Skip to content
GitLab
Projects
Groups
Topics
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
TTCN-3 Libraries
LibIts
Compare revisions
63ccaf6630a5e2f37f949f23cdeee2cfdbbe0f48...9c7f6e8cc5a2c56359f7732412d9c0c4977d93fa
Commits (1)
Implement Enrolment/Authorization simulator
· 9c7f6e8c
Yann Garcia
authored
Mar 26, 2020
9c7f6e8c
Hide whitespace changes
Inline
Side-by-side
ttcn/Pki/LibItsPki_Functions.ttcn
View file @
9c7f6e8c
...
...
@@ -1047,9 +1047,9 @@ module LibItsPki_Functions {
log
(
"f_http_build_inner_ec_response: p_inner_ec_response= "
,
p_inner_ec_response
);
v_msg
:=
bit2oct
(
encvalue
(
m_etsiTs102941Data_inner_ec_response
(
p_inner_ec_response
)));
v_nonce
:=
substr
(
f_hashWithSha256
(
int2oct
((
f_getCurrentTimeUtc
()
*
1000
),
16
)),
0
,
12
);
// Random value
// TODO Consider Sha384: m_signerIdentifier_digest(f_
H
ashedId8FromSha384(p_digest))
// TODO Consider Sha384: m_signerIdentifier_digest(f_
h
ashedId8FromSha384(p_digest))
if
(
f_build_pki_secured_response_message
(
p_private_key
,
valueof
(
m_signerIdentifier_digest
(
f_
H
ashedId8FromSha256
(
p_digest
))),
// in SignerIdentifier p_signer_identifier,
valueof
(
m_signerIdentifier_digest
(
f_
h
ashedId8FromSha256
(
p_digest
))),
// in SignerIdentifier p_signer_identifier,
v_msg
,
p_aes_sym_key
,
v_nonce
,
...
...
@@ -1364,9 +1364,9 @@ module LibItsPki_Functions {
log
(
"f_http_build_authorization_response: p_inner_at_response= "
,
p_inner_at_response
);
v_msg
:=
bit2oct
(
encvalue
(
m_etsiTs102941Data_inner_at_response
(
p_inner_at_response
)));
v_nonce
:=
substr
(
f_hashWithSha256
(
int2oct
((
f_getCurrentTimeUtc
()
*
1000
),
16
)),
0
,
12
);
// Random value
// TODO Consider Sha384: m_signerIdentifier_digest(f_
H
ashedId8FromSha384(p_digest))
// TODO Consider Sha384: m_signerIdentifier_digest(f_
h
ashedId8FromSha384(p_digest))
if
(
f_build_pki_secured_response_message
(
p_private_key
,
valueof
(
m_signerIdentifier_digest
(
f_
H
ashedId8FromSha256
(
p_digest
))),
// in SignerIdentifier p_signer_identifier,
valueof
(
m_signerIdentifier_digest
(
f_
h
ashedId8FromSha256
(
p_digest
))),
// in SignerIdentifier p_signer_identifier,
v_msg
,
p_aes_sym_key
,
v_nonce
,
...
...
@@ -1532,9 +1532,9 @@ module LibItsPki_Functions {
log
(
"f_http_build_authorization_validation_response: p_authorization_validation_response= "
,
p_authorization_validation_response
);
v_msg
:=
bit2oct
(
encvalue
(
p_authorization_validation_response
));
v_nonce
:=
substr
(
f_hashWithSha256
(
int2oct
((
f_getCurrentTimeUtc
()
*
1000
),
16
)),
0
,
12
);
// Random value
// TODO Consider Sha384: m_signerIdentifier_digest(f_
H
ashedId8FromSha384(p_digest))
// TODO Consider Sha384: m_signerIdentifier_digest(f_
h
ashedId8FromSha384(p_digest))
if
(
f_build_pki_secured_response_message
(
p_private_key
,
valueof
(
m_signerIdentifier_digest
(
f_
H
ashedId8FromSha256
(
p_digest
))),
// in SignerIdentifier p_signer_identifier,
valueof
(
m_signerIdentifier_digest
(
f_
h
ashedId8FromSha256
(
p_digest
))),
// in SignerIdentifier p_signer_identifier,
v_msg
,
p_aes_sym_key
,
v_nonce
,
...
...
@@ -1607,7 +1607,7 @@ module LibItsPki_Functions {
return
false
;
}
v_cert
:=
m_etsiTs103097Certificate
(
m_issuerIdentifier_sha256AndDigest
(
f_
H
ashedId8FromSha256
(
f_hashWithSha256
(
'616263'O
))),
m_issuerIdentifier_sha256AndDigest
(
f_
h
ashedId8FromSha256
(
f_hashWithSha256
(
'616263'O
))),
m_toBeSignedCertificate_at
(
v_appPermissions
,
m_verificationKeyIndicator_verificationKey
(
...
...
@@ -1668,7 +1668,7 @@ module LibItsPki_Functions {
log
(
">>> f_generate_ec_certificate_for_inner_ec_response"
);
v_issuer
:=
valueof
(
m_issuerIdentifier_sha256AndDigest
(
f_
H
ashedId8FromSha256
(
p_digest
)));
// TODO Check sha256/384 f_
H
ashedId8FromSha384
v_issuer
:=
valueof
(
m_issuerIdentifier_sha256AndDigest
(
f_
h
ashedId8FromSha256
(
p_digest
)));
// TODO Check sha256/384 f_
h
ashedId8FromSha384
v_cert
:=
valueof
(
m_etsiTs103097Certificate
(
v_issuer
,
...
...
@@ -1740,7 +1740,7 @@ module LibItsPki_Functions {
var
bitstring
v_tbs
;
var
octetstring
v_sig
;
v_issuer
:=
valueof
(
m_issuerIdentifier_sha256AndDigest
(
f_
H
ashedId8FromSha256
(
p_digest
)));
// TODO Check sha256/384 f_
H
ashedId8FromSha384
v_issuer
:=
valueof
(
m_issuerIdentifier_sha256AndDigest
(
f_
h
ashedId8FromSha256
(
p_digest
)));
// TODO Check sha256/384 f_
h
ashedId8FromSha384
v_cert
:=
valueof
(
m_etsiTs103097Certificate
(
v_issuer
,
...
...
@@ -1813,7 +1813,7 @@ module LibItsPki_Functions {
log
(
">>> f_generate_at_certificate_for_authorization_response"
);
v_issuer
:=
valueof
(
m_issuerIdentifier_sha256AndDigest
(
f_
H
ashedId8FromSha256
(
p_digest
)));
// TODO Check sha256/384 f_
H
ashedId8FromSha384
v_issuer
:=
valueof
(
m_issuerIdentifier_sha256AndDigest
(
f_
h
ashedId8FromSha256
(
p_digest
)));
// TODO Check sha256/384 f_
h
ashedId8FromSha384
v_cert
:=
valueof
(
m_etsiTs103097Certificate
(
v_issuer
,
...
...
@@ -1927,8 +1927,7 @@ module LibItsPki_Functions {
m_publicKeys
(
v_public_verification_key
),
m_certificateSubjectAttributes_id_omit
/*FIXME No name*/
(
/*oct2char(PICS_ITS_S_CANONICAL_ID),*/
m_certificateSubjectAttributes_id_none
/*FIXME No name*/
(
{
// ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof
(
m_appPermissions
(
c_its_aid_SCR
,
{
bitmapSsp
:=
PX_INNER_EC_CERTFICATE_BITMAP_SSP_SCR
}))
},
...
...
@@ -2299,10 +2298,10 @@ module LibItsPki_Functions {
v_enc_value
:=
encvalue
(
p_ec_certificate
);
if
(
ischosen
(
p_ec_certificate
.
toBeSigned
.
verifyKeyIndicator
.
verificationKey
.
ecdsaBrainpoolP384r1
))
{
v_ec_hash
:=
f_hashWithSha384
(
bit2oct
(
v_enc_value
));
v_ec_hashed_id8
:=
f_
H
ashedId8FromSha384
(
v_ec_hash
);
v_ec_hashed_id8
:=
f_
h
ashedId8FromSha384
(
v_ec_hash
);
}
else
{
v_ec_hash
:=
f_hashWithSha256
(
bit2oct
(
v_enc_value
));
v_ec_hashed_id8
:=
f_
H
ashedId8FromSha256
(
v_ec_hash
);
v_ec_hashed_id8
:=
f_
h
ashedId8FromSha256
(
v_ec_hash
);
}
log
(
"f_generate_inner_at_request: v_ec_hash= "
,
v_ec_hash
);
...
...
@@ -2605,10 +2604,10 @@ module LibItsPki_Functions {
v_enc_value
:=
encvalue
(
p_ec_certificate
);
if
(
ischosen
(
p_ec_certificate
.
issuer
.
sha256AndDigest
))
{
v_ec_hash
:=
f_hashWithSha256
(
bit2oct
(
v_enc_value
));
v_ec_hashed_id8
:=
f_
H
ashedId8FromSha256
(
v_ec_hash
);
v_ec_hashed_id8
:=
f_
h
ashedId8FromSha256
(
v_ec_hash
);
}
else
{
v_ec_hash
:=
f_hashWithSha384
(
bit2oct
(
v_enc_value
));
v_ec_hashed_id8
:=
f_
H
ashedId8FromSha384
(
v_ec_hash
);
v_ec_hashed_id8
:=
f_
h
ashedId8FromSha384
(
v_ec_hash
);
}
log
(
"f_generate_inner_at_request_with_wrong_parameters: v_ec_hash= "
,
v_ec_hash
);
log
(
"f_generate_inner_at_request_with_wrong_parameters: v_ec_hashed_id8= "
,
v_ec_hashed_id8
);
...
...
@@ -3207,7 +3206,7 @@ module LibItsPki_Functions {
log
(
">>> f_await_http_inner_ec_request_response: p_strict_checks="
,
p_strict_checks
);
f_http_build_inner_ec_request
(
p_private_key
,
p_compressed_public_key
,
p_compressed_mode
,
v_aes_sym_key
,
v_encrypted_sym_key
,
v_authentication_vector
,
v_nonce
,
v_salt
,
v_ieee1609dot2_signed_and_encrypted_data
,
v_request_hash
);
v_aes_sym_key_hashed_id8
:=
f_
H
ashedId8FromSha256
(
f_hashWithSha256
(
'
80
'
O
&
v_aes_sym_key
));
// Used to macth the response
v_aes_sym_key_hashed_id8
:=
f_
h
ashedId8FromSha256
(
f_hashWithSha256
(
'
80
'
O
&
v_aes_sym_key
));
// Used to macth the response
f_init_default_headers_list
(
-
,
"inner_ec_request"
,
v_headers
);
f_http_send
(
v_headers
,
...
...
@@ -3482,7 +3481,7 @@ module LibItsPki_Functions {
log
(
"f_build_pki_secured_request_message_signed_with_pop: p_recipientId= "
,
p_recipientId
);
if
(
p_recipientId
==
int2oct
(
0
,
8
))
{
log
(
"f_build_pki_secured_request_message_signed_with_pop: f_hashWithSha256(v_encrypted_sym_key)= "
,
f_hashWithSha256
(
p_encrypted_sym_key
));
v_recipientId
:=
f_
H
ashedId8FromSha256
(
f_hashWithSha256
(
p_encrypted_sym_key
));
v_recipientId
:=
f_
h
ashedId8FromSha256
(
f_hashWithSha256
(
p_encrypted_sym_key
));
}
else
{
v_recipientId
:=
p_recipientId
;
}
...
...
@@ -3601,7 +3600,7 @@ module LibItsPki_Functions {
log
(
"f_build_pki_secured_request_message: p_recipientId= "
,
p_recipientId
);
if
(
p_recipientId
==
int2oct
(
0
,
8
))
{
log
(
"f_build_pki_secured_request_message: f_hashWithSha256(v_encrypted_sym_key)= "
,
f_hashWithSha256
(
p_encrypted_sym_key
));
v_recipientId
:=
f_
H
ashedId8FromSha256
(
f_hashWithSha256
(
p_encrypted_sym_key
));
v_recipientId
:=
f_
h
ashedId8FromSha256
(
f_hashWithSha256
(
p_encrypted_sym_key
));
}
else
{
v_recipientId
:=
p_recipientId
;
}
...
...
@@ -3712,7 +3711,7 @@ module LibItsPki_Functions {
log
(
"f_build_pki_secured_request_message_for_authorization: p_recipientId= "
,
p_recipientId
);
if
(
p_recipientId
==
int2oct
(
0
,
8
))
{
log
(
"f_build_pki_secured_request_message_for_authorization: f_hashWithSha256(v_encrypted_sym_key)= "
,
f_hashWithSha256
(
p_encrypted_sym_key
));
v_recipientId
:=
f_
H
ashedId8FromSha256
(
f_hashWithSha256
(
p_encrypted_sym_key
));
v_recipientId
:=
f_
h
ashedId8FromSha256
(
f_hashWithSha256
(
p_encrypted_sym_key
));
}
else
{
v_recipientId
:=
p_recipientId
;
}
...
...
@@ -3836,7 +3835,7 @@ module LibItsPki_Functions {
// Encode EtsiTs103097Data-Signed data structure
v_encoded_inner_ec_response
:=
bit2oct
(
encvalue
(
v_ieee1609dot2_signed_data
));
v_encrypted_inner_ec_response
:=
fx_encrypt_aes_128_ccm_test
(
p_aes_sym_key
,
p_nonce
,
v_encoded_inner_ec_response
);
v_recipientId
:=
f_
H
ashedId8FromSha256
(
f_hashWithSha256
(
p_aes_sym_key
));
v_recipientId
:=
f_
h
ashedId8FromSha256
(
f_hashWithSha256
(
p_aes_sym_key
));
log
(
"v_recipientId= "
,
v_recipientId
);
// Fill Certificate template with the public compressed keys (canonical form)
p_ieee1609dot2_signed_and_encrypted_data
:=
valueof
(
...
...
@@ -3962,7 +3961,7 @@ module LibItsPki_Functions {
}
//return false;
}
else
{
if
(
f_getCertificateFromDigest
(
f_
H
ashedId8FromSha256
(
p_issuer
),
v_certificate
,
v_certificate_id
)
==
false
)
{
if
(
f_getCertificateFromDigest
(
f_
h
ashedId8FromSha256
(
p_issuer
),
v_certificate
,
v_certificate_id
)
==
false
)
{
if
(
p_check_security
==
true
)
{
return
false
;
}
...
...
@@ -4112,7 +4111,7 @@ module LibItsPki_Functions {
v_encoded_cert
:=
encvalue
(
p_ec_certificate
);
v_ec_cert_hash
:=
f_hashWithSha256
(
bit2oct
(
v_encoded_cert
));
log
(
"f_verify_ec_certificate: ==> EC certificate Hash: "
,
v_ec_cert_hash
);
v_ec_cert_hashed_id8
:=
f_
H
ashedId8FromSha256
(
v_ec_cert_hash
);
v_ec_cert_hashed_id8
:=
f_
h
ashedId8FromSha256
(
v_ec_cert_hash
);
log
(
"f_verify_ec_certificate: ==> EC certificate HashedId8: "
,
v_ec_cert_hashed_id8
);
// Check the signer
...
...
@@ -4157,7 +4156,7 @@ module LibItsPki_Functions {
// Calculate the HashedId8 of the whole certificate
v_encoded_cert
:=
encvalue
(
p_at_certificate
);
v_at_cert_hashed_id8
:=
f_
H
ashedId8FromSha256
(
f_hashWithSha256
(
bit2oct
(
v_encoded_cert
)));
v_at_cert_hashed_id8
:=
f_
h
ashedId8FromSha256
(
f_hashWithSha256
(
bit2oct
(
v_encoded_cert
)));
log
(
"f_verify_at_certificate: EC certificate HashedId8: "
,
v_at_cert_hashed_id8
);
// Check the signer
...
...
ttcn/Pki/LibItsPki_TestSystem.ttcn
View file @
9c7f6e8c
...
...
@@ -81,13 +81,13 @@ module LibItsPki_TestSystem {
var
octetstring
vc_eaPrivateKey
;
/** Test Adapter EA private key for signature */
var
octetstring
vc_eaPrivateEncKey
;
/** Test Adapter EA private key for encryption */
var
octetstring
vc_eaWholeHash
;
/** Test Adapter EA whole-hash for signature check */
var
octetstring
vc_eaWholeHash256
;
/** Test Adapter EA whole-hash using SHA 256 for encryption because of encryption key size ==32 */
var
octetstring
vc_eaWholeHash256
;
/** Test Adapter EA whole-hash using SHA 256 for encryption because of encryption key size ==
32 */
var
HashedId8
vc_eaHashedId8
;
/** Test Adapter EA HashedId8 for decryption of IUT's response */
var
octetstring
vc_aaPrivateKey
;
/** Test Adapter AA private key for signature */
var
octetstring
vc_aaPrivateEncKey
;
/** Test Adapter AA private key for encryption */
var
HashedId8
vc_aaHashedId8
;
/** Test Adapter AA HashedId8 for decryption of IUT's response */
var
octetstring
vc_aaWholeHash
;
/** Test Adapter AA whole-hash for signature check */
var
octetstring
vc_aaWholeHash256
;
/** Test Adapter
E
A whole-hash using SHA 256 for encryption because of encryption key size ==32 */
var
octetstring
vc_aaWholeHash256
;
/** Test Adapter
A
A whole-hash using SHA 256 for encryption because of encryption key size ==
32 */
}
// End of component ItsPkiHttp
/**
...
...
ttcn/Security/LibItsSecurity_Functions.ttcn
View file @
9c7f6e8c
...
...
@@ -406,11 +406,11 @@ module LibItsSecurity_Functions {
* @return The HashedId8 value
* @verdict
*/
function
f_
H
ashedId8FromSha256
(
function
f_
h
ashedId8FromSha256
(
in
Oct32
p_hash
)
return
HashedId8
{
return
substr
(
p_hash
,
lengthof
(
p_hash
)
-
8
,
8
);
}
// End of function f_
H
ashedId8FromSha256
}
// End of function f_
h
ashedId8FromSha256
/**
* @desc Compute the HashedId8 value from the hash value
...
...
@@ -418,11 +418,11 @@ module LibItsSecurity_Functions {
* @return The HashedId8 value
* @verdict
*/
function
f_
H
ashedId8FromSha384
(
function
f_
h
ashedId8FromSha384
(
in
Oct48
p_hash
)
return
HashedId8
{
return
substr
(
p_hash
,
lengthof
(
p_hash
)
-
8
,
8
);
}
// End of function f_
H
ashedId8FromSha384
}
// End of function f_
h
ashedId8FromSha384
/**
* @desc Compute the HashedId3 value from the HashedId8 value
...
...
@@ -430,11 +430,11 @@ module LibItsSecurity_Functions {
* @return The HashedId3 value
* @verdict Unchanged
*/
function
f_
H
ashedId3FromHashedId8
(
function
f_
h
ashedId3FromHashedId8
(
in
HashedId8
p_hashedId8
)
return
HashedId3
{
return
substr
(
p_hashedId8
,
lengthof
(
p_hashedId8
)
-
3
,
3
);
}
// End of function f_
H
ashedId3FromHashedId8
}
// End of function f_
h
ashedId3FromHashedId8
/**
* @desc Verify the signature of the specified data
...
...