/* * @author * * @version * 1.0 * @desc * * @remark * * @see * */ module TestCodec_Pki { // Libcommon import from LibCommon_Time all; import from LibCommon_VerdictControl all; import from LibCommon_Sync all; import from LibCommon_BasicTypesAndValues all; import from LibCommon_DataStrings all; // LibIts import from IEEE1609dot2BaseTypes language "ASN.1:1997" all; import from IEEE1609dot2 language "ASN.1:1997" all; import from EtsiTs102941BaseTypes language "ASN.1:1997" all; import from EtsiTs102941TypesEnrolment language "ASN.1:1997" all; import from EtsiTs102941MessagesItss language "ASN.1:1997" all; import from EtsiTs103097Module language "ASN.1:1997" all; // LibItsCommon import from LibItsCommon_TypesAndValues all; import from LibItsCommon_TypesAndValues all; import from LibItsCommon_ASN1_NamedNumbers all; // LibItsSecurity import from LibItsSecurity_TypesAndValues all; import from LibItsSecurity_Templates all; import from LibItsSecurity_Functions all; import from LibItsSecurity_Pics all; // LibItsHttp import from LibItsHttp_TypesAndValues all; import from LibItsHttp_Templates all; import from LibItsHttp_BinaryTemplates all; import from LibItsHttp_Functions all; import from LibItsHttp_TestSystem all; // LibItsPki import from LibItsPki_EncdecDeclarations all; import from LibItsPki_Templates all; import from LibItsPki_Functions all; import from LibItsPki_TestSystem all; // TestCodec import from TestCodec_TestAndSystem all; testcase tc_inner_ec_request_1() runs on TCType system TCType { var integer v_res := 0; var EtsiTs103097Certificate v_certificate; var InnerEcRequest v_innerEcRequest; var InnerEcRequest v_exp_innerEcReq; var bitstring v_exp_enc_msg := oct2bit('0004544F444F01008083A72B88B6A1ADEEBA7FC18772952F053A81BD18635EE5AB08ED1376C107B5413968831874E3808466A8C0'O); var bitstring v_enc_msg := oct2bit('8003008100288300000000001874e3808466a8c001018080010e80012482080301ffff0301ffff800125820a0401ffffff0401ffffff800189820a0401ffffff0401ffffff80018a820a0401ffffff0401ffffff80018b820a0401ffffff0401ffffff80018c820a0401ffffff0401ffffff00018d0001600001610001620001630001640001650001660102808083a72b88b6a1adeeba7fc18772952f053a81bd18635ee5ab08ed1376c107b541398080c0290e397381bf7502a0e6a6b271d8e2f18fc8311f591f0528a673ee5169f670e224ac455b5e67eb251cc1467f6ffc6840987c8c8eb9245c22be73322b64ca54'O); // CERT_IUT_A_RCA.oer var Oct32 v_private_key := 'd79ef1d533b0385463a5d15708e94ff4f0d281cccbef504acd3afbb82dc0499f'O; // CERT_IUT_A_RCA.vkey // Decode certificate v_res := decvalue(v_enc_msg, v_certificate); if (v_res == 0) { log("Decoded message: ", v_certificate); setverdict(pass, "Decoded certificate succeed"); } else { setverdict(fail, "Decoding certificate failed"); } // Create InnerEcRequest request v_innerEcRequest := valueof(m_innerEcRequest( "TODO", m_publicKeys( v_certificate.toBeSigned.verifyKeyIndicator.verificationKey, v_certificate.toBeSigned.encryptionKey ), m_certificateSubjectAttributes( v_certificate.toBeSigned.appPermissions, v_certificate.toBeSigned.validityPeriod, v_certificate.toBeSigned.region, v_certificate.toBeSigned.assuranceLevel ))); // Encode InnerEcRequest template log("Encode template ", v_innerEcRequest); v_enc_msg := encvalue(v_innerEcRequest); log("Encoded message: ", bit2oct(v_enc_msg)); // Check result if (not isbound(v_enc_msg)) { setverdict(fail, "Encoding InnerEcRequest failed!"); stop; } if (not match(v_enc_msg, v_exp_enc_msg)) { log("Expected message: ", bit2oct(valueof(v_exp_enc_msg))); setverdict(fail, "Encoding InnerEcRequest failed, not the expected result!"); stop; } v_res := decvalue(v_exp_enc_msg, v_exp_innerEcReq); if (v_res == 0) { log("Decoded message: ", v_certificate); setverdict(pass, "Decoded succeed"); if (not match(v_innerEcRequest, v_exp_innerEcReq)) { log("Expected message: ", bit2oct(valueof(v_exp_enc_msg))); setverdict(fail, "Encoding failed, not the expected result!"); stop; } } else { setverdict(fail, "Decoding failed"); } setverdict(pass, "Encoding passed."); } // End of testcase tc_inner_ec_request_1 testcase tc_inner_ec_request_2() runs on TCType system TCType { var Oct32 v_private_key; var Oct32 v_publicKeyX; var Oct32 v_publicKeyY; var Oct32 v_publicKeyCompressed; var integer v_compressedMode; var InnerEcRequest v_inner_ec_request; var Ieee1609Dot2Data v_inner_ec_request_signed_for_pop; var bitstring v_inner_ec_request_signed_for_pop_msg; var EtsiTs102941Data v_dec_inner_ec_request_signed_for_pop; var InnerEcRequest v_dec_inner_ec_request; var bitstring v_dec_inner_ec_request_msg; var bitstring v_tbs; var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var Ieee1609Dot2Data v_dec_ieee1609dot2_signed_and_encrypted_data; var Ieee1609Dot2Data v_dec_ieee1609dot2_signed_data; var bitstring v_ieee1609dot2_signed_and_encrypted_data_msg; var integer v_result; if (not(PICS_SEC_FIXED_KEYS)) { setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true"); stop; } // Generate InnerEcRequest if (f_generate_inner_ec_request(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode, v_inner_ec_request) == false) { setverdict(fail, "Failed to generate InnerEcRequest message"); stop; } // Generate InnerEcRequestSignedForPoP if (f_generate_inner_ec_request_signed_for_pop(v_private_key, v_inner_ec_request, v_inner_ec_request_signed_for_pop) == false) { setverdict(fail, "Failed to setup InnerEcRequestSignedForPoP message"); stop; } // Secure InnerEcRequestSignedForPoP message v_inner_ec_request_signed_for_pop_msg := encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop)); if (f_build_pki_secured_message(v_private_key, v_publicKeyCompressed, v_compressedMode, bit2oct(v_inner_ec_request_signed_for_pop_msg), v_ieee1609dot2_signed_and_encrypted_data) == false) { setverdict(fail, "Failed to secure InnerEcRequest message"); stop; } // Encode it log("To be encoded message: ", v_ieee1609dot2_signed_and_encrypted_data); v_ieee1609dot2_signed_and_encrypted_data_msg := encvalue(v_ieee1609dot2_signed_and_encrypted_data); log("Encoded message: ", v_ieee1609dot2_signed_and_encrypted_data_msg); setverdict(pass, "Encoded succeed"); // Decode encrypted InnerEcRequest v_result := decvalue(v_ieee1609dot2_signed_and_encrypted_data_msg, v_dec_ieee1609dot2_signed_and_encrypted_data); if (v_result == 0) { log("Decoded message: ", v_dec_ieee1609dot2_signed_and_encrypted_data); setverdict(pass, "Decoded succeed"); if (match(v_dec_ieee1609dot2_signed_and_encrypted_data, v_ieee1609dot2_signed_and_encrypted_data)) { setverdict(pass, "Decoded match succeed"); } else { setverdict(fail, "Decoded match failed"); stop; } } else { setverdict(fail, "Decoding failed"); stop; } // Decrypt InnerEcRequest f_decrypt(v_private_key, v_dec_ieee1609dot2_signed_and_encrypted_data, v_dec_ieee1609dot2_signed_data); log("v_dec_ieee1609dot2_signed_data= ", v_dec_ieee1609dot2_signed_data); // Verify signature v_tbs := encvalue(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData); if (fx_verifyWithEcdsaNistp256WithSha256( bit2oct(v_tbs), int2oct(0, 32), v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig, v_publicKeyCompressed, v_compressedMode) == true) { setverdict(pass, "Check signature succeed"); } else { setverdict(fail, "Check signature failed"); stop; } // Extract InnerEcRequestSignedForPop v_dec_inner_ec_request_msg := oct2bit(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData); v_result := decvalue(v_dec_inner_ec_request_msg, v_dec_inner_ec_request_signed_for_pop); if (v_result == 0) { log("Decoded InnerEcRequestSignedForPop: ", v_dec_inner_ec_request_signed_for_pop); setverdict(pass, "Decoded succeed"); } else { setverdict(fail, "Decoding failed"); stop; } // Extract InnerEcRequest log("v_dec_inner_ec_request_signed_for_pop.content.enrolmentRequest= ", v_dec_inner_ec_request_signed_for_pop.content.enrolmentRequest); v_dec_inner_ec_request_msg := oct2bit(v_dec_inner_ec_request_signed_for_pop.content.enrolmentRequest.content.signedData.tbsData.payload.data.content.unsecuredData); v_result := decvalue(v_dec_inner_ec_request_msg, v_dec_inner_ec_request); if (v_result == 0) { log("Decode InnerEcRequest: ", v_dec_inner_ec_request); setverdict(pass, "Decoded succeed"); if (match(v_dec_inner_ec_request, v_inner_ec_request)) { setverdict(pass, "Decoded match succeed"); } else { setverdict(fail, "Decoded match failed"); stop; } } else { setverdict(fail, "Decoding failed"); stop; } } // End of testcase tc_inner_ec_request_2 testcase tc_inner_ec_request_3() runs on ItsPki system ItsPkiSystem { // Local variables var Oct32 v_private_key; var Oct32 v_publicKeyX; var Oct32 v_publicKeyY; var Oct32 v_publicKeyCompressed; var integer v_compressedMode; var InnerEcRequest v_inner_ec_request; if (not(PICS_SEC_FIXED_KEYS)) { setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true"); stop; } map(self:pkiPort, system:pkiPort); // Create PKI InnerEcRequest request if (f_generate_inner_ec_request(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode, v_inner_ec_request) == false) { setverdict(fail, "Failed to setup InnerEcRequest message"); stop; } // Send message pkiPort.send(v_inner_ec_request); tc_ac.start; alt { [] pkiPort.receive(mw_innerEcResponse_ok) { tc_ac.stop; setverdict(pass, "Encoding passed."); } [] tc_ac.timeout { setverdict(inconc, "No response"); } } // End of 'alt' statement unmap(self:pkiPort, system:pkiPort); } // End of testcase tc_inner_ec_request_3 testcase tc_inner_ec_response_1() runs on TCType system TCType { var Oct32 v_private_key; var Oct32 v_publicKeyX; var Oct32 v_publicKeyY; var Oct32 v_publicKeyCompressed; var integer v_compressedMode; var EccP256CurvePoint v_eccPoint; var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs valueof(m_appPermissions(36, { bitmapSsp := '830001'O })), valueof(m_appPermissions(37, { bitmapSsp := '830001'O })) }; var octetstring v_inner_ec_request := '000E43616E6F6E6963616C4974734964018080827029A9B20D22AE37B1344B7FCC2322C8F1E5ECE09C39CC289E500A9487298B9B0080827029A9B20D22AE37B1344B7FCC2322C8F1E5ECE09C39CC289E500A9487298B9B7C83010A8F1C86000A83010280000C800022C00102800124810403830001800125810403830001'O; var template (value) EtsiTs103097Certificate v_cert; var bitstring v_tbs; var Oct32 v_sig; var bitstring v_enc_msg; var integer v_res := 0; var InnerEcResponse v_innerEcResponse; if (not(PICS_SEC_FIXED_KEYS)) { setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true"); stop; } f_generate_key_pair_nistp256(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode); // Build certificate based on keys if (v_compressedMode == 0) { v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_0(v_publicKeyCompressed)); } else { v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_1(v_publicKeyCompressed)); } v_cert := m_etsiTs103097Certificate( m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(f_hashWithSha256('616263'O))), m_toBeSignedCertificate_at( v_appPermissions, m_verificationKeyIndicator_verificationKey( m_publicVerificationKey_ecdsaNistP256( v_eccPoint )), m_validityPeriod( 17469212, m_duration_years(10) ), m_geographicRegion_identifiedRegion( { m_identifiedRegion_country_only(12), m_identifiedRegion_country_only(34) } ) ) ); // Encode it ==> Get octetstring log("Encode template ", valueof(v_cert.toBeSigned)); v_tbs := encvalue(v_cert.toBeSigned); // Sign the certificate using ECDSA/SHA-256 (NIST p-256) v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_tbs), int2oct(11, 32), v_private_key); v_cert.signature_ := m_signature_ecdsaNistP256( m_ecdsaP256Signature( m_eccP256CurvePoint_x_only( substr(v_sig, 0, 32) ), substr(v_sig, 32, 32) ) ); log("v_cert= ", v_cert); // Create InnerEcResponse message f_generate_inner_ec_response( f_hashWithSha256(v_inner_ec_request), valueof(v_cert), v_innerEcResponse ); // Encode InnerEcResponse template log("Encode template ", v_innerEcResponse); v_enc_msg := encvalue(v_innerEcResponse); log("Encoded message: ", bit2oct(v_enc_msg)); // Check result if (not isbound(v_enc_msg)) { setverdict(fail, "Encoding failed!"); stop; } setverdict(pass, "Encoding passed."); } // End of testcase tc_inner_ec_response_1 testcase tc_inner_ec_response_2() runs on TCType system TCType { var Oct32 v_private_key; var Oct32 v_publicKeyX; var Oct32 v_publicKeyY; var Oct32 v_publicKeyCompressed; var integer v_compressedMode; var EccP256CurvePoint v_eccPoint; var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs valueof(m_appPermissions(36, { bitmapSsp := '830001'O })), valueof(m_appPermissions(37, { bitmapSsp := '830001'O })) }; var octetstring v_inner_ec_request := '000E43616E6F6E6963616C4974734964018080827029A9B20D22AE37B1344B7FCC2322C8F1E5ECE09C39CC289E500A9487298B9B0080827029A9B20D22AE37B1344B7FCC2322C8F1E5ECE09C39CC289E500A9487298B9B7C83010A8F1C86000A83010280000C800022C00102800124810403830001800125810403830001'O; var template (value) EtsiTs103097Certificate v_cert; var bitstring v_tbs; var Oct32 v_sig; var bitstring v_enc_msg; var integer v_res := 0; var InnerEcResponse v_inner_ec_response; var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var bitstring v_ieee1609dot2_signed_and_encrypted_data_msg; var Ieee1609Dot2Data v_dec_ieee1609dot2_signed_and_encrypted_data; var Ieee1609Dot2Data v_dec_ieee1609dot2_signed_data; var bitstring v_dec_inner_ec_response_msg; var EtsiTs102941Data v_dec_inner_ec_response; var integer v_result; if (not(PICS_SEC_FIXED_KEYS)) { setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true"); stop; } f_generate_key_pair_nistp256(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode); // Build certificate based on keys if (v_compressedMode == 0) { v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_0(v_publicKeyCompressed)); } else { v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_1(v_publicKeyCompressed)); } v_cert := m_etsiTs103097Certificate( m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(f_hashWithSha256('616263'O))), m_toBeSignedCertificate_at( v_appPermissions, m_verificationKeyIndicator_verificationKey( m_publicVerificationKey_ecdsaNistP256( v_eccPoint )), m_validityPeriod( 17469212, m_duration_years(10) ), m_geographicRegion_identifiedRegion( { m_identifiedRegion_country_only(12), m_identifiedRegion_country_only(34) } ) ) ); // Encode it ==> Get octetstring log("Encode template ", valueof(v_cert.toBeSigned)); v_tbs := encvalue(v_cert.toBeSigned); // Sign the certificate using ECDSA/SHA-256 (NIST p-256) v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_tbs), int2oct(11, 32), v_private_key); v_cert.signature_ := m_signature_ecdsaNistP256( m_ecdsaP256Signature( m_eccP256CurvePoint_x_only( substr(v_sig, 0, 32) ), substr(v_sig, 32, 32) ) ); log("v_cert= ", v_cert); // Create InnerEcResponse message f_generate_inner_ec_response( f_hashWithSha256(v_inner_ec_request), valueof(v_cert), v_inner_ec_response ); // Build secured PKI message v_enc_msg := encvalue(m_etsiTs102941Data_inner_ec_response(v_inner_ec_response)); if (f_build_pki_secured_message(v_private_key, v_publicKeyCompressed, v_compressedMode, bit2oct(v_enc_msg), v_ieee1609dot2_signed_and_encrypted_data) == false) { setverdict(fail, "Failed to secure InnerEcResponse message"); stop; } // Encode it log("To be encoded message: ", v_ieee1609dot2_signed_and_encrypted_data); v_ieee1609dot2_signed_and_encrypted_data_msg := encvalue(v_ieee1609dot2_signed_and_encrypted_data); log("Encoded message: ", v_ieee1609dot2_signed_and_encrypted_data_msg); setverdict(pass, "Encoded succeed"); // Decode encrypted InnerEcResponse v_result := decvalue(v_ieee1609dot2_signed_and_encrypted_data_msg, v_dec_ieee1609dot2_signed_and_encrypted_data); if (v_result == 0) { log("Decoded message: ", v_dec_ieee1609dot2_signed_and_encrypted_data); setverdict(pass, "Decoded succeed"); if (match(v_dec_ieee1609dot2_signed_and_encrypted_data, v_ieee1609dot2_signed_and_encrypted_data)) { setverdict(pass, "Decoded match succeed"); } else { setverdict(fail, "Decoded match failed"); stop; } } else { setverdict(fail, "Decoding failed"); stop; } // Decrypt InnerEcResponse f_decrypt(v_private_key, v_dec_ieee1609dot2_signed_and_encrypted_data, v_dec_ieee1609dot2_signed_data); log("v_dec_ieee1609dot2_signed_data= ", v_dec_ieee1609dot2_signed_data); // Verify signature v_tbs := encvalue(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData); if (fx_verifyWithEcdsaNistp256WithSha256( bit2oct(v_tbs), int2oct(0, 32), v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig, v_publicKeyCompressed, v_compressedMode) == true) { setverdict(pass, "Check signature succeed"); } else { setverdict(fail, "Check signature failed"); stop; } // Extract InnerEcResponse v_dec_inner_ec_response_msg := oct2bit(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData); v_result := decvalue(v_dec_inner_ec_response_msg, v_dec_inner_ec_response); if (v_result == 0) { log("Decoded InnerEcResponse: ", v_dec_inner_ec_response); setverdict(pass, "Decoded succeed"); if (match(v_dec_inner_ec_response.content.enrolmentResponse, v_inner_ec_response)) { setverdict(pass, "Decoded match succeed"); } else { setverdict(fail, "Decoded match failed"); stop; } } else { setverdict(fail, "Decoding failed"); stop; } } // End of testcase tc_inner_ec_response_2 control { execute(tc_inner_ec_request_1()); execute(tc_inner_ec_request_2()); execute(tc_inner_ec_request_3()); execute(tc_inner_ec_response_1()); execute(tc_inner_ec_response_2()); } } // End of module TestCodec_Pki