Loading ePassport/ttcn/ePassport_Altsteps.ttcn +8 −3 Original line number Diff line number Diff line Loading @@ -345,12 +345,17 @@ //var EFfile v_file:=valueof(p_file); var CommandManageSecurityEnvironment v_command; var octetstring v_publicKeyPcd; var octetstring v_keyReference := ''O; [] mrtdport.receive(mw_mseSetKAT_chipAuthentication) -> value v_command { v_publicKeyPcd := v_command.payload .manageSecurityEnvironmentData.crtKAT .crtAuxRandomNumber.tlvValue; f_chipAuthentication(v_publicKeyPcd); if(ispresent(v_command.payload.manageSecurityEnvironmentData.crtKAT.crtReferenceOfSessionOrPrivateKey)) { v_keyReference := v_command.payload.manageSecurityEnvironmentData.crtKAT.crtReferenceOfSessionOrPrivateKey.tlvValue; } f_chipAuthentication(v_publicKeyPcd, v_keyReference); mrtdport.send(m_responseOK); vc_simu.securityStatus := e_chipAuthenticated; f_setKeysForSecureMessaging(vc_simu.kEnc & vc_simu.kMac); Loading Loading @@ -600,7 +605,7 @@ v_offset := oct2int(v_rawOffset); if(ispresent(v_readCommand.lengthE)) { if(ispresent(v_readB1Command.lengthE)) { v_dataLength := v_readB1Command.lengthE - 1 - lengthof(f_encodeLength(v_readB1Command.lengthE - 2)); // -1 => tag 53 and length field v_result := f_readFileData(vc_simu.currentFiles[v_logicalChannel], v_offset, v_dataLength, v_data); } Loading Loading @@ -728,7 +733,7 @@ v_offset := oct2int(v_rawOffset); if(ispresent(v_readCommand.lengthE)) { if(ispresent(v_readB1Command.lengthE)) { v_dataLength := v_readB1Command.lengthE - 1 - lengthof(f_encodeLength(v_readB1Command.lengthE - 2)); // -1 => tag 53 and length field v_result := f_readFileData(vc_simu.currentFiles[v_logicalChannel], v_offset, v_dataLength, v_data); } Loading ePassport/ttcn/ePassport_Functions.ttcn +15 −6 Original line number Diff line number Diff line Loading @@ -502,24 +502,33 @@ return f_encrypt(e_rsa, v_aaPrivateKey, v_f); //FIXME Algorithm! } function f_chipAuthentication(in octetstring p_publicKeyPcd) runs on MRTD { function f_chipAuthentication(in octetstring p_publicKeyPcd, in octetstring p_keyReference) runs on MRTD { var octetstring v_k; var octetstring v_k := ''O; var octetstring v_h; var octetstring v_dg14; var KeyAgreementAlgorithm v_algo; var octetstring v_dummy; var octetstring v_dg14PrivateKey; var FileInfo v_dg14PrFileInfo; // a) The shared secret K = KA(SKPICC;^PKPCD;DPICC) = KA(^SKPCD;PKPICC;DPICC) // TODO: select private key based on key ref f_readFileData(c_fileDG14, 0, -1, v_dg14); f_readFileData(c_filePrCA, 0, -1, v_dg14PrivateKey); // select private key based on key ref v_dg14PrFileInfo := c_filePrCA; if(p_keyReference != ''O) { v_dg14PrFileInfo.filename := v_dg14PrFileInfo.filename & "." & oct2str(p_keyReference); } log(v_dg14PrFileInfo); f_readFileData(v_dg14PrFileInfo, 0, -1, v_dg14PrivateKey); v_algo := f_computeSharedSecret(v_dg14PrivateKey, p_publicKeyPcd, v_k); // b) The session keys KMAC and KEnc derived from K for Secure Messaging. f_deriveKeys(v_k, vc_simu.kEnc, vc_simu.kMac); log(v_algo); log("v_k:", v_k); log("vc_simu.kEnc:", vc_simu.kEnc); log("vc_simu.kMac:", vc_simu.kMac); // c) The hash of the inspection system's ephemeral public key H(^PKPCD) for Terminal Authentication. if(v_algo == e_dh) { vc_simu.isDhPublicKeyHash := f_digest(e_sha1, p_publicKeyPcd); Loading ePassport/ttcn/ePassport_Testcases.ttcn +3 −3 Original line number Diff line number Diff line Loading @@ -401,6 +401,7 @@ module ePassport_Testcases { e_aisBacAuthentication, e_aisPassiveAuthentication, e_aisChipAuthentication, e_aisTerminalAuthentication, e_aisCommunication }; Loading Loading @@ -703,7 +704,7 @@ module ePassport_Testcases { // Preamble f_cfUp(); f_initializeMRTD("CFG.DFLT.EAC"); f_initializeMRTD("CFG.EAC.ISO7816.E18"); f_initializeIS("WARNING: Ensure that IS uses IS_Cert_11"); // Test Body Loading Loading @@ -751,7 +752,6 @@ module ePassport_Testcases { // Preamble f_cfUp(); f_initializeMRTD("CFG.EAC.ISO7816.E28"); f_initializeIS("WARNING: Ensure that IS uses IS_Cert_11"); // Test Body t_ac.start(PXT_TWAIT); Loading Loading @@ -901,7 +901,7 @@ module ePassport_Testcases { // Test Body t_ac.start(PXT_TWAIT); alt { [] a_standardInspectionProcedure(); [] a_advancedInspectionProcedure(); [] a_aisReports(); Loading Loading
ePassport/ttcn/ePassport_Altsteps.ttcn +8 −3 Original line number Diff line number Diff line Loading @@ -345,12 +345,17 @@ //var EFfile v_file:=valueof(p_file); var CommandManageSecurityEnvironment v_command; var octetstring v_publicKeyPcd; var octetstring v_keyReference := ''O; [] mrtdport.receive(mw_mseSetKAT_chipAuthentication) -> value v_command { v_publicKeyPcd := v_command.payload .manageSecurityEnvironmentData.crtKAT .crtAuxRandomNumber.tlvValue; f_chipAuthentication(v_publicKeyPcd); if(ispresent(v_command.payload.manageSecurityEnvironmentData.crtKAT.crtReferenceOfSessionOrPrivateKey)) { v_keyReference := v_command.payload.manageSecurityEnvironmentData.crtKAT.crtReferenceOfSessionOrPrivateKey.tlvValue; } f_chipAuthentication(v_publicKeyPcd, v_keyReference); mrtdport.send(m_responseOK); vc_simu.securityStatus := e_chipAuthenticated; f_setKeysForSecureMessaging(vc_simu.kEnc & vc_simu.kMac); Loading Loading @@ -600,7 +605,7 @@ v_offset := oct2int(v_rawOffset); if(ispresent(v_readCommand.lengthE)) { if(ispresent(v_readB1Command.lengthE)) { v_dataLength := v_readB1Command.lengthE - 1 - lengthof(f_encodeLength(v_readB1Command.lengthE - 2)); // -1 => tag 53 and length field v_result := f_readFileData(vc_simu.currentFiles[v_logicalChannel], v_offset, v_dataLength, v_data); } Loading Loading @@ -728,7 +733,7 @@ v_offset := oct2int(v_rawOffset); if(ispresent(v_readCommand.lengthE)) { if(ispresent(v_readB1Command.lengthE)) { v_dataLength := v_readB1Command.lengthE - 1 - lengthof(f_encodeLength(v_readB1Command.lengthE - 2)); // -1 => tag 53 and length field v_result := f_readFileData(vc_simu.currentFiles[v_logicalChannel], v_offset, v_dataLength, v_data); } Loading
ePassport/ttcn/ePassport_Functions.ttcn +15 −6 Original line number Diff line number Diff line Loading @@ -502,24 +502,33 @@ return f_encrypt(e_rsa, v_aaPrivateKey, v_f); //FIXME Algorithm! } function f_chipAuthentication(in octetstring p_publicKeyPcd) runs on MRTD { function f_chipAuthentication(in octetstring p_publicKeyPcd, in octetstring p_keyReference) runs on MRTD { var octetstring v_k; var octetstring v_k := ''O; var octetstring v_h; var octetstring v_dg14; var KeyAgreementAlgorithm v_algo; var octetstring v_dummy; var octetstring v_dg14PrivateKey; var FileInfo v_dg14PrFileInfo; // a) The shared secret K = KA(SKPICC;^PKPCD;DPICC) = KA(^SKPCD;PKPICC;DPICC) // TODO: select private key based on key ref f_readFileData(c_fileDG14, 0, -1, v_dg14); f_readFileData(c_filePrCA, 0, -1, v_dg14PrivateKey); // select private key based on key ref v_dg14PrFileInfo := c_filePrCA; if(p_keyReference != ''O) { v_dg14PrFileInfo.filename := v_dg14PrFileInfo.filename & "." & oct2str(p_keyReference); } log(v_dg14PrFileInfo); f_readFileData(v_dg14PrFileInfo, 0, -1, v_dg14PrivateKey); v_algo := f_computeSharedSecret(v_dg14PrivateKey, p_publicKeyPcd, v_k); // b) The session keys KMAC and KEnc derived from K for Secure Messaging. f_deriveKeys(v_k, vc_simu.kEnc, vc_simu.kMac); log(v_algo); log("v_k:", v_k); log("vc_simu.kEnc:", vc_simu.kEnc); log("vc_simu.kMac:", vc_simu.kMac); // c) The hash of the inspection system's ephemeral public key H(^PKPCD) for Terminal Authentication. if(v_algo == e_dh) { vc_simu.isDhPublicKeyHash := f_digest(e_sha1, p_publicKeyPcd); Loading
ePassport/ttcn/ePassport_Testcases.ttcn +3 −3 Original line number Diff line number Diff line Loading @@ -401,6 +401,7 @@ module ePassport_Testcases { e_aisBacAuthentication, e_aisPassiveAuthentication, e_aisChipAuthentication, e_aisTerminalAuthentication, e_aisCommunication }; Loading Loading @@ -703,7 +704,7 @@ module ePassport_Testcases { // Preamble f_cfUp(); f_initializeMRTD("CFG.DFLT.EAC"); f_initializeMRTD("CFG.EAC.ISO7816.E18"); f_initializeIS("WARNING: Ensure that IS uses IS_Cert_11"); // Test Body Loading Loading @@ -751,7 +752,6 @@ module ePassport_Testcases { // Preamble f_cfUp(); f_initializeMRTD("CFG.EAC.ISO7816.E28"); f_initializeIS("WARNING: Ensure that IS uses IS_Cert_11"); // Test Body t_ac.start(PXT_TWAIT); Loading Loading @@ -901,7 +901,7 @@ module ePassport_Testcases { // Test Body t_ac.start(PXT_TWAIT); alt { [] a_standardInspectionProcedure(); [] a_advancedInspectionProcedure(); [] a_aisReports(); Loading
