization + for the relevant operations specified in 6.1.2 if it appears in a + HeaderInfo or in a ToBeSignedCertificate. The canonicalization applies to + the BasePublicEncryptionKey. See the definitions of HeaderInfo and + ToBeSignedCertificate for a specification of the canonicalization + operations. +>>> +```asn1 +PublicEncryptionKey ::= SEQUENCE { + supportedSymmAlg SymmAlgorithm, + publicKey BasePublicEncryptionKey +} +``` + +### BasePublicEncryptionKey +This structure specifies the bytes of a public encryption key for + a particular algorithm. Supported public key encryption algorithms are + defined in 5.3.5. + +Fields: +* eciesNistP256 of type [**EccP256CurvePoint**](Ieee1609Dot2BaseTypes.md#EccP256CurvePoint)
+* eciesBrainpoolP256r1 of type [**EccP256CurvePoint**](Ieee1609Dot2BaseTypes.md#EccP256CurvePoint)
+ +* ecencSm2 of type [**EccP256CurvePoint**](Ieee1609Dot2BaseTypes.md#EccP256CurvePoint)
+ + ..., + +>>> +NOTE: Canonicalization: This data structure is subject to canonicalization + for the relevant operations specified in 6.1.2 if it appears in a + HeaderInfo or in a ToBeSignedCertificate. See the definitions of HeaderInfo + and ToBeSignedCertificate for a specification of the canonicalization + operations. +>>> +```asn1 +BasePublicEncryptionKey ::= CHOICE { + eciesNistP256 EccP256CurvePoint, + eciesBrainpoolP256r1 EccP256CurvePoint, + ..., + ecencSm2 EccP256CurvePoint +} +``` + +### PublicVerificationKey +This structure represents a public key and states with what + algorithm the public key is to be used. Cryptographic mechanisms are + defined in 5.3. + An EccP256CurvePoint or EccP384CurvePoint within a PublicVerificationKey + structure is invalid if it indicates the choice x-only. + +Fields: +* ecdsaNistP256 of type [**EccP256CurvePoint**](Ieee1609Dot2BaseTypes.md#EccP256CurvePoint)
+* ecdsaBrainpoolP256r1 of type [**EccP256CurvePoint**](Ieee1609Dot2BaseTypes.md#EccP256CurvePoint)
+ +* ecdsaBrainpoolP384r1 of type [**EccP384CurvePoint**](#EccP384CurvePoint)
+ + ... , +* ecdsaNistP384 of type [**EccP384CurvePoint**](#EccP384CurvePoint)
+ +* ecsigSm2 of type [**EccP256CurvePoint**](Ieee1609Dot2BaseTypes.md#EccP256CurvePoint)
+ + +>>> +NOTE: Canonicalization: This data structure is subject to canonicalization + for the relevant operations specified in 6.1.2. The canonicalization + applies to the EccP256CurvePoint and the Ecc384CurvePoint. Both forms of + point are encoded in compressed form, i.e., such that the choice indicated + within the Ecc*CurvePoint is compressed-y-0 or compressed-y-1. +>>> +```asn1 +PublicVerificationKey ::= CHOICE { + ecdsaNistP256 EccP256CurvePoint, + ecdsaBrainpoolP256r1 EccP256CurvePoint, + ... , + ecdsaBrainpoolP384r1 EccP384CurvePoint, + ecdsaNistP384 EccP384CurvePoint, + ecsigSm2 EccP256CurvePoint +} +``` + +### SymmetricEncryptionKey +This structure provides the key bytes for use with an identified + symmetric algorithm. The supported symmetric algorithms are AES-128 and + SM4 in CCM mode as specified in 5.3.8. + +Fields: +* aes128Ccm of type **OCTET STRING** (SIZE(16))
+* sm4Ccm of type **OCTET STRING** (SIZE(16))
+ + ..., +```asn1 +SymmetricEncryptionKey ::= CHOICE { + aes128Ccm OCTET STRING(SIZE(16)), + ..., + sm4Ccm OCTET STRING(SIZE(16)) +} +``` + +### PsidSsp +This structure represents the permissions that the certificate + holder has with respect to activities for a single application area, + identified by a Psid. + + + + + + + For consistency rules for other forms of the ssp field, see the + following subclauses. + +Fields: +* psid of type [**Psid**](Ieee1609Dot2BaseTypes.md#Psid)
+* ssp of type [**ServiceSpecificPermissions**](Ieee1609Dot2BaseTypes.md#ServiceSpecificPermissions) OPTIONAL
+ + +>>> +NOTE: Consistency with issuing certificate: If a certificate has an + appPermissions entry A for which the ssp field is omitted, A is consistent + with the issuing certificate if the issuing certificate contains a + PsidSspRange P for which the following holds: + - The psid field in P is equal to the psid field in A and one of the + following is true: + - The sspRange field in P indicates all. + - The sspRange field in P indicates opaque and one of the entries in + opaque is an OCTET STRING of length 0. +>>> +```asn1 +PsidSsp ::= SEQUENCE { + psid Psid, + ssp ServiceSpecificPermissions OPTIONAL +} +``` + + +### SequenceOfPsidSsp +This type is used for clarity of definitions. +```asn1 +SequenceOfPsidSsp ::= SEQUENCE OF PsidSsp +``` + + +### Psid +This type represents the PSID defined in IEEE Std 1609.12. +```asn1 +Psid ::= INTEGER (0..MAX) +``` + + +### SequenceOfPsid +This type is used for clarity of definitions. +```asn1 +SequenceOfPsid ::= SEQUENCE OF Psid +``` + +### ServiceSpecificPermissions +This structure represents the Service Specific Permissions (SSP) + relevant to a given entry in a PsidSsp. The meaning of the SSP is specific + to the associated Psid. SSPs may be PSID-specific octet strings or + bitmap-based. See Annex C for further discussion of how application + specifiers may choose which SSP form to use. + + + + For consistency rules for other types of ServiceSpecificPermissions, + see the following subclauses. + +Fields: +* opaque of type **OCTET STRING** (SIZE(0..MAX))
+* bitmapSsp of type [**BitmapSsp**](#BitmapSsp)
+ + ..., + +>>> +NOTE: Consistency with issuing certificate: If a certificate has an + appPermissions entry A for which the ssp field is opaque, A is consistent + with the issuing certificate if the issuing certificate contains one of + the following: + - (OPTION 1) A SubjectPermissions field indicating the choice all and + no PsidSspRange field containing the psid field in A; + - (OPTION 2) A PsidSspRange P for which the following holds: + - The psid field in P is equal to the psid field in A and one of the + following is true: + - The sspRange field in P indicates all. + - The sspRange field in P indicates opaque and one of the entries in + the opaque field in P is an OCTET STRING identical to the opaque field in + A. +>>> +```asn1 +ServiceSpecificPermissions ::= CHOICE { + opaque OCTET STRING (SIZE(0..MAX)), + ..., + bitmapSsp BitmapSsp +} +``` + + +### BitmapSsp +This structure represents a bitmap representation of a SSP. The + mapping of the bits of the bitmap to constraints on the signed SPDU is + PSID-specific. + +>>> +NOTE: A BitmapSsp B is consistent with a BitmapSspRange R if for every + bit set to 1 in the sspBitmask in R, the bit in the identical position in + B is set equal to the bit in that position in the sspValue in R. For each + bit set to 0 in the sspBitmask in R, the corresponding bit in the + identical position in B may be freely set to 0 or 1, i.e., if a bit is + set to 0 in the sspBitmask in R, the value of corresponding bit in the + identical position in B has no bearing on whether B and R are consistent. +>>> +```asn1 +BitmapSsp ::= OCTET STRING (SIZE(0..31)) +``` + +### PsidSspRange +This structure represents the certificate issuing or requesting + permissions of the certificate holder with respect to one particular set + of application permissions. + +Fields: +* psid of type [**Psid**](Ieee1609Dot2BaseTypes.md#Psid)
+ identifies the application area. + + +* sspRange of type [**SspRange**](#SspRange) OPTIONAL
+ identifies the SSPs associated with that PSID for which + the holder may issue or request certificates. If sspRange is omitted, the + holder may issue or request certificates for any SSP for that PSID. + + + + +```asn1 +PsidSspRange ::= SEQUENCE { + psid Psid, + sspRange SspRange OPTIONAL +} +``` + + +### SequenceOfPsidSspRange +This type is used for clarity of definitions. +```asn1 +SequenceOfPsidSspRange ::= SEQUENCE OF PsidSspRange +``` + +### SspRange +This structure identifies the SSPs associated with a PSID for + which the holder may issue or request certificates. + + + + If a certificate has a PsidSspRange A for which the ssp field is all, + A is consistent with the issuing certificate if the issuing certificate + contains a PsidSspRange P for which the following holds: + - (OPTION 1) A SubjectPermissions field indicating the choice all and + no PsidSspRange field containing the psid field in A; + - (OPTION 2) A PsidSspRange P for which the psid field in P is equal to + the psid field in A and the sspRange field in P indicates all. + + For consistency rules for other types of SspRange, see the following + subclauses. + +Fields: +* opaque of type [**SequenceOfOctetString**](#SequenceOfOctetString)
