ASN.1 module Ieee1609Dot2

OID: {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) schema(1) major-version-2(2) minor-version-6(6)} @note Section references in this file are to clauses in IEEE Std 1609.2 unless indicated otherwise. Full forms of acronyms and abbreviations used in this file are specified in 3.2.

Imports:

Data Elements:

Ieee1609Dot2Data

This data type is used to contain the other data types in this clause. The fields in the Ieee1609Dot2Data have the following meanings:

@note Canonicalization: This data structure is subject to canonicalization for the relevant operations specified in 6.1.2. The canonicalization applies to the Ieee1609Dot2Content.

Fields:

Ieee1609Dot2Data ::= SEQUENCE {
protocolVersion Uint8(3),
content Ieee1609Dot2Content
}

Ieee1609Dot2Content

In this structure:

@note Canonicalization: This data structure is subject to canonicalization for the relevant operations specified in 6.1.2 if it is of type signedData. The canonicalization applies to the SignedData.

Fields:

Ieee1609Dot2Content ::= CHOICE {
unsecuredData Opaque,
signedData SignedData,
encryptedData EncryptedData,
signedCertificateRequest Opaque,
...,
signedX509CertificateRequest Opaque
}

SignedData

In this structure:

@note Canonicalization: This data structure is subject to canonicalization for the relevant operations specified in 6.1.2. The canonicalization applies to the ToBeSignedData and the Signature.

Fields:

SignedData ::= SEQUENCE {
hashId HashAlgorithm,
tbsData ToBeSignedData,
signer SignerIdentifier,
signature Signature
}

ToBeSignedData

This structure contains the data to be hashed when generating or verifying a signature. See 6.3.4 for the specification of the input to the hash.

@note Canonicalization: This data structure is subject to canonicalization for the relevant operations specified in 6.1.2. The canonicalization applies to the SignedDataPayload if it is of type data, and to the HeaderInfo.

Fields:

ToBeSignedData ::= SEQUENCE {
payload SignedDataPayload,
headerInfo HeaderInfo
}

SignedDataPayload

This structure contains the data payload of a ToBeSignedData. This structure contains at least one of the optional elements, and may contain more than one. See 5.2.4.3.4 for more details. The security profile in Annex C allows an implementation of this standard to state which forms of Signed¬Data¬Payload are supported by that implementation, and also how the signer and verifier are intended to obtain the external data for hashing. The specification of an SDEE that uses external data is expected to be explicit and unambiguous about how this data is obtained and how it is formatted prior to processing by the hash function.

@note Canonicalization: This data structure is subject to canonicalization for the relevant operations specified in 6.1.2. The canonicalization applies to the Ieee1609Dot2Data.

Fields:

SignedDataPayload ::= SEQUENCE {
data Ieee1609Dot2Data OPTIONAL,
extDataHash HashedData OPTIONAL,
...,
omitted NULL OPTIONAL
} (WITH COMPONENTS {..., data PRESENT} |
WITH COMPONENTS {..., extDataHash PRESENT} |
WITH COMPONENTS {..., omitted PRESENT})

HashedData

This structure contains the hash of some data with a specified hash algorithm. See 5.3.3 for specification of the permitted hash algorithms.

@note Critical information fields: If present, this is a critical information field as defined in 5.2.6. An implementation that does not recognize the indicated CHOICE for this type when verifying a signed SPDU shall indicate that the signed SPDU is invalid in the sense of 4.2.2.3.2, that is, it is invalid in the sense that its validity cannot be established.

Fields:

HashedData::= CHOICE {
sha256HashedData HashedId32,
...,
sha384HashedData HashedId48,
sm3HashedData HashedId32
}

HeaderInfo

This structure contains information that is used to establish validity by the criteria of 5.2.

@note Canonicalization: This data structure is subject to canonicalization for the relevant operations specified in 6.1.2. The canonicalization applies to the EncryptionKey. If encryptionKey is present, and indicates the choice public, and contains a BasePublicEncryptionKey that is an elliptic curve point (i.e., of type EccP256CurvePoint or EccP384CurvePoint), then the elliptic curve point is encoded in compressed form, i.e., such that the choice indicated within the Ecc*CurvePoint is compressed-y-0 or compressed-y-1. The canonicalization does not apply to any fields after the extension marker, including any fields in contributedExtensions.

Fields:

HeaderInfo ::= SEQUENCE {
psid Psid,
generationTime Time64 OPTIONAL,
expiryTime Time64 OPTIONAL,
generationLocation ThreeDLocation OPTIONAL,
p2pcdLearningRequest HashedId3 OPTIONAL,
missingCrlIdentifier MissingCrlIdentifier OPTIONAL,
encryptionKey EncryptionKey OPTIONAL,
...,
inlineP2pcdRequest SequenceOfHashedId3 OPTIONAL,
requestedCertificate Certificate OPTIONAL,
pduFunctionalType PduFunctionalType OPTIONAL,
contributedExtensions ContributedExtensionBlocks OPTIONAL
}

MissingCrlIdentifier

This structure may be used to request a CRL that the SSME knows to have been issued and has not yet received. It is provided for future use and its use is not defined in this version of this standard.

Fields:

MissingCrlIdentifier ::= SEQUENCE {
cracaId HashedId3,
crlSeries CrlSeries,
...
}

PduFunctionalType

This data structure identifies the functional entity that is intended to consume an SPDU, for the case where that functional entity is not an application process, and are instead security support services for an application process. Further details and the intended use of this field are defined in ISO 21177 [B20].

PduFunctionalType ::= INTEGER (0..255)
tlsHandshake PduFunctionalType ::= 1
iso21177ExtendedAuth PduFunctionalType ::= 2
iso21177SessionExtension PduFunctionalType ::= 3

ContributedExtensionBlocks

This type is used for clarity of definitions.

ContributedExtensionBlocks ::= SEQUENCE (SIZE(1..MAX)) OF
ContributedExtensionBlock

ContributedExtensionBlock

This data structure defines the format of an extension block provided by an identified contributor by using the temnplate provided in the class IEEE1609DOT2-HEADERINFO-CONTRIBUTED-EXTENSION constraint to the objects in the set Ieee1609Dot2HeaderInfoContributedExtensions.

Values:

IEEE1609DOT2-HEADERINFO-CONTRIBUTED-EXTENSION

This Information Object Class defines the class that provides a template for defining extension blocks.

IEEE1609DOT2-HEADERINFO-CONTRIBUTED-EXTENSION ::= CLASS {
&id HeaderInfoContributorId UNIQUE,
&Extn
} WITH SYNTAX {&Extn IDENTIFIED BY &id}

Ieee1609Dot2HeaderInfoContributedExtensions

This structure is an ASN.1 Information Object Set listing the defined contributed extension types and the associated HeaderInfoContributorId values. In this version of this standard two extension types are defined: Ieee1609ContributedHeaderInfoExtension and EtsiOriginatingHeaderInfoExtension.

Ieee1609Dot2HeaderInfoContributedExtensions
IEEE1609DOT2-HEADERINFO-CONTRIBUTED-EXTENSION ::= {
{Ieee1609ContributedHeaderInfoExtension IDENTIFIED BY
ieee1609HeaderInfoContributorId} |
{EtsiOriginatingHeaderInfoExtension IDENTIFIED BY
etsiHeaderInfoContributorId},
...
}

HeaderInfoContributorId

This is an integer used to identify a HeaderInfo extension contributing organization. In this version of this standard two values are defined:

HeaderInfoContributorId ::= INTEGER (0..255)
ieee1609HeaderInfoContributorId HeaderInfoContributorId ::= 1
etsiHeaderInfoContributorId HeaderInfoContributorId ::= 2

SignerIdentifier

This structure allows the recipient of data to determine which keying material to use to authenticate the data. It also indicates the verification type to be used to generate the hash for verification, as specified in 5.3.1.

@note Critical information fields:

Fields:

SignerIdentifier ::= CHOICE {
digest HashedId8,
certificate SequenceOfCertificate,
self NULL,
...
}

Countersignature

This data structure is used to perform a countersignature over an already-signed SPDU. This is the profile of an Ieee1609Dot2Data containing a signedData. The tbsData within content is composed of a payload containing the hash (extDataHash) of the externally generated, pre-signed SPDU over which the countersignature is performed.

Countersignature ::= Ieee1609Dot2Data (WITH COMPONENTS {...,
content (WITH COMPONENTS {...,
signedData (WITH COMPONENTS {...,
tbsData (WITH COMPONENTS {...,
payload (WITH COMPONENTS {...,
data ABSENT,
extDataHash PRESENT
}),
headerInfo(WITH COMPONENTS {...,
generationTime PRESENT,
expiryTime ABSENT,
generationLocation ABSENT,
p2pcdLearningRequest ABSENT,
missingCrlIdentifier ABSENT,
encryptionKey ABSENT
})
})
})
})
})

EncryptedData

This data structure encodes data that has been encrypted to one or more recipients using the recipients’ public or symmetric keys as specified in 5.3.4.

@note Critical information fields:

Fields:

EncryptedData ::= SEQUENCE {
recipients SequenceOfRecipientInfo,
ciphertext SymmetricCiphertext
}

RecipientInfo

This data structure is used to transfer the data encryption key to an individual recipient of an EncryptedData. The option pskRecipInfo is selected if the EncryptedData was encrypted using the static encryption key approach specified in 5.3.4. The other options are selected if the EncryptedData was encrypted using the ephemeral encryption key approach specified in 5.3.4. The meanings of the choices are:

See Annex C.7 for guidance on when it may be appropriate to use each of these approaches.

@note If the encryption algorithm is SM2, there is no equivalent of the parameter P1 and so no input to the encryption process that uses the hash of the certificate.

@note If the encryption algorithm is SM2, there is no equivalent of the parameter P1 and so no input to the encryption process that uses the hash of the Ieee1609Dot2Data.

@note If the encryption algorithm is SM2, there is no equivalent of the parameter P1 and so no input to the encryption process that uses the hash of the empty string.

@note The material input to encryption is the bytes of the encryption key with no headers, encapsulation, or length indication. Contrast this to encryption of data, where the data is encapsulated in an Ieee1609Dot2Data.

Fields:

RecipientInfo ::= CHOICE {
pskRecipInfo PreSharedKeyRecipientInfo,
symmRecipInfo SymmRecipientInfo,
certRecipInfo PKRecipientInfo,
signedDataRecipInfo PKRecipientInfo,
rekRecipInfo PKRecipientInfo
}

SequenceOfRecipientInfo

This type is used for clarity of definitions.

SequenceOfRecipientInfo ::= SEQUENCE OF RecipientInfo

PreSharedKeyRecipientInfo

This data structure is used to indicate a symmetric key that may be used directly to decrypt a SymmetricCiphertext. It consists of the low-order 8 bytes of the hash of the COER encoding of a SymmetricEncryptionKey structure containing the symmetric key in question. The HashedId8 is calculated with the hash algorithm determined as specified in 5.3.9.3. The symmetric key may be established by any appropriate means agreed by the two parties to the exchange.

PreSharedKeyRecipientInfo ::= HashedId8

SymmRecipientInfo

This data structure contains the following fields:

Fields:

SymmRecipientInfo ::= SEQUENCE {
recipientId HashedId8,
encKey SymmetricCiphertext
}

PKRecipientInfo

This data structure contains the following fields:

Fields:

PKRecipientInfo ::= SEQUENCE {
recipientId HashedId8,
encKey EncryptedDataEncryptionKey
}

EncryptedDataEncryptionKey

This data structure contains an encrypted data encryption key, where the data encryption key is input to the data encryption key encryption process with no headers, encapsulation, or length indication.

Critical information fields: If present and applicable to the receiving SDEE, this is a critical information field as defined in 5.2.6. If an implementation receives an encrypted SPDU and determines that one or more RecipientInfo fields are relevant to it, and if all of those RecipientInfos contain an EncryptedDataEncryptionKey such that the implementation does not recognize the indicated CHOICE, the implementation shall indicate that the encrypted SPDU is not decryptable.

Fields:

SymmetricCiphertext

This data structure encapsulates a ciphertext generated with an approved symmetric algorithm.

@note Critical information fields: If present, this is a critical information field as defined in 5.2.6. An implementation that does not recognize the indicated CHOICE value for this type in an encrypted SPDU shall indicate that the signed SPDU is invalid in the sense of 4.2.2.3.2, that is, it is invalid in the sense that its validity cannot be established.

Fields:

One28BitCcmCiphertext

This data structure encapsulates an encrypted ciphertext for any symmetric algorithm with 128-bit blocks in CCM mode. The ciphertext is 16 bytes longer than the corresponding plaintext due to the inclusion of the message authentication code (MAC). The plaintext resulting from a correct decryption of the ciphertext is either a COER-encoded Ieee1609Dot2Data structure (see 6.3.41), or a 16-byte symmetric key (see 6.3.44).

The ciphertext is 16 bytes longer than the corresponding plaintext.

The plaintext resulting from a correct decryption of the ciphertext is a COER-encoded Ieee1609Dot2Data structure.

@note In the name of this structure, "One28" indicates that the symmetric cipher block size is 128 bits. It happens to also be the case that the keys used for both AES-128-CCM and SM4-CCM are also 128 bits long. This is, however, not what “One28” refers to. Since the cipher is used in counter mode, i.e., as a stream cipher, the fact that that block size is 128 bits affects only the size of the MAC and does not affect the size of the raw ciphertext.

Fields:

One28BitCcmCiphertext ::= SEQUENCE {
nonce OCTET STRING (SIZE (12)),
ccmCiphertext Opaque
}

Aes128CcmCiphertext

This type is defined only for backwards compatibility.

Aes128CcmCiphertext ::= One28BitCcmCiphertext

TestCertificate

This structure is a profile of the structure CertificateBase which specifies the valid combinations of fields to transmit implicit and explicit certificates.

@note Canonicalization: This data structure is subject to canonicalization for the relevant operations specified in 6.1.2. The canonicalization applies to the CertificateBase.

TestCertificate ::= Certificate

SequenceOfCertificate

This type is used for clarity of definitions.

SequenceOfCertificate ::= SEQUENCE OF Certificate

CertificateBase

The fields in this structure have the following meaning:

@note Canonicalization: This data structure is subject to canonicalization for the relevant operations specified in 6.1.2. The canonicalization applies to the ToBeSignedCertificate and to the Signature.

@note Whole-certificate hash: If the entirety of a certificate is hashed to calculate a HashedId3, HashedId8, or HashedId10, the algorithm used for this purpose is known as the whole-certificate hash. The method used to determine the whole-certificate hash algorithm is specified in 5.3.9.2.

Fields:

CertificateBase ::= SEQUENCE {
version Uint8(3),
type CertificateType,
issuer IssuerIdentifier,
toBeSigned ToBeSignedCertificate,
signature Signature OPTIONAL
}

CertificateType

This enumerated type indicates whether a certificate is explicit or implicit.

@note Critical information fields: If present, this is a critical information field as defined in 5.2.5. An implementation that does not recognize the indicated CHOICE for this type when verifying a signed SPDU shall indicate that the signed SPDU is invalid in the sense of 4.2.2.3.2, that is, it is invalid in the sense that its validity cannot be established.

CertificateType ::= ENUMERATED {
explicit,
implicit,
...
}

ImplicitCertificate

This is a profile of the CertificateBase structure providing all the fields necessary for an implicit certificate, and no others.

ImplicitCertificate ::= CertificateBase (WITH COMPONENTS {...,
type(implicit),
toBeSigned(WITH COMPONENTS {...,
verifyKeyIndicator(WITH COMPONENTS {reconstructionValue})
}),
signature ABSENT
})

ExplicitCertificate

This is a profile of the CertificateBase structure providing all the fields necessary for an explicit certificate, and no others.

ExplicitCertificate ::= CertificateBase (WITH COMPONENTS {...,
type(explicit),
toBeSigned (WITH COMPONENTS {...,
verifyKeyIndicator(WITH COMPONENTS {verificationKey})
}),
signature PRESENT
})

IssuerIdentifier

This structure allows the recipient of a certificate to determine which keying material to use to authenticate the certificate.

If the choice indicated is sha256AndDigest, sha384AndDigest, or sm3AndDigest:

Fields:

ToBeSignedCertificate

The fields in the ToBeSignedCertificate structure have the following meaning:

For both implicit and explicit certificates, when the certificate is hashed to create or recover the public key (in the case of an implicit certificate) or to generate or verify the signature (in the case of an explicit certificate), the hash is Hash (Data input) || Hash ( Signer identifier input), where:

Fields:

CertificateId

This structure contains information that is used to identify the certificate holder if necessary.

@note Critical information fields:

Fields:

CertificateId ::= CHOICE {
linkageData LinkageData,
name Hostname,
binaryId OCTET STRING(SIZE(1..64)),
none NULL,
...
}

LinkageData

This structure contains information that is matched against information obtained from a linkage ID-based CRL to determine whether the containing certificate has been revoked. See 5.1.3.4 and 7.3 for details of use.

Fields:

PsidGroupPermissions

This type indicates which type of permissions may appear in end-entity certificates the chain of whose permissions passes through the PsidGroupPermissions field containing this value. If app is indicated, the end-entity certificate may contain an appPermissions field. If enroll is indicated, the end-entity certificate may contain a certRequestPermissions field.

This structure states the permissions that a certificate holder has with respect to issuing and requesting certificates for a particular set of PSIDs. For examples, see D.5.3 and D.5.4.

Fields:

PsidGroupPermissions ::= SEQUENCE {
subjectPermissions SubjectPermissions,
minChainLength INTEGER DEFAULT 1,
chainLengthRange INTEGER DEFAULT 0,
eeType EndEntityType DEFAULT {app}
}

SequenceOfPsidGroupPermissions

This type is used for clarity of definitions.

SequenceOfPsidGroupPermissions ::= SEQUENCE OF PsidGroupPermissions

SubjectPermissions

This indicates the PSIDs and associated SSPs for which certificate issuance or request permissions are granted by a PsidGroupPermissions structure. If this takes the value explicit, the enclosing PsidGroupPermissions structure grants certificate issuance or request permissions for the indicated PSIDs and SSP Ranges. If this takes the value all, the enclosing PsidGroupPermissions structure grants certificate issuance or request permissions for all PSIDs not indicated by other PsidGroupPermissions in the same certIssuePermissions or certRequestPermissions field.

@note Critical information fields:

Fields:

VerificationKeyIndicator

The contents of this field depend on whether the certificate is an implicit or an explicit certificate.

@note Critical information fields: If present, this is a critical information field as defined in 5.2.5. An implementation that does not recognize the indicated CHOICE for this type when verifying a signed SPDU shall indicate that the signed SPDU is invalid indicate that the signed SPDU is invalid in the sense of 4.2.2.3.2, that is, it is invalid in the sense that its validity cannot be established.

@note Canonicalization: This data structure is subject to canonicalization for the relevant operations specified in 6.1.2. The canonicalization applies to the PublicVerificationKey and to the EccP256CurvePoint. The EccP256CurvePoint is encoded in compressed form, i.e., such that the choice indicated within the EccP256CurvePoint is compressed-y-0 or compressed-y-1.

Fields:

VerificationKeyIndicator ::= CHOICE {
verificationKey PublicVerificationKey,
reconstructionValue EccP256CurvePoint,
...
}

Ieee1609HeaderInfoExtensionId

This structure uses the parameterized type Extension to define an Ieee1609ContributedHeaderInfoExtension as an open Extension Content field identified by an extension identifier. The extension identifier value is unique to extensions defined by ETSI and need not be unique among all extension identifier values defined by all contributing organizations.

This is an integer used to identify an Ieee1609ContributedHeaderInfoExtension.

Ieee1609HeaderInfoExtensionId ::= ExtId
p2pcd8ByteLearningRequestId Ieee1609HeaderInfoExtensionId ::= 1

Ieee1609HeaderInfoExtensions

This is the ASN.1 Information Object Class that associates IEEE 1609 HeaderInfo contributed extensions with the appropriate Ieee1609HeaderInfoExtensionId value.

Ieee1609HeaderInfoExtensions EXT-TYPE ::= {
{HashedId8 IDENTIFIED BY p2pcd8ByteLearningRequestId},
...
}

SequenceOfAppExtensions

This structure contains any AppExtensions that apply to the certificate holder. As specified in 5.2.4.2.3, each individual AppExtension type is associated with consistency conditions, specific to that extension, that govern its consistency with SPDUs signed by the certificate holder and with the CertIssueExtensions in the CA certificates in that certificate holder’s chain. Those consistency conditions are specified for each individual AppExtension below.

SequenceOfAppExtensions ::= SEQUENCE (SIZE(1..MAX)) OF AppExtension

AppExtension

This structure contains an individual AppExtension. AppExtensions specified in this standard are drawn from the ASN.1 Information Object Set SetCertExtensions. This set, and its use in the AppExtension type, is structured so that each AppExtension is associated with a CertIssueExtension and a CertRequestExtension and all are identified by the same id value. In this structure:

Fields:

AppExtension ::= SEQUENCE {
id CERT-EXT-TYPE.&id({SetCertExtensions}),
content CERT-EXT-TYPE.&App({SetCertExtensions}{@.id})
}

SequenceOfCertIssueExtensions

This field contains any CertIssueExtensions that apply to the certificate holder. As specified in 5.2.4.2.3, each individual CertIssueExtension type is associated with consistency conditions, specific to that extension, that govern its consistency with AppExtensions in certificates issued by the certificate holder and with the CertIssueExtensions in the CA certificates in that certificate holder’s chain. Those consistency conditions are specified for each individual CertIssueExtension below.

SequenceOfCertIssueExtensions ::=
SEQUENCE (SIZE(1..MAX)) OF CertIssueExtension

CertIssueExtension

This field contains an individual CertIssueExtension. CertIssueExtensions specified in this standard are drawn from the ASN.1 Information Object Set SetCertExtensions. This set, and its use in the CertIssueExtension type, is structured so that each CertIssueExtension is associated with a AppExtension and a CertRequestExtension and all are identified by the same id value. In this structure:

Fields:

SequenceOfCertRequestExtensions

This field contains any CertRequestExtensions that apply to the certificate holder. As specified in 5.2.4.2.3, each individual CertRequestExtension type is associated with consistency conditions, specific to that extension, that govern its consistency with AppExtensions in certificates issued by the certificate holder and with the CertRequestExtensions in the CA certificates in that certificate holder’s chain. Those consistency conditions are specified for each individual CertRequestExtension below.

SequenceOfCertRequestExtensions ::= SEQUENCE (SIZE(1..MAX)) OF CertRequestExtension

CertRequestExtension

This field contains an individual CertRequestExtension. CertRequestExtensions specified in this standard are drawn from the ASN.1 Information Object Set SetCertExtensions. This set, and its use in the CertRequestExtension type, is structured so that each CertRequestExtension is associated with a AppExtension and a CertRequestExtension and all are identified by the same id value. In this structure:

Fields:

OperatingOrganizationId

This type is the AppExtension used to identify an operating organization. The associated CertIssueExtension and CertRequestExtension are both of type OperatingOrganizationId. To determine consistency between this type and an SPDU, the SDEE specification for that SPDU is required to specify how the SPDU can be used to determine an OBJECT IDENTIFIER (for example, by including the full OBJECT IDENTIFIER in the SPDU, or by including a RELATIVE-OID with clear instructions about how a full OBJECT IDENTIFIER can be obtained from the RELATIVE-OID). The SPDU is then consistent with this type if the OBJECT IDENTIFIER determined from the SPDU is identical to the OBJECT IDENTIFIER contained in this field. This AppExtension does not have consistency conditions with a corresponding CertIssueExtension. It can appear in a certificate issued by any CA.

OperatingOrganizationId ::= OBJECT IDENTIFIER
certExtId-OperatingOrganization ExtId ::= 1
instanceOperatingOrganizationCertExtensions CERT-EXT-TYPE ::= {
ID certExtId-OperatingOrganization
APP OperatingOrganizationId
ISSUE NULL
REQUEST NULL
}

SetCertExtensions

This Information Object Set is a collection of Information Objects used to contain the AppExtension, CertIssueExtension, and CertRequestExtension types associated with a specific use of certificate extensions. In this version of this standard it only has a single entry instanceOperatingOrganizationCertExtensions.

SetCertExtensions CERT-EXT-TYPE ::= {
instanceOperatingOrganizationCertExtensions,
...
}