Continue PKI ATS development (b90de034) · Commits · TTCN-3 Libraries / LibIts

ttcn/Pki/LibItsPki_Functions.ttcn

+132 −55

Original line number	Original line	Diff line number	Diff line
	@@ -110,8 +110,12 @@ module LibItsPki_Functions {

	// Setup AA certificate shared with PKI AA entity		// Setup AA certificate shared with PKI AA entity
	f_readCertificate(p_aa_certificate_id, vc_aaCertificate);		f_readCertificate(p_aa_certificate_id, vc_aaCertificate);
			f_readSigningKey(p_ea_certificate_id, vc_aaPrivateKey); // TODO To be removed
			f_readEncryptingKey(p_ea_certificate_id, vc_aaPrivateEncKey);
	f_getCertificateDigest(p_aa_certificate_id, vc_aaHashedId8);		f_getCertificateDigest(p_aa_certificate_id, vc_aaHashedId8);
	f_getCertificateHash(p_aa_certificate_id, vc_aaWholeHash);		f_getCertificateHash(p_aa_certificate_id, vc_aaWholeHash);
			log("f_cfHttpUp: vc_aaPrivateKey= ", vc_aaPrivateKey);
			log("f_cfHttpUp: vc_aaPrivateEncKey= ", vc_aaPrivateEncKey);
	log("f_cfHttpUp: vc_aaHashedId8= ", vc_aaHashedId8);		log("f_cfHttpUp: vc_aaHashedId8= ", vc_aaHashedId8);
	log("f_cfHttpUp: vc_aaWholeHash= ", vc_aaWholeHash);		log("f_cfHttpUp: vc_aaWholeHash= ", vc_aaWholeHash);

	@@ -417,6 +421,54 @@ module LibItsPki_Functions {
	return v_ret;		return v_ret;
	} // End of function f_verifyEcdsa		} // End of function f_verifyEcdsa

			function f_http_send(
			in HeaderLines p_headers,
			in template (value) HttpMessage p_http_message
			) runs on ItsPkiHttp {
			if (not(PICS_MULTIPLE_END_POINT)) {
			httpPort.send(p_http_message);
			} else {
			var charstring_list v_content_text;

			f_get_header(p_headers, c_header_content_text, v_content_text);

			if (not(isvalue(v_content_text))) {
			log("f_http_send: Failed to send message: header not found: ", c_header_content_text);
			return;
			}
			if (v_content_text == { "inner_ec_request" }) {
			log("f_http_send: Send on EC end point");
			f_set_headers_list({ c_header_host }, { PICS_HEADER_HOST_EC }, p_headers);
			if (ischosen(p_http_message.request)) {
			p_http_message.request.header := p_headers;
			} else {
			p_http_message.response.header := p_headers;
			}
			httpEcPort.send(p_http_message);
			} else if (v_content_text == { "inner_atv_request" }) {
			log("f_http_send: Send on ATV end point");
			f_set_headers_list({ c_header_host }, { PICS_HEADER_HOST_ATV }, p_headers);
			if (ischosen(p_http_message.request)) {
			p_http_message.request.header := p_headers;
			} else {
			p_http_message.response.header := p_headers;
			}
			httpAtVPort.send(p_http_message);
			} else if (v_content_text == { "inner_at_request" }) {
			log("f_http_send: Send on AT end point");
			f_set_headers_list({ c_header_host }, { PICS_HEADER_HOST_AT }, p_headers);
			if (ischosen(p_http_message.request)) {
			p_http_message.request.header := p_headers;
			} else {
			p_http_message.response.header := p_headers;
			}
			httpAtPort.send(p_http_message);
			} else {
			log("f_http_send: Invalid header value: ", v_content_text);
			}
			}
			} // End of function f_http_send

	} // End of group helpers		} // End of group helpers

	group http { // TODO Split into EnnerEc, Authorization & AuthorizationValidation		group http { // TODO Split into EnnerEc, Authorization & AuthorizationValidation
	@@ -551,6 +603,7 @@ module LibItsPki_Functions {
	in octetstring p_private_key := ''O,		in octetstring p_private_key := ''O,
	in octetstring p_digest := ''O,		in octetstring p_digest := ''O,
	in Oct16 p_aes_sym_key,		in Oct16 p_aes_sym_key,
			out InnerEcResponse p_inner_ec_response,
	out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data		out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data
	) return boolean {		) return boolean {
	// Local variables		// Local variables
	@@ -558,7 +611,6 @@ module LibItsPki_Functions {
	var octetstring v_msg;		var octetstring v_msg;
	var Oct12 v_nonce;		var Oct12 v_nonce;
	var Ieee1609Dot2Data v_ieee1609dot2_signed_data;		var Ieee1609Dot2Data v_ieee1609dot2_signed_data;
	var InnerEcResponse v_inner_ec_response;
	var EtsiTs103097Certificate v_ec_certificate;		var EtsiTs103097Certificate v_ec_certificate;
	var boolean p_result := false;		var boolean p_result := false;

	@@ -571,7 +623,7 @@ module LibItsPki_Functions {

	// Check expectred response		// Check expectred response
	if (p_responseCode != ok) {		if (p_responseCode != ok) {
	v_inner_ec_response := valueof(		p_inner_ec_response := valueof(
	m_innerEcResponse_ko(		m_innerEcResponse_ko(
	p_request_hash,		p_request_hash,
	p_responseCode		p_responseCode
	@@ -582,14 +634,14 @@ module LibItsPki_Functions {
	// Generate the certificate		// Generate the certificate
	if (f_generate_ec_certificate_for_inner_ec_response(p_inner_ec_request, p_private_key, p_digest, v_ec_certificate) == false) {		if (f_generate_ec_certificate_for_inner_ec_response(p_inner_ec_request, p_private_key, p_digest, v_ec_certificate) == false) {
	log("f_http_build_inner_ec_response: Failed to generate the certificate");		log("f_http_build_inner_ec_response: Failed to generate the certificate");
	v_inner_ec_response := valueof(		p_inner_ec_response := valueof(
	m_innerEcResponse_ko(		m_innerEcResponse_ko(
	p_request_hash,		p_request_hash,
	incompleterequest		incompleterequest
	)		)
	);		);
	} else {		} else {
	v_inner_ec_response := valueof(		p_inner_ec_response := valueof(
	m_innerEcResponse_ok(		m_innerEcResponse_ok(
	p_request_hash,		p_request_hash,
	v_ec_certificate		v_ec_certificate
	@@ -599,8 +651,8 @@ module LibItsPki_Functions {
	}		}

	// Secure the response		// Secure the response
	log("f_http_build_inner_ec_response: v_inner_ec_response= ", v_inner_ec_response);		log("f_http_build_inner_ec_response: p_inner_ec_response= ", p_inner_ec_response);
	v_msg := bit2oct(encvalue(v_inner_ec_response));		v_msg := bit2oct(encvalue(p_inner_ec_response));
	v_nonce := int2oct(f_getCurrentTime(), 32); // Random value		v_nonce := int2oct(f_getCurrentTime(), 32); // Random value
	// TODO Consider Sha384: m_signerIdentifier_digest(f_HashedId8FromSha384(p_digest))		// TODO Consider Sha384: m_signerIdentifier_digest(f_HashedId8FromSha384(p_digest))
	if (f_build_pki_secured_response_message(p_private_key,		if (f_build_pki_secured_response_message(p_private_key,
	@@ -611,7 +663,7 @@ module LibItsPki_Functions {
	p_ieee1609dot2_signed_and_encrypted_data		p_ieee1609dot2_signed_and_encrypted_data
	) == false) {		) == false) {
	log("f_http_build_inner_ec_response: Failed to generate the certificate");		log("f_http_build_inner_ec_response: Failed to generate the certificate");
	v_inner_ec_response := valueof(		p_inner_ec_response := valueof(
	m_innerEcResponse_ko(		m_innerEcResponse_ko(
	p_request_hash,		p_request_hash,
	deniedrequest		deniedrequest
	@@ -1506,54 +1558,6 @@ module LibItsPki_Functions {

	group awaiting_messages {		group awaiting_messages {

	function f_http_send(
	in HeaderLines p_headers,
	in template (value) HttpMessage p_http_message
	) runs on ItsPkiHttp {
	if (not(PICS_MULTIPLE_END_POINT)) {
	httpPort.send(p_http_message);
	} else {
	var charstring_list v_content_text;

	f_get_header(p_headers, c_header_content_text, v_content_text);

	if (not(isvalue(v_content_text))) {
	log("f_http_send: Failed to send message: header not found: ", c_header_content_text);
	return;
	}
	if (v_content_text == { "inner_ec_request" }) {
	log("f_http_send: Send on EC end point");
	f_set_headers_list({ c_header_host }, { PICS_HEADER_HOST_EC }, p_headers);
	if (ischosen(p_http_message.request)) {
	p_http_message.request.header := p_headers;
	} else {
	p_http_message.response.header := p_headers;
	}
	httpEcPort.send(p_http_message);
	} else if (v_content_text == { "inner_atv_request" }) {
	log("f_http_send: Send on ATV end point");
	f_set_headers_list({ c_header_host }, { PICS_HEADER_HOST_ATV }, p_headers);
	if (ischosen(p_http_message.request)) {
	p_http_message.request.header := p_headers;
	} else {
	p_http_message.response.header := p_headers;
	}
	httpAtVPort.send(p_http_message);
	} else if (v_content_text == { "inner_at_request" }) {
	log("f_http_send: Send on AT end point");
	f_set_headers_list({ c_header_host }, { PICS_HEADER_HOST_AT }, p_headers);
	if (ischosen(p_http_message.request)) {
	p_http_message.request.header := p_headers;
	} else {
	p_http_message.response.header := p_headers;
	}
	httpAtPort.send(p_http_message);
	} else {
	log("f_http_send: Invalid header value: ", v_content_text);
	}
	}
	} // End of function f_http_send

	function f_await_http_inner_ec_request_response(		function f_await_http_inner_ec_request_response(
	out Oct32 p_private_key,		out Oct32 p_private_key,
	out Oct32 p_compressed_public_key,		out Oct32 p_compressed_public_key,
	@@ -1586,6 +1590,7 @@ module LibItsPki_Functions {
	)))));		)))));
	tc_ac.start;		tc_ac.start;
	alt {		alt {
			// TODO Create a a_await_at_http_request_from_iut(
	[not(PICS_MULTIPLE_END_POINT)] httpPort.receive(		[not(PICS_MULTIPLE_END_POINT)] httpPort.receive(
	mw_http_response(		mw_http_response(
	mw_http_response_ok(		mw_http_response_ok(
	@@ -1660,6 +1665,78 @@ module LibItsPki_Functions {
	return false;		return false;
	} // End of function f_await_http_inner_ec_request_response		} // End of function f_await_http_inner_ec_request_response

			function f_await_ec_request_send_response(
			out InnerEcResponse p_inner_ec_response
			) runs on ItsPkiHttp return boolean {
			var HttpMessage v_request;
			var boolean v_result := false;

			log(">>> f_await_ec_request_send_response");

			tc_ac.start;
			alt {
			[] a_await_at_http_response_from_iut(
			mw_http_request(
			mw_http_request_post(
			PICS_HTTP_POST_URI_EC,
			-,
			mw_http_message_body_binary(
			mw_binary_body_ieee1609dot2_data(
			mw_enrolmentRequestMessage(
			mw_encryptedData(
			-,
			mw_SymmetricCiphertext_aes128ccm
			)))))),
			v_request
			) {
			var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
			var EtsiTs102941Data v_etsi_ts_102941_data;
			var Oct16 v_request_hash;
			var Oct16 v_aes_enc_key;
			var InnerEcRequest v_inner_ec_request;
			var template (value) HttpMessage v_response;
			var HeaderLines v_headers;

			tc_ac.stop;

			f_init_default_headers_list(-, "inner_ec_response", v_headers);

			if (f_verify_pki_request_message(vc_eaPrivateEncKey, vc_eaWholeHash/salt/, vc_eaWholeHash, v_request.request.body.binary_body.ieee1609dot2_data, false, v_request_hash, v_etsi_ts_102941_data, v_aes_enc_key) == false) { // Cannot decrypt the message
			log("f_await_ec_request_send_response: Failed to verify PKI message ***");
			// Send error message
			v_response := m_http_response(m_http_response_ko(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), v_headers, 400, "Bad request")); // Initialize v_reponse with an error message
			} else {
			log("f_await_ec_request_send_response: Receive ", v_etsi_ts_102941_data, " ***");
			if (f_verify_inner_ec_request_signed_for_pop(v_etsi_ts_102941_data, v_inner_ec_request) == false) {
			log("f_await_ec_request_send_response: Failed to verify PKI message ***");
			// Send error message
			f_http_build_inner_ec_response(v_inner_ec_request/Not required/, cantparse, v_request_hash, -, -, v_aes_enc_key, p_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
			v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), v_headers));
			} else {
			f_http_build_inner_ec_response(v_inner_ec_request, ok, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, p_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
			v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), v_headers));
			v_result := true;
			}
			f_http_send(
			v_headers,
			m_http_request(
			m_http_request_post(
			PICS_HTTP_POST_URI_EC,
			v_headers,
			m_http_message_body_binary(
			m_binary_body_ieee1609dot2_data(
			v_ieee1609dot2_signed_and_encrypted_data
			)))));
			}
			}
			[] tc_ac.timeout {
			log("f_await_ec_request_send_response: Expected message not received ***");
			}
			} // End of 'alt' statement

			return v_result;
			} // End of function f_await_ec_request_send_response

	} // End of group awaiting_messages		} // End of group awaiting_messages

	group pki_functions {		group pki_functions {

ttcn/Pki/LibItsPki_TestSystem.ttcn

+4 −7

Original line number	Original line	Diff line number	Diff line
	@@ -75,16 +75,13 @@ module LibItsPki_TestSystem {
	port HttpPort httpAtPort; /** Authorization end point */		port HttpPort httpAtPort; /** Authorization end point */
	var Certificate vc_eaCertificate; /** Test Adapter EA certificate */		var Certificate vc_eaCertificate; /** Test Adapter EA certificate */
	var octetstring vc_eaPrivateKey; /** Test Adapter EA private key for signature */		var octetstring vc_eaPrivateKey; /** Test Adapter EA private key for signature */
	// var Certificate vc_ecCertificate; /** Test Adapter AA certificate */
	// var octetstring vc_ecPrivateKey; /** Test Adapter AA private key for signature */
	var octetstring vc_eaPrivateEncKey; /** Test Adapter EA private key for encryption */		var octetstring vc_eaPrivateEncKey; /** Test Adapter EA private key for encryption */
			var octetstring vc_eaWholeHash; /** Test Adapter EA whole-hash for signature check */
	var HashedId8 vc_eaHashedId8; /** Test Adapter EA HashedId8 for decryption of IUT's response */		var HashedId8 vc_eaHashedId8; /** Test Adapter EA HashedId8 for decryption of IUT's response */
	var octetstring vc_eaWholeHash; /** TS EA whole-hash for signature check */		var octetstring vc_aaPrivateKey; /** Test Adapter AA private key for signature */
			var octetstring vc_aaPrivateEncKey; /** Test Adapter AA private key for encryption */
	var HashedId8 vc_aaHashedId8; /** Test Adapter AA HashedId8 for decryption of IUT's response */		var HashedId8 vc_aaHashedId8; /** Test Adapter AA HashedId8 for decryption of IUT's response */
	var octetstring vc_aaWholeHash; /** TS AA whole-hash for signature check */		var octetstring vc_aaWholeHash; /** Test Adapter AA whole-hash for signature check */
	// var HashedId8 vc_ecHashedId8; /** Test Adapter AA HashedId8 for decryption of IUT's response */
	// var Certificate vc_peerEaCertificate; /** IUT EA certificate for signature check */
	// var octetstring vc_eaPeerWholeHash; /** IUT EA whole-hash for signature check */
	} // End of component ItsPki		} // End of component ItsPki

	/**		/**

Admin message