Skip to content
GitLab
Commit 1a58023b authored by garciay's avatar garciay
Browse files

Major bugs fixed in security_ecc, remove useless folders for STF525

parent 11926925
Hide whitespace changes
Inline Side-by-side
ttcn/Pki/LibItsPki_Functions.ttcn
View file @ 1a58023b
......@@ -102,6 +102,7 @@ module LibItsPki_Functions {
f_readSigningKey(p_ec_certificate_id, vc_ecPrivateKey);
f_readEncryptingKey(p_ea_certificate_id, vc_eaPrivateEncKey);
f_getCertificateDigest(p_ea_certificate_id, vc_eaHashedId8);
f_getCertificateHash(p_ea_certificate_id, vc_eaWholeHash);
f_getCertificateDigest(p_ec_certificate_id, vc_ecHashedId8);
f_readCertificate(p_peerCertificateId, vc_peerEaCertificate);
f_getCertificateHash(p_peerCertificateId, vc_eaPeerWholeHash);
......@@ -322,9 +323,9 @@ module LibItsPki_Functions {
log("*** f_http_build_inner_ec_request: Public encryption key comp: ", v_compressed_enc_key_mode);
log("*** f_http_build_inner_ec_request: First enrolment: ", PX_FIRST_ENROLMENT);
if (PX_FIRST_ENROLMENT == true) { // This is the first enrolment, we used Factory keys
v_ret_code := f_build_pki_secured_message(PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY, valueof(m_signerIdentifier_self), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data);
v_ret_code := f_build_pki_secured_message(PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY, valueof(m_signerIdentifier_self), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, vc_eaWholeHash, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data);
} else { // We use last valid EC certificate
v_ret_code := f_build_pki_secured_message(vc_ecPrivateKey, valueof(m_signerIdentifier_digest(vc_ecHashedId8)), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data);
v_ret_code := f_build_pki_secured_message(vc_ecPrivateKey, valueof(m_signerIdentifier_digest(vc_ecHashedId8)), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, vc_eaWholeHash, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data);
}
if (v_ret_code == false) {
log("*** f_http_build_inner_ec_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***");
......@@ -368,9 +369,9 @@ module LibItsPki_Functions {
log("*** f_http_build_inner_ec_request: Public encryption key: ", v_public_enc_key);
log("*** f_http_build_inner_ec_request: Public encryption key comp: ", v_compressed_enc_key_mode);
if (PX_FIRST_ENROLMENT == true) { // This is the first enrolment, we used Factory keys
v_ret_code := f_build_pki_secured_message(PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY, valueof(m_signerIdentifier_self), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, bit2oct(encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop))), p_ieee1609dot2_signed_and_encrypted_data);
v_ret_code := f_build_pki_secured_message(PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY, valueof(m_signerIdentifier_self), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, vc_eaWholeHash, bit2oct(encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop))), p_ieee1609dot2_signed_and_encrypted_data);
} else { // We use last valid EC certificate
v_ret_code := f_build_pki_secured_message(vc_ecPrivateKey, valueof(m_signerIdentifier_digest(vc_ecHashedId8)), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, bit2oct(encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop))), p_ieee1609dot2_signed_and_encrypted_data);
v_ret_code := f_build_pki_secured_message(vc_ecPrivateKey, valueof(m_signerIdentifier_digest(vc_ecHashedId8)), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, vc_eaWholeHash, bit2oct(encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop))), p_ieee1609dot2_signed_and_encrypted_data);
}
if (v_ret_code == false) {
log("*** f_http_build_invalid_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***");
......@@ -421,7 +422,7 @@ module LibItsPki_Functions {
**/
log("*** f_http_build_inner_ec_request: ERROR: Need to add TestSystem variable vc_aa ***");
f_selfOrClientSyncAndVerdict("error", e_error);
/* if (f_build_pki_secured_message(vc_aaPrivateKey, valueof(m_signerIdentifier_digest(vc_aaHashedId8)), vc_eaHashedId8/\*recipientId*\/, v_public_enc_key, v_compressed_enc_key_mode, bit2oct(encvalue(m_etsiTs102941Data_authorization_validation_request(v_authorization_validation_request))), p_ieee1609dot2_signed_and_encrypted_data) == false) { */
/* if (f_build_pki_secured_message(vc_aaPrivateKey, valueof(m_signerIdentifier_digest(vc_aaHashedId8)), vc_eaHashedId8/\*recipientId*\/, v_public_enc_key, v_compressed_enc_key_mode, vc_eaWholeHash, bit2oct(encvalue(m_etsiTs102941Data_authorization_validation_request(v_authorization_validation_request))), p_ieee1609dot2_signed_and_encrypted_data) == false) { */
/* log("*** f_http_build_authorization_validation_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"); */
/* f_selfOrClientSyncAndVerdict("error", e_error); */
/* } */
......@@ -814,7 +815,7 @@ module LibItsPki_Functions {
} else {
return false;
}
v_enc_signed_ec_signature := f_encryptWithEciesNistp256WithSha256(bit2oct(encvalue(v_signed_ec_signature)), v_public_enc_key, v_compressed_mode, v_publicEphemeralKeyCompressed, v_ephemeralKeyModeCompressed, v_encrypted_sym_key, v_authentication_vector, v_nonce);
v_enc_signed_ec_signature := f_encryptWithEciesNistp256WithSha256(bit2oct(encvalue(v_signed_ec_signature)), v_public_enc_key, v_compressed_mode, ''O, v_publicEphemeralKeyCompressed, v_ephemeralKeyModeCompressed, v_encrypted_sym_key, v_authentication_vector, v_nonce);
v_recipientId := p_eaHashedId8;
log("v_recipientId=", v_recipientId);
// Fill Certificate template with the public compressed keys (canonical form)
......@@ -951,6 +952,7 @@ module LibItsPki_Functions {
in HashedId8 p_recipientId,
in octetstring p_publicKeyCompressed,
in integer p_compressedMode,
in octetstring p_salt,
in octetstring p_pki_message,
out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data
) return boolean {
......@@ -1003,7 +1005,7 @@ module LibItsPki_Functions {
// Encode EtsiTs103097Data-Signed data structure
v_encoded_inner_ec_request := bit2oct(encvalue(v_ieee1609dot2_signed_data));
// Encrypt encode EtsiTs103097Data-Signed data structure
v_encrypted_inner_ec_request := f_encryptWithEciesNistp256WithSha256(v_encoded_inner_ec_request, p_publicKeyCompressed, p_compressedMode, v_publicEphemeralKeyCompressed, v_ephemeralKeyModeCompressed, v_encrypted_sym_key, v_authentication_vector, v_nonce);
v_encrypted_inner_ec_request := f_encryptWithEciesNistp256WithSha256(v_encoded_inner_ec_request, p_publicKeyCompressed, p_compressedMode, p_salt, v_publicEphemeralKeyCompressed, v_ephemeralKeyModeCompressed, v_encrypted_sym_key, v_authentication_vector, v_nonce);
log("p_recipientId=", p_recipientId);
if (p_recipientId == int2oct(0, 8)) {
log("v_encrypted_sym_key=", v_encrypted_sym_key);
......@@ -1071,7 +1073,7 @@ module LibItsPki_Functions {
var boolean v_ret;
// 1. Decrypt the data
if (f_decrypt(v_private_enc_key, p_ieee1609dot2_encrypted_and_signed_data, v_ieee1609dot2_signed_data) == false) {
if (f_decrypt(v_private_enc_key, p_ieee1609dot2_encrypted_and_signed_data, ''O, v_ieee1609dot2_signed_data) == false) {
if (p_check_security == true) {
return false;
}
......
ttcn/Pki/LibItsPki_TestSystem.ttcn
View file @ 1a58023b
......@@ -101,6 +101,7 @@ module LibItsPki_TestSystem {
var octetstring vc_ecPrivateKey; /** Test Adapter EC private key for signature */
var octetstring vc_eaPrivateEncKey; /** Test Adapter EA private key for encryption */
var HashedId8 vc_eaHashedId8; /** Test Adapter EA HashedId8 for decryption of IUT's response */
var octetstring vc_eaWholeHash; /** TS EA whole-hash for signature check */
var HashedId8 vc_ecHashedId8; /** Test Adapter EC HashedId8 for decryption of IUT's response */
var Certificate vc_peerEaCertificate; /** IUT EA certificate for signature check */
var octetstring vc_eaPeerWholeHash; /** IUT EA whole-hash for signature check */
......
ttcn/Security/LibItsSecurity_Functions.ttcn
View file @ 1a58023b
......@@ -118,6 +118,7 @@ module LibItsSecurity_Functions {
function f_decrypt(
in octetstring p_encryptPrivateKey,
in EtsiTs103097Data p_encrypedSecuredMessage,
in octetstring p_salt,
out EtsiTs103097Data p_decrypedSecuredMessage
) return boolean {
if (ischosen(p_encrypedSecuredMessage.content.encryptedData)) {
......@@ -152,7 +153,8 @@ module LibItsSecurity_Functions {
0,
v_pKRecipientInfo.encKey.eciesNistP256.c,
v_pKRecipientInfo.encKey.eciesNistP256.t,
v_ciphertext.aes128ccm.nonce
v_ciphertext.aes128ccm.nonce,
p_salt
);
} else if (ischosen(v_pKRecipientInfo.encKey.eciesNistP256.v.compressed_y_1)) {
v_decryptedSecuredMessage := f_decryptWithEciesNistp256WithSha256(
......@@ -162,7 +164,8 @@ module LibItsSecurity_Functions {
1,
v_pKRecipientInfo.encKey.eciesNistP256.c,
v_pKRecipientInfo.encKey.eciesNistP256.t,
v_ciphertext.aes128ccm.nonce
v_ciphertext.aes128ccm.nonce,
p_salt
);
} else {
log("*** " & testcasename() & ":ERROR: Non canonical ephemeral encryption keys ***");
......@@ -238,6 +241,7 @@ module LibItsSecurity_Functions {
in octetstring p_toBeEncryptedSecuredMessage,
in Oct32 p_recipientsPublicKeyCompressed,
in integer p_compressedMode,
in octetstring p_salt,
out Oct32 p_publicEphemeralKeyCompressed,
out integer p_ephemeralKeyModeCompressed,
out Oct16 p_encrypted_sym_key,
......@@ -248,6 +252,7 @@ module LibItsSecurity_Functions {
p_toBeEncryptedSecuredMessage,
p_recipientsPublicKeyCompressed,
p_compressedMode,
p_salt,
p_publicEphemeralKeyCompressed,
p_ephemeralKeyModeCompressed,
p_encrypted_sym_key,
......@@ -276,7 +281,8 @@ module LibItsSecurity_Functions {
in integer p_ephemeralKeyModeCompressed,
in Oct16 p_encrypted_sym_key,
in Oct16 p_authentication_vector,
in Oct12 p_nonce
in Oct12 p_nonce,
in octetstring p_salt
) return octetstring {
return fx_decryptWithEciesNistp256WithSha256(
p_encryptedSecuredMessage,
......@@ -285,7 +291,8 @@ module LibItsSecurity_Functions {
p_ephemeralKeyModeCompressed,
p_encrypted_sym_key,
p_authentication_vector,
p_nonce
p_nonce,
p_salt
);
} // End of function f_decryptWithEcdsaNistp256WithSha256
......@@ -2307,6 +2314,12 @@ module LibItsSecurity_Functions {
*/
external function fx_test_decrypt_aes_128_ccm_test(in octetstring p_k, in octetstring p_n, in octetstring p_pt) return octetstring;
/**
* @desc Test function the validate AES128 CCM encryption based on AES-GCM-256
* @return The decrypted test
*/
external function fx_test_encrypt_aes_128_gcm_test(in octetstring p_k, in octetstring p_n, in octetstring p_pt) return octetstring;
/**
* @desc Produces a Elliptic Curve Digital Encrytion Algorithm (ECIES) encryption using Nist-P256 algorithm
* @param p_toBeEncryptedSecuredMessage The data to be encrypted
......@@ -2319,8 +2332,9 @@ module LibItsSecurity_Functions {
* @param p_nonce The nonce vector of the AES 128 CCM symmetric key encryption
* @return The encrypted message
*/
external function fx_encryptWithEciesNistp256WithSha256(in octetstring p_toBeEncryptedSecuredMessage, in Oct32 p_recipientsPublicKeyCompressed, in integer p_compressedMode, out Oct32 p_publicEphemeralKeyCompressed, out integer p_ephemeralKeyModeCompressed, out Oct16 p_encrypted_sym_key, out Oct16 p_authentication_vector, out Oct12 p_nonce) return octetstring;
external function fx_encryptWithEciesNistp256WithSha256(in octetstring p_toBeEncryptedSecuredMessage, in Oct32 p_recipientsPublicKeyCompressed, in integer p_compressedMode, in octetstring p_salt, out Oct32 p_publicEphemeralKeyCompressed, out integer p_ephemeralKeyModeCompressed, out Oct16 p_encrypted_sym_key, out Oct16 p_authentication_vector, out Oct12 p_nonce) return octetstring;
external function fx_test_encryptWithEciesNistp256WithSha256(in octetstring p_toBeEncryptedSecuredMessage, in Oct32 p_privateEphemeralKey, in Oct32 p_recipientPublicKeyX, in Oct32 p_recipientPublicKeyY, in octetstring p_salt, out Oct32 p_publicEphemeralKeyX, out Oct32 p_publicEphemeralKeyY, out Oct16 p_encrypted_sym_key, out Oct16 p_authentication_vector, out Oct12 p_nonce) return octetstring;
/**
* @desc Produces a Elliptic Curve Digital Encrytion Algorithm (ECIES) decryption using Nist-P256 algorithm
* @param p_encryptedSecuredMessage The data to be decrypted
......@@ -2331,7 +2345,7 @@ module LibItsSecurity_Functions {
* @param p_nonce The nonce vector of the AES 128 CCM symmetric key encryption
* @return The decrypted message
*/
external function fx_decryptWithEciesNistp256WithSha256(in octetstring p_encryptedSecuredMessage, in Oct32 p_privateEncKey, in Oct32 p_publicEphemeralKeyCompressed, in integer p_ephemeralKeyModeCompressed, in Oct16 p_encrypted_sym_key, in Oct16 p_authentication_vector, in Oct12 p_nonce) return octetstring;
external function fx_decryptWithEciesNistp256WithSha256(in octetstring p_encryptedSecuredMessage, in Oct32 p_privateEncKey, in Oct32 p_publicEphemeralKeyCompressed, in integer p_ephemeralKeyModeCompressed, in Oct16 p_encrypted_sym_key, in Oct16 p_authentication_vector, in Oct12 p_nonce, in octetstring p_salt) return octetstring;
/**
* @desc Produces a Elliptic Curve Digital Encrytion Algorithm (ECIES) encryption using Brainpool-P256 algorithm
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment