Skip to content
GitLab
Commit bbf3737e authored by garciay's avatar garciay
Browse files

Bug fixed on self signed certificate signature

parent 429d7c9a
Hide whitespace changes
Inline Side-by-side
ttcn/AtsGenCert/ItsGenCert_Functions.ttcn
View file @ bbf3737e
......@@ -171,9 +171,9 @@ module ItsGenCert_Functions {
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
if (p_certificate_params.curve == e_nist_p256) {
if (p_issuer_certificate_details.certificate_id != p_certificate_details.certificate_id) { // This is not a CA certificate
v_issuer := p_certificate_details.issuer;
v_issuer := p_certificate_details.hash;
} else {
v_issuer := int2oct(0, 8); // Hash of empty string
v_issuer := int2oct(0, 32); // Hash of empty string
}
v_signature := f_signWithEcdsaNistp256WithSha256(bit2oct(v_enc_msg), v_issuer, p_issuer_certificate_details.private_key);
if (lengthof(v_signature) != 64) {
......@@ -191,9 +191,9 @@ module ItsGenCert_Functions {
));
} else if (p_certificate_params.curve == e_brainpool_p256) {
if (p_issuer_certificate_details.issuer != p_issuer_certificate_details.hashid8) { // This is not a CA certificate
v_issuer := p_certificate_details.issuer;
v_issuer := p_certificate_details.hash;
} else {
v_issuer := int2oct(0, 8); // Hash of empty string
v_issuer := int2oct(0, 32); // Hash of empty string
}
v_signature := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_enc_msg), v_issuer, p_issuer_certificate_details.private_key);
if (lengthof(v_signature) != 64) {
......@@ -211,9 +211,9 @@ module ItsGenCert_Functions {
));
} else if (p_certificate_params.curve == e_brainpool_p384) {
if (p_issuer_certificate_details.issuer != p_issuer_certificate_details.hashid8) { // This is not a CA certificate
v_issuer := p_issuer_certificate_details.issuer;
v_issuer := p_issuer_certificate_details.hash;
} else {
v_issuer := int2oct(0, 8);
v_issuer := int2oct(0, 48);
}
v_signature := f_signWithEcdsaBrainpoolp384WithSha384(bit2oct(v_enc_msg), v_issuer, p_issuer_certificate_details.private_key);
if (lengthof(v_signature) != 96) {
......@@ -271,9 +271,11 @@ module ItsGenCert_Functions {
p_certificate_details.enc_cert := bit2oct(encvalue(p_certificate_details.certificate));
// Calculate the whole HashedId8 as defined in IEEE Std 1609.2-20XX Clause 6.4.3 CertificateBase
if (p_certificate_params.hash_algorithm == sha256) {
p_certificate_details.hashid8 := f_HashedId8FromSha256(f_hashWithSha256(p_certificate_details.enc_cert));
p_certificate_details.hash := f_hashWithSha256(p_certificate_details.enc_cert);
p_certificate_details.hashid8 := f_HashedId8FromSha256(p_certificate_details.hash);
} else {
p_certificate_details.hashid8 := f_HashedId8FromSha384(f_hashWithSha384(p_certificate_details.enc_cert));
p_certificate_details.hash := f_hashWithSha384(p_certificate_details.enc_cert);
p_certificate_details.hashid8 := f_HashedId8FromSha384(p_certificate_details.hash);
}
if (p_certificate_params.certificate_id == p_certificate_params.signed_by) { // Root certificate
log("f_finalyse_certificate: Root certificate");
......
ttcn/AtsGenCert/ItsGenCert_TestCases.ttcn
View file @ bbf3737e
......@@ -42,7 +42,7 @@ module ItsGencert_TestCases {
// Setup
v_certificate_params := PICS_CERTFICATES[v_counter];
v_details := { v_certificate_params.certificate_id, {}, ''O, ''O, ''O, ''O, ''O, 0, '0000000000000000'O, '0000000000000000'O, omit, omit, omit, omit, omit };
v_details := { v_certificate_params.certificate_id, {}, ''O, ''O, ''O, ''O, ''O, 0, ''O, '0000000000000000'O, '0000000000000000'O, omit, omit, omit, omit, omit };
// Generate Private/Public signing and encryption keys for the certificate
if (f_generate_signing_keys(v_certificate_params, v_details) == -1) {
......
ttcn/AtsGenCert/ItsGenCert_TypeAndValues.ttcn
View file @ bbf3737e
......@@ -91,6 +91,7 @@ module ItsGenCert_TypeAndValues {
/**
* @desc Certificate description
* @member enc_cert The COER encoding of the whole certificate, including the signature
* @member hash The whole certificate (including the signature) Hash
* @member hashid8 The whole certificate (including the signature) HashedId8, as defined in IEEE Std 1609.2-20XX Clause 6.4.3 CertificateBase
* @member issuer The HashedId8 of the certificate issuer or 0 in case of self signed certificate (root certificate)
*/
......@@ -103,6 +104,7 @@ module ItsGenCert_TypeAndValues {
octetstring public_key_y,
octetstring public_key_compressed,
integer public_key_compressed_mode,
octetstring hash,
HashedId8 hashid8,
HashedId8 issuer,
octetstring private_enc_key optional,
......
ttcn/TestCodec/TestCodec_Certificates.ttcn
View file @ bbf3737e
......@@ -91,7 +91,7 @@ module TestCodec_Certificates {
v_encMsg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
// IEEE Std 1609.2-20XX Clause 5.3.1 ii) If the verification type is self-signed, signer identifier input shall be the empty string, i.e., a string of length 0.
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_encMsg), int2oct(0, 8), v_private_key);
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_encMsg), int2oct(0, 32), v_private_key);
if (lengthof(v_sig) != 64) {
log("Invalid signature: ", v_sig);
setverdict(fail);
......@@ -122,7 +122,7 @@ module TestCodec_Certificates {
}
if (f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_encMsg),
int2oct(0, 8),
int2oct(0, 32),
v_cert_dec.signature_.ecdsaNistP256Signature.rSig.x_only & v_cert_dec.signature_.ecdsaNistP256Signature.sSig,
v_publicKeyCompressed,
v_compressedMode
......@@ -193,7 +193,7 @@ module TestCodec_Certificates {
log("Encode template ", valueof(v_cert.toBeSigned));
v_encMsg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_encMsg), int2oct(0, 8), v_private_key);
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_encMsg), int2oct(0, 32), v_private_key);
if (lengthof(v_sig) != 64) {
log("Invalid signature: ", v_sig);
setverdict(fail);
......@@ -224,7 +224,7 @@ module TestCodec_Certificates {
}
if (f_verifyWithEcdsaBrainpoolp256WithSha256(
bit2oct(v_encMsg),
int2oct(0, 8),
int2oct(0, 32),
v_cert_dec.signature_.ecdsaBrainpoolP256r1Signature.rSig.x_only & v_cert_dec.signature_.ecdsaBrainpoolP256r1Signature.sSig,
v_publicKeyCompressed,
v_compressedMode
......@@ -311,7 +311,7 @@ module TestCodec_Certificates {
log("Encode template ", valueof(v_cert.toBeSigned));
v_encMsg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_encMsg), int2oct(0, 8), v_private_key);
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_encMsg), int2oct(0, 32), v_private_key);
if (lengthof(v_sig) != 64) {
log("Invalid signature: ", v_sig);
setverdict(fail);
......@@ -342,7 +342,7 @@ module TestCodec_Certificates {
}
if (f_verifyWithEcdsaBrainpoolp256WithSha256(
bit2oct(v_encMsg),
int2oct(0, 8),
int2oct(0, 32),
v_cert_dec.signature_.ecdsaBrainpoolP256r1Signature.rSig.x_only & v_cert_dec.signature_.ecdsaBrainpoolP256r1Signature.sSig,
v_publicKeyCompressed,
v_compressedMode
......@@ -413,7 +413,7 @@ module TestCodec_Certificates {
log("Encode template ", valueof(v_cert.toBeSigned));
v_encMsg := encvalue(v_cert.toBeSigned);
// Sign the certificate
v_sig := f_signWithEcdsaBrainpoolp384WithSha384(bit2oct(v_encMsg), int2oct(0, 8), v_private_key);
v_sig := f_signWithEcdsaBrainpoolp384WithSha384(bit2oct(v_encMsg), int2oct(0, 48), v_private_key);
if (lengthof(v_sig) != 96) {
log("Invalid signature: ", v_sig);
setverdict(fail);
......@@ -444,7 +444,7 @@ module TestCodec_Certificates {
}
if (f_verifyWithEcdsaBrainpoolp384WithSha384(
bit2oct(v_encMsg),
int2oct(0, 8),
int2oct(0, 48),
v_cert_dec.signature_.ecdsaBrainpoolP384r1Signature.rSig.x_only & v_cert_dec.signature_.ecdsaBrainpoolP384r1Signature.sSig,
v_publicKeyCompressed,
v_compressedMode
......@@ -511,7 +511,7 @@ module TestCodec_Certificates {
log("Encode template ", valueof(v_cert));
v_encMsg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_encMsg), int2oct(0, 8), v_private_key);
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_encMsg), int2oct(10, 32), v_private_key);
if (lengthof(v_sig) != 64) {
log("Invalid signature: ", v_sig);
setverdict(fail);
......@@ -543,7 +543,7 @@ module TestCodec_Certificates {
}
if (f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_encMsg),
int2oct(0, 8),
int2oct(10, 32),
v_cert_dec.signature_.ecdsaNistP256Signature.rSig.x_only & v_cert_dec.signature_.ecdsaNistP256Signature.sSig,
v_publicKeyCompressed,
v_compressedMode
......@@ -609,7 +609,7 @@ module TestCodec_Certificates {
log("Encode template ", valueof(v_cert.toBeSigned));
v_encMsg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_encMsg), int2oct(0, 8), v_private_key);
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_encMsg), int2oct(11, 32), v_private_key);
if (lengthof(v_sig) != 64) {
log("Invalid signature: ", v_sig);
setverdict(fail);
......@@ -639,7 +639,7 @@ module TestCodec_Certificates {
}
if (f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_encMsg),
int2oct(0, 8),
int2oct(11, 32),
v_cert_dec.signature_.ecdsaNistP256Signature.rSig.x_only & v_cert_dec.signature_.ecdsaNistP256Signature.sSig,
v_publicKeyCompressed,
v_compressedMode
......@@ -702,7 +702,7 @@ module TestCodec_Certificates {
log("Encode template ", valueof(v_cert.toBeSigned));
v_encMsg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (BP p-256)
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_encMsg), int2oct(0, 8), v_private_key);
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_encMsg), int2oct(10, 32), v_private_key);
if (lengthof(v_sig) != 64) {
log("Invalid signature: ", v_sig);
setverdict(fail);
......@@ -732,7 +732,7 @@ module TestCodec_Certificates {
}
if (f_verifyWithEcdsaBrainpoolp256WithSha256(
bit2oct(v_encMsg),
int2oct(0, 8),
int2oct(10, 32),
v_cert_dec.signature_.ecdsaBrainpoolP256r1Signature.rSig.x_only & v_cert_dec.signature_.ecdsaBrainpoolP256r1Signature.sSig,
v_publicKeyCompressed,
v_compressedMode
......@@ -889,7 +889,7 @@ module TestCodec_Certificates {
// Create signature and compare with cprovide one
v_enc_msg := encvalue(v_cert_exp.toBeSigned);
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_enc_msg), int2oct(0, 8), v_private_key);
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_enc_msg), int2oct(0, 32), v_private_key);
if (not(match(v_sig, v_cert_dec.signature_.ecdsaNistP256Signature.rSig.x_only & v_cert_dec.signature_.ecdsaNistP256Signature.sSig))) {
setverdict(fail, "Signature generation mismatch");
} else {
......@@ -905,7 +905,7 @@ module TestCodec_Certificates {
}
if (f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_enc_msg),
int2oct(0, 8),
int2oct(0, 32),
v_cert_dec.signature_.ecdsaNistP256Signature.rSig.x_only & v_cert_dec.signature_.ecdsaNistP256Signature.sSig,
v_publicKeyCompressed,
v_compressedMode
......
ttcn/TestCodec/TestCodec_ChainOfCertificates.ttcn
View file @ bbf3737e
......@@ -24,6 +24,11 @@ module TestCodec_ChainOfCertificates {
// TestCodec
import from TestCodec_TestAndSystem all;
/**
* @desc
* @member enc_cert The whole-certificate encoding value
* @member hashedid8 The whole-certificate hashedid8 value
*/
type record sec_info {
EtsiTs103097Certificate cert,
octetstring enc_cert,
......@@ -31,6 +36,7 @@ module TestCodec_ChainOfCertificates {
Oct32 public_key_x,
Oct32 public_key_y,
Oct32 public_key_compressed,
Oct32 hash,
integer compressed_mode,
HashedId8 hashedid8,
HashedId8 issuer
......@@ -53,10 +59,11 @@ module TestCodec_ChainOfCertificates {
// Generate CA certificate
v_chain_sec_info.ca.cert := f_create_ca_certificate_nistP256_1(v_chain_sec_info.ca);
v_enc_msg := encvalue(v_chain_sec_info.ca.cert);
v_enc_msg := encvalue(v_chain_sec_info.ca.cert); // Encode the whole certificate
v_chain_sec_info.ca.enc_cert := bit2oct(v_enc_msg);
v_chain_sec_info.ca.hashedid8 := f_HashedId8FromSha256(v_chain_sec_info.ca.enc_cert);
v_chain_sec_info.ca.issuer := v_chain_sec_info.ca.hashedid8;
v_chain_sec_info.ca.hash := f_hashWithSha256(v_chain_sec_info.ca.enc_cert); // Compute the hash
v_chain_sec_info.ca.hashedid8 := f_HashedId8FromSha256(v_chain_sec_info.ca.hash);
v_chain_sec_info.ca.issuer := v_chain_sec_info.ca.hashedid8; // CA certificate: hashedid8 == issuer
// Verify signature of CA certificate by itself
v_enc_msg := encvalue(v_chain_sec_info.ca.cert.toBeSigned);
if (ischosen(v_chain_sec_info.ca.cert.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256.compressed_y_0)) {
......@@ -68,7 +75,7 @@ module TestCodec_ChainOfCertificates {
}
if (f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_enc_msg),
int2oct(0, 8),
int2oct(0, 32),
v_chain_sec_info.ca.cert.signature_.ecdsaNistP256Signature.rSig.x_only & v_chain_sec_info.ca.cert.signature_.ecdsaNistP256Signature.sSig,
v_publicKeyCompressed,
v_publicKeyCompressedMode
......@@ -81,8 +88,9 @@ module TestCodec_ChainOfCertificates {
// Generate AA certificate
v_chain_sec_info.aa.cert := f_create_aa_certificate_nistP256_1(v_chain_sec_info.ca, v_chain_sec_info.aa);
v_enc_msg := encvalue(v_chain_sec_info.aa.cert);
v_enc_msg := encvalue(v_chain_sec_info.aa.cert); // Encode the whole certificate
v_chain_sec_info.aa.enc_cert := bit2oct(v_enc_msg);
v_chain_sec_info.aa.hash := f_hashWithSha256(v_chain_sec_info.aa.enc_cert); // Compute the hash
v_chain_sec_info.aa.hashedid8 := f_HashedId8FromSha256(v_chain_sec_info.aa.enc_cert);
v_chain_sec_info.aa.issuer := v_chain_sec_info.ca.hashedid8;
// Verify signature of AA certificate by CA certificate
......@@ -96,7 +104,7 @@ module TestCodec_ChainOfCertificates {
}
if (f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_enc_msg),
v_chain_sec_info.ca.issuer,
v_chain_sec_info.ca.hash,
v_chain_sec_info.aa.cert.signature_.ecdsaNistP256Signature.rSig.x_only & v_chain_sec_info.aa.cert.signature_.ecdsaNistP256Signature.sSig,
v_publicKeyCompressed,
v_publicKeyCompressedMode
......@@ -110,9 +118,10 @@ module TestCodec_ChainOfCertificates {
// Generate AT certificate
v_chain_sec_info.at.cert := f_create_at_certificate_nistP256_1(v_chain_sec_info.aa, v_chain_sec_info.at);
v_enc_msg := encvalue(v_chain_sec_info.at.cert);
v_enc_msg := encvalue(v_chain_sec_info.at.cert); // Encode the whole certificate
v_chain_sec_info.at.enc_cert := bit2oct(v_enc_msg);
v_chain_sec_info.at.hashedid8 := f_HashedId8FromSha256(v_chain_sec_info.at.enc_cert);
v_chain_sec_info.at.hash := f_hashWithSha256(v_chain_sec_info.at.enc_cert); // Compute the hash
v_chain_sec_info.at.hashedid8 := f_HashedId8FromSha256(v_chain_sec_info.at.hash);
v_chain_sec_info.at.issuer := v_chain_sec_info.aa.hashedid8;
// Verify signature of AT certificate by AA certificate
v_enc_msg := encvalue(v_chain_sec_info.at.cert.toBeSigned);
......@@ -125,7 +134,7 @@ module TestCodec_ChainOfCertificates {
}
if (f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_enc_msg),
v_chain_sec_info.aa.issuer,
v_chain_sec_info.aa.hash,
v_chain_sec_info.at.cert.signature_.ecdsaNistP256Signature.rSig.x_only & v_chain_sec_info.at.cert.signature_.ecdsaNistP256Signature.sSig,
v_publicKeyCompressed,
v_publicKeyCompressedMode
......@@ -176,7 +185,7 @@ module TestCodec_ChainOfCertificates {
}
if (f_verifyWithEcdsaNistp256WithSha256(
bit2oct(v_enc_msg),
v_chain_sec_info.at.issuer,
v_chain_sec_info.at.hash,
valueof(v_secured_data.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only) & valueof(v_secured_data.content.signedData.signature_.ecdsaNistP256Signature.sSig),
v_publicKeyCompressed,
v_publicKeyCompressedMode
......@@ -205,10 +214,11 @@ module TestCodec_ChainOfCertificates {
// Generate CA certificate
v_chain_sec_info.ca.cert := f_create_ca_certificate_brainpoolP256_1(v_chain_sec_info.ca);
v_enc_msg := encvalue(v_chain_sec_info.ca.cert);
v_enc_msg := encvalue(v_chain_sec_info.ca.cert); // Endcode the whole certificate
v_chain_sec_info.ca.enc_cert := bit2oct(v_enc_msg);
v_chain_sec_info.ca.hashedid8 := f_HashedId8FromSha256(f_hashWithSha256(bit2oct(v_enc_msg)));
v_chain_sec_info.ca.issuer := v_chain_sec_info.ca.hashedid8;
v_chain_sec_info.ca.hash := f_hashWithSha256(v_chain_sec_info.ca.enc_cert); // Compute the hash
v_chain_sec_info.ca.hashedid8 := f_HashedId8FromSha256(v_chain_sec_info.ca.hash);
v_chain_sec_info.ca.issuer := v_chain_sec_info.ca.hashedid8; // CA certificate: hashedid8 == issuer
// Verify signature of CA certificate by itself
v_enc_msg := encvalue(v_chain_sec_info.ca.cert.toBeSigned);
if (ischosen(v_chain_sec_info.ca.cert.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP256r1.compressed_y_0)) {
......@@ -220,7 +230,7 @@ module TestCodec_ChainOfCertificates {
}
if (f_verifyWithEcdsaBrainpoolp256WithSha256(
bit2oct(v_enc_msg),
int2oct(0, 8),
int2oct(0, 32),
v_chain_sec_info.ca.cert.signature_.ecdsaBrainpoolP256r1Signature.rSig.x_only & v_chain_sec_info.ca.cert.signature_.ecdsaBrainpoolP256r1Signature.sSig,
v_publicKeyCompressed,
v_publicKeyCompressedMode
......@@ -232,9 +242,10 @@ module TestCodec_ChainOfCertificates {
// Generate AA certificate
v_chain_sec_info.aa.cert := f_create_aa_certificate_brainpoolP256_1(v_chain_sec_info.ca, v_chain_sec_info.aa);
v_enc_msg := encvalue(v_chain_sec_info.aa.cert);
v_enc_msg := encvalue(v_chain_sec_info.aa.cert); // Encode the whole certificate
v_chain_sec_info.aa.enc_cert := bit2oct(v_enc_msg);
v_chain_sec_info.aa.hashedid8 := f_HashedId8FromSha256(f_hashWithSha256(bit2oct(v_enc_msg)));
v_chain_sec_info.aa.hash := f_hashWithSha256(v_chain_sec_info.aa.enc_cert); // Compute the hash
v_chain_sec_info.aa.hashedid8 := f_HashedId8FromSha256(v_chain_sec_info.aa.hash);
v_chain_sec_info.aa.issuer := v_chain_sec_info.ca.hashedid8;
// Verify signature of AA certificate by CA certificate
v_enc_msg := encvalue(v_chain_sec_info.aa.cert.toBeSigned);
......@@ -247,7 +258,7 @@ module TestCodec_ChainOfCertificates {
}
if (f_verifyWithEcdsaBrainpoolp256WithSha256(
bit2oct(v_enc_msg),
v_chain_sec_info.ca.issuer,
v_chain_sec_info.ca.hash,
v_chain_sec_info.aa.cert.signature_.ecdsaBrainpoolP256r1Signature.rSig.x_only & v_chain_sec_info.aa.cert.signature_.ecdsaBrainpoolP256r1Signature.sSig,
v_publicKeyCompressed,
v_publicKeyCompressedMode
......@@ -259,9 +270,10 @@ module TestCodec_ChainOfCertificates {
// Generate AT certificate
v_chain_sec_info.at.cert := f_create_at_certificate_brainpoolP256_1(v_chain_sec_info.aa, v_chain_sec_info.at);
v_enc_msg := encvalue(v_chain_sec_info.at.cert);
v_enc_msg := encvalue(v_chain_sec_info.at.cert); // Encode the whole certificate
v_chain_sec_info.at.enc_cert := bit2oct(v_enc_msg);
v_chain_sec_info.at.hashedid8 := f_HashedId8FromSha256(f_hashWithSha256(bit2oct(v_enc_msg)));
v_chain_sec_info.at.hash := f_hashWithSha256(v_chain_sec_info.at.enc_cert); // Compute the hash
v_chain_sec_info.at.hashedid8 := f_HashedId8FromSha256(v_chain_sec_info.at.hash);
v_chain_sec_info.at.issuer := v_chain_sec_info.aa.hashedid8;
// Verify signature of AT certificate by AA certificate
v_enc_msg := encvalue(v_chain_sec_info.at.cert.toBeSigned);
......@@ -274,7 +286,7 @@ module TestCodec_ChainOfCertificates {
}
if (f_verifyWithEcdsaBrainpoolp256WithSha256(
bit2oct(v_enc_msg),
v_chain_sec_info.aa.issuer,
v_chain_sec_info.aa.hash,
v_chain_sec_info.at.cert.signature_.ecdsaBrainpoolP256r1Signature.rSig.x_only & v_chain_sec_info.at.cert.signature_.ecdsaBrainpoolP256r1Signature.sSig,
v_publicKeyCompressed,
v_publicKeyCompressedMode
......@@ -323,7 +335,7 @@ module TestCodec_ChainOfCertificates {
}
if (f_verifyWithEcdsaBrainpoolp256WithSha256(
bit2oct(v_enc_msg),
v_chain_sec_info.at.issuer,
v_chain_sec_info.at.hash,
valueof(v_secured_data.content.signedData.signature_.ecdsaBrainpoolP256r1Signature.rSig.x_only) & valueof(v_secured_data.content.signedData.signature_.ecdsaBrainpoolP256r1Signature.sSig),
v_publicKeyCompressed,
v_publicKeyCompressedMode
......@@ -395,7 +407,7 @@ module TestCodec_ChainOfCertificates {
// Encode it ==> Get octetstring
v_enc_msg := encvalue(valueof(v_cert.toBeSigned));
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_enc_msg), int2oct(0, 8), p_ca_sec_info.private_key);
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_enc_msg), int2oct(0, 32), p_ca_sec_info.private_key);
v_cert.signature_ := m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
......@@ -465,7 +477,7 @@ module TestCodec_ChainOfCertificates {
// Encode it ==> Get octetstring
v_enc_msg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (BRAINPOOL P-256)
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_enc_msg), int2oct(0, 8), p_ca_sec_info.private_key);
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_enc_msg), int2oct(0, 32), p_ca_sec_info.private_key);
v_cert.signature_ := m_signature_ecdsaBrainpoolP256r1(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
......@@ -531,7 +543,7 @@ module TestCodec_ChainOfCertificates {
// Encode it ==> Get octetstring
v_enc_msg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST P-256)
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_enc_msg), p_ca_sec_info.issuer, p_ca_sec_info.private_key);
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_enc_msg), p_ca_sec_info.hash, p_ca_sec_info.private_key);
v_cert.signature_ := m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
......@@ -597,7 +609,7 @@ module TestCodec_ChainOfCertificates {
// Encode it ==> Get octetstring
v_enc_msg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (BRAINPOOL P-256)
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_enc_msg), p_ca_sec_info.issuer, p_ca_sec_info.private_key);
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_enc_msg), p_ca_sec_info.hash, p_ca_sec_info.private_key);
v_cert.signature_ := m_signature_ecdsaBrainpoolP256r1(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
......@@ -664,7 +676,7 @@ module TestCodec_ChainOfCertificates {
log("Encode template ", valueof(v_cert));
v_enc_msg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST P-256)
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_enc_msg), p_aa_sec_info.issuer, p_aa_sec_info.private_key);
v_sig := f_signWithEcdsaNistp256WithSha256(bit2oct(v_enc_msg), p_aa_sec_info.hash, p_aa_sec_info.private_key);
v_cert.signature_ := m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
......@@ -731,7 +743,7 @@ module TestCodec_ChainOfCertificates {
log("Encode template ", valueof(v_cert));
v_enc_msg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (BRAINPOOL P-256)
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_enc_msg), p_aa_sec_info.issuer, p_aa_sec_info.private_key);
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_enc_msg), p_aa_sec_info.hash, p_aa_sec_info.private_key);
v_cert.signature_ := m_signature_ecdsaBrainpoolP256r1(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
......@@ -768,7 +780,7 @@ module TestCodec_ChainOfCertificates {
);
// Signed it
v_raw_payload_to_be_signed := bit2oct(encvalue(v_toBeSignedData));
v_sig := f_signWithEcdsaNistp256WithSha256(v_raw_payload_to_be_signed, p_at_sec_info.issuer, p_at_sec_info.private_key);
v_sig := f_signWithEcdsaNistp256WithSha256(v_raw_payload_to_be_signed, p_at_sec_info.hash, p_at_sec_info.private_key);
// Finalize the secured message
v_secured_data := valueof(
m_etsiTs103097Data_signed(
......@@ -814,7 +826,7 @@ module TestCodec_ChainOfCertificates {
);
// Signed it
v_raw_payload_to_be_signed := bit2oct(encvalue(v_toBeSignedData));
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(v_raw_payload_to_be_signed, p_at_sec_info.issuer, p_at_sec_info.private_key);
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(v_raw_payload_to_be_signed, p_at_sec_info.hash, p_at_sec_info.private_key);
// Finalize the secured message
v_secured_data := m_etsiTs103097Data_signed(
m_signedData(
......
ttcn/TestCodec/TestCodec_SecuredFuntions.ttcn
View file @ bbf3737e
......@@ -242,7 +242,7 @@ module TestCodec_SecuredFuntions {
log("v_public_key Y= ", v_publicKeyY);
log("v_public_key compressed= ", v_publicKeyCompressed, v_compressedMode);
v_sig := f_signWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 8), v_private_key);
v_sig := f_signWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 32), v_private_key);
if (lengthof(v_sig) == 0) {
setverdict(fail);
stop;
......@@ -269,18 +269,18 @@ module TestCodec_SecuredFuntions {
log("v_public_key Y= ", v_publicKeyY);
log("v_public_key compressed= ", v_publicKeyCompressed, v_compressedMode);
v_sig := f_signWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 8), v_private_key);
v_sig := f_signWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 32), v_private_key);
if (lengthof(v_sig) == 0) {
setverdict(fail);
stop;
}
if (f_verifyWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 8), v_sig, v_publicKeyCompressed, v_compressedMode) == false) {
if (f_verifyWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 32), v_sig, v_publicKeyCompressed, v_compressedMode) == false) {
setverdict(fail);
} else {
setverdict(pass);
}
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, int2oct(10, 8), v_sig, v_publicKeyX, v_publicKeyY) == false) {
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, int2oct(10, 32), v_sig, v_publicKeyX, v_publicKeyY) == false) {
setverdict(fail);
} else {
setverdict(pass);
......@@ -308,18 +308,18 @@ module TestCodec_SecuredFuntions {
v_private_key_wrong := v_private_key;
v_sig := f_signWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 8), v_private_key);
v_sig := f_signWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 32), v_private_key);
if (lengthof(v_sig) == 0) {
setverdict(fail);
stop;
}
if (f_verifyWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 8), v_sig, v_publicKeyCompressed, v_compressedMode) == false) {
if (f_verifyWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 32), v_sig, v_publicKeyCompressed, v_compressedMode) == false) {
setverdict(fail);
} else {
setverdict(pass);
}
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, int2oct(10, 8), v_sig, v_publicKeyX, v_publicKeyY) == false) {
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, int2oct(10, 32), v_sig, v_publicKeyX, v_publicKeyY) == false) {
setverdict(fail);
stop;
} else {
......@@ -328,13 +328,13 @@ module TestCodec_SecuredFuntions {
v_private_key_wrong[2] := 'AA'O;
v_private_key_wrong[3] := 'BB'O;
v_sig := f_signWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 8), v_private_key_wrong);
if (f_verifyWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 8), v_sig, v_publicKeyCompressed, v_compressedMode) == true) {
v_sig := f_signWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 32), v_private_key_wrong);
if (f_verifyWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 32), v_sig, v_publicKeyCompressed, v_compressedMode) == true) {
setverdict(fail);
} else {
setverdict(pass);
}
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, int2oct(10, 8), v_sig, v_publicKeyX, v_publicKeyY) == true) {
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, int2oct(10, 32), v_sig, v_publicKeyX, v_publicKeyY) == true) {
setverdict(fail);
} else {
setverdict(pass);
......@@ -362,42 +362,42 @@ module TestCodec_SecuredFuntions {
log("v_public_key Y= ", v_publicKeyY);
log("v_public_key compressed= ", v_publicKeyCompressed, v_compressedMode);
v_sig := f_signWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 8), v_private_key);
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, int2oct(10, 8), v_sig, v_publicKeyX, v_publicKeyY) == false) {
v_sig := f_signWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 32), v_private_key);
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, int2oct(10, 32), v_sig, v_publicKeyX, v_publicKeyY) == false) {
setverdict(fail);
stop;
}
if (f_verifyWithEcdsaNistp256WithSha256_1('0A0A0A0A'O, int2oct(10, 8), v_sig, v_publicKeyX, v_publicKeyY) == true) {
if (f_verifyWithEcdsaNistp256WithSha256_1('0A0A0A0A'O, int2oct(10, 32), v_sig, v_publicKeyX, v_publicKeyY) == true) {
setverdict(fail);
stop;
}
v_sig_wrong := v_sig;
v_sig_wrong[0] := 'FF'O;
if (f_verifyWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 8), v_sig_wrong, v_publicKeyCompressed, v_compressedMode) == true) {
if (f_verifyWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 32), v_sig_wrong, v_publicKeyCompressed, v_compressedMode) == true) {
setverdict(fail);
}
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, int2oct(10, 8), v_sig_wrong, v_publicKeyX, v_publicKeyY) == true) {
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, int2oct(10, 32), v_sig_wrong, v_publicKeyX, v_publicKeyY) == true) {
setverdict(fail);
stop;
}
v_publicKeyX_wrong := v_publicKeyCompressed;
v_publicKeyX_wrong[0] := 'FF'O;
if (f_verifyWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 8), v_sig_wrong, v_publicKeyCompressed, v_compressedMode) == true) {
if (f_verifyWithEcdsaNistp256WithSha256(v_encMsg, int2oct(10, 32), v_sig_wrong, v_publicKeyCompressed, v_compressedMode) == true) {
setverdict(fail);
}
v_publicKeyX_wrong := v_publicKeyX;
v_publicKeyX_wrong[0] := 'FF'O;
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, int2oct(10, 8), v_sig, v_publicKeyX_wrong, v_publicKeyY) == true) {
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, int2oct(10, 32), v_sig, v_publicKeyX_wrong, v_publicKeyY) == true) {
setverdict(fail);
stop;
}
v_publicKeyY_wrong := v_publicKeyY;
v_publicKeyY_wrong[0] := 'FF'O;
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, int2oct(10, 8), v_sig, v_publicKeyX, v_publicKeyY_wrong) == true) {
if (f_verifyWithEcdsaNistp256WithSha256_1(v_encMsg, int2oct(10, 32), v_sig, v_publicKeyX, v_publicKeyY_wrong) == true) {
setverdict(fail);
stop;
}
......@@ -423,7 +423,7 @@ module TestCodec_SecuredFuntions {
log("v_public_key Y= ", v_publicKeyY);
log("v_public_key compressed= ", v_publicKeyCompressed, v_compressedMode);
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(v_encMsg, int2oct(10, 8), v_private_key);
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(v_encMsg, int2oct(10, 32), v_private_key);
if (lengthof(v_sig) == 0) {
setverdict(fail);
stop;
......@@ -450,7 +450,7 @@ module TestCodec_SecuredFuntions {
log("v_public_key Y= ", v_publicKeyY);
log("v_public_key compressed= ", v_publicKeyCompressed, v_compressedMode);
v_sig := f_signWithEcdsaBrainpoolp384WithSha384(v_encMsg, int2oct(10, 8), v_private_key