ITS-CMS6 Plugtest validation (c2b587e6) · Commits · TTCN-3 Libraries / LibIts

ttcn/Pki/LibItsPki_Functions.ttcn

+68 −90

Original line number	Diff line number	Diff line
		@@ -489,6 +489,66 @@ module LibItsPki_Functions {
		}
		} // End of function f_http_send

		function f_generate_key_tag(
		in octetstring p_public_key_compressed,
		in integer p_compressed_key_mode,
		in octetstring p_public_compressed_enc_key,
		in integer p_compressed_enc_key_mode,
		out octetstring p_encoded_tag
		) return boolean {
		// Local variables
		var PublicVerificationKey v_verification_tag;
		var PublicEncryptionKey v_encryption_tag;

		if (PX_VE_ALG == e_nist_p256) {
		if (p_compressed_key_mode == 0) {
		v_verification_tag.ecdsaNistP256.compressed_y_0 := p_public_key_compressed;
		} else {
		v_verification_tag.ecdsaNistP256.compressed_y_1 := p_public_key_compressed;
		}
		} else if (PX_VE_ALG == e_brainpool_p256_r1) {
		if (p_compressed_key_mode == 0) {
		v_verification_tag.ecdsaBrainpoolP256r1.compressed_y_0 := p_public_key_compressed;
		} else {
		v_verification_tag.ecdsaBrainpoolP256r1.compressed_y_1 := p_public_key_compressed;
		}
		} else if (PX_VE_ALG == e_brainpool_p384_r1) {
		if (p_compressed_key_mode == 0) {
		v_verification_tag.ecdsaBrainpoolP384r1.compressed_y_0 := p_public_key_compressed;
		} else {
		v_verification_tag.ecdsaBrainpoolP384r1.compressed_y_1 := p_public_key_compressed;
		}
		} else {
		log("f_generate_key_tag: Failed to generate HMAC tag");
		return false;
		}
		log("f_generate_key_tag: v_verification_tag= ", v_verification_tag);
		p_encoded_tag := bit2oct(encvalue(v_verification_tag));
		if (PX_INCLUDE_ENCRYPTION_KEYS) {
		v_encryption_tag.supportedSymmAlg := aes128Ccm;
		if (PX_EC_ALG_FOR_AT == e_nist_p256) {
		if (p_compressed_enc_key_mode == 0) {
		v_encryption_tag.publicKey.eciesNistP256.compressed_y_0 := p_public_compressed_enc_key;
		} else {
		v_encryption_tag.publicKey.eciesNistP256.compressed_y_1 := p_public_compressed_enc_key;
		}
		} else if (PX_EC_ALG_FOR_AT == e_brainpool_p256_r1) {
		if (p_compressed_enc_key_mode == 0) {
		v_encryption_tag.publicKey.eciesBrainpoolP256r1.compressed_y_0 := p_public_compressed_enc_key;
		} else {
		v_encryption_tag.publicKey.eciesBrainpoolP256r1.compressed_y_1 := p_public_compressed_enc_key;
		}
		} else {
		log("f_generate_key_tag: Failed to generate HMAC tag (enc)");
		return false;
		}
		log("f_generate_key_tag: v_encryption_tag= ", v_encryption_tag);
		p_encoded_tag := p_encoded_tag & bit2oct(encvalue(v_encryption_tag));
		}

		return true;
		} // End of function f_generate_key_tag

		} // End of group helpers

		group http { // TODO Split into EnnerEc, Authorization & AuthorizationValidation
		@@ -1223,14 +1283,14 @@ module LibItsPki_Functions {
		m_validityPeriod(
		f_getCurrentTime() / 1000,
		m_duration_in_hours(120)
		)/*,
		),
		m_geographicRegion_identifiedRegion(
		{
		m_identifiedRegion_country_only(250), // TODO PIXIT
		m_identifiedRegion_country_only(380)
		}
		),
		'00'O*/ // TODO Use PIXIT
		'00'O // TODO Use PIXIT
		)
		);
		// Encode it ==> Get octetstring
		@@ -1521,14 +1581,14 @@ module LibItsPki_Functions {
		m_validityPeriod(
		f_getCurrentTime() / 1000,
		m_duration_in_hours(120) // TODO Use PIXIT
		)/*,
		),
		m_geographicRegion_identifiedRegion(
		{
		m_identifiedRegion_country_only(250), // TODO Use PIXIT
		m_identifiedRegion_country_only(380) // TODO Use PIXIT
		}
		),
		'00'O*/ // TODO Use PIXIT
		'00'O // TODO Use PIXIT
		)
		)
		);
		@@ -1751,51 +1811,10 @@ module LibItsPki_Functions {
		log("f_generate_inner_at_request: v_hmac_key= ", v_hmac_key);

		// Generate tag based on the concatenation of verification keys & encryption keys
		if (PX_VE_ALG == e_nist_p256) {
		if (p_compressed_key_mode == 0) {
		v_verification_tag.ecdsaNistP256.compressed_y_0 := p_public_key_compressed;
		} else {
		v_verification_tag.ecdsaNistP256.compressed_y_1 := p_public_key_compressed;
		}
		} else if (PX_VE_ALG == e_brainpool_p256_r1) {
		if (p_compressed_key_mode == 0) {
		v_verification_tag.ecdsaBrainpoolP256r1.compressed_y_0 := p_public_key_compressed;
		} else {
		v_verification_tag.ecdsaBrainpoolP256r1.compressed_y_1 := p_public_key_compressed;
		}
		} else if (PX_VE_ALG == e_brainpool_p384_r1) {
		if (p_compressed_key_mode == 0) {
		v_verification_tag.ecdsaBrainpoolP384r1.compressed_y_0 := p_public_key_compressed;
		} else {
		v_verification_tag.ecdsaBrainpoolP384r1.compressed_y_1 := p_public_key_compressed;
		}
		} else {
		log("f_generate_inner_at_request: Failed to generate HMAC tag");
		return false;
		}
		log("f_generate_inner_at_request: v_verification_tag= ", v_verification_tag);
		v_encoded_tag := bit2oct(encvalue(v_verification_tag));
		if (PX_INCLUDE_ENCRYPTION_KEYS) {
		v_encryption_tag.supportedSymmAlg := aes128Ccm;
		if (PX_EC_ALG_FOR_AT == e_nist_p256) {
		if (p_compressed_enc_key_mode == 0) {
		v_encryption_tag.publicKey.eciesNistP256.compressed_y_0 := p_public_compressed_enc_key;
		} else {
		v_encryption_tag.publicKey.eciesNistP256.compressed_y_1 := p_public_compressed_enc_key;
		}
		} else if (PX_EC_ALG_FOR_AT == e_brainpool_p256_r1) {
		if (p_compressed_enc_key_mode == 0) {
		v_encryption_tag.publicKey.eciesBrainpoolP256r1.compressed_y_0 := p_public_compressed_enc_key;
		} else {
		v_encryption_tag.publicKey.eciesBrainpoolP256r1.compressed_y_1 := p_public_compressed_enc_key;
		}
		} else {
		log("f_generate_inner_at_request: Failed to generate HMAC tag (enc)");
		if (f_generate_key_tag(p_public_key_compressed, p_compressed_key_mode, p_public_compressed_enc_key, p_compressed_enc_key_mode, v_encoded_tag) == false) {
		log("f_generate_inner_at_request: Failed to generate Key tag");
		return false;
		}
		log("f_generate_inner_at_request: v_encryption_tag= ", v_encryption_tag);
		v_encoded_tag := v_encoded_tag & bit2oct(encvalue(v_encryption_tag));
		}
		log("f_generate_inner_at_request: v_encoded_tag= ", v_encoded_tag);
		v_key_tag := substr(
		fx_hmac_sha256( // TODO Rename and use a wrapper function
		@@ -2112,51 +2131,10 @@ module LibItsPki_Functions {
		log("f_generate_inner_at_request_with_wrong_hmac: v_hmac_key= ", v_hmac_key);

		// Generate tag based on the concatenation of verification keys & encryption keys
		if (PX_VE_ALG == e_nist_p256) {
		if (p_compressed_key_mode == 0) {
		v_verification_tag.ecdsaNistP256.compressed_y_0 := p_public_key_compressed;
		} else {
		v_verification_tag.ecdsaNistP256.compressed_y_1 := p_public_key_compressed;
		}
		} else if (PX_VE_ALG == e_brainpool_p256_r1) {
		if (p_compressed_key_mode == 0) {
		v_verification_tag.ecdsaBrainpoolP256r1.compressed_y_0 := p_public_key_compressed;
		} else {
		v_verification_tag.ecdsaBrainpoolP256r1.compressed_y_1 := p_public_key_compressed;
		}
		} else if (PX_VE_ALG == e_brainpool_p384_r1) {
		if (p_compressed_key_mode == 0) {
		v_verification_tag.ecdsaBrainpoolP384r1.compressed_y_0 := p_public_key_compressed;
		} else {
		v_verification_tag.ecdsaBrainpoolP384r1.compressed_y_1 := p_public_key_compressed;
		}
		} else {
		log("f_generate_inner_at_request_with_wrong_hmac: Failed to generate HMAC tag");
		if (f_generate_key_tag(p_public_key_compressed, p_compressed_key_mode, p_public_compressed_enc_key, p_compressed_enc_key_mode, v_encoded_tag) == false) {
		log("f_generate_inner_at_request_with_wrong_hmac: Failed to generate Key tag");
		return false;
		}
		log("f_generate_inner_at_request_with_wrong_hmac: v_verification_tag= ", v_verification_tag);
		v_encoded_tag := bit2oct(encvalue(v_verification_tag));
		if (PX_INCLUDE_ENCRYPTION_KEYS) {
		v_encryption_tag.supportedSymmAlg := aes128Ccm;
		if (PX_EC_ALG_FOR_AT == e_nist_p256) {
		if (p_compressed_enc_key_mode == 0) {
		v_encryption_tag.publicKey.eciesNistP256.compressed_y_0 := p_public_compressed_enc_key;
		} else {
		v_encryption_tag.publicKey.eciesNistP256.compressed_y_1 := p_public_compressed_enc_key;
		}
		} else if (PX_EC_ALG_FOR_AT == e_brainpool_p256_r1) {
		if (p_compressed_enc_key_mode == 0) {
		v_encryption_tag.publicKey.eciesBrainpoolP256r1.compressed_y_0 := p_public_compressed_enc_key;
		} else {
		v_encryption_tag.publicKey.eciesBrainpoolP256r1.compressed_y_1 := p_public_compressed_enc_key;
		}
		} else {
		log("f_generate_inner_at_request_with_wrong_hmac: Failed to generate HMAC tag (enc)");
		return false;
		}
		log("f_generate_inner_at_request_with_wrong_hmac: v_encryption_tag= ", v_encryption_tag);
		v_encoded_tag := v_encoded_tag & bit2oct(encvalue(v_encryption_tag));
		}
		log("f_generate_inner_at_request_with_wrong_hmac: v_encoded_tag= ", v_encoded_tag);
		// Modify v_hmac_key
		v_key_tag := substr(

ttcn/Security/LibItsSecurity_Functions.ttcn

+9 −1

Original line number	Diff line number	Diff line
		@@ -1804,7 +1804,15 @@ module LibItsSecurity_Functions {
		log("f_verifyGnSecuredMessageSignature_ecdsaNistP256: v_secPayload=", v_secPayload);

		// Verify payload

		// TODO Check in standard if x-only only
		if (ischosen(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only)) {
		v_signedData := valueof(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only) & valueof(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature.sSig);
		} else if (ischosen(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature.rSig.compressed_y_0)) {
		v_signedData := valueof(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature.rSig.compressed_y_0) & valueof(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature.sSig);
		} else if (ischosen(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature.rSig.compressed_y_1)) {
		v_signedData := valueof(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature.rSig.compressed_y_1) & valueof(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature.sSig);
		}
		log("f_verifyGnSecuredMessageSignature_ecdsaNistP256: v_signedData=", v_signedData);
		if (ischosen(p_publicKey.uncompressedP256)) {
		v_result := f_verifyWithEcdsaNistp256WithSha256_1(

Admin message