Skip to content
GitLab
Commits (1)
Show whitespace changes
Inline Side-by-side
ttcn/Pki/LibItsPki_Functions.ttcn
View file @ 969b2095
...@@ -152,7 +152,7 @@ module LibItsPki_Functions { ...@@ -152,7 +152,7 @@ module LibItsPki_Functions {
if (PICS_MULTIPLE_END_POINT == false) { if (PICS_MULTIPLE_END_POINT == false) {
map(self:httpPort, system:httpPort); map(self:httpPort, system:httpPort);
} else { } else {
map(self:httpEcPort, system:httpEcPort); map(self:httpAtPort, system:httpAtPort);
} }
f_initialiseSecuredMode(p_ea_certificate_id, p_aa_certificate_id); // TODO To be removed??? f_initialiseSecuredMode(p_ea_certificate_id, p_aa_certificate_id); // TODO To be removed???
...@@ -182,7 +182,7 @@ module LibItsPki_Functions { ...@@ -182,7 +182,7 @@ module LibItsPki_Functions {
if (PICS_MULTIPLE_END_POINT == false) { if (PICS_MULTIPLE_END_POINT == false) {
activate(a_default_pki_http()); activate(a_default_pki_http());
} else { } else {
activate(a_default_pki_http_ec()); activate(a_default_pki_http_at());
} }
} // End of function f_cfHttpUp_itss } // End of function f_cfHttpUp_itss
...@@ -199,7 +199,6 @@ module LibItsPki_Functions { ...@@ -199,7 +199,6 @@ module LibItsPki_Functions {
map(self:httpPort, system:httpPort); map(self:httpPort, system:httpPort);
} else { } else {
map(self:httpAtVPort, system:httpAtVPort); map(self:httpAtVPort, system:httpAtVPort);
map(self:httpAtPort, system:httpAtPort);
} }
f_initialiseSecuredMode(p_ea_certificate_id, p_aa_certificate_id); // TODO To be removed??? f_initialiseSecuredMode(p_ea_certificate_id, p_aa_certificate_id); // TODO To be removed???
...@@ -296,7 +295,7 @@ module LibItsPki_Functions { ...@@ -296,7 +295,7 @@ module LibItsPki_Functions {
if (PICS_MULTIPLE_END_POINT == false) { if (PICS_MULTIPLE_END_POINT == false) {
unmap(self:httpPort, system:httpPort); unmap(self:httpPort, system:httpPort);
} else { } else {
unmap(self:httpEcPort, system:httpEcPort); unmap(self:httpAtPort, system:httpAtPort);
} }
f_disconnect4SelfOrClientSync(); f_disconnect4SelfOrClientSync();
f_uninitialiseSecuredMode(); f_uninitialiseSecuredMode();
...@@ -310,7 +309,6 @@ module LibItsPki_Functions { ...@@ -310,7 +309,6 @@ module LibItsPki_Functions {
unmap(self:httpPort, system:httpPort); unmap(self:httpPort, system:httpPort);
} else { } else {
unmap(self:httpAtVPort, system:httpAtVPort); unmap(self:httpAtVPort, system:httpAtVPort);
unmap(self:httpAtPort, system:httpAtPort);
} }
f_disconnect4SelfOrClientSync(); f_disconnect4SelfOrClientSync();
f_uninitialiseSecuredMode(); f_uninitialiseSecuredMode();
...@@ -1116,6 +1114,7 @@ module LibItsPki_Functions { ...@@ -1116,6 +1114,7 @@ module LibItsPki_Functions {
in boolean p_alter_ea_id := false, in boolean p_alter_ea_id := false,
in template (omit) Time32 p_start := omit, in template (omit) Time32 p_start := omit,
in template (omit) Duration p_duration := omit, in template (omit) Duration p_duration := omit,
in template (omit) Time64 p_generation_time := omit,
out octetstring p_private_key, out octetstring p_private_key,
out octetstring p_public_key_compressed, out octetstring p_public_key_compressed,
out integer p_compressed_key_mode, out integer p_compressed_key_mode,
...@@ -1151,7 +1150,7 @@ module LibItsPki_Functions { ...@@ -1151,7 +1150,7 @@ module LibItsPki_Functions {
log("f_http_build_authorization_request_with_wrong_parameters: Altered eaId= ", v_ea_hashed_id8); log("f_http_build_authorization_request_with_wrong_parameters: Altered eaId= ", v_ea_hashed_id8);
