Newer
Older
var octetstring v_public_key_x;
var octetstring v_public_key_y;
var octetstring v_public_enc_key_x;
var octetstring v_public_enc_key_y;
var octetstring v_public_enc_key;
var integer v_compressed_enc_key_mode;
var InnerAtRequest v_inner_at_request;
var Ieee1609Dot2Data v_inner_at_request_data;
var InnerAtRequest v_authorization_request;
var bitstring v_authorization_request_msg;
if (f_generate_inner_at_request(vc_aaCertificate, -, vc_aaHashedId8, vc_eaCertificate, vc_eaWholeHash/*salt*/, vc_eaHashedId8, p_ec_certificate, p_ec_private_key, p_private_key, p_public_key_compressed, p_compressed_key_mode, p_private_enc_key, p_public_compressed_enc_key, p_compressed_enc_key_mode, v_inner_at_request) == false) {
log("*** f_http_build_authorization_request: ERROR: Failed to generate AuthorizationRequest ***");
f_selfOrClientSyncAndVerdict("error", e_error);
log("f_http_build_authorization_request: v_inner_at_request= ", v_inner_at_request);
// Secure InnerAtRequest message
if (f_extract_enc_key(vc_aaCertificate, v_public_enc_key, v_compressed_enc_key_mode) == false) {
log("*** f_http_build_authorization_request: ERROR: Non canonical AA certificate ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
if (PICS_SEC_FIXED_KEYS) { // Debug mode: Use fixed values
v_public_enc_key := 'DD4F6B0DF57C6E3BD0E32B565CACA1D858CEB08A5C2BBAB2C23E203C6DE697FF'O;
v_compressed_enc_key_mode := 0;
}
log("*** f_http_build_authorization_request: Public encryption key: ", v_public_enc_key);
log("*** f_http_build_authorization_request: Public encryption key comp: ", v_compressed_enc_key_mode);
p_salt := vc_aaWholeHash256; // IEEE 1609.2: If the encryption key was obtained from a certificate c, P1 is SHA-256 (c), where c is the COER encoding of the certificate, canonicalized per 6.4.3.
log("*** f_http_build_authorization_request: p_salt: ", p_salt);
if(f_build_pki_secured_request_message_signed_with_pop(p_private_key, valueof(m_signerIdentifier_self), vc_aaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, p_salt, bit2oct(encvalue(m_etsiTs102941Data_authorization_request(v_inner_at_request))), PX_EC_ALG_FOR_AT, -, p_ieee1609dot2_signed_and_encrypted_data, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce, p_request_hash) == false) {
log("*** f_http_build_authorization_request: ERROR: Failed to generate Authorization Request ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
} else { // Only encryption of EtsiTs102941Data/InnerAtRequest
log("*** f_http_build_authorization_request: POP signature not applied");
if(f_build_pki_secured_request_message_for_authorization(vc_aaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, p_salt, bit2oct(encvalue(m_etsiTs102941Data_authorization_request(v_inner_at_request))), PX_EC_ALG_FOR_AT, p_ieee1609dot2_signed_and_encrypted_data, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce, p_request_hash) == false) {
log("*** f_http_build_authorization_request: ERROR: Failed to generate Authorization Request ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
}
log("*** f_http_build_authorization_request: DEBUG: p_ieee1609dot2_signed_and_encrypted_data= ", p_ieee1609dot2_signed_and_encrypted_data);
log("*** f_http_build_authorization_request: DEBUG: p_request_hash= ", p_request_hash);
} // End of function f_http_build_authorization_request
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
function f_http_build_authorization_request_with_wrong_private_key(
in Certificate p_ec_certificate, // Enrolment credentials certificate
in octetstring p_ec_private_key,
out octetstring p_private_key,
out octetstring p_public_key_compressed,
out integer p_compressed_key_mode,
out octetstring p_private_enc_key,
out octetstring p_public_compressed_enc_key,
out integer p_compressed_enc_key_mode,
out Oct16 p_aes_sym_key,
out Oct16 p_encrypted_sym_key,
out Oct16 p_authentication_vector,
out Oct12 p_nonce,
out octetstring p_salt,
out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data,
out Oct32 p_request_hash
) runs on ItsPkiHttp {
// Local variables
var octetstring v_public_key_x;
var octetstring v_public_key_y;
var octetstring v_public_enc_key_x;
var octetstring v_public_enc_key_y;
var octetstring v_public_enc_key;
var integer v_compressed_enc_key_mode;
var InnerAtRequest v_inner_at_request;
var Ieee1609Dot2Data v_inner_at_request_data;
var InnerAtRequest v_authorization_request;
var bitstring v_authorization_request_msg;
// Generate the InnerAtRequest
if (f_generate_inner_at_request(vc_aaCertificate, -, vc_aaHashedId8, vc_eaCertificate, vc_eaWholeHash/*salt*/, vc_eaHashedId8, p_ec_certificate, p_ec_private_key, p_private_key, p_public_key_compressed, p_compressed_key_mode, p_private_enc_key, p_public_compressed_enc_key, p_compressed_enc_key_mode, v_inner_at_request) == false) {
log("*** f_http_build_authorization_request_with_wrong_private_key: ERROR: Failed to generate AuthorizationRequest ***");
f_selfOrClientSyncAndVerdict("error", e_error);
return;
}
log("f_http_build_authorization_request_with_wrong_private_key: v_inner_at_request= ", v_inner_at_request);
// Secure InnerAtRequest message
/***
Use the wrong private key
***/
if (f_extract_enc_key(vc_eaCertificate/*Insted of vc_aaCertificate/*/, v_public_enc_key, v_compressed_enc_key_mode) == false) {
log("*** f_http_build_authorization_request_with_wrong_private_key: ERROR: Non canonical EA certificate ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
if (PICS_SEC_FIXED_KEYS) { // Debug mode: Use fixed values
v_public_enc_key := 'DD4F6B0DF57C6E3BD0E32B565CACA1D858CEB08A5C2BBAB2C23E203C6DE697FF'O;
v_compressed_enc_key_mode := 0;
}
log("*** f_http_build_authorization_request_with_wrong_private_key: Public encryption key: ", v_public_enc_key);
log("*** f_http_build_authorization_request_with_wrong_private_key: Public encryption key comp: ", v_compressed_enc_key_mode);
p_salt := vc_aaWholeHash256; // IEEE 1609.2: If the encryption key was obtained from a certificate c, P1 is SHA-256 (c), where c is the COER encoding of the certificate, canonicalized per 6.4.3.
log("*** f_http_build_authorization_request_with_wrong_private_key: p_salt: ", p_salt);
if (PICS_PKI_AUTH_POP) {
if(f_build_pki_secured_request_message_signed_with_pop(p_private_key, valueof(m_signerIdentifier_self), vc_aaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, p_salt, bit2oct(encvalue(m_etsiTs102941Data_authorization_request(v_inner_at_request))), PX_EC_ALG_FOR_AT, -, p_ieee1609dot2_signed_and_encrypted_data, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce, p_request_hash) == false) {
log("*** f_http_build_authorization_request_with_wrong_private_key: ERROR: Failed to generate Authorization Request ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
} else { // Only encryption of EtsiTs102941Data/InnerAtRequest
log("*** f_http_build_authorization_request_with_wrong_private_key: POP signature not applied");
if(f_build_pki_secured_request_message_for_authorization(vc_aaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, p_salt, bit2oct(encvalue(m_etsiTs102941Data_authorization_request(v_inner_at_request))), PX_EC_ALG_FOR_AT, p_ieee1609dot2_signed_and_encrypted_data, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce, p_request_hash) == false) {
log("*** f_http_build_authorization_request_with_wrong_private_key: ERROR: Failed to generate Authorization Request ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
}
log("*** f_http_build_authorization_request_with_wrong_private_key: DEBUG: p_ieee1609dot2_signed_and_encrypted_data= ", p_ieee1609dot2_signed_and_encrypted_data);
log("*** f_http_build_authorization_request_with_wrong_private_key: DEBUG: p_request_hash= ", p_request_hash);
} // End of function f_http_build_authorization_request_with_wrong_private_key
function f_http_build_authorization_request_with_wrong_parameters(
in Certificate p_ec_certificate, // Enrolment credentials certificate
in octetstring p_ec_private_key,
in boolean p_alter_pop_signature := false,
in boolean p_alter_hmac := false,
in boolean p_alter_signer_digest := false,
in boolean p_alter_pks_recipient := false,
in boolean p_alter_enc_key := false,
in boolean p_alter_ea_id := false,
in template (omit) Time32 p_start := omit,
in template (omit) Duration p_duration := omit,
in template (omit) Time64 p_generation_time := omit,
out octetstring p_private_key,
out octetstring p_public_key_compressed,
out integer p_compressed_key_mode,
out octetstring p_private_enc_key,
out octetstring p_public_compressed_enc_key,
out integer p_compressed_enc_key_mode,
out Oct16 p_aes_sym_key,
out Oct16 p_encrypted_sym_key,
out Oct16 p_authentication_vector,
out Oct12 p_nonce,
out octetstring p_salt,
out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data,
out Oct32 p_request_hash
) runs on ItsPkiHttp {
// Local variables
var octetstring v_public_key_x;
var octetstring v_public_key_y;
var octetstring v_public_enc_key_x;
var octetstring v_public_enc_key_y;
var octetstring v_public_enc_key;
var integer v_compressed_enc_key_mode;
var InnerAtRequest v_inner_at_request;
var Ieee1609Dot2Data v_inner_at_request_data;
var InnerAtRequest v_authorization_request;
var bitstring v_authorization_request_msg;
if (p_alter_ea_id == true) {
var HashedId8 v_ea_hashed_id8 := vc_eaHashedId8;
v_ea_hashed_id8[0] := 'bb'O;
v_ea_hashed_id8[1] := 'cc'O;
log("f_http_build_authorization_request_with_wrong_parameters: Altered eaId= ", v_ea_hashed_id8);
v_ret_code := f_generate_inner_at_request(vc_aaCertificate, -, vc_aaHashedId8, vc_eaCertificate, vc_eaWholeHash/*salt*/, v_ea_hashed_id8, p_ec_certificate, p_ec_private_key, p_private_key, p_public_key_compressed, p_compressed_key_mode, p_private_enc_key, p_public_compressed_enc_key, p_compressed_enc_key_mode, v_inner_at_request);
v_ret_code := f_generate_inner_at_request_with_wrong_parameters(vc_aaCertificate, -, vc_aaHashedId8, vc_eaCertificate, vc_eaWholeHash/*salt*/, vc_eaHashedId8, p_ec_certificate, p_ec_private_key, p_alter_hmac, p_alter_signer_digest, p_start, p_duration, p_generation_time, p_private_key, p_public_key_compressed, p_compressed_key_mode, p_private_enc_key, p_public_compressed_enc_key, p_compressed_enc_key_mode, v_inner_at_request);
}
if (v_ret_code == false) {
log("*** f_http_build_authorization_request_with_wrong_parameters: ERROR: Failed to generate AuthorizationRequest ***");
f_selfOrClientSyncAndVerdict("error", e_error);
return;
}
log("f_http_build_authorization_request_with_wrong_parameters: v_inner_at_request= ", v_inner_at_request);
// Secure InnerAtRequest message
if (f_extract_enc_key(vc_aaCertificate, v_public_enc_key, v_compressed_enc_key_mode) == false) {
log("*** f_http_build_authorization_request_with_wrong_parameters: ERROR: Non canonical AA certificate ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
if (PICS_SEC_FIXED_KEYS) { // Debug mode: Use fixed values
v_public_enc_key := 'DD4F6B0DF57C6E3BD0E32B565CACA1D858CEB08A5C2BBAB2C23E203C6DE697FF'O;
v_compressed_enc_key_mode := 0;
}
log("*** f_http_build_authorization_request_with_wrong_parameters: Public encryption key: ", v_public_enc_key);
log("*** f_http_build_authorization_request_with_wrong_parameters: Public encryption key comp: ", v_compressed_enc_key_mode);
p_salt := vc_aaWholeHash256; // IEEE 1609.2: If the encryption key was obtained from a certificate c, P1 is SHA-256 (c), where c is the COER encoding of the certificate, canonicalized per 6.4.3.
log("*** f_http_build_authorization_request_with_wrong_parameters: p_salt: ", p_salt);
if(f_build_pki_secured_request_message_signed_with_pop(p_private_key, valueof(m_signerIdentifier_self), vc_aaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, p_salt, bit2oct(encvalue(m_etsiTs102941Data_authorization_request(v_inner_at_request))), PX_EC_ALG_FOR_AT, p_alter_pop_signature, p_ieee1609dot2_signed_and_encrypted_data, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce, p_request_hash) == false) {
log("*** f_http_build_authorization_request_with_wrong_parameters: ERROR: Failed to generate Authorization Request ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
} else { // Only encryption of EtsiTs102941Data/InnerAtRequest
log("*** f_http_build_authorization_request_with_wrong_parameters: POP signature not applied");
if(f_build_pki_secured_request_message_for_authorization(vc_aaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, p_salt, bit2oct(encvalue(m_etsiTs102941Data_authorization_request(v_inner_at_request))), PX_EC_ALG_FOR_AT, p_ieee1609dot2_signed_and_encrypted_data, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce, p_request_hash) == false) {
log("*** f_http_build_authorization_request_with_wrong_parameters: ERROR: Failed to generate Authorization Request ***");
f_selfOrClientSyncAndVerdict("error", e_error);
}
}
log("*** f_http_build_authorization_request_with_wrong_parameters: DEBUG: p_ieee1609dot2_signed_and_encrypted_data= ", p_ieee1609dot2_signed_and_encrypted_data);
if (p_alter_enc_key == true) {
/***
Alter encryption key to prevent decryption
***/
if (ischosen(p_ieee1609dot2_signed_and_encrypted_data.content.encryptedData.recipients[0].certRecipInfo.encKey.eciesNistP256)) {
p_ieee1609dot2_signed_and_encrypted_data.content.encryptedData.recipients[0].certRecipInfo.encKey.eciesNistP256.c[1] := 'aa'O;
p_ieee1609dot2_signed_and_encrypted_data.content.encryptedData.recipients[0].certRecipInfo.encKey.eciesNistP256.c[2] := 'bb'O;
} else {
p_ieee1609dot2_signed_and_encrypted_data.content.encryptedData.recipients[0].certRecipInfo.encKey.eciesBrainpoolP256r1.c[1] := 'aa'O;
p_ieee1609dot2_signed_and_encrypted_data.content.encryptedData.recipients[0].certRecipInfo.encKey.eciesBrainpoolP256r1.c[2] := 'bb'O;
log("*** f_http_build_authorization_request_with_wrong_parameters: DEBUG: Altered enc key= ", p_ieee1609dot2_signed_and_encrypted_data);
if (p_alter_pks_recipient == true) {
p_ieee1609dot2_signed_and_encrypted_data.content.encryptedData.recipients[0].pskRecipInfo := int2oct(314259265, 8); // NOT equal to the HashedId8 of the certificate CERT_AA
log("*** f_http_build_authorization_request_with_wrong_parameters: DEBUG: Altered pskRecipInfo= ", p_ieee1609dot2_signed_and_encrypted_data);
}
log("*** f_http_build_authorization_request_with_wrong_parameters: DEBUG: p_request_hash= ", p_request_hash);
} // End of function f_http_build_authorization_request_with_wrong_parameters
function f_http_build_authorization_response(
in InnerAtRequest p_inner_at_request,
in AuthorizationResponseCode p_responseCode := ok,
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
in Oct16 p_request_hash,
in octetstring p_private_key := ''O,
in octetstring p_digest := ''O,
in Oct16 p_aes_sym_key,
out InnerAtResponse p_inner_at_response,
out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data
) return boolean {
// Local variables
var bitstring v_msg_bit;
var octetstring v_msg;
var Oct12 v_nonce;
var Ieee1609Dot2Data v_ieee1609dot2_signed_data;
var EtsiTs103097Certificate v_at_certificate;
var boolean p_result := false;
log(">>> f_http_build_authorization_response: p_inner_at_request= ", p_inner_at_request);
log(">>> f_http_build_authorization_response: p_responseCode= ", p_responseCode);
log(">>> f_http_build_authorization_response: p_request_hash= ", p_request_hash);
log(">>> f_http_build_authorization_response: p_private_key= ", p_private_key);
log(">>> f_http_build_authorization_response: p_digest= ", p_digest);
log(">>> f_http_build_authorization_response: p_aes_sym_key= ", p_aes_sym_key);
// Check expectred response
p_request_hash,
p_responseCode
)
);
p_result := true;
// Generate the certificate
if (f_generate_at_certificate_for_inner_at_response(p_inner_at_request, p_private_key, p_digest, v_at_certificate) == false) {
log("f_http_build_authorization_response: Failed to generate the certificate");
)
);
} else {
p_inner_at_response := valueof(
p_request_hash,
v_at_certificate
)
);
}
}
// Secure the response
log("f_http_build_authorization_response: p_inner_at_response= ", p_inner_at_response);
v_msg := bit2oct(encvalue(m_etsiTs102941Data_inner_at_response(p_inner_at_response)));
v_nonce := substr(f_hashWithSha256(int2oct((f_getCurrentTimeUtc() * 1000), 16)), 0, 12); // Random value
// TODO Consider Sha384: m_signerIdentifier_digest(f_HashedId8FromSha384(p_digest))
if (f_build_pki_secured_response_message(p_private_key,
valueof(m_signerIdentifier_digest(f_HashedId8FromSha256(p_digest))),// in SignerIdentifier p_signer_identifier,
v_msg,
p_aes_sym_key,
v_nonce,
p_ieee1609dot2_signed_and_encrypted_data
) == false) {
log("f_http_build_authorization_response: Failed to generate the certificate");
log("<<< f_http_build_authorization_response: p_result= ", p_result);
log("<<< f_http_build_authorization_response: p_inner_at_response= ", p_inner_at_response);
} // End of function f_http_build_authorization_response
in octetstring p_public_key_compressed,
in integer p_compressed_key_mode,
in octetstring p_private_enc_key,
in octetstring p_public_compressed_enc_key,
in integer p_compressed_enc_key_mode,
out Oct16 p_aes_sym_key,
out Oct16 p_encrypted_sym_key,
out Oct16 p_authentication_vector,
out Oct12 p_nonce,
out octetstring p_salt,
out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data,
out Oct32 p_request_hash
) runs on ItsPkiHttp {
// Local variables
var AuthorizationValidationRequest v_authorization_validation_request;
var bitstring v_authorization_validation_request_msg;
var octetstring v_public_enc_key;
var integer v_compressed_enc_key_mode;
log(">>> f_http_build_authorization_validation_request");
// Copy the sharedAtRequest component from the InnerAtRequest received in the AuthorizationRequestMessage
v_authorization_validation_request.sharedAtRequest := p_inner_at_request.sharedAtRequest;
// Copy the ecSignature component from the InnerAtRequest received in the AuthorizationRequestMessage or AuthorizationRequestMessageWithPop
v_authorization_validation_request.ecSignature := p_inner_at_request.ecSignature;
if (f_extract_enc_key(vc_eaCertificate, v_public_enc_key, v_compressed_enc_key_mode) == false) {
log("f_http_build_authorization_validation_request: Non canonical EA certificate");
f_selfOrClientSyncAndVerdict("error", e_error);
}
if (PICS_SEC_FIXED_KEYS) { // Debug mode: Use fixed values
v_public_enc_key := 'DD4F6B0DF57C6E3BD0E32B565CACA1D858CEB08A5C2BBAB2C23E203C6DE697FF'O;
v_compressed_enc_key_mode := 0;
}
log("f_http_build_authorization_validation_request: Public encryption key: ", v_public_enc_key);
log("f_http_build_authorization_validation_request: Public encryption key comp: ", v_compressed_enc_key_mode);
p_salt := vc_eaWholeHash256; // IEEE 1609.2: If the encryption key was obtained from a certificate c, P1 is SHA-256 (c), where c is the COER encoding of the certificate, canonicalized per 6.4.3.
log("f_http_build_authorization_validation_request: vc_aaHashedId8: ", vc_aaHashedId8);
log("f_http_build_authorization_validation_request: p_salt: ", p_salt);
if(f_build_pki_secured_request_message_signed_with_pop(vc_aaPrivateKey, valueof(m_signerIdentifier_digest(vc_aaHashedId8)), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, p_salt, bit2oct(encvalue(m_etsiTs102941Data_authorization_validation_request(v_authorization_validation_request))), PX_EC_ALG_FOR_ATV, -, p_ieee1609dot2_signed_and_encrypted_data, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce, p_request_hash) == false) {
log("f_http_build_authorization_validation_request: Failed to generate Authorization Request");
f_selfOrClientSyncAndVerdict("error", e_error);
log("f_http_build_authorization_validation_request: p_ieee1609dot2_signed_and_encrypted_data= ", p_ieee1609dot2_signed_and_encrypted_data);
log("f_http_build_authorization_validation_request: p_request_hash= ", p_request_hash);
} // End of function f_http_build_authorization_validation_request
function f_http_build_invalid_authorization_validation_request(
in InnerAtRequest p_inner_at_request,
in octetstring p_public_key_compressed,
in integer p_compressed_key_mode,
in octetstring p_private_enc_key,
in octetstring p_public_compressed_enc_key,
in integer p_compressed_enc_key_mode,
out Oct16 p_aes_sym_key,
out Oct16 p_encrypted_sym_key,
out Oct16 p_authentication_vector,
out Oct12 p_nonce,
out octetstring p_salt,
out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data,
out Oct32 p_request_hash
) runs on ItsPkiHttp {
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
// Local variables
var AuthorizationValidationRequest v_authorization_validation_request;
var bitstring v_authorization_validation_request_msg;
var octetstring v_public_enc_key;
var integer v_compressed_enc_key_mode;
log(">>> f_http_build_invalid_authorization_validation_request");
// Copy the sharedAtRequest component from the InnerAtRequest received in the AuthorizationRequestMessage
v_authorization_validation_request.sharedAtRequest := p_inner_at_request.sharedAtRequest;
// Copy the ecSignature component from the InnerAtRequest received in the AuthorizationRequestMessage or AuthorizationRequestMessageWithPop
v_authorization_validation_request.ecSignature := p_inner_at_request.ecSignature;
// Secure the InnerAtRequest message
if (f_extract_enc_key(vc_eaCertificate, v_public_enc_key, v_compressed_enc_key_mode) == false) {
log("f_http_build_invalid_authorization_validation_request: Non canonical EA certificate");
f_selfOrClientSyncAndVerdict("error", e_error);
}
if (PICS_SEC_FIXED_KEYS) { // Debug mode: Use fixed values
v_public_enc_key := 'DD4F6B0DF57C6E3BD0E32B565CACA1D858CEB08A5C2BBAB2C23E203C6DE697FF'O;
v_compressed_enc_key_mode := 0;
}
log("f_http_build_invalid_authorization_validation_request: Public encryption key: ", v_public_enc_key);
log("f_http_build_invalid_authorization_validation_request: Public encryption key comp: ", v_compressed_enc_key_mode);
p_salt := vc_eaWholeHash256; // IEEE 1609.2: If the encryption key was obtained from a certificate c, P1 is SHA-256 (c), where c is the COER encoding of the certificate, canonicalized per 6.4.3.
log("f_http_build_invalid_authorization_validation_request: vc_aaHashedId8: ", vc_aaHashedId8);
log("f_http_build_invalid_authorization_validation_request: p_salt: ", p_salt);
if(f_build_pki_secured_request_message_signed_with_pop(vc_aaPrivateKey, valueof(m_signerIdentifier_digest(vc_aaHashedId8)), vc_eaHashedId8/*recipientId*/, v_public_enc_key, v_compressed_enc_key_mode, p_salt, bit2oct(encvalue(m_etsiTs102941Data_authorization_validation_request(v_authorization_validation_request))), PX_EC_ALG_FOR_ATV, true, p_ieee1609dot2_signed_and_encrypted_data, p_aes_sym_key, p_encrypted_sym_key, p_authentication_vector, p_nonce, p_request_hash) == false) {
log("f_http_build_invalid_authorization_validation_request: Failed to generate Authorization Request");
f_selfOrClientSyncAndVerdict("error", e_error);
}
log("f_http_build_invalid_authorization_validation_request: p_ieee1609dot2_signed_and_encrypted_data= ", p_ieee1609dot2_signed_and_encrypted_data);
log("f_http_build_invalid_authorization_validation_request: p_request_hash= ", p_request_hash);
} // End of function f_http_build_invalid_authorization_validation_request
function f_http_build_authorization_validation_response(
in AuthorizationValidationResponseCode p_responseCode := ok,
in Oct16 p_request_hash,
in octetstring p_private_key := ''O,
in octetstring p_digest := ''O,
in Oct16 p_aes_sym_key,
out AuthorizationValidationResponse p_authorization_validation_response,
out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data
) return boolean {
// Local variables
var bitstring v_msg_bit;
var octetstring v_msg;
var Oct12 v_nonce;
var Ieee1609Dot2Data v_ieee1609dot2_signed_data;
var EtsiTs103097Certificate v_at_certificate;
var boolean p_result := false;
log(">>> f_http_build_authorization_validation_response: p_shared_at_request= ", p_shared_at_request);
log(">>> f_http_build_authorization_validation_response: p_responseCode= ", p_responseCode);
log(">>> f_http_build_authorization_validation_response: p_request_hash= ", p_request_hash);
log(">>> f_http_build_authorization_validation_response: p_private_key= ", p_private_key);
log(">>> f_http_build_authorization_validation_response: p_digest= ", p_digest);
log(">>> f_http_build_authorization_validation_response: p_aes_sym_key= ", p_aes_sym_key);
// Check expectred response
if (p_responseCode != ok) {
p_authorization_validation_response := valueof(
m_authorizationValidationResponse_ko(
p_request_hash,
p_responseCode
)
);
p_result := true;
} else {
p_authorization_validation_response := valueof(m_authorizationValidationResponse_ok(
p_request_hash,
p_shared_at_request.requestedSubjectAttributes
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
)
);
}
// Secure the response
log("f_http_build_authorization_validation_response: p_authorization_validation_response= ", p_authorization_validation_response);
v_msg := bit2oct(encvalue(p_authorization_validation_response));
v_nonce := substr(f_hashWithSha256(int2oct((f_getCurrentTimeUtc() * 1000), 16)), 0, 16); // Random value
// TODO Consider Sha384: m_signerIdentifier_digest(f_HashedId8FromSha384(p_digest))
if (f_build_pki_secured_response_message(p_private_key,
valueof(m_signerIdentifier_digest(f_HashedId8FromSha256(p_digest))),// in SignerIdentifier p_signer_identifier,
v_msg,
p_aes_sym_key,
v_nonce,
p_ieee1609dot2_signed_and_encrypted_data
) == false) {
log("f_http_build_authorization_validation_response: Failed to generate the certificate");
p_authorization_validation_response := valueof(
m_authorizationValidationResponse_ko(
p_request_hash,
deniedpermissions
)
);
} else {
p_result := true;
}
log("<<< f_http_build_authorization_validation_response: p_result= ", p_result);
log("<<< f_http_build_authorization_validation_response: p_authorization_validation_response= ", p_authorization_validation_response);
return p_result;
} // End of function f_http_build_authorization_validation_response
} // End of group http
group generate_certificates {
function f_generate_ec_certificate(
out Certificate p_ec_certificate
) return boolean {
var octetstring v_public_key_x;
var octetstring v_public_key_y;
var octetstring p_public_key_compressed;
var integer p_compressed_mode;
var EccP256CurvePoint v_ecc_p256_curve_point;
var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof(m_appPermissions(36, { bitmapSsp := PX_INNER_EC_CERTFICATE_BITMAP_SSP_CAM })),
valueof(m_appPermissions(37, { bitmapSsp := PX_INNER_EC_CERTFICATE_BITMAP_SSP_DENM }))
};
var template (value) EtsiTs103097Certificate v_cert;
var bitstring v_tbs;
var Oct32 v_sig;
var bitstring v_enc_msg;
var PublicVerificationKey v_public_verification_key;
log(">>> f_generate_ec_certificate");
// Generate verification keys for the certificate
if (f_generate_key_pair(p_private_key, v_public_key_x, v_public_key_y, p_public_key_compressed, p_compressed_mode) == false) {
log("f_generate_ec_certificate: Failed to generate verification key");
return false;
}
if (p_compressed_mode == 0) {
v_ecc_p256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_0(p_public_key_compressed));
} else {
v_ecc_p256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_1(p_public_key_compressed));
}
v_public_verification_key := valueof(
m_publicVerificationKey_ecdsaNistP256(
v_ecc_p256_curve_point
));
} else if (PX_EC_ALG_FOR_EC == e_brainpool_p256_r1) {
v_public_verification_key := valueof(
m_publicVerificationKey_ecdsaBrainpoolP256r1(
v_ecc_p256_curve_point
));
} else {
log("f_generate_ec_certificate: Wrong encryption algorithm, check PX_EC_ALG_FOR_xx");
v_cert := m_etsiTs103097Certificate(
m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(f_hashWithSha256('616263'O))),
m_toBeSignedCertificate_at(
v_appPermissions,
m_verificationKeyIndicator_verificationKey(
v_public_verification_key
),
m_duration_in_hours(PX_GENERATED_CERTIFICATE_DURATION)
m_identifiedRegion_country_only(PX_GENERATED_CERTIFICATE_REGION_COUNTRY_2),
m_identifiedRegion_country_only(PX_GENERATED_CERTIFICATE_REGION_COUNTRY_2)
PX_GENERATED_CERTIFICATE_SUBJECT_ASSURENCE_LEVEL
)
);
// Encode it ==> Get octetstring
v_tbs := encvalue(v_cert.toBeSigned);
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
// Sign the certificate
v_sig := f_signWithEcdsa(bit2oct(v_tbs), int2oct(11, 32), p_private_key);
if ((PX_VE_ALG == e_nist_p256) or (PX_VE_ALG == e_brainpool_p256_r1)) {
v_cert.signature_ := m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_sig, 0, 32)
),
substr(v_sig, 32, 32)
)
);
} else if (PX_VE_ALG == e_brainpool_p384_r1) {
v_cert.signature_ := m_signature_ecdsaBrainpoolP384r1(
m_ecdsaP384Signature(
m_eccP384CurvePoint_x_only(
substr(v_sig, 0, 48)
),
substr(v_sig, 48, 48)
)
);
}
log("f_generate_ec_certificate: v_cert= ", v_cert);
p_ec_certificate := valueof(v_cert);
return true;
} // End of function f_generate_ec_certificate
function f_generate_ec_certificate_for_inner_ec_response(
in InnerEcRequest p_inner_ec_request,
in octetstring p_private_key,
in octetstring p_digest,
out EtsiTs103097Certificate p_ec_certificate
) return boolean {
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
var EtsiTs103097Certificate v_cert;
var IssuerIdentifier v_issuer;
var bitstring v_tbs;
var octetstring v_sig;
log(">>> f_generate_ec_certificate_for_inner_ec_response");
v_issuer := valueof(m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(p_digest))); // TODO Check sha256/384 f_HashedId8FromSha384
v_cert := valueof(
m_etsiTs103097Certificate(
v_issuer,
m_toBeSignedCertificate_ec(
p_inner_ec_request.requestedSubjectAttributes.id,
p_inner_ec_request.requestedSubjectAttributes.appPermissions,
m_verificationKeyIndicator_verificationKey(
p_inner_ec_request.publicKeys.verificationKey
),
p_inner_ec_request.requestedSubjectAttributes.validityPeriod,
p_inner_ec_request.requestedSubjectAttributes.region,
p_inner_ec_request.requestedSubjectAttributes.assuranceLevel,
p_inner_ec_request.publicKeys.encryptionKey
)
)
);
// Encode it ==> Get octetstring
v_tbs := encvalue(v_cert.toBeSigned);
// Sign the certificate
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
v_sig := f_signWithEcdsa(bit2oct(v_tbs), p_digest, p_private_key);
if (PX_VE_ALG == e_nist_p256) {
v_cert.signature_ := valueof(
m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_sig, 0, 32)
),
substr(v_sig, 32, 32)
)
)
);
} else if (PX_VE_ALG == e_brainpool_p256_r1) {
v_cert.signature_ := valueof(
m_signature_ecdsaBrainpoolP256r1(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_sig, 0, 32)
),
substr(v_sig, 32, 32)
)
)
);
v_cert.signature_ := valueof(
m_signature_ecdsaBrainpoolP384r1(
m_ecdsaP384Signature(
m_eccP384CurvePoint_x_only(
substr(v_sig, 0, 48)
),
substr(v_sig, 48, 48)
)
)
);
p_ec_certificate := valueof(v_cert);
log("f_generate_ec_certificate_for_inner_ec_response: p_ec_certificate= ", p_ec_certificate);
return true;
} // End of function f_generate_ec_certificate_for_inner_ec_response
function f_generate_at_certificate_for_inner_at_response(
in InnerAtRequest p_inner_at_request,
in octetstring p_private_key,
in octetstring p_digest,
out EtsiTs103097Certificate p_at_certificate
) return boolean {
var EtsiTs103097Certificate v_cert;
var IssuerIdentifier v_issuer;
v_issuer := valueof(m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(p_digest))); // TODO Check sha256/384 f_HashedId8FromSha384
v_cert := valueof(
m_etsiTs103097Certificate(
v_issuer,
m_toBeSignedCertificate_at(
p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.appPermissions,
m_verificationKeyIndicator_verificationKey(
p_inner_at_request.publicKeys.verificationKey
),
p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.validityPeriod,
p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.region,
p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.assuranceLevel,
p_inner_at_request.publicKeys.encryptionKey
)
)
);
// Encode it ==> Get octetstring
v_tbs := encvalue(v_cert.toBeSigned);
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
v_sig := f_signWithEcdsa(bit2oct(v_tbs), p_digest, p_private_key);
if (PX_VE_ALG == e_nist_p256) {
v_cert.signature_ := valueof(
m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_sig, 0, 32)
),
substr(v_sig, 32, 32)
)
)
);
} else if (PX_VE_ALG == e_brainpool_p256_r1) {
v_cert.signature_ := valueof(
m_signature_ecdsaBrainpoolP256r1(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_sig, 0, 32)
),
substr(v_sig, 32, 32)
)
)
);
} else if (PX_VE_ALG == e_brainpool_p384_r1) {
v_cert.signature_ := valueof(
m_signature_ecdsaBrainpoolP384r1(
m_ecdsaP384Signature(
m_eccP384CurvePoint_x_only(
substr(v_sig, 0, 48)
),
substr(v_sig, 48, 48)
)
)
);
p_at_certificate := valueof(v_cert);
log("f_generate_at_certificate_for_inner_at_response: p_ec_certificate= ", p_at_certificate);
} // End of function f_generate_at_certificate_for_inner_at_response
function f_generate_at_certificate_for_authorization_response(
in InnerAtRequest p_inner_at_request,
in octetstring p_private_key,
in octetstring p_digest,
out EtsiTs103097Certificate p_at_certificate
) return boolean {
var EtsiTs103097Certificate v_cert;
var IssuerIdentifier v_issuer;
var bitstring v_tbs;
var octetstring v_sig;
log(">>> f_generate_at_certificate_for_authorization_response");
v_issuer := valueof(m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(p_digest))); // TODO Check sha256/384 f_HashedId8FromSha384
v_cert := valueof(
m_etsiTs103097Certificate(
v_issuer,
m_toBeSignedCertificate_ec(
p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.id,
p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.appPermissions,
m_verificationKeyIndicator_verificationKey(
p_inner_at_request.publicKeys.verificationKey
),
p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.validityPeriod,
p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.region,
p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.assuranceLevel,
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
p_inner_at_request.publicKeys.encryptionKey
)
)
);
// Encode it ==> Get octetstring
v_tbs := encvalue(v_cert.toBeSigned);
// Sign the certificate
v_sig := f_signWithEcdsa(bit2oct(v_tbs), p_digest, p_private_key);
if (PX_VE_ALG == e_nist_p256) {
v_cert.signature_ := valueof(
m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_sig, 0, 32)
),
substr(v_sig, 32, 32)
)
)
);
} else if (PX_VE_ALG == e_brainpool_p256_r1) {
v_cert.signature_ := valueof(
m_signature_ecdsaBrainpoolP256r1(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_sig, 0, 32)
),
substr(v_sig, 32, 32)
)
)
);
} else if (PX_VE_ALG == e_brainpool_p384_r1) {
v_cert.signature_ := valueof(
m_signature_ecdsaBrainpoolP384r1(
m_ecdsaP384Signature(
m_eccP384CurvePoint_x_only(
substr(v_sig, 0, 48)
),
substr(v_sig, 48, 48)
)
)
);
}
log("f_generate_at_certificate_for_authorization_response: p_at_certificate= ", p_at_certificate);
return true;
} // End of function f_generate_at_certificate_for_authorization_response
} // End of group generate_certificates
out octetstring p_private_key,
out octetstring p_public_key_compressed,
out integer p_compressed_mode,
out InnerEcRequest p_inner_ec_request
) return boolean {
var Oct32 v_public_key_x;
var Oct32 v_public_key_y;
var PublicVerificationKey v_public_verification_key;
log (">>> f_generate_inner_ec_request");
// Generate keys for the certificate to be requested
if (f_generate_key_pair(p_private_key, v_public_key_x, v_public_key_y, p_public_key_compressed, p_compressed_mode) == false) {
log ("f_generate_inner_ec_request: failed to generate keys");
// Build the Proof of Possession InnerEcRequest
if (PX_VE_ALG == e_nist_p256) {
var EccP256CurvePoint v_eccP256_curve_point;
if (p_compressed_mode == 0) {
v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_0(p_public_key_compressed));
} else {
v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_1(p_public_key_compressed));
}
v_public_verification_key := valueof(m_publicVerificationKey_ecdsaNistP256(v_eccP256_curve_point));
} else if (PX_VE_ALG == e_brainpool_p256_r1) {
var EccP256CurvePoint v_eccP256_curve_point;
if (p_compressed_mode == 0) {
v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_0(p_public_key_compressed));
} else {
v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_1(p_public_key_compressed));
}
v_public_verification_key := valueof(m_publicVerificationKey_ecdsaBrainpoolP256r1(v_eccP256_curve_point));
var EccP384CurvePoint v_eccP384_curve_point;
if (p_compressed_mode == 0) {
v_eccP384_curve_point := valueof(m_eccP384CurvePoint_compressed_y_0(p_public_key_compressed));
} else {
v_eccP384_curve_point := valueof(m_eccP384CurvePoint_compressed_y_1(p_public_key_compressed));
}
v_public_verification_key := valueof(m_publicVerificationKey_ecdsaBrainpoolP384r1(v_eccP384_curve_point));
}
p_inner_ec_request := valueof(
m_innerEcRequest(
m_certificateSubjectAttributes_id_omit/*FIXME No name*/(
/*oct2char(PICS_ITS_S_CANONICAL_ID),*/
YannGarcia
committed
{ // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof(m_appPermissions(c_its_aid_SCR, { bitmapSsp := PX_INNER_EC_CERTFICATE_BITMAP_SSP_SCR }))
YannGarcia
committed
},
m_validityPeriod(
f_getCurrentTime() / 1000,
m_duration_in_hours(PX_GENERATED_CERTIFICATE_DURATION)
YannGarcia
committed
),
m_geographicRegion_identifiedRegion(
{
m_identifiedRegion_country_only(PX_GENERATED_CERTIFICATE_REGION_COUNTRY_1),
m_identifiedRegion_country_only(PX_GENERATED_CERTIFICATE_REGION_COUNTRY_2)
YannGarcia
committed
}
),
PX_GENERATED_CERTIFICATE_SUBJECT_ASSURENCE_LEVEL
YannGarcia
committed
)
if (PICS_SECPKI_REENROLMENT) { // This is a re-enrolment, the identifier of its current valid Enrolment Credential
log("f_generate_inner_ec_request: This is a re-enrolment");
p_inner_ec_request.itsId := PX_EC_HASHED_ID8;
}
log("<<< f_generate_inner_ec_request: ", p_inner_ec_request);
} // End of function f_generate_inner_ec_request
function f_generate_inner_ec_request_with_wrong_parameters(
in SequenceOfPsidSsp p_appPermissions,
in octetstring p_canonical_id := PICS_ITS_S_CANONICAL_ID,
in Time32 p_start,
in Duration p_duration,
in boolean p_alter_private_key := false,
out octetstring p_private_key,
out octetstring p_public_key_compressed,
out integer p_compressed_mode,
out InnerEcRequest p_inner_ec_request
) return boolean {
// Local variables
var Oct32 v_public_key_x;
var Oct32 v_public_key_y;
var octetstring v_private_key;
var octetstring v_public_key_compressed;
var integer v_compressed_mode;
var PublicVerificationKey v_public_verification_key;
log (">>> f_generate_inner_ec_request_with_wrong_parameters");
// Generate keys for the certificate to be requested
if (f_generate_key_pair(p_private_key, v_public_key_x, v_public_key_y, p_public_key_compressed, p_compressed_mode) == false) {
log ("f_generate_inner_ec_request_with_wrong_parameters: failed to generate keys");
return false;
}
if (p_alter_private_key == false) {
v_private_key := p_private_key;
v_public_key_compressed := p_public_key_compressed;
v_compressed_mode := p_compressed_mode;
} else {
log ("f_generate_inner_ec_request_with_wrong_parameters: Alter verify private key");
if (f_generate_key_pair(v_private_key, v_public_key_x, v_public_key_y, v_public_key_compressed, v_compressed_mode) == false) {
log ("f_generate_inner_ec_request_with_wrong_parameters: failed to generate keys");
return false;
}
}
// Build the Proof of Possession InnerEcRequest
if (PX_VE_ALG == e_nist_p256) {
var EccP256CurvePoint v_eccP256_curve_point;
if (v_compressed_mode == 0) {
v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_0(v_public_key_compressed));
} else {
v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_1(v_public_key_compressed));
}
v_public_verification_key := valueof(m_publicVerificationKey_ecdsaNistP256(v_eccP256_curve_point));
} else if (PX_VE_ALG == e_brainpool_p256_r1) {
var EccP256CurvePoint v_eccP256_curve_point;
if (v_compressed_mode == 0) {
v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_0(v_public_key_compressed));
} else {
v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_1(v_public_key_compressed));
}
v_public_verification_key := valueof(m_publicVerificationKey_ecdsaBrainpoolP256r1(v_eccP256_curve_point));
} else {
var EccP384CurvePoint v_eccP384_curve_point;
if (v_compressed_mode == 0) {
v_eccP384_curve_point := valueof(m_eccP384CurvePoint_compressed_y_0(v_public_key_compressed));
} else {
v_eccP384_curve_point := valueof(m_eccP384CurvePoint_compressed_y_1(v_public_key_compressed));
}
v_public_verification_key := valueof(m_publicVerificationKey_ecdsaBrainpoolP384r1(v_eccP384_curve_point));
}
p_inner_ec_request := valueof(
m_innerEcRequest(
),
m_certificateSubjectAttributes_id_name(
p_appPermissions, // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
m_validityPeriod(
p_start,
),
m_geographicRegion_identifiedRegion(
{
m_identifiedRegion_country_only(PX_GENERATED_CERTIFICATE_REGION_COUNTRY_1),
m_identifiedRegion_country_only(PX_GENERATED_CERTIFICATE_REGION_COUNTRY_2)
}
),
PX_GENERATED_CERTIFICATE_SUBJECT_ASSURENCE_LEVEL
)
)
);
if (PICS_SECPKI_REENROLMENT) { // This is a re-enrolment, the identifier of its current valid Enrolment Credential
log("f_generate_inner_ec_request_with_wrong_parameters: This is a re-enrolment");
p_inner_ec_request.itsId := PX_EC_HASHED_ID8;
}
log("f_generate_inner_ec_request_with_wrong_parameters: ", p_inner_ec_request);
return true;
} // End of function f_generate_inner_ec_request_with_wrong_parameters
function f_generate_inner_ec_request_signed_for_pop(
in octetstring p_private_key,
in InnerEcRequest p_inner_ec_request,
out Ieee1609Dot2Data p_inner_ec_request_signed_for_pop
) return boolean {
// Local variables
var template (value) EccP256CurvePoint v_eccP256_curve_point;
var octetstring v_encoded_inner_ec_request;
var template (value) ToBeSignedData v_tbs;
var octetstring v_tbs_signed;
var Signature v_signature;
// Encode it
v_encoded_inner_ec_request := bit2oct(encvalue(p_inner_ec_request));
// Signed the encoded InnerEcRequestSignedForPop
v_tbs := m_toBeSignedData(
m_signedDataPayload(
m_etsiTs103097Data_unsecured(
v_encoded_inner_ec_request
)
),
);
// Signed the encoded InnerEcRequestSignedForPop
v_tbs_signed := f_signWithEcdsa(bit2oct(encvalue(v_tbs)), int2oct(0, 32), p_private_key);
if (PX_VE_ALG == e_nist_p256) {
v_signature := valueof(
m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_tbs_signed, 0, 32)
),