Commit a944e1ac authored by Yann Garcia's avatar Yann Garcia
Browse files

Continue PKI ATS development

parent b90de034
......@@ -46,6 +46,28 @@ module LibItsPki_EncdecDeclarations {
external function fx_dec_InnerEcResponse(inout bitstring b, out EtsiTs102941TypesEnrolment.InnerEcResponse p) return integer
with {extension "prototype(sliding) decode(PER)"}
/**
* @desc Encoding function for EtsiTs102941TypesAuthorization InnerAtRequest
* @param p The certificate to encode
* @return The encode message in OER format
*/
external function fx_enc_InnerAtRequest(in EtsiTs102941TypesAuthorization.InnerAtRequest p) return bitstring
with {extension "prototype(convert) encode(PER)"}
external function fx_dec_InnerAtRequest(inout bitstring b, out EtsiTs102941TypesAuthorization.InnerAtRequest p) return integer
with {extension "prototype(sliding) decode(PER)"}
/**
* @desc Encoding function for EtsiTs102941TypesAuthorization InnerAtResponse
* @param p The certificate to encode
* @return The encode message in OER format
*/
external function fx_enc_InnerAtResponse(in EtsiTs102941TypesAuthorization.InnerAtResponse p) return bitstring
with {extension "prototype(convert) encode(PER)"}
external function fx_dec_InnerAtResponse(inout bitstring b, out EtsiTs102941TypesAuthorization.InnerAtResponse p) return integer
with {extension "prototype(sliding) decode(PER)"}
/**
* @desc Encoding function for EtsiTs102941TypesAuthorization SharedAtRequest
* @param p The certificate to encode
......
......@@ -741,6 +741,86 @@ module LibItsPki_Functions {
log("*** f_http_build_authorization_request: DEBUG: p_ieee1609dot2_signed_and_encrypted_data= ", p_ieee1609dot2_signed_and_encrypted_data);
log("*** f_http_build_authorization_request: DEBUG: p_request_hash= ", p_request_hash);
} // End of function f_http_build_authorization_request
function f_http_build_authorization_response(
in InnerAtRequest p_inner_at_request,
in EnrolmentResponseCode p_responseCode := ok,
in Oct16 p_request_hash,
in octetstring p_private_key := ''O,
in octetstring p_digest := ''O,
in Oct16 p_aes_sym_key,
out InnerAtResponse p_inner_at_response,
out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data
) return boolean {
// Local variables
var bitstring v_msg_bit;
var octetstring v_msg;
var Oct12 v_nonce;
var Ieee1609Dot2Data v_ieee1609dot2_signed_data;
var EtsiTs103097Certificate v_at_certificate;
var boolean p_result := false;
log(">>> f_http_build_authorization_response: p_inner_at_request= ", p_inner_at_request);
log(">>> f_http_build_authorization_response: p_responseCode= ", p_responseCode);
log(">>> f_http_build_authorization_response: p_request_hash= ", p_request_hash);
log(">>> f_http_build_authorization_response: p_private_key= ", p_private_key);
log(">>> f_http_build_authorization_response: p_digest= ", p_digest);
log(">>> f_http_build_authorization_response: p_aes_sym_key= ", p_aes_sym_key);
// Check expectred response
/*if (p_responseCode != ok) {
p_inner_at_response := valueof(
m_innerEcResponse_ko(
p_request_hash,
p_responseCode
)
);
p_result := true;
} else {
// Generate the certificate
if (f_generate_at_certificate_for_inner_at_response(p_inner_at_request, p_private_key, p_digest, v_at_certificate) == false) {
log("f_http_build_inner_at_response: Failed to generate the certificate");
p_inner_at_response := valueof(
m_innerEcResponse_ko(
p_request_hash,
incompleterequest
)
);
} else {
p_inner_at_response := valueof(
m_innerEcResponse_ok(
p_request_hash,
v_at_certificate
)
);
}
}
// Secure the response
log("f_http_build_inner_at_response: p_inner_at_response= ", p_inner_at_response);
v_msg := bit2oct(encvalue(p_inner_at_response));
v_nonce := int2oct(f_getCurrentTime(), 32); // Random value
// TODO Consider Sha384: m_signerIdentifier_digest(f_HashedId8FromSha384(p_digest))
if (f_build_pki_secured_response_message(p_private_key,
valueof(m_signerIdentifier_digest(f_HashedId8FromSha256(p_digest))),// in SignerIdentifier p_signer_identifier,
v_msg,
p_aes_sym_key,
v_nonce,
p_ieee1609dot2_signed_and_encrypted_data
) == false) {
log("f_http_build_inner_at_response: Failed to generate the certificate");
p_inner_at_response := valueof(
m_innerEcResponse_ko(
p_request_hash,
deniedrequest
)
);
} else {
p_result := true;
}*/
return p_result;
} // End of function f_http_build_authorization_request
function f_http_build_authorization_validation_request(
in InnerAtRequest p_inner_at_request,
......@@ -1048,6 +1128,80 @@ module LibItsPki_Functions {
return true;
} // End of function f_generate_at_certificate
function f_generate_at_certificate_for_authorization_response(
in InnerAtRequest p_inner_at_request,
in octetstring p_private_key,
in octetstring p_digest,
out EtsiTs103097Certificate p_at_certificate
) return boolean {
var EtsiTs103097Certificate v_cert;
var IssuerIdentifier v_issuer;
var bitstring v_tbs;
var octetstring v_sig;
log(">>> f_generate_at_certificate_for_authorization_response");
/*v_issuer := valueof(m_issuerIdentifier_sha256AndDigest(f_HashedId8FromSha256(p_digest))); // TODO Check sha256/384 f_HashedId8FromSha384
v_cert := valueof(
m_etsiTs103097Certificate(
v_issuer,
m_toBeSignedCertificate_ec(
p_inner_at_request.requestedSubjectAttributes.id,
p_inner_at_request.requestedSubjectAttributes.appPermissions,
m_verificationKeyIndicator_verificationKey(
p_inner_at_request.publicKeys.verificationKey
),
p_inner_at_request.requestedSubjectAttributes.validityPeriod,
p_inner_at_request.requestedSubjectAttributes.region,
p_inner_at_request.requestedSubjectAttributes.assuranceLevel,
p_inner_at_request.publicKeys.encryptionKey
)
)
);
// Encode it ==> Get octetstring
v_tbs := encvalue(v_cert.toBeSigned);
// Sign the certificate
v_sig := f_signWithEcdsa(bit2oct(v_tbs), p_digest, p_private_key);
if (PX_VE_ALG == e_nist_p256) {
v_cert.signature_ := valueof(
m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_sig, 0, 32)
),
substr(v_sig, 32, 32)
)
)
);
} else if (PX_VE_ALG == e_brainpool_p256_r1) {
v_cert.signature_ := valueof(
m_signature_ecdsaBrainpoolP256r1(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_sig, 0, 32)
),
substr(v_sig, 32, 32)
)
)
);
} else if (PX_VE_ALG == e_brainpool_p384_r1) {
v_cert.signature_ := valueof(
m_signature_ecdsaBrainpoolP384r1(
m_ecdsaP384Signature(
m_eccP384CurvePoint_x_only(
substr(v_sig, 0, 48)
),
substr(v_sig, 48, 48)
)
)
);
}
p_at_certificate := valueof(v_cert);*/
log("f_generate_at_certificate_for_authorization_response: p_at_certificate= ", p_at_certificate);
return true;
} // End of function f_generate_at_certificate_for_authorization_response
} // End of group generate_certificates
group inner_ec_xxx {
......@@ -1532,6 +1686,29 @@ module LibItsPki_Functions {
return true;
} // End of function f_generate_inner_at_request
function f_verify_inner_at_request_signed_for_pop(
in EtsiTs102941Data p_etsi_ts_102941_data,
out InnerAtRequest p_inner_at_request
) return boolean {
var bitstring v_msg_bit;
log(">>> f_verify_inner_at_request_signed_for_pop: ", p_etsi_ts_102941_data);
// 1. Decode content
v_msg_bit := oct2bit(p_etsi_ts_102941_data.content.enrolmentRequest.content.signedData.tbsData.payload.data.content.unsecuredData);
if (decvalue(v_msg_bit, p_inner_at_request) != 0) {
log("f_verify_inner_at_request_signed_for_pop: Failed to decode InnerEcRequest");
return false;
} else {
log("f_verify_inner_at_request_signed_for_pop: v_inner_at_request= ", p_inner_at_request);
// 2. Verify the InnerEcRequestSignedForPop signature
// TODO
}
return true;
} // End of function f_verify_inner_at_request_signed_for_pop
function f_generate_inner_at_response(
in octetstring p_authorization_request_hash,
in EtsiTs103097Certificate p_certificate,
......
......@@ -160,6 +160,12 @@ module LibItsPki_Templates {
authorizationRequest := p_authorizationRequest
} // End of template m_authorizationRequest
template (present) EtsiTs102941DataContent mw_authorizationRequest(
in template (present) InnerAtRequest p_authorizationRequest := ?
) := {
authorizationRequest := p_authorizationRequest
} // End of template mw_authorizationRequest
template (present) EtsiTs102941DataContent mw_authorizationResponse(
template (present) InnerAtResponse p_authorizationResponse := ?
) := {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment