Commit c591ac73 authored by YannGarcia's avatar YannGarcia
Browse files

Update after ETSI ITS CMS-7

parent 969b2095
This diff is collapsed.
......@@ -35,13 +35,17 @@ module LibItsPki_Pixits {
*/
modulepar SecurityAlg PX_EC_ALG_FOR_EC := e_nist_p256; // TODO Use RCA to determine encryption algorithm?
/**
* @desc Indicate which encryption algorithem to be used for Authorization Request
* @desc Indicate which encryption algorithem to be used for Authorization Request (AA certificate of the IUT)
*/
modulepar SecurityAlg PX_EC_ALG_FOR_AT := e_nist_p256;
/**
* @desc Indicate which encryption algorithem to be used for Authorization Validation Request
* @desc Indicate which encryption algorithem to be used for Authorization Validation Request (EA certificate of the IUT)
*/
modulepar SecurityAlg PX_EC_ALG_FOR_ATV := e_nist_p256;
/**
* @desc Indicate which encryption algorithem to be used for EcSignature (EA certificate of the IUT)
*/
modulepar SecurityAlg PX_EC_ALG_FOR_EC_SIGN := e_nist_p256;
/**
* @desc Indicate which verification algorithem to be used
......
......@@ -278,6 +278,15 @@ module LibItsPki_Templates {
certIssuePermissions := omit
} // End of template m_certificateSubjectAttributes_id_none
template (omit) CertificateSubjectAttributes m_certificateSubjectAttributes_id_omit(
in template (value) SequenceOfPsidSsp p_appPermissions,
in template (omit) ValidityPeriod p_validityPeriod := omit,
in template (omit) GeographicRegion p_region := omit,
in template (omit) SubjectAssurance p_assuranceLevel := omit
) modifies m_certificateSubjectAttributes_id_none := {
id := omit
} // End of template m_certificateSubjectAttributes_id_omit
template (omit) CertificateSubjectAttributes m_certificateSubjectAttributes_id_name(
in template (value) Hostname p_name,
in template (value) SequenceOfPsidSsp p_appPermissions,
......@@ -482,7 +491,7 @@ module LibItsPki_Templates {
template (present) SequenceOfPsidSsp p_appPermissions := ?,
template CertificateId p_id := *,
template (present) ValidityPeriod p_validityPeriod := ?,
template (present) SubjectAssurance p_assuranceLevel := ?,
template SubjectAssurance p_assuranceLevel := *,
template GeographicRegion p_region := *,
template SequenceOfPsidGroupPermissions p_certIssuePermissions := omit
) := {
......
......@@ -77,11 +77,13 @@ module LibItsPki_TestSystem {
var octetstring vc_eaPrivateKey; /** Test Adapter EA private key for signature */
var octetstring vc_eaPrivateEncKey; /** Test Adapter EA private key for encryption */
var octetstring vc_eaWholeHash; /** Test Adapter EA whole-hash for signature check */
var octetstring vc_eaWholeHash256; /** Test Adapter EA whole-hash using SHA 256 for encryption because of encryption key size ==32 */
var HashedId8 vc_eaHashedId8; /** Test Adapter EA HashedId8 for decryption of IUT's response */
var octetstring vc_aaPrivateKey; /** Test Adapter AA private key for signature */
var octetstring vc_aaPrivateEncKey; /** Test Adapter AA private key for encryption */
var HashedId8 vc_aaHashedId8; /** Test Adapter AA HashedId8 for decryption of IUT's response */
var octetstring vc_aaWholeHash; /** Test Adapter AA whole-hash for signature check */
var octetstring vc_aaWholeHash256; /** Test Adapter EA whole-hash using SHA 256 for encryption because of encryption key size ==32 */
} // End of component ItsPkiHttp
/**
......
......@@ -107,6 +107,9 @@ module LibItsSecurity_Functions {
in Oct48 p_certificateIssuer,
in Oct48 p_privateKey
) return octetstring {
log(">>> f_signWithEcdsaBrainpoolp384WithSha384: ", p_toBeSignedSecuredMessage);
log(">>> f_signWithEcdsaBrainpoolp384WithSha384: ", p_certificateIssuer);
log(">>> f_signWithEcdsaBrainpoolp384WithSha384: ", p_privateKey);
return fx_signWithEcdsaBrainpoolp384WithSha384(
p_toBeSignedSecuredMessage,
p_certificateIssuer,
......@@ -865,8 +868,8 @@ module LibItsSecurity_Functions {
);
p_securedMessage.content.signedData.signature_ := valueof(m_signature_ecdsaBrainpoolP384r1(
m_ecdsaP384Signature(
m_eccP384CurvePoint_x_only(substr(v_signature, 0, 32)),
substr(v_signature, 32, 32)
m_eccP384CurvePoint_x_only(substr(v_signature, 0, 48)),
substr(v_signature, 48, 48)
)
));
} // TODO To be continued
......@@ -904,7 +907,7 @@ module LibItsSecurity_Functions {
var octetstring v_secPayload, v_signature;
var template (value) ToBeSignedData v_toBeSignedData;
var integer i, j, k, n;
var HeaderInfo v_headerFields := {};
var HeaderInfo v_headerFields;
var Ieee1609Dot2Content v_toBeSignedPayload;
var Oct32 v_privateKey;
var UInt8 v_trailerSize;
......@@ -1207,7 +1210,7 @@ module LibItsSecurity_Functions {
// Local variables
var EtsiTs103097Certificate v_aaCertificate, v_atCertificate;
var HeaderInfo v_mandatoryHeaders := {};
var HeaderInfo v_mandatoryHeaders;
var HeaderInfo v_signerInfo;
// Load certificates if required
......@@ -1282,7 +1285,7 @@ module LibItsSecurity_Functions {
// Local variables
var EtsiTs103097Certificate v_aaCertificate, v_atCertificate;
var HeaderInfo v_mandatoryHeaders := {};
var HeaderInfo v_mandatoryHeaders;
var HeaderInfo v_signerInfo;
// Load certificates if required
......@@ -1359,7 +1362,7 @@ module LibItsSecurity_Functions {
// Local variables
var EtsiTs103097Certificate v_aaCertificate, v_atCertificate;
var HeaderInfo v_mandatoryHeaders := {};
var HeaderInfo v_mandatoryHeaders;
var HeaderInfo v_signerInfo;
// Load certificates if required
......@@ -1429,7 +1432,7 @@ module LibItsSecurity_Functions {
// Local variables
var EtsiTs103097Certificate v_aaCertificate, v_atCertificate;
var HeaderInfo v_mandatoryHeaders := {};
var HeaderInfo v_mandatoryHeaders;
var HeaderInfo v_signerInfo;
// Load certificates if required
......@@ -1504,7 +1507,7 @@ module LibItsSecurity_Functions {
// Local variables
var EtsiTs103097Certificate v_aaCertificate, v_atCertificate;
var HeaderInfo v_mandatoryHeaders := {};
var HeaderInfo v_mandatoryHeaders;
var HeaderInfo v_signerInfo;
// Load certificates if required
......@@ -2044,7 +2047,7 @@ module LibItsSecurity_Functions {
}
} // End of 'for' statement
if (v_found == false) {
log("f_verifySspPermissions: Permission set not found: ", v_issuerPsidSsp)
log("f_verifySspPermissions: Permission set not found: ", v_issuerPsidSsp);
if (p_strict_checks == true) {
return false;
} else {
......@@ -2054,7 +2057,7 @@ module LibItsSecurity_Functions {
// 2. Validate bits mask
if (ispresent(v_issuerPsidSsp.ssp)) {
if (ispresent(v_subordinatePsidSsp.ssp) == false) {
log("f_verifySspPermissions: Ssp shall not be omitted: ", v_issuerPsidSsp)
log("f_verifySspPermissions: Ssp shall not be omitted: ", v_issuerPsidSsp);
if (p_strict_checks == true) {
return false;
}
......@@ -2277,6 +2280,23 @@ module LibItsSecurity_Functions {
return true;
} // End of function f_getCertificateHash
/**
* @desc Read the whole-hash of the certificate SHA 256
* @param p_certificate_id the certificate identifier
* @param p_hash the whole-hash of the certificate using SHA 256
* @return true on success, false otherwise
*/
function f_getCertificateHash256(
in charstring p_certificate_id,
out Oct32 p_hash
) return boolean {
if (not fx_readCertificateHash256(p_certificate_id, p_hash)){
log("f_getCertificateHash256: Failed to retrieve digest for ", p_certificate_id);
return false;
}
return true;
} // End of function f_getCertificateHash
function f_getCertificateFromDigest(
in HashedId8 p_digest,
out EtsiTs103097Certificate p_certificate
......@@ -2657,7 +2677,7 @@ module LibItsSecurity_Functions {
* @return true on success, false otherwise
*/
external function fx_loadCertificates(in charstring p_rootDirectory, in charstring p_configId) return boolean;
external function fx_store_certificate(in charstring p_cert_id, in octetstring p_cert, in octetstring p_private_key, in octetstring p_public_key_x, in octetstring p_public_key_y, in octetstring p_public_key_compressed, in integer p_public_key_compressed_mode, in octetstring p_hash, in octetstring p_hashid8, in octetstring p_issuer, in template (omit) octetstring p_private_enc_key, in template (omit) octetstring p_public_enc_key_x, in template (omit) octetstring p_public_enc_key_y, in template (omit) octetstring p_public_enc_compressed_key, in template (omit) integer p_public_enc_key_compressed_mode) return boolean;
external function fx_store_certificate(in charstring p_cert_id, in octetstring p_cert, in octetstring p_private_key, in octetstring p_public_key_x, in octetstring p_public_key_y, in octetstring p_public_key_compressed, in integer p_public_key_compressed_mode, in octetstring p_hash, in octetstring p_hash_256, in octetstring p_hashid8, in octetstring p_issuer, in template (omit) octetstring p_private_enc_key, in template (omit) octetstring p_public_enc_key_x, in template (omit) octetstring p_public_enc_key_y, in template (omit) octetstring p_public_enc_compressed_key, in template (omit) integer p_public_enc_key_compressed_mode) return boolean;
/**
* @desc Unload from memory cache the certificates
......@@ -2689,6 +2709,14 @@ module LibItsSecurity_Functions {
*/
external function fx_readCertificateHash(in charstring p_certificate_id, out octetstring p_hash) return boolean;
/**
* @desc Read the whole-hash of the specified certificate using SHA 256
* @param p_certificate_id the certificate identifier
* @param p_hash the whole-hash of the certificate
* @return true on success, false otherwise
*/
external function fx_readCertificateHash256(in charstring p_certificate_id, out Oct32 p_hash) return boolean;
external function fx_readCertificateFromDigest(in HashedId8 p_digest, out charstring p_certificate_id) return boolean;
external function fx_readCertificateFromHashedId3(in HashedId3 p_digest, out charstring p_certificate_id) return boolean;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment