Skip to content
LibItsSecurity_Functions.ttcn 129 KiB
Newer Older
                            m_header_info_signer_info(
                                m_issuerIdentifier_sha256AndDigest(
                                    v_atCertificate.cracaId
berge's avatar
berge committed
                    v_mandatoryHeaders := {
                        v_signerInfo,
                        valueof(m_header_info_generation_time(1000 * f_getCurrentTime())), // In us
                        valueof(m_header_info_generation_location(p_threeDLocation))
berge's avatar
berge committed
                    }
                // Build the secured message and return it
garciay's avatar
garciay committed
                return f_buildGnSecuredMessage(p_securedMessage, p_certificateName, p_payloadField/*, v_mandatoryHeaders*/);
            } // End of function f_buildGnSecuredOtherMessage
garciay's avatar
garciay committed
            /**
             * @desc This function build and sign the SecureMessage part covered by the signature process including wrong elements of protocols. It is used for BO test cases
             * @param p_securedMessage       The signed  SecureMessage part
             * @param  p_protocolVersion     The protocol version to be set. Default: 2
             * @param  p_trailerStatus       The Traile behaviour:
             *                               <li>0 for no trailer</li>
             *                               <li>1 for invalid trailer</li>
             *                               <li>2 for duplicated trailer</li>
             * @param p_payloadField        Payloads to be included in the message
             * @param p_signerIdentifierType       Add digest or AT certificate or certificate chain
garciay's avatar
garciay committed
             * @param p_threeDLocation       The 3D location
             * @param p_headerInfo         HeaderInfo to be inserted in the message
garciay's avatar
garciay committed
             * @param p_certificateName      The certificate identifier to be used. Default: TA_CERT_A
             * @param p_addMissingHeaders    Whether to add mandatory headers not present in p_headerInfo
garciay's avatar
garciay committed
             * @return true on success, false otherwise
             */
            function f_buildGnSecuredOtherMessage_Bo(
garciay's avatar
garciay committed
                                                     out template (value) EtsiTs103097Data p_securedMessage,
garciay's avatar
garciay committed
                                                     in UInt8 p_protocolVersion := c_protocol_version,
garciay's avatar
garciay committed
                                                     in integer p_trailerStatus := 0,
garciay's avatar
garciay committed
                                                     in ToBeSignedData p_payloadField,
                                                     in SignerIdentifier p_signerIdentifierType, // FIXME To be reviewed
garciay's avatar
garciay committed
                                                     in ThreeDLocation p_threeDLocation,
                                                     in template (omit) HeaderInfo p_headerInfo := omit,
garciay's avatar
garciay committed
                                                     in charstring p_certificateName := "",
garciay's avatar
garciay committed
                                                     in boolean p_addMissingHeaders := true
            ) runs on ItsSecurityBaseComponent return boolean {
                
                // Local variables
                var EtsiTs103097Certificate v_aaCertificate, v_atCertificate;
                var HeaderInfo v_mandatoryHeaders := {};
                var HeaderInfo v_signerInfo;
garciay's avatar
garciay committed
                
                // Load certificates if required
                if (f_prepareCertificates(p_certificateName, v_aaCertificate, v_atCertificate) == false) {
                    return false;
                }
                
                // Add additional headers if required
                /* FIXME To be reviewed if (p_addMissingHeaders == true) {
garciay's avatar
garciay committed
                    // Prepare mandatory headers
                    if (valueof(p_signerIdentifierType) == e_certificate) { // Add the AT certificate
garciay's avatar
garciay committed
                        v_signerInfo := valueof(
                            m_header_info_signer_info(
                                m_signerIdentifier_certificate(
garciay's avatar
garciay committed
                                    v_atCertificate
                        )));
                    } else if (valueof(p_signerIdentifierType) == e_certificate_chain) { // Add the AT certificate + AA EtsiTs103097Certificate
garciay's avatar
garciay committed
                        v_signerInfo := valueof(
                            m_header_info_signer_info(
                                m_signerIdentifier_certificates(
garciay's avatar
garciay committed
                                    {
                                        v_aaCertificate,
                                        v_atCertificate
                                    }
                                )
                        ));
                    } else if (valueof(p_signerIdentifierType) == e_certificate_digest_with_sha256) { // Add the AT certificate digest
garciay's avatar
garciay committed
                        v_signerInfo := valueof(
                            m_header_info_signer_info(
                                m_issuerIdentifier_sha256AndDigest(
                                    v_atCertificate.cracaId
garciay's avatar
garciay committed
                        )));
                    }
                    v_mandatoryHeaders := {
                        v_signerInfo,
                        valueof(m_header_info_generation_time(1000 * f_getCurrentTime())), // In us
                        valueof(m_header_info_generation_location(p_threeDLocation))
garciay's avatar
garciay committed
                    }
garciay's avatar
garciay committed
                
                // FIXME To be done 
                
                // Build the secured message and return it
garciay's avatar
garciay committed
                return f_buildGnSecuredMessage(p_securedMessage, p_certificateName, p_payloadField/*, v_mandatoryHeaders*/);
garciay's avatar
garciay committed
            } // End of function f_buildGnSecuredOtherMessage_Bo
            
        } // End of group hostSignatureHelpers
        
        group deviceSignatureHelpers {
            
            /**
             * @desc Retrieve the HashedId8 to be sent to the IUT, based on the provided certificate identifier
             * @param p_certificateName The certificate the IUT shall use
             * @return The HashedId8 to be sent to the IUT in the UtInitialize command
             * @verdict Unchanged
             * @remark Component variable vc_hashedId8ToBeUsed shall be set with the IUT certificate to be used
             */
garciay's avatar
garciay committed
            function f_setupIutCertificate(
                                           in charstring p_certificateName
            ) runs on ItsSecurityBaseComponent return HashedId8 {
                // Local variables
filatov's avatar
filatov committed
// FIXME (DF) UNUSED
//                var EtsiTs103097Certificate v_atCertificate;
garciay's avatar
garciay committed
                var HashedId8   v_hashedId8 := '0000000000000000'O;
                
                // Sanity check
                if (lengthof(p_certificateName) == 0) {
                    return v_hashedId8;
                }
                
                // Load certificates
                if(f_getCertificateDigest(p_certificateName, v_hashedId8) == false) {
                    v_hashedId8 := '0000000000000000'O;
garciay's avatar
garciay committed
                }
                
                return v_hashedId8;
            } // End of function f_setupIutCertificate
             
garciay's avatar
garciay committed
            /**
            * @desc Verify the signature of the provided certificate
            * @param p_certificateToBeVerified EtsiTs103097Certificate to be verified
            * @param p_publicKey               Public key to verify the certificate signature
            * @return true on success, false otherwise
            * @verdict
            */
garciay's avatar
garciay committed
            function f_verifyCertificateSignatureWithPublicKey(
                                                               in template (value) EtsiTs103097Certificate p_certificateToBeVerified,
                                                               in template (value) EccP256CurvePoint p_publicKey
            ) return boolean {
                // Local variables
                var octetstring toBeVerifiedData;
                var octetstring v_signature;
                var boolean v_result := false;
                var template (value) ToBeSignedCertificate v_toBeSignedCertificate;
                // Create EtsiTs103097Certificate payload to be verified
                /* FIXME To be reviewed v_toBeSignedCertificate := m_toBeSignedCertificate(p_certificateToBeVerified);
                toBeVerifiedData := bit2oct(encvalue(v_toBeSignedCertificate));
garciay's avatar
garciay committed
                               
                // Build the signature
                v_signature :=
                    valueof(p_certificateToBeVerified.signature_.ecdsaNistP256Signature.rSig) &
                    valueof(p_certificateToBeVerified.signature_.ecdsaNistP256Signature.sSig);
garciay's avatar
garciay committed
                log("toBeVerifiedData: ", toBeVerifiedData);
                log("v_signature     : ", v_signature);
                log("EcdsaP256Signature       :", p_publicKey);
                // Verify the certificate
                v_result := f_verifyWithEcdsaNistp256WithSha256(
                    toBeVerifiedData,
                    v_signature,
                    valueof(p_publicKey.uncompressedP256.x),
                    valueof(p_publicKey.uncompressedP256.y)
                );*/
                return v_result;
            } // End of finction f_verifyCertificateSignatureWithPublicKey
            * @desc Verify the signature of the provided secured message
            * @param p_certificateToBeVerified EtsiTs103097Certificate to be verified
            * @param p_issuingCertificate      Issuing certificate
            * @return true on success, false otherwise
            * @verdict
            */
            function f_verifyCertificateSignatureWithIssuingCertificate(
                                                                        in template (value) EtsiTs103097Certificate p_certificateToBeVerified,
                                                                        in template (value) EtsiTs103097Certificate p_issuingCertificate
                /* FIXME To be reviewed for (var integer v_counter := 0; v_counter < lengthof(p_issuingCertificate.subject_attributes); v_counter := v_counter + 1) {
garciay's avatar
garciay committed
                    if (valueof(p_issuingCertificate.subject_attributes[v_counter].type_) == e_verification_key) {
                        return f_verifyCertificateSignatureWithPublicKey(
                            p_certificateToBeVerified,
                            valueof(p_issuingCertificate.subject_attributes[v_counter].attribute.key));
                }*/ // End of 'for' statement
            } // End of function f_verifyCertificateSignatureWithIssuingCertificate
            
             * @desc Verify the signature of the provided secured message for ECDSA Nist-P256 algorithm
             * @param p_securedMessage  The message to be verified
             * @param p_publicKey       The ECDSA public key to verify a signature
             * @param p_certificate     EtsiTs103097Certificate to be used to verify the message
             * @return true on success, false otherwise
             * @verdict Unchanged
             */
            function f_verifyGnSecuredMessageSignature_ecdsaNistP256(
                                                                     in template (value) Ieee1609Dot2Data p_securedMessage,
                                                                     in template (value) EccP256CurvePoint p_publicKey
            ) return boolean {
                
                // Local variables
                var octetstring v_secPayload;
                var octetstring v_signedData;
                var boolean v_result := false;
                var template (value) ToBeSignedData v_toBeSignedData;
                
                log(">>> f_verifyGnSecuredMessageSignature_ecdsaNistP256: p_securedMessage= ", p_securedMessage);
                log(">>> f_verifyGnSecuredMessageSignature_ecdsaNistP256: p_publicKey= ", p_publicKey);
                
                // Create Ieee1609Dot2Data payload to be signed
                v_toBeSignedData := valueof(p_securedMessage.content.signedData.tbsData);
                log("f_verifyGnSecuredMessageSignature_ecdsaNistP256: v_toBeSignedData=", p_securedMessage.content.signedData.tbsData);
                
                v_secPayload := bit2oct(encvalue(v_toBeSignedData));
                log("f_verifyGnSecuredMessageSignature_ecdsaNistP256: v_secPayload=", v_secPayload);
                
                // Verify payload
                v_signedData := valueof(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only) & valueof(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature.sSig);
                log("f_verifyGnSecuredMessageSignature_ecdsaNistP256: v_signedData=", v_signedData);
                v_result := f_verifyWithEcdsaNistp256WithSha256(
                    v_secPayload, 
                    v_signedData,
                    valueof(p_publicKey.uncompressedP256.x),
                    valueof(p_publicKey.uncompressedP256.y)
                );
                
                log("f_verifyGnSecuredMessageSignature_ecdsaNistP256: v_result=", v_result);
                return v_result;
            } // End of function f_verifyGnSecuredMessageSignature_ecdsaNistP256
            
            /**
             * @desc Verify the signature of the provided secured message for ECDSA Brainpool-P256 algorithm
             * @param p_securedMessage  The message to be verified
             * @param p_publicKey       The ECDSA public key to verify a signature
             * @param p_certificate     EtsiTs103097Certificate to be used to verify the message
             * @return true on success, false otherwise
             * @verdict Unchanged
             */
            function f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP256r1(
                                                                            in template (value) Ieee1609Dot2Data p_securedMessage,
                                                                            in template (value) EccP256CurvePoint p_publicKey
            ) return boolean {
                
                // Local variables
                var octetstring v_secPayload;
                var octetstring v_signedData;
                var boolean v_result := false;
                var template (value) ToBeSignedData v_toBeSignedData;
                log(">>> f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP256r1: p_securedMessage= ", p_securedMessage);
                log(">>> f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP256r1: p_publicKey= ", p_publicKey);
                // Create Ieee1609Dot2Data payload to be signed
                v_toBeSignedData := valueof(p_securedMessage.content.signedData.tbsData);
                log("f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP256r1: v_toBeSignedData=", p_securedMessage.content.signedData.tbsData);
                
                v_secPayload := bit2oct(encvalue(v_toBeSignedData));
                log("f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP256r1: v_secPayload=", v_secPayload);
                
                // Verify payload
                v_signedData := valueof(p_securedMessage.content.signedData.signature_.ecdsaBrainpoolP256r1Signature.rSig.x_only) & valueof(p_securedMessage.content.signedData.signature_.ecdsaBrainpoolP256r1Signature.sSig);
                log("f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP256r1: v_signedData=", v_signedData);
                v_result := f_verifyWithEcdsaBrainpoolp256WithSha256(
                    v_secPayload, 
                    v_signedData,
                    valueof(p_publicKey.uncompressedP256.x),
                    valueof(p_publicKey.uncompressedP256.y)
                
                log("f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP256r1: v_result=", v_result);
                return v_result;
            } // End of function f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP256r1
            
            /**
             * @desc Verify the signature of the provided secured message for ECDSA Brainpool-P384 algorithm
             * @param p_securedMessage  The message to be verified
             * @param p_publicKey       The ECDSA public key to verify a signature
             * @param p_certificate     EtsiTs103097Certificate to be used to verify the message
             * @return true on success, false otherwise
             * @verdict Unchanged
             */
            function f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP384r1(
                                                                            in template (value) Ieee1609Dot2Data p_securedMessage,
                                                                            in template (value) EccP384CurvePoint p_publicKey
            ) return boolean {
                
                // Local variables
                var octetstring v_secPayload;
                var octetstring v_signedData;
                var boolean v_result := false;
                var template (value) ToBeSignedData v_toBeSignedData;
                
                log(">>> f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP384r1: p_securedMessage= ", p_securedMessage);
                log(">>> f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP384r1: p_publicKey= ", p_publicKey);
                
                // Create Ieee1609Dot2Data payload to be signed
                v_toBeSignedData := valueof(p_securedMessage.content.signedData.tbsData);
                log("f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP384r1: v_toBeSignedData=", p_securedMessage.content.signedData.tbsData);
                v_secPayload := bit2oct(encvalue(v_toBeSignedData));
                log("f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP384r1: v_secPayload=", v_secPayload);
                
                // Verify payload
                v_signedData := valueof(p_securedMessage.content.signedData.signature_.ecdsaBrainpoolP384r1Signature.rSig.x_only) & valueof(p_securedMessage.content.signedData.signature_.ecdsaBrainpoolP384r1Signature.sSig);
                log("f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP384r1: v_signedData=", v_signedData);
                v_result := f_verifyWithEcdsaBrainpoolp256WithSha256(
                    v_secPayload, 
                    v_signedData,
                    valueof(p_publicKey.uncompressedP384.x),
                    valueof(p_publicKey.uncompressedP384.y)
                );
                log("f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP384r1: v_result=", v_result);
                return v_result;
            } // End of function f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP384r1
            * @desc Verify the signature of the provided secured message
            * @param p_securedMessage
            * @param p_certificate     EtsiTs103097Certificate to be used to verify the message
            * @return true on success, false otherwise
            * @verdict
            */
            function f_verifyGnSecuredMessageSignatureWithCertificate(
                                                                      in template (value) Ieee1609Dot2Data p_securedMessage,
                                                                      in template (value) EtsiTs103097Certificate p_certificate
                if (ischosen(p_securedMessage.content.signedData.signature_.ecdsaBrainpoolP256r1Signature)) {
                    return f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP256r1(p_securedMessage, p_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP256r1);
                } else if (ischosen(p_securedMessage.content.signedData.signature_.ecdsaBrainpoolP384r1Signature)) {
                    return f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP384r1(p_securedMessage, p_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1);
                } else if (ischosen(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature)) {
                    return f_verifyGnSecuredMessageSignature_ecdsaNistP256(p_securedMessage, p_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256);
                }
                return true;
            } // End of function f_verifyGnSecuredOtherMessageWithDeviceCertificate
        } // End of group deviceSignatureHelpers
filatov's avatar
filatov committed
        group messageGetters {
            * @desc    return Ieee1609Dot2Data header field of given type or null if none
            * @param   p_msg the Ieee1609Dot2Data
            * @param   p_type header field type
            * @return  HeaderInfo of given type if any or null
garciay's avatar
garciay committed
            function f_getMsgHeaderInfo(
garciay's avatar
garciay committed
                                        in template(omit) Ieee1609Dot2Data p_securedMessage,
                                        out HeaderInfo p_return
garciay's avatar
garciay committed
                var integer v_length;
                var Ieee1609Dot2Data v_securedMessage;
garciay's avatar
garciay committed
                
garciay's avatar
garciay committed
                if (not isvalue(p_securedMessage)) {
                    testcase.stop(__SCOPE__ & " can not handle omitted secured message values");
                }
                v_securedMessage := valueof(p_securedMessage);
garciay's avatar
garciay committed
                if (ispresent(v_securedMessage.content.signedData)) {
                    p_return := v_securedMessage.content.signedData.tbsData.headerInfo;
                    return true;
                }

                log("f_getMsgHeaderField: return false");
            * @desc    return SignerIdentifier Ieee1609Dot2Data field
            function f_getMsgSignerIdentifier (
garciay's avatar
garciay committed
                                               in template(omit) Ieee1609Dot2Data p_securedMessage,
                                               out SignerIdentifier p_signerIdentifier
garciay's avatar
garciay committed
                if (not isvalue(p_securedMessage)) {
                    testcase.stop(__SCOPE__ & " can not handle omitted secured message values");
                }
                
                if (ischosen(p_securedMessage.content.signedData)) {
garciay's avatar
garciay committed
                    p_signerIdentifier := valueof(p_securedMessage.content.signedData.signer);
                    return true;
                }
                log("f_getMsgSignerIdentifier: return false");
garciay's avatar
garciay committed
            
garciay's avatar
garciay committed
        } // End of group messageGetters
filatov's avatar
filatov committed
        
        group certificateGetters {
             * @desc Set the generation location as defined in Draft ETSI TS 103 097 V1.1.14 Clause 7.2 Security profile for DENMs
             * @param p_latitude    The latitude value of the ITS-S position
             * @param p_longitude   The longitude value of the ITS-S position
             * @param p_elevation   The elevation value of the ITS-S position
             * @verdict Unchanged
             */
            function f_setGenerationLocation(
                                             in SecLatitude p_latitude,
                                             in SecLongitude p_longitude,
                                             in SecElevation p_elevation := 0
            ) runs on ItsSecurityBaseComponent {
                vc_location := {
                    p_latitude,
                    p_longitude,
                    p_elevation
                }
            } // End of function f_setGenerationLocation
            
            * @desc    Load in memory cache the certificates available
            * @param   p_configId      A configuration identifier
            * @remark  This method SHALL be call before any usage of certificates
            * @return  true on success, false otherwise
            */
            function f_loadCertificates(
garciay's avatar
garciay committed
                                        in charstring p_configId
            ) runs on ItsSecurityBaseComponent return boolean {
filatov's avatar
filatov committed
// FIXME (DF) UNUSED
//                var boolean v_result;
                
                // Setup certificates memory cache
garciay's avatar
garciay committed
                if (fx_loadCertificates(PX_CERTIFICATE_POOL_PATH, p_configId) == true) {
                    // Setup security component variables
garciay's avatar
garciay committed
                    /*FIXME if(f_readCertificate(cc_taCert_A, vc_atCertificate)) {
                        if(f_readCertificate(oct2str(vc_atCertificate.issuer), vc_aaCertificate)) {
                            if(f_readSigningKey(cc_taCert_A, vc_signingPrivateKey)) {
                                f_readEncryptingKey(cc_taCert_A, vc_encryptPrivateKey);
                                return true;
                            }
                            log("f_loadCertificates: Failed to load signing key for ", cc_taCert_A);
                        }else{
                            log("f_loadCertificates: Failed to load AA certificate for ", cc_taCert_A);
garciay's avatar
garciay committed
                            }
                        log("f_loadCertificates: Failed to load AT certificate for ", cc_taCert_A);
garciay's avatar
garciay committed
                        }*/
                } else {
                    log("f_loadCertificates: Failed to load certificates from ", PX_CERTIFICATE_POOL_PATH);
garciay's avatar
garciay committed
                }
                return false;
            } // End of function f_loadCertificates
            
            /**
            * @desc    Unload from memory cache the certificates available
            * @return  true on success, false otherwise
            */
            function f_unloadCertificates() runs on ItsSecurityBaseComponent return boolean {
                // Reset security component variables
                vc_signingPrivateKey := '0000000000000000000000000000000000000000000000000000000000000000'O;
                vc_encryptPrivateKey := '0000000000000000000000000000000000000000000000000000000000000000'O;
                // Clear certificates memory cache
                return fx_unloadCertificates();
            } // End of function f_unloadCertificates
            * @desc    Read the specified certificate
            * @param   p_certificateId the certificate identifier
            * @param   p_certificate   the expected certificate
            * @return  true on success, false otherwise
            */
            function f_readCertificate(
garciay's avatar
garciay committed
                                       in charstring p_certificateId,
                                       out EtsiTs103097Certificate p_certificate
            ) runs on ItsSecurityBaseComponent return boolean {
                var octetstring v_certificate;
                
                if (fx_readCertificate(p_certificateId, v_certificate) == true) {
garciay's avatar
garciay committed
                    var bitstring v_oct2bit;
                    var integer v_result;
                    
                    v_oct2bit := oct2bit(v_certificate);
                    v_result := decvalue(v_oct2bit, p_certificate);
                    if (v_result == 0) {
                        return true;
                    }
                }
                
                log("f_readCertificate: Failed to retrieve ", p_certificateId);
                return false;
            } // End of function f_readCertificate

            /**
            * @desc    Read the specified certificate
            * @param   p_certificateId the certificate identifier
            * @param   p_certificate   the expected certificate
            * @return  true on success, false otherwise
            */
            function f_getCertificateDigest(
garciay's avatar
garciay committed
                                            in charstring p_certificateId,
                                            out HashedId8 p_digest
            ) runs on ItsSecurityBaseComponent return boolean {
                if( not fx_readCertificateDigest(p_certificateId, p_digest)){
                    log("f_getCertificateDigest: Failed to retrieve digest for ", p_certificateId);
                    return false;
                }
                return true;
            } // End of function f_getCertificateDigest
            * @desc    Read the signing private key for the specified certificate
            * @param   p_keysId            the keys identifier
            * @param   p_signingPrivateKey the signing private key
            * @return  true on success, false otherwise
            */
            function f_readSigningKey(
                                       in charstring p_keysId,
                                       out Oct32 p_signingPrivateKey
            ) runs on ItsSecurityBaseComponent return boolean {
                return fx_readSigningKey(p_keysId, p_signingPrivateKey);
            } // End of function f_readSigningKey
            
            /**
            * @desc    Read the encrypting private keys for the specified certificate
            * @param   p_keysId            the keys identifier
            * @param   p_encryptPrivateKey the encrypt private key
            * @return  true on success, false otherwise
            */
            function f_readEncryptingKey(
garciay's avatar
garciay committed
                                         in charstring p_keysId,
                                         out Oct32 p_encryptPrivateKey
            ) runs on ItsSecurityBaseComponent return boolean {
                return fx_readEncryptingKey(p_keysId, p_encryptPrivateKey);
            } // End of function f_readEncryptingKey
            function f_getCertificateValidityRestriction(
                                                         in template (value) EtsiTs103097Certificate p_cert,
                                                         out ValidityPeriod p_return
garciay's avatar
garciay committed
                p_return := valueof(p_cert.toBeSigned.validityPeriod);
                return true;
            } // End of function f_getCertificateValidityRestriction
filatov's avatar
filatov committed
            
            function f_getCertificateSubjectAttribute(
                                                      in template (value) EtsiTs103097Certificate p_cert/* FIXME To be reviewed,
                                                      out SubjectAttribute p_return*/
            ) return boolean {
                /* FIXME To be reviewed tfor (var integer i := 0; i < lengthof(p_cert.subject_attributes); i := i + 1) {
//FIXME RGY Titan doesn't support dot notation after valueof at the moment
//                    if (valueof(p_cert).subject_attributes[i].type_ == p_type) {
//                        p_return := valueof(p_cert).subject_attributes[i];
                    if (valueof(p_cert.subject_attributes[i].type_) == p_type) {
                        p_return := valueof(p_cert.subject_attributes[i]);
                log("f_getCertificateSubjectAttribute: Failed to retrieve ", p_type);*/
filatov's avatar
filatov committed
        }// End of group certificateGetters
garciay's avatar
garciay committed
        group certificatesCaching {
            
            function f_createCertificatesCaching(
                                                 in SequenceOfCertificate p_certificates, 
garciay's avatar
garciay committed
                                                 out CertificatesCaching p_certificatesCaching
            ) return boolean {
                p_certificatesCaching := { };
                for (var integer v_counter := 0; v_counter < lengthof(p_certificates); v_counter := v_counter + 1) {
                    var CertificatesCachingItem v_item;
                    v_item.certificate := p_certificates[v_counter];
garciay's avatar
garciay committed
                    v_item.hashedId8 := f_calculateDigestSha256FromCertificate(v_item.certificate);
garciay's avatar
garciay committed
                    p_certificatesCaching[v_counter] := v_item;
                } // End of 'for' statement
                
                return true;
            }
            
            function f_getCertificateFromCaching(
                                                 in CertificatesCaching p_certificatesCaching, 
                                                 in HashedId8 p_hashedId8, 
                                                 out EtsiTs103097Certificate p_certificate
garciay's avatar
garciay committed
            ) return boolean {
                for (var integer v_counter := 0; v_counter < lengthof(p_certificatesCaching); v_counter := v_counter + 1) { 
                    if (match(p_certificatesCaching[v_counter].hashedId8, p_hashedId8) == true) {
                        p_certificate := p_certificatesCaching[v_counter].certificate;
                        return true;
                    }
                } // End of 'for' statement
                
                return false;
            }
            
            function f_getCertificatesCachingItem(
                                                  in CertificatesCaching p_certificatesCaching, 
                                                  in UInt8 p_index, 
                                                  out EtsiTs103097Certificate p_certificate
garciay's avatar
garciay committed
            ) return boolean {
                if (lengthof(p_certificatesCaching) < p_index) {
                    p_certificate := p_certificatesCaching[p_index].certificate;
                    return true;
                }
                
                return false;
            }
            
            function f_getCertificatesCachingItemSize(
                                                      in CertificatesCaching p_certificatesCaching
            ) return UInt8 {
                return lengthof(p_certificatesCaching);
            }
            
        }// End of group certificatesCaching
        
        
    } // End of group helpersFunctions

    group externalFunctions {
        
        group signing {
            
            /**
garciay's avatar
garciay committed
             * @desc    Produces a 256-bit (32-byte) hash value
             * @param   p_toBeHashedData Data to be used to calculate the hash value
             * @return  The hash value
             */
            external function fx_hashWithSha256(in octetstring p_toBeHashedData) return Oct32;
garciay's avatar
garciay committed
             * @desc    Produces a 384-bit (48-byte) hash value
             * @param   p_toBeHashedData Data to be used to calculate the hash value
             * @return  The hash value
             */
            external function fx_hashWithSha384(in octetstring p_toBeHashedData) return Oct48;
garciay's avatar
garciay committed
            
            /**
garciay's avatar
garciay committed
             * @desc    Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature
garciay's avatar
garciay committed
             * @param   p_toBeSignedSecuredMessage    The data to be signed
             * @param   p_privateKey        The private key
             * @return  The signature value
             */
garciay's avatar
garciay committed
            external function fx_signWithEcdsaNistp256WithSha256(in Oct32 p_toBeSignedSecuredMessage, in Oct32 p_privateKey) return octetstring;
garciay's avatar
garciay committed

            /**
             * @desc    Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature
             * @param   p_toBeSignedSecuredMessage    The data to be signed
             * @param   p_privateKey        The private key
             * @return  The signature value
             */
garciay's avatar
garciay committed
            external function fx_signWithEcdsaBrainpoolp256WithSha256(in Oct32 p_toBeSignedSecuredMessage, in Oct32 p_privateKey) return octetstring;
garciay's avatar
garciay committed
            
            /**
             * @desc    Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature
             * @param   p_toBeSignedSecuredMessage    The data to be signed
             * @param   p_privateKey        The private key
             * @return  The signature value
             */
garciay's avatar
garciay committed
            external function fx_signWithEcdsaBrainpoolp384WithSha384(in Oct48 p_toBeSignedSecuredMessage, in Oct48 p_privateKey) return octetstring;
garciay's avatar
garciay committed
             * @desc    Verify the signature of the specified data
             * @param   p_toBeVerifiedData          The data to be verified
             * @param   p_signature                 The signature
             * @param   p_ecdsaNistp256PublicKeyX   The public key (x coordinate)
             * @param   p_ecdsaNistp256PublicKeyY   The public key (y coordinate)
             * @return  true on success, false otherwise
             */
garciay's avatar
garciay committed
            external function fx_verifyWithEcdsaNistp256WithSha256(in Oct32 p_toBeVerifiedData, in octetstring p_signature, in Oct32 p_ecdsaNistp256PublicKeyX, in Oct32 p_ecdsaNistp256PublicKeyY) return boolean;
            
            /**
             * @desc    Verify the signature of the specified data
             * @param   p_toBeVerifiedData          The data to be verified
             * @param   p_signature                 The signature
             * @param   p_ecdsaBrainpoolp256PublicKeyX   The public key (x coordinate)
             * @param   p_ecdsaBrainpoolp256PublicKeyY   The public key (y coordinate)
             * @return  true on success, false otherwise
             */
            external function fx_verifyWithEcdsaBrainpoolp256WithSha256(in Oct32 p_toBeVerifiedData, in octetstring p_signature, in Oct32 p_ecdsaBrainpoolp256PublicKeyX, in Oct32 p_ecdsaBrainpoolp256PublicKeyY) return boolean;
            
            /**
             * @desc    Verify the signature of the specified data
             * @param   p_toBeVerifiedData          The data to be verified
             * @param   p_signature                 The signature
             * @param   p_ecdsaBrainpoolp384PublicKeyX   The public key (x coordinate)
             * @param   p_ecdsaBrainpoolp384PublicKeyY   The public key (y coordinate)
             * @return  true on success, false otherwise
             */
            external function fx_verifyWithEcdsaBrainpoolp384WithSha384(in Oct48 p_toBeVerifiedData, in octetstring p_signature, in Oct48 p_ecdsaBrainpoolp384PublicKeyX, in Oct48 p_ecdsaBrainpoolp384PublicKeyY) return boolean;
garciay's avatar
garciay committed
             * @desc    Produce a new public/private key pair based on Elliptic Curve Digital Signature Algorithm (ECDSA) algorithm.
             *          This function should not be used by the ATS
             * @param   p_privateKey    The new private key value
             * @param   p_publicKeyX    The new public key value (x coordinate)
             * @param   p_publicKeyX    The new public key value (y coordinate)
             * @return  true on success, false otherwise
             */
garciay's avatar
garciay committed
            external function fx_generateKeyPair_nistp256(out Oct32 p_privateKey, out Oct32 p_publicKeyX, out Oct32 p_publicKeyY) return boolean;
garciay's avatar
garciay committed
            
            /**
             * @desc    Produce a new public/private key pair based on Elliptic Curve Digital Signature Algorithm (ECDSA) algorithm.
             *          This function should not be used by the ATS
             * @param   p_privateKey    The new private key value
             * @param   p_publicKeyX    The new public key value (x coordinate)
             * @param   p_publicKeyX    The new public key value (y coordinate)
             * @return  true on success, false otherwise
             */
garciay's avatar
garciay committed
            external function fx_generateKeyPair_brainpoolp256(out Oct32 p_privateKey, out Oct32 p_publicKeyX, out Oct32 p_publicKeyY) return boolean;
garciay's avatar
garciay committed
            
            /**
             * @desc    Produce a new public/private key pair based on Elliptic Curve Digital Signature Algorithm (ECDSA) algorithm.
             *          This function should not be used by the ATS
             * @param   p_privateKey    The new private key value
             * @param   p_publicKeyX    The new public key value (x coordinate)
             * @param   p_publicKeyX    The new public key value (y coordinate)
             * @return  true on success, false otherwise
             */
garciay's avatar
garciay committed
            external function fx_generateKeyPair_brainpoolp384(out Oct48 p_privateKey, out Oct48 p_publicKeyX, out Oct48 p_publicKeyY) return boolean;
            
        } // End of group signing
        group encryption {
            
        } // End of group encryption
        group certificatesLoader {
            
            /**
            * @desc    Load in memory cache the certificates available in the specified directory
            * @param   p_rootDirectory Root directory to access to the certificates identified by the certificate ID
            * @param   p_configId      A configuration identifier
            * @remark  This method SHALL be call before any usage of certificates
            * @return  true on success, false otherwise
            */
            external function fx_loadCertificates(in charstring p_rootDirectory, in charstring p_configId) return boolean;
garciay's avatar
garciay committed
            external function fx_store_certificate(in charstring p_cert_id, in octetstring p_cert, in octetstring p_private_key, in octetstring p_public_key_x, in octetstring p_public_key_y, in octetstring p_hashid8, in octetstring p_issuer) return boolean;
            * @desc    Unload from memory cache the certificates
            * @return  true on success, false otherwise
            */
            external function fx_unloadCertificates() return boolean;
            * @desc    Read the specified certificate
            * @param   p_certificateId the certificate identifier
            * @param   p_certificate   the expected certificate
            * @return  true on success, false otherwise
            */
            external function fx_readCertificate(in charstring p_certificateId, out octetstring p_certificate) return boolean;

            /**
            * @desc    Read the specified certificate digest
            * @param   p_certificateId the certificate identifier
            * @param   p_digest   the expected certificate
            * @return  true on success, false otherwise
            */
            external function fx_readCertificateDigest(in charstring p_certificateId, out HashedId8 p_digest) return boolean;
            * @desc    Read the private keys for the specified certificate
            * @param   p_keysId            the keys identifier
            * @param   p_signingPrivateKey the signing private key
            * @return  true on success, false otherwise
            */

            external function fx_readSigningKey(in charstring p_keysId, out Oct32 p_signingPrivateKey) return boolean;

            /**
            * @desc    Read the private keys for the specified certificate
            * @param   p_keysId            the keys identifier
            * @param   p_encryptPrivateKey the encrypt private key
            * @return  true on success, false otherwise
            */

            external function fx_readEncryptingKey(in charstring p_keysId, out Oct32 p_encryptingPrivateKey) return boolean;

        } // End of group certificatesLoader
        
        group geodesic {
            
            /**
            * @desc    Check that given polygon doesn't have neither self-intersections nor holes.
            * @param   p_region   Polygonal Region
            * @return  true on success, false otherwise
            * @verdict Unchanged
            */
garciay's avatar
garciay committed
            external function fx_isValidPolygonalRegion(in PolygonalRegion p_region) return boolean;
            * @desc Check if a polygonal region is inside another one
            * @param p_parent  The main polygonal region
            * @param p_region  The polygonal region to be included
            * @return true on success, false otherwise
            * @verdict Unchanged
            */
garciay's avatar
garciay committed
            external function fx_isPolygonalRegionInside(in PolygonalRegion p_parent, in PolygonalRegion p_region) return boolean;
            * @desc Check that the location is inside a circular region
            * @param p_region      The circular region to consider
            * @param p_location    The device location
            * @return true on success, false otherwise
            * @verdict Unchanged
            */
garciay's avatar
garciay committed
            external function fx_isLocationInsideCircularRegion(in CircularRegion p_region, in ThreeDLocation p_location) return boolean;
            * @desc Check that the location is inside a rectangular region
            * @param p_region      The rectangular region to consider
            * @param p_location    The device location
            * @return true on success, false otherwise
            * @verdict Unchanged
            */
            external function fx_isLocationInsideRectangularRegion(in SequenceOfRectangularRegion p_region, in ThreeDLocation p_location) return boolean;
            * @desc Check that the location is inside a polygonal region
            * @param p_region      The polygonal region to consider
            * @param p_location    The device location
            * @return true on success, false otherwise
            * @verdict Unchanged
            */
            external function fx_isLocationInsidePolygonalRegion(in PolygonalRegion p_region, in ThreeDLocation p_location) return boolean;
            * @desc Check if the location is inside an identified region
            * @param p_region      The identified region to consider
            * @param p_location    The device location
            * @return true on success, false otherwise
            * @verdict Unchanged
            */
garciay's avatar
garciay committed
            external function fx_isLocationInsideIdentifiedRegion(in IdentifiedRegion p_region, in ThreeDLocation p_location) return boolean;
garciay's avatar
garciay committed
            /**
            * @desc Check if the location is inside an undefined region
            * @param p_region      The identified region to consider
            * @param p_location    The device location
            * @return true on success, false otherwise
            * @verdict Unchanged
            */
            external function fx_isLocationInsideOtherRegion(in octetstring p_region, in ThreeDLocation p_location) return boolean; 
garciay's avatar
garciay committed
            
            /**
             * @desc    Check that p_circular_region_1 circular region is included into p_circular_region_2 circular region
             * @param   p_circular_region_1    Circular region 1
             * @param   p_circular_region_2    Circular region 2
             *
             * @return  true on success, false otherwise
             */
            external function fx_areCirclesInside(in CircularRegion p_circular_region_1, in CircularRegion p_circular_region_2) return boolean;
            
            /**
             * @desc    Check that p_rectanglar_region_1 rectangular region is included into p_rectanglar_region_2 rectangular region
             * @param   p_rectanglar_region_1    Rectangular region 1
             * @param   p_rectanglar_region_2    Rectangular region 2
             *
             * @return  true on success, false otherwise
             */
            external function fx_areRectanglesInside(in SequenceOfRectangularRegion p_rectanglar_region_1, in SequenceOfRectangularRegion p_rectanglar_region_2) return boolean;
garciay's avatar
garciay committed
            
            /**
             * @desc    Check that p_polygonal_region_1 polygonal region is included into p_polygonal_region_2 polygonal region
             * @param   p_polygonal_region_1    Polygonal region 1
             * @param   p_polygonal_region_2    Polygonal region 2
             *
             * @return  true on success, false otherwise
             */
            external function fx_arePolygonsInside(in PolygonalRegion p_polygonal_region_1, in PolygonalRegion p_polygonal_region_2) return boolean;
            
            * @desc Convert a spacial coordinate from DMS to Dms
            * @param p_degrees The degrees (D)
            * @param p_minutes The minutes (M)
            * @param p_seconds The seconds (S)
            * @param p_latlon  The latitude/longitude: (N|S|E|W)
            * @return The decimal coordinate on success, 0.0, otherwise
            * @verdict Unchanged
            */
            external function fx_dms2dd(in Int p_degrees, in Int p_minutes, in float p_seconds, in Oct1 p_latlon) return float;
        } // End of group geodesic
        
    } // End of group externalFunctions
    
filatov's avatar
filatov committed
    group geometryFunctions {
        
garciay's avatar
garciay committed
        function f_checkRegionValidityRestiction(
                                                 in EtsiTs103097Certificate p_cert, 
                                                 in EtsiTs103097Certificate p_cert_issuer
garciay's avatar
garciay committed
        ) return boolean {
            var ValidityPeriod v_cert_region, v_cert_issuer_region;
garciay's avatar
garciay committed
            var boolean v_cert_issuer_region_result;
            
            /* FIXME To be reviewed v_cert_issuer_region_result := f_getCertificateValidityRestriction(p_cert_issuer, e_region, v_cert_issuer_region);
garciay's avatar
garciay committed
            if (f_getCertificateValidityRestriction(p_cert, e_region, v_cert_region) == false) {
                if (v_cert_issuer_region_result == true) {
garciay's avatar
garciay committed
                    if (v_cert_issuer_region.validity.region.region_type != e_none) {
garciay's avatar
garciay committed
                        return false;
                    }
                }
            } else if (
                        (v_cert_issuer_region_result == true) and 
garciay's avatar
garciay committed
                        (v_cert_issuer_region.validity.region.region_type != e_none)
garciay's avatar
garciay committed
            ) {
garciay's avatar
garciay committed
                if (v_cert_region.validity.region.region_type == e_circle) {
                    if (v_cert_issuer_region.validity.region.region_type == e_circle) {
garciay's avatar
garciay committed
                        // Check v_cert_region 'circle' is inside v_cert_issuer_region 'circle'
                        if (f_areCirclesInside(v_cert_region.validity.region.region.circular_region, v_cert_issuer_region.validity.region.region.circular_region) == false) {
                            log("*** " & testcasename() & ": FAIL: Issuer and issuing certificates circle area does not match ***");
                            return false;
                        }
                    }
garciay's avatar
garciay committed
                } else if (v_cert_region.validity.region.region_type == e_rectangle) {
                    if (v_cert_issuer_region.validity.region.region_type == e_rectangle) {
garciay's avatar
garciay committed
                        // Check v_cert_region 'rectangle' is inside v_cert_issuer_region 'rectangle'
                        if (f_areRectanglesInside(v_cert_region.validity.region.region.rectangular_region, v_cert_issuer_region.validity.region.region.rectangular_region) == false) {
                            log("*** " & testcasename() & ": FAIL: Issuer and issuing certificates rectangle area does not match ***");
                            return false;
                        }
                    }
garciay's avatar
garciay committed
                } else if (v_cert_region.validity.region.region_type == e_polygon) {
                    if (v_cert_issuer_region.validity.region.region_type == e_polygon) {
garciay's avatar
garciay committed
                        // Check v_cert_region 'polygon' is inside v_cert_issuer_region 'polygon'
                        if (f_arePolygonsInside(v_cert_region.validity.region.region.polygonal_region, v_cert_issuer_region.validity.region.region.polygonal_region) == false) {
                            log("*** " & testcasename() & ": FAIL: Issuer and issuing certificates polygon area does not match ***");
                            return false;
                        }
                    }
garciay's avatar
garciay committed
                } else if (v_cert_region.validity.region.region_type == e_id) {
garciay's avatar
garciay committed
                    // Check id_region
                    if (not match (v_cert_region.validity.region, mw_geographicRegion_identified(mw_identifiedRegion_iso3166_any))) { 
                        log("*** " & testcasename() & ": FAIL: Identified region is not conformed to ISO 3166-1 ***");
                        return false;
                    }
                    if (not match (v_cert_region.validity.region, mw_geographicRegion_identified(mw_identifiedRegion_un_stats_any))) {
                        log("*** " & testcasename() & ": FAIL: Identified region is not conformed to United Nations Statistics Division ***");
                        return false;
                    }
                    // Check region_dictionary
                    if (not match (v_cert_region.validity.region.region.id_region.region_dictionary, v_cert_issuer_region.validity.region.region.id_region.region_dictionary)) {
                        log("*** " & testcasename() & ": FAIL: Issuer and issuing 'region_dictionary' field does not match ***");
                        return false;
                    }
                    // Check region_identifier
                    if (not match (v_cert_region.validity.region.region.id_region.region_identifier, v_cert_issuer_region.validity.region.region.id_region.region_identifier)) {
                        log("*** " & testcasename() & ": FAIL: Issuer and issuing 'region_identifier' field does not match ***");
                        return false;
                    }
                    // Check local_region
                    if (
                        (not match (v_cert_issuer_region.validity.region.region.id_region.local_region, v_cert_region.validity.region.region.id_region.local_region)) or 
                        (not match (v_cert_issuer_region.validity.region.region.id_region.local_region, 0))
                    ) {
                        log("*** " & testcasename() & ": FAIL: Issuer and issuing 'local_region' field does not match ***");
                        return false;
garciay's avatar
garciay committed
                    }
                }
garciay's avatar
garciay committed
            
            return true;
        } // End of function f_checkRegionValidityRestiction
        
filatov's avatar
filatov committed
        /**
garciay's avatar
garciay committed
         * @desc    Check that p_circular_region_1 circular region is included into p_circular_region_2 circular region
         * @param   p_circular_region_1    Circular region 1
         * @param   p_circular_region_2    Circular region 2
         *
         * @return  true on success, false otherwise
         */
        function f_areCirclesInside(
                                    in CircularRegion p_circular_region_1, 
                                    in CircularRegion p_circular_region_2
        ) return boolean {
            return fx_areCirclesInside(p_circular_region_1, p_circular_region_2);
        }
        
        /**
         * @desc    Check that p_rectanglar_region_1 rectangular region is included into p_rectanglar_region_2 rectangular region
         * @param   p_rectanglar_region_1    Rectangular region 1
         * @param   p_rectanglar_region_2    Rectangular region 2
         *
         * @return  true on success, false otherwise
         */
        function f_areRectanglesInside(
                                       in SequenceOfRectangularRegion p_rectanglar_region_1, 
                                       in SequenceOfRectangularRegion p_rectanglar_region_2
garciay's avatar
garciay committed
        ) return boolean {
            return fx_areRectanglesInside(p_rectanglar_region_1, p_rectanglar_region_2);
        }
        
        /**
         * @desc    Check that p_polygonal_region_1 polygonal region is included into p_polygonal_region_2 polygonal region
         * @param   p_polygonal_region_1    Polygonal region 1
         * @param   p_polygonal_region_2    Polygonal region 2
         *
         * @return  true on success, false otherwise
         */
        function f_arePolygonsInside(
                                     in PolygonalRegion p_polygonal_region_1, 
                                     in PolygonalRegion p_polygonal_region_2
        ) return boolean {
            return fx_arePolygonsInside(p_polygonal_region_1, p_polygonal_region_2);