Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
TTCN-3 Libraries
LibIts
Commits
4f503327
Commit
4f503327
authored
Feb 06, 2019
by
Yann Garcia
Browse files
Validation with Escrypt PKI
parent
db77b62a
Changes
5
Hide whitespace changes
Inline
Side-by-side
ttcn/DENM/LibItsDenm_Functions.ttcn
View file @
4f503327
...
...
@@ -107,11 +107,15 @@ module LibItsDenm_Functions {
function
f_utTriggerEvent
(
template
(
value
)
UtDenmTrigger
p_event
)
runs
on
ItsDenm
return
ActionID
{
var
ActionID
v_actionId
;
var
UtDenmResults
v_result
;
log
(
">>> f_utTriggerEvent: "
,
p_event
);
//deactivate denmPort default alts
vc_denmDefaultActive
:=
false
;
log
(
"f_utTriggerEvent: Send message"
);
utPort
.
send
(
p_event
);
log
(
"f_utTriggerEvent: Wait response"
);
tc_wait
.
start
;
alt
{
[]
utPort
.
receive
(
UtDenmResults
:
{
utDenmTriggerResult
:=
?
})
->
value
v_result
{
...
...
ttcn/GeoNetworking/LibItsGeoNetworking_Functions.ttcn
View file @
4f503327
...
...
@@ -828,7 +828,7 @@ module LibItsGeoNetworking_Functions {
*/
function
f_startBeingNeighbour
()
runs
on
ItsGeoNetworking
{
vc_neighbourDefault
:=
activate
(
a_neighbourDefault
());
vc_neighbourDefault
:=
activate
(
a_neighbourDefault
());
f_acTriggerEvent
(
m_startBeaconing
(
m_beaconHeader
(
f_getPosition
(
vc_componentName
)).
beaconHeader
));
f_sleepIgnoreDef
(
PX_NEIGHBOUR_DISCOVERY_DELAY
);
}
// end f_startBeingNeighbour
...
...
ttcn/Pki/LibItsPki_Functions.ttcn
View file @
4f503327
...
...
@@ -1013,7 +1013,14 @@ module LibItsPki_Functions {
log
(
"f_generate_inner_at_request: Wrong NistP256 encryption variant"
);
return
false
;
}
v_enc_signed_ec_signature
:=
f_encryptWithEciesNistp256WithSha256
(
bit2oct
(
encvalue
(
v_signed_ec_signature
)),
v_public_enc_key
,
v_compressed_mode
,
''
O
,
v_public_compressed_ephemeral_key
,
v_public_compressed_ephemeral_mode
,
v_aes_sym_key
,
v_encrypted_sym_key
,
v_authentication_vector
,
v_nonce
,
PICS_SEC_FIXED_KEYS
);
if
(
PX_EC_ALG
==
e_nist_p256
)
{
v_enc_signed_ec_signature
:=
f_encryptWithEciesNistp256WithSha256
(
bit2oct
(
encvalue
(
v_signed_ec_signature
)),
v_public_enc_key
,
v_compressed_mode
,
''
O
,
v_public_compressed_ephemeral_key
,
v_public_compressed_ephemeral_mode
,
v_aes_sym_key
,
v_encrypted_sym_key
,
v_authentication_vector
,
v_nonce
,
PICS_SEC_FIXED_KEYS
);
}
else
if
(
PX_EC_ALG
==
e_brainpool_p256_r1
)
{
v_enc_signed_ec_signature
:=
f_encryptWithEciesBrainpoolp256WithSha256
(
bit2oct
(
encvalue
(
v_signed_ec_signature
)),
v_public_enc_key
,
v_compressed_mode
,
''
O
,
v_public_compressed_ephemeral_key
,
v_public_compressed_ephemeral_mode
,
v_aes_sym_key
,
v_encrypted_sym_key
,
v_authentication_vector
,
v_nonce
,
PICS_SEC_FIXED_KEYS
);
}
else
{
log
(
"f_generate_inner_at_request: Wrong encryption variant"
);
return
false
;
}
v_encrypted_data_encryption_key
:=
valueof
(
m_encryptedDataEncryptionKey_eciesNistP256
(
m_evciesP256EncryptedKey
(
...
...
@@ -1032,7 +1039,14 @@ module LibItsPki_Functions {
log
(
"f_generate_inner_at_request: Wrong BrainpoolP256r1 encryption variant"
);
return
false
;
}
v_enc_signed_ec_signature
:=
f_encryptWithEciesBrainpoolp256WithSha256
(
bit2oct
(
encvalue
(
v_signed_ec_signature
)),
v_public_enc_key
,
v_compressed_mode
,
''
O
,
v_public_compressed_ephemeral_key
,
v_public_compressed_ephemeral_mode
,
v_aes_sym_key
,
v_encrypted_sym_key
,
v_authentication_vector
,
v_nonce
,
PICS_SEC_FIXED_KEYS
);
if
(
PX_EC_ALG
==
e_nist_p256
)
{
v_enc_signed_ec_signature
:=
f_encryptWithEciesNistp256WithSha256
(
bit2oct
(
encvalue
(
v_signed_ec_signature
)),
v_public_enc_key
,
v_compressed_mode
,
''
O
,
v_public_compressed_ephemeral_key
,
v_public_compressed_ephemeral_mode
,
v_aes_sym_key
,
v_encrypted_sym_key
,
v_authentication_vector
,
v_nonce
,
PICS_SEC_FIXED_KEYS
);
}
else
if
(
PX_EC_ALG
==
e_brainpool_p256_r1
)
{
v_enc_signed_ec_signature
:=
f_encryptWithEciesBrainpoolp256WithSha256
(
bit2oct
(
encvalue
(
v_signed_ec_signature
)),
v_public_enc_key
,
v_compressed_mode
,
''
O
,
v_public_compressed_ephemeral_key
,
v_public_compressed_ephemeral_mode
,
v_aes_sym_key
,
v_encrypted_sym_key
,
v_authentication_vector
,
v_nonce
,
PICS_SEC_FIXED_KEYS
);
}
else
{
log
(
"f_generate_inner_at_request: Wrong encryption variant"
);
return
false
;
}
v_encrypted_data_encryption_key
:=
valueof
(
m_encryptedDataEncryptionKey_eciesBrainpoolP256r1
(
m_evciesP256EncryptedKey
(
...
...
@@ -1270,6 +1284,7 @@ module LibItsPki_Functions {
),
m_headerInfo_inner_ec_request
(
c_its_aid_SCR
,
f_getCurrentTimeUtc
())
);
log
(
"f_build_pki_secured_request_message_signed_with_pop: signer: "
,
p_signer_identifier
);
if
(
ischosen
(
p_signer_identifier
.
self_
))
{
v_tbs_signed
:=
f_signWithEcdsa
(
bit2oct
(
encvalue
(
v_tbs
)),
int2oct
(
0
,
32
),
p_private_key
);
}
else
{
...
...
@@ -1329,7 +1344,15 @@ module LibItsPki_Functions {
if
(
PICS_SEC_FIXED_KEYS
)
{
p_salt
:=
'
77
C0637C3558B3238FDE1EEC376DA080BE4076FB8491CA0F8C19FD34DF298CEB
'
O
;
}
v_encrypted_request
:=
f_encryptWithEciesNistp256WithSha256
(
v_encoded_request
,
p_public_key_compressed
,
p_compressed_mode
,
p_salt
,
v_public_compressed_ephemeral_key
,
v_public_compressed_ephemeral_mode
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
,
PICS_SEC_FIXED_KEYS
);
if
(
PX_EC_ALG
==
e_nist_p256
)
{
v_encrypted_request
:=
f_encryptWithEciesNistp256WithSha256
(
v_encoded_request
,
p_public_key_compressed
,
p_compressed_mode
,
p_salt
,
v_public_compressed_ephemeral_key
,
v_public_compressed_ephemeral_mode
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
,
PICS_SEC_FIXED_KEYS
);
}
else
if
(
PX_EC_ALG
==
e_brainpool_p256_r1
)
{
v_encrypted_request
:=
f_encryptWithEciesBrainpoolp256WithSha256
(
v_encoded_request
,
p_public_key_compressed
,
p_compressed_mode
,
p_salt
,
v_public_compressed_ephemeral_key
,
v_public_compressed_ephemeral_mode
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
,
PICS_SEC_FIXED_KEYS
);
}
else
{
log
(
"f_build_pki_secured_request_message_signed_with_pop: Wrong encryption variant"
);
return
false
;
}
log
(
"f_build_pki_secured_request_message_signed_with_pop: p_aes_sym_key= "
,
p_aes_sym_key
);
log
(
"f_build_pki_secured_request_message_signed_with_pop: p_encrypted_sym_key= "
,
p_encrypted_sym_key
);
log
(
"f_build_pki_secured_request_message_signed_with_pop: p_authentication_vector= "
,
p_authentication_vector
);
...
...
@@ -1373,18 +1396,18 @@ module LibItsPki_Functions {
m_etsiTs103097Data_encrypted
(
m_encryptedData
(
{
m_recipientInfo_
signedData
RecipInfo
(
m_pKRecipientInfo
(
v_recipientId
,
v_encrypted_data_encryption_key
))
},
m_SymmetricCiphertext_aes128ccm
(
m_aesCcmCiphertext
(
p_nonce
,
v_encrypted_request
)
)
m_recipientInfo_
cert
RecipInfo
(
m_pKRecipientInfo
(
v_recipientId
,
v_encrypted_data_encryption_key
))
},
m_SymmetricCiphertext_aes128ccm
(
m_aesCcmCiphertext
(
p_nonce
,
v_encrypted_request
)
)
)
)
);
...
...
@@ -1437,7 +1460,14 @@ module LibItsPki_Functions {
if
(
PICS_SEC_FIXED_KEYS
)
{
p_salt
:=
'
77
C0637C3558B3238FDE1EEC376DA080BE4076FB8491CA0F8C19FD34DF298CEB
'
O
;
}
v_encrypted_request
:=
f_encryptWithEciesNistp256WithSha256
(
p_pki_message
,
p_public_key_compressed
,
p_compressed_mode
,
p_salt
,
v_public_compressed_ephemeral_key
,
v_public_compressed_ephemeral_mode
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
,
PICS_SEC_FIXED_KEYS
);
if
(
PX_EC_ALG
==
e_nist_p256
)
{
v_encrypted_request
:=
f_encryptWithEciesNistp256WithSha256
(
p_pki_message
,
p_public_key_compressed
,
p_compressed_mode
,
p_salt
,
v_public_compressed_ephemeral_key
,
v_public_compressed_ephemeral_mode
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
,
PICS_SEC_FIXED_KEYS
);
}
else
if
(
PX_EC_ALG
==
e_brainpool_p256_r1
)
{
v_encrypted_request
:=
f_encryptWithEciesBrainpoolp256WithSha256
(
p_pki_message
,
p_public_key_compressed
,
p_compressed_mode
,
p_salt
,
v_public_compressed_ephemeral_key
,
v_public_compressed_ephemeral_mode
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
,
PICS_SEC_FIXED_KEYS
);
}
else
{
log
(
"f_build_pki_secured_request_message: Wrong encryption variant"
);
return
false
;
}
log
(
"f_build_pki_secured_request_message: p_aes_sym_key= "
,
p_aes_sym_key
);
log
(
"f_build_pki_secured_request_message: p_encrypted_sym_key= "
,
p_encrypted_sym_key
);
log
(
"f_build_pki_secured_request_message: p_authentication_vector= "
,
p_authentication_vector
);
...
...
@@ -1630,38 +1660,73 @@ module LibItsPki_Functions {
if
(
isbound
(
v_plain_message
)
==
false
)
{
return
false
;
}
log
(
"v_plain_message= "
,
v_plain_message
);
log
(
"
f_verify_pki_message:
v_plain_message= "
,
v_plain_message
);
// 2. Decode it
v_tbs
:=
oct2bit
(
v_plain_message
);
if
(
decvalue
(
v_tbs
,
v_ieee1609dot2_signed_data
)
!=
0
)
{
return
false
;
}
log
(
"v_ieee1609dot2_signed_data= "
,
v_ieee1609dot2_signed_data
);
log
(
"
f_verify_pki_message:
v_ieee1609dot2_signed_data= "
,
v_ieee1609dot2_signed_data
);
// 3. Check the signature
log
(
"v_ieee1609dot2_signed_data.content.signedData.tbsData= "
,
v_ieee1609dot2_signed_data
.
content
.
signedData
.
tbsData
);
log
(
"
f_verify_pki_message:
v_ieee1609dot2_signed_data.content.signedData.tbsData= "
,
v_ieee1609dot2_signed_data
.
content
.
signedData
.
tbsData
);
v_tbs
:=
encvalue
(
v_ieee1609dot2_signed_data
.
content
.
signedData
.
tbsData
);
if
(
f_getCertificateFromDigest
(
v_ieee1609dot2_signed_data
.
content
.
signedData
.
signer
.
digest
,
v_certificate
)
==
false
)
{
if
(
p_check_security
==
true
)
{
return
false
;
}
}
//log("v_certificate= ", v_certificate);
if
(
ischosen
(
v_certificate
.
toBeSigned
.
verifyKeyIndicator
.
verificationKey
.
ecdsaNistP256
.
compressed_y_0
))
{
v_ret
:=
f_verifyWithEcdsaNistp256WithSha256
(
bit2oct
(
v_tbs
),
p_issuer
,
v_ieee1609dot2_signed_data
.
content
.
signedData
.
signature_
.
ecdsaNistP256Signature
.
rSig
.
x_only
&
v_ieee1609dot2_signed_data
.
content
.
signedData
.
signature_
.
ecdsaNistP256Signature
.
sSig
,
v_certificate
.
toBeSigned
.
verifyKeyIndicator
.
verificationKey
.
ecdsaNistP256
.
compressed_y_0
,
0
);
}
else
{
v_ret
:=
f_verifyWithEcdsaNistp256WithSha256
(
bit2oct
(
v_tbs
),
p_issuer
,
v_ieee1609dot2_signed_data
.
content
.
signedData
.
signature_
.
ecdsaNistP256Signature
.
rSig
.
x_only
&
v_ieee1609dot2_signed_data
.
content
.
signedData
.
signature_
.
ecdsaNistP256Signature
.
sSig
,
v_certificate
.
toBeSigned
.
verifyKeyIndicator
.
verificationKey
.
ecdsaNistP256
.
compressed_y_1
,
1
);
//log("f_verify_pki_message: v_certificate= ", v_certificate);
v_ret
:=
false
;
if
(
ischosen
(
v_certificate
.
toBeSigned
.
verifyKeyIndicator
.
verificationKey
.
ecdsaNistP256
))
{
if
(
ischosen
(
v_certificate
.
toBeSigned
.
verifyKeyIndicator
.
verificationKey
.
ecdsaNistP256
.
compressed_y_0
))
{
v_ret
:=
f_verifyWithEcdsaNistp256WithSha256
(
bit2oct
(
v_tbs
),
p_issuer
,
v_ieee1609dot2_signed_data
.
content
.
signedData
.
signature_
.
ecdsaNistP256Signature
.
rSig
.
x_only
&
v_ieee1609dot2_signed_data
.
content
.
signedData
.
signature_
.
ecdsaNistP256Signature
.
sSig
,
v_certificate
.
toBeSigned
.
verifyKeyIndicator
.
verificationKey
.
ecdsaNistP256
.
compressed_y_0
,
0
);
}
else
{
v_ret
:=
f_verifyWithEcdsaNistp256WithSha256
(
bit2oct
(
v_tbs
),
p_issuer
,
v_ieee1609dot2_signed_data
.
content
.
signedData
.
signature_
.
ecdsaNistP256Signature
.
rSig
.
x_only
&
v_ieee1609dot2_signed_data
.
content
.
signedData
.
signature_
.
ecdsaNistP256Signature
.
sSig
,
v_certificate
.
toBeSigned
.
verifyKeyIndicator
.
verificationKey
.
ecdsaNistP256
.
compressed_y_1
,
1
);
}
}
else
if
(
ischosen
(
v_certificate
.
toBeSigned
.
verifyKeyIndicator
.
verificationKey
.
ecdsaBrainpoolP256r1
))
{
if
(
ischosen
(
v_certificate
.
toBeSigned
.
verifyKeyIndicator
.
verificationKey
.
ecdsaBrainpoolP256r1
.
compressed_y_0
))
{
v_ret
:=
f_verifyWithEcdsaBrainpoolp256WithSha256
(
bit2oct
(
v_tbs
),
p_issuer
,
v_ieee1609dot2_signed_data
.
content
.
signedData
.
signature_
.
ecdsaBrainpoolP256r1Signature
.
rSig
.
x_only
&
v_ieee1609dot2_signed_data
.
content
.
signedData
.
signature_
.
ecdsaBrainpoolP256r1Signature
.
sSig
,
v_certificate
.
toBeSigned
.
verifyKeyIndicator
.
verificationKey
.
ecdsaBrainpoolP256r1
.
compressed_y_0
,
0
);
}
else
{
v_ret
:=
f_verifyWithEcdsaBrainpoolp256WithSha256
(
bit2oct
(
v_tbs
),
p_issuer
,
v_ieee1609dot2_signed_data
.
content
.
signedData
.
signature_
.
ecdsaBrainpoolP256r1Signature
.
rSig
.
x_only
&
v_ieee1609dot2_signed_data
.
content
.
signedData
.
signature_
.
ecdsaBrainpoolP256r1Signature
.
sSig
,
v_certificate
.
toBeSigned
.
verifyKeyIndicator
.
verificationKey
.
ecdsaBrainpoolP256r1
.
compressed_y_1
,
1
);
}
}
else
if
(
ischosen
(
v_certificate
.
toBeSigned
.
verifyKeyIndicator
.
verificationKey
.
ecdsaBrainpoolP384r1
))
{
if
(
ischosen
(
v_certificate
.
toBeSigned
.
verifyKeyIndicator
.
verificationKey
.
ecdsaBrainpoolP384r1
.
compressed_y_0
))
{
v_ret
:=
f_verifyWithEcdsaBrainpoolp384WithSha384
(
bit2oct
(
v_tbs
),
p_issuer
,
v_ieee1609dot2_signed_data
.
content
.
signedData
.
signature_
.
ecdsaBrainpoolP384r1Signature
.
rSig
.
x_only
&
v_ieee1609dot2_signed_data
.
content
.
signedData
.
signature_
.
ecdsaBrainpoolP384r1Signature
.
sSig
,
v_certificate
.
toBeSigned
.
verifyKeyIndicator
.
verificationKey
.
ecdsaBrainpoolP384r1
.
compressed_y_0
,
0
);
}
else
{
v_ret
:=
f_verifyWithEcdsaBrainpoolp384WithSha384
(
bit2oct
(
v_tbs
),
p_issuer
,
v_ieee1609dot2_signed_data
.
content
.
signedData
.
signature_
.
ecdsaBrainpoolP384r1Signature
.
rSig
.
x_only
&
v_ieee1609dot2_signed_data
.
content
.
signedData
.
signature_
.
ecdsaBrainpoolP384r1Signature
.
sSig
,
v_certificate
.
toBeSigned
.
verifyKeyIndicator
.
verificationKey
.
ecdsaBrainpoolP384r1
.
compressed_y_1
,
1
);
}
}
if
(
v_ret
==
false
)
{
if
(
p_check_security
==
true
)
{
...
...
ttcn/Pki/LibItsPki_Pics.ttcn
View file @
4f503327
...
...
@@ -33,7 +33,7 @@ module LibItsPki_Pics {
/**
* @desc Is a re-enrolment request?
*/
modulepar
boolean
PICS_SECPKI_REENROLMENT
:=
tru
e
;
modulepar
boolean
PICS_SECPKI_REENROLMENT
:=
fals
e
;
/**
* @desc ?
...
...
ttcn/Security/LibItsSecurity_Functions.ttcn
View file @
4f503327
...
...
@@ -2207,6 +2207,22 @@ module LibItsSecurity_Functions {
return
true
;
}
// End of function f_getCertificateFromDigest
function
f_getCertificateFromHashedId3
(
in
HashedId3
p_digest
,
out
EtsiTs103097Certificate
p_certificate
)
return
boolean
{
var
charstring
v_certificate_id
;
if
(
not
(
fx_readCertificateFromHashedId3
(
p_digest
,
v_certificate_id
)))
{
log
(
"f_getCertificateFromHashedId3: Failed to retrieve digest for "
,
p_digest
);
return
false
;
}
if
(
not
(
f_readCertificate
(
v_certificate_id
,
p_certificate
)))
{
log
(
"f_getCertificateFromHashedId3: Failed to retrieve digest for "
,
v_certificate_id
);
return
false
;
}
return
true
;
}
// End of function f_getCertificateFromHashedId3
/**
* @desc Read the signing private key for the specified certificate
* @param p_keysId the keys identifier
...
...
@@ -2589,6 +2605,8 @@ module LibItsSecurity_Functions {
external
function
fx_readCertificateFromDigest
(
in
HashedId8
p_digest
,
out
charstring
p_certificate_id
)
return
boolean
;
external
function
fx_readCertificateFromHashedId3
(
in
HashedId3
p_digest
,
out
charstring
p_certificate_id
)
return
boolean
;
/**
* @desc Read the private keys for the specified certificate
* @param p_keysId the keys identifier
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment