TestCodec_Pki.ttcn 33.1 KB
Newer Older
garciay's avatar
garciay committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
/*
 * @author
 *     
 * @version
 *     1.0
 * @desc
 *     
 * @remark
 *     
 * @see
 *     
 */ 
module TestCodec_Pki {
  
  // Libcommon
  import from LibCommon_Time all;
  import from LibCommon_VerdictControl all;
  import from LibCommon_Sync all;
  import from LibCommon_BasicTypesAndValues all;
garciay's avatar
garciay committed
20
  import from LibCommon_DataStrings all;
garciay's avatar
garciay committed
21
22
23
24
25
26
  
  // LibIts
  import from IEEE1609dot2BaseTypes language "ASN.1:1997" all;
  import from IEEE1609dot2 language "ASN.1:1997" all;
  import from EtsiTs102941BaseTypes language "ASN.1:1997" all;
  import from EtsiTs102941TypesEnrolment language "ASN.1:1997" all;
Yann Garcia's avatar
Yann Garcia committed
27
28
  import from EtsiTs102941TypesAuthorization language "ASN.1:1997" all;
  import from EtsiTs102941TypesAuthorizationValidation language "ASN.1:1997" all;
29
  import from EtsiTs102941MessagesCa language "ASN.1:1997" all;
garciay's avatar
garciay committed
30
31
32
33
34
35
36
37
38
39
40
  import from EtsiTs103097Module language "ASN.1:1997" all;
  
  // LibItsCommon
  import from LibItsCommon_TypesAndValues all;
  import from LibItsCommon_TypesAndValues all;
  import from LibItsCommon_ASN1_NamedNumbers all;
  
  // LibItsSecurity
  import from LibItsSecurity_TypesAndValues all;
  import from LibItsSecurity_Templates all;
  import from LibItsSecurity_Functions all;
Yann Garcia's avatar
Yann Garcia committed
41
  import from LibItsSecurity_Pics all;
42
  import from LibItsSecurity_Pixits all;
garciay's avatar
garciay committed
43
  
garciay's avatar
garciay committed
44
45
46
47
48
  // LibItsHttp
  import from LibItsHttp_TypesAndValues all;
  import from LibItsHttp_Templates all;
  import from LibItsHttp_BinaryTemplates all;
  import from LibItsHttp_Functions all;
Yann Garcia's avatar
Yann Garcia committed
49
  import from LibItsHttp_TestSystem all;
garciay's avatar
garciay committed
50
    
garciay's avatar
garciay committed
51
  // LibItsPki
52
  import from LibItsPki_TypesAndValues all;
garciay's avatar
garciay committed
53
  import from LibItsPki_EncdecDeclarations all;
garciay's avatar
garciay committed
54
  import from LibItsPki_Templates all;
Yann Garcia's avatar
Yann Garcia committed
55
  import from LibItsPki_Functions all;
garciay's avatar
garciay committed
56
  import from LibItsPki_TestSystem all;
garciay's avatar
garciay committed
57
58
59
  
  // TestCodec
  import from TestCodec_TestAndSystem all;
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80

  testcase tc_encode_inner_ec_response_1() runs on TCType system TCType {
    var EtsiTs102941Data v_data;
    var bitstring v_response := oct2bit('01810059E6B6C01C2FE2DB06DA5263544D981D02'O);
    var integer v_result;

    v_data := valueof(m_etsiTs102941Data_inner_ec_response(m_innerEcResponse_ko('59E6B6C01C2FE2DB06DA5263544D981D'O, badcontenttype)));
    log("v_data= ", v_data);
    v_response := encvalue(v_data);
    setverdict(pass);
  }
  
  testcase tc_decode_inner_ec_response_1() runs on TCType system TCType {
    var bitstring v_response := oct2bit('01810059E6B6C01C2FE2DB06DA5263544D981D02'O);
    var EtsiTs102941Data v_data;
    var integer v_result;
    
    v_result := decvalue(v_response, v_data);
    log("v_data= ", v_data);
    setverdict(pass);
  }
garciay's avatar
garciay committed
81
82
83
84
85
  
  testcase tc_inner_ec_request_1() runs on TCType system TCType {
    var integer v_res := 0;
    var EtsiTs103097Certificate v_certificate;
    var InnerEcRequest v_innerEcRequest;
garciay's avatar
garciay committed
86
    var InnerEcRequest v_exp_innerEcReq;
garciay's avatar
garciay committed
87
88
89
    var bitstring v_exp_enc_msg := oct2bit('0004544F444F01008083A72B88B6A1ADEEBA7FC18772952F053A81BD18635EE5AB08ED1376C107B5413968831874E3808466A8C0'O);
    var bitstring v_enc_msg := oct2bit('8003008100288300000000001874e3808466a8c001018080010e80012482080301ffff0301ffff800125820a0401ffffff0401ffffff800189820a0401ffffff0401ffffff80018a820a0401ffffff0401ffffff80018b820a0401ffffff0401ffffff80018c820a0401ffffff0401ffffff00018d0001600001610001620001630001640001650001660102808083a72b88b6a1adeeba7fc18772952f053a81bd18635ee5ab08ed1376c107b541398080c0290e397381bf7502a0e6a6b271d8e2f18fc8311f591f0528a673ee5169f670e224ac455b5e67eb251cc1467f6ffc6840987c8c8eb9245c22be73322b64ca54'O); // CERT_IUT_A_RCA.oer
    var Oct32 v_private_key := 'd79ef1d533b0385463a5d15708e94ff4f0d281cccbef504acd3afbb82dc0499f'O; // CERT_IUT_A_RCA.vkey
garciay's avatar
garciay committed
90
91
92
93
94

    // Decode certificate
    v_res := decvalue(v_enc_msg, v_certificate);
    if (v_res == 0) {
      log("Decoded message: ", v_certificate);
garciay's avatar
garciay committed
95
      setverdict(pass, "Decoded certificate succeed");
garciay's avatar
garciay committed
96
    } else {
garciay's avatar
garciay committed
97
      setverdict(fail, "Decoding certificate failed");
garciay's avatar
garciay committed
98
99
100
    }

    // Create InnerEcRequest request
garciay's avatar
garciay committed
101
102
103
104
105
106
107
108
109
110
111
112
    v_innerEcRequest := valueof(m_innerEcRequest(
                                                 "TODO",
                                                 m_publicKeys(
                                                              v_certificate.toBeSigned.verifyKeyIndicator.verificationKey,
                                                              v_certificate.toBeSigned.encryptionKey
                                                              ),
                                                 m_certificateSubjectAttributes(
                                                                                v_certificate.toBeSigned.appPermissions,
                                                                                v_certificate.toBeSigned.validityPeriod,
                                                                                v_certificate.toBeSigned.region,
                                                                                v_certificate.toBeSigned.assuranceLevel
                                                 )));
garciay's avatar
garciay committed
113
    // Encode InnerEcRequest template
garciay's avatar
garciay committed
114
    log("Encode template ", v_innerEcRequest);
garciay's avatar
garciay committed
115
116
    v_enc_msg := encvalue(v_innerEcRequest);
    log("Encoded message:  ", bit2oct(v_enc_msg));
garciay's avatar
garciay committed
117
    // Check result
garciay's avatar
garciay committed
118
119
    if (not isbound(v_enc_msg)) {
      setverdict(fail, "Encoding InnerEcRequest failed!");
garciay's avatar
garciay committed
120
121
      stop;
    }
garciay's avatar
garciay committed
122
123
124
    if (not match(v_enc_msg, v_exp_enc_msg)) {
      log("Expected message: ", bit2oct(valueof(v_exp_enc_msg)));
      setverdict(fail, "Encoding InnerEcRequest failed, not the expected result!");
garciay's avatar
garciay committed
125
126
      stop;
    }
garciay's avatar
garciay committed
127
128
129
130
131
132
133
134
135
136
137
    v_res := decvalue(v_exp_enc_msg, v_exp_innerEcReq);
    if (v_res == 0) {
      log("Decoded message: ", v_certificate);
      setverdict(pass, "Decoded succeed");
      if (not match(v_innerEcRequest, v_exp_innerEcReq)) {
        log("Expected message: ", bit2oct(valueof(v_exp_enc_msg)));
        setverdict(fail, "Encoding failed, not the expected result!");
        stop;
      }
    } else {
      setverdict(fail, "Decoding failed");
garciay's avatar
garciay committed
138
139
    }
    setverdict(pass, "Encoding passed.");
garciay's avatar
garciay committed
140
  } // End of testcase tc_inner_ec_request_1
garciay's avatar
garciay committed
141
  
garciay's avatar
garciay committed
142
143
144
145
146
147
148
149
150
  testcase tc_inner_ec_request_2() runs on TCType system TCType {
    var Oct32 v_private_key;
    var Oct32 v_publicKeyX;
    var Oct32 v_publicKeyY;
    var Oct32 v_publicKeyCompressed;
    var integer v_compressedMode;
    var InnerEcRequest v_inner_ec_request;
    var Ieee1609Dot2Data v_inner_ec_request_signed_for_pop;
    var bitstring v_inner_ec_request_signed_for_pop_msg;
garciay's avatar
garciay committed
151
    var EtsiTs102941Data v_dec_inner_ec_request_signed_for_pop;
garciay's avatar
garciay committed
152
153
154
155
    var InnerEcRequest v_dec_inner_ec_request;
    var bitstring v_dec_inner_ec_request_msg;
    var bitstring v_tbs;
    var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
156
    var Ieee1609Dot2Data v_dec_ieee1609dot2_encrypted_and_signed_data;
garciay's avatar
garciay committed
157
158
    var Ieee1609Dot2Data v_dec_ieee1609dot2_signed_data;
    var bitstring v_ieee1609dot2_signed_and_encrypted_data_msg;
159
    var Oct32 v_request_hash;
160
161
162
163
    var Oct16 v_aes_sym_key;
    var Oct16 v_encrypted_sym_key;
    var Oct16 v_authentication_vector;
    var Oct12 v_nonce;
garciay's avatar
garciay committed
164
165
166
167
168
169
170
171
    var integer v_result;
    
    if (not(PICS_SEC_FIXED_KEYS)) {
      setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
      stop;
    }
    
    // Generate InnerEcRequest
Yann Garcia's avatar
Yann Garcia committed
172
    if (f_generate_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_inner_ec_request) == false) {
garciay's avatar
garciay committed
173
174
175
176
177
178
179
180
181
182
183
184
      setverdict(fail, "Failed to generate InnerEcRequest message");
      stop;
    }
    
    // Generate InnerEcRequestSignedForPoP
    if (f_generate_inner_ec_request_signed_for_pop(v_private_key, v_inner_ec_request, v_inner_ec_request_signed_for_pop) == false) {
      setverdict(fail, "Failed to setup InnerEcRequestSignedForPoP message");
      stop;
    }
    
    // Secure InnerEcRequestSignedForPoP message
    v_inner_ec_request_signed_for_pop_msg := encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop));
185
    if (f_build_pki_secured_request_message(v_private_key, valueof(m_signerIdentifier_self), int2oct(0, 8), v_publicKeyCompressed, v_compressedMode, ''O, bit2oct(v_inner_ec_request_signed_for_pop_msg), v_ieee1609dot2_signed_and_encrypted_data, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_request_hash) == false) {
garciay's avatar
garciay committed
186
187
188
189
190
191
192
193
194
195
      setverdict(fail, "Failed to secure InnerEcRequest message");
      stop;
    }
    // Encode it
    log("To be encoded message: ", v_ieee1609dot2_signed_and_encrypted_data);
    v_ieee1609dot2_signed_and_encrypted_data_msg := encvalue(v_ieee1609dot2_signed_and_encrypted_data);
    log("Encoded message: ", v_ieee1609dot2_signed_and_encrypted_data_msg);
    setverdict(pass, "Encoded succeed");
    
    // Decode encrypted InnerEcRequest
196
    v_result := decvalue(v_ieee1609dot2_signed_and_encrypted_data_msg, v_dec_ieee1609dot2_encrypted_and_signed_data);
garciay's avatar
garciay committed
197
    if (v_result == 0) {
198
      log("Decoded message: ", v_dec_ieee1609dot2_encrypted_and_signed_data);
garciay's avatar
garciay committed
199
      setverdict(pass, "Decoded succeed");
200
      if (match(v_dec_ieee1609dot2_encrypted_and_signed_data, v_ieee1609dot2_signed_and_encrypted_data)) {
garciay's avatar
garciay committed
201
202
203
204
205
206
207
208
209
210
211
        setverdict(pass, "Decoded match succeed");
      } else {
        setverdict(fail, "Decoded match failed");
        stop;
      }
    } else {
      setverdict(fail, "Decoding failed");
      stop;
    }
    
    // Decrypt InnerEcRequest
212
    f_decrypt(v_private_key, v_dec_ieee1609dot2_encrypted_and_signed_data, ''O, v_dec_ieee1609dot2_signed_data);
garciay's avatar
garciay committed
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
    log("v_dec_ieee1609dot2_signed_data= ", v_dec_ieee1609dot2_signed_data);
    
    // Verify signature
    v_tbs := encvalue(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData);
    if (fx_verifyWithEcdsaNistp256WithSha256(
                                             bit2oct(v_tbs),
                                             int2oct(0, 32),
                                             v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
                                             v_publicKeyCompressed,
                                             v_compressedMode) == true) {
      setverdict(pass, "Check signature succeed");
    } else {
      setverdict(fail, "Check signature failed");
      stop;
    }
    
    // Extract InnerEcRequestSignedForPop
    v_dec_inner_ec_request_msg := oct2bit(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData);
    v_result := decvalue(v_dec_inner_ec_request_msg, v_dec_inner_ec_request_signed_for_pop);
    if (v_result == 0) {
      log("Decoded InnerEcRequestSignedForPop: ", v_dec_inner_ec_request_signed_for_pop);
      setverdict(pass, "Decoded succeed");
    } else {
      setverdict(fail, "Decoding failed");
      stop;
    }
    // Extract InnerEcRequest
garciay's avatar
garciay committed
240
241
    log("v_dec_inner_ec_request_signed_for_pop.content.enrolmentRequest= ", v_dec_inner_ec_request_signed_for_pop.content.enrolmentRequest);
    v_dec_inner_ec_request_msg := oct2bit(v_dec_inner_ec_request_signed_for_pop.content.enrolmentRequest.content.signedData.tbsData.payload.data.content.unsecuredData);
garciay's avatar
garciay committed
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
    v_result := decvalue(v_dec_inner_ec_request_msg, v_dec_inner_ec_request);
    if (v_result == 0) {
      log("Decode InnerEcRequest: ", v_dec_inner_ec_request);
      setverdict(pass, "Decoded succeed");
      if (match(v_dec_inner_ec_request, v_inner_ec_request)) {
        setverdict(pass, "Decoded match succeed");
      } else {
        setverdict(fail, "Decoded match failed");
        stop;
      }
    } else {
      setverdict(fail, "Decoding failed");
      stop;
    }
  } // End of testcase tc_inner_ec_request_2
Yann Garcia's avatar
Yann Garcia committed
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301

  testcase tc_inner_ec_request_3() runs on TCType system TCType {
    var Ieee1609Dot2Data v_inner_ec_request_signed_for_pop := {
      protocolVersion := 3,
      content := {
      signedData := {
        hashId := sha256,
        tbsData := {
          payload := {
            data := {
              protocolVersion := 3,
              content := {
                unsecuredData := '018003810040038081830040314234434131323130313233414539303042424536433345424145374538374441323044424441423145374232454330363931433531433130323139303041410100808271C23BCD74028A92B10E77BE7D935CAB8AEDEBDFE95922AE587400C378E818247C831C1439A686000183010280000C800022C001018002026F810201C04002026F000001677DBBEBD782808015BA000FF44CAF5E68181E19E3C3085FD622AD974E79830137D95EF3731D543B4455305E244EFEDDB80B6A55B05DB67FAC782A1A75B11827154A9601BC03924A'O
              }
            },
            extDataHash := omit
          },
          headerInfo := {
            psid := 623,
            generationTime := 1544002726922,
            expiryTime := omit,
            generationLocation := omit,
            p2pcdLearningRequest := omit,
            missingCrlIdentifier := omit,
            encryptionKey := omit,
            inlineP2pcdRequest := omit,
            requestedCertificate := omit
          }
        },
        signer := {
          self_ := NULL
        },
        signature_ := {
          ecdsaNistP256Signature := {
            rSig := {
              x_only := '6694E7A01F23A569FE9C896BF4BDACE52C9972AB503FB30A41E55F33CC8156D6'O
            },
            sSig := 'A09D9D14346781B109B932FBCF9EB034299878C84F4D837BD583837DA831453D'O
          }
        }
      }
      }
    };
    var bitstring v_enc_message;
    var Oct32 v_full_request_hash;
vagrant's avatar
vagrant committed
302
303
    var Oct32 v_expected_full_request_hash := 'C36CDB7D587E5DCE2706E874DB8DCC441445E3AAE84C25CA0CEBCFC518542BFD'O;
    var Oct16 v_expected_request_hash := 'C36CDB7D587E5DCE2706E874DB8DCC44'O;
Yann Garcia's avatar
Yann Garcia committed
304
305
306
307

    v_enc_message := encvalue(v_inner_ec_request_signed_for_pop);
    v_full_request_hash := f_hashWithSha256(bit2oct(v_enc_message));
    log("v_full_request_hash= ", v_full_request_hash);
vagrant's avatar
vagrant committed
308
309
310
311
312
313
314
315
316
317
318
319
    if (not(match(v_full_request_hash, v_expected_full_request_hash))) {
      setverdict(fail, "Unexpected SHA256 value");
      stop;
    } else {
      setverdict(pass, "Expected SHA256 value");
    }
    log("request_hash= ", substr(v_full_request_hash, 0 ,16));
    if (not(match(substr(v_full_request_hash, 0 ,16), v_expected_request_hash))) {
      setverdict(fail, "Unexpected hash request value");
    } else {
      setverdict(pass, "Expected hash request value");
    }    
Yann Garcia's avatar
Yann Garcia committed
320
  } // End of testcase tc_inner_ec_request_3
garciay's avatar
garciay committed
321
322
  
  testcase tc_inner_ec_response_1() runs on TCType system TCType {
Yann Garcia's avatar
Yann Garcia committed
323
324
325
326
327
    var Oct32 v_private_key;
    var Oct32 v_publicKeyX;
    var Oct32 v_publicKeyY;
    var Oct32 v_publicKeyCompressed;
    var integer v_compressedMode;
garciay's avatar
garciay committed
328
329
330
331
332
333
    var EccP256CurvePoint v_eccPoint;
    var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
      valueof(m_appPermissions(36, { bitmapSsp := '830001'O })), 
      valueof(m_appPermissions(37, { bitmapSsp := '830001'O })) 
    };
    var template (value) EtsiTs103097Certificate v_cert;
334
335
336
337
    var EtsiTs103097Certificate v_cert_iut_a_aa;
    var Oct32 v_private_key_cert_iut_a_aa;
    var Oct8 v_hashed_id8_cert_iut_a_aa;
    var Oct32 v_whole_hash_cert_iut_a_aa;
garciay's avatar
garciay committed
338
339
340
    var bitstring v_tbs;
    var Oct32 v_sig;
    var bitstring v_enc_msg;
341
342
    var HashedId8 v_hashedid8_ec_certificate;
    var InnerAtResponse v_authorization_response;
garciay's avatar
garciay committed
343
344
    var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
    var bitstring v_ieee1609dot2_signed_and_encrypted_data_msg;
345
    var Ieee1609Dot2Data v_dec_ieee1609dot2_encrypted_and_signed_data;
346
347
    var Oct16 v_aes_sym_key := '5A4E63B247C714644E85CAC49BD26C81'O;
    var Oct12 v_nonce := 'F967E39110A13D31406A251B'O;
garciay's avatar
garciay committed
348
    var Ieee1609Dot2Data v_dec_ieee1609dot2_signed_data;
349
350
351
    var bitstring v_dec_authorization_response_msg;
    var octetstring v_plain_text;
    var EtsiTs102941Data v_dec_authorization_response;
352
    var boolean v_ret;
garciay's avatar
garciay committed
353
    var integer v_result;
garciay's avatar
garciay committed
354
    
Yann Garcia's avatar
Yann Garcia committed
355
356
357
358
    if (not(PICS_SEC_FIXED_KEYS)) {
      setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
      stop;
    }
359
360

    f_loadCertificates(PX_IUT_SEC_CONFIG_NAME);
361
362
363
364
365
    f_readCertificate("CERT_AA", v_cert_iut_a_aa);
    f_readSigningKey("CERT_AA", v_private_key_cert_iut_a_aa);
    f_getCertificateDigest("CERT_AA", v_hashed_id8_cert_iut_a_aa);
    f_getCertificateHash("CERT_AA", v_whole_hash_cert_iut_a_aa);
    
Yann Garcia's avatar
Yann Garcia committed
366
367
    f_generate_key_pair_nistp256(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode);
    
368
    // Build the AT certificate based on keys
Yann Garcia's avatar
Yann Garcia committed
369
370
    if (v_compressedMode == 0) {
      v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_0(v_publicKeyCompressed));
garciay's avatar
garciay committed
371
    } else {
Yann Garcia's avatar
Yann Garcia committed
372
      v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_1(v_publicKeyCompressed));
garciay's avatar
garciay committed
373
    }
Yann Garcia's avatar
Yann Garcia committed
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
    v_cert := m_etsiTs103097Certificate(
                                        m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(f_hashWithSha256('616263'O))),
                                        m_toBeSignedCertificate_at(
                                                                   v_appPermissions,
                                                                   m_verificationKeyIndicator_verificationKey(
                                                                                                              m_publicVerificationKey_ecdsaNistP256(
                                                                                                                                                    v_eccPoint
                                                                                                                                                    )),
                                                                   m_validityPeriod(
                                                                                    17469212,
                                                                                    m_duration_years(10)
                                                                                    ),
                                                                   m_geographicRegion_identifiedRegion(
                                                                                                       {
                                                                                                         m_identifiedRegion_country_only(12), 
                                                                                                         m_identifiedRegion_country_only(34)
                                                                                                         }
                                                                                                       )
                                                                  )
                                       );
    // Encode it ==> Get octetstring
    log("Encode template ", valueof(v_cert.toBeSigned));
    v_tbs := encvalue(v_cert.toBeSigned);
    // Sign the certificate using ECDSA/SHA-256 (NIST p-256)
398
    v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_tbs), int2oct(10, 32), v_private_key);
Yann Garcia's avatar
Yann Garcia committed
399
400
401
402
403
404
405
406
407
408
    v_cert.signature_ := m_signature_ecdsaNistP256(
                                                   m_ecdsaP256Signature(
                                                                        m_eccP256CurvePoint_x_only(
                                                                                                   substr(v_sig, 0, 32)
                                                                                                   ),
                                                                        substr(v_sig, 32, 32)
                                                                        )
                                                   );
    log("v_cert= ", v_cert);
    
409
    // Calculate the whole-hashedid8 of the AA certificate
410
    v_tbs := encvalue(v_cert);
411
412
    v_hashedid8_ec_certificate := f_HashedId8FromSha256(f_hashWithSha256(bit2oct(v_tbs)));
    log("v_hashedid8_ec_certificate= ", v_hashedid8_ec_certificate);
413
    
414
415
416
    // Create InnerAtResponse message
    f_generate_inner_at_response(
                                 '10ED97A2F2933DD3AC55F47022D125E18F5E1AA024613E616A75BA4979EFE318'O,
garciay's avatar
garciay committed
417
                                 valueof(v_cert),
418
                                 v_authorization_response
garciay's avatar
garciay committed
419
420
                                 );
    // Build secured PKI message
421
422
    v_enc_msg := encvalue(m_etsiTs102941Data_authorization_response(v_authorization_response));
    v_ret := f_build_pki_secured_response_message(v_private_key_cert_iut_a_aa, valueof(m_signerIdentifier_digest(v_hashed_id8_cert_iut_a_aa)), bit2oct(v_enc_msg), v_aes_sym_key, v_nonce, v_ieee1609dot2_signed_and_encrypted_data);
423
    if (v_ret == false) {
garciay's avatar
garciay committed
424
      setverdict(fail, "Failed to secure InnerEcResponse message");
garciay's avatar
garciay committed
425
426
      stop;
    }
garciay's avatar
garciay committed
427
428
429
430
431
432
    // Encode it
    log("To be encoded message: ", v_ieee1609dot2_signed_and_encrypted_data);
    v_ieee1609dot2_signed_and_encrypted_data_msg := encvalue(v_ieee1609dot2_signed_and_encrypted_data);
    log("Encoded message: ", v_ieee1609dot2_signed_and_encrypted_data_msg);
    setverdict(pass, "Encoded succeed");
    
garciay's avatar
garciay committed
433
    // Decode encrypted InnerEcResponse
434
    v_result := decvalue(v_ieee1609dot2_signed_and_encrypted_data_msg, v_dec_ieee1609dot2_encrypted_and_signed_data);
garciay's avatar
garciay committed
435
    if (v_result == 0) {
436
      log("Decoded message: ", v_dec_ieee1609dot2_encrypted_and_signed_data);
garciay's avatar
garciay committed
437
      setverdict(pass, "Decoded succeed");
438
      if (match(v_dec_ieee1609dot2_encrypted_and_signed_data, v_ieee1609dot2_signed_and_encrypted_data)) {
garciay's avatar
garciay committed
439
440
441
442
443
444
445
446
447
448
        setverdict(pass, "Decoded match succeed");
      } else {
        setverdict(fail, "Decoded match failed");
        stop;
      }
    } else {
      setverdict(fail, "Decoding failed");
      stop;
    }
    
449
450
451
452
    // Decrypt AuthorizationRequestResponse
    v_plain_text := fx_decrypt_aes_128_ccm_test(v_aes_sym_key, v_dec_ieee1609dot2_encrypted_and_signed_data.content.encryptedData.ciphertext.aes128ccm.nonce, v_dec_ieee1609dot2_encrypted_and_signed_data.content.encryptedData.ciphertext.aes128ccm.ccmCiphertext);
    v_dec_authorization_response_msg := oct2bit(v_plain_text);
    v_result := decvalue(v_dec_authorization_response_msg, v_dec_ieee1609dot2_signed_data);
garciay's avatar
garciay committed
453
    if (v_result == 0) {
454
455
456
457
458
459
460
461
462
463
464
      log("v_dec_ieee1609dot2_signed_data= ", v_dec_ieee1609dot2_signed_data);
    
      // Verify signature
      v_tbs := encvalue(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData);
      if (ischosen(v_cert_iut_a_aa.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0)) {
        v_ret := f_verifyWithEcdsaNistp256WithSha256(
                                                     bit2oct(v_tbs),
                                                     v_whole_hash_cert_iut_a_aa,
                                                     v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
                                                     v_cert_iut_a_aa.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0,
                                                     0);
garciay's avatar
garciay committed
465
      } else {
466
467
468
469
470
471
        v_ret := f_verifyWithEcdsaNistp256WithSha256(
                                                     bit2oct(v_tbs),
                                                     v_whole_hash_cert_iut_a_aa,
                                                     v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
                                                     v_cert_iut_a_aa.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_1,
                                                     1);
garciay's avatar
garciay committed
472
      }
473
474
      if (v_ret == true) {
        setverdict(pass, "Check signature succeed");
475
      } else {
476
        setverdict(fail, "Check signature failed");
477
478
        stop;
      }
479
480
481
482
483
484
485
486
487
488
489
490
491
      
      // Extract AuthorizationValidationResponse
      v_dec_authorization_response_msg := oct2bit(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData);
      v_result := decvalue(v_dec_authorization_response_msg, v_dec_authorization_response);
      if (v_result == 0) {
        log("Decoded authorization_validation_response: ", v_dec_authorization_response);
        setverdict(pass, "Decoded succeed");
        if (match(v_dec_authorization_response.content.authorizationResponse, v_authorization_response)) {
          setverdict(pass, "Decoded match succeed");
        } else {
          setverdict(fail, "Decoded match failed");
          stop;
        }
492
      } else {
493
        setverdict(fail, "Decoding failed");
494
495
496
497
498
499
        stop;
      }
    } else {
      setverdict(fail, "Decoding failed");
      stop;
    }
500
  } // End of testcase tc_inner_ec_response_1
501

502
  testcase tc_inner_ec_functions_1() runs on TCType system TCType {
Yann Garcia's avatar
Yann Garcia committed
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
    var Oct32 v_private_key;
    var Oct32 v_publicKeyCompressed;
    var integer v_compressedMode;
    var InnerEcRequest v_inner_ec_request;
    var boolean v_ret := false;
    
    if (not(PICS_SEC_FIXED_KEYS)) {
      setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
      stop;
    }

    f_loadCertificates(PX_IUT_SEC_CONFIG_NAME);
    
    v_ret := f_generate_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_inner_ec_request);
    if (v_ret == true) {
      setverdict(pass);
    } else {
      setverdict(fail);
    }
  } // End of testcase tc_inner_ec_functions_1
  
  testcase tc_inner_ec_functions_2() runs on TCType system TCType {
525
526
527
528
529
530
531
532
533
534
    var Oct32 v_private_key;
    var Oct32 v_publicKeyX;
    var Oct32 v_publicKeyY;
    var Oct32 v_publicKeyCompressed;
    var integer v_compressedMode;
    var EccP256CurvePoint v_eccPoint;
    var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
      valueof(m_appPermissions(36, { bitmapSsp := '830001'O })), 
      valueof(m_appPermissions(37, { bitmapSsp := '830001'O })) 
    };
Yann Garcia's avatar
Yann Garcia committed
535
536
537
538
539
540
541
542
543
544
545
    var template (value) EtsiTs103097Certificate v_cert;
    var EtsiTs103097Certificate v_cert_ts_a_ea;
    var EtsiTs103097Certificate v_cert_iut_a_ea;
    var Oct32 v_private_key_cert_ts_a_ea;
    var Oct32 v_private_key_cert_iut_a_ea;
    var Oct32 v_private_enc_key_cert_ts_a_ea;
    var Oct32 v_private_enc_key_cert_iut_a_ea;
    var Oct8 v_hashed_id8_cert_ts_a_ea;
    var Oct8 v_hashed_id8_cert_iut_a_ea;
    var Oct32 v_whole_hash_cert_ts_a_ea;
    var Oct32 v_whole_hash_cert_iut_a_ea;
546
    var InnerEcRequest v_inner_ec_request;
Yann Garcia's avatar
Yann Garcia committed
547
    var Certificate v_ec_certificate;
548
549
550
551
552
553
554
555
    var boolean v_ret := false;
    
    if (not(PICS_SEC_FIXED_KEYS)) {
      setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
      stop;
    }

    f_loadCertificates(PX_IUT_SEC_CONFIG_NAME);
Yann Garcia's avatar
Yann Garcia committed
556
557
558
559
560
561
562
563
564
565
    f_readCertificate("CERT_TS_A_EA", v_cert_ts_a_ea);
    f_readCertificate("CERT_IUT_A_EA", v_cert_iut_a_ea);
    f_readSigningKey("CERT_TS_A_EA", v_private_key_cert_ts_a_ea);
    f_readSigningKey("CERT_IUT_A_EA", v_private_key_cert_iut_a_ea);
    f_readEncryptingKey("CERT_TS_A_EA", v_private_enc_key_cert_ts_a_ea);
    f_readEncryptingKey("CERT_IUT_A_EA", v_private_enc_key_cert_iut_a_ea);
    f_getCertificateDigest("CERT_TS_A_EA", v_hashed_id8_cert_ts_a_ea);
    f_getCertificateDigest("CERT_IUT_A_EA", v_hashed_id8_cert_iut_a_ea);
    f_getCertificateHash("CERT_TS_A_EA", v_whole_hash_cert_ts_a_ea);
    f_getCertificateHash("CERT_IUT_A_EA", v_whole_hash_cert_iut_a_ea);
566
    
Yann Garcia's avatar
Yann Garcia committed
567
    v_ret := f_generate_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_inner_ec_request);
568
569
570
    if (v_ret == true) {
      setverdict(pass);
    } else {
Yann Garcia's avatar
Yann Garcia committed
571
572
      setverdict(fail, "f_generate_inner_ec_request");
      stop;
573
    }
Yann Garcia's avatar
Yann Garcia committed
574
575
576
577
578
579
580
581
    v_ret := f_generate_ec_certificate(v_private_key, v_inner_ec_request, v_ec_certificate);
    if (v_ret == true) {
      setverdict(pass);
    } else {
      setverdict(fail, "f_generate_ec_certificate");
      stop;
    }
  } // End of testcase tc_inner_ec_functions_2
582
  
Yann Garcia's avatar
Yann Garcia committed
583
  testcase tc_inner_ec_functions_3() runs on TCType system TCType {
584
585
586
587
    var Oct32 v_private_key;
    var Oct32 v_publicKeyX;
    var Oct32 v_publicKeyY;
    var Oct32 v_publicKeyCompressed;
Yann Garcia's avatar
Yann Garcia committed
588
589
    var Oct32 v_private_enc_key;
    var Oct32 v_publicEncKeyCompressed;
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
    var integer v_compressedMode;
    var EccP256CurvePoint v_eccPoint;
    var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
      valueof(m_appPermissions(36, { bitmapSsp := '830001'O })), 
      valueof(m_appPermissions(37, { bitmapSsp := '830001'O })) 
    };
    var template (value) EtsiTs103097Certificate v_cert;
    var EtsiTs103097Certificate v_cert_ts_a_ea;
    var EtsiTs103097Certificate v_cert_iut_a_ea;
    var Oct32 v_private_key_cert_ts_a_ea;
    var Oct32 v_private_key_cert_iut_a_ea;
    var Oct32 v_private_enc_key_cert_ts_a_ea;
    var Oct32 v_private_enc_key_cert_iut_a_ea;
    var Oct8 v_hashed_id8_cert_ts_a_ea;
    var Oct8 v_hashed_id8_cert_iut_a_ea;
    var Oct32 v_whole_hash_cert_ts_a_ea;
    var Oct32 v_whole_hash_cert_iut_a_ea;
    var InnerEcRequest v_inner_ec_request;
Yann Garcia's avatar
Yann Garcia committed
608
609
610
    var Certificate v_ec_certificate;
    var InnerAtRequest v_inner_at_request;
    var Ieee1609Dot2Data v_inner_at_request_data;
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
    var boolean v_ret := false;
    
    if (not(PICS_SEC_FIXED_KEYS)) {
      setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
      stop;
    }

    f_loadCertificates(PX_IUT_SEC_CONFIG_NAME);
    f_readCertificate("CERT_TS_A_EA", v_cert_ts_a_ea);
    f_readCertificate("CERT_IUT_A_EA", v_cert_iut_a_ea);
    f_readSigningKey("CERT_TS_A_EA", v_private_key_cert_ts_a_ea);
    f_readSigningKey("CERT_IUT_A_EA", v_private_key_cert_iut_a_ea);
    f_readEncryptingKey("CERT_TS_A_EA", v_private_enc_key_cert_ts_a_ea);
    f_readEncryptingKey("CERT_IUT_A_EA", v_private_enc_key_cert_iut_a_ea);
    f_getCertificateDigest("CERT_TS_A_EA", v_hashed_id8_cert_ts_a_ea);
    f_getCertificateDigest("CERT_IUT_A_EA", v_hashed_id8_cert_iut_a_ea);
    f_getCertificateHash("CERT_TS_A_EA", v_whole_hash_cert_ts_a_ea);
    f_getCertificateHash("CERT_IUT_A_EA", v_whole_hash_cert_iut_a_ea);
    
Yann Garcia's avatar
Yann Garcia committed
630
    v_ret := f_generate_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_inner_ec_request);
631
632
633
    if (v_ret == true) {
      setverdict(pass);
    } else {
Yann Garcia's avatar
Yann Garcia committed
634
635
      setverdict(fail, "f_generate_inner_ec_request");
      stop;
636
    }
Yann Garcia's avatar
Yann Garcia committed
637
638
639
640
641
642
643
    v_ret := f_generate_ec_certificate(v_private_key, v_inner_ec_request, v_ec_certificate);
    if (v_ret == true) {
      setverdict(pass);
    } else {
      setverdict(fail, "f_generate_ec_certificate");
      stop;
    }
644
    v_ret := false;//f_generate_inner_at_request(v_cert_iut_a_ea, v_hashed_id8_cert_iut_a_ea, v_ec_certificate, v_private_key, v_public_key_x, v_public_key_y, p_compressedMode, p_private_enc_key, v_publicEncKeyCompressed, v_compressedMode, v_inner_at_request);
Yann Garcia's avatar
Yann Garcia committed
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
    if (v_ret == true) {
      setverdict(pass);
    } else {
      setverdict(fail, "f_generate_inner_at_request");
      stop;
    }
  } // End of testcase tc_inner_ec_functions_3
  
  testcase tc_inner_ec_functions_4() runs on TCType system TCType {
    var Oct32 v_private_key;
    var Oct32 v_publicKeyCompressed;
    var Oct32 v_private_enc_key;
    var Oct32 v_publicEncKeyCompressed;
    var integer v_compressedMode;
    var EccP256CurvePoint v_eccPoint;
    var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
      valueof(m_appPermissions(36, { bitmapSsp := '830001'O })), 
      valueof(m_appPermissions(37, { bitmapSsp := '830001'O })) 
    };
    var template (value) EtsiTs103097Certificate v_cert;
    var EtsiTs103097Certificate v_cert_ts_a_ea;
    var EtsiTs103097Certificate v_cert_iut_a_ea;
    var Oct32 v_private_key_cert_ts_a_ea;
    var Oct32 v_private_key_cert_iut_a_ea;
    var Oct32 v_private_enc_key_cert_ts_a_ea;
    var Oct32 v_private_enc_key_cert_iut_a_ea;
    var Oct8 v_hashed_id8_cert_ts_a_ea;
    var Oct8 v_hashed_id8_cert_iut_a_ea;
    var Oct32 v_whole_hash_cert_ts_a_ea;
    var Oct32 v_whole_hash_cert_iut_a_ea;
    var AuthorizationValidationRequest v_authorization_validation_request;
    var boolean v_ret := false;
    
    if (not(PICS_SEC_FIXED_KEYS)) {
      setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
      stop;
    }

    f_loadCertificates(PX_IUT_SEC_CONFIG_NAME);
    f_readCertificate("CERT_TS_A_EA", v_cert_ts_a_ea);
    f_readCertificate("CERT_IUT_A_EA", v_cert_iut_a_ea);
    f_readSigningKey("CERT_TS_A_EA", v_private_key_cert_ts_a_ea);
    f_readSigningKey("CERT_IUT_A_EA", v_private_key_cert_iut_a_ea);
    f_readEncryptingKey("CERT_TS_A_EA", v_private_enc_key_cert_ts_a_ea);
    f_readEncryptingKey("CERT_IUT_A_EA", v_private_enc_key_cert_iut_a_ea);
    f_getCertificateDigest("CERT_TS_A_EA", v_hashed_id8_cert_ts_a_ea);
    f_getCertificateDigest("CERT_IUT_A_EA", v_hashed_id8_cert_iut_a_ea);
    f_getCertificateHash("CERT_TS_A_EA", v_whole_hash_cert_ts_a_ea);
    f_getCertificateHash("CERT_IUT_A_EA", v_whole_hash_cert_iut_a_ea);
    
695
  v_ret := false; //f_generate_authorization_validation_request(v_cert_ts_a_ea, v_hashed_id8_cert_ts_a_ea, v_private_key, v_publicKeyCompressed, v_compressedMode, v_authorization_validation_request);
Yann Garcia's avatar
Yann Garcia committed
696
697
698
699
700
701
702
    if (v_ret == true) {
      setverdict(pass);
    } else {
      setverdict(fail, "f_generate_authorization_validation_request");
      stop;
    }
  } // End of testcase tc_inner_ec_functions_4
garciay's avatar
garciay committed
703
704
705
706
707
  
  control {
    execute(tc_inner_ec_request_1());
    execute(tc_inner_ec_request_2());
    execute(tc_inner_ec_response_1());
708
    execute(tc_inner_ec_functions_1());
Yann Garcia's avatar
Yann Garcia committed
709
710
711
    execute(tc_inner_ec_functions_2());
    execute(tc_inner_ec_functions_3());
    execute(tc_inner_ec_functions_4());
garciay's avatar
garciay committed
712
713
714
  }
  
} // End of module TestCodec_Pki