Skip to content
GitLab
Commits (1)
Hide whitespace changes
Inline Side-by-side
ttcn/Http/LibItsHttp_Functions.ttcn
View file @ cdcc7f0f
...@@ -13,7 +13,7 @@ module LibItsHttp_Functions { ...@@ -13,7 +13,7 @@ module LibItsHttp_Functions {
group http_preambles { group http_preambles {
/** /**
* @desc Setups default configuration * @desc Setups default configuration
* @param p_certificate_id The certificate identifier the TA shall use in case of secured IUT * @param p_certificate_id The certificate identifier the TA shall use in case of secured IUT
*/ */
function f_cfUp( function f_cfUp(
...@@ -65,13 +65,15 @@ module LibItsHttp_Functions { ...@@ -65,13 +65,15 @@ module LibItsHttp_Functions {
p_headers[v_i] := { c_header_pragma, { "no-cache" } }; p_headers[v_i] := { c_header_pragma, { "no-cache" } };
v_i := v_i + 1; v_i := v_i + 1;
p_headers[v_i] := { c_header_cache_control, { "no-cache" } }; p_headers[v_i] := { c_header_cache_control, { "no-cache" } };
//v_i := v_i + 1;
//p_headers[v_i] := { c_header_accept, { "application/x-its-response" } };
} // End of function f_init_default_headers_list } // End of function f_init_default_headers_list
function f_set_headears_list( function f_set_headers_list(
in charstring_list p_headers_to_set, in charstring_list p_headers_to_set,
in charstring_list p_headers_value, in charstring_list p_headers_value,
inout HeaderLines p_headers inout HeaderLines p_headers
) { ) {
// Sanity checks // Sanity checks
if (lengthof(p_headers_to_set) == 0) { if (lengthof(p_headers_to_set) == 0) {
return; return;
...@@ -91,12 +93,12 @@ module LibItsHttp_Functions { ...@@ -91,12 +93,12 @@ module LibItsHttp_Functions {
} }
} // End of 'for' statement } // End of 'for' statement
} // End of 'for' statement } // End of 'for' statement
} // End of function f_set_headears_list } // End of function f_set_headers_list
function f_remove_headears_list( function f_remove_headers_list(
in charstring_list p_headers_to_remove, in charstring_list p_headers_to_remove,
inout HeaderLines p_headers inout HeaderLines p_headers
) { ) {
// Sanity checks // Sanity checks
if (lengthof(p_headers_to_remove) == 0) { if (lengthof(p_headers_to_remove) == 0) {
return; return;
...@@ -112,7 +114,27 @@ module LibItsHttp_Functions { ...@@ -112,7 +114,27 @@ module LibItsHttp_Functions {
} }
} // End of 'for' statement } // End of 'for' statement
} // End of 'for' statement } // End of 'for' statement
} // End of function f_remove_headears_list } // End of function f_remove_headers_list
function f_get_header(
in HeaderLines p_headers,
in charstring p_header_name := c_header_content_text,
out charstring_list p_header_value
) {
// Sanity checks
if (lengthof(p_header_name) == 0) {
return;
} else if (lengthof(p_headers) == 0) {
return;
}
for (var integer v_jdx := 0; v_jdx < lengthof(p_headers); v_jdx := v_jdx + 1) {
if (p_headers[v_jdx].header_name == p_header_name) {
p_header_value := p_headers[v_jdx].header_value; // NOTE Codec won't encode it
break;
}
} // End of 'for' statement
} // End of function f_get_header
} // End of group http_headers } // End of group http_headers
......
ttcn/Pki/LibItsPki_Functions.ttcn
View file @ cdcc7f0f
...@@ -71,8 +71,14 @@ module LibItsPki_Functions { ...@@ -71,8 +71,14 @@ module LibItsPki_Functions {
in charstring p_ea_certificate_id := "CERT_TS_A_EA", // TODO Use a constant in charstring p_ea_certificate_id := "CERT_TS_A_EA", // TODO Use a constant
in charstring p_aa_certificate_id := "CERT_TS_A_AA" in charstring p_aa_certificate_id := "CERT_TS_A_AA"
) runs on ItsPkiHttp /* TITAN TODO: system ItsPkiHttpSystem */ { ) runs on ItsPkiHttp /* TITAN TODO: system ItsPkiHttpSystem */ {
map(self:httpPort, system:httpPort); if (LibItsPki_Pics.PICS_MULTIPLE_END_POINT == false) {
map(self:httpPort, system:httpPort);
} else {
map(self:httpEcPort, system:httpEcPort);
map(self:httpAtVPort, system:httpAtVPort);
map(self:httpAtPort, system:httpAtPort);
}
f_connect4SelfOrClientSync(); f_connect4SelfOrClientSync();
f_initialiseSecuredMode(p_ea_certificate_id, p_aa_certificate_id); // TODO To be removed??? f_initialiseSecuredMode(p_ea_certificate_id, p_aa_certificate_id); // TODO To be removed???
...@@ -94,8 +100,14 @@ module LibItsPki_Functions { ...@@ -94,8 +100,14 @@ module LibItsPki_Functions {
log("vc_aaWholeHash= ", vc_aaWholeHash); log("vc_aaWholeHash= ", vc_aaWholeHash);
// f_readCertificate(p_peerCertificateId, vc_peerEaCertificate); // TODO To be removed // f_readCertificate(p_peerCertificateId, vc_peerEaCertificate); // TODO To be removed
// f_getCertificateHash(p_peerCertificateId, vc_eaPeerWholeHash); // TODO To be removed // f_getCertificateHash(p_peerCertificateId, vc_eaPeerWholeHash); // TODO To be removed
activate(a_default_pki_http()); if (PICS_MULTIPLE_END_POINT == false) {
activate(a_default_pki_http());
} else {
activate(a_default_pki_http_ec());
activate(a_default_pki_http_atv());
activate(a_default_pki_http_at());
}
} // End of function f_cfHttpUp } // End of function f_cfHttpUp
function f_cfUp_itss( function f_cfUp_itss(
...@@ -115,7 +127,13 @@ module LibItsPki_Functions { ...@@ -115,7 +127,13 @@ module LibItsPki_Functions {
* @desc Deletes default configuration * @desc Deletes default configuration
*/ */
function f_cfHttpDown() runs on ItsPkiHttp /* TITAN TODO: system ItsPkiHttpSystem */ { function f_cfHttpDown() runs on ItsPkiHttp /* TITAN TODO: system ItsPkiHttpSystem */ {
unmap(self:httpPort, system:httpPort); if (PICS_MULTIPLE_END_POINT == false) {
unmap(self:httpPort, system:httpPort);
} else {
unmap(self:httpEcPort, system:httpEcPort);
unmap(self:httpAtVPort, system:httpAtVPort);
unmap(self:httpAtPort, system:httpAtPort);
}
f_disconnect4SelfOrClientSync(); f_disconnect4SelfOrClientSync();
f_uninitialiseSecuredMode(); f_uninitialiseSecuredMode();
} // End of function f_cfHttpDown } // End of function f_cfHttpDown
...@@ -360,7 +378,7 @@ module LibItsPki_Functions { ...@@ -360,7 +378,7 @@ module LibItsPki_Functions {
log("*** f_http_build_invalid_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); log("*** f_http_build_invalid_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***");
f_selfOrClientSyncAndVerdict("error", e_error); f_selfOrClientSyncAndVerdict("error", e_error);
} }
log("v_inner_ec_request_signed_for_pop= ", v_inner_ec_request_signed_for_pop); log("f_http_build_invalid_enrolment_request: v_inner_ec_request_signed_for_pop= ", v_inner_ec_request_signed_for_pop);
// Modify signature to get an error // Modify signature to get an error
if (ischosen(v_inner_ec_request_signed_for_pop.content.signedData.signature_.ecdsaNistP256Signature)) { if (ischosen(v_inner_ec_request_signed_for_pop.content.signedData.signature_.ecdsaNistP256Signature)) {
v_inner_ec_request_signed_for_pop.content.signedData.signature_.ecdsaNistP256Signature.sSig[1] := bit2oct('10101010'B xor4b oct2bit(v_inner_ec_request_signed_for_pop.content.signedData.signature_.ecdsaNistP256Signature.sSig[1])); v_inner_ec_request_signed_for_pop.content.signedData.signature_.ecdsaNistP256Signature.sSig[1] := bit2oct('10101010'B xor4b oct2bit(v_inner_ec_request_signed_for_pop.content.signedData.signature_.ecdsaNistP256Signature.sSig[1]));
...@@ -370,11 +388,11 @@ module LibItsPki_Functions { ...@@ -370,11 +388,11 @@ module LibItsPki_Functions {
// Secure InnerEcRequestSignedForPoP message // Secure InnerEcRequestSignedForPoP message
if (f_extract_enc_key(vc_eaCertificate, v_public_enc_key, v_compressed_enc_key_mode) == false) { if (f_extract_enc_key(vc_eaCertificate, v_public_enc_key, v_compressed_enc_key_mode) == false) {
log("*** f_http_build_inner_ec_request: ERROR: Non canonical EA certificate ***"); log("*** f_http_build_invalid_enrolment_request: ERROR: Non canonical EA certificate ***");
f_selfOrClientSyncAndVerdict("error", e_error); f_selfOrClientSyncAndVerdict("error", e_error);
} }
log("*** f_http_build_inner_ec_request: Public encryption key: ", v_public_enc_key); log("*** f_http_build_invalid_enrolment_request: Public encryption key: ", v_public_enc_key);
log("*** f_http_build_inner_ec_request: Public encryption key comp: ", v_compressed_enc_key_mode); log("*** f_http_build_invalid_enrolment_request: Public encryption key comp: ", v_compressed_enc_key_mode);
p_salt := vc_eaWholeHash; p_salt := vc_eaWholeHash;
if (PICS_SECPKI_REENROLMENT == false) { // This is the first enrolment, we used Factory keys if (PICS_SECPKI_REENROLMENT == false) { // This is the first enrolment, we used Factory keys
v_ret_code := f_build_pki_secured_request_message_signed_with_pop(PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY, valueof(m_signerIdentifier_self), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, p_salt, bit2oct(encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop))), p_ieee1609dot2_signed_and_encrypted_data, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce, p_request_hash); v_ret_code := f_build_pki_secured_request_message_signed_with_pop(PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY, valueof(m_signerIdentifier_self), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, p_salt, bit2oct(encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop))), p_ieee1609dot2_signed_and_encrypted_data, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce, p_request_hash);
...@@ -397,10 +415,10 @@ module LibItsPki_Functions { ...@@ -397,10 +415,10 @@ module LibItsPki_Functions {
in octetstring p_ec_private_key, in octetstring p_ec_private_key,
out octetstring p_private_key, out octetstring p_private_key,
out octetstring p_public_key_compressed, out octetstring p_public_key_compressed,
out integer p_compressed_mode, out integer p_compressed_key_mode,
out octetstring p_private_enc_key, out octetstring p_private_enc_key,
out octetstring p_public_compressed_enc_key, out octetstring p_public_compressed_enc_key,
out integer p_compressedEncMode, out integer p_compressed_enc_key_mode,
out Oct16 p_aes_sym_key, out Oct16 p_aes_sym_key,
out Oct16 p_encrypted_sym_key, out Oct16 p_encrypted_sym_key,
out Oct16 p_authentication_vector, out Oct16 p_authentication_vector,
...@@ -420,35 +438,18 @@ module LibItsPki_Functions { ...@@ -420,35 +438,18 @@ module LibItsPki_Functions {
var Ieee1609Dot2Data v_inner_at_request_data; var Ieee1609Dot2Data v_inner_at_request_data;
var InnerAtRequest v_authorization_request; var InnerAtRequest v_authorization_request;
var bitstring v_authorization_request_msg; var bitstring v_authorization_request_msg;
// Generate verification keys for the certificate to be requested // Generate the InnerAtRequest
if (f_generate_key_pair(p_private_key, v_public_key_x, v_public_key_y, p_public_key_compressed, p_compressed_mode) == false) { if (f_generate_inner_at_request(vc_eaCertificate, vc_eaHashedId8, p_ec_certificate, p_ec_private_key, p_private_key, p_public_key_compressed, p_compressed_key_mode, p_private_enc_key, p_public_compressed_enc_key, p_compressed_enc_key_mode, v_inner_at_request) == false) {
log("*** f_http_build_authorization_request: ERROR: Failed to generate verification key ***");
f_selfOrClientSyncAndVerdict("error", e_error);
return;
}
log ("f_http_build_authorization_request: AT verification private key: ", p_private_key);
log ("f_http_build_authorization_request: AT verification public compressed key: ", p_public_key_compressed);
log ("f_http_build_authorization_request: AT verification public compressed mode: ", p_compressed_mode);
// Generate encryption keys for the certificate to be requested
if (PX_INCLUDE_ENCRYPTION_KEYS) {
if (f_generate_key_pair(p_private_enc_key, v_public_enc_key_x, v_public_enc_key_y, p_public_compressed_enc_key, p_compressedEncMode) == false) {
log("*** f_http_build_authorization_request: ERROR: Failed to generate encryption key ***");
f_selfOrClientSyncAndVerdict("error", e_error);
return;
}
}
if (f_generate_inner_at_request(vc_eaCertificate, vc_eaHashedId8, p_ec_certificate, p_ec_private_key, p_private_key, v_public_key_x, v_public_key_y, p_compressed_mode, p_private_enc_key, v_public_enc_key_x, v_public_enc_key_y, p_compressedEncMode, v_inner_at_request) == false) {
log("*** f_http_build_authorization_request: ERROR: Failed to generate AuthorizationValidationRequest ***"); log("*** f_http_build_authorization_request: ERROR: Failed to generate AuthorizationValidationRequest ***");
f_selfOrClientSyncAndVerdict("error", e_error); f_selfOrClientSyncAndVerdict("error", e_error);
return; return;
} }
log("v_inner_at_request= ", v_inner_at_request); log("f_http_build_authorization_request: v_inner_at_request= ", v_inner_at_request);
// Secure InnerAtRequest message // Secure InnerAtRequest message
if (f_extract_enc_key(vc_aaCertificate, v_public_enc_key, v_compressed_enc_key_mode) == false) { if (f_extract_enc_key(vc_aaCertificate, v_public_enc_key, v_compressed_enc_key_mode) == false) {
log("*** f_http_build_inner_ec_request: ERROR: Non canonical AA certificate ***"); log("*** f_http_build_authorization_request: ERROR: Non canonical AA certificate ***");
f_selfOrClientSyncAndVerdict("error", e_error); f_selfOrClientSyncAndVerdict("error", e_error);
} }
if (PICS_SEC_FIXED_KEYS) { // Debug mode: Use fixed values if (PICS_SEC_FIXED_KEYS) { // Debug mode: Use fixed values
...@@ -476,42 +477,66 @@ module LibItsPki_Functions { ...@@ -476,42 +477,66 @@ module LibItsPki_Functions {
} // End of function f_http_build_authorization_request } // End of function f_http_build_authorization_request
function f_http_build_authorization_validation_request( function f_http_build_authorization_validation_request(
in InnerAtRequest p_inner_at_request,
out octetstring p_private_key, out octetstring p_private_key,
out octetstring p_public_key_compressed, out octetstring p_public_key_compressed,
out integer p_compressed_mode, out integer p_compressed_key_mode,
out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data out octetstring p_private_enc_key,
out octetstring p_public_compressed_enc_key,
out integer p_compressed_enc_key_mode,
out Oct16 p_aes_sym_key,
out Oct16 p_encrypted_sym_key,
out Oct16 p_authentication_vector,
out Oct12 p_nonce,
out octetstring p_salt,
out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data,
out Oct32 p_request_hash
) runs on ItsPkiHttp { ) runs on ItsPkiHttp {
// Local variables // Local variables
var AuthorizationValidationRequest v_authorization_validation_request; var AuthorizationValidationRequest v_authorization_validation_request;
var bitstring v_authorization_validation_request_msg; var bitstring v_authorization_validation_request_msg;
var octetstring v_public_enc_key; var octetstring v_public_enc_key;
var integer v_compressed_enc_key_mode; var integer v_compressed_enc_key_mode;
/* TODO if (f_generate_authorization_validation_request(vc_eaCertificate, vc_eaHashedId8, p_private_key, p_public_key_compressed, p_compressed_mode, v_authorization_validation_request) == false) { // Copy the sharedAtRequest component from the InnerAtRequest received in the AuthorizationRequestMessage
log("*** f_http_build_authorization_validation_request: ERROR: Failed to generate AuthorizationValidationRequest ***"); v_authorization_validation_request.sharedAtRequest := p_inner_at_request.sharedAtRequest;
f_selfOrClientSyncAndVerdict("error", e_error); // Copy the ecSignature component from the InnerAtRequest received in the AuthorizationRequestMessage or AuthorizationRequestMessageWithPop
}*/ v_authorization_validation_request.ecSignature := p_inner_at_request.ecSignature;
// Secure the Pki message // Secure the Pki message
if (f_extract_enc_key(vc_eaCertificate, v_public_enc_key, v_compressed_enc_key_mode) == false) { if (f_extract_enc_key(vc_eaCertificate, v_public_enc_key, v_compressed_enc_key_mode) == false) {
log("*** f_http_build_inner_ec_request: ERROR: Non canonical EA certificate ***"); log("*** f_http_build_authorization_validation_request: ERROR: Non canonical EA certificate ***");
f_selfOrClientSyncAndVerdict("error", e_error); f_selfOrClientSyncAndVerdict("error", e_error);
} }
log("*** f_http_build_authorization_validation_request: Public encryption key: ", v_public_enc_key); log("*** f_http_build_authorization_validation_request: Public encryption key: ", v_public_enc_key);
log("*** f_http_build_authorization_validation_request: Public encryption key comp: ", v_compressed_enc_key_mode); log("*** f_http_build_authorization_validation_request: Public encryption key comp: ", v_compressed_enc_key_mode);
// Secure InnerAtRequest message
/** if (f_extract_enc_key(vc_eaCertificate, v_public_enc_key, v_compressed_enc_key_mode) == false) {
TODO: Load certificate according to the IUT role log("*** f_http_build_authorization_validation_request: ERROR: Non canonical EA certificate ***");
==> a complete fucntion which set up the TestSustem certificate,keyy... according to the IUT role f_selfOrClientSyncAndVerdict("error", e_error);
**/ }
log("*** f_http_build_inner_ec_request: ERROR: Need to add TestSystem variable vc_aa ***"); if (PICS_SEC_FIXED_KEYS) { // Debug mode: Use fixed values
f_selfOrClientSyncAndVerdict("error", e_error); v_public_enc_key := 'DD4F6B0DF57C6E3BD0E32B565CACA1D858CEB08A5C2BBAB2C23E203C6DE697FF'O;
/* if (f_build_pki_secured_request_message_signed_with_pop(vc_aaPrivateKey, valueof(m_signerIdentifier_digest(vc_aaHashedId8)), vc_eaHashedId8/\*recipientId*\/, v_public_enc_key, v_compressed_enc_key_mode, vc_eaWholeHash, bit2oct(encvalue(m_etsiTs102941Data_authorization_validation_request(v_authorization_validation_request))), p_ieee1609dot2_signed_and_encrypted_data, p_request_hash) == false) { */ v_compressed_enc_key_mode := 0;
/* log("*** f_http_build_authorization_validation_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); */ }
/* f_selfOrClientSyncAndVerdict("error", e_error); */ log("*** f_http_build_authorization_validation_request: Public encryption key: ", v_public_enc_key);
/* } */ log("*** f_http_build_authorization_validation_request: Public encryption key comp: ", v_compressed_enc_key_mode);
p_salt := vc_eaWholeHash;
log("*** f_http_build_authorization_validation_request: DEBUG: p_ieee1609dot2_signed_and_encrypted_data = ", p_ieee1609dot2_signed_and_encrypted_data); log("*** f_http_build_authorization_validation_request: p_salt: ", p_salt);
if (PX_AUTHORIZATION_REQUEST_WITH_POP) {
if(f_build_pki_secured_request_message_signed_with_pop(PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY, valueof(m_signerIdentifier_self), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, p_salt, bit2oct(encvalue(m_etsiTs102941Data_authorization_validation_request(v_authorization_validation_request))), p_ieee1609dot2_signed_and_encrypted_data, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce, p_request_hash) == false) {
log("*** f_http_build_authorization_validation_request: ERROR: Failed to generate Authorization Request ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
} else { // Only encryption of EtsiTs102941Data/InnerAtRequest
log("*** f_http_build_authorization_validation_request: POP signature not applied");
if(f_build_pki_secured_request_message(vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, p_salt, bit2oct(encvalue(m_etsiTs102941Data_authorization_validation_request(v_authorization_validation_request))), p_ieee1609dot2_signed_and_encrypted_data, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce, p_request_hash) == false) {
log("*** f_http_build_authorization_validation_request: ERROR: Failed to generate Authorization Request ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
}
log("*** f_http_build_authorization_validation_request: DEBUG: p_ieee1609dot2_signed_and_encrypted_data= ", p_ieee1609dot2_signed_and_encrypted_data);
log("*** f_http_build_authorization_validation_request: DEBUG: p_request_hash= ", p_request_hash);
} // End of function f_http_build_authorization_validation_request } // End of function f_http_build_authorization_validation_request
} // End of group http } // End of group http
...@@ -572,7 +597,7 @@ module LibItsPki_Functions { ...@@ -572,7 +597,7 @@ module LibItsPki_Functions {
v_public_verification_key v_public_verification_key
), ),
m_validityPeriod( m_validityPeriod(
f_getCurrentTime(), f_getCurrentTime() / 1000,
m_duration_years(1) m_duration_years(1)
), ),
m_geographicRegion_identifiedRegion( m_geographicRegion_identifiedRegion(
...@@ -650,7 +675,7 @@ module LibItsPki_Functions { ...@@ -650,7 +675,7 @@ module LibItsPki_Functions {
v_public_verification_key v_public_verification_key
), ),
m_validityPeriod( m_validityPeriod(
f_getCurrentTime(), f_getCurrentTime() / 1000,
m_duration_years(1) m_duration_years(1)
), ),
m_geographicRegion_identifiedRegion( m_geographicRegion_identifiedRegion(
...@@ -729,7 +754,7 @@ module LibItsPki_Functions { ...@@ -729,7 +754,7 @@ module LibItsPki_Functions {
valueof(m_appPermissions(c_its_aid_SCR, { bitmapSsp := '00C0'O })) valueof(m_appPermissions(c_its_aid_SCR, { bitmapSsp := '00C0'O }))
}, },
m_validityPeriod( m_validityPeriod(
f_getCurrentTime(), f_getCurrentTime() / 1000,
m_duration_years(1) // TODO Use PIXIT m_duration_years(1) // TODO Use PIXIT
), ),
m_geographicRegion_identifiedRegion( m_geographicRegion_identifiedRegion(
...@@ -853,17 +878,19 @@ module LibItsPki_Functions { ...@@ -853,17 +878,19 @@ module LibItsPki_Functions {
in Oct8 p_ea_hashed_id8, in Oct8 p_ea_hashed_id8,
in Certificate p_ec_certificate, in Certificate p_ec_certificate,
in octetstring p_ec_private_key, in octetstring p_ec_private_key,
in octetstring p_private_key, out octetstring p_private_key,
in octetstring p_public_key_x, out octetstring p_public_key_compressed,
in octetstring p_public_key_y, out integer p_compressed_key_mode,
in integer p_compressed_key_mode, out octetstring p_private_enc_key,
in octetstring p_private_enc_key, out octetstring p_public_compressed_enc_key,
in octetstring p_public_enc_key_x, out integer p_compressed_enc_key_mode,
in octetstring p_public_enc_key_y,
in integer p_compressed_enc_key_mode,
out InnerAtRequest p_inner_at_request out InnerAtRequest p_inner_at_request
) return boolean { ) return boolean {
// Local variables // Local variables
var octetstring v_public_key_x;
var octetstring v_public_key_y;
var octetstring v_public_enc_key_x;
var octetstring v_public_enc_key_y;
var bitstring v_enc_value; var bitstring v_enc_value;
var octetstring v_ec_hash; var octetstring v_ec_hash;
var Oct8 v_ec_hashed_id8; var Oct8 v_ec_hashed_id8;
...@@ -881,6 +908,26 @@ module LibItsPki_Functions { ...@@ -881,6 +908,26 @@ module LibItsPki_Functions {
var HashAlgorithm v_hashId; var HashAlgorithm v_hashId;
var Signature v_signature; var Signature v_signature;
// Generate verification keys for the certificate to be requested
if (f_generate_key_pair(p_private_key, v_public_key_x, v_public_key_y, p_public_key_compressed, p_compressed_key_mode) == false) {
log("f_generate_inner_at_request: Failed to generate verification key");
return false;
}
log ("f_generate_inner_at_request: AT verification private key: ", p_private_key);
log ("f_generate_inner_at_request: AT verification public compressed key: ", p_public_key_compressed);
log ("f_generate_inner_at_request: AT verification public compressed mode: ", p_compressed_key_mode);
// Generate encryption keys for the certificate to be requested
if (PX_INCLUDE_ENCRYPTION_KEYS) {
if (f_generate_key_pair(p_private_enc_key, v_public_enc_key_x, v_public_enc_key_y, p_public_compressed_enc_key, p_compressed_enc_key_mode) == false) {
log("f_generate_inner_at_request: Failed to generate encryption key");
return false;
}
} else {
p_private_enc_key := ''O;
p_public_compressed_enc_key := ''O;
p_compressed_enc_key_mode := -1;
}
// Calculate the whole certificate SHA // Calculate the whole certificate SHA
v_enc_value := encvalue(p_ec_certificate); v_enc_value := encvalue(p_ec_certificate);
if (ischosen(p_ec_certificate.issuer.sha256AndDigest)) { if (ischosen(p_ec_certificate.issuer.sha256AndDigest)) {
...@@ -897,7 +944,7 @@ module LibItsPki_Functions { ...@@ -897,7 +944,7 @@ module LibItsPki_Functions {
log("f_generate_inner_at_request: v_hmac_key= ", v_hmac_key); log("f_generate_inner_at_request: v_hmac_key= ", v_hmac_key);
// Generate tag based on the concatenation of verification keys & encryption keys // Generate tag based on the concatenation of verification keys & encryption keys
v_message_to_tag := p_public_key_x & p_public_key_y & p_public_enc_key_x & p_public_enc_key_y; v_message_to_tag := v_public_key_x & v_public_key_y & v_public_enc_key_x & v_public_enc_key_y;
log("f_generate_inner_at_request: v_message_to_tag= ", v_message_to_tag); // FIXME encryption keys could be optional log("f_generate_inner_at_request: v_message_to_tag= ", v_message_to_tag); // FIXME encryption keys could be optional
v_key_tag := fx_hmac_sha256(v_hmac_key, v_message_to_tag); // TODO Rename and use a wrapper function v_key_tag := fx_hmac_sha256(v_hmac_key, v_message_to_tag); // TODO Rename and use a wrapper function
log("f_generate_inner_at_request: v_key_tag= ", v_key_tag); log("f_generate_inner_at_request: v_key_tag= ", v_key_tag);
...@@ -1092,14 +1139,14 @@ module LibItsPki_Functions { ...@@ -1092,14 +1139,14 @@ module LibItsPki_Functions {
} }
// Build the InnerAtRequest, EcSignature field is already set // Build the InnerAtRequest, EcSignature field is already set
if (p_compressed_key_mode == 0) { if (p_compressed_key_mode == 0) {
v_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_0(p_public_key_x); v_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_0(v_public_key_x);
} else { } else {
v_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_1(p_public_key_x); v_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_1(v_public_key_x);
} }
if (p_compressed_enc_key_mode == 0) { if (p_compressed_enc_key_mode == 0) {
v_enc_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_0(p_public_enc_key_x); v_enc_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_0(v_public_enc_key_x);
} else { } else {
v_enc_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_1(p_public_enc_key_x); v_enc_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_1(v_public_enc_key_x);
} }
p_inner_at_request.publicKeys := valueof( // The freshly generated public keys to be used for the requested AT certificate p_inner_at_request.publicKeys := valueof( // The freshly generated public keys to be used for the requested AT certificate
m_publicKeys( m_publicKeys(
...@@ -1144,6 +1191,54 @@ module LibItsPki_Functions { ...@@ -1144,6 +1191,54 @@ module LibItsPki_Functions {
group awaiting_messages { group awaiting_messages {
function f_http_send(
in HeaderLines p_headers,
in template (value) HttpMessage p_http_message
) runs on ItsPkiHttp {
if (not(PICS_MULTIPLE_END_POINT)) {
httpPort.send(p_http_message);
} else {
var charstring_list v_content_text;
f_get_header(p_headers, c_header_content_text, v_content_text);
if (not(isvalue(v_content_text))) {
log("f_http_send: Failed to send message: header not found: ", c_header_content_text);
return;
}
if (v_content_text == { "inner_ec_request" }) {
log("f_http_send: Send on EC end point");
f_set_headers_list({ c_header_host }, { PICS_HEADER_HOST_EC }, p_headers);
if (ischosen(p_http_message.request)) {
p_http_message.request.header := p_headers;
} else {
p_http_message.response.header := p_headers;
}
httpEcPort.send(p_http_message);
} else if (v_content_text == { "inner_atv_request" }) {
log("f_http_send: Send on ATV end point");
f_set_headers_list({ c_header_host }, { PICS_HEADER_HOST_ATV }, p_headers);
if (ischosen(p_http_message.request)) {
p_http_message.request.header := p_headers;
} else {
p_http_message.response.header := p_headers;
}
httpAtVPort.send(p_http_message);
} else if (v_content_text == { "inner_at_request" }) {
log("f_http_send: Send on AT end point");
f_set_headers_list({ c_header_host }, { PICS_HEADER_HOST_AT }, p_headers);
if (ischosen(p_http_message.request)) {
p_http_message.request.header := p_headers;
} else {
p_http_message.response.header := p_headers;
}
httpAtPort.send(p_http_message);
} else {
log("f_http_send: Invalid header value: ", v_content_text);
}
}
} // End of function f_http_send
function f_await_http_inner_ec_request_response( function f_await_http_inner_ec_request_response(
out Oct32 p_private_key, out Oct32 p_private_key,
out Oct32 p_compressed_public_key, out Oct32 p_compressed_public_key,
...@@ -1164,29 +1259,30 @@ module LibItsPki_Functions { ...@@ -1164,29 +1259,30 @@ module LibItsPki_Functions {
log(">>> f_await_http_inner_ec_request_response"); log(">>> f_await_http_inner_ec_request_response");
f_http_build_inner_ec_request(p_private_key, p_compressed_public_key, p_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash); f_http_build_inner_ec_request(p_private_key, p_compressed_public_key, p_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
f_init_default_headers_list(-, "inner_ec_request", v_headers); f_init_default_headers_list(-, "inner_ec_request", v_headers);
httpPort.send( f_http_send(
m_http_request( v_headers,
m_http_request_post( m_http_request(
PICS_HTTP_POST_URI, m_http_request_post(
v_headers, PICS_HTTP_POST_URI_EC,
m_http_message_body_binary( v_headers,
m_binary_body_ieee1609dot2_data( m_http_message_body_binary(
v_ieee1609dot2_signed_and_encrypted_data m_binary_body_ieee1609dot2_data(
))))); v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start; tc_ac.start;
alt { alt {
[] httpPort.receive( [not(PICS_MULTIPLE_END_POINT)] httpPort.receive(
mw_http_response( mw_http_response(
mw_http_response_ok( mw_http_response_ok(
mw_http_message_body_binary( mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data( mw_binary_body_ieee1609dot2_data(
mw_enrolmentResponseMessage( mw_enrolmentResponseMessage(
mw_encryptedData( mw_encryptedData(
-, -,
mw_SymmetricCiphertext_aes128ccm mw_SymmetricCiphertext_aes128ccm
))))))) -> value v_response { ))))))) -> value v_response {
tc_ac.stop; tc_ac.stop;
if (f_verify_pki_message(p_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) { if (f_verify_pki_message(p_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
log("f_await_http_inner_ec_request_response: Failed to verify PKI message ***"); log("f_await_http_inner_ec_request_response: Failed to verify PKI message ***");
} else { } else {
...@@ -1208,13 +1304,38 @@ module LibItsPki_Functions { ...@@ -1208,13 +1304,38 @@ module LibItsPki_Functions {
} }
} }
} }
[] httpPort.receive( [PICS_MULTIPLE_END_POINT] httpEcPort.receive(
mw_http_response( mw_http_response(
mw_http_response_ko mw_http_response_ok(
)) { mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentResponseMessage(
mw_encryptedData(
-,
mw_SymmetricCiphertext_aes128ccm
))))))) -> value v_response {
tc_ac.stop; tc_ac.stop;
log("f_await_http_inner_ec_request_response: Unexpected message received ***"); if (f_verify_pki_message(p_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
log("f_await_http_inner_ec_request_response: Failed to verify PKI message ***");
} else {
log("f_await_http_inner_ec_request_response: Receive ", v_etsi_ts_102941_data, " ***");
// Verify the received EC certificate
log("f_await_http_inner_ec_request_response: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec, -)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec, -))))) {
p_inner_ec_response := v_etsi_ts_102941_data.content.enrolmentResponse;
if (f_verify_ec_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, vc_eaCertificate, p_compressed_public_key, p_compressed_mode)) {
log("f_await_http_inner_ec_request_response: Well-secured EA certificate received ***");
log("p_inner_ec_response= ", p_inner_ec_response);
return true;
} else {
log("f_await_http_inner_ec_request_response: Cannot verify EC certificate signature ***");
return true; // For debug mode only
}
} else {
log("f_await_http_inner_ec_request_response: Unexpected message received ***");
}
}
} }
[] tc_ac.timeout { [] tc_ac.timeout {
log("f_await_http_inner_ec_request_response: Expected message not received ***"); log("f_await_http_inner_ec_request_response: Expected message not received ***");
...@@ -1267,16 +1388,10 @@ module LibItsPki_Functions { ...@@ -1267,16 +1388,10 @@ module LibItsPki_Functions {
var integer v_public_compressed_ephemeral_mode; var integer v_public_compressed_ephemeral_mode;
var octetstring v_encrypted_request; var octetstring v_encrypted_request;
var EncryptedDataEncryptionKey v_encrypted_data_encryption_key; var EncryptedDataEncryptionKey v_encrypted_data_encryption_key;
var bitstring v_enc_value;
log(">>> f_build_pki_secured_request_message_signed_with_pop"); log(">>> f_build_pki_secured_request_message_signed_with_pop");
// The 'p_request_hash' shall be the SHA256 digest of the OER representation of the topmost EtsiTs103097Data-Encoded structure
if (PICS_SEC_FIXED_KEYS) {
p_request_hash := '10ED97A2F2933DD3AC55F47022D125E18F5E1AA024613E616A75BA4979EFE318'O;
} else {
p_request_hash := f_hashWithSha256(p_pki_message);
}
log("f_build_pki_secured_request_message_signed_with_pop: p_request_hash= ", p_request_hash);
// Signed the encoded PKI message // Signed the encoded PKI message
v_tbs := m_toBeSignedData( v_tbs := m_toBeSignedData(
m_signedDataPayload( m_signedDataPayload(
...@@ -1412,7 +1527,16 @@ module LibItsPki_Functions { ...@@ -1412,7 +1527,16 @@ module LibItsPki_Functions {
) )
); );
log("<<< f_build_pki_secured_request_message_signed_with_pop: ", p_ieee1609dot2_signed_and_encrypted_data); // The 'p_request_hash' shall be the SHA256 digest of the OER representation of the topmost EtsiTs103097Data-Encoded structure
v_enc_value := encvalue(p_ieee1609dot2_signed_and_encrypted_data);
if (PICS_SEC_FIXED_KEYS) {
p_request_hash := '10ED97A2F2933DD3AC55F47022D125E18F5E1AA024613E616A75BA4979EFE318'O;
} else {
p_request_hash := f_hashWithSha256(bit2oct(v_enc_value));
}
log("f_build_pki_secured_request_message_signed_with_pop: p_request_hash= ", p_request_hash);
log("<<< f_build_pki_secured_request_message_signed_with_pop: ", p_pki_message);
return true; return true;
} // End of function f_build_pki_secured_request_message_signed_with_pop } // End of function f_build_pki_secured_request_message_signed_with_pop
...@@ -1446,16 +1570,10 @@ module LibItsPki_Functions { ...@@ -1446,16 +1570,10 @@ module LibItsPki_Functions {
var integer v_public_compressed_ephemeral_mode; var integer v_public_compressed_ephemeral_mode;
var octetstring v_encrypted_request; var octetstring v_encrypted_request;
var EncryptedDataEncryptionKey v_encrypted_data_encryption_key; var EncryptedDataEncryptionKey v_encrypted_data_encryption_key;
var bitstring v_enc_value;
log(">>> f_build_pki_secured_request_message"); log(">>> f_build_pki_secured_request_message");
// The 'p_request_hash' shall be the SHA256 digest of the OER representation of the topmost EtsiTs103097Data-Encoded structure
if (PICS_SEC_FIXED_KEYS) {
p_request_hash := '10ED97A2F2933DD3AC55F47022D125E18F5E1AA024613E616A75BA4979EFE318'O;
} else {
p_request_hash := f_hashWithSha256(p_pki_message);
}
log("f_build_pki_secured_request_message: p_request_hash= ", p_request_hash);
// Encrypt encode EtsiTs103097Data-Signed data structure // Encrypt encode EtsiTs103097Data-Signed data structure
if (PICS_SEC_FIXED_KEYS) { if (PICS_SEC_FIXED_KEYS) {
p_salt := '77C0637C3558B3238FDE1EEC376DA080BE4076FB8491CA0F8C19FD34DF298CEB'O; p_salt := '77C0637C3558B3238FDE1EEC376DA080BE4076FB8491CA0F8C19FD34DF298CEB'O;
...@@ -1523,6 +1641,15 @@ module LibItsPki_Functions { ...@@ -1523,6 +1641,15 @@ module LibItsPki_Functions {
) )
); );
// The 'p_request_hash' shall be the SHA256 digest of the OER representation of the topmost EtsiTs103097Data-Encoded structure
v_enc_value := encvalue(p_ieee1609dot2_signed_and_encrypted_data);
if (PICS_SEC_FIXED_KEYS) {
p_request_hash := '10ED97A2F2933DD3AC55F47022D125E18F5E1AA024613E616A75BA4979EFE318'O;
} else {
p_request_hash := f_hashWithSha256(bit2oct(v_enc_value));
}
log("f_build_pki_secured_request_message: p_request_hash= ", p_request_hash);
log("<<< f_build_pki_secured_request_message: ", p_ieee1609dot2_signed_and_encrypted_data); log("<<< f_build_pki_secured_request_message: ", p_ieee1609dot2_signed_and_encrypted_data);
return true; return true;
} // End of function f_build_pki_secured_request_message } // End of function f_build_pki_secured_request_message
...@@ -1869,33 +1996,116 @@ module LibItsPki_Functions { ...@@ -1869,33 +1996,116 @@ module LibItsPki_Functions {
} // End of group security_function } // End of group security_function
group altstes { group altsteps {
altstep a_default_pki_http() runs on ItsPkiHttp { altstep a_default_pki_http() runs on ItsPkiHttp {
[] httpPort.receive( [not(PICS_MULTIPLE_END_POINT)] httpPort.receive(
mw_http_response( mw_http_response(
mw_http_response_ko mw_http_response_ko
)) { )) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[not(PICS_MULTIPLE_END_POINT)] httpPort.receive(mw_http_request) {
tc_ac.stop; tc_ac.stop;
log("*** a_default: ERROR: HTTP Server error ***"); log("*** a_default: ERROR: Unexpected HTTP Request received ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
[not(PICS_MULTIPLE_END_POINT)] httpPort.receive(mw_http_response) {
tc_ac.stop;
log("*** a_default: ERROR: Unexpected HTTP Response received ***");
f_selfOrClientSyncAndVerdict("error", e_error); f_selfOrClientSyncAndVerdict("error", e_error);
} }
[] httpPort.receive(mw_http_request) { [not(PICS_MULTIPLE_END_POINT)] httpPort.receive {
tc_ac.stop;
log("*** a_default: ERROR: Unexpected HTTP message received ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
} // End of altstep a_default_pki_http
altstep a_default_pki_http_ec() runs on ItsPkiHttp {
[PICS_MULTIPLE_END_POINT] httpEcPort.receive(
mw_http_response(
mw_http_response_ko
)) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[PICS_MULTIPLE_END_POINT] httpEcPort.receive(mw_http_request) {
tc_ac.stop; tc_ac.stop;
log("*** a_default: ERROR: Unexpected HTTP Request received ***"); log("*** a_default: ERROR: Unexpected HTTP Request received ***");
f_selfOrClientSyncAndVerdict("error", e_error); f_selfOrClientSyncAndVerdict("error", e_error);
} }
[] httpPort.receive(mw_http_response) { [PICS_MULTIPLE_END_POINT] httpEcPort.receive(mw_http_response) {
tc_ac.stop; tc_ac.stop;
log("*** a_default: ERROR: Unexpected HTTP Response received ***"); log("*** a_default: ERROR: Unexpected HTTP Response received ***");
f_selfOrClientSyncAndVerdict("error", e_error); f_selfOrClientSyncAndVerdict("error", e_error);
} }
[] httpPort.receive { [PICS_MULTIPLE_END_POINT] httpEcPort.receive {
tc_ac.stop; tc_ac.stop;
log("*** a_default: ERROR: Unexpected HTTP message received ***"); log("*** a_default: ERROR: Unexpected HTTP message received ***");
f_selfOrClientSyncAndVerdict("error", e_error); f_selfOrClientSyncAndVerdict("error", e_error);
} }
} } // End of altstep a_default_pki_http_ec
}
altstep a_default_pki_http_atv() runs on ItsPkiHttp {
[PICS_MULTIPLE_END_POINT] httpAtVPort.receive(
mw_http_response(
mw_http_response_ko
)) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[PICS_MULTIPLE_END_POINT] httpAtVPort.receive(mw_http_request) {
tc_ac.stop;
log("*** a_default: ERROR: Unexpected HTTP Request received ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
[PICS_MULTIPLE_END_POINT] httpAtVPort.receive(mw_http_response) {
tc_ac.stop;
log("*** a_default: ERROR: Unexpected HTTP Response received ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
[PICS_MULTIPLE_END_POINT] httpAtVPort.receive {
tc_ac.stop;
log("*** a_default: ERROR: Unexpected HTTP message received ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
} // End of altstep a_default_pki_http_atv
altstep a_default_pki_http_at() runs on ItsPkiHttp {
[PICS_MULTIPLE_END_POINT] httpAtPort.receive(
mw_http_response(
mw_http_response_ko
)) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[PICS_MULTIPLE_END_POINT] httpAtPort.receive(mw_http_request) {
tc_ac.stop;
log("*** a_default: ERROR: Unexpected HTTP Request received ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
[PICS_MULTIPLE_END_POINT] httpAtPort.receive(mw_http_response) {
tc_ac.stop;
log("*** a_default: ERROR: Unexpected HTTP Response received ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
[PICS_MULTIPLE_END_POINT] httpAtPort.receive {
tc_ac.stop;
log("*** a_default: ERROR: Unexpected HTTP message received ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
} // End of altstep a_default_pki_http_at
} // End of group altsteps
} // End of module LibItsPki_Functions } // End of module LibItsPki_Functions
ttcn/Pki/LibItsPki_Pics.ttcn
View file @ cdcc7f0f
...@@ -15,11 +15,6 @@ module LibItsPki_Pics { ...@@ -15,11 +15,6 @@ module LibItsPki_Pics {
*/ */
modulepar boolean PICS_IUT_AA_ROLE := true; modulepar boolean PICS_IUT_AA_ROLE := true;
/**
* @desc Does the IUT act as combined EA-AA device?
*/
modulepar boolean PICS_IUT_COMBINED_EA_AA_ROLE := false;
/** /**
* @desc Does the IUT support enrolment? * @desc Does the IUT support enrolment?
*/ */
...@@ -70,6 +65,26 @@ module LibItsPki_Pics { ...@@ -70,6 +65,26 @@ module LibItsPki_Pics {
*/ */
modulepar charstring PICS_TS_AA_CERTIFICATE_ID := "CERT_AA"; modulepar charstring PICS_TS_AA_CERTIFICATE_ID := "CERT_AA";
/**
* @desc Set to true if different end points are used for EC and AT
*/
modulepar boolean PICS_MULTIPLE_END_POINT := false;
/**
* @desc End point for the enrolment
*/
modulepar charstring PICS_HEADER_HOST_EC := "www.its.ec.org";
/**
* @desc End point for the authorization validation
*/
modulepar charstring PICS_HEADER_HOST_ATV := "www.its.atv.org";
/**
* @desc End point for the authorization
*/
modulepar charstring PICS_HEADER_HOST_AT := "www.its.at.org";
/** /**
* @desc Certificate used by the Test System * @desc Certificate used by the Test System
*/ */
...@@ -80,6 +95,21 @@ module LibItsPki_Pics { ...@@ -80,6 +95,21 @@ module LibItsPki_Pics {
*/ */
modulepar boolean PICS_ITS_S_WITH_PRIVACY := true; modulepar boolean PICS_ITS_S_WITH_PRIVACY := true;
/**
* @desc HTTP POST URI for InnerECRequest
*/
modulepar charstring PICS_HTTP_POST_URI_EC := "/enrolment";
/**
* @desc HTTP POST URI for InnerATRequest
*/
modulepar charstring PICS_HTTP_POST_URI_AT := "/authorize";
/**
* @desc HTTP POST URI for authorization validation
*/
modulepar charstring PICS_HTTP_POST_URI_ATV := "/authorize_validate";
/** /**
* @desc Factory private key for verification Nist P256 * @desc Factory private key for verification Nist P256
*/ */
......
ttcn/Pki/LibItsPki_TestSystem.ttcn
View file @ cdcc7f0f
...@@ -59,12 +59,20 @@ module LibItsPki_TestSystem { ...@@ -59,12 +59,20 @@ module LibItsPki_TestSystem {
* @desc System component * @desc System component
*/ */
type component ItsPkiHttpSystem extends HttpTestAdapter{ type component ItsPkiHttpSystem extends HttpTestAdapter{
/** Use httPort when EC and AT are served by the same end point */
port HttpPort httpEcPort; /** Enrolment end point */
port HttpPort httpAtVPort; /** Authorization Validation end point */
port HttpPort httpAtPort; /** Authorization end point */
} // End of component ItsPkiHttpSystem } // End of component ItsPkiHttpSystem
/** /**
* @desc Test component for PKI entities execpt ITS-S * @desc Test component for PKI entities execpt ITS-S
*/ */
type component ItsPkiHttp extends ItsSecurityBaseComponent, HttpComponent { type component ItsPkiHttp extends ItsSecurityBaseComponent, HttpComponent {
/** Use httPort when EC and AT are served by the same end point */
port HttpPort httpEcPort; /** Enrolment end point */
port HttpPort httpAtVPort; /** Authorization Validation end point */
port HttpPort httpAtPort; /** Authorization end point */
var Certificate vc_eaCertificate; /** Test Adapter EA certificate */ var Certificate vc_eaCertificate; /** Test Adapter EA certificate */
var octetstring vc_eaPrivateKey; /** Test Adapter EA private key for signature */ var octetstring vc_eaPrivateKey; /** Test Adapter EA private key for signature */
// var Certificate vc_ecCertificate; /** Test Adapter AA certificate */ // var Certificate vc_ecCertificate; /** Test Adapter AA certificate */
......