Bug fixed in AtsSecurity

b1729a03 · Yann Garcia · 5be823f1 · b1729a03 · b1729a03 · b1729a03
Commit b1729a03 authored Feb 12, 2019 by Yann Garcia
--- a/ttcn/Pki/LibItsPki_Functions.ttcn
+++ b/ttcn/Pki/LibItsPki_Functions.ttcn
--- a/ttcn/Security/LibItsSecurity_Functions.ttcn
+++ b/ttcn/Security/LibItsSecurity_Functions.ttcn
@@ -119,7 +119,8 @@ module LibItsSecurity_Functions {
                           in octetstring         p_encryptPrivateKey,
                           in EtsiTs103097Data    p_encrypedSecuredMessage,
                           in octetstring         p_salt,
-                           out EtsiTs103097Data   p_decrypedSecuredMessage
+                           out EtsiTs103097Data   p_decrypedSecuredMessage,
+                           out octetstring        p_aes_sym_enc_key
        ) return boolean {
            if (ischosen(p_encrypedSecuredMessage.content.encryptedData)) {
                var PKRecipientInfo v_pKRecipientInfo;
@@ -155,7 +156,8 @@ module LibItsSecurity_Functions {
                                                                                        v_pKRecipientInfo.encKey.eciesNistP256.c,
                                                                                        v_pKRecipientInfo.encKey.eciesNistP256.t,
                                                                                        v_ciphertext.aes128ccm.nonce,
-                                                                                        p_salt
+                                                                                        p_salt,
+                                                                                        p_aes_sym_enc_key
                                                                                        );
                  } else if (ischosen(v_pKRecipientInfo.encKey.eciesNistP256.v.compressed_y_1)) {
                      v_decryptedSecuredMessage := f_decryptWithEciesNistp256WithSha256(
@@ -166,7 +168,8 @@ module LibItsSecurity_Functions {
                                                                                        v_pKRecipientInfo.encKey.eciesNistP256.c,
                                                                                        v_pKRecipientInfo.encKey.eciesNistP256.t,
                                                                                        v_ciphertext.aes128ccm.nonce,
-                                                                                        p_salt
+                                                                                        p_salt,
+                                                                                        p_aes_sym_enc_key
                                                                                        );
                  } else {
                    log("*** " & testcasename() & ":ERROR: Non canonical ephemeral encryption keys ***");
@@ -190,7 +193,8 @@ module LibItsSecurity_Functions {
                                                                                           0,
                                                                                           v_pKRecipientInfo.encKey.eciesBrainpoolP256r1.c,
                                                                                           v_pKRecipientInfo.encKey.eciesBrainpoolP256r1.t,
-                                                                                           v_ciphertext.aes128ccm.nonce
+                                                                                           v_ciphertext.aes128ccm.nonce,
+                                                                                           p_salt,                                                                                                                                                     p_aes_sym_enc_key
                                                                                      );
                  } else if (ischosen(v_pKRecipientInfo.encKey.eciesBrainpoolP256r1.v.compressed_y_1)) {
                    v_decryptedSecuredMessage := f_decryptWithEciesBrainpoolp256WithSha256(
@@ -200,7 +204,9 @@ module LibItsSecurity_Functions {
                                                                                           1,
                                                                                           v_pKRecipientInfo.encKey.eciesBrainpoolP256r1.c,
                                                                                           v_pKRecipientInfo.encKey.eciesBrainpoolP256r1.t,
-                                                                                           v_ciphertext.aes128ccm.nonce
+                                                                                           v_ciphertext.aes128ccm.nonce,
+                                                                                           p_salt,
+                                                                                           p_aes_sym_enc_key
                                                                                      );
                  } else {
                    log("*** " & testcasename() & ":ERROR: Non canonical ephemeral encryption keys ***");
@@ -294,7 +300,8 @@ module LibItsSecurity_Functions {
                                                      in Oct16 p_encrypted_sym_key,
                                                      in Oct16 p_authentication_vector,
                                                      in Oct12 p_nonce,
-                                                      in octetstring p_salt
+                                                      in Oct32 p_salt,
+                                                      out Oct16 p_aes_sym_enc_key
        ) return octetstring {
          return fx_decryptWithEciesNistp256WithSha256(
                                                       p_encryptedSecuredMessage,
@@ -304,7 +311,8 @@ module LibItsSecurity_Functions {
                                                       p_encrypted_sym_key,
                                                       p_authentication_vector,
                                                       p_nonce,
-                                                       p_salt
+                                                       p_salt,
+                                                       p_aes_sym_enc_key
                                                       );
        } // End of function f_decryptWithEcdsaNistp256WithSha256
@@ -371,7 +379,9 @@ module LibItsSecurity_Functions {
                                                           in integer p_ephemeralKeyModeCompressed,
                                                           in Oct16 p_encrypted_sym_key,
