Skip to content
GitLab
Hide whitespace changes
Inline Side-by-side
asn1/Security/TS102921/EtsiTs102941MessagesItss.asn
View file @ ad43a4f9
/*************************************************************************************
This file contains the EtsiTs102941MessagesItss module providing the ITS-S subset
of messages defined in the module EtsiTs102941MessagesCA
It should never be imported together with the module EtsiTs102941MessagesCA.
Use the EtsiTs102941MessagesCA if all possible PKI message types are needed.
This module blocks the usage of unencrypted EC signature for AA requests.
**************************************************************************************/
EtsiTs102941MessagesItss
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) messagesItss(1) version1(1)}
DEFINITIONS AUTOMATIC TAGS ::=
BEGIN
IMPORTS
EtsiTs103097Data-Signed
--EtsiTs103097Data-Encrypted,
--EtsiTs103097Data-SignedAndEncrypted
FROM EtsiTs103097Module
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103097) securedMessageV1(0) }
EtsiTs103097Data-Encrypted-Unicast,
EtsiTs103097Data-SignedAndEncrypted-Unicast,
Version
FROM EtsiTs102941BaseTypes
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) baseTypes(3) version1(1) }
InnerEcRequestSignedForPop, InnerEcResponse
FROM EtsiTs102941TypesEnrolment
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) enrolment(4) version1(1) }
InnerAtRequest, InnerAtResponse
FROM EtsiTs102941TypesAuthorization
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) authorization(5) version1(1) }
ToBeSignedCrl, ToBeSignedTlmCtl, ToBeSignedRcaCtl
FROM EtsiTs102941TrustLists
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) trustLists(6) version1(1) }
;
/************
-- Messages
************/
EnrolmentRequestMessage ::= EtsiTs103097Data-SignedAndEncrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{enrolmentRequest PRESENT})})}
EnrolmentResponseMessage ::= EtsiTs103097Data-SignedAndEncrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{enrolmentResponse PRESENT})})}
AuthorizationRequestMessage ::= EtsiTs103097Data-Encrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationRequest PRESENT})})}
AuthorizationRequestMessageWithPop ::= EtsiTs103097Data-SignedAndEncrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationRequest PRESENT})})}
AuthorizationResponseMessage ::= EtsiTs103097Data-SignedAndEncrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationResponse PRESENT})})}
CertificateRevocationListMessage ::= EtsiTs103097Data-Signed{EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{certificateRevocationList PRESENT})})}
TlmCertificateTrustListMessage ::= EtsiTs103097Data-Signed{EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{certificateTrustListTlm PRESENT})})}
RcaCertificateTrustListMessage ::= EtsiTs103097Data-Signed{EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{certificateTrustListRca PRESENT})})}
/************
-- EtsiTs102941Data
************/
EtsiTs102941Data::= SEQUENCE {
version Version (v1),
content EtsiTs102941DataContent
}
EtsiTs102941DataContent ::= CHOICE {
enrolmentRequest InnerEcRequestSignedForPop,
enrolmentResponse InnerEcResponse,
authorizationRequest InnerAtRequest,
authorizationResponse InnerAtResponse,
certificateRevocationList ToBeSignedCrl,
certificateTrustListTlm ToBeSignedTlmCtl,
certificateTrustListRca ToBeSignedRcaCtl,
...
} (WITH COMPONENTS{...,
authorizationRequest (WITH COMPONENTS{...,
ecSignature (WITH COMPONENTS{...,
encryptedEcSignature PRESENT
})
})
})
END
/*************************************************************************************
This file contains the EtsiTs102941MessagesItss module providing the ITS-S subset
of messages defined in the module EtsiTs102941MessagesCA
It should never be imported together with the module EtsiTs102941MessagesCA.
Use the EtsiTs102941MessagesCA if all possible PKI message types are needed.
This module blocks the usage of unencrypted EC signature for AA requests.
**************************************************************************************/
EtsiTs102941MessagesItss
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) messagesItss(1) version1(1)}
DEFINITIONS AUTOMATIC TAGS ::=
BEGIN
IMPORTS
EtsiTs103097Data-Signed
--EtsiTs103097Data-Encrypted,
--EtsiTs103097Data-SignedAndEncrypted
FROM EtsiTs103097Module
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103097) securedMessageV1(0) }
EtsiTs103097Data-Encrypted-Unicast,
EtsiTs103097Data-SignedAndEncrypted-Unicast,
Version
FROM EtsiTs102941BaseTypes
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) baseTypes(3) version1(1) }
InnerEcRequestSignedForPop, InnerEcResponse
FROM EtsiTs102941TypesEnrolment
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) enrolment(4) version1(1) }
InnerAtRequest, InnerAtResponse
FROM EtsiTs102941TypesAuthorization
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) authorization(5) version1(1) }
ToBeSignedCrl, ToBeSignedTlmCtl, ToBeSignedRcaCtl
FROM EtsiTs102941TrustLists
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) trustLists(6) version1(1) }
;
/************
-- Messages
************/
EnrolmentRequestMessage ::= EtsiTs103097Data-SignedAndEncrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{enrolmentRequest PRESENT})})}
EnrolmentResponseMessage ::= EtsiTs103097Data-SignedAndEncrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{enrolmentResponse PRESENT})})}
AuthorizationRequestMessage ::= EtsiTs103097Data-Encrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationRequest PRESENT})})}
AuthorizationRequestMessageWithPop ::= EtsiTs103097Data-SignedAndEncrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationRequest PRESENT})})}
AuthorizationResponseMessage ::= EtsiTs103097Data-SignedAndEncrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationResponse PRESENT})})}
CertificateRevocationListMessage ::= EtsiTs103097Data-Signed{EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{certificateRevocationList PRESENT})})}
TlmCertificateTrustListMessage ::= EtsiTs103097Data-Signed{EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{certificateTrustListTlm PRESENT})})}
RcaCertificateTrustListMessage ::= EtsiTs103097Data-Signed{EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{certificateTrustListRca PRESENT})})}
/************
-- EtsiTs102941Data
************/
EtsiTs102941Data::= SEQUENCE {
version Version (v1),
content EtsiTs102941DataContent
}
EtsiTs102941DataContent ::= CHOICE {
enrolmentRequest InnerEcRequestSignedForPop,
enrolmentResponse InnerEcResponse,
authorizationRequest InnerAtRequest,
authorizationResponse InnerAtResponse,
certificateRevocationList ToBeSignedCrl,
certificateTrustListTlm ToBeSignedTlmCtl,
certificateTrustListRca ToBeSignedRcaCtl,
...
} (WITH COMPONENTS{...,
authorizationRequest (WITH COMPONENTS{...,
ecSignature (WITH COMPONENTS{...,
encryptedEcSignature PRESENT
})
})
})
END
asn1/Security/TS102921/EtsiTs102941MessagesItss_OptionalPrivacy.asn
View file @ ad43a4f9
/*************************************************************************************
This file contains the EtsiTs102941MessagesItss-OptionalPrivacy module providing the
same subset of messages as the EtsiTs102941MessagesItss module.
It should never be used together with the EtsiTs102941MessagesCA and EtsiTs102941MessagesItss
This module allows the usage of unencrypted EC signature for AA requests.
**************************************************************************************/
EtsiTs102941MessagesItss-OptionalPrivacy
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) messagesItssOp(2) version1(1)}
DEFINITIONS AUTOMATIC TAGS ::=
BEGIN
IMPORTS
EtsiTs103097Data-Signed
--EtsiTs103097Data-Encrypted,
--EtsiTs103097Data-SignedAndEncrypted
FROM EtsiTs103097Module
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103097) securedMessageV1(0) }
EtsiTs103097Data-Encrypted-Unicast,
EtsiTs103097Data-SignedAndEncrypted-Unicast,
Version
FROM EtsiTs102941BaseTypes
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) baseTypes(3) version1(1) }
InnerEcRequestSignedForPop, InnerEcResponse
FROM EtsiTs102941TypesEnrolment
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) enrolment(4) version1(1) }
InnerAtRequest,
InnerAtResponse
FROM EtsiTs102941TypesAuthorization
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) authorization(5) version1(1) }
ToBeSignedCrl, ToBeSignedTlmCtl, ToBeSignedRcaCtl
FROM EtsiTs102941TrustLists
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) trustLists(6) version1(1) }
;
/************
-- Messages
************/
EnrolmentRequestMessage ::= EtsiTs103097Data-SignedAndEncrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{enrolmentRequest PRESENT})})}
EnrolmentResponseMessage ::= EtsiTs103097Data-SignedAndEncrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{enrolmentResponse PRESENT})})}
AuthorizationRequestMessage ::= EtsiTs103097Data-Encrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationRequest PRESENT})})}
AuthorizationRequestMessageWithPop ::= EtsiTs103097Data-SignedAndEncrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationRequest PRESENT})})}
AuthorizationResponseMessage ::= EtsiTs103097Data-SignedAndEncrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationResponse PRESENT})})}
CertificateRevocationListMessage ::= EtsiTs103097Data-Signed{EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{certificateRevocationList PRESENT})})}
TlmCertificateTrustListMessage ::= EtsiTs103097Data-Signed{EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{certificateTrustListTlm PRESENT})})}
RcaCertificateTrustListMessage ::= EtsiTs103097Data-Signed{EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{certificateTrustListRca PRESENT})})}
/************
-- EtsiTs102941Data
************/
EtsiTs102941Data::= SEQUENCE {
version Version (v1),
content EtsiTs102941DataContent
}
EtsiTs102941DataContent ::= CHOICE {
enrolmentRequest InnerEcRequestSignedForPop,
enrolmentResponse InnerEcResponse,
authorizationRequest InnerAtRequest,
authorizationResponse InnerAtResponse,
certificateRevocationList ToBeSignedCrl,
certificateTrustListTlm ToBeSignedTlmCtl,
certificateTrustListRca ToBeSignedRcaCtl,
...
}
END
/*************************************************************************************
This file contains the EtsiTs102941MessagesItss-OptionalPrivacy module providing the
same subset of messages as the EtsiTs102941MessagesItss module.
It should never be used together with the EtsiTs102941MessagesCA and EtsiTs102941MessagesItss
This module allows the usage of unencrypted EC signature for AA requests.
**************************************************************************************/
EtsiTs102941MessagesItss-OptionalPrivacy
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) messagesItssOp(2) version1(1)}
DEFINITIONS AUTOMATIC TAGS ::=
BEGIN
IMPORTS
EtsiTs103097Data-Signed
--EtsiTs103097Data-Encrypted,
--EtsiTs103097Data-SignedAndEncrypted
FROM EtsiTs103097Module
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103097) securedMessageV1(0) }
EtsiTs103097Data-Encrypted-Unicast,
EtsiTs103097Data-SignedAndEncrypted-Unicast,
Version
FROM EtsiTs102941BaseTypes
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) baseTypes(3) version1(1) }
InnerEcRequestSignedForPop, InnerEcResponse
FROM EtsiTs102941TypesEnrolment
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) enrolment(4) version1(1) }
InnerAtRequest, InnerAtResponse
FROM EtsiTs102941TypesAuthorization
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) authorization(5) version1(1) }
ToBeSignedCrl, ToBeSignedTlmCtl, ToBeSignedRcaCtl
FROM EtsiTs102941TrustLists
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) trustLists(6) version1(1) }
;
/************
-- Messages
************/
EnrolmentRequestMessage ::= EtsiTs103097Data-SignedAndEncrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{enrolmentRequest PRESENT})})}
EnrolmentResponseMessage ::= EtsiTs103097Data-SignedAndEncrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{enrolmentResponse PRESENT})})}
AuthorizationRequestMessage ::= EtsiTs103097Data-Encrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationRequest PRESENT})})}
AuthorizationRequestMessageWithPop ::= EtsiTs103097Data-SignedAndEncrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationRequest PRESENT})})}
AuthorizationResponseMessage ::= EtsiTs103097Data-SignedAndEncrypted-Unicast {EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{authorizationResponse PRESENT})})}
CertificateRevocationListMessage ::= EtsiTs103097Data-Signed{EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{certificateRevocationList PRESENT})})}
TlmCertificateTrustListMessage ::= EtsiTs103097Data-Signed{EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{certificateTrustListTlm PRESENT})})}
RcaCertificateTrustListMessage ::= EtsiTs103097Data-Signed{EtsiTs102941Data (WITH COMPONENTS{..., content (WITH COMPONENTS{certificateTrustListRca PRESENT})})}
/************
-- EtsiTs102941Data
************/
EtsiTs102941Data::= SEQUENCE {
version Version (v1),
content EtsiTs102941DataContent
}
EtsiTs102941DataContent ::= CHOICE {
enrolmentRequest InnerEcRequestSignedForPop,
enrolmentResponse InnerEcResponse,
authorizationRequest InnerAtRequest,
authorizationResponse InnerAtResponse,
certificateRevocationList ToBeSignedCrl,
certificateTrustListTlm ToBeSignedTlmCtl,
certificateTrustListRca ToBeSignedRcaCtl,
...
}
END
asn1/Security/TS102921/EtsiTs102941TrustLists.asn
View file @ ad43a4f9
EtsiTs102941TrustLists
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) trustLists(6) version1(1)}
DEFINITIONS AUTOMATIC TAGS ::=
BEGIN
IMPORTS
EtsiTs103097Certificate, EtsiTs103097Data-SignedAndEncrypted, EtsiTs103097Data-Signed
FROM
EtsiTs103097Module
{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103097) securedMessageV1(0)}
HashedId8, Time32, Version --, CertificateAuthorityConstraints
FROM EtsiTs102941BaseTypes
{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) baseTypes(3) version1(1)}
;
/************
-- CRL
************/
ToBeSignedCrl ::= SEQUENCE {
version Version,
thisUpdate Time32,
nextUpdate Time32,
entries SEQUENCE OF CrlEntry,
...
}
CrlEntry ::= HashedId8
/************
-- TLM CTL
************/
ToBeSignedTlmCtl ::= CtlFormat (FullCtl | DeltaCtl) (WITH COMPONENTS {...,
ctlCommands ( WITH COMPONENT(
( WITH COMPONENTS {...,
add ( WITH COMPONENTS {...,
ea ABSENT,
aa ABSENT
})
})
))
})
/************
-- RCA CTL
************/
ToBeSignedRcaCtl ::= CtlFormat (FullCtl | DeltaCtl) ( WITH COMPONENTS {...,
ctlCommands ( WITH COMPONENT(
( WITH COMPONENTS {...,
add ( WITH COMPONENTS {...,
rca ABSENT,
tlm ABSENT
})
})
))
})
/************
-- CTL
************/
FullCtl::= CtlFormat ( WITH COMPONENTS {...,
isFullCtl ( TRUE ),
ctlCommands ( WITH COMPONENT(
( WITH COMPONENTS {...,
delete ABSENT
})
))
})
DeltaCtl::= CtlFormat (WITH COMPONENTS {...,
isFullCtl(FALSE)
})
CtlFormat ::= SEQUENCE {
version Version,
nextUpdate Time32,
isFullCtl BOOLEAN,
ctlSequence INTEGER (0..255),
ctlCommands SEQUENCE OF CtlCommand,
...
}
CtlCommand ::= CHOICE {
add CtlEntry,
delete CtlDelete,
...
}
CtlEntry ::= CHOICE {
rca RootCaEntry,
ea EaEntry,
aa AaEntry,
dc DcEntry,
tlm TlmEntry,
...
}
CtlDelete ::= CHOICE {
cert HashedId8,
dc DcDelete,
...
}
TlmEntry::= SEQUENCE {
selfSignedTLMCertificate EtsiTs103097Certificate,
linkTLMCertificate EtsiTs103097Certificate OPTIONAL,
accessPoint Url
}
RootCaEntry ::= SEQUENCE {
selfsignedRootCa EtsiTs103097Certificate,
linkRootCaCertificate EtsiTs103097Certificate OPTIONAL
}
EaEntry ::= SEQUENCE {
eaCertificate EtsiTs103097Certificate,
aaAccessPoint Url,
itsAccessPoint Url OPTIONAL
}
AaEntry ::= SEQUENCE {
aaCertificate EtsiTs103097Certificate,
accessPoint Url
}
DcEntry ::= SEQUENCE {
url Url,
cert SEQUENCE OF HashedId8
}
DcDelete ::= Url
Url::= IA5String
END
EtsiTs102941TrustLists
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) trustLists(6) version1(1)}
DEFINITIONS AUTOMATIC TAGS ::=
BEGIN
IMPORTS
EtsiTs103097Certificate, EtsiTs103097Data-SignedAndEncrypted, EtsiTs103097Data-Signed
FROM
EtsiTs103097Module
{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103097) securedMessageV1(0)}
HashedId8, Time32, Version --, CertificateAuthorityConstraints
FROM EtsiTs102941BaseTypes
{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) baseTypes(3) version1(1)}
;
/************
-- CRL
************/
ToBeSignedCrl ::= SEQUENCE {
version Version,
thisUpdate Time32,
nextUpdate Time32,
entries SEQUENCE OF CrlEntry,
...
}
CrlEntry ::= HashedId8
/************
-- TLM CTL
************/
ToBeSignedTlmCtl ::= CtlFormat (FullCtl | DeltaCtl) (WITH COMPONENTS {...,
ctlCommands ( WITH COMPONENT(
( WITH COMPONENTS {...,
add ( WITH COMPONENTS {...,
ea ABSENT,
aa ABSENT
})
})
))
})
/************
-- RCA CTL
************/
ToBeSignedRcaCtl ::= CtlFormat (FullCtl | DeltaCtl) ( WITH COMPONENTS {...,
ctlCommands ( WITH COMPONENT(
( WITH COMPONENTS {...,
add ( WITH COMPONENTS {...,
rca ABSENT,
tlm ABSENT
})
})
))
})
/************
-- CTL
************/
FullCtl::= CtlFormat ( WITH COMPONENTS {...,
isFullCtl ( TRUE ),
ctlCommands ( WITH COMPONENT(
( WITH COMPONENTS {...,
delete ABSENT
})
))
})
DeltaCtl::= CtlFormat (WITH COMPONENTS {...,
isFullCtl(FALSE)
})
CtlFormat ::= SEQUENCE {
version Version,
nextUpdate Time32,
isFullCtl BOOLEAN,
ctlSequence INTEGER (0..255),
ctlCommands SEQUENCE OF CtlCommand,
...
}
CtlCommand ::= CHOICE {
add CtlEntry,
delete CtlDelete,
...
}
CtlEntry ::= CHOICE {
rca RootCaEntry,
ea EaEntry,
aa AaEntry,
dc DcEntry,
tlm TlmEntry,
...
}
CtlDelete ::= CHOICE {
cert HashedId8,
dc DcDelete,
...
}
TlmEntry::= SEQUENCE {
selfSignedTLMCertificate EtsiTs103097Certificate,
linkTLMCertificate EtsiTs103097Certificate OPTIONAL,
accessPoint Url
}
RootCaEntry ::= SEQUENCE {
selfsignedRootCa EtsiTs103097Certificate,
linkRootCaCertificate EtsiTs103097Certificate OPTIONAL
}
EaEntry ::= SEQUENCE {
eaCertificate EtsiTs103097Certificate,
aaAccessPoint Url,
itsAccessPoint Url OPTIONAL
}
AaEntry ::= SEQUENCE {
aaCertificate EtsiTs103097Certificate,
accessPoint Url
}
DcEntry ::= SEQUENCE {
url Url,
cert SEQUENCE OF HashedId8
}
DcDelete ::= Url
Url::= IA5String
END
asn1/Security/TS102921/EtsiTs102941TypesAuthorization.asn
View file @ ad43a4f9
EtsiTs102941TypesAuthorization
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) authorization(5) version1(1)}
DEFINITIONS AUTOMATIC TAGS ::=
BEGIN
IMPORTS
EtsiTs103097Certificate,
EtsiTs103097Data-Signed
FROM EtsiTs103097Module
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103097) securedMessageV1(0)}
CertificateFormat, CertificateSubjectAttributes, EcSignature, HashedId8, PublicKeys, Version
FROM EtsiTs102941BaseTypes
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) baseTypes(3) version1(1) }
;
/************
-- AuthorizationRequest/Response
************/
AuthorizationResponseCode ::= ENUMERATED {
ok(0),
-- ITS->AA
its-aa-cantparse, -- valid for any structure
its-aa-badcontenttype, -- not encrypted, not signed, not authorizationrequest
its-aa-imnottherecipient, -- the recipients of the outermost encrypted data doesnt include me
its-aa-unknownencryptionalgorithm, -- either kexalg or contentencryptionalgorithm
its-aa-decryptionfailed, -- works for ECIES-HMAC and AES-CCM
its-aa-keysdontmatch, -- HMAC keyTag verification fails
its-aa-incompleterequest, -- some elements are missing
its-aa-invalidencryptionkey, -- the responseEncryptionKey is bad
its-aa-outofsyncrequest, -- signingTime is outside acceptable limits
its-aa-unknownea, -- the EA identified by eaId is unknown to me
its-aa-invalidea, -- the EA certificate is revoked
its-aa-deniedpermissions, -- I, the AA, deny the requested permissions
-- AA->EA
aa-ea-cantreachea, -- the EA is unreachable (network error?)
-- EA->AA
ea-aa-cantparse, -- valid for any structure
ea-aa-badcontenttype, -- not encrypted, not signed, not authorizationrequest
ea-aa-imnottherecipient, -- the recipients of the outermost encrypted data doesnt include me
ea-aa-unknownencryptionalgorithm, -- either kexalg or contentencryptionalgorithm
ea-aa-decryptionfailed, -- works for ECIES-HMAC and AES-CCM
-- TODO: to be continued...
invalidaa, -- the AA certificate presented is invalid/revoked/whatever
invalidaasignature, -- the AA certificate presented cant validate the request signature
wrongea, -- the encrypted signature doesnt designate me as the EA
unknownits, -- cant retrieve the EC/ITS in my DB
invalidsignature, -- signature verification of the request by the EC fails
invalidencryptionkey, -- signature is good, but the key is bad
deniedpermissions, -- permissions not granted
deniedtoomanycerts, -- parallel limit
... }
InnerAtRequest ::= SEQUENCE {
publicKeys PublicKeys,
hmacKey OCTET STRING (SIZE(32)),
sharedAtRequest SharedAtRequest,
ecSignature EcSignature,
...
}
SharedAtRequest ::= SEQUENCE {
eaId HashedId8,
keyTag OCTET STRING (SIZE(16)),
certificateFormat CertificateFormat,
requestedSubjectAttributes CertificateSubjectAttributes (WITH COMPONENTS{certIssuePermissions ABSENT}),
...
}
InnerAtResponse ::= SEQUENCE {
requestHash OCTET STRING (SIZE(16)),
responseCode AuthorizationResponseCode,
certificate EtsiTs103097Certificate OPTIONAL,
...
}
(WITH COMPONENTS { responseCode (ok), certificate PRESENT }
| WITH COMPONENTS { responseCode (ALL EXCEPT ok), certificate ABSENT }
)
END
EtsiTs102941TypesAuthorization
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) authorization(5) version1(1)}
DEFINITIONS AUTOMATIC TAGS ::=
BEGIN
IMPORTS
EtsiTs103097Certificate,
EtsiTs103097Data-Signed
FROM EtsiTs103097Module
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103097) securedMessageV1(0)}
CertificateFormat, CertificateSubjectAttributes, EcSignature, HashedId8, PublicKeys, Version
FROM EtsiTs102941BaseTypes
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) baseTypes(3) version1(1) }
;
/************
-- AuthorizationRequest/Response
************/
AuthorizationResponseCode ::= ENUMERATED {
ok(0),
-- ITS->AA
its-aa-cantparse, -- valid for any structure
its-aa-badcontenttype, -- not encrypted, not signed, not authorizationrequest
its-aa-imnottherecipient, -- the recipients of the outermost encrypted data doesnt include me
its-aa-unknownencryptionalgorithm, -- either kexalg or contentencryptionalgorithm
its-aa-decryptionfailed, -- works for ECIES-HMAC and AES-CCM
its-aa-keysdontmatch, -- HMAC keyTag verification fails
its-aa-incompleterequest, -- some elements are missing
its-aa-invalidencryptionkey, -- the responseEncryptionKey is bad
its-aa-outofsyncrequest, -- signingTime is outside acceptable limits
its-aa-unknownea, -- the EA identified by eaId is unknown to me
its-aa-invalidea, -- the EA certificate is revoked
its-aa-deniedpermissions, -- I, the AA, deny the requested permissions
-- AA->EA
aa-ea-cantreachea, -- the EA is unreachable (network error?)
-- EA->AA
ea-aa-cantparse, -- valid for any structure
ea-aa-badcontenttype, -- not encrypted, not signed, not authorizationrequest
ea-aa-imnottherecipient, -- the recipients of the outermost encrypted data doesnt include me
ea-aa-unknownencryptionalgorithm, -- either kexalg or contentencryptionalgorithm
ea-aa-decryptionfailed, -- works for ECIES-HMAC and AES-CCM
-- TODO: to be continued...
invalidaa, -- the AA certificate presented is invalid/revoked/whatever
invalidaasignature, -- the AA certificate presented cant validate the request signature
wrongea, -- the encrypted signature doesnt designate me as the EA
unknownits, -- cant retrieve the EC/ITS in my DB
invalidsignature, -- signature verification of the request by the EC fails
invalidencryptionkey, -- signature is good, but the key is bad
deniedpermissions, -- permissions not granted
deniedtoomanycerts, -- parallel limit
... }
InnerAtRequest ::= SEQUENCE {
publicKeys PublicKeys,
hmacKey OCTET STRING (SIZE(32)),
sharedAtRequest SharedAtRequest,
ecSignature EcSignature,
...
}
SharedAtRequest ::= SEQUENCE {
eaId HashedId8,
keyTag OCTET STRING (SIZE(16)),
certificateFormat CertificateFormat,
requestedSubjectAttributes CertificateSubjectAttributes (WITH COMPONENTS{...,certIssuePermissions ABSENT}),
...
}
InnerAtResponse ::= SEQUENCE {
requestHash OCTET STRING (SIZE(16)),
responseCode AuthorizationResponseCode,
certificate EtsiTs103097Certificate OPTIONAL,
...
}
(WITH COMPONENTS { responseCode (ok), certificate PRESENT }
| WITH COMPONENTS { responseCode (ALL EXCEPT ok), certificate ABSENT }
)
END
asn1/Security/TS102921/EtsiTs102941TypesAuthorizationValidation.asn
View file @ ad43a4f9
EtsiTs102941TypesAuthorizationValidation
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) authValidation(7) version1(1)}
DEFINITIONS AUTOMATIC TAGS ::=
BEGIN
IMPORTS
EtsiTs103097Certificate
FROM EtsiTs103097Module
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103097) securedMessageV1(0)}
CertificateFormat, CertificateSubjectAttributes,EcSignature, HashedId8, PublicKeys, Version
FROM EtsiTs102941BaseTypes
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) baseTypes(3) version1(1) }
SharedAtRequest
FROM EtsiTs102941TypesAuthorization
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) authorization(5) version1(1)}
;
/************
-- AuthorizationValidationRequest/Response
************/
AuthorizationValidationResponseCode ::= ENUMERATED {
ok(0),
cantparse, -- valid for any structure
badcontenttype, -- not encrypted, not signed, not permissionsverificationrequest
imnottherecipient, -- the “recipients” of the outermost encrypted data doesn’t include me
unknownencryptionalgorithm, -- either kexalg or contentencryptionalgorithm
decryptionfailed, -- works for ECIES-HMAC and AES-CCM
invalidaa, -- the AA certificate presented is invalid/revoked/whatever
invalidaasignature, -- the AA certificate presented can’t validate the request signature
wrongea, -- the encrypted signature doesn’t designate me as the EA
unknownits, -- can’t retrieve the EC/ITS in my DB
invalidsignature, -- signature verification of the request by the EC fails
invalidencryptionkey, -- signature is good, but the responseEncryptionKey is bad
deniedpermissions, -- requested permissions not granted
deniedtoomanycerts, -- parallel limit
deniedrequest, -- any other reason?
... }
AuthorizationValidationRequest ::= SEQUENCE {
sharedAtRequest SharedAtRequest,
ecSignature EcSignature,
...
}
AuthorizationValidationResponse ::= SEQUENCE {
requestHash OCTET STRING (SIZE(16)),
responseCode AuthorizationValidationResponseCode,
confirmedSubjectAttributes CertificateSubjectAttributes (WITH COMPONENTS{certIssuePermissions ABSENT}) OPTIONAL,
...
}
END
EtsiTs102941TypesAuthorizationValidation
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) authValidation(7) version1(1)}
DEFINITIONS AUTOMATIC TAGS ::=
BEGIN
IMPORTS
EtsiTs103097Certificate
FROM EtsiTs103097Module
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103097) securedMessageV1(0)}
CertificateFormat, CertificateSubjectAttributes,EcSignature, HashedId8, PublicKeys, Version
FROM EtsiTs102941BaseTypes
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) baseTypes(3) version1(1) }
SharedAtRequest
FROM EtsiTs102941TypesAuthorization
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) authorization(5) version1(1)}
;
/************
-- AuthorizationValidationRequest/Response
************/
AuthorizationValidationResponseCode ::= ENUMERATED {
ok(0),
cantparse, -- valid for any structure
badcontenttype, -- not encrypted, not signed, not permissionsverificationrequest
imnottherecipient, -- the “recipients” of the outermost encrypted data doesn’t include me
unknownencryptionalgorithm, -- either kexalg or contentencryptionalgorithm
decryptionfailed, -- works for ECIES-HMAC and AES-CCM
invalidaa, -- the AA certificate presented is invalid/revoked/whatever
invalidaasignature, -- the AA certificate presented can’t validate the request signature
wrongea, -- the encrypted signature doesn’t designate me as the EA
unknownits, -- can’t retrieve the EC/ITS in my DB
invalidsignature, -- signature verification of the request by the EC fails
invalidencryptionkey, -- signature is good, but the responseEncryptionKey is bad
deniedpermissions, -- requested permissions not granted
deniedtoomanycerts, -- parallel limit
deniedrequest, -- any other reason?
... }
AuthorizationValidationRequest ::= SEQUENCE {
sharedAtRequest SharedAtRequest,
ecSignature EcSignature,
...
}
AuthorizationValidationResponse ::= SEQUENCE {
requestHash OCTET STRING (SIZE(16)),
responseCode AuthorizationValidationResponseCode,
confirmedSubjectAttributes CertificateSubjectAttributes (WITH COMPONENTS{certIssuePermissions ABSENT}) OPTIONAL,
...
}
(WITH COMPONENTS { responseCode (ok), confirmedSubjectAttributes PRESENT }
| WITH COMPONENTS { responseCode (ALL EXCEPT ok), confirmedSubjectAttributes ABSENT }
)
END
asn1/Security/TS102921/EtsiTs102941TypesCaManagement.asn
View file @ ad43a4f9
EtsiTs102941TypesCaManagement
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) caManagement(8) version1(1)}
DEFINITIONS AUTOMATIC TAGS ::=
BEGIN
IMPORTS
EtsiTs103097Certificate, EtsiTs103097Data-Signed
FROM
EtsiTs103097Module
{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103097) securedMessageV1(0)}
PublicKeys, CertificateSubjectAttributes
FROM EtsiTs102941BaseTypes
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) baseTypes(3) version1(1)}
;
/************
-- CA certificate request
************/
CaCertificateRequest ::= SEQUENCE {
publicKeys PublicKeys,
requestedSubjectAttributes CertificateSubjectAttributes,
...
}
END
EtsiTs102941TypesCaManagement
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) caManagement(8) version1(1)}
DEFINITIONS AUTOMATIC TAGS ::=
BEGIN
IMPORTS
EtsiTs103097Certificate, EtsiTs103097Data-Signed
FROM
EtsiTs103097Module
{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103097) securedMessageV1(0)}
PublicKeys, CertificateSubjectAttributes
FROM EtsiTs102941BaseTypes
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) baseTypes(3) version1(1)}
;
/************
-- CA certificate request
************/
CaCertificateRequest ::= SEQUENCE {
publicKeys PublicKeys,
requestedSubjectAttributes CertificateSubjectAttributes,
...
}
END
asn1/Security/TS102921/EtsiTs102941TypesEnrolment.asn
View file @ ad43a4f9
EtsiTs102941TypesEnrolment
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) enrolment(4) version1(1)}
DEFINITIONS AUTOMATIC TAGS ::=
BEGIN
IMPORTS
EtsiTs103097Certificate,
EtsiTs103097Data-Signed
FROM EtsiTs103097Module
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103097) securedMessageV1(0)}
CertificateFormat, CertificateSubjectAttributes, EcSignature, HashedId8, PublicKeys, Version
FROM EtsiTs102941BaseTypes
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) baseTypes(3) version1(1) }
;
/************
-- EnrolmentRequest/Response
************/
EnrolmentResponseCode ::= ENUMERATED {
ok(0),
cantparse, -- valid for any structure
badcontenttype, -- not encrypted, not signed, not enrolmentrequest
imnottherecipient, -- the “recipients” doesn’t include me
unknownencryptionalgorithm, -- either kexalg or contentencryptionalgorithm
decryptionfailed, -- works for ECIES-HMAC and AES-CCM
unknownits, -- can’t retrieve the ITS from the itsId
invalidsignature, -- signature verification of the request fails
invalidencryptionkey, -- signature is good, but the responseEncryptionKey is bad
baditsstatus, -- revoked, not yet active
incompleterequest, -- some elements are missing
deniedpermissions, -- requested permissions are not granted
invalidkeys, -- either the verification_key of the encryption_key is bad
deniedrequest, -- any other reason?
... }
InnerEcRequestSignedForPop::= EtsiTs103097Data-Signed{InnerEcRequest}
InnerEcRequest ::= SEQUENCE {
itsId IA5String,
certificateFormat CertificateFormat,
publicKeys PublicKeys,
requestedSubjectAttributes CertificateSubjectAttributes (WITH COMPONENTS{certIssuePermissions ABSENT}),
...
}
InnerEcResponse ::= SEQUENCE {
requestHash OCTET STRING (SIZE(16)),
responseCode EnrolmentResponseCode,
certificate EtsiTs103097Certificate OPTIONAL,
...
}
(WITH COMPONENTS { responseCode (ok), certificate PRESENT }
| WITH COMPONENTS { responseCode (ALL EXCEPT ok), certificate ABSENT }
)
END
EtsiTs102941TypesEnrolment
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) enrolment(4) version1(1)}
DEFINITIONS AUTOMATIC TAGS ::=
BEGIN
IMPORTS
EtsiTs103097Certificate,
EtsiTs103097Data-Signed
FROM EtsiTs103097Module
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103097) securedMessageV1(0)}
CertificateFormat, CertificateSubjectAttributes, EcSignature, HashedId8, PublicKeys, Version
FROM EtsiTs102941BaseTypes
{ itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(102941) baseTypes(3) version1(1) }
;
/************
-- EnrolmentRequest/Response
************/
EnrolmentResponseCode ::= ENUMERATED {
ok(0),
cantparse, -- valid for any structure
badcontenttype, -- not encrypted, not signed, not enrolmentrequest
imnottherecipient, -- the “recipients” doesn’t include me
unknownencryptionalgorithm, -- either kexalg or contentencryptionalgorithm
decryptionfailed, -- works for ECIES-HMAC and AES-CCM
unknownits, -- can’t retrieve the ITS from the itsId
invalidsignature, -- signature verification of the request fails
invalidencryptionkey, -- signature is good, but the responseEncryptionKey is bad
baditsstatus, -- revoked, not yet active
incompleterequest, -- some elements are missing
deniedpermissions, -- requested permissions are not granted
invalidkeys, -- either the verification_key of the encryption_key is bad
deniedrequest, -- any other reason?
... }
InnerEcRequestSignedForPop::= EtsiTs103097Data-Signed{InnerEcRequest}
InnerEcRequest ::= SEQUENCE {
itsId OCTET STRING,
certificateFormat CertificateFormat,
publicKeys PublicKeys,
requestedSubjectAttributes CertificateSubjectAttributes (WITH COMPONENTS{certIssuePermissions ABSENT}),
...
}
InnerEcResponse ::= SEQUENCE {
requestHash OCTET STRING (SIZE(16)),
responseCode EnrolmentResponseCode,
certificate EtsiTs103097Certificate OPTIONAL,
...
}
(WITH COMPONENTS { responseCode (ok), certificate PRESENT }
| WITH COMPONENTS { responseCode (ALL EXCEPT ok), certificate ABSENT }
)
END
ttcn/Common/LibItsCommon_ASN1_NamedNumbers.ttcn
View file @ ad43a4f9
......@@ -27,9 +27,9 @@ module LibItsCommon_ASN1_NamedNumbers {
const AltitudeValue AltitudeValue_unavailable_ := 800001;
const CurvatureValue CurvatureValue_straight_ := 0;
const CurvatureValue CurvatureValue_reciprocalOf1MeterRadiusToRight_ := -30000;
const CurvatureValue CurvatureValue_reciprocalOf1MeterRadiusToLeft_ := 30000;
const CurvatureValue CurvatureValue_unavailable_ := 30001;
const CurvatureValue CurvatureValue_reciprocalOf1MeterRadiusToRight_ := -1023;
const CurvatureValue CurvatureValue_reciprocalOf1MeterRadiusToLeft_ := 1023;
const CurvatureValue CurvatureValue_unavailable_ := 1023;
const ExteriorLights ExteriorLights_lowBeamHeadlightsOn_ := '10000000'B;
const ExteriorLights ExteriorLights_highBeamHeadlightsOn_ := '01000000'B;
......
ttcn/Pki/LibItsPki_Functions.ttcn
View file @ ad43a4f9
......@@ -192,7 +192,7 @@ module LibItsPki_Functions {
} // End of function f_utInitializeIut
function f_sendUtTriggerPrimitive(
in charstring p_canonical_id,
in octetstring p_canonical_id,
in Oct1 p_enc_algorithm,
in octetstring p_private_key,
in octetstring p_public_key_compressed,
......
ttcn/Pki/LibItsPki_Pics.ttcn
View file @ ad43a4f9
......@@ -123,6 +123,6 @@ module LibItsPki_Pics {
/**
* @desc Canonical ITSS-S identifier
*/
modulepar charstring PICS_ITS_S_CANONICAL_ID := "1B4CA1210123AE900BBE6C3EBAE7E87DA20DBDAB1E7B2EC0691C51C1021900AA";
modulepar octetstring PICS_ITS_S_CANONICAL_ID := '1B4CA1210123AE900BBE6C3EBAE7E87DA20DBDAB1E7B2EC0691C51C1021900AA'O;
} // End of module LibItsPki_Pics
ttcn/Pki/LibItsPki_Templates.ttcn
View file @ ad43a4f9
......@@ -173,7 +173,7 @@ module LibItsPki_Templates {
} // End of template mw_authorizationValidationResponse
template (value) InnerEcRequest m_innerEcRequest(
in template (value) charstring p_itsId,
in template (value) octetstring p_itsId,
in template (value) PublicKeys p_publicKeys,
in template (value) CertificateSubjectAttributes p_requestedSubjectAttributes
) := {
......@@ -184,7 +184,7 @@ module LibItsPki_Templates {
} // End of template m_innerEcRequest
template (present) InnerEcRequest mw_innerEcRequest(
template (present) charstring p_itsId := ?,
template (present) octetstring p_itsId := ?,
template (present) PublicKeys p_publicKeys := ?,
template (present) CertificateSubjectAttributes p_requestedSubjectAttributes := ?
) := {
......
ttcn/Pki/LibItsPki_TypesAndValues.ttcn
View file @ ad43a4f9
......@@ -63,7 +63,7 @@ module LibItsPki_TypesAndValues {
* @member compressedPublickey The compressed public key to be used for signature of the requested EA certificate (format: [02|03]<compressed public key>
*/
type record TriggerEnrolmentRequest {
charstring cannonicalId,
octetstring cannonicalId,
Oct1 encAlgorithm,
octetstring privateKey,
octetstring compressedPublickey
......