Skip to content
GitLab
Commits (1)
Hide whitespace changes
Inline Side-by-side
ttcn/Pki/LibItsPki_Functions.ttcn
View file @ c2b587e6
......@@ -488,6 +488,66 @@ module LibItsPki_Functions {
}
}
} // End of function f_http_send
function f_generate_key_tag(
in octetstring p_public_key_compressed,
in integer p_compressed_key_mode,
in octetstring p_public_compressed_enc_key,
in integer p_compressed_enc_key_mode,
out octetstring p_encoded_tag
) return boolean {
// Local variables
var PublicVerificationKey v_verification_tag;
var PublicEncryptionKey v_encryption_tag;
if (PX_VE_ALG == e_nist_p256) {
if (p_compressed_key_mode == 0) {
v_verification_tag.ecdsaNistP256.compressed_y_0 := p_public_key_compressed;
} else {
v_verification_tag.ecdsaNistP256.compressed_y_1 := p_public_key_compressed;
}
} else if (PX_VE_ALG == e_brainpool_p256_r1) {
if (p_compressed_key_mode == 0) {
v_verification_tag.ecdsaBrainpoolP256r1.compressed_y_0 := p_public_key_compressed;
} else {
v_verification_tag.ecdsaBrainpoolP256r1.compressed_y_1 := p_public_key_compressed;
}
} else if (PX_VE_ALG == e_brainpool_p384_r1) {
if (p_compressed_key_mode == 0) {
v_verification_tag.ecdsaBrainpoolP384r1.compressed_y_0 := p_public_key_compressed;
} else {
v_verification_tag.ecdsaBrainpoolP384r1.compressed_y_1 := p_public_key_compressed;
}
} else {
log("f_generate_key_tag: Failed to generate HMAC tag");
return false;
}
log("f_generate_key_tag: v_verification_tag= ", v_verification_tag);
p_encoded_tag := bit2oct(encvalue(v_verification_tag));
if (PX_INCLUDE_ENCRYPTION_KEYS) {
v_encryption_tag.supportedSymmAlg := aes128Ccm;
if (PX_EC_ALG_FOR_AT == e_nist_p256) {
if (p_compressed_enc_key_mode == 0) {
v_encryption_tag.publicKey.eciesNistP256.compressed_y_0 := p_public_compressed_enc_key;
} else {
v_encryption_tag.publicKey.eciesNistP256.compressed_y_1 := p_public_compressed_enc_key;
}
} else if (PX_EC_ALG_FOR_AT == e_brainpool_p256_r1) {
if (p_compressed_enc_key_mode == 0) {
v_encryption_tag.publicKey.eciesBrainpoolP256r1.compressed_y_0 := p_public_compressed_enc_key;
} else {
v_encryption_tag.publicKey.eciesBrainpoolP256r1.compressed_y_1 := p_public_compressed_enc_key;
}
} else {
log("f_generate_key_tag: Failed to generate HMAC tag (enc)");
return false;
}
log("f_generate_key_tag: v_encryption_tag= ", v_encryption_tag);
p_encoded_tag := p_encoded_tag & bit2oct(encvalue(v_encryption_tag));
}
return true;
} // End of function f_generate_key_tag
} // End of group helpers
......@@ -1223,14 +1283,14 @@ module LibItsPki_Functions {
m_validityPeriod(
f_getCurrentTime() / 1000,
m_duration_in_hours(120)
)/*,
),
m_geographicRegion_identifiedRegion(
{
m_identifiedRegion_country_only(250), // TODO PIXIT
m_identifiedRegion_country_only(380)
}
),
'00'O*/ // TODO Use PIXIT
'00'O // TODO Use PIXIT
)
);
// Encode it ==> Get octetstring
......@@ -1521,14 +1581,14 @@ module LibItsPki_Functions {
m_validityPeriod(
f_getCurrentTime() / 1000,
m_duration_in_hours(120) // TODO Use PIXIT
)/*,
),
m_geographicRegion_identifiedRegion(
{
m_identifiedRegion_country_only(250), // TODO Use PIXIT
m_identifiedRegion_country_only(380) // TODO Use PIXIT
}
),
'00'O*/ // TODO Use PIXIT
'00'O // TODO Use PIXIT
