Loading ttcn/Http/LibItsHttp_Pics.ttcn +2 −1 Original line number Original line Diff line number Diff line Loading @@ -19,6 +19,7 @@ module LibItsHttp_Pics { * @desc * @desc */ */ modulepar charstring PICS_HEADER_CONTENT_TYPE := "application/x-its-request"; modulepar charstring PICS_HEADER_CONTENT_TYPE := "application/x-its-request"; modulepar charstring PICS_HEADER_CTL_CONTENT_TYPE := "application/x-its-crl"; /** /** * @desc Set to false in TOKEN header shall not be used * @desc Set to false in TOKEN header shall not be used Loading ttcn/Pki/LibItsPki_Functions.ttcn +190 −3 Original line number Original line Diff line number Diff line Loading @@ -26,6 +26,7 @@ module LibItsPki_Functions { import from EtsiTs102941TypesAuthorization language "ASN.1:1997" all; import from EtsiTs102941TypesAuthorization language "ASN.1:1997" all; import from EtsiTs102941TypesAuthorizationValidation language "ASN.1:1997" all; import from EtsiTs102941TypesAuthorizationValidation language "ASN.1:1997" all; import from EtsiTs102941MessagesCa language "ASN.1:1997" all; import from EtsiTs102941MessagesCa language "ASN.1:1997" all; import from EtsiTs102941TrustLists language "ASN.1:1997" all; import from EtsiTs103097Module language "ASN.1:1997" all; import from EtsiTs103097Module language "ASN.1:1997" all; import from ITS_Container language "ASN.1:1997" all; import from ITS_Container language "ASN.1:1997" all; import from CAM_PDU_Descriptions language "ASN.1:1997" all; import from CAM_PDU_Descriptions language "ASN.1:1997" all; Loading Loading @@ -107,7 +108,7 @@ module LibItsPki_Functions { } } f_connect4SelfOrClientSync(); f_connect4SelfOrClientSync(); f_initialiseSecuredMode(p_ea_certificate_id, p_aa_certificate_id); // TODO To be removed??? f_initialiseSecuredMode(p_ea_certificate_id, p_aa_certificate_id); // Setup EA certificate shared with PKI EA entity // Setup EA certificate shared with PKI EA entity f_readCertificate(p_ea_certificate_id, vc_eaCertificate); f_readCertificate(p_ea_certificate_id, vc_eaCertificate); Loading Loading @@ -144,6 +145,27 @@ module LibItsPki_Functions { } } } // End of function f_cfHttpUp } // End of function f_cfHttpUp /** * @desc Setups default configuration */ function f_cfHttpUp_ca() runs on ItsPkiHttp /* TITAN TODO: system ItsPkiHttpSystem */ { if (PICS_MULTIPLE_END_POINT == false) { map(self:httpPort, system:httpPort); } else { map(self:httpCaPort, system:httpCaPort); } f_connect4SelfOrClientSync(); f_initialiseSecuredMode(); if (PICS_MULTIPLE_END_POINT == false) { activate(a_default_pki_http()); } else { activate(a_default_pki_http_ca()); } } // End of function f_cfHttpUp_ca /** /** * @desc Setups default configuration * @desc Setups default configuration * @param p_certificate_id The certificate identifier the TA shall use in case of secured IUT * @param p_certificate_id The certificate identifier the TA shall use in case of secured IUT Loading Loading @@ -292,6 +314,19 @@ module LibItsPki_Functions { f_uninitialiseSecuredMode(); f_uninitialiseSecuredMode(); } // End of function f_cfHttpDown } // End of function f_cfHttpDown /** * @desc Deletes default configuration */ function f_cfHttpDown_ca() runs on ItsPkiHttp /* TITAN TODO: system ItsPkiHttpSystem */ { if (PICS_MULTIPLE_END_POINT == false) { unmap(self:httpPort, system:httpPort); } else { unmap(self:httpCaPort, system:httpCaPort); } f_disconnect4SelfOrClientSync(); f_uninitialiseSecuredMode(); } // End of function f_cfHttpDown_ca /** /** * @desc Deletes default configuration * @desc Deletes default configuration */ */ Loading Loading @@ -636,6 +671,15 @@ module LibItsPki_Functions { p_http_message.response.header := p_headers; p_http_message.response.header := p_headers; } } httpAtPort.send(p_http_message); httpAtPort.send(p_http_message); } else if (v_content_text == { "ca_request" }) { log("f_http_send: Send on CA end point"); f_set_headers_list({ c_header_host }, { PICS_HEADER_HOST_CA }, p_headers); if (ischosen(p_http_message.request)) { p_http_message.request.header := p_headers; } else { p_http_message.response.header := p_headers; } httpCaPort.send(p_http_message); } else { } else { log("f_http_send: Invalid header value: ", v_content_text); log("f_http_send: Invalid header value: ", v_content_text); } } Loading Loading @@ -2863,6 +2907,116 @@ module LibItsPki_Functions { } // End of group authorization_validation_xxx } // End of group authorization_validation_xxx group rca { function f_verify_rca_response_message( in Ieee1609Dot2Data p_ieee1609dot2_signed_data, in boolean p_check_security := true, out ToBeSignedRcaCtl p_to_be_signed_rca_ctl ) return boolean { var bitstring v_etsi_ts_102941_data_msg; var bitstring v_tbs; var Certificate v_certificate; var charstring v_certificate_id; var Oct32 v_issuer; var EtsiTs102941Data v_etsi_ts_102941_data; log(">>> f_verify_rca_response_message: p_ieee1609dot2_signed_data= ", p_ieee1609dot2_signed_data); // 1. Verify signature log("f_verify_rca_response_message: p_ieee1609dot2_signed_data.content.signedData.tbsData= ", p_ieee1609dot2_signed_data.content.signedData.tbsData); v_tbs := encvalue(p_ieee1609dot2_signed_data.content.signedData.tbsData); if (f_getCertificateFromDigest(p_ieee1609dot2_signed_data.content.signedData.signer.digest, v_certificate, v_certificate_id) == false) { if (p_check_security == true) { return false; } } f_getCertificateHash256(v_certificate_id, v_issuer); if (f_verifyEcdsa(bit2oct(v_tbs), v_issuer, p_ieee1609dot2_signed_data.content.signedData.signature_, v_certificate.toBeSigned.verifyKeyIndicator.verificationKey) == false) { if (p_check_security == true) { return false; } } v_etsi_ts_102941_data_msg := oct2bit(p_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData); if (decvalue(v_etsi_ts_102941_data_msg, v_etsi_ts_102941_data) != 0) { log("f_verify_rca_response_message: Failed to decode EtsiTs102941Data"); return false; } else { log("f_verify_rca_response_message: v_etsi_ts_102941_data= ", v_etsi_ts_102941_data); log("f_verify_pki_response_message: RcaCertificateTrustListMessage matching= ", match(v_etsi_ts_102941_data, mw_etsiTs102941Data_to_be_signed_rca_ctl)); if (match(v_etsi_ts_102941_data, mw_etsiTs102941Data_to_be_signed_rca_ctl) == false) { log("f_verify_rca_response_message: Failed to decode certificateTrustListRca"); return false; } else { p_to_be_signed_rca_ctl := v_etsi_ts_102941_data.content.certificateTrustListRca; log("f_verify_rca_response_message: p_to_be_signed_rca_ctl= ", p_to_be_signed_rca_ctl); } } return true; } function f_verify_full_ctl( in ToBeSignedRcaCtl p_to_be_signed_rca_ctl ) return boolean { log(">>> f_verify_full_ctl: p_to_be_signed_rca_ctl= ", p_to_be_signed_rca_ctl); // 1. Check mandatory fields log("f_verify_full_ctl matching= ", match(p_to_be_signed_rca_ctl, mw_to_be_signed_rca_full_ctl)); if (match(p_to_be_signed_rca_ctl, mw_to_be_signed_rca_full_ctl) == false) { return false; } log("f_verify_full_ctl: ctlCommands length: ", lengthof(p_to_be_signed_rca_ctl.ctlCommands)); for (var integer v_i := 0; v_i < lengthof(p_to_be_signed_rca_ctl.ctlCommands); v_i := v_i + 1) { var CtlCommand v_ctl_command := p_to_be_signed_rca_ctl.ctlCommands[v_i]; if (ischosen(v_ctl_command.delete)) { log("f_verify_full_ctl: ctlCommands shall not contains 'delete' variant"); return false; } else { if (f_verify_ctl_entry(v_ctl_command.add) == false) { log("f_verify_full_ctl: ctlCommands contains inavlid entries"); return false; } } } // End of 'for' statements return true; } function f_verify_ctl_entry( in CtlEntry p_ctl_entry ) return boolean { if (ischosen(p_ctl_entry.rca)) { if (match(p_ctl_entry.rca, mw_root_ca_entry(mw_etsiTs103097Certificate)) == false) { return false; } } else if (ischosen(p_ctl_entry.ea)) { if (match(p_ctl_entry.ea, mw_ea_entry(mw_etsiTs103097Certificate)) == false) { return false; } } else if (ischosen(p_ctl_entry.aa)) { if (match(p_ctl_entry.aa, mw_aa_entry(mw_etsiTs103097Certificate)) == false) { return false; } } else if (ischosen(p_ctl_entry.dc)) { if (match(p_ctl_entry.dc, mw_dc_entry) == false) { return false; } } else if (ischosen(p_ctl_entry.tlm)) { if (match(p_ctl_entry.tlm, mw_tlm_entry(mw_etsiTs103097Certificate)) == false) { return false; } } else { return false; } return true; } } // End of group rca group awaiting_messages { group awaiting_messages { function f_await_http_inner_ec_request_response( function f_await_http_inner_ec_request_response( Loading Loading @@ -3568,6 +3722,7 @@ module LibItsPki_Functions { var octetstring v_msg; var octetstring v_msg; var Ieee1609Dot2Data v_ieee1609dot2_signed_data; var Ieee1609Dot2Data v_ieee1609dot2_signed_data; var Certificate v_certificate; var Certificate v_certificate; var charstring v_certificate_id; log(">>> f_verify_pki_request_message: p_private_enc_key= ", p_private_enc_key); log(">>> f_verify_pki_request_message: p_private_enc_key= ", p_private_enc_key); log(">>> f_verify_pki_request_message: p_salt= ", p_salt); log(">>> f_verify_pki_request_message: p_salt= ", p_salt); Loading Loading @@ -3641,7 +3796,7 @@ module LibItsPki_Functions { } } //return false; //return false; } else { } else { if (f_getCertificateFromDigest(f_HashedId8FromSha256(p_issuer), v_certificate) == false) { if (f_getCertificateFromDigest(f_HashedId8FromSha256(p_issuer), v_certificate, v_certificate_id) == false) { if (p_check_security == true) { if (p_check_security == true) { return false; return false; } } Loading Loading @@ -3702,6 +3857,7 @@ module LibItsPki_Functions { var octetstring v_plain_message; var octetstring v_plain_message; var Ieee1609Dot2Data v_ieee1609dot2_signed_data; var Ieee1609Dot2Data v_ieee1609dot2_signed_data; var Certificate v_certificate; var Certificate v_certificate; var charstring v_certificate_id; var bitstring v_etsi_ts_102941_data_msg; var bitstring v_etsi_ts_102941_data_msg; var bitstring v_tbs; var bitstring v_tbs; var boolean v_ret; var boolean v_ret; Loading Loading @@ -3732,7 +3888,7 @@ module LibItsPki_Functions { // 3. Check the signature // 3. Check the signature log("f_verify_pki_response_message: v_ieee1609dot2_signed_data.content.signedData.tbsData= ", v_ieee1609dot2_signed_data.content.signedData.tbsData); log("f_verify_pki_response_message: v_ieee1609dot2_signed_data.content.signedData.tbsData= ", v_ieee1609dot2_signed_data.content.signedData.tbsData); v_tbs := encvalue(v_ieee1609dot2_signed_data.content.signedData.tbsData); v_tbs := encvalue(v_ieee1609dot2_signed_data.content.signedData.tbsData); if (f_getCertificateFromDigest(v_ieee1609dot2_signed_data.content.signedData.signer.digest, v_certificate) == false) { if (f_getCertificateFromDigest(v_ieee1609dot2_signed_data.content.signedData.signer.digest, v_certificate, v_certificate_id) == false) { if (p_check_security == true) { if (p_check_security == true) { return false; return false; } } Loading Loading @@ -4029,6 +4185,37 @@ module LibItsPki_Functions { } } } // End of altstep a_default_pki_http_at } // End of altstep a_default_pki_http_at altstep a_default_pki_http_ca() runs on ItsPkiHttp { [PICS_MULTIPLE_END_POINT] httpCaPort.receive( mw_http_response( mw_http_response_ko )) { tc_ac.stop; log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } [PICS_MULTIPLE_END_POINT] httpCaPort.receive(mw_http_request) { tc_ac.stop; log("*** a_default: ERROR: Unexpected HTTP Request received ***"); f_selfOrClientSyncAndVerdict("error", e_error); } [PICS_MULTIPLE_END_POINT] httpCaPort.receive(mw_http_response) { tc_ac.stop; log("*** a_default: ERROR: Unexpected HTTP Response received ***"); f_selfOrClientSyncAndVerdict("error", e_error); } [PICS_MULTIPLE_END_POINT] httpCaPort.receive { tc_ac.stop; log("*** a_default: ERROR: Unexpected HTTP message received ***"); f_selfOrClientSyncAndVerdict("error", e_error); } [] a_shutdown() { log("*** a_default: INFO: TEST COMPONENT NOW STOPPING ITSELF! ***"); stop; } } // End of altstep a_default_pki_http_ca altstep a_await_ec_http_request_from_iut( altstep a_await_ec_http_request_from_iut( template HttpMessage p_http_message, template HttpMessage p_http_message, out HttpMessage p_response out HttpMessage p_response Loading ttcn/Pki/LibItsPki_Pics.ttcn +15 −0 Original line number Original line Diff line number Diff line Loading @@ -15,6 +15,11 @@ module LibItsPki_Pics { */ */ modulepar boolean PICS_IUT_AA_ROLE := true; modulepar boolean PICS_IUT_AA_ROLE := true; /** * @desc Does the IUT act as CA device? */ modulepar boolean PICS_IUT_CA_ROLE := true; /** /** * @desc Does the IUT support enrolment? * @desc Does the IUT support enrolment? */ */ Loading Loading @@ -100,6 +105,11 @@ module LibItsPki_Pics { */ */ modulepar charstring PICS_HEADER_HOST_AT := "www.its.at.org"; modulepar charstring PICS_HEADER_HOST_AT := "www.its.at.org"; /** * @desc End point for the CA */ modulepar charstring PICS_HEADER_HOST_CA := "www.its.ca.org"; /** /** * @desc Certificate used by the Test System * @desc Certificate used by the Test System */ */ Loading Loading @@ -136,6 +146,11 @@ module LibItsPki_Pics { */ */ modulepar charstring PICS_HTTP_POST_URI_ATV := "/authorize_validate"; modulepar charstring PICS_HTTP_POST_URI_ATV := "/authorize_validate"; /** * @desc HTTP GET URI for Certificate Trusted List */ modulepar charstring PICS_HTTP_GET_URI_CTL := "/dc/getctl"; /** /** * @desc Factory private key for verification Nist P256 * @desc Factory private key for verification Nist P256 */ */ Loading ttcn/Pki/LibItsPki_Templates.ttcn +69 −1 Original line number Original line Diff line number Diff line Loading @@ -29,9 +29,11 @@ module LibItsPki_Templates { import from EtsiTs102941TypesAuthorization language "ASN.1:1997" all; import from EtsiTs102941TypesAuthorization language "ASN.1:1997" all; import from EtsiTs102941TypesAuthorizationValidation language "ASN.1:1997" all; import from EtsiTs102941TypesAuthorizationValidation language "ASN.1:1997" all; import from EtsiTs102941MessagesCa language "ASN.1:1997" all; import from EtsiTs102941MessagesCa language "ASN.1:1997" all; import from EtsiTs102941TrustLists language "ASN.1:1997" all; import from EtsiTs103097Module language "ASN.1:1997" all; import from EtsiTs103097Module language "ASN.1:1997" all; // LibItsSecurity // LibItsSecurity import from LibItsSecurity_TypesAndValues