Loading ttcn/Pki/LibItsPki_Functions.ttcn +10 −8 Original line number Original line Diff line number Diff line Loading @@ -102,6 +102,7 @@ module LibItsPki_Functions { f_readSigningKey(p_ec_certificate_id, vc_ecPrivateKey); f_readSigningKey(p_ec_certificate_id, vc_ecPrivateKey); f_readEncryptingKey(p_ea_certificate_id, vc_eaPrivateEncKey); f_readEncryptingKey(p_ea_certificate_id, vc_eaPrivateEncKey); f_getCertificateDigest(p_ea_certificate_id, vc_eaHashedId8); f_getCertificateDigest(p_ea_certificate_id, vc_eaHashedId8); f_getCertificateHash(p_ea_certificate_id, vc_eaWholeHash); f_getCertificateDigest(p_ec_certificate_id, vc_ecHashedId8); f_getCertificateDigest(p_ec_certificate_id, vc_ecHashedId8); f_readCertificate(p_peerCertificateId, vc_peerEaCertificate); f_readCertificate(p_peerCertificateId, vc_peerEaCertificate); f_getCertificateHash(p_peerCertificateId, vc_eaPeerWholeHash); f_getCertificateHash(p_peerCertificateId, vc_eaPeerWholeHash); Loading Loading @@ -322,9 +323,9 @@ module LibItsPki_Functions { log("*** f_http_build_inner_ec_request: Public encryption key comp: ", v_compressed_enc_key_mode); log("*** f_http_build_inner_ec_request: Public encryption key comp: ", v_compressed_enc_key_mode); log("*** f_http_build_inner_ec_request: First enrolment: ", PX_FIRST_ENROLMENT); log("*** f_http_build_inner_ec_request: First enrolment: ", PX_FIRST_ENROLMENT); if (PX_FIRST_ENROLMENT == true) { // This is the first enrolment, we used Factory keys if (PX_FIRST_ENROLMENT == true) { // This is the first enrolment, we used Factory keys v_ret_code := f_build_pki_secured_message(PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY, valueof(m_signerIdentifier_self), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data); v_ret_code := f_build_pki_secured_message(PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY, valueof(m_signerIdentifier_self), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, vc_eaWholeHash, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data); } else { // We use last valid EC certificate } else { // We use last valid EC certificate v_ret_code := f_build_pki_secured_message(vc_ecPrivateKey, valueof(m_signerIdentifier_digest(vc_ecHashedId8)), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data); v_ret_code := f_build_pki_secured_message(vc_ecPrivateKey, valueof(m_signerIdentifier_digest(vc_ecHashedId8)), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, vc_eaWholeHash, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data); } } if (v_ret_code == false) { if (v_ret_code == false) { log("*** f_http_build_inner_ec_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); log("*** f_http_build_inner_ec_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); Loading Loading @@ -368,9 +369,9 @@ module LibItsPki_Functions { log("*** f_http_build_inner_ec_request: Public encryption key: ", v_public_enc_key); log("*** f_http_build_inner_ec_request: Public encryption key: ", v_public_enc_key); log("*** f_http_build_inner_ec_request: Public encryption key comp: ", v_compressed_enc_key_mode); log("*** f_http_build_inner_ec_request: Public encryption key comp: ", v_compressed_enc_key_mode); if (PX_FIRST_ENROLMENT == true) { // This is the first enrolment, we used Factory keys if (PX_FIRST_ENROLMENT == true) { // This is the first enrolment, we used Factory keys v_ret_code := f_build_pki_secured_message(PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY, valueof(m_signerIdentifier_self), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, bit2oct(encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop))), p_ieee1609dot2_signed_and_encrypted_data); v_ret_code := f_build_pki_secured_message(PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY, valueof(m_signerIdentifier_self), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, vc_eaWholeHash, bit2oct(encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop))), p_ieee1609dot2_signed_and_encrypted_data); } else { // We use last valid EC certificate } else { // We use last valid EC certificate v_ret_code := f_build_pki_secured_message(vc_ecPrivateKey, valueof(m_signerIdentifier_digest(vc_ecHashedId8)), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, bit2oct(encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop))), p_ieee1609dot2_signed_and_encrypted_data); v_ret_code := f_build_pki_secured_message(vc_ecPrivateKey, valueof(m_signerIdentifier_digest(vc_ecHashedId8)), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, vc_eaWholeHash, bit2oct(encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop))), p_ieee1609dot2_signed_and_encrypted_data); } } if (v_ret_code == false) { if (v_ret_code == false) { log("*** f_http_build_invalid_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); log("*** f_http_build_invalid_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); Loading Loading @@ -421,7 +422,7 @@ module LibItsPki_Functions { **/ **/ log("*** f_http_build_inner_ec_request: ERROR: Need to add TestSystem variable vc_aa ***"); log("*** f_http_build_inner_ec_request: ERROR: Need to add TestSystem variable vc_aa ***"); f_selfOrClientSyncAndVerdict("error", e_error); f_selfOrClientSyncAndVerdict("error", e_error); /* if (f_build_pki_secured_message(vc_aaPrivateKey, valueof(m_signerIdentifier_digest(vc_aaHashedId8)), vc_eaHashedId8/\*recipientId*\/, v_public_enc_key, v_compressed_enc_key_mode, bit2oct(encvalue(m_etsiTs102941Data_authorization_validation_request(v_authorization_validation_request))), p_ieee1609dot2_signed_and_encrypted_data) == false) { */ /* if (f_build_pki_secured_message(vc_aaPrivateKey, valueof(m_signerIdentifier_digest(vc_aaHashedId8)), vc_eaHashedId8/\*recipientId*\/, v_public_enc_key, v_compressed_enc_key_mode, vc_eaWholeHash, bit2oct(encvalue(m_etsiTs102941Data_authorization_validation_request(v_authorization_validation_request))), p_ieee1609dot2_signed_and_encrypted_data) == false) { */ /* log("*** f_http_build_authorization_validation_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); */ /* log("*** f_http_build_authorization_validation_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); */ /* f_selfOrClientSyncAndVerdict("error", e_error); */ /* f_selfOrClientSyncAndVerdict("error", e_error); */ /* } */ /* } */ Loading Loading @@ -814,7 +815,7 @@ module LibItsPki_Functions { } else { } else { return false; return false; } } v_enc_signed_ec_signature := f_encryptWithEciesNistp256WithSha256(bit2oct(encvalue(v_signed_ec_signature)), v_public_enc_key, v_compressed_mode, v_publicEphemeralKeyCompressed, v_ephemeralKeyModeCompressed, v_encrypted_sym_key, v_authentication_vector, v_nonce); v_enc_signed_ec_signature := f_encryptWithEciesNistp256WithSha256(bit2oct(encvalue(v_signed_ec_signature)), v_public_enc_key, v_compressed_mode, ''O, v_publicEphemeralKeyCompressed, v_ephemeralKeyModeCompressed, v_encrypted_sym_key, v_authentication_vector, v_nonce); v_recipientId := p_eaHashedId8; v_recipientId := p_eaHashedId8; log("v_recipientId=", v_recipientId); log("v_recipientId=", v_recipientId); // Fill Certificate template with the public compressed keys (canonical form) // Fill Certificate template with the public compressed keys (canonical form) Loading Loading @@ -951,6 +952,7 @@ module LibItsPki_Functions { in HashedId8 p_recipientId, in HashedId8 p_recipientId, in octetstring p_publicKeyCompressed, in octetstring p_publicKeyCompressed, in integer p_compressedMode, in integer p_compressedMode, in octetstring p_salt, in octetstring p_pki_message, in octetstring p_pki_message, out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data ) return boolean { ) return boolean { Loading Loading @@ -1003,7 +1005,7 @@ module LibItsPki_Functions { // Encode EtsiTs103097Data-Signed data structure // Encode EtsiTs103097Data-Signed data structure v_encoded_inner_ec_request := bit2oct(encvalue(v_ieee1609dot2_signed_data)); v_encoded_inner_ec_request := bit2oct(encvalue(v_ieee1609dot2_signed_data)); // Encrypt encode EtsiTs103097Data-Signed data structure // Encrypt encode EtsiTs103097Data-Signed data structure v_encrypted_inner_ec_request := f_encryptWithEciesNistp256WithSha256(v_encoded_inner_ec_request, p_publicKeyCompressed, p_compressedMode, v_publicEphemeralKeyCompressed, v_ephemeralKeyModeCompressed, v_encrypted_sym_key, v_authentication_vector, v_nonce); v_encrypted_inner_ec_request := f_encryptWithEciesNistp256WithSha256(v_encoded_inner_ec_request, p_publicKeyCompressed, p_compressedMode, p_salt, v_publicEphemeralKeyCompressed, v_ephemeralKeyModeCompressed, v_encrypted_sym_key, v_authentication_vector, v_nonce); log("p_recipientId=", p_recipientId); log("p_recipientId=", p_recipientId); if (p_recipientId == int2oct(0, 8)) { if (p_recipientId == int2oct(0, 8)) { log("v_encrypted_sym_key=", v_encrypted_sym_key); log("v_encrypted_sym_key=", v_encrypted_sym_key); Loading Loading @@ -1071,7 +1073,7 @@ module LibItsPki_Functions { var boolean v_ret; var boolean v_ret; // 1. Decrypt the data // 1. Decrypt the data if (f_decrypt(v_private_enc_key, p_ieee1609dot2_encrypted_and_signed_data, v_ieee1609dot2_signed_data) == false) { if (f_decrypt(v_private_enc_key, p_ieee1609dot2_encrypted_and_signed_data, ''O, v_ieee1609dot2_signed_data) == false) { if (p_check_security == true) { if (p_check_security == true) { return false; return false; } } Loading ttcn/Pki/LibItsPki_TestSystem.ttcn +1 −0 Original line number Original line Diff line number Diff line Loading @@ -101,6 +101,7 @@ module LibItsPki_TestSystem { var octetstring vc_ecPrivateKey; /** Test Adapter EC private key for signature */ var octetstring vc_ecPrivateKey; /** Test Adapter EC private key for signature */ var octetstring vc_eaPrivateEncKey; /** Test Adapter EA private key for encryption */ var octetstring vc_eaPrivateEncKey; /** Test Adapter EA private key for encryption */ var HashedId8 vc_eaHashedId8; /** Test Adapter EA HashedId8 for decryption of IUT's response */ var HashedId8 vc_eaHashedId8; /** Test Adapter EA HashedId8 for decryption of IUT's response */ var octetstring vc_eaWholeHash; /** TS EA whole-hash for signature check */ var HashedId8 vc_ecHashedId8; /** Test Adapter EC HashedId8 for decryption of IUT's response */ var HashedId8 vc_ecHashedId8; /** Test Adapter EC HashedId8 for decryption of IUT's response */ var Certificate vc_peerEaCertificate; /** IUT EA certificate for signature check */ var Certificate vc_peerEaCertificate; /** IUT EA certificate for signature check */ var octetstring vc_eaPeerWholeHash; /** IUT EA whole-hash for signature check */ var octetstring vc_eaPeerWholeHash; /** IUT EA whole-hash for signature check */ Loading ttcn/Security/LibItsSecurity_Functions.ttcn +20 −6 Original line number Original line Diff line number Diff line Loading @@ -118,6 +118,7 @@ module LibItsSecurity_Functions { function f_decrypt( function f_decrypt( in octetstring p_encryptPrivateKey, in octetstring p_encryptPrivateKey, in EtsiTs103097Data p_encrypedSecuredMessage, in EtsiTs103097Data p_encrypedSecuredMessage, in octetstring p_salt, out EtsiTs103097Data p_decrypedSecuredMessage out EtsiTs103097Data p_decrypedSecuredMessage ) return boolean { ) return boolean { if (ischosen(p_encrypedSecuredMessage.content.encryptedData)) { if (ischosen(p_encrypedSecuredMessage.content.encryptedData)) { Loading Loading @@ -152,7 +153,8 @@ module LibItsSecurity_Functions { 0, 0, v_pKRecipientInfo.encKey.eciesNistP256.c, v_pKRecipientInfo.encKey.eciesNistP256.c, v_pKRecipientInfo.encKey.eciesNistP256.t, v_pKRecipientInfo.encKey.eciesNistP256.t, v_ciphertext.aes128ccm.nonce v_ciphertext.aes128ccm.nonce, p_salt ); ); } else if (ischosen(v_pKRecipientInfo.encKey.eciesNistP256.v.compressed_y_1)) { } else if (ischosen(v_pKRecipientInfo.encKey.eciesNistP256.v.compressed_y_1)) { v_decryptedSecuredMessage := f_decryptWithEciesNistp256WithSha256( v_decryptedSecuredMessage := f_decryptWithEciesNistp256WithSha256( Loading @@ -162,7 +164,8 @@ module LibItsSecurity_Functions { 1, 1, v_pKRecipientInfo.encKey.eciesNistP256.c, v_pKRecipientInfo.encKey.eciesNistP256.c, v_pKRecipientInfo.encKey.eciesNistP256.t, v_pKRecipientInfo.encKey.eciesNistP256.t, v_ciphertext.aes128ccm.nonce v_ciphertext.aes128ccm.nonce, p_salt ); ); } else { } else { log("*** " & testcasename() & ":ERROR: Non canonical ephemeral encryption keys ***"); log("*** " & testcasename() & ":ERROR: Non canonical ephemeral encryption keys ***"); Loading Loading @@ -238,6 +241,7 @@ module LibItsSecurity_Functions { in octetstring p_toBeEncryptedSecuredMessage, in octetstring p_toBeEncryptedSecuredMessage, in Oct32 p_recipientsPublicKeyCompressed, in Oct32 p_recipientsPublicKeyCompressed, in integer p_compressedMode, in integer p_compressedMode, in octetstring p_salt, out Oct32 p_publicEphemeralKeyCompressed, out Oct32 p_publicEphemeralKeyCompressed, out integer p_ephemeralKeyModeCompressed, out integer p_ephemeralKeyModeCompressed, out Oct16 p_encrypted_sym_key, out Oct16 p_encrypted_sym_key, Loading @@ -248,6 +252,7 @@ module LibItsSecurity_Functions { p_toBeEncryptedSecuredMessage, p_toBeEncryptedSecuredMessage, p_recipientsPublicKeyCompressed, p_recipientsPublicKeyCompressed, p_compressedMode, p_compressedMode, p_salt, p_publicEphemeralKeyCompressed, p_publicEphemeralKeyCompressed, p_ephemeralKeyModeCompressed, p_ephemeralKeyModeCompressed, p_encrypted_sym_key, p_encrypted_sym_key, Loading Loading @@ -276,7 +281,8 @@ module LibItsSecurity_Functions { in integer p_ephemeralKeyModeCompressed, in integer p_ephemeralKeyModeCompressed, in Oct16 p_encrypted_sym_key, in Oct16 p_encrypted_sym_key, in Oct16 p_authentication_vector, in Oct16 p_authentication_vector, in Oct12 p_nonce in Oct12 p_nonce, in octetstring p_salt ) return octetstring { ) return octetstring { return fx_decryptWithEciesNistp256WithSha256( return fx_decryptWithEciesNistp256WithSha256( p_encryptedSecuredMessage, p_encryptedSecuredMessage, Loading @@ -285,7 +291,8 @@ module LibItsSecurity_Functions { p_ephemeralKeyModeCompressed, p_ephemeralKeyModeCompressed, p_encrypted_sym_key, p_encrypted_sym_key, p_authentication_vector, p_authentication_vector, p_nonce p_nonce, p_salt ); ); } // End of function f_decryptWithEcdsaNistp256WithSha256 } // End of function f_decryptWithEcdsaNistp256WithSha256 Loading Loading @@ -2307,6 +2314,12 @@ module LibItsSecurity_Functions { */ */ external function fx_test_decrypt_aes_128_ccm_test(in octetstring p_k, in octetstring p_n, in octetstring p_pt) return octetstring; external function fx_test_decrypt_aes_128_ccm_test(in octetstring p_k, in octetstring p_n, in octetstring p_pt) return octetstring; /** * @desc Test function the validate AES128 CCM encryption based on AES-GCM-256 * @return The decrypted test */ external function fx_test_encrypt_aes_128_gcm_test(in octetstring p_k, in octetstring p_n, in octetstring p_pt) return octetstring; /** /** * @desc Produces a Elliptic Curve Digital Encrytion Algorithm (ECIES) encryption using Nist-P256 algorithm * @desc Produces a Elliptic Curve Digital Encrytion Algorithm (ECIES) encryption using Nist-P256 algorithm * @param p_toBeEncryptedSecuredMessage The data to be encrypted * @param p_toBeEncryptedSecuredMessage The data to be encrypted Loading @@ -2319,8 +2332,9 @@ module LibItsSecurity_Functions { * @param p_nonce The nonce vector of the AES 128 CCM symmetric key encryption * @param p_nonce The nonce vector of the AES 128 CCM symmetric key encryption * @return The encrypted message * @return The encrypted message */ */ external function fx_encryptWithEciesNistp256WithSha256(in octetstring p_toBeEncryptedSecuredMessage, in Oct32 p_recipientsPublicKeyCompressed, in integer p_compressedMode, out Oct32 p_publicEphemeralKeyCompressed, out integer p_ephemeralKeyModeCompressed, out Oct16 p_encrypted_sym_key, out Oct16 p_authentication_vector, out Oct12 p_nonce) return octetstring; external function fx_encryptWithEciesNistp256WithSha256(in octetstring p_toBeEncryptedSecuredMessage, in Oct32 p_recipientsPublicKeyCompressed, in integer p_compressedMode, in octetstring p_salt, out Oct32 p_publicEphemeralKeyCompressed, out integer p_ephemeralKeyModeCompressed, out Oct16 p_encrypted_sym_key, out Oct16 p_authentication_vector, out Oct12 p_nonce) return octetstring; external function fx_test_encryptWithEciesNistp256WithSha256(in octetstring p_toBeEncryptedSecuredMessage, in Oct32 p_privateEphemeralKey, in Oct32 p_recipientPublicKeyX, in Oct32 p_recipientPublicKeyY, in octetstring p_salt, out Oct32 p_publicEphemeralKeyX, out Oct32 p_publicEphemeralKeyY, out Oct16 p_encrypted_sym_key, out Oct16 p_authentication_vector, out Oct12 p_nonce) return octetstring; /** /** * @desc Produces a Elliptic Curve Digital Encrytion Algorithm (ECIES) decryption using Nist-P256 algorithm * @desc Produces a Elliptic Curve Digital Encrytion Algorithm (ECIES) decryption using Nist-P256 algorithm * @param p_encryptedSecuredMessage The data to be decrypted * @param p_encryptedSecuredMessage The data to be decrypted Loading @@ -2331,7 +2345,7 @@ module LibItsSecurity_Functions { * @param p_nonce The nonce vector of the AES 128 CCM symmetric key encryption * @param p_nonce The nonce vector of the AES 128 CCM symmetric key encryption * @return The decrypted message * @return The decrypted message */ */ external function fx_decryptWithEciesNistp256WithSha256(in octetstring p_encryptedSecuredMessage, in Oct32 p_privateEncKey, in Oct32 p_publicEphemeralKeyCompressed, in integer p_ephemeralKeyModeCompressed, in Oct16 p_encrypted_sym_key, in Oct16 p_authentication_vector, in Oct12 p_nonce) return octetstring; external function fx_decryptWithEciesNistp256WithSha256(in octetstring p_encryptedSecuredMessage, in Oct32 p_privateEncKey, in Oct32 p_publicEphemeralKeyCompressed, in integer p_ephemeralKeyModeCompressed, in Oct16 p_encrypted_sym_key, in Oct16 p_authentication_vector, in Oct12 p_nonce, in octetstring p_salt) return octetstring; /** /** * @desc Produces a Elliptic Curve Digital Encrytion Algorithm (ECIES) encryption using Brainpool-P256 algorithm * @desc Produces a Elliptic Curve Digital Encrytion Algorithm (ECIES) encryption using Brainpool-P256 algorithm Loading Loading
ttcn/Pki/LibItsPki_Functions.ttcn +10 −8 Original line number Original line Diff line number Diff line Loading @@ -102,6 +102,7 @@ module LibItsPki_Functions { f_readSigningKey(p_ec_certificate_id, vc_ecPrivateKey); f_readSigningKey(p_ec_certificate_id, vc_ecPrivateKey); f_readEncryptingKey(p_ea_certificate_id, vc_eaPrivateEncKey); f_readEncryptingKey(p_ea_certificate_id, vc_eaPrivateEncKey); f_getCertificateDigest(p_ea_certificate_id, vc_eaHashedId8); f_getCertificateDigest(p_ea_certificate_id, vc_eaHashedId8); f_getCertificateHash(p_ea_certificate_id, vc_eaWholeHash); f_getCertificateDigest(p_ec_certificate_id, vc_ecHashedId8); f_getCertificateDigest(p_ec_certificate_id, vc_ecHashedId8); f_readCertificate(p_peerCertificateId, vc_peerEaCertificate); f_readCertificate(p_peerCertificateId, vc_peerEaCertificate); f_getCertificateHash(p_peerCertificateId, vc_eaPeerWholeHash); f_getCertificateHash(p_peerCertificateId, vc_eaPeerWholeHash); Loading Loading @@ -322,9 +323,9 @@ module LibItsPki_Functions { log("*** f_http_build_inner_ec_request: Public encryption key comp: ", v_compressed_enc_key_mode); log("*** f_http_build_inner_ec_request: Public encryption key comp: ", v_compressed_enc_key_mode); log("*** f_http_build_inner_ec_request: First enrolment: ", PX_FIRST_ENROLMENT); log("*** f_http_build_inner_ec_request: First enrolment: ", PX_FIRST_ENROLMENT); if (PX_FIRST_ENROLMENT == true) { // This is the first enrolment, we used Factory keys if (PX_FIRST_ENROLMENT == true) { // This is the first enrolment, we used Factory keys v_ret_code := f_build_pki_secured_message(PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY, valueof(m_signerIdentifier_self), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data); v_ret_code := f_build_pki_secured_message(PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY, valueof(m_signerIdentifier_self), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, vc_eaWholeHash, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data); } else { // We use last valid EC certificate } else { // We use last valid EC certificate v_ret_code := f_build_pki_secured_message(vc_ecPrivateKey, valueof(m_signerIdentifier_digest(vc_ecHashedId8)), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data); v_ret_code := f_build_pki_secured_message(vc_ecPrivateKey, valueof(m_signerIdentifier_digest(vc_ecHashedId8)), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, vc_eaWholeHash, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data); } } if (v_ret_code == false) { if (v_ret_code == false) { log("*** f_http_build_inner_ec_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); log("*** f_http_build_inner_ec_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); Loading Loading @@ -368,9 +369,9 @@ module LibItsPki_Functions { log("*** f_http_build_inner_ec_request: Public encryption key: ", v_public_enc_key); log("*** f_http_build_inner_ec_request: Public encryption key: ", v_public_enc_key); log("*** f_http_build_inner_ec_request: Public encryption key comp: ", v_compressed_enc_key_mode); log("*** f_http_build_inner_ec_request: Public encryption key comp: ", v_compressed_enc_key_mode); if (PX_FIRST_ENROLMENT == true) { // This is the first enrolment, we used Factory keys if (PX_FIRST_ENROLMENT == true) { // This is the first enrolment, we used Factory keys v_ret_code := f_build_pki_secured_message(PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY, valueof(m_signerIdentifier_self), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, bit2oct(encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop))), p_ieee1609dot2_signed_and_encrypted_data); v_ret_code := f_build_pki_secured_message(PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY, valueof(m_signerIdentifier_self), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, vc_eaWholeHash, bit2oct(encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop))), p_ieee1609dot2_signed_and_encrypted_data); } else { // We use last valid EC certificate } else { // We use last valid EC certificate v_ret_code := f_build_pki_secured_message(vc_ecPrivateKey, valueof(m_signerIdentifier_digest(vc_ecHashedId8)), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, bit2oct(encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop))), p_ieee1609dot2_signed_and_encrypted_data); v_ret_code := f_build_pki_secured_message(vc_ecPrivateKey, valueof(m_signerIdentifier_digest(vc_ecHashedId8)), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, vc_eaWholeHash, bit2oct(encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop))), p_ieee1609dot2_signed_and_encrypted_data); } } if (v_ret_code == false) { if (v_ret_code == false) { log("*** f_http_build_invalid_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); log("*** f_http_build_invalid_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); Loading Loading @@ -421,7 +422,7 @@ module LibItsPki_Functions { **/ **/ log("*** f_http_build_inner_ec_request: ERROR: Need to add TestSystem variable vc_aa ***"); log("*** f_http_build_inner_ec_request: ERROR: Need to add TestSystem variable vc_aa ***"); f_selfOrClientSyncAndVerdict("error", e_error); f_selfOrClientSyncAndVerdict("error", e_error); /* if (f_build_pki_secured_message(vc_aaPrivateKey, valueof(m_signerIdentifier_digest(vc_aaHashedId8)), vc_eaHashedId8/\*recipientId*\/, v_public_enc_key, v_compressed_enc_key_mode, bit2oct(encvalue(m_etsiTs102941Data_authorization_validation_request(v_authorization_validation_request))), p_ieee1609dot2_signed_and_encrypted_data) == false) { */ /* if (f_build_pki_secured_message(vc_aaPrivateKey, valueof(m_signerIdentifier_digest(vc_aaHashedId8)), vc_eaHashedId8/\*recipientId*\/, v_public_enc_key, v_compressed_enc_key_mode, vc_eaWholeHash, bit2oct(encvalue(m_etsiTs102941Data_authorization_validation_request(v_authorization_validation_request))), p_ieee1609dot2_signed_and_encrypted_data) == false) { */ /* log("*** f_http_build_authorization_validation_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); */ /* log("*** f_http_build_authorization_validation_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); */ /* f_selfOrClientSyncAndVerdict("error", e_error); */ /* f_selfOrClientSyncAndVerdict("error", e_error); */ /* } */ /* } */ Loading Loading @@ -814,7 +815,7 @@ module LibItsPki_Functions { } else { } else { return false; return false; } } v_enc_signed_ec_signature := f_encryptWithEciesNistp256WithSha256(bit2oct(encvalue(v_signed_ec_signature)), v_public_enc_key, v_compressed_mode, v_publicEphemeralKeyCompressed, v_ephemeralKeyModeCompressed, v_encrypted_sym_key, v_authentication_vector, v_nonce); v_enc_signed_ec_signature := f_encryptWithEciesNistp256WithSha256(bit2oct(encvalue(v_signed_ec_signature)), v_public_enc_key, v_compressed_mode, ''O, v_publicEphemeralKeyCompressed, v_ephemeralKeyModeCompressed, v_encrypted_sym_key, v_authentication_vector, v_nonce); v_recipientId := p_eaHashedId8; v_recipientId := p_eaHashedId8; log("v_recipientId=", v_recipientId); log("v_recipientId=", v_recipientId); // Fill Certificate template with the public compressed keys (canonical form) // Fill Certificate template with the public compressed keys (canonical form) Loading Loading @@ -951,6 +952,7 @@ module LibItsPki_Functions { in HashedId8 p_recipientId, in HashedId8 p_recipientId, in octetstring p_publicKeyCompressed, in octetstring p_publicKeyCompressed, in integer p_compressedMode, in integer p_compressedMode, in octetstring p_salt, in octetstring p_pki_message, in octetstring p_pki_message, out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data ) return boolean { ) return boolean { Loading Loading @@ -1003,7 +1005,7 @@ module LibItsPki_Functions { // Encode EtsiTs103097Data-Signed data structure // Encode EtsiTs103097Data-Signed data structure v_encoded_inner_ec_request := bit2oct(encvalue(v_ieee1609dot2_signed_data)); v_encoded_inner_ec_request := bit2oct(encvalue(v_ieee1609dot2_signed_data)); // Encrypt encode EtsiTs103097Data-Signed data structure // Encrypt encode EtsiTs103097Data-Signed data structure v_encrypted_inner_ec_request := f_encryptWithEciesNistp256WithSha256(v_encoded_inner_ec_request, p_publicKeyCompressed, p_compressedMode, v_publicEphemeralKeyCompressed, v_ephemeralKeyModeCompressed, v_encrypted_sym_key, v_authentication_vector, v_nonce); v_encrypted_inner_ec_request := f_encryptWithEciesNistp256WithSha256(v_encoded_inner_ec_request, p_publicKeyCompressed, p_compressedMode, p_salt, v_publicEphemeralKeyCompressed, v_ephemeralKeyModeCompressed, v_encrypted_sym_key, v_authentication_vector, v_nonce); log("p_recipientId=", p_recipientId); log("p_recipientId=", p_recipientId); if (p_recipientId == int2oct(0, 8)) { if (p_recipientId == int2oct(0, 8)) { log("v_encrypted_sym_key=", v_encrypted_sym_key); log("v_encrypted_sym_key=", v_encrypted_sym_key); Loading Loading @@ -1071,7 +1073,7 @@ module LibItsPki_Functions { var boolean v_ret; var boolean v_ret; // 1. Decrypt the data // 1. Decrypt the data if (f_decrypt(v_private_enc_key, p_ieee1609dot2_encrypted_and_signed_data, v_ieee1609dot2_signed_data) == false) { if (f_decrypt(v_private_enc_key, p_ieee1609dot2_encrypted_and_signed_data, ''O, v_ieee1609dot2_signed_data) == false) { if (p_check_security == true) { if (p_check_security == true) { return false; return false; } } Loading
ttcn/Pki/LibItsPki_TestSystem.ttcn +1 −0 Original line number Original line Diff line number Diff line Loading @@ -101,6 +101,7 @@ module LibItsPki_TestSystem { var octetstring vc_ecPrivateKey; /** Test Adapter EC private key for signature */ var octetstring vc_ecPrivateKey; /** Test Adapter EC private key for signature */ var octetstring vc_eaPrivateEncKey; /** Test Adapter EA private key for encryption */ var octetstring vc_eaPrivateEncKey; /** Test Adapter EA private key for encryption */ var HashedId8 vc_eaHashedId8; /** Test Adapter EA HashedId8 for decryption of IUT's response */ var HashedId8 vc_eaHashedId8; /** Test Adapter EA HashedId8 for decryption of IUT's response */ var octetstring vc_eaWholeHash; /** TS EA whole-hash for signature check */ var HashedId8 vc_ecHashedId8; /** Test Adapter EC HashedId8 for decryption of IUT's response */ var HashedId8 vc_ecHashedId8; /** Test Adapter EC HashedId8 for decryption of IUT's response */ var Certificate vc_peerEaCertificate; /** IUT EA certificate for signature check */ var Certificate vc_peerEaCertificate; /** IUT EA certificate for signature check */ var octetstring vc_eaPeerWholeHash; /** IUT EA whole-hash for signature check */ var octetstring vc_eaPeerWholeHash; /** IUT EA whole-hash for signature check */ Loading
ttcn/Security/LibItsSecurity_Functions.ttcn +20 −6 Original line number Original line Diff line number Diff line Loading @@ -118,6 +118,7 @@ module LibItsSecurity_Functions { function f_decrypt( function f_decrypt( in octetstring p_encryptPrivateKey, in octetstring p_encryptPrivateKey, in EtsiTs103097Data p_encrypedSecuredMessage, in EtsiTs103097Data p_encrypedSecuredMessage, in octetstring p_salt, out EtsiTs103097Data p_decrypedSecuredMessage out EtsiTs103097Data p_decrypedSecuredMessage ) return boolean { ) return boolean { if (ischosen(p_encrypedSecuredMessage.content.encryptedData)) { if (ischosen(p_encrypedSecuredMessage.content.encryptedData)) { Loading Loading @@ -152,7 +153,8 @@ module LibItsSecurity_Functions { 0, 0, v_pKRecipientInfo.encKey.eciesNistP256.c, v_pKRecipientInfo.encKey.eciesNistP256.c, v_pKRecipientInfo.encKey.eciesNistP256.t, v_pKRecipientInfo.encKey.eciesNistP256.t, v_ciphertext.aes128ccm.nonce v_ciphertext.aes128ccm.nonce, p_salt ); ); } else if (ischosen(v_pKRecipientInfo.encKey.eciesNistP256.v.compressed_y_1)) { } else if (ischosen(v_pKRecipientInfo.encKey.eciesNistP256.v.compressed_y_1)) { v_decryptedSecuredMessage := f_decryptWithEciesNistp256WithSha256( v_decryptedSecuredMessage := f_decryptWithEciesNistp256WithSha256( Loading @@ -162,7 +164,8 @@ module LibItsSecurity_Functions { 1, 1, v_pKRecipientInfo.encKey.eciesNistP256.c, v_pKRecipientInfo.encKey.eciesNistP256.c, v_pKRecipientInfo.encKey.eciesNistP256.t, v_pKRecipientInfo.encKey.eciesNistP256.t, v_ciphertext.aes128ccm.nonce v_ciphertext.aes128ccm.nonce, p_salt ); ); } else { } else { log("*** " & testcasename() & ":ERROR: Non canonical ephemeral encryption keys ***"); log("*** " & testcasename() & ":ERROR: Non canonical ephemeral encryption keys ***"); Loading Loading @@ -238,6 +241,7 @@ module LibItsSecurity_Functions { in octetstring p_toBeEncryptedSecuredMessage, in octetstring p_toBeEncryptedSecuredMessage, in Oct32 p_recipientsPublicKeyCompressed, in Oct32 p_recipientsPublicKeyCompressed, in integer p_compressedMode, in integer p_compressedMode, in octetstring p_salt, out Oct32 p_publicEphemeralKeyCompressed, out Oct32 p_publicEphemeralKeyCompressed, out integer p_ephemeralKeyModeCompressed, out integer p_ephemeralKeyModeCompressed, out Oct16 p_encrypted_sym_key, out Oct16 p_encrypted_sym_key, Loading @@ -248,6 +252,7 @@ module LibItsSecurity_Functions { p_toBeEncryptedSecuredMessage, p_toBeEncryptedSecuredMessage, p_recipientsPublicKeyCompressed, p_recipientsPublicKeyCompressed, p_compressedMode, p_compressedMode, p_salt, p_publicEphemeralKeyCompressed, p_publicEphemeralKeyCompressed, p_ephemeralKeyModeCompressed, p_ephemeralKeyModeCompressed, p_encrypted_sym_key, p_encrypted_sym_key, Loading Loading @@ -276,7 +281,8 @@ module LibItsSecurity_Functions { in integer p_ephemeralKeyModeCompressed, in integer p_ephemeralKeyModeCompressed, in Oct16 p_encrypted_sym_key, in Oct16 p_encrypted_sym_key, in Oct16 p_authentication_vector, in Oct16 p_authentication_vector, in Oct12 p_nonce in Oct12 p_nonce, in octetstring p_salt ) return octetstring { ) return octetstring { return fx_decryptWithEciesNistp256WithSha256( return fx_decryptWithEciesNistp256WithSha256( p_encryptedSecuredMessage, p_encryptedSecuredMessage, Loading @@ -285,7 +291,8 @@ module LibItsSecurity_Functions { p_ephemeralKeyModeCompressed, p_ephemeralKeyModeCompressed, p_encrypted_sym_key, p_encrypted_sym_key, p_authentication_vector, p_authentication_vector, p_nonce p_nonce, p_salt ); ); } // End of function f_decryptWithEcdsaNistp256WithSha256 } // End of function f_decryptWithEcdsaNistp256WithSha256 Loading Loading @@ -2307,6 +2314,12 @@ module LibItsSecurity_Functions { */ */ external function fx_test_decrypt_aes_128_ccm_test(in octetstring p_k, in octetstring p_n, in octetstring p_pt) return octetstring; external function fx_test_decrypt_aes_128_ccm_test(in octetstring p_k, in octetstring p_n, in octetstring p_pt) return octetstring; /** * @desc Test function the validate AES128 CCM encryption based on AES-GCM-256 * @return The decrypted test */ external function fx_test_encrypt_aes_128_gcm_test(in octetstring p_k, in octetstring p_n, in octetstring p_pt) return octetstring; /** /** * @desc Produces a Elliptic Curve Digital Encrytion Algorithm (ECIES) encryption using Nist-P256 algorithm * @desc Produces a Elliptic Curve Digital Encrytion Algorithm (ECIES) encryption using Nist-P256 algorithm * @param p_toBeEncryptedSecuredMessage The data to be encrypted * @param p_toBeEncryptedSecuredMessage The data to be encrypted Loading @@ -2319,8 +2332,9 @@ module LibItsSecurity_Functions { * @param p_nonce The nonce vector of the AES 128 CCM symmetric key encryption * @param p_nonce The nonce vector of the AES 128 CCM symmetric key encryption * @return The encrypted message * @return The encrypted message */ */ external function fx_encryptWithEciesNistp256WithSha256(in octetstring p_toBeEncryptedSecuredMessage, in Oct32 p_recipientsPublicKeyCompressed, in integer p_compressedMode, out Oct32 p_publicEphemeralKeyCompressed, out integer p_ephemeralKeyModeCompressed, out Oct16 p_encrypted_sym_key, out Oct16 p_authentication_vector, out Oct12 p_nonce) return octetstring; external function fx_encryptWithEciesNistp256WithSha256(in octetstring p_toBeEncryptedSecuredMessage, in Oct32 p_recipientsPublicKeyCompressed, in integer p_compressedMode, in octetstring p_salt, out Oct32 p_publicEphemeralKeyCompressed, out integer p_ephemeralKeyModeCompressed, out Oct16 p_encrypted_sym_key, out Oct16 p_authentication_vector, out Oct12 p_nonce) return octetstring; external function fx_test_encryptWithEciesNistp256WithSha256(in octetstring p_toBeEncryptedSecuredMessage, in Oct32 p_privateEphemeralKey, in Oct32 p_recipientPublicKeyX, in Oct32 p_recipientPublicKeyY, in octetstring p_salt, out Oct32 p_publicEphemeralKeyX, out Oct32 p_publicEphemeralKeyY, out Oct16 p_encrypted_sym_key, out Oct16 p_authentication_vector, out Oct12 p_nonce) return octetstring; /** /** * @desc Produces a Elliptic Curve Digital Encrytion Algorithm (ECIES) decryption using Nist-P256 algorithm * @desc Produces a Elliptic Curve Digital Encrytion Algorithm (ECIES) decryption using Nist-P256 algorithm * @param p_encryptedSecuredMessage The data to be decrypted * @param p_encryptedSecuredMessage The data to be decrypted Loading @@ -2331,7 +2345,7 @@ module LibItsSecurity_Functions { * @param p_nonce The nonce vector of the AES 128 CCM symmetric key encryption * @param p_nonce The nonce vector of the AES 128 CCM symmetric key encryption * @return The decrypted message * @return The decrypted message */ */ external function fx_decryptWithEciesNistp256WithSha256(in octetstring p_encryptedSecuredMessage, in Oct32 p_privateEncKey, in Oct32 p_publicEphemeralKeyCompressed, in integer p_ephemeralKeyModeCompressed, in Oct16 p_encrypted_sym_key, in Oct16 p_authentication_vector, in Oct12 p_nonce) return octetstring; external function fx_decryptWithEciesNistp256WithSha256(in octetstring p_encryptedSecuredMessage, in Oct32 p_privateEncKey, in Oct32 p_publicEphemeralKeyCompressed, in integer p_ephemeralKeyModeCompressed, in Oct16 p_encrypted_sym_key, in Oct16 p_authentication_vector, in Oct12 p_nonce, in octetstring p_salt) return octetstring; /** /** * @desc Produces a Elliptic Curve Digital Encrytion Algorithm (ECIES) encryption using Brainpool-P256 algorithm * @desc Produces a Elliptic Curve Digital Encrytion Algorithm (ECIES) encryption using Brainpool-P256 algorithm Loading
