Newer
Older
/*
* @author
*
* @version
* 1.0
* @desc
*
* @remark
*
* @see
*
*/
module TestCodec_Pki {
// Libcommon
import from LibCommon_Time all;
import from LibCommon_VerdictControl all;
import from LibCommon_Sync all;
import from LibCommon_BasicTypesAndValues all;
// LibIts
import from IEEE1609dot2BaseTypes language "ASN.1:1997" all;
import from IEEE1609dot2 language "ASN.1:1997" all;
import from EtsiTs102941BaseTypes language "ASN.1:1997" all;
import from EtsiTs102941TypesEnrolment language "ASN.1:1997" all;
import from EtsiTs102941TypesAuthorization language "ASN.1:1997" all;
import from EtsiTs102941TypesAuthorizationValidation language "ASN.1:1997" all;
import from EtsiTs102941MessagesCa language "ASN.1:1997" all;
import from EtsiTs103097Module language "ASN.1:1997" all;
// LibItsCommon
import from LibItsCommon_TypesAndValues all;
import from LibItsCommon_TypesAndValues all;
import from LibItsCommon_ASN1_NamedNumbers all;
// LibItsSecurity
import from LibItsSecurity_TypesAndValues all;
import from LibItsSecurity_Templates all;
import from LibItsSecurity_Functions all;
import from LibItsSecurity_Pixits all;
// LibItsHttp
import from LibItsHttp_TypesAndValues all;
import from LibItsHttp_Templates all;
import from LibItsHttp_BinaryTemplates all;
import from LibItsHttp_Functions all;
import from LibItsPki_TypesAndValues all;
// TestCodec
import from TestCodec_TestAndSystem all;
testcase tc_encode_inner_ec_response_1() runs on TCType system TCType {
var EtsiTs102941Data v_data;
var bitstring v_response := oct2bit('01810059E6B6C01C2FE2DB06DA5263544D981D02'O);
var integer v_result;
v_data := valueof(m_etsiTs102941Data_inner_ec_response(m_innerEcResponse_ko('59E6B6C01C2FE2DB06DA5263544D981D'O, badcontenttype)));
log("v_data= ", v_data);
v_response := encvalue(v_data);
setverdict(pass);
}
testcase tc_decode_inner_ec_response_1() runs on TCType system TCType {
var bitstring v_response := oct2bit('01810059E6B6C01C2FE2DB06DA5263544D981D02'O);
var EtsiTs102941Data v_data;
var integer v_result;
v_result := decvalue(v_response, v_data);
log("v_data= ", v_data);
setverdict(pass);
}
testcase tc_inner_ec_request_1() runs on TCType system TCType {
var integer v_res := 0;
var EtsiTs103097Certificate v_certificate;
var InnerEcRequest v_innerEcRequest;
var bitstring v_exp_enc_msg := oct2bit('0004544F444F01008083A72B88B6A1ADEEBA7FC18772952F053A81BD18635EE5AB08ED1376C107B5413968831874E3808466A8C0'O);
var bitstring v_enc_msg := oct2bit('8003008100288300000000001874e3808466a8c001018080010e80012482080301ffff0301ffff800125820a0401ffffff0401ffffff800189820a0401ffffff0401ffffff80018a820a0401ffffff0401ffffff80018b820a0401ffffff0401ffffff80018c820a0401ffffff0401ffffff00018d0001600001610001620001630001640001650001660102808083a72b88b6a1adeeba7fc18772952f053a81bd18635ee5ab08ed1376c107b541398080c0290e397381bf7502a0e6a6b271d8e2f18fc8311f591f0528a673ee5169f670e224ac455b5e67eb251cc1467f6ffc6840987c8c8eb9245c22be73322b64ca54'O); // CERT_IUT_A_RCA.oer
var Oct32 v_private_key := 'd79ef1d533b0385463a5d15708e94ff4f0d281cccbef504acd3afbb82dc0499f'O; // CERT_IUT_A_RCA.vkey
// Decode certificate
v_res := decvalue(v_enc_msg, v_certificate);
if (v_res == 0) {
log("Decoded message: ", v_certificate);
v_innerEcRequest := valueof(m_innerEcRequest(
"TODO",
m_publicKeys(
v_certificate.toBeSigned.verifyKeyIndicator.verificationKey,
v_certificate.toBeSigned.encryptionKey
),
m_certificateSubjectAttributes(
v_certificate.toBeSigned.appPermissions,
v_certificate.toBeSigned.validityPeriod,
v_certificate.toBeSigned.region,
v_certificate.toBeSigned.assuranceLevel
)));
v_enc_msg := encvalue(v_innerEcRequest);
log("Encoded message: ", bit2oct(v_enc_msg));
if (not isbound(v_enc_msg)) {
setverdict(fail, "Encoding InnerEcRequest failed!");
if (not match(v_enc_msg, v_exp_enc_msg)) {
log("Expected message: ", bit2oct(valueof(v_exp_enc_msg)));
setverdict(fail, "Encoding InnerEcRequest failed, not the expected result!");
v_res := decvalue(v_exp_enc_msg, v_exp_innerEcReq);
if (v_res == 0) {
log("Decoded message: ", v_certificate);
setverdict(pass, "Decoded succeed");
if (not match(v_innerEcRequest, v_exp_innerEcReq)) {
log("Expected message: ", bit2oct(valueof(v_exp_enc_msg)));
setverdict(fail, "Encoding failed, not the expected result!");
stop;
}
} else {
setverdict(fail, "Decoding failed");
testcase tc_inner_ec_request_2() runs on TCType system TCType {
var Oct32 v_private_key;
var Oct32 v_publicKeyX;
var Oct32 v_publicKeyY;
var Oct32 v_publicKeyCompressed;
var integer v_compressedMode;
var InnerEcRequest v_inner_ec_request;
var Ieee1609Dot2Data v_inner_ec_request_signed_for_pop;
var bitstring v_inner_ec_request_signed_for_pop_msg;
var EtsiTs102941Data v_dec_inner_ec_request_signed_for_pop;
var InnerEcRequest v_dec_inner_ec_request;
var bitstring v_dec_inner_ec_request_msg;
var bitstring v_tbs;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Ieee1609Dot2Data v_dec_ieee1609dot2_encrypted_and_signed_data;
var Ieee1609Dot2Data v_dec_ieee1609dot2_signed_data;
var bitstring v_ieee1609dot2_signed_and_encrypted_data_msg;
var Oct16 v_aes_sym_key;
var Oct16 v_encrypted_sym_key;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var integer v_result;
if (not(PICS_SEC_FIXED_KEYS)) {
setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
stop;
}
// Generate InnerEcRequest
if (f_generate_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_inner_ec_request) == false) {
setverdict(fail, "Failed to generate InnerEcRequest message");
stop;
}
// Generate InnerEcRequestSignedForPoP
if (f_generate_inner_ec_request_signed_for_pop(v_private_key, v_inner_ec_request, v_inner_ec_request_signed_for_pop) == false) {
setverdict(fail, "Failed to setup InnerEcRequestSignedForPoP message");
stop;
}
// Secure InnerEcRequestSignedForPoP message
v_inner_ec_request_signed_for_pop_msg := encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop));
if (f_build_pki_secured_message(v_private_key, valueof(m_signerIdentifier_self), int2oct(0, 8), v_publicKeyCompressed, v_compressedMode, ''O, bit2oct(v_inner_ec_request_signed_for_pop_msg), v_ieee1609dot2_signed_and_encrypted_data, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_request_hash) == false) {
setverdict(fail, "Failed to secure InnerEcRequest message");
stop;
}
// Encode it
log("To be encoded message: ", v_ieee1609dot2_signed_and_encrypted_data);
v_ieee1609dot2_signed_and_encrypted_data_msg := encvalue(v_ieee1609dot2_signed_and_encrypted_data);
log("Encoded message: ", v_ieee1609dot2_signed_and_encrypted_data_msg);
setverdict(pass, "Encoded succeed");
// Decode encrypted InnerEcRequest
v_result := decvalue(v_ieee1609dot2_signed_and_encrypted_data_msg, v_dec_ieee1609dot2_encrypted_and_signed_data);
log("Decoded message: ", v_dec_ieee1609dot2_encrypted_and_signed_data);
if (match(v_dec_ieee1609dot2_encrypted_and_signed_data, v_ieee1609dot2_signed_and_encrypted_data)) {
setverdict(pass, "Decoded match succeed");
} else {
setverdict(fail, "Decoded match failed");
stop;
}
} else {
setverdict(fail, "Decoding failed");
stop;
}
// Decrypt InnerEcRequest
f_decrypt(v_private_key, v_dec_ieee1609dot2_encrypted_and_signed_data, ''O, v_dec_ieee1609dot2_signed_data);
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
log("v_dec_ieee1609dot2_signed_data= ", v_dec_ieee1609dot2_signed_data);
// Verify signature
v_tbs := encvalue(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData);
if (fx_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_tbs),
int2oct(0, 32),
v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
v_publicKeyCompressed,
v_compressedMode) == true) {
setverdict(pass, "Check signature succeed");
} else {
setverdict(fail, "Check signature failed");
stop;
}
// Extract InnerEcRequestSignedForPop
v_dec_inner_ec_request_msg := oct2bit(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData);
v_result := decvalue(v_dec_inner_ec_request_msg, v_dec_inner_ec_request_signed_for_pop);
if (v_result == 0) {
log("Decoded InnerEcRequestSignedForPop: ", v_dec_inner_ec_request_signed_for_pop);
setverdict(pass, "Decoded succeed");
} else {
setverdict(fail, "Decoding failed");
stop;
}
// Extract InnerEcRequest
log("v_dec_inner_ec_request_signed_for_pop.content.enrolmentRequest= ", v_dec_inner_ec_request_signed_for_pop.content.enrolmentRequest);
v_dec_inner_ec_request_msg := oct2bit(v_dec_inner_ec_request_signed_for_pop.content.enrolmentRequest.content.signedData.tbsData.payload.data.content.unsecuredData);
v_result := decvalue(v_dec_inner_ec_request_msg, v_dec_inner_ec_request);
if (v_result == 0) {
log("Decode InnerEcRequest: ", v_dec_inner_ec_request);
setverdict(pass, "Decoded succeed");
if (match(v_dec_inner_ec_request, v_inner_ec_request)) {
setverdict(pass, "Decoded match succeed");
} else {
setverdict(fail, "Decoded match failed");
stop;
}
} else {
setverdict(fail, "Decoding failed");
stop;
}
} // End of testcase tc_inner_ec_request_2
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
testcase tc_inner_ec_request_3() runs on TCType system TCType {
var Ieee1609Dot2Data v_inner_ec_request_signed_for_pop := {
protocolVersion := 3,
content := {
signedData := {
hashId := sha256,
tbsData := {
payload := {
data := {
protocolVersion := 3,
content := {
unsecuredData := '018003810040038081830040314234434131323130313233414539303042424536433345424145374538374441323044424441423145374232454330363931433531433130323139303041410100808271C23BCD74028A92B10E77BE7D935CAB8AEDEBDFE95922AE587400C378E818247C831C1439A686000183010280000C800022C001018002026F810201C04002026F000001677DBBEBD782808015BA000FF44CAF5E68181E19E3C3085FD622AD974E79830137D95EF3731D543B4455305E244EFEDDB80B6A55B05DB67FAC782A1A75B11827154A9601BC03924A'O
}
},
extDataHash := omit
},
headerInfo := {
psid := 623,
generationTime := 1544002726922,
expiryTime := omit,
generationLocation := omit,
p2pcdLearningRequest := omit,
missingCrlIdentifier := omit,
encryptionKey := omit,
inlineP2pcdRequest := omit,
requestedCertificate := omit
}
},
signer := {
self_ := NULL
},
signature_ := {
ecdsaNistP256Signature := {
rSig := {
x_only := '6694E7A01F23A569FE9C896BF4BDACE52C9972AB503FB30A41E55F33CC8156D6'O
},
sSig := 'A09D9D14346781B109B932FBCF9EB034299878C84F4D837BD583837DA831453D'O
}
}
}
}
};
var bitstring v_enc_message;
var Oct32 v_full_request_hash;
var Oct32 v_expected_full_request_hash := 'C36CDB7D587E5DCE2706E874DB8DCC441445E3AAE84C25CA0CEBCFC518542BFD'O;
var Oct16 v_expected_request_hash := 'C36CDB7D587E5DCE2706E874DB8DCC44'O;
v_enc_message := encvalue(v_inner_ec_request_signed_for_pop);
v_full_request_hash := f_hashWithSha256(bit2oct(v_enc_message));
log("v_full_request_hash= ", v_full_request_hash);
if (not(match(v_full_request_hash, v_expected_full_request_hash))) {
setverdict(fail, "Unexpected SHA256 value");
stop;
} else {
setverdict(pass, "Expected SHA256 value");
}
log("request_hash= ", substr(v_full_request_hash, 0 ,16));
if (not(match(substr(v_full_request_hash, 0 ,16), v_expected_request_hash))) {
setverdict(fail, "Unexpected hash request value");
} else {
setverdict(pass, "Expected hash request value");
}
testcase tc_inner_ec_response_1() runs on TCType system TCType {
var Oct32 v_private_key;
var Oct32 v_publicKeyX;
var Oct32 v_publicKeyY;
var Oct32 v_publicKeyCompressed;
var integer v_compressedMode;
var EccP256CurvePoint v_eccPoint;
var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof(m_appPermissions(36, { bitmapSsp := '830001'O })),
valueof(m_appPermissions(37, { bitmapSsp := '830001'O }))
};
var octetstring v_inner_ec_request := '000E43616E6F6E6963616C4974734964018080827029A9B20D22AE37B1344B7FCC2322C8F1E5ECE09C39CC289E500A9487298B9B0080827029A9B20D22AE37B1344B7FCC2322C8F1E5ECE09C39CC289E500A9487298B9B7C83010A8F1C86000A83010280000C800022C00102800124810403830001800125810403830001'O;
var template (value) EtsiTs103097Certificate v_cert;
var bitstring v_tbs;
var Oct32 v_sig;
var bitstring v_enc_msg;
var integer v_res := 0;
var InnerEcResponse v_innerEcResponse;
if (not(PICS_SEC_FIXED_KEYS)) {
setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
f_generate_key_pair_nistp256(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode);
// Build certificate based on keys
if (v_compressedMode == 0) {
v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_0(v_publicKeyCompressed));
v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_1(v_publicKeyCompressed));
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
v_cert := m_etsiTs103097Certificate(
m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(f_hashWithSha256('616263'O))),
m_toBeSignedCertificate_at(
v_appPermissions,
m_verificationKeyIndicator_verificationKey(
m_publicVerificationKey_ecdsaNistP256(
v_eccPoint
)),
m_validityPeriod(
17469212,
m_duration_years(10)
),
m_geographicRegion_identifiedRegion(
{
m_identifiedRegion_country_only(12),
m_identifiedRegion_country_only(34)
}
)
)
);
// Encode it ==> Get octetstring
log("Encode template ", valueof(v_cert.toBeSigned));
v_tbs := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_tbs), int2oct(11, 32), v_private_key);
v_cert.signature_ := m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_sig, 0, 32)
),
substr(v_sig, 32, 32)
)
);
log("v_cert= ", v_cert);
// Create InnerEcResponse message
f_generate_inner_ec_response(
f_hashWithSha256(v_inner_ec_request),
valueof(v_cert),
v_innerEcResponse
);
// Encode InnerEcResponse template
log("Encode template ", v_innerEcResponse);
v_enc_msg := encvalue(v_innerEcResponse);
log("Encoded message: ", bit2oct(v_enc_msg));
// Check result
if (not isbound(v_enc_msg)) {
setverdict(fail, "Encoding failed!");
stop;
}
setverdict(pass, "Encoding passed.");
} // End of testcase tc_inner_ec_response_1
testcase tc_inner_ec_response_2() runs on TCType system TCType {
var Oct32 v_private_key;
var Oct32 v_publicKeyX;
var Oct32 v_publicKeyY;
var Oct32 v_publicKeyCompressed;
var integer v_compressedMode;
var EccP256CurvePoint v_eccPoint;
var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof(m_appPermissions(36, { bitmapSsp := '830001'O })),
valueof(m_appPermissions(37, { bitmapSsp := '830001'O }))
};
var template (value) EtsiTs103097Certificate v_cert;
var EtsiTs103097Certificate v_cert_ts_a_ea;
var EtsiTs103097Certificate v_cert_iut_a_ea;
var Oct32 v_private_key_cert_ts_a_ea;
var Oct32 v_private_key_cert_iut_a_ea;
var Oct32 v_private_enc_key_cert_ts_a_ea;
var Oct32 v_private_enc_key_cert_iut_a_ea;
var Oct8 v_hashed_id8_cert_ts_a_ea;
var Oct8 v_hashed_id8_cert_iut_a_ea;
var Oct32 v_whole_hash_cert_ts_a_ea;
var Oct32 v_whole_hash_cert_iut_a_ea;
var bitstring v_tbs;
var Oct32 v_sig;
var bitstring v_enc_msg;
var HashedId8 v_hashedid8_ea_certificate;
var InnerEcResponse v_inner_ec_response;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var bitstring v_ieee1609dot2_signed_and_encrypted_data_msg;
var Oct16 v_aes_sym_key;
var Oct16 v_encrypted_sym_key;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var Ieee1609Dot2Data v_dec_ieee1609dot2_encrypted_and_signed_data;
var Ieee1609Dot2Data v_dec_ieee1609dot2_signed_data;
var bitstring v_dec_inner_ec_response_msg;
var EtsiTs102941Data v_dec_inner_ec_response;
var boolean v_ret;
if (not(PICS_SEC_FIXED_KEYS)) {
setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
stop;
}
f_loadCertificates(PX_IUT_SEC_CONFIG_NAME);
f_readCertificate("CERT_TS_A_EA", v_cert_ts_a_ea);
f_readCertificate("CERT_IUT_A_EA", v_cert_iut_a_ea);
f_readSigningKey("CERT_TS_A_EA", v_private_key_cert_ts_a_ea);
f_readSigningKey("CERT_IUT_A_EA", v_private_key_cert_iut_a_ea);
f_readEncryptingKey("CERT_TS_A_EA", v_private_enc_key_cert_ts_a_ea);
f_readEncryptingKey("CERT_IUT_A_EA", v_private_enc_key_cert_iut_a_ea);
f_getCertificateDigest("CERT_TS_A_EA", v_hashed_id8_cert_ts_a_ea);
f_getCertificateDigest("CERT_IUT_A_EA", v_hashed_id8_cert_iut_a_ea);
f_getCertificateHash("CERT_TS_A_EA", v_whole_hash_cert_ts_a_ea);
f_getCertificateHash("CERT_IUT_A_EA", v_whole_hash_cert_iut_a_ea);
f_generate_key_pair_nistp256(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode);
// Build the EA certificate based on keys
if (v_compressedMode == 0) {
v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_0(v_publicKeyCompressed));
v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_1(v_publicKeyCompressed));
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
v_cert := m_etsiTs103097Certificate(
m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(f_hashWithSha256('616263'O))),
m_toBeSignedCertificate_at(
v_appPermissions,
m_verificationKeyIndicator_verificationKey(
m_publicVerificationKey_ecdsaNistP256(
v_eccPoint
)),
m_validityPeriod(
17469212,
m_duration_years(10)
),
m_geographicRegion_identifiedRegion(
{
m_identifiedRegion_country_only(12),
m_identifiedRegion_country_only(34)
}
)
)
);
// Encode it ==> Get octetstring
log("Encode template ", valueof(v_cert.toBeSigned));
v_tbs := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_tbs), int2oct(11, 32), v_private_key);
v_cert.signature_ := m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_sig, 0, 32)
),
substr(v_sig, 32, 32)
)
);
log("v_cert= ", v_cert);
// Calculate the whole-hashedid8 of the EA certificate
v_tbs := encvalue(v_cert);
v_hashedid8_ea_certificate := f_HashedId8FromSha256(f_hashWithSha256(bit2oct(v_tbs)));
log("whole-v_hashedid8_ea_certificate= ", v_hashedid8_ea_certificate);
// Create InnerEcResponse message
f_generate_inner_ec_response(
'DF0185451707BD702C957AB8B8AF827A6FBFBA7777723DDCA40CF6F58DAEA4E4'O,
valueof(v_cert),
v_inner_ec_response
);
// Build secured PKI message
v_enc_msg := encvalue(m_etsiTs102941Data_inner_ec_response(v_inner_ec_response));
if (ischosen(v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0)) {
v_ret := f_build_pki_secured_message(v_private_key_cert_iut_a_ea, valueof(m_signerIdentifier_digest(v_hashed_id8_cert_iut_a_ea)), int2oct(0, 8), v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0, 0, ''O, bit2oct(v_enc_msg), v_ieee1609dot2_signed_and_encrypted_data, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_request_hash);
} else {
v_ret := f_build_pki_secured_message(v_private_key_cert_iut_a_ea, valueof(m_signerIdentifier_digest(v_hashed_id8_cert_iut_a_ea)), int2oct(0, 8), v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1, 1, ''O, bit2oct(v_enc_msg), v_ieee1609dot2_signed_and_encrypted_data, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_request_hash);
}
if (v_ret == false) {
setverdict(fail, "Failed to secure InnerEcResponse message");
// Encode it
log("To be encoded message: ", v_ieee1609dot2_signed_and_encrypted_data);
v_ieee1609dot2_signed_and_encrypted_data_msg := encvalue(v_ieee1609dot2_signed_and_encrypted_data);
log("Encoded message: ", v_ieee1609dot2_signed_and_encrypted_data_msg);
setverdict(pass, "Encoded succeed");
v_result := decvalue(v_ieee1609dot2_signed_and_encrypted_data_msg, v_dec_ieee1609dot2_encrypted_and_signed_data);
log("Decoded message: ", v_dec_ieee1609dot2_encrypted_and_signed_data);
if (match(v_dec_ieee1609dot2_encrypted_and_signed_data, v_ieee1609dot2_signed_and_encrypted_data)) {
setverdict(pass, "Decoded match succeed");
} else {
setverdict(fail, "Decoded match failed");
stop;
}
} else {
setverdict(fail, "Decoding failed");
stop;
}
f_decrypt(v_private_enc_key_cert_ts_a_ea, v_dec_ieee1609dot2_encrypted_and_signed_data, ''O, v_dec_ieee1609dot2_signed_data);
log("v_dec_ieee1609dot2_signed_data= ", v_dec_ieee1609dot2_signed_data);
// Verify signature
v_tbs := encvalue(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData);
if (ischosen(v_cert_iut_a_ea.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0)) {
v_ret := f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_tbs),
v_whole_hash_cert_iut_a_ea,
v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
v_cert_iut_a_ea.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0,
0);
} else {
v_ret := f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_tbs),
v_whole_hash_cert_iut_a_ea,
v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
v_cert_iut_a_ea.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_1,
1);
}
if (v_ret == true) {
setverdict(pass, "Check signature succeed");
} else {
setverdict(fail, "Check signature failed");
stop;
}
// Extract InnerEcResponse
v_dec_inner_ec_response_msg := oct2bit(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData);
v_result := decvalue(v_dec_inner_ec_response_msg, v_dec_inner_ec_response);
if (v_result == 0) {
log("Decoded InnerEcResponse: ", v_dec_inner_ec_response);
setverdict(pass, "Decoded succeed");
if (match(v_dec_inner_ec_response.content.enrolmentResponse, v_inner_ec_response)) {
setverdict(pass, "Decoded match succeed");
// Extract the new EA certificate
v_cert := v_dec_inner_ec_response.content.enrolmentResponse.certificate;
// Check signature
v_tbs := encvalue(v_cert.toBeSigned);
if (f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_tbs),
int2oct(11, 32),
valueof(v_cert.signature_.ecdsaNistP256Signature.rSig.x_only) & valueof(v_cert.signature_.ecdsaNistP256Signature.sSig),
v_publicKeyCompressed,
v_compressedMode) == true) {
setverdict(pass, "Check signature succeed");
} else {
setverdict(fail, "Check signature failed");
stop;
}
} else {
setverdict(fail, "Decoded match failed");
stop;
}
} else {
setverdict(fail, "Decoding failed");
stop;
}
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
testcase tc_inner_ec_response_3() runs on TCType system TCType {
var Oct32 v_private_key;
var Oct32 v_publicKeyX;
var Oct32 v_publicKeyY;
var Oct32 v_publicKeyCompressed;
var integer v_compressedMode;
var EccP256CurvePoint v_eccPoint;
var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof(m_appPermissions(36, { bitmapSsp := '830001'O })),
valueof(m_appPermissions(37, { bitmapSsp := '830001'O }))
};
var template (value) EtsiTs103097Certificate v_cert;
var EtsiTs103097Certificate v_cert_ts_a_ea;
var EtsiTs103097Certificate v_cert_iut_a_ea;
var Oct32 v_private_key_cert_ts_a_ea;
var Oct32 v_private_key_cert_iut_a_ea;
var Oct32 v_private_enc_key_cert_ts_a_ea;
var Oct32 v_private_enc_key_cert_iut_a_ea;
var Oct8 v_hashed_id8_cert_ts_a_ea;
var Oct8 v_hashed_id8_cert_iut_a_ea;
var Oct32 v_whole_hash_cert_ts_a_ea;
var Oct32 v_whole_hash_cert_iut_a_ea;
var bitstring v_tbs;
var Oct32 v_sig;
var bitstring v_enc_msg;
var HashedId8 v_hashedid8_ea_certificate;
var AuthorizationValidationResponse v_authorization_validation_response;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var bitstring v_ieee1609dot2_signed_and_encrypted_data_msg;
var Ieee1609Dot2Data v_dec_ieee1609dot2_encrypted_and_signed_data;
var Oct16 v_aes_sym_key;
var Oct16 v_encrypted_sym_key;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
var Ieee1609Dot2Data v_dec_ieee1609dot2_signed_data;
var bitstring v_dec_authorization_validation_response_msg;
var EtsiTs102941Data v_dec_authorization_validation_response;
var boolean v_ret;
var integer v_result;
if (not(PICS_SEC_FIXED_KEYS)) {
setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
stop;
}
f_loadCertificates(PX_IUT_SEC_CONFIG_NAME);
f_readCertificate("CERT_TS_A_EA", v_cert_ts_a_ea);
f_readCertificate("CERT_IUT_A_EA", v_cert_iut_a_ea);
f_readSigningKey("CERT_TS_A_EA", v_private_key_cert_ts_a_ea);
f_readSigningKey("CERT_IUT_A_EA", v_private_key_cert_iut_a_ea);
f_readEncryptingKey("CERT_TS_A_EA", v_private_enc_key_cert_ts_a_ea);
f_readEncryptingKey("CERT_IUT_A_EA", v_private_enc_key_cert_iut_a_ea);
f_getCertificateDigest("CERT_TS_A_EA", v_hashed_id8_cert_ts_a_ea);
f_getCertificateDigest("CERT_IUT_A_EA", v_hashed_id8_cert_iut_a_ea);
f_getCertificateHash("CERT_TS_A_EA", v_whole_hash_cert_ts_a_ea);
f_getCertificateHash("CERT_IUT_A_EA", v_whole_hash_cert_iut_a_ea);
f_generate_key_pair_nistp256(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode);
// Build the EA certificate based on keys
if (v_compressedMode == 0) {
v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_0(v_publicKeyCompressed));
} else {
v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_1(v_publicKeyCompressed));
}
v_cert := m_etsiTs103097Certificate(
m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(f_hashWithSha256('616263'O))),
m_toBeSignedCertificate_at(
v_appPermissions,
m_verificationKeyIndicator_verificationKey(
m_publicVerificationKey_ecdsaNistP256(
v_eccPoint
)),
m_validityPeriod(
17469212,
m_duration_years(10)
),
m_geographicRegion_identifiedRegion(
{
m_identifiedRegion_country_only(12),
m_identifiedRegion_country_only(34)
}
)
)
);
// Encode it ==> Get octetstring
log("Encode template ", valueof(v_cert.toBeSigned));
v_tbs := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_tbs), int2oct(11, 32), v_private_key);
v_cert.signature_ := m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_sig, 0, 32)
),
substr(v_sig, 32, 32)
)
);
log("v_cert= ", v_cert);
// Calculate the whole-hashedid8 of the EA certificate
v_tbs := encvalue(v_cert);
v_hashedid8_ea_certificate := f_HashedId8FromSha256(f_hashWithSha256(bit2oct(v_tbs)));
log("whole-v_hashedid8_ea_certificate= ", v_hashedid8_ea_certificate);
// Create InnerEcResponse message
f_generate_authorization_validation_response(
'DF0185451707BD702C957AB8B8AF827A6FBFBA7777723DDCA40CF6F58DAEA4E4'O,
valueof(
m_certificate_subject_attributes(
v_cert.toBeSigned.appPermissions,
{ { subjectPermissions := { all_ := NULL }, minChainLength := 1, chainLengthRange := 0, eeType := '00000000'B } },
v_cert.toBeSigned.id,
v_cert.toBeSigned.validityPeriod,
v_cert.toBeSigned.region,
v_cert.toBeSigned.assuranceLevel
)
),
v_authorization_validation_response
);
// Build secured PKI message
v_enc_msg := encvalue(m_etsiTs102941Data_authorization_validation_response(v_authorization_validation_response));
if (ischosen(v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0)) {
v_ret := f_build_pki_secured_message(v_private_key_cert_iut_a_ea, valueof(m_signerIdentifier_digest(v_hashed_id8_cert_iut_a_ea)), int2oct(0, 8), v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0, 0, ''O, bit2oct(v_enc_msg), v_ieee1609dot2_signed_and_encrypted_data, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_request_hash);
} else {
v_ret := f_build_pki_secured_message(v_private_key_cert_iut_a_ea, valueof(m_signerIdentifier_digest(v_hashed_id8_cert_iut_a_ea)), int2oct(0, 8), v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1, 1, ''O, bit2oct(v_enc_msg), v_ieee1609dot2_signed_and_encrypted_data, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_request_hash);
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
}
if (v_ret == false) {
setverdict(fail, "Failed to secure InnerEcResponse message");
stop;
}
// Encode it
log("To be encoded message: ", v_ieee1609dot2_signed_and_encrypted_data);
v_ieee1609dot2_signed_and_encrypted_data_msg := encvalue(v_ieee1609dot2_signed_and_encrypted_data);
log("Encoded message: ", v_ieee1609dot2_signed_and_encrypted_data_msg);
setverdict(pass, "Encoded succeed");
// Decode encrypted InnerEcResponse
v_result := decvalue(v_ieee1609dot2_signed_and_encrypted_data_msg, v_dec_ieee1609dot2_encrypted_and_signed_data);
if (v_result == 0) {
log("Decoded message: ", v_dec_ieee1609dot2_encrypted_and_signed_data);
setverdict(pass, "Decoded succeed");
if (match(v_dec_ieee1609dot2_encrypted_and_signed_data, v_ieee1609dot2_signed_and_encrypted_data)) {
setverdict(pass, "Decoded match succeed");
} else {
setverdict(fail, "Decoded match failed");
stop;
}
} else {
setverdict(fail, "Decoding failed");
stop;
}
// Decrypt InnerEcResponse
f_decrypt(v_private_enc_key_cert_ts_a_ea, v_dec_ieee1609dot2_encrypted_and_signed_data, ''O, v_dec_ieee1609dot2_signed_data);
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
log("v_dec_ieee1609dot2_signed_data= ", v_dec_ieee1609dot2_signed_data);
// Verify signature
v_tbs := encvalue(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData);
if (ischosen(v_cert_iut_a_ea.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0)) {
v_ret := f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_tbs),
v_whole_hash_cert_iut_a_ea,
v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
v_cert_iut_a_ea.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0,
0);
} else {
v_ret := f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_tbs),
v_whole_hash_cert_iut_a_ea,
v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
v_cert_iut_a_ea.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_1,
1);
}
if (v_ret == true) {
setverdict(pass, "Check signature succeed");
} else {
setverdict(fail, "Check signature failed");
stop;
}
// Extract AuthorizationValidationResponse
v_dec_authorization_validation_response_msg := oct2bit(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData);
v_result := decvalue(v_dec_authorization_validation_response_msg, v_dec_authorization_validation_response);
if (v_result == 0) {
log("Decoded authorization_validation_response: ", v_dec_authorization_validation_response);
setverdict(pass, "Decoded succeed");
if (match(v_dec_authorization_validation_response.content.authorizationValidationResponse, v_authorization_validation_response)) {
setverdict(pass, "Decoded match succeed");
} else {
setverdict(fail, "Decoded match failed");
stop;
}
} else {
setverdict(fail, "Decoding failed");
stop;
}
} // End of testcase tc_inner_ec_response_3
testcase tc_inner_ec_functions_1() runs on TCType system TCType {
var Oct32 v_private_key;
var Oct32 v_publicKeyCompressed;
var integer v_compressedMode;
var InnerEcRequest v_inner_ec_request;
var boolean v_ret := false;
if (not(PICS_SEC_FIXED_KEYS)) {
setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
stop;
}
f_loadCertificates(PX_IUT_SEC_CONFIG_NAME);
v_ret := f_generate_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_inner_ec_request);
if (v_ret == true) {
setverdict(pass);
} else {
setverdict(fail);
}
} // End of testcase tc_inner_ec_functions_1
testcase tc_inner_ec_functions_2() runs on TCType system TCType {
var Oct32 v_private_key;
var Oct32 v_publicKeyX;
var Oct32 v_publicKeyY;
var Oct32 v_publicKeyCompressed;
var integer v_compressedMode;
var EccP256CurvePoint v_eccPoint;
var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof(m_appPermissions(36, { bitmapSsp := '830001'O })),
valueof(m_appPermissions(37, { bitmapSsp := '830001'O }))
};
var template (value) EtsiTs103097Certificate v_cert;
var EtsiTs103097Certificate v_cert_ts_a_ea;
var EtsiTs103097Certificate v_cert_iut_a_ea;
var Oct32 v_private_key_cert_ts_a_ea;
var Oct32 v_private_key_cert_iut_a_ea;
var Oct32 v_private_enc_key_cert_ts_a_ea;
var Oct32 v_private_enc_key_cert_iut_a_ea;
var Oct8 v_hashed_id8_cert_ts_a_ea;
var Oct8 v_hashed_id8_cert_iut_a_ea;
var Oct32 v_whole_hash_cert_ts_a_ea;
var Oct32 v_whole_hash_cert_iut_a_ea;
var InnerEcRequest v_inner_ec_request;
var boolean v_ret := false;
if (not(PICS_SEC_FIXED_KEYS)) {
setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
stop;
}
f_loadCertificates(PX_IUT_SEC_CONFIG_NAME);
f_readCertificate("CERT_TS_A_EA", v_cert_ts_a_ea);
f_readCertificate("CERT_IUT_A_EA", v_cert_iut_a_ea);
f_readSigningKey("CERT_TS_A_EA", v_private_key_cert_ts_a_ea);
f_readSigningKey("CERT_IUT_A_EA", v_private_key_cert_iut_a_ea);
f_readEncryptingKey("CERT_TS_A_EA", v_private_enc_key_cert_ts_a_ea);
f_readEncryptingKey("CERT_IUT_A_EA", v_private_enc_key_cert_iut_a_ea);
f_getCertificateDigest("CERT_TS_A_EA", v_hashed_id8_cert_ts_a_ea);
f_getCertificateDigest("CERT_IUT_A_EA", v_hashed_id8_cert_iut_a_ea);
f_getCertificateHash("CERT_TS_A_EA", v_whole_hash_cert_ts_a_ea);
f_getCertificateHash("CERT_IUT_A_EA", v_whole_hash_cert_iut_a_ea);
v_ret := f_generate_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_inner_ec_request);
if (v_ret == true) {
setverdict(pass);
} else {
v_ret := f_generate_ec_certificate(v_private_key, v_inner_ec_request, v_ec_certificate);
if (v_ret == true) {
setverdict(pass);
} else {
setverdict(fail, "f_generate_ec_certificate");
stop;
}
} // End of testcase tc_inner_ec_functions_2
testcase tc_inner_ec_functions_3() runs on TCType system TCType {
var Oct32 v_private_key;
var Oct32 v_publicKeyX;
var Oct32 v_publicKeyY;
var Oct32 v_publicKeyCompressed;
var Oct32 v_private_enc_key;
var Oct32 v_publicEncKeyCompressed;
var integer v_compressedMode;
var EccP256CurvePoint v_eccPoint;
var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof(m_appPermissions(36, { bitmapSsp := '830001'O })),
valueof(m_appPermissions(37, { bitmapSsp := '830001'O }))
};
var template (value) EtsiTs103097Certificate v_cert;
var EtsiTs103097Certificate v_cert_ts_a_ea;
var EtsiTs103097Certificate v_cert_iut_a_ea;
var Oct32 v_private_key_cert_ts_a_ea;
var Oct32 v_private_key_cert_iut_a_ea;
var Oct32 v_private_enc_key_cert_ts_a_ea;
var Oct32 v_private_enc_key_cert_iut_a_ea;
var Oct8 v_hashed_id8_cert_ts_a_ea;
var Oct8 v_hashed_id8_cert_iut_a_ea;
var Oct32 v_whole_hash_cert_ts_a_ea;
var Oct32 v_whole_hash_cert_iut_a_ea;
var InnerEcRequest v_inner_ec_request;
var Certificate v_ec_certificate;
var InnerAtRequest v_inner_at_request;
var Ieee1609Dot2Data v_inner_at_request_data;
var boolean v_ret := false;
if (not(PICS_SEC_FIXED_KEYS)) {
setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
stop;
}
f_loadCertificates(PX_IUT_SEC_CONFIG_NAME);
f_readCertificate("CERT_TS_A_EA", v_cert_ts_a_ea);
f_readCertificate("CERT_IUT_A_EA", v_cert_iut_a_ea);
f_readSigningKey("CERT_TS_A_EA", v_private_key_cert_ts_a_ea);
f_readSigningKey("CERT_IUT_A_EA", v_private_key_cert_iut_a_ea);
f_readEncryptingKey("CERT_TS_A_EA", v_private_enc_key_cert_ts_a_ea);
f_readEncryptingKey("CERT_IUT_A_EA", v_private_enc_key_cert_iut_a_ea);
f_getCertificateDigest("CERT_TS_A_EA", v_hashed_id8_cert_ts_a_ea);
f_getCertificateDigest("CERT_IUT_A_EA", v_hashed_id8_cert_iut_a_ea);
f_getCertificateHash("CERT_TS_A_EA", v_whole_hash_cert_ts_a_ea);
f_getCertificateHash("CERT_IUT_A_EA", v_whole_hash_cert_iut_a_ea);
v_ret := f_generate_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_inner_ec_request);
if (v_ret == true) {
setverdict(pass);
} else {
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
v_ret := f_generate_ec_certificate(v_private_key, v_inner_ec_request, v_ec_certificate);
if (v_ret == true) {
setverdict(pass);
} else {
setverdict(fail, "f_generate_ec_certificate");
stop;
}
v_ret := f_generate_inner_at_request(v_ec_certificate, v_private_key, v_cert_iut_a_ea, v_hashed_id8_cert_iut_a_ea, true, v_private_enc_key, v_publicEncKeyCompressed, v_compressedMode, v_inner_at_request, v_inner_at_request_data);
if (v_ret == true) {
setverdict(pass);
} else {
setverdict(fail, "f_generate_inner_at_request");
stop;
}
} // End of testcase tc_inner_ec_functions_3
testcase tc_inner_ec_functions_4() runs on TCType system TCType {
var Oct32 v_private_key;
var Oct32 v_publicKeyCompressed;
var Oct32 v_private_enc_key;
var Oct32 v_publicEncKeyCompressed;
var integer v_compressedMode;
var EccP256CurvePoint v_eccPoint;
var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof(m_appPermissions(36, { bitmapSsp := '830001'O })),
valueof(m_appPermissions(37, { bitmapSsp := '830001'O }))
};
var template (value) EtsiTs103097Certificate v_cert;
var EtsiTs103097Certificate v_cert_ts_a_ea;
var EtsiTs103097Certificate v_cert_iut_a_ea;
var Oct32 v_private_key_cert_ts_a_ea;
var Oct32 v_private_key_cert_iut_a_ea;
var Oct32 v_private_enc_key_cert_ts_a_ea;
var Oct32 v_private_enc_key_cert_iut_a_ea;
var Oct8 v_hashed_id8_cert_ts_a_ea;
var Oct8 v_hashed_id8_cert_iut_a_ea;
var Oct32 v_whole_hash_cert_ts_a_ea;
var Oct32 v_whole_hash_cert_iut_a_ea;
var AuthorizationValidationRequest v_authorization_validation_request;
var boolean v_ret := false;
if (not(PICS_SEC_FIXED_KEYS)) {
setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
stop;
}
f_loadCertificates(PX_IUT_SEC_CONFIG_NAME);
f_readCertificate("CERT_TS_A_EA", v_cert_ts_a_ea);
f_readCertificate("CERT_IUT_A_EA", v_cert_iut_a_ea);
f_readSigningKey("CERT_TS_A_EA", v_private_key_cert_ts_a_ea);
f_readSigningKey("CERT_IUT_A_EA", v_private_key_cert_iut_a_ea);
f_readEncryptingKey("CERT_TS_A_EA", v_private_enc_key_cert_ts_a_ea);
f_readEncryptingKey("CERT_IUT_A_EA", v_private_enc_key_cert_iut_a_ea);
f_getCertificateDigest("CERT_TS_A_EA", v_hashed_id8_cert_ts_a_ea);
f_getCertificateDigest("CERT_IUT_A_EA", v_hashed_id8_cert_iut_a_ea);
f_getCertificateHash("CERT_TS_A_EA", v_whole_hash_cert_ts_a_ea);