Commit 419abe76 authored by Yann Garcia's avatar Yann Garcia
Browse files

AtsPki validation: minor bugs fixed

parent d7fb38fe
......@@ -17,6 +17,13 @@ module LibItsPki_EncdecDeclarations {
external function fx_dec_EtsiTs102941Data(inout bitstring b, out EtsiTs102941MessagesCa.EtsiTs102941Data p_etsi_ts_102941_data)return integer
with {extension "prototype(sliding) decode(PER)"}
external function fx_enc_EtsiTs102941DataContent(in EtsiTs102941MessagesCa.EtsiTs102941DataContent p_etsi_ts_102941_data) return bitstring
with {extension "prototype(convert) encode(PER)"}
external function fx_dec_EtsiTs102941DataContent(inout bitstring b, out EtsiTs102941MessagesCa.EtsiTs102941DataContent p_etsi_ts_102941_data)return integer
with {extension "prototype(sliding) decode(PER)"}
/**
* @desc Encoding function for EtsiTs102941TypesEnrolment InnerEcRequest
* @param p The certificate to encode
......
......@@ -317,7 +317,10 @@ module LibItsPki_Functions {
f_selfOrClientSyncAndVerdict("error", e_error);
}
// Secure InnerEcRequestSignedForPoP message
log("v_inner_ec_request_signed_for_pop= ", v_inner_ec_request_signed_for_pop);
v_inner_ec_request_signed_for_pop_msg := encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop));
log("v_inner_ec_request_signed_for_pop_msg= ", v_inner_ec_request_signed_for_pop_msg);
// Prepare for getting the 16 most bytes of SHA256 of InnerEcRequestSignedForPop
p_hash_inner_ec_request_signed_for_pop := f_hashWithSha256(bit2oct(v_inner_ec_request_signed_for_pop_msg));
// Secure the Pki message
......@@ -591,8 +594,8 @@ module LibItsPki_Functions {
valueof(m_appPermissions(37, { bitmapSsp := '830001'O })) // TODO Use PIXIT
},
m_validityPeriod(
17469212,
m_duration_years(10) // TODO Use PIXIT
f_getCurrentTime() / 1000,
m_duration_years(1) // TODO Use PIXIT
),
m_geographicRegion_identifiedRegion(
{
......@@ -1092,7 +1095,7 @@ module LibItsPki_Functions {
// in Oct12 p_nonce, // TODO Tobe removed
// in octetstring p_salt,
in octetstring p_issuer,
in Certificate p_certificate, // TODO Perhaps the peer certificate will be required for signature
in Certificate p_certificate, // TODO Tobe removed
in Ieee1609Dot2Data p_ieee1609dot2_encrypted_and_signed_data,
in boolean p_check_security := true,
out EtsiTs102941Data p_etsi_ts_102941_data
......@@ -1102,19 +1105,15 @@ module LibItsPki_Functions {
var integer v_compressed_enc_key_mode;
var octetstring v_plain_message;
var Ieee1609Dot2Data v_ieee1609dot2_signed_data;
var Certificate v_certificate;
var bitstring v_etsi_ts_102941_data_msg;
var bitstring v_tbs;
var boolean v_ret;
//var octetstring v_cyphered_text;
var Oct16 v_authentication_vector;
log(">>> f_verify_pki_message: p_private_enc_key= ", p_private_enc_key);
//log(">>> f_verify_pki_message: p_publicEphemeralCompressedKey= ", p_publicEphemeralCompressedKey);
log(">>> f_verify_pki_message: p_aes_sym_key=", p_aes_sym_key);
log(">>> f_verify_pki_message: p_authentication_vector=", p_authentication_vector);
log(">>> f_verify_pki_message: p_issuer=", p_issuer);
//log(">>> f_verify_pki_message: p_salt=", p_salt);
// TODO Check p_ieee1609dot2_encrypted_and_signed_data.content.encryptedData.recipients[0].pskRecipInfo. See IEEE Std 1609.2-2017 Clause 6.3.34 PreSharedKeyRecipientInfo
......@@ -1137,26 +1136,32 @@ module LibItsPki_Functions {
// 3. Check the signature
log("v_ieee1609dot2_signed_data.content.signedData.tbsData= ", v_ieee1609dot2_signed_data.content.signedData.tbsData);
v_tbs := encvalue(v_ieee1609dot2_signed_data.content.signedData.tbsData);
/*if (ischosen(p_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0)) {
if (f_getCertificateFromDigest(v_ieee1609dot2_signed_data.content.signedData.signer.digest, v_certificate) == false) {
if (p_check_security == true) {
return false;
}
}
log("v_certificate= ", v_certificate);
if (ischosen(v_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0)) {
v_ret := f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_tbs),
p_issuer,
v_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
p_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0, // TODO Use the signer digest to get the EA certificate
v_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0,
0);
} else {
v_ret := f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_tbs),
p_issuer,
v_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only & v_ieee1609dot2_signed_data.content.signedData.signature_.ecdsaNistP256Signature.sSig,
p_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_1, // TODO Use the signer digest to get the EA certificate
v_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_1,
1);
}
if (v_ret == false) {
if (p_check_security == true) {
return false;
}
}*/
}
// 4. Return the PKI message
log("v_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData= ", v_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment