Commit baa1c1f4 authored by Yann Garcia's avatar Yann Garcia
Browse files

Finalyze support of AuthorizarionRequest/Response

parent 5cbd336a
......@@ -688,6 +688,7 @@ namespace LibItsSecurity__Functions
* \param[out] p__encrypted__sym__key The encrypted AES 128 symmetric key
* \param[out] p__authentication__vector The tag of the encrypted AES 128 symmetric key
* \param[out] p__nonce The nonce vector
* \param[in] p__use__hardcoded__values In debug mode, set to true to use hardcoded values
* \return The original message
* \see IEEE Std 1609.2-2017 Clause 5.3.5 Public key encryption algorithms: ECIES
* \see https://www.nominet.uk/researchblog/how-elliptic-curve-cryptography-encryption-works/
......@@ -696,25 +697,26 @@ namespace LibItsSecurity__Functions
// TODO Use common function for both fx__encryptWithEciesxxx and fx__decryptWithEciesxxx function
OCTETSTRING fx__encryptWithEciesNistp256WithSha256(const OCTETSTRING& p__toBeEncryptedSecuredMessage, const OCTETSTRING& p__recipientsPublicKeyCompressed, const INTEGER& p__compressedMode, const OCTETSTRING& p__salt, OCTETSTRING& p__publicEphemeralKeyCompressed, INTEGER& p__ephemeralCompressedMode,OCTETSTRING& p__aes__sym__key, OCTETSTRING& p__encrypted__sym__key, OCTETSTRING& p__authentication__vector, OCTETSTRING& p__nonce, const BOOLEAN& p__use__hardcoded__values) {
loggers::get_instance().log_msg(">>> fx__encryptWithEciesNistp256WithSha256: p__toBeEncryptedSecuredMessage: ", p__toBeEncryptedSecuredMessage);
loggers::get_instance().log_msg(">>> fx__encryptWithEciesNistp256WithSha256: p__recipientsPublicKeyCompressed", p__recipientsPublicKeyCompressed);
loggers::get_instance().log_msg(">>> fx__encryptWithEciesNistp256WithSha256: p__recipientsPublicKeyCompressed: ", p__recipientsPublicKeyCompressed);
loggers::get_instance().log(">>> fx__encryptWithEciesNistp256WithSha256: p__compressedMode: %d", static_cast<int>(p__compressedMode));
loggers::get_instance().log_msg(">>> fx__encryptWithEciesNistp256WithSha256: p__salt", p__salt);
loggers::get_instance().log_msg(">>> fx__encryptWithEciesNistp256WithSha256: p__salt: ", p__salt);
loggers::get_instance().log(">>> fx__encryptWithEciesNistp256WithSha256: p__use__hardcoded__values: %x", static_cast<const boolean>(p__use__hardcoded__values));
// 1. Generate new Private/Public Ephemeral key
std::unique_ptr<security_ecc> ec;
if (!p__use__hardcoded__values) {
if (!static_cast<const boolean>(p__use__hardcoded__values)) {
ec.reset(new security_ecc(ec_elliptic_curves::nist_p_256));
if (ec->generate() == -1) {
loggers::get_instance().warning("fx__encryptWithEciesNistp256WithSha256: Failed to generate ephemeral keys");
return OCTETSTRING(0, nullptr);
}
} else {
ec.reset(new security_ecc(ec_elliptic_curves::nist_p_256, str2oct("EE9CC7FBD9EDECEA41F7C8BD258E8D2E988E75BD069ADDCA1E5A38E534AC6818"), str2oct("5AE3C8D9FE0B1FC7438F29417C240F8BF81C358EC1A4D0C6E98D8EDBCC714017"))); // Private/Public ephemeral keys
ec.reset(new security_ecc(ec_elliptic_curves::nist_p_256, str2oct("0722B39ABC7B6C5301CA0408F454F81553D7FE59F492DBF385B6B6D1F81E0F68"))); // Hardcoded private key
}
// 2. Generate and derive shared secret based on recipient's private keys
security_ecc ec_comp(ec_elliptic_curves::nist_p_256, p__recipientsPublicKeyCompressed, (static_cast<int>(p__compressedMode) == 0) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1);
if (p__use__hardcoded__values) {
ec_comp.symmetric_encryption_key(str2oct("A6342013D623AD6C5F6882469673AE33"));
if (static_cast<const boolean>(p__use__hardcoded__values)) { // Set AES encryption key to an harcoded value
ec->symmetric_encryption_key(str2oct("5A4E63B247C714644E85CAC49BD26C81"));
}
if (ec->generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, ec_comp.public_key_x(), ec_comp.public_key_y(), p__salt) == -1) {
loggers::get_instance().warning("fx__encryptWithEciesNistp256WithSha256: Failed to generate and derive secret key");
......
......@@ -400,7 +400,7 @@ int http_codec::encode_body(const LibItsHttp__MessageBodyTypes::HttpMessageBody&
_codecs["http_its"]->encode((Record_Type&)binary_body.ieee1609dot2__data(), p_encoding_buffer); // TODO Use params
#if !defined(GEMALTO_FIX)
#if defined(GEMALTO_FIX) // Temporary fix to be removed
// GEMALTO Encode in hex string
CHARSTRING buf = oct2str(p_encoding_buffer);
p_encoding_buffer = OCTETSTRING(buf.lengthof(), (const unsigned char*)(static_cast<const char*>(buf)));
......@@ -477,7 +477,7 @@ int http_codec::decode_body(TTCN_Buffer& decoding_buffer, LibItsHttp__MessageBod
OCTETSTRING s(decoding_buffer.get_len() - decoding_buffer.get_pos(), decoding_buffer.get_data() + decoding_buffer.get_pos());
loggers::get_instance().log_msg("http_codec::decode_body: raw body=", s);
#if !defined(GEMALTO_FIX)
#if defined(GEMALTO_FIX) // Temporary fix to be removed
// GEMALTO Encode in hex string
if ((s.lengthof() & 0x00000001) == 0x00000001) {
s = int2oct(0, 1) + s;
......
......@@ -86,7 +86,7 @@ USER etsi
RUN cd /home/etsi/dev \
&& git clone -b STF525 --recurse-submodules https://forge.etsi.org/gitlab/ITS/ITS.git ./STF525_Its \
&& cd /home/etsi/dev/STF525_Its/ttcn/LibIts \
&& git checkout STF525
&& git checkout STF525 \
&& cd /home/etsi/dev/STF525_Its/scripts \
&& chmod 775 *.bash devenv.bash.* \
&& cd /home/etsi \
......
[MODULE_PARAMETERS]
# This section shall contain the values of all parameters that are defined in your TTCN-3 modules.
......@@ -16,10 +17,16 @@ LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
LibItsGeoNetworking_Pixits.PX_GN_UPPER_LAYER := e_btpB
LibItsGeoNetworking_Pixits.PX_NEIGHBOUR_DISCOVERY_DELAY := 2.0
#LibItsHttp_Pics.PICS_HEADER_HOST := "127.0.0.1" #"ptsv2.com"
LibItsHttp_Pics.PICS_HEADER_HOST := "etsi.ea.msi-dev.acloud.gemalto.com"
LibItsHttp_Pics.PICS_HEADER_CONTENT_TYPE := "application/x-its-request"
LibItsPki_Pics.PICS_HTTP_GET_URI := "/"
# Gemalto
#LibItsHttp_Pics.PICS_HEADER_HOST := "etsi.ea.msi-dev.acloud.gemalto.com"
#LibItsPki_Pics.PICS_HTTP_POST_URI := "/"
# httpbin.org
LibItsHttp_Pics.PICS_HEADER_HOST := "httpbin.org"
LibItsPki_Pics.PICS_HTTP_POST_URI := "/its"
LibItsSecurity_Pics.PICS_SEC_FIXED_KEYS := true # Seed
# Enable Security support
LibItsGeoNetworking_Pics.PICS_GN_SECURITY := true
......@@ -28,8 +35,6 @@ LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/vagrant/tmp"
# Configuration sub-directory to access certificate stored in files
LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert"
# Seed
LibItsSecurity_Pics.PICS_SEC_FIXED_KEYS := false
[LOGGING]
# In this section you can specify the name of the log file and the classes of events
......@@ -116,11 +121,9 @@ LogEventTypes:= Yes
# Single GeoNetworking component port
system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EA,latitude=43551050,longitude=10298730)/ETH(mac_src=080027500f9b)/PCAP(mac_src=080027500f9b,nic=eth2)"
#system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(debug=1,server=ptsv2.com,use_ssl=0)"
#system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=127.0.0.1,port=8000,use_ssl=0)"
system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=52.85.200.75,port=80,use_ssl=0)"
#system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=etsi.ea.msi-dev.acloud.gemalto.com,port=80,use_ssl=0)"
system.pkiPort.params := "PKI(certificate=CERT_EA)/HTTP(device_mode=1,uri=/its/inner_ec_request,host=httpbin.org,content_type=application/x-its-request)/TCP(server=127.0.0.1,port=8000,use_ssl=0)"
system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=75.75.74.66,port=8000,use_ssl=0)" # httpbin.org
#system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=52.85.200.75,port=80,use_ssl=0)" # Gemalto
#system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=etsi.ea.msi-dev.acloud.gemalto.com,port=80,use_ssl=0)" # Gemalto
# GeoNetworking UpperTester port based on UDP
system.utPort.params := "UT_PKI/UDP(dst_ip=172.23.0.1,dst_port=8000)"
......@@ -129,11 +132,8 @@ system.utPort.params := "UT_PKI/UDP(dst_ip=172.23.0.1,dst_port=8000)"
#ItsPki_TestCases.TC_SEC_PKI_ITSS_ENR_BV_01
#ItsPki_TestCases.TC_SEC_PKI_ITSS_ENR_BV_02
#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_01
#ItsPki_TestCases.TC_SEC_PKI_SND_AA_BV_00
#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_02
ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_03
#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_03
#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_04
#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_05
#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_06
......@@ -144,6 +144,9 @@ ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_03
#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_11
#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_12
ItsPki_TestCases.TC_SEC_PKI_SND_AA_BV_00
[MAIN_CONTROLLER]
# The options herein control the behavior of MC.
KillTimer := 10.0
......
......@@ -351,10 +351,8 @@ system.pkiPort.params := "PKI/HTTP(device_mode=1,uri=/its/inner_ec_request,host=
#TestCodec_Pki.tc_decode_inner_ec_response_1
#TestCodec_Pki.tc_inner_ec_request_1
#TestCodec_Pki.tc_inner_ec_request_2
TestCodec_Pki.tc_inner_ec_request_3
#TestCodec_Pki.tc_inner_ec_response_1
#TestCodec_Pki.tc_inner_ec_response_2
#TestCodec_Pki.tc_inner_ec_response_3
#TestCodec_Pki.tc_inner_ec_request_3
TestCodec_Pki.tc_inner_ec_response_1
#TestCodec_Pki.tc_inner_ec_functions_1
#TestCodec_Pki.tc_inner_ec_functions_2
#TestCodec_Pki.tc_inner_ec_functions_3
......
......@@ -63,6 +63,7 @@ module ItsPki_TestCases {
import from LibItsPki_Functions all;
import from LibItsPki_TestSystem all;
import from LibItsPki_Pics all;
import from LibItsPki_Pixits all;
// AtsPki
import from ItsPki_Functions all;
......@@ -426,20 +427,20 @@ module ItsPki_TestCases {
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID); // Default value: CERT_TS_A_EA, CERT_TS_A_EC, CERT_IUT_A_EA
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
f_http_build_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
f_init_default_headers_list(v_headers);
f_init_default_headers_list(-, "inner_ec_request", v_headers);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
httpPort.send(
m_http_request(
m_http_request_post(
PICS_HTTP_GET_URI,
PICS_HTTP_POST_URI,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
......@@ -541,20 +542,20 @@ module ItsPki_TestCases {
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID); // Default value: CERT_TS_A_EA, CERT_TS_A_EC, CERT_IUT_A_EA
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
f_http_build_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
f_init_default_headers_list(v_headers);
f_init_default_headers_list(-, "inner_ec_request", v_headers);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
httpPort.send(
m_http_request(
m_http_request_post(
PICS_HTTP_GET_URI,
PICS_HTTP_POST_URI,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
......@@ -661,17 +662,17 @@ module ItsPki_TestCases {
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID); // Default value: CERT_TS_A_EA
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
f_http_build_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
f_init_default_headers_list(v_headers);
f_init_default_headers_list(-, "inner_ec_request", v_headers);
httpPort.send(
m_http_request(
m_http_request_post(
PICS_HTTP_GET_URI,
PICS_HTTP_POST_URI,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
......@@ -777,17 +778,17 @@ module ItsPki_TestCases {
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID); // Default value: CERT_TS_A_EA
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
f_http_build_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
f_init_default_headers_list(v_headers);
f_init_default_headers_list(-, "inner_ec_request", v_headers);
httpPort.send(
m_http_request(
m_http_request_post(
PICS_HTTP_GET_URI,
PICS_HTTP_POST_URI,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
......@@ -890,17 +891,17 @@ module ItsPki_TestCases {
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID); // Default value: CERT_TS_A_EA
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
f_http_build_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
f_init_default_headers_list(v_headers);
f_init_default_headers_list(-, "inner_ec_request", v_headers);
httpPort.send(
m_http_request(
m_http_request_post(
PICS_HTTP_GET_URI,
PICS_HTTP_POST_URI,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
......@@ -1002,17 +1003,17 @@ module ItsPki_TestCases {
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID); // Default value: CERT_TS_A_EA
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
f_http_build_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
f_init_default_headers_list(v_headers);
f_init_default_headers_list(-, "inner_ec_request", v_headers);
httpPort.send(
m_http_request(
m_http_request_post(
PICS_HTTP_GET_URI,
PICS_HTTP_POST_URI,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
......@@ -1035,7 +1036,7 @@ module ItsPki_TestCases {
))))))) -> value v_response {
tc_ac.stop;
/*if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
if (f_verify_pki_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
......@@ -1053,7 +1054,7 @@ module ItsPki_TestCases {
log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}*/
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
......@@ -1114,17 +1115,17 @@ module ItsPki_TestCases {
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID); // Default value: CERT_TS_A_EA
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
f_http_build_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
f_init_default_headers_list(v_headers);
f_init_default_headers_list(-, "inner_ec_request", v_headers);
httpPort.send(
m_http_request(
m_http_request_post(
PICS_HTTP_GET_URI,
PICS_HTTP_POST_URI,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
......@@ -1147,7 +1148,7 @@ module ItsPki_TestCases {
))))))) -> value v_response {
tc_ac.stop;
/*if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
if (f_verify_pki_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
......@@ -1160,7 +1161,7 @@ module ItsPki_TestCases {
log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}*/
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
......@@ -1222,17 +1223,17 @@ module ItsPki_TestCases {
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID); // Default value: CERT_TS_A_EA
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
f_http_build_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
f_init_default_headers_list(v_headers);
f_init_default_headers_list(-, "inner_ec_request", v_headers);
httpPort.send(
m_http_request(
m_http_request_post(
PICS_HTTP_GET_URI,
PICS_HTTP_POST_URI,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
......@@ -1255,7 +1256,7 @@ module ItsPki_TestCases {
))))))) -> value v_response {
tc_ac.stop;
/*if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
if (f_verify_pki_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
......@@ -1268,7 +1269,7 @@ module ItsPki_TestCases {
log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}*/
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
......@@ -1328,17 +1329,17 @@ module ItsPki_TestCases {
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID); // Default value: CERT_TS_A_EA
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
f_http_build_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
f_init_default_headers_list(v_headers);
f_init_default_headers_list(-, "inner_ec_request", v_headers);
httpPort.send(
m_http_request(
m_http_request_post(
PICS_HTTP_GET_URI,
PICS_HTTP_POST_URI,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
......@@ -1361,20 +1362,20 @@ module ItsPki_TestCases {
))))))) -> value v_response {
tc_ac.stop;
/*if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
if (f_verify_pki_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16))))) {
log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(mw_issuerIdentifier_self, mw_toBeSignedCertificate_ea, mw_signature_ecdsaNistP256)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(mw_issuerIdentifier_self, mw_toBeSignedCertificate_ea, mw_signature_ecdsaNistP256))))) { // TODO Refine mw_signature_ecdsaNistP256
log("*** " & testcasename() & ": PASS: Well-secured EC certificate received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}*/
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
......@@ -1434,17 +1435,17 @@ module ItsPki_TestCases {
}
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID); // Default value: CERT_TS_A_EA
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
f_http_build_invalid_enrolment_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
f_init_default_headers_list(v_headers);
f_init_default_headers_list(-, "inner_ec_request", v_headers);
httpPort.send(
m_http_request(
m_http_request_post(
PICS_HTTP_GET_URI,
PICS_HTTP_POST_URI,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
......@@ -1467,7 +1468,7 @@ module ItsPki_TestCases {
))))))) -> value v_response {
tc_ac.stop;
/*if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
if (f_verify_pki_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
......@@ -1479,7 +1480,7 @@ module ItsPki_TestCases {
log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}*/
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
......@@ -1537,17 +1538,17 @@ module ItsPki_TestCases {
}
// Test component configuration
f_cfHttpUp(); // Default value: CERT_TS_A_EA
f_cfHttpUp();
// Test adapter configuration
// Preamble
f_http_build_authorization_validation_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data);
f_init_default_headers_list(v_headers);
f_init_default_headers_list(-, "inner_ec_request", v_headers);
httpPort.send(
m_http_request(
m_http_request_post(
PICS_HTTP_GET_URI,
PICS_HTTP_POST_URI,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
......@@ -1624,17 +1625,17 @@ module ItsPki_TestCases {
}
// Test component configuration
f_cfHttpUp(); // Default value: CERT_TS_A_EA
f_cfHttpUp();
// Test adapter configuration
// Preamble
f_http_build_authorization_validation_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data);
f_init_default_headers_list(v_headers);
f_init_default_headers_list(-, "inner_ec_request", v_headers);
httpPort.send(
m_http_request(
m_http_request_post(
PICS_HTTP_GET_URI,
PICS_HTTP_POST_URI,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
......@@ -1686,6 +1687,9 @@ module ItsPki_TestCases {
var Oct32 v_private_key_at;
var Oct32 v_publicKeyCompressed_at;
var integer v_compressedMode_at;
var Oct32 v_private_enc_key_at;
var Oct32 v_publicEncKeyCompressed_at;
var integer v_compressedEncMode_at;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
......@@ -1706,21 +1710,18 @@ module ItsPki_TestCases {
}
// Test component configuration
f_cfHttpUp(
PICS_TS_CERTIFICATE_ID, // TS role is ITS-S
PICS_IUT_AA_CERTIFICATE_ID // Peer certificate, IUT
);
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
f_init_default_headers_list(v_headers);
f_init_default_headers_list(-, "inner_ec_request", v_headers);
// TODO Create a f_await_http_inner_ec_request_response(v_private_key_ec, v_publicKeyCompressed_ec, v_compressedMode_ec, v_inner_ec_response);
f_http_build_inner_ec_request(v_private_key_ec, v_publicKeyCompressed_ec, v_compressedMode_ec, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
httpPort.send(
m_http_request(
m_http_request_post(
PICS_HTTP_GET_URI,
PICS_HTTP_POST_URI,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
......@@ -1745,10 +1746,10 @@ module ItsPki_TestCases {
f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_timeout);
} else {
log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16))))) {
v_inner_ec_response := v_etsi_ts_102941_data.content.enrolmentResponse;
log("*** " & testcasename() & ": INFO: InnerEcResponse received ***");
log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(mw_issuerIdentifier_self, mw_toBeSignedCertificate_ea, mw_signature_ecdsaNistP256)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(mw_issuerIdentifier_self, mw_toBeSignedCertificate_ea, mw_signature_ecdsaNistP256))))) {
v_inner_ec_response := v_etsi_ts_102941_data.content.enrolmentResponse;
log("*** " & testcasename() & ": INFO: Well-secured EA certificate received ***");
log("v_inner_ec_response= ", v_inner_ec_response);
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
} else {
......@@ -1773,7 +1774,18 @@ module ItsPki_TestCases {
} // End of 'alt' statement
// Test Body
f_http_build_inner_at_request(v_private_key_at, v_publicKeyCompressed_at, v_compressedMode_at, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
f_http_build_authorization_request(v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_publicKeyCompressed_at, v_compressedMode_at, v_private_enc_key_at, v_publicEncKeyCompressed_at, v_compressedEncMode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
f_set_headears_list({c_header_content_text}, {"authorization_request"}, v_headers);
log("v_headers= ", v_headers);
httpPort.send(
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] httpPort.receive(
......@@ -1794,14 +1806,15 @@ module ItsPki_TestCases {
} else {
log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
/*if (match(v_etsi_ts_102941_data.content, mw_authorizationValidationResponse(mw_authorizationValidationResponse_ok))) {
// TODO Refined expected mw_authorizationValidationResponse_ok
log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
log(match(v_etsi_ts_102941_data.content, mw_authorizationResponse(mw_innerAtResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(mw_issuerIdentifier_self, mw_toBeSignedCertificate_ea, mw_signature_ecdsaNistP256))))); // TODO In TITAN, this is the only way to get the unmatching in log
if (match(v_etsi_ts_102941_data.content, mw_authorizationResponse(mw_innerAtResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(mw_issuerIdentifier_self, mw_toBeSignedCertificate_ea, mw_signature_ecdsaNistP256))))) {
// TODO Refined expected mw_signature_ecdsaNistP256
log("*** " & testcasename() & ": PASS: Well-secured AT certificate received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}*/
}
}
}
[] tc_ac.timeout {
......@@ -1905,12 +1918,12 @@ module ItsPki_TestCases {
// Test adapter configuration
// Preamble
f_http_build_inner_at_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
f_init_default_headers_list(v_headers);
// TODO f_http_build_inner_at_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);