Validate ITS-S enrolment/authorization (63d369f5) · Commits · ITS - Intelligent Transport Systems / ttcn / PKI TS 103 525-3

ItsPki_TestCases.ttcn

+602 −328

File changed.

Preview size limit exceeded, changes collapsed.

lib/LibItsPki_Pixits.ttcn

+4 −19

Original line number	Diff line number	Diff line
		@@ -16,19 +16,9 @@ module LibItsPki_Pixits {
		modulepar boolean PX_INCLUDE_ENCRYPTION_KEYS := true;

		/**
		* @desc Contains the private key for the EC certificate, used in case of re-enrolment
		* @desc Indicate which canonical key shall be used (Nist-P256, BP-256 or BP-384)
		*/
		modulepar Oct32 PX_EC_PRIVATE_KEY := int2oct(0, 32);

		/**
		* @desc Contains the hashed id8 of the EC certificate, used in case of re-enrolment
		*/
		modulepar HashedId8 PX_EC_HASHED_ID8 := int2oct(0, 8);

		/**
		* @desc Contains the hash of the EC certificate, used in case of re-enrolment
		*/
		modulepar Oct32 PX_EC_HASH := int2oct(0, 32);
		modulepar SecurityAlg PX_VE_ALG := e_nist_p256;

		/**
		* @desc Indicate which encryption algorithem to be used for Enrolment Credencial
		@@ -47,18 +37,13 @@ module LibItsPki_Pixits {
		*/
		modulepar SecurityAlg PX_EC_ALG_FOR_EC_SIGN := e_nist_p256;

		/**
		* @desc Indicate which verification algorithem to be used
		*/
		modulepar SecurityAlg PX_VE_ALG := e_nist_p256;

		modulepar Int16 PX_GENERATED_CERTIFICATE_DURATION := 120;

		modulepar SubjectAssurance PX_GENERATED_CERTIFICATE_SUBJECT_ASSURENCE_LEVEL := '00'O;

		modulepar CountryOnly PX_GENERATED_CERTIFICATE_REGION_COUNTRY_1 := 250;
		modulepar CountryOnly PX_GENERATED_CERTIFICATE_REGION_COUNTRY_1 := 250; // French

		modulepar CountryOnly PX_GENERATED_CERTIFICATE_REGION_COUNTRY_2 := 380;
		modulepar CountryOnly PX_GENERATED_CERTIFICATE_REGION_COUNTRY_2 := 267; // Germany

		modulepar octetstring PX_INNER_EC_CERTFICATE_BITMAP_SSP_SCR := '01C0'O;

lib/LibItsPki_TypesAndValues.ttcn

+4 −0

Original line number	Diff line number	Diff line
		@@ -113,6 +113,10 @@ module LibItsPki_TypesAndValues {
		charstring tlm_ctl_uri
		} // End of type TriggerRequestForRcaCtl

		type record UtPkiTriggerInd {
		integer state
		} // End of type UtPkiTriggerInd

		} with {
		encode "UpperTester"
		variant ""

lib_system/LibItsPki_Functions.ttcn

+84 −60

Original line number	Diff line number	Diff line
		@@ -167,6 +167,7 @@ module LibItsPki_Functions {

		// Storage of enrolment keys in case of re-enrolment
		vc_ec_keys_counter := 0;
		vc_ec_counter := 0;
		vc_ec_private_keys := {};
		vc_ec_public_compressed_key := {};
		vc_ec_compressed_modes := {};
		@@ -271,6 +272,7 @@ module LibItsPki_Functions {

		// Storage of enrolment keys in case of re-enrolment
		vc_ec_keys_counter := 0;
		vc_ec_counter := 0;
		vc_ec_private_keys := {};
		vc_ec_public_compressed_key := {};
		vc_ec_compressed_modes := {};
		@@ -331,6 +333,7 @@ module LibItsPki_Functions {

