Loading ttcn/Pki/LibItsPki_Functions.ttcn +95 −47 File changed.Preview size limit exceeded, changes collapsed. Show changes ttcn/Pki/LibItsPki_Pixits.ttcn +6 −2 Original line number Diff line number Diff line Loading @@ -35,13 +35,17 @@ module LibItsPki_Pixits { */ modulepar SecurityAlg PX_EC_ALG_FOR_EC := e_nist_p256; // TODO Use RCA to determine encryption algorithm? /** * @desc Indicate which encryption algorithem to be used for Authorization Request * @desc Indicate which encryption algorithem to be used for Authorization Request (AA certificate of the IUT) */ modulepar SecurityAlg PX_EC_ALG_FOR_AT := e_nist_p256; /** * @desc Indicate which encryption algorithem to be used for Authorization Validation Request * @desc Indicate which encryption algorithem to be used for Authorization Validation Request (EA certificate of the IUT) */ modulepar SecurityAlg PX_EC_ALG_FOR_ATV := e_nist_p256; /** * @desc Indicate which encryption algorithem to be used for EcSignature (EA certificate of the IUT) */ modulepar SecurityAlg PX_EC_ALG_FOR_EC_SIGN := e_nist_p256; /** * @desc Indicate which verification algorithem to be used Loading ttcn/Pki/LibItsPki_Templates.ttcn +10 −1 Original line number Diff line number Diff line Loading @@ -278,6 +278,15 @@ module LibItsPki_Templates { certIssuePermissions := omit } // End of template m_certificateSubjectAttributes_id_none template (omit) CertificateSubjectAttributes m_certificateSubjectAttributes_id_omit( in template (value) SequenceOfPsidSsp p_appPermissions, in template (omit) ValidityPeriod p_validityPeriod := omit, in template (omit) GeographicRegion p_region := omit, in template (omit) SubjectAssurance p_assuranceLevel := omit ) modifies m_certificateSubjectAttributes_id_none := { id := omit } // End of template m_certificateSubjectAttributes_id_omit template (omit) CertificateSubjectAttributes m_certificateSubjectAttributes_id_name( in template (value) Hostname p_name, in template (value) SequenceOfPsidSsp p_appPermissions, Loading Loading @@ -482,7 +491,7 @@ module LibItsPki_Templates { template (present) SequenceOfPsidSsp p_appPermissions := ?, template CertificateId p_id := *, template (present) ValidityPeriod p_validityPeriod := ?, template (present) SubjectAssurance p_assuranceLevel := ?, template SubjectAssurance p_assuranceLevel := *, template GeographicRegion p_region := *, template SequenceOfPsidGroupPermissions p_certIssuePermissions := omit ) := { Loading ttcn/Pki/LibItsPki_TestSystem.ttcn +2 −0 Original line number Diff line number Diff line Loading @@ -77,11 +77,13 @@ module LibItsPki_TestSystem { var octetstring vc_eaPrivateKey; /** Test Adapter EA private key for signature */ var octetstring vc_eaPrivateEncKey; /** Test Adapter EA private key for encryption */ var octetstring vc_eaWholeHash; /** Test Adapter EA whole-hash for signature check */ var octetstring vc_eaWholeHash256; /** Test Adapter EA whole-hash using SHA 256 for encryption because of encryption key size ==32 */ var HashedId8 vc_eaHashedId8; /** Test Adapter EA HashedId8 for decryption of IUT's response */ var octetstring vc_aaPrivateKey; /** Test Adapter AA private key for signature */ var octetstring vc_aaPrivateEncKey; /** Test Adapter AA private key for encryption */ var HashedId8 vc_aaHashedId8; /** Test Adapter AA HashedId8 for decryption of IUT's response */ var octetstring vc_aaWholeHash; /** Test Adapter AA whole-hash for signature check */ var octetstring vc_aaWholeHash256; /** Test Adapter EA whole-hash using SHA 256 for encryption because of encryption key size ==32 */ } // End of component ItsPkiHttp /** Loading ttcn/Security/LibItsSecurity_Functions.ttcn +39 −11 Original line number Diff line number Diff line Loading @@ -107,6 +107,9 @@ module LibItsSecurity_Functions { in Oct48 p_certificateIssuer, in Oct48 p_privateKey ) return octetstring { log(">>> f_signWithEcdsaBrainpoolp384WithSha384: ", p_toBeSignedSecuredMessage); log(">>> f_signWithEcdsaBrainpoolp384WithSha384: ", p_certificateIssuer); log(">>> f_signWithEcdsaBrainpoolp384WithSha384: ", p_privateKey); return fx_signWithEcdsaBrainpoolp384WithSha384( p_toBeSignedSecuredMessage, p_certificateIssuer, Loading Loading @@ -865,8 +868,8 @@ module LibItsSecurity_Functions { ); p_securedMessage.content.signedData.signature_ := valueof(m_signature_ecdsaBrainpoolP384r1( m_ecdsaP384Signature( m_eccP384CurvePoint_x_only(substr(v_signature, 0, 32)), substr(v_signature, 32, 32) m_eccP384CurvePoint_x_only(substr(v_signature, 0, 48)), substr(v_signature, 48, 48) ) )); } // TODO To be continued Loading Loading @@ -904,7 +907,7 @@ module LibItsSecurity_Functions { var octetstring v_secPayload, v_signature; var template (value) ToBeSignedData v_toBeSignedData; var integer i, j, k, n; var HeaderInfo v_headerFields := {}; var HeaderInfo v_headerFields; var Ieee1609Dot2Content v_toBeSignedPayload; var Oct32 v_privateKey; var UInt8 v_trailerSize; Loading Loading @@ -1207,7 +1210,7 @@ module LibItsSecurity_Functions { // Local variables var EtsiTs103097Certificate v_aaCertificate, v_atCertificate; var HeaderInfo v_mandatoryHeaders := {}; var HeaderInfo v_mandatoryHeaders; var HeaderInfo v_signerInfo; // Load certificates if required Loading Loading @@ -1282,7 +1285,7 @@ module LibItsSecurity_Functions { // Local variables var EtsiTs103097Certificate v_aaCertificate, v_atCertificate; var HeaderInfo v_mandatoryHeaders := {}; var HeaderInfo v_mandatoryHeaders; var HeaderInfo v_signerInfo; // Load certificates if required Loading Loading @@ -1359,7 +1362,7 @@ module LibItsSecurity_Functions { // Local variables var EtsiTs103097Certificate v_aaCertificate, v_atCertificate; var HeaderInfo v_mandatoryHeaders := {}; var HeaderInfo v_mandatoryHeaders; var HeaderInfo v_signerInfo; // Load certificates if required Loading Loading @@ -1429,7 +1432,7 @@ module LibItsSecurity_Functions { // Local variables var EtsiTs103097Certificate v_aaCertificate, v_atCertificate; var HeaderInfo v_mandatoryHeaders := {}; var HeaderInfo v_mandatoryHeaders; var HeaderInfo v_signerInfo; // Load certificates if required Loading Loading @@ -1504,7 +1507,7 @@ module LibItsSecurity_Functions { // Local variables var EtsiTs103097Certificate v_aaCertificate, v_atCertificate; var HeaderInfo v_mandatoryHeaders := {}; var HeaderInfo v_mandatoryHeaders; var HeaderInfo v_signerInfo; // Load certificates if required Loading Loading @@ -2044,7 +2047,7 @@ module LibItsSecurity_Functions { } } // End of 'for' statement if (v_found == false) { log("f_verifySspPermissions: Permission set not found: ", v_issuerPsidSsp) log("f_verifySspPermissions: Permission set not found: ", v_issuerPsidSsp); if (p_strict_checks == true) { return false; } else { Loading @@ -2054,7 +2057,7 @@ module LibItsSecurity_Functions { // 2. Validate bits mask if (ispresent(v_issuerPsidSsp.ssp)) { if (ispresent(v_subordinatePsidSsp.ssp) == false) { log("f_verifySspPermissions: Ssp shall not be omitted: ", v_issuerPsidSsp) log("f_verifySspPermissions: Ssp shall not be omitted: ", v_issuerPsidSsp); if (p_strict_checks == true) { return false; } Loading Loading @@ -2277,6 +2280,23 @@ module LibItsSecurity_Functions { return true; } // End of function f_getCertificateHash /** * @desc Read the whole-hash of the certificate SHA 256 * @param p_certificate_id the certificate identifier * @param p_hash the whole-hash of the certificate using SHA 256 * @return true on success, false otherwise */ function f_getCertificateHash256( in charstring p_certificate_id, out Oct32 p_hash ) return boolean { if (not fx_readCertificateHash256(p_certificate_id, p_hash)){ log("f_getCertificateHash256: Failed to retrieve digest for ", p_certificate_id); return false; } return true; } // End of function f_getCertificateHash function f_getCertificateFromDigest( in HashedId8 p_digest, out EtsiTs103097Certificate p_certificate Loading Loading @@ -2657,7 +2677,7 @@ module LibItsSecurity_Functions { * @return true on success, false otherwise */ external function fx_loadCertificates(in charstring p_rootDirectory, in charstring p_configId) return boolean; external function fx_store_certificate(in charstring p_cert_id, in octetstring p_cert, in octetstring p_private_key, in octetstring p_public_key_x, in octetstring p_public_key_y, in octetstring p_public_key_compressed, in integer p_public_key_compressed_mode, in octetstring p_hash, in octetstring p_hashid8, in octetstring p_issuer, in template (omit) octetstring p_private_enc_key, in template (omit) octetstring p_public_enc_key_x, in template (omit) octetstring p_public_enc_key_y, in template (omit) octetstring p_public_enc_compressed_key, in template (omit) integer p_public_enc_key_compressed_mode) return boolean; external function fx_store_certificate(in charstring p_cert_id, in octetstring p_cert, in octetstring p_private_key, in octetstring p_public_key_x, in octetstring p_public_key_y, in octetstring p_public_key_compressed, in integer p_public_key_compressed_mode, in octetstring p_hash, in octetstring p_hash_256, in octetstring p_hashid8, in octetstring p_issuer, in template (omit) octetstring p_private_enc_key, in template (omit) octetstring p_public_enc_key_x, in template (omit) octetstring p_public_enc_key_y, in template (omit) octetstring p_public_enc_compressed_key, in template (omit) integer p_public_enc_key_compressed_mode) return boolean; /** * @desc Unload from memory cache the certificates Loading Loading @@ -2689,6 +2709,14 @@ module LibItsSecurity_Functions { */ external function fx_readCertificateHash(in charstring p_certificate_id, out octetstring p_hash) return boolean; /** * @desc Read the whole-hash of the specified certificate using SHA 256 * @param p_certificate_id the certificate identifier * @param p_hash the whole-hash of the certificate * @return true on success, false otherwise */ external function fx_readCertificateHash256(in charstring p_certificate_id, out Oct32 p_hash) return boolean; external function fx_readCertificateFromDigest(in HashedId8 p_digest, out charstring p_certificate_id) return boolean; external function fx_readCertificateFromHashedId3(in HashedId3 p_digest, out charstring p_certificate_id) return boolean; Loading Loading
ttcn/Pki/LibItsPki_Functions.ttcn +95 −47 File changed.Preview size limit exceeded, changes collapsed. Show changes
ttcn/Pki/LibItsPki_Pixits.ttcn +6 −2 Original line number Diff line number Diff line Loading @@ -35,13 +35,17 @@ module LibItsPki_Pixits { */ modulepar SecurityAlg PX_EC_ALG_FOR_EC := e_nist_p256; // TODO Use RCA to determine encryption algorithm? /** * @desc Indicate which encryption algorithem to be used for Authorization Request * @desc Indicate which encryption algorithem to be used for Authorization Request (AA certificate of the IUT) */ modulepar SecurityAlg PX_EC_ALG_FOR_AT := e_nist_p256; /** * @desc Indicate which encryption algorithem to be used for Authorization Validation Request * @desc Indicate which encryption algorithem to be used for Authorization Validation Request (EA certificate of the IUT) */ modulepar SecurityAlg PX_EC_ALG_FOR_ATV := e_nist_p256; /** * @desc Indicate which encryption algorithem to be used for EcSignature (EA certificate of the IUT) */ modulepar SecurityAlg PX_EC_ALG_FOR_EC_SIGN := e_nist_p256; /** * @desc Indicate which verification algorithem to be used Loading
ttcn/Pki/LibItsPki_Templates.ttcn +10 −1 Original line number Diff line number Diff line Loading @@ -278,6 +278,15 @@ module LibItsPki_Templates { certIssuePermissions := omit } // End of template m_certificateSubjectAttributes_id_none template (omit) CertificateSubjectAttributes m_certificateSubjectAttributes_id_omit( in template (value) SequenceOfPsidSsp p_appPermissions, in template (omit) ValidityPeriod p_validityPeriod := omit, in template (omit) GeographicRegion p_region := omit, in template (omit) SubjectAssurance p_assuranceLevel := omit ) modifies m_certificateSubjectAttributes_id_none := { id := omit } // End of template m_certificateSubjectAttributes_id_omit template (omit) CertificateSubjectAttributes m_certificateSubjectAttributes_id_name( in template (value) Hostname p_name, in template (value) SequenceOfPsidSsp p_appPermissions, Loading Loading @@ -482,7 +491,7 @@ module LibItsPki_Templates { template (present) SequenceOfPsidSsp p_appPermissions := ?, template CertificateId p_id := *, template (present) ValidityPeriod p_validityPeriod := ?, template (present) SubjectAssurance p_assuranceLevel := ?, template SubjectAssurance p_assuranceLevel := *, template GeographicRegion p_region := *, template SequenceOfPsidGroupPermissions p_certIssuePermissions := omit ) := { Loading
ttcn/Pki/LibItsPki_TestSystem.ttcn +2 −0 Original line number Diff line number Diff line Loading @@ -77,11 +77,13 @@ module LibItsPki_TestSystem { var octetstring vc_eaPrivateKey; /** Test Adapter EA private key for signature */ var octetstring vc_eaPrivateEncKey; /** Test Adapter EA private key for encryption */ var octetstring vc_eaWholeHash; /** Test Adapter EA whole-hash for signature check */ var octetstring vc_eaWholeHash256; /** Test Adapter EA whole-hash using SHA 256 for encryption because of encryption key size ==32 */ var HashedId8 vc_eaHashedId8; /** Test Adapter EA HashedId8 for decryption of IUT's response */ var octetstring vc_aaPrivateKey; /** Test Adapter AA private key for signature */ var octetstring vc_aaPrivateEncKey; /** Test Adapter AA private key for encryption */ var HashedId8 vc_aaHashedId8; /** Test Adapter AA HashedId8 for decryption of IUT's response */ var octetstring vc_aaWholeHash; /** Test Adapter AA whole-hash for signature check */ var octetstring vc_aaWholeHash256; /** Test Adapter EA whole-hash using SHA 256 for encryption because of encryption key size ==32 */ } // End of component ItsPkiHttp /** Loading
ttcn/Security/LibItsSecurity_Functions.ttcn +39 −11 Original line number Diff line number Diff line Loading @@ -107,6 +107,9 @@ module LibItsSecurity_Functions { in Oct48 p_certificateIssuer, in Oct48 p_privateKey ) return octetstring { log(">>> f_signWithEcdsaBrainpoolp384WithSha384: ", p_toBeSignedSecuredMessage); log(">>> f_signWithEcdsaBrainpoolp384WithSha384: ", p_certificateIssuer); log(">>> f_signWithEcdsaBrainpoolp384WithSha384: ", p_privateKey); return fx_signWithEcdsaBrainpoolp384WithSha384( p_toBeSignedSecuredMessage, p_certificateIssuer, Loading Loading @@ -865,8 +868,8 @@ module LibItsSecurity_Functions { ); p_securedMessage.content.signedData.signature_ := valueof(m_signature_ecdsaBrainpoolP384r1( m_ecdsaP384Signature( m_eccP384CurvePoint_x_only(substr(v_signature, 0, 32)), substr(v_signature, 32, 32) m_eccP384CurvePoint_x_only(substr(v_signature, 0, 48)), substr(v_signature, 48, 48) ) )); } // TODO To be continued Loading Loading @@ -904,7 +907,7 @@ module LibItsSecurity_Functions { var octetstring v_secPayload, v_signature; var template (value) ToBeSignedData v_toBeSignedData; var integer i, j, k, n; var HeaderInfo v_headerFields := {}; var HeaderInfo v_headerFields; var Ieee1609Dot2Content v_toBeSignedPayload; var Oct32 v_privateKey; var UInt8 v_trailerSize; Loading Loading @@ -1207,7 +1210,7 @@ module LibItsSecurity_Functions { // Local variables var EtsiTs103097Certificate v_aaCertificate, v_atCertificate; var HeaderInfo v_mandatoryHeaders := {}; var HeaderInfo v_mandatoryHeaders; var HeaderInfo v_signerInfo; // Load certificates if required Loading Loading @@ -1282,7 +1285,7 @@ module LibItsSecurity_Functions { // Local variables var EtsiTs103097Certificate v_aaCertificate, v_atCertificate; var HeaderInfo v_mandatoryHeaders := {}; var HeaderInfo v_mandatoryHeaders; var HeaderInfo v_signerInfo; // Load certificates if required Loading Loading @@ -1359,7 +1362,7 @@ module LibItsSecurity_Functions { // Local variables var EtsiTs103097Certificate v_aaCertificate, v_atCertificate; var HeaderInfo v_mandatoryHeaders := {}; var HeaderInfo v_mandatoryHeaders; var HeaderInfo v_signerInfo; // Load certificates if required Loading Loading @@ -1429,7 +1432,7 @@ module LibItsSecurity_Functions { // Local variables var EtsiTs103097Certificate v_aaCertificate, v_atCertificate; var HeaderInfo v_mandatoryHeaders := {}; var HeaderInfo v_mandatoryHeaders; var HeaderInfo v_signerInfo; // Load certificates if required Loading Loading @@ -1504,7 +1507,7 @@ module LibItsSecurity_Functions { // Local variables var EtsiTs103097Certificate v_aaCertificate, v_atCertificate; var HeaderInfo v_mandatoryHeaders := {}; var HeaderInfo v_mandatoryHeaders; var HeaderInfo v_signerInfo; // Load certificates if required Loading Loading @@ -2044,7 +2047,7 @@ module LibItsSecurity_Functions { } } // End of 'for' statement if (v_found == false) { log("f_verifySspPermissions: Permission set not found: ", v_issuerPsidSsp) log("f_verifySspPermissions: Permission set not found: ", v_issuerPsidSsp); if (p_strict_checks == true) { return false; } else { Loading @@ -2054,7 +2057,7 @@ module LibItsSecurity_Functions { // 2. Validate bits mask if (ispresent(v_issuerPsidSsp.ssp)) { if (ispresent(v_subordinatePsidSsp.ssp) == false) { log("f_verifySspPermissions: Ssp shall not be omitted: ", v_issuerPsidSsp) log("f_verifySspPermissions: Ssp shall not be omitted: ", v_issuerPsidSsp); if (p_strict_checks == true) { return false; } Loading Loading @@ -2277,6 +2280,23 @@ module LibItsSecurity_Functions { return true; } // End of function f_getCertificateHash /** * @desc Read the whole-hash of the certificate SHA 256 * @param p_certificate_id the certificate identifier * @param p_hash the whole-hash of the certificate using SHA 256 * @return true on success, false otherwise */ function f_getCertificateHash256( in charstring p_certificate_id, out Oct32 p_hash ) return boolean { if (not fx_readCertificateHash256(p_certificate_id, p_hash)){ log("f_getCertificateHash256: Failed to retrieve digest for ", p_certificate_id); return false; } return true; } // End of function f_getCertificateHash function f_getCertificateFromDigest( in HashedId8 p_digest, out EtsiTs103097Certificate p_certificate Loading Loading @@ -2657,7 +2677,7 @@ module LibItsSecurity_Functions { * @return true on success, false otherwise */ external function fx_loadCertificates(in charstring p_rootDirectory, in charstring p_configId) return boolean; external function fx_store_certificate(in charstring p_cert_id, in octetstring p_cert, in octetstring p_private_key, in octetstring p_public_key_x, in octetstring p_public_key_y, in octetstring p_public_key_compressed, in integer p_public_key_compressed_mode, in octetstring p_hash, in octetstring p_hashid8, in octetstring p_issuer, in template (omit) octetstring p_private_enc_key, in template (omit) octetstring p_public_enc_key_x, in template (omit) octetstring p_public_enc_key_y, in template (omit) octetstring p_public_enc_compressed_key, in template (omit) integer p_public_enc_key_compressed_mode) return boolean; external function fx_store_certificate(in charstring p_cert_id, in octetstring p_cert, in octetstring p_private_key, in octetstring p_public_key_x, in octetstring p_public_key_y, in octetstring p_public_key_compressed, in integer p_public_key_compressed_mode, in octetstring p_hash, in octetstring p_hash_256, in octetstring p_hashid8, in octetstring p_issuer, in template (omit) octetstring p_private_enc_key, in template (omit) octetstring p_public_enc_key_x, in template (omit) octetstring p_public_enc_key_y, in template (omit) octetstring p_public_enc_compressed_key, in template (omit) integer p_public_enc_key_compressed_mode) return boolean; /** * @desc Unload from memory cache the certificates Loading Loading @@ -2689,6 +2709,14 @@ module LibItsSecurity_Functions { */ external function fx_readCertificateHash(in charstring p_certificate_id, out octetstring p_hash) return boolean; /** * @desc Read the whole-hash of the specified certificate using SHA 256 * @param p_certificate_id the certificate identifier * @param p_hash the whole-hash of the certificate * @return true on success, false otherwise */ external function fx_readCertificateHash256(in charstring p_certificate_id, out Oct32 p_hash) return boolean; external function fx_readCertificateFromDigest(in HashedId8 p_digest, out charstring p_certificate_id) return boolean; external function fx_readCertificateFromHashedId3(in HashedId3 p_digest, out charstring p_certificate_id) return boolean; Loading
