Commit afe73978 authored by Yann Garcia's avatar Yann Garcia
Browse files

Continue PKI ATS development

parent fe22336b
......@@ -51,7 +51,7 @@ commsignia_layer::commsignia_layer(const std::string & p_type, const std::string
void commsignia_layer::send_data(OCTETSTRING& data, params& params) {
loggers::get_instance().log_msg(">>> commsignia_layer::send_data: ", data);
OCTETSTRING buffer(12, commsignia_layer::_fixed_header);
OCTETSTRING buffer(10, commsignia_layer::_fixed_header);
if (_params[std::string("use_vpn")].compare("1") == 0) {
buffer += int2oct(1, 1); // Injection to software
} else {
......@@ -61,21 +61,21 @@ void commsignia_layer::send_data(OCTETSTRING& data, params& params) {
loggers::get_instance().log_msg("commsignia_layer::send_data: buffer: ", buffer);
buffer += int2oct(std::stoi(_params[params::interface_id]), 4);
loggers::get_instance().log_msg("commsignia_layer::send_data: buffer: ", buffer);
buffer += int2oct(std::stoi(_params[std::string("data_rate")]), 4);
buffer += int2oct(std::stoi(_params[std::string("data_rate")]), 2);
loggers::get_instance().log_msg("commsignia_layer::send_data: buffer: ", buffer);
buffer += int2oct(7, 1); // MAC user priority
buffer += int2oct(0x80000000 & std::stoi(_params[std::string("power_tx")]), 4); // Negative number
loggers::get_instance().log_msg("commsignia_layer::send_data: buffer: ", buffer);
buffer += int2oct(7, 1); // MAC user priority
// Destination MAC address
params::const_iterator it = params.find(params::mac_dst); // Find in provided parameters, params
if (it != params.cend()) {
buffer = str2oct(CHARSTRING(it->second.c_str()));
buffer += str2oct(CHARSTRING(it->second.c_str()));
} else {
it = _params.find(params::mac_dst);
if (it != _params.cend()) {
buffer = str2oct(CHARSTRING(it->second.c_str()));
buffer += str2oct(CHARSTRING(it->second.c_str()));
} else {
buffer = str2oct(CHARSTRING(_params[params::mac_bc].c_str()));
buffer += str2oct(CHARSTRING(_params[params::mac_bc].c_str()));
}
}
loggers::get_instance().log_msg("commsignia_layer::send_data: buffer: ", buffer);
......@@ -84,7 +84,12 @@ void commsignia_layer::send_data(OCTETSTRING& data, params& params) {
if (it != params.cend()) {
buffer += str2oct(CHARSTRING(it->second.c_str()));
} else {
buffer += str2oct(CHARSTRING(_params[params::mac_src].c_str()));
it = _params.find(params::mac_src);
if (it != _params.cend()) {
buffer += str2oct(CHARSTRING(it->second.c_str()));
} else {
buffer += str2oct(CHARSTRING(_params[params::mac_src].c_str()));
}
}
loggers::get_instance().log_msg("commsignia_layer::send_data: buffer: ", buffer);
buffer += int2oct(0, 2); // Fixed
......@@ -101,14 +106,23 @@ void commsignia_layer::receive_data(OCTETSTRING& data, params& params) {
loggers::get_instance().log_msg(">>> commsignia_layer::receive_data: ", data);
const unsigned char* p = static_cast<const unsigned char *>(data);
// Check the frame version
if (*p != 0x12) {
// Discard it, on;y use TX version
return;
}
const commsignia_layer::c2p_s_v1_tx_t* r = (const commsignia_layer::c2p_s_v1_tx_t*)p;
loggers::get_instance().log("commsignia_layer::receive_data: version=%02x", r->s_header.u8_ver_type);
loggers::get_instance().log("commsignia_layer::receive_data: timestamp1=%08x", ntohl(r->s_header.u32_tst_sec));
loggers::get_instance().log("commsignia_layer::receive_data: timestamp2=%08x", ntohl(r->s_header.u32_tst_msec));
loggers::get_instance().log("commsignia_layer::receive_data: primary_channel=%08x", ntohl(r->u8_primary_channel));
loggers::get_instance().log("commsignia_layer::receive_data: secondary_channel=%08x", ntohl(r->u8_secondary_channel));
loggers::get_instance().log("commsignia_layer::receive_data: primary_channel=%08x", r->u8_primary_channel);
loggers::get_instance().log("commsignia_layer::receive_data: secondary_channel=%08x", r->u8_secondary_channel);
loggers::get_instance().log("commsignia_layer::receive_data: antenna=%02x", r->u8_antenna);
loggers::get_instance().log("commsignia_layer::receive_data: speed=%d", ntohs(r->u16_speed));
loggers::get_instance().log("commsignia_layer::receive_data: heading=%d", ntohs(r->u16_heading));
loggers::get_instance().log("commsignia_layer::receive_data: txp=%02x", r->s8_txp);
loggers::get_instance().log("commsignia_layer::receive_data: s8_tssi_ant_1=%d", r->s8_tssi_ant_1);
loggers::get_instance().log("commsignia_layer::receive_data: s8_tssi_ant_2=%d", r->s8_tssi_ant_2);
// Filtering on antenna index
......@@ -116,10 +130,10 @@ void commsignia_layer::receive_data(OCTETSTRING& data, params& params) {
if (r->u8_antenna != std::stoi(_params[params::interface_id])) {
// Discard packet
loggers::get_instance().warning("commsignia_layer::receive_data: Discard packet due to wrong antenna id");
return;
// TODO return;
} // else, continue
const commsignia_layer::c2p_802_11p_hdr* h = (const commsignia_layer::c2p_802_11p_hdr*)(p + sizeof(commsignia_layer::c2p_s_v1_tx_t));
const commsignia_layer::c2p_802_11p_hdr* h = (const commsignia_layer::c2p_802_11p_hdr*)(p + sizeof(commsignia_layer::c2p_s_v1_tx_t) - 1);
loggers::get_instance().log("commsignia_layer::receive_data: frame_ctrl=%04x", ntohs(h->frame_ctrl));
OCTETSTRING dst = OCTETSTRING(6, (const unsigned char*)&h->dst_addr);
loggers::get_instance().log_msg("commsignia_layer::receive_data: dst: ", dst);
......@@ -130,23 +144,30 @@ void commsignia_layer::receive_data(OCTETSTRING& data, params& params) {
if (!std::equal(_mac_src.cbegin(), _mac_src.cend(), static_cast<const unsigned char*>(src))) {
// Discard packet
loggers::get_instance().warning("commsignia_layer::receive_data: Discard packet due to wrong comparison");
return;
//TODO return;
} // else, continue
const commsignia_layer::c2p_llc_hdr* l;
int length;
if ((ntohs(h->frame_ctrl) & 0xf000) == 0x8000) {
l = (const commsignia_layer::c2p_llc_hdr*)(p + sizeof(commsignia_layer::c2p_s_v1_tx_t) + sizeof(commsignia_layer::c2p_802_11p_hdr) + sizeof(commsignia_layer::c2p_qos_ctrl));
length = sizeof(commsignia_layer::c2p_s_v1_tx_t) + sizeof(commsignia_layer::c2p_802_11p_hdr) + sizeof(commsignia_layer::c2p_qos_ctrl) + sizeof(commsignia_layer::c2p_llc_hdr);
l = (const commsignia_layer::c2p_llc_hdr*)(p + sizeof(commsignia_layer::c2p_s_v1_tx_t) - 1 + sizeof(commsignia_layer::c2p_802_11p_hdr) + sizeof(commsignia_layer::c2p_qos_ctrl));
length = sizeof(commsignia_layer::c2p_s_v1_tx_t) - 1 + sizeof(commsignia_layer::c2p_802_11p_hdr) + sizeof(commsignia_layer::c2p_qos_ctrl) + sizeof(commsignia_layer::c2p_llc_hdr);
} else {
l = (const commsignia_layer::c2p_llc_hdr*)(p + sizeof(commsignia_layer::c2p_s_v1_tx_t) + sizeof(commsignia_layer::c2p_802_11p_hdr));
length = sizeof(commsignia_layer::c2p_s_v1_tx_t) + sizeof(commsignia_layer::c2p_802_11p_hdr) + sizeof(commsignia_layer::c2p_llc_hdr);
l = (const commsignia_layer::c2p_llc_hdr*)(p + sizeof(commsignia_layer::c2p_s_v1_tx_t) - 1 + sizeof(commsignia_layer::c2p_802_11p_hdr));
length = sizeof(commsignia_layer::c2p_s_v1_tx_t) - 1 + sizeof(commsignia_layer::c2p_802_11p_hdr) + sizeof(commsignia_layer::c2p_llc_hdr);
}
loggers::get_instance().log("commsignia_layer::receive_data: dsap=%02x", l->dsap);
loggers::get_instance().log("commsignia_layer::receive_data: ssap=%02x", l->ssap);
loggers::get_instance().log("commsignia_layer::receive_data: ssap=%02x", l->ctrl);
loggers::get_instance().log("commsignia_layer::receive_data: type=%04x", l->type);
length -= 4;
// Check ether type
if ((_eth_type[1] == (unsigned char)((l->type & 0xff00) >> 8)) && (_eth_type[0] == (unsigned char)(l->type & 0xff))) { // Warning: Network ordered bytes
//if ((_eth_type[1] == (unsigned char)((l->type & 0xff00) >> 8)) && (_eth_type[0] == (unsigned char)(l->type & 0xff))) { // Warning: Network ordered bytes
// Extract payload
data = OCTETSTRING(data.lengthof() - length, length + static_cast<const unsigned char *>(data));
//loggers::get_instance().log_msg("commsignia_layer::receive_data: payload for upper layer:", data);
......@@ -158,7 +179,11 @@ void commsignia_layer::receive_data(OCTETSTRING& data, params& params) {
params[params::mac_src] = std::string(static_cast<const char *>(s));
receive_to_all_layers(data, params);
} // else, nothing to do
/*} else {
// Discard packet
loggers::get_instance().warning("commsignia_layer::receive_data: Discard packet due to wrong ethernet type");
//TODO return;
}*/
}
commsignia_layer_factory commsignia_layer_factory::_f;
......@@ -500,7 +500,7 @@ int security_services::sign_payload(const OCTETSTRING& p_unsecured_gn_payload, O
INTEGER i;
i.set_long_long_val(us);
header_info.generationTime() = OPTIONAL<INTEGER>(i);
loggers::get_instance().log("security_services::sign_payload: Finame HeaderInfo timestamp: %ld", us);
loggers::get_instance().log("security_services::sign_payload: Final HeaderInfo timestamp: %ld", us);
// Check if a certificate shall be requested
if (_unknown_certificate.lengthof() == 3) { // HashedId3
IEEE1609dot2BaseTypes::SequenceOfHashedId3 s;
......@@ -540,11 +540,13 @@ int security_services::sign_payload(const OCTETSTRING& p_unsecured_gn_payload, O
loggers::get_instance().warning("security_services:sign_payload: Failed to secure payload");
return -1;
}
loggers::get_instance().log("security_services::sign_payload: cert= ", cert);
IEEE1609dot2::SequenceOfCertificate sequenceOfCertificate;
sequenceOfCertificate[0] = cert;
signer.certificate() = sequenceOfCertificate;
// Reset send certificate timer
_last_generation_time = us;
loggers::get_instance().log("security_services::sign_payload: Reset send certificate timer, signer= ", signer);
} else {
loggers::get_instance().log("security_services::sign_payload: Add digest");
OCTETSTRING digest;
......
[MODULE_PARAMETERS]
# This section shall contain the values of all parameters that are defined in your TTCN-3 modules.
# The GeoNetworking address of the IUT.
LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
typeOfAddress := e_initial,
stationType := e_passengerCar, #e_roadSideUnit,
stationCountryCode := 0, #33,
mid := '000000000011'O
} # Commsignia
LibItsGeoNetworking_Pixits.PX_GN_UPPER_LAYER := e_btpB
LibItsBtp_Pixits.PX_DESTINATION_PORT := 2001
LibItsBtp_Pixits.PX_DESTINATION_PORT_INFO := 2001
# Enable Security support
LibItsGeoNetworking_Pics.PICS_GN_SECURITY := true
LibItsGeoNetworking_Pixits.PX_NEIGHBOUR_DISCOVERY_DELAY := 2.0
# Root path to access certificate stored in files, identified by certficate ID
LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/vagrant/tmp"
# Configuration sub-directory to access certificate stored in files
LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert"
#LibItsSecurity_Pics.PICS_SEC_FIXED_KEYS := true # Seed
LibItsHttp_Pics.PICS_HEADER_CONTENT_TYPE := "application/x-its-request"
LibItsHttp_Pics.PICS_HEADER_HOST := "192.168.0.252"
LibItsPki_Pics.PICS_HTTP_POST_URI_EC := "/ea/enrolment"
LibItsPki_Pics.PICS_HTTP_POST_URI_AT := "/ea/authval"
LibItsPki_Pics.PICS_HTTP_POST_URI_ATV := "/aa/authorization"
LibItsPki_Pics.PICS_IUT_ITS_S_ROLE := true
LibItsPki_Pics.PICS_SECPKI_ENROLMENT := true
LibItsPki_Pixits.PX_EC_PRIVATE_KEY := '73AD688448117EFF50BCB044AA9CFD7932023B7A2C62887A1D3B99FED2B5237C'O
LibItsPki_Pixits.PX_EC_HASH := 'C4FD3EF2B51CFD605D7D40FA9C1C279B8B8C4D7CB9D40D6044C55F615D750502'O
LibItsPki_Pixits.PX_EC_HASHED_ID8 := '44C55F615D750502'O
LibItsPki_Pics.PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY := '5C25F97607DFC62972A147FAD8B7A7C939569F0F95ECD4C641724A68B51836E5'O;
LibItsPki_Pics.PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY := '020144E5174B0AFDA86BDB8B643B68D40030F5BDB9A9F090C64852CC3C20C9D5AD'O;
LibItsPki_Pics.PICS_ITS_S_ENC_NITSP256_PRIVATE_KEY := 'EDEBEADCAA9514CD4B30256126FB7DF958B911C6EB58CCF702983C3DCD3DECBD'O;
LibItsPki_Pics.PICS_ITS_S_ENC_NISTP256_PUBLIC_KEY := '023A4ADDCDD5EE66DAB2116B0C3AB47CCEDAE92CD9ACE98A84B10EB63A9DCA798C'O;
LibItsPki_Pics.PICS_ITS_S_ENC_BRAINPOOLP256r1_PRIVATE_KEY := '9F155D40B6C920BA45D8027093C8ADADAF3AA6F9F71F0CC0F8279FF0146A8A48'O;
LibItsPki_Pics.PICS_ITS_S_ENC_BRAINPOOLP256r1_PUBLIC_KEY := '038602F468BD334EA4D2BA416295E204D58BD1F42C85FB9BE57237C74544F6A69A'O;
LibItsPki_Pics.PICS_ITS_S_SIGN_BRAINPOOLP256r1_PRIVATE_KEY := '6D585B716D06F75EC2B8A8ADEBFCE6ED35B0640C2AFBFF25FE48FC81A6732D4F'O;
LibItsPki_Pics.PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY := '02A92BA3B770B040B8D958D5BD2CC9B537212D6963F50EA3E4784FEFA5D0454C12'O;
LibItsPki_Pics.PICS_ITS_S_ENC_BRAINPOOLP384r1_PRIVATE_KEY := '6B4B4392511B252C904801466F5DA0A7F28E038E6656800CBB0CDCB3D32F862CA4D59CBDC1A19E98E9191582AF1DB3D7'O;
LibItsPki_Pics.PICS_ITS_S_SIGN_BRAINPOOLP384r1_PRIVATE_KEY := '3CD977195A579787C84D5900F4CB6341E0C3D2750B140C5380E6F03CE3FBA0022F7541DEABDCED4790D313ED8F56ACA8'O;
LibItsPki_Pics.PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY := '0243FF5C96984C2C3F5FD5C5F6551C90F5FAEE1E5E8301763E4AF1E9D627F3474E554B82EE98EC4B49808DFF61B35F8313'O;
LibItsPki_Pics.PICS_ITS_S_CANONICAL_ID := '1B4CA1210123AE900BBE6C3EBAE7E87DA20DBDAB1E7B2EC0691C51C1021900AA'O;
LibItsPki_Pics.PICS_TS_EA_CERTIFICATE_ID := "CERT_TS_A_EA"
LibItsPki_Pics.PICS_TS_AA_CERTIFICATE_ID := "CERT_TS_A_AA"
#ItsPki_Pixits.PX_TRIGGER_EC_BEFORE_AT := false;
[LOGGING]
# In this section you can specify the name of the log file and the classes of events
# you want to log into the file or display on console (standard error).
LogFile := "../logs/%e.%h-%r.%s"
FileMask := LOG_ALL | USER | DEBUG | MATCHING
ConsoleMask := LOG_ALL | USER | DEBUG | MATCHING
#FileMask := ERROR | WARNING | USER | MATCHING | EXECUTOR_RUNTIME | VERDICTOP
#ConsoleMask := ERROR | WARNING | USER | MATCHING | EXECUTOR_RUNTIME | VERDICTOP
LogSourceInfo := Stack
LogEntityName:= Yes
LogEventTypes:= Yes
#TimeStampFormat := DateTime
[TESTPORT_PARAMETERS]
# In this section you can specify parameters that are passed to Test Ports.
# CAM Layer
# next_header : btpA|btpB (overwrite BTP.type)
# header_type : tsb|gbc
# header_sub_type : sh (single hop)
# DENM Layer
# next_header : btpA|btpB (overwrite BTP.type)
# header_type : tsb|gbc
# BTP Layer
# type : btpA|btpB
# destination port: dst_port
# source port : src_port
# device_mode : Set to 1 if the layer shall encapsulate upper layer PDU
# device_mode : Set to 1 if the layer shall encapsulate upper layer PDU
# GN Layer
# ll_address : GeoNetworking address of the Test System
# latitude : latitude of the Test System
# longitude : longitude of the Test System
# beaconing : Set to 1 if GnLayer shall start beaconing
# Beaconing timer expiry: expiry (ms)
# device_mode : Set to 1 if the layer shall encapsulate upper layer PDU
# secured_mode : Set to 1 if message exchanges shall be signed
# encrypted_mode : Set to 1 if message exchanges shall be encrypted
# NOTE: For signed & encrypted message exchanges, both secured_mode and encrypted_mode shall be set to 1
# sec_db_path : Path to the certificates and keys storage location
# hash : Hash algorithm to be used when secured mode is set
# Authorized values are SHA-256 or SHA-384
# Default: SHA-256
# signature : Signature algorithm to be used when secured mode is set
# Authorized values are NISTP-256, NISTP-384, BP-256 and BP-384
# Default: NISTP-256
# cypher : Cyphering algorithm to be used when secured mode is set
# Authorized values are NISTP-256, BP-256 and BP-384
# Default: NISTP-256
# Pki layer
# certificate : Certificate to be used by the Test System for signature and encryption. Default: CERT_TS_A_AT
# peer_certificate : Certificate to be used by the IUT for signature and encryption. Default: CERT_IUT_A_AT
# Ethernet layer
# mac_src :Source MAC address
# mac_bc :Broadcast address
# eth_type : Ethernet type
# Commsignia layer
# mac_src : Device MAC address, used to discard packets
# To indicate no filering, use the value 000000000000
# mac_bc : Broadcast address
# eth_type : Ethernet type, used to discard packets
# target_host : Device address
# target_port : Device port
# source_port : Test System port
# interface_id: Interface id, used to discard packets
# tx_power : TX power (dB)
# UDP layer (IP/UDP based on Pcap)
# dst_ip : destination IPv4 address (aa.bb.cc.dd)
# dst_port: destination port
# src_ip : source IPv4 address (aa.bb.cc.dd)
# src_port: source port
# Pcap layer
# mac_src : Source MAC address, used to exclude from capture the acket sent by the Test System
# filter : Pcap filter (compliant with tcpdump syntax)
# Online mode:
# nic: Local NIC
# If set, online mode is used
# Offline mode (nic is present but not set):
# file : File to read
# frame_offset: Frame offset, used to skip packets with frame number < frame_offset
# time_offset : Time offset, used to skip packets with time offset < time_offset
# save_mode : 1 to save sent packet, 0 otherwise
# Single GeoNetworking component port
# its_aid = 36 CAM
# its_aid = 37 DENM
system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secured_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/COMMSIGNIA(mac_src=000000000011,use_vpn=1,target_host=10.8.0.1)/UDP(dst_ip=10.8.0.1,src_port=7943,dst_port=7943)"
# Single HTTP component port
system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(debug=1,server_mode=1,server=192.168.0.252,port=80,local_port=80,use_ssl=0)"
# GeoNetworking UpperTester port based on UDP
system.utPort.params := "UT_PKI/UDP(dst_ip=10.8.0.1,dst_port=56000)"
[EXECUTE]
