Loading ttcn/Security/LibItsSecurity_Functions.ttcn +73 −40 Original line number Original line Diff line number Diff line Loading @@ -1144,37 +1144,50 @@ module LibItsSecurity_Functions { */ */ function f_verifyCertificateSignatureWithPublicKey( function f_verifyCertificateSignatureWithPublicKey( in template (value) EtsiTs103097Certificate p_certificateToBeVerified, in template (value) EtsiTs103097Certificate p_certificateToBeVerified, in template (value) EccP256CurvePoint p_publicKey in template (value) PublicVerificationKey p_publicVerificationKey ) return boolean { ) return boolean { // Local variables var ToBeSignedCertificate v_toBeSignedCertificate; var octetstring toBeVerifiedData; var octetstring v_enc_msg; var octetstring v_signature; var octetstring v_signature; var boolean v_result := false; var template (value) ToBeSignedCertificate v_toBeSignedCertificate; // Create EtsiTs103097Certificate payload to be verified // Create ToBeSignedCertificate payload to be signed /* FIXME To be reviewed v_toBeSignedCertificate := m_toBeSignedCertificate(p_certificateToBeVerified); v_toBeSignedCertificate := valueof(p_certificateToBeVerified.toBeSigned); toBeVerifiedData := bit2oct(encvalue(v_toBeSignedCertificate)); log("f_verifyCertificateSignatureWithPublicKey: v_toBeSignedCertificate=", v_toBeSignedCertificate); // Build the signature v_enc_msg := bit2oct(encvalue(v_toBeSignedCertificate)); v_signature := log("f_verifyCertificateSignatureWithPublicKey: v_enc_msg=", v_enc_msg); '0000'O & valueof(p_certificateToBeVerified.signature_.ecdsaNistP256Signature.rSig) & valueof(p_certificateToBeVerified.signature_.ecdsaNistP256Signature.sSig); log("toBeVerifiedData: ", toBeVerifiedData); // Verify payload log("v_signature : ", v_signature); if (ischosen(p_publicVerificationKey.ecdsaBrainpoolP256r1)) { log("EcdsaP256Signature :", p_publicKey); v_signature := valueof(p_certificateToBeVerified.signature_.ecdsaBrainpoolP256r1Signature.rSig.x_only) & valueof(p_certificateToBeVerified.signature_.ecdsaBrainpoolP256r1Signature.sSig); log("f_verifyCertificateSignatureWithPublicKey: v_signedData=", v_signature); // Verify the certificate return f_verifyWithEcdsaBrainpoolp256WithSha256( v_result := f_verifyWithEcdsaNistp256WithSha256( v_enc_msg, toBeVerifiedData, v_signature, v_signature, valueof(p_publicKey.uncompressedP256.x), valueof(p_publicVerificationKey.ecdsaBrainpoolP256r1.uncompressedP256.x), valueof(p_publicKey.uncompressedP256.y) valueof(p_publicVerificationKey.ecdsaBrainpoolP256r1.uncompressedP256.y) );*/ ); } else if (ischosen(p_publicVerificationKey.ecdsaBrainpoolP384r1)) { v_signature := valueof(p_certificateToBeVerified.signature_.ecdsaBrainpoolP384r1Signature.rSig.x_only) & valueof(p_certificateToBeVerified.signature_.ecdsaBrainpoolP384r1Signature.sSig); log("f_verifyCertificateSignatureWithPublicKey: v_signedData=", v_signature); return f_verifyWithEcdsaBrainpoolp384WithSha384( v_enc_msg, v_signature, valueof(p_publicVerificationKey.ecdsaBrainpoolP384r1.uncompressedP384.x), valueof(p_publicVerificationKey.ecdsaBrainpoolP384r1.uncompressedP384.y) ); } else if (ischosen(p_publicVerificationKey.ecdsaNistP256)) { v_signature := valueof(p_certificateToBeVerified.signature_.ecdsaNistP256Signature.rSig.x_only) & valueof(p_certificateToBeVerified.signature_.ecdsaNistP256Signature.sSig); log("f_verifyCertificateSignatureWithPublicKey: v_signedData=", v_signature); return f_verifyWithEcdsaNistp256WithSha256( v_enc_msg, v_signature, valueof(p_publicVerificationKey.ecdsaNistP256.uncompressedP256.x), valueof(p_publicVerificationKey.ecdsaNistP256.uncompressedP256.y) ); } return v_result; return false; } // End of finction f_verifyCertificateSignatureWithPublicKey } // End of finction f_verifyCertificateSignatureWithPublicKey /** /** Loading @@ -1188,15 +1201,15 @@ module LibItsSecurity_Functions { in template (value) EtsiTs103097Certificate p_certificateToBeVerified, in template (value) EtsiTs103097Certificate p_certificateToBeVerified, in template (value) EtsiTs103097Certificate p_issuingCertificate in template (value) EtsiTs103097Certificate p_issuingCertificate ) return boolean { ) return boolean { /* FIXME To be reviewed for (var integer v_counter := 0; v_counter < lengthof(p_issuingCertificate.subject_attributes); v_counter := v_counter + 1) { if (valueof(p_issuingCertificate.subject_attributes[v_counter].type_) == e_verification_key) { return f_verifyCertificateSignatureWithPublicKey( p_certificateToBeVerified, valueof(p_issuingCertificate.subject_attributes[v_counter].attribute.key)); } }*/ // End of 'for' statement // Sanity checks if (not(ischosen(p_issuingCertificate.toBeSigned.verifyKeyIndicator.verificationKey))) { return false; return false; } return f_verifyCertificateSignatureWithPublicKey( p_certificateToBeVerified, p_issuingCertificate.toBeSigned.verifyKeyIndicator.verificationKey ); } // End of function f_verifyCertificateSignatureWithIssuingCertificate } // End of function f_verifyCertificateSignatureWithIssuingCertificate /** /** Loading Loading @@ -1348,7 +1361,7 @@ module LibItsSecurity_Functions { return f_verifyGnSecuredMessageSignature_ecdsaNistP256(p_securedMessage, p_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256); return f_verifyGnSecuredMessageSignature_ecdsaNistP256(p_securedMessage, p_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256); } } return true; return false; } // End of function f_verifyGnSecuredOtherMessageWithDeviceCertificate } // End of function f_verifyGnSecuredOtherMessageWithDeviceCertificate } // End of group deviceSignatureHelpers } // End of group deviceSignatureHelpers Loading Loading @@ -1437,7 +1450,9 @@ module LibItsSecurity_Functions { if (fx_loadCertificates(PX_CERTIFICATE_POOL_PATH, p_configId) == true) { if (fx_loadCertificates(PX_CERTIFICATE_POOL_PATH, p_configId) == true) { // Setup security component variables // Setup security component variables if (f_readCertificate(cc_taCert_A, vc_atCertificate) == true) { if (f_readCertificate(cc_taCert_A, vc_atCertificate) == true) { if (f_readCertificate(vc_atCertificate.toBeSigned.id.name, vc_aaCertificate)) { var charstring str := oct2str(unichar2oct(vc_atCertificate.toBeSigned.id.name)); log("UTF8 to charstring conversion: ", str); if (f_readCertificate(str, vc_aaCertificate)) { if (f_readSigningKey(cc_taCert_A, vc_signingPrivateKey)== true) { if (f_readSigningKey(cc_taCert_A, vc_signingPrivateKey)== true) { f_readEncryptingKey(cc_taCert_A, vc_encryptPrivateKey); f_readEncryptingKey(cc_taCert_A, vc_encryptPrivateKey); return true; return true; Loading Loading @@ -1511,6 +1526,22 @@ module LibItsSecurity_Functions { return true; return true; } // End of function f_getCertificateDigest } // End of function f_getCertificateDigest function f_getCertificateFromDigest( in HashedId8 p_digest, out EtsiTs103097Certificate p_certificate ) runs on ItsSecurityBaseComponent return boolean { var charstring v_certificate_id; if (not(fx_readCertificateFromDigest(p_digest, v_certificate_id))) { log("f_getCertificateFromDigest: Failed to retrieve digest for ", p_digest); return false; } if (not(f_readCertificate(v_certificate_id, p_certificate))) { log("f_getCertificateFromDigest: Failed to retrieve digest for ", v_certificate_id); return false; } return true; } // End of function f_getCertificateFromDigest /** /** * @desc Read the signing private key for the specified certificate * @desc Read the signing private key for the specified certificate * @param p_keysId the keys identifier * @param p_keysId the keys identifier Loading Loading @@ -1751,6 +1782,8 @@ module LibItsSecurity_Functions { */ */ external function fx_readCertificateDigest(in charstring p_certificateId, out HashedId8 p_digest) return boolean; external function fx_readCertificateDigest(in charstring p_certificateId, out HashedId8 p_digest) return boolean; external function fx_readCertificateFromDigest(in HashedId8 p_digest, out charstring p_certificateId) return boolean; /** /** * @desc Read the private keys for the specified certificate * @desc Read the private keys for the specified certificate * @param p_keysId the keys identifier * @param p_keysId the keys identifier Loading Loading
