asn1/Security/1609Dot2/IEEE1609dot2.asn

@@ -289,7 +289,7 @@ PsidGroupPermissions ::= SEQUENCE  {
     subjectPermissions SubjectPermissions,
     minChainLength     INTEGER DEFAULT 1,
     chainLengthRange   INTEGER DEFAULT 0, 
-    eeType             EndEntityType DEFAULT '00'H
+    eeType             EndEntityType DEFAULT '80'H
 }
 
 SequenceOfPsidGroupPermissions ::= SEQUENCE OF PsidGroupPermissions

ttcn/Pki/LibItsPki_Functions.ttcn

@@ -33,22 +33,25 @@ module LibItsPki_Functions {
   import from LibItsCommon_Functions all;
   import from LibItsCommon_ASN1_NamedNumbers all;
   import from LibItsCommon_Pixits all;
-    
+  
   // LibItsSecurity
   import from LibItsSecurity_TypesAndValues all;
   import from LibItsSecurity_Templates all;
   import from LibItsSecurity_Functions all;
   import from LibItsSecurity_Pixits all;
-    
+  
   // LibItsHttp
   import from LibItsHttp_TypesAndValues all;
+  import from LibItsHttp_Templates all;
   import from LibItsHttp_TestSystem all;
-    
+  
   // LibItsPki
+  import from LibItsPki_TypesAndValues all;
   import from LibItsPki_Templates all;
+  import from LibItsPki_Pics all;
   import from LibItsPki_TestSystem all;
-    
-  group pkiConfigurationFunctions { 
+  
+  group pkiConfigurationFunctions {
      
     /**
      * @desc    Setups default configuration   
@@ -69,6 +72,8 @@ module LibItsPki_Functions {
       
       f_prepareCertificates(p_certificateId, vc_aaCertificate, vc_atCertificate);
       f_readCertificate(p_certificateId, vc_eaCertificate);
+      
+      activate(a_default_pki());
     } // End of function f_cfUp
     
     /**
@@ -76,7 +81,8 @@ module LibItsPki_Functions {
      * @param   p_certificateId The certificate identifier the TA shall use in case of secured IUT
      */
     function f_cfHttpUp(
-                        in charstring p_certificateId  := "CERT_TS_A_EA" // TODO Use a constant
+                        in charstring p_certificateId  := "CERT_TS_A_EA", // TODO Use a constant
+                        in charstring p_peerCertificateId := "CERT_IUT_A_EA"
                        ) runs on ItsPkiHttp /* TITAN TODO: system ItsPkiHttpSystem */ {
       
       map(self:httpPort, system:httpPort);
@@ -90,9 +96,24 @@ module LibItsPki_Functions {
       f_prepareCertificates(p_certificateId, vc_aaCertificate, vc_atCertificate);
       f_readCertificate(p_certificateId, vc_eaCertificate);
       f_readSigningKey(p_certificateId, vc_eaPrivateKey);
+      f_readEncryptingKey(p_certificateId, vc_eaPrivateEncKey);
       f_getCertificateDigest(p_certificateId, vc_eaHashedId8);
+      f_getCertificateHash(p_peerCertificateId, vc_eaPeerWholeHash);
+      
+      activate(a_default_pki_http());
     } // End of function f_cfHttpUp
     
+    function f_cfUp_itss(
+                         in charstring p_certificateId := "CERT_TS_A_EA" // TODO Use a constant
+                         ) runs on ItsPkiItss /* TITAN TODO: system ItsPkiItssSystem */ {
+      
+      f_cfUp();
+      
+      map(self:geoNetworkingPort, system:geoNetworkingPort);
+      
+      activate(a_default_pki());
+    } // End of function f_cfUp_itss
+    
     /**
      * @desc    Deletes default configuration 
      */
@@ -110,6 +131,15 @@ module LibItsPki_Functions {
       f_disconnect4SelfOrClientSync();
     } // End of function f_cfHttpDown
     
+    /**
+     * @desc    Deletes default configuration 
+     */
+    function f_cfDown_itss() runs on ItsPkiItss /* TITAN TODO: system ItsPkiItssSystem */ {
+      unmap(self:geoNetworkingPort, system:geoNetworkingPort);
+      
+      f_cfDown();
+    } // End of function f_cfDown
+    
     /**
      * @desc Initialise secure mode if required
      */
@@ -129,14 +159,78 @@ module LibItsPki_Functions {
     } // End of function f_uninitialiseSecuredMode()
         
   } // End of pkiConfigurationFunctions
+
+  group ac_port {
+
+    function f_sendAcPkiPrimitive(
+                                  in octetstring p_private_key,
+                                  in octetstring p_publicKeyCompressed,
+                                  in integer p_compressedMode
+                                  ) runs on ItsPki {
+      var AcSetSecurityData v_ac_set_security_data;
+      
+      v_ac_set_security_data := { PICS_TS_CERTIFICATE_ID, PICS_IUT_CERTIFICATE_ID, p_private_key, p_publicKeyCompressed, p_compressedMode };
+      acPkiPort.send(AcPkiPrimitive: { acSetSecurityData := v_ac_set_security_data });
+      tc_ac.start;
+      alt {
+        [] acPkiPort.receive(AcPkiResponse: { result := true }) {
+          tc_ac.stop;
+        }
+        [] acPkiPort.receive(AcPkiResponse: { result := false }) {
+          tc_ac.stop;
+          log("*** f_sendAcPkiPrimitive: ERROR: Received unexpected message ***");
+          f_selfOrClientSyncAndVerdict("error", e_error);
+        }
+        [] tc_ac.timeout {
+          log("*** f_sendAcPkiPrimitive: ERROR: Timeout while waiting for adapter control event result ***");
+          f_selfOrClientSyncAndVerdict("error", e_timeout);
+        }
+      } // End of 'alt' statement
+    }
+    
+  } // End of group ac_port
+
+  group http {
+
+    function f_http_build_enrolment_request(
+                                            out octetstring p_private_key,
+                                            out octetstring p_publicKeyX,
+                                            out octetstring p_publicKeyY,
+                                            out octetstring p_publicKeyCompressed,
+                                            out integer p_compressedMode,
+                                            out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data
+                                            ) runs on ItsPkiHttp {
+      var InnerEcRequest v_inner_ec_request;
+      var Ieee1609Dot2Data v_inner_ec_request_signed_for_pop;
+      var bitstring v_inner_ec_request_signed_for_pop_msg;
+      
+      if (f_generate_inner_ec_request(p_private_key, p_publicKeyX, p_publicKeyY, p_publicKeyCompressed, p_compressedMode, v_inner_ec_request) == false) {
+        log("*** f_http_build_enrolment_request: ERROR: Failed to generate InnerEcRequest ***");
+        f_selfOrClientSyncAndVerdict("error", e_error);
+      }
+      // Generate InnerEcRequestSignedForPoP
+      if (f_generate_inner_ec_request_signed_for_pop(p_private_key, v_inner_ec_request, v_inner_ec_request_signed_for_pop) == false) {
+        log("*** f_http_build_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***");
+        f_selfOrClientSyncAndVerdict("error", e_error);
+      }
+      // Secure InnerEcRequestSignedForPoP message
+      v_inner_ec_request_signed_for_pop_msg := encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop));
+      if (f_build_pki_secured_message(vc_eaPrivateKey, valueof(m_signerIdentifier_self), vc_eaHashedId8, p_publicKeyCompressed, p_compressedMode, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data) == false) {
+        log("*** f_http_build_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***");
+        f_selfOrClientSyncAndVerdict("error", e_error);
+      }
+      log("*** f_http_build_enrolment_request: DEBUF: p_ieee1609dot2_signed_and_encrypted_data = ", p_ieee1609dot2_signed_and_encrypted_data);
+    } // End of function f_http_build_enrolment_request
+    
+  } // End of group http
   
   group inner_ec_xxx {
     
     function f_generate_inner_ec_request(
-                                         out Oct32 p_private_key,
-                                         out Oct32 p_publicKeyX,
-                                         out Oct32 p_publicKeyY,
-                                         out Oct32 p_publicKeyCompressed,
+                                         out octetstring p_private_key,
+                                         out octetstring p_publicKeyX,
+                                         out octetstring p_publicKeyY,
+                                         out octetstring p_publicKeyCompressed,
                                          out integer p_compressedMode,
                                          out InnerEcRequest p_inner_ec_request
                                          ) return boolean {
@@ -191,7 +285,7 @@ module LibItsPki_Functions {
     } // End of function f_generate_inner_ec_request
     
     function f_generate_inner_ec_request_signed_for_pop(
-                                                        in Oct32 p_private_key,
+                                                        in octetstring p_private_key,
                                                         in InnerEcRequest p_inner_ec_request,
                                                         out Ieee1609Dot2Data p_inner_ec_request_signed_for_pop
     ) return boolean {
@@ -199,7 +293,7 @@ module LibItsPki_Functions {
       var template (value) EccP256CurvePoint v_eccP256_curve_point;
       var octetstring v_encoded_inner_ec_request;
       var template (value) ToBeSignedData v_tbs;
-      var Oct32 v_tbs_signed;
+      var octetstring v_tbs_signed;
       
       // Encode it
       v_encoded_inner_ec_request := bit2oct(encvalue(p_inner_ec_request));
@@ -237,6 +331,24 @@ module LibItsPki_Functions {
       return true;
     } // End of function f_generate_inner_ec_request_signed_for_pop
     
+    function f_generate_inner_ec_response(
+                                          in octetstring p_inner_ec_request_hashed_id,
+                                          in EtsiTs103097Certificate p_certificate,
+                                          out InnerEcResponse p_inner_ec_response
+                                         ) return boolean {
+      // Local variables
+      
+      // Build the Proof of Possession InnerEcResponse
+      p_inner_ec_response := valueof(
+                                     m_innerEcResponse_ok(
+                                                          substr(p_inner_ec_request_hashed_id, 0, 16),
+                                                          p_certificate
+                                                          )
+                                     );
+      
+      return true;
+    } // End of function f_generate_inner_ec_response
+    
   } // End of group inner_ec_xxx
 
   group pki_functions {
@@ -257,7 +369,7 @@ module LibItsPki_Functions {
                                          in octetstring p_private_key,
                                          in SignerIdentifier p_signer_identifier,
                                          in HashedId8 p_recipientId,
-                                         in Oct32 p_publicKeyCompressed,
+                                         in octetstring p_publicKeyCompressed,
                                          in integer p_compressedMode,
                                          in octetstring p_pki_message, 
                                          out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data
@@ -265,14 +377,14 @@ module LibItsPki_Functions {
       // Local variables
       var template (value) EccP256CurvePoint v_eccP256_curve_point;
       var template (value) ToBeSignedData v_tbs;
-      var Oct32 v_tbs_signed;
+      var octetstring v_tbs_signed;
       var template (value) Ieee1609Dot2Data v_ieee1609dot2_signed_data;
       var octetstring v_encoded_inner_ec_request;
       var Oct12 v_nonce;
       var Oct16 v_authentication_vector;
       var Oct16 v_encrypted_sym_key;
       var HashedId8 v_recipientId;
-      var Oct32 v_publicEphemeralKeyCompressed;
+      var octetstring v_publicEphemeralKeyCompressed;
       var integer v_ephemeralKeyModeCompressed;
       var octetstring v_encrypted_inner_ec_request;
 
@@ -353,25 +465,104 @@ module LibItsPki_Functions {
       
       return true;
     } // End of function f_build_pki_secured_message
-    
-    function f_generate_inner_ec_response(
-                                          in Oct32 p_inner_ec_request_hashed_id,
-                                          in EtsiTs103097Certificate p_certificate,
-                                          out InnerEcResponse p_inner_ec_response
-                                         ) return boolean {
+
+    function f_verify_pki_message(
+                                  in octetstring v_private_enc_key,
+                                  in octetstring p_issuer,
+                                  in Certificate p_peer_certificate,
+                                  in Ieee1609Dot2Data p_ieee1609dot2_encrypted_and_signed_data,
+                                  in boolean p_check_security := true,
+                                  out EtsiTs102941Data p_etsi_ts_102941_data
+                                  ) return boolean {
       // Local variables
+      var Ieee1609Dot2Data v_ieee1609dot2_signed_data;
+      var bitstring v_etsi_ts_102941_data_msg;
+      var bitstring v_tbs;
+      var boolean v_ret;
       
-      // Build the Proof of Possession InnerEcResponse
-      p_inner_ec_response := valueof(
-                                     m_innerEcResponse_ok(
-                                                          substr(p_inner_ec_request_hashed_id, 0, 16),
-                                                          p_certificate
-                                                          )
-                                     );
+      // 1. Decrypt the data
+      if (f_decrypt(v_private_enc_key, p_ieee1609dot2_encrypted_and_signed_data, v_ieee1609dot2_signed_data) == false) {
+        if (p_check_security == true) {
+          return false;
+        }
+      }
+      log("v_ieee1609dot2_signed_data= ", v_ieee1609dot2_signed_data);
+      
+      // 2. Check the signature
+      v_tbs := encvalue(v_ieee1609dot2_signed_data.content.signedData.tbsData);
+      if (ischosen(p_peer_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0)) {
+        v_ret := f_verifyWithEcdsaNistp256WithSha256(
+                                                     bit2oct(v_tbs),
+                                                     p_issuer,
+                                                     v_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
+                                                     p_peer_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0,
+                                                     0);
+      } else {
+        v_ret := f_verifyWithEcdsaNistp256WithSha256(
+                                                     bit2oct(v_tbs),
+                                                     p_issuer,
+                                                     v_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
+                                                     p_peer_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_1,
+                                                     1);
+      }
+      if (v_ret == false) {
+        if (p_check_security == true) {
+          return false;
+        }
+      }
+
+      // 3. Retrun the PKI message
+      v_etsi_ts_102941_data_msg := oct2bit(v_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData);
+      if (decvalue(v_etsi_ts_102941_data_msg, p_etsi_ts_102941_data) != 0) {
+        return false;
+      }
+
+      if (p_etsi_ts_102941_data.version != PkiProtocolVersion) {
+        if (p_check_security == true) {
+          return false;
+        }
+      }
       
       return true;
-    } // End of function f_generate_inner_ec_response
-    
+    } // End of function f_verify_pki_message
+
   } // End of group inner_ec_xxx
   
+  group altstes {
+    
+    altstep a_default_pki() runs on ItsPki {
+      [] pkiPort.receive {
+        tc_ac.stop;
+        log("*** a_default: ERROR: Unexpected PKI message received ***");
+        f_selfOrClientSyncAndVerdict("error", e_error);
+      }
+    }
+    
+    altstep a_default_pki_http() runs on ItsPkiHttp {
+      [] httpPort.receive( 
+                          mw_http_response(
+                                           mw_http_response_ko
+                                           )) {
+        tc_ac.stop;
+        log("*** a_default: ERROR: HTTP Server error ***");
+        f_selfOrClientSyncAndVerdict("error", e_error);
+      }
+      [] httpPort.receive(mw_http_request) {
+        tc_ac.stop;
+        log("*** a_default: ERROR: Unexpected HTTP Request received ***");
+        f_selfOrClientSyncAndVerdict("error", e_error);
+      }
+      [] httpPort.receive(mw_http_response) {
+        tc_ac.stop;
+        log("*** a_default: ERROR: Unexpected HTTP Response received ***");
+        f_selfOrClientSyncAndVerdict("error", e_error);
+      }
+      [] httpPort.receive {
+        tc_ac.stop;
+        log("*** a_default: ERROR: Unexpected HTTP message received ***");
+        f_selfOrClientSyncAndVerdict("error", e_error);
+      }
+    }
+  }
+  
 } // End of module LibItsPki_Functions 

ttcn/Pki/LibItsPki_Pics.ttcn

+module LibItsPki_Pics {
+  
+  /**
+   * @desc Does the IUT act as ITS-S device?
+   */
+  modulepar boolean PICS_IUT_ITS_S_ROLE := false;
+  
+  /**
+   * @desc Does the IUT act as EA device?
+   */
+  modulepar boolean PICS_IUT_EA_ROLE := true;
+  
+  /**
+   * @desc Does the IUT act as AA device?
+   */
+  modulepar boolean PICS_IUT_AA_ROLE := false;
+  
+  /**
+   * @desc Certificate used by the IUT
+   */
+  modulepar charstring PICS_IUT_CERTIFICATE_ID := "CERT_IUT_A_EA";
+
+  /**
+   * @desc Certificate used by the Test System
+   */
+  modulepar charstring PICS_TS_CERTIFICATE_ID := "CERT_TS_A_EA";
+  
+} // End of module LibItsPki_Pics

ttcn/Pki/LibItsPki_Pixits.ttcn

+module LibItsPki_Pixits {
+  
+  
+} // End of module LibItsPki_Pixits

ttcn/Pki/LibItsPki_TestSystem.ttcn

@@ -60,7 +60,8 @@ module LibItsPki_TestSystem {
   type component ItsPkiHttpSystem extends HttpTestAdapter{
   } // End of component ItsPkiHttpSystem
   
-  type component ItsPkiItssSystem extends ItsPkiSystem, ItsGeoNetworking {
+  type component ItsPkiItssSystem extends ItsPkiSystem {
+    port GeoNetworkingPort geoNetworkingPort;
   } // End of component ItsPkiItssSystem
   
   type component ItsPki extends ItsSecurityBaseComponent, ItsBaseMtc {
@@ -72,13 +73,14 @@ module LibItsPki_TestSystem {
   
   type component ItsPkiHttp extends ItsSecurityBaseComponent, HttpComponent {
     var Certificate vc_eaCertificate;       /** Test Adapter EA certificate */
-    var octetstring vc_eaPrivateKey;        /** Test Adapter EA proivate key for signature */
-    var HashedId8   vc_eaHashedId8;         /** Test Adapter EA HashedId8 for RecipientId */
+    var octetstring vc_eaPrivateKey;        /** Test Adapter EA private key for signature */
+    var octetstring vc_eaPrivateEncKey;     /** Test Adapter EA private key for encryption */
+    var HashedId8   vc_eaHashedId8;         /** Test Adapter EA HashedId8 for decryption of IUT's response */
+    var octetstring vc_eaPeerWholeHash;     /** IUT EA whole-hash for signature check */
   } // End of component ItsPki
   
-  type component ItsPkiItss extends ItsGeoNetworking {
-    port AdapterControlPkiPort acPkiPort;
-    port PkiPort pkiPort;
+  type component ItsPkiItss extends ItsPki {
+    port GeoNetworkingPort geoNetworkingPort;
   } // End of component ItsPkiItss
   
 } // End of module LibItsPki_TestSystem 

ttcn/Pki/LibItsPki_TypesAndValues.ttcn

@@ -9,6 +9,12 @@
  *               All rights reserved.
  */
 module LibItsPki_TypesAndValues {
+
+  group constants {
+
+    const integer PkiProtocolVersion := 1;
+
+  } // End of group constants
   
   group acPrimitives {