Merge branch 'STF525' of https://forge.etsi.org/gitlab/ITS/ITS into STF525

b432d53a · Denis Filatov · c77f5f95 · e866dc65 · b432d53a · b432d53a
Commit b432d53a authored Feb 19, 2019 by Denis Filatov
--- a/etc/AtsPki/AtsPki_Commsignia.cfg_
+++ b/etc/AtsPki/AtsPki_Commsignia.cfg_
@@ -23,20 +23,22 @@ LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert"
 #LibItsSecurity_Pics.PICS_SEC_FIXED_KEYS := true # Seed

 LibItsHttp_Pics.PICS_HEADER_CONTENT_TYPE := "application/x-its-request"
-LibItsHttp_Pics.PICS_HEADER_HOST := "192.168.0.252"
+LibItsHttp_Pics.PICS_HEADER_HOST := "10.8.0.2"

 LibItsPki_Pics.PICS_HTTP_POST_URI_EC := "/ea/enrolment"
 LibItsPki_Pics.PICS_HTTP_POST_URI_AT := "/ea/authval"
 LibItsPki_Pics.PICS_HTTP_POST_URI_ATV := "/aa/authorization"

-LibItsPki_Pics.PICS_IUT_ITS_S_ROLE   := true
-LibItsPki_Pics.PICS_SECPKI_ENROLMENT := true
+
+LibItsPki_Pics.PICS_IUT_ITS_S_ROLE     := true
+LibItsPki_Pics.PICS_SECPKI_ENROLMENT   := true
+
 LibItsPki_Pixits.PX_EC_PRIVATE_KEY     := '73AD688448117EFF50BCB044AA9CFD7932023B7A2C62887A1D3B99FED2B5237C'O
 LibItsPki_Pixits.PX_EC_HASH            := 'C4FD3EF2B51CFD605D7D40FA9C1C279B8B8C4D7CB9D40D6044C55F615D750502'O
 LibItsPki_Pixits.PX_EC_HASHED_ID8      := '44C55F615D750502'O

 LibItsPki_Pics.PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY        := '5C25F97607DFC62972A147FAD8B7A7C939569F0F95ECD4C641724A68B51836E5'O;
-LibItsPki_Pics.PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY         := '020144E5174B0AFDA86BDB8B643B68D40030F5BDB9A9F090C64852CC3C20C9D5AD'O;
+LibItsPki_Pics.PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY         := '02834642E2E9B2EA1E6417D9D9ED1BA0BB84450781809AED15CB4BCB55DDCFD77B'O;
 LibItsPki_Pics.PICS_ITS_S_ENC_NITSP256_PRIVATE_KEY         := 'EDEBEADCAA9514CD4B30256126FB7DF958B911C6EB58CCF702983C3DCD3DECBD'O;
 LibItsPki_Pics.PICS_ITS_S_ENC_NISTP256_PUBLIC_KEY          := '023A4ADDCDD5EE66DAB2116B0C3AB47CCEDAE92CD9ACE98A84B10EB63A9DCA798C'O;
 LibItsPki_Pics.PICS_ITS_S_ENC_BRAINPOOLP256r1_PRIVATE_KEY  := '9F155D40B6C920BA45D8027093C8ADADAF3AA6F9F71F0CC0F8279FF0146A8A48'O;
@@ -46,7 +48,7 @@ LibItsPki_Pics.PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY  := '02A92BA3B770B040B
 LibItsPki_Pics.PICS_ITS_S_ENC_BRAINPOOLP384r1_PRIVATE_KEY  := '6B4B4392511B252C904801466F5DA0A7F28E038E6656800CBB0CDCB3D32F862CA4D59CBDC1A19E98E9191582AF1DB3D7'O;
 LibItsPki_Pics.PICS_ITS_S_SIGN_BRAINPOOLP384r1_PRIVATE_KEY := '3CD977195A579787C84D5900F4CB6341E0C3D2750B140C5380E6F03CE3FBA0022F7541DEABDCED4790D313ED8F56ACA8'O;
 LibItsPki_Pics.PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY  := '0243FF5C96984C2C3F5FD5C5F6551C90F5FAEE1E5E8301763E4AF1E9D627F3474E554B82EE98EC4B49808DFF61B35F8313'O;
-LibItsPki_Pics.PICS_ITS_S_CANONICAL_ID                     := '1B4CA1210123AE900BBE6C3EBAE7E87DA20DBDAB1E7B2EC0691C51C1021900AA'O;
+LibItsPki_Pics.PICS_ITS_S_CANONICAL_ID                     := '434F4D4D5349470A0000000000000047'O;
 LibItsPki_Pics.PICS_TS_EA_CERTIFICATE_ID                   := "CERT_TS_A_EA"
 LibItsPki_Pics.PICS_TS_AA_CERTIFICATE_ID                   := "CERT_TS_A_AA"


