ITS-CMS6 Plugtest validation (7f9ffa8e) · Commits · TTCN-3 Libraries / LibIts

ttcn/Pki/LibItsPki_Functions.ttcn

+85 −28

Original line number	Original line	Diff line number	Diff line
	@@ -672,8 +672,8 @@ module LibItsPki_Functions {

	// Secure the response		// Secure the response
	log("f_http_build_inner_ec_response: p_inner_ec_response= ", p_inner_ec_response);		log("f_http_build_inner_ec_response: p_inner_ec_response= ", p_inner_ec_response);
	v_msg := bit2oct(encvalue(p_inner_ec_response));		v_msg := bit2oct(encvalue(m_etsiTs102941Data_inner_ec_response(p_inner_ec_response)));
	v_nonce := int2oct(f_getCurrentTime(), 32); // Random value		v_nonce := substr(f_hashWithSha256(int2oct((f_getCurrentTimeUtc() * 1000), 16)), 0, 12); // Random value
	// TODO Consider Sha384: m_signerIdentifier_digest(f_HashedId8FromSha384(p_digest))		// TODO Consider Sha384: m_signerIdentifier_digest(f_HashedId8FromSha384(p_digest))
	if (f_build_pki_secured_response_message(p_private_key,		if (f_build_pki_secured_response_message(p_private_key,
	valueof(m_signerIdentifier_digest(f_HashedId8FromSha256(p_digest))),// in SignerIdentifier p_signer_identifier,		valueof(m_signerIdentifier_digest(f_HashedId8FromSha256(p_digest))),// in SignerIdentifier p_signer_identifier,
	@@ -1019,8 +1019,8 @@ module LibItsPki_Functions {

	// Secure the response		// Secure the response
	log("f_http_build_inner_at_response: p_inner_at_response= ", p_inner_at_response);		log("f_http_build_inner_at_response: p_inner_at_response= ", p_inner_at_response);
	v_msg := bit2oct(encvalue(p_inner_at_response));		v_msg := bit2oct(encvalue(m_etsiTs102941Data_inner_at_response(p_inner_at_response)));
	v_nonce := substr(f_hashWithSha256(int2oct((f_getCurrentTimeUtc() * 1000), 16)), 0, 16); // Random value		v_nonce := substr(f_hashWithSha256(int2oct((f_getCurrentTimeUtc() * 1000), 16)), 0, 12); // Random value
	// TODO Consider Sha384: m_signerIdentifier_digest(f_HashedId8FromSha384(p_digest))		// TODO Consider Sha384: m_signerIdentifier_digest(f_HashedId8FromSha384(p_digest))
	if (f_build_pki_secured_response_message(p_private_key,		if (f_build_pki_secured_response_message(p_private_key,
	valueof(m_signerIdentifier_digest(f_HashedId8FromSha256(p_digest))),// in SignerIdentifier p_signer_identifier,		valueof(m_signerIdentifier_digest(f_HashedId8FromSha256(p_digest))),// in SignerIdentifier p_signer_identifier,
	@@ -1223,13 +1223,14 @@ module LibItsPki_Functions {
	m_validityPeriod(		m_validityPeriod(
	f_getCurrentTime() / 1000,		f_getCurrentTime() / 1000,
	m_duration_in_hours(120)		m_duration_in_hours(120)
	),		)/*,
	omit/*m_geographicRegion_identifiedRegion(		m_geographicRegion_identifiedRegion(
	{		{
	m_identifiedRegion_country_only(250), // TODO PIXIT		m_identifiedRegion_country_only(250), // TODO PIXIT
	m_identifiedRegion_country_only(380)		m_identifiedRegion_country_only(380)
	}		}
	)*/		),
			'00'O*/ // TODO Use PIXIT
	)		)
	);		);
	// Encode it ==> Get octetstring		// Encode it ==> Get octetstring
	@@ -1419,19 +1420,19 @@ module LibItsPki_Functions {

	log(">>> f_generate_at_certificate_for_authorization_response");		log(">>> f_generate_at_certificate_for_authorization_response");

	/*v_issuer := valueof(m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(p_digest))); // TODO Check sha256/384 f_HashedId8FromSha384		v_issuer := valueof(m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(p_digest))); // TODO Check sha256/384 f_HashedId8FromSha384
	v_cert := valueof(		v_cert := valueof(
	m_etsiTs103097Certificate(		m_etsiTs103097Certificate(
	v_issuer,		v_issuer,
	m_toBeSignedCertificate_ec(		m_toBeSignedCertificate_ec(
	p_inner_at_request.requestedSubjectAttributes.id,		p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.id,
	p_inner_at_request.requestedSubjectAttributes.appPermissions,		p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.appPermissions,
	m_verificationKeyIndicator_verificationKey(		m_verificationKeyIndicator_verificationKey(
	p_inner_at_request.publicKeys.verificationKey		p_inner_at_request.publicKeys.verificationKey
	),		),
	p_inner_at_request.requestedSubjectAttributes.validityPeriod,		p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.validityPeriod,
	p_inner_at_request.requestedSubjectAttributes.region,		p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.region,
	p_inner_at_request.requestedSubjectAttributes.assuranceLevel,		p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.assuranceLevel,
	p_inner_at_request.publicKeys.encryptionKey		p_inner_at_request.publicKeys.encryptionKey
	)		)
	)		)
	@@ -1474,7 +1475,7 @@ module LibItsPki_Functions {
	)		)
	);		);
	}		}
	p_at_certificate := valueof(v_cert);*/		p_at_certificate := valueof(v_cert);
	log("f_generate_at_certificate_for_authorization_response: p_at_certificate= ", p_at_certificate);		log("f_generate_at_certificate_for_authorization_response: p_at_certificate= ", p_at_certificate);

	return true;		return true;
	@@ -1520,14 +1521,14 @@ module LibItsPki_Functions {
	m_validityPeriod(		m_validityPeriod(
	f_getCurrentTime() / 1000,		f_getCurrentTime() / 1000,
	m_duration_in_hours(120) // TODO Use PIXIT		m_duration_in_hours(120) // TODO Use PIXIT
	),		)/*,
	omit,/*m_geographicRegion_identifiedRegion(		m_geographicRegion_identifiedRegion(
	{		{
	m_identifiedRegion_country_only(250), // TODO Use PIXIT		m_identifiedRegion_country_only(250), // TODO Use PIXIT
	m_identifiedRegion_country_only(380) // TODO Use PIXIT		m_identifiedRegion_country_only(380) // TODO Use PIXIT
	}		}
	),*/		),
	omit//'00'O//'C0'O // TODO Use PIXIT		'00'O*/ // TODO Use PIXIT
	)		)
	)		)
	);		);
	@@ -2482,7 +2483,7 @@ module LibItsPki_Functions {
	mw_binary_body_ieee1609dot2_data(		mw_binary_body_ieee1609dot2_data(
	mw_enrolmentResponseMessage(		mw_enrolmentResponseMessage(
	mw_encryptedData(		mw_encryptedData(
	{ , mw_recipientInfo_pskRecipInfo/(v_aes_sym_key_hashed_id8)/, },		{ , mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), },
	mw_SymmetricCiphertext_aes128ccm		mw_SymmetricCiphertext_aes128ccm
	)))))),		)))))),
	v_response		v_response
	@@ -2497,8 +2498,8 @@ module LibItsPki_Functions {
	}		}
	log("f_await_http_inner_ec_request_response: Receive ", v_etsi_ts_102941_data, " ***");		log("f_await_http_inner_ec_request_response: Receive ", v_etsi_ts_102941_data, " ***");
	// Verify the received EC certificate		// Verify the received EC certificate
	log("f_await_http_inner_ec_request_response: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(-/Escryptsubstr(v_request_hash, 0, 16)/, mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log		log("f_await_http_inner_ec_request_response: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
	if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(-/Escryptsubstr(v_request_hash, 0, 16)/, mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec)))) == false) {		if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec)))) == false) {
	log("f_await_http_inner_ec_request_response: Unexpected message received ***");		log("f_await_http_inner_ec_request_response: Unexpected message received ***");
	if (p_strict_checks) {		if (p_strict_checks) {
	return false;		return false;
	@@ -2670,6 +2671,8 @@ module LibItsPki_Functions {
	f_getCertificateHash(v_certificate_id, v_hash);		f_getCertificateHash(v_certificate_id, v_hash);
	v_tbs_signed := f_signWithEcdsa(bit2oct(encvalue(v_tbs)), v_hash, p_private_key);		v_tbs_signed := f_signWithEcdsa(bit2oct(encvalue(v_tbs)), v_hash, p_private_key);
	}		}
			log("f_build_pki_secured_request_message_signed_with_pop: lengthof(v_tbs_signed)= ", lengthof(v_tbs_signed));
			log("f_build_pki_secured_request_message_signed_with_pop: v_tbs_signed= ", v_tbs_signed);
	// Add the signature and create EtsiTs103097Data-Signed data structure		// Add the signature and create EtsiTs103097Data-Signed data structure
	if (PX_VE_ALG == e_nist_p256) {		if (PX_VE_ALG == e_nist_p256) {
	v_signature := valueof(		v_signature := valueof(
	@@ -3185,6 +3188,59 @@ module LibItsPki_Functions {
	// 4. Verifiy signature		// 4. Verifiy signature
	log("f_verify_pki_request_message: v_ieee1609dot2_signed_data.content.signedData.tbsData= ", v_ieee1609dot2_signed_data.content.signedData.tbsData);		log("f_verify_pki_request_message: v_ieee1609dot2_signed_data.content.signedData.tbsData= ", v_ieee1609dot2_signed_data.content.signedData.tbsData);
	v_msg := bit2oct(encvalue(v_ieee1609dot2_signed_data.content.signedData.tbsData));		v_msg := bit2oct(encvalue(v_ieee1609dot2_signed_data.content.signedData.tbsData));
			if (p_issuer == ''O) { // ITS-S/OBU
			var PublicVerificationKey v_public_verification_key;

