Continue PKI ATS development (a944e1ac) · Commits · TTCN-3 Libraries / LibIts

ttcn/Pki/LibItsPki_EncdecDeclarations.ttcn

+22 −0

Original line number	Original line	Diff line number	Diff line
	@@ -46,6 +46,28 @@ module LibItsPki_EncdecDeclarations {
	external function fx_dec_InnerEcResponse(inout bitstring b, out EtsiTs102941TypesEnrolment.InnerEcResponse p) return integer		external function fx_dec_InnerEcResponse(inout bitstring b, out EtsiTs102941TypesEnrolment.InnerEcResponse p) return integer
	with {extension "prototype(sliding) decode(PER)"}		with {extension "prototype(sliding) decode(PER)"}

			/**
			* @desc Encoding function for EtsiTs102941TypesAuthorization InnerAtRequest
			* @param p The certificate to encode
			* @return The encode message in OER format
			*/
			external function fx_enc_InnerAtRequest(in EtsiTs102941TypesAuthorization.InnerAtRequest p) return bitstring
			with {extension "prototype(convert) encode(PER)"}

			external function fx_dec_InnerAtRequest(inout bitstring b, out EtsiTs102941TypesAuthorization.InnerAtRequest p) return integer
			with {extension "prototype(sliding) decode(PER)"}

			/**
			* @desc Encoding function for EtsiTs102941TypesAuthorization InnerAtResponse
			* @param p The certificate to encode
			* @return The encode message in OER format
			*/
			external function fx_enc_InnerAtResponse(in EtsiTs102941TypesAuthorization.InnerAtResponse p) return bitstring
			with {extension "prototype(convert) encode(PER)"}

			external function fx_dec_InnerAtResponse(inout bitstring b, out EtsiTs102941TypesAuthorization.InnerAtResponse p) return integer
			with {extension "prototype(sliding) decode(PER)"}

	/**		/**
	* @desc Encoding function for EtsiTs102941TypesAuthorization SharedAtRequest		* @desc Encoding function for EtsiTs102941TypesAuthorization SharedAtRequest
	* @param p The certificate to encode		* @param p The certificate to encode

ttcn/Pki/LibItsPki_Functions.ttcn

+177 −0

Original line number	Original line	Diff line number	Diff line
	@@ -742,6 +742,86 @@ module LibItsPki_Functions {
	log("*** f_http_build_authorization_request: DEBUG: p_request_hash= ", p_request_hash);		log("*** f_http_build_authorization_request: DEBUG: p_request_hash= ", p_request_hash);
	} // End of function f_http_build_authorization_request		} // End of function f_http_build_authorization_request

			function f_http_build_authorization_response(
			in InnerAtRequest p_inner_at_request,
			in EnrolmentResponseCode p_responseCode := ok,
			in Oct16 p_request_hash,
			in octetstring p_private_key := ''O,
			in octetstring p_digest := ''O,
			in Oct16 p_aes_sym_key,
			out InnerAtResponse p_inner_at_response,
			out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data
			) return boolean {
			// Local variables
			var bitstring v_msg_bit;
			var octetstring v_msg;
			var Oct12 v_nonce;
			var Ieee1609Dot2Data v_ieee1609dot2_signed_data;
			var EtsiTs103097Certificate v_at_certificate;
			var boolean p_result := false;

			log(">>> f_http_build_authorization_response: p_inner_at_request= ", p_inner_at_request);
			log(">>> f_http_build_authorization_response: p_responseCode= ", p_responseCode);
			log(">>> f_http_build_authorization_response: p_request_hash= ", p_request_hash);
			log(">>> f_http_build_authorization_response: p_private_key= ", p_private_key);
			log(">>> f_http_build_authorization_response: p_digest= ", p_digest);
			log(">>> f_http_build_authorization_response: p_aes_sym_key= ", p_aes_sym_key);

			// Check expectred response
			/*if (p_responseCode != ok) {
			p_inner_at_response := valueof(
			m_innerEcResponse_ko(
			p_request_hash,
			p_responseCode
			)
			);
			p_result := true;
			} else {
			// Generate the certificate
			if (f_generate_at_certificate_for_inner_at_response(p_inner_at_request, p_private_key, p_digest, v_at_certificate) == false) {
			log("f_http_build_inner_at_response: Failed to generate the certificate");
			p_inner_at_response := valueof(
			m_innerEcResponse_ko(
			p_request_hash,
			incompleterequest
			)
			);
			} else {
			p_inner_at_response := valueof(
			m_innerEcResponse_ok(
			p_request_hash,
			v_at_certificate
			)
			);
			}
			}

			// Secure the response
			log("f_http_build_inner_at_response: p_inner_at_response= ", p_inner_at_response);
			v_msg := bit2oct(encvalue(p_inner_at_response));
			v_nonce := int2oct(f_getCurrentTime(), 32); // Random value
			// TODO Consider Sha384: m_signerIdentifier_digest(f_HashedId8FromSha384(p_digest))
			if (f_build_pki_secured_response_message(p_private_key,
			valueof(m_signerIdentifier_digest(f_HashedId8FromSha256(p_digest))),// in SignerIdentifier p_signer_identifier,
			v_msg,
			p_aes_sym_key,
			v_nonce,
			p_ieee1609dot2_signed_and_encrypted_data
			) == false) {
			log("f_http_build_inner_at_response: Failed to generate the certificate");
			p_inner_at_response := valueof(
			m_innerEcResponse_ko(
			p_request_hash,
			deniedrequest
			)
			);
			} else {
			p_result := true;
			}*/

			return p_result;
			} // End of function f_http_build_authorization_request

	function f_http_build_authorization_validation_request(		function f_http_build_authorization_validation_request(
	in InnerAtRequest p_inner_at_request,		in InnerAtRequest p_inner_at_request,
	out octetstring p_private_key,		out octetstring p_private_key,
	@@ -1048,6 +1128,80 @@ module LibItsPki_Functions {
	return true;		return true;
	} // End of function f_generate_at_certificate		} // End of function f_generate_at_certificate

			function f_generate_at_certificate_for_authorization_response(
			in InnerAtRequest p_inner_at_request,
			in octetstring p_private_key,
			in octetstring p_digest,
			out EtsiTs103097Certificate p_at_certificate
			) return boolean {
			var EtsiTs103097Certificate v_cert;
			var IssuerIdentifier v_issuer;
			var bitstring v_tbs;
			var octetstring v_sig;

			log(">>> f_generate_at_certificate_for_authorization_response");

			/*v_issuer := valueof(m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(p_digest))); // TODO Check sha256/384 f_HashedId8FromSha384
			v_cert := valueof(
			m_etsiTs103097Certificate(
			v_issuer,
			m_toBeSignedCertificate_ec(
			p_inner_at_request.requestedSubjectAttributes.id,
			p_inner_at_request.requestedSubjectAttributes.appPermissions,
			m_verificationKeyIndicator_verificationKey(
			p_inner_at_request.publicKeys.verificationKey
			),
			p_inner_at_request.requestedSubjectAttributes.validityPeriod,
			p_inner_at_request.requestedSubjectAttributes.region,
			p_inner_at_request.requestedSubjectAttributes.assuranceLevel,
			p_inner_at_request.publicKeys.encryptionKey
			)
			)
			);
			// Encode it ==> Get octetstring
			v_tbs := encvalue(v_cert.toBeSigned);
			// Sign the certificate
			v_sig := f_signWithEcdsa(bit2oct(v_tbs), p_digest, p_private_key);
			if (PX_VE_ALG == e_nist_p256) {
			v_cert.signature_ := valueof(
			m_signature_ecdsaNistP256(
			m_ecdsaP256Signature(
			m_eccP256CurvePoint_x_only(
			substr(v_sig, 0, 32)
			),
			substr(v_sig, 32, 32)
			)
			)
			);
			} else if (PX_VE_ALG == e_brainpool_p256_r1) {
			v_cert.signature_ := valueof(
			m_signature_ecdsaBrainpoolP256r1(
			m_ecdsaP256Signature(
			m_eccP256CurvePoint_x_only(
			substr(v_sig, 0, 32)
			),
			substr(v_sig, 32, 32)
			)
			)
			);
			} else if (PX_VE_ALG == e_brainpool_p384_r1) {
			v_cert.signature_ := valueof(
			m_signature_ecdsaBrainpoolP384r1(
			m_ecdsaP384Signature(
			m_eccP384CurvePoint_x_only(
			substr(v_sig, 0, 48)
			),
			substr(v_sig, 48, 48)
			)
			)
			);
			}
			p_at_certificate := valueof(v_cert);*/
			log("f_generate_at_certificate_for_authorization_response: p_at_certificate= ", p_at_certificate);

			return true;
			} // End of function f_generate_at_certificate_for_authorization_response

	} // End of group generate_certificates		} // End of group generate_certificates

	group inner_ec_xxx {		group inner_ec_xxx {
	@@ -1532,6 +1686,29 @@ module LibItsPki_Functions {
	return true;		return true;
	} // End of function f_generate_inner_at_request		} // End of function f_generate_inner_at_request

			function f_verify_inner_at_request_signed_for_pop(
			in EtsiTs102941Data p_etsi_ts_102941_data,
			out InnerAtRequest p_inner_at_request
			) return boolean {
			var bitstring v_msg_bit;

			log(">>> f_verify_inner_at_request_signed_for_pop: ", p_etsi_ts_102941_data);

			// 1. Decode content
			v_msg_bit := oct2bit(p_etsi_ts_102941_data.content.enrolmentRequest.content.signedData.tbsData.payload.data.content.unsecuredData);
			if (decvalue(v_msg_bit, p_inner_at_request) != 0) {
			log("f_verify_inner_at_request_signed_for_pop: Failed to decode InnerEcRequest");
			return false;
			} else {
			log("f_verify_inner_at_request_signed_for_pop: v_inner_at_request= ", p_inner_at_request);

			// 2. Verify the InnerEcRequestSignedForPop signature
			// TODO
			}

			return true;
			} // End of function f_verify_inner_at_request_signed_for_pop

	function f_generate_inner_at_response(		function f_generate_inner_at_response(
	in octetstring p_authorization_request_hash,		in octetstring p_authorization_request_hash,
	in EtsiTs103097Certificate p_certificate,		in EtsiTs103097Certificate p_certificate,

ttcn/Pki/LibItsPki_Templates.ttcn

+6 −0

Original line number	Original line	Diff line number	Diff line
	@@ -160,6 +160,12 @@ module LibItsPki_Templates {
	authorizationRequest := p_authorizationRequest		authorizationRequest := p_authorizationRequest
	} // End of template m_authorizationRequest		} // End of template m_authorizationRequest

			template (present) EtsiTs102941DataContent mw_authorizationRequest(
			in template (present) InnerAtRequest p_authorizationRequest := ?
			) := {
			authorizationRequest := p_authorizationRequest
			} // End of template mw_authorizationRequest

	template (present) EtsiTs102941DataContent mw_authorizationResponse(		template (present) EtsiTs102941DataContent mw_authorizationResponse(
	template (present) InnerAtResponse p_authorizationResponse := ?		template (present) InnerAtResponse p_authorizationResponse := ?
	) := {		) := {