Bug fixed in AtsSecurity (b1729a03) · Commits · TTCN-3 Libraries / LibIts

ttcn/Pki/LibItsPki_Functions.ttcn

+388 −88

File changed.

Preview size limit exceeded, changes collapsed.

ttcn/Security/LibItsSecurity_Functions.ttcn

+23 −11

Original line number	Diff line number	Diff line
		@@ -119,7 +119,8 @@ module LibItsSecurity_Functions {
		in octetstring p_encryptPrivateKey,
		in EtsiTs103097Data p_encrypedSecuredMessage,
		in octetstring p_salt,
		out EtsiTs103097Data p_decrypedSecuredMessage
		out EtsiTs103097Data p_decrypedSecuredMessage,
		out octetstring p_aes_sym_enc_key
		) return boolean {
		if (ischosen(p_encrypedSecuredMessage.content.encryptedData)) {
		var PKRecipientInfo v_pKRecipientInfo;
		@@ -155,7 +156,8 @@ module LibItsSecurity_Functions {
		v_pKRecipientInfo.encKey.eciesNistP256.c,
		v_pKRecipientInfo.encKey.eciesNistP256.t,
		v_ciphertext.aes128ccm.nonce,
		p_salt
		p_salt,
		p_aes_sym_enc_key
		);
		} else if (ischosen(v_pKRecipientInfo.encKey.eciesNistP256.v.compressed_y_1)) {
		v_decryptedSecuredMessage := f_decryptWithEciesNistp256WithSha256(
		@@ -166,7 +168,8 @@ module LibItsSecurity_Functions {
		v_pKRecipientInfo.encKey.eciesNistP256.c,
		v_pKRecipientInfo.encKey.eciesNistP256.t,
		v_ciphertext.aes128ccm.nonce,
		p_salt
		p_salt,
		p_aes_sym_enc_key
		);
		} else {
		log("* " & testcasename() & ":ERROR: Non canonical ephemeral encryption keys *");
		@@ -190,7 +193,8 @@ module LibItsSecurity_Functions {
		0,
		v_pKRecipientInfo.encKey.eciesBrainpoolP256r1.c,
		v_pKRecipientInfo.encKey.eciesBrainpoolP256r1.t,
		v_ciphertext.aes128ccm.nonce
		v_ciphertext.aes128ccm.nonce,
		p_salt, p_aes_sym_enc_key
		);
		} else if (ischosen(v_pKRecipientInfo.encKey.eciesBrainpoolP256r1.v.compressed_y_1)) {
		v_decryptedSecuredMessage := f_decryptWithEciesBrainpoolp256WithSha256(
		@@ -200,7 +204,9 @@ module LibItsSecurity_Functions {
		1,
		v_pKRecipientInfo.encKey.eciesBrainpoolP256r1.c,
		v_pKRecipientInfo.encKey.eciesBrainpoolP256r1.t,
		v_ciphertext.aes128ccm.nonce
		v_ciphertext.aes128ccm.nonce,
		p_salt,
		p_aes_sym_enc_key
		);
		} else {
		log("* " & testcasename() & ":ERROR: Non canonical ephemeral encryption keys *");
		@@ -294,7 +300,8 @@ module LibItsSecurity_Functions {
		in Oct16 p_encrypted_sym_key,
		in Oct16 p_authentication_vector,
		in Oct12 p_nonce,
		in octetstring p_salt
		in Oct32 p_salt,
		out Oct16 p_aes_sym_enc_key
		) return octetstring {
		return fx_decryptWithEciesNistp256WithSha256(
		p_encryptedSecuredMessage,
		@@ -304,7 +311,8 @@ module LibItsSecurity_Functions {
		p_encrypted_sym_key,
		p_authentication_vector,
		p_nonce,
		p_salt
		p_salt,
		p_aes_sym_enc_key
		);
		} // End of function f_decryptWithEcdsaNistp256WithSha256

		@@ -371,7 +379,9 @@ module LibItsSecurity_Functions {
		in integer p_ephemeralKeyModeCompressed,
		in Oct16 p_encrypted_sym_key,
		in Oct16 p_authentication_vector,
		in Oct12 p_nonce
		in Oct12 p_nonce,
		in Oct32 p_salt,
		out Oct16 p_aes_sym_enc_key
		) return octetstring {
		return fx_decryptWithEciesBrainpoolp256WithSha256(
		p_encryptedSecuredMessage,
		@@ -380,7 +390,9 @@ module LibItsSecurity_Functions {
		p_ephemeralKeyModeCompressed,
		p_encrypted_sym_key,
		p_authentication_vector,
		p_nonce
		p_nonce,
		p_salt,
		p_aes_sym_enc_key
		);
		} // End of function f_decryptWithEcdsaBrainpoolp256WithSha256

