Commit c17c78b9 authored by YannGarcia's avatar YannGarcia
Browse files

Finalyze implementation of new TPs from ETSI TS 103 525-2 V1.2.4 (2021-10)

parent 4edb6ec9
......@@ -3481,7 +3481,9 @@ module LibItsPki_Functions {
in boolean p_check_no_signature := false,
in boolean p_check_region_restriction := false,
in boolean p_check_signature_content := false,
in boolean p_check_app_permissions := false
in boolean p_check_app_permissions := false,
in boolean p_check_app_ssps := false,
in boolean p_check_app_validity_period := false
) return boolean {
var CertificateType v_type_ := explicit;
var template Signature v_signature_ := ?;
......@@ -3682,10 +3684,98 @@ module LibItsPki_Functions {
}
} // End of 'for'statement
}
if (p_check_app_ssps == true) {
var integer v_idx, v_jdx;
var Certificate v_authorized_certificate;
if (f_readCertificate(p_authorized_certificate, v_authorized_certificate) == false) {
log("f_verify_rca_certificate: Fail to load p_authorized_certificate");
return false;
}
log("f_verify_rca_certificate: v_authorized_certificate=", v_authorized_certificate);
for (v_idx := 0; v_idx < lengthof(p_certificate.toBeSigned.appPermissions); v_idx := v_idx + 1) {
log("f_verify_rca_certificate: Processing ", p_certificate.toBeSigned.appPermissions[v_idx]);
if (match(p_certificate.toBeSigned.appPermissions[v_idx], mw_appPermissions(-, ?)) == false) {
log("f_verify_rca_certificate: appPermissions mismatch");
return false;
}
// Check that 'ssp' is in the certIssuePermissions component in the issuing certificate
for (v_jdx := 0; v_jdx < lengthof(v_authorized_certificate.toBeSigned.certIssuePermissions[0].subjectPermissions.explicit); v_jdx := v_jdx + 1) {
log("f_verify_rca_certificate: compare psid ", v_authorized_certificate.toBeSigned.certIssuePermissions[0].subjectPermissions.explicit[v_jdx].psid, " - ", p_certificate.toBeSigned.appPermissions[v_idx].psid);
if (v_authorized_certificate.toBeSigned.certIssuePermissions[0].subjectPermissions.explicit[v_jdx].psid == p_certificate.toBeSigned.appPermissions[v_idx].psid) {
break;
}
} // End of 'for'statement
if (v_jdx == lengthof(v_authorized_certificate.toBeSigned.certIssuePermissions[0].subjectPermissions.explicit)) {
log("f_verify_rca_certificate: Psid is not in the list of the issuing certificate");
return false;
} else {
var BitmapSsp v_ssp_ca := substr(v_authorized_certificate.toBeSigned.certIssuePermissions[0].subjectPermissions.explicit[v_jdx].sspRange.bitmapSspRange.sspValue, 1, -1 + lengthof(v_authorized_certificate.toBeSigned.certIssuePermissions[0].subjectPermissions.explicit[v_jdx].sspRange.bitmapSspRange.sspValue));
log("f_verify_rca_certificate: v_ssp_ca= ", v_ssp_ca, " - ssp= ", p_certificate.toBeSigned.appPermissions[v_idx].ssp.bitmapSsp);
if (v_ssp_ca != p_certificate.toBeSigned.appPermissions[v_idx].ssp.bitmapSsp) {
log("f_verify_rca_certificate: SSPs mismatch: CA");
return false;
}
}
} // End of 'for'statement
}
if (p_check_app_validity_period == true) {
var integer v_idx, v_jdx;
var Certificate v_authorized_certificate;
var UInt32 v_duration, v_duration_ca;
if (f_readCertificate(p_authorized_certificate, v_authorized_certificate) == false) {
log("f_verify_rca_certificate: Fail to load p_authorized_certificate");
return false;
}
log("f_verify_rca_certificate: v_authorized_certificate=", v_authorized_certificate);
// Check start date (indicating X_START_VALIDITY ( X_START_VALIDITY >= X_START_VALIDITY_CA ))
if (p_certificate.toBeSigned.validityPeriod.start_ < v_authorized_certificate.toBeSigned.validityPeriod.start_) {
log("f_verify_rca_certificate: validityPeriod.start_ mismatch");
return false;
}
// Check duration (value <= X_START_VALIDITY_CA + X_DURATION_CA - X_START_VALIDITY)
v_duration := duration_to_uint32(p_certificate.toBeSigned.validityPeriod.duration);
v_duration_ca := duration_to_uint32(v_authorized_certificate.toBeSigned.validityPeriod.duration);
if (v_duration > (v_authorized_certificate.toBeSigned.validityPeriod.start_ + v_duration_ca - p_certificate.toBeSigned.validityPeriod.start_)) {
log("f_verify_rca_certificate: validityPeriod.duration mismatch");
return false;
}
}
return true;
}
function duration_to_uint32(
in Duration p_duration
) return UInt32 {
if (ischosen(p_duration.microseconds)) {
return p_duration.microseconds * 1000000;
}
else if (ischosen(p_duration.milliseconds)) {
return p_duration.milliseconds * 1000;
}
else if (ischosen(p_duration.seconds)) {
return p_duration.seconds;
}
else if (ischosen(p_duration.minutes)) {
return p_duration.minutes * 60;
}
else if (ischosen(p_duration.hours)) {
return p_duration.hours * 3600;
}
else if (ischosen(p_duration.sixtyHours)) {
return p_duration.sixtyHours * 60 * 3600;
}
else if (ischosen(p_duration.sixtyHours)) {
return p_duration.sixtyHours * 60 * 3600;
}
// No choice!
return p_duration.years * 31536000; // One calendar common year has 365 days
}
} // End of group rca
group tlm {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment