Skip to content
GitLab
Commit b8fe1ca2 authored by garciay's avatar garciay
Browse files

STF545: Execute tests TC_SEC_PKI_SND_EA_BV_01 & TC_SEC_PKI_SND_EA_BV_02

parent 2748f3ac
Hide whitespace changes
Inline Side-by-side
ttcn/Pki/LibItsPki_Functions.ttcn
View file @ b8fe1ca2
......@@ -78,7 +78,8 @@ module LibItsPki_Functions {
* @param p_certificateId The certificate identifier the TA shall use in case of secured IUT
*/
function f_cfHttpUp(
in charstring p_certificateId := "CERT_TS_A_EA" // TODO Use a constant
in charstring p_certificateId := "CERT_TS_A_EA", // TODO Use a constant
in charstring p_peerCertificateId := "CERT_IUT_A_EA"
) runs on ItsPkiHttp /* TITAN TODO: system ItsPkiHttpSystem */ {
map(self:httpPort, system:httpPort);
......@@ -92,7 +93,9 @@ module LibItsPki_Functions {
f_prepareCertificates(p_certificateId, vc_aaCertificate, vc_atCertificate);
f_readCertificate(p_certificateId, vc_eaCertificate);
f_readSigningKey(p_certificateId, vc_eaPrivateKey);
f_readEncryptingKey(p_certificateId, vc_eaPrivateEncKey);
f_getCertificateDigest(p_certificateId, vc_eaHashedId8);
f_getCertificateHash(p_peerCertificateId, vc_eaPeerWholeHash);
} // End of function f_cfHttpUp
/**
......@@ -161,14 +164,48 @@ module LibItsPki_Functions {
}
} // End of group ac_port
group http {
function f_http_build_enrolment_request(
out octetstring p_private_key,
out octetstring p_publicKeyX,
out octetstring p_publicKeyY,
out octetstring p_publicKeyCompressed,
out integer p_compressedMode,
out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data
) runs on ItsPkiHttp {
var InnerEcRequest v_inner_ec_request;
var Ieee1609Dot2Data v_inner_ec_request_signed_for_pop;
var bitstring v_inner_ec_request_signed_for_pop_msg;
if (f_generate_inner_ec_request(p_private_key, p_publicKeyX, p_publicKeyY, p_publicKeyCompressed, p_compressedMode, v_inner_ec_request) == false) {
log("*** f_http_build_enrolment_request: ERROR: Failed to generate InnerEcRequest ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
// Generate InnerEcRequestSignedForPoP
if (f_generate_inner_ec_request_signed_for_pop(p_private_key, v_inner_ec_request, v_inner_ec_request_signed_for_pop) == false) {
log("*** f_http_build_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
// Secure InnerEcRequestSignedForPoP message
v_inner_ec_request_signed_for_pop_msg := encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop));
if (f_build_pki_secured_message(vc_eaPrivateKey, valueof(m_signerIdentifier_self), vc_eaHashedId8, p_publicKeyCompressed, p_compressedMode, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data) == false) {
log("*** f_http_build_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
log("*** f_http_build_enrolment_request: DEBUF: p_ieee1609dot2_signed_and_encrypted_data = ", p_ieee1609dot2_signed_and_encrypted_data);
} // End of function f_http_build_enrolment_request
} // End of group http
group inner_ec_xxx {
function f_generate_inner_ec_request(
out Oct32 p_private_key,
out Oct32 p_publicKeyX,
out Oct32 p_publicKeyY,
out Oct32 p_publicKeyCompressed,
out octetstring p_private_key,
out octetstring p_publicKeyX,
out octetstring p_publicKeyY,
out octetstring p_publicKeyCompressed,
out integer p_compressedMode,
out InnerEcRequest p_inner_ec_request
) return boolean {
......@@ -223,7 +260,7 @@ module LibItsPki_Functions {
} // End of function f_generate_inner_ec_request
function f_generate_inner_ec_request_signed_for_pop(
in Oct32 p_private_key,
in octetstring p_private_key,
in InnerEcRequest p_inner_ec_request,
out Ieee1609Dot2Data p_inner_ec_request_signed_for_pop
) return boolean {
......@@ -231,7 +268,7 @@ module LibItsPki_Functions {
var template (value) EccP256CurvePoint v_eccP256_curve_point;
var octetstring v_encoded_inner_ec_request;
var template (value) ToBeSignedData v_tbs;
var Oct32 v_tbs_signed;
var octetstring v_tbs_signed;
// Encode it
v_encoded_inner_ec_request := bit2oct(encvalue(p_inner_ec_request));
......@@ -269,6 +306,24 @@ module LibItsPki_Functions {
return true;
} // End of function f_generate_inner_ec_request_signed_for_pop
function f_generate_inner_ec_response(
in octetstring p_inner_ec_request_hashed_id,
in EtsiTs103097Certificate p_certificate,
out InnerEcResponse p_inner_ec_response
) return boolean {
// Local variables
// Build the Proof of Possession InnerEcResponse
p_inner_ec_response := valueof(
m_innerEcResponse_ok(
substr(p_inner_ec_request_hashed_id, 0, 16),
p_certificate
)
);
return true;
} // End of function f_generate_inner_ec_response
} // End of group inner_ec_xxx
group pki_functions {
......@@ -289,7 +344,7 @@ module LibItsPki_Functions {
in octetstring p_private_key,
in SignerIdentifier p_signer_identifier,
in HashedId8 p_recipientId,
in Oct32 p_publicKeyCompressed,
in octetstring p_publicKeyCompressed,
in integer p_compressedMode,
in octetstring p_pki_message,
out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data
......@@ -297,14 +352,14 @@ module LibItsPki_Functions {
// Local variables
var template (value) EccP256CurvePoint v_eccP256_curve_point;
var template (value) ToBeSignedData v_tbs;
var Oct32 v_tbs_signed;
var octetstring v_tbs_signed;
var template (value) Ieee1609Dot2Data v_ieee1609dot2_signed_data;
var octetstring v_encoded_inner_ec_request;
var Oct12 v_nonce;
var Oct16 v_authentication_vector;
var Oct16 v_encrypted_sym_key;
var HashedId8 v_recipientId;
var Oct32 v_publicEphemeralKeyCompressed;
var octetstring v_publicEphemeralKeyCompressed;
var integer v_ephemeralKeyModeCompressed;
var octetstring v_encrypted_inner_ec_request;
......@@ -385,25 +440,61 @@ module LibItsPki_Functions {
return true;
} // End of function f_build_pki_secured_message
function f_generate_inner_ec_response(
in Oct32 p_inner_ec_request_hashed_id,
in EtsiTs103097Certificate p_certificate,
out InnerEcResponse p_inner_ec_response
) return boolean {
function f_verify_pki_message(
in octetstring v_private_enc_key,
in octetstring p_issuer,
in Certificate p_peer_certificate,
in Ieee1609Dot2Data p_ieee1609dot2_encrypted_and_signed_data,
in boolean p_check_signature := true,
out EtsiTs102941Data p_etsi_ts_102941_data
) return boolean {
// Local variables
var Ieee1609Dot2Data v_ieee1609dot2_signed_data;
var bitstring v_etsi_ts_102941_data_msg;
var bitstring v_tbs;
var boolean v_ret;
// Build the Proof of Possession InnerEcResponse
p_inner_ec_response := valueof(
m_innerEcResponse_ok(
substr(p_inner_ec_request_hashed_id, 0, 16),
p_certificate
)
);
// 1. Decrypt the data
if (f_decrypt(v_private_enc_key, p_ieee1609dot2_encrypted_and_signed_data, v_ieee1609dot2_signed_data) == false) {
return false;
}
log("v_ieee1609dot2_signed_data= ", v_ieee1609dot2_signed_data);
// 2. Check the signature
v_tbs := encvalue(v_ieee1609dot2_signed_data.content.signedData.tbsData);
if (ischosen(p_peer_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0)) {
v_ret := f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_tbs),
p_issuer,
v_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
p_peer_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0,
0);
} else {
v_ret := f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_tbs),
p_issuer,
v_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
p_peer_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_1,
1);
}
if ((v_ret == false) and (p_check_signature == true)) {
return false;
}
// 3. Retrun the PKI message
v_etsi_ts_102941_data_msg := oct2bit(v_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData);
if (decvalue(v_etsi_ts_102941_data_msg, p_etsi_ts_102941_data) != 0) {
return false;
}
if (p_etsi_ts_102941_data.version != PkiProtocolVersion) {
return false;
}
return true;
} // End of function f_generate_inner_ec_response
} // End of function f_verify_pki_message
} // End of group inner_ec_xxx
} // End of module LibItsPki_Functions
ttcn/Pki/LibItsPki_TestSystem.ttcn
View file @ b8fe1ca2
......@@ -72,8 +72,10 @@ module LibItsPki_TestSystem {
type component ItsPkiHttp extends ItsSecurityBaseComponent, HttpComponent {
var Certificate vc_eaCertificate; /** Test Adapter EA certificate */
var octetstring vc_eaPrivateKey; /** Test Adapter EA proivate key for signature */
var HashedId8 vc_eaHashedId8; /** Test Adapter EA HashedId8 for RecipientId */
var octetstring vc_eaPrivateKey; /** Test Adapter EA private key for signature */
var octetstring vc_eaPrivateEncKey; /** Test Adapter EA private key for encryption */
var HashedId8 vc_eaHashedId8; /** Test Adapter EA HashedId8 for decryption of IUT's response */
var octetstring vc_eaPeerWholeHash; /** IUT EA whole-hash for signature check */
} // End of component ItsPki
type component ItsPkiItss extends ItsGeoNetworking {
......
ttcn/Pki/LibItsPki_TypesAndValues.ttcn
View file @ b8fe1ca2
......@@ -9,6 +9,12 @@
* All rights reserved.
*/
module LibItsPki_TypesAndValues {
group constants {
const integer PkiProtocolVersion := 1;
} // End of group constants
group acPrimitives {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment