/* * @author * * @version * 1.0 * @desc * * @remark * * @see * */ module TestCodec_Pki { // Libcommon import from LibCommon_Time all; import from LibCommon_VerdictControl all; import from LibCommon_Sync all; import from LibCommon_BasicTypesAndValues all; import from LibCommon_DataStrings all; // LibIts import from IEEE1609dot2BaseTypes language "ASN.1:1997" all; import from IEEE1609dot2 language "ASN.1:1997" all; import from EtsiTs102941BaseTypes language "ASN.1:1997" all; import from EtsiTs102941TypesEnrolment language "ASN.1:1997" all; import from EtsiTs102941TypesAuthorization language "ASN.1:1997" all; import from EtsiTs102941TypesAuthorizationValidation language "ASN.1:1997" all; import from EtsiTs102941MessagesCa language "ASN.1:1997" all; import from EtsiTs103097Module language "ASN.1:1997" all; // LibItsCommon import from LibItsCommon_TypesAndValues all; import from LibItsCommon_TypesAndValues all; import from LibItsCommon_ASN1_NamedNumbers all; // LibItsSecurity import from LibItsSecurity_TypesAndValues all; import from LibItsSecurity_Templates all; import from LibItsSecurity_Functions all; import from LibItsSecurity_Pics all; import from LibItsSecurity_Pixits all; // LibItsHttp import from LibItsHttp_TypesAndValues all; import from LibItsHttp_Templates all; import from LibItsHttp_BinaryTemplates all; import from LibItsHttp_Functions all; import from LibItsHttp_TestSystem all; // LibItsPki import from LibItsPki_TypesAndValues all; import from LibItsPki_EncdecDeclarations all; import from LibItsPki_Templates all; import from LibItsPki_Functions all; import from LibItsPki_TestSystem all; // TestCodec import from TestCodec_TestAndSystem all; testcase tc_encode_inner_ec_response_1() runs on TCType system TCType { var EtsiTs102941Data v_data; var bitstring v_response := oct2bit('01810059E6B6C01C2FE2DB06DA5263544D981D02'O); var integer v_result; v_data := valueof(m_etsiTs102941Data_inner_ec_response(m_innerEcResponse_ko('59E6B6C01C2FE2DB06DA5263544D981D'O, badcontenttype))); log("v_data= ", v_data); v_response := encvalue(v_data); setverdict(pass); } testcase tc_decode_inner_ec_response_1() runs on TCType system TCType { var bitstring v_response := oct2bit('01810059E6B6C01C2FE2DB06DA5263544D981D02'O); var EtsiTs102941Data v_data; var integer v_result; v_result := decvalue(v_response, v_data); log("v_data= ", v_data); setverdict(pass); } testcase tc_inner_ec_request_1() runs on TCType system TCType { var integer v_res := 0; var EtsiTs103097Certificate v_certificate; var InnerEcRequest v_innerEcRequest; var InnerEcRequest v_exp_innerEcReq; var bitstring v_exp_enc_msg := oct2bit('0004544F444F01008083A72B88B6A1ADEEBA7FC18772952F053A81BD18635EE5AB08ED1376C107B5413968831874E3808466A8C0'O); var bitstring v_enc_msg := oct2bit('8003008100288300000000001874e3808466a8c001018080010e80012482080301ffff0301ffff800125820a0401ffffff0401ffffff800189820a0401ffffff0401ffffff80018a820a0401ffffff0401ffffff80018b820a0401ffffff0401ffffff80018c820a0401ffffff0401ffffff00018d0001600001610001620001630001640001650001660102808083a72b88b6a1adeeba7fc18772952f053a81bd18635ee5ab08ed1376c107b541398080c0290e397381bf7502a0e6a6b271d8e2f18fc8311f591f0528a673ee5169f670e224ac455b5e67eb251cc1467f6ffc6840987c8c8eb9245c22be73322b64ca54'O); // CERT_IUT_A_RCA.oer var Oct32 v_private_key := 'd79ef1d533b0385463a5d15708e94ff4f0d281cccbef504acd3afbb82dc0499f'O; // CERT_IUT_A_RCA.vkey // Decode certificate v_res := decvalue(v_enc_msg, v_certificate); if (v_res == 0) { log("Decoded message: ", v_certificate); setverdict(pass, "Decoded certificate succeed"); } else { setverdict(fail, "Decoding certificate failed"); } // Create InnerEcRequest request v_innerEcRequest := valueof(m_innerEcRequest( "TODO", m_publicKeys( v_certificate.toBeSigned.verifyKeyIndicator.verificationKey, v_certificate.toBeSigned.encryptionKey ), m_certificateSubjectAttributes( v_certificate.toBeSigned.appPermissions, v_certificate.toBeSigned.validityPeriod, v_certificate.toBeSigned.region, v_certificate.toBeSigned.assuranceLevel ))); // Encode InnerEcRequest template log("Encode template ", v_innerEcRequest); v_enc_msg := encvalue(v_innerEcRequest); log("Encoded message: ", bit2oct(v_enc_msg)); // Check result if (not isbound(v_enc_msg)) { setverdict(fail, "Encoding InnerEcRequest failed!"); stop; } if (not match(v_enc_msg, v_exp_enc_msg)) { log("Expected message: ", bit2oct(valueof(v_exp_enc_msg))); setverdict(fail, "Encoding InnerEcRequest failed, not the expected