                                                           in Oct16 p_authentication_vector,
-                                                           in Oct12 p_nonce
+                                                           in Oct12 p_nonce,
+                                                           in Oct32 p_salt,
+                                                           out Oct16 p_aes_sym_enc_key
        ) return octetstring {
          return fx_decryptWithEciesBrainpoolp256WithSha256(
                                                            p_encryptedSecuredMessage,
@@ -380,7 +390,9 @@ module LibItsSecurity_Functions {
                                                            p_ephemeralKeyModeCompressed,
                                                            p_encrypted_sym_key,
                                                            p_authentication_vector,
-                                                            p_nonce
+                                                            p_nonce,
+                                                            p_salt,
+                                                            p_aes_sym_enc_key
                                                            );
        } // End of function f_decryptWithEcdsaBrainpoolp256WithSha256
@@ -2374,7 +2386,7 @@ module LibItsSecurity_Functions {
             * @param   p_nonce                          The nonce vector of the AES 128 CCM symmetric key encryption
             * @return  The decrypted message
             */
-            external function fx_decryptWithEciesNistp256WithSha256(in octetstring p_encryptedSecuredMessage, in Oct32 p_privateEncKey, in Oct32 p_publicEphemeralKeyCompressed, in integer p_ephemeralKeyModeCompressed, in Oct16 p_encrypted_sym_key, in Oct16 p_authentication_vector, in Oct12 p_nonce, in octetstring p_salt) return octetstring;
+            external function fx_decryptWithEciesNistp256WithSha256(in octetstring p_encryptedSecuredMessage, in Oct32 p_privateEncKey, in Oct32 p_publicEphemeralKeyCompressed, in integer p_ephemeralKeyModeCompressed, in Oct16 p_encrypted_sym_key, in Oct16 p_authentication_vector, in Oct12 p_nonce, in Oct32 p_salt, out Oct16 p_aes_sym_enc_key) return octetstring;
            /**
             * @desc    Produces a Elliptic Curve Digital Encrytion Algorithm (ECIES) encryption using Brainpool-P256 algorithm
@@ -2402,7 +2414,7 @@ module LibItsSecurity_Functions {
             * @param   p_nonce                          The nonce vector of the AES 128 CCM symmetric key encryption
             * @return  The decrypted message
             */
-            external function fx_decryptWithEciesBrainpoolp256WithSha256(in octetstring p_encryptedSecuredMessage, in Oct32 p_privateEncKey, in Oct32 p_publicEphemeralKeyCompressed, in integer p_ephemeralKeyModeCompressed, in Oct16 p_encrypted_sym_key, in Oct16 p_authentication_vector, in Oct12 p_nonce) return octetstring;
+            external function fx_decryptWithEciesBrainpoolp256WithSha256(in octetstring p_encryptedSecuredMessage, in Oct32 p_privateEncKey, in Oct32 p_publicEphemeralKeyCompressed, in integer p_ephemeralKeyModeCompressed, in Oct16 p_encrypted_sym_key, in Oct16 p_authentication_vector, in Oct12 p_nonce, in Oct32 p_salt, out Oct16 p_aes_sym_enc_key) return octetstring;
            /**
             * @desc    Produces a Elliptic Curve Digital Signature Algorithm (ECDSA) signature

--- a/ttcn/Security/LibItsSecurity_TypesAndValues.ttcn
+++ b/ttcn/Security/LibItsSecurity_TypesAndValues.ttcn
@@ -22,11 +22,15 @@ module LibItsSecurity_TypesAndValues {
        // Test Adapter certificates & private keys - Valid behavior
        const charstring cc_taCert_A  := "CERT_TS_A_AT";   /** Default certificate, without region validity restriction, to be used when secured messages are sent from TA to IUT */
-        const charstring cc_taCert_A1 := "CERT_TS_A_1_AT"; /** Default certificate, without region validity restriction, to be used when secured messages are sent from TA to IUT */
+        const charstring cc_taCert_A1 := "CERT_TS_A_A1_AT"; /** Default certificate, without region validity restriction, to be used when secured messages are sent from TA to IUT */
+        const charstring cc_taCert_A2 := "CERT_TS_A_A2_AT"; /** Default certificate, without region validity restriction, to be used when secured messages are sent from TA to IUT */
+        const charstring cc_taCert_A3 := "CERT_TS_A_A3_AT"; /** Default certificate, without region validity restriction, to be used when secured messages are sent from TA to IUT */
        const charstring cc_taCert_B  := "CERT_TS_B_AT";   /** Default certificate, with circular region, to be used when secured messages are sent from TA to IUT */
        const charstring cc_taCert_B1 := "CERT_TS_B_1_AT";
        const charstring cc_taCert_B_AA := "CERT_TS_B_1_AA";  
        const charstring cc_taCert_C  := "CERT_TS_C_AT"; /** Certificate with a rectangular region, to be used when secured messages are sent from TA to IUT */
+        const charstring cc_taCert_C1  := "CERT_TS_C1_AT"; /** Certificate with a rectangular region, to be used when secured messages are sent from TA to IUT */
+        const charstring cc_taCert_CA1  := "CERT_TS_CA1_AT"; /** Certificate with a rectangular region, to be used when secured messages are sent from TA to IUT */
        const charstring cc_taCert_D  := "CERT_TS_D_AT"; /** Certificate with a polygonal region, to be used when secured messages are sent from TA to IUT */
        const charstring cc_taCert_E  := "CERT_TS_E_AT"; /** Certificate with a region identifier, to be used when secured messages are sent from TA to IUT */
        const charstring cc_taCert_F  := "CERT_TS_F_AT"; /** Certificate that can be used as an unknown certificate for IUT. */
@@ -128,8 +132,8 @@ module LibItsSecurity_TypesAndValues {
        const charstring cc_taCert1901_BO := "CERT_TS_19_01_BO_AT"; /** Check that IUT discards a SecuredMessage if the reserved region type has been used in region validity restriction of the AT certificate */
        // IUT certificates & private keys
-        const charstring cc_taCert_CA1 := "CERT_IUT_CA1_AT";
        const charstring cc_taCert_CA2 := "CERT_IUT_CA2_AT";
+        const charstring cc_taCert_CA3 := "CERT_IUT_CA3_AT";
        const charstring cc_taCert_CC_AA := "CERT_IUT_CC_AA";
        const charstring cc_iutCert_A := "CERT_IUT_A_AT"; /** Default certificate, without region validity restriction, to be used when secured messages are sent from TA to IUT */
        const charstring cc_iutCert_B := "CERT_IUT_B_AT"; /** Default certificate, with circular region, to be used when secured messages are sent from TA to IUT */