--- a/etc/AtsPki/AtsPki_Idnomic.cfg_
+++ b/etc/AtsPki/AtsPki_Idnomic.cfg_
@@ -21,7 +21,7 @@ LibItsPki_Pics.PICS_HTTP_POST_URI_AT                 := "/"
 LibItsPki_Pics.PICS_HTTP_POST_URI_ATV                := "/"
 LibItsPki_Pics.PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY  := '5C25F97607DFC62972A147FAD8B7A7C939569F0F95ECD4C641724A68B51836E5'O
 LibItsPki_Pics.PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY   := '020144E5174B0AFDA86BDB8B643B68D40030F5BDB9A9F090C64852CC3C20C9D5AD'O
-LibItsPki_Pics.PICS_ITS_S_CANONICAL_ID               := '1B4CA1210123AE900BBE6C3EBAE7E87DA20DBDAB1E7B2EC0691C51C1021900AA'O;
+LibItsPki_Pics.PICS_ITS_S_CANONICAL_ID               := '455453492d4954532d303031'O
 LibItsPki_Pics.PICS_TS_EA_CERTIFICATE_ID             := "CERT_IDNOMIC_EA"
 LibItsPki_Pics.PICS_TS_AA_CERTIFICATE_ID             := "CERT_IDNOMIC_AA"


--- a/etc/TestCodec/TestCodec.cfg
+++ b/etc/TestCodec/TestCodec.cfg
@@ -19,9 +19,9 @@ LibItsGeoNetworking_Pixits.PX_GN_UPPER_LAYER := e_any
 LibCommon_Time.PX_TAC := 35.0

 # Root path to access certificate stored in files, identified by certficate ID
-LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/vagrant/tmp/gentcert/v3"
+LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/vagrant/tmp/"
 # Configuration sub-directory to access certificate stored in files
-LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "certificates"
+LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert"

 # Seed
 LibItsSecurity_Pics.PICS_SEC_FIXED_KEYS := true
@@ -318,7 +318,8 @@ system.pkiPort.params := "PKI/HTTP(device_mode=1,uri=/its/inner_ec_request,host=
 #TestCodec_Certificates.tc_certificate_asn1c_1
 #TestCodec_Certificates.tc_certificate_asn1c_2
 #TestCodec_Certificates.tc_certificate_gemalto_1
-TestCodec_Certificates.tc_certificate_atos_1
+#TestCodec_Certificates.tc_certificate_atos_1
+TestCodec_Certificates.tc_certificate_atos_2
 # Secured messages
 #TestCodec_SecuredMessages.tc_ssp_cam_1
 #TestCodec_SecuredMessages.tc_ssp_cam_2

--- a/ttcn/AtsPki/ItsPki_Pixits.ttcn
+++ b/ttcn/AtsPki/ItsPki_Pixits.ttcn
@@ -2,8 +2,12 @@ module ItsPki_Pixits {

  modulepar integer PX_RE_ENROLMENT_COUNTER := 2;

+  modulepar integer PX_RE_AUTHORIZATION_COUNTER := 2;
+
  modulepar float PX_RE_ENROLMENT_DELAY := 2.0;
  
+  modulepar float PX_RE_AUTHORIZATION_DELAY := 2.0;
+  
  modulepar boolean PX_TRIGGER_EC_BEFORE_AT := true;
  
 } // End of module ItsPki_Pixits
--- a/ttcn/AtsPki/ItsPki_TestCases.ttcn
+++ b/ttcn/AtsPki/ItsPki_TestCases.ttcn
--- a/LibIts @ c59baf96
+++ b/LibIts @ c59baf96
-Subproject commit a944e1ac531f806374c7b969701bb04363045250
+Subproject commit c59baf961ec499e041a3224fd2308f9381791810
--- a/ttcn/TestCodec/TestCodec_Certificates.ttcn
+++ b/ttcn/TestCodec/TestCodec_Certificates.ttcn
@@ -1127,10 +1127,9 @@ module TestCodec_Certificates {
    }
  } // End of testcase tc_certificate_gemalto_1
  
-  testcase tc_certificate_atos_1() runs on TCType system TCType { // CERT_IUT_A_RCA
-    const octetstring c_cert := '800300810018810d41544f5320524341205445535400000000001c737346860008010280020270800201388002026e8001010101e080010880012481800125818001898180018a8180018b8180018c8180018d818002026f8101020100c080808210179dcf7ad40cdeb56ea2fb11bbd2c438583d6e02f84d29b58fa79c1eccb4538080e4a8bfea2ea231ad647b97c9e7f02eb648f928e2c158e619925b3d1a692a3f6927c077502a7054c4106e75ecb8238be53f3aa313975f0d28f04b4db9f825932d'O; // CERT_IUT_A_RCA.oer
+  testcase tc_certificate_atos_1() runs on TCType system TCType {
+    const octetstring c_cert := '800300810018810d41544f5320524341205445535400000000001c774786860008010280020270800201388002026e8001010101a080010880012481800125818001898180018a8180018b8180018c8180018d818002026f810102c080808210179dcf7ad40cdeb56ea2fb11bbd2c438583d6e02f84d29b58fa79c1eccb45380808a60859a7031188c60db3b3bf0d66c195cef6dcbb002f89e997cbb9f2ea12df5710caf804e665d0b2ea5ba5535c25303c6e0826b889e9141605e7e65b09e40ee'O;
    var EtsiTs103097Certificate v_cert_dec;
-    var Oct32 v_private_key := 'd79ef1d533b0385463a5d15708e94ff4f0d281cccbef504acd3afbb82dc0499f'O; // CERT_IUT_A_RCA.vkey
    var bitstring v_enc_msg := oct2bit(c_cert);
    var integer v_compressedMode;
    var Oct32 v_publicKeyCompressed := int2oct(0, 32);
@@ -1165,6 +1164,39 @@ module TestCodec_Certificates {
    }
  } // End of testcase tc_certificate_atos_1
  
+  testcase tc_certificate_atos_2() runs on TCType system TCType {
+    var EtsiTs103097Certificate v_cert_atos_rca;
+    var EtsiTs103097Certificate v_cert_atos_aa;
+    var EtsiTs103097Certificate v_cert_atos_ea;
+
+    f_loadCertificates(PX_IUT_SEC_CONFIG_NAME);
+
+    f_readCertificate("CERT_ATOS_XX_01", v_cert_atos_rca);
+    f_readCertificate("CERT_ATOS_XX_02", v_cert_atos_aa);
+    f_readCertificate("CERT_ATOS_XX_03", v_cert_atos_ea);
+
+    if (f_verifyCertificateSignatureWithIssuingCertificate(v_cert_atos_rca, v_cert_atos_rca) == false) {
+      setverdict(fail, "Failed to verify RCA certificate with RCA");
+    } else {
+      setverdict(pass, "Succeed to verify RCA certificate with RCA");
+    }
+    if (f_verifyCertificateSignatureWithIssuingCertificate(v_cert_atos_aa, v_cert_atos_rca) == false) {
+      setverdict(fail, "Failed to verify AA certificate with RCA");
+    } else {
+      setverdict(pass, "Succeed to verify AA certificate with RCA");
+    }
+    if (f_verifyCertificateSignatureWithIssuingCertificate(v_cert_atos_ea, v_cert_atos_rca) == false) {
+      setverdict(fail, "Failed to verify EA certificate with RCA");
+    } else {
+      setverdict(pass, "Succeed to verify EA certificate with RCA");
+    }
+    if (f_verifyCertificateSignatureWithIssuingCertificate(v_cert_atos_ea, v_cert_atos_aa) == false) {
+      setverdict(fail, "Failed to verify EA certificate with AA");
+    } else {
+      setverdict(pass, "Succeed to verify EA certificate with AA");
+    }
+  } // End of testcase tc_certificate_atos_2
+  
  group encdec_functions {
        
    function TestEtsiTs103097Certificate(