Loading ttcn/Pki/LibItsPki_Functions.ttcn +115 −6 Original line number Diff line number Diff line Loading @@ -198,7 +198,8 @@ module LibItsPki_Functions { out octetstring p_publicKeyY, out octetstring p_publicKeyCompressed, out integer p_compressedMode, out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data, out Oct32 p_hash_inner_ec_request_signed_for_pop ) runs on ItsPkiHttp { var InnerEcRequest v_inner_ec_request; var Ieee1609Dot2Data v_inner_ec_request_signed_for_pop; Loading @@ -215,11 +216,46 @@ module LibItsPki_Functions { } // Secure InnerEcRequestSignedForPoP message v_inner_ec_request_signed_for_pop_msg := encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop)); // Get 16 last byte of SHA256 of InnerEcRequestSignedForPop p_hash_inner_ec_request_signed_for_pop := f_hashWithSha256(bit2oct(v_inner_ec_request_signed_for_pop_msg)); if (f_build_pki_secured_message(vc_eaPrivateKey, valueof(m_signerIdentifier_self), vc_eaHashedId8, p_publicKeyCompressed, p_compressedMode, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data) == false) { log("*** f_http_build_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); f_selfOrClientSyncAndVerdict("error", e_error); } log("*** f_http_build_enrolment_request: DEBUF: p_ieee1609dot2_signed_and_encrypted_data = ", p_ieee1609dot2_signed_and_encrypted_data); log("*** f_http_build_enrolment_request: DEBUG: p_ieee1609dot2_signed_and_encrypted_data = ", p_ieee1609dot2_signed_and_encrypted_data); } // End of function f_http_build_enrolment_request function f_http_build_invalid_enrolment_request( out octetstring p_private_key, out octetstring p_publicKeyX, out octetstring p_publicKeyY, out octetstring p_publicKeyCompressed, out integer p_compressedMode, out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data, out Oct32 p_hash_inner_ec_request_signed_for_pop ) runs on ItsPkiHttp { var InnerEcRequest v_inner_ec_request; var Ieee1609Dot2Data v_inner_ec_request_signed_for_pop; var bitstring v_inner_ec_request_signed_for_pop_msg; if (f_generate_inner_ec_request(p_private_key, p_publicKeyX, p_publicKeyY, p_publicKeyCompressed, p_compressedMode, v_inner_ec_request) == false) { log("*** f_http_build_invalid_enrolment_request: ERROR: Failed to generate InnerEcRequest ***"); f_selfOrClientSyncAndVerdict("error", e_error); } // Generate InnerEcRequestSignedForPoP if (f_generate_inner_ec_request_signed_for_pop(p_private_key, v_inner_ec_request, v_inner_ec_request_signed_for_pop) == false) { log("*** f_http_build_invalid_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); f_selfOrClientSyncAndVerdict("error", e_error); } // Secure InnerEcRequestSignedForPoP message v_inner_ec_request_signed_for_pop_msg := encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop)); // Get 16 last byte of SHA256 of InnerEcRequestSignedForPop p_hash_inner_ec_request_signed_for_pop := f_hashWithSha256(bit2oct(int2oct(12345, 32))); // Invalue InnseEcRequestSignedForPop if (f_build_pki_secured_message(vc_eaPrivateKey, valueof(m_signerIdentifier_self), vc_eaHashedId8, p_publicKeyCompressed, p_compressedMode, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data) == false) { log("*** f_http_build_invalid_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); f_selfOrClientSyncAndVerdict("error", e_error); } log("*** f_http_build_invalid_enrolment_request: DEBUG: p_ieee1609dot2_signed_and_encrypted_data = ", p_ieee1609dot2_signed_and_encrypted_data); } // End of function f_http_build_enrolment_request } // End of group http Loading Loading @@ -388,6 +424,7 @@ module LibItsPki_Functions { var integer v_ephemeralKeyModeCompressed; var octetstring v_encrypted_inner_ec_request; // Signed the encoded PKI message v_tbs := m_toBeSignedData( m_signedDataPayload( Loading Loading @@ -466,6 +503,16 @@ module LibItsPki_Functions { return true; } // End of function f_build_pki_secured_message /** * @desc Verify the protocol element of the Pki message * @param p_private_key Private key for encryption * @param p_issuer Issuer * @param p_peer_certificate IUT EA certificate identifier * @param p_ieee1609dot2_encrypted_and_signed_data The public compressed key (canonical form) for encryption * @param p_check_security Set to true to check signatures * @param p_etsi_ts_102941_data The EtsiTs102941Data message * @return true on success, false otherwise */ function f_verify_pki_message( in octetstring v_private_enc_key, in octetstring p_issuer, Loading Loading @@ -526,6 +573,68 @@ module LibItsPki_Functions { return true; } // End of function f_verify_pki_message /** * @desc Verify the generated EA certificate * @param p_ea_certificate The new EA certificate * @param p_publicKeyCompressed The public compressed key (canonical form) for signature check * @param p_compressedMode The public compressed key mode * @return true on success, false otherwise */ function f_verify_ea_certificate( in Certificate p_ea_certificate, in octetstring p_publicKeyCompressed, in integer p_compressedMode ) return boolean { var bitstring v_encoded_tbs; var boolean v_result; // Check certificate format v_result := match(p_ea_certificate, mw_etsiTs103097Certificate(mw_issuerIdentifier_self, mw_toBeSignedCertificate_ea, -)); // Check the signer // Check EA certificate signature v_encoded_tbs := encvalue(p_ea_certificate.toBeSigned); v_result := v_result and f_verifyWithEcdsaNistp256WithSha256( bit2oct(v_encoded_tbs), int2oct(0, 32), // self p_ea_certificate.signature_.ecdsaNistP256Signature.rSig.x_only & p_ea_certificate.signature_.ecdsaNistP256Signature.sSig, p_publicKeyCompressed, p_compressedMode); return v_result; } // End of function f_verify_ea_certificate /** * @desc Verify the generated AA certificate * @param p_aa_certificate The new EA certificate * @param p_publicKeyCompressed The public compressed key (canonical form) for signature check * @param p_compressedMode The public compressed key mode * @return true on success, false otherwise */ function f_verify_aa_certificate( in Certificate p_aa_certificate, in octetstring p_publicKeyCompressed, in integer p_compressedMode ) return boolean { var bitstring v_encoded_tbs; var boolean v_result; // Check certificate format v_result := match(p_aa_certificate, mw_etsiTs103097Certificate(mw_issuerIdentifier_self, mw_toBeSignedCertificate_aa, -)); // Check the signer // Check EA certificate signature v_encoded_tbs := encvalue(p_aa_certificate.toBeSigned); v_result := v_result and f_verifyWithEcdsaNistp256WithSha256( bit2oct(v_encoded_tbs), int2oct(0, 32), // self p_aa_certificate.signature_.ecdsaNistP256Signature.rSig.x_only & p_aa_certificate.signature_.ecdsaNistP256Signature.sSig, p_publicKeyCompressed, p_compressedMode); return v_result; } // End of function f_verify_aa_certificate } // End of group inner_ec_xxx group altstes { Loading ttcn/Pki/LibItsPki_Pics.ttcn +5 −0 Original line number Diff line number Diff line Loading @@ -25,4 +25,9 @@ module LibItsPki_Pics { */ modulepar charstring PICS_TS_CERTIFICATE_ID := "CERT_TS_A_EA"; /** * @desc Certificate used by the Test System */ modulepar charstring PICS_HTTP_GET_URI := "/its/inner_ec_request"; } // End of module LibItsPki_Pics ttcn/Pki/LibItsPki_TypesAndValues.ttcn +6 −1 Original line number Diff line number Diff line Loading @@ -10,10 +10,15 @@ */ module LibItsPki_TypesAndValues { // LibIts import from IEEE1609dot2BaseTypes language "ASN.1:1997" all; group constants { const integer PkiProtocolVersion := 1; const Psid its_aid_secured_cert_request := 12345; } // End of group constants group acPrimitives { Loading Loading
ttcn/Pki/LibItsPki_Functions.ttcn +115 −6 Original line number Diff line number Diff line Loading @@ -198,7 +198,8 @@ module LibItsPki_Functions { out octetstring p_publicKeyY, out octetstring p_publicKeyCompressed, out integer p_compressedMode, out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data, out Oct32 p_hash_inner_ec_request_signed_for_pop ) runs on ItsPkiHttp { var InnerEcRequest v_inner_ec_request; var Ieee1609Dot2Data v_inner_ec_request_signed_for_pop; Loading @@ -215,11 +216,46 @@ module LibItsPki_Functions { } // Secure InnerEcRequestSignedForPoP message v_inner_ec_request_signed_for_pop_msg := encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop)); // Get 16 last byte of SHA256 of InnerEcRequestSignedForPop p_hash_inner_ec_request_signed_for_pop := f_hashWithSha256(bit2oct(v_inner_ec_request_signed_for_pop_msg)); if (f_build_pki_secured_message(vc_eaPrivateKey, valueof(m_signerIdentifier_self), vc_eaHashedId8, p_publicKeyCompressed, p_compressedMode, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data) == false) { log("*** f_http_build_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); f_selfOrClientSyncAndVerdict("error", e_error); } log("*** f_http_build_enrolment_request: DEBUF: p_ieee1609dot2_signed_and_encrypted_data = ", p_ieee1609dot2_signed_and_encrypted_data); log("*** f_http_build_enrolment_request: DEBUG: p_ieee1609dot2_signed_and_encrypted_data = ", p_ieee1609dot2_signed_and_encrypted_data); } // End of function f_http_build_enrolment_request function f_http_build_invalid_enrolment_request( out octetstring p_private_key, out octetstring p_publicKeyX, out octetstring p_publicKeyY, out octetstring p_publicKeyCompressed, out integer p_compressedMode, out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data, out Oct32 p_hash_inner_ec_request_signed_for_pop ) runs on ItsPkiHttp { var InnerEcRequest v_inner_ec_request; var Ieee1609Dot2Data v_inner_ec_request_signed_for_pop; var bitstring v_inner_ec_request_signed_for_pop_msg; if (f_generate_inner_ec_request(p_private_key, p_publicKeyX, p_publicKeyY, p_publicKeyCompressed, p_compressedMode, v_inner_ec_request) == false) { log("*** f_http_build_invalid_enrolment_request: ERROR: Failed to generate InnerEcRequest ***"); f_selfOrClientSyncAndVerdict("error", e_error); } // Generate InnerEcRequestSignedForPoP if (f_generate_inner_ec_request_signed_for_pop(p_private_key, v_inner_ec_request, v_inner_ec_request_signed_for_pop) == false) { log("*** f_http_build_invalid_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); f_selfOrClientSyncAndVerdict("error", e_error); } // Secure InnerEcRequestSignedForPoP message v_inner_ec_request_signed_for_pop_msg := encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop)); // Get 16 last byte of SHA256 of InnerEcRequestSignedForPop p_hash_inner_ec_request_signed_for_pop := f_hashWithSha256(bit2oct(int2oct(12345, 32))); // Invalue InnseEcRequestSignedForPop if (f_build_pki_secured_message(vc_eaPrivateKey, valueof(m_signerIdentifier_self), vc_eaHashedId8, p_publicKeyCompressed, p_compressedMode, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data) == false) { log("*** f_http_build_invalid_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); f_selfOrClientSyncAndVerdict("error", e_error); } log("*** f_http_build_invalid_enrolment_request: DEBUG: p_ieee1609dot2_signed_and_encrypted_data = ", p_ieee1609dot2_signed_and_encrypted_data); } // End of function f_http_build_enrolment_request } // End of group http Loading Loading @@ -388,6 +424,7 @@ module LibItsPki_Functions { var integer v_ephemeralKeyModeCompressed; var octetstring v_encrypted_inner_ec_request; // Signed the encoded PKI message v_tbs := m_toBeSignedData( m_signedDataPayload( Loading Loading @@ -466,6 +503,16 @@ module LibItsPki_Functions { return true; } // End of function f_build_pki_secured_message /** * @desc Verify the protocol element of the Pki message * @param p_private_key Private key for encryption * @param p_issuer Issuer * @param p_peer_certificate IUT EA certificate identifier * @param p_ieee1609dot2_encrypted_and_signed_data The public compressed key (canonical form) for encryption * @param p_check_security Set to true to check signatures * @param p_etsi_ts_102941_data The EtsiTs102941Data message * @return true on success, false otherwise */ function f_verify_pki_message( in octetstring v_private_enc_key, in octetstring p_issuer, Loading Loading @@ -526,6 +573,68 @@ module LibItsPki_Functions { return true; } // End of function f_verify_pki_message /** * @desc Verify the generated EA certificate * @param p_ea_certificate The new EA certificate * @param p_publicKeyCompressed The public compressed key (canonical form) for signature check * @param p_compressedMode The public compressed key mode * @return true on success, false otherwise */ function f_verify_ea_certificate( in Certificate p_ea_certificate, in octetstring p_publicKeyCompressed, in integer p_compressedMode ) return boolean { var bitstring v_encoded_tbs; var boolean v_result; // Check certificate format v_result := match(p_ea_certificate, mw_etsiTs103097Certificate(mw_issuerIdentifier_self, mw_toBeSignedCertificate_ea, -)); // Check the signer // Check EA certificate signature v_encoded_tbs := encvalue(p_ea_certificate.toBeSigned); v_result := v_result and f_verifyWithEcdsaNistp256WithSha256( bit2oct(v_encoded_tbs), int2oct(0, 32), // self p_ea_certificate.signature_.ecdsaNistP256Signature.rSig.x_only & p_ea_certificate.signature_.ecdsaNistP256Signature.sSig, p_publicKeyCompressed, p_compressedMode); return v_result; } // End of function f_verify_ea_certificate /** * @desc Verify the generated AA certificate * @param p_aa_certificate The new EA certificate * @param p_publicKeyCompressed The public compressed key (canonical form) for signature check * @param p_compressedMode The public compressed key mode * @return true on success, false otherwise */ function f_verify_aa_certificate( in Certificate p_aa_certificate, in octetstring p_publicKeyCompressed, in integer p_compressedMode ) return boolean { var bitstring v_encoded_tbs; var boolean v_result; // Check certificate format v_result := match(p_aa_certificate, mw_etsiTs103097Certificate(mw_issuerIdentifier_self, mw_toBeSignedCertificate_aa, -)); // Check the signer // Check EA certificate signature v_encoded_tbs := encvalue(p_aa_certificate.toBeSigned); v_result := v_result and f_verifyWithEcdsaNistp256WithSha256( bit2oct(v_encoded_tbs), int2oct(0, 32), // self p_aa_certificate.signature_.ecdsaNistP256Signature.rSig.x_only & p_aa_certificate.signature_.ecdsaNistP256Signature.sSig, p_publicKeyCompressed, p_compressedMode); return v_result; } // End of function f_verify_aa_certificate } // End of group inner_ec_xxx group altstes { Loading
ttcn/Pki/LibItsPki_Pics.ttcn +5 −0 Original line number Diff line number Diff line Loading @@ -25,4 +25,9 @@ module LibItsPki_Pics { */ modulepar charstring PICS_TS_CERTIFICATE_ID := "CERT_TS_A_EA"; /** * @desc Certificate used by the Test System */ modulepar charstring PICS_HTTP_GET_URI := "/its/inner_ec_request"; } // End of module LibItsPki_Pics
ttcn/Pki/LibItsPki_TypesAndValues.ttcn +6 −1 Original line number Diff line number Diff line Loading @@ -10,10 +10,15 @@ */ module LibItsPki_TypesAndValues { // LibIts import from IEEE1609dot2BaseTypes language "ASN.1:1997" all; group constants { const integer PkiProtocolVersion := 1; const Psid its_aid_secured_cert_request := 12345; } // End of group constants group acPrimitives { Loading
