Skip to content
GitLab
Commits (10)
Hide whitespace changes
Inline Side-by-side
ItsPki_Pixits.ttcn
View file @ 1ee5c635
...@@ -9,10 +9,13 @@ module ItsPki_Pixits { ...@@ -9,10 +9,13 @@ module ItsPki_Pixits {
modulepar float PX_RE_AUTHORIZATION_DELAY := 2.0; modulepar float PX_RE_AUTHORIZATION_DELAY := 2.0;
modulepar boolean PX_TRIGGER_EC_BEFORE_AT := true; modulepar boolean PX_TRIGGER_EC_BEFORE_AT := true;
modulepar boolean PX_CHECK_INITIAL_STATES := true; modulepar boolean PX_CHECK_INITIAL_STATES := true;
modulepar float PX_CERT_EXPIRATION_DELAY := 10.0; modulepar float PX_CERT_EXPIRATION_DELAY := 10.0;
modulepar float PX_EC_REPETITION_TIMEOUT := 120.0; modulepar float PX_EC_REPETITION_TIMEOUT := 120.0;
modulepar float PX_EC_REPETITION_TIMEOUT_TH2 := 150.0;
} // End of module ItsPki_Pixits } // End of module ItsPki_Pixits
ItsPki_TestCases.ttcn
View file @ 1ee5c635
This source diff could not be displayed because it is too large. You can view the blob instead.
lib/LibItsPki_TypesAndValues.ttcn
View file @ 1ee5c635
...@@ -35,6 +35,8 @@ module LibItsPki_TypesAndValues { ...@@ -35,6 +35,8 @@ module LibItsPki_TypesAndValues {
} // End of group constants } // End of group constants
type set of PublicVerificationKey ListOfPublicVerificationKey; type set of PublicVerificationKey ListOfPublicVerificationKey;
type set of PublicEncryptionKey ListOfPublicEncryptionKey;
type set of Oct32 ListofHmacKey;
group utPrimitives { group utPrimitives {
......
lib_system/LibItsPki_Functions.ttcn
View file @ 1ee5c635
...@@ -562,7 +562,8 @@ module LibItsPki_Functions { ...@@ -562,7 +562,8 @@ module LibItsPki_Functions {
in Oct1 p_enc_algorithm := '00'O, in Oct1 p_enc_algorithm := '00'O,
in octetstring p_private_key := ''O, in octetstring p_private_key := ''O,
in octetstring p_public_key_compressed := ''O, in octetstring p_public_key_compressed := ''O,
in integer p_compressed_mode := 0 in integer p_compressed_mode := 0,
in boolean p_check_result := true
) runs on ItsPkiItss { ) runs on ItsPkiItss {
var TriggerEnrolmentRequest v_ut_trigger_enrolment_request; var TriggerEnrolmentRequest v_ut_trigger_enrolment_request;
var octetstring v_compressed_public_key; var octetstring v_compressed_public_key;
...@@ -576,23 +577,27 @@ module LibItsPki_Functions { ...@@ -576,23 +577,27 @@ module LibItsPki_Functions {
utPort.clear; utPort.clear;
v_ut_trigger_enrolment_request := { p_canonical_id, p_enc_algorithm, p_private_key, v_compressed_public_key }; v_ut_trigger_enrolment_request := { p_canonical_id, p_enc_algorithm, p_private_key, v_compressed_public_key };
utPort.send(UtPkiTrigger: { triggerEnrolmentRequest := v_ut_trigger_enrolment_request }); utPort.send(UtPkiTrigger: { triggerEnrolmentRequest := v_ut_trigger_enrolment_request });
tc_ac.start; tc_ac.start(20.0);
alt { alt {
[] utPort.receive(UtPkiResults: { utPkiTriggerResult := true }) { [] utPort.receive(UtPkiResults: { utPkiTriggerResult := true }) {
tc_ac.stop; tc_ac.stop;
} }
[] utPort.receive(UtPkiResults: { utPkiTriggerResult := false }) { [] utPort.receive(UtPkiResults: { utPkiTriggerResult := false }) {
tc_ac.stop; tc_ac.stop;
log("*** f_sendUtTriggerEnrolmentRequestPrimitive: ERROR: Received unexpected message ***"); log("*** f_sendUtTriggerEnrolmentRequestPrimitive: ERROR: Unsuccessful trugger result received in UT port. Stop ***");
f_selfOrClientSyncAndVerdict("error", e_error); f_selfOrClientSyncAndVerdict("error", e_error);
} }
[] utPort.receive { [] utPort.receive {
log("*** f_sendUtTriggerEnrolmentRequestPrimitive: INFO: Some message received in UT Port ***"); log("*** f_sendUtTriggerEnrolmentRequestPrimitive: INFO: Unexpected message received in UT Port. Keep waiting. ***");
repeat; repeat;
} }
[] tc_ac.timeout { [] tc_ac.timeout {
