Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
TTCN-3 Libraries
LibIts
Commits
1a58023b
Commit
1a58023b
authored
Nov 16, 2018
by
garciay
Browse files
Major bugs fixed in security_ecc, remove useless folders for STF525
parent
11926925
Changes
3
Hide whitespace changes
Inline
Side-by-side
ttcn/Pki/LibItsPki_Functions.ttcn
View file @
1a58023b
...
...
@@ -102,6 +102,7 @@ module LibItsPki_Functions {
f_readSigningKey
(
p_ec_certificate_id
,
vc_ecPrivateKey
);
f_readEncryptingKey
(
p_ea_certificate_id
,
vc_eaPrivateEncKey
);
f_getCertificateDigest
(
p_ea_certificate_id
,
vc_eaHashedId8
);
f_getCertificateHash
(
p_ea_certificate_id
,
vc_eaWholeHash
);
f_getCertificateDigest
(
p_ec_certificate_id
,
vc_ecHashedId8
);
f_readCertificate
(
p_peerCertificateId
,
vc_peerEaCertificate
);
f_getCertificateHash
(
p_peerCertificateId
,
vc_eaPeerWholeHash
);
...
...
@@ -322,9 +323,9 @@ module LibItsPki_Functions {
log
(
"*** f_http_build_inner_ec_request: Public encryption key comp: "
,
v_compressed_enc_key_mode
);
log
(
"*** f_http_build_inner_ec_request: First enrolment: "
,
PX_FIRST_ENROLMENT
);
if
(
PX_FIRST_ENROLMENT
==
true
)
{
// This is the first enrolment, we used Factory keys
v_ret_code
:=
f_build_pki_secured_message
(
PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY
,
valueof
(
m_signerIdentifier_self
),
vc_eaHashedId8
/*recipientId*/
,
v_public_enc_key
,
v_compressed_enc_key_mode
,
bit2oct
(
v_inner_ec_request_signed_for_pop_msg
),
p_ieee1609dot2_signed_and_encrypted_data
);
v_ret_code
:=
f_build_pki_secured_message
(
PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY
,
valueof
(
m_signerIdentifier_self
),
vc_eaHashedId8
/*recipientId*/
,
v_public_enc_key
,
v_compressed_enc_key_mode
,
vc_eaWholeHash
,
bit2oct
(
v_inner_ec_request_signed_for_pop_msg
),
p_ieee1609dot2_signed_and_encrypted_data
);
}
else
{
// We use last valid EC certificate
v_ret_code
:=
f_build_pki_secured_message
(
vc_ecPrivateKey
,
valueof
(
m_signerIdentifier_digest
(
vc_ecHashedId8
)),
vc_eaHashedId8
/*recipientId*/
,
v_public_enc_key
,
v_compressed_enc_key_mode
,
bit2oct
(
v_inner_ec_request_signed_for_pop_msg
),
p_ieee1609dot2_signed_and_encrypted_data
);
v_ret_code
:=
f_build_pki_secured_message
(
vc_ecPrivateKey
,
valueof
(
m_signerIdentifier_digest
(
vc_ecHashedId8
)),
vc_eaHashedId8
/*recipientId*/
,
v_public_enc_key
,
v_compressed_enc_key_mode
,
vc_eaWholeHash
,
bit2oct
(
v_inner_ec_request_signed_for_pop_msg
),
p_ieee1609dot2_signed_and_encrypted_data
);
}
if
(
v_ret_code
==
false
)
{
log
(
"*** f_http_build_inner_ec_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"
);
...
...
