The German BSI has released new versions of their test specifications TR-03105 Part 3. These test specifications covers the protocols in the context of chips used in eID documents. Part 3.2 covers security protocols used in common eMRTDs. This blog post describes the changes of this new version 1.5. The last version was released in 2014 and since this time some changes were necessary.
Beside several editorial changes and maintenance the most important changes of TR-03105 Part 3.2 Version 1.5 are the move of both test suites concerning Chip Authentication to the ICAO test specification part 3 and the new test suite for EF.ATR/INFO. The file EF.ATR/INFO is recommended by ICAO to store the buffer sizes that should be used by the terminal to read the chip content in a performant way. Maintenance includes updating the referenced documents and a consistent wording (e.g. ‘Data Group’ or ‘FID’) in the whole specification.
Certificates are specified now in a more comfortable way similar to the way used in TR-03105 Part 3.3: Certificate Holder Reference (CHR) and Certification Authority Reference (CAR) are now specified in the parameter block in a human-readable way and not in hex as before.
The specified security status – described in chapter 3.2.1 – was updated: A Secure Messaging session SHOULD (instead of MUST in the previous version) be aborted if and only if a secure messaging error occurs.
The list of abbreviations in chapter 1.1 was updated (e.g. FID or SFI) and corrected (e.g. CAR).
Profiles were adapted to handle the optional Basic Access Control (BAC) protocol and the optional file EF.ATR/INFO. Additionally all profiles for Chip Authentication (CA_KAT, CA_ATGA and KeyRef) are deleted or rather moved to ICAO part 3.
Note: TR-03105 Part 3.1 Version 1.2.1 contains a new requirement for test laboratories: “During the certification process the test laboratory must ensure that the features quoted by the applicant in his Implementation Conformance Statement (ICS) are in fact in coincidence with the features supported and accordingly not supported by the chip”.
New test cases in version 1.5
BSI TR-03105 Part 3.2 contains the following new test cases / test units:
- 7816_L_15: Test that the chip rejects an additional BAC run or resets extended access rights after successful PACE run (PACE, CA1, TA1, BAC)
- 7816_L_16: Test that the chip rejects an additional PACE run or resets extended access rights after successful BAC run (BAC, CA1, TA1, PACE)
- LDS_L: Test suite to verify the conformity of file EF.ATR/INFO
Modified test cases in version 1.5
BSI TR-03105 Part 3.2 contains the following modified test cases / test units / certificates:
- DV_Cert_10c: Corrected CHR in certificate
- DV_Cert_10d: Corrected CHR in certificate
- DV_Cert_11b: Corrected CHR in certificate
- 7816_H_xx: Used <Lc> instead of fixed encoded length of command in step 1
- 7816_I and 7816_II: Test suites moved to ICAO Part 3
- 7816_J_12: Accept also ’90 00′ as valid status word in step 1
- 7816_K_1a: Added profile BAC
- 7816_L_13: Added conditional step 10 to verify that access to data group 3 has NOT been granted
- 7816_L_14: Corrected encoding of SELECT command in step 8
- 7816_M_xx: Used <Lc> instead of fixed encoded length of command
- LDS_E: Moved test cases LDS_E_1- LDS_E_4 (Chip Authentication) to ICAO part 3 and renumbering of test cases
It took more than a year to update this test specification in combination with Part 3.3 which handles eIDAS protocols and EACv2 used by eID cards. Several stake holders and members of ‘Deutsches Industrie Forum’ (DIF) commented both versions and at the end this version is a consensus of all participated bodies.