Loading ePassport/ttcn/ePassport_Altsteps.ttcn +28 −13 Original line number Diff line number Diff line Loading @@ -73,8 +73,10 @@ f_pushPassResult(e_aisBacAuthentication); } // Passive Authentication if(not(match(vc_simu.isFailVerdicts, superset(e_aisPassiveAuthentication)))) { // Passive Authentication => Pass only if "No Failure" or TA failure if(match(vc_simu.isFailVerdicts, IsVerdictList:{}) or (not(match(vc_simu.isFailVerdicts, superset(e_aisPassiveAuthentication))) and not(match(vc_simu.isFailVerdicts, superset(e_aisBacAuthentication))))) { f_pushPassResult(e_aisPassiveAuthentication); } Loading Loading @@ -159,18 +161,27 @@ [] t_guard.timeout { log("**** a_default: Error: Lifetime of testcase has expired. Sopping TC now. ****"); setverdict(inconc); f_cleanUp(); stop; } [] any timer.timeout { log("**** a_default: Error: Unexpected timeout occured. ****"); setverdict(inconc); f_cleanUp(); stop; } [] mrtdport.receive { [] mrtdport.receive(mw_genericCommand) { log("**** a_default: Error: Unexpected message received. ****"); mrtdport.send(m_responseNOK(c_w1w2InstructionCodeNotSupportedOrInvalid)); setverdict(inconc); f_cleanUp(); stop; } [] mrtdport.receive { log("**** a_default: Error: Unexpected message received. ****"); mrtdport.send(m_responseNOK(c_w1w2InstructionCodeNotSupportedOrInvalid)); setverdict(inconc); f_cleanUp(); stop; } } Loading Loading @@ -362,11 +373,15 @@ if(ispresent(v_command.payload.manageSecurityEnvironmentData.crtKAT.crtReferenceOfSessionOrPrivateKey)) { v_keyReference := v_command.payload.manageSecurityEnvironmentData.crtKAT.crtReferenceOfSessionOrPrivateKey.tlvValue; } f_chipAuthentication(v_publicKeyPcd, v_keyReference); if(f_chipAuthentication(v_publicKeyPcd, v_keyReference)) { mrtdport.send(m_responseOK); vc_simu.securityStatus := e_chipAuthenticated; f_setKeysForSecureMessaging(vc_simu.kEnc & vc_simu.kMac); f_setInitialSscForMessageAuthentication(c_8ZeroBytes); } else { mrtdport.send(m_responseNOK(c_w1w2SecurityRelatedIssues)); } t_ac.start; repeat; } Loading ePassport/ttcn/ePassport_Functions.ttcn +19 −11 Original line number Diff line number Diff line Loading @@ -334,7 +334,7 @@ function f_verifyCertificate(in octetstring p_candidateCert, in octetstring p_trustedCert) return boolean { if(p_trustedCert == null) { if(p_trustedCert == ''O) { return false; } return fx_verifyCertificate(p_candidateCert, p_trustedCert); Loading Loading @@ -502,7 +502,9 @@ return f_encrypt(e_rsa, v_aaPrivateKey, v_f); //FIXME Algorithm! } function f_chipAuthentication(in octetstring p_publicKeyPcd, in octetstring p_keyReference) runs on MRTD { function f_chipAuthentication(in octetstring p_publicKeyPcd, in octetstring p_keyReference) runs on MRTD return boolean { var octetstring v_k := ''O; var octetstring v_h; Loading @@ -522,6 +524,11 @@ // FIXME: check read file result and send 6A80 if file not found (means bad reference) v_algo := f_computeSharedSecret(v_dg14PrivateKey, p_publicKeyPcd, v_k); if(v_algo == e_invalid) { log("**** f_chipAuthentication: ERROR: Invalid key agreement algorithm ****"); return false; } // b) The session keys KMAC and KEnc derived from K for Secure Messaging. f_deriveKeys(v_k, vc_simu.kEnc, vc_simu.kMac); Loading @@ -538,6 +545,8 @@ vc_simu.isDhPublicKeyHash := f_extractXcoordinateFromEcPublicKey(p_publicKeyPcd); } return true; } // end f_chipAuthentication } Loading Loading @@ -799,7 +808,7 @@ return vc_simu.dst; } else { return null; return ""; } } // end f_getDst Loading @@ -808,7 +817,7 @@ return vc_simu.at; } else { return null; return ""; } } // end f_getAt Loading @@ -816,8 +825,8 @@ var Chr v_at := f_getAt(); if(v_at == null) { return null; if(v_at == "") { return ''O; } return f_getTrustedPublicKey(v_at); Loading @@ -828,8 +837,8 @@ var Chr v_dst := f_getDst(); if(v_dst == null) { return null; if(v_dst == "") { return ''O; } return f_getTrustedPublicKey(v_dst); Loading @@ -841,7 +850,7 @@ var integer i; if(not ispresent(vc_simu.trustedCertificates)) { return null; return ''O; } for(i:=0; i<sizeof(vc_simu.trustedCertificates); i:=i+1) { Loading @@ -850,7 +859,7 @@ } } // end f_getTrustedPublicKey return null; return ''O; } // end f_getTrustedCertificate Loading Loading @@ -1064,4 +1073,3 @@ } // end ePassport_Functions ePassport/ttcn/ePassport_Pixits.ttcn +16 −27 Original line number Diff line number Diff line Loading @@ -20,32 +20,22 @@ module ePassport_Pixits { /** * @desc Vendor name for the ePassport equipment */ modulepar { charstring PXT_DRIVER_PROVIDER_CLASS_NAME := "org.etsi.epassport.comprion.ComprionImplFactory"; }; modulepar charstring PXT_DRIVER_PROVIDER_CLASS_NAME := "org.etsi.epassport.comprion.ComprionImplFactory"; /** * @desc Vendor name for the IS equipment */ modulepar { charstring PXT_IS_DRIVER_PROVIDER_CLASS_NAME := "org.etsi.epassport.grt.GRTImplFactory"; }; modulepar charstring PXT_IS_DRIVER_PROVIDER_CLASS_NAME := "org.etsi.epassport.grt.GRTImplFactory"; /** * @desc Vendor IP address for the IS equipment (Remote IP;Remote port;Local port) */ modulepar { charstring PXT_IS_DRIVER_IP := "127.0.0.1;5000;5001"; }; modulepar charstring PXT_IS_DRIVER_IP := "127.0.0.1;5000;5001"; /** * @desc Activate debug mode */ modulepar { boolean PXT_DEBUG_MODE := false; }; modulepar boolean PXT_DEBUG_MODE := false; } // end testAdapterPixits Loading @@ -62,20 +52,20 @@ module ePassport_Pixits { /** @desc Precision of timers in percentage (default is 5 percent). */ modulepar { float PXT_TIMER_PRECISION := 5.0 } modulepar float PXT_TIMER_PRECISION := 5.0; /** @desc Guard timer to control a reaction from the IUT to a stimulus sent by the tester (e.g. a message). On expiry of this timer, the IUT is considered not to be be able to send the expected response. */ modulepar {float PXT_TAC := 2.0} modulepar float PXT_TAC := 2.0; /** @desc Guard timer to control a non-reaction from the IUT to a stimulus sent by the tester (e.g. a message). On expiry of this timer, it is considered that, as it is expected in the test purpose, the IUT has not responded to the stimulus. */ modulepar {float PXT_TNOAC := 5.0} modulepar float PXT_TNOAC := 5.0; /** @desc Wait for an implicit send. This guard timer is used to limitated the time where the tester is waiting Loading @@ -83,7 +73,7 @@ module ePassport_Pixits { On expiry of this timer, it is considered that the action has not succeeded, and thus the test case will be terminated with the verdict inconclusive. */ modulepar {float PXT_TWAIT := 60.0} modulepar float PXT_TWAIT := 60.0; /** Loading @@ -92,15 +82,15 @@ module ePassport_Pixits { On expiry of this timer, it is considered that the test case did not finish within the given test cae life time, and will therefore be terminated. */ modulepar {float PXT_TGUARD := 300.0} modulepar float PXT_TGUARD := 300.0; } // end commonTimerPixits } // end commonPixits group securityPixits { modulepar {integer PXT_ACTIVE_AUTH_MODULUS_LENGTH := 1024} modulepar {HashAlgorithm PXT_ACTIVE_AUTH_HASH_ALGORITHM := e_sha1} modulepar integer PXT_ACTIVE_AUTH_MODULUS_LENGTH := 1024; modulepar HashAlgorithm PXT_ACTIVE_AUTH_HASH_ALGORITHM := e_sha1; } // end securityPixits Loading @@ -109,15 +99,14 @@ module ePassport_Pixits { /** * @desc Root directory containing ePassport files (EF.*, MRZ, ...) */ modulepar {charstring PXT_EPASSPORT_DATA_ROOT := "G:/FSCOM/STF400/trunk/Helpers/ElementFilesImpl/ePassportData/"} modulepar charstring PXT_EPASSPORT_DATA_ROOT := "G:/FSCOM/STF400/trunk/Helpers/ElementFilesImpl/ePassportData/"; } // end ePassportPixits group iutPixits { modulepar {boolean PXT_AUTOMATIC_TEST_INTERFACE := false} modulepar boolean PXT_AUTOMATIC_TEST_INTERFACE := false; } // end iutPixits } // end ePassport_Pixits ePassport/ttcn/ePassport_Templates.ttcn +10 −1 Original line number Diff line number Diff line Loading @@ -156,6 +156,15 @@ module ePassport_Templates { lengthE := omit } template CommandGeneric mw_genericCommand := { class := mw_class_00, ins := ?, params := ?, lengthC := *, payload := *, lengthE := * } template CommandReadBinary mw_readShortEF (ShortFileId p_shortFileId) := { class := mw_class_00, ins := e_readBinary, Loading ePassport/ttcn/ePassport_Testcases.ttcn +9 −6 Original line number Diff line number Diff line Loading @@ -305,7 +305,7 @@ module ePassport_Testcases { testcase TC_ISO7816_C03() runs on MRTD system MRTD_System { var template IsVerdictList vt_expectedFailResults := {e_aisCommunication}; var template IsVerdictList vt_expectedPassResults := {e_aisBacAuthentication}; var template IsVerdictList vt_expectedPassResults := {e_aisBacAuthentication, e_aisPassiveAuthentication}; // Preamble f_cfUp(); Loading Loading @@ -505,7 +505,7 @@ module ePassport_Testcases { // Preamble f_cfUp(); f_initializeMRTD("CFG.EAC.ISO7816.E06"); f_initializeIS(""); f_initializeIS("WARNING: Ensure that IS uses IS_Cert08"); // Test Body t_ac.start(PXT_TWAIT); Loading Loading @@ -752,6 +752,7 @@ module ePassport_Testcases { // Preamble f_cfUp(); f_initializeMRTD("CFG.EAC.ISO7816.E28"); f_initializeIS(""); // Test Body t_ac.start(PXT_TWAIT); Loading Loading @@ -990,7 +991,7 @@ module ePassport_Testcases { // Preamble f_cfUp(); f_initializeMRTD("CFG.BAC.LDS.B22"); f_initializeIS(""); f_initializeIS("WARNING: This testcase uses a special optical MRZ"); // Test Body t_ac.start(PXT_TWAIT); Loading Loading @@ -1653,7 +1654,8 @@ module ePassport_Testcases { var template IsVerdictList vt_expectedPassResults := { e_aisBacAuthentication, e_aisPassiveAuthentication, e_aisCommunication e_aisCommunication, e_aisChipAuthentication }; // Preamble Loading Loading @@ -1698,7 +1700,8 @@ module ePassport_Testcases { var template IsVerdictList vt_expectedPassResults := { e_aisBacAuthentication, e_aisPassiveAuthentication, e_aisCommunication e_aisCommunication, e_aisChipAuthentication }; // Preamble Loading Loading
ePassport/ttcn/ePassport_Altsteps.ttcn +28 −13 Original line number Diff line number Diff line Loading @@ -73,8 +73,10 @@ f_pushPassResult(e_aisBacAuthentication); } // Passive Authentication if(not(match(vc_simu.isFailVerdicts, superset(e_aisPassiveAuthentication)))) { // Passive Authentication => Pass only if "No Failure" or TA failure if(match(vc_simu.isFailVerdicts, IsVerdictList:{}) or (not(match(vc_simu.isFailVerdicts, superset(e_aisPassiveAuthentication))) and not(match(vc_simu.isFailVerdicts, superset(e_aisBacAuthentication))))) { f_pushPassResult(e_aisPassiveAuthentication); } Loading Loading @@ -159,18 +161,27 @@ [] t_guard.timeout { log("**** a_default: Error: Lifetime of testcase has expired. Sopping TC now. ****"); setverdict(inconc); f_cleanUp(); stop; } [] any timer.timeout { log("**** a_default: Error: Unexpected timeout occured. ****"); setverdict(inconc); f_cleanUp(); stop; } [] mrtdport.receive { [] mrtdport.receive(mw_genericCommand) { log("**** a_default: Error: Unexpected message received. ****"); mrtdport.send(m_responseNOK(c_w1w2InstructionCodeNotSupportedOrInvalid)); setverdict(inconc); f_cleanUp(); stop; } [] mrtdport.receive { log("**** a_default: Error: Unexpected message received. ****"); mrtdport.send(m_responseNOK(c_w1w2InstructionCodeNotSupportedOrInvalid)); setverdict(inconc); f_cleanUp(); stop; } } Loading Loading @@ -362,11 +373,15 @@ if(ispresent(v_command.payload.manageSecurityEnvironmentData.crtKAT.crtReferenceOfSessionOrPrivateKey)) { v_keyReference := v_command.payload.manageSecurityEnvironmentData.crtKAT.crtReferenceOfSessionOrPrivateKey.tlvValue; } f_chipAuthentication(v_publicKeyPcd, v_keyReference); if(f_chipAuthentication(v_publicKeyPcd, v_keyReference)) { mrtdport.send(m_responseOK); vc_simu.securityStatus := e_chipAuthenticated; f_setKeysForSecureMessaging(vc_simu.kEnc & vc_simu.kMac); f_setInitialSscForMessageAuthentication(c_8ZeroBytes); } else { mrtdport.send(m_responseNOK(c_w1w2SecurityRelatedIssues)); } t_ac.start; repeat; } Loading
ePassport/ttcn/ePassport_Functions.ttcn +19 −11 Original line number Diff line number Diff line Loading @@ -334,7 +334,7 @@ function f_verifyCertificate(in octetstring p_candidateCert, in octetstring p_trustedCert) return boolean { if(p_trustedCert == null) { if(p_trustedCert == ''O) { return false; } return fx_verifyCertificate(p_candidateCert, p_trustedCert); Loading Loading @@ -502,7 +502,9 @@ return f_encrypt(e_rsa, v_aaPrivateKey, v_f); //FIXME Algorithm! } function f_chipAuthentication(in octetstring p_publicKeyPcd, in octetstring p_keyReference) runs on MRTD { function f_chipAuthentication(in octetstring p_publicKeyPcd, in octetstring p_keyReference) runs on MRTD return boolean { var octetstring v_k := ''O; var octetstring v_h; Loading @@ -522,6 +524,11 @@ // FIXME: check read file result and send 6A80 if file not found (means bad reference) v_algo := f_computeSharedSecret(v_dg14PrivateKey, p_publicKeyPcd, v_k); if(v_algo == e_invalid) { log("**** f_chipAuthentication: ERROR: Invalid key agreement algorithm ****"); return false; } // b) The session keys KMAC and KEnc derived from K for Secure Messaging. f_deriveKeys(v_k, vc_simu.kEnc, vc_simu.kMac); Loading @@ -538,6 +545,8 @@ vc_simu.isDhPublicKeyHash := f_extractXcoordinateFromEcPublicKey(p_publicKeyPcd); } return true; } // end f_chipAuthentication } Loading Loading @@ -799,7 +808,7 @@ return vc_simu.dst; } else { return null; return ""; } } // end f_getDst Loading @@ -808,7 +817,7 @@ return vc_simu.at; } else { return null; return ""; } } // end f_getAt Loading @@ -816,8 +825,8 @@ var Chr v_at := f_getAt(); if(v_at == null) { return null; if(v_at == "") { return ''O; } return f_getTrustedPublicKey(v_at); Loading @@ -828,8 +837,8 @@ var Chr v_dst := f_getDst(); if(v_dst == null) { return null; if(v_dst == "") { return ''O; } return f_getTrustedPublicKey(v_dst); Loading @@ -841,7 +850,7 @@ var integer i; if(not ispresent(vc_simu.trustedCertificates)) { return null; return ''O; } for(i:=0; i<sizeof(vc_simu.trustedCertificates); i:=i+1) { Loading @@ -850,7 +859,7 @@ } } // end f_getTrustedPublicKey return null; return ''O; } // end f_getTrustedCertificate Loading Loading @@ -1064,4 +1073,3 @@ } // end ePassport_Functions
ePassport/ttcn/ePassport_Pixits.ttcn +16 −27 Original line number Diff line number Diff line Loading @@ -20,32 +20,22 @@ module ePassport_Pixits { /** * @desc Vendor name for the ePassport equipment */ modulepar { charstring PXT_DRIVER_PROVIDER_CLASS_NAME := "org.etsi.epassport.comprion.ComprionImplFactory"; }; modulepar charstring PXT_DRIVER_PROVIDER_CLASS_NAME := "org.etsi.epassport.comprion.ComprionImplFactory"; /** * @desc Vendor name for the IS equipment */ modulepar { charstring PXT_IS_DRIVER_PROVIDER_CLASS_NAME := "org.etsi.epassport.grt.GRTImplFactory"; }; modulepar charstring PXT_IS_DRIVER_PROVIDER_CLASS_NAME := "org.etsi.epassport.grt.GRTImplFactory"; /** * @desc Vendor IP address for the IS equipment (Remote IP;Remote port;Local port) */ modulepar { charstring PXT_IS_DRIVER_IP := "127.0.0.1;5000;5001"; }; modulepar charstring PXT_IS_DRIVER_IP := "127.0.0.1;5000;5001"; /** * @desc Activate debug mode */ modulepar { boolean PXT_DEBUG_MODE := false; }; modulepar boolean PXT_DEBUG_MODE := false; } // end testAdapterPixits Loading @@ -62,20 +52,20 @@ module ePassport_Pixits { /** @desc Precision of timers in percentage (default is 5 percent). */ modulepar { float PXT_TIMER_PRECISION := 5.0 } modulepar float PXT_TIMER_PRECISION := 5.0; /** @desc Guard timer to control a reaction from the IUT to a stimulus sent by the tester (e.g. a message). On expiry of this timer, the IUT is considered not to be be able to send the expected response. */ modulepar {float PXT_TAC := 2.0} modulepar float PXT_TAC := 2.0; /** @desc Guard timer to control a non-reaction from the IUT to a stimulus sent by the tester (e.g. a message). On expiry of this timer, it is considered that, as it is expected in the test purpose, the IUT has not responded to the stimulus. */ modulepar {float PXT_TNOAC := 5.0} modulepar float PXT_TNOAC := 5.0; /** @desc Wait for an implicit send. This guard timer is used to limitated the time where the tester is waiting Loading @@ -83,7 +73,7 @@ module ePassport_Pixits { On expiry of this timer, it is considered that the action has not succeeded, and thus the test case will be terminated with the verdict inconclusive. */ modulepar {float PXT_TWAIT := 60.0} modulepar float PXT_TWAIT := 60.0; /** Loading @@ -92,15 +82,15 @@ module