Skip to content
LibItsPki_Functions.ttcn 236 KiB
Newer Older
      if (PX_INCLUDE_ENCRYPTION_KEYS) {
        p_inner_at_request.publicKeys := valueof( // The freshly generated public verification & encrypition keys to be used for the requested AT certificate
                                                 m_publicKeys(
                                                              m_publicVerificationKey_ecdsaNistP256(
                                                                                                    v_eccP256_curve_point
                                                                                                    ),
                                                              m_encryptionKey( // FIXME Encryption keys could be optional
                                                                              -,
                                                                              m_publicEncryptionKey_ecdsaNistP256(v_enc_eccP256_curve_point)
                                                                               )
                                                              )
                                                  );
      } else {
        p_inner_at_request.publicKeys := valueof( // The freshly generated public verification keys to be used for the requested AT certificate
                                                 m_publicKeys(
                                                              m_publicVerificationKey_ecdsaNistP256(
                                                                                                    v_eccP256_curve_point
                                                                                                    )
                                                              )
                                                  );
      }
      p_inner_at_request.hmacKey := v_hmac_key;
      log("f_generate_inner_at_request: p_inner_at_request= ", p_inner_at_request);
      
      return true;
    } // End of function f_generate_inner_at_request
    
    function f_generate_inner_at_request_with_wrong_hmac(
                                                         in Certificate p_aa_certificate,
                                                         in Oct8 p_aa_hashed_id8,
                                                         in Certificate p_ea_certificate,
                                                         in octetstring p_salt,
                                                         in Oct8 p_ea_hashed_id8,
                                                         in Certificate p_ec_certificate,
                                                         in octetstring p_ec_private_key,
                                                         out octetstring p_private_key,
                                                         out octetstring p_public_key_compressed,
                                                         out integer p_compressed_key_mode,
                                                         out octetstring p_private_enc_key,
                                                         out octetstring p_public_compressed_enc_key,
                                                         out integer p_compressed_enc_key_mode,
                                                         out InnerAtRequest p_inner_at_request
                                                         ) return boolean {
      // Local variables
2045 2046 2047 2048 2049 2050 2051 2052 2053 2054 2055 2056 2057 2058 2059 2060 2061 2062 2063 2064 2065 2066 2067 2068 2069 2070 2071 2072 2073 2074 2075 2076 2077 2078 2079 2080 2081 2082 2083 2084 2085 2086 2087 2088 2089 2090 2091 2092 2093 2094 2095 2096 2097 2098 2099 2100 2101 2102 2103 2104 2105 2106 2107 2108 2109 2110 2111 2112 2113 2114 2115 2116 2117 2118 2119 2120 2121 2122 2123 2124 2125 2126 2127 2128 2129 2130 2131 2132 2133 2134 2135 2136 2137 2138 2139 2140 2141 2142 2143 2144 2145 2146 2147 2148 2149 2150 2151 2152 2153 2154 2155 2156 2157 2158 2159 2160 2161 2162 2163 2164 2165 2166 2167 2168 2169 2170 2171 2172 2173 2174 2175 2176 2177 2178 2179 2180 2181 2182 2183 2184 2185 2186 2187 2188 2189 2190 2191 2192 2193 2194 2195 2196 2197 2198 2199 2200 2201 2202 2203 2204 2205 2206 2207 2208 2209 2210 2211 2212 2213 2214 2215 2216 2217 2218 2219 2220 2221 2222 2223 2224 2225 2226 2227 2228 2229 2230 2231 2232 2233 2234 2235 2236 2237 2238 2239 2240 2241 2242 2243 2244 2245 2246 2247 2248 2249 2250 2251 2252 2253 2254 2255 2256 2257 2258 2259 2260 2261 2262 2263 2264 2265 2266 2267 2268 2269 2270 2271 2272 2273 2274 2275 2276 2277 2278 2279 2280 2281 2282 2283 2284 2285 2286 2287 2288 2289 2290 2291 2292 2293 2294 2295 2296 2297 2298 2299 2300 2301 2302 2303 2304 2305 2306 2307 2308 2309 2310 2311 2312 2313 2314 2315 2316 2317 2318 2319 2320 2321 2322 2323 2324 2325 2326 2327 2328 2329 2330 2331 2332 2333 2334 2335 2336 2337 2338 2339 2340 2341 2342 2343 2344 2345 2346 2347 2348 2349 2350 2351 2352 2353 2354 2355 2356 2357 2358 2359 2360 2361 2362 2363 2364 2365 2366 2367 2368 2369 2370 2371 2372 2373 2374 2375 2376 2377 2378 2379 2380 2381 2382 2383 2384 2385 2386 2387 2388 2389 2390 2391 2392 2393 2394 2395 2396 2397 2398 2399 2400 2401 2402 2403 2404 2405 2406 2407 2408 2409 2410 2411 2412 2413 2414 2415 2416 2417 2418 2419 2420 2421 2422 2423 2424 2425 2426
      var octetstring v_public_key_x;
      var octetstring v_public_key_y;
      var octetstring v_public_enc_key_x;
      var octetstring v_public_enc_key_y;
      var bitstring v_enc_value;
      var octetstring v_ec_hash;
      var Oct8 v_ec_hashed_id8;
      var octetstring public_enc_key_x;
      var octetstring public_enc_key_y;
      var Oct32 v_hmac_key;
      var PublicVerificationKey v_verification_tag;
      var PublicEncryptionKey v_encryption_tag;
      var octetstring v_encoded_tag;
      var Oct16 v_key_tag;
      var octetstring v_hash_shared_at_request;
      var template (value) ToBeSignedData v_tbs;
      var octetstring v_tbs_signed;
      var Ieee1609Dot2Data v_signed_at_signature;
      var template (value) EccP256CurvePoint v_eccP256_curve_point;
      var template (value) EccP256CurvePoint v_enc_eccP256_curve_point;
      var HashAlgorithm v_hashId;
      var Signature v_signature;
      var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
        valueof(m_appPermissions(c_its_aid_CAM, { bitmapSsp := '01FFFC'O })),
        valueof(m_appPermissions(c_its_aid_DENM, { bitmapSsp := '01FFFFFF'O })) // TODO Use PIXIT
      };
 
      // Generate verification keys for the certificate to be requested
      if (f_generate_key_pair(p_private_key, v_public_key_x, v_public_key_y, p_public_key_compressed, p_compressed_key_mode) == false) {
        log("f_generate_inner_at_request_with_wrong_hmac: Failed to generate verification key");
        return false;
      }
      log ("f_generate_inner_at_request_with_wrong_hmac: AT verification private key: ", p_private_key);
      log ("f_generate_inner_at_request_with_wrong_hmac: AT verification public compressed key: ", p_public_key_compressed);
      log ("f_generate_inner_at_request_with_wrong_hmac: AT verification public compressed mode: ", p_compressed_key_mode);
      // Generate encryption keys for the certificate to be requested
      if (PX_INCLUDE_ENCRYPTION_KEYS) {
        if (f_generate_key_pair_for_encryption(PX_EC_ALG_FOR_AT, p_private_enc_key, v_public_enc_key_x, v_public_enc_key_y, p_public_compressed_enc_key, p_compressed_enc_key_mode) == false) {
          log("f_generate_inner_at_request_with_wrong_hmac: Failed to generate encryption key");
          return false;
        } else {
          log ("f_generate_inner_at_request_with_wrong_hmac: AT encryption private key: ", p_private_enc_key);
          log ("f_generate_inner_at_request_with_wrong_hmac: AT encryption public compressed key: ", p_public_compressed_enc_key);
          log ("f_generate_inner_at_request_with_wrong_hmac: AT encryption public compressed mode: ", p_compressed_enc_key_mode);
        }
      } else {
        p_private_enc_key := ''O;
        v_public_enc_key_x := ''O;
        v_public_enc_key_y := ''O;
        p_public_compressed_enc_key := ''O;
        p_compressed_enc_key_mode := -1;
      }
      
      // Calculate the whole certificate SHA
      v_enc_value := encvalue(p_ec_certificate);
      if (ischosen(p_ec_certificate.issuer.sha256AndDigest)) {
        v_ec_hash := f_hashWithSha256(bit2oct(v_enc_value));
        v_ec_hashed_id8 := f_HashedId8FromSha256(v_ec_hash);
      } else {
        v_ec_hash := f_hashWithSha384(bit2oct(v_enc_value));
        v_ec_hashed_id8 := f_HashedId8FromSha384(v_ec_hash);
      }
      log("f_generate_inner_at_request_with_wrong_hmac: v_ec_hash= ", v_ec_hash);
      
      // Generate 32 octets length secret key
      v_hmac_key := f_hashWithSha256(int2oct((f_getCurrentTimeUtc() * 1000), 12));
      log("f_generate_inner_at_request_with_wrong_hmac: v_hmac_key= ", v_hmac_key);

      // Generate tag based on the concatenation of verification keys & encryption keys
      if (PX_VE_ALG == e_nist_p256) {
        if (p_compressed_key_mode == 0) {
          v_verification_tag.ecdsaNistP256.compressed_y_0 := p_public_key_compressed;
        } else {
          v_verification_tag.ecdsaNistP256.compressed_y_1 := p_public_key_compressed;
        }
      } else if (PX_VE_ALG == e_brainpool_p256_r1) {
        if (p_compressed_key_mode == 0) {
          v_verification_tag.ecdsaBrainpoolP256r1.compressed_y_0 := p_public_key_compressed;
        } else {
          v_verification_tag.ecdsaBrainpoolP256r1.compressed_y_1 := p_public_key_compressed;
        }
      } else if (PX_VE_ALG == e_brainpool_p384_r1) {
        if (p_compressed_key_mode == 0) {
          v_verification_tag.ecdsaBrainpoolP384r1.compressed_y_0 := p_public_key_compressed;
        } else {
          v_verification_tag.ecdsaBrainpoolP384r1.compressed_y_1 := p_public_key_compressed;
        }
      } else {
        log("f_generate_inner_at_request_with_wrong_hmac: Failed to generate HMAC tag");
        return false;
      }
      log("f_generate_inner_at_request_with_wrong_hmac: v_verification_tag= ", v_verification_tag);
      v_encoded_tag := bit2oct(encvalue(v_verification_tag));
      if (PX_INCLUDE_ENCRYPTION_KEYS) {
        v_encryption_tag.supportedSymmAlg := aes128Ccm;
        if (PX_EC_ALG_FOR_AT == e_nist_p256) {
          if (p_compressed_enc_key_mode == 0) {
            v_encryption_tag.publicKey.eciesNistP256.compressed_y_0 := p_public_compressed_enc_key;
          } else {
            v_encryption_tag.publicKey.eciesNistP256.compressed_y_1 := p_public_compressed_enc_key;
          }
        } else if (PX_EC_ALG_FOR_AT == e_brainpool_p256_r1) {
          if (p_compressed_enc_key_mode == 0) {
            v_encryption_tag.publicKey.eciesBrainpoolP256r1.compressed_y_0 := p_public_compressed_enc_key;
          } else {
            v_encryption_tag.publicKey.eciesBrainpoolP256r1.compressed_y_1 := p_public_compressed_enc_key;
          }
        } else {
          log("f_generate_inner_at_request_with_wrong_hmac: Failed to generate HMAC tag (enc)");
          return false;
        }
        log("f_generate_inner_at_request_with_wrong_hmac: v_encryption_tag= ", v_encryption_tag);
        v_encoded_tag := v_encoded_tag & bit2oct(encvalue(v_encryption_tag));
      }
      log("f_generate_inner_at_request_with_wrong_hmac: v_encoded_tag= ", v_encoded_tag);
      // Modify v_hmac_key
      v_key_tag := substr(
                          fx_hmac_sha256( // TODO Rename and use a wrapper function
                                         v_hmac_key,
                                         v_encoded_tag
                                         ),
                          0,
                          16); // Leftmost 128 bits of the HMAC-SHA256 tag computed previously
      log("f_generate_inner_at_request_with_wrong_hmac: v_key_tag= ", v_key_tag);
      v_hmac_key[0] := 'aa'O;
      v_hmac_key[1] := 'bb'O;
      log("f_generate_inner_at_request_with_wrong_hmac: Modified key_tag= ", v_hmac_key);

      // Build the SharedAtRequest
      p_inner_at_request.sharedAtRequest := valueof(
                                                    m_shared_at_request(
                                                                        p_ea_hashed_id8, // eaId identifies the EA certificate shared with EA entity
                                                                        v_key_tag, // Calculated keyTag
                                                                        valueof(
                                                                                m_certificate_subject_attributes( // FIXME Review fsubjectPermissions
                                                                                                                 v_appPermissions,//p_ec_certificate.toBeSigned.appPermissions,
                                                                                                                 p_ec_certificate.toBeSigned.certRequestPermissions,
                                                                                                                 p_ec_certificate.toBeSigned.id,
                                                                                                                 p_ec_certificate.toBeSigned.validityPeriod,
                                                                                                                 p_ec_certificate.toBeSigned.region,
                                                                                                                 p_ec_certificate.toBeSigned.assuranceLevel
                                                                                                                  ))) // Desired attributes
                                                    );
      
      // Calculate the hash of the SharedAtRequest
      v_hash_shared_at_request := f_hashWithSha256(bit2oct(encvalue(p_inner_at_request.sharedAtRequest)));
      log("f_generate_inner_at_request_with_wrong_hmac: v_hash_shared_at_request= ", v_hash_shared_at_request);
      
      // Build the ETsiTs103097Data-SignedExternalPayload
      v_tbs := m_toBeSignedData(
                                m_signedDataPayload_ext(v_hash_shared_at_request), // Payload containing extDataHash
                                m_headerInfo_inner_pki_request( // HeaderInfo
                                                               -,
                                                               (f_getCurrentTime()) * 1000) //us
                               );
      log("f_generate_inner_at_request_with_wrong_hmac: v_tbs= ", v_tbs);
      // Signed ToBeSigned payload using the private key of EC certificate obtained from Enrolment request
      // In case of ITS-S privacy, v_signed_at_signature contained the data to be encrypted
      // TODO Simplify with f_signWithEcdsa
      if (ischosen(p_ec_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1)) {
        v_hashId := sha384;
        v_tbs_signed := f_signWithEcdsaBrainpoolp384WithSha384(bit2oct(encvalue(v_tbs)), v_ec_hash, p_ec_private_key);
        v_signature := valueof(
                               m_signature_ecdsaBrainpoolP384r1(
                                                                m_ecdsaP384Signature(
                                                                                     m_eccP384CurvePoint_x_only(
                                                                                                                substr(v_tbs_signed, 0, 48)
                                                                                                                ),
                                                                                     substr(v_tbs_signed, 48, 48)
                                                                                     )
                                                                )
                                                        );
      } else {
        v_hashId := sha256;
        if (ischosen(p_ec_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP256r1)) {
          v_tbs_signed := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(encvalue(v_tbs)), v_ec_hash, p_ec_private_key);
          v_signature := valueof(
                                 m_signature_ecdsaBrainpoolP256r1(
                                                                  m_ecdsaP256Signature(
                                                                                       m_eccP256CurvePoint_x_only(
                                                                                                                  substr(v_tbs_signed, 0, 32)
                                                                                                                  ),
                                                                                       substr(v_tbs_signed, 32, 32)
                                                                                       )
                                                                  )
                                 );
        } else if (ischosen(p_ec_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256)) {
          v_tbs_signed := f_signWithEcdsaNistp256WithSha256(bit2oct(encvalue(v_tbs)), v_ec_hash, p_ec_private_key);
          v_signature := valueof(
                                 m_signature_ecdsaNistP256(
                                                           m_ecdsaP256Signature(
                                                                                m_eccP256CurvePoint_x_only(
                                                                                                           substr(v_tbs_signed, 0, 32)
                                                                                                           ),
                                                                                substr(v_tbs_signed, 32, 32)
                                                                                )
                                                           )
                                 );
        } else {
          // Error
          log("f_generate_inner_at_request_with_wrong_hmac: Failed to process signature");
          return false;
        }
      }
      v_signed_at_signature := valueof(
                                       m_etsiTs103097Data_signed(
                                                                 m_signedData(
                                                                              v_hashId,
                                                                              v_tbs,
                                                                              m_signerIdentifier_digest(v_ec_hashed_id8), // Signer is thehasheId8 of the EC certificate obtained from Enrolment request
                                                                              v_signature
                                                                              )
                                                                 )
                                       );
      log("f_generate_inner_at_request_with_wrong_hmac: v_signed_at_signature= ", v_signed_at_signature);
      
      if (PICS_ITS_S_WITH_PRIVACY) { // Build EtsiTs102097Data-Encrypted structure
        var octetstring v_public_enc_key;
        var integer v_compressed_mode;
        var Oct12 v_nonce;
        var Oct16 v_authentication_vector;
        var Oct16 v_aes_sym_key;
        var Oct16 v_encrypted_sym_key;
        var HashedId8 v_recipientId;
        var octetstring v_public_compressed_ephemeral_key;
        var integer v_public_compressed_ephemeral_mode;
        var octetstring v_enc_signed_ec_signature;
        var EncryptedDataEncryptionKey v_encrypted_data_encryption_key;
        
        // Use EA certificate for the encryption
        if (PX_EC_ALG_FOR_AT == e_nist_p256) {
          if (ischosen(p_ea_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0)) {
            v_public_enc_key := p_ea_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0;
            v_compressed_mode := 0;
          } else if (ischosen(p_ea_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1)) {
            v_public_enc_key := p_ea_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1;
            v_compressed_mode := 1;
          } else {
            log("f_generate_inner_at_request_with_wrong_hmac: Wrong NistP256 encryption variant");
            return false;
          }
          v_enc_signed_ec_signature := f_encryptWithEciesNistp256WithSha256(bit2oct(encvalue(v_signed_at_signature)), v_public_enc_key, v_compressed_mode, p_salt, v_public_compressed_ephemeral_key, v_public_compressed_ephemeral_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, PICS_SEC_FIXED_KEYS);
          if (v_public_compressed_ephemeral_mode == 0) {
            v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_0(v_public_compressed_ephemeral_key));
          } else {
            v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_1(v_public_compressed_ephemeral_key));
          }
          v_encrypted_data_encryption_key := valueof(
                                                     m_encryptedDataEncryptionKey_eciesNistP256(
                                                                                                m_evciesP256EncryptedKey(
                                                                                                                         v_eccP256_curve_point,
                                                                                                                         v_encrypted_sym_key,
                                                                                                                         v_authentication_vector
                                                                                                                         )));
        } else if (PX_EC_ALG_FOR_AT == e_brainpool_p256_r1) {
          if (ischosen(p_ea_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_0)) {
            v_public_enc_key := p_ea_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_0;
            v_compressed_mode := 0;
          } else if (ischosen(p_ea_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_1)) {
            v_public_enc_key := p_ea_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_1;
            v_compressed_mode := 1;
          } else {
            log("f_generate_inner_at_request_with_wrong_hmac: Wrong BrainpoolP256r1 encryption variant");
            return false;
          }
          v_enc_signed_ec_signature := f_encryptWithEciesBrainpoolp256WithSha256(bit2oct(encvalue(v_signed_at_signature)), v_public_enc_key, v_compressed_mode, p_salt, v_public_compressed_ephemeral_key, v_public_compressed_ephemeral_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, PICS_SEC_FIXED_KEYS);
          if (v_public_compressed_ephemeral_mode == 0) {
            v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_0(v_public_compressed_ephemeral_key));
          } else {
            v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_1(v_public_compressed_ephemeral_key));
          }
          v_encrypted_data_encryption_key := valueof(
                                                     m_encryptedDataEncryptionKey_eciesBrainpoolP256r1(
                                                                                                       m_evciesP256EncryptedKey(
                                                                                                                                v_eccP256_curve_point,
                                                                                                                                v_encrypted_sym_key,
                                                                                                                                v_authentication_vector
                                                                                                                                )));
        } else {
          log("f_generate_inner_at_request_with_wrong_hmac: Wrong encryption variant");
          return false;
        }
        log("f_generate_inner_at_request_with_wrong_hmac: v_encrypted_data_encryption_key= ", v_encrypted_data_encryption_key);
        v_recipientId := p_ea_hashed_id8; // RecipientId is the HashedId8 of the EA certificate
        log("f_generate_inner_at_request_with_wrong_hmac: v_recipientId= ", v_recipientId);
        // Fill Certificate template with the public compressed keys (canonical form)
        p_inner_at_request.ecSignature := valueof(
                                                  m_ec_signature(
                                                                 m_etsiTs103097Data_encrypted(
                                                                                              m_encryptedData(
                                                                                                              {
                                                                                                                m_recipientInfo_certRecipInfo(
                                                                                                                                              m_pKRecipientInfo(
                                                                                                                                                                v_recipientId,
                                                                                                                                                                
                                                                                                                                                                v_encrypted_data_encryption_key                                                                                                                                                            ))
                                                                                                                },
                                                                                                              m_SymmetricCiphertext_aes128ccm(
                                                                                                                                              m_aesCcmCiphertext(
                                                                                                                                                                 v_nonce,
                                                                                                                                                                 v_enc_signed_ec_signature
                                                                                                                                                                 )
                                                                                                                                              )
                                                                                                              )
                                                                                              )
                                                                 )
                                                  );
      } else { // Skip the encryption, alowed to be re-identified by the AA
        p_inner_at_request.ecSignature := valueof(m_ec_signature_ext_payload(v_signed_at_signature));
      }
      // Build the InnerAtRequest, EcSignature field is already set
      if (p_compressed_key_mode == 0) {
        v_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_0(v_public_key_x);
      } else {
        v_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_1(v_public_key_x);
      }
      if (p_compressed_enc_key_mode == 0) {
        v_enc_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_0(v_public_enc_key_x);
      } else {
        v_enc_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_1(v_public_enc_key_x);
      }
      if (PX_INCLUDE_ENCRYPTION_KEYS) {
        p_inner_at_request.publicKeys := valueof( // The freshly generated public verification & encrypition keys to be used for the requested AT certificate
                                                 m_publicKeys(
                                                              m_publicVerificationKey_ecdsaNistP256(
                                                                                                    v_eccP256_curve_point
                                                                                                    ),
                                                              m_encryptionKey( // FIXME Encryption keys could be optional
                                                                              -,
                                                                              m_publicEncryptionKey_ecdsaNistP256(v_enc_eccP256_curve_point)
                                                                               )
                                                              )
                                                  );
      } else {
        p_inner_at_request.publicKeys := valueof( // The freshly generated public verification keys to be used for the requested AT certificate
                                                 m_publicKeys(
                                                              m_publicVerificationKey_ecdsaNistP256(
                                                                                                    v_eccP256_curve_point
                                                                                                    )
                                                              )
                                                  );
      }
      p_inner_at_request.hmacKey := v_hmac_key;
      log("f_generate_inner_at_request_with_wrong_hmac: p_inner_at_request= ", p_inner_at_request);
      
      return true;
    } // End of function f_generate_inner_at_request_with_wrong_hmac
    
    function f_verify_inner_at_request_signed_for_pop(
                                                      in EtsiTs102941Data p_etsi_ts_102941_data,
                                                      out InnerAtRequest p_inner_at_request
                                                      ) return boolean {
      var bitstring v_msg_bit;

      log(">>> f_verify_inner_at_request_signed_for_pop: ", p_etsi_ts_102941_data);
      
      // 1. Decode content
      v_msg_bit := oct2bit(p_etsi_ts_102941_data.content.enrolmentRequest.content.signedData.tbsData.payload.data.content.unsecuredData);
      if (decvalue(v_msg_bit, p_inner_at_request) != 0) {
        log("f_verify_inner_at_request_signed_for_pop: Failed to decode InnerEcRequest");
        return false;
      } else {
        log("f_verify_inner_at_request_signed_for_pop: v_inner_at_request= ", p_inner_at_request);

        // 2. Verify the InnerEcRequestSignedForPop signature
        // TODO
      }
      
      return true;
    } // End of function f_verify_inner_at_request_signed_for_pop
    
    function f_generate_inner_at_response(
                                          in octetstring p_authorization_request_hash,
                                          in EtsiTs103097Certificate p_certificate,
                                          out InnerAtResponse p_authorization_response
                                          ) return boolean {
      // Local variables
      
      // Build the Proof of Possession InnerEcResponse
      p_authorization_response := valueof(
                                          m_innerAtResponse_ok(
                                                               substr(p_authorization_request_hash, 0, 16),
      
      return true;
    } // End of function f_generate_inner_at_response
    
  } // End of group inner_at_xxx
  
  group authorization_validation_xxx {
    
  } // End of group authorization_validation_xxx
  
  group awaiting_messages {
    
    function f_await_http_inner_ec_request_response(
Yann Garcia's avatar
Yann Garcia committed
                                                    out Oct32 p_private_key,
                                                    out Oct32 p_compressed_public_key,
                                                    out integer p_compressed_mode,
                                                    out InnerEcResponse p_inner_ec_response,
                                                    in boolean p_strict_checks := true
                                                    ) runs on ItsPkiHttp return boolean {
      var HeaderLines v_headers;
      var Oct32 v_request_hash;
      var Oct16 v_encrypted_sym_key;
      var Oct16 v_aes_sym_key;
      var HashedId8 v_aes_sym_key_hashed_id8;
      var Oct16 v_authentication_vector;
      var Oct12 v_nonce;
      var octetstring v_salt;
      var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
      var EtsiTs102941Data v_etsi_ts_102941_data;
      var HttpMessage v_response;
      log(">>> f_await_http_inner_ec_request_response: p_strict_checks=", p_strict_checks);
      
      f_http_build_inner_ec_request(p_private_key, p_compressed_public_key, p_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
      v_aes_sym_key_hashed_id8 := f_HashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to macth the response
      f_init_default_headers_list(-, "inner_ec_request", v_headers);
Yann Garcia's avatar
Yann Garcia committed
      f_http_send(
                  v_headers, 
                  m_http_request(
                                 m_http_request_post(
                                                     PICS_HTTP_POST_URI_EC,
                                                     v_headers,
                                                     m_http_message_body_binary(
                                                                                m_binary_body_ieee1609dot2_data(
                                                                                                                v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                )))));
      tc_ac.start;
      alt {
        [] a_await_ec_http_request_from_iut(
                                            mw_http_response(
                                                             mw_http_response_ok(
                                                                                 mw_http_message_body_binary(
                                                                                                             mw_binary_body_ieee1609dot2_data(
                                                                                                                                              mw_enrolmentResponseMessage(
                                                                                                                                                                          mw_encryptedData(
                                                                                                                                                                                           { *, mw_recipientInfo_pskRecipInfo/*(v_aes_sym_key_hashed_id8)*/, * },
                                                                                                                                                                                           mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                           )))))),
                                            v_response
                                            ) {
          tc_ac.stop;
          if (f_verify_pki_response_message(p_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, p_strict_checks, v_etsi_ts_102941_data) == false) {
            log("f_await_http_inner_ec_request_response: Failed to verify PKI message ***");
            if (p_strict_checks) {
              return false;
          log("f_await_http_inner_ec_request_response: Receive ", v_etsi_ts_102941_data, " ***");
          // Verify the received EC certificate
          log("f_await_http_inner_ec_request_response: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(-/*Escryptsubstr(v_request_hash, 0, 16)*/, mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
          if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(-/*Escryptsubstr(v_request_hash, 0, 16)*/, mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec)))) == false) {
            log("f_await_http_inner_ec_request_response: Unexpected message received ***");
            if (p_strict_checks) {
              return false;
            }
          }
          if (ispresent(v_etsi_ts_102941_data.content.enrolmentResponse) and ispresent(v_etsi_ts_102941_data.content.enrolmentResponse.certificate)) {
            if (f_verify_ec_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, vc_eaCertificate, p_compressed_public_key, p_compressed_mode) == false) {
              log("f_await_http_inner_ec_request_response: Cannot verify EC certificate signature ***");
              if (p_strict_checks) {
                return false;
            p_inner_ec_response := v_etsi_ts_102941_data.content.enrolmentResponse;
            log("f_await_http_inner_ec_request_response: Well-secured EA certificate received ***");
            log("p_inner_ec_response= ", p_inner_ec_response);
          } else {
            log("f_await_http_inner_ec_request_response: Invalid message received ***");
            return false;
        }
        [] tc_ac.timeout {
          log("f_await_http_inner_ec_request_response: Expected message not received ***");
        }
      } // End of 'alt' statement
      
      return true;
    } // End of function f_await_http_inner_ec_request_response
    
    function f_await_ec_request_send_response(
                                              out InnerEcResponse p_inner_ec_response
                                              ) runs on ItsPkiHttp return boolean {
      var HttpMessage v_request;
      var boolean v_result := false;
      
      log(">>> f_await_ec_request_send_response");
      
      tc_ac.start;
      alt {
        [] a_await_ec_http_request_from_iut(
                                            mw_http_request(
                                                            mw_http_request_post(
                                                                                 PICS_HTTP_POST_URI_EC,
                                                                                 -,
                                                                                 mw_http_message_body_binary(
                                                                                                             mw_binary_body_ieee1609dot2_data(
                                                                                                                                              mw_enrolmentRequestMessage(
                                                                                                                                                                         mw_encryptedData(
                                                                                                                                                                                          -,
                                                                                                                                                                                          mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                          )))))),
                                            v_request
                                            ) {
          var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
          var EtsiTs102941Data v_etsi_ts_102941_data;
          var Oct16 v_request_hash;
          var Oct16 v_aes_enc_key;
          var InnerEcRequest v_inner_ec_request;
          var template (value) HttpMessage v_response;
          var HeaderLines v_headers;
          
          tc_ac.stop;
          
          f_init_default_headers_list(-, "inner_ec_response", v_headers);
          
          if (f_verify_pki_request_message(vc_eaPrivateEncKey, vc_eaWholeHash/*salt*/, vc_eaWholeHash, v_request.request.body.binary_body.ieee1609dot2_data, false, v_request_hash, v_etsi_ts_102941_data, v_aes_enc_key) == false) { // Cannot decrypt the message
            log("f_await_ec_request_send_response: Failed to verify PKI message ***");
            // Send error message
            v_response := m_http_response(m_http_response_ko(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), v_headers, 400, "Bad request")); // Initialize v_reponse with an error message
          } else {
            log("f_await_ec_request_send_response: Receive ", v_etsi_ts_102941_data, " ***");
            if (f_verify_inner_ec_request_signed_for_pop(v_etsi_ts_102941_data, v_inner_ec_request) == false) {
              log("f_await_ec_request_send_response: Failed to verify PKI message ***");
              // Send error message
              f_http_build_inner_ec_response(v_inner_ec_request/*Not required*/, cantparse, v_request_hash, -, -, v_aes_enc_key, p_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
              v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), v_headers));
            } else {
              f_http_build_inner_ec_response(v_inner_ec_request, ok, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, p_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
            v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), v_headers));
              v_result := true;
            }
            f_http_send(
                        v_headers,
                        m_http_request(
                                       m_http_request_post(
                                                           PICS_HTTP_POST_URI_EC,
                                                           v_headers,
                                                           m_http_message_body_binary(
                                                                                      m_binary_body_ieee1609dot2_data(
                                                                                                                      v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                      )))));
          }
        }
        [] tc_ac.timeout {
          log("f_await_ec_request_send_response: Expected message not received ***");
        }
      } // End of 'alt' statement
      
      return v_result;
    } // End of function f_await_ec_request_send_response
    
  } // End of group awaiting_messages
  
garciay's avatar
garciay committed
  group pki_functions {
     * @desc Build a signed and encrypted PKI request message
     * @param p_private_key         Private key for signature
     * @param p_signer_identifier   Signer identifier for signature, could be self or certificate HashedId8
     * @param p_recipientId         Recipient identifier to be inclued in encrypted layer.
     *                              If value is int2oct(0. 8), the recipient id is the HashedId8 of the symmetric key used by the sender to encrypt the message to which the response is built
     * @param p_public_key_compressed The public compressed key (canonical form) for encryption
     * @param p_compressed_mode      The compressed mode of the public compressed key (canonical form) for encryption
     * @param p_pki_message         The PKI message to be secured
     * @param p_ieee1609dot2_signed_and_encrypted_data The secured message
     * @return true on success, false otherwise
     */
    function f_build_pki_secured_request_message_signed_with_pop(
                                                                 in octetstring p_private_key,
                                                                 in SignerIdentifier p_signer_identifier,
                                                                 in HashedId8 p_recipientId,
                                                                 in octetstring p_public_key_compressed,
                                                                 in integer p_compressed_mode,
                                                                 in octetstring p_salt,
                                                                 in octetstring p_pki_message,
                                                                 in SecurityAlg p_enc_algorithm, // TODO Use RCA to check encryption alg
                                                                 out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data,
                                                                 out Oct16 p_aes_sym_key,
                                                                 out Oct16 p_encrypted_sym_key,
                                                                 out Oct16 p_authentication_vector,
                                                                 out Oct12 p_nonce,
                                                                 out Oct32 p_request_hash
                                                                 ) return boolean {
garciay's avatar
garciay committed
      // Local variables
      var template (value) EccP256CurvePoint v_eccP256_curve_point;
      var template (value) ToBeSignedData v_tbs;
      var Signature v_signature;
Yann Garcia's avatar
Yann Garcia committed
      var template (value) Ieee1609Dot2Data v_ieee1609dot2_signed_data;
      var octetstring v_encoded_request;
      var octetstring v_public_compressed_ephemeral_key;
      var integer v_public_compressed_ephemeral_mode;
      var octetstring v_encrypted_request;
      var EncryptedDataEncryptionKey v_encrypted_data_encryption_key;
Yann Garcia's avatar
Yann Garcia committed
      var bitstring v_enc_value;
      log(">>> f_build_pki_secured_request_message_signed_with_pop: p_private_key= ", p_private_key);
      log(">>> f_build_pki_secured_request_message_signed_with_pop: p_signer_identifier= ", p_signer_identifier);
      log(">>> f_build_pki_secured_request_message_signed_with_pop: p_recipientId= ", p_recipientId);
      log(">>> f_build_pki_secured_request_message_signed_with_pop: p_public_key_compressed= ", p_public_key_compressed);
      log(">>> f_build_pki_secured_request_message_signed_with_pop: p_salt= ", p_salt);
      log(">>> f_build_pki_secured_request_message_signed_with_pop: p_pki_message= ", p_pki_message);
      log(">>> f_build_pki_secured_request_message_signed_with_pop: p_enc_algorithm= ", p_enc_algorithm);
      // Signed the encoded PKI message
Yann Garcia's avatar
Yann Garcia committed
      v_tbs := m_toBeSignedData(
                                m_signedDataPayload(
garciay's avatar
garciay committed
                                                    m_etsiTs103097Data_unsecured(p_pki_message)
Yann Garcia's avatar
Yann Garcia committed
                                                   ),
                                m_headerInfo_inner_pki_request(-, (f_getCurrentTime() * 1000)/*us*/)
Yann Garcia's avatar
Yann Garcia committed
                               );
Yann Garcia's avatar
Yann Garcia committed
      log("f_build_pki_secured_request_message_signed_with_pop: signer: ", p_signer_identifier);
      if (ischosen(p_signer_identifier.self_)) {
        v_tbs_signed := f_signWithEcdsa(bit2oct(encvalue(v_tbs)), int2oct(0, 32), p_private_key);
        var charstring v_certificate_id;
        var octetstring v_hash;
        fx_readCertificateFromDigest(p_signer_identifier.digest, v_certificate_id); // TODO Add a wrapper function
        f_getCertificateHash(v_certificate_id, v_hash);
        v_tbs_signed := f_signWithEcdsa(bit2oct(encvalue(v_tbs)), v_hash, p_private_key);
      }
      // Add the signature and create EtsiTs103097Data-Signed data structure
      if (PX_VE_ALG == e_nist_p256) {
       v_signature := valueof(
                              m_signature_ecdsaNistP256(
                                                        m_ecdsaP256Signature(
                                                                             m_eccP256CurvePoint_x_only(
                                                                                                        substr(v_tbs_signed, 0, 32)
                                                                                                        ),
                                                                             substr(v_tbs_signed, 32, 32)
                                                                             )
                                                        )
                              );
      } else if (PX_VE_ALG == e_brainpool_p256_r1) {
       v_signature := valueof(
                              m_signature_ecdsaBrainpoolP256r1(
                                                               m_ecdsaP256Signature(
                                                                                    m_eccP256CurvePoint_x_only(
                                                                                                               substr(v_tbs_signed, 0, 32)
                                                                                                               ),
                                                                                    substr(v_tbs_signed, 32, 32)
                                                                                    )
                                                               )
                              );
      } else if (PX_VE_ALG == e_brainpool_p384_r1) {
       v_signature := valueof(
                              m_signature_ecdsaBrainpoolP384r1(
                                                               m_ecdsaP384Signature(
                                                                                    m_eccP384CurvePoint_x_only(
                                                                                                               substr(v_tbs_signed, 0, 48)
                                                                                                               ),
                                                                                    substr(v_tbs_signed, 48, 48)
                                                                                    )
                                                               )
                              );
      }
      log("f_build_pki_secured_request_message_signed_with_pop: v_signature= ", v_signature);
Yann Garcia's avatar
Yann Garcia committed
      v_ieee1609dot2_signed_data := m_etsiTs103097Data_signed(
                                                              m_signedData(
                                                                           sha256,
                                                                           v_tbs,
Yann Garcia's avatar
Yann Garcia committed
                                                                           )
      // Encode EtsiTs103097Data-Signed data structure
      v_encoded_request := bit2oct(encvalue(v_ieee1609dot2_signed_data));
      // Encrypt encode EtsiTs103097Data-Signed data structure
      if (PICS_SEC_FIXED_KEYS) {
        p_salt := '77C0637C3558B3238FDE1EEC376DA080BE4076FB8491CA0F8C19FD34DF298CEB'O;
      }
      if (p_enc_algorithm == e_nist_p256) {
Yann Garcia's avatar
Yann Garcia committed
        v_encrypted_request := f_encryptWithEciesNistp256WithSha256(v_encoded_request, p_public_key_compressed, p_compressed_mode, p_salt, v_public_compressed_ephemeral_key, v_public_compressed_ephemeral_mode, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce, PICS_SEC_FIXED_KEYS);
      } else if (p_enc_algorithm == e_brainpool_p256_r1) {
Yann Garcia's avatar
Yann Garcia committed
        v_encrypted_request := f_encryptWithEciesBrainpoolp256WithSha256(v_encoded_request, p_public_key_compressed, p_compressed_mode, p_salt, v_public_compressed_ephemeral_key, v_public_compressed_ephemeral_mode, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce, PICS_SEC_FIXED_KEYS);
      } else {
        log("f_build_pki_secured_request_message_signed_with_pop: Wrong encryption variant");
        return false;
      }
      log("f_build_pki_secured_request_message_signed_with_pop: p_aes_sym_key= ", p_aes_sym_key);
      log("f_build_pki_secured_request_message_signed_with_pop: p_encrypted_sym_key= ", p_encrypted_sym_key);
      log("f_build_pki_secured_request_message_signed_with_pop: p_authentication_vector= ", p_authentication_vector);
      log("f_build_pki_secured_request_message_signed_with_pop: p_nonce= ", p_nonce);
      log("f_build_pki_secured_request_message_signed_with_pop: p_recipientId= ", p_recipientId);
      if (p_recipientId == int2oct(0, 8)) {
        log("f_build_pki_secured_request_message_signed_with_pop: f_hashWithSha256(v_encrypted_sym_key)= ", f_hashWithSha256(p_encrypted_sym_key));
        v_recipientId := f_HashedId8FromSha256(f_hashWithSha256(p_encrypted_sym_key));
      } else {
        v_recipientId := p_recipientId;
      }
      log("f_build_pki_secured_request_message_signed_with_pop: v_recipientId= ", v_recipientId);
      // Fill Certificate template with the public compressed keys (canonical form)
      if (v_public_compressed_ephemeral_mode == 0) {
        v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_0(v_public_compressed_ephemeral_key));
      } else {
        v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_1(v_public_compressed_ephemeral_key));
      }
      if (p_enc_algorithm == e_nist_p256) {
        v_encrypted_data_encryption_key := valueof(
                                                   m_encryptedDataEncryptionKey_eciesNistP256(
                                                                                              m_evciesP256EncryptedKey(
                                                                                                                       v_eccP256_curve_point,
                                                                                                                       p_encrypted_sym_key, 
                                                                                                                       p_authentication_vector
                                                                                                                       )));
      } else if (p_enc_algorithm == e_brainpool_p256_r1) {
        v_encrypted_data_encryption_key := valueof(
                                                   m_encryptedDataEncryptionKey_eciesBrainpoolP256r1(
                                                                                                     m_evciesP256EncryptedKey(
                                                                                                                              v_eccP256_curve_point,
                                                                                                                              p_encrypted_sym_key, 
                                                                                                                              p_authentication_vector
                                                                                                                              )));
      } else {
        log("f_build_pki_secured_request_message_signed_with_pop: Wrong encryption variant");
        return false;
      }
      
      p_ieee1609dot2_signed_and_encrypted_data := valueof(
                                                          m_etsiTs103097Data_encrypted(
                                                                                       m_encryptedData(
                                                                                                       {
Yann Garcia's avatar
Yann Garcia committed
                                                                                                         m_recipientInfo_certRecipInfo(
                                                                                                                                       m_pKRecipientInfo(
                                                                                                                                                         v_recipientId,
                                                                                                                                                         v_encrypted_data_encryption_key
                                                                                                                                                         ))
                                                                                                         },
                                                                                                       m_SymmetricCiphertext_aes128ccm(
                                                                                                                                       m_aesCcmCiphertext(
                                                                                                                                                          p_nonce,
                                                                                                                                                          v_encrypted_request
                                                                                                                                                          )
                                                                                                                                       )
Yann Garcia's avatar
Yann Garcia committed
      // The 'p_request_hash' shall be the SHA256 digest of the OER representation of the topmost EtsiTs103097Data-Encoded structure
      v_enc_value := encvalue(p_ieee1609dot2_signed_and_encrypted_data);
      if (PICS_SEC_FIXED_KEYS) {
        p_request_hash := '10ED97A2F2933DD3AC55F47022D125E18F5E1AA024613E616A75BA4979EFE318'O;
      } else {
        p_request_hash := f_hashWithSha256(bit2oct(v_enc_value));
      }
      log("f_build_pki_secured_request_message_signed_with_pop: p_request_hash= ", p_request_hash);
      
      log("<<< f_build_pki_secured_request_message_signed_with_pop: ", p_pki_message);
      return true;
    } // End of function f_build_pki_secured_request_message_signed_with_pop
    
    /**
     * @desc Build a signed and encrypted PKI request message without POP with signature
     * @param p_recipientId         Recipient identifier to be inclued in encrypted layer.
     *                              If value is int2oct(0. 8), the recipient id is the HashedId8 of the symmetric key used by the sender to encrypt the message to which the response is built
     * @param p_public_key_compressed The public compressed key (canonical form) for encryption
     * @param p_compressed_mode      The compressed mode of the public compressed key (canonical form) for encryption
     * @param p_pki_message         The PKI message to be secured
     * @param p_ieee1609dot2_signed_and_encrypted_data The secured message
     * @return true on success, false otherwise
     */
    function f_build_pki_secured_request_message(
                                                 in HashedId8 p_recipientId,
                                                 in octetstring p_public_key_compressed,
                                                 in integer p_compressed_mode,
                                                 in octetstring p_salt,
                                                 in octetstring p_pki_message,
                                                 in SecurityAlg p_enc_algorithm,
                                                 out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data,
                                                 out Oct16 p_aes_sym_key,
                                                 out Oct16 p_encrypted_sym_key,
                                                 out Oct16 p_authentication_vector,
                                                 out Oct12 p_nonce,
                                                 out Oct32 p_request_hash
                                                 ) return boolean {
      // Local variables
      var template (value) EccP256CurvePoint v_eccP256_curve_point;
      var HashedId8 v_recipientId;
      var octetstring v_public_compressed_ephemeral_key;
      var integer v_public_compressed_ephemeral_mode;
      var octetstring v_encrypted_request;
      var EncryptedDataEncryptionKey v_encrypted_data_encryption_key;
Yann Garcia's avatar
Yann Garcia committed
      var bitstring v_enc_value;
      
      log(">>> f_build_pki_secured_request_message");
      
      // Encrypt encode EtsiTs103097Data-Signed data structure
      if (PICS_SEC_FIXED_KEYS) {
        p_salt := '77C0637C3558B3238FDE1EEC376DA080BE4076FB8491CA0F8C19FD34DF298CEB'O;
      if (p_enc_algorithm == e_nist_p256) {
Yann Garcia's avatar
Yann Garcia committed
        v_encrypted_request := f_encryptWithEciesNistp256WithSha256(p_pki_message, p_public_key_compressed, p_compressed_mode, p_salt, v_public_compressed_ephemeral_key, v_public_compressed_ephemeral_mode, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce, PICS_SEC_FIXED_KEYS);
      } else if (p_enc_algorithm == e_brainpool_p256_r1) {
Yann Garcia's avatar
Yann Garcia committed
        v_encrypted_request := f_encryptWithEciesBrainpoolp256WithSha256(p_pki_message, p_public_key_compressed, p_compressed_mode, p_salt, v_public_compressed_ephemeral_key, v_public_compressed_ephemeral_mode, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce, PICS_SEC_FIXED_KEYS);
      } else {
        log("f_build_pki_secured_request_message: Wrong encryption variant");
        return false;
      }
      log("f_build_pki_secured_request_message: p_aes_sym_key= ", p_aes_sym_key);
      log("f_build_pki_secured_request_message: p_encrypted_sym_key= ", p_encrypted_sym_key);
      log("f_build_pki_secured_request_message: p_authentication_vector= ", p_authentication_vector);
      log("f_build_pki_secured_request_message: p_nonce= ", p_nonce);
      log("f_build_pki_secured_request_message: p_recipientId= ", p_recipientId);
      if (p_recipientId == int2oct(0, 8)) {
        log("f_build_pki_secured_request_message: f_hashWithSha256(v_encrypted_sym_key)= ", f_hashWithSha256(p_encrypted_sym_key));
        v_recipientId := f_HashedId8FromSha256(f_hashWithSha256(p_encrypted_sym_key));
      } else {
        v_recipientId := p_recipientId;
      }
      log("f_build_pki_secured_request_message: v_recipientId= ", v_recipientId);
Yann Garcia's avatar
Yann Garcia committed
      // Fill Certificate template with the public compressed keys (canonical form)
      if (v_public_compressed_ephemeral_mode == 0) {
        v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_0(v_public_compressed_ephemeral_key));
Yann Garcia's avatar
Yann Garcia committed
      } else {
        v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_1(v_public_compressed_ephemeral_key));
Yann Garcia's avatar
Yann Garcia committed
      }
      if (p_enc_algorithm == e_nist_p256) {
        v_encrypted_data_encryption_key := valueof(
                                                   m_encryptedDataEncryptionKey_eciesNistP256(
                                                                                              m_evciesP256EncryptedKey(
                                                                                                                       v_eccP256_curve_point,
                                                                                                                       p_encrypted_sym_key, 
                                                                                                                       p_authentication_vector
                                                                                                                       )));
      } else if (p_enc_algorithm == e_brainpool_p256_r1) {
        v_encrypted_data_encryption_key := valueof(
                                                   m_encryptedDataEncryptionKey_eciesBrainpoolP256r1(
                                                                                                     m_evciesP256EncryptedKey(
                                                                                                                              v_eccP256_curve_point,
                                                                                                                              p_encrypted_sym_key, 
                                                                                                                              p_authentication_vector
                                                                                                                              )));
      }
Yann Garcia's avatar
Yann Garcia committed
      p_ieee1609dot2_signed_and_encrypted_data := valueof(
                                                          m_etsiTs103097Data_encrypted(
                                                                                       m_encryptedData(
                                                                                                       {
                                                                                                        m_recipientInfo_certRecipInfo(
                                                                                                                                      m_pKRecipientInfo(
                                                                                                                                                        v_recipientId,
                                                                                                                                                        v_encrypted_data_encryption_key
                                                                                                                                                        ))
Yann Garcia's avatar
Yann Garcia committed
                                                                                                       m_SymmetricCiphertext_aes128ccm(
                                                                                                                                       m_aesCcmCiphertext(
Yann Garcia's avatar
Yann Garcia committed
      // The 'p_request_hash' shall be the SHA256 digest of the OER representation of the topmost EtsiTs103097Data-Encoded structure
      v_enc_value := encvalue(p_ieee1609dot2_signed_and_encrypted_data);
      if (PICS_SEC_FIXED_KEYS) {
        p_request_hash := '10ED97A2F2933DD3AC55F47022D125E18F5E1AA024613E616A75BA4979EFE318'O;
      } else {
        p_request_hash := f_hashWithSha256(bit2oct(v_enc_value));
      }
      log("f_build_pki_secured_request_message: p_request_hash= ", p_request_hash);
      
      log("<<< f_build_pki_secured_request_message: ", p_ieee1609dot2_signed_and_encrypted_data);
Yann Garcia's avatar
Yann Garcia committed
      return true;
    } // End of function f_build_pki_secured_request_message
    
    function f_build_pki_secured_request_message_for_authorization(
                                                                   in HashedId8 p_recipientId,
                                                                   in octetstring p_public_key_compressed,
                                                                   in integer p_compressed_mode,
                                                                   in octetstring p_salt,
                                                                   in octetstring p_pki_message,
                                                                   in SecurityAlg p_enc_algorithm,
                                                                   out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data,
                                                                   out Oct16 p_aes_sym_key,
                                                                   out Oct16 p_encrypted_sym_key,
                                                                   out Oct16 p_authentication_vector,
                                                                   out Oct12 p_nonce,
                                                                   out Oct32 p_request_hash
                                                                   ) return boolean {
      // Local variables
      var Ieee1609Dot2Data v_unsecured_data;
      var octetstring v_pki_message;
      var template (value) EccP256CurvePoint v_eccP256_curve_point;
      var HashedId8 v_recipientId;
      var octetstring v_public_compressed_ephemeral_key;
      var integer v_public_compressed_ephemeral_mode;
      var octetstring v_encrypted_request;
      var EncryptedDataEncryptionKey v_encrypted_data_encryption_key;
      var bitstring v_enc_value;
      
      log(">>> f_build_pki_secured_request_message_for_authorization");

      // Add Ieee1609Dot2Data layer
      v_unsecured_data := valueof(m_etsiTs103097Data_unsecured(p_pki_message));
      v_pki_message := bit2oct(encvalue(v_unsecured_data));
      
      // Encrypt encode EtsiTs103097Data-Signed data structure
      if (PICS_SEC_FIXED_KEYS) {
        p_salt := '77C0637C3558B3238FDE1EEC376DA080BE4076FB8491CA0F8C19FD34DF298CEB'O;
      }
      if (p_enc_algorithm == e_nist_p256) {
        v_encrypted_request := f_encryptWithEciesNistp256WithSha256(v_pki_message, p_public_key_compressed, p_compressed_mode, p_salt, v_public_compressed_ephemeral_key, v_public_compressed_ephemeral_mode, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce, PICS_SEC_FIXED_KEYS);
      } else if (p_enc_algorithm == e_brainpool_p256_r1) {
        v_encrypted_request := f_encryptWithEciesBrainpoolp256WithSha256(v_pki_message, p_public_key_compressed, p_compressed_mode, p_salt, v_public_compressed_ephemeral_key, v_public_compressed_ephemeral_mode, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce, PICS_SEC_FIXED_KEYS);
      } else {
        log("f_build_pki_secured_request_message_for_authorization: Wrong encryption variant");
      log("f_build_pki_secured_request_message_for_authorization: p_aes_sym_key= ", p_aes_sym_key);
      log("f_build_pki_secured_request_message_for_authorization: p_encrypted_sym_key= ", p_encrypted_sym_key);
      log("f_build_pki_secured_request_message_for_authorization: p_authentication_vector= ", p_authentication_vector);
      log("f_build_pki_secured_request_message_for_authorization: p_nonce= ", p_nonce);
      log("f_build_pki_secured_request_message_for_authorization: p_recipientId= ", p_recipientId);
      if (p_recipientId == int2oct(0, 8)) {
        log("f_build_pki_secured_request_message_for_authorization: f_hashWithSha256(v_encrypted_sym_key)= ", f_hashWithSha256(p_encrypted_sym_key));
        v_recipientId := f_HashedId8FromSha256(f_hashWithSha256(p_encrypted_sym_key));
      } else {
        v_recipientId := p_recipientId;
      }
      log("f_build_pki_secured_request_message_for_authorization: v_recipientId= ", v_recipientId);
      // Fill Certificate template with the public compressed keys (canonical form)
      if (v_public_compressed_ephemeral_mode == 0) {
        v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_0(v_public_compressed_ephemeral_key));
      } else {
        v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_1(v_public_compressed_ephemeral_key));
      }
      if (p_enc_algorithm == e_nist_p256) {
        v_encrypted_data_encryption_key := valueof(
                                                   m_encryptedDataEncryptionKey_eciesNistP256(
                                                                                              m_evciesP256EncryptedKey(
                                                                                                                       v_eccP256_curve_point,
                                                                                                                       p_encrypted_sym_key, 
                                                                                                                       p_authentication_vector
                                                                                                                       )));
      } else if (p_enc_algorithm == e_brainpool_p256_r1) {
        v_encrypted_data_encryption_key := valueof(
                                                   m_encryptedDataEncryptionKey_eciesBrainpoolP256r1(
                                                                                                     m_evciesP256EncryptedKey(
                                                                                                                              v_eccP256_curve_point,
                                                                                                                              p_encrypted_sym_key, 
                                                                                                                              p_authentication_vector
                                                                                                                              )));
      }
      p_ieee1609dot2_signed_and_encrypted_data := valueof(
                                                          m_etsiTs103097Data_encrypted(
                                                                                       m_encryptedData(
                                                                                                       {