CORE Working Group P. Urien Internet Draft Telecom ParisTech Intended status: Experimental December 2018 Expires: June 2019 Remote APDU Call Secure (RACS) draft-urien-core-racs-12.txt Abstract This document describes the Remote APDU Call Protocol Secure (RACS) protocol, dedicated to Grid of Secure Elements (GoSE). These servers host Secure Elements (SE), i.e. tamper resistant chips offering secure storage and cryptographic resources. Secure Elements are microcontrollers whose chip area is about 25mm2; they deliver trusted computing services in constrained environments. RACS supports commands for GoSE inventory and data exchange with secure elements. It is designed according to the representational State Transfer (REST) architecture. RACS resources are identified by dedicated URIs. An HTTP interface is also supported. An open implementation [OPENRACS] is available (https://github.com/purien) for various OS. Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on June 2019. . Urien Expires June 2019 [Page 1] Copyright Notice Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Urien Expires June 2019 [page 2] RACS December 2018 Table of Contents Abstract........................................................... 1 Requirements Language.............................................. 1 Status of this Memo................................................ 1 Copyright Notice................................................... 2 1 Overview......................................................... 5 1.1 What is a Secure Element.................................... 5 1.2 Grid Of Secure Elements (GoSE).............................. 6 1.3 Secure Element Identifier (SEID)............................ 7 1.3.1 SlotID example ....................................... 7 1.3.2 SEID for Secure Elements ............................. 8 1.4 APDUs....................................................... 9 1.4.1 ISO7816 APDU request ................................. 9 1.4.2 ISO7816 APDU response ................................ 9 2 The RACS protocol............................................... 10 2.1 Structure of RACS request.................................. 10 2.2 Structure of a RACS response............................... 11 2.2.1 BEGIN Header ........................................ 11 2.2.2 END Header .......................................... 11 2.2.3 Status line ......................................... 11 2.2.4 Examples of RACS responses: ......................... 12 2.3 RACS request commands...................................... 12 2.3.1 BEGIN ............................................... 12 2.3.2 END ................................................. 12 2.3.3 The APPEND parameter ................................ 13 2.3.4 GET-VERSION ......................................... 14 2.3.5 SET-VERSION ......................................... 14 2.3.6 LIST ................................................ 15 2.3.7 RESET ............................................... 15 2.3.8 APDU ................................................ 16 2.3.9 SHUTDOWN ............................................ 19 2.3.10 POWERON ............................................ 20 2.3.11 ECHO ............................................... 21 2.4 Status header encoding..................................... 21 2.4.1 Event class ......................................... 22 2.4.2 Command class ....................................... 22 3 URI for the GoSE................................................ 23 4 HTTP interface.................................................. 23 4.1 HTTPS Request.............................................. 23 4.2 HTTPS response............................................. 24 5 Security Considerations......................................... 24 5.1 Authorization.............................................. 24 5.2 Secure Element access...................................... 24 5.3 Applications security policy............................... 25 5.3.1 Users-Table ......................................... 25 5.3.2 SEID-Table .......................................... 25 5.3.3 APDU-Table .......................................... 25 5.4 Overview of the security policy............................ 26 6 IANA Considerations............................................. 26 7 References...................................................... 26 7.1 Normative References....................................... 26 Urien Expires June 2019 [Page 3] RACS December 2018 7.2 Informative References..................................... 26 8 Authors' Addresses.............................................. 27 Urien Expires June 2019 [Page 4] RACS December 2018 1 Overview This document describes the Remote APDU Call Protocol Secure (RACS) protocol, dedicated to Grids of Secure Elements (GoSE). These servers host Secure Elements (SE), i.e. tamper resistant chips offering secure storage and cryptographic resources. Secure Elements are microcontrollers whose chip area is about 25mm2; they deliver trusted computing services in constrained environments. RACS supports commands for GoSE inventory and data exchange with secure elements. RACS is designed according to the representational State Transfer (REST) architecture [REST], which encompasses the following features: - Client-Server architecture. - Stateless interaction. - Cache operation on the client side. - Uniform interface. - Layered system. - Code On Demand. 1.1 What is a Secure Element A Secure Element (SE) is a tamper resistant microcontroller equipped with host interfaces such as [ISO7816], SPI (Serial Peripheral Interface) or I2C (Inter Integrated Circuit). The typical area size of these electronic chips is about 25mm2. They comprise CPU (8, 16, 32 bits), ROM (a few hundred KB), nonvolatile memory (EEPROM, FLASH, a few hundred KB) and RAM (a few ten KB). Security is enforced by multiple hardware and logical countermeasures. According to the [EUROSMART] association height billion of such secure devices were shipped in 2013. Secure elements are widely deployed for electronic payment (EMV cards), telecommunication (SIM modules), identity (electronic passports), ticketing, and access control. Most of secure elements include a Java Virtual Machine and therefore are able to execute embedded program written in the JAVACARD language. Because these devices are dedicated to security purposes they support numerous cryptographic resources such as digest functions (MD5, SHA1, SHA2...), symmetric cipher (3xDES, AES) or asymmetric procedures (RSA, ECC). A set of Global Platform [GP] standards control the lifecycle of embedded software, i.e. application downloading, activation and deletion. Urien Expires June 2019 [Page 5] RACS December 2018 As an illustration a typical Secure Element has the following characteristics: - JAVACARD operating system; - Compliant with the GP (Global Platform) standards; - 160 KB of ROM; - 72 KB of EEPROM; - 4KB of RAM; - Embedded crypto-processor; - 3xDES, AES, RSA, ECC; - Certification according to Common Criteria (CC) EAL5+ level; - Security Certificates from payment operators. 1.2 Grid Of Secure Elements (GoSE) Grid Of Secure Elements +---------------------------------------------+ | SlotID | | Grid +------+ +------+ SEID | | Inventory | |----+ | |----+ | | | | SLOT | SE | | SLOT | SE | | +-+-+-+--|-+ | |----+ | |----+ | |I|T|T| | +------+ +------+ | |P|C|L|RACS| | | |P|S| | +------+ +------+ | +-+-+-+--|-+ | |----+ | |----+ | | | | SLOT | SE | | SLOT | SE | | | | | |--+-+ | |----+ | | | +------+ | +------+ | | +-ISO7816 Requests-+ | +---------------------------------------------+ Figure 1. Architecture of a Grid of Secure Elements +----+----+----+ Vcc->| | |<-Ground +----+ +----+ RESET->| | | | +----+ +----+ Clock->| | | |<-Input/Output +----+ +----+ | | | | +----+----+----+ Figure 2. Illustration of an ISO7816 Secure Element A grid of Secure Elements (GoSE) is a server hosting a set of secure elements. Urien Expires June 2019 [Page 6] RACS December 2018 The goal of these platforms is to deliver trusted services over the Internet. These services are available in two functional planes, - The user plane, which provides trusted computing and secure storage. - The management plane, which manages the lifecycle (downloading, activation, deletion) of applications hosted by the Secure Element. A grid of Secure Elements offers services similar to HSM (Hardware Secure Module), but may be managed by a plurality of administrators, dealing with specific secure microcontrollers. According to this draft all accesses to a GoSE require the TCP transport and are secured by the TLS [TLS 1.0] [TLS 1.1] [TLS 2.0] protocol. The RACS protocol provides all the features needed for the remote use of secure elements, i.e. - Inventory of secure elements - Information exchange with the secure elements 1.3 Secure Element Identifier (SEID) Every secure element needs a physical slot that provides electrical feeding and communication resources. This electrical interface is for example realized by a socket soldered on an electronic board, or a CAD (Card Acceptance Device, i.e. a reader) supporting host buses such as USB. Within the GoSE each slot is identified by a SlotID (slot identifier) attribute, which may be a socket number or a CAD name. The SEID (Secure Element IDentifier) is a unique identifier indicating that a given SE is hosted by a GoSE. It also implicitly refers the physical slot (SlotID) to which the SE is plugged. The GoSE manages an internal table that establishes the relationship between SlotIDs and SEIDs. Therefore three parameters are needed for remote communication with secure element, the IP address of the GoSE, the associated TCP port, and the SEID. 1.3.1 SlotID example According to the PC/SC (Personal Computer/Smart Card) standard [PS/SC], a smart card reader MAY include a serial number. This attribute (VENDOR-IFD-SERIAL) is associated to the tag 0x0103 in the class VENDOR-INFO. Urien Expires June 2019 [Page 7] RACS December 2018 1.3.2 SEID for Secure Elements According to the Global Platform standard [GP] the Issuer Security Domain (ISD) manages applications lifecycle (downloading, activation, deletion). The command 'initialize update' is used to start a mutual authentication between the administration entity and the secure element; it collects a set of data whose first ten bytes are called the 'key diversification data'. This information is used to compute symmetric keys, and according for example to [EMV] MAY comprise a serial number. Urien Expires June 2019 [Page 8] RACS December 2018 1.4 APDUs According to the [ISO7816] standards secure element process ISO7816 request messages and return ISO7816 response messages, named APDUs (application protocol data unit). 1.4.1 ISO7816 APDU request An APDU request comprises two parts: a header and an optional body. The header is a set of four or five bytes noted CLA INS P1 P2 P3 - CLA indicates the class of the request, and is usually bound to standardization committee (00 for example means ISO request). -INS indicates the type of request, for example B0 for reading or D0 for writing. - P1 P2 gives additional information for the request (such index in a file or identifier of cryptographic procedures) - P3 indicates the length of the request body (from P3=01 to P3=FF), or the size of the expected response body (a null value meaning 256 bytes). Short ISO7816 requests may comprise only 4 bytes - The body may be empty. Its maximum size is 255 bytes 1.4.2 ISO7816 APDU response An APDU response comprises two parts an optional body and a mandatory status word. - The optional body is made of 256 bytes at the most. - The response ends by a two byte status noted SW. SW1 refers the most significant byte and SW2 the less significant byte. An error free operation is usually associated to the 9000 status word. Following are some interpretations of the tuple SW1, SW2 according to various standards: - '61' 'xx', indicates that xx bytes (modulus 256) are ready for reading. Operation result MUST be fetched by the ISO Get Response APDU (CLA=00, INS=C0, P1=P2=00, P3=XX) - '9F' 'xx', indicates that xx bytes (modulus 256) are ready for reading. Operation result MUST be fetched by the ISO Get Response APDU (CLA=00, INS=C0, P1=P2=00, P3=XX) - '6C' 'XX', the P3 value is wrong, request must be performed again with the LE parameter value sets to 'XX' - '6E' 'XX', wrong instruction class (CLA) given in the request - '6D' 'XX', unknown instruction code (INS) given in the request - '6B' 'XX', incorrect parameter P1 or P2 - '67' 'XX', incorrect parameter P3 - '6F' 'XX', technical problem, not implemented... Urien Expires June 2019 [Page 9] RACS December 2018 2 The RACS protocol +-----------------+ | RACS | +-----------------+ | TLS | +-----------------+ | TCP | +-----------------+ | IP | +------------- ---+ Figure 2. The RACS stack The RACS protocol works over the TCP transport layer and is secured by the TLS protocol. The TLS client (i.e. the RACS client) MUST be authenticated by a certificate. One of the main targets of the RACS protocol is to efficiently push a set of ISO7816 requests towards a secure element in order to perform cryptographic operations in the user's plane. In that case a RACS request typically comprises a prefix made with multiple ISO7816 requests and a suffix that collects the result of a cryptographic procedure. The mandatory use of TLS with mutual authentication based on certificate provides a simple and elegant way to establish the credentials of a RACS client over the GoSE. It also enables an easy splitting between users' and administrators' privileges. 2.1 Structure of RACS request A RACS request is a set of command lines, encoded according to the ASCII format. Each line ends by the Cr (carriage return) and line feed (Lf) characters. The RACS protocol is case sensitive. Each command is a set of tokens (i.e. words) separated by space (0x20) character(s). The first token of each line is the command to be executed. A command line MAY comprise other tokens, which are called the command parameters. A RACS request MUST start by a BEGIN command and MUST end by an END command. Each command line is associated to an implicit line number. The BEGIN line is associated to the zero line number. Urien Expires June 2019 [Page 10] RACS December 2018 The processing of a RACS request is stopped after the first error. In that case the returned response contained the error status induced by the last executed command. 2.2 Structure of a RACS response A RACS response is a set of lines, encoded according to the ASCII format. Each line ends by the Cr (carriage return) and line feed (Lf) characters. The RACS protocol is case sensitive. Each line is a set of tokens (i.e. words) separated by space (0x20) character(s). The first token of each line is the header. The second token of response each line is associated command line number A response line MAY comprise other tokens, which are called the response parameters. Three classes of headers are defined BEGIN, END and Status. A RACS response MUST start by a BEGIN header and MUST end by an END header. It comprises one or several status lines. 2.2.1 BEGIN Header This header starts a response message. It comprises an optional parameter, an identifier associated to a previous request message. 2.2.2 END Header This header ends a response message. 2.2.3 Status line A status header indicates a status line. It begins by the character '+' in case of success or '-' if an error occurred during the RACS request execution. It is followed by an ASCII encoded integer, which is the value of the status. The second mandatory token of a status line is the command line number (starting from zero) Urien Expires June 2019 [Page 11] RACS December 2018 A status line MAY comprise other tokens, which are called the response parameters. 2.2.4 Examples of RACS responses: BEGIN CrLf +001 000 Success CrLf END CrLf BEGIN moon1969 CrLf -301 007 Illegal command, BEGIN condition not satisfied at line 7 END CrLf BEGIN Asterix237 CrLf +006 001 [ISO7816-Response] CrLf END CrLf BEGIN CrLf -100 002 Unknown command at line 2 CrLf END CrLf BEGIN CrLf -606 001 Unauthorized command APDU command at line 1 END CrLf BEGIN CrLf -706 001 SEID Already in use, APDU command at line 1 END CrLf 2.3 RACS request commands 2.3.1 BEGIN This command starts a request message. A response message is returned if an error is detected. An optional parameter is the request identifier, which MUST be echoed in the parameter of the first response line (i.e. starting by the BEGIN header). 2.3.2 END This command ends a request message. It returns the response message triggered by the last command. Urien Expires June 2019 [Page 12] RACS December 2018 Example1 ======== Request: BEGIN CrLf END CrLf Response: BEGIN CrLf +001 000 Success CrLf END CrLF Example2 ======== Request: BEGIN Marignan1515 CrLf APDU ASTERIX-CRYPTO-MODULE [ISO7816-Request] CrLf END CrLf Response: BEGIN Marignan1515 CrLf +006 001 [ISO7816-Response] CrLf END CrLf 2.3.3 The APPEND parameter The APPEND parameter MAY be used in all command lines, excepted BEGIN and END. The APPEND parameter MUST be the last parameter of a command line. By default a response message returns only the last status line. When APPEND is inserted, the command line, if executed, MUST produce a status line. Example Request: BEGIN SanchoPanza CrLf APDU 100 [ISO7816-Request-1] CrLf APDU 100 [ISO7816-Request-2] CrLf END CrLf Response: BEGIN SanchoPanza CrLf +006 002 [ISO7816-Response-2] CrLf END CrLf Request: BEGIN DonQuichotte CrLf APDU 100 [ISO7816-Request-1] APPEND CrLf APDU 100 [ISO7816-Request-2] APPEND CrLf END CrLf Urien Expires June 2019 [Page 13] RACS December 2018 Response: BEGIN DonQuichotte CrLf +006 001 [ISO7816-Response-1] CrLf +006 002 [ISO7816-Response-2] CrLf END CrLf 2.3.4 GET-VERSION This command requests the current version of the RACS protocol. The returned response is the current version encoded by two integer separated by the '.' character. The first integer indicates the major version and the second integer gives the minor version. This draft version is 0.2 Example ======= Request: BEGIN CrLf GET-VERSION CrLf END CrLf Response: BEGIN CrLf +002 001 1.0 CrLf END CrLf 2.3.5 SET-VERSION This command sets the version to be used for the RACS request. An error status is returned by the response if an error occurred. Example 1 ========= Request: BEGIN CrLf SET-VERSION 2.0 CrLf END CrLf Response: BEGIN CrLf -403 001 Error line 1 RACS 2.0 is not supported CrLf END CrLf Example 2 ========= Request: BEGIN CrLf SET-VERSION 1.0 CrLf END CrLf Urien Expires June 2019 [Page 14] RACS December 2018 Response: BEGIN CrLf +003 001 RACS 1.0 has been activated CrLf END CrLf 2.3.6 LIST This command requests the list of SEID plugged in the GoSE. It returns a list of SEIDs separated by space (0x20) character(s). Some SEID attributes MAY be built from a prefix and an integer suffix (such as SE#100 in which SE# is the suffix and 100 is the integer suffix. A list of non-consecutive SEID MAY be encoded as prefix[i1;i2;..;ip] where i1,i2,ip indicates the integer suffix. A list of consecutive SEID could be encoded as prefix[i1-ip] where i1,i2,ip indicates the integer suffix. Example 1 ========= Request: BEGIN CrLf LIST CrLf END CrLf Response: BEGIN CrLf +004 001 SEID1 SEID2 CR LF END CrLf Example 2 ========= Request: BEGIN CrLf LIST CrLf END CrLf Response: BEGIN CrLf +004 001 Device[1000-2000] SerialNumber[567;789;243] CrLf END CrLf 2.3.7 RESET This command resets a secure element. The first parameter gives the secure element identifier (SEID). An optional second parameter specifies a warm reset. The default behavior is a cold reset. The response status indicates the success or the failure of this operation. Urien Expires June 2019 [Page 15] RACS December 2018 Syntax: RESET SEID [WARM] CrLf Example 1 ========= Request: BEGIN CrLf RESET device#45 CrLf END CrLf Response: BEGIN CrLf +005 001 device#45 Reset Done END CrLf Example 2 ========= Request: BEGIN CrLf RESET device#45 CrLf END CrLf Response: BEGIN CrLf -705 001 error device#45 is already in use END CrLf Example 3 ========= Request: BEGIN CrLf RESET device#45 WARM CrLf END CrLf Response: BEGIN CrLf +005 001 device#45 Warm Reset Done CrLf END CrLf 2.3.8 APDU This command sends an ISO7816 request to a secure element or a set of ISO7816 commands. The first parameter specifies the SEID. The second parameter is an ISO7816 request. Three optional parameters are available; they MUST be located after the second parameter. Urien Expires June 2019 [Page 16] RACS December 2018 - CONTINUE=value, indicates that the next RACS command will be executed only if the ISO7816 status word (SW) is equal to a given value. Otherwise an error status is returned. - MORE=value, indicates that a FETCH request will be performed (i.e. a new ISO7816 request will be sent) if the first byte of the ISO7816 status word (SW1) is equal to a given value. - FETCH=value fixes the four bytes of the ISO7816 FETCH request (i.e. CLA INS P1 P2). The default value (when FETCH is omitted) is 00C00000 (CLA=00, INS=C0, P1=00, P2=00) When the options CONTINUE and MORE are simultaneously set the SW1 byte is first checked. If there is no match then the SW word is afterwards checked. The ISO7816 6Cxx status MUST be autonomously processed by the GoSE. SYNTAX APDU SEID ISO7816-REQUEST [CONTINUE=SW] [MORE=SW1] [FETCH=CMD] CrLf The returned response is the ISO7816 response. If multiple ISO7816 requests are executed (due to the MORE option), the bodies are concatenated in the response, which ends by the last ISO7816 status word. The pseudo code of the APDU command is the following : 1. BODY = empty; 2. SW = empty; 3. DoIt = true; 3. Do 4. { iso7816-response = send(iso7816-request); 5. body || sw1 || sw2 = iso7816-response; 6. If ( (first request) && (iso7816-request.size==5) && (body==empty) && (sw1==6C) ) 8. { iso7816-request.P3 = sw2 ; } 6. Else 7. { SW = sw1 || sw2 8. BODY = BODY || body; 9. If (sw1 == MORE) 10. { iso7816-request = FETCH || sw2 ; } 11. Else 12. { DoIt=false;} 13. } 14. } 15. While (DoIt == true) 16. iso7816-response = BODY || SW ; 17. If (SW != CONTINUE) Error ; 18. Else No Error; Urien Expires June 2019 [Page 17] RACS December 2018 Example 1 ========= Request: BEGIN CrLf APDU SEID ISO7816-REQUEST CrLf END CrLf Response: BEGIN CrLf +006 001 ISO7816-RESPONSE CrLf END CrLf Example 2 ========= Request: BEGIN CrLf APDU SEID ISO7816-REQUEST CrLf END CrLf Response: BEGIN CrLf -706 001 error SEID is already used CrLf END CrLf Example 3 ========= Request: BEGIN CrLf APDU SEID ISO7816-REQUEST CrLf END CrLf Response: BEGIN CrLf -606 001 error access unauthorized access CrLf END CrLf Example 4 ========= BEGIN CrLf APDU SEID ISO7816-REQUEST-1 CONTINUE=9000 CrLf APDU SEID ISO7816-REQUEST-2 CrLf END CrLf Response: BEGIN CrLf +006 002 ISO7816-RESPONSE-2 CrLf END CrLf Urien Expires June 2019 [Page 18] RACS December 2018 Example 5 ========= BEGIN CrLf APDU SEID ISO7816-REQUEST-1 CONTINUE=9000 CrLf APDU SEID ISO7816-REQUEST-2 CrLf END CrLf Response: BEGIN CrLf -006 001 Request Error line 1 wrong SW CrLf END CrLf Example 6 ========= BEGIN CrLf APDU SEID ISO7816-REQ-1 CONTINUE=9000 CrLf APDU SEID ISO7816-REQ-2 CONTINUE=9000 CrLf APDU SEID ISO7816-REQ-3 CONTINUE=9000 MORE=61 FETCH=00C00000 CrLf END CrLf Response: BEGIN CrLf +006 003 ISO7816-RESP-3 CrLf END CrLf Multiple ISO7816 requests have been performed by the third APDU command according to the following scenario : - the ISO7816-REQ-3 request has been forwarded to the secure element (SEID) - the ISO 7816 response comprises a body (body-0) and a status word (SW-0) whose first byte is 0x61, and the second byte is SW2-0 - the FETCH command CLA=00, INS=00, P1=00, P2=00, P3=SW2-0 is sent to the secure element - the ISO 7816 response comprises a body (body-1) and a status word (SW-1) set to 9000 The RACS response is set to +006 003 body-0 || body-1 || SW-1 CrLf where ||indicates a concatenation operation. 2.3.9 SHUTDOWN This command powers down a secure element. The first parameter gives the secure element identifier (SEID). Syntax: SHUTDOWN SEID CrLf Urien Expires June 2019 [Page 19] RACS December 2018 Example ========= Request: BEGIN Goodbye CrLf SHUTDOWN device#45 CrLf END CrLf Response: BEGIN Goodbye CrLf +007 001 device#45 has been powered down CrLf END CrLf 2.3.10 POWERON This command powers up a secure element. The first parameter gives the secure element identifier (SEID). Syntax: POWERON SEID CrLf Example 1 ========= Request: BEGIN CrLf POWERON device#45 CrLf END CrLf Response: BEGIN CrLf +008 001 device#45 Has been powered up CrLf END CrLf Example 2 ========= Request: BEGIN CrLf POWERON device#45 CrLf END CrLf Response: BEGIN CrLf -708 001 error device#45 is already in use CrLf END CrLf Example 3 ========= Request: BEGIN CrLf POWERON device#45 CrLf END CrLf Urien Expires June 2019 [Page 20] RACS December 2018 Response: BEGIN CrLf -608 001 error unauthorized access CrLf END CrLf 2.3.11 ECHO This command echoes a token. The first parameter is the token (word) to be echoed by the response. Syntax: ECHO SEID CrLf Example 1 ========= Request: BEGIN TestEcho CrLf ECHO Hello CrLf END CrLf Response: BEGIN TestEcho CrLf +009 001 Hello CrLf END CrLf Example 2 ========= Request: BEGIN ResetSEID CrLf POWERON device#45 CrLf ECHO Done CrLf END CrLf Response: BEGIN ResetSEID CrLf +009 001 Done CrLf END CrLf 2.4 Status header encoding The first token of a response line is the status header. It begins by a '+' or a '-' character, and comprises three decimal digits (xyz). The first digit (x) MUST indicates an event class. The second and third digits (yz) MAY indicate a command class. Urien Expires June 2019 [Page 21] RACS December 2018 2.4.1 Event class This draft only defines the meaning of the first digit located at the left most side. +0yz: No error -0yz: Command execution error -1yz: Unknown command, the command is not defined by this draft -2yz: Not implemented command -3yz: Illegal command, the command can't be executed -4yz: Not supported parameter or parameter illegal value -5yz: Parameter syntax error or parameter missing -6yz: Unauthorized command -7yz: Already in use, a session with this SE is already opened -8yz: Hardware error -9yz: System error 2.4.2 Command class The second and third digits (yz) MAY indicates the command that trigged the current line status 01 BEGIN 02 GET-VERSION 03 SET-VERSION 04 LIST 05 RESET 06 APDU 07 SHUTDOWN 08 POWERON 09 ECHO Urien Expires June 2019 [Page 22] RACS December 2018 3 URI for the GoSE The URI addressing the resources hosted by the GoSE is represented by the string: RACS://GoSE-Name:port/?request where request is the RACS request to be forwarded to a the GoSE. RACS command lines are encoded in a way similar to the INPUT field of an HTML form. Each command is associated to an INPUT name, the remaining of the command line i.e. a set of ASCII characters, is written according to the URL encoding rules. End of line characters, i.e. carriage return (Cr) and line feed (Lf) are omitted. As a consequence a request is written to the following syntax cmd1=cmd1-parameters&cmd2=cmd2-parameters Example: RACS://GoSE-Name:port/?BEGIN=&APDU=SEID%20[ISO7816-REQUEST]&END= 4 HTTP interface A GoSE SHOULD support an HTTP interface. RACS requests/responses are transported by HTTP messages. The use of TLS is mandatory. 4.1 HTTPS Request https://GoSE-Name:port/RACS?request where request is the RACS request to be forwarded to a secure element (SEID) The RACS request is associated to an HTML form whose name is "RACS". The request command lines are encoded as the INPUT field of an HTML form. Each command is associated to an INPUT name, the remaining of the command line i.e. a set of ASCII characters is written according to the URL encoding rules. End of line characters, i.e. carriage return (Cr) and line feed (Lf) are omitted. As a consequence a RACS request is written as https://GoSE-Name/RACS?cmd1=cmd1-parameters&cmd2=cmd2-parameters Example: https://GoSE-Name/RACS?BEGIN=&APDU=SEID%20[ISO7816-REQUEST]&END= Urien Expires June 2019 [Page 23] RACS December 2018 4.2 HTTPS response The RACS response is returned in an XML document. The root element of the document is The optional parameter of the BEGIN header, is the content of the element. Each status line is the content of the element, which includes the following information : - The status header is the content of the element. - The line number is the content of the element. - The other parameters of the status line are the content of the element. The END header is associated to the element End of line, i.e. carriage return (Cr) and line feed (Lf) characters are omitted. As a consequence a RACS response is written as : Optionnal-ID +000 001 other parameters of the RACS response 5 Security Considerations 5.1 Authorization A RACS client MUST be authenticated by an X509 certificate. The GoSE software MUST provide a mean to establish a list of SEIDs that can be accessed from a client whose identity is the CommonName (CN) attribute of its certificate. It MAY allocate a UserID (UID), i.e. an integer index from the certfificate common name. 5.2 Secure Element access The GoSE MUST manage a unique session identifier (SID) for each TLS session. The SID is bound to the client's certificate CommonName (SID(CN)) Urien Expires June 2019 [Page 24] RACS December 2018 A secure element has two states, unlocked and locked. In the locked state the secure element may be only used by the SID that previously locked it. The first authorized command that successfully accesses to a SEID (either POWERON ,RESET, APDU) locks a secure element (SEID) with the current session (SID). The SHUTDOWN command MUST unlock a secure element (SEID). The end of a TLS session MUST unlock all the secure elements locked by the session. 5.3 Applications security policy According to the [ISO7816] standards each Application embedded within a secure element (associated to a SEID) is identified by an AID parameter (16 bytes at the most) The RACS server SHOULD support the following facilities 5.3.1 Users-Table Each CN (the Users-Table primary key) is associated to a list of SEIDs whose access is authorized. 5.3.2 SEID-Table Each AID (the SEID-Table primary key) is associated to a list of CNs whose access is authorized. 5.3.3 APDU-Table For a given AID and an authorized CN, an APDU-Table MAY be available. This table acts as a firewall, which defined a set of forbidden ISO7816 commands. For example this filter could be expressed as a set of the four first bytes of an APDU-Prefix (CLA INS P1 P2) and a four bytes Mask An ISO7816-Request is firewall if: ISO7816-Request AND Mask IsEQUAL to APDU-Prefix Urien Expires June 2019 [Page 25] RACS December 2018 5.4 Overview of the security policy The summary of the security policy is illustrated by the figure 3. CN(uid) /\ TLS-Session / \ / \ sid sid /\ /\ / \ / \ aid aid aid aid /\ / \ / \ APDU APDU Filter Filter Figure 3. Summary of the security policy 6 IANA Considerations This draft does not require any action from IANA. 7 References 7.1 Normative References [TLS 1.0] Dierks, T., C. Allen, "The TLS Protocol Version 1.0", RFC 2246, January 1999 [TLS 1.1] Dierks, T., Rescorla, E., "The Transport Layer Security (TLS) Protocol Version 1.1", RFC 4346, April 2006 [TLS 1.2] Dierks, T., Rescorla, E., "The Transport Layer Security (TLS) Protocol Version 1.1", RFC 5746, August 2008 [ISO7816] ISO 7816, "Cards Identification - Integrated Circuit Cards with Contacts", The International Organization for Standardization (ISO) 7.2 Informative References [REST] Fielding, R., "Architectural Styles and the Design of Network-based Software Architectures", 2000, http://www.ics.uci.edu/~fielding/pubs/dissertation/top.htm [GP] Global Platform Standards, http://www.globalplatform.org [EUROSMART] The EUROSMART association, http://www.eurosmart.com Urien Expires June 2019 [Page 26] RACS December 2018 [PC/SC] The PC/SC workgroup, http://www.pcscworkgroup.com [EMV] EMV Card Personalization Specification, Version 1.1, July 2007 [OPENRACS] https://github.com/purien, open RACS implementation for Win32, Ubuntu, Raspberrypi 8 Authors' Addresses Pascal Urien Telecom ParisTech 23 avenue d'Italie 75013 Paris Phone: NA France Email: Pascal.Urien@telecom-paristech.fr Urien Expires June 2019 [Page 27]