ePassport_Pixits { On expiry of this timer, it is considered that the test case did not finish within the given test cae life time, and will therefore be terminated. */ modulepar {float PXT_TGUARD := 300.0} modulepar float PXT_TGUARD := 300.0; } // end commonTimerPixits } // end commonPixits group securityPixits { modulepar {integer PXT_ACTIVE_AUTH_MODULUS_LENGTH := 1024} modulepar {HashAlgorithm PXT_ACTIVE_AUTH_HASH_ALGORITHM := e_sha1} modulepar integer PXT_ACTIVE_AUTH_MODULUS_LENGTH := 1024; modulepar HashAlgorithm PXT_ACTIVE_AUTH_HASH_ALGORITHM := e_sha1; } // end securityPixits Loading @@ -109,15 +99,14 @@ module ePassport_Pixits { /** * @desc Root directory containing ePassport files (EF.*, MRZ, ...) */ modulepar {charstring PXT_EPASSPORT_DATA_ROOT := "G:/FSCOM/STF400/trunk/Helpers/ElementFilesImpl/ePassportData/"} modulepar charstring PXT_EPASSPORT_DATA_ROOT := "G:/FSCOM/STF400/trunk/Helpers/ElementFilesImpl/ePassportData/"; } // end ePassportPixits group iutPixits { modulepar {boolean PXT_AUTOMATIC_TEST_INTERFACE := false} modulepar boolean PXT_AUTOMATIC_TEST_INTERFACE := false; } // end iutPixits } // end ePassport_Pixits
ePassport/ttcn/ePassport_Templates.ttcn +10 −1 Original line number Diff line number Diff line Loading @@ -156,6 +156,15 @@ module ePassport_Templates { lengthE := omit } template CommandGeneric mw_genericCommand := { class := mw_class_00, ins := ?, params := ?, lengthC := *, payload := *, lengthE := * } template CommandReadBinary mw_readShortEF (ShortFileId p_shortFileId) := { class := mw_class_00, ins := e_readBinary, Loading
ePassport/ttcn/ePassport_Testcases.ttcn +9 −6 Original line number Diff line number Diff line Loading @@ -305,7 +305,7 @@ module ePassport_Testcases { testcase TC_ISO7816_C03() runs on MRTD system MRTD_System { var template IsVerdictList vt_expectedFailResults := {e_aisCommunication}; var template IsVerdictList vt_expectedPassResults := {e_aisBacAuthentication}; var template IsVerdictList vt_expectedPassResults := {e_aisBacAuthentication, e_aisPassiveAuthentication}; // Preamble f_cfUp(); Loading Loading @@ -505,7 +505,7 @@ module ePassport_Testcases { // Preamble f_cfUp(); f_initializeMRTD("CFG.EAC.ISO7816.E06"); f_initializeIS(""); f_initializeIS("WARNING: Ensure that IS uses IS_Cert08"); // Test Body t_ac.start(PXT_TWAIT); Loading Loading @@ -752,6 +752,7 @@ module ePassport_Testcases { // Preamble f_cfUp(); f_initializeMRTD("CFG.EAC.ISO7816.E28"); f_initializeIS(""); // Test Body t_ac.start(PXT_TWAIT); Loading Loading @@ -990,7 +991,7 @@ module ePassport_Testcases { // Preamble f_cfUp(); f_initializeMRTD("CFG.BAC.LDS.B22"); f_initializeIS(""); f_initializeIS("WARNING: This testcase uses a special optical MRZ"); // Test Body t_ac.start(PXT_TWAIT); Loading Loading @@ -1653,7 +1654,8 @@ module ePassport_Testcases { var template IsVerdictList vt_expectedPassResults := { e_aisBacAuthentication, e_aisPassiveAuthentication, e_aisCommunication e_aisCommunication, e_aisChipAuthentication }; // Preamble Loading Loading @@ -1698,7 +1700,8 @@ module ePassport_Testcases { var template IsVerdictList vt_expectedPassResults := { e_aisBacAuthentication, e_aisPassiveAuthentication, e_aisCommunication e_aisCommunication, e_aisChipAuthentication }; // Preamble Loading
