Re-organise function for signature check (ff1452cb) · Commits · TTCN-3 Libraries / LibIts

ttcn/Security/LibItsSecurity_Pixits.ttcn3

+193 −25

Original line number	Diff line number	Diff line
		@@ -11,47 +11,200 @@ module LibItsSecurity_Pixits {
		import from LibItsSecurity_TypesAndValues all;
		import from LibItsSecurity_Templates all;

		// FIXME Create a configuration structure to unify all PIXITs into one configuration PIXIT record of

		/**
		* @desc Index on the certificate to be used. Default: configuration #0
		*/
		modulepar integer PX_CERTIFICATE_CONFIG_IDX := 0;

		/**
		* @desc Signing private keys generated by the PKI Infrastructire tool (CertChainGenerator\src\org\etsi\stf440\pki\MainApp.java)
		* @desc CA certificates to be used by the Test Adapter
		*/
		modulepar KeyX PX_PRIVATE_SIGNING_KEYS := {
		'e60dbe6b12c52c25a8939bcc16be7d75cd882dc64c52e05b1ef94a6de3d45f12'O
		modulepar CertificateChain PX_CA_CERTIFICATES := {
		{ // Config #0
		version := 2,
		signer_infos := {
		{
		type_ := e_self,
		signerInfo := omit
		}
		},
		subject_info := m_subject_info_root_ca(
		'455453495f506c7567746573745f526f6f74'O // ETSI_Plugtest_Root
		),
		subject_attributes := {
		m_subject_attribute_verification_key(
		m_publicKey_eccPoint(
		m_eccPointecdsa_nistp256_with_sha256_uncompressed(
		'92bf354400a0e0ab3f2d78637f874ce2b9054db2f355495770c22a60ff7feb55'O,
		'3131013e3554dafce17f59f10162096bb77ceee7bd562cea9b903d58ca2a5a40'O
		)
		)
		),
		m_subject_attribute_encryption_key(
		m_publicKey_aesccm(
		m_aesccm(
		m_eccPointecdsa_nistp256_with_sha256_uncompressed(
		'c036c494f2d7e71f98a2229a7d8ea616089fc1c70777b7a3f58306076d67bbf1'O,
		'605402518fd3b486e5aba36dc12bb9f6c775f64458bca37e64c563789937596d'O
		)
		)
		)
		),
		m_subject_attribute_assurance_level(
		m_subjectAssurance(
		'001'B,
		'00'B
		)
		),
		m_subject_attribute_its_aid_list(
		{
		16512,
		16513
		}
		)
		},
		validity_restrictions := {
		m_validity_restriction_time_start_and_end(
		1405173485,
		1513691885
		),
		m_validity_restriction_region(
		m_geographicRegion_polygonial(
		{
		{
		latitude := 498716540,
		longitude := 86382080
		},
		{
		latitude := 498685550,
		longitude := 86411050
		},
		{
		latitude := 492040400,
		longitude := 86475600
		}
		}
		)
		)
		},
		signature_ := m_signature(
		m_ecdsaSignature(
		m_eccPointecdsa_nistp256_with_sha256_x_coordinate_only(
		'ff5f97a03a979cdd4597de08675be9e62c255d6ea4e547e9465326cd2110c693'O
		),
		'803cada03715fb8bc4ee2fd67022cafecf8631be91aa95036fb9a1a7462094c1'O
		)
		)
		} // End of config #0
		// TODO Add additional configurations
		};

		/**
		* @desc Encryption private keys generated by the PKI Infrastructire tool (CertChainGenerator\src\org\etsi\stf440\pki\MainApp.java)
		* @desc AA certificates to be used by the Test Adapter
		*/
		modulepar KeyX PC_PRIVATE_ENCRYPTION_KEYS := {
		'0d1a46bb3fc6f4384da2b0a31eaecb43264379d1b44a68ca488f70419795c1de'O
		modulepar CertificateChain PX_AA_CERTIFICATES := {
		{ // Config #0
		version := 2,
		signer_infos := {
		{
		type_ := e_certificate,
		signerInfo := {
		certificate := PX_CA_CERTIFICATES[0]
		} // End of field signerInfo
		}
		},
		subject_info := m_subject_info_authorization_authority(
		'455453495F506C7567746573745F4141'O // ETSI_Plugtest_Root
		),
		subject_attributes := {
		m_subject_attribute_verification_key(
		m_publicKey_eccPoint(
		m_eccPointecdsa_nistp256_with_sha256_uncompressed(
		'caa982273bc9e2461a56cdbf5c9b703cb66ef77c4e94bb3f2c2d5b82677cca5c'O,
		'06823f000f978f9b3595df26b010b4205a8820fa132f1ab61696e78f417f4859'O
		)
		)
		),
		m_subject_attribute_encryption_key(
		m_publicKey_aesccm(
		m_aesccm(
		m_eccPointecdsa_nistp256_with_sha256_uncompressed(
		'946ae007565084c07d932f44de1ab6a42af73b8ca71357b86aa70482576c0bf0'O,
		'946ae007565084c07d932f44de1ab6a42af73b8ca71357b86aa70482576c0bf0'O
		)
		)
		)
		),
		m_subject_attribute_assurance_level(
		m_subjectAssurance(
		'001'B,
		'00'B
		)
		),
		m_subject_attribute_its_aid_list(
		{
		16512,
		16513
		}
		)
		},
		validity_restrictions := {
		m_validity_restriction_time_start_and_end(
		1405173485,
		1513691885
		),
		m_validity_restriction_region(
		m_geographicRegion_polygonial(
		{
		{
		latitude := 498716540,
		longitude := 86382080
		},
		{
		latitude := 498685550,
		longitude := 86411050
		},
		{
		latitude := 492040400,
		longitude := 86475600
		}
		}
		)
		)
		},
		signature_ := m_signature(
		m_ecdsaSignature(
		m_eccPointecdsa_nistp256_with_sha256_x_coordinate_only(
		'150186ab08396aa2411590e6cd0863c2496039b177f18aa8eafd7ca52f56e521'O
		),
		'9940d67b4d84699a7db813ad6a374392124fffc93f3b0973130b8c3b27f2753f'O
		)
		)
		} // End of config #0
		// TODO Add additional configurations
		};

		/**
		* @desc Authorization Tickate certificates generated by the PKI Infrastructire tool
		* @desc AT certificates to be used by the Test Adapter
		*/
		modulepar CertificateChain PX_AT_CERTIFICATES := {
		{
		{ // Config #0
		version := 2,
		signer_infos := {
		m_SignerInfo_digest(
		'0727A031EE3F372C'O
		)
		{
		type_ := e_certificate_digest_with_ecdsap256,
		signerInfo := {
		digest := '6dbeefd92c7f36db'O
		} // End of field signerInfo
		}
		},
		subject_info := m_subject_info_authorization_ticket,
		subject_attributes := {
		m_subject_attribute_verification_key(
		m_publicKey_eccPoint(
		m_eccPointecdsa_nistp256_with_sha256_uncompressed(
		'95dcdeb8d4fded1054d7b6b655795cad513c3d1c3b6c20ee54a7be3e452fb817'O,
		'ebab6899cee407d43d77cb3911410608bd275deb232d3c8b457268d628863fd8'O
		'e03a1a71ac4acab6459d990154422fceed2ebf9f3f55535a940904c8b8691266'O,
		'6c0f18f30f5816c88951998e81fb7902e6636569b84b17320fbfe3425f571293'O
		)
		)
		),
		@@ -59,8 +212,8 @@ module LibItsSecurity_Pixits {
		m_publicKey_aesccm(
		m_aesccm(
		m_eccPointecdsa_nistp256_with_sha256_uncompressed(
		'41fb63bfee1fffe94e09e3b7bb6a338f587e96fa24e6df2907fde11161b2d8df'O,
		'1e0095ef57a637732ea66423b47a8711bd24e9f321a61036e8826002f06a7b02'O
		'6aee8a4854270eade4791e510674428c83593f2bd71b499f2c9f6847e4a0163f'O,
		'ac0654e4a079a0fff5c77865c9d737d31064d49e84b01364b6c2c3d130a79f02'O
		)
		)
		)
		@@ -87,25 +240,40 @@ module LibItsSecurity_Pixits {
		signature_ := m_signature(
		m_ecdsaSignature(
		m_eccPointecdsa_nistp256_with_sha256_x_coordinate_only(
		'ff5f97a03a979cdd4597de08675be9e62c255d6ea4e547e9465326cd2110c693'O
		'98a4f9d866e52d0c994f763976b166684183b02cf9a1dda5f84a98fed3e43b77'O
		),
		'803cada03715fb8bc4ee2fd67022cafecf8631be91aa95036fb9a1a7462094c1'O
		'42d15b98abb6aa9ae611456057bc699b6c01cfd7e2d589105cf6568c33a32437'O
		)
		)
		} // End of Config #0
		} // End of config #0
		// TODO Add additional configurations
		}; // End of pixit PX_AT_CERTIFICATES
		};

