Commit cfe16c58 authored by Yann Garcia's avatar Yann Garcia
Browse files

Change module EtsiTs102941MessagesItss into EtsiTs102941MessagesCa

parent 6e49e225
......@@ -3,7 +3,6 @@
<ActiveConfiguration>Default</ActiveConfiguration>
<ProjectProperties>
<MakefileSettings>
<incrementalDependencyRefresh>false</incrementalDependencyRefresh>
<functiontestRuntime>true</functiontestRuntime>
<targetExecutable>bin/TSITS</targetExecutable>
<TTCN3preprocessorDefines>
......@@ -86,6 +85,13 @@
<ExcludeFromBuild>true</ExcludeFromBuild>
</FolderProperties>
</FolderResource>
<FolderResource>
<FolderPath>html</FolderPath>
<FolderProperties>
<CentralStorage>false</CentralStorage>
<ExcludeFromBuild>true</ExcludeFromBuild>
</FolderProperties>
</FolderResource>
<FolderResource>
<FolderPath>javasrc</FolderPath>
<FolderProperties>
......@@ -318,13 +324,25 @@
</FileProperties>
</FileResource>
<FileResource>
<FilePath>ccsrc/Ports/LibIts_ports/Pki_ports/AdapterControlPort_Pki.partC</FilePath>
<FilePath>ccsrc/Ports/LibIts_ports/Pki_ports/AdapterControlPkiPort.cc</FilePath>
<FileProperties>
<ExcludeFromBuild>true</ExcludeFromBuild>
</FileProperties>
</FileResource>
<FileResource>
<FilePath>ccsrc/Ports/LibIts_ports/Pki_ports/AdapterControlPkiPort.hh</FilePath>
<FileProperties>
<ExcludeFromBuild>true</ExcludeFromBuild>
</FileProperties>
</FileResource>
<FileResource>
<FilePath>ccsrc/Ports/LibIts_ports/Pki_ports/UpperTesterPort_Pki.partC</FilePath>
<FileProperties>
<ExcludeFromBuild>true</ExcludeFromBuild>
</FileProperties>
</FileResource>
<FileResource>
<FilePath>ccsrc/Ports/LibIts_ports/Pki_ports/AdapterControlPort_Pki.partH</FilePath>
<FilePath>ccsrc/Ports/LibIts_ports/Pki_ports/UpperTesterPort_Pki.partH</FilePath>
<FileProperties>
<ExcludeFromBuild>true</ExcludeFromBuild>
</FileProperties>
......@@ -336,7 +354,7 @@
</FileProperties>
</FileResource>
<FileResource>
<FilePath>ttcn/LibIts/asn1/Security/TS102921/EtsiTs102941MessagesCA.asn</FilePath>
<FilePath>ttcn/LibIts/asn1/Security/TS102921/EtsiTs102941MessagesItss.asn</FilePath>
<FileProperties>
<ExcludeFromBuild>true</ExcludeFromBuild>
</FileProperties>
......
......@@ -12,7 +12,7 @@
namespace LibItsPki__EncdecDeclarations {
BITSTRING fx__enc__EtsiTs102941Data(const EtsiTs102941MessagesItss::EtsiTs102941Data& p_etsi_ts_102941_data) {
BITSTRING fx__enc__EtsiTs102941Data(const EtsiTs102941MessagesCa::EtsiTs102941Data& p_etsi_ts_102941_data) {
loggers::get_instance().log_msg(">>> fx__enc__EtsiTs102941Data: ", p_etsi_ts_102941_data);
etsi_ts102941_data codec;
......@@ -25,7 +25,7 @@ namespace LibItsPki__EncdecDeclarations {
return oct2bit(os);
}
INTEGER fx__dec__EtsiTs102941Data(BITSTRING& b, EtsiTs102941MessagesItss::EtsiTs102941Data& p_etsi_ts_102941_data) {
INTEGER fx__dec__EtsiTs102941Data(BITSTRING& b, EtsiTs102941MessagesCa::EtsiTs102941Data& p_etsi_ts_102941_data) {
loggers::get_instance().log_msg(">>> fx__dec__EtsiTs102941Data: ", b);
etsi_ts102941_data codec;
......
......@@ -9,7 +9,7 @@
#include "IVIM_ports/AdapterControlPort_IVIM.partC"
#include "MapemSpatem_ports/AdapterControlPort_MapemSpatem.partC"
#include "SremSsem_ports/AdapterControlPort_SremSsem.partC"
//#include "Pki_ports/AdapterControlPort_Pki.partC"
#include "Pki_ports/AdapterControlPort_Pki.partC"
//#include "V2G_ports/AdapterControlPort_V2G.partC"
#else //_NO_SOFTLINKS_
......@@ -20,7 +20,7 @@
#include "AdapterControlPort_MapemSpatem.partC"
#include "AdapterControlPort_SremSsem.partC"
#include "AdapterControlPort_GN.partC"
//#include "AdapterControlPort_Pki.partC"
#include "AdapterControlPort_Pki.partC"
/*
#include "AdapterControlPort_IVIM.partC"
#include "AdapterControlPort_MapemSpatem.partC"
......
......@@ -12,7 +12,7 @@
#include "IVIM_ports/AdapterControlPort_IVIM.partH"
#include "MapemSpatem_ports/AdapterControlPort_MapemSpatem.partH"
#include "SremSsem_ports/AdapterControlPort_SremSsem.partH"
//#include "Pki_ports/AdapterControlPort_Pki.partH"
#include "Pki_ports/AdapterControlPort_Pki.partH"
//#include "V2G_ports/AdapterControlPort_V2G.partH"
#else //_NO_SOFTLINKS_
......@@ -23,7 +23,7 @@
#include "AdapterControlPort_MapemSpatem.partH"
#include "AdapterControlPort_SremSsem.partH"
#include "AdapterControlPort_GN.partH"
//#include "AdapterControlPort_Pki.partH"
#include "AdapterControlPort_Pki.partH"
/*
#include "AdapterControlPort_IVIM.partH"
#include "AdapterControlPort_MapemSpatem.partH"
......
......@@ -9,7 +9,7 @@
#include "IVIM_ports/UpperTesterPort_IVIM.partC"
#include "MapemSpatem_ports/UpperTesterPort_MapemSpatem.partC"
#include "SremSsem_ports/UpperTesterPort_SremSsem.partC"
//#include "Pki_ports/UpperTesterPort_Pki.partC"
#include "Pki_ports/UpperTesterPort_Pki.partC"
//#include "V2G_ports/UpperTesterPort_V2G.partC"
#else //_NO_SOFTLINKS_
......@@ -21,7 +21,7 @@
#include "UpperTesterPort_MapemSpatem.partC"
#include "UpperTesterPort_SremSsem.partC"
#include "UpperTesterPort_GN.partC"
//#include "UpperTesterPort_Pki.partC"
#include "UpperTesterPort_Pki.partC"
/*
#include "UpperTesterPort_IVIM.partC"
//#include "UpperTesterPort_MapSpat.partC"
......
......@@ -13,7 +13,7 @@
#include "IVIM_ports/UpperTesterPort_IVIM.partH"
#include "MapemSpatem_ports/UpperTesterPort_MapemSpatem.partH"
#include "SremSsem_ports/UpperTesterPort_SremSsem.partH"
//#include "Pki_ports/UpperTesterPort_Pki.partH"
#include "Pki_ports/UpperTesterPort_Pki.partH"
//#include "V2G_ports/UpperTesterPort_V2G.partH"
#else //_NO_SOFTLINKS_
......@@ -25,7 +25,7 @@
#include "UpperTesterPort_MapemSpatem.partH"
#include "UpperTesterPort_SremSsem.partH"
#include "UpperTesterPort_GN.partH"
//#include "UpperTesterPort_Pki.partH"
#include "UpperTesterPort_Pki.partH"
/*
#include "UpperTesterPort_IVIM.partH"
//#include "UpperTesterPort_MapSpat.partH"
......
......@@ -76,7 +76,7 @@ void pki_layer::sendMsg(const EtsiTs102941TypesEnrolment::InnerEcResponse& p_inn
loggers::get_instance().log_msg(">>> pki_layer::sendMsg: ", p_inner_ec_response);
// Create the EtsiTs102941Data layer
EtsiTs102941MessagesItss::EtsiTs102941Data etsi_ts_102941_data;
EtsiTs102941MessagesCa::EtsiTs102941Data etsi_ts_102941_data;
etsi_ts_102941_data.content().enrolmentResponse() = p_inner_ec_response;
loggers::get_instance().log_msg("pki_layer::sendMsg: InnerEcResponse: ", etsi_ts_102941_data);
......@@ -139,7 +139,7 @@ void pki_layer::receive_data(OCTETSTRING& data, params& params)
loggers::get_instance().log_msg("pki_layer::receive_data: unsecured_payload=", unsecured_payload);
// Try to extract EtsiTs102941Data
EtsiTs102941MessagesItss::EtsiTs102941Data etsi_ts_102941_data;
EtsiTs102941MessagesCa::EtsiTs102941Data etsi_ts_102941_data;
if (_codec_etsi_ts102941_data.decode(unsecured_payload, etsi_ts_102941_data) == -1) {
// Try with EtsiTs103097Data-Signed
IEEE1609dot2::Ieee1609Dot2Data etsi_ts_1609dot2_data;
......@@ -158,7 +158,7 @@ void pki_layer::receive_data(OCTETSTRING& data, params& params)
loggers::get_instance().warning("pki_layer::sendMsg: Wrong ETSI TS 102 941 protocol version, discard it!");
return;
}
if (etsi_ts_102941_data.content().ischosen(EtsiTs102941MessagesItss::EtsiTs102941DataContent::ALT_enrolmentResponse)) {
if (etsi_ts_102941_data.content().ischosen(EtsiTs102941MessagesCa::EtsiTs102941DataContent::ALT_enrolmentResponse)) {
// Pass it to the ports
to_all_upper_ports(etsi_ts_102941_data.content().enrolmentResponse(), _params);
}
......@@ -232,7 +232,7 @@ int pki_layer::generate_inner_ec_request_signed_for_pop(const OCTETSTRING& p_inn
IEEE1609dot2::Ieee1609Dot2Data ieee_1609dot2_data(pki_layer::ProtocolVersion, ieee_dot2_content);
loggers::get_instance().log_msg("pki_layer::generate_inner_ec_request_signed_for_pop: ieee_1609dot2_data = ", ieee_1609dot2_data);
// Create the EtsiTs102941Data layer (InnerEcRequestSignedForPop)
EtsiTs102941MessagesItss::EtsiTs102941Data etsi_ts_102941_data;
EtsiTs102941MessagesCa::EtsiTs102941Data etsi_ts_102941_data;
etsi_ts_102941_data.content().enrolmentRequest() = ieee_1609dot2_data;
loggers::get_instance().log_msg("pki_layer::generate_inner_ec_request_signed_for_pop: InnerEcRequestSignedForPop: ", etsi_ts_102941_data);
_codec.encode(ieee_1609dot2_data, p_etsi_ts_103097_data);
......
......@@ -2,7 +2,7 @@
#include "loggers.hh"
int etsi_ts102941_data::encode (const EtsiTs102941MessagesItss::EtsiTs102941Data& p_etsi_ts_10291_data, OCTETSTRING& p_data)
int etsi_ts102941_data::encode (const EtsiTs102941MessagesCa::EtsiTs102941Data& p_etsi_ts_10291_data, OCTETSTRING& p_data)
{
loggers::get_instance().log(">>> etsi_ts102941_data::encode: %s", p_etsi_ts_10291_data.get_descriptor()->name);
......@@ -16,7 +16,7 @@ int etsi_ts102941_data::encode (const EtsiTs102941MessagesItss::EtsiTs102941Data
return 0;
}
int etsi_ts102941_data::decode (const OCTETSTRING& p_data, EtsiTs102941MessagesItss::EtsiTs102941Data& p_etsi_ts_10291_data, params* p_params)
int etsi_ts102941_data::decode (const OCTETSTRING& p_data, EtsiTs102941MessagesCa::EtsiTs102941Data& p_etsi_ts_10291_data, params* p_params)
{
loggers::get_instance().log_msg(">>> etsi_ts102941_data::decode: ", p_data);
......
......@@ -3,15 +3,15 @@
#include "codec.hh"
#include "params.hh"
#include "EtsiTs102941MessagesItss.hh"
#include "EtsiTs102941MessagesCa.hh"
class etsi_ts102941_data : public codec<EtsiTs102941MessagesItss::EtsiTs102941Data, EtsiTs102941MessagesItss::EtsiTs102941Data>
class etsi_ts102941_data : public codec<EtsiTs102941MessagesCa::EtsiTs102941Data, EtsiTs102941MessagesCa::EtsiTs102941Data>
{
public:
explicit etsi_ts102941_data() : codec<EtsiTs102941MessagesItss::EtsiTs102941Data, EtsiTs102941MessagesItss::EtsiTs102941Data>() { };
explicit etsi_ts102941_data() : codec<EtsiTs102941MessagesCa::EtsiTs102941Data, EtsiTs102941MessagesCa::EtsiTs102941Data>() { };
virtual ~etsi_ts102941_data() { };
virtual int encode (const EtsiTs102941MessagesItss::EtsiTs102941Data& p_etsi_ts_10291_data, OCTETSTRING& p_data);
virtual int decode (const OCTETSTRING& p_data, EtsiTs102941MessagesItss::EtsiTs102941Data& p_etsi_ts_10291_data, params* p_params = NULL);
virtual int encode (const EtsiTs102941MessagesCa::EtsiTs102941Data& p_etsi_ts_10291_data, OCTETSTRING& p_data);
virtual int decode (const OCTETSTRING& p_data, EtsiTs102941MessagesCa::EtsiTs102941Data& p_etsi_ts_10291_data, params* p_params = NULL);
}; // End of class etsi_ts102941_data
......@@ -344,10 +344,11 @@ system.pkiPort.params := "PKI/HTTP(device_mode=1,uri=/its/inner_ec_request,host=
#TestCodec_Pki.tc_inner_ec_request_3
#TestCodec_Pki.tc_inner_ec_response_1
#TestCodec_Pki.tc_inner_ec_response_2
TestCodec_Pki.tc_inner_ec_response_3
#TestCodec_Pki.tc_inner_ec_functions_1
#TestCodec_Pki.tc_inner_ec_functions_2
#TestCodec_Pki.tc_inner_ec_functions_3
TestCodec_Pki.tc_inner_ec_functions_4
#TestCodec_Pki.tc_inner_ec_functions_4
[MAIN_CONTROLLER]
# The options herein control the behavior of MC.
......
......@@ -25,7 +25,7 @@ module ItsPki_TestCases {
import from EtsiTs102941TypesEnrolment language "ASN.1:1997" all;
import from EtsiTs102941TypesAuthorization language "ASN.1:1997" all;
import from EtsiTs102941TypesAuthorizationValidation language "ASN.1:1997" all;
import from EtsiTs102941MessagesItss language "ASN.1:1997" all;
import from EtsiTs102941MessagesCa language "ASN.1:1997" all;
import from EtsiTs103097Module language "ASN.1:1997" all;
import from ITS_Container language "ASN.1:1997" all;
import from CAM_PDU_Descriptions language "ASN.1:1997" all;
......@@ -96,7 +96,7 @@ module ItsPki_TestCases {
* @see ETSI TS ITS-00546v006 TP 2
* @reference ETSI TS 102 941 [2], clause 6.1.3
*/
testcase TC_SEC_PKI_ITSS_ENR_BV_01() runs on ItsMtc system ItsPkiItssSystem {
testcase TC_SEC_PKI_ITSS_ENR_BV_01() runs on ItsMtc /*system ItsPkiItssSystem*/ {
// Local variables
var Oct32 v_private_key;
var Oct32 v_publicKeyX;
......@@ -254,7 +254,7 @@ module ItsPki_TestCases {
* @see ETSI TS ITS-00546v006 TP 3
* @reference ETSI TS 102 941, clause 6.1.3
*/
testcase TC_SEC_PKI_ITSS_ENR_BV_02() runs on ItsMtc system ItsPkiItssSystem {
testcase TC_SEC_PKI_ITSS_ENR_BV_02() runs on ItsMtc /*system ItsPkiItssSystem*/ {
// Local variables
var Oct32 v_private_key;
var Oct32 v_publicKeyX;
......@@ -295,7 +295,7 @@ module ItsPki_TestCases {
in octetstring p_private_key,
in octetstring p_publicKeyCompressed,
in integer p_compressedMode
) runs on ItsPkiItss system ItsPkiItssSystem {
) runs on ItsPkiItss /*system ItsPkiItssSystem*/ {
// Local variables
// Test component configuration
......@@ -1812,7 +1812,7 @@ module ItsPki_TestCases {
group aa_behavior {
group authorization_request {
/**
* @desc Check that the AA is able to decrypt the AuthorizationRequest message using the encryption private key corresponding to the recipient certificate
* Check that the AA is able to verify the inner signature
......@@ -1935,7 +1935,8 @@ module ItsPki_TestCases {
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse)) { // TODO To be refined
if (match(v_etsi_ts_102941_data.content, mw_authorizationValidationResponse(mw_authorizationValidationResponse_ok))) {
// TODO Refined expected mw_authorizationValidationResponse_ok
log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
......@@ -1955,6 +1956,136 @@ module ItsPki_TestCases {
} // End of testcase TC_SEC_PKI_SND_AA_BV_01
/**
* @desc Check that the AA is able to decrypt the AuthorizationRequest message using the encryption private key corresponding to the recipient certificate
Check that the AA is able to verify the request authenticity using the hmacKey verification
Check that the AA sends the AuthorizationValidationRequest message to the correspondent EA
* <pre>
* Pics Selection: PICS_IUT_AA_ROLE
* Initial conditions:
* with {
* the AA in "operational state"
* authorized with the certificate CERT_AA
* containing encryptionKey (AA_ENC_PUB_KEY)
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT receives an EtsiTs103097Data message
* containing content.encryptedData
* containing recipients
* containing the instance of RecipientInfo
* containing certRecipInfo
* containing recipientId
* indicating HashedId8 of the certificate CERT_AA
* and containing encKey
* indicating symmetric key (S_KEY)
* encrypted with the private key correspondent to the AA_ENC_PUB_KEY
* and containing cyphertext (ENC_DATA)
* containing EtsiTs102941Data
* containing content.authorizationRequest
* containing hmacKey (HMAC)
* and containing sharedAtRequest
* containing keyTag (KEY_TAG)
* and containing eaId (EA_ID)
* indicating HashedId8 of the known EA certificate
* }
* then {
* the IUT is able to decrypt the S_KEY
* using the private key
* corresponding to the AA_ENC_PUB_KEY
* and the IUT is able to decrypt the cypthertext ENC_DATA
* using the S_KEY
* and the IUT is able to verify integrity of HMAC and KEY_TAG
* and the IUT sends the AuthorizationValidationRequest message to the EA
* identified by the EA_ID
* }
* }
* </pre>
*
* @see ETSI TS ITS-00546v006 TP BV
* @reference ETSI TS 102 941, clause 6.2.3.3.1
*/
testcase TC_SEC_PKI_SND_AA_BV_02() runs on ItsPkiHttp system ItsPkiHttpSystem {
var Oct32 v_private_key;
var Oct32 v_publicKeyCompressed;
var integer v_compressedMode;
var HashedId8 v_hash_inner_at_request;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var HeaderLines v_headers;
var HttpMessage v_response;
var EtsiTs102941Data v_etsi_ts_102941_data;
// Test control
if (not PICS_IUT_AA_ROLE) {
log("*** " & testcasename() & ": PICS_IUT_AA_ROLE required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
f_cfHttpUp(
PICS_TS_CERTIFICATE_ID, // TS role is ITS-S
PICS_IUT_AA_CERTIFICATE_ID // Peer certificate, IUT
);
// Test adapter configuration
// Preamble
f_http_build_inner_at_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data, v_hash_inner_at_request);
f_init_default_headers_list(v_headers);
httpPort.send(
m_http_request(
m_http_request_get(
PICS_HTTP_GET_URI,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] httpPort.receive(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_authorizationResponseMessage(
mw_encryptedData(
-,
mw_SymmetricCiphertext_aes128ccm
))))))) -> value v_response {
tc_ac.stop;
if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
if (match(v_etsi_ts_102941_data.content, mw_authorizationValidationResponse(mw_authorizationValidationResponse_ok))) {
// TODO Refined expected mw_authorizationValidationResponse_ok
log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown();
} // End of testcase TC_SEC_PKI_SND_AA_BV_02
} // End of group authorization_request
} // End of group aa_beavior
......
Subproject commit a1a1ccbca9016e26be86f0129a1f31b2252ed0dc
Subproject commit b951e6f197f1fe65a99a0916cf63d6a98a506e09
......@@ -26,7 +26,7 @@ module TestCodec_Pki {
import from EtsiTs102941TypesEnrolment language "ASN.1:1997" all;
import from EtsiTs102941TypesAuthorization language "ASN.1:1997" all;
import from EtsiTs102941TypesAuthorizationValidation language "ASN.1:1997" all;
import from EtsiTs102941MessagesItss language "ASN.1:1997" all;
import from EtsiTs102941MessagesCa language "ASN.1:1997" all;
import from EtsiTs103097Module language "ASN.1:1997" all;
// LibItsCommon
......@@ -572,6 +572,206 @@ module TestCodec_Pki {
}
} // End of testcase tc_inner_ec_response_2
testcase tc_inner_ec_response_3() runs on TCType system TCType {
var Oct32 v_private_key;
var Oct32 v_publicKeyX;
var Oct32 v_publicKeyY;
var Oct32 v_publicKeyCompressed;
var integer v_compressedMode;
var EccP256CurvePoint v_eccPoint;
var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof(m_appPermissions(36, { bitmapSsp := '830001'O })),
valueof(m_appPermissions(37, { bitmapSsp := '830001'O }))
};
var template (value) EtsiTs103097Certificate v_cert;
var EtsiTs103097Certificate v_cert_ts_a_ea;
var EtsiTs103097Certificate v_cert_iut_a_ea;
var Oct32 v_private_key_cert_ts_a_ea;
var Oct32 v_private_key_cert_iut_a_ea;
var Oct32 v_private_enc_key_cert_ts_a_ea;
var Oct32 v_private_enc_key_cert_iut_a_ea;
var Oct8 v_hashed_id8_cert_ts_a_ea;
var Oct8 v_hashed_id8_cert_iut_a_ea;
var Oct32 v_whole_hash_cert_ts_a_ea;
var Oct32 v_whole_hash_cert_iut_a_ea;
var bitstring v_tbs;
var Oct32 v_sig;
var bitstring v_enc_msg;
var HashedId8 v_hashedid8_ea_certificate;
var AuthorizationValidationResponse v_authorization_validation_response;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var bitstring v_ieee1609dot2_signed_and_encrypted_data_msg;
var Ieee1609Dot2Data v_dec_ieee1609dot2_encrypted_and_signed_data;
var Ieee1609Dot2Data v_dec_ieee1609dot2_signed_data;
var bitstring v_dec_authorization_validation_response_msg;
var EtsiTs102941Data v_dec_authorization_validation_response;
var boolean v_ret;
var integer v_result;
if (not(PICS_SEC_FIXED_KEYS)) {
setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true");
stop;
}
f_loadCertificates(PX_IUT_SEC_CONFIG_NAME);
f_readCertificate("CERT_TS_A_EA", v_cert_ts_a_ea);
f_readCertificate("CERT_IUT_A_EA", v_cert_iut_a_ea);
f_readSigningKey("CERT_TS_A_EA", v_private_key_cert_ts_a_ea);
f_readSigningKey("CERT_IUT_A_EA", v_private_key_cert_iut_a_ea);
f_readEncryptingKey("CERT_TS_A_EA", v_private_enc_key_cert_ts_a_ea);
f_readEncryptingKey("CERT_IUT_A_EA", v_private_enc_key_cert_iut_a_ea);
f_getCertificateDigest("CERT_TS_A_EA", v_hashed_id8_cert_ts_a_ea);
f_getCertificateDigest("CERT_IUT_A_EA", v_hashed_id8_cert_iut_a_ea);
f_getCertificateHash("CERT_TS_A_EA", v_whole_hash_cert_ts_a_ea);
f_getCertificateHash("CERT_IUT_A_EA", v_whole_hash_cert_iut_a_ea);
f_generate_key_pair_nistp256(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode);
// Build the EA certificate based on keys
if (v_compressedMode == 0) {
v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_0(v_publicKeyCompressed));
} else {
v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_1(v_publicKeyCompressed));
}
v_cert := m_etsiTs103097Certificate(
m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(f_hashWithSha256('616263'O))),
m_toBeSignedCertificate_at(
v_appPermissions,
m_verificationKeyIndicator_verificationKey(
m_publicVerificationKey_ecdsaNistP256(
v_eccPoint
)),
