Skip to content
LibItsSecurity_Functions.ttcn 201 KiB
Newer Older
garciay's avatar
garciay committed
/**
 *  @author   ETSI / STF481 / STF507 / STF517 / STF538 / STF545
garciay's avatar
garciay committed
 *  @version  $URL$
 *            $Id$
 *  @desc     Module containing functions for Security Protocol
garciay's avatar
garciay committed
 *  @copyright   ETSI Copyright Notification
 *               No part may be reproduced except as authorized by written permission.
 *               The copyright and the foregoing restriction extend to reproduction in all media.
 *               All rights reserved.
garciay's avatar
garciay committed
 *
 */
module LibItsSecurity_Functions {
    import from LibCommon_BasicTypesAndValues all;
    // LibIts
    import from IEEE1609dot2BaseTypes language "ASN.1:1997" all;
    import from IEEE1609dot2 language "ASN.1:1997" all;
    import from EtsiTs103097Module language "ASN.1:1997" all;
    
filatov's avatar
filatov committed
    //import from LibItsCommon_Functions all;
    //import from LibItsCommon_TypesAndValues all;
    
    // LibItsSecurity
    import from LibItsSecurity_TypesAndValues all;
    import from LibItsSecurity_Templates all;
    import from LibItsSecurity_Pixits all;
garciay's avatar
garciay committed
    import from LibItsSecurity_Pics all;
    import from LibItsSecurity_TestSystem all;
garciay's avatar
garciay committed
    
    group helpersFunctions {
garciay's avatar
garciay committed
         * @desc    Produces a 256-bit (32-byte) hash value
         * @param   p_toBeHashedData Data to be used to calculate the hash value
         * @return  The hash value
         */
garciay's avatar
garciay committed
                                  in octetstring p_toBeHashedData
            return fx_hashWithSha256(p_toBeHashedData);
        } // End of function f_hashWithSha256
garciay's avatar
garciay committed
         * @desc    Produces a 384-bit (48-byte) hash value
         * @param   p_toBeHashedData Data to be used to calculate the hash value
         * @return  The hash value
         */
        function f_hashWithSha384(
                                  in octetstring p_toBeHashedData
        ) return Oct48 {
            return fx_hashWithSha384(p_toBeHashedData);
        } // End of function f_hashWithSha256
        
        /**
Yann Garcia's avatar
Yann Garcia committed
         * @desc    Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature based on standard IEEE 1609.2
         * @param   p_toBeSignedSecuredMessage    The data to be signed
         * @param   p_certificateIssuer           The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate
         * @param   p_privateKey                  The private key for signature
garciay's avatar
garciay committed
         * @return  The signature value
         */
        function f_signWithEcdsaNistp256WithSha256(
                                                   in octetstring p_toBeSignedSecuredMessage,
                                                   in Oct32 p_certificateIssuer,
        ) return octetstring {
            return fx_signWithEcdsaNistp256WithSha256(
                p_toBeSignedSecuredMessage,
        } // End of function f_signWithEcdsaNistp256WithSha256
garciay's avatar
garciay committed
        /**
Yann Garcia's avatar
Yann Garcia committed
         * @desc    Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature based on standard IEEE 1609.2
         * @param   p_toBeSignedSecuredMessage    The data to be signed
         * @param   p_certificateIssuer           The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate
         * @param   p_privateKey                  The private key for signature
garciay's avatar
garciay committed
         * @return  The signature value
         */
        function f_signWithEcdsaBrainpoolp256WithSha256(
                                                        in octetstring p_toBeSignedSecuredMessage,
                                                        in Oct32 p_certificateIssuer,
garciay's avatar
garciay committed
                                                        in Oct32 p_privateKey
        ) return octetstring {
garciay's avatar
garciay committed
            return fx_signWithEcdsaBrainpoolp256WithSha256(
                p_toBeSignedSecuredMessage,
garciay's avatar
garciay committed
                p_privateKey
            );
            
        } // End of function f_signWithEcdsaBrainpoolp256WithSha256
        
garciay's avatar
garciay committed
        /**
Yann Garcia's avatar
Yann Garcia committed
         * @desc    Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature based on standard IEEE 1609.2
         * @param   p_toBeSignedSecuredMessage    The data to be signed
         * @param   p_certificateIssuer           The whole-hash issuer certificate or int2oct(0, 32) in case of self signed certificate
         * @param   p_privateKey                  The private key for signature
garciay's avatar
garciay committed
         * @return  The signature value
         */
        function f_signWithEcdsaBrainpoolp384WithSha384(
                                                        in octetstring p_toBeSignedSecuredMessage,
                                                        in Oct48 p_certificateIssuer,
garciay's avatar
garciay committed
                                                        in Oct48 p_privateKey
        ) return octetstring {
YannGarcia's avatar
YannGarcia committed
          log(">>> f_signWithEcdsaBrainpoolp384WithSha384: ", p_toBeSignedSecuredMessage);
          log(">>> f_signWithEcdsaBrainpoolp384WithSha384: ", p_certificateIssuer);
          log(">>> f_signWithEcdsaBrainpoolp384WithSha384: ", p_privateKey);
garciay's avatar
garciay committed
            return fx_signWithEcdsaBrainpoolp384WithSha384(
                p_toBeSignedSecuredMessage,
garciay's avatar
garciay committed
                p_privateKey
            );
            
        } // End of function f_signWithEcdsaBrainpoolp384WithSha384
        
        function f_decrypt(
                           in octetstring         p_encryptPrivateKey,
                           in EtsiTs103097Data    p_encrypedSecuredMessage,
Yann Garcia's avatar
Yann Garcia committed
                           out EtsiTs103097Data   p_decrypedSecuredMessage,
                           out octetstring        p_aes_sym_enc_key
        ) return boolean {
            if (ischosen(p_encrypedSecuredMessage.content.encryptedData)) {
                var PKRecipientInfo v_pKRecipientInfo;
                var RecipientInfo v_recipientInfo := p_encrypedSecuredMessage.content.encryptedData.recipients[0];
            var octetstring v_decryptedSecuredMessage;
                // Check the private encryption key
                if (not(isbound(p_encryptPrivateKey))) {
                  log("*** " & testcasename() & ":ERROR: Failed to load encryption private key ***");
                  return false;
                }
                
                if (ischosen(v_recipientInfo.certRecipInfo)) {
                  v_pKRecipientInfo := p_encrypedSecuredMessage.content.encryptedData.recipients[0].certRecipInfo;
                  // Read the certificate based on the recipientId
                } else if (ischosen(v_recipientInfo.signedDataRecipInfo)) {
                v_pKRecipientInfo := p_encrypedSecuredMessage.content.encryptedData.recipients[0].signedDataRecipInfo;
                  // Read the certificate based on the recipientId
                  log("*** " & testcasename() & ":ERROR: Unsupported RecipientInfo variant ***");
                  return false;
            if (isbound(v_pKRecipientInfo)) {
                if (ischosen(v_pKRecipientInfo.encKey.eciesNistP256)) {
                  var SymmetricCiphertext v_ciphertext := p_encrypedSecuredMessage.content.encryptedData.ciphertext;
                  if (ischosen(v_pKRecipientInfo.encKey.eciesNistP256.v.compressed_y_0)) {
                      v_decryptedSecuredMessage := f_decryptWithEciesNistp256WithSha256(
                                                                                        v_ciphertext.aes128ccm.ccmCiphertext,
                                                                                        p_encryptPrivateKey,
                                                                                        v_pKRecipientInfo.encKey.eciesNistP256.v.compressed_y_0,
                                                                                        0,
                                                                                        v_pKRecipientInfo.encKey.eciesNistP256.c,
                                                                                        v_pKRecipientInfo.encKey.eciesNistP256.t,
                                                                                        v_ciphertext.aes128ccm.nonce,
Yann Garcia's avatar
Yann Garcia committed
                                                                                        p_salt,
                                                                                        p_aes_sym_enc_key
                                                                                        );
                  } else if (ischosen(v_pKRecipientInfo.encKey.eciesNistP256.v.compressed_y_1)) {
                      v_decryptedSecuredMessage := f_decryptWithEciesNistp256WithSha256(
                                                                                        v_ciphertext.aes128ccm.ccmCiphertext,
                                                                                        p_encryptPrivateKey,
                                                                                        v_pKRecipientInfo.encKey.eciesNistP256.v.compressed_y_1,
                                                                                        1,
                                                                                        v_pKRecipientInfo.encKey.eciesNistP256.c,
                                                                                        v_pKRecipientInfo.encKey.eciesNistP256.t,
                                                                                        v_ciphertext.aes128ccm.nonce,
Yann Garcia's avatar
Yann Garcia committed
                                                                                        p_salt,
                                                                                        p_aes_sym_enc_key
                                                                                        );
                  } else {
                    log("*** " & testcasename() & ":ERROR: Non canonical ephemeral encryption keys ***");
                    return false;
                  }
                  if (isbound(v_decryptedSecuredMessage)) {
                    var bitstring v_decode := oct2bit(v_decryptedSecuredMessage);
                    if (decvalue(v_decode, p_decrypedSecuredMessage) == 0) {
                      return true;
                    } else {
                      log("*** " & testcasename() & ":ERROR: Faild to decode secured message ***");
                } else if (ischosen(v_pKRecipientInfo.encKey.eciesBrainpoolP256r1)) {
                  var SymmetricCiphertext v_ciphertext := p_encrypedSecuredMessage.content.encryptedData.ciphertext;
                  if (ischosen(v_pKRecipientInfo.encKey.eciesBrainpoolP256r1.v.compressed_y_0)) {
                    v_decryptedSecuredMessage := f_decryptWithEciesBrainpoolp256WithSha256(
                                                                                           v_ciphertext.aes128ccm.ccmCiphertext,
                                                                                           p_encryptPrivateKey,
                                                                                           v_pKRecipientInfo.encKey.eciesBrainpoolP256r1.v.compressed_y_0,
                                                                                           0,
                                                                                           v_pKRecipientInfo.encKey.eciesBrainpoolP256r1.c,
                                                                                           v_pKRecipientInfo.encKey.eciesBrainpoolP256r1.t,
Yann Garcia's avatar
Yann Garcia committed
                                                                                           v_ciphertext.aes128ccm.nonce,
                                                                                           p_salt,                                                                                                                                                     p_aes_sym_enc_key
Loading full blame...