
CSP Protocol
Compatible with GlobalPlatform Amendment N v0.0.0.39, generated on 29.04.2025.
ASN 7-1ba: CSP Protocol: ASN.1 Definition for the CSPAdminCommand
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
7..n |
CSPAdminCommand |
'CSPAdminCommand': Administrative operations to manage a CSP Application through its SD. |
|
|
'A0' |
5..n |
CSPAdminCommandChoice |
'adminCommandChoice': Encoded using explicit tagging where 'TA' is the type of the chosen CHOICE alternative: 'A0 L'
'TA LA VA' |
|
|
ASN 7-1bb: CSP Protocol: ASN.1 Definition for CSPAdminCommandChoice
Tag |
Size |
Type |
Description |
Presence |
CHOICE |
|
CSPAdminCommandChoice |
|
|
'A0' |
5..n |
CSPEnforce |
"enforce": Detect features and/or algorithms supported by this platform. |
CONDITIONAL |
'A1' |
9..n |
CSPRegisterClient |
"registerApplication": Register the AID of a Client Application for use with this CSP Instance. |
CONDITIONAL |
'A2' |
8..23 |
CSPUnregisterClient |
"unregisterApplication": Unregister a Client Application from this CSP Instance. |
CONDITIONAL |
'A3' |
19..342 |
CSPCreateResource |
"createResource": Create a key, certificate, password, counter or timer as resource. |
CONDITIONAL |
'A4' |
8..9 |
CSPDestroyResource |
"destroyResource": Destroy a resource and free memory. |
CONDITIONAL |
'A5' |
8..315 |
CSPConfigureResource |
"configureResource": Change the configuration of a resource. |
CONDITIONAL |
'A6' |
5..n |
CSPSetup |
"setup": Change the general settings of the CSP Instance. |
CONDITIONAL |
'A7' |
5..9 |
CSPActivate |
"activate": Activate this CSP Instance for operational use. |
CONDITIONAL |
'A8' |
5 |
CSPDeactivate |
"deactivate": Deactivate this CSP Instance, thus Client Applications cannot use it. |
CONDITIONAL |
'A9' |
5 |
CSPGetConfiguration |
"getConfig": Retrieve the entire configuration settings of this CSP Instance. |
CONDITIONAL |
'AA' |
13..65578 |
CSPSetValue |
"setValue": Set the value of a resource (e.g., key value, password, certificate). |
CONDITIONAL |
'AB' |
8..9 |
CSPClearResource |
"clearResource": Securely wipe the value of a resource. |
CONDITIONAL |
'AC' |
8..526 |
CSPSystemAttestation |
"systemAttestation": Compute an SE Platform attestation or CSP Config attestation. |
CONDITIONAL |
'AD' |
8..9 |
CSPGenerateKey |
"generateKey": Generate a symmetric or private key value with random data. |
CONDITIONAL |
'AE' |
11..13 |
CSPComputePublicKey |
"computePublicKey": Compute the public part of a private key value. |
CONDITIONAL |
'AF' |
29..531 |
CSPDeriveKey |
"deriveKey": Derive a key from a source key and optional input data. |
CONDITIONAL |
'B0' |
15..65559 |
CSPSetTime |
"settime": Set the reference time that is used to estimate the system time. |
CONDITIONAL |
Used in: CSPAdminCommand
ASN 7-2: Admin: ASN.1 Definition for CSPEnforce
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
3..n |
CSPEnforce |
'CSPEnforce': Command that checks features and algorithms on the platform. |
|
|
'80' |
1 |
CSPProtocolVersion |
'cspProtocolVersion': Minimum API level required for the CSP Protocol. |
|
|
'A1' |
0..n |
CSPCoreSupport |
'coreSupport': Optional core functionality (e.g., policies). |
OPTIONAL |
|
'A2' |
0..n |
CSPCipherSupport |
'cipherSupport': Cipher and padding algorithms. |
OPTIONAL |
|
'A3' |
0..n |
CSPSignatureSupport |
'signatureSupport': Signature algorithms. |
OPTIONAL |
|
'84' |
0 |
NULL |
'transformSupport': Cipher encryption transformation. |
OPTIONAL |
|
'A5' |
0..8 |
CSPSecureChannelSupport |
'secChannelSupport': Secure channel protocols. |
OPTIONAL |
|
'86' |
0 |
NULL |
'confidentialSupport': Confidential data transfer extension of the secure channel service. |
OPTIONAL |
|
'A7' |
0..n |
CSPAttestationSupport |
'attestationSupport': Attestation types. |
OPTIONAL |
|
'A8' |
0..n |
CSPKeySupport |
'keySupport': Key type, size, curve, along with derivation and agreement algorithms. |
OPTIONAL |
|
'A9' |
0..n |
CSPCertificateSupport |
'certificateSupport': Certificate types. |
OPTIONAL |
|
'AA' |
0..n |
CSPPasswordSupport |
'passwordSupport': Password management operations. |
OPTIONAL |
|
'AB' |
0..n |
CSPCounterSupport |
'counterSupport': Counter types. |
OPTIONAL |
|
'AC' |
0..n |
CSPTimeSupport |
'timeSupport': Time management and timer types. |
OPTIONAL |
|
'AD' |
0..n |
CSPAuditSupport |
'auditSupport': Secure auditing and event types. |
OPTIONAL |
|
'8E' |
0 |
NULL |
'offloadingSupport': Resource import and export functionality. |
OPTIONAL |
|
'AF' |
0..n |
CSPFieldSupport |
'fieldSupport': Fields to be included in attestation results and log messages. |
OPTIONAL |
|
'B0' |
0..n |
CSPPolicySupport |
'policySupport': Constraint-based access control using policies. |
OPTIONAL |
|
Used in: CSPAdminCommandChoice
ASN 7-3: Admin: ASN.1 Definition for CSPRegisterClient
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
7..n |
CSPRegisterClient |
'CSPRegisterClient': Command to register a Client Application or an off-card Client to the CSP. |
|
|
'80' |
1 |
CSPProtocolVersion |
'cspProtocolVersion': Minimum API level required for the CSP Protocol. |
|
|
'A1' |
2..n |
CSPClient |
'client': The Client Application or off-card Client to register. |
|
|
Used in: CSPAdminCommandChoice
ASN 7-4: Admin: ASN.1 Definition for CSPUnregisterClient
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
6..21 |
CSPUnregisterClient |
'CSPUnregisterClient': Command to unregister a CSP Client, revoking its access to the CSP. |
|
|
'80' |
1 |
CSPProtocolVersion |
'cspProtocolVersion': Minimum API level required for the CSP Protocol. |
|
|
'A1' |
1..16 |
CSPClientReference |
'client': The client identifier or the AID of a Client Application. Encoded using explicit tagging where 'TA' is the type of the chosen CHOICE alternative: 'A1 L'
'TA LA VA' |
|
|
Used in: CSPAdminCommandChoice
ASN 7-5: Admin: ASN.1 Definition for CSPCreateResource
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
17..338 |
CSPCreateResource |
'CSPCreateResource': Command to create a key, certificate or password resource. |
|
|
'80' |
1 |
CSPProtocolVersion |
'cspProtocolVersion': Minimum API level required for the CSP Protocol. |
|
|
'A1' |
12..331 |
CSPResource |
'resouceData': The resource data (e.g., resource ID, resource type, etc.). |
|
|
Used in: CSPAdminCommandChoice
ASN 7-6: Admin: ASN.1 Definition for CSPDestroyResource
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
6..7 |
CSPDestroyResource |
'CSPDestroyResource': Command to remove a key or password resource. |
|
|
'80' |
1 |
CSPProtocolVersion |
'cspProtocolVersion': Minimum API level required for the CSP Protocol. |
|
|
'81' |
1..2 |
CSPResourceId |
'resourceId': The resource ID that shall be unregistered. |
|
|
Used in: CSPAdminCommandChoice
Used in: CSPAdminCommandChoice
ASN 7-8: Admin: ASN.1 Definition for CSPSetup
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
3..n |
CSPSetup |
'CSPSetup': Command to setup general settings of the CSP Instance. |
|
|
'80' |
1 |
CSPProtocolVersion |
'cspProtocolVersion': Minimum API level required for the CSP Protocol. |
|
|
'A1' |
0..47 |
CSPSettings |
'cspSettings': Version, name, attestation key and error handling of this CSP Instance. |
OPTIONAL |
|
'A2' |
0..13 |
CSPSecureChannelSettings |
'secureChannelSettings': Set the general secure channel authentication timeout. |
OPTIONAL |
|
'A3' |
0..5 |
CSPPolicySettings |
'policySettings': Select policy mode for handling unavailable policy types. |
OPTIONAL |
|
'A4' |
0..5 |
CSPCounterSettings |
'counterSettings': Select counter mode for handling unavailable counter types and sizes. |
OPTIONAL |
|
'A5' |
0..12 |
CSPTimeSettings |
'timeSettings': Configure time management and handling of unavailable time. |
OPTIONAL |
|
'A6' |
0..n |
CSPAuditSettings |
'auditSettings': Configure audit event logging and handling of unavailable event types. |
OPTIONAL |
|
'A7' |
0..5 |
CSPFieldSettings |
'fieldSettings': Select field mode for handling unavailable signature fields. |
OPTIONAL |
|
Used in: CSPAdminCommandChoice
ASN 7-9: Admin: ASN.1 Definition for CSPActivate
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
3..7 |
CSPActivate |
'CSPActivate': Command to finalize a CSP Configuration. |
|
|
'80' |
1 |
CSPProtocolVersion |
'cspProtocolVersion': Minimum API level required for the CSP Protocol. |
|
|
'81' |
0..2 |
CSPConfigVersion |
'configVersion': Custom version of the CSP Configuration chosen by the CSP Admin. |
OPTIONAL |
|
Used in: CSPAdminCommandChoice
- Example for ASN 7-9 CSPActivate:
- minimal length value 3 when optional parameters are skipped
- 30 03 800101 = CSPActivate {cspProtocolVersion: 1}
- maximal length value 7 when upper limits are utilized for all parameters
- 30 07 800101 8102264A = CSPActivate {cspProtocolVersion: 1, configVersion: 38.74}
- when referenced in the main CSP-Command options the size contains additional 2 bytes (tag- and size-byte) resulting in a full size range of 5..9
ASN 7-10: Admin: ASN.1 Definition for CSPDeactivate
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
3 |
CSPDeactivate |
'CSPDeactivate': Command to deactivate a CSP Configuration. |
|
|
'80' |
1 |
CSPProtocolVersion |
'cspProtocolVersion': Minimum API level required for the CSP Protocol. |
|
|
Used in: CSPAdminCommandChoice
ASN 7-11: Admin: ASN.1 Definition for CSPGetConfiguration
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
3 |
CSPGetConfiguration |
'CSPGetConfiguration': Command to retrieve the entire CSP Configuration. |
|
|
'80' |
1 |
CSPProtocolVersion |
'cspProtocolVersion': Minimum API level required for the CSP Protocol. |
|
|
Used in: CSPAdminCommandChoice, CSPRequiresAuthentication
ASN 7-12: Admin: ASN.1 Definition for CSPGetConfigurationResponse
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
84..n |
CSPGetConfigurationResponse |
'CSPGetConfigurationResponse': Response of the CSPGetConfiguration command. |
|
|
'80' |
1 |
CSPProtocolVersion |
'cspProtocolVersion': Version of the CSP Admin Protocol used. |
|
|
'A1' |
79..n |
CSPConfiguration |
'cspConfiguration': CSP Configuration of the entire CSP Instance. |
|
|
ASN 7-13: Resource: ASN.1 Definition for CSPSetValue
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
11..65573 |
CSPSetValue |
'CSPSetValue': Command to set the value of a key, certificate or pwd resource. |
|
|
'80' |
1 |
CSPProtocolVersion |
'cspProtocolVersion': Minimum API level required for the CSP Protocol. |
|
|
'81' |
1..2 |
CSPResourceId |
'resourceId': The identifier of the resource to set the value for. |
|
|
'82' |
0..2 |
CSPResourceId |
'decryptionResourceId': If set, the data is decrypted before being assigned to the resource. |
OPTIONAL |
|
'83' |
0..65536 |
OCTET STRING |
'data': The value of the resource. |
|
|
'84' |
0..16 |
OCTET STRING |
'initializationData': Algorithm-specific initialization data for decryption, e.g., iv data. |
OPTIONAL |
|
'85' |
1 |
BOOLEAN |
'inTransport': Is this an initial value requiring change (only for passwords)? |
|
|
Used in: CSPAdminCommandChoice
ASN 7-14a: CSP Protocol: ASN.1 Definition for the CSPClientCommand
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
7..98329 |
CSPClientCommand |
'CSPClientCommand': Client operations to use the cryptographic services of the CSP. |
|
|
'A0' |
5..98324 |
CSPClientCommandChoice |
'clientCommandChoice': Encoded using explicit tagging where 'TA' is the type of the chosen CHOICE alternative: 'A0 L'
'TA LA VA' |
|
|
ASN 7-14ba: CSP Protocol: ASN.1 Definition for CSPClientCommandChoice
Tag |
Size |
Type |
Description |
Presence |
CHOICE |
|
CSPClientCommandChoice |
|
|
'AC' |
8..526 |
CSPSystemAttestation |
"systemAttestation": Compute an SE platform attestation or a CSP Config attestation. |
CONDITIONAL |
'B1' |
8..32778 |
CSPProcessSecurity |
"processAuthentication": Process secure channel authentication defined via authProtocol. |
CONDITIONAL |
'B2' |
5..98324 |
CSPRequiresAuthentication |
"requiresAuthentication": Command structures that require Client Authentication. |
CONDITIONAL |
Used in: CSPClientCommand
ASN 7-14bb: CSP Protocol: ASN.1 Definition for CSPRequiresAuthentication
Tag |
Size |
Type |
Description |
Presence |
CHOICE |
|
CSPRequiresAuthentication |
|
|
'A0' |
5 |
CSPGetConfiguration |
"getConfig": Retrieve the entire configuration settings of this CSP Instance. |
CONDITIONAL |
'A1' |
8..9 |
CSPClearResource |
"clearResource": Securely wipe the value of a resource. |
CONDITIONAL |
'A2' |
8..9 |
CSPGenerateKey |
"generateKey": Generate a symmetric or private key value with random data. |
CONDITIONAL |
'A3' |
11..13 |
CSPComputePublicKey |
"computePublicKey": Compute the public part of a private key value. |
CONDITIONAL |
'A4' |
29..531 |
CSPDeriveKey |
"deriveKey": Derive a key from a source key and optional input data. |
CONDITIONAL |
'A5' |
15..65559 |
CSPSetTime |
"settime": Set the reference time that is used to estimate the system time. |
CONDITIONAL |
'A6' |
10..32782 |
CSPSign |
"sign": Create a signature. |
CONDITIONAL |
'A7' |
76..98324 |
CSPVerifySignature |
"verifySignature": Create a signature. |
CONDITIONAL |
'A8' |
10..32800 |
CSPEncrypt |
"encrypt": Encrypt data. |
CONDITIONAL |
'A9' |
10..32800 |
CSPDecrypt |
"decrypt": Decrypt data. |
CONDITIONAL |
'AA' |
29..530 |
CSPResourceAttestation |
"resourceAttestation": Compute a resource attestation. |
CONDITIONAL |
Used in: CSPClientCommandChoice
ASN 7-15: Secure Channel: ASN.1 Definition for CSPProcessSecurity
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
6..32774 |
CSPProcessSecurity |
'CSPProcessSecurity': Command to process security for secure channel authentication. |
|
|
'80' |
1 |
CSPProtocolVersion |
'cspProtocolVersion': Minimum API level required for the CSP Protocol. |
|
|
'81' |
1..32767 |
OCTET STRING |
'apduData': APDU data for processing security. |
|
|
Used in: CSPClientCommandChoice
ASN 7-16: Attestations: ASN.1 Definition for CSPProcessSecurityResponse
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
3..32771 |
CSPProcessSecurityResponse |
'CSPProcessSecurityResponse': Response of the CSPProcessSecurity command. |
|
|
'80' |
1..32767 |
OCTET STRING |
'outputData': Output APDU resulting from secure channel processing. |
|
|
ASN 7-17: Signature: ASN.1 Definition for CSPSign
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
8..32778 |
CSPSign |
'CSPSign': Command for data signing. |
|
|
'80' |
1 |
CSPProtocolVersion |
'cspProtocolVersion': Minimum API level required for the CSP Protocol. |
|
|
'81' |
1..2 |
CSPResourceId |
'signingResourceId': The resource ID used to compute the signature. |
|
|
'82' |
0..32767 |
OCTET STRING |
'inputData': The data to sign. |
|
|
Used in: CSPRequiresAuthentication
ASN 7-18: Attestations: ASN.1 Definition for CSPSignResponse
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
66..65541 |
CSPSignResponse |
'CSPSignResponse': Response of the CSPSign command: The signature computed by the CSP. |
|
|
'80' |
64..65536 |
CSPSignature |
'signature': |
|
|
ASN 7-19: Signature: ASN.1 Definition for CSPVerifySignature
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
74..98319 |
CSPVerifySignature |
'CSPVerifySignature': Command to verify a signature. |
|
|
'80' |
1 |
CSPProtocolVersion |
'cspProtocolVersion': Minimum API level required for the CSP Protocol. |
|
|
'81' |
1..2 |
CSPResourceId |
'signingResourceId': The resource ID used to compute the signature. |
|
|
'82' |
0..32767 |
OCTET STRING |
'data': The signed data. |
|
|
'83' |
64..65536 |
CSPSignature |
'signature': The signature to verify. |
|
|
Used in: CSPRequiresAuthentication
ASN 7-20: Attestations: ASN.1 Definition for CSPVerifySignatureResponse
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
4 |
CSPVerifySignatureResponse |
'CSPVerifySignatureResponse': Response of the CSPVerifySignature command. |
|
|
'80' |
2 |
CSPBoolean |
'response': |
|
|
ASN 7-21: Cipher: ASN.1 Definition for CSPEncrypt
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
8..32796 |
CSPEncrypt |
'CSPEncrypt': Command to encrypt data. |
|
|
'80' |
1 |
CSPProtocolVersion |
'cspProtocolVersion': Minimum API level required for the CSP Protocol. |
|
|
'81' |
1..2 |
CSPResourceId |
'keyResourceId': The resource ID used to encrypt the data. |
|
|
'82' |
0..16 |
OCTET STRING |
'initializationData': Algorithm-specific initialization data for encryption, e.g., IV data. |
OPTIONAL |
|
'83' |
0..32767 |
OCTET STRING |
'inputData': The data to encrypt. |
|
|
Used in: CSPRequiresAuthentication
ASN 7-22: Attestations: ASN.1 Definition for CSPEncryptResponse
Name |
Size |
Type |
Description |
CSPEncryptResponse |
0..32767 |
OCTET STRING |
Response of the CSPEncrypt command: the encrypted data. |
ASN 7-23: Cipher: ASN.1 Definition for CSPDecrypt
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
8..32796 |
CSPDecrypt |
'CSPDecrypt': Command to decrypt data. |
|
|
'80' |
1 |
CSPProtocolVersion |
'cspProtocolVersion': Minimum API level required for the CSP Protocol. |
|
|
'81' |
1..2 |
CSPResourceId |
'keyResourceId': The resource ID used to decrypt the data. |
|
|
'82' |
0..16 |
OCTET STRING |
'initializationData': Algorithm-specific initialization data for decryption, e.g., IV data. |
OPTIONAL |
|
'83' |
0..32767 |
OCTET STRING |
'inputData': The data to decrypt. |
|
|
Used in: CSPRequiresAuthentication
ASN 7-24: Attestations: ASN.1 Definition for CSPDecryptResponse
Name |
Size |
Type |
Description |
CSPDecryptResponse |
0..32767 |
OCTET STRING |
Response of the CSPDecrypt command: the decrypted data. |
ASN 7-25: Attestations: ASN.1 Definition for CSPResourceAttestation
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
27..526 |
CSPResourceAttestation |
'CSPResourceAttestation': Command to compute resource attestations. |
|
|
'80' |
1 |
CSPProtocolVersion |
'cspProtocolVersion': Minimum API level required for the CSP Protocol. |
|
|
'81' |
1 |
CSPResourceAttestationType |
'attestationType': The attestation type used. |
|
|
'82' |
1..2 |
CSPResourceId |
'attestationResourceId': The resource ID used to create the attestation signature. |
|
|
'83' |
16..512 |
OCTET STRING |
'inputData': Additional input data to be included in the attestation. |
|
|
Used in: CSPRequiresAuthentication
ASN 7-26: Attestations: ASN.1 Definition for CSPResourceAttestationResponse
Tag |
Size |
Type |
Description |
Presence |
CHOICE |
|
CSPResourceAttestationResponse |
|
|
'A0' |
103..131144 |
CSPDataAttestation |
"dataAttestation": Conditional: Response of a data attestation. |
CONDITIONAL |
'A1' |
252..229483 |
CSPKeyPoPAttestation |
"keyAttestation": Conditional: Response of the key attestation. |
CONDITIONAL |
ASN 7-27: Resource: ASN.1 Definition for CSPClearResource
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
6..7 |
CSPClearResource |
'CSPClearResource': Command to remove the value of a key or password resource. |
|
|
'80' |
1 |
CSPProtocolVersion |
'cspProtocolVersion': Minimum API level required for the CSP Protocol. |
|
|
'81' |
1..2 |
CSPResourceId |
'resourceId': The identifier of the resource that shall be cleared. |
|
|
Used in: CSPAdminCommandChoice, CSPRequiresAuthentication
ASN 7-28: Attestations: ASN.1 Definition for CSPSystemAttestation
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
6..522 |
CSPSystemAttestation |
'CSPSystemAttestation': Command to retrieve signed attestation data of the platform and the CSP. |
|
|
'80' |
1 |
CSPProtocolVersion |
'cspProtocolVersion': Minimum API level required for the CSP Protocol. |
|
|
'81' |
1 |
CSPSystemAttestationType |
'attestationType': CASD-based CSP platform or CSP-specific config attestation. |
|
|
'82' |
0..512 |
CSPChallenge |
'challenge': Challenge for verification of attestation integrity. |
OPTIONAL |
|
Used in: CSPAdminCommandChoice, CSPClientCommandChoice
ASN 7-29: Attestations: ASN.1 Definition for CSPSystemAttestationResponse
Tag |
Size |
Type |
Description |
Presence |
CHOICE |
|
CSPSystemAttestationResponse |
|
|
'A0' |
2227..n |
CSPPlatformAttestation |
"platformAttestation": Conditional: Response of the CASD-based SE platform attestation. |
CONDITIONAL |
'A1' |
198..98476 |
CSPConfigAttestation |
"configAttestation": Conditional: Response of the CSP-specific config attestation. |
CONDITIONAL |
ASN 7-30: Key: ASN.1 Definition for CSPGenerateKey
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
6..7 |
CSPGenerateKey |
'CSPGenerateKey': Command for key generation. |
|
|
'80' |
1 |
CSPProtocolVersion |
'cspProtocolVersion': Minimum API level required for the CSP Protocol. |
|
|
'81' |
1..2 |
CSPResourceId |
'keyResourceId': The key for which the value should be generated. |
|
|
Used in: CSPAdminCommandChoice, CSPRequiresAuthentication
ASN 7-31: Key: ASN.1 Definition for CSPComputePublicKey
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
9..11 |
CSPComputePublicKey |
'CSPComputePublicKey': Command to compute a public key from its private key. |
|
|
'80' |
1 |
CSPProtocolVersion |
'cspProtocolVersion': Minimum API level required for the CSP Protocol. |
|
|
'81' |
1..2 |
CSPResourceId |
'privateResourceId': The corresponding private key that is already initialized. |
|
|
'82' |
1..2 |
CSPResourceId |
'publicResourceId': The public key that shall be computed. |
|
|
Used in: CSPAdminCommandChoice, CSPRequiresAuthentication
ASN 7-32: Key: ASN.1 Definition for CSPDeriveKey
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
27..527 |
CSPDeriveKey |
'CSPDeriveKey': Command for key derivation. |
|
|
'80' |
1 |
CSPProtocolVersion |
'cspProtocolVersion': Minimum API level required for the CSP Protocol. |
|
|
'81' |
1..2 |
CSPResourceId |
'sourceResourceId': The resource that is base source for key derivation. |
|
|
'82' |
1..2 |
CSPResourceId |
'destResourceId': The destination resource to store the derived key value. |
|
|
'83' |
16..512 |
OCTET STRING |
'inputData': Additional input data given into the derivation algorithm |
|
|
Used in: CSPAdminCommandChoice, CSPRequiresAuthentication
ASN 7-33: Time: ASN.1 Definition for CSPSetTime
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
13..65554 |
CSPSetTime |
'CSPSetTime': Command to set a new reference time to the CSP Instance. |
|
|
'80' |
1 |
CSPProtocolVersion |
'cspProtocolVersion': Minimum API level required for the CSP Protocol. |
|
|
'81' |
8 |
CSPTimestamp |
'newTime': The new reference time. |
|
|
'82' |
0..65536 |
CSPSignature |
'signature': Signature to verify the authenticity of the new reference time. |
OPTIONAL |
|
Used in: CSPAdminCommandChoice, CSPRequiresAuthentication
ASN 7-34: Attestations: ASN.1 Definition for CSPSetTimeResponse
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
4 |
CSPSetTimeResponse |
'CSPSetTimeResponse': Response of the CSPSetTime command: TRUE if time was successfully updated. |
|
|
'80' |
2 |
CSPBoolean |
'response': |
|
|
ASN 5-1: Access: ASN.1 Definition for CSPCoreSupport
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
0..8 |
CSPCoreSupport |
'CSPCoreSupport': Supported core features. |
|
|
'A0' |
0..6 |
SET OF CSPErrorMode |
'errorModes': CSP error handling modes. Implicit encoded as SET OF ENUMERATED:
'A0 L'
'0A L0 V0'
'0A L1 V1'
'...' |
OPTIONAL |
|
Used in: CSPEnforce
ASN 5-2: Core: ASN.1 Definition for CSPSettings
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
34..45 |
CSPSettings |
'CSPSettings': Structure representing general configuration settings of the CSP Instance. |
|
|
'80' |
32 |
CSPConfigName |
'configName': Custom name of the CSP Configuration chosen by the CSP Admin. |
|
|
'81' |
0..2 |
CSPConfigVersion |
'configVersion': Custom version of the CSP Configuration chosen by the CSP Admin. |
OPTIONAL |
|
'82' |
0..2 |
CSPResourceId |
'configAttestationKey': The key that shall be used to compute the config attestation. |
OPTIONAL |
|
'83' |
0..1 |
CSPErrorMode |
'errorMode': Specify how the CSP shall handle exceptions. |
OPTIONAL |
ERROR_MODE_BASIC |
Used in: CSPSetup, CSPConfiguration
ASN 5-3: Core: ASN.1 Definition for CSPProtocolVersion
Name |
Value |
Size |
Type |
Description |
protocolVersion1 |
1 |
1 |
INTEGER |
API level for the CSP Protocol used. |
Used in: CSPEnforce, CSPRegisterClient, CSPUnregisterClient, CSPCreateResource, CSPDestroyResource, CSPConfigureResource, CSPSetup, CSPActivate, CSPDeactivate, CSPGetConfiguration, CSPGetConfigurationResponse, CSPSetValue, CSPProcessSecurity, CSPSign, CSPVerifySignature, CSPEncrypt, CSPDecrypt, CSPResourceAttestation, CSPClearResource, CSPSystemAttestation, CSPGenerateKey, CSPComputePublicKey, CSPDeriveKey, CSPSetTime, CSPPlatform, CSPSignedPlatformData, CSPSignedConfigData, CSPSignedData, CSPSignedPoPData, CSPEventDataUpdateCSP
ASN 5-4: Core: ASN.1 Definition for CSPConfiguration
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
79..n |
CSPConfiguration |
'CSPConfiguration': Structure containing the entire CSP Configuration. |
|
|
'80' |
0..1 |
CSPMode |
'cspMode': Indicates whether this CSP configuration is currently activated. |
OPTIONAL |
CSP_MODE_CONFIGURATION |
'A1' |
0..47 |
CSPSettings |
'cspSettings': Name, version, attestation key and error handling of the CSP Instance. |
OPTIONAL |
|
'A2' |
55..66 |
CSPPlatform |
'cspPlatform': Static (read-only) information about the CSP platform. |
|
|
'A3' |
4..n |
SET OF CSPClient |
'clients': List of CSP Clients registered to this CSP Instance. Implicit encoded as SET OF SEQUENCE:
'A3 L'
'30 L0 V0'
'30 L1 V1'
'...' |
|
|
'A4' |
14..n |
SET OF CSPResource |
'resources': List of resources along with their cryptographic configurations. Implicit encoded as SET OF SEQUENCE:
'A4 L'
'30 L0 V0'
'30 L1 V1'
'...' |
|
|
'A5' |
0..13 |
CSPSecureChannelSettings |
'secureChannelSettings': Set the general secure channel authentication timeout. |
OPTIONAL |
|
'A6' |
0..5 |
CSPPolicySettings |
'policySettings': Select policy mode for handling unavailable policy types. |
OPTIONAL |
|
'A7' |
0..5 |
CSPCounterSettings |
'counterSettings': Select counter mode for handling unavailable counter types and sizes. |
OPTIONAL |
|
'A8' |
0..12 |
CSPTimeSettings |
'timeSettings': Configure time management and handling of unavailable time. |
OPTIONAL |
|
'A9' |
0..n |
CSPAuditSettings |
'auditSettings': Configure audit event logging and handling of unavailable event types. |
OPTIONAL |
|
'AA' |
0..5 |
CSPFieldSettings |
'fieldSettings': Select field mode for handling unavailable signature fields. |
OPTIONAL |
|
Used in: CSPGetConfigurationResponse
ASN 5-5: Core: ASN.1 Definition for CSPMode
Name |
Value |
Size |
Type |
Description |
CSP_MODE_CONFIGURATION |
0 |
1 |
INTEGER |
The CSP can be configured by the CSP Admin. |
CSP_MODE_OPERATIONAL |
1 |
1 |
INTEGER |
The CSP can be used by Client Applications. |
Used in: CSPConfiguration
ASN 5-6: Core: ASN.1 Definition for CSPConfigVersion
Name |
Value |
Size |
Type |
Description |
CSPConfigVersion |
0..32767 |
1..2 |
INTEGER |
Version of the configuration of this CSP Instance. |
Used in: CSPActivate, CSPSettings, CSPSignedConfigData, CSPEventDataUpdateConfig
ASN 5-7: Core: ASN.1 Definition for CSPConfigName
Name |
Size |
Type |
Description |
CSPConfigName |
32 |
OCTET STRING |
Name of the configuration of this CSP Instance; set by the CSP Admin. |
Used in: CSPSettings, CSPSignedConfigData, CSPEventDataUpdateConfig
ASN 5-8: Core: ASN.1 Definition for CSPErrorMode
Name |
Value |
Size |
Type |
Description |
ERROR_MODE_BASIC |
0 |
1 |
INTEGER |
The CSP uses only codes 1000, 2000, 3000, 4000, 5000, 6000, 7000, 8000. |
ERROR_MODE_DETAILED |
1 |
1 |
INTEGER |
The CSP uses detailed error codes 1xxx-8xxx. |
Used in: CSPCoreSupport, CSPSettings
Used in: CSPConfiguration, CSPSignedPlatformData, CSPSignedConfigData
ASN 5-10: Core: ASN.1 Definition for CSPAPIVersion
Name |
Size |
Type |
Description |
CSPAPIVersion |
3 |
OCTET STRING |
Version of the Java Card CSP API (Major, Minor, Patch). |
Used in: CSPPlatform
ASN 5-11: Core: ASN.1 Definition for CSPELFVersion
Name |
Size |
Type |
Description |
CSPELFVersion |
2 |
OCTET STRING |
Version of an CSP Application Executable Load File (Major, Minor). |
Used in: CSPPlatform, CSPEventDataUpdateCSP
ASN 5-12: Core: ASN.1 Definition for CSPAID
Name |
Size |
Type |
Description |
CSPAID |
5..16 |
OCTET STRING |
Application Identifier (AID) of an Application or a Security Domain. |
Used in: CSPPlatform, CSPClientReference, CSPClientApplication, CSPApplicationSD
ASN 5-13: Core: ASN.1 Definition for CSPBoolean
Name |
Size |
Type |
Description |
CSPBoolean |
2 |
OCTET STRING |
Secure boolean: TRUE is 0x7878, FALSE is 0x8787, other are not defined. |
Used in: CSPVerifySignatureResponse, CSPSetTimeResponse
ASN 5-14: Core: ASN.1 Definition for CSPChallenge
Name |
Size |
Type |
Description |
CSPChallenge |
16..512 |
OCTET STRING |
Challenge or nonce. |
Used in: CSPSystemAttestation
ASN 5-15: Core: ASN.1 Definition for CSPSignature
Name |
Size |
Type |
Description |
CSPSignature |
64..65536 |
OCTET STRING |
Digital signature. Covers traditional RSA/ECDSA (512 bytes) and PQC (65KB). |
Used in: CSPSignResponse, CSPVerifySignature, CSPSetTime, CSPPlatformAttestation, CSPConfigAttestation, CSPDataAttestation, CSPKeyPoPAttestation, CSPSignedPoPData
ASN 5-16: Resource: ASN.1 Definition for CSPResourceSupport
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
0..17 |
CSPResourceSupport |
'CSPResourceSupport': Supported resource features. |
|
|
'A0' |
0..15 |
SET OF CSPResourceType |
'resourceTypes': Supported resource types. Implicit encoded as SET OF ENUMERATED:
'A0 L'
'0A L0 V0'
'0A L1 V1'
'...' |
OPTIONAL |
|
ASN 5-17a: Resource: ASN.1 Definition for CSPResource
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
10..327 |
CSPResource |
'CSPResource': Data structure representing a resource. |
|
|
'80' |
1..2 |
CSPResourceId |
'resourceId': Unique identifier of the resource choosen by the CSP Admin. |
|
|
'A1' |
2..14 |
CSPResourceParams |
'resourceParams': The resource-specific parameters (e.g., key type, curve, min-size). Encoded using explicit tagging where 'TA' is the type of the chosen CHOICE alternative: 'A1 L'
'TA LA VA' |
|
|
'82' |
1 |
CSPUsageType |
'usageType': The usage type specifying the CSP operations sllowed for the resource. |
|
|
'A3' |
0..45 |
CSPAccessControl |
'accessControl': Access conrol configuration for the resource. |
OPTIONAL |
|
'A4' |
0..37 |
CSPAlgorithms |
'algorithms': The algorithm configuration of the resource. |
OPTIONAL |
|
'A5' |
0..80 |
CSPCounters |
'counters': |
OPTIONAL |
|
'A6' |
0..32 |
CSPTimers |
'timers': |
OPTIONAL |
|
'A7' |
0..100 |
SET OF CSPResourceEvent |
'resourceEvents': The events that shall be audited for this resource. |
OPTIONAL |
|
Used in: CSPCreateResource, CSPConfiguration
ASN 5-17b: Resource: ASN.1 Definition for CSPResourceParams
Tag |
Size |
Type |
Description |
Presence |
CHOICE |
|
CSPResourceParams |
|
|
'A0' |
8..14 |
CSPKey |
"keyParams": Parameters specific to key resources. |
CONDITIONAL |
'A1' |
5 |
CSPCertificate |
"certificateParams": Parameters specific to certificate resources. |
CONDITIONAL |
'A2' |
5..14 |
CSPPassword |
"passwordParams": Parameters specific to password resources. |
CONDITIONAL |
'A3' |
2..11 |
CSPCounter |
"counterParams": Parameters specific to manual counter resources. |
CONDITIONAL |
'A4' |
4..9 |
CSPManualTimer |
"timerParams": Parameters specific to manual timer resources. |
CONDITIONAL |
Used in: CSPResource
ASN 5-18: Resource: ASN.1 Definition for CSPResourceId
Name |
Value |
Size |
Type |
Description |
CSPResourceId |
0..32767 |
1..2 |
INTEGER |
Unique identifier of a Resource. |
Used in: CSPDestroyResource, CSPConfigureResource, CSPSetValue, CSPSign, CSPVerifySignature, CSPEncrypt, CSPDecrypt, CSPResourceAttestation, CSPClearResource, CSPGenerateKey, CSPComputePublicKey, CSPDeriveKey, CSPSettings, CSPResource, CSPClient, CSPTimeSettings, CSPAuditSettings, CSPEventDataGeneralError, CSPEventDataResource, CSPEventDataKeyDerivation, CSPEventDataKeyAgreement, CSPEventDataPasswordFailure, CSPSource, CSPFieldValue, CSPPolicy
ASN 5-19: Resource: ASN.1 Definition for CSPResourceState
Name |
Value |
Size |
Type |
Description |
STATE_UNINITIALIZED |
1 |
1 |
INTEGER |
Uninitialized state for resources. |
STATE_OPERATIONAL |
2 |
1 |
INTEGER |
Operational state for resources. |
STATE_BLOCKED |
9 |
1 |
INTEGER |
Blocked state when the password try limit is reached. |
STATE_EXHAUSTED |
11 |
1 |
INTEGER |
Exhausted state when a counter exceeds the configured limit. |
STATE_EXPIRED |
12 |
1 |
INTEGER |
Expired state when a timer expires. |
ASN 5-20: Resource: ASN.1 Definition for CSPResourceValue
Name |
Size |
Type |
Description |
CSPResourceValue |
64..32768 |
OCTET STRING |
The value of a public key, counter or timer resource. |
Used in: CSPSignedData, CSPPopData
ASN 5-21: Resource: ASN.1 Definition for CSPResourceType
Name |
Value |
Size |
Type |
Description |
RESOURCE_KEY |
1 |
1 |
INTEGER |
Key resource type. |
RESOURCE_CERTIFICATE |
2 |
1 |
INTEGER |
Certificate resource type. |
RESOURCE_PASSWORD |
3 |
1 |
INTEGER |
Password resource type. |
RESOURCE_COUNTER |
4 |
1 |
INTEGER |
Counter resource type. |
RESOURCE_TIMER |
5 |
1 |
INTEGER |
Timer resource type. |
Used in: CSPResourceSupport
ASN 5-22: Resource: ASN.1 Definition for CSPUsageType
Name |
Value |
Size |
Type |
Description |
USAGE_CIPHER |
1 |
1 |
INTEGER |
Restrict the use to cipher operations (keys). |
USAGE_SIGNATURE |
2 |
1 |
INTEGER |
Restrict the use to signature operations (keys). |
USAGE_TRANSFORM |
3 |
1 |
INTEGER |
Restrict the use to encryption transformation operations (keys). |
USAGE_SECCHANNEL |
4 |
1 |
INTEGER |
Restrict the use to secure message establishment (any). |
USAGE_CONFIDENTIAL |
5 |
1 |
INTEGER |
Restrict the use to confidential data transfer (keys). |
USAGE_ATTESTATION |
6 |
1 |
INTEGER |
Restrict the use as attestation signing key (keys). |
USAGE_KEY |
7 |
1 |
INTEGER |
Restrict the use to key derivation and key agreement (any). |
USAGE_PASSWORD |
9 |
1 |
INTEGER |
Restrict the use to password verification (passwords only). |
USAGE_AUDIT |
12 |
1 |
INTEGER |
Restrict the use as audit log message signing key (keys). |
USAGE_OFFLOADING |
13 |
1 |
INTEGER |
Restrict the use as offloading key for resource import/export (keys). |
Used in: CSPResource
ASN 5-23: Resource: ASN.1 Definition for CSPAlgorithms
Tag |
Size |
Type |
Description |
Presence |
CHOICE |
|
CSPAlgorithms |
|
|
'80' |
0 |
NULL |
"noneAlgorithm": No algorithm configured. |
CONDITIONAL |
'A1' |
5..8 |
CSPCipherAlgorithms |
"cipherAlgorithms": USAGE_CIPHER, USAGE_TRANSFORM, USAGE_CONFIDENTIAL. |
CONDITIONAL |
'A2' |
5..11 |
CSPSignatureAlgorithms |
"signatureAlgorithms": USAGE_SIGNATURE, USAGE_AUDIT. |
CONDITIONAL |
'A3' |
5 |
CSPSecureChannelAlgorithms |
"secChannelAlgorithms": USAGE_SECCHANNEL: secure channel authentication. |
CONDITIONAL |
'A4' |
9..37 |
CSPAttestationAlgorithms |
"attestationAlgorithm": USAGE_ATTESTATION, USAGE_AUDIT. |
CONDITIONAL |
'A5' |
5..8 |
CSPKeyDerivationAlgorithms |
"keyDerivationAlgorithm": USAGE_KEY: Key derivation algorithm. |
CONDITIONAL |
'86' |
1 |
CSPKeyAgreementScheme |
"keyAgreementScheme": USAGE_KEY: Key agreement scheme. |
CONDITIONAL |
Used in: CSPConfigureResource, CSPResource
ASN 5-24: Core: ASN.1 Definition for CSPClient
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
0..n |
CSPClient |
'CSPClient': Data structure representing a Client Application or an off-card Client. |
|
|
'80' |
0..2 |
INTEGER |
'clientId': An identifier of the CSP Client, chosen by the CSP Admin. |
OPTIONAL |
|
'A1' |
0..n |
CSPClientApplication |
'clientApplication': The Client Application registered to the CSP. |
OPTIONAL |
|
'82' |
0..1 |
CSPProtocolType |
'authProtocol': Restrict access to CSP services when a sec channel is fully established. |
OPTIONAL |
|
'A3' |
0..n |
SET OF CSPResourceId |
'authResources': Resources required for the configured authProtocol. Implicit encoded as SET OF INTEGER:
'A3 L'
'02 L0 V0'
'02 L1 V1'
'...' |
OPTIONAL |
|
Used in: CSPRegisterClient, CSPConfiguration
ASN 5-25: Core: ASN.1 Definition for CSPClientReference
Tag |
Size |
Type |
Description |
Presence |
CHOICE |
|
CSPClientReference |
|
|
'80' |
1..2 |
INTEGER |
"clientId": The identifier of the CSP Client to be de-registered. |
CONDITIONAL |
'81' |
5..16 |
CSPAID |
"aid": The AID of the Client Application that shall be de-registered. |
CONDITIONAL |
Used in: CSPUnregisterClient, CSPAccessControl
ASN 5-26a: Core: ASN.1 Definition for CSPClientApplication
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
10..n |
CSPClientApplication |
'CSPClientApplication': Data structure representing a Client Application. |
|
|
'80' |
5..16 |
CSPAID |
'applicationAID': AID of the Client Application. |
|
|
'81' |
0..n |
OCTET STRING |
'loadFileDataBlockHash': Hash of the load data file block of the Client Application. |
OPTIONAL |
|
'82' |
0..1 |
BOOLEAN |
'requiredDAPVerification': Client Application must be DAP-verified during load. |
OPTIONAL |
FALSE |
'A3' |
1..16 |
CSPApplicationSD |
'applicationSD': AID of the SD of the Client Application. Encoded using explicit tagging where 'TA' is the type of the chosen CHOICE alternative: 'A3 L'
'TA LA VA' |
|
|
Used in: CSPClient
ASN 5-26b: Core: ASN.1 Definition for CSPApplicationSD
Tag |
Size |
Type |
Description |
Presence |
CHOICE |
|
CSPApplicationSD |
|
|
'80' |
1 |
BOOLEAN |
"useCspSD": The Client Application uses same SD AID as the CSP Application. |
