Commit 6305bf76 authored by garciay's avatar garciay
Browse files

Validate secured messages codec

parent 293e37ad
......@@ -126,7 +126,7 @@ system.utPort.params := "UT_GN/UDP(dst_ip=192.168.56.1,dst_port=12346,src_ip=192
#TestCodec_GeoNetworking.tc_GeoNet_Port_acPort_pass_beaconing_2
# GeoNetworking port tests
# To run the GeoNetworking port tests, use the offline mode and the test data provided. Use PcapLayer.save_mode to save sent packet into a file
TestCodec_GeoNetworking.tc_GeoNet_Port_1 # Use simulator of file to run this test
#TestCodec_GeoNetworking.tc_GeoNet_Port_1 # Use simulator of file to run this test
# Used to test device_mode=0,beaconing=1,beacon codec
# No startPassBeaconing
#TestCodec_GeoNetworking.tc_GeoNet_Port_2 # Use simulator of file to run this test
......@@ -254,8 +254,9 @@ TestCodec_GeoNetworking.tc_GeoNet_Port_1 # Use simulator of file to run
#TestCodec_SecuredMessages.tc_ssp_denm
#TestCodec_SecuredMessages.tc_secured_message_unsecured
#TestCodec_SecuredMessages.tc_secured_message_signed_1
#TestCodec_SecuredMessages.tc_secured_message_signed_2
# Chain of certificates
#TestCodec_ChainOfCertificates.tc_full_check_certificate_1
TestCodec_ChainOfCertificates.tc_full_check_certificate_1
[MAIN_CONTROLLER]
# The options herein control the behavior of MC.
......
......@@ -32,14 +32,14 @@ module ItsAutoInterop_Pixits {
*/
modulepar EutDescriptions PX_EUT_DESC := {
{
'000000000001'O,
111,
'000000000001'O
'04e548000001'O,
10171,
'04e548000001'O
}, // EUT_1
{
'000000000002'O,
222,
'000000000003'O
'70b3d5791b48'O,
10031,
'70b3d5791b48'O
}, // EUT_2
{
'000000000003'O,
......
......@@ -1438,7 +1438,7 @@ module ItsAutoInterop_TestCases {
mw_denm(
mw_denmMgmtCon_with_relevances(
?,
-,
LibItsCommon_ASN1_NamedNumbers.StationType_roadSideUnit_,
-,
-,
-,
......
......@@ -9,6 +9,11 @@ module TestCodec_ChainOfCertificates {
import from IEEE1609dot2 language "ASN.1:1997" all;
import from EtsiTs103097Module language "ASN.1:1997" all;
// LibItsGeoNetworking
import from LibItsGeoNetworking_EncdecDeclarations all;
import from LibItsGeoNetworking_TypesAndValues all;
import from LibItsGeoNetworking_Templates all;
// LibItsSecurity
import from LibItsSecurity_EncdecDeclarations all;
import from LibItsSecurity_TypesAndValues all;
......@@ -36,6 +41,9 @@ module TestCodec_ChainOfCertificates {
testcase tc_full_check_certificate_1() runs on TCType system TCType {
var chain_sec_info v_chain_sec_info;
var bitstring v_enc_msg := ''B;
var template (value) GnNonSecuredPacket v_gnNonSecuredPacket;
var template (value) EtsiTs103097Data v_secured_data;
var template (value) GeoNetworkingPdu v_gnSecuredPacket;
// Generate CA certificate
v_chain_sec_info.ca.cert := f_create_ca_certificate_sha256_1(v_chain_sec_info.ca);
......@@ -45,7 +53,7 @@ module TestCodec_ChainOfCertificates {
v_enc_msg := encvalue(v_chain_sec_info.ca.cert.toBeSigned);
if (f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_enc_msg),
v_chain_sec_info.ca.cert.signature_.ecdsaNistP256Signature.rSig.x_only & v_chain_sec_info.ca.cert.signature_.ecdsaNistP256Signature.sSig,
v_chain_sec_info.ca.cert.signature_.ecdsaNistP256Signature.sSig,
v_chain_sec_info.ca.cert.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.uncompressedP256.x,
