Loading ttcn/Security/LibItsSecurity_Functions.ttcn3 +62 −66 Original line number Original line Diff line number Diff line Loading @@ -365,14 +365,38 @@ module LibItsSecurity_Functions { /** /** * @desc Verify the signature of the provided secured message * @desc Verify the signature of the provided secured message * @param p_aaCertifcate Enrolment Credential certificate * @param p_certificate Certificate to be verified * @param p_atCertificate Authorization Ticket certificate * @param p_certificateToBeVerified Certificate to be used to verify * @return true on success, false otherwise * @return true on success, false otherwise * @verdict * @verdict Unchanged */ */ function f_verifyCertificateSignatureWithIssuingCertificate( function f_verifyCertificateSignatureWithIssuingCertificate( in template (value) Certificate p_aaCertifcate, in template (value) Certificate p_certificate, in template (value) Certificate p_atCertificate in template (value) Certificate p_certificateToBeVerified ) return boolean { // Sanity check if (p_certificate.subject_attributes[0].attribute.key.algorithm != e_ecdsa_nistp256_with_sha256) { log("f_verifyCertificateSignatureWithIssuingCertificate: Invalid algorithm: ", p_certificate.subject_attributes[0].attribute.key.algorithm); return false; } return f_verifyCertificateSignatureWithPublicKey( p_certificateToBeVerified, p_certificate.subject_attributes[0].attribute.key ); } // End of function f_verifyCertificateSignatureWithIssuingCertificate /** * @desc Verify the signature of the provided certificate * @param p_certificate The certificate to be verified * @param p_publicKey The public key to use to verify the certificate signature * @return true on success, false otherwise * @verdict Unchanged */ function f_verifyCertificateSignatureWithPublicKey( in template (value) Certificate p_certificate, in template (value) PublicKey p_publicKey ) return boolean { ) return boolean { // Local variables // Local variables Loading @@ -382,72 +406,51 @@ module LibItsSecurity_Functions { var boolean v_result := false; var boolean v_result := false; var template (value) ToBeSignedCertificate v_toBeSignedCertificate; var template (value) ToBeSignedCertificate v_toBeSignedCertificate; // Sanity check if (p_publicKey.algorithm != e_ecdsa_nistp256_with_sha256) { log("f_verifyCertificateSignatureWithPublicKey: Invalid algorithm: ", p_publicKey.algorithm); return false; } log(">>> f_verifyCertificateSignatureWithPublicKey: p_certificate=", p_certificate); log(">>> f_verifyCertificateSignatureWithPublicKey: p_publicKey=", p_publicKey); // Create Certificate payload to be signed // Create Certificate payload to be signed v_toBeSignedCertificate := m_toBeSignedCertificate(p_atCertificate); v_toBeSignedCertificate := m_toBeSignedCertificate(p_certificate); log("f_verifyCertificateSignatureWithPublicKey: v_toBeSignedCertificate=", v_toBeSignedCertificate); // Endode it v_secPayload := bit2oct(encvalue(v_toBeSignedCertificate)); v_secPayload := bit2oct(encvalue(v_toBeSignedCertificate)); log("f_verifyCertificateSignatureWithPublicKey: v_secPayload=", v_secPayload); // Calculate the hash of the SecuredMessage payload to be signed // Calculate the hash of the SecuredMessage payload to be signed v_hash := fx_hashWithSha256(v_secPayload); v_hash := fx_hashWithSha256(v_secPayload); log("f_verifyCertificateSignatureWithPublicKey: v_hash=", v_hash); // Verify payload // Verify payload v_signedData := v_signedData := '0000'O & '0000'O & p_atCertificate.signature_.signature_.ecdsa_signature.r.x & p_certificate.signature_.signature_.ecdsa_signature.r.x & p_atCertificate.signature_.signature_.ecdsa_signature.s; p_certificate.signature_.signature_.ecdsa_signature.s; log("f_verifyCertificateSignatureWithPublicKey: v_ signedData=", v_signedData); v_result := f_verifyWithEcdsaNistp256WithSha256( v_result := f_verifyWithEcdsaNistp256WithSha256( v_hash, v_hash, v_signedData, v_signedData, p_aaCertifcate.subject_attributes[0].attribute.key.public_key.eccPoint.x, p_publicKey.public_key.eccPoint.x, p_aaCertifcate.subject_attributes[0].attribute.key.public_key.eccPoint.y.y p_publicKey.public_key.eccPoint.y.y ); ); log("f_verifyCertificateSignatureWithPublicKey: v_ v_result=", v_result); return v_result; return v_result; } // End of function f_verifyGnSecuredOtherMessage } // End of function f_verifyCertificateSignatureWithPublicKey } // End of group hostSignatureHelpers group deviceSignatureHelpers { /** * @desc Verify the signature of the provided certificate * @param p_cert Certificate to be verified * @param p_key Public key to verify * @return true on success, false otherwise * @verdict */ function f_verifyCertificateSignatureWithPublicKey( in template (value) Certificate p_cert, in template (value) PublicKey key ) return boolean { // TODO To be implemented return false; } /** * @desc Verify the signature of the provided secured message * @param p_cert Certificate to be verified * @param p_verify Certificate to be used to verify * @return true on success, false otherwise * @verdict */ function f_verifyCertificateSignatureWithIssuingCertificate( in template (value) Certificate p_cert, in template (value) Certificate p_verify ) return boolean { return f_verifyCertificateSignatureWithPublicKey(p_cert, p_verify.subject_attributes[0].attribute.key); } /** /** * @desc Verify the signature of the provided secured message * @desc Verify the signature of the provided secured message * @param p_securedMessage The message to be verified * @param p_securedMessage The message to be verified * @param p_publicKey The ECDSA public key to verify a signature * @param p_publicKey The ECDSA public key to verify a signature * @param p_certificate Certificate to be used to verify the message * @return true on success, false otherwise * @return true on success, false otherwise * @verdict * @verdict Unchanged */ */ function f_verifyCertificateSignatureWithPublicKey( function f_verifySecuredSignatureWithPublicKey( in template (value) SecuredMessage p_securedMessage, in template (value) SecuredMessage p_securedMessage, in template (value) PublicKey p_publicKey in template (value) PublicKey p_publicKey ) return boolean { ) return boolean { Loading @@ -460,6 +463,12 @@ module LibItsSecurity_Functions { var boolean v_result := false; var boolean v_result := false; var template (value) ToBeSignedSecuredMessage v_toBeSignedSecuredMessage; var template (value) ToBeSignedSecuredMessage v_toBeSignedSecuredMessage; // Sanity check if (p_publicKey.algorithm != e_ecdsa_nistp256_with_sha256) { log("f_verifySecuredSignatureWithPublicKey: Invalid algorithm: ", p_publicKey.algorithm); return false; } // Create SecuredMessage payload to be signed // Create SecuredMessage payload to be signed v_toBeSignedSecuredMessage := m_toBeSignedSecuredMessage( v_toBeSignedSecuredMessage := m_toBeSignedSecuredMessage( p_securedMessage.security_profile, p_securedMessage.security_profile, Loading Loading @@ -493,22 +502,7 @@ module LibItsSecurity_Functions { } // End of 'for' statement } // End of 'for' statement return v_result; return v_result; } // End of function f_verifyCertificateSignatureWithPublicKey } // End of function f_verifySecuredSignatureWithPublicKey /** * @desc Verify the signature of the provided secured message * @param p_securedMessage * @param p_certificate Certificate to be used to verify the message * @return true on success, false otherwise * @verdict */ function f_verifyGnSecuredMessageWithDeviceCertificate( in template (value) SecuredMessage p_securedMessage, in template (value) Certificate p_certificate ) return boolean { return f_verifyGnSecuredMessageWithPublicKey(p_securedMessage, p_certificate.subject_attributes[0].attribute.key); } // End of function f_verifyGnSecuredOtherMessageWithDeviceCertificate } // End of group deviceSignatureHelpers } // End of group deviceSignatureHelpers Loading @@ -519,6 +513,7 @@ module LibItsSecurity_Functions { * @param p_msg the SecuredMessage * @param p_msg the SecuredMessage * @param p_type header field type * @param p_type header field type * @return HeaderField of given type if any or null * @return HeaderField of given type if any or null * @verdict Unchanged */ */ function f_getMsgHeaderField( function f_getMsgHeaderField( in SecuredMessage p_securedMessage, in SecuredMessage p_securedMessage, Loading @@ -540,6 +535,7 @@ module LibItsSecurity_Functions { /** /** * @desc return SignerInfo SecuredMessage field * @desc return SignerInfo SecuredMessage field * @verdict Unchanged */ */ function f_getMsgSignerInfo( function f_getMsgSignerInfo( in SecuredMessage p_securedMessage in SecuredMessage p_securedMessage Loading ttcn/Security/LibItsSecurity_Pixits.ttcn3 +3 −3 Original line number Original line Diff line number Diff line Loading @@ -65,7 +65,7 @@ module LibItsSecurity_Pixits { }, }, validity_restrictions := { validity_restrictions := { m_validity_restriction_time_start_and_end( m_validity_restriction_time_start_and_end( 1405173485, 1408802285, 1513691885 1513691885 ), ), m_validity_restriction_region( m_validity_restriction_region( Loading Loading @@ -150,7 +150,7 @@ module LibItsSecurity_Pixits { }, }, validity_restrictions := { validity_restrictions := { m_validity_restriction_time_start_and_end( m_validity_restriction_time_start_and_end( 1405173485, 1408802285, 1513691885 1513691885 ), ), m_validity_restriction_region( m_validity_restriction_region( Loading Loading @@ -233,7 +233,7 @@ module LibItsSecurity_Pixits { }, }, validity_restrictions := { validity_restrictions := { m_validity_restriction_time_start_and_end( m_validity_restriction_time_start_and_end( 1405173485, 1408802285, 1513691885 1513691885 ) ) }, }, Loading Loading
ttcn/Security/LibItsSecurity_Functions.ttcn3 +62 −66 Original line number Original line Diff line number Diff line Loading @@ -365,14 +365,38 @@ module LibItsSecurity_Functions { /** /** * @desc Verify the signature of the provided secured message * @desc Verify the signature of the provided secured message * @param p_aaCertifcate Enrolment Credential certificate * @param p_certificate Certificate to be verified * @param p_atCertificate Authorization Ticket certificate * @param p_certificateToBeVerified Certificate to be used to verify * @return true on success, false otherwise * @return true on success, false otherwise * @verdict * @verdict Unchanged */ */ function f_verifyCertificateSignatureWithIssuingCertificate( function f_verifyCertificateSignatureWithIssuingCertificate( in template (value) Certificate p_aaCertifcate, in template (value) Certificate p_certificate, in template (value) Certificate p_atCertificate in template (value) Certificate p_certificateToBeVerified ) return boolean { // Sanity check if (p_certificate.subject_attributes[0].attribute.key.algorithm != e_ecdsa_nistp256_with_sha256) { log("f_verifyCertificateSignatureWithIssuingCertificate: Invalid algorithm: ", p_certificate.subject_attributes[0].attribute.key.algorithm); return false; } return f_verifyCertificateSignatureWithPublicKey( p_certificateToBeVerified, p_certificate.subject_attributes[0].attribute.key ); } // End of function f_verifyCertificateSignatureWithIssuingCertificate /** * @desc Verify the signature of the provided certificate * @param p_certificate The certificate to be verified * @param p_publicKey The public key to use to verify the certificate signature * @return true on success, false otherwise * @verdict Unchanged */ function f_verifyCertificateSignatureWithPublicKey( in template (value) Certificate p_certificate, in template (value) PublicKey p_publicKey ) return boolean { ) return boolean { // Local variables // Local variables Loading @@ -382,72 +406,51 @@ module LibItsSecurity_Functions { var boolean v_result := false; var boolean v_result := false; var template (value) ToBeSignedCertificate v_toBeSignedCertificate; var template (value) ToBeSignedCertificate v_toBeSignedCertificate; // Sanity check if (p_publicKey.algorithm != e_ecdsa_nistp256_with_sha256) { log("f_verifyCertificateSignatureWithPublicKey: Invalid algorithm: ", p_publicKey.algorithm); return false; } log(">>> f_verifyCertificateSignatureWithPublicKey: p_certificate=", p_certificate); log(">>> f_verifyCertificateSignatureWithPublicKey: p_publicKey=", p_publicKey); // Create Certificate payload to be signed // Create Certificate payload to be signed v_toBeSignedCertificate := m_toBeSignedCertificate(p_atCertificate); v_toBeSignedCertificate := m_toBeSignedCertificate(p_certificate); log("f_verifyCertificateSignatureWithPublicKey: v_toBeSignedCertificate=", v_toBeSignedCertificate); // Endode it v_secPayload := bit2oct(encvalue(v_toBeSignedCertificate)); v_secPayload := bit2oct(encvalue(v_toBeSignedCertificate)); log("f_verifyCertificateSignatureWithPublicKey: v_secPayload=", v_secPayload); // Calculate the hash of the SecuredMessage payload to be signed // Calculate the hash of the SecuredMessage payload to be signed v_hash := fx_hashWithSha256(v_secPayload); v_hash := fx_hashWithSha256(v_secPayload); log("f_verifyCertificateSignatureWithPublicKey: v_hash=", v_hash); // Verify payload // Verify payload v_signedData := v_signedData := '0000'O & '0000'O & p_atCertificate.signature_.signature_.ecdsa_signature.r.x & p_certificate.signature_.signature_.ecdsa_signature.r.x & p_atCertificate.signature_.signature_.ecdsa_signature.s; p_certificate.signature_.signature_.ecdsa_signature.s; log("f_verifyCertificateSignatureWithPublicKey: v_ signedData=", v_signedData); v_result := f_verifyWithEcdsaNistp256WithSha256( v_result := f_verifyWithEcdsaNistp256WithSha256( v_hash, v_hash, v_signedData, v_signedData, p_aaCertifcate.subject_attributes[0].attribute.key.public_key.eccPoint.x, p_publicKey.public_key.eccPoint.x, p_aaCertifcate.subject_attributes[0].attribute.key.public_key.eccPoint.y.y p_publicKey.public_key.eccPoint.y.y ); ); log("f_verifyCertificateSignatureWithPublicKey: v_ v_result=", v_result); return v_result; return v_result; } // End of function f_verifyGnSecuredOtherMessage } // End of function f_verifyCertificateSignatureWithPublicKey } // End of group hostSignatureHelpers group deviceSignatureHelpers { /** * @desc Verify the signature of the provided certificate * @param p_cert Certificate to be verified * @param p_key Public key to verify * @return true on success, false otherwise * @verdict */ function f_verifyCertificateSignatureWithPublicKey( in template (value) Certificate p_cert, in template (value) PublicKey key ) return boolean { // TODO To be implemented return false; } /** * @desc Verify the signature of the provided secured message * @param p_cert Certificate to be verified * @param p_verify Certificate to be used to verify * @return true on success, false otherwise * @verdict */ function f_verifyCertificateSignatureWithIssuingCertificate( in template (value) Certificate p_cert, in template (value) Certificate p_verify ) return boolean { return f_verifyCertificateSignatureWithPublicKey(p_cert, p_verify.subject_attributes[0].attribute.key); } /** /** * @desc Verify the signature of the provided secured message * @desc Verify the signature of the provided secured message * @param p_securedMessage The message to be verified * @param p_securedMessage The message to be verified * @param p_publicKey The ECDSA public key to verify a signature * @param p_publicKey The ECDSA public key to verify a signature * @param p_certificate Certificate to be used to verify the message * @return true on success, false otherwise * @return true on success, false otherwise * @verdict * @verdict Unchanged */ */ function f_verifyCertificateSignatureWithPublicKey( function f_verifySecuredSignatureWithPublicKey( in template (value) SecuredMessage p_securedMessage, in template (value) SecuredMessage p_securedMessage, in template (value) PublicKey p_publicKey in template (value) PublicKey p_publicKey ) return boolean { ) return boolean { Loading @@ -460,6 +463,12 @@ module LibItsSecurity_Functions { var boolean v_result := false; var boolean v_result := false; var template (value) ToBeSignedSecuredMessage v_toBeSignedSecuredMessage; var template (value) ToBeSignedSecuredMessage v_toBeSignedSecuredMessage; // Sanity check if (p_publicKey.algorithm != e_ecdsa_nistp256_with_sha256) { log("f_verifySecuredSignatureWithPublicKey: Invalid algorithm: ", p_publicKey.algorithm); return false; } // Create SecuredMessage payload to be signed // Create SecuredMessage payload to be signed v_toBeSignedSecuredMessage := m_toBeSignedSecuredMessage( v_toBeSignedSecuredMessage := m_toBeSignedSecuredMessage( p_securedMessage.security_profile, p_securedMessage.security_profile, Loading Loading @@ -493,22 +502,7 @@ module LibItsSecurity_Functions { } // End of 'for' statement } // End of 'for' statement return v_result; return v_result; } // End of function f_verifyCertificateSignatureWithPublicKey } // End of function f_verifySecuredSignatureWithPublicKey /** * @desc Verify the signature of the provided secured message * @param p_securedMessage * @param p_certificate Certificate to be used to verify the message * @return true on success, false otherwise * @verdict */ function f_verifyGnSecuredMessageWithDeviceCertificate( in template (value) SecuredMessage p_securedMessage, in template (value) Certificate p_certificate ) return boolean { return f_verifyGnSecuredMessageWithPublicKey(p_securedMessage, p_certificate.subject_attributes[0].attribute.key); } // End of function f_verifyGnSecuredOtherMessageWithDeviceCertificate } // End of group deviceSignatureHelpers } // End of group deviceSignatureHelpers Loading @@ -519,6 +513,7 @@ module LibItsSecurity_Functions { * @param p_msg the SecuredMessage * @param p_msg the SecuredMessage * @param p_type header field type * @param p_type header field type * @return HeaderField of given type if any or null * @return HeaderField of given type if any or null * @verdict Unchanged */ */ function f_getMsgHeaderField( function f_getMsgHeaderField( in SecuredMessage p_securedMessage, in SecuredMessage p_securedMessage, Loading @@ -540,6 +535,7 @@ module LibItsSecurity_Functions { /** /** * @desc return SignerInfo SecuredMessage field * @desc return SignerInfo SecuredMessage field * @verdict Unchanged */ */ function f_getMsgSignerInfo( function f_getMsgSignerInfo( in SecuredMessage p_securedMessage in SecuredMessage p_securedMessage Loading
ttcn/Security/LibItsSecurity_Pixits.ttcn3 +3 −3 Original line number Original line Diff line number Diff line Loading @@ -65,7 +65,7 @@ module LibItsSecurity_Pixits { }, }, validity_restrictions := { validity_restrictions := { m_validity_restriction_time_start_and_end( m_validity_restriction_time_start_and_end( 1405173485, 1408802285, 1513691885 1513691885 ), ), m_validity_restriction_region( m_validity_restriction_region( Loading Loading @@ -150,7 +150,7 @@ module LibItsSecurity_Pixits { }, }, validity_restrictions := { validity_restrictions := { m_validity_restriction_time_start_and_end( m_validity_restriction_time_start_and_end( 1405173485, 1408802285, 1513691885 1513691885 ), ), m_validity_restriction_region( m_validity_restriction_region( Loading Loading @@ -233,7 +233,7 @@ module LibItsSecurity_Pixits { }, }, validity_restrictions := { validity_restrictions := { m_validity_restriction_time_start_and_end( m_validity_restriction_time_start_and_end( 1405173485, 1408802285, 1513691885 1513691885 ) ) }, }, Loading
