LibItsPki_Functions.ttcn 70.2 KB
Newer Older
                                  in boolean p_check_security := true,
                                  out EtsiTs102941Data p_etsi_ts_102941_data
                                  ) return boolean {
garciay's avatar
garciay committed
      // Local variables
      var Ieee1609Dot2Data v_ieee1609dot2_signed_data;
      var bitstring v_etsi_ts_102941_data_msg;
      var bitstring v_tbs;
      var boolean v_ret;
garciay's avatar
garciay committed
      if (f_decrypt(v_private_enc_key, p_ieee1609dot2_encrypted_and_signed_data, v_ieee1609dot2_signed_data) == false) {
        if (p_check_security == true) {
          return false;
        }
      }
      log("v_ieee1609dot2_signed_data= ", v_ieee1609dot2_signed_data);
      
      // 2. Check the signature
      v_tbs := encvalue(v_ieee1609dot2_signed_data.content.signedData.tbsData);
      if (ischosen(p_peer_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0)) {
        v_ret := f_verifyWithEcdsaNistp256WithSha256(
                                                     bit2oct(v_tbs),
                                                     p_issuer,
                                                     v_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
                                                     p_peer_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0,
                                                     0);
      } else {
        v_ret := f_verifyWithEcdsaNistp256WithSha256(
                                                     bit2oct(v_tbs),
                                                     p_issuer,
                                                     v_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
                                                     p_peer_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_1,
                                                     1);
      }
garciay's avatar
garciay committed
      if (v_ret == false) {
        if (p_check_security == true) {
          return false;
        }
      }

      // 3. Retrun the PKI message
      v_etsi_ts_102941_data_msg := oct2bit(v_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData);
      if (decvalue(v_etsi_ts_102941_data_msg, p_etsi_ts_102941_data) != 0) {
        return false;
      }

garciay's avatar
garciay committed
      if (p_etsi_ts_102941_data.version != PkiProtocolVersion) {
        if (p_check_security == true) {
          return false;
        }
garciay's avatar
garciay committed
      
      return true;
    } // End of function f_verify_pki_message
    
    /**
     * @desc Verify the generated EA certificate 
     * @param p_ea_certificate      The new EA certificate
     * @param p_publicKeyCompressed The public compressed key (canonical form) for signature check
     * @param p_compressedMode      The public compressed key mode
     * @return true on success, false otherwise
     */
    function f_verify_ea_certificate(
                                     in Certificate p_ea_certificate,
                                     in octetstring p_publicKeyCompressed,
                                     in integer p_compressedMode
                                     ) return boolean {
      var bitstring v_encoded_tbs;
      var boolean v_result;
      
      // Check certificate format
      v_result := match(p_ea_certificate, mw_etsiTs103097Certificate(mw_issuerIdentifier_self, mw_toBeSignedCertificate_ea, -));
      // Check the signer
      
      // Check EA certificate signature
      v_encoded_tbs := encvalue(p_ea_certificate.toBeSigned);
      v_result := v_result and f_verifyWithEcdsaNistp256WithSha256(
                                                                   bit2oct(v_encoded_tbs),
                                                                   int2oct(0, 32), // self
                                                                   p_ea_certificate.signature_.ecdsaNistP256Signature.rSig.x_only & p_ea_certificate.signature_.ecdsaNistP256Signature.sSig,
                                                                   p_publicKeyCompressed, 
                                                                   p_compressedMode);
      
      return v_result;
    } // End of function f_verify_ea_certificate
    
    /**
     * @desc Verify the generated AA certificate 
     * @param p_aa_certificate      The new EA certificate
     * @param p_publicKeyCompressed The public compressed key (canonical form) for signature check
     * @param p_compressedMode      The public compressed key mode
     * @return true on success, false otherwise
     */
    function f_verify_aa_certificate(
                                     in Certificate p_aa_certificate,
                                     in octetstring p_publicKeyCompressed,
                                     in integer p_compressedMode
                                     ) return boolean {
      var bitstring v_encoded_tbs;
      var boolean v_result;
      
      // Check certificate format
      v_result := match(p_aa_certificate, mw_etsiTs103097Certificate(mw_issuerIdentifier_self, mw_toBeSignedCertificate_aa, -));
      // Check the signer
      
      // Check EA certificate signature
      v_encoded_tbs := encvalue(p_aa_certificate.toBeSigned);
      v_result := v_result and f_verifyWithEcdsaNistp256WithSha256(
                                                                   bit2oct(v_encoded_tbs),
                                                                   int2oct(0, 32), // self
                                                                   p_aa_certificate.signature_.ecdsaNistP256Signature.rSig.x_only & p_aa_certificate.signature_.ecdsaNistP256Signature.sSig,
                                                                   p_publicKeyCompressed, 
                                                                   p_compressedMode);
      
      return v_result;
    } // End of function f_verify_aa_certificate
    
Yann Garcia's avatar
Yann Garcia committed
  } // End of group inner_ec_xxx
  
  group altstes {
    
    altstep a_default_pki() runs on ItsPki {
      [] pkiPort.receive {
        tc_ac.stop;
        log("*** a_default: ERROR: Unexpected PKI message received ***");
        f_selfOrClientSyncAndVerdict("error", e_error);
      }
    }
    
    altstep a_default_pki_http() runs on ItsPkiHttp {
      [] httpPort.receive( 
                          mw_http_response(
                                           mw_http_response_ko
                                           )) {
        tc_ac.stop;
        log("*** a_default: ERROR: HTTP Server error ***");
        f_selfOrClientSyncAndVerdict("error", e_error);
      }
      [] httpPort.receive(mw_http_request) {
        tc_ac.stop;
        log("*** a_default: ERROR: Unexpected HTTP Request received ***");
        f_selfOrClientSyncAndVerdict("error", e_error);
      }
      [] httpPort.receive(mw_http_response) {
        tc_ac.stop;
        log("*** a_default: ERROR: Unexpected HTTP Response received ***");
        f_selfOrClientSyncAndVerdict("error", e_error);
      }
      [] httpPort.receive {
        tc_ac.stop;
        log("*** a_default: ERROR: Unexpected HTTP message received ***");
        f_selfOrClientSyncAndVerdict("error", e_error);
      }
    }
  }
  
Yann Garcia's avatar
Yann Garcia committed
} // End of module LibItsPki_Functions