initial commit

# Draft TS 103 834 Part 1: Technical Specification, SSP Test Tool Interface

## Licensing information

See LICENSE.

 No newline at end of file

TTIDefinitions { itu-t (0) identified-organization (4) etsi (0) smart-secure-platform (3834) part1 (1) }

DEFINITIONS

AUTOMATIC TAGS

EXTENSIBILITY IMPLIED ::=

BEGIN

EXPORTS ALL;

/* Imports */

IMPORTS	Version,

AccessorRights,

AccessControl,

UUID

FROM SSPDefinitions ;

id-tti OBJECT IDENTIFIER ::= {itu-t (0) identified-organization (4) etsi (0) smart-secure-platform (3834) part2 (1) }

id-mb-role OBJECT IDENTIFIER ::= {id-tti role (0)}

id-mb-role-ci OBJECT IDENTIFIER ::= { id-mb-role ci (0)}

id-mb-role-subordinate-ci OBJECT IDENTIFIER ::= { id-mb-role-ci subordinate-ca (0)}

id-mb-role-mb OBJECT IDENTIFIER ::= {id-mb-role-subordinate-ci mb (0)}

id-mb-role-xmb OBJECT IDENTIFIER ::= {id-mb-role-subordinate-ci xmb (1)}

id-mb-role-mc OBJECT IDENTIFIER ::= { id-mb-role-xmb mc (0)}

id-mb-role-mb-ee OBJECT IDENTIFIER ::= { id-mb-role-mb ee(0)}

id-mb-role-mc-ee OBJECT IDENTIFIER ::= { id-mb-role-mc ee(0)}

id-mb-role OBJECT IDENTIFIER ::= {id-tti role (0)}

id-mb-role-ci OBJECT IDENTIFIER ::= { id-mb-role ci (0)}

id-mb-role-subordinate-ci OBJECT IDENTIFIER ::= { id-mb-role-ci subordinate-ca (0)}

id-mb-role-mb OBJECT IDENTIFIER ::= {id-mb-role-subordinate-ci mb (0)}

id-mb-role-xmb OBJECT IDENTIFIER ::= {id-mb-role-subordinate-ci xmb (1)}

id-mb-role-mc OBJECT IDENTIFIER ::= { id-mb-role-xmb mc (0)}

id-mb-role-mb-ee OBJECT IDENTIFIER ::= { id-mb-role-mb ee(0)}

id-mb-role-mc-ee OBJECT IDENTIFIER ::= { id-mb-role-mc ee(0)}

id-aas-role OBJECT IDENTIFIER ::= {id-tti role (1)}

id-aas-role-ci OBJECT IDENTIFIER ::= { id-aas-role ci (0)}

id-aas-role-aas OBJECT IDENTIFIER ::= {id-aas-role-ci aas (0)}

id-aas-role-xaas OBJECT IDENTIFIER ::= {id-aas-role-ci aas (1)}

id-aas-role-aaa OBJECT IDENTIFIER ::= { id-aas-role-xaas aaa (0)}

id-aas-role-aas-ee OBJECT IDENTIFIER ::= { id-aas-role-aas ee(0)}

id-aas-role-aaa-ee OBJECT IDENTIFIER ::= { id-aas-role-aaa ee(0)}

eTTIAccessRight-MBMHostPacketRecordAllowed AccessorRights ::= { eRight-Bit1 }

eTTIAccessRight-MBMHostPacketInjectionAllowed AccessorRights ::= { eRight-Bit2 }

eTTIAccessRight-MBMHostImpersonationAllowed AccessorRights ::= { eRight-Bit3 }

eTTIAccessRight-SSPHostImpersonationAllowed AccessorRights ::= { eRight-Bit4 }

eTTIAccessRight-APDUGateAccessAllowed AccessorRights ::= { eRight-Bit5 }

eTTIAccessRight-UpdateACLAllowed AccessorRights ::= { eRight-Bit6 }

TTI_Directives ::= SEQUENCE

{

aImpersonnatedHost UUID, -- Host identifier of the impersonated host

aDirectives AccessorRights  -- Directives as defined in the clause 6.2.1.2

}

TTI-OP-GET-CAPABILITIES-Service-Command ::= [PRIVATE 16] SEQUENCE

{

}

TTI-OP-GET-CAPABILITIES-Service-Response-Parameter ::= [PRIVATE 16] SEQUENCE

{

	aVersion Version  -- Release of the TTI service

}

TTI-OP-GET-CAPABILITIES-Service-Response ::= [PRIVATE 16] SEQUENCE

{

	aTTI-Service-Response TTI-Service-Response DEFAULT eTTI-OK,

	aParameter TTI-OP-GET-CAPABILITIES-Service-Response-Parameter OPTIONAL

}

TTI-ADMIN-IMPERSONATE-Service-Command ::= [PRIVATE 17] SEQUENCE

{

	aFirmwareFamilyID UUID,  -- Identifier of firmware family of the host to impersonate

	aHostDomainID UUID -- Host domain identifier of the host to impersonate

}

TTI-ADMIN-IMPERSONATE-Service-Response ::= [PRIVATE 17] SEQUENCE

{

	aTTI-Service-Response TTI-Service-Response DEFAULT eTTI-OK

}

TTI-Service-Response ::= ENUMERATED

{

	eTTI-OK (0),  -- no error

	eTTI-E-CMD-PAR-UNKNOWN (2),  -- unknown or illegal command parameter

	eTTI-E-NOK (3)  -- the command has failed

}

TTI-ADMIN-UPDATE-ACL-Service-Command ::= [PRIVATE 18] SEQUENCE

{

	aACL SET OF AccessControl -- New access control

}

TTI-ADMIN-UPDATE-ACL-Service-Response ::= [PRIVATE 18] SEQUENCE

{

	aTTI-Service-Response TTI-Service-Response DEFAULT eTTI-OK

}

TTI-SERVICE-GATE-Commands ::= [APPLICATION 2] CHOICE

{

	aTTI-OP-GET-CAPABILITIES-Service-Command TTI-OP-GET-CAPABILITIES-Service-Command,

	aTTI-ADMIN-IMPERSONATE-Service-Command TTI-ADMIN-IMPERSONATE-Service-Command,

	aTTI-ADMIN-UPDATE-ACL-Service-Command TTI-ADMIN-UPDATE-ACL-Service-Command

}

TTI-SERVICE-GATE-Responses ::= [APPLICATION 1] CHOICE

{

	aTTI-OP-GET-CAPABILITIES-Service-Response TTI-OP-GET-CAPABILITIES-Service-Response,

	aTTI-ADMIN-IMPERSONATE-Service-Response TTI-ADMIN-IMPERSONATE-Service-Response,

	aTTI-ADMIN-UPDATE-ACL-Service-Response TTI-ADMIN-UPDATE-ACL-Service-Response

}

END

@startuml

skinparam monochrome true

skinparam defaultFontName Arial

skinparam classFontSize 10

skinparam sequenceBoxBorderColor #black

participant "**TTI Host**\nAccessor Authentication Service Gate" as hosta_fs_ctr 

participant "**TTI Host**\nAdministration Gate" as hosta_adm

participant "**Tester Host**\nAdministration Gate" as hostb_adm

participant "**Tester Host**\nAccessor Authentication Application Gate" as hostb_fs_ctr 

participant "**TTI Host**\nTTI control Service Gate" as hosta_fs_data 

participant "**Tester Host**\nTTI control Application Gate" as hostb_fs_data 

autonumber

...**Notation:**  Gate Identifier : Pipe Session Open on [P<sub>IN</sub>,P<sub>OUT</sub>]...

...

opt

hostb_fs_ctr->hosta_fs_ctr: AAS-OP-GET-CAPABILITIES-Service-Command [aRequestType] on P<sub>10</sub>

activate hosta_fs_ctr

activate hostb_fs_ctr

hosta_fs_ctr-->hostb_fs_ctr: eANY-OK [aGlobalAuthenticationService or aAccessorStatus] on P<sub>20</sub> 

deactivate hostb_fs_ctr

deactivate hosta_fs_ctr

end

...

opt [requested for Token based authentication]

hostb_fs_ctr->hosta_fs_ctr: AAS-OP-GET-CHALLENGE-Service-Command on P<sub>10</sub>

activate hosta_fs_ctr

activate hostb_fs_ctr

hosta_fs_ctr-->hostb_fs_ctr: eANY-OK [aChallenge, aCertificates] on P<sub>20</sub> 

deactivate hostb_fs_ctr

deactivate hosta_fs_ctr

end

...

hostb_fs_ctr->hosta_fs_ctr: AAS-OP-AUTHENTICATE-ACCESSOR-Service-Command [aCredential] on P<sub>10</sub>

activate hosta_fs_ctr

activate hostb_fs_ctr

hosta_fs_ctr-->hostb_fs_ctr: eANY-OK [aCredentialsStatus or aServiceTokenCertificationPath] on P<sub>20</sub> 

deactivate hostb_fs_ctr

deactivate hosta_fs_ctr

...

alt Successful authentication

hostb_fs_ctr->hosta_fs_ctr: AAS-OP-ACCESS-SERVICE-Service-Command [aTServiceIdentifier(TTI-control-service-identifier), aUseSecurePipe] on P<sub>10</sub>

activate hosta_fs_ctr

activate hostb_fs_ctr

hosta_fs_ctr-->hostb_fs_ctr: eANY-OK [**aGate-Identifier**] on P<sub>20</sub> 

deactivate hostb_fs_ctr

deactivate hosta_fs_ctr

hostb_adm->hosta_adm:EVT_ADM_BIND [**aGate-Identifier ,P<sub>21</sub>**]

hosta_adm->hostb_adm:EVT_ADM_BIND [**aGate-Identifier ,P<sub>11</sub>**]

note right of hostb_fs_data : Application<sub>aGate-Identifier</sub> : Pipe Session Open  on [P<sub>21</sub>,P<sub>11</sub>]

note left of hosta_fs_data: Service<sub>aGate-Identifier</sub> : Pipe Session Open on [P<sub>11</sub>,P<sub>21</sub>]

hosta_fs_data<-hostb_fs_data: TTI-ADMIN-IMPERSONATE-Service-Command [aFirmwareFamilyID,aHostDomainID] on P<sub>11</sub>

activate hosta_fs_data

activate hostb_fs_data

hostb_fs_data<--hosta_fs_data: eANY-OK [Parameters...] on P<sub>21</sub> 

deactivate hostb_fs_data

deactivate hosta_fs_data

...

hostb_adm->hosta_adm:EVT_ADM_UNBIND [**P<sub>11</sub>**] 

note right of hostb_fs_data : Service<sub>aGate-Identifier</sub> : Pipe Session closed  on [P<sub>21</sub>,P<sub>11</sub>]

note left of hosta_fs_data: Service<sub>aGate-Identifier</sub> : Pipe Session closed on [P<sub>11</sub>,P<sub>21</sub>]

end

@enduml

 No newline at end of file

@startuml

skinparam monochrome true

skinparam defaultFontName Arial

skinparam classFontSize 10

skinparam sequenceBoxBorderColor #black

participant "**TTI Host**\nAccessor Authentication Service Gate" as hosta_fs_ctr 

participant "**TTI Host**\nAdministration Gate" as hosta_adm

participant "**Tester Host**\nAdministration Gate" as hostb_adm

participant "**Tester Host**\nAccessor Authentication Application Gate" as hostb_fs_ctr 

participant "**TTI Host**\nTTI data Service Gate" as hosta_fs_data 

participant "**Tester Host**\nTTI data Application Gate" as hostb_fs_data 

autonumber

...**Notation:**  Gate Identifier : Pipe Session Open on [P<sub>IN</sub>,P<sub>OUT</sub>]...

...

opt

hostb_fs_ctr->hosta_fs_ctr: AAS-OP-GET-CAPABILITIES-Service-Command [aRequestType] on P<sub>10</sub>

activate hosta_fs_ctr

activate hostb_fs_ctr

hosta_fs_ctr-->hostb_fs_ctr: eANY-OK [aGlobalAuthenticationService or aAccessorStatus] on P<sub>20</sub> 

deactivate hostb_fs_ctr

deactivate hosta_fs_ctr

end

...

opt [requested for Token based authentication]

hostb_fs_ctr->hosta_fs_ctr: AAS-OP-GET-CHALLENGE-Service-Command on P<sub>10</sub>

activate hosta_fs_ctr

activate hostb_fs_ctr

hosta_fs_ctr-->hostb_fs_ctr: eANY-OK [aChallenge, aCertificates] on P<sub>20</sub> 

deactivate hostb_fs_ctr

deactivate hosta_fs_ctr

end

...

hostb_fs_ctr->hosta_fs_ctr: AAS-OP-AUTHENTICATE-ACCESSOR-Service-Command [aCredential] on P<sub>10</sub>

activate hosta_fs_ctr

activate hostb_fs_ctr

hosta_fs_ctr-->hostb_fs_ctr: eANY-OK [aCredentialsStatus or aServiceTokenCertificationPath] on P<sub>20</sub> 

deactivate hostb_fs_ctr

deactivate hosta_fs_ctr

...

alt Successful authentication

hostb_fs_ctr->hosta_fs_ctr: AAS-OP-ACCESS-SERVICE-Service-Command [aTServiceIdentifier(TTI-data-service-identifier), aUseSecurePipe] on P<sub>10</sub>

activate hosta_fs_ctr

activate hostb_fs_ctr

hosta_fs_ctr-->hostb_fs_ctr: eANY-OK [**aGate-Identifier**] on P<sub>20</sub> 

deactivate hostb_fs_ctr

deactivate hosta_fs_ctr

hostb_adm->hosta_adm:EVT_ADM_BIND [**aGate-Identifier ,P<sub>21</sub>**]

hosta_adm->hostb_adm:EVT_ADM_BIND [**aGate-Identifier ,P<sub>11</sub>**]

note right of hostb_fs_data : Application<sub>aGate-Identifier</sub> : Pipe Session Open  on [P<sub>21</sub>,P<sub>11</sub>]

note left of hosta_fs_data: Service<sub>aGate-Identifier</sub> : Pipe Session Open on [P<sub>11</sub>,P<sub>21</sub>]

hosta_fs_data<-hostb_fs_data: stream tunnelled SCL packets on P<sub>11</sub>

activate hosta_fs_data

activate hostb_fs_data

hostb_fs_data<--hosta_fs_data: stream tunnelled SCL packets on P<sub>21</sub> 

deactivate hostb_fs_data

deactivate hosta_fs_data

...

hostb_adm->hosta_adm:EVT_ADM_UNBIND [**P<sub>11</sub>**] 

note right of hostb_fs_data : Service<sub>aGate-Identifier</sub> : Pipe Session closed  on [P<sub>21</sub>,P<sub>11</sub>]

note left of hosta_fs_data: Service<sub>aGate-Identifier</sub> : Pipe Session closed on [P<sub>11</sub>,P<sub>21</sub>]

end

@enduml

 No newline at end of file

@startuml

skinparam monochrome true

skinparam defaultFontName Arial

skinparam classFontSize 10

skinparam sequenceBoxBorderColor #black

participant "**TTI UL server**\nUL server" as ul_server 

participant "**MQTT client tester**\nClient" as client_tester

participant "**MQTT broker**\nBroker" as broker

participant "**MQTT client terminal**\nClient" as client_terminal 

participant "**TTI UL client**\nUL client" as ul_client

autonumber

...

client_tester->broker: CONNECT

broker-->client_tester: CONNECTACK

activate client_tester

client_terminal->broker: CONNECT

broker-->client_terminal: CONNECTACK

activate client_terminal

...

client_terminal->broker: SUBSCRIBE on /geturl/client_identifier

broker-->client_terminal: SUBSCRIBACK

client_tester -> broker: PUBLISH URL on /geturl/client_identifier

client_terminal <- broker: PUBLISH URL on /geturl/client_identifier

broker <-- client_terminal: PUBREC

broker --> client_tester: PUBREC

client_tester -> broker: PUBREL

client_terminal <- broker: PUBREL

broker <-- client_terminal: PUBCOMP

client_terminal->client_terminal: store the URL and notify TTI_UL client

broker->broker: delete the message

broker --> client_tester: PUBCOMP

client_tester->client_tester: delete message and notify tester

client_tester->broker: DISCONNECT

broker-->client_tester: DISCONNECTACK

deactivate client_tester

client_terminal->broker: DISCONNECT

broker-->client_terminal: DISCONNECTACK

deactivate client_terminal

...

ul_client<->ul_server: TLS connection

activate ul_server

activate ul_client

...

@enduml

 No newline at end of file