result!"); stop; } v_res := decvalue(v_exp_enc_msg, v_exp_innerEcReq); if (v_res == 0) { log("Decoded message: ", v_certificate); setverdict(pass, "Decoded succeed"); if (not match(v_innerEcRequest, v_exp_innerEcReq)) { log("Expected message: ", bit2oct(valueof(v_exp_enc_msg))); setverdict(fail, "Encoding failed, not the expected result!"); stop; } } else { setverdict(fail, "Decoding failed"); } setverdict(pass, "Encoding passed."); } // End of testcase tc_inner_ec_request_1 testcase tc_inner_ec_request_2() runs on TCType system TCType { var Oct32 v_private_key; var Oct32 v_publicKeyX; var Oct32 v_publicKeyY; var Oct32 v_publicKeyCompressed; var integer v_compressedMode; var InnerEcRequest v_inner_ec_request; var Ieee1609Dot2Data v_inner_ec_request_signed_for_pop; var bitstring v_inner_ec_request_signed_for_pop_msg; var EtsiTs102941Data v_dec_inner_ec_request_signed_for_pop; var InnerEcRequest v_dec_inner_ec_request; var bitstring v_dec_inner_ec_request_msg; var bitstring v_tbs; var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var Ieee1609Dot2Data v_dec_ieee1609dot2_encrypted_and_signed_data; var Ieee1609Dot2Data v_dec_ieee1609dot2_signed_data; var bitstring v_ieee1609dot2_signed_and_encrypted_data_msg; var Oct16 v_aes_sym_key; var Oct16 v_encrypted_sym_key; var Oct16 v_authentication_vector; var Oct12 v_nonce; var integer v_result; if (not(PICS_SEC_FIXED_KEYS)) { setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true"); stop; } // Generate InnerEcRequest if (f_generate_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_inner_ec_request) == false) { setverdict(fail, "Failed to generate InnerEcRequest message"); stop; } // Generate InnerEcRequestSignedForPoP if (f_generate_inner_ec_request_signed_for_pop(v_private_key, v_inner_ec_request, v_inner_ec_request_signed_for_pop) == false) { setverdict(fail, "Failed to setup InnerEcRequestSignedForPoP message"); stop; } // Secure InnerEcRequestSignedForPoP message v_inner_ec_request_signed_for_pop_msg := encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop)); if (f_build_pki_secured_message(v_private_key, valueof(m_signerIdentifier_self), int2oct(0, 8), v_publicKeyCompressed, v_compressedMode, ''O, bit2oct(v_inner_ec_request_signed_for_pop_msg), v_ieee1609dot2_signed_and_encrypted_data, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce) == false) { setverdict(fail, "Failed to secure InnerEcRequest message"); stop; } // Encode it log("To be encoded message: ", v_ieee1609dot2_signed_and_encrypted_data); v_ieee1609dot2_signed_and_encrypted_data_msg := encvalue(v_ieee1609dot2_signed_and_encrypted_data); log("Encoded message: ", v_ieee1609dot2_signed_and_encrypted_data_msg); setverdict(pass, "Encoded succeed"); // Decode encrypted InnerEcRequest v_result := decvalue(v_ieee1609dot2_signed_and_encrypted_data_msg, v_dec_ieee1609dot2_encrypted_and_signed_data); if (v_result == 0) { log("Decoded message: ", v_dec_ieee1609dot2_encrypted_and_signed_data); setverdict(pass, "Decoded succeed"); if (match(v_dec_ieee1609dot2_encrypted_and_signed_data, v_ieee1609dot2_signed_and_encrypted_data)) { setverdict(pass, "Decoded match succeed"); } else { setverdict(fail, "Decoded match failed"); stop; } } else { setverdict(fail, "Decoding failed"); stop; } // Decrypt InnerEcRequest f_decrypt(v_private_key, v_dec_ieee1609dot2_encrypted_and_signed_data, ''O, v_dec_ieee1609dot2_signed_data); log("v_dec_ieee1609dot2_signed_data= ", v_dec_ieee1609dot2_signed_data); // Verify signature v_tbs := encvalue(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData); if (fx_verifyWithEcdsaNistp256WithSha256( bit2oct(v_tbs), int2oct(0, 32), v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig, v_publicKeyCompressed, v_compressedMode) == true) { setverdict(pass, "Check signature succeed"); } else { setverdict(fail, "Check signature failed"); stop; } // Extract InnerEcRequestSignedForPop v_dec_inner_ec_request_msg := oct2bit(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData); v_result := decvalue(v_dec_inner_ec_request_msg, v_dec_inner_ec_request_signed_for_pop); if (v_result == 0) { log("Decoded InnerEcRequestSignedForPop: ", v_dec_inner_ec_request_signed_for_pop); setverdict(pass, "Decoded succeed"); } else { setverdict(fail, "Decoding failed"); stop; } // Extract InnerEcRequest log("v_dec_inner_ec_request_signed_for_pop.content.enrolmentRequest= ", v_dec_inner_ec_request_signed_for_pop.content.enrolmentRequest); v_dec_inner_ec_request_msg := oct2bit(v_dec_inner_ec_request_signed_for_pop.content.enrolmentRequest.content.signedData.tbsData.payload.data.content.unsecuredData); v_result := decvalue(v_dec_inner_ec_request_msg, v_dec_inner_ec_request); if (v_result == 0) { log("Decode InnerEcRequest: ", v_dec_inner_ec_request); setverdict(pass, "Decoded succeed"); if (match(v_dec_inner_ec_request, v_inner_ec_request)) { setverdict(pass, "Decoded match succeed"); } else { setverdict(fail, "Decoded match failed"); stop; } } else { setverdict(fail, "Decoding failed"); stop; } } // End of testcase tc_inner_ec_request_2 testcase tc_inner_ec_response_1() runs on TCType system TCType { var Oct32 v_private_key; var Oct32 v_publicKeyX; var Oct32 v_publicKeyY; var Oct32 v_publicKeyCompressed; var integer v_compressedMode; var EccP256CurvePoint v_eccPoint; var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs valueof(m_appPermissions(36, { bitmapSsp := '830001'O })), valueof(m_appPermissions(37, { bitmapSsp := '830001'O })) }; var octetstring v_inner_ec_request := '000E43616E6F6E6963616C4974734964018080827029A9B20D22AE37B1344B7FCC2322C8F1E5ECE09C39CC289E500A9487298B9B0080827029A9B20D22AE37B1344B7FCC2322C8F1E5ECE09C39CC289E500A9487298B9B7C83010A8F1C86000A83010280000C800022C00102800124810403830001800125810403830001'O; var template (value) EtsiTs103097Certificate v_cert; var bitstring v_tbs; var Oct32 v_sig; var bitstring v_enc_msg; var integer v_res := 0; var InnerEcResponse v_innerEcResponse; if (not(PICS_SEC_FIXED_KEYS)) { setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true"); stop; } f_generate_key_pair_nistp256(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode); // Build certificate based on keys if (v_compressedMode == 0) { v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_0(v_publicKeyCompressed)); } else { v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_1(v_publicKeyCompressed)); } v_cert := m_etsiTs103097Certificate( m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(f_hashWithSha256('616263'O))), m_toBeSignedCertificate_at( v_appPermissions, m_verificationKeyIndicator_verificationKey( m_publicVerificationKey_ecdsaNistP256( v_eccPoint )), m_validityPeriod( 17469212, m_duration_years(10) ), m_geographicRegion_identifiedRegion( { m_identifiedRegion_country_only(12), m_identifiedRegion_country_only(34) } ) ) ); // Encode it ==> Get octetstring log("Encode template ", valueof(v_cert.toBeSigned)); v_tbs := encvalue(v_cert.toBeSigned); // Sign the certificate using ECDSA/SHA-256 (NIST p-256) v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_tbs), int2oct(11, 32), v_private_key); v_cert.signature_ := m_signature_ecdsaNistP256( m_ecdsaP256Signature( m_eccP256CurvePoint_x_only( substr(v_sig, 0, 32) ), substr(v_sig, 32, 32) ) ); log("v_cert= ", v_cert); // Create InnerEcResponse message f_generate_inner_ec_response( f_hashWithSha256(v_inner_ec_request), valueof(v_cert), v_innerEcResponse ); // Encode InnerEcResponse template log("Encode template ", v_innerEcResponse); v_enc_msg := encvalue(v_innerEcResponse); log("Encoded message: ", bit2oct(v_enc_msg)); // Check result if (not isbound(v_enc_msg)) { setverdict(fail, "Encoding failed!"); stop; } setverdict(pass, "Encoding passed."); } // End of testcase tc_inner_ec_response_1 testcase tc_inner_ec_response_2() runs on TCType system TCType { var Oct32 v_private_key; var Oct32 v_publicKeyX; var Oct32 v_publicKeyY; var Oct32 v_publicKeyCompressed; var integer v_compressedMode; var EccP256CurvePoint v_eccPoint; var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs valueof(m_appPermissions(36, { bitmapSsp := '830001'O })), valueof(m_appPermissions(37, { bitmapSsp := '830001'O })) }; var template (value) EtsiTs103097Certificate v_cert; var EtsiTs103097Certificate v_cert_ts_a_ea; var EtsiTs103097Certificate v_cert_iut_a_ea; var Oct32 v_private_key_cert_ts_a_ea; var Oct32 v_private_key_cert_iut_a_ea; var Oct32 v_private_enc_key_cert_ts_a_ea; var Oct32 v_private_enc_key_cert_iut_a_ea; var Oct8 v_hashed_id8_cert_ts_a_ea; var Oct8 v_hashed_id8_cert_iut_a_ea; var Oct32 v_whole_hash_cert_ts_a_ea; var Oct32 v_whole_hash_cert_iut_a_ea; var bitstring v_tbs; var Oct32 v_sig; var bitstring v_enc_msg; var HashedId8 v_hashedid8_ea_certificate; var InnerEcResponse v_inner_ec_response; var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var bitstring v_ieee1609dot2_signed_and_encrypted_data_msg; var Oct16 v_aes_sym_key; var Oct16 v_encrypted_sym_key; var Oct16 v_authentication_vector; var Oct12 v_nonce; var Ieee1609Dot2Data v_dec_ieee1609dot2_encrypted_and_signed_data; var Ieee1609Dot2Data v_dec_ieee1609dot2_signed_data; var bitstring v_dec_inner_ec_response_msg; var EtsiTs102941Data v_dec_inner_ec_response; var boolean v_ret; var integer v_result; if (not(PICS_SEC_FIXED_KEYS)) { setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true"); stop; } f_loadCertificates(PX_IUT_SEC_CONFIG_NAME); f_readCertificate("CERT_TS_A_EA", v_cert_ts_a_ea); f_readCertificate("CERT_IUT_A_EA", v_cert_iut_a_ea); f_readSigningKey("CERT_TS_A_EA", v_private_key_cert_ts_a_ea); f_readSigningKey("CERT_IUT_A_EA", v_private_key_cert_iut_a_ea); f_readEncryptingKey("CERT_TS_A_EA", v_private_enc_key_cert_ts_a_ea); f_readEncryptingKey("CERT_IUT_A_EA", v_private_enc_key_cert_iut_a_ea); f_getCertificateDigest("CERT_TS_A_EA", v_hashed_id8_cert_ts_a_ea); f_getCertificateDigest("CERT_IUT_A_EA", v_hashed_id8_cert_iut_a_ea); f_getCertificateHash("CERT_TS_A_EA", v_whole_hash_cert_ts_a_ea); f_getCertificateHash("CERT_IUT_A_EA", v_whole_hash_cert_iut_a_ea); f_generate_key_pair_nistp256(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode); // Build the EA certificate based on keys if (v_compressedMode == 0) { v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_0(v_publicKeyCompressed)); } else { v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_1(v_publicKeyCompressed)); } v_cert := m_etsiTs103097Certificate( m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(f_hashWithSha256('616263'O))), m_toBeSignedCertificate_at( v_appPermissions, m_verificationKeyIndicator_verificationKey( m_publicVerificationKey_ecdsaNistP256( v_eccPoint )), m_validityPeriod( 17469212, m_duration_years(10) ), m_geographicRegion_identifiedRegion( { m_identifiedRegion_country_only(12), m_identifiedRegion_country_only(34) } ) ) ); // Encode it ==> Get octetstring log("Encode template ", valueof(v_cert.toBeSigned)); v_tbs := encvalue(v_cert.toBeSigned); // Sign the certificate using ECDSA/SHA-256 (NIST p-256) v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_tbs), int2oct(11, 32), v_private_key); v_cert.signature_ := m_signature_ecdsaNistP256( m_ecdsaP256Signature( m_eccP256CurvePoint_x_only( substr(v_sig, 0, 32) ), substr(v_sig, 32, 32) ) ); log("v_cert= ", v_cert); // Calculate the whole-hashedid8 of the EA certificate v_tbs := encvalue(v_cert); v_hashedid8_ea_certificate := f_HashedId8FromSha256(f_hashWithSha256(bit2oct(v_tbs))); log("whole-v_hashedid8_ea_certificate= ", v_hashedid8_ea_certificate); // Create InnerEcResponse message f_generate_inner_ec_response( 'DF0185451707BD702C957AB8B8AF827A6FBFBA7777723DDCA40CF6F58DAEA4E4'O, valueof(v_cert), v_inner_ec_response ); // Build secured PKI message v_enc_msg := encvalue(m_etsiTs102941Data_inner_ec_response(v_inner_ec_response)); if (ischosen(v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0)) { v_ret := f_build_pki_secured_message(v_private_key_cert_iut_a_ea, valueof(m_signerIdentifier_digest(v_hashed_id8_cert_iut_a_ea)), int2oct(0, 8), v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0, 0, ''O, bit2oct(v_enc_msg), v_ieee1609dot2_signed_and_encrypted_data, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce); } else { v_ret := f_build_pki_secured_message(v_private_key_cert_iut_a_ea, valueof(m_signerIdentifier_digest(v_hashed_id8_cert_iut_a_ea)), int2oct(0, 8), v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1, 1, ''O, bit2oct(v_enc_msg), v_ieee1609dot2_signed_and_encrypted_data, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce); } if (v_ret == false) { setverdict(fail, "Failed to secure InnerEcResponse message"); stop; } // Encode it log("To be encoded message: ", v_ieee1609dot2_signed_and_encrypted_data); v_ieee1609dot2_signed_and_encrypted_data_msg := encvalue(v_ieee1609dot2_signed_and_encrypted_data); log("Encoded message: ", v_ieee1609dot2_signed_and_encrypted_data_msg); setverdict(pass, "Encoded succeed"); // Decode encrypted InnerEcResponse v_result := decvalue(v_ieee1609dot2_signed_and_encrypted_data_msg, v_dec_ieee1609dot2_encrypted_and_signed_data); if (v_result == 0) { log("Decoded message: ", v_dec_ieee1609dot2_encrypted_and_signed_data); setverdict(pass, "Decoded succeed"); if (match(v_dec_ieee1609dot2_encrypted_and_signed_data, v_ieee1609dot2_signed_and_encrypted_data)) { setverdict(pass, "Decoded match succeed"); } else { setverdict(fail, "Decoded match failed"); stop; } } else { setverdict(fail, "Decoding failed"); stop; } // Decrypt InnerEcResponse f_decrypt(v_private_enc_key_cert_ts_a_ea, v_dec_ieee1609dot2_encrypted_and_signed_data, ''O, v_dec_ieee1609dot2_signed_data); log("v_dec_ieee1609dot2_signed_data= ", v_dec_ieee1609dot2_signed_data); // Verify signature v_tbs := encvalue(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData); if (ischosen(v_cert_iut_a_ea.