+* all of type **NULL**
+ +* bitmapSspRange of type [**BitmapSspRange**](#BitmapSspRange)
+ + ..., + +>>> +NOTE: The choice "all" may also be indicated by omitting the + SspRange in the enclosing PsidSspRange structure. Omitting the SspRange is + preferred to explicitly indicating "all". +>>> +```asn1 +SspRange ::= CHOICE { + opaque SequenceOfOctetString, + all NULL, + ..., + bitmapSspRange BitmapSspRange +} +``` + +### BitmapSspRange +This structure represents a bitmap representation of a SSP. The + sspValue indicates permissions. The sspBitmask contains an octet string + used to permit or constrain sspValue fields in issued certificates. The + sspValue and sspBitmask fields shall be of the same length. + + + + Reference ETSI TS 103 097 for more information on bitmask SSPs. + +Fields: +* sspValue of type **OCTET STRING** (SIZE(1..32))
+* sspBitmask of type **OCTET STRING** (SIZE(1..32))
+ + +>>> +NOTE: Consistency with issuing certificate: If a certificate has an + PsidSspRange value P for which the sspRange field is bitmapSspRange, + P is consistent with the issuing certificate if the issuing certificate + contains one of the following: + - (OPTION 1) A SubjectPermissions field indicating the choice all and + no PsidSspRange field containing the psid field in P; + - (OPTION 2) A PsidSspRange R for which the following holds: + - The psid field in R is equal to the psid field in P and one of the + following is true: + - EITHER The sspRange field in R indicates all + - OR The sspRange field in R indicates bitmapSspRange and for every + bit set to 1 in the sspBitmask in R: + - The bit in the identical position in the sspBitmask in P is set + equal to 1, AND + - The bit in the identical position in the sspValue in P is set equal + to the bit in that position in the sspValue in R. +>>> +```asn1 +BitmapSspRange ::= SEQUENCE { + sspValue OCTET STRING (SIZE(1..32)), + sspBitmask OCTET STRING (SIZE(1..32)) +} +``` + + +### SubjectAssurance +This type is used for clarity of definitions. + +This field contains the certificate holder's assurance level, which + indicates the security of both the platform and storage of secret keys as + well as the confidence in this assessment. + + + This field is encoded as defined in Table 1, where "A" denotes bit + fields specifying an assurance level, "R" reserved bit fields, and "C" bit + fields specifying the confidence. + + Table 1: Bitwise encoding of subject assurance + + | Bit number | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | + | -------------- | --- | --- | --- | --- | --- | --- | --- | --- | + | Interpretation | A | A | A | R | R | R | C | C | + + In Table 1, bit number 0 denotes the least significant bit. Bit 7 + to bit 5 denote the device's assurance levels, bit 4 to bit 2 are reserved + for future use, and bit 1 and bit 0 denote the confidence. + + The specification of these assurance levels as well as the + encoding of the confidence levels is outside the scope of the present + standard. It can be assumed that a higher assurance value indicates that + the holder is more trusted than the holder of a certificate with lower + assurance value and the same confidence value. + +>>> +NOTE: This field was originally specified in ETSI TS 103 097 and + future uses of this field are anticipated to be consistent with future + versions of that standard. +>>> +```asn1 +SubjectAssurance ::= OCTET STRING (SIZE(1)) +``` + + +### CrlSeries +This integer identifies a series of CRLs issued under the authority + of a particular CRACA. +```asn1 +CrlSeries ::= Uint16 +``` + + +### IValue +This atomic type is used in the definition of other data structures. +```asn1 +IValue ::= Uint16 +``` + + +### Hostname +This is a UTF-8 string as defined in IETF RFC 3629. The contents + are determined by policy. +```asn1 +Hostname ::= UTF8String (SIZE(0..255)) +``` + + +### LinkageValue +This is the individual linkage value. See 5.1.3 and 7.3 for details + of use. +```asn1 +LinkageValue ::= OCTET STRING (SIZE(9)) +``` + +### GroupLinkageValue +This is the group linkage value. See 5.1.3 and 7.3 for details of + use. + +Fields: +* jValue of type **OCTET STRING** (SIZE(4))
+* value of type **OCTET STRING** (SIZE(9))
+ +```asn1 +GroupLinkageValue ::= SEQUENCE { + jValue OCTET STRING (SIZE(4)), + value OCTET STRING (SIZE(9)) +} +``` + + +### LaId +This structure contains a LA Identifier for use in the algorithms + specified in 5.1.3.4. +```asn1 +LaId ::= OCTET STRING (SIZE(2)) +``` + + +### SequenceOfLinkageSeed +This type is used for clarity of definitions. +```asn1 +SequenceOfLinkageSeed ::= SEQUENCE OF LinkageSeed +``` + + +### LinkageSeed +This structure contains a linkage seed value for use in the + algorithms specified in 5.1.3.4. +```asn1 +LinkageSeed ::= OCTET STRING (SIZE(16)) +``` + +### CERT-EXT-TYPE +This structure is the Information Object Class used to contain + information about a set of certificate extensions that are associated with + each other: an AppExtension, a CertIssueExtension, and a + CertRequestExtension. + +Fields: +* id of type [**ExtId**](Ieee1609Dot2BaseTypes.md#ExtId)
+```asn1 +CERT-EXT-TYPE ::= CLASS { + &id ExtId, + &App, + &Issue, + &Req +} WITH SYNTAX {ID &id APP &App ISSUE &Issue REQUEST &Req} +``` + +### Extension +This parameterized type represents a (id, content) pair drawn from + the set ExtensionTypes, which is constrained to contain objects defined by + the class EXT-TYPE. + +Fields: +* id of type [**EXT-TYPE**](Ieee1609Dot2BaseTypes.md#EXT-TYPE) .&extId({ExtensionTypes})
+* content of type [**EXT-TYPE**](Ieee1609Dot2BaseTypes.md#EXT-TYPE) .&ExtContent({ExtensionTypes}{@.id})
+ +```asn1 +Extension {EXT-TYPE : ExtensionTypes} ::= SEQUENCE { + id EXT-TYPE.&extId({ExtensionTypes}), + content EXT-TYPE.&ExtContent({ExtensionTypes}{@.id}) +} +``` + +### EXT-TYPE +This class defines objects in a form suitable for import into the + definition of HeaderInfo. + +Fields: +* extId of type [**ExtId**](Ieee1609Dot2BaseTypes.md#ExtId)
+```asn1 +EXT-TYPE ::= CLASS { + &extId ExtId, + &ExtContent +} WITH SYNTAX {&ExtContent IDENTIFIED BY &extId} +``` + + +### ExtId +This type is used as an identifier for instances of ExtContent + within an EXT-TYPE. +```asn1 +ExtId ::= INTEGER(0..255) +``` + + + diff --git a/docs/SaeJ3287AsrBsm.md b/docs/SaeJ3287AsrBsm.md new file mode 100644 index 0000000000000000000000000000000000000000..45f846eec27ff6240885cf1e3e6c5062bd824615 --- /dev/null +++ b/docs/SaeJ3287AsrBsm.md @@ -0,0 +1,12 @@ +# ASN.1 module SaeJ3287AsrBsm + OID: _{joint-iso-itu-t (2) country (16) us (840) organization (1) sae (114566) v2x-communications (1) technical-committees (1) v2x-security (4) technical-reports (1) misbehavior-reporting (1) asn1-module (1) aid-specific(2) bsm(32) version-1 (1) version-minor-0 (0)}_ + +## Data Elements: + +### AsrBsm +```asn1 +AsrBsm ::= NULL +``` + + + diff --git a/ieee1609.2 b/ieee1609.2 new file mode 160000 index 0000000000000000000000000000000000000000..880216d33d08b424764a319ae1d8ee825a793a47 --- /dev/null +++ b/ieee1609.2 @@ -0,0 +1 @@ +Subproject commit 880216d33d08b424764a319ae1d8ee825a793a47 diff --git a/sec_ts103097 b/sec_ts103097 new file mode 160000 index 0000000000000000000000000000000000000000..5bb49cd927cde78bf88a2b0dac6b39ca9805a221 --- /dev/null +++ b/sec_ts103097 @@ -0,0 +1 @@ +Subproject commit 5bb49cd927cde78bf88a2b0dac6b39ca9805a221