Commit 969b2095 authored by YannGarcia's avatar YannGarcia
Browse files

ITS CMS-7 Plugtest bug fixes

parent 3c0c0de3
This diff is collapsed.
......@@ -199,6 +199,6 @@ module LibItsPki_Pics {
/**
* @desc Invalid Canonical ITSS-S identifier
*/
modulepar octetstring PICS_INVALID_ITS_S_CANONICAL_ID := '0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A'O;
modulepar octetstring PICS_INVALID_ITS_S_CANONICAL_ID := 'BABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABA'O;
} // End of module LibItsPki_Pics
......@@ -52,6 +52,10 @@ module LibItsPki_Pixits {
modulepar octetstring PX_INNER_EC_CERTFICATE_INCORRECT_BITMAP_SSP_SCR := '01FF'O;
modulepar octetstring PX_INNER_EC_CERTFICATE_INCORRECT_BITMAP_SSP_SCR_WRONG_VERSION := '00C0'O;
modulepar octetstring PX_INNER_EC_CERTFICATE_INCORRECT_BITMAP_SSP_SCR_WRONG_SSP_BIT := '0180'O;
modulepar octetstring PX_INNER_EC_CERTFICATE_BITMAP_SSP_CAM := '830001'O;
modulepar octetstring PX_INNER_EC_CERTFICATE_BITMAP_SSP_DENM := '830001'O;
......
......@@ -190,10 +190,16 @@ module LibItsPki_Templates {
authorizationResponse := p_authorizationResponse
} // End of template mw_authorizationResponse
template (present) EtsiTs102941DataContent mw_authorizationValidationRequest(
template (present) AuthorizationValidationRequest p_authorization_validation_request := ?
) := {
authorizationValidationRequest := p_authorization_validation_request
} // End of template mw_authorizationValidationRequest
template (present) EtsiTs102941DataContent mw_authorizationValidationResponse(
template (present) AuthorizationValidationResponse p_authorization_alidation_response := ?
template (present) AuthorizationValidationResponse p_authorization_validation_response := ?
) := {
authorizationValidationResponse := p_authorization_alidation_response
authorizationValidationResponse := p_authorization_validation_response
} // End of template mw_authorizationValidationResponse
template (value) InnerEcRequest m_innerEcRequest(
......@@ -359,21 +365,21 @@ module LibItsPki_Templates {
certificate := omit
} // End of template mw_innerAtResponse_ko
template (value) AuthorizationValidationRequest m_authorizationValidationRequest(
in template (value) SharedAtRequest p_sharedAtRequest,
in template (value) EcSignature p_ecSignature
) := {
template (value) AuthorizationValidationRequest m_authorization_validation_request(
in template (value) SharedAtRequest p_sharedAtRequest,
in template (value) EcSignature p_ecSignature
) := {
sharedAtRequest := p_sharedAtRequest,
ecSignature := p_ecSignature
} // End of template m_authorizationValidationRequest
} // End of template m_authorization_validation_request
template (present) AuthorizationValidationRequest mw_authorizationValidationRequest(
template (present) SharedAtRequest p_sharedAtRequest := ?,
template (present) EcSignature p_ecSignature := ?
) := {
template (present) AuthorizationValidationRequest mw_authorization_validation_request(
template (present) SharedAtRequest p_sharedAtRequest := ?,
template (present) EcSignature p_ecSignature := ?
) := {
sharedAtRequest := p_sharedAtRequest,
ecSignature := p_ecSignature
} // End of template mw_authorizationValidationRequest
} // End of template mw_authorization_validation_request
template (value) AuthorizationValidationResponse m_authorizationValidationResponse_ok(
template (value) Oct16 p_requestHash,
......
......@@ -2012,19 +2012,31 @@ module LibItsSecurity_Functions {
group sspPermissions {
function f_verifySspPermissions(
in SequenceOfPsidSsp p_issuer_ssp_permissions,
in SequenceOfPsidSsp p_subordinate_ssp_permissions
in SequenceOfPsidSsp p_issuer_ssp_permissions,
in SequenceOfPsidSsp p_subordinate_ssp_permissions,
in boolean p_strict_checks := false
) return boolean {
// Local variables
var integer v_idx := 0;
log(">>> f_verifySspPermissions: p_issuer_ssp_permissions:", p_issuer_ssp_permissions);
log(">>> f_verifySspPermissions: p_subordinate_ssp_permissions: ", p_subordinate_ssp_permissions);
for (v_idx := 0; v_idx < lengthof(p_issuer_ssp_permissions); v_idx := v_idx + 1) {
var PsidSsp v_issuerPsidSsp := p_issuer_ssp_permissions[v_idx];
var PsidSsp v_subordinatePsidSsp;
var boolean v_found := false;
var integer v_jdx := 0;
log("f_verifySspPermissions: v_issuerPsidSsp: ", v_issuerPsidSsp);
// 1. Check permission from issuer is present
for (v_jdx := 0; v_jdx < lengthof(p_subordinate_ssp_permissions); v_jdx := v_jdx + 1) {
log("f_verifySspPermissions: match=", match(v_issuerPsidSsp, m_appPermissions(p_subordinate_ssp_permissions[v_jdx].psid, p_subordinate_ssp_permissions[v_jdx].ssp)));
// 1. Check the version
if (p_subordinate_ssp_permissions[v_jdx].ssp.bitmapSsp[0] != '01'O) {
log("f_verifySspPermissions: Wrong SSP version control (1 is expected): ", p_subordinate_ssp_permissions[v_jdx].ssp.bitmapSsp[0]);
return false;
}
// 2. Check the version
if (match(v_issuerPsidSsp, m_appPermissions(p_subordinate_ssp_permissions[v_jdx].psid, p_subordinate_ssp_permissions[v_jdx].ssp)) == true) {
v_subordinatePsidSsp := p_subordinate_ssp_permissions[v_jdx];
v_found := true;
......@@ -2033,21 +2045,31 @@ module LibItsSecurity_Functions {
} // End of 'for' statement
if (v_found == false) {
log("f_verifySspPermissions: Permission set not found: ", v_issuerPsidSsp)
return false;
if (p_strict_checks == true) {
return false;
} else {
return true;
}
}
// 2. Validate bits mask
if (ispresent(v_issuerPsidSsp.ssp)) {
if (ispresent(v_subordinatePsidSsp.ssp) == false) {
log("f_verifySspPermissions: Ssp shall not be omitted: ", v_issuerPsidSsp)
return false;
if (p_strict_checks == true) {
return false;
}
}
if ((ischosen(v_issuerPsidSsp.ssp.bitmapSsp) == false) or (ischosen(v_subordinatePsidSsp.ssp.bitmapSsp) == false)) {
log("f_verifySspPermissions: Wrong variant : ", v_issuerPsidSsp.ssp, " / ", v_subordinatePsidSsp.ssp);
return false;
log("f_verifySspPermissions: Wrong variant : ", v_issuerPsidSsp, " / ", v_subordinatePsidSsp);
if (p_strict_checks == true) {
return false;
}
}
if (lengthof(v_issuerPsidSsp.ssp.bitmapSsp) < lengthof(v_subordinatePsidSsp.ssp.bitmapSsp)) {
log("f_verifySspPermissions: Ssp not be compliant: ", v_issuerPsidSsp.ssp, " / ", v_subordinatePsidSsp.ssp);
return false;
if (p_strict_checks == true) {
return false;
}
} else {
var charstring v_issuerSsp := bit2str(oct2bit(v_issuerPsidSsp.ssp.bitmapSsp));
var charstring v_subordinateSsp := bit2str(oct2bit(v_subordinatePsidSsp.ssp.bitmapSsp));
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment