Newer
Older
/**
* @author ETSI / STF481
* @version $URL$
* $Id$
* @desc Module containing functions for Security Protocol
*
*/
module LibItsSecurity_Functions {
garciay
committed
import from LibCommon_DataStrings all;
garciay
committed
// LibItsCommon
import from LibItsCommon_Functions all;
import from LibItsSecurity_TypesAndValues all;
garciay
committed
import from LibItsSecurity_Templates all;
import from LibItsSecurity_Pixits all;
/**
* @desc Produces a 256-bit (32-byte) hash value
* @param TODO
* @return TODO
*/
function f_hashWithSha256(in octetstring p_toBeHashedData) {
}
/**
* @desc Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signaturee
* @param TODO
* @return TODO
*/
function f_signWithEcdsaNistp256WithSha256() {
}
/**
* @desc Verify the signature of the specified data
* @param TODO
* @return true on success, false otherwise
*/
garciay
committed
function f_verifyWithEcdsaNistp256WithSha256(
in octetstring p_toBeHashedData,
out Oct32 p_hashValue) return boolean {
p_hashValue := fx_hashWithSha256(p_toBeHashedData);
return true;
}
/**
* @desc Produce a new public/private key pair based on Elliptic Curve Digital Signature Algorithm (ECDSA) algorithm
* @param TODO
* @return true on success, false otherwise
*/
function f_generateKeyPair() return boolean {
return false;
}
/**
* @desc Calculate digest over the certificate
* @param cert The certificate
* @return the digest
*/
function f_calculateDigest(in Certificate cert) return HashedId8 {
garciay
committed
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
/**
* @desc This function build and sign the SecureMessage part covered by the signature process
* @param p_unsecuredPayload The unsigned payload (e.g. a beacon)
* @param p_threeDLocation The ThreeDLocation value
* @param p_securedMessage The signed SecureMessage part
* @return true on success, false otherwise
* @verdict Unchanged
*/
function f_buildGnSecuredCam(
in octetstring p_unsecuredPayload,
in ThreeDLocation p_threeDLocation,
out template (value) SecuredMessage p_securedMessage)
return boolean {
return false; // TODO
}
/**
* @desc This function build and sign the SecureMessage part covered by the signature process
* @param p_unsecuredPayload The unsigned payload (e.g. a beacon)
* @param p_threeDLocation The ThreeDLocation value
* @param p_securedMessage The signed SecureMessage part
* @return true on success, false otherwise
* @verdict Unchanged
*/
function f_buildGnSecuredDenm(
in octetstring p_unsecuredPayload,
in ThreeDLocation p_threeDLocation,
out template (value) SecuredMessage p_securedMessage)
return boolean {
return false; // TODO
}
/**
* @desc This function build and sign the SecureMessage part covered by the signature process
* @param p_unsecuredPayload The unsigned payload (e.g. a beacon)
* @param p_threeDLocation The ThreeDLocation value
* @param p_securedMessage The signed SecureMessage part
* @return true on success, false otherwise
* @verdict Unchanged
*/
function f_buildGnSecuredBeacon(
in octetstring p_unsecuredPayload,
in ThreeDLocation p_threeDLocation,
out template (value) SecuredMessage p_securedMessage)
return boolean {
// Local variables
var octetstring v_secPayload, v_signature;
var Oct32 v_hash;
var template (value) ToBeSignedData v_toBeSignedData;
// Create SecuredMessage payload to be signed
v_toBeSignedData := m_toBeSignedData_profileOther(
{ // Field HeaderFields
m_header_field_signer_info(
m_signerInfo_certificate(
PX_AT_CERTIFICATES[PX_CERTIFICATE_CONFIG_IDX]
) // End of template m_signerInfo_certificate
), // End of template m_header_field_signer_info
m_header_field_generation_time(f_getCurrentTime()),
m_header_field_generation_location(
p_threeDLocation
)
}, // End of field HeaderFields
{
m_payload_unsecured(
p_unsecuredPayload
)
}, // End of field HeaderFields
e_signature
);
v_secPayload := bit2oct(encvalue(v_toBeSignedData));
log("v_secPayload length: ", lengthof(v_secPayload));
log("v_secPayload: ", v_secPayload);
// Calculate the hash of the SecuredMessage payload to be signed
v_hash := fx_hashWithSha256(v_secPayload);