@@ -368,9 +369,9 @@ module LibItsPki_Functions {
log
(
"*** f_http_build_inner_ec_request: Public encryption key: "
,
v_public_enc_key
);
log
(
"*** f_http_build_inner_ec_request: Public encryption key comp: "
,
v_compressed_enc_key_mode
);
if
(
PX_FIRST_ENROLMENT
==
true
)
{
// This is the first enrolment, we used Factory keys
v_ret_code
:=
f_build_pki_secured_message
(
PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY
,
valueof
(
m_signerIdentifier_self
),
vc_eaHashedId8
/*recipientId*/
,
v_public_enc_key
,
v_compressed_enc_key_mode
,
bit2oct
(
encvalue
(
m_etsiTs102941Data_inner_ec_request_signed_for_pop
(
v_inner_ec_request_signed_for_pop
))),
p_ieee1609dot2_signed_and_encrypted_data
);
v_ret_code
:=
f_build_pki_secured_message
(
PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY
,
valueof
(
m_signerIdentifier_self
),
vc_eaHashedId8
/*recipientId*/
,
v_public_enc_key
,
v_compressed_enc_key_mode
,
vc_eaWholeHash
,
bit2oct
(
encvalue
(
m_etsiTs102941Data_inner_ec_request_signed_for_pop
(
v_inner_ec_request_signed_for_pop
))),
p_ieee1609dot2_signed_and_encrypted_data
);
}
else
{
// We use last valid EC certificate
v_ret_code
:=
f_build_pki_secured_message
(
vc_ecPrivateKey
,
valueof
(
m_signerIdentifier_digest
(
vc_ecHashedId8
)),
vc_eaHashedId8
/*recipientId*/
,
v_public_enc_key
,
v_compressed_enc_key_mode
,
bit2oct
(
encvalue
(
m_etsiTs102941Data_inner_ec_request_signed_for_pop
(
v_inner_ec_request_signed_for_pop
))),
p_ieee1609dot2_signed_and_encrypted_data
);
v_ret_code
:=
f_build_pki_secured_message
(
vc_ecPrivateKey
,
valueof
(
m_signerIdentifier_digest
(
vc_ecHashedId8
)),
vc_eaHashedId8
/*recipientId*/
,
v_public_enc_key
,
v_compressed_enc_key_mode
,
vc_eaWholeHash
,
bit2oct
(
encvalue
(
m_etsiTs102941Data_inner_ec_request_signed_for_pop
(
v_inner_ec_request_signed_for_pop
))),
p_ieee1609dot2_signed_and_encrypted_data
);
}
if
(
v_ret_code
==
false
)
{
log
(
"*** f_http_build_invalid_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"
);
...
...
@@ -421,7 +422,7 @@ module LibItsPki_Functions {
**/
log
(
"*** f_http_build_inner_ec_request: ERROR: Need to add TestSystem variable vc_aa ***"
);
f_selfOrClientSyncAndVerdict
(
"error"
,
e_error
);
/* if (f_build_pki_secured_message(vc_aaPrivateKey, valueof(m_signerIdentifier_digest(vc_aaHashedId8)), vc_eaHashedId8/\*recipientId*\/, v_public_enc_key, v_compressed_enc_key_mode, bit2oct(encvalue(m_etsiTs102941Data_authorization_validation_request(v_authorization_validation_request))), p_ieee1609dot2_signed_and_encrypted_data) == false) { */
/* if (f_build_pki_secured_message(vc_aaPrivateKey, valueof(m_signerIdentifier_digest(vc_aaHashedId8)), vc_eaHashedId8/\*recipientId*\/, v_public_enc_key, v_compressed_enc_key_mode,
vc_eaWholeHash,
bit2oct(encvalue(m_etsiTs102941Data_authorization_validation_request(v_authorization_validation_request))), p_ieee1609dot2_signed_and_encrypted_data) == false) { */
/* log("*** f_http_build_authorization_validation_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); */
/* f_selfOrClientSyncAndVerdict("error", e_error); */
/* } */
...
...
@@ -814,7 +815,7 @@ module LibItsPki_Functions {
}
else
{
return
false
;
}
v_enc_signed_ec_signature
:=
f_encryptWithEciesNistp256WithSha256
(
bit2oct
(
encvalue
(
v_signed_ec_signature
)),
v_public_enc_key
,
v_compressed_mode
,
v_publicEphemeralKeyCompressed
,
v_ephemeralKeyModeCompressed
,
v_encrypted_sym_key
,
v_authentication_vector
,
v_nonce
);
v_enc_signed_ec_signature
:=
f_encryptWithEciesNistp256WithSha256
(
bit2oct
(
encvalue
(
v_signed_ec_signature
)),
v_public_enc_key
,
v_compressed_mode
,
''
O
,
v_publicEphemeralKeyCompressed
,
v_ephemeralKeyModeCompressed
,
v_encrypted_sym_key
,
v_authentication_vector
,
v_nonce
);
v_recipientId
:=
p_eaHashedId8
;
log
(
"v_recipientId="
,
v_recipientId
);
// Fill Certificate template with the public compressed keys (canonical form)
...
...
@@ -951,6 +952,7 @@ module LibItsPki_Functions {
in
HashedId8
p_recipientId
,
in
octetstring
p_publicKeyCompressed
,
in
integer
p_compressedMode
,
in
octetstring
p_salt
,
in
octetstring
p_pki_message
,
out
Ieee1609Dot2Data
p_ieee1609dot2_signed_and_encrypted_data
)
return
boolean
{
...
...
@@ -1003,7 +1005,7 @@ module LibItsPki_Functions {
// Encode EtsiTs103097Data-Signed data structure
v_encoded_inner_ec_request
:=
bit2oct
(
encvalue
(
v_ieee1609dot2_signed_data
));
// Encrypt encode EtsiTs103097Data-Signed data structure
v_encrypted_inner_ec_request
:=
f_encryptWithEciesNistp256WithSha256
(
v_encoded_inner_ec_request
,
p_publicKeyCompressed
,
p_compressedMode
,
v_publicEphemeralKeyCompressed
,
v_ephemeralKeyModeCompressed
,
v_encrypted_sym_key
,
v_authentication_vector
,
v_nonce
);
v_encrypted_inner_ec_request
:=
f_encryptWithEciesNistp256WithSha256
(
v_encoded_inner_ec_request
,
p_publicKeyCompressed
,
p_compressedMode
,
p_salt
,
v_publicEphemeralKeyCompressed
,
v_ephemeralKeyModeCompressed
,
v_encrypted_sym_key
,
v_authentication_vector
,
v_nonce
);
log
(
"p_recipientId="
,
p_recipientId
);
if
(
p_recipientId
==
int2oct
(
0
,
8
))
{
log
(
"v_encrypted_sym_key="
,
v_encrypted_sym_key
);
...
...
@@ -1071,7 +1073,7 @@ module LibItsPki_Functions {
var
boolean
v_ret
;
// 1. Decrypt the data
if
(
f_decrypt
(
v_private_enc_key
,
p_ieee1609dot2_encrypted_and_signed_data
,
v_ieee1609dot2_signed_data
)
==
false
)
{
if
(
f_decrypt
(
v_private_enc_key
,
p_ieee1609dot2_encrypted_and_signed_data
,
''
O
,
v_ieee1609dot2_signed_data
)
==
false
)
{
if
(
p_check_security
==
true
)
{
return
false
;
}
...
...
ttcn/Pki/LibItsPki_TestSystem.ttcn
View file @
1a58023b
...
...
@@ -101,6 +101,7 @@ module LibItsPki_TestSystem {
var
octetstring
vc_ecPrivateKey
;
/** Test Adapter EC private key for signature */
var
octetstring
vc_eaPrivateEncKey
;
/** Test Adapter EA private key for encryption */
var
HashedId8
vc_eaHashedId8
;
/** Test Adapter EA HashedId8 for decryption of IUT's response */
var
octetstring
vc_eaWholeHash
;
/** TS EA whole-hash for signature check */
var
HashedId8
vc_ecHashedId8
;
/** Test Adapter EC HashedId8 for decryption of IUT's response */
var
Certificate
vc_peerEaCertificate
;
/** IUT EA certificate for signature check */
var
octetstring
vc_eaPeerWholeHash
;
/** IUT EA whole-hash for signature check */
...
...
ttcn/Security/LibItsSecurity_Functions.ttcn
View file @
1a58023b
...
...
@@ -118,6 +118,7 @@ module LibItsSecurity_Functions {
function
f_decrypt
(
in
octetstring
p_encryptPrivateKey
,
in
EtsiTs103097Data
p_encrypedSecuredMessage
,
in
octetstring
p_salt
,
out
EtsiTs103097Data
p_decrypedSecuredMessage
)
return
boolean
{
if
(
ischosen
(
p_encrypedSecuredMessage
.
content
.
encryptedData
))
{
...
...
@@ -152,7 +153,8 @@ module LibItsSecurity_Functions {
0
,
v_pKRecipientInfo
.
encKey
.
eciesNistP256
.
c
,
v_pKRecipientInfo
.
encKey
.
eciesNistP256
.
t
,
v_ciphertext
.
aes128ccm
.
nonce
v_ciphertext
.
aes128ccm
.
nonce
,
p_salt
);
}
else
if
(
ischosen
(
v_pKRecipientInfo
.
encKey
.
eciesNistP256
.
v
.
compressed_y_1
))
{
v_decryptedSecuredMessage
:=
f_decryptWithEciesNistp256WithSha256
(
...
...
@@ -162,7 +164,8 @@ module LibItsSecurity_Functions {
1
,
v_pKRecipientInfo
.
encKey
.
eciesNistP256
.
c
,
v_pKRecipientInfo
.
encKey
.
eciesNistP256
.
t
,
v_ciphertext
.
aes128ccm
.
nonce
v_ciphertext
.
aes128ccm
.
nonce
,
p_salt
);
}
else
{
log
(
"*** "
&
testcasename
()
&
":ERROR: Non canonical ephemeral encryption keys ***"
);
...
...
@@ -238,6 +241,7 @@ module LibItsSecurity_Functions {
in
octetstring
p_toBeEncryptedSecuredMessage
,
in
Oct32
p_recipientsPublicKeyCompressed
,
in
integer
p_compressedMode
,
in
octetstring
p_salt
,
out
Oct32
p_publicEphemeralKeyCompressed
,
out
integer
p_ephemeralKeyModeCompressed
,
out
Oct16
p_encrypted_sym_key
,
...
...
@@ -248,6 +252,7 @@ module LibItsSecurity_Functions {
p_toBeEncryptedSecuredMessage
,
p_recipientsPublicKeyCompressed
,
p_compressedMode
,
p_salt
,
p_publicEphemeralKeyCompressed
,
p_ephemeralKeyModeCompressed
,
p_encrypted_sym_key
,
...
...
@@ -276,7 +281,8 @@ module LibItsSecurity_Functions {
in
integer
p_ephemeralKeyModeCompressed
,
in
Oct16
p_encrypted_sym_key
,
in
Oct16
p_authentication_vector
,
in
Oct12
p_nonce
in
Oct12
p_nonce
,
in
octetstring
p_salt
)
return
octetstring
{
return
fx_decryptWithEciesNistp256WithSha256
(
p_encryptedSecuredMessage
,
...
...
@@ -285,7 +291,8 @@ module LibItsSecurity_Functions {
p_ephemeralKeyModeCompressed
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
p_nonce
,
p_salt
);
}
// End of function f_decryptWithEcdsaNistp256WithSha256
...
...
