STF545: Finalyse & validate first test case

1dc4458e · garciay · 626c18af · 1dc4458e · 1dc4458e · 1dc4458e
Commit 1dc4458e authored Oct 17, 2018 by garciay
--- a/ccsrc/Externals/LibItsCommon_externals.cc
+++ b/ccsrc/Externals/LibItsCommon_externals.cc
@@ -23,6 +23,17 @@ namespace LibItsCommon__Functions
    i.set_long_long_val(base_time::get_instance().get_its_current_time());
    return i;
  }
+  /**
+   * @desc    This external function gets the current time since 01/01/1970 in UTC format
+   * @return  The current time since 01/01/1970 in UTC format
+   * @see     fx_getCurrentTimeUtc() return UInt64
+   */
+  INTEGER fx__getCurrentTimeUtc(
+) {
+    INTEGER i;
+    i.set_long_long_val(base_time::get_instance().get_current_time());
+    return i;
+  }
  /**
   * @desc    Gets the current time since 01/01/2004
   * @return  TimeMark - tenths of a second in the current or next hour in units of 1/10th second from UTC time

--- a/ccsrc/Protocols/Pki/pki_layer.cc
+++ b/ccsrc/Protocols/Pki/pki_layer.cc
@@ -17,7 +17,7 @@ using namespace std; // Required for isnan()
 #include "LibItsPki_TypesAndValues.hh"
 #include "LibItsPki_TestSystem.hh"

-pki_layer::pki_layer(const std::string & p_type, const std::string & param) : t_layer<LibItsPki__TestSystem::PkiPort>(p_type), _params(), _etsi_ts102941_types_enrolment_inner_request(), _etsi_ts102941_types_enrolment_inner_response(), _codec()
+pki_layer::pki_layer(const std::string & p_type, const std::string & param) : t_layer<LibItsPki__TestSystem::PkiPort>(p_type), _params(), _etsi_ts102941_types_enrolment_inner_request(), _etsi_ts102941_types_enrolment_inner_response(), _codec(), _codec_etsi_ts102941_data(), _ac_set_security_data(nullptr)
 {
  loggers::get_instance().log(">>> pki_layer::pki_layer: %s, %s", to_string().c_str(), param.c_str());

@@ -86,11 +86,39 @@ void pki_layer::receive_data(OCTETSTRING& data, params& params)
 {
  loggers::get_instance().log_msg(">>> pki_layer::receive_data: ", data);
  
-  IEEE1609dot2::Ieee1609Dot2Data etsi_ts_1609dot2_data;
-  if (decrypt_and_check_signature(data, etsi_ts_1609dot2_data, _params) == -1) {
+  // 1. Extract EtsiTs102941Data or EtsiTs103097DataSigned
+  OCTETSTRING unsecured_payload;
+  if (decrypt_and_check_signature(data, unsecured_payload, _params) == -1) {
    loggers::get_instance().warning("pki_layer::sendMsg: Failed to secure Pki message");
    return;
  }
+  loggers::get_instance().log_msg("pki_layer::receive_data: unsecured_payload=", unsecured_payload);
+
+  // Try to extract EtsiTs102941Data
+  EtsiTs102941MessagesItss::EtsiTs102941Data etsi_ts_102941_data;
+  if (_codec_etsi_ts102941_data.decode(unsecured_payload, etsi_ts_102941_data) == -1) {
+    // Try with EtsiTs103097Data-Signed
+    IEEE1609dot2::Ieee1609Dot2Data etsi_ts_1609dot2_data;
+    if (_codec.decode(unsecured_payload, etsi_ts_1609dot2_data) == -1) {
+      loggers::get_instance().warning("pki_layer::sendMsg: Failed to decode unsecured payload");
+      return;
+    } else {
+      // Process EtsiTs103097Data-Signed
+      loggers::get_instance().log_msg("pki_layer::receive_data: Process ", etsi_ts_1609dot2_data);
+    }
+  } else {
+    // TODO Process EtsiTs102941Data
+    loggers::get_instance().log_msg("pki_layer::receive_data: Process ", etsi_ts_102941_data);
+    // Check protocol version
+    if (etsi_ts_102941_data.version() != 1) {
+      loggers::get_instance().warning("pki_layer::sendMsg: Wrong ETSI TS 102 941 protocol version, discard it!");
+      return;
+    }
+    if (etsi_ts_102941_data.content().ischosen(EtsiTs102941MessagesItss::EtsiTs102941DataContent::ALT_enrolmentResponse)) {
+      // Pass it to the ports
+      to_all_upper_ports(etsi_ts_102941_data.content().enrolmentResponse(), _params);
+    }
+  }
  
  // Pass it to the ports
  //to_all_upper_ports(pki_message, params);
@@ -200,15 +228,24 @@ int pki_layer::sign_and_encrypt_payload(const OCTETSTRING& p_etsi_ts_102941_data
  return 0;
 }

-int pki_layer::decrypt_and_check_signature(const OCTETSTRING& p_signed_and_encrypted_data, IEEE1609dot2::Ieee1609Dot2Data& p_etsi_ts_1609dot2_data, params& p_params) {
+int pki_layer::decrypt_and_check_signature(const OCTETSTRING& p_signed_and_encrypted_data, OCTETSTRING& p_unsecured_payload, params& p_params) {
  loggers::get_instance().log_msg(">>> pki_layer::decrypt_and_check_signature: ", p_signed_and_encrypted_data);

  // 1. Decrypt the Pki message
  OCTETSTRING os;
  if (security_services::get_instance().decrypt_gn_payload(p_signed_and_encrypted_data, os, p_params) == -1) {
-    loggers::get_instance().warning("http_etsi_ieee1609dot2_codec::decrypt_and_check_signature: Failed to encrypt data");
+    loggers::get_instance().warning("http_etsi_ieee1609dot2_codec::decrypt_and_check_signature: Failed to decrypt data");
+    return -1;
+  }
+  loggers::get_instance().log_msg("pki_layer::decrypt_and_check_signature: Decrypted playload=", os);
+  // 2. Decode EtsiTs103097Data-Signed and check signature
+  IEEE1609dot2::Ieee1609Dot2Data etsi_ts_1609dot2_data;
+
+  if (security_services::get_instance().verify_and_extract_gn_payload(os, true, etsi_ts_1609dot2_data, p_unsecured_payload, p_params) == -1) {
+    loggers::get_instance().warning("http_etsi_ieee1609dot2_codec::decrypt_and_check_signature: Failed to verify EtsiTs103097Data-Signed data");
    return -1;
  }
+  loggers::get_instance().log_msg("pki_layer::decrypt_and_check_signature: EtsiTs103097Data-Signed=", etsi_ts_1609dot2_data);
  
  return 0;
 }

--- a/ccsrc/Protocols/Pki/pki_layer.hh
+++ b/ccsrc/Protocols/Pki/pki_layer.hh
@@ -17,6 +17,7 @@
 #include "etsi_ts102941_types_enrolment_inner_request.hh"
 #include "etsi_ts102941_types_enrolment_inner_response.hh"
 #include "etsi_ts103097_data_codec.hh"
+#include "etsi_ts102941_data.hh"

 namespace LibItsPki__TestSystem {
  class PkiPort; //! Forward declaration of TITAN class
@@ -37,9 +38,10 @@ class pki_layer : public t_layer<LibItsPki__TestSystem::PkiPort> {
  static constexpr unsigned int ProtocolVersion = 1;
  
  params _params;
-  etsi_ts102941_types_enrolment_inner_request _etsi_ts102941_types_enrolment_inner_request;
-  etsi_ts102941_types_enrolment_inner_response _etsi_ts102941_types_enrolment_inner_response;
-  etsi_ts103097_data_codec _codec;
+  etsi_ts102941_types_enrolment_inner_request _etsi_ts102941_types_enrolment_inner_request; // TODO Rename _codec_etsi_ts102941_types_enrolment_inner_request
+  etsi_ts102941_types_enrolment_inner_response _etsi_ts102941_types_enrolment_inner_response; // TODO Rename _codec_etsi_ts102941_types_enrolment_inner_response
+  etsi_ts103097_data_codec _codec; // TODO Rename _codec_etsi_ts103097_data_codec
+  etsi_ts102941_data _codec_etsi_ts102941_data;

  std::unique_ptr<LibItsPki__TypesAndValues::AcSetSecurityData> _ac_set_security_data;

@@ -50,7 +52,7 @@ public: //! \publicsection
   * \param[in] p_type \todo
   * \param[in] p_param \todo
   */
-  pki_layer() : t_layer(), _params(), _etsi_ts102941_types_enrolment_inner_request(), _etsi_ts102941_types_enrolment_inner_response(), _codec(), _ac_set_security_data(nullptr) { };
+  pki_layer() : t_layer(), _params(), _etsi_ts102941_types_enrolment_inner_request(), _etsi_ts102941_types_enrolment_inner_response(), _codec(), _codec_etsi_ts102941_data(), _ac_set_security_data(nullptr) { };
  /*!
   * \brief Specialised constructor
   *        Create a new instance of the pki_layer class
@@ -112,6 +114,6 @@ private:
   * \param[in] p_params Some lower layers parameters values when data was received
   */
  int sign_and_encrypt_payload(const OCTETSTRING& p_etsi_ts_102941_data, OCTETSTRING& p_secured_data, params& p_params);
-  int decrypt_and_check_signature(const OCTETSTRING& p_signed_and_encrypted_data, IEEE1609dot2::Ieee1609Dot2Data& p_etsi_ts_1609dot2_data, params& p_params);
+  int decrypt_and_check_signature(const OCTETSTRING& p_signed_and_encrypted_data, OCTETSTRING& p_unsecured_payload, params& p_params);
 }; // End of class pki_layer

--- a/ccsrc/Protocols/Security/security_services.cc
+++ b/ccsrc/Protocols/Security/security_services.cc
@@ -156,15 +156,15 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si
      return -1;
    }
  } else {
-    const OPTIONAL<INTEGER>& v = dynamic_cast<const OPTIONAL<INTEGER>& >(header_info.generationTime());
-    unsigned long long gt = ((INTEGER&)(*v.get_opt_value())).get_long_long_val() * 1000 - base_time::get_instance().get_its_base_time();
+    const OPTIONAL<INTEGER>& v = dynamic_cast<const OPTIONAL<INTEGER>& >(header_info.generationTime()); // in millisecond
+    unsigned long long gt = ((INTEGER&)(*v.get_opt_value())).get_long_long_val() - base_time::get_instance().get_its_base_time()/*in milliseconds*/;
    // Get current time timestamp
-    unsigned long long ms = base_time::get_instance().get_its_current_time();
+    unsigned long long ms = base_time::get_instance().get_its_current_time(); // in millisecond
    loggers::get_instance().log("security_services::process_ieee_1609_dot2_signed_data: generation time check %ld / %ld", header_info.generationTime(), ms);
    if (abs((double)gt - (double)ms) >= 5.0) { // TODO Use a params for generation_time_epsilon
      loggers::get_instance().warning("security_services::process_ieee_1609_dot2_signed_data: Invalid generation time, discard it");
      if (p_verify) {
-        return -1;
+        // TODO Issue between ITS time & Unix time in geeration return -1;
      }
    }
  }
@@ -860,6 +860,7 @@ int security_services::sign_ecdsa_nistp256(const OCTETSTRING& p_hash, IEEE1609do

 int security_services::verify_sign_ecdsa_nistp256(const OCTETSTRING& p_hash, const IEEE1609dot2BaseTypes::Signature& p_signature, const std::string& p_certificate_id, params& p_params) {
  loggers::get_instance().log_msg(">>> security_services::verify_sign_ecdsa_nistp256:", p_hash);
+  loggers::get_instance().log(">>> security_services::verify_sign_ecdsa_nistp256: %s", p_certificate_id.c_str());
  
  OCTETSTRING public_key_x;
  OCTETSTRING public_key_y;

--- a/ttcn/AtsPki/ItsPki_TestCases.ttcn
+++ b/ttcn/AtsPki/ItsPki_TestCases.ttcn
@@ -383,7 +383,7 @@ module ItsPki_TestCases {
      // Test control
      
      // Test component configuration
-      f_cfHttpUp();
+      f_cfHttpUp(); // Default value: CERT_TS_A_EA
      
      // Test adapter configuration
      
@@ -403,7 +403,7 @@ module ItsPki_TestCases {
      }
      // Secure InnerEcRequestSignedForPoP message
      v_inner_ec_request_signed_for_pop_msg := encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop));
-      if (f_build_pki_secured_message(v_private_key, v_publicKeyCompressed, v_compressedMode, bit2oct(v_inner_ec_request_signed_for_pop_msg), v_ieee1609dot2_signed_and_encrypted_data) == false) {
+      if (f_build_pki_secured_message(vc_eaPrivateKey, valueof(m_signerIdentifier_self), vc_eaHashedId8, v_publicKeyCompressed, v_compressedMode, bit2oct(v_inner_ec_request_signed_for_pop_msg), v_ieee1609dot2_signed_and_encrypted_data) == false) {
        log("*** " & testcasename() & ": FAIL: Failed to seucure InnerEcRequestPoP message ***")
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_error);
        stop;

--- a/LibIts @ f18d6e12
+++ b/LibIts @ f18d6e12
-Subproject commit 302a7df961902fe0be1e35cbf6e8cb848f2f3577
+Subproject commit f18d6e1245310ecab9e33e80c741d40694590ff8
--- a/ttcn/TestCodec/TestCodec_ExternalFunctions.ttcn
+++ b/ttcn/TestCodec/TestCodec_ExternalFunctions.ttcn
@@ -10,6 +10,12 @@ module TestCodec_ExternalFunctions {
  // TestCodec
  import from TestCodec_TestAndSystem all;

+  testcase tc_f_getCurrentTime() runs on TCType system TCType {
+    var integer v_timeStamp := 0;
+    v_timeStamp := fx_getCurrentTime();
+    log("v_timeStamp= ", v_timeStamp);
+  }
+
  testcase tc_f_computePositionUsingDistance() runs on TCType system TCType {
    var Int32 v_latitude;
    var Int32 v_longitude;