		@@ -2374,7 +2386,7 @@ module LibItsSecurity_Functions {
		* @param p_nonce The nonce vector of the AES 128 CCM symmetric key encryption
		* @return The decrypted message
		*/
		external function fx_decryptWithEciesNistp256WithSha256(in octetstring p_encryptedSecuredMessage, in Oct32 p_privateEncKey, in Oct32 p_publicEphemeralKeyCompressed, in integer p_ephemeralKeyModeCompressed, in Oct16 p_encrypted_sym_key, in Oct16 p_authentication_vector, in Oct12 p_nonce, in octetstring p_salt) return octetstring;
		external function fx_decryptWithEciesNistp256WithSha256(in octetstring p_encryptedSecuredMessage, in Oct32 p_privateEncKey, in Oct32 p_publicEphemeralKeyCompressed, in integer p_ephemeralKeyModeCompressed, in Oct16 p_encrypted_sym_key, in Oct16 p_authentication_vector, in Oct12 p_nonce, in Oct32 p_salt, out Oct16 p_aes_sym_enc_key) return octetstring;

		/**
		* @desc Produces a Elliptic Curve Digital Encrytion Algorithm (ECIES) encryption using Brainpool-P256 algorithm
		@@ -2402,7 +2414,7 @@ module LibItsSecurity_Functions {
		* @param p_nonce The nonce vector of the AES 128 CCM symmetric key encryption
		* @return The decrypted message
		*/
		external function fx_decryptWithEciesBrainpoolp256WithSha256(in octetstring p_encryptedSecuredMessage, in Oct32 p_privateEncKey, in Oct32 p_publicEphemeralKeyCompressed, in integer p_ephemeralKeyModeCompressed, in Oct16 p_encrypted_sym_key, in Oct16 p_authentication_vector, in Oct12 p_nonce) return octetstring;
		external function fx_decryptWithEciesBrainpoolp256WithSha256(in octetstring p_encryptedSecuredMessage, in Oct32 p_privateEncKey, in Oct32 p_publicEphemeralKeyCompressed, in integer p_ephemeralKeyModeCompressed, in Oct16 p_encrypted_sym_key, in Oct16 p_authentication_vector, in Oct12 p_nonce, in Oct32 p_salt, out Oct16 p_aes_sym_enc_key) return octetstring;

		/**
		* @desc Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature

ttcn/Security/LibItsSecurity_TypesAndValues.ttcn

+6 −2

Original line number	Diff line number	Diff line
		@@ -22,11 +22,15 @@ module LibItsSecurity_TypesAndValues {

		// Test Adapter certificates & private keys - Valid behavior
		const charstring cc_taCert_A := "CERT_TS_A_AT"; /** Default certificate, without region validity restriction, to be used when secured messages are sent from TA to IUT */
		const charstring cc_taCert_A1 := "CERT_TS_A_1_AT"; /** Default certificate, without region validity restriction, to be used when secured messages are sent from TA to IUT */
		const charstring cc_taCert_A1 := "CERT_TS_A_A1_AT"; /** Default certificate, without region validity restriction, to be used when secured messages are sent from TA to IUT */
		const charstring cc_taCert_A2 := "CERT_TS_A_A2_AT"; /** Default certificate, without region validity restriction, to be used when secured messages are sent from TA to IUT */
		const charstring cc_taCert_A3 := "CERT_TS_A_A3_AT"; /** Default certificate, without region validity restriction, to be used when secured messages are sent from TA to IUT */
		const charstring cc_taCert_B := "CERT_TS_B_AT"; /** Default certificate, with circular region, to be used when secured messages are sent from TA to IUT */
		const charstring cc_taCert_B1 := "CERT_TS_B_1_AT";
		const charstring cc_taCert_B_AA := "CERT_TS_B_1_AA";
		const charstring cc_taCert_C := "CERT_TS_C_AT"; /** Certificate with a rectangular region, to be used when secured messages are sent from TA to IUT */
		const charstring cc_taCert_C1 := "CERT_TS_C1_AT"; /** Certificate with a rectangular region, to be used when secured messages are sent from TA to IUT */
		const charstring cc_taCert_CA1 := "CERT_TS_CA1_AT"; /** Certificate with a rectangular region, to be used when secured messages are sent from TA to IUT */
		const charstring cc_taCert_D := "CERT_TS_D_AT"; /** Certificate with a polygonal region, to be used when secured messages are sent from TA to IUT */
		const charstring cc_taCert_E := "CERT_TS_E_AT"; /** Certificate with a region identifier, to be used when secured messages are sent from TA to IUT */
		const charstring cc_taCert_F := "CERT_TS_F_AT"; /** Certificate that can be used as an unknown certificate for IUT. */
		@@ -128,8 +132,8 @@ module LibItsSecurity_TypesAndValues {
		const charstring cc_taCert1901_BO := "CERT_TS_19_01_BO_AT"; /** Check that IUT discards a SecuredMessage if the reserved region type has been used in region validity restriction of the AT certificate */

		// IUT certificates & private keys
		const charstring cc_taCert_CA1 := "CERT_IUT_CA1_AT";
		const charstring cc_taCert_CA2 := "CERT_IUT_CA2_AT";
		const charstring cc_taCert_CA3 := "CERT_IUT_CA3_AT";
		const charstring cc_taCert_CC_AA := "CERT_IUT_CC_AA";
		const charstring cc_iutCert_A := "CERT_IUT_A_AT"; /** Default certificate, without region validity restriction, to be used when secured messages are sent from TA to IUT */
		const charstring cc_iutCert_B := "CERT_IUT_B_AT"; /** Default certificate, with circular region, to be used when secured messages are sent from TA to IUT */

Admin message