Skip to content
GitLab
Commit a4f9a6a5 authored by garciay's avatar garciay
Browse files

STF507 week#9: 

.  Implement additional TPs
.  Review of the PICS, TSS&TPs & PIXITs documents
.  Start validation using simulation
.      Minor bug fixed in TA
parent 5dbf02ad
Hide whitespace changes
Inline Side-by-side
ttcn/Security/LibItsSecurity_Functions.ttcn3
View file @ a4f9a6a5
......@@ -304,7 +304,7 @@ module LibItsSecurity_Functions {
function f_buildGnSecuredMessage_Bo(
out template (value) SecuredMessage p_securedMessage,
in template (value) charstring p_certificateName,
in integer p_protocolVersion := c_protocol_version,
in UInt8 p_protocolVersion := c_protocol_version,
in integer p_trailerStatus := 0,
in template (value) SecPayload p_payloadField,
in template (value) HeaderFields p_mandatoryHeaders,
......@@ -371,6 +371,7 @@ module LibItsSecurity_Functions {
// Prepare payload to be signed
v_toBeSignedPayload := valueof(p_payloadField);
// log("p_trailerStatus=", p_trailerStatus);
if (p_trailerStatus == 0) {
v_trailerSize := 0;
} else if (p_trailerStatus == 1) {
......@@ -387,8 +388,10 @@ module LibItsSecurity_Functions {
p_protocolVersion,
v_trailerSize
);
log("m_toBeSignedSecuredMessage_wrong_protocol=", v_toBeSignedSecuredMessage);
v_secPayload := bit2oct(encvalue(v_toBeSignedSecuredMessage));
log("v_secPayload=", v_secPayload);
// Signed payload
if (ispresent(p_certificateName) and (valueof(p_certificateName) != cc_taCert_A)) {
......@@ -404,16 +407,20 @@ module LibItsSecurity_Functions {
v_secPayload,
v_privateKey
);
log("v_signature=", v_signature);
// log("p_trailerStatus=", p_trailerStatus);
if (p_trailerStatus == 0) { // No signature
p_securedMessage := m_securedMessage(
p_securedMessage := m_securedMessage_wrong_protocol(
p_protocolVersion,
v_toBeSignedSecuredMessage.header_fields,
p_payloadField,
{ }
);
v_trailerSize := 0;
} else if (p_trailerStatus == 2) { // Duplicate signature
p_securedMessage := m_securedMessage(
p_securedMessage := m_securedMessage_wrong_protocol(
p_protocolVersion,
v_toBeSignedSecuredMessage.header_fields,
p_payloadField,
{
......@@ -439,8 +446,22 @@ module LibItsSecurity_Functions {
)
}
);
} else if (p_trailerStatus == 3) { // Signature with reserved algorthm
p_securedMessage := m_securedMessage_wrong_protocol(
p_protocolVersion,
v_toBeSignedSecuredMessage.header_fields,
p_payloadField,
{
m_trailer_field_signature(
m_unknownSignature(
v_signature
)
)
}
);
} else { // Invalid signature
p_securedMessage := m_securedMessage(
p_securedMessage := m_securedMessage_wrong_protocol(
p_protocolVersion,
v_toBeSignedSecuredMessage.header_fields,
p_payloadField,
{
......@@ -554,7 +575,7 @@ module LibItsSecurity_Functions {
*/
function f_buildGnSecuredCam_Bo(
out template (value) SecuredMessage p_securedMessage,
in integer p_protocolVersion := c_protocol_version,
in UInt8 p_protocolVersion := c_protocol_version,
in integer p_trailerStatus := 0,
in template (value) SecPayload p_payloadField,
in template (omit) SignerInfoType p_signerInfoType := e_certificate_digest_with_sha256,
......@@ -711,7 +732,7 @@ module LibItsSecurity_Functions {
*/
function f_buildGnSecuredDenm_Bo(
out template (value) SecuredMessage p_securedMessage,
in integer p_protocolVersion := c_protocol_version,
in UInt8 p_protocolVersion := c_protocol_version,
in integer p_trailerStatus := 0,
in template (value) SecPayload p_payloadField,
in template (omit) SignerInfoType p_signerInfoType := e_certificate_digest_with_sha256,
......@@ -860,7 +881,7 @@ module LibItsSecurity_Functions {
*/
function f_buildGnSecuredOtherMessage_Bo(
out template (value) SecuredMessage p_securedMessage,
in integer p_protocolVersion := c_protocol_version,
in UInt8 p_protocolVersion := c_protocol_version,
in integer p_trailerStatus := 0,
in template (value) SecPayload p_payloadField,
in template (omit) SignerInfoType p_signerInfoType := e_certificate_digest_with_sha256,
......
ttcn/Security/LibItsSecurity_Templates.ttcn3
View file @ a4f9a6a5
......@@ -334,6 +334,20 @@ module LibItsSecurity_Templates {
s := p_s
} // End of template m_ecdsaSignature
/**
* @desc Send template for signatures based on unknown algorithm
* @member p_signature The unknown signature
* @see Draft ETSI TS 103 097 V1.1.14 Clause 4.2.9 Signature
*/
template (value) Signature m_unknownSignature(
in template (value) octetstring p_signature
):= {
algorithm := e_unknown,
signature_ := {
signature_ := p_signature
} // End of field signature_
} // End of template m_unknownSignature
} // End of group signatures
group signerInfos {
......@@ -358,6 +372,9 @@ module LibItsSecurity_Templates {
} // End of field signerInfo
} // End of template m_signerInfo_digest
/**
* @desc Send template for certificate signed message
*/
template (value) SignerInfo m_signerInfo_certificate(
in template (value) Certificate p_certificate
) := {
......@@ -367,6 +384,9 @@ module LibItsSecurity_Templates {
} // End of field signerInfo
} // End of template m_signerInfo_certificate
/**
* @desc Send template for certificate chain signed message
*/
template (value) SignerInfo m_signerInfo_certificates(
in template (value) CertificateChain p_certificates
) := {
......@@ -376,6 +396,9 @@ module LibItsSecurity_Templates {
} // End of field signerInfo
} // End of template m_signerInfo_certificates
/**
* @desc Send template for other certificate signed message
*/
template (value) SignerInfo m_signerInfo_other_certificates(
in template (value) CertificateWithAlgo p_certificateWithAlgo
) := {
......@@ -392,6 +415,18 @@ module LibItsSecurity_Templates {
digest := p_digest
} // End of m_certificateWithAlgo
/**
* @desc Send template for unknown signed message
*/
template (value) SignerInfo m_signerInfo_unknown(
in template (value) octetstring p_info
) := {
type_ := e_unknown,
signerInfo := {
info := p_info
} // End of field signerInfo
} // End of template m_signerInfo_unknown
} // End of group signerInfos
/**
......@@ -935,7 +970,22 @@ module LibItsSecurity_Templates {
payload_field := p_payload_field,
trailer_fields := p_trailer_fields
} // End of template m_securedMessage
/**
* @desc Generic send template for secured message
*/
template (value) SecuredMessage m_securedMessage_wrong_protocol(
in template (value) UInt8 p_protocol_version := c_protocol_version,
in template (value) HeaderFields p_header_fields,
in template (value) SecPayload p_payload_field,
in template (value) TrailerFields p_trailer_fields
) := {
protocol_version := p_protocol_version,
header_fields := p_header_fields,
payload_field := p_payload_field,
trailer_fields := p_trailer_fields
} // End of template m_securedMessage
} // End of group messagesSend
/**
......@@ -1070,6 +1120,17 @@ module LibItsSecurity_Templates {
data := p_data
} // End of template m_payload_signed_and_encrypted
/**
* @desc Send template for 'unsecured' Payload
* @see Draft ETSI TS 103 097 V1.1.14 Clause 5.2 Payload
*/
template (value) SecPayload m_payload_unknown(
in template (value) octetstring p_data
) := {
type_ := e_unknown,
data := p_data
} // End of template m_payload_unknown
} // End of group payloadsSend
/**
......@@ -1287,7 +1348,7 @@ module LibItsSecurity_Templates {
* @see Draft ETSI TS 103 097 V1.1.14 Clause 5.4 HeaderField
*/
template (value) HeaderField m_header_field_unspecify := {
type_ := e_other_header_200,
type_ := e_other_header_240,
headerField := {
other_header := 'C0FFEEDECA'O
}
......@@ -2493,9 +2554,9 @@ module LibItsSecurity_Templates {
* @see Draft ETSI TS 103 097 V1.1.14 Clause 7 Security profiles
*/
template (value) ToBeSignedSecuredMessage m_toBeSignedSecuredMessage(
in template (value) HeaderFields p_header_fields,
in template (value) SecPayload p_payload_field,
in template (value) TrailerFieldType p_trailer_field_type
in template (value) HeaderFields p_header_fields,
in template (value) SecPayload p_payload_field,
in template (value) TrailerFieldType p_trailer_field_type
) := {
protocol_version := c_protocol_version,
header_fields := p_header_fields,
......@@ -2514,11 +2575,11 @@ module LibItsSecurity_Templates {
* @see Draft ETSI TS 103 097 V1.1.14 Clause 7 Security profiles
*/
template (value) ToBeSignedSecuredMessage m_toBeSignedSecuredMessage_wrong_protocol(
in template (value) HeaderFields p_header_fields,
in template (value) SecPayload p_payload_field,
in template (value) TrailerFieldType p_trailer_field_type,
in template (value) UInt8 p_protocol_version := c_protocol_version,
in template (value) UInt8 p_trailer_fieldsLength := 67
in template (value) HeaderFields p_header_fields,
in template (value) SecPayload p_payload_field,
in template (value) TrailerFieldType p_trailer_field_type,
in template (value) UInt8 p_protocol_version := c_protocol_version,
in template (value) UInt8 p_trailer_fieldsLength := 67
) modifies m_toBeSignedSecuredMessage := {
protocol_version := p_protocol_version
} // End of template m_toBeSignedSecuredMessage
......
ttcn/Security/LibItsSecurity_TestSystem.ttcn3
View file @ a4f9a6a5
......@@ -107,8 +107,11 @@ module LibItsSecurity_TestSystem {
const charstring cc_taCert0910_BO := "CERT_TS_09_10_BO_AT"; /** Check that the IUT discards a message when the identified region validity restriction of its signing certificate contains unknown area code */
const charstring cc_taCert0911_BO := "CERT_TS_09_11_BO_AT"; /** Check that the IUT discards a message when the identified region validity restriction of its signing certificate contains invalid area code */
const charstring cc_taCert1001_BO := "CERT_TS_10_01_BO_AT"; /** Check that the IUT discards a message when its signing certificate does not contain the time validity restriction */
const charstring cc_taCert1002_BO := "CERT_TS_10_02_BO_AT"; /** Check that the IUT discards a message when its signing certificate contains 'time_end' validity restriction */
const charstring cc_taCert1003_BO := "CERT_TS_10_03_BO_AT"; /** Check that the IUT discards a message when its signing certificate contains 'time_start_and_duration' validity restriction */
const charstring cc_taCert1002_BO := "CERT_TS_10_02_BO_AT"; /** Check that the IUT discards a message when the issuing certificate of the message signing certificate does not contain the time validity restriction */
const charstring cc_taCert1003_BO := "CERT_TS_10_03_BO_AT"; /** Check that the IUT discards a message when its signing certificate contains 'time_end' validity restriction */
const charstring cc_taCert1004_BO := "CERT_TS_10_03_BO_AT"; /** Check that the IUT discards a message when its signing certificate contains 'time_start_and_duration' validity restriction */
const charstring cc_taCert1005_BO := "CERT_TS_10_03_BO_AT"; /** Check that the IUT discards a message when the issuing certificate of the message signing certificate contains 'time_end' validity restriction */
const charstring cc_taCert1006_BO := "CERT_TS_10_03_BO_AT"; /** Check that the IUT discards a message when its signing certificate contains 'time_start_and_duration' validity restriction */
const charstring cc_taCert1101_BO := "CERT_TS_11_01_BO_AT"; /** Check that the IUT discards a message when the validity period of the signing certificate ends after the validity period of its issuing certificate */
const charstring cc_taCert1102_BO := "CERT_TS_11_02_BO_AT"; /** Check that the IUT discards a message when the validity period of its signing certificate starts before the validity period of the issuing certificate */
const charstring cc_taCert1103_BO := "CERT_TS_11_03_BO_AT"; /** Check that the IUT discards a message when the issuing certificate of signing certificate is expired but the signing certificate is not expired yet */
......@@ -119,6 +122,21 @@ module LibItsSecurity_TestSystem {
const charstring cc_taCert1204_BO := "CERT_TS_12_04_BO_AT"; /** Check that the IUT discards a Secured CAM when its signing certificate contains two records with AID_CAM in the its_aid_ssp_list subject attribute */
const charstring cc_taCert1301_BO := "CERT_TS_13_01_BO_AT"; /** Check that the IUT discards a message when the signing AT certificate contains a CAM AID-SSP record whereas the issuing AA certificate does not contain the record with AID_CAM */
const charstring cc_taCert1302_BO := "CERT_TS_13_02_BO_AT"; /** Check that the IUT discards a message when the signing AT certificate contains a DENM AID-SSP record whereas the issuing AA certificate does not contain the AID record with AID_DENM */
const charstring cc_taCert1303_BO := "CERT_TS_13_03_BO_AT"; /** Check that IUT discards a SecuredMessage if the AA certificate does not contain a subject_attribute of type its_aid_list */
const charstring cc_taCert1401_BO := "CERT_TS_14_01_BO_AT"; /** Check that IUT discards the AT certificate with signer info of type 'certificate' */
const charstring cc_taCert1402_BO := "CERT_TS_14_02_BO_AT"; /** Check that IUT discards the AT certificate with signer info of type 'certificate_chain' */
const charstring cc_taCert1403_BO := "CERT_TS_14_03_BO_AT"; /** Check that IUT discards the AT certificate with signer info of type 'certificate_digest_with_other_algorithm' */
const charstring cc_taCert1501_BO := "CERT_TS_15_01_BO_AT"; /** Check that IUT discards the AA certificate with signer info of type 'certificate' */
const charstring cc_taCert1502_BO := "CERT_TS_15_02_BO_AT"; /** Check that IUT discards the AA certificate with signer info of type 'certificate_chain' */
const charstring cc_taCert1503_BO := "CERT_TS_15_03_BO_AT"; /** Check that IUT discards the AA certificate with signer info of type 'certificate_digest_with_other_algorithm' */
const charstring cc_taCert1601_BO := "CERT_TS_16_01_BO_AT"; /** Check that IUT discards a SecuredMessage if the subject_name of the AT certificate is not an empty name field */
const charstring cc_taCert1701_BO := "CERT_TS_17_01_BO_AT"; /** Check that IUT discards a SecuredMessage if the subject attribute of type assurance_level is missing in the AT certificate */
const charstring cc_taCert1702_BO := "CERT_TS_17_02_BO_AT"; /** Check that IUT discards a SecuredMessage if the subject attribute of type assurance_level is missing in the AA certificate */
const charstring cc_taCert1703_BO := "CERT_TS_17_03_BO_AT"; /** Check that IUT discards a SecuredMessage if the assurance level of issuing certificate is less then assurance level of subordinate certificate */
const charstring cc_taCert1704_BO := "CERT_TS_17_04_BO_AT"; /** Check that IUT discards a SecuredMessage if the assurance level of issuing certificate is equal to the assurance level of the subordinate certificate but the confidence of subject assurance of issuing certificate is less then the confidence of the subordinate certificate */
const charstring cc_taCert1801_BO := "CERT_TS_18_01_BO_AT"; /** Check that IUT discards a SecuredMessage if the subject attribute of type verification_key is missing in the AT certificate */
const charstring cc_taCert1802_BO := "CERT_TS_18_02_BO_AT"; /** Check that IUT discards a SecuredMessage if the subject attribute of type verification_key is missing in the AA certificate */
const charstring cc_taCert1901_BO := "CERT_TS_19_01_BO_AT"; /** Check that IUT discards a SecuredMessage if the reserved region type has been used in region validity restriction of the AT certificate */
// IUT certificates & private keys
const charstring cc_iutCert_A := "CERT_IUT_A_AT"; /** Default certificate, without region validity restriction, to be used when secured messages are sent from TA to IUT */
......
ttcn/Security/LibItsSecurity_TypesAndValues.ttcn3
View file @ a4f9a6a5
......@@ -29,7 +29,8 @@ module LibItsSecurity_TypesAndValues {
*/
type enumerated PublicKeyAlgorithm {
e_ecdsa_nistp256_with_sha256 (0),
e_ecies_nistp256 (1)
e_ecies_nistp256 (1),
e_unknown (240)
} with { variant "8 bit" }
/**
......@@ -210,7 +211,8 @@ module LibItsSecurity_TypesAndValues {
e_certificate_digest_with_sha256 (1),
e_certificate (2),
e_certificate_chain (3),
e_certificate_digest_with_other_algorithm (4)
e_certificate_digest_with_other_algorithm (4),
e_unknown (240)
} // End of type SignerInfoContainer
/**
......@@ -482,7 +484,8 @@ module LibItsSecurity_TypesAndValues {
e_signed (1),
e_encrypted (2),
e_signed_external (3),
e_signed_and_encrypted (4)
e_signed_and_encrypted (4),
e_unknown (240)
} with { variant "8 bit" }
/**
......@@ -514,7 +517,7 @@ module LibItsSecurity_TypesAndValues {
e_signer_info (128),
e_encryption_parameters (129),
e_recipient_info (130),
e_other_header_200 (200)
e_other_header_240 (240)
} with { variant "8 bit" }
type union HeaderFieldContainer {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment