Add support of BFK as defined in P1609.2.1/D7, January 2022 Clause 9.3.4.1.1 General (f6566fcb) · Commits · ITS - Intelligent Transport Systems / ttcn / PKI TS 103 525-3

ItsPki_TestCases.ttcn

+217 −7

Original line number	Diff line number	Diff line
		/**
		* @Author ETSI / STF545
		* @Author ETSI / STF545 / TTF T025
		* @version $Url$
		* $Id$
		* @desc Testcases file for Security Protocol
		@@ -11179,6 +11179,9 @@ module ItsPki_TestCases {
		var octetstring v_caterpillar_private_key;
		var octetstring v_caterpillar_public_key_compressed;
		var integer v_caterpillar_compressed_mode;
		var octetstring v_caterpillar_enc_private_key;
		var octetstring v_caterpillar_enc_public_key_compressed;
		var integer v_caterpillar_enc_compressed_mode;
		var EeRaCertRequest v_ee_ra_cert_request;
		var octetstring v_private_key;
		var Oct32 v_request_hash;
		@@ -11193,6 +11196,10 @@ module ItsPki_TestCases {
		var HttpMessage v_response;
		var EtsiTs102941Data v_etsi_ts_102941_data;

		LibItsPki_Functions.f_initialiseSecuredMode("CERT_TS_A_EA", "CERT_TS_A_AA");
		f_http_build_butterfly_authorization_request_message(v_caterpillar_private_key, v_caterpillar_public_key_compressed, v_caterpillar_compressed_mode, v_caterpillar_enc_private_key, v_caterpillar_enc_public_key_compressed, v_caterpillar_enc_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash, v_ee_ra_cert_request);
		stop;

		// Test control
		if (not PICS_IUT_EA_ROLE) {
		log("* " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC *");
		@@ -11206,7 +11213,7 @@ module ItsPki_TestCases {
		// Test adapter configuration

		// Preamble
		f_http_build_butterfly_authorization_request_message(v_caterpillar_private_key, v_caterpillar_public_key_compressed, v_caterpillar_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash, v_ee_ra_cert_request);
		f_http_build_butterfly_authorization_request_message(v_caterpillar_private_key, v_caterpillar_public_key_compressed, v_caterpillar_compressed_mode, v_caterpillar_enc_private_key, v_caterpillar_enc_public_key_compressed, v_caterpillar_enc_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash, v_ee_ra_cert_request);
		v_aes_sym_key_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to match the response
		f_init_default_headers_list(-, "bfk_auth_request", v_headers);
		f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
		@@ -11295,6 +11302,9 @@ module ItsPki_TestCases {
		var octetstring v_caterpillar_private_key;
		var octetstring v_caterpillar_public_key_compressed;
		var integer v_caterpillar_compressed_mode;
		var octetstring v_caterpillar_enc_private_key;
		var octetstring v_caterpillar_enc_public_key_compressed;
		var integer v_caterpillar_enc_compressed_mode;
		var EeRaCertRequest v_ee_ra_cert_request;
		var octetstring v_private_key;
		var Oct32 v_request_hash;
		@@ -11322,7 +11332,7 @@ module ItsPki_TestCases {
		// Test adapter configuration

		// Preamble
		f_http_build_butterfly_authorization_request_message(v_caterpillar_private_key, v_caterpillar_public_key_compressed, v_caterpillar_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash, v_ee_ra_cert_request);
		f_http_build_butterfly_authorization_request_message(v_caterpillar_private_key, v_caterpillar_public_key_compressed, v_caterpillar_compressed_mode, v_caterpillar_enc_private_key, v_caterpillar_enc_public_key_compressed, v_caterpillar_enc_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash, v_ee_ra_cert_request);
		v_aes_sym_key_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to match the response
		f_init_default_headers_list(-, "bfk_auth_request", v_headers);
		f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
		@@ -11383,7 +11393,7 @@ module ItsPki_TestCases {

		group bfk_cert_request {

		group bfk_cert_request_helpers {
		group bfk_auth_request_helpers {

		function f_trigger_butterfly_authorization_request(
		out HashedId8 p_aes_sym_key_hashed_id8,
		@@ -11393,6 +11403,9 @@ module ItsPki_TestCases {
		var octetstring v_caterpillar_private_key;
		var octetstring v_caterpillar_public_key_compressed;
		var integer v_caterpillar_compressed_mode;
		var octetstring v_caterpillar_enc_private_key;
		var octetstring v_caterpillar_enc_public_key_compressed;
		var integer v_caterpillar_enc_compressed_mode;
		var octetstring v_private_key;
		var Oct32 v_request_hash;
		var Oct16 v_encrypted_sym_key;
		@@ -11405,7 +11418,7 @@ module ItsPki_TestCases {
		var HttpMessage v_response;
		var EtsiTs102941Data v_etsi_ts_102941_data;

