Type modification: redefined PerformSecurityOperation (cb438880) · Commits · MTS - Methods for Testing and Specification / ePassport

ePassport/ttcn/ePassport_Altsteps.ttcn

+5 −3

Original line number	Diff line number	Diff line
		@@ -177,9 +177,11 @@

		// the correct Certificate must be passed as parameter in the external function
		// in order to verify IS and DV and link CAVA certificates.
		// FIXME
		v_certificate := f_getCertificate(v_psoCommand.payload.genericData.data);
		v_signature := f_getSignature(v_psoCommand.payload.genericData.data);
		// FIXME : ifpresent, ifchosen
		v_certificate := v_psoCommand.payload.performSecurityOperationData.psoVerifyCertificate
		.psoVerifyCertificateOverFullTemplate.smCertificate.tlvValue;
		v_signature := v_psoCommand.payload.performSecurityOperationData.psoVerifyCertificate
		.psoVerifyCertificateOverFullTemplate.smDigitalSignature.tlvValue;
		if (f_verifyCertificate(v_signature, f_getDstCertificate())) {
		// store certificate
		v_chr := ""; //FIXME

ePassport/ttcn/ePassport_Templates.ttcn

+12 −4

Original line number	Diff line number	Diff line
		@@ -401,11 +401,19 @@ module ePassport_Templates {
		class := mw_class_00,
		ins := e_performSecurityOperation,
		params := {
		p1 := '00000000'B, // FIXME
		p2 := '10111110'B // FIXME
		psoResponseTag := '00'O,
		psoCommandTag := (
		c_smCertificate,
		c_smInputTemplateVerifyCertificateOverValueFields,
		c_smInputTemplateVerifyCertificateOverFullTemplate
		)
		},
		lengthC := ?,
		payload := {
		performSecurityOperationData := {
		psoVerifyCertificate := ?
		}
		},
		lengthC := *,
		payload := *,
		lengthE := *
		}

ePassport/ttcn/ePassport_Types.ttcn

+551 −300

Original line number	Diff line number	Diff line
		@@ -184,7 +184,18 @@ module ePassport_Types {
		LengthE lengthE optional
		} with {
		variant "isPDU;present=bytes(1,1,0xB1)";
		}
		};

		type record CommandPerformSecurityOperation {
		Class class,
		Instruction ins(e_readBinaryWithOffsetDataObject),
		PerformSecurityOperationParams params,
		LengthC lengthC optional,
		PerformSecurityOperationPayload payload optional,
		LengthE lengthE optional
		} with {
		variant "isPDU;present=bytes(1,1,0x2A);"
		};

		type CommandGeneric CommandDeactivateFile
		with {variant "isPDU;present=bytes(1,1,0x04);"};
		@@ -206,8 +217,6 @@ module ePassport_Types {
		with {variant "isPDU;present=bytes(1,1,0x26);"};
		type CommandGeneric CommandEnableVerificationRequirement
		with {variant "isPDU;present=bytes(1,1,0x28);"};
		type CommandGeneric CommandPerformSecurityOperation
		with {variant "isPDU;present=bytes(1,1,0x2A);"};
		type CommandGeneric CommandResetRetryCounter
		with {variant "isPDU;present=bytes(1,1,0x2C);"};
		type CommandGeneric CommandActivateFile
		@@ -710,11 +719,165 @@ module ePassport_Types {

		} // end ManageSecurityEnvironmentMsg

		group PerformSecurityOperationMsg {

		type record PerformSecurityOperationParams {
		PsoResponseTag psoResponseTag,
		PsoCommandTag psoCommandTag
		} with {
		variant (psoCommandTag) "intTag='psoCommandTag'";
		variant (psoResponseTag) "intTag='psoResponseTag'";
		}

		type Oct1 PsoResponseTag;
		type Oct1 PsoCommandTag;

		type union PerformSecurityOperationPayload {
		PerformSecurityOperationData performSecurityOperationData,
		RawPayload rawPayload
		} with {
		variant
		"use=com.testingtech.ttcn.tci.helper.EPassportCodecHelper;"
		"encode=EPassportCodecHelper.encodePerformSecurityOperationPayload();"
		"decode=EPassportCodecHelper.decodePerformSecurityOperationPayload();"
		}

		type union PerformSecurityOperationData {
		PsoComputeCryptographicChecksum psoComputeCryptographicChecksum,
		PsoComputeDigitalSignature psoComputeDigitalSignature,
		PsoHash psoHash,
		PsoVerifyCryptographicChecksum psoVerifyCryptographicChecksum,
		PsoVerifiyDigitalSignature psoVerifyDigitalSignature,
		PsoVerifyCertificate psoVerifyCertificate,
		PsoEncipher psoEncipher,
		PsoDecipher psoDecipher
		} with {
		variant (psoComputeCryptographicChecksum) "fieldPresent=getIntTag('psoResponseTag')==0x8e";
		variant (psoComputeDigitalSignature) "fieldPresent=getIntTag('psoResponseTag')==0x9e";
		variant (psoHash) "fieldPresent=getIntTag('psoResponseTag')==0x90";
		variant (psoVerifyCryptographicChecksum) "fieldPresent=getIntTag('psoResponseTag')==0x00&&getIntTag('psoCommandTag')==0xa2";
		variant (psoVerifyDigitalSignature) "fieldPresent=getIntTag('psoResponseTag')==0x00&&getIntTag('psoCommandTag')==0xa8";
		variant (psoVerifyCertificate) "fieldPresent=getIntTag('psoResponseTag')==0x00&&(getIntTag('psoCommandTag')==0x92\|\|getIntTag('psoCommandTag')==0xae\|\|getIntTag('psoCommandTag')==0xbe)";
		variant (psoEncipher) "fieldPresent=(getIntTag('psoResponseTag')==0x82\|\|getIntTag('psoResponseTag')==0x84\|\|getIntTag('psoResponseTag')==0x86)&&getIntTag('psoCommandTag')==0x80";
		variant (psoDecipher) "fieldPresent=getIntTag('psoResponseTag')==0x80&&(getIntTag('psoCommandTag')==0x82\|\|getIntTag('psoCommandTag')==0x84\|\|getIntTag('psoCommandTag')==0x86)";
		}

		type octetstring PsoComputeCryptographicChecksum;

		type union PsoComputeDigitalSignature {
		PsoComputeDigitalSignatureOverFullTemplate psoComputeDigitalSignatureOverFullTemplate,
		PsoComputeDigitalSignatureOverValueFields psoComputeDigitalSignatureOverValueFields,
		PsoComputeDigitalSignatureOverData psoComputeDigitalSignatureOverData
		}
		with {
		variant (psoComputeDigitalSignatureOverFullTemplate) "fieldPresent=getIntTag('psoCommandTag')==0xbc";
		variant (psoComputeDigitalSignatureOverValueFields) "fieldPresent=getIntTag('psoCommandTag')==0xac";
		variant (psoComputeDigitalSignatureOverData) "fieldPresent=getIntTag('psoCommandTag')==0x9a";
		}

		type union PsoHash {
		octetstring hash,
		PsoComputeHashCode psoComputeHashCode
		}
		with {
		variant (psoHash) "fieldPresent=getIntTag('psoCommandTag')==0x80";
		variant (psoComputeHashCode) "fieldPresent=getIntTag('psoCommandTag')==0xa0";
		}

		type union PsoVerifyCertificate {
		PsoCertificate psoCertificate,
		PsoVerifyCertificateOverValueFields psoVerifyCertificateOverValueFields,
		PsoVerifyCertificateOverFullTemplate psoVerifyCertificateOverFullTemplate
		}
		with {
		variant (psoCertificate) "fieldPresent=getIntTag('psoCommandTag')==0x92";
		variant (psoVerifyCertificateOverValueFields) "fieldPresent=getIntTag('psoCommandTag')==0xae";
		variant (psoVerifyCertificateOverFullTemplate) "fieldPresent=getIntTag('psoCommandTag')==0xbe";
		}

		type octetstring PsoEncipher;

		type union PsoDecipher {
		PsoCryptogramBerWithSmDataObject psoCryptogramBerWithSmDataObject,
		PsoCryptogramBerWithoutSmDataObject psoCryptogramBerWithoutSmDataObject,
		PsoCryptogramWithPaddingContentIndicator psoCryptogramWithPaddingContentIndicator
		}
		with {
		variant (psoCryptogramBerWithSmDataObject) "fieldPresent=getIntTag('psoCommandTag')==0x82";
		variant (psoCryptogramBerWithoutSmDataObject) "fieldPresent=getIntTag('psoCommandTag')==0x84";
		variant (psoCryptogramWithPaddingContentIndicator) "fieldPresent=getIntTag('psoCommandTag')==0x86";
		}

		group PsoInputTemplates { // NOT TLVs !!

		type set PsoComputeHashCode { // 0xA0
		SmPlainValue smPlainValue optional,
		SmHashCode smHashCode optional
		}

		type set PsoVerifyCryptographicChecksum { // 0xA2
		SmPlainValue smPlainValue optional,
		SmCryptographicChecksum smCryptographicChecksum optional
		}

		type set PsoVerifiyDigitalSignature { // 0xA8
		SmPlainValue smPlainValue optional,
		SmHashCode smHashCode optional,
		SmPublicKey smPublicKey optional,
		SmDigitalSignature smDigitalSignature optional
		}

		type set PsoComputeDigitalSignatureOverValueFields { // 0xAC
		SmPlainValue smPlainValue optional,
		SmHashCode smHashCode optional
		}

		type set PsoComputeDigitalSignatureOverFullTemplate { // 0xBC
		SmPlainValue smPlainValue optional,
		SmHashCode smHashCode optional
		}

		type set PsoVerifyCertificateOverValueFields { // 0xAE
		SmPlainValue smPlainValue optional,
		SmCryptographicChecksum smCryptographicChecksum optional,
		SmHashCode smHashCode optional,
		SmCertificate smCertificate optional,
		SmPublicKey smPublicKey optional,
		SmDigitalSignature smDigitalSignature optional
		}

		type set PsoVerifyCertificateOverFullTemplate { // 0xBE
		SmPlainValue smPlainValue optional,
		SmCryptographicChecksum smCryptographicChecksum optional,
		SmHashCode smHashCode optional,
		SmCertificate smCertificate optional,
		SmPublicKey smPublicKey optional,
		SmDigitalSignature smDigitalSignature optional
		}

		type octetstring PsoComputeDigitalSignatureOverData; // 0x9A

		type octetstring PsoCertificate; // 0x92

		type set PsoCryptogramBerWithSmDataObject { // 0x82
		SmPlainValue smPlainValue optional,
		SmCryptographicChecksum smCryptographicChecksum optional,
		SmHashCode smHashCode optional,
		SmCertificate smCertificate optional,
		SmPublicKey smPublicKey optional,
		SmDigitalSignature smDigitalSignature optional
		}

		type octetstring PsoCryptogramBerWithoutSmDataObject; // 0x84

		type record PsoCryptogramWithPaddingContentIndicator { // 0x86
		Oct1 paddingContentIndicator,
		octetstring cryptogram
		};

		} // end PsoInputTemplates

		} // end PerformSecurityOperationMsg



		@@ -793,61 +956,70 @@ module ePassport_Types {

		} // end ControlReferenceTemplates

		group DataObjects { // TLVs !!
		group DataObjectConstants {

		group SecureMessagingConstants {
		const TlvType c_smPlainValue := '80'O;
		const TlvType c_smPlainValueIncludedInAuth := '81'O;

		group TlvConstants {
		const TlvType c_crtCryptographicMechanismReference
		:= '80'O;
		const TlvType c_smCryptographicChecksum := '8E'O;

		const TlvType c_smHashCode := '90'O;
		const TlvType c_smHashCodeIncludedInAuth := '91'O;
		const TlvType c_smCertificate := '92'O;
		const TlvType c_smCertificateIncludedInAuth := '93'O;

		const TlvType c_smInputForComputationOfDigitalSignature := '9A'O;
		const TlvType c_smInputForComputationOfDigitalSignatureIncludedInAuth := '9B'O;
		const TlvType c_smPublicKey := '9C'O;
		const TlvType c_smPublicKeyIncludedInAuth := '9D'O;
		const TlvType c_smDigitalSignature := '9E'O;

		// PSO constants
		const TlvType c_psoComputateHashCode := 'A0'O;
		const TlvType c_psoComputateHashCodeIncludedInAuth := 'A1'O;

		const TlvType c_smInputTemplateVerifyCertificateOverValueFields := 'AE'O;
		const TlvType c_smInputTemplateVerifyCertificateOverValueFieldsIncludedInAuth := 'AF'O;
		const TlvType c_smInputTemplateVerifyCertificateOverFullTemplate := 'BE'O;

		} // end SecureMessagingConstants

		group ControlReferenceConstants {
		const TlvType c_crtCryptographicMechanismReference := '80'O;

		// File and key references
		const TlvType c_crtFileReference
		:= '81'O;
		const TlvType c_crtDfName
		:= '82'O;
		const TlvType c_crtReferenceOfSecretOrPublicKey
		:= '83'O;
		const TlvType c_crtReferenceOfSessionOrPrivateKey
		:= '84'O;
		const TlvType c_crtKeyUsageTemplate
		:= 'A3'O;
		const TlvType c_crtFileReference := '81'O;
		const TlvType c_crtDfName := '82'O;
		const TlvType c_crtReferenceOfSecretOrPublicKey := '83'O;
		const TlvType c_crtReferenceOfSessionOrPrivateKey := '84'O;
		const TlvType c_crtKeyUsageTemplate := 'A3'O;

		// Initial data reference: Initial check block
		const TlvType c_crtIcbNullBlock
		:= '85'O;
		const TlvType c_crtIcbChainingBlock
		:= '86'O;
		const TlvType c_crtIcbPreviousInitialValueBlockPlusOne
		:= '87'O;
		const TlvType c_crtIcbInitialValueBlock
		:= '87'O;
		const TlvType c_crtIcbNullBlock := '85'O;
		const TlvType c_crtIcbChainingBlock := '86'O;
		const TlvType c_crtIcbPreviousInitialValueBlockPlusOne := '87'O;
		const TlvType c_crtIcbInitialValueBlock := '87'O;

		// Initial data reference: auxiliary data elements
		const TlvType c_crtAuxPreviousExchangedChallengePlusOne
		:= '88'O;
		const TlvType c_crtAuxNoFurtherIndication
		:= '88'O;
		const TlvType c_crtAuxHashCodeProvidedByCard
		:= '90'O;
		const TlvType c_crtAuxRandomNumberProvidedByCard
		:= '91'O;
		const TlvType c_crtAuxRandomNumber
		:= '91'O;
		const TlvType c_crtAuxTimestampProvidedByCard
		:= '92'O;
		const TlvType c_crtAuxTimestamp
		:= '92'O;
		const TlvType c_crtAuxPreviousDigitalSignatureCounterPlusOne
		:= '93'O;
		const TlvType c_crtAuxDigitalSignatureCounter
		:= '93'O;
		const TlvType c_crtAuxChallengeOrDataElementForDerivingKey
		:= '94'O;
		const TlvType c_rtUsageQualifierByte
		:= '95'O;
		const TlvType c_rtCryptogramContentReference
		:= '8E'O;

		} // end TlvConstants
		const TlvType c_crtAuxPreviousExchangedChallengePlusOne := '88'O;
		const TlvType c_crtAuxNoFurtherIndication := '88'O;
		const TlvType c_crtAuxHashCodeProvidedByCard := '90'O;
		const TlvType c_crtAuxRandomNumberProvidedByCard := '91'O;
		const TlvType c_crtAuxRandomNumber := '91'O;
		const TlvType c_crtAuxTimestampProvidedByCard := '92'O;
		const TlvType c_crtAuxTimestamp := '92'O;
		const TlvType c_crtAuxPreviousDigitalSignatureCounterPlusOne := '93'O;
		const TlvType c_crtAuxDigitalSignatureCounter := '93'O;
		const TlvType c_crtAuxChallengeOrDataElementForDerivingKey := '94'O;
		const TlvType c_rtUsageQualifierByte := '95'O;
		const TlvType c_rtCryptogramContentReference := '8E'O;

		} // end ControlReferenceConstants

		} // end DataObjectConstants

		group DataObjects { // TLVs !!

		type Oct1 TlvType;
		type integer TlvLength // variable-length encoding (ISO/IEC 7816-4 5.2.2.2 Table 8)
		@@ -858,6 +1030,83 @@ module ePassport_Types {
		"decode=EPassportCodecHelper.decodeTlvLength();"
		}

		group SecureMessagingDataObjects {

		type record SmPlainValue {
		TlvType tlvType(c_smPlainValue, c_smPlainValueIncludedInAuth), // 0x80, 0x81
		TlvLength tlvLength,
		octetstring tlvValue
		} with {
		variant "present=bytes(1,0x80)\|\|present=bytes(1,0x81)";
		variant (tlvLength) "intTag='tlvLength'";
		variant (tlvValue) "length=getIntTag('tlvLength');unsigned;";
		}

		// 0x82, 0x83
		// 0x84, 0x85
		// 0x86, 0x87
		// 0x89

		type record SmCryptographicChecksum {
		TlvType tlvType(c_smCryptographicChecksum), // 0x8E
		TlvLength tlvLength,
		octetstring tlvValue
		} with {
		variant "present=bytes(1,0x8e)";
		variant (tlvLength) "intTag='tlvLength'";
		variant (tlvValue) "length=getIntTag('tlvLength');unsigned;";
		}

		type record SmHashCode {
		TlvType tlvType(c_smHashCode, c_smHashCodeIncludedInAuth), // 0x90, 0x91
		TlvLength tlvLength,
		octetstring tlvValue
		} with {
		variant "present=bytes(1,0x90)\|\|present=bytes(1,0x91)";
		variant (tlvLength) "intTag='tlvLength'";
		variant (tlvValue) "length=getIntTag('tlvLength');unsigned;";
		}

		type record SmCertificate {
		TlvType tlvType(c_smCertificate, c_smCertificateIncludedInAuth), // 0x92, 0x93
		TlvLength tlvLength,
		octetstring tlvValue
		} with {
		variant "present=bytes(1,0x92)\|\|present=bytes(1,0x93)";
		variant (tlvLength) "intTag='tlvLength'";
		variant (tlvValue) "length=getIntTag('tlvLength');unsigned;";
		}


		// 0x94, 0x95
		// 0x96, 0x97
		// 0x99
		// 0x9A, 0x9B

		type record SmPublicKey {
		TlvType tlvType(c_smPublicKey, c_smPublicKeyIncludedInAuth), // 0x9C, 0x9D
		TlvLength tlvLength,
		octetstring tlvValue
		} with {
		variant "present=bytes(1,0x9c)\|\|present=bytes(1,0x9d)";
		variant (tlvLength) "intTag='tlvLength'";
		variant (tlvValue) "length=getIntTag('tlvLength');unsigned;";
		}

		type record SmDigitalSignature {
		TlvType tlvType(c_smDigitalSignature), // 0x9E
		TlvLength tlvLength,
		octetstring tlvValue
		} with {
		variant "present=bytes(1,0x9e)";
		variant (tlvLength) "intTag='tlvLength'";
		variant (tlvValue) "length=getIntTag('tlvLength');unsigned;";
		}

		} // end SecureMessagingDataObjects

		group ControlReferenceDataObjects {

		type record CrtCryptographicMechanismReference {
		TlvType tlvType(c_crtCryptographicMechanismReference), // 0x80
		TlvLength tlvLength,
		@@ -1103,6 +1352,8 @@ module ePassport_Types {
		variant (tlvValue) "length=getIntTag('tlvLength');unsigned;";
		}

		} // end ControlReferenceDataObjects

		} // end DataObjects

		} // end group commandTypesGroup