Skip to content
GitLab
Projects
Groups
Topics
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
TTCN-3 Libraries
LibIts
Compare revisions
3c0c0de3330be31a4a670518770d7ef20dacf245...969b2095a7263b6f5f405650d2d985b92b587d47
Commits (1)
ITS CMS-7 Plugtest bug fixes
· 969b2095
YannGarcia
authored
Nov 04, 2019
969b2095
Show whitespace changes
Inline
Side-by-side
ttcn/Pki/LibItsPki_Functions.ttcn
View file @
969b2095
...
@@ -152,7 +152,7 @@ module LibItsPki_Functions {
...
@@ -152,7 +152,7 @@ module LibItsPki_Functions {
if
(
PICS_MULTIPLE_END_POINT
==
false
)
{
if
(
PICS_MULTIPLE_END_POINT
==
false
)
{
map
(
self
:
httpPort
,
system
:
httpPort
);
map
(
self
:
httpPort
,
system
:
httpPort
);
}
else
{
}
else
{
map
(
self
:
http
Ec
Port
,
system
:
http
Ec
Port
);
map
(
self
:
http
At
Port
,
system
:
http
At
Port
);
}
}
f_initialiseSecuredMode
(
p_ea_certificate_id
,
p_aa_certificate_id
);
// TODO To be removed???
f_initialiseSecuredMode
(
p_ea_certificate_id
,
p_aa_certificate_id
);
// TODO To be removed???
...
@@ -182,7 +182,7 @@ module LibItsPki_Functions {
...
@@ -182,7 +182,7 @@ module LibItsPki_Functions {
if
(
PICS_MULTIPLE_END_POINT
==
false
)
{
if
(
PICS_MULTIPLE_END_POINT
==
false
)
{
activate
(
a_default_pki_http
());
activate
(
a_default_pki_http
());
}
else
{
}
else
{
activate
(
a_default_pki_http_
ec
());
activate
(
a_default_pki_http_
at
());
}
}
}
// End of function f_cfHttpUp_itss
}
// End of function f_cfHttpUp_itss
...
@@ -199,7 +199,6 @@ module LibItsPki_Functions {
...
@@ -199,7 +199,6 @@ module LibItsPki_Functions {
map
(
self
:
httpPort
,
system
:
httpPort
);
map
(
self
:
httpPort
,
system
:
httpPort
);
}
else
{
}
else
{
map
(
self
:
httpAtVPort
,
system
:
httpAtVPort
);
map
(
self
:
httpAtVPort
,
system
:
httpAtVPort
);
map
(
self
:
httpAtPort
,
system
:
httpAtPort
);
}
}
f_initialiseSecuredMode
(
p_ea_certificate_id
,
p_aa_certificate_id
);
// TODO To be removed???
f_initialiseSecuredMode
(
p_ea_certificate_id
,
p_aa_certificate_id
);
// TODO To be removed???
...
@@ -296,7 +295,7 @@ module LibItsPki_Functions {
...
@@ -296,7 +295,7 @@ module LibItsPki_Functions {
if
(
PICS_MULTIPLE_END_POINT
==
false
)
{
if
(
PICS_MULTIPLE_END_POINT
==
false
)
{
unmap
(
self
:
httpPort
,
system
:
httpPort
);
unmap
(
self
:
httpPort
,
system
:
httpPort
);
}
else
{
}
else
{
unmap
(
self
:
http
Ec
Port
,
system
:
http
Ec
Port
);
unmap
(
self
:
http
At
Port
,
system
:
http
At
Port
);
}
}
f_disconnect4SelfOrClientSync
();
f_disconnect4SelfOrClientSync
();
f_uninitialiseSecuredMode
();
f_uninitialiseSecuredMode
();
...
@@ -310,7 +309,6 @@ module LibItsPki_Functions {
...
@@ -310,7 +309,6 @@ module LibItsPki_Functions {
unmap
(
self
:
httpPort
,
system
:
httpPort
);
unmap
(
self
:
httpPort
,
system
:
httpPort
);
}
else
{
}
else
{
unmap
(
self
:
httpAtVPort
,
system
:
httpAtVPort
);
unmap
(
self
:
httpAtVPort
,
system
:
httpAtVPort
);
unmap
(
self
:
httpAtPort
,
system
:
httpAtPort
);
}
}
f_disconnect4SelfOrClientSync
();
f_disconnect4SelfOrClientSync
();
f_uninitialiseSecuredMode
();
f_uninitialiseSecuredMode
();
...
@@ -1116,6 +1114,7 @@ module LibItsPki_Functions {
...
@@ -1116,6 +1114,7 @@ module LibItsPki_Functions {
in
boolean
p_alter_ea_id
:=
false
,
in
boolean
p_alter_ea_id
:=
false
,
in
template
(
omit
)
Time32
p_start
:=
omit
,
in
template
(
omit
)
Time32
p_start
:=
omit
,
in
template
(
omit
)
Duration
p_duration
:=
omit
,
in
template
(
omit
)
Duration
p_duration
:=
omit
,
in
template
(
omit
)
Time64
p_generation_time
:=
omit
,
out
octetstring
p_private_key
,
out
octetstring
p_private_key
,
out
octetstring
p_public_key_compressed
,
out
octetstring
p_public_key_compressed
,
out
integer
p_compressed_key_mode
,
out
integer
p_compressed_key_mode
,
...
@@ -1151,7 +1150,7 @@ module LibItsPki_Functions {
...
@@ -1151,7 +1150,7 @@ module LibItsPki_Functions {
log
(
"f_http_build_authorization_request_with_wrong_parameters: Altered eaId= "
,
v_ea_hashed_id8
);
log
(
"f_http_build_authorization_request_with_wrong_parameters: Altered eaId= "
,
v_ea_hashed_id8
);
v_ret_code
:=
f_generate_inner_at_request
(
vc_aaCertificate
,
vc_aaHashedId8
,
vc_eaCertificate
,
vc_eaWholeHash
/*salt*/
,
v_ea_hashed_id8
,
p_ec_certificate
,
p_ec_private_key
,
p_private_key
,
p_public_key_compressed
,
p_compressed_key_mode
,
p_private_enc_key
,
p_public_compressed_enc_key
,
p_compressed_enc_key_mode
,
v_inner_at_request
);
v_ret_code
:=
f_generate_inner_at_request
(
vc_aaCertificate
,
vc_aaHashedId8
,
vc_eaCertificate
,
vc_eaWholeHash
/*salt*/
,
v_ea_hashed_id8
,
p_ec_certificate
,
p_ec_private_key
,
p_private_key
,
p_public_key_compressed
,
p_compressed_key_mode
,
p_private_enc_key
,
p_public_compressed_enc_key
,
p_compressed_enc_key_mode
,
v_inner_at_request
);
}
else
{
}
else
{
v_ret_code
:=
f_generate_inner_at_request_with_wrong_parameters
(
vc_aaCertificate
,
vc_aaHashedId8
,
vc_eaCertificate
,
vc_eaWholeHash
/*salt*/
,
vc_eaHashedId8
,
p_ec_certificate
,
p_ec_private_key
,
p_alter_hmac
,
p_alter_signer_digest
,
p_start
,
p_duration
,
p_private_key
,
p_public_key_compressed
,
p_compressed_key_mode
,
p_private_enc_key
,
p_public_compressed_enc_key
,
p_compressed_enc_key_mode
,
v_inner_at_request
);
v_ret_code
:=
f_generate_inner_at_request_with_wrong_parameters
(
vc_aaCertificate
,
vc_aaHashedId8
,
vc_eaCertificate
,
vc_eaWholeHash
/*salt*/
,
vc_eaHashedId8
,
p_ec_certificate
,
p_ec_private_key
,
p_alter_hmac
,
p_alter_signer_digest
,
p_start
,
p_duration
,
p_generation_time
,
p_private_key
,
p_public_key_compressed
,
p_compressed_key_mode
,
p_private_enc_key
,
p_public_compressed_enc_key
,
p_compressed_enc_key_mode
,
v_inner_at_request
);
}
}
if
(
v_ret_code
==
false
)
{
if
(
v_ret_code
==
false
)
{
log
(
"*** f_http_build_authorization_request_with_wrong_parameters: ERROR: Failed to generate AuthorizationValidationRequest ***"
);
log
(
"*** f_http_build_authorization_request_with_wrong_parameters: ERROR: Failed to generate AuthorizationValidationRequest ***"
);
...
@@ -1387,7 +1386,7 @@ module LibItsPki_Functions {
...
@@ -1387,7 +1386,7 @@ module LibItsPki_Functions {
}
// End of function f_http_build_invalid_authorization_validation_request
}
// End of function f_http_build_invalid_authorization_validation_request
function
f_http_build_authorization_validation_response
(
function
f_http_build_authorization_validation_response
(
in
Inner
AtRequest
p_
inner
_at_request
,
in
Shared
AtRequest
p_
shared
_at_request
,
in
AuthorizationValidationResponseCode
p_responseCode
:=
ok
,
in
AuthorizationValidationResponseCode
p_responseCode
:=
ok
,
in
Oct16
p_request_hash
,
in
Oct16
p_request_hash
,
in
octetstring
p_private_key
:=
''
O
,
in
octetstring
p_private_key
:=
''
O
,
...
@@ -1404,7 +1403,7 @@ module LibItsPki_Functions {
...
@@ -1404,7 +1403,7 @@ module LibItsPki_Functions {
var
EtsiTs103097Certificate
v_at_certificate
;
var
EtsiTs103097Certificate
v_at_certificate
;
var
boolean
p_result
:=
false
;
var
boolean
p_result
:=
false
;
log
(
">>> f_http_build_authorization_validation_response: p_
inner
_at_request= "
,
p_
inner
_at_request
);
log
(
">>> f_http_build_authorization_validation_response: p_
shared
_at_request= "
,
p_
shared
_at_request
);
log
(
">>> f_http_build_authorization_validation_response: p_responseCode= "
,
p_responseCode
);
log
(
">>> f_http_build_authorization_validation_response: p_responseCode= "
,
p_responseCode
);
log
(
">>> f_http_build_authorization_validation_response: p_request_hash= "
,
p_request_hash
);
log
(
">>> f_http_build_authorization_validation_response: p_request_hash= "
,
p_request_hash
);
log
(
">>> f_http_build_authorization_validation_response: p_private_key= "
,
p_private_key
);
log
(
">>> f_http_build_authorization_validation_response: p_private_key= "
,
p_private_key
);
...
@@ -1423,7 +1422,7 @@ module LibItsPki_Functions {
...
@@ -1423,7 +1422,7 @@ module LibItsPki_Functions {
}
else
{
}
else
{
p_authorization_validation_response
:=
valueof
(
m_authorizationValidationResponse_ok
(
p_authorization_validation_response
:=
valueof
(
m_authorizationValidationResponse_ok
(
p_request_hash
,
p_request_hash
,
p_
inner_at_request
.
shared
AtR
equest
.
requestedSubjectAttributes
p_shared
_at_r
equest
.
requestedSubjectAttributes
)
)
);
);
}
}
...
@@ -1919,16 +1918,16 @@ module LibItsPki_Functions {
...
@@ -1919,16 +1918,16 @@ module LibItsPki_Functions {
}
}
p_inner_ec_request
:=
valueof
(
p_inner_ec_request
:=
valueof
(
m_innerEcRequest
(
m_innerEcRequest
(
PICS_ITS_S_CANONICAL_ID
,
p_canonical_id
,
m_publicKeys
(
m_publicKeys
(
v_public_verification_key
v_public_verification_key
),
),
m_certificateSubjectAttributes_id_name
(
m_certificateSubjectAttributes_id_name
(
oct2char
(
p_canonical_id
),
oct2char
(
PICS_ITS_S_CANONICAL_ID
),
p_appPermissions
,
// ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
p_appPermissions
,
// ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
m_validityPeriod
(
m_validityPeriod
(
p_start
,
p_start
,
m
_duration
_in_hours
(
PX_GENERATED_CERTIFICATE_DURATION
)
p
_duration
),
),
m_geographicRegion_identifiedRegion
(
m_geographicRegion_identifiedRegion
(
{
{
...
@@ -2181,7 +2180,7 @@ module LibItsPki_Functions {
...
@@ -2181,7 +2180,7 @@ module LibItsPki_Functions {
v_key_tag
,
// Calculated keyTag
v_key_tag
,
// Calculated keyTag
valueof
(
valueof
(
m_certificate_subject_attributes
(
// FIXME Review subjectPermissions
m_certificate_subject_attributes
(
// FIXME Review subjectPermissions
v_appPermissions
,
//p_ec_certificate.toBeSigned.appPermissions,
v_appPermissions
,
p_ec_certificate
.
toBeSigned
.
certRequestPermissions
,
p_ec_certificate
.
toBeSigned
.
certRequestPermissions
,
{
none_
:=
NULL
},
//p_ec_certificate.toBeSigned.id,
{
none_
:=
NULL
},
//p_ec_certificate.toBeSigned.id,
p_ec_certificate
.
toBeSigned
.
validityPeriod
,
p_ec_certificate
.
toBeSigned
.
validityPeriod
,
...
@@ -2426,6 +2425,7 @@ module LibItsPki_Functions {
...
@@ -2426,6 +2425,7 @@ module LibItsPki_Functions {
in
boolean
p_alter_signer_digest
:=
false
,
in
boolean
p_alter_signer_digest
:=
false
,
in
template
(
omit
)
Time32
p_start
:=
omit
,
in
template
(
omit
)
Time32
p_start
:=
omit
,
in
template
(
omit
)
Duration
p_duration
:=
omit
,
in
template
(
omit
)
Duration
p_duration
:=
omit
,
in
template
(
omit
)
Time64
p_generation_time
:=
omit
,
out
octetstring
p_private_key
,
out
octetstring
p_private_key
,
out
octetstring
p_public_key_compressed
,
out
octetstring
p_public_key_compressed
,
out
integer
p_compressed_key_mode
,
out
integer
p_compressed_key_mode
,
...
@@ -2461,10 +2461,10 @@ module LibItsPki_Functions {
...
@@ -2461,10 +2461,10 @@ module LibItsPki_Functions {
var
Signature
v_signature
;
var
Signature
v_signature
;
var
Time32
v_start
;
var
Time32
v_start
;
var
Duration
v_duration
;
var
Duration
v_duration
;
/*
var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
var
SequenceOfPsidSsp
v_appPermissions
:=
{
// ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof
(
m_appPermissions
(
c_its_aid_CAM
,
{
bitmapSsp
:=
PX_INNER_AT_CERTFICATE_BITMAP_SSP_CAM
})),
valueof
(
m_appPermissions
(
c_its_aid_CAM
,
{
bitmapSsp
:=
PX_INNER_AT_CERTFICATE_BITMAP_SSP_CAM
})),
valueof
(
m_appPermissions
(
c_its_aid_DENM
,
{
bitmapSsp
:=
PX_INNER_AT_CERTFICATE_BITMAP_SSP_DENM
}))
valueof
(
m_appPermissions
(
c_its_aid_DENM
,
{
bitmapSsp
:=
PX_INNER_AT_CERTFICATE_BITMAP_SSP_DENM
}))
};
*/
};
// Generate verification keys for the certificate to be requested
// Generate verification keys for the certificate to be requested
if
(
f_generate_key_pair
(
p_private_key
,
v_public_key_x
,
v_public_key_y
,
p_public_key_compressed
,
p_compressed_key_mode
)
==
false
)
{
if
(
f_generate_key_pair
(
p_private_key
,
v_public_key_x
,
v_public_key_y
,
p_public_key_compressed
,
p_compressed_key_mode
)
==
false
)
{
...
@@ -2552,7 +2552,7 @@ module LibItsPki_Functions {
...
@@ -2552,7 +2552,7 @@ module LibItsPki_Functions {
v_key_tag
,
// Calculated keyTag
v_key_tag
,
// Calculated keyTag
valueof
(
valueof
(
m_certificate_subject_attributes
(
m_certificate_subject_attributes
(
p_ec_certificate
.
toBeSigned
.
appPermissions
,
//
v_appPermissions,
v_appPermissions
,
p_ec_certificate
.
toBeSigned
.
certRequestPermissions
,
p_ec_certificate
.
toBeSigned
.
certRequestPermissions
,
{
none_
:=
NULL
},
//p_ec_certificate.toBeSigned.id,
{
none_
:=
NULL
},
//p_ec_certificate.toBeSigned.id,
m_validityPeriod
(
v_start
,
v_duration
),
m_validityPeriod
(
v_start
,
v_duration
),
...
@@ -2566,13 +2566,23 @@ module LibItsPki_Functions {
...
@@ -2566,13 +2566,23 @@ module LibItsPki_Functions {
log
(
"f_generate_inner_at_request_with_wrong_parameters: v_hash_shared_at_request= "
,
v_hash_shared_at_request
);
log
(
"f_generate_inner_at_request_with_wrong_parameters: v_hash_shared_at_request= "
,
v_hash_shared_at_request
);
// Build the ETsiTs103097Data-SignedExternalPayload
// Build the ETsiTs103097Data-SignedExternalPayload
if
(
ispresent
(
p_generation_time
))
{
v_tbs
:=
m_toBeSignedData
(
v_tbs
:=
m_toBeSignedData
(
m_signedDataPayload_ext
(
v_hash_shared_at_request
),
// Payload containing extDataHash
m_signedDataPayload_ext
(
v_hash_shared_at_request
),
// Payload containing extDataHash
m_headerInfo_inner_pki_request
(
// HeaderInfo
m_headerInfo_inner_pki_request
(
// HeaderInfo
-
,
-
,
(
f_getCurrentTime
())
*
1000
)
//us
valueof
(
p_generation_time
)
*
1000
)
//us
);
log
(
"f_generate_inner_at_request_with_wrong_parameters: Altered generation time: v_tbs= "
,
v_tbs
);
}
else
{
v_tbs
:=
m_toBeSignedData
(
m_signedDataPayload_ext
(
v_hash_shared_at_request
),
// Payload containing extDataHash
m_headerInfo_inner_pki_request
(
// HeaderInfo
-
,
f_getCurrentTime
()
*
1000
)
//us
);
);
log
(
"f_generate_inner_at_request_with_wrong_parameters: v_tbs= "
,
v_tbs
);
log
(
"f_generate_inner_at_request_with_wrong_parameters: v_tbs= "
,
v_tbs
);
}
// Signed ToBeSigned payload using the private key of EC certificate obtained from Enrolment request
// Signed ToBeSigned payload using the private key of EC certificate obtained from Enrolment request
// In case of ITS-S privacy, v_signed_at_signature contained the data to be encrypted
// In case of ITS-S privacy, v_signed_at_signature contained the data to be encrypted
// TODO Simplify with f_signWithEcdsa
// TODO Simplify with f_signWithEcdsa
...
@@ -3588,58 +3598,9 @@ module LibItsPki_Functions {
...
@@ -3588,58 +3598,9 @@ module LibItsPki_Functions {
// 4. Verifiy signature
// 4. Verifiy signature
log
(
"f_verify_pki_request_message: v_ieee1609dot2_signed_data.content.signedData.tbsData= "
,
v_ieee1609dot2_signed_data
.
content
.
signedData
.
tbsData
);
log
(
"f_verify_pki_request_message: v_ieee1609dot2_signed_data.content.signedData.tbsData= "
,
v_ieee1609dot2_signed_data
.
content
.
signedData
.
tbsData
);
v_msg
:=
bit2oct
(
encvalue
(
v_ieee1609dot2_signed_data
.
content
.
signedData
.
tbsData
));
v_msg
:=
bit2oct
(
encvalue
(
v_ieee1609dot2_signed_data
.
content
.
signedData
.
tbsData
));
if
(
p_issuer
==
''
O
)
{
// ITS-S/OBU
if
(
p_issuer
==
''
O
)
{
var
PublicVerificationKey
v_public_verification_key
;
log
(
"f_verify_pki_request_message: Invalid issuer value"
);
log
(
"f_verify_pki_request_message: Use ITS-S technical keys"
);
if
(
PX_VE_ALG
==
e_nist_p256
)
{
var
EccP256CurvePoint
v_ecc_p256_curve_point
;
if
(
PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY
[
0
]
==
'02'O
)
{
v_ecc_p256_curve_point
:=
valueof
(
m_eccP256CurvePoint_compressed_y_0
(
substr
(
PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY
,
1
,
32
)));
}
else
{
v_ecc_p256_curve_point
:=
valueof
(
m_eccP256CurvePoint_compressed_y_1
(
substr
(
PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY
,
1
,
32
)));
}
v_public_verification_key
:=
valueof
(
m_publicVerificationKey_ecdsaNistP256
(
v_ecc_p256_curve_point
)
);
}
else
if
(
PX_VE_ALG
==
e_brainpool_p256_r1
)
{
var
EccP256CurvePoint
v_ecc_p256_curve_point
;
if
(
PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY
[
0
]
==
'02'O
)
{
v_ecc_p256_curve_point
:=
valueof
(
m_eccP256CurvePoint_compressed_y_0
(
substr
(
PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY
,
1
,
32
)));
}
else
{
v_ecc_p256_curve_point
:=
valueof
(
m_eccP256CurvePoint_compressed_y_1
(
substr
(
PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY
,
1
,
32
)));
}
v_public_verification_key
:=
valueof
(
m_publicVerificationKey_ecdsaBrainpoolP256r1
(
v_ecc_p256_curve_point
)
);
}
else
if
(
PX_VE_ALG
==
e_brainpool_p384_r1
)
{
var
EccP384CurvePoint
v_ecc_p384_curve_point
;
if
(
PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY
[
0
]
==
'02'O
)
{
v_ecc_p384_curve_point
:=
valueof
(
m_eccP384CurvePoint_compressed_y_0
(
substr
(
PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY
,
1
,
48
)));
}
else
{
v_ecc_p384_curve_point
:=
valueof
(
m_eccP384CurvePoint_compressed_y_1
(
substr
(
PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY
,
1
,
48
)));
}
v_public_verification_key
:=
valueof
(
m_publicVerificationKey_ecdsaBrainpoolP384r1
(
v_ecc_p384_curve_point
)
);
}
else
{
return
false
;
return
false
;
}
log
(
"f_verify_pki_request_message: v_public_verification_key= "
,
v_public_verification_key
);
if
(
f_verifyEcdsa
(
v_msg
,
int2oct
(
0
,
32
),
v_ieee1609dot2_signed_data
.
content
.
signedData
.
signature_
,
v_public_verification_key
)
==
false
)
{
if
(
p_check_security
==
true
)
{
return
false
;
}
}
}
else
{
}
else
{
if
(
f_getCertificateFromDigest
(
f_HashedId8FromSha256
(
p_issuer
),
v_certificate
)
==
false
)
{
if
(
f_getCertificateFromDigest
(
f_HashedId8FromSha256
(
p_issuer
),
v_certificate
)
==
false
)
{
if
(
p_check_security
==
true
)
{
if
(
p_check_security
==
true
)
{
...
@@ -3801,7 +3762,6 @@ module LibItsPki_Functions {
...
@@ -3801,7 +3762,6 @@ module LibItsPki_Functions {
}
}
// Check EC certificate signature
// Check EC certificate signature
// TODO Who sign the EC certificate?
if
(
f_verifyCertificateSignatureWithPublicKey
(
p_ec_certificate
,
p_ea_certificate
.
toBeSigned
.
verifyKeyIndicator
.
verificationKey
)
==
false
)
{
if
(
f_verifyCertificateSignatureWithPublicKey
(
p_ec_certificate
,
p_ea_certificate
.
toBeSigned
.
verifyKeyIndicator
.
verificationKey
)
==
false
)
{
log
(
"f_verify_ec_certificate: Signature not verified"
);
log
(
"f_verify_ec_certificate: Signature not verified"
);
return
false
;
return
false
;
...
@@ -3846,7 +3806,6 @@ module LibItsPki_Functions {
...
@@ -3846,7 +3806,6 @@ module LibItsPki_Functions {
}
}
// Check EC certificate signature
// Check EC certificate signature
// TODO Who sign the EC certificate?
if
(
f_verifyCertificateSignatureWithPublicKey
(
p_at_certificate
,
p_aa_certificate
.
toBeSigned
.
verifyKeyIndicator
.
verificationKey
)
==
false
)
{
if
(
f_verifyCertificateSignatureWithPublicKey
(
p_at_certificate
,
p_aa_certificate
.
toBeSigned
.
verifyKeyIndicator
.
verificationKey
)
==
false
)
{
log
(
"f_verify_at_certificate: Signature not verified"
);
log
(
"f_verify_at_certificate: Signature not verified"
);
return
false
;
return
false
;
...
...
ttcn/Pki/LibItsPki_Pics.ttcn
View file @
969b2095
...
@@ -199,6 +199,6 @@ module LibItsPki_Pics {
...
@@ -199,6 +199,6 @@ module LibItsPki_Pics {
/**
/**
* @desc Invalid Canonical ITSS-S identifier
* @desc Invalid Canonical ITSS-S identifier
*/
*/
modulepar
octetstring
PICS_INVALID_ITS_S_CANONICAL_ID
:=
'
0
A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0
A
'
O
;
modulepar
octetstring
PICS_INVALID_ITS_S_CANONICAL_ID
:=
'
BABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABAB
A
'
O
;
}
// End of module LibItsPki_Pics
}
// End of module LibItsPki_Pics
ttcn/Pki/LibItsPki_Pixits.ttcn
View file @
969b2095
...
@@ -52,6 +52,10 @@ module LibItsPki_Pixits {
...
@@ -52,6 +52,10 @@ module LibItsPki_Pixits {
modulepar
octetstring
PX_INNER_EC_CERTFICATE_INCORRECT_BITMAP_SSP_SCR
:=
'
01
FF
'
O
;
modulepar
octetstring
PX_INNER_EC_CERTFICATE_INCORRECT_BITMAP_SSP_SCR
:=
'
01
FF
'
O
;
modulepar
octetstring
PX_INNER_EC_CERTFICATE_INCORRECT_BITMAP_SSP_SCR_WRONG_VERSION
:=
'
00
C0
'
O
;
modulepar
octetstring
PX_INNER_EC_CERTFICATE_INCORRECT_BITMAP_SSP_SCR_WRONG_SSP_BIT
:=
'
0180
'
O
;
modulepar
octetstring
PX_INNER_EC_CERTFICATE_BITMAP_SSP_CAM
:=
'
830001
'
O
;
modulepar
octetstring
PX_INNER_EC_CERTFICATE_BITMAP_SSP_CAM
:=
'
830001
'
O
;
modulepar
octetstring
PX_INNER_EC_CERTFICATE_BITMAP_SSP_DENM
:=
'
830001
'
O
;
modulepar
octetstring
PX_INNER_EC_CERTFICATE_BITMAP_SSP_DENM
:=
'
830001
'
O
;
...
...
ttcn/Pki/LibItsPki_Templates.ttcn
View file @
969b2095
...
@@ -190,10 +190,16 @@ module LibItsPki_Templates {
...
@@ -190,10 +190,16 @@ module LibItsPki_Templates {
authorizationResponse
:=
p_authorizationResponse
authorizationResponse
:=
p_authorizationResponse
}
// End of template mw_authorizationResponse
}
// End of template mw_authorizationResponse
template
(
present
)
EtsiTs102941DataContent
mw_authorizationValidationRequest
(
template
(
present
)
AuthorizationValidationRequest
p_authorization_validation_request
:=
?
)
:=
{
authorizationValidationRequest
:=
p_authorization_validation_request
}
// End of template mw_authorizationValidationRequest
template
(
present
)
EtsiTs102941DataContent
mw_authorizationValidationResponse
(
template
(
present
)
EtsiTs102941DataContent
mw_authorizationValidationResponse
(
template
(
present
)
AuthorizationValidationResponse
p_authorization_alidation_response
:=
?
template
(
present
)
AuthorizationValidationResponse
p_authorization_
v
alidation_response
:=
?
)
:=
{
)
:=
{
authorizationValidationResponse
:=
p_authorization_alidation_response
authorizationValidationResponse
:=
p_authorization_
v
alidation_response
}
// End of template mw_authorizationValidationResponse
}
// End of template mw_authorizationValidationResponse
template
(
value
)
InnerEcRequest
m_innerEcRequest
(
template
(
value
)
InnerEcRequest
m_innerEcRequest
(
...
@@ -359,21 +365,21 @@ module LibItsPki_Templates {
...
@@ -359,21 +365,21 @@ module LibItsPki_Templates {
certificate
:=
omit
certificate
:=
omit
}
// End of template mw_innerAtResponse_ko
}
// End of template mw_innerAtResponse_ko
template
(
value
)
AuthorizationValidationRequest
m_authorization
V
alidation
R
equest
(
template
(
value
)
AuthorizationValidationRequest
m_authorization
_v
alidation
_r
equest
(
in
template
(
value
)
SharedAtRequest
p_sharedAtRequest
,
in
template
(
value
)
SharedAtRequest
p_sharedAtRequest
,
in
template
(
value
)
EcSignature
p_ecSignature
in
template
(
value
)
EcSignature
p_ecSignature
)
:=
{
)
:=
{
sharedAtRequest
:=
p_sharedAtRequest
,
sharedAtRequest
:=
p_sharedAtRequest
,
ecSignature
:=
p_ecSignature
ecSignature
:=
p_ecSignature
}
// End of template m_authorization
V
alidation
R
equest
}
// End of template m_authorization
_v
alidation
_r
equest
template
(
present
)
AuthorizationValidationRequest
mw_authorization
V
alidation
R
equest
(
template
(
present
)
AuthorizationValidationRequest
mw_authorization
_v
alidation
_r
equest
(
template
(
present
)
SharedAtRequest
p_sharedAtRequest
:=
?
,
template
(
present
)
SharedAtRequest
p_sharedAtRequest
:=
?
,
template
(
present
)
EcSignature
p_ecSignature
:=
?
template
(
present
)
EcSignature
p_ecSignature
:=
?
)
:=
{
)
:=
{
sharedAtRequest
:=
p_sharedAtRequest
,
sharedAtRequest
:=
p_sharedAtRequest
,
ecSignature
:=
p_ecSignature
ecSignature
:=
p_ecSignature
}
// End of template mw_authorization
V
alidation
R
equest
}
// End of template mw_authorization
_v
alidation
_r
equest
template
(
value
)
AuthorizationValidationResponse
m_authorizationValidationResponse_ok
(
template
(
value
)
AuthorizationValidationResponse
m_authorizationValidationResponse_ok
(
template
(
value
)
Oct16
p_requestHash
,
template
(
value
)
Oct16
p_requestHash
,
...
...
ttcn/Security/LibItsSecurity_Functions.ttcn
View file @
969b2095
...
@@ -2013,18 +2013,30 @@ module LibItsSecurity_Functions {
...
@@ -2013,18 +2013,30 @@ module LibItsSecurity_Functions {
function
f_verifySspPermissions
(
function
f_verifySspPermissions
(
in
SequenceOfPsidSsp
p_issuer_ssp_permissions
,
in
SequenceOfPsidSsp
p_issuer_ssp_permissions
,
in
SequenceOfPsidSsp
p_subordinate_ssp_permissions
in
SequenceOfPsidSsp
p_subordinate_ssp_permissions
,
in
boolean
p_strict_checks
:=
false
)
return
boolean
{
)
return
boolean
{
// Local variables
// Local variables
var
integer
v_idx
:=
0
;
var
integer
v_idx
:=
0
;
log
(
">>> f_verifySspPermissions: p_issuer_ssp_permissions:"
,
p_issuer_ssp_permissions
);
log
(
">>> f_verifySspPermissions: p_subordinate_ssp_permissions: "
,
p_subordinate_ssp_permissions
);
for
(
v_idx
:=
0
;
v_idx
<
lengthof
(
p_issuer_ssp_permissions
);
v_idx
:=
v_idx
+
1
)
{
for
(
v_idx
:=
0
;
v_idx
<
lengthof
(
p_issuer_ssp_permissions
);
v_idx
:=
v_idx
+
1
)
{
var
PsidSsp
v_issuerPsidSsp
:=
p_issuer_ssp_permissions
[
v_idx
];
var
PsidSsp
v_issuerPsidSsp
:=
p_issuer_ssp_permissions
[
v_idx
];
var
PsidSsp
v_subordinatePsidSsp
;
var
PsidSsp
v_subordinatePsidSsp
;
var
boolean
v_found
:=
false
;
var
boolean
v_found
:=
false
;
var
integer
v_jdx
:=
0
;
var
integer
v_jdx
:=
0
;
log
(
"f_verifySspPermissions: v_issuerPsidSsp: "
,
v_issuerPsidSsp
);
// 1. Check permission from issuer is present
// 1. Check permission from issuer is present
for
(
v_jdx
:=
0
;
v_jdx
<
lengthof
(
p_subordinate_ssp_permissions
);
v_jdx
:=
v_jdx
+
1
)
{
for
(
v_jdx
:=
0
;
v_jdx
<
lengthof
(
p_subordinate_ssp_permissions
);
v_jdx
:=
v_jdx
+
1
)
{
log
(
"f_verifySspPermissions: match="
,
match
(
v_issuerPsidSsp
,
m_appPermissions
(
p_subordinate_ssp_permissions
[
v_jdx
].
psid
,
p_subordinate_ssp_permissions
[
v_jdx
].
ssp
)));
// 1. Check the version
if
(
p_subordinate_ssp_permissions
[
v_jdx
].
ssp
.
bitmapSsp
[
0
]
!=
'01'O
)
{
log
(
"f_verifySspPermissions: Wrong SSP version control (1 is expected): "
,
p_subordinate_ssp_permissions
[
v_jdx
].
ssp
.
bitmapSsp
[
0
]);
return
false
;
}
// 2. Check the version
if
(
match
(
v_issuerPsidSsp
,
m_appPermissions
(
p_subordinate_ssp_permissions
[
v_jdx
].
psid
,
p_subordinate_ssp_permissions
[
v_jdx
].
ssp
))
==
true
)
{
if
(
match
(
v_issuerPsidSsp
,
m_appPermissions
(
p_subordinate_ssp_permissions
[
v_jdx
].
psid
,
p_subordinate_ssp_permissions
[
v_jdx
].
ssp
))
==
true
)
{
v_subordinatePsidSsp
:=
p_subordinate_ssp_permissions
[
v_jdx
];
v_subordinatePsidSsp
:=
p_subordinate_ssp_permissions
[
v_jdx
];
v_found
:=
true
;
v_found
:=
true
;
...
@@ -2033,21 +2045,31 @@ module LibItsSecurity_Functions {
...
@@ -2033,21 +2045,31 @@ module LibItsSecurity_Functions {
}
// End of 'for' statement
}
// End of 'for' statement
if
(
v_found
==
false
)
{
if
(
v_found
==
false
)
{
log
(
"f_verifySspPermissions: Permission set not found: "
,
v_issuerPsidSsp
)
log
(
"f_verifySspPermissions: Permission set not found: "
,
v_issuerPsidSsp
)
if
(
p_strict_checks
==
true
)
{
return
false
;
return
false
;
}
else
{
return
true
;
}
}
}
// 2. Validate bits mask
// 2. Validate bits mask
if
(
ispresent
(
v_issuerPsidSsp
.
ssp
))
{
if
(
ispresent
(
v_issuerPsidSsp
.
ssp
))
{
if
(
ispresent
(
v_subordinatePsidSsp
.
ssp
)
==
false
)
{
if
(
ispresent
(
v_subordinatePsidSsp
.
ssp
)
==
false
)
{
log
(
"f_verifySspPermissions: Ssp shall not be omitted: "
,
v_issuerPsidSsp
)
log
(
"f_verifySspPermissions: Ssp shall not be omitted: "
,
v_issuerPsidSsp
)
if
(
p_strict_checks
==
true
)
{
return
false
;
return
false
;
}
}
}
if
((
ischosen
(
v_issuerPsidSsp
.
ssp
.
bitmapSsp
)
==
false
)
or
(
ischosen
(
v_subordinatePsidSsp
.
ssp
.
bitmapSsp
)
==
false
))
{
if
((
ischosen
(
v_issuerPsidSsp
.
ssp
.
bitmapSsp
)
==
false
)
or
(
ischosen
(
v_subordinatePsidSsp
.
ssp
.
bitmapSsp
)
==
false
))
{
log
(
"f_verifySspPermissions: Wrong variant : "
,
v_issuerPsidSsp
.
ssp
,
" / "
,
v_subordinatePsidSsp
.
ssp
);
log
(
"f_verifySspPermissions: Wrong variant : "
,
v_issuerPsidSsp
,
" / "
,
v_subordinatePsidSsp
);
if
(
p_strict_checks
==
true
)
{
return
false
;
return
false
;
}
}
}
if
(
lengthof
(
v_issuerPsidSsp
.
ssp
.
bitmapSsp
)
<
lengthof
(
v_subordinatePsidSsp
.
ssp
.
bitmapSsp
))
{
if
(
lengthof
(
v_issuerPsidSsp
.
ssp
.
bitmapSsp
)
<
lengthof
(
v_subordinatePsidSsp
.
ssp
.
bitmapSsp
))
{
log
(
"f_verifySspPermissions: Ssp not be compliant: "
,
v_issuerPsidSsp
.
ssp
,
" / "
,
v_subordinatePsidSsp
.
ssp
);
log
(
"f_verifySspPermissions: Ssp not be compliant: "
,
v_issuerPsidSsp
.
ssp
,
" / "
,
v_subordinatePsidSsp
.
ssp
);
if
(
p_strict_checks
==
true
)
{
return
false
;
return
false
;
}
}
else
{
}
else
{
var
charstring
v_issuerSsp
:=
bit2str
(
oct2bit
(
v_issuerPsidSsp
.
ssp
.
bitmapSsp
));
var
charstring
v_issuerSsp
:=
bit2str
(
oct2bit
(
v_issuerPsidSsp
.
ssp
.
bitmapSsp
));
var
charstring
v_subordinateSsp
:=
bit2str
(
oct2bit
(
v_subordinatePsidSsp
.
ssp
.
bitmapSsp
));
var
charstring
v_subordinateSsp
:=
bit2str
(
oct2bit
(
v_subordinatePsidSsp
.
ssp
.
bitmapSsp
));
...
...