Newer
Older
5001
5002
5003
5004
5005
5006
5007
5008
5009
5010
5011
5012
5013
5014
5015
5016
5017
5018
5019
5020
5021
5022
5023
5024
5025
5026
5027
5028
5029
5030
5031
5032
5033
5034
5035
5036
5037
5038
5039
5040
5041
5042
5043
5044
5045
5046
5047
5048
5049
5050
5051
5052
5053
5054
var EtsiTs102941Data v_etsi_ts_102941_data;
log(">>> f_verify_tlm_ectl_response_message: p_etsi_ts_103097_signed_data= ", p_etsi_ts_103097_signed_data);
// 1. Verify signature
log("f_verify_tlm_ectl_response_message: p_etsi_ts_103097_signed_data.content.signedData.tbsData= ", p_etsi_ts_103097_signed_data.content.signedData.tbsData);
v_tbs := encvalue(p_etsi_ts_103097_signed_data.content.signedData.tbsData);
if (ischosen(p_etsi_ts_103097_signed_data.content.signedData.signer.certificate)) {
v_certificate := p_etsi_ts_103097_signed_data.content.signedData.signer.certificate[0];
} else {
var charstring v_certificate_id;
if (f_getCertificateFromDigest(p_etsi_ts_103097_signed_data.content.signedData.signer.digest, v_certificate, v_certificate_id) == false) {
log("f_verify_tlm_ectl_response_message: Failed to retrieve certificate from digest ", p_etsi_ts_103097_signed_data.content.signedData.signer.digest);
if (p_check_security == true) {
return false;
}
}
}
if (ischosen(p_etsi_ts_103097_signed_data.content.signedData.signature_.ecdsaBrainpoolP384r1Signature)) {
v_result := f_verifyEcdsa(bit2oct(v_tbs), int2oct(0, 48), p_etsi_ts_103097_signed_data.content.signedData.signature_, v_certificate.toBeSigned.verifyKeyIndicator.verificationKey);
} else {
v_result := f_verifyEcdsa(bit2oct(v_tbs), int2oct(0, 32), p_etsi_ts_103097_signed_data.content.signedData.signature_, v_certificate.toBeSigned.verifyKeyIndicator.verificationKey);
}
if (v_result == false) {
log("f_verify_tlm_ectl_response_message: Failed to verify signature");
if (p_check_security == true) {
return false;
}
}
v_etsi_ts_102941_data_msg := oct2bit(p_etsi_ts_103097_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData);
if (decvalue(v_etsi_ts_102941_data_msg, v_etsi_ts_102941_data) != 0) {
log("f_verify_tlm_ectl_response_message: Failed to decode EtsiTs102941Data");
return false;
} else {
log("f_verify_tlm_ectl_response_message: v_etsi_ts_102941_data= ", v_etsi_ts_102941_data);
log("f_verify_pki_response_message: TlmCertificateTrustListMessage matching= ", match(v_etsi_ts_102941_data, mw_etsiTs102941Data_to_be_signed_tlm_ctl));
if (match(v_etsi_ts_102941_data, mw_etsiTs102941Data_to_be_signed_tlm_ctl) == false) {
log("f_verify_tlm_ectl_response_message: Failed to decode certificateTrustListTlm");
return false;
} else {
var Time32 v_time := (f_getCurrentTime()/* - 1072915200000*/) / 1000;
p_to_be_signed_tlm_ectl := v_etsi_ts_102941_data.content.certificateTrustListTlm;
log("f_verify_tlm_ectl_response_message: p_to_be_signed_tlm_ectl= ", p_to_be_signed_tlm_ectl);
if (p_to_be_signed_tlm_ectl.nextUpdate <= v_time) {
log("f_verify_tlm_ectl_response_message: Invalid nextUpdate value: compared values=", p_to_be_signed_tlm_ectl.nextUpdate, "/", v_time);
return false;
}
// TODO Verify RCA certificate & signature
}
}
return true;
}
YannGarcia
committed
5055
5056
5057
5058
5059
5060
5061
5062
5063
5064
5065
5066
5067
5068
5069
5070
5071
5072
5073
5074
5075
5076
5077
5078
5079
5080
5081
5082
5083
5084
5085
5086
5087
5088
5089
5090
5091
5092
5093
5094
5095
5096
5097
5098
5099
5100
5101
5102
5103
5104
5105
5106
function f_verify_broadcasted_delta_ctl(
in GeoNetworkingPdu p_geonetworking_pdu,
in boolean p_check_security := true
) return boolean {
var EtsiTs103097Data v_secured_msg;
var bitstring v_etsi_ts_102941_data_msg;
var bitstring v_tbs;
var Certificate v_certificate;
var boolean v_result;
var EtsiTs102941Data v_etsi_ts_102941_data;
log(">>> f_verify_broadcasted_delta_ctl: p_geonetworking_pdu= ", p_geonetworking_pdu);
if (not(ispresent(p_geonetworking_pdu.gnPacket.securedMsg))) {
return false;
}
v_secured_msg := p_geonetworking_pdu.gnPacket.securedMsg;
// 1. Verify signature
log("f_verify_broadcasted_delta_ctl: v_secured_msg= ", v_secured_msg);
v_tbs := encvalue(v_secured_msg.content.signedData.tbsData);
if (ischosen(v_secured_msg.content.signedData.signer.certificate)) {
v_certificate := v_secured_msg.content.signedData.signer.certificate[0];
} else {
var charstring v_certificate_id;
if (f_getCertificateFromDigest(v_secured_msg.content.signedData.signer.digest, v_certificate, v_certificate_id) == false) {
log("f_verify_broadcasted_delta_ctl: Failed to retrieve certificate from digest ", v_secured_msg.content.signedData.signer.digest);
if (p_check_security == true) {
return false;
}
}
}
if (ischosen(v_secured_msg.content.signedData.signature_.ecdsaBrainpoolP384r1Signature)) {
v_result := f_verifyEcdsa(bit2oct(v_tbs), int2oct(0, 48), v_secured_msg.content.signedData.signature_, v_certificate.toBeSigned.verifyKeyIndicator.verificationKey);
} else {
v_result := f_verifyEcdsa(bit2oct(v_tbs), int2oct(0, 32), v_secured_msg.content.signedData.signature_, v_certificate.toBeSigned.verifyKeyIndicator.verificationKey);
}
if (v_result == false) {
log("f_verify_broadcasted_delta_ctl: Failed to verify signature");
if (p_check_security == true) {
return false;
}
}
v_etsi_ts_102941_data_msg := oct2bit(v_secured_msg.content.signedData.tbsData.payload.data.content.unsecuredData);
if (decvalue(v_etsi_ts_102941_data_msg, v_etsi_ts_102941_data) != 0) {
log("f_verify_broadcasted_delta_ctl: Failed to decode EtsiTs102941Data");
return false;
} else {
log("f_verify_broadcasted_delta_ctl: v_etsi_ts_102941_data= ", v_etsi_ts_102941_data);
// TODO
}
YannGarcia
committed
5108
5109
5110
5111
5112
5113
5114
5115
5116
5117
5118
5119
5120
5121
5122
5123
5124
5125
5126
5127
5128
5129
5130
5131
5132
5133
5134
5135
5136
5137
5138
5139
5140
5141
5142
5143
5144
5145
5146
5147
5148
5149
5150
5151
5152
5153
5154
5155
5156
return true;
} // End of function f_verify_broadcasted_delta_ctl
function f_verify_and_extract_payload(
in GeoNetworkingPdu p_geonetworking_pdu,
in boolean p_check_security := true,
out octetstring p_payload
) return boolean {
var EtsiTs103097Data v_secured_msg;
var bitstring v_tbs;
var Certificate v_certificate;
var boolean v_result;
var EtsiTs102941Data v_etsi_ts_102941_data;
log(">>> f_verify_and_extract_payload: p_geonetworking_pdu= ", p_geonetworking_pdu);
if (not(ispresent(p_geonetworking_pdu.gnPacket.securedMsg))) {
return false;
}
v_secured_msg := p_geonetworking_pdu.gnPacket.securedMsg;
// 1. Verify signature
log("f_verify_and_extract_payload: v_secured_msg= ", v_secured_msg);
v_tbs := encvalue(v_secured_msg.content.signedData.tbsData);
if (ischosen(v_secured_msg.content.signedData.signer.certificate)) {
v_certificate := v_secured_msg.content.signedData.signer.certificate[0];
} else {
var charstring v_certificate_id;
if (f_getCertificateFromDigest(v_secured_msg.content.signedData.signer.digest, v_certificate, v_certificate_id) == false) {
log("f_verify_and_extract_payload: Failed to retrieve certificate from digest ", v_secured_msg.content.signedData.signer.digest);
if (p_check_security == true) {
return false;
}
}
}
if (ischosen(v_secured_msg.content.signedData.signature_.ecdsaBrainpoolP384r1Signature)) {
v_result := f_verifyEcdsa(bit2oct(v_tbs), int2oct(0, 48), v_secured_msg.content.signedData.signature_, v_certificate.toBeSigned.verifyKeyIndicator.verificationKey);
} else {
v_result := f_verifyEcdsa(bit2oct(v_tbs), int2oct(0, 32), v_secured_msg.content.signedData.signature_, v_certificate.toBeSigned.verifyKeyIndicator.verificationKey);
}
if (v_result == false) {
log("f_verify_and_extract_payload: Failed to verify signature");
if (p_check_security == true) {
return false;
}
}
log("f_verify_and_extract_payload: v_etsi_ts_102941_data= ", v_secured_msg.content.signedData.tbsData.payload.data.content.unsecuredData);
// TODO
YannGarcia
committed
return true;
} // End of function f_verify_and_extract_payload
} // End of group tlm
group awaiting_messages {
function f_await_http_inner_ec_request_response(
out octetstring p_private_key_ec,
out octetstring p_compressed_public_key,
in boolean p_strict_checks := true,
in boolean p_store_ec_certificate := false
) runs on ItsPkiHttp return boolean {
var Headers v_headers;
var Oct32 v_request_hash;
var Oct16 v_encrypted_sym_key;
var Oct16 v_aes_sym_key;
var HashedId8 v_aes_sym_key_hashed_id8;
var Oct16 v_authentication_vector;
var Oct12 v_nonce;
var octetstring v_salt;
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var EtsiTs102941Data v_etsi_ts_102941_data;
var HttpMessage v_response;
log(">>> f_await_http_inner_ec_request_response: p_strict_checks=", p_strict_checks);
f_http_build_inner_ec_request(p_private_key_ec, p_compressed_public_key, p_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
5189
5190
5191
5192
5193
5194
5195
5196
5197
5198
5199
5200
5201
5202
5203
5204
5205
5206
5207
5208
5209
5210
v_aes_sym_key_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to macth the response
f_init_default_headers_list(-, "inner_ec_request", v_headers);
f_http_send(
v_headers,
m_http_request(
m_http_request_post(
PICS_HTTP_POST_URI_EC,
v_headers,
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(
v_ieee1609dot2_signed_and_encrypted_data
)))));
tc_ac.start;
alt {
[] a_await_ec_http_request_from_iut(
mw_http_response(
mw_http_response_ok(
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentResponseMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
mw_symmetricCiphertext_aes128ccm
if (f_verify_pki_response_message(p_private_key_ec, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, p_strict_checks, -, v_etsi_ts_102941_data) == false) {
log("f_await_http_inner_ec_request_response: Failed to verify PKI message ***");
if (p_strict_checks) {
return false;
}
}
log("f_await_http_inner_ec_request_response: Receive ", v_etsi_ts_102941_data, " ***");
// Verify the received EC certificate
log("f_await_http_inner_ec_request_response: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(?/*FIXME YANN Blackberry substr(v_request_hash, 0, 16)*/, mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec)))) == false) {
log("f_await_http_inner_ec_request_response: Unexpected message received ***");
if (p_strict_checks) {
return false;
}
}
if (ischosen(v_etsi_ts_102941_data.content.enrolmentResponse) and ispresent(v_etsi_ts_102941_data.content.enrolmentResponse.certificate)) {
if (f_verify_ec_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, vc_eaCertificate, vc_eaHashedId8, p_compressed_public_key, p_compressed_mode, p_ec_cert_hashed_id8) == false) {
log("f_await_http_inner_ec_request_response: Cannot verify EC certificate signature ***");
if (p_strict_checks) {
return false;
}
}
vc_ec_hashed_id8[vc_ec_keys_counter - 1] := p_ec_cert_hashed_id8;
p_inner_ec_response := v_etsi_ts_102941_data.content.enrolmentResponse;
log("f_await_http_inner_ec_request_response: Well-secured EA certificate received ***");
5242
5243
5244
5245
5246
5247
5248
5249
5250
5251
5252
5253
5254
5255
5256
5257
5258
5259
5260
5261
5262
5263
5264
5265
5266
5267
5268
5269
5270
5271
5272
5273
5274
5275
5276
5277
5278
5279
5280
5281
5282
5283
5284
5285
5286
5287
5288
5289
5290
5291
5292
5293
5294
5295
5296
5297
5298
5299
5300
5301
5302
5303
5304
5305
5306
5307
5308
5309
5310
5311
5312
5313
5314
5315
5316
5317
5318
5319
5320
5321
5322
5323
5324
5325
5326
5327
5328
5329
5330
5331
5332
5333
5334
5335
5336
5337
5338
5339
5340
5341
5342
5343
5344
log("f_await_http_inner_ec_request_response: p_inner_ec_response= ", p_inner_ec_response);
if (p_store_ec_certificate) {
f_store_certificate(p_private_key_ec, p_inner_ec_response.certificate, p_ec_cert_hashed_id8);
// var integer v_signing_algorithm;
// var octetstring v_public_key_x;
// var octetstring v_public_key_y;
// var octetstring v_public_key_compressed;
// var integer v_verify_compressed_mode;
// if (ischosen(p_inner_ec_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256)) {
// v_signing_algorithm := 0; // nist_p_256
// if (ischosen(p_inner_ec_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0)) {
// v_public_key_compressed := p_inner_ec_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0;
// v_verify_compressed_mode := 0;
// } else if (ischosen(p_inner_ec_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_1)) {
// v_public_key_compressed := p_inner_ec_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_1;
// v_verify_compressed_mode := 1;
// } else { // TODO
// }
// v_public_key_x := v_public_key_compressed; // Key X-Coordinate
// fx_get_uncompressed_key_nistp256(p_private_key_ec, v_public_key_compressed, v_verify_compressed_mode, v_public_key_y); // Key Y-Coordinate
// } else if (ischosen(p_inner_ec_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP256r1)) {
// v_signing_algorithm := 2; // brainpool_p_256_r1
// if (ischosen(p_inner_ec_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP256r1.compressed_y_0)) {
// v_public_key_compressed := p_inner_ec_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP256r1.compressed_y_0;
// v_verify_compressed_mode := 0;
// } else if (ischosen(p_inner_ec_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP256r1.compressed_y_1)) {
// v_public_key_compressed := p_inner_ec_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP256r1.compressed_y_1;
// v_verify_compressed_mode := 1;
// } else { // TODO
// }
// v_public_key_x := v_public_key_compressed; // Key X-Coordinate
// fx_get_uncompressed_key_brainpoolp256r1(p_private_key_ec, v_public_key_compressed, v_verify_compressed_mode, v_public_key_y); // Key Y-Coordinate
// } else if (ischosen(p_inner_ec_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1)) {
// v_signing_algorithm := 3; // brainpool_p_384_r1
// if (ischosen(p_inner_ec_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1.compressed_y_0)) {
// v_public_key_compressed := p_inner_ec_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1.compressed_y_0;
// v_verify_compressed_mode := 0;
// } else if (ischosen(p_inner_ec_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1.compressed_y_1)) {
// v_public_key_compressed := p_inner_ec_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1.compressed_y_1;
// v_verify_compressed_mode := 1;
// } else { // TODO
// }
// v_public_key_x := v_public_key_compressed; // Key X-Coordinate
// fx_get_uncompressed_key_brainpoolp384r1(p_private_key_ec, v_public_key_compressed, v_verify_compressed_mode, v_public_key_y); // Key Y-Coordinate
// } else if (ischosen(p_inner_ec_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP384)) {
// v_signing_algorithm := 1; // nist_p_384
// if (ischosen(p_inner_ec_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP384.compressed_y_0)) {
// v_public_key_compressed := p_inner_ec_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP384.compressed_y_0;
// v_verify_compressed_mode := 0;
// } else if (ischosen(p_inner_ec_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP384.compressed_y_1)) {
// v_public_key_compressed := p_inner_ec_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP384.compressed_y_1;
// v_verify_compressed_mode := 1;
// } else { // TODO
// }
// v_public_key_x := v_public_key_compressed; // Key X-Coordinate
// fx_get_uncompressed_key_brainpoolp384r1(p_private_key_ec, v_public_key_compressed, v_verify_compressed_mode, v_public_key_y); // Key Y-Coordinate
// } else if (ischosen(p_inner_ec_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecsigSm2)) {
// v_signing_algorithm := 4; // sm2_p_256
// if (ischosen(p_inner_ec_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecsigSm2.compressed_y_0)) {
// v_public_key_compressed := p_inner_ec_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecsigSm2.compressed_y_0;
// v_verify_compressed_mode := 0;
// } else if (ischosen(p_inner_ec_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecsigSm2.compressed_y_1)) {
// v_public_key_compressed := p_inner_ec_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecsigSm2.compressed_y_1;
// v_verify_compressed_mode := 1;
// } else { // TODO
// }
// v_public_key_x := v_public_key_compressed; // Key X-Coordinate
// fx_get_uncompressed_key_brainpoolp384r1(p_private_key_ec, v_public_key_compressed, v_verify_compressed_mode, v_public_key_y); // Key Y-Coordinate
// } else {
// log("*** " & testcasename() & ": INCONC: Wrong certificate format, invalid verification key, back to initial");
// f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
// stop;
// }
// log("f_await_http_inner_ec_request_response: : v_signing_algorithm =", v_signing_algorithm);
// log("f_await_http_inner_ec_request_response: : v_public_key_x =", v_public_key_x);
// log("f_await_http_inner_ec_request_response: : v_public_key_y =", v_public_key_y);
// log("f_await_http_inner_ec_request_response: : v_public_key_compressed =", v_public_key_compressed);
// log("f_await_http_inner_ec_request_response: : v_verify_compressed_mode=", v_verify_compressed_mode);
// var octetstring v_encoded_cert := bit2oct(encvalue(p_inner_ec_response.certificate));
// var Oct32 v_ec_cert_hash_256 := f_hashWithSha256(v_encoded_cert);
// var HashedId8 v_issuer;
// if ((v_signing_algorithm == 1) or (v_signing_algorithm == 3)) {
// v_issuer := p_inner_ec_response.certificate.issuer.sha384AndDigest;
// } else if (v_signing_algorithm == 4) {
// v_issuer := p_inner_ec_response.certificate.issuer.sm3AndDigest;
// } else {
// v_issuer := p_inner_ec_response.certificate.issuer.sha256AndDigest;
// }
// if (fx_store_certificate(
// v_signing_algorithm,
// oct2char(unichar2oct(p_inner_ec_response.certificate.toBeSigned.id.name)),
// v_encoded_cert,
// p_private_key_ec,
// v_public_key_x, v_public_key_y,
// v_public_key_compressed, v_verify_compressed_mode, v_ec_cert_hash_256, p_ec_cert_hashed_id8, p_ec_cert_hashed_id8, v_issuer,
// omit, omit, omit, omit, omit // Ignore encryption keys
// ) == false) {
// log("f_await_http_inner_ec_request_response: Failed to store certificate: ", p_inner_ec_response.certificate);
// return false;
// }
}
} else {
log("f_await_http_inner_ec_request_response: Invalid message received ***");
return false;
}
}
[] tc_ac.timeout {
log("f_await_http_inner_ec_request_response: Expected message not received ***");
}
} // End of 'alt' statement
return true;
} // End of function f_await_http_inner_ec_request_response
group PredefinedRequests {
template (present) HttpMessage mw_http_ec_request_generic (
template (present) Ieee1609Dot2Data p_ieee1609dot2_data := mw_enrolmentRequestMessage(mw_encryptedData())
) :=
mw_http_request(
mw_http_request_post(
PICS_HTTP_POST_URI_EC,
-,
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data( p_ieee1609dot2_data)
)));
out InnerEcRequest p_inner_ec_request,
YannGarcia
committed
out InnerEcResponse p_inner_ec_response,
out HttpMessage p_request,
in EnrolmentResponseCode p_response_code := ok,
in template (omit) CertificateSubjectAttributes p_attributes := omit
) runs on ItsPkiHttp return boolean {
var boolean v_result := false;
var HttpMessage v_wrong_request;
var Headers v_headers;
f_init_default_headers_list(-, "inner_ec_response", v_headers);
[] a_await_ec_http_request_from_iut(mw_http_ec_request_generic, p_request) {
var Ieee1609Dot2Data v_decrypted_message;
var EtsiTs102941Data v_etsi_ts_102941_data;
var template (value) HttpMessage v_response;
if(f_read_ec_request_from_iut_itss( p_request.request.body.binary_body.ieee1609dot2_data,
v_request_hash, v_aes_enc_key,
v_decrypted_message,
v_etsi_ts_102941_data,
p_inner_ec_request
)){
var EtsiTs103097Certificate v_ec_certificate;
var HashedId8 v_ec_certificate_hashed_id8;
var Ieee1609Dot2Data v_response_message;
log(">>>>>> f_await_ec_request_send_response v_inner_ec_request=", p_inner_ec_request);
if(ispresent(p_attributes)){
if(isvalue(p_attributes.id)){
p_inner_ec_request.requestedSubjectAttributes.id := valueof(p_attributes.id);
}
p_inner_ec_request.requestedSubjectAttributes.validityPeriod := valueof(p_attributes.validityPeriod);
}
p_inner_ec_request.requestedSubjectAttributes.region := valueof(p_attributes.region);
}
p_inner_ec_request.requestedSubjectAttributes.assuranceLevel := valueof(p_attributes.assuranceLevel);
}
p_inner_ec_request.requestedSubjectAttributes.appPermissions := valueof(p_attributes.appPermissions);
}
if(isvalue(p_attributes.certIssuePermissions)){
p_inner_ec_request.requestedSubjectAttributes.certIssuePermissions := valueof(p_attributes.certIssuePermissions);
}
f_http_build_inner_ec_response(p_inner_ec_request, p_response_code, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key,
v_ec_certificate, v_ec_certificate_hashed_id8, p_inner_ec_response, v_response_message);
v_response := m_http_response(
m_http_response_ok(
m_http_message_body_binary(
m_binary_body_ieee1609dot2_data(v_response_message)
), v_headers));
} else {
v_response := m_http_response(m_http_response_500_internal_error(v_headers));
}
f_http_send(v_headers, v_response);
v_result := true;
[] a_await_ec_http_request_from_iut( mw_http_request(), v_wrong_request) {
log(">>>>>> f_await_ec_request_send_response: Wrong message received ", v_wrong_request);
log(" ", match(v_wrong_request, mw_http_request()));
f_http_send(v_headers, m_http_response(m_http_response_500_internal_error(v_headers)));
repeat;
}
[] tc_ac.timeout {
log("f_await_ec_request_send_response: Expected message not received ***");
}
} // End of 'alt' statement
return v_result;
} // End of function f_await_ec_request_send_response
function f_await_ec_request_send_no_response(
) runs on ItsPkiHttp {
log(">>> f_await_ec_request_send_no_response");
tc_ac.start;
alt {
[] a_await_ec_http_request_from_iut(mw_http_ec_request_generic, p_request) {
log("f_await_ec_request_send_no_response: Restart HTT connection ***");
f_http_restart("inner_ec_request");
}
[] tc_ac.timeout {
log("f_await_ec_request_send_no_response: Expected message not received ***");
}
} // End of 'alt' statement
} // End of function f_await_ec_request_send_no_response
YannGarcia
committed
function f_await_ec_request_send_error_response(
out HttpMessage p_request
) runs on ItsPkiHttp {
var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
var boolean v_result := false;
YannGarcia
committed
log(">>> f_await_ec_request_send_error_response");
YannGarcia
committed
tc_ac.start;
alt {
[] a_await_ec_http_request_from_iut(
mw_http_request(
mw_http_request_post(
PICS_HTTP_POST_URI_EC,
-,
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentRequestMessage(
mw_encryptedData(
-,
mw_symmetricCiphertext_aes128ccm
YannGarcia
committed
)))))),
p_request
) {
var template (value) HttpMessage v_response;
var Headers v_headers;
YannGarcia
committed
tc_ac.stop;
YannGarcia
committed
f_init_default_headers_list(-, "inner_ec_response", v_headers);
log("f_await_ec_request_send_error_response: Failed to verify PKI message ***");
// Send error message
v_response := m_http_response(m_http_response_ko(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), v_headers, 400, "Bad request")); // Initialize v_reponse with an error message
f_http_send(v_headers, v_response);
}
[] tc_ac.timeout {
log("f_await_ec_request_send_error_response: Expected message not received ***");
}
} // End of 'alt' statement
} // End of function f_await_ec_request_send_error_response
/**
* @desc Build a signed and encrypted PKI request message
* @param p_private_key Private key for signature
* @param p_signer_identifier Signer identifier for signature, could be self or certificate HashedId8
* @param p_recipientId Recipient identifier to be inclued in encrypted layer.
* If value is int2oct(0. 8), the recipient id is the HashedId8 of the symmetric key used by the sender to encrypt the message to which the response is built
* @param p_public_key_compressed The public compressed key (canonical form) for encryption
* @param p_compressed_mode The compressed mode of the public compressed key (canonical form) for encryption
* @param p_pki_message The PKI message to be secured
* @param p_ieee1609dot2_signed_and_encrypted_data The secured message
* @return true on success, false otherwise
*/
function f_build_pki_secured_request_message_signed_with_pop(
in octetstring p_private_key,
in SignerIdentifier p_signer_identifier,
in HashedId8 p_recipientId,
in octetstring p_public_key_compressed,
in integer p_compressed_mode,
in octetstring p_salt,
in octetstring p_pki_message,
in SignAlgorithm p_enc_algorithm, // TODO Use RCA to check encryption alg
5544
5545
5546
5547
5548
5549
5550
5551
5552
5553
5554
5555
5556
5557
5558
5559
5560
5561
5562
5563
5564
5565
5566
5567
5568
5569
5570
5571
5572
5573
5574
in boolean p_alter_signature := false,
out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data,
out Oct16 p_aes_sym_key,
out Oct16 p_encrypted_sym_key,
out Oct16 p_authentication_vector,
out Oct12 p_nonce,
out Oct32 p_request_hash
) return boolean {
// Local variables
var template (value) EccP256CurvePoint v_eccP256_curve_point;
var template (value) ToBeSignedData v_tbs;
var octetstring v_tbs_signed;
var Signature v_signature;
var template (value) Ieee1609Dot2Data v_ieee1609dot2_signed_data;
var octetstring v_encoded_request;
var HashedId8 v_recipientId;
var octetstring v_public_compressed_ephemeral_key;
var integer v_public_compressed_ephemeral_mode;
var octetstring v_encrypted_request;
var EncryptedDataEncryptionKey v_encrypted_data_encryption_key;
var bitstring v_enc_value;
log(">>> f_build_pki_secured_request_message_signed_with_pop: p_private_key= ", p_private_key);
log(">>> f_build_pki_secured_request_message_signed_with_pop: p_signer_identifier= ", p_signer_identifier);
log(">>> f_build_pki_secured_request_message_signed_with_pop: p_recipientId= ", p_recipientId);
log(">>> f_build_pki_secured_request_message_signed_with_pop: p_public_key_compressed= ", p_public_key_compressed);
log(">>> f_build_pki_secured_request_message_signed_with_pop: p_compressed_mode= ", p_compressed_mode);
log(">>> f_build_pki_secured_request_message_signed_with_pop: p_salt= ", p_salt);
log(">>> f_build_pki_secured_request_message_signed_with_pop: p_pki_message= ", p_pki_message);
log(">>> f_build_pki_secured_request_message_signed_with_pop: p_enc_algorithm= ", p_enc_algorithm);
log(">>> f_build_pki_secured_request_message_signed_with_pop: p_alter_signature= ", p_alter_signature);
5576
5577
5578
5579
5580
5581
5582
5583
5584
5585
5586
5587
5588
5589
5590
5591
5592
5593
5594
5595
5596
5597
5598
5599
5600
5601
5602
5603
5604
5605
5606
5607
5608
5609
5610
5611
5612
5613
5614
5615
5616
5617
5618
5619
5620
5621
5622
5623
// Signed the encoded PKI message
v_tbs := m_toBeSignedData(
m_signedDataPayload(
m_etsiTs103097Data_unsecured(p_pki_message)
),
m_headerInfo_inner_pki_request(-, (f_getCurrentTime() * 1000)/*us*/)
);
log("f_build_pki_secured_request_message_signed_with_pop: v_tbs: ", v_tbs);
if (ischosen(p_signer_identifier.self_)) {
v_tbs_signed := f_signWithEcdsa(bit2oct(encvalue(v_tbs)), int2oct(0, 32), p_private_key);
} else {
var charstring v_certificate_id;
var octetstring v_hash;
fx_readCertificateFromDigest(p_signer_identifier.digest, v_certificate_id); // TODO Add a wrapper function
f_getCertificateHash(v_certificate_id, v_hash);
v_tbs_signed := f_signWithEcdsa(bit2oct(encvalue(v_tbs)), v_hash, p_private_key);
}
log("f_build_pki_secured_request_message_signed_with_pop: lengthof(v_tbs_signed)= ", lengthof(v_tbs_signed));
log("f_build_pki_secured_request_message_signed_with_pop: v_tbs_signed= ", v_tbs_signed);
if (p_alter_signature == true) {
v_tbs_signed[0] := '0A'O;
v_tbs_signed[1] := '0A'O;
log("f_build_pki_secured_request_message_signed_with_pop: Altered signature= ", v_tbs_signed);
}
// Add the signature and create EtsiTs103097Data-Signed data structure
log("f_build_pki_secured_request_message_signed_with_pop: PX_VE_ALG=", PX_VE_ALG);
if (PX_VE_ALG == e_nist_p256) {
v_signature := valueof(
m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_tbs_signed, 0, 32)
),
substr(v_tbs_signed, 32, 32)
)
)
);
} else if (PX_VE_ALG == e_brainpool_p256_r1) {
v_signature := valueof(
m_signature_ecdsaBrainpoolP256r1(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_tbs_signed, 0, 32)
),
substr(v_tbs_signed, 32, 32)
)
)
);
} else if (PX_VE_ALG == e_sm2_p256) { // FIXME FSCOM
} else if (PX_VE_ALG == e_nist_p384) {
v_signature := valueof(
m_signature_ecdsaNistP384(
m_ecdsaP384Signature(
m_eccP384CurvePoint_x_only(
substr(v_tbs_signed, 0, 48)
),
substr(v_tbs_signed, 48, 48)
)
)
);
5636
5637
5638
5639
5640
5641
5642
5643
5644
5645
5646
5647
5648
5649
5650
5651
5652
5653
5654
5655
5656
5657
5658
5659
5660
5661
5662
} else if (PX_VE_ALG == e_brainpool_p384_r1) {
v_signature := valueof(
m_signature_ecdsaBrainpoolP384r1(
m_ecdsaP384Signature(
m_eccP384CurvePoint_x_only(
substr(v_tbs_signed, 0, 48)
),
substr(v_tbs_signed, 48, 48)
)
)
);
}
log("f_build_pki_secured_request_message_signed_with_pop: v_signature= ", v_signature);
v_ieee1609dot2_signed_data := m_etsiTs103097Data_signed(
m_signedData(
sha256,
v_tbs,
p_signer_identifier,
v_signature
)
);
// Encode EtsiTs103097Data-Signed data structure
v_encoded_request := bit2oct(encvalue(v_ieee1609dot2_signed_data));
log("f_build_pki_secured_request_message_signed_with_pop: v_encoded_request= ", v_encoded_request);
// Encrypt encode EtsiTs103097Data-Signed data structure
if (p_enc_algorithm == e_nist_p256) {
v_encrypted_request := f_encryptWithEciesNistp256WithSha256(v_encoded_request, p_public_key_compressed, p_compressed_mode, p_salt, v_public_compressed_ephemeral_key, v_public_compressed_ephemeral_mode, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce);
} else if (PX_VE_ALG == e_sm2_p256) {
v_encrypted_request := f_encryptWithEciesSm2p256WithSha256(v_encoded_request, p_public_key_compressed, p_compressed_mode, p_salt, v_public_compressed_ephemeral_key, v_public_compressed_ephemeral_mode, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce);
5665
5666
5667
5668
5669
5670
5671
5672
5673
5674
5675
5676
5677
5678
5679
5680
5681
5682
5683
5684
5685
5686
5687
5688
5689
5690
5691
5692
5693
5694
5695
5696
} else if (p_enc_algorithm == e_brainpool_p256_r1) {
v_encrypted_request := f_encryptWithEciesBrainpoolp256r1WithSha256(v_encoded_request, p_public_key_compressed, p_compressed_mode, p_salt, v_public_compressed_ephemeral_key, v_public_compressed_ephemeral_mode, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce);
} else {
log("f_build_pki_secured_request_message_signed_with_pop: Wrong encryption variant");
return false;
}
log("f_build_pki_secured_request_message_signed_with_pop: p_aes_sym_key= ", p_aes_sym_key);
log("f_build_pki_secured_request_message_signed_with_pop: p_encrypted_sym_key= ", p_encrypted_sym_key);
log("f_build_pki_secured_request_message_signed_with_pop: p_authentication_vector= ", p_authentication_vector);
log("f_build_pki_secured_request_message_signed_with_pop: p_nonce= ", p_nonce);
log("f_build_pki_secured_request_message_signed_with_pop: p_recipientId= ", p_recipientId);
if (p_recipientId == int2oct(0, 8)) {
log("f_build_pki_secured_request_message_signed_with_pop: f_hashWithSha256(v_encrypted_sym_key)= ", f_hashWithSha256(p_encrypted_sym_key));
v_recipientId := f_hashedId8FromSha256(f_hashWithSha256(p_encrypted_sym_key));
} else {
v_recipientId := p_recipientId;
}
log("f_build_pki_secured_request_message_signed_with_pop: v_recipientId= ", v_recipientId);
// Fill Certificate template with the public compressed keys (canonical form)
if (v_public_compressed_ephemeral_mode == 0) {
v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_0(v_public_compressed_ephemeral_key));
} else {
v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_1(v_public_compressed_ephemeral_key));
}
if (p_enc_algorithm == e_nist_p256) {
v_encrypted_data_encryption_key := valueof(
m_encryptedDataEncryptionKey_eciesNistP256(
m_evciesP256EncryptedKey(
v_eccP256_curve_point,
p_encrypted_sym_key,
p_authentication_vector
)));
} else if (PX_VE_ALG == e_sm2_p256) { // FIXME FSCOM
} else if (p_enc_algorithm == e_brainpool_p256_r1) {
v_encrypted_data_encryption_key := valueof(
m_encryptedDataEncryptionKey_eciesBrainpoolP256r1(
m_evciesP256EncryptedKey(
v_eccP256_curve_point,
p_encrypted_sym_key,
p_authentication_vector
)));
} else {
log("f_build_pki_secured_request_message_signed_with_pop: Wrong encryption variant");
return false;
}
p_ieee1609dot2_signed_and_encrypted_data := valueof(
m_etsiTs103097Data_encrypted(
m_encryptedData(
{
m_recipientInfo_certRecipInfo(
m_pKRecipientInfo(
v_recipientId,
v_encrypted_data_encryption_key
))
},
m_symmetricCiphertext_aes128ccm(
m_aesCcmCiphertext(
p_nonce,
v_encrypted_request
)
)
)
)
);
// The 'p_request_hash' shall be the SHA256 digest of the OER representation of the topmost EtsiTs103097Data-Encoded structure
v_enc_value := encvalue(p_ieee1609dot2_signed_and_encrypted_data);
p_request_hash := f_hashWithSha256(bit2oct(v_enc_value));
log("f_build_pki_secured_request_message_signed_with_pop: p_request_hash= ", p_request_hash);
log("<<< f_build_pki_secured_request_message_signed_with_pop: ", p_pki_message);
return true;
} // End of function f_build_pki_secured_request_message_signed_with_pop
/**
* @desc Build a signed and encrypted PKI request message without POP with signature
* @param p_recipientId Recipient identifier to be inclued in encrypted layer.
* If value is int2oct(0. 8), the recipient id is the HashedId8 of the symmetric key used by the sender to encrypt the message to which the response is built
* @param p_public_key_compressed The public compressed key (canonical form) for encryption
* @param p_compressed_mode The compressed mode of the public compressed key (canonical form) for encryption
* @param p_pki_message The PKI message to be secured
* @param p_ieee1609dot2_signed_and_encrypted_data The secured message
* @return true on success, false otherwise
*/
function f_build_pki_secured_request_message(
in HashedId8 p_recipientId,
in octetstring p_public_key_compressed,
in integer p_compressed_mode,
in octetstring p_salt,
in octetstring p_pki_message,
out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data,
out Oct16 p_aes_sym_key,
out Oct16 p_encrypted_sym_key,
out Oct16 p_authentication_vector,
out Oct12 p_nonce,
out Oct32 p_request_hash
) return boolean {
// Local variables
var template (value) EccP256CurvePoint v_eccP256_curve_point;
var HashedId8 v_recipientId;
var octetstring v_public_compressed_ephemeral_key;
var integer v_public_compressed_ephemeral_mode;
var octetstring v_encrypted_request;
var EncryptedDataEncryptionKey v_encrypted_data_encryption_key;
var bitstring v_enc_value;
// Encrypt encode EtsiTs103097Data-Signed data structure
if (p_enc_algorithm == e_nist_p256) {
v_encrypted_request := f_encryptWithEciesNistp256WithSha256(p_pki_message, p_public_key_compressed, p_compressed_mode, p_salt, v_public_compressed_ephemeral_key, v_public_compressed_ephemeral_mode, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce);
} else if (PX_VE_ALG == e_sm2_p256) {
v_encrypted_request := f_encryptWithEciesSm2p256WithSha256(p_pki_message, p_public_key_compressed, p_compressed_mode, p_salt, v_public_compressed_ephemeral_key, v_public_compressed_ephemeral_mode, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce);
5780
5781
5782
5783
5784
5785
5786
5787
5788
5789
5790
5791
5792
5793
5794
5795
5796
5797
5798
5799
5800
5801
5802
5803
5804
5805
5806
5807
5808
5809
5810
5811
} else if (p_enc_algorithm == e_brainpool_p256_r1) {
v_encrypted_request := f_encryptWithEciesBrainpoolp256r1WithSha256(p_pki_message, p_public_key_compressed, p_compressed_mode, p_salt, v_public_compressed_ephemeral_key, v_public_compressed_ephemeral_mode, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce);
} else {
log("f_build_pki_secured_request_message: Wrong encryption variant");
return false;
}
log("f_build_pki_secured_request_message: p_aes_sym_key= ", p_aes_sym_key);
log("f_build_pki_secured_request_message: p_encrypted_sym_key= ", p_encrypted_sym_key);
log("f_build_pki_secured_request_message: p_authentication_vector= ", p_authentication_vector);
log("f_build_pki_secured_request_message: p_nonce= ", p_nonce);
log("f_build_pki_secured_request_message: p_recipientId= ", p_recipientId);
if (p_recipientId == int2oct(0, 8)) {
log("f_build_pki_secured_request_message: f_hashWithSha256(v_encrypted_sym_key)= ", f_hashWithSha256(p_encrypted_sym_key));
v_recipientId := f_hashedId8FromSha256(f_hashWithSha256(p_encrypted_sym_key));
} else {
v_recipientId := p_recipientId;
}
log("f_build_pki_secured_request_message: v_recipientId= ", v_recipientId);
// Fill Certificate template with the public compressed keys (canonical form)
if (v_public_compressed_ephemeral_mode == 0) {
v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_0(v_public_compressed_ephemeral_key));
} else {
v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_1(v_public_compressed_ephemeral_key));
}
if (p_enc_algorithm == e_nist_p256) {
v_encrypted_data_encryption_key := valueof(
m_encryptedDataEncryptionKey_eciesNistP256(
m_evciesP256EncryptedKey(
v_eccP256_curve_point,
p_encrypted_sym_key,
p_authentication_vector
)));
} else if (PX_VE_ALG == e_sm2_p256) { // FIXME FSCOM
} else if (p_enc_algorithm == e_brainpool_p256_r1) {
v_encrypted_data_encryption_key := valueof(
m_encryptedDataEncryptionKey_eciesBrainpoolP256r1(
m_evciesP256EncryptedKey(
v_eccP256_curve_point,
p_encrypted_sym_key,
p_authentication_vector
)));
}
p_ieee1609dot2_signed_and_encrypted_data := valueof(
m_etsiTs103097Data_encrypted(
m_encryptedData(
{
m_recipientInfo_certRecipInfo(
m_pKRecipientInfo(
v_recipientId,
v_encrypted_data_encryption_key
))
},
m_symmetricCiphertext_aes128ccm(
m_aesCcmCiphertext(
p_nonce,
v_encrypted_request
)
)
)
)
);
// The 'p_request_hash' shall be the SHA256 digest of the OER representation of the topmost EtsiTs103097Data-Encoded structure
v_enc_value := encvalue(p_ieee1609dot2_signed_and_encrypted_data);
p_request_hash := f_hashWithSha256(bit2oct(v_enc_value));
log("f_build_pki_secured_request_message: p_request_hash= ", p_request_hash);
log("<<< f_build_pki_secured_request_message: ", p_ieee1609dot2_signed_and_encrypted_data);
return true;
} // End of function f_build_pki_secured_request_message
function f_build_pki_secured_request_message_for_authorization(
in HashedId8 p_recipientId,
in octetstring p_public_key_compressed,
in integer p_compressed_mode,
in octetstring p_salt,
in octetstring p_pki_message,
out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data,
out Oct16 p_aes_sym_key,
out Oct16 p_encrypted_sym_key,
out Oct16 p_authentication_vector,
out Oct12 p_nonce,
out Oct32 p_request_hash
) return boolean {
// Local variables
var Ieee1609Dot2Data v_unsecured_data;
var octetstring v_pki_message;
var template (value) EccP256CurvePoint v_eccP256_curve_point;
var HashedId8 v_recipientId;
var octetstring v_public_compressed_ephemeral_key;
var integer v_public_compressed_ephemeral_mode;
var octetstring v_encrypted_request;
var EncryptedDataEncryptionKey v_encrypted_data_encryption_key;
var bitstring v_enc_value;
log(">>> f_build_pki_secured_request_message_for_authorization");
// Add Ieee1609Dot2Data layer
v_unsecured_data := valueof(m_etsiTs103097Data_unsecured(p_pki_message));
v_pki_message := bit2oct(encvalue(v_unsecured_data));
// Encrypt encode EtsiTs103097Data-Signed data structure
if (p_enc_algorithm == e_nist_p256) {
v_encrypted_request := f_encryptWithEciesNistp256WithSha256(v_pki_message, p_public_key_compressed, p_compressed_mode, p_salt, v_public_compressed_ephemeral_key, v_public_compressed_ephemeral_mode, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce);
} else if (p_enc_algorithm == e_sm2_p256) {
v_encrypted_request := f_encryptWithEciesSm2p256WithSha256(v_pki_message, p_public_key_compressed, p_compressed_mode, p_salt, v_public_compressed_ephemeral_key, v_public_compressed_ephemeral_mode, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce);
5887
5888
5889
5890
5891
5892
5893
5894
5895
5896
5897
5898
5899
5900
5901
5902
5903
5904
5905
5906
5907
5908
5909
5910
5911
5912
5913
5914
5915
5916
5917
5918
} else if (p_enc_algorithm == e_brainpool_p256_r1) {
v_encrypted_request := f_encryptWithEciesBrainpoolp256r1WithSha256(v_pki_message, p_public_key_compressed, p_compressed_mode, p_salt, v_public_compressed_ephemeral_key, v_public_compressed_ephemeral_mode, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce);
} else {
log("f_build_pki_secured_request_message_for_authorization: Wrong encryption variant");
return false;
}
log("f_build_pki_secured_request_message_for_authorization: p_aes_sym_key= ", p_aes_sym_key);
log("f_build_pki_secured_request_message_for_authorization: p_encrypted_sym_key= ", p_encrypted_sym_key);
log("f_build_pki_secured_request_message_for_authorization: p_authentication_vector= ", p_authentication_vector);
log("f_build_pki_secured_request_message_for_authorization: p_nonce= ", p_nonce);
log("f_build_pki_secured_request_message_for_authorization: p_recipientId= ", p_recipientId);
if (p_recipientId == int2oct(0, 8)) {
log("f_build_pki_secured_request_message_for_authorization: f_hashWithSha256(v_encrypted_sym_key)= ", f_hashWithSha256(p_encrypted_sym_key));
v_recipientId := f_hashedId8FromSha256(f_hashWithSha256(p_encrypted_sym_key));
} else {
v_recipientId := p_recipientId;
}
log("f_build_pki_secured_request_message_for_authorization: v_recipientId= ", v_recipientId);
// Fill Certificate template with the public compressed keys (canonical form)
if (v_public_compressed_ephemeral_mode == 0) {
v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_0(v_public_compressed_ephemeral_key));
} else {
v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_1(v_public_compressed_ephemeral_key));
}
if (p_enc_algorithm == e_nist_p256) {
v_encrypted_data_encryption_key := valueof(
m_encryptedDataEncryptionKey_eciesNistP256(
m_evciesP256EncryptedKey(
v_eccP256_curve_point,
p_encrypted_sym_key,
p_authentication_vector
)));
} else if (PX_VE_ALG == e_sm2_p256) { // FIXME FSCOM
} else if (p_enc_algorithm == e_brainpool_p256_r1) {
v_encrypted_data_encryption_key := valueof(
m_encryptedDataEncryptionKey_eciesBrainpoolP256r1(
m_evciesP256EncryptedKey(
v_eccP256_curve_point,
p_encrypted_sym_key,
p_authentication_vector
)));
}
p_ieee1609dot2_signed_and_encrypted_data := valueof(
m_etsiTs103097Data_encrypted(
m_encryptedData(
{
m_recipientInfo_certRecipInfo(
m_pKRecipientInfo(
v_recipientId,
v_encrypted_data_encryption_key
))
},
m_symmetricCiphertext_aes128ccm(
m_aesCcmCiphertext(
p_nonce,
v_encrypted_request
)
)
)
)
);
// The 'p_request_hash' shall be the SHA256 digest of the OER representation of the topmost EtsiTs103097Data-Encoded structure
v_enc_value := encvalue(p_ieee1609dot2_signed_and_encrypted_data);
p_request_hash := f_hashWithSha256(bit2oct(v_enc_value));
log("f_build_pki_secured_request_message_for_authorization: p_request_hash= ", p_request_hash);
log("<<< f_build_pki_secured_request_message_for_authorization: ", p_ieee1609dot2_signed_and_encrypted_data);
return true;
} // End of function f_build_pki_secured_request_message_for_authorization
5958
5959
5960
5961
5962
5963
5964
5965
5966
5967
5968
5969
5970
5971
5972
5973
5974
5975
5976
5977
5978
5979
5980
5981
5982
5983
5984
/**
* @desc Build a signed and encrypted PKI response message
* @param p_private_key Private key for signature
* @param p_signer_identifier Signer identifier for signature, could be self or certificate HashedId8
* @param p_recipientId Recipient identifier to be inclued in encrypted layer.
* If value is int2oct(0. 8), the recipient id is the HashedId8 of the symmetric key used by the sender to encrypt the message to which the response is built
* @param p_public_key_compressed The public compressed key (canonical form) for encryption
* @param p_compressed_mode The compressed mode of the public compressed key (canonical form) for encryption
* @param p_pki_message The PKI message to be secured
* @param p_ieee1609dot2_signed_and_encrypted_data The secured message
* @return true on success, false otherwise
*/
function f_build_pki_secured_response_message(
in octetstring p_private_key,
in SignerIdentifier p_signer_identifier,
in octetstring p_pki_message,
in Oct16 p_aes_sym_key,
in Oct12 p_nonce,
out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data
) return boolean {
// Local variables
var template (value) ToBeSignedData v_tbs;
var octetstring v_tbs_signed;
var template (value) Ieee1609Dot2Data v_ieee1609dot2_signed_data;
var octetstring v_encoded_inner_ec_response;
var HashedId8 v_recipientId;
var octetstring v_encrypted_inner_ec_response;
// Signed the encoded PKI message
v_tbs := m_toBeSignedData(
m_signedDataPayload(
m_etsiTs103097Data_unsecured(p_pki_message)
),
m_headerInfo_inner_pki_response(-, (f_getCurrentTime() * 1000)/*us*/)
);
if (ischosen(p_signer_identifier.self_)) {
v_tbs_signed := f_signWithEcdsaNistp256WithSha256(bit2oct(encvalue(v_tbs)), int2oct(0, 32), p_private_key);
} else {
var charstring v_certificate_id;
var Oct32 v_hash;
fx_readCertificateFromDigest(p_signer_identifier.digest, v_certificate_id); // TODO Add a wrapper function
log(">>>>> f_build_pki_secured_response_message: use ", v_certificate_id, " for signing response");
log(">>>>> f_build_pki_secured_response_message: use ", p_private_key, " as private key");