)
)
);
......@@ -1751,51 +1811,10 @@ module LibItsPki_Functions {
log("f_generate_inner_at_request: v_hmac_key= ", v_hmac_key);
// Generate tag based on the concatenation of verification keys & encryption keys
if (PX_VE_ALG == e_nist_p256) {
if (p_compressed_key_mode == 0) {
v_verification_tag.ecdsaNistP256.compressed_y_0 := p_public_key_compressed;
} else {
v_verification_tag.ecdsaNistP256.compressed_y_1 := p_public_key_compressed;
}
} else if (PX_VE_ALG == e_brainpool_p256_r1) {
if (p_compressed_key_mode == 0) {
v_verification_tag.ecdsaBrainpoolP256r1.compressed_y_0 := p_public_key_compressed;
} else {
v_verification_tag.ecdsaBrainpoolP256r1.compressed_y_1 := p_public_key_compressed;
}
} else if (PX_VE_ALG == e_brainpool_p384_r1) {
if (p_compressed_key_mode == 0) {
v_verification_tag.ecdsaBrainpoolP384r1.compressed_y_0 := p_public_key_compressed;
} else {
v_verification_tag.ecdsaBrainpoolP384r1.compressed_y_1 := p_public_key_compressed;
}
} else {
log("f_generate_inner_at_request: Failed to generate HMAC tag");
if (f_generate_key_tag(p_public_key_compressed, p_compressed_key_mode, p_public_compressed_enc_key, p_compressed_enc_key_mode, v_encoded_tag) == false) {
log("f_generate_inner_at_request: Failed to generate Key tag");
return false;
}
log("f_generate_inner_at_request: v_verification_tag= ", v_verification_tag);
v_encoded_tag := bit2oct(encvalue(v_verification_tag));
if (PX_INCLUDE_ENCRYPTION_KEYS) {
v_encryption_tag.supportedSymmAlg := aes128Ccm;
if (PX_EC_ALG_FOR_AT == e_nist_p256) {
if (p_compressed_enc_key_mode == 0) {
v_encryption_tag.publicKey.eciesNistP256.compressed_y_0 := p_public_compressed_enc_key;
} else {
v_encryption_tag.publicKey.eciesNistP256.compressed_y_1 := p_public_compressed_enc_key;
}
} else if (PX_EC_ALG_FOR_AT == e_brainpool_p256_r1) {
if (p_compressed_enc_key_mode == 0) {
v_encryption_tag.publicKey.eciesBrainpoolP256r1.compressed_y_0 := p_public_compressed_enc_key;
} else {
v_encryption_tag.publicKey.eciesBrainpoolP256r1.compressed_y_1 := p_public_compressed_enc_key;
}
} else {
log("f_generate_inner_at_request: Failed to generate HMAC tag (enc)");
return false;
}
log("f_generate_inner_at_request: v_encryption_tag= ", v_encryption_tag);
v_encoded_tag := v_encoded_tag & bit2oct(encvalue(v_encryption_tag));
}
log("f_generate_inner_at_request: v_encoded_tag= ", v_encoded_tag);
v_key_tag := substr(
fx_hmac_sha256( // TODO Rename and use a wrapper function
......@@ -2112,51 +2131,10 @@ module LibItsPki_Functions {
log("f_generate_inner_at_request_with_wrong_hmac: v_hmac_key= ", v_hmac_key);
// Generate tag based on the concatenation of verification keys & encryption keys
if (PX_VE_ALG == e_nist_p256) {
if (p_compressed_key_mode == 0) {
v_verification_tag.ecdsaNistP256.compressed_y_0 := p_public_key_compressed;
} else {
v_verification_tag.ecdsaNistP256.compressed_y_1 := p_public_key_compressed;
}
} else if (PX_VE_ALG == e_brainpool_p256_r1) {
if (p_compressed_key_mode == 0) {
v_verification_tag.ecdsaBrainpoolP256r1.compressed_y_0 := p_public_key_compressed;
} else {
v_verification_tag.ecdsaBrainpoolP256r1.compressed_y_1 := p_public_key_compressed;
}
} else if (PX_VE_ALG == e_brainpool_p384_r1) {
if (p_compressed_key_mode == 0) {
v_verification_tag.ecdsaBrainpoolP384r1.compressed_y_0 := p_public_key_compressed;
} else {
v_verification_tag.ecdsaBrainpoolP384r1.compressed_y_1 := p_public_key_compressed;
}
} else {
log("f_generate_inner_at_request_with_wrong_hmac: Failed to generate HMAC tag");
if (f_generate_key_tag(p_public_key_compressed, p_compressed_key_mode, p_public_compressed_enc_key, p_compressed_enc_key_mode, v_encoded_tag) == false) {
log("f_generate_inner_at_request_with_wrong_hmac: Failed to generate Key tag");
return false;
}
log("f_generate_inner_at_request_with_wrong_hmac: v_verification_tag= ", v_verification_tag);
v_encoded_tag := bit2oct(encvalue(v_verification_tag));
if (PX_INCLUDE_ENCRYPTION_KEYS) {
v_encryption_tag.supportedSymmAlg := aes128Ccm;
if (PX_EC_ALG_FOR_AT == e_nist_p256) {
if (p_compressed_enc_key_mode == 0) {
v_encryption_tag.publicKey.eciesNistP256.compressed_y_0 := p_public_compressed_enc_key;
} else {
v_encryption_tag.publicKey.eciesNistP256.compressed_y_1 := p_public_compressed_enc_key;
}
} else if (PX_EC_ALG_FOR_AT == e_brainpool_p256_r1) {
if (p_compressed_enc_key_mode == 0) {
v_encryption_tag.publicKey.eciesBrainpoolP256r1.compressed_y_0 := p_public_compressed_enc_key;
} else {
v_encryption_tag.publicKey.eciesBrainpoolP256r1.compressed_y_1 := p_public_compressed_enc_key;
}
} else {
log("f_generate_inner_at_request_with_wrong_hmac: Failed to generate HMAC tag (enc)");
return false;
}
log("f_generate_inner_at_request_with_wrong_hmac: v_encryption_tag= ", v_encryption_tag);
v_encoded_tag := v_encoded_tag & bit2oct(encvalue(v_encryption_tag));
}
log("f_generate_inner_at_request_with_wrong_hmac: v_encoded_tag= ", v_encoded_tag);
// Modify v_hmac_key
v_key_tag := substr(
......
ttcn/Security/LibItsSecurity_Functions.ttcn
View file @ c2b587e6
......@@ -1804,7 +1804,15 @@ module LibItsSecurity_Functions {
log("f_verifyGnSecuredMessageSignature_ecdsaNistP256: v_secPayload=", v_secPayload);
// Verify payload
v_signedData := valueof(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only) & valueof(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature.sSig);
// TODO Check in standard if x-only only
if (ischosen(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only)) {
v_signedData := valueof(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only) & valueof(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature.sSig);
} else if (ischosen(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature.rSig.compressed_y_0)) {
v_signedData := valueof(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature.rSig.compressed_y_0) & valueof(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature.sSig);
} else if (ischosen(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature.rSig.compressed_y_1)) {
v_signedData := valueof(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature.rSig.compressed_y_1) & valueof(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature.sSig);
}
log("f_verifyGnSecuredMessageSignature_ecdsaNistP256: v_signedData=", v_signedData);
if (ischosen(p_publicKey.uncompressedP256)) {
v_result := f_verifyWithEcdsaNistp256WithSha256_1(
......