garciay · a1a1ccbc · a1a1ccbc · a1a1ccbc · a1a1ccbc
--- a/ttcn/Pki/LibItsPki_EncdecDeclarations.ttcn
+++ b/ttcn/Pki/LibItsPki_EncdecDeclarations.ttcn
@@ -50,4 +50,15 @@ module LibItsPki_EncdecDeclarations {
  external function fx_dec_SharedAtRequest(inout bitstring b, out EtsiTs102941TypesAuthorization.SharedAtRequest p) return integer
  with {extension "prototype(sliding) decode(PER)"}
+  /**
+   * @desc Encoding function for EtsiTs102941TypesAuthorizationValidation AuthorizationValidationRequest
+   * @param p The certificate to encode
+   * @return The encode message in OER format
+   */
+  external function fx_enc_AuthorizationValidationRequest(in EtsiTs102941TypesAuthorizationValidation.AuthorizationValidationRequest p) return bitstring
+  with {extension "prototype(convert) encode(PER)"}
+  external function fx_dec_AuthorizationValidationRequest(inout bitstring b, out EtsiTs102941TypesAuthorizationValidation.AuthorizationValidationRequest p) return integer
+  with {extension "prototype(sliding) decode(PER)"}
 } // End of module LibItsPki_EncdecDeclarations 
--- a/ttcn/Pki/LibItsPki_Functions.ttcn
+++ b/ttcn/Pki/LibItsPki_Functions.ttcn
@@ -303,7 +303,7 @@ module LibItsPki_Functions {
      }
      // Secure InnerEcRequestSignedForPoP message
      v_inner_ec_request_signed_for_pop_msg := encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop));
-      // Prepae for getting the 16 most bytes of SHA256 of InnerEcRequestSignedForPop
+      // Prepare for getting the 16 most bytes of SHA256 of InnerEcRequestSignedForPop
      p_hash_inner_ec_request_signed_for_pop := f_hashWithSha256(bit2oct(v_inner_ec_request_signed_for_pop_msg));
      if (f_build_pki_secured_message(vc_eaPrivateKey, valueof(m_signerIdentifier_self), vc_eaHashedId8, p_publicKeyCompressed, p_compressedMode, bit2oct(v_inner_ec_request_signed_for_pop_msg), p_ieee1609dot2_signed_and_encrypted_data) == false) {
        log("*** f_http_build_inner_ec_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***");
@@ -344,15 +344,41 @@ module LibItsPki_Functions {
      }
      log("*** f_http_build_invalid_enrolment_request: DEBUG: p_ieee1609dot2_signed_and_encrypted_data = ", p_ieee1609dot2_signed_and_encrypted_data);
    } // End of function f_http_build_invalid_enrolment_request
+    function f_http_build_inner_at_request(
+                                           out octetstring p_private_key,
+                                           out octetstring p_publicKeyCompressed,
+                                           out integer p_compressedMode,
+                                           out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data,
+                                           out HashedId8 p_hash_inner_at_request
+                                           ) runs on ItsPkiHttp {
+      // Local variables
+    } // End of function f_http_build_inner_at_request
    function f_http_build_authorization_validation_request(
-                                                    out octetstring p_private_key,
+                                                           out octetstring p_private_key,
-                                                    out octetstring p_publicKeyCompressed,
+                                                           out octetstring p_publicKeyCompressed,
-                                                    out integer p_compressedMode,
+                                                           out integer p_compressedMode,
-                                                    out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data
+                                                           out Ieee1609Dot2Data p_ieee1609dot2_signed_and_encrypted_data
-                                                    ) runs on ItsPkiHttp {
+                                                           ) runs on ItsPkiHttp {
-      log("*** f_http_build_invalid_enrolment_request: DEBUG: p_ieee1609dot2_signed_and_encrypted_data = ", p_ieee1609dot2_signed_and_encrypted_data);
+      // Local variables
-    }
+      var AuthorizationValidationRequest v_authorization_validation_request;
+      if (f_generate_authorization_validation_request(vc_eaCertificate, vc_eaHashedId8, p_private_key, p_publicKeyCompressed, p_compressedMode, v_authorization_validation_request) == false) {
+        log("*** f_http_build_authorization_validation_request: ERROR: Failed to generate AuthorizationValidationRequest ***");
+        f_selfOrClientSyncAndVerdict("error", e_error);
+      }
+      // FIXME Encapsulate v_authorization_validation_request into EtsiTs102941Data structure
+      if (f_build_pki_secured_message(vc_eaPrivateKey, valueof(m_signerIdentifier_self), vc_eaHashedId8, p_publicKeyCompressed, p_compressedMode, bit2oct(encvalue(v_authorization_validation_request)), p_ieee1609dot2_signed_and_encrypted_data) == false) {
+        log("*** f_http_build_authorization_validation_request: ERROR: Failed to generate InnerEcRequestSignedForPop ***");
+        f_selfOrClientSyncAndVerdict("error", e_error);
+      }
+      log("*** f_http_build_authorization_validation_request: DEBUG: p_ieee1609dot2_signed_and_encrypted_data = ", p_ieee1609dot2_signed_and_encrypted_data);
+    } // End of function f_http_build_authorization_validation_request
  } // End of group http
@@ -625,7 +651,7 @@ module LibItsPki_Functions {
      }
      // Generate 32 octets length secret key
-      v_hmac_key := f_hashWithSha256(int2oct(f_getCurrentTime(), 128));
+      v_hmac_key := f_hashWithSha256(int2oct(f_getCurrentTime(), 12));
      log("v_hmac_key=", v_hmac_key);
      // Generate tag based on the concatenation of ???
@@ -690,8 +716,10 @@ module LibItsPki_Functions {
                                                              c_its_aid_SCR,
                                                              f_getCurrentTimeUtc())
                               );
+      log("v_tbs=", v_tbs);
      // Signed ToBeSigned payload
      v_whole_certificate_hash := f_hashWithSha256(bit2oct(encvalue(p_ec_certificate)));
+      log("v_whole_certificate_hash=", v_whole_certificate_hash);
      v_tbs_signed := f_signWithEcdsaNistp256WithSha256(bit2oct(encvalue(v_tbs)), v_whole_certificate_hash, p_private_key);
      v_signed_ec_signature := valueof(
                                       m_etsiTs103097Data_signed(
@@ -726,6 +754,15 @@ module LibItsPki_Functions {
        var integer v_ephemeralKeyModeCompressed;
        var octetstring v_enc_signed_ec_signature;
+        if (ischosen(p_ea_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0)) {
+          v_public_enc_key := p_ea_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_0;
+          v_compressed_mode := 0;
+        } else if (ischosen(p_ea_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1)) {
+          v_public_enc_key := p_ea_certificate.toBeSigned.encryptionKey.publicKey.eciesNistP256.compressed_y_1;
+          v_compressed_mode := 1;
+        } else {
+          return false;
+        }
        v_enc_signed_ec_signature := f_encryptWithEciesNistp256WithSha256(bit2oct(encvalue(v_signed_ec_signature)), v_public_enc_key, v_compressed_mode, v_publicEphemeralKeyCompressed, v_ephemeralKeyModeCompressed, v_encrypted_sym_key, v_authentication_vector, v_nonce);
        v_recipientId := p_eaHashedId8;
        log("v_recipientId=", v_recipientId);
@@ -789,12 +826,36 @@ module LibItsPki_Functions {
  group authorization_validation_xxx {
    function f_generate_authorization_validation_request(
-                                                         in InnerAtRequest p_inner_at_request,
+                                                         in Certificate p_ea_certificate,
-                                                         in Certificate p_certificate,
+                                                         in HashedId8 p_ea_certificate_hashed_id8,
+                                                         out octetstring p_private_key,
+                                                         out octetstring p_publicKeyCompressed,
+                                                         out integer p_compressedMode,
                                                         out AuthorizationValidationRequest p_authorization_validation_request
                                                         ) return boolean {
-      p_authorization_validation_request.sharedAtRequest := p_inner_at_request.sharedAtRequest;
+      // Local variables
-      p_authorization_validation_request.ecSignature := p_inner_at_request.ecSignature;
+      var octetstring v_private_enc_key;
+      var Oct32 v_publicEncKeyCompressed;
+      var integer v_compressedMode;
+      var InnerEcRequest v_inner_ec_request;
+      var Certificate v_ec_certificate;
+      var InnerAtRequest v_inner_at_request;
+      var Ieee1609Dot2Data v_inner_at_request_data;
+      if (f_generate_inner_ec_request(p_private_key, p_publicKeyCompressed, p_compressedMode, v_inner_ec_request) == false) {
+        return false;
+      }
+      if (f_generate_ec_certificate(p_private_key, v_inner_ec_request, v_ec_certificate) == false) {
+        return false;
+      }
+      if (f_generate_inner_at_request(v_ec_certificate, p_private_key, p_ea_certificate, p_ea_certificate_hashed_id8, true, v_private_enc_key, v_publicEncKeyCompressed, v_compressedMode, v_inner_at_request, v_inner_at_request_data) == false) {
+        return false;
+      }
+      p_authorization_validation_request.sharedAtRequest := v_inner_at_request.sharedAtRequest;
+      p_authorization_validation_request.ecSignature := v_inner_at_request.ecSignature;
+      log("f_generate_authorization_validation_request: ", p_authorization_validation_request);
      return true;
    } // End of function f_generate_authorization_validation_request

--- a/ttcn/Pki/LibItsPki_Pics.ttcn
+++ b/ttcn/Pki/LibItsPki_Pics.ttcn
@@ -16,10 +16,20 @@ module LibItsPki_Pics {
  modulepar boolean PICS_IUT_AA_ROLE := false;
  /**
-   * @desc Certificate used by the IUT
+   * @desc Certificate used by the IUT acting as ITS-S
   */
  modulepar charstring PICS_IUT_CERTIFICATE_ID := "CERT_IUT_A_EA";
+  /**
+   * @desc Certificate used by the IUT acting as EA
+   */
+  modulepar charstring PICS_IUT_EA_CERTIFICATE_ID := "CERT_IUT_A__EA_EA";
+  /**
+   * @desc Certificate used by the IUT acting as AA
+   */
+  modulepar charstring PICS_IUT_AA_CERTIFICATE_ID := "CERT_IUT_A_AA_EA";
  /**
   * @desc Certificate used by the Test System acting as ITS-S
   */

--- a/ttcn/Pki/LibItsPki_Templates.ttcn
+++ b/ttcn/Pki/LibItsPki_Templates.ttcn
@@ -73,6 +73,16 @@ module LibItsPki_Templates {
    }
  } // End of template m_etsiTs102941Data_inner_at_response
+  template (present) EnrolmentRequestMessage mw_enrolmentRequestMessage(
+                                                                        template (present) EncryptedData p_encryptedData := ?
+                                                                        ) modifies mw_etsiTs103097Data_encrypted := {
+  } // End of template mw_enrolmentRequestMessage
+  template (present) EnrolmentResponseMessage mw_enrolmentResponseMessage(
+                                                                         template (present) EncryptedData p_encryptedData := ?
+                                                                         ) modifies mw_etsiTs103097Data_encrypted := {
+  } // End of template mw_enrolmentResponseMessage
  template (value) EtsiTs103097Data m_authorizationValidationRequestMessage(
                                                                            in template (value) EncryptedData p_encryptedData
                                                                            ) modifies m_etsiTs103097Data_encrypted := {
@@ -83,26 +93,26 @@ module LibItsPki_Templates {
                                                                                ) modifies mw_etsiTs103097Data_encrypted := {
  } // End of template mw_authorizationValidationResponseMessage
-  template (present) EnrolmentRequestMessage mw_enrolmentRequestMessage(
-                                                                        template (present) EncryptedData p_encryptedData := ?
-                                                                        ) modifies mw_etsiTs103097Data_encrypted := {
-  } // End of template mw_enrolmentRequestMessage
-  template (present) EnrolmentRequestMessage mw_enrolmentResponseMessage(
-                                                                         template (present) EncryptedData p_encryptedData := ?
-                                                                         ) modifies mw_etsiTs103097Data_encrypted := {
-  } // End of template mw_enrolmentResponseMessage
  template (value) AuthorizationRequestMessage m_authorizationRequestMessage(
                                                                             in template (value) EncryptedData p_encryptedData
                                                                             ) modifies m_etsiTs103097Data_encrypted := {
  } // End of template m_authorizationRequestMessage
+  template (present) AuthorizationRequestMessage mw_authorizationRequestMessage(
+                                                                                template (present) EncryptedData p_encryptedData := ?
+                                                                                ) modifies mw_etsiTs103097Data_encrypted := {
+  } // End of template mw_authorizationRequestMessage
  template (value) AuthorizationResponseMessage m_authorizationResponseMessage(
                                                                               in template (value) EncryptedData p_encryptedData
                                                                               ) modifies m_etsiTs103097Data_encrypted := {
  } // End of template m_authorizationResponseMessage
+  template (present) AuthorizationResponseMessage mw_authorizationResponseMessage(
+                                                                                  template (present) EncryptedData p_encryptedData := ?
+                                                                                  ) modifies mw_etsiTs103097Data_encrypted := {
+  } // End of template mw_authorizationResponseMessage
  template (value) EtsiTs102941DataContent m_enrolmentRequest(
                                                              in template (value) InnerEcRequestSignedForPop p_enrolmentRequest
                                                              ) := {