Skip to content
Normal view Permalink
ItsGenCert_Functions.ttcn 10.8 KiB
Newer Older
garciay's avatar
STF538: Start Encryption TPs implementation
garciay committed
1 2 3 4 5 6 7 8 
module ItsGenCert_Functions {
    
    // LibIts
    import from IEEE1609dot2BaseTypes language "ASN.1:1997" all;
    import from IEEE1609dot2 language "ASN.1:1997" all;
    import from EtsiTs103097Module language "ASN.1:1997" all;
    
    // LibItsSecurity
garciay's avatar
STF538: Certificate generation script  
garciay committed
9 10 
    import from LibItsSecurity_EncdecDeclarations all;
    import from LibItsSecurity_TypesAndValues all;
garciay's avatar
STF538: Start Encryption TPs implementation
garciay committed
11 
    import from LibItsSecurity_Templates all;
garciay's avatar
STF538: Certificate generation script  
garciay committed
12 13 
    import from LibItsSecurity_Functions all;
    import from LibItsSecurity_Pixits all;
garciay's avatar
STF538: Start Encryption TPs implementation
garciay committed
14 15 16 17 18 19 
    
    // AtsGenCert
    import from ItsGenCert_TypeAndValues all;
    import from ItsGenCert_Templates all;
    import from ItsGenCert_Pics all;
garciay's avatar
STF538: Certificate generation script  
garciay committed
20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 
    function f_generate_signing_keys(
                                     in certificate_params p_certificate_params,
                                     inout certificate_details p_certificate_details
    ) return integer {
        
        if (p_certificate_params.curve == e_nist_p256) {
            f_generate_key_pair_nistp256(p_certificate_details.private_key, p_certificate_details.public_key_x, p_certificate_details.public_key_y);
        } else if (p_certificate_params.curve == e_brainpool_p256) {
            f_generate_key_pair_brainpoolp256(p_certificate_details.private_key, p_certificate_details.public_key_x, p_certificate_details.public_key_y);
        } else if (p_certificate_params.curve == e_brainpool_p256) {
            f_generate_key_pair_brainpoolp384(p_certificate_details.private_key, p_certificate_details.public_key_x, p_certificate_details.public_key_y);
        } else {
            log("f_generate_signing_keys: Unsupported curve");
            return -1;
        }
        
        log("f_generate_signing_keys: p_certificate_details.certificate = ", p_certificate_details.certificate);
        
        return 0;
    } // End of function f_generate_signing_keys
garciay's avatar
STF538: Start Encryption TPs implementation
garciay committed
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 
    function f_fill_certificate(
                                in certificate_params p_certificate_params,
                                inout certificate_details p_certificate_details
    ) return integer {
        p_certificate_details.certificate := valueof(
                                                 m_etsiTs103097Certificate(
                                                     m_issuerIdentifier_self(p_certificate_params.hash_algorithm),
                                                     m_toBeSignedCertificate(
                                                         { name := p_certificate_params.certificate_id },
                                                         m_verificationKeyIndicator_verificationKey(
                                                             m_publicVerificationKey_ecdsaNistP256(
                                                                 m_eccP256CurvePoint_uncompressed(
                                                                     p_certificate_details.public_key_x,
                                                                     p_certificate_details.public_key_y
                                                         ))),
                                                         p_certificate_params.validity_period,
                                                         p_certificate_params.region,
                                                         p_certificate_params.app_permissions
                                                 )));
        if (not(ispresent(p_certificate_params.issuing_permissions))) { // all required
            p_certificate_details.certificate.toBeSigned.certIssuePermissions := { valueof(m_psidGroupPermissions(m_subjectPermissions_all)) };
        } else {
            // TODO
garciay's avatar
STF538: Certificate generation script  
garciay committed
64 65 
            log("f_fill_certificate: To be done");
            return -1;
garciay's avatar
STF538: Start Encryption TPs implementation
garciay committed
66 67 
        }
garciay's avatar
STF538: Certificate generation script  
garciay committed
68 
        log("f_fill_certificate: p_certificate_details.certificate = ", p_certificate_details.certificate);
garciay's avatar
STF538: Start Encryption TPs implementation
garciay committed
69 70 71 72 
        
        return 0;
    } // End of function f_fill_certificate
garciay's avatar
STF538: Certificate generation script  
garciay committed
73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 
    function f_generate_certificate(
                                    in certificate_params p_certificate_params,
                                    inout certificate_details p_certificate_details
    ) return integer {
        var bitstring v_enc_msg;
        var octetstring v_signature;
        
        // Encode it ==> Get octetstring
        v_enc_msg := encvalue(p_certificate_details.certificate.toBeSigned);
        
        // Sign the certificate using ECDSA/SHA-256 (NIST p-256)
        if (p_certificate_params.curve == e_nist_p256) {
            v_signature := f_signWithEcdsaNistp256WithSha256(bit2oct(v_enc_msg), p_certificate_details.private_key);
            p_certificate_details.certificate.signature_ := valueof(
                                                                    m_signature_ecdsaNistP256(
                                                                                              m_ecdsaP256Signature(
                                                                                                                   m_eccP256CurvePoint_x_only(
                                                                                                                                              substr(v_signature, 0, 32)
                                                                                                                                              ),
                                                                                                                   substr(v_signature, 32, 32)
                                                                                                                   )
                                                                                              ));
        } else if (p_certificate_params.curve == e_brainpool_p256) {
            v_signature := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_enc_msg), p_certificate_details.private_key);
            p_certificate_details.certificate.signature_ := valueof(
                                                                    m_signature_ecdsaBrainpoolP256r1(
                                                                                                     m_ecdsaP256Signature(
                                                                                                                          m_eccP256CurvePoint_x_only(
                                                                                                                                                     substr(v_signature, 0, 32)
                                                                                                                                                     ),
                                                                                                                          substr(v_signature, 32, 32)
                                                                                                                          )
                                                                                                     ));
        } else if (p_certificate_params.curve == e_brainpool_p256) {
            v_signature := f_signWithEcdsaBrainpoolp384WithSha384(bit2oct(v_enc_msg), p_certificate_details.private_key);
            p_certificate_details.certificate.signature_ := valueof(m_signature_ecdsaBrainpoolP384r1(
                                                                                                     m_ecdsaP384Signature(
                                                                                                                          m_eccP384CurvePoint_x_only(
                                                                                                                                                     substr(v_signature, 0, 48)
                                                                                                                                                     ),
                                                                                                                          substr(v_signature, 48, 48)
                                                                                                                          )
                                                                                                     ));
        } else {
            log("f_generate_certificate: Unsupported curve");
            return -1;
        }
        
        log("f_generate_certificate: p_certificate_details = ", p_certificate_details);
        
        return 0;
    } // End of function f_generate_certificate
garciay's avatar
STF538: Start Encryption TPs implementation
garciay committed
126 127 
    function f_finalyse_certificate(
                                    in certificate_params p_certificate_params,
garciay's avatar
STF538: Certificate generation script  
garciay committed
128 
                                    in certificate_details_list p_certificate_details_list,
garciay's avatar
STF538: Start Encryption TPs implementation
garciay committed
129 130 
                                    inout certificate_details p_certificate_details
    ) return integer {
garciay's avatar
STF538: Certificate generation script  
garciay committed
131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 
        // Set the issuer
        if (p_certificate_params.certificate_id == p_certificate_params.signed_by) { // Root certificate
             // Nothing to do, isuuer is already set to self
        } else { // Other certificate
            // Find the issuer in the list
            var integer v_counter;
            for (v_counter := 0; v_counter < lengthof(p_certificate_details_list); v_counter := v_counter + 1) {
                if (p_certificate_details_list[v_counter].certificate_id == p_certificate_params.signed_by) {
                    p_certificate_details.issuer := p_certificate_details_list[v_counter].hashid8;
                    if (p_certificate_params.hash_algorithm == sha256) {
                        p_certificate_details.certificate.issuer.sha256AndDigest := p_certificate_details_list[v_counter].hashid8;
                    } else if (p_certificate_params.hash_algorithm == sha384) {
                        p_certificate_details.certificate.issuer.sha384AndDigest := p_certificate_details_list[v_counter].hashid8;
                    } else {
                        log("f_finalyse_certificate: Unsupported hash algorithm");
                        return -1;
                    }
                }
            } // End of 'for' statement
            if (v_counter == lengthof(p_certificate_details_list)) {
                log("f_finalyse_certificate: issuer not found");
                return -1;
            }
        }
        // Encode the certificate
        p_certificate_details.enc_cert := bit2oct(encvalue(p_certificate_details.certificate));
        // Calculate the HashedId8
        if (p_certificate_params.hash_algorithm == sha256) {
            p_certificate_details.hashid8 := f_HashedId8FromSha256(f_hashWithSha256(p_certificate_details.enc_cert));
        } else {
            p_certificate_details.hashid8 := f_HashedId8FromSha384(f_hashWithSha384(p_certificate_details.enc_cert));
        }
                
        log("f_finalyse_certificate: p_certificate_details = ", p_certificate_details);
        
        return 0;
garciay's avatar
STF538: Start Encryption TPs implementation
garciay committed
167 168 169 
    } // End of function f_finalyse_certificate
    
} // End of module ItsGenCert_Functions