Newer
Older
/**
* @author ETSI / STF481 / STF507 / STF517 / STF538 / STF545
* @version $Url$
* $Id$
* @desc Module containing functions for Security Protocol
* @copyright ETSI Copyright Notification
* No part may be reproduced except as authorized by written permission.
* The copyright and the foregoing restriction extend to reproduction in all media.
* All rights reserved.
*
*/
module LibItsSecurity_Functions {
// Libcommon
import from LibCommon_BasicTypesAndValues all;
import from LibCommon_DataStrings all;
// LibIts
import from IEEE1609dot2BaseTypes language "ASN.1:1997" all;
import from IEEE1609dot2 language "ASN.1:1997" all;
import from EtsiTs103097Module language "ASN.1:1997" all;
// LibItsCommon
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
//import from LibItsCommon_TypesAndValues all;
import from LibItsCommon_Pixits all;
// LibItsSecurity
import from LibItsSecurity_TypesAndValues all;
import from LibItsSecurity_Templates all;
import from LibItsSecurity_Pixits all;
import from LibItsSecurity_Pics all;
import from LibItsSecurity_TestSystem all;
group helpersFunctions {
/**
* @desc Produces a 256-bit (32-byte) hash value
* @param p_toBeHashedData Data to be used to calculate the hash value
* @return The hash value
*/
function f_hashWithSha256(
in octetstring p_toBeHashedData
) return Oct32 {
return fx_hashWithSha256(p_toBeHashedData);
} // End of function f_hashWithSha256
/**
* @desc Produces a 384-bit (48-byte) hash value
* @param p_toBeHashedData Data to be used to calculate the hash value
* @return The hash value
*/
function f_hashWithSha384(
in octetstring p_toBeHashedData
) return Oct48 {
return fx_hashWithSha384(p_toBeHashedData);
} // End of function f_hashWithSha256
/**
* @desc Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature based on standard IEEE 1609.2
* @param p_toBeSignedSecuredMessage The data to be signed
* @param p_certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate
* @param p_privateKey The private key for signature
* @return The signature value
*/
function f_signWithEcdsaNistp256WithSha256(
in octetstring p_toBeSignedSecuredMessage,
in Oct32 p_certificateIssuer,
in Oct32 p_privateKey
) return octetstring {
log(">>> f_signWithEcdsaNistp256WithSha256: p_toBeSignedSecuredMessage= ", p_toBeSignedSecuredMessage);
log(">>> f_signWithEcdsaNistp256WithSha256: p_certificateIssuer= ", p_certificateIssuer);
log(">>> f_signWithEcdsaNistp256WithSha256: p_privateKey= ", p_privateKey);
return fx_signWithEcdsaNistp256WithSha256(
p_toBeSignedSecuredMessage,
p_certificateIssuer,
p_privateKey
);
} // End of function f_signWithEcdsaNistp256WithSha256
/**
* @desc Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature based on standard IEEE 1609.2
* @param p_toBeSignedSecuredMessage The data to be signed
* @param p_certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate
* @param p_privateKey The private key for signature
* @return The signature value
*/
function f_signWithEcdsaBrainpoolp256r1WithSha256(
in octetstring p_toBeSignedSecuredMessage,
in Oct32 p_certificateIssuer,
in Oct32 p_privateKey
) return octetstring {
return fx_signWithEcdsaBrainpoolp256r1WithSha256(
p_toBeSignedSecuredMessage,
p_certificateIssuer,
p_privateKey
);
} // End of function f_signWithEcdsaBrainpoolp256r1WithSha256
/**
* @desc Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature based on standard IEEE 1609.2
* @param p_toBeSignedSecuredMessage The data to be signed
* @param p_certificateIssuer The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate
* @param p_privateKey The private key for signature
* @return The signature value
*/
function f_signWithEcdsaBrainpoolp384r1WithSha384(
in octetstring p_toBeSignedSecuredMessage,
in Oct48 p_certificateIssuer,
in Oct48 p_privateKey
) return octetstring {
log(">>> f_signWithEcdsaBrainpoolp384r1WithSha384: ", p_toBeSignedSecuredMessage);
log(">>> f_signWithEcdsaBrainpoolp384r1WithSha384: ", p_certificateIssuer);
log(">>> f_signWithEcdsaBrainpoolp384r1WithSha384: ", p_privateKey);
return fx_signWithEcdsaBrainpoolp384r1WithSha384(
p_toBeSignedSecuredMessage,
p_certificateIssuer,
p_privateKey
);
} // End of function f_signWithEcdsaBrainpoolp384r1WithSha384
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
function f_decrypt(
in octetstring p_encryptPrivateKey,
in EtsiTs103097Data p_encrypedSecuredMessage,
in octetstring p_salt,
out EtsiTs103097Data p_decrypedSecuredMessage,
out octetstring p_aes_sym_enc_key
) return boolean {
if (ischosen(p_encrypedSecuredMessage.content.encryptedData)) {
var PKRecipientInfo v_pKRecipientInfo;
var RecipientInfo v_recipientInfo := p_encrypedSecuredMessage.content.encryptedData.recipients[0];
var octetstring v_decryptedSecuredMessage;
log(">>> f_decrypt: p_encryptPrivateKey=", p_encryptPrivateKey);
log(">>> f_decrypt: p_encrypedSecuredMessage=", p_encrypedSecuredMessage);
log(">>> f_decrypt: p_salt=", p_salt);
// Check the private encryption key
if (not(isbound(p_encryptPrivateKey))) {
log("*** " & testcasename() & ":ERROR: Failed to load encryption private key ***");
return false;
}
if (ischosen(v_recipientInfo.certRecipInfo)) {
v_pKRecipientInfo := p_encrypedSecuredMessage.content.encryptedData.recipients[0].certRecipInfo;
// Read the certificate based on the recipientId
} else if (ischosen(v_recipientInfo.signedDataRecipInfo)) {
v_pKRecipientInfo := p_encrypedSecuredMessage.content.encryptedData.recipients[0].signedDataRecipInfo;
// Read the certificate based on the recipientId
} else {
log("*** " & testcasename() & ":ERROR: Unsupported RecipientInfo variant ***");
return false;
}
log("f_decrypt: v_pKRecipientInfo=", v_pKRecipientInfo);
if (isbound(v_pKRecipientInfo)) {
if (ischosen(v_pKRecipientInfo.encKey.eciesNistP256)) {
var SymmetricCiphertext v_ciphertext := p_encrypedSecuredMessage.content.encryptedData.ciphertext;
log("f_decrypt: v_ciphertext=", v_ciphertext);
if (ischosen(v_pKRecipientInfo.encKey.eciesNistP256.v.compressed_y_0)) {
v_decryptedSecuredMessage := f_decryptWithEciesNistp256WithSha256(
v_ciphertext.aes128ccm.ccmCiphertext,
p_encryptPrivateKey,
v_pKRecipientInfo.encKey.eciesNistP256.v.compressed_y_0,
0,
v_pKRecipientInfo.encKey.eciesNistP256.c,
v_pKRecipientInfo.encKey.eciesNistP256.t,
v_ciphertext.aes128ccm.nonce,
p_salt,
p_aes_sym_enc_key
);
} else if (ischosen(v_pKRecipientInfo.encKey.eciesNistP256.v.compressed_y_1)) {
v_decryptedSecuredMessage := f_decryptWithEciesNistp256WithSha256(
v_ciphertext.aes128ccm.ccmCiphertext,
p_encryptPrivateKey,
v_pKRecipientInfo.encKey.eciesNistP256.v.compressed_y_1,
1,
v_pKRecipientInfo.encKey.eciesNistP256.c,
v_pKRecipientInfo.encKey.eciesNistP256.t,
v_ciphertext.aes128ccm.nonce,
p_salt,
p_aes_sym_enc_key
);
} else {
log("*** " & testcasename() & ":ERROR: Non canonical ephemeral encryption keys ***");
return false;
}
if (isbound(v_decryptedSecuredMessage)) {
var bitstring v_decode := oct2bit(v_decryptedSecuredMessage);
if (decvalue(v_decode, p_decrypedSecuredMessage) == 0) {
return true;
} else {
log("*** " & testcasename() & ":ERROR: Faild to decode secured message ***");
}
}
Loading full blame...