log("*** f_sendAcPkiPrimitive: ERROR: Timeout while waiting for adapter control event result ***"); if(p_check_result){
f_selfOrClientSyncAndVerdict("error", e_timeout); log("*** f_sendAcPkiPrimitive: ERROR: Timeout while waiting for adapter control event result ***");
f_selfOrClientSyncAndVerdict("error", e_timeout);
}else{
log("*** f_sendAcPkiPrimitive: INFO: Timeout while waiting for adapter control event result. Assume OK. ***");
}
} }
} // End of 'alt' statement } // End of 'alt' statement
} // End of function f_sendUtTriggerEnrolmentRequestPrimitive } // End of function f_sendUtTriggerEnrolmentRequestPrimitive
...@@ -626,6 +631,7 @@ module LibItsPki_Functions { ...@@ -626,6 +631,7 @@ module LibItsPki_Functions {
f_selfOrClientSyncAndVerdict("error", e_error); f_selfOrClientSyncAndVerdict("error", e_error);
} }
[] utPort.receive(UtPkiTriggerInd:?) { [] utPort.receive(UtPkiTriggerInd:?) {
log("*** f_sendUtTriggerAuthorizationRequestPrimitive: INFO: Received UtPkiTriggerInd message ***");
repeat; repeat;
} }
[] tc_ac.timeout { [] tc_ac.timeout {
...@@ -771,7 +777,7 @@ module LibItsPki_Functions { ...@@ -771,7 +777,7 @@ module LibItsPki_Functions {
} }
return false; return false;
} }
function f_generate_key_pair( function f_generate_key_pair(
out octetstring p_private_key, out octetstring p_private_key,
out octetstring p_public_key_x, out octetstring p_public_key_x,
...@@ -820,9 +826,10 @@ module LibItsPki_Functions { ...@@ -820,9 +826,10 @@ module LibItsPki_Functions {
} }
return true; return true;
} } // End of function f_generate_key_pair_for_encryption
function f_http_restart (
in charstring p_content_text function f_http_restart(
in charstring p_content_text
) runs on ItsPkiHttp { ) runs on ItsPkiHttp {
if (not(PICS_MULTIPLE_END_POINT)) { if (not(PICS_MULTIPLE_END_POINT)) {
log("f_http_restart: restart httpPort"); log("f_http_restart: restart httpPort");
...@@ -841,7 +848,7 @@ module LibItsPki_Functions { ...@@ -841,7 +848,7 @@ module LibItsPki_Functions {
} }
} }
} }
} } // End of function f_http_restart
function f_http_send( function f_http_send(
in Headers p_headers, in Headers p_headers,
...@@ -2297,7 +2304,9 @@ module LibItsPki_Functions { ...@@ -2297,7 +2304,9 @@ module LibItsPki_Functions {
m_toBeSignedCertificate_ec( m_toBeSignedCertificate_ec(
v_certificate_id, v_certificate_id,
p_inner_ec_request.requestedSubjectAttributes.appPermissions, p_inner_ec_request.requestedSubjectAttributes.appPermissions,
m_verificationKeyIndicator_verificationKey(p_inner_ec_request.publicKeys.verificationKey), m_verificationKeyIndicator_verificationKey(
p_inner_ec_request.publicKeys.verificationKey
),
v_valPeriod, v_valPeriod,
p_inner_ec_request.requestedSubjectAttributes.region, p_inner_ec_request.requestedSubjectAttributes.region,
p_inner_ec_request.requestedSubjectAttributes.assuranceLevel, p_inner_ec_request.requestedSubjectAttributes.assuranceLevel,
...@@ -3782,7 +3791,7 @@ module LibItsPki_Functions { ...@@ -3782,7 +3791,7 @@ module LibItsPki_Functions {
), ),
m_validityPeriod( m_validityPeriod(
f_getCurrentTime() / 1000, f_getCurrentTime() / 1000,
m_duration_in_hours(PX_GENERATED_CERTIFICATE_DURATION) m_duration_in_hours(PX_GENERATED_CERTIFICATE_DURATION - 1)
), ),
m_geographicRegion_identifiedRegion( m_geographicRegion_identifiedRegion(
{ {
...@@ -5347,17 +5356,19 @@ module LibItsPki_Functions { ...@@ -5347,17 +5356,19 @@ module LibItsPki_Functions {
} // End of function f_await_http_inner_ec_request_response } // End of function f_await_http_inner_ec_request_response
group PredefinedRequests { group PredefinedRequests {
template (present) HttpMessage mw_http_ec_request_generic :=
mw_http_request( template (present) HttpMessage mw_http_ec_request_generic (
mw_http_request_post( template (present) Ieee1609Dot2Data p_ieee1609dot2_data := mw_enrolmentRequestMessage(mw_encryptedData())
PICS_HTTP_POST_URI_EC, ) :=
-, mw_http_request(
mw_http_message_body_binary( mw_http_request_post(
mw_binary_body_ieee1609dot2_data( PICS_HTTP_POST_URI_EC,
mw_enrolmentRequestMessage( -,
mw_encryptedData() mw_http_message_body_binary(
))))); mw_binary_body_ieee1609dot2_data( p_ieee1609dot2_data)
}
)));
} // End of predefined requests
function f_await_ec_request_send_response( function f_await_ec_request_send_response(
out InnerEcRequest p_inner_ec_request, out InnerEcRequest p_inner_ec_request,
...@@ -5445,18 +5456,16 @@ module LibItsPki_Functions { ...@@ -5445,18 +5456,16 @@ module LibItsPki_Functions {
} // End of function f_await_ec_request_send_response } // End of function f_await_ec_request_send_response
function f_await_ec_request_send_no_response( function f_await_ec_request_send_no_response(
out HttpMessage p_request out HttpMessage p_request
) runs on ItsPkiHttp { ) runs on ItsPkiHttp {
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
log(">>> f_await_ec_request_send_no_response"); log(">>> f_await_ec_request_send_no_response");
tc_ac.start; tc_ac.start;
alt { alt {
[] a_await_ec_http_request_from_iut(mw_http_ec_request_generic, p_request) { [] a_await_ec_http_request_from_iut(mw_http_ec_request_generic, p_request) {
tc_ac.stop; tc_ac.stop;
log("f_await_ec_request_send_no_response: Restart HTT connection ***");
f_http_restart("inner_ec_request"); f_http_restart("inner_ec_request");
log("f_await_ec_request_send_no_response: Failed to verify PKI message ***");
} }
[] tc_ac.timeout { [] tc_ac.timeout {
log("f_await_ec_request_send_no_response: Expected message not received ***"); log("f_await_ec_request_send_no_response: Expected message not received ***");
...@@ -5987,6 +5996,8 @@ module LibItsPki_Functions { ...@@ -5987,6 +5996,8 @@ module LibItsPki_Functions {
var charstring v_certificate_id; var charstring v_certificate_id;
var Oct32 v_hash; var Oct32 v_hash;
fx_readCertificateFromDigest(p_signer_identifier.digest, v_certificate_id); // TODO Add a wrapper function fx_readCertificateFromDigest(p_signer_identifier.digest, v_certificate_id); // TODO Add a wrapper function
log(">>>>> f_build_pki_secured_response_message: use ", v_certificate_id, " for signing response");
log(">>>>> f_build_pki_secured_response_message: use ", p_private_key, " as private key");
f_getCertificateHash(v_certificate_id, v_hash); f_getCertificateHash(v_certificate_id, v_hash);
v_tbs_signed := f_signWithEcdsaNistp256WithSha256(bit2oct(encvalue(v_tbs)), v_hash, p_private_key); v_tbs_signed := f_signWithEcdsaNistp256WithSha256(bit2oct(encvalue(v_tbs)), v_hash, p_private_key);
} }
...@@ -6230,69 +6241,7 @@ module LibItsPki_Functions { ...@@ -6230,69 +6241,7 @@ module LibItsPki_Functions {
} }
} }
/* // 5. Return the PKI message
if (p_issuer == ''O) { // self
log("f_verify_pki_request_message: Issuer is self, check outer signature using IUT public key (PICS_ITS_S_SIGN_xxx_PUBLIC_KEY)");
var PublicVerificationKey v_verification_key;
log("f_verify_pki_request_message: PX_VE_ALG=", PX_VE_ALG);
if (PX_VE_ALG == e_nist_p256) {
if (PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY[0] == '00'O) {
v_verification_key.ecdsaNistP256.x_only := substr(PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY, 1, 32);
}else if (PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY[0] == '02'O) {
v_verification_key.ecdsaNistP256.compressed_y_0 := substr(PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY, 1, 32);
}else if (PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY[0] == '03'O) {
v_verification_key.ecdsaNistP256.compressed_y_1 := substr(PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY, 1, 32);
} else {
v_verification_key.ecdsaNistP256.uncompressedP256.x := substr(PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY, 1, 32);
v_verification_key.ecdsaNistP256.uncompressedP256.y := substr(PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY, 33, 32);
}
} else if (PX_VE_ALG == e_sm2_p256) { // FIXME FSCOM
} else if (PX_VE_ALG == e_brainpool_p256_r1) {
if (PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY[0] == '00'O) {
v_verification_key.ecdsaBrainpoolP256r1.x_only := substr(PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY, 1, 32);
}else if (PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY[0] == '02'O) {
v_verification_key.ecdsaBrainpoolP256r1.compressed_y_0 := substr(PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY, 1, 32);
} else if (PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY[0] == '03'O) {
v_verification_key.ecdsaBrainpoolP256r1.compressed_y_1 := substr(PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY, 1, 32);
} else if (PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY[0] == '04'O) {
v_verification_key.ecdsaBrainpoolP256r1.uncompressedP256.x := substr(PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY, 1, 32);
v_verification_key.ecdsaBrainpoolP256r1.uncompressedP256.y := substr(PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY, 33, 32);
}
} else if (PX_VE_ALG == e_brainpool_p384_r1) {
if (PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY[0] == '00'O) {
v_verification_key.ecdsaBrainpoolP384r1.x_only := substr(PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY, 1, 48);
}else if (PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY[0] == '02'O) {
v_verification_key.ecdsaBrainpoolP384r1.compressed_y_0 := substr(PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY, 1, 48);
}else if (PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY[0] == '02'O) {
v_verification_key.ecdsaBrainpoolP384r1.compressed_y_1 := substr(PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY, 1, 48);
}else if (PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY[0] == '04'O) {
v_verification_key.ecdsaBrainpoolP384r1.uncompressedP384.x := substr(PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY, 1, 48);
v_verification_key.ecdsaBrainpoolP384r1.uncompressedP384.y := substr(PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY, 49, 48);
}
}
log("f_verify_pki_request_message: v_verification_key=", v_verification_key);
if (f_verifyEcdsa(v_msg, int2oct(0, 32), v_ieee1609dot2_signed_data.content.signedData.signature_, v_verification_key) == false) {
if (p_check_security == true) {
return false;
}
}
//return false;
} else {
if (f_getCertificateFromDigest(f_hashedId8FromSha256(p_issuer), v_certificate, v_certificate_id) == false) {
if (p_check_security == true) {
return false;
}
}
log("f_verify_pki_request_message: v_certificate= ", v_certificate);
if (f_verifyEcdsa(v_msg, p_issuer, v_ieee1609dot2_signed_data.content.signedData.signature_, v_certificate.toBeSigned.verifyKeyIndicator.verificationKey) == false) {
if (p_check_security == true) {
return false;
}
}
}
*/
// 4. Return the PKI message
log("f_verify_pki_request_message: v_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData= ", v_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData); log("f_verify_pki_request_message: v_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData= ", v_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData);
v_msg_bit := oct2bit(v_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData); v_msg_bit := oct2bit(v_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData);
if (decvalue(v_msg_bit, p_etsi_ts_102941_data) != 0) { if (decvalue(v_msg_bit, p_etsi_ts_102941_data) != 0) {
......