Loading ePassport/ttcn/ePassport_Altsteps.ttcn +20 −12 Original line number Diff line number Diff line Loading @@ -176,10 +176,10 @@ var CommandManageSecurityEnvironment v_mseCommand; var CommandPerformSecurityOperation v_psoCommand; var CommandExternalOrMutualAuthenticate v_extAuthcommand; var octetstring v_rndIcc; var octetstring v_dstCAR, v_atCAR; var charstring v_chr; var octetstring v_certificate, v_signature, v_publicKey; var octetstring v_cleartextChallenge; // reading of the certificate chain [] mrtdport.receive(mw_mseSetDST) -> value v_mseCommand { Loading Loading @@ -233,6 +233,7 @@ [] mrtdport.receive(mw_mseSetAT) -> value v_mseCommand { v_atCAR := v_mseCommand.payload.manageSecurityEnvironmentData .crtAT.crtReferenceOfSecretOrPublicKey.tlvValue; f_setAt(oct2char(v_atCAR)); mrtdport.send(m_responseOK); t_ac.start; repeat; Loading @@ -240,8 +241,8 @@ // The MRTD is waiting a Get_Challenge message in order that the IS requests the RpIcc RND key [] mrtdport.receive(mw_getChallenge) { v_rndIcc := f_generateRandomOctetstring(c_atNonceSize); mrtdport.send(m_responseRead(v_rndIcc)); vc_simu.challenge := f_generateRandomOctetstring(c_atNonceSize); mrtdport.send(m_responseRead(vc_simu.challenge)); t_ac.start; repeat; } Loading @@ -250,14 +251,21 @@ [] mrtdport.receive(mw_extAuthenticate) -> value v_extAuthcommand { v_signature := v_extAuthcommand.payload .externalOrMutualAuthenticateData.challengeResponse; //if(f_verifySignature(v_signature, v_atCAR)) { v_cleartextChallenge := vc_simu.documentNumber & vc_simu.challenge & vc_simu.isDhPublicKeyHash; log("documentNumber", vc_simu.documentNumber); log("challenge", vc_simu.challenge); log("isDhPublicKeyHash", vc_simu.isDhPublicKeyHash); log("v_cleartextChallenge", v_cleartextChallenge); if(f_verifySignature(v_cleartextChallenge, v_signature, f_getAtPublickey())) { f_pushPassResult(enum2int(e_aisTerminalAuthentication)); vc_simu.securityStatus := e_terminalAuthenticated; mrtdport.send(m_responseOK); //} //else { //TODO //} } else { mrtdport.send(m_responseNOK(c_w1w2StateOfNonVolatileMemoryHasChanged)); } t_ac.start; repeat; Loading Loading @@ -289,8 +297,8 @@ [] mrtdport.receive(mw_getChallenge) { // MRTD sends its random challenge to IS vc_simu.rndIcc := f_generateRandomOctetstring(c_bacNonceSize); mrtdport.send(m_responseRead(vc_simu.rndIcc)); vc_simu.challenge := f_generateRandomOctetstring(c_bacNonceSize); mrtdport.send(m_responseRead(vc_simu.challenge)); t_ac.start; repeat; } Loading @@ -302,7 +310,7 @@ // TODO check vc_simu.rndIcc != omit v_response := f_basicAccessControl(vc_simu.rndIcc, v_challengeResponse); v_response := f_basicAccessControl(vc_simu.challenge, v_challengeResponse); mrtdport.send(m_responseRead(v_response)); vc_simu.securityStatus := e_basicAccessControl; t_ac.start; Loading ePassport/ttcn/ePassport_Functions.ttcn +49 −3 Original line number Diff line number Diff line Loading @@ -168,6 +168,13 @@ */ external function fx_computeSignature(in SignatureAlgorithm p_algorithm, in octetstring p_key, in octetstring p_data) return octetstring; /** * @desc Extract X-Coordinate from EC public key * @param p_publicKey EC public key as returned by fx_extractPublicKey * @return X-Coordinate of EC public key */ external function fx_extractXcoordinateFromEcPublicKey(in octetstring p_ecPublicKey) return octetstring; } // end securityExternalFunctions group fileExternalFunctions { Loading Loading @@ -224,7 +231,11 @@ fx_deriveKeySeedFromMRZ(p_mrz, v_kSeed); return v_kSeed; } } // end f_extractKseedFromMrz function f_extractDocumentNumberFromMrz(in octetstring p_mrz) return octetstring { return substr(p_mrz, lengthof(p_mrz) / 2, 10); } // end f_extractDocumentNumberFromMrz function f_deriveKeys( in octetstring p_keySeed, Loading Loading @@ -303,6 +314,10 @@ return fx_extractPublicKey(p_dgfile, p_publicKey); } // end f_extractPublicKey function f_extractXcoordinateFromEcPublicKey(in octetstring p_ecPublicKey) return octetstring { return fx_extractXcoordinateFromEcPublicKey(p_ecPublicKey); } // end f_extractXcoordinateFromEcPublicKey function f_computeSharedSecret( in octetstring p_privateKeyPicc, in KeyAgreementAlgorithm p_keyAgreementAlgorithm, Loading Loading @@ -479,7 +494,12 @@ f_deriveKeys(v_k, vc_simu.kEnc, vc_simu.kMac); // c) The hash of the inspection system's ephemeral public key H(^PKPCD) for Terminal Authentication. v_h := f_digest(e_sha1, p_publicKeyPcd); if(v_algo == e_dh) { vc_simu.isDhPublicKeyHash := f_digest(e_sha1, p_publicKeyPcd); } else if(v_algo == e_ecdh) { vc_simu.isDhPublicKeyHash := f_extractXcoordinateFromEcPublicKey(p_publicKeyPcd); } } // end f_chipAuthentication Loading Loading @@ -547,6 +567,7 @@ // Prepare basic access keys f_readFileData(c_fileMRZ, 0, -1, v_mrz); f_deriveKeys(f_extractKseedFromMrz(v_mrz), vc_simu.kEnc, vc_simu.kMac); vc_simu.documentNumber := f_extractDocumentNumberFromMrz(v_mrz); // FIXME: Force initialization of vc_simu.securityStatus - Mandatory because it's used in altstep vc_simu.securityStatus := e_noApplication; Loading Loading @@ -679,6 +700,10 @@ } } // end f_setDst function f_setAt(in Chr p_chr) runs on MRTD { vc_simu.at := p_chr; } // end f_setAt function f_getDst() runs on MRTD return Chr { if(ispresent(vc_simu.dst)) { return vc_simu.dst; Loading @@ -688,6 +713,27 @@ } } // end f_getDst function f_getAt() runs on MRTD return Chr { if(ispresent(vc_simu.at)) { return vc_simu.at; } else { return null; } } // end f_getAt function f_getAtPublickey() runs on MRTD return octetstring { var Chr v_at := f_getAt(); if(v_at == null) { return null; } return f_getTrustedPublicKey(v_at); } // end f_getDstPublickey function f_getDstPublickey() runs on MRTD return octetstring { var Chr v_dst := f_getDst(); Loading ePassport/ttcn/ePassport_TestSystem.ttcn +4 −1 Original line number Diff line number Diff line Loading @@ -60,7 +60,10 @@ module ePassport_TestSystem { // Security Environment Chr dst optional, octetstring rndIcc optional, Chr at optional, octetstring challenge optional, octetstring documentNumber optional, octetstring isDhPublicKeyHash optional, // Verdicts from IS IsVerdictList isFailVerdicts, Loading ePassport/ttcn/ePassport_Values.ttcn +2 −1 Original line number Diff line number Diff line Loading @@ -22,6 +22,7 @@ module ePassport_Values { group w1w2Constants { const W1W2Status c_w1w2NormalProcessing := '9000'O; const W1W2Status c_w1w2StateOfNonVolatileMemoryHasChanged := '6300'O; const W1W2Status c_w1w2SecurityStatusNotSatisfied := '6982'O; const W1W2Status c_w1w2ConditionsOfUseNotSatisfied := '6985'O; const W1W2Status c_w1w2NoCurrentEF := '6986'O; Loading @@ -33,7 +34,7 @@ module ePassport_Values { const FileInfo c_noFileInfo := {filename := "", shortFileId := '00'O, longFileId := '0000'O}; const FileInfo c_fileMRZ := {filename := "MRZ", shortFileId := '00'O, longFileId := '0000'O}; const FileInfo c_fileCvcaCert01 := {filename := "CVCA.cert.GRT", shortFileId := '00'O, longFileId := '0000'O}; const FileInfo c_fileCvcaCert01 := {filename := "CVCA.cert.01", shortFileId := '00'O, longFileId := '0000'O}; const FileInfo c_filePrAA := {filename := "DG15.sk", shortFileId := '00'O, longFileId := '0000'O}; const FileInfo c_filePrCA := {filename := "DG14.sk", shortFileId := '00'O, longFileId := '0000'O}; const FileInfo c_fileDG1 := {filename := "EF.DG1", shortFileId := '01'O, longFileId := '0101'O}; Loading Loading
ePassport/ttcn/ePassport_Altsteps.ttcn +20 −12 Original line number Diff line number Diff line Loading @@ -176,10 +176,10 @@ var CommandManageSecurityEnvironment v_mseCommand; var CommandPerformSecurityOperation v_psoCommand; var CommandExternalOrMutualAuthenticate v_extAuthcommand; var octetstring v_rndIcc; var octetstring v_dstCAR, v_atCAR; var charstring v_chr; var octetstring v_certificate, v_signature, v_publicKey; var octetstring v_cleartextChallenge; // reading of the certificate chain [] mrtdport.receive(mw_mseSetDST) -> value v_mseCommand { Loading Loading @@ -233,6 +233,7 @@ [] mrtdport.receive(mw_mseSetAT) -> value v_mseCommand { v_atCAR := v_mseCommand.payload.manageSecurityEnvironmentData .crtAT.crtReferenceOfSecretOrPublicKey.tlvValue; f_setAt(oct2char(v_atCAR)); mrtdport.send(m_responseOK); t_ac.start; repeat; Loading @@ -240,8 +241,8 @@ // The MRTD is waiting a Get_Challenge message in order that the IS requests the RpIcc RND key [] mrtdport.receive(mw_getChallenge) { v_rndIcc := f_generateRandomOctetstring(c_atNonceSize); mrtdport.send(m_responseRead(v_rndIcc)); vc_simu.challenge := f_generateRandomOctetstring(c_atNonceSize); mrtdport.send(m_responseRead(vc_simu.challenge)); t_ac.start; repeat; } Loading @@ -250,14 +251,21 @@ [] mrtdport.receive(mw_extAuthenticate) -> value v_extAuthcommand { v_signature := v_extAuthcommand.payload .externalOrMutualAuthenticateData.challengeResponse; //if(f_verifySignature(v_signature, v_atCAR)) { v_cleartextChallenge := vc_simu.documentNumber & vc_simu.challenge & vc_simu.isDhPublicKeyHash; log("documentNumber", vc_simu.documentNumber); log("challenge", vc_simu.challenge); log("isDhPublicKeyHash", vc_simu.isDhPublicKeyHash); log("v_cleartextChallenge", v_cleartextChallenge); if(f_verifySignature(v_cleartextChallenge, v_signature, f_getAtPublickey())) { f_pushPassResult(enum2int(e_aisTerminalAuthentication)); vc_simu.securityStatus := e_terminalAuthenticated; mrtdport.send(m_responseOK); //} //else { //TODO //} } else { mrtdport.send(m_responseNOK(c_w1w2StateOfNonVolatileMemoryHasChanged)); } t_ac.start; repeat; Loading Loading @@ -289,8 +297,8 @@ [] mrtdport.receive(mw_getChallenge) { // MRTD sends its random challenge to IS vc_simu.rndIcc := f_generateRandomOctetstring(c_bacNonceSize); mrtdport.send(m_responseRead(vc_simu.rndIcc)); vc_simu.challenge := f_generateRandomOctetstring(c_bacNonceSize); mrtdport.send(m_responseRead(vc_simu.challenge)); t_ac.start; repeat; } Loading @@ -302,7 +310,7 @@ // TODO check vc_simu.rndIcc != omit v_response := f_basicAccessControl(vc_simu.rndIcc, v_challengeResponse); v_response := f_basicAccessControl(vc_simu.challenge, v_challengeResponse); mrtdport.send(m_responseRead(v_response)); vc_simu.securityStatus := e_basicAccessControl; t_ac.start; Loading
ePassport/ttcn/ePassport_Functions.ttcn +49 −3 Original line number Diff line number Diff line Loading @@ -168,6 +168,13 @@ */ external function fx_computeSignature(in SignatureAlgorithm p_algorithm, in octetstring p_key, in octetstring p_data) return octetstring; /** * @desc Extract X-Coordinate from EC public key * @param p_publicKey EC public key as returned by fx_extractPublicKey * @return X-Coordinate of EC public key */ external function fx_extractXcoordinateFromEcPublicKey(in octetstring p_ecPublicKey) return octetstring; } // end securityExternalFunctions group fileExternalFunctions { Loading Loading @@ -224,7 +231,11 @@ fx_deriveKeySeedFromMRZ(p_mrz, v_kSeed); return v_kSeed; } } // end f_extractKseedFromMrz function f_extractDocumentNumberFromMrz(in octetstring p_mrz) return octetstring { return substr(p_mrz, lengthof(p_mrz) / 2, 10); } // end f_extractDocumentNumberFromMrz function f_deriveKeys( in octetstring p_keySeed, Loading Loading @@ -303,6 +314,10 @@ return fx_extractPublicKey(p_dgfile, p_publicKey); } // end f_extractPublicKey function f_extractXcoordinateFromEcPublicKey(in octetstring p_ecPublicKey) return octetstring { return fx_extractXcoordinateFromEcPublicKey(p_ecPublicKey); } // end f_extractXcoordinateFromEcPublicKey function f_computeSharedSecret( in octetstring p_privateKeyPicc, in KeyAgreementAlgorithm p_keyAgreementAlgorithm, Loading Loading @@ -479,7 +494,12 @@ f_deriveKeys(v_k, vc_simu.kEnc, vc_simu.kMac); // c) The hash of the inspection system's ephemeral public key H(^PKPCD) for Terminal Authentication. v_h := f_digest(e_sha1, p_publicKeyPcd); if(v_algo == e_dh) { vc_simu.isDhPublicKeyHash := f_digest(e_sha1, p_publicKeyPcd); } else if(v_algo == e_ecdh) { vc_simu.isDhPublicKeyHash := f_extractXcoordinateFromEcPublicKey(p_publicKeyPcd); } } // end f_chipAuthentication Loading Loading @@ -547,6 +567,7 @@ // Prepare basic access keys f_readFileData(c_fileMRZ, 0, -1, v_mrz); f_deriveKeys(f_extractKseedFromMrz(v_mrz), vc_simu.kEnc, vc_simu.kMac); vc_simu.documentNumber := f_extractDocumentNumberFromMrz(v_mrz); // FIXME: Force initialization of vc_simu.securityStatus - Mandatory because it's used in altstep vc_simu.securityStatus := e_noApplication; Loading Loading @@ -679,6 +700,10 @@ } } // end f_setDst function f_setAt(in Chr p_chr) runs on MRTD { vc_simu.at := p_chr; } // end f_setAt function f_getDst() runs on MRTD return Chr { if(ispresent(vc_simu.dst)) { return vc_simu.dst; Loading @@ -688,6 +713,27 @@ } } // end f_getDst function f_getAt() runs on MRTD return Chr { if(ispresent(vc_simu.at)) { return vc_simu.at; } else { return null; } } // end f_getAt function f_getAtPublickey() runs on MRTD return octetstring { var Chr v_at := f_getAt(); if(v_at == null) { return null; } return f_getTrustedPublicKey(v_at); } // end f_getDstPublickey function f_getDstPublickey() runs on MRTD return octetstring { var Chr v_dst := f_getDst(); Loading
ePassport/ttcn/ePassport_TestSystem.ttcn +4 −1 Original line number Diff line number Diff line Loading @@ -60,7 +60,10 @@ module ePassport_TestSystem { // Security Environment Chr dst optional, octetstring rndIcc optional, Chr at optional, octetstring challenge optional, octetstring documentNumber optional, octetstring isDhPublicKeyHash optional, // Verdicts from IS IsVerdictList isFailVerdicts, Loading
ePassport/ttcn/ePassport_Values.ttcn +2 −1 Original line number Diff line number Diff line Loading @@ -22,6 +22,7 @@ module ePassport_Values { group w1w2Constants { const W1W2Status c_w1w2NormalProcessing := '9000'O; const W1W2Status c_w1w2StateOfNonVolatileMemoryHasChanged := '6300'O; const W1W2Status c_w1w2SecurityStatusNotSatisfied := '6982'O; const W1W2Status c_w1w2ConditionsOfUseNotSatisfied := '6985'O; const W1W2Status c_w1w2NoCurrentEF := '6986'O; Loading @@ -33,7 +34,7 @@ module ePassport_Values { const FileInfo c_noFileInfo := {filename := "", shortFileId := '00'O, longFileId := '0000'O}; const FileInfo c_fileMRZ := {filename := "MRZ", shortFileId := '00'O, longFileId := '0000'O}; const FileInfo c_fileCvcaCert01 := {filename := "CVCA.cert.GRT", shortFileId := '00'O, longFileId := '0000'O}; const FileInfo c_fileCvcaCert01 := {filename := "CVCA.cert.01", shortFileId := '00'O, longFileId := '0000'O}; const FileInfo c_filePrAA := {filename := "DG15.sk", shortFileId := '00'O, longFileId := '0000'O}; const FileInfo c_filePrCA := {filename := "DG14.sk", shortFileId := '00'O, longFileId := '0000'O}; const FileInfo c_fileDG1 := {filename := "EF.DG1", shortFileId := '01'O, longFileId := '0101'O}; Loading
