Implement EA test cases, clause 5.4.2 Enrolment response

ac2eae90 · Yann Garcia · 82720e15 · ac2eae90 · ac2eae90 · ac2eae90
Commit ac2eae90 authored Oct 23, 2018 by Yann Garcia
--- a/ttcn/Pki/LibItsPki_Functions.ttcn
+++ b/ttcn/Pki/LibItsPki_Functions.ttcn
@@ -198,7 +198,8 @@ module LibItsPki_Functions {
                                            out octetstring p_publicKeyY,
                                            out octetstring p_publicKeyCompressed,
                                            out integer p_compressedMode,
-                                            out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data
+                                            out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data,
+                                            out Oct32 p_hash_inner_ec_request_signed_for_pop
                                            ) runs on ItsPkiHttp {
      var InnerEcRequest v_inner_ec_request;
      var Ieee1609Dot2Data v_inner_ec_request_signed_for_pop;
@@ -215,11 +216,46 @@ module LibItsPki_Functions {
      }
      // Secure InnerEcRequestSignedForPoP message
      v_inner_ec_request_signed_for_pop_msg := encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop));
+      // Get 16 last byte of SHA256 of InnerEcRequestSignedForPop
+      p_hash_inner_ec_request_signed_for_pop := f_hashWithSha256(bit2oct(v_inner_ec_request_signed_for_pop_msg));
      if (f_build_pki_secured_message(vc_eaPrivateKey, valueof(m_signerIdentifier_self), vc_eaHashedId8, p_publicKeyCompressed, p_compressedMode, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data) == false) {
        log("*** f_http_build_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***");
        f_selfOrClientSyncAndVerdict("error", e_error);
      }
-      log("*** f_http_build_enrolment_request: DEBUF: p_ieee1609dot2_signed_and_encrypted_data = ", p_ieee1609dot2_signed_and_encrypted_data);
+      log("*** f_http_build_enrolment_request: DEBUG: p_ieee1609dot2_signed_and_encrypted_data = ", p_ieee1609dot2_signed_and_encrypted_data);
+    } // End of function f_http_build_enrolment_request
+    
+    function f_http_build_invalid_enrolment_request(
+                                                    out octetstring p_private_key,
+                                                    out octetstring p_publicKeyX,
+                                                    out octetstring p_publicKeyY,
+                                                    out octetstring p_publicKeyCompressed,
+                                                    out integer p_compressedMode,
+                                                    out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data,
+                                                    out Oct32 p_hash_inner_ec_request_signed_for_pop
+                                                    ) runs on ItsPkiHttp {
+      var InnerEcRequest v_inner_ec_request;
+      var Ieee1609Dot2Data v_inner_ec_request_signed_for_pop;
+      var bitstring v_inner_ec_request_signed_for_pop_msg;
+      
+      if (f_generate_inner_ec_request(p_private_key, p_publicKeyX, p_publicKeyY, p_publicKeyCompressed, p_compressedMode, v_inner_ec_request) == false) {
+        log("*** f_http_build_invalid_enrolment_request: ERROR: Failed to generate InnerEcRequest ***");
+        f_selfOrClientSyncAndVerdict("error", e_error);
+      }
+      // Generate InnerEcRequestSignedForPoP
+      if (f_generate_inner_ec_request_signed_for_pop(p_private_key, v_inner_ec_request, v_inner_ec_request_signed_for_pop) == false) {
+        log("*** f_http_build_invalid_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***");
+        f_selfOrClientSyncAndVerdict("error", e_error);
+      }
+      // Secure InnerEcRequestSignedForPoP message
+      v_inner_ec_request_signed_for_pop_msg := encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop));
+      // Get 16 last byte of SHA256 of InnerEcRequestSignedForPop
+      p_hash_inner_ec_request_signed_for_pop := f_hashWithSha256(bit2oct(int2oct(12345, 32))); // Invalue InnseEcRequestSignedForPop
+      if (f_build_pki_secured_message(vc_eaPrivateKey, valueof(m_signerIdentifier_self), vc_eaHashedId8, p_publicKeyCompressed, p_compressedMode, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data) == false) {
+        log("*** f_http_build_invalid_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***");
+        f_selfOrClientSyncAndVerdict("error", e_error);
+      }
+      log("*** f_http_build_invalid_enrolment_request: DEBUG: p_ieee1609dot2_signed_and_encrypted_data = ", p_ieee1609dot2_signed_and_encrypted_data);
    } // End of function f_http_build_enrolment_request
    
  } // End of group http
@@ -352,7 +388,7 @@ module LibItsPki_Functions {
  } // End of group inner_ec_xxx

  group pki_functions {
-
+    
    /**
     * @desc Build a signed and encrypted PKI message
     * @param p_private_key         Private key for signature
@@ -387,7 +423,8 @@ module LibItsPki_Functions {
      var octetstring v_publicEphemeralKeyCompressed;
      var integer v_ephemeralKeyModeCompressed;
      var octetstring v_encrypted_inner_ec_request;
-
+      
+      
      // Signed the encoded PKI message
      v_tbs := m_toBeSignedData(
                                m_signedDataPayload(
@@ -465,7 +502,17 @@ module LibItsPki_Functions {
      
      return true;
    } // End of function f_build_pki_secured_message
-
+    
+    /**
+     * @desc Verify the protocol element of the Pki message 
+     * @param p_private_key         Private key for encryption
+     * @param p_issuer              Issuer
+     * @param p_peer_certificate    IUT EA certificate identifier
+     * @param p_ieee1609dot2_encrypted_and_signed_data The public compressed key (canonical form) for encryption
+     * @param p_check_security      Set to true to check signatures
+     * @param p_etsi_ts_102941_data The EtsiTs102941Data message
+     * @return true on success, false otherwise
+     */
    function f_verify_pki_message(
                                  in octetstring v_private_enc_key,
                                  in octetstring p_issuer,
@@ -525,7 +572,69 @@ module LibItsPki_Functions {
      
      return true;
    } // End of function f_verify_pki_message
-
+    
+    /**
+     * @desc Verify the generated EA certificate 
+     * @param p_ea_certificate      The new EA certificate
+     * @param p_publicKeyCompressed The public compressed key (canonical form) for signature check
+     * @param p_compressedMode      The public compressed key mode
+     * @return true on success, false otherwise
+     */
+    function f_verify_ea_certificate(
+                                     in Certificate p_ea_certificate,
+                                     in octetstring p_publicKeyCompressed,
+                                     in integer p_compressedMode
+                                     ) return boolean {
+      var bitstring v_encoded_tbs;
+      var boolean v_result;
+      
+      // Check certificate format
+      v_result := match(p_ea_certificate, mw_etsiTs103097Certificate(mw_issuerIdentifier_self, mw_toBeSignedCertificate_ea, -));
+      // Check the signer
+      
+      // Check EA certificate signature
+      v_encoded_tbs := encvalue(p_ea_certificate.toBeSigned);
+      v_result := v_result and f_verifyWithEcdsaNistp256WithSha256(
+                                                                   bit2oct(v_encoded_tbs),
+                                                                   int2oct(0, 32), // self
+                                                                   p_ea_certificate.signature_.ecdsaNistP256Signature.rSig.x_only & p_ea_certificate.signature_.ecdsaNistP256Signature.sSig,
+                                                                   p_publicKeyCompressed, 
+                                                                   p_compressedMode);
+      
+      return v_result;
+    } // End of function f_verify_ea_certificate
+    
+    /**
+     * @desc Verify the generated AA certificate 
+     * @param p_aa_certificate      The new EA certificate
+     * @param p_publicKeyCompressed The public compressed key (canonical form) for signature check
+     * @param p_compressedMode      The public compressed key mode
+     * @return true on success, false otherwise
+     */
+    function f_verify_aa_certificate(
+                                     in Certificate p_aa_certificate,
+                                     in octetstring p_publicKeyCompressed,
+                                     in integer p_compressedMode
+                                     ) return boolean {
+      var bitstring v_encoded_tbs;
+      var boolean v_result;
+      
+      // Check certificate format
+      v_result := match(p_aa_certificate, mw_etsiTs103097Certificate(mw_issuerIdentifier_self, mw_toBeSignedCertificate_aa, -));
+      // Check the signer
+      
+      // Check EA certificate signature
+      v_encoded_tbs := encvalue(p_aa_certificate.toBeSigned);
+      v_result := v_result and f_verifyWithEcdsaNistp256WithSha256(
+                                                                   bit2oct(v_encoded_tbs),
+                                                                   int2oct(0, 32), // self
+                                                                   p_aa_certificate.signature_.ecdsaNistP256Signature.rSig.x_only & p_aa_certificate.signature_.ecdsaNistP256Signature.sSig,
+                                                                   p_publicKeyCompressed, 
+                                                                   p_compressedMode);
+      
+      return v_result;
+    } // End of function f_verify_aa_certificate
+    
  } // End of group inner_ec_xxx
  
  group altstes {

--- a/ttcn/Pki/LibItsPki_Pics.ttcn
+++ b/ttcn/Pki/LibItsPki_Pics.ttcn
@@ -25,4 +25,9 @@ module LibItsPki_Pics {
   */
  modulepar charstring PICS_TS_CERTIFICATE_ID := "CERT_TS_A_EA";
  
+  /**
+   * @desc Certificate used by the Test System
+   */
+  modulepar charstring PICS_HTTP_GET_URI := "/its/inner_ec_request";
+  
 } // End of module LibItsPki_Pics
--- a/ttcn/Pki/LibItsPki_TypesAndValues.ttcn
+++ b/ttcn/Pki/LibItsPki_TypesAndValues.ttcn
@@ -9,10 +9,15 @@
 *               All rights reserved.
 */
 module LibItsPki_TypesAndValues {
-
+  
+  // LibIts
+  import from IEEE1609dot2BaseTypes language "ASN.1:1997" all;
+  
  group constants {

    const integer PkiProtocolVersion := 1;
+    
+    const Psid its_aid_secured_cert_request := 12345;

  } // End of group constants