Skip to content
LibItsSecurity_Functions.ttcn3 11.8 KiB
Newer Older
garciay's avatar
garciay committed
/**
 *  @author   ETSI / STF481
 *  @version  $URL$
 *            $Id$
 *  @desc     Module containing functions for Security Protocol
 *
 */
module LibItsSecurity_Functions {
    // LibItsCommon
    import from LibItsCommon_Functions all;
    
    // LibItsSecurity
    import from LibItsSecurity_TypesAndValues all;
    import from LibItsSecurity_Templates all;
    import from LibItsSecurity_Pixits all;
garciay's avatar
garciay committed
    
    group helpersFunctions {
        
        /**
         * @desc    Produces a 256-bit (32-byte) hash value
         * @param   TODO
         * @return  TODO
         */
        function f_hashWithSha256(in octetstring p_toBeHashedData) {
            
        }
        
        /**
         * @desc    Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signaturee
         * @param   TODO
         * @return  TODO
         */
        function f_signWithEcdsaNistp256WithSha256() {
            
        }
        
        /**
         * @desc    Verify the signature of the specified data
         * @param   TODO
         * @return  true on success, false otherwise
         */
        function f_verifyWithEcdsaNistp256WithSha256(
                                                     in octetstring p_toBeHashedData, 
                                                     out Oct32 p_hashValue) return boolean {
            p_hashValue := fx_hashWithSha256(p_toBeHashedData);
            return true;
        }
        
        /**
         * @desc    Produce a new public/private key pair based on Elliptic Curve Digital Signature Algorithm (ECDSA) algorithm
         * @param   TODO
         * @return  true on success, false otherwise
         */
        function f_generateKeyPair() return boolean {
            return false;
        }
        
        /**
         * @desc    Calculate digest over the certificate
         * @param   cert The certificate
         * @return  the digest
         */
        function f_calculateDigest(in Certificate cert) return HashedId8 {
garciay's avatar
garciay committed
            return '0000000000000000'O;
        /**
         * @desc This function build and sign the SecureMessage part covered by the signature process
         * @param p_unsecuredPayload    The unsigned payload (e.g. a beacon)
         * @param p_threeDLocation      The ThreeDLocation value
         * @param p_securedMessage      The signed  SecureMessage part
         * @return true on success, false otherwise
         * @verdict Unchanged
         */
        function f_buildGnSecuredCam(
                                     in octetstring p_unsecuredPayload, 
                                     in ThreeDLocation p_threeDLocation, 
                                     out template (value) SecuredMessage p_securedMessage) 
        return boolean {
            return false; // TODO
        }
        
        /**
         * @desc This function build and sign the SecureMessage part covered by the signature process
         * @param p_unsecuredPayload    The unsigned payload (e.g. a beacon)
         * @param p_threeDLocation      The ThreeDLocation value
         * @param p_securedMessage      The signed  SecureMessage part
         * @return true on success, false otherwise
         * @verdict Unchanged
         */
        function f_buildGnSecuredDenm(
                                      in octetstring p_unsecuredPayload, 
                                      in ThreeDLocation p_threeDLocation, 
                                      out template (value) SecuredMessage p_securedMessage) 
        return boolean {
            return false; // TODO
        }
        
        /**
         * @desc This function build and sign the SecureMessage part covered by the signature process
         * @param p_unsecuredPayload    The unsigned payload (e.g. a beacon)
         * @param p_threeDLocation      The ThreeDLocation value
         * @param p_securedMessage      The signed  SecureMessage part
         * @return true on success, false otherwise
         * @verdict Unchanged
         */
        function f_buildGnSecuredBeacon(
                                        in octetstring p_unsecuredPayload, 
                                        in ThreeDLocation p_threeDLocation, 
                                        out template (value) SecuredMessage p_securedMessage) 
        return boolean {
            
            // Local variables
            var octetstring v_secPayload, v_signature;
            var Oct32 v_hash;
            var template (value) ToBeSignedData v_toBeSignedData;
             
            // Create SecuredMessage payload to be signed
            v_toBeSignedData := m_toBeSignedData_profileOther(
                { // Field HeaderFields
                    m_header_field_signer_info(
                        m_signerInfo_certificate(
                            PX_AT_CERTIFICATES[PX_CERTIFICATE_CONFIG_IDX]
                        ) // End of template m_signerInfo_certificate
                    ), // End of template m_header_field_signer_info
                    m_header_field_generation_time(f_getCurrentTime()),
                    m_header_field_generation_location(
                        p_threeDLocation
                    )
                }, // End of field HeaderFields
                {
                    m_payload_unsecured(
                        p_unsecuredPayload
                    )
                }, // End of field HeaderFields
                e_signature
            );
             
            v_secPayload := bit2oct(encvalue(v_toBeSignedData));
            log("v_secPayload length: ", lengthof(v_secPayload));
            log("v_secPayload: ", v_secPayload);
            
            // Calculate the hash of the SecuredMessage payload to be signed
            v_hash := fx_hashWithSha256(v_secPayload);
            log("v_hash length: ", lengthof(v_hash));
            log("v_hash: ", v_hash);
            
            // Signed payload
            v_signature := fx_signWithEcdsaNistp256WithSha256(
                v_hash,
                PC_PRIVATE_KEYS[PX_CERTIFICATE_CONFIG_IDX]
            );
            log("v_signature length: ", lengthof(v_signature));
            log("v_signature: ", v_signature);
            
            p_securedMessage := m_securedMessage_profileOther( // See Clause 7.3   Generic security profile for other signed messages
                v_toBeSignedData.header_fields,
                v_toBeSignedData.payload_fields,
                {
                    m_trailer_field_signature(
                        m_signature(
                            m_ecdsaSignature(
                                m_eccPointecdsa_nistp256_with_sha256_y_coordinate_only(
                                    substr(v_signature, 2, 32)
                                ),
                                substr(v_signature, 34, 32)
                            )
                        )
                    )
                }
            ); // End of template m_securedMessageBeacon
            
            return true;
        } // End of function f_buildGnSecuredBeacon
        
filatov's avatar
filatov committed
        group messageGetters {
garciay's avatar
garciay committed
             * @desc    return SecuredMessage header field of given type or null if none 
             * @param   p_msg the SecuredMessage
             * @param   p_type header field type
             * @return  HeaderField of given type if any or null
             */
            function f_getMsgHeaderField(in SecuredMessage p_msg, in HeaderFieldType p_type)
            return HeaderField {
                var HeaderField v_return := null;
garciay's avatar
garciay committed
                var integer v_length  := lengthof(p_msg.header_fields);
                var integer v_i;
                
                for(v_i := 0; v_i < v_length; v_i := v_i + 1){
                    if(p_msg.header_fields[v_i].type_ == p_type){
                        v_return := p_msg.header_fields[v_i]; 
garciay's avatar
garciay committed
                
                return v_return;
            }
            
            /**
             * @desc    return SignerInfo SecuredMessage field
             */
            function f_getMsgSignerInfo(in SecuredMessage p_msg) return SignerInfo {
                var HeaderField v_hf := f_getMsgHeaderField(p_msg, e_signer_info);
garciay's avatar
garciay committed
                
                if(isbound(v_hf)){
                    return v_hf.headerField.signer;
                }
garciay's avatar
garciay committed
                
garciay's avatar
garciay committed
            
filatov's avatar
filatov committed
        }// End of group messageGetters
        
        group certificateGetters {
            function f_getCertificateValidityRestriction(in Certificate p_cert, in ValidityRestrictionType p_type)
            return ValidityRestriction {
                var ValidityRestriction v_return := null;
                var integer v_length  := lengthof(p_cert.validity_restrictions);
                var integer v_index;
                for( v_index := 0; v_index < v_length; v_index := v_index + 1 ) {
                    if( p_cert.validity_restrictions[v_index].type_ == p_type ) {
                        v_return := p_cert.validity_restrictions[v_index];
                        break;
                    }
                }
                return v_return;
            }
            
filatov's avatar
filatov committed
            function f_getCertificateSignerInfo (in Certificate p_cert)
            return SignerInfo {
                var SignerInfo ret := null;
                if( lengthof(p_cert.signer_infos) > 0 ) {
                    ret := p_cert.signer_infos[0];
                }
                return ret;
            }
            
filatov's avatar
filatov committed
        }// End of group certificateGetters
filatov's avatar
filatov committed
        group CertRequests{
            function f_askForCertificateChain (in HashedId3s p_digests) {
                
            }            
        } // End of group CertRequests 
    
    } // End of group helpersFunctions

    group externalFunctions {
        
        /**
         * @desc    Produces a 256-bit (32-byte) hash value
         * @param   p_toBeHashedData Data to be used to calculate the hash value
         * @return  The hash value
         */
garciay's avatar
garciay committed
        external function fx_hashWithSha256(in octetstring p_toBeHashedData) return octetstring;
        
        /**
         * @desc    Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signaturee
         * @param   p_toBeSignedData    The data to be signed
         * @param   p_privateKey        The private key
         * @return  The signature value
         */
garciay's avatar
garciay committed
        external function fx_signWithEcdsaNistp256WithSha256(in octetstring p_toBeSignedData, in octetstring/*UInt64*/ p_privateKey) return octetstring;
        
        /**
         * @desc    Verify the signature of the specified data
         * @param   p_toBeVerifiedData          The data to be verified
         * @param   p_signature                 The signature
         * @param   p_ecdsaNistp256PublicKeyX   The public key (x coordinate)
         * @param   p_ecdsaNistp256PublicKeyY   The public key (y coordinate)
         * @return  true on success, false otherwise
         */
garciay's avatar
garciay committed
        external function fx_verifyWithEcdsaNistp256WithSha256(in octetstring p_toBeVerifiedData, in octetstring p_signature, in octetstring p_ecdsaNistp256PublicKeyX, in octetstring p_ecdsaNistp256PublicKeyY) return boolean;
        
        /**
         * @desc    Produce a new public/private key pair based on Elliptic Curve Digital Signature Algorithm (ECDSA) algorithm
         * @param   p_privateKey    The new private key value
         * @param   p_publicKeyX    The new public key value (x coordinate)
         * @param   p_publicKeyX    The new public key value (y coordinate)
         * @return  true on success, false otherwise
         */
garciay's avatar
garciay committed
        external function fx_generateKeyPair(out octetstring/*UInt64*/ p_privateKey, out octetstring p_publicKeyX, out octetstring p_publicKeyY) return boolean;
        
    } // End of group externalFunctions
    
garciay's avatar
garciay committed
} // End of module LibItsSecurity_Functions