ttcn/Security/LibItsSecurity_Functions.ttcn +73 −40 Original line number Original line Diff line number Diff line Loading @@ -1144,37 +1144,50 @@ module LibItsSecurity_Functions { */ */ function f_verifyCertificateSignatureWithPublicKey( function f_verifyCertificateSignatureWithPublicKey( in template (value) EtsiTs103097Certificate p_certificateToBeVerified, in template (value) EtsiTs103097Certificate p_certificateToBeVerified, in template (value) EccP256CurvePoint p_publicKey in template (value) PublicVerificationKey p_publicVerificationKey ) return boolean { ) return boolean { // Local variables var ToBeSignedCertificate v_toBeSignedCertificate; var octetstring toBeVerifiedData; var octetstring v_enc_msg; var octetstring v_signature; var octetstring v_signature; var boolean v_result := false; var template (value) ToBeSignedCertificate v_toBeSignedCertificate; // Create EtsiTs103097Certificate payload to be verified // Create ToBeSignedCertificate payload to be signed /* FIXME To be reviewed v_toBeSignedCertificate := m_toBeSignedCertificate(p_certificateToBeVerified); v_toBeSignedCertificate := valueof(p_certificateToBeVerified.toBeSigned); toBeVerifiedData := bit2oct(encvalue(v_toBeSignedCertificate)); log("f_verifyCertificateSignatureWithPublicKey: v_toBeSignedCertificate=", v_toBeSignedCertificate); // Build the signature v_enc_msg := bit2oct(encvalue(v_toBeSignedCertificate)); v_signature := log("f_verifyCertificateSignatureWithPublicKey: v_enc_msg=", v_enc_msg); '0000'O & valueof(p_certificateToBeVerified.signature_.ecdsaNistP256Signature.rSig) & valueof(p_certificateToBeVerified.signature_.ecdsaNistP256Signature.sSig); log("toBeVerifiedData: ", toBeVerifiedData); // Verify payload log("v_signature : ", v_signature); if (ischosen(p_publicVerificationKey.ecdsaBrainpoolP256r1)) { log("EcdsaP256Signature :", p_publicKey); v_signature := valueof(p_certificateToBeVerified.signature_.ecdsaBrainpoolP256r1Signature.rSig.x_only) & valueof(p_certificateToBeVerified.signature_.ecdsaBrainpoolP256r1Signature.sSig); log("f_verifyCertificateSignatureWithPublicKey: v_signedData=", v_signature); // Verify the certificate return f_verifyWithEcdsaBrainpoolp256WithSha256( v_result := f_verifyWithEcdsaNistp256WithSha256( v_enc_msg, toBeVerifiedData, v_signature, v_signature, valueof(p_publicKey.uncompressedP256.x), valueof(p_publicVerificationKey.ecdsaBrainpoolP256r1.uncompressedP256.x), valueof(p_publicKey.uncompressedP256.y) valueof(p_publicVerificationKey.ecdsaBrainpoolP256r1.uncompressedP256.y) );*/ ); } else if (ischosen(p_publicVerificationKey.ecdsaBrainpoolP384r1)) { v_signature := valueof(p_certificateToBeVerified.signature_.ecdsaBrainpoolP384r1Signature.rSig.x_only) & valueof(p_certificateToBeVerified.signature_.ecdsaBrainpoolP384r1Signature.sSig); log("f_verifyCertificateSignatureWithPublicKey: v_signedData=", v_signature); return f_verifyWithEcdsaBrainpoolp384WithSha384( v_enc_msg, v_signature, valueof(p_publicVerificationKey.ecdsaBrainpoolP384r1.uncompressedP384.x), valueof(p_publicVerificationKey.ecdsaBrainpoolP384r1.uncompressedP384.y) ); } else if (ischosen(p_publicVerificationKey.ecdsaNistP256)) { v_signature := valueof(p_certificateToBeVerified.signature_.ecdsaNistP256Signature.rSig.x_only) & valueof(p_certificateToBeVerified.signature_.ecdsaNistP256Signature.sSig); log("f_verifyCertificateSignatureWithPublicKey: v_signedData=", v_signature); return f_verifyWithEcdsaNistp256WithSha256( v_enc_msg, v_signature, valueof(p_publicVerificationKey.ecdsaNistP256.uncompressedP256.x), valueof(p_publicVerificationKey.ecdsaNistP256.uncompressedP256.y) ); } return v_result; return false; } // End of finction f_verifyCertificateSignatureWithPublicKey } // End of finction f_verifyCertificateSignatureWithPublicKey /** /** Loading @@ -1188,15 +1201,15 @@ module LibItsSecurity_Functions { in template (value) EtsiTs103097Certificate p_certificateToBeVerified, in template (value) EtsiTs103097Certificate p_certificateToBeVerified, in template (value) EtsiTs103097Certificate p_issuingCertificate in template (value) EtsiTs103097Certificate p_issuingCertificate ) return boolean { ) return boolean { /* FIXME To be reviewed for (var integer v_counter := 0; v_counter < lengthof(p_issuingCertificate.subject_attributes); v_counter := v_counter + 1) { if (valueof(p_issuingCertificate.subject_attributes[v_counter].type_) == e_verification_key) { return f_verifyCertificateSignatureWithPublicKey( p_certificateToBeVerified, valueof(p_issuingCertificate.subject_attributes[v_counter].attribute.key)); } }*/ // End of 'for' statement // Sanity checks if (not(ischosen(p_issuingCertificate.toBeSigned.verifyKeyIndicator.verificationKey))) { return false; return false; } return f_verifyCertificateSignatureWithPublicKey( p_certificateToBeVerified, p_issuingCertificate.toBeSigned.verifyKeyIndicator.verificationKey ); } // End of function f_verifyCertificateSignatureWithIssuingCertificate } // End of function f_verifyCertificateSignatureWithIssuingCertificate /** /** Loading Loading @@ -1348,7 +1361,7 @@ module LibItsSecurity_Functions { return f_verifyGnSecuredMessageSignature_ecdsaNistP256(p_securedMessage, p_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256); return f_verifyGnSecuredMessageSignature_ecdsaNistP256(p_securedMessage, p_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256); } } return true; return false; } // End of function f_verifyGnSecuredOtherMessageWithDeviceCertificate } // End of function f_verifyGnSecuredOtherMessageWithDeviceCertificate } // End of group deviceSignatureHelpers } // End of group deviceSignatureHelpers Loading Loading @@ -1437,7 +1450,9 @@ module LibItsSecurity_Functions { if (fx_loadCertificates(PX_CERTIFICATE_POOL_PATH, p_configId) == true) { if (fx_loadCertificates(PX_CERTIFICATE_POOL_PATH, p_configId) == true) { // Setup security component variables // Setup security component variables if (f_readCertificate(cc_taCert_A, vc_atCertificate) == true) { if (f_readCertificate(cc_taCert_A, vc_atCertificate) == true) { if (f_readCertificate(vc_atCertificate.toBeSigned.id.name, vc_aaCertificate)) { var charstring str := oct2str(unichar2oct(vc_atCertificate.toBeSigned.id.name)); log("UTF8 to charstring conversion: ", str); if (f_readCertificate(str, vc_aaCertificate)) { if (f_readSigningKey(cc_taCert_A, vc_signingPrivateKey)== true) { if (f_readSigningKey(cc_taCert_A, vc_signingPrivateKey)== true) { f_readEncryptingKey(cc_taCert_A, vc_encryptPrivateKey); f_readEncryptingKey(cc_taCert_A, vc_encryptPrivateKey); return true; return true; Loading Loading @@ -1511,6 +1526,22 @@ module LibItsSecurity_Functions { return true; return true; } // End of function f_getCertificateDigest } // End of function f_getCertificateDigest function f_getCertificateFromDigest( in HashedId8 p_digest, out EtsiTs103097Certificate p_certificate ) runs on ItsSecurityBaseComponent return boolean { var charstring v_certificate_id; if (not(fx_readCertificateFromDigest(p_digest, v_certificate_id))) { log("f_getCertificateFromDigest: Failed to retrieve digest for ", p_digest); return false; } if (not(f_readCertificate(v_certificate_id, p_certificate))) { log("f_getCertificateFromDigest: Failed to retrieve digest for ", v_certificate_id); return false; } return true; } // End of function f_getCertificateFromDigest /** /** * @desc Read the signing private key for the specified certificate * @desc Read the signing private key for the specified certificate * @param p_keysId the keys identifier * @param p_keysId the keys identifier Loading Loading @@ -1751,6 +1782,8 @@ module LibItsSecurity_Functions { */ */ external function fx_readCertificateDigest(in charstring p_certificateId, out HashedId8 p_digest) return boolean; external function fx_readCertificateDigest(in charstring p_certificateId, out HashedId8 p_digest) return boolean; external function fx_readCertificateFromDigest(in HashedId8 p_digest, out charstring p_certificateId) return boolean; /** /** * @desc Read the private keys for the specified certificate * @desc Read the private keys for the specified certificate * @param p_keysId the keys identifier * @param p_keysId the keys identifier Loading
