From 91a4cfa3dbe53431baf1df491c3ef72cbd3a8207 Mon Sep 17 00:00:00 2001 From: Alain Rhelimi Date: Wed, 19 Oct 2022 10:40:07 +0200 Subject: [PATCH] initial commit --- README.md | 5 + asn1/TS103834-2.asn | 419 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 424 insertions(+) create mode 100644 README.md create mode 100644 asn1/TS103834-2.asn diff --git a/README.md b/README.md new file mode 100644 index 0000000..a516191 --- /dev/null +++ b/README.md @@ -0,0 +1,5 @@ +# Draft TS 103 834 Part 2: Test Specification, SSP Test Tool Interface + +## Licensing information + +See LICENSE. \ No newline at end of file diff --git a/asn1/TS103834-2.asn b/asn1/TS103834-2.asn new file mode 100644 index 0000000..1ba9430 --- /dev/null +++ b/asn1/TS103834-2.asn @@ -0,0 +1,419 @@ + + +TTITestsDefinitions { itu-t (0) identified-organization (4) etsi (0) smart-secure-platform (3834) part1 (2) } +DEFINITIONS +AUTOMATIC TAGS +EXTENSIBILITY IMPLIED ::= +BEGIN + +EXPORTS ALL; +/* Imports */ +IMPORTS + AccessMode, + UUID, + SessionID, + AccessorRights, + AccessControl, + AccessorConditionsPIN, + AccessorConditions, + AAS-CONTROL-SERVICE-GATE-Commands, + AAS-CONTROL-SERVICE-GATE-Responses, + TTI-CONTROL-SERVICE-GATE-Commands, + TTI-CONTROL-SERVICE-GATE-Responses, + Certificate, + AuthenticationToken, + Version +FROM SSPDefinitions + ECDSA-Sig-Value, + id-ecPublicKey +FROM PKIX1Algorithms88; + + + + +eTTI-ID-CS UUID::='09560B78BED958B9A5FF6CAA8384D556'H -- ETSI TTI Control Service identifier + +-- urn:etsi.org:asn.1:accessor:tti +eTTI-ACC UUID::='0F26EB7CEF785F8E84FCB64C9284638E'H +eTTI-ACC-ROOT UUID::='DD61116FF0DD57F48A4F52EE70276F24'H +eAS-ID-ASS-GateID_1 UUID::='AAAAAAAABBBBCCCCDDDDEEEEEEEEEEEE'H +eAS-ID-ASS-GateID_2 UUID::='AAAAAAAABBBBCCCCDDDDEEEEEEEEEEEA'H +eAS-Challenge UUID::='BA64E9EE888952F4891DA79401758FF4'H +-- urn:etsi.org:test:firmware-01 +eTTI-FFI UUID::='FC4B3800094D523A9A5AD2E9FDFBCEEC'H + +--eAASAccessRight-RequiresSecurePipe AccessorRights ::= { eRight-Bit1 } +--eAASAccessRight-Create AccessorRights ::= { eRight-Bit2 } +--eAASAccessRight-Delete AccessorRights ::= { eRight-Bit3 } +--eAASAccessRight-Update AccessorRights ::= { eRight-Bit4 } +--eAASAccessRight-UpdateACL AccessorRights ::= { eRight-Bit5 } +--eAASAccessRight-UpdateGroup AccessorRights ::= { eRight-Bit6 } +--eAASAccessRight-UpdateCredentialPolicy AccessorRights ::= { eRight-Bit7 } +--eAASAccessRight-UpdateCredentialStatus AccessorRights ::= { eRight-Bit8 } + +-- The root accessor has all accessor rights + +eTTI-ACL-ROOT AccessorRights ::= { +--eAASAccessRight-RequiresSecurePipe-- eRight-Bit1, +--eAASAccessRight-Create AccessorRights-- eRight-Bit2, +--eAASAccessRight-Delete-- eRight-Bit3, +--eAASAccessRight-Update AccessorRights-- eRight-Bit4, +--eAASAccessRight-UpdateACL-- eRight-Bit5, +--eAASAccessRight-UpdateGroup-- eRight-Bit6, +--eAASAccessRight-UpdateCredentialPolicy-- eRight-Bit7, +--eAASAccessRight-UpdateCredentialStatus-- eRight-Bit8 +} + +eTTI-ACL AccessorRights ::= { +--eAASAccessRight-RequiresSecurePipe-- eRight-Bit1, +--eAASAccessRight-Create AccessorRights-- eRight-Bit2, +--eAASAccessRight-Delete-- eRight-Bit3, +--eAASAccessRight-Update AccessorRights-- eRight-Bit4, +--eAASAccessRight-UpdateACL-- eRight-Bit5, +--eAASAccessRight-UpdateGroup-- eRight-Bit6, +--eAASAccessRight-UpdateCredentialPolicy-- eRight-Bit7, +--eAASAccessRight-UpdateCredentialStatus-- eRight-Bit8 +} +eTTI-CS-ACL AccessorRights ::= { +--eTTIAccessRight-APDUGateAccessAllowed -- eRight-Bit5 +} + + + +eAS-ATK-01 AuthenticationToken::={ + tbsToken { + version v1, + subjectPublicKeyInfo { + algorithm { + algorithm { 0 0 } + }, + subjectPublicKey '0'B + }, + aATK-Content { + aChallenge '00000000000000000000000000000000'H, + aKey-Size e128, + aStreamCipherIdentifier aAES-CGM-StreamCipherIdentifier + } + }, + signatureAlgorithm { + algorithm { 0 0 } + }, + signature { + r 0, + s 0 + } + } +eAS-CERT-01 Certificate ::= { + tbsCertificate { + version v3, + serialNumber 1, + signature { + algorithm { 0 0 }, + parameters OCTET STRING : '00'H + }, + issuer rdnSequence : { + { + { + type { 0 0 }, + value OCTET STRING : '00'H + } + } + }, + validity { + notBefore utcTime : "000101000000Z", + notAfter utcTime : "000101000000Z" + }, + subject rdnSequence : { + { + { + type { 0 0 }, + value OCTET STRING : '00'H + } + } + }, + subjectPublicKeyInfo { + algorithm { + algorithm id-ecPublicKey + }, + subjectPublicKey '0'B + }, + issuerUniqueID '0'B, + subjectUniqueID '0'B, + extensions { + { + extnID { 0 0 }, + critical FALSE, + extnValue '00'H + } + } + }, + signatureAlgorithm { + algorithm { 0 0 }, + parameters OCTET STRING : '00'H + }, + signature '0'B + } + + + + +aPTCS-003-command-01 AAS-CONTROL-SERVICE-GATE-Commands ::= aAAS-OP-GET-CHALLENGE-Service-Command : {} + + + + +aPTCS-003-response-01 AAS-CONTROL-SERVICE-GATE-Responses ::= aAAS-OP-GET-CHALLENGE-Service-Response : { + aAAS-Service-Response eAAS-OK, + aParameter { + aChallenge eAS-Challenge, + aCertificates {eAS-CERT-01} + } +} + + + + +aPTCS-003-command-02 AAS-CONTROL-SERVICE-GATE-Commands ::= aAAS-OP-AUTHENTICATE-ACCESSOR-Service-Command : { + aCredential aAccessorTokenCredential : { + aToken eAS-ATK-01, aTokenCertificationPath {eAS-CERT-01} + } +} + + + + +aPTCS-003-response-02 AAS-CONTROL-SERVICE-GATE-Commands ::= aAAS-OP-AUTHENTICATE-ACCESSOR-Service-Command : { + aCredential aAccessorTokenCredential : { + aToken eAS-ATK-01, aTokenCertificationPath {eAS-CERT-01} + } +} + + + + +aPTCS-004-command-01 AAS-CONTROL-SERVICE-GATE-Commands ::= aAAS-OP-ACCESS-SERVICE-Service-Command : { + aServiceIdentifier 'DD61116FF0DD57F48A4F52EE70276F24 'H, + aUseSecurePipe TRUE +} + + + +aPTCS-004-response-01 AAS-CONTROL-SERVICE-GATE-Responses ::= aAAS-OP-ACCESS-SERVICE-Service-Response : { + aAAS-Service-Response eAAS-OK, + aParameter { + aGateIdentifier eAS-ID-ASS-GateID_1 /* */ + } +} + + + + +aPTCS-0061-command-01 AAS-CONTROL-SERVICE-GATE-Commands ::= aAAS-ADMIN-CREATE-ACCESSOR-Service-Command : { + aAccessor aAccessorUser : { + aAccessorIdentity eTTI-ACC, + aAccessorConditions { + aAccessConditionsPIN ePinNumeric + }, + aACL { + { + aAccessorIdentity eTTI-ACC-ROOT, + aAccessorRights eTTI-ACL-ROOT + }, + { + aAccessorIdentity eTTI-ACC, + aAccessorRights eTTI-ACL + } + } + }, + aCredential { aPinNumericCredential "1234" }, + aCredentialsPolicy { + aPinNumericPolicy { + aIsDisableForbidden FALSE, aMinSize 4, aMaxSize 255, aMaxAttempts 3 + } + }, + aCredentialsStatus { + aPinNumericStatus { + aCommonStatus { + aIsDisabled FALSE + } + } + } +} + + + + +aPTCS-001-response-01 AAS-CONTROL-SERVICE-GATE-Responses ::= aAAS-ADMIN-CREATE-ACCESSOR-Service-Response : { + aAAS-Service-Response eAAS-OK +} + + + + +aTCS-003-command-01 AAS-CONTROL-SERVICE-GATE-Commands ::= aAAS-OP-AUTHENTICATE-ACCESSOR-Service-Command : { + aCredential aPinNumericCredential : "1234" +} + + + + +aTCS-003-response-01 AAS-CONTROL-SERVICE-GATE-Responses ::= aAAS-OP-AUTHENTICATE-ACCESSOR-Service-Response : { + aAAS-Service-Response eAAS-OK +} + + + + +aTCS-004-command-01 AAS-CONTROL-SERVICE-GATE-Commands ::= aAAS-OP-ACCESS-SERVICE-Service-Command : { + aServiceIdentifier eTTI-ID-CS, + aUseSecurePipe TRUE +} + + + + +aTCS-004-response-01 AAS-CONTROL-SERVICE-GATE-Responses ::= aAAS-OP-ACCESS-SERVICE-Service-Response : { + aAAS-Service-Response eAAS-OK, + aParameter { + aGateIdentifier eAS-ID-ASS-GateID_2 /* */ + } +} + + + + +aTCS-004011-command-01 AAS-CONTROL-SERVICE-GATE-Commands ::= aAAS-OP-ACCESS-SERVICE-Service-Command : { + aServiceIdentifier eTTI-ID-CS, + aUseSecurePipe TRUE +} + + + + +aTCS-004011-response-01 AAS-CONTROL-SERVICE-GATE-Responses ::= aAAS-OP-ACCESS-SERVICE-Service-Response : { + aAAS-Service-Response eAAS-OK, + aParameter { + aGateIdentifier eAS-ID-ASS-GateID_3 /* */ + } +} + + + + +aTTIC-TCS-001-command-01 TTI-SERVICE-GATE-Commands ::= aTTI-OP-GET-CAPABILITIES-Service-Command :{ +} + + + + +aTTIC-TCS-001-response-01 TTI-SERVICE-GATE-Responses ::= aTTI-OP-GET-CAPABILITIES-Service-Response : +{ + aTTI-Service-Response eTTI-OK, + aParameter { + aVersion '0000'H /**/ + } +} + + + + +aTTIC-TCS-002-command-01 TTI-SERVICE-GATE-Commands ::= aTTI-ADMIN-IMPERSONATE-Service-Command : { + + aFirmwareFamilyID eTTI-FFIUUID, -- Identifier of firmware family of the host to impersonate (REE host domain identifier)*/ + aHostDomainID 'E7A14FE4378D51AC85C805F6504A7C91'H UUID -- Host domain identifier of the host to impersonate*/ + +} + + + + +aTTIC-TCS-002-response-01 TTI-SERVICE-GATE-Responses ::= aTTI-ADMIN-IMPERSONATE-Service-Response : { + aTTI-Service-Response eTTI-OK +} + + + + +aTTIC-TCS-003-command-01 TTI-SERVICE-GATE-Commands ::= aTTI-ADMIN-IMPERSONATE-Service-Command :{ +} + + + + +aTTIC-TCS-003-response-01 TTI-SERVICE-GATE-Responses ::= aTTI-ADMIN-IMPERSONATE-Service-Response : { + aTTI-Service-Response eTTI-NOK +} + + + + +aTTIC-TCS-004-command-01 TTI-SERVICE-GATE-Commands ::= aTTI-ADMIN-UPDATE-ACL-Service-Command : { + aACL { + { + aAccessorIdentity eTTI-ACC, + aAccessorRights eTTI-CS-ACL + } + } + +} + + +aTTIC-TCS-004-response-01 TTI-SERVICE-GATE-Responses ::= aTTI-ADMIN-UPDATE-ACL-Service-Response :{ + aTTI-Service-Response eTTI-OK +} + + + +aTTIC-TCS-005-command-01 TTI-SERVICE-GATE-Commands ::= aTTI-ADMIN-UPDATE-ACL-Service-Command : { + aACL { + { + aAccessorIdentity eTTI-ACC, + aAccessorRights eTTI-CS-ACL + } + } +} + +aTTIC-TCS-005-response-01 TTI-SERVICE-GATE-Responses ::= aTTI-ADMIN-UPDATE-ACL-Service-Response :{ + aTTI-Service-Response eTTI-NOK +} + + + +aTTIC-TCS-006-command-01 TTI-SERVICE-GATE-Commands ::= aTTI-ADMIN-UPDATE-ACL-Service-Command : { + aACL { + { + aAccessorIdentity eTTI-ACC, + aAccessorRights '00000000000000000000000000000000'H + } + } +} + + + +aTTIC-TCS-006-response-01 TTI-SERVICE-GATE-Responses ::= aTTI-ADMIN-UPDATE-ACL-Service-Response :{ + aTTI-Service-Response eTTI-OK +} + + + +aTCS-001-command-01 AAS-CONTROL-SERVICE-GATE-Commands ::= aAAS-OP-ACCESS-SERVICE-Service-Command : { + aServiceIdentifier eTTI-ID-CS, + aUseSecurePipe TRUE +} + + + + +aTCS-0001-response-01 AAS-CONTROL-SERVICE-GATE-Responses ::= aAAS-OP-ACCESS-SERVICE-Service-Response : { + aAAS-Service-Response eAAS-OK, + aParameter { + aGateIdentifier eAS-ID-ASS-GateID_2 /* */ + } +} + + + + +END + + -- GitLab