Skip to content
GitLab
Projects
Groups
Topics
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
TTCN-3 Libraries
LibIts
Compare revisions
d7fb38fe273bdf9835b7ef676efb1b2b91b34af1...419abe762498812e1d5c8eccc7d90a397153be88
Commits (1)
AtsPki validation: minor bugs fixed
· 419abe76
Yann Garcia
authored
Nov 23, 2018
419abe76
Hide whitespace changes
Inline
Side-by-side
ttcn/Pki/LibItsPki_EncdecDeclarations.ttcn
View file @
419abe76
...
...
@@ -17,6 +17,13 @@ module LibItsPki_EncdecDeclarations {
external
function
fx_dec_EtsiTs102941Data
(
inout
bitstring
b
,
out
EtsiTs102941MessagesCa
.
EtsiTs102941Data
p_etsi_ts_102941_data
)
return
integer
with
{
extension
"prototype(sliding) decode(PER)"
}
external
function
fx_enc_EtsiTs102941DataContent
(
in
EtsiTs102941MessagesCa
.
EtsiTs102941DataContent
p_etsi_ts_102941_data
)
return
bitstring
with
{
extension
"prototype(convert) encode(PER)"
}
external
function
fx_dec_EtsiTs102941DataContent
(
inout
bitstring
b
,
out
EtsiTs102941MessagesCa
.
EtsiTs102941DataContent
p_etsi_ts_102941_data
)
return
integer
with
{
extension
"prototype(sliding) decode(PER)"
}
/**
* @desc Encoding function for EtsiTs102941TypesEnrolment InnerEcRequest
* @param p The certificate to encode
...
...
ttcn/Pki/LibItsPki_Functions.ttcn
View file @
419abe76
...
...
@@ -317,7 +317,10 @@ module LibItsPki_Functions {
f_selfOrClientSyncAndVerdict
(
"error"
,
e_error
);
}
// Secure InnerEcRequestSignedForPoP message
log
(
"v_inner_ec_request_signed_for_pop= "
,
v_inner_ec_request_signed_for_pop
);
v_inner_ec_request_signed_for_pop_msg
:=
encvalue
(
m_etsiTs102941Data_inner_ec_request_signed_for_pop
(
v_inner_ec_request_signed_for_pop
));
log
(
"v_inner_ec_request_signed_for_pop_msg= "
,
v_inner_ec_request_signed_for_pop_msg
);
// Prepare for getting the 16 most bytes of SHA256 of InnerEcRequestSignedForPop
p_hash_inner_ec_request_signed_for_pop
:=
f_hashWithSha256
(
bit2oct
(
v_inner_ec_request_signed_for_pop_msg
));
// Secure the Pki message
...
...
@@ -591,8 +594,8 @@ module LibItsPki_Functions {
valueof
(
m_appPermissions
(
37
,
{
bitmapSsp
:=
'
830001
'
O
}))
// TODO Use PIXIT
},
m_validityPeriod
(
17469212
,
m_duration_years
(
1
0
)
// TODO Use PIXIT
f_getCurrentTime
()
/
1000
,
m_duration_years
(
1
)
// TODO Use PIXIT
),
m_geographicRegion_identifiedRegion
(
{
...
...
@@ -1092,7 +1095,7 @@ module LibItsPki_Functions {
// in Oct12 p_nonce, // TODO Tobe removed
// in octetstring p_salt,
in
octetstring
p_issuer
,
in
Certificate
p_certificate
,
// TODO
Perhaps the peer certificate will be required for signature
in
Certificate
p_certificate
,
// TODO
Tobe removed
in
Ieee1609Dot2Data
p_ieee1609dot2_encrypted_and_signed_data
,
in
boolean
p_check_security
:=
true
,
out
EtsiTs102941Data
p_etsi_ts_102941_data
...
...
@@ -1102,19 +1105,15 @@ module LibItsPki_Functions {
var
integer
v_compressed_enc_key_mode
;
var
octetstring
v_plain_message
;
var
Ieee1609Dot2Data
v_ieee1609dot2_signed_data
;
var
Certificate
v_certificate
;
var
bitstring
v_etsi_ts_102941_data_msg
;
var
bitstring
v_tbs
;
var
boolean
v_ret
;
//var octetstring v_cyphered_text;
var
Oct16
v_authentication_vector
;
log
(
">>> f_verify_pki_message: p_private_enc_key= "
,
p_private_enc_key
);
//log(">>> f_verify_pki_message: p_publicEphemeralCompressedKey= ", p_publicEphemeralCompressedKey);
log
(
">>> f_verify_pki_message: p_aes_sym_key="
,
p_aes_sym_key
);
log
(
">>> f_verify_pki_message: p_authentication_vector="
,
p_authentication_vector
);
log
(
">>> f_verify_pki_message: p_issuer="
,
p_issuer
);
//log(">>> f_verify_pki_message: p_salt=", p_salt);
// TODO Check p_ieee1609dot2_encrypted_and_signed_data.content.encryptedData.recipients[0].pskRecipInfo. See IEEE Std 1609.2-2017 Clause 6.3.34 PreSharedKeyRecipientInfo
...
...
@@ -1137,26 +1136,32 @@ module LibItsPki_Functions {
// 3. Check the signature
log
(
"v_ieee1609dot2_signed_data.content.signedData.tbsData= "
,
v_ieee1609dot2_signed_data
.
content
.
signedData
.
tbsData
);
v_tbs
:=
encvalue
(
v_ieee1609dot2_signed_data
.
content
.
signedData
.
tbsData
);
/*if (ischosen(p_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0)) {
if
(
f_getCertificateFromDigest
(
v_ieee1609dot2_signed_data
.
content
.
signedData
.
signer
.
digest
,
v_certificate
)
==
false
)
{
if
(
p_check_security
==
true
)
{
return
false
;
}
}
log
(
"v_certificate= "
,
v_certificate
);
if
(
ischosen
(
v_certificate
.
toBeSigned
.
verifyKeyIndicator
.
verificationKey
.
ecdsaNistP256
.
compressed_y_0
))
{
v_ret
:=
f_verifyWithEcdsaNistp256WithSha256
(
bit2oct
(
v_tbs
),
p_issuer
,
v_ieee1609dot2_signed_data
.
content
.
signedData
.
signature_
.
ecdsaNistP256Signature
.
rSig
.
x_only
&
v_ieee1609dot2_signed_data
.
content
.
signedData
.
signature_
.
ecdsaNistP256Signature
.
sSig
,
p
_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0,
// TODO Use the signer digest to get the EA certificate
v
_certificate
.
toBeSigned
.
verifyKeyIndicator
.
verificationKey
.
ecdsaNistP256
.
compressed_y_0
,
0
);
}
else
{
v_ret
:=
f_verifyWithEcdsaNistp256WithSha256
(
bit2oct
(
v_tbs
),
p_issuer
,
v_ieee1609dot2_signed_data
.
content
.
signedData
.
signature_
.
ecdsaNistP256Signature
.
rSig
.
x_only
&
v_ieee1609dot2_signed_data
.
content
.
signedData
.
signature_
.
ecdsaNistP256Signature
.
sSig
,
p
_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_1,
// TODO Use the signer digest to get the EA certificate
v
_certificate
.
toBeSigned
.
verifyKeyIndicator
.
verificationKey
.
ecdsaNistP256
.
compressed_y_1
,
1
);
}
if
(
v_ret
==
false
)
{
if
(
p_check_security
==
true
)
{
return
false
;
}
}*/
}
// 4. Return the PKI message
log
(
"v_ieee1609dot2_signed_data.content.signedData.tbsData.payload.data.content.unsecuredData= "
,
v_ieee1609dot2_signed_data
.
content
.
signedData
.
tbsData
.
payload
.
data
.
content
.
unsecuredData
);
...
...