Loading lib/LibItsSecurity_Templates.ttcn +75 −14 Original line number Diff line number Diff line Loading @@ -619,21 +619,24 @@ module LibItsSecurity_Templates { in template (value) Ieee1609Dot2Data p_data ) := { data := p_data, extDataHash := omit extDataHash := omit, omitted := omit } // End of template m_signedDataPayload template (present) SignedDataPayload mw_signedDataPayload( template (present) Ieee1609Dot2Data p_data := ? ) := { data := p_data, extDataHash := * extDataHash := *, omitted := omit } // End of template mw_signedDataPayload template (value) SignedDataPayload m_signedDataPayload_ext( in template (value) Oct32 p_extDataHash ) := { data := omit, extDataHash := { sha256HashedData := p_extDataHash } extDataHash := { sha256HashedData := p_extDataHash }, omitted := omit } // End of template m_signedDataPayload_ext } // End of group signedData Loading Loading @@ -1366,9 +1369,38 @@ module LibItsSecurity_Templates { canRequestRollover := omit, encryptionKey := p_encryptionKey, verifyKeyIndicator := p_verifyKeyIndicator, flags := omit flags := omit, appExtensions := { m_app_extension(-, objid{ 0 4 0 })}, certIssueExtensions := { m_cert_issue_extension }, certRequestExtension := { m_cert_request_extension } } // End of template m_toBeSignedCertificate_ca template (value) AppExtension m_app_extension( in template (value) ExtId p_id := certExtId_OperatingOrganization, in template (value) OperatingOrganizationId p_content ) := { id := p_id, content := { OperatingOrganizationId := p_content } } // End of template m_app_extension template (value) CertIssueExtension m_cert_issue_extension( in template (value) ExtId p_id := certExtId_OperatingOrganization ) := { id := p_id, permissions := { specific := { NULL := NULL } } } // End of template m_cert_issue_extension template (value) CertRequestExtension m_cert_request_extension( in template (value) ExtId p_id := certExtId_OperatingOrganization ) := { id := p_id, permissions := { content := { NULL := NULL } } } // End of template m_cert_request_extension /** * @desc Receive template for ToBeSignedCertificate with CA restrictions * @see ETSI TS 103 097 V1.3.1 Clause 7.2.3 Root CA certificate Loading Loading @@ -1396,7 +1428,10 @@ module LibItsSecurity_Templates { canRequestRollover := omit, encryptionKey := p_encryptionKey, verifyKeyIndicator := p_verifyKeyIndicator, flags := omit flags := omit, appExtensions := ?, certIssueExtensions := ?, certRequestExtension := ? } // End of template mw_toBeSignedCertificate_ca /** Loading Loading @@ -1424,7 +1459,10 @@ module LibItsSecurity_Templates { canRequestRollover := omit, encryptionKey := p_encryptionKey, verifyKeyIndicator := p_verifyKeyIndicator, flags := omit flags := omit, appExtensions := { m_app_extension(-, objid{ 0 4 0 })}, certIssueExtensions := { m_cert_issue_extension }, certRequestExtension := { m_cert_request_extension } } // End of template m_toBeSignedCertificate_ea /** Loading Loading @@ -1452,7 +1490,10 @@ module LibItsSecurity_Templates { canRequestRollover := omit, encryptionKey := p_encryptionKey, verifyKeyIndicator := p_verifyKeyIndicator, flags := omit flags := omit, appExtensions := ?, certIssueExtensions := ?, certRequestExtension := ? } // End of template mw_toBeSignedCertificate_ea template (omit) ToBeSignedCertificate m_toBeSignedCertificate_ec( Loading @@ -1476,7 +1517,10 @@ module LibItsSecurity_Templates { canRequestRollover := omit, encryptionKey := p_encryptionKey, verifyKeyIndicator := p_verifyKeyIndicator, flags := omit flags := omit, appExtensions := { m_app_extension(-, objid{ 0 4 0 })}, certIssueExtensions := { m_cert_issue_extension }, certRequestExtension := { m_cert_request_extension } } // End of template m_toBeSignedCertificate_ec /** Loading Loading @@ -1504,7 +1548,10 @@ module LibItsSecurity_Templates { canRequestRollover := omit, encryptionKey := p_encryptionKey, verifyKeyIndicator := p_verifyKeyIndicator, flags := omit flags := omit, appExtensions := ?, certIssueExtensions := ?, certRequestExtension := ? } // End of template mw_toBeSignedCertificate_ec /** Loading Loading @@ -1532,7 +1579,10 @@ module LibItsSecurity_Templates { canRequestRollover := omit, encryptionKey := p_encryptionKey, verifyKeyIndicator := p_verifyKeyIndicator, flags := omit flags := omit, appExtensions := { m_app_extension(-, objid{ 0 4 0 })}, certIssueExtensions := { m_cert_issue_extension }, certRequestExtension := { m_cert_request_extension } } // End of template m_toBeSignedCertificate_aa /** Loading Loading @@ -1560,7 +1610,10 @@ module LibItsSecurity_Templates { canRequestRollover := omit, encryptionKey := p_encryptionKey, verifyKeyIndicator := p_verifyKeyIndicator, flags := omit flags := omit, appExtensions := ?, certIssueExtensions := ?, certRequestExtension := ? } // End of template mw_toBeSignedCertificate_aa template (present) CertificateId mw_certificateId_name( Loading Loading @@ -1597,7 +1650,10 @@ module LibItsSecurity_Templates { canRequestRollover := omit, encryptionKey := p_encryptionKey, verifyKeyIndicator := p_verifyKeyIndicator, flags := omit flags := omit, appExtensions := { m_app_extension(-, objid{ 0 4 0 })}, certIssueExtensions := { m_cert_issue_extension }, certRequestExtension := { m_cert_request_extension } } // End of template m_toBeSignedCertificate_at /** Loading @@ -1624,7 +1680,10 @@ module LibItsSecurity_Templates { canRequestRollover := omit, encryptionKey := p_encryptionKey, verifyKeyIndicator := p_verifyKeyIndicator, flags := omit flags := omit, appExtensions := ?, certIssueExtensions := ?, certRequestExtension := ? } // End of template mw_toBeSignedCertificate_at } // End of group toBeSignedCertificate Loading Loading @@ -2130,4 +2189,6 @@ module LibItsSecurity_Templates { } // End of group utPrimitives } with { extension "anytype objid" } // End of module LibItsSecurity_Templates lib_system/LibItsSecurity_Functions.ttcn +66 −0 Original line number Diff line number Diff line Loading @@ -59,6 +59,72 @@ module LibItsSecurity_Functions { return fx_hashWithSha384(p_toBeHashedData); } // End of function f_hashWithSha256 function f_verifyEcdsa( in octetstring p_tbs, in octetstring p_issuer, in Signature p_signature_, in PublicVerificationKey p_verification_key ) return boolean { var boolean v_ret := false; log(">>> f_verifyEcdsa: p_tbs= ", p_tbs); log(">>> f_verifyEcdsa: p_issuer= ", p_issuer); log(">>> f_verifyEcdsa: p_signature_= ", p_signature_); log(">>> f_verifyEcdsa: p_verification_key= ", p_verification_key); if (ischosen(p_verification_key.ecdsaNistP256)) { if (ischosen(p_verification_key.ecdsaNistP256.compressed_y_0)) { v_ret := f_verifyWithEcdsaNistp256WithSha256( p_tbs, p_issuer, p_signature_.ecdsaNistP256Signature.rSig.x_only & p_signature_.ecdsaNistP256Signature.sSig, p_verification_key.ecdsaNistP256.compressed_y_0, 0); } else { v_ret := f_verifyWithEcdsaNistp256WithSha256( p_tbs, p_issuer, p_signature_.ecdsaNistP256Signature.rSig.x_only & p_signature_.ecdsaNistP256Signature.sSig, p_verification_key.ecdsaNistP256.compressed_y_1, 1); } } else if (ischosen(p_verification_key.ecdsaBrainpoolP256r1)) { if (ischosen(p_verification_key.ecdsaBrainpoolP256r1.compressed_y_0)) { v_ret := f_verifyWithEcdsaBrainpoolp256r1WithSha256( p_tbs, p_issuer, p_signature_.ecdsaBrainpoolP256r1Signature.rSig.x_only & p_signature_.ecdsaBrainpoolP256r1Signature.sSig, p_verification_key.ecdsaBrainpoolP256r1.compressed_y_0, 0); } else { v_ret := f_verifyWithEcdsaBrainpoolp256r1WithSha256( p_tbs, p_issuer, p_signature_.ecdsaBrainpoolP256r1Signature.rSig.x_only & p_signature_.ecdsaBrainpoolP256r1Signature.sSig, p_verification_key.ecdsaBrainpoolP256r1.compressed_y_1, 1); } } else if (ischosen(p_verification_key.ecdsaBrainpoolP384r1)) { if (ischosen(p_verification_key.ecdsaBrainpoolP384r1.compressed_y_0)) { v_ret := f_verifyWithEcdsaBrainpoolp384r1WithSha384( p_tbs, p_issuer, p_signature_.ecdsaBrainpoolP384r1Signature.rSig.x_only & p_signature_.ecdsaBrainpoolP384r1Signature.sSig, p_verification_key.ecdsaBrainpoolP384r1.compressed_y_0, 0); } else { v_ret := f_verifyWithEcdsaBrainpoolp384r1WithSha384( p_tbs, p_issuer, p_signature_.ecdsaBrainpoolP384r1Signature.rSig.x_only & p_signature_.ecdsaBrainpoolP384r1Signature.sSig, p_verification_key.ecdsaBrainpoolP384r1.compressed_y_1, 1); } } return v_ret; } // End of function f_verifyEcdsa /** * @desc Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature based on standard IEEE 1609.2 * @param p_toBeSignedSecuredMessage The data to be signed Loading Loading
lib/LibItsSecurity_Templates.ttcn +75 −14 Original line number Diff line number Diff line Loading @@ -619,21 +619,24 @@ module LibItsSecurity_Templates { in template (value) Ieee1609Dot2Data p_data ) := { data := p_data, extDataHash := omit extDataHash := omit, omitted := omit } // End of template m_signedDataPayload template (present) SignedDataPayload mw_signedDataPayload( template (present) Ieee1609Dot2Data p_data := ? ) := { data := p_data, extDataHash := * extDataHash := *, omitted := omit } // End of template mw_signedDataPayload template (value) SignedDataPayload m_signedDataPayload_ext( in template (value) Oct32 p_extDataHash ) := { data := omit, extDataHash := { sha256HashedData := p_extDataHash } extDataHash := { sha256HashedData := p_extDataHash }, omitted := omit } // End of template m_signedDataPayload_ext } // End of group signedData Loading Loading @@ -1366,9 +1369,38 @@ module LibItsSecurity_Templates { canRequestRollover := omit, encryptionKey := p_encryptionKey, verifyKeyIndicator := p_verifyKeyIndicator, flags := omit flags := omit, appExtensions := { m_app_extension(-, objid{ 0 4 0 })}, certIssueExtensions := { m_cert_issue_extension }, certRequestExtension := { m_cert_request_extension } } // End of template m_toBeSignedCertificate_ca template (value) AppExtension m_app_extension( in template (value) ExtId p_id := certExtId_OperatingOrganization, in template (value) OperatingOrganizationId p_content ) := { id := p_id, content := { OperatingOrganizationId := p_content } } // End of template m_app_extension template (value) CertIssueExtension m_cert_issue_extension( in template (value) ExtId p_id := certExtId_OperatingOrganization ) := { id := p_id, permissions := { specific := { NULL := NULL } } } // End of template m_cert_issue_extension template (value) CertRequestExtension m_cert_request_extension( in template (value) ExtId p_id := certExtId_OperatingOrganization ) := { id := p_id, permissions := { content := { NULL := NULL } } } // End of template m_cert_request_extension /** * @desc Receive template for ToBeSignedCertificate with CA restrictions * @see ETSI TS 103 097 V1.3.1 Clause 7.2.3 Root CA certificate Loading Loading @@ -1396,7 +1428,10 @@ module LibItsSecurity_Templates { canRequestRollover := omit, encryptionKey := p_encryptionKey, verifyKeyIndicator := p_verifyKeyIndicator, flags := omit flags := omit, appExtensions := ?, certIssueExtensions := ?, certRequestExtension := ? } // End of template mw_toBeSignedCertificate_ca /** Loading Loading @@ -1424,7 +1459,10 @@ module LibItsSecurity_Templates { canRequestRollover := omit, encryptionKey := p_encryptionKey, verifyKeyIndicator := p_verifyKeyIndicator, flags := omit flags := omit, appExtensions := { m_app_extension(-, objid{ 0 4 0 })}, certIssueExtensions := { m_cert_issue_extension }, certRequestExtension := { m_cert_request_extension } } // End of template m_toBeSignedCertificate_ea /** Loading Loading @@ -1452,7 +1490,10 @@ module LibItsSecurity_Templates { canRequestRollover := omit, encryptionKey := p_encryptionKey, verifyKeyIndicator := p_verifyKeyIndicator, flags := omit flags := omit, appExtensions := ?, certIssueExtensions := ?, certRequestExtension := ? } // End of template mw_toBeSignedCertificate_ea template (omit) ToBeSignedCertificate m_toBeSignedCertificate_ec( Loading @@ -1476,7 +1517,10 @@ module LibItsSecurity_Templates { canRequestRollover := omit, encryptionKey := p_encryptionKey, verifyKeyIndicator := p_verifyKeyIndicator, flags := omit flags := omit, appExtensions := { m_app_extension(-, objid{ 0 4 0 })}, certIssueExtensions := { m_cert_issue_extension }, certRequestExtension := { m_cert_request_extension } } // End of template m_toBeSignedCertificate_ec /** Loading Loading @@ -1504,7 +1548,10 @@ module LibItsSecurity_Templates { canRequestRollover := omit, encryptionKey := p_encryptionKey, verifyKeyIndicator := p_verifyKeyIndicator, flags := omit flags := omit, appExtensions := ?, certIssueExtensions := ?, certRequestExtension := ? } // End of template mw_toBeSignedCertificate_ec /** Loading Loading @@ -1532,7 +1579,10 @@ module LibItsSecurity_Templates { canRequestRollover := omit, encryptionKey := p_encryptionKey, verifyKeyIndicator := p_verifyKeyIndicator, flags := omit flags := omit, appExtensions := { m_app_extension(-, objid{ 0 4 0 })}, certIssueExtensions := { m_cert_issue_extension }, certRequestExtension := { m_cert_request_extension } } // End of template m_toBeSignedCertificate_aa /** Loading Loading @@ -1560,7 +1610,10 @@ module LibItsSecurity_Templates { canRequestRollover := omit, encryptionKey := p_encryptionKey, verifyKeyIndicator := p_verifyKeyIndicator, flags := omit flags := omit, appExtensions := ?, certIssueExtensions := ?, certRequestExtension := ? } // End of template mw_toBeSignedCertificate_aa template (present) CertificateId mw_certificateId_name( Loading Loading @@ -1597,7 +1650,10 @@ module LibItsSecurity_Templates { canRequestRollover := omit, encryptionKey := p_encryptionKey, verifyKeyIndicator := p_verifyKeyIndicator, flags := omit flags := omit, appExtensions := { m_app_extension(-, objid{ 0 4 0 })}, certIssueExtensions := { m_cert_issue_extension }, certRequestExtension := { m_cert_request_extension } } // End of template m_toBeSignedCertificate_at /** Loading @@ -1624,7 +1680,10 @@ module LibItsSecurity_Templates { canRequestRollover := omit, encryptionKey := p_encryptionKey, verifyKeyIndicator := p_verifyKeyIndicator, flags := omit flags := omit, appExtensions := ?, certIssueExtensions := ?, certRequestExtension := ? } // End of template mw_toBeSignedCertificate_at } // End of group toBeSignedCertificate Loading Loading @@ -2130,4 +2189,6 @@ module LibItsSecurity_Templates { } // End of group utPrimitives } with { extension "anytype objid" } // End of module LibItsSecurity_Templates
lib_system/LibItsSecurity_Functions.ttcn +66 −0 Original line number Diff line number Diff line Loading @@ -59,6 +59,72 @@ module LibItsSecurity_Functions { return fx_hashWithSha384(p_toBeHashedData); } // End of function f_hashWithSha256 function f_verifyEcdsa( in octetstring p_tbs, in octetstring p_issuer, in Signature p_signature_, in PublicVerificationKey p_verification_key ) return boolean { var boolean v_ret := false; log(">>> f_verifyEcdsa: p_tbs= ", p_tbs); log(">>> f_verifyEcdsa: p_issuer= ", p_issuer); log(">>> f_verifyEcdsa: p_signature_= ", p_signature_); log(">>> f_verifyEcdsa: p_verification_key= ", p_verification_key); if (ischosen(p_verification_key.ecdsaNistP256)) { if (ischosen(p_verification_key.ecdsaNistP256.compressed_y_0)) { v_ret := f_verifyWithEcdsaNistp256WithSha256( p_tbs, p_issuer, p_signature_.ecdsaNistP256Signature.rSig.x_only & p_signature_.ecdsaNistP256Signature.sSig, p_verification_key.ecdsaNistP256.compressed_y_0, 0); } else { v_ret := f_verifyWithEcdsaNistp256WithSha256( p_tbs, p_issuer, p_signature_.ecdsaNistP256Signature.rSig.x_only & p_signature_.ecdsaNistP256Signature.sSig, p_verification_key.ecdsaNistP256.compressed_y_1, 1); } } else if (ischosen(p_verification_key.ecdsaBrainpoolP256r1)) { if (ischosen(p_verification_key.ecdsaBrainpoolP256r1.compressed_y_0)) { v_ret := f_verifyWithEcdsaBrainpoolp256r1WithSha256( p_tbs, p_issuer, p_signature_.ecdsaBrainpoolP256r1Signature.rSig.x_only & p_signature_.ecdsaBrainpoolP256r1Signature.sSig, p_verification_key.ecdsaBrainpoolP256r1.compressed_y_0, 0); } else { v_ret := f_verifyWithEcdsaBrainpoolp256r1WithSha256( p_tbs, p_issuer, p_signature_.ecdsaBrainpoolP256r1Signature.rSig.x_only & p_signature_.ecdsaBrainpoolP256r1Signature.sSig, p_verification_key.ecdsaBrainpoolP256r1.compressed_y_1, 1); } } else if (ischosen(p_verification_key.ecdsaBrainpoolP384r1)) { if (ischosen(p_verification_key.ecdsaBrainpoolP384r1.compressed_y_0)) { v_ret := f_verifyWithEcdsaBrainpoolp384r1WithSha384( p_tbs, p_issuer, p_signature_.ecdsaBrainpoolP384r1Signature.rSig.x_only & p_signature_.ecdsaBrainpoolP384r1Signature.sSig, p_verification_key.ecdsaBrainpoolP384r1.compressed_y_0, 0); } else { v_ret := f_verifyWithEcdsaBrainpoolp384r1WithSha384( p_tbs, p_issuer, p_signature_.ecdsaBrainpoolP384r1Signature.rSig.x_only & p_signature_.ecdsaBrainpoolP384r1Signature.sSig, p_verification_key.ecdsaBrainpoolP384r1.compressed_y_1, 1); } } return v_ret; } // End of function f_verifyEcdsa /** * @desc Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature based on standard IEEE 1609.2 * @param p_toBeSignedSecuredMessage The data to be signed Loading