			log("f_verify_pki_request_message: Use ITS-S technical keys");
			if (PX_VE_ALG == e_nist_p256) {
			var EccP256CurvePoint v_ecc_p256_curve_point;

			if (PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY[0] == '02'O) {
			v_ecc_p256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_0(substr(PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY, 1, 32)));
			} else {
			v_ecc_p256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_1(substr(PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY, 1, 32)));
			}
			v_public_verification_key := valueof(
			m_publicVerificationKey_ecdsaNistP256(
			v_ecc_p256_curve_point
			)
			);
			} else if (PX_VE_ALG == e_brainpool_p256_r1) {
			var EccP256CurvePoint v_ecc_p256_curve_point;

			if (PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY[0] == '02'O) {
			v_ecc_p256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_0(substr(PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY, 1, 32)));
			} else {
			v_ecc_p256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_1(substr(PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY, 1, 32)));
			}
			v_public_verification_key := valueof(
			m_publicVerificationKey_ecdsaBrainpoolP256r1(
			v_ecc_p256_curve_point
			)
			);
			} else if (PX_VE_ALG == e_brainpool_p384_r1) {
			var EccP384CurvePoint v_ecc_p384_curve_point;

			if (PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY[0] == '02'O) {
			v_ecc_p384_curve_point := valueof(m_eccP384CurvePoint_compressed_y_0(substr(PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY, 1, 48)));
			} else {
			v_ecc_p384_curve_point := valueof(m_eccP384CurvePoint_compressed_y_1(substr(PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY, 1, 48)));
			}
			v_public_verification_key := valueof(
			m_publicVerificationKey_ecdsaBrainpoolP384r1(
			v_ecc_p384_curve_point
			)
			);
			} else {
			return false;
			}
			log("f_verify_pki_request_message: v_public_verification_key= ", v_public_verification_key);
			if (f_verifyEcdsa(v_msg, int2oct(0, 32), v_ieee1609dot2_signed_data.content.signedData.signature_, v_public_verification_key) == false) {
			if (p_check_security == true) {
			return false;
			}
			}
			} else {
	if (f_getCertificateFromDigest(f_HashedId8FromSha256(p_issuer), v_certificate) == false) {		if (f_getCertificateFromDigest(f_HashedId8FromSha256(p_issuer), v_certificate) == false) {
	if (p_check_security == true) {		if (p_check_security == true) {
	return false;		return false;
	@@ -3196,6 +3252,7 @@ module LibItsPki_Functions {
	return false;		return false;
	}		}
	}		}
			}

	// 4. Return the PKI message		// 4. Return the PKI message
	log("f_verify_pki_request_message: v_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData= ", v_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData);		log("f_verify_pki_request_message: v_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData= ", v_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData);

ttcn/Pki/LibItsPki_Templates.ttcn

+25 −0

Original line number	Original line	Diff line number	Diff line
	@@ -55,6 +55,15 @@ module LibItsPki_Templates {
	}		}
	} // End of template m_etsiTs102941Data_inner_ec_response		} // End of template m_etsiTs102941Data_inner_ec_response

			template (value) EtsiTs102941Data m_etsiTs102941Data_inner_at_response(
			in template (value) InnerAtResponse p_inner_at_response
			) := {
			version := PkiProtocolVersion,
			content := {
			authorizationResponse := p_inner_at_response
			}
			} // End of template m_etsiTs102941Data_inner_at_response

	template (present) EtsiTs102941Data mw_etsiTs102941Data_inner_ec_response(		template (present) EtsiTs102941Data mw_etsiTs102941Data_inner_ec_response(
	template (present) InnerEcResponse p_inner_ec_response := ?		template (present) InnerEcResponse p_inner_ec_response := ?
	) := {		) := {
	@@ -464,4 +473,20 @@ module LibItsPki_Templates {
	certIssuePermissions := p_certIssuePermissions		certIssuePermissions := p_certIssuePermissions
	} // End of template mw_certificate_subject_attributes		} // End of template mw_certificate_subject_attributes

			template CertificateSubjectAttributes mw_certificate_subject_attributes_optional_assuranceLevel(
			template (present) SequenceOfPsidSsp p_appPermissions := ?,
			template (present) CertificateId p_id := ?,
			template (present) ValidityPeriod p_validityPeriod := ?,
			template SubjectAssurance p_assuranceLevel := *,
			template GeographicRegion p_region := *,
			template SequenceOfPsidGroupPermissions p_certIssuePermissions := omit
			) := {
			id := p_id,
			validityPeriod := p_validityPeriod,
			region := p_region,
			assuranceLevel := p_assuranceLevel,
			appPermissions := p_appPermissions,
			certIssuePermissions := p_certIssuePermissions
			} // End of template mw_certificate_subject_attributes

	} // End of module LibItsPki_Templates		} // End of module LibItsPki_Templates

ttcn/Security/LibItsSecurity_Templates.ttcn

+4 −2

Original line number	Original line	Diff line number	Diff line
	@@ -804,6 +804,7 @@ module LibItsSecurity_Templates {
	template (value) Ieee1609Dot2Data m_ieee1609Dot2Data(		template (value) Ieee1609Dot2Data m_ieee1609Dot2Data(
	in template (value) Ieee1609Dot2Content p_content		in template (value) Ieee1609Dot2Content p_content
	) := {		) := {
			protocolVersion := c_protocol_version,
	content := p_content		content := p_content
	} // End of template m_ieee1609Dot2Data		} // End of template m_ieee1609Dot2Data

	@@ -814,6 +815,7 @@ module LibItsSecurity_Templates {
	template (present) Ieee1609Dot2Data mw_ieee1609Dot2Data(		template (present) Ieee1609Dot2Data mw_ieee1609Dot2Data(
	template (present) Ieee1609Dot2Content p_content := ?		template (present) Ieee1609Dot2Content p_content := ?
	) := {		) := {
			protocolVersion := c_protocol_version,
	content := p_content		content := p_content
	} // End of template mw_ieee1609Dot2Data		} // End of template mw_ieee1609Dot2Data

Admin message