f_verifyGnSecuredMessageSignatureWithPublicKey (msg, key) (c3d18c10) · Commits · TTCN-3 Libraries / LibIts

ttcn/Security/LibItsSecurity_Functions.ttcn3

+84 −73

Original line number	Original line	Diff line number	Diff line
	@@ -42,6 +42,16 @@ module LibItsSecurity_Functions {

	} // End of function f_signWithEcdsaNistp256WithSha256		} // End of function f_signWithEcdsaNistp256WithSha256

			function f_HashedId8FromSha256(in Oct32 p_hash)
			return HashedId8 {
			return substr(p_hash, 0, 8);
			} // End of function f_HashedId8FromSha256

			function f_HashedId3FromHashedId8 (in HashedId8 p_hash)
			return HashedId3 {
			return substr(p_hash, 0, 3);
			} // End of function f_HashedId3FromHashedId8

	/**		/**
	* @desc Verify the signature of the specified data		* @desc Verify the signature of the specified data
	* @param p_toBeVerifiedData The data to be verified		* @param p_toBeVerifiedData The data to be verified
	@@ -363,39 +373,15 @@ module LibItsSecurity_Functions {

	group deviceSignatureHelpers {		group deviceSignatureHelpers {

	/**
	* @desc Verify the signature of the provided secured message
	* @param p_certificate Certificate to be verified
	* @param p_certificateToBeVerified Certificate to be used to verify
	* @return true on success, false otherwise
	* @verdict Unchanged
	*/
	function f_verifyCertificateSignatureWithIssuingCertificate(
	in template (value) Certificate p_certificate,
	in template (value) Certificate p_certificateToBeVerified
	) return boolean {
	// Sanity check
	if (p_certificate.subject_attributes[0].attribute.key.algorithm != e_ecdsa_nistp256_with_sha256) {
	log("f_verifyCertificateSignatureWithIssuingCertificate: Invalid algorithm: ", p_certificate.subject_attributes[0].attribute.key.algorithm);
	return false;
	}

	return
	f_verifyCertificateSignatureWithPublicKey(
	p_certificateToBeVerified,
	p_certificate.subject_attributes[0].attribute.key
	);
	} // End of function f_verifyCertificateSignatureWithIssuingCertificate

	/**		/**
	* @desc Verify the signature of the provided certificate		* @desc Verify the signature of the provided certificate
	* @param p_certificate The certificate to be verified		* @param p_cert Certificate to be verified
	* @param p_publicKey The public key to use to verify the certificate signature		* @param p_publicKey Public key to verify the certificate signature
	* @return true on success, false otherwise		* @return true on success, false otherwise
	* @verdict Unchanged		* @verdict
	*/		*/
	function f_verifyCertificateSignatureWithPublicKey(		function f_verifyCertificateSignatureWithPublicKey(
	in template (value) Certificate p_certificate,		in template (value) Certificate p_cert,
	in template (value) PublicKey p_publicKey		in template (value) PublicKey p_publicKey
	) return boolean {		) return boolean {

	@@ -406,51 +392,55 @@ module LibItsSecurity_Functions {
	var boolean v_result := false;		var boolean v_result := false;
	var template (value) ToBeSignedCertificate v_toBeSignedCertificate;		var template (value) ToBeSignedCertificate v_toBeSignedCertificate;

	// Sanity check
	if (p_publicKey.algorithm != e_ecdsa_nistp256_with_sha256) {
	log("f_verifyCertificateSignatureWithPublicKey: Invalid algorithm: ", p_publicKey.algorithm);
	return false;
	}
	log(">>> f_verifyCertificateSignatureWithPublicKey: p_certificate=", p_certificate);
	log(">>> f_verifyCertificateSignatureWithPublicKey: p_publicKey=", p_publicKey);

	// Create Certificate payload to be signed		// Create Certificate payload to be signed
	v_toBeSignedCertificate := m_toBeSignedCertificate(p_certificate);		v_toBeSignedCertificate := m_toBeSignedCertificate(p_cert);
	log("f_verifyCertificateSignatureWithPublicKey: v_toBeSignedCertificate=", v_toBeSignedCertificate);

	// Endode it
	v_secPayload := bit2oct(encvalue(v_toBeSignedCertificate));		v_secPayload := bit2oct(encvalue(v_toBeSignedCertificate));
	log("f_verifyCertificateSignatureWithPublicKey: v_secPayload=", v_secPayload);

	// Calculate the hash of the SecuredMessage payload to be signed		// Calculate the hash of the SecuredMessage payload to be signed
	v_hash := fx_hashWithSha256(v_secPayload);		v_hash := fx_hashWithSha256(v_secPayload);
	log("f_verifyCertificateSignatureWithPublicKey: v_hash=", v_hash);

	// Verify payload		// Verify payload
	v_signedData :=		v_signedData :=
	'0000'O &		'0000'O &
	p_certificate.signature_.signature_.ecdsa_signature.r.x &		p_cert.signature_.signature_.ecdsa_signature.r.x &
	p_certificate.signature_.signature_.ecdsa_signature.s;		p_cert.signature_.signature_.ecdsa_signature.s;
	log("f_verifyCertificateSignatureWithPublicKey: v_ signedData=", v_signedData);
	v_result := f_verifyWithEcdsaNistp256WithSha256(		v_result := f_verifyWithEcdsaNistp256WithSha256(
	v_hash,		v_hash,
	v_signedData,		v_signedData,
	p_publicKey.public_key.eccPoint.x,		p_publicKey.public_key.eccPoint.x,
	p_publicKey.public_key.eccPoint.y.y		p_publicKey.public_key.eccPoint.y.y
	);		);
	log("f_verifyCertificateSignatureWithPublicKey: v_ v_result=", v_result);

	return v_result;		return v_result;
	} // End of function f_verifyCertificateSignatureWithPublicKey		} // End of finction f_verifyCertificateSignatureWithPublicKey

			/**
			* @desc Verify the signature of the provided secured message
			* @param p_cert Certificate to be verified
			* @param p_verify Issuing certificate
			* @return true on success, false otherwise
			* @verdict
			*/
			function f_verifyCertificateSignatureWithIssuingCertificate(
			in template (value) Certificate p_cert,
			in template (value) Certificate p_verify
			) return boolean {
			return f_verifyCertificateSignatureWithPublicKey(p_cert, p_verify.subject_attributes[0].attribute.key);
			} // End of function f_verifyCertificateSignatureWithIssuingCertificate

			} // End of group hostSignatureHelpers

			group deviceSignatureHelpers {

	/**		/**
	* @desc Verify the signature of the provided secured message		* @desc Verify the signature of the provided secured message
	* @param p_securedMessage The message to be verified		* @param p_securedMessage The message to be verified
	* @param p_publicKey The ECDSA public key to verify a signature		* @param p_publicKey The ECDSA public key to verify a signature
			* @param p_certificate Certificate to be used to verify the message
	* @return true on success, false otherwise		* @return true on success, false otherwise
	* @verdict Unchanged		* @verdict
	*/		*/
	function f_verifySecuredSignatureWithPublicKey(		function f_verifyGnSecuredMessageSignatureWithPublicKey(
	in template (value) SecuredMessage p_securedMessage,		in template (value) SecuredMessage p_securedMessage,
	in template (value) PublicKey p_publicKey		in template (value) PublicKey p_publicKey
	) return boolean {		) return boolean {
	@@ -463,12 +453,6 @@ module LibItsSecurity_Functions {
	var boolean v_result := false;		var boolean v_result := false;
	var template (value) ToBeSignedSecuredMessage v_toBeSignedSecuredMessage;		var template (value) ToBeSignedSecuredMessage v_toBeSignedSecuredMessage;

	// Sanity check
	if (p_publicKey.algorithm != e_ecdsa_nistp256_with_sha256) {
	log("f_verifySecuredSignatureWithPublicKey: Invalid algorithm: ", p_publicKey.algorithm);
	return false;
	}

	// Create SecuredMessage payload to be signed		// Create SecuredMessage payload to be signed
	v_toBeSignedSecuredMessage := m_toBeSignedSecuredMessage(		v_toBeSignedSecuredMessage := m_toBeSignedSecuredMessage(
	p_securedMessage.security_profile,		p_securedMessage.security_profile,
	@@ -502,7 +486,22 @@ module LibItsSecurity_Functions {
	} // End of 'for' statement		} // End of 'for' statement

	return v_result;		return v_result;
	} // End of function f_verifySecuredSignatureWithPublicKey		} // End of function f_verifyCertificateSignatureWithPublicKey

			/**
			* @desc Verify the signature of the provided secured message
			* @param p_securedMessage
			* @param p_certificate Certificate to be used to verify the message
			* @return true on success, false otherwise
			* @verdict
			*/
			function f_verifyGnSecuredMessageSignatureWithCertificate(
			in template (value) SecuredMessage p_securedMessage,
			in template (value) Certificate p_certificate
			) return boolean {
			return f_verifyGnSecuredMessageSignatureWithPublicKey(p_securedMessage,
			p_certificate.subject_attributes[0].attribute.key);
			} // End of function f_verifyGnSecuredOtherMessageWithDeviceCertificate

	} // End of group deviceSignatureHelpers		} // End of group deviceSignatureHelpers

	@@ -513,10 +512,9 @@ module LibItsSecurity_Functions {
	* @param p_msg the SecuredMessage		* @param p_msg the SecuredMessage
	* @param p_type header field type		* @param p_type header field type
	* @return HeaderField of given type if any or null		* @return HeaderField of given type if any or null
	* @verdict Unchanged
	*/		*/
	function f_getMsgHeaderField(		function f_getMsgHeaderField(
	in SecuredMessage p_securedMessage,		in template (value) SecuredMessage p_securedMessage,
	in HeaderFieldType p_headerFieldType		in HeaderFieldType p_headerFieldType
	) return HeaderField {		) return HeaderField {
	var HeaderField v_return;		var HeaderField v_return;
	@@ -535,10 +533,9 @@ module LibItsSecurity_Functions {

	/**		/**
	* @desc return SignerInfo SecuredMessage field		* @desc return SignerInfo SecuredMessage field
	* @verdict Unchanged
	*/		*/
	function f_getMsgSignerInfo (		function f_getMsgSignerInfo (
	in SecuredMessage p_securedMessage		in template (value) SecuredMessage p_securedMessage
	) return SignerInfo {		) return SignerInfo {
	var HeaderField v_hf := f_getMsgHeaderField(p_securedMessage, e_signer_info);		var HeaderField v_hf := f_getMsgHeaderField(p_securedMessage, e_signer_info);

	@@ -554,7 +551,7 @@ module LibItsSecurity_Functions {
	group certificateGetters {		group certificateGetters {

	function f_getCertificateValidityRestriction(		function f_getCertificateValidityRestriction(
	in Certificate p_cert,		in template (value) Certificate p_cert,
	in ValidityRestrictionType p_type		in ValidityRestrictionType p_type
	) return ValidityRestriction {		) return ValidityRestriction {
	var ValidityRestriction v_return;		var ValidityRestriction v_return;
	@@ -570,8 +567,9 @@ module LibItsSecurity_Functions {
	return v_return;		return v_return;
	}		}

	function f_getCertificateSignerInfo (in Certificate p_cert)		function f_getCertificateSignerInfo (
	return SignerInfo {		in template (value) Certificate p_cert
			) return SignerInfo {
	var SignerInfo ret;		var SignerInfo ret;
	if (lengthof(p_cert.signer_infos) > 0) {		if (lengthof(p_cert.signer_infos) > 0) {
	ret := p_cert.signer_infos[0];		ret := p_cert.signer_infos[0];
	@@ -583,8 +581,21 @@ module LibItsSecurity_Functions {

	group CertRequests{		group CertRequests{

	function f_askForCertificate (in HashedId3 p_digest) {		function f_askForCertificate (in template (value) HashedId8 p_digest) {
			// Send CAM message with insert the request_unrecognized_certificate
			// header containing specified digest
			/* TODO: Waiting Alex to understand how to send message
			var SecuredMessage v_msg;

			if ( f_buildGnSecuredCam (v_msg,
			in octetstring p_unsecuredPayload,
			in ThreeDLocation p_threeDLocation,
			in template (omit) HeaderFields p_headerFileds := omit
			)) {


			}
			*/
	}		}

	} // End of group CertRequests		} // End of group CertRequests

Admin message