Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
ITS - Intelligent Transport Systems
ITS
Commits
1966f90e
Commit
1966f90e
authored
May 02, 2018
by
garciay
Browse files
Major security bugs fixed for signature. Encryption to do.
parent
69b69ba3
Changes
7
Expand all
Hide whitespace changes
Inline
Side-by-side
ttcn/AtsGenCert/ItsGenCert_Functions.ttcn
View file @
1966f90e
...
...
@@ -34,9 +34,9 @@ module ItsGenCert_Functions {
if
(
p_certificate_params
.
encryption_key
==
true
)
{
if
(
p_certificate_params
.
encryption_curve
==
e_nist_p256
)
{
f_generate_key_pair_nistp256
(
p_certificate_details
.
private_enc_key
,
p_certificate_details
.
public_enc_key_x
,
p_certificate_details
.
public_enc_key_y
,
p_certificate_details
.
public_key_compressed
,
p_certificate_details
.
public_key_compressed_mode
);
f_generate_key_pair_nistp256
(
p_certificate_details
.
private_enc_key
,
p_certificate_details
.
public_enc_key_x
,
p_certificate_details
.
public_enc_key_y
,
p_certificate_details
.
public_
enc_
key_compressed
,
p_certificate_details
.
public_
enc_
key_compressed_mode
);
}
else
if
(
p_certificate_params
.
encryption_curve
==
e_brainpool_p256
)
{
f_generate_key_pair_brainpoolp256
(
p_certificate_details
.
private_enc_key
,
p_certificate_details
.
public_enc_key_x
,
p_certificate_details
.
public_enc_key_y
,
p_certificate_details
.
public_key_compressed
,
p_certificate_details
.
public_key_compressed_mode
);
f_generate_key_pair_brainpoolp256
(
p_certificate_details
.
private_enc_key
,
p_certificate_details
.
public_enc_key_x
,
p_certificate_details
.
public_enc_key_y
,
p_certificate_details
.
public_
enc_
key_compressed
,
p_certificate_details
.
public_
enc_
key_compressed_mode
);
}
else
{
log
(
"f_generate_signing_keys: Unsupported encryption curve"
);
return
-
1
;
...
...
@@ -115,23 +115,41 @@ module ItsGenCert_Functions {
);
if
(
p_certificate_params
.
encryption_key
==
true
)
{
if
(
p_certificate_params
.
encryption_curve
==
e_nist_p256
)
{
p_certificate_details
.
certificate
.
toBeSigned
.
encryptionKey
:=
valueof
(
m_encryptionKey
(
aes128Ccm
,
m_publicEncryptionKey_ecdsaNistP256
(
m_eccP256CurvePoint_uncompressed
(
p_certificate_details
.
public_enc_key_x
,
p_certificate_details
.
public_enc_key_y
)))
if
(
p_certificate_details
.
public_enc_key_compressed_mode
==
0
)
{
p_certificate_details
.
certificate
.
toBeSigned
.
encryptionKey
:=
valueof
(
m_encryptionKey
(
aes128Ccm
,
m_publicEncryptionKey_ecdsaNistP256
(
m_eccP256CurvePoint_compressed_y_0
(
p_certificate_details
.
public_enc_key_compressed
)))
);
}
else
{
p_certificate_details
.
certificate
.
toBeSigned
.
encryptionKey
:=
valueof
(
m_encryptionKey
(
aes128Ccm
,
m_publicEncryptionKey_ecdsaNistP256
(
m_eccP256CurvePoint_compressed_y_1
(
p_certificate_details
.
public_enc_key_compressed
)))
);
}
}
else
if
(
p_certificate_params
.
encryption_curve
==
e_brainpool_p256
)
{
p_certificate_details
.
certificate
.
toBeSigned
.
encryptionKey
:=
valueof
(
m_encryptionKey
(
aes128Ccm
,
m_publicEncryptionKey_eciesBrainpoolP256r1
(
m_eccP256CurvePoint_uncompressed
(
p_certificate_details
.
public_enc_key_x
,
p_certificate_details
.
public_enc_key_y
)))
);
if
(
p_certificate_details
.
public_enc_key_compressed_mode
==
0
)
{
p_certificate_details
.
certificate
.
toBeSigned
.
encryptionKey
:=
valueof
(
m_encryptionKey
(
aes128Ccm
,
m_publicEncryptionKey_eciesBrainpoolP256r1
(
m_eccP256CurvePoint_compressed_y_0
(
p_certificate_details
.
public_enc_key_compressed
)))
);
}
else
{
p_certificate_details
.
certificate
.
toBeSigned
.
encryptionKey
:=
valueof
(
m_encryptionKey
(
aes128Ccm
,
m_publicEncryptionKey_eciesBrainpoolP256r1
(
m_eccP256CurvePoint_compressed_y_1
(
p_certificate_details
.
public_enc_key_compressed
)))
);
}
}
}
...
...
@@ -144,18 +162,20 @@ module ItsGenCert_Functions {
inout
certificate_details
p_certificate_details
)
return
integer
{
var
bitstring
v_enc_msg
;
var
HashedId8
v_issuer
:=
'0000000000000000'O
;
var
octetstring
v_issuer
;
var
octetstring
v_signature
;
// Encode it ==> Get octetstring
v_enc_msg
:=
encvalue
(
p_certificate_details
.
certificate
.
toBeSigned
);
if
(
p_issuer_certificate_details
.
issuer
!=
p_issuer_certificate_details
.
hashid8
)
{
// This is not a CA certificate
v_issuer
:=
p_issuer_certificate_details
.
issuer
;
}
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
if
(
p_certificate_params
.
curve
==
e_nist_p256
)
{
v_signature
:=
f_signWithEcdsaNistp256WithSha256
(
bit2oct
(
v_enc_msg
),
v_issuer
,
p_issuer_certificate_details
.
private_key
);
if
(
p_issuer_certificate_details
.
issuer
!=
p_issuer_certificate_details
.
hashid8
)
{
// This is not a CA certificate
v_issuer
:=
f_hashWithSha256
(
p_issuer_certificate_details
.
enc_cert
);
}
else
{
v_issuer
:=
int2oct
(
0
,
32
);
}
v_signature
:=
f_signWithEcdsaNistp256WithSha256
(
bit2oct
(
v_enc_msg
),
v_issuer
,
p_issuer_certificate_details
.
private_key
);
if
(
lengthof
(
v_signature
)
!=
64
)
{
setverdict
(
fail
,
"Wrong signature size, shall be 64 instead of "
,
lengthof
(
v_signature
));
stop
;
...
...
@@ -170,6 +190,11 @@ module ItsGenCert_Functions {
)
));
}
else
if
(
p_certificate_params
.
curve
==
e_brainpool_p256
)
{
if
(
p_issuer_certificate_details
.
issuer
!=
p_issuer_certificate_details
.
hashid8
)
{
// This is not a CA certificate
v_issuer
:=
f_hashWithSha256
(
p_issuer_certificate_details
.
enc_cert
);
}
else
{
v_issuer
:=
int2oct
(
0
,
32
);
}
v_signature
:=
f_signWithEcdsaBrainpoolp256WithSha256
(
bit2oct
(
v_enc_msg
),
v_issuer
,
p_issuer_certificate_details
.
private_key
);
if
(
lengthof
(
v_signature
)
!=
64
)
{
setverdict
(
fail
,
"Wrong signature size, shall be 64 instead of "
,
lengthof
(
v_signature
));
...
...
@@ -185,6 +210,11 @@ module ItsGenCert_Functions {
)
));
}
else
if
(
p_certificate_params
.
curve
==
e_brainpool_p384
)
{
if
(
p_issuer_certificate_details
.
issuer
!=
p_issuer_certificate_details
.
hashid8
)
{
// This is not a CA certificate
v_issuer
:=
f_hashWithSha384
(
p_issuer_certificate_details
.
enc_cert
);
}
else
{
v_issuer
:=
int2oct
(
0
,
48
);
}
v_signature
:=
f_signWithEcdsaBrainpoolp384WithSha384
(
bit2oct
(
v_enc_msg
),
v_issuer
,
p_issuer_certificate_details
.
private_key
);
if
(
lengthof
(
v_signature
)
!=
96
)
{
setverdict
(
fail
,
"Wrong signature size, shall be 96 instead of "
,
lengthof
(
v_signature
));
...
...
ttcn/AtsGenCert/ItsGenCert_TestCases.ttcn
View file @
1966f90e
...
...
@@ -42,7 +42,7 @@ module ItsGencert_TestCases {
// Setup
v_certificate_params
:=
PICS_CERTFICATES
[
v_counter
];
v_details
:=
{
v_certificate_params
.
certificate_id
,
{},
''
O
,
''
O
,
''
O
,
''
O
,
''
O
,
0
,
'0000000000000000'O
,
'0000000000000000'O
,
omit
,
omit
,
omit
};
v_details
:=
{
v_certificate_params
.
certificate_id
,
{},
''
O
,
''
O
,
''
O
,
''
O
,
''
O
,
0
,
'0000000000000000'O
,
'0000000000000000'O
,
omit
,
omit
,
omit
,
omit
,
omit
};
// Generate Private/Public signing and encryption keys for the certificate
if
(
f_generate_signing_keys
(
v_certificate_params
,
v_details
)
==
-
1
)
{
...
...
ttcn/AtsGenCert/ItsGenCert_TypeAndValues.ttcn
View file @
1966f90e
...
...
@@ -101,7 +101,9 @@ module ItsGenCert_TypeAndValues {
HashedId8
issuer
,
octetstring
private_enc_key
optional
,
octetstring
public_enc_key_x
optional
,
octetstring
public_enc_key_y
optional
octetstring
public_enc_key_y
optional
,
octetstring
public_enc_key_compressed
optional
,
integer
public_enc_key_compressed_mode
optional
}
// End of type certificate_details
type
record
of
certificate_details
certificate_details_list
;
...
...
ttcn/TestCodec/TestCodec_Certificates.ttcn
View file @
1966f90e
...
...
@@ -91,7 +91,7 @@ module TestCodec_Certificates {
v_encMsg
:=
encvalue
(
v_cert
.
toBeSigned
);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
// IEEE Std 1609.2-20XX Clause 5.3.1 ii) If the verification type is self-signed, signer identifier input shall be the empty string, i.e., a string of length 0.
v_sig
:=
f_signWithEcdsaNistp256WithSha256
(
bit2oct
(
v_encMsg
),
'0000000000000000'O
,
v_private_key
);
v_sig
:=
f_signWithEcdsaNistp256WithSha256
(
bit2oct
(
v_encMsg
),
int2oct
(
0
,
32
)
,
v_private_key
);
if
(
lengthof
(
v_sig
)
!=
64
)
{
log
(
"Invalid signature: "
,
v_sig
);
setverdict
(
fail
);
...
...
@@ -122,7 +122,7 @@ module TestCodec_Certificates {
}
if
(
f_verifyWithEcdsaNistp256WithSha256
(
bit2oct
(
v_encMsg
),
'0000000000000000'O
,
int2oct
(
0
,
32
)
,
v_cert_dec
.
signature_
.
ecdsaNistP256Signature
.
rSig
.
x_only
&
v_cert_dec
.
signature_
.
ecdsaNistP256Signature
.
sSig
,
v_publicKeyCompressed
,
v_compressedMode
...
...
@@ -193,7 +193,7 @@ module TestCodec_Certificates {
log
(
"Encode template "
,
valueof
(
v_cert
.
toBeSigned
));
v_encMsg
:=
encvalue
(
v_cert
.
toBeSigned
);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig
:=
f_signWithEcdsaBrainpoolp256WithSha256
(
bit2oct
(
v_encMsg
),
'0000000000000000'O
,
v_private_key
);
v_sig
:=
f_signWithEcdsaBrainpoolp256WithSha256
(
bit2oct
(
v_encMsg
),
int2oct
(
0
,
32
)
,
v_private_key
);
if
(
lengthof
(
v_sig
)
!=
64
)
{
log
(
"Invalid signature: "
,
v_sig
);
setverdict
(
fail
);
...
...
@@ -224,7 +224,7 @@ module TestCodec_Certificates {
}
if
(
f_verifyWithEcdsaBrainpoolp256WithSha256
(
bit2oct
(
v_encMsg
),
'0000000000000000'O
,
int2oct
(
0
,
32
)
,
v_cert_dec
.
signature_
.
ecdsaBrainpoolP256r1Signature
.
rSig
.
x_only
&
v_cert_dec
.
signature_
.
ecdsaBrainpoolP256r1Signature
.
sSig
,
v_publicKeyCompressed
,
v_compressedMode
...
...
@@ -311,7 +311,7 @@ module TestCodec_Certificates {
log
(
"Encode template "
,
valueof
(
v_cert
.
toBeSigned
));
v_encMsg
:=
encvalue
(
v_cert
.
toBeSigned
);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig
:=
f_signWithEcdsaBrainpoolp256WithSha256
(
bit2oct
(
v_encMsg
),
'0000000000000000'O
,
v_private_key
);
v_sig
:=
f_signWithEcdsaBrainpoolp256WithSha256
(
bit2oct
(
v_encMsg
),
int2oct
(
0
,
32
)
,
v_private_key
);
if
(
lengthof
(
v_sig
)
!=
64
)
{
log
(
"Invalid signature: "
,
v_sig
);
setverdict
(
fail
);
...
...
@@ -342,7 +342,7 @@ module TestCodec_Certificates {
}
if
(
f_verifyWithEcdsaBrainpoolp256WithSha256
(
bit2oct
(
v_encMsg
),
'0000000000000000'O
,
int2oct
(
0
,
32
)
,
v_cert_dec
.
signature_
.
ecdsaBrainpoolP256r1Signature
.
rSig
.
x_only
&
v_cert_dec
.
signature_
.
ecdsaBrainpoolP256r1Signature
.
sSig
,
v_publicKeyCompressed
,
v_compressedMode
...
...
@@ -413,7 +413,7 @@ module TestCodec_Certificates {
log
(
"Encode template "
,
valueof
(
v_cert
.
toBeSigned
));
v_encMsg
:=
encvalue
(
v_cert
.
toBeSigned
);
// Sign the certificate
v_sig
:=
f_signWithEcdsaBrainpoolp384WithSha384
(
bit2oct
(
v_encMsg
),
'0000000000000000'O
,
v_private_key
);
v_sig
:=
f_signWithEcdsaBrainpoolp384WithSha384
(
bit2oct
(
v_encMsg
),
int2oct
(
0
,
48
)
,
v_private_key
);
if
(
lengthof
(
v_sig
)
!=
96
)
{
log
(
"Invalid signature: "
,
v_sig
);
setverdict
(
fail
);
...
...
@@ -444,7 +444,7 @@ module TestCodec_Certificates {
}
if
(
f_verifyWithEcdsaBrainpoolp384WithSha384
(
bit2oct
(
v_encMsg
),
'0000000000000000'O
,
int2oct
(
0
,
48
)
,
v_cert_dec
.
signature_
.
ecdsaBrainpoolP384r1Signature
.
rSig
.
x_only
&
v_cert_dec
.
signature_
.
ecdsaBrainpoolP384r1Signature
.
sSig
,
v_publicKeyCompressed
,
v_compressedMode
...
...
@@ -511,7 +511,7 @@ module TestCodec_Certificates {
log
(
"Encode template "
,
valueof
(
v_cert
));
v_encMsg
:=
encvalue
(
v_cert
.
toBeSigned
);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig
:=
f_signWithEcdsaNistp256WithSha256
(
bit2oct
(
v_encMsg
),
'0000000000000000'O
,
v_private_key
);
v_sig
:=
f_signWithEcdsaNistp256WithSha256
(
bit2oct
(
v_encMsg
),
int2oct
(
0
,
32
)
,
v_private_key
);
if
(
lengthof
(
v_sig
)
!=
64
)
{
log
(
"Invalid signature: "
,
v_sig
);
setverdict
(
fail
);
...
...
@@ -543,7 +543,7 @@ module TestCodec_Certificates {
}
if
(
f_verifyWithEcdsaNistp256WithSha256
(
bit2oct
(
v_encMsg
),
'0000000000000000'O
,
int2oct
(
0
,
32
)
,
v_cert_dec
.
signature_
.
ecdsaNistP256Signature
.
rSig
.
x_only
&
v_cert_dec
.
signature_
.
ecdsaNistP256Signature
.
sSig
,
v_publicKeyCompressed
,
v_compressedMode
...
...
@@ -609,7 +609,7 @@ module TestCodec_Certificates {
log
(
"Encode template "
,
valueof
(
v_cert
.
toBeSigned
));
v_encMsg
:=
encvalue
(
v_cert
.
toBeSigned
);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig
:=
f_signWithEcdsaNistp256WithSha256
(
bit2oct
(
v_encMsg
),
'0000000000000000'O
,
v_private_key
);
v_sig
:=
f_signWithEcdsaNistp256WithSha256
(
bit2oct
(
v_encMsg
),
int2oct
(
0
,
32
)
,
v_private_key
);
if
(
lengthof
(
v_sig
)
!=
64
)
{
log
(
"Invalid signature: "
,
v_sig
);
setverdict
(
fail
);
...
...
@@ -639,7 +639,7 @@ module TestCodec_Certificates {
}
if
(
f_verifyWithEcdsaNistp256WithSha256
(
bit2oct
(
v_encMsg
),
'0000000000000000'O
,
int2oct
(
0
,
32
)
,
v_cert_dec
.
signature_
.
ecdsaNistP256Signature
.
rSig
.
x_only
&
v_cert_dec
.
signature_
.
ecdsaNistP256Signature
.
sSig
,
v_publicKeyCompressed
,
v_compressedMode
...
...
@@ -702,7 +702,7 @@ module TestCodec_Certificates {
log
(
"Encode template "
,
valueof
(
v_cert
.
toBeSigned
));
v_encMsg
:=
encvalue
(
v_cert
.
toBeSigned
);
// Sign the certificate using ECDSA/SHA-256 (BP p-256)
v_sig
:=
f_signWithEcdsaBrainpoolp256WithSha256
(
bit2oct
(
v_encMsg
),
'0000000000000000'O
,
v_private_key
);
v_sig
:=
f_signWithEcdsaBrainpoolp256WithSha256
(
bit2oct
(
v_encMsg
),
int2oct
(
0
,
32
)
,
v_private_key
);
if
(
lengthof
(
v_sig
)
!=
64
)
{
log
(
"Invalid signature: "
,
v_sig
);
setverdict
(
fail
);
...
...
@@ -732,7 +732,7 @@ module TestCodec_Certificates {
}
if
(
f_verifyWithEcdsaBrainpoolp256WithSha256
(
bit2oct
(
v_encMsg
),
'0000000000000000'O
,
int2oct
(
0
,
32
)
,
v_cert_dec
.
signature_
.
ecdsaBrainpoolP256r1Signature
.
rSig
.
x_only
&
v_cert_dec
.
signature_
.
ecdsaBrainpoolP256r1Signature
.
sSig
,
v_publicKeyCompressed
,
v_compressedMode
...
...
ttcn/TestCodec/TestCodec_ChainOfCertificates.ttcn
View file @
1966f90e
...
...
@@ -68,7 +68,7 @@ module TestCodec_ChainOfCertificates {
}
if
(
f_verifyWithEcdsaNistp256WithSha256
(
bit2oct
(
v_enc_msg
),
'0000000000000000'O
,
int2oct
(
0
,
32
)
,
v_chain_sec_info
.
ca
.
cert
.
signature_
.
ecdsaNistP256Signature
.
rSig
.
x_only
&
v_chain_sec_info
.
ca
.
cert
.
signature_
.
ecdsaNistP256Signature
.
sSig
,
v_publicKeyCompressed
,
v_publicKeyCompressedMode
...
...
@@ -76,7 +76,6 @@ module TestCodec_ChainOfCertificates {
setverdict
(
fail
);
}
else
{
setverdict
(
pass
);
v_enc_msg
:=
encvalue
(
v_chain_sec_info
.
ca
.
cert
);
log
(
"Root keys: "
,
v_chain_sec_info
.
ca
.
cert
);
}
...
...
@@ -97,7 +96,7 @@ module TestCodec_ChainOfCertificates {
}
if
(
f_verifyWithEcdsaNistp256WithSha256
(
bit2oct
(
v_enc_msg
),
v_chain_sec_info
.
a
a
.
issuer
,
f_hashWithSha256
(
v_chain_sec_info
.
c
a
.
enc_cert
)
,
v_chain_sec_info
.
aa
.
cert
.
signature_
.
ecdsaNistP256Signature
.
rSig
.
x_only
&
v_chain_sec_info
.
aa
.
cert
.
signature_
.
ecdsaNistP256Signature
.
sSig
,
v_publicKeyCompressed
,
v_publicKeyCompressedMode
...
...
@@ -126,7 +125,7 @@ module TestCodec_ChainOfCertificates {
}
if
(
f_verifyWithEcdsaNistp256WithSha256
(
bit2oct
(
v_enc_msg
),
v_chain_sec_info
.
a
t
.
issuer
,
f_hashWithSha256
(
v_chain_sec_info
.
a
a
.
enc_cert
)
,
v_chain_sec_info
.
at
.
cert
.
signature_
.
ecdsaNistP256Signature
.
rSig
.
x_only
&
v_chain_sec_info
.
at
.
cert
.
signature_
.
ecdsaNistP256Signature
.
sSig
,
v_publicKeyCompressed
,
v_publicKeyCompressedMode
...
...
@@ -177,7 +176,7 @@ module TestCodec_ChainOfCertificates {
}
if
(
f_verifyWithEcdsaNistp256WithSha256
(
bit2oct
(
v_enc_msg
),
v_chain_sec_info
.
at
.
hashedid8
,
f_hashWithSha256
(
v_chain_sec_info
.
at
.
enc_cert
)
,
valueof
(
v_secured_data
.
content
.
signedData
.
signature_
.
ecdsaNistP256Signature
.
rSig
.
x_only
)
&
valueof
(
v_secured_data
.
content
.
signedData
.
signature_
.
ecdsaNistP256Signature
.
sSig
),
v_publicKeyCompressed
,
v_publicKeyCompressedMode
...
...
@@ -221,7 +220,7 @@ module TestCodec_ChainOfCertificates {
}
if
(
f_verifyWithEcdsaBrainpoolp256WithSha256
(
bit2oct
(
v_enc_msg
),
'0000000000000000'O
,
int2oct
(
0
,
32
)
,
v_chain_sec_info
.
ca
.
cert
.
signature_
.
ecdsaBrainpoolP256r1Signature
.
rSig
.
x_only
&
v_chain_sec_info
.
ca
.
cert
.
signature_
.
ecdsaBrainpoolP256r1Signature
.
sSig
,
v_publicKeyCompressed
,
v_publicKeyCompressedMode
...
...
@@ -248,7 +247,7 @@ module TestCodec_ChainOfCertificates {
}
if
(
f_verifyWithEcdsaBrainpoolp256WithSha256
(
bit2oct
(
v_enc_msg
),
v_chain_sec_info
.
a
a
.
issuer
,
f_hashWithSha256
(
v_chain_sec_info
.
c
a
.
enc_cert
)
,
v_chain_sec_info
.
aa
.
cert
.
signature_
.
ecdsaBrainpoolP256r1Signature
.
rSig
.
x_only
&
v_chain_sec_info
.
aa
.
cert
.
signature_
.
ecdsaBrainpoolP256r1Signature
.
sSig
,
v_publicKeyCompressed
,
v_publicKeyCompressedMode
...
...
@@ -275,7 +274,7 @@ module TestCodec_ChainOfCertificates {
}
if
(
f_verifyWithEcdsaBrainpoolp256WithSha256
(
bit2oct
(
v_enc_msg
),
v_chain_sec_info
.
a
t
.
issuer
,
f_hashWithSha256
(
v_chain_sec_info
.
a
a
.
enc_cert
)
,
v_chain_sec_info
.
at
.
cert
.
signature_
.
ecdsaBrainpoolP256r1Signature
.
rSig
.
x_only
&
v_chain_sec_info
.
at
.
cert
.
signature_
.
ecdsaBrainpoolP256r1Signature
.
sSig
,
v_publicKeyCompressed
,
v_publicKeyCompressedMode
...
...
@@ -324,7 +323,7 @@ module TestCodec_ChainOfCertificates {
}
if
(
f_verifyWithEcdsaBrainpoolp256WithSha256
(
bit2oct
(
v_enc_msg
),
v_chain_sec_info
.
at
.
hashedid8
,
f_hashWithSha256
(
v_chain_sec_info
.
at
.
enc_cert
)
,
valueof
(
v_secured_data
.
content
.
signedData
.
signature_
.
ecdsaBrainpoolP256r1Signature
.
rSig
.
x_only
)
&
valueof
(
v_secured_data
.
content
.
signedData
.
signature_
.
ecdsaBrainpoolP256r1Signature
.
sSig
),
v_publicKeyCompressed
,
v_publicKeyCompressedMode
...
...
@@ -396,7 +395,7 @@ module TestCodec_ChainOfCertificates {
// Encode it ==> Get octetstring
v_enc_msg
:=
encvalue
(
v_cert
.
toBeSigned
);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig
:=
f_signWithEcdsaNistp256WithSha256
(
bit2oct
(
v_enc_msg
),
'0000000000000000'O
,
p_ca_sec_info
.
private_key
);
v_sig
:=
f_signWithEcdsaNistp256WithSha256
(
bit2oct
(
v_enc_msg
),
int2oct
(
0
,
32
)
,
p_ca_sec_info
.
private_key
);
v_cert
.
signature_
:=
m_signature_ecdsaNistP256
(
m_ecdsaP256Signature
(
m_eccP256CurvePoint_x_only
(
...
...
@@ -466,7 +465,7 @@ module TestCodec_ChainOfCertificates {
// Encode it ==> Get octetstring
v_enc_msg
:=
encvalue
(
v_cert
.
toBeSigned
);
// Sign the certificate using ECDSA/SHA-256 (BRAINPOOL P-256)
v_sig
:=
f_signWithEcdsaBrainpoolp256WithSha256
(
bit2oct
(
v_enc_msg
),
'0000000000000000'O
,
p_ca_sec_info
.
private_key
);
v_sig
:=
f_signWithEcdsaBrainpoolp256WithSha256
(
bit2oct
(
v_enc_msg
),
int2oct
(
0
,
32
)
,
p_ca_sec_info
.
private_key
);
v_cert
.
signature_
:=
m_signature_ecdsaBrainpoolP256r1
(
m_ecdsaP256Signature
(
m_eccP256CurvePoint_x_only
(
...
...
@@ -532,7 +531,7 @@ module TestCodec_ChainOfCertificates {
// Encode it ==> Get octetstring
v_enc_msg
:=
encvalue
(
v_cert
.
toBeSigned
);
// Sign the certificate using ECDSA/SHA-256 (NIST P-256)
v_sig
:=
f_signWithEcdsaNistp256WithSha256
(
bit2oct
(
v_enc_msg
),
p_ca_sec_info
.
hashedid8
,
p_ca_sec_info
.
private_key
);
v_sig
:=
f_signWithEcdsaNistp256WithSha256
(
bit2oct
(
v_enc_msg
),
f_hashWithSha256
(
p_ca_sec_info
.
enc_cert
)
,
p_ca_sec_info
.
private_key
);
v_cert
.
signature_
:=
m_signature_ecdsaNistP256
(
m_ecdsaP256Signature
(
m_eccP256CurvePoint_x_only
(
...
...
@@ -598,7 +597,7 @@ module TestCodec_ChainOfCertificates {
// Encode it ==> Get octetstring
v_enc_msg
:=
encvalue
(
v_cert
.
toBeSigned
);
// Sign the certificate using ECDSA/SHA-256 (BRAINPOOL P-256)
v_sig
:=
f_signWithEcdsaBrainpoolp256WithSha256
(
bit2oct
(
v_enc_msg
),
p_ca_sec_info
.
hashedid8
,
p_ca_sec_info
.
private_key
);
v_sig
:=
f_signWithEcdsaBrainpoolp256WithSha256
(
bit2oct
(
v_enc_msg
),
f_hashWithSha256
(
p_ca_sec_info
.
enc_cert
)
,
p_ca_sec_info
.
private_key
);
v_cert
.
signature_
:=
m_signature_ecdsaBrainpoolP256r1
(
m_ecdsaP256Signature
(
m_eccP256CurvePoint_x_only
(
...
...
@@ -665,7 +664,7 @@ module TestCodec_ChainOfCertificates {
log
(
"Encode template "
,
valueof
(
v_cert
));
v_enc_msg
:=
encvalue
(
v_cert
.
toBeSigned
);
// Sign the certificate using ECDSA/SHA-256 (NIST P-256)
v_sig
:=
f_signWithEcdsaNistp256WithSha256
(
bit2oct
(
v_enc_msg
),
p_aa_sec_info
.
hashedid8
,
p_aa_sec_info
.
private_key
);
v_sig
:=
f_signWithEcdsaNistp256WithSha256
(
bit2oct
(
v_enc_msg
),
f_hashWithSha256
(
p_aa_sec_info
.
enc_cert
)
,
p_aa_sec_info
.
private_key
);
v_cert
.
signature_
:=
m_signature_ecdsaNistP256
(
m_ecdsaP256Signature
(
m_eccP256CurvePoint_x_only
(
...
...
@@ -732,7 +731,7 @@ module TestCodec_ChainOfCertificates {
log
(
"Encode template "
,
valueof
(
v_cert
));
v_enc_msg
:=
encvalue
(
v_cert
.
toBeSigned
);
// Sign the certificate using ECDSA/SHA-256 (BRAINPOOL P-256)
v_sig
:=
f_signWithEcdsaBrainpoolp256WithSha256
(
bit2oct
(
v_enc_msg
),
p_aa_sec_info
.
hashedid8
,
p_aa_sec_info
.
private_key
);
v_sig
:=
f_signWithEcdsaBrainpoolp256WithSha256
(
bit2oct
(
v_enc_msg
),
f_hashWithSha256
(
p_aa_sec_info
.
enc_cert
)
,
p_aa_sec_info
.
private_key
);
v_cert
.
signature_
:=
m_signature_ecdsaBrainpoolP256r1
(
m_ecdsaP256Signature
(
m_eccP256CurvePoint_x_only
(
...
...
@@ -769,7 +768,7 @@ module TestCodec_ChainOfCertificates {
);
// Signed it
v_raw_payload_to_be_signed
:=
bit2oct
(
encvalue
(
v_toBeSignedData
));
v_sig
:=
f_signWithEcdsaNistp256WithSha256
(
v_raw_payload_to_be_signed
,
p_at_sec_info
.
hashedid8
,
p_at_sec_info
.
private_key
);
v_sig
:=
f_signWithEcdsaNistp256WithSha256
(
v_raw_payload_to_be_signed
,
f_hashWithSha256
(
p_at_sec_info
.
enc_cert
)
,
p_at_sec_info
.
private_key
);
// Finalize the secured message
v_secured_data
:=
valueof
(
m_etsiTs103097Data_signed
(
...
...
@@ -815,7 +814,7 @@ module TestCodec_ChainOfCertificates {
);
// Signed it
v_raw_payload_to_be_signed
:=
bit2oct
(
encvalue
(
v_toBeSignedData
));
v_sig
:=
f_signWithEcdsaBrainpoolp256WithSha256
(
v_raw_payload_to_be_signed
,
p_at_sec_info
.
hashedid8
,
p_at_sec_info
.
private_key
);
v_sig
:=
f_signWithEcdsaBrainpoolp256WithSha256
(
v_raw_payload_to_be_signed
,
f_hashWithSha256
(
p_at_sec_info
.
enc_cert
)
,
p_at_sec_info
.
private_key
);
// Finalize the secured message
v_secured_data
:=
m_etsiTs103097Data_signed
(
m_signedData
(
...
...
ttcn/TestCodec/TestCodec_SecuredFuntions.ttcn
View file @
1966f90e
...
...
@@ -200,7 +200,7 @@ module TestCodec_SecuredFuntions {
log
(
"v_public_key Y= "
,
v_publicKeyY
);
log
(
"v_public_key compressed= "
,
v_publicKeyCompressed
,
v_compressedMode
);
v_sig
:=
f_signWithEcdsaNistp256WithSha256
(
v_encMsg
,
'
CAFEDECACAFEDECA
'
O
,
v_private_key
);
v_sig
:=
f_signWithEcdsaNistp256WithSha256
(
v_encMsg
,
int2oct
(
10
,
32
)
,
v_private_key
);
if
(
lengthof
(
v_sig
)
==
0
)
{
setverdict
(
fail
);
stop
;
...
...
@@ -227,18 +227,18 @@ module TestCodec_SecuredFuntions {
log
(
"v_public_key Y= "
,
v_publicKeyY
);
log
(
"v_public_key compressed= "
,
v_publicKeyCompressed
,
v_compressedMode
);
v_sig
:=
f_signWithEcdsaNistp256WithSha256
(
v_encMsg
,
'
CAFEDECACAFEDECA
'
O
,
v_private_key
);
v_sig
:=
f_signWithEcdsaNistp256WithSha256
(
v_encMsg
,
int2oct
(
10
,
32
)
,
v_private_key
);
if
(
lengthof
(
v_sig
)
==
0
)
{
setverdict
(
fail
);
stop
;
}
if
(
f_verifyWithEcdsaNistp256WithSha256
(
v_encMsg
,
'
CAFEDECACAFEDECA
'
O
,
v_sig
,
v_publicKeyCompressed
,
v_compressedMode
)
==
false
)
{
if
(
f_verifyWithEcdsaNistp256WithSha256
(
v_encMsg
,
int2oct
(
10
,
32
)
,
v_sig
,
v_publicKeyCompressed
,
v_compressedMode
)
==
false
)
{
setverdict
(
fail
);
}
else
{
setverdict
(
pass
);
}
if
(
f_verifyWithEcdsaNistp256WithSha256_1
(
v_encMsg
,
'
CAFEDECACAFEDECA
'
O
,
v_sig
,
v_publicKeyX
,
v_publicKeyY
)
==
false
)
{
if
(
f_verifyWithEcdsaNistp256WithSha256_1
(
v_encMsg
,
int2oct
(
10
,
32
)
,
v_sig
,
v_publicKeyX
,
v_publicKeyY
)
==
false
)
{
setverdict
(
fail
);
}
else
{
setverdict
(
pass
);
...
...
@@ -266,18 +266,18 @@ module TestCodec_SecuredFuntions {
v_private_key_wrong
:=
v_private_key
;
v_sig
:=
f_signWithEcdsaNistp256WithSha256
(
v_encMsg
,
'
CAFEDECACAFEDECA
'
O
,
v_private_key
);
v_sig
:=
f_signWithEcdsaNistp256WithSha256
(
v_encMsg
,
int2oct
(
10
,
32
)
,
v_private_key
);
if
(
lengthof
(
v_sig
)
==
0
)
{
setverdict
(
fail
);
stop
;
}
if
(
f_verifyWithEcdsaNistp256WithSha256
(
v_encMsg
,
'
CAFEDECACAFEDECA
'
O
,
v_sig
,
v_publicKeyCompressed
,
v_compressedMode
)
==
false
)
{
if
(
f_verifyWithEcdsaNistp256WithSha256
(
v_encMsg
,
int2oct
(
10
,
32
)
,
v_sig
,
v_publicKeyCompressed
,
v_compressedMode
)
==
false
)
{
setverdict
(
fail
);
}
else
{
setverdict
(
pass
);
}
if
(
f_verifyWithEcdsaNistp256WithSha256_1
(
v_encMsg
,
'
CAFEDECACAFEDECA
'
O
,
v_sig
,
v_publicKeyX
,
v_publicKeyY
)
==
false
)
{
if
(
f_verifyWithEcdsaNistp256WithSha256_1
(
v_encMsg
,
int2oct
(
10
,
32
)
,
v_sig
,
v_publicKeyX
,
v_publicKeyY
)
==
false
)
{
setverdict
(
fail
);
stop
;
}
else
{
...
...
@@ -285,13 +285,13 @@ module TestCodec_SecuredFuntions {
}
v_private_key_wrong
[
2
]
:=
'
AA
'
O
;
v_sig
:=
f_signWithEcdsaNistp256WithSha256
(
v_encMsg
,
'
CAFEDECACAFEDECA
'
O
,
v_private_key_wrong
);
if
(
f_verifyWithEcdsaNistp256WithSha256
(
v_encMsg
,
'
CAFEDECACAFEDECA
'
O
,
v_sig
,
v_publicKeyCompressed
,
v_compressedMode
)
==
true
)
{
v_sig
:=
f_signWithEcdsaNistp256WithSha256
(
v_encMsg
,
int2oct
(
10
,
32
)
,
v_private_key_wrong
);
if
(
f_verifyWithEcdsaNistp256WithSha256
(
v_encMsg
,
int2oct
(
10
,
32
)
,
v_sig
,
v_publicKeyCompressed
,
v_compressedMode
)
==
true
)
{
setverdict
(
fail
);
}
else
{
setverdict
(
pass
);
}
if
(
f_verifyWithEcdsaNistp256WithSha256_1
(
v_encMsg
,
'
CAFEDECACAFEDECA
'
O
,
v_sig
,
v_publicKeyX
,
v_publicKeyY
)
==
true
)
{
if
(
f_verifyWithEcdsaNistp256WithSha256_1
(
v_encMsg
,
int2oct
(
10
,
32
)
,
v_sig
,
v_publicKeyX
,
v_publicKeyY
)
==
true
)
{
setverdict
(
fail
);
}
else
{
setverdict
(
pass
);
...
...
@@ -319,42 +319,42 @@ module TestCodec_SecuredFuntions {
log
(
"v_public_key Y= "
,
v_publicKeyY
);
log
(
"v_public_key compressed= "
,
v_publicKeyCompressed
,
v_compressedMode
);
v_sig
:=
f_signWithEcdsaNistp256WithSha256
(
v_encMsg
,
'
CAFEDECACAFEDECA
'
O
,
v_private_key
);
if
(
f_verifyWithEcdsaNistp256WithSha256_1
(
v_encMsg
,
'
CAFEDECACAFEDECA
'
O
,
v_sig
,
v_publicKeyX
,
v_publicKeyY
)
==
false
)
{
v_sig
:=
f_signWithEcdsaNistp256WithSha256
(
v_encMsg
,
int2oct
(
10
,
32
)
,
v_private_key
);
if
(
f_verifyWithEcdsaNistp256WithSha256_1
(
v_encMsg
,
int2oct
(
10
,
32
)
,
v_sig
,
v_publicKeyX
,
v_publicKeyY
)
==
false
)
{
setverdict
(
fail
);
stop
;
}
if
(
f_verifyWithEcdsaNistp256WithSha256_1
(
'
0
A0A0A0A
'
O
,
'
CAFEDECACAFEDECA
'
O
,
v_sig
,
v_publicKeyX
,
v_publicKeyY
)
==
true
)
{
if
(
f_verifyWithEcdsaNistp256WithSha256_1
(
'
0
A0A0A0A
'
O
,
int2oct
(
10
,
32
)
,
v_sig
,
v_publicKeyX
,
v_publicKeyY
)
==
true
)
{
setverdict
(
fail
);
stop
;
}
v_sig_wrong
:=
v_sig
;
v_sig_wrong
[
0
]
:=
'
FF
'
O
;
if
(
f_verifyWithEcdsaNistp256WithSha256
(
v_encMsg
,
'
CAFEDECACAFEDECA
'
O
,
v_sig_wrong
,
v_publicKeyCompressed
,
v_compressedMode
)
==
true
)
{
if
(
f_verifyWithEcdsaNistp256WithSha256
(
v_encMsg
,
int2oct
(
10
,
32
)
,
v_sig_wrong
,
v_publicKeyCompressed
,
v_compressedMode
)
==
true
)
{
setverdict
(
fail
);
}
if
(
f_verifyWithEcdsaNistp256WithSha256_1
(
v_encMsg
,
'
CAFEDECACAFEDECA
'
O
,
v_sig_wrong
,
v_publicKeyX
,
v_publicKeyY
)
==
true
)
{
if
(
f_verifyWithEcdsaNistp256WithSha256_1
(
v_encMsg
,
int2oct
(
10
,
32
)
,
v_sig_wrong
,
v_publicKeyX
,
v_publicKeyY
)
==
true
)
{
setverdict
(
fail
);
stop
;
}
v_publicKeyX_wrong
:=
v_publicKeyCompressed
;
v_publicKeyX_wrong
[
0
]
:=
'
FF
'
O
;
if
(
f_verifyWithEcdsaNistp256WithSha256
(
v_encMsg
,
'
CAFEDECACAFEDECA
'
O
,
v_sig_wrong
,
v_publicKeyCompressed
,
v_compressedMode
)
==
true
)
{
if
(
f_verifyWithEcdsaNistp256WithSha256
(
v_encMsg
,
int2oct
(
10
,
32
)
,
v_sig_wrong
,
v_publicKeyCompressed
,
v_compressedMode
)
==
true
)
{
setverdict
(
fail
);
}
v_publicKeyX_wrong
:=
v_publicKeyX
;
v_publicKeyX_wrong
[
0
]
:=
'
FF
'
O
;
if
(
f_verifyWithEcdsaNistp256WithSha256_1
(
v_encMsg
,
'
CAFEDECACAFEDECA
'
O
,
v_sig
,
v_publicKeyX_wrong
,
v_publicKeyY
)
==
true
)
{
if
(
f_verifyWithEcdsaNistp256WithSha256_1
(
v_encMsg
,
int2oct
(
10
,
32
)
,
v_sig
,
v_publicKeyX_wrong
,
v_publicKeyY
)
==
true
)
{
setverdict
(
fail
);
stop
;
}
v_publicKeyY_wrong
:=
v_publicKeyY
;
v_publicKeyY_wrong
[
0
]
:=
'
FF
'
O
;
if
(
f_verifyWithEcdsaNistp256WithSha256_1
(
v_encMsg
,
'
CAFEDECACAFEDECA
'
O
,
v_sig
,
v_publicKeyX
,
v_publicKeyY_wrong
)
==
true
)
{
if
(
f_verifyWithEcdsaNistp256WithSha256_1
(
v_encMsg
,
int2oct
(
10
,
32
)
,
v_sig
,
v_publicKeyX
,
v_publicKeyY_wrong
)
==
true
)
{
setverdict
(
fail
);
stop
;
}
...
...
@@ -380,7 +380,7 @@ module TestCodec_SecuredFuntions {
log
(
"v_public_key Y= "
,
v_publicKeyY
);
log
(
"v_public_key compressed= "
,
v_publicKeyCompressed
,
v_compressedMode
);
v_sig
:=
f_signWithEcdsaBrainpoolp256WithSha256
(
v_encMsg
,
'
CAFEDECACAFEDECA
'
O
,
v_private_key
);
v_sig
:=
f_signWithEcdsaBrainpoolp256WithSha256
(
v_encMsg
,
int2oct
(
10
,
32
)
,
v_private_key
);
if
(
lengthof
(
v_sig
)
==
0
)
{
setverdict
(
fail
);
stop
;
...
...
@@ -407,7 +407,7 @@ module TestCodec_SecuredFuntions {
log
(
"v_public_key Y= "
,
v_publicKeyY
);
log
(
"v_public_key compressed= "
,
v_publicKeyCompressed
,
v_compressedMode
);
v_sig
:=
f_signWithEcdsaBrainpoolp384WithSha384
(
v_encMsg
,
'
CAFEDECACAFEDECA
'
O
,
v_private_key
);
v_sig
:=
f_signWithEcdsaBrainpoolp384WithSha384
(
v_encMsg
,
int2oct
(
10
,
48
)
,
v_private_key
);
if
(
lengthof
(
v_sig
)
==
0
)
{
setverdict
(
fail
);
stop
;
...
...
@@ -434,18 +434,18 @@ module TestCodec_SecuredFuntions {
log
(
"v_public_key Y= "
,
v_publicKeyY
);
log
(
"v_public_key compressed= "
,
v_publicKeyCompressed
,
v_compressedMode
);
v_sig
:=
f_signWithEcdsaBrainpoolp256WithSha256
(
v_encMsg
,
'
CAFEDECACAFEDECA
'
O
,
v_private_key
);
v_sig
:=
f_signWithEcdsaBrainpoolp256WithSha256
(
v_encMsg
,
int2oct
(
10
,
32
)
,
v_private_key
);
if
(
lengthof
(
v_sig
)
==
0
)
{
setverdict
(
fail
);
stop
;
}
if
(
f_verifyWithEcdsaBrainpoolp256WithSha256
(
v_encMsg
,
'
CAFEDECACAFEDECA
'
O
,
v_sig
,
v_publicKeyCompressed
,
v_compressedMode
)
==
false
)
{
if
(
f_verifyWithEcdsaBrainpoolp256WithSha256
(
v_encMsg
,
int2oct
(
10
,
32
)
,
v_sig
,
v_publicKeyCompressed
,
v_compressedMode
)
==
false
)
{
setverdict
(
fail
);
}
else
{
setverdict
(
pass
);
}
if
(
f_verifyWithEcdsaBrainpoolp256WithSha256_1
(
v_encMsg
,
'
CAFEDECACAFEDECA
'
O
,
v_sig
,
v_publicKeyX
,
v_publicKeyY
)
==
false
)
{
if
(
f_verifyWithEcdsaBrainpoolp256WithSha256_1
(
v_encMsg
,
int2oct
(
10
,
32
)
,
v_sig
,
v_publicKeyX
,
v_publicKeyY
)
==
false
)
{
setverdict
(
fail
);
}
else
{
setverdict
(
pass
);
...
...
@@ -473,31 +473,31 @@ module TestCodec_SecuredFuntions {
v_private_key_wrong
:=
v_private_key
;
v_sig
:=
f_signWithEcdsaBrainpoolp256WithSha256
(
v_encMsg
,
'
CAFEDECACAFEDECA
'
O
,
v_private_key
);
v_sig
:=
f_signWithEcdsaBrainpoolp256WithSha256
(
v_encMsg
,
int2oct
(
10
,
32
)
,
v_private_key
);
if
(
lengthof
(
v_sig
)
==
0
)
{
setverdict
(
fail
);
stop
;