STF507 week#9: (a4f9a6a5) · Commits · TTCN-3 Libraries / LibIts

ttcn/Security/LibItsSecurity_Functions.ttcn3

+28 −7

Original line number	Original line	Diff line number	Diff line
	@@ -304,7 +304,7 @@ module LibItsSecurity_Functions {
	function f_buildGnSecuredMessage_Bo(		function f_buildGnSecuredMessage_Bo(
	out template (value) SecuredMessage p_securedMessage,		out template (value) SecuredMessage p_securedMessage,
	in template (value) charstring p_certificateName,		in template (value) charstring p_certificateName,
	in integer p_protocolVersion := c_protocol_version,		in UInt8 p_protocolVersion := c_protocol_version,
	in integer p_trailerStatus := 0,		in integer p_trailerStatus := 0,
	in template (value) SecPayload p_payloadField,		in template (value) SecPayload p_payloadField,
	in template (value) HeaderFields p_mandatoryHeaders,		in template (value) HeaderFields p_mandatoryHeaders,
	@@ -371,6 +371,7 @@ module LibItsSecurity_Functions {

	// Prepare payload to be signed		// Prepare payload to be signed
	v_toBeSignedPayload := valueof(p_payloadField);		v_toBeSignedPayload := valueof(p_payloadField);
			// log("p_trailerStatus=", p_trailerStatus);
	if (p_trailerStatus == 0) {		if (p_trailerStatus == 0) {
	v_trailerSize := 0;		v_trailerSize := 0;
	} else if (p_trailerStatus == 1) {		} else if (p_trailerStatus == 1) {
	@@ -387,8 +388,10 @@ module LibItsSecurity_Functions {
	p_protocolVersion,		p_protocolVersion,
	v_trailerSize		v_trailerSize
	);		);
			log("m_toBeSignedSecuredMessage_wrong_protocol=", v_toBeSignedSecuredMessage);

	v_secPayload := bit2oct(encvalue(v_toBeSignedSecuredMessage));		v_secPayload := bit2oct(encvalue(v_toBeSignedSecuredMessage));
			log("v_secPayload=", v_secPayload);

	// Signed payload		// Signed payload
	if (ispresent(p_certificateName) and (valueof(p_certificateName) != cc_taCert_A)) {		if (ispresent(p_certificateName) and (valueof(p_certificateName) != cc_taCert_A)) {
	@@ -404,16 +407,20 @@ module LibItsSecurity_Functions {
	v_secPayload,		v_secPayload,
	v_privateKey		v_privateKey
	);		);
			log("v_signature=", v_signature);

			// log("p_trailerStatus=", p_trailerStatus);
	if (p_trailerStatus == 0) { // No signature		if (p_trailerStatus == 0) { // No signature
	p_securedMessage := m_securedMessage(		p_securedMessage := m_securedMessage_wrong_protocol(
			p_protocolVersion,
	v_toBeSignedSecuredMessage.header_fields,		v_toBeSignedSecuredMessage.header_fields,
	p_payloadField,		p_payloadField,
	{ }		{ }
	);		);
	v_trailerSize := 0;		v_trailerSize := 0;
	} else if (p_trailerStatus == 2) { // Duplicate signature		} else if (p_trailerStatus == 2) { // Duplicate signature
	p_securedMessage := m_securedMessage(		p_securedMessage := m_securedMessage_wrong_protocol(
			p_protocolVersion,
	v_toBeSignedSecuredMessage.header_fields,		v_toBeSignedSecuredMessage.header_fields,
	p_payloadField,		p_payloadField,
	{		{
	@@ -439,8 +446,22 @@ module LibItsSecurity_Functions {
	)		)
	}		}
	);		);
			} else if (p_trailerStatus == 3) { // Signature with reserved algorthm
			p_securedMessage := m_securedMessage_wrong_protocol(
			p_protocolVersion,
			v_toBeSignedSecuredMessage.header_fields,
			p_payloadField,
			{
			m_trailer_field_signature(
			m_unknownSignature(
			v_signature
			)
			)
			}
			);
	} else { // Invalid signature		} else { // Invalid signature
	p_securedMessage := m_securedMessage(		p_securedMessage := m_securedMessage_wrong_protocol(
			p_protocolVersion,
	v_toBeSignedSecuredMessage.header_fields,		v_toBeSignedSecuredMessage.header_fields,
	p_payloadField,		p_payloadField,
	{		{
	@@ -554,7 +575,7 @@ module LibItsSecurity_Functions {
	*/		*/
	function f_buildGnSecuredCam_Bo(		function f_buildGnSecuredCam_Bo(
	out template (value) SecuredMessage p_securedMessage,		out template (value) SecuredMessage p_securedMessage,
	in integer p_protocolVersion := c_protocol_version,		in UInt8 p_protocolVersion := c_protocol_version,
	in integer p_trailerStatus := 0,		in integer p_trailerStatus := 0,
	in template (value) SecPayload p_payloadField,		in template (value) SecPayload p_payloadField,
	in template (omit) SignerInfoType p_signerInfoType := e_certificate_digest_with_sha256,		in template (omit) SignerInfoType p_signerInfoType := e_certificate_digest_with_sha256,
	@@ -711,7 +732,7 @@ module LibItsSecurity_Functions {
	*/		*/
	function f_buildGnSecuredDenm_Bo(		function f_buildGnSecuredDenm_Bo(
	out template (value) SecuredMessage p_securedMessage,		out template (value) SecuredMessage p_securedMessage,
	in integer p_protocolVersion := c_protocol_version,		in UInt8 p_protocolVersion := c_protocol_version,
	in integer p_trailerStatus := 0,		in integer p_trailerStatus := 0,
	in template (value) SecPayload p_payloadField,		in template (value) SecPayload p_payloadField,
	in template (omit) SignerInfoType p_signerInfoType := e_certificate_digest_with_sha256,		in template (omit) SignerInfoType p_signerInfoType := e_certificate_digest_with_sha256,
	@@ -860,7 +881,7 @@ module LibItsSecurity_Functions {
	*/		*/
	function f_buildGnSecuredOtherMessage_Bo(		function f_buildGnSecuredOtherMessage_Bo(
	out template (value) SecuredMessage p_securedMessage,		out template (value) SecuredMessage p_securedMessage,
	in integer p_protocolVersion := c_protocol_version,		in UInt8 p_protocolVersion := c_protocol_version,
	in integer p_trailerStatus := 0,		in integer p_trailerStatus := 0,
	in template (value) SecPayload p_payloadField,		in template (value) SecPayload p_payloadField,
	in template (omit) SignerInfoType p_signerInfoType := e_certificate_digest_with_sha256,		in template (omit) SignerInfoType p_signerInfoType := e_certificate_digest_with_sha256,

ttcn/Security/LibItsSecurity_Templates.ttcn3

+71 −10

Original line number	Original line	Diff line number	Diff line
	@@ -334,6 +334,20 @@ module LibItsSecurity_Templates {
	s := p_s		s := p_s
	} // End of template m_ecdsaSignature		} // End of template m_ecdsaSignature

			/**
			* @desc Send template for signatures based on unknown algorithm
			* @member p_signature The unknown signature
			* @see Draft ETSI TS 103 097 V1.1.14 Clause 4.2.9 Signature
			*/
			template (value) Signature m_unknownSignature(
			in template (value) octetstring p_signature
			):= {
			algorithm := e_unknown,
			signature_ := {
			signature_ := p_signature
			} // End of field signature_
			} // End of template m_unknownSignature

	} // End of group signatures		} // End of group signatures

	group signerInfos {		group signerInfos {
	@@ -358,6 +372,9 @@ module LibItsSecurity_Templates {
	} // End of field signerInfo		} // End of field signerInfo
	} // End of template m_signerInfo_digest		} // End of template m_signerInfo_digest

			/**
			* @desc Send template for certificate signed message
			*/
	template (value) SignerInfo m_signerInfo_certificate(		template (value) SignerInfo m_signerInfo_certificate(
	in template (value) Certificate p_certificate		in template (value) Certificate p_certificate
	) := {		) := {
	@@ -367,6 +384,9 @@ module LibItsSecurity_Templates {
	} // End of field signerInfo		} // End of field signerInfo
	} // End of template m_signerInfo_certificate		} // End of template m_signerInfo_certificate

			/**
			* @desc Send template for certificate chain signed message
			*/
	template (value) SignerInfo m_signerInfo_certificates(		template (value) SignerInfo m_signerInfo_certificates(
	in template (value) CertificateChain p_certificates		in template (value) CertificateChain p_certificates
	) := {		) := {
	@@ -376,6 +396,9 @@ module LibItsSecurity_Templates {
	} // End of field signerInfo		} // End of field signerInfo
	} // End of template m_signerInfo_certificates		} // End of template m_signerInfo_certificates

