Loading ItsPki_TestCases.ttcn +180 −130 File changed.Preview size limit exceeded, changes collapsed. Show changes asn1 @ 7e4ea27e Compare 021805f1 to 7e4ea27e Original line number Diff line number Diff line Subproject commit 021805f17253f5b0baf80b13bca8151a05342655 Subproject commit 7e4ea27e7e0d752587aa48051f880607c29ef8ca lib_system/LibItsPki_Functions.ttcn +121 −70 Original line number Diff line number Diff line Loading @@ -1343,6 +1343,49 @@ module LibItsPki_Functions { return p_result; } // End of function f_http_build_inner_ec_response function f_http_build_error_ec_response( in EnrolmentResponseCode p_responseCode := ok, in Oct16 p_request_hash, in octetstring p_private_key := ''O, in octetstring p_digest := ''O, in Oct16 p_aes_sym_key, out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data ) return boolean { // Local variables var octetstring v_msg; var Oct12 v_nonce; var Ieee1609Dot2Data v_ieee1609dot2_signed_data; var boolean p_result := false; var InnerEcResponse v_inner_ec_response; // Check expectred response if (p_responseCode == ok) { return false; } v_inner_ec_response := valueof( m_innerEcResponse_ko( p_request_hash, p_responseCode ) ); // Secure the response log("f_http_build_error_ec_response: p_inner_ec_response= ", v_inner_ec_response); v_msg := bit2oct(encvalue(m_etsiTs102941Data_inner_ec_response(v_inner_ec_response))); v_nonce := substr(f_hashWithSha256(int2oct((f_getCurrentTimeUtc() * 1000), 16)), 0, 12); // Random value // TODO Consider Sha384: m_signerIdentifier_digest(f_hashedId8FromSha384(p_digest)) if (f_build_pki_secured_response_message(p_private_key, valueof(m_signerIdentifier_digest(f_hashedId8FromSha256(p_digest))),// in SignerIdentifier p_signer_identifier, v_msg, p_aes_sym_key, v_nonce, p_ieee1609dot2_signed_and_encrypted_data ) == false) { log("f_http_build_inner_ec_response: Failed to generate the certificate"); return false; } return true; } // End of function f_http_build_error_ec_response function f_http_build_authorization_request( in Certificate p_ec_certificate, // Enrolment credentials certificate in octetstring p_ec_private_key, Loading Loading @@ -5319,7 +5362,7 @@ module LibItsPki_Functions { mw_enrolmentRequestMessage( mw_encryptedData() ))))); } // End of template mw_http_ec_request_generic } // End of predefined requests function f_await_ec_request_send_response( out InnerEcRequest p_inner_ec_request, Loading @@ -5340,18 +5383,16 @@ module LibItsPki_Functions { [] a_await_ec_http_request_from_iut(mw_http_ec_request_generic, p_request) { var Ieee1609Dot2Data v_decrypted_message; var EtsiTs102941Data v_etsi_ts_102941_data; var Oct16 v_request_hash; var Oct16 v_aes_enc_key; var InnerEcRequest v_inner_ec_request; var template (value) HttpMessage v_response; var Oct16 v_request_hash, v_aes_enc_key; tc_ac.stop; if(f_read_ec_request_from_iut_itss( p_request.request.body.binary_body.ieee1609dot2_data, v_request_hash, v_aes_enc_key, v_decrypted_message, v_etsi_ts_102941_data, p_inner_ec_request)) { p_inner_ec_request )){ var EtsiTs103097Certificate v_ec_certificate; var HashedId8 v_ec_certificate_hashed_id8; var Ieee1609Dot2Data v_response_message; Loading Loading @@ -5391,9 +5432,11 @@ module LibItsPki_Functions { v_response := m_http_response(m_http_response_500_internal_error(v_headers)); } f_http_send(v_headers, v_response); v_result := true; } [] a_await_ec_http_request_from_iut( mw_http_request(), v_wrong_request) { log("f_await_ec_request_send_response: Wrong message received ", v_wrong_request); log(">>>>>> f_await_ec_request_send_response: Wrong message received ", v_wrong_request); log(" ", match(v_wrong_request, mw_http_request())); f_http_send(v_headers, m_http_response(m_http_response_500_internal_error(v_headers))); repeat; Loading @@ -5409,8 +5452,6 @@ module LibItsPki_Functions { function f_await_ec_request_send_no_response( out HttpMessage p_request ) runs on ItsPkiHttp { var boolean v_result := false; log(">>> f_await_ec_request_send_no_response"); tc_ac.start; Loading Loading @@ -5933,10 +5974,9 @@ module LibItsPki_Functions { var octetstring v_tbs_signed; var template (value) Ieee1609Dot2Data v_ieee1609dot2_signed_data; var octetstring v_encoded_inner_ec_response; var octetstring v_symkeyidentifier; var HashedId8 v_recipientId; var octetstring v_encrypted_inner_ec_response; var octetstring v_symkeyidentifier; // Signed the encoded PKI message v_tbs := m_toBeSignedData( m_signedDataPayload( Loading @@ -5950,6 +5990,8 @@ module LibItsPki_Functions { var charstring v_certificate_id; var Oct32 v_hash; fx_readCertificateFromDigest(p_signer_identifier.digest, v_certificate_id); // TODO Add a wrapper function log(">>>>> f_build_pki_secured_response_message: use ", v_certificate_id, " for signing response"); log(">>>>> f_build_pki_secured_response_message: use ", p_private_key, " as private key"); f_getCertificateHash(v_certificate_id, v_hash); v_tbs_signed := f_signWithEcdsaNistp256WithSha256(bit2oct(encvalue(v_tbs)), v_hash, p_private_key); } Loading Loading @@ -6009,22 +6051,22 @@ module LibItsPki_Functions { out EtsiTs102941Data p_etsi_ts_102941_data ) return boolean { var octetstring v_msg; var boolean v_return_code := true; var boolean ret := true; // 1. Calculate the request Hash v_msg := bit2oct(encvalue(p_encrypted_message)); log("f_read_pki_request_message: Encoded request: ", v_msg); log("f_parse_pki_request: Encoded request: ", v_msg); p_request_hash := substr(f_hashWithSha256(v_msg), 0, 16); log("f_read_pki_request_message: p_request_hash= ", p_request_hash); log("f_parse_pki_request: p_request_hash= ", p_request_hash); // 2. Decrypt message log("f_read_pki_request_message: p_private_enc_key= ", p_private_enc_key); log("f_parse_pki_request: p_private_enc_key= ", p_private_enc_key); if (false == f_decrypt(p_private_enc_key, p_encrypted_message, p_salt, p_decrypted_message, p_aes_enc_key)) { log("f_read_pki_request_message: Failed to decrypt message"); log("f_parse_pki_request: Failed to decrypt message"); return false; } log("f_read_pki_request_message: v_ieee1609dot2_signed_data= ", p_decrypted_message); log("f_read_pki_request_message: p_aes_enc_key= ", p_aes_enc_key); log("f_parse_pki_request: v_ieee1609dot2_signed_data= ", p_decrypted_message); log("f_parse_pki_request: p_aes_enc_key= ", p_aes_enc_key); // 3. get TS 102 941 data select(p_decrypted_message){ Loading @@ -6033,19 +6075,21 @@ module LibItsPki_Functions { -, mw_toBeSignedData( mw_signedDataPayload )))) { ) ) ) ) { var bitstring v_msg_bit; v_msg_bit := oct2bit(p_decrypted_message.content.signedData.tbsData.payload.data.content.unsecuredData); if (decvalue(v_msg_bit, p_etsi_ts_102941_data) != 0) { v_return_code := false; ret := false; } } case else { v_return_code := false; ret := false; } } // End of 'select' statement return v_return_code; } return ret; } // End of function f_read_pki_request_message function f_read_ec_request_from_iut_itss( Loading @@ -6061,11 +6105,17 @@ module LibItsPki_Functions { var EtsiTs103097Certificate v_ec_certificate; var HashedId8 v_ec_certificate_hashed_id8; var InnerEcResponse v_inner_ec_response; /* if(false == f_get_canonical_itss_key(v_canonical_key)){ log(">>> f_read_ec_request_from_iut_itss: error getting canonical key"); return false; } */ if( f_read_pki_request_message( p_encrypted_message, vc_eaPrivateEncKey, vc_eaWholeHash/*salt*/, p_request_hash, p_aes_enc_key, p_decrypted_message, p_etsi_ts_102941_data)) { p_etsi_ts_102941_data )) { // decode InnerEcRequest var bitstring v_msg_bit := oct2bit(p_etsi_ts_102941_data.content.enrolmentRequest.content.signedData.tbsData.payload.data.content.unsecuredData); if (decvalue(v_msg_bit, p_inner_ec_request) != 0) { Loading @@ -6076,6 +6126,7 @@ module LibItsPki_Functions { return false; } // End of function f_read_ec_request_from_iut_itss /** * @desc Verify the protocol element of the Pki message. * If p_check_security is set to false, only decryption and decoding of the outer message are verified. Loading Loading @@ -6154,7 +6205,6 @@ module LibItsPki_Functions { // 4. Verifiy signature log("f_verify_pki_request_message: v_ieee1609dot2_signed_data.content.signedData.tbsData= ", v_ieee1609dot2_signed_data.content.signedData.tbsData); v_msg := bit2oct(encvalue(v_ieee1609dot2_signed_data.content.signedData.tbsData)); log("f_verify_pki_request_message: v_msg= ", v_msg); if (not ispresent(p_verification_key)){ var EtsiTs103097Certificate v_cert; var charstring v_cert_id; Loading @@ -6177,6 +6227,7 @@ module LibItsPki_Functions { } } if (ispresent(p_verification_key)){ log("f_verify_pki_request_message: v_msg= ", v_msg); if (false == f_verifyEcdsa(v_msg, int2oct(0, 32), v_ieee1609dot2_signed_data.content.signedData.signature_, valueof(p_verification_key))) { if (p_check_security == true) { return false; Loading Loading
ItsPki_TestCases.ttcn +180 −130 File changed.Preview size limit exceeded, changes collapsed. Show changes
asn1 @ 7e4ea27e Compare 021805f1 to 7e4ea27e Original line number Diff line number Diff line Subproject commit 021805f17253f5b0baf80b13bca8151a05342655 Subproject commit 7e4ea27e7e0d752587aa48051f880607c29ef8ca
lib_system/LibItsPki_Functions.ttcn +121 −70 Original line number Diff line number Diff line Loading @@ -1343,6 +1343,49 @@ module LibItsPki_Functions { return p_result; } // End of function f_http_build_inner_ec_response function f_http_build_error_ec_response( in EnrolmentResponseCode p_responseCode := ok, in Oct16 p_request_hash, in octetstring p_private_key := ''O, in octetstring p_digest := ''O, in Oct16 p_aes_sym_key, out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data ) return boolean { // Local variables var octetstring v_msg; var Oct12 v_nonce; var Ieee1609Dot2Data v_ieee1609dot2_signed_data; var boolean p_result := false; var InnerEcResponse v_inner_ec_response; // Check expectred response if (p_responseCode == ok) { return false; } v_inner_ec_response := valueof( m_innerEcResponse_ko( p_request_hash, p_responseCode ) ); // Secure the response log("f_http_build_error_ec_response: p_inner_ec_response= ", v_inner_ec_response); v_msg := bit2oct(encvalue(m_etsiTs102941Data_inner_ec_response(v_inner_ec_response))); v_nonce := substr(f_hashWithSha256(int2oct((f_getCurrentTimeUtc() * 1000), 16)), 0, 12); // Random value // TODO Consider Sha384: m_signerIdentifier_digest(f_hashedId8FromSha384(p_digest)) if (f_build_pki_secured_response_message(p_private_key, valueof(m_signerIdentifier_digest(f_hashedId8FromSha256(p_digest))),// in SignerIdentifier p_signer_identifier, v_msg, p_aes_sym_key, v_nonce, p_ieee1609dot2_signed_and_encrypted_data ) == false) { log("f_http_build_inner_ec_response: Failed to generate the certificate"); return false; } return true; } // End of function f_http_build_error_ec_response function f_http_build_authorization_request( in Certificate p_ec_certificate, // Enrolment credentials certificate in octetstring p_ec_private_key, Loading Loading @@ -5319,7 +5362,7 @@ module LibItsPki_Functions { mw_enrolmentRequestMessage( mw_encryptedData() ))))); } // End of template mw_http_ec_request_generic } // End of predefined requests function f_await_ec_request_send_response( out InnerEcRequest p_inner_ec_request, Loading @@ -5340,18 +5383,16 @@ module LibItsPki_Functions { [] a_await_ec_http_request_from_iut(mw_http_ec_request_generic, p_request) { var Ieee1609Dot2Data v_decrypted_message; var EtsiTs102941Data v_etsi_ts_102941_data; var Oct16 v_request_hash; var Oct16 v_aes_enc_key; var InnerEcRequest v_inner_ec_request; var template (value) HttpMessage v_response; var Oct16 v_request_hash, v_aes_enc_key; tc_ac.stop; if(f_read_ec_request_from_iut_itss( p_request.request.body.binary_body.ieee1609dot2_data, v_request_hash, v_aes_enc_key, v_decrypted_message, v_etsi_ts_102941_data, p_inner_ec_request)) { p_inner_ec_request )){ var EtsiTs103097Certificate v_ec_certificate; var HashedId8 v_ec_certificate_hashed_id8; var Ieee1609Dot2Data v_response_message; Loading Loading @@ -5391,9 +5432,11 @@ module LibItsPki_Functions { v_response := m_http_response(m_http_response_500_internal_error(v_headers)); } f_http_send(v_headers, v_response); v_result := true; } [] a_await_ec_http_request_from_iut( mw_http_request(), v_wrong_request) { log("f_await_ec_request_send_response: Wrong message received ", v_wrong_request); log(">>>>>> f_await_ec_request_send_response: Wrong message received ", v_wrong_request); log(" ", match(v_wrong_request, mw_http_request())); f_http_send(v_headers, m_http_response(m_http_response_500_internal_error(v_headers))); repeat; Loading @@ -5409,8 +5452,6 @@ module LibItsPki_Functions { function f_await_ec_request_send_no_response( out HttpMessage p_request ) runs on ItsPkiHttp { var boolean v_result := false; log(">>> f_await_ec_request_send_no_response"); tc_ac.start; Loading Loading @@ -5933,10 +5974,9 @@ module LibItsPki_Functions { var octetstring v_tbs_signed; var template (value) Ieee1609Dot2Data v_ieee1609dot2_signed_data; var octetstring v_encoded_inner_ec_response; var octetstring v_symkeyidentifier; var HashedId8 v_recipientId; var octetstring v_encrypted_inner_ec_response; var octetstring v_symkeyidentifier; // Signed the encoded PKI message v_tbs := m_toBeSignedData( m_signedDataPayload( Loading @@ -5950,6 +5990,8 @@ module LibItsPki_Functions { var charstring v_certificate_id; var Oct32 v_hash; fx_readCertificateFromDigest(p_signer_identifier.digest, v_certificate_id); // TODO Add a wrapper function log(">>>>> f_build_pki_secured_response_message: use ", v_certificate_id, " for signing response"); log(">>>>> f_build_pki_secured_response_message: use ", p_private_key, " as private key"); f_getCertificateHash(v_certificate_id, v_hash); v_tbs_signed := f_signWithEcdsaNistp256WithSha256(bit2oct(encvalue(v_tbs)), v_hash, p_private_key); } Loading Loading @@ -6009,22 +6051,22 @@ module LibItsPki_Functions { out EtsiTs102941Data p_etsi_ts_102941_data ) return boolean { var octetstring v_msg; var boolean v_return_code := true; var boolean ret := true; // 1. Calculate the request Hash v_msg := bit2oct(encvalue(p_encrypted_message)); log("f_read_pki_request_message: Encoded request: ", v_msg); log("f_parse_pki_request: Encoded request: ", v_msg); p_request_hash := substr(f_hashWithSha256(v_msg), 0, 16); log("f_read_pki_request_message: p_request_hash= ", p_request_hash); log("f_parse_pki_request: p_request_hash= ", p_request_hash); // 2. Decrypt message log("f_read_pki_request_message: p_private_enc_key= ", p_private_enc_key); log("f_parse_pki_request: p_private_enc_key= ", p_private_enc_key); if (false == f_decrypt(p_private_enc_key, p_encrypted_message, p_salt, p_decrypted_message, p_aes_enc_key)) { log("f_read_pki_request_message: Failed to decrypt message"); log("f_parse_pki_request: Failed to decrypt message"); return false; } log("f_read_pki_request_message: v_ieee1609dot2_signed_data= ", p_decrypted_message); log("f_read_pki_request_message: p_aes_enc_key= ", p_aes_enc_key); log("f_parse_pki_request: v_ieee1609dot2_signed_data= ", p_decrypted_message); log("f_parse_pki_request: p_aes_enc_key= ", p_aes_enc_key); // 3. get TS 102 941 data select(p_decrypted_message){ Loading @@ -6033,19 +6075,21 @@ module LibItsPki_Functions { -, mw_toBeSignedData( mw_signedDataPayload )))) { ) ) ) ) { var bitstring v_msg_bit; v_msg_bit := oct2bit(p_decrypted_message.content.signedData.tbsData.payload.data.content.unsecuredData); if (decvalue(v_msg_bit, p_etsi_ts_102941_data) != 0) { v_return_code := false; ret := false; } } case else { v_return_code := false; ret := false; } } // End of 'select' statement return v_return_code; } return ret; } // End of function f_read_pki_request_message function f_read_ec_request_from_iut_itss( Loading @@ -6061,11 +6105,17 @@ module LibItsPki_Functions { var EtsiTs103097Certificate v_ec_certificate; var HashedId8 v_ec_certificate_hashed_id8; var InnerEcResponse v_inner_ec_response; /* if(false == f_get_canonical_itss_key(v_canonical_key)){ log(">>> f_read_ec_request_from_iut_itss: error getting canonical key"); return false; } */ if( f_read_pki_request_message( p_encrypted_message, vc_eaPrivateEncKey, vc_eaWholeHash/*salt*/, p_request_hash, p_aes_enc_key, p_decrypted_message, p_etsi_ts_102941_data)) { p_etsi_ts_102941_data )) { // decode InnerEcRequest var bitstring v_msg_bit := oct2bit(p_etsi_ts_102941_data.content.enrolmentRequest.content.signedData.tbsData.payload.data.content.unsecuredData); if (decvalue(v_msg_bit, p_inner_ec_request) != 0) { Loading @@ -6076,6 +6126,7 @@ module LibItsPki_Functions { return false; } // End of function f_read_ec_request_from_iut_itss /** * @desc Verify the protocol element of the Pki message. * If p_check_security is set to false, only decryption and decoding of the outer message are verified. Loading Loading @@ -6154,7 +6205,6 @@ module LibItsPki_Functions { // 4. Verifiy signature log("f_verify_pki_request_message: v_ieee1609dot2_signed_data.content.signedData.tbsData= ", v_ieee1609dot2_signed_data.content.signedData.tbsData); v_msg := bit2oct(encvalue(v_ieee1609dot2_signed_data.content.signedData.tbsData)); log("f_verify_pki_request_message: v_msg= ", v_msg); if (not ispresent(p_verification_key)){ var EtsiTs103097Certificate v_cert; var charstring v_cert_id; Loading @@ -6177,6 +6227,7 @@ module LibItsPki_Functions { } } if (ispresent(p_verification_key)){ log("f_verify_pki_request_message: v_msg= ", v_msg); if (false == f_verifyEcdsa(v_msg, int2oct(0, 32), v_ieee1609dot2_signed_data.content.signedData.signature_, valueof(p_verification_key))) { if (p_check_security == true) { return false; Loading