v_chain_sec_info.ca.cert.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.uncompressedP256.y
) == false) {
......@@ -62,9 +70,9 @@ module TestCodec_ChainOfCertificates {
v_enc_msg := encvalue(v_chain_sec_info.ea.cert.toBeSigned);
if (f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_enc_msg),
v_chain_sec_info.ea.cert.signature_.ecdsaNistP256Signature.rSig.x_only & v_chain_sec_info.ea.cert.signature_.ecdsaNistP256Signature.sSig,
v_chain_sec_info.ea.cert.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.uncompressedP256.x,
v_chain_sec_info.ea.cert.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.uncompressedP256.y
v_chain_sec_info.ea.cert.signature_.ecdsaNistP256Signature.sSig,
v_chain_sec_info.ca.cert.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.uncompressedP256.x,
v_chain_sec_info.ca.cert.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.uncompressedP256.y
) == false) {
setverdict(fail);
} else {
......@@ -75,25 +83,57 @@ module TestCodec_ChainOfCertificates {
v_chain_sec_info.at.cert := f_create_at_certificate_sha256_1(v_chain_sec_info.ea, v_chain_sec_info.at);
v_enc_msg := encvalue(v_chain_sec_info.at.cert);
v_chain_sec_info.at.hashid8 := f_HashedId8FromSha256(f_hashWithSha256(bit2oct(v_enc_msg)));
// Verify signature of EA certificate by CA certificate
// Verify signature of AT certificate by EA certificate
v_enc_msg := encvalue(v_chain_sec_info.at.cert.toBeSigned);
if (f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_enc_msg),
v_chain_sec_info.at.cert.signature_.ecdsaNistP256Signature.rSig.x_only & v_chain_sec_info.at.cert.signature_.ecdsaNistP256Signature.sSig,
v_chain_sec_info.at.cert.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.uncompressedP256.x,
v_chain_sec_info.at.cert.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.uncompressedP256.y
v_chain_sec_info.at.cert.signature_.ecdsaNistP256Signature.sSig,
v_chain_sec_info.ea.cert.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.uncompressedP256.x,
v_chain_sec_info.ea.cert.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.uncompressedP256.y
) == false) {
setverdict(fail);
} else {
setverdict(pass)
}
// Create a basic CAM message
// And sign it
log("tc_full_check_certificate_1: Final chain = ", v_chain_sec_info);
// Create a basic GeoNetworking message
v_gnNonSecuredPacket := m_geoNwShbPacket(
LongPosVector: {
gnAddr := {
typeOfAddress := e_manual,
stationType := e_roadSideUnit,
stationCountryCode := 33,
mid := 'a4fedecabeef'O
},
timestamp_ := 123456,
latitude := 4856,
longitude := 675,
pai := '1'B,
speed := 55,
heading := 9876
}
);
// Build the secured message and sign it
v_secured_data := f_build_and_sign_secured_message_sha256(v_gnNonSecuredPacket, v_chain_sec_info.at);
// And encrypt it
// Finalyse the GeoNetworking message
v_gnSecuredPacket := m_geoNwSecPdu(v_gnNonSecuredPacket, v_secured_data);
log("tc_full_check_certificate_1: Final GeoNetworking secured message: ", v_gnSecuredPacket);
// Verify signature of EA certificate by CA certificate
if (f_verifyWithEcdsaNistp256WithSha256(
valueof(v_gnSecuredPacket.gnPacket.securedMsg.content.signedData.tbsData.payload.data.content.unsecuredData),
valueof(v_gnSecuredPacket.gnPacket.securedMsg.content.signedData.signature_.ecdsaNistP256Signature.sSig),
v_chain_sec_info.at.cert.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.uncompressedP256.x,
v_chain_sec_info.at.cert.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.uncompressedP256.y
) == false) {
setverdict(fail);
} else {
setverdict(pass)
}
// TODO Add encryption support
} // End of testcase tc_full_check_certificate_1
......@@ -108,8 +148,8 @@ module TestCodec_ChainOfCertificates {
var charstring v_certId := "STF538 Root Certificate";
var HashAlgorithm v_self := sha256; // ETSI TS 103 097 V1.3.1 Clause 7.2.3 Root CA certificates Bullet 1
var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof(m_appPermissions(36, { bitmapSsp := '830001'O })),
valueof(m_appPermissions(37, { bitmapSsp := '830001'O }))
valueof(m_appPermissions(36, { bitmapSsp := '830001'O })),
valueof(m_appPermissions(37, { bitmapSsp := '830001'O }))
};
var SequenceOfPsidSspRange v_certIssuePermissions := { // ETSI TS 103 097 V1.3.1 Clause 7.2.3 Root CA certificates Bullet 3
valueof(m_psidSspRange(1))
......@@ -121,19 +161,19 @@ module TestCodec_ChainOfCertificates {
// Generate Private/Public keys
f_generate_key_pair_nistp256(p_ca_sec_info.private_key, p_ca_sec_info.public_key_x, p_ca_sec_info.public_key_y);
// Store Private key in binary format
// Fill Certificate template with the public key
// Fill Certificate template with the public key
v_cert := m_etsiTs103097Certificate(
m_issuerIdentifier_self(v_self),
m_toBeSignedCertificate_ca(
{ name := v_certId },
v_appPermissions,
{
{
m_psidGroupPermissions(
m_subjectPermissions_explicit(
v_certIssuePermissions
))
},
m_verificationKeyIndicator_verificationKey(
m_verificationKeyIndicator_verificationKey(
m_publicVerificationKey_ecdsaNistP256(
m_eccP256CurvePoint_uncompressed( // Signed by itself
p_ca_sec_info.public_key_x,
......@@ -146,7 +186,6 @@ module TestCodec_ChainOfCertificates {
)
);
// Encode it ==> Get octetstring
log("Encode template ", valueof(v_cert));
v_enc_msg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_enc_msg), p_ca_sec_info.private_key);
......@@ -159,6 +198,8 @@ module TestCodec_ChainOfCertificates {
v_sig
)
);
log("f_create_ca_certificate_sha256_1: Signed template ", valueof(v_cert));
// Final CA certificate
return valueof(v_cert);
} // End of function f_create_ca_certificate_sha256_1
......@@ -174,8 +215,8 @@ module TestCodec_ChainOfCertificates {
var template (value) EtsiTs103097Certificate v_cert; // ETSI TS 103 097 V1.3.1 Clause 6 Bullet 1
var charstring v_certId := "STF538 EA Certificate"; // ETSI TS 103 097 V1.3.1 Clause 7.2.2 Enrolment credential #5
var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof(m_appPermissions(36, { bitmapSsp := '830001'O })),
valueof(m_appPermissions(37, { bitmapSsp := '830001'O }))
valueof(m_appPermissions(36, { bitmapSsp := '830001'O })),
valueof(m_appPermissions(37, { bitmapSsp := '830001'O }))
};
var Oct32 v_sig := int2oct(0, 32);
var bitstring v_enc_msg := ''B;
......@@ -183,7 +224,7 @@ module TestCodec_ChainOfCertificates {
// Generate Private/Public keys
f_generate_key_pair_nistp256(p_ea_sec_info.private_key, p_ea_sec_info.public_key_x, p_ea_sec_info.public_key_y);
// Store Private key in binary format
// Fill Certificate template with the public key
// Fill Certificate template with the public key
v_cert := m_etsiTs103097Certificate(
m_issuerIdentifier_sha256AndDigest(p_ca_sec_info.hashid8),
m_toBeSignedCertificate_ea(
......@@ -208,7 +249,6 @@ module TestCodec_ChainOfCertificates {
)
);
// Encode it ==> Get octetstring
log("Encode template ", valueof(v_cert));
v_enc_msg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_enc_msg), p_ca_sec_info.private_key);
......@@ -221,6 +261,8 @@ module TestCodec_ChainOfCertificates {
v_sig
)
);
log("f_create_ea_certificate_sha256_1: Signed template ", valueof(v_cert));
// Final EA certificate
return valueof(v_cert);
} // End of function f_create_ea_certificate_sha256_1
......@@ -236,8 +278,8 @@ module TestCodec_ChainOfCertificates {
var template (value) EtsiTs103097Certificate v_cert; // ETSI TS 103 097 V1.3.1 Clause 6 Bullet 1
var charstring v_certId := "STF538 AT Certificate"; // ETSI TS 103 097 V1.3.1 Clause 7.2.1 Authorization tickets #2
var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof(m_appPermissions(36, { bitmapSsp := '830001'O })),
valueof(m_appPermissions(37, { bitmapSsp := '830001'O }))
valueof(m_appPermissions(36, { bitmapSsp := '830001'O })),
valueof(m_appPermissions(37, { bitmapSsp := '830001'O }))
};
var Oct32 v_sig := int2oct(0, 32);
var bitstring v_enc_msg := ''B;
......@@ -245,7 +287,7 @@ module TestCodec_ChainOfCertificates {
// Generate Private/Public keys
f_generate_key_pair_nistp256(p_at_sec_info.private_key, p_at_sec_info.public_key_x, p_at_sec_info.public_key_y);
// Store Private key in binary format
// Fill Certificate template with the public key
// Fill Certificate template with the public key
v_cert := m_etsiTs103097Certificate(
m_issuerIdentifier_sha256AndDigest(p_ea_sec_info.hashid8),
m_toBeSignedCertificate_ea(
......@@ -283,9 +325,54 @@ module TestCodec_ChainOfCertificates {
v_sig
)
);
// Final EA certificate
log("f_create_at_certificate_sha256_1: Signed template ", valueof(v_cert));
// Final AT certificate
return valueof(v_cert);
} // End of function f_create_at_certificate_sha256_1
function f_build_and_sign_secured_message_sha256(
in template (value) GnNonSecuredPacket p_gnNonSecuredPacket,
in sec_info p_at_sec_info
) runs on TCType return EtsiTs103097Data {
var octetstring v_raw_payload_to_be_signed;
var template (value) ToBeSignedData v_toBeSignedData;
var Oct32 v_sig := '0000000000000000000000000000000000000000000000000000000000000000'O;
var template (value) EtsiTs103097Data v_secured_data;
// Build the message to be signed
v_raw_payload_to_be_signed := bit2oct(encvalue(p_gnNonSecuredPacket));
v_toBeSignedData := m_toBeSignedData(
m_signedDataPayload(
m_etsiTs103097Data_unsecured(v_raw_payload_to_be_signed)
),
m_headerInfo_gn(
-,
12345,
123456
)
);
// Signed it
v_sig := f_signWithEcdsaNistp256WithSha256(v_raw_payload_to_be_signed, p_at_sec_info.private_key);
// Finalize the secured message
v_secured_data := m_etsiTs103097Data_signed(
m_signedData(
sha256,
v_toBeSignedData,
{ digest := p_at_sec_info.hashid8 },
m_signature_ecdsaNistP256(
m_ecdsaNistP256Signature(
m_eccP256CurvePoint_x_only(
p_at_sec_info.public_key_x
),
v_sig
)
)
)
);
log("f_build_and_sign_secured_message_sha256: v_secured_data = ", v_secured_data);
return valueof(v_secured_data);
} // End of function f_build_and_sign_secured_message_sha256
} // End of module TestCodec_ChainOfCertificates
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment