Loading ttcn/Security/LibItsSecurity_Functions.ttcn3 +217 −44 Original line number Diff line number Diff line Loading @@ -22,42 +22,46 @@ module LibItsSecurity_Functions { /** * @desc Produces a 256-bit (32-byte) hash value * @param TODO * @return TODO * @param p_toBeHashedData Data to be used to calculate the hash value * @return The hash value */ function f_hashWithSha256(in octetstring p_toBeHashedData) { } function f_hashWithSha256(in octetstring p_toBeHashedData) return Oct32 { return fx_hashWithSha256(p_toBeHashedData); } // End of function f_hashWithSha256 /** * @desc Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signaturee * @param TODO * @return TODO * @param p_toBeSignedData The data to be signed * @return The signature value */ function f_signWithEcdsaNistp256WithSha256() { function f_signWithEcdsaNistp256WithSha256(in Oct32 p_toBeSignedData) return octetstring { return fx_signWithEcdsaNistp256WithSha256( p_toBeSignedData, PX_PRIVATE_SIGNING_KEYS[PX_CERTIFICATE_CONFIG_IDX] ); } } // End of function f_signWithEcdsaNistp256WithSha256 /** * @desc Verify the signature of the specified data * @param TODO * @param p_toBeVerifiedData The data to be verified * @param p_signature The signature * @param p_ecdsaNistp256PublicKeyX The public key (x coordinate) * @param p_ecdsaNistp256PublicKeyY The public key (y coordinate) * @return true on success, false otherwise */ function f_verifyWithEcdsaNistp256WithSha256( in octetstring p_toBeHashedData, out Oct32 p_hashValue) return boolean { p_hashValue := fx_hashWithSha256(p_toBeHashedData); return true; } /** * @desc Produce a new public/private key pair based on Elliptic Curve Digital Signature Algorithm (ECDSA) algorithm * @param TODO * @return true on success, false otherwise */ function f_generateKeyPair() return boolean { return false; } in octetstring p_toBeVerifiedData, in octetstring p_signature, in octetstring p_ecdsaNistp256PublicKeyX, in octetstring p_ecdsaNistp256PublicKeyY ) return boolean { return fx_verifyWithEcdsaNistp256WithSha256( p_toBeVerifiedData, p_signature, p_ecdsaNistp256PublicKeyX, p_ecdsaNistp256PublicKeyY); } // End of function f_verifyWithEcdsaNistp256WithSha256 /** * @desc Calculate digest over the certificate Loading @@ -81,7 +85,65 @@ module LibItsSecurity_Functions { in ThreeDLocation p_threeDLocation, out template (value) SecuredMessage p_securedMessage) return boolean { return false; // TODO // Local variables var octetstring v_secPayload, v_signature; var Oct32 v_hash; var template (value) ToBeSignedData v_toBeSignedData; // Create SecuredMessage payload to be signed v_toBeSignedData := m_toBeSignedData_profileOther( { // Field HeaderFields m_header_field_signer_info( m_signerInfo_certificate( PX_AT_CERTIFICATES[PX_CERTIFICATE_CONFIG_IDX] ) // End of template m_signerInfo_certificate ), // End of template m_header_field_signer_info m_header_field_generation_time(f_getCurrentTime()), m_header_field_generation_location( p_threeDLocation ), m_header_field_message_type(c_messageType_CAM) }, // End of field HeaderFields { m_payload_unsecured( p_unsecuredPayload ) }, // End of field HeaderFields e_signature ); v_secPayload := bit2oct(encvalue(v_toBeSignedData)); // log("v_secPayload: ", v_secPayload); // Calculate the hash of the SecuredMessage payload to be signed v_hash := f_hashWithSha256(v_secPayload); // log("v_hash: ", v_hash); // Signed payload v_signature := f_signWithEcdsaNistp256WithSha256( v_hash ); // log("v_signature: ", v_signature); p_securedMessage := m_securedMessage_profileOther( // See Clause 7.3 Generic security profile for other signed messages v_toBeSignedData.header_fields, v_toBeSignedData.payload_fields, { m_trailer_field_signature( m_signature( m_ecdsaSignature( m_eccPointecdsa_nistp256_with_sha256_y_coordinate_only( substr(v_signature, 2, 32) ), substr(v_signature, 34, 32) ) ) ) } ); // End of template m_securedMessageBeacon return true; } /** Loading @@ -97,8 +159,66 @@ module LibItsSecurity_Functions { in ThreeDLocation p_threeDLocation, out template (value) SecuredMessage p_securedMessage) return boolean { return false; // TODO // Local variables var octetstring v_secPayload, v_signature; var Oct32 v_hash; var template (value) ToBeSignedData v_toBeSignedData; // Create SecuredMessage payload to be signed v_toBeSignedData := m_toBeSignedData_profileOther( { // Field HeaderFields m_header_field_signer_info( m_signerInfo_certificate( PX_AT_CERTIFICATES[PX_CERTIFICATE_CONFIG_IDX] ) // End of template m_signerInfo_certificate ), // End of template m_header_field_signer_info m_header_field_generation_time(f_getCurrentTime()), m_header_field_generation_location( p_threeDLocation ), m_header_field_message_type(c_messageType_DENM) }, // End of field HeaderFields { m_payload_unsecured( p_unsecuredPayload ) }, // End of field HeaderFields e_signature ); v_secPayload := bit2oct(encvalue(v_toBeSignedData)); // log("v_secPayload: ", v_secPayload); // Calculate the hash of the SecuredMessage payload to be signed v_hash := f_hashWithSha256(v_secPayload); // log("v_hash: ", v_hash); // Signed payload v_signature := f_signWithEcdsaNistp256WithSha256( v_hash ); // log("v_signature: ", v_signature); p_securedMessage := m_securedMessage_profileOther( // See Clause 7.3 Generic security profile for other signed messages v_toBeSignedData.header_fields, v_toBeSignedData.payload_fields, { m_trailer_field_signature( m_signature( m_ecdsaSignature( m_eccPointecdsa_nistp256_with_sha256_y_coordinate_only( substr(v_signature, 2, 32) ), substr(v_signature, 34, 32) ) ) ) } ); // End of template m_securedMessageBeacon return true; } // End of function f_buildGnSecuredDenm /** * @desc This function build and sign the SecureMessage part covered by the signature process Loading @@ -108,7 +228,7 @@ module LibItsSecurity_Functions { * @return true on success, false otherwise * @verdict Unchanged */ function f_buildGnSecuredBeacon( function f_buildGnSecuredOtherMessage( in octetstring p_unsecuredPayload, in ThreeDLocation p_threeDLocation, out template (value) SecuredMessage p_securedMessage) Loading Loading @@ -141,21 +261,17 @@ module LibItsSecurity_Functions { ); v_secPayload := bit2oct(encvalue(v_toBeSignedData)); log("v_secPayload length: ", lengthof(v_secPayload)); log("v_secPayload: ", v_secPayload); // log("f_buildGnSecuredOtherMessage: v_secPayload: ", v_secPayload); // Calculate the hash of the SecuredMessage payload to be signed v_hash := fx_hashWithSha256(v_secPayload); log("v_hash length: ", lengthof(v_hash)); log("v_hash: ", v_hash); v_hash := f_hashWithSha256(v_secPayload); // log("f_buildGnSecuredOtherMessage: v_hash: ", v_hash); // Signed payload v_signature := fx_signWithEcdsaNistp256WithSha256( v_hash, PC_PRIVATE_KEYS[PX_CERTIFICATE_CONFIG_IDX] v_signature := f_signWithEcdsaNistp256WithSha256( v_hash ); log("v_signature length: ", lengthof(v_signature)); log("v_signature: ", v_signature); // log("f_buildGnSecuredOtherMessage: v_signature: ", v_signature); p_securedMessage := m_securedMessage_profileOther( // See Clause 7.3 Generic security profile for other signed messages v_toBeSignedData.header_fields, Loading @@ -175,7 +291,63 @@ module LibItsSecurity_Functions { ); // End of template m_securedMessageBeacon return true; } // End of function f_buildGnSecuredBeacon } // End of function f_buildGnSecuredOtherMessage /** * * @desc Verify the signature of the prvided secured message * @param p_securedMessage * @return true on success, false otherwise * @verdict */ function f_verifyGnSecuredOtherMessage( in template (value) SecuredMessage p_securedMessage) return boolean { // Local variables var octetstring v_secPayload; var octetstring v_signedData; var Oct32 v_hash; var integer v_counter; var boolean v_result := false; var template (value) ToBeSignedData v_toBeSignedData; // Create SecuredMessage payload to be signed v_toBeSignedData := m_toBeSignedData_profileOther( p_securedMessage.header_fields, p_securedMessage.payload_fields, e_signature ); v_secPayload := bit2oct(encvalue(v_toBeSignedData)); // log("f_verifyGnSecuredOtherMessage: v_secPayload: ", v_secPayload); // Calculate the hash of the SecuredMessage payload to be signed v_hash := fx_hashWithSha256(v_secPayload); // log("f_verifyGnSecuredOtherMessage: v_hash: ", v_hash); // Verify payload for (v_counter := 0; v_counter < lengthof(p_securedMessage.trailer_fields); v_counter := v_counter + 1) { if ( (p_securedMessage.trailer_fields[v_counter].type_ == e_signature) and (p_securedMessage.trailer_fields[v_counter].trailerField.signature_.algorithm == e_ecdsa_nistp256_with_sha256) ) { v_signedData := '0000'O & p_securedMessage.trailer_fields[v_counter].trailerField.signature_.signature_.ecdsa_signature.r.x & p_securedMessage.trailer_fields[v_counter].trailerField.signature_.signature_.ecdsa_signature.s; // log("f_verifyGnSecuredOtherMessage: v_signedData: ", v_signedData); v_result := f_verifyWithEcdsaNistp256WithSha256( v_hash, v_signedData, PX_AT_CERTIFICATES[PX_CERTIFICATE_CONFIG_IDX].subject_attributes[0].attribute.key.public_key.eccPoint.x, PX_AT_CERTIFICATES[PX_CERTIFICATE_CONFIG_IDX].subject_attributes[0].attribute.key.public_key.eccPoint.y.y ); } } // End of 'for' statement return v_result; } // End of function f_verifyGnSecuredOtherMessage group messageGetters { Loading Loading @@ -256,7 +428,7 @@ module LibItsSecurity_Functions { * @param p_toBeHashedData Data to be used to calculate the hash value * @return The hash value */ external function fx_hashWithSha256(in octetstring p_toBeHashedData) return octetstring; external function fx_hashWithSha256(in octetstring p_toBeHashedData) return Oct32; /** * @desc Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signaturee Loading @@ -277,7 +449,8 @@ module LibItsSecurity_Functions { external function fx_verifyWithEcdsaNistp256WithSha256(in octetstring p_toBeVerifiedData, in octetstring p_signature, in octetstring p_ecdsaNistp256PublicKeyX, in octetstring p_ecdsaNistp256PublicKeyY) return boolean; /** * @desc Produce a new public/private key pair based on Elliptic Curve Digital Signature Algorithm (ECDSA) algorithm * @desc Produce a new public/private key pair based on Elliptic Curve Digital Signature Algorithm (ECDSA) algorithm. * This function should not be used by the ATS * @param p_privateKey The new private key value * @param p_publicKeyX The new public key value (x coordinate) * @param p_publicKeyX The new public key value (y coordinate) Loading ttcn/Security/LibItsSecurity_Pixits.ttcn3 +22 −185 File changed.Preview size limit exceeded, changes collapsed. Show changes Loading
ttcn/Security/LibItsSecurity_Functions.ttcn3 +217 −44 Original line number Diff line number Diff line Loading @@ -22,42 +22,46 @@ module LibItsSecurity_Functions { /** * @desc Produces a 256-bit (32-byte) hash value * @param TODO * @return TODO * @param p_toBeHashedData Data to be used to calculate the hash value * @return The hash value */ function f_hashWithSha256(in octetstring p_toBeHashedData) { } function f_hashWithSha256(in octetstring p_toBeHashedData) return Oct32 { return fx_hashWithSha256(p_toBeHashedData); } // End of function f_hashWithSha256 /** * @desc Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signaturee * @param TODO * @return TODO * @param p_toBeSignedData The data to be signed * @return The signature value */ function f_signWithEcdsaNistp256WithSha256() { function f_signWithEcdsaNistp256WithSha256(in Oct32 p_toBeSignedData) return octetstring { return fx_signWithEcdsaNistp256WithSha256( p_toBeSignedData, PX_PRIVATE_SIGNING_KEYS[PX_CERTIFICATE_CONFIG_IDX] ); } } // End of function f_signWithEcdsaNistp256WithSha256 /** * @desc Verify the signature of the specified data * @param TODO * @param p_toBeVerifiedData The data to be verified * @param p_signature The signature * @param p_ecdsaNistp256PublicKeyX The public key (x coordinate) * @param p_ecdsaNistp256PublicKeyY The public key (y coordinate) * @return true on success, false otherwise */ function f_verifyWithEcdsaNistp256WithSha256( in octetstring p_toBeHashedData, out Oct32 p_hashValue) return boolean { p_hashValue := fx_hashWithSha256(p_toBeHashedData); return true; } /** * @desc Produce a new public/private key pair based on Elliptic Curve Digital Signature Algorithm (ECDSA) algorithm * @param TODO * @return true on success, false otherwise */ function f_generateKeyPair() return boolean { return false; } in octetstring p_toBeVerifiedData, in octetstring p_signature, in octetstring p_ecdsaNistp256PublicKeyX, in octetstring p_ecdsaNistp256PublicKeyY ) return boolean { return fx_verifyWithEcdsaNistp256WithSha256( p_toBeVerifiedData, p_signature, p_ecdsaNistp256PublicKeyX, p_ecdsaNistp256PublicKeyY); } // End of function f_verifyWithEcdsaNistp256WithSha256 /** * @desc Calculate digest over the certificate Loading @@ -81,7 +85,65 @@ module LibItsSecurity_Functions { in ThreeDLocation p_threeDLocation, out template (value) SecuredMessage p_securedMessage) return boolean { return false; // TODO // Local variables var octetstring v_secPayload, v_signature; var Oct32 v_hash; var template (value) ToBeSignedData v_toBeSignedData; // Create SecuredMessage payload to be signed v_toBeSignedData := m_toBeSignedData_profileOther( { // Field HeaderFields m_header_field_signer_info( m_signerInfo_certificate( PX_AT_CERTIFICATES[PX_CERTIFICATE_CONFIG_IDX] ) // End of template m_signerInfo_certificate ), // End of template m_header_field_signer_info m_header_field_generation_time(f_getCurrentTime()), m_header_field_generation_location( p_threeDLocation ), m_header_field_message_type(c_messageType_CAM) }, // End of field HeaderFields { m_payload_unsecured( p_unsecuredPayload ) }, // End of field HeaderFields e_signature ); v_secPayload := bit2oct(encvalue(v_toBeSignedData)); // log("v_secPayload: ", v_secPayload); // Calculate the hash of the SecuredMessage payload to be signed v_hash := f_hashWithSha256(v_secPayload); // log("v_hash: ", v_hash); // Signed payload v_signature := f_signWithEcdsaNistp256WithSha256( v_hash ); // log("v_signature: ", v_signature); p_securedMessage := m_securedMessage_profileOther( // See Clause 7.3 Generic security profile for other signed messages v_toBeSignedData.header_fields, v_toBeSignedData.payload_fields, { m_trailer_field_signature( m_signature( m_ecdsaSignature( m_eccPointecdsa_nistp256_with_sha256_y_coordinate_only( substr(v_signature, 2, 32) ), substr(v_signature, 34, 32) ) ) ) } ); // End of template m_securedMessageBeacon return true; } /** Loading @@ -97,8 +159,66 @@ module LibItsSecurity_Functions { in ThreeDLocation p_threeDLocation, out template (value) SecuredMessage p_securedMessage) return boolean { return false; // TODO // Local variables var octetstring v_secPayload, v_signature; var Oct32 v_hash; var template (value) ToBeSignedData v_toBeSignedData; // Create SecuredMessage payload to be signed v_toBeSignedData := m_toBeSignedData_profileOther( { // Field HeaderFields m_header_field_signer_info( m_signerInfo_certificate( PX_AT_CERTIFICATES[PX_CERTIFICATE_CONFIG_IDX] ) // End of template m_signerInfo_certificate ), // End of template m_header_field_signer_info m_header_field_generation_time(f_getCurrentTime()), m_header_field_generation_location( p_threeDLocation ), m_header_field_message_type(c_messageType_DENM) }, // End of field HeaderFields { m_payload_unsecured( p_unsecuredPayload ) }, // End of field HeaderFields e_signature ); v_secPayload := bit2oct(encvalue(v_toBeSignedData)); // log("v_secPayload: ", v_secPayload); // Calculate the hash of the SecuredMessage payload to be signed v_hash := f_hashWithSha256(v_secPayload); // log("v_hash: ", v_hash); // Signed payload v_signature := f_signWithEcdsaNistp256WithSha256( v_hash ); // log("v_signature: ", v_signature); p_securedMessage := m_securedMessage_profileOther( // See Clause 7.3 Generic security profile for other signed messages v_toBeSignedData.header_fields, v_toBeSignedData.payload_fields, { m_trailer_field_signature( m_signature( m_ecdsaSignature( m_eccPointecdsa_nistp256_with_sha256_y_coordinate_only( substr(v_signature, 2, 32) ), substr(v_signature, 34, 32) ) ) ) } ); // End of template m_securedMessageBeacon return true; } // End of function f_buildGnSecuredDenm /** * @desc This function build and sign the SecureMessage part covered by the signature process Loading @@ -108,7 +228,7 @@ module LibItsSecurity_Functions { * @return true on success, false otherwise * @verdict Unchanged */ function f_buildGnSecuredBeacon( function f_buildGnSecuredOtherMessage( in octetstring p_unsecuredPayload, in ThreeDLocation p_threeDLocation, out template (value) SecuredMessage p_securedMessage) Loading Loading @@ -141,21 +261,17 @@ module LibItsSecurity_Functions { ); v_secPayload := bit2oct(encvalue(v_toBeSignedData)); log("v_secPayload length: ", lengthof(v_secPayload)); log("v_secPayload: ", v_secPayload); // log("f_buildGnSecuredOtherMessage: v_secPayload: ", v_secPayload); // Calculate the hash of the SecuredMessage payload to be signed v_hash := fx_hashWithSha256(v_secPayload); log("v_hash length: ", lengthof(v_hash)); log("v_hash: ", v_hash); v_hash := f_hashWithSha256(v_secPayload); // log("f_buildGnSecuredOtherMessage: v_hash: ", v_hash); // Signed payload v_signature := fx_signWithEcdsaNistp256WithSha256( v_hash, PC_PRIVATE_KEYS[PX_CERTIFICATE_CONFIG_IDX] v_signature := f_signWithEcdsaNistp256WithSha256( v_hash ); log("v_signature length: ", lengthof(v_signature)); log("v_signature: ", v_signature); // log("f_buildGnSecuredOtherMessage: v_signature: ", v_signature); p_securedMessage := m_securedMessage_profileOther( // See Clause 7.3 Generic security profile for other signed messages v_toBeSignedData.header_fields, Loading @@ -175,7 +291,63 @@ module LibItsSecurity_Functions { ); // End of template m_securedMessageBeacon return true; } // End of function f_buildGnSecuredBeacon } // End of function f_buildGnSecuredOtherMessage /** * * @desc Verify the signature of the prvided secured message * @param p_securedMessage * @return true on success, false otherwise * @verdict */ function f_verifyGnSecuredOtherMessage( in template (value) SecuredMessage p_securedMessage) return boolean { // Local variables var octetstring v_secPayload; var octetstring v_signedData; var Oct32 v_hash; var integer v_counter; var boolean v_result := false; var template (value) ToBeSignedData v_toBeSignedData; // Create SecuredMessage payload to be signed v_toBeSignedData := m_toBeSignedData_profileOther( p_securedMessage.header_fields, p_securedMessage.payload_fields, e_signature ); v_secPayload := bit2oct(encvalue(v_toBeSignedData)); // log("f_verifyGnSecuredOtherMessage: v_secPayload: ", v_secPayload); // Calculate the hash of the SecuredMessage payload to be signed v_hash := fx_hashWithSha256(v_secPayload); // log("f_verifyGnSecuredOtherMessage: v_hash: ", v_hash); // Verify payload for (v_counter := 0; v_counter < lengthof(p_securedMessage.trailer_fields); v_counter := v_counter + 1) { if ( (p_securedMessage.trailer_fields[v_counter].type_ == e_signature) and (p_securedMessage.trailer_fields[v_counter].trailerField.signature_.algorithm == e_ecdsa_nistp256_with_sha256) ) { v_signedData := '0000'O & p_securedMessage.trailer_fields[v_counter].trailerField.signature_.signature_.ecdsa_signature.r.x & p_securedMessage.trailer_fields[v_counter].trailerField.signature_.signature_.ecdsa_signature.s; // log("f_verifyGnSecuredOtherMessage: v_signedData: ", v_signedData); v_result := f_verifyWithEcdsaNistp256WithSha256( v_hash, v_signedData, PX_AT_CERTIFICATES[PX_CERTIFICATE_CONFIG_IDX].subject_attributes[0].attribute.key.public_key.eccPoint.x, PX_AT_CERTIFICATES[PX_CERTIFICATE_CONFIG_IDX].subject_attributes[0].attribute.key.public_key.eccPoint.y.y ); } } // End of 'for' statement return v_result; } // End of function f_verifyGnSecuredOtherMessage group messageGetters { Loading Loading @@ -256,7 +428,7 @@ module LibItsSecurity_Functions { * @param p_toBeHashedData Data to be used to calculate the hash value * @return The hash value */ external function fx_hashWithSha256(in octetstring p_toBeHashedData) return octetstring; external function fx_hashWithSha256(in octetstring p_toBeHashedData) return Oct32; /** * @desc Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signaturee Loading @@ -277,7 +449,8 @@ module LibItsSecurity_Functions { external function fx_verifyWithEcdsaNistp256WithSha256(in octetstring p_toBeVerifiedData, in octetstring p_signature, in octetstring p_ecdsaNistp256PublicKeyX, in octetstring p_ecdsaNistp256PublicKeyY) return boolean; /** * @desc Produce a new public/private key pair based on Elliptic Curve Digital Signature Algorithm (ECDSA) algorithm * @desc Produce a new public/private key pair based on Elliptic Curve Digital Signature Algorithm (ECDSA) algorithm. * This function should not be used by the ATS * @param p_privateKey The new private key value * @param p_publicKeyX The new public key value (x coordinate) * @param p_publicKeyX The new public key value (y coordinate) Loading
ttcn/Security/LibItsSecurity_Pixits.ttcn3 +22 −185 File changed.Preview size limit exceeded, changes collapsed. Show changes