		// Storage of enrolment keys in case of re-enrolment
		vc_ec_keys_counter := 0;
		vc_ec_counter := 0;
		vc_ec_private_keys := {};
		vc_ec_public_compressed_key := {};
		vc_ec_compressed_modes := {};
		@@ -345,9 +348,7 @@ module LibItsPki_Functions {
		}
		} // End of function f_cfHttpUp_ea

		function f_cfUp_itss(
		in charstring p_certificate_id := "CERT_TS_A_EA" // TODO Use a constant
		) runs on ItsPkiItss system ItsPkiItssSystem {
		function f_cfUp_itss() runs on ItsPkiItss system ItsPkiItssSystem {

		map(self:geoNetworkingPort, system:geoNetworkingPort);
		map(self:utPort, system:utPort);
		@@ -858,6 +859,15 @@ module LibItsPki_Functions {
		p_http_message.response.header := p_headers;
		}
		httpAtVPort.send(p_http_message);
		} else if (v_content_text == { "inner_atv_response" }) {
		log("f_http_send: Send on ATV end point");
		f_set_headers_list({ c_header_host }, { PICS_HEADER_HOST_ATV }, p_headers);
		if (ischosen(p_http_message.request)) {
		p_http_message.request.header := p_headers;
		} else {
		p_http_message.response.header := p_headers;
		}
		httpAtVPort.send(p_http_message);
		} else if (v_content_text == { "inner_at_request" }) {
		log("f_http_send: Send on AT end point");
		f_set_headers_list({ c_header_host }, { PICS_HEADER_HOST_AT }, p_headers);
		@@ -978,6 +988,10 @@ module LibItsPki_Functions {
		var boolean v_result;

		log(">>> f_http_build_inner_ec_request");
		log ("f_http_build_inner_ec_request: vc_ec_keys_counter: ", vc_ec_keys_counter);
		log ("f_http_build_inner_ec_request: vc_ec_private_keys: ", vc_ec_private_keys);
		log ("f_http_build_inner_ec_request: vc_ec_counter: ", vc_ec_counter);

		if (f_generate_inner_ec_request(p_private_key, p_public_key_compressed, p_compressed_mode, v_inner_ec_request) == false) {
		log("* f_http_build_inner_ec_request: ERROR: Failed to generate InnerEcRequest *");
		f_selfOrClientSyncAndVerdict("error", e_error);
		@@ -1005,6 +1019,7 @@ module LibItsPki_Functions {
		log("f_http_build_inner_ec_request: Public encryption key: ", v_public_enc_key);
		log("f_http_build_inner_ec_request: Public encryption key comp: ", v_compressed_enc_key_mode);
		p_salt := vc_eaWholeHash256; // IEEE 1609.2: If the encryption key was obtained from a certificate c, P1 is SHA-256 (c), where c is the COER encoding of the certificate, canonicalized per 6.4.3.
		log("f_http_build_inner_ec_request: vc_ec_keys_counter: ", vc_ec_keys_counter);
		if ((PICS_SECPKI_REENROLMENT == false) or (vc_ec_keys_counter == 1)) { // This is the first enrolment, we used Factory keys
		var octetstring v_private_key;
		if (PX_VE_ALG == e_nist_p256) {
		@@ -1020,8 +1035,8 @@ module LibItsPki_Functions {
		log("f_http_build_inner_ec_request: v_ec_private_key: ", vc_ec_private_keys[vc_ec_keys_counter - 1]);
		log("f_http_build_inner_ec_request: v_ec_public_compressed_key: ", vc_ec_public_compressed_key[vc_ec_keys_counter - 1]);
		log("f_http_build_inner_ec_request: v_ec_compressed_modes: ", vc_ec_compressed_modes[vc_ec_keys_counter - 1]);
		log("f_http_build_inner_ec_request: v_ec_hashed_id8: ", PX_EC_HASHED_ID8);
		v_result := f_build_pki_secured_request_message_signed_with_pop(vc_ec_private_keys[vc_ec_keys_counter - 1], valueof(m_signerIdentifier_digest(PX_EC_HASHED_ID8)), PX_EC_HASHED_ID8/recipientId/, v_public_enc_key, v_compressed_enc_key_mode, p_salt, bit2oct(encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop))), PX_EC_ALG_FOR_EC, -, p_ieee1609dot2_signed_and_encrypted_data, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce, p_request_hash);
		log("f_http_build_inner_ec_request: v_ec_hashed_id8: ", vc_ec_hashed_id8[vc_ec_keys_counter - 1]);
		v_result := f_build_pki_secured_request_message_signed_with_pop(vc_ec_private_keys[vc_ec_keys_counter - 1], valueof(m_signerIdentifier_digest(vc_ec_hashed_id8[vc_ec_keys_counter - 1])), vc_ec_hashed_id8[vc_ec_keys_counter - 1]/recipientId/, v_public_enc_key, v_compressed_enc_key_mode, p_salt, bit2oct(encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop))), PX_EC_ALG_FOR_EC, -, p_ieee1609dot2_signed_and_encrypted_data, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce, p_request_hash);
		}
		if (v_result == false) {
		log("* f_http_build_inner_ec_request: ERROR: Failed to generate InnerEcRequestSignedForPop *");
		@@ -1078,7 +1093,6 @@ module LibItsPki_Functions {
		log("f_http_build_inner_ec_request_with_wrong_parameters: Public encryption key: ", v_public_enc_key);
		log("f_http_build_inner_ec_request_with_wrong_parameters: Public encryption key comp: ", v_compressed_enc_key_mode);
		p_salt := vc_eaWholeHash256; // IEEE 1609.2: If the encryption key was obtained from a certificate c, P1 is SHA-256 (c), where c is the COER encoding of the certificate, canonicalized per 6.4.3.
		if (PICS_SECPKI_REENROLMENT == false) { // This is the first enrolment, we used Factory keys
		var octetstring v_private_key;
		if (PX_VE_ALG == e_nist_p256) {
		v_private_key := PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY;
		@@ -1088,12 +1102,6 @@ module LibItsPki_Functions {
		v_private_key := PICS_ITS_S_SIGN_BRAINPOOLP384r1_PRIVATE_KEY;
		}
		v_result := f_build_pki_secured_request_message_signed_with_pop(v_private_key, valueof(m_signerIdentifier_self), vc_eaHashedId8/recipientId/, v_public_enc_key, v_compressed_enc_key_mode, p_salt, bit2oct(encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop))), PX_EC_ALG_FOR_EC, -, p_ieee1609dot2_signed_and_encrypted_data, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce, p_request_hash);
		} else { // We use last valid EC certificate
		// TODO Retrieve EC certificate from the first enrolment instead of PX
		log("f_http_build_inner_ec_request_with_wrong_parameters: v_ec_private_key: ", PX_EC_PRIVATE_KEY);
		log("f_http_build_inner_ec_request_with_wrong_parameters: v_ec_hashed_id8: ", PX_EC_HASHED_ID8);
		v_result := f_build_pki_secured_request_message_signed_with_pop(PX_EC_PRIVATE_KEY, valueof(m_signerIdentifier_digest(PX_EC_HASHED_ID8)), PX_EC_HASHED_ID8/recipientId/, v_public_enc_key, v_compressed_enc_key_mode, p_salt, bit2oct(encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop))), PX_EC_ALG_FOR_EC, -, p_ieee1609dot2_signed_and_encrypted_data, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce, p_request_hash);
		}
		if (v_result == false) {
		log("* f_http_build_inner_ec_request_with_wrong_parameters: ERROR: Failed to generate InnerEcRequestSignedForPop *");
		f_selfOrClientSyncAndVerdict("error", e_error);
		@@ -1120,6 +1128,7 @@ module LibItsPki_Functions {
		var octetstring v_public_enc_key;
		var integer v_compressed_enc_key_mode;
		var boolean v_ret_code;
		var octetstring v_private_key;

		if (f_generate_inner_ec_request(p_private_key, p_public_key_compressed, p_compressed_mode, v_inner_ec_request) == false) {
		log("* f_http_build_invalid_enrolment_request: ERROR: Failed to generate InnerEcRequest *");
		@@ -1151,8 +1160,6 @@ module LibItsPki_Functions {
		log("*** f_http_build_invalid_enrolment_request: Public encryption key: ", v_public_enc_key);
		log("*** f_http_build_invalid_enrolment_request: Public encryption key comp: ", v_compressed_enc_key_mode);
		p_salt := vc_eaWholeHash256; // IEEE 1609.2: If the encryption key was obtained from a certificate c, P1 is SHA-256 (c), where c is the COER encoding of the certificate, canonicalized per 6.4.3.
		if (PICS_SECPKI_REENROLMENT == false) { // This is the first enrolment, we used Factory keys
		var octetstring v_private_key;
		if (PX_VE_ALG == e_nist_p256) {
		v_private_key := PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY;
		} else if (PX_VE_ALG == e_brainpool_p256_r1) {
		@@ -1161,12 +1168,6 @@ module LibItsPki_Functions {
		v_private_key := PICS_ITS_S_SIGN_BRAINPOOLP384r1_PRIVATE_KEY;
		}
		v_ret_code := f_build_pki_secured_request_message_signed_with_pop(v_private_key, valueof(m_signerIdentifier_self), vc_eaHashedId8/recipientId/, v_public_enc_key, v_compressed_enc_key_mode, p_salt, bit2oct(encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop))), PX_EC_ALG_FOR_EC, -, p_ieee1609dot2_signed_and_encrypted_data, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce, p_request_hash);
		} else { // We use last valid EC certificate
		// TODO Retrieve EC certificate from the first enrolment instead of PX
		log("f_http_build_inner_ec_request: v_ec_private_key: ", PX_EC_PRIVATE_KEY);
		log("f_http_build_inner_ec_request: v_ec_hashed_id8: ", PX_EC_HASHED_ID8);
		v_ret_code := f_build_pki_secured_request_message_signed_with_pop(PX_EC_PRIVATE_KEY, valueof(m_signerIdentifier_digest(PX_EC_HASHED_ID8)), PX_EC_HASHED_ID8/recipientId/, v_public_enc_key, v_compressed_enc_key_mode, p_salt, bit2oct(encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop))), PX_EC_ALG_FOR_EC, -, p_ieee1609dot2_signed_and_encrypted_data, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce, p_request_hash);
		}
		if (v_ret_code == false) {
		log("* f_http_build_invalid_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop *");
		f_selfOrClientSyncAndVerdict("error", e_error);
		@@ -1181,6 +1182,8 @@ module LibItsPki_Functions {
		in octetstring p_private_key := ''O,
		in octetstring p_digest := ''O,
		in Oct16 p_aes_sym_key,
		out EtsiTs103097Certificate p_ec_certificate,
		out HashedId8 p_ec_certificate_hashed_id8,
		out InnerEcResponse p_inner_ec_response,
		out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data
		) return boolean {
		@@ -1189,7 +1192,6 @@ module LibItsPki_Functions {
		var octetstring v_msg;
		var Oct12 v_nonce;
		var Ieee1609Dot2Data v_ieee1609dot2_signed_data;
		var EtsiTs103097Certificate v_ec_certificate;
		var boolean p_result := false;

		log(">>> f_http_build_inner_ec_response: p_inner_ec_request= ", p_inner_ec_request);
		@@ -1210,7 +1212,7 @@ module LibItsPki_Functions {
		p_result := true;
		} else {
		// Generate the certificate
		if (f_generate_ec_certificate_for_inner_ec_response(valueof(p_inner_ec_request), p_private_key, p_digest, v_ec_certificate) == false) {
		if (f_generate_ec_certificate_for_inner_ec_response(valueof(p_inner_ec_request), p_private_key, p_digest, p_ec_certificate, p_ec_certificate_hashed_id8) == false) {
		log("f_http_build_inner_ec_response: Failed to generate the certificate");
		p_inner_ec_response := valueof(
		m_innerEcResponse_ko(
		@@ -1222,7 +1224,7 @@ module LibItsPki_Functions {
		p_inner_ec_response := valueof(
		m_innerEcResponse_ok(
		p_request_hash,
		v_ec_certificate
		p_ec_certificate
		)
		);
		}
		@@ -1842,7 +1844,8 @@ module LibItsPki_Functions {
		in InnerEcRequest p_inner_ec_request,
		in octetstring p_private_key,
		in octetstring p_digest,
		out EtsiTs103097Certificate p_ec_certificate
		out EtsiTs103097Certificate p_ec_certificate,
		out HashedId8 p_ec_certificate_hashed_id8
		) return boolean {
		var CertificateId v_certificate_id;
		var EtsiTs103097Certificate v_cert;
		@@ -1914,7 +1917,12 @@ module LibItsPki_Functions {
		);
		}
		p_ec_certificate := valueof(v_cert);

		// Encode it and calculate HashedId8
		v_tbs := encvalue(p_ec_certificate);
		p_ec_certificate_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256(bit2oct(v_tbs)));
		log("f_generate_ec_certificate_for_inner_ec_response: p_ec_certificate= ", p_ec_certificate);
		log("f_generate_ec_certificate_for_inner_ec_response: p_ec_certificate_hashed_id8= ", p_ec_certificate_hashed_id8);

		return true;
		} // End of function f_generate_ec_certificate_for_inner_ec_response
		@@ -1986,7 +1994,7 @@ module LibItsPki_Functions {
		);
		}
		p_at_certificate := valueof(v_cert);
		log("f_generate_at_certificate_for_inner_at_response: p_ec_certificate= ", p_at_certificate);
		log("f_generate_at_certificate_for_inner_at_response: p_at_certificate= ", p_at_certificate);

		return true;
		} // End of function f_generate_at_certificate_for_inner_at_response
		@@ -2074,7 +2082,7 @@ module LibItsPki_Functions {
		out octetstring p_public_key_compressed,
		out integer p_compressed_mode,
		out InnerEcRequest p_inner_ec_request
		) return boolean {
		) runs on ItsPkiHttp return boolean {
		// Local variables
		var Oct32 v_public_key_x;
		var Oct32 v_public_key_y;
		@@ -2166,10 +2174,14 @@ module LibItsPki_Functions {
		)
		);
		}
		if (PICS_SECPKI_REENROLMENT) { // This is a re-enrolment, the identifier of its current valid Enrolment Credential
		log("f_generate_inner_ec_request: This is a re-enrolment");
		p_inner_ec_request.itsId := PX_EC_HASHED_ID8;
		log("f_generate_inner_ec_request: PICS_SECPKI_REENROLMENT: ", PICS_SECPKI_REENROLMENT);
		log("f_generate_inner_ec_request: vc_ec_keys_counter: ", vc_ec_keys_counter);
		if (PICS_SECPKI_REENROLMENT and (vc_ec_keys_counter > 0)) { // This is a re-enrolment, the identifier of its current valid Enrolment Credential
		log("f_generate_inner_ec_request: This is a re-enrolment: vc_ec_keys_counter= ", vc_ec_keys_counter);
		log("f_generate_inner_ec_request: This is a re-enrolment: vc_ec_hashed_id8[vc_ec_keys_counter - 1]= ", vc_ec_hashed_id8[vc_ec_keys_counter - 1]);
		p_inner_ec_request.itsId := vc_ec_hashed_id8[vc_ec_keys_counter - 1];
		}

		log("<<< f_generate_inner_ec_request: ", p_inner_ec_request);

		return true;
		@@ -2185,7 +2197,7 @@ module LibItsPki_Functions {
		out octetstring p_public_key_compressed,
		out integer p_compressed_mode,
		out InnerEcRequest p_inner_ec_request
		) return boolean {
		) runs on ItsPkiHttp return boolean {
		// Local variables
		var Oct32 v_public_key_x;
		var Oct32 v_public_key_y;
		@@ -2261,10 +2273,6 @@ module LibItsPki_Functions {
		)
		)
		);
		if (PICS_SECPKI_REENROLMENT) { // This is a re-enrolment, the identifier of its current valid Enrolment Credential
		log("f_generate_inner_ec_request_with_wrong_parameters: This is a re-enrolment");
		p_inner_ec_request.itsId := PX_EC_HASHED_ID8;
		}
		log("f_generate_inner_ec_request_with_wrong_parameters: ", p_inner_ec_request);

		return true;
		@@ -2274,7 +2282,7 @@ module LibItsPki_Functions {
		in octetstring p_private_key,
		in InnerEcRequest p_inner_ec_request,
		out Ieee1609Dot2Data p_inner_ec_request_signed_for_pop
		) return boolean {
		) runs on ItsPkiHttp return boolean {
		// Local variables
		var template (value) EccP256CurvePoint v_eccP256_curve_point;
		var octetstring v_encoded_inner_ec_request;
		@@ -4167,7 +4175,9 @@ module LibItsPki_Functions {
		}
		}
		if (ischosen(v_etsi_ts_102941_data.content.enrolmentResponse) and ispresent(v_etsi_ts_102941_data.content.enrolmentResponse.certificate)) {
		if (f_verify_ec_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, vc_eaCertificate, vc_eaHashedId8, p_compressed_public_key, p_compressed_mode) == false) {
		var HashedId8 v_ec_cert_hashed_id8;

		if (f_verify_ec_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, vc_eaCertificate, vc_eaHashedId8, p_compressed_public_key, p_compressed_mode, v_ec_cert_hashed_id8) == false) {
		log("f_await_http_inner_ec_request_response: Cannot verify EC certificate signature ***");
		if (p_strict_checks) {
		return false;
		@@ -4220,6 +4230,8 @@ module LibItsPki_Functions {
		var InnerEcRequest v_inner_ec_request;
		var template (value) HttpMessage v_response;
		var Headers v_headers;
		var EtsiTs103097Certificate v_ec_certificate;
		var HashedId8 v_ec_certificate_hashed_id8;

		tc_ac.stop;

		@@ -4234,10 +4246,10 @@ module LibItsPki_Functions {
		if (f_verify_inner_ec_request_signed_for_pop(v_etsi_ts_102941_data, v_inner_ec_request) == false) {
		log("f_await_ec_request_send_response: Failed to verify PKI message ***");
		// Send error message
		f_http_build_inner_ec_response(v_inner_ec_request/Not required/, cantparse, v_request_hash, -, -, v_aes_enc_key, p_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
		f_http_build_inner_ec_response(v_inner_ec_request/Not required/, cantparse, v_request_hash, -, -, v_aes_enc_key, v_ec_certificate, v_ec_certificate_hashed_id8, p_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
		v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), v_headers));
		} else {
		f_http_build_inner_ec_response(v_inner_ec_request, ok, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, p_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
		f_http_build_inner_ec_response(v_inner_ec_request, ok, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_ec_certificate, v_ec_certificate_hashed_id8, p_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
		v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), v_headers));
		v_result := true;
		}
		@@ -5108,18 +5120,18 @@ module LibItsPki_Functions {
		in Certificate p_ea_certificate,
		in HashedId8 p_ea_hashed_id8,
		in octetstring p_public_key_compressed,
		in integer p_compressed_mode
		in integer p_compressed_mode,
		out HashedId8 p_ec_cert_hashed_id8
		) return boolean {
		var bitstring v_encoded_cert;
		var Oct32 v_ec_cert_hash;
		var HashedId8 v_ec_cert_hashed_id8;

		// Calculate the HashedId8 of the whole certificate
		v_encoded_cert := encvalue(p_ec_certificate);
		v_ec_cert_hash := f_hashWithSha256(bit2oct(v_encoded_cert));
		log("f_verify_ec_certificate: ==> EC certificate Hash: ", v_ec_cert_hash);
		v_ec_cert_hashed_id8 := f_hashedId8FromSha256(v_ec_cert_hash);
		log("f_verify_ec_certificate: ==> EC certificate HashedId8: ", v_ec_cert_hashed_id8);
		p_ec_cert_hashed_id8 := f_hashedId8FromSha256(v_ec_cert_hash);
		log("f_verify_ec_certificate: ==> EC certificate HashedId8: ", p_ec_cert_hashed_id8);

		// Check the signer
		log("f_verify_ec_certificate: Check the signer: ", match(p_ec_certificate.issuer, m_issuerIdentifier_sha256AndDigest(p_ea_hashed_id8)));
		@@ -5425,12 +5437,12 @@ module LibItsPki_Functions {

		altstep a_await_ec_http_request_from_iut(
		template HttpMessage p_http_message,
		out HttpMessage p_response
		out HttpMessage p_request
		) runs on ItsPkiHttp {
		[not(PICS_MULTIPLE_END_POINT)] httpPort.receive(p_http_message) -> value p_response {
		[not(PICS_MULTIPLE_END_POINT)] httpPort.receive(p_http_message) -> value p_request {
		log("a_await_ec_http_request_from_iut: Received message on httpPort");
		}
		[PICS_MULTIPLE_END_POINT] httpEcPort.receive(p_http_message) -> value p_response {
		[PICS_MULTIPLE_END_POINT] httpEcPort.receive(p_http_message) -> value p_request {
		log("a_await_ec_http_request_from_iut: Received message on httpEcPort");
		}
		} // End of altstep a_await_ec_http_request_from_iut
		@@ -5447,6 +5459,18 @@ module LibItsPki_Functions {
		}
		} // End of altstep a_await_ec_http_response_from_iut

		altstep a_await_at_http_request_from_iut(
		template HttpMessage p_http_message,
		out HttpMessage p_request
		) runs on ItsPkiHttp {
		[not(PICS_MULTIPLE_END_POINT)] httpPort.receive(p_http_message) -> value p_request {
		log("a_await_at_http_request_from_iut: Received message on httpPort");
		}
		[PICS_MULTIPLE_END_POINT] httpAtPort.receive(p_http_message) -> value p_request {
		log("a_await_at_http_request_from_iut: Received message on httpAtPort");
		}
		} // End of altstep a_await_at_http_request_from_iut

		altstep a_await_at_http_response_from_iut(
		template HttpMessage p_http_message,
		out HttpMessage p_response

lib_system/LibItsPki_TestSystem.ttcn

+3 −2

Original line number	Diff line number	Diff line
		@@ -49,7 +49,7 @@ module LibItsPki_TestSystem {
		*/
		type port UpperTesterPkiPort message {
		out UtPkiInitialize, UtPkiTrigger;
		in UtPkiResults;
		in UtPkiResults, UtPkiTriggerInd;
		} // End of UpperTesterPort

		type port InfoPort message {
		@@ -109,7 +109,8 @@ module LibItsPki_TestSystem {
		var EcCompressedModes vc_ec_compressed_modes;
		var EcHashedId8 vc_ec_hashed_id8;
		var EcCertificates vc_ec_certificates;
		var integer vc_ec_keys_counter;
		var integer vc_ec_keys_counter := 0;
		var integer vc_ec_counter := 0;
		} // End of component ItsPkiHttp

		/**