CV2X#3 Validation against PKIs (710005fb) · Commits · ITS - Intelligent Transport Systems / ttcn / PKI TS 103 525-3

ItsPki_TestCases.ttcn

+489 −294

File changed.

Preview size limit exceeded, changes collapsed.

lib/LibItsPki_Pics.ttcn

+6 −0

Original line number	Diff line number	Diff line
		@@ -252,6 +252,12 @@ module LibItsPki_Pics {
		*/
		modulepar boolean PICS_EC_SUBJECT_ATTRIBUT_ID := true;

		/**
		* @desc Set to true if the IUT support geographical region, false if it shall be omitted
		* @see ETSI TS 103 097 Clause 7.2.2 Enrolment credential
		*/
		modulepar boolean PICS_EC_SUBJECT_ATTRIBUT_REGION := true;

		modulepar boolean PICS_SEC_IMPLICIT_CERTIFICATES := true;

		modulepar boolean PICS_SEC_EXPLICIT_CERTIFICATES := true;

lib/LibItsPki_Pixits.ttcn

+1 −1

Original line number	Diff line number	Diff line
		@@ -51,7 +51,7 @@ module LibItsPki_Pixits {

		modulepar octetstring PX_INNER_EC_CERTFICATE_INCORRECT_BITMAP_SSP_SCR_WRONG_VERSION := '00C0'O;

		modulepar octetstring PX_INNER_EC_CERTFICATE_INCORRECT_BITMAP_SSP_SCR_WRONG_SSP_BIT := '0180'O;
		modulepar octetstring PX_INNER_EC_CERTFICATE_INCORRECT_BITMAP_SSP_SCR_WRONG_SSP_BIT := '017F'O;

		modulepar octetstring PX_INNER_EC_CERTFICATE_BITMAP_SSP_CAM := '830001'O;

lib/LibItsPki_TypesAndValues.ttcn

+2 −0

Original line number	Diff line number	Diff line
		@@ -30,6 +30,8 @@ module LibItsPki_TypesAndValues {
		const charstring cc_ectl_rca_untrust := "CERT_RCA_UNTRUST";
		const charstring cc_ectl_aa_new := "CERT_AA_NEW";

		const charstring c_etag_http_header := "ETag";

		} // End of group constants

		type enumerated SecurityAlg {

lib_system/LibItsPki_Functions.ttcn

+104 −53

Original line number	Diff line number	Diff line
		@@ -237,6 +237,7 @@ module LibItsPki_Functions {
		if (PICS_MULTIPLE_END_POINT == false) {
		map(self:httpPort, system:httpPort);
		} else {
		map(self:httpEcPort, system:httpEcPort);
		map(self:httpAtPort, system:httpAtPort);
		}

		@@ -460,6 +461,7 @@ module LibItsPki_Functions {
		if (PICS_MULTIPLE_END_POINT == false) {
		unmap(self:httpPort, system:httpPort);
		} else {
		unmap(self:httpEcPort, system:httpEcPort);
		unmap(self:httpAtPort, system:httpAtPort);
		}
		f_disconnect4SelfOrClientSync();
		@@ -886,6 +888,15 @@ module LibItsPki_Functions {
		p_http_message.response.header := p_headers;
		}
		httpCaPort.send(p_http_message);
		} else if (v_content_text == { "ca_response" }) {
		log("f_http_send: Send on CA end point");
		f_set_headers_list({ c_header_host }, { PICS_HEADER_HOST_CA }, p_headers);
		if (ischosen(p_http_message.request)) {
		p_http_message.request.header := p_headers;
		} else {
		p_http_message.response.header := p_headers;
		}
		httpCaPort.send(p_http_message);
		} else if (v_content_text == { "tlm_request" }) {
		log("f_http_send: Send on TLM end point");
		f_set_headers_list({ c_header_host }, { PICS_HEADER_HOST_TLM }, p_headers);
		@@ -1314,8 +1325,8 @@ module LibItsPki_Functions {
		f_selfOrClientSyncAndVerdict("error", e_error);
		}
		}
		log("*** f_http_build_authorization_request: DEBUG: p_ieee1609dot2_signed_and_encrypted_data= ", p_ieee1609dot2_signed_and_encrypted_data);
		log("*** f_http_build_authorization_request: DEBUG: p_request_hash= ", p_request_hash);
		log("<<< f_http_build_authorization_request: DEBUG: p_ieee1609dot2_signed_and_encrypted_data= ", p_ieee1609dot2_signed_and_encrypted_data);
		log("<<< f_http_build_authorization_request: DEBUG: p_request_hash= ", p_request_hash);
		} // End of function f_http_build_authorization_request

		function f_http_build_authorization_request_with_wrong_private_key(
		@@ -2174,6 +2185,10 @@ module LibItsPki_Functions {
		)
		);
		}
		// Remove geographical region (ETAS)
		if (not(PICS_EC_SUBJECT_ATTRIBUT_REGION)) {
		p_inner_ec_request.requestedSubjectAttributes.region := omit;
		}
		log("f_generate_inner_ec_request: PICS_SECPKI_REENROLMENT: ", PICS_SECPKI_REENROLMENT);
		log("f_generate_inner_ec_request: vc_ec_keys_counter: ", vc_ec_keys_counter);
		if (PICS_SECPKI_REENROLMENT and (vc_ec_keys_counter > 0)) { // This is a re-enrolment, the identifier of its current valid Enrolment Credential
		@@ -2250,6 +2265,7 @@ module LibItsPki_Functions {
		}
		v_public_verification_key := valueof(m_publicVerificationKey_ecdsaBrainpoolP384r1(v_eccP384_curve_point));
		}
		if (PICS_EC_SUBJECT_ATTRIBUT_ID) {
		p_inner_ec_request := valueof(
		m_innerEcRequest(
		p_canonical_id,
		@@ -2273,6 +2289,33 @@ module LibItsPki_Functions {
		)
		)
		);
		} else {
		p_inner_ec_request := valueof(
		m_innerEcRequest(
		p_canonical_id,
		m_publicKeys(
		v_public_verification_key
		),
		m_certificateSubjectAttributes_id_omit( // ETSI TS 103 097 Clause 7.2.2 Enrolment credential
		p_appPermissions, // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
		m_validityPeriod(
		p_start,
		p_duration
		),
		m_geographicRegion_identifiedRegion(
		{
		m_identifiedRegion_country_only(PX_GENERATED_CERTIFICATE_REGION_COUNTRY_1),
		m_identifiedRegion_country_only(PX_GENERATED_CERTIFICATE_REGION_COUNTRY_2)
		}
		),
		PX_GENERATED_CERTIFICATE_SUBJECT_ASSURENCE_LEVEL
		)
		)
		);
		}// Remove geographical region (ETAS)
		if (not(PICS_EC_SUBJECT_ATTRIBUT_REGION)) {
		p_inner_ec_request.requestedSubjectAttributes.region := omit;
		}
		log("f_generate_inner_ec_request_with_wrong_parameters: ", p_inner_ec_request);

		return true;
		@@ -3321,15 +3364,21 @@ module LibItsPki_Functions {
		return false;
		}
		}
		log("===========================", v_certificate);
		log("f_verify_rca_ctl_response_message (1): v_certificate: ", v_certificate);
		f_getCertificateHash(v_certificate_id, v_issuer);
		} else {
		v_certificate := p_etsi_ts_103097_signed_data.content.signedData.signer.certificate[0];
		log("+++++++++++++++++++++++++++", v_certificate);
		log("f_verify_rca_ctl_response_message (2): v_certificate: ", v_certificate);
		if (ispresent(v_certificate.issuer.sha256AndDigest)) {
		v_issuer := v_certificate.issuer.sha256AndDigest;
		} else {
		} if (ispresent(v_certificate.issuer.sha384AndDigest)) {
		v_issuer := v_certificate.issuer.sha384AndDigest;
		} else { // self_
		if (v_certificate.issuer.self_ == sha256) {
		v_issuer := int2oct(0, 32);
		} else {
		v_issuer := int2oct(0, 48);
		}
		}
		}
		if (f_verifyEcdsa(bit2oct(v_tbs), v_issuer, p_etsi_ts_103097_signed_data.content.signedData.signature_, v_certificate.toBeSigned.verifyKeyIndicator.verificationKey) == false) {
		@@ -4335,7 +4384,7 @@ module LibItsPki_Functions {
		var Headers v_headers;
		tc_ac.stop;

		f_init_default_headers_list(-, "inner_dc_response", v_headers);
		f_init_default_headers_list(-, "ca_response", v_headers);

		// Send message
		f_build_dc_ctl(
		@@ -4344,7 +4393,9 @@ module LibItsPki_Functions {
		p_ea_certificate_id,
		p_to_be_signed_rca_ctl
		);
		log("f_await_dc_request_send_response: p_to_be_signed_rca_ctl: ", p_to_be_signed_rca_ctl);
		f_sign_dc_ctl(p_rca_certificate_id, p_to_be_signed_rca_ctl, v_ieee1609dot2_signed_and_encrypted_data);
		log("f_await_dc_request_send_response: p_to_be_signed_rca_ctl: ", p_to_be_signed_rca_ctl);
		v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), v_headers));
		f_http_send(v_headers, v_response);
		v_result := true;
		@@ -5514,7 +5565,7 @@ module LibItsPki_Functions {
		[not(PICS_MULTIPLE_END_POINT)] httpPort.receive(p_http_message) -> value p_response {
		log("a_await_dc_http_request_from_iut: Received message on httpPort");
		}
		[PICS_MULTIPLE_END_POINT] httpEcPort.receive(p_http_message) -> value p_response {
		[PICS_MULTIPLE_END_POINT] httpCaPort.receive(p_http_message) -> value p_response {
		log("a_await_dc_http_request_from_iut: Received message on httpEcPort");
		}
		} // End of altstep a_await_dc_http_request_from_iut