LibItsPki_Functions.ttcn 16.7 KB
Newer Older
Yann Garcia's avatar
Yann Garcia committed
/**
 *  @author   ETSI / STF544
 *  @version  $URL$
 *            $Id$
 *  @desc     Module containing functions for ITS PKI ATS
 *  @copyright   ETSI Copyright Notification
 *               No part may be reproduced except as authorized by written permission.
 *               The copyright and the foregoing restriction extend to reproduction in all media.
 *               All rights reserved.
 *
 */
module LibItsPki_Functions {
    
  // LibCommon
  import from LibCommon_Time all;
  import from LibCommon_VerdictControl all;
  import from LibCommon_Sync all;
  import from LibCommon_BasicTypesAndValues all;
  import from LibCommon_DataStrings all;
  
  // LibIts
  import from IEEE1609dot2BaseTypes language "ASN.1:1997" all;
  import from IEEE1609dot2 language "ASN.1:1997" all;
  import from EtsiTs102941BaseTypes language "ASN.1:1997" all;
  import from EtsiTs102941TypesEnrolment language "ASN.1:1997" all;
  import from EtsiTs102941MessagesItss language "ASN.1:1997" all;
  import from EtsiTs103097Module language "ASN.1:1997" all;
  import from ITS_Container language "ASN.1:1997" all;
  import from CAM_PDU_Descriptions language "ASN.1:1997" all;
  
  // LibItsCommon
  import from LibItsCommon_TestSystem all;
  import from LibItsCommon_Functions all;
  import from LibItsCommon_ASN1_NamedNumbers all;
  import from LibItsCommon_Pixits all;
    
  // LibItsSecurity
  import from LibItsSecurity_TypesAndValues all;
  import from LibItsSecurity_Templates all;
  import from LibItsSecurity_Functions all;
  import from LibItsSecurity_Pixits all;
    
  // LibItsHttp
  import from LibItsHttp_TypesAndValues all;
  import from LibItsHttp_TestSystem all;
    
  // LibItsPki
  import from LibItsPki_Templates all;
  import from LibItsPki_TestSystem all;
    
  group pkiConfigurationFunctions { 
     
    /**
     * @desc    Setups default configuration   
     * @param   p_certificateId The certificate identifier the TA shall use in case of secured IUT
     */
    function f_cfUp(
                    in charstring p_certificateId := "CERT_TS_A_EA" // TODO Use a constant
                   ) runs on ItsPki /* TITAN TODO: system ItsPkiSystem */ {
            
      map(self:pkiPort, system:pkiPort);
      f_connect4SelfOrClientSync();
      
      if( not f_loadCertificates(PX_IUT_SEC_CONFIG_NAME) ) {
        log("*** INFO: TEST CASE NOW STOPPING ITSELF! ***");
        stop;
      }
      
      f_prepareCertificates(p_certificateId, vc_aaCertificate, vc_atCertificate);
      f_readCertificate(p_certificateId, vc_eaCertificate);
    } // End of function f_cfUp
    
    /**
     * @desc    Setups default configuration   
     * @param   p_certificateId The certificate identifier the TA shall use in case of secured IUT
     */
    function f_cfHttpUp(
                        in charstring p_certificateId  := "CERT_TS_A_EA" // TODO Use a constant
                       ) runs on ItsPkiHttp /* TITAN TODO: system ItsPkiHttpSystem */ {
      
      map(self:httpPort, system:httpPort);
      f_connect4SelfOrClientSync();
      
      if( not f_loadCertificates(PX_IUT_SEC_CONFIG_NAME) ) {
        log("*** INFO: TEST CASE NOW STOPPING ITSELF! ***");
        stop;
      }
      
      f_prepareCertificates(p_certificateId, vc_aaCertificate, vc_atCertificate);
      f_readCertificate(p_certificateId, vc_eaCertificate);
    } // End of function f_cfHttpUp
        
    /**
     * @desc    Deletes default configuration 
     */
    function f_cfDown() runs on ItsPki /* TITAN TODO: system ItsPkiSystem */ {
      unmap(self:pkiPort, system:pkiPort);
      f_disconnect4SelfOrClientSync();
    } // End of function f_cfDown
    
    /**
     * @desc    Deletes default configuration 
     */
    function f_cfHttpDown() runs on ItsPkiHttp /* TITAN TODO: system ItsPkiHttpSystem */ {
      unmap(self:httpPort, system:httpPort);
      f_disconnect4SelfOrClientSync();
    } // End of function f_cfHttpDown
    
    /**
     * @desc Initialise secure mode if required
     */
    function f_initialiseSecuredMode() runs on ItsPki {
      // Local variables
      
      // Load certificates
      if( not f_loadCertificates(PX_IUT_SEC_CONFIG_NAME) ) {
        log("*** INFO: TEST CASE NOW STOPPING ITSELF! ***");
        stop;
      }
      
    } // End of function f_initialiseSecuredMode()
        
    function f_uninitialiseSecuredMode() runs on ItsPki {
      f_unloadCertificates();
    } // End of function f_uninitialiseSecuredMode()
        
  } // End of pkiConfigurationFunctions
  
  group inner_ec_xxx {
    
    function f_generate_innerEcRequestSignedForPop(
                                                   out Oct32 p_private_key,
                                                   out Oct32 p_publicKeyX,
                                                   out Oct32 p_publicKeyY,
                                                   out Oct32 p_publicKeyCompressed,
                                                   out integer p_compressedMode,
                                                   out InnerEcRequest p_inner_ec_request
    ) return boolean {
      // Local variables
      var template (value) EccP256CurvePoint v_eccP256_curve_point;
      
      // Generate keys for the certificate to be requested
      if (f_generate_key_pair_nistp256(p_private_key, p_publicKeyX, p_publicKeyY, p_publicKeyCompressed, p_compressedMode) == false) {
        return false;
      }
      log("p_private_key = ", p_private_key);
      log("p_public_key X= ", p_publicKeyX);
      log("p_public_key Y= ", p_publicKeyY);
      log("p_public_key compressed= ", p_publicKeyCompressed, p_compressedMode);
      if (p_compressedMode == 0) {
        v_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_0(p_publicKeyCompressed);
      } else {
        v_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_1(p_publicKeyCompressed);
      }
      // Build the Proof of Possession InnerEcRequestSignedForPop
      p_inner_ec_request := valueof(
                                    m_innerEcRequest(
                                                    "CanonicalItsId",
                                                     m_publicKeys(
                                                                  m_publicVerificationKey_ecdsaNistP256(v_eccP256_curve_point),
                                                                  m_encryptionKey(
                                                                                  -,
                                                                                  m_publicEncryptionKey_ecdsaNistP256(v_eccP256_curve_point)
                                                                                 )
                                                                  ),
                                                     m_certificateSubjectAttributes(
                                                                                    { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
                                                                                      valueof(m_appPermissions(36, { bitmapSsp := '830001'O })), 
                                                                                      valueof(m_appPermissions(37, { bitmapSsp := '830001'O })) 
                                                                                    },
                                                                                    m_validityPeriod(
                                                                                                             17469212,
                                                                                                             m_duration_years(10)
                                                                                                            ),
                                                                                    m_geographicRegion_identifiedRegion(
                                                                                                                                {
                                                                                                                                  m_identifiedRegion_country_only(12), 
                                                                                                                                  m_identifiedRegion_country_only(34)
                                                                                                                                }
                                                                                                                               ),
                                                                                    'C0'O
                                                                                   )
                                            )
                                   );
      
      return true;
    } // End of function f_generate_innerEcRequestSignedForPop
    
    function f_buildPkiSecuredinnerEcRequestSignedForPop(
                                                         in Oct32 p_private_key,
                                                         in Oct32 p_publicKeyCompressed,
                                                         in integer p_compressedMode,
                                                         in InnerEcRequest p_inner_ec_request, 
                                                         out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data
    ) return boolean {
      // Local variables
      var template (value) EccP256CurvePoint v_eccP256_curve_point;
      var octetstring v_encoded_inner_ec_request;
      var template (value) ToBeSignedData v_tbs;
      var Oct32 v_tbs_signed;
      var template (value) Ieee1609Dot2Data v_ieee1609dot2_signed_data;
      var Oct12 v_nonce;
      var Oct16 v_authentication_vector;
      var Oct16 v_encrypted_sym_key;
      var Oct32 v_publicEphemeralKeyCompressed;
      var integer v_ephemeralKeyModeCompressed;
      var HashedId8 v_recipientId;
      var octetstring v_encrypted_inner_ec_request;
      
      // Encode it
      v_encoded_inner_ec_request := bit2oct(encvalue(p_inner_ec_request));
      // Signed the encoded InnerEcRequestSignedForPop
      v_tbs := m_toBeSignedData(
                                m_signedDataPayload(
                                                    m_etsiTs103097Data_unsecured(v_encoded_inner_ec_request)
                                                   ),
                                m_headerInfo_inner_ec_request(12345, f_getCurrentTime()) // TODO Use PIXIT
                               );
      // Signed the encoded InnerEcRequestSignedForPop
      v_tbs_signed := fx_signWithEcdsaNistp256WithSha256(bit2oct(encvalue(v_tbs)), int2oct(0, 32), p_private_key); // TODO Use wrapping function
      // Finalyse signed InnerEcRequestSignedForPop
      v_ieee1609dot2_signed_data := m_etsiTs103097Data_signed(
                                                              m_signedData(
                                                                           sha256,
                                                                           v_tbs,
                                                                           m_signerIdentifier_self,
                                                                           m_signature_ecdsaNistP256(
                                                                                                     m_ecdsaP256Signature(
                                                                                                                          m_eccP256CurvePoint_x_only(
                                                                                                                                                     substr(v_tbs_signed, 0, 32)
                                                                                                                                                     ),
                                                                                                                          substr(v_tbs_signed, 32, 32)
                                                                                                                          )
                                                                                                     )
                                                                           )
                                                      );
      // Encode InnerEcRequestSignedForPop
      v_encoded_inner_ec_request := bit2oct(encvalue(v_ieee1609dot2_signed_data));
      // Encrypt the encoded signed InnerEcRequestSignedForPop
      v_encrypted_inner_ec_request := f_encryptWithEciesNistp256WithSha256(v_encoded_inner_ec_request, p_publicKeyCompressed, p_compressedMode, v_publicEphemeralKeyCompressed, v_ephemeralKeyModeCompressed, v_encrypted_sym_key, v_authentication_vector, v_nonce);
      v_recipientId := f_HashedId8FromSha256(f_hashWithSha256(v_encrypted_inner_ec_request)); // IEEE Std 1609.2a-2017 Clause 6.3.34 PKRecipientInfo
      // Fill Certificate template with the public compressed keys (canonical form)
      if (v_ephemeralKeyModeCompressed == 0) {
        v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_0(v_publicEphemeralKeyCompressed));
      } else {
        v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_1(v_publicEphemeralKeyCompressed));
      }
      p_ieee1609dot2_signed_and_encrypted_data := valueof(
                                                          m_etsiTs103097Data_encrypted(
                                                                                       m_encryptedData(
                                                                                                       {
                                                                                                        m_recipientInfo_signedDataRecipInfo(
                                                                                                                                            m_pKRecipientInfo(
                                                                                                                                                              v_recipientId,
                                                                                                                                                              m_encryptedDataEncryptionKey_eciesNistP256(
                                                                                                                                                                                                      m_evciesP256EncryptedKey(
                                                                                                                                                                                                                               v_eccP256_curve_point,
                                                                                                                                                                                                                               v_encrypted_sym_key, 
                                                                                                                                                                                                                               v_authentication_vector
                                                                                                        ))))
                                                                                                       },
                                                                                                       m_SymmetricCiphertext_aes128ccm(
                                                                                                                                       m_aesCcmCiphertext(
                                                                                                                                                          v_nonce, 
                                                                                                                                                          v_encrypted_inner_ec_request
                                                                                                                                                         )
                                                                                                                                      )
                                                                                                      )
                                                                                       )
                                                         );
      
      return true;
    } // End of function f_buildPkiSecuredinnerEcRequestSignedForPop
    
  } // End of group inner_ec_xxx
  
} // End of module LibItsPki_Functions