Bug fixed in md_secureMessage_profileDenm template (6cf59125) · Commits · TTCN-3 Libraries / LibIts

ttcn/Security/LibItsSecurity_Functions.ttcn3

+77 −40

Original line number	Diff line number	Diff line
		@@ -154,7 +154,7 @@ module LibItsSecurity_Functions {

		// Create SecuredMessage payload to be signed
		v_toBeSignedSecuredMessage := m_toBeSignedSecuredMessage(
		c_security_profileOthers,
		c_security_profileCAMs,
		{ // Field HeaderFields
		m_header_field_signer_info(
		m_signerInfo_certificate(
		@@ -174,6 +174,8 @@ module LibItsSecurity_Functions {
		}, // End of field HeaderFields
		e_signature
		);
		log("v_toBeSignedSecuredMessage=", v_toBeSignedSecuredMessage);

		// Add additional header fields if any
		if (ispresent(p_headerFields) == true) {
		var integer v_addItemIndex := lengthof(v_toBeSignedSecuredMessage.header_fields);
		@@ -186,16 +188,19 @@ module LibItsSecurity_Functions {
		}

		v_secPayload := bit2oct(encvalue(v_toBeSignedSecuredMessage));
		log("v_secPayload= ", v_secPayload);

		// Calculate the hash of the SecuredMessage payload to be signed
		v_hash := f_hashWithSha256(v_secPayload);
		log("v_hash= ", v_hash);

		// Signed payload
		v_signature := f_signWithEcdsaNistp256WithSha256(
		v_hash
		);
		log("v_signature= ", v_signature);

		p_securedMessage := m_securedMessage_profileOther( // See Clause 7.3 Generic security profile for other signed messages
		p_securedMessage := md_secureMessage_profileCam( // See Clause 7.1 Security profile for CAMs
		v_toBeSignedSecuredMessage.header_fields,
		v_toBeSignedSecuredMessage.payload_fields,
		{
		@@ -210,7 +215,7 @@ module LibItsSecurity_Functions {
		)
		)
		}
		); // End of template m_securedMessageBeacon
		); // End of template m_securedMessage_profileCam

		return true;
		}
		@@ -238,7 +243,7 @@ module LibItsSecurity_Functions {

		// Create SecuredMessage payload to be signed
		v_toBeSignedSecuredMessage := m_toBeSignedSecuredMessage(
		c_security_profileOthers,
		c_security_profileDENMs,
		{ // Field HeaderFields
		m_header_field_signer_info(
		m_signerInfo_certificate(
		@@ -268,6 +273,7 @@ module LibItsSecurity_Functions {
		v_addItemIndex := v_addItemIndex + 1;
		} // End of 'for' statement
		}
		log("v_toBeSignedSecuredMessage= ", v_toBeSignedSecuredMessage);

		v_secPayload := bit2oct(encvalue(v_toBeSignedSecuredMessage));

		@@ -279,7 +285,7 @@ module LibItsSecurity_Functions {
		v_hash
		);

		p_securedMessage := m_securedMessage_profileOther( // See Clause 7.3 Generic security profile for other signed messages
		p_securedMessage := md_secureMessage_profileDenm( // See Clause 7.2 Security profile for DENMs
		v_toBeSignedSecuredMessage.header_fields,
		v_toBeSignedSecuredMessage.payload_fields,
		{
		@@ -294,7 +300,7 @@ module LibItsSecurity_Functions {
		)
		)
		}
		); // End of template m_securedMessageBeacon
		); // End of template m_securedMessage_profileDenm

		return true;
		} // End of function f_buildGnSecuredDenm
		@@ -363,7 +369,7 @@ module LibItsSecurity_Functions {
		v_hash
		);

		p_securedMessage := m_securedMessage_profileOther( // See Clause 7.3 Generic security profile for other signed messages
		p_securedMessage := md_securedMessage_profileOther( // See Clause 7.3 Generic security profile for other signed messages
		v_toBeSignedSecuredMessage.header_fields,
		v_toBeSignedSecuredMessage.payload_fields,
		{
		@@ -378,7 +384,7 @@ module LibItsSecurity_Functions {
		)
		)
		}
		); // End of template m_securedMessageBeacon
		); // End of template md_securedMessage_profileOther

		return true;
		} // End of function f_buildGnSecuredOtherMessage
		@@ -389,57 +395,74 @@ module LibItsSecurity_Functions {

		/**
		* @desc Verify the signature of the provided certificate
		* @param p_cert Certificate to be verified
		* @param p_certificateToBeVerified Certificate to be verified
		* @param p_publicKey Public key to verify the certificate signature
		* @return true on success, false otherwise
		* @verdict
		*/
		function f_verifyCertificateSignatureWithPublicKey(
		in template (value) Certificate p_cert,
		in template (value) Certificate p_certificateToBeVerified,
		in template (value) PublicKey p_publicKey
		) return boolean {

		// Local variables
		var octetstring v_secPayload;
		var octetstring v_signedData;
		var Oct32 v_hash;
		var octetstring toBeVerifiedData;
		var octetstring v_signature;
		var boolean v_result := false;
		var template (value) ToBeSignedCertificate v_toBeSignedCertificate;

		// Create Certificate payload to be signed
		v_toBeSignedCertificate := m_toBeSignedCertificate(p_cert);
		log("full certificate: ", bit2oct(encvalue(p_certificateToBeVerified)));

		v_secPayload := bit2oct(encvalue(v_toBeSignedCertificate));
		// Create Certificate payload to be verified
		v_toBeSignedCertificate := m_toBeSignedCertificate(p_certificateToBeVerified);
		log("v_toBeSignedCertificate=", v_toBeSignedCertificate);
		toBeVerifiedData := bit2oct(encvalue(v_toBeSignedCertificate));
		log("toBeVerifiedData=", toBeVerifiedData);

		// // Calculate the hash of the SecuredMessage payload to be signed
		// v_hash := fx_hashWithSha256(v_secPayload);
		//
		// Verify payload
		v_signedData :=
		// Build the signature
		v_signature :=
		'0000'O &
		p_cert.signature_.signature_.ecdsa_signature.r.x &
		p_cert.signature_.signature_.ecdsa_signature.s;
		p_certificateToBeVerified.signature_.signature_.ecdsa_signature.r.x &
		p_certificateToBeVerified.signature_.signature_.ecdsa_signature.s;
		log("v_signature=", v_signature);

		// Verify the certificate
		log("p_publicKey.public_key.eccPoint.x", p_publicKey.public_key.eccPoint.x);
		log("p_publicKey.public_key.eccPoint.y.y", p_publicKey.public_key.eccPoint.y.y);
		v_result := f_verifyWithEcdsaNistp256WithSha256(
		v_hash,
		v_signedData,
		toBeVerifiedData,
		v_signature,
		p_publicKey.public_key.eccPoint.x,
		p_publicKey.public_key.eccPoint.y.y
		);

		log("f_verifyCertificateSignatureWithPublicKey: ", v_result);
		return v_result;
		} // End of finction f_verifyCertificateSignatureWithPublicKey

		/**
		* @desc Verify the signature of the provided secured message
		* @param p_cert Certificate to be verified
		* @param p_verify Issuing certificate
		* @param p_certificateToBeVerified Certificate to be verified
		* @param p_issuingCertificate Issuing certificate
		* @return true on success, false otherwise
		* @verdict
		*/
		function f_verifyCertificateSignatureWithIssuingCertificate(
		in template (value) Certificate p_cert,
		in template (value) Certificate p_verify
		in template (value) Certificate p_certificateToBeVerified,
		in template (value) Certificate p_issuingCertificate
		) return boolean {
		return f_verifyCertificateSignatureWithPublicKey(p_cert, p_verify.subject_attributes[0].attribute.key);
		var integer v_counter;

		for (v_counter := 0; v_counter < lengthof(p_issuingCertificate.subject_attributes); v_counter := v_counter + 1) {
		log("f_verifyCertificateSignatureWithIssuingCertificate: processing ", p_issuingCertificate.subject_attributes[v_counter]);
		if (p_issuingCertificate.subject_attributes[v_counter].type_ == e_verification_key) {
		return f_verifyCertificateSignatureWithPublicKey(
		p_certificateToBeVerified,
		p_issuingCertificate.subject_attributes[v_counter].attribute.key);
		}
		} // End of 'for' statement

		return false;
		} // End of function f_verifyCertificateSignatureWithIssuingCertificate

		} // End of group hostSignatureHelpers
		@@ -467,6 +490,8 @@ module LibItsSecurity_Functions {
		var boolean v_result := false;
		var template (value) ToBeSignedSecuredMessage v_toBeSignedSecuredMessage;

		log(">>> f_verifyGnSecuredMessageSignatureWithPublicKey: ", p_securedMessage);

		// Create SecuredMessage payload to be signed
		v_toBeSignedSecuredMessage := m_toBeSignedSecuredMessage(
		p_securedMessage.security_profile,
		@@ -476,9 +501,11 @@ module LibItsSecurity_Functions {
		);

		v_secPayload := bit2oct(encvalue(v_toBeSignedSecuredMessage));
		log("f_verifyGnSecuredMessageSignatureWithPublicKey: v_secPayload=", v_secPayload);

		// Calculate the hash of the SecuredMessage payload to be signed
		v_hash := fx_hashWithSha256(v_secPayload);
		log("f_verifyGnSecuredMessageSignatureWithPublicKey: v_hash=", v_hash);

		// Verify payload
		for (v_counter := 0; v_counter < lengthof(p_securedMessage.trailer_fields); v_counter := v_counter + 1) {
		@@ -513,8 +540,18 @@ module LibItsSecurity_Functions {
		in template (value) SecuredMessage p_securedMessage,
		in template (value) Certificate p_certificate
		) return boolean {
		return f_verifyGnSecuredMessageSignatureWithPublicKey(p_securedMessage,
		p_certificate.subject_attributes[0].attribute.key);
		var integer v_counter;

		for (v_counter := 0; v_counter < lengthof(p_certificate.subject_attributes); v_counter := v_counter + 1) {
		log("f_verifyGnSecuredMessageSignatureWithCertificate: processing ", p_certificate.subject_attributes[v_counter]);
		if (p_certificate.subject_attributes[v_counter].type_ == e_verification_key) {
		return f_verifyGnSecuredMessageSignatureWithPublicKey(
		p_securedMessage,
		p_certificate.subject_attributes[v_counter].attribute.key);
		}
		} // End of 'for' statement

		return false;
		} // End of function f_verifyGnSecuredOtherMessageWithDeviceCertificate

		} // End of group deviceSignatureHelpers
		@@ -531,7 +568,7 @@ module LibItsSecurity_Functions {
		in template (value) SecuredMessage p_securedMessage,
		in HeaderFieldType p_headerFieldType
		) return HeaderField {
		var HeaderField v_return := null;
		var HeaderField v_return;
		var integer v_length := lengthof(p_securedMessage.header_fields);
		var integer v_index;