Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
ITS - Intelligent Transport Systems
ITS
Commits
6305bf76
Commit
6305bf76
authored
Jan 09, 2018
by
garciay
Browse files
Validate secured messages codec
parent
293e37ad
Changes
6
Expand all
Hide whitespace changes
Inline
Side-by-side
etc/TestCodec/TestCodec.cfg
View file @
6305bf76
...
...
@@ -126,7 +126,7 @@ system.utPort.params := "UT_GN/UDP(dst_ip=192.168.56.1,dst_port=12346,src_ip=192
#TestCodec_GeoNetworking.tc_GeoNet_Port_acPort_pass_beaconing_2
# GeoNetworking port tests
# To run the GeoNetworking port tests, use the offline mode and the test data provided. Use PcapLayer.save_mode to save sent packet into a file
TestCodec_GeoNetworking.tc_GeoNet_Port_1 # Use simulator of file to run this test
#
TestCodec_GeoNetworking.tc_GeoNet_Port_1 # Use simulator of file to run this test
# Used to test device_mode=0,beaconing=1,beacon codec
# No startPassBeaconing
#TestCodec_GeoNetworking.tc_GeoNet_Port_2 # Use simulator of file to run this test
...
...
@@ -254,8 +254,9 @@ TestCodec_GeoNetworking.tc_GeoNet_Port_1 # Use simulator of file to run
#TestCodec_SecuredMessages.tc_ssp_denm
#TestCodec_SecuredMessages.tc_secured_message_unsecured
#TestCodec_SecuredMessages.tc_secured_message_signed_1
#TestCodec_SecuredMessages.tc_secured_message_signed_2
# Chain of certificates
#
TestCodec_ChainOfCertificates.tc_full_check_certificate_1
TestCodec_ChainOfCertificates.tc_full_check_certificate_1
[MAIN_CONTROLLER]
# The options herein control the behavior of MC.
...
...
ttcn/AtsAutoInterop/ItsAutoInterop_Pixits.ttcn
View file @
6305bf76
...
...
@@ -32,14 +32,14 @@ module ItsAutoInterop_Pixits {
*/
modulepar
EutDescriptions
PX_EUT_DESC
:=
{
{
'0
00000
000001'O
,
1
1
1
,
'0
00000
000001'O
'
0
4
e548
000001
'
O
,
1
017
1
,
'
0
4
e548
000001
'
O
},
// EUT_1
{
'
000000000002
'O
,
222
,
'
000000000003
'O
'
70
b3d5791b48
'
O
,
10031
,
'
70
b3d5791b48
'
O
},
// EUT_2
{
'000000000003'O
,
...
...
ttcn/AtsAutoInterop/ItsAutoInterop_TestCases.ttcn
View file @
6305bf76
...
...
@@ -1438,7 +1438,7 @@ module ItsAutoInterop_TestCases {
mw_denm
(
mw_denmMgmtCon_with_relevances
(
?
,
-
,
LibItsCommon_ASN1_NamedNumbers
.
StationType_roadSideUnit_
,
-
,
-
,
-
,
...
...
ttcn/TestCodec/TestCodec_ChainOfCertificates.ttcn
View file @
6305bf76
...
...
@@ -9,6 +9,11 @@ module TestCodec_ChainOfCertificates {
import
from
IEEE1609dot2
language
"ASN.1:1997"
all
;
import
from
EtsiTs103097Module
language
"ASN.1:1997"
all
;
// LibItsGeoNetworking
import
from
LibItsGeoNetworking_EncdecDeclarations
all
;
import
from
LibItsGeoNetworking_TypesAndValues
all
;
import
from
LibItsGeoNetworking_Templates
all
;
// LibItsSecurity
import
from
LibItsSecurity_EncdecDeclarations
all
;
import
from
LibItsSecurity_TypesAndValues
all
;
...
...
@@ -36,6 +41,9 @@ module TestCodec_ChainOfCertificates {
testcase
tc_full_check_certificate_1
()
runs
on
TCType
system
TCType
{
var
chain_sec_info
v_chain_sec_info
;
var
bitstring
v_enc_msg
:=
''
B
;
var
template
(
value
)
GnNonSecuredPacket
v_gnNonSecuredPacket
;
var
template
(
value
)
EtsiTs103097Data
v_secured_data
;
var
template
(
value
)
GeoNetworkingPdu
v_gnSecuredPacket
;
// Generate CA certificate
v_chain_sec_info
.
ca
.
cert
:=
f_create_ca_certificate_sha256_1
(
v_chain_sec_info
.
ca
);
...
