Commit e7fd225d authored by YannGarcia's avatar YannGarcia
Browse files

Bug fixed on Verification algorithm support

parent 41563399
...@@ -716,8 +716,10 @@ module LibItsPki_Functions { ...@@ -716,8 +716,10 @@ module LibItsPki_Functions {
// Modify signature to get an error // Modify signature to get an error
if (ischosen(v_inner_ec_request_signed_for_pop.content.signedData.signature_.ecdsaNistP256Signature)) { if (ischosen(v_inner_ec_request_signed_for_pop.content.signedData.signature_.ecdsaNistP256Signature)) {
v_inner_ec_request_signed_for_pop.content.signedData.signature_.ecdsaNistP256Signature.sSig[1] := bit2oct('10101010'B xor4b oct2bit(v_inner_ec_request_signed_for_pop.content.signedData.signature_.ecdsaNistP256Signature.sSig[1])); v_inner_ec_request_signed_for_pop.content.signedData.signature_.ecdsaNistP256Signature.sSig[1] := bit2oct('10101010'B xor4b oct2bit(v_inner_ec_request_signed_for_pop.content.signedData.signature_.ecdsaNistP256Signature.sSig[1]));
} else { } else if (ischosen(v_inner_ec_request_signed_for_pop.content.signedData.signature_.ecdsaBrainpoolP256r1Signature)) {
v_inner_ec_request_signed_for_pop.content.signedData.signature_.ecdsaBrainpoolP256r1Signature.sSig[1] := bit2oct('10101010'B xor4b oct2bit(v_inner_ec_request_signed_for_pop.content.signedData.signature_.ecdsaBrainpoolP256r1Signature.sSig[1])); v_inner_ec_request_signed_for_pop.content.signedData.signature_.ecdsaBrainpoolP256r1Signature.sSig[1] := bit2oct('10101010'B xor4b oct2bit(v_inner_ec_request_signed_for_pop.content.signedData.signature_.ecdsaBrainpoolP256r1Signature.sSig[1]));
} else {
v_inner_ec_request_signed_for_pop.content.signedData.signature_.ecdsaBrainpoolP384r1Signature.sSig[1] := bit2oct('10101010'B xor4b oct2bit(v_inner_ec_request_signed_for_pop.content.signedData.signature_.ecdsaBrainpoolP384r1Signature.sSig[1]));
} }
// Secure InnerEcRequestSignedForPoP message // Secure InnerEcRequestSignedForPoP message
...@@ -1640,7 +1642,7 @@ module LibItsPki_Functions { ...@@ -1640,7 +1642,7 @@ module LibItsPki_Functions {
// Local variables // Local variables
var Oct32 v_public_key_x; var Oct32 v_public_key_x;
var Oct32 v_public_key_y; var Oct32 v_public_key_y;
var EccP256CurvePoint v_eccP256_curve_point; var PublicVerificationKey v_public_verification_key;
log (">>> f_generate_inner_ec_request"); log (">>> f_generate_inner_ec_request");
// Generate keys for the certificate to be requested // Generate keys for the certificate to be requested
...@@ -1648,17 +1650,37 @@ module LibItsPki_Functions { ...@@ -1648,17 +1650,37 @@ module LibItsPki_Functions {
log ("f_generate_inner_ec_request: failed to generate keys"); log ("f_generate_inner_ec_request: failed to generate keys");
return false; return false;
} }
// Build the Proof of Possession InnerEcRequest
if (PX_VE_ALG == e_nist_p256) {
var EccP256CurvePoint v_eccP256_curve_point;
if (p_compressed_mode == 0) { if (p_compressed_mode == 0) {
v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_0(p_public_key_compressed)); v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_0(p_public_key_compressed));
} else { } else {
v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_1(p_public_key_compressed)); v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_1(p_public_key_compressed));
} }
// Build the Proof of Possession InnerEcRequest v_public_verification_key := valueof(m_publicVerificationKey_ecdsaNistP256(v_eccP256_curve_point));
} else if (PX_VE_ALG == e_brainpool_p256_r1) {
var EccP256CurvePoint v_eccP256_curve_point;
if (p_compressed_mode == 0) {
v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_0(p_public_key_compressed));
} else {
v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_1(p_public_key_compressed));
}
v_public_verification_key := valueof(m_publicVerificationKey_ecdsaBrainpoolP256r1(v_eccP256_curve_point));
} else {
var EccP384CurvePoint v_eccP384_curve_point;
if (p_compressed_mode == 0) {
v_eccP384_curve_point := valueof(m_eccP384CurvePoint_compressed_y_0(p_public_key_compressed));
} else {
v_eccP384_curve_point := valueof(m_eccP384CurvePoint_compressed_y_1(p_public_key_compressed));
}
v_public_verification_key := valueof(m_publicVerificationKey_ecdsaBrainpoolP384r1(v_eccP384_curve_point));
}
p_inner_ec_request := valueof( p_inner_ec_request := valueof(
m_innerEcRequest( m_innerEcRequest(
PICS_ITS_S_CANONICAL_ID, PICS_ITS_S_CANONICAL_ID,
m_publicKeys( m_publicKeys(
m_publicVerificationKey_ecdsaNistP256(v_eccP256_curve_point) v_public_verification_key
), ),
m_certificateSubjectAttributes_id_name( m_certificateSubjectAttributes_id_name(
oct2char(PICS_ITS_S_CANONICAL_ID), oct2char(PICS_ITS_S_CANONICAL_ID),
...@@ -1702,7 +1724,10 @@ module LibItsPki_Functions { ...@@ -1702,7 +1724,10 @@ module LibItsPki_Functions {
// Local variables // Local variables
var Oct32 v_public_key_x; var Oct32 v_public_key_x;
var Oct32 v_public_key_y; var Oct32 v_public_key_y;
var EccP256CurvePoint v_eccP256_curve_point; var octetstring v_private_key;
var octetstring v_public_key_compressed;
var integer v_compressed_mode;
var PublicVerificationKey v_public_verification_key;
log (">>> f_generate_inner_ec_request_with_wrong_parameters"); log (">>> f_generate_inner_ec_request_with_wrong_parameters");
// Generate keys for the certificate to be requested // Generate keys for the certificate to be requested
...@@ -1711,33 +1736,47 @@ module LibItsPki_Functions { ...@@ -1711,33 +1736,47 @@ module LibItsPki_Functions {
return false; return false;
} }
if (p_alter_private_key == false) { if (p_alter_private_key == false) {
if (p_compressed_mode == 0) { v_private_key := p_private_key;
v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_0(p_public_key_compressed)); v_public_key_compressed := p_public_key_compressed;
v_compressed_mode := p_compressed_mode;
} else { } else {
v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_1(p_public_key_compressed));
}
} else {
var octetstring v_private_key;
var octetstring v_public_key_compressed;
var integer v_compressed_mode;
log ("f_generate_inner_ec_request_with_wrong_parameters: Alter verify private key"); log ("f_generate_inner_ec_request_with_wrong_parameters: Alter verify private key");
if (f_generate_key_pair(v_private_key, v_public_key_x, v_public_key_y, v_public_key_compressed, v_compressed_mode) == false) { if (f_generate_key_pair(v_private_key, v_public_key_x, v_public_key_y, v_public_key_compressed, v_compressed_mode) == false) {
log ("f_generate_inner_ec_request_with_wrong_parameters: failed to generate keys"); log ("f_generate_inner_ec_request_with_wrong_parameters: failed to generate keys");
return false; return false;
} }
}
// Build the Proof of Possession InnerEcRequest
if (PX_VE_ALG == e_nist_p256) {
var EccP256CurvePoint v_eccP256_curve_point;
if (v_compressed_mode == 0) {
v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_0(v_public_key_compressed));
} else {
v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_1(v_public_key_compressed));
}
v_public_verification_key := valueof(m_publicVerificationKey_ecdsaNistP256(v_eccP256_curve_point));
} else if (PX_VE_ALG == e_brainpool_p256_r1) {
var EccP256CurvePoint v_eccP256_curve_point;
if (v_compressed_mode == 0) { if (v_compressed_mode == 0) {
v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_0(v_public_key_compressed)); v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_0(v_public_key_compressed));
} else { } else {
v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_1(v_public_key_compressed)); v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_1(v_public_key_compressed));
} }
v_public_verification_key := valueof(m_publicVerificationKey_ecdsaBrainpoolP256r1(v_eccP256_curve_point));
} else {
var EccP384CurvePoint v_eccP384_curve_point;
if (v_compressed_mode == 0) {
v_eccP384_curve_point := valueof(m_eccP384CurvePoint_compressed_y_0(v_public_key_compressed));
} else {
v_eccP384_curve_point := valueof(m_eccP384CurvePoint_compressed_y_1(v_public_key_compressed));
}
v_public_verification_key := valueof(m_publicVerificationKey_ecdsaBrainpoolP384r1(v_eccP384_curve_point));
} }
// Build the Proof of Possession InnerEcRequest
p_inner_ec_request := valueof( p_inner_ec_request := valueof(
m_innerEcRequest( m_innerEcRequest(
PICS_ITS_S_CANONICAL_ID, PICS_ITS_S_CANONICAL_ID,
m_publicKeys( m_publicKeys(
m_publicVerificationKey_ecdsaNistP256(v_eccP256_curve_point) v_public_verification_key
), ),
m_certificateSubjectAttributes_id_name( m_certificateSubjectAttributes_id_name(
oct2char(p_canonical_id), oct2char(p_canonical_id),
...@@ -1912,6 +1951,7 @@ module LibItsPki_Functions { ...@@ -1912,6 +1951,7 @@ module LibItsPki_Functions {
var octetstring v_public_enc_key_y; var octetstring v_public_enc_key_y;
var bitstring v_enc_value; var bitstring v_enc_value;
var octetstring v_ec_hash; var octetstring v_ec_hash;
var PublicVerificationKey v_public_verification_key;
var Oct8 v_ec_hashed_id8; var Oct8 v_ec_hashed_id8;
var octetstring public_enc_key_x; var octetstring public_enc_key_x;
var octetstring public_enc_key_y; var octetstring public_enc_key_y;
...@@ -1925,7 +1965,6 @@ module LibItsPki_Functions { ...@@ -1925,7 +1965,6 @@ module LibItsPki_Functions {
var octetstring v_tbs_signed; var octetstring v_tbs_signed;
var Ieee1609Dot2Data v_signed_at_signature; var Ieee1609Dot2Data v_signed_at_signature;
var template (value) EccP256CurvePoint v_eccP256_curve_point; var template (value) EccP256CurvePoint v_eccP256_curve_point;
var template (value) EccP256CurvePoint v_enc_eccP256_curve_point;
var HashAlgorithm v_hashId; var HashAlgorithm v_hashId;
var Signature v_signature; var Signature v_signature;
var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
...@@ -2019,7 +2058,6 @@ module LibItsPki_Functions { ...@@ -2019,7 +2058,6 @@ module LibItsPki_Functions {
log("f_generate_inner_at_request: v_tbs= ", v_tbs); log("f_generate_inner_at_request: v_tbs= ", v_tbs);
// Signed ToBeSigned payload using the private key of EC certificate obtained from Enrolment request // Signed ToBeSigned payload using the private key of EC certificate obtained from Enrolment request
// In case of ITS-S privacy, v_signed_at_signature contained the data to be encrypted // In case of ITS-S privacy, v_signed_at_signature contained the data to be encrypted
// TODO Simplify with f_signWithEcdsa
if (ischosen(p_ec_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1)) { if (ischosen(p_ec_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1)) {
v_hashId := sha384; v_hashId := sha384;
v_tbs_signed := f_signWithEcdsaBrainpoolp384WithSha384(bit2oct(encvalue(v_tbs)), v_ec_hash, p_ec_private_key); v_tbs_signed := f_signWithEcdsaBrainpoolp384WithSha384(bit2oct(encvalue(v_tbs)), v_ec_hash, p_ec_private_key);
...@@ -2172,22 +2210,40 @@ module LibItsPki_Functions { ...@@ -2172,22 +2210,40 @@ module LibItsPki_Functions {
p_inner_at_request.ecSignature := valueof(m_ec_signature_ext_payload(v_signed_at_signature)); p_inner_at_request.ecSignature := valueof(m_ec_signature_ext_payload(v_signed_at_signature));
} }
// Build the InnerAtRequest, EcSignature field is already set // Build the InnerAtRequest, EcSignature field is already set
if (ischosen(p_ec_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256)) {
if (p_compressed_key_mode == 0) { if (p_compressed_key_mode == 0) {
v_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_0(v_public_key_x); v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_0(v_public_key_x));
} else { } else {
v_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_1(v_public_key_x); v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_1(v_public_key_x));
} }
v_public_verification_key := valueof(m_publicVerificationKey_ecdsaNistP256(v_eccP256_curve_point));
} else if (ischosen(p_ec_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP256r1)) {
if (p_compressed_key_mode == 0) {
v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_0(v_public_key_x));
} else {
v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_1(v_public_key_x));
}
v_public_verification_key := valueof(m_publicVerificationKey_ecdsaBrainpoolP256r1(v_eccP256_curve_point));
} else {
var EccP384CurvePoint v_eccP384_curve_point;
if (p_compressed_key_mode == 0) {
v_eccP384_curve_point := valueof(m_eccP384CurvePoint_compressed_y_0(v_public_key_x));
} else {
v_eccP384_curve_point := valueof(m_eccP384CurvePoint_compressed_y_1(v_public_key_x));
}
v_public_verification_key := valueof(m_publicVerificationKey_ecdsaBrainpoolP384r1(v_eccP384_curve_point));
}
if (PX_INCLUDE_ENCRYPTION_KEYS) {
var template (value) EccP256CurvePoint v_enc_eccP256_curve_point;
if (p_compressed_enc_key_mode == 0) { if (p_compressed_enc_key_mode == 0) {
v_enc_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_0(v_public_enc_key_x); v_enc_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_0(v_public_enc_key_x);
} else { } else {
v_enc_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_1(v_public_enc_key_x); v_enc_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_1(v_public_enc_key_x);
} }
if (PX_INCLUDE_ENCRYPTION_KEYS) {
p_inner_at_request.publicKeys := valueof( // The freshly generated public verification & encrypition keys to be used for the requested AT certificate p_inner_at_request.publicKeys := valueof( // The freshly generated public verification & encrypition keys to be used for the requested AT certificate
m_publicKeys( m_publicKeys(
m_publicVerificationKey_ecdsaNistP256( v_public_verification_key,
v_eccP256_curve_point
),
m_encryptionKey( // FIXME Encryption keys could be optional m_encryptionKey( // FIXME Encryption keys could be optional
-, -,
m_publicEncryptionKey_ecdsaNistP256(v_enc_eccP256_curve_point) m_publicEncryptionKey_ecdsaNistP256(v_enc_eccP256_curve_point)
...@@ -2197,9 +2253,7 @@ module LibItsPki_Functions { ...@@ -2197,9 +2253,7 @@ module LibItsPki_Functions {
} else { } else {
p_inner_at_request.publicKeys := valueof( // The freshly generated public verification keys to be used for the requested AT certificate p_inner_at_request.publicKeys := valueof( // The freshly generated public verification keys to be used for the requested AT certificate
m_publicKeys( m_publicKeys(
m_publicVerificationKey_ecdsaNistP256( v_public_verification_key
v_eccP256_curve_point
)
) )
); );
} }
...@@ -2236,6 +2290,7 @@ module LibItsPki_Functions { ...@@ -2236,6 +2290,7 @@ module LibItsPki_Functions {
var octetstring v_public_enc_key_y; var octetstring v_public_enc_key_y;
var bitstring v_enc_value; var bitstring v_enc_value;
var octetstring v_ec_hash; var octetstring v_ec_hash;
var PublicVerificationKey v_public_verification_key;
var Oct8 v_ec_hashed_id8; var Oct8 v_ec_hashed_id8;
var octetstring public_enc_key_x; var octetstring public_enc_key_x;
var octetstring public_enc_key_y; var octetstring public_enc_key_y;
...@@ -2521,22 +2576,38 @@ module LibItsPki_Functions { ...@@ -2521,22 +2576,38 @@ module LibItsPki_Functions {
p_inner_at_request.ecSignature := valueof(m_ec_signature_ext_payload(v_signed_at_signature)); p_inner_at_request.ecSignature := valueof(m_ec_signature_ext_payload(v_signed_at_signature));
} }
// Build the InnerAtRequest, EcSignature field is already set // Build the InnerAtRequest, EcSignature field is already set
if (ischosen(p_ec_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256)) {
if (p_compressed_key_mode == 0) {
v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_0(v_public_key_x));
} else {
v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_1(v_public_key_x));
}
v_public_verification_key := valueof(m_publicVerificationKey_ecdsaNistP256(v_eccP256_curve_point));
} else if (ischosen(p_ec_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP256r1)) {
if (p_compressed_key_mode == 0) {
v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_0(v_public_key_x));
} else {
v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_1(v_public_key_x));
}
v_public_verification_key := valueof(m_publicVerificationKey_ecdsaBrainpoolP256r1(v_eccP256_curve_point));
} else {
var EccP384CurvePoint v_eccP384_curve_point;
if (p_compressed_key_mode == 0) { if (p_compressed_key_mode == 0) {
v_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_0(v_public_key_x); v_eccP384_curve_point := valueof(m_eccP384CurvePoint_compressed_y_0(v_public_key_x));
} else { } else {
v_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_1(v_public_key_x); v_eccP384_curve_point := valueof(m_eccP384CurvePoint_compressed_y_1(v_public_key_x));
} }
v_public_verification_key := valueof(m_publicVerificationKey_ecdsaBrainpoolP384r1(v_eccP384_curve_point));
}
if (PX_INCLUDE_ENCRYPTION_KEYS) {
if (p_compressed_enc_key_mode == 0) { if (p_compressed_enc_key_mode == 0) {
v_enc_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_0(v_public_enc_key_x); v_enc_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_0(v_public_enc_key_x);
} else { } else {
v_enc_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_1(v_public_enc_key_x); v_enc_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_1(v_public_enc_key_x);
} }
if (PX_INCLUDE_ENCRYPTION_KEYS) {
p_inner_at_request.publicKeys := valueof( // The freshly generated public verification & encrypition keys to be used for the requested AT certificate p_inner_at_request.publicKeys := valueof( // The freshly generated public verification & encrypition keys to be used for the requested AT certificate
m_publicKeys( m_publicKeys(
m_publicVerificationKey_ecdsaNistP256( v_public_verification_key,
v_eccP256_curve_point
),
m_encryptionKey( // FIXME Encryption keys could be optional m_encryptionKey( // FIXME Encryption keys could be optional
-, -,
m_publicEncryptionKey_ecdsaNistP256(v_enc_eccP256_curve_point) m_publicEncryptionKey_ecdsaNistP256(v_enc_eccP256_curve_point)
...@@ -2546,9 +2617,7 @@ module LibItsPki_Functions { ...@@ -2546,9 +2617,7 @@ module LibItsPki_Functions {
} else { } else {
p_inner_at_request.publicKeys := valueof( // The freshly generated public verification keys to be used for the requested AT certificate p_inner_at_request.publicKeys := valueof( // The freshly generated public verification keys to be used for the requested AT certificate
m_publicKeys( m_publicKeys(
m_publicVerificationKey_ecdsaNistP256( v_public_verification_key
v_eccP256_curve_point
)
) )
); );
} }
......
...@@ -31,15 +31,15 @@ module LibItsPki_Pixits { ...@@ -31,15 +31,15 @@ module LibItsPki_Pixits {
modulepar Oct32 PX_EC_HASH := int2oct(0, 32); modulepar Oct32 PX_EC_HASH := int2oct(0, 32);
/** /**
* @desc Indicate which encryption algorithem to be used * @desc Indicate which encryption algorithem to be used for Enrolment Credencial
*/ */
modulepar SecurityAlg PX_EC_ALG_FOR_EC := e_nist_p256; // TODO Use RCA to determine encryption algorithm? modulepar SecurityAlg PX_EC_ALG_FOR_EC := e_nist_p256; // TODO Use RCA to determine encryption algorithm?
/** /**
* @desc Indicate which encryption algorithem to be used * @desc Indicate which encryption algorithem to be used for Authorization Request
*/ */
modulepar SecurityAlg PX_EC_ALG_FOR_AT := e_nist_p256; modulepar SecurityAlg PX_EC_ALG_FOR_AT := e_nist_p256;
/** /**
* @desc Indicate which encryption algorithem to be used * @desc Indicate which encryption algorithem to be used for Authorization Validation Request
*/ */
modulepar SecurityAlg PX_EC_ALG_FOR_ATV := e_nist_p256; modulepar SecurityAlg PX_EC_ALG_FOR_ATV := e_nist_p256;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment