Commit baa1c1f4 authored by Yann Garcia's avatar Yann Garcia
Browse files

Finalyze support of AuthorizarionRequest/Response

parent 5cbd336a
...@@ -688,6 +688,7 @@ namespace LibItsSecurity__Functions ...@@ -688,6 +688,7 @@ namespace LibItsSecurity__Functions
* \param[out] p__encrypted__sym__key The encrypted AES 128 symmetric key * \param[out] p__encrypted__sym__key The encrypted AES 128 symmetric key
* \param[out] p__authentication__vector The tag of the encrypted AES 128 symmetric key * \param[out] p__authentication__vector The tag of the encrypted AES 128 symmetric key
* \param[out] p__nonce The nonce vector * \param[out] p__nonce The nonce vector
* \param[in] p__use__hardcoded__values In debug mode, set to true to use hardcoded values
* \return The original message * \return The original message
* \see IEEE Std 1609.2-2017 Clause 5.3.5 Public key encryption algorithms: ECIES * \see IEEE Std 1609.2-2017 Clause 5.3.5 Public key encryption algorithms: ECIES
* \see https://www.nominet.uk/researchblog/how-elliptic-curve-cryptography-encryption-works/ * \see https://www.nominet.uk/researchblog/how-elliptic-curve-cryptography-encryption-works/
...@@ -696,25 +697,26 @@ namespace LibItsSecurity__Functions ...@@ -696,25 +697,26 @@ namespace LibItsSecurity__Functions
// TODO Use common function for both fx__encryptWithEciesxxx and fx__decryptWithEciesxxx function // TODO Use common function for both fx__encryptWithEciesxxx and fx__decryptWithEciesxxx function
OCTETSTRING fx__encryptWithEciesNistp256WithSha256(const OCTETSTRING& p__toBeEncryptedSecuredMessage, const OCTETSTRING& p__recipientsPublicKeyCompressed, const INTEGER& p__compressedMode, const OCTETSTRING& p__salt, OCTETSTRING& p__publicEphemeralKeyCompressed, INTEGER& p__ephemeralCompressedMode,OCTETSTRING& p__aes__sym__key, OCTETSTRING& p__encrypted__sym__key, OCTETSTRING& p__authentication__vector, OCTETSTRING& p__nonce, const BOOLEAN& p__use__hardcoded__values) { OCTETSTRING fx__encryptWithEciesNistp256WithSha256(const OCTETSTRING& p__toBeEncryptedSecuredMessage, const OCTETSTRING& p__recipientsPublicKeyCompressed, const INTEGER& p__compressedMode, const OCTETSTRING& p__salt, OCTETSTRING& p__publicEphemeralKeyCompressed, INTEGER& p__ephemeralCompressedMode,OCTETSTRING& p__aes__sym__key, OCTETSTRING& p__encrypted__sym__key, OCTETSTRING& p__authentication__vector, OCTETSTRING& p__nonce, const BOOLEAN& p__use__hardcoded__values) {
loggers::get_instance().log_msg(">>> fx__encryptWithEciesNistp256WithSha256: p__toBeEncryptedSecuredMessage: ", p__toBeEncryptedSecuredMessage); loggers::get_instance().log_msg(">>> fx__encryptWithEciesNistp256WithSha256: p__toBeEncryptedSecuredMessage: ", p__toBeEncryptedSecuredMessage);
loggers::get_instance().log_msg(">>> fx__encryptWithEciesNistp256WithSha256: p__recipientsPublicKeyCompressed", p__recipientsPublicKeyCompressed); loggers::get_instance().log_msg(">>> fx__encryptWithEciesNistp256WithSha256: p__recipientsPublicKeyCompressed: ", p__recipientsPublicKeyCompressed);
loggers::get_instance().log(">>> fx__encryptWithEciesNistp256WithSha256: p__compressedMode: %d", static_cast<int>(p__compressedMode)); loggers::get_instance().log(">>> fx__encryptWithEciesNistp256WithSha256: p__compressedMode: %d", static_cast<int>(p__compressedMode));
loggers::get_instance().log_msg(">>> fx__encryptWithEciesNistp256WithSha256: p__salt", p__salt); loggers::get_instance().log_msg(">>> fx__encryptWithEciesNistp256WithSha256: p__salt: ", p__salt);
loggers::get_instance().log(">>> fx__encryptWithEciesNistp256WithSha256: p__use__hardcoded__values: %x", static_cast<const boolean>(p__use__hardcoded__values));
// 1. Generate new Private/Public Ephemeral key // 1. Generate new Private/Public Ephemeral key
std::unique_ptr<security_ecc> ec; std::unique_ptr<security_ecc> ec;
if (!p__use__hardcoded__values) { if (!static_cast<const boolean>(p__use__hardcoded__values)) {
ec.reset(new security_ecc(ec_elliptic_curves::nist_p_256)); ec.reset(new security_ecc(ec_elliptic_curves::nist_p_256));
if (ec->generate() == -1) { if (ec->generate() == -1) {
loggers::get_instance().warning("fx__encryptWithEciesNistp256WithSha256: Failed to generate ephemeral keys"); loggers::get_instance().warning("fx__encryptWithEciesNistp256WithSha256: Failed to generate ephemeral keys");
return OCTETSTRING(0, nullptr); return OCTETSTRING(0, nullptr);
} }
} else { } else {
ec.reset(new security_ecc(ec_elliptic_curves::nist_p_256, str2oct("EE9CC7FBD9EDECEA41F7C8BD258E8D2E988E75BD069ADDCA1E5A38E534AC6818"), str2oct("5AE3C8D9FE0B1FC7438F29417C240F8BF81C358EC1A4D0C6E98D8EDBCC714017"))); // Private/Public ephemeral keys ec.reset(new security_ecc(ec_elliptic_curves::nist_p_256, str2oct("0722B39ABC7B6C5301CA0408F454F81553D7FE59F492DBF385B6B6D1F81E0F68"))); // Hardcoded private key
} }
// 2. Generate and derive shared secret based on recipient's private keys // 2. Generate and derive shared secret based on recipient's private keys
security_ecc ec_comp(ec_elliptic_curves::nist_p_256, p__recipientsPublicKeyCompressed, (static_cast<int>(p__compressedMode) == 0) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1); security_ecc ec_comp(ec_elliptic_curves::nist_p_256, p__recipientsPublicKeyCompressed, (static_cast<int>(p__compressedMode) == 0) ? ecc_compressed_mode::compressed_y_0 : ecc_compressed_mode::compressed_y_1);
if (p__use__hardcoded__values) { if (static_cast<const boolean>(p__use__hardcoded__values)) { // Set AES encryption key to an harcoded value
ec_comp.symmetric_encryption_key(str2oct("A6342013D623AD6C5F6882469673AE33")); ec->symmetric_encryption_key(str2oct("5A4E63B247C714644E85CAC49BD26C81"));
} }
if (ec->generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, ec_comp.public_key_x(), ec_comp.public_key_y(), p__salt) == -1) { if (ec->generate_and_derive_ephemeral_key(encryption_algotithm::aes_128_ccm, ec_comp.public_key_x(), ec_comp.public_key_y(), p__salt) == -1) {
loggers::get_instance().warning("fx__encryptWithEciesNistp256WithSha256: Failed to generate and derive secret key"); loggers::get_instance().warning("fx__encryptWithEciesNistp256WithSha256: Failed to generate and derive secret key");
......
...@@ -400,7 +400,7 @@ int http_codec::encode_body(const LibItsHttp__MessageBodyTypes::HttpMessageBody& ...@@ -400,7 +400,7 @@ int http_codec::encode_body(const LibItsHttp__MessageBodyTypes::HttpMessageBody&
_codecs["http_its"]->encode((Record_Type&)binary_body.ieee1609dot2__data(), p_encoding_buffer); // TODO Use params _codecs["http_its"]->encode((Record_Type&)binary_body.ieee1609dot2__data(), p_encoding_buffer); // TODO Use params
#if !defined(GEMALTO_FIX) #if defined(GEMALTO_FIX) // Temporary fix to be removed
// GEMALTO Encode in hex string // GEMALTO Encode in hex string
CHARSTRING buf = oct2str(p_encoding_buffer); CHARSTRING buf = oct2str(p_encoding_buffer);
p_encoding_buffer = OCTETSTRING(buf.lengthof(), (const unsigned char*)(static_cast<const char*>(buf))); p_encoding_buffer = OCTETSTRING(buf.lengthof(), (const unsigned char*)(static_cast<const char*>(buf)));
...@@ -477,7 +477,7 @@ int http_codec::decode_body(TTCN_Buffer& decoding_buffer, LibItsHttp__MessageBod ...@@ -477,7 +477,7 @@ int http_codec::decode_body(TTCN_Buffer& decoding_buffer, LibItsHttp__MessageBod
OCTETSTRING s(decoding_buffer.get_len() - decoding_buffer.get_pos(), decoding_buffer.get_data() + decoding_buffer.get_pos()); OCTETSTRING s(decoding_buffer.get_len() - decoding_buffer.get_pos(), decoding_buffer.get_data() + decoding_buffer.get_pos());
loggers::get_instance().log_msg("http_codec::decode_body: raw body=", s); loggers::get_instance().log_msg("http_codec::decode_body: raw body=", s);
#if !defined(GEMALTO_FIX) #if defined(GEMALTO_FIX) // Temporary fix to be removed
// GEMALTO Encode in hex string // GEMALTO Encode in hex string
if ((s.lengthof() & 0x00000001) == 0x00000001) { if ((s.lengthof() & 0x00000001) == 0x00000001) {
s = int2oct(0, 1) + s; s = int2oct(0, 1) + s;
......
