Skip to content
GitLab
Commits (3)
Hide whitespace changes
Inline Side-by-side
ttcn/Http/LibItsHttp_Templates.ttcn
View file @ a4ba1556
...@@ -85,6 +85,19 @@ module LibItsHttp_Templates { ...@@ -85,6 +85,19 @@ module LibItsHttp_Templates {
body := p_body body := p_body
} // End of template m_http_request_post } // End of template m_http_request_post
template Request mw_http_request_post(
template (present) charstring p_uri := ?,
template (present) HeaderLines p_headers := ?,
template HttpMessageBody p_body := *
) := {
method := "POST",
uri := p_uri,
version_major := c_http_version_major,
version_minor := c_http_version_minor,
header := p_headers,
body := p_body
} // End of template mw_http_request_post
} // End of group http_requests } // End of group http_requests
group http_responses { group http_responses {
......
ttcn/Pki/LibItsPki_Functions.ttcn
View file @ a4ba1556
...@@ -102,6 +102,7 @@ module LibItsPki_Functions { ...@@ -102,6 +102,7 @@ module LibItsPki_Functions {
f_readSigningKey(p_ec_certificate_id, vc_ecPrivateKey); f_readSigningKey(p_ec_certificate_id, vc_ecPrivateKey);
f_readEncryptingKey(p_ea_certificate_id, vc_eaPrivateEncKey); f_readEncryptingKey(p_ea_certificate_id, vc_eaPrivateEncKey);
f_getCertificateDigest(p_ea_certificate_id, vc_eaHashedId8); f_getCertificateDigest(p_ea_certificate_id, vc_eaHashedId8);
f_getCertificateHash(p_ea_certificate_id, vc_eaWholeHash);
f_getCertificateDigest(p_ec_certificate_id, vc_ecHashedId8); f_getCertificateDigest(p_ec_certificate_id, vc_ecHashedId8);
f_readCertificate(p_peerCertificateId, vc_peerEaCertificate); f_readCertificate(p_peerCertificateId, vc_peerEaCertificate);
f_getCertificateHash(p_peerCertificateId, vc_eaPeerWholeHash); f_getCertificateHash(p_peerCertificateId, vc_eaPeerWholeHash);
...@@ -322,9 +323,9 @@ module LibItsPki_Functions { ...@@ -322,9 +323,9 @@ module LibItsPki_Functions {
log("*** f_http_build_inner_ec_request: Public encryption key comp: ", v_compressed_enc_key_mode); log("*** f_http_build_inner_ec_request: Public encryption key comp: ", v_compressed_enc_key_mode);
log("*** f_http_build_inner_ec_request: First enrolment: ", PX_FIRST_ENROLMENT); log("*** f_http_build_inner_ec_request: First enrolment: ", PX_FIRST_ENROLMENT);
if (PX_FIRST_ENROLMENT == true) { // This is the first enrolment, we used Factory keys if (PX_FIRST_ENROLMENT == true) { // This is the first enrolment, we used Factory keys
v_ret_code := f_build_pki_secured_message(PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY, valueof(m_signerIdentifier_self), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data); v_ret_code := f_build_pki_secured_message(PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY, valueof(m_signerIdentifier_self), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, vc_eaWholeHash, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data);
} else { // We use last valid EC certificate } else { // We use last valid EC certificate
v_ret_code := f_build_pki_secured_message(vc_ecPrivateKey, valueof(m_signerIdentifier_digest(vc_ecHashedId8)), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data); v_ret_code := f_build_pki_secured_message(vc_ecPrivateKey, valueof(m_signerIdentifier_digest(vc_ecHashedId8)), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, vc_eaWholeHash, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data);
} }
if (v_ret_code == false) { if (v_ret_code == false) {
log("*** f_http_build_inner_ec_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); log("*** f_http_build_inner_ec_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***");
...@@ -368,9 +369,9 @@ module LibItsPki_Functions { ...@@ -368,9 +369,9 @@ module LibItsPki_Functions {
log("*** f_http_build_inner_ec_request: Public encryption key: ", v_public_enc_key); log("*** f_http_build_inner_ec_request: Public encryption key: ", v_public_enc_key);
log("*** f_http_build_inner_ec_request: Public encryption key comp: ", v_compressed_enc_key_mode); log("*** f_http_build_inner_ec_request: Public encryption key comp: ", v_compressed_enc_key_mode);
if (PX_FIRST_ENROLMENT == true) { // This is the first enrolment, we used Factory keys if (PX_FIRST_ENROLMENT == true) { // This is the first enrolment, we used Factory keys
v_ret_code := f_build_pki_secured_message(PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY, valueof(m_signerIdentifier_self), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, bit2oct(encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop))), p_ieee1609dot2_signed_and_encrypted_data); v_ret_code := f_build_pki_secured_message(PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY, valueof(m_signerIdentifier_self), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, vc_eaWholeHash, bit2oct(encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop))), p_ieee1609dot2_signed_and_encrypted_data);
} else { // We use last valid EC certificate } else { // We use last valid EC certificate
v_ret_code := f_build_pki_secured_message(vc_ecPrivateKey, valueof(m_signerIdentifier_digest(vc_ecHashedId8)), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, bit2oct(encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop))), p_ieee1609dot2_signed_and_encrypted_data); v_ret_code := f_build_pki_secured_message(vc_ecPrivateKey, valueof(m_signerIdentifier_digest(vc_ecHashedId8)), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, vc_eaWholeHash, bit2oct(encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop))), p_ieee1609dot2_signed_and_encrypted_data);
} }
if (v_ret_code == false) { if (v_ret_code == false) {
log("*** f_http_build_invalid_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); log("*** f_http_build_invalid_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***");
...@@ -421,7 +422,7 @@ module LibItsPki_Functions { ...@@ -421,7 +422,7 @@ module LibItsPki_Functions {
**/ **/
log("*** f_http_build_inner_ec_request: ERROR: Need to add TestSystem variable vc_aa ***"); log("*** f_http_build_inner_ec_request: ERROR: Need to add TestSystem variable vc_aa ***");
f_selfOrClientSyncAndVerdict("error", e_error); f_selfOrClientSyncAndVerdict("error", e_error);
/* if (f_build_pki_secured_message(vc_aaPrivateKey, valueof(m_signerIdentifier_digest(vc_aaHashedId8)), vc_eaHashedId8/\*recipientId*\/, v_public_enc_key, v_compressed_enc_key_mode, bit2oct(encvalue(m_etsiTs102941Data_authorization_validation_request(v_authorization_validation_request))), p_ieee1609dot2_signed_and_encrypted_data) == false) { */ /* if (f_build_pki_secured_message(vc_aaPrivateKey, valueof(m_signerIdentifier_digest(vc_aaHashedId8)), vc_eaHashedId8/\*recipientId*\/, v_public_enc_key, v_compressed_enc_key_mode, vc_eaWholeHash, bit2oct(encvalue(m_etsiTs102941Data_authorization_validation_request(v_authorization_validation_request))), p_ieee1609dot2_signed_and_encrypted_data) == false) { */
/* log("*** f_http_build_authorization_validation_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); */ /* log("*** f_http_build_authorization_validation_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); */
/* f_selfOrClientSyncAndVerdict("error", e_error); */ /* f_selfOrClientSyncAndVerdict("error", e_error); */
/* } */ /* } */
...@@ -814,7 +815,7 @@ module LibItsPki_Functions { ...@@ -814,7 +815,7 @@ module LibItsPki_Functions {
} else { } else {
return false; return false;
} }
v_enc_signed_ec_signature := f_encryptWithEciesNistp256WithSha256(bit2oct(encvalue(v_signed_ec_signature)), v_public_enc_key, v_compressed_mode, v_publicEphemeralKeyCompressed, v_ephemeralKeyModeCompressed, v_encrypted_sym_key, v_authentication_vector, v_nonce); v_enc_signed_ec_signature := f_encryptWithEciesNistp256WithSha256(bit2oct(encvalue(v_signed_ec_signature)), v_public_enc_key, v_compressed_mode, ''O, v_publicEphemeralKeyCompressed, v_ephemeralKeyModeCompressed, v_encrypted_sym_key, v_authentication_vector, v_nonce);
v_recipientId := p_eaHashedId8; v_recipientId := p_eaHashedId8;
log("v_recipientId=", v_recipientId); log("v_recipientId=", v_recipientId);
// Fill Certificate template with the public compressed keys (canonical form) // Fill Certificate template with the public compressed keys (canonical form)
...@@ -951,6 +952,7 @@ module LibItsPki_Functions { ...@@ -951,6 +952,7 @@ module LibItsPki_Functions {
in HashedId8 p_recipientId, in HashedId8 p_recipientId,
in octetstring p_publicKeyCompressed, in octetstring p_publicKeyCompressed,
in integer p_compressedMode, in integer p_compressedMode,
in octetstring p_salt,
in octetstring p_pki_message, in octetstring p_pki_message,
out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data
) return boolean { ) return boolean {
...@@ -1003,7 +1005,7 @@ module LibItsPki_Functions { ...@@ -1003,7 +1005,7 @@ module LibItsPki_Functions {
// Encode EtsiTs103097Data-Signed data structure // Encode EtsiTs103097Data-Signed data structure
v_encoded_inner_ec_request := bit2oct(encvalue(v_ieee1609dot2_signed_data)); v_encoded_inner_ec_request := bit2oct(encvalue(v_ieee1609dot2_signed_data));
// Encrypt encode EtsiTs103097Data-Signed data structure // Encrypt encode EtsiTs103097Data-Signed data structure
v_encrypted_inner_ec_request := f_encryptWithEciesNistp256WithSha256(v_encoded_inner_ec_request, p_publicKeyCompressed, p_compressedMode, v_publicEphemeralKeyCompressed, v_ephemeralKeyModeCompressed, v_encrypted_sym_key, v_authentication_vector, v_nonce); v_encrypted_inner_ec_request := f_encryptWithEciesNistp256WithSha256(v_encoded_inner_ec_request, p_publicKeyCompressed, p_compressedMode, p_salt, v_publicEphemeralKeyCompressed, v_ephemeralKeyModeCompressed, v_encrypted_sym_key, v_authentication_vector, v_nonce);
log("p_recipientId=", p_recipientId); log("p_recipientId=", p_recipientId);
if (p_recipientId == int2oct(0, 8)) { if (p_recipientId == int2oct(0, 8)) {
log("v_encrypted_sym_key=", v_encrypted_sym_key); log("v_encrypted_sym_key=", v_encrypted_sym_key);
...@@ -1071,7 +1073,7 @@ module LibItsPki_Functions { ...@@ -1071,7 +1073,7 @@ module LibItsPki_Functions {
var boolean v_ret; var boolean v_ret;
// 1. Decrypt the data // 1. Decrypt the data
if (f_decrypt(v_private_enc_key, p_ieee1609dot2_encrypted_and_signed_data, v_ieee1609dot2_signed_data) == false) { if (f_decrypt(v_private_enc_key, p_ieee1609dot2_encrypted_and_signed_data, ''O, v_ieee1609dot2_signed_data) == false) {
if (p_check_security == true) { if (p_check_security == true) {
return false; return false;
} }
......
ttcn/Pki/LibItsPki_TestSystem.ttcn
View file @ a4ba1556
...@@ -101,6 +101,7 @@ module LibItsPki_TestSystem { ...@@ -101,6 +101,7 @@ module LibItsPki_TestSystem {
var octetstring vc_ecPrivateKey; /** Test Adapter EC private key for signature */ var octetstring vc_ecPrivateKey; /** Test Adapter EC private key for signature */
var octetstring vc_eaPrivateEncKey; /** Test Adapter EA private key for encryption */ var octetstring vc_eaPrivateEncKey; /** Test Adapter EA private key for encryption */
var HashedId8 vc_eaHashedId8; /** Test Adapter EA HashedId8 for decryption of IUT's response */ var HashedId8 vc_eaHashedId8; /** Test Adapter EA HashedId8 for decryption of IUT's response */
var octetstring vc_eaWholeHash; /** TS EA whole-hash for signature check */
var HashedId8 vc_ecHashedId8; /** Test Adapter EC HashedId8 for decryption of IUT's response */ var HashedId8 vc_ecHashedId8; /** Test Adapter EC HashedId8 for decryption of IUT's response */
var Certificate vc_peerEaCertificate; /** IUT EA certificate for signature check */ var Certificate vc_peerEaCertificate; /** IUT EA certificate for signature check */
var octetstring vc_eaPeerWholeHash; /** IUT EA whole-hash for signature check */ var octetstring vc_eaPeerWholeHash; /** IUT EA whole-hash for signature check */
......
ttcn/Security/LibItsSecurity_Functions.ttcn
View file @ a4ba1556
...@@ -118,6 +118,7 @@ module LibItsSecurity_Functions { ...@@ -118,6 +118,7 @@ module LibItsSecurity_Functions {
function f_decrypt( function f_decrypt(
in octetstring p_encryptPrivateKey, in octetstring p_encryptPrivateKey,
in EtsiTs103097Data p_encrypedSecuredMessage, in EtsiTs103097Data p_encrypedSecuredMessage,
in octetstring p_salt,
out EtsiTs103097Data p_decrypedSecuredMessage out EtsiTs103097Data p_decrypedSecuredMessage
) return boolean { ) return boolean {
if (ischosen(p_encrypedSecuredMessage.content.encryptedData)) { if (ischosen(p_encrypedSecuredMessage.content.encryptedData)) {
...@@ -152,7 +153,8 @@ module LibItsSecurity_Functions { ...@@ -152,7 +153,8 @@ module LibItsSecurity_Functions {
0, 0,
v_pKRecipientInfo.encKey.eciesNistP256.c, v_pKRecipientInfo.encKey.eciesNistP256.c,
v_pKRecipientInfo.encKey.eciesNistP256.t, v_pKRecipientInfo.encKey.eciesNistP256.t,
v_ciphertext.aes128ccm.nonce v_ciphertext.aes128ccm.nonce,
p_salt
); );
} else if (ischosen(v_pKRecipientInfo.encKey.eciesNistP256.v.compressed_y_1)) { } else if (ischosen(v_pKRecipientInfo.encKey.eciesNistP256.v.compressed_y_1)) {
v_decryptedSecuredMessage := f_decryptWithEciesNistp256WithSha256( v_decryptedSecuredMessage := f_decryptWithEciesNistp256WithSha256(
...@@ -162,7 +164,8 @@ module LibItsSecurity_Functions { ...@@ -162,7 +164,8 @@ module LibItsSecurity_Functions {
1, 1,
v_pKRecipientInfo.encKey.eciesNistP256.c, v_pKRecipientInfo.encKey.eciesNistP256.c,
v_pKRecipientInfo.encKey.eciesNistP256.t, v_pKRecipientInfo.encKey.eciesNistP256.t,
v_ciphertext.aes128ccm.nonce v_ciphertext.aes128ccm.nonce,
p_salt
); );
} else { } else {
log("*** " & testcasename() & ":ERROR: Non canonical ephemeral encryption keys ***"); log("*** " & testcasename() & ":ERROR: Non canonical ephemeral encryption keys ***");
...@@ -238,6 +241,7 @@ module LibItsSecurity_Functions { ...@@ -238,6 +241,7 @@ module LibItsSecurity_Functions {
in octetstring p_toBeEncryptedSecuredMessage, in octetstring p_toBeEncryptedSecuredMessage,
in Oct32 p_recipientsPublicKeyCompressed, in Oct32 p_recipientsPublicKeyCompressed,
in integer p_compressedMode, in integer p_compressedMode,
in octetstring p_salt,
out Oct32 p_publicEphemeralKeyCompressed, out Oct32 p_publicEphemeralKeyCompressed,
out integer p_ephemeralKeyModeCompressed, out integer p_ephemeralKeyModeCompressed,
out Oct16 p_encrypted_sym_key, out Oct16 p_encrypted_sym_key,
...@@ -248,6 +252,7 @@ module LibItsSecurity_Functions { ...@@ -248,6 +252,7 @@ module LibItsSecurity_Functions {
p_toBeEncryptedSecuredMessage, p_toBeEncryptedSecuredMessage,
p_recipientsPublicKeyCompressed, p_recipientsPublicKeyCompressed,
p_compressedMode, p_compressedMode,
p_salt,
p_publicEphemeralKeyCompressed, p_publicEphemeralKeyCompressed,
p_ephemeralKeyModeCompressed, p_ephemeralKeyModeCompressed,
p_encrypted_sym_key, p_encrypted_sym_key,
...@@ -276,7 +281,8 @@ module LibItsSecurity_Functions { ...@@ -276,7 +281,8 @@ module LibItsSecurity_Functions {
in integer p_ephemeralKeyModeCompressed, in integer p_ephemeralKeyModeCompressed,
in Oct16 p_encrypted_sym_key, in Oct16 p_encrypted_sym_key,
in Oct16 p_authentication_vector, in Oct16 p_authentication_vector,
in Oct12 p_nonce in Oct12 p_nonce,
in octetstring p_salt
) return octetstring { ) return octetstring {
return fx_decryptWithEciesNistp256WithSha256( return fx_decryptWithEciesNistp256WithSha256(
p_encryptedSecuredMessage, p_encryptedSecuredMessage,
...@@ -285,7 +291,8 @@ module LibItsSecurity_Functions { ...@@ -285,7 +291,8 @@ module LibItsSecurity_Functions {
p_ephemeralKeyModeCompressed, p_ephemeralKeyModeCompressed,
p_encrypted_sym_key, p_encrypted_sym_key,
p_authentication_vector, p_authentication_vector,
p_nonce p_nonce,
p_salt
); );
} // End of function f_decryptWithEcdsaNistp256WithSha256 } // End of function f_decryptWithEcdsaNistp256WithSha256
...@@ -2307,6 +2314,12 @@ module LibItsSecurity_Functions { ...@@ -2307,6 +2314,12 @@ module LibItsSecurity_Functions {
*/ */
external function fx_test_decrypt_aes_128_ccm_test(in octetstring p_k, in octetstring p_n, in octetstring p_pt) return octetstring; external function fx_test_decrypt_aes_128_ccm_test(in octetstring p_k, in octetstring p_n, in octetstring p_pt) return octetstring;
/**
* @desc Test function the validate AES128 CCM encryption based on AES-GCM-256
* @return The decrypted test
*/
external function fx_test_encrypt_aes_128_gcm_test(in octetstring p_k, in octetstring p_n, in octetstring p_pt) return octetstring;
/** /**
* @desc Produces a Elliptic Curve Digital Encrytion Algorithm (ECIES) encryption using Nist-P256 algorithm * @desc Produces a Elliptic Curve Digital Encrytion Algorithm (ECIES) encryption using Nist-P256 algorithm
* @param p_toBeEncryptedSecuredMessage The data to be encrypted * @param p_toBeEncryptedSecuredMessage The data to be encrypted
...@@ -2319,8 +2332,9 @@ module LibItsSecurity_Functions { ...@@ -2319,8 +2332,9 @@ module LibItsSecurity_Functions {
* @param p_nonce The nonce vector of the AES 128 CCM symmetric key encryption * @param p_nonce The nonce vector of the AES 128 CCM symmetric key encryption
* @return The encrypted message * @return The encrypted message
*/ */
external function fx_encryptWithEciesNistp256WithSha256(in octetstring p_toBeEncryptedSecuredMessage, in Oct32 p_recipientsPublicKeyCompressed, in integer p_compressedMode, out Oct32 p_publicEphemeralKeyCompressed, out integer p_ephemeralKeyModeCompressed, out Oct16 p_encrypted_sym_key, out Oct16 p_authentication_vector, out Oct12 p_nonce) return octetstring; external function fx_encryptWithEciesNistp256WithSha256(in octetstring p_toBeEncryptedSecuredMessage, in Oct32 p_recipientsPublicKeyCompressed, in integer p_compressedMode, in octetstring p_salt, out Oct32 p_publicEphemeralKeyCompressed, out integer p_ephemeralKeyModeCompressed, out Oct16 p_encrypted_sym_key, out Oct16 p_authentication_vector, out Oct12 p_nonce) return octetstring;
external function fx_test_encryptWithEciesNistp256WithSha256(in octetstring p_toBeEncryptedSecuredMessage, in Oct32 p_privateEphemeralKey, in Oct32 p_recipientPublicKeyX, in Oct32 p_recipientPublicKeyY, in octetstring p_salt, out Oct32 p_publicEphemeralKeyX, out Oct32 p_publicEphemeralKeyY, out Oct16 p_encrypted_sym_key, out Oct16 p_authentication_vector, out Oct12 p_nonce) return octetstring;
/** /**
* @desc Produces a Elliptic Curve Digital Encrytion Algorithm (ECIES) decryption using Nist-P256 algorithm * @desc Produces a Elliptic Curve Digital Encrytion Algorithm (ECIES) decryption using Nist-P256 algorithm
* @param p_encryptedSecuredMessage The data to be decrypted * @param p_encryptedSecuredMessage The data to be decrypted
...@@ -2331,7 +2345,7 @@ module LibItsSecurity_Functions { ...@@ -2331,7 +2345,7 @@ module LibItsSecurity_Functions {
* @param p_nonce The nonce vector of the AES 128 CCM symmetric key encryption * @param p_nonce The nonce vector of the AES 128 CCM symmetric key encryption
* @return The decrypted message * @return The decrypted message
*/ */
external function fx_decryptWithEciesNistp256WithSha256(in octetstring p_encryptedSecuredMessage, in Oct32 p_privateEncKey, in Oct32 p_publicEphemeralKeyCompressed, in integer p_ephemeralKeyModeCompressed, in Oct16 p_encrypted_sym_key, in Oct16 p_authentication_vector, in Oct12 p_nonce) return octetstring; external function fx_decryptWithEciesNistp256WithSha256(in octetstring p_encryptedSecuredMessage, in Oct32 p_privateEncKey, in Oct32 p_publicEphemeralKeyCompressed, in integer p_ephemeralKeyModeCompressed, in Oct16 p_encrypted_sym_key, in Oct16 p_authentication_vector, in Oct12 p_nonce, in octetstring p_salt) return octetstring;
/** /**
* @desc Produces a Elliptic Curve Digital Encrytion Algorithm (ECIES) encryption using Brainpool-P256 algorithm * @desc Produces a Elliptic Curve Digital Encrytion Algorithm (ECIES) encryption using Brainpool-P256 algorithm
......