Newer
Older
/*
* @author
*
* @version
* 1.0
* @desc
*
* @remark
*
* @see
*
*/
module TestCodec_Certificates {
// LibCommon
import from LibCommon_BasicTypesAndValues all;
import from LibCommon_DataStrings all;
// LibIts
import from IEEE1609dot2BaseTypes language "ASN.1:1997" all;
import from IEEE1609dot2 language "ASN.1:1997" all;
import from EtsiTs103097Module language "ASN.1:1997" all;
// LibItsSecurity
import from LibItsSecurity_EncdecDeclarations all;
//import from LibItsSecurity_Templates all;
//import from LibItsSecurity_Pixits all;
// TestCodec
import from TestCodec_TestAndSystem all;
template (omit) EtsiTs103097Certificate m_etsiTs103097Certificate(
in template (value) IssuerIdentifier p_issuer,
in template (value) ToBeSignedCertificate p_toBeSigned,
in template (omit) Signature p_signature_ := omit
) := {
version := 3,
type_ := explicit,
issuer := p_issuer,
toBeSigned := p_toBeSigned,
template (value) IssuerIdentifier m_issuerIdentifier_self(
in template (value) HashAlgorithm p_self
) := {
self_ := p_self
} // End of template m_issuerIdentifier_self
template (value) IssuerIdentifier m_issuerIdentifier_sha256AndDigest(
in template (value) HashedId8 p_sha256AndDigest
) := {
sha256AndDigest := p_sha256AndDigest
} // End of template m_issuerIdentifier_sha256AndDigest
template (value) IssuerIdentifier m_issuerIdentifier_sha384AndDigest(
in template (value) HashedId8 p_sha384AndDigest
) := {
sha384AndDigest := p_sha384AndDigest
} // End of template m_issuerIdentifier_sha384AndDigest
template (omit) ToBeSignedCertificate m_toBeSignedCertificate(
in template (value) CertificateId p_id,
in template (value) HashedId3 p_cracaId,
in template (value) CrlSeries p_crlSeries,
in template (value) SequenceOfPsidSsp p_appPermissions,
in template (value) SequenceOfPsidGroupPermissions p_certIssuePermissions,
in template (value) VerificationKeyIndicator p_verifyKeyIndicator,
in template (omit) SequenceOfPsidGroupPermissions p_certRequestPermissions := omit,
in template (omit) ValidityPeriod p_validityPeriod := omit,
in template (omit) GeographicRegion p_region := omit,
in template (omit) SubjectAssurance p_assuranceLevel := omit,
in template (omit) PublicEncryptionKey p_encryptionKey := omit
) := {
id := p_id,
cracaId := p_cracaId,
crlSeries := p_crlSeries,
validityPeriod := p_validityPeriod,
region := p_region,
assuranceLevel := p_assuranceLevel,
appPermissions := p_appPermissions,
certIssuePermissions := p_certIssuePermissions,
certRequestPermissions := p_certRequestPermissions,
canRequestRollover := omit,
encryptionKey := p_encryptionKey,
verifyKeyIndicator := p_verifyKeyIndicator
} // End of template m_toBeSignedCertificate
template (value) ValidityPeriod m_validity_period(
in Time32 p_start_,
in Duration p_duration
) := {
start_ := p_start_,
duration := p_duration
} // End of template m_validity_period
template (value) GeographicRegion m_geographicRegion_identifiedRegion(
in template (value) SequenceOfIdentifiedRegion p_identifiedRegion
) := {
identifiedRegion := p_identifiedRegion
}
template (value) IdentifiedRegion m_identifiedRegion(
in template (value) CountryOnly p_countryOnly
) := {
countryOnly := p_countryOnly
}
template (omit) PsidSsp m_appPermissions(
in template (value) Psid p_psid,
in template (omit) ServiceSpecificPermissions p_ssp := omit
) := {
psid := p_psid,
ssp := p_ssp
template (value) PsidSspRange m_psidSspRange(
in Psid p_psid,
in template (value) SspRange p_sspRange := m_SspRange_all
) := {
psid := p_psid,
sspRange := p_sspRange
} // End of template m_psidSspRange
template (value) SspRange m_SspRange_all := {
all_ := NULL
} // End of template m_SspRange_all
template (value) SspRange m_SspRange_opaque(
in template (value) SequenceOfOctetString p_opaque
) := {
opaque := p_opaque
} // End of template m_SspRange_opaque
template (value) SspRange m_SspRange_bitmapSspRange(
in template (value) BitmapSspRange p_bitmapSspRange
) := {
bitmapSspRange := p_bitmapSspRange
} // End of template m_SspRange_bitmapSspRange
template (value) PsidGroupPermissions m_psidGroupPermissions(
in template (value) SubjectPermissions p_subjectPermissions,
in integer p_minChainLength := 1,
in integer p_chainLengthRange := 0,
in EndEntityType p_eeType := oct2bit('00'O)
) := {
subjectPermissions := p_subjectPermissions,
minChainLength := p_minChainLength,
chainLengthRange := p_chainLengthRange,
eeType := p_eeType
template (value) SubjectPermissions m_subjectPermissions_explicit(
in SequenceOfPsidSspRange p_certIssuePermissions
) := {
explicit := p_certIssuePermissions
} // End of template m_subjectPermissions_explicit
template (value) SubjectPermissions m_subjectPermissions_all := {
all_ := NULL
} // End of template m_subjectPermissions_all
template (value) VerificationKeyIndicator m_verificationKeyIndicator_verificationKey(
in template (value) PublicVerificationKey p_verificationKey
) := {
verificationKey := p_verificationKey
} // End of template m_verificationKeyIndicator_verificationKey
template (value) VerificationKeyIndicator m_verificationKeyIndicator_reconstructionValue(
in template (value) EccP256CurvePoint p_reconstructionValue
) := {
reconstructionValue := p_reconstructionValue
} // End of template m_verificationKeyIndicator_reconstructionValue
template (value) PublicVerificationKey m_publicVerificationKey_ecdsaNistP256(
in template (value) EccP256CurvePoint p_ecdsaNistP256
) := {
ecdsaNistP256 := p_ecdsaNistP256
} // End of template m_publicVerificationKey_ecdsaNistP256
template (value) EccP256CurvePoint m_eccP256CurvePoint_compressed_y_0(
in Oct32 p_compressed_y_0
) := {
compressed_y_0 := p_compressed_y_0
} // End of template m_eccP256CurvePoint_compressed_y_0
template (value) EccP256CurvePoint m_eccP256CurvePoint_compressed_x_only(
in Oct32 p_x_only
) := {
x_only := p_x_only
} // End of template m_eccP256CurvePoint_compressed_x_only
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
template (value) Signature m_signature_ecdsaNistP256(
in template (value) EcdsaP256Signature p_ecdsaNistP256Signature
) := {
ecdsaNistP256Signature := p_ecdsaNistP256Signature
}
template (value) EcdsaP256Signature m_ecdsaNistP256Signature(
in template (value) EccP256CurvePoint p_rSig,
in template (value) Oct32 p_sSig
) := {
rSig := p_rSig,
sSig := p_sSig
}
template (value) EccP256CurvePoint m_eccP256CurvePoint_compressed_y(
in template (value) Oct32 p_y
) := {
compressed_y_0 := p_y
}
template (value) EccP256CurvePoint m_eccP256CurvePoint_x_y(
in template (value) octetstring p_x,
in template (value) octetstring p_y
) := {
uncompressedP256 := {
x := p_x,
y := p_y
}
}
testcase tc_root_certificate_1() runs on TCType system TCType {
var template (value) EtsiTs103097Certificate v_cert; // ETSI TS 103 097 V1.3.1 Clause 6 Bullet 1
var charstring v_certId := "STF528 Root Certificate";
var HashAlgorithm v_self := sha256; // ETSI TS 103 097 V1.3.1 Clause 7.2.3 Root CA certificates Bullet 1
var HashedId3 v_cracaId := '000000'O; // ETSI TS 103 097 V1.3.1 Clause 6 Bullet 2
var CrlSeries v_crlSeries := 0; // ETSI TS 103 097 V1.3.1 Clause 6 Bullet 3
var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof(m_appPermissions(36, { bitmapSsp := '830001'O })),
valueof(m_appPermissions(37, { bitmapSsp := '830001'O }))
};
var SequenceOfPsidSspRange v_certIssuePermissions := { // ETSI TS 103 097 V1.3.1 Clause 7.2.3 Root CA certificates Bullet 3
valueof(m_psidSspRange(1)) // FIXME What is the content of certIssuePermissions?
};
var SequenceOfPsidSspRange v_certRequestPermissions := { // FIXME Could this componet be present? If yes, What is the content of certIssuePermissions?
valueof(m_psidSspRange(2))
};
var octetstring v_private_key := ''O;
var octetstring v_publicKeyX := ''O;
var octetstring v_publicKeyY := ''O;
var octetstring v_sig := ''O;
var bitstring v_encMsg := ''B;
f_generate_key_pair(v_private_key, v_publicKeyX, v_publicKeyX);
m_subjectPermissions_explicit(
v_certIssuePermissions
))
},
m_verificationKeyIndicator_verificationKey( // FIXME Do we use it? If so what is the content?
m_eccP256CurvePoint_x_y(
v_publicKeyX,
v_publicKeyY
))),
{
m_psidGroupPermissions(
m_subjectPermissions_explicit(
v_certRequestPermissions
))
}
log("Encode template ", valueof(v_cert));
v_encMsg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_encMsg), v_private_key);
v_cert.signature_ := m_signature_ecdsaNistP256(
m_ecdsaNistP256Signature(
m_eccP256CurvePoint_x_y(
v_publicKeyX,
v_publicKeyY
),
v_sig
)
);
// Final certificate
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
testcase tc_certificate_1() runs on TCType system TCType {
var template (value) EtsiTs103097Certificate v_cert;
var charstring v_certId := "vehicle-test.example.com";
var HashAlgorithm v_self := sha256;
var HashedId3 v_cracaId := '5E6F5B'O;
var CrlSeries v_crlSeries := 2;
var octetstring v_private_key := ''O;
var octetstring v_publicKeyX := ''O;
var octetstring v_publicKeyY := ''O;
var HashedId8 v_sha256AndDigest;
var octetstring v_sig := ''O;
var bitstring v_encMsg := ''B;
// Generate Private/Public keys
f_generate_key_pair(v_private_key, v_publicKeyX, v_publicKeyX);
// Store Private key in binary format
//f_save_key(v_private_key);
// Fill Certificate template with the public key
v_cert := m_etsiTs103097Certificate(
m_issuerIdentifier_sha256AndDigest('AF232618BE5E6F55'O),
m_toBeSignedCertificate(
{ name := v_certId },
v_cracaId,
v_crlSeries,
{ valueof(m_appPermissions(35, { bitmapSsp := '830001'O })) },
{
m_psidGroupPermissions(
m_subjectPermissions_all,
2,
0,
oct2bit('C0'O)
),
m_psidGroupPermissions(
m_subjectPermissions_explicit(
{
valueof(m_psidSspRange(35)),
valueof(m_psidSspRange(256))
}
))
},
m_verificationKeyIndicator_verificationKey( // FIXME Do we use it? If so what is the content?
m_publicVerificationKey_ecdsaNistP256(
m_eccP256CurvePoint_compressed_y_0(
'08C3C070B040C040108033070D0501CE0C0A0806017B00F030D203EA04BE0903'O
))),
-,
m_validity_period(
17469212,
{ years := 10 }
),
m_geographicRegion_identifiedRegion(
{
m_identifiedRegion(12),
m_identifiedRegion(34)
}
)
),
m_signature_ecdsaNistP256(
m_ecdsaNistP256Signature(
m_eccP256CurvePoint_compressed_x_only(
'08B2030104020A0D010C0105C0F80BB1460239348D17405C1A845151D4061200'O
),
'2617CF4E6B25097F03F502AD0C6F2F125974700D31A60FD1EF12040E4D8231AB'O
)
)
);
v_encMsg := encvalue(v_cert);
setverdict(pass, "Encoding passed.");
} // End of testcase tc_certificate_1
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
group helpersFunctions {
group signing {
/**
* @desc Produces a 256-bit (32-byte) hash value
* @param p_toBeHashedData Data to be used to calculate the hash value
* @return The hash value
*/
external function fx_hashWithSha256(in octetstring p_toBeHashedData) return Oct32;
/**
* @desc Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signaturee
* @param p_toBeSignedSecuredMessage The data to be signed
* @param p_privateKey The private key
* @return The signature value
*/
external function fx_signWithEcdsaNistp256WithSha256(in octetstring p_toBeSignedSecuredMessage, in octetstring/*UInt64*/ p_privateKey) return octetstring;
/**
* @desc Verify the signature of the specified data
* @param p_toBeVerifiedData The data to be verified
* @param p_signature The signature
* @param p_ecdsaNistp256PublicKeyX The public key (x coordinate)
* @param p_ecdsaNistp256PublicKeyY The public key (y coordinate)
* @return true on success, false otherwise
*/
external function fx_verifyWithEcdsaNistp256WithSha256(in octetstring p_toBeVerifiedData, in octetstring p_signature, in octetstring p_ecdsaNistp256PublicKeyX, in octetstring p_ecdsaNistp256PublicKeyY) return boolean;
/**
* @desc Produce a new public/private key pair based on Elliptic Curve Digital Signature Algorithm (ECDSA) algorithm.
* This function should not be used by the ATS
* @param p_privateKey The new private key value
* @param p_publicKeyX The new public key value (x coordinate)
* @param p_publicKeyX The new public key value (y coordinate)
* @return true on success, false otherwise
*/
external function fx_generateKeyPair(out octetstring/*UInt64*/ p_privateKey, out octetstring p_publicKeyX, out octetstring p_publicKeyY) return boolean;
} // End of group signing
/**
* @desc Produces a 256-bit (32-byte) hash value
* @param p_toBeHashedData Data to be used to calculate the hash value
* @return The hash value
*/
function f_hashWithSha256(
in octetstring p_toBeHashedData
) return Oct32 {
return fx_hashWithSha256(p_toBeHashedData);
} // End of function f_hashWithSha256
/**
* @desc Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signaturee
* @param p_toBeSignedSecuredMessage The data to be signed
* @return The signature value
*/
function f_signWithEcdsaNistp256WithSha256(
in octetstring p_toBeSignedSecuredMessage,
in Oct32 p_privateKey
) return octetstring {
return fx_signWithEcdsaNistp256WithSha256(
p_toBeSignedSecuredMessage,
p_privateKey
);
} // End of function f_signWithEcdsaNistp256WithSha256
/**
* @desc Compute the HashedId8 value from the hash value
* @param p_hash The hash value
* @return The HashedId8 value
* @verdict
*/
function f_HashedId8FromSha256(
in Oct32 p_hash
) return HashedId8 {
return substr(p_hash, lengthof(p_hash) - 8, 8);
} // End of function f_HashedId8FromSha256
/**
* @desc Compute the HashedId3 value from the HashedId8 value
* @param p_hashp_hashedId8 The HashedId8 value
* @return The HashedId3 value
* @verdict Unchanged
*/
function f_HashedId3FromHashedId8(
in HashedId8 p_hashedId8
) return HashedId3 {
return substr(p_hashedId8, lengthof(p_hashedId8) - 3, 3);
} // End of function f_HashedId3FromHashedId8
/**
* @desc Verify the signature of the specified data
* @param p_toBeVerifiedData The data to be verified
* @param p_signature The signature
* @param p_ecdsaNistp256PublicKeyX The public key (x coordinate)
* @param p_ecdsaNistp256PublicKeyY The public key (y coordinate)
* @return true on success, false otherwise
*/
function f_verifyWithEcdsaNistp256WithSha256(
in octetstring p_toBeVerifiedData,
in octetstring p_signature,
in octetstring p_ecdsaNistp256PublicKeyX,
in octetstring p_ecdsaNistp256PublicKeyY
) return boolean {
// log("f_verifyWithEcdsaNistp256WithSha256: toBeVerifiedData", p_toBeVerifiedData);
// log("f_verifyWithEcdsaNistp256WithSha256: toBeVerifiedData length", lengthof(p_toBeVerifiedData));
// log("f_verifyWithEcdsaNistp256WithSha256: signature", p_signature);
// log("f_verifyWithEcdsaNistp256WithSha256: ecdsaNistp256PublicKeyX", p_ecdsaNistp256PublicKeyX);
// log("f_verifyWithEcdsaNistp256WithSha256: ecdsaNistp256PublicKeyY", p_ecdsaNistp256PublicKeyY);
return fx_verifyWithEcdsaNistp256WithSha256(
p_toBeVerifiedData,
p_signature,
p_ecdsaNistp256PublicKeyX,
p_ecdsaNistp256PublicKeyY);
} // End of function f_verifyWithEcdsaNistp256WithSha256
/**
* @desc Produce a new public/private key pair based on Elliptic Curve Digital Signature Algorithm (ECDSA) algorithm.
* This function should not be used by the ATS
* @param p_privateKey The new private key value
* @param p_publicKeyX The new public key value (x coordinate)
* @param p_publicKeyX The new public key value (y coordinate)
* @return true on success, false otherwise
*/
function f_generate_key_pair(
out octetstring p_privateKey,
out octetstring p_publicKeyX,
out octetstring p_publicKeyY
) return boolean {
return fx_generateKeyPair(p_privateKey, p_publicKeyX, p_publicKeyY);
}
}