Rekey Command (encrypted)

Introduction/Additional information:

This ASM implements the Project 25 OTAR Rekey Command message.

Usage Notes

This message is sent from the Key Management Facility to the Mobile Radio (MR) to add or modify keysets, or to add or modify keys in a keyset.
The “Number of Keyset” field is set at the Project 25 minimum, one per message, in order to reduce and fix message size. Likewise, a max of one key can be sent per keyset, based on AIS message length limits.
This message is broadcast as a non-addressed message to reduce the message size, and to avoid issues from a relocated RSI to a different MMSI.

Version 0:

This is an RTCM compliant implementation of the Project 25 OTAR Rekey Command Message.

This ASM only has an AIS Message 26 variant.

Permitted as from:

12/05/2016

Registrant:

USCG

Physical link:

AIS

Message number (0=VDES-VDE):

DAC or VPFI:

366

FI / Message ID:

Version:

State:

in force

Number of slots (max):

Last modified:

29/01/2021 - 23:19

Used by:

USCG

Details:

Rekey Command (Message 26, broadcast)

	Parameter	# of Bits	Description
	Parameter	# of Bits	Description
Standard Message Header	Message ID	6	Identifier for Message 26; always (decimal) 26.
	Repeat Indicator	2	Indicates how many times a message has been repeated. 0 – 3; 0 = default; 3 = do not repeat any more. Set to zero (default).
	Source MMSI	30	MMSI number of source station. Varies according to the transmitter ID.
	Destination Indicator	1	0 = broadcast (no Destination ID field) 1 = Addressed (30 bit Destination ID field). Set to zero (broadcast).
	Binary Data Flag	1	0 = unstructured binary data (no Application Identifier bits used) 1 = binary data coded as defined by the 16-bit AI. Set to 1 (structured).
	Destination ID	0	MMSI number of destination station. Not used.
	Spare	0	Not used.

Binary Data	DAC				10	Designated Area Code. Set to 366.
	Function Identifier				6	Function identifier. Set to (decimal) 27.
	KMM Preamble	Reserved			3	Reserved for future use. Set to 0.
		Version			5	Version of KMM Preamble Message Body. Set to 0.
		MFID			8	Manufacturer’s ID, indicates conformance to standard. Set to 0.
		Algorithm ID			8	Identifies the algorithm used to encrypt payload. Set to (hex) 85 = AES-128.
		Key ID			16	Identifies the TEK used to encrypt the KMM.
		Message Indicator			72	Provides the message indicator to synchronize the encryption of the OTAR KMM
	Encrypted Payload	OTAR Message ID			8	Identifies the Project 25 “Message ID” type. One of 255 possible values assigned as the message type. Set to (decimal) 30 = Rekey Command
		Message Length			16	A 16 bit binary number that defines the length (in octets) of the subsequent OTAR fields, including MAC. Set to (decimal) 74.
		Message Format	RSP		2	Response Kind defines acknowledgment to be returned to the sender of the KMM. 00 =Rsp Kind 1, 01 = Rsp Kind 2, 10 = Rsp Kind 3 and 11 is undefined.
			MN		2	Message Number defines the size of the Message Number field in the KMM. 00 = no message number, 10 = a 2 octet message number. Set to (binary) 10
			MAC Processing		2	Defines the type of MAC processing performed over the entire KMM. Set to (binary) 11 = Type 3 MAC
			Spare		1	Set to zero.
			Done		1	Indicates if KMM is last in a series. 1 = More to follow (Not Done), 0 = done.
		Destination RSI			24	Radio Set Identifier number
		Source RSI			24	Radio Set Identifier Number
		KMF Message Number			16	A rolling sequence number to prevent message playback. Binary number representing values from 0 – 65535.
		Decryption Instruction Format		Reserved Bit	1	Set to zero (not used).
				Message Indicator Block	1	Set to zero (not used).
				Spare	6	Always zero.
		KEK Algorithm ID			8	The algorithm is used in conjunction with the KeyID to uniquely select a KEK. Set to (hex) 85 = AES-128
		KEK Key ID			16	Identifies the Key ID for the KEK.
		Message Indicator			0	Optional, not used for AES-ECB wrapped keys.
		Number of Keysets			8	The number of keysets in this sequence. Set to (decimal) 1.

Binary Data	Encrypted Payload	Keyset Format	Keyset Type	1	0 = TEK, 1 = KEK
			Reserved	1	Indicates if 24 bit “reserved” block is used. Set to zero = not used.
			DT	1	Date/Time. Indicates if the 40 bit Date and Time block is included in the keyset block. Set to one = used.
			Keyset Name Size	5	The length in octets (ASCII chars) of the keyset name field. Set to (decimal) 8.
		Keyset ID		8	The Keyset ID to be modified/added.
		Algorithm ID		8	The algorithm to be used for the keyset. Set to (hex) 85 = AES-128
		Reserved		0	Not used.
		Date	Month	4	The month (UTC) the keyset becomes active. 1-12
			Day	5	The day (UTC) the keyset becomes active. 1 – 31
			Year	7	The year (UTC) the keyset becomes active. 0 – 99 (century is assumed)
		Time		24	The time (UTC) when the keyset becomes active. See Appendix 4 for format.
		Keyset Name	Function	16	Functional name or purpose of key. This will be a logical representation of the key (KEK, MAC key or TEK), as well as organization (USCG, NAVY, etc.)
			Month	16	Month identifier, typically of the publish date. (8 bit ASCII) 1-12
			Day	16	Day identifier, typically of the publish date. (8 bit ASCII) 1-31
			Year	16	Year (century agnostic) identifier, typically of the publish date. (8 bit ASCII) 0-99.
		Key Length		8	The number of octets to transfer the key. Set to (decimal) 16.
		Number of Keys		8	The number of keys in this sequence. Set to (decimal) 1.
		Key Format	Key Type	1	0 = TEK, 1 = KEK
			Spare	1	Not used, set to zero.
			Delete/Rekey	1	0 = rekey (add new or change existing key), 1 = delete existing key
			Key Name Size	5	Defined the length in octets of the key name field. Set to (decimal) 8.
		Storage Location Number		16	Identifies one of 65536 possible storage location indices.
		Key ID		16	The Key ID of the key being modified.
		Key		128	The key, either a KEK or a TEK.

Binary Data	Encrypted Payload	Key Name	Function		16	Functional name or purpose of key. See Appendix 5.
			Month		16	Month identifier, typically of the publish date. (8 bit ASCII) 1-12
			Day		16	Day identifier, typically of the publish date. (8 bit ASCII) 1-31
			Year		16	Year (century agnostic) identifier, typically of the publish date. (8 bit ASCII) 0-99.
		Subsequent Key Items			0	Subsequent items are 232 bits apiece, Key Format to Key Name, inclusive repeated for each item. Not used.
		Subsequent Keyset Items			0	Not used.
		Message Authentication Code		MAC	64	OTAR Message authentication code, concatenated to key length/2. Calculated per paragraph 13.5.2 of TIA 102.AACA-A, September 2014.
				MAC Length	8	Length of message authentication code in octets. Set to (decimal) 8
				MAC Algorithm ID	8	Used with MAC Key ID to uniquely determine key to used to produce MAC. Set to (hex) 85 = AES-128.
				MAC Key ID	16	Identifies the Key to be used to compute the MAC
				T	1	Not used. Set to zero.
				D	1	Derived Key. Set to zero = Dedicated MAC Key
				R	1	Reserved for future use. Set to zero.
				Version	5	Defines the version of the MAC message body. Set to zero.
		Encryption Bit Padding			24	Sufficient spare bits to ensure that the binary data is a multiple of 128 bits for block encryption (640). Set to zero.
	Checksum				16	16-bit CRC calculated as per EAIS Specification
Footer	Spare				4	Four extra bits to ensure the message ends on a byte boundary. Set to zero.
	Communications State Selector				1	0 = SOTDMA communication state follows 1 = ITDMA communication state follows
	Communications State				19	SOTDMA communication state (see ITU 1371-5 § 3.3.7.2.1, Annex 2), if communication state selector flag is set to 0, or ITDMA communication state (§ 3.3.7.3.2, Annex 2), if communication state selector flag is set to 1.
Total bits					848	5 Slot Binary Message

Attachment:

eais_idd_v5_4_8may17.pdf [1]