Skip to content
GitLab
Commits (1)
Show whitespace changes
Inline Side-by-side
ttcn/Pki/LibItsPki_Functions.ttcn
View file @ b8fe1ca2
...@@ -78,7 +78,8 @@ module LibItsPki_Functions { ...@@ -78,7 +78,8 @@ module LibItsPki_Functions {
* @param p_certificateId The certificate identifier the TA shall use in case of secured IUT * @param p_certificateId The certificate identifier the TA shall use in case of secured IUT
*/ */
function f_cfHttpUp( function f_cfHttpUp(
in charstring p_certificateId := "CERT_TS_A_EA" // TODO Use a constant in charstring p_certificateId := "CERT_TS_A_EA", // TODO Use a constant
in charstring p_peerCertificateId := "CERT_IUT_A_EA"
) runs on ItsPkiHttp /* TITAN TODO: system ItsPkiHttpSystem */ { ) runs on ItsPkiHttp /* TITAN TODO: system ItsPkiHttpSystem */ {
map(self:httpPort, system:httpPort); map(self:httpPort, system:httpPort);
...@@ -92,7 +93,9 @@ module LibItsPki_Functions { ...@@ -92,7 +93,9 @@ module LibItsPki_Functions {
f_prepareCertificates(p_certificateId, vc_aaCertificate, vc_atCertificate); f_prepareCertificates(p_certificateId, vc_aaCertificate, vc_atCertificate);
f_readCertificate(p_certificateId, vc_eaCertificate); f_readCertificate(p_certificateId, vc_eaCertificate);
f_readSigningKey(p_certificateId, vc_eaPrivateKey); f_readSigningKey(p_certificateId, vc_eaPrivateKey);
f_readEncryptingKey(p_certificateId, vc_eaPrivateEncKey);
f_getCertificateDigest(p_certificateId, vc_eaHashedId8); f_getCertificateDigest(p_certificateId, vc_eaHashedId8);
f_getCertificateHash(p_peerCertificateId, vc_eaPeerWholeHash);
} // End of function f_cfHttpUp } // End of function f_cfHttpUp
/** /**
...@@ -162,13 +165,47 @@ module LibItsPki_Functions { ...@@ -162,13 +165,47 @@ module LibItsPki_Functions {
} // End of group ac_port } // End of group ac_port
group http {
function f_http_build_enrolment_request(
out octetstring p_private_key,
out octetstring p_publicKeyX,
out octetstring p_publicKeyY,
out octetstring p_publicKeyCompressed,
out integer p_compressedMode,
out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data
) runs on ItsPkiHttp {
var InnerEcRequest v_inner_ec_request;
var Ieee1609Dot2Data v_inner_ec_request_signed_for_pop;
var bitstring v_inner_ec_request_signed_for_pop_msg;
if (f_generate_inner_ec_request(p_private_key, p_publicKeyX, p_publicKeyY, p_publicKeyCompressed, p_compressedMode, v_inner_ec_request) == false) {
log("*** f_http_build_enrolment_request: ERROR: Failed to generate InnerEcRequest ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
// Generate InnerEcRequestSignedForPoP
if (f_generate_inner_ec_request_signed_for_pop(p_private_key, v_inner_ec_request, v_inner_ec_request_signed_for_pop) == false) {
log("*** f_http_build_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
// Secure InnerEcRequestSignedForPoP message
v_inner_ec_request_signed_for_pop_msg := encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop));
if (f_build_pki_secured_message(vc_eaPrivateKey, valueof(m_signerIdentifier_self), vc_eaHashedId8, p_publicKeyCompressed, p_compressedMode, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data) == false) {
log("*** f_http_build_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
log("*** f_http_build_enrolment_request: DEBUF: p_ieee1609dot2_signed_and_encrypted_data = ", p_ieee1609dot2_signed_and_encrypted_data);
} // End of function f_http_build_enrolment_request
} // End of group http
group inner_ec_xxx { group inner_ec_xxx {
function f_generate_inner_ec_request( function f_generate_inner_ec_request(
out Oct32 p_private_key, out octetstring p_private_key,
out Oct32 p_publicKeyX, out octetstring p_publicKeyX,
out Oct32 p_publicKeyY, out octetstring p_publicKeyY,
out Oct32 p_publicKeyCompressed, out octetstring p_publicKeyCompressed,
out integer p_compressedMode, out integer p_compressedMode,
out InnerEcRequest p_inner_ec_request out InnerEcRequest p_inner_ec_request
) return boolean { ) return boolean {
...@@ -223,7 +260,7 @@ module LibItsPki_Functions { ...@@ -223,7 +260,7 @@ module LibItsPki_Functions {
} // End of function f_generate_inner_ec_request } // End of function f_generate_inner_ec_request
function f_generate_inner_ec_request_signed_for_pop( function f_generate_inner_ec_request_signed_for_pop(
in Oct32 p_private_key, in octetstring p_private_key,
in InnerEcRequest p_inner_ec_request, in InnerEcRequest p_inner_ec_request,
out Ieee1609Dot2Data p_inner_ec_request_signed_for_pop out Ieee1609Dot2Data p_inner_ec_request_signed_for_pop
) return boolean { ) return boolean {
...@@ -231,7 +268,7 @@ module LibItsPki_Functions { ...@@ -231,7 +268,7 @@ module LibItsPki_Functions {
var template (value) EccP256CurvePoint v_eccP256_curve_point; var template (value) EccP256CurvePoint v_eccP256_curve_point;
var octetstring v_encoded_inner_ec_request; var octetstring v_encoded_inner_ec_request;
var template (value) ToBeSignedData v_tbs; var template (value) ToBeSignedData v_tbs;
var Oct32 v_tbs_signed; var octetstring v_tbs_signed;
// Encode it // Encode it
v_encoded_inner_ec_request := bit2oct(encvalue(p_inner_ec_request)); v_encoded_inner_ec_request := bit2oct(encvalue(p_inner_ec_request));
...@@ -269,6 +306,24 @@ module LibItsPki_Functions { ...@@ -269,6 +306,24 @@ module LibItsPki_Functions {
return true; return true;
} // End of function f_generate_inner_ec_request_signed_for_pop } // End of function f_generate_inner_ec_request_signed_for_pop
function f_generate_inner_ec_response(
in octetstring p_inner_ec_request_hashed_id,
in EtsiTs103097Certificate p_certificate,
out InnerEcResponse p_inner_ec_response
) return boolean {
// Local variables
// Build the Proof of Possession InnerEcResponse
p_inner_ec_response := valueof(
m_innerEcResponse_ok(
substr(p_inner_ec_request_hashed_id, 0, 16),
p_certificate
)
);
return true;
} // End of function f_generate_inner_ec_response
} // End of group inner_ec_xxx } // End of group inner_ec_xxx
group pki_functions { group pki_functions {
...@@ -289,7 +344,7 @@ module LibItsPki_Functions { ...@@ -289,7 +344,7 @@ module LibItsPki_Functions {
in octetstring p_private_key, in octetstring p_private_key,
in SignerIdentifier p_signer_identifier, in SignerIdentifier p_signer_identifier,
in HashedId8 p_recipientId, in HashedId8 p_recipientId,
in Oct32 p_publicKeyCompressed, in octetstring p_publicKeyCompressed,
in integer p_compressedMode, in integer p_compressedMode,
in octetstring p_pki_message, in octetstring p_pki_message,
out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data
...@@ -297,14 +352,14 @@ module LibItsPki_Functions { ...@@ -297,14 +352,14 @@ module LibItsPki_Functions {
// Local variables // Local variables
var template (value) EccP256CurvePoint v_eccP256_curve_point; var template (value) EccP256CurvePoint v_eccP256_curve_point;
var template (value) ToBeSignedData v_tbs; var template (value) ToBeSignedData v_tbs;
var Oct32 v_tbs_signed; var octetstring v_tbs_signed;
var template (value) Ieee1609Dot2Data v_ieee1609dot2_signed_data; var template (value) Ieee1609Dot2Data v_ieee1609dot2_signed_data;
var octetstring v_encoded_inner_ec_request; var octetstring v_encoded_inner_ec_request;
var Oct12 v_nonce; var Oct12 v_nonce;
var Oct16 v_authentication_vector; var Oct16 v_authentication_vector;
var Oct16 v_encrypted_sym_key; var Oct16 v_encrypted_sym_key;
var HashedId8 v_recipientId; var HashedId8 v_recipientId;
var Oct32 v_publicEphemeralKeyCompressed; var octetstring v_publicEphemeralKeyCompressed;
var integer v_ephemeralKeyModeCompressed; var integer v_ephemeralKeyModeCompressed;
var octetstring v_encrypted_inner_ec_request; var octetstring v_encrypted_inner_ec_request;
...@@ -386,23 +441,59 @@ module LibItsPki_Functions { ...@@ -386,23 +441,59 @@ module LibItsPki_Functions {
return true; return true;
} // End of function f_build_pki_secured_message } // End of function f_build_pki_secured_message
function f_generate_inner_ec_response( function f_verify_pki_message(
in Oct32 p_inner_ec_request_hashed_id, in octetstring v_private_enc_key,
in EtsiTs103097Certificate p_certificate, in octetstring p_issuer,
out InnerEcResponse p_inner_ec_response in Certificate p_peer_certificate,
in Ieee1609Dot2Data p_ieee1609dot2_encrypted_and_signed_data,
in boolean p_check_signature := true,
out EtsiTs102941Data p_etsi_ts_102941_data
) return boolean { ) return boolean {
// Local variables // Local variables
var Ieee1609Dot2Data v_ieee1609dot2_signed_data;
var bitstring v_etsi_ts_102941_data_msg;
var bitstring v_tbs;
var boolean v_ret;
// Build the Proof of Possession InnerEcResponse // 1. Decrypt the data
p_inner_ec_response := valueof( if (f_decrypt(v_private_enc_key, p_ieee1609dot2_encrypted_and_signed_data, v_ieee1609dot2_signed_data) == false) {
m_innerEcResponse_ok( return false;
substr(p_inner_ec_request_hashed_id, 0, 16), }
p_certificate log("v_ieee1609dot2_signed_data= ", v_ieee1609dot2_signed_data);
)
); // 2. Check the signature
v_tbs := encvalue(v_ieee1609dot2_signed_data.content.signedData.tbsData);
if (ischosen(p_peer_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0)) {
v_ret := f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_tbs),
p_issuer,
v_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
p_peer_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0,
0);
} else {
v_ret := f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_tbs),
p_issuer,
v_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
p_peer_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_1,
1);
}
if ((v_ret == false) and (p_check_signature == true)) {
return false;
}
// 3. Retrun the PKI message
v_etsi_ts_102941_data_msg := oct2bit(v_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData);
if (decvalue(v_etsi_ts_102941_data_msg, p_etsi_ts_102941_data) != 0) {
return false;
}
if (p_etsi_ts_102941_data.version != PkiProtocolVersion) {
return false;
}
return true; return true;
} // End of function f_generate_inner_ec_response } // End of function f_verify_pki_message
} // End of group inner_ec_xxx } // End of group inner_ec_xxx
......
ttcn/Pki/LibItsPki_TestSystem.ttcn
View file @ b8fe1ca2
...@@ -72,8 +72,10 @@ module LibItsPki_TestSystem { ...@@ -72,8 +72,10 @@ module LibItsPki_TestSystem {
type component ItsPkiHttp extends ItsSecurityBaseComponent, HttpComponent { type component ItsPkiHttp extends ItsSecurityBaseComponent, HttpComponent {
var Certificate vc_eaCertificate; /** Test Adapter EA certificate */ var Certificate vc_eaCertificate; /** Test Adapter EA certificate */
var octetstring vc_eaPrivateKey; /** Test Adapter EA proivate key for signature */ var octetstring vc_eaPrivateKey; /** Test Adapter EA private key for signature */
var HashedId8 vc_eaHashedId8; /** Test Adapter EA HashedId8 for RecipientId */ var octetstring vc_eaPrivateEncKey; /** Test Adapter EA private key for encryption */
var HashedId8 vc_eaHashedId8; /** Test Adapter EA HashedId8 for decryption of IUT's response */
var octetstring vc_eaPeerWholeHash; /** IUT EA whole-hash for signature check */
} // End of component ItsPki } // End of component ItsPki
type component ItsPkiItss extends ItsGeoNetworking { type component ItsPkiItss extends ItsGeoNetworking {
......
ttcn/Pki/LibItsPki_TypesAndValues.ttcn
View file @ b8fe1ca2
...@@ -10,6 +10,12 @@ ...@@ -10,6 +10,12 @@
*/ */
module LibItsPki_TypesAndValues { module LibItsPki_TypesAndValues {
group constants {
const integer PkiProtocolVersion := 1;
} // End of group constants
group acPrimitives { group acPrimitives {
/** /**
......