Commit 1966f90e authored by garciay's avatar garciay
Browse files

Major security bugs fixed for signature. Encryption to do.

parent 69b69ba3
......@@ -34,9 +34,9 @@ module ItsGenCert_Functions {
if (p_certificate_params.encryption_key == true) {
if (p_certificate_params.encryption_curve == e_nist_p256) {
f_generate_key_pair_nistp256(p_certificate_details.private_enc_key, p_certificate_details.public_enc_key_x, p_certificate_details.public_enc_key_y, p_certificate_details.public_key_compressed, p_certificate_details.public_key_compressed_mode);
f_generate_key_pair_nistp256(p_certificate_details.private_enc_key, p_certificate_details.public_enc_key_x, p_certificate_details.public_enc_key_y, p_certificate_details.public_enc_key_compressed, p_certificate_details.public_enc_key_compressed_mode);
} else if (p_certificate_params.encryption_curve == e_brainpool_p256) {
f_generate_key_pair_brainpoolp256(p_certificate_details.private_enc_key, p_certificate_details.public_enc_key_x, p_certificate_details.public_enc_key_y, p_certificate_details.public_key_compressed, p_certificate_details.public_key_compressed_mode);
f_generate_key_pair_brainpoolp256(p_certificate_details.private_enc_key, p_certificate_details.public_enc_key_x, p_certificate_details.public_enc_key_y, p_certificate_details.public_enc_key_compressed, p_certificate_details.public_enc_key_compressed_mode);
} else {
log("f_generate_signing_keys: Unsupported encryption curve");
return -1;
......@@ -115,23 +115,41 @@ module ItsGenCert_Functions {
);
if (p_certificate_params.encryption_key == true) {
if (p_certificate_params.encryption_curve == e_nist_p256) {
p_certificate_details.certificate.toBeSigned.encryptionKey := valueof(m_encryptionKey(
aes128Ccm,
m_publicEncryptionKey_ecdsaNistP256(
m_eccP256CurvePoint_uncompressed(
p_certificate_details.public_enc_key_x,
p_certificate_details.public_enc_key_y
)))
if (p_certificate_details.public_enc_key_compressed_mode == 0) {
p_certificate_details.certificate.toBeSigned.encryptionKey := valueof(m_encryptionKey(
aes128Ccm,
m_publicEncryptionKey_ecdsaNistP256(
m_eccP256CurvePoint_compressed_y_0(
p_certificate_details.public_enc_key_compressed
)))
);
} else {
p_certificate_details.certificate.toBeSigned.encryptionKey := valueof(m_encryptionKey(
aes128Ccm,
m_publicEncryptionKey_ecdsaNistP256(
m_eccP256CurvePoint_compressed_y_1(
p_certificate_details.public_enc_key_compressed
)))
);
}
} else if (p_certificate_params.encryption_curve == e_brainpool_p256) {
p_certificate_details.certificate.toBeSigned.encryptionKey := valueof(m_encryptionKey(
aes128Ccm,
m_publicEncryptionKey_eciesBrainpoolP256r1(
m_eccP256CurvePoint_uncompressed(
p_certificate_details.public_enc_key_x,
p_certificate_details.public_enc_key_y
)))
);
if (p_certificate_details.public_enc_key_compressed_mode == 0) {
p_certificate_details.certificate.toBeSigned.encryptionKey := valueof(m_encryptionKey(
aes128Ccm,
m_publicEncryptionKey_eciesBrainpoolP256r1(
m_eccP256CurvePoint_compressed_y_0(
p_certificate_details.public_enc_key_compressed
)))
);
} else {
p_certificate_details.certificate.toBeSigned.encryptionKey := valueof(m_encryptionKey(
aes128Ccm,
m_publicEncryptionKey_eciesBrainpoolP256r1(
m_eccP256CurvePoint_compressed_y_1(
p_certificate_details.public_enc_key_compressed
)))
);
}
}
}
......@@ -144,18 +162,20 @@ module ItsGenCert_Functions {
inout certificate_details p_certificate_details
) return integer {
var bitstring v_enc_msg;
var HashedId8 v_issuer := '0000000000000000'O;
var octetstring v_issuer;
var octetstring v_signature;
// Encode it ==> Get octetstring
v_enc_msg := encvalue(p_certificate_details.certificate.toBeSigned);
if (p_issuer_certificate_details.issuer != p_issuer_certificate_details.hashid8) { // This is not a CA certificate
v_issuer := p_issuer_certificate_details.issuer;
}
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
if (p_certificate_params.curve == e_nist_p256) {
v_signature := f_signWithEcdsaNistp256WithSha256(bit2oct(v_enc_msg), v_issuer, p_issuer_certificate_details.private_key);
if (p_issuer_certificate_details.issuer != p_issuer_certificate_details.hashid8) { // This is not a CA certificate
v_issuer := f_hashWithSha256(p_issuer_certificate_details.enc_cert);
} else {
v_issuer := int2oct(0, 32);
}
v_signature := f_signWithEcdsaNistp256WithSha256(bit2oct(v_enc_msg), v_issuer, p_issuer_certificate_details.private_key);
if (lengthof(v_signature) != 64) {
setverdict(fail, "Wrong signature size, shall be 64 instead of ", lengthof(v_signature));
stop;
......@@ -170,6 +190,11 @@ module ItsGenCert_Functions {
)
));
} else if (p_certificate_params.curve == e_brainpool_p256) {
if (p_issuer_certificate_details.issuer != p_issuer_certificate_details.hashid8) { // This is not a CA certificate
v_issuer := f_hashWithSha256(p_issuer_certificate_details.enc_cert);
} else {
v_issuer := int2oct(0, 32);
}
v_signature := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_enc_msg), v_issuer, p_issuer_certificate_details.private_key);
if (lengthof(v_signature) != 64) {
setverdict(fail, "Wrong signature size, shall be 64 instead of ", lengthof(v_signature));
......@@ -185,6 +210,11 @@ module ItsGenCert_Functions {
)
));
} else if (p_certificate_params.curve == e_brainpool_p384) {
if (p_issuer_certificate_details.issuer != p_issuer_certificate_details.hashid8) { // This is not a CA certificate
v_issuer := f_hashWithSha384(p_issuer_certificate_details.enc_cert);
} else {
v_issuer := int2oct(0, 48);
}
v_signature := f_signWithEcdsaBrainpoolp384WithSha384(bit2oct(v_enc_msg), v_issuer, p_issuer_certificate_details.private_key);
if (lengthof(v_signature) != 96) {
setverdict(fail, "Wrong signature size, shall be 96 instead of ", lengthof(v_signature));
......
......@@ -42,7 +42,7 @@ module ItsGencert_TestCases {
// Setup
v_certificate_params := PICS_CERTFICATES[v_counter];
v_details := { v_certificate_params.certificate_id, {}, ''O, ''O, ''O, ''O, ''O, 0, '0000000000000000'O, '0000000000000000'O, omit, omit, omit };
v_details := { v_certificate_params.certificate_id, {}, ''O, ''O, ''O, ''O, ''O, 0, '0000000000000000'O, '0000000000000000'O, omit, omit, omit, omit, omit };
// Generate Private/Public signing and encryption keys for the certificate
if (f_generate_signing_keys(v_certificate_params, v_details) == -1) {
......
......@@ -101,7 +101,9 @@ module ItsGenCert_TypeAndValues {
HashedId8 issuer,
octetstring private_enc_key optional,
octetstring public_enc_key_x optional,
octetstring public_enc_key_y optional
octetstring public_enc_key_y optional,
octetstring public_enc_key_compressed optional,
integer public_enc_key_compressed_mode optional
} // End of type certificate_details
type record of certificate_details certificate_details_list;
......
......@@ -91,7 +91,7 @@ module TestCodec_Certificates {
v_encMsg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
// IEEE Std 1609.2-20XX Clause 5.3.1 ii) If the verification type is self-signed, signer identifier input shall be the empty string, i.e., a string of length 0.
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_encMsg), '0000000000000000'O, v_private_key);
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_encMsg), int2oct(0, 32), v_private_key);
if (lengthof(v_sig) != 64) {
log("Invalid signature: ", v_sig);
setverdict(fail);
......@@ -122,7 +122,7 @@ module TestCodec_Certificates {
}
if (f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_encMsg),
'0000000000000000'O,
int2oct(0, 32),
v_cert_dec.signature_.ecdsaNistP256Signature.rSig.x_only & v_cert_dec.signature_.ecdsaNistP256Signature.sSig,
v_publicKeyCompressed,
v_compressedMode
......@@ -193,7 +193,7 @@ module TestCodec_Certificates {
log("Encode template ", valueof(v_cert.toBeSigned));
v_encMsg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_encMsg), '0000000000000000'O, v_private_key);
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_encMsg), int2oct(0, 32), v_private_key);
if (lengthof(v_sig) != 64) {
log("Invalid signature: ", v_sig);
setverdict(fail);
......@@ -224,7 +224,7 @@ module TestCodec_Certificates {
}
if (f_verifyWithEcdsaBrainpoolp256WithSha256(
bit2oct(v_encMsg),
'0000000000000000'O,
int2oct(0, 32),
v_cert_dec.signature_.ecdsaBrainpoolP256r1Signature.rSig.x_only & v_cert_dec.signature_.ecdsaBrainpoolP256r1Signature.sSig,
v_publicKeyCompressed,
v_compressedMode
......@@ -311,7 +311,7 @@ module TestCodec_Certificates {
log("Encode template ", valueof(v_cert.toBeSigned));
v_encMsg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_encMsg), '0000000000000000'O, v_private_key);
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_encMsg), int2oct(0, 32), v_private_key);
if (lengthof(v_sig) != 64) {
log("Invalid signature: ", v_sig);
setverdict(fail);
......@@ -342,7 +342,7 @@ module TestCodec_Certificates {
}
if (f_verifyWithEcdsaBrainpoolp256WithSha256(
bit2oct(v_encMsg),
'0000000000000000'O,
int2oct(0, 32),
v_cert_dec.signature_.ecdsaBrainpoolP256r1Signature.rSig.x_only & v_cert_dec.signature_.ecdsaBrainpoolP256r1Signature.sSig,
v_publicKeyCompressed,
v_compressedMode
......@@ -413,7 +413,7 @@ module TestCodec_Certificates {
log("Encode template ", valueof(v_cert.toBeSigned));
v_encMsg := encvalue(v_cert.toBeSigned);
// Sign the certificate
v_sig := f_signWithEcdsaBrainpoolp384WithSha384(bit2oct(v_encMsg), '0000000000000000'O, v_private_key);
v_sig := f_signWithEcdsaBrainpoolp384WithSha384(bit2oct(v_encMsg), int2oct(0, 48), v_private_key);
if (lengthof(v_sig) != 96) {
log("Invalid signature: ", v_sig);
setverdict(fail);
......@@ -444,7 +444,7 @@ module TestCodec_Certificates {
}
if (f_verifyWithEcdsaBrainpoolp384WithSha384(
bit2oct(v_encMsg),
'0000000000000000'O,
int2oct(0, 48),
v_cert_dec.signature_.ecdsaBrainpoolP384r1Signature.rSig.x_only & v_cert_dec.signature_.ecdsaBrainpoolP384r1Signature.sSig,
v_publicKeyCompressed,
v_compressedMode
......@@ -511,7 +511,7 @@ module TestCodec_Certificates {
log("Encode template ", valueof(v_cert));
v_encMsg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_encMsg), '0000000000000000'O, v_private_key);
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_encMsg), int2oct(0, 32), v_private_key);
if (lengthof(v_sig) != 64) {
log("Invalid signature: ", v_sig);
setverdict(fail);
......@@ -543,7 +543,7 @@ module TestCodec_Certificates {
}
if (f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_encMsg),
'0000000000000000'O,
int2oct(0, 32),
v_cert_dec.signature_.ecdsaNistP256Signature.rSig.x_only & v_cert_dec.signature_.ecdsaNistP256Signature.sSig,
v_publicKeyCompressed,
v_compressedMode
......@@ -609,7 +609,7 @@ module TestCodec_Certificates {
log("Encode template ", valueof(v_cert.toBeSigned));
v_encMsg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_encMsg), '0000000000000000'O, v_private_key);
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_encMsg), int2oct(0, 32), v_private_key);
if (lengthof(v_sig) != 64) {
log("Invalid signature: ", v_sig);
setverdict(fail);
......@@ -639,7 +639,7 @@ module TestCodec_Certificates {
}
if (f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_encMsg),
'0000000000000000'O,
int2oct(0, 32),
v_cert_dec.signature_.ecdsaNistP256Signature.rSig.x_only & v_cert_dec.signature_.ecdsaNistP256Signature.sSig,
v_publicKeyCompressed,
v_compressedMode
......@@ -702,7 +702,7 @@ module TestCodec_Certificates {
log("Encode template ", valueof(v_cert.toBeSigned));
v_encMsg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (BP p-256)
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_encMsg), '0000000000000000'O, v_private_key);
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_encMsg), int2oct(0, 32), v_private_key);
if (lengthof(v_sig) != 64) {
log("Invalid signature: ", v_sig);
setverdict(fail);
......@@ -732,7 +732,7 @@ module TestCodec_Certificates {
}
if (f_verifyWithEcdsaBrainpoolp256WithSha256(
bit2oct(v_encMsg),
'0000000000000000'O,
int2oct(0, 32),
v_cert_dec.signature_.ecdsaBrainpoolP256r1Signature.rSig.x_only & v_cert_dec.signature_.ecdsaBrainpoolP256r1Signature.sSig,
v_publicKeyCompressed,
v_compressedMode
......
......@@ -68,7 +68,7 @@ module TestCodec_ChainOfCertificates {
}
if (f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_enc_msg),
'0000000000000000'O,
int2oct(0, 32),
v_chain_sec_info.ca.cert.signature_.ecdsaNistP256Signature.rSig.x_only & v_chain_sec_info.ca.cert.signature_.ecdsaNistP256Signature.sSig,
v_publicKeyCompressed,
v_publicKeyCompressedMode
......@@ -76,7 +76,6 @@ module TestCodec_ChainOfCertificates {
setverdict(fail);
} else {
setverdict(pass);
v_enc_msg := encvalue(v_chain_sec_info.ca.cert);
log("Root keys: ", v_chain_sec_info.ca.cert);
}
......@@ -97,7 +96,7 @@ module TestCodec_ChainOfCertificates {
}
if (f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_enc_msg),
v_chain_sec_info.aa.issuer,
f_hashWithSha256(v_chain_sec_info.ca.enc_cert),
v_chain_sec_info.aa.cert.signature_.ecdsaNistP256Signature.rSig.x_only & v_chain_sec_info.aa.cert.signature_.ecdsaNistP256Signature.sSig,
v_publicKeyCompressed,
v_publicKeyCompressedMode
......@@ -126,7 +125,7 @@ module TestCodec_ChainOfCertificates {
}
if (f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_enc_msg),
v_chain_sec_info.at.issuer,
f_hashWithSha256(v_chain_sec_info.aa.enc_cert),
v_chain_sec_info.at.cert.signature_.ecdsaNistP256Signature.rSig.x_only & v_chain_sec_info.at.cert.signature_.ecdsaNistP256Signature.sSig,
v_publicKeyCompressed,
v_publicKeyCompressedMode
......@@ -177,7 +176,7 @@ module TestCodec_ChainOfCertificates {
}
if (f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_enc_msg),
v_chain_sec_info.at.hashedid8,
f_hashWithSha256(v_chain_sec_info.at.enc_cert),
valueof(v_secured_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only) & valueof(v_secured_data.content.signedData.signature_.ecdsaNistP256Signature.sSig),
v_publicKeyCompressed,
v_publicKeyCompressedMode
......@@ -221,7 +220,7 @@ module TestCodec_ChainOfCertificates {
}
if (f_verifyWithEcdsaBrainpoolp256WithSha256(
bit2oct(v_enc_msg),
'0000000000000000'O,
int2oct(0, 32),
v_chain_sec_info.ca.cert.signature_.ecdsaBrainpoolP256r1Signature.rSig.x_only & v_chain_sec_info.ca.cert.signature_.ecdsaBrainpoolP256r1Signature.sSig,
v_publicKeyCompressed,
v_publicKeyCompressedMode
......@@ -248,7 +247,7 @@ module TestCodec_ChainOfCertificates {
}
if (f_verifyWithEcdsaBrainpoolp256WithSha256(
bit2oct(v_enc_msg),
v_chain_sec_info.aa.issuer,
f_hashWithSha256(v_chain_sec_info.ca.enc_cert),
v_chain_sec_info.aa.cert.signature_.ecdsaBrainpoolP256r1Signature.rSig.x_only & v_chain_sec_info.aa.cert.signature_.ecdsaBrainpoolP256r1Signature.sSig,
v_publicKeyCompressed,
v_publicKeyCompressedMode
......@@ -275,7 +274,7 @@ module TestCodec_ChainOfCertificates {
}
if (f_verifyWithEcdsaBrainpoolp256WithSha256(
bit2oct(v_enc_msg),
v_chain_sec_info.at.issuer,
f_hashWithSha256(v_chain_sec_info.aa.enc_cert),
v_chain_sec_info.at.cert.signature_.ecdsaBrainpoolP256r1Signature.rSig.x_only & v_chain_sec_info.at.cert.signature_.ecdsaBrainpoolP256r1Signature.sSig,
v_publicKeyCompressed,
v_publicKeyCompressedMode
......@@ -324,7 +323,7 @@ module TestCodec_ChainOfCertificates {
}
if (f_verifyWithEcdsaBrainpoolp256WithSha256(
bit2oct(v_enc_msg),
v_chain_sec_info.at.hashedid8,
f_hashWithSha256(v_chain_sec_info.at.enc_cert),
valueof(v_secured_data.content.signedData.signature_.ecdsaBrainpoolP256r1Signature.rSig.x_only) & valueof(v_secured_data.content.signedData.signature_.ecdsaBrainpoolP256r1Signature.sSig),
v_publicKeyCompressed,
v_publicKeyCompressedMode
......@@ -396,7 +395,7 @@ module TestCodec_ChainOfCertificates {
// Encode it ==> Get octetstring
v_enc_msg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_enc_msg), '0000000000000000'O, p_ca_sec_info.private_key);
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_enc_msg), int2oct(0, 32), p_ca_sec_info.private_key);
v_cert.signature_ := m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
......@@ -466,7 +465,7 @@ module TestCodec_ChainOfCertificates {
// Encode it ==> Get octetstring
v_enc_msg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (BRAINPOOL P-256)
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_enc_msg), '0000000000000000'O, p_ca_sec_info.private_key);
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_enc_msg), int2oct(0, 32), p_ca_sec_info.private_key);
v_cert.signature_ := m_signature_ecdsaBrainpoolP256r1(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
......@@ -532,7 +531,7 @@ module TestCodec_ChainOfCertificates {
// Encode it ==> Get octetstring
v_enc_msg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST P-256)
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_enc_msg), p_ca_sec_info.hashedid8, p_ca_sec_info.private_key);
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_enc_msg), f_hashWithSha256(p_ca_sec_info.enc_cert), p_ca_sec_info.private_key);
v_cert.signature_ := m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
......@@ -598,7 +597,7 @@ module TestCodec_ChainOfCertificates {
// Encode it ==> Get octetstring
v_enc_msg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (BRAINPOOL P-256)
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_enc_msg), p_ca_sec_info.hashedid8, p_ca_sec_info.private_key);
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_enc_msg), f_hashWithSha256(p_ca_sec_info.enc_cert), p_ca_sec_info.private_key);
v_cert.signature_ := m_signature_ecdsaBrainpoolP256r1(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
......@@ -665,7 +664,7 @@ module TestCodec_ChainOfCertificates {
log("Encode template ", valueof(v_cert));
v_enc_msg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST P-256)
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_enc_msg), p_aa_sec_info.hashedid8, p_aa_sec_info.private_key);
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_enc_msg), f_hashWithSha256(p_aa_sec_info.enc_cert), p_aa_sec_info.private_key);
v_cert.signature_ := m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
......@@ -732,7 +731,7 @@ module TestCodec_ChainOfCertificates {
log("Encode template ", valueof(v_cert));
v_enc_msg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (BRAINPOOL P-256)
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_enc_msg), p_aa_sec_info.hashedid8, p_aa_sec_info.private_key);
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_enc_msg), f_hashWithSha256(p_aa_sec_info.enc_cert), p_aa_sec_info.private_key);
v_cert.signature_ := m_signature_ecdsaBrainpoolP256r1(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
......@@ -769,7 +768,7 @@ module TestCodec_ChainOfCertificates {
);
// Signed it
v_raw_payload_to_be_signed := bit2oct(encvalue(v_toBeSignedData));
v_sig := f_signWithEcdsaNistp256WithSha256(v_raw_payload_to_be_signed, p_at_sec_info.hashedid8, p_at_sec_info.private_key);
v_sig := f_signWithEcdsaNistp256WithSha256(v_raw_payload_to_be_signed, f_hashWithSha256(p_at_sec_info.enc_cert), p_at_sec_info.private_key);
// Finalize the secured message
v_secured_data := valueof(
m_etsiTs103097Data_signed(
......@@ -815,7 +814,7 @@ module TestCodec_ChainOfCertificates {
);
// Signed it
v_raw_payload_to_be_signed := bit2oct(encvalue(v_toBeSignedData));
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(v_raw_payload_to_be_signed, p_at_sec_info.hashedid8, p_at_sec_info.private_key);
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(v_raw_payload_to_be_signed, f_hashWithSha256(p_at_sec_info.enc_cert), p_at_sec_info.private_key);
// Finalize the secured message
v_secured_data := m_etsiTs103097Data_signed(
m_signedData(
......
......@@ -200,7 +200,7 @@ module TestCodec_SecuredFuntions {
log("v_public_key Y= ", v_publicKeyY);
log("v_public_key compressed= ", v_publicKeyCompressed, v_compressedMode);
v_sig := f_signWithEcdsaNistp256WithSha256(v_encMsg, 'CAFEDECACAFEDECA'O, v_private_key);
v_sig := f_signWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 32), v_private_key);
if (lengthof(v_sig) == 0) {
setverdict(fail);
stop;
......@@ -227,18 +227,18 @@ module TestCodec_SecuredFuntions {
log("v_public_key Y= ", v_publicKeyY);
log("v_public_key compressed= ", v_publicKeyCompressed, v_compressedMode);
v_sig := f_signWithEcdsaNistp256WithSha256(v_encMsg, 'CAFEDECACAFEDECA'O, v_private_key);
v_sig := f_signWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 32), v_private_key);
if (lengthof(v_sig) == 0) {
setverdict(fail);
stop;
}
if (f_verifyWithEcdsaNistp256WithSha256(v_encMsg, 'CAFEDECACAFEDECA'O, v_sig, v_publicKeyCompressed, v_compressedMode) == false) {
if (f_verifyWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 32), v_sig, v_publicKeyCompressed, v_compressedMode) == false) {
setverdict(fail);
} else {
setverdict(pass);
}
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, 'CAFEDECACAFEDECA'O, v_sig, v_publicKeyX, v_publicKeyY) == false) {
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, int2oct(10, 32), v_sig, v_publicKeyX, v_publicKeyY) == false) {
setverdict(fail);
} else {
setverdict(pass);
......@@ -266,18 +266,18 @@ module TestCodec_SecuredFuntions {
v_private_key_wrong := v_private_key;
v_sig := f_signWithEcdsaNistp256WithSha256(v_encMsg, 'CAFEDECACAFEDECA'O, v_private_key);
v_sig := f_signWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 32), v_private_key);
if (lengthof(v_sig) == 0) {
setverdict(fail);
stop;
}
if (f_verifyWithEcdsaNistp256WithSha256(v_encMsg, 'CAFEDECACAFEDECA'O, v_sig, v_publicKeyCompressed, v_compressedMode) == false) {
if (f_verifyWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 32), v_sig, v_publicKeyCompressed, v_compressedMode) == false) {
setverdict(fail);
} else {
setverdict(pass);
}
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, 'CAFEDECACAFEDECA'O, v_sig, v_publicKeyX, v_publicKeyY) == false) {
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, int2oct(10, 32), v_sig, v_publicKeyX, v_publicKeyY) == false) {
setverdict(fail);
stop;
} else {
......@@ -285,13 +285,13 @@ module TestCodec_SecuredFuntions {
}
v_private_key_wrong[2] := 'AA'O;
v_sig := f_signWithEcdsaNistp256WithSha256(v_encMsg, 'CAFEDECACAFEDECA'O, v_private_key_wrong);
if (f_verifyWithEcdsaNistp256WithSha256(v_encMsg, 'CAFEDECACAFEDECA'O, v_sig, v_publicKeyCompressed, v_compressedMode) == true) {
v_sig := f_signWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 32), v_private_key_wrong);
if (f_verifyWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 32), v_sig, v_publicKeyCompressed, v_compressedMode) == true) {
setverdict(fail);
} else {
setverdict(pass);
}
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, 'CAFEDECACAFEDECA'O, v_sig, v_publicKeyX, v_publicKeyY) == true) {
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, int2oct(10, 32), v_sig, v_publicKeyX, v_publicKeyY) == true) {
setverdict(fail);
} else {
setverdict(pass);
......@@ -319,42 +319,42 @@ module TestCodec_SecuredFuntions {
log("v_public_key Y= ", v_publicKeyY);
log("v_public_key compressed= ", v_publicKeyCompressed, v_compressedMode);
v_sig := f_signWithEcdsaNistp256WithSha256(v_encMsg, 'CAFEDECACAFEDECA'O, v_private_key);
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, 'CAFEDECACAFEDECA'O, v_sig, v_publicKeyX, v_publicKeyY) == false) {
v_sig := f_signWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 32), v_private_key);
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, int2oct(10, 32), v_sig, v_publicKeyX, v_publicKeyY) == false) {
setverdict(fail);
stop;
}
if (f_verifyWithEcdsaNistp256WithSha256_1('0A0A0A0A'O, 'CAFEDECACAFEDECA'O, v_sig, v_publicKeyX, v_publicKeyY) == true) {
if (f_verifyWithEcdsaNistp256WithSha256_1('0A0A0A0A'O, int2oct(10, 32), v_sig, v_publicKeyX, v_publicKeyY) == true) {
setverdict(fail);
stop;
}
v_sig_wrong := v_sig;
v_sig_wrong[0] := 'FF'O;
if (f_verifyWithEcdsaNistp256WithSha256(v_encMsg, 'CAFEDECACAFEDECA'O, v_sig_wrong, v_publicKeyCompressed, v_compressedMode) == true) {
if (f_verifyWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 32), v_sig_wrong, v_publicKeyCompressed, v_compressedMode) == true) {
setverdict(fail);
}
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, 'CAFEDECACAFEDECA'O, v_sig_wrong, v_publicKeyX, v_publicKeyY) == true) {
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, int2oct(10, 32), v_sig_wrong, v_publicKeyX, v_publicKeyY) == true) {
setverdict(fail);
stop;
}
v_publicKeyX_wrong := v_publicKeyCompressed;
v_publicKeyX_wrong[0] := 'FF'O;
if (f_verifyWithEcdsaNistp256WithSha256(v_encMsg, 'CAFEDECACAFEDECA'O, v_sig_wrong, v_publicKeyCompressed, v_compressedMode) == true) {
if (f_verifyWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 32), v_sig_wrong, v_publicKeyCompressed, v_compressedMode) == true) {
setverdict(fail);
}
v_publicKeyX_wrong := v_publicKeyX;
v_publicKeyX_wrong[0] := 'FF'O;
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, 'CAFEDECACAFEDECA'O, v_sig, v_publicKeyX_wrong, v_publicKeyY) == true) {
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, int2oct(10, 32), v_sig, v_publicKeyX_wrong, v_publicKeyY) == true) {
setverdict(fail);
stop;
}
v_publicKeyY_wrong := v_publicKeyY;
v_publicKeyY_wrong[0] := 'FF'O;
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, 'CAFEDECACAFEDECA'O, v_sig, v_publicKeyX, v_publicKeyY_wrong) == true) {
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, int2oct(10, 32), v_sig, v_publicKeyX, v_publicKeyY_wrong) == true) {
setverdict(fail);
stop;
}
......@@ -380,7 +380,7 @@ module TestCodec_SecuredFuntions {
log("v_public_key Y= ", v_publicKeyY);
log("v_public_key compressed= ", v_publicKeyCompressed, v_compressedMode);
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(v_encMsg, 'CAFEDECACAFEDECA'O, v_private_key);
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(v_encMsg, int2oct(10, 32), v_private_key);
if (lengthof(v_sig) == 0) {
setverdict(fail);
stop;
......@@ -407,7 +407,7 @@ module TestCodec_SecuredFuntions {
log("v_public_key Y= ", v_publicKeyY);
log("v_public_key compressed= ", v_publicKeyCompressed, v_compressedMode);
v_sig := f_signWithEcdsaBrainpoolp384WithSha384(v_encMsg, 'CAFEDECACAFEDECA'O, v_private_key);
v_sig := f_signWithEcdsaBrainpoolp384WithSha384(v_encMsg, int2oct(10, 48), v_private_key);
if (lengthof(v_sig) == 0) {
setverdict(fail);
stop;
......@@ -434,18 +434,18 @@ module TestCodec_SecuredFuntions {
log("v_public_key Y= ", v_publicKeyY);
log("v_public_key compressed= ", v_publicKeyCompressed, v_compressedMode);
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(v_encMsg, 'CAFEDECACAFEDECA'O, v_private_key);
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(v_encMsg, int2oct(10, 32), v_private_key);
if (lengthof(v_sig) == 0) {
setverdict(fail);
stop;
}
if (f_verifyWithEcdsaBrainpoolp256WithSha256(v_encMsg, 'CAFEDECACAFEDECA'O, v_sig, v_publicKeyCompressed, v_compressedMode) == false) {
if (f_verifyWithEcdsaBrainpoolp256WithSha256(v_encMsg, int2oct(10, 32), v_sig, v_publicKeyCompressed, v_compressedMode) == false) {
setverdict(fail);
} else {
setverdict(pass);
}
if (f_verifyWithEcdsaBrainpoolp256WithSha256_1(v_encMsg, 'CAFEDECACAFEDECA'O, v_sig, v_publicKeyX, v_publicKeyY) == false) {
if (f_verifyWithEcdsaBrainpoolp256WithSha256_1(v_encMsg, int2oct(10, 32), v_sig, v_publicKeyX, v_publicKeyY) == false) {
setverdict(fail);
} else {
setverdict(pass);
......@@ -473,31 +473,31 @@ module TestCodec_SecuredFuntions {
v_private_key_wrong := v_private_key;
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(v_encMsg, 'CAFEDECACAFEDECA'O, v_private_key);
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(v_encMsg, int2oct(10, 32), v_private_key);
if (lengthof(v_sig) == 0) {
setverdict(fail);
stop;