Loading ttcn/AtsGenCert/ItsGenCert_Functions.ttcn +118 −16 Original line number Original line Diff line number Diff line Loading @@ -6,13 +6,38 @@ module ItsGenCert_Functions { import from EtsiTs103097Module language "ASN.1:1997" all; import from EtsiTs103097Module language "ASN.1:1997" all; // LibItsSecurity // LibItsSecurity import from LibItsSecurity_EncdecDeclarations all; import from LibItsSecurity_TypesAndValues all; import from LibItsSecurity_Templates all; import from LibItsSecurity_Templates all; import from LibItsSecurity_Functions all; import from LibItsSecurity_Pixits all; // AtsGenCert // AtsGenCert import from ItsGenCert_TypeAndValues all; import from ItsGenCert_TypeAndValues all; import from ItsGenCert_Templates all; import from ItsGenCert_Templates all; import from ItsGenCert_Pics all; import from ItsGenCert_Pics all; function f_generate_signing_keys( in certificate_params p_certificate_params, inout certificate_details p_certificate_details ) return integer { if (p_certificate_params.curve == e_nist_p256) { f_generate_key_pair_nistp256(p_certificate_details.private_key, p_certificate_details.public_key_x, p_certificate_details.public_key_y); } else if (p_certificate_params.curve == e_brainpool_p256) { f_generate_key_pair_brainpoolp256(p_certificate_details.private_key, p_certificate_details.public_key_x, p_certificate_details.public_key_y); } else if (p_certificate_params.curve == e_brainpool_p256) { f_generate_key_pair_brainpoolp384(p_certificate_details.private_key, p_certificate_details.public_key_x, p_certificate_details.public_key_y); } else { log("f_generate_signing_keys: Unsupported curve"); return -1; } log("f_generate_signing_keys: p_certificate_details.certificate = ", p_certificate_details.certificate); return 0; } // End of function f_generate_signing_keys function f_fill_certificate( function f_fill_certificate( in certificate_params p_certificate_params, in certificate_params p_certificate_params, inout certificate_details p_certificate_details inout certificate_details p_certificate_details Loading @@ -36,32 +61,109 @@ module ItsGenCert_Functions { p_certificate_details.certificate.toBeSigned.certIssuePermissions := { valueof(m_psidGroupPermissions(m_subjectPermissions_all)) }; p_certificate_details.certificate.toBeSigned.certIssuePermissions := { valueof(m_psidGroupPermissions(m_subjectPermissions_all)) }; } else { } else { // TODO // TODO log("f_fill_certificate: To be done"); return -1; } } log("p_certificate_details.certificate = ", p_certificate_details.certificate); log("f_fill_certificate: p_certificate_details.certificate = ", p_certificate_details.certificate); return 0; return 0; } // End of function f_fill_certificate } // End of function f_fill_certificate function f_finalyse_certificate( function f_generate_certificate( in certificate_params p_certificate_params, in certificate_params p_certificate_params, inout certificate_details p_certificate_details inout certificate_details p_certificate_details ) return integer { ) return integer { var bitstring v_enc_msg; var octetstring v_signature; // Encode it ==> Get octetstring v_enc_msg := encvalue(p_certificate_details.certificate.toBeSigned); // Sign the certificate using ECDSA/SHA-256 (NIST p-256) if (p_certificate_params.curve == e_nist_p256) { v_signature := f_signWithEcdsaNistp256WithSha256(bit2oct(v_enc_msg), p_certificate_details.private_key); p_certificate_details.certificate.signature_ := valueof( m_signature_ecdsaNistP256( m_ecdsaP256Signature( m_eccP256CurvePoint_x_only( substr(v_signature, 0, 32) ), substr(v_signature, 32, 32) ) )); } else if (p_certificate_params.curve == e_brainpool_p256) { v_signature := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_enc_msg), p_certificate_details.private_key); p_certificate_details.certificate.signature_ := valueof( m_signature_ecdsaBrainpoolP256r1( m_ecdsaP256Signature( m_eccP256CurvePoint_x_only( substr(v_signature, 0, 32) ), substr(v_signature, 32, 32) ) )); } else if (p_certificate_params.curve == e_brainpool_p256) { v_signature := f_signWithEcdsaBrainpoolp384WithSha384(bit2oct(v_enc_msg), p_certificate_details.private_key); p_certificate_details.certificate.signature_ := valueof(m_signature_ecdsaBrainpoolP384r1( m_ecdsaP384Signature( m_eccP384CurvePoint_x_only( substr(v_signature, 0, 48) ), substr(v_signature, 48, 48) ) )); } else { log("f_generate_certificate: Unsupported curve"); return -1; return -1; } // End of function f_finalyse_certificate } log("f_generate_certificate: p_certificate_details = ", p_certificate_details); function f_get_certificate_params( in charstring p_certificate_id, out certificate_params p_certificate_params ) return integer { for (var integer v_counter := 0; v_counter < lengthof(PICS_CERTFICATES); v_counter := v_counter + 1) { if (PICS_CERTFICATES[v_counter].certificate_id == p_certificate_id) { p_certificate_params := PICS_CERTFICATES[v_counter]; return 0; return 0; } // End of function f_generate_certificate function f_finalyse_certificate( in certificate_params p_certificate_params, in certificate_details_list p_certificate_details_list, inout certificate_details p_certificate_details ) return integer { // Set the issuer if (p_certificate_params.certificate_id == p_certificate_params.signed_by) { // Root certificate // Nothing to do, isuuer is already set to self } else { // Other certificate // Find the issuer in the list var integer v_counter; for (v_counter := 0; v_counter < lengthof(p_certificate_details_list); v_counter := v_counter + 1) { if (p_certificate_details_list[v_counter].certificate_id == p_certificate_params.signed_by) { p_certificate_details.issuer := p_certificate_details_list[v_counter].hashid8; if (p_certificate_params.hash_algorithm == sha256) { p_certificate_details.certificate.issuer.sha256AndDigest := p_certificate_details_list[v_counter].hashid8; } else if (p_certificate_params.hash_algorithm == sha384) { p_certificate_details.certificate.issuer.sha384AndDigest := p_certificate_details_list[v_counter].hashid8; } else { log("f_finalyse_certificate: Unsupported hash algorithm"); return -1; } } } } // End of 'for' statement } // End of 'for' statement if (v_counter == lengthof(p_certificate_details_list)) { log("f_finalyse_certificate: issuer not found"); return -1; return -1; } // End of function f_get_certificate_params } } // Encode the certificate p_certificate_details.enc_cert := bit2oct(encvalue(p_certificate_details.certificate)); // Calculate the HashedId8 if (p_certificate_params.hash_algorithm == sha256) { p_certificate_details.hashid8 := f_HashedId8FromSha256(f_hashWithSha256(p_certificate_details.enc_cert)); } else { p_certificate_details.hashid8 := f_HashedId8FromSha384(f_hashWithSha384(p_certificate_details.enc_cert)); } log("f_finalyse_certificate: p_certificate_details = ", p_certificate_details); return 0; } // End of function f_finalyse_certificate } // End of module ItsGenCert_Functions } // End of module ItsGenCert_Functions ttcn/AtsGenCert/ItsGencert_TestCases.ttcn→ttcn/AtsGenCert/ItsGenCert_TestCases.ttcn +27 −11 Original line number Original line Diff line number Diff line Loading @@ -28,32 +28,48 @@ module ItsGencert_TestCases { import from ItsGenCert_Pics all; import from ItsGenCert_Pics all; testcase TC_GEN_CERT_BV() runs on TCType system TCType { testcase TC_GEN_CERT_BV() runs on TCType system TCType { var certificate_details_list v_certificate_details_list; var integer v_idx := 0; for (var integer v_counter := 0; v_counter < lengthof(PICS_CERTFICATES); v_counter := v_counter + 1) { for (var integer v_counter := 0; v_counter < lengthof(PICS_CERTFICATES); v_counter := v_counter + 1) { var certificate_details v_details; var certificate_details v_details := {}; var template (value) EtsiTs103097Certificate v_certificate; var