...
@@ -45,7 +53,7 @@ module TestCodec_ChainOfCertificates {
v_enc_msg
:=
encvalue
(
v_chain_sec_info
.
ca
.
cert
.
toBeSigned
);
if
(
f_verifyWithEcdsaNistp256WithSha256
(
bit2oct
(
v_enc_msg
),
v_chain_sec_info
.
ca
.
cert
.
signature_
.
ecdsaNistP256Signature
.
rSig
.
x_only
&
v_chain_sec_info
.
ca
.
cert
.
signature_
.
ecdsaNistP256Signature
.
sSig
,
v_chain_sec_info
.
ca
.
cert
.
signature_
.
ecdsaNistP256Signature
.
sSig
,
v_chain_sec_info
.
ca
.
cert
.
toBeSigned
.
verifyKeyIndicator
.
verificationKey
.
ecdsaNistP256
.
uncompressedP256
.
x
,
v_chain_sec_info
.
ca
.
cert
.
toBeSigned
.
verifyKeyIndicator
.
verificationKey
.
ecdsaNistP256
.
uncompressedP256
.
y
)
==
false
)
{
...
...
@@ -62,9 +70,9 @@ module TestCodec_ChainOfCertificates {
v_enc_msg
:=
encvalue
(
v_chain_sec_info
.
ea
.
cert
.
toBeSigned
);
if
(
f_verifyWithEcdsaNistp256WithSha256
(
bit2oct
(
v_enc_msg
),
v_chain_sec_info
.
ea
.
cert
.
signature_
.
ecdsaNistP256Signature
.
rSig
.
x_only
&
v_chain_sec_info
.
ea
.
cert
.
signature_
.
ecdsaNistP256Signature
.
sSig
,
v_chain_sec_info
.
e
a
.
cert
.
toBeSigned
.
verifyKeyIndicator
.
verificationKey
.
ecdsaNistP256
.
uncompressedP256
.
x
,
v_chain_sec_info
.
e
a
.
cert
.
toBeSigned
.
verifyKeyIndicator
.
verificationKey
.
ecdsaNistP256
.
uncompressedP256
.
y
v_chain_sec_info
.
ea
.
cert
.
signature_
.
ecdsaNistP256Signature
.
sSig
,
v_chain_sec_info
.
c
a
.
cert
.
toBeSigned
.
verifyKeyIndicator
.
verificationKey
.
ecdsaNistP256
.
uncompressedP256
.
x
,
v_chain_sec_info
.
c
a
.
cert
.
toBeSigned
.
verifyKeyIndicator
.
verificationKey
.
ecdsaNistP256
.
uncompressedP256
.
y
)
==
false
)
{
setverdict
(
fail
);
}
else
{
...
...
@@ -75,25 +83,57 @@ module TestCodec_ChainOfCertificates {
v_chain_sec_info
.
at
.
cert
:=
f_create_at_certificate_sha256_1
(
v_chain_sec_info
.
ea
,
v_chain_sec_info
.
at
);
v_enc_msg
:=
encvalue
(
v_chain_sec_info
.
at
.
cert
);
v_chain_sec_info
.
at
.
hashid8
:=
f_HashedId8FromSha256
(
f_hashWithSha256
(
bit2oct
(
v_enc_msg
)));
// Verify signature of
E
A certificate by
C
A certificate
// Verify signature of A
T
certificate by
E
A certificate
v_enc_msg
:=
encvalue
(
v_chain_sec_info
.
at
.
cert
.
toBeSigned
);
if
(
f_verifyWithEcdsaNistp256WithSha256
(
bit2oct
(
v_enc_msg
),
v_chain_sec_info
.
at
.
cert
.
signature_
.
ecdsaNistP256Signature
.
rSig
.
x_only
&
v_chain_sec_info
.
at
.
cert
.
signature_
.
ecdsaNistP256Signature
.
sSig
,
v_chain_sec_info
.
a
t
.
cert
.
toBeSigned
.
verifyKeyIndicator
.
verificationKey
.
ecdsaNistP256
.
uncompressedP256
.
x
,
v_chain_sec_info
.
a
t
.
cert
.
toBeSigned
.
verifyKeyIndicator
.
verificationKey
.
ecdsaNistP256
.
uncompressedP256
.
y
v_chain_sec_info
.
at
.
cert
.
signature_
.
ecdsaNistP256Signature
.
sSig
,
v_chain_sec_info
.
e
a
.
cert
.
toBeSigned
.
verifyKeyIndicator
.
verificationKey
.
ecdsaNistP256
.
uncompressedP256
.
x
,
v_chain_sec_info
.
e
a
.
cert
.
toBeSigned
.
verifyKeyIndicator
.
verificationKey
.
ecdsaNistP256
.
uncompressedP256
.
y
)
==
false
)
{
setverdict
(
fail
);
}
else
{
setverdict
(
pass
)
}
// Create a basic CAM message
// And sign it
log
(
"tc_full_check_certificate_1: Final chain = "
,
v_chain_sec_info
);
// Create a basic GeoNetworking message
v_gnNonSecuredPacket
:=
m_geoNwShbPacket
(
LongPosVector
:
{
gnAddr
:=
{
typeOfAddress
:=
e_manual
,
stationType
:=
e_roadSideUnit
,
stationCountryCode
:=
33
,
mid
:=
'
a4fedecabeef
'
O
},
timestamp_
:=
123456
,
latitude
:=
4856
,
longitude
:=
675
,
pai
:=
'1'
B
,
speed
:=
55
,
heading
:=
9876
}
);
// Build the secured message and sign it
v_secured_data
:=
f_build_and_sign_secured_message_sha256
(
v_gnNonSecuredPacket
,
v_chain_sec_info
.
at
);
// And encrypt it
// Finalyse the GeoNetworking message
v_gnSecuredPacket
:=
m_geoNwSecPdu
(
v_gnNonSecuredPacket
,
v_secured_data
);
log
(
"tc_full_check_certificate_1: Final GeoNetworking secured message: "
,
v_gnSecuredPacket
);
// Verify signature of EA certificate by CA certificate
if
(
f_verifyWithEcdsaNistp256WithSha256
(
valueof
(
v_gnSecuredPacket
.
gnPacket
.
securedMsg
.
content
.
signedData
.
tbsData
.
payload
.
data
.
content
.
unsecuredData
),
valueof
(
v_gnSecuredPacket
.
gnPacket
.
securedMsg
.
content
.
signedData
.
signature_
.
ecdsaNistP256Signature
.
sSig
),
v_chain_sec_info
.
at
.
cert
.
toBeSigned
.
verifyKeyIndicator
.
verificationKey
.
ecdsaNistP256
.
uncompressedP256
.
x
,
v_chain_sec_info
.
at
.
cert
.
toBeSigned
.
verifyKeyIndicator
.
verificationKey
.
ecdsaNistP256
.
uncompressedP256
.
y
)
==
false
)
{
setverdict
(
fail
);
}
else
{
setverdict
(
pass
)
}
// TODO Add encryption support
}
// End of testcase tc_full_check_certificate_1
...
...
@@ -108,8 +148,8 @@ module TestCodec_ChainOfCertificates {
var
charstring
v_certId
:=
"STF538 Root Certificate"
;
var
HashAlgorithm
v_self
:=
sha256
;
// ETSI TS 103 097 V1.3.1 Clause 7.2.3 Root CA certificates Bullet 1
var
SequenceOfPsidSsp
v_appPermissions
:=
{
// ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof
(
m_appPermissions
(
36
,
{
bitmapSsp
:=
'
830001
'
O
})),
valueof
(
m_appPermissions
(
37
,
{
bitmapSsp
:=
'
830001
'
O
}))
valueof
(
m_appPermissions
(
36
,
{
bitmapSsp
:=
'
830001
'
O
})),
valueof
(
m_appPermissions
(
37
,
{
bitmapSsp
:=
'
830001
'
O
}))
};
var
SequenceOfPsidSspRange
v_certIssuePermissions
:=
{
// ETSI TS 103 097 V1.3.1 Clause 7.2.3 Root CA certificates Bullet 3
valueof
(
m_psidSspRange
(
1
))
...
...
@@ -121,19 +161,19 @@ module TestCodec_ChainOfCertificates {
// Generate Private/Public keys
f_generate_key_pair_nistp256
(
p_ca_sec_info
.
private_key
,
p_ca_sec_info
.
public_key_x
,
p_ca_sec_info
.
public_key_y
);
// Store Private key in binary format
// Fill Certificate template with the public key
// Fill Certificate template with the public key
v_cert
:=
m_etsiTs103097Certificate
(
m_issuerIdentifier_self
(
v_self
),
m_toBeSignedCertificate_ca
(
{
name
:=
v_certId
},
v_appPermissions
,
{
{
m_psidGroupPermissions
(
m_subjectPermissions_explicit
(
v_certIssuePermissions
))
},
m_verificationKeyIndicator_verificationKey
(
m_verificationKeyIndicator_verificationKey
(
m_publicVerificationKey_ecdsaNistP256
(
m_eccP256CurvePoint_uncompressed
(
// Signed by itself
p_ca_sec_info
.
public_key_x
,
...
...
@@ -146,7 +186,6 @@ module TestCodec_ChainOfCertificates {
)
);
// Encode it ==> Get octetstring
log
(
"Encode template "
,
valueof
(
v_cert
));
v_enc_msg
:=
encvalue
(
v_cert
.
toBeSigned
);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig
:=
f_signWithEcdsaNistp256WithSha256
(
bit2oct
(
v_enc_msg
),
p_ca_sec_info
.
private_key
);
...
...
@@ -159,6 +198,8 @@ module TestCodec_ChainOfCertificates {
v_sig
)
);
log
(
"f_create_ca_certificate_sha256_1: Signed template "
,
valueof
(
v_cert
));
// Final CA certificate
return
valueof
(
v_cert
);
}
// End of function f_create_ca_certificate_sha256_1
...
...
@@ -174,8 +215,8 @@ module TestCodec_ChainOfCertificates {
var
template
(
value
)
EtsiTs103097Certificate
v_cert
;
// ETSI TS 103 097 V1.3.1 Clause 6 Bullet 1
var
charstring
v_certId
:=
"STF538 EA Certificate"
;
// ETSI TS 103 097 V1.3.1 Clause 7.2.2 Enrolment credential #5
var
SequenceOfPsidSsp
v_appPermissions
:=
{
// ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof
(
m_appPermissions
(
36
,
{
bitmapSsp
:=
'
830001
'
O
})),
valueof
(
m_appPermissions
(
37
,
{
bitmapSsp
:=
'
830001
'
O
}))
valueof
(
m_appPermissions
(
36
,
{
bitmapSsp
:=
'
830001
'
O
})),
valueof
(
m_appPermissions
(
37
,
{
bitmapSsp
:=
'
830001
'
O
}))
};
var
Oct32
v_sig
:=
int2oct
(
0
,
32
);
var
bitstring
v_enc_msg
:=
''
B
;
...
...
@@ -183,7 +224,7 @@ module TestCodec_ChainOfCertificates {
// Generate Private/Public keys
f_generate_key_pair_nistp256
(
p_ea_sec_info
.
private_key
,
p_ea_sec_info
.
public_key_x
,
p_ea_sec_info
.
public_key_y
);
// Store Private key in binary format
// Fill Certificate template with the public key
// Fill Certificate template with the public key
v_cert
:=
m_etsiTs103097Certificate
(
m_issuerIdentifier_sha256AndDigest
(
p_ca_sec_info
.
hashid8
),
m_toBeSignedCertificate_ea
(
...
...
@@ -208,7 +249,6 @@ module TestCodec_ChainOfCertificates {
)
);
// Encode it ==> Get octetstring
log
(
"Encode template "
,
valueof
(
v_cert
));
v_enc_msg
:=
encvalue
(
v_cert
.
toBeSigned
);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig
:=
f_signWithEcdsaNistp256WithSha256
(
bit2oct
(
v_enc_msg
),
p_ca_sec_info
.
private_key
);
...
...
@@ -221,6 +261,8 @@ module TestCodec_ChainOfCertificates {
v_sig
)
);
log
(
"f_create_ea_certificate_sha256_1: Signed template "
,
valueof
(
v_cert
));
// Final EA certificate
return
valueof
(
v_cert
);
}
// End of function f_create_ea_certificate_sha256_1
...
...
@@ -236,8 +278,8 @@ module TestCodec_ChainOfCertificates {
var
template
(
value
)
EtsiTs103097Certificate
v_cert
;
// ETSI TS 103 097 V1.3.1 Clause 6 Bullet 1
var
charstring
v_certId
:=
"STF538 AT Certificate"
;
// ETSI TS 103 097 V1.3.1 Clause 7.2.1 Authorization tickets #2
var
SequenceOfPsidSsp
v_appPermissions
:=
{
// ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof
(
m_appPermissions
(
36
,
{
bitmapSsp
:=
'
830001
'
O
})),
valueof
(
m_appPermissions
(
37
,
{
bitmapSsp
:=
'
830001
'
O
}))
valueof
(
m_appPermissions
(
36
,
{
bitmapSsp
:=
'
830001
'
O
})),
valueof
(
m_appPermissions
(
37
,
{
bitmapSsp
:=
'
830001
'
O
}))
};
var
Oct32
v_sig
:=
int2oct
(
0
,
32
);
var
bitstring
v_enc_msg
:=
''
B
;
...
...
@@ -245,7 +287,7 @@ module TestCodec_ChainOfCertificates {
// Generate Private/Public keys
f_generate_key_pair_nistp256
(
p_at_sec_info
.
private_key
,
p_at_sec_info
.
public_key_x
,
p_at_sec_info
.
public_key_y
);
// Store Private key in binary format
// Fill Certificate template with the public key
// Fill Certificate template with the public key
v_cert
:=
m_etsiTs103097Certificate
(
m_issuerIdentifier_sha256AndDigest
(
p_ea_sec_info
.
hashid8
),
m_toBeSignedCertificate_ea
(
...
...
@@ -283,9 +325,54 @@ module TestCodec_ChainOfCertificates {
v_sig
)
);
// Final EA certificate
log
(
"f_create_at_certificate_sha256_1: Signed template "
,
valueof
(
v_cert
));
// Final AT certificate
return
valueof
(
v_cert
);
}
// End of function f_create_at_certificate_sha256_1
function
f_build_and_sign_secured_message_sha256
(
in
template
(
value
)
GnNonSecuredPacket
p_gnNonSecuredPacket
,
in
sec_info
p_at_sec_info
)
runs
on
TCType
return
EtsiTs103097Data
{
var
octetstring
v_raw_payload_to_be_signed
;
var
template
(
value
)
ToBeSignedData
v_toBeSignedData
;
var
Oct32
v_sig
:=
'0000000000000000000000000000000000000000000000000000000000000000'O
;
var
template
(
value
)
EtsiTs103097Data
v_secured_data
;
// Build the message to be signed
v_raw_payload_to_be_signed
:=
bit2oct
(
encvalue
(
p_gnNonSecuredPacket
));
v_toBeSignedData
:=
m_toBeSignedData
(
m_signedDataPayload
(
m_etsiTs103097Data_unsecured
(
v_raw_payload_to_be_signed
)
),
m_headerInfo_gn
(
-
,
12345
,
123456
)
);
// Signed it
v_sig
:=
f_signWithEcdsaNistp256WithSha256
(
v_raw_payload_to_be_signed
,
p_at_sec_info
.
private_key
);
// Finalize the secured message
v_secured_data
:=
m_etsiTs103097Data_signed
(
m_signedData
(
sha256
,
v_toBeSignedData
,
{
digest
:=
p_at_sec_info
.
hashid8
},
m_signature_ecdsaNistP256
(
m_ecdsaNistP256Signature
(
m_eccP256CurvePoint_x_only
(
p_at_sec_info
.
public_key_x
),
v_sig
)
)
)
);
log
(
"f_build_and_sign_secured_message_sha256: v_secured_data = "
,
v_secured_data
);
return
valueof
(
v_secured_data
);
}
// End of function f_build_and_sign_secured_message_sha256
}
// End of module TestCodec_ChainOfCertificates
ttcn/TestCodec/TestCodec_SecuredMessages.ttcn
View file @
6305bf76
This diff is collapsed.
Click to expand it.
validation/FunctionaValidation.xlsm
View file @
6305bf76
No preview for this file type
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment