Skip to content
GitLab
Find file Normal viewHistoryPermalink
test_LibItsSecurity_TypesAndValues.ttcn3 62.2 KB
Newer Older
berge's avatar
Merged branches/Security/unittests (r1488-1820) to trunk.
berge committed
1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 
            } // End of testcase tc_Certificate_02
            
            testcase tc_Certificate_03() runs on TCType system TCType {
                test_decodePDU<Certificate>(
                    mw_certificate_dummy,
                m_aaCertificate
                );
            } // End of testcase tc_Certificate_03
            
            testcase tc_Certificate_04() runs on TCType system TCType {
                test_decodePDU<Certificate>(
                    mw_certificate_dummy,
                m_atCertificate
                );
            } // End of testcase tc_Certificate_04
            
            testcase tc_Certificate_05() runs on TCType system TCType {
                var Certificate v_ca;
                var Certificate v_aa;
                var Certificate v_at;
                var bitstring v_encMsg;
                var integer v_res;
                var HashedId8 v_hashedId8;
                var HashedId3 v_hashedId3;
                
                // AT certificate
                v_res := decvalue(oct2bit(m_atCertificate), v_at);
                if (v_res != 0) {
                    setverdict(fail, "Decoding failed.");
                    stop;
                }
                // AA certificate
                v_res := decvalue(oct2bit(m_aaCertificate), v_aa);
                if (v_res != 0) {
                    setverdict(fail, "Decoding failed.");
                    stop;
                }
                // CA certificate
                v_res := decvalue(oct2bit(m_rootCertificate), v_ca);
                if (v_res != 0) {
                    setverdict(fail, "Decoding failed.");
                    stop;
                }
                
                // AT-AA certificates
                v_hashedId8 := f_calculateDigestFromCertificate(v_aa);
                if (v_hashedId8 != v_at.signer_info.signerInfo.digest) {
                    setverdict(fail, "Digest does not match.");
                    stop;
                } else {
                    setverdict(pass, "Digest match.");
                }
                if (substr(v_hashedId8, lengthof(v_hashedId8) - 3, 3) != f_HashedId3FromHashedId8(v_at.signer_info.signerInfo.digest)) {
                    setverdict(fail, "HashedId3 digest does not match.");
                    stop;
                } else {
                    setverdict(pass, "HashedId3 digest match.");
                }
                
                // AA-CA certificate
                v_hashedId8 := f_calculateDigestFromCertificate(v_ca);
                log("ca v_hashedId8=", v_hashedId8);
                log("aa digest=", v_aa.signer_info.signerInfo.digest);
                if (v_hashedId8 != v_aa.signer_info.signerInfo.digest) {
                    setverdict(fail, "Digest does not match.");
                    stop;
                } else {
                    setverdict(pass, "Digest match.");
                }
                if (substr(v_hashedId8, lengthof(v_hashedId8) - 3, 3) != f_HashedId3FromHashedId8(v_aa.signer_info.signerInfo.digest)) {
                    setverdict(fail, "HashedId3 digest does not match.");
                    stop;
                } else {
                    setverdict(pass, "HashedId3 digest match.");
                }
                
                // CA-CA certificate
                v_hashedId8 := f_calculateDigestFromCertificate(v_ca);
                if (v_hashedId8 != '6DA94961BA3E2881'O) {
                    setverdict(fail, "Digest does not match.");
                    stop;
                } else {
                    setverdict(pass, "Digest match.");
                }
                if (substr(v_hashedId8, lengthof(v_hashedId8) - 3, 3) != f_HashedId3FromHashedId8('6DA94961BA3E2881'O)) {
                    setverdict(fail, "HashedId3 digest does not match.");
                    stop;
                } else {
                    setverdict(pass, "HashedId3 digest match.");
                }
                
                setverdict(pass, "All Digests match.");
            } // End of testcase tc_Certificate_05
            
            testcase tc_Certificate_06() runs on TCType system TCType {
                const octetstring c_rootCertificate := '02000412455453495F506C7567746573745F526F6F748091000004D901D55569384486DD3304FCFD89A970011A66A5F18BC2BB1D492E2BF19B56C3EEEAE3795D67E398081AD6A7E276147F97902C87811B565E302928141AF3EF61010100043B3D45D5DB2F9540BA3EB2644F5920DCB365FDA9F572817DC1FE1EBBB54CD8B51CFF642167EB4492F953655F80007E51569369F3A95EC045CF4D4743E80E1C6602202006C04080C0408124011464B4031A5617030303181DB9CF7C052616001DB9566E0526872A1D53F0D0052783500000FEEBD0AEC2ACB4C20553000190C8874894239446A6949C5421D67C297EC8D2E1DCB4316C5E01B59D6965AE7007F6694821498215D1FB4D3A48BB56F6C21F4D85'O;
                const octetstring c_aaCertificate := '0201BCEC64124B3681F70210455453495F506C7567746573745F41418091000004B47B1576C9752B022B81CC89319D1F60F833F5F8CBF47EC8DC1E5557E5628BAEDD779C0CBD524911A21EDD6DEAE510BBA782D0F023D4A0AC6FCC239BF8CF0A98010100046EE4A2877E59CE258EDDEEA154F9491D6894E13D491128E1BF414CBE66E43EBD6EE4A2877E59CE258EDDEEA154F9491D6894E13D491128E1BF414CBE66E43EBD02202006C04080C0408124011464B4031A5617030303181DB9CF7C052616001DB9566E0526872A1D53F0D005278350000001F386CA0B4B468A83154547AF33ED3B62B706B3A2F39AA00F00C55C13056CC5C6D037B0E51BB41DBC2B6A999CF04012FE34D3C12E32B8AACCF43F690B6613D4'O;
                const octetstring c_atCertificate := '02016280AF8B397B202A01008095000004AD05720B46FD03AD21544B3F05924E45924F3D2D82C63259B3646309D00A40705B8A36BAA5E14172E38BDE9E1E974130D042A996B90E5BAE6765665452A17A65010100042EF8A6DD5E650B7A31A628B471380E1C2D73E1A33586D08590F667D95123F53CEE26883D1B3C066A388D43DA5A9396FB75C73309A0D50D0A6BF43C315ED42B9E0220210AC040800100C04081010024011464B4031A5617030303181DB9CF7C052616001DB9566E0526872A1D53F0D005278350000049EC38CE35F28DE07D3CC922C6DED74EF8514F422D076C0282E8BDFB95564A6C885BE5C7259AC3EAB497D6D9BB7EB4FA84005616A4E0FE4374513F1A9CFD55B7'O;
                
                var Certificate v_ca;
                var Certificate v_aa;
                var Certificate v_at;
                var bitstring v_encMsg;
                var integer v_res;
                var HashedId8 v_hashedId8;
                var HashedId3 v_hashedId3;
berge's avatar
Merged revision(s) 1840-1916 from branches/Security  
berge committed
1107 
                var boolean isSignatureOk;
berge's avatar
Merged branches/Security/unittests (r1488-1820) to trunk.
berge committed
1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 
                
                // AT certificate
                v_res := decvalue(oct2bit(c_atCertificate), v_at);
                if (v_res != 0) {
                    setverdict(fail, "Decoding failed.");
                    stop;
                }
                // AA certificate
                v_res := decvalue(oct2bit(c_aaCertificate), v_aa);
                if (v_res != 0) {
                    setverdict(fail, "Decoding failed.");
                    stop;
                }
                // CA certificate
                v_res := decvalue(oct2bit(c_rootCertificate), v_ca);
                if (v_res != 0) {
                    setverdict(fail, "Decoding failed.");
                    stop;
                }
                
                // AT-AA certificates
                v_hashedId8 := f_calculateDigestFromCertificate(v_aa);
                if (v_hashedId8 != v_at.signer_info.signerInfo.digest) {
                    setverdict(fail, "Digest does not match.");
                    stop;
                } else {
                    setverdict(pass, "Digest match.");
                }
                if (substr(v_hashedId8, lengthof(v_hashedId8) - 3, 3) != f_HashedId3FromHashedId8(v_at.signer_info.signerInfo.digest)) {
                    setverdict(fail, "HashedId3 digest does not match.");
                    stop;
                } else {
                    setverdict(pass, "HashedId3 digest match.");
                }
berge's avatar
Merged revision(s) 1840-1916 from branches/Security  
berge committed
1142 1143 1144 1145 1146 
                isSignatureOk := f_verifyCertificateSignatureWithIssuingCertificate(
                    v_at,
                    v_aa
                );
                log("Signature AA/AT: ", isSignatureOk);
berge's avatar
Merged branches/Security/unittests (r1488-1820) to trunk.
berge committed
1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 
                
                // AA-CA certificate
                v_hashedId8 := f_calculateDigestFromCertificate(v_ca);
                if (v_hashedId8 != v_aa.signer_info.signerInfo.digest) {
                    setverdict(fail, "Digest does not match.");
                    stop;
                } else {
                    setverdict(pass, "Digest match.");
                }
                if (substr(v_hashedId8, lengthof(v_hashedId8) - 3, 3) != f_HashedId3FromHashedId8(v_aa.signer_info.signerInfo.digest)) {
                    setverdict(fail, "HashedId3 digest does not match.");
                    stop;
                } else {
                    setverdict(pass, "HashedId3 digest match.");
                }
                
                // CA-CA certificate
                v_hashedId8 := f_calculateDigestFromCertificate(v_ca);
                if (v_hashedId8 != 'bcec64124b3681f7'O) {
                    setverdict(fail, "Digest does not match.");
                    stop;
                } else {
                    setverdict(pass, "Digest match.");
                }
                if (substr(v_hashedId8, lengthof(v_hashedId8) - 3, 3) != f_HashedId3FromHashedId8('bcec64124b3681f7'O)) {
                    setverdict(fail, "HashedId3 digest does not match.");
                    stop;
                } else {
                    setverdict(pass, "HashedId3 digest match.");
                }
                
                setverdict(pass, "All Digests match.");
            } // End of testcase tc_Certificate_06
berge's avatar
Merged revision(s) 1840-1916 from branches/Security  
berge committed
1181 1182 1183 1184 1185 
            /**
             * Test certificate from Denis tool
             * @desc 
             * @verdict 
             */
berge's avatar
Merged branches/Security/unittests (r1488-1820) to trunk.
berge committed
1186 
            testcase tc_Certificate_07() runs on TCType system TCType {
berge's avatar
Merged revision(s) 1840-1916 from branches/Security  
berge committed
1187 1188 1189 
                const octetstring c_rootCertificate := '020004004B000004966296BF6D47B5ED66DB32605D1074BCBAC97B5A73FE0D4413F6A1818D6D7E9A966296BF6D47B5ED66DB32605D1074BCBAC97B5A73FE0D4413F6A1818D6D7E9A02E02004865F866009014A9618814C774C0100004337D4953FCEBC99FD481A103514CE23B0E85511D2FC55B8CF98941A5436843ACA9B85949F2DF85F9D4D3E8A150EAB3D5004DF0B3DE3972216328615E5A7F816'O;
                const octetstring c_aaCertificate := '0201e76042b201a5435502004b000004b80fbbf4b87fdc12ebd7f3dcb689ec1bd2f2ab4c76c158ae7cf5cefbd5a65bb8b80fbbf4b87fdc12ebd7f3dcb689ec1bd2f2ab4c76c158ae7cf5cefbd5a65bb802e02004865f866015014a9618814c774c01030119ff697804342dd62710000016852db5022a8799bfe0bd9b0226c87a83e3df70557e27b759119550d5273674b42a7e5586af5d61098dabc7785ac3b4189bad28a9fa7f430824fcd0f464b548'O;
                const octetstring c_atCertificate := '02012a83ff49822ac92d01004b000004b7e7eab1eb9046831e9b0e868aefb6475b0a6ee8bcd7eadbcb80883f53ae1c51b7e7eab1eb9046831e9b0e868aefb6475b0a6ee8bcd7eadbcb80883f53ae1c5102802104865f010015014a9618814c774c01030119ff697804342dd627100000bcb445ceccdea6b38f196aaab2050d300b966a884a4ac653984b4a3104fbb97cab0d808608cafbb22753d90b0cce256f46830075b6653e973fd56daf99bc4535'O;
berge's avatar
Merged branches/Security/unittests (r1488-1820) to trunk.
berge committed
1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227 1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 
                
                var Certificate v_ca;
                var Certificate v_aa;
                var Certificate v_at;
                var bitstring v_encMsg;
                var integer v_res;
                var HashedId8 v_hashedId8;
                var HashedId3 v_hashedId3;
                
                // AT certificate
                v_res := decvalue(oct2bit(c_atCertificate), v_at);
                if (v_res != 0) {
                    setverdict(fail, "Decoding failed.");
                    stop;
                }
                v_hashedId8 := f_calculateDigestFromCertificate(v_at);
                log("AT hashedId8=", v_hashedId8);
                // AA certificate
                v_res := decvalue(oct2bit(c_aaCertificate), v_aa);
                if (v_res != 0) {
                    setverdict(fail, "Decoding failed.");
                    stop;
                }
                // CA certificate
                v_res := decvalue(oct2bit(c_rootCertificate), v_ca);
                if (v_res != 0) {
                    setverdict(fail, "Decoding failed.");
                    stop;
                }
                
                // AT-AA certificates
                v_hashedId8 := f_calculateDigestFromCertificate(v_aa);
                if (v_hashedId8 != v_at.signer_info.signerInfo.digest) {
                    setverdict(fail, "Digest does not match.");
                    stop;
                } else {
                    setverdict(pass, "Digest match.");
                }
                if (substr(v_hashedId8, lengthof(v_hashedId8) - 3, 3) != f_HashedId3FromHashedId8(v_at.signer_info.signerInfo.digest)) {
                    setverdict(fail, "HashedId3 digest does not match.");
                    stop;
                } else {
                    setverdict(pass, "HashedId3 digest match.");
                }
                
                // AA-CA certificate
                v_hashedId8 := f_calculateDigestFromCertificate(v_ca);
                if (v_hashedId8 != v_aa.signer_info.signerInfo.digest) {
                    setverdict(fail, "Digest does not match.");
                    stop;
                } else {
                    setverdict(pass, "Digest match.");
                }
                if (substr(v_hashedId8, lengthof(v_hashedId8) - 3, 3) != f_HashedId3FromHashedId8(v_aa.signer_info.signerInfo.digest)) {
                    setverdict(fail, "HashedId3 digest does not match.");
                    stop;
                } else {
                    setverdict(pass, "HashedId3 digest match.");
                }
                
                // CA-CA certificate
                v_hashedId8 := f_calculateDigestFromCertificate(v_ca);
berge's avatar
Merged revision(s) 1840-1916 from branches/Security  
berge committed
1252 
                if (v_hashedId8 != 'e76042b201a54355'O) {
berge's avatar
Merged branches/Security/unittests (r1488-1820) to trunk.
berge committed
1253 1254 1255 1256 1257 
                    setverdict(fail, "Digest does not match.");
                    stop;
                } else {
                    setverdict(pass, "Digest match.");
                }
berge's avatar
Merged revision(s) 1840-1916 from branches/Security  
berge committed
1258 
                if (substr(v_hashedId8, lengthof(v_hashedId8) - 3, 3) != f_HashedId3FromHashedId8('e76042b201a54355'O)) {
berge's avatar
Merged branches/Security/unittests (r1488-1820) to trunk.
berge committed
1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 
                    setverdict(fail, "HashedId3 digest does not match.");
                    stop;
                } else {
                    setverdict(pass, "HashedId3 digest match.");
                }
                
                setverdict(pass, "All Digests match.");
            } // End of testcase tc_Certificate_07
            
            testcase tc_Certificate_V2X_Pilot_PKI_08() runs on TCType system TCType {
berge's avatar
Merged revision(s) 1840-1916 from branches/Security  
berge committed
1269 
                const octetstring c_rootCertificate := '01090183CA2168B784FC6C021050696C6F74504B495F5043415F5349548089000004732CA0163B0E3CD6DE8789FED98DE772F3D54EBFF1D44ED556B683B0D8AE837C8B1EB52F25377244298655CDCB3D3CCEA8CEDA1AA5E57920C97FEC38F2237B0B0101000412FD16EA68D73575651CD7AED08023CFDC38AEE3CCAA178D672AB30A6FE7803CAEFCF1F79A373C7D77D84AE2DD079229D50E5745CD73398FB69D902617A6AAB602E00B0105A4EC0110EC210103000000A9A8140518E0C66DED7568E103C9D3927CF83B6D4692B7FA013BE586FB6BA7A17F0DD28FE14317E2B9F141084166F24F0CBD06AB926197F5F6A39C6003640E6400'O;
berge's avatar
Merged branches/Security/unittests (r1488-1820) to trunk.
berge committed
1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315 1316 1317 
                const octetstring c_rootCertId := '83CA2168B784FC6C'O;
                const octetstring c_rootCrlCertificate := '010102b98efc434cffbe83ca2168b784fc6c000000010000002308e8352a08e8352a08faaa2a0000000058ed8b300faccc408d68408da414c251f1f922927c3bfa1d35d4cdbec5e2294e7145eb6b673153c7f2311e3ab79183850aee7395b773c628dfbd5fab283695db'O;
                
                var Certificate v_decMsg;
                var HashedId8 v_hashedId8;
                var integer v_res;
                
                // CA certificate
                v_res := decvalue(oct2bit(c_rootCertificate), v_decMsg);
                if (v_res != 0) {
                    setverdict(fail, "Decoding failed.");
                    stop;
                }
                log("v_rootCertificate: ", v_decMsg);
                v_hashedId8 := f_calculateDigestFromCertificate(v_decMsg);
                if (v_hashedId8 != c_rootCertId) {
                    setverdict(fail, "Digest does not match.");
                    stop;
                } else {
                    setverdict(pass, "Digest match.");
                }
                if (substr(v_hashedId8, lengthof(v_hashedId8) - 3, 3) != f_HashedId3FromHashedId8(c_rootCertId)) {
                    setverdict(fail, "HashedId3 digest does not match.");
                    stop;
                } else {
                    setverdict(pass, "HashedId3 digest match.");
                }
                log("v_hashedId8: ", v_hashedId8);
                
                
                // CA CRL certificate
//                v_res := decvalue(oct2bit(c_rootCrlCertificate), v_decMsg);
//                if (v_res != 0) {
//                    setverdict(fail, "Decoding failed.");
//                    stop;
//                }
//                log("c_rootCrlCertificate: ", v_decMsg);
                
                setverdict(pass, "All Digests match.");
            } // End of testcase tc_Certificate_08
            
        } // End of group certificates
        
        group profileCertificates {
            
            /**
             * @desc Verify AT certificate signature
             */
berge's avatar
Merged revision(s) 1840-1916 from branches/Security  
berge committed
1318 
            testcase tc_profileCertificates_01() runs on TCType system TCType {
berge's avatar
Merged branches/Security/unittests (r1488-1820) to trunk.
berge committed
1319 1320 1321 1322 
                var boolean v_result;
                
                f_loadCertificates("cfg01");
berge's avatar
Merged revision(s) 1840-1916 from branches/Security  
berge committed
1323 1324 1325 
                log (vc_aaCertificate);
                log (vc_atCertificate);
berge's avatar
Merged branches/Security/unittests (r1488-1820) to trunk.
berge committed
1326 1327 1328 1329 1330 1331 1332 1333 1334 1335 1336 
                v_result := f_verifyCertificateSignatureWithIssuingCertificate(
                    vc_atCertificate,
                    vc_aaCertificate
                );
                
                if (v_result == true) {
                    setverdict(pass, "Certificate verification match");
                } else {
                    setverdict(fail, "Certificate verification mismatch");
                }
berge's avatar
Merged revision(s) 1840-1916 from branches/Security  
berge committed
1337 
            } // End of testcase tc_profileCertificates_01
berge's avatar
Merged branches/Security/unittests (r1488-1820) to trunk.
berge committed
1338 1339 1340 1341 1342 1343 
            
        } // End of group profileCertificates
        
    } // End of group test_LibItsSecurity_TypesAndValues 
    
} // End of module test_LibItsSecurity_TypesAndValues
Show full blame