Commit 9a525caf authored by garciay's avatar garciay
Browse files

Bug fixed in GnLayer/Security (thanks to Yogoko)

parent 442632e6
...@@ -431,26 +431,26 @@ public class Management implements IManagementTA, IManagementLayers { ...@@ -431,26 +431,26 @@ public class Management implements IManagementTA, IManagementLayers {
_certCache.readCertificate(certificateId, certificate); _certCache.readCertificate(certificateId, certificate);
// Extract public keys // Extract public keys
atCertificate = certificate.toByteArray(); atCertificate = certificate.toByteArray();
TERFactory.getInstance().logDebug("Management.setupSecuredModeFromTaConfig: certificate=" + ByteHelper.byteArrayToString(atCertificate)); TERFactory.getInstance().logDebug("Management.setupSecuredMode: certificate=" + ByteHelper.byteArrayToString(atCertificate));
// Compute AT certificate digest // Compute AT certificate digest
byte[] atHash = CryptoLib.hashWithSha256(atCertificate); byte[] atHash = CryptoLib.hashWithSha256(atCertificate);
atCertificateDigest = ByteHelper.extract(atHash, atHash.length - 8, 8); atCertificateDigest = ByteHelper.extract(atHash, atHash.length - 8, 8);
TERFactory.getInstance().logDebug("Management.setupSecuredModeFromTaConfig: atCertificateDigest=" + ByteHelper.byteArrayToString(atCertificateDigest)); TERFactory.getInstance().logDebug("Management.setupSecuredMode: atCertificateDigest=" + ByteHelper.byteArrayToString(atCertificateDigest));
int offset = 16; // FIXME To be enhanced int offset = 16; // FIXME To be enhanced
// KeyX // KeyX
signingPublicKeyX = new byte[32]; signingPublicKeyX = new byte[32];
System.arraycopy(atCertificate, offset, signingPublicKeyX, 0, 32); System.arraycopy(atCertificate, offset, signingPublicKeyX, 0, 32);
offset += 32; offset += 32;
TERFactory.getInstance().logDebug("Management.setupSecuredModeFromTaConfig: signingPublicKeyX=" + ByteHelper.byteArrayToString(signingPublicKeyX)); TERFactory.getInstance().logDebug("Management.setupSecuredMode: signingPublicKeyX=" + ByteHelper.byteArrayToString(signingPublicKeyX));
// KeyY // KeyY
signingPublicKeyY = new byte[32]; signingPublicKeyY = new byte[32];
System.arraycopy(atCertificate, offset, signingPublicKeyY, 0, 32); System.arraycopy(atCertificate, offset, signingPublicKeyY, 0, 32);
TERFactory.getInstance().logDebug("Management.setupSecuredModeFromTaConfig: signingPublicKeyY=" + ByteHelper.byteArrayToString(signingPublicKeyY)); TERFactory.getInstance().logDebug("Management.setupSecuredMode: signingPublicKeyY=" + ByteHelper.byteArrayToString(signingPublicKeyY));
// Extract private keys // Extract private keys
ByteArrayOutputStream signingPrivateKey = new ByteArrayOutputStream(); ByteArrayOutputStream signingPrivateKey = new ByteArrayOutputStream();
_certCache.readSigningKey(certificateId, signingPrivateKey); _certCache.readSigningKey(certificateId, signingPrivateKey);
this.signingPrivateKey = signingPrivateKey.toByteArray().clone(); this.signingPrivateKey = signingPrivateKey.toByteArray().clone();
TERFactory.getInstance().logDebug("Management.setupSecuredModeFromTaConfig: signingPrivateKey=" + ByteHelper.byteArrayToString(this.signingPrivateKey)); TERFactory.getInstance().logDebug("Management.setupSecuredMode: signingPrivateKey=" + ByteHelper.byteArrayToString(this.signingPrivateKey));
// TODO Add support of encryption // TODO Add support of encryption
} }
} }
......
...@@ -242,11 +242,11 @@ public class PcapMultiplexer implements Runnable { ...@@ -242,11 +242,11 @@ public class PcapMultiplexer implements Runnable {
if(clientsToMacs.containsKey(client.toString())) { if(clientsToMacs.containsKey(client.toString())) {
byte[] packet = ByteHelper.concat( byte[] packet = ByteHelper.concat(
dest, dest,
clientsToMacs.get(client.toString()), clientsToMacs.get(client.toString()),
ByteHelper.intToByteArray(clientsToFrameTypes.get(client.toString()), 2), ByteHelper.intToByteArray(clientsToFrameTypes.get(client.toString()), 2),
payload); payload);
pcap.sendPacket(packet); pcap.sendPacket(packet);
return packet; return packet;
} }
......
...@@ -14,12 +14,12 @@ import java.util.Observer; ...@@ -14,12 +14,12 @@ import java.util.Observer;
import org.etsi.adapter.ITERequired; import org.etsi.adapter.ITERequired;
import org.etsi.adapter.TERFactory; import org.etsi.adapter.TERFactory;
import org.etsi.its.adapter.ports.AdapterControlPort; import org.etsi.its.adapter.ports.AdapterControlPort;
import org.etsi.its.adapter.ports.ConfigTesterPort;
import org.etsi.its.adapter.ports.IPort; import org.etsi.its.adapter.ports.IPort;
import org.etsi.its.adapter.ports.PortEvent; import org.etsi.its.adapter.ports.PortEvent;
import org.etsi.its.adapter.ports.ProtocolPortFactory; import org.etsi.its.adapter.ports.ProtocolPortFactory;
import org.etsi.its.adapter.ports.UpperTesterPort; import org.etsi.its.adapter.ports.UpperTesterPort;
import org.etsi.ttcn.tci.CharstringValue; import org.etsi.ttcn.tci.CharstringValue;
import org.etsi.ttcn.tri.TriActionTemplate;
import org.etsi.ttcn.tri.TriAddress; import org.etsi.ttcn.tri.TriAddress;
import org.etsi.ttcn.tri.TriAddressList; import org.etsi.ttcn.tri.TriAddressList;
import org.etsi.ttcn.tri.TriCommunicationSA; import org.etsi.ttcn.tri.TriCommunicationSA;
...@@ -73,7 +73,6 @@ public class TestAdapter implements TriCommunicationSA, Observer { ...@@ -73,7 +73,6 @@ public class TestAdapter implements TriCommunicationSA, Observer {
/* (non-Javadoc) /* (non-Javadoc)
* @see org.etsi.ttcn.tri.TriCommunicationSA#triExecuteTestcase(org.etsi.ttcn.tri.TriTestCaseId, org.etsi.ttcn.tri.TriPortIdList) * @see org.etsi.ttcn.tri.TriCommunicationSA#triExecuteTestcase(org.etsi.ttcn.tri.TriTestCaseId, org.etsi.ttcn.tri.TriPortIdList)
*/ */
@Override
public TriStatus triExecuteTestcase(final TriTestCaseId tcId, final TriPortIdList portList) { public TriStatus triExecuteTestcase(final TriTestCaseId tcId, final TriPortIdList portList) {
return required.getTriStatus(TriStatus.TRI_OK); return required.getTriStatus(TriStatus.TRI_OK);
} }
...@@ -92,6 +91,8 @@ public class TestAdapter implements TriCommunicationSA, Observer { ...@@ -92,6 +91,8 @@ public class TestAdapter implements TriCommunicationSA, Observer {
port = new AdapterControlPort(portName, ComponentId); port = new AdapterControlPort(portName, ComponentId);
} else if (tsiPortId.getPortName().toLowerCase().endsWith("utport")) { } else if (tsiPortId.getPortName().toLowerCase().endsWith("utport")) {
port = new UpperTesterPort(portName, ComponentId); port = new UpperTesterPort(portName, ComponentId);
} else if (tsiPortId.getPortName().toLowerCase().endsWith("cfport")) {
port = new ConfigTesterPort(portName, ComponentId);
} else { } else {
String componentName = compPortId.getComponent().getComponentName(); String componentName = compPortId.getComponent().getComponentName();
...@@ -141,7 +142,7 @@ public class TestAdapter implements TriCommunicationSA, Observer { ...@@ -141,7 +142,7 @@ public class TestAdapter implements TriCommunicationSA, Observer {
} }
port.send(message.getEncodedMessage()); port.send(message.getEncodedMessage());
return required.getTriStatus(TriStatus.TRI_OK); return required.getTriStatus(TriStatus.TRI_OK);
} }
/* (non-Javadoc) /* (non-Javadoc)
...@@ -299,15 +300,6 @@ public class TestAdapter implements TriCommunicationSA, Observer { ...@@ -299,15 +300,6 @@ public class TestAdapter implements TriCommunicationSA, Observer {
return required.getTriStatus(TriStatus.TRI_ERROR, "triSutActionInformal not implemented"); return required.getTriStatus(TriStatus.TRI_ERROR, "triSutActionInformal not implemented");
} }
/**
* triSutActionTemplate not implemented
* @see org.etsi.ttcn.tri.TriCommunicationSA#triSutActionTemplate(org.etsi.ttcn.tri.TriActionTemplate)
*/
@Override
public TriStatus triSutActionTemplate(TriActionTemplate templateValue) {
return required.getTriStatus(TriStatus.TRI_ERROR, "triSutActionTemplate not implemented");
}
/** /**
* triMapParam not implemented * triMapParam not implemented
* @see org.etsi.ttcn.tri.TriCommunicationSA#triMapParam(org.etsi.ttcn.tri.TriPortId, org.etsi.ttcn.tri.TriPortId, org.etsi.ttcn.tri.TriParameterList) * @see org.etsi.ttcn.tri.TriCommunicationSA#triMapParam(org.etsi.ttcn.tri.TriPortId, org.etsi.ttcn.tri.TriPortId, org.etsi.ttcn.tri.TriParameterList)
...@@ -325,4 +317,27 @@ public class TestAdapter implements TriCommunicationSA, Observer { ...@@ -325,4 +317,27 @@ public class TestAdapter implements TriCommunicationSA, Observer {
public TriStatus triUnmapParam(TriPortId compPortId, TriPortId tsiPortId, TriParameterList paramList) { public TriStatus triUnmapParam(TriPortId compPortId, TriPortId tsiPortId, TriParameterList paramList) {
return required.getTriStatus(TriStatus.TRI_ERROR, "triUnmapParam not implemented"); return required.getTriStatus(TriStatus.TRI_ERROR, "triUnmapParam not implemented");
} }
@Override
public TriStatus triExecuteTestCase(TriTestCaseId tcId, TriPortIdList portList) {
return this.triExecuteTestcase(tcId, portList);
}
@Override
public TriStatus triGetStreamValue(TriComponentId arg0, TriPortId arg1, TriAddress arg2, TriMessage arg3) {
// TODO Auto-generated method stub
return null;
}
@Override
public TriStatus triSetStreamValue(TriComponentId arg0, TriPortId arg1, TriAddress arg2, TriMessage arg3) {
// TODO Auto-generated method stub
return null;
}
@Override
public TriStatus triStaticMap(TriPortId arg0, TriPortId arg1) {
// TODO Auto-generated method stub
return null;
}
} }
...@@ -664,19 +664,37 @@ public class GnLayer extends Layer implements Runnable, IEthernetSpecific { ...@@ -664,19 +664,37 @@ public class GnLayer extends Layer implements Runnable, IEthernetSpecific {
byte[] generationTime = ByteHelper.longToByteArray((long)(curtime - 1072915200000L) * 1000L, Long.SIZE / Byte.SIZE); // In microseconds byte[] generationTime = ByteHelper.longToByteArray((long)(curtime - 1072915200000L) * 1000L, Long.SIZE / Byte.SIZE); // In microseconds
//TERFactory.getInstance().logDebug("GnLayer.createSecuredMessage: generationTime=" + ByteHelper.byteArrayToString(generationTime)); //TERFactory.getInstance().logDebug("GnLayer.createSecuredMessage: generationTime=" + ByteHelper.byteArrayToString(generationTime));
// Build the payload to be signed // Build the payload to be signed
byte[] headersField = ByteHelper.concat( byte[] headersField = null;
ByteHelper.concat( // SecuredMessage HeaderFields boolean withCertificate = true; // FIXME Check that GnLayer is really used only for PICS_xxxM_RECEPTION tests. If so, always add AT certificate
new byte[] { if (withCertificate) {
(byte)0x80, // signerInfo headersField = ByteHelper.concat(
(byte)0x01 // Certificate digest with ecdsap256 ByteHelper.concat( // SecuredMessage HeaderFields
}, new byte[] {
management.getAtCertificateDigest(), // Hashed8 (byte)0x80, // signerInfo
new byte[] { (byte)0x02 // Certificate
(byte)0x00, // generationTime },
}, management.getAtCertificate(), // Hashed8
generationTime // Time64 value new byte[] {
) (byte)0x00, // generationTime
); },
generationTime // Time64 value
)
);
} else {
headersField = ByteHelper.concat(
ByteHelper.concat( // SecuredMessage HeaderFields
new byte[] {
(byte)0x80, // signerInfo
(byte)0x01 // Certificate digest with ecdsap256
},
management.getAtCertificateDigest(), // Hashed8
new byte[] {
(byte)0x00, // generationTime
},
generationTime // Time64 value
)
);
}
int its_aid = -1; int its_aid = -1;
switch ((int) params.get(BtpLayer.BTP_DSTPORT)) { switch ((int) params.get(BtpLayer.BTP_DSTPORT)) {
case 2001: // CAM case 2001: // CAM
...@@ -744,11 +762,17 @@ public class GnLayer extends Layer implements Runnable, IEthernetSpecific { ...@@ -744,11 +762,17 @@ public class GnLayer extends Layer implements Runnable, IEthernetSpecific {
); );
} }
byte[] payloadLengthTls = SecurityHelper.getInstance().size2tls(payloadLength); byte[] payloadLengthTls = SecurityHelper.getInstance().size2tls(payloadLength);
byte[] headersFieldLength = null;
if (headersField.length < 127) {
headersFieldLength = new byte[] { (byte)headersField.length };
} else {
headersFieldLength = SecurityHelper.getInstance().size2tls(headersField.length);
}
byte[] toBeSignedData = ByteHelper.concat( byte[] toBeSignedData = ByteHelper.concat(
new byte[] { // SecuredMessage version new byte[] { // SecuredMessage version
(byte)0x02 // version (byte)0x02 // version
}, },
new byte[] { (byte)headersField.length }, // HeadersField length headersFieldLength, // HeadersField length
headersField, // HeaderFields headersField, // HeaderFields
new byte[] { // SecuredMessage Payloads new byte[] { // SecuredMessage Payloads
(byte)0x01, // Secured payload type: signed (1) (byte)0x01, // Secured payload type: signed (1)
...@@ -757,8 +781,8 @@ public class GnLayer extends Layer implements Runnable, IEthernetSpecific { ...@@ -757,8 +781,8 @@ public class GnLayer extends Layer implements Runnable, IEthernetSpecific {
commonHdr, commonHdr,
extHdr, extHdr,
message, // End of SecuredMessage Payloads message, // End of SecuredMessage Payloads
new byte[] { (byte)0x01 }, // Signature new byte[] { (byte)0x43 }, // Signature length
new byte[] { (byte)0x43 } // Signature length new byte[] { (byte)0x01 } // Signature
); );
//TERFactory.getInstance().logDebug("GnLayer.createSecuredMessage: toBeSignedData=" + ByteHelper.byteArrayToString(toBeSignedData)); //TERFactory.getInstance().logDebug("GnLayer.createSecuredMessage: toBeSignedData=" + ByteHelper.byteArrayToString(toBeSignedData));
...@@ -774,7 +798,10 @@ public class GnLayer extends Layer implements Runnable, IEthernetSpecific { ...@@ -774,7 +798,10 @@ public class GnLayer extends Layer implements Runnable, IEthernetSpecific {
toBeSent = ByteHelper.concat( toBeSent = ByteHelper.concat(
basicHdr, basicHdr,
toBeSignedData, toBeSignedData,
new byte[] { 0x01, 0x00, 0x02 }, // Signature header new byte[] {
(byte)0x00, // Public Key Alg: ecdsa nistp256 with sha256 (0)
(byte)0x02 // ECC Point Type: compressed lsb y-0 (2)
}, // Signature header
ByteHelper.extract(signatureBytes, 2, signatureBytes.length - 2) ByteHelper.extract(signatureBytes, 2, signatureBytes.length - 2)
); );
} catch (Exception e) { } catch (Exception e) {
......
...@@ -221,8 +221,8 @@ public class GnPort extends ProtocolPort implements Runnable, IEthernetSpecific ...@@ -221,8 +221,8 @@ public class GnPort extends ProtocolPort implements Runnable, IEthernetSpecific
(byte)p_beacon.length // Data payload length (byte)p_beacon.length // Data payload length
}, },
p_beacon, // End of SecuredMessage Payloads p_beacon, // End of SecuredMessage Payloads
new byte[] { (byte)0x43 }, // Signature length new byte[] { (byte)0x01 }, // Signature
new byte[] { (byte)0x01 } // Signature new byte[] { (byte)0x43 } // Signature length
); );
//TERFactory.getInstance().logDebug("GnPort.buildToBeSignedData: toBeSignedData=" + ByteHelper.byteArrayToString(toBeSignedData)); //TERFactory.getInstance().logDebug("GnPort.buildToBeSignedData: toBeSignedData=" + ByteHelper.byteArrayToString(toBeSignedData));
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment