/** * @author ETSI / STF481 * @version $URL$ * $Id$ * @desc Module containing types and values for Security Protocol * */ module LibItsSecurity_TypesAndValues { // LibCommon import from LibCommon_BasicTypesAndValues { type UInt8, UInt16, UInt32, UInt64, Int13, Int32 } import from LibCommon_DataStrings { type Bit2, Bit3, Oct2, Oct3, Oct8, Oct12, Oct20, Oct1to31, Oct1to255 } // LibIts import from CAM_PDU_Descriptions language "ASN.1:1997" { type CAM } import from DENM_PDU_Descriptions language "ASN.1:1997" { type DENM } group basicFormatElements { /** * @desc an integer of variable length * @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.1 IntX */ type integer IntX with { variant "IntX" }; /** * @desc List of supported algorithms based on public key cryptography * @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.2 PublicKeyAlgorithm */ type enumerated PublicKeyAlgorithm { e_ecdsa_nistp256_with_sha256 (0), e_ecies_nistp256 (1) } with { variant "8 bit" } /** * @desc List of supported algorithms based on symmetric key cryptography * @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.3 SymmetricAlgorithm */ type enumerated SymmetricAlgorithm { e_aes_128_ccm (0), e_unknown (255) } with { variant "8 bit" } /** * @desc Wrapper for public keys by specifying the used algorithm * @member algorithm Specifying the used algorithm * @member public_key The public key structure * @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.4 PublicKey */ type record PublicKey { PublicKeyAlgorithm algorithm, PublicKeyContainer public_key } // End of type PublicKey /** * @desc Information regarding ECC contained in an EccPoint structure * @member supported_symm_alg The symmetric key algorithm * @member public_key The EccPoint used in the PublicKey */ type record PublicKeyDesc { SymmetricAlgorithm supported_symm_alg, EccPoint public_key } // End of type PublicKeyDesc /** * @desc Information regarding ECC contained in an EccPoint structure * @member eccPoint Specific details regarding ECC contained in an EccPoint structure * @member ecies_nistp256 Specific details regarding ECC contained in an EccPoint structure * @member other_key Out of scope */ type union PublicKeyContainer { EccPoint eccPoint, PublicKeyDesc ecies_nistp256, octetstring other_key } // End of type PublicKeyContainer /** * @desc Defines public key based on elliptic curve cryptography * @member algorithm Specifying the used algorithm * @member field_size The lengths of the vectors containing the raw keys * @member type_ The ECC key types * @member x The x coordinate * @member y * @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.5 EccPoint * @see Draft ETSI TS 103 097 V1.1.6 Table 2: Derivation of field sizes depending on the used algorithm */ type record EccPoint { PublicKeyAlgorithm algorithm, UInt8 field_size, EccPointType type_, octetstring x, EccPointContainer y optional } // End of type EccPoint /** * @desc Defines a public key based on elliptic curve cryptography * @member y The y coordinate * @member data Out of scope */ type union EccPointContainer { octetstring y, octetstring data } // End of type EccPointContainer /** * @desc List of supported ECC key types * @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.6 EccPointType */ type enumerated EccPointType { e_x_coordinate_only (0), e_compressed_lsb_y_0 (2), e_compressed_lsb_y_1 (3), e_uncompressed (4), e_unknown (255) } with { variant "8 bit" } /** * @desc Parameters and additional data required for encryption and decryption of data using different symmetric encryption algorithms * @member symm_algorithm The symmetric algorithm that shall be used with a public key for encryption * @member public_key The public key for encryption * @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.7 EncryptionParameters */ type record EncryptionParameters { SymmetricAlgorithm symm_algorithm, EncryptionParametersContainer public_key } // End of type EncryptionParameters /** * @desc * @member nonce Data encryption with the Advanced Encryption Standard (AES) using a 128-bit key in Counter with cipher block chaining message authentication code (CCM) mode * @member params Out of scope */ type union EncryptionParametersContainer { Oct12 nonce, octetstring params } // End of type EncryptionParametersContainer /** * @desc Signatures based on public key cryptography * @member algorithm Algorithm type * @member signature_ The signature * @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.7 EncryptionParameters */ type record Signature { PublicKeyAlgorithm algorithm, SignatureContainer signature_ } // End of type Signature /** * @desc * @member algorithm The ECDSA based signature * @member signature_ Out of scope */ type union SignatureContainer { EcdsaSignature ecdsa_signature, octetstring signature_ } // End of type SignatureContainer /** * @desc Description an ECDSA based signature * @member algorithm * @member field_size The 's' field length derived from the applied ECDSA algorithm * @member r Coordinate of the elliptic curve point resulting from multiplying the generator element by the ephemeral private key * @member s * @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.10 EcdsaSignature */ type record EcdsaSignature { PublicKeyAlgorithm algorithm, UInt8 field_size, EccPoint r, octetstring s } // End of type EcdsaSignature /** * @desc Information about the signer of a message * @member type_ Signature algorithm type * @member signerInfo Signature algorithm information. In case of self-signed, this field is not required because of no additional data shall be given * @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.11 SignerInfo */ type record SignerInfo { SignerInfoType type_, SignerInfoContainer signerInfo optional } // End of type SignerInfo /** * @desc * @member digest The digest value * @member certificate A certificate * @member certificates A complete certificate chain * @member certificateWithAlgo TODO * @member info TODO */ type union SignerInfoContainer { HashedId8 digest, Certificate certificate, CertificateChain certificates, CertificateWithAlgo certificateWithAlgo, octetstring info } // End of type SignerInfoContainer /** * @desc * @member algorithm The public key algorithm * @member digest The digest value */ type record CertificateWithAlgo { PublicKeyAlgorithm algorithm, HashedId8 digest } // End of type CertificateWithAlgo /** * @desc The list of the methods to describe a message's signer * @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.12 SignerInfoType */ type enumerated SignerInfoType { e_self (0), e_certificate_digest_with_ecdsap256 (1), e_certificate (2), e_certificate_chain (3), e_certificate_digest_with_other_algorithm (4) } // End of type SignerInfoContainer /** * @desc Indication on an identifier, where real identification is not required * @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.14 HashedId3 * @see RFC2246 Clause 4.2. Miscellaneous */ type Oct3 HashedId3; /** * @desc Identifies data such as a certificate * @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.13 HashedId8 * @see RFC2246 Clause 4.2. Miscellaneous */ type Oct8 HashedId8; /** * @desc The unsigned 32 bits number of International Atomic Time (TAI) microseconds since 00:00:00 UTC, 01 January 2004 * @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.16 Time64 */ type UInt32 Time32; /** * @desc The unsigned 64 bits number of International Atomic Time (TAI) microseconds since 00:00:00 UTC, 01 January 2004 * @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.16 Time64 */ type UInt64 Time64; /** * @desc The time along with the standard deviation of time values * @member time The time being encoded * @member log_std_dev The rounded up value of the log to the base 1,134666 of the implementation's estimate of the standard deviation in units of nanoseconds * @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.17 Time64WithStandardDeviation */ type record Time64WithStandardDeviation { Time64 time, UInt8 log_std_dev } // End of type Time64WithStandardDeviation /** * @desc Defines the duration of a time span (e.g. a certificate's validity) * @member unit * @member duration * @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.18 Duration */ type record Duration { DurationUnitType unit, Int13 duration } // End of type Duration /** * @desc List of supported duration unit * @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.18 Duration * @see Draft ETSI TS 103 097 V1.1.6 Table 3: Interpretation of duration unit bits */ type enumerated DurationUnitType { e_seconds (0), // seconds e_minutes (1), // minutes (60 seconds) e_hours (2), // hours (3 600 seconds) e_hoursBlock (3), // 60 hour blocks (216 000 seconds) e_year (4) // years (31 556 925 seconds) } with { variant "3 bit" } /** * @desc Specify a two dimensional location * @member latitude Latitude in tenths of micro degrees relative to the World Geodetic System (WGS)-84 datum * @member longitude Longitude in tenths of micro degrees relative to the World Geodetic System (WGS)-84 datum * @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.19 TwoDLocation */ type record TwoDLocation { Int32 latitude, Int32 longitude } // End of type TwoDLocation /** * @desc Specify a two dimensional location * @member latitude Latitude in tenths of micro degrees relative to the World Geodetic System (WGS)-84 datum * @member longitude Longitude in tenths of micro degrees relative to the World Geodetic System (WGS)-84 datum * @member elevation Elevation relative to the WGS-84 ellipsoid in decimetres * @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.20 ThreeDLocation */ type record ThreeDLocation { Int32 latitude, Int32 longitude, Oct2 elevation } // End of type ThreeDLocation /** * @desc Defines geographic regions used to limit the validity of certificates * @member region_type Region type * @member region Region description * @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.21 GeographicRegion */ type record GeographicRegion { RegionType region_type, GeographicRegionContainer region optional } // End of type GeographicRegion type union GeographicRegionContainer { CircularRegion circular_region, RectangularRegions rectangular_region, PolygonalRegion polygonal_region, IdentifiedRegion id_region, octetstring other_region } // End of type GeographicRegionContainer /** * @desc The list of the possible region types * @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.22 RegionType */ type enumerated RegionType { e_circle (0), e_rectangle (1), e_polygon (2), e_id (3), e_none (4) } with { variant "8 bit" } /** * @desc Defines a circular region * @member center Circular center * @member radius Radius given in metres * @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.23 CircularRegion */ type record CircularRegion { TwoDLocation center, UInt16 radius } // End of type CircularRegion /** * @desc Defines a rectangular region by connecting the four points in the order (northwest.latitude, northwest.longitude), (northwest.longitude, southeast.longitude), (southeast.longitude, southeast.longitude), and (southeast.longitude, northwest.longitude) * @member center Circular center * @member radius Radius given in metres * @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.24 RectangularRegion */ type record RectangularRegion { TwoDLocation northwest, TwoDLocation southeast } // End of type RectangularRegion type record of RectangularRegion RectangularRegions; /** * @desc a region by enumerating points on the region's boundary */ type record of TwoDLocation PolygonalRegion; /** * @desc Defines a predefined geographic region determined by the region dictionary and the region identifier * @member region_dictionary The region dictionary * @member region_identifier The region identifier * @member local_region The whole region. 0 if the whole region is meant * @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.26 IdentifiedRegion */ type record IdentifiedRegion { RegionDictionary region_dictionary, UInt16 region_identifier, IntX local_region } // End of type IdentifiedRegion /** * @desc The list of dictionaries containing two-octet records of globally defined regions * @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.27 RegionDictionary */ type enumerated RegionDictionary { iso_3166_1 (0), un_stats (1) } with { variant "8 bit" } } // End of group basicFormatElements group SecurityMessages { /** * @desc Generic secured message description * @member protocol_version The applied protocol version * @member security_profile The security profile for this secured message * @member header_fields Multiple information fields of interest to the security layer * @member payload_fields The message's payload * @member trailer_fields Security information after the payload * * @see Draft ETSI TS 103 097 V1.1.6 Clause 5.1 SecuredMessage */ type record SecuredMessage { UInt8 protocol_version, UInt8 security_profile, HeaderFields header_fields, Payload payload_fields, TrailerFields trailer_fields } // End of type SecuredMessage type set of HeaderField HeaderFields; type record HeaderField { HeaderFieldType type_, HeaderFieldContainer headerField } // End of type HeaderField /** * @desc Supported types of header fields */ type enumerated HeaderFieldType { e_generation_time (0), e_generation_time_standard_deviation (1), e_expiration (2), e_generation_location (3), e_request_unrecognized_certificate (4), e_message_type (5), e_signer_info (128), e_recipient_info (129), e_encryption_parameters (130), e_unknown (255) } with { variant "8 bit" } type union HeaderFieldContainer { Time64 generation_time, Time64WithStandardDeviation generation_time_with_standard_deviation, Time32 expiry_time, ThreeDLocation generation_location, HashedId3 digests, UInt16 message_type, SignerInfo signer, RecipientInfo recipient, EncryptionParameters enc_params, octetstring other_header } // End of type HeaderFieldContainer /** * @desc Payload structure * @member type_ Payload type * @member payload Payload data * * @see Draft ETSI TS 103 097 V1.1.6 Clause 5.2 Payload */ type record Payload { PayloadType type_, PayloadContainer payload } // End of type Payload /** * @desc Payload data container * @member camPayload CAM message * @member denmPayload DENM message * @member rawPayload Other message * * @see Draft ETSI TS 103 097 V1.1.6 Clause 5.2 Payload */ type union PayloadContainer { CAM camPayload, DENM denmPayload, octetstring rawPayload } // End of type PayloadContainer /** * @desc Supported types of payloads * * @see Draft ETSI TS 103 097 V1.1.6 Clause 5.3 Payload */ type enumerated PayloadType { e_unsecured (0), e_signed (1), e_encrypted (2), e_signed_external (3), e_signed_and_encrypted (4), e_unknown (255) } with { variant "8 bit" } type set of TrailerField TrailerFields; /** * @desc Information used by the security layer after processing the payload * @see Draft ETSI TS 103 097 V1.1.6 Clause 5.6 TrailerField */ type record TrailerField { TrailerFieldType type_, TrailerFieldContainer trailerField } // End of type TrailerField /** * @desc * @member signature_ The signature of the payload * @member security_field Out of scope */ type union TrailerFieldContainer { Signature signature_, octetstring security_field } // End of type TrailerFieldContainer /** * @desc Supported types of trailer fields * @see Draft ETSI TS 103 097 V1.1.6 Clause 5.7 TrailerFieldType */ type enumerated TrailerFieldType { e_signature (1), e_unknown (255) } with { variant "8 bit" } /** * @desc Information for a message's recipient * @member cert_id Identifier for the recipient's certificate * @member pk_encryption Type of the recipient's certificate * @member enc_key The recipient's certificate * @see Draft ETSI TS 103 097 V1.1.6 Clause 5.8 RecipientInfo */ type record RecipientInfo { HashedId8 cert_id, PublicKeyAlgorithm pk_encryption, RecipientInfoContainer enc_key } // End of type RecipientInfo /** * @desc The recipient's certificate * @member enc_key Identifier for the recipient's certificate * @member enc_key_other Type of the recipient's certificate */ type union RecipientInfoContainer { EciesEncryptedKey enc_key, octetstring enc_key_other } // End of type RecipientInfoContainer type record EciesEncryptedKey { SymmetricAlgorithm symm_alg, UInt32 symm_key_len, EccPoint v, octetstring c, Oct20 t } // End of type EciesEncryptedKey } // End of group SecurityMessages group certificateSpecification { /** * @desc Certificate description * @member version The certificate's version. Shall be set to 2 * @member signer_info The certificate's signer * @member subject_info Information on the certificate's subject * @member subject_attributes The certificate's subject * @member validity_restrictions Restrictions regarding the certificate's validity * @member signature_ The signature of this certificate signed by the responsible CA * @see Draft ETSI TS 103 097 V1.1.6 Clause 6.1 Certificate */ type record Certificate { UInt8 version, SignerInfos signer_info, SubjectInfo subject_info, SubjectAttributes subject_attributes, ValidityRestrictions validity_restrictions, Signature signature_ } // End of type Certificate type set of Certificate CertificateChain; type set of SignerInfo SignerInfos; /** * @desc Certificate description * @member subject_type The type subjet * @member subject_name The subject itself * @see Draft ETSI TS 103 097 V1.1.6 Clause 6.2 SubjectInfo */ type record SubjectInfo { SubjectType subject_type, Oct1to255 subject_name } // End of type SubjectInfo /** * @desc The list of the possible types of subjects * @see Draft ETSI TS 103 097 V1.1.6 Clause 6.3 SubjectInfoType */ type enumerated SubjectType { e_enrollment_credential (0), e_authorization_ticket (1), e_authorization_authority (2), e_enrollment_authority (3), e_root_ca (4), e_crl_signer (5), e_unknown (255) } with { variant "8 bit" } /** * @desc Subject attribute description * @member type_ The type of attribute * @member attribute The attribute itself * @see Draft ETSI TS 103 097 V1.1.6 Clause 6.4 SubjectAttribute */ type record SubjectAttribute { SubjectAttributeType type_, SubjectAttributeContainer attribute } // End of type SubjectAttribute /** * @desc The attributes description * @member key * @member rv * @member assurance_level * @member its_aid_list * @member its_aid_ssp_list * @member other_attribute */ type union SubjectAttributeContainer { PublicKey key, EccPoint rv, SubjectAssurance assurance_level, IntXs its_aid_list, ItsAidSsps its_aid_ssp_list, octetstring other_attribute } // End of type SubjectAttributeContainer type set of SubjectAttribute SubjectAttributes; type set of IntX IntXs; type set of ItsAidSsp ItsAidSsps; /** * @desc The list of the possible types of attributes * @see Draft ETSI TS 103 097 V1.1.6 Clause 6.5 SubjectAttributeType */ type enumerated SubjectAttributeType { e_verification_key (0), e_encryption_key (1), e_assurance_level (2), e_reconstruction_value (3), e_its_aid_list (4), e_its_aid_ssp_list (5) } with { variant "8 bit" } /** * @desc The ITS S's assurance * @member levels The assurance levels * @member reserved Out of scope * @member confidence The confidence * @see Draft ETSI TS 103 097 V1.1.6 Clause 6.6 SubjectAssurance * @see Draft ETSI TS 103 097 V1.1.6 Table 5: Bitwise encoding of subject assurance */ type record SubjectAssurance { Bit3 levels, Bit3 reserved, Bit2 confidence } // End of type SubjectAssurance /** * @desc Defines ways to restrict the validity restriction of the certificate * @member type_ The type of validity restriction of the certificate * @member validity The validity restriction of the certificate * @see Draft ETSI TS 103 097 V1.1.6 Clause 6.6 SubjectAssurance */ type record ValidityRestriction { ValidityRestrictionType type_, ValidityRestrictionContainer validity } // End of type ValidityRestriction /** * @desc Defines the validity restriction of the certificate * @member end_validity Validity restriction till the end date * @member time_start_and_end Validity restriction between into a range * @member time_start_and_duration Validity restriction between into a range from a start date and inside a geographical aera * @member data TODO */ type union ValidityRestrictionContainer { Time32 end_validity, TimeStartEnd time_start_and_end, TimeDuration time_start_and_duration, octetstring data } // End of type ValidityRestrictionContainer /** * @desc Defines the validity restriction between into a range * @member start_validity Start date * @member end_validity End date */ type record TimeStartEnd { Time32 start_validity, Time32 end_validity } // End of type TimeStartEnd /** * @desc Defines the validity restriction between into a range from a start date and inside a geographical aera * @member start_validity Start date * @member duration Duration of the validity restriction from the start date * @member GeographicRegion The geographical aera */ type record TimeDuration { Time32 start_validity, Duration duration, GeographicRegion region } // End of type TimeDuration /** * @desc Type of validity restriction of a certificate * @see Draft ETSI TS 103 097 V1.1.6 6.8 ValidityRestrictionType */ type enumerated ValidityRestrictionType { e_time_end (0), e_time_start_and_end (1), e_time_start_and_duration (2), e_region (3), e_unknown (255) } with { variant "8 bit" } type set of ValidityRestriction ValidityRestrictions; /** * @desc ITS-AID description * @member its_aid The ITS_AID identifier * @member service_specific_permissions The associated Service Specific Permissions * @see Draft ETSI TS 103 097 V1.1.6 Clause 6.9 ItsAidSsp */ type record ItsAidSsp { IntX its_aid, Oct1to31 service_specific_permissions } // End of type ItsAidSsp } // End of group certificateSpecification } with { encode "LibItsSecurity" } // End of module LibItsSecurity_TypesAndValues