Приложение А (обязательное). Модули ASN.1. Предварительный национальный стандарт ПНСТ 344-2018 "Интеллектуальные транспортные системы. Автоматическая идентификация транспортного средства и оборудования. Электронная регистрация идентификационных данных транспортных средств. Часть 4. Безопасный обмен данными с использованием асимметричных технологий" (утв. и введен в действие приказом Федерального агентства по техническому регулированию и метрологии от 31.12.2018 N 76-пнст) (документ прекратил действие)

Приложение А
(обязательное)

Модули ASN.1

А.1 Обзор

Это приложение содержит следующие модули ASN.1:

модуль транзакции;

уменьшенный модуль, для того чтобы показать, каким образом его можно использовать.

Информационный модуль ТС ElectronicRegistrationIdentificationVehicleDataModule приведен в ПНСТ 343-2018.

А.2 Модули

Примечание - Этот раздел можно в целом преобразовать в простой текст и затем скомпилировать, поэтому он не содержит заголовков и заголовков дополнительных предложений.

А.2.1 Модуль операций

ElectronicRegistrationIdentificationTransactionsModule

{iso (1) standard (0) iso24534 (24534) транзакции (2) версия (0)}

ОПРЕДЕЛЕНИЯ АВТОМАТИЧЕСКИЕ ТЕГИ ::= НАЧАТЬ

- Операции с электронной регистрацией идентификационных данных (ERI)

- ЭКСПОРТ все;

ИМПОРТ

	RegistrationAuthority, Vehicleld, AdditionalEriData, Entityld
			FROM ElectronicRegistrationIdentificationVehicleDataModule;
EriPdu ::= CHOICE {
		requestPdu		EriRequestPdu,
		reponsePdu		EriResponsePdu
		}
EriRequestPdu ::= SEQUENCE {
		transactCode		TRANSACTION.&transactionCode ( {EriTransactions}),
		argument		TRANSACTION.&ArgumentType
				( {EriTransactions} {@.transactCode}) OPTIONAL
		}
EriResponsePdu ::= CHOICE {
		resultPdu		EriResultPdu,
		errorPdu		EriErrorPdu
		}
EriResultPdu ::= SEQUENCE {
		transactCode		TRANSACTION.&transactionCode ( {EriTransactions}),
		result		TRANSACTION.&ResultType ( {EriTransactions}
		}		{@.transactCode})
EriErrorPdu ::= SEQUENCE {
		transactCode		TRANSACTION.&transactionCode ( {EriTransactions}),
		error		TRANSACTION.&ErrorCodes ( {EriTransactions}
		}		{@.transactCode})

А.2.2 Операции

TRANSACTION ::= CLASS {
	&ArgumentType	,
	&ResultType	,
	&ErrorCodes	ErrorCode OPTIONAL,
	&transactionCode	INTEGER UNIQUE
	}
WITH SYNTAX {
	ARGUMENT	&ArgumentType
	RESULT	&ResultType
	[ERRORS	&ErrorCodes]
	CODE	&transactionCode
	}
EriTransactions TRANSACTION ::= {
	getEriData
getAuthenticatedEriData
	setEriData getCiphertextHistoricEriData getCleartextHistoricEriData
	getPublicCertificateVerificationKeyld getPublicEnciphermentKeyErt
	commissionErt withdrawCommissioning
	getCiphertextHistoricComData getCleartextHistoricComData
	updateAccessControlList	getCiphertextAccessControlListEntry
getCleartextAccessControlListEntry		getErtCapabilities
	}

A.2.3 Получить данные ERI

getEriData TRANSACTION ::= {
	ARGUMENT	GetEriDataArgument
	RESULT	GetEriDataResult
	ERRORS	{notCustomized}
	CODE	1
	}
GetEriDataArgument ::= SEQUENCE {
	onBehalfOf	Entityld OPTIONAL,
	challenge	Challenge,
	includeAdditionalData	BOOLEAN
	}
GetEriDataResult ::= SEQUENCE {
	registrationAuthority	RegistrationAuthority OPTIONAL,
	eriResultData	SECURED {CleartextEriData}
	}

А.2.4 Аутентификация данных ERI

getAuthenticatedEriData TRANSACTION ::= {
	ARGUMENT	GetAuthenticatedEriDataArgument
	RESULT	GetAuthenticatedEriDataResult
	ERRORS	{notCustomized}
	CODE	2
	}
GetAuthenticatedEriDataArgument ::= SEQUENCE {
	ertHolderCredentials	ErtHolderCredentials,
	challenge	Challenge,
	includeAdditionalData	BOOLEAN
	}
GetAuthenticatedEriDataResult ::= SEQUENCE {
	registrationAuthority Entityld OPTIONAL,
	authenticateResultData	CLEAR-SECURED {CleartextEriData}
	}

A.2.5 Данные ERI и флаги безопасности ERT

CleartextEriData ::= SEQUENCE {
	eriDataOrld		EriDataOrld,
	ertSecurityStatus		ErtSecurityFlags OPTIONAL
	}
EriDataOrld ::= CHOICE {
	vehicleld		Vehicleld,
	unsignedDatedEriData		DATED {EriData},
	datedAndSignedEriData		SIGNED {DATED {EriData}, PrivateSignatureKey} -- ВОЕ
	}		signed
EriData ::= SEQUENCE {
	id		Vehicleld,
	additionalEriData		OCTET STRING (CONTAINING AdditionalEriData)
			OPTIONAL
	}
ErtSecurityFlags ::= BIT STRING {
	flagsHaveBeenResetted (0), notCommissioned (1),
	lowSupplyVoltageIndication (2), highSupplyVoltageIndication
(3),	lowClockFrequencyIndication (4), highClockFrequencyIndication
(5),	lowTemperatureIndication (6), highTemperatureIndication (7)
	} (SIZE (0..16))	-- bit 8 .. 15 reserved for future use

А.2.6 Установка данных ERI

setEriData TRANSACTION ::= {
	ARGUMENT	SetEriDataArgument
	RESULT	NULL
	ERRORS	{SetEriDataErrors}
	CODE	3
	}
SetEriDataArgument ::= CHOICE {
	clearTextArgument	ClearTextSetEriDataArgument,
	encryptedArgument	ENCRYPTED
		{ClearTextSetEriDataArgument}
	}
ClearTextSetEriDataArgument ::= CHOICE {
	authenticatedEriData	BOE-AUTHENTICATED {DATED
		{EriData}},
	notAuthenticatedEriData	DATED {EriData}
	}
SetEriDataErrors ErrorCode ::= {
	illegalArgument	illegalVehicleld
	illegalCertificate	illegalSignature
	illegalDate |	notCommissioned
	resourceLimitExceeded	otherError
	}

A.2.7 Получение исторических данных ERI

getCiphertextHistoricEriData TRANSACTION ::= {
	ARGUMENT		GetCiphertextHistoricEriDataArgument
	RESULT		SECURED {HistoricEriData}
	ERRORS		{notCustomized}
	CODE		4
	}
GetCiphertextHistoricEriDataArgument ::= SEQUENCE {
	onBehalfOf	Entityld OPTIONAL,
	challenge	Challenge,
	number	INTEGER (1..int4)
	}
getCleartextHistoricEriData TRANSACTION ::= {
	ARGUMENT		GetCleartextHistoricEriDataArgument
	RESULT		CLEAR-SECURED {HistoricEriData}
	ERRORS		{notCustomized}
	CODE	5
	}
GetCleartextHistoricEriDataArgument ::= SEQUENCE {
	credentials	ErtHolderCredentials,
	challenge	Challenge,
	number	INTEGER (1..int4)
	}
HistoricEriData ::= SEQUENCE {
	number	INTEGER (1..int4),
	outOf	INTEGER (1..int4),
	historicRecord	ClearTextSetEriDataArgument
	}