...@@ -86,7 +86,7 @@ USER etsi ...@@ -86,7 +86,7 @@ USER etsi
RUN cd /home/etsi/dev \ RUN cd /home/etsi/dev \
&& git clone -b STF525 --recurse-submodules https://forge.etsi.org/gitlab/ITS/ITS.git ./STF525_Its \ && git clone -b STF525 --recurse-submodules https://forge.etsi.org/gitlab/ITS/ITS.git ./STF525_Its \
&& cd /home/etsi/dev/STF525_Its/ttcn/LibIts \ && cd /home/etsi/dev/STF525_Its/ttcn/LibIts \
&& git checkout STF525 && git checkout STF525 \
&& cd /home/etsi/dev/STF525_Its/scripts \ && cd /home/etsi/dev/STF525_Its/scripts \
&& chmod 775 *.bash devenv.bash.* \ && chmod 775 *.bash devenv.bash.* \
&& cd /home/etsi \ && cd /home/etsi \
......
[MODULE_PARAMETERS] [MODULE_PARAMETERS]
# This section shall contain the values of all parameters that are defined in your TTCN-3 modules. # This section shall contain the values of all parameters that are defined in your TTCN-3 modules.
...@@ -16,10 +17,16 @@ LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := { ...@@ -16,10 +17,16 @@ LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
LibItsGeoNetworking_Pixits.PX_GN_UPPER_LAYER := e_btpB LibItsGeoNetworking_Pixits.PX_GN_UPPER_LAYER := e_btpB
LibItsGeoNetworking_Pixits.PX_NEIGHBOUR_DISCOVERY_DELAY := 2.0 LibItsGeoNetworking_Pixits.PX_NEIGHBOUR_DISCOVERY_DELAY := 2.0
#LibItsHttp_Pics.PICS_HEADER_HOST := "127.0.0.1" #"ptsv2.com"
LibItsHttp_Pics.PICS_HEADER_HOST := "etsi.ea.msi-dev.acloud.gemalto.com"
LibItsHttp_Pics.PICS_HEADER_CONTENT_TYPE := "application/x-its-request" LibItsHttp_Pics.PICS_HEADER_CONTENT_TYPE := "application/x-its-request"
LibItsPki_Pics.PICS_HTTP_GET_URI := "/"
# Gemalto
#LibItsHttp_Pics.PICS_HEADER_HOST := "etsi.ea.msi-dev.acloud.gemalto.com"
#LibItsPki_Pics.PICS_HTTP_POST_URI := "/"
# httpbin.org
LibItsHttp_Pics.PICS_HEADER_HOST := "httpbin.org"
LibItsPki_Pics.PICS_HTTP_POST_URI := "/its"
LibItsSecurity_Pics.PICS_SEC_FIXED_KEYS := true # Seed
# Enable Security support # Enable Security support
LibItsGeoNetworking_Pics.PICS_GN_SECURITY := true LibItsGeoNetworking_Pics.PICS_GN_SECURITY := true
...@@ -28,8 +35,6 @@ LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/vagrant/tmp" ...@@ -28,8 +35,6 @@ LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/vagrant/tmp"
# Configuration sub-directory to access certificate stored in files # Configuration sub-directory to access certificate stored in files
LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert" LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert"
# Seed
LibItsSecurity_Pics.PICS_SEC_FIXED_KEYS := false
[LOGGING] [LOGGING]
# In this section you can specify the name of the log file and the classes of events # In this section you can specify the name of the log file and the classes of events
...@@ -116,11 +121,9 @@ LogEventTypes:= Yes ...@@ -116,11 +121,9 @@ LogEventTypes:= Yes
# Single GeoNetworking component port # Single GeoNetworking component port
system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EA,latitude=43551050,longitude=10298730)/ETH(mac_src=080027500f9b)/PCAP(mac_src=080027500f9b,nic=eth2)" system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EA,latitude=43551050,longitude=10298730)/ETH(mac_src=080027500f9b)/PCAP(mac_src=080027500f9b,nic=eth2)"
#system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(debug=1,server=ptsv2.com,use_ssl=0)" system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=75.75.74.66,port=8000,use_ssl=0)" # httpbin.org
#system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=127.0.0.1,port=8000,use_ssl=0)" #system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=52.85.200.75,port=80,use_ssl=0)" # Gemalto
system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=52.85.200.75,port=80,use_ssl=0)" #system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=etsi.ea.msi-dev.acloud.gemalto.com,port=80,use_ssl=0)" # Gemalto
#system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(server=etsi.ea.msi-dev.acloud.gemalto.com,port=80,use_ssl=0)"
system.pkiPort.params := "PKI(certificate=CERT_EA)/HTTP(device_mode=1,uri=/its/inner_ec_request,host=httpbin.org,content_type=application/x-its-request)/TCP(server=127.0.0.1,port=8000,use_ssl=0)"
# GeoNetworking UpperTester port based on UDP # GeoNetworking UpperTester port based on UDP
system.utPort.params := "UT_PKI/UDP(dst_ip=172.23.0.1,dst_port=8000)" system.utPort.params := "UT_PKI/UDP(dst_ip=172.23.0.1,dst_port=8000)"
...@@ -129,11 +132,8 @@ system.utPort.params := "UT_PKI/UDP(dst_ip=172.23.0.1,dst_port=8000)" ...@@ -129,11 +132,8 @@ system.utPort.params := "UT_PKI/UDP(dst_ip=172.23.0.1,dst_port=8000)"
#ItsPki_TestCases.TC_SEC_PKI_ITSS_ENR_BV_01 #ItsPki_TestCases.TC_SEC_PKI_ITSS_ENR_BV_01
#ItsPki_TestCases.TC_SEC_PKI_ITSS_ENR_BV_02 #ItsPki_TestCases.TC_SEC_PKI_ITSS_ENR_BV_02
#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_01 #ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_01
#ItsPki_TestCases.TC_SEC_PKI_SND_AA_BV_00
#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_02 #ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_02
ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_03 #ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_03
#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_04 #ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_04
#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_05 #ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_05
#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_06 #ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_06
...@@ -144,6 +144,9 @@ ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_03 ...@@ -144,6 +144,9 @@ ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_03
#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_11 #ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_11
#ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_12 #ItsPki_TestCases.TC_SEC_PKI_SND_EA_BV_12
ItsPki_TestCases.TC_SEC_PKI_SND_AA_BV_00
[MAIN_CONTROLLER] [MAIN_CONTROLLER]
# The options herein control the behavior of MC. # The options herein control the behavior of MC.
KillTimer := 10.0 KillTimer := 10.0
......
...@@ -351,10 +351,8 @@ system.pkiPort.params := "PKI/HTTP(device_mode=1,uri=/its/inner_ec_request,host= ...@@ -351,10 +351,8 @@ system.pkiPort.params := "PKI/HTTP(device_mode=1,uri=/its/inner_ec_request,host=
#TestCodec_Pki.tc_decode_inner_ec_response_1 #TestCodec_Pki.tc_decode_inner_ec_response_1
#TestCodec_Pki.tc_inner_ec_request_1 #TestCodec_Pki.tc_inner_ec_request_1
#TestCodec_Pki.tc_inner_ec_request_2 #TestCodec_Pki.tc_inner_ec_request_2
TestCodec_Pki.tc_inner_ec_request_3 #TestCodec_Pki.tc_inner_ec_request_3
#TestCodec_Pki.tc_inner_ec_response_1 TestCodec_Pki.tc_inner_ec_response_1
#TestCodec_Pki.tc_inner_ec_response_2
#TestCodec_Pki.tc_inner_ec_response_3
#TestCodec_Pki.tc_inner_ec_functions_1 #TestCodec_Pki.tc_inner_ec_functions_1
#TestCodec_Pki.tc_inner_ec_functions_2 #TestCodec_Pki.tc_inner_ec_functions_2
#TestCodec_Pki.tc_inner_ec_functions_3 #TestCodec_Pki.tc_inner_ec_functions_3
......
This diff is collapsed.
Subproject commit 9762518193609ba46d9b89895ddee2cc9a31cc2c Subproject commit b745c0b23fc463ff118fc60c06831711651b77ec
This diff is collapsed.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment