Skip to content
GitLab
Commit d0757f86 authored by garciay's avatar garciay
Browse files

STF538: Start Encryption TPs implementation 

        Start Certificate generation script
parent f3846dfb
Expand all Hide whitespace changes
Inline Side-by-side
ttcn/AtsGenCert/ItsGenCert_Functions.ttcn
View file @ d0757f86
......@@ -25,13 +25,24 @@ module ItsGenCert_Functions {
f_generate_key_pair_nistp256(p_certificate_details.private_key, p_certificate_details.public_key_x, p_certificate_details.public_key_y);
} else if (p_certificate_params.curve == e_brainpool_p256) {
f_generate_key_pair_brainpoolp256(p_certificate_details.private_key, p_certificate_details.public_key_x, p_certificate_details.public_key_y);
} else if (p_certificate_params.curve == e_brainpool_p256) {
} else if (p_certificate_params.curve == e_brainpool_p384) {
f_generate_key_pair_brainpoolp384(p_certificate_details.private_key, p_certificate_details.public_key_x, p_certificate_details.public_key_y);
} else {
log("f_generate_signing_keys: Unsupported curve");
return -1;
}
if (p_certificate_params.encryption_key == true) {
if (p_certificate_params.encryption_curve == e_nist_p256) {
f_generate_key_pair_nistp256(p_certificate_details.private_enc_key, p_certificate_details.public_enc_key_x, p_certificate_details.public_enc_key_y);
} else if (p_certificate_params.encryption_curve == e_brainpool_p256) {
f_generate_key_pair_brainpoolp256(p_certificate_details.private_enc_key, p_certificate_details.public_enc_key_x, p_certificate_details.public_enc_key_y);
} else {
log("f_generate_signing_keys: Unsupported encryption curve");
return -1;
}
}
return 0;
} // End of function f_generate_signing_keys
......@@ -54,7 +65,30 @@ module ItsGenCert_Functions {
p_certificate_params.region,
p_certificate_params.app_permissions,
p_certificate_params.issuing_permissions
)));
)
)
);
if (p_certificate_params.encryption_key == true) {
if (p_certificate_params.encryption_curve == e_nist_p256) {
p_certificate_details.certificate.toBeSigned.encryptionKey := valueof(m_encryptionKey(
aes128Ccm,
m_publicEncryptionKey_ecdsaNistP256(
m_eccP256CurvePoint_uncompressed(
p_certificate_details.public_enc_key_x,
p_certificate_details.public_enc_key_y
)))
);
} else if (p_certificate_params.encryption_curve == e_brainpool_p256) {
p_certificate_details.certificate.toBeSigned.encryptionKey := valueof(m_encryptionKey(
aes128Ccm,
m_publicEncryptionKey_eciesBrainpoolP256r1(
m_eccP256CurvePoint_uncompressed(
p_certificate_details.public_enc_key_x,
p_certificate_details.public_enc_key_y
)))
);
}
}
return 0;
} // End of function f_fill_certificate
......@@ -72,37 +106,37 @@ module ItsGenCert_Functions {
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
if (p_certificate_params.curve == e_nist_p256) {
v_signature := f_signWithEcdsaNistp256WithSha256(bit2oct(v_enc_msg), p_issuer_certificate_details.private_key);
p_certificate_details.certificate.signature_ := valueof(
m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_signature, 0, 32)
),
substr(v_signature, 32, 32)
)
));
v_signature := f_signWithEcdsaNistp256WithSha256(bit2oct(v_enc_msg), p_issuer_certificate_details.private_key);
p_certificate_details.certificate.signature_ := valueof(
m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_signature, 0, 32)
),
substr(v_signature, 32, 32)
)
));
} else if (p_certificate_params.curve == e_brainpool_p256) {
v_signature := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_enc_msg), p_issuer_certificate_details.private_key);
p_certificate_details.certificate.signature_ := valueof(
m_signature_ecdsaBrainpoolP256r1(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_signature, 0, 32)
),
substr(v_signature, 32, 32)
)
));
} else if (p_certificate_params.curve == e_brainpool_p256) {
v_signature := f_signWithEcdsaBrainpoolp384WithSha384(bit2oct(v_enc_msg), p_issuer_certificate_details.private_key);
p_certificate_details.certificate.signature_ := valueof(m_signature_ecdsaBrainpoolP384r1(
m_ecdsaP384Signature(
m_eccP384CurvePoint_x_only(
substr(v_signature, 0, 48)
),
substr(v_signature, 48, 48)
)
));
v_signature := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_enc_msg), p_issuer_certificate_details.private_key);
p_certificate_details.certificate.signature_ := valueof(
m_signature_ecdsaBrainpoolP256r1(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(
substr(v_signature, 0, 32)
),
substr(v_signature, 32, 32)
)
));
} else if (p_certificate_params.curve == e_brainpool_p384) {
v_signature := f_signWithEcdsaBrainpoolp384WithSha384(bit2oct(v_enc_msg), p_issuer_certificate_details.private_key);
p_certificate_details.certificate.signature_ := valueof(m_signature_ecdsaBrainpoolP384r1(
m_ecdsaP384Signature(
m_eccP384CurvePoint_x_only(
substr(v_signature, 0, 48)
),
substr(v_signature, 48, 48)
)
));
} else {
log("f_generate_certificate: Unsupported curve");
return -1;
......@@ -164,14 +198,31 @@ module ItsGenCert_Functions {
fx_loadCertificates(PX_CERTIFICATE_POOL_PATH, PX_IUT_SEC_CONFIG_NAME);
for (var integer v_counter := 0; v_counter < lengthof(p_certificate_details_list); v_counter := v_counter + 1) {
log("f_store_certificates: ", p_certificate_details_list[v_counter]);
fx_store_certificate(
p_certificate_details_list[v_counter].certificate_id,
p_certificate_details_list[v_counter].enc_cert,
p_certificate_details_list[v_counter].private_key,
p_certificate_details_list[v_counter].public_key_x,
p_certificate_details_list[v_counter].public_key_y,
p_certificate_details_list[v_counter].hashid8,
p_certificate_details_list[v_counter].issuer);
if (ispresent(p_certificate_details_list[v_counter].private_enc_key)) {
fx_store_certificate(
p_certificate_details_list[v_counter].certificate_id,
p_certificate_details_list[v_counter].enc_cert,
p_certificate_details_list[v_counter].private_key,
p_certificate_details_list[v_counter].public_key_x,
p_certificate_details_list[v_counter].public_key_y,
p_certificate_details_list[v_counter].hashid8,
p_certificate_details_list[v_counter].issuer,
p_certificate_details_list[v_counter].private_enc_key,
p_certificate_details_list[v_counter].public_enc_key_x,
p_certificate_details_list[v_counter].public_enc_key_y);
} else {
fx_store_certificate(
p_certificate_details_list[v_counter].certificate_id,
p_certificate_details_list[v_counter].enc_cert,
p_certificate_details_list[v_counter].private_key,
p_certificate_details_list[v_counter].public_key_x,
p_certificate_details_list[v_counter].public_key_y,
p_certificate_details_list[v_counter].hashid8,
p_certificate_details_list[v_counter].issuer,
''O,
''O,
''O);
}
} // End of 'for' statement
return 0;
......
ttcn/AtsGenCert/ItsGenCert_Pics.ttcn
View file @ d0757f86
......@@ -30,7 +30,9 @@ module ItsGenCert_Pics {
c_psidGroupPermissions_all, // issuing_permissions
sha256, // hash_algorithm
e_nist_p256, // curve
"CERT_IUT_A_RCA" // signed_by
"CERT_IUT_A_RCA", // signed_by
false, // encryption_key
omit // encryption_curve
},
{
"CERT_IUT_A_AA", // certificate_id
......@@ -40,7 +42,9 @@ module ItsGenCert_Pics {
c_psidGroupPermissions_all, // issuing_permissions
sha256, // hash_algorithm
e_nist_p256, // curve
"CERT_IUT_A_RCA" // signed_by
"CERT_IUT_A_RCA", // signed_by
false, // encryption_key
omit // encryption_curve
},
{
"CERT_IUT_A_AT", // certificate_id
......@@ -50,7 +54,9 @@ module ItsGenCert_Pics {
omit, // issuing_permissions
sha256, // hash_algorithm
e_nist_p256, // curve
"CERT_IUT_A_AA" // signed_by
"CERT_IUT_A_AA", // signed_by
false, // encryption_key
omit // encryption_curve
},
{
"CERT_IUT_B_AT", // certificate_id
......@@ -60,7 +66,9 @@ module ItsGenCert_Pics {
omit, // issuing_permissions
sha256, // hash_algorithm
e_nist_p256, // curve
"CERT_IUT_A_AA" // signed_by
"CERT_IUT_A_AA" , // signed_by
false, // encryption_key
omit // encryption_curve
},
{
"CERT_IUT_C_AT", // certificate_id
......@@ -70,7 +78,9 @@ module ItsGenCert_Pics {
omit, // issuing_permissions
sha256, // hash_algorithm
e_nist_p256, // curve
"CERT_IUT_A_AA" // signed_by
"CERT_IUT_A_AA", // signed_by
false, // encryption_key
omit // encryption_curve
},
{
"CERT_IUT_D_AT", // certificate_id
......@@ -80,7 +90,9 @@ module ItsGenCert_Pics {
omit, // issuing_permissions
sha256, // hash_algorithm
e_nist_p256, // curve
"CERT_IUT_A_AA" // signed_by
"CERT_IUT_A_AA", // signed_by
false, // encryption_key
omit // encryption_curve
},
{
"CERT_IUT_E_AT", // certificate_id
......@@ -90,7 +102,9 @@ module ItsGenCert_Pics {
omit, // issuing_permissions
sha256, // hash_algorithm
e_nist_p256, // curve
"CERT_IUT_A_AA" // signed_by
"CERT_IUT_A_AA", // signed_by
false, // encryption_key
omit // encryption_curve
},
{
"CERT_IUT_A1_AT", // certificate_id
......@@ -100,7 +114,9 @@ module ItsGenCert_Pics {
omit, // issuing_permissions
sha256, // hash_algorithm
e_nist_p256, // curve
"CERT_IUT_A_AA" // signed_by
"CERT_IUT_A_AA", // signed_by
false, // encryption_key
omit // encryption_curve
},
{
"CERT_IUT_A2_AT", // certificate_id
......@@ -110,7 +126,9 @@ module ItsGenCert_Pics {
omit, // issuing_permissions
sha256, // hash_algorithm
e_nist_p256, // curve
"CERT_IUT_A_AA" // signed_by
"CERT_IUT_A_AA", // signed_by
false, // encryption_key
omit // encryption_curve
},
{
"CERT_IUT_A3_AT", // certificate_id
......@@ -120,7 +138,9 @@ module ItsGenCert_Pics {
omit, // issuing_permissions
sha256, // hash_algorithm
e_nist_p256, // curve
"CERT_IUT_A_AA" // signed_by
"CERT_IUT_A_AA", // signed_by
false, // encryption_key
omit // encryption_curve
},
{
"CERT_IUT_A4_AT", // certificate_id
......@@ -130,7 +150,8 @@ module ItsGenCert_Pics {
omit, // issuing_permissions
sha256, // hash_algorithm
e_nist_p256, // curve
"CERT_IUT_A_AA" // signed_by
"CERT_IUT_A_AA", // signed_by
false // encryption_key
},
{
"CERT_IUT_C_RCA", // certificate_id
......@@ -140,7 +161,9 @@ module ItsGenCert_Pics {
c_psidGroupPermissions_all, // issuing_permissions
sha256, // hash_algorithm
e_nist_p256, // curve
"CERT_IUT_A_RCA" // signed_by
"CERT_IUT_A_RCA", // signed_by
false, // encryption_key
omit // encryption_curve
},
{
"CERT_IUT_CA_AA", // certificate_id
......@@ -150,7 +173,9 @@ module ItsGenCert_Pics {
c_psidGroupPermissions_all, // issuing_permissions
sha256, // hash_algorithm
e_nist_p256, // curve
"CERT_IUT_C_RCA" // signed_by
"CERT_IUT_C_RCA", // signed_by
false, // encryption_key
omit // encryption_curve
},
{
"CERT_IUT_CC_AA", // certificate_id
......@@ -160,7 +185,9 @@ module ItsGenCert_Pics {
c_psidGroupPermissions_all, // issuing_permissions
sha256, // hash_algorithm
e_nist_p256, // curve
"CERT_IUT_C_RCA" // signed_by
"CERT_IUT_C_RCA", // signed_by
false, // encryption_key
omit // encryption_curve
},
{
"CERT_IUT_CA1_AT", // certificate_id
......@@ -170,7 +197,9 @@ module ItsGenCert_Pics {
omit, // issuing_permissions
sha256, // hash_algorithm
e_nist_p256, // curve
"CERT_IUT_CC_AA" // signed_by
"CERT_IUT_CC_AA", // signed_by
false, // encryption_key
omit // encryption_curve
},
{
"CERT_IUT_CA2_AT", // certificate_id
......@@ -180,8 +209,38 @@ module ItsGenCert_Pics {
omit, // issuing_permissions
sha256, // hash_algorithm
e_nist_p256, // curve
"CERT_IUT_CA_AA" // signed_by
"CERT_IUT_CA_AA", // signed_by
false, // encryption_key
omit // encryption_curve
},
{
"CERT_IUT_E_AA", // certificate_id
omit, // region
{ start_ := c_2018_01_01_gmt_paris, duration := c_six_months }, // validity_period
omit, // app_permissions
c_psidGroupPermissions_all, // issuing_permissions
sha256, // hash_algorithm
e_nist_p256, // curve
"CERT_IUT_A_RCA", // signed_by
true, // encryption_key
e_nist_p256 // encryption_curve
},
{
"CERT_IUT_E_AT", // certificate_id
omit, // region
{ start_ := c_2018_01_01_gmt_paris, duration := c_six_months }, // validity_period
c_appPermissions_all, // app_permissions
omit, // issuing_permissions
sha256, // hash_algorithm
e_nist_p256, // curve
"CERT_IUT_E_AA", // signed_by
true, // encryption_key
e_nist_p256 // encryption_curve
},
......@@ -197,7 +256,9 @@ module ItsGenCert_Pics {
c_psidGroupPermissions_all, // issuing_permissions
sha256, // hash_algorithm
e_nist_p256, // curve
"CERT_IUT_A_RCA" // signed_by
"CERT_IUT_A_RCA", // signed_by
false, // encryption_key
omit // encryption_curve
},
{
"CERT_TS_A_AT", // certificate_id
......@@ -207,7 +268,9 @@ module ItsGenCert_Pics {
omit, // issuing_permissions
sha256, // hash_algorithm
e_nist_p256, // curve
"CERT_TS_A_AA" // signed_by
"CERT_TS_A_AA", // signed_by
false, // encryption_key
omit // encryption_curve
},
{
"CERT_TS_B_AA", // certificate_id
......@@ -217,7 +280,9 @@ module ItsGenCert_Pics {
c_psidGroupPermissions_all, // issuing_permissions
sha256, // hash_algorithm
e_nist_p256, // curve
"CERT_IUT_A_RCA" // signed_by
"CERT_IUT_A_RCA", // signed_by
false, // encryption_key
omit // encryption_curve
},
{
"CERT_TS_B_AT", // certificate_id
......@@ -227,7 +292,9 @@ module ItsGenCert_Pics {
omit, // issuing_permissions
sha256, // hash_algorithm
e_nist_p256, // curve
"CERT_TS_B_AA" // signed_by
"CERT_TS_B_AA", // signed_by
false, // encryption_key
omit // encryption_curve
}
} // End of PICS_CERTFICATES
......
ttcn/AtsGenCert/ItsGenCert_TestCases.ttcn
View file @ d0757f86
......@@ -42,9 +42,9 @@ module ItsGencert_TestCases {
// Setup
v_certificate_params := PICS_CERTFICATES[v_counter];
v_details := { v_certificate_params.certificate_id, {}, ''O, ''O, ''O, ''O, '0000000000000000'O, '0000000000000000'O };
v_details := { v_certificate_params.certificate_id, {}, ''O, ''O, ''O, ''O, '0000000000000000'O, '0000000000000000'O, omit, omit, omit };
// Generate Private/Public keys for the certificate
// Generate Private/Public signing and encryption keys for the certificate
if (f_generate_signing_keys(v_certificate_params, v_details) == -1) {
setverdict(fail, "Unsupported curve");
stop;
......
ttcn/AtsGenCert/ItsGenCert_TypeAndValues.ttcn
View file @ d0757f86
......@@ -76,7 +76,9 @@ module ItsGenCert_TypeAndValues {
SequenceOfPsidGroupPermissions issuing_permissions optional,
HashAlgorithm hash_algorithm,
Curve curve,
charstring signed_by
charstring signed_by,
boolean encryption_key,
Curve encryption_curve optional
} // End of type certificate_params
type record of certificate_params certificate_params_list;
......@@ -94,7 +96,10 @@ module ItsGenCert_TypeAndValues {
octetstring public_key_x,
octetstring public_key_y,
HashedId8 hashid8,
HashedId8 issuer
HashedId8 issuer,
octetstring private_enc_key optional,
octetstring public_enc_key_x optional,
octetstring public_enc_key_y optional
} // End of type certificate_details
type record of certificate_details certificate_details_list;
......
ttcn/AtsSecurity/ItsSecurity_TestCases.ttcn
View file @ d0757f86
......@@ -6749,8 +6749,8 @@ module ItsSecurity_TestCases {
mw_SymmetricCiphertext_aes128ccm
))))) -> value v_geoNwInd {
tc_ac.stop;
// TODO
log("*** " & testcasename() & ": PASS: IUT sends encrypted data successfully ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[PICS_SEC_BRAINPOOL_P256R1 == true] geoNetworkingPort.receive(
mw_geoNwInd(
......@@ -6770,8 +6770,8 @@ module ItsSecurity_TestCases {
mw_SymmetricCiphertext_aes128ccm
))))) -> value v_geoNwInd {
tc_ac.stop;
// TODO
log("*** " & testcasename() & ": PASS: IUT sends encrypted data successfully ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
......@@ -6816,6 +6816,7 @@ module ItsSecurity_TestCases {
testcase TC_SEC_ITSS_SND_ENC_04_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var EtsiTs103097Data v_decryptedMsg;
var GeoNetworkingInd v_geoNwInd;
// Test control
......@@ -6847,10 +6848,16 @@ module ItsSecurity_TestCases {
)))))) -> value v_geoNwInd {
tc_ac.stop;
// TODO Decrypt
//f_getSecuredMessage(v_geoNwInd.msgIn).content.encryptedData.ciphertext.aes128ccm.ccmCiphertext
// TODO Encode decrypted message
// Check matching with mw_etsiTs103097Data
if (f_decrypt(f_getSecuredMessage(v_geoNwInd.msgIn), v_decryptedMsg) == false) {
log("*** " & testcasename() & ": FAIL: Unable to process encryption data ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else if (match(v_decryptedMsg, mw_etsiTs103097Data) == false) {
log("*** " & testcasename() & ": FAIL: Unable to parse EtsiTs103097Data data ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: IUT sends signed and encrypted message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
......@@ -6865,7 +6872,7 @@ module ItsSecurity_TestCases {
} // End of testcase TC_SEC_ITSS_SND_ENC_04_BV
/**
* @desc Check that when the IUT sends SignedAndEcrypted message then it sends the
* @desc Check that when the IUT sends SignedAndEncrypted message then it sends the
* EtsiTs103097Data-Encrypted message containing the EtsiTs103097Data-Signed
* structure as the ToBeSignedDataContent.
* <pre>
......@@ -6898,6 +6905,7 @@ module ItsSecurity_TestCases {
testcase TC_SEC_ITSS_SND_ENC_05_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var EtsiTs103097Data v_decryptedMsg;
var GeoNetworkingInd v_geoNwInd;
// Test control
......@@ -6929,11 +6937,17 @@ module ItsSecurity_TestCases {
)))))) -> value v_geoNwInd {
tc_ac.stop;
// TODO Decrypt
//f_getSecuredMessage(v_geoNwInd.msgIn).content.encryptedData.ciphertext.aes128ccm.ccmCiphertext
// TODO Encode decrypted message
// Check matching with mw_etsiTs103097Data_signed
// Check signature
if (f_decrypt(f_getSecuredMessage(v_geoNwInd.msgIn), v_decryptedMsg) == false) {
log("*** " & testcasename() & ": FAIL: Unable to process encryption data ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else if (match(v_decryptedMsg, mw_etsiTs103097Data_signed) == false) {
log("*** " & testcasename() & ": FAIL: Unable to parse signed data ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
// TODO Check signature?
log("*** " & testcasename() & ": PASS: IUT sends signed and encrypted message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
ttcn/TestCodec/TestCodec_Certificates.ttcn
View file @ d0757f86
......@@ -200,6 +200,104 @@ module TestCodec_Certificates {
} // End of testcase tc_root_certificate_sha256_2
/**
* @desc Root certificate / BrainpoolP256
* @see ETSI TS 103 097 V1.3.1 Clause 7.2.1 Authorization tickets
*/
testcase tc_root_certificate_sha256_3() runs on TCType system TCType {
var template (value) EtsiTs103097Certificate v_cert; // ETSI TS 103 097 V1.3.1 Clause 6 Bullet 1
var EtsiTs103097Certificate v_cert_dec;
var charstring v_certId := "STF538 Root Certificate";
var HashAlgorithm v_self := sha256; // ETSI TS 103 097 V1.3.1 Clause 7.2.3 Root CA certificates Bullet 1
var SequenceOfPsidSsp v_appPermissions := { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
valueof(m_appPermissions(36, { bitmapSsp := '830001'O })),
valueof(m_appPermissions(37, { bitmapSsp := '830001'O }))
};
var SequenceOfPsidSspRange v_certIssuePermissions := { // ETSI TS 103 097 V1.3.1 Clause 7.2.3 Root CA certificates Bullet 3
valueof(m_psidSspRange(1))
};
var Oct32 v_private_key := int2oct(0, 32);
var Oct32 v_publicKeyX := int2oct(0, 32);
var Oct32 v_publicKeyY := int2oct(0, 32);
var Oct32 v_enc_private_key := int2oct(0, 32);
var Oct32 v_enc_publicKeyX := int2oct(0, 32);
var Oct32 v_enc_publicKeyY := int2oct(0, 32);
var HashedId8 v_sha256AndDigest;
var Oct32 v_sig := int2oct(0, 32);
var bitstring v_encMsg := ''B;
// Generate Private/Public keys for signature
f_generate_key_pair_brainpoolp256(v_private_key, v_publicKeyX, v_publicKeyY);
// Generate Private/Public keys for encryption
f_generate_key_pair_brainpoolp256(v_enc_private_key, v_enc_publicKeyX, v_enc_publicKeyY);
// Fill Certificate template with the public key
v_cert := m_etsiTs103097Certificate(
m_issuerIdentifier_self(v_self),
m_toBeSignedCertificate_ca(
{ name := v_certId },
v_appPermissions,
{
m_psidGroupPermissions(
m_subjectPermissions_explicit(
v_certIssuePermissions
))
},
m_verificationKeyIndicator_verificationKey(
m_publicVerificationKey_ecdsaBrainpoolP256(
m_eccP256CurvePoint_uncompressed(
v_publicKeyX,
v_publicKeyY
))),
m_validityPeriod(
17469212,
m_duration_years(10)
),
-, -,
m_encryptionKey(
aes128Ccm,
m_publicEncryptionKey_eciesBrainpoolP256r1( m_eccP256CurvePoint_uncompressed(
v_enc_publicKeyX,
v_enc_publicKeyY
)
)
)
)
);
// Encode it ==> Get octetstring
log("Encode template ", valueof(v_cert.toBeSigned));
v_encMsg := encvalue(v_cert.toBeSigned);
// Sign the certificate using ECDSA/SHA-256 (NIST p-256)
v_sig := f_signWithEcdsaBrainpoolp256WithSha256(bit2oct(v_encMsg), v_private_key);
v_cert.signature_ := m_signature_ecdsaBrainpoolP256r1(
m_ecdsaP256Signature(