all; import from LibItsSecurity_Templates all; import from LibItsSecurity_Templates all; // LibItsPki // LibItsPki Loading Loading @@ -129,6 +131,15 @@ module LibItsPki_Templates { ) modifies mw_etsiTs103097Data_encrypted := { ) modifies mw_etsiTs103097Data_encrypted := { } // End of template mw_authorizationValidationResponseMessage } // End of template mw_authorizationValidationResponseMessage template (present) EtsiTs102941Data mw_etsiTs102941Data_to_be_signed_rca_ctl( template (present) ToBeSignedRcaCtl p_to_be_signed_rca_ctl := ? ) := { version := PkiProtocolVersion, content := { certificateTrustListRca := p_to_be_signed_rca_ctl } } // End of template mw_etsiTs102941Data_to_be_signed_rca_ctl template (value) AuthorizationRequestMessage m_authorizationRequestMessage( template (value) AuthorizationRequestMessage m_authorizationRequestMessage( in template (value) EncryptedData p_encryptedData in template (value) EncryptedData p_encryptedData ) modifies m_etsiTs103097Data_encrypted := { ) modifies m_etsiTs103097Data_encrypted := { Loading Loading @@ -519,4 +530,61 @@ module LibItsPki_Templates { certIssuePermissions := p_certIssuePermissions certIssuePermissions := p_certIssuePermissions } // End of template mw_certificate_subject_attributes } // End of template mw_certificate_subject_attributes template (present) ToBeSignedRcaCtl mw_to_be_signed_rca_full_ctl := { version := 1, nextUpdate := ?, isFullCtl := true, ctlSequence := ?, ctlCommands := ? } // End of template mw_to_be_signed_rca_ful_ctl template (present) ToBeSignedRcaCtl mw_to_be_signed_rca_delta_ctl := { version := 1, nextUpdate := ?, isFullCtl := false, ctlSequence := ?, ctlCommands := ? } // End of template mw_to_be_signed_rca_delta_ctl template (present) TlmEntry mw_tlm_entry( template (present) EtsiTs103097Certificate p_selfSignedTLMCertificate := ?, template (present) Url p_accessPoint := ? ) := { selfSignedTLMCertificate := p_selfSignedTLMCertificate, linkTLMCertificate := *, accessPoint := p_accessPoint } // End of template mw_tlm_entry template (present) RootCaEntry mw_root_ca_entry( template (present) EtsiTs103097Certificate p_selfsignedRootCa := ? ) := { selfsignedRootCa := p_selfsignedRootCa, linkRootCaCertificate := * } // End of template mw_root_ca_entry template (present) EaEntry mw_ea_entry( template (present) EtsiTs103097Certificate p_eaCertificate := ?, template (present) Url p_aaAccessPoint := ? ) := { eaCertificate := p_eaCertificate, aaAccessPoint := p_aaAccessPoint, itsAccessPoint := * } // End of linkRootCaCertificate mw_ea_entry template (present) AaEntry mw_aa_entry( template (present) EtsiTs103097Certificate p_aaCertificate := ?, template (present) Url p_accessPoint := ? ) := { aaCertificate := p_aaCertificate, accessPoint := p_accessPoint } // End of template mw_aa_entry template (present) DcEntry mw_dc_entry( template (present) Url p_url := ?, template (present) HashedId8s p_cert := ? ) := { url := p_url, cert := p_cert } // End of template mw_dc_entry } // End of module LibItsPki_Templates } // End of module LibItsPki_Templates ttcn/Pki/LibItsPki_TestSystem.ttcn +2 −0 Original line number Original line Diff line number Diff line Loading @@ -63,6 +63,7 @@ module LibItsPki_TestSystem { port HttpPort httpEcPort; /** Enrolment end point */ port HttpPort httpEcPort; /** Enrolment end point */ port HttpPort httpAtVPort; /** Authorization Validation end point */ port HttpPort httpAtVPort; /** Authorization Validation end point */ port HttpPort httpAtPort; /** Authorization end point */ port HttpPort httpAtPort; /** Authorization end point */ port HttpPort httpCaPort; /** CA CTL/CRL end point */ } // End of component ItsPkiHttpSystem } // End of component ItsPkiHttpSystem /** /** Loading @@ -73,6 +74,7 @@ module LibItsPki_TestSystem { port HttpPort httpEcPort; /** Enrolment end point */ port HttpPort httpEcPort; /** Enrolment end point */ port HttpPort httpAtVPort; /** Authorization Validation end point */ port HttpPort httpAtVPort; /** Authorization Validation end point */ port HttpPort httpAtPort; /** Authorization end point */ port HttpPort httpAtPort; /** Authorization end point */ port HttpPort httpCaPort; /** CA CTL/CRL end point */ var Certificate vc_eaCertificate; /** Test Adapter EA certificate */ var Certificate vc_eaCertificate; /** Test Adapter EA certificate */ var octetstring vc_eaPrivateKey; /** Test Adapter EA private key for signature */ var octetstring vc_eaPrivateKey; /** Test Adapter EA private key for signature */ var octetstring vc_eaPrivateEncKey; /** Test Adapter EA private key for encryption */ var octetstring vc_eaPrivateEncKey; /** Test Adapter EA private key for encryption */ Loading Loading
