Skip to content
GitLab
Commit db3adb48 authored by garciay's avatar garciay
Browse files

Start Security support 

Add Service Advertisement support
parent 8aa38892
Hide whitespace changes
Inline Side-by-side
ttcn/TestCodec/TestCodec_Certificates.ttcn
View file @ db3adb48
......@@ -148,7 +148,37 @@ module TestCodec_Certificates {
compressed_y_0 := p_compressed_y_0
} // End of template m_eccP256CurvePoint_compressed_y_0
testcase tc_certificate_1() runs on TCType system TCType {
template (value) Signature m_signature_ecdsaNistP256(
in template (value) EcdsaP256Signature p_ecdsaNistP256Signature
) := {
ecdsaNistP256Signature := p_ecdsaNistP256Signature
}
template (value) EcdsaP256Signature m_ecdsaNistP256Signature(
in template (value) EccP256CurvePoint p_rSig,
in template (value) Oct32 p_sSig
) := {
rSig := p_rSig,
sSig := p_sSig
}
template (value) EccP256CurvePoint m_eccP256CurvePoint_compressed_y(
in template (value) Oct32 p_y
) := {
compressed_y_0 := p_y
}
template (value) EccP256CurvePoint m_eccP256CurvePoint_x_y(
in template (value) octetstring p_x,
in template (value) octetstring p_y
) := {
uncompressedP256 := {
x := p_x,
y := p_y
}
}
testcase tc_root_certificate_1() runs on TCType system TCType {
var template (value) EtsiTs103097Certificate v_cert; // ETSI TS 103 097 V1.3.1 Clause 6 Bullet 1
var charstring v_certId := "STF528 Root Certificate";
var HashAlgorithm v_self := sha256; // ETSI TS 103 097 V1.3.1 Clause 7.2.3 Root CA certificates Bullet 1
......@@ -164,17 +194,17 @@ module TestCodec_Certificates {
var SequenceOfPsidSspRange v_certRequestPermissions := { // FIXME Could this componet be present? If yes, What is the content of certIssuePermissions?
valueof(m_psidSspRange(2))
};
var Oct32 v_compressed_y_0 := '0000000000000000000000000000000000000000000000000000000000000000'O;
var octetstring v_private_key := ''O;
var octetstring v_publicKeyX := ''O;
var octetstring v_publicKeyY := ''O;
var HashedId8 v_sha256AndDigest;
var bitstring v_encMsg;
var integer v_res := 0;
var bitstring v_expEncMsg := oct2bit('310020'O);
var octetstring v_sig := ''O;
var bitstring v_encMsg := ''B;
// Generate Private/Public keys
var Oct32 private_key;
//f_generate_keys_pair(private_key, v_compressed_y_0, "compressed-y-0");
f_generate_key_pair(v_private_key, v_publicKeyX, v_publicKeyX);
// Store Private key in binary format
//f_save_key(private_key);
//f_save_key(v_private_key);
// Fill Certificate template with the public key
v_cert := m_etsiTs103097Certificate(
m_issuerIdentifier_self(v_self),
......@@ -195,27 +225,172 @@ module TestCodec_Certificates {
v_certRequestPermissions
))
},
m_verificationKeyIndicator_verificationKey(
m_verificationKeyIndicator_verificationKey( // FIXME Do we use it? If so what is the content?
m_publicVerificationKey_ecdsaNistP256(
m_eccP256CurvePoint_compressed_y_0(
v_compressed_y_0
m_eccP256CurvePoint_x_y(
v_publicKeyX,
v_publicKeyY
)))
)
);
// Encode it ==> Get octetstring
log("Encode template ", valueof(v_cert));
v_encMsg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_encMsg), v_private_key);
v_cert.signature_ := m_signature_ecdsaNistP256(
m_ecdsaNistP256Signature(
m_eccP256CurvePoint_x_y(
v_publicKeyX,
v_publicKeyY
),
v_sig
)
);
// Final certificate
v_encMsg := encvalue(v_cert);
// Update v_sha256AndDigest
//f_hashWithSha256(bit2oct(v_encMsg));
//f_HashedId8FromSha256();
// Sign the certificate
//f_signWithEcdsaNistp256WithSha256();
setverdict(pass, "Encoding passed.");
} // End of testcase tc_certificate_1
} // End of testcase tc_root_certificate_1
group helpersFunctions {
group signing {
/**
* @desc Produces a 256-bit (32-byte) hash value
* @param p_toBeHashedData Data to be used to calculate the hash value
* @return The hash value
*/
external function fx_hashWithSha256(in octetstring p_toBeHashedData) return Oct32;
/**
* @desc Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signaturee
* @param p_toBeSignedSecuredMessage The data to be signed
* @param p_privateKey The private key
* @return The signature value
*/
external function fx_signWithEcdsaNistp256WithSha256(in octetstring p_toBeSignedSecuredMessage, in octetstring/*UInt64*/ p_privateKey) return octetstring;
/**
* @desc Verify the signature of the specified data
* @param p_toBeVerifiedData The data to be verified
* @param p_signature The signature
* @param p_ecdsaNistp256PublicKeyX The public key (x coordinate)
* @param p_ecdsaNistp256PublicKeyY The public key (y coordinate)
* @return true on success, false otherwise
*/
external function fx_verifyWithEcdsaNistp256WithSha256(in octetstring p_toBeVerifiedData, in octetstring p_signature, in octetstring p_ecdsaNistp256PublicKeyX, in octetstring p_ecdsaNistp256PublicKeyY) return boolean;
/**
* @desc Produce a new public/private key pair based on Elliptic Curve Digital Signature Algorithm (ECDSA) algorithm.
* This function should not be used by the ATS
* @param p_privateKey The new private key value
* @param p_publicKeyX The new public key value (x coordinate)
* @param p_publicKeyX The new public key value (y coordinate)
* @return true on success, false otherwise
*/
external function fx_generateKeyPair(out octetstring/*UInt64*/ p_privateKey, out octetstring p_publicKeyX, out octetstring p_publicKeyY) return boolean;
} // End of group signing
/**
* @desc Produces a 256-bit (32-byte) hash value
* @param p_toBeHashedData Data to be used to calculate the hash value
* @return The hash value
*/
function f_hashWithSha256(
in octetstring p_toBeHashedData
) return Oct32 {
return fx_hashWithSha256(p_toBeHashedData);
} // End of function f_hashWithSha256
/**
* @desc Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signaturee
* @param p_toBeSignedSecuredMessage The data to be signed
* @return The signature value
*/
function f_signWithEcdsaNistp256WithSha256(
in octetstring p_toBeSignedSecuredMessage,
in Oct32 p_privateKey
) return octetstring {
return fx_signWithEcdsaNistp256WithSha256(
p_toBeSignedSecuredMessage,
p_privateKey
);
} // End of function f_signWithEcdsaNistp256WithSha256
/**
* @desc Compute the HashedId8 value from the hash value
* @param p_hash The hash value
* @return The HashedId8 value
* @verdict
*/
function f_HashedId8FromSha256(
in Oct32 p_hash
) return HashedId8 {
return substr(p_hash, lengthof(p_hash) - 8, 8);
} // End of function f_HashedId8FromSha256
/**
* @desc Compute the HashedId3 value from the HashedId8 value
* @param p_hashp_hashedId8 The HashedId8 value
* @return The HashedId3 value
* @verdict Unchanged
*/
function f_HashedId3FromHashedId8(
in HashedId8 p_hashedId8
) return HashedId3 {
return substr(p_hashedId8, lengthof(p_hashedId8) - 3, 3);
} // End of function f_HashedId3FromHashedId8
/**
* @desc Verify the signature of the specified data
* @param p_toBeVerifiedData The data to be verified
* @param p_signature The signature
* @param p_ecdsaNistp256PublicKeyX The public key (x coordinate)
* @param p_ecdsaNistp256PublicKeyY The public key (y coordinate)
* @return true on success, false otherwise
*/
function f_verifyWithEcdsaNistp256WithSha256(
in octetstring p_toBeVerifiedData,
in octetstring p_signature,
in octetstring p_ecdsaNistp256PublicKeyX,
in octetstring p_ecdsaNistp256PublicKeyY
) return boolean {
// log("f_verifyWithEcdsaNistp256WithSha256: toBeVerifiedData", p_toBeVerifiedData);
// log("f_verifyWithEcdsaNistp256WithSha256: toBeVerifiedData length", lengthof(p_toBeVerifiedData));
// log("f_verifyWithEcdsaNistp256WithSha256: signature", p_signature);
// log("f_verifyWithEcdsaNistp256WithSha256: ecdsaNistp256PublicKeyX", p_ecdsaNistp256PublicKeyX);
// log("f_verifyWithEcdsaNistp256WithSha256: ecdsaNistp256PublicKeyY", p_ecdsaNistp256PublicKeyY);
return fx_verifyWithEcdsaNistp256WithSha256(
p_toBeVerifiedData,
p_signature,
p_ecdsaNistp256PublicKeyX,
p_ecdsaNistp256PublicKeyY);
} // End of function f_verifyWithEcdsaNistp256WithSha256
/**
* @desc Produce a new public/private key pair based on Elliptic Curve Digital Signature Algorithm (ECDSA) algorithm.
* This function should not be used by the ATS
* @param p_privateKey The new private key value
* @param p_publicKeyX The new public key value (x coordinate)
* @param p_publicKeyX The new public key value (y coordinate)
* @return true on success, false otherwise
*/
function f_generate_key_pair(
out octetstring p_privateKey,
out octetstring p_publicKeyX,
out octetstring p_publicKeyY
) return boolean {
return fx_generateKeyPair(p_privateKey, p_publicKeyX, p_publicKeyY);
}
}
control {
execute(tc_certificate_1());
execute(tc_root_certificate_1());
}
} // End of module tc_certificate_1
} // End of module TestCodec_Certificates
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment