Newer
Older
/**
* @author ETSI / STF481
* @version $URL$
* $Id$
* @desc Module containing types and values for Security Protocol
garciay
committed
import from LibCommon_BasicTypesAndValues all;
import from LibCommon_DataStrings all;
group basicFormatElements {
* @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.1 IntX
*/
type integer IntX with { variant "IntX" };
/**
* @desc List of supported algorithms based on public key cryptography
* @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.2 PublicKeyAlgorithm
*/
type enumerated PublicKeyAlgorithm {
e_ecdsa_nistp256_with_sha256 (0),
e_ecies_nistp256 (1)
} with { variant "8 bit" }
/**
* @desc List of supported algorithms based on symmetric key cryptography
* @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.3 SymmetricAlgorithm
*/
type enumerated SymmetricAlgorithm {
} with { variant "8 bit" }
/**
* @desc Wrapper for public keys by specifying the used algorithm
* @member algorithm Specifying the used algorithm
* @member public_key The public key structure
* @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.4 PublicKey
*/
type record PublicKey {
PublicKeyAlgorithm algorithm,
PublicKeyContainer public_key
} // End of type PublicKey
/**
* @desc Information regarding ECC contained in an EccPoint structure
* @member eccPoint Specific details regarding ECC contained in an EccPoint structure
* @member ecies_nistp256 Specific details regarding ECC contained in an EccPoint structure
* @member other_key Out of scope
*/
type union PublicKeyContainer {
EccPoint eccPoint,
octetstring other_key
} // End of type PublicKeyContainer
/**
* @desc Information regarding AES CCM encryption
* @member supported_symm_alg The symmetric key algorithm
* @member eccPoint The EccPoint used in the PublicKey
*/
type record AesCcm {
SymmetricAlgorithm supported_symm_alg,
EccPoint eccPoint
} // End of type AesCcmsc
/**
* @desc Defines public key based on elliptic curve cryptography
// * @member algorithm Specifying the used algorithm
// * @member field_size The lengths of the vectors containing the raw keys
* @member type_ The ECC key types
* @member x The x coordinate
* @member y The y coordinate
* @remark In case of e_x_coordinate_only, e_compressed_lsb_y_0 and e_compressed_lsb_y_1, the field y shall not be present
* @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.5 EccPoint
* @see Draft ETSI TS 103 097 V1.1.6 Table 2: Derivation of field sizes depending on the used algorithm
*/
type record EccPoint {
EccPointType type_,
octetstring x,
EccPointContainer y optional
} // End of type EccPoint
/**
* @desc Defines a public key based on elliptic curve cryptography
* @member y The y coordinate
* @member data Out of scope
*/
type union EccPointContainer {
octetstring y,
octetstring data
} // End of type EccPointContainer
/**
* @desc List of supported ECC key types
* @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.6 EccPointType
*/
type enumerated EccPointType {
e_x_coordinate_only (0),
e_compressed_lsb_y_0 (2),
e_compressed_lsb_y_1 (3),
} with { variant "8 bit" }
/**
* @desc Parameters and additional data required for encryption and decryption of data using different symmetric encryption algorithms
* @member symm_algorithm The symmetric algorithm that shall be used with a public key for encryption
* @member public_key The public key for encryption
* @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.7 EncryptionParameters
*/
type record EncryptionParameters {
SymmetricAlgorithm symm_algorithm,
EncryptionParametersContainer public_key
} // End of type EncryptionParameters
/**
* @desc Identifies a CRL series
* @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.8 CrlSeries
*/
type UInt32 CrlSeries; // TODO Not used ???
/**
* @desc
* @member nonce Data encryption with the Advanced Encryption Standard (AES) using a 128-bit key in Counter with cipher block chaining message authentication code (CCM) mode
* @member params Out of scope
*/
type union EncryptionParametersContainer {
octetstring params
} // End of type EncryptionParametersContainer
/**
* @desc Signatures based on public key cryptography
* @member algorithm Algorithm type
* @member signature_ The signature
* @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.9 Signature
*/
type record Signature {
PublicKeyAlgorithm algorithm,
SignatureContainer signature_
} // End of type Signature
/**
* @desc
* @member algorithm The ECDSA based signature
* @member signature_ Out of scope
*/
type union SignatureContainer {
EcdsaSignature ecdsa_signature,
octetstring signature_
} // End of type SignatureContainer
/**
* @desc Description an ECDSA based signature
* @member r Coordinate of the elliptic curve point resulting from multiplying the generator element by the ephemeral private key
* @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.10 EcdsaSignature
*/
type record EcdsaSignature {
EccPoint r,
octetstring s
} // End of type EcdsaSignature
/**
* @desc Information about the signer of a message
* @member type_ Signature algorithm type
* @member signerInfo Signature algorithm information. In case of self-signed, this field is not required because of no additional data shall be given
* @remark In case of e_self, the field signerInfo shall not be present
* @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.11 SignerInfo
*/
type record SignerInfo {
SignerInfoType type_,
SignerInfoContainer signerInfo optional
} // End of type SignerInfo
/**
* @desc
* @member digest The digest value
* @member certificate A certificate
* @member certificates A complete certificate chain
* @member certificateWithAlgo A certificate with a specific algorithm
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
* @member info TODO
*/
type union SignerInfoContainer {
HashedId8 digest,
Certificate certificate,
CertificateChain certificates,
CertificateWithAlgo certificateWithAlgo,
octetstring info
} // End of type SignerInfoContainer
/**
* @desc
* @member algorithm The public key algorithm
* @member digest The digest value
*/
type record CertificateWithAlgo {
PublicKeyAlgorithm algorithm,
HashedId8 digest
} // End of type CertificateWithAlgo
/**
* @desc The list of the methods to describe a message's signer
* @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.12 SignerInfoType
*/
type enumerated SignerInfoType {
e_self (0),
e_certificate_digest_with_ecdsap256 (1),
e_certificate (2),
e_certificate_chain (3),
e_certificate_digest_with_other_algorithm (4)
} // End of type SignerInfoContainer
/**
* @desc Indication on an identifier, where real identification is not required
* @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.14 HashedId3
* @see RFC2246 Clause 4.2. Miscellaneous
*/
/**
* @desc Identifies data such as a certificate
* @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.13 HashedId8
* @see RFC2246 Clause 4.2. Miscellaneous
*/
/**
* @desc The unsigned 32 bits number of International Atomic Time (TAI) microseconds since 00:00:00 UTC, 01 January 2004
* @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.16 Time64
*/
type UInt32 Time32;
/**
* @desc The unsigned 64 bits number of International Atomic Time (TAI) microseconds since 00:00:00 UTC, 01 January 2004
* @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.16 Time64
*/
type UInt64 Time64;
/**
* @desc The time along with the standard deviation of time values
* @member time The time being encoded
* @member log_std_dev The rounded up value of the log to the base 1,134666 of the implementation's estimate of the standard deviation in units of nanoseconds
* @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.17 Time64WithStandardDeviation
*/
type record Time64WithStandardDeviation {
Time64 time,
UInt8 log_std_dev
} // End of type Time64WithStandardDeviation
/**
* @desc Defines the duration of a time span (e.g. a certificate's validity)
* @member unit
* @member duration
* @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.18 Duration
*/
type record Duration {
DurationUnitType unit,
Int13 duration
} // End of type Duration
/**
* @desc List of supported duration unit
* @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.18 Duration
* @see Draft ETSI TS 103 097 V1.1.6 Table 3: Interpretation of duration unit bits
*/
type enumerated DurationUnitType {
e_seconds (0), // seconds
e_minutes (1), // minutes (60 seconds)
e_hours (2), // hours (3 600 seconds)
e_hoursBlock (3), // 60 hour blocks (216 000 seconds)
e_year (4) // years (31 556 925 seconds)
} with { variant "3 bit" }
/**
* @desc Specify a two dimensional location
* @member latitude Latitude in tenths of micro degrees relative to the World Geodetic System (WGS)-84 datum
* @member longitude Longitude in tenths of micro degrees relative to the World Geodetic System (WGS)-84 datum
* @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.19 TwoDLocation
*/
type record TwoDLocation {
Int32 latitude,
Int32 longitude
} // End of type TwoDLocation
/**
* @desc Specify a two dimensional location
* @member latitude Latitude in tenths of micro degrees relative to the World Geodetic System (WGS)-84 datum
* @member longitude Longitude in tenths of micro degrees relative to the World Geodetic System (WGS)-84 datum
* @member elevation Elevation relative to the WGS-84 ellipsoid in decimetres
* @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.20 ThreeDLocation
*/
type record ThreeDLocation {
Int32 latitude,
Int32 longitude,
Oct2 elevation // Due to physical meaning, it cannot be Oct0to2
} // End of type ThreeDLocation
type record of ThreeDLocation ThreeDLocations; // FIXME To be removed after creation of the configuration structure to unify all PIXITs into one configuration PIXIT record of
/**
* @desc Defines geographic regions used to limit the validity of certificates
* @member region_type Region type
* @member region Region description
* @remark In case of e_none, the field region shall not be present
* @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.21 GeographicRegion
*/
type record GeographicRegion {
RegionType region_type,
GeographicRegionContainer region optional
} // End of type GeographicRegion
type union GeographicRegionContainer {
CircularRegion circular_region,
RectangularRegions rectangular_region,
PolygonalRegion polygonal_region,
IdentifiedRegion id_region,
octetstring other_region
} // End of type GeographicRegionContainer
/**
* @desc The list of the possible region types
* @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.22 RegionType
*/
type enumerated RegionType {
e_none (0),
e_circle (1),
e_rectangle (2),
e_polygon (3),
e_id (4)
} with { variant "8 bit" }
/**
* @desc Defines a circular region
* @member center Circular center
* @member radius Radius given in metres
* @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.23 CircularRegion
*/
type record CircularRegion {
TwoDLocation center,
UInt16 radius
} // End of type CircularRegion
/**
* @desc Defines a rectangular region by connecting the four points in the order (northwest.latitude, northwest.longitude), (northwest.longitude, southeast.longitude), (southeast.longitude, southeast.longitude), and (southeast.longitude, northwest.longitude)
* @member northwest Upper left corner
* @member southeast Lower rigth corner
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
* @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.24 RectangularRegion
*/
type record RectangularRegion {
TwoDLocation northwest,
TwoDLocation southeast
} // End of type RectangularRegion
type record of RectangularRegion RectangularRegions;
/**
* @desc a region by enumerating points on the region's boundary
*/
type record of TwoDLocation PolygonalRegion;
/**
* @desc Defines a predefined geographic region determined by the region dictionary and the region identifier
* @member region_dictionary The region dictionary
* @member region_identifier The region identifier
* @member local_region The whole region. 0 if the whole region is meant
* @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.26 IdentifiedRegion
*/
type record IdentifiedRegion {
RegionDictionary region_dictionary,
UInt16 region_identifier,
IntX local_region
} // End of type IdentifiedRegion
/**
* @desc The list of dictionaries containing two-octet records of globally defined regions
* @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.27 RegionDictionary
*/
type enumerated RegionDictionary {
} with { variant "8 bit" }
} // End of group basicFormatElements
group SecurityMessages {
/**
garciay
committed
* @desc Secured message description, part to be signed
* @member protocol_version The applied protocol version
* @member security_profile The security profile for this secured message
* @member header_fields Multiple information fields of interest to the security layer
* @member payload_fields The message's payload
* @member trailer_fields Security information after the payload
*
* @see Draft ETSI TS 103 097 V1.1.6 Clause 5.1 SecuredMessage
* @see Draft ETSI TS 103 097 V1.1.6 Table 5
*/
type record ToBeSignedSecuredMessage {
garciay
committed
UInt8 protocol_version,
UInt8 security_profile,
HeaderFields header_fields,
SecPayloads payload_fields optional, // Used by the codec to fill it with the secured packet in case of 'omit' value
TrailerFieldType trailerFieldType
} // End of type ToBeSignedSecuredMessage
garciay
committed
/**
* @desc Secured message description
* @member protocol_version The applied protocol version
* @member security_profile The security profile for this secured message
* @member header_fields Multiple information fields of interest to the security layer
* @member payload_fields The message's payload
* @member trailer_fields Security information after the payload
*
* @see Draft ETSI TS 103 097 V1.1.6 Clause 5.1 SecuredMessage
*/
type record SecuredMessage {
UInt8 protocol_version,
UInt8 security_profile,
HeaderFields header_fields,
SecPayloads payload_fields optional, // Used by the codec to fill it with the secured packet in case of 'omit' value
TrailerFields trailer_fields
} // End of type SecuredMessage
/**
* @desc Information of interest to the security layer
* @see Draft ETSI TS 103 097 V1.1.6 Clause 5.4 HeaderField
*/
type record HeaderField {
HeaderFieldType type_,
HeaderFieldContainer headerField
} // End of type HeaderField
/**
* @desc Supported types of header fields
* @see Draft ETSI TS 103 097 V1.1.6 Clause 5.5 HeaderFieldType
*/
type enumerated HeaderFieldType {
e_generation_time (0),
e_generation_time_standard_deviation (1),
e_expiration (2),
e_generation_location (3),
e_request_unrecognized_certificate (4),
e_message_type (5),
e_signer_info (128),
e_recipient_info (129),
} with { variant "8 bit" }
type union HeaderFieldContainer {
Time64 generation_time,
Time64WithStandardDeviation generation_time_with_standard_deviation,
Time32 expiry_time,
ThreeDLocation generation_location,
UInt16 message_type,
SignerInfo signer,
RecipientInfos recipients,
EncryptionParameters enc_params,
octetstring other_header
} // End of type HeaderFieldContainer
type record of HashedId3 HashedId3s;
type record of RecipientInfo RecipientInfos;
/**
* @desc Payload structure
* @member type_ Payload type
* @member payload Payload data
*
* @see Draft ETSI TS 103 097 V1.1.6 Clause 5.2 Payload
*/
garciay
committed
SecPayloadType type_,
octetstring data optional
} // End of type Payload
/**
* @desc Supported types of payloads
*
* @see Draft ETSI TS 103 097 V1.1.6 Clause 5.3 PayloadType
e_unsecured (0),
e_signed (1),
e_encrypted (2),
e_signed_external (3),
} with { variant "8 bit" }
/**
* @desc Information used by the security layer after processing the payload
* @see Draft ETSI TS 103 097 V1.1.6 Clause 5.6 TrailerField
*/
type record TrailerField {
TrailerFieldType type_,
TrailerFieldContainer trailerField
} // End of type TrailerField
/**
* @desc
* @member signature_ The signature of the payload
* @member security_field Out of scope
*/
type union TrailerFieldContainer {
Signature signature_,
octetstring security_field
} // End of type TrailerFieldContainer
/**
* @desc Supported types of trailer fields
* @see Draft ETSI TS 103 097 V1.1.6 Clause 5.7 TrailerFieldType
*/
type enumerated TrailerFieldType {
} with { variant "8 bit" }
/**
* @desc Information for a message's recipient
* @member cert_id Identifier for the recipient's certificate
* @member pk_encryption Type of the recipient's certificate
* @member enc_key The recipient's certificate
* @see Draft ETSI TS 103 097 V1.1.6 Clause 5.8 RecipientInfo
*/
type record RecipientInfo {
HashedId8 cert_id,
PublicKeyAlgorithm pk_encryption,
RecipientInfoContainer enc_key
} // End of type RecipientInfo
/**
* @desc The recipient's certificate
* @member enc_key Identifier for the recipient's certificate
* @member enc_key_other Type of the recipient's certificate
*/
type union RecipientInfoContainer {
EciesEncryptedKey enc_key,
octetstring enc_key_other
} // End of type RecipientInfoContainer
/**
* @desc Defines an ECIES-encrypted symmetric key as defined in IEEE Std 1363a 2004
* @member v The sender's ECC ephemeral key used for the Elliptic Curve Encryption Scheme
* @member c The encrypted (AES) key
* @member t The authentication tag vector
* @see Draft ETSI TS 103 097 V1.1.6 Clause 5.9 EciesEncryptedKey
EccPoint v,
octetstring c,
} // End of type EciesEncryptedKey
} // End of group SecurityMessages
group certificateSpecification {
/**
* @desc Certificate description, part to be signed
* @member version The certificate's version. Shall be set to 2
* @member signer_infos The certificate's signers
* @member subject_info Information on the certificate's subject
* @member subject_attributes The certificate's subject
* @member validity_restrictions Restrictions regarding the certificate's validity
* @see Draft ETSI TS 103 097 V1.1.6 Clause 6.1 Certificate
*/
type record ToBeSignedCertificate {
UInt8 version,
SignerInfos signer_infos,
SubjectInfo subject_info,
SubjectAttributes subject_attributes,
ValidityRestrictions validity_restrictions
} // End of type ToBeSignedCertificate
/**
* @desc Certificate description
* @member version The certificate's version. Shall be set to 2
* @member signer_infos The certificate's signers
* @member subject_info Information on the certificate's subject
* @member subject_attributes The certificate's subject
* @member validity_restrictions Restrictions regarding the certificate's validity
* @member signature_ The signature of this certificate signed by the responsible CA
* @see Draft ETSI TS 103 097 V1.1.6 Clause 6.1 Certificate
*/
type record Certificate {
UInt8 version,
SubjectInfo subject_info,
SubjectAttributes subject_attributes,
ValidityRestrictions validity_restrictions,
Signature signature_
} // End of type Certificate
/**
* @desc Certificate description
* @member subject_type The type subjet
* @member subject_name The subject itself
* @see Draft ETSI TS 103 097 V1.1.6 Clause 6.2 SubjectInfo
* @remark The subject_name variable-length vector shall have a maximum length of 32 bytes
*/
type record SubjectInfo {
SubjectType subject_type,
Oct0to31 subject_name // The subject_name variable-length vector shall have a maximum length of 32 bytes
} // End of type SubjectInfo
/**
* @desc The list of the possible types of subjects
* @see Draft ETSI TS 103 097 V1.1.6 Clause 6.3 SubjectInfoType
*/
type enumerated SubjectType {
e_enrollment_credential (0),
e_authorization_ticket (1),
e_authorization_authority (2),
e_enrollment_authority (3),
e_root_ca (4),
} with { variant "8 bit" }
/**
* @desc Subject attribute description
* @member type_ The type of attribute
* @member attribute The attribute itself
* @see Draft ETSI TS 103 097 V1.1.6 Clause 6.4 SubjectAttribute
*/
type record SubjectAttribute {
SubjectAttributeType type_,
SubjectAttributeContainer attribute
} // End of type SubjectAttribute
/**
* @desc The attributes description
* @member key
* @member rv
* @member assurance_level
* @member its_aid_list
* @member its_aid_ssp_list
* @member other_attribute
*/
type union SubjectAttributeContainer {
PublicKey key,
EccPoint rv,
SubjectAssurance assurance_level,
IntXs its_aid_list,
ItsAidSsps its_aid_ssp_list,
octetstring other_attribute
} // End of type SubjectAttributeContainer
/**
* @desc The list of the possible types of attributes
* @see Draft ETSI TS 103 097 V1.1.6 Clause 6.5 SubjectAttributeType
*/
type enumerated SubjectAttributeType {
e_verification_key (0),
e_encryption_key (1),
e_assurance_level (2),
e_reconstruction_value (3),
} with { variant "8 bit" }
/**
* @desc The ITS S's assurance
* @member levels The assurance levels
* @member reserved Out of scope
* @member confidence The confidence
* @see Draft ETSI TS 103 097 V1.1.6 Clause 6.6 SubjectAssurance
* @see Draft ETSI TS 103 097 V1.1.6 Table 5: Bitwise encoding of subject assurance
*/
type record SubjectAssurance {
Bit3 levels,
Bit3 reserved,
Bit2 confidence
} with { variant "8 bit" } // End of type SubjectAssurance
/**
* @desc Defines ways to restrict the validity restriction of the certificate
* @member type_ The type of validity restriction of the certificate
* @member validity The validity restriction of the certificate
* @see Draft ETSI TS 103 097 V1.1.6 Clause 6.6 SubjectAssurance
*/
type record ValidityRestriction {
ValidityRestrictionType type_,
ValidityRestrictionContainer validity
} // End of type ValidityRestriction
/**
* @desc Defines the validity restriction of the certificate
* @member end_validity Validity restriction till the end date
* @member time_start_and_end Validity restriction between into a range
* @member time_start_and_duration Validity restriction between into a range from a start date and inside a geographical aera
* @member region Validity restriction into a geographical area
* @member region Validity restriction into a geographical area
* @member data TODO
*/
type union ValidityRestrictionContainer {
Time32 end_validity,
TimeStartEnd time_start_and_end,
TimeDuration time_start_and_duration,
} // End of type ValidityRestrictionContainer
/**
* @desc Defines the validity restriction between into a range
* @member start_validity Start date
* @member end_validity End date
*/
type record TimeStartEnd {
Time32 start_validity,
Time32 end_validity
} // End of type TimeStartEnd
/**
* @desc Defines the validity restriction between into a range from a start date and inside a geographical aera
* @member start_validity Start date
* @member duration Duration of the validity restriction from the start date
*/
type record TimeDuration {
Time32 start_validity,
} // End of type TimeDuration
/**
* @desc Type of validity restriction of a certificate
* @see Draft ETSI TS 103 097 V1.1.6 6.8 ValidityRestrictionType
*/
type enumerated ValidityRestrictionType {
e_time_end (0),
e_time_start_and_end (1),
e_time_start_and_duration (2),
} with { variant "8 bit" }
type record of ValidityRestriction ValidityRestrictions;
/**
* @desc ITS-AID description
* @member its_aid The ITS_AID identifier
* @member service_specific_permissions The associated Service Specific Permissions
* @see Draft ETSI TS 103 097 V1.1.6 Clause 6.9 ItsAidSsp
*/
type record ItsAidSsp {
IntX its_aid,
} // End of type ItsAidSsp
} // End of group certificateSpecification
/**
* @desc Primitive used to activate security support
*/
type record AcEnableSecurity {
Oct32 signingPrivateKey,
Oct32 signingPublicKeyX,
Oct32 signingPublicKeyY,
Oct32 encryptPrivateKey,
Oct32 encryptPublicKeyX,
Oct32 encryptPublicKeyY,
octetstring ToBeSignedSecuredMessageTemplate
/**
* @desc Primitive used to deactiate security support
*/
type record AcDisableSecurity {
boolean disable
} // End of type AcDisableSecurity
group utPrimitives {
}
with {
encode "UpperTester"
} // End of group utPrimitives
garciay
committed
} // End of module LibItsSecurity_TypesAndValues