@@ -2307,6 +2314,12 @@ module LibItsSecurity_Functions {
*/
external
function
fx_test_decrypt_aes_128_ccm_test
(
in
octetstring
p_k
,
in
octetstring
p_n
,
in
octetstring
p_pt
)
return
octetstring
;
/**
* @desc Test function the validate AES128 CCM encryption based on AES-GCM-256
* @return The decrypted test
*/
external
function
fx_test_encrypt_aes_128_gcm_test
(
in
octetstring
p_k
,
in
octetstring
p_n
,
in
octetstring
p_pt
)
return
octetstring
;
/**
* @desc Produces a Elliptic Curve Digital Encrytion Algorithm (ECIES) encryption using Nist-P256 algorithm
* @param p_toBeEncryptedSecuredMessage The data to be encrypted
...
...
@@ -2319,8 +2332,9 @@ module LibItsSecurity_Functions {
* @param p_nonce The nonce vector of the AES 128 CCM symmetric key encryption
* @return The encrypted message
*/
external
function
fx_encryptWithEciesNistp256WithSha256
(
in
octetstring
p_toBeEncryptedSecuredMessage
,
in
Oct32
p_recipientsPublicKeyCompressed
,
in
integer
p_compressedMode
,
out
Oct32
p_publicEphemeralKeyCompressed
,
out
integer
p_ephemeralKeyModeCompressed
,
out
Oct16
p_encrypted_sym_key
,
out
Oct16
p_authentication_vector
,
out
Oct12
p_nonce
)
return
octetstring
;
external
function
fx_encryptWithEciesNistp256WithSha256
(
in
octetstring
p_toBeEncryptedSecuredMessage
,
in
Oct32
p_recipientsPublicKeyCompressed
,
in
integer
p_compressedMode
,
in
octetstring
p_salt
,
out
Oct32
p_publicEphemeralKeyCompressed
,
out
integer
p_ephemeralKeyModeCompressed
,
out
Oct16
p_encrypted_sym_key
,
out
Oct16
p_authentication_vector
,
out
Oct12
p_nonce
)
return
octetstring
;
external
function
fx_test_encryptWithEciesNistp256WithSha256
(
in
octetstring
p_toBeEncryptedSecuredMessage
,
in
Oct32
p_privateEphemeralKey
,
in
Oct32
p_recipientPublicKeyX
,
in
Oct32
p_recipientPublicKeyY
,
in
octetstring
p_salt
,
out
Oct32
p_publicEphemeralKeyX
,
out
Oct32
p_publicEphemeralKeyY
,
out
Oct16
p_encrypted_sym_key
,
out
Oct16
p_authentication_vector
,
out
Oct12
p_nonce
)
return
octetstring
;
/**
* @desc Produces a Elliptic Curve Digital Encrytion Algorithm (ECIES) decryption using Nist-P256 algorithm
* @param p_encryptedSecuredMessage The data to be decrypted
...
...
@@ -2331,7 +2345,7 @@ module LibItsSecurity_Functions {
* @param p_nonce The nonce vector of the AES 128 CCM symmetric key encryption
* @return The decrypted message
*/
external
function
fx_decryptWithEciesNistp256WithSha256
(
in
octetstring
p_encryptedSecuredMessage
,
in
Oct32
p_privateEncKey
,
in
Oct32
p_publicEphemeralKeyCompressed
,
in
integer
p_ephemeralKeyModeCompressed
,
in
Oct16
p_encrypted_sym_key
,
in
Oct16
p_authentication_vector
,
in
Oct12
p_nonce
)
return
octetstring
;
external
function
fx_decryptWithEciesNistp256WithSha256
(
in
octetstring
p_encryptedSecuredMessage
,
in
Oct32
p_privateEncKey
,
in
Oct32
p_publicEphemeralKeyCompressed
,
in
integer
p_ephemeralKeyModeCompressed
,
in
Oct16
p_encrypted_sym_key
,
in
Oct16
p_authentication_vector
,
in
Oct12
p_nonce
,
in
octetstring
p_salt
)
return
octetstring
;
/**
* @desc Produces a Elliptic Curve Digital Encrytion Algorithm (ECIES) encryption using Brainpool-P256 algorithm
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment