STF538: Certificate TPs implementation

ca69dcbb · garciay · 755c231a · ca69dcbb · ca69dcbb · ca69dcbb
Commit ca69dcbb authored Feb 26, 2018 by garciay
--- a/ttcn/GeoNetworking/LibItsGeoNetworking_Functions.ttcn
+++ b/ttcn/GeoNetworking/LibItsGeoNetworking_Functions.ttcn
@@ -2581,24 +2581,6 @@ module LibItsGeoNetworking_Functions {
      }
    } // End of altstep a_securedMessageWithCertificate

-    /**
-     * @desc         Receive GN message with security containing certificate chain as a signer info
-     * @param p_cert returns the certificate used for sign received message
-     */
-    /* FIXME To be reviewed altstep a_securedMessageWithCertificateChain(
-                                                 out EtsiTs103097Data p_received
-                                                 ) runs on ItsGeoNetworking {
-      [] a_securedMessage (
-                           mw_securedMessage(
-                                              superset(
-                                                       mw_header_field_signer_info_certificate_chain
-                                                       )),
-                           p_received
-                           ) {
-        // Nothing to do
-      }
-    }*/ // End of altstep a_securedMessageWithCertificateChain
-        
    /**
     * @desc         Receive GN message with security containing digest as a signer info
     * @param p_cert returns the certificate used for sign received message
@@ -2641,8 +2623,8 @@ module LibItsGeoNetworking_Functions {
          var SignerIdentifier v_signerIdentifier;
          if (f_getMsgSignerIdentifier(v_recv, v_signerIdentifier) == true) { 
            if (ischosen(v_signerIdentifier.certificate)) {
-            p_cert :=  v_signerIdentifier.certificate[0];
-            v_ret := true;
+              p_cert :=  v_signerIdentifier.certificate[0];
+              v_ret := true;
            }
          }
        }
@@ -2651,28 +2633,6 @@ module LibItsGeoNetworking_Functions {
      return v_ret;
    } // End of function f_waitForCertificate
        
-    /**
-     * @desc  Wait for GN message with security containing certificate chain as a signer info
-     * @return the certificate used for sign received message
-     */
-    function f_waitForCertificateChain (out SequenceOfCertificate p_chain)
-    runs on ItsGeoNetworking
-    return boolean {
-      var EtsiTs103097Data v_recv;
-      var boolean v_ret := false;
-            
-      /* FIXME To be reviewed alt {
-        [] a_securedMessageWithCertificateChain(v_recv) {
-          var SignerIdentifier v_si;
-          if(f_getMsgSignerInfo(v_recv, v_si)) {
-          p_chain :=  v_si.signerInfo.certificates;
-          v_ret := true;
-          }
-        }
-      }*/
-      return v_ret;
-    }
-
    /**
     * @desc  Ask for the certificate chain and wait for GN message with security containing certificate chain as a signer info
     * @return the certificate chain used for sign received message
@@ -2686,11 +2646,12 @@ module LibItsGeoNetworking_Functions {
      alt {
        [] a_securedMessageWithCertificate(v_recv) {
          var SignerIdentifier v_signerIdentifier;
-          if (f_getMsgSignerIdentifier(v_recv, v_signerIdentifier) == true) { 
+          if (f_getMsgSignerIdentifier(v_recv, v_signerIdentifier) == true) { // Get AT certificate
            if(ischosen(v_signerIdentifier.digest)) {
-              f_sendCertificateRequest(v_signerIdentifier.digest, p_CamPayload);
+              f_sendCertificateRequest(v_signerIdentifier.digest, p_CamPayload); // Request issuer
              if(tc_ac.running) {
-                tc_ac.stop;tc_ac.start;
+                tc_ac.stop;
+                tc_ac.start;
              }
              v_ret := true;
            }
@@ -2712,56 +2673,21 @@ module LibItsGeoNetworking_Functions {
      var EtsiTs103097Data v_recv;
      var SignerIdentifier v_signerIdentifier;
      var boolean v_ret := false;
-            
+      
+      f_askForCertificateChain(p_CamPayload); // Get AT certificate and request for the issuer
      alt {
-        [] a_securedMessageWithCertificate(v_recv) {
+        [] a_securedMessageWithCertificate(v_recv) { // Get AA certificate
          tc_ac.stop;
          
          if (f_getMsgSignerIdentifier(v_recv, v_signerIdentifier) == true) { 
-            if(ischosen(v_signerIdentifier.digest)) {
-              f_sendCertificateRequest(v_signerIdentifier.digest, p_CamPayload);
-                f_sendCertificateRequest(v_signerIdentifier.digest, p_CamPayload);
-                tc_ac.start;
-                repeat;
-              }
+            p_chain := v_signerIdentifier.certificate;
          }
        }
-        /* FIXME To be done [] a_securedMessageWithCertificateChain(v_recv) {
-          tc_ac.stop;
-          if (f_getMsgSignerIdentifier(v_recv, v_signerIdentifier) == true) { // FIXME How to receive chain of certificate
-            p_chain := v_signerIdentifier.certificate;
-            v_ret := true;
-          } 
-          }*/
      } // End of 'alt' statement
            
      return v_ret;
    } // End of function f_askAndWaitForCertificateChain
        
-    /**
-     * @desc  Wait for GN message with security containing digest as a signer info
-     * @return the digest of the certificate been used to sign received message
-     */
-    function f_waitForDigest(
-                             out HashedId8 p_digest
-                             ) runs on ItsGeoNetworking return boolean {
-      // Local variables
-      var EtsiTs103097Data v_recv;
-      var boolean v_ret := false;
-            
-      /* FIXME To be reviewed alt {
-        [] a_securedMessageWithDigest(v_recv) {
-          var SignerIdentifier v_si;
-          if(f_getMsgSignerInfo(v_recv, v_si)) { 
-          p_digest :=  v_si.signerInfo.digest;
-          v_ret := true;
-          }
-        }
-      }*/ // End of 'alt' statement
-            
-      return v_ret;
-    } // End of function f_waitForDigest
-        
    /**
     * @desc Send a CAM message with a certificate and wait the certificate chain request message
     * @remark  This function is used only for testing against another ATS

--- a/ttcn/Security/LibItsSecurity_Functions.ttcn
+++ b/ttcn/Security/LibItsSecurity_Functions.ttcn
@@ -1452,8 +1452,8 @@ module LibItsSecurity_Functions {
            */
            function f_unloadCertificates() runs on ItsSecurityBaseComponent return boolean {
                // Reset security component variables
-                vc_signingPrivateKey := '0000000000000000000000000000000000000000000000000000000000000000'O;
-                vc_encryptPrivateKey := '0000000000000000000000000000000000000000000000000000000000000000'O;
+                vc_signingPrivateKey := ''O;
+                vc_encryptPrivateKey := ''O;
                // Clear certificates memory cache
                return fx_unloadCertificates();
            } // End of function f_unloadCertificates

--- a/ttcn/Security/LibItsSecurity_Templates.ttcn
+++ b/ttcn/Security/LibItsSecurity_Templates.ttcn
@@ -1204,7 +1204,7 @@ module LibItsSecurity_Templates {
                                                                   template (present) SequenceOfPsidGroupPermissions p_certIssuePermissions := ?,
                                                                   template (present) SequenceOfPsidGroupPermissions p_certRequestPermissions := ?,
                                                                   template (present) VerificationKeyIndicator p_verifyKeyIndicator := ?,
-                                                                   template ValidityPeriod p_validityPeriod := *,
+                                                                   template (present) ValidityPeriod p_validityPeriod := ?,
                                                                   template GeographicRegion p_region := *,
                                                                   template SubjectAssurance p_assuranceLevel := *,
                                                                   template PublicEncryptionKey p_encryptionKey := *
@@ -1215,10 +1215,10 @@ module LibItsSecurity_Templates {
            validityPeriod         := p_validityPeriod,
            region                 := p_region,
            assuranceLevel         := p_assuranceLevel,
-            appPermissions         := *,
+            appPermissions         := omit,
            certIssuePermissions   := p_certIssuePermissions,
            certRequestPermissions := p_certRequestPermissions, 
-            canRequestRollover     := *,
+            canRequestRollover     := omit,
            encryptionKey          := p_encryptionKey,
            verifyKeyIndicator     := p_verifyKeyIndicator
        } // End of template mw_toBeSignedCertificate
@@ -1270,9 +1270,9 @@ module LibItsSecurity_Templates {
            region                 := p_region,
            assuranceLevel         := p_assuranceLevel,
            appPermissions         := p_appPermissions,
-            certIssuePermissions   := *,
-            certRequestPermissions := *, 
-            canRequestRollover     := *,
+            certIssuePermissions   := omit,
+            certRequestPermissions := omit, 
+            canRequestRollover     := omit,
            encryptionKey          := p_encryptionKey,
            verifyKeyIndicator     := p_verifyKeyIndicator
        } // End of template mw_toBeSignedCertificate_ea
@@ -1386,9 +1386,9 @@ module LibItsSecurity_Templates {
            region                 := p_region,
            assuranceLevel         := p_assuranceLevel,
            appPermissions         := p_appPermissions,
-            certIssuePermissions   := *,
-            certRequestPermissions := *, 
-            canRequestRollover     := *,
+            certIssuePermissions   := omit,
+            certRequestPermissions := omit, 
+            canRequestRollover     := omit,
            encryptionKey          := p_encryptionKey,
            verifyKeyIndicator     := p_verifyKeyIndicator
        } // End of template mw_toBeSignedCertificate_at
@@ -1513,12 +1513,30 @@ module LibItsSecurity_Templates {
            eeType             := p_eeType
        } // End of template m_psidGroupPermissions
        
+        template (present) PsidGroupPermissions mw_psidGroupPermissions(
+                                                                        template (present) SubjectPermissions p_subjectPermissions := ?,
+                                                                        integer p_minChainLength := 1,
+                                                                        integer p_chainLengthRange := 0, 
+                                                                        template (present) EndEntityType p_eeType := ?
+        ) := {
+            subjectPermissions := p_subjectPermissions,
+            minChainLength     := p_minChainLength,
+            chainLengthRange   := p_chainLengthRange, 
+            eeType             := p_eeType
+        } // End of template mw_psidGroupPermissions
+        
        template (value) SubjectPermissions m_subjectPermissions_explicit(
                                                                          in template (value) SequenceOfPsidSspRange p_certIssuePermissions
        ) := {
            explicit := p_certIssuePermissions
        } // End of template m_subjectPermissions_explicit
        
+        template (present) SubjectPermissions mw_subjectPermissions_explicit(
+                                                                             template (present) SequenceOfPsidSspRange p_certIssuePermissions := ?
+        ) := {
+            explicit := p_certIssuePermissions
+        } // End of template mw_subjectPermissions_explicit
+        
        template (value) SubjectPermissions m_subjectPermissions_all := {
            all_ := NULL
        } // End of template m_subjectPermissions_all

--- a/ttcn/Security/LibItsSecurity_TestSystem.ttcn
+++ b/ttcn/Security/LibItsSecurity_TestSystem.ttcn
@@ -37,8 +37,8 @@ module LibItsSecurity_TestSystem {
            var charstring  vc_hashedId8ToBeUsed := PX_IUT_DEFAULT_CERTIFICATE; /** Digest value of the AT certificate to be used by the IUT. Default: CERT_IUT_A_AT */
            
            // Private keys
-            var Oct32 vc_signingPrivateKey; 
-            var Oct32 vc_encryptPrivateKey; 
+            var octetstring vc_signingPrivateKey; 
+            var octetstring vc_encryptPrivateKey; 
            
            // Generation position. See Draft ETSI TS 103 097 V1.1.14 Clause 7.2    Security profiles for DENMs
            var ThreeDLocation vc_location; 

--- a/ttcn/SremSsem/LibItsSremSsem_Templates.ttcn
+++ b/ttcn/SremSsem/LibItsSremSsem_Templates.ttcn
@@ -133,7 +133,7 @@ module LibItsSremSsem_Templates {
         * @param   p_ssemMsg    The expected SSEM Message
         */
        template (present) SsemInd mw_ssemInd(
-                                              template (present) SSEM p_ssemMsg
+                                              template (present) SSEM p_ssemMsg := ?
        ) := {
            msgIn               := p_ssemMsg,
            gnNextHeader        := *,
@@ -540,7 +540,7 @@ module LibItsSremSsem_Templates {
             * @desc    Receive template for SSEM Message
             */
            template (present) SignalStatusMessage mw_defaultSsem(
-                                                                  template MsgCount p_sequenceNumber := *
+                                                                  template (present) MsgCount p_sequenceNumber := ?
            ) := {
                timeStamp       := *,
                second          := ?,
@@ -550,12 +550,12 @@ module LibItsSremSsem_Templates {
            }
            
            template (present) SignalStatusMessage mw_ssemWellFormatted(
-                                                                        template MsgCount p_sequenceNumber := *
+                                                                        template (present) MsgCount p_sequenceNumber := ?
            ) modifies mw_defaultSsem := {
            }
            
            template (present) SignalStatusMessage mw_ssem_with_region_id(
-                                                                          template MsgCount p_sequenceNumber := *,
+                                                                          template (present) MsgCount p_sequenceNumber := ?,
                                                                          template (present) SignalStatusMessage.regional p_regional := ?
            ) modifies mw_defaultSsem := {
                regional       := p_regional