			/**
			* @desc Send template for other certificate signed message
			*/
	template (value) SignerInfo m_signerInfo_other_certificates(		template (value) SignerInfo m_signerInfo_other_certificates(
	in template (value) CertificateWithAlgo p_certificateWithAlgo		in template (value) CertificateWithAlgo p_certificateWithAlgo
	) := {		) := {
	@@ -392,6 +415,18 @@ module LibItsSecurity_Templates {
	digest := p_digest		digest := p_digest
	} // End of m_certificateWithAlgo		} // End of m_certificateWithAlgo

			/**
			* @desc Send template for unknown signed message
			*/
			template (value) SignerInfo m_signerInfo_unknown(
			in template (value) octetstring p_info
			) := {
			type_ := e_unknown,
			signerInfo := {
			info := p_info
			} // End of field signerInfo
			} // End of template m_signerInfo_unknown

	} // End of group signerInfos		} // End of group signerInfos

	/**		/**
	@@ -936,6 +971,21 @@ module LibItsSecurity_Templates {
	trailer_fields := p_trailer_fields		trailer_fields := p_trailer_fields
	} // End of template m_securedMessage		} // End of template m_securedMessage

			/**
			* @desc Generic send template for secured message
			*/
			template (value) SecuredMessage m_securedMessage_wrong_protocol(
			in template (value) UInt8 p_protocol_version := c_protocol_version,
			in template (value) HeaderFields p_header_fields,
			in template (value) SecPayload p_payload_field,
			in template (value) TrailerFields p_trailer_fields
			) := {
			protocol_version := p_protocol_version,
			header_fields := p_header_fields,
			payload_field := p_payload_field,
			trailer_fields := p_trailer_fields
			} // End of template m_securedMessage

	} // End of group messagesSend		} // End of group messagesSend

	/**		/**
	@@ -1070,6 +1120,17 @@ module LibItsSecurity_Templates {
	data := p_data		data := p_data
	} // End of template m_payload_signed_and_encrypted		} // End of template m_payload_signed_and_encrypted

			/**
			* @desc Send template for 'unsecured' Payload
			* @see Draft ETSI TS 103 097 V1.1.14 Clause 5.2 Payload
			*/
			template (value) SecPayload m_payload_unknown(
			in template (value) octetstring p_data
			) := {
			type_ := e_unknown,
			data := p_data
			} // End of template m_payload_unknown

	} // End of group payloadsSend		} // End of group payloadsSend

	/**		/**
	@@ -1287,7 +1348,7 @@ module LibItsSecurity_Templates {
	* @see Draft ETSI TS 103 097 V1.1.14 Clause 5.4 HeaderField		* @see Draft ETSI TS 103 097 V1.1.14 Clause 5.4 HeaderField
	*/		*/
	template (value) HeaderField m_header_field_unspecify := {		template (value) HeaderField m_header_field_unspecify := {
	type_ := e_other_header_200,		type_ := e_other_header_240,
	headerField := {		headerField := {
	other_header := 'C0FFEEDECA'O		other_header := 'C0FFEEDECA'O
	}		}

ttcn/Security/LibItsSecurity_TestSystem.ttcn3

+20 −2

Original line number	Original line	Diff line number	Diff line
	@@ -107,8 +107,11 @@ module LibItsSecurity_TestSystem {
	const charstring cc_taCert0910_BO := "CERT_TS_09_10_BO_AT"; /** Check that the IUT discards a message when the identified region validity restriction of its signing certificate contains unknown area code */		const charstring cc_taCert0910_BO := "CERT_TS_09_10_BO_AT"; /** Check that the IUT discards a message when the identified region validity restriction of its signing certificate contains unknown area code */
	const charstring cc_taCert0911_BO := "CERT_TS_09_11_BO_AT"; /** Check that the IUT discards a message when the identified region validity restriction of its signing certificate contains invalid area code */		const charstring cc_taCert0911_BO := "CERT_TS_09_11_BO_AT"; /** Check that the IUT discards a message when the identified region validity restriction of its signing certificate contains invalid area code */
	const charstring cc_taCert1001_BO := "CERT_TS_10_01_BO_AT"; /** Check that the IUT discards a message when its signing certificate does not contain the time validity restriction */		const charstring cc_taCert1001_BO := "CERT_TS_10_01_BO_AT"; /** Check that the IUT discards a message when its signing certificate does not contain the time validity restriction */
	const charstring cc_taCert1002_BO := "CERT_TS_10_02_BO_AT"; /** Check that the IUT discards a message when its signing certificate contains 'time_end' validity restriction */		const charstring cc_taCert1002_BO := "CERT_TS_10_02_BO_AT"; /** Check that the IUT discards a message when the issuing certificate of the message signing certificate does not contain the time validity restriction */
	const charstring cc_taCert1003_BO := "CERT_TS_10_03_BO_AT"; /** Check that the IUT discards a message when its signing certificate contains 'time_start_and_duration' validity restriction */		const charstring cc_taCert1003_BO := "CERT_TS_10_03_BO_AT"; /** Check that the IUT discards a message when its signing certificate contains 'time_end' validity restriction */
			const charstring cc_taCert1004_BO := "CERT_TS_10_03_BO_AT"; /** Check that the IUT discards a message when its signing certificate contains 'time_start_and_duration' validity restriction */
			const charstring cc_taCert1005_BO := "CERT_TS_10_03_BO_AT"; /** Check that the IUT discards a message when the issuing certificate of the message signing certificate contains 'time_end' validity restriction */
			const charstring cc_taCert1006_BO := "CERT_TS_10_03_BO_AT"; /** Check that the IUT discards a message when its signing certificate contains 'time_start_and_duration' validity restriction */
	const charstring cc_taCert1101_BO := "CERT_TS_11_01_BO_AT"; /** Check that the IUT discards a message when the validity period of the signing certificate ends after the validity period of its issuing certificate */		const charstring cc_taCert1101_BO := "CERT_TS_11_01_BO_AT"; /** Check that the IUT discards a message when the validity period of the signing certificate ends after the validity period of its issuing certificate */
	const charstring cc_taCert1102_BO := "CERT_TS_11_02_BO_AT"; /** Check that the IUT discards a message when the validity period of its signing certificate starts before the validity period of the issuing certificate */		const charstring cc_taCert1102_BO := "CERT_TS_11_02_BO_AT"; /** Check that the IUT discards a message when the validity period of its signing certificate starts before the validity period of the issuing certificate */
	const charstring cc_taCert1103_BO := "CERT_TS_11_03_BO_AT"; /** Check that the IUT discards a message when the issuing certificate of signing certificate is expired but the signing certificate is not expired yet */		const charstring cc_taCert1103_BO := "CERT_TS_11_03_BO_AT"; /** Check that the IUT discards a message when the issuing certificate of signing certificate is expired but the signing certificate is not expired yet */
	@@ -119,6 +122,21 @@ module LibItsSecurity_TestSystem {
	const charstring cc_taCert1204_BO := "CERT_TS_12_04_BO_AT"; /** Check that the IUT discards a Secured CAM when its signing certificate contains two records with AID_CAM in the its_aid_ssp_list subject attribute */		const charstring cc_taCert1204_BO := "CERT_TS_12_04_BO_AT"; /** Check that the IUT discards a Secured CAM when its signing certificate contains two records with AID_CAM in the its_aid_ssp_list subject attribute */
	const charstring cc_taCert1301_BO := "CERT_TS_13_01_BO_AT"; /** Check that the IUT discards a message when the signing AT certificate contains a CAM AID-SSP record whereas the issuing AA certificate does not contain the record with AID_CAM */		const charstring cc_taCert1301_BO := "CERT_TS_13_01_BO_AT"; /** Check that the IUT discards a message when the signing AT certificate contains a CAM AID-SSP record whereas the issuing AA certificate does not contain the record with AID_CAM */
	const charstring cc_taCert1302_BO := "CERT_TS_13_02_BO_AT"; /** Check that the IUT discards a message when the signing AT certificate contains a DENM AID-SSP record whereas the issuing AA certificate does not contain the AID record with AID_DENM */		const charstring cc_taCert1302_BO := "CERT_TS_13_02_BO_AT"; /** Check that the IUT discards a message when the signing AT certificate contains a DENM AID-SSP record whereas the issuing AA certificate does not contain the AID record with AID_DENM */
			const charstring cc_taCert1303_BO := "CERT_TS_13_03_BO_AT"; /** Check that IUT discards a SecuredMessage if the AA certificate does not contain a subject_attribute of type its_aid_list */
			const charstring cc_taCert1401_BO := "CERT_TS_14_01_BO_AT"; /** Check that IUT discards the AT certificate with signer info of type 'certificate' */
			const charstring cc_taCert1402_BO := "CERT_TS_14_02_BO_AT"; /** Check that IUT discards the AT certificate with signer info of type 'certificate_chain' */
			const charstring cc_taCert1403_BO := "CERT_TS_14_03_BO_AT"; /** Check that IUT discards the AT certificate with signer info of type 'certificate_digest_with_other_algorithm' */
			const charstring cc_taCert1501_BO := "CERT_TS_15_01_BO_AT"; /** Check that IUT discards the AA certificate with signer info of type 'certificate' */
			const charstring cc_taCert1502_BO := "CERT_TS_15_02_BO_AT"; /** Check that IUT discards the AA certificate with signer info of type 'certificate_chain' */
			const charstring cc_taCert1503_BO := "CERT_TS_15_03_BO_AT"; /** Check that IUT discards the AA certificate with signer info of type 'certificate_digest_with_other_algorithm' */
			const charstring cc_taCert1601_BO := "CERT_TS_16_01_BO_AT"; /** Check that IUT discards a SecuredMessage if the subject_name of the AT certificate is not an empty name field */
			const charstring cc_taCert1701_BO := "CERT_TS_17_01_BO_AT"; /** Check that IUT discards a SecuredMessage if the subject attribute of type assurance_level is missing in the AT certificate */
			const charstring cc_taCert1702_BO := "CERT_TS_17_02_BO_AT"; /** Check that IUT discards a SecuredMessage if the subject attribute of type assurance_level is missing in the AA certificate */
			const charstring cc_taCert1703_BO := "CERT_TS_17_03_BO_AT"; /** Check that IUT discards a SecuredMessage if the assurance level of issuing certificate is less then assurance level of subordinate certificate */
			const charstring cc_taCert1704_BO := "CERT_TS_17_04_BO_AT"; /** Check that IUT discards a SecuredMessage if the assurance level of issuing certificate is equal to the assurance level of the subordinate certificate but the confidence of subject assurance of issuing certificate is less then the confidence of the subordinate certificate */
			const charstring cc_taCert1801_BO := "CERT_TS_18_01_BO_AT"; /** Check that IUT discards a SecuredMessage if the subject attribute of type verification_key is missing in the AT certificate */
			const charstring cc_taCert1802_BO := "CERT_TS_18_02_BO_AT"; /** Check that IUT discards a SecuredMessage if the subject attribute of type verification_key is missing in the AA certificate */
			const charstring cc_taCert1901_BO := "CERT_TS_19_01_BO_AT"; /** Check that IUT discards a SecuredMessage if the reserved region type has been used in region validity restriction of the AT certificate */

	// IUT certificates & private keys		// IUT certificates & private keys
	const charstring cc_iutCert_A := "CERT_IUT_A_AT"; /** Default certificate, without region validity restriction, to be used when secured messages are sent from TA to IUT */		const charstring cc_iutCert_A := "CERT_IUT_A_AT"; /** Default certificate, without region validity restriction, to be used when secured messages are sent from TA to IUT */

ttcn/Security/LibItsSecurity_TypesAndValues.ttcn3

+7 −4

Original line number	Original line	Diff line number	Diff line
	@@ -29,7 +29,8 @@ module LibItsSecurity_TypesAndValues {
	*/		*/
	type enumerated PublicKeyAlgorithm {		type enumerated PublicKeyAlgorithm {
	e_ecdsa_nistp256_with_sha256 (0),		e_ecdsa_nistp256_with_sha256 (0),
	e_ecies_nistp256 (1)		e_ecies_nistp256 (1),
			e_unknown (240)
	} with { variant "8 bit" }		} with { variant "8 bit" }

	/**		/**
	@@ -210,7 +211,8 @@ module LibItsSecurity_TypesAndValues {
	e_certificate_digest_with_sha256 (1),		e_certificate_digest_with_sha256 (1),
	e_certificate (2),		e_certificate (2),
	e_certificate_chain (3),		e_certificate_chain (3),
	e_certificate_digest_with_other_algorithm (4)		e_certificate_digest_with_other_algorithm (4),
			e_unknown (240)
	} // End of type SignerInfoContainer		} // End of type SignerInfoContainer

	/**		/**
	@@ -482,7 +484,8 @@ module LibItsSecurity_TypesAndValues {
	e_signed (1),		e_signed (1),
	e_encrypted (2),		e_encrypted (2),
	e_signed_external (3),		e_signed_external (3),
	e_signed_and_encrypted (4)		e_signed_and_encrypted (4),
			e_unknown (240)
	} with { variant "8 bit" }		} with { variant "8 bit" }

	/**		/**
	@@ -514,7 +517,7 @@ module LibItsSecurity_TypesAndValues {
	e_signer_info (128),		e_signer_info (128),
	e_encryption_parameters (129),		e_encryption_parameters (129),
	e_recipient_info (130),		e_recipient_info (130),
	e_other_header_200 (200)		e_other_header_240 (240)
	} with { variant "8 bit" }		} with { variant "8 bit" }

	type union HeaderFieldContainer {		type union HeaderFieldContainer {

Admin message