Skip to content
LibItsSecurity_Functions.ttcn3 86 KiB
Newer Older
garciay's avatar
garciay committed
/**
 *  @author   ETSI / STF481
 *  @version  $URL$
 *            $Id$
 *  @desc     Module containing functions for Security Protocol
 *
 */
module LibItsSecurity_Functions {
    import from LibCommon_BasicTypesAndValues all;
    // LibItsCommon
    import from LibItsCommon_Functions all;
    
    // LibItsSecurity
    import from LibItsSecurity_TypesAndValues all;
    import from LibItsSecurity_Templates all;
    import from LibItsSecurity_Pixits all;
    import from LibItsSecurity_TestSystem all;
garciay's avatar
garciay committed
    
    group helpersFunctions {
        * @desc    Produces a 256-bit (32-byte) hash value
        * @param   p_toBeHashedData Data to be used to calculate the hash value
        * @return  The hash value
        */
garciay's avatar
garciay committed
                                  in octetstring p_toBeHashedData
            return fx_hashWithSha256(p_toBeHashedData);
        } // End of function f_hashWithSha256
        * @desc    Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signaturee
        * @param   p_toBeSignedSecuredMessage    The data to be signed
        * @return  The signature value
        */
        function f_signWithEcdsaNistp256WithSha256(
                                                   in octetstring p_toBeSignedSecuredMessage,
                                                   in Oct32 p_privateKey
        ) runs on ItsSecurityBaseComponent return octetstring {
            return fx_signWithEcdsaNistp256WithSha256(
                p_toBeSignedSecuredMessage,
        } // End of function f_signWithEcdsaNistp256WithSha256
        * @desc Compute the HashedId8 value from the hash value
        * @param p_hash The hash value
        * @return The HashedId8 value
        * @verdict
        */
        function f_HashedId8FromSha256(
garciay's avatar
garciay committed
                                       in Oct32 p_hash
        ) return HashedId8 {
            return substr(p_hash, lengthof(p_hash) - 8, 8);
        } // End of function f_HashedId8FromSha256
        * @desc Compute the HashedId3 value from the HashedId8 value
        * @param p_hashp_hashedId8 The HashedId8 value
        * @return The HashedId3 value
        * @verdict Unchanged
        */
garciay's avatar
garciay committed
        function f_HashedId3FromHashedId8(
                                          in HashedId8 p_hashedId8
        ) return HashedId3 {
            return substr(p_hashedId8, lengthof(p_hashedId8) - 3, 3);
        }  // End of function f_HashedId3FromHashedId8
        * @desc    Verify the signature of the specified data
        * @param   p_toBeVerifiedData          The data to be verified
        * @param   p_signature                 The signature
        * @param   p_ecdsaNistp256PublicKeyX   The public key (x coordinate)
        * @param   p_ecdsaNistp256PublicKeyY   The public key (y coordinate)
        * @return  true on success, false otherwise
        */
        function f_verifyWithEcdsaNistp256WithSha256(
garciay's avatar
garciay committed
                                                     in octetstring p_toBeVerifiedData,
                                                     in octetstring p_signature,
                                                     in octetstring p_ecdsaNistp256PublicKeyX,
                                                     in octetstring p_ecdsaNistp256PublicKeyY
//            log("f_verifyWithEcdsaNistp256WithSha256: toBeVerifiedData", p_toBeVerifiedData);
//            log("f_verifyWithEcdsaNistp256WithSha256: toBeVerifiedData length", lengthof(p_toBeVerifiedData));
//            log("f_verifyWithEcdsaNistp256WithSha256: signature", p_signature);
//            log("f_verifyWithEcdsaNistp256WithSha256: ecdsaNistp256PublicKeyX", p_ecdsaNistp256PublicKeyX);
//            log("f_verifyWithEcdsaNistp256WithSha256: ecdsaNistp256PublicKeyY", p_ecdsaNistp256PublicKeyY);
            return fx_verifyWithEcdsaNistp256WithSha256(
                p_toBeVerifiedData,
                p_signature,
                p_ecdsaNistp256PublicKeyX,
                p_ecdsaNistp256PublicKeyY);
        } // End of function f_verifyWithEcdsaNistp256WithSha256
        * @desc    Calculate digest over the certificate
        * @param   p_cert The certificate
        * @return  the HashedId8 value
        * @see Draft ETSI TS 103 097 V1.1.14 Clause 4.2.13   HashedId8
        function f_calculateDigestFromCertificate(
garciay's avatar
garciay committed
                                                  in Certificate p_cert
            var octetstring v_toBeHashedData;
            var octetstring v_hash;
            v_toBeHashedData := bit2oct(encvalue(p_cert));
            v_hash := f_hashWithSha256(v_toBeHashedData);
            return substr(v_hash, lengthof(v_hash) - 8, 8);
        } // End of function f_calculateDigestFromCertificate
        group hostSignatureHelpers {
            /**
            * @desc    Initialize [out] certificates according to the specified certificate name
            * @param   p_certificateName The certificate name to be used
            * @param   p_aaCertificate The AA certificate [out]
            * @param   p_atCertificate The AT certificate [out]
            * @return  true on succes, false otherwise
            * @see Draft ETSI TS 103 097 V1.1.14 Clause 4.2.13   HashedId8
            function f_prepareCertificates(
                                           in template (omit) charstring p_certificateName,
                                           out Certificate p_aaCertificate,
                                           out Certificate p_atCertificate
            ) runs on ItsSecurityBaseComponent return boolean {
                
                // Load certificates if required
garciay's avatar
garciay committed
                if (ispresent(p_certificateName) and (valueof(p_certificateName) != cc_taCert_A)) {
                    if (f_readCertificate(valueof(p_certificateName), p_atCertificate) == false){
                        return false;
                    }
                    if (f_readCertificate(oct2str(p_atCertificate.signer_info.signerInfo.digest), p_aaCertificate) == false) {
                        return false;
                    }
                } else {
                    p_atCertificate := vc_atCertificate;
                    p_aaCertificate := vc_aaCertificate;
                }
                // Store the certificte to build this message
                vc_lastAtCertificateUsed := p_atCertificate;
                
                return true;
            } // End of function f_prepareCertificates
berge's avatar
berge committed
             * @desc  This function build and sign the SecureMessage part covered by the signature process
             * @param p_securedMessage      The signed  SecureMessage part
             * @param p_payloadField       Payloads to be included in the message
berge's avatar
berge committed
             * @param p_mandatoryHeaders    Mandatory headers for the selected profile 
             * @param p_headerFields        HeaderFields to be inserted in the message
             * @param p_securityProfile     Selected security profile
             * @return true on success, false otherwise
             */
            function f_buildGnSecuredMessage(
garciay's avatar
garciay committed
                                             out template (value) SecuredMessage p_securedMessage,
                                             in template (value) charstring p_certificateName,
                                             in template (value) SecPayload p_payloadField,
garciay's avatar
garciay committed
                                             in template (value) HeaderFields p_mandatoryHeaders,
                                             in template (omit) HeaderFields p_headerFields := omit
            ) runs on ItsSecurityBaseComponent return boolean {
                // Local variables
                var octetstring v_secPayload, v_signature;
                var Oct32 v_hash;
                var template (value) ToBeSignedSecuredMessage v_toBeSignedSecuredMessage;
                var integer i, j, k, n;
garciay's avatar
garciay committed
                var HeaderFields v_headerFields := {};
                var SecPayload v_toBeSignedPayload;
                var Oct32 v_privateKey;
berge's avatar
berge committed
                // Prepare headers
garciay's avatar
garciay committed
                if (not(ispresent(p_headerFields))) {
                    v_headerFields := valueof(p_mandatoryHeaders);
garciay's avatar
garciay committed
                } else {
berge's avatar
berge committed
                    // Merge p_headerFields and v_mandatoryHeaders into v_headerFields
berge's avatar
berge committed
                    i := 0; // index for p_headerFields
                    j := 0; // index for v_mandatoryHeaders
                    k := 0; // index for v_headerFields
berge's avatar
berge committed
                    // Special processing for signer_info
garciay's avatar
garciay committed
                    if (lengthof(valueof(p_headerFields)) > 0 and valueof(p_headerFields[i].type_) == e_signer_info) {
berge's avatar
berge committed
                        v_headerFields[k] := valueof(p_headerFields[i]);
                        k := k + 1;
                        i := i + 1;
                    }
garciay's avatar
garciay committed
                    for (j := j; j < lengthof(p_mandatoryHeaders); j := j + 1) {
berge's avatar
berge committed
                        // Search for mandatory header in p_HeaderFields
garciay's avatar
garciay committed
                        for (n := 0; n < lengthof(p_headerFields); n := n + 1) {
                            if (valueof(p_headerFields[n].type_) == valueof(p_mandatoryHeaders[j].type_)) {
berge's avatar
berge committed
                                // mandatory header already in p_HeaderFields
Loading full blame...