CONDITIONAL |
'81' |
5..16 |
CSPAID |
"applicationSDAID": The Client Application uses an other SD AID as the CSP Application. |
CONDITIONAL |
Used in: CSPClientApplication
ASN 5-27: Access: ASN.1 Definition for CSPAccessControl
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
0..n |
CSPAccessControl |
'CSPAccessControl': Data structure for access control configuration of a resource. |
|
|
'80' |
0..2 |
CSPAccessControlRules |
'accessControlRules': ACR bitmask. |
OPTIONAL |
ANY_USE |
'A1' |
0..16 |
CSPClientReference |
'owner': CSP Client that owns this resource . Encoded using explicit tagging where 'TA' is the type of the chosen CHOICE alternative: 'A1 L'
'TA LA VA' |
OPTIONAL |
null |
'A2' |
0..n |
SET OF CSPPolicy |
'policies': Dynamic policy rules. |
OPTIONAL |
|
Used in: CSPConfigureResource, CSPResource
ASN 5-28: Access: ASN.1 Definition for CSPAccessControlRules
b15 |
b14 |
b13 |
b12 |
b11 |
b10 |
b9 |
b8 |
b7 |
b6 |
b5 |
b4 |
b3 |
b2 |
b1 |
b0 |
CSPAccessControlRules |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
0 |
- |
- |
- |
1 |
"ANY_USE": 1. Bit: all Client Applications are granted with ACCESS_USE. |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
0 |
- |
- |
- |
1 |
- |
"ANY_SETUP": 2. Bit: all Client Applications are granted with ACCESS_SETUP. |
- |
- |
- |
- |
- |
- |
- |
- |
- |
0 |
- |
- |
- |
1 |
- |
- |
"ANY_CLEAR": 3. Bit: all Client Applications are granted with ACCESS_CLEAR. |
- |
- |
- |
- |
- |
- |
- |
- |
0 |
- |
- |
- |
1 |
- |
- |
- |
"ANY_MOVE": 4. Bit: all Client Applications are granted with ACCESS_MOVE. |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
1 |
- |
- |
- |
0 |
"OWNER_USE": 5. Bit: only Owner Application is granted with ACCESS_USE. |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
1 |
- |
- |
- |
0 |
- |
"OWNER_SETUP": 6. Bit: only Owner Application is granted with ACCESS_SETUP. |
- |
- |
- |
- |
- |
- |
- |
- |
- |
1 |
- |
- |
- |
0 |
- |
- |
"OWNER_CLEAR": 7. Bit: only Owner Application is granted with ACCESS_CLEAR. |
- |
- |
- |
- |
- |
- |
- |
- |
1 |
- |
- |
- |
0 |
- |
- |
- |
"OWNER_MOVE": 8. Bit: only Owner Application is granted with ACCESS_MOVE. |
- |
- |
- |
- |
- |
- |
- |
1 |
- |
- |
- |
- |
- |
- |
- |
- |
"ADMIN_USE": 9. Bit: the CSP Admin is granted with ACCESS_USE. |
- |
- |
- |
- |
- |
- |
1 |
- |
- |
- |
- |
- |
- |
- |
- |
- |
"ADMIN_SETUP": 10. Bit: the CSP Admin is granted with ACCESS_SETUP. |
- |
- |
- |
- |
- |
1 |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
"ADMIN_CLEAR": 11. Bit: the CSP Admin is granted with ACCESS_CLEAR. |
- |
- |
- |
- |
1 |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
"ADMIN_MOVE": 12. Bit: the CSP Admin is granted with ACCESS_MOVE. |
- |
- |
- |
1 |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
"CLIENT_USE": 13. Bit: all off-card Clients are granted with ACCESS_USE. |
- |
- |
1 |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
"CLIENT_SETUP": 14. Bit: all off-card Clients are granted with ACCESS_SETUP. |
- |
1 |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
"CLIENT_CLEAR": 15. Bit: all off-card Clients are granted with ACCESS_CLEAR. |
1 |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
"CLIENT_MOVE": 16. Bit: all off-card Client are granted with ACCESS_MOVE. |
Used in: CSPAccessControl
ASN 6-1: Cipher: ASN.1 Definition for CSPCipherSupport
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
0..61 |
CSPCipherSupport |
'CSPCipherSupport': Checks for cipher functionality support and supported algorithms. |
|
|
'A0' |
0..36 |
SET OF CSPPaddingAlgorithm |
'paddingsAlgorithms': Padding algorithms. Implicit encoded as SET OF ENUMERATED:
'A0 L'
'0A L0 V0'
'0A L1 V1'
'...' |
OPTIONAL |
|
'A1' |
0..21 |
SET OF CSPCipherAlgorithm |
'cipherAlgorithms': Cipher algorithms. Implicit encoded as SET OF ENUMERATED:
'A1 L'
'0A L0 V0'
'0A L1 V1'
'...' |
OPTIONAL |
|
Used in: CSPEnforce
ASN 6-2: Cipher: ASN.1 Definition for CSPCipherAlgorithms
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
3..6 |
CSPCipherAlgorithms |
'CSPCipherAlgorithms': Cipher configuration for a specific resource. |
|
|
'80' |
1 |
CSPCipherAlgorithm |
'cipherAlgorithm': The cipher algorithm. |
|
|
'81' |
0..1 |
CSPPaddingAlgorithm |
'paddingAlgorithm': The padding algorithm. |
OPTIONAL |
PAD_NULL |
Used in: CSPAlgorithms
ASN 6-3: Cipher: ASN.1 Definition for CSPPaddingAlgorithm
Name |
Value |
Size |
Type |
Description |
PAD_NULL |
0 |
1 |
INTEGER |
No padding; for use when padding is not supported by the algorithm. |
PAD_NOPAD |
1 |
1 |
INTEGER |
No padding is applied to the data, even when the algorithm usually pads. |
PAD_ISO9797_1_M2_ALG3 |
5 |
1 |
INTEGER |
Padding based on the ISO 9797-1 MAC algo 3 with method 2 [ISO 9797-1]. |
PAD_PKCS1 |
7 |
1 |
INTEGER |
Padding based on the PKCS#1 v1.5 scheme [RFC 8017]. |
PAD_PKCS1_PSS |
8 |
1 |
INTEGER |
Padding based on the PKCS#1-PSS scheme [IEEE 1363-2000]. |
PAD_PKCS1_OAEP_SHA256 |
14 |
1 |
INTEGER |
Padding based on the PKCS#1-OAEP scheme [IEEE 1363-2000] with SHA256. |
PAD_PKCS1_OAEP_SHA384 |
15 |
1 |
INTEGER |
Padding based on the PKCS#1-OAEP scheme [IEEE 1363-2000] with SHA384. |
PAD_PKCS1_OAEP_SHA512 |
16 |
1 |
INTEGER |
Padding based on the PKCS#1-OAEP scheme [IEEE 1363-2000] with SHA512. |
PAD_PKCS1_OAEP_SHA3_256 |
18 |
1 |
INTEGER |
Padding based on the PKCS#1-OAEP scheme [IEEE 1363-2000] with SHA3-256. |
PAD_PKCS1_OAEP_SHA3_384 |
19 |
1 |
INTEGER |
Padding based on the PKCS#1-OAEP scheme [IEEE 1363-2000] with SHA3-384. |
PAD_PKCS1_OAEP_SHA3_512 |
20 |
1 |
INTEGER |
Padding based on the PKCS#1-OAEP scheme [IEEE 1363-2000] with SHA3-512. |
PAD_PKCS7 |
2 |
1 |
INTEGER |
Padding based on the PKCS#7 scheme [RFC 5652]. |
Used in: CSPCipherSupport, CSPCipherAlgorithms, CSPSignatureAlgorithms
ASN 6-4: Cipher: ASN.1 Definition for CSPCipherAlgorithm
Name |
Value |
Size |
Type |
Description |
CIPHER_AES_CBC |
1 |
1 |
INTEGER |
Cipher using AES [FIPS 197] with block size 128 in CBC mode [FIPS 81]. |
CIPHER_AES_CFB |
28 |
1 |
INTEGER |
Cipher using AES [FIPS 197] in Cipher Feedback (CFB) mode [FIPS 81]. |
CIPHER_AES_CTR |
240 |
1 |
INTEGER |
Cipher using AES [FIPS 197] in counter (CTR) mode [ISO 10116]. |
CIPHER_AES_GCM |
241 |
1 |
INTEGER |
Cipher using AES [FIPS 197] Galois/Counter Mode [SP800-38D]. |
CIPHER_AES_CCM |
242 |
1 |
INTEGER |
Cipher using AES [FIPS 197] in Counter with CBC-MAC mode [SP800-38C]. |
CIPHER_AES_XTS |
10 |
1 |
INTEGER |
Cipher using AES [FIPS 197] in XTS mode in [IEEE 1619-2018]. |
CIPHER_RSA |
7 |
1 |
INTEGER |
Cipher using RSA [PKCS #1]. |
Used in: CSPCipherSupport, CSPCipherAlgorithms
ASN 6-5: Signature: ASN.1 Definition for CSPSignatureSupport
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
0..37 |
CSPSignatureSupport |
'CSPSignatureSupport': Checks for signature functionality support and supported algorithms. |
|
|
'A0' |
0..21 |
SET OF CSPMessageDigestAlgorithm |
'messageDigestAlgorithms': Message digest algorithms. Implicit encoded as SET OF ENUMERATED:
'A0 L'
'0A L0 V0'
'0A L1 V1'
'...' |
OPTIONAL |
|
'A1' |
0..12 |
SET OF CSPSignatureAlgorithm |
'signatureAlgorithms': Signature algorithms. Implicit encoded as SET OF ENUMERATED:
'A1 L'
'0A L0 V0'
'0A L1 V1'
'...' |
OPTIONAL |
|
Used in: CSPEnforce
ASN 6-6: Signature: ASN.1 Definition for CSPMessageDigestAlgorithm
Name |
Value |
Size |
Type |
Description |
ALG_NULL |
0 |
1 |
INTEGER |
No message digest is applied to the data. |
ALG_SHA_256 |
4 |
1 |
INTEGER |
SHA-256 [FIPS 81] with block size of 64 and hash size of 32 bytes. |
ALG_SHA_384 |
5 |
1 |
INTEGER |
SHA-384 [FIPS 81] with block size of 128 and hash value of 64 bytes. |
ALG_SHA_512 |
6 |
1 |
INTEGER |
SHA-512 [FIPS 81] with block size of 128 and hash size of 64 bytes. |
ALG_SHA3_256 |
9 |
1 |
INTEGER |
SHA3-256 [FIPS 180-4] with block size of 64 and hash size of 32 bytes. |
ALG_SHA3_384 |
10 |
1 |
INTEGER |
SHA3-384 [FIPS 180-4] with block size of 128 and hash size of 64 bytes. |
ALG_SHA3_512 |
11 |
1 |
INTEGER |
SHA3-512 [FIPS 180-4] with block size of 128 and hash size of 64 bytes. |
Used in: CSPSignatureSupport, CSPSignatureAlgorithms, CSPKeyDerivationAlgorithms
ASN 6-7: Signature: ASN.1 Definition for CSPSignatureAlgorithm
Name |
Value |
Size |
Type |
Description |
SIG_AES_CMAC128 |
10 |
1 |
INTEGER |
Signature according to [ISO 9797-1]: AES 128-bit block and 16-byte CMAC. |
SIG_AES_MAC128 |
6 |
1 |
INTEGER |
Signature according to [SP800-38B]: AES 128-bit block and 16-byte MAC. |
SIG_HMAC |
7 |
1 |
INTEGER |
Signature using HMAC according to [FIPS 198-1]. |
SIG_RSA |
3 |
1 |
INTEGER |
RSA signature according to [IEEE 1363-2000] with PKCS#1-PSS. |
Used in: CSPSignatureSupport, CSPSignatureAlgorithms
ASN 6-8: Signature: ASN.1 Definition for CSPSignatureAlgorithms
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
3..9 |
CSPSignatureAlgorithms |
'CSPSignatureAlgorithms': Signature configuration for a specific resource. |
|
|
'80' |
1 |
CSPSignatureAlgorithm |
'signatureAlgorithm': The signature algorithm. |
|
|
'81' |
0..1 |
CSPPaddingAlgorithm |
'paddingAlgorithm': The padding algorithm. |
OPTIONAL |
PAD_NULL |
'82' |
0..1 |
CSPMessageDigestAlgorithm |
'messageDigestAlgorithm': The message digest algorithm. |
OPTIONAL |
ALG_NULL |
Used in: CSPAlgorithms, CSPAttestationAlgorithms, CSPConfigAttestation, CSPDataAttestation, CSPKeyPoPAttestation
ASN 6-9: SecChannel: ASN.1 Definition for CSPSecureChannelSupport
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
0..6 |
CSPSecureChannelSupport |
'CSPSecureChannelSupport': Checks for secure channel functionality support and supported protocols. |
|
|
'80' |
0..1 |
CSPProtocolType |
'protocolTypes': Secure channel protocol types. |
OPTIONAL |
|
'81' |
0..1 |
CSPSecurityFunction |
'securityFunctions': Secure channel security functions. |
OPTIONAL |
|
Used in: CSPEnforce
ASN 6-10: SecChannel: ASN.1 Definition for CSPSecureChannelSettings
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
0..11 |
CSPSecureChannelSettings |
'CSPSecureChannelSettings': General secure channel settings for the CSP Instance. |
|
|
'A0' |
0..9 |
CSPTimeout |
'securityTimeout': Secure channel timeout in seconds (TIMER_SECURITY_TIMEOUT). |
OPTIONAL |
|
Used in: CSPSetup, CSPConfiguration
ASN 6-11: SecChannel: ASN.1 Definition for CSPProtocolType
Name |
Value |
Size |
Type |
Description |
PROTOCOL_PACE |
17 |
1 |
INTEGER |
Password Authenticated Connection Establishment [TR-03110-3]. |
PROTOCOL_EAC_ID |
18 |
1 |
INTEGER |
Extended Access Control v2 (PACE, TA2, CA2, CA3) [TR-03110-3]. |
PROTOCOL_EAC_MRTD |
19 |
1 |
INTEGER |
Extended Access Control v1 (PACE, CA1, TA1) [ICAO 9303-11]. |
PROTOCOL_PACE_CAM |
20 |
1 |
INTEGER |
PACE with Chip Authentication Mapping (PACE, CA1, TA1) [ICAO 9303-11]. |
PROTOCOL_SCP03 |
5 |
1 |
INTEGER |
GP Secure Channel Protocol '03' [GP Amd D]. |
PROTOCOL_SCP04 |
21 |
1 |
INTEGER |
GP Secure Channel Protocol '04' [GP Amd K]. |
Used in: CSPClient, CSPSecureChannelSupport
ASN 6-12: SecChannel: ASN.1 Definition for CSPSecureChannelAlgorithms
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
3 |
CSPSecureChannelAlgorithms |
'CSPSecureChannelAlgorithms': Secure channel configuration for a specific resource. |
|
|
'80' |
1 |
CSPSecurityFunction |
'securityFunction': The security function of the protocol. |
|
|
Used in: CSPAlgorithms
ASN 6-13: SecChannel: ASN.1 Definition for CSPSecurityFunction
Name |
Value |
Size |
Type |
Description |
SEC_PACE_PIN |
1 |
1 |
INTEGER |
Password Authenticated Connection Establishment (PACE) PIN [TR-03110-2]. |
SEC_PACE_PUK |
2 |
1 |
INTEGER |
Personal Unblocking Key (PUK) for PACE [TR-03110-2]. |
SEC_PACE_CAN |
3 |
1 |
INTEGER |
Personal Unblocking Key (PUK) for PACE [TR-03110-1]. |
SEC_PACE_MRZ |
4 |
1 |
INTEGER |
Personal Unblocking Key (PUK) for PACE [TR-03110-2]. |
SEC_TA_AT_ROOT |
5 |
1 |
INTEGER |
Authentication Terminal Root Certificate (AT-Root) for eID [TR-03110-2]. |
SEC_TA_IS_ROOT |
6 |
1 |
INTEGER |
Inspection System Root Certificate (IS-Root) for MRTD [TR-03110-2]. |
SEC_CA1 |
7 |
1 |
INTEGER |
Chip Authentication v1 (CA1) for MRTD [TR-03110-1]. |
SEC_CA2 |
8 |
1 |
INTEGER |
Chip Authentication v2 (CA2) group key for eID [TR-03110-2]. |
SEC_CA2_PRIVILEGED |
9 |
1 |
INTEGER |
Chip-specific CA2 key for Privileged Terminals eID [TR-03110-3]. |
SEC_CA3 |
10 |
1 |
INTEGER |
Chip Authentication v3 (CA3) group key for eID [TR-03110-2]. |
SEC_CA3_PSA |
11 |
1 |
INTEGER |
Chip-specific CA3 key for Pseudonymous Secure Authentication (PSA) eID. |
SEC_TA_DV |
12 |
1 |
INTEGER |
Output: Document Verify certificate received during EAC [TR-03110-3]. |
SEC_TA_TERMINAL |
13 |
1 |
INTEGER |
Output: Certificate received from individual terminals [TR-03110-3]. |
SEC_TA_AT_LINKED |
14 |
1 |
INTEGER |
Output: Linked TA certificate for rollover in eID [TR-03110-3]. |
SEC_TA_IS_LINKED |
15 |
1 |
INTEGER |
Output: Linked TA certificate for rollover in MRTD [TR-03110-3]. |
SEC_KENC |
32 |
1 |
INTEGER |
Encryption Key for SCP03 [GP Amd D] and SCP04 [GP Amd K]. |
SEC_KMAC |
33 |
1 |
INTEGER |
MAC Key for SCP03 [GP Amd D] and SCP04 [GP Amd K]. |
Used in: CSPSecureChannelSupport, CSPSecureChannelAlgorithms
ASN 6-14: Attestation: ASN.1 Definition for CSPAttestationSupport
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
0..11 |
CSPAttestationSupport |
'CSPAttestationSupport': Checks for attestation functionality support and supported algorithms. |
|
|
'A0' |
0..9 |
SET OF CSPResourceAttestationType |
'resourceAttestationTypes': Resource attestation types, such as Data or PoP attestations. Implicit encoded as SET OF ENUMERATED:
'A0 L'
'0A L0 V0'
'0A L1 V1'
'...' |
OPTIONAL |
|
Used in: CSPEnforce
ASN 6-15: Attestations: ASN.1 Definition for CSPSystemAttestationType
Name |
Value |
Size |
Type |
Description |
ATTESTATION_PLATFORM |
1 |
1 |
INTEGER |
Attestation of the SE Platform the CSP is operated on. |
ATTESTATION_CONFIG |
2 |
1 |
INTEGER |
Attestation of the configuration of this CSP Instance. |
Used in: CSPSystemAttestation, CSPSignedPlatformData, CSPSignedConfigData
ASN 6-16: Attestations: ASN.1 Definition for CSPResourceAttestationType
Name |
Value |
Size |
Type |
Description |
ATTESTATION_DATA |
3 |
1 |
INTEGER |
Attestation of external data with public key, counter or timer. |
ATTESTATION_KEY_POP |
4 |
1 |
INTEGER |
Attestation of public key with proof of possession for the private key. |
ATTESTATION_KEY_GENERATION |
5 |
1 |
INTEGER |
Generate a new key pair and returns a PoP attestation. |
Used in: CSPResourceAttestation, CSPAttestationSupport, CSPSignedData, CSPPopData
ASN 6-17: Signature: ASN.1 Definition for CSPAttestationAlgorithms
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
7..n |
CSPAttestationAlgorithms |
'CSPAttestationAlgorithms': Attestation configuration for a specific resource. |
|
|
'A0' |
5..11 |
CSPSignatureAlgorithms |
'signatureAlgorithms': The signature, padding and message digest algorithms. |
|
|
'A1' |
0..n |
SEQUENCE OF CSPField |
'fieldsAddedAsPrefix': Add signature fields (e.g., counter) to the beginning of data to sign. Implicit encoded as SEQUENCE OF SEQUENCE:
'A1 L'
'30 L0 V0'
'30 L1 V1'
'...' |
OPTIONAL |
|
'A2' |
0..n |
SEQUENCE OF CSPField |
'fieldsAddedAsSuffix': Add signature fields (e.g., counter) to the end of data to sign. Implicit encoded as SEQUENCE OF SEQUENCE:
'A2 L'
'30 L0 V0'
'30 L1 V1'
'...' |
OPTIONAL |
|
Used in: CSPAlgorithms
Used in: CSPSystemAttestationResponse
Used in: CSPPlatformAttestation
Used in: SecurityEnvironmentTemplate
ASN 6-18c: Attestations: ASN.1 Definition for SecurityEnvironmentTemplate
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
33..n |
SecurityEnvironmentTemplate |
'SecurityEnvironmentTemplate': Data structure according to [GP Amd A] section 5.3.1. |
|
|
'00' |
21..n |
ClientApplicationInformation |
'clientApplicationInformation': Information about the CSP Application. |
|
|
'01' |
6..n |
AlgorithmIdentifier |
'signatureAlgorithm': Information about the algorithm used by the CASD. |
|
|
'02' |
0..n |
OCTET STRING |
'keyIdentifier': Identifier of the PK.CASD-SIGN.AUT to verify the signature ([GP Amd A]). |
|
|
Used in: CSPSignedPlatformData
ASN 6-18d: Attestations: ASN.1 Definition for AlgorithmIdentifier
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
4..n |
AlgorithmIdentifier |
'AlgorithmIdentifier': Data structure according to [GP Amd A] section 5.3.1. |
|
|
'80' |
2..n |
OBJECT IDENTIFIER |
'algorithm': The OID of an ECDSA algorithm as specified in [RFC 5758] section 3.2. |
|
|
Used in: SecurityEnvironmentTemplate
ASN 6-19a: Attestations: ASN.1 Definition for CSPConfigAttestation
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
195..98471 |
CSPConfigAttestation |
'CSPConfigAttestation': Response of a config attestation. |
|
|
'A0' |
117..32910 |
CSPSignedConfigData |
'signedConfigData': The attestation data to be signed, including tags and lengths. |
|
|
'81' |
64..65536 |
CSPSignature |
'signature': Signature over the signedConfigData using the config attestation key. |
|
|
'A2' |
5..11 |
CSPSignatureAlgorithms |
'signatureAlgorithm': The algorithm used to sign the data. |
|
|
'A3' |
1 |
CSPKeySizeOrCurve |
'signaturKeySizeOrCurve': Key parameters of the attestation key. Encoded using explicit tagging where 'TA' is the type of the chosen CHOICE alternative: 'A3 L'
'TA LA VA' |
|
|
Used in: CSPSystemAttestationResponse
ASN 6-19b: Attestations: ASN.1 Definition for CSPSignedConfigData
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
115..n |
CSPSignedConfigData |
'CSPSignedConfigData': The attestation data to be signed, including tags and lengths. |
|
|
'80' |
1 |
CSPProtocolVersion |
'cspProtocolVersion': Version of the CSP Admin Protocol used. |
|
|
'81' |
0..1 |
CSPSystemAttestationType |
'attestationType': The type of the attestation being computed (i.e., config). |
OPTIONAL |
ATTESTATION_CONFIG |
'A2' |
0..n |
SET OF CSPField |
'fieldsAddedAsPrefix': Additional Fields to be included; configured by the CSP Admin. Implicit encoded as SET OF SEQUENCE:
'A2 L'
'30 L0 V0'
'30 L1 V1'
'...' |
OPTIONAL |
|
'83' |
32 |
CSPConfigName |
'configName': Custom name set by the CSP Admin via CSPSetup. |
|
|
'84' |
1..2 |
CSPConfigVersion |
'configVersion': Custom version set by the CSP Admin via CSPSetup. |
|
|
'A5' |
55..66 |
CSPPlatform |
'cspPlatform': Information about the CSP platform. |
|
|
'86' |
16..32768 |
OCTET STRING |
'inputData': Input data, e.g. a challenge, provided within the command. |
|
|
'A7' |
0..n |
SET OF CSPField |
'fieldsAddedAsSuffix': Additional Fields to be included; configured by the CSP Admin. Implicit encoded as SET OF SEQUENCE:
'A7 L'
'30 L0 V0'
'30 L1 V1'
'...' |
OPTIONAL |
|
Used in: CSPConfigAttestation
ASN 6-20a: Attestations: ASN.1 Definition for CSPDataAttestation
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
101..131139 |
CSPDataAttestation |
'CSPDataAttestation': Response of a data attestation (signature over external and internal data). |
|
|
'A0' |
23..65577 |
CSPSignedData |
'signedData': The attestation data to be signed, including tags and lengths. |
|
|
'81' |
64..65536 |
CSPSignature |
'signature': Signature over the signedData using the attestation key. |
|
|
'A2' |
5..11 |
CSPSignatureAlgorithms |
'signatureAlgorithm': The algorithm used to sign the data. |
|
|
'A3' |
1 |
CSPKeySizeOrCurve |
'signaturKeySizeOrCurve': Key parameters of the attestation key. Encoded using explicit tagging where 'TA' is the type of the chosen CHOICE alternative: 'A3 L'
'TA LA VA' |
|
|
Used in: CSPResourceAttestationResponse
ASN 6-20b: Attestations: ASN.1 Definition for CSPSignedData
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
21..n |
CSPSignedData |
'CSPSignedData': The attestation data to be signed, including tags and lengths. |
|
|
'80' |
1 |
CSPProtocolVersion |
'cspProtocolVersion': Version of the CSP Admin Protocol used. |
|
|
'81' |
0..1 |
CSPResourceAttestationType |
'attestationType': The type of the attestation being computed (i.e., data attestation). |
OPTIONAL |
ATTESTATION_DATA |
'A2' |
0..n |
SET OF CSPField |
'fieldsAddedAsPrefix': Additional Fields to be included; configured by the CSP Admin. Implicit encoded as SET OF SEQUENCE:
'A2 L'
'30 L0 V0'
'30 L1 V1'
'...' |
OPTIONAL |
|
'83' |
16..32768 |
OCTET STRING |
'inputData': The input data, e.g. a challenge, provided within the command. |
|
|
'84' |
0..32768 |
CSPResourceValue |
'resourceValue': CSP-internal resource value: public key, counter or timer. |
OPTIONAL |
|
'A5' |
0..n |
SET OF CSPField |
'fieldsAddedAsSuffix': Additional Fields to be included; configured by the CSP Admin. Implicit encoded as SET OF SEQUENCE:
'A5 L'
'30 L0 V0'
'30 L1 V1'
'...' |
OPTIONAL |
|
Used in: CSPDataAttestation
ASN 6-21a: Attestations: ASN.1 Definition for CSPKeyPoPAttestation
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
249..229478 |
CSPKeyPoPAttestation |
'CSPKeyPoPAttestation': Response of a key attestation including a Proof of Possession (PoP). |
|
|
'A0' |
160..163900 |
CSPSignedPoPData |
'signedPoPData': The attestation data to be signed, including tags and lengths. |
|
|
'81' |
64..65536 |
CSPSignature |
'signature': Signature over the entire signedPoPData using the attestation key. |
|
|
'A2' |
5..11 |
CSPSignatureAlgorithms |
'signatureAlgorithm': The algorithm used to sign the signedPoPData. |
|
|
'A3' |
1 |
CSPKeySizeOrCurve |
'signaturKeySizeOrCurve': Key parameters of attestation key. Encoded using explicit tagging where 'TA' is the type of the chosen CHOICE alternative: 'A3 L'
'TA LA VA' |
|
|
'A4' |
5..11 |
CSPSignatureAlgorithms |
'popSignatureAlgorithm': The algorithm used to sign the popData. |
|
|
'A5' |
1 |
CSPKeySizeOrCurve |
'popSignaturKeySizeOrCurve': Key parameters of the private key. |
|
|
Used in: CSPResourceAttestationResponse
ASN 6-21ba: Attestations: ASN.1 Definition for CSPSignedPoPData
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
157..163895 |
CSPSignedPoPData |
'CSPSignedPoPData': The attestation data to be signed, including tags and lengths. |
|
|
'80' |
1 |
CSPProtocolVersion |
'cspProtocolVersion': Version of the CSP Admin Protocol used. |
|
|
'A1' |
86..98346 |
CSPPopData |
'popData': Proof Of Possession data to be signed, including tags and lengths. |
|
|
'82' |
64..65536 |
CSPSignature |
'popDataSignature': Signature over the popData using the private key. |
|
|
Used in: CSPKeyPoPAttestation
ASN 6-21bb: Attestations: ASN.1 Definition for CSPPopData
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
84..n |
CSPPopData |
'CSPPopData': Proof Of Possession data to be signed, including tags and lengths. |
|
|
'80' |
0..1 |
CSPResourceAttestationType |
'attestationType': The type of the attestation being computed (i.e., PoP). |
OPTIONAL |
ATTESTATION_KEY_POP |
'A1' |
0..n |
SET OF CSPField |
'fieldsAddedAsPrefix': Additional Fields to be included; configured by the CSP Admin. Implicit encoded as SET OF SEQUENCE:
'A1 L'
'30 L0 V0'
'30 L1 V1'
'...' |
OPTIONAL |
|
'82' |
64..32768 |
CSPResourceValue |
'publicKey': Public key value to attest. |
|
|
'83' |
0..32768 |
CSPResourceValue |
'publicAttestationKey': Public att. key to verify the signature over signedPoPData. |
OPTIONAL |
|
'84' |
16..32768 |
OCTET STRING |
'inputData': Input data, e.g., a challenge, provided within the command. |
|
|
'A5' |
0..n |
SET OF CSPField |
'fieldsAddedAsSuffix': Additional Fields to be included; configured by the CSP Admin. Implicit encoded as SET OF SEQUENCE:
'A5 L'
'30 L0 V0'
'30 L1 V1'
'...' |
OPTIONAL |
|
Used in: CSPSignedPoPData
ASN 6-22: Key: ASN.1 Definition for CSPKeySupport
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
0..104 |
CSPKeySupport |
'CSPKeySupport': Checks for key management support and supported algorithms. |
|
|
'A0' |
0..57 |
SET OF CSPKeySize |
'keySizes': Key types, such as AES, RSA or ECC with key sizes. Implicit encoded as SET OF ENUMERATED:
'A0 L'
'0A L0 V0'
'0A L1 V1'
'...' |
OPTIONAL |
|
'A1' |
0..21 |
SET OF CSPCurve |
'curves': Curves / ECC domain parameter sets. Implicit encoded as SET OF ENUMERATED:
'A1 L'
'0A L0 V0'
'0A L1 V1'
'...' |
OPTIONAL |
|
'A2' |
0..12 |
SET OF CSPKeyDerivationAlgorithm |
'keyDerivationAlgorithms': Key derivation alorithms. Implicit encoded as SET OF ENUMERATED:
'A2 L'
'0A L0 V0'
'0A L1 V1'
'...' |
OPTIONAL |
|
'A3' |
0..6 |
SET OF CSPKeyAgreementScheme |
'keyAgreementSchemes': Key agreement schemes. Implicit encoded as SET OF ENUMERATED:
'A3 L'
'0A L0 V0'
'0A L1 V1'
'...' |
OPTIONAL |
|
Used in: CSPEnforce
ASN 6-23: Key: ASN.1 Definition for CSPKey
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
6..12 |
CSPKey |
'CSPKey': Additional attributes required by key resources. |
|
|
'80' |
1 |
CSPKeyType |
'type': The cryptographic keyType. |
|
|
'81' |
1 |
CSPKeySize |
'size': The cryptographic keySize; also mandatory for ECC keys. |
|
|
'82' |
0..1 |
CSPCurve |
'curve': ECC curve parameters; only relevant for ECC keys. |
OPTIONAL |
|
'83' |
0..1 |
BOOLEAN |
'transient': Flag indicating the key is transient. |
OPTIONAL |
FALSE |
Used in: CSPResourceParams
ASN 6-24: Key: ASN.1 Definition for CSPKeyType
Name |
Value |
Size |
Type |
Description |
KEY_AES |
1 |
1 |
INTEGER |
Symmetric key used with Advanced Encryption Standard (AES). |
KEY_HMAC |
2 |
1 |
INTEGER |
Symmetric key used to create HMAC-based signatures. |
KEY_ECC_PUBLIC |
3 |
1 |
INTEGER |
Public key used for Elliptic Curve Cryptography (ECC). |
KEY_ECC_PRIVATE |
4 |
1 |
INTEGER |
Private key used for Elliptic Curve Cryptography (ECC). |
KEY_RSA_PUBLIC |
5 |
1 |
INTEGER |
Public key for Rivest-Shamir-Adleman (RSA) algorithms. |
KEY_RSA_PRIVATE |
6 |
1 |
INTEGER |
Private key for Rivest-Shamir-Adleman (RSA) algorithms. |
MASTER_SECRET |
7 |
1 |
INTEGER |
Secret generated within the CSP, used for key derivation. |
DERIVED_SECRET |
8 |
1 |
INTEGER |
Secret result from key derivation, used for further key derivation. |
KEY_SHARED_SECRET |
9 |
1 |
INTEGER |
Secret from key agreement, used for key derivation. |
Used in: CSPKey
ASN 6-25: Key: ASN.1 Definition for CSPKeySize
Name |
Value |
Size |
Type |
Description |
KEY_AES_128 |
1 |
1 |
INTEGER |
KEY_AES 128 bit. |
KEY_AES_256 |
3 |
1 |
INTEGER |
KEY_AES 256 bit. |
KEY_AES_2_128 |
5 |
1 |
INTEGER |
KEY_AES 2x128 bit for CIPHER_AES_XTS. |
KEY_AES_2_256 |
7 |
1 |
INTEGER |
KEY_AES 2x256 bit for CIPHER_AES_XTS. |
KEY_HMAC_256 |
10 |
1 |
INTEGER |
KEY_HMAC 256 bit. |
KEY_HMAC_384 |
11 |
1 |
INTEGER |
KEY_HMAC 384 bit. |
KEY_HMAC_512 |
12 |
1 |
INTEGER |
KEY_HMAC 512 bit. |
KEY_ECC_256 |
16 |
1 |
INTEGER |
KEY_ECC_PUBLIC and KEY_ECC_PRIVATE 256 bit. |
KEY_ECC_384 |
17 |
1 |
INTEGER |
KEY_ECC_PUBLIC and KEY_ECC_PRIVATE 384 bit. |
KEY_ECC_512 |
18 |
1 |
INTEGER |
KEY_ECC_PUBLIC and KEY_ECC_PRIVATE 512 bit. |
KEY_ECC_521 |
19 |
1 |
INTEGER |
KEY_ECC_PUBLIC and KEY_ECC_PRIVATE 521 bit. |
KEY_RSA_2048 |
26 |
1 |
INTEGER |
KEY_RSA_PUBLIC and KEY_RSA_PRIVATE 2048 bit. |
KEY_RSA_3072 |
27 |
1 |
INTEGER |
KEY_RSA_PUBLIC and KEY_RSA_PRIVATE 3072 bit. |
KEY_RSA_4096 |
28 |
1 |
INTEGER |
KEY_RSA_* 4096 bit; do not generate, only for import recommended. |
KEY_SECRET_128 |
32 |
1 |
INTEGER |
KEY_MASTER_SECRET, KEY_DERIVED_SECRET and KEY_SHARED_SECRET 128 bit. |
KEY_SECRET_256 |
33 |
1 |
INTEGER |
KEY_MASTER_SECRET, KEY_DERIVED_SECRET and KEY_SHARED_SECRET 256 bit. |
KEY_SECRET_384 |
34 |
1 |
INTEGER |
KEY_MASTER_SECRET, KEY_DERIVED_SECRET and KEY_SHARED_SECRET 384 bit. |
KEY_SECRET_512 |
35 |
1 |
INTEGER |
KEY_MASTER_SECRET, KEY_DERIVED_SECRET and KEY_SHARED_SECRET 512 bit. |
KEY_SECRET_576 |
36 |
1 |
INTEGER |
KEY_MASTER_SECRET and KEY_DERIVED_SECRET. |
Used in: CSPKeySupport, CSPKey, CSPKeySizeOrCurve
ASN 6-26: Key: ASN.1 Definition for CSPCurve
Name |
Value |
Size |
Type |
Description |
CURVE_BRAINPOOL_P256_R1 |
1 |
1 |
INTEGER |
Brainpool P256 r1 [RFC 5639]. |
CURVE_BRAINPOOL_P384_R1 |
2 |
1 |
INTEGER |
Brainpool P384 r1 [RFC 5639]. |
CURVE_BRAINPOOL_P512_R1 |
3 |
1 |
INTEGER |
Brainpool P512 r1 [RFC 5639]. |
CURVE_SEC_P256_R1 |
4 |
1 |
INTEGER |
NIST's P-256 curve [SP800-186]. |
CURVE_SEC_P384_R1 |
5 |
1 |
INTEGER |
NIST's P-384 curve [SP800-186]. |
CURVE_SEC_P521_R1 |
6 |
1 |
INTEGER |
NIST's P-521 curve [SP800-186]. |
CURVE_X25519 |
7 |
1 |
INTEGER |
256-bit, only key agreement [RFC 7748]. |
Used in: CSPKeySupport, CSPKey, CSPKeySizeOrCurve
ASN 6-27: Key: ASN.1 Definition for CSPKeySizeOrCurve
Tag |
Size |
Type |
Description |
Presence |
CHOICE |
|
CSPKeySizeOrCurve |
|
|
'80' |
1 |
CSPKeySize |
"size": The keySize in number of bits (not for ECC_*). |
CONDITIONAL |
'81' |
1 |
CSPCurve |
"curve": ECC curve relevant for keys of type ECC_*. |
CONDITIONAL |
Used in: CSPConfigAttestation, CSPDataAttestation, CSPKeyPoPAttestation
ASN 6-28: Cipher: ASN.1 Definition for CSPKeyDerivationAlgorithms
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
3..6 |
CSPKeyDerivationAlgorithms |
'CSPKeyDerivationAlgorithms': Key derivation configuration for a specific resource. |
|
|
'80' |
1 |
CSPKeyDerivationAlgorithm |
'keyDerivationAlgorithm': The key derivation algorithm. |
|
|
'81' |
0..1 |
CSPMessageDigestAlgorithm |
'keyDerivationHashAlgorithm': The hash algorithm used for the key derivation. |
OPTIONAL |
ALG_NULL |
Used in: CSPAlgorithms
ASN 6-29: Key: ASN.1 Definition for CSPKeyDerivationAlgorithm
Name |
Value |
Size |
Type |
Description |
KDF_AES_CMAC |
1 |
1 |
INTEGER |
Two-step key derivation [SP800-56C]. |
KDF_ECC |
2 |
1 |
INTEGER |
ECC private key derivation from a secret [TR-03111]. |
KDF_HKDF |
3 |
1 |
INTEGER |
HMAC-based key derivation [RFC 5869]. |
KDF_PBKDF2 |
4 |
1 |
INTEGER |
Password-based key derivation [PKCS #5]. |
Used in: CSPKeySupport, CSPKeyDerivationAlgorithms
ASN 6-30: Key: ASN.1 Definition for CSPKeyAgreementScheme
Name |
Value |
Size |
Type |
Description |
KAS_ECKA_DH |
1 |
1 |
INTEGER |
ECC Diffie-Hellman key agreement. |
KAS_ECKA_EG |
2 |
1 |
INTEGER |
ECC ElGamal key agreement. |
Used in: CSPAlgorithms, CSPKeySupport
ASN 6-31: Certificate: ASN.1 Definition for CSPCertificateSupport
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
0..8 |
CSPCertificateSupport |
'CSPCertificateSupport': Checks for certificate management support and supported certificate types. |
|
|
'A0' |
0..6 |
SET OF CSPCertificateType |
'certificateTypes': Certificate types, such as CVC or X.509. Implicit encoded as SET OF ENUMERATED:
'A0 L'
'0A L0 V0'
'0A L1 V1'
'...' |
OPTIONAL |
|
Used in: CSPEnforce
ASN 6-32: Certificate: ASN.1 Definition for CSPCertificate
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
3 |
CSPCertificate |
'CSPCertificate': Additional attributes required by certificate resources. |
|
|
'80' |
1 |
CSPCertificateType |
'type': The certificateType of the certificate. |
|
|
Used in: CSPResourceParams
ASN 6-33: Certificate: ASN.1 Definition for CSPCertificateType
Name |
Value |
Size |
Type |
Description |
CERT_CVC |
1 |
1 |
INTEGER |
Card Verifiable Certificate (CVC) according to [TR-03110-3]. |
CERT_X509 |
2 |
1 |
INTEGER |
X.509 Certificate according to [ITU-T X.509]. |
Used in: CSPCertificateSupport, CSPCertificate
ASN 6-34: Password: ASN.1 Definition for CSPPasswordSupport
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
0..17 |
CSPPasswordSupport |
'CSPPasswordSupport': Checks for password support and supported password types. |
|
|
'A0' |
0..15 |
SET OF CSPPasswordType |
'passwordTypes': Password types, such as numbers only or strong with special characters. Implicit encoded as SET OF ENUMERATED:
'A0 L'
'0A L0 V0'
'0A L1 V1'
'...' |
OPTIONAL |
|
Used in: CSPEnforce
ASN 6-35: Password: ASN.1 Definition for CSPPassword
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
3..12 |
CSPPassword |
'CSPPassword': Additional attributes required by password resources. |
|
|
'80' |
1 |
CSPPasswordType |
'type': The passwordType paramter of the password. |
|
|
'81' |
0..1 |
INTEGER |
'minSize': Minimum number of password characters allowed. |
OPTIONAL |
4 |
'82' |
0..1 |
INTEGER |
'maxSize': Maximum number of password characters allowed. |
OPTIONAL |
20 |
'83' |
0..1 |
INTEGER |
'tryLimit': Incorrect password attempts allowed before blocked (disabled if 0xFF). |
OPTIONAL |
255 |
Used in: CSPResourceParams
ASN 6-36: Password: ASN.1 Definition for CSPPasswordType
Name |
Value |
Size |
Type |
Description |
PWD_ANY |
0 |
1 |
INTEGER |
No rules apply on passwords. |
PWD_NUMERIC |
1 |
1 |
INTEGER |
Only ASCII numbers (e.g., PIN or PUK). |
PWD_ALPHANUMERIC |
2 |
1 |
INTEGER |
ASCII alphanumeric (0-9, a-z, A-Z). |
PWD_UTF8 |
3 |
1 |
INTEGER |
UTF-8 charset. |
PWD_STRONG |
4 |
1 |
INTEGER |
UTF-8 charset, min. 1 uppercase, 1 lowercase, 1 number, 1 special. |
Used in: CSPPasswordSupport, CSPPassword
ASN 6-37: Counter: ASN.1 Definition for CSPCounterSupport
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
0..51 |
CSPCounterSupport |
'CSPCounterSupport': Checks for counter functionality support and supported counter types. |
|
|
'A0' |
0..9 |
SET OF CSPCounterMode |
'counterModes': Counter operation modes to specify the handling of unsupported counters. Implicit encoded as SET OF ENUMERATED:
'A0 L'
'0A L0 V0'
'0A L1 V1'
'...' |
OPTIONAL |
|
'A1' |
0..21 |
SET OF CSPCounterType |
'counterTypes': Counter types. Implicit encoded as SET OF ENUMERATED:
'A1 L'
'0A L0 V0'
'0A L1 V1'
'...' |
OPTIONAL |
|
'A2' |
0..12 |
SET OF CSPCounterCapacity |
'counterCapacitites': Counter capacitites. Implicit encoded as SET OF ENUMERATED:
'A2 L'
'0A L0 V0'
'0A L1 V1'
'...' |
OPTIONAL |
|
'83' |
0..1 |
INTEGER |
'largeCounterLimit': Maximum number of counters with large capacity. |
OPTIONAL |
|
Used in: CSPEnforce
ASN 6-38: Counter: ASN.1 Definition for CSPCounterSettings
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
3 |
CSPCounterSettings |
'CSPCounterSettings': General counter settings for the CSP Instance. |
|
|
'80' |
1 |
CSPCounterMode |
'counterMode': Select counter mode specify the handling of unavailable counter types. |
|
|
Used in: CSPSetup, CSPConfiguration
ASN 6-39: Counter: ASN.1 Definition for CSPCounterMode
Name |
Value |
Size |
Type |
Description |
COUNTER_MODE_OFF |
0 |
1 |
INTEGER |
Counter functionality is disabled or not available. |
COUNTER_MODE_IGNORE |
1 |
1 |
INTEGER |
Ignore counters configured if not supported by the platform. |
COUNTER_MODE_STRICT |
2 |
1 |
INTEGER |
Stop operation if a configured counter is not supported. |
Used in: CSPCounterSupport, CSPCounterSettings
ASN 6-40: Counter: ASN.1 Definition for CSPCounterType
Name |
Value |
Size |
Type |
Description |
COUNT_MANUAL |
1 |
1 |
INTEGER |
Manual counter invoked by the Client Application. |
COUNT_USAGE_PER_BLOCK |
2 |
1 |
INTEGER |
usage counter counting each computation, including each cipher block. |
COUNT_USAGE_COMPLETIONS |
3 |
1 |
INTEGER |
usage counter counting complete processes (e.g., only doFinal calls). |
COUNT_USAGE_SUCCESS_ONLY |
4 |
1 |
INTEGER |
Usage counter counting only successful processes (excluding updates). |
COUNT_USAGE_FAILURE_ONLY |
5 |
1 |
INTEGER |
Usage counter counting only failed processes (excluding updates). |
COUNT_AUTH_USAGE |
6 |
1 |
INTEGER |
Password authentication timeout realized as usage counter. |
COUNT_TRANSPORT_USAGE |
7 |
1 |
INTEGER |
Transport counter (e.g., OTP) for passwords in transport. |
Used in: CSPCounterSupport
ASN 6-41: Counter: ASN.1 Definition for CSPCounters
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
0..78 |
CSPCounters |
'CSPCounters': Container for built-in counters that can be configured to a resource. |
|
|
'A0' |
0..11 |
CSPCounter |
'usageCounter': Counter of type COUNT_USAGE. |
OPTIONAL |
|
'A1' |
0..11 |
CSPCounter |
'blockUsageCounter': Counter of type COUNT_USAGE_PER_BLOCK. |
OPTIONAL |
|
'A2' |
0..11 |
CSPCounter |
'successCounter': Counter of type COUNT_USAGE_SUCCESS_ONLY. |
OPTIONAL |
|
'A3' |
0..11 |
CSPCounter |
'failureCounter': Counter of type COUNT_USAGE_FAILURE_ONLY. |
OPTIONAL |
|
'A4' |
0..11 |
CSPCounter |
'authUsageCounter': Counter of type COUNT_AUTH_USAGE. |
OPTIONAL |
|
'A5' |
0..11 |
CSPCounter |
'transportUsageCounter': Counter of type COUNT_TRANSPORT_USAGE. |
OPTIONAL |
|
Used in: CSPConfigureResource, CSPResource
ASN 6-42: Counter: ASN.1 Definition for CSPCounter
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
0..9 |
CSPCounter |
'CSPCounter': Data structure for a counter configuration. |
|
|
'80' |
0..1 |
CSPCounterCapacity |
'counterCapacity': The structure of the counter defines the max increments supported. |
OPTIONAL |
COUNTER_MEDIUM |
'81' |
0..4 |
OCTET STRING |
'counterLimit': Maximum counter limit before the counter exceeds; is 0 when disabled. |
OPTIONAL |
{ } |
Used in: CSPResourceParams, CSPCounters
ASN 6-43: Counter: ASN.1 Definition for CSPCounterCapacity
Name |
Value |
Size |
Type |
Description |
COUNTER_TINY |
1 |
1 |
INTEGER |
Tiny: 1-byte counter supporting 10,000 increments. |
COUNTER_SMALL |
2 |
1 |
INTEGER |
Small: 2-byte counter supporting 10,000 increments. |
COUNTER_MEDIUM |
3 |
1 |
INTEGER |
Medium: 4-byte counter supporting 100,000 increments. |
COUNTER_LARGE |
4 |
1 |
INTEGER |
Large: 4-byte counter supporting 5,000,000 increments. |
Used in: CSPCounterSupport, CSPCounter
ASN 6-44: Time: ASN.1 Definition for CSPTimeSupport
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
0..48 |
CSPTimeSupport |
'CSPTimeSupport': Checks for time management support and supported timer types. |
|
|
'A0' |
0..9 |
SET OF CSPTimeMode |
'timeModes': Time operation modes to specify the handling for unsupported time. Implicit encoded as SET OF ENUMERATED:
'A0 L'
'0A L0 V0'
'0A L1 V1'
'...' |
OPTIONAL |
|
'81' |
0..1 |
CSPTimeSynchronization |
'timeSynchonization': Time synchronization strategies. |
OPTIONAL |
|
'A2' |
0..21 |
SET OF CSPTimerType |
'timerTypes': Timer types, such as validity date or authentication timeout. Implicit encoded as SET OF ENUMERATED:
'A2 L'
'0A L0 V0'
'0A L1 V1'
'...' |
OPTIONAL |
|
'A3' |
0..9 |
SET OF CSPTimeoutType |
'timeoutTypes': Timeout types to specify if a timeout timer is refreshed. Implicit encoded as SET OF ENUMERATED:
'A3 L'
'0A L0 V0'
'0A L1 V1'
'...' |
OPTIONAL |
|
Used in: CSPEnforce
ASN 6-45: Time: ASN.1 Definition for CSPTimeSettings
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
0..10 |
CSPTimeSettings |
'CSPTimeSettings': General time configuration settings for the CSP Instance. |
|
|
'80' |
0..1 |
CSPTimeMode |
'timeMode': Select time mode to specify the handling of unavailable system time. |
OPTIONAL |
TIME_MODE_OFF |
'81' |
0..1 |
CSPTimeSynchronization |
'timeSynchonization': Configure a strategy to syncronize the reference time. |
OPTIONAL |
{ } |
'82' |
0..2 |
CSPResourceId |
'timeVerificationKey': A public key to verify signatures of new timestamps. |
OPTIONAL |
|
Used in: CSPSetup, CSPConfiguration
ASN 6-46: Time: ASN.1 Definition for CSPTimeMode
Name |
Value |
Size |
Type |
Description |
TIME_MODE_OFF |
0 |
1 |
INTEGER |
Time functionality is disabled or not available. |
TIME_MODE_IGNORE |
1 |
1 |
INTEGER |
Ignore time-related configurations if time is not supported. |
TIME_MODE_STRICT |
2 |
1 |
INTEGER |
Stop operation if time is not synchronized. |
Used in: CSPTimeSupport, CSPTimeSettings
ASN 6-47: Time: ASN.1 Definition for CSPTimeSynchronization
b7 |
b6 |
b5 |
b4 |
b3 |
b2 |
b1 |
b0 |
CSPTimeSynchronization |
- |
- |
- |
- |
x |
x |
- |
1 |
"TIME_SYNC_FROM_TA": Update the reference time from TA2 certificates during EAC v2. |
- |
- |
- |
- |
x |
x |
1 |
- |
"TIME_SYNC_FROM_CLIENT": Permit Client Applications to set the reference time. |
- |
- |
- |
1 |
x |
x |
- |
- |
"TIME_SYNC_ENFORCE_NEWER": Accept only newer timestamps. |
- |
- |
1 |
- |
x |
x |
- |
- |
"TIME_SYNC_PERSIST": Persist the reference time. |
- |
1 |
- |
- |
x |
x |
- |
- |
"TIME_SYNC_VERIFY_SIG": Verify the timestamp signature. |
1 |
- |
- |
- |
x |
x |
- |
- |
"TIME_SYNC_VERIFY_SIG_WITH_CHALLENGE": Verify the timestamp signature using a challenge generated by CSP. |
Used in: CSPTimeSupport, CSPTimeSettings
ASN 6-48: Time: ASN.1 Definition for CSPTimerType
Name |
Value |
Size |
Type |
Description |
TIMER_MANUAL_DATE |
1 |
1 |
INTEGER |
Manual timer invoked by the Client Application. |
TIMER_MANUAL_PERIOD |
2 |
1 |
INTEGER |
Manual timer invoked by the Client Application. |
TIMER_VALIDITY_PERIOD |
3 |
1 |
INTEGER |
Validity period used to compute (and refresh) the validity date. |
TIMER_VALIDITY_DATE |
4 |
1 |
INTEGER |
Validity date as specific Unix timestamp. |
TIMER_VALIDITY_CERTIFICATE |
5 |
1 |
INTEGER |
Validity date extracted from certificates. |
TIMER_AUTH_TIMEOUT |
6 |
1 |
INTEGER |
Timeout for authenticated passwords. |
TIMER_SECURITY_TIMEOUT |
7 |
1 |
INTEGER |
Timeout for secure channel service. |
Used in: CSPTimeSupport
ASN 6-49: Time: ASN.1 Definition for CSPTimers
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
0..30 |
CSPTimers |
'CSPTimers': Container for built-in timers that can be configured to a resource. |
|
|
'80' |
0..4 |
CSPDuration |
'validityPeriod': Validity period for key or password (TIMER_VALIDITY_PERIOD). |
OPTIONAL |
|
'81' |
0..8 |
CSPTimestamp |
'validityDate': Validity date for key or password (TIMER_VALIDITY_DATE). |
OPTIONAL |
|
'82' |
0..1 |
BOOLEAN |
'validityCertificate': Validity date from certificate (TIMER_VALIDITY_CERTIFICATE). |
OPTIONAL |
|
'A3' |
0..9 |
CSPTimeout |
'authTimeout': Authentication timeout for passwords (TIMER_AUTH_TIMEOUT). |
OPTIONAL |
|
Used in: CSPConfigureResource, CSPResource
ASN 6-50: Time: ASN.1 Definition for CSPTimestamp
Name |
Size |
Type |
Description |
CSPTimestamp |
8 |
OCTET STRING |
Unix timestamp in seconds as 8-byte signed int (292 billion years >1970). |
Used in: CSPSetTime, CSPTimers, CSPManualTimer, CSPEventDataSetTime
ASN 6-51: Time: ASN.1 Definition for CSPDuration
Name |
Size |
Type |
Description |
CSPDuration |
4 |
OCTET STRING |
Duration in seconds, represented as 4-byte signed integer (up to 68 years). |
Used in: CSPTimers, CSPManualTimer
ASN 6-52: Time: ASN.1 Definition for CSPTimeout
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
4..7 |
CSPTimeout |
'CSPTimeout': Timeout in seconds, represented as 2-byte signed integer (up to 9 hours). |
|
|
'80' |
2 |
OCTET STRING |
'timeoutValue': Maximum time limit before the timer expires. |
|
|
'81' |
0..1 |
CSPTimeoutType |
'timeoutType': Specifys if the timeout value is re-computed on each resource usage. |
OPTIONAL |
TIMEOUT_HARD |
Used in: CSPSecureChannelSettings, CSPTimers, CSPManualTimer
ASN 6-53: Time: ASN.1 Definition for CSPTimeoutType
Name |
Value |
Size |
Type |
Description |
TIMEOUT_OFF |
0 |
1 |
INTEGER |
Timeout functionality is disabled and/or not available. |
TIMEOUT_HARD |
1 |
1 |
INTEGER |
Fixed timeout after which the authenticated state is invalidated. |
TIMEOUT_SOFT |
2 |
1 |
INTEGER |
Dynamic timeout that is refreshed when using the resource. |
Used in: CSPTimeSupport, CSPTimeout
ASN 6-54: Time: ASN.1 Definition for CSPManualTimer
Tag |
Size |
Type |
Description |
Presence |
CHOICE |
|
CSPManualTimer |
|
|
'80' |
8 |
CSPTimestamp |
"expirationDate": The timer has a fixed expiration date. |
CONDITIONAL |
'81' |
4 |
CSPDuration |
"expirationPerid": Maximum time limit before the timer expires. |
CONDITIONAL |
'A2' |
6..9 |
CSPTimeout |
"timeoutValue": Specifys if the timer is re-computing the time value on each usage. |
CONDITIONAL |
Used in: CSPResourceParams
ASN 6-55: Audit: ASN.1 Definition for CSPAuditSupport
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
0..133 |
CSPAuditSupport |
'CSPAuditSupport': Checks for secure auditing support and supported events. |
|
|
'A0' |
0..9 |
SET OF CSPAuditMode |
'auditModes': Audit operation modes to specify the handling for unsupported events. Implicit encoded as SET OF ENUMERATED:
'A0 L'
'0A L0 V0'
'0A L1 V1'
'...' |
OPTIONAL |
|
'A1' |
0..18 |
SET OF CSPSystemEvent |
'systemEvents': Event types of category "system event". Implicit encoded as SET OF ENUMERATED:
'A1 L'
'0A L0 V0'
'0A L1 V1'
'...' |
OPTIONAL |
|
'A2' |
0..100 |
SET OF CSPResourceEvent |
'resourceEvents': Event types of category "resource event". Implicit encoded as SET OF ENUMERATED:
'A2 L'
'0A L0 V0'
'0A L1 V1'
'...' |
OPTIONAL |
|
Used in: CSPEnforce
ASN 6-56: Audit: ASN.1 Definition for CSPAuditSettings
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
0..27 |
CSPAuditSettings |
'CSPAuditSettings': Audit configuration for this CSP Instance. |
|
|
'80' |
0..1 |
CSPAuditMode |
'auditMode': Select audit mode to specify the handling of a full audit event queue. |
OPTIONAL |
AUDIT_MODE_OFF |
'A1' |
0..18 |
SET OF CSPSystemEvent |
'systemEvents': The system events that shall be audited. Implicit encoded as SET OF ENUMERATED:
'A1 L'
'0A L0 V0'
'0A L1 V1'
'...' |
OPTIONAL |
|
'82' |
0..2 |
CSPResourceId |
'auditSigningKey': The key that shall be used to sign the audit log messages. |
OPTIONAL |
|
Used in: CSPSetup, CSPConfiguration
ASN 6-57: Audit: ASN.1 Definition for CSPAuditMode
Name |
Value |
Size |
Type |
Description |
AUDIT_MODE_OFF |
0 |
1 |
INTEGER |
Audit event logging is disabled or not available. |
AUDIT_MODE_OVERWRITE |
1 |
1 |
INTEGER |
events that are not fetched will be overwritte if audit queue is full. |
AUDIT_MODE_STRICT |
2 |
1 |
INTEGER |
CSP will throw an exception if audit event queue is full. |
Used in: CSPAuditSupport, CSPAuditSettings
ASN 6-58: Audit: ASN.1 Definition for CSPSystemEvent
Name |
Value |
Size |
Type |
Description |
EVENT_CSP_START |
1 |
1 |
INTEGER |
Startup of the CSP (0x0001). |
EVENT_CSP_UPDATE_STARTED |
2 |
1 |
INTEGER |
Start of a CSP software update (0x0002). |
EVENT_CSP_UPDATE_FINISHED |
3 |
1 |
INTEGER |
CSP software update is finished (0x0003). |
EVENT_CSP_CONFIG_UPDATED |
4 |
1 |
INTEGER |
The CSP configuration is modified (0x0004). |
EVENT_CSP_ERROR |
5 |
1 |
INTEGER |
An error occurred that was not yet covered by another event (0x0005). |
EVENT_CSP_TIME_SET |
176 |
1 |
INTEGER |
A new reference time is set (0x00B0). |
Used in: CSPAuditSupport, CSPAuditSettings
ASN 6-59: Audit: ASN.1 Definition for CSPResourceEvent
Name |
Value |
Size |
Type |
Description |
EVENT_RESOURCE_CLEARED |
4096 |
2 |
INTEGER |
Resource cleared successfully (0x1000). |
EVENT_RESOURCE_VALUE_SET |
4097 |
2 |
INTEGER |
Resource modified (0x1001). |
EVENT_CIPHER_ENCRYPTED |
4112 |
2 |
INTEGER |
Data encrypted successfully (0x1010). |
EVENT_CIPHER_DECRYPTED |
4113 |
2 |
INTEGER |
Data decrypted successfully (0x1011). |
EVENT_SIGNATURE_CREATED |
4128 |
2 |
INTEGER |
Signature created successfully (0x1020). |
EVENT_SIGNATURE_VERIFIED |
4129 |
2 |
INTEGER |
Signature verified successfully (0x1021). |
EVENT_SIGNATURE_VERIFICATION_FAILED |
4130 |
2 |
INTEGER |
Signature verification failed (0x1022). |
EVENT_SECURE_CHANNEL_ESTABLISHED |
4160 |
2 |
INTEGER |
Secure messaging successfully established (0x1040). |
EVENT_SECURE_CHANNEL_AUTHENTICATION_FAILED |
4161 |
2 |
INTEGER |
Authentication for secure messaging failed (0x1041). |
EVENT_KEY_GENERATED |
4208 |
2 |
INTEGER |
Key successfully generated (0x1070). |
EVENT_KEY_DERIVED |
4209 |
2 |
INTEGER |
Key derived successfully (0x1071). |
EVENT_KEY_SHARED_SECRET_COMPUTED |
4210 |
2 |
INTEGER |
Successful key agreement (0x1072). |
EVENT_PUBLIC_KEY_IMPORTED |
4211 |
2 |
INTEGER |
Successfully imported a new public key value (0x1073). |
EVENT_CERTIFICATE_IMPORTED |
4224 |
2 |
INTEGER |
Successfully imported a new certificate (0x1080). |
EVENT_CERTIFICATE_EXPORTED |
4225 |
2 |
INTEGER |
Successfully exported a certificate (0x1081). |
EVENT_PASSWORD_UPDATED |
4240 |
2 |
INTEGER |
Password changed successfully (0x1090). |
EVENT_PASSWORD_UPDATE_FAILED |
4241 |
2 |
INTEGER |
Changing a password failed (0x1091). |
EVENT_PASSWORD_AUTHENTICATED |
4242 |
2 |
INTEGER |
Password verified successfully (0x1092). |
EVENT_PASSWORD_CHECK_FAILED |
4243 |
2 |
INTEGER |
Password mismatch (0x1093). |
EVENT_PASSWORD_BLOCKED |
4244 |
2 |
INTEGER |
Password is blocked due to too many incorrect password attempts (0x1094) |
EVENT_PASSWORD_UNBLOCKED |
4245 |
2 |
INTEGER |
A blocked password was unblocked (0x1095). |
EVENT_COUNTER_EXHAUSTED |
4256 |
2 |
INTEGER |
Resource counter exhausted (0x10B0). |
EVENT_TIMER_EXPIRED |
4272 |
2 |
INTEGER |
Resource validity date expired (0x10C0). |
EVENT_OFFLOAD_IMPORTED |
4304 |
2 |
INTEGER |
Resource imported for offloading (0x10D0). |
EVENT_OFFLOAD_EXPORTED |
4305 |
2 |
INTEGER |
Resource exported for offloading (0x10D1). |
Used in: CSPConfigureResource, CSPResource, CSPAuditSupport
ASN 6-60: Audit: ASN.1 Definition for CSPLogMessage
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
3..n |
CSPLogMessage |
'CSPLogMessage': Log message format, computed by the audit.dequeueEvent operation. |
|
|
'80' |
1..2 |
INTEGER |
'eventType': Event type; value can be taken from CSPSystemEvent or CSPResourceEvent. |
|
|
'A1' |
0..n |
SET OF CSPField |
'fieldsAddedAsPrefix': Additional Fields to be included; configured by the CSP Admin. Implicit encoded as SET OF SEQUENCE:
'A1 L'
'30 L0 V0'
'30 L1 V1'
'...' |
OPTIONAL |
|
'A2' |
0..44 |
CSPEventData |
'eventData': Event-specific log data. Encoded using explicit tagging where 'TA' is the type of the chosen CHOICE alternative: 'A2 L'
'TA LA VA' |
OPTIONAL |
|
'83' |
0..65536 |
OCTET STRING |
'inputData': Additional input data provided by the Client through audit.dequeueEvent. |
OPTIONAL |
|
'A4' |
0..n |
SET OF CSPField |
'fieldsAddedAsSuffix': Additional Fields to be included; configured by the CSP Admin. |
OPTIONAL |
|
ASN 6-61: Audit: ASN.1 Definition for CSPEventData
Tag |
Size |
Type |
Description |
Presence |
CHOICE |
|
CSPEventData |
|
|
'A0' |
16 |
CSPEventDataUpdateCSP |
"updateCSPEvent": Event-specific data for: CSP software update started or has finished. |
CONDITIONAL |
'A1' |
42..44 |
CSPEventDataUpdateConfig |
"updateConfigEvent": Event-specific data for: Config updated successful. |