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0)) { v_ret := f_verifyWithEcdsaNistp256WithSha256( bit2oct(v_tbs), v_whole_hash_cert_iut_a_ea, v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig, v_cert_iut_a_ea.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0, 0); } else { v_ret := f_verifyWithEcdsaNistp256WithSha256( bit2oct(v_tbs), v_whole_hash_cert_iut_a_ea, v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig, v_cert_iut_a_ea.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_1, 1); } if (v_ret == true) { setverdict(pass, "Check signature succeed"); } else { setverdict(fail, "Check signature failed"); stop; } // Extract InnerEcResponse v_dec_inner_ec_response_msg := oct2bit(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData); v_result := decvalue(v_dec_inner_ec_response_msg, v_dec_inner_ec_response); if (v_result == 0) { log("Decoded InnerEcResponse: ", v_dec_inner_ec_response); setverdict(pass, "Decoded succeed"); if (match(v_dec_inner_ec_response.content.enrolmentResponse, v_inner_ec_response)) { setverdict(pass, "Decoded match succeed"); // Extract the new EA certificate v_cert := v_dec_inner_ec_response.content.enrolmentResponse.certificate; // Check signature v_tbs := encvalue(v_cert.toBeSigned); if (f_verifyWithEcdsaNistp256WithSha256( bit2oct(v_tbs), int2oct(11, 32), valueof(v_cert.signature_.ecdsaNistP256Signature.rSig.x_only) & valueof(v_cert.signature_.ecdsaNistP256Signature.sSig), v_publicKeyCompressed, v_compressedMode) == true) { setverdict(pass, "Check signature succeed"); } else { setverdict(fail, "Check signature failed"); stop; } } else { setverdict(fail, "Decoded match failed"); stop; } } else { setverdict(fail, "Decoding failed"); stop; } } // End of testcase tc_inner_ec_response_2 testcase tc_inner_ec_response_3() runs on TCType system TCType { var Oct32 v_private_key; var Oct32 v_publicKeyX; var Oct32 v_publicKeyY; var Oct32 v_publicKeyCompressed; var integer v_compressedMode; var EccP256CurvePoint v_eccPoint; var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs valueof(m_appPermissions(36, { bitmapSsp := '830001'O })), valueof(m_appPermissions(37, { bitmapSsp := '830001'O })) }; var template (value) EtsiTs103097Certificate v_cert; var EtsiTs103097Certificate v_cert_ts_a_ea; var EtsiTs103097Certificate v_cert_iut_a_ea; var Oct32 v_private_key_cert_ts_a_ea; var Oct32 v_private_key_cert_iut_a_ea; var Oct32 v_private_enc_key_cert_ts_a_ea; var Oct32 v_private_enc_key_cert_iut_a_ea; var Oct8 v_hashed_id8_cert_ts_a_ea; var Oct8 v_hashed_id8_cert_iut_a_ea; var Oct32 v_whole_hash_cert_ts_a_ea; var Oct32 v_whole_hash_cert_iut_a_ea; var bitstring v_tbs; var Oct32 v_sig; var bitstring v_enc_msg; var HashedId8 v_hashedid8_ea_certificate; var AuthorizationValidationResponse v_authorization_validation_response; var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data; var bitstring v_ieee1609dot2_signed_and_encrypted_data_msg; var Ieee1609Dot2Data v_dec_ieee1609dot2_encrypted_and_signed_data; var Oct16 v_aes_sym_key; var Oct16 v_encrypted_sym_key; var Oct16 v_authentication_vector; var Oct12 v_nonce; var Ieee1609Dot2Data v_dec_ieee1609dot2_signed_data; var bitstring v_dec_authorization_validation_response_msg; var EtsiTs102941Data v_dec_authorization_validation_response; var boolean v_ret; var integer v_result; if (not(PICS_SEC_FIXED_KEYS)) { setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true"); stop; } f_loadCertificates(PX_IUT_SEC_CONFIG_NAME); f_readCertificate("CERT_TS_A_EA", v_cert_ts_a_ea); f_readCertificate("CERT_IUT_A_EA", v_cert_iut_a_ea); f_readSigningKey("CERT_TS_A_EA", v_private_key_cert_ts_a_ea); f_readSigningKey("CERT_IUT_A_EA", v_private_key_cert_iut_a_ea); f_readEncryptingKey("CERT_TS_A_EA", v_private_enc_key_cert_ts_a_ea); f_readEncryptingKey("CERT_IUT_A_EA", v_private_enc_key_cert_iut_a_ea); f_getCertificateDigest("CERT_TS_A_EA", v_hashed_id8_cert_ts_a_ea); f_getCertificateDigest("CERT_IUT_A_EA", v_hashed_id8_cert_iut_a_ea); f_getCertificateHash("CERT_TS_A_EA", v_whole_hash_cert_ts_a_ea); f_getCertificateHash("CERT_IUT_A_EA", v_whole_hash_cert_iut_a_ea); f_generate_key_pair_nistp256(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode); // Build the EA certificate based on keys if (v_compressedMode == 0) { v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_0(v_publicKeyCompressed)); } else { v_eccPoint := valueof(m_eccP256CurvePoint_compressed_y_1(v_publicKeyCompressed)); } v_cert := m_etsiTs103097Certificate( m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(f_hashWithSha256('616263'O))), m_toBeSignedCertificate_at( v_appPermissions, m_verificationKeyIndicator_verificationKey( m_publicVerificationKey_ecdsaNistP256( v_eccPoint )), m_validityPeriod( 17469212, m_duration_years(10) ), m_geographicRegion_identifiedRegion( { m_identifiedRegion_country_only(12), m_identifiedRegion_country_only(34) } ) ) ); // Encode it ==> Get octetstring log("Encode template ", valueof(v_cert.toBeSigned)); v_tbs := encvalue(v_cert.toBeSigned); // Sign the certificate using ECDSA/SHA-256 (NIST p-256) v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_tbs), int2oct(11, 32), v_private_key); v_cert.signature_ := m_signature_ecdsaNistP256( m_ecdsaP256Signature( m_eccP256CurvePoint_x_only( substr(v_sig, 0, 32) ), substr(v_sig, 32, 32) ) ); log("v_cert= ", v_cert); // Calculate the whole-hashedid8 of the EA certificate v_tbs := encvalue(v_cert); v_hashedid8_ea_certificate := f_HashedId8FromSha256(f_hashWithSha256(bit2oct(v_tbs))); log("whole-v_hashedid8_ea_certificate= ", v_hashedid8_ea_certificate); // Create InnerEcResponse message f_generate_authorization_validation_response( 'DF0185451707BD702C957AB8B8AF827A6FBFBA7777723DDCA40CF6F58DAEA4E4'O, valueof( m_certificate_subject_attributes( v_cert.toBeSigned.appPermissions, { { subjectPermissions := { all_ := NULL }, minChainLength := 1, chainLengthRange := 0, eeType := '00000000'B } }, v_cert.toBeSigned.id, v_cert.toBeSigned.validityPeriod, v_cert.toBeSigned.region, v_cert.toBeSigned.assuranceLevel ) ), v_authorization_validation_response ); // Build secured PKI message v_enc_msg := encvalue(m_etsiTs102941Data_authorization_validation_response(v_authorization_validation_response)); if (ischosen(v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0)) { v_ret := f_build_pki_secured_message(v_private_key_cert_iut_a_ea, valueof(m_signerIdentifier_digest(v_hashed_id8_cert_iut_a_ea)), int2oct(0, 8), v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0, 0, ''O, bit2oct(v_enc_msg), v_ieee1609dot2_signed_and_encrypted_data, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce); } else { v_ret := f_build_pki_secured_message(v_private_key_cert_iut_a_ea, valueof(m_signerIdentifier_digest(v_hashed_id8_cert_iut_a_ea)), int2oct(0, 8), v_cert_ts_a_ea.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1, 1, ''O, bit2oct(v_enc_msg), v_ieee1609dot2_signed_and_encrypted_data, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce); } if (v_ret == false) { setverdict(fail, "Failed to secure InnerEcResponse message"); stop; } // Encode it log("To be encoded message: ", v_ieee1609dot2_signed_and_encrypted_data); v_ieee1609dot2_signed_and_encrypted_data_msg := encvalue(v_ieee1609dot2_signed_and_encrypted_data); log("Encoded message: ", v_ieee1609dot2_signed_and_encrypted_data_msg); setverdict(pass, "Encoded succeed"); // Decode encrypted InnerEcResponse v_result := decvalue(v_ieee1609dot2_signed_and_encrypted_data_msg, v_dec_ieee1609dot2_encrypted_and_signed_data); if (v_result == 0) { log("Decoded message: ", v_dec_ieee1609dot2_encrypted_and_signed_data); setverdict(pass, "Decoded succeed"); if (match(v_dec_ieee1609dot2_encrypted_and_signed_data, v_ieee1609dot2_signed_and_encrypted_data)) { setverdict(pass, "Decoded match succeed"); } else { setverdict(fail, "Decoded match failed"); stop; } } else { setverdict(fail, "Decoding failed"); stop; } // Decrypt InnerEcResponse f_decrypt(v_private_enc_key_cert_ts_a_ea, v_dec_ieee1609dot2_encrypted_and_signed_data, ''O, v_dec_ieee1609dot2_signed_data); log("v_dec_ieee1609dot2_signed_data= ", v_dec_ieee1609dot2_signed_data); // Verify signature v_tbs := encvalue(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData); if (ischosen(v_cert_iut_a_ea.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0)) { v_ret := f_verifyWithEcdsaNistp256WithSha256( bit2oct(v_tbs), v_whole_hash_cert_iut_a_ea, v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig, v_cert_iut_a_ea.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0, 0); } else { v_ret := f_verifyWithEcdsaNistp256WithSha256( bit2oct(v_tbs), v_whole_hash_cert_iut_a_ea, v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_dec_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig, v_cert_iut_a_ea.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_1, 1); } if (v_ret == true) { setverdict(pass, "Check signature succeed"); } else { setverdict(fail, "Check signature failed"); stop; } // Extract AuthorizationValidationResponse v_dec_authorization_validation_response_msg := oct2bit(v_dec_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData); v_result := decvalue(v_dec_authorization_validation_response_msg, v_dec_authorization_validation_response); if (v_result == 0) { log("Decoded authorization_validation_response: ", v_dec_authorization_validation_response); setverdict(pass, "Decoded succeed"); if (match(v_dec_authorization_validation_response.content.authorizationValidationResponse, v_authorization_validation_response)) { setverdict(pass, "Decoded match succeed"); } else { setverdict(fail, "Decoded match failed"); stop; } } else { setverdict(fail, "Decoding failed"); stop; } } // End of testcase tc_inner_ec_response_3 testcase tc_inner_ec_functions_1() runs on TCType system TCType { var Oct32 v_private_key; var Oct32 v_publicKeyCompressed; var integer v_compressedMode; var InnerEcRequest v_inner_ec_request; var boolean v_ret := false; if (not(PICS_SEC_FIXED_KEYS)) { setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true"); stop; } f_loadCertificates(PX_IUT_SEC_CONFIG_NAME); v_ret := f_generate_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_inner_ec_request); if (v_ret == true) { setverdict(pass); } else { setverdict(fail); } } // End of testcase tc_inner_ec_functions_1 testcase tc_inner_ec_functions_2() runs on TCType system TCType { var Oct32 v_private_key; var Oct32 v_publicKeyX; var Oct32 v_publicKeyY; var Oct32 v_publicKeyCompressed; var integer v_compressedMode; var EccP256CurvePoint v_eccPoint; var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs valueof(m_appPermissions(36, { bitmapSsp := '830001'O })), valueof(m_appPermissions(37, { bitmapSsp := '830001'O })) }; var template (value) EtsiTs103097Certificate v_cert; var EtsiTs103097Certificate v_cert_ts_a_ea; var EtsiTs103097Certificate v_cert_iut_a_ea; var Oct32 v_private_key_cert_ts_a_ea; var Oct32 v_private_key_cert_iut_a_ea; var Oct32 v_private_enc_key_cert_ts_a_ea; var Oct32 v_private_enc_key_cert_iut_a_ea; var Oct8 v_hashed_id8_cert_ts_a_ea; var Oct8 v_hashed_id8_cert_iut_a_ea; var Oct32 v_whole_hash_cert_ts_a_ea; var Oct32 v_whole_hash_cert_iut_a_ea; var InnerEcRequest v_inner_ec_request; var Certificate v_ec_certificate; var boolean v_ret := false; if (not(PICS_SEC_FIXED_KEYS)) { setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true"); stop; } f_loadCertificates(PX_IUT_SEC_CONFIG_NAME); f_readCertificate("CERT_TS_A_EA", v_cert_ts_a_ea); f_readCertificate("CERT_IUT_A_EA", v_cert_iut_a_ea); f_readSigningKey("CERT_TS_A_EA", v_private_key_cert_ts_a_ea); f_readSigningKey("CERT_IUT_A_EA", v_private_key_cert_iut_a_ea); f_readEncryptingKey("CERT_TS_A_EA", v_private_enc_key_cert_ts_a_ea); f_readEncryptingKey("CERT_IUT_A_EA", v_private_enc_key_cert_iut_a_ea); f_getCertificateDigest("CERT_TS_A_EA", v_hashed_id8_cert_ts_a_ea); f_getCertificateDigest("CERT_IUT_A_EA", v_hashed_id8_cert_iut_a_ea); f_getCertificateHash("CERT_TS_A_EA", v_whole_hash_cert_ts_a_ea); f_getCertificateHash("CERT_IUT_A_EA", v_whole_hash_cert_iut_a_ea); v_ret := f_generate_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_inner_ec_request); if (v_ret == true) { setverdict(pass); } else { setverdict(fail, "f_generate_inner_ec_request"); stop; } v_ret := f_generate_ec_certificate(v_private_key, v_inner_ec_request, v_ec_certificate); if (v_ret == true) { setverdict(pass); } else { setverdict(fail, "f_generate_ec_certificate"); stop; } } // End of testcase tc_inner_ec_functions_2 testcase tc_inner_ec_functions_3() runs on TCType system TCType { var Oct32 v_private_key; var Oct32 v_publicKeyX; var Oct32 v_publicKeyY; var Oct32 v_publicKeyCompressed; var Oct32 v_private_enc_key; var Oct32 v_publicEncKeyCompressed; var integer v_compressedMode; var EccP256CurvePoint v_eccPoint; var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs valueof(m_appPermissions(36, { bitmapSsp := '830001'O })), valueof(m_appPermissions(37, { bitmapSsp := '830001'O })) }; var template (value) EtsiTs103097Certificate v_cert; var EtsiTs103097Certificate v_cert_ts_a_ea; var EtsiTs103097Certificate v_cert_iut_a_ea; var Oct32 