diff --git a/ccsrc/Externals/LibItsSecurity_externals.cc b/ccsrc/Externals/LibItsSecurity_externals.cc index 0600f3742d7522ca5384141d0d35a30ec2a441e2..46ebea40e196bc13d873480ba10fbd6702ef2bca 100644 --- a/ccsrc/Externals/LibItsSecurity_externals.cc +++ b/ccsrc/Externals/LibItsSecurity_externals.cc @@ -1135,6 +1135,123 @@ namespace LibItsSecurity__Functions return TRUE; } + BOOLEAN fx__get__uncompressed__key__nistp256( + const OCTETSTRING& p__privateKey, + const OCTETSTRING& p__publicKeyCompressed, + const INTEGER& p__compressedMode, + OCTETSTRING& p__publicKeyY + ) { + security_ecc k(ec_elliptic_curves::nist_p_256, p__privateKey); + + // Sanity checks + if (k.private_key().lengthof() != 32) { + loggers::get_instance().error("fx__get__uncompressed__key__nistp256: Invalid private key size"); + return FALSE; + } + if (k.public_key_x().lengthof() != 32) { + loggers::get_instance().error("fx__get__uncompressed__key__nistp256: Invalid public key X-coordonate size"); + return FALSE; + } + if (k.public_key_y().lengthof() != 32) { + loggers::get_instance().error("fx__get__uncompressed__key__nistp256: Invalid public key Y-coordonate size"); + return FALSE; + } + if (k.public_key_compressed().lengthof() != 32) { + loggers::get_instance().error("fx__get__uncompressed__key__nistp256: Invalid public compressed key size"); + return FALSE; + } + // if (p__compressedMode != INTEGER((int)k.public_key_compressed_mode())) { + // loggers::get_instance().error("fx__get__uncompressed__key__nistp256: Invalid public compressed mode"); + // return FALSE; + // } + // if (p__publicKeyCompressed != k.public_key_compressed()) { + // loggers::get_instance().error("fx__get__uncompressed__key__nistp256: Invalid public compressed key value"); + // return FALSE; + // } + + p__publicKeyY = k.public_key_y(); + + return TRUE; + } + + BOOLEAN fx__get__uncompressed__key__brainpoolp256r1( + const OCTETSTRING& p__privateKey, + const OCTETSTRING& p__publicKeyCompressed, + const INTEGER& p__compressedMode, + OCTETSTRING& p__publicKeyY + ) { + security_ecc k(ec_elliptic_curves::brainpool_p_256_r1, p__privateKey); + + // Sanity checks + if (k.private_key().lengthof() != 32) { + loggers::get_instance().error("fx__get__uncompressed__key__brainpoolp256r1: Invalid private key size"); + return FALSE; + } + if (k.public_key_x().lengthof() != 32) { + loggers::get_instance().error("fx__get__uncompressed__key__brainpoolp256r1: Invalid public key X-coordonate size"); + return FALSE; + } + if (k.public_key_y().lengthof() != 32) { + loggers::get_instance().error("fx__get__uncompressed__key__brainpoolp256r1: Invalid public key Y-coordonate size"); + return FALSE; + } + if (k.public_key_compressed().lengthof() != 32) { + loggers::get_instance().error("fx__get__uncompressed__key__brainpoolp256r1: Invalid public compressed key size"); + return FALSE; + } + // if (p__compressedMode != INTEGER((int)k.public_key_compressed_mode())) { + // loggers::get_instance().error("fx__get__uncompressed__key__brainpoolp256r1: Invalid public compressed mode"); + // return FALSE; + // } + // if (p__publicKeyCompressed != k.public_key_compressed()) { + // loggers::get_instance().error("fx__get__uncompressed__key__brainpoolp256r1: Invalid public compressed key value"); + // return FALSE; + // } + + p__publicKeyY = k.public_key_y(); + + return TRUE; + } + + BOOLEAN fx__get__uncompressed__key__brainpoolp384r1( + const OCTETSTRING& p__privateKey, + const OCTETSTRING& p__publicKeyCompressed, + const INTEGER& p__compressedMode, + OCTETSTRING& p__publicKeyY + ) { + security_ecc k(ec_elliptic_curves::brainpool_p_384_r1, p__privateKey); + + // Sanity checks + if (k.private_key().lengthof() != 48) { + loggers::get_instance().error("fx__get__uncompressed__key__brainpoolp384r1: Invalid private key size"); + return FALSE; + } + if (k.public_key_x().lengthof() != 48) { + loggers::get_instance().error("fx__get__uncompressed__key__brainpoolp384r1: Invalid public key X-coordonate size"); + return FALSE; + } + if (k.public_key_y().lengthof() != 48) { + loggers::get_instance().error("fx__get__uncompressed__key__brainpoolp384r1: Invalid public key Y-coordonate size"); + return FALSE; + } + if (k.public_key_compressed().lengthof() != 48) { + loggers::get_instance().error("fx__get__uncompressed__key__brainpoolp384r1: Invalid public compressed key size"); + return FALSE; + } + // if (p__compressedMode != INTEGER((int)k.public_key_compressed_mode())) { + // loggers::get_instance().error("fx__get__uncompressed__key__brainpoolp384r1: Invalid public compressed mode"); + // return FALSE; + // } + // if (p__publicKeyCompressed != k.public_key_compressed()) { + // loggers::get_instance().error("fx__get__uncompressed__key__brainpoolp384r1: Invalid public compressed key value"); + // return FALSE; + // } + + p__publicKeyY = k.public_key_y(); + + return TRUE; + } + // group encryption // group certificatesLoader diff --git a/ccsrc/Protocols/Security/security_services.cc b/ccsrc/Protocols/Security/security_services.cc index b0143854975833c5bd4a41cce996d03dc07b9730..a370e6c88733c416dda3142b224f72b69da2d0a5 100644 --- a/ccsrc/Protocols/Security/security_services.cc +++ b/ccsrc/Protocols/Security/security_services.cc @@ -552,10 +552,10 @@ int security_services::sign_payload(const OCTETSTRING& p_unsecured_gn_payload, O return -1; } IEEE1609dot2::SignerIdentifier signer; - loggers::get_instance().log("security_services::sign_payload: us = %d - _last_generation_time = %ld - us - _last_generation_time = %ld", us, _last_generation_time, us - _last_generation_time); + loggers::get_instance().log("security_services::sign_payload: us = %ld - _last_generation_time = %ld - us - _last_generation_time = %ld", us, _last_generation_time, us - _last_generation_time); std::string certificate_id = p_params[params::certificate]; loggers::get_instance().log("security_services::sign_payload: certificate_id = %s", certificate_id.c_str()); - if ((unsigned int)(us - _last_generation_time) >= 1000 * 0.95) { // Need to add certificate + if ((unsigned int)(us - _last_generation_time) >= 1000000 * 0.95) { // Need to add certificate every 1s loggers::get_instance().log("security_services::sign_payload: Need to add certificate"); IEEE1609dot2::CertificateBase cert; if (_security_db->get_certificate(certificate_id, cert) != 0) { diff --git a/etc/AtsRSUsSimulator/AtsRSUSimulator.cfg b/etc/AtsRSUsSimulator/AtsRSUSimulator.cfg index 96232f7c5a3bdc4d53a64542e765bcd9fe0af473..9860913f47beb18fadf45c9a0a409e1114e66ba3 100644 --- a/etc/AtsRSUsSimulator/AtsRSUSimulator.cfg +++ b/etc/AtsRSUsSimulator/AtsRSUSimulator.cfg @@ -43,7 +43,7 @@ ItsRSUsSimulator_Pics.PICS_GENERATE_MAPEM := false ItsRSUsSimulator_Pics.PICS_GENERATE_SPATEM := false ItsRSUsSimulator_Pics.PICS_GENERATE_SSEM := false -ItsRSUsSimulator_Pics.PICS_ITS_S_ROLE := false; +ItsRSUsSimulator_Pics.PICS_ITS_S_ROLE := true; ItsRSUsSimulator_Pics.PICS_PKI_SUPPORT := true ItsRSUsSimulator_Pics.PICS_BEACON_FREQUENCY := 1.0 @@ -57,14 +57,14 @@ ItsRSUsSimulator_Pics.PICS_SEND_DENM_INDICATION := true # Enable Security support LibItsGeoNetworking_Pics.PICS_GN_SECURITY := true # Root path to access certificate stored in files, identified by certficate ID -LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/yann/tmp" +LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/vagrant/tmp" # Configuration sub-directory to access certificate stored in files LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert" LibItsHttp_Pics.PICS_HEADER_CONTENT_TYPE := "application/x-its-request" -LibItsHttp_Pics.PICS_HEADER_HOST := "192.168.42.25" -LibItsPki_Pics.PICS_HTTP_POST_URI := "/ea/enrolment" +LibItsHttp_Pics.PICS_HEADER_HOST := "192.168.42.252" +LibItsPki_Pics.PICS_HTTP_POST_URI := "/ea/enrolment" LibItsPki_Pics.PICS_MULTIPLE_END_POINT := false LibItsPki_Pics.PICS_HTTP_POST_URI_EC := "/ea/enrolment" LibItsPki_Pics.PICS_HTTP_POST_URI_AT := "/aa/authorization" @@ -163,22 +163,20 @@ LogEventTypes:= Yes # its_aid=36: CAM # its_aid=37: DENM # its_aid=141: GeoMet -system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,its_aid=36,secured_mode=1,certificate=CERT_IUT_A_AT,sec_db_path=/home/yann/tmp/asn1c_cert)/ETH(mac_src=080027128a53)/PCAP(mac_src=080027128a53,nic=wlan0,filter=and ether proto 0x8947)" +system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,its_aid=36,secured_mode=1,certificate=CERT_IUT_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/ETH(mac_src=080027128a53)/PCAP(mac_src=080027128a53,nic=eth1,filter=and ether proto 0x8947)" # Commsignia -#system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,its_aid=37,secured_mode=0,encrypted_mode=0,certificate=CERT_IUT_A_AT,peer_certificate=CERT_TS_A_AT,sec_db_path=/home/yann/tmp/asn1c_cert)/COMMSIGNIA(xport_mode=LTE-V2X,mac_src=080027F44E7D,interface_id=2,target_host=192.168.0.54)/UDP(dst_ip=192.168.0.54,src_port=9091,dst_port=7946)" +#system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,its_aid=37,secured_mode=0,encrypted_mode=0,certificate=CERT_IUT_A_AT,peer_certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/COMMSIGNIA(xport_mode=LTE-V2X,mac_src=080027F44E7D,interface_id=2,target_host=192.168.0.54)/UDP(dst_ip=192.168.0.54,src_port=9091,dst_port=7946)" # Qualcom -#system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=36747486,longitude=-4556772,distanceA=25,distanceB=25,its_aid=37,secured_mode=1,encrypted_mode=0,certificate=CERT_MICROSEC_AT_01,peer_certificate=CERT_TS_A_AT,sec_db_path=/home/yann/tmp/asn1c_cert)/QUALCOMM/UDP(dst_ip=10.200.1.113,src_port=9091,dst_port=4041)" +#system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=36747486,longitude=-4556772,distanceA=25,distanceB=25,its_aid=37,secured_mode=1,encrypted_mode=0,certificate=CERT_MICROSEC_AT_01,peer_certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/QUALCOMM/UDP(dst_ip=10.200.1.113,src_port=9091,dst_port=4041)" #system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(debug=1,server=192.168.42.25,port=80)" #system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(debug=1,server=192.168.1.25,port=80)" system.httpPort.params := "HTTP(codecs=http_its:http_etsi_ieee1609dot2_codec)/TCP(debug=1,server=192.168.1.39,port=8080)" # Config port based on UDP -#system.cfPort.params := "CF(ut=pki)/UDP(dst_ip=192.168.42.25,src_port=12345)" -#system.cfPort.params := "CF(ut=cam)/UDP(dst_ip=192.168.1.39,src_port=12345)" -#system.cfPort.params := "CF(ut=cam)/UDP(dst_ip=172.28.4.87,src_port=12345,reuse_incoming_source_adddress=1)" -#system.cfPort.params := "CF(ut=denm)/UDP(dst_ip=172.28.4.87,src_port=12345,reuse_incoming_source_adddress=1)" -#system.cfPort.params := "CF(ut=gn)/UDP(dst_ip=192.168.1.39,src_port=12345,reuse_incoming_source_adddress=1)" +#system.cfPort.params := "CF(ut=cam)/UDP(src_port=12345,reuse_incoming_source_adddress=1)" +#system.cfPort.params := "CF(ut=denm)/UDP(src_port=12345,reuse_incoming_source_adddress=1)" +#system.cfPort.params := "CF(ut=gn)/UDP(src_port=12345,reuse_incoming_source_adddress=1)" system.cfPort.params := "CF(ut=pki)/UDP(src_port=12345,reuse_incoming_source_adddress=1)" [EXECUTE] diff --git a/ttcn/AtsRSUsSimulator/ItsRSUsSimulator_Functions.ttcn b/ttcn/AtsRSUsSimulator/ItsRSUsSimulator_Functions.ttcn index 97e4c37cddcbe32ccde97d2361385eb5c64bf939..bbb21d470788e98d2f69e5b19e9e997f4d105f96 100644 --- a/ttcn/AtsRSUsSimulator/ItsRSUsSimulator_Functions.ttcn +++ b/ttcn/AtsRSUsSimulator/ItsRSUsSimulator_Functions.ttcn @@ -572,7 +572,7 @@ module ItsRSUsSimulator_Functions { ); vc_denmEventCounter := (vc_denmEventCounter + 1) mod lengthof(vc_rsuMessagesValueList[vc_rsu_id].denms); - log("f_prepare_denm: ", p_payload); + //log("f_prepare_denm: ", p_payload); } // End of function f_prepare_denm function f_prepare_mapem( @@ -1390,6 +1390,7 @@ module ItsRSUsSimulator_Functions { vc_ec_counter := vc_ec_counter + 1; vc_reenrolment := true; vc_security_state := 1; // 1:enrolled + setverdict(pass); } [] tc_wait.timeout { log("a_process_cf_ut_command: Failed to retrieve EcData"); @@ -1420,6 +1421,7 @@ module ItsRSUsSimulator_Functions { vc_at_certificates[vc_at_counter] := v_at_data; vc_at_counter := vc_at_counter + 1; vc_security_state := 2; // 2: authorization + setverdict(pass); } [] tc_wait.timeout { log("a_process_cf_ut_command: Failed to retrieve AtData"); @@ -1430,13 +1432,164 @@ module ItsRSUsSimulator_Functions { v_pki.done; v_pki.kill; if (vc_security_state == 2) { + var octetstring v_cert := bit2oct(encvalue(vc_at_certificates[0].certificate, "", "LibItsSecurity_asn1")); + var Oct32 v_wholeHash := f_hashWithSha256(v_cert); + var HashedId8 v_hashedId8_sha256 := f_hashedId8FromSha256(v_wholeHash); + var charstring v_cert_id; + var HashedId8 v_hashedId8; + var HashedId8 v_issuer; + var octetstring v_public_key_x := ''O; + var octetstring v_public_key_y := ''O; + var octetstring v_public_key_compressed; + var integer v_verify_compressed_mode; + var template (omit) octetstring v_public_enc_key_x := omit; + var template (omit) octetstring v_public_enc_key_y := omit; + var template (omit) octetstring v_public_enc_compressed_key := omit; + var template (omit) integer v_public_enc_key_compressed_mode := omit; + log("a_process_cf_ut_command: triggerAuthorizationRequest: vc_at_counter=", vc_at_counter); log("a_process_cf_ut_command: triggerAuthorizationRequest: vc_at_certificates=", vc_at_certificates); - // TODO Store the new certificate - - // TODO Update the Test System - - // Enrolled & Authorize, start CAM emission + + // Prepare to store the new certificate + if (ischosen(vc_at_certificates[0].certificate.issuer.sha256AndDigest)) { + v_hashedId8 := v_hashedId8_sha256; + v_issuer := vc_at_certificates[0].certificate.issuer.sha256AndDigest; + } else if (ischosen(vc_at_certificates[0].certificate.issuer.sha384AndDigest)) { + v_hashedId8 := f_hashedId8FromSha384(f_hashWithSha384(v_cert)); + v_issuer := vc_at_certificates[0].certificate.issuer.sha384AndDigest; + } else { + log("a_process_cf_ut_command: Wrong certificate format, self_ not expected as issuer, back to initial"); + vc_security_state := 0; // 0: initial + vc_reenrolment := false; + vc_ec_counter := 0; + vc_ec_certificates := {}; + vc_at_counter := 0; + vc_at_certificates := {}; + repeat; + } + v_cert_id := hex2str(oct2hex(v_hashedId8)); + log("a_process_cf_ut_command: Prepare to store new AT certificate: v_cert_id =", v_cert_id); + log("a_process_cf_ut_command: Prepare to store new AT certificate: v_cert =", v_cert); + log("a_process_cf_ut_command: Prepare to store new AT certificate: v_wholeHash =", v_wholeHash); + log("a_process_cf_ut_command: Prepare to store new AT certificate: v_hashedId8_sha256 =", v_hashedId8_sha256); + log("a_process_cf_ut_command: Prepare to store new AT certificate: v_hashedId8 =", v_hashedId8); + // Extract verification keys + if (ischosen(vc_at_certificates[0].certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256)) { + if (ischosen(vc_at_certificates[0].certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0)) { + v_public_key_compressed := vc_at_certificates[0].certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0; + v_verify_compressed_mode := 0; + } else if (ischosen(vc_at_certificates[0].certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_1)) { + v_public_key_compressed := vc_at_certificates[0].certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_1; + v_verify_compressed_mode := 1; + } else { // TODO + } + if (lengthof(v_public_key_x) == 0) { + v_public_key_x := v_public_key_compressed; // Key X-Coordinate + fx_get_uncompressed_key_nistp256(vc_at_certificates[0].private_key, v_public_key_compressed, v_verify_compressed_mode, v_public_key_y); // Key Y-Coordinate + } + } else if (ischosen(vc_at_certificates[0].certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP256r1)) { + if (ischosen(vc_at_certificates[0].certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP256r1.compressed_y_0)) { + v_public_key_compressed := vc_at_certificates[0].certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP256r1.compressed_y_0; + v_verify_compressed_mode := 0; + } else if (ischosen(vc_at_certificates[0].certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP256r1.compressed_y_1)) { + v_public_key_compressed := vc_at_certificates[0].certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP256r1.compressed_y_1; + v_verify_compressed_mode := 1; + } else { // TODO + } + if (lengthof(v_public_key_x) == 0) { + v_public_key_x := v_public_key_compressed; // Key X-Coordinate + fx_get_uncompressed_key_brainpoolp256r1(vc_at_certificates[0].private_key, v_public_key_compressed, v_verify_compressed_mode, v_public_key_y); // Key Y-Coordinate + } + } else if (ischosen(vc_at_certificates[0].certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1)) { + if (ischosen(vc_at_certificates[0].certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1.compressed_y_0)) { + v_public_key_compressed := vc_at_certificates[0].certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1.compressed_y_0; + v_verify_compressed_mode := 0; + } else if (ischosen(vc_at_certificates[0].certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1.compressed_y_1)) { + v_public_key_compressed := vc_at_certificates[0].certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1.compressed_y_1; + v_verify_compressed_mode := 1; + } else { // TODO + } + if (lengthof(v_public_key_x) == 0) { + v_public_key_x := v_public_key_compressed; // Key X-Coordinate + fx_get_uncompressed_key_brainpoolp384r1(vc_at_certificates[0].private_key, v_public_key_compressed, v_verify_compressed_mode, v_public_key_y); // Key Y-Coordinate + } + } else { + log("a_process_cf_ut_command: Wrong certificate format, invalid verification key, back to initial"); + vc_security_state := 0; // 0: initial + vc_reenrolment := false; + vc_ec_counter := 0; + vc_ec_certificates := {}; + vc_at_counter := 0; + vc_at_certificates := {}; + repeat; + } + log("a_process_cf_ut_command: Prepare to store new AT certificate: v_public_key_x =", v_public_key_x); + log("a_process_cf_ut_command: Prepare to store new AT certificate: v_public_key_y =", v_public_key_y); + log("a_process_cf_ut_command: Prepare to store new AT certificate: v_public_key_compressed =", v_public_key_compressed); + log("a_process_cf_ut_command: Prepare to store new AT certificate: v_verify_compressed_mode=", v_verify_compressed_mode); + // Extract encryption key + if (ispresent(vc_at_certificates[0].certificate.toBeSigned.encryptionKey)) { + if (ischosen(vc_at_certificates[0].certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256)) { + if (ischosen(vc_at_certificates[0].certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0)) { + v_public_enc_compressed_key := vc_at_certificates[0].certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0; + v_public_enc_key_compressed_mode := 0; + } else if (ischosen(vc_at_certificates[0].certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1)) { + v_public_enc_compressed_key := vc_at_certificates[0].certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1; + v_public_enc_key_compressed_mode := 1; + } else { // TODO + } + if (not(ispresent(v_public_enc_key_x))) { + var octetstring v_key; + v_public_enc_key_x := v_public_enc_compressed_key; // Key X-Coordinate + fx_get_uncompressed_key_nistp256(vc_at_certificates[0].private_enc_key, valueof(v_public_enc_compressed_key), valueof(v_public_enc_key_compressed_mode), v_key); // Key Y-Coordinate + v_public_enc_key_y := v_key; + } + } else if (ischosen(vc_at_certificates[0].certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1)) { + if (ischosen(vc_at_certificates[0].certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_0)) { + v_public_enc_compressed_key := vc_at_certificates[0].certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_0; + v_public_enc_key_compressed_mode := 0; + } else if (ischosen(vc_at_certificates[0].certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_1)) { + v_public_enc_compressed_key := vc_at_certificates[0].certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_1; + v_public_enc_key_compressed_mode := 1; + } else { // TODO + } + if (not(ispresent(v_public_enc_key_x))) { + var octetstring v_key; + v_public_enc_key_x := v_public_enc_compressed_key; // Key X-Coordinate + fx_get_uncompressed_key_brainpoolp256r1(vc_at_certificates[0].private_enc_key, valueof(v_public_enc_compressed_key), valueof(v_public_enc_key_compressed_mode), v_key); // Key Y-Coordinate + v_public_enc_key_y := v_key; + } + } else { + log("a_process_cf_ut_command: Wrong certificate format, invalid verification key, back to initial"); + vc_security_state := 0; // 0: initial + vc_reenrolment := false; + vc_ec_counter := 0; + vc_ec_certificates := {}; + vc_at_counter := 0; + vc_at_certificates := {}; + repeat; + } + } + log("a_process_cf_ut_command: Prepare to store new AT certificate: v_public_enc_key_x =", v_public_enc_key_x); + log("a_process_cf_ut_command: Prepare to store new AT certificate: v_public_enc_key_y =", v_public_enc_key_y); + log("a_process_cf_ut_command: Prepare to store new AT certificate: v_public_enc_compressed_key =", v_public_enc_compressed_key); + log("a_process_cf_ut_command: Prepare to store new AT certificate: v_public_enc_key_compressed_mode=", v_public_enc_key_compressed_mode); + // Store the certificate + log("a_process_cf_ut_command: Store new AT certificate"); + if (fx_store_certificate(v_cert_id, v_cert, vc_at_certificates[0].private_key, v_public_key_x, v_public_key_y, v_public_key_compressed, v_verify_compressed_mode, v_wholeHash, v_hashedId8_sha256, v_hashedId8, v_issuer, vc_at_certificates[0].private_enc_key, v_public_enc_key_x, v_public_enc_key_y, v_public_enc_compressed_key, v_public_enc_key_compressed_mode) == false) { + log("a_process_cf_ut_command: Failed to store certificate, back to initial"); + vc_security_state := 0; // 0: initial + vc_reenrolment := false; + vc_ec_counter := 0; + vc_ec_certificates := {}; + vc_at_counter := 0; + vc_at_certificates := {}; + repeat; + } + // Update the Test System + log("a_process_cf_ut_command (pki): Change certificate to ", v_cert_id); + f_acTriggerSecEvent(m_acEnableSecurity(v_cert_id)); + // Enrolled & Authorized, start CAM emission tc_cam.start(vc_cam_timer_value); } repeat; @@ -1617,6 +1770,7 @@ module ItsRSUsSimulator_Functions { log("f_trigger_enrolment_request_await_response: p_inner_at_response= ", v_inner_at_response); // Send the new certificate for storing v_at_data.private_key := v_private_key_at; + v_at_data.private_enc_key := v_private_enc_key_at; v_at_data.aes_sym_key := v_aes_sym_key; v_at_data.certificate := v_inner_at_response.certificate; log("f_trigger_enrolment_request_await_response: send v_at_data=", v_at_data); diff --git a/ttcn/AtsRSUsSimulator/ItsRSUsSimulator_TypesAndValues.ttcn b/ttcn/AtsRSUsSimulator/ItsRSUsSimulator_TypesAndValues.ttcn index 064463a44c09835a3f73b2c161f84a567d267dd0..2049dabe3be5b531140a4bb02194de3500db0a35 100644 --- a/ttcn/AtsRSUsSimulator/ItsRSUsSimulator_TypesAndValues.ttcn +++ b/ttcn/AtsRSUsSimulator/ItsRSUsSimulator_TypesAndValues.ttcn @@ -95,6 +95,7 @@ module ItsRSUsSimulator_TypesAndValues { type record AtData { octetstring private_key, + octetstring private_enc_key optional, Certificate certificate, Oct16 aes_sym_key } diff --git a/ttcn/LibIts b/ttcn/LibIts index 9fd3f291599a06ba28b36128afe7dff953310fb8..ee2c278910c882b90b8fbea6bee5be70ec92aa83 160000 --- a/ttcn/LibIts +++ b/ttcn/LibIts @@ -1 +1 @@ -Subproject commit 9fd3f291599a06ba28b36128afe7dff953310fb8 +Subproject commit ee2c278910c882b90b8fbea6bee5be70ec92aa83