A.2.8 Получение общедоступного ключа проверки

getPublicCertificateVerificationKeyld TRANSACTION ::= {
	ARGUMENT	NULL
	RESULT	Keyld
	CODE	6
	}
getPublicEnciphermentKeyErt TRANSACTION ::= {
	ARGUMENT	BOE-AUTHENTICATED
		{Vehicleld}
	RESULT	PublicEnciphermentKey
	ERRORS	{GetPublicEnciphermentKeyErrors}
	CODE	7
	}
GetPublicEnciphermentKeyErrors ErrorCode ::= {
	illegalArgument	illegalVehicleld
	illegalCertificate	illegalSignature
	illegalEntity	noDeciphermentCapability
	otherError	}

A.2.9 Введение в эксплуатацию

commissionErt TRANSACTION ::= {
	ARGUMENT	CommissionErtArgument
	RESULT	NULL
	ERRORS	{CommissionErtErrors}
	CODE	8
	}
CommissionErtArgument ::= CHOICE {
	authenticatedData	BOE-AUTHENTICATED {DATED
		{CommissioningData}},
	notAuthenticatedData	DATED {CommissioningData}
	}
CommissioningData ::= SEQUENCE {
	vehicleld	Vehicleld,
	registrationAuthority	Entityld,
	resetSecurityFlags	BOOLEAN,
	enciphermentKeyld	Keyld OPTIONAL,
	publicEnciphermentKeyAuthority	PublicEnciphermentKey OPTIONAL,
	publicVerificationKeyCertificate	ErtCertificate OPTIONAL,
	privateData ENCRYPTED {PrivateCommissioningData} OPTIONAL
	}
PrivateCommissioningData ::= SEQUENCE {
	privateSignatureKeyErt	PrivateSignatureKey
		OPTIONAL,
	pin	PIN OPTIONAL
	}
CommissionErtErrors ErrorCode ::= {
	illegalArgument	illegalVehicleld
	illegalCertificate	illegalSignature |
	illegalEntity	illegalDate
	notCustomized	resourceLimitExceeded
	noEnciphermentCapability	secretKeyEncryptionAlgorithmNotSupported
	publicKeyEncryptionAlgorithmNotSupported
	noSigningCapability hashingAlgorithmNotSupported
	signingAlgorithmNotSupported
	otherError }

А.2.10 Ввод в эксплуатацию

withdrawCommissioning TRANSACTION ::= {
	- this transaction also removes all public encipherment keys
	ARGUMENT	WithdrawCommissioningArgument
	RESULT	SECURED
		{WithdrawCommissioningResultData}
	ERRORS	{WithdrawCommissioningErrors}
	CODE	withdrawCommissioningCode
	}
withdrawCommissioningCode INTEGER ::= 9
WithdrawCommissioningArgument ::= CHOICE {
authenticatedData BOE-AUTHENTICATED {Vehiicleld}, notAuthenticatedData Vehicleld
	}
WithdrawCommissioningResultData ::= [APPLICATION withdrawCommissioningCode ] SEQUENCE {
	withdrawn WithdrawCommissioningArgument, historicComData
	HistoricComData
	}
WithdrawCommissioningErrors ErrorCode ::= {
	illegalArgument	illegalVehicleld
	illegalCertificate	illegalSignature
	illegalEntity	illegalDate
	notCustomized	notCommissioned
	otherError	}

A.2.11 Получение исторических данных ввода в эксплуатацию

getCiphertextHistoricComData TRANSACTION ::= {
	ARGUMENT	GetCiphertextHistoricComDataArgument
	RESULT	SECURED {HistoricComData}
	ERRORS	{notCommissioned}
	CODE	9
	}
GetCiphertextHistoricComDataArgument ::= SEQUENCE {
	onBehalfOf	Entityld
		OPTIONAL,
	challenge	Challenge,
	number	INTEGER (1..int4)
	}
getCleartextHistoricComData TRANSACTION ::= {
	ARGUMENT	GetCleartextHistoricComDataArgument
	RESULT	CLEAR-SECURED {HistoricComData}
	ERRORS	{notCommissioned}
	CODE	10
	}
GetCleartextHistoricComDataArgument ::= SEQUENCE {
	credentials	ErtHolderCredentials,
	challenge	Challenge,
	number	INTEGER (1..int4)
	}
HistoricComData ::= SEQUENCE {
	number	INTEGER (1..int4),
	outOf	INTEGER (1..int4),
	historicRecord	CommissionErtArgument
	}

А.2.12 Обновление списка управления доступом

updateAccessControlList TRANSACTION ::= {
	ARGUMENT	UpdateAccessControlListArgument
	RESULT	NULL
	ERRORS	{UpdateAccessControlListErrors}
	CODE	11
	}
UpdateAccessControlListArgument ::= CHOICE {
	authorityUpdate SIGNED {AccessControlListUpdate, PrivateSignatureKey},
	holderUpdate HolderAccessControlListUpdate
	}
HolderAccessControlListUpdate ::= SEQUENCE {
	credentials ErtHolderCredentials,
	entry AccessControlListUpdate
	}
AccessControlListUpdate ::= SEQUENCE {
	mode	ENUMERATED {deleteAIIAndAdd (0), add (1), delete
		(2)}
		DEFAULT add,
	entry	AccessControlEntry OPTIONAL
	}
AccessControlEntry ::= SEQUENCE {
	id	Entityld,
	name	Text OPTIONAL,
	enciphermentKeyld	Keyld OPTIONAL,
	publicEnciphermentKeyReader	PublicEnciphermentKey OPTIONAL
	}
UpdateAccessControlListErrors ErrorCode ::= {
	illegalArgument illegalVehicleld
	illegalSignature illegalHolderAccess
	illegalDate noEntry
	resourceLimitExceeded noEnciphermentCapability
	otherError }

A.2.13 Получение списка управления доступом

getCiphertextAccessControlListEntry TRANSACTION ::= {
	ARGUMENT		GetCiphertextAccessControlListEntryArgument
	RESULT		SECURED {AuthorityAccessControlListEntry}
	CODE		12
	}
GetCiphertextAccessControlListEntryArgument ::= SEQUENCE {
	challenge	Challenge,
	number	INTEGER (1..int4)
	}
getCleartextAccessControlListEntry TRANSACTION ::= {
	ARGUMENT	GetCleartextAccessControlListEntryArgument
	RESULT	CLEAR-SECURED {AccessControlListEntry}
	ERRORS	{GetCleartextAccessControlListEntryErrors}
	CODE	13
	}
GetCleartextAccessControlListEntryArgument ::= SEQUENCE {
	credentials	ErtHolderCredentials,
	challenge	Challenge,
	number	INTEGER (1..int4)
	}
AuthorityAccessControlListEntry ::= AccessControlListEntry (WITH COMPONENTS {..., holderEntry
ABSENT} ) AccessControlListEntry ::= SEQUENCE {
	number	INTEGER (0..int4),
	outOf	INTEGER (0..int4),
	authorityEntry	AccessControlEntry
		OPTIONAL,
	holderEntry	AccessControlEntry
		OPTIONAL
	}
GetCleartextAccessControlListEntryErrors ErrorCode ::= {
	illegalArgument	illegalVehicleld
	illegalHolderAccess	otherError
	}

A.2.14 Получение возможностей ERT

getErtCapabilities TRANSACTION ::= {
	ARGUMENT	NULL
	RESULT	ErtCapabilities
	CODE	15
	}
ErtCapabilities ::= SEQUENCE {
	supportedTransactions	SEQUENCE OF INTEGER,
	hashingAlgorithms	SEQUENCE OF HashingAlgorithm OPTIONAL,
	signingAlgorithms	SEQUENCE OF PublicKeyAlgorithm OPTIONAL,
	signature VerificationAlgorithms	SEQUENCE OF PublicKeyAlgorithm OPTIONAL,
	secretKeyEncryptionAlgorithms	SEQUENCE OF SecretKeyAlgorithm OPTIONAL,
	publicKeyEncryptionAlgorithms	SEQUENCE OF PublicKeyAlgorithm OPTIONAL,
	publicKeyDecryptionAlgorithms	SEQUENCE OF PublicKeyAlgorithm OPTIONAL,
	maxBitsPublicKeys	INTEGER (0..int4),
	maxOctetsPin	INTEGER (0..int4),
	maxOctetsSetArgument	INTEGER (0..int4),
	maxNumberSetArguments	INTEGER (1..int4),
	maxNumberComArguments	INTEGER (1..int4),
	maxSizeAccessControlList	INTEGER (0..int4),
	maxNumberAuthorities	INTEGER (0..int4),
	maxNumberAddServProviders	INTEGER (0..int4),
	ertSecurityIndicationSupport	ErtSecurityFlags,
	maxInteger	INTEGER (1..int4),
	maxStringSize	INTEGER (1.. int4),
	...
	}

A.2.15 Маркировка и аутентификация ERT

SECURED {ToBeSecured} ::= CHOICE {
	authenticatedAndEncrypted ENCRYPTED {ERT-AUTHENTICATED {TAGGED
{ToBeSecured}}}, authenticated ERT-AUTHENTICATED {TAGGED {ToBeSecured}},
	encrypted	ENCRYPTED {TAGGED {ToBeSecured}},
	cleartext	TAGGED {ToBeSecured}
	}
CLEAR-SECURED {ToBeSecured} ::= SECURED {ToBeSecured} (WITH COMPONENTS
	{authenticatedAndEncrypted ABSENT, encrypted ABSENT} )
TAGGED {ToBeTagged} ::= SEQUENCE {
	ertNumber		ErtNumber,
	challenge		Challenge OPTIONAL,
	sequenceNumber		INTEGER (1..int4)
			OPTIONAL,
	tobeTagged		ToBeTagged
	}
ERT-AUTHENTICATED {ToBeErtAuthenticated} ::= SEQUENCE {
	ertSigned	SIGNED {ToBeErtAuthenticated, PrivateSignatureKey},
	publicVerificationKeyCertificate ErtCertificate
	}
ErtCertificate ::= SIGNED {ErtCertificationData, PrivateSignatureKey}
ErtCertificationData ::= SEQUENCE {
	vehicleld		Vehicleld,
	publicVerificationKey		PublicVerificationKey,
	signatoryld		Entityld,
	date		DATE
	}

А.2.16 Даты и аутентификация ВОЕ

DATED {ToBeDated} ::= SEQUENCE {
	date DATE,
validThru DATE OPTIONAL, issuer				Entityld,
	toBeDated	ToBeDated
	}
BOE-AUTHENTICATED {ToBeBoeAuthenticated} ::= SEQUENCE {
signedParameter SIGNED {ToBeBoeAuthenticated, PrivateSignatureKey}, certificates SEQUENCE
SIZE(1..2) OF BoeCertificate
	}
BoeCertificate ::= SIGNED {BoeCertificationData, PrivateSignatureKey}
BoeCertificationData ::= SEQUENCE {
entityld Entityld, entityRole EntityRole, entityName Text
OPTIONAL, publicKey Key,
	signatoryld		Entityld, signatoryName Text
OPTIONAL, signatoryRole EntityRole, date DATE,
	validThru		DATE
	}
EntityRole ::= ENUMERATED {
	topLevelCertificationAuthority (0), intermediateCertificationAuthority (1),
	manufacturer (2),			registrationAuthority
				(3),
	authority (4),			serviceProvider (5),
	eriHolder (6)			}

A.2.17 Подписание

SIGNED {ToBeSigned, PrivateSignatureKey} ::= SEQUENCE {
	toBeSigned		ToBeSigned,
	hashingAlgorithm	HashingAlgorithm DEFAULT sha1,
	signatureAlgorithm		PublicKeyAlgorithm DEFAULT ellipticCurve,
	signature	SIGNATURE {ToBeSigned, HashingAlgorithm,
			PublicKeyAlgorithm, PrivateSignatureKey}
	}
	SIGNATURE {ToBeSigned, HashingAlgorithm, SignatureAlgorithm, PrivateSignatureKey} ::=
	BIT STRING (CONSTRAINED BY
{HashingAlgorithm, -- and -- SignatureAlgorithm, -- with -- PrivateSignatureKey, -- applied to -- ToBeSigned})
Challenge ::= INTEGER (1..int4)

A.2.18 Шифрование

ENCRYPTED {ToBeErtEncrypted} ::= SEQUENCE {
	enciphermentKeyld Keyld,
	publicKeyEncryptionAlgorithm	PublicKeyAlgorithm DEFAULT ellipticCurve,
	secretKeyEncryptionAlgorithm	SecretKeyAlgorithm DEFAULT aes,
	encryptedKey KEY-ENCRYPTION {SecretTransactionKey,
	PublicKeyAlgorithm, PublicEnciphermentKey}, ciphertext CIPHER-TEXT
{ToBeErtEncrypted,		SecretKeyAlgorithm, SecretTransactionKey}
	}
KEY-ENCRYPTION {KeyToBeEncrypted, PublicKeyAlgorithm, PublicEnciphermentKey} ::=
	BIT STRING ( CONSTRAINED BY {
	PublicKeyAlgorithm, -- with -- PublicEnciphermentKey, -- applied to -- KeyToBeEncrypted
	-- or random bit string with same length if no public key is available --} )
CIPHER-TEXT {ToBeEncrypted, SecretKeyAlgorithm, SecretKey} ::=
	BIT STRING ( CONSTRAINED BY {
	SecretKeyAlgorithm, -- with -- SecretKey, -- applied to -- ToBeEncrypted
	-- or random bit string with same length if no public key is available --} )

A.2.19 Алгоритмы шифрования

	HashingAlgorithm ::= ENUMERATED {
	sha1,
	... }
PublicKeyAlgorithm ::= ENUMERATED {
	ellipticCurve,
	... }
SecretKeyAlgorithm ::= ENUMERATED {
	aes,
	... }

A.2.20 Учетные данные и ключи

ErtHolderCredentials ::= SEQUENCE {
	vehicleld	Vehicleld,
	pin PIN
	}
SecretTransactionKey ::=				Key
PublicEnciphermentKey ::=				Key
PrivateDeciphermentKey ::=				Key
PrivateSignatureKey ::=				Key
PublicVerificationKey ::= Key
Key			::= BIT STRING
PIN			::= NumericString (SIZE(4))
Keyld			::= INTEGER (0..65535)

A.2.21 Идентификатор ERT

ErtNumber ::= INTEGER

A.2.22 Текст

Text ::= UTF8String (SIZE (1..256))

-- int4

int4 INTEGER ::= 4294967295

А.2.23 Коды ошибок

ErrorCode ::= ENUMERATED {
	illegalArgument,	illegalVehicleld,
	illegalCertificate,	illegalSignature,
	illegalEntity,	illegalHolderAccess,
	illegalDate,	notCustomized,
	notCommissioned,	noEntry,
	resourceLimitExceeded,
-- encipherment support errors
	noEnciphermentCapability,
	noDeciphermentCapability,
	secretKeyEncryptionAlgorithmNotSupported,
	publicKeyEncryptionAlgorithmNotSupported,
-- authentication support errors
	noSigningCapability,
	noSignatureVerificationCapability,
	hashingAlgorithmNotSupported,
	signingAlgorithmNotSupported,
	otherError,
	... }
END