Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
TTCN-3 Libraries
LibIts
Commits
a944e1ac
Commit
a944e1ac
authored
Feb 18, 2019
by
Yann Garcia
Browse files
Continue PKI ATS development
parent
b90de034
Changes
3
Hide whitespace changes
Inline
Side-by-side
ttcn/Pki/LibItsPki_EncdecDeclarations.ttcn
View file @
a944e1ac
...
...
@@ -46,6 +46,28 @@ module LibItsPki_EncdecDeclarations {
external
function
fx_dec_InnerEcResponse
(
inout
bitstring
b
,
out
EtsiTs102941TypesEnrolment
.
InnerEcResponse
p
)
return
integer
with
{
extension
"prototype(sliding) decode(PER)"
}
/**
* @desc Encoding function for EtsiTs102941TypesAuthorization InnerAtRequest
* @param p The certificate to encode
* @return The encode message in OER format
*/
external
function
fx_enc_InnerAtRequest
(
in
EtsiTs102941TypesAuthorization
.
InnerAtRequest
p
)
return
bitstring
with
{
extension
"prototype(convert) encode(PER)"
}
external
function
fx_dec_InnerAtRequest
(
inout
bitstring
b
,
out
EtsiTs102941TypesAuthorization
.
InnerAtRequest
p
)
return
integer
with
{
extension
"prototype(sliding) decode(PER)"
}
/**
* @desc Encoding function for EtsiTs102941TypesAuthorization InnerAtResponse
* @param p The certificate to encode
* @return The encode message in OER format
*/
external
function
fx_enc_InnerAtResponse
(
in
EtsiTs102941TypesAuthorization
.
InnerAtResponse
p
)
return
bitstring
with
{
extension
"prototype(convert) encode(PER)"
}
external
function
fx_dec_InnerAtResponse
(
inout
bitstring
b
,
out
EtsiTs102941TypesAuthorization
.
InnerAtResponse
p
)
return
integer
with
{
extension
"prototype(sliding) decode(PER)"
}
/**
* @desc Encoding function for EtsiTs102941TypesAuthorization SharedAtRequest
* @param p The certificate to encode
...
...
ttcn/Pki/LibItsPki_Functions.ttcn
View file @
a944e1ac
...
...
@@ -741,6 +741,86 @@ module LibItsPki_Functions {
log
(
"*** f_http_build_authorization_request: DEBUG: p_ieee1609dot2_signed_and_encrypted_data= "
,
p_ieee1609dot2_signed_and_encrypted_data
);
log
(
"*** f_http_build_authorization_request: DEBUG: p_request_hash= "
,
p_request_hash
);
}
// End of function f_http_build_authorization_request
function
f_http_build_authorization_response
(
in
InnerAtRequest
p_inner_at_request
,
in
EnrolmentResponseCode
p_responseCode
:=
ok
,
in
Oct16
p_request_hash
,
in
octetstring
p_private_key
:=
''
O
,
in
octetstring
p_digest
:=
''
O
,
in
Oct16
p_aes_sym_key
,
out
InnerAtResponse
p_inner_at_response
,
out
Ieee1609Dot2Data
p_ieee1609dot2_signed_and_encrypted_data
)
return
boolean
{
// Local variables
var
bitstring
v_msg_bit
;
var
octetstring
v_msg
;
var
Oct12
v_nonce
;
var
Ieee1609Dot2Data
v_ieee1609dot2_signed_data
;
var
EtsiTs103097Certificate
v_at_certificate
;
var
boolean
p_result
:=
false
;
log
(
">>> f_http_build_authorization_response: p_inner_at_request= "
,
p_inner_at_request
);
log
(
">>> f_http_build_authorization_response: p_responseCode= "
,
p_responseCode
);
log
(
">>> f_http_build_authorization_response: p_request_hash= "
,
p_request_hash
);
log
(
">>> f_http_build_authorization_response: p_private_key= "
,
p_private_key
);
log
(
">>> f_http_build_authorization_response: p_digest= "
,
p_digest
);
log
(
">>> f_http_build_authorization_response: p_aes_sym_key= "
,
p_aes_sym_key
);
// Check expectred response
/*if (p_responseCode != ok) {
p_inner_at_response := valueof(
m_innerEcResponse_ko(
p_request_hash,
p_responseCode
)
);
p_result := true;
} else {
// Generate the certificate
if (f_generate_at_certificate_for_inner_at_response(p_inner_at_request, p_private_key, p_digest, v_at_certificate) == false) {
log("f_http_build_inner_at_response: Failed to generate the certificate");
p_inner_at_response := valueof(
m_innerEcResponse_ko(
p_request_hash,
incompleterequest
)
);
} else {
p_inner_at_response := valueof(
m_innerEcResponse_ok(
p_request_hash,
v_at_certificate
)
);
}
}
// Secure the response
log("f_http_build_inner_at_response: p_inner_at_response= ", p_inner_at_response);
v_msg := bit2oct(encvalue(p_inner_at_response));
v_nonce := int2oct(f_getCurrentTime(), 32); // Random value
// TODO Consider Sha384: m_signerIdentifier_digest(f_HashedId8FromSha384(p_digest))
if (f_build_pki_secured_response_message(p_private_key,
valueof(m_signerIdentifier_digest(f_HashedId8FromSha256(p_digest))),// in SignerIdentifier p_signer_identifier,
v_msg,
p_aes_sym_key,
v_nonce,
p_ieee1609dot2_signed_and_encrypted_data
) == false) {
log("f_http_build_inner_at_response: Failed to generate the certificate");
p_inner_at_response := valueof(
m_innerEcResponse_ko(
p_request_hash,
deniedrequest
)
);
} else {
p_result := true;
}*/
return
p_result
;
}
// End of function f_http_build_authorization_request
function
f_http_build_authorization_validation_request
(
in
InnerAtRequest
p_inner_at_request
,
...
...
@@ -1048,6 +1128,80 @@ module LibItsPki_Functions {
return
true
;
}
// End of function f_generate_at_certificate
function
f_generate_at_certificate_for_authorization_response
(
in
InnerAtRequest
p_inner_at_request
,
in
octetstring
p_private_key
,
in
octetstring
p_digest
,
out
EtsiTs103097Certificate
p_at_certificate
)
return
boolean
{
var
EtsiTs103097Certificate
v_cert
;
var
IssuerIdentifier
v_issuer
;
var
bitstring
v_tbs
;
var
octetstring
v_sig
;
log
(
">>> f_generate_at_certificate_for_authorization_response"
);
/*v_issuer := valueof(m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(p_digest))); // TODO Check sha256/384 f_HashedId8FromSha384
v_cert := valueof(
m_etsiTs103097Certificate(
v_issuer,
m_toBeSignedCertificate_ec(
p_inner_at_request.requestedSubjectAttributes.id,
p_inner_at_request.requestedSubjectAttributes.appPermissions,
m_verificationKeyIndicator_verificationKey(
p_inner_at_request.publicKeys.verificationKey
),
p_inner_at_request.requestedSubjectAttributes.validityPeriod,
p_inner_at_request.requestedSubjectAttributes.region,
p_inner_at_request.requestedSubjectAttributes.assuranceLevel,
p_inner_at_request.publicKeys.encryptionKey
)
)
);
// Encode it ==> Get octetstring
v_tbs := encvalue(v_cert.toBeSigned);
// Sign the certificate
v_sig := f_signWithEcdsa(bit2oct(v_tbs), p_digest, p_private_key);
if (PX_VE_ALG == e_nist_p256) {
v_cert.signature_ := valueof(
m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_sig, 0, 32)
),
substr(v_sig, 32, 32)
)
)
);
} else if (PX_VE_ALG == e_brainpool_p256_r1) {
v_cert.signature_ := valueof(
m_signature_ecdsaBrainpoolP256r1(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_sig, 0, 32)
),
substr(v_sig, 32, 32)
)
)
);
} else if (PX_VE_ALG == e_brainpool_p384_r1) {
v_cert.signature_ := valueof(
m_signature_ecdsaBrainpoolP384r1(
m_ecdsaP384Signature(
m_eccP384CurvePoint_x_only(
substr(v_sig, 0, 48)
),
substr(v_sig, 48, 48)
)
)
);
}
p_at_certificate := valueof(v_cert);*/
log
(
"f_generate_at_certificate_for_authorization_response: p_at_certificate= "
,
p_at_certificate
);
return
true
;
}
// End of function f_generate_at_certificate_for_authorization_response
}
// End of group generate_certificates
group
inner_ec_xxx
{
...
...
@@ -1532,6 +1686,29 @@ module LibItsPki_Functions {
return
true
;
}
// End of function f_generate_inner_at_request
function
f_verify_inner_at_request_signed_for_pop
(
in
EtsiTs102941Data
p_etsi_ts_102941_data
,
out
InnerAtRequest
p_inner_at_request
)
return
boolean
{
var
bitstring
v_msg_bit
;
log
(
">>> f_verify_inner_at_request_signed_for_pop: "
,
p_etsi_ts_102941_data
);
// 1. Decode content
v_msg_bit
:=
oct2bit
(
p_etsi_ts_102941_data
.
content
.
enrolmentRequest
.
content
.
signedData
.
tbsData
.
payload
.
data
.
content
.
unsecuredData
);
if
(
decvalue
(
v_msg_bit
,
p_inner_at_request
)
!=
0
)
{
log
(
"f_verify_inner_at_request_signed_for_pop: Failed to decode InnerEcRequest"
);
return
false
;
}
else
{
log
(
"f_verify_inner_at_request_signed_for_pop: v_inner_at_request= "
,
p_inner_at_request
);
// 2. Verify the InnerEcRequestSignedForPop signature
// TODO
}
return
true
;
}
// End of function f_verify_inner_at_request_signed_for_pop
function
f_generate_inner_at_response
(
in
octetstring
p_authorization_request_hash
,
in
EtsiTs103097Certificate
p_certificate
,
...
...
ttcn/Pki/LibItsPki_Templates.ttcn
View file @
a944e1ac
...
...
@@ -160,6 +160,12 @@ module LibItsPki_Templates {
authorizationRequest
:=
p_authorizationRequest
}
// End of template m_authorizationRequest
template
(
present
)
EtsiTs102941DataContent
mw_authorizationRequest
(
in
template
(
present
)
InnerAtRequest
p_authorizationRequest
:=
?
)
:=
{
authorizationRequest
:=
p_authorizationRequest
}
// End of template mw_authorizationRequest
template
(
present
)
EtsiTs102941DataContent
mw_authorizationResponse
(
template
(
present
)
InnerAtResponse
p_authorizationResponse
:=
?
)
:=
{
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment