Loading ttcn/Pki/LibItsPki_Functions.ttcn +109 −18 Original line number Diff line number Diff line Loading @@ -55,6 +55,7 @@ module LibItsPki_Functions { import from LibItsPki_TypesAndValues all; import from LibItsPki_Templates all; import from LibItsPki_Pics all; import from LibItsPki_Pixits all; import from LibItsPki_TestSystem all; group pkiConfigurationFunctions { Loading Loading @@ -85,19 +86,23 @@ module LibItsPki_Functions { * @param p_certificateId The certificate identifier the TA shall use in case of secured IUT */ function f_cfHttpUp( in charstring p_certificateId := "CERT_TS_A_EA", // TODO Use a constant in charstring p_ea_certificate_id := "CERT_TS_A_EA", // TODO Use a constant in charstring p_ec_certificate_id := "CERT_TS_A_EC", in charstring p_peerCertificateId := "CERT_IUT_A_EA" ) runs on ItsPkiHttp /* TITAN TODO: system ItsPkiHttpSystem */ { map(self:httpPort, system:httpPort); f_connect4SelfOrClientSync(); f_initialiseSecuredMode(p_certificateId, p_peerCertificateId); f_initialiseSecuredMode(p_ea_certificate_id, p_peerCertificateId); f_readCertificate(p_certificateId, vc_eaCertificate); f_readSigningKey(p_certificateId, vc_eaPrivateKey); f_readEncryptingKey(p_certificateId, vc_eaPrivateEncKey); f_getCertificateDigest(p_certificateId, vc_eaHashedId8); f_readCertificate(p_ea_certificate_id, vc_eaCertificate); f_readSigningKey(p_ea_certificate_id, vc_eaPrivateKey); f_readCertificate(p_ec_certificate_id, vc_ecCertificate); f_readSigningKey(p_ec_certificate_id, vc_ecPrivateKey); f_readEncryptingKey(p_ea_certificate_id, vc_eaPrivateEncKey); f_getCertificateDigest(p_ea_certificate_id, vc_eaHashedId8); f_getCertificateDigest(p_ec_certificate_id, vc_ecHashedId8); f_readCertificate(p_peerCertificateId, vc_peerEaCertificate); f_getCertificateHash(p_peerCertificateId, vc_eaPeerWholeHash); Loading Loading @@ -291,6 +296,9 @@ module LibItsPki_Functions { var InnerEcRequest v_inner_ec_request; var Ieee1609Dot2Data v_inner_ec_request_signed_for_pop; var bitstring v_inner_ec_request_signed_for_pop_msg; var octetstring v_public_enc_key; var integer v_compressed_enc_key_mode; var boolean v_ret_code; if (f_generate_inner_ec_request(p_private_key, p_publicKeyCompressed, p_compressedMode, v_inner_ec_request) == false) { log("*** f_http_build_inner_ec_request: ERROR: Failed to generate InnerEcRequest ***"); Loading @@ -305,7 +313,20 @@ module LibItsPki_Functions { v_inner_ec_request_signed_for_pop_msg := encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop)); // Prepare for getting the 16 most bytes of SHA256 of InnerEcRequestSignedForPop p_hash_inner_ec_request_signed_for_pop := f_hashWithSha256(bit2oct(v_inner_ec_request_signed_for_pop_msg)); if (f_build_pki_secured_message(vc_eaPrivateKey, valueof(m_signerIdentifier_self), vc_eaHashedId8, p_publicKeyCompressed, p_compressedMode, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data) == false) { // Secure the Pki message if (f_extract_enc_key(vc_eaCertificate, v_public_enc_key, v_compressed_enc_key_mode) == false) { log("*** f_http_build_inner_ec_request: ERROR: Non canonical EA certificate ***"); f_selfOrClientSyncAndVerdict("error", e_error); } log("*** f_http_build_inner_ec_request: Public encryption key: ", v_public_enc_key); log("*** f_http_build_inner_ec_request: Public encryption key comp: ", v_compressed_enc_key_mode); log("*** f_http_build_inner_ec_request: First enrolment: ", PX_FIRST_ENROLMENT); if (PX_FIRST_ENROLMENT == true) { // This is the first enrolment, we used Factory keys v_ret_code := f_build_pki_secured_message(PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY, valueof(m_signerIdentifier_self), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data); } else { // We use last valid EC certificate v_ret_code := f_build_pki_secured_message(vc_ecPrivateKey, valueof(m_signerIdentifier_digest(vc_ecHashedId8)), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data); } if (v_ret_code == false) { log("*** f_http_build_inner_ec_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); f_selfOrClientSyncAndVerdict("error", e_error); } Loading @@ -323,6 +344,9 @@ module LibItsPki_Functions { ) runs on ItsPkiHttp { var InnerEcRequest v_inner_ec_request; var Ieee1609Dot2Data v_inner_ec_request_signed_for_pop; var octetstring v_public_enc_key; var integer v_compressed_enc_key_mode; var boolean v_ret_code; if (f_generate_inner_ec_request(p_private_key, p_publicKeyCompressed, p_compressedMode, v_inner_ec_request) == false) { log("*** f_http_build_invalid_enrolment_request: ERROR: Failed to generate InnerEcRequest ***"); Loading @@ -336,7 +360,19 @@ module LibItsPki_Functions { // Secure InnerEcRequestSignedForPoP message // Get 16 last byte of SHA256 of InnerEcRequestSignedForPop p_hash_inner_ec_request_signed_for_pop := f_hashWithSha256(int2oct(12345, 32)); // Invalid InnseEcRequestSignedForPop if (f_build_pki_secured_message(vc_eaPrivateKey, valueof(m_signerIdentifier_self), vc_eaHashedId8, p_publicKeyCompressed, p_compressedMode, bit2oct(encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop))), p_ieee1609dot2_signed_and_encrypted_data) == false) { // Secure the Pki message if (f_extract_enc_key(vc_eaCertificate, v_public_enc_key, v_compressed_enc_key_mode) == false) { log("*** f_http_build_inner_ec_request: ERROR: Non canonical EA certificate ***"); f_selfOrClientSyncAndVerdict("error", e_error); } log("*** f_http_build_inner_ec_request: Public encryption key: ", v_public_enc_key); log("*** f_http_build_inner_ec_request: Public encryption key comp: ", v_compressed_enc_key_mode); if (PX_FIRST_ENROLMENT == true) { // This is the first enrolment, we used Factory keys v_ret_code := f_build_pki_secured_message(PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY, valueof(m_signerIdentifier_self), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, bit2oct(encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop))), p_ieee1609dot2_signed_and_encrypted_data); } else { // We use last valid EC certificate v_ret_code := f_build_pki_secured_message(vc_ecPrivateKey, valueof(m_signerIdentifier_digest(vc_ecHashedId8)), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, bit2oct(encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop))), p_ieee1609dot2_signed_and_encrypted_data); } if (v_ret_code == false) { log("*** f_http_build_invalid_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); f_selfOrClientSyncAndVerdict("error", e_error); } Loading @@ -363,16 +399,32 @@ module LibItsPki_Functions { // Local variables var AuthorizationValidationRequest v_authorization_validation_request; var bitstring v_authorization_validation_request_msg; var octetstring v_public_enc_key; var integer v_compressed_enc_key_mode; if (f_generate_authorization_validation_request(vc_eaCertificate, vc_eaHashedId8, p_private_key, p_publicKeyCompressed, p_compressedMode, v_authorization_validation_request) == false) { log("*** f_http_build_authorization_validation_request: ERROR: Failed to generate AuthorizationValidationRequest ***"); f_selfOrClientSyncAndVerdict("error", e_error); } if (f_build_pki_secured_message(vc_eaPrivateKey, valueof(m_signerIdentifier_self), vc_eaHashedId8, p_publicKeyCompressed, p_compressedMode, bit2oct(encvalue(m_etsiTs102941Data_authorization_validation_request(v_authorization_validation_request))), p_ieee1609dot2_signed_and_encrypted_data) == false) { log("*** f_http_build_authorization_validation_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); // Secure the Pki message if (f_extract_enc_key(vc_eaCertificate, v_public_enc_key, v_compressed_enc_key_mode) == false) { log("*** f_http_build_inner_ec_request: ERROR: Non canonical EA certificate ***"); f_selfOrClientSyncAndVerdict("error", e_error); } log("*** f_http_build_authorization_validation_request: Public encryption key: ", v_public_enc_key); log("*** f_http_build_authorization_validation_request: Public encryption key comp: ", v_compressed_enc_key_mode); /** TODO: Load certificate according to the IUT role ==> a complete fucntion which set up the TestSustem certificate,keyy... according to the IUT role **/ log("*** f_http_build_inner_ec_request: ERROR: Need to add TestSystem variable vc_aa ***"); f_selfOrClientSyncAndVerdict("error", e_error); /* if (f_build_pki_secured_message(vc_aaPrivateKey, valueof(m_signerIdentifier_digest(vc_aaHashedId8)), vc_eaHashedId8/\*recipientId*\/, v_public_enc_key, v_compressed_enc_key_mode, bit2oct(encvalue(m_etsiTs102941Data_authorization_validation_request(v_authorization_validation_request))), p_ieee1609dot2_signed_and_encrypted_data) == false) { */ /* log("*** f_http_build_authorization_validation_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); */ /* f_selfOrClientSyncAndVerdict("error", e_error); */ /* } */ log("*** f_http_build_authorization_validation_request: DEBUG: p_ieee1609dot2_signed_and_encrypted_data = ", p_ieee1609dot2_signed_and_encrypted_data); } // End of function f_http_build_authorization_validation_request Loading Loading @@ -1128,6 +1180,45 @@ module LibItsPki_Functions { } // End of group inner_ec_xxx group security_function { // TODO To be moved in LibItsSecurity_Function module function f_extract_enc_key( in Certificate p_certificate, out octetstring p_public_enc_key, out integer p_compressed_enc_key_mode ) return boolean { if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256)) { if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0)) { p_public_enc_key := p_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0; p_compressed_enc_key_mode := 0; } else if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1)) { p_public_enc_key := p_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1; p_compressed_enc_key_mode := 1; } else { log("f_extract_enc_key: Non canonical EA certificate"); return false; } } else if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1)) { if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_0)) { p_public_enc_key := p_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_0; p_compressed_enc_key_mode := 0; } else if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_1)) { p_public_enc_key := p_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_1; p_compressed_enc_key_mode := 0; } else { log("f_extract_enc_key: Non canonical EA certificate"); return false; } } else { log("f_extract_enc_key: Invalid EA certificate"); return false; } return true; } // End of function f_extract_enc_key } // End of group security_function group altstes { altstep a_default_pki() runs on ItsPki { Loading ttcn/Pki/LibItsPki_Pics.ttcn +61 −1 Original line number Diff line number Diff line Loading @@ -50,9 +50,69 @@ module LibItsPki_Pics { */ modulepar charstring PICS_HTTP_GET_URI := "/its/inner_ec_request"; /** * @desc Factory private key for verification Nist P256 */ modulepar octetstring PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY := '5C25F97607DFC62972A147FAD8B7A7C939569F0F95ECD4C641724A68B51836E5'O; /** * @desc Factory compressed public key for verification Nist P256 */ modulepar octetstring PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY := '020144E5174B0AFDA86BDB8B643B68D40030F5BDB9A9F090C64852CC3C20C9D5AD'O; /** * @desc Factory private key for encryption Nist P256 */ modulepar octetstring PICS_ITS_S_ENC_NITSP256_PRIVATE_KEY := 'EDEBEADCAA9514CD4B30256126FB7DF958B911C6EB58CCF702983C3DCD3DECBD'O; /** * @desc Factory compressed public key for encryption Nist P256 */ modulepar octetstring PICS_ITS_S_ENC_NISTP256_PUBLIC_KEY := '023A4ADDCDD5EE66DAB2116B0C3AB47CCEDAE92CD9ACE98A84B10EB63A9DCA798C'O; /** * @desc Factory private key for encryption Brainpool P256 r1 */ modulepar octetstring PICS_ITS_S_ENC_BRAINPOOLP256r1_PRIVATE_KEY := '9F155D40B6C920BA45D8027093C8ADADAF3AA6F9F71F0CC0F8279FF0146A8A48'O; /** * @desc Factory compressed public key for encryption Brainpool P256 r1 */ modulepar octetstring PICS_ITS_S_ENC_BRAINPOOLP256r1_PUBLIC_KEY := '038602F468BD334EA4D2BA416295E204D58BD1F42C85FB9BE57237C74544F6A69A'O; /** * @desc Factory private key for verification Brainpool P256 r1 */ modulepar octetstring PICS_ITS_S_SIGN_BRAINPOOLP256r1_PRIVATE_KEY := '6D585B716D06F75EC2B8A8ADEBFCE6ED35B0640C2AFBFF25FE48FC81A6732D4F'O; /** * @desc Factory compressed public key for verification Brainpool P256 r1 */ modulepar octetstring PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY := '02A92BA3B770B040B8D958D5BD2CC9B537212D6963F50EA3E4784FEFA5D0454C12'O; /** * @desc Factory private key for encryption Brainpool P384 r1 */ modulepar octetstring PICS_ITS_S_ENC_BRAINPOOLP384r1_PRIVATE_KEY := '6B4B4392511B252C904801466F5DA0A7F28E038E6656800CBB0CDCB3D32F862CA4D59CBDC1A19E98E9191582AF1DB3D7'O; /** * @desc Factory compressed public key for encryption Brainpool P384 r1 */ modulepar octetstring PICS_ITS_S_ENC_BRAINPOOLP384r1_PUBLIC_KEY := '027BB3104998F30B86B0C7C6CC9BFAECA7F7E99E8CE575D07B550028CCB15E1C95581B9B8520D40A35256021DDA63B785C'O; /** * @desc Factory private key for verification Brainpool P384 r1 */ modulepar octetstring PICS_ITS_S_SIGN_BRAINPOOLP384r1_PRIVATE_KEY := '3CD977195A579787C84D5900F4CB6341E0C3D2750B140C5380E6F03CE3FBA0022F7541DEABDCED4790D313ED8F56ACA8'O; /** * @desc Factory compressed public key for verification Brainpool P384 r1 */ modulepar octetstring PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY := '0243FF5C96984C2C3F5FD5C5F6551C90F5FAEE1E5E8301763E4AF1E9D627F3474E554B82EE98EC4B49808DFF61B35F8313'O; /** * @desc Canonical ITSS-S identifier */ modulepar charstring PICS_ITS_S_CANONICAL_ID := "CanonicalItsId"; modulepar charstring PICS_ITS_S_CANONICAL_ID := "1B4CA1210123AE900BBE6C3EBAE7E87DA20DBDAB1E7B2EC0691C51C1021900AA"; } // End of module LibItsPki_Pics ttcn/Pki/LibItsPki_Pixits.ttcn +1 −0 Original line number Diff line number Diff line module LibItsPki_Pixits { modulepar boolean PX_FIRST_ENROLMENT := true; } // End of module LibItsPki_Pixits ttcn/Pki/LibItsPki_TestSystem.ttcn +9 −6 Original line number Diff line number Diff line Loading @@ -46,7 +46,7 @@ module LibItsPki_TestSystem { /** * @desc Adapter control port */ type port AdapterControlPort message { type port AdapterControlPkiPort message { out AcPkiPrimitive; in AcPkiResponse; } // End of AdapterControlPort Loading @@ -54,7 +54,7 @@ module LibItsPki_TestSystem { /** * @desc Upper Tester port */ type port UpperTesterPort message { type port UpperTesterPkiPort message { out UtPkiInitialize, UtPkiTrigger; in UtPkiResults; } // End of UpperTesterPort Loading @@ -72,7 +72,7 @@ module LibItsPki_TestSystem { group componentDefinitions { type component ItsPkiSystem { port AdapterControlPort acPort; port AdapterControlPkiPort acPort; port PkiPort pkiPort; } // End of component ItsPkiSystem Loading @@ -80,14 +80,14 @@ module LibItsPki_TestSystem { } // End of component ItsPkiHttpSystem type component ItsPkiItssSystem extends ItsPkiSystem { port UpperTesterPort utPort; port UpperTesterPkiPort utPort; port GeoNetworkingPort geoNetworkingPort; } // End of component ItsPkiItssSystem } // End of group componentDefinitions type component ItsPki extends ItsSecurityBaseComponent, ItsBaseMtc { port AdapterControlPort acPort; port AdapterControlPkiPort acPort; port PkiPort pkiPort; var Certificate vc_eaCertificate; /** Test Adapter EA certificate */ Loading @@ -97,14 +97,17 @@ module LibItsPki_TestSystem { type component ItsPkiHttp extends ItsSecurityBaseComponent, HttpComponent { var Certificate vc_eaCertificate; /** Test Adapter EA certificate */ var octetstring vc_eaPrivateKey; /** Test Adapter EA private key for signature */ var Certificate vc_ecCertificate; /** Test Adapter EC certificate */ var octetstring vc_ecPrivateKey; /** Test Adapter EC private key for signature */ var octetstring vc_eaPrivateEncKey; /** Test Adapter EA private key for encryption */ var HashedId8 vc_eaHashedId8; /** Test Adapter EA HashedId8 for decryption of IUT's response */ var HashedId8 vc_ecHashedId8; /** Test Adapter EC HashedId8 for decryption of IUT's response */ var Certificate vc_peerEaCertificate; /** IUT EA certificate for signature check */ var octetstring vc_eaPeerWholeHash; /** IUT EA whole-hash for signature check */ } // End of component ItsPki type component ItsPkiItss extends ItsPki { port UpperTesterPort utPort; port UpperTesterPkiPort utPort; port GeoNetworkingPort geoNetworkingPort; } // End of component ItsPkiItss Loading Loading
ttcn/Pki/LibItsPki_Functions.ttcn +109 −18 Original line number Diff line number Diff line Loading @@ -55,6 +55,7 @@ module LibItsPki_Functions { import from LibItsPki_TypesAndValues all; import from LibItsPki_Templates all; import from LibItsPki_Pics all; import from LibItsPki_Pixits all; import from LibItsPki_TestSystem all; group pkiConfigurationFunctions { Loading Loading @@ -85,19 +86,23 @@ module LibItsPki_Functions { * @param p_certificateId The certificate identifier the TA shall use in case of secured IUT */ function f_cfHttpUp( in charstring p_certificateId := "CERT_TS_A_EA", // TODO Use a constant in charstring p_ea_certificate_id := "CERT_TS_A_EA", // TODO Use a constant in charstring p_ec_certificate_id := "CERT_TS_A_EC", in charstring p_peerCertificateId := "CERT_IUT_A_EA" ) runs on ItsPkiHttp /* TITAN TODO: system ItsPkiHttpSystem */ { map(self:httpPort, system:httpPort); f_connect4SelfOrClientSync(); f_initialiseSecuredMode(p_certificateId, p_peerCertificateId); f_initialiseSecuredMode(p_ea_certificate_id, p_peerCertificateId); f_readCertificate(p_certificateId, vc_eaCertificate); f_readSigningKey(p_certificateId, vc_eaPrivateKey); f_readEncryptingKey(p_certificateId, vc_eaPrivateEncKey); f_getCertificateDigest(p_certificateId, vc_eaHashedId8); f_readCertificate(p_ea_certificate_id, vc_eaCertificate); f_readSigningKey(p_ea_certificate_id, vc_eaPrivateKey); f_readCertificate(p_ec_certificate_id, vc_ecCertificate); f_readSigningKey(p_ec_certificate_id, vc_ecPrivateKey); f_readEncryptingKey(p_ea_certificate_id, vc_eaPrivateEncKey); f_getCertificateDigest(p_ea_certificate_id, vc_eaHashedId8); f_getCertificateDigest(p_ec_certificate_id, vc_ecHashedId8); f_readCertificate(p_peerCertificateId, vc_peerEaCertificate); f_getCertificateHash(p_peerCertificateId, vc_eaPeerWholeHash); Loading Loading @@ -291,6 +296,9 @@ module LibItsPki_Functions { var InnerEcRequest v_inner_ec_request; var Ieee1609Dot2Data v_inner_ec_request_signed_for_pop; var bitstring v_inner_ec_request_signed_for_pop_msg; var octetstring v_public_enc_key; var integer v_compressed_enc_key_mode; var boolean v_ret_code; if (f_generate_inner_ec_request(p_private_key, p_publicKeyCompressed, p_compressedMode, v_inner_ec_request) == false) { log("*** f_http_build_inner_ec_request: ERROR: Failed to generate InnerEcRequest ***"); Loading @@ -305,7 +313,20 @@ module LibItsPki_Functions { v_inner_ec_request_signed_for_pop_msg := encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop)); // Prepare for getting the 16 most bytes of SHA256 of InnerEcRequestSignedForPop p_hash_inner_ec_request_signed_for_pop := f_hashWithSha256(bit2oct(v_inner_ec_request_signed_for_pop_msg)); if (f_build_pki_secured_message(vc_eaPrivateKey, valueof(m_signerIdentifier_self), vc_eaHashedId8, p_publicKeyCompressed, p_compressedMode, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data) == false) { // Secure the Pki message if (f_extract_enc_key(vc_eaCertificate, v_public_enc_key, v_compressed_enc_key_mode) == false) { log("*** f_http_build_inner_ec_request: ERROR: Non canonical EA certificate ***"); f_selfOrClientSyncAndVerdict("error", e_error); } log("*** f_http_build_inner_ec_request: Public encryption key: ", v_public_enc_key); log("*** f_http_build_inner_ec_request: Public encryption key comp: ", v_compressed_enc_key_mode); log("*** f_http_build_inner_ec_request: First enrolment: ", PX_FIRST_ENROLMENT); if (PX_FIRST_ENROLMENT == true) { // This is the first enrolment, we used Factory keys v_ret_code := f_build_pki_secured_message(PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY, valueof(m_signerIdentifier_self), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data); } else { // We use last valid EC certificate v_ret_code := f_build_pki_secured_message(vc_ecPrivateKey, valueof(m_signerIdentifier_digest(vc_ecHashedId8)), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data); } if (v_ret_code == false) { log("*** f_http_build_inner_ec_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); f_selfOrClientSyncAndVerdict("error", e_error); } Loading @@ -323,6 +344,9 @@ module LibItsPki_Functions { ) runs on ItsPkiHttp { var InnerEcRequest v_inner_ec_request; var Ieee1609Dot2Data v_inner_ec_request_signed_for_pop; var octetstring v_public_enc_key; var integer v_compressed_enc_key_mode; var boolean v_ret_code; if (f_generate_inner_ec_request(p_private_key, p_publicKeyCompressed, p_compressedMode, v_inner_ec_request) == false) { log("*** f_http_build_invalid_enrolment_request: ERROR: Failed to generate InnerEcRequest ***"); Loading @@ -336,7 +360,19 @@ module LibItsPki_Functions { // Secure InnerEcRequestSignedForPoP message // Get 16 last byte of SHA256 of InnerEcRequestSignedForPop p_hash_inner_ec_request_signed_for_pop := f_hashWithSha256(int2oct(12345, 32)); // Invalid InnseEcRequestSignedForPop if (f_build_pki_secured_message(vc_eaPrivateKey, valueof(m_signerIdentifier_self), vc_eaHashedId8, p_publicKeyCompressed, p_compressedMode, bit2oct(encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop))), p_ieee1609dot2_signed_and_encrypted_data) == false) { // Secure the Pki message if (f_extract_enc_key(vc_eaCertificate, v_public_enc_key, v_compressed_enc_key_mode) == false) { log("*** f_http_build_inner_ec_request: ERROR: Non canonical EA certificate ***"); f_selfOrClientSyncAndVerdict("error", e_error); } log("*** f_http_build_inner_ec_request: Public encryption key: ", v_public_enc_key); log("*** f_http_build_inner_ec_request: Public encryption key comp: ", v_compressed_enc_key_mode); if (PX_FIRST_ENROLMENT == true) { // This is the first enrolment, we used Factory keys v_ret_code := f_build_pki_secured_message(PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY, valueof(m_signerIdentifier_self), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, bit2oct(encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop))), p_ieee1609dot2_signed_and_encrypted_data); } else { // We use last valid EC certificate v_ret_code := f_build_pki_secured_message(vc_ecPrivateKey, valueof(m_signerIdentifier_digest(vc_ecHashedId8)), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, bit2oct(encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop))), p_ieee1609dot2_signed_and_encrypted_data); } if (v_ret_code == false) { log("*** f_http_build_invalid_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); f_selfOrClientSyncAndVerdict("error", e_error); } Loading @@ -363,16 +399,32 @@ module LibItsPki_Functions { // Local variables var AuthorizationValidationRequest v_authorization_validation_request; var bitstring v_authorization_validation_request_msg; var octetstring v_public_enc_key; var integer v_compressed_enc_key_mode; if (f_generate_authorization_validation_request(vc_eaCertificate, vc_eaHashedId8, p_private_key, p_publicKeyCompressed, p_compressedMode, v_authorization_validation_request) == false) { log("*** f_http_build_authorization_validation_request: ERROR: Failed to generate AuthorizationValidationRequest ***"); f_selfOrClientSyncAndVerdict("error", e_error); } if (f_build_pki_secured_message(vc_eaPrivateKey, valueof(m_signerIdentifier_self), vc_eaHashedId8, p_publicKeyCompressed, p_compressedMode, bit2oct(encvalue(m_etsiTs102941Data_authorization_validation_request(v_authorization_validation_request))), p_ieee1609dot2_signed_and_encrypted_data) == false) { log("*** f_http_build_authorization_validation_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); // Secure the Pki message if (f_extract_enc_key(vc_eaCertificate, v_public_enc_key, v_compressed_enc_key_mode) == false) { log("*** f_http_build_inner_ec_request: ERROR: Non canonical EA certificate ***"); f_selfOrClientSyncAndVerdict("error", e_error); } log("*** f_http_build_authorization_validation_request: Public encryption key: ", v_public_enc_key); log("*** f_http_build_authorization_validation_request: Public encryption key comp: ", v_compressed_enc_key_mode); /** TODO: Load certificate according to the IUT role ==> a complete fucntion which set up the TestSustem certificate,keyy... according to the IUT role **/ log("*** f_http_build_inner_ec_request: ERROR: Need to add TestSystem variable vc_aa ***"); f_selfOrClientSyncAndVerdict("error", e_error); /* if (f_build_pki_secured_message(vc_aaPrivateKey, valueof(m_signerIdentifier_digest(vc_aaHashedId8)), vc_eaHashedId8/\*recipientId*\/, v_public_enc_key, v_compressed_enc_key_mode, bit2oct(encvalue(m_etsiTs102941Data_authorization_validation_request(v_authorization_validation_request))), p_ieee1609dot2_signed_and_encrypted_data) == false) { */ /* log("*** f_http_build_authorization_validation_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); */ /* f_selfOrClientSyncAndVerdict("error", e_error); */ /* } */ log("*** f_http_build_authorization_validation_request: DEBUG: p_ieee1609dot2_signed_and_encrypted_data = ", p_ieee1609dot2_signed_and_encrypted_data); } // End of function f_http_build_authorization_validation_request Loading Loading @@ -1128,6 +1180,45 @@ module LibItsPki_Functions { } // End of group inner_ec_xxx group security_function { // TODO To be moved in LibItsSecurity_Function module function f_extract_enc_key( in Certificate p_certificate, out octetstring p_public_enc_key, out integer p_compressed_enc_key_mode ) return boolean { if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256)) { if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0)) { p_public_enc_key := p_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0; p_compressed_enc_key_mode := 0; } else if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1)) { p_public_enc_key := p_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1; p_compressed_enc_key_mode := 1; } else { log("f_extract_enc_key: Non canonical EA certificate"); return false; } } else if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1)) { if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_0)) { p_public_enc_key := p_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_0; p_compressed_enc_key_mode := 0; } else if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_1)) { p_public_enc_key := p_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_1; p_compressed_enc_key_mode := 0; } else { log("f_extract_enc_key: Non canonical EA certificate"); return false; } } else { log("f_extract_enc_key: Invalid EA certificate"); return false; } return true; } // End of function f_extract_enc_key } // End of group security_function group altstes { altstep a_default_pki() runs on ItsPki { Loading
ttcn/Pki/LibItsPki_Pics.ttcn +61 −1 Original line number Diff line number Diff line Loading @@ -50,9 +50,69 @@ module LibItsPki_Pics { */ modulepar charstring PICS_HTTP_GET_URI := "/its/inner_ec_request"; /** * @desc Factory private key for verification Nist P256 */ modulepar octetstring PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY := '5C25F97607DFC62972A147FAD8B7A7C939569F0F95ECD4C641724A68B51836E5'O; /** * @desc Factory compressed public key for verification Nist P256 */ modulepar octetstring PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY := '020144E5174B0AFDA86BDB8B643B68D40030F5BDB9A9F090C64852CC3C20C9D5AD'O; /** * @desc Factory private key for encryption Nist P256 */ modulepar octetstring PICS_ITS_S_ENC_NITSP256_PRIVATE_KEY := 'EDEBEADCAA9514CD4B30256126FB7DF958B911C6EB58CCF702983C3DCD3DECBD'O; /** * @desc Factory compressed public key for encryption Nist P256 */ modulepar octetstring PICS_ITS_S_ENC_NISTP256_PUBLIC_KEY := '023A4ADDCDD5EE66DAB2116B0C3AB47CCEDAE92CD9ACE98A84B10EB63A9DCA798C'O; /** * @desc Factory private key for encryption Brainpool P256 r1 */ modulepar octetstring PICS_ITS_S_ENC_BRAINPOOLP256r1_PRIVATE_KEY := '9F155D40B6C920BA45D8027093C8ADADAF3AA6F9F71F0CC0F8279FF0146A8A48'O; /** * @desc Factory compressed public key for encryption Brainpool P256 r1 */ modulepar octetstring PICS_ITS_S_ENC_BRAINPOOLP256r1_PUBLIC_KEY := '038602F468BD334EA4D2BA416295E204D58BD1F42C85FB9BE57237C74544F6A69A'O; /** * @desc Factory private key for verification Brainpool P256 r1 */ modulepar octetstring PICS_ITS_S_SIGN_BRAINPOOLP256r1_PRIVATE_KEY := '6D585B716D06F75EC2B8A8ADEBFCE6ED35B0640C2AFBFF25FE48FC81A6732D4F'O; /** * @desc Factory compressed public key for verification Brainpool P256 r1 */ modulepar octetstring PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY := '02A92BA3B770B040B8D958D5BD2CC9B537212D6963F50EA3E4784FEFA5D0454C12'O; /** * @desc Factory private key for encryption Brainpool P384 r1 */ modulepar octetstring PICS_ITS_S_ENC_BRAINPOOLP384r1_PRIVATE_KEY := '6B4B4392511B252C904801466F5DA0A7F28E038E6656800CBB0CDCB3D32F862CA4D59CBDC1A19E98E9191582AF1DB3D7'O; /** * @desc Factory compressed public key for encryption Brainpool P384 r1 */ modulepar octetstring PICS_ITS_S_ENC_BRAINPOOLP384r1_PUBLIC_KEY := '027BB3104998F30B86B0C7C6CC9BFAECA7F7E99E8CE575D07B550028CCB15E1C95581B9B8520D40A35256021DDA63B785C'O; /** * @desc Factory private key for verification Brainpool P384 r1 */ modulepar octetstring PICS_ITS_S_SIGN_BRAINPOOLP384r1_PRIVATE_KEY := '3CD977195A579787C84D5900F4CB6341E0C3D2750B140C5380E6F03CE3FBA0022F7541DEABDCED4790D313ED8F56ACA8'O; /** * @desc Factory compressed public key for verification Brainpool P384 r1 */ modulepar octetstring PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY := '0243FF5C96984C2C3F5FD5C5F6551C90F5FAEE1E5E8301763E4AF1E9D627F3474E554B82EE98EC4B49808DFF61B35F8313'O; /** * @desc Canonical ITSS-S identifier */ modulepar charstring PICS_ITS_S_CANONICAL_ID := "CanonicalItsId"; modulepar charstring PICS_ITS_S_CANONICAL_ID := "1B4CA1210123AE900BBE6C3EBAE7E87DA20DBDAB1E7B2EC0691C51C1021900AA"; } // End of module LibItsPki_Pics
ttcn/Pki/LibItsPki_Pixits.ttcn +1 −0 Original line number Diff line number Diff line module LibItsPki_Pixits { modulepar boolean PX_FIRST_ENROLMENT := true; } // End of module LibItsPki_Pixits
ttcn/Pki/LibItsPki_TestSystem.ttcn +9 −6 Original line number Diff line number Diff line Loading @@ -46,7 +46,7 @@ module LibItsPki_TestSystem { /** * @desc Adapter control port */ type port AdapterControlPort message { type port AdapterControlPkiPort message { out AcPkiPrimitive; in AcPkiResponse; } // End of AdapterControlPort Loading @@ -54,7 +54,7 @@ module LibItsPki_TestSystem { /** * @desc Upper Tester port */ type port UpperTesterPort message { type port UpperTesterPkiPort message { out UtPkiInitialize, UtPkiTrigger; in UtPkiResults; } // End of UpperTesterPort Loading @@ -72,7 +72,7 @@ module LibItsPki_TestSystem { group componentDefinitions { type component ItsPkiSystem { port AdapterControlPort acPort; port AdapterControlPkiPort acPort; port PkiPort pkiPort; } // End of component ItsPkiSystem Loading @@ -80,14 +80,14 @@ module LibItsPki_TestSystem { } // End of component ItsPkiHttpSystem type component ItsPkiItssSystem extends ItsPkiSystem { port UpperTesterPort utPort; port UpperTesterPkiPort utPort; port GeoNetworkingPort geoNetworkingPort; } // End of component ItsPkiItssSystem } // End of group componentDefinitions type component ItsPki extends ItsSecurityBaseComponent, ItsBaseMtc { port AdapterControlPort acPort; port AdapterControlPkiPort acPort; port PkiPort pkiPort; var Certificate vc_eaCertificate; /** Test Adapter EA certificate */ Loading @@ -97,14 +97,17 @@ module LibItsPki_TestSystem { type component ItsPkiHttp extends ItsSecurityBaseComponent, HttpComponent { var Certificate vc_eaCertificate; /** Test Adapter EA certificate */ var octetstring vc_eaPrivateKey; /** Test Adapter EA private key for signature */ var Certificate vc_ecCertificate; /** Test Adapter EC certificate */ var octetstring vc_ecPrivateKey; /** Test Adapter EC private key for signature */ var octetstring vc_eaPrivateEncKey; /** Test Adapter EA private key for encryption */ var HashedId8 vc_eaHashedId8; /** Test Adapter EA HashedId8 for decryption of IUT's response */ var HashedId8 vc_ecHashedId8; /** Test Adapter EC HashedId8 for decryption of IUT's response */ var Certificate vc_peerEaCertificate; /** IUT EA certificate for signature check */ var octetstring vc_eaPeerWholeHash; /** IUT EA whole-hash for signature check */ } // End of component ItsPki type component ItsPkiItss extends ItsPki { port UpperTesterPort utPort; port UpperTesterPkiPort utPort; port GeoNetworkingPort geoNetworkingPort; } // End of component ItsPkiItss Loading
