Loading lib/LibItsPki_Pixits.ttcn +0 −22 Original line number Diff line number Diff line Loading @@ -15,28 +15,6 @@ module LibItsPki_Pixits { */ modulepar boolean PX_INCLUDE_ENCRYPTION_KEYS := true; /** * @desc Indicate which canonical key shall be used (Nist-P256, BP-256 or BP-384) */ modulepar SecurityAlg PX_VE_ALG := e_nist_p256; /** * @desc Indicate which encryption algorithem to be used for Enrolment Credencial */ modulepar SecurityAlg PX_EC_ALG_FOR_EC := e_nist_p256; // TODO Use RCA to determine encryption algorithm? /** * @desc Indicate which encryption algorithem to be used for Authorization Request (AA certificate of the IUT) */ modulepar SecurityAlg PX_EC_ALG_FOR_AT := e_nist_p256; /** * @desc Indicate which encryption algorithem to be used for Authorization Validation Request (EA certificate of the IUT) */ modulepar SecurityAlg PX_EC_ALG_FOR_ATV := e_nist_p256; /** * @desc Indicate which encryption algorithem to be used for EcSignature (EA certificate of the IUT) */ modulepar SecurityAlg PX_EC_ALG_FOR_EC_SIGN := e_nist_p256; modulepar Int16 PX_GENERATED_CERTIFICATE_DURATION := 120; modulepar SubjectAssurance PX_GENERATED_CERTIFICATE_SUBJECT_ASSURENCE_LEVEL := '00'O; Loading lib/LibItsPki_TypesAndValues.ttcn +0 −6 Original line number Diff line number Diff line Loading @@ -34,12 +34,6 @@ module LibItsPki_TypesAndValues { } // End of group constants type enumerated SecurityAlg { e_nist_p256 (0), e_brainpool_p256_r1 (1), e_brainpool_p384_r1 (2) } // End of type SecurityAlg type set of PublicVerificationKey ListOfPublicVerificationKey; group utPrimitives { Loading lib_system/LibItsPki_Functions.ttcn +6 −78 Original line number Diff line number Diff line Loading @@ -503,16 +503,11 @@ module LibItsPki_Functions { in charstring p_certificate_id := "CERT_TS_A_EA", // TODO Use a constant in charstring p_peerCertificateId := "CERT_IUT_A_EA" ) runs on ItsSecurityBaseComponent { // Local variables // Load certificates if(not(f_loadCertificates(PX_IUT_SEC_CONFIG_NAME))) { log("*** INFO: TEST CASE NOW STOPPING ITSELF! ***"); setverdict(inconc); stop; } // f_prepareCertificates(p_certificate_id, vc_aaCertificate, vc_atCertificate); } // End of function f_initialiseSecuredMode() function f_uninitialiseSecuredMode() runs on ItsSecurityBaseComponent { Loading Loading @@ -721,7 +716,7 @@ module LibItsPki_Functions { } function f_generate_key_pair_for_encryption( in SecurityAlg p_algorithm, in SignAlgorithm p_algorithm, out octetstring p_private_key, out octetstring p_public_key_x, out octetstring p_public_key_y, Loading @@ -740,31 +735,6 @@ module LibItsPki_Functions { return true; } function f_signWithEcdsa( in octetstring p_toBeSignedSecuredMessage, in octetstring p_certificateIssuer, in octetstring p_privateKey ) return octetstring { log(">>> f_verifyEcdsa: p_toBeSignedSecuredMessage= ", p_toBeSignedSecuredMessage); log(">>> f_verifyEcdsa: p_certificateIssuer= ", p_certificateIssuer); log(">>> f_verifyEcdsa: p_privateKey= ", p_privateKey); log(">>> f_verifyEcdsa: PX_VE_ALG= ", PX_VE_ALG); if (PX_VE_ALG == e_nist_p256) { return f_signWithEcdsaNistp256WithSha256(p_toBeSignedSecuredMessage, p_certificateIssuer, p_privateKey); } else if (PX_VE_ALG == e_brainpool_p256_r1) { return f_signWithEcdsaBrainpoolp256r1WithSha256(p_toBeSignedSecuredMessage, p_certificateIssuer, p_privateKey); } else if (PX_VE_ALG == e_brainpool_p384_r1) { if (p_certificateIssuer == int2oct(0, 32)) { return f_signWithEcdsaBrainpoolp384r1WithSha384(p_toBeSignedSecuredMessage, int2oct(0, 48), p_privateKey); } else { return f_signWithEcdsaBrainpoolp384r1WithSha384(p_toBeSignedSecuredMessage, p_certificateIssuer, p_privateKey); } } return ''O; } // End of function f_signWithEcdsa function f_http_send( in Headers p_headers, in template (value) HttpMessage p_http_message Loading Loading @@ -2388,7 +2358,7 @@ module LibItsPki_Functions { function f_generate_inner_at_request( in Certificate p_aa_certificate, in SecurityAlg p_enc_algo := PX_EC_ALG_FOR_EC_SIGN, in SignAlgorithm p_enc_algo := PX_EC_ALG_FOR_EC_SIGN, in Oct8 p_aa_hashed_id8, in Certificate p_ea_certificate, in octetstring p_salt, Loading Loading @@ -2734,7 +2704,7 @@ module LibItsPki_Functions { function f_generate_inner_at_request_with_wrong_parameters( in Certificate p_aa_certificate, in SecurityAlg p_enc_algo := PX_EC_ALG_FOR_AT, in SignAlgorithm p_enc_algo := PX_EC_ALG_FOR_AT, in Oct8 p_aa_hashed_id8, in Certificate p_ea_certificate, in octetstring p_salt, Loading Loading @@ -4474,7 +4444,7 @@ module LibItsPki_Functions { in integer p_compressed_mode, in octetstring p_salt, in octetstring p_pki_message, in SecurityAlg p_enc_algorithm, // TODO Use RCA to check encryption alg in SignAlgorithm p_enc_algorithm, // TODO Use RCA to check encryption alg in boolean p_alter_signature := false, out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data, out Oct16 p_aes_sym_key, Loading Loading @@ -4582,7 +4552,6 @@ module LibItsPki_Functions { v_encoded_request := bit2oct(encvalue(v_ieee1609dot2_signed_data)); log("f_build_pki_secured_request_message_signed_with_pop: v_encoded_request= ", v_encoded_request); // Encrypt encode EtsiTs103097Data-Signed data structure if (p_enc_algorithm == e_nist_p256) { v_encrypted_request := f_encryptWithEciesNistp256WithSha256(v_encoded_request, p_public_key_compressed, p_compressed_mode, p_salt, v_public_compressed_ephemeral_key, v_public_compressed_ephemeral_mode, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce); } else if (p_enc_algorithm == e_brainpool_p256_r1) { Loading Loading @@ -4675,7 +4644,7 @@ module LibItsPki_Functions { in integer p_compressed_mode, in octetstring p_salt, in octetstring p_pki_message, in SecurityAlg p_enc_algorithm, in SignAlgorithm p_enc_algorithm, out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data, out Oct16 p_aes_sym_key, out Oct16 p_encrypted_sym_key, Loading Loading @@ -4773,7 +4742,7 @@ module LibItsPki_Functions { in integer p_compressed_mode, in octetstring p_salt, in octetstring p_pki_message, in SecurityAlg p_enc_algorithm, in SignAlgorithm p_enc_algorithm, out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data, out Oct16 p_aes_sym_key, out Oct16 p_encrypted_sym_key, Loading Loading @@ -5299,47 +5268,6 @@ module LibItsPki_Functions { } // End of group inner_ec_xxx group security_function { // TODO To be moved in LibItsSecurity_Function module function f_extract_enc_key( in Certificate p_certificate, out octetstring p_public_enc_key, out integer p_compressed_enc_key_mode ) return boolean { log(">>> f_extract_enc_key: ", p_certificate); if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256)) { if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0)) { p_public_enc_key := p_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0; p_compressed_enc_key_mode := 0; } else if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1)) { p_public_enc_key := p_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1; p_compressed_enc_key_mode := 1; } else { log("f_extract_enc_key: Non canonical certificate: ", p_certificate); return false; } } else if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1)) { if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_0)) { p_public_enc_key := p_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_0; p_compressed_enc_key_mode := 0; } else if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_1)) { p_public_enc_key := p_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_1; p_compressed_enc_key_mode := 0; } else { log("f_extract_enc_key: Non canonical certificate: ", p_certificate); return false; } } else { log("f_extract_enc_key: Invalid certificate: ", p_certificate); return false; } return true; } // End of function f_extract_enc_key } // End of group security_function group altsteps { altstep a_default_pki_http() runs on ItsPkiHttp { Loading Loading
lib/LibItsPki_Pixits.ttcn +0 −22 Original line number Diff line number Diff line Loading @@ -15,28 +15,6 @@ module LibItsPki_Pixits { */ modulepar boolean PX_INCLUDE_ENCRYPTION_KEYS := true; /** * @desc Indicate which canonical key shall be used (Nist-P256, BP-256 or BP-384) */ modulepar SecurityAlg PX_VE_ALG := e_nist_p256; /** * @desc Indicate which encryption algorithem to be used for Enrolment Credencial */ modulepar SecurityAlg PX_EC_ALG_FOR_EC := e_nist_p256; // TODO Use RCA to determine encryption algorithm? /** * @desc Indicate which encryption algorithem to be used for Authorization Request (AA certificate of the IUT) */ modulepar SecurityAlg PX_EC_ALG_FOR_AT := e_nist_p256; /** * @desc Indicate which encryption algorithem to be used for Authorization Validation Request (EA certificate of the IUT) */ modulepar SecurityAlg PX_EC_ALG_FOR_ATV := e_nist_p256; /** * @desc Indicate which encryption algorithem to be used for EcSignature (EA certificate of the IUT) */ modulepar SecurityAlg PX_EC_ALG_FOR_EC_SIGN := e_nist_p256; modulepar Int16 PX_GENERATED_CERTIFICATE_DURATION := 120; modulepar SubjectAssurance PX_GENERATED_CERTIFICATE_SUBJECT_ASSURENCE_LEVEL := '00'O; Loading
lib/LibItsPki_TypesAndValues.ttcn +0 −6 Original line number Diff line number Diff line Loading @@ -34,12 +34,6 @@ module LibItsPki_TypesAndValues { } // End of group constants type enumerated SecurityAlg { e_nist_p256 (0), e_brainpool_p256_r1 (1), e_brainpool_p384_r1 (2) } // End of type SecurityAlg type set of PublicVerificationKey ListOfPublicVerificationKey; group utPrimitives { Loading
lib_system/LibItsPki_Functions.ttcn +6 −78 Original line number Diff line number Diff line Loading @@ -503,16 +503,11 @@ module LibItsPki_Functions { in charstring p_certificate_id := "CERT_TS_A_EA", // TODO Use a constant in charstring p_peerCertificateId := "CERT_IUT_A_EA" ) runs on ItsSecurityBaseComponent { // Local variables // Load certificates if(not(f_loadCertificates(PX_IUT_SEC_CONFIG_NAME))) { log("*** INFO: TEST CASE NOW STOPPING ITSELF! ***"); setverdict(inconc); stop; } // f_prepareCertificates(p_certificate_id, vc_aaCertificate, vc_atCertificate); } // End of function f_initialiseSecuredMode() function f_uninitialiseSecuredMode() runs on ItsSecurityBaseComponent { Loading Loading @@ -721,7 +716,7 @@ module LibItsPki_Functions { } function f_generate_key_pair_for_encryption( in SecurityAlg p_algorithm, in SignAlgorithm p_algorithm, out octetstring p_private_key, out octetstring p_public_key_x, out octetstring p_public_key_y, Loading @@ -740,31 +735,6 @@ module LibItsPki_Functions { return true; } function f_signWithEcdsa( in octetstring p_toBeSignedSecuredMessage, in octetstring p_certificateIssuer, in octetstring p_privateKey ) return octetstring { log(">>> f_verifyEcdsa: p_toBeSignedSecuredMessage= ", p_toBeSignedSecuredMessage); log(">>> f_verifyEcdsa: p_certificateIssuer= ", p_certificateIssuer); log(">>> f_verifyEcdsa: p_privateKey= ", p_privateKey); log(">>> f_verifyEcdsa: PX_VE_ALG= ", PX_VE_ALG); if (PX_VE_ALG == e_nist_p256) { return f_signWithEcdsaNistp256WithSha256(p_toBeSignedSecuredMessage, p_certificateIssuer, p_privateKey); } else if (PX_VE_ALG == e_brainpool_p256_r1) { return f_signWithEcdsaBrainpoolp256r1WithSha256(p_toBeSignedSecuredMessage, p_certificateIssuer, p_privateKey); } else if (PX_VE_ALG == e_brainpool_p384_r1) { if (p_certificateIssuer == int2oct(0, 32)) { return f_signWithEcdsaBrainpoolp384r1WithSha384(p_toBeSignedSecuredMessage, int2oct(0, 48), p_privateKey); } else { return f_signWithEcdsaBrainpoolp384r1WithSha384(p_toBeSignedSecuredMessage, p_certificateIssuer, p_privateKey); } } return ''O; } // End of function f_signWithEcdsa function f_http_send( in Headers p_headers, in template (value) HttpMessage p_http_message Loading Loading @@ -2388,7 +2358,7 @@ module LibItsPki_Functions { function f_generate_inner_at_request( in Certificate p_aa_certificate, in SecurityAlg p_enc_algo := PX_EC_ALG_FOR_EC_SIGN, in SignAlgorithm p_enc_algo := PX_EC_ALG_FOR_EC_SIGN, in Oct8 p_aa_hashed_id8, in Certificate p_ea_certificate, in octetstring p_salt, Loading Loading @@ -2734,7 +2704,7 @@ module LibItsPki_Functions { function f_generate_inner_at_request_with_wrong_parameters( in Certificate p_aa_certificate, in SecurityAlg p_enc_algo := PX_EC_ALG_FOR_AT, in SignAlgorithm p_enc_algo := PX_EC_ALG_FOR_AT, in Oct8 p_aa_hashed_id8, in Certificate p_ea_certificate, in octetstring p_salt, Loading Loading @@ -4474,7 +4444,7 @@ module LibItsPki_Functions { in integer p_compressed_mode, in octetstring p_salt, in octetstring p_pki_message, in SecurityAlg p_enc_algorithm, // TODO Use RCA to check encryption alg in SignAlgorithm p_enc_algorithm, // TODO Use RCA to check encryption alg in boolean p_alter_signature := false, out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data, out Oct16 p_aes_sym_key, Loading Loading @@ -4582,7 +4552,6 @@ module LibItsPki_Functions { v_encoded_request := bit2oct(encvalue(v_ieee1609dot2_signed_data)); log("f_build_pki_secured_request_message_signed_with_pop: v_encoded_request= ", v_encoded_request); // Encrypt encode EtsiTs103097Data-Signed data structure if (p_enc_algorithm == e_nist_p256) { v_encrypted_request := f_encryptWithEciesNistp256WithSha256(v_encoded_request, p_public_key_compressed, p_compressed_mode, p_salt, v_public_compressed_ephemeral_key, v_public_compressed_ephemeral_mode, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce); } else if (p_enc_algorithm == e_brainpool_p256_r1) { Loading Loading @@ -4675,7 +4644,7 @@ module LibItsPki_Functions { in integer p_compressed_mode, in octetstring p_salt, in octetstring p_pki_message, in SecurityAlg p_enc_algorithm, in SignAlgorithm p_enc_algorithm, out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data, out Oct16 p_aes_sym_key, out Oct16 p_encrypted_sym_key, Loading Loading @@ -4773,7 +4742,7 @@ module LibItsPki_Functions { in integer p_compressed_mode, in octetstring p_salt, in octetstring p_pki_message, in SecurityAlg p_enc_algorithm, in SignAlgorithm p_enc_algorithm, out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data, out Oct16 p_aes_sym_key, out Oct16 p_encrypted_sym_key, Loading Loading @@ -5299,47 +5268,6 @@ module LibItsPki_Functions { } // End of group inner_ec_xxx group security_function { // TODO To be moved in LibItsSecurity_Function module function f_extract_enc_key( in Certificate p_certificate, out octetstring p_public_enc_key, out integer p_compressed_enc_key_mode ) return boolean { log(">>> f_extract_enc_key: ", p_certificate); if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256)) { if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0)) { p_public_enc_key := p_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0; p_compressed_enc_key_mode := 0; } else if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1)) { p_public_enc_key := p_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1; p_compressed_enc_key_mode := 1; } else { log("f_extract_enc_key: Non canonical certificate: ", p_certificate); return false; } } else if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1)) { if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_0)) { p_public_enc_key := p_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_0; p_compressed_enc_key_mode := 0; } else if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_1)) { p_public_enc_key := p_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_1; p_compressed_enc_key_mode := 0; } else { log("f_extract_enc_key: Non canonical certificate: ", p_certificate); return false; } } else { log("f_extract_enc_key: Invalid certificate: ", p_certificate); return false; } return true; } // End of function f_extract_enc_key } // End of group security_function group altsteps { altstep a_default_pki_http() runs on ItsPkiHttp { Loading
