Modify Key Command (encrypted)
This ASM implements the Project 25 OTAR Modify Key Command message.
Usage Notes
- This message is sent from the Key Management Facility to the Mobile Radio (MR) to modify one or more keys in the keyset.
- This message is broadcast as a non-addressed message, to reduce the message size, and to avoid issues from a relocated RSI to a different MMSI.
- The “Number of Keys” field is set at two per message, in order to reduce and fix message size within AIS slot count limits.
Version 0:
This is an RTCM compliant implementation of the Project 25 OTAR Modify Key Command.
This ASM only has an AIS Message 26 variant.
Modify Key Command (Message 26, broadcast)
|
|
Parameter |
# of Bits |
Description |
|
|
|||
Standard Message Header |
Message ID |
6 |
Identifier for Message 26; always (decimal) 26. |
|
Repeat Indicator |
2 |
Indicates how many times a message has been repeated. 0 – 3; 0 = default; 3 = do not repeat any more. Set to zero (default). |
||
Source MMSI |
30 |
MMSI number of source station. Varies according to the transmitter ID. |
||
Destination Indicator |
1 |
0 = broadcast (no Destination ID field) 1 = Addressed (30 bit Destination ID field). Set to zero (broadcast). |
||
Binary Data Flag |
1 |
0 = unstructured binary data (no Application Identifier bits used) 1 = binary data coded as defined by the 16-bit AI. Set to 1 (structured). |
||
Destination ID |
0 |
MMSI number of destination station. Not used. |
||
Spare |
0 |
Not used. |
|
Binary Data |
DAC |
10 |
Designated Area Code. Set to 366. |
|||
Function Identifier |
6 |
Function identifier. Set to (decimal) 24. |
|||||
KMM Preamble |
Reserved |
3 |
Reserved for future use. Set to 0. |
||||
Version |
5 |
Version of KMM Preamble Message Body. Set to 0. |
|||||
MFID |
8 |
Manufacturer’s ID, indicates conformance to standard. Set to 0. |
|||||
Algorithm ID |
8 |
Identifies the algorithm used to encrypt payload. Set to (hex) 85 = AES-128. |
|||||
Key ID |
16 |
Identifies the TEK used to encrypt the KMM. |
|||||
Message Indicator |
72 |
Provides the message indicator to synchronize the encryption of the OTAR KMM |
|||||
Encrypted Payload |
OTAR Message ID |
8 |
Identifies the Project 25 “Message ID” type. One of 255 possible values assigned as the message type. Set to (decimal) 19 = Modify Key Command |
||||
Message Length |
16 |
A 16 bit binary number that defines the length (in octets) of the subsequent OTAR fields, including MAC. Set to (decimal) 59 - 88. |
|||||
Message Format |
RSP |
2 |
Response Kind defines acknowledgment to be returned to the sender of the KMM. 00 =Rsp Kind 1, 01 = Rsp Kind 2, 10 = Rsp Kind 3 and 11 is undefined. |
||||
MN |
2 |
Message Number defines the size of the Message Number field in the KMM. 00 = no message number, 10 = a 2 octet message number. Set to (binary) 10 |
|||||
MAC Processing |
2 |
Defines the type of MAC processing performed over the entire KMM. Set to (binary) 11 = Type 3 MAC |
|||||
Spare |
1 |
Set to zero. |
|||||
Done |
1 |
Indicates if KMM is last in a series. 1 = More to follow (Not Done), 0 = done. |
|||||
Destination RSI |
24 |
Radio Set Identifier number |
|||||
Source RSI |
24 |
Radio Set Identifier Number |
|||||
KMF Message Number |
16 |
A rolling sequence number to prevent message playback. Binary number representing values from 0 – 65535. |
|||||
Decryption Instruction Format |
Reserved Bit |
1 |
Set to zero (not used). |
||||
Message Indicator Block |
1 |
Set to zero (not used). |
|||||
Spare |
6 |
Always zero. |
|||||
KEK Algorithm ID |
8 |
The algorithm ID is used in conjunction with the KeyID to uniquely select a KEK. Set to (hex) 85 = AES-128 |
|||||
KEK Key ID |
16 |
Identifies the Key ID for the KEK. |
|||||
Message Indicator |
0 |
Optional, not used for AES-ECB wrapped keys. |
|||||
Keyset ID |
8 |
The Keyset ID to be modified. |
|||||
|
Binary Data |
Encrypted Payload |
Algorithm ID |
8 |
The algorithm to be used for the keyset. Set to (hex) 85 = AES-128 |
|
Key Length |
8 |
The number of octets to transfer the key. Set to (decimal) 16. |
||||
Number of Keys |
8 |
The number of keys in this sequence. Set to (decimal) 1 - 2. |
||||
Key Format |
Key Type |
1 |
0 = TEK, 1 = KEK |
|||
Spare |
1 |
Not used, set to zero. |
||||
Delete/Rekey |
1 |
0 = rekey (add new or change existing key), 1 = delete existing key |
||||
Key Name Size |
5 |
Defined the length in octets of the key name field. Set to (decimal) 8. |
||||
Storage Location Number |
16 |
Identifies one of 65536 possible storage location indices. |
||||
Key ID |
16 |
The Key ID of the key being modified. |
||||
Key |
128 |
The key, either a KEK or a TEK. |
||||
Key Name |
Function |
16 |
Functional name or purpose of key. This will be a logical representation of the key (KEK, MAC key or TEK), as well as organization (USCG, NAVY, etc.) |
|||
Month |
16 |
Month identifier, typically of the publish date. (8 bit ASCII) 1-12 |
||||
Day |
16 |
Day identifier, typically of the publish date. (8 bit ASCII) 1-31 |
||||
Year |
16 |
Year (century agnostic) identifier, typically of the publish date. (8 bit ASCII) 0-99. |
||||
Subsequent Key Items |
0 - 232 |
Subsequent items are 232 bits apiece, Key Format to Key Name, inclusive repeated for each item. |
||||
Message Authentication Code |
MAC |
64 |
OTAR Message authentication code, concatenated to key length/2. Calculated per paragraph 13.5.2 of TIA 102.AACA-A, September 2014. |
|||
MAC Length |
8 |
Length of message authentication code in octets. Set to (decimal) 8 |
||||
MAC Algorithm ID |
8 |
Used with MAC Key ID to uniquely determine key to used to produce MAC. Set to (hex) 85 = AES-128. |
||||
MAC Key ID |
16 |
Identifies the Key to be used to compute the MAC |
||||
T |
1 |
Not used. Set to zero. |
||||
D |
1 |
Derived Key. Set to zero = Dedicated MAC Key |
||||
R |
1 |
Reserved for future use. Set to zero. |
||||
Version |
5 |
Defines the version of the MAC message body. Set to zero. |
||||
Encryption Bit Padding |
variable |
Sufficient spare bits to ensure that the binary data is a multiple of 128 bits for block encryption (512, 768). Set to zero. |
||||
Checksum |
16 |
16-bit CRC calculated as per EAIS Specification |
|
Footer |
Spare |
4 |
Four extra bits to ensure the message ends on a byte boundary. Set to zero. |
Communications State Selector |
1 |
0 = SOTDMA communication state follows 1 = ITDMA communication state follows |
||
Communications State |
19 |
SOTDMA communication state (see ITU 1371-5 § 3.3.7.2.1, Annex 2), if communication state selector flag is set to 0, or ITDMA communication state (§ 3.3.7.3.2, Annex 2), if communication state selector flag is set to 1. |
||
Total bits |
720 – 976 |
4 - 5 Slot Binary Message |