Continue PKI ATS development

ccsrc/Protocols/Commsignia/commsignia_layer.cc

@@ -51,7 +51,7 @@ commsignia_layer::commsignia_layer(const std::string & p_type, const std::string
 void commsignia_layer::send_data(OCTETSTRING& data, params& params) {
   loggers::get_instance().log_msg(">>> commsignia_layer::send_data: ", data);
 
-  OCTETSTRING buffer(12, commsignia_layer::_fixed_header);
+  OCTETSTRING buffer(10, commsignia_layer::_fixed_header);
   if (_params[std::string("use_vpn")].compare("1") == 0) {
     buffer += int2oct(1, 1); // Injection to software
   } else {
@@ -61,21 +61,21 @@ void commsignia_layer::send_data(OCTETSTRING& data, params& params) {
   loggers::get_instance().log_msg("commsignia_layer::send_data: buffer: ", buffer);
   buffer += int2oct(std::stoi(_params[params::interface_id]), 4);
   loggers::get_instance().log_msg("commsignia_layer::send_data: buffer: ", buffer);
-  buffer += int2oct(std::stoi(_params[std::string("data_rate")]), 4);
+  buffer += int2oct(std::stoi(_params[std::string("data_rate")]), 2);
   loggers::get_instance().log_msg("commsignia_layer::send_data: buffer: ", buffer);
+  buffer += int2oct(7, 1); // MAC user priority
   buffer += int2oct(0x80000000 & std::stoi(_params[std::string("power_tx")]), 4); // Negative number
   loggers::get_instance().log_msg("commsignia_layer::send_data: buffer: ", buffer);
-  buffer += int2oct(7, 1); // MAC user priority
   // Destination MAC address
   params::const_iterator it = params.find(params::mac_dst); // Find in provided parameters, params
   if (it != params.cend()) {
-    buffer = str2oct(CHARSTRING(it->second.c_str()));
+    buffer += str2oct(CHARSTRING(it->second.c_str()));
   } else {
     it = _params.find(params::mac_dst);
     if (it != _params.cend()) {
-      buffer = str2oct(CHARSTRING(it->second.c_str()));
+      buffer += str2oct(CHARSTRING(it->second.c_str()));
     } else {
-      buffer = str2oct(CHARSTRING(_params[params::mac_bc].c_str()));
+      buffer += str2oct(CHARSTRING(_params[params::mac_bc].c_str()));
     }
   }
   loggers::get_instance().log_msg("commsignia_layer::send_data: buffer: ", buffer);
@@ -84,7 +84,12 @@ void commsignia_layer::send_data(OCTETSTRING& data, params& params) {
   if (it != params.cend()) {
     buffer += str2oct(CHARSTRING(it->second.c_str()));
   } else {
-    buffer += str2oct(CHARSTRING(_params[params::mac_src].c_str()));
+    it = _params.find(params::mac_src);
+    if (it != _params.cend()) {
+      buffer += str2oct(CHARSTRING(it->second.c_str()));
+  } else {
+      buffer += str2oct(CHARSTRING(_params[params::mac_src].c_str()));
+    }
   }
   loggers::get_instance().log_msg("commsignia_layer::send_data: buffer: ", buffer);
   buffer += int2oct(0, 2); // Fixed
@@ -101,14 +106,23 @@ void commsignia_layer::receive_data(OCTETSTRING& data, params& params) {
   loggers::get_instance().log_msg(">>> commsignia_layer::receive_data: ", data);
   
   const unsigned char* p = static_cast<const unsigned char *>(data);
-
+  
+  // Check the frame version
+  if (*p != 0x12) {
+    // Discard it, on;y use TX version
+    return;
+  }
+    
   const commsignia_layer::c2p_s_v1_tx_t* r = (const commsignia_layer::c2p_s_v1_tx_t*)p;
   loggers::get_instance().log("commsignia_layer::receive_data: version=%02x", r->s_header.u8_ver_type);
   loggers::get_instance().log("commsignia_layer::receive_data: timestamp1=%08x", ntohl(r->s_header.u32_tst_sec));
   loggers::get_instance().log("commsignia_layer::receive_data: timestamp2=%08x", ntohl(r->s_header.u32_tst_msec));
-  loggers::get_instance().log("commsignia_layer::receive_data: primary_channel=%08x", ntohl(r->u8_primary_channel));
-  loggers::get_instance().log("commsignia_layer::receive_data: secondary_channel=%08x", ntohl(r->u8_secondary_channel));
+  loggers::get_instance().log("commsignia_layer::receive_data: primary_channel=%08x", r->u8_primary_channel);
+  loggers::get_instance().log("commsignia_layer::receive_data: secondary_channel=%08x", r->u8_secondary_channel);
   loggers::get_instance().log("commsignia_layer::receive_data: antenna=%02x", r->u8_antenna);
+  loggers::get_instance().log("commsignia_layer::receive_data: speed=%d", ntohs(r->u16_speed));
+  loggers::get_instance().log("commsignia_layer::receive_data: heading=%d", ntohs(r->u16_heading));
+  loggers::get_instance().log("commsignia_layer::receive_data: txp=%02x", r->s8_txp);
   loggers::get_instance().log("commsignia_layer::receive_data: s8_tssi_ant_1=%d", r->s8_tssi_ant_1);
   loggers::get_instance().log("commsignia_layer::receive_data: s8_tssi_ant_2=%d", r->s8_tssi_ant_2);
   // Filtering on antenna index
@@ -116,10 +130,10 @@ void commsignia_layer::receive_data(OCTETSTRING& data, params& params) {
   if (r->u8_antenna != std::stoi(_params[params::interface_id])) {
     // Discard packet
     loggers::get_instance().warning("commsignia_layer::receive_data: Discard packet due to wrong antenna id");
-    return;
+    // TODO return;
   } // else, continue
 
-  const commsignia_layer::c2p_802_11p_hdr* h = (const commsignia_layer::c2p_802_11p_hdr*)(p + sizeof(commsignia_layer::c2p_s_v1_tx_t));
+  const commsignia_layer::c2p_802_11p_hdr* h = (const commsignia_layer::c2p_802_11p_hdr*)(p + sizeof(commsignia_layer::c2p_s_v1_tx_t) - 1);
   loggers::get_instance().log("commsignia_layer::receive_data: frame_ctrl=%04x", ntohs(h->frame_ctrl));
   OCTETSTRING dst = OCTETSTRING(6, (const unsigned char*)&h->dst_addr);
   loggers::get_instance().log_msg("commsignia_layer::receive_data: dst: ", dst);
@@ -130,23 +144,30 @@ void commsignia_layer::receive_data(OCTETSTRING& data, params& params) {
   if (!std::equal(_mac_src.cbegin(), _mac_src.cend(), static_cast<const unsigned char*>(src))) {
     // Discard packet
     loggers::get_instance().warning("commsignia_layer::receive_data: Discard packet due to wrong comparison");
-    return;
+    //TODO return;
   } // else, continue
   const commsignia_layer::c2p_llc_hdr* l;
   int length;
   if ((ntohs(h->frame_ctrl) & 0xf000) == 0x8000) {
-    l = (const commsignia_layer::c2p_llc_hdr*)(p + sizeof(commsignia_layer::c2p_s_v1_tx_t) + sizeof(commsignia_layer::c2p_802_11p_hdr) + sizeof(commsignia_layer::c2p_qos_ctrl));
-    length = sizeof(commsignia_layer::c2p_s_v1_tx_t) + sizeof(commsignia_layer::c2p_802_11p_hdr) + sizeof(commsignia_layer::c2p_qos_ctrl) + sizeof(commsignia_layer::c2p_llc_hdr);
+    l = (const commsignia_layer::c2p_llc_hdr*)(p + sizeof(commsignia_layer::c2p_s_v1_tx_t) - 1 + sizeof(commsignia_layer::c2p_802_11p_hdr) + sizeof(commsignia_layer::c2p_qos_ctrl));
+    length = sizeof(commsignia_layer::c2p_s_v1_tx_t) - 1 + sizeof(commsignia_layer::c2p_802_11p_hdr) + sizeof(commsignia_layer::c2p_qos_ctrl) + sizeof(commsignia_layer::c2p_llc_hdr);
   } else {
-    l = (const commsignia_layer::c2p_llc_hdr*)(p + sizeof(commsignia_layer::c2p_s_v1_tx_t) + sizeof(commsignia_layer::c2p_802_11p_hdr));
-    length = sizeof(commsignia_layer::c2p_s_v1_tx_t) + sizeof(commsignia_layer::c2p_802_11p_hdr) + sizeof(commsignia_layer::c2p_llc_hdr);
+    l = (const commsignia_layer::c2p_llc_hdr*)(p + sizeof(commsignia_layer::c2p_s_v1_tx_t) - 1 + sizeof(commsignia_layer::c2p_802_11p_hdr));
+    length = sizeof(commsignia_layer::c2p_s_v1_tx_t) - 1 + sizeof(commsignia_layer::c2p_802_11p_hdr) + sizeof(commsignia_layer::c2p_llc_hdr);
   }
   loggers::get_instance().log("commsignia_layer::receive_data: dsap=%02x", l->dsap);
   loggers::get_instance().log("commsignia_layer::receive_data: ssap=%02x", l->ssap);
+  loggers::get_instance().log("commsignia_layer::receive_data: ssap=%02x", l->ctrl);
   loggers::get_instance().log("commsignia_layer::receive_data: type=%04x", l->type);
 
+
+  
+  length -= 4;
+  
+
+
   // Check ether type
-  if ((_eth_type[1] == (unsigned char)((l->type & 0xff00) >> 8)) && (_eth_type[0] == (unsigned char)(l->type & 0xff))) { // Warning: Network ordered bytes
+  //if ((_eth_type[1] == (unsigned char)((l->type & 0xff00) >> 8)) && (_eth_type[0] == (unsigned char)(l->type & 0xff))) { // Warning: Network ordered bytes
     // Extract payload
     data = OCTETSTRING(data.lengthof() - length, length + static_cast<const unsigned char *>(data));
     //loggers::get_instance().log_msg("commsignia_layer::receive_data: payload for upper layer:", data);
@@ -158,7 +179,11 @@ void commsignia_layer::receive_data(OCTETSTRING& data, params& params) {
     params[params::mac_src] = std::string(static_cast<const char *>(s));
     
     receive_to_all_layers(data, params);
-  } // else, nothing to do
+    /*} else {
+    // Discard packet
+    loggers::get_instance().warning("commsignia_layer::receive_data: Discard packet due to wrong ethernet type");
+    //TODO return;
+    }*/
 }
 
 commsignia_layer_factory commsignia_layer_factory::_f;

ccsrc/Protocols/Security/security_services.cc

@@ -500,7 +500,7 @@ int security_services::sign_payload(const OCTETSTRING& p_unsecured_gn_payload, O
   INTEGER i;
   i.set_long_long_val(us);
   header_info.generationTime() = OPTIONAL<INTEGER>(i);
-  loggers::get_instance().log("security_services::sign_payload: Finame HeaderInfo timestamp: %ld", us);
+  loggers::get_instance().log("security_services::sign_payload: Final HeaderInfo timestamp: %ld", us);
   // Check if a certificate shall be requested
   if (_unknown_certificate.lengthof() == 3) { // HashedId3
     IEEE1609dot2BaseTypes::SequenceOfHashedId3 s;
@@ -540,11 +540,13 @@ int security_services::sign_payload(const OCTETSTRING& p_unsecured_gn_payload, O
       loggers::get_instance().warning("security_services:sign_payload: Failed to secure payload");
       return -1;
     }
+    loggers::get_instance().log("security_services::sign_payload: cert= ", cert);
     IEEE1609dot2::SequenceOfCertificate sequenceOfCertificate;
     sequenceOfCertificate[0] = cert;
     signer.certificate() = sequenceOfCertificate;
     // Reset send certificate timer
     _last_generation_time = us;
+    loggers::get_instance().log("security_services::sign_payload: Reset send certificate timer, signer= ", signer);
   } else {
     loggers::get_instance().log("security_services::sign_payload: Add digest");
     OCTETSTRING digest;

etc/AtsPki/AtsPki_Commsignia.cfg_

+[MODULE_PARAMETERS]
+# This section shall contain the values of all parameters that are defined in your TTCN-3 modules.
+
+# The GeoNetworking address of the IUT.
+LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
+  typeOfAddress := e_initial,
+  stationType := e_passengerCar, #e_roadSideUnit,
+  stationCountryCode := 0, #33,
+  mid := '000000000011'O
+} # Commsignia
+
+LibItsGeoNetworking_Pixits.PX_GN_UPPER_LAYER := e_btpB
+LibItsBtp_Pixits.PX_DESTINATION_PORT := 2001
+LibItsBtp_Pixits.PX_DESTINATION_PORT_INFO := 2001
+
+# Enable Security support
+LibItsGeoNetworking_Pics.PICS_GN_SECURITY := true
+LibItsGeoNetworking_Pixits.PX_NEIGHBOUR_DISCOVERY_DELAY := 2.0
+# Root path to access certificate stored in files, identified by certficate ID
+LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/vagrant/tmp"
+# Configuration sub-directory to access certificate stored in files
+LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert"
+#LibItsSecurity_Pics.PICS_SEC_FIXED_KEYS := true # Seed
+
+LibItsHttp_Pics.PICS_HEADER_CONTENT_TYPE := "application/x-its-request"
+LibItsHttp_Pics.PICS_HEADER_HOST := "192.168.0.252"
+
+LibItsPki_Pics.PICS_HTTP_POST_URI_EC := "/ea/enrolment"
+LibItsPki_Pics.PICS_HTTP_POST_URI_AT := "/ea/authval"
+LibItsPki_Pics.PICS_HTTP_POST_URI_ATV := "/aa/authorization"
+
+LibItsPki_Pics.PICS_IUT_ITS_S_ROLE   := true
+LibItsPki_Pics.PICS_SECPKI_ENROLMENT := true
+LibItsPki_Pixits.PX_EC_PRIVATE_KEY     := '73AD688448117EFF50BCB044AA9CFD7932023B7A2C62887A1D3B99FED2B5237C'O
+LibItsPki_Pixits.PX_EC_HASH            := 'C4FD3EF2B51CFD605D7D40FA9C1C279B8B8C4D7CB9D40D6044C55F615D750502'O
+LibItsPki_Pixits.PX_EC_HASHED_ID8      := '44C55F615D750502'O
+
+LibItsPki_Pics.PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY        := '5C25F97607DFC62972A147FAD8B7A7C939569F0F95ECD4C641724A68B51836E5'O;
+LibItsPki_Pics.PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY         := '020144E5174B0AFDA86BDB8B643B68D40030F5BDB9A9F090C64852CC3C20C9D5AD'O;
+LibItsPki_Pics.PICS_ITS_S_ENC_NITSP256_PRIVATE_KEY         := 'EDEBEADCAA9514CD4B30256126FB7DF958B911C6EB58CCF702983C3DCD3DECBD'O;
+LibItsPki_Pics.PICS_ITS_S_ENC_NISTP256_PUBLIC_KEY          := '023A4ADDCDD5EE66DAB2116B0C3AB47CCEDAE92CD9ACE98A84B10EB63A9DCA798C'O;
+LibItsPki_Pics.PICS_ITS_S_ENC_BRAINPOOLP256r1_PRIVATE_KEY  := '9F155D40B6C920BA45D8027093C8ADADAF3AA6F9F71F0CC0F8279FF0146A8A48'O;
+LibItsPki_Pics.PICS_ITS_S_ENC_BRAINPOOLP256r1_PUBLIC_KEY   := '038602F468BD334EA4D2BA416295E204D58BD1F42C85FB9BE57237C74544F6A69A'O;
+LibItsPki_Pics.PICS_ITS_S_SIGN_BRAINPOOLP256r1_PRIVATE_KEY := '6D585B716D06F75EC2B8A8ADEBFCE6ED35B0640C2AFBFF25FE48FC81A6732D4F'O;
+LibItsPki_Pics.PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY  := '02A92BA3B770B040B8D958D5BD2CC9B537212D6963F50EA3E4784FEFA5D0454C12'O;
+LibItsPki_Pics.PICS_ITS_S_ENC_BRAINPOOLP384r1_PRIVATE_KEY  := '6B4B4392511B252C904801466F5DA0A7F28E038E6656800CBB0CDCB3D32F862CA4D59CBDC1A19E98E9191582AF1DB3D7'O;
+LibItsPki_Pics.PICS_ITS_S_SIGN_BRAINPOOLP384r1_PRIVATE_KEY := '3CD977195A579787C84D5900F4CB6341E0C3D2750B140C5380E6F03CE3FBA0022F7541DEABDCED4790D313ED8F56ACA8'O;
+LibItsPki_Pics.PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY  := '0243FF5C96984C2C3F5FD5C5F6551C90F5FAEE1E5E8301763E4AF1E9D627F3474E554B82EE98EC4B49808DFF61B35F8313'O;
+LibItsPki_Pics.PICS_ITS_S_CANONICAL_ID                     := '1B4CA1210123AE900BBE6C3EBAE7E87DA20DBDAB1E7B2EC0691C51C1021900AA'O;
+LibItsPki_Pics.PICS_TS_EA_CERTIFICATE_ID                   := "CERT_TS_A_EA"
+LibItsPki_Pics.PICS_TS_AA_CERTIFICATE_ID                   := "CERT_TS_A_AA"
+
+#ItsPki_Pixits.PX_TRIGGER_EC_BEFORE_AT                      := false;
+
+[LOGGING]
+# In this section you can specify the name of the log file and the classes of events
+# you want to log into the file or display on console (standard error).
+
+LogFile := "../logs/%e.%h-%r.%s"
+FileMask := LOG_ALL | USER | DEBUG | MATCHING
+ConsoleMask := LOG_ALL | USER | DEBUG | MATCHING
+#FileMask := ERROR | WARNING | USER | MATCHING | EXECUTOR_RUNTIME | VERDICTOP
+#ConsoleMask := ERROR | WARNING | USER | MATCHING | EXECUTOR_RUNTIME | VERDICTOP
+LogSourceInfo := Stack
+LogEntityName:= Yes
+LogEventTypes:= Yes
+#TimeStampFormat := DateTime
+
+[TESTPORT_PARAMETERS]
+# In this section you can specify parameters that are passed to Test Ports.
+# CAM Layer
+#   next_header     : btpA|btpB (overwrite BTP.type)
+#   header_type     : tsb|gbc
+#   header_sub_type : sh (single hop)
+# DENM Layer
+#   next_header     : btpA|btpB (overwrite BTP.type)
+#   header_type     : tsb|gbc
+# BTP Layer
+#   type            : btpA|btpB
+#   destination port: dst_port
+#   source port     : src_port
+#   device_mode     : Set to 1 if the layer shall encapsulate upper layer PDU
+#   device_mode     : Set to 1 if the layer shall encapsulate upper layer PDU
+# GN Layer
+#   ll_address             : GeoNetworking address of the Test System
+#   latitude               : latitude of the Test System
+#   longitude              : longitude of the Test System
+#   beaconing              : Set to 1 if GnLayer shall start beaconing
+#   Beaconing timer expiry: expiry (ms)
+#   device_mode            : Set to 1 if the layer shall encapsulate upper layer PDU
+#   secured_mode           : Set to 1 if message exchanges shall be signed
+#   encrypted_mode         : Set to 1 if message exchanges shall be encrypted
+#                            NOTE: For signed & encrypted message exchanges, both secured_mode and encrypted_mode shall be set to 1
+#   sec_db_path            : Path to the certificates and keys storage location
+#   hash                   : Hash algorithm to be used when secured mode is set
+#                            Authorized values are SHA-256 or SHA-384
+#                            Default: SHA-256
+#   signature              : Signature algorithm to be used when secured mode is set
+#                            Authorized values are NISTP-256, NISTP-384, BP-256 and BP-384
+#                            Default: NISTP-256
+#   cypher                 : Cyphering algorithm to be used when secured mode is set
+#                            Authorized values are NISTP-256, BP-256 and BP-384
+#                            Default: NISTP-256
+# Pki layer
+#   certificate            : Certificate to be used by the Test System for signature and encryption. Default: CERT_TS_A_AT
+#   peer_certificate       : Certificate to be used by the IUT for signature and encryption. Default: CERT_IUT_A_AT
+# Ethernet layer
+#   mac_src  :Source MAC address
+#   mac_bc   :Broadcast address
+#   eth_type : Ethernet type
+# Commsignia layer
+#   mac_src     : Device MAC address, used to discard packets
+#                 To indicate no filering, use the value 000000000000
+#   mac_bc      : Broadcast address
+#   eth_type    : Ethernet type, used to discard packets
+#   target_host : Device address
+#   target_port : Device port
+#   source_port : Test System port
+#   interface_id: Interface id, used to discard packets
+#   tx_power    : TX power (dB)
+# UDP layer (IP/UDP based on Pcap)
+#   dst_ip  : destination IPv4 address (aa.bb.cc.dd)
+#   dst_port: destination port
+#   src_ip  : source IPv4 address (aa.bb.cc.dd)
+#   src_port: source port
+# Pcap layer
+#   mac_src    : Source MAC address, used to exclude from capture the acket sent by the Test System
+#   filter     : Pcap filter (compliant with tcpdump syntax) 
+#   Online mode:
+#     nic: Local NIC
+#          If set, online mode is used
+#   Offline mode (nic is present but not set):
+#     file        : File to read
+#     frame_offset: Frame offset, used to skip packets with frame number < frame_offset
+#     time_offset : Time offset, used to skip packets with time offset < time_offset
+#     save_mode   : 1 to save sent packet, 0 otherwise
+
+# Single GeoNetworking component port
+# its_aid = 36 CAM
+# its_aid = 37 DENM
+system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secured_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/COMMSIGNIA(mac_src=000000000011,use_vpn=1,target_host=10.8.0.1)/UDP(dst_ip=10.8.0.1,src_port=7943,dst_port=7943)"
+
+# Single HTTP component port
+system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(debug=1,server_mode=1,server=192.168.0.252,port=80,local_port=80,use_ssl=0)"
+
+# GeoNetworking UpperTester port based on UDP
+system.utPort.params := "UT_PKI/UDP(dst_ip=10.8.0.1,dst_port=56000)"
+
+[EXECUTE]
+
+# Check that IUT sends an enrolment request when triggered.
+ItsPki_TestCases.TC_SECPKI_ITSS_ENR_01_BV
+# If the enrolment request of the IUT is an initial enrolment request, the itsId (contained in the InnerECRequest) shall be set to the canonical identifier, the signer (contained in the outer EtsiTs1030971Data-Signed) shall be set to self and the outer signature shall be computed using the canonical private key.
+#ItsPki_TestCases.TC_SECPKI_ITSS_ENR_02_BV
+# In presence of a valid EC, the enrolment request of the IUT is a rekeying enrolment request with the itsId (contained in the InnerECRequest) and the SignerIdentifier (contained in the outer EtsiTs1030971Data-Signed) both declared as digest containing the HashedId8 of the EC and the outer signature computed using the current valid EC private key corresponding to the verification public key.
+#ItsPki_TestCases.TC_SECPKI_ITSS_ENR_03_BV
+#ItsPki_TestCases.TC_SECPKI_ITSS_ENR_06_BV
+#ItsPki_TestCases.TC_SECPKI_ITSS_ENR_07_BV
+
+
+[MAIN_CONTROLLER]
+# The options herein control the behavior of MC.
+KillTimer := 10.0
+LocalAddress := 127.0.0.1
+TCPPort := 12000
+NumHCs := 1
+

etc/AtsPki/AtsPki_Simu.cfg_

@@ -20,6 +20,7 @@ LibItsGeoNetworking_Pixits.PX_NEIGHBOUR_DISCOVERY_DELAY := 2.0
 LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/vagrant/tmp"
 # Configuration sub-directory to access certificate stored in files
 LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert"
+#LibItsSecurity_Pics.PICS_SEC_FIXED_KEYS := true # Seed
 
 LibItsHttp_Pics.PICS_HEADER_CONTENT_TYPE := "application/x-its-request"
 LibItsHttp_Pics.PICS_HEADER_HOST := "192.168.0.252"
@@ -27,10 +28,12 @@ LibItsHttp_Pics.PICS_HEADER_HOST := "192.168.0.252"
 LibItsPki_Pics.PICS_HTTP_POST_URI_EC := "/ea/enrolment"
 LibItsPki_Pics.PICS_HTTP_POST_URI_AT := "/ea/authval"
 LibItsPki_Pics.PICS_HTTP_POST_URI_ATV := "/aa/authorization"
-#LibItsSecurity_Pics.PICS_SEC_FIXED_KEYS := true # Seed
 
 LibItsPki_Pics.PICS_IUT_ITS_S_ROLE   := true
 LibItsPki_Pics.PICS_SECPKI_ENROLMENT := true
+LibItsPki_Pixits.PX_EC_PRIVATE_KEY     := '73AD688448117EFF50BCB044AA9CFD7932023B7A2C62887A1D3B99FED2B5237C'O
+LibItsPki_Pixits.PX_EC_HASH            := 'C4FD3EF2B51CFD605D7D40FA9C1C279B8B8C4D7CB9D40D6044C55F615D750502'O
+LibItsPki_Pixits.PX_EC_HASHED_ID8      := '44C55F615D750502'O
 
 LibItsPki_Pics.PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY        := '5C25F97607DFC62972A147FAD8B7A7C939569F0F95ECD4C641724A68B51836E5'O;
 LibItsPki_Pics.PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY         := '020144E5174B0AFDA86BDB8B643B68D40030F5BDB9A9F090C64852CC3C20C9D5AD'O;
@@ -47,6 +50,8 @@ LibItsPki_Pics.PICS_ITS_S_CANONICAL_ID                     := '1B4CA1210123AE900
 LibItsPki_Pics.PICS_TS_EA_CERTIFICATE_ID                   := "CERT_TS_A_EA"
 LibItsPki_Pics.PICS_TS_AA_CERTIFICATE_ID                   := "CERT_TS_A_AA"
 
+#ItsPki_Pixits.PX_TRIGGER_EC_BEFORE_AT                      := false;
+
 [LOGGING]
 # In this section you can specify the name of the log file and the classes of events
 # you want to log into the file or display on console (standard error).

etc/AtsSecurity/AtsSecurity.cfg

@@ -16,18 +16,18 @@
 #  stationCountryCode := 0, #33,
 #  mid := 'BA749705A41D'O
 #} # Nordsys
-#LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
-#  typeOfAddress := e_initial,
-#  stationType := e_passengerCar, #e_roadSideUnit,
-#  stationCountryCode := 0, #33,
-#  mid := '000000000011'O
-#} # Commsignia
 LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
   typeOfAddress := e_initial,
-  stationType := e_unknown, #e_roadSideUnit,
+  stationType := e_passengerCar, #e_roadSideUnit,
   stationCountryCode := 0, #33,
-  mid := '4c5e0c14d2ea'O
-} # Simu
+  mid := '000000000011'O
+} # Commsignia
+#LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
+#  typeOfAddress := e_initial,
+#  stationType := e_unknown, #e_roadSideUnit,
+#  stationCountryCode := 0, #33,
+#  mid := '4c5e0c14d2ea'O
+#} # Simu
 
 LibItsGeoNetworking_Pixits.PX_GN_UPPER_LAYER := e_btpB
 LibItsBtp_Pixits.PX_DESTINATION_PORT := 2001
@@ -123,8 +123,9 @@ LogEventTypes:= Yes
 # Single GeoNetworking component port
 # its_aid = 36 CAM
 # its_aid = 37 DENM
-system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secured_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/ETH(mac_src=e2b7b30429eb)/PCAP(mac_src=e2b7b30429eb,nic=eth1,filter=and ether proto 0x8947)"
-#system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secured_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/COMMSIGNIA(mac_src=000000000011,use_vpn=1,target_host=10.8.0.1)/UDP(dst_ip=10.8.0.1,src_port=7943,dst_port=7943)"
+# its_aid = 141 GeonNet mgnt
+#system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secu#red_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/ETH(mac_src=e2b7b30429eb)/PCAP(mac_src=e2b7b30429eb,nic=eth1,filter=and ether proto 0x8947)"
+system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secured_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/COMMSIGNIA(mac_src=000000000011,use_vpn=1,target_host=10.8.0.1)/UDP(dst_ip=10.8.0.1,src_port=7943,dst_port=7946)"
 #system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secured_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/COMMSIGNIA(mac_src=000000000011,target_host=10.8.0.1)/UDP_PCAP(dst_ip=10.8.0.1,dst_port=7943,src_ip=192.168.0.154,src_port=39474)/ETH(mac_src=0800275c4959,eth_type=0800)/PCAP(mac_src=0800275c4959,nic=tap0,filter=and (udp port 39474 or udp port 7943))"
 
 #system.geoNetworkingPort.params := "
@@ -138,17 +139,17 @@ system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050
 # CAM UpperTester port based on UDP
 #system.camUtPort.params := "UT_CAM(loopback=1)"
 
-system.denmUtPort.params := "UT_DENM/UDP(dst_ip=192.168.0.250)" # Simulator
-system.camUtPort.params  := "UT_CAM/UDP(dst_ip=192.168.0.250)"
-system.utPort.params  := "UT_GN/UDP(dst_ip=192.168.0.250,src_port=12345)"
+#system.denmUtPort.params := "UT_DENM/UDP(dst_ip=192.168.0.250)" # Simulator
+#system.camUtPort.params  := "UT_CAM/UDP(dst_ip=192.168.0.250)"
+#system.utPort.params  := "UT_GN/UDP(dst_ip=192.168.0.250,src_port=12345)"
 
 #system.denmUtPort.params := "UT_DENM/UDP(dst_ip=172.23.0.1,dst_port=8000)" # Nordsys
 #system.utPort.params     := "UT_CAM/UDP(dst_ip=172.28.128.4)"  # Simulator Siemens
 #system.camUtPort.params  := "UT_CAM/UDP(dst_ip=172.28.128.4)"  # Simulator Siemens
 
-#system.utPort.params     := "UT_CAM/UDP(dst_ip=10.8.0.1,dst_port=56000)" # Commsignia
-#system.camUtPort.params  := "UT_CAM/UDP(dst_ip=10.8.0.1,dst_port=56000)"
-#system.denmUtPort.params := "UT_DENM/UDP(dst_ip=10.8.0.1,dst_port=56000)"
+system.utPort.params     := "UT_CAM/UDP(dst_ip=10.8.0.1,dst_port=56000)" # Commsignia
+system.camUtPort.params  := "UT_CAM/UDP(dst_ip=10.8.0.1,dst_port=56000)"
+system.denmUtPort.params := "UT_DENM/UDP(dst_ip=10.8.0.1,dst_port=56000)"
 
 [EXECUTE]
 
@@ -160,7 +161,7 @@ system.utPort.params  := "UT_GN/UDP(dst_ip=192.168.0.250,src_port=12345)"
 
 # ------------------------- CAM ---------------------------
 # Check that IUT sends the secured CAM using SignedData container.
-ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_01_BV
+#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_01_BV
 
 # Check that IUT sends the secured CAM containing the HeaderInfo field psid set to 'AID_CAM'.
 #ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_02_BV
@@ -216,7 +217,7 @@ ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_01_BV
 #	headerInfo field when it received a CAM containing a request for unrecognized certificate that 
 #	matches with the currently used AA certificate ID of the IUT.
 #	(PICS_SEC_P2P_AT_DISTRIBUTION)
-#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_13_BV
+ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_13_BV
 
 # Check that IUT sends the secured CAM containing the AA certificate in the requestedCertificate headerInfo 
 #	field when it received a CAM containing a request for unrecognized certificate that matches with the known 

etc/TestCodec/TestCodec.cfg

@@ -318,6 +318,7 @@ system.pkiPort.params := "PKI/HTTP(device_mode=1,uri=/its/inner_ec_request,host=
 #TestCodec_Certificates.tc_certificate_asn1c_1
 #TestCodec_Certificates.tc_certificate_asn1c_2
 #TestCodec_Certificates.tc_certificate_gemalto_1
+TestCodec_Certificates.tc_certificate_atos_1
 # Secured messages
 #TestCodec_SecuredMessages.tc_ssp_cam_1
 #TestCodec_SecuredMessages.tc_ssp_cam_2
@@ -353,7 +354,7 @@ system.pkiPort.params := "PKI/HTTP(device_mode=1,uri=/its/inner_ec_request,host=
 #TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_2
 #TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_3
 #TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_4
-TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_5
+#TestCodec_SignedAndEncryptedMessages.tc_decrypted_signed_message_5
 
 # Pki
 #TestCodec_Pki.tc_encode_inner_ec_response_1

ttcn/AtsPki/ItsPki_TestCases.ttcn

@@ -151,47 +151,49 @@ module ItsPki_TestCases {
       function f_verify_http_at_request_from_iut(
                                                  in Request p_request,
                                                  in HeaderLines p_headers,
-                                                 in InnerEcResponse p_inner_ec_resonse,
-                                                 out InnerAtRequest pinner_at_request,
+                                                 out InnerAtRequest p_inner_at_request,
                                                  out HttpMessage p_response,
-                                                 out integer p_result
+                                                 out integer p_result,
+                                                 in template octetstring p_its_id := PICS_ITS_S_CANONICAL_ID,
+                                                 in EnrolmentResponseCode p_force_response_code := ok
                                                  ) runs on ItsPkiHttp {
         // Local variables
         var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
         var EtsiTs102941Data v_etsi_ts_102941_data;
         var Oct16 v_request_hash;
         var Oct16 v_aes_enc_key;
+        var InnerAtResponse v_inner_at_response;
         var template (value) HttpMessage v_response;
         
         log(">>> f_verify_http_at_request_from_iut:", p_request);
         
         p_result := 0;
         
-        if (f_verify_pki_request_message(vc_aaPrivateEncKey, vc_aaWholeHash/*salt*/, vc_aaWholeHash, p_request.body.binary_body.ieee1609dot2_data, false, v_request_hash, v_etsi_ts_102941_data, v_aes_enc_key) == false) { // Cannot decrypt the message
+        if (f_verify_pki_request_message(vc_eaPrivateEncKey, vc_eaWholeHash/*salt*/, vc_eaWholeHash, p_request.body.binary_body.ieee1609dot2_data, false, v_request_hash, v_etsi_ts_102941_data, v_aes_enc_key) == false) { // Cannot decrypt the message
           // Send error message
           v_response := m_http_response(m_http_response_ko(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers, 400, "Bad request")); // Initialize v_reponse with an error message
           // Set verdict
           p_result := -1;
-        } else {/*
-          log("f_verify_http_at_request_from_iut: match ", match(v_etsi_ts_102941_data.content, mw_authorizationRequest(mw_innerEcRequestSignedForPop(mw_signedData(sha256, mw_toBeSignedData(-, mw_headerInfo_inner_pki_request), p_signer))))); // TODO In TITAN, this is the only way to get the unmatching in log
-          if (match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData(sha256, mw_toBeSignedData(-, mw_headerInfo_inner_pki_request), p_signer)))) == false) {
+        } else {
+          log("f_verify_http_at_request_from_iut: match ", match(v_etsi_ts_102941_data.content, mw_authorizationRequest(mw_innerAtRequest))); // TODO In TITAN, this is the only way to get the unmatching in log
+          if (match(v_etsi_ts_102941_data.content, mw_authorizationRequest(mw_innerAtRequest)) == false) {
             // Send error message
-            f_http_build_inner_at_response(p_inner_at_request, cantparse, v_request_hash, -, -, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
+            f_http_build_authorization_response(p_inner_at_request, cantparse, v_request_hash, -, -, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
             // Set verdict
             p_result := -2;
           } else {
-            // Verify signature of mw_innerEcRequestSignedForPop
+            // Verify signature of mw_innerATRequestSignedForPop
             if (f_verify_inner_at_request_signed_for_pop(v_etsi_ts_102941_data, p_inner_at_request) == false) {
               // Send error message
-              f_http_build_inner_at_response(p_inner_at_request, cantparse, v_request_hash, -, -, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
+              f_http_build_authorization_response(p_inner_at_request, cantparse, v_request_hash, -, -, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
               v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
               // Set verdict
               p_result := -3;
             } else {
-              log("f_verify_http_at_request_from_iut: match ", match(p_inner_at_request, mw_innerEcRequest(p_its_id, -, mw_certificate_subject_attributes({mw_appPermissions(c_its_aid_SCR, ?)})))); // TODO In TITAN, this is the only way to get the unmatching in log
-              if (match(p_inner_at_request, mw_innerEcRequest(p_its_id, -, mw_certificate_subject_attributes({mw_appPermissions(c_its_aid_SCR, ?)}))) == false) {
+              log("f_verify_http_at_request_from_iut: match ", match(p_inner_at_request, mw_innerAtRequest/* (p_its_id, -, mw_certificate_subject_attributes({mw_appPermissions(c_its_aid_SCR, ?)})) */)); // TODO In TITAN, this is the only way to get the unmatching in log
+              if (match(p_inner_at_request, mw_innerAtRequest/* (p_its_id, -, mw_certificate_subject_attributes({mw_appPermissions(c_its_aid_SCR, ?)})) */) == false) {
                 // Send error message: Not enrolmentrequest
-                f_http_build_inner_at_response(p_inner_at_request, badcontenttype, v_request_hash, -, -, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
+                f_http_build_authorization_response(p_inner_at_request, badcontenttype, v_request_hash, -, -, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
                 v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
                 // Set verdict
                 p_result := -4;
@@ -199,10 +201,10 @@ module ItsPki_TestCases {
                 // Send OK message
                 log("f_verify_http_at_request_from_iut: Receive ", p_inner_at_request);
                 if (p_force_response_code == ok) {
-                  f_http_build_inner_at_response(p_inner_at_request, ok, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
+                  f_http_build_authorization_response(p_inner_at_request, ok, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
                 } else {
                   log("f_verify_http_at_request_from_iut: Succeed buit force error code ", p_force_response_code);
-                  f_http_build_inner_at_response(p_inner_at_request, p_force_response_code, v_request_hash, -, -, v_aes_enc_key, v_ieee1609dot2_signed_and_encrypted_data);
+                  f_http_build_authorization_response(p_inner_at_request, p_force_response_code, v_request_hash, -, -, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
                 }
                 v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
                 // Set verdict
@@ -210,7 +212,7 @@ module ItsPki_TestCases {
               }
             }
           }
-       */ }
+        }
 
         p_response := valueof(v_response);
         log("<<< f_verify_http_at_request_from_iut: p_response: ", p_response);
@@ -1943,7 +1945,7 @@ module ItsPki_TestCases {
               tc_ac.stop;
 
               // Verify IUT response
-              f_verify_http_at_request_from_iut(v_request.request, v_headers, v_inner_ec_response, v_inner_at_request, v_response, v_result);
+              f_verify_http_at_request_from_iut(v_request.request, v_headers, v_inner_at_request, v_response, v_result);
               // Send response
               if (isvalue(v_response)) {
                 httpPort.send(v_response);

ttcn/AtsSecurity/ItsSecurity_TestCases.ttcn

@@ -6377,7 +6377,7 @@ module ItsSecurity_TestCases {
                         } else {
                             // Check certificate validity period
                             f_getMsgSignerIdentifier (f_getSecuredMessage(v_geoNwInd.msgIn), v_signerIdentifier);
-                            if (not match(v_signerIdentifier.certificate[0].toBeSigned.validityPeriod.start_, Time32:(v_curTime - c_timeLimit, v_curTime + c_timeLimit))) {
+                            if (not match(v_signerIdentifier.certificate[0].toBeSigned.validityPeriod.start_, Time32:(v_curTime - c_timeLimit / 1000000, v_curTime + c_timeLimit / 1000000))) /*In seconds*/{
                                 log("*** " & testcasename() & ": FAIL: GN certificate validity period is not in 5 min range");
                                 f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                             } else {

LibIts @ a944e1ac

-Subproject commit b90de034d822448787ed192b35e5936f4e693427
+Subproject commit a944e1ac531f806374c7b969701bb04363045250

ttcn/TestCodec/TestCodec_Certificates.ttcn

@@ -1127,6 +1127,44 @@ module TestCodec_Certificates {
     }
   } // End of testcase tc_certificate_gemalto_1
   
+  testcase tc_certificate_atos_1() runs on TCType system TCType { // CERT_IUT_A_RCA
+    const octetstring c_cert := '800300810018810d41544f5320524341205445535400000000001c737346860008010280020270800201388002026e8001010101e080010880012481800125818001898180018a8180018b8180018c8180018d818002026f8101020100c080808210179dcf7ad40cdeb56ea2fb11bbd2c438583d6e02f84d29b58fa79c1eccb4538080e4a8bfea2ea231ad647b97c9e7f02eb648f928e2c158e619925b3d1a692a3f6927c077502a7054c4106e75ecb8238be53f3aa313975f0d28f04b4db9f825932d'O; // CERT_IUT_A_RCA.oer
+    var EtsiTs103097Certificate v_cert_dec;
+    var Oct32 v_private_key := 'd79ef1d533b0385463a5d15708e94ff4f0d281cccbef504acd3afbb82dc0499f'O; // CERT_IUT_A_RCA.vkey
+    var bitstring v_enc_msg := oct2bit(c_cert);
+    var integer v_compressedMode;
+    var Oct32 v_publicKeyCompressed := int2oct(0, 32);
+    var Oct32 v_sig := int2oct(0, 32);
+    
+    var integer v_res := decvalue(v_enc_msg, v_cert_dec);
+    if (v_res == 0) {
+      log("Decoded message: ", v_cert_dec);
+      setverdict(pass, "Decoded succeed");
+    } else {
+        setverdict(fail, "Decoding failed");
+    }
+    
+    if (ischosen(v_cert_dec.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0)) {
+      v_compressedMode := 0;
+      v_publicKeyCompressed := v_cert_dec.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0;
+    } else {
+      v_compressedMode := 1;
+      v_publicKeyCompressed := v_cert_dec.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_1;
+    }
+    v_enc_msg := encvalue(v_cert_dec.toBeSigned);
+    if (f_verifyWithEcdsaNistp256WithSha256(
+                                            bit2oct(v_enc_msg), 
+                                            int2oct(0, 32),
+                                            v_cert_dec.signature_.ecdsaNistP256Signature.rSig.x_only & v_cert_dec.signature_.ecdsaNistP256Signature.sSig,
+                                            v_publicKeyCompressed,
+                                            v_compressedMode