Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
TTCN-3 Libraries
LibIts
Commits
d35994ab
Commit
d35994ab
authored
Feb 21, 2019
by
Yann Garcia
Browse files
Continue PKI ATS development
parent
ec376d26
Changes
6
Hide whitespace changes
Inline
Side-by-side
ttcn/Pki/LibItsPki_EncdecDeclarations.ttcn
View file @
d35994ab
module
LibItsPki_EncdecDeclarations
{
module
LibItsPki_EncdecDeclarations
{
// LibIts
// LibIts
import
from
IEEE1609dot2BaseTypes
language
"ASN.1:1997"
all
;
import
from
EtsiTs102941BaseTypes
language
"ASN.1:1997"
all
;
import
from
EtsiTs102941BaseTypes
language
"ASN.1:1997"
all
;
import
from
EtsiTs102941TypesEnrolment
language
"ASN.1:1997"
all
;
import
from
EtsiTs102941TypesEnrolment
language
"ASN.1:1997"
all
;
import
from
EtsiTs102941TypesAuthorization
language
"ASN.1:1997"
all
;
import
from
EtsiTs102941TypesAuthorization
language
"ASN.1:1997"
all
;
...
@@ -90,4 +91,37 @@ module LibItsPki_EncdecDeclarations {
...
@@ -90,4 +91,37 @@ module LibItsPki_EncdecDeclarations {
external
function
fx_dec_AuthorizationValidationRequest
(
inout
bitstring
b
,
out
EtsiTs102941TypesAuthorizationValidation
.
AuthorizationValidationRequest
p
)
return
integer
external
function
fx_dec_AuthorizationValidationRequest
(
inout
bitstring
b
,
out
EtsiTs102941TypesAuthorizationValidation
.
AuthorizationValidationRequest
p
)
return
integer
with
{
extension
"prototype(sliding) decode(PER)"
}
with
{
extension
"prototype(sliding) decode(PER)"
}
/**
* @desc Encoding function for EtsiTs102941BaseTypes PublicKeys
* @param p The certificate to encode
* @return The encode message in OER format
*/
external
function
fx_enc_PublicKeys
(
in
EtsiTs102941BaseTypes
.
PublicKeys
p
)
return
bitstring
with
{
extension
"prototype(convert) encode(PER)"
}
external
function
fx_dec_PublicKeys
(
inout
bitstring
b
,
out
EtsiTs102941BaseTypes
.
PublicKeys
p
)
return
integer
with
{
extension
"prototype(sliding) decode(PER)"
}
/**
* @desc Encoding function for IEEE1609dot2BaseTypes PublicVerificationKey
* @param p The certificate to encode
* @return The encode message in OER format
*/
external
function
fx_enc_PublicVerificationKey
(
in
IEEE1609dot2BaseTypes
.
PublicVerificationKey
p
)
return
bitstring
with
{
extension
"prototype(convert) encode(PER)"
}
external
function
fx_dec_PublicVerificationKey
(
inout
bitstring
b
,
out
IEEE1609dot2BaseTypes
.
PublicVerificationKey
p
)
return
integer
with
{
extension
"prototype(sliding) decode(PER)"
}
/**
* @desc Encoding function for IEEE1609dot2BaseTypes PublicEncryptionKey
* @param p The certificate to encode
* @return The encode message in OER format
*/
external
function
fx_enc_PublicEncryptionKey
(
in
IEEE1609dot2BaseTypes
.
PublicEncryptionKey
p
)
return
bitstring
with
{
extension
"prototype(convert) encode(PER)"
}
external
function
fx_dec_PublicEncryptionKey
(
inout
bitstring
b
,
out
IEEE1609dot2BaseTypes
.
PublicEncryptionKey
p
)
return
integer
with
{
extension
"prototype(sliding) decode(PER)"
}
}
// End of module LibItsPki_EncdecDeclarations
}
// End of module LibItsPki_EncdecDeclarations
ttcn/Pki/LibItsPki_Functions.ttcn
View file @
d35994ab
...
@@ -327,9 +327,31 @@ module LibItsPki_Functions {
...
@@ -327,9 +327,31 @@ module LibItsPki_Functions {
out
octetstring
p_public_key_compressed
,
out
octetstring
p_public_key_compressed
,
out
integer
p_compressed_mode
out
integer
p_compressed_mode
)
return
boolean
{
)
return
boolean
{
if
(
PX_EC_ALG
==
e_nist_p256
)
{
if
(
PX_VE_ALG
==
e_nist_p256
)
{
f_generate_key_pair_nistp256
(
p_private_key
,
p_public_key_x
,
p_public_key_y
,
p_public_key_compressed
,
p_compressed_mode
);
}
else
if
(
PX_VE_ALG
==
e_brainpool_p256_r1
)
{
f_generate_key_pair_brainpoolp256
(
p_private_key
,
p_public_key_x
,
p_public_key_y
,
p_public_key_compressed
,
p_compressed_mode
);
}
else
if
(
PX_VE_ALG
==
e_brainpool_p384_r1
)
{
f_generate_key_pair_brainpoolp384
(
p_private_key
,
p_public_key_x
,
p_public_key_y
,
p_public_key_compressed
,
p_compressed_mode
);
}
else
{
// error
return
false
;
}
return
true
;
}
function
f_generate_key_pair_for_encryption
(
in
SecurityAlg
p_algorithm
,
out
octetstring
p_private_key
,
out
octetstring
p_public_key_x
,
out
octetstring
p_public_key_y
,
out
octetstring
p_public_key_compressed
,
out
integer
p_compressed_mode
)
return
boolean
{
if
(
p_algorithm
==
e_nist_p256
)
{
f_generate_key_pair_nistp256
(
p_private_key
,
p_public_key_x
,
p_public_key_y
,
p_public_key_compressed
,
p_compressed_mode
);
f_generate_key_pair_nistp256
(
p_private_key
,
p_public_key_x
,
p_public_key_y
,
p_public_key_compressed
,
p_compressed_mode
);
}
else
if
(
PX_EC_ALG
==
e_brainpool_p256_r1
)
{
}
else
if
(
p_algorithm
==
e_brainpool_p256_r1
)
{
f_generate_key_pair_brainpoolp256
(
p_private_key
,
p_public_key_x
,
p_public_key_y
,
p_public_key_compressed
,
p_compressed_mode
);
f_generate_key_pair_brainpoolp256
(
p_private_key
,
p_public_key_x
,
p_public_key_y
,
p_public_key_compressed
,
p_compressed_mode
);
}
else
{
}
else
{
// error
// error
...
@@ -519,12 +541,12 @@ module LibItsPki_Functions {
...
@@ -519,12 +541,12 @@ module LibItsPki_Functions {
log
(
"f_http_build_inner_ec_request: Public encryption key comp: "
,
v_compressed_enc_key_mode
);
log
(
"f_http_build_inner_ec_request: Public encryption key comp: "
,
v_compressed_enc_key_mode
);
p_salt
:=
vc_eaWholeHash
;
p_salt
:=
vc_eaWholeHash
;
if
(
PICS_SECPKI_REENROLMENT
==
false
)
{
// This is the first enrolment, we used Factory keys
if
(
PICS_SECPKI_REENROLMENT
==
false
)
{
// This is the first enrolment, we used Factory keys
v_result
:=
f_build_pki_secured_request_message_signed_with_pop
(
PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY
,
valueof
(
m_signerIdentifier_self
),
vc_eaHashedId8
/*recipientId*/
,
v_public_enc_key
,
v_compressed_enc_key_mode
,
p_salt
,
bit2oct
(
encvalue
(
m_etsiTs102941Data_inner_ec_request_signed_for_pop
(
v_inner_ec_request_signed_for_pop
))),
p_ieee1609dot2_signed_and_encrypted_data
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
,
p_request_hash
);
v_result
:=
f_build_pki_secured_request_message_signed_with_pop
(
PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY
,
valueof
(
m_signerIdentifier_self
),
vc_eaHashedId8
/*recipientId*/
,
v_public_enc_key
,
v_compressed_enc_key_mode
,
p_salt
,
bit2oct
(
encvalue
(
m_etsiTs102941Data_inner_ec_request_signed_for_pop
(
v_inner_ec_request_signed_for_pop
))),
PX_EC_ALG_FOR_EC
,
p_ieee1609dot2_signed_and_encrypted_data
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
,
p_request_hash
);
}
else
{
// We use last valid EC certificate
}
else
{
// We use last valid EC certificate
// TODO Retrieve EC certificate from the first enrolment instead of PX
// TODO Retrieve EC certificate from the first enrolment instead of PX
log
(
"f_http_build_inner_ec_request: v_ec_private_key: "
,
PX_EC_PRIVATE_KEY
);
log
(
"f_http_build_inner_ec_request: v_ec_private_key: "
,
PX_EC_PRIVATE_KEY
);
log
(
"f_http_build_inner_ec_request: v_ec_hashed_id8: "
,
PX_EC_HASHED_ID8
);
log
(
"f_http_build_inner_ec_request: v_ec_hashed_id8: "
,
PX_EC_HASHED_ID8
);
v_result
:=
f_build_pki_secured_request_message_signed_with_pop
(
PX_EC_PRIVATE_KEY
,
valueof
(
m_signerIdentifier_digest
(
PX_EC_HASHED_ID8
)),
PX_EC_HASHED_ID8
/*recipientId*/
,
v_public_enc_key
,
v_compressed_enc_key_mode
,
p_salt
,
bit2oct
(
encvalue
(
m_etsiTs102941Data_inner_ec_request_signed_for_pop
(
v_inner_ec_request_signed_for_pop
))),
p_ieee1609dot2_signed_and_encrypted_data
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
,
p_request_hash
);
v_result
:=
f_build_pki_secured_request_message_signed_with_pop
(
PX_EC_PRIVATE_KEY
,
valueof
(
m_signerIdentifier_digest
(
PX_EC_HASHED_ID8
)),
PX_EC_HASHED_ID8
/*recipientId*/
,
v_public_enc_key
,
v_compressed_enc_key_mode
,
p_salt
,
bit2oct
(
encvalue
(
m_etsiTs102941Data_inner_ec_request_signed_for_pop
(
v_inner_ec_request_signed_for_pop
))),
PX_EC_ALG_FOR_EC
,
p_ieee1609dot2_signed_and_encrypted_data
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
,
p_request_hash
);
}
}
if
(
v_result
==
false
)
{
if
(
v_result
==
false
)
{
log
(
"*** f_http_build_inner_ec_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"
);
log
(
"*** f_http_build_inner_ec_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"
);
...
@@ -582,12 +604,12 @@ module LibItsPki_Functions {
...
@@ -582,12 +604,12 @@ module LibItsPki_Functions {
log
(
"*** f_http_build_invalid_enrolment_request: Public encryption key comp: "
,
v_compressed_enc_key_mode
);
log
(
"*** f_http_build_invalid_enrolment_request: Public encryption key comp: "
,
v_compressed_enc_key_mode
);
p_salt
:=
vc_eaWholeHash
;
p_salt
:=
vc_eaWholeHash
;
if
(
PICS_SECPKI_REENROLMENT
==
false
)
{
// This is the first enrolment, we used Factory keys
if
(
PICS_SECPKI_REENROLMENT
==
false
)
{
// This is the first enrolment, we used Factory keys
v_ret_code
:=
f_build_pki_secured_request_message_signed_with_pop
(
PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY
,
valueof
(
m_signerIdentifier_self
),
vc_eaHashedId8
/*recipientId*/
,
v_public_enc_key
,
v_compressed_enc_key_mode
,
p_salt
,
bit2oct
(
encvalue
(
m_etsiTs102941Data_inner_ec_request_signed_for_pop
(
v_inner_ec_request_signed_for_pop
))),
p_ieee1609dot2_signed_and_encrypted_data
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
,
p_request_hash
);
v_ret_code
:=
f_build_pki_secured_request_message_signed_with_pop
(
PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY
,
valueof
(
m_signerIdentifier_self
),
vc_eaHashedId8
/*recipientId*/
,
v_public_enc_key
,
v_compressed_enc_key_mode
,
p_salt
,
bit2oct
(
encvalue
(
m_etsiTs102941Data_inner_ec_request_signed_for_pop
(
v_inner_ec_request_signed_for_pop
))),
PX_EC_ALG_FOR_EC
,
p_ieee1609dot2_signed_and_encrypted_data
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
,
p_request_hash
);
}
else
{
// We use last valid EC certificate
}
else
{
// We use last valid EC certificate
// TODO Retrieve EC certificate from the first enrolment instead of PX
// TODO Retrieve EC certificate from the first enrolment instead of PX
log
(
"f_http_build_inner_ec_request: v_ec_private_key: "
,
PX_EC_PRIVATE_KEY
);
log
(
"f_http_build_inner_ec_request: v_ec_private_key: "
,
PX_EC_PRIVATE_KEY
);
log
(
"f_http_build_inner_ec_request: v_ec_hashed_id8: "
,
PX_EC_HASHED_ID8
);
log
(
"f_http_build_inner_ec_request: v_ec_hashed_id8: "
,
PX_EC_HASHED_ID8
);
v_ret_code
:=
f_build_pki_secured_request_message_signed_with_pop
(
PX_EC_PRIVATE_KEY
,
valueof
(
m_signerIdentifier_digest
(
PX_EC_HASHED_ID8
)),
PX_EC_HASHED_ID8
/*recipientId*/
,
v_public_enc_key
,
v_compressed_enc_key_mode
,
p_salt
,
bit2oct
(
encvalue
(
m_etsiTs102941Data_inner_ec_request_signed_for_pop
(
v_inner_ec_request_signed_for_pop
))),
p_ieee1609dot2_signed_and_encrypted_data
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
,
p_request_hash
);
v_ret_code
:=
f_build_pki_secured_request_message_signed_with_pop
(
PX_EC_PRIVATE_KEY
,
valueof
(
m_signerIdentifier_digest
(
PX_EC_HASHED_ID8
)),
PX_EC_HASHED_ID8
/*recipientId*/
,
v_public_enc_key
,
v_compressed_enc_key_mode
,
p_salt
,
bit2oct
(
encvalue
(
m_etsiTs102941Data_inner_ec_request_signed_for_pop
(
v_inner_ec_request_signed_for_pop
))),
PX_EC_ALG_FOR_EC
,
p_ieee1609dot2_signed_and_encrypted_data
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
,
p_request_hash
);
}
}
if
(
v_ret_code
==
false
)
{
if
(
v_ret_code
==
false
)
{
log
(
"*** f_http_build_invalid_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"
);
log
(
"*** f_http_build_invalid_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"
);
...
@@ -727,13 +749,13 @@ module LibItsPki_Functions {
...
@@ -727,13 +749,13 @@ module LibItsPki_Functions {
p_salt
:=
vc_aaWholeHash
;
p_salt
:=
vc_aaWholeHash
;
log
(
"*** f_http_build_authorization_request: p_salt: "
,
p_salt
);
log
(
"*** f_http_build_authorization_request: p_salt: "
,
p_salt
);
if
(
PICS_PKI_AUTH_POP
)
{
if
(
PICS_PKI_AUTH_POP
)
{
if
(
f_build_pki_secured_request_message_signed_with_pop
(
p_private_key
,
valueof
(
m_signerIdentifier_self
),
vc_aaHashedId8
/*recipientId*/
,
v_public_enc_key
,
v_compressed_enc_key_mode
,
p_salt
,
bit2oct
(
encvalue
(
m_etsiTs102941Data_authorization_request
(
v_inner_at_request
))),
p_ieee1609dot2_signed_and_encrypted_data
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
,
p_request_hash
)
==
false
)
{
if
(
f_build_pki_secured_request_message_signed_with_pop
(
p_private_key
,
valueof
(
m_signerIdentifier_self
),
vc_aaHashedId8
/*recipientId*/
,
v_public_enc_key
,
v_compressed_enc_key_mode
,
p_salt
,
bit2oct
(
encvalue
(
m_etsiTs102941Data_authorization_request
(
v_inner_at_request
))),
PX_EC_ALG_FOR_AT
,
p_ieee1609dot2_signed_and_encrypted_data
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
,
p_request_hash
)
==
false
)
{
log
(
"*** f_http_build_authorization_request: ERROR: Failed to generate Authorization Request ***"
);
log
(
"*** f_http_build_authorization_request: ERROR: Failed to generate Authorization Request ***"
);
f_selfOrClientSyncAndVerdict
(
"error"
,
e_error
);
f_selfOrClientSyncAndVerdict
(
"error"
,
e_error
);
}
}
}
else
{
// Only encryption of EtsiTs102941Data/InnerAtRequest
}
else
{
// Only encryption of EtsiTs102941Data/InnerAtRequest
log
(
"*** f_http_build_authorization_request: POP signature not applied"
);
log
(
"*** f_http_build_authorization_request: POP signature not applied"
);
if
(
f_build_pki_secured_request_message_for_authorization
(
vc_aaHashedId8
/*recipientId*/
,
v_public_enc_key
,
v_compressed_enc_key_mode
,
p_salt
,
bit2oct
(
encvalue
(
m_etsiTs102941Data_authorization_request
(
v_inner_at_request
))),
p_ieee1609dot2_signed_and_encrypted_data
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
,
p_request_hash
)
==
false
)
{
if
(
f_build_pki_secured_request_message_for_authorization
(
vc_aaHashedId8
/*recipientId*/
,
v_public_enc_key
,
v_compressed_enc_key_mode
,
p_salt
,
bit2oct
(
encvalue
(
m_etsiTs102941Data_authorization_request
(
v_inner_at_request
))),
PX_EC_ALG_FOR_AT
,
p_ieee1609dot2_signed_and_encrypted_data
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
,
p_request_hash
)
==
false
)
{
log
(
"*** f_http_build_authorization_request: ERROR: Failed to generate Authorization Request ***"
);
log
(
"*** f_http_build_authorization_request: ERROR: Failed to generate Authorization Request ***"
);
f_selfOrClientSyncAndVerdict
(
"error"
,
e_error
);
f_selfOrClientSyncAndVerdict
(
"error"
,
e_error
);
}
}
...
@@ -796,13 +818,13 @@ module LibItsPki_Functions {
...
@@ -796,13 +818,13 @@ module LibItsPki_Functions {
p_salt
:=
vc_aaWholeHash
;
p_salt
:=
vc_aaWholeHash
;
log
(
"*** f_http_build_authorization_request_with_wrong_private_key: p_salt: "
,
p_salt
);
log
(
"*** f_http_build_authorization_request_with_wrong_private_key: p_salt: "
,
p_salt
);
if
(
PICS_PKI_AUTH_POP
)
{
if
(
PICS_PKI_AUTH_POP
)
{
if
(
f_build_pki_secured_request_message_signed_with_pop
(
p_private_key
,
valueof
(
m_signerIdentifier_self
),
vc_aaHashedId8
/*recipientId*/
,
v_public_enc_key
,
v_compressed_enc_key_mode
,
p_salt
,
bit2oct
(
encvalue
(
m_etsiTs102941Data_authorization_request
(
v_inner_at_request
))),
p_ieee1609dot2_signed_and_encrypted_data
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
,
p_request_hash
)
==
false
)
{
if
(
f_build_pki_secured_request_message_signed_with_pop
(
p_private_key
,
valueof
(
m_signerIdentifier_self
),
vc_aaHashedId8
/*recipientId*/
,
v_public_enc_key
,
v_compressed_enc_key_mode
,
p_salt
,
bit2oct
(
encvalue
(
m_etsiTs102941Data_authorization_request
(
v_inner_at_request
))),
PX_EC_ALG_FOR_AT
,
p_ieee1609dot2_signed_and_encrypted_data
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
,
p_request_hash
)
==
false
)
{
log
(
"*** f_http_build_authorization_request_with_wrong_private_key: ERROR: Failed to generate Authorization Request ***"
);
log
(
"*** f_http_build_authorization_request_with_wrong_private_key: ERROR: Failed to generate Authorization Request ***"
);
f_selfOrClientSyncAndVerdict
(
"error"
,
e_error
);
f_selfOrClientSyncAndVerdict
(
"error"
,
e_error
);
}
}
}
else
{
// Only encryption of EtsiTs102941Data/InnerAtRequest
}
else
{
// Only encryption of EtsiTs102941Data/InnerAtRequest
log
(
"*** f_http_build_authorization_request_with_wrong_private_key: POP signature not applied"
);
log
(
"*** f_http_build_authorization_request_with_wrong_private_key: POP signature not applied"
);
if
(
f_build_pki_secured_request_message_for_authorization
(
vc_aaHashedId8
/*recipientId*/
,
v_public_enc_key
,
v_compressed_enc_key_mode
,
p_salt
,
bit2oct
(
encvalue
(
m_etsiTs102941Data_authorization_request
(
v_inner_at_request
))),
p_ieee1609dot2_signed_and_encrypted_data
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
,
p_request_hash
)
==
false
)
{
if
(
f_build_pki_secured_request_message_for_authorization
(
vc_aaHashedId8
/*recipientId*/
,
v_public_enc_key
,
v_compressed_enc_key_mode
,
p_salt
,
bit2oct
(
encvalue
(
m_etsiTs102941Data_authorization_request
(
v_inner_at_request
))),
PX_EC_ALG_FOR_AT
,
p_ieee1609dot2_signed_and_encrypted_data
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
,
p_request_hash
)
==
false
)
{
log
(
"*** f_http_build_authorization_request_with_wrong_private_key: ERROR: Failed to generate Authorization Request ***"
);
log
(
"*** f_http_build_authorization_request_with_wrong_private_key: ERROR: Failed to generate Authorization Request ***"
);
f_selfOrClientSyncAndVerdict
(
"error"
,
e_error
);
f_selfOrClientSyncAndVerdict
(
"error"
,
e_error
);
}
}
...
@@ -932,7 +954,7 @@ module LibItsPki_Functions {
...
@@ -932,7 +954,7 @@ module LibItsPki_Functions {
log
(
"f_http_build_authorization_validation_request: Public encryption key comp: "
,
v_compressed_enc_key_mode
);
log
(
"f_http_build_authorization_validation_request: Public encryption key comp: "
,
v_compressed_enc_key_mode
);
p_salt
:=
vc_eaWholeHash
;
p_salt
:=
vc_eaWholeHash
;
log
(
"f_http_build_authorization_validation_request: p_salt: "
,
p_salt
);
log
(
"f_http_build_authorization_validation_request: p_salt: "
,
p_salt
);
if
(
f_build_pki_secured_request_message_signed_with_pop
(
p_private_key
,
valueof
(
m_signerIdentifier_
self
),
vc_eaHashedId8
/*recipientId*/
,
v_public_enc_key
,
v_compressed_enc_key_mode
,
p_salt
,
bit2oct
(
encvalue
(
m_etsiTs102941Data_authorization_validation_request
(
v_authorization_validation_request
))),
p_ieee1609dot2_signed_and_encrypted_data
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
,
p_request_hash
)
==
false
)
{
if
(
f_build_pki_secured_request_message_signed_with_pop
(
p_private_key
,
valueof
(
m_signerIdentifier_
digest
(
vc_aaHashedId8
)
),
vc_eaHashedId8
/*recipientId*/
,
v_public_enc_key
,
v_compressed_enc_key_mode
,
p_salt
,
bit2oct
(
encvalue
(
m_etsiTs102941Data_authorization_validation_request
(
v_authorization_validation_request
))),
PX_EC_ALG_FOR_ATV
,
p_ieee1609dot2_signed_and_encrypted_data
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
,
p_request_hash
)
==
false
)
{
log
(
"f_http_build_authorization_validation_request: Failed to generate Authorization Request"
);
log
(
"f_http_build_authorization_validation_request: Failed to generate Authorization Request"
);
f_selfOrClientSyncAndVerdict
(
"error"
,
e_error
);
f_selfOrClientSyncAndVerdict
(
"error"
,
e_error
);
}
}
...
@@ -976,18 +998,18 @@ module LibItsPki_Functions {
...
@@ -976,18 +998,18 @@ module LibItsPki_Functions {
v_ecc_p256_curve_point
:=
valueof
(
m_eccP256CurvePoint_compressed_y_1
(
p_public_key_compressed
));
v_ecc_p256_curve_point
:=
valueof
(
m_eccP256CurvePoint_compressed_y_1
(
p_public_key_compressed
));
}
}
if
(
PX_EC_ALG
==
e_nist_p256
)
{
if
(
PX_EC_ALG
_FOR_EC
==
e_nist_p256
)
{
v_public_verification_key
:=
valueof
(
v_public_verification_key
:=
valueof
(
m_publicVerificationKey_ecdsaNistP256
(
m_publicVerificationKey_ecdsaNistP256
(
v_ecc_p256_curve_point
v_ecc_p256_curve_point
));
));
}
else
if
(
PX_EC_ALG
==
e_brainpool_p256_r1
)
{
}
else
if
(
PX_EC_ALG
_FOR_EC
==
e_brainpool_p256_r1
)
{
v_public_verification_key
:=
valueof
(
v_public_verification_key
:=
valueof
(
m_publicVerificationKey_ecdsaBrainpoolP256r1
(
m_publicVerificationKey_ecdsaBrainpoolP256r1
(
v_ecc_p256_curve_point
v_ecc_p256_curve_point
));
));
}
else
{
}
else
{
log
(
"f_generate_ec_certificate: Wrong encryption algorithm, check PX_EC_ALG"
);
log
(
"f_generate_ec_certificate: Wrong encryption algorithm, check PX_EC_ALG
_FOR_xx
"
);
return
false
;
return
false
;
}
}
v_cert
:=
m_etsiTs103097Certificate
(
v_cert
:=
m_etsiTs103097Certificate
(
...
@@ -1127,19 +1149,19 @@ module LibItsPki_Functions {
...
@@ -1127,19 +1149,19 @@ module LibItsPki_Functions {
var
bitstring
v_enc_msg
;
var
bitstring
v_enc_msg
;
var
PublicVerificationKey
v_public_verification_key
;
var
PublicVerificationKey
v_public_verification_key
;
if
(
PX_EC_ALG
==
e_nist_p256
)
{
if
(
PX_EC_ALG
_FOR_AT
==
e_nist_p256
)
{
v_public_verification_key
:=
valueof
(
v_public_verification_key
:=
valueof
(
m_publicVerificationKey_ecdsaNistP256
(
m_publicVerificationKey_ecdsaNistP256
(
p_inner_ec_request
.
publicKeys
.
verificationKey
.
ecdsaNistP256
p_inner_ec_request
.
publicKeys
.
verificationKey
.
ecdsaNistP256
));
));
}
else
if
(
PX_EC_ALG
==
e_brainpool_p256_r1
)
{
}
else
if
(
PX_EC_ALG
_FOR_AT
==
e_brainpool_p256_r1
)
{
v_public_verification_key
:=
valueof
(
v_public_verification_key
:=
valueof
(
m_publicVerificationKey_ecdsaBrainpoolP256r1
(
m_publicVerificationKey_ecdsaBrainpoolP256r1
(
p_inner_ec_request
.
publicKeys
.
verificationKey
.
ecdsaBrainpoolP256r1
p_inner_ec_request
.
publicKeys
.
verificationKey
.
ecdsaBrainpoolP256r1
));
));
}
else
{
}
else
{
// Error
// Error
log
(
"f_generate_ec_certificate: Wrong encryption algorithm, check PX_EC_ALG"
);
log
(
"f_generate_ec_certificate: Wrong encryption algorithm, check PX_EC_ALG
_FOR_xx
"
);
return
false
;
return
false
;
}
}
v_cert
:=
m_etsiTs103097Certificate
(
v_cert
:=
m_etsiTs103097Certificate
(
...
@@ -1300,19 +1322,19 @@ module LibItsPki_Functions {
...
@@ -1300,19 +1322,19 @@ module LibItsPki_Functions {
),
),
m_certificateSubjectAttributes
(
m_certificateSubjectAttributes
(
{
// ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
{
// ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof
(
m_appPermissions
(
c_its_aid_SCR
,
{
bitmapSsp
:=
'
0
0
C0
'
O
}))
valueof
(
m_appPermissions
(
c_its_aid_SCR
,
{
bitmapSsp
:=
'
0
1
C0
'
O
}))
},
},
m_validityPeriod
(
m_validityPeriod
(
f_getCurrentTime
()
/
1000
,
f_getCurrentTime
()
/
1000
,
m_duration_
yea
rs
(
1
)
// TODO Use PIXIT
m_duration_
in_hou
rs
(
1
20
)
// TODO Use PIXIT
),
),
m_geographicRegion_identifiedRegion
(
omit
/*YANN TO restore
m_geographicRegion_identifiedRegion(
{
{
m_identifiedRegion_country_only(12), // TODO Use PIXIT
m_identifiedRegion_country_only(12), // TODO Use PIXIT
m_identifiedRegion_country_only(34) // TODO Use PIXIT
m_identifiedRegion_country_only(34) // TODO Use PIXIT
}
}
)
,
)*/
,
'
C0
'
O
// TODO Use PIXIT
omit
/*
'C0'O
*/
// TODO Use PIXIT
)
)
)
)
);
);
...
@@ -1476,7 +1498,9 @@ module LibItsPki_Functions {
...
@@ -1476,7 +1498,9 @@ module LibItsPki_Functions {
var
octetstring
public_enc_key_x
;
var
octetstring
public_enc_key_x
;
var
octetstring
public_enc_key_y
;
var
octetstring
public_enc_key_y
;
var
Oct32
v_hmac_key
;
var
Oct32
v_hmac_key
;
var
octetstring
v_message_to_tag
;
var
PublicVerificationKey
v_verification_tag
;
var
PublicEncryptionKey
v_encryption_tag
;
var
octetstring
v_encoded_tag
;
var
Oct16
v_key_tag
;
var
Oct16
v_key_tag
;
var
octetstring
v_hash_shared_at_request
;
var
octetstring
v_hash_shared_at_request
;
var
template
(
value
)
ToBeSignedData
v_tbs
;
var
template
(
value
)
ToBeSignedData
v_tbs
;
...
@@ -1488,7 +1512,7 @@ module LibItsPki_Functions {
...
@@ -1488,7 +1512,7 @@ module LibItsPki_Functions {
var
Signature
v_signature
;
var
Signature
v_signature
;
var
SequenceOfPsidSsp
v_appPermissions
:=
{
// ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
var
SequenceOfPsidSsp
v_appPermissions
:=
{
// ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof
(
m_appPermissions
(
c_its_aid_CAM
,
{
bitmapSsp
:=
'
01
FFFC
'
O
})),
valueof
(
m_appPermissions
(
c_its_aid_CAM
,
{
bitmapSsp
:=
'
01
FFFC
'
O
})),
valueof
(
m_appPermissions
(
c_its_aid_DENM
,
{
bitmapSsp
:=
'
01
FFFFFF
'
O
}))
valueof
(
m_appPermissions
(
c_its_aid_DENM
,
{
bitmapSsp
:=
'
01
FFFFFF
'
O
}))
// TODO Use PIXIT
};
};
// Generate verification keys for the certificate to be requested
// Generate verification keys for the certificate to be requested
...
@@ -1501,7 +1525,7 @@ module LibItsPki_Functions {
...
@@ -1501,7 +1525,7 @@ module LibItsPki_Functions {
log
(
"f_generate_inner_at_request: AT verification public compressed mode: "
,
p_compressed_key_mode
);
log
(
"f_generate_inner_at_request: AT verification public compressed mode: "
,
p_compressed_key_mode
);
// Generate encryption keys for the certificate to be requested
// Generate encryption keys for the certificate to be requested
if
(
PX_INCLUDE_ENCRYPTION_KEYS
)
{
if
(
PX_INCLUDE_ENCRYPTION_KEYS
)
{
if
(
f_generate_key_pair
(
p_private_enc_key
,
v_public_enc_key_x
,
v_public_enc_key_y
,
p_public_compressed_enc_key
,
p_compressed_enc_key_mode
)
==
false
)
{
if
(
f_generate_key_pair
_for_encryption
(
PX_EC_ALG_FOR_AT
,
p_private_enc_key
,
v_public_enc_key_x
,
v_public_enc_key_y
,
p_public_compressed_enc_key
,
p_compressed_enc_key_mode
)
==
false
)
{
log
(
"f_generate_inner_at_request: Failed to generate encryption key"
);
log
(
"f_generate_inner_at_request: Failed to generate encryption key"
);
return
false
;
return
false
;
}
else
{
}
else
{
...
@@ -1533,23 +1557,56 @@ module LibItsPki_Functions {
...
@@ -1533,23 +1557,56 @@ module LibItsPki_Functions {
log
(
"f_generate_inner_at_request: v_hmac_key= "
,
v_hmac_key
);
log
(
"f_generate_inner_at_request: v_hmac_key= "
,
v_hmac_key
);
// Generate tag based on the concatenation of verification keys & encryption keys
// Generate tag based on the concatenation of verification keys & encryption keys
if
(
p_compressed_key_mode
==
0
)
{
if
(
PX_VE_ALG
==
e_nist_p256
)
{
v_message_to_tag
:=
'02'O
&
p_public_key_compressed
;
if
(
p_compressed_key_mode
==
0
)
{
v_verification_tag
.
ecdsaNistP256
.
compressed_y_0
:=
p_public_key_compressed
;
}
else
{
v_verification_tag
.
ecdsaNistP256
.
compressed_y_1
:=
p_public_key_compressed
;
}
}
else
if
(
PX_VE_ALG
==
e_brainpool_p256_r1
)
{
if
(
p_compressed_key_mode
==
0
)
{
v_verification_tag
.
ecdsaBrainpoolP256r1
.
compressed_y_0
:=
p_public_key_compressed
;
}
else
{
v_verification_tag
.
ecdsaBrainpoolP256r1
.
compressed_y_1
:=
p_public_key_compressed
;
}
}
else
if
(
PX_VE_ALG
==
e_brainpool_p384_r1
)
{
if
(
p_compressed_key_mode
==
0
)
{
v_verification_tag
.
ecdsaBrainpoolP384r1
.
compressed_y_0
:=
p_public_key_compressed
;
}
else
{
v_verification_tag
.
ecdsaBrainpoolP384r1
.
compressed_y_1
:=
p_public_key_compressed
;
}
}
else
{
}
else
{
v_message_to_tag
:=
'03'O
&
p_public_key_compressed
;
log
(
"f_generate_inner_at_request: Failed to generate HMAC tag"
);
return
false
;
}
}
log
(
"f_generate_inner_at_request: v_verification_tag= "
,
v_verification_tag
);
v_encoded_tag
:=
bit2oct
(
encvalue
(
v_verification_tag
));
if
(
PX_INCLUDE_ENCRYPTION_KEYS
)
{
if
(
PX_INCLUDE_ENCRYPTION_KEYS
)
{
if
(
p_compressed_enc_key_mode
==
0
)
{
v_encryption_tag
.
supportedSymmAlg
:=
aes128Ccm
;
v_message_to_tag
:=
v_message_to_tag
&
'02'O
&
p_public_compressed_enc_key
;
if
(
PX_EC_ALG_FOR_AT
==
e_nist_p256
)
{
if
(
p_compressed_enc_key_mode
==
0
)
{
v_encryption_tag
.
publicKey
.
eciesNistP256
.
compressed_y_0
:=
p_public_compressed_enc_key
;
}
else
{
v_encryption_tag
.
publicKey
.
eciesNistP256
.
compressed_y_1
:=
p_public_compressed_enc_key
;
}
}
else
if
(
PX_EC_ALG_FOR_AT
==
e_brainpool_p256_r1
)
{
if
(
p_compressed_enc_key_mode
==
0
)
{
v_encryption_tag
.
publicKey
.
eciesBrainpoolP256r1
.
compressed_y_0
:=
p_public_compressed_enc_key
;
}
else
{
v_encryption_tag
.
publicKey
.
eciesBrainpoolP256r1
.
compressed_y_1
:=
p_public_compressed_enc_key
;
}
}
else
{
}
else
{
v_message_to_tag
:=
v_message_to_tag
&
'03'O
&
p_public_compressed_enc_key
;
log
(
"f_generate_inner_at_request: Failed to generate HMAC tag (enc)"
);
return
false
;
}
}
log
(
"f_generate_inner_at_request: v_encryption_tag= "
,
v_encryption_tag
);
v_encoded_tag
:=
v_encoded_tag
&
bit2oct
(
encvalue
(
v_encryption_tag
));
}
}
log
(
"f_generate_inner_at_request: v_
message_to
_tag= "
,
v_
message_to_tag
);
// FIXME encryption keys could be optional
log
(
"f_generate_inner_at_request: v_
encoded
_tag= "
,
v_
encoded_tag
);
v_key_tag
:=
substr
(
v_key_tag
:=
substr
(
fx_hmac_sha256
(
// TODO Rename and use a wrapper function
fx_hmac_sha256
(
// TODO Rename and use a wrapper function
v_hmac_key
,
v_hmac_key
,
v_
message_to
_tag
v_
encoded
_tag
),
),
0
,
0
,
16
);
// Leftmost 128 bits of the HMAC-SHA256 tag computed previously
16
);
// Leftmost 128 bits of the HMAC-SHA256 tag computed previously
...
@@ -1663,7 +1720,7 @@ module LibItsPki_Functions {
...
@@ -1663,7 +1720,7 @@ module LibItsPki_Functions {
var
EncryptedDataEncryptionKey
v_encrypted_data_encryption_key
;
var
EncryptedDataEncryptionKey
v_encrypted_data_encryption_key
;
// Use EA certificate for the encryption
// Use EA certificate for the encryption
if
(
PX_EC_ALG
==
e_nist_p256
)
{
if
(
PX_EC_ALG
_FOR_AT
==
e_nist_p256
)
{
if
(
ischosen
(
p_ea_certificate
.
toBeSigned
.
encryptionKey
.
publicKey
.
eciesNistP256
.
compressed_y_0
))
{
if
(
ischosen
(
p_ea_certificate
.
toBeSigned
.
encryptionKey
.
publicKey
.
eciesNistP256
.
compressed_y_0
))
{
v_public_enc_key
:=
p_ea_certificate
.
toBeSigned
.
encryptionKey
.
publicKey
.
eciesNistP256
.
compressed_y_0
;
v_public_enc_key
:=
p_ea_certificate
.
toBeSigned
.
encryptionKey
.
publicKey
.
eciesNistP256
.
compressed_y_0
;
v_compressed_mode
:=
0
;
v_compressed_mode
:=
0
;
...
@@ -1687,7 +1744,7 @@ module LibItsPki_Functions {
...
@@ -1687,7 +1744,7 @@ module LibItsPki_Functions {
v_encrypted_sym_key
,
v_encrypted_sym_key
,
v_authentication_vector
v_authentication_vector
)));
)));
}
else
if
(
PX_EC_ALG
==
e_brainpool_p256_r1
)
{
}
else
if
(
PX_EC_ALG
_FOR_AT
==
e_brainpool_p256_r1
)
{
if
(
ischosen
(
p_ea_certificate
.
toBeSigned
.
encryptionKey
.
publicKey
.
eciesBrainpoolP256r1
.
compressed_y_0
))
{
if
(
ischosen
(
p_ea_certificate
.
toBeSigned
.
encryptionKey
.
publicKey
.
eciesBrainpoolP256r1
.
compressed_y_0
))
{
v_public_enc_key
:=
p_ea_certificate
.
toBeSigned
.
encryptionKey
.
publicKey
.
eciesBrainpoolP256r1
.
compressed_y_0
;
v_public_enc_key
:=
p_ea_certificate
.
toBeSigned
.
encryptionKey
.
publicKey
.
eciesBrainpoolP256r1
.
compressed_y_0
;
v_compressed_mode
:=
0
;
v_compressed_mode
:=
0
;
...
@@ -2012,6 +2069,7 @@ module LibItsPki_Functions {
...
@@ -2012,6 +2069,7 @@ module LibItsPki_Functions {
in
integer
p_compressed_mode
,
in
integer
p_compressed_mode
,
in
octetstring
p_salt
,
in
octetstring
p_salt
,
in
octetstring
p_pki_message
,
in
octetstring
p_pki_message
,
in
SecurityAlg
p_enc_algorithm
,
// TODO Use RCA to check encryption alg
out
Ieee1609Dot2Data
p_ieee1609dot2_signed_and_encrypted_data
,
out
Ieee1609Dot2Data
p_ieee1609dot2_signed_and_encrypted_data
,
out
Oct16
p_aes_sym_key
,
out
Oct16
p_aes_sym_key
,
out
Oct16
p_encrypted_sym_key
,
out
Oct16
p_encrypted_sym_key
,
...
@@ -2039,6 +2097,7 @@ module LibItsPki_Functions {
...
@@ -2039,6 +2097,7 @@ module LibItsPki_Functions {
log
(
">>> f_build_pki_secured_request_message_signed_with_pop: p_public_key_compressed= "
,
p_public_key_compressed
);
log
(
">>> f_build_pki_secured_request_message_signed_with_pop: p_public_key_compressed= "
,
p_public_key_compressed
);
log
(
">>> f_build_pki_secured_request_message_signed_with_pop: p_salt= "
,
p_salt
);
log
(
">>> f_build_pki_secured_request_message_signed_with_pop: p_salt= "
,
p_salt
);
log
(
">>> f_build_pki_secured_request_message_signed_with_pop: p_pki_message= "
,
p_pki_message
);
log
(
">>> f_build_pki_secured_request_message_signed_with_pop: p_pki_message= "
,
p_pki_message
);
log
(
">>> f_build_pki_secured_request_message_signed_with_pop: p_enc_algorithm= "
,
p_enc_algorithm
);
// Signed the encoded PKI message
// Signed the encoded PKI message
v_tbs
:=
m_toBeSignedData
(
v_tbs
:=
m_toBeSignedData
(
...
@@ -2048,15 +2107,14 @@ module LibItsPki_Functions {
...
@@ -2048,15 +2107,14 @@ module LibItsPki_Functions {
m_headerInfo_inner_pki_request
(
-
,
(
f_getCurrentTime
()
*
1000
)
/*us*/
)
m_headerInfo_inner_pki_request
(
-
,
(
f_getCurrentTime
()
*
1000
)
/*us*/
)
);
);
log
(
"f_build_pki_secured_request_message_signed_with_pop: signer: "
,
p_signer_identifier
);
log
(
"f_build_pki_secured_request_message_signed_with_pop: signer: "
,
p_signer_identifier
);
if
(
PICS_SECPKI_REENROLMENT
==
false
)
{
// This is the first enrolment, we used Factory keys
if
(
ischosen
(
p_signer_identifier
.
self_
))
{
//if (ischosen(p_signer_identifier.self_)) {
v_tbs_signed
:=
f_signWithEcdsa
(
bit2oct
(
encvalue
(
v_tbs
)),
int2oct
(
0
,
32
),
p_private_key
);
v_tbs_signed
:=
f_signWithEcdsa
(
bit2oct
(
encvalue
(
v_tbs
)),
int2oct
(
0
,
32
),
p_private_key
);
}
else
{
}
else
{
/*
var charstring v_certificate_id;
var
charstring
v_certificate_id
;
var
octetstring
v_hash
;
var
octetstring
v_hash
;
fx_readCertificateFromDigest
(
p_signer_identifier
.
digest
,
v_certificate_id
);
// TODO Add a wrapper function
fx_readCertificateFromDigest
(
p_signer_identifier
.
digest
,
v_certificate_id
);
// TODO Add a wrapper function
f_getCertificateHash(v_certificate_id, v_hash);
*/
f_getCertificateHash
(
v_certificate_id
,
v_hash
);
v_tbs_signed
:=
f_signWithEcdsa
(
bit2oct
(
encvalue
(
v_tbs
)),
PX_EC_HASH
,
p_private_key
);
v_tbs_signed
:=
f_signWithEcdsa
(
bit2oct
(
encvalue
(
v_tbs
)),
v_hash
,
p_private_key
);
}
}
// Add the signature and create EtsiTs103097Data-Signed data structure
// Add the signature and create EtsiTs103097Data-Signed data structure
if
(
PX_VE_ALG
==
e_nist_p256
)
{
if
(
PX_VE_ALG
==
e_nist_p256
)
{
...
@@ -2109,9 +2167,9 @@ module LibItsPki_Functions {
...
@@ -2109,9 +2167,9 @@ module LibItsPki_Functions {
p_salt
:=
'
77
C0637C3558B3238FDE1EEC376DA080BE4076FB8491CA0F8C19FD34DF298CEB
'
O
;
p_salt
:=
'
77
C0637C3558B3238FDE1EEC376DA080BE4076FB8491CA0F8C19FD34DF298CEB
'
O
;
}
}
if
(
PX_EC_ALG
==
e_nist_p256
)
{
if
(
p_enc_algorithm
==
e_nist_p256
)
{
v_encrypted_request
:=
f_encryptWithEciesNistp256WithSha256
(
v_encoded_request
,
p_public_key_compressed
,
p_compressed_mode
,
p_salt
,
v_public_compressed_ephemeral_key
,
v_public_compressed_ephemeral_mode
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
,
PICS_SEC_FIXED_KEYS
);
v_encrypted_request
:=
f_encryptWithEciesNistp256WithSha256
(
v_encoded_request
,
p_public_key_compressed
,
p_compressed_mode
,
p_salt
,
v_public_compressed_ephemeral_key
,
v_public_compressed_ephemeral_mode
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
,
PICS_SEC_FIXED_KEYS
);
}
else
if
(
PX_EC_ALG
==
e_brainpool_p256_r1
)
{
}
else
if
(
p_enc_algorithm
==
e_brainpool_p256_r1
)
{
v_encrypted_request
:=
f_encryptWithEciesBrainpoolp256WithSha256
(
v_encoded_request
,
p_public_key_compressed
,
p_compressed_mode
,
p_salt
,
v_public_compressed_ephemeral_key
,
v_public_compressed_ephemeral_mode
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
,
PICS_SEC_FIXED_KEYS
);
v_encrypted_request
:=
f_encryptWithEciesBrainpoolp256WithSha256
(
v_encoded_request
,
p_public_key_compressed
,
p_compressed_mode
,
p_salt
,
v_public_compressed_ephemeral_key
,
v_public_compressed_ephemeral_mode
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
,
PICS_SEC_FIXED_KEYS
);
}
else
{
}
else
{
log
(
"f_build_pki_secured_request_message_signed_with_pop: Wrong encryption variant"
);
log
(
"f_build_pki_secured_request_message_signed_with_pop: Wrong encryption variant"
);
...
@@ -2135,7 +2193,7 @@ module LibItsPki_Functions {
...
@@ -2135,7 +2193,7 @@ module LibItsPki_Functions {
}
else
{
}
else
{
v_eccP256_curve_point
:=
valueof
(
m_eccP256CurvePoint_compressed_y_1
(
v_public_compressed_ephemeral_key
));
v_eccP256_curve_point
:=
valueof
(
m_eccP256CurvePoint_compressed_y_1
(
v_public_compressed_ephemeral_key
));
}
}
if
(
PX_EC_ALG
==
e_nist_p256
)
{
if
(
p_enc_algorithm
==
e_nist_p256
)
{
v_encrypted_data_encryption_key
:=
valueof
(
v_encrypted_data_encryption_key
:=
valueof
(
m_encryptedDataEncryptionKey_eciesNistP256
(
m_encryptedDataEncryptionKey_eciesNistP256
(
m_evciesP256EncryptedKey
(
m_evciesP256EncryptedKey
(
...
@@ -2143,7 +2201,7 @@ module LibItsPki_Functions {
...
@@ -2143,7 +2201,7 @@ module LibItsPki_Functions {
p_encrypted_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
p_authentication_vector
)));
)));
}
else
if
(
PX_EC_ALG
==
e_brainpool_p256_r1
)
{
}
else
if
(
p_enc_algorithm
==
e_brainpool_p256_r1
)
{
v_encrypted_data_encryption_key
:=
valueof
(
v_encrypted_data_encryption_key
:=
valueof
(
m_encryptedDataEncryptionKey_eciesBrainpoolP256r1
(
m_encryptedDataEncryptionKey_eciesBrainpoolP256r1
(
m_evciesP256EncryptedKey
(
m_evciesP256EncryptedKey
(
...
@@ -2205,6 +2263,7 @@ module LibItsPki_Functions {
...
@@ -2205,6 +2263,7 @@ module LibItsPki_Functions {
in
integer
p_compressed_mode
,
in
integer
p_compressed_mode
,
in
octetstring
p_salt
,
in
octetstring
p_salt
,
in
octetstring
p_pki_message
,
in
octetstring
p_pki_message
,
in
SecurityAlg
p_enc_algorithm
,
out
Ieee1609Dot2Data
p_ieee1609dot2_signed_and_encrypted_data
,
out
Ieee1609Dot2Data
p_ieee1609dot2_signed_and_encrypted_data
,
out
Oct16
p_aes_sym_key
,
out
Oct16
p_aes_sym_key
,
out
Oct16
p_encrypted_sym_key
,
out
Oct16
p_encrypted_sym_key
,
...
@@ -2227,9 +2286,9 @@ module LibItsPki_Functions {
...
@@ -2227,9 +2286,9 @@ module LibItsPki_Functions {
if
(
PICS_SEC_FIXED_KEYS
)
{
if
(
PICS_SEC_FIXED_KEYS
)
{
p_salt
:=
'
77
C0637C3558B3238FDE1EEC376DA080BE4076FB8491CA0F8C19FD34DF298CEB
'
O
;
p_salt
:=
'
77
C0637C3558B3238FDE1EEC376DA080BE4076FB8491CA0F8C19FD34DF298CEB
'
O
;
}
}
if
(
PX_EC_ALG
==
e_nist_p256
)
{
if
(
p_enc_algorithm
==
e_nist_p256
)
{
v_encrypted_request
:=
f_encryptWithEciesNistp256WithSha256
(
p_pki_message
,
p_public_key_compressed
,
p_compressed_mode
,
p_salt
,
v_public_compressed_ephemeral_key
,
v_public_compressed_ephemeral_mode
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
,
PICS_SEC_FIXED_KEYS
);
v_encrypted_request
:=
f_encryptWithEciesNistp256WithSha256
(
p_pki_message
,
p_public_key_compressed
,
p_compressed_mode
,
p_salt
,
v_public_compressed_ephemeral_key
,
v_public_compressed_ephemeral_mode
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
,
PICS_SEC_FIXED_KEYS
);
}
else
if
(
PX_EC_ALG
==
e_brainpool_p256_r1
)
{
}
else
if
(
p_enc_algorithm
==
e_brainpool_p256_r1
)
{
v_encrypted_request
:=
f_encryptWithEciesBrainpoolp256WithSha256
(
p_pki_message
,
p_public_key_compressed
,
p_compressed_mode
,
p_salt
,
v_public_compressed_ephemeral_key
,
v_public_compressed_ephemeral_mode
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
,
PICS_SEC_FIXED_KEYS
);
v_encrypted_request
:=
f_encryptWithEciesBrainpoolp256WithSha256
(
p_pki_message
,
p_public_key_compressed
,
p_compressed_mode
,
p_salt
,
v_public_compressed_ephemeral_key
,
v_public_compressed_ephemeral_mode
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
,
PICS_SEC_FIXED_KEYS
);
}
else
{
}
else
{
log
(
"f_build_pki_secured_request_message: Wrong encryption variant"
);
log
(
"f_build_pki_secured_request_message: Wrong encryption variant"
);
...
@@ -2253,7 +2312,7 @@ module LibItsPki_Functions {
...
@@ -2253,7 +2312,7 @@ module LibItsPki_Functions {
}
else
{
}
else
{
v_eccP256_curve_point
:=
valueof
(
m_eccP256CurvePoint_compressed_y_1
(
v_public_compressed_ephemeral_key
));
v_eccP256_curve_point
:=
valueof
(
m_eccP256CurvePoint_compressed_y_1
(
v_public_compressed_ephemeral_key
));
}
}
if
(
PX_EC_ALG
==
e_nist_p256
)
{
