Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
ITS - Intelligent Transport Systems
ITS
Commits
d0757f86
Commit
d0757f86
authored
Mar 14, 2018
by
garciay
Browse files
STF538: Start Encryption TPs implementation
Start Certificate generation script
parent
f3846dfb
Changes
10
Expand all
Hide whitespace changes
Inline
Side-by-side
ttcn/AtsGenCert/ItsGenCert_Functions.ttcn
View file @
d0757f86
...
...
@@ -25,13 +25,24 @@ module ItsGenCert_Functions {
f_generate_key_pair_nistp256
(
p_certificate_details
.
private_key
,
p_certificate_details
.
public_key_x
,
p_certificate_details
.
public_key_y
);
}
else
if
(
p_certificate_params
.
curve
==
e_brainpool_p256
)
{
f_generate_key_pair_brainpoolp256
(
p_certificate_details
.
private_key
,
p_certificate_details
.
public_key_x
,
p_certificate_details
.
public_key_y
);
}
else
if
(
p_certificate_params
.
curve
==
e_brainpool_p
256
)
{
}
else
if
(
p_certificate_params
.
curve
==
e_brainpool_p
384
)
{
f_generate_key_pair_brainpoolp384
(
p_certificate_details
.
private_key
,
p_certificate_details
.
public_key_x
,
p_certificate_details
.
public_key_y
);
}
else
{
log
(
"f_generate_signing_keys: Unsupported curve"
);
return
-
1
;
}
if
(
p_certificate_params
.
encryption_key
==
true
)
{
if
(
p_certificate_params
.
encryption_curve
==
e_nist_p256
)
{
f_generate_key_pair_nistp256
(
p_certificate_details
.
private_enc_key
,
p_certificate_details
.
public_enc_key_x
,
p_certificate_details
.
public_enc_key_y
);
}
else
if
(
p_certificate_params
.
encryption_curve
==
e_brainpool_p256
)
{
f_generate_key_pair_brainpoolp256
(
p_certificate_details
.
private_enc_key
,
p_certificate_details
.
public_enc_key_x
,
p_certificate_details
.
public_enc_key_y
);
}
else
{
log
(
"f_generate_signing_keys: Unsupported encryption curve"
);
return
-
1
;
}
}
return
0
;
}
// End of function f_generate_signing_keys
...
...
@@ -54,7 +65,30 @@ module ItsGenCert_Functions {
p_certificate_params
.
region
,
p_certificate_params
.
app_permissions
,
p_certificate_params
.
issuing_permissions
)));
)
)
);
if
(
p_certificate_params
.
encryption_key
==
true
)
{
if
(
p_certificate_params
.
encryption_curve
==
e_nist_p256
)
{
p_certificate_details
.
certificate
.
toBeSigned
.
encryptionKey
:=
valueof
(
m_encryptionKey
(
aes128Ccm
,
m_publicEncryptionKey_ecdsaNistP256
(
m_eccP256CurvePoint_uncompressed
(
p_certificate_details
.
public_enc_key_x
,
p_certificate_details
.
public_enc_key_y
)))
);
}
else
if
(
p_certificate_params
.
encryption_curve
==
e_brainpool_p256
)
{
p_certificate_details
.
certificate
.
toBeSigned
.
encryptionKey
:=
valueof
(
m_encryptionKey
(
aes128Ccm
,
m_publicEncryptionKey_eciesBrainpoolP256r1
(
m_eccP256CurvePoint_uncompressed
(
p_certificate_details
.
public_enc_key_x
,
p_certificate_details
.
public_enc_key_y
)))
);
}
}
return
0
;
}
// End of function f_fill_certificate
...
...
@@ -72,37 +106,37 @@ module ItsGenCert_Functions {
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
if
(
p_certificate_params
.
curve
==
e_nist_p256
)
{
v_signature
:=
f_signWithEcdsaNistp256WithSha256
(
bit2oct
(
v_enc_msg
),
p_issuer_certificate_details
.
private_key
);
p_certificate_details
.
certificate
.
signature_
:=
valueof
(
m_signature_ecdsaNistP256
(
m_ecdsaP256Signature
(
m_eccP256CurvePoint_x_only
(
substr
(
v_signature
,
0
,
32
)
),
substr
(
v_signature
,
32
,
32
)
)
));
v_signature
:=
f_signWithEcdsaNistp256WithSha256
(
bit2oct
(
v_enc_msg
),
p_issuer_certificate_details
.
private_key
);
p_certificate_details
.
certificate
.
signature_
:=
valueof
(
m_signature_ecdsaNistP256
(
m_ecdsaP256Signature
(
m_eccP256CurvePoint_x_only
(
substr
(
v_signature
,
0
,
32
)
),
substr
(
v_signature
,
32
,
32
)
)
));
}
else
if
(
p_certificate_params
.
curve
==
e_brainpool_p256
)
{
v_signature
:=
f_signWithEcdsaBrainpoolp256WithSha256
(
bit2oct
(
v_enc_msg
),
p_issuer_certificate_details
.
private_key
);
p_certificate_details
.
certificate
.
signature_
:=
valueof
(
m_signature_ecdsaBrainpoolP256r1
(
m_ecdsaP256Signature
(
m_eccP256CurvePoint_x_only
(
substr
(
v_signature
,
0
,
32
)
),
substr
(
v_signature
,
32
,
32
)
)
));
}
else
if
(
p_certificate_params
.
curve
==
e_brainpool_p
256
)
{
v_signature
:=
f_signWithEcdsaBrainpoolp384WithSha384
(
bit2oct
(
v_enc_msg
),
p_issuer_certificate_details
.
private_key
);
p_certificate_details
.
certificate
.
signature_
:=
valueof
(
m_signature_ecdsaBrainpoolP384r1
(
m_ecdsaP384Signature
(
m_eccP384CurvePoint_x_only
(
substr
(
v_signature
,
0
,
48
)
),
substr
(
v_signature
,
48
,
48
)
)
));
v_signature
:=
f_signWithEcdsaBrainpoolp256WithSha256
(
bit2oct
(
v_enc_msg
),
p_issuer_certificate_details
.
private_key
);
p_certificate_details
.
certificate
.
signature_
:=
valueof
(
m_signature_ecdsaBrainpoolP256r1
(
m_ecdsaP256Signature
(
m_eccP256CurvePoint_x_only
(
substr
(
v_signature
,
0
,
32
)
),
substr
(
v_signature
,
32
,
32
)
)
));
}
else
if
(
p_certificate_params
.
curve
==
e_brainpool_p
384
)
{
v_signature
:=
f_signWithEcdsaBrainpoolp384WithSha384
(
bit2oct
(
v_enc_msg
),
p_issuer_certificate_details
.
private_key
);
p_certificate_details
.
certificate
.
signature_
:=
valueof
(
m_signature_ecdsaBrainpoolP384r1
(
m_ecdsaP384Signature
(
m_eccP384CurvePoint_x_only
(
substr
(
v_signature
,
0
,
48
)
),
substr
(
v_signature
,
48
,
48
)
)
));
}
else
{
log
(
"f_generate_certificate: Unsupported curve"
);
return
-
1
;
...
...
@@ -164,14 +198,31 @@ module ItsGenCert_Functions {
fx_loadCertificates
(
PX_CERTIFICATE_POOL_PATH
,
PX_IUT_SEC_CONFIG_NAME
);
for
(
var
integer
v_counter
:=
0
;
v_counter
<
lengthof
(
p_certificate_details_list
);
v_counter
:=
v_counter
+
1
)
{
log
(
"f_store_certificates: "
,
p_certificate_details_list
[
v_counter
]);
fx_store_certificate
(
p_certificate_details_list
[
v_counter
].
certificate_id
,
p_certificate_details_list
[
v_counter
].
enc_cert
,
p_certificate_details_list
[
v_counter
].
private_key
,
p_certificate_details_list
[
v_counter
].
public_key_x
,
p_certificate_details_list
[
v_counter
].
public_key_y
,
p_certificate_details_list
[
v_counter
].
hashid8
,
p_certificate_details_list
[
v_counter
].
issuer
);
if
(
ispresent
(
p_certificate_details_list
[
v_counter
].
private_enc_key
))
{
fx_store_certificate
(
p_certificate_details_list
[
v_counter
].
certificate_id
,
p_certificate_details_list
[
v_counter
].
enc_cert
,
p_certificate_details_list
[
v_counter
].
private_key
,
p_certificate_details_list
[
v_counter
].
public_key_x
,
p_certificate_details_list
[
v_counter
].
public_key_y
,
p_certificate_details_list
[
v_counter
].
hashid8
,
p_certificate_details_list
[
v_counter
].
issuer
,
p_certificate_details_list
[
v_counter
].
private_enc_key
,
p_certificate_details_list
[
v_counter
].
public_enc_key_x
,
p_certificate_details_list
[
v_counter
].
public_enc_key_y
);
}
else
{
fx_store_certificate
(
p_certificate_details_list
[
v_counter
].
certificate_id
,
p_certificate_details_list
[
v_counter
].
enc_cert
,
p_certificate_details_list
[
v_counter
].
private_key
,
p_certificate_details_list
[
v_counter
].
public_key_x
,
p_certificate_details_list
[
v_counter
].
public_key_y
,
p_certificate_details_list
[
v_counter
].
hashid8
,
p_certificate_details_list
[
v_counter
].
issuer
,
''
O
,
''
O
,
''
O
);
}
}
// End of 'for' statement
return
0
;
...
...
ttcn/AtsGenCert/ItsGenCert_Pics.ttcn
View file @
d0757f86
...
...
@@ -30,7 +30,9 @@ module ItsGenCert_Pics {
c_psidGroupPermissions_all
,
// issuing_permissions
sha256
,
// hash_algorithm
e_nist_p256
,
// curve
"CERT_IUT_A_RCA"
// signed_by
"CERT_IUT_A_RCA"
,
// signed_by
false
,
// encryption_key
omit
// encryption_curve
},
{
"CERT_IUT_A_AA"
,
// certificate_id
...
...
@@ -40,7 +42,9 @@ module ItsGenCert_Pics {
c_psidGroupPermissions_all
,
// issuing_permissions
sha256
,
// hash_algorithm
e_nist_p256
,
// curve
"CERT_IUT_A_RCA"
// signed_by
"CERT_IUT_A_RCA"
,
// signed_by
false
,
// encryption_key
omit
// encryption_curve
},
{
"CERT_IUT_A_AT"
,
// certificate_id
...
...
@@ -50,7 +54,9 @@ module ItsGenCert_Pics {
omit
,
// issuing_permissions
sha256
,
// hash_algorithm
e_nist_p256
,
// curve
"CERT_IUT_A_AA"
// signed_by
"CERT_IUT_A_AA"
,
// signed_by
false
,
// encryption_key
omit
// encryption_curve
},
{
"CERT_IUT_B_AT"
,
// certificate_id
...
...
@@ -60,7 +66,9 @@ module ItsGenCert_Pics {
omit
,
// issuing_permissions
sha256
,
// hash_algorithm
e_nist_p256
,
// curve
"CERT_IUT_A_AA"
// signed_by
"CERT_IUT_A_AA"
,
// signed_by
false
,
// encryption_key
omit
// encryption_curve
},
{
"CERT_IUT_C_AT"
,
// certificate_id
...
...
@@ -70,7 +78,9 @@ module ItsGenCert_Pics {
omit
,
// issuing_permissions
sha256
,
// hash_algorithm
e_nist_p256
,
// curve
"CERT_IUT_A_AA"
// signed_by
"CERT_IUT_A_AA"
,
// signed_by
false
,
// encryption_key
omit
// encryption_curve
},
{
"CERT_IUT_D_AT"
,
// certificate_id
...
...
@@ -80,7 +90,9 @@ module ItsGenCert_Pics {
omit
,
// issuing_permissions
sha256
,
// hash_algorithm
e_nist_p256
,
// curve
"CERT_IUT_A_AA"
// signed_by
"CERT_IUT_A_AA"
,
// signed_by
false
,
// encryption_key
omit
// encryption_curve
},
{
"CERT_IUT_E_AT"
,
// certificate_id
...
...
@@ -90,7 +102,9 @@ module ItsGenCert_Pics {
omit
,
// issuing_permissions
sha256
,
// hash_algorithm
e_nist_p256
,
// curve
"CERT_IUT_A_AA"
// signed_by
"CERT_IUT_A_AA"
,
// signed_by
false
,
// encryption_key
omit
// encryption_curve
},
{
"CERT_IUT_A1_AT"
,
// certificate_id
...
...
@@ -100,7 +114,9 @@ module ItsGenCert_Pics {
omit
,
// issuing_permissions
sha256
,
// hash_algorithm
e_nist_p256
,
// curve
"CERT_IUT_A_AA"
// signed_by
"CERT_IUT_A_AA"
,
// signed_by
false
,
// encryption_key
omit
// encryption_curve
},
{
"CERT_IUT_A2_AT"
,
// certificate_id
...
...
@@ -110,7 +126,9 @@ module ItsGenCert_Pics {
omit
,
// issuing_permissions
sha256
,
// hash_algorithm
e_nist_p256
,
// curve
"CERT_IUT_A_AA"
// signed_by
"CERT_IUT_A_AA"
,
// signed_by
false
,
// encryption_key
omit
// encryption_curve
},
{
"CERT_IUT_A3_AT"
,
// certificate_id
...
...
@@ -120,7 +138,9 @@ module ItsGenCert_Pics {
omit
,
// issuing_permissions
sha256
,
// hash_algorithm
e_nist_p256
,
// curve
"CERT_IUT_A_AA"
// signed_by
"CERT_IUT_A_AA"
,
// signed_by
false
,
// encryption_key
omit
// encryption_curve
},
{
"CERT_IUT_A4_AT"
,
// certificate_id
...
...
@@ -130,7 +150,8 @@ module ItsGenCert_Pics {
omit
,
// issuing_permissions
sha256
,
// hash_algorithm
e_nist_p256
,
// curve
"CERT_IUT_A_AA"
// signed_by
"CERT_IUT_A_AA"
,
// signed_by
false
// encryption_key
},
{
"CERT_IUT_C_RCA"
,
// certificate_id
...
...
@@ -140,7 +161,9 @@ module ItsGenCert_Pics {
c_psidGroupPermissions_all
,
// issuing_permissions
sha256
,
// hash_algorithm
e_nist_p256
,
// curve
"CERT_IUT_A_RCA"
// signed_by
"CERT_IUT_A_RCA"
,
// signed_by
false
,
// encryption_key
omit
// encryption_curve
},
{
"CERT_IUT_CA_AA"
,
// certificate_id
...
...
@@ -150,7 +173,9 @@ module ItsGenCert_Pics {
c_psidGroupPermissions_all
,
// issuing_permissions
sha256
,
// hash_algorithm
e_nist_p256
,
// curve
"CERT_IUT_C_RCA"
// signed_by
"CERT_IUT_C_RCA"
,
// signed_by
false
,
// encryption_key
omit
// encryption_curve
},
{
"CERT_IUT_CC_AA"
,
// certificate_id
...
...
@@ -160,7 +185,9 @@ module ItsGenCert_Pics {
c_psidGroupPermissions_all
,
// issuing_permissions
sha256
,
// hash_algorithm
e_nist_p256
,
// curve
"CERT_IUT_C_RCA"
// signed_by
"CERT_IUT_C_RCA"
,
// signed_by
false
,
// encryption_key
omit
// encryption_curve
},
{
"CERT_IUT_CA1_AT"
,
// certificate_id
...
...
@@ -170,7 +197,9 @@ module ItsGenCert_Pics {
omit
,
// issuing_permissions
sha256
,
// hash_algorithm
e_nist_p256
,
// curve
"CERT_IUT_CC_AA"
// signed_by
"CERT_IUT_CC_AA"
,
// signed_by
false
,
// encryption_key
omit
// encryption_curve
},
{
"CERT_IUT_CA2_AT"
,
// certificate_id
...
...
@@ -180,8 +209,38 @@ module ItsGenCert_Pics {
omit
,
// issuing_permissions
sha256
,
// hash_algorithm
e_nist_p256
,
// curve
"CERT_IUT_CA_AA"
// signed_by
"CERT_IUT_CA_AA"
,
// signed_by
false
,
// encryption_key
omit
// encryption_curve
},
{
"CERT_IUT_E_AA"
,
// certificate_id
omit
,
// region
{
start_
:=
c_2018_01_01_gmt_paris
,
duration
:=
c_six_months
},
// validity_period
omit
,
// app_permissions
c_psidGroupPermissions_all
,
// issuing_permissions
sha256
,
// hash_algorithm
e_nist_p256
,
// curve
"CERT_IUT_A_RCA"
,
// signed_by
true
,
// encryption_key
e_nist_p256
// encryption_curve
},
{
"CERT_IUT_E_AT"
,
// certificate_id
omit
,
// region
{
start_
:=
c_2018_01_01_gmt_paris
,
duration
:=
c_six_months
},
// validity_period
c_appPermissions_all
,
// app_permissions
omit
,
// issuing_permissions
sha256
,
// hash_algorithm
e_nist_p256
,
// curve
"CERT_IUT_E_AA"
,
// signed_by
true
,
// encryption_key
e_nist_p256
// encryption_curve
},
...
...
@@ -197,7 +256,9 @@ module ItsGenCert_Pics {
c_psidGroupPermissions_all
,
// issuing_permissions
sha256
,
// hash_algorithm
e_nist_p256
,
// curve
"CERT_IUT_A_RCA"
// signed_by
"CERT_IUT_A_RCA"
,
// signed_by
false
,
// encryption_key
omit
// encryption_curve
},
{
"CERT_TS_A_AT"
,
// certificate_id
...
...
@@ -207,7 +268,9 @@ module ItsGenCert_Pics {
omit
,
// issuing_permissions
sha256
,
// hash_algorithm
e_nist_p256
,
// curve
"CERT_TS_A_AA"
// signed_by
"CERT_TS_A_AA"
,
// signed_by
false
,
// encryption_key
omit
// encryption_curve
},
{
"CERT_TS_B_AA"
,
// certificate_id
...
...
@@ -217,7 +280,9 @@ module ItsGenCert_Pics {
c_psidGroupPermissions_all
,
// issuing_permissions
sha256
,
// hash_algorithm
e_nist_p256
,
// curve
"CERT_IUT_A_RCA"
// signed_by
"CERT_IUT_A_RCA"
,
// signed_by
false
,
// encryption_key
omit
// encryption_curve
},
{
"CERT_TS_B_AT"
,
// certificate_id
...
...
@@ -227,7 +292,9 @@ module ItsGenCert_Pics {
omit
,
// issuing_permissions
sha256
,
// hash_algorithm
e_nist_p256
,
// curve
"CERT_TS_B_AA"
// signed_by
"CERT_TS_B_AA"
,
// signed_by
false
,
// encryption_key
omit
// encryption_curve
}
}
// End of PICS_CERTFICATES
...
...
ttcn/AtsGenCert/ItsGenCert_TestCases.ttcn
View file @
d0757f86
...
...
@@ -42,9 +42,9 @@ module ItsGencert_TestCases {
// Setup
v_certificate_params
:=
PICS_CERTFICATES
[
v_counter
];
v_details
:=
{
v_certificate_params
.
certificate_id
,
{},
''
O
,
''
O
,
''
O
,
''
O
,
'0000000000000000'O
,
'0000000000000000'O
};
v_details
:=
{
v_certificate_params
.
certificate_id
,
{},
''
O
,
''
O
,
''
O
,
''
O
,
'0000000000000000'O
,
'0000000000000000'O
,
omit
,
omit
,
omit
};
// Generate Private/Public keys for the certificate
// Generate Private/Public
signing and encryption
keys for the certificate
if
(
f_generate_signing_keys
(
v_certificate_params
,
v_details
)
==
-
1
)
{
setverdict
(
fail
,
"Unsupported curve"
);
stop
;
...
...
ttcn/AtsGenCert/ItsGenCert_TypeAndValues.ttcn
View file @
d0757f86
...
...
@@ -76,7 +76,9 @@ module ItsGenCert_TypeAndValues {
SequenceOfPsidGroupPermissions
issuing_permissions
optional
,
HashAlgorithm
hash_algorithm
,
Curve
curve
,
charstring
signed_by
charstring
signed_by
,
boolean
encryption_key
,
Curve
encryption_curve
optional
}
// End of type certificate_params
type
record
of
certificate_params
certificate_params_list
;
...
...
@@ -94,7 +96,10 @@ module ItsGenCert_TypeAndValues {
octetstring
public_key_x
,
octetstring
public_key_y
,
HashedId8
hashid8
,
HashedId8
issuer
HashedId8
issuer
,
octetstring
private_enc_key
optional
,
octetstring
public_enc_key_x
optional
,
octetstring
public_enc_key_y
optional
}
// End of type certificate_details
type
record
of
certificate_details
certificate_details_list
;
...
...
ttcn/AtsSecurity/ItsSecurity_TestCases.ttcn
View file @
d0757f86
...
...
@@ -6749,8 +6749,8 @@ module ItsSecurity_TestCases {
mw_SymmetricCiphertext_aes128ccm
))))) -> value v_geoNwInd {
tc_ac.stop;
// TODO
log("*** " & testcasename() & ": PASS: IUT sends encrypted data successfully ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[PICS_SEC_BRAINPOOL_P256R1 == true] geoNetworkingPort.receive(
mw_geoNwInd(
...
...
@@ -6770,8 +6770,8 @@ module ItsSecurity_TestCases {
mw_SymmetricCiphertext_aes128ccm
))))) -> value v_geoNwInd {
tc_ac.stop;
// TODO
log("*** " & testcasename() & ": PASS: IUT sends encrypted data successfully ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
...
...
@@ -6816,6 +6816,7 @@ module ItsSecurity_TestCases {
testcase TC_SEC_ITSS_SND_ENC_04_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var EtsiTs103097Data v_decryptedMsg;
var GeoNetworkingInd v_geoNwInd;
// Test control
...
...
@@ -6847,10 +6848,16 @@ module ItsSecurity_TestCases {
)))))) -> value v_geoNwInd {
tc_ac.stop;
// TODO Decrypt
//f_getSecuredMessage(v_geoNwInd.msgIn).content.encryptedData.ciphertext.aes128ccm.ccmCiphertext
// TODO Encode decrypted message
// Check matching with mw_etsiTs103097Data
if (f_decrypt(f_getSecuredMessage(v_geoNwInd.msgIn), v_decryptedMsg) == false) {
log("*** " & testcasename() & ": FAIL: Unable to process encryption data ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else if (match(v_decryptedMsg, mw_etsiTs103097Data) == false) {
log("*** " & testcasename() & ": FAIL: Unable to parse EtsiTs103097Data data ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: IUT sends signed and encrypted message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
...
...
@@ -6865,7 +6872,7 @@ module ItsSecurity_TestCases {
} // End of testcase TC_SEC_ITSS_SND_ENC_04_BV
/**
* @desc Check that when the IUT sends SignedAndEcrypted message then it sends the
* @desc Check that when the IUT sends SignedAndE
n
crypted message then it sends the
* EtsiTs103097Data-Encrypted message containing the EtsiTs103097Data-Signed
* structure as the ToBeSignedDataContent.
* <pre>
...
...
@@ -6898,6 +6905,7 @@ module ItsSecurity_TestCases {
testcase TC_SEC_ITSS_SND_ENC_05_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var EtsiTs103097Data v_decryptedMsg;
var GeoNetworkingInd v_geoNwInd;
// Test control
...
...
@@ -6929,11 +6937,17 @@ module ItsSecurity_TestCases {
)))))) -> value v_geoNwInd {
tc_ac.stop;
// TODO Decrypt
//f_getSecuredMessage(v_geoNwInd.msgIn).content.encryptedData.ciphertext.aes128ccm.ccmCiphertext
// TODO Encode decrypted message
// Check matching with mw_etsiTs103097Data_signed
// Check signature
if (f_decrypt(f_getSecuredMessage(v_geoNwInd.msgIn), v_decryptedMsg) == false) {
log("*** " & testcasename() & ": FAIL: Unable to process encryption data ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else if (match(v_decryptedMsg, mw_etsiTs103097Data_signed) == false) {
log("*** " & testcasename() & ": FAIL: Unable to parse signed data ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
// TODO Check signature?
log("*** " & testcasename() & ": PASS: IUT sends signed and encrypted message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
ttcn/TestCodec/TestCodec_Certificates.ttcn
View file @
d0757f86
...
...
@@ -200,6 +200,104 @@ module TestCodec_Certificates {
}
// End of testcase tc_root_certificate_sha256_2
/**
* @desc Root certificate / BrainpoolP256
* @see ETSI TS 103 097 V1.3.1 Clause 7.2.1 Authorization tickets
*/
testcase
tc_root_certificate_sha256_3
()
runs
on
TCType
system
TCType
{
var
template
(
value
)
EtsiTs103097Certificate
v_cert
;
// ETSI TS 103 097 V1.3.1 Clause 6 Bullet 1
var
EtsiTs103097Certificate
v_cert_dec
;
var
charstring
v_certId
:=
"STF538 Root Certificate"
;
var
HashAlgorithm
v_self
:=
sha256
;
// ETSI TS 103 097 V1.3.1 Clause 7.2.3 Root CA certificates Bullet 1
var
SequenceOfPsidSsp
v_appPermissions
:=
{
// ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof
(
m_appPermissions
(
36
,
{
bitmapSsp
:=
'
830001
'
O
})),
valueof
(
m_appPermissions
(
37
,
{
bitmapSsp
:=
'
830001
'
O
}))
};
var
SequenceOfPsidSspRange
v_certIssuePermissions
:=
{
// ETSI TS 103 097 V1.3.1 Clause 7.2.3 Root CA certificates Bullet 3
valueof
(
m_psidSspRange
(
1
))
};
var
Oct32
v_private_key
:=
int2oct
(
0
,
32
);
var
Oct32
v_publicKeyX
:=
int2oct
(
0
,
32
);
var
Oct32
v_publicKeyY
:=
int2oct
(
0
,
32
);
var
Oct32
v_enc_private_key
:=
int2oct
(
0
,
32
);
var
Oct32
v_enc_publicKeyX
:=
int2oct
(
0
,
32
);
var
Oct32
v_enc_publicKeyY
:=
int2oct
(
0
,
32
);
var
HashedId8
v_sha256AndDigest
;
var
Oct32
v_sig
:=
int2oct
(
0
,
32
);
var
bitstring
v_encMsg
:=
''
B
;
// Generate Private/Public keys for signature
f_generate_key_pair_brainpoolp256
(
v_private_key
,
v_publicKeyX
,
v_publicKeyY
);
// Generate Private/Public keys for encryption
f_generate_key_pair_brainpoolp256
(
v_enc_private_key
,
v_enc_publicKeyX
,
v_enc_publicKeyY
);
// Fill Certificate template with the public key
v_cert
:=
m_etsiTs103097Certificate
(
m_issuerIdentifier_self
(
v_self
),
m_toBeSignedCertificate_ca
(
{
name
:=
v_certId
},
v_appPermissions
,
{
m_psidGroupPermissions
(
m_subjectPermissions_explicit
(
v_certIssuePermissions
))
},
m_verificationKeyIndicator_verificationKey
(
m_publicVerificationKey_ecdsaBrainpoolP256
(
m_eccP256CurvePoint_uncompressed
(
v_publicKeyX
,
v_publicKeyY
))),
m_validityPeriod
(
17469212
,
m_duration_years
(
10
)
),
-
,
-
,
m_encryptionKey
(
aes128Ccm
,
m_publicEncryptionKey_eciesBrainpoolP256r1
(
m_eccP256CurvePoint_uncompressed
(
v_enc_publicKeyX
,
v_enc_publicKeyY
)
)
)
)
);
// Encode it ==> Get octetstring
log
(
"Encode template "
,
valueof
(
v_cert
.
toBeSigned
));
v_encMsg
:=
encvalue
(
v_cert
.
toBeSigned
);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig
:=
f_signWithEcdsaBrainpoolp256WithSha256
(
bit2oct
(
v_encMsg
),
v_private_key
);
v_cert
.
signature_
:=
m_signature_ecdsaBrainpoolP256r1
(
m_ecdsaP256Signature
(