Commit a1a1ccbc authored by garciay's avatar garciay
Browse files

Add first AA tests

parent b31f565a
......@@ -50,4 +50,15 @@ module LibItsPki_EncdecDeclarations {
external function fx_dec_SharedAtRequest(inout bitstring b, out EtsiTs102941TypesAuthorization.SharedAtRequest p) return integer
with {extension "prototype(sliding) decode(PER)"}
/**
* @desc Encoding function for EtsiTs102941TypesAuthorizationValidation AuthorizationValidationRequest
* @param p The certificate to encode
* @return The encode message in OER format
*/
external function fx_enc_AuthorizationValidationRequest(in EtsiTs102941TypesAuthorizationValidation.AuthorizationValidationRequest p) return bitstring
with {extension "prototype(convert) encode(PER)"}
external function fx_dec_AuthorizationValidationRequest(inout bitstring b, out EtsiTs102941TypesAuthorizationValidation.AuthorizationValidationRequest p) return integer
with {extension "prototype(sliding) decode(PER)"}
} // End of module LibItsPki_EncdecDeclarations
......@@ -303,7 +303,7 @@ module LibItsPki_Functions {
}
// Secure InnerEcRequestSignedForPoP message
v_inner_ec_request_signed_for_pop_msg := encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop));
// Prepae for getting the 16 most bytes of SHA256 of InnerEcRequestSignedForPop
// Prepare for getting the 16 most bytes of SHA256 of InnerEcRequestSignedForPop
p_hash_inner_ec_request_signed_for_pop := f_hashWithSha256(bit2oct(v_inner_ec_request_signed_for_pop_msg));
if (f_build_pki_secured_message(vc_eaPrivateKey, valueof(m_signerIdentifier_self), vc_eaHashedId8, p_publicKeyCompressed, p_compressedMode, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data) == false) {
log("*** f_http_build_inner_ec_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***");
......@@ -344,15 +344,41 @@ module LibItsPki_Functions {
}
log("*** f_http_build_invalid_enrolment_request: DEBUG: p_ieee1609dot2_signed_and_encrypted_data = ", p_ieee1609dot2_signed_and_encrypted_data);
} // End of function f_http_build_invalid_enrolment_request
function f_http_build_inner_at_request(
out octetstring p_private_key,
out octetstring p_publicKeyCompressed,
out integer p_compressedMode,
out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data,
out HashedId8 p_hash_inner_at_request
) runs on ItsPkiHttp {
// Local variables
} // End of function f_http_build_inner_at_request
function f_http_build_authorization_validation_request(
out octetstring p_private_key,
out octetstring p_publicKeyCompressed,
out integer p_compressedMode,
out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data
) runs on ItsPkiHttp {
log("*** f_http_build_invalid_enrolment_request: DEBUG: p_ieee1609dot2_signed_and_encrypted_data = ", p_ieee1609dot2_signed_and_encrypted_data);
}
out octetstring p_private_key,
out octetstring p_publicKeyCompressed,
out integer p_compressedMode,
out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data
) runs on ItsPkiHttp {
// Local variables
var AuthorizationValidationRequest v_authorization_validation_request;
if (f_generate_authorization_validation_request(vc_eaCertificate, vc_eaHashedId8, p_private_key, p_publicKeyCompressed, p_compressedMode, v_authorization_validation_request) == false) {
log("*** f_http_build_authorization_validation_request: ERROR: Failed to generate AuthorizationValidationRequest ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
// FIXME Encapsulate v_authorization_validation_request into EtsiTs102941Data structure
if (f_build_pki_secured_message(vc_eaPrivateKey, valueof(m_signerIdentifier_self), vc_eaHashedId8, p_publicKeyCompressed, p_compressedMode, bit2oct(encvalue(v_authorization_validation_request)), p_ieee1609dot2_signed_and_encrypted_data) == false) {
log("*** f_http_build_authorization_validation_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
log("*** f_http_build_authorization_validation_request: DEBUG: p_ieee1609dot2_signed_and_encrypted_data = ", p_ieee1609dot2_signed_and_encrypted_data);
} // End of function f_http_build_authorization_validation_request
} // End of group http
......@@ -625,7 +651,7 @@ module LibItsPki_Functions {
}
// Generate 32 octets length secret key
v_hmac_key := f_hashWithSha256(int2oct(f_getCurrentTime(), 128));
v_hmac_key := f_hashWithSha256(int2oct(f_getCurrentTime(), 12));
log("v_hmac_key=", v_hmac_key);
// Generate tag based on the concatenation of ???
......@@ -690,8 +716,10 @@ module LibItsPki_Functions {
c_its_aid_SCR,
f_getCurrentTimeUtc())
);
log("v_tbs=", v_tbs);
// Signed ToBeSigned payload
v_whole_certificate_hash := f_hashWithSha256(bit2oct(encvalue(p_ec_certificate)));
log("v_whole_certificate_hash=", v_whole_certificate_hash);
v_tbs_signed := f_signWithEcdsaNistp256WithSha256(bit2oct(encvalue(v_tbs)), v_whole_certificate_hash, p_private_key);
v_signed_ec_signature := valueof(
m_etsiTs103097Data_signed(
......@@ -726,6 +754,15 @@ module LibItsPki_Functions {
var integer v_ephemeralKeyModeCompressed;
var octetstring v_enc_signed_ec_signature;
if (ischosen(p_ea_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0)) {
v_public_enc_key := p_ea_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0;
v_compressed_mode := 0;
} else if (ischosen(p_ea_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1)) {
v_public_enc_key := p_ea_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1;
v_compressed_mode := 1;
} else {
return false;
}
v_enc_signed_ec_signature := f_encryptWithEciesNistp256WithSha256(bit2oct(encvalue(v_signed_ec_signature)), v_public_enc_key, v_compressed_mode, v_publicEphemeralKeyCompressed, v_ephemeralKeyModeCompressed, v_encrypted_sym_key, v_authentication_vector, v_nonce);
v_recipientId := p_eaHashedId8;
log("v_recipientId=", v_recipientId);
......@@ -789,12 +826,36 @@ module LibItsPki_Functions {
group authorization_validation_xxx {
function f_generate_authorization_validation_request(
in InnerAtRequest p_inner_at_request,
in Certificate p_certificate,
in Certificate p_ea_certificate,
in HashedId8 p_ea_certificate_hashed_id8,
out octetstring p_private_key,
out octetstring p_publicKeyCompressed,
out integer p_compressedMode,
out AuthorizationValidationRequest p_authorization_validation_request
) return boolean {
p_authorization_validation_request.sharedAtRequest := p_inner_at_request.sharedAtRequest;
p_authorization_validation_request.ecSignature := p_inner_at_request.ecSignature;
// Local variables
var octetstring v_private_enc_key;
var Oct32 v_publicEncKeyCompressed;
var integer v_compressedMode;
var InnerEcRequest v_inner_ec_request;
var Certificate v_ec_certificate;
var InnerAtRequest v_inner_at_request;
var Ieee1609Dot2Data v_inner_at_request_data;
if (f_generate_inner_ec_request(p_private_key, p_publicKeyCompressed, p_compressedMode, v_inner_ec_request) == false) {
return false;
}
if (f_generate_ec_certificate(p_private_key, v_inner_ec_request, v_ec_certificate) == false) {
return false;
}
if (f_generate_inner_at_request(v_ec_certificate, p_private_key, p_ea_certificate, p_ea_certificate_hashed_id8, true, v_private_enc_key, v_publicEncKeyCompressed, v_compressedMode, v_inner_at_request, v_inner_at_request_data) == false) {
return false;
}
p_authorization_validation_request.sharedAtRequest := v_inner_at_request.sharedAtRequest;
p_authorization_validation_request.ecSignature := v_inner_at_request.ecSignature;
log("f_generate_authorization_validation_request: ", p_authorization_validation_request);
return true;
} // End of function f_generate_authorization_validation_request
......
......@@ -16,10 +16,20 @@ module LibItsPki_Pics {
modulepar boolean PICS_IUT_AA_ROLE := false;
/**
* @desc Certificate used by the IUT
* @desc Certificate used by the IUT acting as ITS-S
*/
modulepar charstring PICS_IUT_CERTIFICATE_ID := "CERT_IUT_A_EA";
/**
* @desc Certificate used by the IUT acting as EA
*/
modulepar charstring PICS_IUT_EA_CERTIFICATE_ID := "CERT_IUT_A__EA_EA";
/**
* @desc Certificate used by the IUT acting as AA
*/
modulepar charstring PICS_IUT_AA_CERTIFICATE_ID := "CERT_IUT_A_AA_EA";
/**
* @desc Certificate used by the Test System acting as ITS-S
*/
......
......@@ -73,6 +73,16 @@ module LibItsPki_Templates {
}
} // End of template m_etsiTs102941Data_inner_at_response
template (present) EnrolmentRequestMessage mw_enrolmentRequestMessage(
template (present) EncryptedData p_encryptedData := ?
) modifies mw_etsiTs103097Data_encrypted := {
} // End of template mw_enrolmentRequestMessage
template (present) EnrolmentResponseMessage mw_enrolmentResponseMessage(
template (present) EncryptedData p_encryptedData := ?
) modifies mw_etsiTs103097Data_encrypted := {
} // End of template mw_enrolmentResponseMessage
template (value) EtsiTs103097Data m_authorizationValidationRequestMessage(
in template (value) EncryptedData p_encryptedData
) modifies m_etsiTs103097Data_encrypted := {
......@@ -83,26 +93,26 @@ module LibItsPki_Templates {
) modifies mw_etsiTs103097Data_encrypted := {
} // End of template mw_authorizationValidationResponseMessage
template (present) EnrolmentRequestMessage mw_enrolmentRequestMessage(
template (present) EncryptedData p_encryptedData := ?
) modifies mw_etsiTs103097Data_encrypted := {
} // End of template mw_enrolmentRequestMessage
template (present) EnrolmentRequestMessage mw_enrolmentResponseMessage(
template (present) EncryptedData p_encryptedData := ?
) modifies mw_etsiTs103097Data_encrypted := {
} // End of template mw_enrolmentResponseMessage
template (value) AuthorizationRequestMessage m_authorizationRequestMessage(
in template (value) EncryptedData p_encryptedData
) modifies m_etsiTs103097Data_encrypted := {
} // End of template m_authorizationRequestMessage
template (present) AuthorizationRequestMessage mw_authorizationRequestMessage(
template (present) EncryptedData p_encryptedData := ?
) modifies mw_etsiTs103097Data_encrypted := {
} // End of template mw_authorizationRequestMessage
template (value) AuthorizationResponseMessage m_authorizationResponseMessage(
in template (value) EncryptedData p_encryptedData
) modifies m_etsiTs103097Data_encrypted := {
} // End of template m_authorizationResponseMessage
template (present) AuthorizationResponseMessage mw_authorizationResponseMessage(
template (present) EncryptedData p_encryptedData := ?
) modifies mw_etsiTs103097Data_encrypted := {
} // End of template mw_authorizationResponseMessage
template (value) EtsiTs102941DataContent m_enrolmentRequest(
in template (value) InnerEcRequestSignedForPop p_enrolmentRequest
) := {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment