Update after ETSI ITS CMS-7

c591ac73 · YannGarcia · 969b2095 · c591ac73 · c591ac73 · c591ac73
Commit c591ac73 authored Nov 18, 2019 by YannGarcia
--- a/ttcn/Pki/LibItsPki_Functions.ttcn
+++ b/ttcn/Pki/LibItsPki_Functions.ttcn
--- a/ttcn/Pki/LibItsPki_Pixits.ttcn
+++ b/ttcn/Pki/LibItsPki_Pixits.ttcn
@@ -35,13 +35,17 @@ module LibItsPki_Pixits {
   */
  modulepar SecurityAlg PX_EC_ALG_FOR_EC  := e_nist_p256; // TODO Use RCA to determine encryption algorithm?
  /**
-   * @desc Indicate which encryption algorithem to be used for Authorization Request
+   * @desc Indicate which encryption algorithem to be used for Authorization Request (AA certificate of the IUT)
   */
  modulepar SecurityAlg PX_EC_ALG_FOR_AT  := e_nist_p256;
  /**
-   * @desc Indicate which encryption algorithem to be used for Authorization Validation Request
+   * @desc Indicate which encryption algorithem to be used for Authorization Validation Request (EA certificate of the IUT)
   */
  modulepar SecurityAlg PX_EC_ALG_FOR_ATV := e_nist_p256;
+  /**
+   * @desc Indicate which encryption algorithem to be used for EcSignature (EA certificate of the IUT)
+   */
+  modulepar SecurityAlg PX_EC_ALG_FOR_EC_SIGN := e_nist_p256;
  /**
   * @desc Indicate which verification algorithem to be used

--- a/ttcn/Pki/LibItsPki_Templates.ttcn
+++ b/ttcn/Pki/LibItsPki_Templates.ttcn
@@ -278,6 +278,15 @@ module LibItsPki_Templates {
  certIssuePermissions := omit
  } // End of template m_certificateSubjectAttributes_id_none
+  template (omit) CertificateSubjectAttributes m_certificateSubjectAttributes_id_omit(
+                                                                                      in template (value) SequenceOfPsidSsp p_appPermissions,
+                                                                                      in template (omit) ValidityPeriod p_validityPeriod := omit,
+                                                                                      in template (omit) GeographicRegion p_region := omit,
+                                                                                      in template (omit) SubjectAssurance p_assuranceLevel := omit
+                                                                                      ) modifies m_certificateSubjectAttributes_id_none := {
+  id                   := omit
+  } // End of template m_certificateSubjectAttributes_id_omit
  template (omit) CertificateSubjectAttributes m_certificateSubjectAttributes_id_name(
                                                                                      in template (value) Hostname p_name,
                                                                                      in template (value) SequenceOfPsidSsp p_appPermissions,
@@ -482,7 +491,7 @@ module LibItsPki_Templates {
                                                                          template (present) SequenceOfPsidSsp p_appPermissions := ?,
                                                                          template CertificateId p_id := *,
                                                                          template (present) ValidityPeriod p_validityPeriod := ?,
-                                                                          template (present) SubjectAssurance p_assuranceLevel := ?,
+                                                                          template SubjectAssurance p_assuranceLevel := *,
                                                                          template GeographicRegion p_region := *,
                                                                          template SequenceOfPsidGroupPermissions p_certIssuePermissions := omit
                                                                          ) := {

--- a/ttcn/Pki/LibItsPki_TestSystem.ttcn
+++ b/ttcn/Pki/LibItsPki_TestSystem.ttcn
@@ -77,11 +77,13 @@ module LibItsPki_TestSystem {
      var octetstring vc_eaPrivateKey;        /** Test Adapter EA private key for signature */
      var octetstring vc_eaPrivateEncKey;     /** Test Adapter EA private key for encryption */
      var octetstring vc_eaWholeHash;         /** Test Adapter EA whole-hash for signature check */
+      var octetstring vc_eaWholeHash256;      /** Test Adapter EA whole-hash using SHA 256 for encryption because of encryption key size ==32 */
      var HashedId8   vc_eaHashedId8;         /** Test Adapter EA HashedId8 for decryption of IUT's response */
      var octetstring vc_aaPrivateKey;        /** Test Adapter AA private key for signature */
      var octetstring vc_aaPrivateEncKey;     /** Test Adapter AA private key for encryption */
      var HashedId8   vc_aaHashedId8;         /** Test Adapter AA HashedId8 for decryption of IUT's response */
      var octetstring vc_aaWholeHash;         /** Test Adapter AA whole-hash for signature check */
+      var octetstring vc_aaWholeHash256;      /** Test Adapter EA whole-hash using SHA 256 for encryption because of encryption key size ==32 */
    } // End of component ItsPkiHttp
    /**

--- a/ttcn/Security/LibItsSecurity_Functions.ttcn
+++ b/ttcn/Security/LibItsSecurity_Functions.ttcn
@@ -107,6 +107,9 @@ module LibItsSecurity_Functions {
                                                        in Oct48 p_certificateIssuer,
                                                        in Oct48 p_privateKey
        ) return octetstring {
+          log(">>> f_signWithEcdsaBrainpoolp384WithSha384: ", p_toBeSignedSecuredMessage);
+          log(">>> f_signWithEcdsaBrainpoolp384WithSha384: ", p_certificateIssuer);
+          log(">>> f_signWithEcdsaBrainpoolp384WithSha384: ", p_privateKey);
            return fx_signWithEcdsaBrainpoolp384WithSha384(
                p_toBeSignedSecuredMessage,
                p_certificateIssuer,
@@ -865,8 +868,8 @@ module LibItsSecurity_Functions {
                                                                        );
                  p_securedMessage.content.signedData.signature_ := valueof(m_signature_ecdsaBrainpoolP384r1(
                                                                                                             m_ecdsaP384Signature(
-                                                                                                                                  m_eccP384CurvePoint_x_only(substr(v_signature, 0, 32)),
+                                                                                                                                  m_eccP384CurvePoint_x_only(substr(v_signature, 0, 48)),
-                                                                                                                                  substr(v_signature, 32, 32)
+                                                                                                                                  substr(v_signature, 48, 48)
                                                                                                                                  )
                                                                                                             ));
                } // TODO To be continued
@@ -904,7 +907,7 @@ module LibItsSecurity_Functions {
                var octetstring v_secPayload, v_signature;
                var template (value) ToBeSignedData v_toBeSignedData;
                var integer i, j, k, n;
-                var HeaderInfo v_headerFields := {};
+                var HeaderInfo v_headerFields;
                var Ieee1609Dot2Content v_toBeSignedPayload;
                var Oct32 v_privateKey;
                var UInt8 v_trailerSize;
@@ -1207,7 +1210,7 @@ module LibItsSecurity_Functions {
                // Local variables
                var EtsiTs103097Certificate v_aaCertificate, v_atCertificate;
-                var HeaderInfo v_mandatoryHeaders := {};
+                var HeaderInfo v_mandatoryHeaders;
                var HeaderInfo v_signerInfo;
                // Load certificates if required
@@ -1282,7 +1285,7 @@ module LibItsSecurity_Functions {
                // Local variables
                var EtsiTs103097Certificate v_aaCertificate, v_atCertificate;
-                var HeaderInfo v_mandatoryHeaders := {};
+                var HeaderInfo v_mandatoryHeaders;
                var HeaderInfo v_signerInfo;
                // Load certificates if required
@@ -1359,7 +1362,7 @@ module LibItsSecurity_Functions {
                // Local variables
                var EtsiTs103097Certificate v_aaCertificate, v_atCertificate;
-                var HeaderInfo v_mandatoryHeaders := {};
+                var HeaderInfo v_mandatoryHeaders;
                var HeaderInfo v_signerInfo;
                // Load certificates if required
@@ -1429,7 +1432,7 @@ module LibItsSecurity_Functions {
                // Local variables
                var EtsiTs103097Certificate v_aaCertificate, v_atCertificate;
-                var HeaderInfo v_mandatoryHeaders := {};
+                var HeaderInfo v_mandatoryHeaders;
                var HeaderInfo v_signerInfo;
                // Load certificates if required
@@ -1504,7 +1507,7 @@ module LibItsSecurity_Functions {
                // Local variables
                var EtsiTs103097Certificate v_aaCertificate, v_atCertificate;
-                var HeaderInfo v_mandatoryHeaders := {};
+                var HeaderInfo v_mandatoryHeaders;
                var HeaderInfo v_signerInfo;
                // Load certificates if required
