/* * @author * * @version * 1.0 * @desc * * @remark * * @see * */ module TestCodec_Certificates { // LibCommon import from LibCommon_BasicTypesAndValues all; import from LibCommon_DataStrings all; // LibIts import from IEEE1609dot2BaseTypes language "ASN.1:1997" all; import from IEEE1609dot2 language "ASN.1:1997" all; import from EtsiTs103097Module language "ASN.1:1997" all; // LibItsSecurity import from LibItsSecurity_EncdecDeclarations all; //import from LibItsSecurity_Templates all; //import from LibItsSecurity_Pixits all; // TestCodec import from TestCodec_TestAndSystem all; template (omit) EtsiTs103097Certificate m_etsiTs103097Certificate( in template (value) IssuerIdentifier p_issuer, in template (value) ToBeSignedCertificate p_toBeSigned, in template (omit) Signature p_signature_ := omit ) := { version := 3, type_ := explicit, issuer := p_issuer, toBeSigned := p_toBeSigned, signature_ := p_signature_ } // End of template m_etsiTs103097Certificate template (value) IssuerIdentifier m_issuerIdentifier_self( in template (value) HashAlgorithm p_self ) := { self_ := p_self } // End of template m_issuerIdentifier_self template (value) IssuerIdentifier m_issuerIdentifier_sha256AndDigest( in template (value) HashedId8 p_sha256AndDigest ) := { sha256AndDigest := p_sha256AndDigest } // End of template m_issuerIdentifier_sha256AndDigest template (value) IssuerIdentifier m_issuerIdentifier_sha384AndDigest( in template (value) HashedId8 p_sha384AndDigest ) := { sha384AndDigest := p_sha384AndDigest } // End of template m_issuerIdentifier_sha384AndDigest template (omit) ToBeSignedCertificate m_toBeSignedCertificate( in template (value) CertificateId p_id, in template (value) HashedId3 p_cracaId, in template (value) CrlSeries p_crlSeries, in template (value) SequenceOfPsidSsp p_appPermissions, in template (value) SequenceOfPsidGroupPermissions p_certIssuePermissions, in template (value) VerificationKeyIndicator p_verifyKeyIndicator, in template (omit) SequenceOfPsidGroupPermissions p_certRequestPermissions := omit, in template (omit) ValidityPeriod p_validityPeriod := omit, in template (omit) GeographicRegion p_region := omit, in template (omit) SubjectAssurance p_assuranceLevel := omit, in template (omit) PublicEncryptionKey p_encryptionKey := omit ) := { id := p_id, cracaId := p_cracaId, crlSeries := p_crlSeries, validityPeriod := p_validityPeriod, region := p_region, assuranceLevel := p_assuranceLevel, appPermissions := p_appPermissions, certIssuePermissions := p_certIssuePermissions, certRequestPermissions := p_certRequestPermissions, canRequestRollover := omit, encryptionKey := p_encryptionKey, verifyKeyIndicator := p_verifyKeyIndicator } // End of template m_toBeSignedCertificate template (value) ValidityPeriod m_validity_period( in Time32 p_start_, in Duration p_duration ) := { start_ := p_start_, duration := p_duration } // End of template m_validity_period template (value) GeographicRegion m_geographicRegion_identifiedRegion( in template (value) SequenceOfIdentifiedRegion p_identifiedRegion ) := { identifiedRegion := p_identifiedRegion } template (value) IdentifiedRegion m_identifiedRegion( in template (value) CountryOnly p_countryOnly ) := { countryOnly := p_countryOnly } template (omit) PsidSsp m_appPermissions( in template (value) Psid p_psid, in template (omit) ServiceSpecificPermissions p_ssp := omit ) := { psid := p_psid, ssp := p_ssp } // End of template m_appPermissions template (value) PsidSspRange m_psidSspRange( in Psid p_psid, in template (value) SspRange p_sspRange := m_SspRange_all ) := { psid := p_psid, sspRange := p_sspRange } // End of template m_psidSspRange template (value) SspRange m_SspRange_all := { all_ := NULL } // End of template m_SspRange_all template (value) SspRange m_SspRange_opaque( in template (value) SequenceOfOctetString p_opaque ) := { opaque := p_opaque } // End of template m_SspRange_opaque template (value) SspRange m_SspRange_bitmapSspRange( in template (value) BitmapSspRange p_bitmapSspRange ) := { bitmapSspRange := p_bitmapSspRange } // End of template m_SspRange_bitmapSspRange template (value) PsidGroupPermissions m_psidGroupPermissions( in template (value) SubjectPermissions p_subjectPermissions, in integer p_minChainLength := 1, in integer p_chainLengthRange := 0, in EndEntityType p_eeType := oct2bit('00'O) ) := { subjectPermissions := p_subjectPermissions, minChainLength := p_minChainLength, chainLengthRange := p_chainLengthRange, eeType := p_eeType } // End of template m_psidGroupPermissions template (value) SubjectPermissions m_subjectPermissions_explicit( in SequenceOfPsidSspRange p_certIssuePermissions ) := { explicit := p_certIssuePermissions } // End of template m_subjectPermissions_explicit template (value) SubjectPermissions m_subjectPermissions_all := { all_ := NULL } // End of template m_subjectPermissions_all template (value) VerificationKeyIndicator m_verificationKeyIndicator_verificationKey( in template (value) PublicVerificationKey p_verificationKey ) := { verificationKey := p_verificationKey } // End of template m_verificationKeyIndicator_verificationKey template (value) VerificationKeyIndicator m_verificationKeyIndicator_reconstructionValue( in template (value) EccP256CurvePoint p_reconstructionValue ) := { reconstructionValue := p_reconstructionValue } // End of template m_verificationKeyIndicator_reconstructionValue template (value) PublicVerificationKey m_publicVerificationKey_ecdsaNistP256( in template (value) EccP256CurvePoint p_ecdsaNistP256 ) := { ecdsaNistP256 := p_ecdsaNistP256 } // End of template m_publicVerificationKey_ecdsaNistP256 template (value) EccP256CurvePoint m_eccP256CurvePoint_compressed_y_0( in Oct32 p_compressed_y_0 ) := { compressed_y_0 := p_compressed_y_0 } // End of template m_eccP256CurvePoint_compressed_y_0 template (value) EccP256CurvePoint m_eccP256CurvePoint_compressed_x_only( in Oct32 p_x_only ) := { x_only := p_x_only } // End of template m_eccP256CurvePoint_compressed_x_only template (value) Signature m_signature_ecdsaNistP256( in template (value) EcdsaP256Signature p_ecdsaNistP256Signature ) := { ecdsaNistP256Signature := p_ecdsaNistP256Signature } template (value) EcdsaP256Signature m_ecdsaNistP256Signature( in template (value) EccP256CurvePoint p_rSig, in template (value) Oct32 p_sSig ) := { rSig := p_rSig, sSig := p_sSig } template (value) EccP256CurvePoint m_eccP256CurvePoint_compressed_y( in template (value) Oct32 p_y ) := { compressed_y_0 := p_y } template (value) EccP256CurvePoint m_eccP256CurvePoint_x_y( in template (value) octetstring p_x, in template (value) octetstring p_y ) := { uncompressedP256 := { x := p_x, y := p_y } } testcase tc_root_certificate_1() runs on TCType system TCType { var template (value) EtsiTs103097Certificate v_cert; // ETSI TS 103 097 V1.3.1 Clause 6 Bullet 1 var charstring v_certId := "STF528 Root Certificate"; var HashAlgorithm v_self := sha256; // ETSI TS 103 097 V1.3.1 Clause 7.2.3 Root CA certificates Bullet 1 var HashedId3 v_cracaId := '000000'O; // ETSI TS 103 097 V1.3.1 Clause 6 Bullet 2 var CrlSeries v_crlSeries := 0; // ETSI TS 103 097 V1.3.1 Clause 6 Bullet 3 var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs valueof(m_appPermissions(36, { bitmapSsp := '830001'O })), valueof(m_appPermissions(37, { bitmapSsp := '830001'O })) }; var SequenceOfPsidSspRange v_certIssuePermissions := { // ETSI TS 103 097 V1.3.1 Clause 7.2.3 Root CA certificates Bullet 3 valueof(m_psidSspRange(1)) // FIXME What is the content of certIssuePermissions? }; var SequenceOfPsidSspRange v_certRequestPermissions := { // FIXME Could this componet be present? If yes, What is the content of certIssuePermissions? valueof(m_psidSspRange(2)) }; var octetstring v_private_key := ''O; var octetstring v_publicKeyX := ''O; var octetstring v_publicKeyY := ''O; var HashedId8 v_sha256AndDigest; var octetstring v_sig := ''O; var bitstring v_encMsg := ''B; // Generate Private/Public keys f_generate_key_pair(v_private_key, v_publicKeyX, v_publicKeyX); // Store Private key in binary format //f_save_key(v_private_key); // Fill Certificate template with the public key v_cert := m_etsiTs103097Certificate( m_issuerIdentifier_self(v_self), m_toBeSignedCertificate( { name := v_certId }, v_cracaId, v_crlSeries, v_appPermissions, { m_psidGroupPermissions( m_subjectPermissions_explicit( v_certIssuePermissions )) }, m_verificationKeyIndicator_verificationKey( // FIXME Do we use it? If so what is the content? m_publicVerificationKey_ecdsaNistP256( m_eccP256CurvePoint_x_y( v_publicKeyX, v_publicKeyY ))), { m_psidGroupPermissions( m_subjectPermissions_explicit( v_certRequestPermissions )) } ) ); // Encode it ==> Get octetstring log("Encode template ", valueof(v_cert)); v_encMsg := encvalue(v_cert.toBeSigned); // Sign the certificate using ECDSA/SHA-256 (NIST p-256) v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_encMsg), v_private_key); v_cert.signature_ := m_signature_ecdsaNistP256( m_ecdsaNistP256Signature( m_eccP256CurvePoint_x_y( v_publicKeyX, v_publicKeyY ), v_sig ) ); // Final certificate v_encMsg := encvalue(v_cert); setverdict(pass, "Encoding passed."); } // End of testcase tc_root_certificate_1 testcase tc_certificate_1() runs on TCType system TCType { var template (value) EtsiTs103097Certificate v_cert; var charstring v_certId := "vehicle-test.example.com"; var HashAlgorithm v_self := sha256; var HashedId3 v_cracaId := '5E6F5B'O; var CrlSeries v_crlSeries := 2; var octetstring v_private_key := ''O; var octetstring v_publicKeyX := ''O; var octetstring v_publicKeyY := ''O; var HashedId8 v_sha256AndDigest; var octetstring v_sig := ''O; var bitstring v_encMsg := ''B; // Generate Private/Public keys f_generate_key_pair(v_private_key, v_publicKeyX, v_publicKeyX); // Store Private key in binary format //f_save_key(v_private_key); // Fill Certificate template with the public key v_cert := m_etsiTs103097Certificate( m_issuerIdentifier_sha256AndDigest('AF232618BE5E6F55'O), m_toBeSignedCertificate( { name := v_certId }, v_cracaId, v_crlSeries, { valueof(m_appPermissions(35, { bitmapSsp := '830001'O })) }, { m_psidGroupPermissions( m_subjectPermissions_all, 2, 0, oct2bit('C0'O) ), m_psidGroupPermissions( m_subjectPermissions_explicit( { valueof(m_psidSspRange(35)), valueof(m_psidSspRange(256)) } )) }, m_verificationKeyIndicator_verificationKey( // FIXME Do we use it? If so what is the content? m_publicVerificationKey_ecdsaNistP256( m_eccP256CurvePoint_compressed_y_0( '08C3C070B040C040108033070D0501CE0C0A0806017B00F030D203EA04BE0903'O ))), -, m_validity_period( 17469212, { years := 10 } ), m_geographicRegion_identifiedRegion( { m_identifiedRegion(12), m_identifiedRegion(34) } ) ), m_signature_ecdsaNistP256( m_ecdsaNistP256Signature( m_eccP256CurvePoint_compressed_x_only( '08B2030104020A0D010C0105C0F80BB1460239348D17405C1A845151D4061200'O ), '2617CF4E6B25097F03F502AD0C6F2F125974700D31A60FD1EF12040E4D8231AB'O ) ) ); v_encMsg := encvalue(v_cert); setverdict(pass, "Encoding passed."); } // End of testcase tc_certificate_1 group helpersFunctions { group signing { /** * @desc Produces a 256-bit (32-byte) hash value * @param p_toBeHashedData Data to be used to calculate the hash value * @return The hash value */ external function fx_hashWithSha256(in octetstring p_toBeHashedData) return Oct32; /** * @desc Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signaturee * @param p_toBeSignedSecuredMessage The data to be signed * @param p_privateKey The private key * @return The signature value */ external function fx_signWithEcdsaNistp256WithSha256(in octetstring p_toBeSignedSecuredMessage, in octetstring/*UInt64*/ p_privateKey) return octetstring; /** * @desc Verify the signature of the specified data * @param p_toBeVerifiedData The data to be verified * @param p_signature The signature * @param p_ecdsaNistp256PublicKeyX The public key (x coordinate) * @param p_ecdsaNistp256PublicKeyY The public key (y coordinate) * @return true on success, false otherwise */ external function fx_verifyWithEcdsaNistp256WithSha256(in octetstring p_toBeVerifiedData, in octetstring p_signature, in octetstring p_ecdsaNistp256PublicKeyX, in octetstring p_ecdsaNistp256PublicKeyY) return boolean; /** * @desc Produce a new public/private key pair based on Elliptic Curve Digital Signature Algorithm (ECDSA) algorithm. * This function should not be used by the ATS * @param p_privateKey The new private key value * @param p_publicKeyX The new public key value (x coordinate) * @param p_publicKeyX The new public key value (y coordinate) * @return true on success, false otherwise */ external function fx_generateKeyPair(out octetstring/*UInt64*/ p_privateKey, out octetstring p_publicKeyX, out octetstring p_publicKeyY) return boolean; } // End of group signing /** * @desc Produces a 256-bit (32-byte) hash value * @param p_toBeHashedData Data to be used to calculate the hash value * @return The hash value */ function f_hashWithSha256( in octetstring p_toBeHashedData ) return Oct32 { return fx_hashWithSha256(p_toBeHashedData); } // End of function f_hashWithSha256 /** * @desc Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signaturee * @param p_toBeSignedSecuredMessage The data to be signed * @return The signature value */ function f_signWithEcdsaNistp256WithSha256( in octetstring p_toBeSignedSecuredMessage, in Oct32 p_privateKey ) return octetstring { return fx_signWithEcdsaNistp256WithSha256( p_toBeSignedSecuredMessage, p_privateKey ); } // End of function f_signWithEcdsaNistp256WithSha256 /** * @desc Compute the HashedId8 value from the hash value * @param p_hash The hash value * @return The HashedId8 value * @verdict */ function f_HashedId8FromSha256( in Oct32 p_hash ) return HashedId8 { return substr(p_hash, lengthof(p_hash) - 8, 8); } // End of function f_HashedId8FromSha256 /** * @desc Compute the HashedId3 value from the HashedId8 value * @param p_hashp_hashedId8 The HashedId8 value * @return The HashedId3 value * @verdict Unchanged */ function f_HashedId3FromHashedId8( in HashedId8 p_hashedId8 ) return HashedId3 { return substr(p_hashedId8, lengthof(p_hashedId8) - 3, 3); } // End of function f_HashedId3FromHashedId8 /** * @desc Verify the signature of the specified data * @param p_toBeVerifiedData The data to be verified * @param p_signature The signature * @param p_ecdsaNistp256PublicKeyX The public key (x coordinate) * @param p_ecdsaNistp256PublicKeyY The public key (y coordinate) * @return true on success, false otherwise */ function f_verifyWithEcdsaNistp256WithSha256( in octetstring p_toBeVerifiedData, in octetstring p_signature, in octetstring p_ecdsaNistp256PublicKeyX, in octetstring p_ecdsaNistp256PublicKeyY ) return boolean { // log("f_verifyWithEcdsaNistp256WithSha256: toBeVerifiedData", p_toBeVerifiedData); // log("f_verifyWithEcdsaNistp256WithSha256: toBeVerifiedData length", lengthof(p_toBeVerifiedData)); // log("f_verifyWithEcdsaNistp256WithSha256: signature", p_signature); // log("f_verifyWithEcdsaNistp256WithSha256: ecdsaNistp256PublicKeyX", p_ecdsaNistp256PublicKeyX); // log("f_verifyWithEcdsaNistp256WithSha256: ecdsaNistp256PublicKeyY", p_ecdsaNistp256PublicKeyY); return fx_verifyWithEcdsaNistp256WithSha256( p_toBeVerifiedData, p_signature, p_ecdsaNistp256PublicKeyX, p_ecdsaNistp256PublicKeyY); } // End of function f_verifyWithEcdsaNistp256WithSha256 /** * @desc Produce a new public/private key pair based on Elliptic Curve Digital Signature Algorithm (ECDSA) algorithm. * This function should not be used by the ATS * @param p_privateKey The new private key value * @param p_publicKeyX The new public key value (x coordinate) * @param p_publicKeyX The new public key value (y coordinate) * @return true on success, false otherwise */ function f_generate_key_pair( out octetstring p_privateKey, out octetstring p_publicKeyX, out octetstring p_publicKeyY ) return boolean { return fx_generateKeyPair(p_privateKey, p_publicKeyX, p_publicKeyY); } } control { execute(tc_root_certificate_1()); } } // End of module TestCodec_Certificates