Skip to content
GitLab
Commit 1966f90e authored by garciay's avatar garciay
Browse files

Major security bugs fixed for signature. Encryption to do.

parent 69b69ba3
Expand all Hide whitespace changes
Inline Side-by-side
ttcn/AtsGenCert/ItsGenCert_Functions.ttcn
View file @ 1966f90e
......@@ -34,9 +34,9 @@ module ItsGenCert_Functions {
if (p_certificate_params.encryption_key == true) {
if (p_certificate_params.encryption_curve == e_nist_p256) {
f_generate_key_pair_nistp256(p_certificate_details.private_enc_key, p_certificate_details.public_enc_key_x, p_certificate_details.public_enc_key_y, p_certificate_details.public_key_compressed, p_certificate_details.public_key_compressed_mode);
f_generate_key_pair_nistp256(p_certificate_details.private_enc_key, p_certificate_details.public_enc_key_x, p_certificate_details.public_enc_key_y, p_certificate_details.public_enc_key_compressed, p_certificate_details.public_enc_key_compressed_mode);
} else if (p_certificate_params.encryption_curve == e_brainpool_p256) {
f_generate_key_pair_brainpoolp256(p_certificate_details.private_enc_key, p_certificate_details.public_enc_key_x, p_certificate_details.public_enc_key_y, p_certificate_details.public_key_compressed, p_certificate_details.public_key_compressed_mode);
f_generate_key_pair_brainpoolp256(p_certificate_details.private_enc_key, p_certificate_details.public_enc_key_x, p_certificate_details.public_enc_key_y, p_certificate_details.public_enc_key_compressed, p_certificate_details.public_enc_key_compressed_mode);
} else {
log("f_generate_signing_keys: Unsupported encryption curve");
return -1;
......@@ -115,23 +115,41 @@ module ItsGenCert_Functions {
);
if (p_certificate_params.encryption_key == true) {
if (p_certificate_params.encryption_curve == e_nist_p256) {
p_certificate_details.certificate.toBeSigned.encryptionKey := valueof(m_encryptionKey(
aes128Ccm,
m_publicEncryptionKey_ecdsaNistP256(
m_eccP256CurvePoint_uncompressed(
p_certificate_details.public_enc_key_x,
p_certificate_details.public_enc_key_y
)))
if (p_certificate_details.public_enc_key_compressed_mode == 0) {
p_certificate_details.certificate.toBeSigned.encryptionKey := valueof(m_encryptionKey(
aes128Ccm,
m_publicEncryptionKey_ecdsaNistP256(
m_eccP256CurvePoint_compressed_y_0(
p_certificate_details.public_enc_key_compressed
)))
);
} else {
p_certificate_details.certificate.toBeSigned.encryptionKey := valueof(m_encryptionKey(
aes128Ccm,
m_publicEncryptionKey_ecdsaNistP256(
m_eccP256CurvePoint_compressed_y_1(
p_certificate_details.public_enc_key_compressed
)))
);
}
} else if (p_certificate_params.encryption_curve == e_brainpool_p256) {
p_certificate_details.certificate.toBeSigned.encryptionKey := valueof(m_encryptionKey(
aes128Ccm,
m_publicEncryptionKey_eciesBrainpoolP256r1(
m_eccP256CurvePoint_uncompressed(
p_certificate_details.public_enc_key_x,
p_certificate_details.public_enc_key_y
)))
);
if (p_certificate_details.public_enc_key_compressed_mode == 0) {
p_certificate_details.certificate.toBeSigned.encryptionKey := valueof(m_encryptionKey(
aes128Ccm,
m_publicEncryptionKey_eciesBrainpoolP256r1(
m_eccP256CurvePoint_compressed_y_0(
p_certificate_details.public_enc_key_compressed
)))
);
} else {
p_certificate_details.certificate.toBeSigned.encryptionKey := valueof(m_encryptionKey(
aes128Ccm,
m_publicEncryptionKey_eciesBrainpoolP256r1(
m_eccP256CurvePoint_compressed_y_1(
p_certificate_details.public_enc_key_compressed
)))
);
}
}
}
......@@ -144,18 +162,20 @@ module ItsGenCert_Functions {
inout certificate_details p_certificate_details
) return integer {
var bitstring v_enc_msg;
var HashedId8 v_issuer := '0000000000000000'O;
var octetstring v_issuer;
var octetstring v_signature;
// Encode it ==> Get octetstring
v_enc_msg := encvalue(p_certificate_details.certificate.toBeSigned);
if (p_issuer_certificate_details.issuer != p_issuer_certificate_details.hashid8) { // This is not a CA certificate
v_issuer := p_issuer_certificate_details.issuer;
}
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
if (p_certificate_params.curve == e_nist_p256) {
v_signature := f_signWithEcdsaNistp256WithSha256(bit2oct(v_enc_msg), v_issuer, p_issuer_certificate_details.private_key);
if (p_issuer_certificate_details.issuer != p_issuer_certificate_details.hashid8) { // This is not a CA certificate
v_issuer := f_hashWithSha256(p_issuer_certificate_details.enc_cert);
} else {
v_issuer := int2oct(0, 32);
}
v_signature := f_signWithEcdsaNistp256WithSha256(bit2oct(v_enc_msg), v_issuer, p_issuer_certificate_details.private_key);
if (lengthof(v_signature) != 64) {
setverdict(fail, "Wrong signature size, shall be 64 instead of ", lengthof(v_signature));
stop;
......@@ -170,6 +190,11 @@ module ItsGenCert_Functions {
)
));
} else if (p_certificate_params.curve == e_brainpool_p256) {
if (p_issuer_certificate_details.issuer != p_issuer_certificate_details.hashid8) { // This is not a CA certificate
v_issuer := f_hashWithSha256(p_issuer_certificate_details.enc_cert);
} else {
v_issuer := int2oct(0, 32);
}
v_signature := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_enc_msg), v_issuer, p_issuer_certificate_details.private_key);
if (lengthof(v_signature) != 64) {
setverdict(fail, "Wrong signature size, shall be 64 instead of ", lengthof(v_signature));
......@@ -185,6 +210,11 @@ module ItsGenCert_Functions {
)
));
} else if (p_certificate_params.curve == e_brainpool_p384) {
if (p_issuer_certificate_details.issuer != p_issuer_certificate_details.hashid8) { // This is not a CA certificate
v_issuer := f_hashWithSha384(p_issuer_certificate_details.enc_cert);
} else {
v_issuer := int2oct(0, 48);
}
v_signature := f_signWithEcdsaBrainpoolp384WithSha384(bit2oct(v_enc_msg), v_issuer, p_issuer_certificate_details.private_key);
if (lengthof(v_signature) != 96) {
setverdict(fail, "Wrong signature size, shall be 96 instead of ", lengthof(v_signature));
......
ttcn/AtsGenCert/ItsGenCert_TestCases.ttcn
View file @ 1966f90e
......@@ -42,7 +42,7 @@ module ItsGencert_TestCases {
// Setup
v_certificate_params := PICS_CERTFICATES[v_counter];
v_details := { v_certificate_params.certificate_id, {}, ''O, ''O, ''O, ''O, ''O, 0, '0000000000000000'O, '0000000000000000'O, omit, omit, omit };
v_details := { v_certificate_params.certificate_id, {}, ''O, ''O, ''O, ''O, ''O, 0, '0000000000000000'O, '0000000000000000'O, omit, omit, omit, omit, omit };
// Generate Private/Public signing and encryption keys for the certificate
if (f_generate_signing_keys(v_certificate_params, v_details) == -1) {
......
ttcn/AtsGenCert/ItsGenCert_TypeAndValues.ttcn
View file @ 1966f90e
......@@ -101,7 +101,9 @@ module ItsGenCert_TypeAndValues {
HashedId8 issuer,
octetstring private_enc_key optional,
octetstring public_enc_key_x optional,
octetstring public_enc_key_y optional
octetstring public_enc_key_y optional,
octetstring public_enc_key_compressed optional,
integer public_enc_key_compressed_mode optional
} // End of type certificate_details
type record of certificate_details certificate_details_list;
......
ttcn/TestCodec/TestCodec_Certificates.ttcn
View file @ 1966f90e
......@@ -91,7 +91,7 @@ module TestCodec_Certificates {
v_encMsg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
// IEEE Std 1609.2-20XX Clause 5.3.1 ii) If the verification type is self-signed, signer identifier input shall be the empty string, i.e., a string of length 0.
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_encMsg), '0000000000000000'O, v_private_key);
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_encMsg), int2oct(0, 32), v_private_key);
if (lengthof(v_sig) != 64) {
log("Invalid signature: ", v_sig);
setverdict(fail);
......@@ -122,7 +122,7 @@ module TestCodec_Certificates {
}
if (f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_encMsg),
'0000000000000000'O,
int2oct(0, 32),
v_cert_dec.signature_.ecdsaNistP256Signature.rSig.x_only & v_cert_dec.signature_.ecdsaNistP256Signature.sSig,
v_publicKeyCompressed,
v_compressedMode
......@@ -193,7 +193,7 @@ module TestCodec_Certificates {
log("Encode template ", valueof(v_cert.toBeSigned));
v_encMsg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_encMsg), '0000000000000000'O, v_private_key);
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_encMsg), int2oct(0, 32), v_private_key);
if (lengthof(v_sig) != 64) {
log("Invalid signature: ", v_sig);
setverdict(fail);
......@@ -224,7 +224,7 @@ module TestCodec_Certificates {
}
if (f_verifyWithEcdsaBrainpoolp256WithSha256(
bit2oct(v_encMsg),
'0000000000000000'O,
int2oct(0, 32),
v_cert_dec.signature_.ecdsaBrainpoolP256r1Signature.rSig.x_only & v_cert_dec.signature_.ecdsaBrainpoolP256r1Signature.sSig,
v_publicKeyCompressed,
v_compressedMode
......@@ -311,7 +311,7 @@ module TestCodec_Certificates {
log("Encode template ", valueof(v_cert.toBeSigned));
v_encMsg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_encMsg), '0000000000000000'O, v_private_key);
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_encMsg), int2oct(0, 32), v_private_key);
if (lengthof(v_sig) != 64) {
log("Invalid signature: ", v_sig);
setverdict(fail);
......@@ -342,7 +342,7 @@ module TestCodec_Certificates {
}
if (f_verifyWithEcdsaBrainpoolp256WithSha256(
bit2oct(v_encMsg),
'0000000000000000'O,
int2oct(0, 32),
v_cert_dec.signature_.ecdsaBrainpoolP256r1Signature.rSig.x_only & v_cert_dec.signature_.ecdsaBrainpoolP256r1Signature.sSig,
v_publicKeyCompressed,
v_compressedMode
......@@ -413,7 +413,7 @@ module TestCodec_Certificates {
log("Encode template ", valueof(v_cert.toBeSigned));
v_encMsg := encvalue(v_cert.toBeSigned);
// Sign the certificate
v_sig := f_signWithEcdsaBrainpoolp384WithSha384(bit2oct(v_encMsg), '0000000000000000'O, v_private_key);
v_sig := f_signWithEcdsaBrainpoolp384WithSha384(bit2oct(v_encMsg), int2oct(0, 48), v_private_key);
if (lengthof(v_sig) != 96) {
log("Invalid signature: ", v_sig);
setverdict(fail);
......@@ -444,7 +444,7 @@ module TestCodec_Certificates {
}
if (f_verifyWithEcdsaBrainpoolp384WithSha384(
bit2oct(v_encMsg),
'0000000000000000'O,
int2oct(0, 48),
v_cert_dec.signature_.ecdsaBrainpoolP384r1Signature.rSig.x_only & v_cert_dec.signature_.ecdsaBrainpoolP384r1Signature.sSig,
v_publicKeyCompressed,
v_compressedMode
......@@ -511,7 +511,7 @@ module TestCodec_Certificates {
log("Encode template ", valueof(v_cert));
v_encMsg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_encMsg), '0000000000000000'O, v_private_key);
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_encMsg), int2oct(0, 32), v_private_key);
if (lengthof(v_sig) != 64) {
log("Invalid signature: ", v_sig);
setverdict(fail);
......@@ -543,7 +543,7 @@ module TestCodec_Certificates {
}
if (f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_encMsg),
'0000000000000000'O,
int2oct(0, 32),
v_cert_dec.signature_.ecdsaNistP256Signature.rSig.x_only & v_cert_dec.signature_.ecdsaNistP256Signature.sSig,
v_publicKeyCompressed,
v_compressedMode
......@@ -609,7 +609,7 @@ module TestCodec_Certificates {
log("Encode template ", valueof(v_cert.toBeSigned));
v_encMsg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_encMsg), '0000000000000000'O, v_private_key);
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_encMsg), int2oct(0, 32), v_private_key);
if (lengthof(v_sig) != 64) {
log("Invalid signature: ", v_sig);
setverdict(fail);
......@@ -639,7 +639,7 @@ module TestCodec_Certificates {
}
if (f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_encMsg),
'0000000000000000'O,
int2oct(0, 32),
v_cert_dec.signature_.ecdsaNistP256Signature.rSig.x_only & v_cert_dec.signature_.ecdsaNistP256Signature.sSig,
v_publicKeyCompressed,
v_compressedMode
......@@ -702,7 +702,7 @@ module TestCodec_Certificates {
log("Encode template ", valueof(v_cert.toBeSigned));
v_encMsg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (BP p-256)
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_encMsg), '0000000000000000'O, v_private_key);
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_encMsg), int2oct(0, 32), v_private_key);
if (lengthof(v_sig) != 64) {
log("Invalid signature: ", v_sig);
setverdict(fail);
......@@ -732,7 +732,7 @@ module TestCodec_Certificates {
}
if (f_verifyWithEcdsaBrainpoolp256WithSha256(
bit2oct(v_encMsg),
'0000000000000000'O,
int2oct(0, 32),
v_cert_dec.signature_.ecdsaBrainpoolP256r1Signature.rSig.x_only & v_cert_dec.signature_.ecdsaBrainpoolP256r1Signature.sSig,
v_publicKeyCompressed,
v_compressedMode
......
ttcn/TestCodec/TestCodec_ChainOfCertificates.ttcn
View file @ 1966f90e
......@@ -68,7 +68,7 @@ module TestCodec_ChainOfCertificates {
}
if (f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_enc_msg),
'0000000000000000'O,
int2oct(0, 32),
v_chain_sec_info.ca.cert.signature_.ecdsaNistP256Signature.rSig.x_only & v_chain_sec_info.ca.cert.signature_.ecdsaNistP256Signature.sSig,
v_publicKeyCompressed,
v_publicKeyCompressedMode
......@@ -76,7 +76,6 @@ module TestCodec_ChainOfCertificates {
setverdict(fail);
} else {
setverdict(pass);
v_enc_msg := encvalue(v_chain_sec_info.ca.cert);
log("Root keys: ", v_chain_sec_info.ca.cert);
}
......@@ -97,7 +96,7 @@ module TestCodec_ChainOfCertificates {
}
if (f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_enc_msg),
v_chain_sec_info.aa.issuer,
f_hashWithSha256(v_chain_sec_info.ca.enc_cert),
v_chain_sec_info.aa.cert.signature_.ecdsaNistP256Signature.rSig.x_only & v_chain_sec_info.aa.cert.signature_.ecdsaNistP256Signature.sSig,
v_publicKeyCompressed,
v_publicKeyCompressedMode
......@@ -126,7 +125,7 @@ module TestCodec_ChainOfCertificates {
}
if (f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_enc_msg),
v_chain_sec_info.at.issuer,
f_hashWithSha256(v_chain_sec_info.aa.enc_cert),
v_chain_sec_info.at.cert.signature_.ecdsaNistP256Signature.rSig.x_only & v_chain_sec_info.at.cert.signature_.ecdsaNistP256Signature.sSig,
v_publicKeyCompressed,
v_publicKeyCompressedMode
......@@ -177,7 +176,7 @@ module TestCodec_ChainOfCertificates {
}
if (f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_enc_msg),
v_chain_sec_info.at.hashedid8,
f_hashWithSha256(v_chain_sec_info.at.enc_cert),
valueof(v_secured_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only) & valueof(v_secured_data.content.signedData.signature_.ecdsaNistP256Signature.sSig),
v_publicKeyCompressed,
v_publicKeyCompressedMode
......@@ -221,7 +220,7 @@ module TestCodec_ChainOfCertificates {
}
if (f_verifyWithEcdsaBrainpoolp256WithSha256(
bit2oct(v_enc_msg),
'0000000000000000'O,
int2oct(0, 32),
v_chain_sec_info.ca.cert.signature_.ecdsaBrainpoolP256r1Signature.rSig.x_only & v_chain_sec_info.ca.cert.signature_.ecdsaBrainpoolP256r1Signature.sSig,
v_publicKeyCompressed,
v_publicKeyCompressedMode
......@@ -248,7 +247,7 @@ module TestCodec_ChainOfCertificates {
}
if (f_verifyWithEcdsaBrainpoolp256WithSha256(
bit2oct(v_enc_msg),
v_chain_sec_info.aa.issuer,
f_hashWithSha256(v_chain_sec_info.ca.enc_cert),
v_chain_sec_info.aa.cert.signature_.ecdsaBrainpoolP256r1Signature.rSig.x_only & v_chain_sec_info.aa.cert.signature_.ecdsaBrainpoolP256r1Signature.sSig,
v_publicKeyCompressed,
v_publicKeyCompressedMode
......@@ -275,7 +274,7 @@ module TestCodec_ChainOfCertificates {
}
if (f_verifyWithEcdsaBrainpoolp256WithSha256(
bit2oct(v_enc_msg),
v_chain_sec_info.at.issuer,
f_hashWithSha256(v_chain_sec_info.aa.enc_cert),
v_chain_sec_info.at.cert.signature_.ecdsaBrainpoolP256r1Signature.rSig.x_only & v_chain_sec_info.at.cert.signature_.ecdsaBrainpoolP256r1Signature.sSig,
v_publicKeyCompressed,
v_publicKeyCompressedMode
......@@ -324,7 +323,7 @@ module TestCodec_ChainOfCertificates {
}
if (f_verifyWithEcdsaBrainpoolp256WithSha256(
bit2oct(v_enc_msg),
v_chain_sec_info.at.hashedid8,
f_hashWithSha256(v_chain_sec_info.at.enc_cert),
valueof(v_secured_data.content.signedData.signature_.ecdsaBrainpoolP256r1Signature.rSig.x_only) & valueof(v_secured_data.content.signedData.signature_.ecdsaBrainpoolP256r1Signature.sSig),
v_publicKeyCompressed,
v_publicKeyCompressedMode
......@@ -396,7 +395,7 @@ module TestCodec_ChainOfCertificates {
// Encode it ==> Get octetstring
v_enc_msg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_enc_msg), '0000000000000000'O, p_ca_sec_info.private_key);
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_enc_msg), int2oct(0, 32), p_ca_sec_info.private_key);
v_cert.signature_ := m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
......@@ -466,7 +465,7 @@ module TestCodec_ChainOfCertificates {
// Encode it ==> Get octetstring
v_enc_msg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (BRAINPOOL P-256)
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_enc_msg), '0000000000000000'O, p_ca_sec_info.private_key);
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_enc_msg), int2oct(0, 32), p_ca_sec_info.private_key);
v_cert.signature_ := m_signature_ecdsaBrainpoolP256r1(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
......@@ -532,7 +531,7 @@ module TestCodec_ChainOfCertificates {
// Encode it ==> Get octetstring
v_enc_msg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST P-256)
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_enc_msg), p_ca_sec_info.hashedid8, p_ca_sec_info.private_key);
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_enc_msg), f_hashWithSha256(p_ca_sec_info.enc_cert), p_ca_sec_info.private_key);
v_cert.signature_ := m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
......@@ -598,7 +597,7 @@ module TestCodec_ChainOfCertificates {
// Encode it ==> Get octetstring
v_enc_msg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (BRAINPOOL P-256)
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_enc_msg), p_ca_sec_info.hashedid8, p_ca_sec_info.private_key);
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_enc_msg), f_hashWithSha256(p_ca_sec_info.enc_cert), p_ca_sec_info.private_key);
v_cert.signature_ := m_signature_ecdsaBrainpoolP256r1(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
......@@ -665,7 +664,7 @@ module TestCodec_ChainOfCertificates {
log("Encode template ", valueof(v_cert));
v_enc_msg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST P-256)
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_enc_msg), p_aa_sec_info.hashedid8, p_aa_sec_info.private_key);
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_enc_msg), f_hashWithSha256(p_aa_sec_info.enc_cert), p_aa_sec_info.private_key);
v_cert.signature_ := m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
......@@ -732,7 +731,7 @@ module TestCodec_ChainOfCertificates {
log("Encode template ", valueof(v_cert));
v_enc_msg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (BRAINPOOL P-256)
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_enc_msg), p_aa_sec_info.hashedid8, p_aa_sec_info.private_key);
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_enc_msg), f_hashWithSha256(p_aa_sec_info.enc_cert), p_aa_sec_info.private_key);
v_cert.signature_ := m_signature_ecdsaBrainpoolP256r1(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
......@@ -769,7 +768,7 @@ module TestCodec_ChainOfCertificates {
);
// Signed it
v_raw_payload_to_be_signed := bit2oct(encvalue(v_toBeSignedData));
v_sig := f_signWithEcdsaNistp256WithSha256(v_raw_payload_to_be_signed, p_at_sec_info.hashedid8, p_at_sec_info.private_key);
v_sig := f_signWithEcdsaNistp256WithSha256(v_raw_payload_to_be_signed, f_hashWithSha256(p_at_sec_info.enc_cert), p_at_sec_info.private_key);
// Finalize the secured message
v_secured_data := valueof(
m_etsiTs103097Data_signed(
......@@ -815,7 +814,7 @@ module TestCodec_ChainOfCertificates {
);
// Signed it
v_raw_payload_to_be_signed := bit2oct(encvalue(v_toBeSignedData));
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(v_raw_payload_to_be_signed, p_at_sec_info.hashedid8, p_at_sec_info.private_key);
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(v_raw_payload_to_be_signed, f_hashWithSha256(p_at_sec_info.enc_cert), p_at_sec_info.private_key);
// Finalize the secured message
v_secured_data := m_etsiTs103097Data_signed(
m_signedData(
......
ttcn/TestCodec/TestCodec_SecuredFuntions.ttcn
View file @ 1966f90e
......@@ -200,7 +200,7 @@ module TestCodec_SecuredFuntions {
log("v_public_key Y= ", v_publicKeyY);
log("v_public_key compressed= ", v_publicKeyCompressed, v_compressedMode);
v_sig := f_signWithEcdsaNistp256WithSha256(v_encMsg, 'CAFEDECACAFEDECA'O, v_private_key);
v_sig := f_signWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 32), v_private_key);
if (lengthof(v_sig) == 0) {
setverdict(fail);
stop;
......@@ -227,18 +227,18 @@ module TestCodec_SecuredFuntions {
log("v_public_key Y= ", v_publicKeyY);
log("v_public_key compressed= ", v_publicKeyCompressed, v_compressedMode);
v_sig := f_signWithEcdsaNistp256WithSha256(v_encMsg, 'CAFEDECACAFEDECA'O, v_private_key);
v_sig := f_signWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 32), v_private_key);
if (lengthof(v_sig) == 0) {
setverdict(fail);
stop;
}
if (f_verifyWithEcdsaNistp256WithSha256(v_encMsg, 'CAFEDECACAFEDECA'O, v_sig, v_publicKeyCompressed, v_compressedMode) == false) {
if (f_verifyWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 32), v_sig, v_publicKeyCompressed, v_compressedMode) == false) {
setverdict(fail);
} else {
setverdict(pass);
}
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, 'CAFEDECACAFEDECA'O, v_sig, v_publicKeyX, v_publicKeyY) == false) {
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, int2oct(10, 32), v_sig, v_publicKeyX, v_publicKeyY) == false) {
setverdict(fail);
} else {
setverdict(pass);
......@@ -266,18 +266,18 @@ module TestCodec_SecuredFuntions {
v_private_key_wrong := v_private_key;
v_sig := f_signWithEcdsaNistp256WithSha256(v_encMsg, 'CAFEDECACAFEDECA'O, v_private_key);
v_sig := f_signWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 32), v_private_key);
if (lengthof(v_sig) == 0) {
setverdict(fail);
stop;
}
if (f_verifyWithEcdsaNistp256WithSha256(v_encMsg, 'CAFEDECACAFEDECA'O, v_sig, v_publicKeyCompressed, v_compressedMode) == false) {
if (f_verifyWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 32), v_sig, v_publicKeyCompressed, v_compressedMode) == false) {
setverdict(fail);
} else {
setverdict(pass);
}
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, 'CAFEDECACAFEDECA'O, v_sig, v_publicKeyX, v_publicKeyY) == false) {
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, int2oct(10, 32), v_sig, v_publicKeyX, v_publicKeyY) == false) {
setverdict(fail);
stop;
} else {
......@@ -285,13 +285,13 @@ module TestCodec_SecuredFuntions {
}
v_private_key_wrong[2] := 'AA'O;
v_sig := f_signWithEcdsaNistp256WithSha256(v_encMsg, 'CAFEDECACAFEDECA'O, v_private_key_wrong);
if (f_verifyWithEcdsaNistp256WithSha256(v_encMsg, 'CAFEDECACAFEDECA'O, v_sig, v_publicKeyCompressed, v_compressedMode) == true) {
v_sig := f_signWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 32), v_private_key_wrong);
if (f_verifyWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 32), v_sig, v_publicKeyCompressed, v_compressedMode) == true) {
setverdict(fail);
} else {
setverdict(pass);
}
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, 'CAFEDECACAFEDECA'O, v_sig, v_publicKeyX, v_publicKeyY) == true) {
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, int2oct(10, 32), v_sig, v_publicKeyX, v_publicKeyY) == true) {
setverdict(fail);
} else {
setverdict(pass);
......@@ -319,42 +319,42 @@ module TestCodec_SecuredFuntions {
log("v_public_key Y= ", v_publicKeyY);
log("v_public_key compressed= ", v_publicKeyCompressed, v_compressedMode);
v_sig := f_signWithEcdsaNistp256WithSha256(v_encMsg, 'CAFEDECACAFEDECA'O, v_private_key);
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, 'CAFEDECACAFEDECA'O, v_sig, v_publicKeyX, v_publicKeyY) == false) {
v_sig := f_signWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 32), v_private_key);
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, int2oct(10, 32), v_sig, v_publicKeyX, v_publicKeyY) == false) {
setverdict(fail);
stop;
}
if (f_verifyWithEcdsaNistp256WithSha256_1('0A0A0A0A'O, 'CAFEDECACAFEDECA'O, v_sig, v_publicKeyX, v_publicKeyY) == true) {
if (f_verifyWithEcdsaNistp256WithSha256_1('0A0A0A0A'O, int2oct(10, 32), v_sig, v_publicKeyX, v_publicKeyY) == true) {
setverdict(fail);
stop;
}
v_sig_wrong := v_sig;
v_sig_wrong[0] := 'FF'O;
if (f_verifyWithEcdsaNistp256WithSha256(v_encMsg, 'CAFEDECACAFEDECA'O, v_sig_wrong, v_publicKeyCompressed, v_compressedMode) == true) {
if (f_verifyWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 32), v_sig_wrong, v_publicKeyCompressed, v_compressedMode) == true) {
setverdict(fail);
}
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, 'CAFEDECACAFEDECA'O, v_sig_wrong, v_publicKeyX, v_publicKeyY) == true) {
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, int2oct(10, 32), v_sig_wrong, v_publicKeyX, v_publicKeyY) == true) {
setverdict(fail);
stop;
}
v_publicKeyX_wrong := v_publicKeyCompressed;
v_publicKeyX_wrong[0] := 'FF'O;
if (f_verifyWithEcdsaNistp256WithSha256(v_encMsg, 'CAFEDECACAFEDECA'O, v_sig_wrong, v_publicKeyCompressed, v_compressedMode) == true) {
if (f_verifyWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 32), v_sig_wrong, v_publicKeyCompressed, v_compressedMode) == true) {
setverdict(fail);
}
v_publicKeyX_wrong := v_publicKeyX;
v_publicKeyX_wrong[0] := 'FF'O;
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, 'CAFEDECACAFEDECA'O, v_sig, v_publicKeyX_wrong, v_publicKeyY) == true) {
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, int2oct(10, 32), v_sig, v_publicKeyX_wrong, v_publicKeyY) == true) {
setverdict(fail);
stop;
}
v_publicKeyY_wrong := v_publicKeyY;
v_publicKeyY_wrong[0] := 'FF'O;
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, 'CAFEDECACAFEDECA'O, v_sig, v_publicKeyX, v_publicKeyY_wrong) == true) {
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, int2oct(10, 32), v_sig, v_publicKeyX, v_publicKeyY_wrong) == true) {
setverdict(fail);
stop;
}
......@@ -380,7 +380,7 @@ module TestCodec_SecuredFuntions {
log("v_public_key Y= ", v_publicKeyY);
log("v_public_key compressed= ", v_publicKeyCompressed, v_compressedMode);
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(v_encMsg, 'CAFEDECACAFEDECA'O, v_private_key);
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(v_encMsg, int2oct(10, 32), v_private_key);
if (lengthof(v_sig) == 0) {
setverdict(fail);
stop;
......@@ -407,7 +407,7 @@ module TestCodec_SecuredFuntions {
log("v_public_key Y= ", v_publicKeyY);
log("v_public_key compressed= ", v_publicKeyCompressed, v_compressedMode);
v_sig := f_signWithEcdsaBrainpoolp384WithSha384(v_encMsg, 'CAFEDECACAFEDECA'O, v_private_key);
v_sig := f_signWithEcdsaBrainpoolp384WithSha384(v_encMsg, int2oct(10, 48), v_private_key);
if (lengthof(v_sig) == 0) {
setverdict(fail);
stop;
......@@ -434,18 +434,18 @@ module TestCodec_SecuredFuntions {
log("v_public_key Y= ", v_publicKeyY);
log("v_public_key compressed= ", v_publicKeyCompressed, v_compressedMode);
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(v_encMsg, 'CAFEDECACAFEDECA'O, v_private_key);
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(v_encMsg, int2oct(10, 32), v_private_key);
if (lengthof(v_sig) == 0) {
setverdict(fail);
stop;
}
if (f_verifyWithEcdsaBrainpoolp256WithSha256(v_encMsg, 'CAFEDECACAFEDECA'O, v_sig, v_publicKeyCompressed, v_compressedMode) == false) {
if (f_verifyWithEcdsaBrainpoolp256WithSha256(v_encMsg, int2oct(10, 32), v_sig, v_publicKeyCompressed, v_compressedMode) == false) {
setverdict(fail);
} else {
setverdict(pass);
}
if (f_verifyWithEcdsaBrainpoolp256WithSha256_1(v_encMsg, 'CAFEDECACAFEDECA'O, v_sig, v_publicKeyX, v_publicKeyY) == false) {
if (f_verifyWithEcdsaBrainpoolp256WithSha256_1(v_encMsg, int2oct(10, 32), v_sig, v_publicKeyX, v_publicKeyY) == false) {
setverdict(fail);
} else {
setverdict(pass);
......@@ -473,31 +473,31 @@ module TestCodec_SecuredFuntions {
v_private_key_wrong := v_private_key;
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(v_encMsg, 'CAFEDECACAFEDECA'O, v_private_key);
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(v_encMsg, int2oct(10, 32), v_private_key);
if (lengthof(v_sig) == 0) {
setverdict(fail);
stop;