Newer
Older
/*
* @author
*
* @version
* 1.0
* @desc
*
* @remark
*
* @see
*
*/
module TestCodec_Pki {
// Libcommon
import from LibCommon_Time all;
import from LibCommon_VerdictControl all;
import from LibCommon_Sync all;
import from LibCommon_BasicTypesAndValues all;
// LibIts
import from IEEE1609dot2BaseTypes language "ASN.1:1997" all;
import from IEEE1609dot2 language "ASN.1:1997" all;
import from EtsiTs102941BaseTypes language "ASN.1:1997" all;
import from EtsiTs102941TypesEnrolment language "ASN.1:1997" all;
import from EtsiTs102941MessagesItss language "ASN.1:1997" all;
import from EtsiTs103097Module language "ASN.1:1997" all;
// LibItsCommon
import from LibItsCommon_TypesAndValues all;
import from LibItsCommon_TypesAndValues all;
import from LibItsCommon_ASN1_NamedNumbers all;
// LibItsSecurity
import from LibItsSecurity_TypesAndValues all;
import from LibItsSecurity_Templates all;
import from LibItsSecurity_Functions all;
// LibItsHttp
import from LibItsHttp_TypesAndValues all;
import from LibItsHttp_Templates all;
import from LibItsHttp_BinaryTemplates all;
import from LibItsHttp_Functions all;
// TestCodec
import from TestCodec_TestAndSystem all;
testcase tc_inner_ec_request_1() runs on TCType system TCType {
var integer v_res := 0;
var EtsiTs103097Certificate v_certificate;
var InnerEcRequest v_innerEcRequest;
var bitstring v_exp_enc_msg := oct2bit('0004544F444F01008083A72B88B6A1ADEEBA7FC18772952F053A81BD18635EE5AB08ED1376C107B5413968831874E3808466A8C0'O);
var bitstring v_enc_msg := oct2bit('8003008100288300000000001874e3808466a8c001018080010e80012482080301ffff0301ffff800125820a0401ffffff0401ffffff800189820a0401ffffff0401ffffff80018a820a0401ffffff0401ffffff80018b820a0401ffffff0401ffffff80018c820a0401ffffff0401ffffff00018d0001600001610001620001630001640001650001660102808083a72b88b6a1adeeba7fc18772952f053a81bd18635ee5ab08ed1376c107b541398080c0290e397381bf7502a0e6a6b271d8e2f18fc8311f591f0528a673ee5169f670e224ac455b5e67eb251cc1467f6ffc6840987c8c8eb9245c22be73322b64ca54'O); // CERT_IUT_A_RCA.oer
var Oct32 v_private_key := 'd79ef1d533b0385463a5d15708e94ff4f0d281cccbef504acd3afbb82dc0499f'O; // CERT_IUT_A_RCA.vkey
// Decode certificate
v_res := decvalue(v_enc_msg, v_certificate);
if (v_res == 0) {
log("Decoded message: ", v_certificate);
v_innerEcRequest := valueof(m_innerEcRequest(
"TODO",
m_publicKeys(
v_certificate.toBeSigned.verifyKeyIndicator.verificationKey,
v_certificate.toBeSigned.encryptionKey
),
m_certificateSubjectAttributes(
v_certificate.toBeSigned.appPermissions,
v_certificate.toBeSigned.validityPeriod,
v_certificate.toBeSigned.region,
v_certificate.toBeSigned.assuranceLevel
)));
v_enc_msg := encvalue(v_innerEcRequest);
log("Encoded message: ", bit2oct(v_enc_msg));
if (not isbound(v_enc_msg)) {
setverdict(fail, "Encoding InnerEcRequest failed!");
if (not match(v_enc_msg, v_exp_enc_msg)) {
log("Expected message: ", bit2oct(valueof(v_exp_enc_msg)));
setverdict(fail, "Encoding InnerEcRequest failed, not the expected result!");
v_res := decvalue(v_exp_enc_msg, v_exp_innerEcReq);
if (v_res == 0) {
log("Decoded message: ", v_certificate);
setverdict(pass, "Decoded succeed");
if (not match(v_innerEcRequest, v_exp_innerEcReq)) {
log("Expected message: ", bit2oct(valueof(v_exp_enc_msg)));
setverdict(fail, "Encoding failed, not the expected result!");
stop;
}
} else {
setverdict(fail, "Decoding failed");
testcase tc_inner_ec_request_2() runs on TCType system TCType {
var Oct32 v_private_key;
var Oct32 v_publicKeyX;
var Oct32 v_publicKeyY;
var Oct32 v_publicKeyCompressed;
var integer v_compressedMode;
var InnerEcRequest v_inner_ec_request;
var Ieee1609Dot2Data v_inner_ec_request_signed_for_pop;
var bitstring v_inner_ec_request_signed_for_pop_msg;
var EtsiTs102941Data v_dec_inner_ec_request_signed_for_pop;
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
var InnerEcRequest v_dec_inner_ec_request;
var bitstring v_dec_inner_ec_request_msg;
var bitstring v_tbs;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Ieee1609Dot2Data v_dec_ieee1609dot2_signed_and_encrypted_data;
var Ieee1609Dot2Data v_dec_ieee1609dot2_signed_data;
var bitstring v_ieee1609dot2_signed_and_encrypted_data_msg;
var integer v_result;
if (not(PICS_SEC_FIXED_KEYS)) {
setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
stop;
}
// Generate InnerEcRequest
if (f_generate_inner_ec_request(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode, v_inner_ec_request) == false) {
setverdict(fail, "Failed to generate InnerEcRequest message");
stop;
}
// Generate InnerEcRequestSignedForPoP
if (f_generate_inner_ec_request_signed_for_pop(v_private_key, v_inner_ec_request, v_inner_ec_request_signed_for_pop) == false) {
setverdict(fail, "Failed to setup InnerEcRequestSignedForPoP message");
stop;
}
// Secure InnerEcRequestSignedForPoP message
v_inner_ec_request_signed_for_pop_msg := encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop));
if (f_build_pki_secured_message(v_private_key, v_publicKeyCompressed, v_compressedMode, bit2oct(v_inner_ec_request_signed_for_pop_msg), v_ieee1609dot2_signed_and_encrypted_data) == false) {
setverdict(fail, "Failed to secure InnerEcRequest message");
stop;
}
// Encode it
log("To be encoded message: ", v_ieee1609dot2_signed_and_encrypted_data);
v_ieee1609dot2_signed_and_encrypted_data_msg := encvalue(v_ieee1609dot2_signed_and_encrypted_data);
log("Encoded message: ", v_ieee1609dot2_signed_and_encrypted_data_msg);
setverdict(pass, "Encoded succeed");
// Decode encrypted InnerEcRequest
v_result := decvalue(v_ieee1609dot2_signed_and_encrypted_data_msg, v_dec_ieee1609dot2_signed_and_encrypted_data);
if (v_result == 0) {
log("Decoded message: ", v_dec_ieee1609dot2_signed_and_encrypted_data);
setverdict(pass, "Decoded succeed");
if (match(v_dec_ieee1609dot2_signed_and_encrypted_data, v_ieee1609dot2_signed_and_encrypted_data)) {
setverdict(pass, "Decoded match succeed");
} else {
setverdict(fail, "Decoded match failed");
stop;
}
} else {
setverdict(fail, "Decoding failed");
stop;
}
// Decrypt InnerEcRequest
f_decrypt(v_private_key, v_dec_ieee1609dot2_signed_and_encrypted_data, v_dec_ieee1609dot2_signed_data);
log("v_dec_ieee1609dot2_signed_data= ", v_dec_ieee1609dot2_signed_data);
// Verify signature
v_tbs := encvalue(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData);
if (fx_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_tbs),
int2oct(0, 32),
v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
v_publicKeyCompressed,
v_compressedMode) == true) {
setverdict(pass, "Check signature succeed");
} else {
setverdict(fail, "Check signature failed");
stop;
}
// Extract InnerEcRequestSignedForPop
v_dec_inner_ec_request_msg := oct2bit(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData);
v_result := decvalue(v_dec_inner_ec_request_msg, v_dec_inner_ec_request_signed_for_pop);
if (v_result == 0) {
log("Decoded InnerEcRequestSignedForPop: ", v_dec_inner_ec_request_signed_for_pop);
setverdict(pass, "Decoded succeed");
} else {
setverdict(fail, "Decoding failed");
stop;
}
// Extract InnerEcRequest
log("v_dec_inner_ec_request_signed_for_pop.content.enrolmentRequest= ", v_dec_inner_ec_request_signed_for_pop.content.enrolmentRequest);
v_dec_inner_ec_request_msg := oct2bit(v_dec_inner_ec_request_signed_for_pop.content.enrolmentRequest.content.signedData.tbsData.payload.data.content.unsecuredData);
v_result := decvalue(v_dec_inner_ec_request_msg, v_dec_inner_ec_request);
if (v_result == 0) {
log("Decode InnerEcRequest: ", v_dec_inner_ec_request);
setverdict(pass, "Decoded succeed");
if (match(v_dec_inner_ec_request, v_inner_ec_request)) {
setverdict(pass, "Decoded match succeed");
} else {
setverdict(fail, "Decoded match failed");
stop;
}
} else {
setverdict(fail, "Decoding failed");
stop;
}
} // End of testcase tc_inner_ec_request_2
testcase tc_inner_ec_request_3() runs on ItsPki system ItsPkiSystem {
// Local variables
var Oct32 v_private_key;
var Oct32 v_publicKeyX;
var Oct32 v_publicKeyY;
var Oct32 v_publicKeyCompressed;
var integer v_compressedMode;
var InnerEcRequest v_inner_ec_request;
if (not(PICS_SEC_FIXED_KEYS)) {
setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
stop;
}
if (f_generate_inner_ec_request(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode, v_inner_ec_request) == false) {
setverdict(fail, "Failed to setup InnerEcRequest message");
// Send message
pkiPort.send(v_inner_ec_request);
tc_ac.stop;
setverdict(pass, "Encoding passed.");
}
[] tc_ac.timeout {
setverdict(inconc, "No response");
}
} // End of 'alt' statement
testcase tc_inner_ec_response_1() runs on TCType system TCType {
var Oct32 v_private_key;
var Oct32 v_publicKeyX;
var Oct32 v_publicKeyY;
var Oct32 v_publicKeyCompressed;
var integer v_compressedMode;
var EccP256CurvePoint v_eccPoint;
var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof(m_appPermissions(36, { bitmapSsp := '830001'O })),
valueof(m_appPermissions(37, { bitmapSsp := '830001'O }))
};
var octetstring v_inner_ec_request := '000E43616E6F6E6963616C4974734964018080827029A9B20D22AE37B1344B7FCC2322C8F1E5ECE09C39CC289E500A9487298B9B0080827029A9B20D22AE37B1344B7FCC2322C8F1E5ECE09C39CC289E500A9487298B9B7C83010A8F1C86000A83010280000C800022C00102800124810403830001800125810403830001'O;
var template (value) EtsiTs103097Certificate v_cert;
var bitstring v_tbs;
var Oct32 v_sig;
var bitstring v_enc_msg;
var integer v_res := 0;
var InnerEcResponse v_innerEcResponse;
if (not(PICS_SEC_FIXED_KEYS)) {
setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
f_generate_key_pair_nistp256(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode);
// Build certificate based on keys
if (v_compressedMode == 0) {
v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_0(v_publicKeyCompressed));
v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_1(v_publicKeyCompressed));
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
v_cert := m_etsiTs103097Certificate(
m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(f_hashWithSha256('616263'O))),
m_toBeSignedCertificate_at(
v_appPermissions,
m_verificationKeyIndicator_verificationKey(
m_publicVerificationKey_ecdsaNistP256(
v_eccPoint
)),
m_validityPeriod(
17469212,
m_duration_years(10)
),
m_geographicRegion_identifiedRegion(
{
m_identifiedRegion_country_only(12),
m_identifiedRegion_country_only(34)
}
)
)
);
// Encode it ==> Get octetstring
log("Encode template ", valueof(v_cert.toBeSigned));
v_tbs := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_tbs), int2oct(11, 32), v_private_key);
v_cert.signature_ := m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_sig, 0, 32)
),
substr(v_sig, 32, 32)
)
);
log("v_cert= ", v_cert);
// Create InnerEcResponse message
f_generate_inner_ec_response(
f_hashWithSha256(v_inner_ec_request),
valueof(v_cert),
v_innerEcResponse
);
// Encode InnerEcResponse template
log("Encode template ", v_innerEcResponse);
v_enc_msg := encvalue(v_innerEcResponse);
log("Encoded message: ", bit2oct(v_enc_msg));
// Check result
if (not isbound(v_enc_msg)) {
setverdict(fail, "Encoding failed!");
stop;
}
setverdict(pass, "Encoding passed.");
} // End of testcase tc_inner_ec_response_1
testcase tc_inner_ec_response_2() runs on TCType system TCType {
var Oct32 v_private_key;
var Oct32 v_publicKeyX;
var Oct32 v_publicKeyY;
var Oct32 v_publicKeyCompressed;
var integer v_compressedMode;
var EccP256CurvePoint v_eccPoint;
var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof(m_appPermissions(36, { bitmapSsp := '830001'O })),
valueof(m_appPermissions(37, { bitmapSsp := '830001'O }))
};
var octetstring v_inner_ec_request := '000E43616E6F6E6963616C4974734964018080827029A9B20D22AE37B1344B7FCC2322C8F1E5ECE09C39CC289E500A9487298B9B0080827029A9B20D22AE37B1344B7FCC2322C8F1E5ECE09C39CC289E500A9487298B9B7C83010A8F1C86000A83010280000C800022C00102800124810403830001800125810403830001'O;
var template (value) EtsiTs103097Certificate v_cert;
var bitstring v_tbs;
var Oct32 v_sig;
var bitstring v_enc_msg;
var InnerEcResponse v_inner_ec_response;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var bitstring v_ieee1609dot2_signed_and_encrypted_data_msg;
var Ieee1609Dot2Data v_dec_ieee1609dot2_signed_and_encrypted_data;
var Ieee1609Dot2Data v_dec_ieee1609dot2_signed_data;
var bitstring v_dec_inner_ec_response_msg;
var EtsiTs102941Data v_dec_inner_ec_response;
if (not(PICS_SEC_FIXED_KEYS)) {
setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
stop;
}
f_generate_key_pair_nistp256(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode);
// Build certificate based on keys
if (v_compressedMode == 0) {
v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_0(v_publicKeyCompressed));
v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_1(v_publicKeyCompressed));
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
v_cert := m_etsiTs103097Certificate(
m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(f_hashWithSha256('616263'O))),
m_toBeSignedCertificate_at(
v_appPermissions,
m_verificationKeyIndicator_verificationKey(
m_publicVerificationKey_ecdsaNistP256(
v_eccPoint
)),
m_validityPeriod(
17469212,
m_duration_years(10)
),
m_geographicRegion_identifiedRegion(
{
m_identifiedRegion_country_only(12),
m_identifiedRegion_country_only(34)
}
)
)
);
// Encode it ==> Get octetstring
log("Encode template ", valueof(v_cert.toBeSigned));
v_tbs := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_tbs), int2oct(11, 32), v_private_key);
v_cert.signature_ := m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_sig, 0, 32)
),
substr(v_sig, 32, 32)
)
);
log("v_cert= ", v_cert);
// Create InnerEcResponse message
f_generate_inner_ec_response(
f_hashWithSha256(v_inner_ec_request),
valueof(v_cert),
v_inner_ec_response
);
// Build secured PKI message
v_enc_msg := encvalue(m_etsiTs102941Data_inner_ec_response(v_inner_ec_response));
if (f_build_pki_secured_message(v_private_key, v_publicKeyCompressed, v_compressedMode, bit2oct(v_enc_msg), v_ieee1609dot2_signed_and_encrypted_data) == false) {
setverdict(fail, "Failed to secure InnerEcResponse message");
// Encode it
log("To be encoded message: ", v_ieee1609dot2_signed_and_encrypted_data);
v_ieee1609dot2_signed_and_encrypted_data_msg := encvalue(v_ieee1609dot2_signed_and_encrypted_data);
log("Encoded message: ", v_ieee1609dot2_signed_and_encrypted_data_msg);
setverdict(pass, "Encoded succeed");
v_result := decvalue(v_ieee1609dot2_signed_and_encrypted_data_msg, v_dec_ieee1609dot2_signed_and_encrypted_data);
if (v_result == 0) {
log("Decoded message: ", v_dec_ieee1609dot2_signed_and_encrypted_data);
setverdict(pass, "Decoded succeed");
if (match(v_dec_ieee1609dot2_signed_and_encrypted_data, v_ieee1609dot2_signed_and_encrypted_data)) {
setverdict(pass, "Decoded match succeed");
} else {
setverdict(fail, "Decoded match failed");
stop;
}
} else {
setverdict(fail, "Decoding failed");
stop;
}
f_decrypt(v_private_key, v_dec_ieee1609dot2_signed_and_encrypted_data, v_dec_ieee1609dot2_signed_data);
log("v_dec_ieee1609dot2_signed_data= ", v_dec_ieee1609dot2_signed_data);
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
// Verify signature
v_tbs := encvalue(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData);
if (fx_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_tbs),
int2oct(0, 32),
v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
v_publicKeyCompressed,
v_compressedMode) == true) {
setverdict(pass, "Check signature succeed");
} else {
setverdict(fail, "Check signature failed");
stop;
}
// Extract InnerEcResponse
v_dec_inner_ec_response_msg := oct2bit(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData);
v_result := decvalue(v_dec_inner_ec_response_msg, v_dec_inner_ec_response);
if (v_result == 0) {
log("Decoded InnerEcResponse: ", v_dec_inner_ec_response);
setverdict(pass, "Decoded succeed");
if (match(v_dec_inner_ec_response.content.enrolmentResponse, v_inner_ec_response)) {
setverdict(pass, "Decoded match succeed");
} else {
setverdict(fail, "Decoded match failed");
stop;
}
} else {
setverdict(fail, "Decoding failed");
stop;
}
control {
execute(tc_inner_ec_request_1());
execute(tc_inner_ec_request_2());