Add BrainpoolP256r1 encryption support in AtsPki

db77b62a · Yann Garcia · 48352921 · db77b62a · db77b62a · db77b62a
Commit db77b62a authored Feb 04, 2019 by Yann Garcia
--- a/ttcn/Pki/LibItsPki_Functions.ttcn
+++ b/ttcn/Pki/LibItsPki_Functions.ttcn
--- a/ttcn/Pki/LibItsPki_Pics.ttcn
+++ b/ttcn/Pki/LibItsPki_Pics.ttcn
@@ -19,6 +19,26 @@ module LibItsPki_Pics {
   * @desc Does the IUT act as combined EA-AA device?
   */
  modulepar boolean PICS_IUT_COMBINED_EA_AA_ROLE := false;
+
+  /**
+   * @desc Does the IUT support enrolment?
+   */
+  modulepar boolean PICS_SECPKI_ENROLMENT := true;
+  
+  /**
+   * @desc Does the IUT support autorization?
+   */
+  modulepar boolean PICS_SECPKI_AUTHORIZATION := true;
+  
+  /**
+   * @desc Is a re-enrolment request?
+   */
+  modulepar boolean PICS_SECPKI_REENROLMENT := true;
+
+  /**
+   * @desc ?
+   */
+  modulepar boolean PICS_SECPKI_CRL := false;
  
  /**
   * @desc Certificate used by the IUT acting as ITS-S
@@ -105,11 +125,6 @@ module LibItsPki_Pics {
   */
  modulepar octetstring PICS_ITS_S_ENC_BRAINPOOLP384r1_PRIVATE_KEY := '6B4B4392511B252C904801466F5DA0A7F28E038E6656800CBB0CDCB3D32F862CA4D59CBDC1A19E98E9191582AF1DB3D7'O;
  
-  /**
-   * @desc Factory compressed public key for encryption Brainpool P384 r1
-   */
-  modulepar octetstring PICS_ITS_S_ENC_BRAINPOOLP384r1_PUBLIC_KEY := '027BB3104998F30B86B0C7C6CC9BFAECA7F7E99E8CE575D07B550028CCB15E1C95581B9B8520D40A35256021DDA63B785C'O;
-  
  /**
   * @desc Factory private key for verification Brainpool P384 r1
   */

--- a/ttcn/Pki/LibItsPki_Pixits.ttcn
+++ b/ttcn/Pki/LibItsPki_Pixits.ttcn
@@ -6,11 +6,9 @@ module LibItsPki_Pixits {
  
  // LibIts
  import from IEEE1609dot2BaseTypes language "ASN.1:1997" all;
-  
-  /**
-   * @desc Is the first enrolment?
-   */
-  modulepar boolean PX_FIRST_ENROLMENT := true;
+
+  // LibItsPki
+  import from LibItsPki_TypesAndValues all;
  
  /**
   * @desc Do the encryption keys be included in Authorization Request?
@@ -31,4 +29,15 @@ module LibItsPki_Pixits {
   * @desc Contains the hashed id8 of the EC certificate, used in case of re-enrolment
   */
  modulepar HashedId8 PX_EC_HASHED_ID8 := int2oct(0, 8);
+  
+  /**
+   * @desc Indicate which encryption algorithem to be used
+   */
+  modulepar SecurityAlg PX_EC_ALG := e_nist_p256;
+  
+  /**
+   * @desc Indicate which verification algorithem to be used
+   */
+  modulepar SecurityAlg PX_VE_ALG := e_nist_p256;
+  
 } // End of module LibItsPki_Pixits
--- a/ttcn/Pki/LibItsPki_TypesAndValues.ttcn
+++ b/ttcn/Pki/LibItsPki_TypesAndValues.ttcn
@@ -23,6 +23,12 @@ module LibItsPki_TypesAndValues {
    
  } // End of group constants
  
+  type enumerated SecurityAlg {
+    e_nist_p256 (0),
+    e_brainpool_p256_r1 (1),
+    e_brainpool_p384_r1 (2)
+  } // End of type SecurityAlg
+  
  group utPrimitives {

    /**
@@ -50,7 +56,8 @@ module LibItsPki_TypesAndValues {
     * @member  triggerEnrolmentRequest Request to trigger an EnrolmentRequest
     */
    type union UtPkiTrigger {
-      TriggerEnrolmentRequest triggerEnrolmentRequest
+      TriggerEnrolmentRequest     triggerEnrolmentRequest,
+      TriggerAuthorizationRequest triggerAuthorizationRequest
    } with {
      variant ""
    } // End of type UtPkiTrigger
@@ -71,6 +78,15 @@ module LibItsPki_TypesAndValues {
      variant "FIELDORDER(msb)"
    } // End of type TriggerEnrolmentRequest
    
+    type record TriggerAuthorizationRequest {
+      octetstring cannonicalId,
+      Oct1 encAlgorithm,
+      octetstring privateKey,
+      octetstring compressedPublickey
+    } with {
+      variant "FIELDORDER(msb)"
+    } // End of type TriggerAuthorizationRequest
+    
  } with {
    encode "UpperTester"
    variant ""

--- a/ttcn/Security/LibItsSecurity_Functions.ttcn
+++ b/ttcn/Security/LibItsSecurity_Functions.ttcn
@@ -325,25 +325,29 @@ module LibItsSecurity_Functions {
         */
        function f_encryptWithEciesBrainpoolp256WithSha256(
                                                           in octetstring p_toBeEncryptedSecuredMessage,
-                                                           in Oct32 p_recipientsPublicKeyX,
+                                                           in Oct32 p_recipientsPublicKeyCompressed,
                                                           in integer p_compressed_mode,
+                                                           in octetstring p_salt,
                                                           out Oct32 p_publicEphemeralKeyCompressed,
                                                           out integer p_ephemeralKeyModeCompressed,
                                                           out Oct16 p_aes_sym_key,
                                                           out Oct16 p_encrypted_sym_key,
                                                           out Oct16 p_authentication_vector,
-                                                           out Oct12 p_nonce
+                                                           out Oct12 p_nonce,
+                                                           in boolean p_use_hardcoded_values := false
        ) return octetstring {
          return fx_encryptWithEciesBrainpoolp256WithSha256(
                                                            p_toBeEncryptedSecuredMessage,
-                                                            p_recipientsPublicKeyX,
+                                                            p_recipientsPublicKeyCompressed,
                                                            p_compressed_mode,
+                                                            p_salt,
                                                            p_publicEphemeralKeyCompressed,
                                                            p_ephemeralKeyModeCompressed,
                                                            p_aes_sym_key,
                                                            p_encrypted_sym_key,
                                                            p_authentication_vector,
-                                                            p_nonce
+                                                            p_nonce,
+                                                            p_use_hardcoded_values
                                                            );
        } // End of function f_encryptWithEciesBrainpoolp256WithSha256
        
@@ -2387,7 +2391,9 @@ module LibItsSecurity_Functions {
             * @param   p_nonce                          The nonce vector of the AES 128 CCM symmetric key encryption
             * @return  The encrypted message
             */
-            external function fx_encryptWithEciesBrainpoolp256WithSha256(in octetstring p_toBeEncryptedSecuredMessage, in Oct32 p_recipientsPublicKeyCompressed, in integer p_compressed_mode, out Oct32 p_publicEphemeralKeyCompressed, out integer p_ephemeralKeyModeCompressed, out Oct16 p_aes_sym_key, out Oct16 p_encrypted_sym_key, out Oct16 p_authentication_vector, out Oct12 p_nonce) return octetstring;
+            external function fx_encryptWithEciesBrainpoolp256WithSha256(in octetstring p_toBeEncryptedSecuredMessage, in Oct32 p_recipientsPublicKeyCompressed, in integer p_compressed_mode, in octetstring p_salt, out Oct32 p_publicEphemeralKeyCompressed, out integer p_ephemeralKeyModeCompressed, out Oct16 p_aes_sym_key, out Oct16 p_encrypted_sym_key, out Oct16 p_authentication_vector, out Oct12 p_nonce, in boolean p_use_hardcoded_values := false) return octetstring;
+            
+            external function fx_test_encryptWithEciesBrainpoolp256WithSha256(in octetstring p_toBeEncryptedSecuredMessage, in Oct32 p_privateEphemeralKey, in Oct32 p_recipientPublicKeyX, in Oct32 p_recipientPublicKeyY, in octetstring p_salt, out Oct32 p_publicEphemeralKeyX, out Oct32 p_publicEphemeralKeyY, out Oct16 p_aes_sym_key, out Oct16 p_encrypted_sym_key, out Oct16 p_authentication_vector, out Oct12 p_nonce) return octetstring;
            
            /**
             * @desc    Produces a Elliptic Curve Digital Encrytion Algorithm (ECIES) decryption using Brainpool-P256 algorithm