Loading lib/LibItsSecurity_Pics.ttcn +2 −2 Original line number Diff line number Diff line Loading @@ -37,12 +37,12 @@ module LibItsSecurity_Pics { /** * Does the IUT support Brainpool P256r1 algorithm */ modulepar boolean PICS_SEC_BRAINPOOL_P256R1 := false; modulepar boolean PICS_SEC_BRAINPOOL_P256R1 := true; /** * Does the IUT support Brainpool P384r1 algorithm */ modulepar boolean PICS_SEC_BRAINPOOL_P384R1 := false; modulepar boolean PICS_SEC_BRAINPOOL_P384R1 := true; /** * Is the IUT able to distribute AT certificates Loading lib/LibItsSecurity_Pixits.ttcn +85 −52 Original line number Diff line number Diff line Loading @@ -20,6 +20,9 @@ module LibItsSecurity_Pixits { import from Ieee1609Dot2 language "ASN.1:1997" all; import from EtsiTs103097Module language "ASN.1:1997" all; // LibItsSecurity import from LibItsSecurity_TypesAndValues all; /** * @desc Root path to access certificate stored in files, identified by certficate ID */ Loading Loading @@ -62,4 +65,34 @@ module LibItsSecurity_Pixits { */ modulepar SecLatitude PX_WGSLATITUDE := 0; /** * @desc Indicate which canonical key shall be used (Nist-P256, BP-256 or BP-384) */ modulepar SignAlgorithm PX_VE_ALG := e_nist_p256; /** * @desc Indicate which encryption algorithm to be used for Enrolment Credencial */ modulepar SignAlgorithm PX_EC_ALG_FOR_EC := e_nist_p256; // TODO Use RCA to determine encryption algorithm? /** * @desc Indicate which encryption algorithm to be used for Authorization Request (AA certificate of the IUT) */ modulepar SignAlgorithm PX_EC_ALG_FOR_AT := e_nist_p256; /** * @desc Indicate which encryption algorithm to be used for Authorization Validation Request (EA certificate of the IUT) */ modulepar SignAlgorithm PX_EC_ALG_FOR_ATV := e_nist_p256; /** * @desc Indicate which encryption algorithm to be used for misbehaviour request (MA certificate of the IUT/TS) */ modulepar SignAlgorithm PX_EC_ALG_FOR_MA := e_nist_p256; /** * @desc Indicate which encryption algorithm to be used for EcSignature (EA certificate of the IUT) */ modulepar SignAlgorithm PX_EC_ALG_FOR_EC_SIGN := e_nist_p256; } // End of module LibItsSecurity_Pixits lib/LibItsSecurity_Templates.ttcn +18 −18 Original line number Diff line number Diff line Loading @@ -1370,9 +1370,9 @@ module LibItsSecurity_Templates { encryptionKey := p_encryptionKey, verifyKeyIndicator := p_verifyKeyIndicator, flags := omit, appExtensions := { m_app_extension(-, objid{ 0 4 0 })}, certIssueExtensions := { m_cert_issue_extension }, certRequestExtension := { m_cert_request_extension } appExtensions := omit, //{ m_app_extension(-, objid{ 0 4 0 })}, certIssueExtensions := omit, //{ m_cert_issue_extension }, certRequestExtension := omit //{ m_cert_request_extension } } // End of template m_toBeSignedCertificate_ca template (value) AppExtension m_app_extension( Loading Loading @@ -1429,9 +1429,9 @@ module LibItsSecurity_Templates { encryptionKey := p_encryptionKey, verifyKeyIndicator := p_verifyKeyIndicator, flags := omit, appExtensions := ?, certIssueExtensions := ?, certRequestExtension := ? appExtensions := omit, certIssueExtensions := omit, certRequestExtension := omit } // End of template mw_toBeSignedCertificate_ca /** Loading Loading @@ -1491,9 +1491,9 @@ module LibItsSecurity_Templates { encryptionKey := p_encryptionKey, verifyKeyIndicator := p_verifyKeyIndicator, flags := omit, appExtensions := ?, certIssueExtensions := ?, certRequestExtension := ? appExtensions := omit, certIssueExtensions := omit, certRequestExtension := omit } // End of template mw_toBeSignedCertificate_ea template (omit) ToBeSignedCertificate m_toBeSignedCertificate_ec( Loading Loading @@ -1549,9 +1549,9 @@ module LibItsSecurity_Templates { encryptionKey := p_encryptionKey, verifyKeyIndicator := p_verifyKeyIndicator, flags := omit, appExtensions := ?, certIssueExtensions := ?, certRequestExtension := ? appExtensions := omit, certIssueExtensions := omit, certRequestExtension := omit } // End of template mw_toBeSignedCertificate_ec /** Loading Loading @@ -1611,9 +1611,9 @@ module LibItsSecurity_Templates { encryptionKey := p_encryptionKey, verifyKeyIndicator := p_verifyKeyIndicator, flags := omit, appExtensions := ?, certIssueExtensions := ?, certRequestExtension := ? appExtensions := omit, certIssueExtensions := omit, certRequestExtension := omit } // End of template mw_toBeSignedCertificate_aa template (present) CertificateId mw_certificateId_name( Loading Loading @@ -1681,9 +1681,9 @@ module LibItsSecurity_Templates { encryptionKey := p_encryptionKey, verifyKeyIndicator := p_verifyKeyIndicator, flags := omit, appExtensions := ?, certIssueExtensions := ?, certRequestExtension := ? appExtensions := omit, certIssueExtensions := omit, certRequestExtension := omit } // End of template mw_toBeSignedCertificate_at } // End of group toBeSignedCertificate Loading lib/LibItsSecurity_TypesAndValues.ttcn +5 −5 Original line number Diff line number Diff line Loading @@ -274,10 +274,10 @@ module LibItsSecurity_TypesAndValues { } // End of group profileCertificates type enumerated SignAlgorithm { e_nistp_256, e_brainpool_256, e_brainpool_384 } e_nist_p256 (0), e_brainpool_p256_r1 (1), e_brainpool_p384_r1 (2) } // End of type SignAlgorithm group taConfiguration { Loading lib_system/LibItsSecurity_Functions.ttcn +62 −2 Original line number Diff line number Diff line Loading @@ -59,6 +59,31 @@ module LibItsSecurity_Functions { return fx_hashWithSha384(p_toBeHashedData); } // End of function f_hashWithSha256 function f_signWithEcdsa( in octetstring p_toBeSignedSecuredMessage, in octetstring p_certificateIssuer, in octetstring p_privateKey ) return octetstring { log(">>> f_verifyEcdsa: p_toBeSignedSecuredMessage= ", p_toBeSignedSecuredMessage); log(">>> f_verifyEcdsa: p_certificateIssuer= ", p_certificateIssuer); log(">>> f_verifyEcdsa: p_privateKey= ", p_privateKey); log(">>> f_verifyEcdsa: PX_VE_ALG= ", PX_VE_ALG); if (PX_VE_ALG == e_nist_p256) { return f_signWithEcdsaNistp256WithSha256(p_toBeSignedSecuredMessage, p_certificateIssuer, p_privateKey); } else if (PX_VE_ALG == e_brainpool_p256_r1) { return f_signWithEcdsaBrainpoolp256r1WithSha256(p_toBeSignedSecuredMessage, p_certificateIssuer, p_privateKey); } else if (PX_VE_ALG == e_brainpool_p384_r1) { if (p_certificateIssuer == int2oct(0, 32)) { return f_signWithEcdsaBrainpoolp384r1WithSha384(p_toBeSignedSecuredMessage, int2oct(0, 48), p_privateKey); } else { return f_signWithEcdsaBrainpoolp384r1WithSha384(p_toBeSignedSecuredMessage, p_certificateIssuer, p_privateKey); } } return ''O; } // End of function f_signWithEcdsa function f_verifyEcdsa( in octetstring p_tbs, in octetstring p_issuer, Loading Loading @@ -1243,7 +1268,6 @@ module LibItsSecurity_Functions { // Local variables var EtsiTs103097Certificate v_aaCertificate, v_atCertificate; log(">>> f_buildGnSecuredCam: p_securedMessage= ", p_securedMessage); log(">>> f_buildGnSecuredCam: p_payloadField= ", p_payloadField); // Load certificates if required Loading Loading @@ -2833,6 +2857,42 @@ module LibItsSecurity_Functions { }// End of group certificatesCaching function f_extract_enc_key( in Certificate p_certificate, out octetstring p_public_enc_key, out integer p_compressed_enc_key_mode ) return boolean { log(">>> f_extract_enc_key: ", p_certificate); if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256)) { if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0)) { p_public_enc_key := p_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0; p_compressed_enc_key_mode := 0; } else if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1)) { p_public_enc_key := p_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1; p_compressed_enc_key_mode := 1; } else { log("f_extract_enc_key: Non canonical certificate: ", p_certificate); return false; } } else if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1)) { if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_0)) { p_public_enc_key := p_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_0; p_compressed_enc_key_mode := 0; } else if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_1)) { p_public_enc_key := p_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_1; p_compressed_enc_key_mode := 0; } else { log("f_extract_enc_key: Non canonical certificate: ", p_certificate); return false; } } else { log("f_extract_enc_key: Invalid certificate: ", p_certificate); return false; } return true; } // End of function f_extract_enc_key } // End of group helpersFunctions Loading Loading
lib/LibItsSecurity_Pics.ttcn +2 −2 Original line number Diff line number Diff line Loading @@ -37,12 +37,12 @@ module LibItsSecurity_Pics { /** * Does the IUT support Brainpool P256r1 algorithm */ modulepar boolean PICS_SEC_BRAINPOOL_P256R1 := false; modulepar boolean PICS_SEC_BRAINPOOL_P256R1 := true; /** * Does the IUT support Brainpool P384r1 algorithm */ modulepar boolean PICS_SEC_BRAINPOOL_P384R1 := false; modulepar boolean PICS_SEC_BRAINPOOL_P384R1 := true; /** * Is the IUT able to distribute AT certificates Loading
lib/LibItsSecurity_Pixits.ttcn +85 −52 Original line number Diff line number Diff line Loading @@ -20,6 +20,9 @@ module LibItsSecurity_Pixits { import from Ieee1609Dot2 language "ASN.1:1997" all; import from EtsiTs103097Module language "ASN.1:1997" all; // LibItsSecurity import from LibItsSecurity_TypesAndValues all; /** * @desc Root path to access certificate stored in files, identified by certficate ID */ Loading Loading @@ -62,4 +65,34 @@ module LibItsSecurity_Pixits { */ modulepar SecLatitude PX_WGSLATITUDE := 0; /** * @desc Indicate which canonical key shall be used (Nist-P256, BP-256 or BP-384) */ modulepar SignAlgorithm PX_VE_ALG := e_nist_p256; /** * @desc Indicate which encryption algorithm to be used for Enrolment Credencial */ modulepar SignAlgorithm PX_EC_ALG_FOR_EC := e_nist_p256; // TODO Use RCA to determine encryption algorithm? /** * @desc Indicate which encryption algorithm to be used for Authorization Request (AA certificate of the IUT) */ modulepar SignAlgorithm PX_EC_ALG_FOR_AT := e_nist_p256; /** * @desc Indicate which encryption algorithm to be used for Authorization Validation Request (EA certificate of the IUT) */ modulepar SignAlgorithm PX_EC_ALG_FOR_ATV := e_nist_p256; /** * @desc Indicate which encryption algorithm to be used for misbehaviour request (MA certificate of the IUT/TS) */ modulepar SignAlgorithm PX_EC_ALG_FOR_MA := e_nist_p256; /** * @desc Indicate which encryption algorithm to be used for EcSignature (EA certificate of the IUT) */ modulepar SignAlgorithm PX_EC_ALG_FOR_EC_SIGN := e_nist_p256; } // End of module LibItsSecurity_Pixits
lib/LibItsSecurity_Templates.ttcn +18 −18 Original line number Diff line number Diff line Loading @@ -1370,9 +1370,9 @@ module LibItsSecurity_Templates { encryptionKey := p_encryptionKey, verifyKeyIndicator := p_verifyKeyIndicator, flags := omit, appExtensions := { m_app_extension(-, objid{ 0 4 0 })}, certIssueExtensions := { m_cert_issue_extension }, certRequestExtension := { m_cert_request_extension } appExtensions := omit, //{ m_app_extension(-, objid{ 0 4 0 })}, certIssueExtensions := omit, //{ m_cert_issue_extension }, certRequestExtension := omit //{ m_cert_request_extension } } // End of template m_toBeSignedCertificate_ca template (value) AppExtension m_app_extension( Loading Loading @@ -1429,9 +1429,9 @@ module LibItsSecurity_Templates { encryptionKey := p_encryptionKey, verifyKeyIndicator := p_verifyKeyIndicator, flags := omit, appExtensions := ?, certIssueExtensions := ?, certRequestExtension := ? appExtensions := omit, certIssueExtensions := omit, certRequestExtension := omit } // End of template mw_toBeSignedCertificate_ca /** Loading Loading @@ -1491,9 +1491,9 @@ module LibItsSecurity_Templates { encryptionKey := p_encryptionKey, verifyKeyIndicator := p_verifyKeyIndicator, flags := omit, appExtensions := ?, certIssueExtensions := ?, certRequestExtension := ? appExtensions := omit, certIssueExtensions := omit, certRequestExtension := omit } // End of template mw_toBeSignedCertificate_ea template (omit) ToBeSignedCertificate m_toBeSignedCertificate_ec( Loading Loading @@ -1549,9 +1549,9 @@ module LibItsSecurity_Templates { encryptionKey := p_encryptionKey, verifyKeyIndicator := p_verifyKeyIndicator, flags := omit, appExtensions := ?, certIssueExtensions := ?, certRequestExtension := ? appExtensions := omit, certIssueExtensions := omit, certRequestExtension := omit } // End of template mw_toBeSignedCertificate_ec /** Loading Loading @@ -1611,9 +1611,9 @@ module LibItsSecurity_Templates { encryptionKey := p_encryptionKey, verifyKeyIndicator := p_verifyKeyIndicator, flags := omit, appExtensions := ?, certIssueExtensions := ?, certRequestExtension := ? appExtensions := omit, certIssueExtensions := omit, certRequestExtension := omit } // End of template mw_toBeSignedCertificate_aa template (present) CertificateId mw_certificateId_name( Loading Loading @@ -1681,9 +1681,9 @@ module LibItsSecurity_Templates { encryptionKey := p_encryptionKey, verifyKeyIndicator := p_verifyKeyIndicator, flags := omit, appExtensions := ?, certIssueExtensions := ?, certRequestExtension := ? appExtensions := omit, certIssueExtensions := omit, certRequestExtension := omit } // End of template mw_toBeSignedCertificate_at } // End of group toBeSignedCertificate Loading
lib/LibItsSecurity_TypesAndValues.ttcn +5 −5 Original line number Diff line number Diff line Loading @@ -274,10 +274,10 @@ module LibItsSecurity_TypesAndValues { } // End of group profileCertificates type enumerated SignAlgorithm { e_nistp_256, e_brainpool_256, e_brainpool_384 } e_nist_p256 (0), e_brainpool_p256_r1 (1), e_brainpool_p384_r1 (2) } // End of type SignAlgorithm group taConfiguration { Loading
lib_system/LibItsSecurity_Functions.ttcn +62 −2 Original line number Diff line number Diff line Loading @@ -59,6 +59,31 @@ module LibItsSecurity_Functions { return fx_hashWithSha384(p_toBeHashedData); } // End of function f_hashWithSha256 function f_signWithEcdsa( in octetstring p_toBeSignedSecuredMessage, in octetstring p_certificateIssuer, in octetstring p_privateKey ) return octetstring { log(">>> f_verifyEcdsa: p_toBeSignedSecuredMessage= ", p_toBeSignedSecuredMessage); log(">>> f_verifyEcdsa: p_certificateIssuer= ", p_certificateIssuer); log(">>> f_verifyEcdsa: p_privateKey= ", p_privateKey); log(">>> f_verifyEcdsa: PX_VE_ALG= ", PX_VE_ALG); if (PX_VE_ALG == e_nist_p256) { return f_signWithEcdsaNistp256WithSha256(p_toBeSignedSecuredMessage, p_certificateIssuer, p_privateKey); } else if (PX_VE_ALG == e_brainpool_p256_r1) { return f_signWithEcdsaBrainpoolp256r1WithSha256(p_toBeSignedSecuredMessage, p_certificateIssuer, p_privateKey); } else if (PX_VE_ALG == e_brainpool_p384_r1) { if (p_certificateIssuer == int2oct(0, 32)) { return f_signWithEcdsaBrainpoolp384r1WithSha384(p_toBeSignedSecuredMessage, int2oct(0, 48), p_privateKey); } else { return f_signWithEcdsaBrainpoolp384r1WithSha384(p_toBeSignedSecuredMessage, p_certificateIssuer, p_privateKey); } } return ''O; } // End of function f_signWithEcdsa function f_verifyEcdsa( in octetstring p_tbs, in octetstring p_issuer, Loading Loading @@ -1243,7 +1268,6 @@ module LibItsSecurity_Functions { // Local variables var EtsiTs103097Certificate v_aaCertificate, v_atCertificate; log(">>> f_buildGnSecuredCam: p_securedMessage= ", p_securedMessage); log(">>> f_buildGnSecuredCam: p_payloadField= ", p_payloadField); // Load certificates if required Loading Loading @@ -2833,6 +2857,42 @@ module LibItsSecurity_Functions { }// End of group certificatesCaching function f_extract_enc_key( in Certificate p_certificate, out octetstring p_public_enc_key, out integer p_compressed_enc_key_mode ) return boolean { log(">>> f_extract_enc_key: ", p_certificate); if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256)) { if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0)) { p_public_enc_key := p_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0; p_compressed_enc_key_mode := 0; } else if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1)) { p_public_enc_key := p_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1; p_compressed_enc_key_mode := 1; } else { log("f_extract_enc_key: Non canonical certificate: ", p_certificate); return false; } } else if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1)) { if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_0)) { p_public_enc_key := p_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_0; p_compressed_enc_key_mode := 0; } else if (ischosen(p_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_1)) { p_public_enc_key := p_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_1; p_compressed_enc_key_mode := 0; } else { log("f_extract_enc_key: Non canonical certificate: ", p_certificate); return false; } } else { log("f_extract_enc_key: Invalid certificate: ", p_certificate); return false; } return true; } // End of function f_extract_enc_key } // End of group helpersFunctions Loading
