Commit ca69dcbb authored by garciay's avatar garciay
Browse files

STF538: Certificate TPs implementation

parent 755c231a
......@@ -2581,24 +2581,6 @@ module LibItsGeoNetworking_Functions {
}
} // End of altstep a_securedMessageWithCertificate
/**
* @desc Receive GN message with security containing certificate chain as a signer info
* @param p_cert returns the certificate used for sign received message
*/
/* FIXME To be reviewed altstep a_securedMessageWithCertificateChain(
out EtsiTs103097Data p_received
) runs on ItsGeoNetworking {
[] a_securedMessage (
mw_securedMessage(
superset(
mw_header_field_signer_info_certificate_chain
)),
p_received
) {
// Nothing to do
}
}*/ // End of altstep a_securedMessageWithCertificateChain
/**
* @desc Receive GN message with security containing digest as a signer info
* @param p_cert returns the certificate used for sign received message
......@@ -2641,8 +2623,8 @@ module LibItsGeoNetworking_Functions {
var SignerIdentifier v_signerIdentifier;
if (f_getMsgSignerIdentifier(v_recv, v_signerIdentifier) == true) {
if (ischosen(v_signerIdentifier.certificate)) {
p_cert := v_signerIdentifier.certificate[0];
v_ret := true;
p_cert := v_signerIdentifier.certificate[0];
v_ret := true;
}
}
}
......@@ -2651,28 +2633,6 @@ module LibItsGeoNetworking_Functions {
return v_ret;
} // End of function f_waitForCertificate
/**
* @desc Wait for GN message with security containing certificate chain as a signer info
* @return the certificate used for sign received message
*/
function f_waitForCertificateChain (out SequenceOfCertificate p_chain)
runs on ItsGeoNetworking
return boolean {
var EtsiTs103097Data v_recv;
var boolean v_ret := false;
/* FIXME To be reviewed alt {
[] a_securedMessageWithCertificateChain(v_recv) {
var SignerIdentifier v_si;
if(f_getMsgSignerInfo(v_recv, v_si)) {
p_chain := v_si.signerInfo.certificates;
v_ret := true;
}
}
}*/
return v_ret;
}
/**
* @desc Ask for the certificate chain and wait for GN message with security containing certificate chain as a signer info
* @return the certificate chain used for sign received message
......@@ -2686,11 +2646,12 @@ module LibItsGeoNetworking_Functions {
alt {
[] a_securedMessageWithCertificate(v_recv) {
var SignerIdentifier v_signerIdentifier;
if (f_getMsgSignerIdentifier(v_recv, v_signerIdentifier) == true) {
if (f_getMsgSignerIdentifier(v_recv, v_signerIdentifier) == true) { // Get AT certificate
if(ischosen(v_signerIdentifier.digest)) {
f_sendCertificateRequest(v_signerIdentifier.digest, p_CamPayload);
f_sendCertificateRequest(v_signerIdentifier.digest, p_CamPayload); // Request issuer
if(tc_ac.running) {
tc_ac.stop;tc_ac.start;
tc_ac.stop;
tc_ac.start;
}
v_ret := true;
}
......@@ -2712,56 +2673,21 @@ module LibItsGeoNetworking_Functions {
var EtsiTs103097Data v_recv;
var SignerIdentifier v_signerIdentifier;
var boolean v_ret := false;
f_askForCertificateChain(p_CamPayload); // Get AT certificate and request for the issuer
alt {
[] a_securedMessageWithCertificate(v_recv) {
[] a_securedMessageWithCertificate(v_recv) { // Get AA certificate
tc_ac.stop;
if (f_getMsgSignerIdentifier(v_recv, v_signerIdentifier) == true) {
if(ischosen(v_signerIdentifier.digest)) {
f_sendCertificateRequest(v_signerIdentifier.digest, p_CamPayload);
f_sendCertificateRequest(v_signerIdentifier.digest, p_CamPayload);
tc_ac.start;
repeat;
}
p_chain := v_signerIdentifier.certificate;
}
}
/* FIXME To be done [] a_securedMessageWithCertificateChain(v_recv) {
tc_ac.stop;
if (f_getMsgSignerIdentifier(v_recv, v_signerIdentifier) == true) { // FIXME How to receive chain of certificate
p_chain := v_signerIdentifier.certificate;
v_ret := true;
}
}*/
} // End of 'alt' statement
return v_ret;
} // End of function f_askAndWaitForCertificateChain
/**
* @desc Wait for GN message with security containing digest as a signer info
* @return the digest of the certificate been used to sign received message
*/
function f_waitForDigest(
out HashedId8 p_digest
) runs on ItsGeoNetworking return boolean {
// Local variables
var EtsiTs103097Data v_recv;
var boolean v_ret := false;
/* FIXME To be reviewed alt {
[] a_securedMessageWithDigest(v_recv) {
var SignerIdentifier v_si;
if(f_getMsgSignerInfo(v_recv, v_si)) {
p_digest := v_si.signerInfo.digest;
v_ret := true;
}
}
}*/ // End of 'alt' statement
return v_ret;
} // End of function f_waitForDigest
/**
* @desc Send a CAM message with a certificate and wait the certificate chain request message
* @remark This function is used only for testing against another ATS
......
......@@ -1452,8 +1452,8 @@ module LibItsSecurity_Functions {
*/
function f_unloadCertificates() runs on ItsSecurityBaseComponent return boolean {
// Reset security component variables
vc_signingPrivateKey := '0000000000000000000000000000000000000000000000000000000000000000'O;
vc_encryptPrivateKey := '0000000000000000000000000000000000000000000000000000000000000000'O;
vc_signingPrivateKey := ''O;
vc_encryptPrivateKey := ''O;
// Clear certificates memory cache
return fx_unloadCertificates();
} // End of function f_unloadCertificates
......
......@@ -1204,7 +1204,7 @@ module LibItsSecurity_Templates {
template (present) SequenceOfPsidGroupPermissions p_certIssuePermissions := ?,
template (present) SequenceOfPsidGroupPermissions p_certRequestPermissions := ?,
template (present) VerificationKeyIndicator p_verifyKeyIndicator := ?,
template ValidityPeriod p_validityPeriod := *,
template (present) ValidityPeriod p_validityPeriod := ?,
template GeographicRegion p_region := *,
template SubjectAssurance p_assuranceLevel := *,
template PublicEncryptionKey p_encryptionKey := *
......@@ -1215,10 +1215,10 @@ module LibItsSecurity_Templates {
validityPeriod := p_validityPeriod,
region := p_region,
assuranceLevel := p_assuranceLevel,
appPermissions := *,
appPermissions := omit,
certIssuePermissions := p_certIssuePermissions,
certRequestPermissions := p_certRequestPermissions,
canRequestRollover := *,
canRequestRollover := omit,
encryptionKey := p_encryptionKey,
verifyKeyIndicator := p_verifyKeyIndicator
} // End of template mw_toBeSignedCertificate
......@@ -1270,9 +1270,9 @@ module LibItsSecurity_Templates {
region := p_region,
assuranceLevel := p_assuranceLevel,
appPermissions := p_appPermissions,
certIssuePermissions := *,
certRequestPermissions := *,
canRequestRollover := *,
certIssuePermissions := omit,
certRequestPermissions := omit,
canRequestRollover := omit,
encryptionKey := p_encryptionKey,
verifyKeyIndicator := p_verifyKeyIndicator
} // End of template mw_toBeSignedCertificate_ea
......@@ -1386,9 +1386,9 @@ module LibItsSecurity_Templates {
region := p_region,
assuranceLevel := p_assuranceLevel,
appPermissions := p_appPermissions,
certIssuePermissions := *,
certRequestPermissions := *,
canRequestRollover := *,
certIssuePermissions := omit,
certRequestPermissions := omit,
canRequestRollover := omit,
encryptionKey := p_encryptionKey,
verifyKeyIndicator := p_verifyKeyIndicator
} // End of template mw_toBeSignedCertificate_at
......@@ -1513,12 +1513,30 @@ module LibItsSecurity_Templates {
eeType := p_eeType
} // End of template m_psidGroupPermissions
template (present) PsidGroupPermissions mw_psidGroupPermissions(
template (present) SubjectPermissions p_subjectPermissions := ?,
integer p_minChainLength := 1,
integer p_chainLengthRange := 0,
template (present) EndEntityType p_eeType := ?
) := {
subjectPermissions := p_subjectPermissions,
minChainLength := p_minChainLength,
chainLengthRange := p_chainLengthRange,
eeType := p_eeType
} // End of template mw_psidGroupPermissions
template (value) SubjectPermissions m_subjectPermissions_explicit(
in template (value) SequenceOfPsidSspRange p_certIssuePermissions
) := {
explicit := p_certIssuePermissions
} // End of template m_subjectPermissions_explicit
template (present) SubjectPermissions mw_subjectPermissions_explicit(
template (present) SequenceOfPsidSspRange p_certIssuePermissions := ?
) := {
explicit := p_certIssuePermissions
} // End of template mw_subjectPermissions_explicit
template (value) SubjectPermissions m_subjectPermissions_all := {
all_ := NULL
} // End of template m_subjectPermissions_all
......
......@@ -37,8 +37,8 @@ module LibItsSecurity_TestSystem {
var charstring vc_hashedId8ToBeUsed := PX_IUT_DEFAULT_CERTIFICATE; /** Digest value of the AT certificate to be used by the IUT. Default: CERT_IUT_A_AT */
// Private keys
var Oct32 vc_signingPrivateKey;
var Oct32 vc_encryptPrivateKey;
var octetstring vc_signingPrivateKey;
var octetstring vc_encryptPrivateKey;
// Generation position. See Draft ETSI TS 103 097 V1.1.14 Clause 7.2 Security profiles for DENMs
var ThreeDLocation vc_location;
......
......@@ -133,7 +133,7 @@ module LibItsSremSsem_Templates {
* @param p_ssemMsg The expected SSEM Message
*/
template (present) SsemInd mw_ssemInd(
template (present) SSEM p_ssemMsg
template (present) SSEM p_ssemMsg := ?
) := {
msgIn := p_ssemMsg,
gnNextHeader := *,
......@@ -540,7 +540,7 @@ module LibItsSremSsem_Templates {
* @desc Receive template for SSEM Message
*/
template (present) SignalStatusMessage mw_defaultSsem(
template MsgCount p_sequenceNumber := *
template (present) MsgCount p_sequenceNumber := ?
) := {
timeStamp := *,
second := ?,
......@@ -550,12 +550,12 @@ module LibItsSremSsem_Templates {
}
template (present) SignalStatusMessage mw_ssemWellFormatted(
template MsgCount p_sequenceNumber := *
template (present) MsgCount p_sequenceNumber := ?
) modifies mw_defaultSsem := {
}
template (present) SignalStatusMessage mw_ssem_with_region_id(
template MsgCount p_sequenceNumber := *,
template (present) MsgCount p_sequenceNumber := ?,
template (present) SignalStatusMessage.regional p_regional := ?
) modifies mw_defaultSsem := {
regional := p_regional
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment