Commit f69ead2f authored by Yann Garcia's avatar Yann Garcia
Browse files

Merge branch 'TTF0002' of https://forge.etsi.org/rep/LIBS/LibIts into TTF0002

parents 41d34340 5d19fb46
......@@ -2940,6 +2940,52 @@ module LibItsPki_Functions {
} // End of group authorization_validation_xxx
group dc {
function f_build_dc_ctl(
in charstring p_ea_certificate_id,
in charstring p_aa_certificate_id,
in charstring p_rca_certificate_id
) {
// Local variables
var EtsiTs103097Certificate v_ea_certificate;
var EtsiTs103097Certificate v_aa_certificate;
var EtsiTs103097Certificate v_rca_certificate;
var CtlCommands v_ctl_commands;
var ToBeSignedRcaCtl v_to_be_signed_rca_ctl;
var EtsiTs102941Data v_etsi_ts_102941_data;
var octetstring p_pki_message;
var ToBeSignedData v_tbs;
// Load certificates
f_readCertificate(p_ea_certificate_id, v_ea_certificate);
f_readCertificate(p_aa_certificate_id, v_aa_certificate);
f_readCertificate(p_rca_certificate_id, v_rca_certificate);
// Create ctrlCommnand list
v_ctl_commands := {
{ add := { rca := valueof(m_root_ca_entry(v_rca_certificate)) } },
{ add := { aa := valueof(m_aa_entry(v_aa_certificate, "http://www.etsi.org")) } },
{ add := { ea := valueof(m_ea_entry(v_ea_certificate, "http://www.etsi.org")) } }
};
// Build the main data structure
v_to_be_signed_rca_ctl := valueof(m_to_be_signed_rca_full_ctl(1000, 1, v_ctl_commands));
// Encode the main data structure
v_etsi_ts_102941_data := valueof(m_etsiTs102941Data_to_be_signed_rca_ctl(v_to_be_signed_rca_ctl));
p_pki_message := bit2oct(encvalue(v_etsi_ts_102941_data));
// Signed the encoded PKI message
v_tbs := valueof(
m_toBeSignedData(
m_signedDataPayload(
m_etsiTs103097Data_unsecured(p_pki_message)
),
m_headerInfo_inner_pki_response(-, (f_getCurrentTime() * 1000)/*us*/)
)
);
} // End of function f_build_dc_ctl
} // End of group dc
group rca {
function f_verify_rca_ctl_response_message(
......@@ -2951,7 +2997,7 @@ module LibItsPki_Functions {
var bitstring v_tbs;
var Certificate v_certificate;
var charstring v_certificate_id;
var Oct32 v_issuer;
var octetstring v_issuer;
var EtsiTs102941Data v_etsi_ts_102941_data;
log(">>> f_verify_rca_ctl_response_message: p_ieee1609dot2_signed_data= ", p_ieee1609dot2_signed_data);
......@@ -2964,8 +3010,9 @@ module LibItsPki_Functions {
return false;
}
}
f_getCertificateHash256(v_certificate_id, v_issuer);
f_getCertificateHash(v_certificate_id, v_issuer);
if (f_verifyEcdsa(bit2oct(v_tbs), v_issuer, p_ieee1609dot2_signed_data.content.signedData.signature_, v_certificate.toBeSigned.verifyKeyIndicator.verificationKey) == false) {
log("f_verify_rca_ctl_response_message: Failed to verify signature");
if (p_check_security == true) {
return false;
}
......@@ -3002,7 +3049,7 @@ module LibItsPki_Functions {
var bitstring v_tbs;
var Certificate v_certificate;
var charstring v_certificate_id;
var Oct32 v_issuer;
var octetstring v_issuer;
var EtsiTs102941Data v_etsi_ts_102941_data;
log(">>> f_verify_rca_crl_response_message: p_ieee1609dot2_signed_data= ", p_ieee1609dot2_signed_data);
......@@ -3015,8 +3062,9 @@ module LibItsPki_Functions {
return false;
}
}
f_getCertificateHash256(v_certificate_id, v_issuer);
f_getCertificateHash(v_certificate_id, v_issuer);
if (f_verifyEcdsa(bit2oct(v_tbs), v_issuer, p_ieee1609dot2_signed_data.content.signedData.signature_, v_certificate.toBeSigned.verifyKeyIndicator.verificationKey) == false) {
log("f_verify_rca_crl_response_message: Failed to verify signature");
if (p_check_security == true) {
return false;
}
......@@ -3853,7 +3901,7 @@ module LibItsPki_Functions {
m_etsiTs103097Data_unsecured(p_pki_message)
),
m_headerInfo_inner_pki_response(-, (f_getCurrentTime() * 1000)/*us*/)
);
);
if (ischosen(p_signer_identifier.self_)) {
v_tbs_signed := f_signWithEcdsaNistp256WithSha256(bit2oct(encvalue(v_tbs)), int2oct(0, 32), p_private_key);
} else {
......
......@@ -151,6 +151,15 @@ module LibItsPki_Templates {
) modifies mw_etsiTs103097Data_encrypted := {
} // End of template mw_authorizationResponseMessage
template (value) EtsiTs102941Data m_etsiTs102941Data_to_be_signed_rca_ctl(
in template (value) ToBeSignedRcaCtl p_to_be_signed_rca_ctl
) := {
version := PkiProtocolVersion,
content := {
certificateTrustListRca := p_to_be_signed_rca_ctl
}
} // End of template m_etsiTs102941Data_to_be_signed_rca_ctl
template (present) EtsiTs102941Data mw_etsiTs102941Data_to_be_signed_rca_ctl(
template (present) ToBeSignedRcaCtl p_to_be_signed_rca_ctl := ?
) := {
......@@ -548,6 +557,18 @@ module LibItsPki_Templates {
certIssuePermissions := p_certIssuePermissions
} // End of template mw_certificate_subject_attributes
template (value) ToBeSignedRcaCtl m_to_be_signed_rca_full_ctl(
in Time32 p_next_update,
in UInt8 p_ctl_sequence,
in CtlCommands p_ctl_commands
) := {
version := 1,
nextUpdate := p_next_update,
isFullCtl := true,
ctlSequence := p_ctl_sequence,
ctlCommands := p_ctl_commands
} // End of template m_to_be_signed_rca_ful_ctl
template (present) ToBeSignedRcaCtl mw_to_be_signed_rca_full_ctl := {
version := 1,
nextUpdate := ?,
......@@ -564,6 +585,17 @@ module LibItsPki_Templates {
ctlCommands := ?
} // End of template mw_to_be_signed_rca_delta_ctl
template (value) ToBeSignedCrl m_to_be_signed_crl(
in Time32 p_this_update,
in Time32 p_next_update,
in CrlEntries p_entries
) := {
version := 1,
thisUpdate := p_this_update,
nextUpdate := p_next_update,
entries := p_entries
} // End of template m_to_be_signed_crl
template (present) ToBeSignedCrl mw_to_be_signed_crl := {
version := 1,
thisUpdate := ?,
......@@ -580,6 +612,13 @@ module LibItsPki_Templates {
accessPoint := p_accessPoint
} // End of template mw_tlm_entry
template (value) RootCaEntry m_root_ca_entry(
in template (value) EtsiTs103097Certificate p_selfsignedRootCa
) := {
selfsignedRootCa := p_selfsignedRootCa,
linkRootCaCertificate := omit
} // End of template m_root_ca_entry
template (present) RootCaEntry mw_root_ca_entry(
template (present) EtsiTs103097Certificate p_selfsignedRootCa := ?
) := {
......@@ -587,6 +626,15 @@ module LibItsPki_Templates {
linkRootCaCertificate := *
} // End of template mw_root_ca_entry
template (value) EaEntry m_ea_entry(
in template (value) EtsiTs103097Certificate p_eaCertificate,
in template (value) Url p_aaAccessPoint
) := {
eaCertificate := p_eaCertificate,
aaAccessPoint := p_aaAccessPoint,
itsAccessPoint := omit
} // End of template m_ea_entry
template (present) EaEntry mw_ea_entry(
template (present) EtsiTs103097Certificate p_eaCertificate := ?,
template (present) Url p_aaAccessPoint := ?
......@@ -594,7 +642,15 @@ module LibItsPki_Templates {
eaCertificate := p_eaCertificate,
aaAccessPoint := p_aaAccessPoint,
itsAccessPoint := *
} // End of linkRootCaCertificate mw_ea_entry
} // End of template mw_ea_entry
template (value) AaEntry m_aa_entry(
in template (value) EtsiTs103097Certificate p_aaCertificate,
in template (value) Url p_accessPoint
) := {
aaCertificate := p_aaCertificate,
accessPoint := p_accessPoint
} // End of template m_aa_entry
template (present) AaEntry mw_aa_entry(
template (present) EtsiTs103097Certificate p_aaCertificate := ?,
......
......@@ -17,6 +17,7 @@ module LibItsPki_TypesAndValues {
// LibIts
import from IEEE1609dot2BaseTypes language "ASN.1:1997" all;
import from EtsiTs103097Module language "ASN.1:1997" all;
import from EtsiTs102941TrustLists language "ASN.1:1997" all;
group constants {
......@@ -135,7 +136,11 @@ module LibItsPki_TypesAndValues {
octetstring hashed_id8,
EtsiTs103097Certificate at_certificate
} // End of type InfoPortData
type record of CrlEntry CrlEntries;
type record of CtlCommand CtlCommands;
}
with {
variant ""
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment