Loading ttcn/Pki/LibItsPki_Functions.ttcn +116 −25 Original line number Diff line number Diff line Loading @@ -78,7 +78,8 @@ module LibItsPki_Functions { * @param p_certificateId The certificate identifier the TA shall use in case of secured IUT */ function f_cfHttpUp( in charstring p_certificateId := "CERT_TS_A_EA" // TODO Use a constant in charstring p_certificateId := "CERT_TS_A_EA", // TODO Use a constant in charstring p_peerCertificateId := "CERT_IUT_A_EA" ) runs on ItsPkiHttp /* TITAN TODO: system ItsPkiHttpSystem */ { map(self:httpPort, system:httpPort); Loading @@ -92,7 +93,9 @@ module LibItsPki_Functions { f_prepareCertificates(p_certificateId, vc_aaCertificate, vc_atCertificate); f_readCertificate(p_certificateId, vc_eaCertificate); f_readSigningKey(p_certificateId, vc_eaPrivateKey); f_readEncryptingKey(p_certificateId, vc_eaPrivateEncKey); f_getCertificateDigest(p_certificateId, vc_eaHashedId8); f_getCertificateHash(p_peerCertificateId, vc_eaPeerWholeHash); } // End of function f_cfHttpUp /** Loading Loading @@ -162,13 +165,47 @@ module LibItsPki_Functions { } // End of group ac_port group http { function f_http_build_enrolment_request( out octetstring p_private_key, out octetstring p_publicKeyX, out octetstring p_publicKeyY, out octetstring p_publicKeyCompressed, out integer p_compressedMode, out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data ) runs on ItsPkiHttp { var InnerEcRequest v_inner_ec_request; var Ieee1609Dot2Data v_inner_ec_request_signed_for_pop; var bitstring v_inner_ec_request_signed_for_pop_msg; if (f_generate_inner_ec_request(p_private_key, p_publicKeyX, p_publicKeyY, p_publicKeyCompressed, p_compressedMode, v_inner_ec_request) == false) { log("*** f_http_build_enrolment_request: ERROR: Failed to generate InnerEcRequest ***"); f_selfOrClientSyncAndVerdict("error", e_error); } // Generate InnerEcRequestSignedForPoP if (f_generate_inner_ec_request_signed_for_pop(p_private_key, v_inner_ec_request, v_inner_ec_request_signed_for_pop) == false) { log("*** f_http_build_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); f_selfOrClientSyncAndVerdict("error", e_error); } // Secure InnerEcRequestSignedForPoP message v_inner_ec_request_signed_for_pop_msg := encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop)); if (f_build_pki_secured_message(vc_eaPrivateKey, valueof(m_signerIdentifier_self), vc_eaHashedId8, p_publicKeyCompressed, p_compressedMode, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data) == false) { log("*** f_http_build_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); f_selfOrClientSyncAndVerdict("error", e_error); } log("*** f_http_build_enrolment_request: DEBUF: p_ieee1609dot2_signed_and_encrypted_data = ", p_ieee1609dot2_signed_and_encrypted_data); } // End of function f_http_build_enrolment_request } // End of group http group inner_ec_xxx { function f_generate_inner_ec_request( out Oct32 p_private_key, out Oct32 p_publicKeyX, out Oct32 p_publicKeyY, out Oct32 p_publicKeyCompressed, out octetstring p_private_key, out octetstring p_publicKeyX, out octetstring p_publicKeyY, out octetstring p_publicKeyCompressed, out integer p_compressedMode, out InnerEcRequest p_inner_ec_request ) return boolean { Loading Loading @@ -223,7 +260,7 @@ module LibItsPki_Functions { } // End of function f_generate_inner_ec_request function f_generate_inner_ec_request_signed_for_pop( in Oct32 p_private_key, in octetstring p_private_key, in InnerEcRequest p_inner_ec_request, out Ieee1609Dot2Data p_inner_ec_request_signed_for_pop ) return boolean { Loading @@ -231,7 +268,7 @@ module LibItsPki_Functions { var template (value) EccP256CurvePoint v_eccP256_curve_point; var octetstring v_encoded_inner_ec_request; var template (value) ToBeSignedData v_tbs; var Oct32 v_tbs_signed; var octetstring v_tbs_signed; // Encode it v_encoded_inner_ec_request := bit2oct(encvalue(p_inner_ec_request)); Loading Loading @@ -269,6 +306,24 @@ module LibItsPki_Functions { return true; } // End of function f_generate_inner_ec_request_signed_for_pop function f_generate_inner_ec_response( in octetstring p_inner_ec_request_hashed_id, in EtsiTs103097Certificate p_certificate, out InnerEcResponse p_inner_ec_response ) return boolean { // Local variables // Build the Proof of Possession InnerEcResponse p_inner_ec_response := valueof( m_innerEcResponse_ok( substr(p_inner_ec_request_hashed_id, 0, 16), p_certificate ) ); return true; } // End of function f_generate_inner_ec_response } // End of group inner_ec_xxx group pki_functions { Loading @@ -289,7 +344,7 @@ module LibItsPki_Functions { in octetstring p_private_key, in SignerIdentifier p_signer_identifier, in HashedId8 p_recipientId, in Oct32 p_publicKeyCompressed, in octetstring p_publicKeyCompressed, in integer p_compressedMode, in octetstring p_pki_message, out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data Loading @@ -297,14 +352,14 @@ module LibItsPki_Functions { // Local variables var template (value) EccP256CurvePoint v_eccP256_curve_point; var template (value) ToBeSignedData v_tbs; var Oct32 v_tbs_signed; var octetstring v_tbs_signed; var template (value) Ieee1609Dot2Data v_ieee1609dot2_signed_data; var octetstring v_encoded_inner_ec_request; var Oct12 v_nonce; var Oct16 v_authentication_vector; var Oct16 v_encrypted_sym_key; var HashedId8 v_recipientId; var Oct32 v_publicEphemeralKeyCompressed; var octetstring v_publicEphemeralKeyCompressed; var integer v_ephemeralKeyModeCompressed; var octetstring v_encrypted_inner_ec_request; Loading Loading @@ -386,23 +441,59 @@ module LibItsPki_Functions { return true; } // End of function f_build_pki_secured_message function f_generate_inner_ec_response( in Oct32 p_inner_ec_request_hashed_id, in EtsiTs103097Certificate p_certificate, out InnerEcResponse p_inner_ec_response function f_verify_pki_message( in octetstring v_private_enc_key, in octetstring p_issuer, in Certificate p_peer_certificate, in Ieee1609Dot2Data p_ieee1609dot2_encrypted_and_signed_data, in boolean p_check_signature := true, out EtsiTs102941Data p_etsi_ts_102941_data ) return boolean { // Local variables var Ieee1609Dot2Data v_ieee1609dot2_signed_data; var bitstring v_etsi_ts_102941_data_msg; var bitstring v_tbs; var boolean v_ret; // Build the Proof of Possession InnerEcResponse p_inner_ec_response := valueof( m_innerEcResponse_ok( substr(p_inner_ec_request_hashed_id, 0, 16), p_certificate ) ); // 1. Decrypt the data if (f_decrypt(v_private_enc_key, p_ieee1609dot2_encrypted_and_signed_data, v_ieee1609dot2_signed_data) == false) { return false; } log("v_ieee1609dot2_signed_data= ", v_ieee1609dot2_signed_data); // 2. Check the signature v_tbs := encvalue(v_ieee1609dot2_signed_data.content.signedData.tbsData); if (ischosen(p_peer_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0)) { v_ret := f_verifyWithEcdsaNistp256WithSha256( bit2oct(v_tbs), p_issuer, v_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig, p_peer_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0, 0); } else { v_ret := f_verifyWithEcdsaNistp256WithSha256( bit2oct(v_tbs), p_issuer, v_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig, p_peer_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_1, 1); } if ((v_ret == false) and (p_check_signature == true)) { return false; } // 3. Retrun the PKI message v_etsi_ts_102941_data_msg := oct2bit(v_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData); if (decvalue(v_etsi_ts_102941_data_msg, p_etsi_ts_102941_data) != 0) { return false; } if (p_etsi_ts_102941_data.version != PkiProtocolVersion) { return false; } return true; } // End of function f_generate_inner_ec_response } // End of function f_verify_pki_message } // End of group inner_ec_xxx Loading ttcn/Pki/LibItsPki_TestSystem.ttcn +4 −2 Original line number Diff line number Diff line Loading @@ -72,8 +72,10 @@ module LibItsPki_TestSystem { type component ItsPkiHttp extends ItsSecurityBaseComponent, HttpComponent { var Certificate vc_eaCertificate; /** Test Adapter EA certificate */ var octetstring vc_eaPrivateKey; /** Test Adapter EA proivate key for signature */ var HashedId8 vc_eaHashedId8; /** Test Adapter EA HashedId8 for RecipientId */ var octetstring vc_eaPrivateKey; /** Test Adapter EA private key for signature */ var octetstring vc_eaPrivateEncKey; /** Test Adapter EA private key for encryption */ var HashedId8 vc_eaHashedId8; /** Test Adapter EA HashedId8 for decryption of IUT's response */ var octetstring vc_eaPeerWholeHash; /** IUT EA whole-hash for signature check */ } // End of component ItsPki type component ItsPkiItss extends ItsGeoNetworking { Loading ttcn/Pki/LibItsPki_TypesAndValues.ttcn +6 −0 Original line number Diff line number Diff line Loading @@ -10,6 +10,12 @@ */ module LibItsPki_TypesAndValues { group constants { const integer PkiProtocolVersion := 1; } // End of group constants group acPrimitives { /** Loading Loading
ttcn/Pki/LibItsPki_Functions.ttcn +116 −25 Original line number Diff line number Diff line Loading @@ -78,7 +78,8 @@ module LibItsPki_Functions { * @param p_certificateId The certificate identifier the TA shall use in case of secured IUT */ function f_cfHttpUp( in charstring p_certificateId := "CERT_TS_A_EA" // TODO Use a constant in charstring p_certificateId := "CERT_TS_A_EA", // TODO Use a constant in charstring p_peerCertificateId := "CERT_IUT_A_EA" ) runs on ItsPkiHttp /* TITAN TODO: system ItsPkiHttpSystem */ { map(self:httpPort, system:httpPort); Loading @@ -92,7 +93,9 @@ module LibItsPki_Functions { f_prepareCertificates(p_certificateId, vc_aaCertificate, vc_atCertificate); f_readCertificate(p_certificateId, vc_eaCertificate); f_readSigningKey(p_certificateId, vc_eaPrivateKey); f_readEncryptingKey(p_certificateId, vc_eaPrivateEncKey); f_getCertificateDigest(p_certificateId, vc_eaHashedId8); f_getCertificateHash(p_peerCertificateId, vc_eaPeerWholeHash); } // End of function f_cfHttpUp /** Loading Loading @@ -162,13 +165,47 @@ module LibItsPki_Functions { } // End of group ac_port group http { function f_http_build_enrolment_request( out octetstring p_private_key, out octetstring p_publicKeyX, out octetstring p_publicKeyY, out octetstring p_publicKeyCompressed, out integer p_compressedMode, out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data ) runs on ItsPkiHttp { var InnerEcRequest v_inner_ec_request; var Ieee1609Dot2Data v_inner_ec_request_signed_for_pop; var bitstring v_inner_ec_request_signed_for_pop_msg; if (f_generate_inner_ec_request(p_private_key, p_publicKeyX, p_publicKeyY, p_publicKeyCompressed, p_compressedMode, v_inner_ec_request) == false) { log("*** f_http_build_enrolment_request: ERROR: Failed to generate InnerEcRequest ***"); f_selfOrClientSyncAndVerdict("error", e_error); } // Generate InnerEcRequestSignedForPoP if (f_generate_inner_ec_request_signed_for_pop(p_private_key, v_inner_ec_request, v_inner_ec_request_signed_for_pop) == false) { log("*** f_http_build_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); f_selfOrClientSyncAndVerdict("error", e_error); } // Secure InnerEcRequestSignedForPoP message v_inner_ec_request_signed_for_pop_msg := encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop)); if (f_build_pki_secured_message(vc_eaPrivateKey, valueof(m_signerIdentifier_self), vc_eaHashedId8, p_publicKeyCompressed, p_compressedMode, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data) == false) { log("*** f_http_build_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); f_selfOrClientSyncAndVerdict("error", e_error); } log("*** f_http_build_enrolment_request: DEBUF: p_ieee1609dot2_signed_and_encrypted_data = ", p_ieee1609dot2_signed_and_encrypted_data); } // End of function f_http_build_enrolment_request } // End of group http group inner_ec_xxx { function f_generate_inner_ec_request( out Oct32 p_private_key, out Oct32 p_publicKeyX, out Oct32 p_publicKeyY, out Oct32 p_publicKeyCompressed, out octetstring p_private_key, out octetstring p_publicKeyX, out octetstring p_publicKeyY, out octetstring p_publicKeyCompressed, out integer p_compressedMode, out InnerEcRequest p_inner_ec_request ) return boolean { Loading Loading @@ -223,7 +260,7 @@ module LibItsPki_Functions { } // End of function f_generate_inner_ec_request function f_generate_inner_ec_request_signed_for_pop( in Oct32 p_private_key, in octetstring p_private_key, in InnerEcRequest p_inner_ec_request, out Ieee1609Dot2Data p_inner_ec_request_signed_for_pop ) return boolean { Loading @@ -231,7 +268,7 @@ module LibItsPki_Functions { var template (value) EccP256CurvePoint v_eccP256_curve_point; var octetstring v_encoded_inner_ec_request; var template (value) ToBeSignedData v_tbs; var Oct32 v_tbs_signed; var octetstring v_tbs_signed; // Encode it v_encoded_inner_ec_request := bit2oct(encvalue(p_inner_ec_request)); Loading Loading @@ -269,6 +306,24 @@ module LibItsPki_Functions { return true; } // End of function f_generate_inner_ec_request_signed_for_pop function f_generate_inner_ec_response( in octetstring p_inner_ec_request_hashed_id, in EtsiTs103097Certificate p_certificate, out InnerEcResponse p_inner_ec_response ) return boolean { // Local variables // Build the Proof of Possession InnerEcResponse p_inner_ec_response := valueof( m_innerEcResponse_ok( substr(p_inner_ec_request_hashed_id, 0, 16), p_certificate ) ); return true; } // End of function f_generate_inner_ec_response } // End of group inner_ec_xxx group pki_functions { Loading @@ -289,7 +344,7 @@ module LibItsPki_Functions { in octetstring p_private_key, in SignerIdentifier p_signer_identifier, in HashedId8 p_recipientId, in Oct32 p_publicKeyCompressed, in octetstring p_publicKeyCompressed, in integer p_compressedMode, in octetstring p_pki_message, out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data Loading @@ -297,14 +352,14 @@ module LibItsPki_Functions { // Local variables var template (value) EccP256CurvePoint v_eccP256_curve_point; var template (value) ToBeSignedData v_tbs; var Oct32 v_tbs_signed; var octetstring v_tbs_signed; var template (value) Ieee1609Dot2Data v_ieee1609dot2_signed_data; var octetstring v_encoded_inner_ec_request; var Oct12 v_nonce; var Oct16 v_authentication_vector; var Oct16 v_encrypted_sym_key; var HashedId8 v_recipientId; var Oct32 v_publicEphemeralKeyCompressed; var octetstring v_publicEphemeralKeyCompressed; var integer v_ephemeralKeyModeCompressed; var octetstring v_encrypted_inner_ec_request; Loading Loading @@ -386,23 +441,59 @@ module LibItsPki_Functions { return true; } // End of function f_build_pki_secured_message function f_generate_inner_ec_response( in Oct32 p_inner_ec_request_hashed_id, in EtsiTs103097Certificate p_certificate, out InnerEcResponse p_inner_ec_response function f_verify_pki_message( in octetstring v_private_enc_key, in octetstring p_issuer, in Certificate p_peer_certificate, in Ieee1609Dot2Data p_ieee1609dot2_encrypted_and_signed_data, in boolean p_check_signature := true, out EtsiTs102941Data p_etsi_ts_102941_data ) return boolean { // Local variables var Ieee1609Dot2Data v_ieee1609dot2_signed_data; var bitstring v_etsi_ts_102941_data_msg; var bitstring v_tbs; var boolean v_ret; // Build the Proof of Possession InnerEcResponse p_inner_ec_response := valueof( m_innerEcResponse_ok( substr(p_inner_ec_request_hashed_id, 0, 16), p_certificate ) ); // 1. Decrypt the data if (f_decrypt(v_private_enc_key, p_ieee1609dot2_encrypted_and_signed_data, v_ieee1609dot2_signed_data) == false) { return false; } log("v_ieee1609dot2_signed_data= ", v_ieee1609dot2_signed_data); // 2. Check the signature v_tbs := encvalue(v_ieee1609dot2_signed_data.content.signedData.tbsData); if (ischosen(p_peer_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0)) { v_ret := f_verifyWithEcdsaNistp256WithSha256( bit2oct(v_tbs), p_issuer, v_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig, p_peer_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0, 0); } else { v_ret := f_verifyWithEcdsaNistp256WithSha256( bit2oct(v_tbs), p_issuer, v_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig, p_peer_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_1, 1); } if ((v_ret == false) and (p_check_signature == true)) { return false; } // 3. Retrun the PKI message v_etsi_ts_102941_data_msg := oct2bit(v_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData); if (decvalue(v_etsi_ts_102941_data_msg, p_etsi_ts_102941_data) != 0) { return false; } if (p_etsi_ts_102941_data.version != PkiProtocolVersion) { return false; } return true; } // End of function f_generate_inner_ec_response } // End of function f_verify_pki_message } // End of group inner_ec_xxx Loading
ttcn/Pki/LibItsPki_TestSystem.ttcn +4 −2 Original line number Diff line number Diff line Loading @@ -72,8 +72,10 @@ module LibItsPki_TestSystem { type component ItsPkiHttp extends ItsSecurityBaseComponent, HttpComponent { var Certificate vc_eaCertificate; /** Test Adapter EA certificate */ var octetstring vc_eaPrivateKey; /** Test Adapter EA proivate key for signature */ var HashedId8 vc_eaHashedId8; /** Test Adapter EA HashedId8 for RecipientId */ var octetstring vc_eaPrivateKey; /** Test Adapter EA private key for signature */ var octetstring vc_eaPrivateEncKey; /** Test Adapter EA private key for encryption */ var HashedId8 vc_eaHashedId8; /** Test Adapter EA HashedId8 for decryption of IUT's response */ var octetstring vc_eaPeerWholeHash; /** IUT EA whole-hash for signature check */ } // End of component ItsPki type component ItsPkiItss extends ItsGeoNetworking { Loading
ttcn/Pki/LibItsPki_TypesAndValues.ttcn +6 −0 Original line number Diff line number Diff line Loading @@ -10,6 +10,12 @@ */ module LibItsPki_TypesAndValues { group constants { const integer PkiProtocolVersion := 1; } // End of group constants group acPrimitives { /** Loading
