Newer
Older
/*
* @author
*
* @version
* 1.0
* @desc
*
* @remark
*
* @see
*
*/
module TestCodec_Pki {
// Libcommon
import from LibCommon_Time all;
import from LibCommon_VerdictControl all;
import from LibCommon_Sync all;
import from LibCommon_BasicTypesAndValues all;
// LibIts
import from IEEE1609dot2BaseTypes language "ASN.1:1997" all;
import from IEEE1609dot2 language "ASN.1:1997" all;
import from EtsiTs102941BaseTypes language "ASN.1:1997" all;
import from EtsiTs102941TypesEnrolment language "ASN.1:1997" all;
import from EtsiTs102941TypesAuthorization language "ASN.1:1997" all;
import from EtsiTs102941TypesAuthorizationValidation language "ASN.1:1997" all;
import from EtsiTs102941MessagesCa language "ASN.1:1997" all;
import from EtsiTs103097Module language "ASN.1:1997" all;
// LibItsCommon
import from LibItsCommon_TypesAndValues all;
import from LibItsCommon_TypesAndValues all;
import from LibItsCommon_ASN1_NamedNumbers all;
// LibItsSecurity
import from LibItsSecurity_TypesAndValues all;
import from LibItsSecurity_Templates all;
import from LibItsSecurity_Functions all;
import from LibItsSecurity_Pixits all;
// LibItsHttp
import from LibItsHttp_TypesAndValues all;
import from LibItsHttp_Templates all;
import from LibItsHttp_BinaryTemplates all;
import from LibItsHttp_Functions all;
import from LibItsPki_TypesAndValues all;
// TestCodec
import from TestCodec_TestAndSystem all;
testcase tc_encode_inner_ec_response_1() runs on TCType system TCType {
var EtsiTs102941Data v_data;
var bitstring v_response := oct2bit('01810059E6B6C01C2FE2DB06DA5263544D981D02'O);
var integer v_result;
v_data := valueof(m_etsiTs102941Data_inner_ec_response(m_innerEcResponse_ko('59E6B6C01C2FE2DB06DA5263544D981D'O, badcontenttype)));
log("v_data= ", v_data);
v_response := encvalue(v_data);
setverdict(pass);
}
testcase tc_decode_inner_ec_response_1() runs on TCType system TCType {
var bitstring v_response := oct2bit('01810059E6B6C01C2FE2DB06DA5263544D981D02'O);
var EtsiTs102941Data v_data;
var integer v_result;
v_result := decvalue(v_response, v_data);
log("v_data= ", v_data);
setverdict(pass);
}
testcase tc_inner_ec_request_1() runs on TCType system TCType {
var integer v_res := 0;
var EtsiTs103097Certificate v_certificate;
var InnerEcRequest v_innerEcRequest;
var bitstring v_exp_enc_msg := oct2bit('0004544F444F01008083A72B88B6A1ADEEBA7FC18772952F053A81BD18635EE5AB08ED1376C107B5413968831874E3808466A8C0'O);
var bitstring v_enc_msg := oct2bit('8003008100288300000000001874e3808466a8c001018080010e80012482080301ffff0301ffff800125820a0401ffffff0401ffffff800189820a0401ffffff0401ffffff80018a820a0401ffffff0401ffffff80018b820a0401ffffff0401ffffff80018c820a0401ffffff0401ffffff00018d0001600001610001620001630001640001650001660102808083a72b88b6a1adeeba7fc18772952f053a81bd18635ee5ab08ed1376c107b541398080c0290e397381bf7502a0e6a6b271d8e2f18fc8311f591f0528a673ee5169f670e224ac455b5e67eb251cc1467f6ffc6840987c8c8eb9245c22be73322b64ca54'O); // CERT_IUT_A_RCA.oer
var Oct32 v_private_key := 'd79ef1d533b0385463a5d15708e94ff4f0d281cccbef504acd3afbb82dc0499f'O; // CERT_IUT_A_RCA.vkey
// Decode certificate
v_res := decvalue(v_enc_msg, v_certificate);
if (v_res == 0) {
log("Decoded message: ", v_certificate);
v_innerEcRequest := valueof(m_innerEcRequest(
"TODO",
m_publicKeys(
v_certificate.toBeSigned.verifyKeyIndicator.verificationKey,
v_certificate.toBeSigned.encryptionKey
),
m_certificateSubjectAttributes(
v_certificate.toBeSigned.appPermissions,
v_certificate.toBeSigned.validityPeriod,
v_certificate.toBeSigned.region,
v_certificate.toBeSigned.assuranceLevel
)));
v_enc_msg := encvalue(v_innerEcRequest);
log("Encoded message: ", bit2oct(v_enc_msg));
if (not isbound(v_enc_msg)) {
setverdict(fail, "Encoding InnerEcRequest failed!");
if (not match(v_enc_msg, v_exp_enc_msg)) {
log("Expected message: ", bit2oct(valueof(v_exp_enc_msg)));
setverdict(fail, "Encoding InnerEcRequest failed, not the expected result!");
v_res := decvalue(v_exp_enc_msg, v_exp_innerEcReq);
if (v_res == 0) {
log("Decoded message: ", v_certificate);
setverdict(pass, "Decoded succeed");
if (not match(v_innerEcRequest, v_exp_innerEcReq)) {
log("Expected message: ", bit2oct(valueof(v_exp_enc_msg)));
setverdict(fail, "Encoding failed, not the expected result!");
stop;
}
} else {
setverdict(fail, "Decoding failed");
testcase tc_inner_ec_request_2() runs on TCType system TCType {
var Oct32 v_private_key;
var Oct32 v_publicKeyX;
var Oct32 v_publicKeyY;
var Oct32 v_publicKeyCompressed;
var integer v_compressedMode;
var InnerEcRequest v_inner_ec_request;
var Ieee1609Dot2Data v_inner_ec_request_signed_for_pop;
var bitstring v_inner_ec_request_signed_for_pop_msg;
var EtsiTs102941Data v_dec_inner_ec_request_signed_for_pop;
var InnerEcRequest v_dec_inner_ec_request;
var bitstring v_dec_inner_ec_request_msg;
var bitstring v_tbs;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var Ieee1609Dot2Data v_dec_ieee1609dot2_encrypted_and_signed_data;
var Ieee1609Dot2Data v_dec_ieee1609dot2_signed_data;
var bitstring v_ieee1609dot2_signed_and_encrypted_data_msg;
var Oct16 v_aes_sym_key;
var Oct16 v_encrypted_sym_key;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var integer v_result;
if (not(PICS_SEC_FIXED_KEYS)) {
setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
stop;
}
// Generate InnerEcRequest
if (f_generate_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_inner_ec_request) == false) {
setverdict(fail, "Failed to generate InnerEcRequest message");
stop;
}
// Generate InnerEcRequestSignedForPoP
if (f_generate_inner_ec_request_signed_for_pop(v_private_key, v_inner_ec_request, v_inner_ec_request_signed_for_pop) == false) {
setverdict(fail, "Failed to setup InnerEcRequestSignedForPoP message");
stop;
}
// Secure InnerEcRequestSignedForPoP message
v_inner_ec_request_signed_for_pop_msg := encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop));
if (f_build_pki_secured_message(v_private_key, valueof(m_signerIdentifier_self), int2oct(0, 8), v_publicKeyCompressed, v_compressedMode, ''O, bit2oct(v_inner_ec_request_signed_for_pop_msg), v_ieee1609dot2_signed_and_encrypted_data, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce) == false) {
setverdict(fail, "Failed to secure InnerEcRequest message");
stop;
}
// Encode it
log("To be encoded message: ", v_ieee1609dot2_signed_and_encrypted_data);
v_ieee1609dot2_signed_and_encrypted_data_msg := encvalue(v_ieee1609dot2_signed_and_encrypted_data);
log("Encoded message: ", v_ieee1609dot2_signed_and_encrypted_data_msg);
setverdict(pass, "Encoded succeed");
// Decode encrypted InnerEcRequest
v_result := decvalue(v_ieee1609dot2_signed_and_encrypted_data_msg, v_dec_ieee1609dot2_encrypted_and_signed_data);
log("Decoded message: ", v_dec_ieee1609dot2_encrypted_and_signed_data);
if (match(v_dec_ieee1609dot2_encrypted_and_signed_data, v_ieee1609dot2_signed_and_encrypted_data)) {
setverdict(pass, "Decoded match succeed");
} else {
setverdict(fail, "Decoded match failed");
stop;
}
} else {
setverdict(fail, "Decoding failed");
stop;
}
// Decrypt InnerEcRequest
f_decrypt(v_private_key, v_dec_ieee1609dot2_encrypted_and_signed_data, ''O, v_dec_ieee1609dot2_signed_data);
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
log("v_dec_ieee1609dot2_signed_data= ", v_dec_ieee1609dot2_signed_data);
// Verify signature
v_tbs := encvalue(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData);
if (fx_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_tbs),
int2oct(0, 32),
v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
v_publicKeyCompressed,
v_compressedMode) == true) {
setverdict(pass, "Check signature succeed");
} else {
setverdict(fail, "Check signature failed");
stop;
}
// Extract InnerEcRequestSignedForPop
v_dec_inner_ec_request_msg := oct2bit(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData);
v_result := decvalue(v_dec_inner_ec_request_msg, v_dec_inner_ec_request_signed_for_pop);
if (v_result == 0) {
log("Decoded InnerEcRequestSignedForPop: ", v_dec_inner_ec_request_signed_for_pop);
setverdict(pass, "Decoded succeed");
} else {
setverdict(fail, "Decoding failed");
stop;
}
// Extract InnerEcRequest
log("v_dec_inner_ec_request_signed_for_pop.content.enrolmentRequest= ", v_dec_inner_ec_request_signed_for_pop.content.enrolmentRequest);
v_dec_inner_ec_request_msg := oct2bit(v_dec_inner_ec_request_signed_for_pop.content.enrolmentRequest.content.signedData.tbsData.payload.data.content.unsecuredData);
v_result := decvalue(v_dec_inner_ec_request_msg, v_dec_inner_ec_request);
if (v_result == 0) {
log("Decode InnerEcRequest: ", v_dec_inner_ec_request);
setverdict(pass, "Decoded succeed");
if (match(v_dec_inner_ec_request, v_inner_ec_request)) {
setverdict(pass, "Decoded match succeed");
} else {
setverdict(fail, "Decoded match failed");
stop;
}
} else {
setverdict(fail, "Decoding failed");
stop;
}
} // End of testcase tc_inner_ec_request_2
testcase tc_inner_ec_response_1() runs on TCType system TCType {
var Oct32 v_private_key;
var Oct32 v_publicKeyX;
var Oct32 v_publicKeyY;
var Oct32 v_publicKeyCompressed;
var integer v_compressedMode;
var EccP256CurvePoint v_eccPoint;
var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof(m_appPermissions(36, { bitmapSsp := '830001'O })),
valueof(m_appPermissions(37, { bitmapSsp := '830001'O }))
};
var octetstring v_inner_ec_request := '000E43616E6F6E6963616C4974734964018080827029A9B20D22AE37B1344B7FCC2322C8F1E5ECE09C39CC289E500A9487298B9B0080827029A9B20D22AE37B1344B7FCC2322C8F1E5ECE09C39CC289E500A9487298B9B7C83010A8F1C86000A83010280000C800022C00102800124810403830001800125810403830001'O;
var template (value) EtsiTs103097Certificate v_cert;
var bitstring v_tbs;
var Oct32 v_sig;
var bitstring v_enc_msg;
var integer v_res := 0;
var InnerEcResponse v_innerEcResponse;
if (not(PICS_SEC_FIXED_KEYS)) {
setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
f_generate_key_pair_nistp256(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode);
// Build certificate based on keys
if (v_compressedMode == 0) {
v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_0(v_publicKeyCompressed));
v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_1(v_publicKeyCompressed));
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
v_cert := m_etsiTs103097Certificate(
m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(f_hashWithSha256('616263'O))),
m_toBeSignedCertificate_at(
v_appPermissions,
m_verificationKeyIndicator_verificationKey(
m_publicVerificationKey_ecdsaNistP256(
v_eccPoint
)),
m_validityPeriod(
17469212,
m_duration_years(10)
),
m_geographicRegion_identifiedRegion(
{
m_identifiedRegion_country_only(12),
m_identifiedRegion_country_only(34)
}
)
)
);
// Encode it ==> Get octetstring
log("Encode template ", valueof(v_cert.toBeSigned));
v_tbs := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_tbs), int2oct(11, 32), v_private_key);
v_cert.signature_ := m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_sig, 0, 32)
),
substr(v_sig, 32, 32)
)
);
log("v_cert= ", v_cert);
// Create InnerEcResponse message
f_generate_inner_ec_response(
f_hashWithSha256(v_inner_ec_request),
valueof(v_cert),
v_innerEcResponse
);
// Encode InnerEcResponse template
log("Encode template ", v_innerEcResponse);
v_enc_msg := encvalue(v_innerEcResponse);
log("Encoded message: ", bit2oct(v_enc_msg));
// Check result
if (not isbound(v_enc_msg)) {
setverdict(fail, "Encoding failed!");
stop;
}
setverdict(pass, "Encoding passed.");
} // End of testcase tc_inner_ec_response_1
testcase tc_inner_ec_response_2() runs on TCType system TCType {
var Oct32 v_private_key;
var Oct32 v_publicKeyX;
var Oct32 v_publicKeyY;
var Oct32 v_publicKeyCompressed;
var integer v_compressedMode;
var EccP256CurvePoint v_eccPoint;
var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof(m_appPermissions(36, { bitmapSsp := '830001'O })),
valueof(m_appPermissions(37, { bitmapSsp := '830001'O }))
};
var template (value) EtsiTs103097Certificate v_cert;
var EtsiTs103097Certificate v_cert_ts_a_ea;
var EtsiTs103097Certificate v_cert_iut_a_ea;
var Oct32 v_private_key_cert_ts_a_ea;
var Oct32 v_private_key_cert_iut_a_ea;
var Oct32 v_private_enc_key_cert_ts_a_ea;
var Oct32 v_private_enc_key_cert_iut_a_ea;
var Oct8 v_hashed_id8_cert_ts_a_ea;
var Oct8 v_hashed_id8_cert_iut_a_ea;
var Oct32 v_whole_hash_cert_ts_a_ea;
var Oct32 v_whole_hash_cert_iut_a_ea;
var bitstring v_tbs;
var Oct32 v_sig;
var bitstring v_enc_msg;
var HashedId8 v_hashedid8_ea_certificate;
var InnerEcResponse v_inner_ec_response;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var bitstring v_ieee1609dot2_signed_and_encrypted_data_msg;
var Oct16 v_aes_sym_key;
var Oct16 v_encrypted_sym_key;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var Ieee1609Dot2Data v_dec_ieee1609dot2_encrypted_and_signed_data;
var Ieee1609Dot2Data v_dec_ieee1609dot2_signed_data;
var bitstring v_dec_inner_ec_response_msg;
var EtsiTs102941Data v_dec_inner_ec_response;
var boolean v_ret;
if (not(PICS_SEC_FIXED_KEYS)) {
setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
stop;
}
f_loadCertificates(PX_IUT_SEC_CONFIG_NAME);
f_readCertificate("CERT_TS_A_EA", v_cert_ts_a_ea);
f_readCertificate("CERT_IUT_A_EA", v_cert_iut_a_ea);
f_readSigningKey("CERT_TS_A_EA", v_private_key_cert_ts_a_ea);
f_readSigningKey("CERT_IUT_A_EA", v_private_key_cert_iut_a_ea);
f_readEncryptingKey("CERT_TS_A_EA", v_private_enc_key_cert_ts_a_ea);
f_readEncryptingKey("CERT_IUT_A_EA", v_private_enc_key_cert_iut_a_ea);
f_getCertificateDigest("CERT_TS_A_EA", v_hashed_id8_cert_ts_a_ea);
f_getCertificateDigest("CERT_IUT_A_EA", v_hashed_id8_cert_iut_a_ea);
f_getCertificateHash("CERT_TS_A_EA", v_whole_hash_cert_ts_a_ea);
f_getCertificateHash("CERT_IUT_A_EA", v_whole_hash_cert_iut_a_ea);
f_generate_key_pair_nistp256(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode);
// Build the EA certificate based on keys
if (v_compressedMode == 0) {
v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_0(v_publicKeyCompressed));
v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_1(v_publicKeyCompressed));
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
v_cert := m_etsiTs103097Certificate(
m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(f_hashWithSha256('616263'O))),
m_toBeSignedCertificate_at(
v_appPermissions,
m_verificationKeyIndicator_verificationKey(
m_publicVerificationKey_ecdsaNistP256(
v_eccPoint
)),
m_validityPeriod(
17469212,
m_duration_years(10)
),
m_geographicRegion_identifiedRegion(
{
m_identifiedRegion_country_only(12),
m_identifiedRegion_country_only(34)
}
)
)
);
// Encode it ==> Get octetstring
log("Encode template ", valueof(v_cert.toBeSigned));
v_tbs := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_tbs), int2oct(11, 32), v_private_key);
v_cert.signature_ := m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_sig, 0, 32)
),
substr(v_sig, 32, 32)
)
);
log("v_cert= ", v_cert);
// Calculate the whole-hashedid8 of the EA certificate
v_tbs := encvalue(v_cert);
v_hashedid8_ea_certificate := f_HashedId8FromSha256(f_hashWithSha256(bit2oct(v_tbs)));
log("whole-v_hashedid8_ea_certificate= ", v_hashedid8_ea_certificate);
// Create InnerEcResponse message
f_generate_inner_ec_response(
'DF0185451707BD702C957AB8B8AF827A6FBFBA7777723DDCA40CF6F58DAEA4E4'O,
valueof(v_cert),
v_inner_ec_response
);
// Build secured PKI message
v_enc_msg := encvalue(m_etsiTs102941Data_inner_ec_response(v_inner_ec_response));
if (ischosen(v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0)) {
v_ret := f_build_pki_secured_message(v_private_key_cert_iut_a_ea, valueof(m_signerIdentifier_digest(v_hashed_id8_cert_iut_a_ea)), int2oct(0, 8), v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0, 0, ''O, bit2oct(v_enc_msg), v_ieee1609dot2_signed_and_encrypted_data, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce);
} else {
v_ret := f_build_pki_secured_message(v_private_key_cert_iut_a_ea, valueof(m_signerIdentifier_digest(v_hashed_id8_cert_iut_a_ea)), int2oct(0, 8), v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1, 1, ''O, bit2oct(v_enc_msg), v_ieee1609dot2_signed_and_encrypted_data, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce);
}
if (v_ret == false) {
setverdict(fail, "Failed to secure InnerEcResponse message");
// Encode it
log("To be encoded message: ", v_ieee1609dot2_signed_and_encrypted_data);
v_ieee1609dot2_signed_and_encrypted_data_msg := encvalue(v_ieee1609dot2_signed_and_encrypted_data);
log("Encoded message: ", v_ieee1609dot2_signed_and_encrypted_data_msg);
setverdict(pass, "Encoded succeed");
v_result := decvalue(v_ieee1609dot2_signed_and_encrypted_data_msg, v_dec_ieee1609dot2_encrypted_and_signed_data);
log("Decoded message: ", v_dec_ieee1609dot2_encrypted_and_signed_data);
if (match(v_dec_ieee1609dot2_encrypted_and_signed_data, v_ieee1609dot2_signed_and_encrypted_data)) {
setverdict(pass, "Decoded match succeed");
} else {
setverdict(fail, "Decoded match failed");
stop;
}
} else {
setverdict(fail, "Decoding failed");
stop;
}
f_decrypt(v_private_enc_key_cert_ts_a_ea, v_dec_ieee1609dot2_encrypted_and_signed_data, ''O, v_dec_ieee1609dot2_signed_data);
log("v_dec_ieee1609dot2_signed_data= ", v_dec_ieee1609dot2_signed_data);
// Verify signature
v_tbs := encvalue(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData);
if (ischosen(v_cert_iut_a_ea.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0)) {
v_ret := f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_tbs),
v_whole_hash_cert_iut_a_ea,
v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
v_cert_iut_a_ea.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0,
0);
} else {
v_ret := f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_tbs),
v_whole_hash_cert_iut_a_ea,
v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
v_cert_iut_a_ea.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_1,
1);
}
if (v_ret == true) {
setverdict(pass, "Check signature succeed");
} else {
setverdict(fail, "Check signature failed");
stop;
}
// Extract InnerEcResponse
v_dec_inner_ec_response_msg := oct2bit(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData);
v_result := decvalue(v_dec_inner_ec_response_msg, v_dec_inner_ec_response);
if (v_result == 0) {
log("Decoded InnerEcResponse: ", v_dec_inner_ec_response);
setverdict(pass, "Decoded succeed");
if (match(v_dec_inner_ec_response.content.enrolmentResponse, v_inner_ec_response)) {
setverdict(pass, "Decoded match succeed");
// Extract the new EA certificate
v_cert := v_dec_inner_ec_response.content.enrolmentResponse.certificate;
// Check signature
v_tbs := encvalue(v_cert.toBeSigned);
if (f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_tbs),
int2oct(11, 32),
valueof(v_cert.signature_.ecdsaNistP256Signature.rSig.x_only) & valueof(v_cert.signature_.ecdsaNistP256Signature.sSig),
v_publicKeyCompressed,
v_compressedMode) == true) {
setverdict(pass, "Check signature succeed");
} else {
setverdict(fail, "Check signature failed");
stop;
}
} else {
setverdict(fail, "Decoded match failed");
stop;
}
} else {
setverdict(fail, "Decoding failed");
stop;
}
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
testcase tc_inner_ec_response_3() runs on TCType system TCType {
var Oct32 v_private_key;
var Oct32 v_publicKeyX;
var Oct32 v_publicKeyY;
var Oct32 v_publicKeyCompressed;
var integer v_compressedMode;
var EccP256CurvePoint v_eccPoint;
var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof(m_appPermissions(36, { bitmapSsp := '830001'O })),
valueof(m_appPermissions(37, { bitmapSsp := '830001'O }))
};
var template (value) EtsiTs103097Certificate v_cert;
var EtsiTs103097Certificate v_cert_ts_a_ea;
var EtsiTs103097Certificate v_cert_iut_a_ea;
var Oct32 v_private_key_cert_ts_a_ea;
var Oct32 v_private_key_cert_iut_a_ea;
var Oct32 v_private_enc_key_cert_ts_a_ea;
var Oct32 v_private_enc_key_cert_iut_a_ea;
var Oct8 v_hashed_id8_cert_ts_a_ea;
var Oct8 v_hashed_id8_cert_iut_a_ea;
var Oct32 v_whole_hash_cert_ts_a_ea;
var Oct32 v_whole_hash_cert_iut_a_ea;
var bitstring v_tbs;
var Oct32 v_sig;
var bitstring v_enc_msg;
var HashedId8 v_hashedid8_ea_certificate;
var AuthorizationValidationResponse v_authorization_validation_response;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var bitstring v_ieee1609dot2_signed_and_encrypted_data_msg;
var Ieee1609Dot2Data v_dec_ieee1609dot2_encrypted_and_signed_data;
var Oct16 v_aes_sym_key;
var Oct16 v_encrypted_sym_key;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
var Ieee1609Dot2Data v_dec_ieee1609dot2_signed_data;
var bitstring v_dec_authorization_validation_response_msg;
var EtsiTs102941Data v_dec_authorization_validation_response;
var boolean v_ret;
var integer v_result;
if (not(PICS_SEC_FIXED_KEYS)) {
setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
stop;
}
f_loadCertificates(PX_IUT_SEC_CONFIG_NAME);
f_readCertificate("CERT_TS_A_EA", v_cert_ts_a_ea);
f_readCertificate("CERT_IUT_A_EA", v_cert_iut_a_ea);
f_readSigningKey("CERT_TS_A_EA", v_private_key_cert_ts_a_ea);
f_readSigningKey("CERT_IUT_A_EA", v_private_key_cert_iut_a_ea);
f_readEncryptingKey("CERT_TS_A_EA", v_private_enc_key_cert_ts_a_ea);
f_readEncryptingKey("CERT_IUT_A_EA", v_private_enc_key_cert_iut_a_ea);
f_getCertificateDigest("CERT_TS_A_EA", v_hashed_id8_cert_ts_a_ea);
f_getCertificateDigest("CERT_IUT_A_EA", v_hashed_id8_cert_iut_a_ea);
f_getCertificateHash("CERT_TS_A_EA", v_whole_hash_cert_ts_a_ea);
f_getCertificateHash("CERT_IUT_A_EA", v_whole_hash_cert_iut_a_ea);
f_generate_key_pair_nistp256(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode);
// Build the EA certificate based on keys
if (v_compressedMode == 0) {
v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_0(v_publicKeyCompressed));
} else {
v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_1(v_publicKeyCompressed));
}
v_cert := m_etsiTs103097Certificate(
m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(f_hashWithSha256('616263'O))),
m_toBeSignedCertificate_at(
v_appPermissions,
m_verificationKeyIndicator_verificationKey(
m_publicVerificationKey_ecdsaNistP256(
v_eccPoint
)),
m_validityPeriod(
17469212,
m_duration_years(10)
),
m_geographicRegion_identifiedRegion(
{
m_identifiedRegion_country_only(12),
m_identifiedRegion_country_only(34)
}
)
)
);
// Encode it ==> Get octetstring
log("Encode template ", valueof(v_cert.toBeSigned));
v_tbs := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_tbs), int2oct(11, 32), v_private_key);
v_cert.signature_ := m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_sig, 0, 32)
),
substr(v_sig, 32, 32)
)
);
log("v_cert= ", v_cert);
// Calculate the whole-hashedid8 of the EA certificate
v_tbs := encvalue(v_cert);
v_hashedid8_ea_certificate := f_HashedId8FromSha256(f_hashWithSha256(bit2oct(v_tbs)));
log("whole-v_hashedid8_ea_certificate= ", v_hashedid8_ea_certificate);
// Create InnerEcResponse message
f_generate_authorization_validation_response(
'DF0185451707BD702C957AB8B8AF827A6FBFBA7777723DDCA40CF6F58DAEA4E4'O,
valueof(
m_certificate_subject_attributes(
v_cert.toBeSigned.appPermissions,
{ { subjectPermissions := { all_ := NULL }, minChainLength := 1, chainLengthRange := 0, eeType := '00000000'B } },
v_cert.toBeSigned.id,
v_cert.toBeSigned.validityPeriod,
v_cert.toBeSigned.region,
v_cert.toBeSigned.assuranceLevel
)
),
v_authorization_validation_response
);
// Build secured PKI message
v_enc_msg := encvalue(m_etsiTs102941Data_authorization_validation_response(v_authorization_validation_response));
if (ischosen(v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0)) {
v_ret := f_build_pki_secured_message(v_private_key_cert_iut_a_ea, valueof(m_signerIdentifier_digest(v_hashed_id8_cert_iut_a_ea)), int2oct(0, 8), v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0, 0, ''O, bit2oct(v_enc_msg), v_ieee1609dot2_signed_and_encrypted_data, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce);
} else {
v_ret := f_build_pki_secured_message(v_private_key_cert_iut_a_ea, valueof(m_signerIdentifier_digest(v_hashed_id8_cert_iut_a_ea)), int2oct(0, 8), v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1, 1, ''O, bit2oct(v_enc_msg), v_ieee1609dot2_signed_and_encrypted_data, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce);
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
}
if (v_ret == false) {
setverdict(fail, "Failed to secure InnerEcResponse message");
stop;
}
// Encode it
log("To be encoded message: ", v_ieee1609dot2_signed_and_encrypted_data);
v_ieee1609dot2_signed_and_encrypted_data_msg := encvalue(v_ieee1609dot2_signed_and_encrypted_data);
log("Encoded message: ", v_ieee1609dot2_signed_and_encrypted_data_msg);
setverdict(pass, "Encoded succeed");
// Decode encrypted InnerEcResponse
v_result := decvalue(v_ieee1609dot2_signed_and_encrypted_data_msg, v_dec_ieee1609dot2_encrypted_and_signed_data);
if (v_result == 0) {
log("Decoded message: ", v_dec_ieee1609dot2_encrypted_and_signed_data);
setverdict(pass, "Decoded succeed");
if (match(v_dec_ieee1609dot2_encrypted_and_signed_data, v_ieee1609dot2_signed_and_encrypted_data)) {
setverdict(pass, "Decoded match succeed");
} else {
setverdict(fail, "Decoded match failed");
stop;
}
} else {
setverdict(fail, "Decoding failed");
stop;
}
// Decrypt InnerEcResponse
f_decrypt(v_private_enc_key_cert_ts_a_ea, v_dec_ieee1609dot2_encrypted_and_signed_data, ''O, v_dec_ieee1609dot2_signed_data);
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
log("v_dec_ieee1609dot2_signed_data= ", v_dec_ieee1609dot2_signed_data);
// Verify signature
v_tbs := encvalue(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData);
if (ischosen(v_cert_iut_a_ea.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0)) {
v_ret := f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_tbs),
v_whole_hash_cert_iut_a_ea,
v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
v_cert_iut_a_ea.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0,
0);
} else {
v_ret := f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_tbs),
v_whole_hash_cert_iut_a_ea,
v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
v_cert_iut_a_ea.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_1,
1);
}
if (v_ret == true) {
setverdict(pass, "Check signature succeed");
} else {
setverdict(fail, "Check signature failed");
stop;
}
// Extract AuthorizationValidationResponse
v_dec_authorization_validation_response_msg := oct2bit(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData);
v_result := decvalue(v_dec_authorization_validation_response_msg, v_dec_authorization_validation_response);
if (v_result == 0) {
log("Decoded authorization_validation_response: ", v_dec_authorization_validation_response);
setverdict(pass, "Decoded succeed");
if (match(v_dec_authorization_validation_response.content.authorizationValidationResponse, v_authorization_validation_response)) {
setverdict(pass, "Decoded match succeed");
} else {
setverdict(fail, "Decoded match failed");
stop;
}
} else {
setverdict(fail, "Decoding failed");
stop;
}
} // End of testcase tc_inner_ec_response_3
testcase tc_inner_ec_functions_1() runs on TCType system TCType {
var Oct32 v_private_key;
var Oct32 v_publicKeyCompressed;
var integer v_compressedMode;
var InnerEcRequest v_inner_ec_request;
var boolean v_ret := false;
if (not(PICS_SEC_FIXED_KEYS)) {
setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
stop;
}
f_loadCertificates(PX_IUT_SEC_CONFIG_NAME);
v_ret := f_generate_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_inner_ec_request);
if (v_ret == true) {
setverdict(pass);
} else {
setverdict(fail);
}
} // End of testcase tc_inner_ec_functions_1
testcase tc_inner_ec_functions_2() runs on TCType system TCType {
var Oct32 v_private_key;
var Oct32 v_publicKeyX;
var Oct32 v_publicKeyY;
var Oct32 v_publicKeyCompressed;
var integer v_compressedMode;
var EccP256CurvePoint v_eccPoint;
var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof(m_appPermissions(36, { bitmapSsp := '830001'O })),
valueof(m_appPermissions(37, { bitmapSsp := '830001'O }))
};
var template (value) EtsiTs103097Certificate v_cert;
var EtsiTs103097Certificate v_cert_ts_a_ea;
var EtsiTs103097Certificate v_cert_iut_a_ea;
var Oct32 v_private_key_cert_ts_a_ea;
var Oct32 v_private_key_cert_iut_a_ea;
var Oct32 v_private_enc_key_cert_ts_a_ea;
var Oct32 v_private_enc_key_cert_iut_a_ea;
var Oct8 v_hashed_id8_cert_ts_a_ea;
var Oct8 v_hashed_id8_cert_iut_a_ea;
var Oct32 v_whole_hash_cert_ts_a_ea;
var Oct32 v_whole_hash_cert_iut_a_ea;
var InnerEcRequest v_inner_ec_request;
var boolean v_ret := false;
if (not(PICS_SEC_FIXED_KEYS)) {
setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
stop;
}
f_loadCertificates(PX_IUT_SEC_CONFIG_NAME);
f_readCertificate("CERT_TS_A_EA", v_cert_ts_a_ea);
f_readCertificate("CERT_IUT_A_EA", v_cert_iut_a_ea);
f_readSigningKey("CERT_TS_A_EA", v_private_key_cert_ts_a_ea);
f_readSigningKey("CERT_IUT_A_EA", v_private_key_cert_iut_a_ea);
f_readEncryptingKey("CERT_TS_A_EA", v_private_enc_key_cert_ts_a_ea);
f_readEncryptingKey("CERT_IUT_A_EA", v_private_enc_key_cert_iut_a_ea);
f_getCertificateDigest("CERT_TS_A_EA", v_hashed_id8_cert_ts_a_ea);
f_getCertificateDigest("CERT_IUT_A_EA", v_hashed_id8_cert_iut_a_ea);
f_getCertificateHash("CERT_TS_A_EA", v_whole_hash_cert_ts_a_ea);
f_getCertificateHash("CERT_IUT_A_EA", v_whole_hash_cert_iut_a_ea);
v_ret := f_generate_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_inner_ec_request);
if (v_ret == true) {
setverdict(pass);
} else {
v_ret := f_generate_ec_certificate(v_private_key, v_inner_ec_request, v_ec_certificate);
if (v_ret == true) {
setverdict(pass);
} else {
setverdict(fail, "f_generate_ec_certificate");
stop;
}
} // End of testcase tc_inner_ec_functions_2
testcase tc_inner_ec_functions_3() runs on TCType system TCType {
var Oct32 v_private_key;
var Oct32 v_publicKeyX;
var Oct32 v_publicKeyY;
var Oct32 v_publicKeyCompressed;
var Oct32 v_private_enc_key;
var Oct32 v_publicEncKeyCompressed;
var integer v_compressedMode;
var EccP256CurvePoint v_eccPoint;
var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof(m_appPermissions(36, { bitmapSsp := '830001'O })),
valueof(m_appPermissions(37, { bitmapSsp := '830001'O }))
};
var template (value) EtsiTs103097Certificate v_cert;
var EtsiTs103097Certificate v_cert_ts_a_ea;
var EtsiTs103097Certificate v_cert_iut_a_ea;
var Oct32 v_private_key_cert_ts_a_ea;
var Oct32 v_private_key_cert_iut_a_ea;
var Oct32 v_private_enc_key_cert_ts_a_ea;
var Oct32 v_private_enc_key_cert_iut_a_ea;
var Oct8 v_hashed_id8_cert_ts_a_ea;
var Oct8 v_hashed_id8_cert_iut_a_ea;
var Oct32 v_whole_hash_cert_ts_a_ea;
var Oct32 v_whole_hash_cert_iut_a_ea;
var InnerEcRequest v_inner_ec_request;
var Certificate v_ec_certificate;
var InnerAtRequest v_inner_at_request;
var Ieee1609Dot2Data v_inner_at_request_data;
var boolean v_ret := false;
if (not(PICS_SEC_FIXED_KEYS)) {
setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
stop;
}
f_loadCertificates(PX_IUT_SEC_CONFIG_NAME);
f_readCertificate("CERT_TS_A_EA", v_cert_ts_a_ea);
f_readCertificate("CERT_IUT_A_EA", v_cert_iut_a_ea);
f_readSigningKey("CERT_TS_A_EA", v_private_key_cert_ts_a_ea);
f_readSigningKey("CERT_IUT_A_EA", v_private_key_cert_iut_a_ea);
f_readEncryptingKey("CERT_TS_A_EA", v_private_enc_key_cert_ts_a_ea);
f_readEncryptingKey("CERT_IUT_A_EA", v_private_enc_key_cert_iut_a_ea);
f_getCertificateDigest("CERT_TS_A_EA", v_hashed_id8_cert_ts_a_ea);
f_getCertificateDigest("CERT_IUT_A_EA", v_hashed_id8_cert_iut_a_ea);
f_getCertificateHash("CERT_TS_A_EA", v_whole_hash_cert_ts_a_ea);
f_getCertificateHash("CERT_IUT_A_EA", v_whole_hash_cert_iut_a_ea);
v_ret := f_generate_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_inner_ec_request);
if (v_ret == true) {
setverdict(pass);
} else {
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
v_ret := f_generate_ec_certificate(v_private_key, v_inner_ec_request, v_ec_certificate);
if (v_ret == true) {
setverdict(pass);
} else {
setverdict(fail, "f_generate_ec_certificate");
stop;
}
v_ret := f_generate_inner_at_request(v_ec_certificate, v_private_key, v_cert_iut_a_ea, v_hashed_id8_cert_iut_a_ea, true, v_private_enc_key, v_publicEncKeyCompressed, v_compressedMode, v_inner_at_request, v_inner_at_request_data);
if (v_ret == true) {
setverdict(pass);
} else {
setverdict(fail, "f_generate_inner_at_request");
stop;
}
} // End of testcase tc_inner_ec_functions_3
testcase tc_inner_ec_functions_4() runs on TCType system TCType {
var Oct32 v_private_key;
var Oct32 v_publicKeyCompressed;
var Oct32 v_private_enc_key;
var Oct32 v_publicEncKeyCompressed;
var integer v_compressedMode;
var EccP256CurvePoint v_eccPoint;
var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof(m_appPermissions(36, { bitmapSsp := '830001'O })),
valueof(m_appPermissions(37, { bitmapSsp := '830001'O }))
};
var template (value) EtsiTs103097Certificate v_cert;
var EtsiTs103097Certificate v_cert_ts_a_ea;
var EtsiTs103097Certificate v_cert_iut_a_ea;
var Oct32 v_private_key_cert_ts_a_ea;
var Oct32 v_private_key_cert_iut_a_ea;
var Oct32 v_private_enc_key_cert_ts_a_ea;
var Oct32 v_private_enc_key_cert_iut_a_ea;
var Oct8 v_hashed_id8_cert_ts_a_ea;
var Oct8 v_hashed_id8_cert_iut_a_ea;
var Oct32 v_whole_hash_cert_ts_a_ea;
var Oct32 v_whole_hash_cert_iut_a_ea;
var AuthorizationValidationRequest v_authorization_validation_request;
var boolean v_ret := false;
if (not(PICS_SEC_FIXED_KEYS)) {
setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
stop;
}
f_loadCertificates(PX_IUT_SEC_CONFIG_NAME);
f_readCertificate("CERT_TS_A_EA", v_cert_ts_a_ea);
f_readCertificate("CERT_IUT_A_EA", v_cert_iut_a_ea);
f_readSigningKey("CERT_TS_A_EA", v_private_key_cert_ts_a_ea);
f_readSigningKey("CERT_IUT_A_EA", v_private_key_cert_iut_a_ea);
f_readEncryptingKey("CERT_TS_A_EA", v_private_enc_key_cert_ts_a_ea);
f_readEncryptingKey("CERT_IUT_A_EA", v_private_enc_key_cert_iut_a_ea);
f_getCertificateDigest("CERT_TS_A_EA", v_hashed_id8_cert_ts_a_ea);
f_getCertificateDigest("CERT_IUT_A_EA", v_hashed_id8_cert_iut_a_ea);
f_getCertificateHash("CERT_TS_A_EA", v_whole_hash_cert_ts_a_ea);
f_getCertificateHash("CERT_IUT_A_EA", v_whole_hash_cert_iut_a_ea);
v_ret := f_generate_authorization_validation_request(v_cert_ts_a_ea, v_hashed_id8_cert_ts_a_ea, v_private_key, v_publicKeyCompressed, v_compressedMode, v_authorization_validation_request);
if (v_ret == true) {
setverdict(pass);
} else {
setverdict(fail, "f_generate_authorization_validation_request");
stop;
}
} // End of testcase tc_inner_ec_functions_4
control {
execute(tc_inner_ec_request_1());
execute(tc_inner_ec_request_2());
execute(tc_inner_ec_response_1());
execute(tc_inner_ec_functions_1());
execute(tc_inner_ec_functions_2());
execute(tc_inner_ec_functions_3());
execute(tc_inner_ec_functions_4());