Newer
Older
// LibIts
import from IEEE1609dot2BaseTypes language "ASN.1:1997" all;
import from IEEE1609dot2 language "ASN.1:1997" all;
import from EtsiTs103097Module language "ASN.1:1997" all;
// LibItsSecurity
import from LibItsSecurity_EncdecDeclarations all;
import from LibItsSecurity_TypesAndValues all;
import from LibItsSecurity_Templates all;
import from LibItsSecurity_Functions all;
import from LibItsSecurity_Pixits all;
// AtsGenCert
import from ItsGenCert_TypeAndValues all;
import from ItsGenCert_Templates all;
import from ItsGenCert_Pics all;
function f_generate_signing_keys(
in certificate_params p_certificate_params,
inout certificate_details p_certificate_details
) return integer {
if (p_certificate_params.curve == e_nist_p256) {
f_generate_key_pair_nistp256(p_certificate_details.private_key, p_certificate_details.public_key_x, p_certificate_details.public_key_y);
} else if (p_certificate_params.curve == e_brainpool_p256) {
f_generate_key_pair_brainpoolp256(p_certificate_details.private_key, p_certificate_details.public_key_x, p_certificate_details.public_key_y);
} else if (p_certificate_params.curve == e_brainpool_p256) {
f_generate_key_pair_brainpoolp384(p_certificate_details.private_key, p_certificate_details.public_key_x, p_certificate_details.public_key_y);
} else {
log("f_generate_signing_keys: Unsupported curve");
return -1;
}
log("f_generate_signing_keys: p_certificate_details.certificate = ", p_certificate_details.certificate);
return 0;
} // End of function f_generate_signing_keys
function f_fill_certificate(
in certificate_params p_certificate_params,
inout certificate_details p_certificate_details
) return integer {
p_certificate_details.certificate := valueof(
m_etsiTs103097Certificate(
m_issuerIdentifier_self(p_certificate_params.hash_algorithm),
m_toBeSignedCertificate(
{ name := p_certificate_params.certificate_id },
m_verificationKeyIndicator_verificationKey(
m_publicVerificationKey_ecdsaNistP256(
m_eccP256CurvePoint_uncompressed(
p_certificate_details.public_key_x,
p_certificate_details.public_key_y
))),
p_certificate_params.validity_period,
p_certificate_params.region,
p_certificate_params.app_permissions
)));
if (not(ispresent(p_certificate_params.issuing_permissions))) { // all required
p_certificate_details.certificate.toBeSigned.certIssuePermissions := { valueof(m_psidGroupPermissions(m_subjectPermissions_all)) };
} else {
// TODO
log("f_fill_certificate: To be done");
return -1;
}
log("f_fill_certificate: p_certificate_details.certificate = ", p_certificate_details.certificate);
return 0;
} // End of function f_fill_certificate
function f_generate_certificate(
in certificate_params p_certificate_params,
inout certificate_details p_certificate_details
) return integer {
var bitstring v_enc_msg;
var octetstring v_signature;
// Encode it ==> Get octetstring
v_enc_msg := encvalue(p_certificate_details.certificate.toBeSigned);
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
if (p_certificate_params.curve == e_nist_p256) {
v_signature := f_signWithEcdsaNistp256WithSha256(bit2oct(v_enc_msg), p_certificate_details.private_key);
p_certificate_details.certificate.signature_ := valueof(
m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_signature, 0, 32)
),
substr(v_signature, 32, 32)
)
));
} else if (p_certificate_params.curve == e_brainpool_p256) {
v_signature := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_enc_msg), p_certificate_details.private_key);
p_certificate_details.certificate.signature_ := valueof(
m_signature_ecdsaBrainpoolP256r1(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_signature, 0, 32)
),
substr(v_signature, 32, 32)
)
));
} else if (p_certificate_params.curve == e_brainpool_p256) {
v_signature := f_signWithEcdsaBrainpoolp384WithSha384(bit2oct(v_enc_msg), p_certificate_details.private_key);
p_certificate_details.certificate.signature_ := valueof(m_signature_ecdsaBrainpoolP384r1(
m_ecdsaP384Signature(
m_eccP384CurvePoint_x_only(
substr(v_signature, 0, 48)
),
substr(v_signature, 48, 48)
)
));
} else {
log("f_generate_certificate: Unsupported curve");
return -1;
}
log("f_generate_certificate: p_certificate_details = ", p_certificate_details);
return 0;
} // End of function f_generate_certificate
function f_finalyse_certificate(
in certificate_params p_certificate_params,
in certificate_details_list p_certificate_details_list,
inout certificate_details p_certificate_details
) return integer {
// Set the issuer
if (p_certificate_params.certificate_id != p_certificate_params.signed_by) {
// Find the issuer in the list
var boolean v_found := false;
for (var integer v_counter := 0; v_counter < lengthof(p_certificate_details_list); v_counter := v_counter + 1) {
if (p_certificate_details_list[v_counter].certificate_id == p_certificate_params.signed_by) {
v_found := true;
p_certificate_details.issuer := p_certificate_details_list[v_counter].hashid8;
if (p_certificate_params.hash_algorithm == sha256) {
p_certificate_details.certificate.issuer.sha256AndDigest := p_certificate_details_list[v_counter].hashid8;
} else if (p_certificate_params.hash_algorithm == sha384) {
p_certificate_details.certificate.issuer.sha384AndDigest := p_certificate_details_list[v_counter].hashid8;
} else {
log("f_finalyse_certificate: Unsupported hash algorithm");
return -1;
}
break;
} // End of 'for' statement
if (v_found == false) {
log("f_finalyse_certificate: issuer not found");
return -1;
}
}
// Encode the certificate
p_certificate_details.enc_cert := bit2oct(encvalue(p_certificate_details.certificate));
// Calculate the HashedId8
if (p_certificate_params.hash_algorithm == sha256) {
p_certificate_details.hashid8 := f_HashedId8FromSha256(f_hashWithSha256(p_certificate_details.enc_cert));
} else {
p_certificate_details.hashid8 := f_HashedId8FromSha384(f_hashWithSha384(p_certificate_details.enc_cert));
}
if (p_certificate_params.certificate_id == p_certificate_params.signed_by) { // Root certificate
log("f_finalyse_certificate: Root certificate");
p_certificate_details.issuer := p_certificate_details.hashid8
}
log("f_finalyse_certificate: p_certificate_details = ", p_certificate_details);
return 0;
} // End of function f_finalyse_certificate
function f_store_certificates(
in certificate_details_list p_certificate_details_list
) return integer {
fx_loadCertificates(PX_CERTIFICATE_POOL_PATH, PX_IUT_SEC_CONFIG_NAME);
for (var integer v_counter := 0; v_counter < lengthof(p_certificate_details_list); v_counter := v_counter + 1) {
fx_store_certificate(
p_certificate_details_list[v_counter].certificate_id,
p_certificate_details_list[v_counter].enc_cert,
p_certificate_details_list[v_counter].private_key,
p_certificate_details_list[v_counter].public_key_x,
p_certificate_details_list[v_counter].public_key_y,
p_certificate_details_list[v_counter].hashid8,
p_certificate_details_list[v_counter].issuer);
} // End of 'for' statement
return 0;
} // End of function f_store_certificates
} // End of module ItsGenCert_Functions