v_ret_code := f_generate_inner_at_request(vc_aaCertificate, vc_aaHashedId8, vc_eaCertificate, vc_eaWholeHash/*salt*/, v_ea_hashed_id8, p_ec_certificate, p_ec_private_key, p_private_key, p_public_key_compressed, p_compressed_key_mode, p_private_enc_key, p_public_compressed_enc_key, p_compressed_enc_key_mode, v_inner_at_request); v_ret_code := f_generate_inner_at_request(vc_aaCertificate, vc_aaHashedId8, vc_eaCertificate, vc_eaWholeHash/*salt*/, v_ea_hashed_id8, p_ec_certificate, p_ec_private_key, p_private_key, p_public_key_compressed, p_compressed_key_mode, p_private_enc_key, p_public_compressed_enc_key, p_compressed_enc_key_mode, v_inner_at_request);
} else { } else {
v_ret_code := f_generate_inner_at_request_with_wrong_parameters(vc_aaCertificate, vc_aaHashedId8, vc_eaCertificate, vc_eaWholeHash/*salt*/, vc_eaHashedId8, p_ec_certificate, p_ec_private_key, p_alter_hmac, p_alter_signer_digest, p_start, p_duration, p_private_key, p_public_key_compressed, p_compressed_key_mode, p_private_enc_key, p_public_compressed_enc_key, p_compressed_enc_key_mode, v_inner_at_request); v_ret_code := f_generate_inner_at_request_with_wrong_parameters(vc_aaCertificate, vc_aaHashedId8, vc_eaCertificate, vc_eaWholeHash/*salt*/, vc_eaHashedId8, p_ec_certificate, p_ec_private_key, p_alter_hmac, p_alter_signer_digest, p_start, p_duration, p_generation_time, p_private_key, p_public_key_compressed, p_compressed_key_mode, p_private_enc_key, p_public_compressed_enc_key, p_compressed_enc_key_mode, v_inner_at_request);
} }
if (v_ret_code == false) { if (v_ret_code == false) {
log("*** f_http_build_authorization_request_with_wrong_parameters: ERROR: Failed to generate AuthorizationValidationRequest ***"); log("*** f_http_build_authorization_request_with_wrong_parameters: ERROR: Failed to generate AuthorizationValidationRequest ***");
...@@ -1387,7 +1386,7 @@ module LibItsPki_Functions { ...@@ -1387,7 +1386,7 @@ module LibItsPki_Functions {
} // End of function f_http_build_invalid_authorization_validation_request } // End of function f_http_build_invalid_authorization_validation_request
function f_http_build_authorization_validation_response( function f_http_build_authorization_validation_response(
in InnerAtRequest p_inner_at_request, in SharedAtRequest p_shared_at_request,
in AuthorizationValidationResponseCode p_responseCode := ok, in AuthorizationValidationResponseCode p_responseCode := ok,
in Oct16 p_request_hash, in Oct16 p_request_hash,
in octetstring p_private_key := ''O, in octetstring p_private_key := ''O,
...@@ -1404,7 +1403,7 @@ module LibItsPki_Functions { ...@@ -1404,7 +1403,7 @@ module LibItsPki_Functions {
var EtsiTs103097Certificate v_at_certificate; var EtsiTs103097Certificate v_at_certificate;
var boolean p_result := false; var boolean p_result := false;
log(">>> f_http_build_authorization_validation_response: p_inner_at_request= ", p_inner_at_request); log(">>> f_http_build_authorization_validation_response: p_shared_at_request= ", p_shared_at_request);
log(">>> f_http_build_authorization_validation_response: p_responseCode= ", p_responseCode); log(">>> f_http_build_authorization_validation_response: p_responseCode= ", p_responseCode);
log(">>> f_http_build_authorization_validation_response: p_request_hash= ", p_request_hash); log(">>> f_http_build_authorization_validation_response: p_request_hash= ", p_request_hash);
log(">>> f_http_build_authorization_validation_response: p_private_key= ", p_private_key); log(">>> f_http_build_authorization_validation_response: p_private_key= ", p_private_key);
...@@ -1423,7 +1422,7 @@ module LibItsPki_Functions { ...@@ -1423,7 +1422,7 @@ module LibItsPki_Functions {
} else { } else {
p_authorization_validation_response := valueof(m_authorizationValidationResponse_ok( p_authorization_validation_response := valueof(m_authorizationValidationResponse_ok(
p_request_hash, p_request_hash,
p_inner_at_request.sharedAtRequest.requestedSubjectAttributes p_shared_at_request.requestedSubjectAttributes
) )
); );
} }
...@@ -1919,16 +1918,16 @@ module LibItsPki_Functions { ...@@ -1919,16 +1918,16 @@ module LibItsPki_Functions {
} }
p_inner_ec_request := valueof( p_inner_ec_request := valueof(
m_innerEcRequest( m_innerEcRequest(
PICS_ITS_S_CANONICAL_ID, p_canonical_id,
m_publicKeys( m_publicKeys(
v_public_verification_key v_public_verification_key
), ),
m_certificateSubjectAttributes_id_name( m_certificateSubjectAttributes_id_name(
oct2char(p_canonical_id), oct2char(PICS_ITS_S_CANONICAL_ID),
p_appPermissions, // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs p_appPermissions, // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
m_validityPeriod( m_validityPeriod(
p_start, p_start,
m_duration_in_hours(PX_GENERATED_CERTIFICATE_DURATION) p_duration
), ),
m_geographicRegion_identifiedRegion( m_geographicRegion_identifiedRegion(
{ {
...@@ -2181,7 +2180,7 @@ module LibItsPki_Functions { ...@@ -2181,7 +2180,7 @@ module LibItsPki_Functions {
v_key_tag, // Calculated keyTag v_key_tag, // Calculated keyTag
valueof( valueof(
m_certificate_subject_attributes( // FIXME Review subjectPermissions m_certificate_subject_attributes( // FIXME Review subjectPermissions
v_appPermissions,//p_ec_certificate.toBeSigned.appPermissions, v_appPermissions,
p_ec_certificate.toBeSigned.certRequestPermissions, p_ec_certificate.toBeSigned.certRequestPermissions,
{ none_ := NULL },//p_ec_certificate.toBeSigned.id, { none_ := NULL },//p_ec_certificate.toBeSigned.id,
p_ec_certificate.toBeSigned.validityPeriod, p_ec_certificate.toBeSigned.validityPeriod,
...@@ -2426,6 +2425,7 @@ module LibItsPki_Functions { ...@@ -2426,6 +2425,7 @@ module LibItsPki_Functions {
in boolean p_alter_signer_digest := false, in boolean p_alter_signer_digest := false,
in template (omit) Time32 p_start := omit, in template (omit) Time32 p_start := omit,
in template (omit) Duration p_duration := omit, in template (omit) Duration p_duration := omit,
in template (omit) Time64 p_generation_time := omit,
out octetstring p_private_key, out octetstring p_private_key,
out octetstring p_public_key_compressed, out octetstring p_public_key_compressed,
out integer p_compressed_key_mode, out integer p_compressed_key_mode,
...@@ -2461,10 +2461,10 @@ module LibItsPki_Functions { ...@@ -2461,10 +2461,10 @@ module LibItsPki_Functions {
var Signature v_signature; var Signature v_signature;
var Time32 v_start; var Time32 v_start;
var Duration v_duration; var Duration v_duration;
/*var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof(m_appPermissions(c_its_aid_CAM, { bitmapSsp := PX_INNER_AT_CERTFICATE_BITMAP_SSP_CAM })), valueof(m_appPermissions(c_its_aid_CAM, { bitmapSsp := PX_INNER_AT_CERTFICATE_BITMAP_SSP_CAM })),