		/**
		* @desc 3D location associated to each configuration
		* @desc 3D locations
		*/
		modulepar ThreeDLocations PX_THREED_LOCATIONS := {
		{
		modulepar ThreeDLocations PX_TRHEED_LOCATIONS := {
		{ // Config #0
		latitude := 12345,
		longitude := 12345,
		elevation := '020E'O
		} // End of Config #0
		} // End of config #0
		// TODO Add additional configurations
		};

		/**
		* @desc Desscribes the Test Adapter security configurations
		*/
		modulepar TaConfigs PX_TA_CONFIGS := {
		{ // Config #0
		signingPrivateKey := '92bf354400a0e0ab3f2d78637f874ce2b9054db2f355495770c22a60ff7feb55'O,
		encryptPrivateKey := '3131013e3554dafce17f59f10162096bb77ceee7bd562cea9b903d58ca2a5a40'O,
		caCertificate := PX_CA_CERTIFICATES[0],
		aaCertificate := PX_AA_CERTIFICATES[0],
		atCertificate := PX_AT_CERTIFICATES[0],
		location := PX_TRHEED_LOCATIONS[0]
		} // End of config #0
		// TODO Add additional configurations
		}; // End of modulepar PX_TA_CONFIGS

		} // End of module LibItsSecurity_Pixits
		No newline at end of file

ttcn/Security/LibItsSecurity_Templates.ttcn3

+62 −26

Original line number	Diff line number	Diff line
		/**
		* @author ETSI / STF481
		* @version $URL$
		* $Id$
		* @desc Module containing templates for Security Protocol
		@@ -14,7 +13,6 @@ module LibItsSecurity_Templates {

		// LibItsSecurity
		import from LibItsSecurity_TypesAndValues all;
		import from LibItsSecurity_Pixits all;

		/**
		* @desc Constants declaration
		@@ -325,22 +323,22 @@ module LibItsSecurity_Templates {
		/**
		* @desc Send template for self signed message
		*/
		template (value) SignerInfo m_SignerInfo_self := {
		template (value) SignerInfo m_signerInfo_self := {
		type_ := e_self,
		signerInfo := omit
		} // End of template m_SignerInfo_self
		} // End of template m_signerInfo_self

		/**
		* @desc Send template for self signed message
		*/
		template (value) SignerInfo m_SignerInfo_digest(
		template (value) SignerInfo m_signerInfo_digest(
		in template (value) HashedId8 p_digest
		) := {
		type_ := e_certificate_digest_with_ecdsap256,
		signerInfo := {
		digest := p_digest
		} // End of field signerInfo
		} // End of template m_SignerInfo_digest
		} // End of template m_signerInfo_digest

		template (value) SignerInfo m_signerInfo_certificate(
		in template (value) Certificate p_certificate
		@@ -643,7 +641,7 @@ module LibItsSecurity_Templates {
		security_profile := c_security_profileOthers,
		header_fields := {
		m_header_field_signer_info(
		m_SignerInfo_self
		m_signerInfo_self
		)
		},
		payload_fields := { },
		@@ -1848,18 +1846,6 @@ module LibItsSecurity_Templates {

		group otherSecurityProfilesSend {

		template (value) ToBeSignedSecuredMessage m_ToBeSignedSecuredMessage_profileOther(
		in template (value) HeaderFields p_header_fields,
		in template (omit) SecPayloads p_payload_fields,
		in template (value) TrailerFieldType p_trailer_field_type
		) := {
		protocol_version := c_protocol_version,
		security_profile := c_security_profileOthers,
		header_fields := p_header_fields,
		payload_fields := p_payload_fields,
		trailerFieldType := p_trailer_field_type
		} // End of template m_ToBeSignedSecuredMessage_profileOther

		template (value) SecuredMessage m_securedMessage_profileOther(
		in template (value) HeaderFields p_header_fields,
		in template (omit) SecPayloads p_payload_fields,
		@@ -1894,20 +1880,70 @@ module LibItsSecurity_Templates {

		} // End of group securityProfiles

		/**
		* @desc Send/receive templates for profiles for certificates
		* @see Draft ETSI TS 103 097 V1.1.6 Clause 7.4 Profiles for certificate
		*/
		group profileCertificates {

		/**
		* @desc SecuredMesage payload to be signed
		* @member p_security_profile The secury profile
		* @member p_header_fields The headers list
		* @member p_payload_fields The payloads list
		* @member p_trailer_field_type The trailer type
		* @see Draft ETSI TS 103 097 V1.1.6 Clause 7 Security profiles
		*/
		template (value) ToBeSignedSecuredMessage m_toBeSignedSecuredMessage(
		in UInt8 p_security_profile,
		in template (value) HeaderFields p_header_fields,
		in template (omit) SecPayloads p_payload_fields,
		in template (value) TrailerFieldType p_trailer_field_type
		) := {
		protocol_version := c_protocol_version,
		security_profile := p_security_profile,
		header_fields := p_header_fields,
		payload_fields := p_payload_fields,
		trailerFieldType := p_trailer_field_type
		} // End of template m_toBeSignedSecuredMessage

		/**
		* @desc The certificate paylaod to be signed
		* @member p_certificate The signed certificate to be verified
		* @see Draft ETSI TS 103 097 V1.1.6 Clause 7.4 Profiles for certificate
		*/
		template (value) ToBeSignedCertificate m_toBeSignedCertificate(
		in template (value) Certificate p_certificate
		) := {
		version := p_certificate.version,
		signer_infos := p_certificate.signer_infos,
		subject_info := p_certificate.subject_info,
		subject_attributes := p_certificate.subject_attributes,
		validity_restrictions := p_certificate.validity_restrictions.
		} // End of template m_toBeSignedCertificate

		} // End of group profileCertificates

		group taPrimitives {

		/**
		* @desc Enable security support
		*/
		template (value) AcEnableSecurity m_enableSecurity(
		in Oct32 p_signingPrivateKey,
		in Oct32 p_signingPublicKeyX,
		in Oct32 p_signingPublicKeyY,
		in Oct32 p_encryptPrivateKey,
		in Oct32 p_encryptPublicKeyX,
		in Oct32 p_encryptPublicKeyY,
		in octetstring p_ToBeSignedSecuredMessageTemplate
		) := {
		signingPrivateKey := PX_PRIVATE_SIGNING_KEYS[PX_CERTIFICATE_CONFIG_IDX],
		signingPublicKeyX := PX_AT_CERTIFICATES[PX_CERTIFICATE_CONFIG_IDX].subject_attributes[0].attribute.key.public_key.eccPoint.x,
		signingPublicKeyY := PX_AT_CERTIFICATES[PX_CERTIFICATE_CONFIG_IDX].subject_attributes[0].attribute.key.public_key.eccPoint.y.y,
		encryptPrivateKey := PC_PRIVATE_ENCRYPTION_KEYS[PX_CERTIFICATE_CONFIG_IDX],
		encryptPublicKeyX := PX_AT_CERTIFICATES[PX_CERTIFICATE_CONFIG_IDX].subject_attributes[1].attribute.key.public_key.aesCcm.eccPoint.x,
		encryptPublicKeyY := PX_AT_CERTIFICATES[PX_CERTIFICATE_CONFIG_IDX].subject_attributes[1].attribute.key.public_key.aesCcm.eccPoint.y.y,
		signingPrivateKey := p_signingPrivateKey,
		signingPublicKeyX := p_signingPublicKeyX,
		signingPublicKeyY := p_signingPublicKeyY,
		encryptPrivateKey := p_encryptPrivateKey,
		encryptPublicKeyX := p_encryptPublicKeyX,
		encryptPublicKeyY := p_encryptPublicKeyY,
		ToBeSignedSecuredMessageTemplate := p_ToBeSignedSecuredMessageTemplate
		} // End of template m_enableSecurity

ttcn/Security/LibItsSecurity_TypesAndValues.ttcn3

+57 −21

Original line number	Diff line number	Diff line
		@@ -290,7 +290,7 @@ module LibItsSecurity_TypesAndValues {
		} // End of type TwoDLocation

		/**
		* @desc Specify a two dimensional location
		* @desc Specify a three dimensional location
		* @member latitude Latitude in tenths of micro degrees relative to the World Geodetic System (WGS)-84 datum
		* @member longitude Longitude in tenths of micro degrees relative to the World Geodetic System (WGS)-84 datum
		* @member elevation Elevation relative to the WGS-84 ellipsoid in decimetres
		@@ -302,7 +302,10 @@ module LibItsSecurity_TypesAndValues {
		Oct2 elevation // Due to physical meaning, it cannot be Oct0to2
		} // End of type ThreeDLocation

		type record of ThreeDLocation ThreeDLocations; // FIXME To be removed after creation of the configuration structure to unify all PIXITs into one configuration PIXIT record of
		/**
		* @desc Specify a list of three dimensional locations
		*/
		type record of ThreeDLocation ThreeDLocations;

		/**
		* @desc Defines geographic regions used to limit the validity of certificates
		@@ -568,23 +571,6 @@ module LibItsSecurity_TypesAndValues {

		group certificateSpecification {

		/**
		* @desc Certificate description, part to be signed
		* @member version The certificate's version. Shall be set to 2
		* @member signer_infos The certificate's signers
		* @member subject_info Information on the certificate's subject
		* @member subject_attributes The certificate's subject
		* @member validity_restrictions Restrictions regarding the certificate's validity
		* @see Draft ETSI TS 103 097 V1.1.6 Clause 6.1 Certificate
		*/
		type record ToBeSignedCertificate {
		UInt8 version,
		SignerInfos signer_infos,
		SubjectInfo subject_info,
		SubjectAttributes subject_attributes,
		ValidityRestrictions validity_restrictions
		} // End of type ToBeSignedCertificate

		/**
		* @desc Certificate description
		* @member version The certificate's version. Shall be set to 2
		@@ -769,6 +755,58 @@ module LibItsSecurity_TypesAndValues {

		} // End of group certificateSpecification

		/**
		* @desc Send/receive templates for profiles for certificates
		* @see Draft ETSI TS 103 097 V1.1.6 Clause 7.4 Profiles for certificate
		*/
		group profileCertificates {

		/**
		* @desc Certificate description, part to be signed
		* @member version The certificate's version. Shall be set to 2
		* @member signer_infos The certificate's signers
		* @member subject_info Information on the certificate's subject
		* @member subject_attributes The certificate's subject
		* @member validity_restrictions Restrictions regarding the certificate's validity
		* @see Draft ETSI TS 103 097 V1.1.6 Clause 7.4 Profiles for certificate
		*/
		type record ToBeSignedCertificate {
		UInt8 version,
		SignerInfos signer_infos,
		SubjectInfo subject_info,
		SubjectAttributes subject_attributes,
		ValidityRestrictions validity_restrictions
		} // End of type ToBeSignedCertificate

		} // End of group profileCertificates

		group taConfiguration {

		/**
		* @desc Describes the Test Adapter security configuration
		* @member signingPrivateKey Signing private keys generated by the PKI Infrastructire tool (CertChainGenerator\src\org\etsi\stf440\pki\MainApp.java)
		* @member encryptPrivateKey Encryption private keys generated by the PKI Infrastructire tool (CertChainGenerator\src\org\etsi\stf440\pki\MainApp.java)
		* @member caCertificate Certificates Authorization certificate generated by the PKI Infrastructire tool
		* @member aaCertificate Enrolment Credential certificate generated by the PKI Infrastructire tool
		* @member atCertificate Authorization Tickate certificate generated by the PKI Infrastructire tool
		* @member location 3D location associated to each configuration
		*/
		type record TaConfig {
		Oct32 signingPrivateKey,
		Oct32 encryptPrivateKey,
		Certificate caCertificate,
		Certificate aaCertificate,
		Certificate atCertificate,
		ThreeDLocation location
		} // End of type TaConfig

		/**
		* @desc Desscribes the Test Adapter security configurations
		*/
		type record of TaConfig TaConfigs;

		} // End of group taConfiguration

		group taPrimitives {

		/**
		@@ -800,8 +838,6 @@ module LibItsSecurity_TypesAndValues {
		encode "UpperTester"
		} // End of group utPrimitives

		type set of Oct32 KeyX;

		} with {
		encode "LibItsSecurity"
		} // End of module LibItsSecurity_TypesAndValues

Admin message