Security ASN.1 files: ready for asn1c

asn1/Security/1609Dot2/IEEE1609dot2BaseTypes.asn

@@ -100,8 +100,8 @@ SequenceOfRectangularRegion ::= SEQUENCE OF RectangularRegion
 PolygonalRegion ::= SEQUENCE SIZE(3..MAX) OF TwoDLocation
 
 TwoDLocation ::= SEQUENCE  {
-    latitude      Latitude,
-    longitude     Longitude
+    latitude      SecLatitude,
+    longitude     SecLongitude
 }
 
 IdentifiedRegion ::= CHOICE  {
@@ -133,14 +133,14 @@ RegionAndSubregions ::= SEQUENCE  {
 SequenceOfRegionAndSubregions ::= SEQUENCE OF RegionAndSubregions
 
 ThreeDLocation ::= SEQUENCE  {
-    latitude        Latitude,
-    longitude       Longitude,
-    elevation       Elevation
+    latitude        SecLatitude,
+    longitude       SecLongitude,
+    elevation       SecElevation
 }
 
-Latitude ::= NinetyDegreeInt
-Longitude ::= OneEightyDegreeInt
-Elevation ::= ElevInt
+SecLatitude ::= NinetyDegreeInt
+SecLongitude ::= OneEightyDegreeInt
+SecElevation ::= ElevInt
 
 NinetyDegreeInt ::= INTEGER  {
     min 		(-900000000),

asn1/Security/EtsiTs102941BaseTypes.asn

+EtsiTs102941BaseTypes
+{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) baseTypes(0) version1(1) }
+
+-- draft version r6 of 28.09.2017
+
+DEFINITIONS AUTOMATIC TAGS ::= BEGIN
+
+IMPORTS
+HashedId8, Time32, PublicEncryptionKey, PublicVerificationKey
+FROM
+IEEE1609dot2BaseTypes {iso(1) identified-organization(3) ieee(111) 
+standards-association-numbered-series-standards(2) wave-stds(1609)  
+dot2(2) base(1) base-types(2) major-version-2(2)}
+
+CertificateId, SubjectAssurance, SequenceOfPsidSsp, SequenceOfPsidGroupPermissions, ValidityPeriod, GeographicRegion
+FROM 
+IEEE1609dot2 {iso(1) identified-organization(3) ieee(111) 
+standards-association-numbered-series-standards(2) wave-stds(1609)  
+dot2(2) base (1) schema (1) major-version-2(2)}
+
+EtsiTs103097Data-Encrypted, EtsiTs103097Data-SignedExternalPayload
+FROM EtsiTs103097Module
+{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103097) securedMessageV1(0)}
+;
+
+AuthorizationResponseCode ::= ENUMERATED {
+  ok(0),
+  -- ITS->AA
+  its-aa-cantparse, -- valid for any structure
+  its-aa-badcontenttype, -- not encrypted, not signed, not authorizationrequest
+  its-aa-imnottherecipient, -- the “recipients” of the outermost encrypted data doesn’t include me
+  its-aa-unknownencryptionalgorithm, -- either kexalg or contentencryptionalgorithm
+  its-aa-decryptionfailed, -- works for ECIES-HMAC and AES-CCM
+  its-aa-keysdontmatch, -- HMAC keyTag verification fails
+  its-aa-incompleterequest, -- some elements are missing
+  its-aa-invalidencryptionkey, -- the responseEncryptionKey is bad
+  its-aa-outofsyncrequest, -- signingTime is outside acceptable limits
+  its-aa-unknownea, -- the EA identified by eaId is unknown to me
+  its-aa-invalidea, -- the EA certificate is revoked
+  its-aa-deniedpermissions, -- I, the AA, deny the requested permissions
+  -- AA->EA
+  aa-ea-cantreachea, -- the EA is unreachable (network error?)
+  -- EA->AA
+  ea-aa-cantparse, -- valid for any structure
+  ea-aa-badcontenttype, -- not encrypted, not signed, not authorizationrequest
+  ea-aa-imnottherecipient, -- the “recipients” of the outermost encrypted data doesn’t include me
+  ea-aa-unknownencryptionalgorithm, -- either kexalg or contentencryptionalgorithm
+  ea-aa-decryptionfailed, -- works for ECIES-HMAC and AES-CCM
+  -- TODO: to be continued...
+  invalidaa, -- the AA certificate presented is invalid/revoked/whatever
+  invalidaasignature, -- the AA certificate presented can’t validate the request signature
+  wrongea, -- the encrypted signature doesn’t designate me as the EA
+  unknownits, -- can’t retrieve the EC/ITS in my DB
+  invalidsignature, -- signature verification of the request by the EC fails
+  invalidencryptionkey, -- signature is good, but the key is bad
+  deniedpermissions, -- permissions not granted
+  deniedtoomanycerts, -- parallel limit
+  ... }
+
+AuthorizationValidationResponseCode ::= ENUMERATED {
+  ok(0),
+  cantparse, -- valid for any structure
+  badcontenttype, -- not encrypted, not signed, not permissionsverificationrequest
+  imnottherecipient, -- the “recipients” of the outermost encrypted data doesn’t include me
+  unknownencryptionalgorithm, -- either kexalg or contentencryptionalgorithm
+  decryptionfailed, -- works for ECIES-HMAC and AES-CCM
+  invalidaa, -- the AA certificate presented is invalid/revoked/whatever
+  invalidaasignature, -- the AA certificate presented can’t validate the request signature
+  wrongea, -- the encrypted signature doesn’t designate me as the EA
+  unknownits, -- can’t retrieve the EC/ITS in my DB
+  invalidsignature, -- signature verification of the request by the EC fails
+  invalidencryptionkey, -- signature is good, but the responseEncryptionKey is bad
+  deniedpermissions, -- requested permissions not granted
+  deniedtoomanycerts, -- parallel limit
+  deniedrequest, -- any other reason?
+  ... }
+
+CertificateFormat::= INTEGER{
+	ts103097v211 (1)
+	}(1..255)
+
+CertificateSubjectAttributes::= SEQUENCE {
+  id 					CertificateId OPTIONAL,
+  validityPeriod        ValidityPeriod OPTIONAL,
+  region                GeographicRegion OPTIONAL,
+  assuranceLevel        SubjectAssurance OPTIONAL,
+  appPermissions        SequenceOfPsidSsp OPTIONAL,
+  certIssuePermissions  SequenceOfPsidGroupPermissions OPTIONAL,
+  ...
+}(WITH COMPONENTS { ..., appPermissions PRESENT} |
+ WITH COMPONENTS { ..., certIssuePermissions PRESENT})
+
+
+EnrolmentResponseCode ::= ENUMERATED {
+  ok(0),
+  cantparse, -- valid for any structure
+  badcontenttype, -- not encrypted, not signed, not enrolmentrequest
+  imnottherecipient, -- the “recipients” doesn’t include me
+  unknownencryptionalgorithm, -- either kexalg or contentencryptionalgorithm
+  decryptionfailed, -- works for ECIES-HMAC and AES-CCM
+  unknownits, -- can’t retrieve the ITS from the itsId
+  invalidsignature, -- signature verification of the request fails
+  invalidencryptionkey, -- signature is good, but the responseEncryptionKey is bad
+  baditsstatus, -- revoked, not yet active
+  incompleterequest, -- some elements are missing
+  deniedpermissions, -- requested permissions are not granted
+  invalidkeys, -- either the verification_key of the encryption_key is bad
+  deniedrequest, -- any other reason?
+  ... }
+
+EcSignature::= CHOICE{
+  encryptedEcSignature 	EtsiTs103097Data-Encrypted{EtsiTs103097Data-SignedExternalPayload}, 
+  ecSignature 			EtsiTs103097Data-SignedExternalPayload
+  }
+
+PublicKeys ::= SEQUENCE {
+  verificationKey 		PublicVerificationKey,
+  encryptionKey 		PublicEncryptionKey OPTIONAL
+  }
+
+Version ::= INTEGER {v1(1)}
+
+
+END

asn1/Security/EtsiTs102941Its-sMessages.asn

+EtsiTs102941Its-sMessages
+  { itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) its-sMessages(1) version1(1)}
+
+-- draft version r6 of 28.09.2017
+
+DEFINITIONS AUTOMATIC TAGS ::=
+BEGIN
+
+IMPORTS
+
+EtsiTs103097Certificate, EtsiTs103097Data-Signed, EtsiTs103097Data-Encrypted, EtsiTs103097Data-SignedExternalPayload, EtsiTs103097Data-SignedAndEncrypted
+FROM EtsiTs103097Module
+{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103097) securedMessageV1(0)}
+
+AuthorizationResponseCode, AuthorizationValidationResponseCode, CertificateFormat, CertificateSubjectAttributes,EnrolmentResponseCode, EcSignature, HashedId8, PublicKeys, Version
+FROM EtsiTs102941BaseTypes
+{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) baseTypes(0) version1(1) }
+
+;
+
+/************
+-- Messages
+************/
+
+EnrolmentRequestMessage::= EtsiTs103097Data-SignedAndEncrypted {EtsiTS102941DataIts-s (WITH COMPONENTS{..., content (WITH COMPONENTS{enrolmentRequest PRESENT})})} 
+EnrolmentResponseMessage::= EtsiTs103097Data-SignedAndEncrypted {EtsiTS102941DataIts-s (WITH COMPONENTS{..., content (WITH COMPONENTS{enrolmentResponse PRESENT})})} 
+AuthorizationRequestMessage::= EtsiTs103097Data-Encrypted {EtsiTS102941DataIts-s (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationRequest PRESENT})})} 
+AuthorizationRequestMessageWithPop::= EtsiTs103097Data-Encrypted {EtsiTS102941DataIts-s (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationRequestWithPop PRESENT})})} 
+AuthorizationResponseMessage::= EtsiTs103097Data-SignedAndEncrypted {EtsiTS102941DataIts-s (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationResponse PRESENT})})} 
+AuthorizationValidationRequestMessage::= EtsiTs103097Data-SignedAndEncrypted {EtsiTS102941DataIts-s (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationValidationRequest PRESENT})})} 
+AuthorizationValidationResponseMessage::= EtsiTs103097Data-SignedAndEncrypted {EtsiTS102941DataIts-s (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationValidationResponse PRESENT})})} 
+
+
+/************
+-- EtsiTS102941Data
+************/
+
+EtsiTS102941DataIts-s::= SEQUENCE{
+  version Version (v1),
+  content Content}
+
+Content ::= CHOICE{
+	enrolmentRequest					InnerEcRequestSignedForPop,
+	enrolmentResponse 					InnerEcResponse,
+	authorizationRequest	 			InnerAtRequest,
+	authorizationRequestWithPop			InnerAtRequestSignedForPop,
+	authorizationResponse				InnerAtResponse,
+	authorizationValidationRequest 		AuthorizationValidationRequest,
+	authorizationValidationResponse 	AuthorizationValidationResponse,
+	caCertificateRequest				NULL,
+	caCertificateResponse 				NULL,
+	... 
+	} 
+
+
+/************
+-- EnrolmentRequest/Response
+************/
+
+InnerEcRequestSignedForPop::= EtsiTs103097Data-Signed{InnerEcRequest}
+
+InnerEcRequest::= SEQUENCE {
+  itsId 							IA5String,
+  certificateFormat					CertificateFormat,
+  publicKeys 						PublicKeys,
+  requestedSubjectAttributes 		CertificateSubjectAttributes (WITH COMPONENTS{certIssuePermissions ABSENT}),
+  ...
+ }
+
+InnerEcResponse ::= SEQUENCE {
+  requestHash 		OCTET STRING (SIZE(16)),
+  responseCode 		EnrolmentResponseCode,
+  certificate 		EtsiTs103097Certificate OPTIONAL,
+  ... 
+ }
+  (WITH COMPONENTS { responseCode (ok), certificate PRESENT }
+     | WITH COMPONENTS { responseCode (ALL EXCEPT ok), certificate ABSENT }
+  )
+
+/************
+-- AuthorizationRequest/Response
+************/
+
+InnerAtRequestSignedForPop::= EtsiTs103097Data-Signed{InnerAtRequest}
+
+InnerAtRequest ::= SEQUENCE {
+  publicKeys 			PublicKeys,
+  hmacKey 				OCTET STRING (SIZE(32)),
+  sharedAtRequest 		SharedAtRequest, 
+  ecSignature			EcSignature,
+  ...
+  } 
+
+SharedAtRequest ::= SEQUENCE {
+  eaId 								HashedId8,
+  keyTag 							OCTET STRING (SIZE(16)),
+  ertificateFormat					CertificateFormat,
+  requestedSubjectAttributes 		CertificateSubjectAttributes (WITH COMPONENTS{certIssuePermissions ABSENT}),
+  ...
+  }
+
+InnerAtResponse ::= SEQUENCE {
+  requestHash 		OCTET STRING (SIZE(16)),
+  responseCode 		AuthorizationResponseCode,
+  certificate 		EtsiTs103097Certificate OPTIONAL,
+  ... 
+ }
+  (WITH COMPONENTS { responseCode (ok), certificate PRESENT }
+  | WITH COMPONENTS { responseCode (ALL EXCEPT ok), certificate ABSENT }
+  )
+
+/************
+-- AuthorizationValidationRequest/Response
+************/
+
+AuthorizationValidationRequest ::= SEQUENCE {
+  sharedAtRequest 	SharedAtRequest,
+  ecSignature 		EcSignature,
+  ...
+  }
+
+AuthorizationValidationResponse ::= SEQUENCE { 
+  requestHash 						OCTET STRING (SIZE(16)),
+  responseCode 						AuthorizationValidationResponseCode,
+  confirmedSubjectAttributes 		CertificateSubjectAttributes (WITH COMPONENTS{certIssuePermissions ABSENT}) OPTIONAL,
+  ...
+  }
+
+END
+
+
+
+
+
+

asn1/Security/EtsiTs102941OfflineDataStructures.asn

+EtsiTs102941OfflineDataStructures
+  { itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) offlineDataStructures(3) version1(1)}
+
+-- draft version r6 of 28.09.2017
+
+DEFINITIONS AUTOMATIC TAGS ::=
+BEGIN
+
+IMPORTS
+
+EtsiTs103097Certificate, EtsiTs103097Data-SignedAndEncrypted, EtsiTs103097Data-Signed 
+FROM	
+EtsiTs103097Module 
+{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103097) securedMessageV1(0)}
+
+HashedId8, PublicKeys, CertificateSubjectAttributes, EnrolmentResponseCode, Time32, Version
+FROM EtsiTs102941BaseTypes
+{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941)baseTypes(0) version1(1)}
+
+;
+
+/************
+-- Messages
+************/
+
+CaCertificateRequestMessage ::= EtsiTs103097Data-Signed {EtsiTS102941DataCa(WITH COMPONENTS{..., content (WITH COMPONENTS{caCertificateRequest PRESENT})})}
+CaCertificateResponseMessage ::= EtsiTs103097Data-Signed {EtsiTS102941DataCa(WITH COMPONENTS{..., content (WITH COMPONENTS{caCertificateResponse PRESENT})})}  
+
+/************
+-- EtsiTS102941Data
+************/
+
+EtsiTS102941DataCa::= SEQUENCE{
+  version Version (v1),
+  content CaContent}
+
+CaContent ::= CHOICE{
+	caCertificateRequest				CaCertificateRequest,
+	caCertificateResponse				CaCertificateResponse,
+	... 
+	}
+
+
+/************
+-- CA certificate request 
+************/
+
+CaCertificateRequest ::= SEQUENCE {
+  publicKeys 						PublicKeys,
+  reqquestedSubjectAttributes 		CertificateSubjectAttributes,
+  ...	 
+}
+
+CaCertificateResponse::=SEQUENCE {
+  requestHash 		OCTET STRING (SIZE(16)),
+  responseCode 		EnrolmentResponseCode,
+  certificate 		EtsiTs103097Certificate OPTIONAL,
+  ... 
+ }
+  (WITH COMPONENTS { responseCode (ok), certificate PRESENT }
+     | WITH COMPONENTS { responseCode (ALL EXCEPT ok), certificate ABSENT }
+  )
+
+
+END
+

asn1/Security/EtsiTs102941TrustLists.asn

+EtsiTs102941TrustLists
+  { itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) trustLists(2) version(1)}
+
+-- draft version r6 of 28.09.2017
+
+DEFINITIONS AUTOMATIC TAGS ::= BEGIN
+
+IMPORTS
+
+ItsPduHeader
+FROM
+ITS-Container 
+{itu-t (0) identified-organization (4) etsi (0) itsDomain (5) wg1 (1) ts (102894) cdd (2) version (1)}
+
+EtsiTs103097Certificate, EtsiTs103097Data-SignedAndEncrypted, EtsiTs103097Data-Signed 
+FROM	
+EtsiTs103097Module
+{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103097) securedMessageV1(0)}
+
+HashedId8, Time32, Version
+FROM EtsiTs102941BaseTypes 
+{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) baseTypes(0) version1(1)}
+
+;
+
+/************
+-- Messages
+************/
+
+CTLM::= SEQUENCE {
+  header	ItsPduHeader,
+  ctl	Ctl,
+  ...
+	}
+
+CRLM::= SEQUENCE {
+  header	ItsPduHeader,
+  crl	Crl,
+  ...
+	}
+
+
+/************
+-- CRL
+************/
+Crl ::= EtsiTs103097Data-Signed{ToBeSignedCrl}
+ 
+ToBeSignedCrl ::= SEQUENCE {
+  version Version,
+  thisUpdate Time32,
+  nextUpdate Time32,
+  entries SEQUENCE OF CRLEntry,
+  ...
+}
+
+CRLEntry ::= HashedId8
+
+
+/************
+-- CTL
+************/
+
+Ctl ::= EtsiTs103097Data-Signed{ToBeSignedCtl} 
+
+ToBeSignedCtl::=  CtlFormat (FullCtl | DeltaCtl)
+
+FullCtl::= CtlFormat(WITH COMPONENTS {...,
+	isFullCtl(TRUE),
+    ctlCommands(WITH COMPONENT( 
+	   (WITH COMPONENTS {..., 
+         delete ABSENT
+		 })
+		)) 
+	})
+
+
+DeltaCtl::= CtlFormat (WITH COMPONENTS {...,
+	isFullCtl(FALSE)
+    })
+
+
+CtlFormat ::= SEQUENCE {
+	version Version,
+	nextUpdate Time32, 
+	isFullCtl	BOOLEAN,
+	ctlSequence INTEGER (0..255),
+	ctlCommands SEQUENCE OF CtlCommand,
+	...
+	}
+	
+
+CtlCommand::= CHOICE{
+	add 	CtlEntry,
+	delete  CtlDelete,
+	...
+	}
+
+CtlEntry ::= CHOICE {
+	rca	RootCaEntry,
+	ea	EaEntry,
+	aa	AaEntry,
+	dc	DcEntry,
+	tlm	TlmEntry,
+	...
+	}
+
+CtlDelete ::= CHOICE {
+    cert      HashedId8,
+    dc        DcDelete,
+	...
+    }
+
+RootCaEntry ::= SEQUENCE {
+  selfsignedRootCa EtsiTs103097Certificate,
+  linkRootCaCertificate EtsiTs103097Certificate OPTIONAL,
+  constraints OCTET STRING OPTIONAL
+} 
+
+EaEntry ::= SEQUENCE {
+  eaCertificate EtsiTs103097Certificate,
+  linkEaCertificate EtsiTs103097Certificate OPTIONAL,
+  aaAccessPoint Url,
+  itsAccessPoint Url OPTIONAL }
+-- First URL is to be used by AA (AuthorizationValidationRequest)
+-- second URL is to be used by ITS-S (AuthorizationRequest)
+
+AaEntry ::= SEQUENCE {
+	aaCertificate EtsiTs103097Certificate,
+	accessPoint Url
+	}
+
+DcEntry::= Url
+
+DcDelete::= Url
+
+TlmEntry::= SEQUENCE {
+          selfSignedTLMCertificate EtsiTs103097Certificate,
+          linkTLMCertificate EtsiTs103097Certificate OPTIONAL
+}
+
+Url::= IA5String
+
+
+END