Changes made during Ispra#2 (dec7a9b0) · Commits · MTS - Methods for Testing and Specification / ePassport

ePassport/ttcn/ePassport_Altsteps.ttcn

+17 −10

Original line number	Diff line number	Diff line
		@@ -135,6 +135,13 @@
		t_ac.start;
		repeat;
		}

		[] a_aisReports() {
		if(t_ac.running) {
		t_ac.start;
		repeat;
		}
		}
		}

		altstep a_fileDefault() runs on MRTD {
		@@ -305,7 +312,7 @@
		// Start the MRTD Test sequence : Standard Inspection Procedure (SIP)
		altstep a_standardInspectionProcedure() runs on MRTD {

		[/vc_simu.securityStatus == e_noApplication/] a_waitApplication();
		[] a_waitApplication();

		[vc_simu.securityStatus > e_noApplication
		and vc_simu.securityStatus < e_basicAccessControl] a_bac();
		@@ -318,7 +325,7 @@
		// Start the MRTD Test sequence : Advanced Inspection Procedure (AIP) including EAC
		altstep a_advancedInspectionProcedure() runs on MRTD {

		[/vc_simu.securityStatus == e_noApplication/] a_waitApplication();
		[] a_waitApplication();

		[vc_simu.securityStatus > e_noApplication
		and vc_simu.securityStatus < e_basicAccessControl] a_bac();
		@@ -495,12 +502,12 @@

		[] mrtdport.receive(mw_selectApplication) {

		vc_simu.securityStatus := e_noSecurity;

		// Restore basic access keys
		f_readFileData(c_fileMRZ, 0, -1, vc_simu.mrz);
		f_deriveKeys(f_extractKseedFromMrz(vc_simu.mrz), vc_simu.kEnc, vc_simu.kMac);
		if(vc_simu.securityStatus != e_noApplication) {
		// Reset MRTD settings
		f_initializeMRTD(vc_simu.ePassportProfile);
		}

		vc_simu.securityStatus := e_noSecurity;
		mrtdport.send(m_responseOK);
		t_ac.start;
		repeat;

ePassport/ttcn/ePassport_Functions.ttcn

+73 −45

Original line number	Diff line number	Diff line
		@@ -349,6 +349,18 @@
		if(p_algorithm == e_sha1) {
		return 20;
		}
		if(p_algorithm == e_sha224) {
		return 28;
		}
		if(p_algorithm == e_sha256) {
		return 32;
		}
		if(p_algorithm == e_sha384) {
		return 48;
		}
		if(p_algorithm == e_sha512) {
		return 64;
		}
		else {
		return 0;
		}
		@@ -466,40 +478,56 @@
		var integer v_c;
		var octetstring v_m, v_m1;
		var octetstring v_f, v_h;
		var octetstring v_trailer;
		var octetstring v_trailer := ''O;
		var integer v_m1Length;
		var octetstring v_aaPrivateKey;

		// TODO: determine algorithm used by DG15
		// if RSA get modulus.length
		// if (EC)DSA => fx_computeSignature

		// create trailer (SHA1)
		if(vc_simu.aaHashAlgorithm == e_sha1) {
		v_trailer := 'BC'O;
		// FIXME
		}
		else if (vc_simu.aaHashAlgorithm == e_sha224) {
		v_trailer := '38CC'O;
		}
		else if (vc_simu.aaHashAlgorithm == e_sha256) {
		v_trailer := '34CC'O;
		}
		else if (vc_simu.aaHashAlgorithm == e_sha384) {
		v_trailer := '36CC'O;
		}
		else if (vc_simu.aaHashAlgorithm == e_sha512) {
		v_trailer := '35CC'O;
		}
		log("trailer: ", v_trailer);

		// determine lengths
		v_c := PXT_ACTIVE_AUTH_MODULUS_LENGTH
		- 8*f_getHashLength(PXT_ACTIVE_AUTH_HASH_ALGORITHM)
		- 8*f_getHashLength(vc_simu.aaHashAlgorithm)
		- 8*lengthof(v_trailer) - 4;
		v_m1Length := v_c - 4;
		log("f_getHashLength(v_hashAlgorithm): ", lengthof(v_trailer));
		log("lengthof(v_trailer): ", lengthof(v_trailer));
		log("v_m1Length");

		// generate M1
		v_m1 := f_generateRandomOctetstring(v_m1Length / 8);
		log("v_m1: ", v_m1);

		// create M
		v_m := v_m1 & p_rndIfd;
		log("v_m: ", v_m);

		// calculate digest
		v_h := f_digest(PXT_ACTIVE_AUTH_HASH_ALGORITHM, v_m);
		v_h := f_digest(vc_simu.aaHashAlgorithm, v_m);
		log("v_h: ", v_h);

		// construct message representative
		v_f := '6A'O & v_m1 & v_h & v_trailer;
		//FIXME
		log("");

		// encrypt message representative
		f_readFileData(c_filePrAA, 0, -1, v_aaPrivateKey);
		return f_encrypt(e_rsa, v_aaPrivateKey, v_f); //FIXME Algorithm!
		return f_encrypt(e_rsa, v_aaPrivateKey, v_f);
		}

		function f_chipAuthentication(in octetstring p_publicKeyPcd, in octetstring p_keyReference)
		@@ -654,59 +682,59 @@

		function f_initializeMRTD(in charstring p_configurationId) runs on MRTD {

		var octetstring v_cvcaData;
		var octetstring v_cvca;
		var octetstring v_trustPointRaw;
		var octetstring v_cvcaRaw;
		var ChrList v_cvcaTrustPoints;
		var octetstring v_csvCertRefIds;
		var CvCertificate v_cvcaCvCertificate;
		var CvCertificate v_trustPointCertificate;
		var integer v_decodeResult;
		var octetstring v_dg1 := ''O;

		// Load filesystem
		// Load profile
		f_loadPassportConfiguration(p_configurationId);
		vc_simu.ePassportProfile := p_configurationId;

		// Prepare basic access keys
		// FIXME: Read DG1 instead of optical MRZ
		f_readFileData(c_fileDG1, 0, -1, v_dg1);
		vc_simu.mrz := f_extractMrzFromDg1(v_dg1);
		log("DG1 MRZ: ", oct2char(vc_simu.mrz));
		f_deriveKeys(f_extractKseedFromMrz(vc_simu.mrz), vc_simu.kEnc, vc_simu.kMac);
		vc_simu.documentNumber := f_extractDocumentNumberFromMrz(vc_simu.mrz);
		log("documentNumber: ", oct2char(vc_simu.documentNumber));
		vc_simu.securityStatus := e_noApplication;
		vc_simu.passportProtection := e_bac;
		vc_simu.activeAuthenticationPerformed := false;

		// Read trusted CHRs from EF.CVCA
		f_readFileData(c_fileCVCA, 0, -1, v_cvca);
		vc_simu.trustedCAs := f_decodeCvca(v_cvca);
		// Read officialy trusted CHRs from EF.CVCA
		f_readFileData(c_fileCVCA, 0, -1, v_cvcaRaw);
		v_cvcaTrustPoints := f_decodeCvca(v_cvcaRaw);

		// TODO: Read real trust points

		// FIXME: only in case of terminal authentication
		f_readFileData(c_fileCvcaCert, 0, -1, v_cvcaData);
		if(sizeof(vc_simu.trustedCAs) > 0) {
		if(v_cvcaData != ''O) {
		v_decodeResult := decvalue(oct2bit(v_cvcaData), v_cvcaCvCertificate);
		f_readFileData(c_fileTrustPointCert, 0, -1, v_trustPointRaw);
		if(v_trustPointRaw != ''O) {
		v_decodeResult := decvalue(oct2bit(v_trustPointRaw), v_trustPointCertificate);
		// FIXME check v_decodeREsiult + ispresent
		if(oct2char(v_cvcaCvCertificate.tlvValue.cvCertificateBody.tlvValue.cvCertificateHolderReference.tlvValue) == vc_simu.trustedCAs[0]) {
		f_addTrustedCertificate(
		vc_simu.trustedCAs[0],
		v_cvcaCvCertificate.tlvValue.cvCertificateBody.tlvValue.cvPublicKey.tlvValue);
		}
		else {
		if(oct2char(v_trustPointCertificate.tlvValue.cvCertificateBody.tlvValue.cvCertificateHolderReference.tlvValue) != v_cvcaTrustPoints[0]) {
		log("** f_initializeMRTD: WARNING: " & c_fileCVCA.filename & " does not match trust points **");
		}
		}
		}
		else {
		log("** f_initializeMRTD: WARNING: " & c_fileCVCA.filename & " is empty **");
		vc_simu.trustedCAs := {oct2char(v_trustPointCertificate.tlvValue.cvCertificateBody.tlvValue.cvCertificateHolderReference.tlvValue)};
		f_addTrustedCertificate(
		oct2char(v_trustPointCertificate.tlvValue.cvCertificateBody.tlvValue.cvCertificateHolderReference.tlvValue),
		v_trustPointCertificate.tlvValue.cvCertificateBody.tlvValue.cvPublicKey.tlvValue);
		}

		f_readFileData(c_fileMRZ, 0, -1, vc_simu.opticalMrz);

		// FIXME read c_fileCertRefIds
		// Read c_fileCertRefIds
		f_readFileData(c_fileCertRefIds, 0, -1, v_csvCertRefIds);
		vc_simu.aisCertRefIds := f_parseCertRefIds(v_csvCertRefIds);
		f_createDg(c_fileDGCertData, f_encodeCertData(vc_simu.aisCertRefIds));

		// TODO: determine algorithm used by DG15
		// if RSA get modulus.length
		// if (EC)DSA => fx_computeSignature
		vc_simu.aaHashAlgorithm := PXT_ACTIVE_AUTH_HASH_ALGORITHM;

		// IS verdicts
		vc_simu.isFailVerdicts := {};
		vc_simu.isPassVerdicts := {};

ePassport/ttcn/ePassport_Pixits.ttcn

+3 −3

Original line number	Diff line number	Diff line
		@@ -89,15 +89,15 @@ module ePassport_Pixits {

		group securityPixits {

		modulepar integer PXT_ACTIVE_AUTH_MODULUS_LENGTH := 1024;
		modulepar HashAlgorithm PXT_ACTIVE_AUTH_HASH_ALGORITHM := e_sha1;
		modulepar integer PXT_ACTIVE_AUTH_MODULUS_LENGTH := 1024; // TODO: remove ?
		modulepar HashAlgorithm PXT_ACTIVE_AUTH_HASH_ALGORITHM := e_sha1; // TODO: remove

		} // end securityPixits

		group ePassportPixits {

		/**
		* @desc Root directory containing ePassport files (EF.*, MRZ, ...)
		* @desc Root directory containing ePassport profiles (EF.*, MRZ, ...)
		*/
		modulepar charstring PXT_EPASSPORT_DATA_ROOT := "G:/FSCOM/STF400/trunk/Helpers/ElementFilesImpl/ePassportData/";

ePassport/ttcn/ePassport_TestSystem.ttcn

+7 −3

Original line number	Diff line number	Diff line
		@@ -12,8 +12,7 @@ module ePassport_TestSystem {
		import from ePassport_Types all;
		import from ePassport_Pixits all;

		type component MRTD_System
		{
		type component MRTD_System {
		port MrtdPort system_mrtdPort;
		port MgmtPort system_mgmtPort
		}
		@@ -50,13 +49,18 @@ module ePassport_TestSystem {
		type record SimuParams {
		SecurityStatus securityStatus,
		PassportProtection passportProtection,
		charstring ePassportProfile,
		FileSet currentFiles,
		octetstring kEnc,
		octetstring kMac,

		// Terminal Authentication
		ChrList trustedCAs optional, // list of trusted CAs - derived from EF.CVCA
		CertList trustedCertificates optional, // list of trusted certificates

		// Active Authentication
		boolean activeAuthenticationPerformed,
		HashAlgorithm aaHashAlgorithm,

		// Security Environment
		Chr dst optional,

ePassport/ttcn/ePassport_Testcases.ttcn

+11 −7

Original line number	Diff line number	Diff line
		@@ -186,6 +186,10 @@ module ePassport_Testcases {
		// Test Body
		t_ac.start(PXT_TWAIT);
		alt {
		[] a_waitApplication() {
		f_setIncrementSsc(true);
		}

		[] mrtdport.receive(mw_readShortEF(c_fileDG1.shortFileId)) -> value v_readCommand {

		f_setIncrementSsc(false);
		@@ -539,8 +543,7 @@ module ePassport_Testcases {
		testcase TC_ISO7816_E08() runs on MRTD system MRTD_System {

		var template IsVerdictList vt_expectedFailResults := {
		e_aisTerminalAuthentication,
		e_aisEfCvca
		e_aisTerminalAuthentication
		};
		var template IsVerdictList vt_expectedPassResults := {
		e_aisBacAuthentication,
		@@ -598,15 +601,16 @@ module ePassport_Testcases {
		// Preamble
		f_cfUp();
		f_initializeMRTD("CFG.EAC.ISO7816.E11");

		// Modify Document number
		vc_simu.documentNumber := char2oct("M11T002JM4");

		f_initializeIS("");

		// Test Body
		t_ac.start(PXT_TWAIT);
		alt {
		[] a_waitApplication() {
		// Modify Document number
		vc_simu.documentNumber := char2oct("M11T002JM4");
		}

		[] a_advancedInspectionProcedure();

		[] a_aisReports();

Admin message