Newer
Older
/*
* @author
*
* @version
* 1.0
* @desc
*
* @remark
*
* @see
*
*/
module TestCodec_Certificates {
// LibCommon
import from LibCommon_BasicTypesAndValues all;
import from LibCommon_DataStrings all;
// LibIts
import from IEEE1609dot2BaseTypes language "ASN.1:1997" all;
import from IEEE1609dot2 language "ASN.1:1997" all;
import from EtsiTs103097Module language "ASN.1:1997" all;
// LibItsSecurity
import from LibItsSecurity_EncdecDeclarations all;
// TestCodec
import from TestCodec_TestAndSystem all;
template (value) EtsiTs103097Certificate m_etsiTs103097Certificate(
in template (value) IssuerIdentifier p_issuer,
in template (value) ToBeSignedCertificate p_toBeSigned
) := {
version := 3,
type_ := explicit,
issuer := p_issuer,
toBeSigned := p_toBeSigned,
signature_ := omit
} // End of template m_etsiTs103097Certificate
template (value) IssuerIdentifier m_issuerIdentifier_self(
in template (value) HashAlgorithm p_self
) := {
self_ := p_self
} // End of template m_issuerIdentifier_self
template (value) IssuerIdentifier m_issuerIdentifier_sha256AndDigest(
in template (value) HashedId8 p_sha256AndDigest
) := {
sha256AndDigest := p_sha256AndDigest
} // End of template m_issuerIdentifier_sha256AndDigest
template (value) IssuerIdentifier m_issuerIdentifier_sha384AndDigest(
in template (value) HashedId8 p_sha384AndDigest
) := {
sha384AndDigest := p_sha384AndDigest
} // End of template m_issuerIdentifier_sha384AndDigest
template (omit) ToBeSignedCertificate m_toBeSignedCertificate(
in template (value) CertificateId p_id,
in template (value) HashedId3 p_cracaId,
in template (value) CrlSeries p_crlSeries,
in template (value) SequenceOfPsidSsp p_appPermissions,
in template (value) SequenceOfPsidGroupPermissions p_certIssuePermissions,
in template (value) SequenceOfPsidGroupPermissions p_certRequestPermissions,
in template (value) VerificationKeyIndicator p_verifyKeyIndicator,
in template (omit) ValidityPeriod p_validityPeriod := omit,
in template (omit) GeographicRegion p_region := omit,
in template (omit) SubjectAssurance p_assuranceLevel := omit,
in template (omit) PublicEncryptionKey p_encryptionKey := omit
) := {
id := p_id,
cracaId := p_cracaId,
crlSeries := p_crlSeries,
validityPeriod := p_validityPeriod,
region := p_region,
assuranceLevel := p_assuranceLevel,
appPermissions := p_appPermissions,
certIssuePermissions := p_certIssuePermissions,
certRequestPermissions := p_certRequestPermissions,
canRequestRollover := omit,
encryptionKey := p_encryptionKey,
verifyKeyIndicator := p_verifyKeyIndicator
} // End of template m_toBeSignedCertificate
template (value) ValidityPeriod m_validity_period(
in Time32 p_start_,
in Duration p_duration
) := {
start_ := p_start_,
duration := p_duration
} // End of template m_validity_period
template (omit) PsidSsp m_appPermissions(
in template (value) Psid p_psid,
in template (omit) ServiceSpecificPermissions p_ssp := omit
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
template (omit) PsidSspRange m_psidSspRange(
in Psid p_psid,
in template (omit) SspRange p_sspRange := omit
) := {
psid := p_psid,
sspRange := p_sspRange
} // End of template m_psidSspRange
template (value) PsidGroupPermissions m_PsidGroupPermissions(
in template (value) SubjectPermissions p_subjectPermissions,
in integer p_minChainLength := 1,
in integer p_chainLengthRange := 0,
in EndEntityType p_eeType := oct2bit('00'O)
) := {
subjectPermissions := p_subjectPermissions,
minChainLength := p_minChainLength,
chainLengthRange := p_chainLengthRange,
eeType := p_eeType
} // End of template m_PsidGroupPermissions
template (value) SubjectPermissions m_subjectPermissions_explicit(
in SequenceOfPsidSspRange p_certIssuePermissions
) := {
explicit := p_certIssuePermissions
} // End of template m_subjectPermissions_explicit
template (value) VerificationKeyIndicator m_verificationKeyIndicator_verificationKey(
in template (value) PublicVerificationKey p_verificationKey
) := {
verificationKey := p_verificationKey
} // End of template m_verificationKeyIndicator_verificationKey
template (value) VerificationKeyIndicator m_verificationKeyIndicator_reconstructionValue(
in template (value) EccP256CurvePoint p_reconstructionValue
) := {
reconstructionValue := p_reconstructionValue
} // End of template m_verificationKeyIndicator_reconstructionValue
template (value) PublicVerificationKey m_publicVerificationKey_ecdsaNistP256(
in template (value) EccP256CurvePoint p_ecdsaNistP256
) := {
ecdsaNistP256 := p_ecdsaNistP256
} // End of template m_publicVerificationKey_ecdsaNistP256
template (value) EccP256CurvePoint m_eccP256CurvePoint_compressed_y_0(
in Oct32 p_compressed_y_0
) := {
compressed_y_0 := p_compressed_y_0
} // End of template m_eccP256CurvePoint_compressed_y_0
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
template (value) Signature m_signature_ecdsaNistP256(
in template (value) EcdsaP256Signature p_ecdsaNistP256Signature
) := {
ecdsaNistP256Signature := p_ecdsaNistP256Signature
}
template (value) EcdsaP256Signature m_ecdsaNistP256Signature(
in template (value) EccP256CurvePoint p_rSig,
in template (value) Oct32 p_sSig
) := {
rSig := p_rSig,
sSig := p_sSig
}
template (value) EccP256CurvePoint m_eccP256CurvePoint_compressed_y(
in template (value) Oct32 p_y
) := {
compressed_y_0 := p_y
}
template (value) EccP256CurvePoint m_eccP256CurvePoint_x_y(
in template (value) octetstring p_x,
in template (value) octetstring p_y
) := {
uncompressedP256 := {
x := p_x,
y := p_y
}
}
testcase tc_root_certificate_1() runs on TCType system TCType {
var template (value) EtsiTs103097Certificate v_cert; // ETSI TS 103 097 V1.3.1 Clause 6 Bullet 1
var charstring v_certId := "STF528 Root Certificate";
var HashAlgorithm v_self := sha256; // ETSI TS 103 097 V1.3.1 Clause 7.2.3 Root CA certificates Bullet 1
var HashedId3 v_cracaId := '000000'O; // ETSI TS 103 097 V1.3.1 Clause 6 Bullet 2
var CrlSeries v_crlSeries := 0; // ETSI TS 103 097 V1.3.1 Clause 6 Bullet 3
var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof(m_appPermissions(36, { bitmapSsp := '001100110011'O })),
valueof(m_appPermissions(37, { bitmapSsp := '001100110011'O }))
};
var SequenceOfPsidSspRange v_certIssuePermissions := { // ETSI TS 103 097 V1.3.1 Clause 7.2.3 Root CA certificates Bullet 3
valueof(m_psidSspRange(1)) // FIXME What is the content of certIssuePermissions?
};
var SequenceOfPsidSspRange v_certRequestPermissions := { // FIXME Could this componet be present? If yes, What is the content of certIssuePermissions?
valueof(m_psidSspRange(2))
};
var octetstring v_private_key := ''O;
var octetstring v_publicKeyX := ''O;
var octetstring v_publicKeyY := ''O;
var octetstring v_sig := ''O;
var bitstring v_encMsg := ''B;
f_generate_key_pair(v_private_key, v_publicKeyX, v_publicKeyX);
{
m_PsidGroupPermissions(
m_subjectPermissions_explicit(
v_certIssuePermissions
))
},
{
m_PsidGroupPermissions(
m_subjectPermissions_explicit(
v_certRequestPermissions
))
},
m_verificationKeyIndicator_verificationKey( // FIXME Do we use it? If so what is the content?
m_eccP256CurvePoint_x_y(
v_publicKeyX,
v_publicKeyY
log("Encode template ", valueof(v_cert));
v_encMsg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_encMsg), v_private_key);
v_cert.signature_ := m_signature_ecdsaNistP256(
m_ecdsaNistP256Signature(
m_eccP256CurvePoint_x_y(
v_publicKeyX,
v_publicKeyY
),
v_sig
)
);
// Final certificate
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
group helpersFunctions {
group signing {
/**
* @desc Produces a 256-bit (32-byte) hash value
* @param p_toBeHashedData Data to be used to calculate the hash value
* @return The hash value
*/
external function fx_hashWithSha256(in octetstring p_toBeHashedData) return Oct32;
/**
* @desc Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signaturee
* @param p_toBeSignedSecuredMessage The data to be signed
* @param p_privateKey The private key
* @return The signature value
*/
external function fx_signWithEcdsaNistp256WithSha256(in octetstring p_toBeSignedSecuredMessage, in octetstring/*UInt64*/ p_privateKey) return octetstring;
/**
* @desc Verify the signature of the specified data
* @param p_toBeVerifiedData The data to be verified
* @param p_signature The signature
* @param p_ecdsaNistp256PublicKeyX The public key (x coordinate)
* @param p_ecdsaNistp256PublicKeyY The public key (y coordinate)
* @return true on success, false otherwise
*/
external function fx_verifyWithEcdsaNistp256WithSha256(in octetstring p_toBeVerifiedData, in octetstring p_signature, in octetstring p_ecdsaNistp256PublicKeyX, in octetstring p_ecdsaNistp256PublicKeyY) return boolean;
/**
* @desc Produce a new public/private key pair based on Elliptic Curve Digital Signature Algorithm (ECDSA) algorithm.
* This function should not be used by the ATS
* @param p_privateKey The new private key value
* @param p_publicKeyX The new public key value (x coordinate)
* @param p_publicKeyX The new public key value (y coordinate)
* @return true on success, false otherwise
*/
external function fx_generateKeyPair(out octetstring/*UInt64*/ p_privateKey, out octetstring p_publicKeyX, out octetstring p_publicKeyY) return boolean;
} // End of group signing
/**
* @desc Produces a 256-bit (32-byte) hash value
* @param p_toBeHashedData Data to be used to calculate the hash value
* @return The hash value
*/
function f_hashWithSha256(
in octetstring p_toBeHashedData
) return Oct32 {
return fx_hashWithSha256(p_toBeHashedData);
} // End of function f_hashWithSha256
/**
* @desc Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signaturee
* @param p_toBeSignedSecuredMessage The data to be signed
* @return The signature value
*/
function f_signWithEcdsaNistp256WithSha256(
in octetstring p_toBeSignedSecuredMessage,
in Oct32 p_privateKey
) return octetstring {
return fx_signWithEcdsaNistp256WithSha256(
p_toBeSignedSecuredMessage,
p_privateKey
);
} // End of function f_signWithEcdsaNistp256WithSha256
/**
* @desc Compute the HashedId8 value from the hash value
* @param p_hash The hash value
* @return The HashedId8 value
* @verdict
*/
function f_HashedId8FromSha256(
in Oct32 p_hash
) return HashedId8 {
return substr(p_hash, lengthof(p_hash) - 8, 8);
} // End of function f_HashedId8FromSha256
/**
* @desc Compute the HashedId3 value from the HashedId8 value
* @param p_hashp_hashedId8 The HashedId8 value
* @return The HashedId3 value
* @verdict Unchanged
*/
function f_HashedId3FromHashedId8(
in HashedId8 p_hashedId8
) return HashedId3 {
return substr(p_hashedId8, lengthof(p_hashedId8) - 3, 3);
} // End of function f_HashedId3FromHashedId8
/**
* @desc Verify the signature of the specified data
* @param p_toBeVerifiedData The data to be verified
* @param p_signature The signature
* @param p_ecdsaNistp256PublicKeyX The public key (x coordinate)
* @param p_ecdsaNistp256PublicKeyY The public key (y coordinate)
* @return true on success, false otherwise
*/
function f_verifyWithEcdsaNistp256WithSha256(
in octetstring p_toBeVerifiedData,
in octetstring p_signature,
in octetstring p_ecdsaNistp256PublicKeyX,
in octetstring p_ecdsaNistp256PublicKeyY
) return boolean {
// log("f_verifyWithEcdsaNistp256WithSha256: toBeVerifiedData", p_toBeVerifiedData);
// log("f_verifyWithEcdsaNistp256WithSha256: toBeVerifiedData length", lengthof(p_toBeVerifiedData));
// log("f_verifyWithEcdsaNistp256WithSha256: signature", p_signature);
// log("f_verifyWithEcdsaNistp256WithSha256: ecdsaNistp256PublicKeyX", p_ecdsaNistp256PublicKeyX);
// log("f_verifyWithEcdsaNistp256WithSha256: ecdsaNistp256PublicKeyY", p_ecdsaNistp256PublicKeyY);
return fx_verifyWithEcdsaNistp256WithSha256(
p_toBeVerifiedData,
p_signature,
p_ecdsaNistp256PublicKeyX,
p_ecdsaNistp256PublicKeyY);
} // End of function f_verifyWithEcdsaNistp256WithSha256
/**
* @desc Produce a new public/private key pair based on Elliptic Curve Digital Signature Algorithm (ECDSA) algorithm.
* This function should not be used by the ATS
* @param p_privateKey The new private key value
* @param p_publicKeyX The new public key value (x coordinate)
* @param p_publicKeyX The new public key value (y coordinate)
* @return true on success, false otherwise
*/
function f_generate_key_pair(
out octetstring p_privateKey,
out octetstring p_publicKeyX,
out octetstring p_publicKeyY
) return boolean {
return fx_generateKeyPair(p_privateKey, p_publicKeyX, p_publicKeyY);
}
}