log("v_hash length: ", lengthof(v_hash));
log("v_hash: ", v_hash);
// Signed payload
v_signature := fx_signWithEcdsaNistp256WithSha256(
v_hash,
PC_PRIVATE_KEYS[PX_CERTIFICATE_CONFIG_IDX]
);
log("v_signature length: ", lengthof(v_signature));
log("v_signature: ", v_signature);
p_securedMessage := m_securedMessage_profileOther( // See Clause 7.3 Generic security profile for other signed messages
v_toBeSignedData.header_fields,
v_toBeSignedData.payload_fields,
{
m_trailer_field_signature(
m_signature(
m_ecdsaSignature(
m_eccPointecdsa_nistp256_with_sha256_y_coordinate_only(
substr(v_signature, 2, 32)
),
substr(v_signature, 34, 32)
)
)
)
}
); // End of template m_securedMessageBeacon
return true;
} // End of function f_buildGnSecuredBeacon
* @desc return SecuredMessage header field of given type or null if none
* @param p_msg the SecuredMessage
* @param p_type header field type
* @return HeaderField of given type if any or null
*/
function f_getMsgHeaderField(in SecuredMessage p_msg, in HeaderFieldType p_type)
return HeaderField {
var HeaderField v_return := null;
var integer v_length := lengthof(p_msg.header_fields);
var integer v_i;
for(v_i := 0; v_i < v_length; v_i := v_i + 1){
if(p_msg.header_fields[v_i].type_ == p_type){
v_return := p_msg.header_fields[v_i];
break;
}
}
return v_return;
}
/**
* @desc return SignerInfo SecuredMessage field
*/
function f_getMsgSignerInfo(in SecuredMessage p_msg) return SignerInfo {
var HeaderField v_hf := f_getMsgHeaderField(p_msg, e_signer_info);
return v_hf.headerField.signer;
}
return null;
}
}// End of group messageGetters
group certificateGetters {
function f_getCertificateValidityRestriction(in Certificate p_cert, in ValidityRestrictionType p_type)
return ValidityRestriction {
var ValidityRestriction v_return := null;
var integer v_length := lengthof(p_cert.validity_restrictions);
var integer v_index;
for( v_index := 0; v_index < v_length; v_index := v_index + 1 ) {
if( p_cert.validity_restrictions[v_index].type_ == p_type ) {
v_return := p_cert.validity_restrictions[v_index];
break;
}
}
return v_return;
}
function f_getCertificateSignerInfo (in Certificate p_cert)
return SignerInfo {
var SignerInfo ret := null;
if( lengthof(p_cert.signer_infos) > 0 ) {
ret := p_cert.signer_infos[0];
}
return ret;
}
group CertRequests{
function f_askForCertificateChain (in HashedId3s p_digests) {
}
} // End of group CertRequests
} // End of group helpersFunctions
group externalFunctions {
/**
* @desc Produces a 256-bit (32-byte) hash value
* @param p_toBeHashedData Data to be used to calculate the hash value
* @return The hash value
*/
external function fx_hashWithSha256(in octetstring p_toBeHashedData) return octetstring;
/**
* @desc Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signaturee
* @param p_toBeSignedData The data to be signed
* @param p_privateKey The private key
* @return The signature value
*/
external function fx_signWithEcdsaNistp256WithSha256(in octetstring p_toBeSignedData, in octetstring/*UInt64*/ p_privateKey) return octetstring;
/**
* @desc Verify the signature of the specified data
* @param p_toBeVerifiedData The data to be verified
* @param p_signature The signature
* @param p_ecdsaNistp256PublicKeyX The public key (x coordinate)
* @param p_ecdsaNistp256PublicKeyY The public key (y coordinate)
* @return true on success, false otherwise
*/
external function fx_verifyWithEcdsaNistp256WithSha256(in octetstring p_toBeVerifiedData, in octetstring p_signature, in octetstring p_ecdsaNistp256PublicKeyX, in octetstring p_ecdsaNistp256PublicKeyY) return boolean;
/**
* @desc Produce a new public/private key pair based on Elliptic Curve Digital Signature Algorithm (ECDSA) algorithm
* @param p_privateKey The new private key value
* @param p_publicKeyX The new public key value (x coordinate)
* @param p_publicKeyX The new public key value (y coordinate)
* @return true on success, false otherwise
*/
external function fx_generateKeyPair(out octetstring/*UInt64*/ p_privateKey, out octetstring p_publicKeyX, out octetstring p_publicKeyY) return boolean;
} // End of group externalFunctions