README.md

+# Draft TS 103 834 Part 1: Technical Specification, SSP Test Tool Interface
+
+## Licensing information
+
+See LICENSE.
\ No newline at end of file

asn1/TS103834-1.asn

+
+TTIDefinitions { itu-t (0) identified-organization (4) etsi (0) smart-secure-platform (3834) part1 (1) }
+DEFINITIONS
+AUTOMATIC TAGS
+EXTENSIBILITY IMPLIED ::=
+BEGIN
+
+EXPORTS ALL;
+
+/* Imports */
+IMPORTS	Version,
+AccessorRights,
+AccessControl,
+UUID
+FROM SSPDefinitions ;
+
+
+
+
+id-tti OBJECT IDENTIFIER ::= {itu-t (0) identified-organization (4) etsi (0) smart-secure-platform (3834) part2 (1) }
+
+id-mb-role OBJECT IDENTIFIER ::= {id-tti role (0)}
+
+id-mb-role-ci OBJECT IDENTIFIER ::= { id-mb-role ci (0)}
+id-mb-role-subordinate-ci OBJECT IDENTIFIER ::= { id-mb-role-ci subordinate-ca (0)}
+
+id-mb-role-mb OBJECT IDENTIFIER ::= {id-mb-role-subordinate-ci mb (0)}
+id-mb-role-xmb OBJECT IDENTIFIER ::= {id-mb-role-subordinate-ci xmb (1)}
+id-mb-role-mc OBJECT IDENTIFIER ::= { id-mb-role-xmb mc (0)}
+
+id-mb-role-mb-ee OBJECT IDENTIFIER ::= { id-mb-role-mb ee(0)}
+id-mb-role-mc-ee OBJECT IDENTIFIER ::= { id-mb-role-mc ee(0)}
+
+
+
+
+id-mb-role OBJECT IDENTIFIER ::= {id-tti role (0)}
+
+id-mb-role-ci OBJECT IDENTIFIER ::= { id-mb-role ci (0)}
+id-mb-role-subordinate-ci OBJECT IDENTIFIER ::= { id-mb-role-ci subordinate-ca (0)}
+
+id-mb-role-mb OBJECT IDENTIFIER ::= {id-mb-role-subordinate-ci mb (0)}
+id-mb-role-xmb OBJECT IDENTIFIER ::= {id-mb-role-subordinate-ci xmb (1)}
+id-mb-role-mc OBJECT IDENTIFIER ::= { id-mb-role-xmb mc (0)}
+
+id-mb-role-mb-ee OBJECT IDENTIFIER ::= { id-mb-role-mb ee(0)}
+id-mb-role-mc-ee OBJECT IDENTIFIER ::= { id-mb-role-mc ee(0)}
+
+id-aas-role OBJECT IDENTIFIER ::= {id-tti role (1)}
+
+id-aas-role-ci OBJECT IDENTIFIER ::= { id-aas-role ci (0)}
+
+id-aas-role-aas OBJECT IDENTIFIER ::= {id-aas-role-ci aas (0)}
+id-aas-role-xaas OBJECT IDENTIFIER ::= {id-aas-role-ci aas (1)}
+id-aas-role-aaa OBJECT IDENTIFIER ::= { id-aas-role-xaas aaa (0)}
+
+id-aas-role-aas-ee OBJECT IDENTIFIER ::= { id-aas-role-aas ee(0)}
+id-aas-role-aaa-ee OBJECT IDENTIFIER ::= { id-aas-role-aaa ee(0)}
+
+
+
+
+eTTIAccessRight-MBMHostPacketRecordAllowed AccessorRights ::= { eRight-Bit1 }
+eTTIAccessRight-MBMHostPacketInjectionAllowed AccessorRights ::= { eRight-Bit2 }
+eTTIAccessRight-MBMHostImpersonationAllowed AccessorRights ::= { eRight-Bit3 }
+eTTIAccessRight-SSPHostImpersonationAllowed AccessorRights ::= { eRight-Bit4 }
+eTTIAccessRight-APDUGateAccessAllowed AccessorRights ::= { eRight-Bit5 }
+eTTIAccessRight-UpdateACLAllowed AccessorRights ::= { eRight-Bit6 }
+
+
+
+TTI_Directives ::= SEQUENCE
+{
+aImpersonnatedHost UUID, -- Host identifier of the impersonated host
+aDirectives AccessorRights  -- Directives as defined in the clause 6.2.1.2
+}
+
+
+TTI-OP-GET-CAPABILITIES-Service-Command ::= [PRIVATE 16] SEQUENCE
+{
+}
+
+
+TTI-OP-GET-CAPABILITIES-Service-Response-Parameter ::= [PRIVATE 16] SEQUENCE
+{
+	aVersion Version  -- Release of the TTI service
+}
+
+TTI-OP-GET-CAPABILITIES-Service-Response ::= [PRIVATE 16] SEQUENCE
+{
+	aTTI-Service-Response TTI-Service-Response DEFAULT eTTI-OK,
+	aParameter TTI-OP-GET-CAPABILITIES-Service-Response-Parameter OPTIONAL
+}
+
+
+TTI-ADMIN-IMPERSONATE-Service-Command ::= [PRIVATE 17] SEQUENCE
+{
+	aFirmwareFamilyID UUID,  -- Identifier of firmware family of the host to impersonate
+	aHostDomainID UUID -- Host domain identifier of the host to impersonate
+}
+
+
+TTI-ADMIN-IMPERSONATE-Service-Response ::= [PRIVATE 17] SEQUENCE
+{
+	aTTI-Service-Response TTI-Service-Response DEFAULT eTTI-OK
+}
+
+
+TTI-Service-Response ::= ENUMERATED
+{
+	eTTI-OK (0),  -- no error
+	eTTI-E-CMD-PAR-UNKNOWN (2),  -- unknown or illegal command parameter
+	eTTI-E-NOK (3)  -- the command has failed
+}
+
+
+
+TTI-ADMIN-UPDATE-ACL-Service-Command ::= [PRIVATE 18] SEQUENCE
+{
+	aACL SET OF AccessControl -- New access control
+}
+
+
+
+
+TTI-ADMIN-UPDATE-ACL-Service-Response ::= [PRIVATE 18] SEQUENCE
+{
+	aTTI-Service-Response TTI-Service-Response DEFAULT eTTI-OK
+}
+
+
+
+
+TTI-SERVICE-GATE-Commands ::= [APPLICATION 2] CHOICE
+{
+	aTTI-OP-GET-CAPABILITIES-Service-Command TTI-OP-GET-CAPABILITIES-Service-Command,
+	aTTI-ADMIN-IMPERSONATE-Service-Command TTI-ADMIN-IMPERSONATE-Service-Command,
+	aTTI-ADMIN-UPDATE-ACL-Service-Command TTI-ADMIN-UPDATE-ACL-Service-Command
+}
+
+
+
+
+TTI-SERVICE-GATE-Responses ::= [APPLICATION 1] CHOICE
+{
+	aTTI-OP-GET-CAPABILITIES-Service-Response TTI-OP-GET-CAPABILITIES-Service-Response,
+	aTTI-ADMIN-IMPERSONATE-Service-Response TTI-ADMIN-IMPERSONATE-Service-Response,
+	aTTI-ADMIN-UPDATE-ACL-Service-Response TTI-ADMIN-UPDATE-ACL-Service-Response
+}
+
+
+
+
+END
+
+

figures/Figure A.1.plantuml

+@startuml
+skinparam monochrome true
+skinparam defaultFontName Arial
+skinparam classFontSize 10
+skinparam sequenceBoxBorderColor #black
+participant "**TTI Host**\nAccessor Authentication Service Gate" as hosta_fs_ctr 
+participant "**TTI Host**\nAdministration Gate" as hosta_adm
+participant "**Tester Host**\nAdministration Gate" as hostb_adm
+participant "**Tester Host**\nAccessor Authentication Application Gate" as hostb_fs_ctr 
+participant "**TTI Host**\nTTI control Service Gate" as hosta_fs_data 
+participant "**Tester Host**\nTTI control Application Gate" as hostb_fs_data 
+autonumber
+...**Notation:**  Gate Identifier : Pipe Session Open on [P<sub>IN</sub>,P<sub>OUT</sub>]...
+...
+opt
+hostb_fs_ctr->hosta_fs_ctr: AAS-OP-GET-CAPABILITIES-Service-Command [aRequestType] on P<sub>10</sub>
+activate hosta_fs_ctr
+activate hostb_fs_ctr
+hosta_fs_ctr-->hostb_fs_ctr: eANY-OK [aGlobalAuthenticationService or aAccessorStatus] on P<sub>20</sub> 
+deactivate hostb_fs_ctr
+deactivate hosta_fs_ctr
+end
+...
+opt [requested for Token based authentication]
+hostb_fs_ctr->hosta_fs_ctr: AAS-OP-GET-CHALLENGE-Service-Command on P<sub>10</sub>
+activate hosta_fs_ctr
+activate hostb_fs_ctr
+hosta_fs_ctr-->hostb_fs_ctr: eANY-OK [aChallenge, aCertificates] on P<sub>20</sub> 
+deactivate hostb_fs_ctr
+deactivate hosta_fs_ctr
+end
+...
+hostb_fs_ctr->hosta_fs_ctr: AAS-OP-AUTHENTICATE-ACCESSOR-Service-Command [aCredential] on P<sub>10</sub>
+activate hosta_fs_ctr
+activate hostb_fs_ctr
+hosta_fs_ctr-->hostb_fs_ctr: eANY-OK [aCredentialsStatus or aServiceTokenCertificationPath] on P<sub>20</sub> 
+deactivate hostb_fs_ctr
+deactivate hosta_fs_ctr
+...
+alt Successful authentication
+hostb_fs_ctr->hosta_fs_ctr: AAS-OP-ACCESS-SERVICE-Service-Command [aTServiceIdentifier(TTI-control-service-identifier), aUseSecurePipe] on P<sub>10</sub>
+activate hosta_fs_ctr
+activate hostb_fs_ctr
+hosta_fs_ctr-->hostb_fs_ctr: eANY-OK [**aGate-Identifier**] on P<sub>20</sub> 
+deactivate hostb_fs_ctr
+deactivate hosta_fs_ctr
+hostb_adm->hosta_adm:EVT_ADM_BIND [**aGate-Identifier ,P<sub>21</sub>**]
+hosta_adm->hostb_adm:EVT_ADM_BIND [**aGate-Identifier ,P<sub>11</sub>**]
+note right of hostb_fs_data : Application<sub>aGate-Identifier</sub> : Pipe Session Open  on [P<sub>21</sub>,P<sub>11</sub>]
+note left of hosta_fs_data: Service<sub>aGate-Identifier</sub> : Pipe Session Open on [P<sub>11</sub>,P<sub>21</sub>]
+hosta_fs_data<-hostb_fs_data: TTI-ADMIN-IMPERSONATE-Service-Command [aFirmwareFamilyID,aHostDomainID] on P<sub>11</sub>
+activate hosta_fs_data
+activate hostb_fs_data
+hostb_fs_data<--hosta_fs_data: eANY-OK [Parameters...] on P<sub>21</sub> 
+deactivate hostb_fs_data
+deactivate hosta_fs_data
+...
+hostb_adm->hosta_adm:EVT_ADM_UNBIND [**P<sub>11</sub>**] 
+note right of hostb_fs_data : Service<sub>aGate-Identifier</sub> : Pipe Session closed  on [P<sub>21</sub>,P<sub>11</sub>]
+note left of hosta_fs_data: Service<sub>aGate-Identifier</sub> : Pipe Session closed on [P<sub>11</sub>,P<sub>21</sub>]
+end
+@enduml
\ No newline at end of file

figures/Figure B.1.plantuml

+@startuml
+skinparam monochrome true
+skinparam defaultFontName Arial
+skinparam classFontSize 10
+skinparam sequenceBoxBorderColor #black
+participant "**TTI Host**\nAccessor Authentication Service Gate" as hosta_fs_ctr 
+participant "**TTI Host**\nAdministration Gate" as hosta_adm
+participant "**Tester Host**\nAdministration Gate" as hostb_adm
+participant "**Tester Host**\nAccessor Authentication Application Gate" as hostb_fs_ctr 
+participant "**TTI Host**\nTTI data Service Gate" as hosta_fs_data 
+participant "**Tester Host**\nTTI data Application Gate" as hostb_fs_data 
+autonumber
+...**Notation:**  Gate Identifier : Pipe Session Open on [P<sub>IN</sub>,P<sub>OUT</sub>]...
+...
+opt
+hostb_fs_ctr->hosta_fs_ctr: AAS-OP-GET-CAPABILITIES-Service-Command [aRequestType] on P<sub>10</sub>
+activate hosta_fs_ctr
+activate hostb_fs_ctr
+hosta_fs_ctr-->hostb_fs_ctr: eANY-OK [aGlobalAuthenticationService or aAccessorStatus] on P<sub>20</sub> 
+deactivate hostb_fs_ctr
+deactivate hosta_fs_ctr
+end
+...
+opt [requested for Token based authentication]
+hostb_fs_ctr->hosta_fs_ctr: AAS-OP-GET-CHALLENGE-Service-Command on P<sub>10</sub>
+activate hosta_fs_ctr
+activate hostb_fs_ctr
+hosta_fs_ctr-->hostb_fs_ctr: eANY-OK [aChallenge, aCertificates] on P<sub>20</sub> 
+deactivate hostb_fs_ctr
+deactivate hosta_fs_ctr
+end
+...
+hostb_fs_ctr->hosta_fs_ctr: AAS-OP-AUTHENTICATE-ACCESSOR-Service-Command [aCredential] on P<sub>10</sub>
+activate hosta_fs_ctr
+activate hostb_fs_ctr
+hosta_fs_ctr-->hostb_fs_ctr: eANY-OK [aCredentialsStatus or aServiceTokenCertificationPath] on P<sub>20</sub> 
+deactivate hostb_fs_ctr
+deactivate hosta_fs_ctr
+...
+alt Successful authentication
+hostb_fs_ctr->hosta_fs_ctr: AAS-OP-ACCESS-SERVICE-Service-Command [aTServiceIdentifier(TTI-data-service-identifier), aUseSecurePipe] on P<sub>10</sub>
+activate hosta_fs_ctr
+activate hostb_fs_ctr
+hosta_fs_ctr-->hostb_fs_ctr: eANY-OK [**aGate-Identifier**] on P<sub>20</sub> 
+deactivate hostb_fs_ctr
+deactivate hosta_fs_ctr
+hostb_adm->hosta_adm:EVT_ADM_BIND [**aGate-Identifier ,P<sub>21</sub>**]
+hosta_adm->hostb_adm:EVT_ADM_BIND [**aGate-Identifier ,P<sub>11</sub>**]
+note right of hostb_fs_data : Application<sub>aGate-Identifier</sub> : Pipe Session Open  on [P<sub>21</sub>,P<sub>11</sub>]
+note left of hosta_fs_data: Service<sub>aGate-Identifier</sub> : Pipe Session Open on [P<sub>11</sub>,P<sub>21</sub>]
+hosta_fs_data<-hostb_fs_data: stream tunnelled SCL packets on P<sub>11</sub>
+activate hosta_fs_data
+activate hostb_fs_data
+hostb_fs_data<--hosta_fs_data: stream tunnelled SCL packets on P<sub>21</sub> 
+deactivate hostb_fs_data
+deactivate hosta_fs_data
+...
+hostb_adm->hosta_adm:EVT_ADM_UNBIND [**P<sub>11</sub>**] 
+note right of hostb_fs_data : Service<sub>aGate-Identifier</sub> : Pipe Session closed  on [P<sub>21</sub>,P<sub>11</sub>]
+note left of hosta_fs_data: Service<sub>aGate-Identifier</sub> : Pipe Session closed on [P<sub>11</sub>,P<sub>21</sub>]
+end
+@enduml
\ No newline at end of file

figures/Figure C.1.plantuml

+@startuml
+skinparam monochrome true
+skinparam defaultFontName Arial
+skinparam classFontSize 10
+skinparam sequenceBoxBorderColor #black
+
+participant "**TTI UL server**\nUL server" as ul_server 
+
+
+
+participant "**MQTT client tester**\nClient" as client_tester
+participant "**MQTT broker**\nBroker" as broker
+participant "**MQTT client terminal**\nClient" as client_terminal 
+participant "**TTI UL client**\nUL client" as ul_client
+autonumber
+...
+
+client_tester->broker: CONNECT
+broker-->client_tester: CONNECTACK
+activate client_tester
+client_terminal->broker: CONNECT
+broker-->client_terminal: CONNECTACK
+activate client_terminal
+...
+client_terminal->broker: SUBSCRIBE on /geturl/client_identifier
+broker-->client_terminal: SUBSCRIBACK
+
+client_tester -> broker: PUBLISH URL on /geturl/client_identifier
+client_terminal <- broker: PUBLISH URL on /geturl/client_identifier
+broker <-- client_terminal: PUBREC
+broker --> client_tester: PUBREC
+client_tester -> broker: PUBREL
+client_terminal <- broker: PUBREL
+
+broker <-- client_terminal: PUBCOMP
+client_terminal->client_terminal: store the URL and notify TTI_UL client
+broker->broker: delete the message
+
+broker --> client_tester: PUBCOMP
+client_tester->client_tester: delete message and notify tester
+
+client_tester->broker: DISCONNECT
+broker-->client_tester: DISCONNECTACK
+deactivate client_tester
+client_terminal->broker: DISCONNECT
+broker-->client_terminal: DISCONNECTACK
+deactivate client_terminal
+
+
+...
+ul_client<->ul_server: TLS connection
+activate ul_server
+activate ul_client
+...
+@enduml
\ No newline at end of file

figures/Figure D.1.plantuml

+@startuml
+skinparam monochrome normal
+skinparam backgroundcolor transparent
+skinparam ArrowColor black
+skinparam lifelinestrategy solid
+skinparam sequenceMessageAlign center
+skinparam noteBackgroundColor white
+skinparam participantBackgroundColor white
+autonumber 1
+hide footbox
+participant "<b>TTI_UL server" as TTI_UL_S
+participant "<b>TTI MQTT client(Tester) " as MBTT
+participant "<b>MQTT broker" as MB
+participant "<b>TTI MQTT client(Terminal) " as MBTE
+participant "<b>TTI_UL client " as TTI_UL_C	
+	
+==Connection of the terminal to the broker ==
+	MBTE -> MB:  CONNECT <client_identifier_of_the_terminal>
+	MB <-- MBTE: CONNACK
+    activate MBTE
+    MBTE -> MB: SUBSCRIBE /geturl/<client_identifier_of_the_terminal>
+	MB <-- MBTE: SUBACK
+...
+==Connection of the Test tool to the broker ==
+	MBTT -> MB:  CONNECT <client_identifier_of_the_tester>
+	MB <-- MBTT: CONNACK
+    activate MBTT
+...
+    MBTT ->MBTT: store URL
+    MB <- MBTT:  PUBLISH /geturl/<client_identifier_of_the_terminal>, URL
+    MB ->MB: store URL
+    MB -> MBTE:  PUBLISH /geturl/<client_identifier_of_the_terminal>, URL
+ 
+	MB <-- MBTE: PUBREC
+    MB --> MBTT: PUBREC
+	MBTT -> MB:  PUBREL
+    MB -> MBTE:  PUBREL
+	MBTE --> MB: PUBCOMP
+    MBTE ->MBTE: store URL
+    MB --> MBTT: PUBCOMP
+    MB ->MB: delete URL
+    MBTT ->MBTT: delete URL
+== Disconnection of the MQTT client of the tester ==
+    MBTT ->MB: DISCONNECT
+    deactivate MBTT    
+...
+== Connection between the TTI_UL server and TTI_UL client ==
+
+	TTI_UL_S <-> TTI_UL_C :  TTI_UL connection(URL)
+@enduml
\ No newline at end of file