Skip to content
LibItsSecurity_Functions.ttcn 175 KiB
Newer Older
garciay's avatar
garciay committed
/**
 *  @author   ETSI / STF481 / STF507 / STF517 / STF538
garciay's avatar
garciay committed
 *  @version  $URL$
 *            $Id$
 *  @desc     Module containing functions for Security Protocol
garciay's avatar
garciay committed
 *  @copyright   ETSI Copyright Notification
 *               No part may be reproduced except as authorized by written permission.
 *               The copyright and the foregoing restriction extend to reproduction in all media.
 *               All rights reserved.
garciay's avatar
garciay committed
 *
 */
module LibItsSecurity_Functions {
    import from LibCommon_BasicTypesAndValues all;
    // LibIts
    import from IEEE1609dot2BaseTypes language "ASN.1:1997" all;
    import from IEEE1609dot2 language "ASN.1:1997" all;
    import from EtsiTs103097Module language "ASN.1:1997" all;
    
    // LibItsCommon
    import from LibItsCommon_Functions all;
    import from LibItsCommon_TypesAndValues all;
    
    // LibItsSecurity
    import from LibItsSecurity_TypesAndValues all;
    import from LibItsSecurity_Templates all;
    import from LibItsSecurity_Pixits all;
garciay's avatar
garciay committed
    import from LibItsSecurity_Pics all;
    import from LibItsSecurity_TestSystem all;
garciay's avatar
garciay committed
    
    group helpersFunctions {
garciay's avatar
garciay committed
         * @desc    Produces a 256-bit (32-byte) hash value
         * @param   p_toBeHashedData Data to be used to calculate the hash value
         * @return  The hash value
         */
garciay's avatar
garciay committed
                                  in octetstring p_toBeHashedData
            return fx_hashWithSha256(p_toBeHashedData);
        } // End of function f_hashWithSha256
garciay's avatar
garciay committed
         * @desc    Produces a 384-bit (48-byte) hash value
         * @param   p_toBeHashedData Data to be used to calculate the hash value
         * @return  The hash value
         */
        function f_hashWithSha384(
                                  in octetstring p_toBeHashedData
        ) return Oct48 {
            return fx_hashWithSha384(p_toBeHashedData);
        } // End of function f_hashWithSha256
        
        /**
garciay's avatar
garciay committed
         * @desc    Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature
garciay's avatar
garciay committed
         * @param   p_toBeSignedSecuredMessage    The data to be signed
         * @return  The signature value
         */
        function f_signWithEcdsaNistp256WithSha256(
                                                   in octetstring p_toBeSignedSecuredMessage,
                                                   in HashedId8 p_certificateIssuer,
        ) return octetstring {
            return fx_signWithEcdsaNistp256WithSha256(
                p_toBeSignedSecuredMessage,
        } // End of function f_signWithEcdsaNistp256WithSha256
garciay's avatar
garciay committed
        /**
         * @desc    Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature
         * @param   p_toBeSignedSecuredMessage    The data to be signed
         * @param   p_privateKey                  The private key
garciay's avatar
garciay committed
         * @return  The signature value
         */
        function f_signWithEcdsaBrainpoolp256WithSha256(
                                                        in octetstring p_toBeSignedSecuredMessage,
                                                        in HashedId8 p_certificateIssuer,
garciay's avatar
garciay committed
                                                        in Oct32 p_privateKey
        ) return octetstring {
garciay's avatar
garciay committed
            return fx_signWithEcdsaBrainpoolp256WithSha256(
                p_toBeSignedSecuredMessage,
garciay's avatar
garciay committed
                p_privateKey
            );
            
        } // End of function f_signWithEcdsaBrainpoolp256WithSha256
        
garciay's avatar
garciay committed
        /**
         * @desc    Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature
         * @param   p_toBeSignedSecuredMessage    The data to be signed
         * @param   p_privateKey                  The private key
garciay's avatar
garciay committed
         * @return  The signature value
         */
        function f_signWithEcdsaBrainpoolp384WithSha384(
                                                        in octetstring p_toBeSignedSecuredMessage,
                                                        in HashedId8 p_certificateIssuer,
garciay's avatar
garciay committed
                                                        in Oct48 p_privateKey
        ) return octetstring {
garciay's avatar
garciay committed
            return fx_signWithEcdsaBrainpoolp384WithSha384(
                p_toBeSignedSecuredMessage,
garciay's avatar
garciay committed
                p_privateKey
            );
            
        } // End of function f_signWithEcdsaBrainpoolp384WithSha384
        
        function f_decrypt(
                           in octetstring         p_encryptPrivateKey,
                           in EtsiTs103097Data    p_encrypedSecuredMessage,
                           out EtsiTs103097Data   p_decrypedSecuredMessage
        ) return boolean {
            if (ischosen(p_encrypedSecuredMessage.content.encryptedData)) {
                var PKRecipientInfo v_pKRecipientInfo;
                var RecipientInfo v_recipientInfo := p_encrypedSecuredMessage.content.encryptedData.recipients[0];
                
                // Check the private encryption key
                if (not(isbound(p_encryptPrivateKey))) {
                  log("*** " & testcasename() & ":ERROR: Failed to load encryption private key ***");
                  return false;
                }
                
                if (ischosen(v_recipientInfo.certRecipInfo)) {
                  v_pKRecipientInfo := p_encrypedSecuredMessage.content.encryptedData.recipients[0].certRecipInfo;
                  // Read the certificate based on the recipientId
                } else if (ischosen(v_recipientInfo.signedDataRecipInfo)) {
                v_pKRecipientInfo := p_encrypedSecuredMessage.content.encryptedData.recipients[0].signedDataRecipInfo;
                  // Read the certificate based on the recipientId
                  log("*** " & testcasename() & ":ERROR: Unsupported RecipientInfo variant ***");
                  return false;
                if (ischosen(v_pKRecipientInfo.encKey.eciesNistP256)) {
                  var octetstring v_decryptedSecuredMessage;
                  var SymmetricCiphertext v_ciphertext := p_encrypedSecuredMessage.content.encryptedData.ciphertext;
                  v_decryptedSecuredMessage := f_decryptWithEciesNistp256WithSha256(
                                                                                    v_ciphertext.aes128ccm.ccmCiphertext,
                                                                                    p_encryptPrivateKey,
                                                                                    v_pKRecipientInfo.encKey.eciesNistP256.v.uncompressedP256.x,
                                                                                    v_pKRecipientInfo.encKey.eciesNistP256.v.uncompressedP256.y,
                                                                                    v_pKRecipientInfo.encKey.eciesNistP256.c,
                                                                                    v_pKRecipientInfo.encKey.eciesNistP256.t,
                                                                                    v_ciphertext.aes128ccm.nonce
                                                                                    );
                  if (isbound(v_decryptedSecuredMessage)) {
                    var bitstring v_decode := oct2bit(v_decryptedSecuredMessage);
                    if (decvalue(v_decode, p_decrypedSecuredMessage) == 0) {
                      return true;
                    } else {
                      log("*** " & testcasename() & ":ERROR: Faild to decode secured message ***");
                } else if (ischosen(v_pKRecipientInfo.encKey.eciesBrainpoolP256r1)) {
                  var octetstring v_decryptedSecuredMessage;
                  var SymmetricCiphertext v_ciphertext := p_encrypedSecuredMessage.content.encryptedData.ciphertext;
                  v_decryptedSecuredMessage := f_decryptWithEciesBrainpoolp256WithSha256(
                                                                                         v_ciphertext.aes128ccm.ccmCiphertext,
                                                                                         p_encryptPrivateKey,
                                                                                         v_pKRecipientInfo.encKey.eciesBrainpoolP256r1.v.uncompressedP256.x,
                                                                                         v_pKRecipientInfo.encKey.eciesBrainpoolP256r1.v.uncompressedP256.y,
                                                                                         v_pKRecipientInfo.encKey.eciesBrainpoolP256r1.c,
                                                                                         v_pKRecipientInfo.encKey.eciesBrainpoolP256r1.t,
                                                                                         v_ciphertext.aes128ccm.nonce
                                                                                    );
                  if (isbound(v_decryptedSecuredMessage)) {
                    var bitstring v_decode := oct2bit(v_decryptedSecuredMessage);
                    if (decvalue(v_decode, p_decrypedSecuredMessage) == 0) {
                      return true;
                    } else {
                      log("*** " & testcasename() & ":ERROR: Faild to decode secured message ***");
            } else {
              log("*** " & testcasename() & ":ERROR: Message not encrypted ***");
        } // End of function f_decrypt
         * @desc    Produces a Elliptic Curve Digital Encrytion Algorithm (ECIES) encryption using Nist-P256 algorithm
         * @param   p_toBeEncryptedSecuredMessage    The data to be encrypted
         * @param   p_recipientsPublicKeyX           The Recipient's public encryption key X-coordinate
         * @param   p_recipientsPublicKeyY           The Recipient's public encryption key Y-coordinate
         * @param   p_publicEphemeralKeyX            The generated ephemeral key X-coordinate
         * @param   p_publicEphemeralKeyY            The generated ephemeral key Y-coordinate
         * @param   p_encrypted_sym_key              The encrypted AES 128 CCM symmetric key
         * @param   p_authentication_vector          The tag of the AES 128 CCM symmetric key encryption
         * @param   p_nonce                          The nonce vector of the AES 128 CCM symmetric key encryption
         * @see IEEE Std 1609.2-2017 Clause 5.3.5 Public key encryption algorithms: ECIES
         * @see https://www.nominet.uk/researchblog/how-elliptic-curve-cryptography-encryption-works/
         * @see http://digital.csic.es/bitstream/10261/32671/1/V2-I2-P7-13.pdf
Loading full blame...