Commits (2)
/**
* @author ETSI / STF544
* @version $URL$
* $Id$
* @desc Module containing functions for ITS PKI ATS
* @copyright ETSI Copyright Notification
* No part may be reproduced except as authorized by written permission.
* The copyright and the foregoing restriction extend to reproduction in all media.
* All rights reserved.
*
*/
module LibItsPki_Functions {
// LibCommon
import from LibCommon_Time all;
import from LibCommon_VerdictControl all;
import from LibCommon_Sync all;
import from LibCommon_BasicTypesAndValues all;
import from LibCommon_DataStrings all;
// LibIts
import from IEEE1609dot2BaseTypes language "ASN.1:1997" all;
import from IEEE1609dot2 language "ASN.1:1997" all;
import from EtsiTs102941BaseTypes language "ASN.1:1997" all;
import from EtsiTs102941TypesEnrolment language "ASN.1:1997" all;
import from EtsiTs102941MessagesItss language "ASN.1:1997" all;
import from EtsiTs103097Module language "ASN.1:1997" all;
import from ITS_Container language "ASN.1:1997" all;
import from CAM_PDU_Descriptions language "ASN.1:1997" all;
// LibItsCommon
import from LibItsCommon_TestSystem all;
import from LibItsCommon_Functions all;
import from LibItsCommon_ASN1_NamedNumbers all;
import from LibItsCommon_Pixits all;
// LibItsSecurity
import from LibItsSecurity_TypesAndValues all;
import from LibItsSecurity_Templates all;
import from LibItsSecurity_Functions all;
import from LibItsSecurity_Pixits all;
// LibItsHttp
import from LibItsHttp_TypesAndValues all;
import from LibItsHttp_TestSystem all;
// LibItsPki
import from LibItsPki_Templates all;
import from LibItsPki_TestSystem all;
group pkiConfigurationFunctions {
/**
* @desc Setups default configuration
* @param p_certificateId The certificate identifier the TA shall use in case of secured IUT
*/
function f_cfUp(
in charstring p_certificateId := "CERT_TS_A_EA" // TODO Use a constant
) runs on ItsPki /* TITAN TODO: system ItsPkiSystem */ {
map(self:pkiPort, system:pkiPort);
f_connect4SelfOrClientSync();
if( not f_loadCertificates(PX_IUT_SEC_CONFIG_NAME) ) {
log("*** INFO: TEST CASE NOW STOPPING ITSELF! ***");
stop;
}
f_prepareCertificates(p_certificateId, vc_aaCertificate, vc_atCertificate);
f_readCertificate(p_certificateId, vc_eaCertificate);
} // End of function f_cfUp
/**
* @desc Setups default configuration
* @param p_certificateId The certificate identifier the TA shall use in case of secured IUT
*/
function f_cfHttpUp(
in charstring p_certificateId := "CERT_TS_A_EA" // TODO Use a constant
) runs on ItsPkiHttp /* TITAN TODO: system ItsPkiHttpSystem */ {
map(self:httpPort, system:httpPort);
f_connect4SelfOrClientSync();
if( not f_loadCertificates(PX_IUT_SEC_CONFIG_NAME) ) {
log("*** INFO: TEST CASE NOW STOPPING ITSELF! ***");
stop;
}
f_prepareCertificates(p_certificateId, vc_aaCertificate, vc_atCertificate);
f_readCertificate(p_certificateId, vc_eaCertificate);
} // End of function f_cfHttpUp
/**
* @desc Deletes default configuration
*/
function f_cfDown() runs on ItsPki /* TITAN TODO: system ItsPkiSystem */ {
unmap(self:pkiPort, system:pkiPort);
f_disconnect4SelfOrClientSync();
} // End of function f_cfDown
/**
* @desc Deletes default configuration
*/
function f_cfHttpDown() runs on ItsPkiHttp /* TITAN TODO: system ItsPkiHttpSystem */ {
unmap(self:httpPort, system:httpPort);
f_disconnect4SelfOrClientSync();
} // End of function f_cfHttpDown
/**
* @desc Initialise secure mode if required
*/
function f_initialiseSecuredMode() runs on ItsPki {
// Local variables
// Load certificates
if( not f_loadCertificates(PX_IUT_SEC_CONFIG_NAME) ) {
log("*** INFO: TEST CASE NOW STOPPING ITSELF! ***");
stop;
}
} // End of function f_initialiseSecuredMode()
function f_uninitialiseSecuredMode() runs on ItsPki {
f_unloadCertificates();
} // End of function f_uninitialiseSecuredMode()
} // End of pkiConfigurationFunctions
group inner_ec_xxx {
function f_generate_innerEcRequestSignedForPop(
out Oct32 p_private_key,
out Oct32 p_publicKeyX,
out Oct32 p_publicKeyY,
out Oct32 p_publicKeyCompressed,
out integer p_compressedMode,
out InnerEcRequest p_inner_ec_request
) return boolean {
// Local variables
var template (value) EccP256CurvePoint v_eccP256_curve_point;
// Generate keys for the certificate to be requested
if (f_generate_key_pair_nistp256(p_private_key, p_publicKeyX, p_publicKeyY, p_publicKeyCompressed, p_compressedMode) == false) {
return false;
}
log("p_private_key = ", p_private_key);
log("p_public_key X= ", p_publicKeyX);
log("p_public_key Y= ", p_publicKeyY);
log("p_public_key compressed= ", p_publicKeyCompressed, p_compressedMode);
if (p_compressedMode == 0) {
v_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_0(p_publicKeyCompressed);
} else {
v_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_1(p_publicKeyCompressed);
}
// Build the Proof of Possession InnerEcRequestSignedForPop
p_inner_ec_request := valueof(
m_innerEcRequest(
"CanonicalItsId",
m_publicKeys(
m_publicVerificationKey_ecdsaNistP256(v_eccP256_curve_point),
m_encryptionKey(
-,
m_publicEncryptionKey_ecdsaNistP256(v_eccP256_curve_point)
)
),
m_certificateSubjectAttributes(
{ // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof(m_appPermissions(36, { bitmapSsp := '830001'O })),
valueof(m_appPermissions(37, { bitmapSsp := '830001'O }))
},
m_validityPeriod(
17469212,
m_duration_years(10)
),
m_geographicRegion_identifiedRegion(
{
m_identifiedRegion_country_only(12),
m_identifiedRegion_country_only(34)
}
),
'C0'O
)
)
);
return true;
} // End of function f_generate_innerEcRequestSignedForPop
function f_buildPkiSecuredinnerEcRequestSignedForPop(
in Oct32 p_private_key,
in Oct32 p_publicKeyCompressed,
in integer p_compressedMode,
in InnerEcRequest p_inner_ec_request,
out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data
) return boolean {
// Local variables
var template (value) EccP256CurvePoint v_eccP256_curve_point;
var octetstring v_encoded_inner_ec_request;
var template (value) ToBeSignedData v_tbs;
var Oct32 v_tbs_signed;
var template (value) Ieee1609Dot2Data v_ieee1609dot2_signed_data;
var Oct12 v_nonce;
var Oct16 v_authentication_vector;
var Oct16 v_encrypted_sym_key;
var Oct32 v_publicEphemeralKeyCompressed;
var integer v_ephemeralKeyModeCompressed;
var HashedId8 v_recipientId;
var octetstring v_encrypted_inner_ec_request;
// Encode it
v_encoded_inner_ec_request := bit2oct(encvalue(p_inner_ec_request));
// Signed the encoded InnerEcRequestSignedForPop
v_tbs := m_toBeSignedData(
m_signedDataPayload(
m_etsiTs103097Data_unsecured(v_encoded_inner_ec_request)
),
m_headerInfo_inner_ec_request(12345, f_getCurrentTime()) // TODO Use PIXIT
);
// Signed the encoded InnerEcRequestSignedForPop
v_tbs_signed := fx_signWithEcdsaNistp256WithSha256(bit2oct(encvalue(v_tbs)), int2oct(0, 32), p_private_key); // TODO Use wrapping function
// Finalyse signed InnerEcRequestSignedForPop
v_ieee1609dot2_signed_data := m_etsiTs103097Data_signed(
m_signedData(
sha256,
v_tbs,
m_signerIdentifier_self,
m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_tbs_signed, 0, 32)
),
substr(v_tbs_signed, 32, 32)
)
)
)
);
// Encode InnerEcRequestSignedForPop
v_encoded_inner_ec_request := bit2oct(encvalue(v_ieee1609dot2_signed_data));
// Encrypt the encoded signed InnerEcRequestSignedForPop
v_encrypted_inner_ec_request := f_encryptWithEciesNistp256WithSha256(v_encoded_inner_ec_request, p_publicKeyCompressed, p_compressedMode, v_publicEphemeralKeyCompressed, v_ephemeralKeyModeCompressed, v_encrypted_sym_key, v_authentication_vector, v_nonce);
v_recipientId := f_HashedId8FromSha256(f_hashWithSha256(v_encrypted_inner_ec_request)); // IEEE Std 1609.2a-2017 Clause 6.3.34 PKRecipientInfo
// Fill Certificate template with the public compressed keys (canonical form)
if (v_ephemeralKeyModeCompressed == 0) {
v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_0(v_publicEphemeralKeyCompressed));
} else {
v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_1(v_publicEphemeralKeyCompressed));
}
p_ieee1609dot2_signed_and_encrypted_data := valueof(
m_etsiTs103097Data_encrypted(
m_encryptedData(
{
m_recipientInfo_signedDataRecipInfo(
m_pKRecipientInfo(
v_recipientId,
m_encryptedDataEncryptionKey_eciesNistP256(
m_evciesP256EncryptedKey(
v_eccP256_curve_point,
v_encrypted_sym_key,
v_authentication_vector
))))
},
m_SymmetricCiphertext_aes128ccm(
m_aesCcmCiphertext(
v_nonce,
v_encrypted_inner_ec_request
)
)
)
)
);
return true;
} // End of function f_buildPkiSecuredinnerEcRequestSignedForPop
} // End of group inner_ec_xxx
} // End of module LibItsPki_Functions
......@@ -587,6 +587,15 @@ module LibItsSecurity_Functions {
out Oct32 p_publicKeyCompressed,
out integer p_compressedMode
) return boolean {
if (PICS_SEC_FIXED_KEYS) {
p_privateKey := 'F8EB15C001A03623A5B5E44D73869621877710712A498C98FF9E60EE10F390F8'O;
p_publicKeyX := '7029A9B20D22AE37B1344B7FCC2322C8F1E5ECE09C39CC289E500A9487298B9B'O;
p_publicKeyY := 'F9EFA8BCC4129BC43B640566A59AE5CED7106BBA76E5DC828AF37D315634D3DC'O;
p_publicKeyCompressed := '7029A9B20D22AE37B1344B7FCC2322C8F1E5ECE09C39CC289E500A9487298B9B'O;
p_compressedMode := 0;
return true;
}
return fx_generateKeyPair_nistp256(p_privateKey, p_publicKeyX, p_publicKeyY, p_publicKeyCompressed, p_compressedMode);
}
......@@ -2359,9 +2368,6 @@ module LibItsSecurity_Functions {
*/
external function fx_signWithEcdsaNistp256WithSha256(in octetstring p_toBeSignedSecuredMessage, in Oct32 p_certificateIssuer, in Oct32 p_privateKey) return octetstring;
external function fx_signWithEcdsaNistp256WithSha256_1(in octetstring p_toBeSignedSecuredMessage, in EccP256CurvePoint p_curve_point, in Oct32 p_privateKey) return octetstring;
external function fx_signWithEcdsaBrainpoolp256WithSha256_1(in octetstring p_toBeSignedSecuredMessage, in EccP256CurvePoint p_curve_point, in Oct32 p_privateKey) return octetstring;
/**
* @desc Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature
* @param p_toBeSignedSecuredMessage The data to be signed
......
......@@ -98,5 +98,11 @@ module LibItsSecurity_Pics {
* Does the IUT support encryption data?
*/
modulepar boolean PICS_SEC_ENCRYPTION_SUPPORT := true;
/**
* @desc Generate fixed private/public keys.
Used for debug only
*/
modulepar boolean PICS_SEC_FIXED_KEYS := false;
} // End of module LibItsSecurity_Pics
\ No newline at end of file
} // End of module LibItsSecurity_Pics