Commit 5eebede3 authored by garciay's avatar garciay
Browse files

Add support of disk/memory cache for certificates/private keys

parent 1c6ffae8
......@@ -18,6 +18,7 @@ module LibItsSecurity_Functions {
import from LibItsSecurity_TypesAndValues all;
import from LibItsSecurity_Templates all;
import from LibItsSecurity_Pixits all;
import from LibItsSecurity_TestSystem all;
group helpersFunctions {
......@@ -37,10 +38,12 @@ module LibItsSecurity_Functions {
* @param p_toBeSignedSecuredMessage The data to be signed
* @return The signature value
*/
function f_signWithEcdsaNistp256WithSha256(in Oct32 p_toBeSignedSecuredMessage) return octetstring {
function f_signWithEcdsaNistp256WithSha256(
in Oct32 p_toBeSignedSecuredMessage
) runs on ItsSecurityBaseComponent return octetstring {
return fx_signWithEcdsaNistp256WithSha256(
p_toBeSignedSecuredMessage,
PX_TA_CONFIGS[PX_CERTIFICATE_CONFIG_IDX].signingPrivateKey
vc_signingPrivateKey
);
} // End of function f_signWithEcdsaNistp256WithSha256
......@@ -122,8 +125,9 @@ module LibItsSecurity_Functions {
/**
* @desc Build a template of a secured beacon to be used for the Test Adapter secured beaconing processing
*/
function f_buildSecuredMessagePayloadToBeSigned(in boolean p_includeCertificate := false)
return ToBeSignedSecuredMessage {
function f_buildSecuredMessagePayloadToBeSigned(
in boolean p_includeCertificate := false
) runs on ItsSecurityBaseComponent return ToBeSignedSecuredMessage {
// Local variables
var template (value) ToBeSignedSecuredMessage v_toBeSignedSecuredMessage;
......@@ -134,12 +138,12 @@ module LibItsSecurity_Functions {
{ // Field HeaderFields
m_header_field_signer_info(
m_signerInfo_certificate(
PX_TA_CONFIGS[PX_CERTIFICATE_CONFIG_IDX].atCertificate
vc_atCertificate
) // End of template m_signerInfo_certificate
), // End of template m_header_field_signer_info
m_header_field_generation_time(oct2int('BBBBBBBB'O)), // To be replaced by TA with generation time
m_header_field_generation_location(
PX_TA_CONFIGS[PX_CERTIFICATE_CONFIG_IDX].location
vc_location
)
}, // End of field HeaderFields
{
......@@ -155,12 +159,12 @@ module LibItsSecurity_Functions {
{ // Field HeaderFields
m_header_field_signer_info(
m_signerInfo_digest(
PX_TA_CONFIGS[PX_CERTIFICATE_CONFIG_IDX].atCertificate.signer_infos[0].signerInfo.digest
vc_atCertificate.signer_infos[0].signerInfo.digest
) // End of template m_signerInfo_certificate
), // End of template m_header_field_signer_info
m_header_field_generation_time(oct2int('BBBBBBBB'O)), // To be replaced by TA with generation time
m_header_field_generation_location(
PX_TA_CONFIGS[PX_CERTIFICATE_CONFIG_IDX].location
vc_location
)
}, // End of field HeaderFields
{
......@@ -179,9 +183,9 @@ module LibItsSecurity_Functions {
* @desc This function build and sign the SecureMessage part covered by the signature process
* @param p_securedMessage The signed SecureMessage part
* @param p_unsecuredPayload The unsigned payload (e.g. a beacon)
* @param p_threeDLocation The ThreeDLocation value
* @param p_signerInfoType Add digest or AT certificate or certificate chain
* @param p_headerFields Additional HeaderFields
* @param p_certificateName The certificate identifier to be used. Default: TA_CONFIG_A
* @return true on success, false otherwise
* @verdict Unchanged
*/
......@@ -190,17 +194,26 @@ module LibItsSecurity_Functions {
in octetstring p_unsecuredPayload,
in template (omit) SignerInfoType p_signerInfoType := e_certificate_digest_with_ecdsap256,
in template (omit) HeaderFields p_headerFields := omit,
in UInt p_configId := PX_CERTIFICATE_CONFIG_IDX
) return boolean {
in template (omit) charstring p_certificateName := omit
) runs on ItsSecurityBaseComponent return boolean {
// Local variables
var Certificate v_aaCertificate, v_atCertificate;
var octetstring v_secPayload, v_signature;
var Oct32 v_hash;
var template (value) ToBeSignedSecuredMessage v_toBeSignedSecuredMessage;
// Sanity check
if (not(p_configId < lengthof(PX_TA_CONFIGS)) ) {
return false;
if (ispresent(p_certificateName) and (p_certificateName != "TA_CONFIG_A")) {
if (f_readCertificate(p_certificateName & ".AA_CERT", v_aaCertificate) == false) {
return false;
}
if (f_readCertificate(p_certificateName & ".AT_CERT", v_atCertificate) == false) {
return false;
}
} else {
v_aaCertificate := vc_aaCertificate;
v_atCertificate := vc_atCertificate;
}
// Create SecuredMessage payload to be signed
......@@ -210,7 +223,7 @@ module LibItsSecurity_Functions {
{ // Field HeaderFields
m_header_field_signer_info(
m_signerInfo_certificate(
PX_TA_CONFIGS[p_configId].atCertificate
v_atCertificate
) // End of template m_signerInfo_certificate
), // End of template m_header_field_signer_info
m_header_field_generation_time(f_getCurrentTime()),
......@@ -231,8 +244,8 @@ module LibItsSecurity_Functions {
m_header_field_signer_info(
m_signerInfo_certificates(
{
PX_TA_CONFIGS[p_configId].aaCertificate,
PX_TA_CONFIGS[p_configId].atCertificate
v_aaCertificate,
v_atCertificate
}
) // End of template m_signerInfo_certificate
), // End of template m_header_field_signer_info
......@@ -253,7 +266,7 @@ module LibItsSecurity_Functions {
{ // Field HeaderFields
m_header_field_signer_info(
m_signerInfo_digest(
PX_TA_CONFIGS[p_configId].atCertificate.signer_infos[0].signerInfo.digest
v_atCertificate.signer_infos[0].signerInfo.digest
) // End of template m_signerInfo_digest
), // End of template m_header_field_digest
m_header_field_generation_time(f_getCurrentTime()),
......@@ -329,7 +342,7 @@ module LibItsSecurity_Functions {
in ThreeDLocation p_threeDLocation,
in template (omit) boolean p_addCertificate := false,
in template (omit) HeaderFields p_headerFields := omit
) return boolean {
) runs on ItsSecurityBaseComponent return boolean {
// Local variables
var octetstring v_secPayload, v_signature;
......@@ -343,7 +356,7 @@ module LibItsSecurity_Functions {
{ // Field HeaderFields
m_header_field_signer_info(
m_signerInfo_certificate(
PX_TA_CONFIGS[PX_CERTIFICATE_CONFIG_IDX].atCertificate
vc_atCertificate
) // End of template m_signerInfo_certificate
), // End of template m_header_field_signer_info
m_header_field_generation_time(f_getCurrentTime()),
......@@ -365,7 +378,7 @@ module LibItsSecurity_Functions {
{ // Field HeaderFields
m_header_field_signer_info(
m_signerInfo_digest(
PX_TA_CONFIGS[PX_CERTIFICATE_CONFIG_IDX].atCertificate.signer_infos[0].signerInfo.digest
vc_atCertificate.signer_infos[0].signerInfo.digest
) // End of template m_signerInfo_digest
), // End of template m_header_field_digest
m_header_field_generation_time(f_getCurrentTime()),
......@@ -440,7 +453,7 @@ module LibItsSecurity_Functions {
in ThreeDLocation p_threeDLocation,
in template (omit) boolean p_addCertificate := false,
in template (omit) HeaderFields p_headerFields := omit
) return boolean {
) runs on ItsSecurityBaseComponent return boolean {
// Local variables
var octetstring v_secPayload, v_signature;
......@@ -454,7 +467,7 @@ module LibItsSecurity_Functions {
{ // Field HeaderFields
m_header_field_signer_info(
m_signerInfo_certificate(
PX_TA_CONFIGS[PX_CERTIFICATE_CONFIG_IDX].atCertificate
vc_atCertificate
) // End of template m_signerInfo_certificate
), // End of template m_header_field_signer_info
m_header_field_generation_time(f_getCurrentTime()),
......@@ -475,7 +488,7 @@ module LibItsSecurity_Functions {
{ // Field HeaderFields
m_header_field_signer_info(
m_signerInfo_digest(
PX_TA_CONFIGS[PX_CERTIFICATE_CONFIG_IDX].atCertificate.signer_infos[0].signerInfo.digest
vc_atCertificate.signer_infos[0].signerInfo.digest
) // End of template m_signerInfo_digest
), // End of template m_header_field_digest
m_header_field_generation_time(f_getCurrentTime()),
......@@ -744,31 +757,74 @@ module LibItsSecurity_Functions {
group certificateGetters {
/**
* @desc Set the gneration location ase defined in Draft ETSI TS 103 097 V1.1.6
* @param p_latitude The latitude value
* @param p_longitude The longitude value
* @param p_elevation The elevation value
* @verdict Unchanged
*/
function f_setGenerationLocation(
in WGSLatitude p_latitude,
in WGSLongitude p_longitude,
in Oct2 p_elevation := '0000'O
) runs on ItsSecurityBaseComponent {
vc_location := {
p_latitude,
p_longitude,
p_elevation
}
} // End of function f_setGenerationLocation
/**
* @desc Load in memory cache the certificates available
* @param p_rootDirectory Root directory to access to the certificates identified by the certificate ID
* @param p_configId A configuration identifier
* @remark This method SHALL be call before any usage of certificates
* @return true on success, false otherwise
*/
function f_loadCertificates(
in charstring p_rootDirectory
) return boolean {
return fx_loadCertificates(p_rootDirectory);
}
in charstring p_configId
) runs on ItsSecurityBaseComponent return boolean {
var boolean v_result;
// Setup certificates memory cache
if (fx_loadCertificates(PX_ROOT_PATH_FOR_SECURITY, p_configId) == true) {
// Setup security component variables
f_readCertificate("TA_CONFIG_A.AA_CERT", vc_aaCertificate);
f_readCertificate("TA_CONFIG_A.AT_CERT", vc_atCertificate);
f_readPrivateKeys("TA_CONFIG_A.PRIVATE_KEYS", vc_signingPrivateKey, vc_encryptPrivateKey);
return true;
}
return false;
} // End of function f_loadCertificates
/**
* @desc Unload from memory cache the certificates available
* @return true on success, false otherwise
*/
function f_unloadCertificates() runs on ItsSecurityBaseComponent return boolean {
// Reset security component variables
vc_signingPrivateKey := '0000000000000000000000000000000000000000000000000000000000000000'O;
vc_encryptPrivateKey := '0000000000000000000000000000000000000000000000000000000000000000'O;
// Clear certificates memory cache
return fx_unloadCertificates();
} // End of function f_unloadCertificates
/**
* @desc Read the specified certificate
* @param p_hashedId8 the certificate ID to read
* @param p_certificate the exoected certificate
* @param p_certificateId the certificate identifier
* @param p_certificate the expected certificate
* @return true on success, false otherwise
*/
function f_readCertificate(
in HashedId8 p_hashedId8,
in charstring p_certificateId,
out Certificate p_certificate
) return boolean {
) runs on ItsSecurityBaseComponent return boolean {
var octetstring v_certificate;
if (fx_readCertificate(p_hashedId8, v_certificate) == true) {
if (fx_readCertificate(p_certificateId, v_certificate) == true) {
var integer v_result := decvalue(oct2bit(v_certificate), p_certificate);
if (v_result == 0) {
return true;
......@@ -776,7 +832,22 @@ module LibItsSecurity_Functions {
}
return false;
}
} // End of function f_readCertificate
/**
* @desc Read the private keys for the specified certificate
* @param p_keysId the keys identifier
* @param p_signingPrivateKey the signing private key
* @param p_encryptPrivateKey the encrypt private key
* @return true on success, false otherwise
*/
function f_readPrivateKeys(
in charstring p_keysId,
out Oct32 p_signingPrivateKey,
out Oct32 p_encryptPrivateKey
) runs on ItsSecurityBaseComponent return boolean {
return fx_readPrivateKeys(p_keysId, p_signingPrivateKey, p_encryptPrivateKey);
} // End of function f_readPrivateKeys
function f_getCertificateValidityRestriction(
in template (value) Certificate p_cert,
......@@ -790,7 +861,7 @@ module LibItsSecurity_Functions {
}
}
return false;
}
} // End of function f_getCertificateValidityRestriction
function f_getCertificateSignerInfo (
in template (value) Certificate p_cert,
......@@ -870,20 +941,36 @@ module LibItsSecurity_Functions {
group certificatesLoader {
/**
* @desc Load in memory cache the certificates available
* @param p_rootDirectory Root directory to access to the certificates identified by the certificate ID
* @desc Load in memory cache the certificates available in the specified directory
* @param p_rootDirectory Root directory to access to the certificates identified by the certificate ID
* @param p_configId A configuration identifier
* @remark This method SHALL be call before any usage of certificates
* @return true on success, false otherwise
*/
external function fx_loadCertificates(in charstring p_rootDirectory) return boolean;
external function fx_loadCertificates(in charstring p_rootDirectory, in charstring p_configId) return boolean;
/**
* @desc Unload from memory cache the certificates
* @return true on success, false otherwise
*/
external function fx_unloadCertificates() return boolean;
/**
* @desc Read the specified certificate
* @param p_hashedId8 the certificate ID to read
* @param p_certificate the exoected certificate
* @param p_certificateId the certificate identifier
* @param p_certificate the expected certificate
* @return true on success, false otherwise
*/
external function fx_readCertificate(in charstring p_certificateId, out octetstring p_certificate) return boolean;
/**
* @desc Read the private keys for the specified certificate
* @param p_keysId the keys identifier
* @param p_signingPrivateKey the signing private key
* @param p_encryptPrivateKey the encrypt private key
* @return true on success, false otherwise
*/
external function fx_readCertificate(in HashedId8 p_hashedId8, out octetstring p_certificate) return boolean;
external function fx_readPrivateKeys(in charstring p_keysId, out Oct32 p_signingPrivateKey, out Oct32 p_encryptPrivateKey) return boolean;
} // End of group certificatesLoader
......
This diff is collapsed.
......@@ -1011,7 +1011,7 @@ module LibItsSecurity_Templates {
* @see Draft ETSI TS 103 097 V1.1.6 Clause 5.4 HeaderField
*/
template (value) HeaderField m_header_field_unrecognised_certificates(
in template (value) HashedId3s p_digests
in template (value) HashedId3s p_digests
) := {
type_ := e_request_unrecognized_certificate,
headerField := {
......
......@@ -6,4 +6,32 @@
*
*/
module LibItsSecurity_TestSystem {
// LibCommon
import from LibCommon_DataStrings all;
// LibItsSecurity
import from LibItsSecurity_TypesAndValues all;
group componentDefinitions {
/**
* @desc ITS Security Component
*/
type component ItsSecurityBaseComponent {
// Certificates
var Certificate vc_aaCertificate;
var Certificate vc_atCertificate;
// Private keys
var Oct32 vc_signingPrivateKey;
var Oct32 vc_encryptPrivateKey;
var ThreeDLocation vc_location;
} // End of ItsSecurityBaseComponent
} // End of group componentDefinitions
} // End of module LibItsSecurity_TestSystem
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment