library: add SGP.32 and SGP.22 ASN.1 specification, encoder and templates
This patch adds the eUICC related SGP.32 and SGP.22 ASN.1 specification
along with templates and related encoder/decoders (_EncDec.cc).
The collection of templates is not comprehensive, which means that there
are only templates available for a subset needed to implement testcases
for an IPAd.
Related: SYS#6563
Change-Id: I9df8caa98aeb6953a738660a758c92249832d780
diff --git a/library/euicc/PEDefinitions.asn b/library/euicc/PEDefinitions.asn
new file mode 100644
index 0000000..38823df
--- /dev/null
+++ b/library/euicc/PEDefinitions.asn
@@ -0,0 +1,1128 @@
+PEDefinitions {joint-iso-itu-t(2) international-organizations(23) tca(143) euicc-profile(1) spec-version(1) version-three(3)}
+DEFINITIONS
+AUTOMATIC TAGS
+EXTENSIBILITY IMPLIED ::=
+BEGIN
+EXPORTS UICCCapability; -- Definition to be used in remote provisioning specifications for eligibility check
+
+-- Basic integer types, for size constraints
+maxUInt8 INTEGER ::= 255
+UInt8 ::= INTEGER (0..maxUInt8)
+maxUInt15 INTEGER ::= 32767
+UInt15 ::= INTEGER (0..maxUInt15)
+maxUInt16 INTEGER ::= 65535
+UInt16 ::= INTEGER (0..maxUInt16)
+maxUInt31 INTEGER ::= 2147483647
+UInt31 ::= INTEGER (0..maxUInt31)
+
+ApplicationIdentifier ::= OCTET STRING (SIZE(5..16))
+
+PEHeader ::= SEQUENCE {
+mandated NULL OPTIONAL,
+-- if set, indicate that the support of this PE is mandatory
+identification UInt15 -- Identification number of this PE
+}
+
+ProfileElement ::= CHOICE {
+ header ProfileHeader,
+
+/* PEs */
+ genericFileManagement PE-GenericFileManagement,
+ pinCodes PE-PINCodes,
+ pukCodes PE-PUKCodes,
+ akaParameter PE-AKAParameter,
+ cdmaParameter PE-CDMAParameter,
+ securityDomain PE-SecurityDomain,
+ rfm PE-RFM,
+ application PE-Application,
+ nonStandard PE-NonStandard,
+ end PE-End,
+ rfu1 PE-Dummy, -- this avoids renumbering of tag values
+ rfu2 PE-Dummy, -- in case other non-file-system PEs are
+ rfu3 PE-Dummy, -- added here in future versions
+ rfu4 PE-Dummy,
+ rfu5 PE-Dummy,
+
+/* PEs related to file system creation using templates defined in this specification */
+ mf PE-MF,
+ cd PE-CD,
+ telecom PE-TELECOM,
+ usim PE-USIM,
+ opt-usim PE-OPT-USIM,
+ isim PE-ISIM,
+ opt-isim PE-OPT-ISIM,
+ phonebook PE-PHONEBOOK,
+ gsm-access PE-GSM-ACCESS,
+ csim PE-CSIM,
+ opt-csim PE-OPT-CSIM,
+ eap PE-EAP,
+ df-5gs PE-DF-5GS,
+ df-saip PE-DF-SAIP,
+ df-snpn PE-DF-SNPN,
+ df-5gprose PE-DF-5GPROSE,
+ iot PE-IoT,
+ opt-iot PE-OPT-IoT,
+...
+}
+
+PE-Dummy ::= SEQUENCE {
+}
+
+ProfileHeader ::= SEQUENCE {
+major-version UInt8, -- set to 3 for this version of the specification
+minor-version UInt8, -- set to 3 for this version of the specification
+profileType UTF8String (SIZE (1..100)) OPTIONAL, -- Profile type
+iccid OCTET STRING (SIZE (10)), -- ICCID of the Profile
+pol OCTET STRING OPTIONAL,
+eUICC-Mandatory-services ServicesList,
+eUICC-Mandatory-GFSTEList SEQUENCE OF OBJECT IDENTIFIER,
+connectivityParameters OCTET STRING OPTIONAL,
+eUICC-Mandatory-AIDs SEQUENCE OF SEQUENCE {
+ aid ApplicationIdentifier,
+ version OCTET STRING (SIZE(2))
+} OPTIONAL,
+iotOptions IotOptions OPTIONAL -- details for IoT Minimal Profile, mandatory for IoT Minimal Profiles
+}
+
+IotOptions ::= SEQUENCE {
+pix OCTET STRING (SIZE (7..11)) -- PIX value to be used for IoT Minimal Profiles
+}
+
+ServicesList ::= SEQUENCE {
+/* Contactless */
+contactless NULL OPTIONAL,
+
+/* NAAs */
+usim NULL OPTIONAL,
+isim NULL OPTIONAL,
+csim NULL OPTIONAL,
+
+/* NAA algorithms */
+milenage NULL OPTIONAL,
+tuak128 NULL OPTIONAL,
+cave NULL OPTIONAL,
+
+/* USIM/ISIM services */
+gba-usim NULL OPTIONAL,
+gba-isim NULL OPTIONAL,
+mbms NULL OPTIONAL,
+
+/* EAP service */
+eap NULL OPTIONAL,
+
+/* Application Runtime environment */
+ javacard NULL OPTIONAL,
+ multos NULL OPTIONAL,
+
+/* NAAs */
+multiple-usim NULL OPTIONAL,
+multiple-isim NULL OPTIONAL,
+multiple-csim NULL OPTIONAL,
+
+/* Additional algorithms */
+tuak256 NULL OPTIONAL,
+usim-test-algorithm NULL OPTIONAL,
+
+/* File type */
+ber-tlv NULL OPTIONAL,
+
+/* Linked files */
+dfLink NULL OPTIONAL,
+
+/* Support of CAT_TP */
+cat-tp NULL OPTIONAL,
+
+/* Support of 5G */
+get-identity NULL OPTIONAL,
+profile-a-x25519 NULL OPTIONAL,
+profile-b-p256 NULL OPTIONAL,
+suciCalculatorApi NULL OPTIONAL,
+
+/* Support of DNS Resolution */
+dns-resolution NULL OPTIONAL,
+
+/* Support of GP Amd F SCP11 */
+scp11ac NULL OPTIONAL,
+scp11c-authorization-mechanism NULL OPTIONAL,
+
+/* Support of S16 mode as defined in GP Amd D and Amd F */
+s16mode NULL OPTIONAL,
+
+/* Support of enhanced AKA algorithm defined in 3GPP */
+eaka NULL OPTIONAL
+}
+
+-- Definition of UICCCapability
+UICCCapability ::= BIT STRING {
+ contactlessSupport(0), -- Contactless (SWP, HCI and associated APIs)
+ usimSupport(1), -- USIM as defined by 3GPP
+ isimSupport(2), -- ISIM as defined by 3GPP
+ csimSupport(3), -- CSIM as defined by 3GPP2
+
+ akaMilenage(4), -- Milenage as AKA algorithm
+ akaCave(5), -- CAVE as authentication algorithm
+ akaTuak128(6), -- TUAK as AKA algorithm with 128 bit key length
+ akaTuak256(7), -- TUAK as AKA algorithm with 256 bit key length
+ usimTestAlgorithm(8), -- USIM test algorithm
+ rfu2(9), -- reserved for further algorithms
+
+ gbaAuthenUsim(10), -- GBA authentication in the context of USIM
+ gbaAuthenISim(11), -- GBA authentication in the context of ISIM
+ mbmsAuthenUsim(12), -- MBMS authentication in the context of USIM
+ eapClient(13), -- EAP client
+
+ javacard(14), -- Java Card(TM) support
+ multos(15), -- Multos support
+
+ multipleUsimSupport(16), -- Multiple USIM applications are supported within the same Profile
+ multipleIsimSupport(17), -- Multiple ISIM applications are supported within the same Profile
+ multipleCsimSupport(18), -- Multiple CSIM applications are supported within the same Profile
+
+ berTlvFileSupport(19), -- BER TLV files
+ dfLinkSupport(20), -- Linked Directory Files
+ catTp(21), -- Support of CAT TP
+ getIdentity(22), -- Support of the GET IDENTITY command as defined in ETSI TS 102 221
+ profile-a-x25519(23), -- Support of ECIES Profile A as defined in 3GPP TS 33.501 [87]
+ profile-b-p256(24), -- Support of ECIES Profile B as defined in 3GPP TS 33.501 [87]
+ suciCalculatorApi(25), -- Support of the associated API for SUCI derivation as defined in 3GPP 31.130 [31.130]
+ dns-resolution(26), -- Support of DNS Resolution as defined by GP Amd B
+ scp11ac(27), -- Support of GP Amd F SCP11 variants a and c
+ scp11c-authorization-mechanism(28), -- Support of SCP11c authorization mechanism (Tag 'BF20')
+ s16mode(29), -- Support of S16 mode as defined in GP Amd D and Amd F
+ eaka(30), -- Support of enhanced AKA algorithm as defined in 3GPP TS [33.102]
+ iotminimal(31) -- Support of IoT Minimal Profile as described in section 7.5
+}
+
+ProprietaryInfo ::= SEQUENCE {
+ specialFileInformation [PRIVATE 0] OCTET STRING (SIZE (1)) DEFAULT '00'H,
+
+ /* fillPattern, repeatPattern
+ only one of the parameters may be present. Coding and rules defined within ETSI TS 102 222 [102 222] apply
+ */
+
+ fillPattern [PRIVATE 1] OCTET STRING (SIZE(1..200)) OPTIONAL,
+ repeatPattern [PRIVATE 2] OCTET STRING (SIZE(1..200)) OPTIONAL,
+ /* Specific parameters for BER-TLV files */
+ /* Shall be encoded on the minimum number of octets possible
+ (i.e. no leading bytes set to '00' are allowed)*/
+ maximumFileSize [6] OCTET STRING OPTIONAL,
+ fileDetails [4] OCTET STRING (SIZE(1)) DEFAULT '01'H
+}
+
+Fcp ::= SEQUENCE {
+ /* The fileDescriptor shall be encoded as defined in
+ ETSI TS 102 222 [102 222]
+ */
+ fileDescriptor [2] OCTET STRING (SIZE(2..4)) OPTIONAL,
+
+ /* fileID
+ For ADFs, the fileID is a temporary value (named temporary file ID
+ in this document) used only during the profile creation. It has to
+ be unique within a profile and is used for referencing files within
+ this ADF using the file path.
+ */
+ fileID [3] OCTET STRING (SIZE(2)) OPTIONAL,
+
+ /* dfName
+ Only applies for ADFs
+ */
+ dfName [4] ApplicationIdentifier OPTIONAL,
+
+ /* lcsi
+ Coding according to ETSI TS 102 222 [102 222]
+ */
+ lcsi [10] OCTET STRING (SIZE (1)) DEFAULT '05'H,
+
+ /* securityAttributesReferenced
+ Either containing EF ARR ID[2] + record number[1] or
+ record number[1] only and EF ARR ID implicitly known from the
+ context: File ID 2F06 is automatically applied for ADFs,
+ the MF and all files directly located under the MF
+ '6F06' for any other files
+ */
+ securityAttributesReferenced [11] OCTET STRING (SIZE (1..3)) OPTIONAL,
+
+ /* efFileSize
+ Mandatory for EF file types
+ Not allowed for DF files and EF link files
+ Shall be encoded on the minimum number of octets possible
+ (i.e. no leading bytes set to '00' are allowed)
+ */
+ efFileSize [0] OCTET STRING OPTIONAL,
+
+ /* pinStatusTemplateDO
+ Not allowed for EF files
+ Mandatory for DF/ADF files
+ */
+ pinStatusTemplateDO [PRIVATE 6] OCTET STRING OPTIONAL,
+
+ /* shortEFID
+ Not allowed for DF files
+ Optional for EF file types / equivalent to ETSI TS 102 222
+ shortEFID not provided: in case of a template file, SFI
+ is set according to Annex A. For files created
+ by using GenericFileManagement, SFI is calculated from FID
+ shortEFID provided with no value: no SFI is supported
+ for this EF
+ shortEFID available with a length of 1 byte:
+ The Short File Identifier is coded from bits b8 to b4.
+ Bits b3,b2,b1 = 000.
+ */
+ shortEFID [8] OCTET STRING (SIZE (0..1)) OPTIONAL,
+
+ /* proprietaryEFInfo
+ Optional for EF file types
+ Not allowed for DF files
+ */
+ proprietaryEFInfo [5] ProprietaryInfo OPTIONAL,
+
+ /* linkPath
+ Specifies the path to the file to which shall be linked,
+ also valid for DFs. Files within ADFs are addressed
+ by the temporary file ID of the respective ADF. For the coding
+ see filePath. In case of a template link file, an empty linkPath indicates that the link file shall be turned into an independent file.
+ */
+ linkPath [PRIVATE 7] OCTET STRING (SIZE (0..8)) OPTIONAL
+}
+
+File ::= SEQUENCE OF CHOICE {
+ doNotCreate NULL, /* Indicates that this file shall not be created by the eUICC even if present in a PE referencing a "Created by Default" template.
+This flag has no effect for the creation of files in the MF and shall not be used for all the files listed in a "Not Created by Default" template*/
+ fileDescriptor Fcp,
+ fillFileOffset UInt16,
+ fillFileContent OCTET STRING
+}
+
+PE-MF ::= SEQUENCE {
+mf-header PEHeader,
+templateID OBJECT IDENTIFIER,
+mf File,
+ef-pl File OPTIONAL,
+ef-iccid File,
+ef-dir File,
+ef-arr File,
+ef-umpc File OPTIONAL
+}
+
+PE-CD ::= SEQUENCE {
+cd-header PEHeader,
+templateID OBJECT IDENTIFIER,
+df-cd File,
+ef-launchpad File OPTIONAL,
+ef-icon File OPTIONAL
+}
+
+PE-TELECOM ::= SEQUENCE {
+telecom-header PEHeader,
+templateID OBJECT IDENTIFIER,
+df-telecom File,
+ef-arr File OPTIONAL,
+ef-rma File OPTIONAL,
+ef-sume File OPTIONAL,
+ef-ice-dn File OPTIONAL,
+ef-ice-ff File OPTIONAL,
+ef-psismsc File OPTIONAL,
+df-graphics File OPTIONAL,
+ ef-img File OPTIONAL,
+ ef-iidf File OPTIONAL,
+ ef-ice-graphics File OPTIONAL,
+ ef-launch-scws File OPTIONAL,
+ ef-icon File OPTIONAL,
+df-phonebook File OPTIONAL,
+ ef-pbr File OPTIONAL,
+ ef-ext1 File OPTIONAL,
+ ef-aas File OPTIONAL,
+ ef-gas File OPTIONAL,
+ ef-psc File OPTIONAL,
+ ef-cc File OPTIONAL,
+ ef-puid File OPTIONAL,
+ ef-iap File OPTIONAL,
+ ef-adn File OPTIONAL,
+ ef-pbc File OPTIONAL,
+ ef-anr File OPTIONAL,
+ ef-puri File OPTIONAL,
+ ef-email File OPTIONAL,
+ ef-sne File OPTIONAL,
+ ef-uid File OPTIONAL,
+ ef-grp File OPTIONAL,
+ ef-ccp1 File OPTIONAL,
+df-multimedia File OPTIONAL,
+ ef-mml File OPTIONAL,
+ ef-mmdf File OPTIONAL,
+df-mmss File OPTIONAL,
+ ef-mlpl File OPTIONAL,
+ ef-mspl File OPTIONAL,
+ ef-mmssmode File OPTIONAL,
+df-mcs File OPTIONAL,
+ ef-mst File OPTIONAL,
+ ef-mcs-config File OPTIONAL,
+df-v2x File OPTIONAL,
+ ef-vst File OPTIONAL,
+ ef-v2x-config File OPTIONAL,
+ ef-v2xp-pc5 File OPTIONAL,
+ ef-v2xp-Uu File OPTIONAL
+}
+
+PE-USIM ::= SEQUENCE {
+usim-header PEHeader,
+templateID OBJECT IDENTIFIER,
+adf-usim File,
+ef-imsi File,
+ef-arr File,
+ef-keys File OPTIONAL,
+ef-keysPS File OPTIONAL,
+ef-hpplmn File OPTIONAL,
+ef-ust File, /* The content of UST file shall be modified by the eUICC during profile installation according to the functionality supported by the eUICC platform i.e. in the case where a service is not supported (and not indicated as required) the related bit(s) will be set to zero */
+ef-fdn File OPTIONAL,
+ef-sms File OPTIONAL,
+ef-smsp File OPTIONAL,
+ef-smss File OPTIONAL,
+ef-spn File,
+ef-est File,
+ef-start-hfn File OPTIONAL,
+ef-threshold File OPTIONAL,
+ef-psloci File OPTIONAL,
+ef-acc File,
+ef-fplmn File OPTIONAL,
+ef-loci File OPTIONAL,
+ef-ad File OPTIONAL,
+ef-ecc File,
+ef-netpar File OPTIONAL,
+ef-epsloci File OPTIONAL,
+ef-epsnsc File OPTIONAL
+}
+
+PE-OPT-USIM ::= SEQUENCE {
+optusim-header PEHeader,
+templateID OBJECT IDENTIFIER,
+ef-li File OPTIONAL,
+ef-acmax File OPTIONAL,
+ef-acm File OPTIONAL,
+ef-gid1 File OPTIONAL,
+ef-gid2 File OPTIONAL,
+ef-msisdn File OPTIONAL,
+ef-puct File OPTIONAL,
+ef-cbmi File OPTIONAL,
+ef-cbmid File OPTIONAL,
+ef-sdn File OPTIONAL,
+ef-ext2 File OPTIONAL,
+ef-ext3 File OPTIONAL,
+ef-cbmir File OPTIONAL,
+ef-plmnwact File OPTIONAL,
+ef-oplmnwact File OPTIONAL,
+ef-hplmnwact File OPTIONAL,
+ef-dck File OPTIONAL,
+ef-cnl File OPTIONAL,
+ef-smsr File OPTIONAL,
+ef-bdn File OPTIONAL,
+ef-ext5 File OPTIONAL,
+ef-ccp2 File OPTIONAL,
+ef-ext4 File OPTIONAL,
+ef-acl File OPTIONAL,
+ef-cmi File OPTIONAL,
+ef-ici File OPTIONAL,
+ef-oci File OPTIONAL,
+ef-ict File OPTIONAL,
+ef-oct File OPTIONAL,
+ef-vgcs File OPTIONAL,
+ef-vgcss File OPTIONAL,
+ef-vbs File OPTIONAL,
+ef-vbss File OPTIONAL,
+ef-emlpp File OPTIONAL,
+ef-aaem File OPTIONAL,
+ef-hiddenkey File OPTIONAL,
+ef-pnn File OPTIONAL,
+ef-opl File OPTIONAL,
+ef-mbdn File OPTIONAL,
+ef-ext6 File OPTIONAL,
+ef-mbi File OPTIONAL,
+ef-mwis File OPTIONAL,
+ef-cfis File OPTIONAL,
+ef-ext7 File OPTIONAL,
+ef-spdi File OPTIONAL,
+ef-mmsn File OPTIONAL,
+ef-ext8 File OPTIONAL,
+ef-mmsicp File OPTIONAL,
+ef-mmsup File OPTIONAL,
+ef-mmsucp File OPTIONAL,
+ef-nia File OPTIONAL,
+ef-vgcsca File OPTIONAL,
+ef-vbsca File OPTIONAL,
+ef-gbabp File OPTIONAL,
+ef-msk File OPTIONAL,
+ef-muk File OPTIONAL,
+ef-ehplmn File OPTIONAL,
+ef-gbanl File OPTIONAL,
+ef-ehplmnpi File OPTIONAL,
+ef-lrplmnsi File OPTIONAL,
+ef-nafkca File OPTIONAL,
+ef-spni File OPTIONAL,
+ef-pnni File OPTIONAL,
+ef-ncp-ip File OPTIONAL,
+ef-ufc File OPTIONAL,
+ef-nasconfig File OPTIONAL,
+ef-uicciari File OPTIONAL,
+ef-pws File OPTIONAL,
+ef-fdnuri File OPTIONAL,
+ef-bdnuri File OPTIONAL,
+ef-sdnuri File OPTIONAL,
+ef-ial File OPTIONAL, -- This file was known as ef-iwl in Version 3.2 and earlier of this specification
+ef-ips File OPTIONAL,
+ef-ipd File OPTIONAL,
+ef-epdgid File OPTIONAL,
+ef-epdgselection File OPTIONAL,
+ef-epdgidem File OPTIONAL,
+ef-epdgselectionem File OPTIONAL,
+ef-frompreferred File OPTIONAL,
+ef-imsconfigdata File OPTIONAL,
+ef-3gpppsdataoff File OPTIONAL,
+ef-3gpppsdataoffservicelist File OPTIONAL,
+ef-xcapconfigdata File OPTIONAL,
+ef-earfcnlist File OPTIONAL,
+ef-mudmidconfigdata File OPTIONAL,
+ef-eaka File OPTIONAL
+}
+
+PE-PHONEBOOK ::= SEQUENCE {
+phonebook-header PEHeader,
+templateID OBJECT IDENTIFIER,
+df-phonebook File,
+ef-pbr File OPTIONAL,
+ef-ext1 File OPTIONAL,
+ef-aas File OPTIONAL,
+ef-gas File OPTIONAL,
+ef-psc File OPTIONAL,
+ef-cc File OPTIONAL,
+ef-puid File OPTIONAL,
+ef-iap File OPTIONAL,
+ef-adn File OPTIONAL,
+ef-pbc File OPTIONAL,
+ef-anr File OPTIONAL,
+ef-puri File OPTIONAL,
+ef-email File OPTIONAL,
+ef-sne File OPTIONAL,
+ef-uid File OPTIONAL,
+ef-grp File OPTIONAL,
+ef-ccp1 File OPTIONAL
+}
+
+PE-GSM-ACCESS ::= SEQUENCE {
+gsm-access-header PEHeader,
+templateID OBJECT IDENTIFIER,
+df-gsm-access File,
+ef-kc File OPTIONAL,
+ef-kcgprs File OPTIONAL,
+ef-cpbcch File OPTIONAL,
+ef-invscan File OPTIONAL
+}
+
+PE-DF-5GS ::= SEQUENCE {
+df-5gs-header PEHeader,
+templateID OBJECT IDENTIFIER,
+df-df-5gs File,
+ef-5gs3gpploci File OPTIONAL,
+ef-5gsn3gpploci File OPTIONAL,
+ef-5gs3gppnsc File OPTIONAL,
+ef-5gsn3gppnsc File OPTIONAL,
+ef-5gauthkeys File OPTIONAL,
+ef-uac-aic File OPTIONAL,
+ef-suci-calc-info File OPTIONAL,
+ef-opl5g File OPTIONAL,
+ef-supinai File OPTIONAL,
+ef-routing-indicator File OPTIONAL,
+ef-ursp File OPTIONAL,
+ef-tn3gppsnn File OPTIONAL,
+ef-cag File OPTIONAL,
+ef-sor-cmci File OPTIONAL,
+ef-dri File OPTIONAL,
+ef-5gsedrx File OPTIONAL,
+ef-5gnswo-conf File OPTIONAL,
+ef-mchpplmn File OPTIONAL,
+ef-kausf-derivation File OPTIONAL
+}
+
+PE-DF-SAIP ::= SEQUENCE {
+df-saip-header PEHeader,
+templateID OBJECT IDENTIFIER,
+df-df-saip File,
+ef-suci-calc-info-usim File OPTIONAL
+}
+
+PE-DF-SNPN ::= SEQUENCE {
+df-snpn-header PEHeader,
+templateID OBJECT IDENTIFIER,
+df-df-snpn File,
+ef-pws-snpn File OPTIONAL
+}
+
+PE-DF-5GPROSE ::= SEQUENCE {
+df-5g-prose-header PEHeader,
+templateID OBJECT IDENTIFIER,
+df-df-5g-prose File,
+ef-5g-prose-st File OPTIONAL,
+ef-5g-prose-dd File OPTIONAL,
+ef-5g-prose-dc File OPTIONAL,
+ef-5g-prose-u2nru File OPTIONAL,
+ef-5g-prose-ru File OPTIONAL,
+ef-5g-prose-uir File OPTIONAL
+}
+
+PE-ISIM ::= SEQUENCE {
+isim-header PEHeader,
+templateID OBJECT IDENTIFIER,
+adf-isim File,
+ef-impi File,
+ef-impu File,
+ef-domain File,
+ef-ist File, /* The content of IST file shall be modified by the eUICC during profile installation according to the functionality supported by the eUICC platform i.e. in the case where a service is not supported (and not indicated as required) the related bit(s) will be set to zero */
+ef-ad File OPTIONAL,
+ef-arr File
+}
+
+PE-OPT-ISIM ::= SEQUENCE {
+optisim-header PEHeader,
+templateID OBJECT IDENTIFIER,
+ef-pcscf File OPTIONAL,
+ef-sms File OPTIONAL,
+ef-smsp File OPTIONAL,
+ef-smss File OPTIONAL,
+ef-smsr File OPTIONAL,
+ef-gbabp File OPTIONAL,
+ef-gbanl File OPTIONAL,
+ef-nafkca File OPTIONAL,
+ef-uicciari File OPTIONAL,
+ef-frompreferred File OPTIONAL,
+ef-imsconfigdata File OPTIONAL,
+ef-xcapconfigdata File OPTIONAL,
+ef-webrtcuri File OPTIONAL,
+ef-mudmidconfigdata File OPTIONAL
+}
+
+PE-CSIM ::= SEQUENCE {
+csim-header PEHeader,
+templateID OBJECT IDENTIFIER,
+adf-csim File,
+ef-arr File,
+ef-call-count File,
+ef-imsi-m File,
+ef-imsi-t File,
+ef-tmsi File,
+ef-ah File,
+ef-aop File,
+ef-aloc File,
+ef-cdmahome File,
+ef-znregi File,
+ef-snregi File,
+ef-distregi File,
+ef-accolc File,
+ef-term File,
+ef-acp File,
+ef-prl File,
+ef-ruimid File,
+ef-csim-st File,
+ef-spc File,
+ef-otapaspc File,
+ef-namlock File,
+ef-ota File,
+ef-sp File,
+ef-esn-meid-me File,
+ef-li File,
+ef-usgind File,
+ef-ad File,
+ef-max-prl File,
+ef-spcs File,
+ef-mecrp File,
+ef-home-tag File,
+ef-group-tag File,
+ef-specific-tag File,
+ef-call-prompt File
+}
+
+PE-OPT-CSIM ::= SEQUENCE {
+optcsim-header PEHeader,
+templateID OBJECT IDENTIFIER,
+ef-ssci File OPTIONAL,
+ef-fdn File OPTIONAL,
+ef-sms File OPTIONAL,
+ef-smsp File OPTIONAL,
+ef-smss File OPTIONAL,
+ef-ssfc File OPTIONAL,
+ef-spn File OPTIONAL,
+ef-mdn File OPTIONAL,
+ef-ecc File OPTIONAL,
+ef-me3gpdopc File OPTIONAL,
+ef-3gpdopm File OPTIONAL,
+ef-sipcap File OPTIONAL,
+ef-mipcap File OPTIONAL,
+ef-sipupp File OPTIONAL,
+ef-mipupp File OPTIONAL,
+ef-sipsp File OPTIONAL,
+ef-mipsp File OPTIONAL,
+ef-sippapss File OPTIONAL,
+ef-puzl File OPTIONAL,
+ef-maxpuzl File OPTIONAL,
+ef-hrpdcap File OPTIONAL,
+ef-hrpdupp File OPTIONAL,
+ef-csspr File OPTIONAL,
+ef-atc File OPTIONAL,
+ef-eprl File OPTIONAL,
+ef-bcsmscfg File OPTIONAL,
+ef-bcsmspref File OPTIONAL,
+ef-bcsmstable File OPTIONAL,
+ef-bcsmsp File OPTIONAL,
+ef-bakpara File OPTIONAL,
+ef-upbakpara File OPTIONAL,
+ef-mmsn File OPTIONAL,
+ef-ext8 File OPTIONAL,
+ef-mmsicp File OPTIONAL,
+ef-mmsup File OPTIONAL,
+ef-mmsucp File OPTIONAL,
+ef-auth-capability File OPTIONAL,
+ef-3gcik File OPTIONAL,
+ef-dck File OPTIONAL,
+ef-gid1 File OPTIONAL,
+ef-gid2 File OPTIONAL,
+ef-cdmacnl File OPTIONAL,
+ef-sf-euimid File OPTIONAL,
+ef-est File OPTIONAL,
+ef-hidden-key File OPTIONAL,
+ef-lcsver File OPTIONAL,
+ef-lcscp File OPTIONAL,
+ef-sdn File OPTIONAL,
+ef-ext2 File OPTIONAL,
+ef-ext3 File OPTIONAL,
+ef-ici File OPTIONAL,
+ef-oci File OPTIONAL,
+ef-ext5 File OPTIONAL,
+ef-ccp2 File OPTIONAL,
+ef-applabels File OPTIONAL,
+ef-model File OPTIONAL,
+ef-rc File OPTIONAL,
+ef-smscap File OPTIONAL,
+ef-mipflags File OPTIONAL,
+ef-3gpduppext File OPTIONAL,
+ef-ipv6cap File OPTIONAL,
+ef-tcpconfig File OPTIONAL,
+ef-dgc File OPTIONAL,
+ef-wapbrowsercp File OPTIONAL,
+ef-wapbrowserbm File OPTIONAL,
+ef-mmsconfig File OPTIONAL,
+ef-jdl File OPTIONAL
+}
+
+PE-EAP ::= SEQUENCE {
+eap-header PEHeader,
+templateID OBJECT IDENTIFIER,
+df-eap File,
+ef-eapkeys File OPTIONAL,
+ef-eapstatus File,
+ef-puid File OPTIONAL,
+ef-ps File OPTIONAL,
+ef-curid File OPTIONAL,
+ef-reid File OPTIONAL,
+ef-realm File OPTIONAL
+}
+
+PE-IoT ::= SEQUENCE {
+iot-header PEHeader,
+templateID OBJECT IDENTIFIER,
+mf File OPTIONAL,
+ef-pl File OPTIONAL,
+ef-iccid File OPTIONAL,
+ef-dir File OPTIONAL,
+ef-arr File OPTIONAL,
+ef-umpc File OPTIONAL,
+adf-usim File OPTIONAL,
+ef-imsi File,
+ef-arr-usim File OPTIONAL,
+ef-keys File OPTIONAL,
+ef-keysPS File OPTIONAL,
+ef-hpplmn File OPTIONAL,
+ef-ust File OPTIONAL,
+ef-start-hfn File OPTIONAL,
+ef-threshold File OPTIONAL,
+ef-psloci File OPTIONAL,
+ef-acc File,
+ef-fplmn File OPTIONAL,
+ef-loci File OPTIONAL,
+ef-ad File OPTIONAL,
+ef-ecc File OPTIONAL,
+ef-netpar File OPTIONAL
+}
+
+PE-OPT-IoT ::= SEQUENCE {
+optiot-header PEHeader,
+templateID OBJECT IDENTIFIER,
+ef-fdn File OPTIONAL,
+ef-sms File OPTIONAL,
+ef-smsp File OPTIONAL,
+ef-smss File OPTIONAL,
+ef-spn File OPTIONAL,
+ef-est File OPTIONAL,
+ef-oplmnwact File OPTIONAL,
+ef-hplmnwact File OPTIONAL,
+ef-ehplmn File OPTIONAL,
+ef-epsloci File OPTIONAL,
+ef-epsnsc File OPTIONAL,
+df-df-5gs File OPTIONAL,
+ef-5gs3gpploci File OPTIONAL,
+ef-5gsn3gpploci File OPTIONAL,
+ef-5gs3gppnsc File OPTIONAL,
+ef-5gsn3gppnsc File OPTIONAL,
+ef-5gauthkeys File OPTIONAL,
+ef-uac-aic File OPTIONAL,
+ef-suci-calc-info File OPTIONAL,
+ef-opl5g File OPTIONAL,
+ef-supi-nai File OPTIONAL,
+ef-routing-indicator File OPTIONAL,
+ef-ursp File OPTIONAL,
+ef-tn3gppsnn File OPTIONAL,
+df-df-saip File OPTIONAL,
+ef-suci-calc-info-usim File OPTIONAL
+}
+
+/* Create GenericFileManagement
+*/
+PE-GenericFileManagement ::= SEQUENCE {
+ gfm-header PEHeader,
+ fileManagementCMD SEQUENCE (SIZE (1..MAX)) OF FileManagement
+}
+
+FileManagement ::= SEQUENCE (SIZE (1..MAX)) OF CHOICE {
+filePath [0] OCTET STRING (SIZE (0..8)), -- Use Temporary File ID for ADF
+createFCP [APPLICATION 2] Fcp,
+fillFileOffset UInt16,
+fillFileContent [1] OCTET STRING
+}
+
+MappingParameter ::= SEQUENCE {
+mappingOptions OCTET STRING (SIZE(1)),
+ mappingSource ApplicationIdentifier
+}
+
+AlgoParameter ::= SEQUENCE {
+algorithmID INTEGER {
+ milenage(1),
+ tuak(2),
+ usim-test-algorithm(3)
+},
+algorithmOptions OCTET STRING (SIZE(1)),
+key OCTET STRING,
+opc OCTET STRING, /* OPc for Milenage; TOPc for TUAK; ignored in case of usim-test-algorithm */
+
+/* rotationConstants only apply for Milenage; ignored in case of TUAK and usim-test-algorithm */
+ rotationConstants OCTET STRING (SIZE (5)) DEFAULT '4000204060'H,
+
+/* xoringConstants only apply for Milenage; ignored in case of TUAK and usim-test-algorithm */
+xoringConstants OCTET STRING (SIZE (80)) DEFAULT '0000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000020000000000000000000000000000000400000000000000000000000000000008'H,
+authCounterMax OCTET STRING (SIZE(3)) OPTIONAL, /* ignored in case of usim-test-algorithm */
+
+/* Number of iterations of Keccak-f[1600] (noted: ) permutation as recommended by 3GPP TS 35.231 [TUAK] in section 7.2.
+This parameter only applies for TUAK; ignored otherwise.*/
+numberOfKeccak UInt8 DEFAULT 1
+}
+
+PE-AKAParameter ::= SEQUENCE {
+ aka-header PEHeader,
+algoConfiguration CHOICE {
+ mappingParameter MappingParameter,
+ algoParameter AlgoParameter
+},
+
+sqnOptions OCTET STRING (SIZE(1)) DEFAULT '02'H, /* ignored in case of usim-test-algorithm */
+-- maximum value for sqnDelta and sqnAgeLimit is '07FFFFFFFFFF'H
+sqnDelta OCTET STRING (SIZE(6)) DEFAULT '000010000000'H, /* ignored in case of usim-test-algorithm */
+sqnAgeLimit OCTET STRING (SIZE(6)) DEFAULT '000010000000'H, /* ignored in case of usim-test-algorithm */
+
+-- Sequence numbers do not include the index (IND)
+-- maximum for any values within sqnInit is '07FFFFFFFFFF'H
+sqnInit SEQUENCE (SIZE (32)) OF OCTET STRING (SIZE (6)) DEFAULT {
+/* Index 0 */'000000000000'H, '000000000000'H, '000000000000'H, '000000000000'H,'000000000000'H, '000000000000'H, '000000000000'H, '000000000000'H, '000000000000'H, '000000000000'H, '000000000000'H, '000000000000'H,'000000000000'H, '000000000000'H, '000000000000'H, '000000000000'H, '000000000000'H, '000000000000'H, '000000000000'H, '000000000000'H,'000000000000'H, '000000000000'H, '000000000000'H, '000000000000'H, '000000000000'H, '000000000000'H, '000000000000'H, '000000000000'H,'000000000000'H, '000000000000'H, '000000000000'H,
+/* Index 31 */'000000000000'H } /* ignored in case of usim-test-algorithm */
+}
+
+PE-CDMAParameter ::= SEQUENCE {
+ cdma-header PEHeader,
+
+/* A-Key for CAVE Authentication */
+authenticationKey OCTET STRING (SIZE(8)),
+
+/*
+Optional value for ssd
+Bytes 1..8: value if shared secret data A
+Bytes 9..16: value if shared secret data B
+*/
+ssd OCTET STRING (SIZE (16)) OPTIONAL,
+
+/*
+ Shared Secrets for HRPD access authentication
+ Includes the shared secret data. This field is coded as defined in section 4.5.7.10 HRPD Access Authentication CHAP SS Parameters of [S0016].
+*/
+hrpdAccessAuthenticationData OCTET STRING (SIZE (2..32)) OPTIONAL,
+
+/*
+ Parameters for simple IP authentication are coded as defined in section 4.5.7.7 SimpleIP CHAP SS Parameters of [S0016].
+*/
+simpleIPAuthenticationData OCTET STRING (SIZE (3..483)) OPTIONAL,
+
+/*
+ Parameters for mobile IP authentication are coded as defined in section 4.5.7.8 MobileIP SS Parameters of [S0016].
+*/
+mobileIPAuthenticationData OCTET STRING (SIZE (5..957)) OPTIONAL
+}
+
+PINKeyReferenceValue ::= INTEGER {
+pinAppl1(1), -- PIN global of App 1
+pinAppl2(2), -- PIN global of App 2
+pinAppl3(3), -- PIN global of App 3
+pinAppl4(4), -- PIN global of App 4
+pinAppl5(5), -- PIN global of App 5
+pinAppl6(6), -- PIN global of App 6
+pinAppl7(7), -- PIN global of App 7
+pinAppl8(8), -- PIN global of App 8
+adm1(10), -- Administrative Key 1
+adm2(11), -- Administrative Key 2
+adm3(12), -- Administrative Key 3
+adm4(13), -- Administrative Key 4
+adm5(14), -- Administrative Key 5
+secondPINAppl1(129), -- PIN local of App 1
+secondPINAppl2(130), -- PIN local of App 2
+secondPINAppl3(131), -- PIN local of App 3
+secondPINAppl4(132), -- PIN local of App 4
+secondPINAppl5(133), -- PIN local of App 5
+secondPINAppl6(134), -- PIN local of App 6
+secondPINAppl7(135), -- PIN local of App 7
+secondPINAppl8(136), -- PIN local of App 8
+adm6(138), -- Administrative Key 6
+adm7(139), -- Administrative Key 7
+adm8(140), -- Administrative Key 8
+adm9(141), -- Administrative Key 9
+adm10(142) -- Administrative Key 10
+}
+
+PINConfiguration ::= SEQUENCE {
+/*
+For every value defined in PINKeyReferenceValue only one entry may be included per PE-PINCodes.
+Within the PE-PINCodes sent in the context of the MF only global PIN key references shall be used. For PINs in any ADF/DF only local PINs shall be defined: secondPINAppl1 secondPINAppl8. It is allowed to define the same PINKeyReferenceValue in multiple directories (e.g. secondPINAppl1 may be defined in the ISIM NAA and within the USIM NAA). Provided they are not linked they shall be handled as two independent PIN values which also may reference different PUK references.
+*/
+ keyReference PINKeyReferenceValue,
+ pinValue OCTET STRING (SIZE (8)),
+/*
+In case no unblockingPINReference is set, no PUK applies for the corresponding PIN.
+In case a PUKKeyReferenceValue is defined the related PUKKeyReferenceValue shall exist within the PE-PUKCodes list.
+Any value defined in PUKKeyReferenceValue may be applied for any PINKeyReferenceValue.
+*/
+ unblockingPINReference PUKKeyReferenceValue OPTIONAL,
+ pinAttributes UInt8 DEFAULT 7,
+ maxNumOfAttemps-retryNumLeft UInt8 DEFAULT 51
+/* maxNumOfAttemps-retryNumLeft is encoded as follows: max Number of Attempts is encoded in the high nibble of this value (Bits b8 to b5) and the Number of retry left is encoded in the low nibble of this value (Bits b4 to b1)*/
+}
+
+PE-PINCodes ::= SEQUENCE {
+ pin-Header PEHeader,
+pinCodes CHOICE {
+ pinconfig SEQUENCE (SIZE (1..26))OF PINConfiguration,
+ filePath OCTET STRING (SIZE (0..8)) /* temporary File ID for ADF, coding according to section 8.3.5 */
+}
+/* PIN can be either defined in the current context or shared
+ with another DF/ADF
+ Up to 26 PIN could be defined according to TS 102 221 [102 221]
+*/
+}
+
+PUKKeyReferenceValue ::= INTEGER {
+pukAppl1(1), -- PUK Reference 1
+pukAppl2(2), -- PUK Reference 2
+pukAppl3(3), -- PUK Reference 3
+pukAppl4(4), -- PUK Reference 4
+pukAppl5(5), -- PUK Reference 5
+pukAppl6(6), -- PUK Reference 6
+pukAppl7(7), -- PUK Reference 7
+pukAppl8(8), -- PUK Reference 8
+secondPUKAppl1(129), -- PUK Reference 9
+secondPUKAppl2(130), -- PUK Reference 10
+secondPUKAppl3(131), -- PUK Reference 11
+secondPUKAppl4(132), -- PUK Reference 12
+secondPUKAppl5(133), -- PUK Reference 13
+secondPUKAppl6(134), -- PUK Reference 14
+secondPUKAppl7(135), -- PUK Reference 15
+secondPUKAppl8(136) -- PUK Reference 16
+}
+
+PUKConfiguration ::= SEQUENCE {
+/*
+Any PUKKeyReferenceValue shall only be defined once within PE-PUKCodes.
+*/
+ keyReference PUKKeyReferenceValue,
+ pukValue OCTET STRING (SIZE (8)),
+ maxNumOfAttemps-retryNumLeft UInt8 DEFAULT 170
+/* maxNumOfAttemps-retryNumLeft is encoded as follows: max Number of Attempts is encoded in the high nibble of this value (Bits b8 to b5) and the Number of retry left is encoded in the low nibble of this value (Bits b4 to b1)*/
+}
+
+PE-PUKCodes ::= SEQUENCE {
+ puk-Header PEHeader,
+pukCodes SEQUENCE (SIZE (1..16))OF PUKConfiguration
+}
+
+PE-SecurityDomain ::= SEQUENCE {
+ sd-Header PEHeader,
+instance ApplicationInstance, -- see section 8.7.3
+keyList SEQUENCE (SIZE (1..MAX)) OF KeyObject OPTIONAL, -- see section 8.6.3
+sdPersoData SEQUENCE (SIZE (1..MAX)) OF OCTET STRING OPTIONAL, /* see section 8.6.4 */
+openPersoData SEQUENCE {
+ restrictParameter [PRIVATE 25] OCTET STRING (SIZE(1)) OPTIONAL,
+ contactlessProtocolParameters OCTET STRING OPTIONAL
+} OPTIONAL, /* see section 8.6.6 */
+catTpParameters SEQUENCE
+{ catTpMaxSduSize UInt16,
+ catTpMaxPduSize UInt16
+} OPTIONAL -- see section 8.6.7
+}
+
+KeyObject::= SEQUENCE {
+keyUsageQualifier [21] OCTET STRING (SIZE (1..2)), /* see [GPCS] section 11.1.9 */
+keyAccess [22] OCTET STRING (SIZE (1)) DEFAULT '00'H,
+keyIdentifier [2] OCTET STRING (SIZE (1)),
+keyVersionNumber [3] OCTET STRING (SIZE (1)),
+keyCounterValue [5] OCTET STRING OPTIONAL,
+keyCompontents SEQUENCE (SIZE (1..MAX)) OF SEQUENCE {
+ keyType [0] OCTET STRING,
+ keyData [6] OCTET STRING,
+ macLength[7] UInt8 DEFAULT 8
+ }
+}
+
+PE-Application ::= SEQUENCE {
+ app-Header PEHeader,
+loadBlock ApplicationLoadPackage OPTIONAL,
+instanceList SEQUENCE (SIZE (1..MAX)) OF ApplicationInstance OPTIONAL
+}
+
+ApplicationLoadPackage ::= SEQUENCE {
+loadPackageAID [APPLICATION 15] ApplicationIdentifier,
+securityDomainAID [APPLICATION 15] ApplicationIdentifier OPTIONAL,
+nonVolatileCodeLimitC6 [PRIVATE 6] OCTET STRING OPTIONAL,
+volatileDataLimitC7 [PRIVATE 7] OCTET STRING OPTIONAL,
+nonVolatileDataLimitC8 [PRIVATE 8] OCTET STRING OPTIONAL,
+hashValue [PRIVATE 1] OCTET STRING OPTIONAL,
+loadBlockObject [PRIVATE 4] OCTET STRING
+}
+
+ApplicationInstance ::= SEQUENCE {
+applicationLoadPackageAID [APPLICATION 15] ApplicationIdentifier,
+classAID [APPLICATION 15] ApplicationIdentifier,
+instanceAID [APPLICATION 15] ApplicationIdentifier,
+extraditeSecurityDomainAID [APPLICATION 15] ApplicationIdentifier OPTIONAL,
+applicationPrivileges [2] OCTET STRING,
+lifeCycleState [3] OCTET STRING (SIZE(1)) DEFAULT '07'H,
+/* Coding according to GP Life Cycle State. */
+
+applicationSpecificParametersC9 [PRIVATE 9] OCTET STRING,
+systemSpecificParameters [PRIVATE 15] ApplicationSystemParameters OPTIONAL,
+applicationParameters [PRIVATE 10] UICCApplicationParameters OPTIONAL,
+processData SEQUENCE (SIZE (1..MAX)) OF OCTET STRING OPTIONAL,
+controlReferenceTemplate [16] ControlReferenceTemplate OPTIONAL
+}
+
+ApplicationSystemParameters ::= SEQUENCE{
+volatileMemoryQuotaC7 [PRIVATE 7] OCTET STRING (SIZE (2..4)) OPTIONAL,
+nonVolatileMemoryQuotaC8 [PRIVATE 8] OCTET STRING (SIZE (2..4)) OPTIONAL,
+globalServiceParameters [PRIVATE 11] OCTET STRING OPTIONAL,
+implicitSelectionParameter [PRIVATE 15] OCTET STRING OPTIONAL,
+volatileReservedMemory [PRIVATE 23] OCTET STRING (SIZE (2..4)) OPTIONAL,
+nonVolatileReservedMemory [PRIVATE 24] OCTET STRING (SIZE (2..4)) OPTIONAL,
+ts102226SIMFileAccessToolkitParameter [PRIVATE 10] OCTET STRING OPTIONAL,
+ts102226AdditionalContactlessParameters [0] TS102226AdditionalContactlessParameters OPTIONAL,
+contactlessProtocolParameters [PRIVATE 25] OCTET STRING OPTIONAL, /* Coded according to Contactless Protocol Parameters Structure as defined in GP Amd. C */
+userInteractionContactlessParameters [PRIVATE 26] OCTET STRING OPTIONAL, /* Coded according to User Interaction Parameters Structure as defined in GP Amd. C */
+cumulativeGrantedVolatileMemory [2] OCTET STRING (SIZE (2..4)) OPTIONAL, /*
+Coded according to Contactless Specific Parameters as defined in GP Amd. C */
+
+cumulativeGrantedNonVolatileMemory [3] OCTET STRING (SIZE (2..4)) OPTIONAL /*
+Coded according to Contactless Specific Parameters as defined in GP Amd. C */
+}
+
+UICCApplicationParameters ::= SEQUENCE {
+uiccToolkitApplicationSpecificParametersField [0] OCTET STRING OPTIONAL,
+uiccAccessApplicationSpecificParametersField [1] OCTET STRING OPTIONAL,
+uiccAdministrativeAccessApplicationSpecificParametersField [2] OCTET STRING OPTIONAL
+}
+
+TS102226AdditionalContactlessParameters ::= SEQUENCE{
+protocolParameterData OCTET STRING /* Parameters for contactless applications encoded according to TS 102 226 */
+}
+
+ControlReferenceTemplate ::= SEQUENCE{
+applicationProviderIdentifier [APPLICATION 32] OCTET STRING
+}
+
+
+PE-RFM ::= SEQUENCE {
+rfm-header [0] PEHeader,
+
+ /* instanceAID
+ AID of the RFM instance
+ */
+ instanceAID [APPLICATION 15] ApplicationIdentifier,
+
+ /* securityDomainAID to which the RFM instance is associated
+ */
+ securityDomainAID [APPLICATION 15] ApplicationIdentifier OPTIONAL,
+
+ tarList [0] SEQUENCE (SIZE (1..MAX)) OF OCTET STRING (SIZE(3)) OPTIONAL,
+
+ minimumSecurityLevel [1] OCTET STRING (SIZE (1)),
+
+uiccAccessDomain OCTET STRING,
+ uiccAdminAccessDomain OCTET STRING,
+
+ /*
+ If the following parameter is available the respective ADF shall be the directory selected by default within an RFM script. In case it is not available the MF shall be the default selection.
+ */
+ adfRFMAccess ADFRFMAccess OPTIONAL
+}
+
+ADFRFMAccess ::= SEQUENCE {
+ adfAID ApplicationIdentifier,
+ adfAccessDomain OCTET STRING,
+ adfAdminAccessDomain OCTET STRING
+}
+
+PE-NonStandard ::= SEQUENCE {
+nonStandard-header PEHeader,
+issuerID OBJECT IDENTIFIER,
+content OCTET STRING
+}
+
+PE-End ::= SEQUENCE {
+end-header PEHeader
+}
+
+PEStatus ::= SEQUENCE {
+status INTEGER {
+ok(0), pe-not-supported(1), memory-failure(2),bad-values(3),
+not-enough-memory(4),invalid-request-format(5), invalid-parameter(6),
+runtime-not-supported (7), lib-not-supported (8),
+template-not-supported (9), feature-not-supported (10),
+pin-code-missing (11),
+unsupported-profile-version(31)
+/* ISO 7816 standard status values apply in the range of [24576...28671]
+and [36864...40959] for reporting status values '6xxx'H and '9xxx'H
+proprietary values apply in the range [40960...65535]
+*/
+},
+identification UInt15 OPTIONAL,
+-- Identification number of the PE triggering the error
+additional-information UInt8 OPTIONAL,
+-- Additional information related to the status code
+offset UInt31 OPTIONAL
+-- Position of the part of the PE generating this status code
+}
+
+EUICCResponse ::= SEQUENCE {
+ peStatus SEQUENCE OF PEStatus,
+profileInstallationAborted NULL OPTIONAL,
+statusMessage UTF8String (SIZE (2..64)) OPTIONAL
+}
+
+END
diff --git a/library/euicc/PKIX1Explicit88.asn b/library/euicc/PKIX1Explicit88.asn
new file mode 100644
index 0000000..f0197e1
--- /dev/null
+++ b/library/euicc/PKIX1Explicit88.asn
@@ -0,0 +1,619 @@
+PKIX1Explicit88 { iso(1) identified-organization(3) dod(6) internet(1)
+ security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit(18) }
+
+DEFINITIONS EXPLICIT TAGS ::=
+
+BEGIN
+
+-- EXPORTS ALL --
+
+-- IMPORTS NONE --
+
+-- UNIVERSAL Types defined in 1993 and 1998 ASN.1
+-- and required by this specification
+
+-- UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING
+ -- UniversalString is defined in ASN.1:1993
+
+-- BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING
+ -- BMPString is the subtype of UniversalString and models
+ -- the Basic Multilingual Plane of ISO/IEC/ITU 10646-1
+
+-- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING
+ -- The content of this type conforms to RFC 2279.
+
+-- PKIX specific OIDs
+
+id-pkix OBJECT IDENTIFIER ::=
+ { iso(1) identified-organization(3) dod(6) internet(1)
+ security(5) mechanisms(5) pkix(7) }
+
+-- PKIX arcs
+
+id-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
+ -- arc for private certificate extensions
+id-qt OBJECT IDENTIFIER ::= { id-pkix 2 }
+ -- arc for policy qualifier types
+id-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
+ -- arc for extended key purpose OIDS
+id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
+ -- arc for access descriptors
+
+-- policyQualifierIds for Internet policy qualifiers
+
+id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 }
+ -- OID for CPS qualifier
+id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 }
+ -- OID for user notice qualifier
+
+-- access descriptor definitions
+
+id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
+id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }
+id-ad-timeStamping OBJECT IDENTIFIER ::= { id-ad 3 }
+id-ad-caRepository OBJECT IDENTIFIER ::= { id-ad 5 }
+
+-- attribute data types
+
+Attribute ::= SEQUENCE {
+ type AttributeType,
+ values SET OF AttributeValue }
+ -- at least one value is required
+
+AttributeType ::= OBJECT IDENTIFIER
+
+AttributeValue ::= ANY
+
+AttributeTypeAndValue ::= SEQUENCE {
+ type AttributeType,
+ value AttributeValue }
+
+-- suggested naming attributes: Definition of the following
+-- information object set may be augmented to meet local
+-- requirements. Note that deleting members of the set may
+-- prevent interoperability with conforming implementations.
+-- presented in pairs: the AttributeType followed by the
+-- type definition for the corresponding AttributeValue
+--Arc for standard naming attributes
+id-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 }
+
+-- Naming attributes of type X520name
+
+id-at-name AttributeType ::= { id-at 41 }
+id-at-surname AttributeType ::= { id-at 4 }
+id-at-givenName AttributeType ::= { id-at 42 }
+id-at-initials AttributeType ::= { id-at 43 }
+id-at-generationQualifier AttributeType ::= { id-at 44 }
+
+X520name ::= CHOICE {
+ teletexString TeletexString (SIZE (1..ub-name)),
+ printableString PrintableString (SIZE (1..ub-name)),
+ universalString UniversalString (SIZE (1..ub-name)),
+ utf8String UTF8String (SIZE (1..ub-name)),
+ bmpString BMPString (SIZE (1..ub-name)) }
+
+-- Naming attributes of type X520CommonName
+
+id-at-commonName AttributeType ::= { id-at 3 }
+
+X520CommonName ::= CHOICE {
+ teletexString TeletexString (SIZE (1..ub-common-name)),
+ printableString PrintableString (SIZE (1..ub-common-name)),
+ universalString UniversalString (SIZE (1..ub-common-name)),
+ utf8String UTF8String (SIZE (1..ub-common-name)),
+ bmpString BMPString (SIZE (1..ub-common-name)) }
+
+-- Naming attributes of type X520LocalityName
+
+id-at-localityName AttributeType ::= { id-at 7 }
+
+X520LocalityName ::= CHOICE {
+ teletexString TeletexString (SIZE (1..ub-locality-name)),
+ printableString PrintableString (SIZE (1..ub-locality-name)),
+ universalString UniversalString (SIZE (1..ub-locality-name)),
+ utf8String UTF8String (SIZE (1..ub-locality-name)),
+ bmpString BMPString (SIZE (1..ub-locality-name)) }
+
+-- Naming attributes of type X520StateOrProvinceName
+
+id-at-stateOrProvinceName AttributeType ::= { id-at 8 }
+
+X520StateOrProvinceName ::= CHOICE {
+ teletexString TeletexString (SIZE (1..ub-state-name)),
+ printableString PrintableString (SIZE (1..ub-state-name)),
+ universalString UniversalString (SIZE (1..ub-state-name)),
+ utf8String UTF8String (SIZE (1..ub-state-name)),
+ bmpString BMPString (SIZE(1..ub-state-name)) }
+
+-- Naming attributes of type X520OrganizationName
+
+id-at-organizationName AttributeType ::= { id-at 10 }
+
+X520OrganizationName ::= CHOICE {
+ teletexString TeletexString
+ (SIZE (1..ub-organization-name)),
+ printableString PrintableString
+ (SIZE (1..ub-organization-name)),
+ universalString UniversalString
+ (SIZE (1..ub-organization-name)),
+ utf8String UTF8String
+ (SIZE (1..ub-organization-name)),
+ bmpString BMPString
+ (SIZE (1..ub-organization-name)) }
+
+-- Naming attributes of type X520OrganizationalUnitName
+
+id-at-organizationalUnitName AttributeType ::= { id-at 11 }
+
+X520OrganizationalUnitName ::= CHOICE {
+ teletexString TeletexString
+ (SIZE (1..ub-organizational-unit-name)),
+ printableString PrintableString
+ (SIZE (1..ub-organizational-unit-name)),
+ universalString UniversalString
+ (SIZE (1..ub-organizational-unit-name)),
+ utf8String UTF8String
+ (SIZE (1..ub-organizational-unit-name)),
+ bmpString BMPString
+ (SIZE (1..ub-organizational-unit-name)) }
+
+-- Naming attributes of type X520Title
+
+id-at-title AttributeType ::= { id-at 12 }
+
+X520Title ::= CHOICE {
+ teletexString TeletexString (SIZE (1..ub-title)),
+ printableString PrintableString (SIZE (1..ub-title)),
+ universalString UniversalString (SIZE (1..ub-title)),
+ utf8String UTF8String (SIZE (1..ub-title)),
+ bmpString BMPString (SIZE (1..ub-title)) }
+
+-- Naming attributes of type X520dnQualifier
+
+id-at-dnQualifier AttributeType ::= { id-at 46 }
+
+X520dnQualifier ::= PrintableString
+
+-- Naming attributes of type X520countryName (digraph from IS 3166)
+
+id-at-countryName AttributeType ::= { id-at 6 }
+
+X520countryName ::= PrintableString (SIZE (2))
+
+-- Naming attributes of type X520SerialNumber
+
+id-at-serialNumber AttributeType ::= { id-at 5 }
+
+X520SerialNumber ::= PrintableString (SIZE (1..ub-serial-number))
+
+-- Naming attributes of type X520Pseudonym
+
+id-at-pseudonym AttributeType ::= { id-at 65 }
+
+X520Pseudonym ::= CHOICE {
+ teletexString TeletexString (SIZE (1..ub-pseudonym)),
+ printableString PrintableString (SIZE (1..ub-pseudonym)),
+ universalString UniversalString (SIZE (1..ub-pseudonym)),
+ utf8String UTF8String (SIZE (1..ub-pseudonym)),
+ bmpString BMPString (SIZE (1..ub-pseudonym)) }
+
+-- Naming attributes of type DomainComponent (from RFC 2247)
+
+id-domainComponent AttributeType ::=
+ { 0 9 2342 19200300 100 1 25 }
+
+DomainComponent ::= IA5String
+
+-- Legacy attributes
+
+pkcs-9 OBJECT IDENTIFIER ::=
+ { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 }
+
+id-emailAddress AttributeType ::= { pkcs-9 1 }
+
+EmailAddress ::= IA5String (SIZE (1..ub-emailaddress-length))
+
+-- naming data types --
+
+Name ::= CHOICE { -- only one possibility for now --
+ rdnSequence RDNSequence }
+
+RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+
+DistinguishedName ::= RDNSequence
+
+RelativeDistinguishedName ::=
+ SET SIZE (1 .. MAX) OF AttributeTypeAndValue
+
+-- Directory string type --
+
+DirectoryString ::= CHOICE {
+ teletexString TeletexString (SIZE (1..MAX)),
+ printableString PrintableString (SIZE (1..MAX)),
+ universalString UniversalString (SIZE (1..MAX)),
+ utf8String UTF8String (SIZE (1..MAX)),
+ bmpString BMPString (SIZE (1..MAX)) }
+
+-- certificate and CRL specific structures begin here
+
+Certificate ::= SEQUENCE {
+ tbsCertificate TBSCertificate,
+ signatureAlgorithm AlgorithmIdentifier,
+ signature BIT STRING }
+
+TBSCertificate ::= SEQUENCE {
+ version [0] Version DEFAULT v1,
+ serialNumber CertificateSerialNumber,
+ signature AlgorithmIdentifier,
+ issuer Name,
+ validity Validity,
+ subject Name,
+ subjectPublicKeyInfo SubjectPublicKeyInfo,
+ issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
+ -- If present, version MUST be v2 or v3
+ subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
+ -- If present, version MUST be v2 or v3
+ extensions [3] Extensions OPTIONAL
+ -- If present, version MUST be v3 -- }
+
+Version ::= INTEGER { v1(0), v2(1), v3(2) }
+
+CertificateSerialNumber ::= INTEGER (0..999999999999999999999999999999999999) -- apply a range to suitable to force asn1c to uses INTEGER_t
+
+Validity ::= SEQUENCE {
+ notBefore Time,
+ notAfter Time }
+
+Time ::= CHOICE {
+ utcTime UTCTime,
+ generalTime GeneralizedTime }
+
+UniqueIdentifier ::= BIT STRING
+
+SubjectPublicKeyInfo ::= SEQUENCE {
+ algorithm AlgorithmIdentifier,
+ subjectPublicKey BIT STRING }
+
+Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
+
+Extension ::= SEQUENCE {
+ extnID OBJECT IDENTIFIER,
+ critical BOOLEAN DEFAULT FALSE,
+ extnValue OCTET STRING }
+
+-- CRL structures
+
+CertificateList ::= SEQUENCE {
+ tbsCertList TBSCertList,
+ signatureAlgorithm AlgorithmIdentifier,
+ signature BIT STRING }
+
+TBSCertList ::= SEQUENCE {
+ version Version OPTIONAL,
+ -- if present, MUST be v2
+ signature AlgorithmIdentifier,
+ issuer Name,
+ thisUpdate Time,
+ nextUpdate Time OPTIONAL,
+ revokedCertificates SEQUENCE OF SEQUENCE {
+ userCertificate CertificateSerialNumber,
+ revocationDate Time,
+ crlEntryExtensions Extensions OPTIONAL
+ -- if present, MUST be v2
+ } OPTIONAL,
+ crlExtensions [0] Extensions OPTIONAL }
+ -- if present, MUST be v2
+
+-- Version, Time, CertificateSerialNumber, and Extensions were
+-- defined earlier for use in the certificate structure
+
+AlgorithmIdentifier ::= SEQUENCE {
+ algorithm OBJECT IDENTIFIER,
+ parameters ANY DEFINED BY algorithm OPTIONAL }
+ -- contains a value of the type
+ -- registered for use with the
+ -- algorithm object identifier value
+
+-- X.400 address syntax starts here
+
+ORAddress ::= SEQUENCE {
+ built-in-standard-attributes BuiltInStandardAttributes,
+ built-in-domain-defined-attributes
+ BuiltInDomainDefinedAttributes OPTIONAL,
+ -- see also teletex-domain-defined-attributes
+ extension-attributes ExtensionAttributes OPTIONAL }
+
+-- Built-in Standard Attributes
+
+BuiltInStandardAttributes ::= SEQUENCE {
+ country-name CountryName OPTIONAL,
+ administration-domain-name AdministrationDomainName OPTIONAL,
+ network-address [0] IMPLICIT NetworkAddress OPTIONAL,
+ -- see also extended-network-address
+ terminal-identifier [1] IMPLICIT TerminalIdentifier OPTIONAL,
+ private-domain-name [2] PrivateDomainName OPTIONAL,
+ organization-name [3] IMPLICIT OrganizationName OPTIONAL,
+ -- see also teletex-organization-name
+ numeric-user-identifier [4] IMPLICIT NumericUserIdentifier
+ OPTIONAL,
+ personal-name [5] IMPLICIT PersonalName OPTIONAL,
+ -- see also teletex-personal-name
+ organizational-unit-names [6] IMPLICIT OrganizationalUnitNames
+ OPTIONAL }
+ -- see also teletex-organizational-unit-names
+
+CountryName ::= [APPLICATION 1] CHOICE {
+ x121-dcc-code NumericString
+ (SIZE (ub-country-name-numeric-length)),
+ iso-3166-alpha2-code PrintableString
+ (SIZE (ub-country-name-alpha-length)) }
+
+AdministrationDomainName ::= [APPLICATION 2] CHOICE {
+ numeric NumericString (SIZE (0..ub-domain-name-length)),
+ printable PrintableString (SIZE (0..ub-domain-name-length)) }
+
+NetworkAddress ::= X121Address -- see also extended-network-address
+
+X121Address ::= NumericString (SIZE (1..ub-x121-address-length))
+
+TerminalIdentifier ::= PrintableString (SIZE
+(1..ub-terminal-id-length))
+
+PrivateDomainName ::= CHOICE {
+ numeric NumericString (SIZE (1..ub-domain-name-length)),
+ printable PrintableString (SIZE (1..ub-domain-name-length)) }
+
+OrganizationName ::= PrintableString
+ (SIZE (1..ub-organization-name-length))
+ -- see also teletex-organization-name
+
+NumericUserIdentifier ::= NumericString
+ (SIZE (1..ub-numeric-user-id-length))
+
+PersonalName ::= SET {
+ surname [0] IMPLICIT PrintableString
+ (SIZE (1..ub-surname-length)),
+ given-name [1] IMPLICIT PrintableString
+ (SIZE (1..ub-given-name-length)) OPTIONAL,
+ initials [2] IMPLICIT PrintableString
+ (SIZE (1..ub-initials-length)) OPTIONAL,
+ generation-qualifier [3] IMPLICIT PrintableString
+ (SIZE (1..ub-generation-qualifier-length))
+ OPTIONAL }
+ -- see also teletex-personal-name
+
+OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units)
+ OF OrganizationalUnitName
+ -- see also teletex-organizational-unit-names
+
+OrganizationalUnitName ::= PrintableString (SIZE
+ (1..ub-organizational-unit-name-length))
+
+-- Built-in Domain-defined Attributes
+
+BuiltInDomainDefinedAttributes ::= SEQUENCE SIZE
+ (1..ub-domain-defined-attributes) OF
+ BuiltInDomainDefinedAttribute
+
+BuiltInDomainDefinedAttribute ::= SEQUENCE {
+ type PrintableString (SIZE
+ (1..ub-domain-defined-attribute-type-length)),
+ value PrintableString (SIZE
+ (1..ub-domain-defined-attribute-value-length)) }
+
+-- Extension Attributes
+
+ExtensionAttributes ::= SET SIZE (1..ub-extension-attributes) OF
+ ExtensionAttribute
+
+ExtensionAttribute ::= SEQUENCE {
+ extension-attribute-type [0] IMPLICIT INTEGER
+ (0..ub-extension-attributes),
+ extension-attribute-value [1]
+ ANY DEFINED BY extension-attribute-type }
+
+-- Extension types and attribute values
+
+common-name INTEGER ::= 1
+
+CommonName ::= PrintableString (SIZE (1..ub-common-name-length))
+
+teletex-common-name INTEGER ::= 2
+
+TeletexCommonName ::= TeletexString (SIZE (1..ub-common-name-length))
+
+teletex-organization-name INTEGER ::= 3
+
+TeletexOrganizationName ::=
+ TeletexString (SIZE (1..ub-organization-name-length))
+
+teletex-personal-name INTEGER ::= 4
+
+TeletexPersonalName ::= SET {
+ surname [0] IMPLICIT TeletexString
+ (SIZE (1..ub-surname-length)),
+ given-name [1] IMPLICIT TeletexString
+ (SIZE (1..ub-given-name-length)) OPTIONAL,
+ initials [2] IMPLICIT TeletexString
+ (SIZE (1..ub-initials-length)) OPTIONAL,
+ generation-qualifier [3] IMPLICIT TeletexString
+ (SIZE (1..ub-generation-qualifier-length))
+ OPTIONAL }
+
+teletex-organizational-unit-names INTEGER ::= 5
+
+TeletexOrganizationalUnitNames ::= SEQUENCE SIZE
+ (1..ub-organizational-units) OF TeletexOrganizationalUnitName
+
+TeletexOrganizationalUnitName ::= TeletexString
+ (SIZE (1..ub-organizational-unit-name-length))
+
+pds-name INTEGER ::= 7
+
+PDSName ::= PrintableString (SIZE (1..ub-pds-name-length))
+
+physical-delivery-country-name INTEGER ::= 8
+
+PhysicalDeliveryCountryName ::= CHOICE {
+ x121-dcc-code NumericString (SIZE
+(ub-country-name-numeric-length)),
+ iso-3166-alpha2-code PrintableString
+ (SIZE (ub-country-name-alpha-length)) }
+
+postal-code INTEGER ::= 9
+
+PostalCode ::= CHOICE {
+ numeric-code NumericString (SIZE (1..ub-postal-code-length)),
+ printable-code PrintableString (SIZE (1..ub-postal-code-length)) }
+
+physical-delivery-office-name INTEGER ::= 10
+
+PhysicalDeliveryOfficeName ::= PDSParameter
+
+physical-delivery-office-number INTEGER ::= 11
+
+PhysicalDeliveryOfficeNumber ::= PDSParameter
+
+extension-OR-address-components INTEGER ::= 12
+
+ExtensionORAddressComponents ::= PDSParameter
+
+physical-delivery-personal-name INTEGER ::= 13
+
+PhysicalDeliveryPersonalName ::= PDSParameter
+
+physical-delivery-organization-name INTEGER ::= 14
+
+PhysicalDeliveryOrganizationName ::= PDSParameter
+
+extension-physical-delivery-address-components INTEGER ::= 15
+
+ExtensionPhysicalDeliveryAddressComponents ::= PDSParameter
+
+unformatted-postal-address INTEGER ::= 16
+
+UnformattedPostalAddress ::= SET {
+ printable-address SEQUENCE SIZE (1..ub-pds-physical-address-lines)
+ OF PrintableString (SIZE (1..ub-pds-parameter-length))
+ OPTIONAL,
+ teletex-string TeletexString
+ (SIZE (1..ub-unformatted-address-length)) OPTIONAL }
+
+street-address INTEGER ::= 17
+
+StreetAddress ::= PDSParameter
+
+post-office-box-address INTEGER ::= 18
+
+PostOfficeBoxAddress ::= PDSParameter
+
+poste-restante-address INTEGER ::= 19
+
+PosteRestanteAddress ::= PDSParameter
+
+unique-postal-name INTEGER ::= 20
+
+UniquePostalName ::= PDSParameter
+
+local-postal-attributes INTEGER ::= 21
+
+LocalPostalAttributes ::= PDSParameter
+
+PDSParameter ::= SET {
+ printable-string PrintableString
+ (SIZE(1..ub-pds-parameter-length)) OPTIONAL,
+ teletex-string TeletexString
+ (SIZE(1..ub-pds-parameter-length)) OPTIONAL }
+
+extended-network-address INTEGER ::= 22
+
+ExtendedNetworkAddress ::= CHOICE {
+ e163-4-address SEQUENCE {
+ number [0] IMPLICIT NumericString
+ (SIZE (1..ub-e163-4-number-length)),
+ sub-address [1] IMPLICIT NumericString
+ (SIZE (1..ub-e163-4-sub-address-length))
+ OPTIONAL },
+ psap-address [0] IMPLICIT PresentationAddress }
+
+PresentationAddress ::= SEQUENCE {
+ pSelector [0] EXPLICIT OCTET STRING OPTIONAL,
+ sSelector [1] EXPLICIT OCTET STRING OPTIONAL,
+ tSelector [2] EXPLICIT OCTET STRING OPTIONAL,
+ nAddresses [3] EXPLICIT SET SIZE (1..MAX) OF OCTET STRING }
+
+terminal-type INTEGER ::= 23
+
+TerminalType ::= INTEGER {
+ telex (3),
+ teletex (4),
+ g3-facsimile (5),
+ g4-facsimile (6),
+ ia5-terminal (7),
+ videotex (8) }
+
+-- Extension Domain-defined Attributes
+
+teletex-domain-defined-attributes INTEGER ::= 6
+
+TeletexDomainDefinedAttributes ::= SEQUENCE SIZE
+ (1..ub-domain-defined-attributes) OF TeletexDomainDefinedAttribute
+
+TeletexDomainDefinedAttribute ::= SEQUENCE {
+ type TeletexString
+ (SIZE (1..ub-domain-defined-attribute-type-length)),
+ value TeletexString
+ (SIZE (1..ub-domain-defined-attribute-value-length)) }
+
+-- specifications of Upper Bounds MUST be regarded as mandatory
+-- from Annex B of ITU-T X.411 Reference Definition of MTS Parameter
+-- Upper Bounds
+
+-- Upper Bounds
+ub-name INTEGER ::= 32768
+ub-common-name INTEGER ::= 64
+ub-locality-name INTEGER ::= 128
+ub-state-name INTEGER ::= 128
+ub-organization-name INTEGER ::= 64
+ub-organizational-unit-name INTEGER ::= 64
+ub-title INTEGER ::= 64
+ub-serial-number INTEGER ::= 64
+ub-match INTEGER ::= 128
+ub-emailaddress-length INTEGER ::= 255
+ub-common-name-length INTEGER ::= 64
+ub-country-name-alpha-length INTEGER ::= 2
+ub-country-name-numeric-length INTEGER ::= 3
+ub-domain-defined-attributes INTEGER ::= 4
+ub-domain-defined-attribute-type-length INTEGER ::= 8
+ub-domain-defined-attribute-value-length INTEGER ::= 128
+ub-domain-name-length INTEGER ::= 16
+ub-extension-attributes INTEGER ::= 256
+ub-e163-4-number-length INTEGER ::= 15
+ub-e163-4-sub-address-length INTEGER ::= 40
+ub-generation-qualifier-length INTEGER ::= 3
+ub-given-name-length INTEGER ::= 16
+ub-initials-length INTEGER ::= 5
+ub-integer-options INTEGER ::= 256
+ub-numeric-user-id-length INTEGER ::= 32
+ub-organization-name-length INTEGER ::= 64
+ub-organizational-unit-name-length INTEGER ::= 32
+ub-organizational-units INTEGER ::= 4
+ub-pds-name-length INTEGER ::= 16
+ub-pds-parameter-length INTEGER ::= 30
+ub-pds-physical-address-lines INTEGER ::= 6
+ub-postal-code-length INTEGER ::= 16
+ub-pseudonym INTEGER ::= 128
+ub-surname-length INTEGER ::= 40
+ub-terminal-id-length INTEGER ::= 24
+ub-unformatted-address-length INTEGER ::= 180
+ub-x121-address-length INTEGER ::= 16
+
+-- Note - upper bounds on string types, such as TeletexString, are
+-- measured in characters. Excepting PrintableString or IA5String, a
+-- significantly greater number of octets will be required to hold
+-- such a value. As a minimum, 16 octets, or twice the specified
+-- upper bound, whichever is the larger, should be allowed for
+-- TeletexString. For UTF8String or UniversalString at least four
+-- times the upper bound should be allowed.
+
+END
diff --git a/library/euicc/PKIX1Explicit88_EncDec.cc b/library/euicc/PKIX1Explicit88_EncDec.cc
new file mode 100644
index 0000000..3cfb156
--- /dev/null
+++ b/library/euicc/PKIX1Explicit88_EncDec.cc
@@ -0,0 +1,213 @@
+#include "PKIX1Explicit88.hh"
+
+namespace PKIX1Explicit88__Types {
+
+using namespace PKIX1Explicit88;
+
+TTCN_Module PKIX1Explicit88__EncDec("PKIX1Explicit88_EncDec", __DATE__, __TIME__);
+
+OCTETSTRING enc__X520name(const X520name &msg) {
+ TTCN_Buffer buf;
+
+ buf.clear();
+ msg.encode(X520name_descr_, buf, TTCN_EncDec::CT_BER, BER_ENCODE_DER);
+ return OCTETSTRING(buf.get_len(), buf.get_data());
+}
+
+X520name dec__X520name(const OCTETSTRING &stream) {
+ TTCN_Buffer buf;
+ X520name msg;
+ buf.put_os(stream);
+
+ msg.decode(X520name_descr_, buf, TTCN_EncDec::CT_BER, BER_ACCEPT_ALL);
+ return msg;
+}
+
+OCTETSTRING enc__X520CommonName(const X520CommonName &msg) {
+ TTCN_Buffer buf;
+
+ buf.clear();
+ msg.encode(X520CommonName_descr_, buf, TTCN_EncDec::CT_BER, BER_ENCODE_DER);
+ return OCTETSTRING(buf.get_len(), buf.get_data());
+}
+
+X520CommonName dec__X520CommonName(const OCTETSTRING &stream) {
+ TTCN_Buffer buf;
+ X520CommonName msg;
+ buf.put_os(stream);
+
+ msg.decode(X520CommonName_descr_, buf, TTCN_EncDec::CT_BER, BER_ACCEPT_ALL);
+ return msg;
+}
+
+OCTETSTRING enc__X520LocalityName(const X520LocalityName &msg) {
+ TTCN_Buffer buf;
+
+ buf.clear();
+ msg.encode(X520LocalityName_descr_, buf, TTCN_EncDec::CT_BER, BER_ENCODE_DER);
+ return OCTETSTRING(buf.get_len(), buf.get_data());
+}
+
+X520LocalityName dec__X520LocalityName(const OCTETSTRING &stream) {
+ TTCN_Buffer buf;
+ X520LocalityName msg;
+ buf.put_os(stream);
+
+ msg.decode(X520LocalityName_descr_, buf, TTCN_EncDec::CT_BER, BER_ACCEPT_ALL);
+ return msg;
+}
+
+OCTETSTRING enc__X520StateOrProvinceName(const X520StateOrProvinceName &msg) {
+ TTCN_Buffer buf;
+
+ buf.clear();
+ msg.encode(X520StateOrProvinceName_descr_, buf, TTCN_EncDec::CT_BER, BER_ENCODE_DER);
+ return OCTETSTRING(buf.get_len(), buf.get_data());
+}
+
+X520StateOrProvinceName dec__X520StateOrProvinceName(const OCTETSTRING &stream) {
+ TTCN_Buffer buf;
+ X520StateOrProvinceName msg;
+ buf.put_os(stream);
+
+ msg.decode(X520StateOrProvinceName_descr_, buf, TTCN_EncDec::CT_BER, BER_ACCEPT_ALL);
+ return msg;
+}
+
+OCTETSTRING enc__X520OrganizationName(const X520OrganizationName &msg) {
+ TTCN_Buffer buf;
+
+ buf.clear();
+ msg.encode(X520OrganizationName_descr_, buf, TTCN_EncDec::CT_BER, BER_ENCODE_DER);
+ return OCTETSTRING(buf.get_len(), buf.get_data());
+}
+
+X520OrganizationName dec__X520OrganizationName(const OCTETSTRING &stream) {
+ TTCN_Buffer buf;
+ X520OrganizationName msg;
+ buf.put_os(stream);
+
+ msg.decode(X520OrganizationName_descr_, buf, TTCN_EncDec::CT_BER, BER_ACCEPT_ALL);
+ return msg;
+}
+
+OCTETSTRING enc__X520OrganizationalUnitName(const X520OrganizationalUnitName &msg) {
+ TTCN_Buffer buf;
+
+ buf.clear();
+ msg.encode(X520OrganizationalUnitName_descr_, buf, TTCN_EncDec::CT_BER, BER_ENCODE_DER);
+ return OCTETSTRING(buf.get_len(), buf.get_data());
+}
+
+X520OrganizationalUnitName dec__X520OrganizationalUnitName(const OCTETSTRING &stream) {
+ TTCN_Buffer buf;
+ X520OrganizationalUnitName msg;
+ buf.put_os(stream);
+
+ msg.decode(X520OrganizationalUnitName_descr_, buf, TTCN_EncDec::CT_BER, BER_ACCEPT_ALL);
+ return msg;
+}
+
+OCTETSTRING enc__X520Title(const X520Title &msg) {
+ TTCN_Buffer buf;
+
+ buf.clear();
+ msg.encode(X520Title_descr_, buf, TTCN_EncDec::CT_BER, BER_ENCODE_DER);
+ return OCTETSTRING(buf.get_len(), buf.get_data());
+}
+
+X520Title dec__X520Title(const OCTETSTRING &stream) {
+ TTCN_Buffer buf;
+ X520Title msg;
+ buf.put_os(stream);
+
+ msg.decode(X520Title_descr_, buf, TTCN_EncDec::CT_BER, BER_ACCEPT_ALL);
+ return msg;
+}
+
+OCTETSTRING enc__X520dnQualifier(const X520dnQualifier &msg) {
+ TTCN_Buffer buf;
+
+ buf.clear();
+ msg.encode(X520dnQualifier_descr_, buf, TTCN_EncDec::CT_BER, BER_ENCODE_DER);
+ return OCTETSTRING(buf.get_len(), buf.get_data());
+}
+
+X520dnQualifier dec__X520dnQualifier(const OCTETSTRING &stream) {
+ TTCN_Buffer buf;
+ X520dnQualifier msg;
+ buf.put_os(stream);
+
+ msg.decode(X520dnQualifier_descr_, buf, TTCN_EncDec::CT_BER, BER_ACCEPT_ALL);
+ return msg;
+}
+
+OCTETSTRING enc__X520countryName(const X520countryName &msg) {
+ TTCN_Buffer buf;
+
+ buf.clear();
+ msg.encode(X520countryName_descr_, buf, TTCN_EncDec::CT_BER, BER_ENCODE_DER);
+ return OCTETSTRING(buf.get_len(), buf.get_data());
+}
+
+X520countryName dec__X520countryName(const OCTETSTRING &stream) {
+ TTCN_Buffer buf;
+ X520countryName msg;
+ buf.put_os(stream);
+
+ msg.decode(X520countryName_descr_, buf, TTCN_EncDec::CT_BER, BER_ACCEPT_ALL);
+ return msg;
+}
+
+OCTETSTRING enc__X520SerialNumber(const X520SerialNumber &msg) {
+ TTCN_Buffer buf;
+
+ buf.clear();
+ msg.encode(X520SerialNumber_descr_, buf, TTCN_EncDec::CT_BER, BER_ENCODE_DER);
+ return OCTETSTRING(buf.get_len(), buf.get_data());
+}
+
+X520SerialNumber dec__X520SerialNumber(const OCTETSTRING &stream) {
+ TTCN_Buffer buf;
+ X520SerialNumber msg;
+ buf.put_os(stream);
+
+ msg.decode(X520SerialNumber_descr_, buf, TTCN_EncDec::CT_BER, BER_ACCEPT_ALL);
+ return msg;
+}
+
+OCTETSTRING enc__X520Pseudonym(const X520Pseudonym &msg) {
+ TTCN_Buffer buf;
+
+ buf.clear();
+ msg.encode(X520Pseudonym_descr_, buf, TTCN_EncDec::CT_BER, BER_ENCODE_DER);
+ return OCTETSTRING(buf.get_len(), buf.get_data());
+}
+
+X520Pseudonym dec__X520Pseudonym(const OCTETSTRING &stream) {
+ TTCN_Buffer buf;
+ X520Pseudonym msg;
+ buf.put_os(stream);
+
+ msg.decode(X520Pseudonym_descr_, buf, TTCN_EncDec::CT_BER, BER_ACCEPT_ALL);
+ return msg;
+}
+
+OCTETSTRING enc__Certificate(const Certificate &msg) {
+ TTCN_Buffer buf;
+
+ buf.clear();
+ msg.encode(Certificate_descr_, buf, TTCN_EncDec::CT_BER, BER_ENCODE_DER);
+ return OCTETSTRING(buf.get_len(), buf.get_data());
+}
+
+Certificate dec__Certificate(const OCTETSTRING &stream) {
+ TTCN_Buffer buf;
+ Certificate msg;
+ buf.put_os(stream);
+
+ msg.decode(Certificate_descr_, buf, TTCN_EncDec::CT_BER, BER_ACCEPT_ALL);
+ return msg;
+}
+
+}
diff --git a/library/euicc/PKIX1Explicit88_Templates.ttcn b/library/euicc/PKIX1Explicit88_Templates.ttcn
new file mode 100644
index 0000000..d2cc7bb
--- /dev/null
+++ b/library/euicc/PKIX1Explicit88_Templates.ttcn
@@ -0,0 +1,1901 @@
+/* PKIX1 Templates in TTCN-3
+ *
+ * Author: Philipp Maier <pmaier@sysmocom.de> / sysmocom - s.f.m.c. GmbH
+ *
+ * Released under the terms of GNU General Public License, Version 2 or
+ * (at your option) any later version.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+module PKIX1Explicit88_Templates {
+
+import from PKIX1Explicit88_Types all;
+import from PKIX1Explicit88 all;
+import from PKIX1Implicit88 all;
+
+/* Test certificate:
+SGP.26_v1.2_files/Valid test cases/CertificateIssuer/CERT_CI_ECDSA_NIST.der
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ b8:74:f3:ab:fa:6c:44:d3
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN = GSMA Test CI, OU = TESTCERT, O = RSPTEST, C = IT
+ Validity
+ Not Before: Feb 1 15:39:42 2017 GMT
+ Not After : Feb 1 15:39:42 2052 GMT
+ Subject: CN = GSMA Test CI, OU = TESTCERT, O = RSPTEST, C = IT
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (256 bit)
+ pub:
+ 04:94:06:57:a6:73:dc:28:8f:89:d5:2e:a8:a4:77:
+ 04:99:27:91:f9:c3:4b:00:36:e6:33:e2:d0:cb:a9:
+ 45:4d:65:db:32:eb:17:98:17:99:d2:f2:43:88:ee:
+ 2b:95:c1:09:45:46:c9:79:01:ce:ae:ba:96:50:91:
+ 9a:2e:20:d2:29
+ ASN1 OID: prime256v1
+ NIST CURVE: P-256
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ F5:41:72:BD:F9:8A:95:D6:5C:BE:B8:8A:38:A1:C1:1D:80:0A:85:C3
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Certificate Policies: critical
+ Policy: 2.23.146.1.2.1.0
+
+ X509v3 Key Usage: critical
+ Certificate Sign, CRL Sign
+ X509v3 Subject Alternative Name:
+ Registered ID:2.999.1
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-A.crl
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-B.crl
+
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:46:02:21:00:91:f2:51:c9:71:53:b9:cf:85:37:9a:74:8b:
+ 57:2a:49:68:52:45:56:c4:7f:33:eb:69:7b:55:91:2c:c0:f2:
+ d2:02:21:00:dc:e4:9e:73:f3:49:ec:d0:59:10:ef:9d:f6:b6:
+ 9a:86:7a:bf:38:9d:c8:6b:84:11:b4:df:e1:96:91:50:f5:f9
+*/
+const octetstring cert_ci_nist :=
+'30820256308201fba003020102020900b874f3abfa6c44d3300a06082a86
+48ce3d04030230493115301306035504030c0c47534d4120546573742043
+493111300f060355040b0c0854455354434552543110300e060355040a0c
+0752535054455354310b30090603550406130249543020170d3137303230
+313135333934325a180f32303532303230313135333934325a3049311530
+1306035504030c0c47534d4120546573742043493111300f060355040b0c
+0854455354434552543110300e060355040a0c0752535054455354310b30
+090603550406130249543059301306072a8648ce3d020106082a8648ce3d
+03010703420004940657a673dc288f89d52ea8a47704992791f9c34b0036
+e633e2d0cba9454d65db32eb17981799d2f24388ee2b95c1094546c97901
+ceaeba9650919a2e20d229a381c93081c6301d0603551d0e04160414f541
+72bdf98a95d65cbeb88a38a1c11d800a85c3300f0603551d130101ff0405
+30030101ff30170603551d200101ff040d300b3009060767811201020100
+300e0603551d0f0101ff040403020106300e0603551d1104073005880388
+3701305b0603551d1f045430523027a025a0238621687474703a2f2f6369
+2e746573742e67736d612e636f6d2f43524c2d412e63726c3027a025a023
+8621687474703a2f2f63692e746573742e67736d612e636f6d2f43524c2d
+422e63726c300a06082a8648ce3d040302034900304602210091f251c971
+53b9cf85379a748b572a4968524556c47f33eb697b55912cc0f2d2022100
+dce49e73f349ecd05910ef9df6b69a867abf389dc86b8411b4dfe1969150
+f5f9'O
+function f_ts_cert_ci_nist() return Certificate {
+ var Certificate cert_decoded;
+ cert_decoded := dec_Certificate(cert_ci_nist);
+ return cert_decoded;
+}
+template (value) Certificate ts_cert_ci_nist := f_ts_cert_ci_nist();
+
+/* Test certificate:
+SGP.26_v1.2_files/Valid test cases/CertificateIssuer/CERT_CI_ECDSA_BRP.der
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ b8:74:f3:ab:fa:6c:44:d3
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN = GSMA Test CI, OU = TESTCERT, O = RSPTEST, C = IT
+ Validity
+ Not Before: Apr 19 10:34:38 2017 GMT
+ Not After : Apr 18 10:34:38 2052 GMT
+ Subject: CN = GSMA Test CI, OU = TESTCERT, O = RSPTEST, C = IT
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (256 bit)
+ pub:
+ 04:27:87:b4:d5:6e:d8:24:a9:e6:be:04:e1:88:7f:
+ 6b:98:ba:fe:b8:c7:63:f5:28:37:f7:01:13:e9:36:
+ 4e:dd:be:13:9b:c0:c7:de:7e:16:8f:1e:5c:d0:c1:
+ 85:34:fc:50:64:e6:4f:68:6d:c5:33:27:ca:7f:1d:
+ ce:a8:5a:29:94
+ ASN1 OID: brainpoolP256r1
+ X509v3 extensions:
+ X509v3 Subject Key Identifier:
+ C0:BC:70:BA:36:92:9D:43:B4:67:FF:57:57:05:30:E5:7A:B8:FC:D8
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Certificate Policies: critical
+ Policy: 2.23.146.1.2.1.0
+
+ X509v3 Key Usage: critical
+ Certificate Sign, CRL Sign
+ X509v3 Subject Alternative Name:
+ Registered ID:2.999.1
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-A.crl
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-B.crl
+
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:44:02:20:06:c6:c3:9f:5a:b9:71:5d:72:c5:65:dc:f5:ff:
+ 3b:fe:f3:fb:70:ef:0a:e3:3a:07:36:66:91:35:86:d0:ef:92:
+ 02:20:16:b2:44:eb:46:9f:2a:2f:58:6b:c1:c3:20:b4:b6:43:
+ 1b:8f:74:d9:41:f7:f1:83:2b:43:25:52:b1:61:df:a2
+*/
+const octetstring cert_ci_brp :=
+'30820255308201fca003020102020900b874f3abfa6c44d3300a06082a86
+48ce3d04030230493115301306035504030c0c47534d4120546573742043
+493111300f060355040b0c0854455354434552543110300e060355040a0c
+0752535054455354310b30090603550406130249543020170d3137303431
+393130333433385a180f32303532303431383130333433385a3049311530
+1306035504030c0c47534d4120546573742043493111300f060355040b0c
+0854455354434552543110300e060355040a0c0752535054455354310b30
+09060355040613024954305a301406072a8648ce3d020106092b24030302
+08010107034200042787b4d56ed824a9e6be04e1887f6b98bafeb8c763f5
+2837f70113e9364eddbe139bc0c7de7e168f1e5cd0c18534fc5064e64f68
+6dc53327ca7f1dcea85a2994a381c93081c6301d0603551d0e04160414c0
+bc70ba36929d43b467ff57570530e57ab8fcd8300f0603551d130101ff04
+0530030101ff30170603551d200101ff040d300b30090607678112010201
+00300e0603551d0f0101ff040403020106300e0603551d11040730058803
+883701305b0603551d1f045430523027a025a0238621687474703a2f2f63
+692e746573742e67736d612e636f6d2f43524c2d412e63726c3027a025a0
+238621687474703a2f2f63692e746573742e67736d612e636f6d2f43524c
+2d422e63726c300a06082a8648ce3d0403020347003044022006c6c39f5a
+b9715d72c565dcf5ff3bfef3fb70ef0ae33a073666913586d0ef92022016
+b244eb469f2a2f586bc1c320b4b6431b8f74d941f7f1832b432552b161df
+a2'O
+function f_ts_cert_ci_brp() return Certificate {
+ var Certificate cert_decoded;
+ cert_decoded := dec_Certificate(cert_ci_brp);
+ return cert_decoded;
+}
+template (value) Certificate ts_cert_ci_brp := f_ts_cert_ci_brp();
+
+
+/* Test certificate:
+SGP.26_v1.2_files/Valid test cases/eUICC/CERT_EUICC_ECDSA_NIST.der
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 02:00:00:00:00:00:00:00:01
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: C = DE, O = RSP Test EUM, CN = EUM Test
+ Validity
+ Not Before: Jan 9 14:39:03 2017 GMT
+ Not After : Nov 2 14:39:03 7492 GMT
+ Subject: C = DE, O = RSP Test EUM, serialNumber = 89049032123451234512345678901235, CN = Test eUICC
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (256 bit)
+ pub:
+ 04:6d:b3:f5:3a:dc:87:dc:2f:f1:0c:7b:fc:d8:7a:
+ d1:3a:e9:70:09:af:a0:65:a6:75:7e:e5:71:b3:f2:
+ eb:b1:8f:46:c1:d6:8f:3e:de:b0:e7:4b:2e:5d:54:
+ 20:51:e7:d2:7f:50:95:20:28:60:5a:fd:ef:79:fe:
+ 9f:ff:d0:39:59
+ ASN1 OID: prime256v1
+ NIST CURVE: P-256
+ X509v3 extensions:
+ X509v3 Authority Key Identifier:
+ keyid:DD:3D:A2:4D:35:0C:1C:C5:D0:AF:09:65:F4:0E:C3:4C:5E:E4:09:F1
+
+ X509v3 Subject Key Identifier:
+ A5:24:76:AF:5D:50:AA:37:64:37:CC:B1:DA:21:72:EF:45:F4:84:F0
+ X509v3 Key Usage: critical
+ Digital Signature
+ X509v3 Certificate Policies: critical
+ Policy: 2.23.146.1.2.1.1
+
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:44:02:20:5e:da:e9:e3:b9:27:8a:36:12:65:dc:bd:13:a3:
+ bf:48:d7:ae:c4:3d:29:05:12:5b:fa:ca:2f:4c:f3:a7:e6:54:
+ 02:20:08:9f:95:6b:b9:89:59:65:77:ec:98:6d:f7:af:66:f2:
+ a4:46:25:f3:85:77:4c:56:65:07:f6:f2:cd:72:e0:2c
+*/
+const octetstring cert_euicc_nist :=
+'308201fe308201a5a0030201020209020000000000000001300a06082a86
+48ce3d0403023037310b300906035504061302444531153013060355040a
+0c0c52535020546573742045554d3111300f06035504030c0845554d2054
+6573743020170d3137303130393134333930335a180f3734393231313032
+3134333930335a3064310b30090603550406130244453115301306035504
+0a0c0c52535020546573742045554d312930270603550405132038393034
+393033323132333435313233343531323334353637383930313233353113
+301106035504030c0a546573742065554943433059301306072a8648ce3d
+020106082a8648ce3d030107034200046db3f53adc87dc2ff10c7bfcd87a
+d13ae97009afa065a6757ee571b3f2ebb18f46c1d68f3edeb0e74b2e5d54
+2051e7d27f50952028605afdef79fe9fffd03959a36b3069301f0603551d
+23041830168014dd3da24d350c1cc5d0af0965f40ec34c5ee409f1301d06
+03551d0e04160414a52476af5d50aa376437ccb1da2172ef45f484f0300e
+0603551d0f0101ff04040302078030170603551d200101ff040d300b3009
+060767811201020101300a06082a8648ce3d040302034700304402205eda
+e9e3b9278a361265dcbd13a3bf48d7aec43d2905125bfaca2f4cf3a7e654
+0220089f956bb989596577ec986df7af66f2a44625f385774c566507f6f2
+cd72e02c'O;
+function f_ts_cert_euicc_nist() return Certificate {
+ var Certificate cert_decoded;
+ cert_decoded := dec_Certificate(cert_euicc_nist);
+ return cert_decoded;
+}
+template (value) Certificate ts_cert_euicc_nist := f_ts_cert_euicc_nist();
+
+/* Test certificate:
+SGP.26_v1.2_files/Valid test cases/eUICC/CERT_EUICC_ECDSA_BRP.der
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 02:00:00:00:00:00:00:00:01
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: C = DE, O = RSP Test EUM, CN = EUM Test
+ Validity
+ Not Before: Apr 20 12:07:50 2017 GMT
+ Not After : Feb 11 12:07:50 7493 GMT
+ Subject: C = DE, O = RSP Test EUM, serialNumber = 89049032123451234512345678901235, CN = Test eUICC
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (256 bit)
+ pub:
+ 04:3e:59:0c:38:a9:c2:56:31:5e:cf:f3:29:14:16:
+ dd:33:54:09:a6:66:fd:41:b3:b5:1e:5e:51:14:f3:
+ 43:ab:f0:a2:67:74:c6:c2:6c:48:75:3a:fe:28:36:
+ 43:22:7b:b6:60:8c:d2:61:cc:97:2d:37:4a:47:91:
+ 24:eb:f2:77:22
+ ASN1 OID: brainpoolP256r1
+ X509v3 extensions:
+ X509v3 Authority Key Identifier:
+ keyid:6F:A1:E5:21:73:63:A8:22:BD:ED:98:8A:1A:0D:0F:F5:D7:62:0D:B7
+
+ X509v3 Subject Key Identifier:
+ C8:A6:4F:34:3B:85:B7:B0:57:8D:C5:7F:8F:13:58:6D:C8:04:ED:84
+ X509v3 Key Usage: critical
+ Digital Signature
+ X509v3 Certificate Policies: critical
+ Policy: 2.23.146.1.2.1.1
+
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:45:02:20:00:b4:f8:6f:2e:a1:4c:cc:04:66:51:99:88:4c:
+ ad:75:ca:dd:c3:36:79:77:2f:ff:d4:db:cf:1b:d2:a8:e4:1b:
+ 02:21:00:8b:4d:40:a2:d9:bd:3a:53:c6:80:bd:c8:a3:08:c3:
+ fb:dd:fe:e7:c6:6a:18:b4:dc:dd:03:77:0f:ff:aa:49:82
+*/
+const octetstring cert_euicc_brp :=
+'30820200308201a6a0030201020209020000000000000001300a06082a86
+48ce3d0403023037310b300906035504061302444531153013060355040a
+0c0c52535020546573742045554d3111300f06035504030c0845554d2054
+6573743020170d3137303432303132303735305a180f3734393330323131
+3132303735305a3064310b30090603550406130244453115301306035504
+0a0c0c52535020546573742045554d312930270603550405132038393034
+393033323132333435313233343531323334353637383930313233353113
+301106035504030c0a54657374206555494343305a301406072a8648ce3d
+020106092b2403030208010107034200043e590c38a9c256315ecff32914
+16dd335409a666fd41b3b51e5e5114f343abf0a26774c6c26c48753afe28
+3643227bb6608cd261cc972d374a479124ebf27722a36b3069301f060355
+1d230418301680146fa1e5217363a822bded988a1a0d0ff5d7620db7301d
+0603551d0e04160414c8a64f343b85b7b0578dc57f8f13586dc804ed8430
+0e0603551d0f0101ff04040302078030170603551d200101ff040d300b30
+09060767811201020101300a06082a8648ce3d0403020348003045022000
+b4f86f2ea14ccc04665199884cad75caddc33679772fffd4dbcf1bd2a8e4
+1b0221008b4d40a2d9bd3a53c680bdc8a308c3fbddfee7c66a18b4dcdd03
+770fffaa4982'O;
+function f_ts_cert_euicc_brp() return Certificate {
+ var Certificate cert_decoded;
+ cert_decoded := dec_Certificate(cert_euicc_brp);
+ return cert_decoded;
+}
+template (value) Certificate ts_cert_euicc_brp := f_ts_cert_euicc_brp();
+
+/* Test certificate:
+SGP.26_v1.2_files/Valid test cases/EUM/CERT_EUM_ECDSA_NIST.der
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 305419896 (0x12345678)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN = GSMA Test CI, OU = TESTCERT, O = RSPTEST, C = IT
+ Validity
+ Not Before: Jan 19 18:10:30 2017 GMT
+ Not After : Jan 19 18:10:30 2051 GMT
+ Subject: C = DE, O = RSP Test EUM, CN = EUM Test
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (256 bit)
+ pub:
+ 04:13:30:d5:92:56:ac:0c:b5:0b:d9:28:d0:f4:c6:
+ 80:07:c4:85:fe:3f:42:98:8a:d3:ee:38:75:ae:33:
+ f4:98:3a:b2:3b:4d:d4:c3:13:40:d6:76:dd:8e:11:
+ f9:c5:cb:a1:b1:1e:b6:94:ee:d0:99:4d:b5:29:28:
+ 5e:63:2c:89:06
+ ASN1 OID: prime256v1
+ NIST CURVE: P-256
+ X509v3 extensions:
+ X509v3 Authority Key Identifier:
+ keyid:F5:41:72:BD:F9:8A:95:D6:5C:BE:B8:8A:38:A1:C1:1D:80:0A:85:C3
+
+ X509v3 Subject Key Identifier:
+ DD:3D:A2:4D:35:0C:1C:C5:D0:AF:09:65:F4:0E:C3:4C:5E:E4:09:F1
+ X509v3 Key Usage: critical
+ Certificate Sign
+ X509v3 Certificate Policies: critical
+ Policy: 2.23.146.1.2.1.2
+
+ X509v3 Subject Alternative Name:
+ Registered ID:2.999.5
+ X509v3 Basic Constraints: critical
+ CA:TRUE, pathlen:0
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-B.crl
+
+ X509v3 Name Constraints: critical
+ Permitted:
+ DirName:O = RSP Test EUM, serialNumber = 89049032
+
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:46:02:21:00:8c:4d:4b:26:40:4e:a5:dd:ea:65:eb:b4:3c:
+ 18:db:ab:12:cb:90:97:de:b7:7f:0b:a1:57:e3:8c:7b:18:b4:
+ ee:02:21:00:d1:8d:9c:f3:a1:34:87:ee:65:ca:6b:48:f8:c1:
+ ad:c0:2e:7a:7d:89:f1:74:b5:ae:2b:5e:1d:82:0a:9b:23:23
+*/
+const octetstring cert_eum_nist :=
+'3082027c30820221a003020102020412345678300a06082a8648ce3d0403
+0230493115301306035504030c0c47534d4120546573742043493111300f
+060355040b0c0854455354434552543110300e060355040a0c0752535054
+455354310b30090603550406130249543020170d31373031313931383130
+33305a180f32303531303131393138313033305a3037310b300906035504
+061302444531153013060355040a0c0c52535020546573742045554d3111
+300f06035504030c0845554d20546573743059301306072a8648ce3d0201
+06082a8648ce3d030107034200041330d59256ac0cb50bd928d0f4c68007
+c485fe3f42988ad3ee3875ae33f4983ab23b4dd4c31340d676dd8e11f9c5
+cba1b11eb694eed0994db529285e632c8906a382010530820101301f0603
+551d23041830168014f54172bdf98a95d65cbeb88a38a1c11d800a85c330
+1d0603551d0e04160414dd3da24d350c1cc5d0af0965f40ec34c5ee409f1
+300e0603551d0f0101ff04040302020430170603551d200101ff040d300b
+3009060767811201020102300e0603551d11040730058803883705301206
+03551d130101ff040830060101ff02010030320603551d1f042b30293027
+a025a0238621687474703a2f2f63692e746573742e67736d612e636f6d2f
+43524c2d422e63726c303e0603551d1e0101ff04343032a030302ea42c30
+2a31153013060355040a0c0c52535020546573742045554d3111300f0603
+55040513083839303439303332300a06082a8648ce3d0403020349003046
+0221008c4d4b26404ea5ddea65ebb43c18dbab12cb9097deb77f0ba157e3
+8c7b18b4ee022100d18d9cf3a13487ee65ca6b48f8c1adc02e7a7d89f174
+b5ae2b5e1d820a9b2323'O
+function f_ts_cert_eum_nist() return Certificate {
+ var Certificate cert_decoded;
+ cert_decoded := dec_Certificate(cert_eum_nist);
+ return cert_decoded;
+}
+template (value) Certificate ts_cert_eum_nist := f_ts_cert_eum_nist();
+
+/* Test certificate:
+SGP.26_v1.2_files/Valid test cases/EUM/CERT_EUM_ECDSA_BRP.der
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 305419896 (0x12345678)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN = GSMA Test CI, OU = TESTCERT, O = RSPTEST, C = IT
+ Validity
+ Not Before: Apr 20 10:23:31 2017 GMT
+ Not After : Apr 20 10:23:31 2051 GMT
+ Subject: C = DE, O = RSP Test EUM, CN = EUM Test
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (256 bit)
+ pub:
+ 04:a2:e5:2a:32:df:e8:99:65:71:c5:3a:f5:32:8e:
+ f6:82:09:3f:c1:d0:5f:52:65:2f:6b:71:1c:24:38:
+ 21:f7:f1:6b:0c:ec:8d:21:9b:23:d3:f9:90:f4:34:
+ d0:b9:0d:42:71:6c:02:e0:93:05:26:44:63:f6:11:
+ e6:50:c3:7f:f7
+ ASN1 OID: brainpoolP256r1
+ X509v3 extensions:
+ X509v3 Authority Key Identifier:
+ keyid:C0:BC:70:BA:36:92:9D:43:B4:67:FF:57:57:05:30:E5:7A:B8:FC:D8
+
+ X509v3 Subject Key Identifier:
+ 6F:A1:E5:21:73:63:A8:22:BD:ED:98:8A:1A:0D:0F:F5:D7:62:0D:B7
+ X509v3 Key Usage: critical
+ Certificate Sign
+ X509v3 Certificate Policies: critical
+ Policy: 2.23.146.1.2.1.2
+
+ X509v3 Subject Alternative Name:
+ Registered ID:2.999.5
+ X509v3 Basic Constraints: critical
+ CA:TRUE, pathlen:0
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-B.crl
+
+ X509v3 Name Constraints: critical
+ Permitted:
+ DirName:O = RSP Test EUM, serialNumber = 89049032
+
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:44:02:20:2b:46:5c:c1:ac:87:8d:46:a8:7d:4a:70:72:ca:
+ 2c:f9:1c:27:10:87:02:19:ae:80:29:c6:96:bc:39:f0:5c:dc:
+ 02:20:40:cc:35:b4:9c:3b:30:ee:39:b0:5d:da:8f:6d:0d:a6:
+ 43:ab:8e:bd:6a:05:23:91:cf:46:c9:ee:4c:95:3b:19
+*/
+const octetstring cert_eum_brp :=
+'3082027b30820222a003020102020412345678300a06082a8648ce3d0403
+0230493115301306035504030c0c47534d4120546573742043493111300f
+060355040b0c0854455354434552543110300e060355040a0c0752535054
+455354310b30090603550406130249543020170d31373034323031303233
+33315a180f32303531303432303130323333315a3037310b300906035504
+061302444531153013060355040a0c0c52535020546573742045554d3111
+300f06035504030c0845554d2054657374305a301406072a8648ce3d0201
+06092b240303020801010703420004a2e52a32dfe8996571c53af5328ef6
+82093fc1d05f52652f6b711c243821f7f16b0cec8d219b23d3f990f434d0
+b90d42716c02e09305264463f611e650c37ff7a382010530820101301f06
+03551d23041830168014c0bc70ba36929d43b467ff57570530e57ab8fcd8
+301d0603551d0e041604146fa1e5217363a822bded988a1a0d0ff5d7620d
+b7300e0603551d0f0101ff04040302020430170603551d200101ff040d30
+0b3009060767811201020102300e0603551d110407300588038837053012
+0603551d130101ff040830060101ff02010030320603551d1f042b302930
+27a025a0238621687474703a2f2f63692e746573742e67736d612e636f6d
+2f43524c2d422e63726c303e0603551d1e0101ff04343032a030302ea42c
+302a31153013060355040a0c0c52535020546573742045554d3111300f06
+0355040513083839303439303332300a06082a8648ce3d04030203470030
+4402202b465cc1ac878d46a87d4a7072ca2cf91c2710870219ae8029c696
+bc39f05cdc022040cc35b49c3b30ee39b05dda8f6d0da643ab8ebd6a0523
+91cf46c9ee4c953b19'O;
+function f_ts_cert_eum_brp() return Certificate {
+ var Certificate cert_decoded;
+ cert_decoded := dec_Certificate(cert_eum_brp);
+ return cert_decoded;
+}
+template (value) Certificate ts_cert_eum_brp := f_ts_cert_eum_brp();
+
+/* Test certificate:
+SGP.26_v1.2_files/Valid test cases/SM-DP+/DPauth/CERT_S_SM_DPauth_ECDSA_NIST.der
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 100 (0x64)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN = GSMA Test CI, OU = TESTCERT, O = RSPTEST, C = IT
+ Validity
+ Not Before: Feb 1 13:38:56 2017 GMT
+ Not After : Feb 1 13:38:56 2020 GMT
+ Subject: O = ACME, CN = "TEST SM-DP+"
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (256 bit)
+ pub:
+ 04:4d:fe:d4:f4:69:47:91:bf:16:95:ce:a0:30:7a:
+ 35:b4:18:01:96:95:38:7b:b7:5b:7d:24:47:b6:b5:
+ 20:9f:04:45:ae:4e:5e:52:1c:d1:38:88:d7:5f:e0:
+ 7c:85:80:22:2a:e2:0d:ba:ac:1d:77:cd:76:30:49:
+ 93:42:1b:d7:39
+ ASN1 OID: prime256v1
+ NIST CURVE: P-256
+ X509v3 extensions:
+ X509v3 Authority Key Identifier:
+ keyid:F5:41:72:BD:F9:8A:95:D6:5C:BE:B8:8A:38:A1:C1:1D:80:0A:85:C3
+
+ X509v3 Subject Key Identifier:
+ BD:5A:82:CC:1A:96:60:21:18:BA:75:60:A1:FF:83:A7:8B:21:0B:E5
+ X509v3 Subject Alternative Name:
+ Registered ID:2.999.10
+ X509v3 Key Usage: critical
+ Digital Signature
+ X509v3 Certificate Policies: critical
+ Policy: 2.23.146.1.2.1.4
+
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-A.crl
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-B.crl
+
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:45:02:21:00:f1:cf:ef:41:e2:b8:a0:22:62:17:10:b9:6a:
+ 65:4f:ff:e4:85:d0:8c:20:e6:64:e8:5b:f2:d7:27:00:2a:07:
+ 38:02:20:69:25:bd:f7:bb:87:d0:c8:be:2b:78:a0:c5:9a:61:
+ 01:78:29:30:c2:fe:98:ad:2d:70:38:65:6a:02:14:a3:97
+*/
+const octetstring cert_s_sm_dpauth_nist :=
+'30820237308201dda003020102020164300a06082a8648ce3d0403023049
+3115301306035504030c0c47534d4120546573742043493111300f060355
+040b0c0854455354434552543110300e060355040a0c0752535054455354
+310b3009060355040613024954301e170d3137303230313133333835365a
+170d3230303230313133333835365a3025310d300b060355040a0c044143
+4d453114301206035504030c0b5445535420534d2d44502b305930130607
+2a8648ce3d020106082a8648ce3d030107034200044dfed4f4694791bf16
+95cea0307a35b418019695387bb75b7d2447b6b5209f0445ae4e5e521cd1
+3888d75fe07c8580222ae20dbaac1d77cd76304993421bd739a381d93081
+d6301f0603551d23041830168014f54172bdf98a95d65cbeb88a38a1c11d
+800a85c3301d0603551d0e04160414bd5a82cc1a96602118ba7560a1ff83
+a78b210be5300e0603551d1104073005880388370a300e0603551d0f0101
+ff04040302078030170603551d200101ff040d300b300906076781120102
+0104305b0603551d1f045430523027a025a0238621687474703a2f2f6369
+2e746573742e67736d612e636f6d2f43524c2d412e63726c3027a025a023
+8621687474703a2f2f63692e746573742e67736d612e636f6d2f43524c2d
+422e63726c300a06082a8648ce3d0403020348003045022100f1cfef41e2
+b8a022621710b96a654fffe485d08c20e664e85bf2d727002a0738022069
+25bdf7bb87d0c8be2b78a0c59a6101782930c2fe98ad2d7038656a0214a3
+97'O;
+function f_ts_cert_s_sm_dpauth_nist() return Certificate {
+ var Certificate cert_decoded;
+ cert_decoded := dec_Certificate(cert_s_sm_dpauth_nist);
+ return cert_decoded;
+}
+template (value) Certificate ts_cert_s_sm_dpauth_nist := f_ts_cert_s_sm_dpauth_nist();
+
+/* Test certificate:
+SGP.26_v1.2_files/Valid test cases/SM-DP+/DPauth/CERT_S_SM_DPauth_ECDSA_BRP.der
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 100 (0x64)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN = GSMA Test CI, OU = TESTCERT, O = RSPTEST, C = IT
+ Validity
+ Not Before: Apr 26 15:20:12 2017 GMT
+ Not After : Apr 25 15:20:12 2020 GMT
+ Subject: O = ACME, CN = "TEST SM-DP+"
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (256 bit)
+ pub:
+ 04:25:5d:7d:af:00:ef:84:1d:76:fa:7a:63:d6:3e:
+ b3:fe:6c:9f:70:49:2d:38:19:23:f8:f8:bd:7b:24:
+ f3:c5:ad:16:8e:be:3b:09:dd:80:f2:9e:7f:fd:24:
+ a4:d1:be:74:7f:83:23:e4:72:92:83:96:dd:e9:e0:
+ 15:1c:ea:ba:18
+ ASN1 OID: brainpoolP256r1
+ X509v3 extensions:
+ X509v3 Authority Key Identifier:
+ keyid:C0:BC:70:BA:36:92:9D:43:B4:67:FF:57:57:05:30:E5:7A:B8:FC:D8
+
+ X509v3 Subject Key Identifier:
+ 79:A4:BD:4D:78:FF:47:34:BC:60:45:CF:91:96:24:4A:1F:B8:4B:EB
+ X509v3 Subject Alternative Name:
+ Registered ID:2.999.10
+ X509v3 Key Usage: critical
+ Digital Signature
+ X509v3 Certificate Policies: critical
+ Policy: 2.23.146.1.2.1.4
+
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-A.crl
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-B.crl
+
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:45:02:20:30:45:fe:e3:ed:cc:6c:84:36:3d:d7:b8:6e:98:
+ 4b:dd:1c:94:78:cd:0f:2c:da:8e:4c:b9:63:13:f7:85:b2:db:
+ 02:21:00:81:29:01:29:4a:5f:c6:82:cf:fa:57:0f:8a:42:d5:
+ 59:b0:7c:ef:83:05:f7:d2:36:41:64:df:4d:f8:8c:a7:fa
+*/
+const octetstring cert_s_sm_dpauth_brp :=
+'30820238308201dea003020102020164300a06082a8648ce3d0403023049
+3115301306035504030c0c47534d4120546573742043493111300f060355
+040b0c0854455354434552543110300e060355040a0c0752535054455354
+310b3009060355040613024954301e170d3137303432363135323031325a
+170d3230303432353135323031325a3025310d300b060355040a0c044143
+4d453114301206035504030c0b5445535420534d2d44502b305a30140607
+2a8648ce3d020106092b240303020801010703420004255d7daf00ef841d
+76fa7a63d63eb3fe6c9f70492d381923f8f8bd7b24f3c5ad168ebe3b09dd
+80f29e7ffd24a4d1be747f8323e472928396dde9e0151ceaba18a381d930
+81d6301f0603551d23041830168014c0bc70ba36929d43b467ff57570530
+e57ab8fcd8301d0603551d0e0416041479a4bd4d78ff4734bc6045cf9196
+244a1fb84beb300e0603551d1104073005880388370a300e0603551d0f01
+01ff04040302078030170603551d200101ff040d300b3009060767811201
+020104305b0603551d1f045430523027a025a0238621687474703a2f2f63
+692e746573742e67736d612e636f6d2f43524c2d412e63726c3027a025a0
+238621687474703a2f2f63692e746573742e67736d612e636f6d2f43524c
+2d422e63726c300a06082a8648ce3d040302034800304502203045fee3ed
+cc6c84363dd7b86e984bdd1c9478cd0f2cda8e4cb96313f785b2db022100
+812901294a5fc682cffa570f8a42d559b07cef8305f7d2364164df4df88c
+a7fa'O;
+function f_ts_cert_s_sm_dpauth_brp() return Certificate {
+ var Certificate cert_decoded;
+ cert_decoded := dec_Certificate(cert_s_sm_dpauth_brp);
+ return cert_decoded;
+}
+template (value) Certificate ts_cert_s_sm_dpauth_brp := f_ts_cert_s_sm_dpauth_brp();
+
+/* Test certificate:
+SGP.26_v1.2_files/Valid test cases/SM-DP+/DPauth/CERT_S_SM_DP2auth_ECDSA_NIST.der
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 200 (0xc8)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN = GSMA Test CI, OU = TESTCERT, O = RSPTEST, C = IT
+ Validity
+ Not Before: Aug 21 14:19:48 2017 GMT
+ Not After : Aug 20 14:19:48 2020 GMT
+ Subject: O = ACME, CN = "TEST SM-DP+2"
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (256 bit)
+ pub:
+ 04:2b:2e:9b:45:d3:51:c0:9a:f4:0e:91:43:83:a1:
+ 90:38:47:f2:60:7d:e6:0e:f7:ab:25:c4:0e:03:f8:
+ db:b6:50:8e:14:57:50:8c:2b:e0:01:73:47:ec:fa:
+ 1b:f9:f7:75:e7:d0:7e:80:5e:52:e1:98:8b:7b:58:
+ 5a:71:11:ae:33
+ ASN1 OID: prime256v1
+ NIST CURVE: P-256
+ X509v3 extensions:
+ X509v3 Authority Key Identifier:
+ keyid:F5:41:72:BD:F9:8A:95:D6:5C:BE:B8:8A:38:A1:C1:1D:80:0A:85:C3
+
+ X509v3 Subject Key Identifier:
+ 95:9E:F7:E6:50:C1:BE:21:6A:39:19:74:27:6D:26:B8:A9:35:61:71
+ X509v3 Subject Alternative Name:
+ Registered ID:2.999.12
+ X509v3 Key Usage: critical
+ Digital Signature
+ X509v3 Certificate Policies: critical
+ Policy: 2.23.146.1.2.1.4
+
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-A.crl
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-B.crl
+
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:46:02:21:00:c0:a5:cd:d1:0f:25:29:a9:f1:86:6d:93:21:
+ 65:91:ce:7a:8a:29:54:6d:1f:aa:2f:99:c2:4e:a6:52:23:35:
+ 98:02:21:00:85:92:01:17:04:fe:ab:d5:a6:af:fc:40:10:96:
+ 39:99:08:3f:5b:3e:94:60:05:a3:f1:b0:cb:81:a6:6b:b9:3c
+*/
+const octetstring cert_s_sm_dp2auth_nist :=
+'3082023a308201dfa003020102020200c8300a06082a8648ce3d04030230
+493115301306035504030c0c47534d4120546573742043493111300f0603
+55040b0c0854455354434552543110300e060355040a0c07525350544553
+54310b3009060355040613024954301e170d313730383231313431393438
+5a170d3230303832303134313934385a3026310d300b060355040a0c0441
+434d453115301306035504030c0c5445535420534d2d44502b3230593013
+06072a8648ce3d020106082a8648ce3d030107034200042b2e9b45d351c0
+9af40e914383a1903847f2607de60ef7ab25c40e03f8dbb6508e1457508c
+2be0017347ecfa1bf9f775e7d07e805e52e1988b7b585a7111ae33a381d9
+3081d6301f0603551d23041830168014f54172bdf98a95d65cbeb88a38a1
+c11d800a85c3301d0603551d0e04160414959ef7e650c1be216a39197427
+6d26b8a9356171300e0603551d1104073005880388370c300e0603551d0f
+0101ff04040302078030170603551d200101ff040d300b30090607678112
+01020104305b0603551d1f045430523027a025a0238621687474703a2f2f
+63692e746573742e67736d612e636f6d2f43524c2d412e63726c3027a025
+a0238621687474703a2f2f63692e746573742e67736d612e636f6d2f4352
+4c2d422e63726c300a06082a8648ce3d0403020349003046022100c0a5cd
+d10f2529a9f1866d93216591ce7a8a29546d1faa2f99c24ea65223359802
+21008592011704feabd5a6affc4010963999083f5b3e946005a3f1b0cb81
+a66bb93c'O;
+function f_ts_cert_s_sm_dp2auth_nist() return Certificate {
+ var Certificate cert_decoded;
+ cert_decoded := dec_Certificate(cert_s_sm_dp2auth_nist);
+ return cert_decoded;
+}
+template (value) Certificate ts_cert_s_sm_dp2auth_nist := f_ts_cert_s_sm_dp2auth_nist();
+
+/* Test certificate:
+SGP.26_v1.2_files/Valid test cases/SM-DP+/DPauth/CERT_S_SM_DP2auth_ECDSA_BRP.der
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 200 (0xc8)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN = GSMA Test CI, OU = TESTCERT, O = RSPTEST, C = IT
+ Validity
+ Not Before: Aug 21 14:27:16 2017 GMT
+ Not After : Aug 20 14:27:16 2020 GMT
+ Subject: O = ACME, CN = "TEST SM-DP+2"
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (256 bit)
+ pub:
+ 04:2e:ee:07:c9:6d:00:5b:e5:19:5f:79:ad:1d:ad:
+ cd:1d:37:8c:a3:09:5e:44:f7:2e:ea:41:0f:08:c7:
+ 56:12:2c:90:63:c9:65:b7:fc:85:29:c0:ca:4e:9b:
+ 4f:65:96:9c:28:3c:65:63:64:57:87:71:18:f6:d1:
+ 17:2d:6a:23:65
+ ASN1 OID: brainpoolP256r1
+ X509v3 extensions:
+ X509v3 Authority Key Identifier:
+ keyid:C0:BC:70:BA:36:92:9D:43:B4:67:FF:57:57:05:30:E5:7A:B8:FC:D8
+
+ X509v3 Subject Key Identifier:
+ D7:0E:FD:05:7B:AC:1F:7C:55:EA:5D:8C:26:BE:16:02:92:84:5B:AF
+ X509v3 Subject Alternative Name:
+ Registered ID:2.999.12
+ X509v3 Key Usage: critical
+ Digital Signature
+ X509v3 Certificate Policies: critical
+ Policy: 2.23.146.1.2.1.4
+
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-A.crl
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-B.crl
+
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:44:02:20:4b:32:a5:c9:ee:05:f2:9f:d4:4a:08:6f:f0:4a:
+ 10:9a:88:d6:e5:84:80:39:a5:16:ee:c7:8c:a4:ac:f0:c5:b3:
+ 02:20:52:9e:46:fa:10:9d:13:05:40:ba:d6:2a:46:fc:85:c3:
+ 95:b2:c4:cb:9e:8c:f1:50:79:d4:9a:9d:a5:37:df:e0
+*/
+const octetstring cert_s_sm_dp2auth_brp :=
+'30820239308201e0a003020102020200c8300a06082a8648ce3d04030230
+493115301306035504030c0c47534d4120546573742043493111300f0603
+55040b0c0854455354434552543110300e060355040a0c07525350544553
+54310b3009060355040613024954301e170d313730383231313432373136
+5a170d3230303832303134323731365a3026310d300b060355040a0c0441
+434d453115301306035504030c0c5445535420534d2d44502b32305a3014
+06072a8648ce3d020106092b2403030208010107034200042eee07c96d00
+5be5195f79ad1dadcd1d378ca3095e44f72eea410f08c756122c9063c965
+b7fc8529c0ca4e9b4f65969c283c65636457877118f6d1172d6a2365a381
+d93081d6301f0603551d23041830168014c0bc70ba36929d43b467ff5757
+0530e57ab8fcd8301d0603551d0e04160414d70efd057bac1f7c55ea5d8c
+26be160292845baf300e0603551d1104073005880388370c300e0603551d
+0f0101ff04040302078030170603551d200101ff040d300b300906076781
+1201020104305b0603551d1f045430523027a025a0238621687474703a2f
+2f63692e746573742e67736d612e636f6d2f43524c2d412e63726c3027a0
+25a0238621687474703a2f2f63692e746573742e67736d612e636f6d2f43
+524c2d422e63726c300a06082a8648ce3d040302034700304402204b32a5
+c9ee05f29fd44a086ff04a109a88d6e5848039a516eec78ca4acf0c5b302
+20529e46fa109d130540bad62a46fc85c395b2c4cb9e8cf15079d49a9da5
+37dfe0'O;
+function f_ts_cert_s_sm_dp2auth_brp() return Certificate {
+ var Certificate cert_decoded;
+ cert_decoded := dec_Certificate(cert_s_sm_dp2auth_brp);
+ return cert_decoded;
+}
+template (value) Certificate ts_cert_s_sm_dp2auth_brp := f_ts_cert_s_sm_dp2auth_brp();
+
+/* Test certificate:
+SGP.26_v1.2_files/Valid test cases/SM-DP+/DPpb/CERT_S_SM_DPpb_ECDSA_NIST.der
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 101 (0x65)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN = GSMA Test CI, OU = TESTCERT, O = RSPTEST, C = IT
+ Validity
+ Not Before: Feb 1 13:38:57 2017 GMT
+ Not After : Feb 1 13:38:57 2020 GMT
+ Subject: O = ACME, CN = "TEST SM-DP+"
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (256 bit)
+ pub:
+ 04:10:4c:2a:e3:d0:2d:ef:9c:97:92:61:a7:c6:71:
+ 00:76:b9:70:72:1d:09:55:a2:64:4a:e0:5f:ae:4b:
+ c2:31:4e:5d:c0:9f:6b:f0:11:80:26:16:53:42:e2:
+ 12:31:87:75:e3:65:f3:b5:73:25:37:30:66:b9:90:
+ 6e:0b:d1:38:8d
+ ASN1 OID: prime256v1
+ NIST CURVE: P-256
+ X509v3 extensions:
+ X509v3 Authority Key Identifier:
+ keyid:F5:41:72:BD:F9:8A:95:D6:5C:BE:B8:8A:38:A1:C1:1D:80:0A:85:C3
+
+ X509v3 Subject Key Identifier:
+ E6:EA:F7:1E:E0:FB:94:30:EC:CD:1E:BB:42:1F:88:14:37:C1:32:63
+ X509v3 Subject Alternative Name:
+ Registered ID:2.999.10
+ X509v3 Key Usage: critical
+ Digital Signature
+ X509v3 Certificate Policies: critical
+ Policy: 2.23.146.1.2.1.5
+
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-A.crl
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-B.crl
+
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:43:02:1f:1d:c0:8e:8b:98:1f:4c:77:0c:e9:06:01:c5:2b:
+ 2a:28:e2:21:65:4b:d0:ba:a3:78:34:80:92:27:52:bf:f4:02:
+ 20:64:23:83:9e:85:e8:93:6f:7a:18:b2:b4:b8:5f:99:8c:4f:
+ 38:a8:db:9b:88:8c:23:e2:99:7c:9e:a5:af:6e:94
+*/
+const octetstring cert_s_sm_dppb_nist :=
+'30820235308201dda003020102020165300a06082a8648ce3d0403023049
+3115301306035504030c0c47534d4120546573742043493111300f060355
+040b0c0854455354434552543110300e060355040a0c0752535054455354
+310b3009060355040613024954301e170d3137303230313133333835375a
+170d3230303230313133333835375a3025310d300b060355040a0c044143
+4d453114301206035504030c0b5445535420534d2d44502b305930130607
+2a8648ce3d020106082a8648ce3d03010703420004104c2ae3d02def9c97
+9261a7c6710076b970721d0955a2644ae05fae4bc2314e5dc09f6bf01180
+26165342e212318775e365f3b57325373066b9906e0bd1388da381d93081
+d6301f0603551d23041830168014f54172bdf98a95d65cbeb88a38a1c11d
+800a85c3301d0603551d0e04160414e6eaf71ee0fb9430eccd1ebb421f88
+1437c13263300e0603551d1104073005880388370a300e0603551d0f0101
+ff04040302078030170603551d200101ff040d300b300906076781120102
+0105305b0603551d1f045430523027a025a0238621687474703a2f2f6369
+2e746573742e67736d612e636f6d2f43524c2d412e63726c3027a025a023
+8621687474703a2f2f63692e746573742e67736d612e636f6d2f43524c2d
+422e63726c300a06082a8648ce3d0403020346003043021f1dc08e8b981f
+4c770ce90601c52b2a28e221654bd0baa3783480922752bff40220642383
+9e85e8936f7a18b2b4b85f998c4f38a8db9b888c23e2997c9ea5af6e94'O;
+function f_ts_cert_s_sm_dppb_nist() return Certificate {
+ var Certificate cert_decoded;
+ cert_decoded := dec_Certificate(cert_s_sm_dppb_nist);
+ return cert_decoded;
+}
+template (value) Certificate ts_cert_s_sm_dppb_nist := f_ts_cert_s_sm_dppb_nist();
+
+/* Test certificate:
+SGP.26_v1.2_files/Valid test cases/SM-DP+/DPpb/CERT_S_SM_DPpb_ECDSA_BRP.der
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 101 (0x65)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN = GSMA Test CI, OU = TESTCERT, O = RSPTEST, C = IT
+ Validity
+ Not Before: Apr 26 15:20:13 2017 GMT
+ Not After : Apr 25 15:20:13 2020 GMT
+ Subject: O = ACME, CN = "TEST SM-DP+"
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (256 bit)
+ pub:
+ 04:89:32:53:ec:c9:4c:51:df:4f:ee:6e:0d:b0:95:
+ 1c:fc:65:62:74:81:b5:41:8e:55:70:69:f4:87:fa:
+ a1:54:66:a5:cb:8e:10:cc:2b:38:09:9c:f2:a9:29:
+ f7:f8:2d:ac:06:51:26:b7:1d:06:40:96:1d:b7:f9:
+ 1a:49:e9:56:12
+ ASN1 OID: brainpoolP256r1
+ X509v3 extensions:
+ X509v3 Authority Key Identifier:
+ keyid:C0:BC:70:BA:36:92:9D:43:B4:67:FF:57:57:05:30:E5:7A:B8:FC:D8
+
+ X509v3 Subject Key Identifier:
+ A8:C6:8D:F4:49:EB:71:EC:72:3E:AC:13:2E:40:E4:B6:F5:46:44:FE
+ X509v3 Subject Alternative Name:
+ Registered ID:2.999.10
+ X509v3 Key Usage: critical
+ Digital Signature
+ X509v3 Certificate Policies: critical
+ Policy: 2.23.146.1.2.1.5
+
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-A.crl
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-B.crl
+
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:44:02:20:5f:33:63:c1:01:b4:db:d0:2a:61:3c:8a:ca:32:
+ df:4f:2f:51:4c:21:73:e8:93:6e:9b:ff:af:02:a1:f5:e2:56:
+ 02:20:01:c0:99:36:19:43:29:65:fe:5a:87:a0:38:ae:91:bf:
+ 02:45:07:06:a3:2c:4b:13:07:af:4b:e8:ec:41:68:1d
+*/
+const octetstring cert_s_sm_dppb_brp :=
+'30820237308201dea003020102020165300a06082a8648ce3d0403023049
+3115301306035504030c0c47534d4120546573742043493111300f060355
+040b0c0854455354434552543110300e060355040a0c0752535054455354
+310b3009060355040613024954301e170d3137303432363135323031335a
+170d3230303432353135323031335a3025310d300b060355040a0c044143
+4d453114301206035504030c0b5445535420534d2d44502b305a30140607
+2a8648ce3d020106092b240303020801010703420004893253ecc94c51df
+4fee6e0db0951cfc65627481b5418e557069f487faa15466a5cb8e10cc2b
+38099cf2a929f7f82dac065126b71d0640961db7f91a49e95612a381d930
+81d6301f0603551d23041830168014c0bc70ba36929d43b467ff57570530
+e57ab8fcd8301d0603551d0e04160414a8c68df449eb71ec723eac132e40
+e4b6f54644fe300e0603551d1104073005880388370a300e0603551d0f01
+01ff04040302078030170603551d200101ff040d300b3009060767811201
+020105305b0603551d1f045430523027a025a0238621687474703a2f2f63
+692e746573742e67736d612e636f6d2f43524c2d412e63726c3027a025a0
+238621687474703a2f2f63692e746573742e67736d612e636f6d2f43524c
+2d422e63726c300a06082a8648ce3d040302034700304402205f3363c101
+b4dbd02a613c8aca32df4f2f514c2173e8936e9bffaf02a1f5e256022001
+c0993619432965fe5a87a038ae91bf02450706a32c4b1307af4be8ec4168
+1d'O;
+function f_ts_cert_s_sm_dppb_brp() return Certificate {
+ var Certificate cert_decoded;
+ cert_decoded := dec_Certificate(cert_s_sm_dppb_brp);
+ return cert_decoded;
+}
+template (value) Certificate ts_cert_s_sm_dppb_brp := f_ts_cert_s_sm_dppb_brp();
+
+/* Test certificate:
+SGP.26_v1.2_files/Valid test cases/SM-DP+/DPpb/CERT_S_SM_DP2pb_ECDSA_NIST.der
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 201 (0xc9)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN = GSMA Test CI, OU = TESTCERT, O = RSPTEST, C = IT
+ Validity
+ Not Before: Aug 21 14:23:52 2017 GMT
+ Not After : Aug 20 14:23:52 2020 GMT
+ Subject: O = ACME, CN = "TEST SM-DP+2"
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (256 bit)
+ pub:
+ 04:3e:2d:75:a1:06:22:12:16:c2:ae:e8:fa:d5:84:
+ f7:79:63:3c:f9:44:68:1b:5e:c7:5a:96:65:3f:5f:
+ 40:1c:47:6a:e3:9d:54:6c:03:2d:32:d0:07:0a:7b:
+ 86:e5:dc:eb:aa:dd:f3:1c:a5:c2:76:6c:19:6b:d7:
+ 9b:c2:1a:01:80
+ ASN1 OID: prime256v1
+ NIST CURVE: P-256
+ X509v3 extensions:
+ X509v3 Authority Key Identifier:
+ keyid:F5:41:72:BD:F9:8A:95:D6:5C:BE:B8:8A:38:A1:C1:1D:80:0A:85:C3
+
+ X509v3 Subject Key Identifier:
+ 20:A3:A8:30:E9:2E:E7:A4:68:C5:EB:27:BA:8D:F1:84:59:AD:FD:D7
+ X509v3 Subject Alternative Name:
+ Registered ID:2.999.12
+ X509v3 Key Usage: critical
+ Digital Signature
+ X509v3 Certificate Policies: critical
+ Policy: 2.23.146.1.2.1.5
+
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-A.crl
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-B.crl
+
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:45:02:20:17:81:a1:df:74:e8:c6:60:88:67:17:b7:6c:fd:
+ ce:a0:2d:f7:b2:85:5a:5b:6c:5e:a9:cc:8d:ec:97:4c:e1:9b:
+ 02:21:00:ca:a8:9b:fb:af:26:13:02:1b:8f:7c:2c:63:59:44:
+ b3:5b:14:38:c0:09:e6:81:dc:e6:7a:58:b3:97:b8:f4:c1
+*/
+const octetstring cert_s_sm_dp2pb_nist :=
+'30820239308201dfa003020102020200c9300a06082a8648ce3d04030230
+493115301306035504030c0c47534d4120546573742043493111300f0603
+55040b0c0854455354434552543110300e060355040a0c07525350544553
+54310b3009060355040613024954301e170d313730383231313432333532
+5a170d3230303832303134323335325a3026310d300b060355040a0c0441
+434d453115301306035504030c0c5445535420534d2d44502b3230593013
+06072a8648ce3d020106082a8648ce3d030107034200043e2d75a1062212
+16c2aee8fad584f779633cf944681b5ec75a96653f5f401c476ae39d546c
+032d32d0070a7b86e5dcebaaddf31ca5c2766c196bd79bc21a0180a381d9
+3081d6301f0603551d23041830168014f54172bdf98a95d65cbeb88a38a1
+c11d800a85c3301d0603551d0e0416041420a3a830e92ee7a468c5eb27ba
+8df18459adfdd7300e0603551d1104073005880388370c300e0603551d0f
+0101ff04040302078030170603551d200101ff040d300b30090607678112
+01020105305b0603551d1f045430523027a025a0238621687474703a2f2f
+63692e746573742e67736d612e636f6d2f43524c2d412e63726c3027a025
+a0238621687474703a2f2f63692e746573742e67736d612e636f6d2f4352
+4c2d422e63726c300a06082a8648ce3d040302034800304502201781a1df
+74e8c660886717b76cfdcea02df7b2855a5b6c5ea9cc8dec974ce19b0221
+00caa89bfbaf2613021b8f7c2c635944b35b1438c009e681dce67a58b397
+b8f4c1'O
+function f_ts_cert_s_sm_dp2pb_nist() return Certificate {
+ var Certificate cert_decoded;
+ cert_decoded := dec_Certificate(cert_s_sm_dp2pb_nist);
+ return cert_decoded;
+}
+template (value) Certificate ts_cert_s_sm_dp2pb_nist := f_ts_cert_s_sm_dp2pb_nist();
+
+/* Test certificate:
+SGP.26_v1.2_files/Valid test cases/SM-DP+/DPpb/CERT_S_SM_DP2pb_ECDSA_BRP.der
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 201 (0xc9)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN = GSMA Test CI, OU = TESTCERT, O = RSPTEST, C = IT
+ Validity
+ Not Before: Aug 21 14:31:07 2017 GMT
+ Not After : Aug 20 14:31:07 2020 GMT
+ Subject: O = ACME, CN = "TEST SM-DP+2"
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (256 bit)
+ pub:
+ 04:73:61:85:5e:59:02:64:b2:52:c7:1a:60:62:a0:
+ 21:e2:7b:46:f7:60:b8:13:82:06:a7:f7:44:20:ef:
+ 8b:c5:5a:8b:98:8d:16:58:f9:d7:0d:3a:2d:84:80:
+ aa:df:64:e6:2c:4d:71:27:de:5a:0a:2b:91:7a:94:
+ 3f:44:74:aa:dd
+ ASN1 OID: brainpoolP256r1
+ X509v3 extensions:
+ X509v3 Authority Key Identifier:
+ keyid:C0:BC:70:BA:36:92:9D:43:B4:67:FF:57:57:05:30:E5:7A:B8:FC:D8
+
+ X509v3 Subject Key Identifier:
+ 31:03:8A:55:B6:BE:CF:6C:EA:59:DE:2F:DA:14:F4:32:7F:B8:B6:A9
+ X509v3 Subject Alternative Name:
+ Registered ID:2.999.12
+ X509v3 Key Usage: critical
+ Digital Signature
+ X509v3 Certificate Policies: critical
+ Policy: 2.23.146.1.2.1.5
+
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-A.crl
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-B.crl
+
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:44:02:20:0b:2f:51:21:0c:e1:39:f1:80:69:54:a2:74:7b:
+ 18:bd:7b:39:0b:25:0c:4a:12:ae:8d:d2:1e:43:42:0e:3c:73:
+ 02:20:7b:e1:51:0d:c0:52:93:9e:c1:77:4e:3a:cd:d8:78:8d:
+ e9:47:49:fd:81:9a:28:6c:8d:c6:81:3a:45:64:9b:b4
+*/
+const octetstring cert_s_sm_dp2pb_brp :=
+'30820239308201e0a003020102020200c9300a06082a8648ce3d04030230
+493115301306035504030c0c47534d4120546573742043493111300f0603
+55040b0c0854455354434552543110300e060355040a0c07525350544553
+54310b3009060355040613024954301e170d313730383231313433313037
+5a170d3230303832303134333130375a3026310d300b060355040a0c0441
+434d453115301306035504030c0c5445535420534d2d44502b32305a3014
+06072a8648ce3d020106092b2403030208010107034200047361855e5902
+64b252c71a6062a021e27b46f760b8138206a7f74420ef8bc55a8b988d16
+58f9d70d3a2d8480aadf64e62c4d7127de5a0a2b917a943f4474aadda381
+d93081d6301f0603551d23041830168014c0bc70ba36929d43b467ff5757
+0530e57ab8fcd8301d0603551d0e0416041431038a55b6becf6cea59de2f
+da14f4327fb8b6a9300e0603551d1104073005880388370c300e0603551d
+0f0101ff04040302078030170603551d200101ff040d300b300906076781
+1201020105305b0603551d1f045430523027a025a0238621687474703a2f
+2f63692e746573742e67736d612e636f6d2f43524c2d412e63726c3027a0
+25a0238621687474703a2f2f63692e746573742e67736d612e636f6d2f43
+524c2d422e63726c300a06082a8648ce3d040302034700304402200b2f51
+210ce139f1806954a2747b18bd7b390b250c4a12ae8dd21e43420e3c7302
+207be1510dc052939ec1774e3acdd8788de94749fd819a286c8dc6813a45
+649bb4'O;
+function f_ts_cert_s_sm_dp2pb_brp() return Certificate {
+ var Certificate cert_decoded;
+ cert_decoded := dec_Certificate(cert_s_sm_dp2pb_brp);
+ return cert_decoded;
+}
+template (value) Certificate ts_cert_s_sm_dp2pb_brp := f_ts_cert_s_sm_dp2pb_brp();
+
+/* Test certificate:
+SGP.26_v1.2_files/Valid test cases/SM-DP+/DPtls/CERT_S_SM_DP2_TLS.der
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 153 (0x99)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN = GSMA Test CI, OU = TESTCERT, O = RSPTEST, C = IT
+ Validity
+ Not Before: Sep 1 11:26:44 2017 GMT
+ Not After : Aug 31 11:26:44 2020 GMT
+ Subject: O = ACME, CN = testsmdpplus2.gsma.com
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (256 bit)
+ pub:
+ 04:1a:d9:00:0c:75:4e:37:61:3e:75:0f:b7:bf:73:
+ 42:fe:d5:0b:c0:72:52:ed:84:65:6b:45:d6:f7:08:
+ 78:95:08:a9:ff:e0:96:17:23:af:11:ef:c8:dd:a6:
+ 9a:69:f2:b5:18:8b:b3:12:13:82:0a:b2:dd:1e:f5:
+ 80:2e:8f:d4:b6
+ ASN1 OID: prime256v1
+ NIST CURVE: P-256
+ X509v3 extensions:
+ X509v3 Key Usage: critical
+ Digital Signature
+ X509v3 Extended Key Usage: critical
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Certificate Policies:
+ Policy: 2.23.146.1.2.1.3
+
+ X509v3 Subject Key Identifier:
+ 9F:5F:6B:0C:E7:00:32:25:2D:CE:10:D3:49:A6:55:18:1B:85:3E:CE
+ X509v3 Authority Key Identifier:
+ keyid:F5:41:72:BD:F9:8A:95:D6:5C:BE:B8:8A:38:A1:C1:1D:80:0A:85:C3
+
+ X509v3 Subject Alternative Name:
+ DNS:testsmdpplus2.gsma.com, Registered ID:2.999.12
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-A.crl
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-B.crl
+
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:45:02:21:00:94:1a:fc:27:73:40:ce:05:d5:d4:1b:49:90:
+ d9:c5:d7:02:6c:7e:a7:3b:7a:07:0f:30:ad:69:b1:78:a3:e9:
+ 65:02:20:28:59:fb:74:a0:6f:d1:36:c3:9f:94:14:16:23:e3:
+ b5:88:ae:ef:d8:42:6d:2c:0b:df:51:3d:fe:58:7a:ac:31
+*/
+const octetstring cert_s_sm_dp2_tls :=
+'3082027c30820222a00302010202020099300a06082a8648ce3d04030230
+493115301306035504030c0c47534d4120546573742043493111300f0603
+55040b0c0854455354434552543110300e060355040a0c07525350544553
+54310b3009060355040613024954301e170d313730393031313132363434
+5a170d3230303833313131323634345a3030310d300b060355040a0c0441
+434d45311f301d06035504030c1674657374736d6470706c7573322e6773
+6d612e636f6d3059301306072a8648ce3d020106082a8648ce3d03010703
+4200041ad9000c754e37613e750fb7bf7342fed50bc07252ed84656b45d6
+f708789508a9ffe0961723af11efc8dda69a69f2b5188bb31213820ab2dd
+1ef5802e8fd4b6a38201113082010d300e0603551d0f0101ff0404030207
+8030200603551d250101ff0416301406082b0601050507030106082b0601
+050507030230140603551d20040d300b3009060767811201020103301d06
+03551d0e041604149f5f6b0ce70032252dce10d349a655181b853ece301f
+0603551d23041830168014f54172bdf98a95d65cbeb88a38a1c11d800a85
+c330260603551d11041f301d821674657374736d6470706c7573322e6773
+6d612e636f6d880388370c305b0603551d1f045430523027a025a0238621
+687474703a2f2f63692e746573742e67736d612e636f6d2f43524c2d412e
+63726c3027a025a0238621687474703a2f2f63692e746573742e67736d61
+2e636f6d2f43524c2d422e63726c300a06082a8648ce3d04030203480030
+45022100941afc277340ce05d5d41b4990d9c5d7026c7ea73b7a070f30ad
+69b178a3e96502202859fb74a06fd136c39f94141623e3b588aeefd8426d
+2c0bdf513dfe587aac31'O;
+function f_ts_cert_s_sm_dp2_tls() return Certificate {
+ var Certificate cert_decoded;
+ cert_decoded := dec_Certificate(cert_s_sm_dp2_tls);
+ return cert_decoded;
+}
+template (value) Certificate ts_cert_s_sm_dp2_tls := f_ts_cert_s_sm_dp2_tls();
+
+/* Test certificate:
+SGP.26_v1.2_files/Valid test cases/SM-DP+/DPtls/CERT_S_SM_DP4_TLS.der
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 2452 (0x994)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN = GSMA Test CI, OU = TESTCERT, O = RSPTEST, C = IT
+ Validity
+ Not Before: Dec 5 13:32:17 2017 GMT
+ Not After : Dec 4 13:32:17 2020 GMT
+ Subject: O = ACME, CN = testsmdpplus4.gsma.com
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (256 bit)
+ pub:
+ 04:3a:db:e8:4d:23:a8:1a:f6:3b:a2:d8:99:83:6c:
+ bb:68:a7:62:56:b3:0d:70:26:30:3d:c3:6b:c1:5d:
+ f6:11:36:c4:fb:e7:02:01:b4:c5:a6:6e:3d:ac:6b:
+ 2b:3b:95:7a:99:bb:4e:74:10:03:e8:bf:74:2f:08:
+ 13:02:aa:7d:a6
+ ASN1 OID: prime256v1
+ NIST CURVE: P-256
+ X509v3 extensions:
+ X509v3 Key Usage: critical
+ Digital Signature
+ X509v3 Extended Key Usage: critical
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Certificate Policies:
+ Policy: 2.23.146.1.2.1.3
+
+ X509v3 Subject Key Identifier:
+ 13:0F:3D:7B:B3:B0:65:AD:3C:58:78:76:BC:BB:6B:84:FD:49:7A:AB
+ X509v3 Authority Key Identifier:
+ keyid:F5:41:72:BD:F9:8A:95:D6:5C:BE:B8:8A:38:A1:C1:1D:80:0A:85:C3
+
+ X509v3 Subject Alternative Name:
+ DNS:testsmdpplus4.gsma.com, Registered ID:2.999.14
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-A.crl
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-B.crl
+
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:44:02:20:6e:eb:6d:9e:59:01:39:c4:9a:2c:9b:d5:05:6e:
+ c9:a6:f6:03:73:29:62:da:e3:6e:d1:de:6d:fe:c1:31:95:8f:
+ 02:20:39:5c:3b:44:d5:de:84:73:ce:be:82:3d:33:5f:b4:fe:
+ 5b:2c:7f:47:3d:e6:5e:70:4a:ae:66:2a:6c:af:ec:5c
+*/
+const octetstring cert_s_sm_dp4_tls :=
+'3082027b30820222a00302010202020994300a06082a8648ce3d04030230
+493115301306035504030c0c47534d4120546573742043493111300f0603
+55040b0c0854455354434552543110300e060355040a0c07525350544553
+54310b3009060355040613024954301e170d313731323035313333323137
+5a170d3230313230343133333231375a3030310d300b060355040a0c0441
+434d45311f301d06035504030c1674657374736d6470706c7573342e6773
+6d612e636f6d3059301306072a8648ce3d020106082a8648ce3d03010703
+4200043adbe84d23a81af63ba2d899836cbb68a76256b30d7026303dc36b
+c15df61136c4fbe70201b4c5a66e3dac6b2b3b957a99bb4e741003e8bf74
+2f081302aa7da6a38201113082010d300e0603551d0f0101ff0404030207
+8030200603551d250101ff0416301406082b0601050507030106082b0601
+050507030230140603551d20040d300b3009060767811201020103301d06
+03551d0e04160414130f3d7bb3b065ad3c587876bcbb6b84fd497aab301f
+0603551d23041830168014f54172bdf98a95d65cbeb88a38a1c11d800a85
+c330260603551d11041f301d821674657374736d6470706c7573342e6773
+6d612e636f6d880388370e305b0603551d1f045430523027a025a0238621
+687474703a2f2f63692e746573742e67736d612e636f6d2f43524c2d412e
+63726c3027a025a0238621687474703a2f2f63692e746573742e67736d61
+2e636f6d2f43524c2d422e63726c300a06082a8648ce3d04030203470030
+4402206eeb6d9e590139c49a2c9bd5056ec9a6f603732962dae36ed1de6d
+fec131958f0220395c3b44d5de8473cebe823d335fb4fe5b2c7f473de65e
+704aae662a6cafec5c'O;
+function f_ts_cert_s_sm_dp4_tls() return Certificate {
+ var Certificate cert_decoded;
+ cert_decoded := dec_Certificate(cert_s_sm_dp4_tls);
+ return cert_decoded;
+}
+template (value) Certificate ts_cert_s_sm_dp4_tls := f_ts_cert_s_sm_dp4_tls();
+
+/* Test certificate:
+SGP.26_v1.2_files/Valid test cases/SM-DP+/DPtls/CERT_S_SM_DP8_TLS.der
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 2456 (0x998)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN = GSMA Test CI, OU = TESTCERT, O = RSPTEST, C = IT
+ Validity
+ Not Before: Dec 5 13:37:06 2017 GMT
+ Not After : Dec 4 13:37:06 2020 GMT
+ Subject: O = ACME, CN = testsmdpplus8.gsma.com
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (256 bit)
+ pub:
+ 04:ce:41:31:18:fa:64:99:6e:d8:b2:9b:fc:ac:85:
+ 33:83:e6:5d:3f:22:a1:99:e7:96:6b:f4:06:9a:69:
+ 58:39:2b:e5:39:d0:00:ea:51:a5:48:8b:10:87:d6:
+ eb:47:c0:01:84:6d:1e:68:7e:c4:90:e8:1a:80:96:
+ 49:42:0c:52:6b
+ ASN1 OID: prime256v1
+ NIST CURVE: P-256
+ X509v3 extensions:
+ X509v3 Key Usage: critical
+ Digital Signature
+ X509v3 Extended Key Usage: critical
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Certificate Policies:
+ Policy: 2.23.146.1.2.1.3
+
+ X509v3 Subject Key Identifier:
+ B8:7E:0A:73:F2:44:D5:99:4C:28:61:E6:EA:6E:30:70:D6:34:2A:53
+ X509v3 Authority Key Identifier:
+ keyid:F5:41:72:BD:F9:8A:95:D6:5C:BE:B8:8A:38:A1:C1:1D:80:0A:85:C3
+
+ X509v3 Subject Alternative Name:
+ DNS:testsmdpplus8.gsma.com, Registered ID:2.999.18
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-A.crl
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-B.crl
+
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:45:02:21:00:c1:74:e5:e3:ad:32:a9:6c:26:14:29:de:cd:
+ c3:09:e5:fe:8a:c1:9d:be:e2:54:73:94:e1:43:be:84:f0:33:
+ 4a:02:20:55:c4:13:42:f8:b4:f1:d2:2f:0f:31:20:3f:fe:27:
+ 75:69:6a:0c:72:89:86:7e:66:35:2a:03:ae:e2:b8:71:3c
+*/
+const octetstring cert_s_sm_dp8_tls :=
+'3082027c30820222a00302010202020998300a06082a8648ce3d04030230
+493115301306035504030c0c47534d4120546573742043493111300f0603
+55040b0c0854455354434552543110300e060355040a0c07525350544553
+54310b3009060355040613024954301e170d313731323035313333373036
+5a170d3230313230343133333730365a3030310d300b060355040a0c0441
+434d45311f301d06035504030c1674657374736d6470706c7573382e6773
+6d612e636f6d3059301306072a8648ce3d020106082a8648ce3d03010703
+420004ce413118fa64996ed8b29bfcac853383e65d3f22a199e7966bf406
+9a6958392be539d000ea51a5488b1087d6eb47c001846d1e687ec490e81a
+809649420c526ba38201113082010d300e0603551d0f0101ff0404030207
+8030200603551d250101ff0416301406082b0601050507030106082b0601
+050507030230140603551d20040d300b3009060767811201020103301d06
+03551d0e04160414b87e0a73f244d5994c2861e6ea6e3070d6342a53301f
+0603551d23041830168014f54172bdf98a95d65cbeb88a38a1c11d800a85
+c330260603551d11041f301d821674657374736d6470706c7573382e6773
+6d612e636f6d8803883712305b0603551d1f045430523027a025a0238621
+687474703a2f2f63692e746573742e67736d612e636f6d2f43524c2d412e
+63726c3027a025a0238621687474703a2f2f63692e746573742e67736d61
+2e636f6d2f43524c2d422e63726c300a06082a8648ce3d04030203480030
+45022100c174e5e3ad32a96c261429decdc309e5fe8ac19dbee2547394e1
+43be84f0334a022055c41342f8b4f1d22f0f31203ffe2775696a0c728986
+7e66352a03aee2b8713c'O;
+function f_ts_cert_s_sm_dp8_tls() return Certificate {
+ var Certificate cert_decoded;
+ cert_decoded := dec_Certificate(cert_s_sm_dp8_tls);
+ return cert_decoded;
+}
+template (value) Certificate ts_cert_s_sm_dp8_tls := f_ts_cert_s_sm_dp8_tls();
+
+/* Test certificate:
+SGP.26_v1.2_files/Valid test cases/SM-DP+/DPtls/CERT_S_SM_DP_TLS_NIST.der
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 9 (0x9)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN = GSMA Test CI, OU = TESTCERT, O = RSPTEST, C = IT
+ Validity
+ Not Before: Jun 29 12:21:14 2017 GMT
+ Not After : Jun 28 12:21:14 2020 GMT
+ Subject: O = ACME, CN = testsmdpplus1.gsma.com
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (256 bit)
+ pub:
+ 04:28:24:30:75:ce:8e:fd:1f:ae:67:68:39:40:7d:
+ b2:6e:4c:cb:43:70:94:62:1c:9b:39:61:33:f1:b2:
+ 4b:b5:01:b8:fe:4e:b2:4d:3e:0d:39:2f:25:3f:6f:
+ 1b:94:62:70:b3:ca:29:2e:34:db:6f:7a:87:b3:a5:
+ f6:ac:94:5f:08
+ ASN1 OID: prime256v1
+ NIST CURVE: P-256
+ X509v3 extensions:
+ X509v3 Key Usage: critical
+ Digital Signature
+ X509v3 Extended Key Usage: critical
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Certificate Policies:
+ Policy: 2.23.146.1.2.1.3
+
+ X509v3 Subject Key Identifier:
+ 27:FE:F1:F2:29:18:7E:C7:83:ED:F6:E0:29:64:A4:51:8D:57:D4:A9
+ X509v3 Authority Key Identifier:
+ keyid:F5:41:72:BD:F9:8A:95:D6:5C:BE:B8:8A:38:A1:C1:1D:80:0A:85:C3
+
+ X509v3 Subject Alternative Name:
+ DNS:testsmdpplus1.gsma.com, Registered ID:2.999.10
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-A.crl
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-B.crl
+
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:45:02:20:2a:68:cf:75:5a:8b:0b:87:c9:41:25:6b:4d:af:
+ 4b:f2:09:6d:01:c8:3f:27:2b:cc:ce:63:df:d5:cc:5a:39:e3:
+ 02:21:00:b0:f5:02:4b:9e:aa:15:26:28:ab:19:77:21:a1:d1:
+ a5:9e:05:c0:2e:20:83:79:15:8c:d4:74:4d:37:48:67:8a
+*/
+const octetstring cert_s_sm_dp_tls_nist :=
+'3082027b30820221a003020102020109300a06082a8648ce3d0403023049
+3115301306035504030c0c47534d4120546573742043493111300f060355
+040b0c0854455354434552543110300e060355040a0c0752535054455354
+310b3009060355040613024954301e170d3137303632393132323131345a
+170d3230303632383132323131345a3030310d300b060355040a0c044143
+4d45311f301d06035504030c1674657374736d6470706c7573312e67736d
+612e636f6d3059301306072a8648ce3d020106082a8648ce3d0301070342
+000428243075ce8efd1fae676839407db26e4ccb437094621c9b396133f1
+b24bb501b8fe4eb24d3e0d392f253f6f1b946270b3ca292e34db6f7a87b3
+a5f6ac945f08a38201113082010d300e0603551d0f0101ff040403020780
+30200603551d250101ff0416301406082b0601050507030106082b060105
+0507030230140603551d20040d300b3009060767811201020103301d0603
+551d0e0416041427fef1f229187ec783edf6e02964a4518d57d4a9301f06
+03551d23041830168014f54172bdf98a95d65cbeb88a38a1c11d800a85c3
+30260603551d11041f301d821674657374736d6470706c7573312e67736d
+612e636f6d880388370a305b0603551d1f045430523027a025a023862168
+7474703a2f2f63692e746573742e67736d612e636f6d2f43524c2d412e63
+726c3027a025a0238621687474703a2f2f63692e746573742e67736d612e
+636f6d2f43524c2d422e63726c300a06082a8648ce3d0403020348003045
+02202a68cf755a8b0b87c941256b4daf4bf2096d01c83f272bccce63dfd5
+cc5a39e3022100b0f5024b9eaa152628ab197721a1d1a59e05c02e208379
+158cd4744d3748678a'O;
+function f_ts_cert_s_sm_dp_tls_nist() return Certificate {
+ var Certificate cert_decoded;
+ cert_decoded := dec_Certificate(cert_s_sm_dp_tls_nist);
+ return cert_decoded;
+}
+template (value) Certificate ts_cert_s_sm_dp_tls_nist := f_ts_cert_s_sm_dp_tls_nist();
+
+/* Test certificate:
+SGP.26_v1.2_files/Valid test cases/SM-DP+/DPtls/CERT_S_SM_DP_TLS_BRP.der
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 9 (0x9)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN = GSMA Test CI, OU = TESTCERT, O = RSPTEST, C = IT
+ Validity
+ Not Before: Jul 6 13:49:28 2017 GMT
+ Not After : Jul 5 13:49:28 2020 GMT
+ Subject: O = ACME, CN = smdp-plus.test.gsma.com
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (256 bit)
+ pub:
+ 04:4c:22:cc:d8:2c:8d:02:21:f9:d8:54:3b:72:e1:
+ 07:bc:c9:fd:90:54:d6:6c:75:c0:eb:74:a7:bd:e7:
+ 30:e7:61:8e:f6:5b:27:0b:5e:82:e4:3a:79:6f:8d:
+ ee:0b:af:8a:fb:eb:8a:53:62:53:7a:02:fd:65:c7:
+ 9e:41:19:6b:b5
+ ASN1 OID: brainpoolP256r1
+ X509v3 extensions:
+ X509v3 Key Usage: critical
+ Digital Signature
+ X509v3 Extended Key Usage: critical
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Certificate Policies:
+ Policy: 2.23.146.1.2.1.3
+
+ X509v3 Subject Key Identifier:
+ 3D:33:09:83:F3:9F:CC:5B:D2:E4:AD:68:A6:19:A7:47:48:AE:8B:9D
+ X509v3 Authority Key Identifier:
+ keyid:C0:BC:70:BA:36:92:9D:43:B4:67:FF:57:57:05:30:E5:7A:B8:FC:D8
+
+ X509v3 Subject Alternative Name:
+ DNS:smdp-plus.test.gsma.com, Registered ID:2.999.10
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-A.crl
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-B.crl
+
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:44:02:20:4a:9c:78:38:89:c0:ef:f1:9d:68:c3:9f:67:d5:
+ b5:81:d3:c9:df:3e:1d:52:67:40:3a:e1:f1:ea:6f:1e:4c:d5:
+ 02:20:5a:9f:b1:a7:3b:5e:6f:1b:ac:a3:16:55:90:ec:56:c5:
+ 0a:91:25:ed:76:39:d6:c8:49:1c:a3:c8:3e:55:59:11
+*/
+const octetstring cert_s_sm_dp_tls_brp :=
+'3082027d30820224a003020102020109300a06082a8648ce3d0403023049
+3115301306035504030c0c47534d4120546573742043493111300f060355
+040b0c0854455354434552543110300e060355040a0c0752535054455354
+310b3009060355040613024954301e170d3137303730363133343932385a
+170d3230303730353133343932385a3031310d300b060355040a0c044143
+4d453120301e06035504030c17736d64702d706c75732e746573742e6773
+6d612e636f6d305a301406072a8648ce3d020106092b2403030208010107
+034200044c22ccd82c8d0221f9d8543b72e107bcc9fd9054d66c75c0eb74
+a7bde730e7618ef65b270b5e82e43a796f8dee0baf8afbeb8a5362537a02
+fd65c79e41196bb5a38201123082010e300e0603551d0f0101ff04040302
+078030200603551d250101ff0416301406082b0601050507030106082b06
+01050507030230140603551d20040d300b3009060767811201020103301d
+0603551d0e041604143d330983f39fcc5bd2e4ad68a619a74748ae8b9d30
+1f0603551d23041830168014c0bc70ba36929d43b467ff57570530e57ab8
+fcd830270603551d110420301e8217736d64702d706c75732e746573742e
+67736d612e636f6d880388370a305b0603551d1f045430523027a025a023
+8621687474703a2f2f63692e746573742e67736d612e636f6d2f43524c2d
+412e63726c3027a025a0238621687474703a2f2f63692e746573742e6773
+6d612e636f6d2f43524c2d422e63726c300a06082a8648ce3d0403020347
+00304402204a9c783889c0eff19d68c39f67d5b581d3c9df3e1d5267403a
+e1f1ea6f1e4cd502205a9fb1a73b5e6f1baca3165590ec56c50a9125ed76
+39d6c8491ca3c83e555911'O;
+function f_ts_cert_s_sm_dp_tls_brp() return Certificate {
+ var Certificate cert_decoded;
+ cert_decoded := dec_Certificate(cert_s_sm_dp_tls_brp);
+ return cert_decoded;
+}
+template (value) Certificate ts_cert_s_sm_dp_tls_brp := f_ts_cert_s_sm_dp_tls_brp();
+
+/* Test certificate:
+SGP.26_v1.2_files/Valid test cases/SM-DS/DSauth/CERT_S_SM_DSauth_ECDSA_NIST.der
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 7495 (0x1d47)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN = GSMA Test CI, OU = TESTCERT, O = RSPTEST, C = IT
+ Validity
+ Not Before: Jan 30 11:08:22 2017 GMT
+ Not After : Jan 30 11:08:22 2020 GMT
+ Subject: O = ACME, CN = TEST SM-DS
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (256 bit)
+ pub:
+ 04:37:fb:94:e3:a2:be:fe:76:3e:1a:77:4a:48:54:
+ 88:0f:10:6d:80:f9:36:84:5b:ad:2f:dd:97:1b:c0:
+ 68:d8:ab:61:a5:48:1a:ee:97:7d:5a:81:68:bb:9f:
+ 79:00:4b:1d:00:72:c1:ba:76:73:b0:cb:64:81:6e:
+ 10:19:b2:4f:d0
+ ASN1 OID: prime256v1
+ NIST CURVE: P-256
+ X509v3 extensions:
+ X509v3 Authority Key Identifier:
+ keyid:F5:41:72:BD:F9:8A:95:D6:5C:BE:B8:8A:38:A1:C1:1D:80:0A:85:C3
+
+ X509v3 Key Usage: critical
+ Digital Signature
+ X509v3 Subject Key Identifier:
+ C1:F4:06:4B:3B:25:8A:FB:61:38:8B:3F:F2:EE:6A:61:E2:C4:4D:72
+ X509v3 Subject Alternative Name:
+ Registered ID:2.999.15
+ X509v3 Certificate Policies: critical
+ Policy: 2.23.146.1.2.1.7
+
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-A.crl
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-B.crl
+
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:45:02:21:00:d3:41:14:3c:60:cd:36:14:93:12:ed:a8:4d:
+ 40:08:7a:ee:cc:e9:7d:de:06:44:dc:e8:b7:6a:16:8f:e8:e2:
+ 61:02:20:09:d6:1d:c9:40:e3:13:08:33:32:78:77:44:0d:6f:
+ ac:eb:9f:6b:92:72:88:6b:f5:fa:a1:47:98:76:99:59:f2
+*/
+const octetstring cert_s_sm_dsauth_nist :=
+'30820237308201dda00302010202021d47300a06082a8648ce3d04030230
+493115301306035504030c0c47534d4120546573742043493111300f0603
+55040b0c0854455354434552543110300e060355040a0c07525350544553
+54310b3009060355040613024954301e170d313730313330313130383232
+5a170d3230303133303131303832325a3024310d300b060355040a0c0441
+434d453113301106035504030c0a5445535420534d2d4453305930130607
+2a8648ce3d020106082a8648ce3d0301070342000437fb94e3a2befe763e
+1a774a4854880f106d80f936845bad2fdd971bc068d8ab61a5481aee977d
+5a8168bb9f79004b1d0072c1ba7673b0cb64816e1019b24fd0a381d93081
+d6301f0603551d23041830168014f54172bdf98a95d65cbeb88a38a1c11d
+800a85c3300e0603551d0f0101ff040403020780301d0603551d0e041604
+14c1f4064b3b258afb61388b3ff2ee6a61e2c44d72300e0603551d110407
+3005880388370f30170603551d200101ff040d300b300906076781120102
+0107305b0603551d1f045430523027a025a0238621687474703a2f2f6369
+2e746573742e67736d612e636f6d2f43524c2d412e63726c3027a025a023
+8621687474703a2f2f63692e746573742e67736d612e636f6d2f43524c2d
+422e63726c300a06082a8648ce3d0403020348003045022100d341143c60
+cd36149312eda84d40087aeecce97dde0644dce8b76a168fe8e261022009
+d61dc940e3130833327877440d6faceb9f6b9272886bf5faa14798769959
+f2'O;
+function f_ts_cert_s_sm_dsauth_nist() return Certificate {
+ var Certificate cert_decoded;
+ cert_decoded := dec_Certificate(cert_s_sm_dsauth_nist);
+ return cert_decoded;
+}
+template (value) Certificate ts_cert_s_sm_dsauth_nist := f_ts_cert_s_sm_dsauth_nist();
+
+/* Test certificate:
+SGP.26_v1.2_files/Valid test cases/SM-DS/DSauth/CERT_S_SM_DSauth_ECDSA_BRP.der
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 7495 (0x1d47)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN = GSMA Test CI, OU = TESTCERT, O = RSPTEST, C = IT
+ Validity
+ Not Before: May 5 17:03:51 2017 GMT
+ Not After : May 4 17:03:51 2020 GMT
+ Subject: O = ACME, CN = TEST SM-DS
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (256 bit)
+ pub:
+ 04:81:d1:d0:23:f3:9f:18:43:34:18:c2:8c:d2:3d:
+ 42:15:7a:43:9f:ed:d2:9e:59:ab:11:86:e1:30:89:
+ 81:96:c1:56:3a:13:f4:8b:36:d6:d4:b1:3b:4d:08:
+ 5a:57:60:ae:61:3d:06:1f:fe:6f:c7:a4:0c:65:02:
+ e3:ff:73:3c:31
+ ASN1 OID: brainpoolP256r1
+ X509v3 extensions:
+ X509v3 Authority Key Identifier:
+ keyid:C0:BC:70:BA:36:92:9D:43:B4:67:FF:57:57:05:30:E5:7A:B8:FC:D8
+
+ X509v3 Key Usage: critical
+ Digital Signature
+ X509v3 Subject Key Identifier:
+ F0:5F:0B:54:AE:E8:AE:01:08:F0:1D:EF:54:8E:D9:85:97:14:DD:48
+ X509v3 Subject Alternative Name:
+ Registered ID:2.999.15
+ X509v3 Certificate Policies: critical
+ Policy: 2.23.146.1.2.1.7
+
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-A.crl
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-B.crl
+
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:45:02:20:25:a0:29:5d:1a:46:6e:2d:07:48:83:c5:f9:43:
+ e2:fb:0a:72:ee:96:b5:75:95:d9:7d:91:b5:cb:b1:ea:6e:63:
+ 02:21:00:8d:4c:5b:4a:e7:48:86:82:28:72:15:0c:13:90:b9:
+ 64:39:f0:30:71:d2:4a:a4:11:45:5d:bb:16:2e:05:54:77
+*/
+const octetstring cert_s_sm_dsauth_brp :=
+'30820238308201dea00302010202021d47300a06082a8648ce3d04030230
+493115301306035504030c0c47534d4120546573742043493111300f0603
+55040b0c0854455354434552543110300e060355040a0c07525350544553
+54310b3009060355040613024954301e170d313730353035313730333531
+5a170d3230303530343137303335315a3024310d300b060355040a0c0441
+434d453113301106035504030c0a5445535420534d2d4453305a30140607
+2a8648ce3d020106092b24030302080101070342000481d1d023f39f1843
+3418c28cd23d42157a439fedd29e59ab1186e130898196c1563a13f48b36
+d6d4b13b4d085a5760ae613d061ffe6fc7a40c6502e3ff733c31a381d930
+81d6301f0603551d23041830168014c0bc70ba36929d43b467ff57570530
+e57ab8fcd8300e0603551d0f0101ff040403020780301d0603551d0e0416
+0414f05f0b54aee8ae0108f01def548ed9859714dd48300e0603551d1104
+073005880388370f30170603551d200101ff040d300b3009060767811201
+020107305b0603551d1f045430523027a025a0238621687474703a2f2f63
+692e746573742e67736d612e636f6d2f43524c2d412e63726c3027a025a0
+238621687474703a2f2f63692e746573742e67736d612e636f6d2f43524c
+2d422e63726c300a06082a8648ce3d0403020348003045022025a0295d1a
+466e2d074883c5f943e2fb0a72ee96b57595d97d91b5cbb1ea6e63022100
+8d4c5b4ae74886822872150c1390b96439f03071d24aa411455dbb162e05
+5477'O;
+function f_ts_cert_s_sm_dsauth_brp() return Certificate {
+ var Certificate cert_decoded;
+ cert_decoded := dec_Certificate(cert_s_sm_dsauth_brp);
+ return cert_decoded;
+}
+template (value) Certificate ts_cert_s_sm_dsauth_brp := f_ts_cert_s_sm_dsauth_brp();
+
+/* Test certificate:
+SGP.26_v1.2_files/Valid test cases/SM-DS/DStls/CERT_SM_DS_TLS_NIST.der
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 77899973700 (0x1223334444)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN = GSMA Test CI, OU = TESTCERT, O = RSPTEST, C = IT
+ Validity
+ Not Before: Jul 28 13:34:55 2017 GMT
+ Not After : Jul 27 13:34:55 2020 GMT
+ Subject: O = RSPTEST, CN = testrootsmds.gsma.com
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (256 bit)
+ pub:
+ 04:92:0c:d5:ff:68:04:d8:7d:99:1d:ad:f6:38:c9:
+ b7:83:c5:85:00:a5:7b:a4:93:5b:9e:e2:ef:02:52:
+ b6:a6:dd:9a:50:1c:21:fd:35:42:6b:3b:51:c4:e4:
+ 61:e5:6c:3f:77:2e:69:5f:b8:61:7f:9a:74:82:30:
+ 4b:bb:2f:e2:84
+ ASN1 OID: prime256v1
+ NIST CURVE: P-256
+ X509v3 extensions:
+ X509v3 Key Usage: critical
+ Digital Signature
+ X509v3 Extended Key Usage: critical
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Certificate Policies:
+ Policy: 2.23.146.1.2.1.6
+
+ X509v3 Subject Key Identifier:
+ A0:36:C1:62:75:35:1E:C7:B0:15:53:A1:3F:83:E2:8D:44:00:BD:0A
+ X509v3 Authority Key Identifier:
+ keyid:F5:41:72:BD:F9:8A:95:D6:5C:BE:B8:8A:38:A1:C1:1D:80:0A:85:C3
+
+ X509v3 Subject Alternative Name:
+ DNS:testrootsmds.gsma.com, Registered ID:2.999.15
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-A.crl
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-B.crl
+
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:45:02:20:20:15:19:8e:b1:3b:3c:b2:cd:90:f2:02:c0:1c:
+ 55:88:0c:4b:94:64:5a:88:f2:87:2b:44:f4:fa:42:15:bb:64:
+ 02:21:00:8f:0d:7e:67:1f:bf:34:a4:0e:51:d2:11:2f:ca:21:
+ 47:0c:ba:c9:84:06:30:39:5b:66:66:60:61:d3:86:3e:33
+*/
+const octetstring cert_sm_ds_tls_nist :=
+'3082028030820226a00302010202051223334444300a06082a8648ce3d04
+030230493115301306035504030c0c47534d412054657374204349311130
+0f060355040b0c0854455354434552543110300e060355040a0c07525350
+54455354310b3009060355040613024954301e170d313730373238313333
+3435355a170d3230303732373133333435355a30323110300e060355040a
+0c0752535054455354311e301c06035504030c1574657374726f6f74736d
+64732e67736d612e636f6d3059301306072a8648ce3d020106082a8648ce
+3d03010703420004920cd5ff6804d87d991dadf638c9b783c58500a57ba4
+935b9ee2ef0252b6a6dd9a501c21fd35426b3b51c4e461e56c3f772e695f
+b8617f9a7482304bbb2fe284a38201103082010c300e0603551d0f0101ff
+04040302078030200603551d250101ff0416301406082b06010505070301
+06082b0601050507030230140603551d20040d300b300906076781120102
+0106301d0603551d0e04160414a036c16275351ec7b01553a13f83e28d44
+00bd0a301f0603551d23041830168014f54172bdf98a95d65cbeb88a38a1
+c11d800a85c330250603551d11041e301c821574657374726f6f74736d64
+732e67736d612e636f6d880388370f305b0603551d1f045430523027a025
+a0238621687474703a2f2f63692e746573742e67736d612e636f6d2f4352
+4c2d412e63726c3027a025a0238621687474703a2f2f63692e746573742e
+67736d612e636f6d2f43524c2d422e63726c300a06082a8648ce3d040302
+034800304502202015198eb13b3cb2cd90f202c01c55880c4b94645a88f2
+872b44f4fa4215bb640221008f0d7e671fbf34a40e51d2112fca21470cba
+c9840630395b66666061d3863e33'O;
+function f_ts_cert_sm_ds_tls_nist() return Certificate {
+ var Certificate cert_decoded;
+ cert_decoded := dec_Certificate(cert_sm_ds_tls_nist);
+ return cert_decoded;
+}
+template (value) Certificate ts_cert_sm_ds_tls_nist := f_ts_cert_sm_ds_tls_nist();
+
+/* Test certificate:
+SGP.26_v1.2_files/Valid test cases/SM-DS/DStls/CERT_S_SM_DS2_TLS_NIST.der
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 81684042822800725 (0x122333444455555)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN = GSMA Test CI, OU = TESTCERT, O = RSPTEST, C = IT
+ Validity
+ Not Before: Jul 31 09:36:23 2017 GMT
+ Not After : Jul 30 09:36:23 2020 GMT
+ Subject: O = RSPTEST, CN = testsmds1.gsma.com
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (256 bit)
+ pub:
+ 04:19:d0:a3:31:cf:30:2c:7a:07:61:52:90:92:56:
+ 75:ad:14:62:cc:58:ba:57:b2:a8:fa:67:69:fd:65:
+ f5:c3:ad:34:d4:92:89:77:cf:57:39:30:ca:01:d8:
+ 61:15:a6:8d:45:a6:86:0c:7b:9d:b2:3d:82:18:58:
+ 11:41:8c:2a:09
+ ASN1 OID: prime256v1
+ NIST CURVE: P-256
+ X509v3 extensions:
+ X509v3 Key Usage: critical
+ Digital Signature
+ X509v3 Extended Key Usage: critical
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Certificate Policies:
+ Policy: 2.23.146.1.2.1.6
+
+ X509v3 Subject Key Identifier:
+ 53:82:04:27:91:71:ED:3D:0A:79:C0:AD:61:A5:35:31:2C:86:48:6C
+ X509v3 Authority Key Identifier:
+ keyid:F5:41:72:BD:F9:8A:95:D6:5C:BE:B8:8A:38:A1:C1:1D:80:0A:85:C3
+
+ X509v3 Subject Alternative Name:
+ DNS:testsmds1.gsma.com, Registered ID:2.999.15.2
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-A.crl
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-B.crl
+
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:45:02:20:5c:b0:bd:6d:48:5b:13:21:c3:bf:28:37:22:a6:
+ 43:09:a5:d2:0e:8f:67:1b:d0:05:f3:f9:1e:17:6f:8b:a4:80:
+ 02:21:00:c7:73:03:63:64:ab:76:34:f2:61:24:99:d8:24:8c:
+ af:df:81:d1:6d:3c:2c:5b:d6:0c:4b:ee:60:68:31:c4:f1
+*/
+const octetstring cert_s_sm_ds2_tls_nist :=
+'3082027e30820224a00302010202080122333444455555300a06082a8648
+ce3d04030230493115301306035504030c0c47534d412054657374204349
+3111300f060355040b0c0854455354434552543110300e060355040a0c07
+52535054455354310b3009060355040613024954301e170d313730373331
+3039333632335a170d3230303733303039333632335a302f3110300e0603
+55040a0c0752535054455354311b301906035504030c1274657374736d64
+73312e67736d612e636f6d3059301306072a8648ce3d020106082a8648ce
+3d0301070342000419d0a331cf302c7a07615290925675ad1462cc58ba57
+b2a8fa6769fd65f5c3ad34d4928977cf573930ca01d86115a68d45a6860c
+7b9db23d82185811418c2a09a382010e3082010a300e0603551d0f0101ff
+04040302078030200603551d250101ff0416301406082b06010505070301
+06082b0601050507030230140603551d20040d300b300906076781120102
+0106301d0603551d0e04160414538204279171ed3d0a79c0ad61a535312c
+86486c301f0603551d23041830168014f54172bdf98a95d65cbeb88a38a1
+c11d800a85c330230603551d11041c301a821274657374736d6473312e67
+736d612e636f6d880488370f02305b0603551d1f045430523027a025a023
+8621687474703a2f2f63692e746573742e67736d612e636f6d2f43524c2d
+412e63726c3027a025a0238621687474703a2f2f63692e746573742e6773
+6d612e636f6d2f43524c2d422e63726c300a06082a8648ce3d0403020348
+00304502205cb0bd6d485b1321c3bf283722a64309a5d20e8f671bd005f3
+f91e176f8ba480022100c773036364ab7634f2612499d8248cafdf81d16d
+3c2c5bd60c4bee606831c4f1'O;
+function f_ts_cert_s_sm_ds2_tls_nist() return Certificate {
+ var Certificate cert_decoded;
+ cert_decoded := dec_Certificate(cert_s_sm_ds2_tls_nist);
+ return cert_decoded;
+}
+template (value) Certificate ts_cert_s_sm_ds2_tls_nist := f_ts_cert_s_sm_ds2_tls_nist();
+
+/* Test certificate:
+SGP.26_v1.2_files/Valid test cases/SM-DS/DStls/CERT_S_SM_DS_TLS_BRP.der
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1246399579205 (0x12233344445)
+ Signature Algorithm: ecdsa-with-SHA256
+ Issuer: CN = GSMA Test CI, OU = TESTCERT, O = RSPTEST, C = IT
+ Validity
+ Not Before: Jul 7 06:18:01 2017 GMT
+ Not After : Jul 6 06:18:01 2020 GMT
+ Subject: O = TESTCERT, CN = smds.test.gsma.com
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (256 bit)
+ pub:
+ 04:39:ef:3f:92:a3:bc:a8:ef:7d:66:26:7f:1e:1a:
+ d8:b9:43:fd:2d:b2:27:cb:e1:a1:0b:f4:92:72:61:
+ 81:c4:81:5b:2a:31:60:7c:7d:e5:b3:1c:a0:22:1d:
+ ff:ed:ad:58:70:63:3d:30:ed:55:aa:bb:51:7a:e4:
+ 39:9c:4a:64:81
+ ASN1 OID: brainpoolP256r1
+ X509v3 extensions:
+ X509v3 Key Usage: critical
+ Digital Signature
+ X509v3 Extended Key Usage: critical
+ TLS Web Server Authentication, TLS Web Client Authentication
+ X509v3 Certificate Policies:
+ Policy: 2.23.146.1.2.1.6
+
+ X509v3 Subject Key Identifier:
+ 73:99:CA:C7:B1:5F:AB:2F:F9:33:CF:2D:22:15:E4:84:4A:DE:F8:05
+ X509v3 Authority Key Identifier:
+ keyid:C0:BC:70:BA:36:92:9D:43:B4:67:FF:57:57:05:30:E5:7A:B8:FC:D8
+
+ X509v3 Subject Alternative Name:
+ DNS:smds.test.gsma.com, Registered ID:2.999.15
+ X509v3 CRL Distribution Points:
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-A.crl
+
+ Full Name:
+ URI:http://ci.test.gsma.com/CRL-B.crl
+
+ Signature Algorithm: ecdsa-with-SHA256
+ 30:44:02:20:18:56:2e:17:de:40:a4:93:18:dc:8e:a5:26:dc:
+ e5:71:9d:85:42:c8:5b:cc:2c:6c:86:a4:6a:58:db:b5:ce:1a:
+ 02:20:4a:91:75:54:26:98:e5:85:6e:27:57:41:0c:46:f2:fb:
+ 22:7e:04:2c:79:6a:99:77:69:5b:20:2e:89:49:c3:4d
+*/
+const octetstring cert_s_sm_ds_tls_brp :=
+'3082027c30820223a0030201020206012233344445300a06082a8648ce3d
+04030230493115301306035504030c0c47534d4120546573742043493111
+300f060355040b0c0854455354434552543110300e060355040a0c075253
+5054455354310b3009060355040613024954301e170d3137303730373036
+313830315a170d3230303730363036313830315a30303111300f06035504
+0a0c085445535443455254311b301906035504030c12736d64732e746573
+742e67736d612e636f6d305a301406072a8648ce3d020106092b24030302
+080101070342000439ef3f92a3bca8ef7d66267f1e1ad8b943fd2db227cb
+e1a10bf492726181c4815b2a31607c7de5b31ca0221dffedad5870633d30
+ed55aabb517ae4399c4a6481a382010d30820109300e0603551d0f0101ff
+04040302078030200603551d250101ff0416301406082b06010505070301
+06082b0601050507030230140603551d20040d300b300906076781120102
+0106301d0603551d0e041604147399cac7b15fab2ff933cf2d2215e4844a
+def805301f0603551d23041830168014c0bc70ba36929d43b467ff575705
+30e57ab8fcd830220603551d11041b30198212736d64732e746573742e67
+736d612e636f6d880388370f305b0603551d1f045430523027a025a02386
+21687474703a2f2f63692e746573742e67736d612e636f6d2f43524c2d41
+2e63726c3027a025a0238621687474703a2f2f63692e746573742e67736d
+612e636f6d2f43524c2d422e63726c300a06082a8648ce3d040302034700
+3044022018562e17de40a49318dc8ea526dce5719d8542c85bcc2c6c86a4
+6a58dbb5ce1a02204a9175542698e5856e2757410c46f2fb227e042c796a
+9977695b202e8949c34d'O;
+function f_ts_cert_s_sm_ds_tls_brp() return Certificate {
+ var Certificate cert_decoded;
+ cert_decoded := dec_Certificate(cert_s_sm_ds_tls_brp);
+ return cert_decoded;
+}
+template (value) Certificate ts_cert_s_sm_ds_tls_brp := f_ts_cert_s_sm_ds_tls_brp();
+
+}
diff --git a/library/euicc/PKIX1Explicit88_Types.ttcn b/library/euicc/PKIX1Explicit88_Types.ttcn
new file mode 100644
index 0000000..4f33f8c
--- /dev/null
+++ b/library/euicc/PKIX1Explicit88_Types.ttcn
@@ -0,0 +1,42 @@
+module PKIX1Explicit88_Types {
+
+import from PKIX1Explicit88 all;
+import from Native_Functions all;
+
+external function dec_X520name(in octetstring stream) return X520name;
+external function enc_X520name(in X520name msg) return octetstring;
+
+external function dec_X520CommonName(in octetstring stream) return X520CommonName;
+external function enc_X520CommonName(in X520CommonName msg) return octetstring;
+
+external function dec_X520LocalityName(in octetstring stream) return X520LocalityName;
+external function enc_X520LocalityName(in X520LocalityName msg) return octetstring;
+
+external function dec_X520StateOrProvinceName(in octetstring stream) return X520StateOrProvinceName;
+external function enc_X520StateOrProvinceName(in X520StateOrProvinceName msg) return octetstring;
+
+external function dec_X520OrganizationName(in octetstring stream) return X520OrganizationName;
+external function enc_X520OrganizationName(in X520OrganizationName msg) return octetstring;
+
+external function dec_X520OrganizationalUnitName(in octetstring stream) return X520OrganizationalUnitName;
+external function enc_X520OrganizationalUnitName(in X520OrganizationalUnitName msg) return octetstring;
+
+external function dec_X520Title(in octetstring stream) return X520Title;
+external function enc_X520Title(in X520Title msg) return octetstring;
+
+external function dec_X520dnQualifier(in octetstring stream) return X520dnQualifier;
+external function enc_X520dnQualifier(in X520dnQualifier msg) return octetstring;
+
+external function dec_X520countryName(in octetstring stream) return X520countryName;
+external function enc_X520countryName(in X520countryName msg) return octetstring;
+
+external function dec_X520SerialNumber(in octetstring stream) return X520SerialNumber;
+external function enc_X520SerialNumber(in X520SerialNumber msg) return octetstring;
+
+external function dec_X520Pseudonym(in octetstring stream) return X520Pseudonym;
+external function enc_X520Pseudonym(in X520Pseudonym msg) return octetstring;
+
+external function dec_Certificate(in octetstring stream) return Certificate;
+external function enc_Certificate(in Certificate msg) return octetstring;
+
+}
diff --git a/library/euicc/PKIX1Implicit88.asn b/library/euicc/PKIX1Implicit88.asn
new file mode 100644
index 0000000..9b547a6
--- /dev/null
+++ b/library/euicc/PKIX1Implicit88.asn
@@ -0,0 +1,387 @@
+
+--
+-- ASN.1 module found by ./crfc2asn1.pl in rfc3280.txt at line 5850
+--
+
+PKIX1Implicit88 { iso(1) identified-organization(3) dod(6) internet(1)
+ security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit(19) }
+
+DEFINITIONS IMPLICIT TAGS ::=
+
+BEGIN
+
+-- EXPORTS ALL --
+
+IMPORTS
+ id-pe, id-kp, id-qt-unotice, id-qt-cps,
+ ORAddress, Name, RelativeDistinguishedName,
+ CertificateSerialNumber, Attribute, DirectoryString
+ FROM PKIX1Explicit88 { iso(1) identified-organization(3)
+ dod(6) internet(1) security(5) mechanisms(5) pkix(7)
+ id-mod(0) id-pkix1-explicit(18) };
+
+
+-- ISO arc for standard certificate and CRL extensions
+
+id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29}
+
+-- authority key identifier OID and syntax
+
+id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 }
+
+
+
+
+
+
+
+
+
+
+AuthorityKeyIdentifier ::= SEQUENCE {
+ keyIdentifier [0] KeyIdentifier OPTIONAL,
+ authorityCertIssuer [1] GeneralNames OPTIONAL,
+ authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
+ -- authorityCertIssuer and authorityCertSerialNumber MUST both
+ -- be present or both be absent
+
+KeyIdentifier ::= OCTET STRING
+
+-- subject key identifier OID and syntax
+
+id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 }
+
+SubjectKeyIdentifier ::= KeyIdentifier
+
+-- key usage extension OID and syntax
+
+id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
+
+KeyUsage ::= BIT STRING {
+ digitalSignature (0),
+ nonRepudiation (1),
+ keyEncipherment (2),
+ dataEncipherment (3),
+ keyAgreement (4),
+ keyCertSign (5),
+ cRLSign (6),
+ encipherOnly (7),
+ decipherOnly (8) }
+
+-- private key usage period extension OID and syntax
+
+id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-ce 16 }
+
+PrivateKeyUsagePeriod ::= SEQUENCE {
+ notBefore [0] GeneralizedTime OPTIONAL,
+ notAfter [1] GeneralizedTime OPTIONAL }
+ -- either notBefore or notAfter MUST be present
+
+-- certificate policies extension OID and syntax
+
+id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 }
+
+anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 }
+
+CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
+
+PolicyInformation ::= SEQUENCE {
+
+
+
+
+
+ policyIdentifier CertPolicyId,
+ policyQualifiers SEQUENCE SIZE (1..MAX) OF
+ PolicyQualifierInfo OPTIONAL }
+
+CertPolicyId ::= OBJECT IDENTIFIER
+
+PolicyQualifierInfo ::= SEQUENCE {
+ policyQualifierId PolicyQualifierId,
+ qualifier ANY DEFINED BY policyQualifierId }
+
+-- Implementations that recognize additional policy qualifiers MUST
+-- augment the following definition for PolicyQualifierId
+
+PolicyQualifierId ::=
+ OBJECT IDENTIFIER -- ( id-qt-cps | id-qt-unotice )
+
+-- CPS pointer qualifier
+
+CPSuri ::= IA5String
+
+-- user notice qualifier
+
+UserNotice ::= SEQUENCE {
+ noticeRef NoticeReference OPTIONAL,
+ explicitText DisplayText OPTIONAL}
+
+NoticeReference ::= SEQUENCE {
+ organization DisplayText,
+ noticeNumbers SEQUENCE OF INTEGER }
+
+DisplayText ::= CHOICE {
+ ia5String IA5String (SIZE (1..200)),
+ visibleString VisibleString (SIZE (1..200)),
+ bmpString BMPString (SIZE (1..200)),
+ utf8String UTF8String (SIZE (1..200)) }
+
+-- policy mapping extension OID and syntax
+
+id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 }
+
+PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
+ issuerDomainPolicy CertPolicyId,
+ subjectDomainPolicy CertPolicyId }
+
+-- subject alternative name extension OID and syntax
+
+id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 }
+
+
+
+
+
+
+SubjectAltName ::= GeneralNames
+
+GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
+
+GeneralName ::= CHOICE {
+ otherName [0] AnotherName,
+ rfc822Name [1] IA5String,
+ dNSName [2] IA5String,
+ x400Address [3] ORAddress,
+ directoryName [4] Name,
+ ediPartyName [5] EDIPartyName,
+ uniformResourceIdentifier [6] IA5String,
+ iPAddress [7] OCTET STRING,
+ registeredID [8] OBJECT IDENTIFIER }
+
+-- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as
+-- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax
+
+AnotherName ::= SEQUENCE {
+ type-id OBJECT IDENTIFIER,
+ value [0] EXPLICIT ANY DEFINED BY type-id }
+
+EDIPartyName ::= SEQUENCE {
+ nameAssigner [0] DirectoryString OPTIONAL,
+ partyName [1] DirectoryString }
+
+-- issuer alternative name extension OID and syntax
+
+id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 }
+
+IssuerAltName ::= GeneralNames
+
+id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 }
+
+SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
+
+-- basic constraints extension OID and syntax
+
+id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }
+
+BasicConstraints ::= SEQUENCE {
+ cA BOOLEAN DEFAULT FALSE,
+ pathLenConstraint INTEGER (0..MAX) OPTIONAL }
+
+-- name constraints extension OID and syntax
+
+id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 }
+
+
+
+
+
+
+NameConstraints ::= SEQUENCE {
+ permittedSubtrees [0] GeneralSubtrees OPTIONAL,
+ excludedSubtrees [1] GeneralSubtrees OPTIONAL }
+
+GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
+
+GeneralSubtree ::= SEQUENCE {
+ base GeneralName,
+ minimum [0] BaseDistance DEFAULT 0,
+ maximum [1] BaseDistance OPTIONAL }
+
+BaseDistance ::= INTEGER (0..MAX)
+
+-- policy constraints extension OID and syntax
+
+id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 }
+
+PolicyConstraints ::= SEQUENCE {
+ requireExplicitPolicy [0] SkipCerts OPTIONAL,
+ inhibitPolicyMapping [1] SkipCerts OPTIONAL }
+
+SkipCerts ::= INTEGER (0..MAX)
+
+-- CRL distribution points extension OID and syntax
+
+id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= {id-ce 31}
+
+CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
+
+DistributionPoint ::= SEQUENCE {
+ distributionPoint [0] DistributionPointName OPTIONAL,
+ reasons [1] ReasonFlags OPTIONAL,
+ cRLIssuer [2] GeneralNames OPTIONAL }
+
+DistributionPointName ::= CHOICE {
+ fullName [0] GeneralNames,
+ nameRelativeToCRLIssuer [1] RelativeDistinguishedName }
+
+ReasonFlags ::= BIT STRING {
+ unused (0),
+ keyCompromise (1),
+ cACompromise (2),
+ affiliationChanged (3),
+ superseded (4),
+ cessationOfOperation (5),
+ certificateHold (6),
+ privilegeWithdrawn (7),
+ aACompromise (8) }
+
+
+
+
+
+-- extended key usage extension OID and syntax
+
+id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37}
+
+ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
+
+
+KeyPurposeId ::= OBJECT IDENTIFIER
+
+-- permit unspecified key uses
+
+anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 }
+
+-- extended key purpose OIDs
+
+id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 }
+id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 }
+id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 }
+id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 }
+id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 }
+id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 }
+
+-- inhibit any policy OID and syntax
+
+id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 }
+
+InhibitAnyPolicy ::= SkipCerts
+
+-- freshest (delta)CRL extension OID and syntax
+
+id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 }
+
+FreshestCRL ::= CRLDistributionPoints
+
+-- authority info access
+
+id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
+
+AuthorityInfoAccessSyntax ::=
+ SEQUENCE SIZE (1..MAX) OF AccessDescription
+
+AccessDescription ::= SEQUENCE {
+ accessMethod OBJECT IDENTIFIER,
+ accessLocation GeneralName }
+
+-- subject info access
+
+id-pe-subjectInfoAccess OBJECT IDENTIFIER ::= { id-pe 11 }
+
+
+
+
+
+SubjectInfoAccessSyntax ::=
+ SEQUENCE SIZE (1..MAX) OF AccessDescription
+
+-- CRL number extension OID and syntax
+
+id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
+
+CRLNumber ::= INTEGER (0..MAX)
+
+-- issuing distribution point extension OID and syntax
+
+id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 }
+
+IssuingDistributionPoint ::= SEQUENCE {
+ distributionPoint [0] DistributionPointName OPTIONAL,
+ onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE,
+ onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE,
+ onlySomeReasons [3] ReasonFlags OPTIONAL,
+ indirectCRL [4] BOOLEAN DEFAULT FALSE,
+ onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE }
+
+id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-ce 27 }
+
+BaseCRLNumber ::= CRLNumber
+
+-- CRL reasons extension OID and syntax
+
+id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 }
+
+CRLReason ::= ENUMERATED {
+ unspecified (0),
+ keyCompromise (1),
+ cACompromise (2),
+ affiliationChanged (3),
+ superseded (4),
+ cessationOfOperation (5),
+ certificateHold (6),
+ removeFromCRL (8),
+ privilegeWithdrawn (9),
+ aACompromise (10) }
+
+-- certificate issuer CRL entry extension OID and syntax
+
+id-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-ce 29 }
+
+CertificateIssuer ::= GeneralNames
+
+-- hold instruction extension OID and syntax
+
+
+
+
+
+id-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-ce 23 }
+
+HoldInstructionCode ::= OBJECT IDENTIFIER
+
+-- ANSI x9 holdinstructions
+
+-- ANSI x9 arc holdinstruction arc
+
+holdInstruction OBJECT IDENTIFIER ::=
+ {joint-iso-itu-t(2) member-body(2) us(840) x9cm(10040) 2}
+
+-- ANSI X9 holdinstructions referenced by this standard
+
+id-holdinstruction-none OBJECT IDENTIFIER ::=
+ {holdInstruction 1} -- deprecated
+
+id-holdinstruction-callissuer OBJECT IDENTIFIER ::=
+ {holdInstruction 2}
+
+id-holdinstruction-reject OBJECT IDENTIFIER ::=
+ {holdInstruction 3}
+
+-- invalidity date CRL entry extension OID and syntax
+
+id-ce-invalidityDate OBJECT IDENTIFIER ::= { id-ce 24 }
+
+InvalidityDate ::= GeneralizedTime
+
+END
\ No newline at end of file
diff --git a/library/euicc/PKIX1Implicit88_EncDec.cc b/library/euicc/PKIX1Implicit88_EncDec.cc
new file mode 100644
index 0000000..7ce2b16
--- /dev/null
+++ b/library/euicc/PKIX1Implicit88_EncDec.cc
@@ -0,0 +1,26 @@
+#include "PKIX1Implicit88.hh"
+
+namespace PKIX1Implicit88__Types {
+
+using namespace PKIX1Implicit88;
+
+TTCN_Module PKIX1Implicit88__EncDec("PKIX1Implicit88_EncDec", __DATE__, __TIME__);
+
+OCTETSTRING enc__SubjectKeyIdentifier(const SubjectKeyIdentifier &msg) {
+ TTCN_Buffer buf;
+
+ buf.clear();
+ msg.encode(SubjectKeyIdentifier_descr_, buf, TTCN_EncDec::CT_BER, BER_ENCODE_DER);
+ return OCTETSTRING(buf.get_len(), buf.get_data());
+}
+
+SubjectKeyIdentifier dec__SubjectKeyIdentifier(const OCTETSTRING &stream) {
+ TTCN_Buffer buf;
+ SubjectKeyIdentifier msg;
+ buf.put_os(stream);
+
+ msg.decode(SubjectKeyIdentifier_descr_, buf, TTCN_EncDec::CT_BER, BER_ACCEPT_ALL);
+ return msg;
+}
+
+}
diff --git a/library/euicc/PKIX1Implicit88_Templates.ttcn b/library/euicc/PKIX1Implicit88_Templates.ttcn
new file mode 100644
index 0000000..53401ff
--- /dev/null
+++ b/library/euicc/PKIX1Implicit88_Templates.ttcn
@@ -0,0 +1,16 @@
+/* PKIX1 Templates in TTCN-3
+ *
+ * Author: Philipp Maier <pmaier@sysmocom.de> / sysmocom - s.f.m.c. GmbH
+ *
+ * Released under the terms of GNU General Public License, Version 2 or
+ * (at your option) any later version.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+module PKIX1Implicit88_Templates {
+
+import from PKIX1Implicit88_Types all;
+import from PKIX1Implicit88 all;
+
+}
diff --git a/library/euicc/PKIX1Implicit88_Types.ttcn b/library/euicc/PKIX1Implicit88_Types.ttcn
new file mode 100644
index 0000000..f816c6e
--- /dev/null
+++ b/library/euicc/PKIX1Implicit88_Types.ttcn
@@ -0,0 +1,9 @@
+module PKIX1Implicit88_Types {
+
+import from PKIX1Implicit88 all;
+import from Native_Functions all;
+
+external function dec_SubjectKeyIdentifier(in octetstring stream) return SubjectKeyIdentifier;
+external function enc_SubjectKeyIdentifier(in SubjectKeyIdentifier msg) return octetstring;
+
+}
diff --git a/library/euicc/RSPDefinitions.asn b/library/euicc/RSPDefinitions.asn
new file mode 100644
index 0000000..56dd1af
--- /dev/null
+++ b/library/euicc/RSPDefinitions.asn
@@ -0,0 +1,825 @@
+--Version V2.5
+RSPDefinitions {joint-iso-itu-t(2) international-organizations(23) gsma(146) rsp(1)
+asn1modules(1) sgp22v2(2)}
+DEFINITIONS
+AUTOMATIC TAGS
+EXTENSIBILITY IMPLIED ::=
+BEGIN
+
+IMPORTS Certificate, CertificateList, Time FROM PKIX1Explicit88 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit(18)}
+SubjectKeyIdentifier FROM PKIX1Implicit88 {iso(1) identified-organization(3) dod(6)
+internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit(19)}
+UICCCapability FROM PEDefinitions {joint-iso-itu-t(2) international-organizations(23) tca(143) euicc-profile(1) spec-version(1) version-three(3)};
+-- The UICCCapability import module version is defined in section 5.7.8
+
+id-rsp OBJECT IDENTIFIER ::= {joint-iso-itu-t(2) international-organizations(23)
+gsma(146) rsp(1)}
+
+-- Basic types, for size constraints
+Octet8 ::= OCTET STRING (SIZE(8))
+Octet4 ::= OCTET STRING (SIZE(4))
+Octet16 ::= OCTET STRING (SIZE(16))
+OctetTo16 ::= OCTET STRING (SIZE(1..16))
+Octet32 ::= OCTET STRING (SIZE(32))
+Octet1 ::= OCTET STRING(SIZE(1))
+Octet2 ::= OCTET STRING (SIZE(2))
+VersionType ::= OCTET STRING(SIZE(3)) -- major/minor/revision version are coded as binary value on byte 1/2/3, e.g. '02 00 0C' for v2.0.12.
+-- If revision is not used (e.g. v2.1), byte 3 SHALL be set to '00'.
+Iccid ::= [APPLICATION 26] OCTET STRING (SIZE(10)) -- ICCID as coded in EFiccid, corresponding tag is '5A'
+RemoteOpId ::= [2] INTEGER {installBoundProfilePackage(1)}
+TransactionId ::= OCTET STRING (SIZE(1..16))
+
+-- Definition of EUICCInfo1 --------------------------
+GetEuiccInfo1Request ::= [32] SEQUENCE { -- Tag 'BF20'
+}
+
+EUICCInfo1 ::= [32] SEQUENCE { -- Tag 'BF20'
+ svn [2] VersionType, -- GSMA SGP.22 version supported (SVN)
+ euiccCiPKIdListForVerification [9] SEQUENCE OF SubjectKeyIdentifier, -- List of CI Public Key Identifiers supported on the eUICC for signature verification
+ euiccCiPKIdListForSigning [10] SEQUENCE OF SubjectKeyIdentifier -- List of CI Public Key Identifier supported on the eUICC for signature creation
+}
+
+-- Definition of EUICCInfo2 --------------------------
+GetEuiccInfo2Request ::= [34] SEQUENCE { -- Tag 'BF22'
+}
+
+EUICCInfo2 ::= [34] SEQUENCE { -- Tag 'BF22'
+ profileVersion [1] VersionType, -- Base eUICC Profile package version supported
+ svn [2] VersionType, -- GSMA SGP.22 version supported (SVN)
+ euiccFirmwareVer [3] VersionType, -- eUICC Firmware version
+ extCardResource [4] OCTET STRING, -- Extended Card Resource Information according to ETSI TS 102 226
+ uiccCapability [5] UICCCapability,
+ ts102241Version [6] VersionType OPTIONAL,
+ globalplatformVersion [7] VersionType OPTIONAL,
+ rspCapability [8] RspCapability,
+ euiccCiPKIdListForVerification [9] SEQUENCE OF SubjectKeyIdentifier, -- List of CI Public Key Identifiers supported on the eUICC for signature verification
+ euiccCiPKIdListForSigning [10] SEQUENCE OF SubjectKeyIdentifier, -- List of CI Public Key Identifier supported on the eUICC for signature creation
+ euiccCategory [11] INTEGER {
+ other(0),
+ basicEuicc(1),
+ mediumEuicc(2),
+ contactlessEuicc(3)
+ } OPTIONAL,
+ forbiddenProfilePolicyRules [25] PprIds OPTIONAL, -- Tag '99'
+ ppVersion VersionType, -- Protection Profile version
+ sasAcreditationNumber UTF8String (SIZE(0..64)),
+ certificationDataObject [12] CertificationDataObject OPTIONAL,
+ treProperties [13] BIT STRING {
+ isDiscrete(0),
+ isIntegrated(1),
+ usesRemoteMemory(2) -- refers to the usage of remote memory protected by the Remote Memory Protection Function described in SGP.21 [4]
+ } OPTIONAL,
+ treProductReference [14] UTF8String OPTIONAL, -- Platform_Label as defined in GlobalPlatform DLOA specification [57]
+ additionalEuiccProfilePackageVersions [15] SEQUENCE OF VersionType OPTIONAL
+}
+
+-- Definition of RspCapability
+RspCapability ::= BIT STRING {
+ additionalProfile(0), -- at least one more Profile can be installed
+ crlSupport(1), -- CRL
+ rpmSupport(2), -- Remote Profile Management
+ testProfileSupport (3), -- support for test profile
+ deviceInfoExtensibilitySupport (4), -- support for ASN.1 extensibility in the Device Info
+ serviceSpecificDataSupport (5) -- support for Service Specific Data in the Profile Metadata
+}
+
+-- Definition of CertificationDataObject
+CertificationDataObject ::= SEQUENCE {
+ platformLabel UTF8String, -- Platform_Label as defined in GlobalPlatform DLOA specification [57]
+ discoveryBaseURL UTF8String -- Discovery Base URL of the SE default DLOA Registrar as defined in GlobalPlatform DLOA specification [57]
+}
+
+CertificateInfo ::= BIT STRING {
+ reserved(0), -- eUICC has a CERT.EUICC.ECDSA in GlobalPlatform format. The use of this bit is deprecated.
+ certSigningX509(1), -- eUICC has a CERT.EUICC.ECDSA in X.509 format
+ rfu2(2),
+ rfu3(3),
+ reserved2(4), -- Handling of Certificate in GlobalPlatform format. The use of this bit is deprecated.
+ certVerificationX509(5)-- Handling of Certificate in X.509 format
+}
+
+
+-- Definition of DeviceInfo
+DeviceInfo ::= SEQUENCE {
+ tac Octet4,
+ deviceCapabilities DeviceCapabilities,
+ imei Octet8 OPTIONAL
+}
+
+DeviceCapabilities ::= SEQUENCE { -- Highest fully supported release for each definition
+ -- The device SHALL set all the capabilities it supports
+ gsmSupportedRelease VersionType OPTIONAL,
+ utranSupportedRelease VersionType OPTIONAL,
+ cdma2000onexSupportedRelease VersionType OPTIONAL,
+ cdma2000hrpdSupportedRelease VersionType OPTIONAL,
+ cdma2000ehrpdSupportedRelease VersionType OPTIONAL,
+ eutranEpcSupportedRelease VersionType OPTIONAL,
+ contactlessSupportedRelease VersionType OPTIONAL,
+ rspCrlSupportedVersion VersionType OPTIONAL,
+ nrEpcSupportedRelease VersionType OPTIONAL,
+ nr5gcSupportedRelease VersionType OPTIONAL,
+ eutran5gcSupportedRelease VersionType OPTIONAL,
+ lpaSvn VersionType OPTIONAL, -- Not defined in this version of SGP.22
+ catSupportedClasses CatSupportedClasses OPTIONAL, -- Not defined in this version of SGP.22
+ euiccFormFactorType EuiccFormFactorType OPTIONAL, -- Not defined in this version of SGP.22
+ deviceAdditionalFeatureSupport DeviceAdditionalFeatureSupport OPTIONAL
+}
+
+-- Definition of DeviceAdditionalFeatureSupport
+DeviceAdditionalFeatureSupport ::= SEQUENCE {
+ naiSupport VersionType OPTIONAL -- Device supports Network Access Identifier
+}
+
+CatSupportedClasses ::= BIT STRING
+EuiccFormFactorType ::= INTEGER
+
+
+ProfileInfoListRequest ::= [45] SEQUENCE { -- Tag 'BF2D'
+ searchCriteria [0] CHOICE {
+ isdpAid [APPLICATION 15] OctetTo16, -- AID of the ISD-P, tag '4F'
+ iccid Iccid, -- ICCID, tag '5A'
+ profileClass [21] ProfileClass -- Tag '95'
+ } OPTIONAL,
+ tagList [APPLICATION 28] OCTET STRING OPTIONAL -- tag '5C'
+}
+
+-- Definition of ProfileInfoList
+ProfileInfoListResponse ::= [45] CHOICE { -- Tag 'BF2D'
+ profileInfoListOk SEQUENCE OF ProfileInfo,
+ profileInfoListError ProfileInfoListError
+}
+
+ProfileInfo ::= [PRIVATE 3] SEQUENCE { -- Tag 'E3'
+ iccid Iccid OPTIONAL,
+ isdpAid [APPLICATION 15] OctetTo16 OPTIONAL, -- AID of the ISD-P containing the Profile, tag '4F'
+ profileState [112] ProfileState OPTIONAL, -- Tag '9F70'
+ profileNickname [16] UTF8String (SIZE(0..64)) OPTIONAL, -- Tag '90'
+ serviceProviderName [17] UTF8String (SIZE(0..32)) OPTIONAL, -- Tag '91'
+ profileName [18] UTF8String (SIZE(0..64)) OPTIONAL, -- Tag '92'
+ iconType [19] IconType OPTIONAL, -- Tag '93'
+ icon [20] OCTET STRING (SIZE(0..1024)) OPTIONAL, -- Tag '94', see condition in ES10c:GetProfilesInfo
+ profileClass [21] ProfileClass OPTIONAL, -- Tag '95'
+ notificationConfigurationInfo [22] SEQUENCE OF NotificationConfigurationInformation OPTIONAL, -- Tag 'B6'
+ profileOwner [23] OperatorId OPTIONAL, -- Tag 'B7'
+ dpProprietaryData [24] DpProprietaryData OPTIONAL, -- Tag 'B8'
+ profilePolicyRules [25] PprIds OPTIONAL, -- Tag '99'
+ serviceSpecificDataStoredInEuicc [34] VendorSpecificExtension OPTIONAL -- Tag 'BF22'
+}
+
+PprIds ::= BIT STRING {-- Definition of Profile Policy Rules identifiers
+ pprUpdateControl(0), -- defines how to update PPRs via ES6
+ ppr1(1), -- Indicator for PPR1 'Disabling of this Profile is not allowed'
+ ppr2(2) -- Indicator for PPR2 'Deletion of this Profile is not allowed'
+}
+
+OperatorId ::= SEQUENCE {
+ mccMnc OCTET STRING (SIZE(3)), -- MCC and MNC coded as defined in 3GPP TS 24.008 [32]
+ gid1 OCTET STRING OPTIONAL, -- referring to content of EF GID1 (file identifier '6F3E') as defined in 3GPP TS 31.102 [54]
+ gid2 OCTET STRING OPTIONAL -- referring to content of EF GID2 (file identifier '6F3F') as defined in 3GPP TS 31.102 [54]
+}
+
+ProfileInfoListError ::= INTEGER {incorrectInputValues(1), undefinedError(127)}
+
+-- Definition of StoreMetadata request
+
+StoreMetadataRequest ::= [37] SEQUENCE { -- Tag 'BF25'
+ iccid Iccid,
+ serviceProviderName [17] UTF8String (SIZE(0..32)), -- Tag '91'
+ profileName [18] UTF8String (SIZE(0..64)), -- Tag '92' (corresponds to 'Short Description' defined in SGP.21 [2])
+ iconType [19] IconType OPTIONAL, -- Tag '93' (JPG or PNG)
+ icon [20] OCTET STRING (SIZE(0..1024)) OPTIONAL, -- Tag '94'(Data of the icon. Size 64 x 64 pixel. This field SHALL only be present if iconType is present)
+ profileClass [21] ProfileClass DEFAULT operational, -- Tag '95'
+ notificationConfigurationInfo [22] SEQUENCE OF NotificationConfigurationInformation OPTIONAL,
+ profileOwner [23] OperatorId OPTIONAL, -- Tag 'B7'
+ profilePolicyRules [25] PprIds OPTIONAL, -- Tag '99'
+ serviceSpecificDataStoredInEuicc [34] VendorSpecificExtension OPTIONAL, -- Tag 'BF22'
+ serviceSpecificDataNotStoredInEuicc [35] VendorSpecificExtension OPTIONAL -- Tag 'BF23'
+}
+
+NotificationEvent ::= BIT STRING {
+ notificationInstall(0),
+ notificationEnable(1),
+ notificationDisable(2),
+ notificationDelete(3)
+}
+
+NotificationConfigurationInformation ::= SEQUENCE {
+ profileManagementOperation NotificationEvent,
+ notificationAddress UTF8String -- FQDN to forward the notification
+}
+
+OPENTYPE ::= CLASS {
+ &typeId OBJECT IDENTIFIER,
+ &Type
+}
+
+VendorSpecificExtension ::= SEQUENCE OF SEQUENCE {
+ vendorOid [0] OPENTYPE.&typeId, -- OID of the vendor who defined this specific extension
+ vendorSpecificData [1] OPENTYPE.&Type
+}
+
+IconType ::= INTEGER {jpg(0), png(1)}
+ProfileState ::= INTEGER {disabled(0), enabled(1)}
+ProfileClass ::= INTEGER {test(0), provisioning(1), operational(2)}
+
+-- Definition of UpdateMetadata request
+UpdateMetadataRequest ::= [42] SEQUENCE { -- Tag 'BF2A'
+ serviceProviderName [17] UTF8String (SIZE(0..32)) OPTIONAL, -- Tag '91'
+ profileName [18] UTF8String (SIZE(0..64)) OPTIONAL, -- Tag '92'
+ iconType [19] IconType OPTIONAL, -- Tag '93'
+ icon [20] OCTET STRING (SIZE(0..1024)) OPTIONAL, -- Tag '94'
+ profilePolicyRules [25] PprIds OPTIONAL, -- Tag '99'
+ serviceSpecificDataStoredInEuicc [34] VendorSpecificExtension OPTIONAL -- Tag 'BF22'
+}
+
+-- Definition of data objects for command PrepareDownload -------------------------
+PrepareDownloadRequest ::= [33] SEQUENCE { -- Tag 'BF21'
+ smdpSigned2 SmdpSigned2, -- Signed information
+ smdpSignature2 [APPLICATION 55] OCTET STRING, -- DP_Sign1, tag '5F37'
+ hashCc Octet32 OPTIONAL, -- Hash of confirmation code
+ smdpCertificate Certificate -- CERT.DPpb.ECDSA
+}
+
+SmdpSigned2 ::= SEQUENCE {
+ transactionId [0] TransactionId, -- The TransactionID generated by the SM-DP+
+ ccRequiredFlag BOOLEAN, --Indicates if the Confirmation Code is required
+ bppEuiccOtpk [APPLICATION 73] OCTET STRING OPTIONAL -- otPK.EUICC.ECKA already used for binding the BPP, tag '5F49'
+}
+
+PrepareDownloadResponse ::= [33] CHOICE { -- Tag 'BF21'
+ downloadResponseOk PrepareDownloadResponseOk,
+ downloadResponseError PrepareDownloadResponseError
+}
+
+PrepareDownloadResponseOk ::= SEQUENCE {
+ euiccSigned2 EUICCSigned2, -- Signed information
+ euiccSignature2 [APPLICATION 55] OCTET STRING -- tag '5F37'
+}
+
+EUICCSigned2 ::= SEQUENCE {
+ transactionId [0] TransactionId,
+ euiccOtpk [APPLICATION 73] OCTET STRING, -- otPK.EUICC.ECKA, tag '5F49'
+ hashCc Octet32 OPTIONAL -- Hash of confirmation code
+}
+
+PrepareDownloadResponseError ::= SEQUENCE {
+ transactionId [0] TransactionId,
+ downloadErrorCode DownloadErrorCode
+}
+
+DownloadErrorCode ::= INTEGER {invalidCertificate(1), invalidSignature(2),
+unsupportedCurve(3), noSessionContext(4), invalidTransactionId(5),
+undefinedError(127)}
+
+-- Definition of data objects for command AuthenticateServer--------------------
+AuthenticateServerRequest ::= [56] SEQUENCE { -- Tag 'BF38'
+ serverSigned1 ServerSigned1, -- Signed information
+ serverSignature1 [APPLICATION 55] OCTET STRING, -- tag ‘5F37’
+ euiccCiPKIdToBeUsed SubjectKeyIdentifier, -- CI Public Key Identifier to be used
+ serverCertificate Certificate, -- RSP Server Certificate CERT.XXauth.ECDSA
+ ctxParams1 CtxParams1
+}
+
+ServerSigned1 ::= SEQUENCE {
+ transactionId [0] TransactionId, -- The Transaction ID generated by the RSP Server
+ euiccChallenge [1] Octet16, -- The eUICC Challenge
+ serverAddress [3] UTF8String, -- The RSP Server address
+ serverChallenge [4] Octet16 -- The RSP Server Challenge
+}
+
+CtxParams1 ::= CHOICE {
+ ctxParamsForCommonAuthentication CtxParamsForCommonAuthentication -- New contextual data objects MAY be defined for extensibility
+}
+
+CtxParamsForCommonAuthentication ::= SEQUENCE {
+ matchingId UTF8String OPTIONAL,-- The MatchingId could be the Activation code token or EventID or empty
+ deviceInfo DeviceInfo -- The Device information
+}
+
+AuthenticateServerResponse ::= [56] CHOICE { -- Tag 'BF38'
+ authenticateResponseOk AuthenticateResponseOk,
+ authenticateResponseError AuthenticateResponseError
+}
+
+AuthenticateResponseOk ::= SEQUENCE {
+ euiccSigned1 EuiccSigned1, -- Signed information
+ euiccSignature1 [APPLICATION 55] OCTET STRING, --EUICC_Sign1, tag 5F37
+ euiccCertificate Certificate, -- eUICC Certificate (CERT.EUICC.ECDSA) signed by the EUM
+ eumCertificate Certificate -- EUM Certificate (CERT.EUM.ECDSA) signed by the requested CI
+}
+
+EuiccSigned1 ::= SEQUENCE {
+ transactionId [0] TransactionId,
+ serverAddress [3] UTF8String,
+ serverChallenge [4] Octet16, -- The RSP Server Challenge
+ euiccInfo2 [34] EUICCInfo2,
+ ctxParams1 CtxParams1
+}
+
+AuthenticateResponseError ::= SEQUENCE {
+ transactionId [0] TransactionId,
+ authenticateErrorCode AuthenticateErrorCode
+}
+
+AuthenticateErrorCode ::= INTEGER {invalidCertificate(1), invalidSignature(2),
+unsupportedCurve(3), noSessionContext(4), invalidOid(5), euiccChallengeMismatch(6),
+ciPKUnknown(7), undefinedError(127)}
+
+-- Definition of Cancel Session------------------------------
+CancelSessionRequest ::= [65] SEQUENCE { -- Tag 'BF41'
+ transactionId TransactionId, -- The TransactionID generated by the RSP Server
+ reason CancelSessionReason
+}
+
+CancelSessionReason ::= INTEGER {endUserRejection(0), postponed(1), timeout(2),
+pprNotAllowed(3), metadataMismatch(4), loadBppExecutionError(5),
+undefinedReason(127)}
+
+CancelSessionResponse ::= [65] CHOICE { -- Tag 'BF41'
+ cancelSessionResponseOk CancelSessionResponseOk,
+ cancelSessionResponseError INTEGER {invalidTransactionId(5),
+undefinedError(127)}
+}
+
+CancelSessionResponseOk ::= SEQUENCE {
+ euiccCancelSessionSigned EuiccCancelSessionSigned, -- Signed information
+ euiccCancelSessionSignature [APPLICATION 55] OCTET STRING -- tag '5F37
+}
+
+EuiccCancelSessionSigned ::= SEQUENCE {
+ transactionId TransactionId,
+ smdpOid OBJECT IDENTIFIER, -- SM-DP+ OID as contained in CERT.DPauth.ECDSA
+ reason CancelSessionReason
+}
+
+-- Definition of Bound Profile Package --------------------------
+BoundProfilePackage ::= [54] SEQUENCE { -- Tag 'BF36'
+ initialiseSecureChannelRequest [35] InitialiseSecureChannelRequest, -- Tag 'BF23'
+ firstSequenceOf87 [0] SEQUENCE OF [7] OCTET STRING, -- sequence of '87' TLVs
+ sequenceOf88 [1] SEQUENCE OF [8] OCTET STRING, -- sequence of '88' TLVs
+ secondSequenceOf87 [2] SEQUENCE OF [7] OCTET STRING OPTIONAL, -- sequence of '87' TLVs
+ sequenceOf86 [3] SEQUENCE OF [6] OCTET STRING -- sequence of '86' TLVs
+}
+
+-- Definition of Get eUICC Challenge --------------------------
+GetEuiccChallengeRequest ::= [46] SEQUENCE { -- Tag 'BF2E'
+}
+
+GetEuiccChallengeResponse ::= [46] SEQUENCE { -- Tag 'BF2E'
+ euiccChallenge Octet16 -- random eUICC challenge
+}
+
+-- Definition of Profile Installation Result
+ProfileInstallationResult ::= [55] SEQUENCE { -- Tag 'BF37'
+ profileInstallationResultData [39] ProfileInstallationResultData,
+ euiccSignPIR EuiccSignPIR
+}
+
+ProfileInstallationResultData ::= [39] SEQUENCE { -- Tag 'BF27'
+ transactionId[0] TransactionId, -- The TransactionID generated by the SM-DP+
+ notificationMetadata[47] NotificationMetadata,
+ smdpOid OBJECT IDENTIFIER, -- SM-DP+ OID (same value as in CERT.DPpb.ECDSA)
+ finalResult [2] CHOICE {
+ successResult SuccessResult,
+ errorResult ErrorResult
+ }
+}
+
+EuiccSignPIR ::= [APPLICATION 55] OCTET STRING -- Tag '5F37', eUICC’s signature
+
+SuccessResult ::= SEQUENCE {
+ aid [APPLICATION 15] OCTET STRING (SIZE (5..16)), -- AID of ISD-P
+ simaResponse OCTET STRING -- contains (multiple) 'EUICCResponse' as defined in [5]
+}
+
+ErrorResult ::= SEQUENCE {
+ bppCommandId BppCommandId,
+ errorReason ErrorReason,
+ simaResponse OCTET STRING OPTIONAL -- contains (multiple) 'EUICCResponse' as defined in [5]
+}
+
+BppCommandId ::= INTEGER {initialiseSecureChannel(0), configureISDP(1),
+storeMetadata(2), storeMetadata2(3), replaceSessionKeys(4), loadProfileElements(5)}
+
+ErrorReason ::= INTEGER {
+ incorrectInputValues(1),
+ invalidSignature(2),
+ invalidTransactionId(3),
+ unsupportedCrtValues(4),
+ unsupportedRemoteOperationType(5),
+ unsupportedProfileClass(6),
+ scp03tStructureError(7),
+ scp03tSecurityError(8),
+ installFailedDueToIccidAlreadyExistsOnEuicc(9),
+ installFailedDueToInsufficientMemoryForProfile(10),
+ installFailedDueToInterruption(11),
+ installFailedDueToPEProcessingError (12),
+ installFailedDueToDataMismatch(13),
+ testProfileInstallFailedDueToInvalidNaaKey(14),
+ pprNotAllowed(15),
+ installFailedDueToUnknownError(127)
+}
+
+ListNotificationRequest ::= [40] SEQUENCE { -- Tag 'BF28'
+ profileManagementOperation [1] NotificationEvent OPTIONAL
+}
+
+ListNotificationResponse ::= [40] CHOICE { -- Tag 'BF28'
+ notificationMetadataList SEQUENCE OF NotificationMetadata,
+ listNotificationsResultError INTEGER {undefinedError(127)}
+}
+
+NotificationMetadata ::= [47] SEQUENCE { -- Tag 'BF2F'
+ seqNumber [0] INTEGER,
+ profileManagementOperation [1] NotificationEvent, /*Only one bit SHALL be set to
+1*/
+ notificationAddress UTF8String, -- FQDN to forward the notification
+ iccid Iccid OPTIONAL
+}
+
+-- Definition of Profile Nickname Information
+SetNicknameRequest ::= [41] SEQUENCE { -- Tag 'BF29'
+ iccid Iccid,
+ profileNickname [16] UTF8String (SIZE(0..64))
+}
+
+SetNicknameResponse ::= [41] SEQUENCE { -- Tag 'BF29'
+ setNicknameResult INTEGER {ok(0), iccidNotFound (1), undefinedError(127)}
+}
+
+id-rsp-cert-objects OBJECT IDENTIFIER ::= { id-rsp cert-objects(2)}
+
+id-rspExt OBJECT IDENTIFIER ::= {id-rsp-cert-objects 0}
+
+id-rspRole OBJECT IDENTIFIER ::= {id-rsp-cert-objects 1}
+
+-- Definition of OIDs for role identification
+id-rspRole-ci OBJECT IDENTIFIER ::= {id-rspRole 0}
+id-rspRole-euicc OBJECT IDENTIFIER ::= {id-rspRole 1}
+id-rspRole-eum OBJECT IDENTIFIER ::= {id-rspRole 2}
+id-rspRole-dp-tls OBJECT IDENTIFIER ::= {id-rspRole 3}
+id-rspRole-dp-auth OBJECT IDENTIFIER ::= {id-rspRole 4}
+id-rspRole-dp-pb OBJECT IDENTIFIER ::= {id-rspRole 5}
+id-rspRole-ds-tls OBJECT IDENTIFIER ::= {id-rspRole 6}
+id-rspRole-ds-auth OBJECT IDENTIFIER ::= {id-rspRole 7}
+
+--Definition of data objects for InitialiseSecureChannel Request
+InitialiseSecureChannelRequest ::= [35] SEQUENCE { -- Tag 'BF23'
+ remoteOpId RemoteOpId, -- Remote Operation Type Identifier (value SHALL be set to installBoundProfilePackage)
+ transactionId [0] TransactionId, -- The TransactionID generated by the SM-DP+
+ controlRefTemplate[6] IMPLICIT ControlRefTemplate, -- Control Reference Template (Key Agreement). Current specification considers a subset of CRT specified in GlobalPlatform Card Specification [8], section 6.4.2.3 for the Mutual Authentication Data Field
+ smdpOtpk [APPLICATION 73] OCTET STRING, ---otPK.DP.ECKA as specified in GlobalPlatform Card Specification [8] section 6.4.2.3 for ePK.OCE.ECKA, tag '5F49'
+ smdpSign [APPLICATION 55] OCTET STRING -- SM-DP's signature, tag '5F37'
+}
+
+ControlRefTemplate ::= SEQUENCE {
+ keyType[0] Octet1, -- Key type according to GlobalPlatform Card Specification [8] Table 11-16, AES= '88', Tag '80'
+ keyLen[1] Octet1, --Key length in number of bytes. For current specification key length SHALL by 0x10 bytes, Tag '81'
+ hostId[4] OctetTo16 -- Host ID value , Tag '84'
+}
+
+--Definition of data objects for ConfigureISDPRequest
+ConfigureISDPRequest ::= [36] SEQUENCE { -- Tag 'BF24'
+ dpProprietaryData [24] DpProprietaryData OPTIONAL -- Tag 'B8'
+}
+
+DpProprietaryData ::= SEQUENCE { -- maximum size including tag and length field: 128 bytes
+ dpOid OBJECT IDENTIFIER -- OID in the tree of the SM-DP+ that created the Profile
+ -- additional data objects defined by the SM-DP+ MAY follow
+}
+
+-- Definition of request message for command ReplaceSessionKeys
+ReplaceSessionKeysRequest ::= [38] SEQUENCE { -- tag 'BF26'
+/*The new initial MAC chaining value*/
+ initialMacChainingValue OCTET STRING,
+/*New session key value for encryption/decryption (PPK-ENC)*/
+ ppkEnc OCTET STRING,
+/*New session key value of the session key C-MAC computation/verification (PPK-MAC)*/
+ ppkCmac OCTET STRING
+}
+
+-- Definition of data objects for RetrieveNotificationsList
+RetrieveNotificationsListRequest ::= [43] SEQUENCE { -- Tag 'BF2B'
+ searchCriteria CHOICE {
+ seqNumber [0] INTEGER,
+ profileManagementOperation [1] NotificationEvent
+ } OPTIONAL
+}
+
+RetrieveNotificationsListResponse ::= [43] CHOICE { -- Tag 'BF2B'
+ notificationList SEQUENCE OF PendingNotification,
+ notificationsListResultError INTEGER { undefinedError(127)}
+}
+
+PendingNotification ::= CHOICE {
+ profileInstallationResult [55] ProfileInstallationResult, -- tag 'BF37'
+ otherSignedNotification OtherSignedNotification
+}
+
+OtherSignedNotification ::= SEQUENCE {
+ tbsOtherNotification NotificationMetadata,
+ euiccNotificationSignature [APPLICATION 55] OCTET STRING, -- eUICC signature of tbsOtherNotification, Tag '5F37'
+ euiccCertificate Certificate, -- eUICC Certificate (CERT.EUICC.ECDSA) signed by the EUM
+ eumCertificate Certificate -- EUM Certificate (CERT.EUM.ECDSA) signed by the requested CI
+}
+
+-- Definition of notificationSent
+NotificationSentRequest ::= [48] SEQUENCE { -- Tag 'BF30'
+ seqNumber [0] INTEGER
+}
+
+NotificationSentResponse ::= [48] SEQUENCE { -- Tag 'BF30'
+ deleteNotificationStatus INTEGER {ok(0), nothingToDelete(1),
+undefinedError(127)}
+}
+
+-- Definition of Enable Profile --------------------------
+EnableProfileRequest ::= [49] SEQUENCE { -- Tag 'BF31'
+ profileIdentifier CHOICE {
+ isdpAid [APPLICATION 15] OctetTo16, -- AID, tag '4F'
+ iccid Iccid -- ICCID, tag '5A'
+ },
+ refreshFlag BOOLEAN -- indicating whether REFRESH is required
+}
+
+EnableProfileResponse ::= [49] SEQUENCE { -- Tag 'BF31'
+ enableResult INTEGER {ok(0), iccidOrAidNotFound (1),
+profileNotInDisabledState(2), disallowedByPolicy(3), wrongProfileReenabling(4),
+catBusy(5), undefinedError(127)}
+}
+
+-- Definition of Disable Profile --------------------------
+DisableProfileRequest ::= [50] SEQUENCE { -- Tag 'BF32'
+ profileIdentifier CHOICE {
+ isdpAid [APPLICATION 15] OctetTo16, -- AID, tag '4F'
+ iccid Iccid -- ICCID, tag '5A'
+ },
+ refreshFlag BOOLEAN -- indicating whether REFRESH is required
+}
+
+DisableProfileResponse ::= [50] SEQUENCE { -- Tag 'BF32'
+ disableResult INTEGER {ok(0), iccidOrAidNotFound (1),
+profileNotInEnabledState(2), disallowedByPolicy(3), catBusy(5),
+undefinedError(127)}
+}
+
+-- Definition of Delete Profile --------------------------
+DeleteProfileRequest ::= [51] CHOICE { -- Tag 'BF33'
+ isdpAid [APPLICATION 15] OctetTo16, -- AID, tag '4F'
+ iccid Iccid -- ICCID, tag '5A'
+}
+
+DeleteProfileResponse ::= [51] SEQUENCE { -- Tag 'BF33'
+ deleteResult INTEGER {ok(0), iccidOrAidNotFound (1),
+profileNotInDisabledState(2), disallowedByPolicy(3), undefinedError(127)}
+}
+
+-- Definition of Memory Reset --------------------------
+EuiccMemoryResetRequest ::= [52] SEQUENCE { -- Tag 'BF34'
+ resetOptions [2] BIT STRING {
+ deleteOperationalProfiles(0),
+ deleteFieldLoadedTestProfiles(1),
+ resetDefaultSmdpAddress(2)}
+}
+
+EuiccMemoryResetResponse ::= [52] SEQUENCE { -- Tag 'BF34'
+ resetResult INTEGER {ok(0), nothingToDelete(1), catBusy(5), undefinedError(127)}
+}
+
+-- Definition of Get EID --------------------------
+GetEuiccDataRequest ::= [62] SEQUENCE { -- Tag 'BF3E'
+ tagList [APPLICATION 28] Octet1 -- tag '5C', the value SHALL be set to '5A'
+}
+
+GetEuiccDataResponse ::= [62] SEQUENCE { -- Tag 'BF3E'
+ eidValue [APPLICATION 26] Octet16 -- tag '5A'
+}
+
+-- Definition of Get Rat
+
+GetRatRequest ::= [67] SEQUENCE { -- Tag ' BF43'
+ -- No input data
+}
+
+
+GetRatResponse ::= [67] SEQUENCE { -- Tag 'BF43'
+ rat RulesAuthorisationTable
+}
+
+RulesAuthorisationTable ::= SEQUENCE OF ProfilePolicyAuthorisationRule
+ProfilePolicyAuthorisationRule ::= SEQUENCE {
+ pprIds PprIds,
+ allowedOperators SEQUENCE OF OperatorId,
+ pprFlags BIT STRING {consentRequired(0)}
+}
+
+-- Definition of data structure containing the list of CRL segments
+SegmentedCrlList ::= SEQUENCE OF CertificateList
+
+-- Definition of data structure command for loading a CRL
+LoadCRLRequest ::= [53] SEQUENCE { -- Tag 'BF35'
+ -- A CRL
+ crl CertificateList
+}
+
+-- Definition of data structure response for loading a CRL
+LoadCRLResponse ::= [53] CHOICE { -- Tag 'BF35'
+ loadCRLResponseOk LoadCRLResponseOk,
+ loadCRLResponseError LoadCRLResponseError
+}
+
+LoadCRLResponseOk ::= SEQUENCE {
+ missingParts SEQUENCE OF INTEGER OPTIONAL
+}
+LoadCRLResponseError ::= INTEGER {invalidSignature(1), invalidCRLFormat(2),
+notEnoughMemorySpace(3), verificationKeyNotFound(4), fresherCrlAlreadyLoaded(5),
+baseCrlMissing(6), undefinedError(127)}
+
+-- Definition of the extension for Certificate Expiration Date
+id-rsp-expDate OBJECT IDENTIFIER ::= {id-rspExt 1}
+ExpirationDate ::= Time
+
+-- Definition of the extension id for total partial-CRL number
+id-rsp-totalPartialCrlNumber OBJECT IDENTIFIER ::= {id-rspExt 2}
+TotalPartialCrlNumber ::= INTEGER
+
+-- Definition of the extension id for the partial-CRL number
+id-rsp-partialCrlNumber OBJECT IDENTIFIER ::= {id-rspExt 3}
+PartialCrlNumber ::= INTEGER
+
+-- Definition for ES9+ ASN.1 Binding --------------------------
+RemoteProfileProvisioningRequest ::= [2] CHOICE { -- Tag 'A2'
+ initiateAuthenticationRequest [57] InitiateAuthenticationRequest, -- Tag 'BF39'
+ authenticateClientRequest [59] AuthenticateClientRequest, -- Tag 'BF3B'
+ getBoundProfilePackageRequest [58] GetBoundProfilePackageRequest, -- Tag 'BF3A'
+ cancelSessionRequestEs9 [65] CancelSessionRequestEs9, -- Tag 'BF41'
+ handleNotification [61] HandleNotification -- tag 'BF3D'
+}
+
+RemoteProfileProvisioningResponse ::= [2] CHOICE { -- Tag 'A2'
+ initiateAuthenticationResponse [57] InitiateAuthenticationResponse, -- Tag 'BF39'
+ authenticateClientResponseEs9 [59] AuthenticateClientResponseEs9, -- Tag 'BF3B'
+ getBoundProfilePackageResponse [58] GetBoundProfilePackageResponse, -- Tag 'BF3A'
+ cancelSessionResponseEs9 [65] CancelSessionResponseEs9, -- Tag 'BF41'
+ authenticateClientResponseEs11 [64] AuthenticateClientResponseEs11 -- Tag 'BF40'
+}
+
+InitiateAuthenticationRequest ::= [57] SEQUENCE { -- Tag 'BF39'
+ euiccChallenge [1] Octet16, -- random eUICC challenge
+ smdpAddress [3] UTF8String,
+ euiccInfo1 EUICCInfo1
+}
+
+InitiateAuthenticationResponse ::= [57] CHOICE { -- Tag 'BF39'
+ initiateAuthenticationOk InitiateAuthenticationOkEs9,
+ initiateAuthenticationError INTEGER {
+ invalidDpAddress(1),
+ euiccVersionNotSupportedByDp(2),
+ ciPKNotSupported(3)
+ }
+}
+
+InitiateAuthenticationOkEs9 ::= SEQUENCE {
+ transactionId [0] TransactionId, -- The TransactionID generated by the SM-DP+
+ serverSigned1 ServerSigned1, -- Signed information
+ serverSignature1 [APPLICATION 55] OCTET STRING, -- Server_Sign1, tag '5F37'
+ euiccCiPKIdToBeUsed SubjectKeyIdentifier, -- The curve CI Public Key to be used as required by ES10b.AuthenticateServer
+ serverCertificate Certificate
+}
+
+AuthenticateClientRequest ::= [59] SEQUENCE { -- Tag 'BF3B'
+ transactionId [0] TransactionId,
+ authenticateServerResponse [56] AuthenticateServerResponse -- This is the response from ES10b.AuthenticateServer
+}
+
+AuthenticateClientResponseEs9 ::= [59] CHOICE { -- Tag 'BF3B'
+ authenticateClientOk AuthenticateClientOk,
+ authenticateClientError INTEGER {
+ eumCertificateInvalid(1),
+ eumCertificateExpired(2),
+ euiccCertificateInvalid(3),
+ euiccCertificateExpired(4),
+ euiccSignatureInvalid(5),
+ matchingIdRefused(6),
+ eidMismatch(7),
+ noEligibleProfile(8),
+ ciPKUnknown(9),
+ invalidTransactionId(10),
+ insufficientMemory(11),
+ undefinedError(127)
+ }
+}
+
+AuthenticateClientOk ::= SEQUENCE {
+ transactionId [0] TransactionId,
+ profileMetaData [37] StoreMetadataRequest,
+ smdpSigned2 SmdpSigned2, -- Signed information
+ smdpSignature2 [APPLICATION 55] OCTET STRING, -- tag '5F37'
+ smdpCertificate Certificate -- CERT.DPpb.ECDSA
+}
+
+GetBoundProfilePackageRequest ::= [58] SEQUENCE { -- Tag 'BF3A'
+ transactionId [0] TransactionId,
+ prepareDownloadResponse [33] PrepareDownloadResponse
+}
+
+GetBoundProfilePackageResponse ::= [58] CHOICE { -- Tag 'BF3A'
+ getBoundProfilePackageOk GetBoundProfilePackageOk,
+ getBoundProfilePackageError INTEGER {
+ euiccSignatureInvalid(1),
+ confirmationCodeMissing(2),
+ confirmationCodeRefused(3),
+ confirmationCodeRetriesExceeded(4),
+ bppRebindingRefused(5),
+ downloadOrderExpired(6),
+ invalidTransactionId(95),
+ undefinedError(127)
+ }
+}
+
+GetBoundProfilePackageOk ::= SEQUENCE {
+ transactionId [0] TransactionId,
+ boundProfilePackage [54] BoundProfilePackage
+}
+
+HandleNotification ::= [61] SEQUENCE { -- Tag 'BF3D'
+ pendingNotification PendingNotification
+}
+
+CancelSessionRequestEs9 ::= [65] SEQUENCE { -- Tag 'BF41'
+ transactionId TransactionId,
+ cancelSessionResponse CancelSessionResponse -- data structure defined for ES10b.CancelSession function
+}
+
+CancelSessionResponseEs9 ::= [65] CHOICE { -- Tag 'BF41'
+ cancelSessionOk CancelSessionOk,
+ cancelSessionError INTEGER {
+ invalidTransactionId(1),
+ euiccSignatureInvalid(2),
+ undefinedError(127)
+ }
+}
+
+CancelSessionOk ::= SEQUENCE { -- This function has no output data
+}
+
+EuiccConfiguredAddressesRequest ::= [60] SEQUENCE { -- Tag 'BF3C'
+}
+
+EuiccConfiguredAddressesResponse ::= [60] SEQUENCE { -- Tag 'BF3C'
+ defaultDpAddress UTF8String OPTIONAL, -- Default SM-DP+ address as an FQDN
+ rootDsAddress UTF8String -- Root SM-DS address as an FQDN
+}
+
+ISDRProprietaryApplicationTemplate ::= [PRIVATE 0] SEQUENCE { -- Tag 'E0'
+ svn [2] VersionType, -- GSMA SGP.22 version supported (SVN)
+ lpaeSupport BIT STRING {
+ lpaeUsingCat(0), -- LPA in the eUICC using Card Application Toolkit
+ lpaeUsingScws(1) -- LPA in the eUICC using Smartcard Web Server
+ } OPTIONAL
+}
+
+LpaeActivationRequest ::= [66] SEQUENCE { -- Tag 'BF42'
+ lpaeOption BIT STRING {
+ activateCatBasedLpae(0), -- LPAe with LUIe based on CAT
+ activateScwsBasedLpae(1) -- LPAe with LUIe based on SCWS
+ }
+}
+
+LpaeActivationResponse ::= [66] SEQUENCE { -- Tag 'BF42'
+ lpaeActivationResult INTEGER {ok(0), notSupported(1)}
+}
+
+SetDefaultDpAddressRequest ::= [63] SEQUENCE { -- Tag 'BF3F'
+ defaultDpAddress UTF8String -- Default SM-DP+ address as an FQDN
+}
+
+SetDefaultDpAddressResponse ::= [63] SEQUENCE { -- Tag 'BF3F'
+ setDefaultDpAddressResult INTEGER { ok (0), undefinedError (127)}
+}
+
+AuthenticateClientResponseEs11 ::= [64] CHOICE { -- Tag 'BF40'
+ authenticateClientOk AuthenticateClientOkEs11,
+ authenticateClientError INTEGER {
+ eumCertificateInvalid(1),
+ eumCertificateExpired(2),
+ euiccCertificateInvalid(3),
+ euiccCertificateExpired(4),
+ euiccSignatureInvalid(5),
+ eventIdUnknown(6),
+ invalidTransactionId(7),
+ undefinedError(127)
+ }
+}
+
+AuthenticateClientOkEs11 ::= SEQUENCE {
+ transactionId TransactionId,
+ eventEntries SEQUENCE OF EventEntries
+}
+
+EventEntries ::= SEQUENCE {
+ eventId UTF8String,
+ rspServerAddress UTF8String
+}
+
+END
diff --git a/library/euicc/RSPDefinitions_EncDec.cc b/library/euicc/RSPDefinitions_EncDec.cc
new file mode 100644
index 0000000..6441201
--- /dev/null
+++ b/library/euicc/RSPDefinitions_EncDec.cc
@@ -0,0 +1,281 @@
+#include "RSPDefinitions.hh"
+
+namespace RSPDefinitions__Types {
+
+using namespace RSPDefinitions;
+
+TTCN_Module RSPDefinitions__EncDec("RSPDefinitions_EncDec", __DATE__, __TIME__);
+
+OCTETSTRING enc__GetEuiccChallengeResponse(const GetEuiccChallengeResponse &msg) {
+ TTCN_Buffer buf;
+
+ buf.clear();
+ msg.encode(GetEuiccChallengeResponse_descr_, buf, TTCN_EncDec::CT_BER, BER_ENCODE_DER);
+ return OCTETSTRING(buf.get_len(), buf.get_data());
+}
+
+GetEuiccChallengeResponse dec__GetEuiccChallengeResponse(const OCTETSTRING &stream) {
+ TTCN_Buffer buf;
+ GetEuiccChallengeResponse msg;
+ buf.put_os(stream);
+
+ msg.decode(GetEuiccChallengeResponse_descr_, buf, TTCN_EncDec::CT_BER, BER_ACCEPT_ALL);
+ return msg;
+}
+
+OCTETSTRING enc__EUICCInfo1(const EUICCInfo1 &msg) {
+ TTCN_Buffer buf;
+
+ buf.clear();
+ msg.encode(EUICCInfo1_descr_, buf, TTCN_EncDec::CT_BER, BER_ENCODE_DER);
+ return OCTETSTRING(buf.get_len(), buf.get_data());
+}
+
+EUICCInfo1 dec__EUICCInfo1(const OCTETSTRING &stream) {
+ TTCN_Buffer buf;
+ EUICCInfo1 msg;
+ buf.put_os(stream);
+
+ msg.decode(EUICCInfo1_descr_, buf, TTCN_EncDec::CT_BER, BER_ACCEPT_ALL);
+ return msg;
+}
+
+OCTETSTRING enc__EUICCInfo2(const EUICCInfo2 &msg) {
+ TTCN_Buffer buf;
+
+ buf.clear();
+ msg.encode(EUICCInfo2_descr_, buf, TTCN_EncDec::CT_BER, BER_ENCODE_DER);
+ return OCTETSTRING(buf.get_len(), buf.get_data());
+}
+
+EUICCInfo2 dec__EUICCInfo2(const OCTETSTRING &stream) {
+ TTCN_Buffer buf;
+ EUICCInfo2 msg;
+ buf.put_os(stream);
+
+ msg.decode(EUICCInfo2_descr_, buf, TTCN_EncDec::CT_BER, BER_ACCEPT_ALL);
+ return msg;
+}
+
+OCTETSTRING enc__AuthenticateServerResponse(const AuthenticateServerResponse &msg) {
+ TTCN_Buffer buf;
+
+ buf.clear();
+ msg.encode(AuthenticateServerResponse_descr_, buf, TTCN_EncDec::CT_BER, BER_ENCODE_DER);
+ return OCTETSTRING(buf.get_len(), buf.get_data());
+}
+
+AuthenticateServerResponse dec__AuthenticateServerResponse(const OCTETSTRING &stream) {
+ TTCN_Buffer buf;
+ AuthenticateServerResponse msg;
+ buf.put_os(stream);
+
+ msg.decode(AuthenticateServerResponse_descr_, buf, TTCN_EncDec::CT_BER, BER_ACCEPT_ALL);
+ return msg;
+}
+
+OCTETSTRING enc__CancelSessionResponse(const CancelSessionResponse &msg) {
+ TTCN_Buffer buf;
+
+ buf.clear();
+ msg.encode(CancelSessionResponse_descr_, buf, TTCN_EncDec::CT_BER, BER_ENCODE_DER);
+ return OCTETSTRING(buf.get_len(), buf.get_data());
+}
+
+CancelSessionResponse dec__CancelSessionResponse(const OCTETSTRING &stream) {
+ TTCN_Buffer buf;
+ CancelSessionResponse msg;
+ buf.put_os(stream);
+
+ msg.decode(CancelSessionResponse_descr_, buf, TTCN_EncDec::CT_BER, BER_ACCEPT_ALL);
+ return msg;
+}
+
+OCTETSTRING enc__PrepareDownloadResponse(const PrepareDownloadResponse &msg) {
+ TTCN_Buffer buf;
+
+ buf.clear();
+ msg.encode(PrepareDownloadResponse_descr_, buf, TTCN_EncDec::CT_BER, BER_ENCODE_DER);
+ return OCTETSTRING(buf.get_len(), buf.get_data());
+}
+
+PrepareDownloadResponse dec__PrepareDownloadResponse(const OCTETSTRING &stream) {
+ TTCN_Buffer buf;
+ PrepareDownloadResponse msg;
+ buf.put_os(stream);
+
+ msg.decode(PrepareDownloadResponse_descr_, buf, TTCN_EncDec::CT_BER, BER_ACCEPT_ALL);
+ return msg;
+}
+
+OCTETSTRING enc__ProfileInstallationResult(const ProfileInstallationResult &msg) {
+ TTCN_Buffer buf;
+
+ buf.clear();
+ msg.encode(ProfileInstallationResult_descr_, buf, TTCN_EncDec::CT_BER, BER_ENCODE_DER);
+ return OCTETSTRING(buf.get_len(), buf.get_data());
+}
+
+ProfileInstallationResult dec__ProfileInstallationResult(const OCTETSTRING &stream) {
+ TTCN_Buffer buf;
+ ProfileInstallationResult msg;
+ buf.put_os(stream);
+
+ msg.decode(ProfileInstallationResult_descr_, buf, TTCN_EncDec::CT_BER, BER_ACCEPT_ALL);
+ return msg;
+}
+
+OCTETSTRING enc__NotificationSentResponse(const NotificationSentResponse &msg) {
+ TTCN_Buffer buf;
+
+ buf.clear();
+ msg.encode(NotificationSentResponse_descr_, buf, TTCN_EncDec::CT_BER, BER_ENCODE_DER);
+ return OCTETSTRING(buf.get_len(), buf.get_data());
+}
+
+NotificationSentResponse dec__NotificationSentResponse(const OCTETSTRING &stream) {
+ TTCN_Buffer buf;
+ NotificationSentResponse msg;
+ buf.put_os(stream);
+
+ msg.decode(NotificationSentResponse_descr_, buf, TTCN_EncDec::CT_BER, BER_ACCEPT_ALL);
+ return msg;
+}
+
+OCTETSTRING enc__RetrieveNotificationsListResponse(const RetrieveNotificationsListResponse &msg) {
+ TTCN_Buffer buf;
+
+ buf.clear();
+ msg.encode(RetrieveNotificationsListResponse_descr_, buf, TTCN_EncDec::CT_BER, BER_ENCODE_DER);
+ return OCTETSTRING(buf.get_len(), buf.get_data());
+}
+
+RetrieveNotificationsListResponse dec__RetrieveNotificationsListResponse(const OCTETSTRING &stream) {
+ TTCN_Buffer buf;
+ RetrieveNotificationsListResponse msg;
+ buf.put_os(stream);
+
+ msg.decode(RetrieveNotificationsListResponse_descr_, buf, TTCN_EncDec::CT_BER, BER_ACCEPT_ALL);
+ return msg;
+}
+
+OCTETSTRING enc__GetEuiccDataResponse(const GetEuiccDataResponse &msg) {
+ TTCN_Buffer buf;
+
+ buf.clear();
+ msg.encode(GetEuiccDataResponse_descr_, buf, TTCN_EncDec::CT_BER, BER_ENCODE_DER);
+ return OCTETSTRING(buf.get_len(), buf.get_data());
+}
+
+GetEuiccDataResponse dec__GetEuiccDataResponse(const OCTETSTRING &stream) {
+ TTCN_Buffer buf;
+ GetEuiccDataResponse msg;
+ buf.put_os(stream);
+
+ msg.decode(GetEuiccDataResponse_descr_, buf, TTCN_EncDec::CT_BER, BER_ACCEPT_ALL);
+ return msg;
+}
+
+OCTETSTRING enc__EuiccConfiguredAddressesResponse(const EuiccConfiguredAddressesResponse &msg) {
+ TTCN_Buffer buf;
+
+ buf.clear();
+ msg.encode(EuiccConfiguredAddressesResponse_descr_, buf, TTCN_EncDec::CT_BER, BER_ENCODE_DER);
+ return OCTETSTRING(buf.get_len(), buf.get_data());
+}
+
+EuiccConfiguredAddressesResponse dec__EuiccConfiguredAddressesResponse(const OCTETSTRING &stream) {
+ TTCN_Buffer buf;
+ EuiccConfiguredAddressesResponse msg;
+ buf.put_os(stream);
+
+ msg.decode(EuiccConfiguredAddressesResponse_descr_, buf, TTCN_EncDec::CT_BER, BER_ACCEPT_ALL);
+ return msg;
+}
+
+OCTETSTRING enc__PendingNotification(const PendingNotification &msg) {
+ TTCN_Buffer buf;
+
+ buf.clear();
+ msg.encode(PendingNotification_descr_, buf, TTCN_EncDec::CT_BER, BER_ENCODE_DER);
+ return OCTETSTRING(buf.get_len(), buf.get_data());
+}
+
+PendingNotification dec__PendingNotification(const OCTETSTRING &stream) {
+ TTCN_Buffer buf;
+ PendingNotification msg;
+ buf.put_os(stream);
+
+ msg.decode(PendingNotification_descr_, buf, TTCN_EncDec::CT_BER, BER_ACCEPT_ALL);
+ return msg;
+}
+
+OCTETSTRING enc__ServerSigned1(const ServerSigned1 &msg) {
+ TTCN_Buffer buf;
+
+ buf.clear();
+ msg.encode(ServerSigned1_descr_, buf, TTCN_EncDec::CT_BER, BER_ENCODE_DER);
+ return OCTETSTRING(buf.get_len(), buf.get_data());
+}
+
+ServerSigned1 dec__ServerSigned1(const OCTETSTRING &stream) {
+ TTCN_Buffer buf;
+ ServerSigned1 msg;
+ buf.put_os(stream);
+
+ msg.decode(ServerSigned1_descr_, buf, TTCN_EncDec::CT_BER, BER_ACCEPT_ALL);
+ return msg;
+}
+
+OCTETSTRING enc__BoundProfilePackage(const BoundProfilePackage &msg) {
+ TTCN_Buffer buf;
+
+ buf.clear();
+ msg.encode(BoundProfilePackage_descr_, buf, TTCN_EncDec::CT_BER, BER_ENCODE_DER);
+ return OCTETSTRING(buf.get_len(), buf.get_data());
+}
+
+BoundProfilePackage dec__BoundProfilePackage(const OCTETSTRING &stream) {
+ TTCN_Buffer buf;
+ BoundProfilePackage msg;
+ buf.put_os(stream);
+
+ msg.decode(BoundProfilePackage_descr_, buf, TTCN_EncDec::CT_BER, BER_ACCEPT_ALL);
+ return msg;
+}
+
+OCTETSTRING enc__StoreMetadataRequest(const StoreMetadataRequest &msg) {
+ TTCN_Buffer buf;
+
+ buf.clear();
+ msg.encode(StoreMetadataRequest_descr_, buf, TTCN_EncDec::CT_BER, BER_ENCODE_DER);
+ return OCTETSTRING(buf.get_len(), buf.get_data());
+}
+
+StoreMetadataRequest dec__StoreMetadataRequest(const OCTETSTRING &stream) {
+ TTCN_Buffer buf;
+ StoreMetadataRequest msg;
+ buf.put_os(stream);
+
+ msg.decode(StoreMetadataRequest_descr_, buf, TTCN_EncDec::CT_BER, BER_ACCEPT_ALL);
+ return msg;
+}
+
+OCTETSTRING enc__SmdpSigned2(const SmdpSigned2 &msg) {
+ TTCN_Buffer buf;
+
+ buf.clear();
+ msg.encode(SmdpSigned2_descr_, buf, TTCN_EncDec::CT_BER, BER_ENCODE_DER);
+ return OCTETSTRING(buf.get_len(), buf.get_data());
+}
+
+SmdpSigned2 dec__SmdpSigned2(const OCTETSTRING &stream) {
+ TTCN_Buffer buf;
+ SmdpSigned2 msg;
+ buf.put_os(stream);
+
+ msg.decode(SmdpSigned2_descr_, buf, TTCN_EncDec::CT_BER, BER_ACCEPT_ALL);
+ return msg;
+}
+
+}
diff --git a/library/euicc/RSPDefinitions_Templates.ttcn b/library/euicc/RSPDefinitions_Templates.ttcn
new file mode 100644
index 0000000..86cdb0c
--- /dev/null
+++ b/library/euicc/RSPDefinitions_Templates.ttcn
@@ -0,0 +1,579 @@
+/* SGP22 Templates in TTCN-3
+ *
+ * Author: Philipp Maier <pmaier@sysmocom.de> / sysmocom - s.f.m.c. GmbH
+ *
+ * Released under the terms of GNU General Public License, Version 2 or
+ * (at your option) any later version.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+module RSPDefinitions_Templates {
+
+import from PEDefinitions all;
+import from RSPDefinitions all;
+import from RSPDefinitions_Types all;
+
+import from PKIX1Explicit88 all;
+import from PKIX1Explicit88_Templates all;
+import from PKIX1Explicit88_Types all;
+
+import from PKIX1Implicit88 all;
+
+/* GSMA SGP.22, section 2.5.4 */
+template (present) BoundProfilePackage
+tr_boundProfilePackage := {
+ initialiseSecureChannelRequest := {
+ remoteOpId := ?,
+ transactionId := ?,
+ controlRefTemplate := {
+ keyType := ?,
+ keyLen := ?,
+ hostId := ?
+ },
+ smdpOtpk := ?,
+ smdpSign := ?
+ },
+ /* ES8+.ConfigureISDP */
+ firstSequenceOf87 := ?,
+ /* ES8+.StoreMetadata */
+ sequenceOf88 := ?,
+ /* ES8+.ReplaceSessionKeys (optional) */
+ secondSequenceOf87 := *,
+ /* ES8+.LoadProfileElements */
+ sequenceOf86 := ?
+}
+template (value) BoundProfilePackage
+ts_boundProfilePackage := {
+ initialiseSecureChannelRequest := {
+ remoteOpId := 1,
+ transactionId := 'AABBCC'O,
+ controlRefTemplate := {
+ keyType := '88'O, /* AES */
+ keyLen := '10'O, /* 16 byte key-length */
+ hostId := '01020304050607080910111213141516'O
+ },
+ smdpOtpk := '1122334455667788'O,
+ smdpSign := 'AABBCCDDEEFF0000'O
+ },
+ /* ES8+.ConfigureISDP */
+ firstSequenceOf87 := {'41414141414141414141414141414141414141414141414141414141414141'O,
+ '42424242424242424242424242424242424242424242424242424242424242'O,
+ '43434343434343434343434343434343434343434343434343434343434343'O},
+ /* ES8+.StoreMetadata */
+ sequenceOf88 := {'444444444444444444444444444444444444444444'O,
+ '454545454545454545454545454545454545454545'O,
+ '464646464646464646464646464646464646464646'O},
+ /* ES8+.ReplaceSessionKeys (optional) */
+ secondSequenceOf87 := omit,
+ /* ES8+.LoadProfileElements */
+ sequenceOf86 := {'474747474747474747474747474747474747474747474747474747474747474747474747474747474747474747474747474747474747474747474747'O,
+ '484848484848484848484848484848484848484848484848484848484848484848484848484848484848484848484848484848484848484848484848'O,
+ '494949494949494949494949494949494949494949494949494949494949494949494949494949494949494949494949494949494949494949494949'O,
+ '505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050'O,
+ '515151515151515151515151515151515151515151515151515151515151515151515151515151515151515151515151515151515151515151515151'O}
+}
+
+/* GSMA SGP.22, section 2.5.6 */
+template (present) ProfileInstallationResult
+tr_profileInstallationResult := {
+ profileInstallationResultData := {
+ transactionId := ?,
+ notificationMetadata := {
+ seqNumber := ?,
+ profileManagementOperation := ?,
+ notificationAddress := ?,
+ iccid := *
+ },
+ smdpOid := ?,
+ finalResult := ?
+ },
+ euiccSignPIR := ?
+}
+template (value) ProfileInstallationResult
+ts_profileInstallationResult := {
+ profileInstallationResultData := {
+ transactionId := 'AABBCC'O,
+ notificationMetadata := {
+ seqNumber := 1234,
+ profileManagementOperation := '01'B, /* is this correct? (notificationInstall) */
+ notificationAddress := "smdp.example.com",
+ iccid := omit
+ },
+ smdpOid := id_rsp, /* random OBJECT IDENTIFIER for testing */
+ finalResult := {
+ successResult := {
+ aid := '0102030405'O,
+ simaResponse := '4141414141414141414141414141414141414141414141414141'O
+ }
+ }
+ },
+ euiccSignPIR := '00112233445566778899AABBCCDDEEFF'O
+}
+
+
+/* GSMA SGP.22, section 5.6.1 (ES9+) */
+template (present) RemoteProfileProvisioningRequest
+tr_initiateAuthenticationRequest(template (present) octetstring euiccChallenge := ?,
+ template (present) charstring smdpAddress := ?,
+ template (present) EUICCInfo1 euiccInfo1 := ?) := {
+ initiateAuthenticationRequest := {
+ euiccChallenge := euiccChallenge,
+ smdpAddress := smdpAddress,
+ euiccInfo1 := euiccInfo1
+ }
+}
+template (value) RemoteProfileProvisioningRequest
+ts_initiateAuthenticationRequest(template (value) octetstring euiccChallenge,
+ template (value) charstring smdpAddress,
+ template (value) EUICCInfo1 euiccInfo1) := {
+ initiateAuthenticationRequest := {
+ euiccChallenge := euiccChallenge,
+ smdpAddress := smdpAddress,
+ euiccInfo1 := euiccInfo1
+ }
+}
+template (present) RemoteProfileProvisioningResponse
+tr_initiateAuthenticationResponse(template (present) octetstring transactionId := ?,
+ template (present) ServerSigned1 serverSigned1 := ?,
+ template (present) octetstring serverSignature1 := ?,
+ template (present) SubjectKeyIdentifier euiccCiPKIdToBeUsed := ?,
+ template (present) Certificate serverCertificate := ?) := {
+ initiateAuthenticationResponse := {
+ initiateAuthenticationOk := {
+ transactionId := transactionId,
+ serverSigned1 := serverSigned1,
+ serverSignature1 := serverSignature1,
+ euiccCiPKIdToBeUsed := euiccCiPKIdToBeUsed,
+ serverCertificate := serverCertificate
+ }
+ }
+}
+template (value) RemoteProfileProvisioningResponse
+ts_initiateAuthenticationResponse(template (value) octetstring transactionId,
+ template (value) ServerSigned1 serverSigned1,
+ template (value) octetstring serverSignature1,
+ template (value) SubjectKeyIdentifier euiccCiPKIdToBeUsed,
+ template (value) Certificate serverCertificate) := {
+ initiateAuthenticationResponse := {
+ initiateAuthenticationOk := {
+ transactionId := transactionId,
+ serverSigned1 := serverSigned1,
+ serverSignature1 := serverSignature1,
+ euiccCiPKIdToBeUsed := euiccCiPKIdToBeUsed,
+ serverCertificate := serverCertificate
+ }
+ }
+}
+
+/* GSMA SGP.22, section 5.6.2 (ES9+) */
+template (present) RemoteProfileProvisioningRequest
+tr_getBoundProfilePackageRequest(template (present) octetstring transactionId := ?,
+ template (present) PrepareDownloadResponse prepareDownloadResponse := ?) := {
+ getBoundProfilePackageRequest := {
+ transactionId := transactionId,
+ prepareDownloadResponse := prepareDownloadResponse
+ }
+}
+template (value) RemoteProfileProvisioningRequest
+ts_getBoundProfilePackageRequest(template (value) octetstring transactionId,
+ template (value) PrepareDownloadResponse prepareDownloadResponse) := {
+ getBoundProfilePackageRequest := {
+ transactionId := transactionId,
+ prepareDownloadResponse := prepareDownloadResponse
+ }
+}
+template (present) RemoteProfileProvisioningResponse
+tr_getBoundProfilePackageResponse(template (present) octetstring transactionId := ?,
+ template (present) BoundProfilePackage boundProfilePackage := ?) := {
+ getBoundProfilePackageResponse := {
+ getBoundProfilePackageOk := {
+ transactionId := transactionId,
+ boundProfilePackage := boundProfilePackage
+ }
+ }
+}
+template (value) RemoteProfileProvisioningResponse
+ts_getBoundProfilePackageResponse(template (value) octetstring transactionId,
+ template (value) BoundProfilePackage boundProfilePackage) := {
+ getBoundProfilePackageResponse := {
+ getBoundProfilePackageOk := {
+ transactionId := transactionId,
+ boundProfilePackage := boundProfilePackage
+ }
+ }
+}
+
+/* GSMA SGP.22, section 5.6.3 (ES9+) */
+template (present) RemoteProfileProvisioningRequest
+tr_authenticateClientRequest(template (present) octetstring transactionId := ?,
+ template (present) AuthenticateServerResponse authenticateServerResponse := ?) := {
+ authenticateClientRequest := {
+ transactionId := transactionId,
+ authenticateServerResponse := authenticateServerResponse
+ }
+}
+template (value) RemoteProfileProvisioningRequest
+ts_authenticateClientRequest(template (value) octetstring transactionId,
+ template (value) AuthenticateServerResponse authenticateServerResponse) := {
+ authenticateClientRequest := {
+ transactionId := transactionId,
+ authenticateServerResponse := authenticateServerResponse
+ }
+}
+template (present) RemoteProfileProvisioningResponse
+tr_authenticateClientResponseEs9(template (present) octetstring transactionId := ?,
+ template (present) StoreMetadataRequest profileMetaData := ?,
+ template (present) SmdpSigned2 smdpSigned2 := ?,
+ template (present) octetstring smdpSignature2 := ?,
+ template (present) Certificate smdpCertificate := ?) := {
+ authenticateClientResponseEs9 := {
+ authenticateClientOk := {
+ transactionId := transactionId,
+ profileMetaData := profileMetaData,
+ smdpSigned2 := smdpSigned2,
+ smdpSignature2 := smdpSignature2,
+ smdpCertificate := smdpCertificate
+ }
+ }
+}
+template (value) RemoteProfileProvisioningResponse
+ts_authenticateClientResponseEs9(template (value) octetstring transactionId,
+ template (value) StoreMetadataRequest profileMetaData,
+ template (value) SmdpSigned2 smdpSigned2,
+ template (value) octetstring smdpSignature2,
+ template (value) Certificate smdpCertificate) := {
+ authenticateClientResponseEs9 := {
+ authenticateClientOk := {
+ transactionId := transactionId,
+ profileMetaData := profileMetaData,
+ smdpSigned2 := smdpSigned2,
+ smdpSignature2 := smdpSignature2,
+ smdpCertificate := smdpCertificate
+ }
+ }
+}
+
+/* GSMA SGP.22, section 5.6.4 (ES9+) */
+template (present) RemoteProfileProvisioningRequest
+tr_handleNotification(template (present) PendingNotification pendingNotification := ?) := {
+ handleNotification := {
+ pendingNotification := pendingNotification
+ }
+}
+template (value) RemoteProfileProvisioningRequest
+ts_handleNotification(template (value) PendingNotification pendingNotification) := {
+ handleNotification := {
+ pendingNotification := pendingNotification
+ }
+}
+
+/* GSMA SGP.22, section 5.6.5 (ES9+) */
+template (present) RemoteProfileProvisioningRequest
+tr_cancelSessionRequestEs9(template (present) octetstring transactionId := ?,
+ template (present) CancelSessionResponse cancelSessionResponse := ?) := {
+ cancelSessionRequestEs9 := {
+ transactionId := transactionId,
+ cancelSessionResponse := cancelSessionResponse
+ }
+}
+template (value) RemoteProfileProvisioningRequest
+ts_cancelSessionRequestEs9(template (value) octetstring transactionId,
+ template (value) CancelSessionResponse cancelSessionResponse) := {
+ cancelSessionRequestEs9 := {
+ transactionId := transactionId,
+ cancelSessionResponse := cancelSessionResponse
+ }
+}
+template (present) RemoteProfileProvisioningResponse
+tr_cancelSessionResponseEs9 := {
+ cancelSessionResponseEs9 := {
+ cancelSessionOk := { } /* This function has no output data */
+ }
+}
+template (value) RemoteProfileProvisioningResponse
+ts_cancelSessionResponseEs9 := {
+ cancelSessionResponseEs9 := {
+ cancelSessionOk := { } /* This function has no output data */
+ }
+}
+
+
+/* GSMA SGP.22, section 5.7.3 (ES10x) */
+template (present) EuiccConfiguredAddressesResponse
+tr_euiccConfiguredAddressesResponse := {
+ defaultDpAddress := *,
+ rootDsAddress := ?
+}
+template (value) EuiccConfiguredAddressesResponse
+ts_euiccConfiguredAddressesResponse := {
+ defaultDpAddress := "smdp.example.com",
+ rootDsAddress := "smds.example.com"
+}
+
+/* GSMA SGP.22, section 5.7.5 (ES10x) */
+template (present) PrepareDownloadResponse
+tr_prepareDownloadResponse := {
+ downloadResponseOk := {
+ euiccSigned2 := {
+ transactionId := ?,
+ euiccOtpk := ?,
+ hashCc := *
+ },
+ euiccSignature2 := ?
+ }
+}
+template (value) PrepareDownloadResponse
+ts_prepareDownloadResponse := {
+ downloadResponseOk := {
+ euiccSigned2 := {
+ transactionId := 'ABCDEF'O,
+ euiccOtpk := 'AABBCCDDEEFF'O,
+ hashCc := omit
+ },
+ euiccSignature2 := 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'O
+ }
+}
+
+/* GSMA SGP.22, section 5.7.7 (ES10x) */
+template (present) GetEuiccChallengeResponse
+tr_GetEuiccChallengeResponse := {
+ euiccChallenge := ?
+}
+template (value) GetEuiccChallengeResponse
+ts_GetEuiccChallengeResponse(template (value) octetstring euiccChallenge := '00112233445566778899AABBCCDDEEFF'O) := {
+ euiccChallenge := euiccChallenge
+}
+
+/* GSMA SGP.22, section 5.7.8 (ES10x) */
+template (present) EUICCInfo1
+tr_EUICCInfo1 := {
+ svn := ?,
+ euiccCiPKIdListForVerification := ?,
+ euiccCiPKIdListForSigning := ?
+}
+template (value) EUICCInfo1
+ts_EUICCInfo1 := {
+ svn := '020200'O,
+ euiccCiPKIdListForVerification := {
+ 'C0BC70BA36929D43B467FF57570530E57AB8FCD8'O,
+ 'F54172BDF98A95D65CBEB88A38A1C11D800A85C3'O
+ },
+ euiccCiPKIdListForSigning := {
+ 'C0BC70BA36929D43B467FF57570530E57AB8FCD8'O,
+ 'F54172BDF98A95D65CBEB88A38A1C11D800A85C3'O
+ }
+}
+
+/* GSMA SGP.22, section 5.7.8 (ES10x) */
+template (present) EUICCInfo2
+tr_EUICCInfo2 := {
+ profileVersion := ?,
+ svn := ?,
+ euiccFirmwareVer := ?,
+ extCardResource := ?,
+ uiccCapability := ?,
+ ts102241Version := *,
+ globalplatformVersion := *,
+ rspCapability := ?,
+ euiccCiPKIdListForVerification := ?,
+ euiccCiPKIdListForSigning := ?,
+ euiccCategory := *,
+ forbiddenProfilePolicyRules := *,
+ ppVersion := ?,
+ sasAcreditationNumber := ?,
+ certificationDataObject := *,
+ treProperties := *,
+ treProductReference := *,
+ additionalEuiccProfilePackageVersions := *
+}
+template (value) EUICCInfo2
+ts_EUICCInfo2 := {
+ profileVersion := '414243'O,
+ svn := '02000C'O,
+ euiccFirmwareVer := '414243'O,
+ extCardResource := '414243'O,
+ uiccCapability := '1111111111111111111'B,
+ ts102241Version := omit,
+ globalplatformVersion := omit,
+ rspCapability := '1111'B,
+ euiccCiPKIdListForVerification := {
+ 'C0BC70BA36929D43B467FF57570530E57AB8FCD8'O,
+ 'F54172BDF98A95D65CBEB88A38A1C11D800A85C3'O
+ },
+ euiccCiPKIdListForSigning := {
+ 'C0BC70BA36929D43B467FF57570530E57AB8FCD8'O,
+ 'F54172BDF98A95D65CBEB88A38A1C11D800A85C3'O
+ },
+ euiccCategory := omit,
+ forbiddenProfilePolicyRules := omit,
+ ppVersion := '414243'O,
+ sasAcreditationNumber := "123456",
+ certificationDataObject := omit,
+ treProperties := omit,
+ treProductReference := omit,
+ additionalEuiccProfilePackageVersions := omit
+}
+
+/* GSMA SGP.22, section 5.7.10 (ES10x) */
+template (value) RetrieveNotificationsListResponse
+ts_retrieveNotificationsListResponse := {
+ notificationList := {
+ {
+ profileInstallationResult := {
+ profileInstallationResultData := {
+ transactionId := 'AABBCC'O,
+ notificationMetadata := {
+ seqNumber := 1234,
+ profileManagementOperation := '01'B, /* is this correct? (notificationInstall) */
+ notificationAddress := "smdp.example.com",
+ iccid := omit
+ },
+ smdpOid := id_rsp, /* random OBJECT IDENTIFIER for testing */
+ finalResult := {
+ successResult := {
+ aid := 'A0000005591010FFFFFFFF8900000D00'O,
+ simaResponse := 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'O
+ }
+ }
+ },
+ euiccSignPIR := 'BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB'O
+ }
+ }
+ }
+}
+
+/* GSMA SGP.22, section 5.7.11 (ES10x) */
+template (present) NotificationSentResponse
+tr_notificationSentResponse := {
+ deleteNotificationStatus := ?
+}
+template (value) NotificationSentResponse
+ts_notificationSentResponse := {
+ deleteNotificationStatus := 0 /* 0k */
+}
+
+/* GSMA SGP.22, section 5.7.13 (ES10x) */
+template (present) AuthenticateServerResponse
+tr_authenticateServerResponse := {
+ authenticateResponseOk := {
+ euiccSigned1 := {
+ transactionId := ?,
+ serverAddress := ?,
+ serverChallenge := ?,
+ euiccInfo2 := ?,
+ ctxParams1 := {
+ ctxParamsForCommonAuthentication := {
+ matchingId := *,
+ deviceInfo := {
+ tac := ?,
+ deviceCapabilities := {
+ gsmSupportedRelease := *,
+ utranSupportedRelease := *,
+ cdma2000onexSupportedRelease := *,
+ cdma2000hrpdSupportedRelease := *,
+ cdma2000ehrpdSupportedRelease := *,
+ eutranEpcSupportedRelease := *,
+ contactlessSupportedRelease := *,
+ rspCrlSupportedVersion := *,
+ nrEpcSupportedRelease := *,
+ nr5gcSupportedRelease := *,
+ eutran5gcSupportedRelease := *,
+ lpaSvn := *,
+ catSupportedClasses := *,
+ euiccFormFactorType := *,
+ deviceAdditionalFeatureSupport := *
+ },
+ imei := *
+ }
+ }
+ }
+ },
+ euiccSignature1 := ?,
+ euiccCertificate := ?,
+ eumCertificate := ?
+ }
+}
+template (value) AuthenticateServerResponse
+ts_authenticateServerResponse := {
+ authenticateResponseOk := {
+ euiccSigned1 := {
+ transactionId := 'ABCDEF'O,
+ serverAddress := "smdp.example.com",
+ serverChallenge := '01020304050607080910111213141516'O,
+ euiccInfo2 := ts_EUICCInfo2,
+ ctxParams1 := {
+ ctxParamsForCommonAuthentication := {
+ matchingId := omit,
+ deviceInfo := {
+ tac := '12345678'O,
+ deviceCapabilities := {
+ gsmSupportedRelease := omit,
+ utranSupportedRelease := omit,
+ cdma2000onexSupportedRelease := omit,
+ cdma2000hrpdSupportedRelease := omit,
+ cdma2000ehrpdSupportedRelease := omit,
+ eutranEpcSupportedRelease := omit,
+ contactlessSupportedRelease := omit,
+ rspCrlSupportedVersion := omit,
+ nrEpcSupportedRelease := omit,
+ nr5gcSupportedRelease := omit,
+ eutran5gcSupportedRelease := omit,
+ lpaSvn := omit,
+ catSupportedClasses := omit,
+ euiccFormFactorType := omit,
+ deviceAdditionalFeatureSupport := omit
+ },
+ imei := omit
+ }
+ }
+ }
+ },
+ euiccSignature1 := '12345678'O,
+ euiccCertificate := ts_cert_euicc_nist,
+// euiccCertificate := ts_cert_euicc_brp,
+ eumCertificate := ts_cert_eum_nist
+// eumCertificate := ts_cert_eum_brp
+
+ }
+}
+
+/* GSMA SGP.22, section 5.7.13 (ES10x) */
+template (present) CancelSessionResponseOk
+tr_cancelSessionResponseOk := {
+ euiccCancelSessionSigned := {
+ transactionId := ?,
+ smdpOid := ?,
+ reason := ?
+ },
+ euiccCancelSessionSignature := ?
+}
+template (value) CancelSessionResponseOk
+ts_cancelSessionResponseOk := {
+ euiccCancelSessionSigned := {
+ transactionId := 'AABBCC'O,
+ smdpOid := id_rspRole_euicc,
+ reason := 5
+ },
+ euiccCancelSessionSignature := '1234567890'O
+}
+template (present) CancelSessionResponse
+tr_cancelSessionResponse := {
+ cancelSessionResponseOk := tr_cancelSessionResponseOk
+}
+template (value) CancelSessionResponse
+ts_cancelSessionResponse := {
+ cancelSessionResponseOk := ts_cancelSessionResponseOk
+}
+
+/* GSMA SGP.22, section 5.7.20 (ES10x) */
+template (present) GetEuiccDataResponse
+tr_getEuiccDataResponse := {
+ eidValue := ?
+}
+template (value) GetEuiccDataResponse
+ts_getEuiccDataResponse(template (value) octetstring eidValue := '000102030405060708090A0B0C0D0E0F'O) := {
+ eidValue := eidValue
+}
+
+}
\ No newline at end of file
diff --git a/library/euicc/RSPDefinitions_Types.ttcn b/library/euicc/RSPDefinitions_Types.ttcn
new file mode 100644
index 0000000..b031aa3
--- /dev/null
+++ b/library/euicc/RSPDefinitions_Types.ttcn
@@ -0,0 +1,54 @@
+module RSPDefinitions_Types {
+
+import from RSPDefinitions all;
+import from Native_Functions all;
+
+external function dec_GetEuiccChallengeResponse(in octetstring stream) return GetEuiccChallengeResponse;
+external function enc_GetEuiccChallengeResponse(in GetEuiccChallengeResponse msg) return octetstring;
+
+external function dec_EUICCInfo1(in octetstring stream) return EUICCInfo1;
+external function enc_EUICCInfo1(in EUICCInfo1 msg) return octetstring;
+
+external function dec_EUICCInfo2(in octetstring stream) return EUICCInfo2;
+external function enc_EUICCInfo2(in EUICCInfo2 msg) return octetstring;
+
+external function dec_AuthenticateServerResponse(in octetstring stream) return AuthenticateServerResponse;
+external function enc_AuthenticateServerResponse(in AuthenticateServerResponse msg) return octetstring;
+
+external function dec_CancelSessionResponse(in octetstring stream) return CancelSessionResponse;
+external function enc_CancelSessionResponse(in CancelSessionResponse msg) return octetstring;
+
+external function dec_PrepareDownloadResponse(in octetstring stream) return PrepareDownloadResponse;
+external function enc_PrepareDownloadResponse(in PrepareDownloadResponse msg) return octetstring;
+
+external function dec_ProfileInstallationResult(in octetstring stream) return ProfileInstallationResult;
+external function enc_ProfileInstallationResult(in ProfileInstallationResult msg) return octetstring;
+
+external function dec_NotificationSentResponse(in octetstring stream) return NotificationSentResponse;
+external function enc_NotificationSentResponse(in NotificationSentResponse msg) return octetstring;
+
+external function dec_RetrieveNotificationsListResponse(in octetstring stream) return RetrieveNotificationsListResponse;
+external function enc_RetrieveNotificationsListResponse(in RetrieveNotificationsListResponse msg) return octetstring;
+
+external function dec_GetEuiccDataResponse(in octetstring stream) return GetEuiccDataResponse;
+external function enc_GetEuiccDataResponse(in GetEuiccDataResponse msg) return octetstring;
+
+external function dec_EuiccConfiguredAddressesResponse(in octetstring stream) return EuiccConfiguredAddressesResponse;
+external function enc_EuiccConfiguredAddressesResponse(in EuiccConfiguredAddressesResponse msg) return octetstring;
+
+external function dec_PendingNotification(in octetstring stream) return PendingNotification;
+external function enc_PendingNotification(in PendingNotification msg) return octetstring;
+
+external function dec_ServerSigned1(in octetstring stream) return ServerSigned1;
+external function enc_ServerSigned1(in ServerSigned1 msg) return octetstring;
+
+external function dec_BoundProfilePackage(in octetstring stream) return BoundProfilePackage;
+external function enc_BoundProfilePackage(in BoundProfilePackage msg) return octetstring;
+
+external function dec_StoreMetadataRequest(in octetstring stream) return StoreMetadataRequest;
+external function enc_StoreMetadataRequest(in StoreMetadataRequest msg) return octetstring;
+
+external function dec_SmdpSigned2(in octetstring stream) return SmdpSigned2;
+external function enc_SmdpSigned2(in SmdpSigned2 msg) return octetstring;
+
+}
diff --git a/library/euicc/SGP32Definitions.asn b/library/euicc/SGP32Definitions.asn
new file mode 100644
index 0000000..8456ef4
--- /dev/null
+++ b/library/euicc/SGP32Definitions.asn
@@ -0,0 +1,806 @@
+-- Section 2.1.3
+-- ASN1START
+SGP32Definitions {joint-iso-itu-t(2) international-organizations(23) gsma(146) rsp(1) asn1modules(1) sgp32v1(31)}
+DEFINITIONS
+AUTOMATIC TAGS
+EXTENSIBILITY IMPLIED ::=
+BEGIN
+
+IMPORTS Certificate, SubjectPublicKeyInfo
+FROM PKIX1Explicit88 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit(18)}
+SubjectKeyIdentifier FROM PKIX1Implicit88 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit(19)}
+
+ProfileInfo, EuiccSigned1, CancelSessionReason, RetrieveNotificationsListResponse,
+ServerSigned1, RspCapability, Iccid, TransactionId, ProfileInfoListRequest,
+ProfileInfoListResponse, RulesAuthorisationTable, EUICCInfo1, DeviceInfo,
+VersionType, UICCCapability, PprIds,
+CertificationDataObject, Octet1, Octet16, Octet32, PrepareDownloadResponse,
+PrepareDownloadResponseOk, PrepareDownloadResponseError,
+AuthenticateServerResponse, AuthenticateResponseOk, AuthenticateResponseError,
+CtxParams1, ProfileInstallationResult, ProfileInstallationResultData,
+OtherSignedNotification, EuiccSignPIR, ErrorResult, NotificationMetadata,
+CancelSessionResponse, CancelSessionResponseOk,
+StoreMetadataRequest, SmdpSigned2, BoundProfilePackage, NotificationEvent
+FROM RSPDefinitions {joint-iso-itu-t(2) international-organizations(23) gsma(146) rsp(1) asn1modules(1) sgp22v2(2)};
+-- ASN1STOP
+
+-- Section 2.11.1.1
+-- ASN1START
+EuiccPackageRequest ::= [81] SEQUENCE { -- Tag ' BF51', #SupportedForPsmoV1.0.0#
+ euiccPackageSigned EuiccPackageSigned,
+ eimSignature [APPLICATION 55] OCTET STRING -- Tag '5F37'
+}
+EuiccPackageSigned ::= SEQUENCE {
+ eimId [0] UTF8String,
+ eidValue [APPLICATION 26] Octet16, -- Tag '5A'
+ counterValue [1] INTEGER,
+ transactionId [2] TransactionId OPTIONAL,
+ euiccPackage EuiccPackage
+}
+EuiccPackage ::= CHOICE {
+ psmoList SEQUENCE OF Psmo, -- #SupportedForPsmoV1.0.0#
+ ecoList SEQUENCE OF Eco -- #SupportedForEcoV1.0.0#
+}
+-- ASN1STOP
+
+
+-- Section 2.11.1.1.1
+-- ASN1START
+EimConfigurationData ::= SEQUENCE {
+ eimId [0] UTF8String, -- eimId of eIM
+ eimFqdn [1] UTF8String OPTIONAL, -- FQDN of eIM
+ eimIdType [2] EimIdType OPTIONAL,
+ counterValue [3] INTEGER OPTIONAL, -- initial counterValue for the eIM
+ associationToken [4] INTEGER OPTIONAL,
+ eimPublicKeyData [5] CHOICE {
+ eimPublicKey SubjectPublicKeyInfo, -- public key of eIM, used for eUICC Package signature verification, where the encoding follows X.509 standard
+ eimCertificate Certificate -- certificate of eIM, used for eUICC Package signature verification, where the encoding follows X.509 standard
+ } OPTIONAL,
+ trustedPublicKeyDataTls [6] CHOICE {
+ trustedEimPkTls SubjectPublicKeyInfo, -- public key of eIM, used for TLS or DTLS, where the encoding follows X.509 standard
+ trustedCertificateTls Certificate -- either the certificate of eIM, used for (D)TLS, or the certificate of the CA, where the encoding follows X.509 standard
+ } OPTIONAL,
+ eimSupportedProtocol [7] EimSupportedProtocol OPTIONAL,
+ euiccCiPKId [8] SubjectKeyIdentifier OPTIONAL -- CI Public Key Identifier supported on the eUICC for signature creation
+}
+EimIdType ::= INTEGER {
+ eimIdTypeOid(1),
+ eimIdTypeFqdn(2),
+ eimIdTypeProprietary(3)
+}
+ EimSupportedProtocol ::= BIT STRING {
+ eimRetrieveHttps(0),
+ eimRetrieveCoaps(1),
+ eimInjectHttps(2),
+ eimInjectCoaps(3),
+ eimProprietary(4)
+}
+-- ASN1STOP
+
+-- Section 2.11.1.1.2
+-- ASN1START
+Eco ::= CHOICE {
+ addEim [8] EimConfigurationData, -- for eIM configuration data see 2.11.1
+ deleteEim [9] SEQUENCE {eimId [0] UTF8String},
+ updateEim [10] EimConfigurationData,
+ listEim [11] SEQUENCE {}
+}
+-- ASN1STOP
+
+-- Section 2.11.1.1.3
+-- ASN1START
+Psmo ::= CHOICE {
+ enable [3] SEQUENCE {
+ iccid [APPLICATION 26] Iccid,
+ rollbackFlag NULL OPTIONAL
+ },
+ disable [4] SEQUENCE {iccid [APPLICATION 26] Iccid},
+ delete [5] SEQUENCE {iccid [APPLICATION 26] Iccid},
+ listProfileInfo [45] ProfileInfoListRequest, -- Tag 'BF2D'
+ getRAT [6] SEQUENCE {},
+ configureAutoEnable [7] SEQUENCE {
+ autoEnableFlag [0] NULL OPTIONAL,
+ smdpOid [1] OBJECT IDENTIFIER OPTIONAL,
+ smdpAddress [2] UTF8String OPTIONAL
+ }
+}
+-- ASN1STOP
+
+
+-- Section 2.11.1.2
+-- ASN1START
+IpaEuiccDataRequest ::= [82] SEQUENCE { -- Tag BF52
+ tagList [APPLICATION 28] OCTET STRING, -- Tag '5C'
+ euiccCiPKId SubjectKeyIdentifier OPTIONAL, -- CI Public Key Identifier supported on the eUICC for signature creation
+ searchCriteria [1] CHOICE {
+ seqNumber [0] INTEGER,
+ profileManagementOperation [1] NotificationEvent,
+ euiccPackageResults [2] NULL
+ } OPTIONAL
+}
+-- ASN1STOP
+
+-- Section 2.11.1.3
+-- ASN1START
+ProfileDownloadTriggerRequest ::= [84] SEQUENCE { -- Tag 'BF54'
+ profileDownloadData [0] ProfileDownloadData OPTIONAL,
+ eimTransactionId [2] TransactionId OPTIONAL
+}
+ProfileDownloadData ::= CHOICE {
+ activationCode [0] UTF8String (SIZE(0..255)),
+ contactDefaultSmdp [1] NULL,
+ contactSmds [2] SEQUENCE {
+ smdsAddress UTF8String OPTIONAL
+ }
+}
+-- ASN1STOP
+
+-- Section 2.11.1.4
+-- ASN1START
+EimAcknowledgements ::= [83] SEQUENCE OF SequenceNumber -- Tag BF53
+SequenceNumber ::= [0] INTEGER
+-- ASN1STOP
+
+
+-- Section 2.11.2.1
+-- ASN1START
+EuiccPackageResult ::= [81] CHOICE { -- Tag 'BF51' #SupportedForPsmoV1.0.0#
+ euiccPackageResultSigned EuiccPackageResultSigned,
+ euiccPackageErrorSigned EuiccPackageErrorSigned,
+ euiccPackageErrorUnsigned EuiccPackageErrorUnsigned
+}
+EuiccPackageResultSigned ::= SEQUENCE {
+ euiccPackageResultDataSigned EuiccPackageResultDataSigned,
+ euiccSignEPR [APPLICATION 55] OCTET STRING -- Tag '5F37'
+}
+EuiccPackageResultDataSigned ::= SEQUENCE { -- #SupportedForPsmoV1.0.0#
+ eimId [0] UTF8String,
+ counterValue [1] INTEGER,
+ transactionId[2] TransactionId OPTIONAL,
+ seqNumber [3] INTEGER,
+ euiccResult SEQUENCE OF EuiccResultData
+}
+EuiccResultData ::= CHOICE {
+ enableResult [3] EnableProfileResult,
+ disableResult [4] DisableProfileResult,
+ deleteResult [5] DeleteProfileResult,
+ listProfileInfoResult [45] SGP32-ProfileInfoListResponse,
+ getRATResult [6] RulesAuthorisationTable, -- see SGP.22
+ configureAutoEnableResult [7] ConfigureAutoEnableResult,
+ addEimResult [8] AddEimResult,
+ deleteEimResult [9] DeleteEimResult,
+ updateEimResult [10] UpdateEimResult,
+ listEimResult [11] ListEimResult,
+ rollbackResult [12] RollbackProfileResult,
+ processingTerminated INTEGER {
+ resultSizeOverflow(1),
+ unknownOrDamagedCommand(2),
+ interruption(3),
+ undefinedError(127)
+ }
+}
+EuiccPackageErrorSigned ::= SEQUENCE {
+ euiccPackageErrorDataSigned EuiccPackageErrorDataSigned,
+ euiccSignEPE [APPLICATION 55] OCTET STRING -- Tag '5F37'
+}
+EuiccPackageErrorDataSigned ::= SEQUENCE {
+ eimId [0] UTF8String,
+ counterValue [1] INTEGER,
+ transactionId [2] TransactionId OPTIONAL,
+ euiccPackageErrorCode EuiccPackageErrorCode
+}
+EuiccPackageErrorCode ::= INTEGER { invalidEid(3), replayError(4), counterValueOutOfRange(6), sizeOverflow(15), undefinedError(127)}
+EuiccPackageErrorUnsigned ::= SEQUENCE {
+ eimId [0] UTF8String,
+ associationToken [4] INTEGER OPTIONAL
+}
+ConfigureAutoEnableResult ::= INTEGER {
+ ok(0),
+ insufficientMemory(1),
+ commandError(7),
+ undefinedError(127)
+}
+EnableProfileResult ::= INTEGER {
+ ok(0),
+ iccidOrAidNotFound(1),
+ profileNotInDisabledState(2),
+ undefinedError(127)
+}
+DisableProfileResult ::= INTEGER {
+ ok(0),
+ iccidOrAidNotFound(1),
+ profileNotInEnabledState(2),
+ undefinedError(127)
+}
+DeleteProfileResult ::= INTEGER {
+ ok(0),
+ iccidOrAidNotFound(1),
+ profileNotInDisabledState(2),
+ undefinedError(127)
+}
+SGP32-ProfileInfoListResponse ::= [45] CHOICE {
+ profileInfoListOk SEQUENCE OF ProfileInfo, -- see SGP.22
+ profileInfoListError SGP32-ProfileInfoListError
+}
+SGP32-ProfileInfoListError ::= INTEGER {
+ incorrectInputValues(1),
+ profileChangeOngoing (11),
+ undefinedError(127)
+}
+RollbackProfileResult ::= INTEGER {
+ ok(0),
+ undefinedError(127)
+}
+AddEimResult ::= CHOICE {
+ associationToken [4] INTEGER,
+ addEimResultCode INTEGER {
+ ok(0),
+ insufficientMemory(1),
+ ciPKUnknown(3),
+ invalidAssociationToken(5),
+ counterValueOutOfRange(6),
+ commandError(7),
+ undefinedError(127)
+ }
+}
+DeleteEimResult ::= INTEGER {
+ ok(0),
+ eimNotFound(1),
+ lastEimDeleted(2), -- no eIM Configuration Data available in eUICC,
+ commandError(7),
+ undefinedError(127)
+}
+UpdateEimResult ::= INTEGER {
+ ok(0),
+ eimNotFound (1),
+ ciPKUnknown(3),
+ counterValueOutOfRange(6),
+ commandError(7),
+ undefinedError(127)
+}
+ListEimResult ::= CHOICE {
+ eimIdList SEQUENCE OF EimIdInfo,
+ listEimError INTEGER {
+ commandError(7),
+ undefinedError(127)
+ }
+}
+EimIdInfo ::= SEQUENCE {
+ eimId [0] UTF8String,
+ eimIdType [4] EimIdType OPTIONAL -- present in case of eimIdTypeOid and eimIdTypeFqdn
+}
+-- ASN1STOP
+
+-- Section 2.11.2.2
+-- ASN1START
+IpaEuiccDataResponse ::= [82] CHOICE { -- Tag 'BF52'
+ ipaEuiccData IpaEuiccData,
+ ipaEuiccDataError INTEGER {
+ incorrectTagList (1),
+ euiccCiPKIdNotFound(5),
+ undefinedError(127)
+ }
+}
+IpaEuiccData ::= SEQUENCE {
+ defaultSmdpAddress [0] UTF8String OPTIONAL, -- Tag '80'
+ euiccInfo1 [32] EUICCInfo1 OPTIONAL, -- Tag 'BF20'
+ euiccInfo2 [34] SGP32-EUICCInfo2 OPTIONAL, -- Tag 'BF22'
+ rootSmdsAddress [3] UTF8String OPTIONAL, -- Tag '83'
+ associationToken [4] INTEGER OPTIONAL, -- Tag '84'
+ eumCertificate [5] Certificate OPTIONAL, -- Tag 'A5'
+ euiccCertificate [6] Certificate OPTIONAL, -- Tag 'A6'
+ ipaCapabilities [8] IpaCapabilities OPTIONAL, -- Tag '88'
+ deviceInfo [9] DeviceInfo OPTIONAL, -- Tag 'A9'
+ notificationsList [43] SGP32-RetrieveNotificationsListResponse OPTIONAL -- Tag 'BF2B'.
+}
+-- ASN1STOP
+
+-- Section 2.11.2.3
+-- ASN1START
+ProfileDownloadTriggerResult ::= [84] SEQUENCE { -- tag 'BF54'
+ eimTransactionId [2] TransactionId OPTIONAL,
+ profileDownloadTriggerResultData CHOICE {
+ profileInstallationResult [55] SGP32-ProfileInstallationResult, -- see SGP.22 [4]
+ profileDownloadError SEQUENCE {
+ errorResponse OCTET STRING OPTIONAL
+ }
+ }
+}
+-- ASN1STOP
+
+-- Section 4.1
+-- ASN1START
+IpaCapabilities ::= SEQUENCE {
+ ipaFeatures [0] BIT STRING {
+ directRspServerCommunication (0),
+ indirectRspServerCommunication (1),
+ eimDownloadDataHandling (2),
+ eimCtxParams1Generation (3),
+ eimProfileMetadataVerification (4),
+ minimizeEsipaBytes (5)
+ },
+ ipaSupportedProtocols [1] BIT STRING {
+ ipaRetrieveHttps(0),
+ ipaRetrieveCoaps(1),
+ ipaInjectHttps(2),
+ ipaInjectCoaps(3),
+ ipaProprietary(4)
+ } OPTIONAL
+}
+-- ASN1STOP
+
+-- Section 5.9.2
+-- ASN1START
+SGP32-EUICCInfo2 ::= [34] SEQUENCE { -- Tag 'BF22'
+ profileVersion [1] VersionType, -- Base eUICC Profile package version supported
+ svn [2] VersionType, -- GSMA SGP.22 version supported (SVN)referenced by SGP.32
+ euiccFirmwareVer [3] VersionType, -- eUICC Firmware version
+ extCardResource [4] OCTET STRING, -- Extended Card Resource Information according to ETSI TS 102 226
+ uiccCapability [5] UICCCapability,
+ ts102241Version [6] VersionType OPTIONAL,
+ globalplatformVersion [7] VersionType OPTIONAL,
+ rspCapability [8] RspCapability,
+ euiccCiPKIdListForVerification [9] SEQUENCE OF SubjectKeyIdentifier, -- List of CI Public Key Identifiers supported on the eUICC for signature verification
+ euiccCiPKIdListForSigning [10] SEQUENCE OF SubjectKeyIdentifier, -- List of CI Public Key Identifier supported on the eUICC for signature creation
+ euiccCategory [11] INTEGER {
+ other(0),
+ basicEuicc(1),
+ mediumEuicc(2),
+ contactlessEuicc(3)
+ } OPTIONAL,
+ forbiddenProfilePolicyRules [25] PprIds OPTIONAL, -- Tag '99'
+ ppVersion VersionType, -- Protection Profile version
+ sasAcreditationNumber UTF8String (SIZE(0..64)),
+ certificationDataObject [12] CertificationDataObject OPTIONAL,
+ treProperties [13] BIT STRING {
+ isDiscrete(0),
+ isIntegrated(1),
+ usesRemoteMemory(2) -- refers to the usage of remote memory protected by the Remote Memory Protection Function described in SGP.21 [4]
+ } OPTIONAL,
+ treProductReference [14] UTF8String OPTIONAL, -- Platform_Label as defined in GlobalPlatform DLOA specification [57]
+ additionalEuiccProfilePackageVersions [15] SEQUENCE OF VersionType OPTIONAL,
+ ipaMode [16] IpaMode OPTIONAL, -- active IPA, mandatory within SGP.32
+ rfu2 [17] SEQUENCE OF SubjectKeyIdentifier OPTIONAL, -- not used by this version of SGP.32.
+ rfu3 [18] OCTET STRING (SIZE(0..32)) OPTIONAL,
+ -- not used by this version of SGP.32
+ rfu4 [19] VersionType OPTIONAL, -- not used by this version of SGP.32
+ iotSpecificInfo [20] IoTSpecificInfo OPTIONAL -- mandatory within SGP.32
+}
+-- Definition of IoTSpecificInfo
+IoTSpecificInfo ::= SEQUENCE {
+iotVersion [0] SEQUENCE OF VersionType -- SGP.32 version(s) supported by the eUICC, at least one must be present
+}
+-- Definition of IpaMode
+IpaMode ::= INTEGER {
+ipad (0), -- IPAd is active
+ipae (1) -- IPAe is active
+}
+-- ASN1STOP
+
+-- Section 5.9.4
+-- ASN1START
+AddInitialEimRequest ::= [87] SEQUENCE { -- Tag 'BF57'
+ eimConfigurationDataList [0] SEQUENCE OF EimConfigurationData
+}
+-- ASN1STOP
+
+-- Section 5.9.4
+-- ASN1START
+AddInitialEimResponse ::= [87] CHOICE { -- Tag 'BF57'
+ addInitialEimOk SEQUENCE OF CHOICE {
+ associationToken [4] INTEGER,
+ addOk NULL
+ },
+ addInitialEimError INTEGER {
+ insufficientMemory(1),
+ unsignedEimConfigDisallowed(2),
+ ciPKUnknown(3),
+ invalidAssociationToken(5),
+ counterValueOutOfRange(6),
+ undefinedError(127)
+ }
+}
+-- ASN1STOP
+
+
+-- Section 5.9.10
+-- ASN1START
+GetCertsRequest ::= [86] SEQUENCE { -- Tag 'BF56'
+ euiccCiPKId SubjectKeyIdentifier OPTIONAL -- CI Public Key Identifier supported on the eUICC for signature creation
+}
+-- ASN1STOP
+-- ASN1START
+GetCertsResponse ::= [86] CHOICE { -- Tag 'BF56'
+ certs SEQUENCE {
+ eumCertificate [5] Certificate, -- Tag 'A5'
+ euiccCertificate [6] Certificate -- Tag 'A6'
+ },
+ getCertsError INTEGER {invalidCiPKId(1), undfinedError(127)}
+}
+-- ASN1STOP
+
+-- Section 5.9.11 (no ASN1START/STOP)!
+SGP32-RetrieveNotificationsListRequest ::= [43] SEQUENCE { -- Tag 'BF2B'
+ searchCriteria CHOICE {
+ seqNumber [0] INTEGER,
+ profileManagementOperation [1] NotificationEvent,
+ euiccPackageResults [2] NULL
+ } OPTIONAL
+}
+
+-- ASN1START
+SGP32-RetrieveNotificationsListResponse ::= [43] CHOICE { -- Tag 'BF2B'
+ notificationList SEQUENCE OF SGP32-PendingNotification,
+ notificationsListResultError INTEGER { undefinedError(127)},
+ euiccPackageResultList SEQUENCE OF EuiccPackageResult,
+ notificationAndEprList SEQUENCE {
+ notificationList SEQUENCE OF SGP32-PendingNotification,
+ euiccPackageResultList SEQUENCE OF EuiccPackageResult
+ }
+}
+-- ASN1STOP
+
+-- Section 5.9.15
+-- ASN1START
+EnableUsingDDRequest ::= [90] SEQUENCE { -- Tag 'BF5A'
+}
+-- ASN1STOP
+-- ASN1START
+EnableUsingDDResponse ::= [90] SEQUENCE { -- Tag 'BF5A'
+ enableUsingDDResult [0] INTEGER {
+ ok(0),
+ autoEnableNotAvailable(1),
+ noSessionContext(4),
+ undefinedError(127)
+ }
+}
+-- ASN1STOP
+
+-- Section 5.9.16
+-- ASN1START
+ProfileRollbackRequest ::= [88] SEQUENCE { -- Tag 'BF58'
+ refreshFlag BOOLEAN -- indicating whether REFRESH is required
+}
+-- ASN1STOP
+-- ASN1START
+ProfileRollbackResponse ::= [88] SEQUENCE { -- Tag 'BF58'
+ cmdResult INTEGER {
+ ok(0),
+ rollbackNotAllowed(1), -- Usage of rollback was not granted by the eIM
+ catBusy(5),
+ commandError(7),
+ undefinedError(127)
+ },
+ eUICCPackageResult [81] EuiccPackageResult OPTIONAL
+}
+-- ASN1STOP
+
+-- Section 5.9.17
+-- ASN1START
+ConfigureAutoProfileEnablingRequest ::= [89] SEQUENCE { -- Tag 'BF59'
+ autoEnableFlag [0] NULL OPTIONAL,
+ smdpOid [1] OBJECT IDENTIFIER OPTIONAL,
+ smdpAddress [2] UTF8String OPTIONAL
+}
+-- ASN1STOP
+-- ASN1START
+ConfigureAutoProfileEnablingResponse ::= [89] SEQUENCE { -- Tag 'BF59'
+ configAutoEnableResult [0] INTEGER {
+ ok(0),
+ insufficientMemory(1),
+ unsignedAutoEnableConfigDisallowed(2),
+ undefinedError(127)
+ }
+}
+-- ASN1STOP
+
+-- Section 5.9.18
+-- ASN1START
+GetEimConfigurationDataRequest ::= [85] SEQUENCE { -- Tag 'BF55'
+}
+-- ASN1STOP
+-- ASN1START
+GetEimConfigurationDataResponse ::= [85] SEQUENCE { -- Tag 'BF55'
+ eimConfigurationDataList [0] SEQUENCE OF EimConfigurationData
+}
+-- ASN1STOP
+
+-- Section 5.14.2
+-- ASN1START
+SGP32-PrepareDownloadResponse ::= [33] CHOICE { -- Tag 'BF21'
+ downloadResponseOk PrepareDownloadResponseOk,
+ downloadResponseError PrepareDownloadResponseError,
+ compactDownloadResponseOk CompactPrepareDownloadResponseOk
+}
+CompactPrepareDownloadResponseOk ::= SEQUENCE {
+ compactEuiccSigned2 CompactEuiccSigned2, -- Compact version of EuiccSigned2
+ euiccSignature2 [APPLICATION 55] OCTET STRING -- tag '5F37' signature on EuiccSigned2
+}
+CompactEuiccSigned2 ::= SEQUENCE {
+ euiccOtpk [APPLICATION 73] OCTET STRING OPTIONAL, -- otPK.EUICC.ECKA, tag '5F49' euiccOtpk is always present except if bppEuiccOtpk was chosen by the eUICC
+ hashCc Octet32 OPTIONAL -- Hash of confirmation code, if not received from Eim
+}
+-- ASN1STOP
+
+-- Section 5.14.3
+-- ASN1START
+SGP32-AuthenticateServerResponse ::= [56] CHOICE { -- Tag 'BF38'
+ authenticateResponseOk AuthenticateResponseOk,
+ authenticateResponseError AuthenticateResponseError,
+ compactAuthenticateResponseOk CompactAuthenticateResponseOk
+}
+CompactAuthenticateResponseOk ::= SEQUENCE {
+ signedData CHOICE {
+ euiccSigned1 EuiccSigned1,
+ compactEuiccSigned1 [0] CompactEuiccSigned1 -- Compact version of EuiccSigned1
+ },
+ euiccSignature1 [APPLICATION 55] OCTET STRING, -- tag 5F37 signature on EuiccSigned1
+ euiccCertificate [1] Certificate OPTIONAL, -- eUICC Certificate (CERT.EUICC.ECDSA)
+ eumCertificate [2] Certificate OPTIONAL -- EUM Certificate (CERT.EUM.ECDSA)
+}
+CompactEuiccSigned1 ::= SEQUENCE {
+ extCardResource [4] OCTET STRING, -- Extended Card Resource Information according to ETSI TS 102 226 extracted from euiccInfo2,
+ ctxParams1 [2] CtxParams1 OPTIONAL -- ctxParams1 may be left out by IPA if eIM ctxParams1 was received from the eIM
+}
+-- ASN1STOP
+
+-- Section 5.14.7
+-- ASN1START
+SGP32-PendingNotification ::= CHOICE {
+ profileInstallationResult [55] SGP32-ProfileInstallationResult, -- tag 'BF37'
+ otherSignedNotification OtherSignedNotification,
+ compactProfileInstallationResult [0] CompactProfileInstallationResult,
+ compactOtherSignedNotification [1] CompactOtherSignedNotification
+}
+SGP32-ProfileInstallationResult ::= [55] SEQUENCE { -- Tag 'BF37'
+ profileInstallationResultData [39] ProfileInstallationResultData,
+ euiccSignPIR EuiccSignPIR
+}
+CompactProfileInstallationResult ::= SEQUENCE {
+ compactProfileInstallationResultData [0] CompactProfileInstallationResultData,
+ euiccSignPIR EuiccSignPIR
+}
+CompactProfileInstallationResultData ::= SEQUENCE {
+ transactionId [0] TransactionId, -- The TransactionID generated by the SM-DP+
+ seqNumber INTEGER,
+ iccidPresent BOOLEAN DEFAULT TRUE,
+ compactFinalResult [2] CHOICE {
+ compactSuccessResult CompactSuccessResult,
+ errorResult ErrorResult
+ }
+}
+CompactSuccessResult ::= SEQUENCE {
+ compactAid [APPLICATION 15] OCTET STRING (SIZE (2)), -- Byte 14 and 15 of ISD-P AID
+ simaResponse OCTET STRING OPTIONAL -- MUST be present if the simaResponse value (EUICCResponse) is different from the 9-byte value ‘30 07 A0 05 30 03 80 01 00’ representing success
+}
+CompactOtherSignedNotification ::= SEQUENCE {
+ tbsOtherNotification NotificationMetadata,
+ euiccNotificationSignature [APPLICATION 55] OCTET STRING -- eUICC signature of tbsOtherNotification, Tag '5F37'
+}
+-- ASN1STOP
+
+-- Section 5.14.8
+-- ASN1START
+SGP32-CancelSessionResponse ::= [65] CHOICE { -- Tag 'BF41'
+ cancelSessionResponseOk CancelSessionResponseOk,
+ cancelSessionResponseError INTEGER {invalidTransactionId(5), undefinedError(127)},
+ compactCancelSessionResponseOk CompactCancelSessionResponseOk
+}
+CompactCancelSessionResponseOk ::= SEQUENCE {
+ compactEuiccCancelSessionSigned CompactEuiccCancelSessionSigned, -- Compact version of euiccCancelSessionSigned
+ euiccCancelSessionSignature [APPLICATION 55] OCTET STRING -- tag 5F37 signature on euiccCancelSessionSigned
+}
+CompactEuiccCancelSessionSigned ::= SEQUENCE {
+ reason CancelSessionReason OPTIONAL
+}
+-- ASN1STOP
+
+-- Section 6.3.1
+-- ASN1START
+EsipaMessageFromIpaToEim ::= CHOICE {
+ initiateAuthenticationRequestEsipa [57] InitiateAuthenticationRequestEsipa, -- Tag 'BF39'
+ authenticateClientRequestEsipa [59] AuthenticateClientRequestEsipa, -- Tag 'BF3B'
+ getBoundProfilePackageRequestEsipa [58] GetBoundProfilePackageRequestEsipa, -- Tag 'BF3A'
+ cancelSessionRequestEsipa [65] CancelSessionRequestEsipa, -- Tag 'BF41'
+ handleNotificationEsipa [61] HandleNotificationEsipa, -- Tag 'BF3D'
+ transferEimPackageResponse [78] TransferEimPackageResponse, -- Tag 'BF4E'
+ getEimPackageRequest [79] GetEimPackageRequest, -- Tag 'BF4F'
+ provideEimPackageResult [80] ProvideEimPackageResult -- Tag 'BF50'
+}
+EsipaMessageFromEimToIpa ::= CHOICE {
+ initiateAuthenticationResponseEsipa [57] InitiateAuthenticationResponseEsipa, -- Tag 'BF39'
+ authenticateClientResponseEsipa [59] AuthenticateClientResponseEsipa, -- Tag 'BF3B'
+ getBoundProfilePackageResponseEsipa [58] GetBoundProfilePackageResponseEsipa, -- Tag 'BF3A'
+ cancelSessionResponseEsipa [65] CancelSessionResponseEsipa, -- Tag 'BF41'
+ transferEimPackageRequest [78] TransferEimPackageRequest, -- Tag 'BF4E'
+ getEimPackageResponse [79] GetEimPackageResponse, -- Tag 'BF4F'
+ provideEimPackageResultResponse [80] ProvideEimPackageResultResponse -- Tag 'BF50'
+}
+-- ASN1STOP
+
+-- Section 6.3.2
+-- ASN1START
+InitiateAuthenticationRequestEsipa ::= [57] SEQUENCE { -- Tag 'BF39'
+ euiccChallenge [1] Octet16, -- random eUICC challenge
+ smdpAddress [3] UTF8String OPTIONAL,
+ euiccInfo1 EUICCInfo1 OPTIONAL
+}
+InitiateAuthenticationResponseEsipa ::= [57] CHOICE { -- Tag 'BF39'
+ initiateAuthenticationOkEsipa InitiateAuthenticationOkEsipa,
+ initiateAuthenticationErrorEsipa INTEGER {
+ invalidDpAddress(1),
+ euiccVersionNotSupportedByDp(2),
+ ciPKIdNotSupported(3),
+ smdpAddressMismatch(50),
+ smdpOidMismatch(51)
+}
+}
+InitiateAuthenticationOkEsipa ::= SEQUENCE {
+ transactionId [0] TransactionId OPTIONAL, -- The TransactionID generated by the SM-DP+
+ serverSigned1 ServerSigned1, -- Signed information
+ serverSignature1 [APPLICATION 55] OCTET STRING, -- Server Sign1, Tag '5F37'
+ euiccCiPKIdToBeUsed OCTET STRING, -- Key identifier (possibly truncated) of the CI Public Key to be used as required by ES10b.AuthenticateServer
+ serverCertificate Certificate,
+ matchingId UTF8String OPTIONAL,
+ ctxParams1 [2] CtxParams1 OPTIONAL
+}
+-- ASN1STOP
+
+-- Section 6.3.2.2
+-- ASN1START
+AuthenticateClientRequestEsipa ::= [59] SEQUENCE { -- Tag 'BF3B'
+ transactionId [0] TransactionId,
+ authenticateServerResponse [56] SGP32-AuthenticateServerResponse -- This is the response from ES10b.AuthenticateServer, possibly in compact format
+}
+AuthenticateClientResponseEsipa ::= [59] CHOICE { -- Tag 'BF3B'
+ authenticateClientOkDPEsipa AuthenticateClientOkDPEsipa,
+ authenticateClientOkDSEsipa AuthenticateClientOkDSEsipa,
+ authenticateClientErrorEsipa INTEGER {
+ eumCertificateInvalid(1),
+ eumCertificateExpired(2),
+ euiccCertificateInvalid(3),
+ euiccCertificateExpired(4),
+ euiccSignatureInvalid(5),
+ matchingIdRefused(6),
+ eidMismatch(7),
+ noEligibleProfile(8),
+ ciPKUnknown(9),
+ invalidTransactionId(10),
+ insufficientMemory(11),
+ pprNotAllowed(50),
+ eventIdUnknown(56),
+ undefinedError(127)
+ }
+}
+AuthenticateClientOkDPEsipa ::= SEQUENCE {
+ transactionId [0] TransactionId OPTIONAL,
+ profileMetaData [37] StoreMetadataRequest OPTIONAL,
+ smdpSigned2 SmdpSigned2, -- Signed information
+ smdpSignature2 [APPLICATION 55] OCTET STRING, -- Tag '5F37'
+ smdpCertificate Certificate, -- CERT.DPpb.ECDSA
+ hashCc Octet32 OPTIONAL -- Hash of confirmation code
+}
+AuthenticateClientOkDSEsipa ::= SEQUENCE {
+ transactionId [0] TransactionId,
+ profileDownloadTrigger [84] ProfileDownloadTriggerRequest OPTIONAL -- Tag 'BF54'
+}
+-- ASN1STOP
+
+-- Section 6.3.2.3
+-- ASN1START
+GetBoundProfilePackageRequestEsipa ::= [58] SEQUENCE { -- Tag 'BF3A'
+ transactionId [0] TransactionId,
+ prepareDownloadResponse [33] SGP32-PrepareDownloadResponse -- This is the response from ES10b.PrepareDownload, possibly in compact format
+}
+GetBoundProfilePackageResponseEsipa ::= [58] CHOICE { -- Tag 'BF3A'
+ getBoundProfilePackageOkEsipa GetBoundProfilePackageOkEsipa,
+ getBoundProfilePackageErrorEsipa INTEGER {
+ euiccSignatureInvalid(1),
+ confirmationCodeMissing(2),
+ confirmationCodeRefused(3),
+ confirmationCodeRetriesExceeded(4),
+ bppRebindingRefused(5),
+ downloadOrderExpired(6),
+ profileMetadataMismatch(50),
+ invalidTransactionId(95),
+ undefinedError(127)
+ }
+}
+GetBoundProfilePackageOkEsipa ::= SEQUENCE {
+ transactionId [0] TransactionId OPTIONAL,
+ boundProfilePackage [54] BoundProfilePackage
+}
+-- ASN1STOP
+
+-- Section 6.3.2.4
+-- ASN1START
+HandleNotificationEsipa ::= [61] CHOICE { -- Tag 'BF3D'
+ pendingNotification SGP32-PendingNotification, -- A Notification to be delivered to a Notification Receiver, possibly in compact format
+ provideEimPackageResult ProvideEimPackageResult
+}
+-- ASN1STOP
+
+-- Section 6.3.2.5
+-- ASN1START
+CancelSessionRequestEsipa ::= [65] SEQUENCE { -- Tag 'BF41'
+ transactionId TransactionId,
+ cancelSessionResponse SGP32-CancelSessionResponse -- This is the response from ES10b. CancelSession function, possibly in compact format
+}
+CancelSessionResponseEsipa ::= [65] CHOICE { -- Tag 'BF41'
+ cancelSessionOk SGP32-CancelSessionOk,
+ cancelSessionError INTEGER {
+ invalidTransactionId(1),
+ euiccSignatureInvalid(2),
+ undefinedError(127)
+ }
+}
+SGP32-CancelSessionOk ::= SEQUENCE { -- This function has no output data
+}
+-- ASN1STOP
+
+
+-- Section 6.3.2.6
+-- ASN1START
+GetEimPackageRequest ::= [79] SEQUENCE { -- Tag 'BF4F'
+ eidValue [APPLICATION 26] Octet16, -- Tag '5A'
+ notifyStateChange [0] NULL OPTIONAL, -- Notification to the eIM that it should update its information about the eUICC (e.g. list of profiles, profile states...)
+ rPLMN [1] OCTET STRING (SIZE(3)) OPTIONAL -- MCC and MNC of the last registered PLMN, coded as defined in 3GPP TS 24.008 [22]
+}
+GetEimPackageResponse ::= [79] CHOICE { -- Tag 'BF4F'
+ euiccPackageRequest [81] EuiccPackageRequest, -- Tag 'BF51'
+ ipaEuiccDataRequest [82] IpaEuiccDataRequest, -- Tag 'BF52'
+ profileDownloadTriggerRequest [84] ProfileDownloadTriggerRequest, -- Tag 'BF54'
+ eimPackageError INTEGER {
+ noEimPackageAvailable(1),
+ undefinedError(127)
+ }
+}
+-- ASN1STOP
+
+-- Section 6.3.2.7
+-- ASN1START
+ProvideEimPackageResult ::= [80] CHOICE { -- Tag 'BF50'
+ euiccPackageResult [81] EuiccPackageResult, -- Tag 'BF51'
+ ePRAndNotifications SEQUENCE {
+ euiccPackageResult [81] EuiccPackageResult, -- Tag 'BF51'
+ notificationList [43] SGP32-RetrieveNotificationsListResponse -- Tag 'BF2B'
+ },
+ ipaEuiccDataResponse [82] IpaEuiccDataResponse, -- Tag 'BF52'
+ profileDownloadTriggerResult [84] ProfileDownloadTriggerResult, -- Tag 'BF54'
+ eimPackageError INTEGER {
+ invalidPackageFormat(1),
+ unknownPackage(2),
+ undefinedError(127)
+ }
+}
+ProvideEimPackageResultResponse ::= [80] SEQUENCE { -- Tag 'BF50'
+ eimAcknowledgements [83] EimAcknowledgements OPTIONAL -- Tag 'BF53'
+}
+-- ASN1STOP
+
+-- Section 6.3.3.1
+-- ASN1START
+TransferEimPackageRequest ::= [78] CHOICE { -- Tag 'BF4E'
+ euiccPackageRequest [81] EuiccPackageRequest, -- Tag 'BF51'
+ ipaEuiccDataRequest [82] IpaEuiccDataRequest, -- Tag 'BF52'
+ eimAcknowledgements [83] EimAcknowledgements, -- Tag 'BF53'
+ profileDownloadTriggerRequest [84] ProfileDownloadTriggerRequest -- Tag 'BF54'
+}
+TransferEimPackageResponse ::= [78] CHOICE { -- Tag 'BF4E'
+ euiccPackageResult [81] EuiccPackageResult, -- Tag 'BF51'
+ ePRAndNotifications SEQUENCE {
+ euiccPackageResult [81] EuiccPackageResult, -- Tag 'BF51'
+ notificationList [43] SGP32-RetrieveNotificationsListResponse -- Tag 'BF2B'
+ },
+ ipaEuiccDataResponse [82] IpaEuiccDataResponse, -- Tag 'BF52'
+ eimPackageReceived NULL,
+ eimPackageError INTEGER {
+ invalidPackageFormat(1),
+ unknownPackage(2),
+ undefinedError(127)
+ }
+}
+-- ASN1STOP
+
+
+END
diff --git a/library/euicc/SGP32Definitions_EncDec.cc b/library/euicc/SGP32Definitions_EncDec.cc
new file mode 100644
index 0000000..4dfcc6b
--- /dev/null
+++ b/library/euicc/SGP32Definitions_EncDec.cc
@@ -0,0 +1,113 @@
+#include "SGP32Definitions.hh"
+
+namespace SGP32Definitions__Types {
+
+using namespace SGP32Definitions;
+using namespace PKIX1Explicit88;
+
+TTCN_Module SGP32Definitions__EncDec("SGP32Definitions_EncDec", __DATE__, __TIME__);
+
+OCTETSTRING enc__EsipaMessageFromIpaToEim(const EsipaMessageFromIpaToEim &msg) {
+ TTCN_Buffer buf;
+
+ buf.clear();
+ msg.encode(EsipaMessageFromIpaToEim_descr_, buf, TTCN_EncDec::CT_BER, BER_ENCODE_DER);
+ return OCTETSTRING(buf.get_len(), buf.get_data());
+}
+
+EsipaMessageFromIpaToEim dec__EsipaMessageFromIpaToEim(const OCTETSTRING &stream) {
+ TTCN_Buffer buf;
+ EsipaMessageFromIpaToEim msg;
+ buf.put_os(stream);
+
+ msg.decode(EsipaMessageFromIpaToEim_descr_, buf, TTCN_EncDec::CT_BER, BER_ACCEPT_ALL);
+ return msg;
+}
+
+OCTETSTRING enc__EsipaMessageFromEimToIpa(const EsipaMessageFromEimToIpa &msg) {
+ TTCN_Buffer buf;
+
+ buf.clear();
+ msg.encode(EsipaMessageFromEimToIpa_descr_, buf, TTCN_EncDec::CT_BER, BER_ENCODE_DER);
+ return OCTETSTRING(buf.get_len(), buf.get_data());
+}
+
+EsipaMessageFromEimToIpa dec__EsipaMessageFromEimToIpa(const OCTETSTRING &stream) {
+ TTCN_Buffer buf;
+ EsipaMessageFromEimToIpa msg;
+ buf.put_os(stream);
+
+ msg.decode(EsipaMessageFromEimToIpa_descr_, buf, TTCN_EncDec::CT_BER, BER_ACCEPT_ALL);
+ return msg;
+}
+
+OCTETSTRING enc__EuiccPackageResult(const EuiccPackageResult &msg) {
+ TTCN_Buffer buf;
+
+ buf.clear();
+ msg.encode(EuiccPackageResult_descr_, buf, TTCN_EncDec::CT_BER, BER_ENCODE_DER);
+ return OCTETSTRING(buf.get_len(), buf.get_data());
+}
+
+EuiccPackageResult dec__EuiccPackageResult(const OCTETSTRING &stream) {
+ TTCN_Buffer buf;
+ EuiccPackageResult msg;
+ buf.put_os(stream);
+
+ msg.decode(EuiccPackageResult_descr_, buf, TTCN_EncDec::CT_BER, BER_ACCEPT_ALL);
+ return msg;
+}
+
+OCTETSTRING enc__GetCertsResponse(const GetCertsResponse &msg) {
+ TTCN_Buffer buf;
+
+ buf.clear();
+ msg.encode(GetCertsResponse_descr_, buf, TTCN_EncDec::CT_BER, BER_ENCODE_DER);
+ return OCTETSTRING(buf.get_len(), buf.get_data());
+}
+
+GetCertsResponse dec__GetCertsResponse(const OCTETSTRING &stream) {
+ TTCN_Buffer buf;
+ GetCertsResponse msg;
+ buf.put_os(stream);
+
+ msg.decode(GetCertsResponse_descr_, buf, TTCN_EncDec::CT_BER, BER_ACCEPT_ALL);
+ return msg;
+}
+
+OCTETSTRING enc__GetEimConfigurationDataResponse(const GetEimConfigurationDataResponse &msg) {
+ TTCN_Buffer buf;
+
+ buf.clear();
+ msg.encode(GetEimConfigurationDataResponse_descr_, buf, TTCN_EncDec::CT_BER, BER_ENCODE_DER);
+ return OCTETSTRING(buf.get_len(), buf.get_data());
+}
+
+GetEimConfigurationDataResponse dec__GetEimConfigurationDataResponse(const OCTETSTRING &stream) {
+ TTCN_Buffer buf;
+ GetEimConfigurationDataResponse msg;
+ buf.put_os(stream);
+
+ msg.decode(GetEimConfigurationDataResponse_descr_, buf, TTCN_EncDec::CT_BER, BER_ACCEPT_ALL);
+ return msg;
+}
+
+OCTETSTRING enc__AddInitialEimResponse(const AddInitialEimResponse &msg) {
+ TTCN_Buffer buf;
+
+ buf.clear();
+ msg.encode(AddInitialEimResponse_descr_, buf, TTCN_EncDec::CT_BER, BER_ENCODE_DER);
+ return OCTETSTRING(buf.get_len(), buf.get_data());
+}
+
+AddInitialEimResponse dec__AddInitialEimResponse(const OCTETSTRING &stream) {
+ TTCN_Buffer buf;
+ AddInitialEimResponse msg;
+ buf.put_os(stream);
+
+ msg.decode(AddInitialEimResponse_descr_, buf, TTCN_EncDec::CT_BER, BER_ACCEPT_ALL);
+ return msg;
+}
+
+
+}
diff --git a/library/euicc/SGP32Definitions_Templates.ttcn b/library/euicc/SGP32Definitions_Templates.ttcn
new file mode 100644
index 0000000..f22778c
--- /dev/null
+++ b/library/euicc/SGP32Definitions_Templates.ttcn
@@ -0,0 +1,433 @@
+/* SGP32 Templates in TTCN-3
+ *
+ * Author: Philipp Maier <pmaier@sysmocom.de> / sysmocom - s.f.m.c. GmbH
+ *
+ * Released under the terms of GNU General Public License, Version 2 or
+ * (at your option) any later version.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+module SGP32Definitions_Templates {
+
+import from SGP32Definitions all;
+import from SGP32Definitions_Types all;
+
+import from RSPDefinitions all;
+import from RSPDefinitions_Types all;
+import from RSPDefinitions_Templates all;
+
+import from PKIX1Explicit88 all;
+import from PKIX1Explicit88_Templates all;
+import from PKIX1Explicit88_Types all;
+
+/* GSMA SGP.32, section 6.3.2.1 */
+template (present) EsipaMessageFromEimToIpa
+tr_initiateAuthenticationResponseEsipa(template (present) octetstring euiccChallenge := ?,
+ template (present) universal charstring serverAddress := ?) := {
+ initiateAuthenticationResponseEsipa := {
+ initiateAuthenticationOkEsipa := {
+ transactionId := *,
+ serverSigned1 := {
+ transactionId := ?,
+ euiccChallenge := euiccChallenge,
+ serverAddress := serverAddress,
+ serverChallenge := ?
+ },
+ serverSignature1 := ?,
+ euiccCiPKIdToBeUsed := ?,
+ serverCertificate := ?,
+ matchingId := *,
+ ctxParams1 := *
+ }
+ }
+}
+
+template (value) EsipaMessageFromEimToIpa
+ts_initiateAuthenticationResponseEsipa(template (value) octetstring euiccChallenge := '00112233445566778899AABBCCDDEEFF'O,
+ template (value) universal charstring serverAddress := "smdp.example.com") := {
+ initiateAuthenticationResponseEsipa := {
+ initiateAuthenticationOkEsipa := {
+ transactionId := omit,
+ serverSigned1 := {
+ transactionId := 'ABCDEF'O,
+ euiccChallenge := euiccChallenge,
+ serverAddress := "smdp.example.com",
+ serverChallenge := '01020304050607080910111213141516'O
+ },
+ serverSignature1 := '01020304'O,
+ euiccCiPKIdToBeUsed := 'F54172BDF98A95D65CBEB88A38A1C11D800A85C3'O, /* NIST */
+ serverCertificate := ts_cert_s_sm_dpauth_nist,
+// serverCertificate := ts_cert_s_sm_dpauth_brp,
+// serverCertificate := ts_cert_s_sm_dp2auth_nist,
+// serverCertificate := ts_cert_s_sm_dp2auth_brp,
+ matchingId := omit,
+ ctxParams1 := omit
+ }
+ }
+}
+
+/* GSMA SGP.32, section 6.3.2.1 */
+template (present) EsipaMessageFromIpaToEim
+tr_initiateAuthenticationRequestEsipa(template (present) octetstring euiccChallenge := ?) := {
+ initiateAuthenticationRequestEsipa := {
+ euiccChallenge := euiccChallenge,
+ smdpAddress := *,
+ euiccInfo1 := *
+ }
+}
+template (value) EsipaMessageFromIpaToEim
+ts_initiateAuthenticationRequestEsipa(template (value) octetstring euiccChallenge := '00112233445566778899aabbccddeeff'O) := {
+ initiateAuthenticationRequestEsipa := {
+ euiccChallenge := euiccChallenge,
+ smdpAddress := omit,
+ euiccInfo1 := omit
+ }
+}
+
+/* GSMA SGP.32, section 6.3.2.2 */
+template (present) EsipaMessageFromIpaToEim
+tr_authenticateClientRequestEsipa := {
+ authenticateClientRequestEsipa := {
+ transactionId := ?,
+ authenticateServerResponse := {
+ authenticateResponseOk := ?
+ }
+ }
+}
+/* TODO: create coresponding ts_ template */
+
+/* GSMA SGP.32, section 6.3.2.2 */
+template (present) EsipaMessageFromEimToIpa
+tr_authenticateClientResponseEsipa_dse(template (present) octetstring transactionId := ?,
+ template (present) charstring activationCode := ?) := {
+ authenticateClientResponseEsipa := {
+ authenticateClientOkDSEsipa := {
+ transactionId := transactionId,
+ profileDownloadTrigger := {
+ profileDownloadData := {
+ activationCode := ?
+ },
+ eimTransactionId := *
+ }
+ }
+ }
+}
+template (value) EsipaMessageFromEimToIpa
+ts_authenticateClientResponseEsipa_dse(template (value) octetstring transactionId := 'ABCDEF'O,
+ template (value) charstring activationCode := "1$SMDP.EXAMPLE.COM$$1.3.6.1.4.1.31746") := {
+ authenticateClientResponseEsipa := {
+ authenticateClientOkDSEsipa := {
+ transactionId := transactionId,
+ profileDownloadTrigger := {
+ profileDownloadData := {
+ activationCode := activationCode
+ },
+ eimTransactionId := omit
+ }
+ }
+ }
+}
+
+/* GSMA SGP.32, section 6.3.2.2 */
+template (present) EsipaMessageFromEimToIpa
+tr_authenticateClientResponseEsipa_dpe(template (present) octetstring transactionId := ?) := {
+ authenticateClientResponseEsipa := {
+ authenticateClientOkDPEsipa := {
+ transactionId := transactionId,
+ profileMetaData := *,
+ smdpSigned2 := {
+ transactionId := ?,
+ ccRequiredFlag := ?,
+ bppEuiccOtpk := *
+ },
+ smdpSignature2 := ?,
+ smdpCertificate := ?,
+ hashCc := *
+ }
+ }
+}
+template (value) EsipaMessageFromEimToIpa
+ts_authenticateClientResponseEsipa_dpe(template (value) octetstring transactionId := 'ABCDEF'O) := {
+ authenticateClientResponseEsipa := {
+ authenticateClientOkDPEsipa := {
+ transactionId := transactionId,
+ profileMetaData := omit,
+ smdpSigned2 := {
+ transactionId := transactionId,
+ ccRequiredFlag := false,
+ bppEuiccOtpk := omit
+ },
+ smdpSignature2 := 'AAAAAAAAAAAAAAAAAAAAAAAA'O,
+ smdpCertificate := ts_cert_s_sm_dpauth_nist,
+// smdpCertificate := ts_cert_s_sm_dpauth_brp,
+// smdpCertificate := ts_cert_s_sm_dp2auth_nist,
+// smdpCertificate := ts_cert_s_sm_dp2auth_brp,
+ hashCc := omit
+ }
+ }
+}
+
+/* GSMA SGP.32, section 6.3.2.6 */
+template (present) EsipaMessageFromIpaToEim
+tr_getEimPackageRequest(template (present) octetstring eidValue := ?) := {
+ getEimPackageRequest := {
+ eidValue := eidValue,
+ notifyStateChange := *,
+ rPLMN := *
+ }
+}
+template (value) EsipaMessageFromIpaToEim
+ts_getEimPackageRequest(template (value) octetstring eidValue) := {
+ getEimPackageRequest := {
+ eidValue := eidValue,
+ notifyStateChange := omit,
+ rPLMN := omit
+ }
+}
+
+/* GSMA SGP.32, section 6.3.2.6 and 2.11.1.3 */
+template (present) EsipaMessageFromEimToIpa
+tr_getEimPackageResponse_dnlTrigReq(template (present) charstring activationCode := ?) := {
+ getEimPackageResponse := {
+ profileDownloadTriggerRequest := {
+ profileDownloadData := {
+ activationCode := activationCode
+ },
+ eimTransactionId := *
+ }
+ }
+}
+template (value) EsipaMessageFromEimToIpa
+ts_getEimPackageResponse_dnlTrigReq(template (value) charstring activationCode := "1$SMDP.EXAMPLE.COM$$1.3.6.1.4.1.31746") := {
+ getEimPackageResponse := {
+ profileDownloadTriggerRequest := {
+ profileDownloadData := {
+ activationCode := activationCode
+ },
+ eimTransactionId := omit
+ }
+ }
+}
+
+/* GSMA SGP.32, section 6.3.2.6 and 2.11.1.2 */
+template (present) EsipaMessageFromEimToIpa
+tr_getEimPackageResponse_euiccDataReq := {
+ getEimPackageResponse := {
+ ipaEuiccDataRequest := {
+ tagList := ?,
+ euiccCiPKId := *,
+ searchCriteria := *
+ }
+ }
+}
+template (value) EsipaMessageFromEimToIpa
+ts_getEimPackageResponse_euiccDataReq := {
+ getEimPackageResponse := {
+ ipaEuiccDataRequest := {
+ tagList := '80BF20BF228384A5A688A9BF2B'O,
+ euiccCiPKId := omit,
+ searchCriteria := omit
+ }
+ }
+}
+
+/* GSMA SGP.32, section 6.3.2.6 */
+template (present) EsipaMessageFromEimToIpa
+tr_getEimPackageResponse_eimPkgErrUndef := {
+ getEimPackageResponse := {
+ eimPackageError := ?
+ }
+}
+template (value) EsipaMessageFromEimToIpa
+ts_getEimPackageResponse_eimPkgErrUndef := {
+ getEimPackageResponse := {
+ eimPackageError := 127
+ }
+}
+
+/* GSMA SGP.32, section 6.3.2.6 */
+template (value) EsipaMessageFromEimToIpa
+ts_getEimPackageResponse_euiccPkgReq := {
+ getEimPackageResponse := {
+ euiccPackageRequest := {
+ euiccPackageSigned := {
+ eimId := "myEim",
+ eidValue := '00112233445566778899AABBCCDDEEFF'O,
+ counterValue := 123,
+ transactionId := omit,
+ euiccPackage := {
+ psmoList := {
+ {
+ configureAutoEnable := {
+ autoEnableFlag := NULL,
+ smdpOid := omit,
+ smdpAddress := omit
+ }
+ }
+ }
+ }
+ },
+ eimSignature := '1234567890'O
+ }
+ }
+}
+
+/* GSMA SGP.32, section 6.3.2.5 */
+template (present) EsipaMessageFromIpaToEim
+tr_cancelSessionRequestEsipa := {
+ cancelSessionRequestEsipa := {
+ transactionId := ?,
+ cancelSessionResponse := {
+ cancelSessionResponseOk := tr_cancelSessionResponseOk
+ }
+ }
+}
+template (value) EsipaMessageFromIpaToEim
+ts_cancelSessionRequestEsipa := {
+ cancelSessionRequestEsipa := {
+ transactionId := 'AABBCC'O,
+ cancelSessionResponse := {
+ cancelSessionResponseOk := ts_cancelSessionResponseOk
+ }
+ }
+}
+
+/* GSMA SGP.32, section 6.3.2.5 */
+template (present) EsipaMessageFromEimToIpa
+tr_cancelSessionResponseEsipa := {
+ cancelSessionResponseEsipa := {
+ cancelSessionOk := {
+ /* This function has no output data */
+ }
+ }
+}
+template (value) EsipaMessageFromEimToIpa
+ts_cancelSessionResponseEsipa := {
+ cancelSessionResponseEsipa := {
+ cancelSessionOk := {
+ /* This function has no output data */
+ }
+ }
+}
+
+/* GSMA SGP.32, section 6.3.2.3 */
+template (present) EsipaMessageFromEimToIpa
+tr_getBoundProfilePackageResponseEsipa := {
+ getBoundProfilePackageResponseEsipa := {
+ getBoundProfilePackageOkEsipa := {
+ transactionId := *,
+ boundProfilePackage := tr_boundProfilePackage
+ }
+ }
+}
+template (value) EsipaMessageFromEimToIpa
+ts_getBoundProfilePackageResponseEsipa := {
+ getBoundProfilePackageResponseEsipa := {
+ getBoundProfilePackageOkEsipa := {
+ transactionId := omit,
+ boundProfilePackage := ts_boundProfilePackage
+ }
+ }
+}
+
+/* GSMA SGP.32, section 5.9.1 */
+template (present) EuiccPackageResult
+tr_euiccPackageResult := {
+ euiccPackageResultSigned := {
+ euiccPackageResultDataSigned := {
+ eimId := ?,
+ counterValue := ?,
+ transactionId := *,
+ seqNumber := ?,
+ euiccResult := ?
+ },
+ euiccSignEPR := ?
+ }
+}
+template (value) EuiccPackageResult
+ts_euiccPackageResult := {
+ euiccPackageResultSigned := {
+ euiccPackageResultDataSigned := {
+ eimId := "myEim",
+ counterValue := 333,
+ transactionId := omit,
+ seqNumber := 1234,
+ euiccResult := {
+ {
+ configureAutoEnableResult := 0
+ }
+ }
+ },
+ euiccSignEPR := 'AABBCCDDEEFF'O
+ }
+}
+
+/* GSMA SGP.32, section 6.3.2.7 */
+/* TODO rename tr_provideEimPackageResultResponse to something like tr_provideEimPackageResultResponse_eimAck */
+template (present) EsipaMessageFromEimToIpa
+tr_provideEimPackageResultResponse := {
+ provideEimPackageResultResponse := {
+ eimAcknowledgements := *
+ }
+}
+template (value) EsipaMessageFromEimToIpa
+ts_provideEimPackageResultResponse(template (value) EimAcknowledgements eimAcknowledgements := {}) := {
+ provideEimPackageResultResponse := {
+ eimAcknowledgements := eimAcknowledgements
+ }
+}
+
+/* GSMA SGP.32, section 2.11.1.2 */
+template (present) GetCertsResponse
+tr_getCertsResponse := {
+ certs := {
+ eumCertificate := ?,
+ euiccCertificate := ?
+ }
+}
+template (value) GetCertsResponse
+ts_getCertsResponse := {
+ certs := {
+ eumCertificate := ts_cert_s_sm_dpauth_nist,
+ euiccCertificate := ts_cert_eum_nist
+ }
+}
+
+/* GSMA SGP.32, section 5.9.18 */
+template (present) GetEimConfigurationDataResponse
+tr_getEimConfigurationDataResponse := {
+ eimConfigurationDataList := ?
+}
+template (value) GetEimConfigurationDataResponse
+ts_getEimConfigurationDataResponse(template (value) charstring eimFqdn := "127.0.0.1") := {
+ eimConfigurationDataList := {
+ {
+ eimId := "myEIM",
+ eimFqdn := eimFqdn,
+ eimIdType := omit,
+ counterValue := omit,
+ associationToken := 123,
+ eimPublicKeyData := omit,
+ trustedPublicKeyDataTls := omit,
+ eimSupportedProtocol := omit,
+ euiccCiPKId := omit
+ }
+ }
+}
+
+/* GSMA SGP.32, section 5.9.4 */
+template (present) AddInitialEimResponse
+tr_addInitialEimResponse := {
+ addInitialEimOk := ?
+}
+template (value) AddInitialEimResponse
+ts_addInitialEimResponse(template (value) charstring eimFqdn := "127.0.0.1") := {
+ addInitialEimOk := {
+ {
+ addOk := NULL
+ }
+ }
+}
+
+}
\ No newline at end of file
diff --git a/library/euicc/SGP32Definitions_Types.ttcn b/library/euicc/SGP32Definitions_Types.ttcn
new file mode 100644
index 0000000..44a1a07
--- /dev/null
+++ b/library/euicc/SGP32Definitions_Types.ttcn
@@ -0,0 +1,24 @@
+module SGP32Definitions_Types {
+
+import from SGP32Definitions all;
+import from Native_Functions all;
+
+external function dec_EsipaMessageFromIpaToEim(in octetstring stream) return EsipaMessageFromIpaToEim;
+external function enc_EsipaMessageFromIpaToEim(in EsipaMessageFromIpaToEim msg) return octetstring;
+
+external function dec_EsipaMessageFromEimToIpa(in octetstring stream) return EsipaMessageFromEimToIpa;
+external function enc_EsipaMessageFromEimToIpa(in EsipaMessageFromEimToIpa msg) return octetstring;
+
+external function dec_EuiccPackageResult(in octetstring stream) return EuiccPackageResult;
+external function enc_EuiccPackageResult(in EuiccPackageResult msg) return octetstring;
+
+external function dec_GetCertsResponse(in octetstring stream) return GetCertsResponse;
+external function enc_GetCertsResponse(in GetCertsResponse msg) return octetstring;
+
+external function dec_GetEimConfigurationDataResponse(in octetstring stream) return GetEimConfigurationDataResponse;
+external function enc_GetEimConfigurationDataResponse(in GetEimConfigurationDataResponse msg) return octetstring;
+
+external function dec_AddInitialEimResponse(in octetstring stream) return AddInitialEimResponse;
+external function enc_AddInitialEimResponse(in AddInitialEimResponse msg) return octetstring;
+
+}