Align LibIts source code with Draft ETSI TS 103 097 V1.1.9 (92a8fbbe) · Commits · TTCN-3 Libraries / LibIts

ttcn/Security/LibItsSecurity_Functions.ttcn3

+129 −107

Original line number	Diff line number	Diff line
		@@ -97,21 +97,18 @@ module LibItsSecurity_Functions {
		* @desc Calculate digest over the certificate
		* @param p_cert The certificate
		* @return the digest
		* @see Draft ETSI TS 103 097 V1.1.6 Clause 4.2.13 HashedId8
		* @see Draft ETSI TS 103 097 V1.1.9 Clause 4.2.13 HashedId8
		*/
		function f_calculateDigestFromCertificate(
		in Certificate p_cert
		) return HashedId8 {
		var octetstring v_toBeHashedData;
		var octetstring v_hash;
		var integer v_counter;

		// Search for digest in the signer_infos field first
		for (v_counter := 0; v_counter < lengthof(p_cert.signer_infos); v_counter := v_counter + 1) {
		if (p_cert.signer_infos[v_counter].type_ == e_certificate_digest_with_ecdsap256) {
		return p_cert.signer_infos[v_counter].signerInfo.digest;
		// Search for digest in the signer_info field first
		if (p_cert.signer_info.type_ == e_certificate_digest_with_sha256) {
		return p_cert.signer_info.signerInfo.digest;
		}
		} // End of 'for' statement

		// Digest not found, compute it
		log ("f_calculateDigestFromCertificate: Not found in certificate, compute it");
		@@ -135,7 +132,6 @@ module LibItsSecurity_Functions {
		// Build the beacon template
		if (p_includeCertificate == true) {
		v_toBeSignedSecuredMessage := m_toBeSignedSecuredMessage(
		c_security_profileOthers,
		{ // Field HeaderFields
		m_header_field_signer_info(
		m_signerInfo_certificate(
		@@ -145,34 +141,31 @@ module LibItsSecurity_Functions {
		m_header_field_generation_time(oct2int('BBBBBBBB'O)), // To be replaced by TA with generation time
		m_header_field_generation_location(
		vc_location
		)
		),
		m_header_field_verification_advice_recommended
		}, // End of field HeaderFields
		{
		m_payload_signed(
		'AAAAAAAAAA'O // To be replaced by TA with real payload
		)
		}, // End of field HeaderFields
		),
		e_signature
		);
		} else {
		v_toBeSignedSecuredMessage := m_toBeSignedSecuredMessage(
		c_security_profileOthers,
		{ // Field HeaderFields
		m_header_field_signer_info(
		m_signerInfo_digest(
		vc_atCertificate.signer_infos[0].signerInfo.digest
		vc_atCertificate.signer_info.signerInfo.digest
		) // End of template m_signerInfo_certificate
		), // End of template m_header_field_signer_info
		m_header_field_generation_time(oct2int('BBBBBBBB'O)), // To be replaced by TA with generation time
		m_header_field_generation_location(
		vc_location
		)
		),
		m_header_field_verification_advice_recommended
		}, // End of field HeaderFields
		{
		m_payload_signed(
		'AAAAAAAAAA'O // To be replaced by TA with real payload
		)
		}, // End of field HeaderFields
		),
		e_signature
		);
		}
		@@ -183,7 +176,7 @@ module LibItsSecurity_Functions {
		/**
		* @desc This function build and sign the SecureMessage part covered by the signature process
		* @param p_securedMessage The signed SecureMessage part
		* @param p_payloadFields Payloads to be included in the message
		* @param p_payloadField Payloads to be included in the message
		* @param p_mandatoryHeaders Mandatory headers for the selected profile
		* @param p_headerFields HeaderFields to be inserted in the message
		* @param p_securityProfile Selected security profile
		@@ -191,10 +184,9 @@ module LibItsSecurity_Functions {
		*/
		function f_buildGnSecuredMessage(
		out template (value) SecuredMessage p_securedMessage,
		in template (value) SecPayloads p_payloadFields,
		in template (value) SecPayload p_payloadField,
		in template (value) HeaderFields p_mandatoryHeaders,
		in template (omit) HeaderFields p_headerFields := omit,
		in UInt8 p_securityProfile := 0
		in template (omit) HeaderFields p_headerFields := omit
		) runs on ItsSecurityBaseComponent return boolean {

