Skip to content
GitLab
Commits (1)
Show whitespace changes
Inline Side-by-side
ttcn/Pki/LibItsPki_Functions.ttcn
View file @ b90de034
......@@ -110,8 +110,12 @@ module LibItsPki_Functions {
// Setup AA certificate shared with PKI AA entity
f_readCertificate(p_aa_certificate_id, vc_aaCertificate);
f_readSigningKey(p_ea_certificate_id, vc_aaPrivateKey); // TODO To be removed
f_readEncryptingKey(p_ea_certificate_id, vc_aaPrivateEncKey);
f_getCertificateDigest(p_aa_certificate_id, vc_aaHashedId8);
f_getCertificateHash(p_aa_certificate_id, vc_aaWholeHash);
log("f_cfHttpUp: vc_aaPrivateKey= ", vc_aaPrivateKey);
log("f_cfHttpUp: vc_aaPrivateEncKey= ", vc_aaPrivateEncKey);
log("f_cfHttpUp: vc_aaHashedId8= ", vc_aaHashedId8);
log("f_cfHttpUp: vc_aaWholeHash= ", vc_aaWholeHash);
......@@ -417,6 +421,54 @@ module LibItsPki_Functions {
return v_ret;
} // End of function f_verifyEcdsa
function f_http_send(
in HeaderLines p_headers,
in template (value) HttpMessage p_http_message
) runs on ItsPkiHttp {
if (not(PICS_MULTIPLE_END_POINT)) {
httpPort.send(p_http_message);
} else {
var charstring_list v_content_text;
f_get_header(p_headers, c_header_content_text, v_content_text);
if (not(isvalue(v_content_text))) {
log("f_http_send: Failed to send message: header not found: ", c_header_content_text);
return;
}
if (v_content_text == { "inner_ec_request" }) {
log("f_http_send: Send on EC end point");
f_set_headers_list({ c_header_host }, { PICS_HEADER_HOST_EC }, p_headers);
if (ischosen(p_http_message.request)) {
p_http_message.request.header := p_headers;
} else {
p_http_message.response.header := p_headers;
}
httpEcPort.send(p_http_message);
} else if (v_content_text == { "inner_atv_request" }) {
log("f_http_send: Send on ATV end point");
f_set_headers_list({ c_header_host }, { PICS_HEADER_HOST_ATV }, p_headers);
if (ischosen(p_http_message.request)) {
p_http_message.request.header := p_headers;
} else {
p_http_message.response.header := p_headers;
}
httpAtVPort.send(p_http_message);
} else if (v_content_text == { "inner_at_request" }) {
log("f_http_send: Send on AT end point");
f_set_headers_list({ c_header_host }, { PICS_HEADER_HOST_AT }, p_headers);
if (ischosen(p_http_message.request)) {
p_http_message.request.header := p_headers;
} else {
p_http_message.response.header := p_headers;
}
httpAtPort.send(p_http_message);
} else {
log("f_http_send: Invalid header value: ", v_content_text);
}
}
} // End of function f_http_send
} // End of group helpers
group http { // TODO Split into EnnerEc, Authorization & AuthorizationValidation
......@@ -551,6 +603,7 @@ module LibItsPki_Functions {
in octetstring p_private_key := ''O,
in octetstring p_digest := ''O,
in Oct16 p_aes_sym_key,
out InnerEcResponse p_inner_ec_response,
out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data
) return boolean {
// Local variables
......@@ -558,7 +611,6 @@ module LibItsPki_Functions {
var octetstring v_msg;
var Oct12 v_nonce;
var Ieee1609Dot2Data v_ieee1609dot2_signed_data;
var InnerEcResponse v_inner_ec_response;
var EtsiTs103097Certificate v_ec_certificate;
var boolean p_result := false;
......@@ -571,7 +623,7 @@ module LibItsPki_Functions {
// Check expectred response
if (p_responseCode != ok) {
v_inner_ec_response := valueof(
p_inner_ec_response := valueof(
m_innerEcResponse_ko(
p_request_hash,
p_responseCode
......@@ -582,14 +634,14 @@ module LibItsPki_Functions {
// Generate the certificate
if (f_generate_ec_certificate_for_inner_ec_response(p_inner_ec_request, p_private_key, p_digest, v_ec_certificate) == false) {
log("f_http_build_inner_ec_response: Failed to generate the certificate");
v_inner_ec_response := valueof(
p_inner_ec_response := valueof(
m_innerEcResponse_ko(
p_request_hash,
incompleterequest
)
);
} else {
v_inner_ec_response := valueof(
p_inner_ec_response := valueof(
m_innerEcResponse_ok(
p_request_hash,
v_ec_certificate
......@@ -599,8 +651,8 @@ module LibItsPki_Functions {
}
// Secure the response
log("f_http_build_inner_ec_response: v_inner_ec_response= ", v_inner_ec_response);
v_msg := bit2oct(encvalue(v_inner_ec_response));
log("f_http_build_inner_ec_response: p_inner_ec_response= ", p_inner_ec_response);
v_msg := bit2oct(encvalue(p_inner_ec_response));
v_nonce := int2oct(f_getCurrentTime(), 32); // Random value
// TODO Consider Sha384: m_signerIdentifier_digest(f_HashedId8FromSha384(p_digest))
if (f_build_pki_secured_response_message(p_private_key,
......@@ -611,7 +663,7 @@ module LibItsPki_Functions {
p_ieee1609dot2_signed_and_encrypted_data
) == false) {
log("f_http_build_inner_ec_response: Failed to generate the certificate");
v_inner_ec_response := valueof(
p_inner_ec_response := valueof(
m_innerEcResponse_ko(
p_request_hash,
deniedrequest
......@@ -1506,54 +1558,6 @@ module LibItsPki_Functions {
group awaiting_messages {
function f_http_send(
in HeaderLines p_headers,
in template (value) HttpMessage p_http_message
) runs on ItsPkiHttp {
if (not(PICS_MULTIPLE_END_POINT)) {
httpPort.send(p_http_message);
} else {
var charstring_list v_content_text;
f_get_header(p_headers, c_header_content_text, v_content_text);
if (not(isvalue(v_content_text))) {
log("f_http_send: Failed to send message: header not found: ", c_header_content_text);
return;
}
if (v_content_text == { "inner_ec_request" }) {
log("f_http_send: Send on EC end point");
f_set_headers_list({ c_header_host }, { PICS_HEADER_HOST_EC }, p_headers);
if (ischosen(p_http_message.request)) {
p_http_message.request.header := p_headers;
} else {
p_http_message.response.header := p_headers;
}
httpEcPort.send(p_http_message);
} else if (v_content_text == { "inner_atv_request" }) {
log("f_http_send: Send on ATV end point");
f_set_headers_list({ c_header_host }, { PICS_HEADER_HOST_ATV }, p_headers);
if (ischosen(p_http_message.request)) {
p_http_message.request.header := p_headers;
} else {
p_http_message.response.header := p_headers;
}
httpAtVPort.send(p_http_message);
} else if (v_content_text == { "inner_at_request" }) {
log("f_http_send: Send on AT end point");
f_set_headers_list({ c_header_host }, { PICS_HEADER_HOST_AT }, p_headers);
if (ischosen(p_http_message.request)) {
p_http_message.request.header := p_headers;
} else {
p_http_message.response.header := p_headers;
}
httpAtPort.send(p_http_message);
} else {
log("f_http_send: Invalid header value: ", v_content_text);
}
}
} // End of function f_http_send
function f_await_http_inner_ec_request_response(
out Oct32 p_private_key,
out Oct32 p_compressed_public_key,
......@@ -1586,6 +1590,7 @@ module LibItsPki_Functions {
)))));
tc_ac.start;
alt {
// TODO Create a a_await_at_http_request_from_iut(
[not(PICS_MULTIPLE_END_POINT)] httpPort.receive(
mw_http_response(
mw_http_response_ok(
......@@ -1660,6 +1665,78 @@ module LibItsPki_Functions {
return false;
} // End of function f_await_http_inner_ec_request_response
function f_await_ec_request_send_response(
out InnerEcResponse p_inner_ec_response
) runs on ItsPkiHttp return boolean {
var HttpMessage v_request;
var boolean v_result := false;
log(">>> f_await_ec_request_send_response");
tc_ac.start;
alt {
[] a_await_at_http_response_from_iut(
mw_http_request(
mw_http_request_post(
PICS_HTTP_POST_URI_EC,
-,
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentRequestMessage(
mw_encryptedData(
-,
mw_SymmetricCiphertext_aes128ccm
)))))),
v_request
) {
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var EtsiTs102941Data v_etsi_ts_102941_data;
var Oct16 v_request_hash;
var Oct16 v_aes_enc_key;
var InnerEcRequest v_inner_ec_request;
var template (value) HttpMessage v_response;
var HeaderLines v_headers;
tc_ac.stop;
f_init_default_headers_list(-, "inner_ec_response", v_headers);
if (f_verify_pki_request_message(vc_eaPrivateEncKey, vc_eaWholeHash/*salt*/, vc_eaWholeHash, v_request.request.body.binary_body.ieee1609dot2_data, false, v_request_hash, v_etsi_ts_102941_data, v_aes_enc_key) == false) { // Cannot decrypt the message
log("f_await_ec_request_send_response: Failed to verify PKI message ***");
// Send error message
v_response := m_http_response(m_http_response_ko(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), v_headers, 400, "Bad request")); // Initialize v_reponse with an error message
} else {
log("f_await_ec_request_send_response: Receive ", v_etsi_ts_102941_data, " ***");
if (f_verify_inner_ec_request_signed_for_pop(v_etsi_ts_102941_data, v_inner_ec_request) == false) {
log("f_await_ec_request_send_response: Failed to verify PKI message ***");
// Send error message
f_http_build_inner_ec_response(v_inner_ec_request/*Not required*/, cantparse, v_request_hash, -, -, v_aes_enc_key, p_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), v_headers));
} else {
f_http_build_inner_ec_response(v_inner_ec_request, ok, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, p_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), v_headers));
v_result := true;
}
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_EC,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
}
}
[] tc_ac.timeout {
log("f_await_ec_request_send_response: Expected message not received ***");
}
} // End of 'alt' statement
return v_result;
} // End of function f_await_ec_request_send_response
} // End of group awaiting_messages
group pki_functions {
......
ttcn/Pki/LibItsPki_TestSystem.ttcn
View file @ b90de034
......@@ -75,16 +75,13 @@ module LibItsPki_TestSystem {
port HttpPort httpAtPort; /** Authorization end point */
var Certificate vc_eaCertificate; /** Test Adapter EA certificate */
var octetstring vc_eaPrivateKey; /** Test Adapter EA private key for signature */
// var Certificate vc_ecCertificate; /** Test Adapter AA certificate */
// var octetstring vc_ecPrivateKey; /** Test Adapter AA private key for signature */
var octetstring vc_eaPrivateEncKey; /** Test Adapter EA private key for encryption */
var octetstring vc_eaWholeHash; /** Test Adapter EA whole-hash for signature check */
var HashedId8 vc_eaHashedId8; /** Test Adapter EA HashedId8 for decryption of IUT's response */
var octetstring vc_eaWholeHash; /** TS EA whole-hash for signature check */
var octetstring vc_aaPrivateKey; /** Test Adapter AA private key for signature */
var octetstring vc_aaPrivateEncKey; /** Test Adapter AA private key for encryption */
var HashedId8 vc_aaHashedId8; /** Test Adapter AA HashedId8 for decryption of IUT's response */
var octetstring vc_aaWholeHash; /** TS AA whole-hash for signature check */
// var HashedId8 vc_ecHashedId8; /** Test Adapter AA HashedId8 for decryption of IUT's response */
// var Certificate vc_peerEaCertificate; /** IUT EA certificate for signature check */
// var octetstring vc_eaPeerWholeHash; /** IUT EA whole-hash for signature check */
var octetstring vc_aaWholeHash; /** Test Adapter AA whole-hash for signature check */
} // End of component ItsPki
/**
......