template (value) EtsiTs103097Certificate v_certificate; var certificate_params v_certificate_params := PICS_CERTFICATES[v_counter]; var certificate_params v_certificate_params := PICS_CERTFICATES[v_counter]; // Setup v_certificate_details_list[v_idx] := v_details; v_details.certificate_id := v_certificate_params.certificate_id; log("v_certificate_details_list[", v_idx, "] = ", v_certificate_details_list[v_idx]); // Generate Private/Public keys for the certificate // Generate Private/Public keys for the certificate if (v_certificate_params.curve == e_nist_p256) { if (f_generate_signing_keys(v_certificate_params, v_details) == -1) { f_generate_key_pair_nistp256(v_details.private_key, v_details.public_key_x, v_details.public_key_y); } else if (v_certificate_params.curve == e_brainpool_p256) { f_generate_key_pair_brainpoolp256(v_details.private_key, v_details.public_key_x, v_details.public_key_y); } else if (v_certificate_params.curve == e_brainpool_p256) { f_generate_key_pair_brainpoolp384(v_details.private_key, v_details.public_key_x, v_details.public_key_y); } else { setverdict(fail, "Unsupported curve"); setverdict(fail, "Unsupported curve"); stop; stop; } } // Build the certificate templates // Build the certificate templates f_fill_certificate(v_certificate_params, v_details); if (f_fill_certificate(v_certificate_params, v_details) == -1) { setverdict(fail, "Failed to build the certificate templates"); stop; } // Generate the certificate if (f_generate_certificate(v_certificate_params, v_details) == -1) { setverdict(fail, "Failed to generate the certificate"); stop; } v_certificate_details_list[v_idx] := v_details; if (f_finalyse_certificate(v_certificate_params, v_certificate_details_list, v_details) == -1) { setverdict(fail, "Failed to finalyse the certificate"); stop; } f_finalyse_certificate(v_certificate_params, v_details); log("v_certificate_details_list[", v_idx, "] = ", v_certificate_details_list[v_idx]); v_idx := v_idx + 1; } // End of 'for' statement } // End of 'for' statement setverdict(pass); setverdict(pass); } // End of testcase TC_SEC_ITSS_SND_MSG_01_BV } // End of testcase TC_GEN_CERT_BV control { control { execute(TC_GEN_CERT_BV()); execute(TC_GEN_CERT_BV()); Loading ttcn/AtsGenCert/ItsGenCert_TypeAndValues.ttcn +24 −9 Original line number Original line Diff line number Diff line Loading @@ -21,6 +21,19 @@ module ItsGenCert_TypeAndValues { * @desc One year duration * @desc One year duration */ */ const Duration c_one_year := { years := 1 }; const Duration c_one_year := { years := 1 }; /** * @desc CA application permissions */ const PsidSsp c_appPermissions_cam := { psid := 36, ssp := { bitmapSsp := '830001'O } }; /** * @desc DENM application permissions */ const PsidSsp c_appPermissions_denm := { psid := 37, ssp := { bitmapSsp := '830001'O } }; /** * @desc GeoNetworking application permissions */ const PsidSsp c_appPermissions_mgmt := { psid := 141, ssp := { bitmapSsp := '830001'O } }; // TODO Add MAPEM/SPATEM/POI/IS /** /** * @desc This record contains, for each certificate, the parameters to generate it * @desc This record contains, for each certificate, the parameters to generate it Loading @@ -44,6 +57,7 @@ module ItsGenCert_TypeAndValues { } // End of type Curve } // End of type Curve type record certificate_details { type record certificate_details { charstring certificate_id, EtsiTs103097Certificate certificate, EtsiTs103097Certificate certificate, octetstring enc_cert, octetstring enc_cert, octetstring private_key, octetstring private_key, Loading @@ -52,6 +66,7 @@ module ItsGenCert_TypeAndValues { HashedId8 hashid8, HashedId8 hashid8, HashedId8 issuer HashedId8 issuer } // End of type certificate_details } // End of type certificate_details type record of certificate_details certificate_details_list; } // End of module ItsGenCert_TypeAndValues } // End of module ItsGenCert_TypeAndValues Loading
ttcn/AtsGenCert/ItsGenCert_Functions.ttcn +118 −16 Original line number Original line Diff line number Diff line Loading @@ -6,13 +6,38 @@ module ItsGenCert_Functions { import from EtsiTs103097Module language "ASN.1:1997" all; import from EtsiTs103097Module language "ASN.1:1997" all; // LibItsSecurity // LibItsSecurity import from LibItsSecurity_EncdecDeclarations all; import from LibItsSecurity_TypesAndValues all; import from LibItsSecurity_Templates all; import from LibItsSecurity_Templates all; import from LibItsSecurity_Functions all; import from LibItsSecurity_Pixits all; // AtsGenCert // AtsGenCert import from ItsGenCert_TypeAndValues all; import from ItsGenCert_TypeAndValues all; import from ItsGenCert_Templates all; import from ItsGenCert_Templates all; import from ItsGenCert_Pics all; import from ItsGenCert_Pics all; function f_generate_signing_keys( in certificate_params p_certificate_params, inout certificate_details p_certificate_details ) return integer { if (p_certificate_params.curve == e_nist_p256) { f_generate_key_pair_nistp256(p_certificate_details.private_key, p_certificate_details.public_key_x, p_certificate_details.public_key_y); } else if (p_certificate_params.curve == e_brainpool_p256) { f_generate_key_pair_brainpoolp256(p_certificate_details.private_key, p_certificate_details.public_key_x, p_certificate_details.public_key_y); } else if (p_certificate_params.curve == e_brainpool_p256) { f_generate_key_pair_brainpoolp384(p_certificate_details.private_key, p_certificate_details.public_key_x, p_certificate_details.public_key_y); } else { log("f_generate_signing_keys: Unsupported curve"); return -1; } log("f_generate_signing_keys: p_certificate_details.certificate = ", p_certificate_details.certificate); return 0; } // End of function f_generate_signing_keys function f_fill_certificate( function f_fill_certificate( in certificate_params p_certificate_params, in certificate_params p_certificate_params, inout certificate_details p_certificate_details inout certificate_details p_certificate_details Loading @@ -36,32 +61,109 @@ module ItsGenCert_Functions { p_certificate_details.certificate.toBeSigned.certIssuePermissions := { valueof(m_psidGroupPermissions(m_subjectPermissions_all)) }; p_certificate_details.certificate.toBeSigned.certIssuePermissions := { valueof(m_psidGroupPermissions(m_subjectPermissions_all)) }; } else { } else { // TODO // TODO log("f_fill_certificate: To be done"); return -1; } } log("p_certificate_details.certificate = ", p_certificate_details.certificate); log("f_fill_certificate: p_certificate_details.certificate = ", p_certificate_details.certificate); return 0; return 0; } // End of function f_fill_certificate } // End of function f_fill_certificate function f_finalyse_certificate( function f_generate_certificate( in certificate_params p_certificate_params, in certificate_params p_certificate_params, inout certificate_details p_certificate_details inout certificate_details p_certificate_details ) return integer { ) return integer { var bitstring v_enc_msg; var octetstring v_signature; // Encode it ==> Get octetstring v_enc_msg := encvalue(p_certificate_details.certificate.toBeSigned); // Sign the certificate using ECDSA/SHA-256 (NIST p-256) if (p_certificate_params.curve == e_nist_p256) { v_signature := f_signWithEcdsaNistp256WithSha256(bit2oct(v_enc_msg), p_certificate_details.private_key); p_certificate_details.certificate.signature_ := valueof( m_signature_ecdsaNistP256( m_ecdsaP256Signature( m_eccP256CurvePoint_x_only( substr(v_signature, 0, 32) ), substr(v_signature, 32, 32) ) )); } else if (p_certificate_params.curve == e_brainpool_p256) { v_signature := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_enc_msg), p_certificate_details.private_key); p_certificate_details.certificate.signature_ := valueof( m_signature_ecdsaBrainpoolP256r1( m_ecdsaP256Signature( m_eccP256CurvePoint_x_only( substr(v_signature, 