STF545: Finalyse & validate first test case

ccsrc/Externals/LibItsCommon_externals.cc

@@ -23,6 +23,17 @@ namespace LibItsCommon__Functions
     i.set_long_long_val(base_time::get_instance().get_its_current_time());
     return i;
   }
+  /**
+   * @desc    This external function gets the current time since 01/01/1970 in UTC format
+   * @return  The current time since 01/01/1970 in UTC format
+   * @see     fx_getCurrentTimeUtc() return UInt64
+   */
+  INTEGER fx__getCurrentTimeUtc(
+) {
+    INTEGER i;
+    i.set_long_long_val(base_time::get_instance().get_current_time());
+    return i;
+  }
   /**
    * @desc    Gets the current time since 01/01/2004
    * @return  TimeMark - tenths of a second in the current or next hour in units of 1/10th second from UTC time

ccsrc/Protocols/Pki/pki_layer.cc

@@ -17,7 +17,7 @@ using namespace std; // Required for isnan()
 #include "LibItsPki_TypesAndValues.hh"
 #include "LibItsPki_TestSystem.hh"
 
-pki_layer::pki_layer(const std::string & p_type, const std::string & param) : t_layer<LibItsPki__TestSystem::PkiPort>(p_type), _params(), _etsi_ts102941_types_enrolment_inner_request(), _etsi_ts102941_types_enrolment_inner_response(), _codec()
+pki_layer::pki_layer(const std::string & p_type, const std::string & param) : t_layer<LibItsPki__TestSystem::PkiPort>(p_type), _params(), _etsi_ts102941_types_enrolment_inner_request(), _etsi_ts102941_types_enrolment_inner_response(), _codec(), _codec_etsi_ts102941_data(), _ac_set_security_data(nullptr)
 {
   loggers::get_instance().log(">>> pki_layer::pki_layer: %s, %s", to_string().c_str(), param.c_str());
 
@@ -86,11 +86,39 @@ void pki_layer::receive_data(OCTETSTRING& data, params& params)
 {
   loggers::get_instance().log_msg(">>> pki_layer::receive_data: ", data);
   
-  IEEE1609dot2::Ieee1609Dot2Data etsi_ts_1609dot2_data;
-  if (decrypt_and_check_signature(data, etsi_ts_1609dot2_data, _params) == -1) {
+  // 1. Extract EtsiTs102941Data or EtsiTs103097DataSigned
+  OCTETSTRING unsecured_payload;
+  if (decrypt_and_check_signature(data, unsecured_payload, _params) == -1) {
     loggers::get_instance().warning("pki_layer::sendMsg: Failed to secure Pki message");
     return;
   }
+  loggers::get_instance().log_msg("pki_layer::receive_data: unsecured_payload=", unsecured_payload);
+
+  // Try to extract EtsiTs102941Data
+  EtsiTs102941MessagesItss::EtsiTs102941Data etsi_ts_102941_data;
+  if (_codec_etsi_ts102941_data.decode(unsecured_payload, etsi_ts_102941_data) == -1) {
+    // Try with EtsiTs103097Data-Signed
+    IEEE1609dot2::Ieee1609Dot2Data etsi_ts_1609dot2_data;
+    if (_codec.decode(unsecured_payload, etsi_ts_1609dot2_data) == -1) {
+      loggers::get_instance().warning("pki_layer::sendMsg: Failed to decode unsecured payload");
+      return;
+    } else {
+      // Process EtsiTs103097Data-Signed
+      loggers::get_instance().log_msg("pki_layer::receive_data: Process ", etsi_ts_1609dot2_data);
+    }
+  } else {
+    // TODO Process EtsiTs102941Data
+    loggers::get_instance().log_msg("pki_layer::receive_data: Process ", etsi_ts_102941_data);
+    // Check protocol version
+    if (etsi_ts_102941_data.version() != 1) {
+      loggers::get_instance().warning("pki_layer::sendMsg: Wrong ETSI TS 102 941 protocol version, discard it!");
+      return;
+    }
+    if (etsi_ts_102941_data.content().ischosen(EtsiTs102941MessagesItss::EtsiTs102941DataContent::ALT_enrolmentResponse)) {
+      // Pass it to the ports
+      to_all_upper_ports(etsi_ts_102941_data.content().enrolmentResponse(), _params);
+    }
+  }
   
   // Pass it to the ports
   //to_all_upper_ports(pki_message, params);
@@ -200,15 +228,24 @@ int pki_layer::sign_and_encrypt_payload(const OCTETSTRING& p_etsi_ts_102941_data
   return 0;
 }
 
-int pki_layer::decrypt_and_check_signature(const OCTETSTRING& p_signed_and_encrypted_data, IEEE1609dot2::Ieee1609Dot2Data& p_etsi_ts_1609dot2_data, params& p_params) {
+int pki_layer::decrypt_and_check_signature(const OCTETSTRING& p_signed_and_encrypted_data, OCTETSTRING& p_unsecured_payload, params& p_params) {
   loggers::get_instance().log_msg(">>> pki_layer::decrypt_and_check_signature: ", p_signed_and_encrypted_data);
 
   // 1. Decrypt the Pki message
   OCTETSTRING os;
   if (security_services::get_instance().decrypt_gn_payload(p_signed_and_encrypted_data, os, p_params) == -1) {
-    loggers::get_instance().warning("http_etsi_ieee1609dot2_codec::decrypt_and_check_signature: Failed to encrypt data");
+    loggers::get_instance().warning("http_etsi_ieee1609dot2_codec::decrypt_and_check_signature: Failed to decrypt data");
+    return -1;
+  }
+  loggers::get_instance().log_msg("pki_layer::decrypt_and_check_signature: Decrypted playload=", os);
+  // 2. Decode EtsiTs103097Data-Signed and check signature
+  IEEE1609dot2::Ieee1609Dot2Data etsi_ts_1609dot2_data;
+
+  if (security_services::get_instance().verify_and_extract_gn_payload(os, true, etsi_ts_1609dot2_data, p_unsecured_payload, p_params) == -1) {
+    loggers::get_instance().warning("http_etsi_ieee1609dot2_codec::decrypt_and_check_signature: Failed to verify EtsiTs103097Data-Signed data");
     return -1;
   }
+  loggers::get_instance().log_msg("pki_layer::decrypt_and_check_signature: EtsiTs103097Data-Signed=", etsi_ts_1609dot2_data);
   
   return 0;
 }

ccsrc/Protocols/Pki/pki_layer.hh

@@ -17,6 +17,7 @@
 #include "etsi_ts102941_types_enrolment_inner_request.hh"
 #include "etsi_ts102941_types_enrolment_inner_response.hh"
 #include "etsi_ts103097_data_codec.hh"
+#include "etsi_ts102941_data.hh"
 
 namespace LibItsPki__TestSystem {
   class PkiPort; //! Forward declaration of TITAN class
@@ -37,9 +38,10 @@ class pki_layer : public t_layer<LibItsPki__TestSystem::PkiPort> {
   static constexpr unsigned int ProtocolVersion = 1;
   
   params _params;
-  etsi_ts102941_types_enrolment_inner_request _etsi_ts102941_types_enrolment_inner_request;
-  etsi_ts102941_types_enrolment_inner_response _etsi_ts102941_types_enrolment_inner_response;
-  etsi_ts103097_data_codec _codec;
+  etsi_ts102941_types_enrolment_inner_request _etsi_ts102941_types_enrolment_inner_request; // TODO Rename _codec_etsi_ts102941_types_enrolment_inner_request
+  etsi_ts102941_types_enrolment_inner_response _etsi_ts102941_types_enrolment_inner_response; // TODO Rename _codec_etsi_ts102941_types_enrolment_inner_response
+  etsi_ts103097_data_codec _codec; // TODO Rename _codec_etsi_ts103097_data_codec
+  etsi_ts102941_data _codec_etsi_ts102941_data;
 
   std::unique_ptr<LibItsPki__TypesAndValues::AcSetSecurityData> _ac_set_security_data;
 
@@ -50,7 +52,7 @@ public: //! \publicsection
    * \param[in] p_type \todo
    * \param[in] p_param \todo
    */
-  pki_layer() : t_layer(), _params(), _etsi_ts102941_types_enrolment_inner_request(), _etsi_ts102941_types_enrolment_inner_response(), _codec(), _ac_set_security_data(nullptr) { };
+  pki_layer() : t_layer(), _params(), _etsi_ts102941_types_enrolment_inner_request(), _etsi_ts102941_types_enrolment_inner_response(), _codec(), _codec_etsi_ts102941_data(), _ac_set_security_data(nullptr) { };
   /*!
    * \brief Specialised constructor
    *        Create a new instance of the pki_layer class
@@ -112,6 +114,6 @@ private:
    * \param[in] p_params Some lower layers parameters values when data was received
    */
   int sign_and_encrypt_payload(const OCTETSTRING& p_etsi_ts_102941_data, OCTETSTRING& p_secured_data, params& p_params);
-  int decrypt_and_check_signature(const OCTETSTRING& p_signed_and_encrypted_data, IEEE1609dot2::Ieee1609Dot2Data& p_etsi_ts_1609dot2_data, params& p_params);
+  int decrypt_and_check_signature(const OCTETSTRING& p_signed_and_encrypted_data, OCTETSTRING& p_unsecured_payload, params& p_params);
 }; // End of class pki_layer
 

ccsrc/Protocols/Security/security_services.cc

@@ -156,15 +156,15 @@ int security_services::process_ieee_1609_dot2_signed_data(const IEEE1609dot2::Si
       return -1;
     }
   } else {
-    const OPTIONAL<INTEGER>& v = dynamic_cast<const OPTIONAL<INTEGER>& >(header_info.generationTime());
-    unsigned long long gt = ((INTEGER&)(*v.get_opt_value())).get_long_long_val() * 1000 - base_time::get_instance().get_its_base_time();
+    const OPTIONAL<INTEGER>& v = dynamic_cast<const OPTIONAL<INTEGER>& >(header_info.generationTime()); // in millisecond
+    unsigned long long gt = ((INTEGER&)(*v.get_opt_value())).get_long_long_val() - base_time::get_instance().get_its_base_time()/*in milliseconds*/;
     // Get current time timestamp
-    unsigned long long ms = base_time::get_instance().get_its_current_time();
+    unsigned long long ms = base_time::get_instance().get_its_current_time(); // in millisecond
     loggers::get_instance().log("security_services::process_ieee_1609_dot2_signed_data: generation time check %ld / %ld", header_info.generationTime(), ms);
     if (abs((double)gt - (double)ms) >= 5.0) { // TODO Use a params for generation_time_epsilon
       loggers::get_instance().warning("security_services::process_ieee_1609_dot2_signed_data: Invalid generation time, discard it");
       if (p_verify) {
-        return -1;
+        // TODO Issue between ITS time & Unix time in geeration return -1;
       }
     }
   }
@@ -860,6 +860,7 @@ int security_services::sign_ecdsa_nistp256(const OCTETSTRING& p_hash, IEEE1609do
 
 int security_services::verify_sign_ecdsa_nistp256(const OCTETSTRING& p_hash, const IEEE1609dot2BaseTypes::Signature& p_signature, const std::string& p_certificate_id, params& p_params) {
   loggers::get_instance().log_msg(">>> security_services::verify_sign_ecdsa_nistp256:", p_hash);
+  loggers::get_instance().log(">>> security_services::verify_sign_ecdsa_nistp256: %s", p_certificate_id.c_str());
   
   OCTETSTRING public_key_x;
   OCTETSTRING public_key_y;

ttcn/AtsPki/ItsPki_TestCases.ttcn

@@ -383,7 +383,7 @@ module ItsPki_TestCases {
       // Test control
       
       // Test component configuration
-      f_cfHttpUp();
+      f_cfHttpUp(); // Default value: CERT_TS_A_EA
       
       // Test adapter configuration
       
@@ -403,7 +403,7 @@ module ItsPki_TestCases {
       }
       // Secure InnerEcRequestSignedForPoP message
       v_inner_ec_request_signed_for_pop_msg := encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop));
-      if (f_build_pki_secured_message(v_private_key, v_publicKeyCompressed, v_compressedMode, bit2oct(v_inner_ec_request_signed_for_pop_msg), v_ieee1609dot2_signed_and_encrypted_data) == false) {
+      if (f_build_pki_secured_message(vc_eaPrivateKey, valueof(m_signerIdentifier_self), vc_eaHashedId8, v_publicKeyCompressed, v_compressedMode, bit2oct(v_inner_ec_request_signed_for_pop_msg), v_ieee1609dot2_signed_and_encrypted_data) == false) {
         log("*** " & testcasename() & ": FAIL: Failed to seucure InnerEcRequestPoP message ***")
         f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_error);
         stop;

LibIts @ f18d6e12

-Subproject commit 302a7df961902fe0be1e35cbf6e8cb848f2f3577
+Subproject commit f18d6e1245310ecab9e33e80c741d40694590ff8

ttcn/TestCodec/TestCodec_ExternalFunctions.ttcn

@@ -10,6 +10,12 @@ module TestCodec_ExternalFunctions {
   // TestCodec
   import from TestCodec_TestAndSystem all;
 
+  testcase tc_f_getCurrentTime() runs on TCType system TCType {
+    var integer v_timeStamp := 0;
+    v_timeStamp := fx_getCurrentTime();
+    log("v_timeStamp= ", v_timeStamp);
+  }
+
   testcase tc_f_computePositionUsingDistance() runs on TCType system TCType {
     var Int32 v_latitude;
     var Int32 v_longitude;

ttcn/TestCodec/TestCodec_Pki.ttcn

@@ -387,8 +387,12 @@ module TestCodec_Pki {
     var EtsiTs103097Certificate v_cert_iut_a_ea;
     var Oct32 v_private_key_cert_ts_a_ea;
     var Oct32 v_private_key_cert_iut_a_ea;
+    var Oct32 v_private_enc_key_cert_ts_a_ea;
+    var Oct32 v_private_enc_key_cert_iut_a_ea;
     var Oct8 v_hashed_id8_cert_ts_a_ea;
     var Oct8 v_hashed_id8_cert_iut_a_ea;
+    var Oct32 v_whole_hash_cert_ts_a_ea;
+    var Oct32 v_whole_hash_cert_iut_a_ea;
     var bitstring v_tbs;
     var Oct32 v_sig;
     var bitstring v_enc_msg;
@@ -413,8 +417,12 @@ module TestCodec_Pki {
     f_readCertificate("CERT_IUT_A_EA", v_cert_iut_a_ea);
     f_readSigningKey("CERT_TS_A_EA", v_private_key_cert_ts_a_ea);
     f_readSigningKey("CERT_IUT_A_EA", v_private_key_cert_iut_a_ea);
+    f_readEncryptingKey("CERT_TS_A_EA", v_private_enc_key_cert_ts_a_ea);
+    f_readEncryptingKey("CERT_IUT_A_EA", v_private_enc_key_cert_iut_a_ea);
     f_getCertificateDigest("CERT_TS_A_EA", v_hashed_id8_cert_ts_a_ea);
     f_getCertificateDigest("CERT_IUT_A_EA", v_hashed_id8_cert_iut_a_ea);
+    f_getCertificateHash("CERT_TS_A_EA", v_whole_hash_cert_ts_a_ea);
+    f_getCertificateHash("CERT_IUT_A_EA", v_whole_hash_cert_iut_a_ea);
     f_generate_key_pair_nistp256(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode);
     
     // Build certificate based on keys
@@ -498,17 +506,27 @@ module TestCodec_Pki {
     }
     
     // Decrypt InnerEcResponse
-    f_decrypt(v_private_key_cert_ts_a_ea, v_dec_ieee1609dot2_signed_and_encrypted_data, v_dec_ieee1609dot2_signed_data);
+    f_decrypt(v_private_enc_key_cert_ts_a_ea, v_dec_ieee1609dot2_signed_and_encrypted_data, v_dec_ieee1609dot2_signed_data);
     log("v_dec_ieee1609dot2_signed_data= ", v_dec_ieee1609dot2_signed_data);
     
     // Verify signature
     v_tbs := encvalue(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData);
-    if (fx_verifyWithEcdsaNistp256WithSha256(
+    if (ischosen(v_cert_iut_a_ea.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0)) {
+      v_ret := f_verifyWithEcdsaNistp256WithSha256(
                                                    bit2oct(v_tbs),
-                                             int2oct(0, 32),
+                                                   v_whole_hash_cert_iut_a_ea,
                                                    v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
-                                             v_publicKeyCompressed,
-                                             v_compressedMode) == true) {
+                                                   v_cert_iut_a_ea.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0,
+                                                   0);
+    } else {
+      v_ret := f_verifyWithEcdsaNistp256WithSha256(
+                                                   bit2oct(v_tbs),
+                                                   v_whole_hash_cert_iut_a_ea,
+                                                   v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
+                                                   v_cert_iut_a_ea.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_1,
+                                                   1);
+    }
+    if (v_ret == true) {
       setverdict(pass, "Check signature succeed");
     } else {
       setverdict(fail, "Check signature failed");
@@ -523,6 +541,21 @@ module TestCodec_Pki {
       setverdict(pass, "Decoded succeed");
       if (match(v_dec_inner_ec_response.content.enrolmentResponse, v_inner_ec_response)) {
         setverdict(pass, "Decoded match succeed");
+        // Extract the new EA certificate
+        v_cert := v_dec_inner_ec_response.content.enrolmentResponse.certificate;
+        // Check signature
+        v_tbs := encvalue(v_cert.toBeSigned);
+        if (f_verifyWithEcdsaNistp256WithSha256(
+                                                bit2oct(v_tbs),
+                                                int2oct(11, 32),
+                                                valueof(v_cert.signature_.ecdsaNistP256Signature.rSig.x_only) & valueof(v_cert.signature_.ecdsaNistP256Signature.sSig),
+                                                v_publicKeyCompressed,
+                                                v_compressedMode) == true) {
+          setverdict(pass, "Check signature succeed");
+        } else {
+          setverdict(fail, "Check signature failed");
+          stop;
+        }
       } else {
         setverdict(fail, "Decoded match failed");
         stop;