ttcn/Http/LibItsHttp_Pics.ttcn +2 −1 Original line number Original line Diff line number Diff line Loading @@ -19,6 +19,7 @@ module LibItsHttp_Pics { * @desc * @desc */ */ modulepar charstring PICS_HEADER_CONTENT_TYPE := "application/x-its-request"; modulepar charstring PICS_HEADER_CONTENT_TYPE := "application/x-its-request"; modulepar charstring PICS_HEADER_CTL_CONTENT_TYPE := "application/x-its-crl"; /** /** * @desc Set to false in TOKEN header shall not be used * @desc Set to false in TOKEN header shall not be used Loading
ttcn/Pki/LibItsPki_Functions.ttcn +190 −3 Original line number Original line Diff line number Diff line Loading @@ -26,6 +26,7 @@ module LibItsPki_Functions { import from EtsiTs102941TypesAuthorization language "ASN.1:1997" all; import from EtsiTs102941TypesAuthorization language "ASN.1:1997" all; import from EtsiTs102941TypesAuthorizationValidation language "ASN.1:1997" all; import from EtsiTs102941TypesAuthorizationValidation language "ASN.1:1997" all; import from EtsiTs102941MessagesCa language "ASN.1:1997" all; import from EtsiTs102941MessagesCa language "ASN.1:1997" all; import from EtsiTs102941TrustLists language "ASN.1:1997" all; import from EtsiTs103097Module language "ASN.1:1997" all; import from EtsiTs103097Module language "ASN.1:1997" all; import from ITS_Container language "ASN.1:1997" all; import from ITS_Container language "ASN.1:1997" all; import from CAM_PDU_Descriptions language "ASN.1:1997" all; import from CAM_PDU_Descriptions language "ASN.1:1997" all; Loading Loading @@ -107,7 +108,7 @@ module LibItsPki_Functions { } } f_connect4SelfOrClientSync(); f_connect4SelfOrClientSync(); f_initialiseSecuredMode(p_ea_certificate_id, p_aa_certificate_id); // TODO To be removed??? f_initialiseSecuredMode(p_ea_certificate_id, p_aa_certificate_id); // Setup EA certificate shared with PKI EA entity // Setup EA certificate shared with PKI EA entity f_readCertificate(p_ea_certificate_id, vc_eaCertificate); f_readCertificate(p_ea_certificate_id, vc_eaCertificate); Loading Loading @@ -144,6 +145,27 @@ module LibItsPki_Functions { } } } // End of function f_cfHttpUp } // End of function f_cfHttpUp /** * @desc Setups default configuration */ function f_cfHttpUp_ca() runs on ItsPkiHttp /* TITAN TODO: system ItsPkiHttpSystem */ { if (PICS_MULTIPLE_END_POINT == false) { map(self:httpPort, system:httpPort); } else { map(self:httpCaPort, system:httpCaPort); } f_connect4SelfOrClientSync(); f_initialiseSecuredMode(); if (PICS_MULTIPLE_END_POINT == false) { activate(a_default_pki_http()); } else { activate(a_default_pki_http_ca()); } } // End of function f_cfHttpUp_ca /** /** * @desc Setups default configuration * @desc Setups default configuration * @param p_certificate_id The certificate identifier the TA shall use in case of secured IUT * @param p_certificate_id The certificate identifier the TA shall use in case of secured IUT Loading Loading @@ -292,6 +314,19 @@ module LibItsPki_Functions { f_uninitialiseSecuredMode(); f_uninitialiseSecuredMode(); } // End of function f_cfHttpDown } // End of function f_cfHttpDown /** * @desc Deletes default configuration */ function f_cfHttpDown_ca() runs on ItsPkiHttp /* TITAN TODO: system ItsPkiHttpSystem */ { if (PICS_MULTIPLE_END_POINT == false) { unmap(self:httpPort, system:httpPort); } else { unmap(self:httpCaPort, system:httpCaPort); } f_disconnect4SelfOrClientSync(); f_uninitialiseSecuredMode(); } // End of function f_cfHttpDown_ca /** /** * @desc Deletes default configuration * @desc Deletes default configuration */ */ Loading Loading @@ -636,6 +671,15 @@ module LibItsPki_Functions { p_http_message.response.header := p_headers; p_http_message.response.header := p_headers; } } httpAtPort.send(p_http_message); httpAtPort.send(p_http_message); } else if (v_content_text == { "ca_request" }) { log("f_http_send: Send on CA end point"); f_set_headers_list({ c_header_host }, { PICS_HEADER_HOST_CA }, p_headers); if (ischosen(p_http_message.request)) { p_http_message.request.header := p_headers; } else { p_http_message.response.header := p_headers; } httpCaPort.send(p_http_message); } else { } else { log("f_http_send: Invalid header value: ", v_content_text); log("f_http_send: Invalid header value: ", v_content_text); } } Loading Loading @@ -2863,6 +2907,116 @@ module LibItsPki_Functions { } // End of group authorization_validation_xxx } // End of group authorization_validation_xxx group rca { function f_verify_rca_response_message( in Ieee1609Dot2Data p_ieee1609dot2_signed_data, in boolean p_check_security := true, out ToBeSignedRcaCtl p_to_be_signed_rca_ctl ) return boolean { var bitstring v_etsi_ts_102941_data_msg; var bitstring v_tbs; var Certificate v_certificate; var charstring v_certificate_id; var Oct32 v_issuer; var