0, 32) ), substr(v_signature, 32, 32) ) )); } else if (p_certificate_params.curve == e_brainpool_p256) { v_signature := f_signWithEcdsaBrainpoolp384WithSha384(bit2oct(v_enc_msg), p_certificate_details.private_key); p_certificate_details.certificate.signature_ := valueof(m_signature_ecdsaBrainpoolP384r1( m_ecdsaP384Signature( m_eccP384CurvePoint_x_only( substr(v_signature, 0, 48) ), substr(v_signature, 48, 48) ) )); } else { log("f_generate_certificate: Unsupported curve"); return -1; return -1; } // End of function f_finalyse_certificate } log("f_generate_certificate: p_certificate_details = ", p_certificate_details); function f_get_certificate_params( in charstring p_certificate_id, out certificate_params p_certificate_params ) return integer { for (var integer v_counter := 0; v_counter < lengthof(PICS_CERTFICATES); v_counter := v_counter + 1) { if (PICS_CERTFICATES[v_counter].certificate_id == p_certificate_id) { p_certificate_params := PICS_CERTFICATES[v_counter]; return 0; return 0; } // End of function f_generate_certificate function f_finalyse_certificate( in certificate_params p_certificate_params, in certificate_details_list p_certificate_details_list, inout certificate_details p_certificate_details ) return integer { // Set the issuer if (p_certificate_params.certificate_id == p_certificate_params.signed_by) { // Root certificate // Nothing to do, isuuer is already set to self } else { // Other certificate // Find the issuer in the list var integer v_counter; for (v_counter := 0; v_counter < lengthof(p_certificate_details_list); v_counter := v_counter + 1) { if (p_certificate_details_list[v_counter].certificate_id == p_certificate_params.signed_by) { p_certificate_details.issuer := p_certificate_details_list[v_counter].hashid8; if (p_certificate_params.hash_algorithm == sha256) { p_certificate_details.certificate.issuer.sha256AndDigest := p_certificate_details_list[v_counter].hashid8; } else if (p_certificate_params.hash_algorithm == sha384) { p_certificate_details.certificate.issuer.sha384AndDigest := p_certificate_details_list[v_counter].hashid8; } else { log("f_finalyse_certificate: Unsupported hash algorithm"); return -1; } } } } // End of 'for' statement } // End of 'for' statement if (v_counter == lengthof(p_certificate_details_list)) { log("f_finalyse_certificate: issuer not found"); return -1; return -1; } // End of function f_get_certificate_params } } // Encode the certificate p_certificate_details.enc_cert := bit2oct(encvalue(p_certificate_details.certificate)); // Calculate the HashedId8 if (p_certificate_params.hash_algorithm == sha256) { p_certificate_details.hashid8 := f_HashedId8FromSha256(f_hashWithSha256(p_certificate_details.enc_cert)); } else { p_certificate_details.hashid8 := f_HashedId8FromSha384(f_hashWithSha384(p_certificate_details.enc_cert)); } log("f_finalyse_certificate: p_certificate_details = ", p_certificate_details); return 0; } // End of function f_finalyse_certificate } // End of module ItsGenCert_Functions } // End of module ItsGenCert_Functions
ttcn/AtsGenCert/ItsGencert_TestCases.ttcn→ttcn/AtsGenCert/ItsGenCert_TestCases.ttcn +27 −11 Original line number Original line Diff line number Diff line Loading @@ -28,32 +28,48 @@ module ItsGencert_TestCases { import from ItsGenCert_Pics all; import from ItsGenCert_Pics all; testcase TC_GEN_CERT_BV() runs on TCType system TCType { testcase TC_GEN_CERT_BV() runs on TCType system TCType { var certificate_details_list v_certificate_details_list; var integer v_idx := 0; for (var integer v_counter := 0; v_counter < lengthof(PICS_CERTFICATES); v_counter := v_counter + 1) { for (var integer v_counter := 0; v_counter < lengthof(PICS_CERTFICATES); v_counter := v_counter + 1) { var certificate_details v_details; var certificate_details v_details := {}; var template (value) EtsiTs103097Certificate v_certificate; var template (value) EtsiTs103097Certificate v_certificate; var certificate_params v_certificate_params := PICS_CERTFICATES[v_counter]; var certificate_params v_certificate_params := PICS_CERTFICATES[v_counter]; // Setup v_certificate_details_list[v_idx] := v_details; v_details.certificate_id := v_certificate_params.certificate_id; log("v_certificate_details_list[", v_idx, "] = ", v_certificate_details_list[v_idx]); // Generate Private/Public keys for the certificate // Generate Private/Public keys for the certificate if (v_certificate_params.curve == e_nist_p256) { if (f_generate_signing_keys(v_certificate_params, v_details) == -1) { f_generate_key_pair_nistp256(v_details.private_key, v_details.public_key_x, v_details.public_key_y); } else if (v_certificate_params.curve == e_brainpool_p256) { f_generate_key_pair_brainpoolp256(v_details.private_key, v_details.public_key_x, v_details.public_key_y); } else if (v_certificate_params.curve == e_brainpool_p256) { f_generate_key_pair_brainpoolp384(v_details.private_key, v_details.public_key_x, v_details.public_key_y); } else { setverdict(fail, "Unsupported curve"); setverdict(fail, "Unsupported curve"); stop; stop; } } // Build the certificate templates // Build the certificate templates f_fill_certificate(v_certificate_params, v_details); if (f_fill_certificate(v_certificate_params, v_details) == -1) { setverdict(fail, "Failed to build the certificate templates"); stop; } // Generate the certificate if (f_generate_certificate(v_certificate_params, v_details) == -1) { setverdict(fail, "Failed to generate the certificate"); stop; } v_certificate_details_list[v_idx] := v_details; if (f_finalyse_certificate(v_certificate_params, v_certificate_details_list, v_details) == -1) { setverdict(fail, "Failed to finalyse the certificate"); stop; } f_finalyse_certificate(v_certificate_params, v_details); log("v_certificate_details_list[", v_idx, "] = ", v_certificate_details_list[v_idx]); v_idx := v_idx + 1; } // End of 'for' statement } // End of 'for' statement setverdict(pass); setverdict(pass); } // End of testcase TC_SEC_ITSS_SND_MSG_01_BV } // End of testcase TC_GEN_CERT_BV control { control { execute(TC_GEN_CERT_BV()); execute(TC_GEN_CERT_BV()); Loading
ttcn/AtsGenCert/ItsGenCert_TypeAndValues.ttcn +24 −9 Original line number Original line Diff line number Diff line Loading @@ -21,6 +21,19 @@ module ItsGenCert_TypeAndValues { * @desc One year duration * @desc One year duration */ */ const Duration c_one_year := { years := 1 }; const Duration c_one_year := { years := 1 }; /** * @desc CA application permissions */ const PsidSsp c_appPermissions_cam := { psid := 36, ssp := { bitmapSsp := '830001'O } }; /** * @desc DENM application permissions */ const PsidSsp c_appPermissions_denm := { psid := 37, ssp := { bitmapSsp := '830001'O } }; /** * @desc GeoNetworking application permissions */ const PsidSsp c_appPermissions_mgmt := { psid := 141, ssp := { bitmapSsp := '830001'O } }; // TODO Add MAPEM/SPATEM/POI/IS /** /** * @desc This record contains, for each certificate, the parameters to generate it * @desc This record contains, for each certificate, the parameters to generate it Loading @@ -44,6 +57,7 @@ module ItsGenCert_TypeAndValues { } // End of type Curve } // End of type Curve type record certificate_details { type record certificate_details { charstring certificate_id, EtsiTs103097Certificate certificate, EtsiTs103097Certificate certificate, octetstring enc_cert, octetstring enc_cert, octetstring private_key, octetstring private_key, Loading @@ -52,6 +66,7 @@ module ItsGenCert_TypeAndValues { HashedId8 hashid8, HashedId8 hashid8, HashedId8 issuer HashedId8 issuer } // End of type certificate_details } // End of type certificate_details type record of certificate_details certificate_details_list; } // End of module ItsGenCert_TypeAndValues } // End of module ItsGenCert_TypeAndValues