# Check that IUT sends an enrolment request when triggered.
ItsPki_TestCases.TC_SECPKI_ITSS_ENR_01_BV
# If the enrolment request of the IUT is an initial enrolment request, the itsId (contained in the InnerECRequest) shall be set to the canonical identifier, the signer (contained in the outer EtsiTs1030971Data-Signed) shall be set to self and the outer signature shall be computed using the canonical private key.
#ItsPki_TestCases.TC_SECPKI_ITSS_ENR_02_BV
# In presence of a valid EC, the enrolment request of the IUT is a rekeying enrolment request with the itsId (contained in the InnerECRequest) and the SignerIdentifier (contained in the outer EtsiTs1030971Data-Signed) both declared as digest containing the HashedId8 of the EC and the outer signature computed using the current valid EC private key corresponding to the verification public key.
#ItsPki_TestCases.TC_SECPKI_ITSS_ENR_03_BV
#ItsPki_TestCases.TC_SECPKI_ITSS_ENR_06_BV
#ItsPki_TestCases.TC_SECPKI_ITSS_ENR_07_BV
[MAIN_CONTROLLER]
# The options herein control the behavior of MC.
KillTimer := 10.0
LocalAddress := 127.0.0.1
TCPPort := 12000
NumHCs := 1
......@@ -20,6 +20,7 @@ LibItsGeoNetworking_Pixits.PX_NEIGHBOUR_DISCOVERY_DELAY := 2.0
LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/vagrant/tmp"
# Configuration sub-directory to access certificate stored in files
LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert"
#LibItsSecurity_Pics.PICS_SEC_FIXED_KEYS := true # Seed
LibItsHttp_Pics.PICS_HEADER_CONTENT_TYPE := "application/x-its-request"
LibItsHttp_Pics.PICS_HEADER_HOST := "192.168.0.252"
......@@ -27,10 +28,12 @@ LibItsHttp_Pics.PICS_HEADER_HOST := "192.168.0.252"
LibItsPki_Pics.PICS_HTTP_POST_URI_EC := "/ea/enrolment"
LibItsPki_Pics.PICS_HTTP_POST_URI_AT := "/ea/authval"
LibItsPki_Pics.PICS_HTTP_POST_URI_ATV := "/aa/authorization"
#LibItsSecurity_Pics.PICS_SEC_FIXED_KEYS := true # Seed
LibItsPki_Pics.PICS_IUT_ITS_S_ROLE := true
LibItsPki_Pics.PICS_SECPKI_ENROLMENT := true
LibItsPki_Pixits.PX_EC_PRIVATE_KEY := '73AD688448117EFF50BCB044AA9CFD7932023B7A2C62887A1D3B99FED2B5237C'O
LibItsPki_Pixits.PX_EC_HASH := 'C4FD3EF2B51CFD605D7D40FA9C1C279B8B8C4D7CB9D40D6044C55F615D750502'O
LibItsPki_Pixits.PX_EC_HASHED_ID8 := '44C55F615D750502'O
LibItsPki_Pics.PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY := '5C25F97607DFC62972A147FAD8B7A7C939569F0F95ECD4C641724A68B51836E5'O;
LibItsPki_Pics.PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY := '020144E5174B0AFDA86BDB8B643B68D40030F5BDB9A9F090C64852CC3C20C9D5AD'O;
......@@ -47,6 +50,8 @@ LibItsPki_Pics.PICS_ITS_S_CANONICAL_ID := '1B4CA1210123AE900
LibItsPki_Pics.PICS_TS_EA_CERTIFICATE_ID := "CERT_TS_A_EA"
LibItsPki_Pics.PICS_TS_AA_CERTIFICATE_ID := "CERT_TS_A_AA"
#ItsPki_Pixits.PX_TRIGGER_EC_BEFORE_AT := false;
[LOGGING]
# In this section you can specify the name of the log file and the classes of events
# you want to log into the file or display on console (standard error).
......
......@@ -16,18 +16,18 @@
# stationCountryCode := 0, #33,
# mid := 'BA749705A41D'O
#} # Nordsys
#LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
# typeOfAddress := e_initial,
# stationType := e_passengerCar, #e_roadSideUnit,
# stationCountryCode := 0, #33,
# mid := '000000000011'O
#} # Commsignia
LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
typeOfAddress := e_initial,
stationType := e_unknown, #e_roadSideUnit,
stationType := e_passengerCar, #e_roadSideUnit,
stationCountryCode := 0, #33,
mid := '4c5e0c14d2ea'O
} # Simu
mid := '000000000011'O
} # Commsignia
#LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
# typeOfAddress := e_initial,
# stationType := e_unknown, #e_roadSideUnit,
# stationCountryCode := 0, #33,
# mid := '4c5e0c14d2ea'O
#} # Simu
LibItsGeoNetworking_Pixits.PX_GN_UPPER_LAYER := e_btpB
LibItsBtp_Pixits.PX_DESTINATION_PORT := 2001
......@@ -123,8 +123,9 @@ LogEventTypes:= Yes
# Single GeoNetworking component port
# its_aid = 36 CAM
# its_aid = 37 DENM
system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secured_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/ETH(mac_src=e2b7b30429eb)/PCAP(mac_src=e2b7b30429eb,nic=eth1,filter=and ether proto 0x8947)"
#system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secured_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/COMMSIGNIA(mac_src=000000000011,use_vpn=1,target_host=10.8.0.1)/UDP(dst_ip=10.8.0.1,src_port=7943,dst_port=7943)"
# its_aid = 141 GeonNet mgnt
#system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secu#red_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/ETH(mac_src=e2b7b30429eb)/PCAP(mac_src=e2b7b30429eb,nic=eth1,filter=and ether proto 0x8947)"
system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secured_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/COMMSIGNIA(mac_src=000000000011,use_vpn=1,target_host=10.8.0.1)/UDP(dst_ip=10.8.0.1,src_port=7943,dst_port=7946)"
#system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secured_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/COMMSIGNIA(mac_src=000000000011,target_host=10.8.0.1)/UDP_PCAP(dst_ip=10.8.0.1,dst_port=7943,src_ip=192.168.0.154,src_port=39474)/ETH(mac_src=0800275c4959,eth_type=0800)/PCAP(mac_src=0800275c4959,nic=tap0,filter=and (udp port 39474 or udp port 7943))"
#system.geoNetworkingPort.params := "
......@@ -138,17 +139,17 @@ system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050
# CAM UpperTester port based on UDP
#system.camUtPort.params := "UT_CAM(loopback=1)"
system.denmUtPort.params := "UT_DENM/UDP(dst_ip=192.168.0.250)" # Simulator
system.camUtPort.params := "UT_CAM/UDP(dst_ip=192.168.0.250)"
system.utPort.params := "UT_GN/UDP(dst_ip=192.168.0.250,src_port=12345)"
#system.denmUtPort.params := "UT_DENM/UDP(dst_ip=192.168.0.250)" # Simulator
#system.camUtPort.params := "UT_CAM/UDP(dst_ip=192.168.0.250)"
#system.utPort.params := "UT_GN/UDP(dst_ip=192.168.0.250,src_port=12345)"
#system.denmUtPort.params := "UT_DENM/UDP(dst_ip=172.23.0.1,dst_port=8000)" # Nordsys
#system.utPort.params := "UT_CAM/UDP(dst_ip=172.28.128.4)" # Simulator Siemens
#system.camUtPort.params := "UT_CAM/UDP(dst_ip=172.28.128.4)" # Simulator Siemens
#system.utPort.params := "UT_CAM/UDP(dst_ip=10.8.0.1,dst_port=56000)" # Commsignia
#system.camUtPort.params := "UT_CAM/UDP(dst_ip=10.8.0.1,dst_port=56000)"
#system.denmUtPort.params := "UT_DENM/UDP(dst_ip=10.8.0.1,dst_port=56000)"
system.utPort.params := "UT_CAM/UDP(dst_ip=10.8.0.1,dst_port=56000)" # Commsignia
system.camUtPort.params := "UT_CAM/UDP(dst_ip=10.8.0.1,dst_port=56000)"
system.denmUtPort.params := "UT_DENM/UDP(dst_ip=10.8.0.1,dst_port=56000)"
[EXECUTE]
......@@ -160,7 +161,7 @@ system.utPort.params := "UT_GN/UDP(dst_ip=192.168.0.250,src_port=12345)"
# ------------------------- CAM ---------------------------
# Check that IUT sends the secured CAM using SignedData container.
ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_01_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_01_BV
# Check that IUT sends the secured CAM containing the HeaderInfo field psid set to 'AID_CAM'.
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_02_BV
......@@ -216,7 +217,7 @@ ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_01_BV
# headerInfo field when it received a CAM containing a request for unrecognized certificate that
# matches with the currently used AA certificate ID of the IUT.
# (PICS_SEC_P2P_AT_DISTRIBUTION)
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_13_BV
ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_13_BV
# Check that IUT sends the secured CAM containing the AA certificate in the requestedCertificate headerInfo
# field when it received a CAM containing a request for unrecognized certificate that matches with the known
......
......@@ -318,6 +318,7 @@ system.pkiPort.params := "PKI/HTTP(device_mode=1,uri=/its/inner_ec_request,host=
#TestCodec_Certificates.tc_certificate_asn1c_1
#TestCodec_Certificates.tc_certificate_asn1c_2
#TestCodec_Certificates.tc_certificate_gemalto_1
TestCodec_Certificates.tc_certificate_atos_1
# Secured messages
#TestCodec_SecuredMessages.tc_ssp_cam_1
#TestCodec_SecuredMessages.tc_ssp_cam_2
......@@ -353,7 +354,7 @@ system.pkiPort.params := "PKI/HTTP(device_mode=1,uri=/its/inner_ec_request,host=
#TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_2
#TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_3
#TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_4
TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_5
#TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_5
# Pki
#TestCodec_Pki.tc_encode_inner_ec_response_1
......
......@@ -151,47 +151,49 @@ module ItsPki_TestCases {
function f_verify_http_at_request_from_iut(
in Request p_request,
in HeaderLines p_headers,
in InnerEcResponse p_inner_ec_resonse,
out InnerAtRequest pinner_at_request,
out InnerAtRequest p_inner_at_request,
out HttpMessage p_response,
out integer p_result
out integer p_result,
in template octetstring p_its_id := PICS_ITS_S_CANONICAL_ID,
in EnrolmentResponseCode p_force_response_code := ok
) runs on ItsPkiHttp {
// Local variables
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var EtsiTs102941Data v_etsi_ts_102941_data;
var Oct16 v_request_hash;
var Oct16 v_aes_enc_key;
var InnerAtResponse v_inner_at_response;
var template (value) HttpMessage v_response;
log(">>> f_verify_http_at_request_from_iut:", p_request);
p_result := 0;
if (f_verify_pki_request_message(vc_aaPrivateEncKey, vc_aaWholeHash/*salt*/, vc_aaWholeHash, p_request.body.binary_body.ieee1609dot2_data, false, v_request_hash, v_etsi_ts_102941_data, v_aes_enc_key) == false) { // Cannot decrypt the message
if (f_verify_pki_request_message(vc_eaPrivateEncKey, vc_eaWholeHash/*salt*/, vc_eaWholeHash, p_request.body.binary_body.ieee1609dot2_data, false, v_request_hash, v_etsi_ts_102941_data, v_aes_enc_key) == false) { // Cannot decrypt the message
// Send error message
v_response := m_http_response(m_http_response_ko(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers, 400, "Bad request")); // Initialize v_reponse with an error message
// Set verdict
p_result := -1;
} else {/*
log("f_verify_http_at_request_from_iut: match ", match(v_etsi_ts_102941_data.content, mw_authorizationRequest(mw_innerEcRequestSignedForPop(mw_signedData(sha256, mw_toBeSignedData(-, mw_headerInfo_inner_pki_request), p_signer))))); // TODO In TITAN, this is the only way to get the unmatching in log
if (match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData(sha256, mw_toBeSignedData(-, mw_headerInfo_inner_pki_request), p_signer)))) == false) {
} else {
log("f_verify_http_at_request_from_iut: match ", match(v_etsi_ts_102941_data.content, mw_authorizationRequest(mw_innerAtRequest))); // TODO In TITAN, this is the only way to get the unmatching in log
if (match(v_etsi_ts_102941_data.content, mw_authorizationRequest(mw_innerAtRequest)) == false) {
// Send error message
f_http_build_inner_at_response(p_inner_at_request, cantparse, v_request_hash, -, -, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
f_http_build_authorization_response(p_inner_at_request, cantparse, v_request_hash, -, -, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
// Set verdict
p_result := -2;
} else {
// Verify signature of mw_innerEcRequestSignedForPop
// Verify signature of mw_innerATRequestSignedForPop
if (f_verify_inner_at_request_signed_for_pop(v_etsi_ts_102941_data, p_inner_at_request) == false) {
// Send error message
f_http_build_inner_at_response(p_inner_at_request, cantparse, v_request_hash, -, -, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
f_http_build_authorization_response(p_inner_at_request, cantparse, v_request_hash, -, -, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
// Set verdict
p_result := -3;
} else {
log("f_verify_http_at_request_from_iut: match ", match(p_inner_at_request, mw_innerEcRequest(p_its_id, -, mw_certificate_subject_attributes({mw_appPermissions(c_its_aid_SCR, ?)})))); // TODO In TITAN, this is the only way to get the unmatching in log
if (match(p_inner_at_request, mw_innerEcRequest(p_its_id, -, mw_certificate_subject_attributes({mw_appPermissions(c_its_aid_SCR, ?)}))) == false) {
log("f_verify_http_at_request_from_iut: match ", match(p_inner_at_request, mw_innerAtRequest/* (p_its_id, -, mw_certificate_subject_attributes({mw_appPermissions(c_its_aid_SCR, ?)})) */)); // TODO In TITAN, this is the only way to get the unmatching in log
if (match(p_inner_at_request, mw_innerAtRequest/* (p_its_id, -, mw_certificate_subject_attributes({mw_appPermissions(c_its_aid_SCR, ?)})) */) == false) {
// Send error message: Not enrolmentrequest
f_http_build_inner_at_response(p_inner_at_request, badcontenttype, v_request_hash, -, -, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
f_http_build_authorization_response(p_inner_at_request, badcontenttype, v_request_hash, -, -, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
// Set verdict
p_result := -4;
......@@ -199,10 +201,10 @@ module ItsPki_TestCases {
// Send OK message
log("f_verify_http_at_request_from_iut: Receive ", p_inner_at_request);
if (p_force_response_code == ok) {
f_http_build_inner_at_response(p_inner_at_request, ok, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
f_http_build_authorization_response(p_inner_at_request, ok, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
} else {
log("f_verify_http_at_request_from_iut: Succeed buit force error code ", p_force_response_code);
f_http_build_inner_at_response(p_inner_at_request, p_force_response_code, v_request_hash, -, -, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
f_http_build_authorization_response(p_inner_at_request, p_force_response_code, v_request_hash, -, -, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
}
v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
// Set verdict
......@@ -210,7 +212,7 @@ module ItsPki_TestCases {
}
}
}
*/ }
}
p_response := valueof(v_response);
log("<<< f_verify_http_at_request_from_iut: p_response: ", p_response);
......@@ -1943,7 +1945,7 @@ module ItsPki_TestCases {
tc_ac.stop;
// Verify IUT response
f_verify_http_at_request_from_iut(v_request.request, v_headers, v_inner_ec_response, v_inner_at_request, v_response, v_result);
f_verify_http_at_request_from_iut(v_request.request, v_headers, v_inner_at_request, v_response, v_result);
// Send response
if (isvalue(v_response)) {
httpPort.send(v_response);
......
......@@ -6377,7 +6377,7 @@ module ItsSecurity_TestCases {
} else {
// Check certificate validity period
f_getMsgSignerIdentifier (f_getSecuredMessage(v_geoNwInd.msgIn), v_signerIdentifier);
if (not match(v_signerIdentifier.certificate[0].toBeSigned.validityPeriod.start_, Time32:(v_curTime - c_timeLimit, v_curTime + c_timeLimit))) {
if (not match(v_signerIdentifier.certificate[0].toBeSigned.validityPeriod.start_, Time32:(v_curTime - c_timeLimit / 1000000, v_curTime + c_timeLimit / 1000000))) /*In seconds*/{
log("*** " & testcasename() & ": FAIL: GN certificate validity period is not in 5 min range");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
Subproject commit b90de034d822448787ed192b35e5936f4e693427
Subproject commit a944e1ac531f806374c7b969701bb04363045250
......@@ -1127,6 +1127,44 @@ module TestCodec_Certificates {
}
} // End of testcase tc_certificate_gemalto_1
testcase tc_certificate_atos_1() runs on TCType system TCType { // CERT_IUT_A_RCA
const octetstring c_cert := '800300810018810d41544f5320524341205445535400000000001c737346860008010280020270800201388002026e8001010101e080010880012481800125818001898180018a8180018b8180018c8180018d818002026f8101020100c080808210179dcf7ad40cdeb56ea2fb11bbd2c438583d6e02f84d29b58fa79c1eccb4538080e4a8bfea2ea231ad647b97c9e7f02eb648f928e2c158e619925b3d1a692a3f6927c077502a7054c4106e75ecb8238be53f3aa313975f0d28f04b4db9f825932d'O; // CERT_IUT_A_RCA.oer
var EtsiTs103097Certificate v_cert_dec;
var Oct32 v_private_key := 'd79ef1d533b0385463a5d15708e94ff4f0d281cccbef504acd3afbb82dc0499f'O; // CERT_IUT_A_RCA.vkey
var bitstring v_enc_msg := oct2bit(c_cert);
var integer v_compressedMode;
var Oct32 v_publicKeyCompressed := int2oct(0, 32);
var Oct32 v_sig := int2oct(0, 32);
var integer v_res := decvalue(v_enc_msg, v_cert_dec);
if (v_res == 0) {
log("Decoded message: ", v_cert_dec);
setverdict(pass, "Decoded succeed");
} else {
setverdict(fail, "Decoding failed");
}
if (ischosen(v_cert_dec.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0)) {
v_compressedMode := 0;
v_publicKeyCompressed := v_cert_dec.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0;
} else {
v_compressedMode := 1;
v_publicKeyCompressed := v_cert_dec.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_1;
}
v_enc_msg := encvalue(v_cert_dec.toBeSigned);
if (f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_enc_msg),
int2oct(0, 32),
v_cert_dec.signature_.ecdsaNistP256Signature.rSig.x_only & v_cert_dec.signature_.ecdsaNistP256Signature.sSig,
v_publicKeyCompressed,
v_compressedMode
) == false) {