Skip to content
LibItsSecurity_Functions.ttcn3 54.7 KiB
Newer Older
garciay's avatar
garciay committed
/**
 *  @author   ETSI / STF481
 *  @version  $URL$
 *            $Id$
 *  @desc     Module containing functions for Security Protocol
 *
 */
module LibItsSecurity_Functions {
    import from LibCommon_BasicTypesAndValues all;
    // LibItsCommon
    import from LibItsCommon_Functions all;
    
    // LibItsSecurity
    import from LibItsSecurity_TypesAndValues all;
    import from LibItsSecurity_Templates all;
    import from LibItsSecurity_Pixits all;
garciay's avatar
garciay committed
    
    group helpersFunctions {
        
        /**
         * @desc    Produces a 256-bit (32-byte) hash value
         * @param   p_toBeHashedData Data to be used to calculate the hash value
         * @return  The hash value
        function f_hashWithSha256(
                                  in octetstring p_toBeHashedData
        ) return Oct32 {
            return fx_hashWithSha256(p_toBeHashedData);
        } // End of function f_hashWithSha256
        
        /**
         * @desc    Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signaturee
         * @param   p_toBeSignedSecuredMessage    The data to be signed
         * @return  The signature value
        function f_signWithEcdsaNistp256WithSha256(in Oct32 p_toBeSignedSecuredMessage) return octetstring {
            return fx_signWithEcdsaNistp256WithSha256(
                p_toBeSignedSecuredMessage,
                PX_TA_CONFIGS[PX_CERTIFICATE_CONFIG_IDX].signingPrivateKey
        } // End of function f_signWithEcdsaNistp256WithSha256
        
        /**
         * @desc Compute the HashedId8 value from the hash value
         * @param p_hash The hash value
         * @return The HashedId8 value
         * @verdict 
         */
        function f_HashedId8FromSha256(
                                       in Oct32 p_hash
        ) return HashedId8 {
            return substr(p_hash, lengthof(p_hash) - 8, 8);
        } // End of function f_HashedId8FromSha256 
        
        /**
         * @desc Compute the HashedId3 value from the HashedId8 value
         * @param p_hashp_hashedId8 The HashedId8 value
         * @return The HashedId3 value
         * @verdict 
         */
        function f_HashedId3FromHashedId8 (
                                           in HashedId8 p_hashedId8
        ) return HashedId3 {
            return substr(p_hashedId8, lengthof(p_hashedId8) - 3, 3);
        }  // End of function f_HashedId3FromHashedId8
        
        /**
         * @desc    Verify the signature of the specified data
         * @param   p_toBeVerifiedData          The data to be verified
         * @param   p_signature                 The signature
         * @param   p_ecdsaNistp256PublicKeyX   The public key (x coordinate)
         * @param   p_ecdsaNistp256PublicKeyY   The public key (y coordinate)
         * @return  true on success, false otherwise
         */
        function f_verifyWithEcdsaNistp256WithSha256(
                                                     in octetstring p_toBeVerifiedData, 
                                                     in octetstring p_signature, 
                                                     in octetstring p_ecdsaNistp256PublicKeyX, 
                                                     in octetstring p_ecdsaNistp256PublicKeyY
        ) return boolean {
            return fx_verifyWithEcdsaNistp256WithSha256(
                p_toBeVerifiedData, 
                p_signature, 
                p_ecdsaNistp256PublicKeyX, 
                p_ecdsaNistp256PublicKeyY);
        } // End of function f_verifyWithEcdsaNistp256WithSha256
        /**
         * @desc    Calculate digest over the certificate
         * @param   p_cert The certificate
         * @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.13   HashedId8
        function f_calculateDigestFromCertificate(
                                                  in Certificate p_cert
        ) return HashedId8 {
            var octetstring v_toBeHashedData;
            var octetstring v_hash;
            var integer v_counter;
            
            // Search for digest in the signer_infos field first
            for (v_counter := 0; v_counter < lengthof(p_cert.signer_infos); v_counter := v_counter + 1) {
                if (p_cert.signer_infos[v_counter].type_ == e_certificate_digest_with_ecdsap256) {
                    return p_cert.signer_infos[v_counter].signerInfo.digest;
                }
            } // End of 'for' statement
            // digest not found, compute it 
            v_toBeHashedData := bit2oct(encvalue(p_cert));
            v_hash := f_hashWithSha256(v_toBeHashedData);
            return substr(v_hash, lengthof(v_hash) - 8, 8);
        group hostSignatureHelpers {
            /**
             * @desc Build a template of a secured beacon to be used for the Test Adapter secured beaconing processing
             */
            function f_buildSecuredMessagePayloadToBeSigned()
            return ToBeSignedSecuredMessage {
                // Local variables
                var template (value) ToBeSignedSecuredMessage v_toBeSignedSecuredMessage;
                
                // Build the beacon template
                v_toBeSignedSecuredMessage := m_toBeSignedSecuredMessage(
                    c_security_profileOthers,
                    { // Field HeaderFields
                        m_header_field_signer_info(
                            m_signerInfo_certificate(
                                PX_TA_CONFIGS[PX_CERTIFICATE_CONFIG_IDX].atCertificate
                            ) // End of template m_signerInfo_certificate
                        ), // End of template m_header_field_signer_info
                        m_header_field_generation_time(oct2int('BBBBBBBB'O)),   // To be replaced by TA with current time
                        m_header_field_generation_location(
                            PX_TA_CONFIGS[PX_CERTIFICATE_CONFIG_IDX].location
                        )
                    }, // End of field HeaderFields
                    {
                        m_payload_unsecured(
                            'AAAAAAAAAA'O                                       // To be replaced by TA with real payload
                        )
                    }, // End of field HeaderFields
                    e_signature
                );
                
garciay's avatar
garciay committed
                return valueof(v_toBeSignedSecuredMessage);
            /**
             * @desc This function build and sign the SecureMessage part covered by the signature process
             * @param p_securedMessage      The signed  SecureMessage part
             * @param p_unsecuredPayload    The unsigned payload (e.g. a beacon)
             * @param p_threeDLocation      The ThreeDLocation value
             * @param p_addCertificate      Set to true to add the AT certificate in header fields. Otherwise, only the AA certificate digest will be added
             * @param p_headerFields        Additional HeaderFields
             * @return true on success, false otherwise
             * @verdict Unchanged
             */
            function f_buildGnSecuredCam(
                                         out template (value) SecuredMessage p_securedMessage, 
                                         in octetstring p_unsecuredPayload, 
                                         in template (omit) boolean p_addCertificate := false,
                                         in template (omit) HeaderFields p_headerFields := omit
            ) return boolean {
                
                // Local variables
                var octetstring v_secPayload, v_signature;
                var Oct32 v_hash;
                var template (value) ToBeSignedSecuredMessage v_toBeSignedSecuredMessage;
                 
                // Create SecuredMessage payload to be signed
filatov's avatar
filatov committed
                if (valueof(p_addCertificate) == true) { // Add the AT certificate
                    v_toBeSignedSecuredMessage := m_toBeSignedSecuredMessage(
                        c_security_profileCAMs,
                        { // Field HeaderFields
                            m_header_field_signer_info(
                                m_signerInfo_certificate(
                                    PX_TA_CONFIGS[PX_CERTIFICATE_CONFIG_IDX].atCertificate
                                ) // End of template m_signerInfo_certificate
                            ), // End of template m_header_field_signer_info
                            m_header_field_generation_time(f_getCurrentTime()),
                            m_header_field_message_type(c_messageType_CAM)
                        }, // End of field HeaderFields
                        {
                            m_payload_unsecured(
                                p_unsecuredPayload
                            )
                        }, // End of field HeaderFields
                        e_signature
                    );
filatov's avatar
filatov committed
                } else { // Add the AT certificate digest
                    v_toBeSignedSecuredMessage := m_toBeSignedSecuredMessage(
                        c_security_profileCAMs,
                        { // Field HeaderFields
                            m_header_field_signer_info(
Loading full blame...