valueof(m_appPermissions(c_its_aid_DENM, { bitmapSsp := PX_INNER_AT_CERTFICATE_BITMAP_SSP_DENM })) valueof(m_appPermissions(c_its_aid_DENM, { bitmapSsp := PX_INNER_AT_CERTFICATE_BITMAP_SSP_DENM }))
};*/ };
// Generate verification keys for the certificate to be requested // Generate verification keys for the certificate to be requested
if (f_generate_key_pair(p_private_key, v_public_key_x, v_public_key_y, p_public_key_compressed, p_compressed_key_mode) == false) { if (f_generate_key_pair(p_private_key, v_public_key_x, v_public_key_y, p_public_key_compressed, p_compressed_key_mode) == false) {
...@@ -2552,7 +2552,7 @@ module LibItsPki_Functions { ...@@ -2552,7 +2552,7 @@ module LibItsPki_Functions {
v_key_tag, // Calculated keyTag v_key_tag, // Calculated keyTag
valueof( valueof(
m_certificate_subject_attributes( m_certificate_subject_attributes(
p_ec_certificate.toBeSigned.appPermissions,//v_appPermissions, v_appPermissions,
p_ec_certificate.toBeSigned.certRequestPermissions, p_ec_certificate.toBeSigned.certRequestPermissions,
{ none_ := NULL },//p_ec_certificate.toBeSigned.id, { none_ := NULL },//p_ec_certificate.toBeSigned.id,
m_validityPeriod(v_start, v_duration), m_validityPeriod(v_start, v_duration),
...@@ -2566,13 +2566,23 @@ module LibItsPki_Functions { ...@@ -2566,13 +2566,23 @@ module LibItsPki_Functions {
log("f_generate_inner_at_request_with_wrong_parameters: v_hash_shared_at_request= ", v_hash_shared_at_request); log("f_generate_inner_at_request_with_wrong_parameters: v_hash_shared_at_request= ", v_hash_shared_at_request);
// Build the ETsiTs103097Data-SignedExternalPayload // Build the ETsiTs103097Data-SignedExternalPayload
if (ispresent(p_generation_time)) {
v_tbs := m_toBeSignedData( v_tbs := m_toBeSignedData(
m_signedDataPayload_ext(v_hash_shared_at_request), // Payload containing extDataHash m_signedDataPayload_ext(v_hash_shared_at_request), // Payload containing extDataHash
m_headerInfo_inner_pki_request( // HeaderInfo m_headerInfo_inner_pki_request( // HeaderInfo
-, -,
(f_getCurrentTime()) * 1000) //us valueof(p_generation_time) * 1000) //us
);
log("f_generate_inner_at_request_with_wrong_parameters: Altered generation time: v_tbs= ", v_tbs);
} else {
v_tbs := m_toBeSignedData(
m_signedDataPayload_ext(v_hash_shared_at_request), // Payload containing extDataHash
m_headerInfo_inner_pki_request( // HeaderInfo
-,
f_getCurrentTime() * 1000) //us
); );
log("f_generate_inner_at_request_with_wrong_parameters: v_tbs= ", v_tbs); log("f_generate_inner_at_request_with_wrong_parameters: v_tbs= ", v_tbs);
}
// Signed ToBeSigned payload using the private key of EC certificate obtained from Enrolment request // Signed ToBeSigned payload using the private key of EC certificate obtained from Enrolment request
// In case of ITS-S privacy, v_signed_at_signature contained the data to be encrypted // In case of ITS-S privacy, v_signed_at_signature contained the data to be encrypted
// TODO Simplify with f_signWithEcdsa // TODO Simplify with f_signWithEcdsa
...@@ -3588,58 +3598,9 @@ module LibItsPki_Functions { ...@@ -3588,58 +3598,9 @@ module LibItsPki_Functions {
// 4. Verifiy signature // 4. Verifiy signature
log("f_verify_pki_request_message: v_ieee1609dot2_signed_data.content.signedData.tbsData= ", v_ieee1609dot2_signed_data.content.signedData.tbsData); log("f_verify_pki_request_message: v_ieee1609dot2_signed_data.content.signedData.tbsData= ", v_ieee1609dot2_signed_data.content.signedData.tbsData);
v_msg := bit2oct(encvalue(v_ieee1609dot2_signed_data.content.signedData.tbsData)); v_msg := bit2oct(encvalue(v_ieee1609dot2_signed_data.content.signedData.tbsData));
if (p_issuer == ''O) { // ITS-S/OBU if (p_issuer == ''O) {
var PublicVerificationKey v_public_verification_key; log("f_verify_pki_request_message: Invalid issuer value");
log("f_verify_pki_request_message: Use ITS-S technical keys");
if (PX_VE_ALG == e_nist_p256) {
var EccP256CurvePoint v_ecc_p256_curve_point;
if (PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY[0] == '02'O) {
v_ecc_p256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_0(substr(PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY, 1, 32)));
} else {
v_ecc_p256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_1(substr(PICS_ITS_S_SIGN_NISTP256_PUBLIC_KEY, 1, 32)));
}
v_public_verification_key := valueof(
m_publicVerificationKey_ecdsaNistP256(
v_ecc_p256_curve_point
)
);
} else if (PX_VE_ALG == e_brainpool_p256_r1) {
var EccP256CurvePoint v_ecc_p256_curve_point;
if (PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY[0] == '02'O) {
v_ecc_p256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_0(substr(PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY, 1, 32)));
} else {
v_ecc_p256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_1(substr(PICS_ITS_S_SIGN_BRAINPOOLP256r1_PUBLIC_KEY, 1, 32)));
}
v_public_verification_key := valueof(
m_publicVerificationKey_ecdsaBrainpoolP256r1(
v_ecc_p256_curve_point
)
);
} else if (PX_VE_ALG == e_brainpool_p384_r1) {
var EccP384CurvePoint v_ecc_p384_curve_point;
if (PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY[0] == '02'O) {
v_ecc_p384_curve_point := valueof(m_eccP384CurvePoint_compressed_y_0(substr(PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY, 1, 48)));
} else {
v_ecc_p384_curve_point := valueof(m_eccP384CurvePoint_compressed_y_1(substr(PICS_ITS_S_SIGN_BRAINPOOLP384r1_PUBLIC_KEY, 1, 48)));
}
v_public_verification_key := valueof(
m_publicVerificationKey_ecdsaBrainpoolP384r1(
v_ecc_p384_curve_point
)
);
} else {
return false; return false;
}
log("f_verify_pki_request_message: v_public_verification_key= ", v_public_verification_key);
if (f_verifyEcdsa(v_msg, int2oct(0, 32), v_ieee1609dot2_signed_data.content.signedData.signature_, v_public_verification_key) == false) {
if (p_check_security == true) {
return false;
}
}
} else { } else {
if (f_getCertificateFromDigest(f_HashedId8FromSha256(p_issuer), v_certificate) == false) { if (f_getCertificateFromDigest(f_HashedId8FromSha256(p_issuer), v_certificate) == false) {
if (p_check_security == true) { if (p_check_security == true) {
...@@ -3801,7 +3762,6 @@ module LibItsPki_Functions { ...@@ -3801,7 +3762,6 @@ module LibItsPki_Functions {
} }
// Check EC certificate signature // Check EC certificate signature
// TODO Who sign the EC certificate?
if (f_verifyCertificateSignatureWithPublicKey(p_ec_certificate, p_ea_certificate.toBeSigned.verifyKeyIndicator.verificationKey) == false) { if (f_verifyCertificateSignatureWithPublicKey(p_ec_certificate, p_ea_certificate.toBeSigned.verifyKeyIndicator.verificationKey) == false) {
log("f_verify_ec_certificate: Signature not verified"); log("f_verify_ec_certificate: Signature not verified");
return false; return false;
...@@ -3846,7 +3806,6 @@ module LibItsPki_Functions { ...@@ -3846,7 +3806,6 @@ module LibItsPki_Functions {
} }
// Check EC certificate signature // Check EC certificate signature
// TODO Who sign the EC certificate?
if (f_verifyCertificateSignatureWithPublicKey(p_at_certificate, p_aa_certificate.toBeSigned.verifyKeyIndicator.verificationKey) == false) { if (f_verifyCertificateSignatureWithPublicKey(p_at_certificate, p_aa_certificate.toBeSigned.verifyKeyIndicator.verificationKey) == false) {
log("f_verify_at_certificate: Signature not verified"); log("f_verify_at_certificate: Signature not verified");
return false; return false;
......
ttcn/Pki/LibItsPki_Pics.ttcn
View file @ 969b2095
...@@ -199,6 +199,6 @@ module LibItsPki_Pics { ...@@ -199,6 +199,6 @@ module LibItsPki_Pics {
/** /**
* @desc Invalid Canonical ITSS-S identifier * @desc Invalid Canonical ITSS-S identifier
*/ */
modulepar octetstring PICS_INVALID_ITS_S_CANONICAL_ID := '0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A0A'O; modulepar octetstring PICS_INVALID_ITS_S_CANONICAL_ID := 'BABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABABA'O;
} // End of module LibItsPki_Pics } // End of module LibItsPki_Pics
ttcn/Pki/LibItsPki_Pixits.ttcn
View file @ 969b2095
...@@ -52,6 +52,10 @@ module LibItsPki_Pixits { ...@@ -52,6 +52,10 @@ module LibItsPki_Pixits {
modulepar octetstring PX_INNER_EC_CERTFICATE_INCORRECT_BITMAP_SSP_SCR := '01FF'O; modulepar octetstring PX_INNER_EC_CERTFICATE_INCORRECT_BITMAP_SSP_SCR := '01FF'O;
modulepar octetstring PX_INNER_EC_CERTFICATE_INCORRECT_BITMAP_SSP_SCR_WRONG_VERSION := '00C0'O;
modulepar octetstring PX_INNER_EC_CERTFICATE_INCORRECT_BITMAP_SSP_SCR_WRONG_SSP_BIT := '0180'O;
modulepar octetstring PX_INNER_EC_CERTFICATE_BITMAP_SSP_CAM := '830001'O; modulepar octetstring PX_INNER_EC_CERTFICATE_BITMAP_SSP_CAM := '830001'O;
modulepar octetstring PX_INNER_EC_CERTFICATE_BITMAP_SSP_DENM := '830001'O; modulepar octetstring PX_INNER_EC_CERTFICATE_BITMAP_SSP_DENM := '830001'O;
......
ttcn/Pki/LibItsPki_Templates.ttcn
View file @ 969b2095
...@@ -190,10 +190,16 @@ module LibItsPki_Templates { ...@@ -190,10 +190,16 @@ module LibItsPki_Templates {
authorizationResponse := p_authorizationResponse authorizationResponse := p_authorizationResponse
} // End of template mw_authorizationResponse } // End of template mw_authorizationResponse
template (present) EtsiTs102941DataContent mw_authorizationValidationRequest(
template (present) AuthorizationValidationRequest p_authorization_validation_request := ?
) := {
authorizationValidationRequest := p_authorization_validation_request
} // End of template mw_authorizationValidationRequest
template (present) EtsiTs102941DataContent mw_authorizationValidationResponse( template (present) EtsiTs102941DataContent mw_authorizationValidationResponse(
template (present) AuthorizationValidationResponse p_authorization_alidation_response := ? template (present) AuthorizationValidationResponse p_authorization_validation_response := ?
) := { ) := {
authorizationValidationResponse := p_authorization_alidation_response authorizationValidationResponse := p_authorization_validation_response
} // End of template mw_authorizationValidationResponse } // End of template mw_authorizationValidationResponse
template (value) InnerEcRequest m_innerEcRequest( template (value) InnerEcRequest m_innerEcRequest(
...@@ -359,21 +365,21 @@ module LibItsPki_Templates { ...@@ -359,21 +365,21 @@ module LibItsPki_Templates {
certificate := omit certificate := omit
} // End of template mw_innerAtResponse_ko } // End of template mw_innerAtResponse_ko
template (value) AuthorizationValidationRequest m_authorizationValidationRequest( template (value) AuthorizationValidationRequest m_authorization_validation_request(
in template (value) SharedAtRequest p_sharedAtRequest, in template (value) SharedAtRequest p_sharedAtRequest,
in template (value) EcSignature p_ecSignature in template (value) EcSignature p_ecSignature
) := { ) := {
sharedAtRequest := p_sharedAtRequest, sharedAtRequest := p_sharedAtRequest,
ecSignature := p_ecSignature ecSignature := p_ecSignature
} // End of template m_authorizationValidationRequest } // End of template m_authorization_validation_request
template (present) AuthorizationValidationRequest mw_authorizationValidationRequest( template (present) AuthorizationValidationRequest mw_authorization_validation_request(
template (present) SharedAtRequest p_sharedAtRequest := ?, template (present) SharedAtRequest p_sharedAtRequest := ?,
template (present) EcSignature p_ecSignature := ? template (present) EcSignature p_ecSignature := ?
) := { ) := {
sharedAtRequest := p_sharedAtRequest, sharedAtRequest := p_sharedAtRequest,
ecSignature := p_ecSignature ecSignature := p_ecSignature
} // End of template mw_authorizationValidationRequest } // End of template mw_authorization_validation_request
template (value) AuthorizationValidationResponse m_authorizationValidationResponse_ok( template (value) AuthorizationValidationResponse m_authorizationValidationResponse_ok(
template (value) Oct16 p_requestHash, template (value) Oct16 p_requestHash,
......
ttcn/Security/LibItsSecurity_Functions.ttcn
View file @ 969b2095
...@@ -2013,18 +2013,30 @@ module LibItsSecurity_Functions { ...@@ -2013,18 +2013,30 @@ module LibItsSecurity_Functions {
function f_verifySspPermissions( function f_verifySspPermissions(
in SequenceOfPsidSsp p_issuer_ssp_permissions, in SequenceOfPsidSsp p_issuer_ssp_permissions,
in SequenceOfPsidSsp p_subordinate_ssp_permissions in SequenceOfPsidSsp p_subordinate_ssp_permissions,
in boolean p_strict_checks := false
) return boolean { ) return boolean {
// Local variables // Local variables
var integer v_idx := 0; var integer v_idx := 0;
log(">>> f_verifySspPermissions: p_issuer_ssp_permissions:", p_issuer_ssp_permissions);
log(">>> f_verifySspPermissions: p_subordinate_ssp_permissions: ", p_subordinate_ssp_permissions);
for (v_idx := 0; v_idx < lengthof(p_issuer_ssp_permissions); v_idx := v_idx + 1) { for (v_idx := 0; v_idx < lengthof(p_issuer_ssp_permissions); v_idx := v_idx + 1) {
var PsidSsp v_issuerPsidSsp := p_issuer_ssp_permissions[v_idx]; var PsidSsp v_issuerPsidSsp := p_issuer_ssp_permissions[v_idx];
var PsidSsp v_subordinatePsidSsp; var PsidSsp v_subordinatePsidSsp;
var boolean v_found := false; var boolean v_found := false;
var integer v_jdx := 0; var integer v_jdx := 0;
log("f_verifySspPermissions: v_issuerPsidSsp: ", v_issuerPsidSsp);
// 1. Check permission from issuer is present // 1. Check permission from issuer is present
for (v_jdx := 0; v_jdx < lengthof(p_subordinate_ssp_permissions); v_jdx := v_jdx + 1) { for (v_jdx := 0; v_jdx < lengthof(p_subordinate_ssp_permissions); v_jdx := v_jdx + 1) {
log("f_verifySspPermissions: match=", match(v_issuerPsidSsp, m_appPermissions(p_subordinate_ssp_permissions[v_jdx].psid, p_subordinate_ssp_permissions[v_jdx].ssp)));
// 1. Check the version
if (p_subordinate_ssp_permissions[v_jdx].ssp.bitmapSsp[0] != '01'O) {
log("f_verifySspPermissions: Wrong SSP version control (1 is expected): ", p_subordinate_ssp_permissions[v_jdx].ssp.bitmapSsp[0]);
return false;
}
// 2. Check the version
if (match(v_issuerPsidSsp, m_appPermissions(p_subordinate_ssp_permissions[v_jdx].psid, p_subordinate_ssp_permissions[v_jdx].ssp)) == true) { if (match(v_issuerPsidSsp, m_appPermissions(p_subordinate_ssp_permissions[v_jdx].psid, p_subordinate_ssp_permissions[v_jdx].ssp)) == true) {
v_subordinatePsidSsp := p_subordinate_ssp_permissions[v_jdx]; v_subordinatePsidSsp := p_subordinate_ssp_permissions[v_jdx];
v_found := true; v_found := true;
...@@ -2033,21 +2045,31 @@ module LibItsSecurity_Functions { ...@@ -2033,21 +2045,31 @@ module LibItsSecurity_Functions {
} // End of 'for' statement } // End of 'for' statement
if (v_found == false) { if (v_found == false) {
log("f_verifySspPermissions: Permission set not found: ", v_issuerPsidSsp) log("f_verifySspPermissions: Permission set not found: ", v_issuerPsidSsp)
if (p_strict_checks == true) {
return false; return false;
} else {
return true;
}
} }
// 2. Validate bits mask // 2. Validate bits mask
if (ispresent(v_issuerPsidSsp.ssp)) { if (ispresent(v_issuerPsidSsp.ssp)) {
if (ispresent(v_subordinatePsidSsp.ssp) == false) { if (ispresent(v_subordinatePsidSsp.ssp) == false) {
log("f_verifySspPermissions: Ssp shall not be omitted: ", v_issuerPsidSsp) log("f_verifySspPermissions: Ssp shall not be omitted: ", v_issuerPsidSsp)
if (p_strict_checks == true) {
return false; return false;
} }
}
if ((ischosen(v_issuerPsidSsp.ssp.bitmapSsp) == false) or (ischosen(v_subordinatePsidSsp.ssp.bitmapSsp) == false)) { if ((ischosen(v_issuerPsidSsp.ssp.bitmapSsp) == false) or (ischosen(v_subordinatePsidSsp.ssp.bitmapSsp) == false)) {
log("f_verifySspPermissions: Wrong variant : ", v_issuerPsidSsp.ssp, " / ", v_subordinatePsidSsp.ssp); log("f_verifySspPermissions: Wrong variant : ", v_issuerPsidSsp, " / ", v_subordinatePsidSsp);
if (p_strict_checks == true) {
return false; return false;
} }
}
if (lengthof(v_issuerPsidSsp.ssp.bitmapSsp) < lengthof(v_subordinatePsidSsp.ssp.bitmapSsp)) { if (lengthof(v_issuerPsidSsp.ssp.bitmapSsp) < lengthof(v_subordinatePsidSsp.ssp.bitmapSsp)) {
log("f_verifySspPermissions: Ssp not be compliant: ", v_issuerPsidSsp.ssp, " / ", v_subordinatePsidSsp.ssp); log("f_verifySspPermissions: Ssp not be compliant: ", v_issuerPsidSsp.ssp, " / ", v_subordinatePsidSsp.ssp);
if (p_strict_checks == true) {
return false; return false;
}
} else { } else {
var charstring v_issuerSsp := bit2str(oct2bit(v_issuerPsidSsp.ssp.bitmapSsp)); var charstring v_issuerSsp := bit2str(oct2bit(v_issuerPsidSsp.ssp.bitmapSsp));
var charstring v_subordinateSsp := bit2str(oct2bit(v_subordinatePsidSsp.ssp.bitmapSsp)); var charstring v_subordinateSsp := bit2str(oct2bit(v_subordinatePsidSsp.ssp.bitmapSsp));
......