CONDITIONAL |
'A2' |
22 |
CSPEventDataSetTime |
"setTimeEvent": Event-specific data for: Reference time updated. |
CONDITIONAL |
'A3' |
6..10 |
CSPEventDataGeneralError |
"generalErrorEvent": Event-specific data for: Reference time updated. |
CONDITIONAL |
'A4' |
5..6 |
CSPEventDataResource |
"generalResourceEvent": Event-specific data for: General resource-specific events. |
CONDITIONAL |
'A5' |
8..10 |
CSPEventDataKeyDerivation |
"keyDerivationEvent": Event-specific data for: Successful key derivation. |
CONDITIONAL |
'A6' |
11..14 |
CSPEventDataKeyAgreement |
"keyAgreementEvent": Event-specific data for: Shared secret computed successfully. |
CONDITIONAL |
'A7' |
8..9 |
CSPEventDataPasswordFailure |
"passwordCheckFailedEvent": Event-specific data for: Password verification failed. |
CONDITIONAL |
Used in: CSPLogMessage
ASN 6-62: Audit: ASN.1 Definition for CSPEventDataUpdateCSP
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
14 |
CSPEventDataUpdateCSP |
'CSPEventDataUpdateCSP': Event-specific data for 'CSP software update started or has finished'. |
|
|
'80' |
2 |
CSPELFVersion |
'oldCSPELFVersion': The cspELFVersion of the CSP ELF of the before the SW update. |
|
|
'81' |
2 |
CSPELFVersion |
'newCSPELFVersion': The cspELFVersion of the CSP ELF after the SW update. |
|
|
'82' |
1 |
CSPProtocolVersion |
'cspProtocolVersion': The version of the CSP Protocol before the SW update. |
|
|
'83' |
1 |
CSPProtocolVersion |
'newProtocolVersion': The cspProtocolVersion of the CSP Protocol after the SW update. |
|
|
Used in: CSPEventData
ASN 6-63: Audit: ASN.1 Definition for CSPEventDataUpdateConfig
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
40..42 |
CSPEventDataUpdateConfig |
'CSPEventDataUpdateConfig': Event-specific data for EVENT_CSP_CONFIG_UPDATED: Config updated. |
|
|
'80' |
32 |
CSPConfigName |
'configName': Custom name or identifier set by the CSP Admin via CSPSetup. |
|
|
'81' |
1..2 |
CSPConfigVersion |
'oldConfigVersion': The old configVersion of the CSP Configuration before the update. |
|
|
'82' |
1..2 |
CSPConfigVersion |
'newConfigVersion': The new configVersion of the CSP Configuration after the update. |
|
|
Used in: CSPEventData
ASN 6-64: Audit: ASN.1 Definition for CSPEventDataSetTime
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
20 |
CSPEventDataSetTime |
'CSPEventDataSetTime': Event-specific data for EVENT_CSP_TIME_SET: Reference time updated. |
|
|
'80' |
8 |
CSPTimestamp |
'oldReferenceTime': The old referenceTime as it was before the update. |
|
|
'81' |
8 |
CSPTimestamp |
'newReferenceTime': The new referenceTime after the update. |
|
|
Used in: CSPEventData
ASN 6-65: Audit: ASN.1 Definition for CSPEventDataGeneralError
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
4..8 |
CSPEventDataGeneralError |
'CSPEventDataGeneralError': Event-specific data for EVENT_CSP_ERROR: An exception occurred. |
|
|
'80' |
2 |
OCTET STRING |
'reason': Contains the reason of the exception that occurred. |
|
|
'81' |
0..2 |
CSPResourceId |
'resourceId': A resource ID involved to the error (if available). |
OPTIONAL |
|
Used in: CSPEventData
ASN 6-66: Audit: ASN.1 Definition for CSPEventDataResource
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
3..4 |
CSPEventDataResource |
'CSPEventDataResource': Event-specific data for general resource-specific events. |
|
|
'80' |
1..2 |
CSPResourceId |
'resourceId': The identifier of the resource that triggered this event. |
|
|
Used in: CSPEventData
ASN 6-67: Audit: ASN.1 Definition for CSPEventDataKeyDerivation
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
6..8 |
CSPEventDataKeyDerivation |
'CSPEventDataKeyDerivation': Event-specific data for EVENT_KEY_DERIVED: Successful key derivation. |
|
|
'80' |
1..2 |
CSPResourceId |
'sourceResourceId': The source resource for key derivation. |
|
|
'81' |
1..2 |
CSPResourceId |
'destResourceId': The target resource where the result is stored. |
|
|
Used in: CSPEventData
ASN 6-68: Audit: ASN.1 Definition for CSPEventDataKeyAgreement
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
9..12 |
CSPEventDataKeyAgreement |
'CSPEventDataKeyAgreement': Event-specific data for EVENT_KEY_SHARED_SECRET_COMPUTED: Key agreement. |
|
|
'80' |
1..2 |
CSPResourceId |
'privateKeyId': The local or remote private key. |
|
|
'81' |
1..2 |
CSPResourceId |
'publicKeyId': The local or remote public key. |
|
|
'82' |
1..2 |
CSPResourceId |
'sharedSecretId': The resource ID of the destination shared secret. |
|
|
Used in: CSPEventData
ASN 6-69: Audit: ASN.1 Definition for CSPEventDataPasswordFailure
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
6..7 |
CSPEventDataPasswordFailure |
'CSPEventDataPasswordFailure': Event-specific data for EVENT_PASSWORD_CHECK_FAILED: Verification failed. |
|
|
'80' |
1..2 |
CSPResourceId |
'resourceId': The identifier of the resource that triggered this event. |
|
|
'81' |
1 |
INTEGER |
'tryCounter': The remaining try counter value. |
|
|
Used in: CSPEventData
ASN 6-70: Access: ASN.1 Definition for CSPFieldSupport
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
0..60 |
CSPFieldSupport |
'CSPFieldSupport': Checks for signing field functionality support. |
|
|
'A0' |
0..9 |
SET OF CSPFieldMode |
'fieldModes': CSP handling modes of how to handle signature fields. Implicit encoded as SET OF ENUMERATED:
'A0 L'
'0A L0 V0'
'0A L1 V1'
'...' |
OPTIONAL |
|
'A1' |
0..39 |
SET OF CSPFieldType |
'fieldTypes': Signature fields to be added to log messages and attestation data. Implicit encoded as SET OF ENUMERATED:
'A1 L'
'0A L0 V0'
'0A L1 V1'
'...' |
OPTIONAL |
|
'A2' |
0..6 |
SET OF CSPFieldSource |
'fieldSources': Available data sources for fields. Implicit encoded as SET OF ENUMERATED:
'A2 L'
'0A L0 V0'
'0A L1 V1'
'...' |
OPTIONAL |
|
Used in: CSPEnforce
ASN 6-71: Audit: ASN.1 Definition for CSPFieldSettings
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
0..3 |
CSPFieldSettings |
'CSPFieldSettings': Field configuration for this CSP Instance. |
|
|
'80' |
0..1 |
CSPFieldMode |
'fieldMode': Select the mode for handling unsupported fields. |
OPTIONAL |
FIELD_MODE_OFF |
Used in: CSPSetup, CSPConfiguration
ASN 6-72: Signature: ASN.1 Definition for CSPFieldMode
Name |
Value |
Size |
Type |
Description |
FIELD_MODE_OFF |
0 |
1 |
INTEGER |
Fields are disabled or not available. |
FIELD_MODE_IGNORE |
1 |
1 |
INTEGER |
Ignore field configurations that are not supported by the platform. |
FIELD_MODE_STRICT |
2 |
1 |
INTEGER |
Stop operation if a field configured is not supported. |
Used in: CSPFieldSupport, CSPFieldSettings
ASN 6-73a: Signature: ASN.1 Definition for CSPField
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
6..7 |
CSPField |
'CSPField': Structure to configure a field for attestation data or log messages. |
|
|
'80' |
1 |
CSPFieldType |
'field': Type of the data field. |
|
|
'A1' |
1..2 |
CSPSource |
'source': Source from which the data is taken for the field. Encoded using explicit tagging where 'TA' is the type of the chosen CHOICE alternative: 'A1 L'
'TA LA VA' |
|
|
Used in: CSPAttestationAlgorithms, CSPSignedConfigData, CSPSignedData, CSPPopData, CSPLogMessage
ASN 6-73b: Signature: ASN.1 Definition for CSPSource
Tag |
Size |
Type |
Description |
Presence |
CHOICE |
|
CSPSource |
|
|
'80' |
1 |
CSPFieldSource |
"fieldSource": Type of the source, e.g., signing key or event trigger resource. |
CONDITIONAL |
'81' |
1..2 |
CSPResourceId |
"resourceId": A specific resource used as the data source. |
CONDITIONAL |
Used in: CSPField
ASN 6-74: Signature: ASN.1 Definition for CSPFieldType
Name |
Value |
Size |
Type |
Description |
FIELD_SYSTEM_TIME |
1 |
1 |
INTEGER |
Estimated system time as Unix timestamp in seconds, 8 bytes. |
FIELD_TIME_SINCE_BOOT |
2 |
1 |
INTEGER |
The time since boot in seconds, 4 bytes. |
FIELD_REFERENCE_TIME |
3 |
1 |
INTEGER |
The reference time set by CSP Admin or CSP Client. |
FIELD_USAGE_COUNTER |
4 |
1 |
INTEGER |
The The value of a resource usage counter. |
FIELD_CSP_CONFIG_VERSION |
5 |
1 |
INTEGER |
The version of the CSP Configuration set by the CSP Admin. |
FIELD_CSP_PROTOCOL_VERSION |
6 |
1 |
INTEGER |
The version of the CSP Protocol of the platform. |
FIELD_CSP_ELF_VERSION |
7 |
1 |
INTEGER |
The version of the CSP ELF. |
FIELD_RESOURCE_STATE |
8 |
1 |
INTEGER |
The resource state. |
FIELD_PUBKEY |
9 |
1 |
INTEGER |
The value of a public key. |
FIELD_MANUAL_COUNTER |
10 |
1 |
INTEGER |
The value of a manual counter. |
FIELD_MANUAL_COUNTER_LIMIT |
11 |
1 |
INTEGER |
The limit set to a manual counter. |
FIELD_MANUAL_TIMER |
12 |
1 |
INTEGER |
The value of a manual timer. |
FIELD_MANUAL_TIMER_LIMIT |
13 |
1 |
INTEGER |
The limit of a manual timer. |
Used in: CSPFieldSupport, CSPField, CSPFieldValue
ASN 6-75: Signature: ASN.1 Definition for CSPFieldSource
Name |
Value |
Size |
Type |
Description |
DEFAULT_SOURCE |
0 |
1 |
INTEGER |
System data or if a resource is required the signing key resource. |
EVENT_SOURCE |
1 |
1 |
INTEGER |
The resource that triggered the audit event. |
Used in: CSPFieldSupport, CSPSource
ASN 6-76: Signature: ASN.1 Definition for CSPFieldValue
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
5..65548 |
CSPFieldValue |
'CSPFieldValue': The concrete value of a data field added to data before it is signed. |
|
|
'80' |
1 |
CSPFieldType |
'field': Type of the data field. |
|
|
'81' |
0..2 |
CSPResourceId |
'resourceId': The resource used as the data source. |
OPTIONAL |
|
'82' |
0..65536 |
OCTET STRING |
'fieldValue': The value of the field. |
|
|
ASN 6-77: Access: ASN.1 Definition for CSPPolicySupport
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
0..34 |
CSPPolicySupport |
'CSPPolicySupport': Supported policy features. |
|
|
'A0' |
0..9 |
SET OF CSPPolicyMode |
'policyModes': Policy operation modes to specify the handling of unsupported policies. Implicit encoded as SET OF ENUMERATED:
'A0 L'
'0A L0 V0'
'0A L1 V1'
'...' |
OPTIONAL |
|
'A1' |
0..21 |
SET OF CSPPolicyType |
'policyTypes': Policy types, e.g., require an authenticated password to allow cipher. Implicit encoded as SET OF ENUMERATED:
'A1 L'
'0A L0 V0'
'0A L1 V1'
'...' |
OPTIONAL |
|
Used in: CSPEnforce
ASN 6-78: Access: ASN.1 Definition for CSPPolicySettings
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
3 |
CSPPolicySettings |
'CSPPolicySettings': General policy settings for the CSP Instance. |
|
|
'80' |
1 |
CSPPolicyMode |
'policyMode': Select policy mode to specify the handling of unavailable counter types. |
|
|
Used in: CSPSetup, CSPConfiguration
ASN 6-79: Access: ASN.1 Definition for CSPPolicyMode
Name |
Value |
Size |
Type |
Description |
POLICY_MODE_OFF |
0 |
1 |
INTEGER |
Policy evaluation is disabled or not available. |
POLICY_MODE_IGNORE_UNSUPPORTED |
1 |
1 |
INTEGER |
Ignore policy configurations that are not supported by the platform. |
POLICY_MODE_STRICT |
2 |
1 |
INTEGER |
Stop operation if a configured policy is not supported. |
Used in: CSPPolicySupport, CSPPolicySettings
ASN 6-80: Access: ASN.1 Definition for CSPPolicy
Tag |
Length |
Type |
Description |
Presence |
Default |
SEQUENCE |
6..17 |
CSPPolicy |
'CSPPolicy': Structure to configure advanced access rules for a resource. |
|
|
'80' |
1 |
CSPPolicyType |
'policyType': The additional condition that needs to be checked. |
|
|
'81' |
1..2 |
CSPResourceId |
'constrainingResourceId': The associated resource that is evaluated for the policy. |
|
|
'82' |
0..8 |
OCTET STRING |
'additionalData': Policy specific data, e.g., required TA access rights. |
OPTIONAL |
|
Used in: CSPAccessControl
ASN 6-81: Access: ASN.1 Definition for CSPPolicyType
Name |
Value |
Size |
Type |
Description |
POLICY_KEYPAIR |
1 |
1 |
INTEGER |
The public key provided must be associated to the private key. |
POLICY_SECCHANNEL_ESTABLISHED |
2 |
1 |
INTEGER |
An associated secure channel must be fully established. |
POLICY_PASSWORD |
3 |
1 |
INTEGER |
An associated password must be authenticated. |
POLICY_UNBLOCK_PASSWORD |
4 |
1 |
INTEGER |
The PUK used to unblock a password must be associated to the password. |
POLICY_PRE_BLOCKED |
5 |
1 |
INTEGER |
A password with tryCounter=1 requires an associated CAN authenticated. |
POLICY_TA2_ACCESS_FLAG |
6 |
1 |
INTEGER |
A specific access flag must be present in sec channel TA2 certificates. |
POLICY_ASSOCIATION |
7 |
1 |
INTEGER |
The second resource involved must be associated to the main resource. |
Used in: CSPPolicySupport, CSPPolicy