Loading etc/TestCodec/TestCodec.cfg +3 −1 Original line number Diff line number Diff line Loading @@ -194,7 +194,9 @@ system.utPort.params := "UT_GN/UDP(dst_ip=192.168.56.1,dst_port=12346,src_ip=192 #TestCodec_IVIM.tc_Ivim_UtIvimTermination # Security tests TestCodec_Certificates.tc_certificate_1 TestCodec_SecuredFuntions.tc_sha256_1 TestCodec_Certificates.tc_at_certificate_sha256_1 #TestCodec_SecuredMessages.tc_secured_message_signed [MAIN_CONTROLLER] # The options herein control the behavior of MC. Loading ttcn/TestCodec/TestCodec_Certificates.ttcn +271 −143 Original line number Diff line number Diff line Loading @@ -31,12 +31,89 @@ module TestCodec_Certificates { // TestCodec import from TestCodec_TestAndSystem all; /** * @desc Authorisation Ticket certificate * @see ETSI TS 103 097 V1.3.1 Clause 7.2.1 Authorization tickets */ testcase tc_at_certificate_sha256_1() runs on TCType system TCType { var template (value) EtsiTs103097Certificate v_cert; // ETSI TS 103 097 V1.3.1 Clause 6 Bullet 1 var HashedId8 v_sha256AndDigest := f_HashedId8FromSha256(f_hashWithSha256('616263'O)); // ETSI TS 103 097 V1.3.1 Clause 7.2.1 Authorization tickets #2 var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs valueof(m_appPermissions(36, { bitmapSsp := '830001'O })), valueof(m_appPermissions(37, { bitmapSsp := '830001'O })) }; var SequenceOfPsidSspRange v_certRequestPermissions := { // FIXME Could this componet be present? If yes, What is the content of certIssuePermissions? valueof(m_psidSspRange(2)) }; var octetstring v_private_key := ''O; var octetstring v_publicKeyX := ''O; var octetstring v_publicKeyY := ''O; var octetstring v_sig := ''O; var bitstring v_encMsg := ''B; var octetstring v_expMsg := '80030080B410FF61F20015AD14830000000000010A8F1C86000A01028001248104038300018001258104038300010101E080010180010281010101000080808449E507DAAF4491A8D0FC9C17F77C967DDD151486366BDC0E72D33080C2DA46FA16B287752B5A91FC51DD7A527C069F45D5A6E58F3AEE512721081714B2BE4EF680803EC42C4A802FA43A9146ECFEBA45C096E1761BAD2139B4138B5D02075E955D81E73DB92A3AA346F23A4964911F84E970C94B804517B363D5FEB70B6C47E8BB02'O if (f_generate_key_pair(v_private_key, v_publicKeyX, v_publicKeyY) == false) { setverdict(fail); stop; } log("v_private_key = ", v_private_key); log("v_public_key X= ", v_publicKeyX); log("v_public_key Y= ", v_publicKeyY); v_cert := m_etsiTs103097Certificate( m_issuerIdentifier_sha256AndDigest(v_sha256AndDigest), m_toBeSignedCertificate_at( v_appPermissions, m_verificationKeyIndicator_verificationKey( // FIXME Do we use it? If so what is the content? m_publicVerificationKey_ecdsaNistP256( m_eccP256CurvePoint_uncompressed( v_publicKeyX, v_publicKeyY ))), { m_psidGroupPermissions( m_subjectPermissions_explicit( v_certRequestPermissions )) }, m_validityPeriod( 17469212, m_duration_years(10) ) ) ); // Encode it ==> Get octetstring log("Encode template ", valueof(v_cert.toBeSigned)); v_encMsg := encvalue(v_cert.toBeSigned); // Sign the certificate using ECDSA/SHA-256 (NIST p-256) v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_encMsg), v_private_key); v_cert.signature_ := m_signature_ecdsaNistP256( m_ecdsaNistP256Signature( m_eccP256CurvePoint_x_only( substr(v_sig, 0, 32) ), substr(v_sig, 32, 32) ) ); if (f_verifyWithEcdsaNistp256WithSha256(bit2oct(v_encMsg), v_sig, v_publicKeyX, v_publicKeyY) == false) { setverdict(fail); stop; } v_sig := '8c7680711d974eb007afe2acc820a5d2b71b34d29f04d0f9cbac9a545007a1acad504ab895e28e55f9f9ccda22bac976b8c63aff741c2aeb6805a6ffb334094e'O if (f_verifyWithEcdsaNistp256WithSha256(bit2oct(v_encMsg), v_sig, v_publicKeyX, v_publicKeyY) == true) { setverdict(fail); stop; } // Final certificate TestEtsiTs103097Certificate(v_cert, true, oct2bit(v_expMsg)); } // End of testcase tc_at_certificate_sha256_1 testcase tc_root_certificate_1() runs on TCType system TCType { var template (value) EtsiTs103097Certificate v_cert; // ETSI TS 103 097 V1.3.1 Clause 6 Bullet 1 var charstring v_certId := "STF528 Root Certificate"; var charstring v_certId := "STF538 Root Certificate"; var HashAlgorithm v_self := sha256; // ETSI TS 103 097 V1.3.1 Clause 7.2.3 Root CA certificates Bullet 1 var HashedId3 v_cracaId := '000000'O; // ETSI TS 103 097 V1.3.1 Clause 6 Bullet 2 var CrlSeries v_crlSeries := 0; // ETSI TS 103 097 V1.3.1 Clause 6 Bullet 3 var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs valueof(m_appPermissions(36, { bitmapSsp := '830001'O })), valueof(m_appPermissions(37, { bitmapSsp := '830001'O })) Loading @@ -61,10 +138,8 @@ module TestCodec_Certificates { // Fill Certificate template with the public key v_cert := m_etsiTs103097Certificate( m_issuerIdentifier_self(v_self), m_toBeSignedCertificate( m_toBeSignedCertificate_ca( { name := v_certId }, v_cracaId, v_crlSeries, v_appPermissions, { m_psidGroupPermissions( Loading Loading @@ -106,7 +181,7 @@ module TestCodec_Certificates { setverdict(pass, "Encoding passed."); } // End of testcase tc_root_certificate_1 testcase tc_certificate_1() runs on TCType system TCType { testcase tc_certificate_asn1c_1() runs on TCType system TCType { var template (value) EtsiTs103097Certificate v_cert; var charstring v_certId := "vehicle-test.example.com"; var HashAlgorithm v_self := sha256; Loading @@ -117,7 +192,7 @@ module TestCodec_Certificates { var octetstring v_publicKeyY := ''O; var HashedId8 v_sha256AndDigest; var octetstring v_sig := ''O; var bitstring v_encMsg := ''B; var octetstring v_exp_enc_msg := '80030080AF232618BE5E6F55B0811876656869636C652D746573742E6578616D706C652E636F6D5E6F5B0002010A8F1C86000A83010280000C800022010180012381038300010102E08101020100C0E0800102800123818002010081010101000080808208C3C070B040C040108033070D0501CE0C0A0806017B00F030D203EA04BE0903808008B2030104020A0D010C0105C0F80BB1460239348D17405C1A845151D40612002617CF4E6B25097F03F502AD0C6F2F125974700D31A60FD1EF12040E4D8231AB'O; // Generate Private/Public keys f_generate_key_pair(v_private_key, v_publicKeyX, v_publicKeyX); Loading @@ -126,10 +201,8 @@ module TestCodec_Certificates { // Fill Certificate template with the public key v_cert := m_etsiTs103097Certificate( m_issuerIdentifier_sha256AndDigest('AF232618BE5E6F55'O), m_toBeSignedCertificate( m_toBeSignedCertificate_ca( { name := v_certId }, v_cracaId, v_crlSeries, { valueof(m_appPermissions(35, { bitmapSsp := '830001'O })) }, { m_psidGroupPermissions( Loading Loading @@ -172,12 +245,67 @@ module TestCodec_Certificates { ) ) ); v_cert.toBeSigned.cracaId := v_cracaId; v_cert.toBeSigned.crlSeries := v_crlSeries; v_encMsg := encvalue(v_cert); TestEtsiTs103097Certificate(v_cert, true, oct2bit(v_exp_enc_msg)); setverdict(pass, "Encoding passed."); } // End of testcase tc_certificate_1 group encdec_functions { function TestEtsiTs103097Certificate( in template (value) EtsiTs103097Certificate p_cert, in boolean p_decode := true, in template (omit) bitstring p_expEncMsg := omit ) runs on TCType { var bitstring v_encMsg; var template (omit) TestRecord v_tr := { bs := p_expEncMsg }; var EtsiTs103097Certificate v_decMsg; var integer v_res := 0; // Encode template log("Encode template ", valueof(p_cert)); v_encMsg := encvalue(p_cert); log("Encoded message: ", bit2oct(v_encMsg)); // Check result if (not isbound(v_encMsg)) { setverdict(fail, "Encoding failed!"); stop; } if (ispresent(v_tr.bs)) { if (not match(v_encMsg, p_expEncMsg)) { log("Expected message: ", bit2oct(valueof(p_expEncMsg))); setverdict(fail, "Encoding failed, not the expected result!"); stop; } } setverdict(pass, "Encoding passed."); // Check decoding if (p_decode == true) { v_res := decvalue(v_encMsg, v_decMsg); log("Decoded message: ", v_decMsg); select (v_res) { case (0) { if(match(v_decMsg, p_cert)) { setverdict(pass); } else { setverdict(fail); } } case (1) { setverdict(fail, "Decoding failed."); } case (2) { setverdict(fail, "Not enough bits."); } } } } } // End of group encdec_functions control { execute(tc_root_certificate_1()); } Loading Loading
etc/TestCodec/TestCodec.cfg +3 −1 Original line number Diff line number Diff line Loading @@ -194,7 +194,9 @@ system.utPort.params := "UT_GN/UDP(dst_ip=192.168.56.1,dst_port=12346,src_ip=192 #TestCodec_IVIM.tc_Ivim_UtIvimTermination # Security tests TestCodec_Certificates.tc_certificate_1 TestCodec_SecuredFuntions.tc_sha256_1 TestCodec_Certificates.tc_at_certificate_sha256_1 #TestCodec_SecuredMessages.tc_secured_message_signed [MAIN_CONTROLLER] # The options herein control the behavior of MC. Loading
ttcn/TestCodec/TestCodec_Certificates.ttcn +271 −143 Original line number Diff line number Diff line Loading @@ -31,12 +31,89 @@ module TestCodec_Certificates { // TestCodec import from TestCodec_TestAndSystem all; /** * @desc Authorisation Ticket certificate * @see ETSI TS 103 097 V1.3.1 Clause 7.2.1 Authorization tickets */ testcase tc_at_certificate_sha256_1() runs on TCType system TCType { var template (value) EtsiTs103097Certificate v_cert; // ETSI TS 103 097 V1.3.1 Clause 6 Bullet 1 var HashedId8 v_sha256AndDigest := f_HashedId8FromSha256(f_hashWithSha256('616263'O)); // ETSI TS 103 097 V1.3.1 Clause 7.2.1 Authorization tickets #2 var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs valueof(m_appPermissions(36, { bitmapSsp := '830001'O })), valueof(m_appPermissions(37, { bitmapSsp := '830001'O })) }; var SequenceOfPsidSspRange v_certRequestPermissions := { // FIXME Could this componet be present? If yes, What is the content of certIssuePermissions? valueof(m_psidSspRange(2)) }; var octetstring v_private_key := ''O; var octetstring v_publicKeyX := ''O; var octetstring v_publicKeyY := ''O; var octetstring v_sig := ''O; var bitstring v_encMsg := ''B; var octetstring v_expMsg := '80030080B410FF61F20015AD14830000000000010A8F1C86000A01028001248104038300018001258104038300010101E080010180010281010101000080808449E507DAAF4491A8D0FC9C17F77C967DDD151486366BDC0E72D33080C2DA46FA16B287752B5A91FC51DD7A527C069F45D5A6E58F3AEE512721081714B2BE4EF680803EC42C4A802FA43A9146ECFEBA45C096E1761BAD2139B4138B5D02075E955D81E73DB92A3AA346F23A4964911F84E970C94B804517B363D5FEB70B6C47E8BB02'O if (f_generate_key_pair(v_private_key, v_publicKeyX, v_publicKeyY) == false) { setverdict(fail); stop; } log("v_private_key = ", v_private_key); log("v_public_key X= ", v_publicKeyX); log("v_public_key Y= ", v_publicKeyY); v_cert := m_etsiTs103097Certificate( m_issuerIdentifier_sha256AndDigest(v_sha256AndDigest), m_toBeSignedCertificate_at( v_appPermissions, m_verificationKeyIndicator_verificationKey( // FIXME Do we use it? If so what is the content? m_publicVerificationKey_ecdsaNistP256( m_eccP256CurvePoint_uncompressed( v_publicKeyX, v_publicKeyY ))), { m_psidGroupPermissions( m_subjectPermissions_explicit( v_certRequestPermissions )) }, m_validityPeriod( 17469212, m_duration_years(10) ) ) ); // Encode it ==> Get octetstring log("Encode template ", valueof(v_cert.toBeSigned)); v_encMsg := encvalue(v_cert.toBeSigned); // Sign the certificate using ECDSA/SHA-256 (NIST p-256) v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_encMsg), v_private_key); v_cert.signature_ := m_signature_ecdsaNistP256( m_ecdsaNistP256Signature( m_eccP256CurvePoint_x_only( substr(v_sig, 0, 32) ), substr(v_sig, 32, 32) ) ); if (f_verifyWithEcdsaNistp256WithSha256(bit2oct(v_encMsg), v_sig, v_publicKeyX, v_publicKeyY) == false) { setverdict(fail); stop; } v_sig := '8c7680711d974eb007afe2acc820a5d2b71b34d29f04d0f9cbac9a545007a1acad504ab895e28e55f9f9ccda22bac976b8c63aff741c2aeb6805a6ffb334094e'O if (f_verifyWithEcdsaNistp256WithSha256(bit2oct(v_encMsg), v_sig, v_publicKeyX, v_publicKeyY) == true) { setverdict(fail); stop; } // Final certificate TestEtsiTs103097Certificate(v_cert, true, oct2bit(v_expMsg)); } // End of testcase tc_at_certificate_sha256_1 testcase tc_root_certificate_1() runs on TCType system TCType { var template (value) EtsiTs103097Certificate v_cert; // ETSI TS 103 097 V1.3.1 Clause 6 Bullet 1 var charstring v_certId := "STF528 Root Certificate"; var charstring v_certId := "STF538 Root Certificate"; var HashAlgorithm v_self := sha256; // ETSI TS 103 097 V1.3.1 Clause 7.2.3 Root CA certificates Bullet 1 var HashedId3 v_cracaId := '000000'O; // ETSI TS 103 097 V1.3.1 Clause 6 Bullet 2 var CrlSeries v_crlSeries := 0; // ETSI TS 103 097 V1.3.1 Clause 6 Bullet 3 var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs valueof(m_appPermissions(36, { bitmapSsp := '830001'O })), valueof(m_appPermissions(37, { bitmapSsp := '830001'O })) Loading @@ -61,10 +138,8 @@ module TestCodec_Certificates { // Fill Certificate template with the public key v_cert := m_etsiTs103097Certificate( m_issuerIdentifier_self(v_self), m_toBeSignedCertificate( m_toBeSignedCertificate_ca( { name := v_certId }, v_cracaId, v_crlSeries, v_appPermissions, { m_psidGroupPermissions( Loading Loading @@ -106,7 +181,7 @@ module TestCodec_Certificates { setverdict(pass, "Encoding passed."); } // End of testcase tc_root_certificate_1 testcase tc_certificate_1() runs on TCType system TCType { testcase tc_certificate_asn1c_1() runs on TCType system TCType { var template (value) EtsiTs103097Certificate v_cert; var charstring v_certId := "vehicle-test.example.com"; var HashAlgorithm v_self := sha256; Loading @@ -117,7 +192,7 @@ module TestCodec_Certificates { var octetstring v_publicKeyY := ''O; var HashedId8 v_sha256AndDigest; var octetstring v_sig := ''O; var bitstring v_encMsg := ''B; var octetstring v_exp_enc_msg := '80030080AF232618BE5E6F55B0811876656869636C652D746573742E6578616D706C652E636F6D5E6F5B0002010A8F1C86000A83010280000C800022010180012381038300010102E08101020100C0E0800102800123818002010081010101000080808208C3C070B040C040108033070D0501CE0C0A0806017B00F030D203EA04BE0903808008B2030104020A0D010C0105C0F80BB1460239348D17405C1A845151D40612002617CF4E6B25097F03F502AD0C6F2F125974700D31A60FD1EF12040E4D8231AB'O; // Generate Private/Public keys f_generate_key_pair(v_private_key, v_publicKeyX, v_publicKeyX); Loading @@ -126,10 +201,8 @@ module TestCodec_Certificates { // Fill Certificate template with the public key v_cert := m_etsiTs103097Certificate( m_issuerIdentifier_sha256AndDigest('AF232618BE5E6F55'O), m_toBeSignedCertificate( m_toBeSignedCertificate_ca( { name := v_certId }, v_cracaId, v_crlSeries, { valueof(m_appPermissions(35, { bitmapSsp := '830001'O })) }, { m_psidGroupPermissions( Loading Loading @@ -172,12 +245,67 @@ module TestCodec_Certificates { ) ) ); v_cert.toBeSigned.cracaId := v_cracaId; v_cert.toBeSigned.crlSeries := v_crlSeries; v_encMsg := encvalue(v_cert); TestEtsiTs103097Certificate(v_cert, true, oct2bit(v_exp_enc_msg)); setverdict(pass, "Encoding passed."); } // End of testcase tc_certificate_1 group encdec_functions { function TestEtsiTs103097Certificate( in template (value) EtsiTs103097Certificate p_cert, in boolean p_decode := true, in template (omit) bitstring p_expEncMsg := omit ) runs on TCType { var bitstring v_encMsg; var template (omit) TestRecord v_tr := { bs := p_expEncMsg }; var EtsiTs103097Certificate v_decMsg; var integer v_res := 0; // Encode template log("Encode template ", valueof(p_cert)); v_encMsg := encvalue(p_cert); log("Encoded message: ", bit2oct(v_encMsg)); // Check result if (not isbound(v_encMsg)) { setverdict(fail, "Encoding failed!"); stop; } if (ispresent(v_tr.bs)) { if (not match(v_encMsg, p_expEncMsg)) { log("Expected message: ", bit2oct(valueof(p_expEncMsg))); setverdict(fail, "Encoding failed, not the expected result!"); stop; } } setverdict(pass, "Encoding passed."); // Check decoding if (p_decode == true) { v_res := decvalue(v_encMsg, v_decMsg); log("Decoded message: ", v_decMsg); select (v_res) { case (0) { if(match(v_decMsg, p_cert)) { setverdict(pass); } else { setverdict(fail); } } case (1) { setverdict(fail, "Decoding failed."); } case (2) { setverdict(fail, "Not enough bits."); } } } } } // End of group encdec_functions control { execute(tc_root_certificate_1()); } Loading
