Continue PKI ATS development (c59baf96) · Commits · TTCN-3 Libraries / LibIts

ttcn/Pki/LibItsPki_Functions.ttcn

+25 −14

Original line number	Original line	Diff line number	Diff line
	@@ -706,7 +706,7 @@ module LibItsPki_Functions {
	var bitstring v_authorization_request_msg;		var bitstring v_authorization_request_msg;

	// Generate the InnerAtRequest		// Generate the InnerAtRequest
	if (f_generate_inner_at_request(vc_eaCertificate, vc_eaHashedId8, p_ec_certificate, p_ec_private_key, p_private_key, p_public_key_compressed, p_compressed_key_mode, p_private_enc_key, p_public_compressed_enc_key, p_compressed_enc_key_mode, v_inner_at_request) == false) {		if (f_generate_inner_at_request(vc_aaCertificate, vc_aaHashedId8, vc_eaHashedId8, p_ec_certificate, p_ec_private_key, p_private_key, p_public_key_compressed, p_compressed_key_mode, p_private_enc_key, p_public_compressed_enc_key, p_compressed_enc_key_mode, v_inner_at_request) == false) {
	log("* f_http_build_authorization_request: ERROR: Failed to generate AuthorizationValidationRequest *");		log("* f_http_build_authorization_request: ERROR: Failed to generate AuthorizationValidationRequest *");
	f_selfOrClientSyncAndVerdict("error", e_error);		f_selfOrClientSyncAndVerdict("error", e_error);
	return;		return;
	@@ -1387,7 +1387,8 @@ module LibItsPki_Functions {
	group inner_at_xxx {		group inner_at_xxx {

	function f_generate_inner_at_request(		function f_generate_inner_at_request(
	in Certificate p_ea_certificate,		in Certificate p_aa_certificate,
			in Oct8 p_aa_hashed_id8,
	in Oct8 p_ea_hashed_id8,		in Oct8 p_ea_hashed_id8,
	in Certificate p_ec_certificate,		in Certificate p_ec_certificate,
	in octetstring p_ec_private_key,		in octetstring p_ec_private_key,
	@@ -1434,6 +1435,10 @@ module LibItsPki_Functions {
	if (f_generate_key_pair(p_private_enc_key, v_public_enc_key_x, v_public_enc_key_y, p_public_compressed_enc_key, p_compressed_enc_key_mode) == false) {		if (f_generate_key_pair(p_private_enc_key, v_public_enc_key_x, v_public_enc_key_y, p_public_compressed_enc_key, p_compressed_enc_key_mode) == false) {
	log("f_generate_inner_at_request: Failed to generate encryption key");		log("f_generate_inner_at_request: Failed to generate encryption key");
	return false;		return false;
			} else {
			log ("f_generate_inner_at_request: AT encryption private key: ", p_private_enc_key);
			log ("f_generate_inner_at_request: AT encryption public compressed key: ", p_public_compressed_enc_key);
			log ("f_generate_inner_at_request: AT encryption public compressed mode: ", p_compressed_enc_key_mode);
	}		}
	} else {		} else {
	p_private_enc_key := ''O;		p_private_enc_key := ''O;
	@@ -1453,20 +1458,26 @@ module LibItsPki_Functions {
	log("f_generate_inner_at_request: v_ec_hash= ", v_ec_hash);		log("f_generate_inner_at_request: v_ec_hash= ", v_ec_hash);

	// Generate 32 octets length secret key		// Generate 32 octets length secret key
	v_hmac_key := f_hashWithSha256(int2oct(f_getCurrentTime(), 12));		v_hmac_key := f_hashWithSha256(int2oct((f_getCurrentTimeUtc() * 1000), 12));
	log("f_generate_inner_at_request: v_hmac_key= ", v_hmac_key);		log("f_generate_inner_at_request: v_hmac_key= ", v_hmac_key);

	// Generate tag based on the concatenation of verification keys & encryption keys		// Generate tag based on the concatenation of verification keys & encryption keys
	v_message_to_tag := v_public_key_x & v_public_key_y & v_public_enc_key_x & v_public_enc_key_y;		v_message_to_tag := v_public_key_x & v_public_key_y & v_public_enc_key_x & v_public_enc_key_y;
	log("f_generate_inner_at_request: v_message_to_tag= ", v_message_to_tag); // FIXME encryption keys could be optional		log("f_generate_inner_at_request: v_message_to_tag= ", v_message_to_tag); // FIXME encryption keys could be optional
	v_key_tag := fx_hmac_sha256(v_hmac_key, v_message_to_tag); // TODO Rename and use a wrapper function		v_key_tag := substr(
			fx_hmac_sha256( // TODO Rename and use a wrapper function
			v_hmac_key,
			v_message_to_tag
			),
			0,
			16); // Leftmost 128 bits of the HMAC-SHA256 tag computed previously
	log("f_generate_inner_at_request: v_key_tag= ", v_key_tag);		log("f_generate_inner_at_request: v_key_tag= ", v_key_tag);

	// Build the SharedAtRequest		// Build the SharedAtRequest
	p_inner_at_request.sharedAtRequest := valueof(		p_inner_at_request.sharedAtRequest := valueof(
	m_shared_at_request(		m_shared_at_request(
	p_ea_hashed_id8, // eaId identifies the EA certificate shared with EA entity		p_ea_hashed_id8, // eaId identifies the EA certificate shared with EA entity
	substr(v_key_tag, 0, 16), // Calculated keyTag		v_key_tag, // Calculated keyTag
	valueof(		valueof(
	m_certificate_subject_attributes( // FIXME Review subjectPermissions		m_certificate_subject_attributes( // FIXME Review subjectPermissions
	p_ec_certificate.toBeSigned.appPermissions,		p_ec_certificate.toBeSigned.appPermissions,
	@@ -1563,11 +1574,11 @@ module LibItsPki_Functions {

	// Use EA certificate for the encryption		// Use EA certificate for the encryption
	if (PX_EC_ALG == e_nist_p256) {		if (PX_EC_ALG == e_nist_p256) {
	if (ischosen(p_ea_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0)) {		if (ischosen(p_aa_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0)) {
	v_public_enc_key := p_ea_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0;		v_public_enc_key := p_aa_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0;
	v_compressed_mode := 0;		v_compressed_mode := 0;
	} else if (ischosen(p_ea_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1)) {		} else if (ischosen(p_aa_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1)) {
	v_public_enc_key := p_ea_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1;		v_public_enc_key := p_aa_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1;
	v_compressed_mode := 1;		v_compressed_mode := 1;
	} else {		} else {
	log("f_generate_inner_at_request: Wrong NistP256 encryption variant");		log("f_generate_inner_at_request: Wrong NistP256 encryption variant");
	@@ -1597,11 +1608,11 @@ module LibItsPki_Functions {
	v_authentication_vector		v_authentication_vector
	)));		)));
	} else if (PX_EC_ALG == e_brainpool_p256_r1) {		} else if (PX_EC_ALG == e_brainpool_p256_r1) {
	if (ischosen(p_ea_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_0)) {		if (ischosen(p_aa_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_0)) {
	v_public_enc_key := p_ea_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_0;		v_public_enc_key := p_aa_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_0;
	v_compressed_mode := 0;		v_compressed_mode := 0;
	} else if (ischosen(p_ea_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_1)) {		} else if (ischosen(p_aa_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_1)) {
	v_public_enc_key := p_ea_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_1;		v_public_enc_key := p_aa_certificate.toBeSigned.encryptionKey.publicKey.eciesBrainpoolP256r1.compressed_y_1;
	v_compressed_mode := 1;		v_compressed_mode := 1;
	} else {		} else {
	log("f_generate_inner_at_request: Wrong BrainpoolP256r1 encryption variant");		log("f_generate_inner_at_request: Wrong BrainpoolP256r1 encryption variant");
	@@ -1626,7 +1637,7 @@ module LibItsPki_Functions {
	log("f_generate_inner_at_request: Wrong encryption variant");		log("f_generate_inner_at_request: Wrong encryption variant");
	return false;		return false;
	}		}
	v_recipientId := p_ea_hashed_id8; // RecipientId is the HashedId8 of the EA certificate		v_recipientId := p_aa_hashed_id8; // RecipientId is the HashedId8 of the EA certificate
	log("v_recipientId= ", v_recipientId);		log("v_recipientId= ", v_recipientId);
	// Fill Certificate template with the public compressed keys (canonical form)		// Fill Certificate template with the public compressed keys (canonical form)
	if (v_public_compressed_ephemeral_mode == 0) {		if (v_public_compressed_ephemeral_mode == 0) {

Admin message