Skip to content
GitLab
Commits (6)
Hide whitespace changes
Inline Side-by-side
asn1/Security/1609Dot2/IEEE1609dot2.asn
View file @ 82720e15
......@@ -289,7 +289,7 @@ PsidGroupPermissions ::= SEQUENCE {
subjectPermissions SubjectPermissions,
minChainLength INTEGER DEFAULT 1,
chainLengthRange INTEGER DEFAULT 0,
eeType EndEntityType DEFAULT '00'H
eeType EndEntityType DEFAULT '80'H
}
SequenceOfPsidGroupPermissions ::= SEQUENCE OF PsidGroupPermissions
......
ttcn/Pki/LibItsPki_Functions.ttcn
View file @ 82720e15
......@@ -33,22 +33,25 @@ module LibItsPki_Functions {
import from LibItsCommon_Functions all;
import from LibItsCommon_ASN1_NamedNumbers all;
import from LibItsCommon_Pixits all;
// LibItsSecurity
import from LibItsSecurity_TypesAndValues all;
import from LibItsSecurity_Templates all;
import from LibItsSecurity_Functions all;
import from LibItsSecurity_Pixits all;
// LibItsHttp
import from LibItsHttp_TypesAndValues all;
import from LibItsHttp_Templates all;
import from LibItsHttp_TestSystem all;
// LibItsPki
import from LibItsPki_TypesAndValues all;
import from LibItsPki_Templates all;
import from LibItsPki_Pics all;
import from LibItsPki_TestSystem all;
group pkiConfigurationFunctions {
group pkiConfigurationFunctions {
/**
* @desc Setups default configuration
......@@ -69,6 +72,8 @@ module LibItsPki_Functions {
f_prepareCertificates(p_certificateId, vc_aaCertificate, vc_atCertificate);
f_readCertificate(p_certificateId, vc_eaCertificate);
activate(a_default_pki());
} // End of function f_cfUp
/**
......@@ -76,7 +81,8 @@ module LibItsPki_Functions {
* @param p_certificateId The certificate identifier the TA shall use in case of secured IUT
*/
function f_cfHttpUp(
in charstring p_certificateId := "CERT_TS_A_EA" // TODO Use a constant
in charstring p_certificateId := "CERT_TS_A_EA", // TODO Use a constant
in charstring p_peerCertificateId := "CERT_IUT_A_EA"
) runs on ItsPkiHttp /* TITAN TODO: system ItsPkiHttpSystem */ {
map(self:httpPort, system:httpPort);
......@@ -90,9 +96,24 @@ module LibItsPki_Functions {
f_prepareCertificates(p_certificateId, vc_aaCertificate, vc_atCertificate);
f_readCertificate(p_certificateId, vc_eaCertificate);
f_readSigningKey(p_certificateId, vc_eaPrivateKey);
f_readEncryptingKey(p_certificateId, vc_eaPrivateEncKey);
f_getCertificateDigest(p_certificateId, vc_eaHashedId8);
f_getCertificateHash(p_peerCertificateId, vc_eaPeerWholeHash);
activate(a_default_pki_http());
} // End of function f_cfHttpUp
function f_cfUp_itss(
in charstring p_certificateId := "CERT_TS_A_EA" // TODO Use a constant
) runs on ItsPkiItss /* TITAN TODO: system ItsPkiItssSystem */ {
f_cfUp();
map(self:geoNetworkingPort, system:geoNetworkingPort);
activate(a_default_pki());
} // End of function f_cfUp_itss
/**
* @desc Deletes default configuration
*/
......@@ -110,6 +131,15 @@ module LibItsPki_Functions {
f_disconnect4SelfOrClientSync();
} // End of function f_cfHttpDown
/**
* @desc Deletes default configuration
*/
function f_cfDown_itss() runs on ItsPkiItss /* TITAN TODO: system ItsPkiItssSystem */ {
unmap(self:geoNetworkingPort, system:geoNetworkingPort);
f_cfDown();
} // End of function f_cfDown
/**
* @desc Initialise secure mode if required
*/
......@@ -129,14 +159,78 @@ module LibItsPki_Functions {
} // End of function f_uninitialiseSecuredMode()
} // End of pkiConfigurationFunctions
group ac_port {
function f_sendAcPkiPrimitive(
in octetstring p_private_key,
in octetstring p_publicKeyCompressed,
in integer p_compressedMode
) runs on ItsPki {
var AcSetSecurityData v_ac_set_security_data;
v_ac_set_security_data := { PICS_TS_CERTIFICATE_ID, PICS_IUT_CERTIFICATE_ID, p_private_key, p_publicKeyCompressed, p_compressedMode };
acPkiPort.send(AcPkiPrimitive: { acSetSecurityData := v_ac_set_security_data });
tc_ac.start;
alt {
[] acPkiPort.receive(AcPkiResponse: { result := true }) {
tc_ac.stop;
}
[] acPkiPort.receive(AcPkiResponse: { result := false }) {
tc_ac.stop;
log("*** f_sendAcPkiPrimitive: ERROR: Received unexpected message ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
[] tc_ac.timeout {
log("*** f_sendAcPkiPrimitive: ERROR: Timeout while waiting for adapter control event result ***");
f_selfOrClientSyncAndVerdict("error", e_timeout);
}
} // End of 'alt' statement
}
} // End of group ac_port
group http {
function f_http_build_enrolment_request(
out octetstring p_private_key,
out octetstring p_publicKeyX,
out octetstring p_publicKeyY,
out octetstring p_publicKeyCompressed,
out integer p_compressedMode,
out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data
) runs on ItsPkiHttp {
var InnerEcRequest v_inner_ec_request;
var Ieee1609Dot2Data v_inner_ec_request_signed_for_pop;
var bitstring v_inner_ec_request_signed_for_pop_msg;
if (f_generate_inner_ec_request(p_private_key, p_publicKeyX, p_publicKeyY, p_publicKeyCompressed, p_compressedMode, v_inner_ec_request) == false) {
log("*** f_http_build_enrolment_request: ERROR: Failed to generate InnerEcRequest ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
// Generate InnerEcRequestSignedForPoP
if (f_generate_inner_ec_request_signed_for_pop(p_private_key, v_inner_ec_request, v_inner_ec_request_signed_for_pop) == false) {
log("*** f_http_build_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
// Secure InnerEcRequestSignedForPoP message
v_inner_ec_request_signed_for_pop_msg := encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop));
if (f_build_pki_secured_message(vc_eaPrivateKey, valueof(m_signerIdentifier_self), vc_eaHashedId8, p_publicKeyCompressed, p_compressedMode, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data) == false) {
log("*** f_http_build_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
log("*** f_http_build_enrolment_request: DEBUF: p_ieee1609dot2_signed_and_encrypted_data = ", p_ieee1609dot2_signed_and_encrypted_data);
} // End of function f_http_build_enrolment_request
} // End of group http
group inner_ec_xxx {
function f_generate_inner_ec_request(
out Oct32 p_private_key,
out Oct32 p_publicKeyX,
out Oct32 p_publicKeyY,
out Oct32 p_publicKeyCompressed,
out octetstring p_private_key,
out octetstring p_publicKeyX,
out octetstring p_publicKeyY,
out octetstring p_publicKeyCompressed,
out integer p_compressedMode,
out InnerEcRequest p_inner_ec_request
) return boolean {
......@@ -191,7 +285,7 @@ module LibItsPki_Functions {
} // End of function f_generate_inner_ec_request
function f_generate_inner_ec_request_signed_for_pop(
in Oct32 p_private_key,
in octetstring p_private_key,
in InnerEcRequest p_inner_ec_request,
out Ieee1609Dot2Data p_inner_ec_request_signed_for_pop
) return boolean {
......@@ -199,7 +293,7 @@ module LibItsPki_Functions {
var template (value) EccP256CurvePoint v_eccP256_curve_point;
var octetstring v_encoded_inner_ec_request;
var template (value) ToBeSignedData v_tbs;
var Oct32 v_tbs_signed;
var octetstring v_tbs_signed;
// Encode it
v_encoded_inner_ec_request := bit2oct(encvalue(p_inner_ec_request));
......@@ -237,6 +331,24 @@ module LibItsPki_Functions {
return true;
} // End of function f_generate_inner_ec_request_signed_for_pop
function f_generate_inner_ec_response(
in octetstring p_inner_ec_request_hashed_id,
in EtsiTs103097Certificate p_certificate,
out InnerEcResponse p_inner_ec_response
) return boolean {
// Local variables
// Build the Proof of Possession InnerEcResponse
p_inner_ec_response := valueof(
m_innerEcResponse_ok(
substr(p_inner_ec_request_hashed_id, 0, 16),
p_certificate
)
);
return true;
} // End of function f_generate_inner_ec_response
} // End of group inner_ec_xxx
group pki_functions {
......@@ -257,7 +369,7 @@ module LibItsPki_Functions {
in octetstring p_private_key,
in SignerIdentifier p_signer_identifier,
in HashedId8 p_recipientId,
in Oct32 p_publicKeyCompressed,
in octetstring p_publicKeyCompressed,
in integer p_compressedMode,
in octetstring p_pki_message,
out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data
......@@ -265,14 +377,14 @@ module LibItsPki_Functions {
// Local variables
var template (value) EccP256CurvePoint v_eccP256_curve_point;
var template (value) ToBeSignedData v_tbs;
var Oct32 v_tbs_signed;
var octetstring v_tbs_signed;
var template (value) Ieee1609Dot2Data v_ieee1609dot2_signed_data;
var octetstring v_encoded_inner_ec_request;
var Oct12 v_nonce;
var Oct16 v_authentication_vector;
var Oct16 v_encrypted_sym_key;
var HashedId8 v_recipientId;
var Oct32 v_publicEphemeralKeyCompressed;
var octetstring v_publicEphemeralKeyCompressed;
var integer v_ephemeralKeyModeCompressed;
var octetstring v_encrypted_inner_ec_request;
......@@ -353,25 +465,104 @@ module LibItsPki_Functions {
return true;
} // End of function f_build_pki_secured_message
function f_generate_inner_ec_response(
in Oct32 p_inner_ec_request_hashed_id,
in EtsiTs103097Certificate p_certificate,
out InnerEcResponse p_inner_ec_response
) return boolean {
function f_verify_pki_message(
in octetstring v_private_enc_key,
in octetstring p_issuer,
in Certificate p_peer_certificate,
in Ieee1609Dot2Data p_ieee1609dot2_encrypted_and_signed_data,
in boolean p_check_security := true,
out EtsiTs102941Data p_etsi_ts_102941_data
) return boolean {
// Local variables
var Ieee1609Dot2Data v_ieee1609dot2_signed_data;
var bitstring v_etsi_ts_102941_data_msg;
var bitstring v_tbs;
var boolean v_ret;
// Build the Proof of Possession InnerEcResponse
p_inner_ec_response := valueof(
m_innerEcResponse_ok(
substr(p_inner_ec_request_hashed_id, 0, 16),
p_certificate
)
);
// 1. Decrypt the data
if (f_decrypt(v_private_enc_key, p_ieee1609dot2_encrypted_and_signed_data, v_ieee1609dot2_signed_data) == false) {
if (p_check_security == true) {
return false;
}
}
log("v_ieee1609dot2_signed_data= ", v_ieee1609dot2_signed_data);
// 2. Check the signature
v_tbs := encvalue(v_ieee1609dot2_signed_data.content.signedData.tbsData);
if (ischosen(p_peer_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0)) {
v_ret := f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_tbs),
p_issuer,
v_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
p_peer_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0,
0);
} else {
v_ret := f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_tbs),
p_issuer,
v_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
p_peer_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_1,
1);
}
if (v_ret == false) {
if (p_check_security == true) {
return false;
}
}
// 3. Retrun the PKI message
v_etsi_ts_102941_data_msg := oct2bit(v_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData);
if (decvalue(v_etsi_ts_102941_data_msg, p_etsi_ts_102941_data) != 0) {
return false;
}
if (p_etsi_ts_102941_data.version != PkiProtocolVersion) {
if (p_check_security == true) {
return false;
}
}
return true;
} // End of function f_generate_inner_ec_response
} // End of function f_verify_pki_message
} // End of group inner_ec_xxx
group altstes {
altstep a_default_pki() runs on ItsPki {
[] pkiPort.receive {
tc_ac.stop;
log("*** a_default: ERROR: Unexpected PKI message received ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
}
altstep a_default_pki_http() runs on ItsPkiHttp {
[] httpPort.receive(
mw_http_response(
mw_http_response_ko
)) {
tc_ac.stop;
log("*** a_default: ERROR: HTTP Server error ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
[] httpPort.receive(mw_http_request) {
tc_ac.stop;
log("*** a_default: ERROR: Unexpected HTTP Request received ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
[] httpPort.receive(mw_http_response) {
tc_ac.stop;
log("*** a_default: ERROR: Unexpected HTTP Response received ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
[] httpPort.receive {
tc_ac.stop;
log("*** a_default: ERROR: Unexpected HTTP message received ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
}
}
} // End of module LibItsPki_Functions
ttcn/Pki/LibItsPki_Pics.ttcn 0 → 100644
View file @ 82720e15
module LibItsPki_Pics {
/**
* @desc Does the IUT act as ITS-S device?
*/
modulepar boolean PICS_IUT_ITS_S_ROLE := false;
/**
* @desc Does the IUT act as EA device?
*/
modulepar boolean PICS_IUT_EA_ROLE := true;
/**
* @desc Does the IUT act as AA device?
*/
modulepar boolean PICS_IUT_AA_ROLE := false;
/**
* @desc Certificate used by the IUT
*/
modulepar charstring PICS_IUT_CERTIFICATE_ID := "CERT_IUT_A_EA";
/**
* @desc Certificate used by the Test System
*/
modulepar charstring PICS_TS_CERTIFICATE_ID := "CERT_TS_A_EA";
} // End of module LibItsPki_Pics
ttcn/Pki/LibItsPki_Pixits.ttcn 0 → 100644
View file @ 82720e15
module LibItsPki_Pixits {
} // End of module LibItsPki_Pixits
ttcn/Pki/LibItsPki_TestSystem.ttcn
View file @ 82720e15
......@@ -60,7 +60,8 @@ module LibItsPki_TestSystem {
type component ItsPkiHttpSystem extends HttpTestAdapter{
} // End of component ItsPkiHttpSystem
type component ItsPkiItssSystem extends ItsPkiSystem, ItsGeoNetworking {
type component ItsPkiItssSystem extends ItsPkiSystem {
port GeoNetworkingPort geoNetworkingPort;
} // End of component ItsPkiItssSystem
type component ItsPki extends ItsSecurityBaseComponent, ItsBaseMtc {
......@@ -72,13 +73,14 @@ module LibItsPki_TestSystem {
type component ItsPkiHttp extends ItsSecurityBaseComponent, HttpComponent {
var Certificate vc_eaCertificate; /** Test Adapter EA certificate */
var octetstring vc_eaPrivateKey; /** Test Adapter EA proivate key for signature */
var HashedId8 vc_eaHashedId8; /** Test Adapter EA HashedId8 for RecipientId */
var octetstring vc_eaPrivateKey; /** Test Adapter EA private key for signature */
var octetstring vc_eaPrivateEncKey; /** Test Adapter EA private key for encryption */
var HashedId8 vc_eaHashedId8; /** Test Adapter EA HashedId8 for decryption of IUT's response */
var octetstring vc_eaPeerWholeHash; /** IUT EA whole-hash for signature check */
} // End of component ItsPki
type component ItsPkiItss extends ItsGeoNetworking {
port AdapterControlPkiPort acPkiPort;
port PkiPort pkiPort;
type component ItsPkiItss extends ItsPki {
port GeoNetworkingPort geoNetworkingPort;
} // End of component ItsPkiItss
} // End of module LibItsPki_TestSystem
ttcn/Pki/LibItsPki_TypesAndValues.ttcn
View file @ 82720e15
......@@ -9,6 +9,12 @@
* All rights reserved.
*/
module LibItsPki_TypesAndValues {
group constants {
const integer PkiProtocolVersion := 1;
} // End of group constants
group acPrimitives {
......