m_validityPeriod(
17469212,
m_duration_years(10)
),
m_geographicRegion_identifiedRegion(
{
m_identifiedRegion_country_only(12),
m_identifiedRegion_country_only(34)
}
)
)
);
// Encode it ==> Get octetstring
log("Encode template ", valueof(v_cert.toBeSigned));
v_tbs := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_tbs), int2oct(11, 32), v_private_key);
v_cert.signature_ := m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_sig, 0, 32)
),
substr(v_sig, 32, 32)
)
);
log("v_cert= ", v_cert);
// Calculate the whole-hashedid8 of the EA certificate
v_tbs := encvalue(v_cert);
v_hashedid8_ea_certificate := f_HashedId8FromSha256(f_hashWithSha256(bit2oct(v_tbs)));
log("whole-v_hashedid8_ea_certificate= ", v_hashedid8_ea_certificate);
// Create InnerEcResponse message
f_generate_autorization_validation_response(
'DF0185451707BD702C957AB8B8AF827A6FBFBA7777723DDCA40CF6F58DAEA4E4'O,
valueof(v_cert),
v_authorization_validation_response
);
// Build secured PKI message
v_enc_msg := encvalue(m_etsiTs102941Data_v_authorization_validation_response(v_authorization_validation_response));
if (ischosen(v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0)) {
v_ret := f_build_pki_secured_message(v_private_key_cert_iut_a_ea, valueof(m_signerIdentifier_digest(v_hashed_id8_cert_iut_a_ea)), int2oct(0, 8), v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0, 0, bit2oct(v_enc_msg), v_ieee1609dot2_signed_and_encrypted_data);
} else {
v_ret := f_build_pki_secured_message(v_private_key_cert_iut_a_ea, valueof(m_signerIdentifier_digest(v_hashed_id8_cert_iut_a_ea)), int2oct(0, 8), v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1, 1, bit2oct(v_enc_msg), v_ieee1609dot2_signed_and_encrypted_data);
}
if (v_ret == false) {
setverdict(fail, "Failed to secure InnerEcResponse message");
stop;
}
// Encode it
log("To be encoded message: ", v_ieee1609dot2_signed_and_encrypted_data);
v_ieee1609dot2_signed_and_encrypted_data_msg := encvalue(v_ieee1609dot2_signed_and_encrypted_data);
log("Encoded message: ", v_ieee1609dot2_signed_and_encrypted_data_msg);
setverdict(pass, "Encoded succeed");
// Decode encrypted InnerEcResponse
v_result := decvalue(v_ieee1609dot2_signed_and_encrypted_data_msg, v_dec_ieee1609dot2_encrypted_and_signed_data);
if (v_result == 0) {
log("Decoded message: ", v_dec_ieee1609dot2_encrypted_and_signed_data);
setverdict(pass, "Decoded succeed");
if (match(v_dec_ieee1609dot2_encrypted_and_signed_data, v_ieee1609dot2_signed_and_encrypted_data)) {
setverdict(pass, "Decoded match succeed");
} else {
setverdict(fail, "Decoded match failed");
stop;
}
} else {
setverdict(fail, "Decoding failed");
stop;
}
// Decrypt InnerEcResponse
f_decrypt(v_private_enc_key_cert_ts_a_ea, v_dec_ieee1609dot2_encrypted_and_signed_data, v_dec_ieee1609dot2_signed_data);
log("v_dec_ieee1609dot2_signed_data= ", v_dec_ieee1609dot2_signed_data);
// Verify signature
v_tbs := encvalue(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData);
if (ischosen(v_cert_iut_a_ea.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0)) {
v_ret := f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_tbs),
v_whole_hash_cert_iut_a_ea,
v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
v_cert_iut_a_ea.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0,
0);
} else {
v_ret := f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_tbs),
v_whole_hash_cert_iut_a_ea,
v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
v_cert_iut_a_ea.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_1,
1);
}