		f_http_build_butterfly_authorization_request_message(v_caterpillar_private_key, v_caterpillar_public_key_compressed, v_caterpillar_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash, p_ee_ra_cert_request);
		f_http_build_butterfly_authorization_request_message(v_caterpillar_private_key, v_caterpillar_public_key_compressed, v_caterpillar_compressed_mode, v_caterpillar_enc_private_key, v_caterpillar_enc_public_key_compressed, v_caterpillar_enc_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash, p_ee_ra_cert_request);
		p_aes_sym_key_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to match the response
		f_init_default_headers_list(-, "bfk_auth_request", v_headers);
		f_http_send(
		@@ -11477,7 +11490,7 @@ module ItsPki_TestCases {
		log("<<< f_verify_http_butterfly_cert_request_message_from_aa: p_result: ", p_result);
		} // End of function f_verify_http_butterfly_cert_request_message_from_aa

		} // End of group bfk_cert_request_helpers
		} // End of group bfk_auth_request_helpers

		/**
		* @desc Check that the EA sends butterfly certificate request message after receiving of the butterfly authorization request
		@@ -15106,6 +15119,203 @@ module ItsPki_TestCases {

		} // End of group authorization_validation_response

		group ca_certificates_request {

		} // End of group ca_certificates_request

		group authorization_with_bfk {

		group bfk_cert_request_helpers {

		function f_trigger_butterfly_cert_request(
		out HashedId8 p_aes_sym_key_hashed_id8,
		out RaAcaCertRequest p_ra_aca_cert_request
		) runs on ItsPkiHttp {
		// Local variables
		var octetstring v_caterpillar_private_key
		var octetstring v_caterpillar_public_key_compressed;
		var integer v_caterpillar_compressed_mode;
		var octetstring v_caterpillar_enc_private_key
		var octetstring v_caterpillar_enc_public_key_compressed;
		var integer v_caterpillar_enc_compressed_mode;
		var EeRaCertRequest v_ee_ra_cert_request;
		var octetstring v_private_key;
		var Oct16 v_encrypted_sym_key;
		var Oct16 v_aes_sym_key;
		var Oct16 v_authentication_vector;
		var Oct12 v_nonce;
		var Oct32 v_request_hash;
		var octetstring v_salt;
		var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
		var Headers v_headers;
		var HttpMessage v_response;
		var EtsiTs102941Data v_etsi_ts_102941_data;


		// Generate EeRaCertRequest
		if (f_generate_ee_ra_cert_request(v_caterpillar_private_key, v_caterpillar_public_key_compressed, v_caterpillar_compressed_mode, v_caterpillar_enc_private_key, v_caterpillar_enc_public_key_compressed, v_caterpillar_enc_compressed_mode, v_ee_ra_cert_request) == false) {
		log("* f_trigger_butterfly_cert_request: ERROR: Failed to generate InnerEcRequest *");
		f_selfOrClientSyncAndVerdict("error", e_error);
		}
		log ("f_trigger_butterfly_cert_request: p_ee_ra_cert_request: ", v_ee_ra_cert_request);
		// Buikd theHTTP request
		f_http_build_butterfly_cert_request(v_ee_ra_cert_request, vc_eaPrivateKey, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, p_ra_aca_cert_request, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
		p_aes_sym_key_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to match the response
		f_init_default_headers_list(-, "bfk_cert_request", v_headers);
		f_http_send(
		v_headers,
		m_http_request(
		m_http_request_post(
		PICS_HTTP_POST_URI_BFK_AA,
		v_headers,
		m_http_message_body_binary(
		m_binary_body_ieee1609dot2_data(
		v_ieee1609dot2_signed_and_encrypted_data
		)))));
		} // End of function f_trigger_butterfly_cert_request

		function f_verify_http_butterfly_cert_request_message_to_ea(
		in Request p_request,
		in Headers p_headers,
		out integer p_result,
		out AcaRaCertResponse p_aca_ra_cert_response
		) runs on ItsPkiHttp {

		// Local variables
		var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
		var EtsiTs102941Data v_etsi_ts_102941_data;
		var template (value) HttpMessage v_response;
		var Oct16 v_request_hash;
		var Oct16 v_aes_enc_key;

		log(">>> f_verify_http_butterfly_cert_request_message_to_ea: ", p_request);

		p_result := 0;

		if (f_verify_pki_request_message(vc_aaPrivateEncKey, vc_aaWholeHash/salt/, ''O, p_request.body.binary_body.ieee1609dot2_data, true, v_request_hash, v_etsi_ts_102941_data, v_aes_enc_key) == false) { // Cannot decrypt the message
		// Send error message
		v_response := m_http_response(m_http_response_ko_no_body(p_headers, 400, "Bad request")); // Initialize v_reponse with an error message
		// Set verdict
		p_result := -1;
		} else {
		var UInt64 v_current_time := f_getCurrentTimeUtc();
		var UInt64 v_delta_time := 30;

		log("f_verify_http_butterfly_cert_request_message_to_ea: match ", match(v_etsi_ts_102941_data, mw_etsiTs102941Data_ra_aca_cert_request(mw_ra_aca_cert_request))); // TODO In TITAN, this is the only way to get the unmatching in log
		if (match(v_etsi_ts_102941_data, mw_etsiTs102941Data_ra_aca_cert_request(mw_ra_aca_cert_request((v_current_time - v_delta_time .. v_current_time + v_delta_time), explicit, '00000000'B/butterflyExplicit/, mw_bfk_to_be_signed_certificate))) == false) {
		// Send error message
		v_response := m_http_response(m_http_response_ko_no_body(p_headers, 400, "Bad request")); // Initialize v_reponse with an error message
		// Set verdict
		p_result := -2;
		} else {
		// TODO Add checked ???
		}
		}

		log("<<< f_verify_http_butterfly_cert_request_message_to_ea: p_result: ", p_result);
		} // End of function f_verify_http_butterfly_cert_request_message_to_ea

		} // End of group bfk_cert_request_helpers

		/**
		* @desc Check that the AA sends the butterfly certificate response message after receiving of the butterfly certificate request
		* Check that this message is encrypted using the same symmetric encryption key as the butterfly certificate request message
		* <pre>
		* Pics Selection: PICS_IUT_AA_ROLE
		* Initial conditions:
		* with {
		* the EA in "operational" state
		* authorized with CERT_AA certificate
		* }
		* Expected behaviour:
		* ensure that {
		* when {
		* the IUT received the ButterflyCertificateRequestMessage
		* containing content.encryptedData.recipients
		* containing the instance of RecipientInfo
		* containing certRecipInfo
		* containing recipientId
		* indicating HashedId8 of the CERT_AA
		* and containing encKey
		* containing encrypted symmetric encryption key (ENC_KEY)
		* }
		* then {
		* the IUT sends to the EA a EtsiTs103097Data-Encrypted
		* containing content.encryptedData.recipients
		* indicating size 1
		* and containing the instance of RecipientInfo
		* containing pskRecipInfo
		* indicating HashedId8 of the ENC_KEY
		* }
		* }
		* </pre>
		*
		* @see ETSI TS 103 525-2 v1.2.2 SECPKI_AA_AUTHVAL_01_BV
		* @reference ETSI TS 102 941, clause 6.2.3.3.2
		*/
		testcase TC_SECPKI_AA_BFK_AUTH_01_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
		// Local variables
		var HashedId8 v_aes_sym_key_hashed_id8;
		var Headers v_headers;
		var HttpMessage v_request;
		var integer v_result;
		var RaAcaCertRequest v_ra_aca_cert_request;
		var AcaRaCertResponse v_aca_ra_cert_response;

		// Test control
		if (not PICS_IUT_AA_ROLE) {
		log("* " & testcasename() & ": PICS_IUT_AA_ROLE required for executing the TC *");
		setverdict(inconc);
		stop;
		}

		// Test component configuration
		f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);

		// Test adapter configuration

		// Preamble
		f_trigger_butterfly_cert_request(v_aes_sym_key_hashed_id8, v_ra_aca_cert_request);
		f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);

		// Test Body
		tc_ac.start;
		alt {
		[] httpAtVPort.receive(
		mw_http_request(
		mw_http_request_post(
		-, // URI
		v_headers, // Headers
		mw_http_message_body_binary(
		mw_binary_body_ieee1609dot2_data(
		mw_butterfly_cert_response(
		mw_encryptedData
		)))))) -> value v_request {
		tc_ac.stop;

		f_verify_http_butterfly_cert_request_message_to_ea(v_request.request, v_headers, v_result, v_aca_ra_cert_response);
		// Set verdict
		if (v_result == 0) {
		log("* " & testcasename() & ": PASS: ButterflyCertResponsetMessage received *");
		f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
		} else {
		log("* " & testcasename() & ": FAIL: Failed to verify ButterflyCertResponsetMessage *");
		f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
		}
		}
		[] tc_ac.timeout {
		log("* " & testcasename() & ": INCONC: Expected message not received *");
		f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
		}
		} // End of 'alt' statement

		// Postamble
		f_cfHttpDown();

		} // End of testcase TC_SECPKI_AA_BFK_AUTH_01_BV

		} // End of group authorization_with_bfk

		} // End of group aa_beavior

		group ca_behavior {

lib/LibItsPki_Pics.ttcn

+6 −1

Original line number	Diff line number	Diff line
		@@ -145,7 +145,7 @@ module LibItsPki_Pics {
		/**
		* @desc HTTP POST URI for BFK Authorization request
		*/
		modulepar charstring PICS_HTTP_POST_URI_BFK_EC := "/enrolment";
		modulepar charstring PICS_HTTP_POST_URI_BFK_EC := "/auth_request";

		/**
		* @desc HTTP POST URI for InnerATRequest
		@@ -157,6 +157,11 @@ module LibItsPki_Pics {
		*/
		modulepar charstring PICS_HTTP_POST_URI_ATV := "/authorize_validate";

		/**
		* @desc HTTP POST URI for certificate request
		*/
		modulepar charstring PICS_HTTP_POST_URI_BFK_AA := "/cert_request";

		/**
		* @desc HTTP GET URI for Certificate Trusted List
		*/

lib/LibItsPki_Templates.ttcn

+56 −0

Original line number	Diff line number	Diff line
		@@ -753,6 +753,62 @@ module LibItsPki_Templates {
		additionalParams:= p_additionalParams
		} // End of template mw_butterfly_authorization_request

		template (value) AdditionalParams m_additional_params_original(
		in template (value) ButterflyParamsOriginal p_original
		) := {
		original := p_original
		} // End of template m_additional_params_original

		template (present) AdditionalParams mw_additional_params_original(
		template (present) ButterflyParamsOriginal p_original := ?
		) := {
		original := p_original
		} // End of template mw_additional_params_original

		template (value) AdditionalParams m_additional_params_unified(
		in template (value) ButterflyExpansion p_unified
		) := {
		unified := p_unified
		} // End of template m_additional_params_unified

		template (present) AdditionalParams mw_additional_params_unified(
		template (present) ButterflyExpansion p_unified := ?
		) := {
		unified := p_unified
		} // End of template mw_additional_params_unified

		template (value) ButterflyParamsOriginal m_butterfly_params_original(
		in template (value) ButterflyExpansion p_signingExpansion,
		in template (value) PublicEncryptionKey p_encryptionKey,
		in template (value) ButterflyExpansion p_encryptionExpansion
		):= {
		signingExpansion := p_signingExpansion,
		encryptionKey := p_encryptionKey,
		encryptionExpansion := p_encryptionExpansion
		} // End of template m_butterfly_params_original

		template (present) ButterflyParamsOriginal mw_butterfly_params_original(
		template (present) ButterflyExpansion p_signingExpansion := ?,
		template (present) PublicEncryptionKey p_encryptionKey := ?,
		template (present) ButterflyExpansion p_encryptionExpansion := ?
		):= {
		signingExpansion := p_signingExpansion,
		encryptionKey := p_encryptionKey,
		encryptionExpansion := p_encryptionExpansion
		} // End of template mw_butterfly_params_original

		template (value) ButterflyExpansion m_butterfly_expansion_aes128(
		in Oct16 p_aes128
		) := {
		aes128 := p_aes128
		} // End of template m_butterfly_expansion_aes128

		template (present) ButterflyExpansion mw_butterfly_expansion_aes128(
		template (present) Oct16 p_aes128 := ?
		) := {
		aes128 := p_aes128
		} // End of template mw_butterfly_expansion_aes128

		template (omit) ToBeSignedCertificate m_bfk_to_be_signed_certificate(
		in template (value) CertificateId p_id,
		in template (value) SequenceOfPsidSsp p_appPermissions,

lib_system/LibItsPki_Functions.ttcn

+179 −9

File changed.

Preview size limit exceeded, changes collapsed.