Loading ttcn/Security/LibItsSecurity_Functions.ttcn3 +506 −491 Original line number Diff line number Diff line Loading @@ -184,7 +184,9 @@ module LibItsSecurity_Functions { * @param p_securedMessage The signed SecureMessage part * @param p_unsecuredPayload The unsigned payload (e.g. a beacon) * @param p_signerInfoType Add digest or AT certificate or certificate chain * @param p_headerFields Additional HeaderFields * @param p_headerFields HeaderFields to be inserted in the message * @param p_configId The configuration identifier to be used * @param p_addMissingHeaders Whether to add mandatory headers not present in p_headerFields * @param p_certificateName The certificate identifier to be used. Default: TA_CONFIG_A * @return true on success, false otherwise * @verdict Unchanged Loading @@ -194,7 +196,8 @@ module LibItsSecurity_Functions { in octetstring p_unsecuredPayload, in template (omit) SignerInfoType p_signerInfoType := e_certificate_digest_with_ecdsap256, in template (omit) HeaderFields p_headerFields := omit, in template (omit) charstring p_certificateName := omit in template (omit) charstring p_certificateName := omit, in boolean p_addMissingHeaders := true ) runs on ItsSecurityBaseComponent return boolean { // Local variables Loading @@ -202,6 +205,10 @@ module LibItsSecurity_Functions { var octetstring v_secPayload, v_signature; var Oct32 v_hash; var template (value) ToBeSignedSecuredMessage v_toBeSignedSecuredMessage; var integer i, j, k, n; var HeaderFields v_mandatoryHeaders := {}; var template (value) HeaderFields v_headerFields := {}; var template (value) HeaderField v_signerInfo; // Sanity check if (ispresent(p_certificateName) and (p_certificateName != "TA_CONFIG_A")) { Loading @@ -216,62 +223,86 @@ module LibItsSecurity_Functions { v_atCertificate := vc_atCertificate; } // Create SecuredMessage payload to be signed if(p_addMissingHeaders == false) { v_toBeSignedSecuredMessage.header_fields := p_headerFields; } else { // Prepare mandatory headers if (p_signerInfoType == e_certificate) { // Add the AT certificate v_toBeSignedSecuredMessage := m_toBeSignedSecuredMessage( c_security_profileCAMs, { // Field HeaderFields m_header_field_signer_info( m_signerInfo_certificate( v_atCertificate ) // End of template m_signerInfo_certificate ), // End of template m_header_field_signer_info m_header_field_generation_time(f_getCurrentTime()), m_header_field_message_type(c_messageType_CAM) }, // End of field HeaderFields { m_payload_unsecured( p_unsecuredPayload ) }, // End of field HeaderFields e_signature ); v_signerInfo := m_header_field_signer_info(m_signerInfo_certificate(v_atCertificate)); } if (p_signerInfoType == e_certificate_chain) { // Add the AT certificate + AA Certificate v_toBeSignedSecuredMessage := m_toBeSignedSecuredMessage( c_security_profileCAMs, { // Field HeaderFields m_header_field_signer_info( v_signerInfo := m_header_field_signer_info( m_signerInfo_certificates( { v_aaCertificate, v_atCertificate } ) // End of template m_signerInfo_certificate ), // End of template m_header_field_signer_info m_header_field_generation_time(f_getCurrentTime()), m_header_field_message_type(c_messageType_CAM) }, // End of field HeaderFields { m_payload_unsecured( p_unsecuredPayload ) }, // End of field HeaderFields e_signature ); } if (p_signerInfoType == e_certificate_digest_with_ecdsap256) { // Add the AT certificate digest v_toBeSignedSecuredMessage := m_toBeSignedSecuredMessage( c_security_profileCAMs, { // Field HeaderFields m_header_field_signer_info( m_signerInfo_digest( v_atCertificate.signer_infos[0].signerInfo.digest ) // End of template m_signerInfo_digest ), // End of template m_header_field_digest v_signerInfo := m_header_field_signer_info(m_signerInfo_digest(v_atCertificate.signer_infos[0].signerInfo.digest)); } v_mandatoryHeaders := { v_signerInfo, m_header_field_generation_time(f_getCurrentTime()), m_header_field_message_type(c_messageType_CAM) }, // End of field HeaderFields } if(not(ispresent(p_headerFields))) { v_toBeSignedSecuredMessage.header_fields := v_mandatoryHeaders; } else { // Merge p_headerFields and v_mandatoryHeaders into v_headerFields i := 0; // index for p_headerFields j := 0; // index for v_mandatoryHeaders k := 0; // index for v_headerFields // Special processing for signer_info if(lengthof(p_headerFields) > 0 and p_headerFields[i].type_ == e_signer_info) { v_headerFields[k] := p_headerFields[i]; k := k + 1; i := i + 1; } for(j:=j; j < lengthof(v_mandatoryHeaders); j:=j+1) { // Search for mandatory header in p_HeaderFields for(n:=0; n < lengthof(p_headerFields); n:=n+1) { if(p_headerFields[n].type_ == v_mandatoryHeaders[j].type_) { // mandatory header already in p_HeaderFields break; } } if(n >= lengthof(p_headerFields)) { if(v_mandatoryHeaders[j].type_ != e_signer_info) { // Add headers from p_headerFields having lower number than mandatory header for(n:=i ; n < lengthof(p_headerFields) and p_headerFields[n].type_ < v_mandatoryHeaders[j].type_; n:=n+1) { v_headerFields[k] := p_headerFields[n]; k := k + 1; i := i + 1; } } // Add mandatory header v_headerFields[k] := v_mandatoryHeaders[j]; k := k + 1; j := j + 1; } } // Add remaining headers from p_HeaderFields for(i:=i; i < lengthof(p_headerFields); i:=i+1) { // Add headers from p_headerFields having lower number than mandatory header v_headerFields[k] := p_headerFields[i]; k := k + 1; } } } v_toBeSignedSecuredMessage := m_toBeSignedSecuredMessage( c_security_profileCAMs, v_headerFields, { m_payload_unsecured( p_unsecuredPayload Loading @@ -279,32 +310,16 @@ module LibItsSecurity_Functions { }, // End of field HeaderFields e_signature ); } // log("v_toBeSignedSecuredMessage=", v_toBeSignedSecuredMessage); // Add additional header fields if any if (ispresent(p_headerFields) == true) { var integer v_addItemIndex := lengthof(v_toBeSignedSecuredMessage.header_fields); var integer v_counter; for (v_counter := 0; v_counter < lengthof(p_headerFields); v_counter := v_counter + 1) { v_toBeSignedSecuredMessage.header_fields[v_addItemIndex] := p_headerFields[v_counter]; v_addItemIndex := v_addItemIndex + 1; } // End of 'for' statement } v_secPayload := bit2oct(encvalue(v_toBeSignedSecuredMessage)); // log("v_secPayload= ", v_secPayload); // Calculate the hash of the SecuredMessage payload to be signed v_hash := f_hashWithSha256(v_secPayload); // log("v_hash= ", v_hash); // Signed payload v_signature := f_signWithEcdsaNistp256WithSha256( v_hash ); // log("v_signature= ", v_signature); p_securedMessage := md_secureMessage_profileCam( // See Clause 7.1 Security profile for CAMs v_toBeSignedSecuredMessage.header_fields, Loading Loading
ttcn/Security/LibItsSecurity_Functions.ttcn3 +506 −491 Original line number Diff line number Diff line Loading @@ -184,7 +184,9 @@ module LibItsSecurity_Functions { * @param p_securedMessage The signed SecureMessage part * @param p_unsecuredPayload The unsigned payload (e.g. a beacon) * @param p_signerInfoType Add digest or AT certificate or certificate chain * @param p_headerFields Additional HeaderFields * @param p_headerFields HeaderFields to be inserted in the message * @param p_configId The configuration identifier to be used * @param p_addMissingHeaders Whether to add mandatory headers not present in p_headerFields * @param p_certificateName The certificate identifier to be used. Default: TA_CONFIG_A * @return true on success, false otherwise * @verdict Unchanged Loading @@ -194,7 +196,8 @@ module LibItsSecurity_Functions { in octetstring p_unsecuredPayload, in template (omit) SignerInfoType p_signerInfoType := e_certificate_digest_with_ecdsap256, in template (omit) HeaderFields p_headerFields := omit, in template (omit) charstring p_certificateName := omit in template (omit) charstring p_certificateName := omit, in boolean p_addMissingHeaders := true ) runs on ItsSecurityBaseComponent return boolean { // Local variables Loading @@ -202,6 +205,10 @@ module LibItsSecurity_Functions { var octetstring v_secPayload, v_signature; var Oct32 v_hash; var template (value) ToBeSignedSecuredMessage v_toBeSignedSecuredMessage; var integer i, j, k, n; var HeaderFields v_mandatoryHeaders := {}; var template (value) HeaderFields v_headerFields := {}; var template (value) HeaderField v_signerInfo; // Sanity check if (ispresent(p_certificateName) and (p_certificateName != "TA_CONFIG_A")) { Loading @@ -216,62 +223,86 @@ module LibItsSecurity_Functions { v_atCertificate := vc_atCertificate; } // Create SecuredMessage payload to be signed if(p_addMissingHeaders == false) { v_toBeSignedSecuredMessage.header_fields := p_headerFields; } else { // Prepare mandatory headers if (p_signerInfoType == e_certificate) { // Add the AT certificate v_toBeSignedSecuredMessage := m_toBeSignedSecuredMessage( c_security_profileCAMs, { // Field HeaderFields m_header_field_signer_info( m_signerInfo_certificate( v_atCertificate ) // End of template m_signerInfo_certificate ), // End of template m_header_field_signer_info m_header_field_generation_time(f_getCurrentTime()), m_header_field_message_type(c_messageType_CAM) }, // End of field HeaderFields { m_payload_unsecured( p_unsecuredPayload ) }, // End of field HeaderFields e_signature ); v_signerInfo := m_header_field_signer_info(m_signerInfo_certificate(v_atCertificate)); } if (p_signerInfoType == e_certificate_chain) { // Add the AT certificate + AA Certificate v_toBeSignedSecuredMessage := m_toBeSignedSecuredMessage( c_security_profileCAMs, { // Field HeaderFields m_header_field_signer_info( v_signerInfo := m_header_field_signer_info( m_signerInfo_certificates( { v_aaCertificate, v_atCertificate } ) // End of template m_signerInfo_certificate ), // End of template m_header_field_signer_info m_header_field_generation_time(f_getCurrentTime()), m_header_field_message_type(c_messageType_CAM) }, // End of field HeaderFields { m_payload_unsecured( p_unsecuredPayload ) }, // End of field HeaderFields e_signature ); } if (p_signerInfoType == e_certificate_digest_with_ecdsap256) { // Add the AT certificate digest v_toBeSignedSecuredMessage := m_toBeSignedSecuredMessage( c_security_profileCAMs, { // Field HeaderFields m_header_field_signer_info( m_signerInfo_digest( v_atCertificate.signer_infos[0].signerInfo.digest ) // End of template m_signerInfo_digest ), // End of template m_header_field_digest v_signerInfo := m_header_field_signer_info(m_signerInfo_digest(v_atCertificate.signer_infos[0].signerInfo.digest)); } v_mandatoryHeaders := { v_signerInfo, m_header_field_generation_time(f_getCurrentTime()), m_header_field_message_type(c_messageType_CAM) }, // End of field HeaderFields } if(not(ispresent(p_headerFields))) { v_toBeSignedSecuredMessage.header_fields := v_mandatoryHeaders; } else { // Merge p_headerFields and v_mandatoryHeaders into v_headerFields i := 0; // index for p_headerFields j := 0; // index for v_mandatoryHeaders k := 0; // index for v_headerFields // Special processing for signer_info if(lengthof(p_headerFields) > 0 and p_headerFields[i].type_ == e_signer_info) { v_headerFields[k] := p_headerFields[i]; k := k + 1; i := i + 1; } for(j:=j; j < lengthof(v_mandatoryHeaders); j:=j+1) { // Search for mandatory header in p_HeaderFields for(n:=0; n < lengthof(p_headerFields); n:=n+1) { if(p_headerFields[n].type_ == v_mandatoryHeaders[j].type_) { // mandatory header already in p_HeaderFields break; } } if(n >= lengthof(p_headerFields)) { if(v_mandatoryHeaders[j].type_ != e_signer_info) { // Add headers from p_headerFields having lower number than mandatory header for(n:=i ; n < lengthof(p_headerFields) and p_headerFields[n].type_ < v_mandatoryHeaders[j].type_; n:=n+1) { v_headerFields[k] := p_headerFields[n]; k := k + 1; i := i + 1; } } // Add mandatory header v_headerFields[k] := v_mandatoryHeaders[j]; k := k + 1; j := j + 1; } } // Add remaining headers from p_HeaderFields for(i:=i; i < lengthof(p_headerFields); i:=i+1) { // Add headers from p_headerFields having lower number than mandatory header v_headerFields[k] := p_headerFields[i]; k := k + 1; } } } v_toBeSignedSecuredMessage := m_toBeSignedSecuredMessage( c_security_profileCAMs, v_headerFields, { m_payload_unsecured( p_unsecuredPayload Loading @@ -279,32 +310,16 @@ module LibItsSecurity_Functions { }, // End of field HeaderFields e_signature ); } // log("v_toBeSignedSecuredMessage=", v_toBeSignedSecuredMessage); // Add additional header fields if any if (ispresent(p_headerFields) == true) { var integer v_addItemIndex := lengthof(v_toBeSignedSecuredMessage.header_fields); var integer v_counter; for (v_counter := 0; v_counter < lengthof(p_headerFields); v_counter := v_counter + 1) { v_toBeSignedSecuredMessage.header_fields[v_addItemIndex] := p_headerFields[v_counter]; v_addItemIndex := v_addItemIndex + 1; } // End of 'for' statement } v_secPayload := bit2oct(encvalue(v_toBeSignedSecuredMessage)); // log("v_secPayload= ", v_secPayload); // Calculate the hash of the SecuredMessage payload to be signed v_hash := f_hashWithSha256(v_secPayload); // log("v_hash= ", v_hash); // Signed payload v_signature := f_signWithEcdsaNistp256WithSha256( v_hash ); // log("v_signature= ", v_signature); p_securedMessage := md_secureMessage_profileCam( // See Clause 7.1 Security profile for CAMs v_toBeSignedSecuredMessage.header_fields, Loading
