Interpretation of Chinese C-V2X SPDU format

1. Introduction to SPDU
SPDU, namely Secure Protocol Data Unit, is a message structure for transmission between V2X devices. The structure is as follows:

SecuredMessage ::= SEQUENCE {
    version        Uint8,		// Version number, currently 2
    payload        Payload		// Message load 
}

The message payload is further divided into three types of messages:

Payload ::=CHOICE {
  unSecuredData         Opaque,          // Unsigned, unencrypted payload
  signedData            SignedData,      // Signature load
  encData               EncryptedData    // Encrypted load
}

The following mainly interprets the signed SPDU.

2. Signed SPDU
The following figure shows the main structure of SPDU with payload of payload:
The signature load mainly consists of three parts

SignedData ::= SEQUENCE {
  signer        SignedInfo,  // Signer's information, certificate, certificate chain or certificate hash value,
  tbs           TBSData,	 // To Be Signed Data
  sign          Signature    // autograph
}

signer contains a certificate to verify the validity of the certificate, and the public key is used to verify the validity of the signature.

SignedInfo ::= CHOICE {
  self                   NULL,                  // Self signed is empty, used to apply for registration certificate
  certificate            SequenceOfCertificate, // Certificate or certificate chain
  certificateDigest      CertificateDigest,     // The hash value of the certificate, 
  ...
}

The signed data consists of three parts, whose structure is as follows:

TBSData : : = SEQUENCE {
  headerInfo    HeaderInfo,   	// Message header
  data          OCTET STRING (SIZE(0..MAX)) Optional,   // BSM,RSM,MAP and other messages
  extHash       OCTET STRING (SIZE(32)) Optional  // Data has been sent or is large, not sending data, sending summary
}

The message header structure is as follows:

HeaderInfo ::= SEQUENCE {
  itsAid		INTEGER,					// Intelligent transportation application sign
  hashAlg		HashAlgorithm Optional,		// Digest algorithm used by digest and ext, SM3 or sha-256, etc
  genTime		TIME64 Optional,			// Message generation time
  expiryTime	TIME64 Optional,			// Message expiration time
  location	    ThreeDLocation,				// Geographic coordinates of message generation
  digest		HashedId3 Optional,			// Certificate identification
  encKey		PublicEncryptionKey Optional	// The response data needs to be encrypted with the symmetric encryption algorithm specified by encKey and the symmetric key with the specified public key
}

The signature structure is as follows:

Signature ::= SEQUENCE {
  curve		EccCurve,
  r 	    ECCPoint,
  s			OCTET STRING (SIZE(32))
}

3. Summary
This paper makes a simple interpretation of the signed SPDU message, mainly referring to the specification document of application interface of intelligent transportation digital certificate (GB/T 37374-2019).

Posted on Mon, 18 May 2020 10:28:21 -0400 by sheilam