--Version V2.5
RSPDefinitions {joint-iso-itu-t(2) international-organizations(23) gsma(146) rsp(1)
asn1modules(1) sgp22v2(2)}
DEFINITIONS
AUTOMATIC TAGS
EXTENSIBILITY IMPLIED ::=
BEGIN

IMPORTS Certificate, CertificateList, Time FROM PKIX1Explicit88 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit(18)}
SubjectKeyIdentifier FROM PKIX1Implicit88 {iso(1) identified-organization(3) dod(6)
internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit(19)}
UICCCapability FROM PEDefinitions {joint-iso-itu-t(2) international-organizations(23) tca(143) euicc-profile(1) spec-version(1) version-three(3)};
-- The UICCCapability import module version is defined in section 5.7.8

id-rsp OBJECT IDENTIFIER ::= {joint-iso-itu-t(2) international-organizations(23)
gsma(146) rsp(1)}

-- Basic types, for size constraints
Octet8 ::= OCTET STRING (SIZE(8))
Octet4 ::= OCTET STRING (SIZE(4))
Octet16 ::= OCTET STRING (SIZE(16))
OctetTo16 ::= OCTET STRING (SIZE(1..16))
Octet32 ::= OCTET STRING (SIZE(32))
Octet1 ::= OCTET STRING(SIZE(1))
Octet2 ::= OCTET STRING (SIZE(2))
VersionType ::= OCTET STRING(SIZE(3)) -- major/minor/revision version are coded as binary value on byte 1/2/3, e.g. '02 00 0C' for v2.0.12.
-- If revision is not used (e.g. v2.1), byte 3 SHALL be set to '00'.
Iccid ::= [APPLICATION 26] OCTET STRING (SIZE(10)) -- ICCID as coded in EFiccid, corresponding tag is '5A'
RemoteOpId ::= [2] INTEGER {installBoundProfilePackage(1)}
TransactionId ::= OCTET STRING (SIZE(1..16))

-- Definition of EUICCInfo1 --------------------------
GetEuiccInfo1Request ::= [32] SEQUENCE { -- Tag 'BF20'
}

EUICCInfo1 ::= [32] SEQUENCE { -- Tag 'BF20'
   svn [2] VersionType,    -- GSMA SGP.22 version supported (SVN)
   euiccCiPKIdListForVerification [9] SEQUENCE OF SubjectKeyIdentifier, -- List of CI Public Key Identifiers supported on the eUICC for signature verification
   euiccCiPKIdListForSigning [10] SEQUENCE OF SubjectKeyIdentifier -- List of CI Public Key Identifier supported on the eUICC for signature creation
}

-- Definition of EUICCInfo2 --------------------------
GetEuiccInfo2Request ::= [34] SEQUENCE { -- Tag 'BF22'
}

EUICCInfo2 ::= [34] SEQUENCE { -- Tag 'BF22'
   profileVersion [1] VersionType,      -- Base eUICC Profile package version supported
   svn [2] VersionType,    -- GSMA SGP.22 version supported (SVN)
   euiccFirmwareVer [3] VersionType,    -- eUICC Firmware version
   extCardResource [4] OCTET STRING,    -- Extended Card Resource Information according to ETSI TS 102 226
   uiccCapability [5] UICCCapability,
   ts102241Version [6] VersionType OPTIONAL,
   globalplatformVersion [7] VersionType OPTIONAL,
   rspCapability [8] RspCapability,
   euiccCiPKIdListForVerification [9] SEQUENCE OF SubjectKeyIdentifier, -- List of CI Public Key Identifiers supported on the eUICC for signature verification
   euiccCiPKIdListForSigning [10] SEQUENCE OF SubjectKeyIdentifier, -- List of CI Public Key Identifier supported on the eUICC for signature creation
   euiccCategory [11] INTEGER {
      other(0),
      basicEuicc(1),
      mediumEuicc(2),
      contactlessEuicc(3)
   } OPTIONAL,
   forbiddenProfilePolicyRules [25] PprIds OPTIONAL, -- Tag '99'
   ppVersion VersionType, -- Protection Profile version
   sasAcreditationNumber UTF8String (SIZE(0..64)),
   certificationDataObject [12] CertificationDataObject OPTIONAL,
   treProperties [13] BIT STRING {
     isDiscrete(0),
      isIntegrated(1),
      usesRemoteMemory(2) -- refers to the usage of remote memory protected by the Remote Memory Protection Function described in SGP.21 [4]
   } OPTIONAL,
   treProductReference [14] UTF8String OPTIONAL, -- Platform_Label as defined in GlobalPlatform DLOA specification [57]
   additionalEuiccProfilePackageVersions [15] SEQUENCE OF VersionType OPTIONAL
}

-- Definition of RspCapability
RspCapability ::= BIT STRING {
   additionalProfile(0), -- at least one more Profile can be installed
   crlSupport(1), -- CRL
   rpmSupport(2), -- Remote Profile Management
   testProfileSupport (3), -- support for test profile
  deviceInfoExtensibilitySupport (4), -- support for ASN.1 extensibility in the Device Info
   serviceSpecificDataSupport (5) -- support for Service Specific Data in the Profile Metadata
}

-- Definition of CertificationDataObject
CertificationDataObject ::= SEQUENCE {
   platformLabel UTF8String,     -- Platform_Label as defined in GlobalPlatform DLOA specification [57]
   discoveryBaseURL UTF8String   -- Discovery Base URL of the SE default DLOA Registrar as defined in GlobalPlatform DLOA specification [57]
}

CertificateInfo ::= BIT STRING {
   reserved(0), -- eUICC has a CERT.EUICC.ECDSA in GlobalPlatform format. The use of this bit is deprecated.
   certSigningX509(1),     -- eUICC has a CERT.EUICC.ECDSA in X.509 format
   rfu2(2),
   rfu3(3),
   reserved2(4), -- Handling of Certificate in GlobalPlatform format. The use of this bit is deprecated.
   certVerificationX509(5)-- Handling of Certificate in X.509 format
}


-- Definition of DeviceInfo
DeviceInfo ::= SEQUENCE {
   tac Octet4,
   deviceCapabilities DeviceCapabilities,
   imei Octet8 OPTIONAL
}

DeviceCapabilities ::= SEQUENCE { -- Highest fully supported release for each definition
  -- The device SHALL set all the capabilities it supports
   gsmSupportedRelease VersionType OPTIONAL,
   utranSupportedRelease VersionType OPTIONAL,
   cdma2000onexSupportedRelease VersionType OPTIONAL,
   cdma2000hrpdSupportedRelease VersionType OPTIONAL,
   cdma2000ehrpdSupportedRelease VersionType OPTIONAL,
   eutranEpcSupportedRelease VersionType OPTIONAL,
   contactlessSupportedRelease VersionType OPTIONAL,
   rspCrlSupportedVersion VersionType OPTIONAL,
   nrEpcSupportedRelease VersionType OPTIONAL,
   nr5gcSupportedRelease VersionType OPTIONAL,
   eutran5gcSupportedRelease VersionType OPTIONAL,
  lpaSvn VersionType OPTIONAL, -- Not defined in this version of SGP.22
   catSupportedClasses CatSupportedClasses OPTIONAL, -- Not defined in this version of SGP.22
   euiccFormFactorType EuiccFormFactorType OPTIONAL, -- Not defined in this version of SGP.22
   deviceAdditionalFeatureSupport DeviceAdditionalFeatureSupport OPTIONAL
}

-- Definition of DeviceAdditionalFeatureSupport
DeviceAdditionalFeatureSupport ::= SEQUENCE {
   naiSupport VersionType OPTIONAL -- Device supports Network Access Identifier
}

CatSupportedClasses ::= BIT STRING
EuiccFormFactorType ::= INTEGER


ProfileInfoListRequest ::= [45] SEQUENCE { -- Tag 'BF2D'
   searchCriteria [0] CHOICE {
      isdpAid [APPLICATION 15] OctetTo16, -- AID of the ISD-P, tag '4F'
      iccid Iccid, -- ICCID, tag '5A'
      profileClass [21] ProfileClass -- Tag '95'
   } OPTIONAL,
   tagList [APPLICATION 28] OCTET STRING OPTIONAL -- tag '5C'
}

-- Definition of ProfileInfoList
ProfileInfoListResponse ::= [45] CHOICE { -- Tag 'BF2D'
   profileInfoListOk SEQUENCE OF ProfileInfo,
   profileInfoListError ProfileInfoListError
}

ProfileInfo ::= [PRIVATE 3] SEQUENCE { -- Tag 'E3'
   iccid Iccid OPTIONAL,
   isdpAid [APPLICATION 15] OctetTo16 OPTIONAL, -- AID of the ISD-P containing the Profile, tag '4F'
   profileState [112] ProfileState OPTIONAL, -- Tag '9F70'
   profileNickname [16] UTF8String (SIZE(0..64)) OPTIONAL, -- Tag '90'
   serviceProviderName [17] UTF8String (SIZE(0..32)) OPTIONAL, -- Tag '91'
   profileName [18] UTF8String (SIZE(0..64)) OPTIONAL, -- Tag '92'
   iconType [19] IconType OPTIONAL, -- Tag '93'
   icon [20] OCTET STRING (SIZE(0..1024)) OPTIONAL, -- Tag '94', see condition in ES10c:GetProfilesInfo
   profileClass [21] ProfileClass OPTIONAL, -- Tag '95'
   notificationConfigurationInfo [22] SEQUENCE OF NotificationConfigurationInformation OPTIONAL, -- Tag 'B6'
   profileOwner [23] OperatorId OPTIONAL, -- Tag 'B7'
   dpProprietaryData [24] DpProprietaryData OPTIONAL, -- Tag 'B8'
   profilePolicyRules [25] PprIds OPTIONAL, -- Tag '99'
   serviceSpecificDataStoredInEuicc [34] VendorSpecificExtension OPTIONAL -- Tag 'BF22'
}

PprIds ::= BIT STRING {-- Definition of Profile Policy Rules identifiers
   pprUpdateControl(0), -- defines how to update PPRs via ES6
   ppr1(1), -- Indicator for PPR1 'Disabling of this Profile is not allowed'
   ppr2(2) -- Indicator for PPR2 'Deletion of this Profile is not allowed'
}

OperatorId ::= SEQUENCE {
   mccMnc OCTET STRING (SIZE(3)), -- MCC and MNC coded as defined in 3GPP TS 24.008 [32]
   gid1 OCTET STRING OPTIONAL, -- referring to content of EF GID1 (file identifier '6F3E') as defined in 3GPP TS 31.102 [54]
   gid2 OCTET STRING OPTIONAL -- referring to content of EF GID2 (file identifier '6F3F') as defined in 3GPP TS 31.102 [54]
}

ProfileInfoListError ::= INTEGER {incorrectInputValues(1), undefinedError(127)}

-- Definition of StoreMetadata request

StoreMetadataRequest ::= [37] SEQUENCE { -- Tag 'BF25'
   iccid Iccid,
   serviceProviderName [17] UTF8String (SIZE(0..32)), -- Tag '91'
   profileName [18] UTF8String (SIZE(0..64)), -- Tag '92' (corresponds to 'Short Description' defined in SGP.21 [2])
   iconType [19] IconType OPTIONAL, -- Tag '93' (JPG or PNG)
   icon [20] OCTET STRING (SIZE(0..1024)) OPTIONAL, -- Tag '94'(Data of the icon. Size 64 x 64 pixel. This field SHALL only be present if iconType is present)
   profileClass [21] ProfileClass DEFAULT operational, -- Tag '95'
   notificationConfigurationInfo [22] SEQUENCE OF NotificationConfigurationInformation OPTIONAL,
   profileOwner [23] OperatorId OPTIONAL, -- Tag 'B7'
   profilePolicyRules [25] PprIds OPTIONAL, -- Tag '99'
   serviceSpecificDataStoredInEuicc [34] VendorSpecificExtension OPTIONAL, -- Tag 'BF22'
   serviceSpecificDataNotStoredInEuicc [35] VendorSpecificExtension OPTIONAL -- Tag 'BF23'
}

NotificationEvent ::= BIT STRING {
   notificationInstall(0),
   notificationEnable(1),
   notificationDisable(2),
   notificationDelete(3)
}

NotificationConfigurationInformation ::= SEQUENCE {
   profileManagementOperation NotificationEvent,
   notificationAddress UTF8String -- FQDN to forward the notification
}

OPENTYPE ::= CLASS {
  &typeId OBJECT IDENTIFIER,
  &Type
}

VendorSpecificExtension ::= SEQUENCE OF SEQUENCE {
   vendorOid [0] OPENTYPE.&typeId, -- OID of the vendor who defined this specific extension
   vendorSpecificData [1] OPENTYPE.&Type
}

IconType ::= INTEGER {jpg(0), png(1)}
ProfileState ::= INTEGER {disabled(0), enabled(1)}
ProfileClass ::= INTEGER {test(0), provisioning(1), operational(2)}

-- Definition of UpdateMetadata request
UpdateMetadataRequest ::= [42] SEQUENCE { -- Tag 'BF2A'
   serviceProviderName [17] UTF8String (SIZE(0..32)) OPTIONAL, -- Tag '91'
   profileName [18] UTF8String (SIZE(0..64)) OPTIONAL, -- Tag '92'
   iconType [19] IconType OPTIONAL, -- Tag '93'
   icon [20] OCTET STRING (SIZE(0..1024)) OPTIONAL, -- Tag '94'
   profilePolicyRules [25] PprIds OPTIONAL, -- Tag '99'
   serviceSpecificDataStoredInEuicc [34] VendorSpecificExtension OPTIONAL -- Tag 'BF22'
}

-- Definition of data objects for command PrepareDownload -------------------------
PrepareDownloadRequest ::= [33] SEQUENCE { -- Tag 'BF21'
   smdpSigned2 SmdpSigned2,                    -- Signed information
   smdpSignature2 [APPLICATION 55] OCTET STRING,      -- DP_Sign1, tag '5F37'
   hashCc Octet32 OPTIONAL, -- Hash of confirmation code
   smdpCertificate Certificate    -- CERT.DPpb.ECDSA
}

SmdpSigned2 ::= SEQUENCE {
   transactionId [0] TransactionId,     -- The TransactionID generated by the SM-DP+
   ccRequiredFlag BOOLEAN, --Indicates if the Confirmation Code is required
   bppEuiccOtpk [APPLICATION 73] OCTET STRING OPTIONAL      -- otPK.EUICC.ECKA already used for binding the BPP, tag '5F49'
}

PrepareDownloadResponse ::= [33] CHOICE { -- Tag 'BF21'
   downloadResponseOk PrepareDownloadResponseOk,
   downloadResponseError PrepareDownloadResponseError
}

PrepareDownloadResponseOk ::= SEQUENCE {
   euiccSigned2 EUICCSigned2,     -- Signed information
   euiccSignature2 [APPLICATION 55] OCTET STRING      -- tag '5F37'
}

EUICCSigned2 ::= SEQUENCE {
   transactionId [0] TransactionId,
   euiccOtpk [APPLICATION 73] OCTET STRING,           -- otPK.EUICC.ECKA, tag '5F49'
   hashCc Octet32 OPTIONAL        -- Hash of confirmation code
}

PrepareDownloadResponseError ::= SEQUENCE {
   transactionId [0] TransactionId,
   downloadErrorCode DownloadErrorCode
}

DownloadErrorCode ::= INTEGER {invalidCertificate(1), invalidSignature(2),
unsupportedCurve(3), noSessionContext(4), invalidTransactionId(5),
undefinedError(127)}

-- Definition of data objects for command AuthenticateServer--------------------
AuthenticateServerRequest ::= [56] SEQUENCE { -- Tag 'BF38'
   serverSigned1 ServerSigned1,                       -- Signed information
   serverSignature1 [APPLICATION 55] OCTET STRING,    -- tag ‘5F37’
   euiccCiPKIdToBeUsed SubjectKeyIdentifier,          -- CI Public Key Identifier to be used
   serverCertificate Certificate, -- RSP Server Certificate CERT.XXauth.ECDSA
   ctxParams1 CtxParams1
}

ServerSigned1 ::= SEQUENCE {
   transactionId [0] TransactionId,            -- The Transaction ID generated by the RSP Server
   euiccChallenge [1] Octet16,          -- The eUICC Challenge
   serverAddress [3] UTF8String, -- The RSP Server address
   serverChallenge [4] Octet16          -- The RSP Server Challenge
}

CtxParams1 ::= CHOICE {
   ctxParamsForCommonAuthentication CtxParamsForCommonAuthentication -- New contextual data objects MAY be defined for extensibility
}

CtxParamsForCommonAuthentication ::= SEQUENCE {
   matchingId UTF8String OPTIONAL,-- The MatchingId could be the Activation code token or EventID or empty
   deviceInfo DeviceInfo -- The Device information
}

AuthenticateServerResponse ::= [56] CHOICE { -- Tag 'BF38'
   authenticateResponseOk AuthenticateResponseOk,
   authenticateResponseError AuthenticateResponseError
}

AuthenticateResponseOk ::= SEQUENCE {
   euiccSigned1 EuiccSigned1,            -- Signed information
   euiccSignature1 [APPLICATION 55] OCTET STRING,     --EUICC_Sign1, tag 5F37
   euiccCertificate Certificate, -- eUICC Certificate (CERT.EUICC.ECDSA) signed by the EUM
   eumCertificate Certificate     -- EUM Certificate (CERT.EUM.ECDSA) signed by the requested CI
}

EuiccSigned1 ::= SEQUENCE {
   transactionId [0] TransactionId,
   serverAddress [3] UTF8String,
   serverChallenge [4] Octet16,   -- The RSP Server Challenge
   euiccInfo2 [34] EUICCInfo2,
   ctxParams1 CtxParams1
}

AuthenticateResponseError ::= SEQUENCE {
   transactionId [0] TransactionId,
   authenticateErrorCode AuthenticateErrorCode
}

AuthenticateErrorCode ::= INTEGER {invalidCertificate(1), invalidSignature(2),
unsupportedCurve(3), noSessionContext(4), invalidOid(5), euiccChallengeMismatch(6),
ciPKUnknown(7), undefinedError(127)}

-- Definition of Cancel Session------------------------------
CancelSessionRequest ::= [65] SEQUENCE { -- Tag 'BF41'
   transactionId TransactionId,   -- The TransactionID generated by the RSP Server
   reason CancelSessionReason
}

CancelSessionReason ::= INTEGER {endUserRejection(0), postponed(1), timeout(2),
pprNotAllowed(3), metadataMismatch(4), loadBppExecutionError(5),
undefinedReason(127)}

CancelSessionResponse ::= [65] CHOICE { -- Tag 'BF41'
   cancelSessionResponseOk CancelSessionResponseOk,
   cancelSessionResponseError INTEGER {invalidTransactionId(5),
undefinedError(127)}
}

CancelSessionResponseOk ::= SEQUENCE {
   euiccCancelSessionSigned EuiccCancelSessionSigned,        -- Signed information
   euiccCancelSessionSignature [APPLICATION 55] OCTET STRING -- tag '5F37
}

EuiccCancelSessionSigned ::= SEQUENCE {
   transactionId TransactionId,
   smdpOid OBJECT IDENTIFIER, -- SM-DP+ OID as contained in CERT.DPauth.ECDSA
   reason CancelSessionReason
}

-- Definition of Bound Profile Package --------------------------
BoundProfilePackage ::= [54] SEQUENCE { -- Tag 'BF36'
   initialiseSecureChannelRequest [35] InitialiseSecureChannelRequest, -- Tag 'BF23'
   firstSequenceOf87 [0] SEQUENCE OF [7] OCTET STRING, -- sequence of '87' TLVs
   sequenceOf88 [1] SEQUENCE OF [8] OCTET STRING, -- sequence of '88' TLVs
   secondSequenceOf87 [2] SEQUENCE OF [7] OCTET STRING OPTIONAL, -- sequence of '87' TLVs
   sequenceOf86 [3] SEQUENCE OF [6] OCTET STRING -- sequence of '86' TLVs
}

-- Definition of Get eUICC Challenge --------------------------
GetEuiccChallengeRequest ::= [46] SEQUENCE { -- Tag 'BF2E'
}

GetEuiccChallengeResponse ::= [46] SEQUENCE { -- Tag 'BF2E'
   euiccChallenge Octet16 -- random eUICC challenge
}

-- Definition of Profile Installation Result
ProfileInstallationResult ::= [55] SEQUENCE { -- Tag 'BF37'
   profileInstallationResultData [39] ProfileInstallationResultData,
   euiccSignPIR EuiccSignPIR
}

ProfileInstallationResultData ::= [39] SEQUENCE { -- Tag 'BF27'
   transactionId[0] TransactionId, -- The TransactionID generated by the SM-DP+
   notificationMetadata[47] NotificationMetadata,
   smdpOid OBJECT IDENTIFIER, -- SM-DP+ OID (same value as in CERT.DPpb.ECDSA)
   finalResult [2] CHOICE {
      successResult SuccessResult,
      errorResult ErrorResult
   }
}

EuiccSignPIR ::= [APPLICATION 55] OCTET STRING -- Tag '5F37', eUICC’s signature

SuccessResult ::= SEQUENCE {
   aid [APPLICATION 15] OCTET STRING (SIZE (5..16)), -- AID of ISD-P
   simaResponse OCTET STRING -- contains (multiple) 'EUICCResponse' as defined in [5]
}

ErrorResult ::= SEQUENCE {
   bppCommandId BppCommandId,
   errorReason ErrorReason,
   simaResponse OCTET STRING OPTIONAL -- contains (multiple) 'EUICCResponse' as defined in [5]
}

BppCommandId ::= INTEGER {initialiseSecureChannel(0), configureISDP(1),
storeMetadata(2), storeMetadata2(3), replaceSessionKeys(4), loadProfileElements(5)}

ErrorReason ::= INTEGER {
   incorrectInputValues(1),
   invalidSignature(2),
   invalidTransactionId(3),
   unsupportedCrtValues(4),
   unsupportedRemoteOperationType(5),
   unsupportedProfileClass(6),
   scp03tStructureError(7),
   scp03tSecurityError(8),
   installFailedDueToIccidAlreadyExistsOnEuicc(9),
   installFailedDueToInsufficientMemoryForProfile(10),
   installFailedDueToInterruption(11),
   installFailedDueToPEProcessingError (12),
   installFailedDueToDataMismatch(13),
   testProfileInstallFailedDueToInvalidNaaKey(14),
   pprNotAllowed(15),
   installFailedDueToUnknownError(127)
}

ListNotificationRequest ::= [40] SEQUENCE { -- Tag 'BF28'
    profileManagementOperation [1] NotificationEvent OPTIONAL
}

ListNotificationResponse ::= [40] CHOICE { -- Tag 'BF28'
   notificationMetadataList SEQUENCE OF NotificationMetadata,
   listNotificationsResultError INTEGER {undefinedError(127)}
}

NotificationMetadata ::= [47] SEQUENCE { -- Tag 'BF2F'
   seqNumber [0] INTEGER,
   profileManagementOperation [1] NotificationEvent, /*Only one bit SHALL be set to
1*/
   notificationAddress UTF8String, -- FQDN to forward the notification
   iccid Iccid OPTIONAL
}

-- Definition of Profile Nickname Information
SetNicknameRequest ::= [41] SEQUENCE { -- Tag 'BF29'
   iccid Iccid,
   profileNickname [16] UTF8String (SIZE(0..64))
}

SetNicknameResponse ::= [41] SEQUENCE { -- Tag 'BF29'
   setNicknameResult INTEGER {ok(0), iccidNotFound (1), undefinedError(127)}
}

id-rsp-cert-objects OBJECT IDENTIFIER ::= {         id-rsp cert-objects(2)}

id-rspExt OBJECT IDENTIFIER ::= {id-rsp-cert-objects 0}

id-rspRole OBJECT IDENTIFIER ::= {id-rsp-cert-objects 1}

-- Definition of OIDs for role identification
id-rspRole-ci OBJECT IDENTIFIER ::= {id-rspRole 0}
id-rspRole-euicc OBJECT IDENTIFIER ::= {id-rspRole 1}
id-rspRole-eum OBJECT IDENTIFIER ::= {id-rspRole 2}
id-rspRole-dp-tls OBJECT IDENTIFIER ::= {id-rspRole 3}
id-rspRole-dp-auth OBJECT IDENTIFIER ::= {id-rspRole 4}
id-rspRole-dp-pb OBJECT IDENTIFIER ::= {id-rspRole 5}
id-rspRole-ds-tls OBJECT IDENTIFIER ::= {id-rspRole 6}
id-rspRole-ds-auth OBJECT IDENTIFIER ::= {id-rspRole 7}

--Definition of data objects for InitialiseSecureChannel Request
InitialiseSecureChannelRequest ::= [35] SEQUENCE { -- Tag 'BF23'
   remoteOpId RemoteOpId, -- Remote Operation Type Identifier (value SHALL be set to installBoundProfilePackage)
   transactionId [0] TransactionId, -- The TransactionID generated by the SM-DP+
   controlRefTemplate[6] IMPLICIT ControlRefTemplate, -- Control Reference Template (Key Agreement). Current specification considers a subset of CRT specified in GlobalPlatform Card Specification [8], section 6.4.2.3 for the Mutual Authentication Data Field
   smdpOtpk [APPLICATION 73] OCTET STRING, ---otPK.DP.ECKA as specified in GlobalPlatform Card Specification [8] section 6.4.2.3 for ePK.OCE.ECKA, tag '5F49'
   smdpSign [APPLICATION 55] OCTET STRING -- SM-DP's signature, tag '5F37'
}

ControlRefTemplate ::= SEQUENCE {
   keyType[0] Octet1, -- Key type according to GlobalPlatform Card Specification [8] Table 11-16, AES= '88', Tag '80'
   keyLen[1] Octet1, --Key length in number of bytes. For current specification key length SHALL by 0x10 bytes, Tag '81'
   hostId[4] OctetTo16 -- Host ID value , Tag '84'
}

--Definition of data objects for ConfigureISDPRequest
ConfigureISDPRequest ::= [36] SEQUENCE { -- Tag 'BF24'
   dpProprietaryData [24] DpProprietaryData OPTIONAL -- Tag 'B8'
}

DpProprietaryData ::= SEQUENCE { -- maximum size including tag and length field: 128 bytes
   dpOid OBJECT IDENTIFIER -- OID in the tree of the SM-DP+ that created the Profile
   -- additional data objects defined by the SM-DP+ MAY follow
}

-- Definition of request message for command ReplaceSessionKeys
ReplaceSessionKeysRequest ::= [38] SEQUENCE { -- tag 'BF26'
/*The new initial MAC chaining value*/
   initialMacChainingValue OCTET STRING,
/*New session key value for encryption/decryption (PPK-ENC)*/
   ppkEnc OCTET STRING,
/*New session key value of the session key C-MAC computation/verification (PPK-MAC)*/
   ppkCmac OCTET STRING
}

-- Definition of data objects for RetrieveNotificationsList
RetrieveNotificationsListRequest ::= [43] SEQUENCE { -- Tag 'BF2B'
   searchCriteria CHOICE {
      seqNumber [0] INTEGER,
      profileManagementOperation [1] NotificationEvent
   } OPTIONAL
}

RetrieveNotificationsListResponse ::= [43] CHOICE { -- Tag 'BF2B'
   notificationList SEQUENCE OF PendingNotification,
   notificationsListResultError INTEGER { undefinedError(127)}
}

PendingNotification ::= CHOICE {
   profileInstallationResult [55] ProfileInstallationResult, -- tag 'BF37'
   otherSignedNotification OtherSignedNotification
}

OtherSignedNotification ::= SEQUENCE {
   tbsOtherNotification NotificationMetadata,
   euiccNotificationSignature [APPLICATION 55] OCTET STRING, -- eUICC signature of tbsOtherNotification, Tag '5F37'
   euiccCertificate Certificate, -- eUICC Certificate (CERT.EUICC.ECDSA) signed by the EUM
   eumCertificate Certificate     -- EUM Certificate (CERT.EUM.ECDSA) signed by the requested CI
}

-- Definition of notificationSent
NotificationSentRequest ::= [48] SEQUENCE { -- Tag 'BF30'
   seqNumber [0] INTEGER
}

NotificationSentResponse ::= [48] SEQUENCE { -- Tag 'BF30'
   deleteNotificationStatus INTEGER {ok(0), nothingToDelete(1),
undefinedError(127)}
}

-- Definition of Enable Profile --------------------------
EnableProfileRequest ::= [49] SEQUENCE { -- Tag 'BF31'
   profileIdentifier CHOICE {
      isdpAid [APPLICATION 15] OctetTo16, -- AID, tag '4F'
      iccid Iccid -- ICCID, tag '5A'
   },
   refreshFlag BOOLEAN -- indicating whether REFRESH is required
}

EnableProfileResponse ::= [49] SEQUENCE { -- Tag 'BF31'
   enableResult INTEGER {ok(0), iccidOrAidNotFound (1),
profileNotInDisabledState(2), disallowedByPolicy(3), wrongProfileReenabling(4),
catBusy(5), undefinedError(127)}
}

-- Definition of Disable Profile --------------------------
DisableProfileRequest ::= [50] SEQUENCE { -- Tag 'BF32'
   profileIdentifier CHOICE {
      isdpAid [APPLICATION 15] OctetTo16, -- AID, tag '4F'
      iccid Iccid -- ICCID, tag '5A'
   },
   refreshFlag BOOLEAN -- indicating whether REFRESH is required
}

DisableProfileResponse ::= [50] SEQUENCE { -- Tag 'BF32'
   disableResult INTEGER {ok(0), iccidOrAidNotFound (1),
profileNotInEnabledState(2), disallowedByPolicy(3), catBusy(5),
undefinedError(127)}
}

-- Definition of Delete Profile --------------------------
DeleteProfileRequest ::= [51] CHOICE { -- Tag 'BF33'
   isdpAid [APPLICATION 15] OctetTo16, -- AID, tag '4F'
   iccid Iccid -- ICCID, tag '5A'
}

DeleteProfileResponse ::= [51] SEQUENCE { -- Tag 'BF33'
   deleteResult INTEGER {ok(0), iccidOrAidNotFound (1),
profileNotInDisabledState(2), disallowedByPolicy(3), undefinedError(127)}
}

-- Definition of Memory Reset --------------------------
EuiccMemoryResetRequest ::= [52] SEQUENCE { -- Tag 'BF34'
   resetOptions [2] BIT STRING {
      deleteOperationalProfiles(0),
      deleteFieldLoadedTestProfiles(1),
      resetDefaultSmdpAddress(2)}
}

EuiccMemoryResetResponse ::= [52] SEQUENCE { -- Tag 'BF34'
   resetResult INTEGER {ok(0), nothingToDelete(1), catBusy(5), undefinedError(127)}
}

-- Definition of Get EID --------------------------
GetEuiccDataRequest ::= [62] SEQUENCE { -- Tag 'BF3E'
   tagList [APPLICATION 28] Octet1 -- tag '5C', the value SHALL be set to '5A'
}

GetEuiccDataResponse ::= [62] SEQUENCE { -- Tag 'BF3E'
   eidValue [APPLICATION 26] Octet16 -- tag '5A'
}

-- Definition of Get Rat

GetRatRequest ::= [67] SEQUENCE { -- Tag ' BF43'
   -- No input data
}


GetRatResponse ::= [67] SEQUENCE { -- Tag 'BF43'
   rat RulesAuthorisationTable
}

RulesAuthorisationTable ::= SEQUENCE OF ProfilePolicyAuthorisationRule
ProfilePolicyAuthorisationRule ::= SEQUENCE {
   pprIds PprIds,
   allowedOperators SEQUENCE OF OperatorId,
   pprFlags BIT STRING {consentRequired(0)}
}

-- Definition of data structure containing the list of CRL segments
SegmentedCrlList ::= SEQUENCE OF CertificateList

-- Definition of data structure command for loading a CRL
LoadCRLRequest ::= [53] SEQUENCE { -- Tag 'BF35'
   -- A CRL
   crl CertificateList
}

-- Definition of data structure response for loading a CRL
LoadCRLResponse ::= [53] CHOICE { -- Tag 'BF35'
   loadCRLResponseOk LoadCRLResponseOk,
   loadCRLResponseError LoadCRLResponseError
}

LoadCRLResponseOk ::= SEQUENCE {
   missingParts SEQUENCE OF INTEGER OPTIONAL
}
LoadCRLResponseError ::= INTEGER {invalidSignature(1), invalidCRLFormat(2),
notEnoughMemorySpace(3), verificationKeyNotFound(4), fresherCrlAlreadyLoaded(5),
baseCrlMissing(6), undefinedError(127)}

-- Definition of the extension for Certificate Expiration Date
id-rsp-expDate OBJECT IDENTIFIER ::= {id-rspExt 1}
ExpirationDate ::= Time

-- Definition of the extension id for total partial-CRL number
id-rsp-totalPartialCrlNumber OBJECT IDENTIFIER ::= {id-rspExt 2}
TotalPartialCrlNumber ::= INTEGER

-- Definition of the extension id for the partial-CRL number
id-rsp-partialCrlNumber OBJECT IDENTIFIER ::= {id-rspExt 3}
PartialCrlNumber ::= INTEGER

-- Definition for ES9+ ASN.1 Binding --------------------------
RemoteProfileProvisioningRequest ::= [2] CHOICE { -- Tag 'A2'
   initiateAuthenticationRequest [57] InitiateAuthenticationRequest, -- Tag 'BF39'
   authenticateClientRequest [59] AuthenticateClientRequest, -- Tag 'BF3B'
   getBoundProfilePackageRequest [58] GetBoundProfilePackageRequest, -- Tag 'BF3A'
   cancelSessionRequestEs9 [65] CancelSessionRequestEs9, -- Tag 'BF41'
   handleNotification [61] HandleNotification -- tag 'BF3D'
}

RemoteProfileProvisioningResponse ::= [2] CHOICE { -- Tag 'A2'
   initiateAuthenticationResponse [57] InitiateAuthenticationResponse, -- Tag 'BF39'
   authenticateClientResponseEs9 [59] AuthenticateClientResponseEs9, -- Tag 'BF3B'
   getBoundProfilePackageResponse [58] GetBoundProfilePackageResponse, -- Tag 'BF3A'
   cancelSessionResponseEs9 [65] CancelSessionResponseEs9, -- Tag 'BF41'
   authenticateClientResponseEs11 [64] AuthenticateClientResponseEs11 -- Tag 'BF40'
}

InitiateAuthenticationRequest ::= [57] SEQUENCE { -- Tag 'BF39'
   euiccChallenge [1] Octet16, -- random eUICC challenge
   smdpAddress [3] UTF8String,
   euiccInfo1 EUICCInfo1
}

InitiateAuthenticationResponse ::= [57] CHOICE { -- Tag 'BF39'
   initiateAuthenticationOk InitiateAuthenticationOkEs9,
   initiateAuthenticationError INTEGER {
      invalidDpAddress(1),
      euiccVersionNotSupportedByDp(2),
      ciPKNotSupported(3)
    }
}

InitiateAuthenticationOkEs9 ::= SEQUENCE {
   transactionId [0] TransactionId, -- The TransactionID generated by the SM-DP+
   serverSigned1 ServerSigned1, -- Signed information
   serverSignature1 [APPLICATION 55] OCTET STRING, -- Server_Sign1, tag '5F37'
   euiccCiPKIdToBeUsed SubjectKeyIdentifier, -- The curve CI Public Key to be used as required by ES10b.AuthenticateServer
   serverCertificate Certificate
}

AuthenticateClientRequest ::= [59] SEQUENCE { -- Tag 'BF3B'
   transactionId [0] TransactionId,
   authenticateServerResponse [56] AuthenticateServerResponse -- This is the response from ES10b.AuthenticateServer
}

AuthenticateClientResponseEs9 ::= [59] CHOICE { -- Tag 'BF3B'
   authenticateClientOk AuthenticateClientOk,
   authenticateClientError INTEGER {
      eumCertificateInvalid(1),
      eumCertificateExpired(2),
      euiccCertificateInvalid(3),
      euiccCertificateExpired(4),
      euiccSignatureInvalid(5),
      matchingIdRefused(6),
      eidMismatch(7),
      noEligibleProfile(8),
      ciPKUnknown(9),
      invalidTransactionId(10),
      insufficientMemory(11),
      undefinedError(127)
   }
}

AuthenticateClientOk ::= SEQUENCE {
   transactionId [0] TransactionId,
   profileMetaData [37] StoreMetadataRequest,
   smdpSigned2 SmdpSigned2, -- Signed information
   smdpSignature2 [APPLICATION 55] OCTET STRING,              -- tag '5F37'
   smdpCertificate Certificate    -- CERT.DPpb.ECDSA
}

GetBoundProfilePackageRequest ::= [58] SEQUENCE { -- Tag 'BF3A'
   transactionId [0] TransactionId,
   prepareDownloadResponse [33] PrepareDownloadResponse
}

GetBoundProfilePackageResponse ::= [58] CHOICE { -- Tag 'BF3A'
   getBoundProfilePackageOk GetBoundProfilePackageOk,
   getBoundProfilePackageError INTEGER {
      euiccSignatureInvalid(1),
      confirmationCodeMissing(2),
      confirmationCodeRefused(3),
      confirmationCodeRetriesExceeded(4),
      bppRebindingRefused(5),
      downloadOrderExpired(6),
      invalidTransactionId(95),
      undefinedError(127)
   }
}

GetBoundProfilePackageOk ::= SEQUENCE {
   transactionId [0] TransactionId,
   boundProfilePackage [54] BoundProfilePackage
}

HandleNotification ::= [61] SEQUENCE { -- Tag 'BF3D'
   pendingNotification PendingNotification
}

CancelSessionRequestEs9 ::= [65] SEQUENCE { -- Tag 'BF41'
   transactionId TransactionId,
   cancelSessionResponse CancelSessionResponse -- data structure defined for ES10b.CancelSession function
}

CancelSessionResponseEs9 ::= [65] CHOICE { -- Tag 'BF41'
   cancelSessionOk CancelSessionOk,
   cancelSessionError INTEGER {
      invalidTransactionId(1),
      euiccSignatureInvalid(2),
      undefinedError(127)
   }
}

CancelSessionOk ::= SEQUENCE { -- This function has no output data
}

EuiccConfiguredAddressesRequest ::= [60] SEQUENCE { -- Tag 'BF3C'
}

EuiccConfiguredAddressesResponse ::= [60] SEQUENCE { -- Tag 'BF3C'
   defaultDpAddress UTF8String OPTIONAL, -- Default SM-DP+ address as an FQDN
   rootDsAddress UTF8String -- Root SM-DS address as an FQDN
}

ISDRProprietaryApplicationTemplate ::= [PRIVATE 0] SEQUENCE { -- Tag 'E0'
   svn [2] VersionType,     -- GSMA SGP.22 version supported (SVN)
   lpaeSupport BIT STRING {
      lpaeUsingCat(0), -- LPA in the eUICC using Card Application Toolkit
      lpaeUsingScws(1) -- LPA in the eUICC using Smartcard Web Server
   } OPTIONAL
}

LpaeActivationRequest ::= [66] SEQUENCE { -- Tag 'BF42'
   lpaeOption BIT STRING {
      activateCatBasedLpae(0), -- LPAe with LUIe based on CAT
      activateScwsBasedLpae(1) -- LPAe with LUIe based on SCWS
   }
}

LpaeActivationResponse ::= [66] SEQUENCE { -- Tag 'BF42'
   lpaeActivationResult INTEGER {ok(0), notSupported(1)}
}

SetDefaultDpAddressRequest ::= [63] SEQUENCE { -- Tag 'BF3F'
   defaultDpAddress UTF8String -- Default SM-DP+ address as an FQDN
}

SetDefaultDpAddressResponse ::= [63] SEQUENCE { -- Tag 'BF3F'
   setDefaultDpAddressResult INTEGER { ok (0), undefinedError (127)}
}

AuthenticateClientResponseEs11 ::= [64] CHOICE { -- Tag 'BF40'
   authenticateClientOk AuthenticateClientOkEs11,
   authenticateClientError INTEGER {
      eumCertificateInvalid(1),
      eumCertificateExpired(2),
      euiccCertificateInvalid(3),
      euiccCertificateExpired(4),
      euiccSignatureInvalid(5),
      eventIdUnknown(6),
      invalidTransactionId(7),
      undefinedError(127)
    }
}

AuthenticateClientOkEs11 ::= SEQUENCE {
   transactionId TransactionId,
   eventEntries SEQUENCE OF EventEntries
}

EventEntries ::= SEQUENCE {
   eventId UTF8String,
   rspServerAddress UTF8String
}

END