Newer
Older
* @author ETSI / STF481 / STF507 / STF517 / STF538
* @version $URL$
* $Id$
* @desc Module containing functions for Security Protocol
* @copyright ETSI Copyright Notification
* No part may be reproduced except as authorized by written permission.
* The copyright and the foregoing restriction extend to reproduction in all media.
* All rights reserved.
import from LibCommon_BasicTypesAndValues all;
garciay
committed
import from LibCommon_DataStrings all;
// LibIts
import from IEEE1609dot2BaseTypes language "ASN.1:1997" all;
import from IEEE1609dot2 language "ASN.1:1997" all;
import from EtsiTs103097Module language "ASN.1:1997" all;
garciay
committed
// LibItsCommon
//import from LibItsCommon_Functions all;
//import from LibItsCommon_TypesAndValues all;
import from LibItsSecurity_TypesAndValues all;
garciay
committed
import from LibItsSecurity_Templates all;
import from LibItsSecurity_Pixits all;
import from LibItsSecurity_TestSystem all;
* @desc Produces a 256-bit (32-byte) hash value
* @param p_toBeHashedData Data to be used to calculate the hash value
* @return The hash value
*/
function f_hashWithSha256(
) return Oct32 {
return fx_hashWithSha256(p_toBeHashedData);
} // End of function f_hashWithSha256
* @desc Produces a 384-bit (48-byte) hash value
* @param p_toBeHashedData Data to be used to calculate the hash value
* @return The hash value
*/
function f_hashWithSha384(
in octetstring p_toBeHashedData
) return Oct48 {
return fx_hashWithSha384(p_toBeHashedData);
} // End of function f_hashWithSha256
/**
* @desc Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature
* @param p_toBeSignedSecuredMessage The data to be signed
* @param p_certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate
* @param p_privateKey The private key for signature
function f_signWithEcdsaNistp256WithSha256(
in octetstring p_toBeSignedSecuredMessage,
in Oct32 p_privateKey
return fx_signWithEcdsaNistp256WithSha256(
p_certificateIssuer,
} // End of function f_signWithEcdsaNistp256WithSha256
/**
* @desc Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature
* @param p_toBeSignedSecuredMessage The data to be signed
* @param p_certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate
* @param p_privateKey The private key for signature
* @return The signature value
*/
function f_signWithEcdsaBrainpoolp256WithSha256(
in octetstring p_toBeSignedSecuredMessage,
return fx_signWithEcdsaBrainpoolp256WithSha256(
p_toBeSignedSecuredMessage,
p_certificateIssuer,
p_privateKey
);
} // End of function f_signWithEcdsaBrainpoolp256WithSha256
/**
* @desc Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature
* @param p_toBeSignedSecuredMessage The data to be signed
* @param p_certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate
* @param p_privateKey The private key for signature
* @return The signature value
*/
function f_signWithEcdsaBrainpoolp384WithSha384(
in octetstring p_toBeSignedSecuredMessage,
return fx_signWithEcdsaBrainpoolp384WithSha384(
p_toBeSignedSecuredMessage,
p_certificateIssuer,
p_privateKey
);
} // End of function f_signWithEcdsaBrainpoolp384WithSha384
in octetstring p_encryptPrivateKey,
in EtsiTs103097Data p_encrypedSecuredMessage,
out EtsiTs103097Data p_decrypedSecuredMessage
) return boolean {
if (ischosen(p_encrypedSecuredMessage.content.encryptedData)) {
var PKRecipientInfo v_pKRecipientInfo;
var RecipientInfo v_recipientInfo := p_encrypedSecuredMessage.content.encryptedData.recipients[0];
// Check the private encryption key
if (not(isbound(p_encryptPrivateKey))) {
log("*** " & testcasename() & ":ERROR: Failed to load encryption private key ***");
return false;
}
if (ischosen(v_recipientInfo.certRecipInfo)) {
v_pKRecipientInfo := p_encrypedSecuredMessage.content.encryptedData.recipients[0].certRecipInfo;
// Read the certificate based on the recipientId
} else if (ischosen(v_recipientInfo.signedDataRecipInfo)) {
v_pKRecipientInfo := p_encrypedSecuredMessage.content.encryptedData.recipients[0].signedDataRecipInfo;
// Read the certificate based on the recipientId
log("*** " & testcasename() & ":ERROR: Unsupported RecipientInfo variant ***");
return false;
if (ischosen(v_pKRecipientInfo.encKey.eciesNistP256)) {
var octetstring v_decryptedSecuredMessage;
var SymmetricCiphertext v_ciphertext := p_encrypedSecuredMessage.content.encryptedData.ciphertext;
if (ischosen(v_pKRecipientInfo.encKey.eciesNistP256.v.compressed_y_0)) {
v_decryptedSecuredMessage := f_decryptWithEciesNistp256WithSha256(
v_ciphertext.aes128ccm.ccmCiphertext,
p_encryptPrivateKey,
v_pKRecipientInfo.encKey.eciesNistP256.v.compressed_y_0,
0,
v_pKRecipientInfo.encKey.eciesNistP256.c,
v_pKRecipientInfo.encKey.eciesNistP256.t,
v_ciphertext.aes128ccm.nonce
);
} else if (ischosen(v_pKRecipientInfo.encKey.eciesNistP256.v.compressed_y_1)) {
v_decryptedSecuredMessage := f_decryptWithEciesNistp256WithSha256(
v_ciphertext.aes128ccm.ccmCiphertext,
p_encryptPrivateKey,
v_pKRecipientInfo.encKey.eciesNistP256.v.compressed_y_1,
1,
v_pKRecipientInfo.encKey.eciesNistP256.c,
v_pKRecipientInfo.encKey.eciesNistP256.t,
v_ciphertext.aes128ccm.nonce
);
} else {
log("*** " & testcasename() & ":ERROR: Non canonical ephemeral encryption keys ***");
return false;
}
if (isbound(v_decryptedSecuredMessage)) {
var bitstring v_decode := oct2bit(v_decryptedSecuredMessage);
if (decvalue(v_decode, p_decrypedSecuredMessage) == 0) {
return true;
} else {
log("*** " & testcasename() & ":ERROR: Faild to decode secured message ***");
} else if (ischosen(v_pKRecipientInfo.encKey.eciesBrainpoolP256r1)) {
var octetstring v_decryptedSecuredMessage;
var SymmetricCiphertext v_ciphertext := p_encrypedSecuredMessage.content.encryptedData.ciphertext;
if (ischosen(v_pKRecipientInfo.encKey.eciesBrainpoolP256r1.v.compressed_y_0)) {
v_decryptedSecuredMessage := f_decryptWithEciesBrainpoolp256WithSha256(
v_ciphertext.aes128ccm.ccmCiphertext,
p_encryptPrivateKey,
v_pKRecipientInfo.encKey.eciesBrainpoolP256r1.v.compressed_y_0,
0,
v_pKRecipientInfo.encKey.eciesBrainpoolP256r1.c,
v_pKRecipientInfo.encKey.eciesBrainpoolP256r1.t,
v_ciphertext.aes128ccm.nonce
);
} else if (ischosen(v_pKRecipientInfo.encKey.eciesBrainpoolP256r1.v.compressed_y_1)) {
v_decryptedSecuredMessage := f_decryptWithEciesBrainpoolp256WithSha256(
v_ciphertext.aes128ccm.ccmCiphertext,
p_encryptPrivateKey,
v_pKRecipientInfo.encKey.eciesBrainpoolP256r1.v.compressed_y_1,
1,
v_pKRecipientInfo.encKey.eciesBrainpoolP256r1.c,
v_pKRecipientInfo.encKey.eciesBrainpoolP256r1.t,
v_ciphertext.aes128ccm.nonce
Loading full blame...