Loading ttcn/Security/LibItsSecurity_Functions.ttcn3 +58 −37 Original line number Diff line number Diff line Loading @@ -31,12 +31,12 @@ module LibItsSecurity_Functions { /** * @desc Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signaturee * @param p_toBeSignedData The data to be signed * @param p_ToBeSignedSecuredMessage The data to be signed * @return The signature value */ function f_signWithEcdsaNistp256WithSha256(in Oct32 p_toBeSignedData) return octetstring { function f_signWithEcdsaNistp256WithSha256(in Oct32 p_ToBeSignedSecuredMessage) return octetstring { return fx_signWithEcdsaNistp256WithSha256( p_toBeSignedData, p_ToBeSignedSecuredMessage, PX_PRIVATE_SIGNING_KEYS[PX_CERTIFICATE_CONFIG_IDX] ); Loading Loading @@ -78,12 +78,12 @@ module LibItsSecurity_Functions { * @desc Build a template of a secured beacon to be used for the Test Adapter secured beaconing processing */ function f_buildSecuredMessagePayloadToBeSigned() return ToBeSignedData { return ToBeSignedSecuredMessage { // Local variables var template (value) ToBeSignedData v_toBeSignedData; var template (value) ToBeSignedSecuredMessage v_ToBeSignedSecuredMessage; // Build the beacon template v_toBeSignedData := m_toBeSignedData_profileOther( v_ToBeSignedSecuredMessage := m_ToBeSignedSecuredMessage_profileOther( { // Field HeaderFields m_header_field_signer_info( m_signerInfo_certificate( Loading @@ -103,30 +103,32 @@ module LibItsSecurity_Functions { e_signature ); return v_toBeSignedData; return v_ToBeSignedSecuredMessage; } /** * @desc This function build and sign the SecureMessage part covered by the signature process * @param p_securedMessage The signed SecureMessage part * @param p_unsecuredPayload The unsigned payload (e.g. a beacon) * @param p_threeDLocation The ThreeDLocation value * @param p_securedMessage The signed SecureMessage part * @param p_headerFileds Additional HeaderFields * @return true on success, false otherwise * @verdict Unchanged */ function f_buildGnSecuredCam( out template (value) SecuredMessage p_securedMessage, in octetstring p_unsecuredPayload, in ThreeDLocation p_threeDLocation, out template (value) SecuredMessage p_securedMessage in template (omit) HeaderFields p_headerFileds := omit ) return boolean { // Local variables var octetstring v_secPayload, v_signature; var Oct32 v_hash; var template (value) ToBeSignedData v_toBeSignedData; var template (value) ToBeSignedSecuredMessage v_ToBeSignedSecuredMessage; // Create SecuredMessage payload to be signed v_toBeSignedData := m_toBeSignedData_profileOther( v_ToBeSignedSecuredMessage := m_ToBeSignedSecuredMessage_profileOther( { // Field HeaderFields m_header_field_signer_info( m_signerInfo_certificate( Loading @@ -147,7 +149,7 @@ module LibItsSecurity_Functions { e_signature ); v_secPayload := bit2oct(encvalue(v_toBeSignedData)); v_secPayload := bit2oct(encvalue(v_ToBeSignedSecuredMessage)); // Calculate the hash of the SecuredMessage payload to be signed v_hash := f_hashWithSha256(v_secPayload); Loading @@ -158,8 +160,8 @@ module LibItsSecurity_Functions { ); p_securedMessage := m_securedMessage_profileOther( // See Clause 7.3 Generic security profile for other signed messages v_toBeSignedData.header_fields, v_toBeSignedData.payload_fields, v_ToBeSignedSecuredMessage.header_fields, v_ToBeSignedSecuredMessage.payload_fields, { m_trailer_field_signature( m_signature( Loading @@ -179,25 +181,27 @@ module LibItsSecurity_Functions { /** * @desc This function build and sign the SecureMessage part covered by the signature process * @param p_securedMessage The signed SecureMessage part * @param p_unsecuredPayload The unsigned payload (e.g. a beacon) * @param p_threeDLocation The ThreeDLocation value * @param p_securedMessage The signed SecureMessage part * @param p_headerFileds Additional HeaderFields * @return true on success, false otherwise * @verdict Unchanged */ function f_buildGnSecuredDenm( out template (value) SecuredMessage p_securedMessage, in octetstring p_unsecuredPayload, in ThreeDLocation p_threeDLocation, out template (value) SecuredMessage p_securedMessage in template (omit) HeaderFields p_headerFileds := omit ) return boolean { // Local variables var octetstring v_secPayload, v_signature; var Oct32 v_hash; var template (value) ToBeSignedData v_toBeSignedData; var template (value) ToBeSignedSecuredMessage v_ToBeSignedSecuredMessage; // Create SecuredMessage payload to be signed v_toBeSignedData := m_toBeSignedData_profileOther( v_ToBeSignedSecuredMessage := m_ToBeSignedSecuredMessage_profileOther( { // Field HeaderFields m_header_field_signer_info( m_signerInfo_certificate( Loading @@ -218,7 +222,7 @@ module LibItsSecurity_Functions { e_signature ); v_secPayload := bit2oct(encvalue(v_toBeSignedData)); v_secPayload := bit2oct(encvalue(v_ToBeSignedSecuredMessage)); // Calculate the hash of the SecuredMessage payload to be signed v_hash := f_hashWithSha256(v_secPayload); Loading @@ -229,8 +233,8 @@ module LibItsSecurity_Functions { ); p_securedMessage := m_securedMessage_profileOther( // See Clause 7.3 Generic security profile for other signed messages v_toBeSignedData.header_fields, v_toBeSignedData.payload_fields, v_ToBeSignedSecuredMessage.header_fields, v_ToBeSignedSecuredMessage.payload_fields, { m_trailer_field_signature( m_signature( Loading @@ -250,25 +254,27 @@ module LibItsSecurity_Functions { /** * @desc This function build and sign the SecureMessage part covered by the signature process * @param p_securedMessage The signed SecureMessage part * @param p_unsecuredPayload The unsigned payload (e.g. a beacon) * @param p_threeDLocation The ThreeDLocation value * @param p_securedMessage The signed SecureMessage part * @param p_headerFileds Additional HeaderFields * @return true on success, false otherwise * @verdict Unchanged */ function f_buildGnSecuredOtherMessage( out template (value) SecuredMessage p_securedMessage, in octetstring p_unsecuredPayload, in ThreeDLocation p_threeDLocation, out template (value) SecuredMessage p_securedMessage in template (omit) HeaderFields p_headerFileds := omit ) return boolean { // Local variables var octetstring v_secPayload, v_signature; var Oct32 v_hash; var template (value) ToBeSignedData v_toBeSignedData; var template (value) ToBeSignedSecuredMessage v_ToBeSignedSecuredMessage; // Create SecuredMessage payload to be signed v_toBeSignedData := m_toBeSignedData_profileOther( v_ToBeSignedSecuredMessage := m_ToBeSignedSecuredMessage_profileOther( { // Field HeaderFields m_header_field_signer_info( m_signerInfo_certificate( Loading @@ -288,7 +294,7 @@ module LibItsSecurity_Functions { e_signature ); v_secPayload := bit2oct(encvalue(v_toBeSignedData)); v_secPayload := bit2oct(encvalue(v_ToBeSignedSecuredMessage)); // Calculate the hash of the SecuredMessage payload to be signed v_hash := f_hashWithSha256(v_secPayload); Loading @@ -299,8 +305,8 @@ module LibItsSecurity_Functions { ); p_securedMessage := m_securedMessage_profileOther( // See Clause 7.3 Generic security profile for other signed messages v_toBeSignedData.header_fields, v_toBeSignedData.payload_fields, v_ToBeSignedSecuredMessage.header_fields, v_ToBeSignedSecuredMessage.payload_fields, { m_trailer_field_signature( m_signature( Loading @@ -325,7 +331,7 @@ module LibItsSecurity_Functions { * @return true on success, false otherwise * @verdict */ function f_verifyGnSecuredOtherMessage( function f_verifyGnSecuredOtherMessage( // TODO For debug purpose only, to be removed in template (value) SecuredMessage p_securedMessage ) return boolean { Loading @@ -335,16 +341,16 @@ module LibItsSecurity_Functions { var Oct32 v_hash; var integer v_counter; var boolean v_result := false; var template (value) ToBeSignedData v_toBeSignedData; var template (value) ToBeSignedSecuredMessage v_ToBeSignedSecuredMessage; // Create SecuredMessage payload to be signed v_toBeSignedData := m_toBeSignedData_profileOther( v_ToBeSignedSecuredMessage := m_ToBeSignedSecuredMessage_profileOther( p_securedMessage.header_fields, p_securedMessage.payload_fields, e_signature ); v_secPayload := bit2oct(encvalue(v_toBeSignedData)); v_secPayload := bit2oct(encvalue(v_ToBeSignedSecuredMessage)); // Calculate the hash of the SecuredMessage payload to be signed v_hash := fx_hashWithSha256(v_secPayload); Loading Loading @@ -375,6 +381,21 @@ module LibItsSecurity_Functions { group deviceSignatureHelpers { /** * @desc Verify the signature of the provided secured message * @param p_aaCertifcate Certificate Authority certificate * @param p_atCertificate Authorization Ticket certificate * @return true on success, false otherwise * @verdict */ function f_verifyCertificateSignature( in template (value) Certificate p_aaCertifcate, in template (value) Certificate p_atCertificate ) return boolean { // TODO To be implemented return false; } /** * @desc Verify the signature of the provided secured message * @param p_securedMessage Loading @@ -392,16 +413,16 @@ module LibItsSecurity_Functions { var Oct32 v_hash; var integer v_counter; var boolean v_result := false; var template (value) ToBeSignedData v_toBeSignedData; var template (value) ToBeSignedSecuredMessage v_ToBeSignedSecuredMessage; // Create SecuredMessage payload to be signed v_toBeSignedData := m_toBeSignedData_profileOther( v_ToBeSignedSecuredMessage := m_ToBeSignedSecuredMessage_profileOther( p_securedMessage.header_fields, p_securedMessage.payload_fields, e_signature ); v_secPayload := bit2oct(encvalue(v_toBeSignedData)); v_secPayload := bit2oct(encvalue(v_ToBeSignedSecuredMessage)); // Calculate the hash of the SecuredMessage payload to be signed v_hash := fx_hashWithSha256(v_secPayload); Loading Loading @@ -524,11 +545,11 @@ module LibItsSecurity_Functions { /** * @desc Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signaturee * @param p_toBeSignedData The data to be signed * @param p_ToBeSignedSecuredMessage The data to be signed * @param p_privateKey The private key * @return The signature value */ external function fx_signWithEcdsaNistp256WithSha256(in octetstring p_toBeSignedData, in octetstring/*UInt64*/ p_privateKey) return octetstring; external function fx_signWithEcdsaNistp256WithSha256(in octetstring p_ToBeSignedSecuredMessage, in octetstring/*UInt64*/ p_privateKey) return octetstring; /** * @desc Verify the signature of the specified data Loading Loading
ttcn/Security/LibItsSecurity_Functions.ttcn3 +58 −37 Original line number Diff line number Diff line Loading @@ -31,12 +31,12 @@ module LibItsSecurity_Functions { /** * @desc Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signaturee * @param p_toBeSignedData The data to be signed * @param p_ToBeSignedSecuredMessage The data to be signed * @return The signature value */ function f_signWithEcdsaNistp256WithSha256(in Oct32 p_toBeSignedData) return octetstring { function f_signWithEcdsaNistp256WithSha256(in Oct32 p_ToBeSignedSecuredMessage) return octetstring { return fx_signWithEcdsaNistp256WithSha256( p_toBeSignedData, p_ToBeSignedSecuredMessage, PX_PRIVATE_SIGNING_KEYS[PX_CERTIFICATE_CONFIG_IDX] ); Loading Loading @@ -78,12 +78,12 @@ module LibItsSecurity_Functions { * @desc Build a template of a secured beacon to be used for the Test Adapter secured beaconing processing */ function f_buildSecuredMessagePayloadToBeSigned() return ToBeSignedData { return ToBeSignedSecuredMessage { // Local variables var template (value) ToBeSignedData v_toBeSignedData; var template (value) ToBeSignedSecuredMessage v_ToBeSignedSecuredMessage; // Build the beacon template v_toBeSignedData := m_toBeSignedData_profileOther( v_ToBeSignedSecuredMessage := m_ToBeSignedSecuredMessage_profileOther( { // Field HeaderFields m_header_field_signer_info( m_signerInfo_certificate( Loading @@ -103,30 +103,32 @@ module LibItsSecurity_Functions { e_signature ); return v_toBeSignedData; return v_ToBeSignedSecuredMessage; } /** * @desc This function build and sign the SecureMessage part covered by the signature process * @param p_securedMessage The signed SecureMessage part * @param p_unsecuredPayload The unsigned payload (e.g. a beacon) * @param p_threeDLocation The ThreeDLocation value * @param p_securedMessage The signed SecureMessage part * @param p_headerFileds Additional HeaderFields * @return true on success, false otherwise * @verdict Unchanged */ function f_buildGnSecuredCam( out template (value) SecuredMessage p_securedMessage, in octetstring p_unsecuredPayload, in ThreeDLocation p_threeDLocation, out template (value) SecuredMessage p_securedMessage in template (omit) HeaderFields p_headerFileds := omit ) return boolean { // Local variables var octetstring v_secPayload, v_signature; var Oct32 v_hash; var template (value) ToBeSignedData v_toBeSignedData; var template (value) ToBeSignedSecuredMessage v_ToBeSignedSecuredMessage; // Create SecuredMessage payload to be signed v_toBeSignedData := m_toBeSignedData_profileOther( v_ToBeSignedSecuredMessage := m_ToBeSignedSecuredMessage_profileOther( { // Field HeaderFields m_header_field_signer_info( m_signerInfo_certificate( Loading @@ -147,7 +149,7 @@ module LibItsSecurity_Functions { e_signature ); v_secPayload := bit2oct(encvalue(v_toBeSignedData)); v_secPayload := bit2oct(encvalue(v_ToBeSignedSecuredMessage)); // Calculate the hash of the SecuredMessage payload to be signed v_hash := f_hashWithSha256(v_secPayload); Loading @@ -158,8 +160,8 @@ module LibItsSecurity_Functions { ); p_securedMessage := m_securedMessage_profileOther( // See Clause 7.3 Generic security profile for other signed messages v_toBeSignedData.header_fields, v_toBeSignedData.payload_fields, v_ToBeSignedSecuredMessage.header_fields, v_ToBeSignedSecuredMessage.payload_fields, { m_trailer_field_signature( m_signature( Loading @@ -179,25 +181,27 @@ module LibItsSecurity_Functions { /** * @desc This function build and sign the SecureMessage part covered by the signature process * @param p_securedMessage The signed SecureMessage part * @param p_unsecuredPayload The unsigned payload (e.g. a beacon) * @param p_threeDLocation The ThreeDLocation value * @param p_securedMessage The signed SecureMessage part * @param p_headerFileds Additional HeaderFields * @return true on success, false otherwise * @verdict Unchanged */ function f_buildGnSecuredDenm( out template (value) SecuredMessage p_securedMessage, in octetstring p_unsecuredPayload, in ThreeDLocation p_threeDLocation, out template (value) SecuredMessage p_securedMessage in template (omit) HeaderFields p_headerFileds := omit ) return boolean { // Local variables var octetstring v_secPayload, v_signature; var Oct32 v_hash; var template (value) ToBeSignedData v_toBeSignedData; var template (value) ToBeSignedSecuredMessage v_ToBeSignedSecuredMessage; // Create SecuredMessage payload to be signed v_toBeSignedData := m_toBeSignedData_profileOther( v_ToBeSignedSecuredMessage := m_ToBeSignedSecuredMessage_profileOther( { // Field HeaderFields m_header_field_signer_info( m_signerInfo_certificate( Loading @@ -218,7 +222,7 @@ module LibItsSecurity_Functions { e_signature ); v_secPayload := bit2oct(encvalue(v_toBeSignedData)); v_secPayload := bit2oct(encvalue(v_ToBeSignedSecuredMessage)); // Calculate the hash of the SecuredMessage payload to be signed v_hash := f_hashWithSha256(v_secPayload); Loading @@ -229,8 +233,8 @@ module LibItsSecurity_Functions { ); p_securedMessage := m_securedMessage_profileOther( // See Clause 7.3 Generic security profile for other signed messages v_toBeSignedData.header_fields, v_toBeSignedData.payload_fields, v_ToBeSignedSecuredMessage.header_fields, v_ToBeSignedSecuredMessage.payload_fields, { m_trailer_field_signature( m_signature( Loading @@ -250,25 +254,27 @@ module LibItsSecurity_Functions { /** * @desc This function build and sign the SecureMessage part covered by the signature process * @param p_securedMessage The signed SecureMessage part * @param p_unsecuredPayload The unsigned payload (e.g. a beacon) * @param p_threeDLocation The ThreeDLocation value * @param p_securedMessage The signed SecureMessage part * @param p_headerFileds Additional HeaderFields * @return true on success, false otherwise * @verdict Unchanged */ function f_buildGnSecuredOtherMessage( out template (value) SecuredMessage p_securedMessage, in octetstring p_unsecuredPayload, in ThreeDLocation p_threeDLocation, out template (value) SecuredMessage p_securedMessage in template (omit) HeaderFields p_headerFileds := omit ) return boolean { // Local variables var octetstring v_secPayload, v_signature; var Oct32 v_hash; var template (value) ToBeSignedData v_toBeSignedData; var template (value) ToBeSignedSecuredMessage v_ToBeSignedSecuredMessage; // Create SecuredMessage payload to be signed v_toBeSignedData := m_toBeSignedData_profileOther( v_ToBeSignedSecuredMessage := m_ToBeSignedSecuredMessage_profileOther( { // Field HeaderFields m_header_field_signer_info( m_signerInfo_certificate( Loading @@ -288,7 +294,7 @@ module LibItsSecurity_Functions { e_signature ); v_secPayload := bit2oct(encvalue(v_toBeSignedData)); v_secPayload := bit2oct(encvalue(v_ToBeSignedSecuredMessage)); // Calculate the hash of the SecuredMessage payload to be signed v_hash := f_hashWithSha256(v_secPayload); Loading @@ -299,8 +305,8 @@ module LibItsSecurity_Functions { ); p_securedMessage := m_securedMessage_profileOther( // See Clause 7.3 Generic security profile for other signed messages v_toBeSignedData.header_fields, v_toBeSignedData.payload_fields, v_ToBeSignedSecuredMessage.header_fields, v_ToBeSignedSecuredMessage.payload_fields, { m_trailer_field_signature( m_signature( Loading @@ -325,7 +331,7 @@ module LibItsSecurity_Functions { * @return true on success, false otherwise * @verdict */ function f_verifyGnSecuredOtherMessage( function f_verifyGnSecuredOtherMessage( // TODO For debug purpose only, to be removed in template (value) SecuredMessage p_securedMessage ) return boolean { Loading @@ -335,16 +341,16 @@ module LibItsSecurity_Functions { var Oct32 v_hash; var integer v_counter; var boolean v_result := false; var template (value) ToBeSignedData v_toBeSignedData; var template (value) ToBeSignedSecuredMessage v_ToBeSignedSecuredMessage; // Create SecuredMessage payload to be signed v_toBeSignedData := m_toBeSignedData_profileOther( v_ToBeSignedSecuredMessage := m_ToBeSignedSecuredMessage_profileOther( p_securedMessage.header_fields, p_securedMessage.payload_fields, e_signature ); v_secPayload := bit2oct(encvalue(v_toBeSignedData)); v_secPayload := bit2oct(encvalue(v_ToBeSignedSecuredMessage)); // Calculate the hash of the SecuredMessage payload to be signed v_hash := fx_hashWithSha256(v_secPayload); Loading Loading @@ -375,6 +381,21 @@ module LibItsSecurity_Functions { group deviceSignatureHelpers { /** * @desc Verify the signature of the provided secured message * @param p_aaCertifcate Certificate Authority certificate * @param p_atCertificate Authorization Ticket certificate * @return true on success, false otherwise * @verdict */ function f_verifyCertificateSignature( in template (value) Certificate p_aaCertifcate, in template (value) Certificate p_atCertificate ) return boolean { // TODO To be implemented return false; } /** * @desc Verify the signature of the provided secured message * @param p_securedMessage Loading @@ -392,16 +413,16 @@ module LibItsSecurity_Functions { var Oct32 v_hash; var integer v_counter; var boolean v_result := false; var template (value) ToBeSignedData v_toBeSignedData; var template (value) ToBeSignedSecuredMessage v_ToBeSignedSecuredMessage; // Create SecuredMessage payload to be signed v_toBeSignedData := m_toBeSignedData_profileOther( v_ToBeSignedSecuredMessage := m_ToBeSignedSecuredMessage_profileOther( p_securedMessage.header_fields, p_securedMessage.payload_fields, e_signature ); v_secPayload := bit2oct(encvalue(v_toBeSignedData)); v_secPayload := bit2oct(encvalue(v_ToBeSignedSecuredMessage)); // Calculate the hash of the SecuredMessage payload to be signed v_hash := fx_hashWithSha256(v_secPayload); Loading Loading @@ -524,11 +545,11 @@ module LibItsSecurity_Functions { /** * @desc Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signaturee * @param p_toBeSignedData The data to be signed * @param p_ToBeSignedSecuredMessage The data to be signed * @param p_privateKey The private key * @return The signature value */ external function fx_signWithEcdsaNistp256WithSha256(in octetstring p_toBeSignedData, in octetstring/*UInt64*/ p_privateKey) return octetstring; external function fx_signWithEcdsaNistp256WithSha256(in octetstring p_ToBeSignedSecuredMessage, in octetstring/*UInt64*/ p_privateKey) return octetstring; /** * @desc Verify the signature of the specified data Loading