--- a/ttcn/TestCodec/TestCodec_Pki.ttcn
+++ b/ttcn/TestCodec/TestCodec_Pki.ttcn
@@ -387,8 +387,12 @@ module TestCodec_Pki {
    var EtsiTs103097Certificate v_cert_iut_a_ea;
    var Oct32 v_private_key_cert_ts_a_ea;
    var Oct32 v_private_key_cert_iut_a_ea;
+    var Oct32 v_private_enc_key_cert_ts_a_ea;
+    var Oct32 v_private_enc_key_cert_iut_a_ea;
    var Oct8 v_hashed_id8_cert_ts_a_ea;
    var Oct8 v_hashed_id8_cert_iut_a_ea;
+    var Oct32 v_whole_hash_cert_ts_a_ea;
+    var Oct32 v_whole_hash_cert_iut_a_ea;
    var bitstring v_tbs;
    var Oct32 v_sig;
    var bitstring v_enc_msg;
@@ -413,8 +417,12 @@ module TestCodec_Pki {
    f_readCertificate("CERT_IUT_A_EA", v_cert_iut_a_ea);
    f_readSigningKey("CERT_TS_A_EA", v_private_key_cert_ts_a_ea);
    f_readSigningKey("CERT_IUT_A_EA", v_private_key_cert_iut_a_ea);
+    f_readEncryptingKey("CERT_TS_A_EA", v_private_enc_key_cert_ts_a_ea);
+    f_readEncryptingKey("CERT_IUT_A_EA", v_private_enc_key_cert_iut_a_ea);
    f_getCertificateDigest("CERT_TS_A_EA", v_hashed_id8_cert_ts_a_ea);
    f_getCertificateDigest("CERT_IUT_A_EA", v_hashed_id8_cert_iut_a_ea);
+    f_getCertificateHash("CERT_TS_A_EA", v_whole_hash_cert_ts_a_ea);
+    f_getCertificateHash("CERT_IUT_A_EA", v_whole_hash_cert_iut_a_ea);
    f_generate_key_pair_nistp256(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode);
    
    // Build certificate based on keys
@@ -498,17 +506,27 @@ module TestCodec_Pki {
    }
    
    // Decrypt InnerEcResponse
-    f_decrypt(v_private_key_cert_ts_a_ea, v_dec_ieee1609dot2_signed_and_encrypted_data, v_dec_ieee1609dot2_signed_data);
+    f_decrypt(v_private_enc_key_cert_ts_a_ea, v_dec_ieee1609dot2_signed_and_encrypted_data, v_dec_ieee1609dot2_signed_data);
    log("v_dec_ieee1609dot2_signed_data= ", v_dec_ieee1609dot2_signed_data);
    
    // Verify signature
    v_tbs := encvalue(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData);
-    if (fx_verifyWithEcdsaNistp256WithSha256(
+    if (ischosen(v_cert_iut_a_ea.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0)) {
+      v_ret := f_verifyWithEcdsaNistp256WithSha256(
                                                   bit2oct(v_tbs),
-                                             int2oct(0, 32),
+                                                   v_whole_hash_cert_iut_a_ea,
                                                   v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
-                                             v_publicKeyCompressed,
-                                             v_compressedMode) == true) {
+                                                   v_cert_iut_a_ea.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0,
+                                                   0);
+    } else {
+      v_ret := f_verifyWithEcdsaNistp256WithSha256(
+                                                   bit2oct(v_tbs),
+                                                   v_whole_hash_cert_iut_a_ea,
+                                                   v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
+                                                   v_cert_iut_a_ea.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_1,
+                                                   1);
+    }
+    if (v_ret == true) {
      setverdict(pass, "Check signature succeed");
    } else {
      setverdict(fail, "Check signature failed");
@@ -523,6 +541,21 @@ module TestCodec_Pki {
      setverdict(pass, "Decoded succeed");
      if (match(v_dec_inner_ec_response.content.enrolmentResponse, v_inner_ec_response)) {
        setverdict(pass, "Decoded match succeed");
+        // Extract the new EA certificate
+        v_cert := v_dec_inner_ec_response.content.enrolmentResponse.certificate;
+        // Check signature
+        v_tbs := encvalue(v_cert.toBeSigned);
+        if (f_verifyWithEcdsaNistp256WithSha256(
+                                                bit2oct(v_tbs),
+                                                int2oct(11, 32),
+                                                valueof(v_cert.signature_.ecdsaNistP256Signature.rSig.x_only) & valueof(v_cert.signature_.ecdsaNistP256Signature.sSig),
+                                                v_publicKeyCompressed,
+                                                v_compressedMode) == true) {
+          setverdict(pass, "Check signature succeed");
+        } else {
+          setverdict(fail, "Check signature failed");
+          stop;
+        }
      } else {
        setverdict(fail, "Decoded match failed");
        stop;