		// Local variables
		@@ -203,7 +195,7 @@ module LibItsSecurity_Functions {
		var template (value) ToBeSignedSecuredMessage v_toBeSignedSecuredMessage;
		var integer i, j, k, n;
		var HeaderFields v_headerFields := {};
		var SecPayloads v_toBeSignedPayloads := {};
		var SecPayload v_toBeSignedPayload;

		// Prepare headers
		if (not(ispresent(p_headerFields))) {
		@@ -254,17 +246,17 @@ module LibItsSecurity_Functions {
		} // End of 'for' statement
		}

		// Prepare payloads to be signed
		for(i:=0; i < lengthof(p_payloadFields); i := i + 1) {
		if(valueof(p_payloadFields[i]).type_ == e_signed or valueof(p_payloadFields[i]).type_ == e_signed_and_encrypted) {
		v_toBeSignedPayloads[lengthof(v_toBeSignedPayloads)] := valueof(p_payloadFields[i]);
		}
		} // End of 'for' statement
		// Prepare payload to be signed
		if (
		(valueof(p_payloadField).type_ == e_signed) or
		(valueof(p_payloadField).type_ == e_signed_and_encrypted
		)) {
		v_toBeSignedPayload := valueof(p_payloadField);
		} // TODO else, check draft

		v_toBeSignedSecuredMessage := m_toBeSignedSecuredMessage(
		p_securityProfile,
		v_headerFields,
		v_toBeSignedPayloads,
		v_toBeSignedPayload,
		e_signature
		);

		@@ -278,9 +270,9 @@ module LibItsSecurity_Functions {
		v_hash
		);

		p_securedMessage := m_secureMessage(
		p_securedMessage := m_securedMessage(
		v_toBeSignedSecuredMessage.header_fields,
		p_payloadFields,
		p_payloadField,
		{
		m_trailer_field_signature(
		m_signature(
		@@ -292,8 +284,7 @@ module LibItsSecurity_Functions {
		)
		)
		)
		},
		p_securityProfile
		}
		);

		return true;
		@@ -302,18 +293,20 @@ module LibItsSecurity_Functions {
		/**
		* @desc This function build and sign the SecureMessage part covered by the signature process
		* @param p_securedMessage The signed SecureMessage part
		* @param p_payloadFields Payloads to be included in the message
		* @param p_payloadField Payloads to be included in the message
		* @param p_signerInfoType Add digest or AT certificate or certificate chain
		* @param p_threeDLocation The 3D location
		* @param p_headerFields HeaderFields to be inserted in the message
		* @param p_certificateName The certificate identifier to be used. Default: TA_CERT_A
		* @param p_addMissingHeaders Whether to add mandatory headers not present in p_headerFields
		* @return true on success, false otherwise
		*
		* @see Draft ETSI TS 103 097 V1.1.9 Clause 7.1 Security profile for CAMs
		*/
		function f_buildGnSecuredCam(
		out template (value) SecuredMessage p_securedMessage,
		in template (value) SecPayloads p_payloadFields,
		in template (omit) SignerInfoType p_signerInfoType := e_certificate_digest_with_ecdsap256,
		in template (value) SecPayload p_payloadField,
		in template (omit) SignerInfoType p_signerInfoType := e_certificate_digest_with_sha256,
		in template (omit) HeaderFields p_headerFields := omit,
		in template (omit) charstring p_certificateName := omit,
		in boolean p_addMissingHeaders := true
		@@ -340,10 +333,15 @@ module LibItsSecurity_Functions {
		if (p_addMissingHeaders == true) {
		// Prepare mandatory headers
		if (valueof(p_signerInfoType) == e_certificate) { // Add the AT certificate
		v_signerInfo := valueof(m_header_field_signer_info(m_signerInfo_certificate(v_atCertificate)));
		v_signerInfo := valueof(
		m_header_field_signer_info(
		m_signerInfo_certificate(
		v_atCertificate
		)));
		}
		if (valueof(p_signerInfoType) == e_certificate_chain) { // Add the AT certificate + AA Certificate
		v_signerInfo := valueof(m_header_field_signer_info(
		v_signerInfo := valueof(
		m_header_field_signer_info(
		m_signerInfo_certificates(
		{
		v_aaCertificate,
		@@ -352,24 +350,29 @@ module LibItsSecurity_Functions {
		)
		));
		}
		if (valueof(p_signerInfoType) == e_certificate_digest_with_ecdsap256) { // Add the AT certificate digest
		v_signerInfo := valueof(m_header_field_signer_info(m_signerInfo_digest(v_atCertificate.signer_infos[0].signerInfo.digest)));
		if (valueof(p_signerInfoType) == e_certificate_digest_with_sha256) { // Add the AT certificate digest
		v_signerInfo := valueof(
		m_header_field_signer_info(
		m_signerInfo_digest(
		v_atCertificate.signer_info.signerInfo.digest
		)));
		}
		v_mandatoryHeaders := {
		v_signerInfo,
		valueof(m_header_field_generation_time(f_getCurrentTime())),
		valueof(m_header_field_message_type(c_messageType_CAM))
		valueof(m_header_field_verification_advice_recommended),
		valueof(m_header_field_its_aid(c_its_aid_CAM))
		}
		}

		return f_buildGnSecuredMessage(p_securedMessage, p_payloadFields, v_mandatoryHeaders, p_headerFields, c_security_profileCAMs);
		return f_buildGnSecuredMessage(p_securedMessage, p_payloadField, v_mandatoryHeaders, p_headerFields);

		} // End of function f_buildGnSecuredCam

		/**
		* @desc This function build and sign the SecureMessage part covered by the signature process
		* @param p_securedMessage The signed SecureMessage part
		* @param p_payloadFields Payloads to be included in the message
		* @param p_payloadField Payloads to be included in the message
		* @param p_signerInfoType Add digest or AT certificate or certificate chain
		* @param p_threeDLocation The 3D location
		* @param p_headerFields HeaderFields to be inserted in the message
		@@ -379,8 +382,8 @@ module LibItsSecurity_Functions {
		*/
		function f_buildGnSecuredDenm(
		out template (value) SecuredMessage p_securedMessage,
		in template (value) SecPayloads p_payloadFields,
		in template (omit) SignerInfoType p_signerInfoType := e_certificate_digest_with_ecdsap256,
		in template (value) SecPayload p_payloadField,
		in template (omit) SignerInfoType p_signerInfoType := e_certificate_digest_with_sha256,
		in ThreeDLocation p_threeDLocation,
		in template (omit) HeaderFields p_headerFields := omit,
		in template (omit) charstring p_certificateName := omit,
		@@ -409,10 +412,15 @@ module LibItsSecurity_Functions {
		if (p_addMissingHeaders == true) {
		// Prepare mandatory headers
		if (valueof(p_signerInfoType) == e_certificate) { // Add the AT certificate
		v_signerInfo := valueof(m_header_field_signer_info(m_signerInfo_certificate(v_atCertificate)));
		v_signerInfo := valueof(
		m_header_field_signer_info(
		m_signerInfo_certificate(
		v_atCertificate
		)));
		}
		if (valueof(p_signerInfoType) == e_certificate_chain) { // Add the AT certificate + AA Certificate
		v_signerInfo := valueof(m_header_field_signer_info(
		v_signerInfo := valueof(
		m_header_field_signer_info(
		m_signerInfo_certificates(
		{
		v_aaCertificate,
		@@ -421,26 +429,31 @@ module LibItsSecurity_Functions {
		)
		));
		}
		if (valueof(p_signerInfoType) == e_certificate_digest_with_ecdsap256) { // Add the AT certificate digest
		v_signerInfo := valueof(m_header_field_signer_info(m_signerInfo_digest(v_atCertificate.signer_infos[0].signerInfo.digest)));
		if (valueof(p_signerInfoType) == e_certificate_digest_with_sha256) { // Add the AT certificate digest
		v_signerInfo := valueof(
		m_header_field_signer_info(
		m_signerInfo_digest(
		v_atCertificate.signer_info.signerInfo.digest
		)));
		}
		v_mandatoryHeaders := {
		v_signerInfo,
		valueof(m_header_field_generation_time(f_getCurrentTime())),
		valueof(m_header_field_generation_location(p_threeDLocation)),
		valueof(m_header_field_message_type(c_messageType_DENM))
		valueof(m_header_field_verification_advice_recommended),
		valueof(m_header_field_its_aid(c_its_aid_DENM))
		}
		}

		// Build the secured message and return it
		return f_buildGnSecuredMessage(p_securedMessage, p_payloadFields, v_mandatoryHeaders, p_headerFields, c_security_profileDENMs);
		return f_buildGnSecuredMessage(p_securedMessage, p_payloadField, v_mandatoryHeaders, p_headerFields);

		} // End of function f_buildGnSecuredDenm

		/**
		* @desc This function build and sign the SecureMessage part covered by the signature process
		* @param p_securedMessage The signed SecureMessage part
		* @param p_payloadFields Payloads to be included in the message
		* @param p_payloadField Payloads to be included in the message
		* @param p_signerInfoType Add digest or AT certificate or certificate chain
		* @param p_threeDLocation The 3D location
		* @param p_headerFields HeaderFields to be inserted in the message
		@@ -450,8 +463,8 @@ module LibItsSecurity_Functions {
		*/
		function f_buildGnSecuredOtherMessage(
		out template (value) SecuredMessage p_securedMessage,
		in template (value) SecPayloads p_payloadFields,
		in template (omit) SignerInfoType p_signerInfoType := e_certificate_digest_with_ecdsap256,
		in template (value) SecPayload p_payloadField,
		in template (omit) SignerInfoType p_signerInfoType := e_certificate_digest_with_sha256,
		in ThreeDLocation p_threeDLocation,
		in template (omit) HeaderFields p_headerFields := omit,
		in template (omit) charstring p_certificateName := omit,
		@@ -480,10 +493,15 @@ module LibItsSecurity_Functions {
		if (p_addMissingHeaders == true) {
		// Prepare mandatory headers
		if (valueof(p_signerInfoType) == e_certificate) { // Add the AT certificate
		v_signerInfo := valueof(m_header_field_signer_info(m_signerInfo_certificate(v_atCertificate)));
		v_signerInfo := valueof(
		m_header_field_signer_info(
		m_signerInfo_certificate(
		v_atCertificate
		)));
		}
		if (valueof(p_signerInfoType) == e_certificate_chain) { // Add the AT certificate + AA Certificate
		v_signerInfo := valueof(m_header_field_signer_info(
		v_signerInfo := valueof(
		m_header_field_signer_info(
		m_signerInfo_certificates(
		{
		v_aaCertificate,
		@@ -492,18 +510,23 @@ module LibItsSecurity_Functions {
		)
		));
		}
		if (valueof(p_signerInfoType) == e_certificate_digest_with_ecdsap256) { // Add the AT certificate digest
		v_signerInfo := valueof(m_header_field_signer_info(m_signerInfo_digest(v_atCertificate.signer_infos[0].signerInfo.digest)));
		if (valueof(p_signerInfoType) == e_certificate_digest_with_sha256) { // Add the AT certificate digest
		v_signerInfo := valueof(
		m_header_field_signer_info(
		m_signerInfo_digest(
		v_atCertificate.signer_info.signerInfo.digest
		)));
		}
		v_mandatoryHeaders := {
		v_signerInfo,
		valueof(m_header_field_generation_time(f_getCurrentTime())),
		valueof(m_header_field_generation_location(p_threeDLocation))
		valueof(m_header_field_generation_location(p_threeDLocation)),
		valueof(m_header_field_verification_advice_recommended)
		}
		}

		// Build the secured message and return it
		return f_buildGnSecuredMessage(p_securedMessage, p_payloadFields, v_mandatoryHeaders, p_headerFields, c_security_profileOthers);
		return f_buildGnSecuredMessage(p_securedMessage, p_payloadField, v_mandatoryHeaders, p_headerFields);
		} // End of function f_buildGnSecuredOtherMessage

		} // End of group hostSignatureHelpers
		@@ -597,9 +620,8 @@ module LibItsSecurity_Functions {

		// Create SecuredMessage payload to be signed
		v_toBeSignedSecuredMessage := m_toBeSignedSecuredMessage(
		valueof(p_securedMessage.security_profile),
		p_securedMessage.header_fields,
		p_securedMessage.payload_fields,
		p_securedMessage.payload_field,
		e_signature
		);

		@@ -716,7 +738,7 @@ module LibItsSecurity_Functions {
		group certificateGetters {

		/**
		* @desc Set the gneration location ase defined in Draft ETSI TS 103 097 V1.1.6
		* @desc Set the gneration location ase defined in Draft ETSI TS 103 097 V1.1.9
		* @param p_latitude The latitude value
		* @param p_longitude The longitude value
		* @param p_elevation The elevation value
		@@ -755,6 +777,7 @@ module LibItsSecurity_Functions {
		return true;
		}

		log("f_loadCertificates: Failed to access ", p_configId);
		return false;
		} // End of function f_loadCertificates

		@@ -793,6 +816,7 @@ module LibItsSecurity_Functions {
		}
		}

		log("f_readCertificate: Failed to retrieve ", p_certificateId);
		return false;
		} // End of function f_readCertificate

		@@ -824,19 +848,15 @@ module LibItsSecurity_Functions {
		}
		} // End of 'for' statement

		log("f_getCertificateValidityRestriction: Failed to retrieve ", p_type);
		return false;
		} // End of function f_getCertificateValidityRestriction

		function f_getCertificateSignerInfo(
		in template (value) Certificate p_cert,
		out SignerInfo p_si
		) return boolean {
		if (isbound(valueof(p_cert).signer_infos)
		and lengthof(p_cert.signer_infos) > 0) {
		p_si := valueof(p_cert).signer_infos[0];
		return true;
		}
		return false;
		) {
		p_si := valueof(p_cert).signer_info;
		}

		function f_getCertificateSubjectAttribute(
		@@ -850,6 +870,8 @@ module LibItsSecurity_Functions {
		return true;
		}
		}

		log("f_getCertificateSubjectAttribute: Failed to retrieve ", p_type);
		return false;
		}

ttcn/Security/LibItsSecurity_Templates.ttcn3

+206 −373

File changed.

Preview size limit exceeded, changes collapsed.

ttcn/Security/LibItsSecurity_TestSystem.ttcn3

+1 −1

Original line number	Diff line number	Diff line
		@@ -28,7 +28,7 @@ module LibItsSecurity_TestSystem {
		var Oct32 vc_signingPrivateKey;
		var Oct32 vc_encryptPrivateKey;

		// Generation position. See Draft ETSI TS 103 097 V1.1.6 Clause 7.2 Security profiles for DENMs
		// Generation position. See Draft ETSI TS 103 097 V1.1.9 Clause 7.2 Security profiles for DENMs
		var ThreeDLocation vc_location;

		// Test Adapter certificates & private keys

ttcn/Security/LibItsSecurity_TypesAndValues.ttcn3

+165 −119

File changed.

Preview size limit exceeded, changes collapsed.