Loading ePassport/ttcn/ePassport_Altsteps.ttcn +93 −75 Original line number Diff line number Diff line Loading @@ -84,11 +84,10 @@ var CommandGeneric v_report; [] mgmtport.receive(mw_report(int2oct(enum2int(e_aisNoFailure), 2))) { // TODO f_pushPassResult(enum2int(e_aisNoFailure)); } [] mgmtport.receive(mw_report(?)) -> value v_report { vc_simu.isFailVerdicts[sizeof(vc_simu.isFailVerdicts)] := oct2int(v_report.payload.genericData.data[0]); f_pushFailResult(oct2int(v_report.payload.genericData.data[0])); repeat; } Loading @@ -101,19 +100,20 @@ // Start the MRTD Test sequence : Standard Inspection Procedure (SIP) altstep a_standardInspectionProcedure() runs on MRTD { [] a_waitApplication(); [vc_simu.securityStatus == e_noApplication] a_waitApplication(); [vc_simu.securityStatus > e_noApplication and vc_simu.securityStatus < e_basicAccessControl] a_bac(); [vc_simu.securityStatus >= e_basicAccessControl] a_activeAuthentication(); [vc_simu.securityStatus >= e_basicAccessControl and not(vc_simu.activeAuthenticationPerformed)] a_activeAuthentication(); } // end a_standardInspectionProcedure // Start the MRTD Test sequence : Advanced Inspection Procedure (AIP) including EAC altstep a_advancedInspectionProcedure() runs on MRTD { [] a_waitApplication(); [vc_simu.securityStatus == e_noApplication] a_waitApplication(); [vc_simu.securityStatus > e_noApplication and vc_simu.securityStatus < e_basicAccessControl] a_bac(); Loading @@ -121,9 +121,11 @@ [vc_simu.securityStatus >= e_basicAccessControl and vc_simu.securityStatus < e_chipAuthenticated] a_chipAuthentication(); [vc_simu.securityStatus >= e_basicAccessControl] a_activeAuthentication(); [vc_simu.securityStatus >= e_chipAuthenticated and vc_simu.securityStatus < e_terminalAuthenticated] a_terminalAuthentication(); [vc_simu.securityStatus >= e_chipAuthenticated] a_terminalAuthentication(); [vc_simu.securityStatus >= e_basicAccessControl and not(vc_simu.activeAuthenticationPerformed)] a_activeAuthentication(); } // end a_standardInspectionProcedure Loading @@ -142,6 +144,8 @@ .internalAuthenticateData.challenge; v_response := f_activeAuthentication(v_rndIfd); mrtdport.send(m_responseRead(v_response)); vc_simu.activeAuthenticationPerformed := true; t_ac.start; repeat; } } // end a_activeAuthentication Loading @@ -161,6 +165,7 @@ vc_simu.securityStatus := e_chipAuthenticated; f_setKeysForSecureMessaging(vc_simu.kEnc & vc_simu.kMac); f_setInitialSscForMessageAuthentication(c_8ZeroBytes); t_ac.start; repeat; } } // end a_chipAuthentication Loading @@ -181,6 +186,7 @@ v_dstCAR := v_mseCommand.payload .manageSecurityEnvironmentData.crtDST .crtReferenceOfSecretOrPublicKey.tlvValue; if(f_isTrustedCertificate(oct2char(v_dstCAR))) { f_setDst(oct2char(v_dstCAR)); mrtdport.send(m_responseOK); Loading @@ -188,7 +194,7 @@ else { mrtdport.send(m_responseNOK(c_w1w2ReferencedDataOrReferenceDataNotFound)); } t_ac.start; repeat; } Loading @@ -203,7 +209,7 @@ // in order to verify IS and DV and link CAVA certificates. // FIXME : ifpresent, ifchosen v_certificate := bit2oct(encvalue(v_psoCommand.payload.performSecurityOperationData.psoVerifyCertificate .psoVerifyCertificateOverFullTemplate.cvCertificateBody.tlvValue)); .psoVerifyCertificateOverFullTemplate.cvCertificateBody)); v_publicKey := v_psoCommand.payload.performSecurityOperationData.psoVerifyCertificate .psoVerifyCertificateOverFullTemplate.cvCertificateBody.tlvValue.cvPublicKey.tlvValue; v_signature := v_psoCommand.payload.performSecurityOperationData.psoVerifyCertificate Loading @@ -217,8 +223,9 @@ mrtdport.send(m_responseOK); } else { //TODO: error mrtdport.send(m_responseNOK(c_w1w2ConditionsOfUseNotSatisfied)); } t_ac.start; repeat; } Loading @@ -227,6 +234,7 @@ v_atCAR := v_mseCommand.payload.manageSecurityEnvironmentData .crtAT.crtReferenceOfSecretOrPublicKey.tlvValue; mrtdport.send(m_responseOK); t_ac.start; repeat; } Loading @@ -234,6 +242,7 @@ [] mrtdport.receive(mw_getChallenge) { v_rndIcc := f_generateRandomOctetstring(c_atNonceSize); mrtdport.send(m_responseRead(v_rndIcc)); t_ac.start; repeat; } Loading @@ -242,6 +251,7 @@ v_signature := v_extAuthcommand.payload .externalOrMutualAuthenticateData.challengeResponse; //if(f_verifySignature(v_signature, v_atCAR)) { f_pushPassResult(enum2int(e_aisTerminalAuthentication)); vc_simu.securityStatus := e_terminalAuthenticated; mrtdport.send(m_responseOK); //} Loading @@ -249,7 +259,7 @@ //TODO //} t_ac.start; repeat; } Loading @@ -265,14 +275,12 @@ [] mrtdport.receive(mw_selectApplication) { mrtdport.send(m_responseOK); vc_simu.securityStatus := e_noSecurity; t_ac.start; repeat; } } //end a_waitApplication altstep a_bac() runs on MRTD { var CommandExternalOrMutualAuthenticate v_command; Loading @@ -283,6 +291,7 @@ // MRTD sends its random challenge to IS vc_simu.rndIcc := f_generateRandomOctetstring(c_bacNonceSize); mrtdport.send(m_responseRead(vc_simu.rndIcc)); t_ac.start; repeat; } Loading @@ -296,6 +305,7 @@ v_response := f_basicAccessControl(vc_simu.rndIcc, v_challengeResponse); mrtdport.send(m_responseRead(v_response)); vc_simu.securityStatus := e_basicAccessControl; t_ac.start; repeat; } Loading @@ -312,6 +322,30 @@ var integer v_offset; var W1W2Status v_result; // READ Command (using current EF) [] mrtdport.receive(mw_readCurrentEF) -> value v_readCommand { // Check current file v_logicalChannel := f_getLogicalChannel(v_readCommand.class); if(vc_simu.currentFiles[v_logicalChannel] == c_noFileInfo) { //TODO log("vc_simu.currentFiles[v_logicalChannel]: ", vc_simu.currentFiles[v_logicalChannel]); log("c_noFileInfo", c_noFileInfo); mrtdport.send(m_responseNOK(c_w1w2NoCurrentEF)); t_ac.start; repeat; } v_offset := v_readCommand.params.longOffset.offset; v_dataLength := v_readCommand.lengthE; v_result := f_readFileData(vc_simu.currentFiles[v_logicalChannel], v_offset, v_dataLength, v_data); mrtdport.send(m_responseReadWithStatus(v_data, v_result)); t_ac.start; repeat; } // SELECT Command [] mrtdport.receive(mw_selectByFileId(p_file.longFileId)) -> value v_selectCommand { Loading @@ -321,6 +355,7 @@ vc_simu.currentFiles[v_logicalChannel] := getFileByLongId(p_file.longFileId); mrtdport.send(m_responseOK); t_ac.start; repeat; } Loading @@ -338,20 +373,39 @@ v_result := f_readFileData(vc_simu.currentFiles[v_logicalChannel], v_offset, v_dataLength, v_data); mrtdport.send(m_responseReadWithStatus(v_data, v_result)); t_ac.start; repeat; } // TODO: receive statements for B1 } // end of a_readFile //FIXME: duplicated code altstep a_readAnyFile() runs on MRTD { var CommandSelect v_selectCommand; var CommandReadBinary v_readCommand; var integer v_logicalChannel; var LongFileId v_longFileId; var ShortFileId v_shortFileId; var octetstring v_data := ''O; var integer v_dataLength; var integer v_offset; var W1W2Status v_result; // READ Command (using current EF) [] mrtdport.receive(mw_readCurrentEF) -> value v_readCommand { // Check current file v_logicalChannel := f_getLogicalChannel(v_readCommand.class); if(vc_simu.currentFiles[v_logicalChannel] == c_noFileInfo) { if(match(vc_simu.currentFiles[v_logicalChannel], c_noFileInfo)) { //TODO log("vc_simu.currentFiles[v_logicalChannel]: ", vc_simu.currentFiles[v_logicalChannel]); log("c_noFileInfo", c_noFileInfo); mrtdport.send(m_responseNOK(c_w1w2NoCurrentEF)); t_ac.start; repeat; } Loading @@ -361,28 +415,10 @@ v_result := f_readFileData(vc_simu.currentFiles[v_logicalChannel], v_offset, v_dataLength, v_data); mrtdport.send(m_responseReadWithStatus(v_data, v_result)); t_ac.start; repeat; } // TODO: receive statements for B1 } // end of a_readFile //FIXME: duplicated code altstep a_readAnyFile() runs on MRTD { var CommandSelect v_selectCommand; var CommandReadBinary v_readCommand; var integer v_logicalChannel; var LongFileId v_longFileId; var ShortFileId v_shortFileId; var octetstring v_data := ''O; var integer v_dataLength; var integer v_offset; var W1W2Status v_result; // SELECT Command [] mrtdport.receive(mw_selectAnyFile) -> value v_selectCommand { Loading @@ -392,6 +428,7 @@ vc_simu.currentFiles[v_logicalChannel] := getFileByLongId(v_longFileId); mrtdport.send(m_responseOK); t_ac.start; repeat; } Loading @@ -410,30 +447,7 @@ v_result := f_readFileData(vc_simu.currentFiles[v_logicalChannel], v_offset, v_dataLength, v_data); mrtdport.send(m_responseReadWithStatus(v_data, v_result)); repeat; } // READ Command (using current EF) [] mrtdport.receive(mw_readCurrentEF) -> value v_readCommand { // Check current file v_logicalChannel := f_getLogicalChannel(v_readCommand.class); if(match(vc_simu.currentFiles[v_logicalChannel], c_noFileInfo)) { //TODO log("vc_simu.currentFiles[v_logicalChannel]: ", vc_simu.currentFiles[v_logicalChannel]); log("c_noFileInfo", c_noFileInfo); mrtdport.send(m_responseNOK(c_w1w2NoCurrentEF)); repeat; } v_offset := v_readCommand.params.longOffset.offset; v_dataLength := v_readCommand.lengthE; v_result := f_readFileData(vc_simu.currentFiles[v_logicalChannel], v_offset, v_dataLength, v_data); mrtdport.send(m_responseReadWithStatus(v_data, v_result)); t_ac.start; repeat; } Loading @@ -446,12 +460,14 @@ // SELECT Command [] mrtdport.receive(mw_selectByFileId(p_file.longFileId)) { mrtdport.send(m_responseNOK(c_w1w2SecurityStatusNotSatisfied)); t_ac.start; repeat; } // READ Command with short EF [] mrtdport.receive(mw_readShortEF(p_file.shortFileId)) { mrtdport.send(m_responseNOK(c_w1w2SecurityStatusNotSatisfied)); t_ac.start; repeat; } Loading @@ -462,21 +478,23 @@ //FIXME: duplicated code altstep a_refuseAnyFileAccess() runs on MRTD { // READ Command (using current EF) [] mrtdport.receive(mw_readCurrentEF) { mrtdport.send(m_responseNOK(c_w1w2NoCurrentEF)); repeat; } // SELECT Command [] mrtdport.receive(mw_selectAnyFile) { mrtdport.send(m_responseNOK(c_w1w2SecurityStatusNotSatisfied)); t_ac.start; repeat; } // READ Command with short EF [] mrtdport.receive(mw_readAnyShortEF) { mrtdport.send(m_responseNOK(c_w1w2SecurityStatusNotSatisfied)); repeat; } // READ Command (using current EF) [] mrtdport.receive(mw_readCurrentEF) { mrtdport.send(m_responseNOK(c_w1w2NoCurrentEF)); t_ac.start; repeat; } Loading ePassport/ttcn/ePassport_Functions.ttcn +53 −6 Original line number Diff line number Diff line Loading @@ -53,6 +53,12 @@ */ external function fx_setInitialSscForMessageAuthentication(in octetstring p_ssc); /** * @desc Set domain parameters used by signature verification functions * @param p_publicKey Public key containing domain parameters */ external function fx_setSignatureVerificationParameters(in octetstring p_publicKey); /** * @desc Encrypt an octetstring using 3DES in CBC mode with zero IV * @param p_key 3DES encryption key (24 bytes) Loading Loading @@ -259,6 +265,11 @@ function f_verifySignature(in octetstring p_message, in octetstring p_signature, in octetstring p_publicKey) return boolean { log("p_message: ", p_message); log("p_signature: ", p_signature); log("p_publicKey: ", p_publicKey); //return true; return fx_verifySignature(p_message, p_signature, p_publicKey); } // end f_verifySignature Loading @@ -278,7 +289,7 @@ function f_getHashLength(in HashAlgorithm p_algorithm) return integer { if(p_algorithm == e_sha1) { return 8; return 20; } else { return 0; Loading Loading @@ -319,6 +330,10 @@ fx_setInitialSscForMessageAuthentication(p_ssc); } // end f_setInitialSscForMessageAuthentication function f_setSignatureVerificationParameters(in octetstring p_publicKey) { fx_setSignatureVerificationParameters(p_publicKey); } // end f_setSignatureVerificationParameters function f_basicAccessControl(in octetstring p_rndIcc, in octetstring p_challengeResponse) runs on MRTD return octetstring { Loading Loading @@ -419,7 +434,7 @@ // determine lengths v_c := PXT_ACTIVE_AUTH_MODULUS_LENGTH - f_getHashLength(PXT_ACTIVE_AUTH_HASH_ALGORITHM) - 8*f_getHashLength(PXT_ACTIVE_AUTH_HASH_ALGORITHM) - 8*lengthof(v_trailer) - 4; v_m1Length := v_c - 4; Loading @@ -439,6 +454,7 @@ // encrypt message representative log("Read c_filePrAA: ", f_readFileData(c_filePrAA, 0, -1, v_aaPrivateKey)); log("DG15.sk: ", v_aaPrivateKey); log("v_f: ", v_f); return f_encrypt(e_rsa, v_aaPrivateKey, v_f); //FIXME Algorithm! } Loading Loading @@ -484,9 +500,6 @@ out octetstring p_data) return W1W2Status { //TODO: error handling log("p_fileInfo", p_fileInfo); log("p_offset", p_offset); log("p_dataLength", p_dataLength); fx_readFileData(p_fileInfo.filename, p_offset, p_dataLength, p_data); return c_w1w2NormalProcessing; Loading Loading @@ -540,8 +553,10 @@ // FIXME: Force initialization of vc_simu.securityStatus vc_simu.passportProtection := e_bac; vc_simu.activeAuthenticationPerformed := false; // FIXME: only in case of terminal authentication // FIXME: read from EF.CVCA // FIXME: read from CVCA f_readFileData(c_fileCvcaCert01, 0, -1, v_cvcaData); if(v_cvcaData != ''O) { v_decodeResult := decvalue(oct2bit(v_cvcaData), v_cvcaCvCertificate); Loading @@ -552,6 +567,9 @@ v_cvcaCvCertificate.tlvValue.cvCertificateBody.tlvValue.cvPublicKey.tlvValue); } // FIXME read from EF.CVCA vc_simu.trustedCAs := {"GO_CVCA_ECC192", "DETESTCVCA00001"}; // IS verdicts vc_simu.isFailVerdicts := {}; vc_simu.isPassVerdicts := {}; Loading Loading @@ -612,6 +630,14 @@ group simuParamsFunctions { function f_pushFailResult(in integer p_resultId) runs on MRTD { vc_simu.isFailVerdicts[sizeof(vc_simu.isFailVerdicts)] := p_resultId; } // end f_pushFailResult function f_pushPassResult(in integer p_resultId) runs on MRTD { vc_simu.isPassVerdicts[sizeof(vc_simu.isFailVerdicts)] := p_resultId; } // end f_pushPassResult function f_isTrustedCertificate(in Chr p_chr) runs on MRTD return boolean { var integer i; Loading @@ -628,8 +654,29 @@ return false; } function f_isTrustPoint(in Chr p_chr) runs on MRTD return boolean { var integer i; if(not ispresent(vc_simu.trustedCAs)) { return false; } for(i:=0; i<sizeof(vc_simu.trustedCAs); i:=i+1) { if(p_chr == vc_simu.trustedCAs[i]) { return true; } } // end f_isTrustPoint return false; } function f_setDst(in Chr p_chr) runs on MRTD { vc_simu.dst := p_chr; // ECDSA domain parameters are only contained in CVCA certificates if(f_isTrustPoint(p_chr)) { f_setSignatureVerificationParameters(f_getDstPublickey()); } } // end f_setDst function f_getDst() runs on MRTD return Chr { Loading ePassport/ttcn/ePassport_TestSystem.ttcn +2 −0 Original line number Diff line number Diff line Loading @@ -56,6 +56,8 @@ module ePassport_TestSystem { ChrList trustedCAs optional, // list of trusted CAs - derived from EF.CVCA CertList trustedCertificates optional, // list of trusted certificates boolean activeAuthenticationPerformed, // Security Environment Chr dst optional, octetstring rndIcc optional, Loading ePassport/ttcn/ePassport_Testcases.ttcn +74 −61 File changed.Preview size limit exceeded, changes collapsed. Show changes ePassport/ttcn/ePassport_Types.ttcn +2 −4 Original line number Diff line number Diff line Loading @@ -1166,7 +1166,7 @@ module ePassport_Types { CvCertificateBodyValue tlvValue } with { variant "present=bytes(2,0x7f4e)"; variant "isPdu;present=bytes(2,0x7f4e)"; variant (tlvLength) "intTag='tlvLength'"; variant (tlvValue) "length=getIntTag('tlvLength');unsigned;"; } Loading @@ -1179,8 +1179,6 @@ module ePassport_Types { CvCertificateHolderAuthorizationTemplate cvCertificateHolderAuthorizationTemplate, CvCertificateEffectiveDate cvCertificateEffectiveDate, CvCertificateExpirationDate cvCertificateExpirationDate } with { variant "isPDU"; } type record CvCertificateProfileIdentifier { Loading Loading
ePassport/ttcn/ePassport_Altsteps.ttcn +93 −75 Original line number Diff line number Diff line Loading @@ -84,11 +84,10 @@ var CommandGeneric v_report; [] mgmtport.receive(mw_report(int2oct(enum2int(e_aisNoFailure), 2))) { // TODO f_pushPassResult(enum2int(e_aisNoFailure)); } [] mgmtport.receive(mw_report(?)) -> value v_report { vc_simu.isFailVerdicts[sizeof(vc_simu.isFailVerdicts)] := oct2int(v_report.payload.genericData.data[0]); f_pushFailResult(oct2int(v_report.payload.genericData.data[0])); repeat; } Loading @@ -101,19 +100,20 @@ // Start the MRTD Test sequence : Standard Inspection Procedure (SIP) altstep a_standardInspectionProcedure() runs on MRTD { [] a_waitApplication(); [vc_simu.securityStatus == e_noApplication] a_waitApplication(); [vc_simu.securityStatus > e_noApplication and vc_simu.securityStatus < e_basicAccessControl] a_bac(); [vc_simu.securityStatus >= e_basicAccessControl] a_activeAuthentication(); [vc_simu.securityStatus >= e_basicAccessControl and not(vc_simu.activeAuthenticationPerformed)] a_activeAuthentication(); } // end a_standardInspectionProcedure // Start the MRTD Test sequence : Advanced Inspection Procedure (AIP) including EAC altstep a_advancedInspectionProcedure() runs on MRTD { [] a_waitApplication(); [vc_simu.securityStatus == e_noApplication] a_waitApplication(); [vc_simu.securityStatus > e_noApplication and vc_simu.securityStatus < e_basicAccessControl] a_bac(); Loading @@ -121,9 +121,11 @@ [vc_simu.securityStatus >= e_basicAccessControl and vc_simu.securityStatus < e_chipAuthenticated] a_chipAuthentication(); [vc_simu.securityStatus >= e_basicAccessControl] a_activeAuthentication(); [vc_simu.securityStatus >= e_chipAuthenticated and vc_simu.securityStatus < e_terminalAuthenticated] a_terminalAuthentication(); [vc_simu.securityStatus >= e_chipAuthenticated] a_terminalAuthentication(); [vc_simu.securityStatus >= e_basicAccessControl and not(vc_simu.activeAuthenticationPerformed)] a_activeAuthentication(); } // end a_standardInspectionProcedure Loading @@ -142,6 +144,8 @@ .internalAuthenticateData.challenge; v_response := f_activeAuthentication(v_rndIfd); mrtdport.send(m_responseRead(v_response)); vc_simu.activeAuthenticationPerformed := true; t_ac.start; repeat; } } // end a_activeAuthentication Loading @@ -161,6 +165,7 @@ vc_simu.securityStatus := e_chipAuthenticated; f_setKeysForSecureMessaging(vc_simu.kEnc & vc_simu.kMac); f_setInitialSscForMessageAuthentication(c_8ZeroBytes); t_ac.start; repeat; } } // end a_chipAuthentication Loading @@ -181,6 +186,7 @@ v_dstCAR := v_mseCommand.payload .manageSecurityEnvironmentData.crtDST .crtReferenceOfSecretOrPublicKey.tlvValue; if(f_isTrustedCertificate(oct2char(v_dstCAR))) { f_setDst(oct2char(v_dstCAR)); mrtdport.send(m_responseOK); Loading @@ -188,7 +194,7 @@ else { mrtdport.send(m_responseNOK(c_w1w2ReferencedDataOrReferenceDataNotFound)); } t_ac.start; repeat; } Loading @@ -203,7 +209,7 @@ // in order to verify IS and DV and link CAVA certificates. // FIXME : ifpresent, ifchosen v_certificate := bit2oct(encvalue(v_psoCommand.payload.performSecurityOperationData.psoVerifyCertificate .psoVerifyCertificateOverFullTemplate.cvCertificateBody.tlvValue)); .psoVerifyCertificateOverFullTemplate.cvCertificateBody)); v_publicKey := v_psoCommand.payload.performSecurityOperationData.psoVerifyCertificate .psoVerifyCertificateOverFullTemplate.cvCertificateBody.tlvValue.cvPublicKey.tlvValue; v_signature := v_psoCommand.payload.performSecurityOperationData.psoVerifyCertificate Loading @@ -217,8 +223,9 @@ mrtdport.send(m_responseOK); } else { //TODO: error mrtdport.send(m_responseNOK(c_w1w2ConditionsOfUseNotSatisfied)); } t_ac.start; repeat; } Loading @@ -227,6 +234,7 @@ v_atCAR := v_mseCommand.payload.manageSecurityEnvironmentData .crtAT.crtReferenceOfSecretOrPublicKey.tlvValue; mrtdport.send(m_responseOK); t_ac.start; repeat; } Loading @@ -234,6 +242,7 @@ [] mrtdport.receive(mw_getChallenge) { v_rndIcc := f_generateRandomOctetstring(c_atNonceSize); mrtdport.send(m_responseRead(v_rndIcc)); t_ac.start; repeat; } Loading @@ -242,6 +251,7 @@ v_signature := v_extAuthcommand.payload .externalOrMutualAuthenticateData.challengeResponse; //if(f_verifySignature(v_signature, v_atCAR)) { f_pushPassResult(enum2int(e_aisTerminalAuthentication)); vc_simu.securityStatus := e_terminalAuthenticated; mrtdport.send(m_responseOK); //} Loading @@ -249,7 +259,7 @@ //TODO //} t_ac.start; repeat; } Loading @@ -265,14 +275,12 @@ [] mrtdport.receive(mw_selectApplication) { mrtdport.send(m_responseOK); vc_simu.securityStatus := e_noSecurity; t_ac.start; repeat; } } //end a_waitApplication altstep a_bac() runs on MRTD { var CommandExternalOrMutualAuthenticate v_command; Loading @@ -283,6 +291,7 @@ // MRTD sends its random challenge to IS vc_simu.rndIcc := f_generateRandomOctetstring(c_bacNonceSize); mrtdport.send(m_responseRead(vc_simu.rndIcc)); t_ac.start; repeat; } Loading @@ -296,6 +305,7 @@ v_response := f_basicAccessControl(vc_simu.rndIcc, v_challengeResponse); mrtdport.send(m_responseRead(v_response)); vc_simu.securityStatus := e_basicAccessControl; t_ac.start; repeat; } Loading @@ -312,6 +322,30 @@ var integer v_offset; var W1W2Status v_result; // READ Command (using current EF) [] mrtdport.receive(mw_readCurrentEF) -> value v_readCommand { // Check current file v_logicalChannel := f_getLogicalChannel(v_readCommand.class); if(vc_simu.currentFiles[v_logicalChannel] == c_noFileInfo) { //TODO log("vc_simu.currentFiles[v_logicalChannel]: ", vc_simu.currentFiles[v_logicalChannel]); log("c_noFileInfo", c_noFileInfo); mrtdport.send(m_responseNOK(c_w1w2NoCurrentEF)); t_ac.start; repeat; } v_offset := v_readCommand.params.longOffset.offset; v_dataLength := v_readCommand.lengthE; v_result := f_readFileData(vc_simu.currentFiles[v_logicalChannel], v_offset, v_dataLength, v_data); mrtdport.send(m_responseReadWithStatus(v_data, v_result)); t_ac.start; repeat; } // SELECT Command [] mrtdport.receive(mw_selectByFileId(p_file.longFileId)) -> value v_selectCommand { Loading @@ -321,6 +355,7 @@ vc_simu.currentFiles[v_logicalChannel] := getFileByLongId(p_file.longFileId); mrtdport.send(m_responseOK); t_ac.start; repeat; } Loading @@ -338,20 +373,39 @@ v_result := f_readFileData(vc_simu.currentFiles[v_logicalChannel], v_offset, v_dataLength, v_data); mrtdport.send(m_responseReadWithStatus(v_data, v_result)); t_ac.start; repeat; } // TODO: receive statements for B1 } // end of a_readFile //FIXME: duplicated code altstep a_readAnyFile() runs on MRTD { var CommandSelect v_selectCommand; var CommandReadBinary v_readCommand; var integer v_logicalChannel; var LongFileId v_longFileId; var ShortFileId v_shortFileId; var octetstring v_data := ''O; var integer v_dataLength; var integer v_offset; var W1W2Status v_result; // READ Command (using current EF) [] mrtdport.receive(mw_readCurrentEF) -> value v_readCommand { // Check current file v_logicalChannel := f_getLogicalChannel(v_readCommand.class); if(vc_simu.currentFiles[v_logicalChannel] == c_noFileInfo) { if(match(vc_simu.currentFiles[v_logicalChannel], c_noFileInfo)) { //TODO log("vc_simu.currentFiles[v_logicalChannel]: ", vc_simu.currentFiles[v_logicalChannel]); log("c_noFileInfo", c_noFileInfo); mrtdport.send(m_responseNOK(c_w1w2NoCurrentEF)); t_ac.start; repeat; } Loading @@ -361,28 +415,10 @@ v_result := f_readFileData(vc_simu.currentFiles[v_logicalChannel], v_offset, v_dataLength, v_data); mrtdport.send(m_responseReadWithStatus(v_data, v_result)); t_ac.start; repeat; } // TODO: receive statements for B1 } // end of a_readFile //FIXME: duplicated code altstep a_readAnyFile() runs on MRTD { var CommandSelect v_selectCommand; var CommandReadBinary v_readCommand; var integer v_logicalChannel; var LongFileId v_longFileId; var ShortFileId v_shortFileId; var octetstring v_data := ''O; var integer v_dataLength; var integer v_offset; var W1W2Status v_result; // SELECT Command [] mrtdport.receive(mw_selectAnyFile) -> value v_selectCommand { Loading @@ -392,6 +428,7 @@ vc_simu.currentFiles[v_logicalChannel] := getFileByLongId(v_longFileId); mrtdport.send(m_responseOK); t_ac.start; repeat; } Loading @@ -410,30 +447,7 @@ v_result := f_readFileData(vc_simu.currentFiles[v_logicalChannel], v_offset, v_dataLength, v_data); mrtdport.send(m_responseReadWithStatus(v_data, v_result)); repeat; } // READ Command (using current EF) [] mrtdport.receive(mw_readCurrentEF) -> value v_readCommand { // Check current file v_logicalChannel := f_getLogicalChannel(v_readCommand.class); if(match(vc_simu.currentFiles[v_logicalChannel], c_noFileInfo)) { //TODO log("vc_simu.currentFiles[v_logicalChannel]: ", vc_simu.currentFiles[v_logicalChannel]); log("c_noFileInfo", c_noFileInfo); mrtdport.send(m_responseNOK(c_w1w2NoCurrentEF)); repeat; } v_offset := v_readCommand.params.longOffset.offset; v_dataLength := v_readCommand.lengthE; v_result := f_readFileData(vc_simu.currentFiles[v_logicalChannel], v_offset, v_dataLength, v_data); mrtdport.send(m_responseReadWithStatus(v_data, v_result)); t_ac.start; repeat; } Loading @@ -446,12 +460,14 @@ // SELECT Command [] mrtdport.receive(mw_selectByFileId(p_file.longFileId)) { mrtdport.send(m_responseNOK(c_w1w2SecurityStatusNotSatisfied)); t_ac.start; repeat; } // READ Command with short EF [] mrtdport.receive(mw_readShortEF(p_file.shortFileId)) { mrtdport.send(m_responseNOK(c_w1w2SecurityStatusNotSatisfied)); t_ac.start; repeat; } Loading @@ -462,21 +478,23 @@ //FIXME: duplicated code altstep a_refuseAnyFileAccess() runs on MRTD { // READ Command (using current EF) [] mrtdport.receive(mw_readCurrentEF) { mrtdport.send(m_responseNOK(c_w1w2NoCurrentEF)); repeat; } // SELECT Command [] mrtdport.receive(mw_selectAnyFile) { mrtdport.send(m_responseNOK(c_w1w2SecurityStatusNotSatisfied)); t_ac.start; repeat; } // READ Command with short EF [] mrtdport.receive(mw_readAnyShortEF) { mrtdport.send(m_responseNOK(c_w1w2SecurityStatusNotSatisfied)); repeat; } // READ Command (using current EF) [] mrtdport.receive(mw_readCurrentEF) { mrtdport.send(m_responseNOK(c_w1w2NoCurrentEF)); t_ac.start; repeat; } Loading
ePassport/ttcn/ePassport_Functions.ttcn +53 −6 Original line number Diff line number Diff line Loading @@ -53,6 +53,12 @@ */ external function fx_setInitialSscForMessageAuthentication(in octetstring p_ssc); /** * @desc Set domain parameters used by signature verification functions * @param p_publicKey Public key containing domain parameters */ external function fx_setSignatureVerificationParameters(in octetstring p_publicKey); /** * @desc Encrypt an octetstring using 3DES in CBC mode with zero IV * @param p_key 3DES encryption key (24 bytes) Loading Loading @@ -259,6 +265,11 @@ function f_verifySignature(in octetstring p_message, in octetstring p_signature, in octetstring p_publicKey) return boolean { log("p_message: ", p_message); log("p_signature: ", p_signature); log("p_publicKey: ", p_publicKey); //return true; return fx_verifySignature(p_message, p_signature, p_publicKey); } // end f_verifySignature Loading @@ -278,7 +289,7 @@ function f_getHashLength(in HashAlgorithm p_algorithm) return integer { if(p_algorithm == e_sha1) { return 8; return 20; } else { return 0; Loading Loading @@ -319,6 +330,10 @@ fx_setInitialSscForMessageAuthentication(p_ssc); } // end f_setInitialSscForMessageAuthentication function f_setSignatureVerificationParameters(in octetstring p_publicKey) { fx_setSignatureVerificationParameters(p_publicKey); } // end f_setSignatureVerificationParameters function f_basicAccessControl(in octetstring p_rndIcc, in octetstring p_challengeResponse) runs on MRTD return octetstring { Loading Loading @@ -419,7 +434,7 @@ // determine lengths v_c := PXT_ACTIVE_AUTH_MODULUS_LENGTH - f_getHashLength(PXT_ACTIVE_AUTH_HASH_ALGORITHM) - 8*f_getHashLength(PXT_ACTIVE_AUTH_HASH_ALGORITHM) - 8*lengthof(v_trailer) - 4; v_m1Length := v_c - 4; Loading @@ -439,6 +454,7 @@ // encrypt message representative log("Read c_filePrAA: ", f_readFileData(c_filePrAA, 0, -1, v_aaPrivateKey)); log("DG15.sk: ", v_aaPrivateKey); log("v_f: ", v_f); return f_encrypt(e_rsa, v_aaPrivateKey, v_f); //FIXME Algorithm! } Loading Loading @@ -484,9 +500,6 @@ out octetstring p_data) return W1W2Status { //TODO: error handling log("p_fileInfo", p_fileInfo); log("p_offset", p_offset); log("p_dataLength", p_dataLength); fx_readFileData(p_fileInfo.filename, p_offset, p_dataLength, p_data); return c_w1w2NormalProcessing; Loading Loading @@ -540,8 +553,10 @@ // FIXME: Force initialization of vc_simu.securityStatus vc_simu.passportProtection := e_bac; vc_simu.activeAuthenticationPerformed := false; // FIXME: only in case of terminal authentication // FIXME: read from EF.CVCA // FIXME: read from CVCA f_readFileData(c_fileCvcaCert01, 0, -1, v_cvcaData); if(v_cvcaData != ''O) { v_decodeResult := decvalue(oct2bit(v_cvcaData), v_cvcaCvCertificate); Loading @@ -552,6 +567,9 @@ v_cvcaCvCertificate.tlvValue.cvCertificateBody.tlvValue.cvPublicKey.tlvValue); } // FIXME read from EF.CVCA vc_simu.trustedCAs := {"GO_CVCA_ECC192", "DETESTCVCA00001"}; // IS verdicts vc_simu.isFailVerdicts := {}; vc_simu.isPassVerdicts := {}; Loading Loading @@ -612,6 +630,14 @@ group simuParamsFunctions { function f_pushFailResult(in integer p_resultId) runs on MRTD { vc_simu.isFailVerdicts[sizeof(vc_simu.isFailVerdicts)] := p_resultId; } // end f_pushFailResult function f_pushPassResult(in integer p_resultId) runs on MRTD { vc_simu.isPassVerdicts[sizeof(vc_simu.isFailVerdicts)] := p_resultId; } // end f_pushPassResult function f_isTrustedCertificate(in Chr p_chr) runs on MRTD return boolean { var integer i; Loading @@ -628,8 +654,29 @@ return false; } function f_isTrustPoint(in Chr p_chr) runs on MRTD return boolean { var integer i; if(not ispresent(vc_simu.trustedCAs)) { return false; } for(i:=0; i<sizeof(vc_simu.trustedCAs); i:=i+1) { if(p_chr == vc_simu.trustedCAs[i]) { return true; } } // end f_isTrustPoint return false; } function f_setDst(in Chr p_chr) runs on MRTD { vc_simu.dst := p_chr; // ECDSA domain parameters are only contained in CVCA certificates if(f_isTrustPoint(p_chr)) { f_setSignatureVerificationParameters(f_getDstPublickey()); } } // end f_setDst function f_getDst() runs on MRTD return Chr { Loading
ePassport/ttcn/ePassport_TestSystem.ttcn +2 −0 Original line number Diff line number Diff line Loading @@ -56,6 +56,8 @@ module ePassport_TestSystem { ChrList trustedCAs optional, // list of trusted CAs - derived from EF.CVCA CertList trustedCertificates optional, // list of trusted certificates boolean activeAuthenticationPerformed, // Security Environment Chr dst optional, octetstring rndIcc optional, Loading
ePassport/ttcn/ePassport_Testcases.ttcn +74 −61 File changed.Preview size limit exceeded, changes collapsed. Show changes
ePassport/ttcn/ePassport_Types.ttcn +2 −4 Original line number Diff line number Diff line Loading @@ -1166,7 +1166,7 @@ module ePassport_Types { CvCertificateBodyValue tlvValue } with { variant "present=bytes(2,0x7f4e)"; variant "isPdu;present=bytes(2,0x7f4e)"; variant (tlvLength) "intTag='tlvLength'"; variant (tlvValue) "length=getIntTag('tlvLength');unsigned;"; } Loading @@ -1179,8 +1179,6 @@ module ePassport_Types { CvCertificateHolderAuthorizationTemplate cvCertificateHolderAuthorizationTemplate, CvCertificateEffectiveDate cvCertificateEffectiveDate, CvCertificateExpirationDate cvCertificateExpirationDate } with { variant "isPDU"; } type record CvCertificateProfileIdentifier { Loading
