Skip to content
GitLab
Commit c2b587e6 authored by Yann Garcia's avatar Yann Garcia
Browse files

ITS-CMS6 Plugtest validation

parent 7f9ffa8e
Hide whitespace changes
Inline Side-by-side
ttcn/Pki/LibItsPki_Functions.ttcn
View file @ c2b587e6
...@@ -488,6 +488,66 @@ module LibItsPki_Functions { ...@@ -488,6 +488,66 @@ module LibItsPki_Functions {
} }
} }
} // End of function f_http_send } // End of function f_http_send
function f_generate_key_tag(
in octetstring p_public_key_compressed,
in integer p_compressed_key_mode,
in octetstring p_public_compressed_enc_key,
in integer p_compressed_enc_key_mode,
out octetstring p_encoded_tag
) return boolean {
// Local variables
var PublicVerificationKey v_verification_tag;
var PublicEncryptionKey v_encryption_tag;
if (PX_VE_ALG == e_nist_p256) {
if (p_compressed_key_mode == 0) {
v_verification_tag.ecdsaNistP256.compressed_y_0 := p_public_key_compressed;
} else {
v_verification_tag.ecdsaNistP256.compressed_y_1 := p_public_key_compressed;
}
} else if (PX_VE_ALG == e_brainpool_p256_r1) {
if (p_compressed_key_mode == 0) {
v_verification_tag.ecdsaBrainpoolP256r1.compressed_y_0 := p_public_key_compressed;
} else {
v_verification_tag.ecdsaBrainpoolP256r1.compressed_y_1 := p_public_key_compressed;
}
} else if (PX_VE_ALG == e_brainpool_p384_r1) {
if (p_compressed_key_mode == 0) {
v_verification_tag.ecdsaBrainpoolP384r1.compressed_y_0 := p_public_key_compressed;
} else {
v_verification_tag.ecdsaBrainpoolP384r1.compressed_y_1 := p_public_key_compressed;
}
} else {
log("f_generate_key_tag: Failed to generate HMAC tag");
return false;
}
log("f_generate_key_tag: v_verification_tag= ", v_verification_tag);
p_encoded_tag := bit2oct(encvalue(v_verification_tag));
if (PX_INCLUDE_ENCRYPTION_KEYS) {
v_encryption_tag.supportedSymmAlg := aes128Ccm;
if (PX_EC_ALG_FOR_AT == e_nist_p256) {
if (p_compressed_enc_key_mode == 0) {
v_encryption_tag.publicKey.eciesNistP256.compressed_y_0 := p_public_compressed_enc_key;
} else {
v_encryption_tag.publicKey.eciesNistP256.compressed_y_1 := p_public_compressed_enc_key;
}
} else if (PX_EC_ALG_FOR_AT == e_brainpool_p256_r1) {
if (p_compressed_enc_key_mode == 0) {
v_encryption_tag.publicKey.eciesBrainpoolP256r1.compressed_y_0 := p_public_compressed_enc_key;
} else {
v_encryption_tag.publicKey.eciesBrainpoolP256r1.compressed_y_1 := p_public_compressed_enc_key;
}
} else {
log("f_generate_key_tag: Failed to generate HMAC tag (enc)");
return false;
}
log("f_generate_key_tag: v_encryption_tag= ", v_encryption_tag);
p_encoded_tag := p_encoded_tag & bit2oct(encvalue(v_encryption_tag));
}
return true;
} // End of function f_generate_key_tag
} // End of group helpers } // End of group helpers
...@@ -1223,14 +1283,14 @@ module LibItsPki_Functions { ...@@ -1223,14 +1283,14 @@ module LibItsPki_Functions {
m_validityPeriod( m_validityPeriod(
f_getCurrentTime() / 1000, f_getCurrentTime() / 1000,
m_duration_in_hours(120) m_duration_in_hours(120)
)/*, ),
m_geographicRegion_identifiedRegion( m_geographicRegion_identifiedRegion(
{ {
m_identifiedRegion_country_only(250), // TODO PIXIT m_identifiedRegion_country_only(250), // TODO PIXIT
m_identifiedRegion_country_only(380) m_identifiedRegion_country_only(380)
} }
), ),
'00'O*/ // TODO Use PIXIT '00'O // TODO Use PIXIT
) )
); );
// Encode it ==> Get octetstring // Encode it ==> Get octetstring
...@@ -1521,14 +1581,14 @@ module LibItsPki_Functions { ...@@ -1521,14 +1581,14 @@ module LibItsPki_Functions {
m_validityPeriod( m_validityPeriod(
f_getCurrentTime() / 1000, f_getCurrentTime() / 1000,
m_duration_in_hours(120) // TODO Use PIXIT m_duration_in_hours(120) // TODO Use PIXIT
)/*, ),
m_geographicRegion_identifiedRegion( m_geographicRegion_identifiedRegion(
{ {
m_identifiedRegion_country_only(250), // TODO Use PIXIT m_identifiedRegion_country_only(250), // TODO Use PIXIT
m_identifiedRegion_country_only(380) // TODO Use PIXIT m_identifiedRegion_country_only(380) // TODO Use PIXIT
} }
), ),
'00'O*/ // TODO Use PIXIT '00'O // TODO Use PIXIT
) )
) )
); );
...@@ -1751,51 +1811,10 @@ module LibItsPki_Functions { ...@@ -1751,51 +1811,10 @@ module LibItsPki_Functions {
log("f_generate_inner_at_request: v_hmac_key= ", v_hmac_key); log("f_generate_inner_at_request: v_hmac_key= ", v_hmac_key);
// Generate tag based on the concatenation of verification keys & encryption keys // Generate tag based on the concatenation of verification keys & encryption keys
if (PX_VE_ALG == e_nist_p256) { if (f_generate_key_tag(p_public_key_compressed, p_compressed_key_mode, p_public_compressed_enc_key, p_compressed_enc_key_mode, v_encoded_tag) == false) {
if (p_compressed_key_mode == 0) { log("f_generate_inner_at_request: Failed to generate Key tag");
v_verification_tag.ecdsaNistP256.compressed_y_0 := p_public_key_compressed;
} else {
v_verification_tag.ecdsaNistP256.compressed_y_1 := p_public_key_compressed;
}
} else if (PX_VE_ALG == e_brainpool_p256_r1) {
if (p_compressed_key_mode == 0) {
v_verification_tag.ecdsaBrainpoolP256r1.compressed_y_0 := p_public_key_compressed;
} else {
v_verification_tag.ecdsaBrainpoolP256r1.compressed_y_1 := p_public_key_compressed;
}
} else if (PX_VE_ALG == e_brainpool_p384_r1) {
if (p_compressed_key_mode == 0) {
v_verification_tag.ecdsaBrainpoolP384r1.compressed_y_0 := p_public_key_compressed;
} else {
v_verification_tag.ecdsaBrainpoolP384r1.compressed_y_1 := p_public_key_compressed;
}
} else {
log("f_generate_inner_at_request: Failed to generate HMAC tag");
return false; return false;
} }
log("f_generate_inner_at_request: v_verification_tag= ", v_verification_tag);
v_encoded_tag := bit2oct(encvalue(v_verification_tag));
if (PX_INCLUDE_ENCRYPTION_KEYS) {
v_encryption_tag.supportedSymmAlg := aes128Ccm;
if (PX_EC_ALG_FOR_AT == e_nist_p256) {
if (p_compressed_enc_key_mode == 0) {
v_encryption_tag.publicKey.eciesNistP256.compressed_y_0 := p_public_compressed_enc_key;
} else {
v_encryption_tag.publicKey.eciesNistP256.compressed_y_1 := p_public_compressed_enc_key;
}
} else if (PX_EC_ALG_FOR_AT == e_brainpool_p256_r1) {
if (p_compressed_enc_key_mode == 0) {
v_encryption_tag.publicKey.eciesBrainpoolP256r1.compressed_y_0 := p_public_compressed_enc_key;
} else {
v_encryption_tag.publicKey.eciesBrainpoolP256r1.compressed_y_1 := p_public_compressed_enc_key;
}
} else {
log("f_generate_inner_at_request: Failed to generate HMAC tag (enc)");
return false;
}
log("f_generate_inner_at_request: v_encryption_tag= ", v_encryption_tag);
v_encoded_tag := v_encoded_tag & bit2oct(encvalue(v_encryption_tag));
}
log("f_generate_inner_at_request: v_encoded_tag= ", v_encoded_tag); log("f_generate_inner_at_request: v_encoded_tag= ", v_encoded_tag);
v_key_tag := substr( v_key_tag := substr(
fx_hmac_sha256( // TODO Rename and use a wrapper function fx_hmac_sha256( // TODO Rename and use a wrapper function
...@@ -2112,51 +2131,10 @@ module LibItsPki_Functions { ...@@ -2112,51 +2131,10 @@ module LibItsPki_Functions {
log("f_generate_inner_at_request_with_wrong_hmac: v_hmac_key= ", v_hmac_key); log("f_generate_inner_at_request_with_wrong_hmac: v_hmac_key= ", v_hmac_key);
// Generate tag based on the concatenation of verification keys & encryption keys // Generate tag based on the concatenation of verification keys & encryption keys
if (PX_VE_ALG == e_nist_p256) { if (f_generate_key_tag(p_public_key_compressed, p_compressed_key_mode, p_public_compressed_enc_key, p_compressed_enc_key_mode, v_encoded_tag) == false) {
if (p_compressed_key_mode == 0) { log("f_generate_inner_at_request_with_wrong_hmac: Failed to generate Key tag");
v_verification_tag.ecdsaNistP256.compressed_y_0 := p_public_key_compressed;
} else {
v_verification_tag.ecdsaNistP256.compressed_y_1 := p_public_key_compressed;
}
} else if (PX_VE_ALG == e_brainpool_p256_r1) {
if (p_compressed_key_mode == 0) {
v_verification_tag.ecdsaBrainpoolP256r1.compressed_y_0 := p_public_key_compressed;
} else {
v_verification_tag.ecdsaBrainpoolP256r1.compressed_y_1 := p_public_key_compressed;
}
} else if (PX_VE_ALG == e_brainpool_p384_r1) {
if (p_compressed_key_mode == 0) {
v_verification_tag.ecdsaBrainpoolP384r1.compressed_y_0 := p_public_key_compressed;
} else {
v_verification_tag.ecdsaBrainpoolP384r1.compressed_y_1 := p_public_key_compressed;
}
} else {
log("f_generate_inner_at_request_with_wrong_hmac: Failed to generate HMAC tag");
return false; return false;
} }
log("f_generate_inner_at_request_with_wrong_hmac: v_verification_tag= ", v_verification_tag);
v_encoded_tag := bit2oct(encvalue(v_verification_tag));
if (PX_INCLUDE_ENCRYPTION_KEYS) {
v_encryption_tag.supportedSymmAlg := aes128Ccm;
if (PX_EC_ALG_FOR_AT == e_nist_p256) {
if (p_compressed_enc_key_mode == 0) {
v_encryption_tag.publicKey.eciesNistP256.compressed_y_0 := p_public_compressed_enc_key;
} else {
v_encryption_tag.publicKey.eciesNistP256.compressed_y_1 := p_public_compressed_enc_key;
}
} else if (PX_EC_ALG_FOR_AT == e_brainpool_p256_r1) {
if (p_compressed_enc_key_mode == 0) {
v_encryption_tag.publicKey.eciesBrainpoolP256r1.compressed_y_0 := p_public_compressed_enc_key;
} else {
v_encryption_tag.publicKey.eciesBrainpoolP256r1.compressed_y_1 := p_public_compressed_enc_key;
}
} else {
log("f_generate_inner_at_request_with_wrong_hmac: Failed to generate HMAC tag (enc)");
return false;
}
log("f_generate_inner_at_request_with_wrong_hmac: v_encryption_tag= ", v_encryption_tag);
v_encoded_tag := v_encoded_tag & bit2oct(encvalue(v_encryption_tag));
}
log("f_generate_inner_at_request_with_wrong_hmac: v_encoded_tag= ", v_encoded_tag); log("f_generate_inner_at_request_with_wrong_hmac: v_encoded_tag= ", v_encoded_tag);
// Modify v_hmac_key // Modify v_hmac_key
v_key_tag := substr( v_key_tag := substr(
......
ttcn/Security/LibItsSecurity_Functions.ttcn
View file @ c2b587e6
...@@ -1804,7 +1804,15 @@ module LibItsSecurity_Functions { ...@@ -1804,7 +1804,15 @@ module LibItsSecurity_Functions {
log("f_verifyGnSecuredMessageSignature_ecdsaNistP256: v_secPayload=", v_secPayload); log("f_verifyGnSecuredMessageSignature_ecdsaNistP256: v_secPayload=", v_secPayload);
// Verify payload // Verify payload
v_signedData := valueof(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only) & valueof(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature.sSig);
// TODO Check in standard if x-only only
if (ischosen(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only)) {
v_signedData := valueof(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only) & valueof(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature.sSig);
} else if (ischosen(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature.rSig.compressed_y_0)) {
v_signedData := valueof(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature.rSig.compressed_y_0) & valueof(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature.sSig);
} else if (ischosen(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature.rSig.compressed_y_1)) {
v_signedData := valueof(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature.rSig.compressed_y_1) & valueof(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature.sSig);
}
log("f_verifyGnSecuredMessageSignature_ecdsaNistP256: v_signedData=", v_signedData); log("f_verifyGnSecuredMessageSignature_ecdsaNistP256: v_signedData=", v_signedData);
if (ischosen(p_publicKey.uncompressedP256)) { if (ischosen(p_publicKey.uncompressedP256)) {
v_result := f_verifyWithEcdsaNistp256WithSha256_1( v_result := f_verifyWithEcdsaNistp256WithSha256_1(
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment