Commit 09109fed authored by Yann Garcia's avatar Yann Garcia
Browse files

AtsPki validation: major bugs fixed

parent 2731bdfd
......@@ -8,6 +8,8 @@
* All rights reserved.
* \version 0.1
*/
#include <memory>
#include "LibItsSecurity_Functions.hh"
#include "sha256.hh"
......@@ -571,7 +573,9 @@ namespace LibItsSecurity__Functions
* \return The original message
*/
OCTETSTRING fx__test__decrypt__aes__128__ccm__test(const OCTETSTRING& p__k, const OCTETSTRING& p__n, const OCTETSTRING& p__ct) {
loggers::get_instance().log(">>> fx__test__decrypt__aes__128__ccm__test");
loggers::get_instance().log_msg(">>> fx__test__decrypt__aes__128__ccm__test: p__k: ", p__k);
loggers::get_instance().log_msg(">>> fx__test__decrypt__aes__128__ccm__test: p__n: ", p__n);
loggers::get_instance().log_msg(">>> fx__test__decrypt__aes__128__ccm__test: p__ct: ", p__ct);
security_ecc ec(ec_elliptic_curves::nist_p_256);
// Extract the tag
......@@ -608,56 +612,69 @@ namespace LibItsSecurity__Functions
* \see http://digital.csic.es/bitstream/10261/32671/1/V2-I2-P7-13.pdf
*/
// TODO Use common function for both fx__encryptWithEciesxxx and fx__decryptWithEciesxxx function
OCTETSTRING fx__encryptWithEciesNistp256WithSha256(const OCTETSTRING& p__toBeEncryptedSecuredMessage, const OCTETSTRING& p__recipientsPublicKeyCompressed, const INTEGER& p__compressedMode, const OCTETSTRING& p__salt, OCTETSTRING& p__publicEphemeralKeyCompressed, INTEGER& p__ephemeralCompressedMode, OCTETSTRING& p__encrypted__sym__key, OCTETSTRING& p__authentication__vector, OCTETSTRING& p__nonce) {
OCTETSTRING fx__encryptWithEciesNistp256WithSha256(const OCTETSTRING& p__toBeEncryptedSecuredMessage, const OCTETSTRING& p__recipientsPublicKeyCompressed, const INTEGER& p__compressedMode, const OCTETSTRING& p__salt, OCTETSTRING& p__publicEphemeralKeyCompressed, INTEGER& p__ephemeralCompressedMode,OCTETSTRING& p__aes__sym__key, OCTETSTRING& p__encrypted__sym__key, OCTETSTRING& p__authentication__vector, OCTETSTRING& p__nonce, const BOOLEAN& p__use__hardcoded__values) {
loggers::get_instance().log_msg(">>> fx__encryptWithEciesNistp256WithSha256: p__toBeEncryptedSecuredMessage: ", p__toBeEncryptedSecuredMessage);
loggers::get_instance().log_msg(">>> fx__encryptWithEciesNistp256WithSha256: p__recipientsPublicKeyCompressed", p__recipientsPublicKeyCompressed);
loggers::get_instance().log(">>> fx__encryptWithEciesNistp256WithSha256: p__compressedMode: %d", static_cast<int>(p__compressedMode));
loggers::get_instance().log_msg(">>> fx__encryptWithEciesNistp256WithSha256: p__salt", p__salt);
// 1. Generate new Private/Public Ephemeral key
security_ecc ec(ec_elliptic_curves::nist_p_256);
if (ec.generate() == -1) {
loggers::get_instance().warning("fx__encryptWithEciesNistp256WithSha256: Failed to generate ephemeral keys");
return OCTETSTRING(0, nullptr);
// 1. Generate new Private/Public Ephemeral key
std::unique_ptr<security_ecc> ec;
if (!p__use__hardcoded__values) {
ec.reset(new security_ecc(ec_elliptic_curves::nist_p_256));
if (ec->generate() == -1) {
loggers::get_instance().warning("fx__encryptWithEciesNistp256WithSha256: Failed to generate ephemeral keys");
return OCTETSTRING(0, nullptr);
}
} else {
ec.reset(new security_ecc(ec_elliptic_curves::nist_p_256, str2oct("EE9CC7FBD9EDECEA41F7C8BD258E8D2E988E75BD069ADDCA1E5A38E534AC6818"), str2oct("5AE3C8D9FE0B1FC7438F29417C240F8BF81C358EC1A4D0C6E98D8EDBCC714017"))); // Private/Public ephemeral keys
}
// 2. Generate and derive shared secret based on recipient's private keys
security_ecc ec_comp(ec_elliptic_curves::nist_p_256, p__recipientsPublicKeyCompressed, (static_cast<int>(p__compressedMode) == 0) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1);
if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, ec_comp.public_key_x(), ec_comp.public_key_y(), p__salt) == -1) {
if (p__use__hardcoded__values) {
ec_comp.symmetric_encryption_key(str2oct("A6342013D623AD6C5F6882469673AE33"));
}
if (ec->generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, ec_comp.public_key_x(), ec_comp.public_key_y(), p__salt) == -1) {
loggers::get_instance().warning("fx__encryptWithEciesNistp256WithSha256: Failed to generate and derive secret key");
return OCTETSTRING(0, nullptr);
}
// Set the AES symmetric key
loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: AES symmetric key: ", ec->symmetric_encryption_key());
p__aes__sym__key = ec->symmetric_encryption_key();
loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: p__aes__sym__key: ", p__aes__sym__key);
// Set the encrypted symmetric key
loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: Symmetric encryption key: ", ec.symmetric_encryption_key());
p__encrypted__sym__key = ec.encrypted_symmetric_key();
loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: Encrypted symmetric key: ", ec->encrypted_symmetric_key());
p__encrypted__sym__key = ec->encrypted_symmetric_key();
loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: p__encrypted__sym__key: ", p__encrypted__sym__key);
// Set the tag of the symmetric key encryption
p__authentication__vector = ec.tag();
p__authentication__vector = ec->tag();
loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: p__authentication__vector: ", p__authentication__vector);
// Set ephemeral public keys
p__publicEphemeralKeyCompressed = ec.public_key_compressed();
loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: p__publicEphemeralKeyCompressed: ", p__publicEphemeralKeyCompressed);
p__ephemeralCompressedMode = (ec.public_key_compressed_mode() == ecc_compressed_mode::compressed_y_0) ? 0 : 1;
loggers::get_instance().log("fx__encryptWithEciesNistp256WithSha256: p__ephemeralCompressedMode: %d", p__ephemeralCompressedMode);
p__publicEphemeralKeyCompressed = ec->public_key_compressed();
loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: Ephemeral public compressed key: ", p__publicEphemeralKeyCompressed);
p__ephemeralCompressedMode = (ec->public_key_compressed_mode() == ecc_compressed_mode::compressed_y_0) ? 0 : 1;
loggers::get_instance().log("fx__encryptWithEciesNistp256WithSha256: Ephemeral public compressed mode: %d: ", p__ephemeralCompressedMode);
// 3. Retrieve AES 128 parameters
p__nonce = ec.nonce();
p__nonce = ec->nonce();
loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: p__nonce: ", p__nonce);
// 4. Encrypt the data using AES-128 CCM
OCTETSTRING enc_message;
if (ec.encrypt(encryption_algotithm::aes_128_ccm, ec.symmetric_encryption_key(), ec.nonce(), p__toBeEncryptedSecuredMessage, enc_message) == -1) {
if (ec->encrypt(encryption_algotithm::aes_128_ccm, ec->symmetric_encryption_key(), ec->nonce(), p__toBeEncryptedSecuredMessage, enc_message) == -1) {
loggers::get_instance().warning("fx__encryptWithEciesNistp256WithSha256: Failed to encrypt message");
return OCTETSTRING(0, nullptr);
}
enc_message += ec.tag();
enc_message += ec->tag();
loggers::get_instance().log_to_hexa("fx__encryptWithEciesNistp256WithSha256: enc message||Tag: ", enc_message);
return enc_message;
}
/**
* @desc Test function for ECIES NIST P-256 Encryption with SHA-256
* @remark For the purpose of testing, the content of p__toBeEncryptedSecuredMessage is the AES 128 symmetric key to be encrypted
*/
OCTETSTRING fx__test__encryptWithEciesNistp256WithSha256(const OCTETSTRING& p__toBeEncryptedSecuredMessage, const OCTETSTRING& p__privateEphemeralKey, const OCTETSTRING& p__recipientPublicKeyX, const OCTETSTRING& p__recipientPublicKeyY, const OCTETSTRING& p__salt, OCTETSTRING& p__publicEphemeralKeyX, OCTETSTRING& p__publicEphemeralKeyY, OCTETSTRING& p__encrypted__sym__key, OCTETSTRING& p__authentication__vector, OCTETSTRING& p__nonce) {
OCTETSTRING fx__test__encryptWithEciesNistp256WithSha256(const OCTETSTRING& p__toBeEncryptedSecuredMessage, const OCTETSTRING& p__privateEphemeralKey, const OCTETSTRING& p__recipientPublicKeyX, const OCTETSTRING& p__recipientPublicKeyY, const OCTETSTRING& p__salt, OCTETSTRING& p__publicEphemeralKeyX, OCTETSTRING& p__publicEphemeralKeyY, OCTETSTRING& p__aes__sym__key, OCTETSTRING& p__encrypted__sym__key, OCTETSTRING& p__authentication__vector, OCTETSTRING& p__nonce) {
// 1. Generate new ephemeral Private/Public keys
security_ecc ec(ec_elliptic_curves::nist_p_256, p__privateEphemeralKey);
......@@ -674,8 +691,13 @@ namespace LibItsSecurity__Functions
loggers::get_instance().warning("fx__test__encryptWithEciesNistp256WithSha256: Failed to generate and derive secret key");
return OCTETSTRING(0, nullptr);
}
loggers::get_instance().log_msg("fx__test__encryptWithEciesNistp256WithSha256: symmetric_encryption_key: ", ec.symmetric_encryption_key());
// Set the AES symmetric key
loggers::get_instance().log_msg("fx__test__encryptWithEciesNistp256WithSha256: AES symmetric key: ", ec.symmetric_encryption_key());
p__aes__sym__key = ec.symmetric_encryption_key();
loggers::get_instance().log_msg("fx__test__encryptWithEciesNistp256WithSha256: p__aes__sym__key: ", p__aes__sym__key);
// Set the encrypted symmetric key
loggers::get_instance().log_msg("fx__test__encryptWithEciesNistp256WithSha256: Encrypted symmetric key: ", ec.encrypted_symmetric_key());
p__encrypted__sym__key = ec.encrypted_symmetric_key();
loggers::get_instance().log_msg("fx__test__encryptWithEciesNistp256WithSha256: p__encrypted__sym__key: ", p__encrypted__sym__key);
// Set the tag of the symmetric key encryption
......@@ -747,7 +769,7 @@ namespace LibItsSecurity__Functions
return message;
}
OCTETSTRING fx__encryptWithEciesBrainpoolp256WithSha256(const OCTETSTRING& p__toBeEncryptedSecuredMessage, const OCTETSTRING& p__recipientsPublicKeyCompressed, const INTEGER& p__compressedMode, OCTETSTRING& p__publicEphemeralKeyCompressed, INTEGER& p__ephemeralCompressedMode, OCTETSTRING& p__encrypted__sym__key, OCTETSTRING& p__authentication__vector, OCTETSTRING& p__nonce) {
OCTETSTRING fx__encryptWithEciesBrainpoolp256WithSha256(const OCTETSTRING& p__toBeEncryptedSecuredMessage, const OCTETSTRING& p__recipientsPublicKeyCompressed, const INTEGER& p__compressedMode, OCTETSTRING& p__publicEphemeralKeyCompressed, INTEGER& p__ephemeralCompressedMode, OCTETSTRING& p__aes__sym__key, OCTETSTRING& p__encrypted__sym__key, OCTETSTRING& p__authentication__vector, OCTETSTRING& p__nonce) {
loggers::get_instance().log_msg(">>> fx__encryptWithEciesBrainpoolp256WithSha256: p__toBeEncryptedSecuredMessage: ", p__toBeEncryptedSecuredMessage);
loggers::get_instance().log_msg(">>> fx__encryptWithEciesBrainpoolp256WithSha256: p__recipientsPublicKeyCompressed: ", p__recipientsPublicKeyCompressed);
loggers::get_instance().log(">>> fx__encryptWithEciesBrainpoolp256WithSha256: p__compressedMode: %d", static_cast<int>(p__compressedMode));
......@@ -761,33 +783,39 @@ namespace LibItsSecurity__Functions
// 2. Generate and derive shared secret
security_ecc ec_comp(ec_elliptic_curves::brainpool_p_256_r1, p__recipientsPublicKeyCompressed, (static_cast<int>(p__compressedMode) == 0) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1);
if (ec.generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, ec_comp.public_key_x(), ec_comp.public_key_y(), OCTETSTRING(0, nullptr)) == -1) {
loggers::get_instance().warning(": Failed to generate and derive secret key");
loggers::get_instance().warning("fx__encryptWithEciesBrainpoolp256WithSha256: Failed to generate and derive secret key");
return OCTETSTRING(0, nullptr);
}
// Set the AES symmetric key
loggers::get_instance().log_msg("fx__encryptWithEciesBrainpoolp256WithSha256: AES symmetric key: ", ec.symmetric_encryption_key());
p__aes__sym__key = ec.symmetric_encryption_key();
loggers::get_instance().log_msg("fx__encryptWithEciesBrainpoolp256WithSha256: p__aes__sym__key: ", p__aes__sym__key);
// Set the encrypted symmetric key
loggers::get_instance().log_msg("fx__encryptWithEciesBrainpoolp256WithSha256: Symmetric encryption key: ", ec.symmetric_encryption_key());
p__encrypted__sym__key = ec.encrypted_symmetric_key();
loggers::get_instance().log_msg(": Encrypted symmetric key: ", p__encrypted__sym__key);
loggers::get_instance().log_msg("fx__encryptWithEciesNistp256WithSha256: p__encrypted__sym__key: ", p__encrypted__sym__key);
// Set the tag of the symmetric key encryption
p__authentication__vector = ec.tag();
loggers::get_instance().log_msg(": p__authentication__vector: ", p__authentication__vector);
loggers::get_instance().log_msg("fx__encryptWithEciesBrainpoolp256WithSha256: p__authentication__vector: ", p__authentication__vector);
// Set ephemeral public keys
p__publicEphemeralKeyCompressed = ec.public_key_compressed();
loggers::get_instance().log_msg(": Ephemeral public compressed key: ", p__publicEphemeralKeyCompressed);
loggers::get_instance().log_msg("fx__encryptWithEciesBrainpoolp256WithSha256: Ephemeral public compressed key: ", p__publicEphemeralKeyCompressed);
p__ephemeralCompressedMode = (ec.public_key_compressed_mode() == ecc_compressed_mode::compressed_y_0) ? 0 : 1;
loggers::get_instance().log(": Ephemeral public compressed mode: %d: ", p__ephemeralCompressedMode);
loggers::get_instance().log("fx__encryptWithEciesBrainpoolp256WithSha256: Ephemeral public compressed mode: %d: ", p__ephemeralCompressedMode);
// 3. Retrieve AES 128 parameters
p__nonce = ec.nonce();
loggers::get_instance().log_msg(": p__nonce: ", p__nonce);
loggers::get_instance().log_msg("fx__encryptWithEciesBrainpoolp256WithSha256: p__nonce: ", p__nonce);
OCTETSTRING enc_symm_key = ec.symmetric_encryption_key();
loggers::get_instance().log_msg(": enc_symm_key: ", enc_symm_key);
// 4. Encrypt the data using AES-128 CCM
OCTETSTRING enc_message;
if (ec.encrypt(encryption_algotithm::aes_128_ccm, ec.symmetric_encryption_key(), ec.nonce(), p__toBeEncryptedSecuredMessage, enc_message) == -1) {
loggers::get_instance().warning(": Failed to encrypt message");
loggers::get_instance().warning("fx__encryptWithEciesBrainpoolp256WithSha256: Failed to encrypt message");
return OCTETSTRING(0, nullptr);
}
enc_message += ec.tag();
loggers::get_instance().log_to_hexa(": enc message||Tag: ", enc_message);
loggers::get_instance().log_to_hexa("fx__encryptWithEciesBrainpoolp256WithSha256: enc message||Tag: ", enc_message);
return enc_message;
}
......
......@@ -79,6 +79,7 @@ public: //! \publicsection
static const std::string& server; //! HTTP server address (e.g. www.etsi.org)
static const std::string& port; //! HTTP server port. Default: 80
static const std::string& use_ssl; //! Set to 1 to use SSL to communicate with the HTTP server. Default: false
static const std::string& method; //! HTTP method type. Default: POST
static const std::string& uri; //! HTTP URI value. Default: /
static const std::string& host; //! HTTP Host value. Default: 127.0.0.1
static const std::string& content_type; //! HTTP Content-type value. Default: application/text
......
......@@ -72,6 +72,7 @@ const std::string& params::interface_id = std::string("interface_id");
const std::string& params::server = std::string("server");
const std::string& params::port = std::string("port");
const std::string& params::use_ssl = std::string("use_ssl");
const std::string& params::method = std::string("method");
const std::string& params::uri = std::string("uri");
const std::string& params::host = std::string("host");
const std::string& params::content_type = std::string("content_type");
......
......@@ -477,15 +477,15 @@ int http_codec::decode_body(TTCN_Buffer& decoding_buffer, LibItsHttp__MessageBod
OCTETSTRING s(decoding_buffer.get_len() - decoding_buffer.get_pos(), decoding_buffer.get_data() + decoding_buffer.get_pos());
loggers::get_instance().log_msg("http_codec::decode_body: raw body=", s);
#if !defined(GEMALTO_FIX)
// GEMALTO Encode in hex string
if ((s.lengthof() & 0x00000001) == 0x00000001) {
s = int2oct(0, 1) + s;
}
s = str2oct(CHARSTRING(s.lengthof(), (const char*)(static_cast<const unsigned char*>(s))));
loggers::get_instance().log_msg("http_codec::decode_body: Convert string to binary: ", s);
#endif
// Align the payload length with the specified Content-lenght value
loggers::get_instance().log("http_codec::decode_body: _dc.length=%d - body length=%d", _dc.length, s.lengthof());
OCTETSTRING body;
......
......@@ -25,6 +25,10 @@ http_layer::http_layer(const std::string & p_type, const std::string & param) :
if (it != _params.cend()) {
_device_mode = (1 == converter::get_instance().string_to_int(it->second));
}
it = _params.find(params::method);
if (it == _params.cend()) {
_params[params::method] = "POST";
}
it = _params.find(params::uri);
if (it == _params.cend()) {
_params[params::uri] = "/";
......@@ -54,7 +58,7 @@ void http_layer::send_data(OCTETSTRING& data, params& params) {
if (_device_mode) { // Need to build an HTTP packet
loggers::get_instance().log("http_layer::send_data: Build http layer");
TTCN_Buffer buffer;
buffer.put_cs("GET");
buffer.put_cs(_params[params::method].c_str());
buffer.put_c(' ');
buffer.put_cs(_params[params::uri].c_str());
buffer.put_cs(" HTTP/1.1\r\n");
......
#include "etsi_ts102941_data.hh"
#include "etsi_ts102941_data_codec.hh"
#include "loggers.hh"
int etsi_ts102941_data::encode (const EtsiTs102941MessagesCa::EtsiTs102941Data& p_etsi_ts_10291_data, OCTETSTRING& p_data)
int etsi_ts102941_data_codec::encode (const EtsiTs102941MessagesCa::EtsiTs102941Data& p_etsi_ts_10291_data, OCTETSTRING& p_data)
{
loggers::get_instance().log(">>> etsi_ts102941_data::encode: %s", p_etsi_ts_10291_data.get_descriptor()->name);
loggers::get_instance().log(">>> etsi_ts102941_data_codec::encode: %s", p_etsi_ts_10291_data.get_descriptor()->name);
BITSTRING b;
TTCN_EncDec::clear_error();
TTCN_Buffer buffer;
p_etsi_ts_10291_data.encode(*p_etsi_ts_10291_data.get_descriptor(), buffer, TTCN_EncDec::CT_OER);
p_data = OCTETSTRING(buffer.get_len(), buffer.get_data());
loggers::get_instance().log_msg("etsi_ts102941_data::encode: ", p_data);
loggers::get_instance().log_msg("etsi_ts102941_data_codec::encode: ", p_data);
return 0;
}
int etsi_ts102941_data::decode (const OCTETSTRING& p_data, EtsiTs102941MessagesCa::EtsiTs102941Data& p_etsi_ts_10291_data, params* p_params)
int etsi_ts102941_data_codec::decode (const OCTETSTRING& p_data, EtsiTs102941MessagesCa::EtsiTs102941Data& p_etsi_ts_10291_data, params* p_params)
{
loggers::get_instance().log_msg(">>> etsi_ts102941_data::decode: ", p_data);
loggers::get_instance().log_msg(">>> etsi_ts102941_data_codec::decode: ", p_data);
TTCN_EncDec::clear_error();
TTCN_Buffer decoding_buffer(p_data);
// _params = params;
p_etsi_ts_10291_data.decode(*p_etsi_ts_10291_data.get_descriptor(), decoding_buffer, TTCN_EncDec::CT_OER);
loggers::get_instance().log_msg("<<< etsi_ts102941_data::decode: ", (const Base_Type&)p_etsi_ts_10291_data);
loggers::get_instance().log_msg("<<< etsi_ts102941_data_codec::decode: ", (const Base_Type&)p_etsi_ts_10291_data);
return 0;
}
......@@ -5,13 +5,13 @@
#include "EtsiTs102941MessagesCa.hh"
class etsi_ts102941_data : public codec<EtsiTs102941MessagesCa::EtsiTs102941Data, EtsiTs102941MessagesCa::EtsiTs102941Data>
class etsi_ts102941_data_codec : public codec<EtsiTs102941MessagesCa::EtsiTs102941Data, EtsiTs102941MessagesCa::EtsiTs102941Data>
{
public:
explicit etsi_ts102941_data() : codec<EtsiTs102941MessagesCa::EtsiTs102941Data, EtsiTs102941MessagesCa::EtsiTs102941Data>() { };
virtual ~etsi_ts102941_data() { };
explicit etsi_ts102941_data_codec() : codec<EtsiTs102941MessagesCa::EtsiTs102941Data, EtsiTs102941MessagesCa::EtsiTs102941Data>() { };
virtual ~etsi_ts102941_data_codec() { };
virtual int encode (const EtsiTs102941MessagesCa::EtsiTs102941Data& p_etsi_ts_10291_data, OCTETSTRING& p_data);
virtual int decode (const OCTETSTRING& p_data, EtsiTs102941MessagesCa::EtsiTs102941Data& p_etsi_ts_10291_data, params* p_params = NULL);
}; // End of class etsi_ts102941_data
}; // End of class etsi_ts102941_data_codec
......@@ -440,8 +440,8 @@ int security_ecc::generate_and_derive_ephemeral_key(const encryption_algotithm p
// Generate random IV (nonce
BIGNUM* r = ::BN_new();
::BN_pseudo_rand(r, k_enc * 8, -1, 0);
_nonce = int2oct(0, k_enc);
::BN_pseudo_rand(r, nonce_length * 8, -1, 0);
_nonce = int2oct(0, nonce_length);
::BN_bn2bin(r, (unsigned char*)static_cast<const unsigned char*>(_nonce));
::BN_free(r);
loggers::get_instance().log_msg("security_ecc::generate_and_derive_ephemeral_key (1): _nonce: ", _nonce);
......
......@@ -119,7 +119,7 @@ system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EA,latitude=43551050
#system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(debug=1,server=ptsv2.com,use_ssl=0)"
#system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=127.0.0.1,port=8000,use_ssl=0)"
system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=etsi.ea.msi-dev.acloud.gemalto.com,port=80,use_ssl=0)"
system.pkiPort.params := "PKI/HTTP(device_mode=1,uri=/its/inner_ec_request,host=httpbin.org,content_type=application/x-its-request)/TCP(server=127.0.0.1,port=8000,use_ssl=0)"
system.pkiPort.params := "PKI(certificate=CERT_EA)/HTTP(device_mode=1,uri=/its/inner_ec_request,host=httpbin.org,content_type=application/x-its-request)/TCP(server=127.0.0.1,port=8000,use_ssl=0)"
# GeoNetworking UpperTester port based on UDP
system.utPort.params := "UT_PKI/UDP(dst_ip=172.23.0.1,dst_port=8000)"
......
......@@ -327,17 +327,18 @@ system.pkiPort.params := "PKI/HTTP(device_mode=1,uri=/its/inner_ec_request,host=
#TestCodec_SecuredFuntions.tc_read_certificate_digest
#TestCodec_SecuredFuntions.tc_read_certificate_hash
# Encryption
TestCodec_SignedAndEncryptedMessages.tc_test_hmac_sha256_test1
TestCodec_SignedAndEncryptedMessages.tc_test_hmac_sha256_test2
TestCodec_SignedAndEncryptedMessages.tc_test_hmac_sha256_test3
TestCodec_SignedAndEncryptedMessages.tc_test_hmac_sha256_test4
TestCodec_SignedAndEncryptedMessages.tc_test_encrypt_aes_128_ccm_test_1
TestCodec_SignedAndEncryptedMessages.tc_test_encrypt_aes_128_ccm_test_2
TestCodec_SignedAndEncryptedMessages.tc_test_encrypt_aes_128_ccm_test_3
TestCodec_SignedAndEncryptedMessages.tc_test_encryptWithEciesNistp256WithSha256_1
TestCodec_SignedAndEncryptedMessages.tc_test_encryptWithEciesNistp256WithSha256_2
TestCodec_SignedAndEncryptedMessages.tc_test_encryptWithEciesNistp256WithSha256_3
TestCodec_SignedAndEncryptedMessages.tc_test_encryptWithEciesNistp256WithSha256_4
#TestCodec_SignedAndEncryptedMessages.tc_test_hmac_sha256_test1
#TestCodec_SignedAndEncryptedMessages.tc_test_hmac_sha256_test2
#TestCodec_SignedAndEncryptedMessages.tc_test_hmac_sha256_test3
#TestCodec_SignedAndEncryptedMessages.tc_test_hmac_sha256_test4
#TestCodec_SignedAndEncryptedMessages.tc_test_encrypt_aes_128_ccm_test_1
#TestCodec_SignedAndEncryptedMessages.tc_test_encrypt_aes_128_ccm_test_2
#TestCodec_SignedAndEncryptedMessages.tc_test_encrypt_aes_128_ccm_test_3
TestCodec_SignedAndEncryptedMessages.tc_test_decrypt_aes_128_ccm_test_1
#TestCodec_SignedAndEncryptedMessages.tc_test_encryptWithEciesNistp256WithSha256_1
#TestCodec_SignedAndEncryptedMessages.tc_test_encryptWithEciesNistp256WithSha256_2
#TestCodec_SignedAndEncryptedMessages.tc_test_encryptWithEciesNistp256WithSha256_3
#TestCodec_SignedAndEncryptedMessages.tc_test_encryptWithEciesNistp256WithSha256_4
#TestCodec_SignedAndEncryptedMessages.tc_encrypted_signed_message_1
#TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_2
#TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_3
......
......@@ -28,9 +28,9 @@ export PATH=${HOME_BIN}:${PATH}
# Update LD_LIBRARY_PATH environment variable
if [ "${LD_LIBRARY_PATH}" == "" ]
then
export LD_LIBRARY_PATH=${HOME_LIB}:/usr/local/lib
export LD_LIBRARY_PATH=${HOME_LIB}:/usr/local/lib:/home/vagrant/dev/etsi_its/lib
else
export LD_LIBRARY_PATH=${HOME_LIB}:/usr/local/lib:${LD_LIBRARY_PATH}
export LD_LIBRARY_PATH=${HOME_LIB}:/usr/local/lib:/home/vagrant/dev/etsi_its/lib:${LD_LIBRARY_PATH}
fi
......@@ -63,3 +63,5 @@ then
fi
export BROWSER=netsurf
export OPENSSL_DIR=/usr/local
This diff is collapsed.
......@@ -26,7 +26,9 @@ module ItsPki_TestControl {
}
if (PICS_IUT_AA_ROLE) {
execute(TC_SEC_PKI_SND_AA_BV_01());
execute(TC_SEC_PKI_SND_AA_BV_02());
execute(TC_SEC_PKI_SND_AA_BV_03());
}
} // End of 'control' statement
......
Subproject commit 119269254ac0b6bb4a5cdef3bd64ced8502353ce
Subproject commit a4ba15561d9ac0e0d94098b5ddc3727f41f5981a
......@@ -135,6 +135,10 @@ module TestCodec_Pki {
var Ieee1609Dot2Data v_dec_ieee1609dot2_encrypted_and_signed_data;
var Ieee1609Dot2Data v_dec_ieee1609dot2_signed_data;
var bitstring v_ieee1609dot2_signed_and_encrypted_data_msg;
var Oct16 v_aes_sym_key;
var Oct16 v_encrypted_sym_key;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var integer v_result;
if (not(PICS_SEC_FIXED_KEYS)) {
......@@ -156,7 +160,7 @@ module TestCodec_Pki {
// Secure InnerEcRequestSignedForPoP message
v_inner_ec_request_signed_for_pop_msg := encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop));
if (f_build_pki_secured_message(v_private_key, valueof(m_signerIdentifier_self), int2oct(0, 8), v_publicKeyCompressed, v_compressedMode, ''O, bit2oct(v_inner_ec_request_signed_for_pop_msg), v_ieee1609dot2_signed_and_encrypted_data) == false) {
if (f_build_pki_secured_message(v_private_key, valueof(m_signerIdentifier_self), int2oct(0, 8), v_publicKeyCompressed, v_compressedMode, ''O, bit2oct(v_inner_ec_request_signed_for_pop_msg), v_ieee1609dot2_signed_and_encrypted_data, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce) == false) {
setverdict(fail, "Failed to secure InnerEcRequest message");
stop;
}
......@@ -401,6 +405,10 @@ module TestCodec_Pki {
var InnerEcResponse v_inner_ec_response;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var bitstring v_ieee1609dot2_signed_and_encrypted_data_msg;
var Oct16 v_aes_sym_key;
var Oct16 v_encrypted_sym_key;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var Ieee1609Dot2Data v_dec_ieee1609dot2_encrypted_and_signed_data;
var Ieee1609Dot2Data v_dec_ieee1609dot2_signed_data;
var bitstring v_dec_inner_ec_response_msg;
......@@ -481,9 +489,9 @@ module TestCodec_Pki {
// Build secured PKI message
v_enc_msg := encvalue(m_etsiTs102941Data_inner_ec_response(v_inner_ec_response));
if (ischosen(v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0)) {
v_ret := f_build_pki_secured_message(v_private_key_cert_iut_a_ea, valueof(m_signerIdentifier_digest(v_hashed_id8_cert_iut_a_ea)), int2oct(0, 8), v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0, 0, ''O, bit2oct(v_enc_msg), v_ieee1609dot2_signed_and_encrypted_data);
v_ret := f_build_pki_secured_message(v_private_key_cert_iut_a_ea, valueof(m_signerIdentifier_digest(v_hashed_id8_cert_iut_a_ea)), int2oct(0, 8), v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0, 0, ''O, bit2oct(v_enc_msg), v_ieee1609dot2_signed_and_encrypted_data, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce);
} else {
v_ret := f_build_pki_secured_message(v_private_key_cert_iut_a_ea, valueof(m_signerIdentifier_digest(v_hashed_id8_cert_iut_a_ea)), int2oct(0, 8), v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1, 1, ''O, bit2oct(v_enc_msg), v_ieee1609dot2_signed_and_encrypted_data);
v_ret := f_build_pki_secured_message(v_private_key_cert_iut_a_ea, valueof(m_signerIdentifier_digest(v_hashed_id8_cert_iut_a_ea)), int2oct(0, 8), v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1, 1, ''O, bit2oct(v_enc_msg), v_ieee1609dot2_signed_and_encrypted_data, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce);
}
if (v_ret == false) {
setverdict(fail, "Failed to secure InnerEcResponse message");
......@@ -602,6 +610,10 @@ module TestCodec_Pki {
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var bitstring v_ieee1609dot2_signed_and_encrypted_data_msg;
var Ieee1609Dot2Data v_dec_ieee1609dot2_encrypted_and_signed_data;
var Oct16 v_aes_sym_key;
var Oct16 v_encrypted_sym_key;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var Ieee1609Dot2Data v_dec_ieee1609dot2_signed_data;
var bitstring v_dec_authorization_validation_response_msg;
var EtsiTs102941Data v_dec_authorization_validation_response;
......@@ -690,9 +702,9 @@ module TestCodec_Pki {
// Build secured PKI message
v_enc_msg := encvalue(m_etsiTs102941Data_authorization_validation_response(v_authorization_validation_response));
if (ischosen(v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0)) {
v_ret := f_build_pki_secured_message(v_private_key_cert_iut_a_ea, valueof(m_signerIdentifier_digest(v_hashed_id8_cert_iut_a_ea)), int2oct(0, 8), v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0, 0, ''O, bit2oct(v_enc_msg), v_ieee1609dot2_signed_and_encrypted_data);
v_ret := f_build_pki_secured_message(v_private_key_cert_iut_a_ea, valueof(m_signerIdentifier_digest(v_hashed_id8_cert_iut_a_ea)), int2oct(0, 8), v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0, 0, ''O, bit2oct(v_enc_msg), v_ieee1609dot2_signed_and_encrypted_data, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce);
} else {
v_ret := f_build_pki_secured_message(v_private_key_cert_iut_a_ea, valueof(m_signerIdentifier_digest(v_hashed_id8_cert_iut_a_ea)), int2oct(0, 8), v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1, 1, ''O, bit2oct(v_enc_msg), v_ieee1609dot2_signed_and_encrypted_data);
v_ret := f_build_pki_secured_message(v_private_key_cert_iut_a_ea, valueof(m_signerIdentifier_digest(v_hashed_id8_cert_iut_a_ea)), int2oct(0, 8), v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1, 1, ''O, bit2oct(v_enc_msg), v_ieee1609dot2_signed_and_encrypted_data, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce);
}
if (v_ret == false) {
setverdict(fail, "Failed to secure InnerEcResponse message");
......
......@@ -174,6 +174,19 @@ module TestCodec_SignedAndEncryptedMessages {
}
}
testcase tc_test_decrypt_aes_128_ccm_test_1() runs on TCType system TCType {
var octetstring v_k := 'E3EF9D9BDD93E9DCEB48FBF185AE73DA'O;
var octetstring v_n := 'B81E98B758D40D8771DEDD16C6CCA990'O;
var octetstring v_pt := 'D43342EB60491188733B357E215760044218E465DF4D284E54A02DF8331461590BA6BB4E402691414212DBBE3B9CB33E8AF5D0DBDAC698137C4BFD977B0512DBB02F4C183DDBD63FBB43F45AB028BB2725104694D302943CD4E2DED191D96A45B04B5D30F79025F45C9B9BAFA5007B1CB8A721C3FACB9F5A0C622FD2867332B4FDE4'O;
var octetstring v_result := fx_test_decrypt_aes_128_ccm_test(v_k, v_n, v_pt);
/*if (match(v_ct, v_result)) {
setverdict(fail);
} else {
setverdict(pass);
}*/
}
testcase tc_test_encrypt_aes_128_gcm_test_1() runs on TCType system TCType {
var octetstring v_k := 'E58D5C8F8C9ED9785679E08ABC7C8116'O;
var octetstring v_n := 'A9F593C09EAEEA8BF0C1CF6A'O;
......@@ -215,11 +228,12 @@ module TestCodec_SignedAndEncryptedMessages {
var octetstring v_cyphered_message;
var octetstring v_decyphered_message;
var Oct16 v_authentication_vector;
var Oct16 v_aes_sym_key;
var Oct16 v_encrypted_sym_key;
var Oct12 v_nonce;
// Cypher text is the symetric encryption key
v_cyphered_message := fx_test_encryptWithEciesNistp256WithSha256('9169155B08B07674CBADF75FB46A7B0D'O, v_privateEphemeralKey, v_recipientPublicKeyX, v_recipientPublicKeyY, v_salt, v_publicEphemeralKeyX, v_publicEphemeralKeyY, v_encrypted_sym_key, v_authentication_vector, v_nonce);
v_cyphered_message := fx_test_encryptWithEciesNistp256WithSha256('9169155B08B07674CBADF75FB46A7B0D'O, v_privateEphemeralKey, v_recipientPublicKeyX, v_recipientPublicKeyY, v_salt, v_publicEphemeralKeyX, v_publicEphemeralKeyY, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce);
log("v_cyphered_message=", v_cyphered_message);
if (v_publicEphemeralKeyX != 'F45A99137B1BB2C150D6D8CF7292CA07DA68C003DAA766A9AF7F67F5EE916828'O) {
setverdict(fail, "Wrong public ephemeral key X");
......@@ -261,11 +275,12 @@ module TestCodec_SignedAndEncryptedMessages {
var octetstring v_cyphered_message;
var octetstring v_decyphered_message;
var Oct16 v_authentication_vector;
var Oct16 v_aes_sym_key;
var Oct16 v_encrypted_sym_key;
var Oct12 v_nonce;
// Cypher text is the symetric encryption key
v_cyphered_message := fx_test_encryptWithEciesNistp256WithSha256('9169155B08B07674CBADF75FB46A7B0D'O, v_privateEphemeralKey, v_recipientPublicKeyX, v_recipientPublicKeyY, v_salt, v_publicEphemeralKeyX, v_publicEphemeralKeyY, v_encrypted_sym_key, v_authentication_vector, v_nonce);
v_cyphered_message := fx_test_encryptWithEciesNistp256WithSha256('9169155B08B07674CBADF75FB46A7B0D'O, v_privateEphemeralKey, v_recipientPublicKeyX, v_recipientPublicKeyY, v_salt, v_publicEphemeralKeyX, v_publicEphemeralKeyY, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce);
log("v_cyphered_message=", v_cyphered_message);
if (v_publicEphemeralKeyX != 'EE9CC7FBD9EDECEA41F7C8BD258E8D2E988E75BD069ADDCA1E5A38E534AC6818'O) {
setverdict(fail, "Wrong public ephemeral key X");
......@@ -307,11 +322,12 @@ module TestCodec_SignedAndEncryptedMessages {
var octetstring v_cyphered_message;
var octetstring v_decyphered_message;
var Oct16 v_authentication_vector;
var Oct16 v_aes_sym_key;
var Oct16 v_encrypted_sym_key;
var Oct12 v_nonce;
// Cypher text is the symetric encryption key
v_cyphered_message := fx_test_encryptWithEciesNistp256WithSha256('687E9757DEBFD87B0C267330C183C7B6'O, v_privateEphemeralKey, v_recipientPublicKeyX, v_recipientPublicKeyY, v_salt, v_publicEphemeralKeyX, v_publicEphemeralKeyY, v_encrypted_sym_key, v_authentication_vector, v_nonce);
v_cyphered_message := fx_test_encryptWithEciesNistp256WithSha256('687E9757DEBFD87B0C267330C183C7B6'O, v_privateEphemeralKey, v_recipientPublicKeyX, v_recipientPublicKeyY, v_salt, v_publicEphemeralKeyX, v_publicEphemeralKeyY, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce);
log("v_cyphered_message=", v_cyphered_message);
if (v_publicEphemeralKeyX != 'F45A99137B1BB2C150D6D8CF7292CA07DA68C003DAA766A9AF7F67F5EE916828'O) {
setverdict(fail, "Wrong public ephemeral key X");
......@@ -353,11 +369,12 @@ module TestCodec_SignedAndEncryptedMessages {
var octetstring v_cyphered_message;
var octetstring v_decyphered_message;
var Oct16 v_authentication_vector;
var Oct16 v_aes_sym_key;
var Oct16 v_encrypted_sym_key;
var Oct12 v_nonce;
// Cypher text is the symetric encryption key
v_cyphered_message := fx_test_encryptWithEciesNistp256WithSha256('687E9757DEBFD87B0C267330C183C7B6'O, v_privateEphemeralKey, v_recipientPublicKeyX, v_recipientPublicKeyY, v_salt, v_publicEphemeralKeyX, v_publicEphemeralKeyY, v_encrypted_sym_key, v_authentication_vector, v_nonce);
v_cyphered_message := fx_test_encryptWithEciesNistp256WithSha256('687E9757DEBFD87B0C267330C183C7B6'O, v_privateEphemeralKey, v_recipientPublicKeyX, v_recipientPublicKeyY, v_salt, v_publicEphemeralKeyX, v_publicEphemeralKeyY, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce);
log("v_cyphered_message=", v_cyphered_message);
if (v_publicEphemeralKeyX != '121AA495C6B2C07A2B2DAEC36BD207D6620D7E6081050DF5DE3E9696868FCDCA'O) {
setverdict(fail, "Wrong public ephemeral key X");
......@@ -393,7 +410,6 @@ module TestCodec_SignedAndEncryptedMessages {
var EtsiTs103097Data v_signed_data_dec;
var octetstring v_raw_payload_to_be_signed := 'CAFFEDECA0000001'O;
var HashedId8 v_digest := '0000000000000000'O;
var template (value) EtsiTs103097Data v_encrypted_data;
var EtsiTs103097Data v_encrypted_data_dec;
var bitstring v_encMsg;
......@@ -407,6 +423,7 @@ module TestCodec_SignedAndEncryptedMessages {
var integer v_tsCompressedMode;
var EccP256CurvePoint v_eccPoint;
var Oct16 v_authentication_vector;
var Oct16 v_aes_sym_key;
var Oct16 v_encrypted_sym_key;
var Opaque v_cypheredPayload;
var Oct12 v_nonce;
......@@ -442,7 +459,7 @@ module TestCodec_SignedAndEncryptedMessages {
);
log("v_signed_data = ", v_signed_data);
v_encMsg := encvalue(valueof(v_signed_data));
v_cypheredPayload := f_encryptWithEciesNistp256WithSha256(bit2oct(v_encMsg), v_tsPublicKeyCompressed, v_tsCompressedMode, ''O, v_publicEphemeralKeyCompressed, v_ephemeralKeyModeCompressed, v_encrypted_sym_key, v_authentication_vector, v_nonce);
v_cypheredPayload := f_encryptWithEciesNistp256WithSha256(bit2oct(v_encMsg), v_tsPublicKeyCompressed, v_tsCompressedMode, ''O, v_publicEphemeralKeyCompressed, v_ephemeralKeyModeCompressed, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce);
v_recipientId := f_HashedId8FromSha256(f_hashWithSha256(bit2oct(v_encMsg))); // IEEE Std 1609.2a-2017 Clause 6.3.34 PKRecipientInfo
// Fill Certificate template with the public compressed keys (canonical form)
if (v_ephemeralKeyModeCompressed == 0) {
......@@ -499,7 +516,6 @@ module TestCodec_SignedAndEncryptedMessages {
var EtsiTs103097Data v_signed_data_dec;
var octetstring v_raw_payload_to_be_signed := 'CAFFEDECA0000001'O;
var HashedId8 v_digest := '0000000000000000'O;
var template (value) EtsiTs103097Data v_encrypted_data;
var EtsiTs103097Data v_decrypted_data;
var bitstring v_encMsg;
......@@ -513,6 +529,7 @@ module TestCodec_SignedAndEncryptedMessages {
var integer v_tsCompressedMode;
var EccP256CurvePoint v_eccPoint;
var Oct16 v_authentication_vector;
var Oct16 v_aes_sym_key;
var Oct16 v_encrypted_sym_key;
var Opaque v_cypheredPayload;
var Oct12 v_nonce;
......@@ -548,7 +565,7 @@ module TestCodec_SignedAndEncryptedMessages {
);
log("v_signed_data = ", v_signed_data);
v_encMsg := encvalue(valueof(v_signed_data));
v_cypheredPayload := f_encryptWithEciesNistp256WithSha256(bit2oct(v_encMsg), v_tsPublicKeyCompressed, v_tsCompressedMode, ''O, v_publicEphemeralKeyCompressed, v_ephemeralKeyModeCompressed, v_encrypted_sym_key, v_authentication_vector, v_nonce);
v_cypheredPayload := f_encryptWithEciesNistp256WithSha256(bit2oct(v_encMsg), v_tsPublicKeyCompressed, v_tsCompressedMode, ''O, v_publicEphemeralKeyCompressed, v_ephemeralKeyModeCompressed, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce);