Loading ttcn/Pki/LibItsPki_Functions.ttcn +23 −24 Original line number Original line Diff line number Diff line Loading @@ -1047,9 +1047,9 @@ module LibItsPki_Functions { log("f_http_build_inner_ec_response: p_inner_ec_response= ", p_inner_ec_response); log("f_http_build_inner_ec_response: p_inner_ec_response= ", p_inner_ec_response); v_msg := bit2oct(encvalue(m_etsiTs102941Data_inner_ec_response(p_inner_ec_response))); v_msg := bit2oct(encvalue(m_etsiTs102941Data_inner_ec_response(p_inner_ec_response))); v_nonce := substr(f_hashWithSha256(int2oct((f_getCurrentTimeUtc() * 1000), 16)), 0, 12); // Random value v_nonce := substr(f_hashWithSha256(int2oct((f_getCurrentTimeUtc() * 1000), 16)), 0, 12); // Random value // TODO Consider Sha384: m_signerIdentifier_digest(f_HashedId8FromSha384(p_digest)) // TODO Consider Sha384: m_signerIdentifier_digest(f_hashedId8FromSha384(p_digest)) if (f_build_pki_secured_response_message(p_private_key, if (f_build_pki_secured_response_message(p_private_key, valueof(m_signerIdentifier_digest(f_HashedId8FromSha256(p_digest))),// in SignerIdentifier p_signer_identifier, valueof(m_signerIdentifier_digest(f_hashedId8FromSha256(p_digest))),// in SignerIdentifier p_signer_identifier, v_msg, v_msg, p_aes_sym_key, p_aes_sym_key, v_nonce, v_nonce, Loading Loading @@ -1364,9 +1364,9 @@ module LibItsPki_Functions { log("f_http_build_authorization_response: p_inner_at_response= ", p_inner_at_response); log("f_http_build_authorization_response: p_inner_at_response= ", p_inner_at_response); v_msg := bit2oct(encvalue(m_etsiTs102941Data_inner_at_response(p_inner_at_response))); v_msg := bit2oct(encvalue(m_etsiTs102941Data_inner_at_response(p_inner_at_response))); v_nonce := substr(f_hashWithSha256(int2oct((f_getCurrentTimeUtc() * 1000), 16)), 0, 12); // Random value v_nonce := substr(f_hashWithSha256(int2oct((f_getCurrentTimeUtc() * 1000), 16)), 0, 12); // Random value // TODO Consider Sha384: m_signerIdentifier_digest(f_HashedId8FromSha384(p_digest)) // TODO Consider Sha384: m_signerIdentifier_digest(f_hashedId8FromSha384(p_digest)) if (f_build_pki_secured_response_message(p_private_key, if (f_build_pki_secured_response_message(p_private_key, valueof(m_signerIdentifier_digest(f_HashedId8FromSha256(p_digest))),// in SignerIdentifier p_signer_identifier, valueof(m_signerIdentifier_digest(f_hashedId8FromSha256(p_digest))),// in SignerIdentifier p_signer_identifier, v_msg, v_msg, p_aes_sym_key, p_aes_sym_key, v_nonce, v_nonce, Loading Loading @@ -1532,9 +1532,9 @@ module LibItsPki_Functions { log("f_http_build_authorization_validation_response: p_authorization_validation_response= ", p_authorization_validation_response); log("f_http_build_authorization_validation_response: p_authorization_validation_response= ", p_authorization_validation_response); v_msg := bit2oct(encvalue(p_authorization_validation_response)); v_msg := bit2oct(encvalue(p_authorization_validation_response)); v_nonce := substr(f_hashWithSha256(int2oct((f_getCurrentTimeUtc() * 1000), 16)), 0, 12); // Random value v_nonce := substr(f_hashWithSha256(int2oct((f_getCurrentTimeUtc() * 1000), 16)), 0, 12); // Random value // TODO Consider Sha384: m_signerIdentifier_digest(f_HashedId8FromSha384(p_digest)) // TODO Consider Sha384: m_signerIdentifier_digest(f_hashedId8FromSha384(p_digest)) if (f_build_pki_secured_response_message(p_private_key, if (f_build_pki_secured_response_message(p_private_key, valueof(m_signerIdentifier_digest(f_HashedId8FromSha256(p_digest))),// in SignerIdentifier p_signer_identifier, valueof(m_signerIdentifier_digest(f_hashedId8FromSha256(p_digest))),// in SignerIdentifier p_signer_identifier, v_msg, v_msg, p_aes_sym_key, p_aes_sym_key, v_nonce, v_nonce, Loading Loading @@ -1607,7 +1607,7 @@ module LibItsPki_Functions { return false; return false; } } v_cert := m_etsiTs103097Certificate( v_cert := m_etsiTs103097Certificate( m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(f_hashWithSha256('616263'O))), m_issuerIdentifier_sha256AndDigest(f_hashedId8FromSha256(f_hashWithSha256('616263'O))), m_toBeSignedCertificate_at( m_toBeSignedCertificate_at( v_appPermissions, v_appPermissions, m_verificationKeyIndicator_verificationKey( m_verificationKeyIndicator_verificationKey( Loading Loading @@ -1668,7 +1668,7 @@ module LibItsPki_Functions { log(">>> f_generate_ec_certificate_for_inner_ec_response"); log(">>> f_generate_ec_certificate_for_inner_ec_response"); v_issuer := valueof(m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(p_digest))); // TODO Check sha256/384 f_HashedId8FromSha384 v_issuer := valueof(m_issuerIdentifier_sha256AndDigest(f_hashedId8FromSha256(p_digest))); // TODO Check sha256/384 f_hashedId8FromSha384 v_cert := valueof( v_cert := valueof( m_etsiTs103097Certificate( m_etsiTs103097Certificate( v_issuer, v_issuer, Loading Loading @@ -1740,7 +1740,7 @@ module LibItsPki_Functions { var bitstring v_tbs; var bitstring v_tbs; var octetstring v_sig; var octetstring v_sig; v_issuer := valueof(m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(p_digest))); // TODO Check sha256/384 f_HashedId8FromSha384 v_issuer := valueof(m_issuerIdentifier_sha256AndDigest(f_hashedId8FromSha256(p_digest))); // TODO Check sha256/384 f_hashedId8FromSha384 v_cert := valueof( v_cert := valueof( m_etsiTs103097Certificate( m_etsiTs103097Certificate( v_issuer, v_issuer, Loading Loading @@ -1813,7 +1813,7 @@ module LibItsPki_Functions { log(">>> f_generate_at_certificate_for_authorization_response"); log(">>> f_generate_at_certificate_for_authorization_response"); v_issuer := valueof(m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(p_digest))); // TODO Check sha256/384 f_HashedId8FromSha384 v_issuer := valueof(m_issuerIdentifier_sha256AndDigest(f_hashedId8FromSha256(p_digest))); // TODO Check sha256/384 f_hashedId8FromSha384 v_cert := valueof( v_cert := valueof( m_etsiTs103097Certificate( m_etsiTs103097Certificate( v_issuer, v_issuer, Loading Loading @@ -1927,8 +1927,7 @@ module LibItsPki_Functions { m_publicKeys( m_publicKeys( v_public_verification_key v_public_verification_key ), ), m_certificateSubjectAttributes_id_omit/*FIXME No name*/( m_certificateSubjectAttributes_id_none/*FIXME No name*/( /*oct2char(PICS_ITS_S_CANONICAL_ID),*/ { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs valueof(m_appPermissions(c_its_aid_SCR, { bitmapSsp := PX_INNER_EC_CERTFICATE_BITMAP_SSP_SCR })) valueof(m_appPermissions(c_its_aid_SCR, { bitmapSsp := PX_INNER_EC_CERTFICATE_BITMAP_SSP_SCR })) }, }, Loading Loading @@ -2299,10 +2298,10 @@ module LibItsPki_Functions { v_enc_value := encvalue(p_ec_certificate); v_enc_value := encvalue(p_ec_certificate); if (ischosen(p_ec_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1)) { if (ischosen(p_ec_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1)) { v_ec_hash := f_hashWithSha384(bit2oct(v_enc_value)); v_ec_hash := f_hashWithSha384(bit2oct(v_enc_value)); v_ec_hashed_id8 := f_HashedId8FromSha384(v_ec_hash); v_ec_hashed_id8 := f_hashedId8FromSha384(v_ec_hash); } else { } else { v_ec_hash := f_hashWithSha256(bit2oct(v_enc_value)); v_ec_hash := f_hashWithSha256(bit2oct(v_enc_value)); v_ec_hashed_id8 := f_HashedId8FromSha256(v_ec_hash); v_ec_hashed_id8 := f_hashedId8FromSha256(v_ec_hash); } } log("f_generate_inner_at_request: v_ec_hash= ", v_ec_hash); log("f_generate_inner_at_request: v_ec_hash= ", v_ec_hash); Loading Loading @@ -2605,10 +2604,10 @@ module LibItsPki_Functions { v_enc_value := encvalue(p_ec_certificate); v_enc_value := encvalue(p_ec_certificate); if (ischosen(p_ec_certificate.issuer.sha256AndDigest)) { if (ischosen(p_ec_certificate.issuer.sha256AndDigest)) { v_ec_hash := f_hashWithSha256(bit2oct(v_enc_value)); v_ec_hash := f_hashWithSha256(bit2oct(v_enc_value)); v_ec_hashed_id8 := f_HashedId8FromSha256(v_ec_hash); v_ec_hashed_id8 := f_hashedId8FromSha256(v_ec_hash); } else { } else { v_ec_hash := f_hashWithSha384(bit2oct(v_enc_value)); v_ec_hash := f_hashWithSha384(bit2oct(v_enc_value)); v_ec_hashed_id8 := f_HashedId8FromSha384(v_ec_hash); v_ec_hashed_id8 := f_hashedId8FromSha384(v_ec_hash); } } log("f_generate_inner_at_request_with_wrong_parameters: v_ec_hash= ", v_ec_hash); log("f_generate_inner_at_request_with_wrong_parameters: v_ec_hash= ", v_ec_hash); log("f_generate_inner_at_request_with_wrong_parameters: v_ec_hashed_id8= ", v_ec_hashed_id8); log("f_generate_inner_at_request_with_wrong_parameters: v_ec_hashed_id8= ", v_ec_hashed_id8); Loading Loading @@ -3207,7 +3206,7 @@ module LibItsPki_Functions { log(">>> f_await_http_inner_ec_request_response: p_strict_checks=", p_strict_checks); log(">>> f_await_http_inner_ec_request_response: p_strict_checks=", p_strict_checks); f_http_build_inner_ec_request(p_private_key, p_compressed_public_key, p_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash); f_http_build_inner_ec_request(p_private_key, p_compressed_public_key, p_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash); v_aes_sym_key_hashed_id8 := f_HashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to macth the response v_aes_sym_key_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to macth the response f_init_default_headers_list(-, "inner_ec_request", v_headers); f_init_default_headers_list(-, "inner_ec_request", v_headers); f_http_send( f_http_send( v_headers, v_headers, Loading Loading @@ -3482,7 +3481,7 @@ module LibItsPki_Functions { log("f_build_pki_secured_request_message_signed_with_pop: p_recipientId= ", p_recipientId); log("f_build_pki_secured_request_message_signed_with_pop: p_recipientId= ", p_recipientId); if (p_recipientId == int2oct(0, 8)) { if (p_recipientId == int2oct(0, 8)) { log("f_build_pki_secured_request_message_signed_with_pop: f_hashWithSha256(v_encrypted_sym_key)= ", f_hashWithSha256(p_encrypted_sym_key)); log("f_build_pki_secured_request_message_signed_with_pop: f_hashWithSha256(v_encrypted_sym_key)= ", f_hashWithSha256(p_encrypted_sym_key)); v_recipientId := f_HashedId8FromSha256(f_hashWithSha256(p_encrypted_sym_key)); v_recipientId := f_hashedId8FromSha256(f_hashWithSha256(p_encrypted_sym_key)); } else { } else { v_recipientId := p_recipientId; v_recipientId := p_recipientId; } } Loading Loading @@ -3601,7 +3600,7 @@ module LibItsPki_Functions { log("f_build_pki_secured_request_message: p_recipientId= ", p_recipientId); log("f_build_pki_secured_request_message: p_recipientId= ", p_recipientId); if (p_recipientId == int2oct(0, 8)) { if (p_recipientId == int2oct(0, 8)) { log("f_build_pki_secured_request_message: f_hashWithSha256(v_encrypted_sym_key)= ", f_hashWithSha256(p_encrypted_sym_key)); log("f_build_pki_secured_request_message: f_hashWithSha256(v_encrypted_sym_key)= ", f_hashWithSha256(p_encrypted_sym_key)); v_recipientId := f_HashedId8FromSha256(f_hashWithSha256(p_encrypted_sym_key)); v_recipientId := f_hashedId8FromSha256(f_hashWithSha256(p_encrypted_sym_key)); } else { } else { v_recipientId := p_recipientId; v_recipientId := p_recipientId; } } Loading Loading @@ -3712,7 +3711,7 @@ module LibItsPki_Functions { log("f_build_pki_secured_request_message_for_authorization: p_recipientId= ", p_recipientId); log("f_build_pki_secured_request_message_for_authorization: p_recipientId= ", p_recipientId); if (p_recipientId == int2oct(0, 8)) { if (p_recipientId == int2oct(0, 8)) { log("f_build_pki_secured_request_message_for_authorization: f_hashWithSha256(v_encrypted_sym_key)= ", f_hashWithSha256(p_encrypted_sym_key)); log("f_build_pki_secured_request_message_for_authorization: f_hashWithSha256(v_encrypted_sym_key)= ", f_hashWithSha256(p_encrypted_sym_key)); v_recipientId := f_HashedId8FromSha256(f_hashWithSha256(p_encrypted_sym_key)); v_recipientId := f_hashedId8FromSha256(f_hashWithSha256(p_encrypted_sym_key)); } else { } else { v_recipientId := p_recipientId; v_recipientId := p_recipientId; } } Loading Loading @@ -3836,7 +3835,7 @@ module LibItsPki_Functions { // Encode EtsiTs103097Data-Signed data structure // Encode EtsiTs103097Data-Signed data structure v_encoded_inner_ec_response := bit2oct(encvalue(v_ieee1609dot2_signed_data)); v_encoded_inner_ec_response := bit2oct(encvalue(v_ieee1609dot2_signed_data)); v_encrypted_inner_ec_response := fx_encrypt_aes_128_ccm_test(p_aes_sym_key, p_nonce, v_encoded_inner_ec_response); v_encrypted_inner_ec_response := fx_encrypt_aes_128_ccm_test(p_aes_sym_key, p_nonce, v_encoded_inner_ec_response); v_recipientId := f_HashedId8FromSha256(f_hashWithSha256(p_aes_sym_key)); v_recipientId := f_hashedId8FromSha256(f_hashWithSha256(p_aes_sym_key)); log("v_recipientId= ", v_recipientId); log("v_recipientId= ", v_recipientId); // Fill Certificate template with the public compressed keys (canonical form) // Fill Certificate template with the public compressed keys (canonical form) p_ieee1609dot2_signed_and_encrypted_data := valueof( p_ieee1609dot2_signed_and_encrypted_data := valueof( Loading Loading @@ -3962,7 +3961,7 @@ module LibItsPki_Functions { } } //return false; //return false; } else { } else { if (f_getCertificateFromDigest(f_HashedId8FromSha256(p_issuer), v_certificate, v_certificate_id) == false) { if (f_getCertificateFromDigest(f_hashedId8FromSha256(p_issuer), v_certificate, v_certificate_id) == false) { if (p_check_security == true) { if (p_check_security == true) { return false; return false; } } Loading Loading @@ -4112,7 +4111,7 @@ module LibItsPki_Functions { v_encoded_cert := encvalue(p_ec_certificate); v_encoded_cert := encvalue(p_ec_certificate); v_ec_cert_hash := f_hashWithSha256(bit2oct(v_encoded_cert)); v_ec_cert_hash := f_hashWithSha256(bit2oct(v_encoded_cert)); log("f_verify_ec_certificate: ==> EC certificate Hash: ", v_ec_cert_hash); log("f_verify_ec_certificate: ==> EC certificate Hash: ", v_ec_cert_hash); v_ec_cert_hashed_id8 := f_HashedId8FromSha256(v_ec_cert_hash); v_ec_cert_hashed_id8 := f_hashedId8FromSha256(v_ec_cert_hash); log("f_verify_ec_certificate: ==> EC certificate HashedId8: ", v_ec_cert_hashed_id8); log("f_verify_ec_certificate: ==> EC certificate HashedId8: ", v_ec_cert_hashed_id8); // Check the signer // Check the signer Loading Loading @@ -4157,7 +4156,7 @@ module LibItsPki_Functions { // Calculate the HashedId8 of the whole certificate // Calculate the HashedId8 of the whole certificate v_encoded_cert := encvalue(p_at_certificate); v_encoded_cert := encvalue(p_at_certificate); v_at_cert_hashed_id8 := f_HashedId8FromSha256(f_hashWithSha256(bit2oct(v_encoded_cert))); v_at_cert_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256(bit2oct(v_encoded_cert))); log("f_verify_at_certificate: EC certificate HashedId8: ", v_at_cert_hashed_id8); log("f_verify_at_certificate: EC certificate HashedId8: ", v_at_cert_hashed_id8); // Check the signer // Check the signer Loading ttcn/Pki/LibItsPki_TestSystem.ttcn +2 −2 Original line number Original line Diff line number Diff line Loading @@ -87,7 +87,7 @@ module LibItsPki_TestSystem { var octetstring vc_aaPrivateEncKey; /** Test Adapter AA private key for encryption */ var octetstring vc_aaPrivateEncKey; /** Test Adapter AA private key for encryption */ var HashedId8 vc_aaHashedId8; /** Test Adapter AA HashedId8 for decryption of IUT's response */ var HashedId8 vc_aaHashedId8; /** Test Adapter AA HashedId8 for decryption of IUT's response */ var octetstring vc_aaWholeHash; /** Test Adapter AA whole-hash for signature check */ var octetstring vc_aaWholeHash; /** Test Adapter AA whole-hash for signature check */ var octetstring vc_aaWholeHash256; /** Test Adapter EA whole-hash using SHA 256 for encryption because of encryption key size ==32 */ var octetstring vc_aaWholeHash256; /** Test Adapter AA whole-hash using SHA 256 for encryption because of encryption key size == 32 */ } // End of component ItsPkiHttp } // End of component ItsPkiHttp /** /** Loading ttcn/Security/LibItsSecurity_Functions.ttcn +6 −6 Original line number Original line Diff line number Diff line Loading @@ -406,11 +406,11 @@ module LibItsSecurity_Functions { * @return The HashedId8 value * @return The HashedId8 value * @verdict * @verdict */ */ function f_HashedId8FromSha256( function f_hashedId8FromSha256( in Oct32 p_hash in Oct32 p_hash ) return HashedId8 { ) return HashedId8 { return substr(p_hash, lengthof(p_hash) - 8, 8); return substr(p_hash, lengthof(p_hash) - 8, 8); } // End of function f_HashedId8FromSha256 } // End of function f_hashedId8FromSha256 /** /** * @desc Compute the HashedId8 value from the hash value * @desc Compute the HashedId8 value from the hash value Loading @@ -418,11 +418,11 @@ module LibItsSecurity_Functions { * @return The HashedId8 value * @return The HashedId8 value * @verdict * @verdict */ */ function f_HashedId8FromSha384( function f_hashedId8FromSha384( in Oct48 p_hash in Oct48 p_hash ) return HashedId8 { ) return HashedId8 { return substr(p_hash, lengthof(p_hash) - 8, 8); return substr(p_hash, lengthof(p_hash) - 8, 8); } // End of function f_HashedId8FromSha384 } // End of function f_hashedId8FromSha384 /** /** * @desc Compute the HashedId3 value from the HashedId8 value * @desc Compute the HashedId3 value from the HashedId8 value Loading @@ -430,11 +430,11 @@ module LibItsSecurity_Functions { * @return The HashedId3 value * @return The HashedId3 value * @verdict Unchanged * @verdict Unchanged */ */ function f_HashedId3FromHashedId8( function f_hashedId3FromHashedId8( in HashedId8 p_hashedId8 in HashedId8 p_hashedId8 ) return HashedId3 { ) return HashedId3 { return substr(p_hashedId8, lengthof(p_hashedId8) - 3, 3); return substr(p_hashedId8, lengthof(p_hashedId8) - 3, 3); } // End of function f_HashedId3FromHashedId8 } // End of function f_hashedId3FromHashedId8 /** /** * @desc Verify the signature of the specified data * @desc Verify the signature of the specified data Loading Loading
ttcn/Pki/LibItsPki_Functions.ttcn +23 −24 Original line number Original line Diff line number Diff line Loading @@ -1047,9 +1047,9 @@ module LibItsPki_Functions { log("f_http_build_inner_ec_response: p_inner_ec_response= ", p_inner_ec_response); log("f_http_build_inner_ec_response: p_inner_ec_response= ", p_inner_ec_response); v_msg := bit2oct(encvalue(m_etsiTs102941Data_inner_ec_response(p_inner_ec_response))); v_msg := bit2oct(encvalue(m_etsiTs102941Data_inner_ec_response(p_inner_ec_response))); v_nonce := substr(f_hashWithSha256(int2oct((f_getCurrentTimeUtc() * 1000), 16)), 0, 12); // Random value v_nonce := substr(f_hashWithSha256(int2oct((f_getCurrentTimeUtc() * 1000), 16)), 0, 12); // Random value // TODO Consider Sha384: m_signerIdentifier_digest(f_HashedId8FromSha384(p_digest)) // TODO Consider Sha384: m_signerIdentifier_digest(f_hashedId8FromSha384(p_digest)) if (f_build_pki_secured_response_message(p_private_key, if (f_build_pki_secured_response_message(p_private_key, valueof(m_signerIdentifier_digest(f_HashedId8FromSha256(p_digest))),// in SignerIdentifier p_signer_identifier, valueof(m_signerIdentifier_digest(f_hashedId8FromSha256(p_digest))),// in SignerIdentifier p_signer_identifier, v_msg, v_msg, p_aes_sym_key, p_aes_sym_key, v_nonce, v_nonce, Loading Loading @@ -1364,9 +1364,9 @@ module LibItsPki_Functions { log("f_http_build_authorization_response: p_inner_at_response= ", p_inner_at_response); log("f_http_build_authorization_response: p_inner_at_response= ", p_inner_at_response); v_msg := bit2oct(encvalue(m_etsiTs102941Data_inner_at_response(p_inner_at_response))); v_msg := bit2oct(encvalue(m_etsiTs102941Data_inner_at_response(p_inner_at_response))); v_nonce := substr(f_hashWithSha256(int2oct((f_getCurrentTimeUtc() * 1000), 16)), 0, 12); // Random value v_nonce := substr(f_hashWithSha256(int2oct((f_getCurrentTimeUtc() * 1000), 16)), 0, 12); // Random value // TODO Consider Sha384: m_signerIdentifier_digest(f_HashedId8FromSha384(p_digest)) // TODO Consider Sha384: m_signerIdentifier_digest(f_hashedId8FromSha384(p_digest)) if (f_build_pki_secured_response_message(p_private_key, if (f_build_pki_secured_response_message(p_private_key, valueof(m_signerIdentifier_digest(f_HashedId8FromSha256(p_digest))),// in SignerIdentifier p_signer_identifier, valueof(m_signerIdentifier_digest(f_hashedId8FromSha256(p_digest))),// in SignerIdentifier p_signer_identifier, v_msg, v_msg, p_aes_sym_key, p_aes_sym_key, v_nonce, v_nonce, Loading Loading @@ -1532,9 +1532,9 @@ module LibItsPki_Functions { log("f_http_build_authorization_validation_response: p_authorization_validation_response= ", p_authorization_validation_response); log("f_http_build_authorization_validation_response: p_authorization_validation_response= ", p_authorization_validation_response); v_msg := bit2oct(encvalue(p_authorization_validation_response)); v_msg := bit2oct(encvalue(p_authorization_validation_response)); v_nonce := substr(f_hashWithSha256(int2oct((f_getCurrentTimeUtc() * 1000), 16)), 0, 12); // Random value v_nonce := substr(f_hashWithSha256(int2oct((f_getCurrentTimeUtc() * 1000), 16)), 0, 12); // Random value // TODO Consider Sha384: m_signerIdentifier_digest(f_HashedId8FromSha384(p_digest)) // TODO Consider Sha384: m_signerIdentifier_digest(f_hashedId8FromSha384(p_digest)) if (f_build_pki_secured_response_message(p_private_key, if (f_build_pki_secured_response_message(p_private_key, valueof(m_signerIdentifier_digest(f_HashedId8FromSha256(p_digest))),// in SignerIdentifier p_signer_identifier, valueof(m_signerIdentifier_digest(f_hashedId8FromSha256(p_digest))),// in SignerIdentifier p_signer_identifier, v_msg, v_msg, p_aes_sym_key, p_aes_sym_key, v_nonce, v_nonce, Loading Loading @@ -1607,7 +1607,7 @@ module LibItsPki_Functions { return false; return false; } } v_cert := m_etsiTs103097Certificate( v_cert := m_etsiTs103097Certificate( m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(f_hashWithSha256('616263'O))), m_issuerIdentifier_sha256AndDigest(f_hashedId8FromSha256(f_hashWithSha256('616263'O))), m_toBeSignedCertificate_at( m_toBeSignedCertificate_at( v_appPermissions, v_appPermissions, m_verificationKeyIndicator_verificationKey( m_verificationKeyIndicator_verificationKey( Loading Loading @@ -1668,7 +1668,7 @@ module LibItsPki_Functions { log(">>> f_generate_ec_certificate_for_inner_ec_response"); log(">>> f_generate_ec_certificate_for_inner_ec_response"); v_issuer := valueof(m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(p_digest))); // TODO Check sha256/384 f_HashedId8FromSha384 v_issuer := valueof(m_issuerIdentifier_sha256AndDigest(f_hashedId8FromSha256(p_digest))); // TODO Check sha256/384 f_hashedId8FromSha384 v_cert := valueof( v_cert := valueof( m_etsiTs103097Certificate( m_etsiTs103097Certificate( v_issuer, v_issuer, Loading Loading @@ -1740,7 +1740,7 @@ module LibItsPki_Functions { var bitstring v_tbs; var bitstring v_tbs; var octetstring v_sig; var octetstring v_sig; v_issuer := valueof(m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(p_digest))); // TODO Check sha256/384 f_HashedId8FromSha384 v_issuer := valueof(m_issuerIdentifier_sha256AndDigest(f_hashedId8FromSha256(p_digest))); // TODO Check sha256/384 f_hashedId8FromSha384 v_cert := valueof( v_cert := valueof( m_etsiTs103097Certificate( m_etsiTs103097Certificate( v_issuer, v_issuer, Loading Loading @@ -1813,7 +1813,7 @@ module LibItsPki_Functions { log(">>> f_generate_at_certificate_for_authorization_response"); log(">>> f_generate_at_certificate_for_authorization_response"); v_issuer := valueof(m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(p_digest))); // TODO Check sha256/384 f_HashedId8FromSha384 v_issuer := valueof(m_issuerIdentifier_sha256AndDigest(f_hashedId8FromSha256(p_digest))); // TODO Check sha256/384 f_hashedId8FromSha384 v_cert := valueof( v_cert := valueof( m_etsiTs103097Certificate( m_etsiTs103097Certificate( v_issuer, v_issuer, Loading Loading @@ -1927,8 +1927,7 @@ module LibItsPki_Functions { m_publicKeys( m_publicKeys( v_public_verification_key v_public_verification_key ), ), m_certificateSubjectAttributes_id_omit/*FIXME No name*/( m_certificateSubjectAttributes_id_none/*FIXME No name*/( /*oct2char(PICS_ITS_S_CANONICAL_ID),*/ { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs valueof(m_appPermissions(c_its_aid_SCR, { bitmapSsp := PX_INNER_EC_CERTFICATE_BITMAP_SSP_SCR })) valueof(m_appPermissions(c_its_aid_SCR, { bitmapSsp := PX_INNER_EC_CERTFICATE_BITMAP_SSP_SCR })) }, }, Loading Loading @@ -2299,10 +2298,10 @@ module LibItsPki_Functions { v_enc_value := encvalue(p_ec_certificate); v_enc_value := encvalue(p_ec_certificate); if (ischosen(p_ec_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1)) { if (ischosen(p_ec_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1)) { v_ec_hash := f_hashWithSha384(bit2oct(v_enc_value)); v_ec_hash := f_hashWithSha384(bit2oct(v_enc_value)); v_ec_hashed_id8 := f_HashedId8FromSha384(v_ec_hash); v_ec_hashed_id8 := f_hashedId8FromSha384(v_ec_hash); } else { } else { v_ec_hash := f_hashWithSha256(bit2oct(v_enc_value)); v_ec_hash := f_hashWithSha256(bit2oct(v_enc_value)); v_ec_hashed_id8 := f_HashedId8FromSha256(v_ec_hash); v_ec_hashed_id8 := f_hashedId8FromSha256(v_ec_hash); } } log("f_generate_inner_at_request: v_ec_hash= ", v_ec_hash); log("f_generate_inner_at_request: v_ec_hash= ", v_ec_hash); Loading Loading @@ -2605,10 +2604,10 @@ module LibItsPki_Functions { v_enc_value := encvalue(p_ec_certificate); v_enc_value := encvalue(p_ec_certificate); if (ischosen(p_ec_certificate.issuer.sha256AndDigest)) { if (ischosen(p_ec_certificate.issuer.sha256AndDigest)) { v_ec_hash := f_hashWithSha256(bit2oct(v_enc_value)); v_ec_hash := f_hashWithSha256(bit2oct(v_enc_value)); v_ec_hashed_id8 := f_HashedId8FromSha256(v_ec_hash); v_ec_hashed_id8 := f_hashedId8FromSha256(v_ec_hash); } else { } else { v_ec_hash := f_hashWithSha384(bit2oct(v_enc_value)); v_ec_hash := f_hashWithSha384(bit2oct(v_enc_value)); v_ec_hashed_id8 := f_HashedId8FromSha384(v_ec_hash); v_ec_hashed_id8 := f_hashedId8FromSha384(v_ec_hash); } } log("f_generate_inner_at_request_with_wrong_parameters: v_ec_hash= ", v_ec_hash); log("f_generate_inner_at_request_with_wrong_parameters: v_ec_hash= ", v_ec_hash); log("f_generate_inner_at_request_with_wrong_parameters: v_ec_hashed_id8= ", v_ec_hashed_id8); log("f_generate_inner_at_request_with_wrong_parameters: v_ec_hashed_id8= ", v_ec_hashed_id8); Loading Loading @@ -3207,7 +3206,7 @@ module LibItsPki_Functions { log(">>> f_await_http_inner_ec_request_response: p_strict_checks=", p_strict_checks); log(">>> f_await_http_inner_ec_request_response: p_strict_checks=", p_strict_checks); f_http_build_inner_ec_request(p_private_key, p_compressed_public_key, p_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash); f_http_build_inner_ec_request(p_private_key, p_compressed_public_key, p_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash); v_aes_sym_key_hashed_id8 := f_HashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to macth the response v_aes_sym_key_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to macth the response f_init_default_headers_list(-, "inner_ec_request", v_headers); f_init_default_headers_list(-, "inner_ec_request", v_headers); f_http_send( f_http_send( v_headers, v_headers, Loading Loading @@ -3482,7 +3481,7 @@ module LibItsPki_Functions { log("f_build_pki_secured_request_message_signed_with_pop: p_recipientId= ", p_recipientId); log("f_build_pki_secured_request_message_signed_with_pop: p_recipientId= ", p_recipientId); if (p_recipientId == int2oct(0, 8)) { if (p_recipientId == int2oct(0, 8)) { log("f_build_pki_secured_request_message_signed_with_pop: f_hashWithSha256(v_encrypted_sym_key)= ", f_hashWithSha256(p_encrypted_sym_key)); log("f_build_pki_secured_request_message_signed_with_pop: f_hashWithSha256(v_encrypted_sym_key)= ", f_hashWithSha256(p_encrypted_sym_key)); v_recipientId := f_HashedId8FromSha256(f_hashWithSha256(p_encrypted_sym_key)); v_recipientId := f_hashedId8FromSha256(f_hashWithSha256(p_encrypted_sym_key)); } else { } else { v_recipientId := p_recipientId; v_recipientId := p_recipientId; } } Loading Loading @@ -3601,7 +3600,7 @@ module LibItsPki_Functions { log("f_build_pki_secured_request_message: p_recipientId= ", p_recipientId); log("f_build_pki_secured_request_message: p_recipientId= ", p_recipientId); if (p_recipientId == int2oct(0, 8)) { if (p_recipientId == int2oct(0, 8)) { log("f_build_pki_secured_request_message: f_hashWithSha256(v_encrypted_sym_key)= ", f_hashWithSha256(p_encrypted_sym_key)); log("f_build_pki_secured_request_message: f_hashWithSha256(v_encrypted_sym_key)= ", f_hashWithSha256(p_encrypted_sym_key)); v_recipientId := f_HashedId8FromSha256(f_hashWithSha256(p_encrypted_sym_key)); v_recipientId := f_hashedId8FromSha256(f_hashWithSha256(p_encrypted_sym_key)); } else { } else { v_recipientId := p_recipientId; v_recipientId := p_recipientId; } } Loading Loading @@ -3712,7 +3711,7 @@ module LibItsPki_Functions { log("f_build_pki_secured_request_message_for_authorization: p_recipientId= ", p_recipientId); log("f_build_pki_secured_request_message_for_authorization: p_recipientId= ", p_recipientId); if (p_recipientId == int2oct(0, 8)) { if (p_recipientId == int2oct(0, 8)) { log("f_build_pki_secured_request_message_for_authorization: f_hashWithSha256(v_encrypted_sym_key)= ", f_hashWithSha256(p_encrypted_sym_key)); log("f_build_pki_secured_request_message_for_authorization: f_hashWithSha256(v_encrypted_sym_key)= ", f_hashWithSha256(p_encrypted_sym_key)); v_recipientId := f_HashedId8FromSha256(f_hashWithSha256(p_encrypted_sym_key)); v_recipientId := f_hashedId8FromSha256(f_hashWithSha256(p_encrypted_sym_key)); } else { } else { v_recipientId := p_recipientId; v_recipientId := p_recipientId; } } Loading Loading @@ -3836,7 +3835,7 @@ module LibItsPki_Functions { // Encode EtsiTs103097Data-Signed data structure // Encode EtsiTs103097Data-Signed data structure v_encoded_inner_ec_response := bit2oct(encvalue(v_ieee1609dot2_signed_data)); v_encoded_inner_ec_response := bit2oct(encvalue(v_ieee1609dot2_signed_data)); v_encrypted_inner_ec_response := fx_encrypt_aes_128_ccm_test(p_aes_sym_key, p_nonce, v_encoded_inner_ec_response); v_encrypted_inner_ec_response := fx_encrypt_aes_128_ccm_test(p_aes_sym_key, p_nonce, v_encoded_inner_ec_response); v_recipientId := f_HashedId8FromSha256(f_hashWithSha256(p_aes_sym_key)); v_recipientId := f_hashedId8FromSha256(f_hashWithSha256(p_aes_sym_key)); log("v_recipientId= ", v_recipientId); log("v_recipientId= ", v_recipientId); // Fill Certificate template with the public compressed keys (canonical form) // Fill Certificate template with the public compressed keys (canonical form) p_ieee1609dot2_signed_and_encrypted_data := valueof( p_ieee1609dot2_signed_and_encrypted_data := valueof( Loading Loading @@ -3962,7 +3961,7 @@ module LibItsPki_Functions { } } //return false; //return false; } else { } else { if (f_getCertificateFromDigest(f_HashedId8FromSha256(p_issuer), v_certificate, v_certificate_id) == false) { if (f_getCertificateFromDigest(f_hashedId8FromSha256(p_issuer), v_certificate, v_certificate_id) == false) { if (p_check_security == true) { if (p_check_security == true) { return false; return false; } } Loading Loading @@ -4112,7 +4111,7 @@ module LibItsPki_Functions { v_encoded_cert := encvalue(p_ec_certificate); v_encoded_cert := encvalue(p_ec_certificate); v_ec_cert_hash := f_hashWithSha256(bit2oct(v_encoded_cert)); v_ec_cert_hash := f_hashWithSha256(bit2oct(v_encoded_cert)); log("f_verify_ec_certificate: ==> EC certificate Hash: ", v_ec_cert_hash); log("f_verify_ec_certificate: ==> EC certificate Hash: ", v_ec_cert_hash); v_ec_cert_hashed_id8 := f_HashedId8FromSha256(v_ec_cert_hash); v_ec_cert_hashed_id8 := f_hashedId8FromSha256(v_ec_cert_hash); log("f_verify_ec_certificate: ==> EC certificate HashedId8: ", v_ec_cert_hashed_id8); log("f_verify_ec_certificate: ==> EC certificate HashedId8: ", v_ec_cert_hashed_id8); // Check the signer // Check the signer Loading Loading @@ -4157,7 +4156,7 @@ module LibItsPki_Functions { // Calculate the HashedId8 of the whole certificate // Calculate the HashedId8 of the whole certificate v_encoded_cert := encvalue(p_at_certificate); v_encoded_cert := encvalue(p_at_certificate); v_at_cert_hashed_id8 := f_HashedId8FromSha256(f_hashWithSha256(bit2oct(v_encoded_cert))); v_at_cert_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256(bit2oct(v_encoded_cert))); log("f_verify_at_certificate: EC certificate HashedId8: ", v_at_cert_hashed_id8); log("f_verify_at_certificate: EC certificate HashedId8: ", v_at_cert_hashed_id8); // Check the signer // Check the signer Loading
ttcn/Pki/LibItsPki_TestSystem.ttcn +2 −2 Original line number Original line Diff line number Diff line Loading @@ -87,7 +87,7 @@ module LibItsPki_TestSystem { var octetstring vc_aaPrivateEncKey; /** Test Adapter AA private key for encryption */ var octetstring vc_aaPrivateEncKey; /** Test Adapter AA private key for encryption */ var HashedId8 vc_aaHashedId8; /** Test Adapter AA HashedId8 for decryption of IUT's response */ var HashedId8 vc_aaHashedId8; /** Test Adapter AA HashedId8 for decryption of IUT's response */ var octetstring vc_aaWholeHash; /** Test Adapter AA whole-hash for signature check */ var octetstring vc_aaWholeHash; /** Test Adapter AA whole-hash for signature check */ var octetstring vc_aaWholeHash256; /** Test Adapter EA whole-hash using SHA 256 for encryption because of encryption key size ==32 */ var octetstring vc_aaWholeHash256; /** Test Adapter AA whole-hash using SHA 256 for encryption because of encryption key size == 32 */ } // End of component ItsPkiHttp } // End of component ItsPkiHttp /** /** Loading
ttcn/Security/LibItsSecurity_Functions.ttcn +6 −6 Original line number Original line Diff line number Diff line Loading @@ -406,11 +406,11 @@ module LibItsSecurity_Functions { * @return The HashedId8 value * @return The HashedId8 value * @verdict * @verdict */ */ function f_HashedId8FromSha256( function f_hashedId8FromSha256( in Oct32 p_hash in Oct32 p_hash ) return HashedId8 { ) return HashedId8 { return substr(p_hash, lengthof(p_hash) - 8, 8); return substr(p_hash, lengthof(p_hash) - 8, 8); } // End of function f_HashedId8FromSha256 } // End of function f_hashedId8FromSha256 /** /** * @desc Compute the HashedId8 value from the hash value * @desc Compute the HashedId8 value from the hash value Loading @@ -418,11 +418,11 @@ module LibItsSecurity_Functions { * @return The HashedId8 value * @return The HashedId8 value * @verdict * @verdict */ */ function f_HashedId8FromSha384( function f_hashedId8FromSha384( in Oct48 p_hash in Oct48 p_hash ) return HashedId8 { ) return HashedId8 { return substr(p_hash, lengthof(p_hash) - 8, 8); return substr(p_hash, lengthof(p_hash) - 8, 8); } // End of function f_HashedId8FromSha384 } // End of function f_hashedId8FromSha384 /** /** * @desc Compute the HashedId3 value from the HashedId8 value * @desc Compute the HashedId3 value from the HashedId8 value Loading @@ -430,11 +430,11 @@ module LibItsSecurity_Functions { * @return The HashedId3 value * @return The HashedId3 value * @verdict Unchanged * @verdict Unchanged */ */ function f_HashedId3FromHashedId8( function f_hashedId3FromHashedId8( in HashedId8 p_hashedId8 in HashedId8 p_hashedId8 ) return HashedId3 { ) return HashedId3 { return substr(p_hashedId8, lengthof(p_hashedId8) - 3, 3); return substr(p_hashedId8, lengthof(p_hashedId8) - 3, 3); } // End of function f_HashedId3FromHashedId8 } // End of function f_hashedId3FromHashedId8 /** /** * @desc Verify the signature of the specified data * @desc Verify the signature of the specified data Loading
