Commit 6ad3b76d authored by Yann Garcia's avatar Yann Garcia
Browse files

Bug fixed in http_codec

parent b1e9bdd7

ttcn/Pki/LibItsPki_Functions.ttcn

+58 −36
Original line number Original line Diff line number Diff line
@@ -248,6 +248,7 @@ module LibItsPki_Functions { 
      var integer v_compressed_enc_key_mode;

      var integer v_compressed_enc_key_mode;

      var boolean v_ret_code;

      var boolean v_ret_code;





      log(">>> f_http_build_inner_ec_request");

      if (f_generate_inner_ec_request(p_private_key, p_public_key_compressed, p_compressed_mode, v_inner_ec_request) == false) {

      if (f_generate_inner_ec_request(p_private_key, p_public_key_compressed, p_compressed_mode, v_inner_ec_request) == false) {

        log("*** f_http_build_inner_ec_request: ERROR: Failed to generate InnerEcRequest ***");

        log("*** f_http_build_inner_ec_request: ERROR: Failed to generate InnerEcRequest ***");

        f_selfOrClientSyncAndVerdict("error", e_error);

        f_selfOrClientSyncAndVerdict("error", e_error);
@@ -285,8 +286,8 @@ module LibItsPki_Functions { 
        log("*** f_http_build_inner_ec_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***");

        log("*** f_http_build_inner_ec_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***");

        f_selfOrClientSyncAndVerdict("error", e_error);

        f_selfOrClientSyncAndVerdict("error", e_error);

      }

      }

      log("*** f_http_build_inner_ec_request: DEBUG: p_ieee1609dot2_signed_and_encrypted_data= ", p_ieee1609dot2_signed_and_encrypted_data);

      log("*** f_http_build_inner_ec_request: p_ieee1609dot2_signed_and_encrypted_data= ", p_ieee1609dot2_signed_and_encrypted_data);

      log("*** f_http_build_inner_ec_request: DEBUG: p_request_hash= ", p_request_hash);

      log("*** f_http_build_inner_ec_request: p_request_hash= ", p_request_hash);

    } // End of function f_http_build_inner_ec_request

    } // End of function f_http_build_inner_ec_request





    function f_http_build_invalid_enrolment_request(

    function f_http_build_invalid_enrolment_request(
@@ -344,7 +345,6 @@ module LibItsPki_Functions { 
      if (v_ret_code == false) {

      if (v_ret_code == false) {

        log("*** f_http_build_invalid_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***");

        log("*** f_http_build_invalid_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***");

        f_selfOrClientSyncAndVerdict("error", e_error);

        f_selfOrClientSyncAndVerdict("error", e_error);

        return;

      }

      }

      log("*** f_http_build_invalid_enrolment_request: DEBUG: p_ieee1609dot2_signed_and_encrypted_data = ", p_ieee1609dot2_signed_and_encrypted_data);

      log("*** f_http_build_invalid_enrolment_request: DEBUG: p_ieee1609dot2_signed_and_encrypted_data = ", p_ieee1609dot2_signed_and_encrypted_data);

    } // End of function f_http_build_invalid_enrolment_request

    } // End of function f_http_build_invalid_enrolment_request
@@ -470,10 +470,14 @@ module LibItsPki_Functions { 
  group generate_certificates {

  group generate_certificates {





    function f_generate_ec_certificate(

    function f_generate_ec_certificate(

                                       in octetstring p_private_key,

                                       out octetstring p_private_key,

                                       in InnerEcRequest p_inner_ec_request,

                                       out Certificate p_ec_certificate

                                       out Certificate p_ec_certificate

                                       ) return boolean {

                                       ) return boolean {

      var octetstring v_public_key_x;

      var octetstring v_public_key_y;

      var octetstring p_public_key_compressed;

      var integer p_compressed_mode;

      var EccP256CurvePoint v_ecc_p256_curve_point;

      var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs

      var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs

        valueof(m_appPermissions(36, { bitmapSsp := '830001'O })), 

        valueof(m_appPermissions(36, { bitmapSsp := '830001'O })), 

        valueof(m_appPermissions(37, { bitmapSsp := '830001'O })) 

        valueof(m_appPermissions(37, { bitmapSsp := '830001'O }))
@@ -483,13 +487,26 @@ module LibItsPki_Functions { 
      var Oct32 v_sig;

      var Oct32 v_sig;

      var bitstring v_enc_msg;

      var bitstring v_enc_msg;

      

      

      log(">>> f_generate_ec_certificate");

      

      // Generate verification keys for the certificate

      if (f_generate_key_pair_nistp256(p_private_key, v_public_key_x, v_public_key_y, p_public_key_compressed, p_compressed_mode) == false) {

        log("f_generate_ec_certificate: Failed to generate verification key");

        return false;

      }

      if (p_compressed_mode == 0) {

        v_ecc_p256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_0(p_public_key_compressed));

      } else {

        v_ecc_p256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_1(p_public_key_compressed));

      }

      

      v_cert := m_etsiTs103097Certificate(

      v_cert := m_etsiTs103097Certificate(

                                          m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(f_hashWithSha256('616263'O))),

                                          m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(f_hashWithSha256('616263'O))),

                                          m_toBeSignedCertificate_at(

                                          m_toBeSignedCertificate_at(

                                                                     v_appPermissions,

                                                                     v_appPermissions,

                                                                     m_verificationKeyIndicator_verificationKey(

                                                                     m_verificationKeyIndicator_verificationKey(

                                                                                                                m_publicVerificationKey_ecdsaNistP256(

                                                                                                                m_publicVerificationKey_ecdsaNistP256(

                                                                                                                                                      p_inner_ec_request.publicKeys.verificationKey.ecdsaNistP256

                                                                                                                                                      v_ecc_p256_curve_point

                                                                                                                                                      )),

                                                                                                                                                      )),

                                                                     m_validityPeriod(

                                                                     m_validityPeriod(

                                                                                      17469212,

                                                                                      17469212,
@@ -515,7 +532,7 @@ module LibItsPki_Functions { 
                                                                          substr(v_sig, 32, 32)

                                                                          substr(v_sig, 32, 32)

                                                                          )

                                                                          )

                                                     );

                                                     );

      log("v_cert= ", v_cert);

      log("f_generate_ec_certificate: v_cert= ", v_cert);

      

      

      p_ec_certificate := valueof(v_cert);

      p_ec_certificate := valueof(v_cert);

      return true;

      return true;
@@ -921,9 +938,9 @@ module LibItsPki_Functions { 
  group awaiting_messages {

  group awaiting_messages {

    

    

    function f_await_http_inner_ec_request_response(

    function f_await_http_inner_ec_request_response(

                                                    in Oct32 p_private_key, 

                                                    out Oct32 p_private_key, 

                                                    in Oct32 p_compressed_public_key, 

                                                    out Oct32 p_compressed_public_key, 

                                                    in integer p_compressed_mode, 

                                                    out integer p_compressed_mode, 

                                                    out InnerEcResponse p_inner_ec_response

                                                    out InnerEcResponse p_inner_ec_response

                                                    ) runs on ItsPkiHttp return boolean {

                                                    ) runs on ItsPkiHttp return boolean {

      var HeaderLines v_headers;

      var HeaderLines v_headers;
@@ -937,6 +954,7 @@ module LibItsPki_Functions { 
      var EtsiTs102941Data v_etsi_ts_102941_data;

      var EtsiTs102941Data v_etsi_ts_102941_data;

      var HttpMessage v_response;

      var HttpMessage v_response;





      log(">>> f_await_http_inner_ec_request_response");

      f_http_build_inner_ec_request(p_private_key, p_compressed_public_key, p_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);

      f_http_build_inner_ec_request(p_private_key, p_compressed_public_key, p_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);

      f_init_default_headers_list(-, "inner_ec_request", v_headers);

      f_init_default_headers_list(-, "inner_ec_request", v_headers);

      httpPort.send(

      httpPort.send(
@@ -966,12 +984,17 @@ module LibItsPki_Functions { 
            log("f_await_http_inner_ec_request_response: Failed to verify PKI message ***");

            log("f_await_http_inner_ec_request_response: Failed to verify PKI message ***");

          } else {

          } else {

            log("f_await_http_inner_ec_request_response: Receive ", v_etsi_ts_102941_data, " ***");

            log("f_await_http_inner_ec_request_response: Receive ", v_etsi_ts_102941_data, " ***");

            log("f_await_http_inner_ec_request_response: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(mw_issuerIdentifier_self, mw_toBeSignedCertificate_ea, mw_signature_ecdsaNistP256)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log

            // Verify the received EC certificate

            if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(mw_issuerIdentifier_self, mw_toBeSignedCertificate_ea, mw_signature_ecdsaNistP256))))) {

            log("f_await_http_inner_ec_request_response: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec, -)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log

            if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec, -))))) {

              if (f_verify_ec_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, p_compressed_public_key, p_compressed_mode)) {

                p_inner_ec_response := v_etsi_ts_102941_data.content.enrolmentResponse;

                p_inner_ec_response := v_etsi_ts_102941_data.content.enrolmentResponse;

                log("f_await_http_inner_ec_request_response: Well-secured EA certificate received ***");

                log("f_await_http_inner_ec_request_response: Well-secured EA certificate received ***");

                log("p_inner_ec_response= ", p_inner_ec_response);

                log("p_inner_ec_response= ", p_inner_ec_response);

                return true;

                return true;

              } else {

                log("f_await_http_inner_ec_request_response: Cannot verify EC certificate signature ***");

              }

            } else {

            } else {

              log("f_await_http_inner_ec_request_response: Unexpected message received ***");

              log("f_await_http_inner_ec_request_response: Unexpected message received ***");

            }

            }
@@ -1314,35 +1337,34 @@ module LibItsPki_Functions { 
    } // End of function f_verify_pki_message

    } // End of function f_verify_pki_message

    

    

    /**

    /**

     * @desc Verify the generated EA certificate 

     * @desc Verify the EC certificate generated by the EA entity

     * @param p_ea_certificate      The new EA certificate

     * @param p_ec_certificate        The new EC certificate

     * @param p_public_key_compressed The public compressed key (canonical form) for signature check

     * @param p_public_key_compressed The public compressed key (canonical form) for signature check

     * @param p_compressed_mode       The public compressed key mode

     * @param p_compressed_mode       The public compressed key mode

     * @return true on success, false otherwise

     * @return true on success, false otherwise

     */

     */

    function f_verify_ea_certificate(

    function f_verify_ec_certificate(

                                     in Certificate p_ea_certificate,

                                     in Certificate p_ec_certificate,

                                     in octetstring p_public_key_compressed,

                                     in octetstring p_public_key_compressed,

                                     in integer p_compressed_mode

                                     in integer p_compressed_mode

                                     ) return boolean {

                                     ) return boolean {

      var bitstring v_encoded_tbs;

      var bitstring v_encoded_tbs;

      var boolean v_result;

      

      

      // Check certificate format

      v_result := match(p_ea_certificate, mw_etsiTs103097Certificate(mw_issuerIdentifier_self, mw_toBeSignedCertificate_ea, -));

      // Check the signer

      // Check the signer

      log("f_verify_ec_certificate: ", match(p_ec_certificate.issuer, mw_issuerIdentifier_self()));

      if (match(p_ec_certificate.issuer, mw_issuerIdentifier_self)) {

        return false;

      }

      

      

      // Check EA certificate signature

      // Check EC certificate signature

      v_encoded_tbs := encvalue(p_ea_certificate.toBeSigned);

      // TODO Who sign the EC certificate?

      v_result := v_result and f_verifyWithEcdsaNistp256WithSha256(

      /*if (f_verifyCertificateSignatureWithPublicKey(p_ec_certificate, p_ec_certificate.toBeSigned.verifyKeyIndicator.verificationKey) == false) {

                                                                   bit2oct(v_encoded_tbs),

        log("f_verify_ec_certificate: Signature not verified");

                                                                   int2oct(0, 32), // self

        return false;

                                                                   p_ea_certificate.signature_.ecdsaNistP256Signature.rSig.x_only & p_ea_certificate.signature_.ecdsaNistP256Signature.sSig,

        }*/

                                                                   p_public_key_compressed, 

                                                                   p_compressed_mode);

      

      

      return v_result;

      return true;

    } // End of function f_verify_ea_certificate

    } // End of function f_verify_ec_certificate

    

    

    /**

    /**

     * @desc Verify the generated AA certificate 

     * @desc Verify the generated AA certificate

ttcn/Pki/LibItsPki_Pics.ttcn

+2 −2
Original line number Original line Diff line number Diff line
@@ -13,12 +13,12 @@ module LibItsPki_Pics { 
  /**

  /**

   * @desc Does the IUT act as AA device?

   * @desc Does the IUT act as AA device?

   */

   */

  modulepar boolean PICS_IUT_AA_ROLE := false;

  modulepar boolean PICS_IUT_AA_ROLE := true;

  

  

  /**

  /**

   * @desc Does the IUT act as combined EA-AA device?

   * @desc Does the IUT act as combined EA-AA device?

   */

   */

  modulepar boolean PICS_IUT_COMBINED_EA_AA_ROLE := true;

  modulepar boolean PICS_IUT_COMBINED_EA_AA_ROLE := false;

  

  

  /**

  /**

   * @desc Certificate used by the IUT acting as ITS-S

   * @desc Certificate used by the IUT acting as ITS-S

ttcn/Security/LibItsSecurity_Functions.ttcn

+1 −1
Original line number Original line Diff line number Diff line
@@ -768,7 +768,7 @@ module LibItsSecurity_Functions { 
                    p_atCertificate := vc_atCertificate;

                    p_atCertificate := vc_atCertificate;

                    p_aaCertificate := vc_aaCertificate;

                    p_aaCertificate := vc_aaCertificate;

                }

                }

                // Store the certificte to build this message

                // Store the certificate to build this message

                vc_lastAtCertificateUsed := p_atCertificate;

                vc_lastAtCertificateUsed := p_atCertificate;

                

                

                return true;

                return true;

ttcn/Security/LibItsSecurity_Templates.ttcn

+26 −0
Original line number Original line Diff line number Diff line
@@ -1409,6 +1409,32 @@ module LibItsSecurity_Templates { 
            verifyKeyIndicator     := p_verifyKeyIndicator

            verifyKeyIndicator     := p_verifyKeyIndicator

        } // End of template mw_toBeSignedCertificate_ea

        } // End of template mw_toBeSignedCertificate_ea

        

        

        /**

         * @desc Send template for ToBeSignedCertificate with Enrolment credential restrictions

         * @see ETSI TS 103 097 V1.3.1 Clause 7.2.2 Enrolment credential

         */

        template ToBeSignedCertificate mw_toBeSignedCertificate_ec(

                                                                   template (present) CertificateId p_id := ?,

                                                                   template (present) SequenceOfPsidSsp p_appPermissions := ?,

                                                                   template (present) VerificationKeyIndicator p_verifyKeyIndicator := ?,

                                                                   template (present) ValidityPeriod p_validityPeriod := ?,

                                                                   template GeographicRegion p_region := *,

                                                                   template SubjectAssurance p_assuranceLevel := *

        ) := { 

            id                     := p_id,

            cracaId                := '000000'O, // ETSI TS 103 097 V1.3.1 Clause 6 Bullet 2

            crlSeries              := 0, // ETSI TS 103 097 V1.3.1 Clause 6 Bullet 3

            validityPeriod         := p_validityPeriod,

            region                 := p_region,

            assuranceLevel         := p_assuranceLevel,

            appPermissions         := p_appPermissions,

            certIssuePermissions   := omit,

            certRequestPermissions := omit, 

            canRequestRollover     := omit,

            encryptionKey          := omit,

            verifyKeyIndicator     := p_verifyKeyIndicator

        } // End of template mw_toBeSignedCertificate_ec

        

        /**

        /**

         * @desc Send template for ToBeSignedCertificate with Authorization authority restrictions

         * @desc Send template for ToBeSignedCertificate with Authorization authority restrictions

         * @see ETSI TS 103 097 V1.3.1 Clause 7.2.4 Subordinate certification authority certificates

         * @see ETSI TS 103 097 V1.3.1 Clause 7.2.4 Subordinate certification authority certificates