From 9f63fd3f17d31d7f57e04dd5320f785ab461ef0c Mon Sep 17 00:00:00 2001 From: Alain Rhelimi Date: Wed, 19 Oct 2022 10:24:59 +0200 Subject: [PATCH] initial commit --- README.md | 5 ++ asn1/TS103834-1.asn | 156 ++++++++++++++++++++++++++++++++++++ figures/Figure A.1.plantuml | 62 ++++++++++++++ figures/Figure B.1.plantuml | 62 ++++++++++++++ figures/Figure C.1.plantuml | 55 +++++++++++++ figures/Figure D.1.plantuml | 50 ++++++++++++ 6 files changed, 390 insertions(+) create mode 100644 README.md create mode 100644 asn1/TS103834-1.asn create mode 100644 figures/Figure A.1.plantuml create mode 100644 figures/Figure B.1.plantuml create mode 100644 figures/Figure C.1.plantuml create mode 100644 figures/Figure D.1.plantuml diff --git a/README.md b/README.md new file mode 100644 index 0000000..8f17d10 --- /dev/null +++ b/README.md @@ -0,0 +1,5 @@ +# Draft TS 103 834 Part 1: Technical Specification, SSP Test Tool Interface + +## Licensing information + +See LICENSE. \ No newline at end of file diff --git a/asn1/TS103834-1.asn b/asn1/TS103834-1.asn new file mode 100644 index 0000000..dd4f09b --- /dev/null +++ b/asn1/TS103834-1.asn @@ -0,0 +1,156 @@ + +TTIDefinitions { itu-t (0) identified-organization (4) etsi (0) smart-secure-platform (3834) part1 (1) } +DEFINITIONS +AUTOMATIC TAGS +EXTENSIBILITY IMPLIED ::= +BEGIN + +EXPORTS ALL; + +/* Imports */ +IMPORTS Version, +AccessorRights, +AccessControl, +UUID +FROM SSPDefinitions ; + + + + +id-tti OBJECT IDENTIFIER ::= {itu-t (0) identified-organization (4) etsi (0) smart-secure-platform (3834) part2 (1) } + +id-mb-role OBJECT IDENTIFIER ::= {id-tti role (0)} + +id-mb-role-ci OBJECT IDENTIFIER ::= { id-mb-role ci (0)} +id-mb-role-subordinate-ci OBJECT IDENTIFIER ::= { id-mb-role-ci subordinate-ca (0)} + +id-mb-role-mb OBJECT IDENTIFIER ::= {id-mb-role-subordinate-ci mb (0)} +id-mb-role-xmb OBJECT IDENTIFIER ::= {id-mb-role-subordinate-ci xmb (1)} +id-mb-role-mc OBJECT IDENTIFIER ::= { id-mb-role-xmb mc (0)} + +id-mb-role-mb-ee OBJECT IDENTIFIER ::= { id-mb-role-mb ee(0)} +id-mb-role-mc-ee OBJECT IDENTIFIER ::= { id-mb-role-mc ee(0)} + + + + +id-mb-role OBJECT IDENTIFIER ::= {id-tti role (0)} + +id-mb-role-ci OBJECT IDENTIFIER ::= { id-mb-role ci (0)} +id-mb-role-subordinate-ci OBJECT IDENTIFIER ::= { id-mb-role-ci subordinate-ca (0)} + +id-mb-role-mb OBJECT IDENTIFIER ::= {id-mb-role-subordinate-ci mb (0)} +id-mb-role-xmb OBJECT IDENTIFIER ::= {id-mb-role-subordinate-ci xmb (1)} +id-mb-role-mc OBJECT IDENTIFIER ::= { id-mb-role-xmb mc (0)} + +id-mb-role-mb-ee OBJECT IDENTIFIER ::= { id-mb-role-mb ee(0)} +id-mb-role-mc-ee OBJECT IDENTIFIER ::= { id-mb-role-mc ee(0)} + +id-aas-role OBJECT IDENTIFIER ::= {id-tti role (1)} + +id-aas-role-ci OBJECT IDENTIFIER ::= { id-aas-role ci (0)} + +id-aas-role-aas OBJECT IDENTIFIER ::= {id-aas-role-ci aas (0)} +id-aas-role-xaas OBJECT IDENTIFIER ::= {id-aas-role-ci aas (1)} +id-aas-role-aaa OBJECT IDENTIFIER ::= { id-aas-role-xaas aaa (0)} + +id-aas-role-aas-ee OBJECT IDENTIFIER ::= { id-aas-role-aas ee(0)} +id-aas-role-aaa-ee OBJECT IDENTIFIER ::= { id-aas-role-aaa ee(0)} + + + + +eTTIAccessRight-MBMHostPacketRecordAllowed AccessorRights ::= { eRight-Bit1 } +eTTIAccessRight-MBMHostPacketInjectionAllowed AccessorRights ::= { eRight-Bit2 } +eTTIAccessRight-MBMHostImpersonationAllowed AccessorRights ::= { eRight-Bit3 } +eTTIAccessRight-SSPHostImpersonationAllowed AccessorRights ::= { eRight-Bit4 } +eTTIAccessRight-APDUGateAccessAllowed AccessorRights ::= { eRight-Bit5 } +eTTIAccessRight-UpdateACLAllowed AccessorRights ::= { eRight-Bit6 } + + + +TTI_Directives ::= SEQUENCE +{ +aImpersonnatedHost UUID, -- Host identifier of the impersonated host +aDirectives AccessorRights -- Directives as defined in the clause 6.2.1.2 +} + + +TTI-OP-GET-CAPABILITIES-Service-Command ::= [PRIVATE 16] SEQUENCE +{ +} + + +TTI-OP-GET-CAPABILITIES-Service-Response-Parameter ::= [PRIVATE 16] SEQUENCE +{ + aVersion Version -- Release of the TTI service +} + +TTI-OP-GET-CAPABILITIES-Service-Response ::= [PRIVATE 16] SEQUENCE +{ + aTTI-Service-Response TTI-Service-Response DEFAULT eTTI-OK, + aParameter TTI-OP-GET-CAPABILITIES-Service-Response-Parameter OPTIONAL +} + + +TTI-ADMIN-IMPERSONATE-Service-Command ::= [PRIVATE 17] SEQUENCE +{ + aFirmwareFamilyID UUID, -- Identifier of firmware family of the host to impersonate + aHostDomainID UUID -- Host domain identifier of the host to impersonate +} + + +TTI-ADMIN-IMPERSONATE-Service-Response ::= [PRIVATE 17] SEQUENCE +{ + aTTI-Service-Response TTI-Service-Response DEFAULT eTTI-OK +} + + +TTI-Service-Response ::= ENUMERATED +{ + eTTI-OK (0), -- no error + eTTI-E-CMD-PAR-UNKNOWN (2), -- unknown or illegal command parameter + eTTI-E-NOK (3) -- the command has failed +} + + + +TTI-ADMIN-UPDATE-ACL-Service-Command ::= [PRIVATE 18] SEQUENCE +{ + aACL SET OF AccessControl -- New access control +} + + + + +TTI-ADMIN-UPDATE-ACL-Service-Response ::= [PRIVATE 18] SEQUENCE +{ + aTTI-Service-Response TTI-Service-Response DEFAULT eTTI-OK +} + + + + +TTI-SERVICE-GATE-Commands ::= [APPLICATION 2] CHOICE +{ + aTTI-OP-GET-CAPABILITIES-Service-Command TTI-OP-GET-CAPABILITIES-Service-Command, + aTTI-ADMIN-IMPERSONATE-Service-Command TTI-ADMIN-IMPERSONATE-Service-Command, + aTTI-ADMIN-UPDATE-ACL-Service-Command TTI-ADMIN-UPDATE-ACL-Service-Command +} + + + + +TTI-SERVICE-GATE-Responses ::= [APPLICATION 1] CHOICE +{ + aTTI-OP-GET-CAPABILITIES-Service-Response TTI-OP-GET-CAPABILITIES-Service-Response, + aTTI-ADMIN-IMPERSONATE-Service-Response TTI-ADMIN-IMPERSONATE-Service-Response, + aTTI-ADMIN-UPDATE-ACL-Service-Response TTI-ADMIN-UPDATE-ACL-Service-Response +} + + + + +END + + diff --git a/figures/Figure A.1.plantuml b/figures/Figure A.1.plantuml new file mode 100644 index 0000000..57b4804 --- /dev/null +++ b/figures/Figure A.1.plantuml @@ -0,0 +1,62 @@ +@startuml +skinparam monochrome true +skinparam defaultFontName Arial +skinparam classFontSize 10 +skinparam sequenceBoxBorderColor #black +participant "**TTI Host**\nAccessor Authentication Service Gate" as hosta_fs_ctr +participant "**TTI Host**\nAdministration Gate" as hosta_adm +participant "**Tester Host**\nAdministration Gate" as hostb_adm +participant "**Tester Host**\nAccessor Authentication Application Gate" as hostb_fs_ctr +participant "**TTI Host**\nTTI control Service Gate" as hosta_fs_data +participant "**Tester Host**\nTTI control Application Gate" as hostb_fs_data +autonumber +...**Notation:** Gate Identifier : Pipe Session Open on [PIN,POUT]... +... +opt +hostb_fs_ctr->hosta_fs_ctr: AAS-OP-GET-CAPABILITIES-Service-Command [aRequestType] on P10 +activate hosta_fs_ctr +activate hostb_fs_ctr +hosta_fs_ctr-->hostb_fs_ctr: eANY-OK [aGlobalAuthenticationService or aAccessorStatus] on P20 +deactivate hostb_fs_ctr +deactivate hosta_fs_ctr +end +... +opt [requested for Token based authentication] +hostb_fs_ctr->hosta_fs_ctr: AAS-OP-GET-CHALLENGE-Service-Command on P10 +activate hosta_fs_ctr +activate hostb_fs_ctr +hosta_fs_ctr-->hostb_fs_ctr: eANY-OK [aChallenge, aCertificates] on P20 +deactivate hostb_fs_ctr +deactivate hosta_fs_ctr +end +... +hostb_fs_ctr->hosta_fs_ctr: AAS-OP-AUTHENTICATE-ACCESSOR-Service-Command [aCredential] on P10 +activate hosta_fs_ctr +activate hostb_fs_ctr +hosta_fs_ctr-->hostb_fs_ctr: eANY-OK [aCredentialsStatus or aServiceTokenCertificationPath] on P20 +deactivate hostb_fs_ctr +deactivate hosta_fs_ctr +... +alt Successful authentication +hostb_fs_ctr->hosta_fs_ctr: AAS-OP-ACCESS-SERVICE-Service-Command [aTServiceIdentifier(TTI-control-service-identifier), aUseSecurePipe] on P10 +activate hosta_fs_ctr +activate hostb_fs_ctr +hosta_fs_ctr-->hostb_fs_ctr: eANY-OK [**aGate-Identifier**] on P20 +deactivate hostb_fs_ctr +deactivate hosta_fs_ctr +hostb_adm->hosta_adm:EVT_ADM_BIND [**aGate-Identifier ,P21**] +hosta_adm->hostb_adm:EVT_ADM_BIND [**aGate-Identifier ,P11**] +note right of hostb_fs_data : ApplicationaGate-Identifier : Pipe Session Open on [P21,P11] +note left of hosta_fs_data: ServiceaGate-Identifier : Pipe Session Open on [P11,P21] +hosta_fs_data<-hostb_fs_data: TTI-ADMIN-IMPERSONATE-Service-Command [aFirmwareFamilyID,aHostDomainID] on P11 +activate hosta_fs_data +activate hostb_fs_data +hostb_fs_data<--hosta_fs_data: eANY-OK [Parameters...] on P21 +deactivate hostb_fs_data +deactivate hosta_fs_data +... +hostb_adm->hosta_adm:EVT_ADM_UNBIND [**P11**] +note right of hostb_fs_data : ServiceaGate-Identifier : Pipe Session closed on [P21,P11] +note left of hosta_fs_data: ServiceaGate-Identifier : Pipe Session closed on [P11,P21] +end +@enduml \ No newline at end of file diff --git a/figures/Figure B.1.plantuml b/figures/Figure B.1.plantuml new file mode 100644 index 0000000..86e8c78 --- /dev/null +++ b/figures/Figure B.1.plantuml @@ -0,0 +1,62 @@ +@startuml +skinparam monochrome true +skinparam defaultFontName Arial +skinparam classFontSize 10 +skinparam sequenceBoxBorderColor #black +participant "**TTI Host**\nAccessor Authentication Service Gate" as hosta_fs_ctr +participant "**TTI Host**\nAdministration Gate" as hosta_adm +participant "**Tester Host**\nAdministration Gate" as hostb_adm +participant "**Tester Host**\nAccessor Authentication Application Gate" as hostb_fs_ctr +participant "**TTI Host**\nTTI data Service Gate" as hosta_fs_data +participant "**Tester Host**\nTTI data Application Gate" as hostb_fs_data +autonumber +...**Notation:** Gate Identifier : Pipe Session Open on [PIN,POUT]... +... +opt +hostb_fs_ctr->hosta_fs_ctr: AAS-OP-GET-CAPABILITIES-Service-Command [aRequestType] on P10 +activate hosta_fs_ctr +activate hostb_fs_ctr +hosta_fs_ctr-->hostb_fs_ctr: eANY-OK [aGlobalAuthenticationService or aAccessorStatus] on P20 +deactivate hostb_fs_ctr +deactivate hosta_fs_ctr +end +... +opt [requested for Token based authentication] +hostb_fs_ctr->hosta_fs_ctr: AAS-OP-GET-CHALLENGE-Service-Command on P10 +activate hosta_fs_ctr +activate hostb_fs_ctr +hosta_fs_ctr-->hostb_fs_ctr: eANY-OK [aChallenge, aCertificates] on P20 +deactivate hostb_fs_ctr +deactivate hosta_fs_ctr +end +... +hostb_fs_ctr->hosta_fs_ctr: AAS-OP-AUTHENTICATE-ACCESSOR-Service-Command [aCredential] on P10 +activate hosta_fs_ctr +activate hostb_fs_ctr +hosta_fs_ctr-->hostb_fs_ctr: eANY-OK [aCredentialsStatus or aServiceTokenCertificationPath] on P20 +deactivate hostb_fs_ctr +deactivate hosta_fs_ctr +... +alt Successful authentication +hostb_fs_ctr->hosta_fs_ctr: AAS-OP-ACCESS-SERVICE-Service-Command [aTServiceIdentifier(TTI-data-service-identifier), aUseSecurePipe] on P10 +activate hosta_fs_ctr +activate hostb_fs_ctr +hosta_fs_ctr-->hostb_fs_ctr: eANY-OK [**aGate-Identifier**] on P20 +deactivate hostb_fs_ctr +deactivate hosta_fs_ctr +hostb_adm->hosta_adm:EVT_ADM_BIND [**aGate-Identifier ,P21**] +hosta_adm->hostb_adm:EVT_ADM_BIND [**aGate-Identifier ,P11**] +note right of hostb_fs_data : ApplicationaGate-Identifier : Pipe Session Open on [P21,P11] +note left of hosta_fs_data: ServiceaGate-Identifier : Pipe Session Open on [P11,P21] +hosta_fs_data<-hostb_fs_data: stream tunnelled SCL packets on P11 +activate hosta_fs_data +activate hostb_fs_data +hostb_fs_data<--hosta_fs_data: stream tunnelled SCL packets on P21 +deactivate hostb_fs_data +deactivate hosta_fs_data +... +hostb_adm->hosta_adm:EVT_ADM_UNBIND [**P11**] +note right of hostb_fs_data : ServiceaGate-Identifier : Pipe Session closed on [P21,P11] +note left of hosta_fs_data: ServiceaGate-Identifier : Pipe Session closed on [P11,P21] +end +@enduml \ No newline at end of file diff --git a/figures/Figure C.1.plantuml b/figures/Figure C.1.plantuml new file mode 100644 index 0000000..ed721db --- /dev/null +++ b/figures/Figure C.1.plantuml @@ -0,0 +1,55 @@ +@startuml +skinparam monochrome true +skinparam defaultFontName Arial +skinparam classFontSize 10 +skinparam sequenceBoxBorderColor #black + +participant "**TTI UL server**\nUL server" as ul_server + + + +participant "**MQTT client tester**\nClient" as client_tester +participant "**MQTT broker**\nBroker" as broker +participant "**MQTT client terminal**\nClient" as client_terminal +participant "**TTI UL client**\nUL client" as ul_client +autonumber +... + +client_tester->broker: CONNECT +broker-->client_tester: CONNECTACK +activate client_tester +client_terminal->broker: CONNECT +broker-->client_terminal: CONNECTACK +activate client_terminal +... +client_terminal->broker: SUBSCRIBE on /geturl/client_identifier +broker-->client_terminal: SUBSCRIBACK + +client_tester -> broker: PUBLISH URL on /geturl/client_identifier +client_terminal <- broker: PUBLISH URL on /geturl/client_identifier +broker <-- client_terminal: PUBREC +broker --> client_tester: PUBREC +client_tester -> broker: PUBREL +client_terminal <- broker: PUBREL + +broker <-- client_terminal: PUBCOMP +client_terminal->client_terminal: store the URL and notify TTI_UL client +broker->broker: delete the message + +broker --> client_tester: PUBCOMP +client_tester->client_tester: delete message and notify tester + +client_tester->broker: DISCONNECT +broker-->client_tester: DISCONNECTACK +deactivate client_tester +client_terminal->broker: DISCONNECT +broker-->client_terminal: DISCONNECTACK +deactivate client_terminal + + +... +ul_client<->ul_server: TLS connection +activate ul_server +activate ul_client +... +@enduml \ No newline at end of file diff --git a/figures/Figure D.1.plantuml b/figures/Figure D.1.plantuml new file mode 100644 index 0000000..55d41f4 --- /dev/null +++ b/figures/Figure D.1.plantuml @@ -0,0 +1,50 @@ +@startuml +skinparam monochrome normal +skinparam backgroundcolor transparent +skinparam ArrowColor black +skinparam lifelinestrategy solid +skinparam sequenceMessageAlign center +skinparam noteBackgroundColor white +skinparam participantBackgroundColor white +autonumber 1 +hide footbox +participant "TTI_UL server" as TTI_UL_S +participant "TTI MQTT client(Tester) " as MBTT +participant "MQTT broker" as MB +participant "TTI MQTT client(Terminal) " as MBTE +participant "TTI_UL client " as TTI_UL_C + +==Connection of the terminal to the broker == + MBTE -> MB: CONNECT + MB <-- MBTE: CONNACK + activate MBTE + MBTE -> MB: SUBSCRIBE /geturl/ + MB <-- MBTE: SUBACK +... +==Connection of the Test tool to the broker == + MBTT -> MB: CONNECT + MB <-- MBTT: CONNACK + activate MBTT +... + MBTT ->MBTT: store URL + MB <- MBTT: PUBLISH /geturl/, URL + MB ->MB: store URL + MB -> MBTE: PUBLISH /geturl/, URL + + MB <-- MBTE: PUBREC + MB --> MBTT: PUBREC + MBTT -> MB: PUBREL + MB -> MBTE: PUBREL + MBTE --> MB: PUBCOMP + MBTE ->MBTE: store URL + MB --> MBTT: PUBCOMP + MB ->MB: delete URL + MBTT ->MBTT: delete URL +== Disconnection of the MQTT client of the tester == + MBTT ->MB: DISCONNECT + deactivate MBTT +... +== Connection between the TTI_UL server and TTI_UL client == + + TTI_UL_S <-> TTI_UL_C : TTI_UL connection(URL) +@enduml \ No newline at end of file -- GitLab