EtsiTs102941Data v_etsi_ts_102941_data; log(">>> f_verify_rca_response_message: p_ieee1609dot2_signed_data= ", p_ieee1609dot2_signed_data); // 1. Verify signature log("f_verify_rca_response_message: p_ieee1609dot2_signed_data.content.signedData.tbsData= ", p_ieee1609dot2_signed_data.content.signedData.tbsData); v_tbs := encvalue(p_ieee1609dot2_signed_data.content.signedData.tbsData); if (f_getCertificateFromDigest(p_ieee1609dot2_signed_data.content.signedData.signer.digest, v_certificate, v_certificate_id) == false) { if (p_check_security == true) { return false; } } f_getCertificateHash256(v_certificate_id, v_issuer); if (f_verifyEcdsa(bit2oct(v_tbs), v_issuer, p_ieee1609dot2_signed_data.content.signedData.signature_, v_certificate.toBeSigned.verifyKeyIndicator.verificationKey) == false) { if (p_check_security == true) { return false; } } v_etsi_ts_102941_data_msg := oct2bit(p_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData); if (decvalue(v_etsi_ts_102941_data_msg, v_etsi_ts_102941_data) != 0) { log("f_verify_rca_response_message: Failed to decode EtsiTs102941Data"); return false; } else { log("f_verify_rca_response_message: v_etsi_ts_102941_data= ", v_etsi_ts_102941_data); log("f_verify_pki_response_message: RcaCertificateTrustListMessage matching= ", match(v_etsi_ts_102941_data, mw_etsiTs102941Data_to_be_signed_rca_ctl)); if (match(v_etsi_ts_102941_data, mw_etsiTs102941Data_to_be_signed_rca_ctl) == false) { log("f_verify_rca_response_message: Failed to decode certificateTrustListRca"); return false; } else { p_to_be_signed_rca_ctl := v_etsi_ts_102941_data.content.certificateTrustListRca; log("f_verify_rca_response_message: p_to_be_signed_rca_ctl= ", p_to_be_signed_rca_ctl); } } return true; } function f_verify_full_ctl( in ToBeSignedRcaCtl p_to_be_signed_rca_ctl ) return boolean { log(">>> f_verify_full_ctl: p_to_be_signed_rca_ctl= ", p_to_be_signed_rca_ctl); // 1. Check mandatory fields log("f_verify_full_ctl matching= ", match(p_to_be_signed_rca_ctl, mw_to_be_signed_rca_full_ctl)); if (match(p_to_be_signed_rca_ctl, mw_to_be_signed_rca_full_ctl) == false) { return false; } log("f_verify_full_ctl: ctlCommands length: ", lengthof(p_to_be_signed_rca_ctl.ctlCommands)); for (var integer v_i := 0; v_i < lengthof(p_to_be_signed_rca_ctl.ctlCommands); v_i := v_i + 1) { var CtlCommand v_ctl_command := p_to_be_signed_rca_ctl.ctlCommands[v_i]; if (ischosen(v_ctl_command.delete)) { log("f_verify_full_ctl: ctlCommands shall not contains 'delete' variant"); return false; } else { if (f_verify_ctl_entry(v_ctl_command.add) == false) { log("f_verify_full_ctl: ctlCommands contains inavlid entries"); return false; } } } // End of 'for' statements return true; } function f_verify_ctl_entry( in CtlEntry p_ctl_entry ) return boolean { if (ischosen(p_ctl_entry.rca)) { if (match(p_ctl_entry.rca, mw_root_ca_entry(mw_etsiTs103097Certificate)) == false) { return false; } } else if (ischosen(p_ctl_entry.ea)) { if (match(p_ctl_entry.ea, mw_ea_entry(mw_etsiTs103097Certificate)) == false) { return false; } } else if (ischosen(p_ctl_entry.aa)) { if (match(p_ctl_entry.aa, mw_aa_entry(mw_etsiTs103097Certificate)) == false) { return false; } } else if (ischosen(p_ctl_entry.dc)) { if (match(p_ctl_entry.dc, mw_dc_entry) == false) { return false; } } else if (ischosen(p_ctl_entry.tlm)) { if (match(p_ctl_entry.tlm, mw_tlm_entry(mw_etsiTs103097Certificate)) == false) { return false; } } else { return false; } return true; } } // End of group rca group awaiting_messages { group awaiting_messages { function f_await_http_inner_ec_request_response( function f_await_http_inner_ec_request_response( Loading Loading @@ -3568,6 +3722,7 @@ module LibItsPki_Functions { var octetstring v_msg; var octetstring v_msg; var Ieee1609Dot2Data v_ieee1609dot2_signed_data; var Ieee1609Dot2Data v_ieee1609dot2_signed_data; var Certificate v_certificate; var Certificate v_certificate; var charstring v_certificate_id; log(">>> f_verify_pki_request_message: p_private_enc_key= ", p_private_enc_key); log(">>> f_verify_pki_request_message: p_private_enc_key= ", p_private_enc_key); log(">>> f_verify_pki_request_message: p_salt= ", p_salt); log(">>> f_verify_pki_request_message: p_salt= ", p_salt); Loading Loading @@ -3641,7 +3796,7 @@ module LibItsPki_Functions { } } //return false; //return false; } else { } else { if (f_getCertificateFromDigest(f_HashedId8FromSha256(p_issuer), v_certificate) == false) { if (f_getCertificateFromDigest(f_HashedId8FromSha256(p_issuer), v_certificate, v_certificate_id) == false) { if (p_check_security == true) { if (p_check_security == true) { return false; return false; } } Loading Loading @@ -3702,6 +3857,7 @@ module LibItsPki_Functions { var octetstring v_plain_message; var octetstring v_plain_message; var Ieee1609Dot2Data v_ieee1609dot2_signed_data; var Ieee1609Dot2Data v_ieee1609dot2_signed_data; var Certificate v_certificate; var Certificate v_certificate; var charstring v_certificate_id; var bitstring v_etsi_ts_102941_data_msg; var bitstring v_etsi_ts_102941_data_msg; var bitstring v_tbs; var bitstring v_tbs; var boolean v_ret; var boolean v_ret; Loading Loading @@ -3732,7 +3888,7 @@ module LibItsPki_Functions { // 3. Check the signature // 3. Check the signature log("f_verify_pki_response_message: v_ieee1609dot2_signed_data.content.signedData.tbsData= ", v_ieee1609dot2_signed_data.content.signedData.tbsData); log("f_verify_pki_response_message: v_ieee1609dot2_signed_data.content.signedData.tbsData= ", v_ieee1609dot2_signed_data.content.signedData.tbsData); v_tbs := encvalue(v_ieee1609dot2_signed_data.content.signedData.tbsData); v_tbs := encvalue(v_ieee1609dot2_signed_data.content.signedData.tbsData); if (f_getCertificateFromDigest(v_ieee1609dot2_signed_data.content.signedData.signer.digest, v_certificate) == false) { if (f_getCertificateFromDigest(v_ieee1609dot2_signed_data.content.signedData.signer.digest, v_certificate, v_certificate_id) == false) { if (p_check_security == true) { if (p_check_security == true) { return false; return false; } } Loading Loading @@ -4029,6 +4185,37 @@ module LibItsPki_Functions { } } } // End of altstep a_default_pki_http_at } // End of altstep a_default_pki_http_at altstep a_default_pki_http_ca() runs on ItsPkiHttp { [PICS_MULTIPLE_END_POINT] httpCaPort.receive( mw_http_response( mw_http_response_ko )) { tc_ac.stop; log("*** " & testcasename() & ": FAIL: Unexpected message received ***"); f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error); } [PICS_MULTIPLE_END_POINT] httpCaPort.receive(mw_http_request) { tc_ac.stop; log("*** a_default: ERROR: Unexpected HTTP Request received ***"); f_selfOrClientSyncAndVerdict("error", e_error); } [PICS_MULTIPLE_END_POINT] httpCaPort.receive(mw_http_response) { tc_ac.stop; log("*** a_default: ERROR: Unexpected HTTP Response received ***"); f_selfOrClientSyncAndVerdict("error", e_error); } [PICS_MULTIPLE_END_POINT] httpCaPort.receive { tc_ac.stop; log("*** a_default: ERROR: Unexpected HTTP message received ***"); f_selfOrClientSyncAndVerdict("error", e_error); } [] a_shutdown() { log("*** a_default: INFO: TEST COMPONENT NOW STOPPING ITSELF! ***"); stop; } } // End of altstep a_default_pki_http_ca altstep a_await_ec_http_request_from_iut( altstep a_await_ec_http_request_from_iut( template HttpMessage p_http_message, template HttpMessage p_http_message, out HttpMessage p_response out HttpMessage p_response Loading
ttcn/Pki/LibItsPki_Pics.ttcn +15 −0 Original line number Original line Diff line number Diff line Loading @@ -15,6 +15,11 @@ module LibItsPki_Pics { */ */ modulepar boolean PICS_IUT_AA_ROLE := true; modulepar boolean PICS_IUT_AA_ROLE := true; /** * @desc Does the IUT act as CA device? */ modulepar boolean PICS_IUT_CA_ROLE := true; /** /** * @desc Does the IUT support enrolment? * @desc Does the IUT support enrolment? */ */ Loading Loading @@ -100,6 +105,11 @@ module LibItsPki_Pics { */ */ modulepar charstring PICS_HEADER_HOST_AT := "www.its.at.org"; modulepar charstring PICS_HEADER_HOST_AT := "www.its.at.org"; /** * @desc End point for the CA */ modulepar charstring PICS_HEADER_HOST_CA := "www.its.ca.org"; /** /** * @desc Certificate used by the Test System * @desc Certificate used by the Test System */ */ Loading Loading @@ -136,6 +146,11 @@ module LibItsPki_Pics { */ */ modulepar charstring PICS_HTTP_POST_URI_ATV := "/authorize_validate"; modulepar charstring PICS_HTTP_POST_URI_ATV := "/authorize_validate"; /** * @desc HTTP GET URI for Certificate Trusted List */ modulepar charstring PICS_HTTP_GET_URI_CTL := "/dc/getctl"; /** /** * @desc Factory private key for verification Nist P256 * @desc Factory private key for verification Nist P256 */ */ Loading
ttcn/Pki/LibItsPki_Templates.ttcn +69 −1 Original line number Original line Diff line number Diff line Loading @@ -29,9 +29,11 @@ module LibItsPki_Templates { import from EtsiTs102941TypesAuthorization language "ASN.1:1997" all; import from EtsiTs102941TypesAuthorization language "ASN.1:1997" all; import from EtsiTs102941TypesAuthorizationValidation language "ASN.1:1997" all; import from EtsiTs102941TypesAuthorizationValidation language "ASN.1:1997" all; import from EtsiTs102941MessagesCa language "ASN.1:1997" all; import from EtsiTs102941MessagesCa language "ASN.1:1997" all; import from EtsiTs102941TrustLists language "ASN.1:1997" all; import from EtsiTs103097Module language "ASN.1:1997" all; import from EtsiTs103097Module language "ASN.1:1997" all; // LibItsSecurity // LibItsSecurity import from LibItsSecurity_TypesAndValues all; import from LibItsSecurity_Templates all; import from LibItsSecurity_Templates all; // LibItsPki // LibItsPki Loading Loading @@ -129,6 +131,15 @@ module LibItsPki_Templates { ) modifies mw_etsiTs103097Data_encrypted := { ) modifies mw_etsiTs103097Data_encrypted := { } // End of template mw_authorizationValidationResponseMessage } // End of template mw_authorizationValidationResponseMessage template (present) EtsiTs102941Data mw_etsiTs102941Data_to_be_signed_rca_ctl( template (present) ToBeSignedRcaCtl p_to_be_signed_rca_ctl := ? ) := { version := PkiProtocolVersion, content := { certificateTrustListRca := p_to_be_signed_rca_ctl } } // End of template mw_etsiTs102941Data_to_be_signed_rca_ctl template (value) AuthorizationRequestMessage m_authorizationRequestMessage( template (value) AuthorizationRequestMessage m_authorizationRequestMessage( in template (value) EncryptedData p_encryptedData in template (value) EncryptedData p_encryptedData ) modifies m_etsiTs103097Data_encrypted := { ) modifies m_etsiTs103097Data_encrypted := { Loading Loading @@ -519,4 +530,61 @@ module LibItsPki_Templates { certIssuePermissions := p_certIssuePermissions certIssuePermissions := p_certIssuePermissions } // End of template mw_certificate_subject_attributes } // End of template mw_certificate_subject_attributes template (present) ToBeSignedRcaCtl mw_to_be_signed_rca_full_ctl := { version := 1, nextUpdate := ?, isFullCtl := true, ctlSequence := ?, ctlCommands := ? } // End of template mw_to_be_signed_rca_ful_ctl template (present) ToBeSignedRcaCtl mw_to_be_signed_rca_delta_ctl := { version := 1, nextUpdate := ?, isFullCtl := false, ctlSequence := ?, ctlCommands := ? } // End of template mw_to_be_signed_rca_delta_ctl template (present) TlmEntry mw_tlm_entry( template (present) EtsiTs103097Certificate p_selfSignedTLMCertificate := ?, template (present) Url p_accessPoint := ? ) := { selfSignedTLMCertificate := p_selfSignedTLMCertificate, linkTLMCertificate := *, accessPoint := p_accessPoint } // End of template mw_tlm_entry template (present) RootCaEntry mw_root_ca_entry( template (present) EtsiTs103097Certificate p_selfsignedRootCa := ? ) := { selfsignedRootCa := p_selfsignedRootCa, linkRootCaCertificate := * } // End of template mw_root_ca_entry template (present) EaEntry mw_ea_entry( template (present) EtsiTs103097Certificate p_eaCertificate := ?, template (present) Url p_aaAccessPoint := ? ) := { eaCertificate := p_eaCertificate, aaAccessPoint := p_aaAccessPoint, itsAccessPoint := * } // End of linkRootCaCertificate mw_ea_entry template (present) AaEntry mw_aa_entry( template (present) EtsiTs103097Certificate p_aaCertificate := ?, template (present) Url p_accessPoint := ? ) := { aaCertificate := p_aaCertificate, accessPoint := p_accessPoint } // End of template mw_aa_entry template (present) DcEntry mw_dc_entry( template (present) Url p_url := ?, template (present) HashedId8s p_cert := ? ) := { url := p_url, cert := p_cert } // End of template mw_dc_entry } // End of module LibItsPki_Templates } // End of module LibItsPki_Templates
ttcn/Pki/LibItsPki_TestSystem.ttcn +2 −0 Original line number Original line Diff line number Diff line Loading @@ -63,6 +63,7 @@ module LibItsPki_TestSystem { port HttpPort httpEcPort; /** Enrolment end point */ port HttpPort httpEcPort; /** Enrolment end point */ port HttpPort httpAtVPort; /** Authorization Validation end point */ port HttpPort httpAtVPort; /** Authorization Validation end point */ port HttpPort httpAtPort; /** Authorization end point */ port HttpPort httpAtPort; /** Authorization end point */ port HttpPort httpCaPort; /** CA CTL/CRL end point */ } // End of component ItsPkiHttpSystem } // End of component ItsPkiHttpSystem /** /** Loading @@ -73,6 +74,7 @@ module LibItsPki_TestSystem { port HttpPort httpEcPort; /** Enrolment end point */ port HttpPort httpEcPort; /** Enrolment end point */ port HttpPort httpAtVPort; /** Authorization Validation end point */ port HttpPort httpAtVPort; /** Authorization Validation end point */ port HttpPort httpAtPort; /** Authorization end point */ port HttpPort httpAtPort; /** Authorization end point */ port HttpPort httpCaPort; /** CA CTL/CRL end point */ var Certificate vc_eaCertificate; /** Test Adapter EA certificate */ var Certificate vc_eaCertificate; /** Test Adapter EA certificate */ var octetstring vc_eaPrivateKey; /** Test Adapter EA private key for signature */ var octetstring vc_eaPrivateKey; /** Test Adapter EA private key for signature */ var octetstring vc_eaPrivateEncKey; /** Test Adapter EA private key for encryption */ var octetstring vc_eaPrivateEncKey; /** Test Adapter EA private key for encryption */ Loading
