Document toolboxDocument toolbox

Appendix - ASN.1 Schema

Owned by Kim O'Sullivan
Last updated: May 16, 2023Version comment
6 min read

1 Contents

 

2 Overview

OpenFIPS201 extend commands make use of BER-TLV command and/or response structures which are defined using Abstract Syntax Notation One (ASN.1).

These ASN.1 schemas have been compiled/validated inside the excellent and free OSS ASN.1 Playground. You are encouraged to load these schemas into their web tool to easily construct command data and parse response data.

All Response objects have all been tagged as [APPLICATION 19] to match the PIV GET DATA Response tag value, however with this ASN.1 the tag would actually render to 73h, whereas the PIV response is 53h. The difference is that ASN.1 would require the above to have the Constructed flag (bit 6, 20h) set, which accounts for the mismatch. To put it simply, you should expect your responses from the card to be tagged with 53h, not 73h.

3 Command - GET STATUS

3.1 Schema

OpenFIPS201_GET_STATUS_Schema DEFINITIONS IMPLICIT TAGS ::= BEGIN AppletState ::= ENUMERATED { selectable (0), personalised (1), blocked (2), terminated (127) } GetStatusResponse ::= [APPLICATION 19] SEQUENCE { appletState [0] AppletState, pinVerified [1] BOOLEAN, pinAlways [2] BOOLEAN, smState [3] BOOLEAN, vciState [4] BOOLEAN, scpState [5] BOOLEAN, contactless [6] BOOLEAN, fipsMode [7] BOOLEAN } END

3.2 Example

53 15 80 01 01 -- appletState = personalised 81 01 FF -- pinVerified = TRUE 82 01 00 -- pinAlways = FALSE 83 01 00 -- smState = FALSE 84 01 00 -- vciState = FALSE 85 01 00 -- scpState = FALSE 86 01 FF -- contactless = TRUE

4 Command - GET VERSION

4.1 Schema

OpenFIPS201_GET_VERSION_Schema DEFINITIONS IMPLICIT TAGS ::= BEGIN GetVersionResponse ::= [APPLICATION 19] SEQUENCE { application [0] UTF8String (SIZE(0..127)), major [1] INTEGER (0..127), minor [2] INTEGER (0..127), revision [3] INTEGER (0..127), debug [4] BOOLEAN } END

4.2 Example

5 Command - PUT DATA ADMIN

 

5.1 Schema

 

5.2 Example - Legacy Request

5.3 Example - Create Object Request

5.4 Example - Delete Object Request

5.5 Example - Create Key Request

5.6 Example - Delete Key Request

5.7 Example - Config Update Request

5.8 Example - Bulk Request

6 Command - CHANGE REFERENCE DATA ADMIN

6.1 Schema

 

6.2 Example

Â