Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
TTCN-3 Libraries
LibIts
Commits
d7fb38fe
Commit
d7fb38fe
authored
Nov 22, 2018
by
Yann Garcia
Browse files
AtsPki validation: major bugs fixed
parent
bbaa3f82
Changes
1
Hide whitespace changes
Inline
Side-by-side
ttcn/Pki/LibItsPki_Functions.ttcn
View file @
d7fb38fe
...
@@ -330,9 +330,9 @@ module LibItsPki_Functions {
...
@@ -330,9 +330,9 @@ module LibItsPki_Functions {
log
(
"*** f_http_build_inner_ec_request: First enrolment: "
,
PX_FIRST_ENROLMENT
);
log
(
"*** f_http_build_inner_ec_request: First enrolment: "
,
PX_FIRST_ENROLMENT
);
p_salt
:=
vc_eaWholeHash
;
p_salt
:=
vc_eaWholeHash
;
if
(
PX_FIRST_ENROLMENT
==
true
)
{
// This is the first enrolment, we used Factory keys
if
(
PX_FIRST_ENROLMENT
==
true
)
{
// This is the first enrolment, we used Factory keys
v_ret_code
:=
f_build_pki_secured_message
(
PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY
,
valueof
(
m_signerIdentifier_self
),
vc_eaHashedId8
/*recipientId*/
,
v_public_enc_key
,
v_compressed_enc_key_mode
,
vc_eaWholeHash
,
bit2oct
(
v_inner_ec_request_signed_for_pop_msg
),
p_ieee1609dot2_signed_and_encrypted_data
);
v_ret_code
:=
f_build_pki_secured_message
(
PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY
,
valueof
(
m_signerIdentifier_self
),
vc_eaHashedId8
/*recipientId*/
,
v_public_enc_key
,
v_compressed_enc_key_mode
,
p_salt
,
bit2oct
(
v_inner_ec_request_signed_for_pop_msg
),
p_ieee1609dot2_signed_and_encrypted_data
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
);
}
else
{
// We use last valid EC certificate
}
else
{
// We use last valid EC certificate
v_ret_code
:=
f_build_pki_secured_message
(
vc_ecPrivateKey
,
valueof
(
m_signerIdentifier_digest
(
vc_ecHashedId8
)),
vc_eaHashedId8
/*recipientId*/
,
v_public_enc_key
,
v_compressed_enc_key_mode
,
vc_eaWholeHash
,
bit2oct
(
v_inner_ec_request_signed_for_pop_msg
),
p_ieee1609dot2_signed_and_encrypted_data
);
v_ret_code
:=
f_build_pki_secured_message
(
vc_ecPrivateKey
,
valueof
(
m_signerIdentifier_digest
(
vc_ecHashedId8
)),
vc_eaHashedId8
/*recipientId*/
,
v_public_enc_key
,
v_compressed_enc_key_mode
,
p_salt
,
bit2oct
(
v_inner_ec_request_signed_for_pop_msg
),
p_ieee1609dot2_signed_and_encrypted_data
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
);
}
}
if
(
v_ret_code
==
false
)
{
if
(
v_ret_code
==
false
)
{
log
(
"*** f_http_build_inner_ec_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"
);
log
(
"*** f_http_build_inner_ec_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"
);
...
@@ -382,9 +382,9 @@ module LibItsPki_Functions {
...
@@ -382,9 +382,9 @@ module LibItsPki_Functions {
log
(
"*** f_http_build_inner_ec_request: Public encryption key comp: "
,
v_compressed_enc_key_mode
);
log
(
"*** f_http_build_inner_ec_request: Public encryption key comp: "
,
v_compressed_enc_key_mode
);
p_salt
:=
vc_eaWholeHash
;
p_salt
:=
vc_eaWholeHash
;
if
(
PX_FIRST_ENROLMENT
==
true
)
{
// This is the first enrolment, we used Factory keys
if
(
PX_FIRST_ENROLMENT
==
true
)
{
// This is the first enrolment, we used Factory keys
v_ret_code
:=
f_build_pki_secured_message
(
PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY
,
valueof
(
m_signerIdentifier_self
),
vc_eaHashedId8
/*recipientId*/
,
v_public_enc_key
,
v_compressed_enc_key_mode
,
vc_eaWholeHash
,
bit2oct
(
encvalue
(
m_etsiTs102941Data_inner_ec_request_signed_for_pop
(
v_inner_ec_request_signed_for_pop
))),
p_ieee1609dot2_signed_and_encrypted_data
);
v_ret_code
:=
f_build_pki_secured_message
(
PICS_ITS_S_SIGN_NITSP256_PRIVATE_KEY
,
valueof
(
m_signerIdentifier_self
),
vc_eaHashedId8
/*recipientId*/
,
v_public_enc_key
,
v_compressed_enc_key_mode
,
p_salt
,
bit2oct
(
encvalue
(
m_etsiTs102941Data_inner_ec_request_signed_for_pop
(
v_inner_ec_request_signed_for_pop
))),
p_ieee1609dot2_signed_and_encrypted_data
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
);
}
else
{
// We use last valid EC certificate
}
else
{
// We use last valid EC certificate
v_ret_code
:=
f_build_pki_secured_message
(
vc_ecPrivateKey
,
valueof
(
m_signerIdentifier_digest
(
vc_ecHashedId8
)),
vc_eaHashedId8
/*recipientId*/
,
v_public_enc_key
,
v_compressed_enc_key_mode
,
vc_eaWholeHash
,
bit2oct
(
encvalue
(
m_etsiTs102941Data_inner_ec_request_signed_for_pop
(
v_inner_ec_request_signed_for_pop
))),
p_ieee1609dot2_signed_and_encrypted_data
);
v_ret_code
:=
f_build_pki_secured_message
(
vc_ecPrivateKey
,
valueof
(
m_signerIdentifier_digest
(
vc_ecHashedId8
)),
vc_eaHashedId8
/*recipientId*/
,
v_public_enc_key
,
v_compressed_enc_key_mode
,
p_salt
,
bit2oct
(
encvalue
(
m_etsiTs102941Data_inner_ec_request_signed_for_pop
(
v_inner_ec_request_signed_for_pop
))),
p_ieee1609dot2_signed_and_encrypted_data
,
p_aes_sym_key
,
p_encrypted_sym_key
,
p_authentication_vector
,
p_nonce
);
}
}
if
(
v_ret_code
==
false
)
{
if
(
v_ret_code
==
false
)
{
log
(
"*** f_http_build_invalid_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"
);
log
(
"*** f_http_build_invalid_enrolment_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***"
);
...
@@ -1073,10 +1073,12 @@ module LibItsPki_Functions {
...
@@ -1073,10 +1073,12 @@ module LibItsPki_Functions {
/**
/**
* @desc Verify the protocol element of the Pki message
* @desc Verify the protocol element of the Pki message
* @param p_private_key Private key for encryption
* @param p_private_key Private key for decryption
* @param p_publicEphemeralCompressedKey
* @param p_publicEphemeralCompressedKeyMode
* @param p_issuer Issuer
* @param p_issuer Issuer
* @param p_
peer_
certificate
IUT EA c
ertificate
identifier
* @param p_certificate
C
ertificate
to use for verification key
* @param p_ieee1609dot2_encrypted_and_signed_data The
public compressed key (canonical form) for encryption
* @param p_ieee1609dot2_encrypted_and_signed_data The
received encrypted and signed data
* @param p_check_security Set to true to check signatures
* @param p_check_security Set to true to check signatures
* @param p_etsi_ts_102941_data The EtsiTs102941Data message
* @param p_etsi_ts_102941_data The EtsiTs102941Data message
* @return true on success, false otherwise
* @return true on success, false otherwise
...
@@ -1103,7 +1105,7 @@ module LibItsPki_Functions {
...
@@ -1103,7 +1105,7 @@ module LibItsPki_Functions {
var
bitstring
v_etsi_ts_102941_data_msg
;
var
bitstring
v_etsi_ts_102941_data_msg
;
var
bitstring
v_tbs
;
var
bitstring
v_tbs
;
var
boolean
v_ret
;
var
boolean
v_ret
;
//var octetstring v_cyphered_text;
//var octetstring v_cyphered_text;
var
Oct16
v_authentication_vector
;
var
Oct16
v_authentication_vector
;
...
@@ -1155,7 +1157,7 @@ module LibItsPki_Functions {
...
@@ -1155,7 +1157,7 @@ module LibItsPki_Functions {
return false;
return false;
}
}
}*/
}*/
// 4. Return the PKI message
// 4. Return the PKI message
log
(
"v_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData= "
,
v_ieee1609dot2_signed_data
.
content
.
signedData
.
tbsData
.
payload
.
data
.
content
.
unsecuredData
);
log
(
"v_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData= "
,
v_ieee1609dot2_signed_data
.
content
.
signedData
.
tbsData
.
payload
.
data
.
content
.
unsecuredData
);
v_etsi_ts_102941_data_msg
:=
oct2bit
(
v_ieee1609dot2_signed_data
.
content
.
signedData
.
tbsData
.
payload
.
data
.
content
.
unsecuredData
);
v_etsi_ts_102941_data_msg
:=
oct2bit
(
v_ieee1609dot2_signed_data
.
content
.
signedData
.
tbsData
.
payload
.
data
.
content
.
unsecuredData
);
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
