Newer
Older
/*
* @author
*
* @version
* 1.0
* @desc
*
* @remark
*
* @see
*
*/
module TestCodec_Pki {
// Libcommon
import from LibCommon_Time all;
import from LibCommon_VerdictControl all;
import from LibCommon_Sync all;
import from LibCommon_BasicTypesAndValues all;
// LibIts
import from IEEE1609dot2BaseTypes language "ASN.1:1997" all;
import from IEEE1609dot2 language "ASN.1:1997" all;
import from EtsiTs102941BaseTypes language "ASN.1:1997" all;
import from EtsiTs102941TypesEnrolment language "ASN.1:1997" all;
import from EtsiTs102941TypesAuthorization language "ASN.1:1997" all;
import from EtsiTs102941TypesAuthorizationValidation language "ASN.1:1997" all;
import from EtsiTs102941MessagesCa language "ASN.1:1997" all;
import from EtsiTs103097Module language "ASN.1:1997" all;
// LibItsCommon
import from LibItsCommon_TypesAndValues all;
import from LibItsCommon_TypesAndValues all;
import from LibItsCommon_ASN1_NamedNumbers all;
// LibItsSecurity
import from LibItsSecurity_TypesAndValues all;
import from LibItsSecurity_Templates all;
import from LibItsSecurity_Functions all;
import from LibItsSecurity_Pixits all;
// LibItsHttp
import from LibItsHttp_TypesAndValues all;
import from LibItsHttp_Templates all;
import from LibItsHttp_BinaryTemplates all;
import from LibItsHttp_Functions all;
import from LibItsPki_TypesAndValues all;
// TestCodec
import from TestCodec_TestAndSystem all;
testcase tc_inner_ec_request_1() runs on TCType system TCType {
var integer v_res := 0;
var EtsiTs103097Certificate v_certificate;
var InnerEcRequest v_innerEcRequest;
var bitstring v_exp_enc_msg := oct2bit('0004544F444F01008083A72B88B6A1ADEEBA7FC18772952F053A81BD18635EE5AB08ED1376C107B5413968831874E3808466A8C0'O);
var bitstring v_enc_msg := oct2bit('8003008100288300000000001874e3808466a8c001018080010e80012482080301ffff0301ffff800125820a0401ffffff0401ffffff800189820a0401ffffff0401ffffff80018a820a0401ffffff0401ffffff80018b820a0401ffffff0401ffffff80018c820a0401ffffff0401ffffff00018d0001600001610001620001630001640001650001660102808083a72b88b6a1adeeba7fc18772952f053a81bd18635ee5ab08ed1376c107b541398080c0290e397381bf7502a0e6a6b271d8e2f18fc8311f591f0528a673ee5169f670e224ac455b5e67eb251cc1467f6ffc6840987c8c8eb9245c22be73322b64ca54'O); // CERT_IUT_A_RCA.oer
var Oct32 v_private_key := 'd79ef1d533b0385463a5d15708e94ff4f0d281cccbef504acd3afbb82dc0499f'O; // CERT_IUT_A_RCA.vkey
// Decode certificate
v_res := decvalue(v_enc_msg, v_certificate);
if (v_res == 0) {
log("Decoded message: ", v_certificate);
v_innerEcRequest := valueof(m_innerEcRequest(
"TODO",
m_publicKeys(
v_certificate.toBeSigned.verifyKeyIndicator.verificationKey,
v_certificate.toBeSigned.encryptionKey
),
m_certificateSubjectAttributes(
v_certificate.toBeSigned.appPermissions,
v_certificate.toBeSigned.validityPeriod,
v_certificate.toBeSigned.region,
v_certificate.toBeSigned.assuranceLevel
)));
v_enc_msg := encvalue(v_innerEcRequest);
log("Encoded message: ", bit2oct(v_enc_msg));
if (not isbound(v_enc_msg)) {
setverdict(fail, "Encoding InnerEcRequest failed!");
if (not match(v_enc_msg, v_exp_enc_msg)) {
log("Expected message: ", bit2oct(valueof(v_exp_enc_msg)));
setverdict(fail, "Encoding InnerEcRequest failed, not the expected result!");
v_res := decvalue(v_exp_enc_msg, v_exp_innerEcReq);
if (v_res == 0) {
log("Decoded message: ", v_certificate);
setverdict(pass, "Decoded succeed");
if (not match(v_innerEcRequest, v_exp_innerEcReq)) {
log("Expected message: ", bit2oct(valueof(v_exp_enc_msg)));
setverdict(fail, "Encoding failed, not the expected result!");
stop;
}
} else {
setverdict(fail, "Decoding failed");
testcase tc_inner_ec_request_2() runs on TCType system TCType {
var Oct32 v_private_key;
var Oct32 v_publicKeyX;
var Oct32 v_publicKeyY;
var Oct32 v_publicKeyCompressed;
var integer v_compressedMode;
var InnerEcRequest v_inner_ec_request;
var Ieee1609Dot2Data v_inner_ec_request_signed_for_pop;
var bitstring v_inner_ec_request_signed_for_pop_msg;
var EtsiTs102941Data v_dec_inner_ec_request_signed_for_pop;
var InnerEcRequest v_dec_inner_ec_request;
var bitstring v_dec_inner_ec_request_msg;
var bitstring v_tbs;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Ieee1609Dot2Data v_dec_ieee1609dot2_encrypted_and_signed_data;
var Ieee1609Dot2Data v_dec_ieee1609dot2_signed_data;
var bitstring v_ieee1609dot2_signed_and_encrypted_data_msg;
var integer v_result;
if (not(PICS_SEC_FIXED_KEYS)) {
setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
stop;
}
// Generate InnerEcRequest
if (f_generate_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_inner_ec_request) == false) {
setverdict(fail, "Failed to generate InnerEcRequest message");
stop;
}
// Generate InnerEcRequestSignedForPoP
if (f_generate_inner_ec_request_signed_for_pop(v_private_key, v_inner_ec_request, v_inner_ec_request_signed_for_pop) == false) {
setverdict(fail, "Failed to setup InnerEcRequestSignedForPoP message");
stop;
}
// Secure InnerEcRequestSignedForPoP message
v_inner_ec_request_signed_for_pop_msg := encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop));
if (f_build_pki_secured_message(v_private_key, valueof(m_signerIdentifier_self), int2oct(0, 8), v_publicKeyCompressed, v_compressedMode, bit2oct(v_inner_ec_request_signed_for_pop_msg), v_ieee1609dot2_signed_and_encrypted_data) == false) {
setverdict(fail, "Failed to secure InnerEcRequest message");
stop;
}
// Encode it
log("To be encoded message: ", v_ieee1609dot2_signed_and_encrypted_data);
v_ieee1609dot2_signed_and_encrypted_data_msg := encvalue(v_ieee1609dot2_signed_and_encrypted_data);
log("Encoded message: ", v_ieee1609dot2_signed_and_encrypted_data_msg);
setverdict(pass, "Encoded succeed");
// Decode encrypted InnerEcRequest
v_result := decvalue(v_ieee1609dot2_signed_and_encrypted_data_msg, v_dec_ieee1609dot2_encrypted_and_signed_data);
log("Decoded message: ", v_dec_ieee1609dot2_encrypted_and_signed_data);
if (match(v_dec_ieee1609dot2_encrypted_and_signed_data, v_ieee1609dot2_signed_and_encrypted_data)) {
setverdict(pass, "Decoded match succeed");
} else {
setverdict(fail, "Decoded match failed");
stop;
}
} else {
setverdict(fail, "Decoding failed");
stop;
}
// Decrypt InnerEcRequest
f_decrypt(v_private_key, v_dec_ieee1609dot2_encrypted_and_signed_data, v_dec_ieee1609dot2_signed_data);
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
log("v_dec_ieee1609dot2_signed_data= ", v_dec_ieee1609dot2_signed_data);
// Verify signature
v_tbs := encvalue(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData);
if (fx_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_tbs),
int2oct(0, 32),
v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
v_publicKeyCompressed,
v_compressedMode) == true) {
setverdict(pass, "Check signature succeed");
} else {
setverdict(fail, "Check signature failed");
stop;
}
// Extract InnerEcRequestSignedForPop
v_dec_inner_ec_request_msg := oct2bit(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData);
v_result := decvalue(v_dec_inner_ec_request_msg, v_dec_inner_ec_request_signed_for_pop);
if (v_result == 0) {
log("Decoded InnerEcRequestSignedForPop: ", v_dec_inner_ec_request_signed_for_pop);
setverdict(pass, "Decoded succeed");
} else {
setverdict(fail, "Decoding failed");
stop;
}
// Extract InnerEcRequest
log("v_dec_inner_ec_request_signed_for_pop.content.enrolmentRequest= ", v_dec_inner_ec_request_signed_for_pop.content.enrolmentRequest);
v_dec_inner_ec_request_msg := oct2bit(v_dec_inner_ec_request_signed_for_pop.content.enrolmentRequest.content.signedData.tbsData.payload.data.content.unsecuredData);
v_result := decvalue(v_dec_inner_ec_request_msg, v_dec_inner_ec_request);
if (v_result == 0) {
log("Decode InnerEcRequest: ", v_dec_inner_ec_request);
setverdict(pass, "Decoded succeed");
if (match(v_dec_inner_ec_request, v_inner_ec_request)) {
setverdict(pass, "Decoded match succeed");
} else {
setverdict(fail, "Decoded match failed");
stop;
}
} else {
setverdict(fail, "Decoding failed");
stop;
}
} // End of testcase tc_inner_ec_request_2
testcase tc_inner_ec_request_3() runs on ItsPki system ItsPkiSystem {
// Local variables
var Oct32 v_private_key;
var Oct32 v_publicKeyX;
var Oct32 v_publicKeyY;
var Oct32 v_publicKeyCompressed;
var AcSetSecurityData v_ac_set_security_data;
var integer v_compressedMode;
var InnerEcRequest v_inner_ec_request;
if (not(PICS_SEC_FIXED_KEYS)) {
setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
stop;
}
LibItsPki_Functions.f_cfUp();
if (f_generate_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_inner_ec_request) == false) {
setverdict(fail, "Failed to setup InnerEcRequest message");
//f_sendAcPrimitiv();
v_ac_set_security_data := { "CERT_TS_A_EA", "CERT_IUT_A_EA", v_private_key, v_publicKeyCompressed, v_compressedMode };
acPort.send(AcPkiPrimitive: { acSetSecurityData := v_ac_set_security_data });
tc_ac.start;
alt {
[] acPort.receive(AcPkiResponse: { result := true }) {
tc_ac.stop;
setverdict(pass);
}
[] acPort.receive(AcPkiResponse: { result := false }) {
tc_ac.stop;
setverdict(fail, "Failed to set Test System Security data");
stop;
}
[] tc_ac.timeout {
setverdict(inconc, "No response");
}
} // End of 'alt' statement
// Send message
pkiPort.send(v_inner_ec_request);
tc_ac.stop;
setverdict(pass, "Encoding passed.");
}
[] tc_ac.timeout {
setverdict(inconc, "No response");
}
} // End of 'alt' statement
LibItsPki_Functions.f_cfDown();
testcase tc_inner_ec_response_1() runs on TCType system TCType {
var Oct32 v_private_key;
var Oct32 v_publicKeyX;
var Oct32 v_publicKeyY;
var Oct32 v_publicKeyCompressed;
var integer v_compressedMode;
var EccP256CurvePoint v_eccPoint;
var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof(m_appPermissions(36, { bitmapSsp := '830001'O })),
valueof(m_appPermissions(37, { bitmapSsp := '830001'O }))
};
var octetstring v_inner_ec_request := '000E43616E6F6E6963616C4974734964018080827029A9B20D22AE37B1344B7FCC2322C8F1E5ECE09C39CC289E500A9487298B9B0080827029A9B20D22AE37B1344B7FCC2322C8F1E5ECE09C39CC289E500A9487298B9B7C83010A8F1C86000A83010280000C800022C00102800124810403830001800125810403830001'O;
var template (value) EtsiTs103097Certificate v_cert;
var bitstring v_tbs;
var Oct32 v_sig;
var bitstring v_enc_msg;
var integer v_res := 0;
var InnerEcResponse v_innerEcResponse;
if (not(PICS_SEC_FIXED_KEYS)) {
setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
f_generate_key_pair_nistp256(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode);
// Build certificate based on keys
if (v_compressedMode == 0) {
v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_0(v_publicKeyCompressed));
v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_1(v_publicKeyCompressed));
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
v_cert := m_etsiTs103097Certificate(
m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(f_hashWithSha256('616263'O))),
m_toBeSignedCertificate_at(
v_appPermissions,
m_verificationKeyIndicator_verificationKey(
m_publicVerificationKey_ecdsaNistP256(
v_eccPoint
)),
m_validityPeriod(
17469212,
m_duration_years(10)
),
m_geographicRegion_identifiedRegion(
{
m_identifiedRegion_country_only(12),
m_identifiedRegion_country_only(34)
}
)
)
);
// Encode it ==> Get octetstring
log("Encode template ", valueof(v_cert.toBeSigned));
v_tbs := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_tbs), int2oct(11, 32), v_private_key);
v_cert.signature_ := m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_sig, 0, 32)
),
substr(v_sig, 32, 32)
)
);
log("v_cert= ", v_cert);
// Create InnerEcResponse message
f_generate_inner_ec_response(
f_hashWithSha256(v_inner_ec_request),
valueof(v_cert),
v_innerEcResponse
);
// Encode InnerEcResponse template
log("Encode template ", v_innerEcResponse);
v_enc_msg := encvalue(v_innerEcResponse);
log("Encoded message: ", bit2oct(v_enc_msg));
// Check result
if (not isbound(v_enc_msg)) {
setverdict(fail, "Encoding failed!");
stop;
}
setverdict(pass, "Encoding passed.");
} // End of testcase tc_inner_ec_response_1
testcase tc_inner_ec_response_2() runs on TCType system TCType {
var Oct32 v_private_key;
var Oct32 v_publicKeyX;
var Oct32 v_publicKeyY;
var Oct32 v_publicKeyCompressed;
var integer v_compressedMode;
var EccP256CurvePoint v_eccPoint;
var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof(m_appPermissions(36, { bitmapSsp := '830001'O })),
valueof(m_appPermissions(37, { bitmapSsp := '830001'O }))
};
var template (value) EtsiTs103097Certificate v_cert;
var EtsiTs103097Certificate v_cert_ts_a_ea;
var EtsiTs103097Certificate v_cert_iut_a_ea;
var Oct32 v_private_key_cert_ts_a_ea;
var Oct32 v_private_key_cert_iut_a_ea;
var Oct32 v_private_enc_key_cert_ts_a_ea;
var Oct32 v_private_enc_key_cert_iut_a_ea;
var Oct8 v_hashed_id8_cert_ts_a_ea;
var Oct8 v_hashed_id8_cert_iut_a_ea;
var Oct32 v_whole_hash_cert_ts_a_ea;
var Oct32 v_whole_hash_cert_iut_a_ea;
var bitstring v_tbs;
var Oct32 v_sig;
var bitstring v_enc_msg;
var HashedId8 v_hashedid8_ea_certificate;
var InnerEcResponse v_inner_ec_response;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var bitstring v_ieee1609dot2_signed_and_encrypted_data_msg;
var Ieee1609Dot2Data v_dec_ieee1609dot2_encrypted_and_signed_data;
var Ieee1609Dot2Data v_dec_ieee1609dot2_signed_data;
var bitstring v_dec_inner_ec_response_msg;
var EtsiTs102941Data v_dec_inner_ec_response;
var boolean v_ret;
if (not(PICS_SEC_FIXED_KEYS)) {
setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
stop;
}
f_loadCertificates(PX_IUT_SEC_CONFIG_NAME);
f_readCertificate("CERT_TS_A_EA", v_cert_ts_a_ea);
f_readCertificate("CERT_IUT_A_EA", v_cert_iut_a_ea);
f_readSigningKey("CERT_TS_A_EA", v_private_key_cert_ts_a_ea);
f_readSigningKey("CERT_IUT_A_EA", v_private_key_cert_iut_a_ea);
f_readEncryptingKey("CERT_TS_A_EA", v_private_enc_key_cert_ts_a_ea);
f_readEncryptingKey("CERT_IUT_A_EA", v_private_enc_key_cert_iut_a_ea);
f_getCertificateDigest("CERT_TS_A_EA", v_hashed_id8_cert_ts_a_ea);
f_getCertificateDigest("CERT_IUT_A_EA", v_hashed_id8_cert_iut_a_ea);
f_getCertificateHash("CERT_TS_A_EA", v_whole_hash_cert_ts_a_ea);
f_getCertificateHash("CERT_IUT_A_EA", v_whole_hash_cert_iut_a_ea);
f_generate_key_pair_nistp256(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode);
// Build the EA certificate based on keys
if (v_compressedMode == 0) {
v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_0(v_publicKeyCompressed));
v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_1(v_publicKeyCompressed));
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
v_cert := m_etsiTs103097Certificate(
m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(f_hashWithSha256('616263'O))),
m_toBeSignedCertificate_at(
v_appPermissions,
m_verificationKeyIndicator_verificationKey(
m_publicVerificationKey_ecdsaNistP256(
v_eccPoint
)),
m_validityPeriod(
17469212,
m_duration_years(10)
),
m_geographicRegion_identifiedRegion(
{
m_identifiedRegion_country_only(12),
m_identifiedRegion_country_only(34)
}
)
)
);
// Encode it ==> Get octetstring
log("Encode template ", valueof(v_cert.toBeSigned));
v_tbs := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_tbs), int2oct(11, 32), v_private_key);
v_cert.signature_ := m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_sig, 0, 32)
),
substr(v_sig, 32, 32)
)
);
log("v_cert= ", v_cert);
// Calculate the whole-hashedid8 of the EA certificate
v_tbs := encvalue(v_cert);
v_hashedid8_ea_certificate := f_HashedId8FromSha256(f_hashWithSha256(bit2oct(v_tbs)));
log("whole-v_hashedid8_ea_certificate= ", v_hashedid8_ea_certificate);
// Create InnerEcResponse message
f_generate_inner_ec_response(
'DF0185451707BD702C957AB8B8AF827A6FBFBA7777723DDCA40CF6F58DAEA4E4'O,
valueof(v_cert),
v_inner_ec_response
);
// Build secured PKI message
v_enc_msg := encvalue(m_etsiTs102941Data_inner_ec_response(v_inner_ec_response));
if (ischosen(v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0)) {
v_ret := f_build_pki_secured_message(v_private_key_cert_iut_a_ea, valueof(m_signerIdentifier_digest(v_hashed_id8_cert_iut_a_ea)), int2oct(0, 8), v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0, 0, bit2oct(v_enc_msg), v_ieee1609dot2_signed_and_encrypted_data);
} else {
v_ret := f_build_pki_secured_message(v_private_key_cert_iut_a_ea, valueof(m_signerIdentifier_digest(v_hashed_id8_cert_iut_a_ea)), int2oct(0, 8), v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1, 1, bit2oct(v_enc_msg), v_ieee1609dot2_signed_and_encrypted_data);
}
if (v_ret == false) {
setverdict(fail, "Failed to secure InnerEcResponse message");
// Encode it
log("To be encoded message: ", v_ieee1609dot2_signed_and_encrypted_data);
v_ieee1609dot2_signed_and_encrypted_data_msg := encvalue(v_ieee1609dot2_signed_and_encrypted_data);
log("Encoded message: ", v_ieee1609dot2_signed_and_encrypted_data_msg);
setverdict(pass, "Encoded succeed");
v_result := decvalue(v_ieee1609dot2_signed_and_encrypted_data_msg, v_dec_ieee1609dot2_encrypted_and_signed_data);
log("Decoded message: ", v_dec_ieee1609dot2_encrypted_and_signed_data);
if (match(v_dec_ieee1609dot2_encrypted_and_signed_data, v_ieee1609dot2_signed_and_encrypted_data)) {
setverdict(pass, "Decoded match succeed");
} else {
setverdict(fail, "Decoded match failed");
stop;
}
} else {
setverdict(fail, "Decoding failed");
stop;
}
f_decrypt(v_private_enc_key_cert_ts_a_ea, v_dec_ieee1609dot2_encrypted_and_signed_data, v_dec_ieee1609dot2_signed_data);
log("v_dec_ieee1609dot2_signed_data= ", v_dec_ieee1609dot2_signed_data);
// Verify signature
v_tbs := encvalue(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData);
if (ischosen(v_cert_iut_a_ea.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0)) {
v_ret := f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_tbs),
v_whole_hash_cert_iut_a_ea,
v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
v_cert_iut_a_ea.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0,
0);
} else {
v_ret := f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_tbs),
v_whole_hash_cert_iut_a_ea,
v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
v_cert_iut_a_ea.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_1,
1);
}
if (v_ret == true) {
setverdict(pass, "Check signature succeed");
} else {
setverdict(fail, "Check signature failed");
stop;
}
// Extract InnerEcResponse
v_dec_inner_ec_response_msg := oct2bit(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData);
v_result := decvalue(v_dec_inner_ec_response_msg, v_dec_inner_ec_response);
if (v_result == 0) {
log("Decoded InnerEcResponse: ", v_dec_inner_ec_response);
setverdict(pass, "Decoded succeed");
if (match(v_dec_inner_ec_response.content.enrolmentResponse, v_inner_ec_response)) {
setverdict(pass, "Decoded match succeed");
// Extract the new EA certificate
v_cert := v_dec_inner_ec_response.content.enrolmentResponse.certificate;
// Check signature
v_tbs := encvalue(v_cert.toBeSigned);
if (f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_tbs),
int2oct(11, 32),
valueof(v_cert.signature_.ecdsaNistP256Signature.rSig.x_only) & valueof(v_cert.signature_.ecdsaNistP256Signature.sSig),
v_publicKeyCompressed,
v_compressedMode) == true) {
setverdict(pass, "Check signature succeed");
} else {
setverdict(fail, "Check signature failed");
stop;
}
} else {
setverdict(fail, "Decoded match failed");
stop;
}
} else {
setverdict(fail, "Decoding failed");
stop;
}
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
testcase tc_inner_ec_response_3() runs on TCType system TCType {
var Oct32 v_private_key;
var Oct32 v_publicKeyX;
var Oct32 v_publicKeyY;
var Oct32 v_publicKeyCompressed;
var integer v_compressedMode;
var EccP256CurvePoint v_eccPoint;
var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof(m_appPermissions(36, { bitmapSsp := '830001'O })),
valueof(m_appPermissions(37, { bitmapSsp := '830001'O }))
};
var template (value) EtsiTs103097Certificate v_cert;
var EtsiTs103097Certificate v_cert_ts_a_ea;
var EtsiTs103097Certificate v_cert_iut_a_ea;
var Oct32 v_private_key_cert_ts_a_ea;
var Oct32 v_private_key_cert_iut_a_ea;
var Oct32 v_private_enc_key_cert_ts_a_ea;
var Oct32 v_private_enc_key_cert_iut_a_ea;
var Oct8 v_hashed_id8_cert_ts_a_ea;
var Oct8 v_hashed_id8_cert_iut_a_ea;
var Oct32 v_whole_hash_cert_ts_a_ea;
var Oct32 v_whole_hash_cert_iut_a_ea;
var bitstring v_tbs;
var Oct32 v_sig;
var bitstring v_enc_msg;
var HashedId8 v_hashedid8_ea_certificate;
var AuthorizationValidationResponse v_authorization_validation_response;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var bitstring v_ieee1609dot2_signed_and_encrypted_data_msg;
var Ieee1609Dot2Data v_dec_ieee1609dot2_encrypted_and_signed_data;
var Ieee1609Dot2Data v_dec_ieee1609dot2_signed_data;
var bitstring v_dec_authorization_validation_response_msg;
var EtsiTs102941Data v_dec_authorization_validation_response;
var boolean v_ret;
var integer v_result;
if (not(PICS_SEC_FIXED_KEYS)) {
setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
stop;
}
f_loadCertificates(PX_IUT_SEC_CONFIG_NAME);
f_readCertificate("CERT_TS_A_EA", v_cert_ts_a_ea);
f_readCertificate("CERT_IUT_A_EA", v_cert_iut_a_ea);
f_readSigningKey("CERT_TS_A_EA", v_private_key_cert_ts_a_ea);
f_readSigningKey("CERT_IUT_A_EA", v_private_key_cert_iut_a_ea);
f_readEncryptingKey("CERT_TS_A_EA", v_private_enc_key_cert_ts_a_ea);
f_readEncryptingKey("CERT_IUT_A_EA", v_private_enc_key_cert_iut_a_ea);
f_getCertificateDigest("CERT_TS_A_EA", v_hashed_id8_cert_ts_a_ea);
f_getCertificateDigest("CERT_IUT_A_EA", v_hashed_id8_cert_iut_a_ea);
f_getCertificateHash("CERT_TS_A_EA", v_whole_hash_cert_ts_a_ea);
f_getCertificateHash("CERT_IUT_A_EA", v_whole_hash_cert_iut_a_ea);
f_generate_key_pair_nistp256(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode);
// Build the EA certificate based on keys
if (v_compressedMode == 0) {
v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_0(v_publicKeyCompressed));
} else {
v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_1(v_publicKeyCompressed));
}
v_cert := m_etsiTs103097Certificate(
m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(f_hashWithSha256('616263'O))),
m_toBeSignedCertificate_at(
v_appPermissions,
m_verificationKeyIndicator_verificationKey(
m_publicVerificationKey_ecdsaNistP256(
v_eccPoint
)),
m_validityPeriod(
17469212,
m_duration_years(10)
),
m_geographicRegion_identifiedRegion(
{
m_identifiedRegion_country_only(12),
m_identifiedRegion_country_only(34)
}
)
)
);
// Encode it ==> Get octetstring
log("Encode template ", valueof(v_cert.toBeSigned));
v_tbs := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_tbs), int2oct(11, 32), v_private_key);
v_cert.signature_ := m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_sig, 0, 32)
),
substr(v_sig, 32, 32)
)
);
log("v_cert= ", v_cert);
// Calculate the whole-hashedid8 of the EA certificate
v_tbs := encvalue(v_cert);
v_hashedid8_ea_certificate := f_HashedId8FromSha256(f_hashWithSha256(bit2oct(v_tbs)));
log("whole-v_hashedid8_ea_certificate= ", v_hashedid8_ea_certificate);
// Create InnerEcResponse message
f_generate_autorization_validation_response(
'DF0185451707BD702C957AB8B8AF827A6FBFBA7777723DDCA40CF6F58DAEA4E4'O,
valueof(v_cert),
v_authorization_validation_response
);
// Build secured PKI message
v_enc_msg := encvalue(m_etsiTs102941Data_v_authorization_validation_response(v_authorization_validation_response));
if (ischosen(v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0)) {
v_ret := f_build_pki_secured_message(v_private_key_cert_iut_a_ea, valueof(m_signerIdentifier_digest(v_hashed_id8_cert_iut_a_ea)), int2oct(0, 8), v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0, 0, bit2oct(v_enc_msg), v_ieee1609dot2_signed_and_encrypted_data);
} else {
v_ret := f_build_pki_secured_message(v_private_key_cert_iut_a_ea, valueof(m_signerIdentifier_digest(v_hashed_id8_cert_iut_a_ea)), int2oct(0, 8), v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1, 1, bit2oct(v_enc_msg), v_ieee1609dot2_signed_and_encrypted_data);
}
if (v_ret == false) {
setverdict(fail, "Failed to secure InnerEcResponse message");
stop;
}
// Encode it
log("To be encoded message: ", v_ieee1609dot2_signed_and_encrypted_data);
v_ieee1609dot2_signed_and_encrypted_data_msg := encvalue(v_ieee1609dot2_signed_and_encrypted_data);
log("Encoded message: ", v_ieee1609dot2_signed_and_encrypted_data_msg);
setverdict(pass, "Encoded succeed");
// Decode encrypted InnerEcResponse
v_result := decvalue(v_ieee1609dot2_signed_and_encrypted_data_msg, v_dec_ieee1609dot2_encrypted_and_signed_data);
if (v_result == 0) {
log("Decoded message: ", v_dec_ieee1609dot2_encrypted_and_signed_data);
setverdict(pass, "Decoded succeed");
if (match(v_dec_ieee1609dot2_encrypted_and_signed_data, v_ieee1609dot2_signed_and_encrypted_data)) {
setverdict(pass, "Decoded match succeed");
} else {
setverdict(fail, "Decoded match failed");
stop;
}
} else {
setverdict(fail, "Decoding failed");
stop;
}
// Decrypt InnerEcResponse
f_decrypt(v_private_enc_key_cert_ts_a_ea, v_dec_ieee1609dot2_encrypted_and_signed_data, v_dec_ieee1609dot2_signed_data);
log("v_dec_ieee1609dot2_signed_data= ", v_dec_ieee1609dot2_signed_data);
// Verify signature
v_tbs := encvalue(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData);
if (ischosen(v_cert_iut_a_ea.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0)) {
v_ret := f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_tbs),
v_whole_hash_cert_iut_a_ea,
v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
v_cert_iut_a_ea.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0,
0);
} else {
v_ret := f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_tbs),
v_whole_hash_cert_iut_a_ea,
v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
v_cert_iut_a_ea.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_1,
1);
}
if (v_ret == true) {
setverdict(pass, "Check signature succeed");
} else {
setverdict(fail, "Check signature failed");
stop;
}
// Extract AuthorizationValidationResponse
v_dec_authorization_validation_response_msg := oct2bit(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData);
v_result := decvalue(v_dec_authorization_validation_response_msg, v_dec_authorization_validation_response);
if (v_result == 0) {
log("Decoded authorization_validation_response: ", v_dec_authorization_validation_response);
setverdict(pass, "Decoded succeed");
if (match(v_dec_inner_ec_response.content.enrolmentResponse, v_authorization_validation_response)) {
setverdict(pass, "Decoded match succeed");
// Extract the new EA certificate
v_cert := v_dec_inner_ec_response.content.enrolmentResponse.certificate;
// Check signature
v_tbs := encvalue(v_cert.toBeSigned);
if (f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_tbs),
int2oct(11, 32),
valueof(v_cert.signature_.ecdsaNistP256Signature.rSig.x_only) & valueof(v_cert.signature_.ecdsaNistP256Signature.sSig),
v_publicKeyCompressed,
v_compressedMode) == true) {
setverdict(pass, "Check signature succeed");
} else {
setverdict(fail, "Check signature failed");
stop;
}
} else {
setverdict(fail, "Decoded match failed");
stop;
}
} else {
setverdict(fail, "Decoding failed");
stop;
}
} // End of testcase tc_inner_ec_response_3
testcase tc_inner_ec_functions_1() runs on TCType system TCType {
var Oct32 v_private_key;
var Oct32 v_publicKeyCompressed;
var integer v_compressedMode;
var InnerEcRequest v_inner_ec_request;
var boolean v_ret := false;
if (not(PICS_SEC_FIXED_KEYS)) {
setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
stop;
}
f_loadCertificates(PX_IUT_SEC_CONFIG_NAME);
v_ret := f_generate_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_inner_ec_request);
if (v_ret == true) {
setverdict(pass);
} else {
setverdict(fail);
}
} // End of testcase tc_inner_ec_functions_1
testcase tc_inner_ec_functions_2() runs on TCType system TCType {
var Oct32 v_private_key;
var Oct32 v_publicKeyX;
var Oct32 v_publicKeyY;
var Oct32 v_publicKeyCompressed;
var integer v_compressedMode;
var EccP256CurvePoint v_eccPoint;
var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof(m_appPermissions(36, { bitmapSsp := '830001'O })),
valueof(m_appPermissions(37, { bitmapSsp := '830001'O }))
};
var template (value) EtsiTs103097Certificate v_cert;
var EtsiTs103097Certificate v_cert_ts_a_ea;
var EtsiTs103097Certificate v_cert_iut_a_ea;
var Oct32 v_private_key_cert_ts_a_ea;
var Oct32 v_private_key_cert_iut_a_ea;
var Oct32 v_private_enc_key_cert_ts_a_ea;
var Oct32 v_private_enc_key_cert_iut_a_ea;
var Oct8 v_hashed_id8_cert_ts_a_ea;
var Oct8 v_hashed_id8_cert_iut_a_ea;
var Oct32 v_whole_hash_cert_ts_a_ea;
var Oct32 v_whole_hash_cert_iut_a_ea;
var InnerEcRequest v_inner_ec_request;
var boolean v_ret := false;
if (not(PICS_SEC_FIXED_KEYS)) {
setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
stop;
}
f_loadCertificates(PX_IUT_SEC_CONFIG_NAME);
f_readCertificate("CERT_TS_A_EA", v_cert_ts_a_ea);
f_readCertificate("CERT_IUT_A_EA", v_cert_iut_a_ea);
f_readSigningKey("CERT_TS_A_EA", v_private_key_cert_ts_a_ea);
f_readSigningKey("CERT_IUT_A_EA", v_private_key_cert_iut_a_ea);
f_readEncryptingKey("CERT_TS_A_EA", v_private_enc_key_cert_ts_a_ea);
f_readEncryptingKey("CERT_IUT_A_EA", v_private_enc_key_cert_iut_a_ea);
f_getCertificateDigest("CERT_TS_A_EA", v_hashed_id8_cert_ts_a_ea);
f_getCertificateDigest("CERT_IUT_A_EA", v_hashed_id8_cert_iut_a_ea);
f_getCertificateHash("CERT_TS_A_EA", v_whole_hash_cert_ts_a_ea);
f_getCertificateHash("CERT_IUT_A_EA", v_whole_hash_cert_iut_a_ea);
v_ret := f_generate_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_inner_ec_request);
if (v_ret == true) {
setverdict(pass);
} else {
v_ret := f_generate_ec_certificate(v_private_key, v_inner_ec_request, v_ec_certificate);
if (v_ret == true) {
setverdict(pass);
} else {
setverdict(fail, "f_generate_ec_certificate");
stop;
}
} // End of testcase tc_inner_ec_functions_2
testcase tc_inner_ec_functions_3() runs on TCType system TCType {
var Oct32 v_private_key;
var Oct32 v_publicKeyX;
var Oct32 v_publicKeyY;
var Oct32 v_publicKeyCompressed;
var Oct32 v_private_enc_key;
var Oct32 v_publicEncKeyCompressed;
var integer v_compressedMode;
var EccP256CurvePoint v_eccPoint;
var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof(m_appPermissions(36, { bitmapSsp := '830001'O })),
valueof(m_appPermissions(37, { bitmapSsp := '830001'O }))
};
var template (value) EtsiTs103097Certificate v_cert;
var EtsiTs103097Certificate v_cert_ts_a_ea;
var EtsiTs103097Certificate v_cert_iut_a_ea;
var Oct32 v_private_key_cert_ts_a_ea;
var Oct32 v_private_key_cert_iut_a_ea;
var Oct32 v_private_enc_key_cert_ts_a_ea;
var Oct32 v_private_enc_key_cert_iut_a_ea;
var Oct8 v_hashed_id8_cert_ts_a_ea;
var Oct8 v_hashed_id8_cert_iut_a_ea;
var Oct32 v_whole_hash_cert_ts_a_ea;
var Oct32 v_whole_hash_cert_iut_a_ea;
var InnerEcRequest v_inner_ec_request;
var Certificate v_ec_certificate;
var InnerAtRequest v_inner_at_request;
var Ieee1609Dot2Data v_inner_at_request_data;
var boolean v_ret := false;
if (not(PICS_SEC_FIXED_KEYS)) {
setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
stop;
}
f_loadCertificates(PX_IUT_SEC_CONFIG_NAME);
f_readCertificate("CERT_TS_A_EA", v_cert_ts_a_ea);
f_readCertificate("CERT_IUT_A_EA", v_cert_iut_a_ea);
f_readSigningKey("CERT_TS_A_EA", v_private_key_cert_ts_a_ea);
f_readSigningKey("CERT_IUT_A_EA", v_private_key_cert_iut_a_ea);
f_readEncryptingKey("CERT_TS_A_EA", v_private_enc_key_cert_ts_a_ea);
f_readEncryptingKey("CERT_IUT_A_EA", v_private_enc_key_cert_iut_a_ea);
f_getCertificateDigest("CERT_TS_A_EA", v_hashed_id8_cert_ts_a_ea);
f_getCertificateDigest("CERT_IUT_A_EA", v_hashed_id8_cert_iut_a_ea);
f_getCertificateHash("CERT_TS_A_EA", v_whole_hash_cert_ts_a_ea);
f_getCertificateHash("CERT_IUT_A_EA", v_whole_hash_cert_iut_a_ea);
v_ret := f_generate_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_inner_ec_request);
if (v_ret == true) {
setverdict(pass);
} else {
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
v_ret := f_generate_ec_certificate(v_private_key, v_inner_ec_request, v_ec_certificate);
if (v_ret == true) {
setverdict(pass);
} else {
setverdict(fail, "f_generate_ec_certificate");
stop;
}
v_ret := f_generate_inner_at_request(v_ec_certificate, v_private_key, v_cert_iut_a_ea, v_hashed_id8_cert_iut_a_ea, true, v_private_enc_key, v_publicEncKeyCompressed, v_compressedMode, v_inner_at_request, v_inner_at_request_data);
if (v_ret == true) {
setverdict(pass);
} else {
setverdict(fail, "f_generate_inner_at_request");
stop;
}
} // End of testcase tc_inner_ec_functions_3
testcase tc_inner_ec_functions_4() runs on TCType system TCType {
var Oct32 v_private_key;
var Oct32 v_publicKeyCompressed;
var Oct32 v_private_enc_key;
var Oct32 v_publicEncKeyCompressed;
var integer v_compressedMode;
var EccP256CurvePoint v_eccPoint;
var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof(m_appPermissions(36, { bitmapSsp := '830001'O })),
valueof(m_appPermissions(37, { bitmapSsp := '830001'O }))
};
var template (value) EtsiTs103097Certificate v_cert;
var EtsiTs103097Certificate v_cert_ts_a_ea;
var EtsiTs103097Certificate v_cert_iut_a_ea;
var Oct32 v_private_key_cert_ts_a_ea;
var Oct32 v_private_key_cert_iut_a_ea;
var Oct32 v_private_enc_key_cert_ts_a_ea;
var Oct32 v_private_enc_key_cert_iut_a_ea;
var Oct8 v_hashed_id8_cert_ts_a_ea;
var Oct8 v_hashed_id8_cert_iut_a_ea;
var Oct32 v_whole_hash_cert_ts_a_ea;
var Oct32 v_whole_hash_cert_iut_a_ea;
var AuthorizationValidationRequest v_authorization_validation_request;
var boolean v_ret := false;
if (not(PICS_SEC_FIXED_KEYS)) {
setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
stop;
}
f_loadCertificates(PX_IUT_SEC_CONFIG_NAME);
f_readCertificate("CERT_TS_A_EA", v_cert_ts_a_ea);
f_readCertificate("CERT_IUT_A_EA", v_cert_iut_a_ea);
f_readSigningKey("CERT_TS_A_EA", v_private_key_cert_ts_a_ea);
f_readSigningKey("CERT_IUT_A_EA", v_private_key_cert_iut_a_ea);
f_readEncryptingKey("CERT_TS_A_EA", v_private_enc_key_cert_ts_a_ea);
f_readEncryptingKey("CERT_IUT_A_EA", v_private_enc_key_cert_iut_a_ea);
f_getCertificateDigest("CERT_TS_A_EA", v_hashed_id8_cert_ts_a_ea);
f_getCertificateDigest("CERT_IUT_A_EA", v_hashed_id8_cert_iut_a_ea);
f_getCertificateHash("CERT_TS_A_EA", v_whole_hash_cert_ts_a_ea);
f_getCertificateHash("CERT_IUT_A_EA", v_whole_hash_cert_iut_a_ea);
v_ret := f_generate_authorization_validation_request(v_cert_ts_a_ea, v_hashed_id8_cert_ts_a_ea, v_private_key, v_publicKeyCompressed, v_compressedMode, v_authorization_validation_request);
if (v_ret == true) {
setverdict(pass);
} else {
setverdict(fail, "f_generate_authorization_validation_request");
stop;
}
} // End of testcase tc_inner_ec_functions_4
control {
execute(tc_inner_ec_request_1());
execute(tc_inner_ec_request_2());
execute(tc_inner_ec_functions_1());
execute(tc_inner_ec_functions_2());
execute(tc_inner_ec_functions_3());
execute(tc_inner_ec_functions_4());