From 4cbadb5d5d53404600cbd09b210827ebc5a77416 Mon Sep 17 00:00:00 2001 From: septs Date: Thu, 9 May 2024 19:42:52 +0800 Subject: [PATCH] docs: upgrade ASN.1 definitions to SGP.22 v2.2.2 (#87) --- asn1/generate.txt | 3 - {asn1 => docs/asn1}/PKIXExplicit88.asn | 0 {asn1 => docs/asn1}/PKIXImplicit88.asn | 0 {asn1 => docs/asn1}/rsp.asn | 369 +++++++++++++------------ euicc/es10b.h | 2 + 5 files changed, 190 insertions(+), 184 deletions(-) delete mode 100644 asn1/generate.txt rename {asn1 => docs/asn1}/PKIXExplicit88.asn (100%) rename {asn1 => docs/asn1}/PKIXImplicit88.asn (100%) rename {asn1 => docs/asn1}/rsp.asn (89%) diff --git a/asn1/generate.txt b/asn1/generate.txt deleted file mode 100644 index c53dd8b..0000000 --- a/asn1/generate.txt +++ /dev/null @@ -1,3 +0,0 @@ -asn1c -fwide-types -fcompound-names -fincludes-quoted -no-gen-example ../../../asn1/PKIXExplicit88.asn ../../../asn1/PKIXImplicit88.asn ../../../asn1/rsp.asn - -find "." -type f \( -name "*.c" -o -name "*.h" \) | while read -r file; do for header in $(find "." -type f -name "*.h"); do header_file=$(basename "$header"); sed -i "/#include <${header_file}>/c\#include \"${header_file}\"" "$file"; done; done diff --git a/asn1/PKIXExplicit88.asn b/docs/asn1/PKIXExplicit88.asn similarity index 100% rename from asn1/PKIXExplicit88.asn rename to docs/asn1/PKIXExplicit88.asn diff --git a/asn1/PKIXImplicit88.asn b/docs/asn1/PKIXImplicit88.asn similarity index 100% rename from asn1/PKIXImplicit88.asn rename to docs/asn1/PKIXImplicit88.asn diff --git a/asn1/rsp.asn b/docs/asn1/rsp.asn similarity index 89% rename from asn1/rsp.asn rename to docs/asn1/rsp.asn index 1e7ba93..16f1005 100644 --- a/asn1/rsp.asn +++ b/docs/asn1/rsp.asn @@ -3,38 +3,41 @@ DEFINITIONS AUTOMATIC TAGS EXTENSIBILITY IMPLIED ::= BEGIN - + IMPORTS Certificate, CertificateList, Time FROM PKIX1Explicit88 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit(18)} SubjectKeyIdentifier FROM PKIX1Implicit88 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit(19)}; - + id-rsp OBJECT IDENTIFIER ::= {joint-iso-itu-t(2) international-organizations(23) gsma(146) rsp(1)} - + -- Basic types, for size constraints Octet8 ::= OCTET STRING (SIZE(8)) +Octet4 ::= OCTET STRING (SIZE(4)) Octet16 ::= OCTET STRING (SIZE(16)) OctetTo16 ::= OCTET STRING (SIZE(1..16)) Octet32 ::= OCTET STRING (SIZE(32)) Octet1 ::= OCTET STRING(SIZE(1)) Octet2 ::= OCTET STRING (SIZE(2)) VersionType ::= OCTET STRING(SIZE(3)) -- major/minor/revision version are coded as binary value on byte 1/2/3, e.g. '02 00 0C' for v2.0.12. +-- If revision is not used (e.g. v2.1), byte 3 SHALL be set to '00'. + Iccid ::= [APPLICATION 26] OCTET STRING (SIZE(10)) -- ICCID as coded in EFiccid, corresponding tag is '5A' RemoteOpId ::= [2] INTEGER {installBoundProfilePackage(1)} TransactionId ::= OCTET STRING (SIZE(1..16)) - + -- Definition of EUICCInfo1 -------------------------- GetEuiccInfo1Request ::= [32] SEQUENCE { -- Tag 'BF20' } - + EUICCInfo1 ::= [32] SEQUENCE { -- Tag 'BF20' svn [2] VersionType, -- GSMA SGP.22 version supported (SVN) euiccCiPKIdListForVerification [9] SEQUENCE OF SubjectKeyIdentifier, -- List of CI Public Key Identifiers supported on the eUICC for signature verification euiccCiPKIdListForSigning [10] SEQUENCE OF SubjectKeyIdentifier -- List of CI Public Key Identifier supported on the eUICC for signature creation } - + -- Definition of EUICCInfo2 -------------------------- GetEuiccInfo2Request ::= [34] SEQUENCE { -- Tag 'BF22' } - + EUICCInfo2 ::= [34] SEQUENCE { -- Tag 'BF22' profileVersion [1] VersionType, -- SIMAlliance Profile package version supported svn [2] VersionType, -- GSMA SGP.22 version supported (SVN) @@ -57,23 +60,24 @@ EUICCInfo2 ::= [34] SEQUENCE { -- Tag 'BF22' sasAcreditationNumber UTF8String (SIZE(0..64)), certificationDataObject [12] CertificationDataObject OPTIONAL } - + -- Definition of RspCapability RspCapability ::= BIT STRING { additionalProfile(0), -- at least one more Profile can be installed crlSupport(1), -- CRL rpmSupport(2), -- Remote Profile Management - testProfileSupport (3) -- support for test profile + testProfileSupport (3), -- support for test profile + deviceInfoExtensibilitySupport (4) -- support for ASN.1 extensibility in the Device Info } - + -- Definition of CertificationDataObject CertificationDataObject ::= SEQUENCE { - platformLabel UTF8String, -- Platform_Label as defined in GlobalPlatform DLOA specification [57] + platformLabel UTF8String, -- Platform_Label as defined in GlobalPlatform DLOA specification [57] discoveryBaseURL UTF8String -- Discovery Base URL of the SE default DLOA Registrar as defined in GlobalPlatform DLOA specification [57] } - + CertificateInfo ::= BIT STRING { - + reserved(0), -- eUICC has a CERT.EUICC.ECDSA in GlobalPlatform format. The use of this bit is deprecated. certSigningX509(1), -- eUICC has a CERT.EUICC.ECDSA in X.509 format rfu2(2), @@ -81,42 +85,49 @@ CertificateInfo ::= BIT STRING { reserved2(4), -- Handling of Certificate in GlobalPlatform format. The use of this bit is deprecated. certVerificationX509(5)-- Handling of Certificate in X.509 format } - + -- Definition of UICCCapability UICCCapability ::= BIT STRING { -/* Sequence is derived from ServicesList[] defined in SIMalliance PEDefinitions*/ + /* Sequence is derived from ServicesList[] defined in SIMalliance PEDefinitions*/ contactlessSupport(0), -- Contactless (SWP, HCI and associated APIs) usimSupport(1), -- USIM as defined by 3GPP isimSupport(2), -- ISIM as defined by 3GPP csimSupport(3), -- CSIM as defined by 3GPP2 - + akaMilenage(4), -- Milenage as AKA algorithm akaCave(5), -- CAVE as authentication algorithm akaTuak128(6), -- TUAK as AKA algorithm with 128 bit key length akaTuak256(7), -- TUAK as AKA algorithm with 256 bit key length rfu1(8), -- reserved for further algorithms rfu2(9), -- reserved for further algorithms - + gbaAuthenUsim(10), -- GBA authentication in the context of USIM gbaAuthenISim(11), -- GBA authentication in the context of ISIM mbmsAuthenUsim(12), -- MBMS authentication in the context of USIM eapClient(13), -- EAP client - + javacard(14), -- Javacard support multos(15), -- Multos support - + multipleUsimSupport(16), -- Multiple USIM applications are supported within the same Profile multipleIsimSupport(17), -- Multiple ISIM applications are supported within the same Profile - multipleCsimSupport(18) -- Multiple CSIM applications are supported within the same Profile + multipleCsimSupport(18), -- Multiple CSIM applications are supported within the same Profile + + berTlvFileSupport(19), -- BER TLV files + dfLinkSupport(20), -- Linked Directory Files + catTp(21), -- Support of CAT TP + getIdentity(22), -- Support of the GET IDENTITY command as defined in ETSI TS 102 221 [6] + profile-a-x25519(23), -- Support of ECIES Profile A as defined in 3GPP TS 33.501 [87] + profile-b-p256(24), -- Support of ECIES Profile B as defined in 3GPP TS 33.501 [87] + suciCalculatorApi(25) -- Support of the associated API for SUCI derivation as defined in 3GPP 31.130 [88] } - -- Definition of DeviceInfo DeviceInfo ::= SEQUENCE { - tac Octet8, + tac Octet4, deviceCapabilities DeviceCapabilities, imei Octet8 OPTIONAL } - + DeviceCapabilities ::= SEQUENCE { -- Highest fully supported release for each definition -- The device SHALL set all the capabilities it supports gsmSupportedRelease VersionType OPTIONAL, @@ -124,12 +135,14 @@ DeviceCapabilities ::= SEQUENCE { -- Highest fully supported release for each de cdma2000onexSupportedRelease VersionType OPTIONAL, cdma2000hrpdSupportedRelease VersionType OPTIONAL, cdma2000ehrpdSupportedRelease VersionType OPTIONAL, - eutranSupportedRelease VersionType OPTIONAL, + eutranEpcSupportedRelease VersionType OPTIONAL, contactlessSupportedRelease VersionType OPTIONAL, rspCrlSupportedVersion VersionType OPTIONAL, - rspRpmSupportedVersion VersionType OPTIONAL + nrEpcSupportedRelease VersionType OPTIONAL, + nr5gcSupportedRelease VersionType OPTIONAL, + eutran5gcSupportedRelease VersionType OPTIONAL } - + ProfileInfoListRequest ::= [45] SEQUENCE { -- Tag 'BF2D' searchCriteria [0] CHOICE { isdpAid [APPLICATION 15] OctetTo16, -- AID of the ISD-P, tag '4F' @@ -138,13 +151,13 @@ ProfileInfoListRequest ::= [45] SEQUENCE { -- Tag 'BF2D' } OPTIONAL, tagList [APPLICATION 28] OCTET STRING OPTIONAL -- tag '5C' } - + -- Definition of ProfileInfoList ProfileInfoListResponse ::= [45] CHOICE { -- Tag 'BF2D' profileInfoListOk SEQUENCE OF ProfileInfo, profileInfoListError ProfileInfoListError } - + ProfileInfo ::= [PRIVATE 3] SEQUENCE { -- Tag 'E3' iccid Iccid OPTIONAL, isdpAid [APPLICATION 15] OctetTo16 OPTIONAL, -- AID of the ISD-P containing the Profile, tag '4F' @@ -154,14 +167,14 @@ ProfileInfo ::= [PRIVATE 3] SEQUENCE { -- Tag 'E3' profileName [18] UTF8String (SIZE(0..64)) OPTIONAL, -- Tag '92' iconType [19] IconType OPTIONAL, -- Tag '93' icon [20] OCTET STRING (SIZE(0..1024)) OPTIONAL, -- Tag '94', see condition in ES10c:GetProfilesInfo - profileClass [21] ProfileClass DEFAULT operational, -- Tag '95' + profileClass [21] ProfileClass OPTIONAL, -- Tag '95' notificationConfigurationInfo [22] SEQUENCE OF NotificationConfigurationInformation OPTIONAL, -- Tag 'B6' - profileOwner [23] OperatorID OPTIONAL, -- Tag 'B7' + profileOwner [23] OperatorId OPTIONAL, -- Tag 'B7' dpProprietaryData [24] DpProprietaryData OPTIONAL, -- Tag 'B8' profilePolicyRules [25] PprIds OPTIONAL, -- Tag '99' refArDo [118] SEQUENCE OF RefArDo OPTIONAL -- Tag 'BF76' } - + RefArDo ::= [PRIVATE 2] SEQUENCE { -- Tag 'E2' refDo [PRIVATE 1] SEQUENCE { -- Tag 'E1' deviceAppIdRefDo [PRIVATE 1] OCTET STRING (SIZE(20|32)), -- Tag 'C1' @@ -171,52 +184,51 @@ RefArDo ::= [PRIVATE 2] SEQUENCE { -- Tag 'E2' permArDo [PRIVATE 27] OCTET STRING (SIZE(8)) -- Tag 'DB' } } - + PprIds ::= BIT STRING {-- Definition of Profile Policy Rules identifiers pprUpdateControl(0), -- defines how to update PPRs via ES6 ppr1(1), -- Indicator for PPR1 'Disabling of this Profile is not allowed' - ppr2(2), -- Indicator for PPR2 'Deletion of this Profile is not allowed' - ppr3(3) -- Indicator for PPR3 'Deletion of this Profile is required upon its successful disabling' + ppr2(2) -- Indicator for PPR2 'Deletion of this Profile is not allowed' } - -OperatorID ::= SEQUENCE { + +OperatorId ::= SEQUENCE { mccMnc OCTET STRING (SIZE(3)), -- MCC and MNC coded as defined in 3GPP TS 24.008 [32] gid1 OCTET STRING OPTIONAL, -- referring to content of EF GID1 (file identifier '6F3E') as defined in 3GPP TS 31.102 [54] gid2 OCTET STRING OPTIONAL -- referring to content of EF GID2 (file identifier '6F3F') as defined in 3GPP TS 31.102 [54] } - + ProfileInfoListError ::= INTEGER {incorrectInputValues(1), undefinedError(127)} - + -- Definition of StoreMetadata request - + StoreMetadataRequest ::= [37] SEQUENCE { -- Tag 'BF25' iccid Iccid, serviceProviderName [17] UTF8String (SIZE(0..32)), -- Tag '91' profileName [18] UTF8String (SIZE(0..64)), -- Tag '92' (corresponds to 'Short Description' defined in SGP.21 [2]) iconType [19] IconType OPTIONAL, -- Tag '93' (JPG or PNG) icon [20] OCTET STRING (SIZE(0..1024)) OPTIONAL, -- Tag '94'(Data of the icon. Size 64 x 64 pixel. This field SHALL only be present if iconType is present) - profileClass [21] ProfileClass OPTIONAL, -- Tag '95' (default if absent: 'operational') + profileClass [21] ProfileClass DEFAULT operational, -- Tag '95' notificationConfigurationInfo [22] SEQUENCE OF NotificationConfigurationInformation OPTIONAL, - profileOwner [23] OperatorID OPTIONAL, -- Tag 'B7' + profileOwner [23] OperatorId OPTIONAL, -- Tag 'B7' profilePolicyRules [25] PprIds OPTIONAL -- Tag '99' } - + NotificationEvent ::= BIT STRING { notificationInstall (0), notificationEnable(1), notificationDisable(2), notificationDelete(3) } - + NotificationConfigurationInformation ::= SEQUENCE { profileManagementOperation NotificationEvent, notificationAddress UTF8String -- FQDN to forward the notification } - + IconType ::= INTEGER {jpg(0), png(1)} ProfileState ::= INTEGER {disabled(0), enabled(1)} ProfileClass ::= INTEGER {test(0), provisioning(1), operational(2)} - + -- Definition of UpdateMetadata request UpdateMetadataRequest ::= [42] SEQUENCE { -- Tag 'BF2A' serviceProviderName [17] UTF8String (SIZE(0..32)) OPTIONAL, -- Tag '91' @@ -225,7 +237,7 @@ UpdateMetadataRequest ::= [42] SEQUENCE { -- Tag 'BF2A' icon [20] OCTET STRING (SIZE(0..1024)) OPTIONAL, -- Tag '94' profilePolicyRules [25] PprIds OPTIONAL -- Tag '99' } - + -- Definition of data objects for command PrepareDownload ------------------------- PrepareDownloadRequest ::= [33] SEQUENCE { -- Tag 'BF21' smdpSigned2 SmdpSigned2, -- Signed information @@ -233,73 +245,73 @@ PrepareDownloadRequest ::= [33] SEQUENCE { -- Tag 'BF21' hashCc Octet32 OPTIONAL, -- Hash of confirmation code smdpCertificate Certificate -- CERT.DPpb.ECDSA } - + SmdpSigned2 ::= SEQUENCE { - transactionId [0] TransactionId, -- The TransactionID generated by the SM DP+ + transactionId [0] TransactionId, -- The TransactionID generated by the SM-DP+ ccRequiredFlag BOOLEAN, --Indicates if the Confirmation Code is required bppEuiccOtpk [APPLICATION 73] OCTET STRING OPTIONAL -- otPK.EUICC.ECKA already used for binding the BPP, tag '5F49' } - + PrepareDownloadResponse ::= [33] CHOICE { -- Tag 'BF21' downloadResponseOk PrepareDownloadResponseOk, downloadResponseError PrepareDownloadResponseError } - + PrepareDownloadResponseOk ::= SEQUENCE { euiccSigned2 EUICCSigned2, -- Signed information euiccSignature2 [APPLICATION 55] OCTET STRING -- tag '5F37' } - + EUICCSigned2 ::= SEQUENCE { transactionId [0] TransactionId, euiccOtpk [APPLICATION 73] OCTET STRING, -- otPK.EUICC.ECKA, tag '5F49' hashCc Octet32 OPTIONAL -- Hash of confirmation code } - + PrepareDownloadResponseError ::= SEQUENCE { transactionId [0] TransactionId, downloadErrorCode DownloadErrorCode } - + DownloadErrorCode ::= INTEGER {invalidCertificate(1), invalidSignature(2), unsupportedCurve(3), noSessionContext(4), invalidTransactionId(5), undefinedError(127)} - + -- Definition of data objects for command AuthenticateServer-------------------- AuthenticateServerRequest ::= [56] SEQUENCE { -- Tag 'BF38' serverSigned1 ServerSigned1, -- Signed information - serverSignature1 [APPLICATION 55] OCTET STRING, -- tag ?5F37? + serverSignature1 [APPLICATION 55] OCTET STRING, -- tag ‘5F37’ euiccCiPKIdToBeUsed SubjectKeyIdentifier, -- CI Public Key Identifier to be used serverCertificate Certificate, -- RSP Server Certificate CERT.XXauth.ECDSA ctxParams1 CtxParams1 } - + ServerSigned1 ::= SEQUENCE { transactionId [0] TransactionId, -- The Transaction ID generated by the RSP Server euiccChallenge [1] Octet16, -- The eUICC Challenge serverAddress [3] UTF8String, -- The RSP Server address serverChallenge [4] Octet16 -- The RSP Server Challenge } - + CtxParams1 ::= CHOICE { - ctxParamsForCommonAuthentication CtxParamsForCommonAuthentication -- New contextual data objects may be defined for extensibility + ctxParamsForCommonAuthentication CtxParamsForCommonAuthentication -- New contextual data objects MAY be defined for extensibility } - + CtxParamsForCommonAuthentication ::= SEQUENCE { matchingId UTF8String OPTIONAL,-- The MatchingId could be the Activation code token or EventID or empty deviceInfo DeviceInfo -- The Device information } - + AuthenticateServerResponse ::= [56] CHOICE { -- Tag 'BF38' authenticateResponseOk AuthenticateResponseOk, authenticateResponseError AuthenticateResponseError } - + AuthenticateResponseOk ::= SEQUENCE { euiccSigned1 EuiccSigned1, -- Signed information euiccSignature1 [APPLICATION 55] OCTET STRING, --EUICC_Sign1, tag 5F37 euiccCertificate Certificate, -- eUICC Certificate (CERT.EUICC.ECDSA) signed by the EUM eumCertificate Certificate -- EUM Certificate (CERT.EUM.ECDSA) signed by the requested CI } - + EuiccSigned1 ::= SEQUENCE { transactionId [0] TransactionId, serverAddress [3] UTF8String, @@ -307,96 +319,86 @@ EuiccSigned1 ::= SEQUENCE { euiccInfo2 [34] EUICCInfo2, ctxParams1 CtxParams1 } - + AuthenticateResponseError ::= SEQUENCE { transactionId [0] TransactionId, authenticateErrorCode AuthenticateErrorCode } - + AuthenticateErrorCode ::= INTEGER {invalidCertificate(1), invalidSignature(2), unsupportedCurve(3), noSessionContext(4), invalidOid(5), euiccChallengeMismatch(6), ciPKUnknown(7), undefinedError(127)} - + -- Definition of Cancel Session------------------------------ CancelSessionRequest ::= [65] SEQUENCE { -- Tag 'BF41' transactionId TransactionId, -- The TransactionID generated by the RSP Server reason CancelSessionReason } - -CancelSessionReason ::= INTEGER {endUserRejection(0), postponed(1), timeout(2), pprNotAllowed(3)} - + +CancelSessionReason ::= INTEGER {endUserRejection(0), postponed(1), timeout(2), pprNotAllowed(3), metadataMismatch(4), loadBppExecutionError(5), undefinedReason(127)} + CancelSessionResponse ::= [65] CHOICE { -- Tag 'BF41' cancelSessionResponseOk CancelSessionResponseOk, cancelSessionResponseError INTEGER {invalidTransactionId(5), undefinedError(127)} } - + CancelSessionResponseOk ::= SEQUENCE { euiccCancelSessionSigned EuiccCancelSessionSigned, -- Signed information euiccCancelSessionSignature [APPLICATION 55] OCTET STRING -- tag '5F37 } - + EuiccCancelSessionSigned ::= SEQUENCE { transactionId TransactionId, smdpOid OBJECT IDENTIFIER, -- SM-DP+ OID as contained in CERT.DPauth.ECDSA reason CancelSessionReason } --- asn1c caused some bug when process nested id, so workaround here -BoundProfilePackageTLV87 ::= [7] OCTET STRING -BoundProfilePackageTLV88 ::= [8] OCTET STRING -BoundProfilePackageTLV86 ::= [6] OCTET STRING - -SeqBoundProfilePackageTLV87 ::= [0] SEQUENCE OF BoundProfilePackageTLV87 -SeqBoundProfilePackageTLV88 ::= [1] SEQUENCE OF BoundProfilePackageTLV88 -SeqSecondBoundProfilePackageTLV87 ::= [2] SEQUENCE OF BoundProfilePackageTLV87 -SeqBoundProfilePackageTLV86 ::= [3] SEQUENCE OF BoundProfilePackageTLV86 - -- Definition of Bound Profile Package -------------------------- BoundProfilePackage ::= [54] SEQUENCE { -- Tag 'BF36' initialiseSecureChannelRequest [35] InitialiseSecureChannelRequest, -- Tag 'BF23' - firstSequenceOf87 SeqBoundProfilePackageTLV87, -- sequence of '87' TLVs - sequenceOf88 SeqBoundProfilePackageTLV88, -- sequence of '88' TLVs - secondSequenceOf87 SeqSecondBoundProfilePackageTLV87 OPTIONAL, -- sequence of '87' TLVs - sequenceOf86 SeqBoundProfilePackageTLV86 -- sequence of '86' TLVs + firstSequenceOf87 [0] SEQUENCE OF [7] OCTET STRING, -- sequence of '87' TLVs + sequenceOf88 [1] SEQUENCE OF [8] OCTET STRING, -- sequence of '88' TLVs + secondSequenceOf87 [2] SEQUENCE OF [7] OCTET STRING OPTIONAL, -- sequence of '87' TLVs + sequenceOf86 [3] SEQUENCE OF [6] OCTET STRING -- sequence of '86' TLVs } - + -- Definition of Get eUICC Challenge -------------------------- GetEuiccChallengeRequest ::= [46] SEQUENCE { -- Tag 'BF2E' } - + GetEuiccChallengeResponse ::= [46] SEQUENCE { -- Tag 'BF2E' euiccChallenge Octet16 -- random eUICC challenge } - --- Definition of Profile Installation Resulceipt + +-- Definition of Profile Installation Result ProfileInstallationResult ::= [55] SEQUENCE { -- Tag 'BF37' profileInstallationResultData [39] ProfileInstallationResultData, euiccSignPIR EuiccSignPIR } - + ProfileInstallationResultData ::= [39] SEQUENCE { -- Tag 'BF27' transactionId[0] TransactionId, -- The TransactionID generated by the SM-DP+ notificationMetadata[47] NotificationMetadata, - smdpOid OBJECT IDENTIFIER OPTIONAL, -- SM-DP+ OID (same value as in CERT.DPpb.ECDSA) + smdpOid OBJECT IDENTIFIER, -- SM-DP+ OID (same value as in CERT.DPpb.ECDSA) finalResult [2] CHOICE { successResult SuccessResult, errorResult ErrorResult } } - -EuiccSignPIR ::= [APPLICATION 55] OCTET STRING -- Tag '5F37', eUICC?s signature - + +EuiccSignPIR ::= [APPLICATION 55] OCTET STRING -- Tag '5F37', eUICC’s signature + SuccessResult ::= SEQUENCE { aid [APPLICATION 15] OCTET STRING (SIZE (5..16)), -- AID of ISD-P simaResponse OCTET STRING -- contains (multiple) 'EUICCResponse' as defined in [5] } - + ErrorResult ::= SEQUENCE { bppCommandId BppCommandId, errorReason ErrorReason, simaResponse OCTET STRING OPTIONAL -- contains (multiple) 'EUICCResponse' as defined in [5] } - + BppCommandId ::= INTEGER {initialiseSecureChannel(0), configureISDP(1), storeMetadata(2), storeMetadata2(3), replaceSessionKeys(4), loadProfileElements(5)} - + ErrorReason ::= INTEGER { incorrectInputValues(1), invalidSignature(2), @@ -409,44 +411,44 @@ ErrorReason ::= INTEGER { installFailedDueToIccidAlreadyExistsOnEuicc(9), installFailedDueToInsufficientMemoryForProfile(10), installFailedDueToInterruption(11), installFailedDueToPEProcessingError (12), - installFailedDueToIccidMismatch(13), + installFailedDueToDataMismatch(13), testProfileInstallFailedDueToInvalidNaaKey(14), pprNotAllowed(15), installFailedDueToUnknownError(127) } - + ListNotificationRequest ::= [40] SEQUENCE { -- Tag 'BF28' profileManagementOperation [1] NotificationEvent OPTIONAL } - + ListNotificationResponse ::= [40] CHOICE { -- Tag 'BF28' notificationMetadataList SEQUENCE OF NotificationMetadata, listNotificationsResultError INTEGER {undefinedError(127)} } - + NotificationMetadata ::= [47] SEQUENCE { -- Tag 'BF2F' seqNumber [0] INTEGER, - profileManagementOperation [1] NotificationEvent, --Only one bit set to 1 + profileManagementOperation [1] NotificationEvent, --Only one bit SHALL be set to 1 notificationAddress UTF8String, -- FQDN to forward the notification iccid Iccid OPTIONAL } - + -- Definition of Profile Nickname Information SetNicknameRequest ::= [41] SEQUENCE { -- Tag 'BF29' iccid Iccid, profileNickname [16] UTF8String (SIZE(0..64)) } - + SetNicknameResponse ::= [41] SEQUENCE { -- Tag 'BF29' setNicknameResult INTEGER {ok(0), iccidNotFound (1), undefinedError(127)} } - + id-rsp-cert-objects OBJECT IDENTIFIER ::= { id-rsp cert-objects(2)} - + id-rspExt OBJECT IDENTIFIER ::= {id-rsp-cert-objects 0} - + id-rspRole OBJECT IDENTIFIER ::= {id-rsp-cert-objects 1} - + -- Definition of OIDs for role identification id-rspRole-ci OBJECT IDENTIFIER ::= {id-rspRole 0} id-rspRole-euicc OBJECT IDENTIFIER ::= {id-rspRole 1} @@ -456,7 +458,7 @@ id-rspRole-dp-auth OBJECT IDENTIFIER ::= {id-rspRole 4} id-rspRole-dp-pb OBJECT IDENTIFIER ::= {id-rspRole 5} id-rspRole-ds-tls OBJECT IDENTIFIER ::= {id-rspRole 6} id-rspRole-ds-auth OBJECT IDENTIFIER ::= {id-rspRole 7} - + --Definition of data objects for InitialiseSecureChannel Request InitialiseSecureChannelRequest ::= [35] SEQUENCE { -- Tag 'BF23' remoteOpId RemoteOpId, -- Remote Operation Type Identifier (value SHALL be set to installBoundProfilePackage) @@ -465,23 +467,23 @@ InitialiseSecureChannelRequest ::= [35] SEQUENCE { -- Tag 'BF23' smdpOtpk [APPLICATION 73] OCTET STRING, ---otPK.DP.ECKA as specified in GlobalPlatform Card Specification [8] section 6.4.2.3 for ePK.OCE.ECKA, tag '5F49' smdpSign [APPLICATION 55] OCTET STRING -- SM-DP's signature, tag '5F37' } - + ControlRefTemplate ::= SEQUENCE { -keyType[0] Octet1, -- Key type according to GlobalPlatform Card Specification [8] Table 11-16, AES= '88', Tag '80' -keyLen[1] Octet1, --Key length in number of bytes. For current specification key length SHALL by 0x10 bytes, Tag '81' -hostId[4] OctetTo16 -- Host ID value , Tag '84' + keyType[0] Octet1, -- Key type according to GlobalPlatform Card Specification [8] Table 11-16, AES= '88', Tag '80' + keyLen[1] Octet1, --Key length in number of bytes. For current specification key length SHALL by 0x10 bytes, Tag '81' + hostId[4] OctetTo16 -- Host ID value , Tag '84' } - + --Definition of data objects for ConfigureISDPRequest ConfigureISDPRequest ::= [36] SEQUENCE { -- Tag 'BF24' dpProprietaryData [24] DpProprietaryData OPTIONAL -- Tag 'B8' } - + DpProprietaryData ::= SEQUENCE { -- maximum size including tag and length field: 128 bytes dpOid OBJECT IDENTIFIER -- OID in the tree of the SM-DP+ that created the Profile - -- additional data objects defined by the SM-DP+ MAY follow +-- additional data objects defined by the SM-DP+ MAY follow } - + -- Definition of request message for command ReplaceSessionKeys ReplaceSessionKeysRequest ::= [38] SEQUENCE { -- tag 'BF26' /*The new initial MAC chaining value*/ @@ -491,7 +493,7 @@ ReplaceSessionKeysRequest ::= [38] SEQUENCE { -- tag 'BF26' /*New session key value of the session key C-MAC computation/verification (PPK-MAC)*/ ppkCmac OCTET STRING } - + -- Definition of data objects for RetrieveNotificationsList RetrieveNotificationsListRequest ::= [43] SEQUENCE { -- Tag 'BF2B' searchCriteria CHOICE { @@ -499,33 +501,33 @@ RetrieveNotificationsListRequest ::= [43] SEQUENCE { -- Tag 'BF2B' profileManagementOperation [1] NotificationEvent } OPTIONAL } - + RetrieveNotificationsListResponse ::= [43] CHOICE { -- Tag 'BF2B' notificationList SEQUENCE OF PendingNotification, notificationsListResultError INTEGER {noResultAvailable(1), undefinedError(127)} } - + PendingNotification ::= CHOICE { profileInstallationResult [55] ProfileInstallationResult, -- tag 'BF37' otherSignedNotification OtherSignedNotification } - + OtherSignedNotification ::= SEQUENCE { tbsOtherNotification NotificationMetadata, euiccNotificationSignature [APPLICATION 55] OCTET STRING, -- eUICC signature of tbsOtherNotification, Tag '5F37' euiccCertificate Certificate, -- eUICC Certificate (CERT.EUICC.ECDSA) signed by the EUM eumCertificate Certificate -- EUM Certificate (CERT.EUM.ECDSA) signed by the requested CI } - + -- Definition of notificationSent NotificationSentRequest ::= [48] SEQUENCE { -- Tag 'BF30' seqNumber [0] INTEGER } - + NotificationSentResponse ::= [48] SEQUENCE { -- Tag 'BF30' deleteNotificationStatus INTEGER {ok(0), nothingToDelete(1), undefinedError(127)} } - + -- Definition of Enable Profile -------------------------- EnableProfileRequest ::= [49] SEQUENCE { -- Tag 'BF31' profileIdentifier CHOICE { @@ -534,11 +536,11 @@ EnableProfileRequest ::= [49] SEQUENCE { -- Tag 'BF31' }, refreshFlag BOOLEAN -- indicating whether REFRESH is required } - + EnableProfileResponse ::= [49] SEQUENCE { -- Tag 'BF31' - enableResult INTEGER {ok(0), iccidOrAidNotFound (1), profileNotInDisabledState(2), disallowedByPolicy(3), wrongProfileReenabling(4), undefinedError(127)} + enableResult INTEGER {ok(0), iccidOrAidNotFound (1), profileNotInDisabledState(2), disallowedByPolicy(3), wrongProfileReenabling(4), catBusy(5), undefinedError(127)} } - + -- Definition of Disable Profile -------------------------- DisableProfileRequest ::= [50] SEQUENCE { -- Tag 'BF32' profileIdentifier CHOICE { @@ -547,21 +549,21 @@ DisableProfileRequest ::= [50] SEQUENCE { -- Tag 'BF32' }, refreshFlag BOOLEAN -- indicating whether REFRESH is required } - + DisableProfileResponse ::= [50] SEQUENCE { -- Tag 'BF32' - disableResult INTEGER {ok(0), iccidOrAidNotFound (1), profileNotInEnabledState(2), disallowedByPolicy(3), undefinedError(127)} + disableResult INTEGER {ok(0), iccidOrAidNotFound (1), profileNotInEnabledState(2), disallowedByPolicy(3), catBusy(5), undefinedError(127)} } - + -- Definition of Delete Profile -------------------------- DeleteProfileRequest ::= [51] CHOICE { -- Tag 'BF33' isdpAid [APPLICATION 15] OctetTo16, -- AID, tag '4F' iccid Iccid -- ICCID, tag '5A' } - + DeleteProfileResponse ::= [51] SEQUENCE { -- Tag 'BF33' deleteResult INTEGER {ok(0), iccidOrAidNotFound (1), profileNotInDisabledState(2), disallowedByPolicy(3), undefinedError(127)} } - + -- Definition of Memory Reset -------------------------- EuiccMemoryResetRequest ::= [52] SEQUENCE { -- Tag 'BF34' resetOptions [2] BIT STRING { @@ -569,70 +571,70 @@ EuiccMemoryResetRequest ::= [52] SEQUENCE { -- Tag 'BF34' deleteFieldLoadedTestProfiles(1), resetDefaultSmdpAddress(2)} } - + EuiccMemoryResetResponse ::= [52] SEQUENCE { -- Tag 'BF34' - resetResult INTEGER {ok(0), nothingToDelete(1), undefinedError(127)} + resetResult INTEGER {ok(0), nothingToDelete(1), catBusy(5), undefinedError(127)} } - + -- Definition of Get EID -------------------------- GetEuiccDataRequest ::= [62] SEQUENCE { -- Tag 'BF3E' tagList [APPLICATION 28] Octet1 -- tag '5C', the value SHALL be set to '5A' } - + GetEuiccDataResponse ::= [62] SEQUENCE { -- Tag 'BF3E' eidValue [APPLICATION 26] Octet16 -- tag '5A' } - + -- Definition of Get Rat - + GetRatRequest ::= [67] SEQUENCE { -- Tag ' BF43' -- No input data } - - + + GetRatResponse ::= [67] SEQUENCE { -- Tag 'BF43' rat RulesAuthorisationTable } - + RulesAuthorisationTable ::= SEQUENCE OF ProfilePolicyAuthorisationRule ProfilePolicyAuthorisationRule ::= SEQUENCE { pprIds PprIds, - allowedOperators SEQUENCE OF OperatorID, + allowedOperators SEQUENCE OF OperatorId, pprFlags BIT STRING {consentRequired(0)} } - + +-- Definition of data structure containing the list of CRL segments +SegmentedCrlList ::= SEQUENCE OF CertificateList -- Definition of data structure command for loading a CRL LoadCRLRequest ::= [53] SEQUENCE { -- Tag 'BF35' - -- A CRL-A + -- A CRL crl CertificateList } - + -- Definition of data structure response for loading a CRL LoadCRLResponse ::= [53] CHOICE { -- Tag 'BF35' loadCRLResponseOk LoadCRLResponseOk, loadCRLResponseError LoadCRLResponseError } - + LoadCRLResponseOk ::= SEQUENCE { - missingParts SEQUENCE OF SEQUENCE { - number INTEGER (0..MAX) - } OPTIONAL + missingParts SEQUENCE OF INTEGER OPTIONAL } -LoadCRLResponseError ::= INTEGER {invalidSignature(1), invalidCRLFormat(2), notEnoughMemorySpace(3), verificationKeyNotFound(4), undefinedError(127)} - +LoadCRLResponseError ::= INTEGER {invalidSignature(1), invalidCRLFormat(2), notEnoughMemorySpace(3), verificationKeyNotFound(4), fresherCrlAlreadyLoaded(5), baseCrlMissing(6), undefinedError(127)} + -- Definition of the extension for Certificate Expiration Date id-rsp-expDate OBJECT IDENTIFIER ::= {id-rspExt 1} ExpirationDate ::= Time - + -- Definition of the extension id for total partial-CRL number id-rsp-totalPartialCrlNumber OBJECT IDENTIFIER ::= {id-rspExt 2} TotalPartialCrlNumber ::= INTEGER - - + + -- Definition of the extension id for the partial-CRL number id-rsp-partialCrlNumber OBJECT IDENTIFIER ::= {id-rspExt 3} PartialCrlNumber ::= INTEGER - + -- Definition for ES9+ ASN.1 Binding -------------------------- RemoteProfileProvisioningRequest ::= [2] CHOICE { -- Tag 'A2' initiateAuthenticationRequest [57] InitiateAuthenticationRequest, -- Tag 'BF39' @@ -641,7 +643,7 @@ RemoteProfileProvisioningRequest ::= [2] CHOICE { -- Tag 'A2' cancelSessionRequestEs9 [65] CancelSessionRequestEs9, -- Tag 'BF41' handleNotification [61] HandleNotification -- tag 'BF3D' } - + RemoteProfileProvisioningResponse ::= [2] CHOICE { -- Tag 'A2' initiateAuthenticationResponse [57] InitiateAuthenticationResponse, -- Tag 'BF39' authenticateClientResponseEs9 [59] AuthenticateClientResponseEs9, -- Tag 'BF3B' @@ -649,13 +651,13 @@ RemoteProfileProvisioningResponse ::= [2] CHOICE { -- Tag 'A2' cancelSessionResponseEs9 [65] CancelSessionResponseEs9, -- Tag 'BF41' authenticateClientResponseEs11 [64] AuthenticateClientResponseEs11 -- Tag 'BF40' } - + InitiateAuthenticationRequest ::= [57] SEQUENCE { -- Tag 'BF39' euiccChallenge [1] Octet16, -- random eUICC challenge smdpAddress [3] UTF8String, euiccInfo1 EUICCInfo1 } - + InitiateAuthenticationResponse ::= [57] CHOICE { -- Tag 'BF39' initiateAuthenticationOk InitiateAuthenticationOkEs9, initiateAuthenticationError INTEGER { @@ -664,7 +666,7 @@ InitiateAuthenticationResponse ::= [57] CHOICE { -- Tag 'BF39' ciPKNotSupported(3) } } - + InitiateAuthenticationOkEs9 ::= SEQUENCE { transactionId [0] TransactionId, -- The TransactionID generated by the SM-DP+ serverSigned1 ServerSigned1, -- Signed information @@ -672,12 +674,12 @@ InitiateAuthenticationOkEs9 ::= SEQUENCE { euiccCiPKIdToBeUsed SubjectKeyIdentifier, -- The curve CI Public Key to be used as required by ES10b.AuthenticateServer serverCertificate Certificate } - + AuthenticateClientRequest ::= [59] SEQUENCE { -- Tag 'BF3B' transactionId [0] TransactionId, authenticateServerResponse [56] AuthenticateServerResponse -- This is the response from ES10b.AuthenticateServer } - + AuthenticateClientResponseEs9 ::= [59] CHOICE { -- Tag 'BF3B' authenticateClientOk AuthenticateClientOk, authenticateClientError INTEGER { @@ -691,21 +693,24 @@ AuthenticateClientResponseEs9 ::= [59] CHOICE { -- Tag 'BF3B' noEligibleProfile(8), ciPKUnknown(9), invalidTransactionId(10), + insufficientMemory(11), undefinedError(127) } } - + AuthenticateClientOk ::= SEQUENCE { transactionId [0] TransactionId, profileMetaData [37] StoreMetadataRequest, - prepareDownloadRequest [33] PrepareDownloadRequest + smdpSigned2 SmdpSigned2, -- Signed information + smdpSignature2 [APPLICATION 55] OCTET STRING, -- tag '5F37' + smdpCertificate Certificate -- CERT.DPpb.ECDSA } - + GetBoundProfilePackageRequest ::= [58] SEQUENCE { -- Tag 'BF3A' transactionId [0] TransactionId, prepareDownloadResponse [33] PrepareDownloadResponse } - + GetBoundProfilePackageResponse ::= [58] CHOICE { -- Tag 'BF3A' getBoundProfilePackageOk GetBoundProfilePackageOk, getBoundProfilePackageError INTEGER { @@ -713,25 +718,27 @@ GetBoundProfilePackageResponse ::= [58] CHOICE { -- Tag 'BF3A' confirmationCodeMissing(2), confirmationCodeRefused(3), confirmationCodeRetriesExceeded(4), + bppRebindingRefused(5), + downloadOrderExpired(6), invalidTransactionId(95), undefinedError(127) } } - + GetBoundProfilePackageOk ::= SEQUENCE { transactionId [0] TransactionId, boundProfilePackage [54] BoundProfilePackage } - + HandleNotification ::= [61] SEQUENCE { -- Tag 'BF3D' pendingNotification PendingNotification } - + CancelSessionRequestEs9 ::= [65] SEQUENCE { -- Tag 'BF41' transactionId TransactionId, cancelSessionResponse CancelSessionResponse -- data structure defined for ES10b.CancelSession function } - + CancelSessionResponseEs9 ::= [65] CHOICE { -- Tag 'BF41' cancelSessionOk CancelSessionOk, cancelSessionError INTEGER { @@ -740,45 +747,45 @@ CancelSessionResponseEs9 ::= [65] CHOICE { -- Tag 'BF41' undefinedError(127) } } - + CancelSessionOk ::= SEQUENCE { -- This function has no output data } - + EuiccConfiguredAddressesRequest ::= [60] SEQUENCE { -- Tag 'BF3C' } - + EuiccConfiguredAddressesResponse ::= [60] SEQUENCE { -- Tag 'BF3C' defaultDpAddress UTF8String OPTIONAL, -- Default SM-DP+ address as an FQDN rootDsAddress UTF8String -- Root SM-DS address as an FQDN } - -ISDRProprietaryApplicationTemplate ::= [PRIVATE 0] SEQUENCE { -- Tag 'E0' + +ISDRProprietaryApplicationTemplate ::= [PRIVATE 0] SEQUENCE { -- Tag 'E0' svn [2] VersionType, -- GSMA SGP.22 version supported (SVN) lpaeSupport BIT STRING { lpaeUsingCat(0), -- LPA in the eUICC using Card Application Toolkit lpaeUsingScws(1) -- LPA in the eUICC using Smartcard Web Server } OPTIONAL } - + LpaeActivationRequest ::= [66] SEQUENCE { -- Tag 'BF42' lpaeOption BIT STRING { activateCatBasedLpae(0), -- LPAe with LUIe based on CAT activateScwsBasedLpae(1) -- LPAe with LUIe based on SCWS } } - + LpaeActivationResponse ::= [66] SEQUENCE { -- Tag 'BF42' lpaeActivationResult INTEGER {ok(0), notSupported(1)} } - + SetDefaultDpAddressRequest ::= [63] SEQUENCE { -- Tag 'BF3F' defaultDpAddress UTF8String -- Default SM-DP+ address as an FQDN } - + SetDefaultDpAddressResponse ::= [63] SEQUENCE { -- Tag 'BF3F' setDefaultDpAddressResult INTEGER { ok (0), undefinedError (127)} } - + AuthenticateClientResponseEs11 ::= [64] CHOICE { -- Tag 'BF40' authenticateClientOk AuthenticateClientOkEs11, authenticateClientError INTEGER { @@ -792,15 +799,15 @@ AuthenticateClientResponseEs11 ::= [64] CHOICE { -- Tag 'BF40' undefinedError(127) } } - + AuthenticateClientOkEs11 ::= SEQUENCE { transactionId TransactionId, eventEntries SEQUENCE OF EventEntries } - + EventEntries ::= SEQUENCE { eventId UTF8String, rspServerAddress UTF8String } - + END \ No newline at end of file diff --git a/euicc/es10b.h b/euicc/es10b.h index aa57bd9..087c3db 100644 --- a/euicc/es10b.h +++ b/euicc/es10b.h @@ -50,6 +50,8 @@ enum es10b_cancel_session_reason ES10B_CANCEL_SESSION_REASON_POSTPONED = 1, ES10B_CANCEL_SESSION_REASON_TIMEOUT = 2, ES10B_CANCEL_SESSION_REASON_PPRNOTALLOWED = 3, + ES10B_CANCEL_SESSION_REASON_METADATAMISMATCH = 4, + ES10B_CANCEL_SESSION_REASON_LOADBPPEXECUTIONERROR = 5, ES10B_CANCEL_SESSION_REASON_UNDEFINED = 127 };