v_private_key_cert_ts_a_ea; var Oct32 v_private_key_cert_iut_a_ea; var Oct32 v_private_enc_key_cert_ts_a_ea; var Oct32 v_private_enc_key_cert_iut_a_ea; var Oct8 v_hashed_id8_cert_ts_a_ea; var Oct8 v_hashed_id8_cert_iut_a_ea; var Oct32 v_whole_hash_cert_ts_a_ea; var Oct32 v_whole_hash_cert_iut_a_ea; var InnerEcRequest v_inner_ec_request; var Certificate v_ec_certificate; var InnerAtRequest v_inner_at_request; var Ieee1609Dot2Data v_inner_at_request_data; var boolean v_ret := false; if (not(PICS_SEC_FIXED_KEYS)) { setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true"); stop; } f_loadCertificates(PX_IUT_SEC_CONFIG_NAME); f_readCertificate("CERT_TS_A_EA", v_cert_ts_a_ea); f_readCertificate("CERT_IUT_A_EA", v_cert_iut_a_ea); f_readSigningKey("CERT_TS_A_EA", v_private_key_cert_ts_a_ea); f_readSigningKey("CERT_IUT_A_EA", v_private_key_cert_iut_a_ea); f_readEncryptingKey("CERT_TS_A_EA", v_private_enc_key_cert_ts_a_ea); f_readEncryptingKey("CERT_IUT_A_EA", v_private_enc_key_cert_iut_a_ea); f_getCertificateDigest("CERT_TS_A_EA", v_hashed_id8_cert_ts_a_ea); f_getCertificateDigest("CERT_IUT_A_EA", v_hashed_id8_cert_iut_a_ea); f_getCertificateHash("CERT_TS_A_EA", v_whole_hash_cert_ts_a_ea); f_getCertificateHash("CERT_IUT_A_EA", v_whole_hash_cert_iut_a_ea); v_ret := f_generate_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_inner_ec_request); if (v_ret == true) { setverdict(pass); } else { setverdict(fail, "f_generate_inner_ec_request"); stop; } v_ret := f_generate_ec_certificate(v_private_key, v_inner_ec_request, v_ec_certificate); if (v_ret == true) { setverdict(pass); } else { setverdict(fail, "f_generate_ec_certificate"); stop; } v_ret := f_generate_inner_at_request(v_ec_certificate, v_private_key, v_cert_iut_a_ea, v_hashed_id8_cert_iut_a_ea, true, v_private_enc_key, v_publicEncKeyCompressed, v_compressedMode, v_inner_at_request, v_inner_at_request_data); if (v_ret == true) { setverdict(pass); } else { setverdict(fail, "f_generate_inner_at_request"); stop; } } // End of testcase tc_inner_ec_functions_3 testcase tc_inner_ec_functions_4() runs on TCType system TCType { var Oct32 v_private_key; var Oct32 v_publicKeyCompressed; var Oct32 v_private_enc_key; var Oct32 v_publicEncKeyCompressed; var integer v_compressedMode; var EccP256CurvePoint v_eccPoint; var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs valueof(m_appPermissions(36, { bitmapSsp := '830001'O })), valueof(m_appPermissions(37, { bitmapSsp := '830001'O })) }; var template (value) EtsiTs103097Certificate v_cert; var EtsiTs103097Certificate v_cert_ts_a_ea; var EtsiTs103097Certificate v_cert_iut_a_ea; var Oct32 v_private_key_cert_ts_a_ea; var Oct32 v_private_key_cert_iut_a_ea; var Oct32 v_private_enc_key_cert_ts_a_ea; var Oct32 v_private_enc_key_cert_iut_a_ea; var Oct8 v_hashed_id8_cert_ts_a_ea; var Oct8 v_hashed_id8_cert_iut_a_ea; var Oct32 v_whole_hash_cert_ts_a_ea; var Oct32 v_whole_hash_cert_iut_a_ea; var AuthorizationValidationRequest v_authorization_validation_request; var boolean v_ret := false; if (not(PICS_SEC_FIXED_KEYS)) { setverdict(inconc, "Please set PICS_SEC_FIXED_KEYS to true"); stop; } f_loadCertificates(PX_IUT_SEC_CONFIG_NAME); f_readCertificate("CERT_TS_A_EA", v_cert_ts_a_ea); f_readCertificate("CERT_IUT_A_EA", v_cert_iut_a_ea); f_readSigningKey("CERT_TS_A_EA", v_private_key_cert_ts_a_ea); f_readSigningKey("CERT_IUT_A_EA", v_private_key_cert_iut_a_ea); f_readEncryptingKey("CERT_TS_A_EA", v_private_enc_key_cert_ts_a_ea); f_readEncryptingKey("CERT_IUT_A_EA", v_private_enc_key_cert_iut_a_ea); f_getCertificateDigest("CERT_TS_A_EA", v_hashed_id8_cert_ts_a_ea); f_getCertificateDigest("CERT_IUT_A_EA", v_hashed_id8_cert_iut_a_ea); f_getCertificateHash("CERT_TS_A_EA", v_whole_hash_cert_ts_a_ea); f_getCertificateHash("CERT_IUT_A_EA", v_whole_hash_cert_iut_a_ea); v_ret := f_generate_authorization_validation_request(v_cert_ts_a_ea, v_hashed_id8_cert_ts_a_ea, v_private_key, v_publicKeyCompressed, v_compressedMode, v_authorization_validation_request); if (v_ret == true) { setverdict(pass); } else { setverdict(fail, "f_generate_authorization_validation_request"); stop; } } // End of testcase tc_inner_ec_functions_4 control { execute(tc_inner_ec_request_1()); execute(tc_inner_ec_request_2()); execute(tc_inner_ec_response_1()); execute(tc_inner_ec_response_2()); execute(tc_inner_ec_functions_1()); execute(tc_inner_ec_functions_2()); execute(tc_inner_ec_functions_3()); execute(tc_inner_ec_functions_4()); } } // End of module TestCodec_Pki