@@ -2044,7 +2047,7 @@ module LibItsSecurity_Functions {
                }
              } // End of 'for' statement
              if (v_found == false) {
-                log("f_verifySspPermissions: Permission set not found: ", v_issuerPsidSsp)
+                log("f_verifySspPermissions: Permission set not found: ", v_issuerPsidSsp);
                if (p_strict_checks == true) {
                  return false;
                } else {
@@ -2054,7 +2057,7 @@ module LibItsSecurity_Functions {
              // 2. Validate bits mask
              if (ispresent(v_issuerPsidSsp.ssp)) {
                if (ispresent(v_subordinatePsidSsp.ssp) == false) {
-                  log("f_verifySspPermissions: Ssp shall not be omitted: ", v_issuerPsidSsp)
+                  log("f_verifySspPermissions: Ssp shall not be omitted: ", v_issuerPsidSsp);
                  if (p_strict_checks == true) {
                    return false;
                  }
@@ -2277,6 +2280,23 @@ module LibItsSecurity_Functions {
                return true;
            } // End of function f_getCertificateHash
+            /**
+             * @desc    Read the whole-hash of the certificate SHA 256
+             * @param   p_certificate_id the certificate identifier
+             * @param   p_hash          the whole-hash of the certificate using SHA 256
+             * @return  true on success, false otherwise
+             */
+            function f_getCertificateHash256(
+                                             in charstring p_certificate_id,
+                                             out Oct32 p_hash
+            ) return boolean {
+                if (not fx_readCertificateHash256(p_certificate_id, p_hash)){
+                    log("f_getCertificateHash256: Failed to retrieve digest for ", p_certificate_id);
+                    return false;
+                }
+                return true;
+            } // End of function f_getCertificateHash
            function f_getCertificateFromDigest(
                                                in HashedId8 p_digest, 
                                                out EtsiTs103097Certificate p_certificate
@@ -2657,7 +2677,7 @@ module LibItsSecurity_Functions {
            * @return  true on success, false otherwise
            */
            external function fx_loadCertificates(in charstring p_rootDirectory, in charstring p_configId) return boolean;
-            external function fx_store_certificate(in charstring p_cert_id, in octetstring p_cert, in octetstring p_private_key, in octetstring p_public_key_x, in octetstring p_public_key_y, in octetstring p_public_key_compressed, in integer p_public_key_compressed_mode, in octetstring p_hash, in octetstring p_hashid8, in octetstring p_issuer, in template (omit) octetstring p_private_enc_key, in template (omit) octetstring p_public_enc_key_x, in template (omit) octetstring p_public_enc_key_y, in template (omit) octetstring p_public_enc_compressed_key, in template (omit) integer p_public_enc_key_compressed_mode) return boolean;
+            external function fx_store_certificate(in charstring p_cert_id, in octetstring p_cert, in octetstring p_private_key, in octetstring p_public_key_x, in octetstring p_public_key_y, in octetstring p_public_key_compressed, in integer p_public_key_compressed_mode, in octetstring p_hash, in octetstring p_hash_256, in octetstring p_hashid8, in octetstring p_issuer, in template (omit) octetstring p_private_enc_key, in template (omit) octetstring p_public_enc_key_x, in template (omit) octetstring p_public_enc_key_y, in template (omit) octetstring p_public_enc_compressed_key, in template (omit) integer p_public_enc_key_compressed_mode) return boolean;
            /**
             * @desc    Unload from memory cache the certificates
@@ -2689,6 +2709,14 @@ module LibItsSecurity_Functions {
             */
            external function fx_readCertificateHash(in charstring p_certificate_id, out octetstring p_hash) return boolean;
+            /**
+             * @desc    Read the whole-hash of the specified certificate using SHA 256
+             * @param   p_certificate_id the certificate identifier
+             * @param   p_hash          the whole-hash of the certificate
+             * @return  true on success, false otherwise
+             */
+            external function fx_readCertificateHash256(in charstring p_certificate_id, out Oct32 p_hash) return boolean;
            external function fx_readCertificateFromDigest(in HashedId8 p_digest, out charstring p_certificate_id) return boolean;
            external function fx_readCertificateFromHashedId3(in HashedId3 p_digest, out charstring p_certificate_id) return boolean;