Commit 8e744cf3 authored by garciay's avatar garciay
Browse files

STF545: Add InnerAcRequest/Response support, UpperTester port for ITS-S

parent ac2eae90
......@@ -152,7 +152,7 @@ module LibItsCommon_TypesAndValues {
const integer c_its_aid_IVI := 139;
const integer c_its_aid_TLC := 140;
const integer c_its_aid_GN := 141;
const integer c_its_aid_SCR := 36; // Secured Certificate Request
const integer c_its_aid_SCR := 35; // Secured Certificate Request
}
}
with {
......
......@@ -98,6 +98,7 @@ module LibItsPki_Functions {
f_readSigningKey(p_certificateId, vc_eaPrivateKey);
f_readEncryptingKey(p_certificateId, vc_eaPrivateEncKey);
f_getCertificateDigest(p_certificateId, vc_eaHashedId8);
f_readCertificate(p_peerCertificateId, vc_peerEaCertificate);
f_getCertificateHash(p_peerCertificateId, vc_eaPeerWholeHash);
activate(a_default_pki_http());
......@@ -110,6 +111,8 @@ module LibItsPki_Functions {
f_cfUp();
map(self:geoNetworkingPort, system:geoNetworkingPort);
map(self:utPort, system:utPort);
map(self:acPort, system:acPort);
activate(a_default_pki());
} // End of function f_cfUp_itss
......@@ -136,6 +139,8 @@ module LibItsPki_Functions {
*/
function f_cfDown_itss() runs on ItsPkiItss /* TITAN TODO: system ItsPkiItssSystem */ {
unmap(self:geoNetworkingPort, system:geoNetworkingPort);
unmap(self:utPort, system:utPort);
unmap(self:acPort, system:acPort);
f_cfDown();
} // End of function f_cfDown
......@@ -186,10 +191,70 @@ module LibItsPki_Functions {
f_selfOrClientSyncAndVerdict("error", e_timeout);
}
} // End of 'alt' statement
}
} // End of function f_sendAcPkiPrimitive
} // End of group ac_port
group ut_port {
function f_utInitializeIut(template (value) UtPkiInitialize p_init) runs on ItsPkiItss {
utPort.send(p_init);
tc_wait.start;
alt {
[] utPort.receive(UtPkiResults: { utPkiInitializeResult := true }) {
tc_wait.stop;
log("*** f_utInitializeIut: INFO: IUT initialized ***");
}
[] utPort.receive {
tc_wait.stop;
log("*** f_utInitializeIut: INFO: IUT could not be initialized ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
[] tc_wait.timeout {
log("*** f_utInitializeIut: INFO: IUT could not be initialized in time ***");
f_selfOrClientSyncAndVerdict("error", e_timeout);
}
}
} // End of function f_utInitializeIut
function f_sendUtTriggerPrimitive(
in HashAlgorithm p_hashAlgorithm,
in octetstring p_private_key,
in octetstring p_publicKeyCompressed,
in integer p_compressedMode
) runs on ItsPkiItss {
var TriggerEnrolmentRequest v_ut_trigger_enrolment_request;
var octetstring v_compressed_public_key;
if (p_compressedMode == 2) { // TODO v_compressed_public_key := int2oct(p_compressedMode, 1) & p_publicKeyCompressed?
v_compressed_public_key := '02'O & p_publicKeyCompressed;
} else {
v_compressed_public_key := '03'O & p_publicKeyCompressed;
}
v_ut_trigger_enrolment_request := { p_hashAlgorithm, p_private_key, v_compressed_public_key };
utPort.send(UtPkiTrigger: { triggerEnrolmentRequest := v_ut_trigger_enrolment_request });
tc_ac.start;
alt {
[] utPort.receive(UtPkiResults: { utPkiTriggerResult := true }) {
tc_ac.stop;
}
[] utPort.receive(UtPkiResults: { utPkiTriggerResult := false }) {
tc_ac.stop;
log("*** f_sendUtTriggerPrimitive: ERROR: Received unexpected message ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
[] tc_ac.timeout {
log("*** f_sendAcPkiPrimitive: ERROR: Timeout while waiting for adapter control event result ***");
f_selfOrClientSyncAndVerdict("error", e_timeout);
}
} // End of 'alt' statement
} // End of function f_sendUtTriggerPrimitive
} // End of group ut_port
group http {
function f_http_build_enrolment_request(
......@@ -222,7 +287,9 @@ module LibItsPki_Functions {
log("*** f_http_build_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
log("*** f_http_build_enrolment_request: DEBUG: p_ieee1609dot2_signed_and_encrypted_data = ", p_ieee1609dot2_signed_and_encrypted_data);
log("*** f_http_build_enrolment_request: DEBUG: v_inner_ec_request_signed_for_pop_msg= ", v_inner_ec_request_signed_for_pop_msg);
log("*** f_http_build_enrolment_request: DEBUG: p_ieee1609dot2_signed_and_encrypted_data= ", p_ieee1609dot2_signed_and_encrypted_data);
log("*** f_http_build_enrolment_request: DEBUG: p_hash_inner_ec_request_signed_for_pop= ", p_hash_inner_ec_request_signed_for_pop);
} // End of function f_http_build_enrolment_request
function f_http_build_invalid_enrolment_request(
......@@ -250,13 +317,13 @@ module LibItsPki_Functions {
// Secure InnerEcRequestSignedForPoP message
v_inner_ec_request_signed_for_pop_msg := encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop));
// Get 16 last byte of SHA256 of InnerEcRequestSignedForPop
p_hash_inner_ec_request_signed_for_pop := f_hashWithSha256(bit2oct(int2oct(12345, 32))); // Invalue InnseEcRequestSignedForPop
p_hash_inner_ec_request_signed_for_pop := f_hashWithSha256(int2oct(12345, 32)); // Invalid InnseEcRequestSignedForPop
if (f_build_pki_secured_message(vc_eaPrivateKey, valueof(m_signerIdentifier_self), vc_eaHashedId8, p_publicKeyCompressed, p_compressedMode, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data) == false) {
log("*** f_http_build_invalid_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
log("*** f_http_build_invalid_enrolment_request: DEBUG: p_ieee1609dot2_signed_and_encrypted_data = ", p_ieee1609dot2_signed_and_encrypted_data);
} // End of function f_http_build_enrolment_request
} // End of function f_http_build_invalid_enrolment_request
} // End of group http
......@@ -424,13 +491,12 @@ module LibItsPki_Functions {
var integer v_ephemeralKeyModeCompressed;
var octetstring v_encrypted_inner_ec_request;
// Signed the encoded PKI message
v_tbs := m_toBeSignedData(
m_signedDataPayload(
m_etsiTs103097Data_unsecured(p_pki_message)
),
m_headerInfo_inner_ec_request(12345, f_getCurrentTimeUtc()) // TODO Use PIXIT
m_headerInfo_inner_ec_request(c_its_aid_SCR, f_getCurrentTimeUtc())
);
if (ischosen(p_signer_identifier.self_)) {
v_tbs_signed := f_signWithEcdsaNistp256WithSha256(bit2oct(encvalue(v_tbs)), int2oct(0, 32), p_private_key);
......
......@@ -26,16 +26,20 @@ module LibItsPki_Templates {
import from IEEE1609dot2 language "ASN.1:1997" all;
import from EtsiTs102941BaseTypes language "ASN.1:1997" all;
import from EtsiTs102941TypesEnrolment language "ASN.1:1997" all;
import from EtsiTs102941TypesAuthorization language "ASN.1:1997" all;
import from EtsiTs102941MessagesItss language "ASN.1:1997" all;
import from EtsiTs103097Module language "ASN.1:1997" all;
// LibItsSecurity
import from LibItsSecurity_Templates all;
// LibItsPki
import from LibItsPki_TypesAndValues all;
template (value) EtsiTs102941Data m_etsiTs102941Data_inner_ec_request_signed_for_pop(
in template (value) InnerEcRequestSignedForPop p_inner_ec_request_signed_for_pop
) := {
version := 1,
version := PkiProtocolVersion,
content := {
enrolmentRequest := p_inner_ec_request_signed_for_pop
}
......@@ -44,12 +48,30 @@ module LibItsPki_Templates {
template (value) EtsiTs102941Data m_etsiTs102941Data_inner_ec_response(
in template (value) InnerEcResponse p_inner_ec_response
) := {
version := 1,
version := PkiProtocolVersion,
content := {
enrolmentResponse := p_inner_ec_response
}
} // End of template m_etsiTs102941Data_inner_ec_response
template (value) EtsiTs102941Data m_etsiTs102941Data_inner_at_request(
in template (value) InnerAtRequest p_inner_at_response
) := {
version := PkiProtocolVersion,
content := {
authorizationRequest := p_inner_at_response
}
} // End of template m_etsiTs102941Data_inner_at_request
template (value) EtsiTs102941Data m_etsiTs102941Data_inner_at_response(
in template (value) InnerAtResponse p_inner_at_response
) := {
version := PkiProtocolVersion,
content := {
authorizationResponse := p_inner_at_response
}
} // End of template m_etsiTs102941Data_inner_at_response
template (value) EnrolmentRequestMessage m_enrolmentRequestMessage(
in template (value) EncryptedData p_encryptedData
) modifies m_etsiTs103097Data_encrypted := {
......@@ -59,6 +81,16 @@ module LibItsPki_Templates {
template (present) EncryptedData p_encryptedData := ?
) modifies mw_etsiTs103097Data_encrypted := {
} // End of template mw_enrolmentResponseMessage
template (value) AuthorizationRequestMessage m_authorizationRequestMessage(
in template (value) EncryptedData p_encryptedData
) modifies m_etsiTs103097Data_encrypted := {
} // End of template m_authorizationRequestMessage
template (value) AuthorizationResponseMessage m_authorizationResponseMessage(
in template (value) EncryptedData p_encryptedData
) modifies m_etsiTs103097Data_encrypted := {
} // End of template m_authorizationResponseMessage
template (value) EtsiTs102941DataContent m_enrolmentRequest(
in template (value) InnerEcRequestSignedForPop p_enrolmentRequest
......@@ -72,6 +104,18 @@ module LibItsPki_Templates {
enrolmentResponse := p_enrolmentResponse
} // End of template mw_enrolmentResponse
template (value) EtsiTs102941DataContent m_authorizationRequest(
in template (value) InnerAtRequest p_authorizationRequest
) := {
authorizationRequest := p_authorizationRequest
} // End of template m_authorizationRequest
template (present) EtsiTs102941DataContent mw_authorizationResponse(
template (present) InnerAtResponse p_authorizationResponse := ?
) := {
authorizationResponse := p_authorizationResponse
} // End of template mw_authorizationResponse
template (value) InnerEcRequest m_innerEcRequest(
in template (value) charstring p_itsId,
in template (value) PublicKeys p_publicKeys,
......@@ -94,6 +138,30 @@ module LibItsPki_Templates {
requestedSubjectAttributes := p_requestedSubjectAttributes
} // End of template mw_innerEcRequest
template (value) InnerAtRequest m_innerAtRequest(
in template (value) PublicKeys p_publicKeys,
in template (value) Oct32 p_hmacKey,
in template (value) SharedAtRequest p_sharedAtRequest,
in template (value) EcSignature p_ecSignature
) := {
publicKeys := p_publicKeys,
hmacKey := p_hmacKey,
sharedAtRequest := p_sharedAtRequest,
ecSignature := p_ecSignature
} // End of template m_innerAtRequest
template (present) InnerAtRequest mw_innerAtRequest(
template (present) PublicKeys p_publicKeys := ?,
template (present) Oct32 p_hmacKey := ?,
template (present) SharedAtRequest p_sharedAtRequest := ?,
template (present) EcSignature p_ecSignature := ?
) := {
publicKeys := p_publicKeys,
hmacKey := p_hmacKey,
sharedAtRequest := p_sharedAtRequest,
ecSignature := p_ecSignature
} // End of template mw_innerAtRequest
template (omit) PublicKeys m_publicKeys(
in template (value) PublicVerificationKey p_verificationKey,
in template (omit) PublicEncryptionKey p_encryptionKey := omit
......@@ -101,7 +169,7 @@ module LibItsPki_Templates {
verificationKey := p_verificationKey,
encryptionKey := p_encryptionKey
} // End of template m_publicKeys
template PublicKeys mw_publicKeys(
template (present) PublicVerificationKey p_verificationKey := ?,
template PublicEncryptionKey p_encryptionKey := *
......@@ -109,7 +177,7 @@ module LibItsPki_Templates {
verificationKey := p_verificationKey,
encryptionKey := p_encryptionKey
} // End of template mw_publicKeys
template (omit) CertificateSubjectAttributes m_certificateSubjectAttributes(
in template (value) SequenceOfPsidSsp p_appPermissions,
in template (omit) ValidityPeriod p_validityPeriod := omit,
......@@ -123,7 +191,7 @@ module LibItsPki_Templates {
appPermissions := p_appPermissions,
certIssuePermissions := omit
} // End of template m_certificateSubjectAttributes
template (value) InnerEcResponse m_innerEcResponse_ok(
in template (value) Oct16 p_requestHash,
in template (value) EtsiTs103097Certificate p_certificate
......@@ -132,7 +200,7 @@ module LibItsPki_Templates {
responseCode := ok,
certificate := p_certificate
} // End of template m_innerEcResponse_ok
template (present) InnerEcResponse mw_innerEcResponse_ok(
template (present) Oct16 p_requestHash := ?,
template (present) EtsiTs103097Certificate p_certificate := ?
......@@ -141,7 +209,7 @@ module LibItsPki_Templates {
responseCode := ok,
certificate := p_certificate
} // End of template mw_innerEcResponse_ok
template (value) InnerEcResponse m_innerEcResponse_ko(
in template (value) Oct16 p_requestHash,
in template (value) EnrolmentResponseCode p_responseCode
......@@ -150,16 +218,41 @@ module LibItsPki_Templates {
responseCode := p_responseCode,
certificate := omit
} // End of template m_innerEcResponse_ko
template (present) InnerEcResponse mw_innerEcResponse_ko(
template (present) Oct16 p_requestHash := ?,
template (present) EnrolmentResponseCode p_responseCode := complement(ok)
) := {
requestHash := p_requestHash,
responseCode := p_responseCode,
certificate := *
certificate := omit
} // End of template mw_innerEcResponse_ko
template (value) InnerAtResponse m_innerAtResponse_ok(
in template (value) Oct16 p_requestHash,
in template (value) EtsiTs103097Certificate p_certificate
) := {
requestHash := p_requestHash,
responseCode := ok,
certificate := p_certificate
} // End of template m_innerAtResponse_ok
template (present) InnerAtResponse mw_innerAtResponse_ok(
template (present) Oct16 p_requestHash := ?,
template (present) EtsiTs103097Certificate p_certificate := ?
) := {
requestHash := p_requestHash,
responseCode := ok,
certificate := p_certificate
} // End of template mw_innerAtResponse_ok
template (present) InnerAtResponse mw_innerAtResponse_ko(
template (present) Oct16 p_requestHash := ?,
template (present) AuthorizationResponseCode p_responseCode := complement(ok)
) := {
requestHash := p_requestHash,
responseCode := p_responseCode,
certificate := omit
} // End of template mw_innerAtResponse_ko
} // End of module LibItsPki_Templates
......@@ -47,6 +47,21 @@ module LibItsPki_TestSystem {
out AcPkiPrimitive;
in AcPkiResponse;
} // End of AdapterControlPkiPort
/**
* @desc Adapter control port
*/
type port AdapterControlPort message {
out AcPkiPrimitive;
in AcPkiResponse;
} // End of AdapterControlPort
/**
* @desc Upper Tester port
*/
type port UpperTesterPort message {
out UtPkiInitialize, UtPkiTrigger;
in UtPkiResults;
} // End of UpperTesterPort
type port PkiPort message {
inout InnerEcRequest, InnerEcResponse;
......@@ -61,6 +76,8 @@ module LibItsPki_TestSystem {
} // End of component ItsPkiHttpSystem
type component ItsPkiItssSystem extends ItsPkiSystem {
port AdapterControlPort acPort;
port UpperTesterPort utPort;
port GeoNetworkingPort geoNetworkingPort;
} // End of component ItsPkiItssSystem
......@@ -76,10 +93,13 @@ module LibItsPki_TestSystem {
var octetstring vc_eaPrivateKey; /** Test Adapter EA private key for signature */
var octetstring vc_eaPrivateEncKey; /** Test Adapter EA private key for encryption */
var HashedId8 vc_eaHashedId8; /** Test Adapter EA HashedId8 for decryption of IUT's response */
var Certificate vc_peerEaCertificate; /** IUT EA certificate for signature check */
var octetstring vc_eaPeerWholeHash; /** IUT EA whole-hash for signature check */
} // End of component ItsPki
type component ItsPkiItss extends ItsPki {
port AdapterControlPort acPort;
port UpperTesterPort utPort;
port GeoNetworkingPort geoNetworkingPort;
} // End of component ItsPkiItss
......
......@@ -10,6 +10,10 @@
*/
module LibItsPki_TypesAndValues {
// LibCommon
import from LibCommon_BasicTypesAndValues all;
import from LibCommon_DataStrings all;
// LibIts
import from IEEE1609dot2BaseTypes language "ASN.1:1997" all;
......@@ -17,8 +21,6 @@ module LibItsPki_TypesAndValues {
const integer PkiProtocolVersion := 1;
const Psid its_aid_secured_cert_request := 12345;
} // End of group constants
group acPrimitives {
......@@ -52,11 +54,62 @@ module LibItsPki_TypesAndValues {
encode "LibItsPki"
} // AcSetSecurityData
} // end acPrimitives
with {
} with {
variant ""
encode "AdapterControl"
} // End of group acPrimitives
group utPrimitives {
/**
* @desc Upper Tester message to initialize ITS-S IUT
* @member hashedId8 In case of secured mode set, hashedId8 indicate which certificate the IUT shall use
*/
type record UtPkiInitialize {
Oct8 hashedId8
} with {
variant "FIELDORDER(msb)"
}
/**
* @desc Upper Tester results message of the PKI ITS-S IUT
*/
type union UtPkiResults {
boolean utPkiInitializeResult,
boolean utPkiTriggerResult
} with {
variant ""
} // End of type UtPkiResults
/**
* @desc UT primitives for PKI ITS-S IUT
* @member triggerEnrolmentRequest Request to trigger an EnrolmentRequest
*/
type union UtPkiTrigger {
TriggerEnrolmentRequest triggerEnrolmentRequest
} with {
variant ""
} // End of type UtPkiTrigger
/**
* @desc Request to trigger an EnrolmentRequest
* @member hashAlgorithm The Hash algorithm to be used (sha256 or sha384)
* @member privateKey The private key to be used for signature of the requested EA certificate
* @member compressedPublickey The compressed public key to be used for signature of the requested EA certificate (format: [02|03]<compressed public key>
*/
type record TriggerEnrolmentRequest {
HashAlgorithm hashAlgorithm,
octetstring privateKey,
octetstring compressedPublickey
} with {
variant "FIELDORDER(msb)"
} // End of type TriggerEnrolmentRequest
} with {
encode "UpperTester"
variant ""
} // End of group utPrimitives
}
with {
variant ""
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment