Skip to content
GitLab
Commits (10)
Hide whitespace changes
Inline Side-by-side
ItsPki_Pixits.ttcn
View file @ 1ee5c635
......@@ -9,10 +9,13 @@ module ItsPki_Pixits {
modulepar float PX_RE_AUTHORIZATION_DELAY := 2.0;
modulepar boolean PX_TRIGGER_EC_BEFORE_AT := true;
modulepar boolean PX_CHECK_INITIAL_STATES := true;
modulepar float PX_CERT_EXPIRATION_DELAY := 10.0;
modulepar float PX_EC_REPETITION_TIMEOUT := 120.0;
modulepar float PX_EC_REPETITION_TIMEOUT_TH2 := 150.0;
} // End of module ItsPki_Pixits
ItsPki_TestCases.ttcn
View file @ 1ee5c635
This source diff could not be displayed because it is too large. You can view the blob instead.
lib/LibItsPki_TypesAndValues.ttcn
View file @ 1ee5c635
......@@ -35,6 +35,8 @@ module LibItsPki_TypesAndValues {
} // End of group constants
type set of PublicVerificationKey ListOfPublicVerificationKey;
type set of PublicEncryptionKey ListOfPublicEncryptionKey;
type set of Oct32 ListofHmacKey;
group utPrimitives {
......
lib_system/LibItsPki_Functions.ttcn
View file @ 1ee5c635
......@@ -562,7 +562,8 @@ module LibItsPki_Functions {
in Oct1 p_enc_algorithm := '00'O,
in octetstring p_private_key := ''O,
in octetstring p_public_key_compressed := ''O,
in integer p_compressed_mode := 0
in integer p_compressed_mode := 0,
in boolean p_check_result := true
) runs on ItsPkiItss {
var TriggerEnrolmentRequest v_ut_trigger_enrolment_request;
var octetstring v_compressed_public_key;
......@@ -576,23 +577,27 @@ module LibItsPki_Functions {
utPort.clear;
v_ut_trigger_enrolment_request := { p_canonical_id, p_enc_algorithm, p_private_key, v_compressed_public_key };
utPort.send(UtPkiTrigger: { triggerEnrolmentRequest := v_ut_trigger_enrolment_request });
tc_ac.start;
tc_ac.start(20.0);
alt {
[] utPort.receive(UtPkiResults: { utPkiTriggerResult := true }) {
tc_ac.stop;
}
[] utPort.receive(UtPkiResults: { utPkiTriggerResult := false }) {
tc_ac.stop;
log("*** f_sendUtTriggerEnrolmentRequestPrimitive: ERROR: Received unexpected message ***");
log("*** f_sendUtTriggerEnrolmentRequestPrimitive: ERROR: Unsuccessful trugger result received in UT port. Stop ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
[] utPort.receive {
log("*** f_sendUtTriggerEnrolmentRequestPrimitive: INFO: Some message received in UT Port ***");
log("*** f_sendUtTriggerEnrolmentRequestPrimitive: INFO: Unexpected message received in UT Port. Keep waiting. ***");
repeat;
}
[] tc_ac.timeout {
log("*** f_sendAcPkiPrimitive: ERROR: Timeout while waiting for adapter control event result ***");
f_selfOrClientSyncAndVerdict("error", e_timeout);
if(p_check_result){
log("*** f_sendAcPkiPrimitive: ERROR: Timeout while waiting for adapter control event result ***");
f_selfOrClientSyncAndVerdict("error", e_timeout);
}else{
log("*** f_sendAcPkiPrimitive: INFO: Timeout while waiting for adapter control event result. Assume OK. ***");
}
}
} // End of 'alt' statement
} // End of function f_sendUtTriggerEnrolmentRequestPrimitive
......@@ -626,6 +631,7 @@ module LibItsPki_Functions {
f_selfOrClientSyncAndVerdict("error", e_error);
}
[] utPort.receive(UtPkiTriggerInd:?) {
log("*** f_sendUtTriggerAuthorizationRequestPrimitive: INFO: Received UtPkiTriggerInd message ***");
repeat;
}
[] tc_ac.timeout {
......@@ -771,7 +777,7 @@ module LibItsPki_Functions {
}
return false;
}
function f_generate_key_pair(
out octetstring p_private_key,
out octetstring p_public_key_x,
......@@ -820,9 +826,10 @@ module LibItsPki_Functions {
}
return true;
}
function f_http_restart (
in charstring p_content_text
} // End of function f_generate_key_pair_for_encryption
function f_http_restart(
in charstring p_content_text
) runs on ItsPkiHttp {
if (not(PICS_MULTIPLE_END_POINT)) {
log("f_http_restart: restart httpPort");
......@@ -841,7 +848,7 @@ module LibItsPki_Functions {
}
}
}
}
} // End of function f_http_restart
function f_http_send(
in Headers p_headers,
......@@ -2297,7 +2304,9 @@ module LibItsPki_Functions {
m_toBeSignedCertificate_ec(
v_certificate_id,
p_inner_ec_request.requestedSubjectAttributes.appPermissions,
m_verificationKeyIndicator_verificationKey(p_inner_ec_request.publicKeys.verificationKey),
m_verificationKeyIndicator_verificationKey(
p_inner_ec_request.publicKeys.verificationKey
),
v_valPeriod,
p_inner_ec_request.requestedSubjectAttributes.region,
p_inner_ec_request.requestedSubjectAttributes.assuranceLevel,
......@@ -3782,7 +3791,7 @@ module LibItsPki_Functions {
),
m_validityPeriod(
f_getCurrentTime() / 1000,
m_duration_in_hours(PX_GENERATED_CERTIFICATE_DURATION)
m_duration_in_hours(PX_GENERATED_CERTIFICATE_DURATION - 1)
),
m_geographicRegion_identifiedRegion(
{
......@@ -5347,17 +5356,19 @@ module LibItsPki_Functions {
} // End of function f_await_http_inner_ec_request_response
group PredefinedRequests {
template (present) HttpMessage mw_http_ec_request_generic :=
mw_http_request(
mw_http_request_post(
PICS_HTTP_POST_URI_EC,
-,
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentRequestMessage(
mw_encryptedData()
)))));
}
template (present) HttpMessage mw_http_ec_request_generic (
template (present) Ieee1609Dot2Data p_ieee1609dot2_data := mw_enrolmentRequestMessage(mw_encryptedData())
) :=
mw_http_request(
mw_http_request_post(
PICS_HTTP_POST_URI_EC,
-,
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data( p_ieee1609dot2_data)
)));
} // End of predefined requests
function f_await_ec_request_send_response(
out InnerEcRequest p_inner_ec_request,
......@@ -5445,18 +5456,16 @@ module LibItsPki_Functions {
} // End of function f_await_ec_request_send_response
function f_await_ec_request_send_no_response(
out HttpMessage p_request
) runs on ItsPkiHttp {
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
out HttpMessage p_request
) runs on ItsPkiHttp {
log(">>> f_await_ec_request_send_no_response");
tc_ac.start;
alt {
[] a_await_ec_http_request_from_iut(mw_http_ec_request_generic, p_request) {
tc_ac.stop;
log("f_await_ec_request_send_no_response: Restart HTT connection ***");
f_http_restart("inner_ec_request");
log("f_await_ec_request_send_no_response: Failed to verify PKI message ***");
}
[] tc_ac.timeout {
log("f_await_ec_request_send_no_response: Expected message not received ***");
......@@ -5987,6 +5996,8 @@ module LibItsPki_Functions {
var charstring v_certificate_id;
var Oct32 v_hash;
fx_readCertificateFromDigest(p_signer_identifier.digest, v_certificate_id); // TODO Add a wrapper function
log(">>>>> f_build_pki_secured_response_message: use ", v_certificate_id, " for signing response");
log(">>>>> f_build_pki_secured_response_message: use ", p_private_key, " as private key");
f_getCertificateHash(v_certificate_id, v_hash);
v_tbs_signed := f_signWithEcdsaNistp256WithSha256(bit2oct(encvalue(v_tbs)), v_hash, p_private_key);
}
......@@ -6230,69 +6241,7 @@ module LibItsPki_Functions {
}
}
/*
if (p_issuer == ''O) { // self
log("f_verify_pki_request_message: Issuer is self, check outer signature using IUT public key (PICS_ITS_S_SIGN_xxx_PUBLIC_KEY)");
var PublicVerificationKey v_verification_key;
log("f_verify_pki_request_message: PX_VE_ALG=", PX_VE_ALG);
if (PX_VE_ALG == e_nist_p256) {
if (PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY[0] == '00'O) {
v_verification_key.ecdsaNistP256.x_only := substr(PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY, 1, 32);
}else if (PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY[0] == '02'O) {
v_verification_key.ecdsaNistP256.compressed_y_0 := substr(PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY, 1, 32);
}else if (PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY[0] == '03'O) {
v_verification_key.ecdsaNistP256.compressed_y_1 := substr(PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY, 1, 32);
} else {
v_verification_key.ecdsaNistP256.uncompressedP256.x := substr(PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY, 1, 32);
v_verification_key.ecdsaNistP256.uncompressedP256.y := substr(PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY, 33, 32);
}
} else if (PX_VE_ALG == e_sm2_p256) { // FIXME FSCOM
} else if (PX_VE_ALG == e_brainpool_p256_r1) {
if (PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY[0] == '00'O) {
v_verification_key.ecdsaBrainpoolP256r1.x_only := substr(PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY, 1, 32);
}else if (PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY[0] == '02'O) {
v_verification_key.ecdsaBrainpoolP256r1.compressed_y_0 := substr(PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY, 1, 32);
} else if (PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY[0] == '03'O) {
v_verification_key.ecdsaBrainpoolP256r1.compressed_y_1 := substr(PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY, 1, 32);
} else if (PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY[0] == '04'O) {
v_verification_key.ecdsaBrainpoolP256r1.uncompressedP256.x := substr(PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY, 1, 32);
v_verification_key.ecdsaBrainpoolP256r1.uncompressedP256.y := substr(PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY, 33, 32);
}
} else if (PX_VE_ALG == e_brainpool_p384_r1) {
if (PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY[0] == '00'O) {
v_verification_key.ecdsaBrainpoolP384r1.x_only := substr(PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY, 1, 48);
}else if (PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY[0] == '02'O) {
v_verification_key.ecdsaBrainpoolP384r1.compressed_y_0 := substr(PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY, 1, 48);
}else if (PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY[0] == '02'O) {
v_verification_key.ecdsaBrainpoolP384r1.compressed_y_1 := substr(PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY, 1, 48);
}else if (PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY[0] == '04'O) {
v_verification_key.ecdsaBrainpoolP384r1.uncompressedP384.x := substr(PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY, 1, 48);
v_verification_key.ecdsaBrainpoolP384r1.uncompressedP384.y := substr(PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY, 49, 48);
}
}
log("f_verify_pki_request_message: v_verification_key=", v_verification_key);
if (f_verifyEcdsa(v_msg, int2oct(0, 32), v_ieee1609dot2_signed_data.content.signedData.signature_, v_verification_key) == false) {
if (p_check_security == true) {
return false;
}
}
//return false;
} else {
if (f_getCertificateFromDigest(f_hashedId8FromSha256(p_issuer), v_certificate, v_certificate_id) == false) {
if (p_check_security == true) {
return false;
}
}
log("f_verify_pki_request_message: v_certificate= ", v_certificate);
if (f_verifyEcdsa(v_msg, p_issuer, v_ieee1609dot2_signed_data.content.signedData.signature_, v_certificate.toBeSigned.verifyKeyIndicator.verificationKey) == false) {
if (p_check_security == true) {
return false;
}
}
}
*/
// 4. Return the PKI message
// 5. Return the PKI message
log("f_verify_pki_request_message: v_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData= ", v_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData);
v_msg_bit := oct2bit(v_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData);
if (decvalue(v_msg_bit, p_etsi_ts_102941_data) != 0) {
......