Newer
Older
p_securedMessage.trailer_fields[0].trailerField.signature_.ecdsaNistP256Signature.sSig := not4b(valueof(p_securedMessage.trailer_fields[0].trailerField.signature_.ecdsaNistP256Signature.sSig));
}*/
return false;/* FIXME To be reviewed true;*/
} // End of function f_buildGnSecuredMessage_Bo
* @desc This function build and sign the SecureMessage part covered by the signature process
* @param p_securedMessage The signed SecureMessage part
* @param p_payloadField Payloads to be included in the message
* @param p_signerIdentifierType Add digest or AT certificate or certificate chain
* @param p_certificateName The certificate identifier to be used. Default: TA_CERT_A
* @param p_addMissingHeaders Whether to add mandatory headers not present in p_headerInfo
* @see Draft ETSI TS 103 097 V1.1.14 Clause 7.1 Security profile for CAMs
out template (value) EtsiTs103097Data p_securedMessage,
in ToBeSignedData p_payloadField,
in SignerIdentifier p_signerIdentifierType,
in charstring p_certificateName := ""/*,
in boolean p_addMissingHeaders := true*/
) runs on ItsSecurityBaseComponent return boolean {
var EtsiTs103097Certificate v_aaCertificate, v_atCertificate;
if (f_prepareCertificates(p_certificateName, v_aaCertificate, v_atCertificate) == false) {
return false;
log("v_atCertificate = ", v_atCertificate);
// Fill sta structure with default values, these values will be updated later
p_securedMessage := m_etsiTs103097Data_signed(
m_signedData(
sha256,
p_payloadField,
m_signerIdentifier_self,
m_signature_ecdsaNistP256(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(int2oct(0, 32)),
int2oct(0, 32)
)
)
)
);
// Prepare mandatory headers
if (ischosen(p_signerIdentifierType.certificate)) { // Add the AT certificate
/* TODO
* v_signerInfo := valueof(
m_header_info_signer_info(
m_signerIdentifier_certificate(
v_atCertificate
)));
} else if (valueof(p_signerIdentifierType) == e_certificate_chain) { // Add the AT certificate + AA EtsiTs103097Certificate
v_signerInfo := valueof(
m_header_info_signer_info(
m_signerIdentifier_certificates(
{
v_aaCertificate,
}
)
));*/
} else if (ischosen(p_signerIdentifierType.digest)) { // Add the AT certificate digest
if (ischosen(v_atCertificate.issuer.sha256AndDigest)) {
p_securedMessage.content.signedData.hashId := sha256;
p_securedMessage.content.signedData.signer := m_signerIdentifier_digest(
f_calculateDigestSha256FromCertificate(v_atCertificate)
);
} else if (ischosen(v_atCertificate.issuer.sha384AndDigest)) {
p_securedMessage.content.signedData.hashId := sha384;
p_securedMessage.content.signedData.signer := m_signerIdentifier_digest(
f_calculateDigestSha384FromCertificate(v_atCertificate)
);
} else {
log("*** " & testcasename() & ": TODO ***");
stop;
}
if (ispresent(v_atCertificate.signature_)) {
if (ischosen(v_atCertificate.signature_.ecdsaBrainpoolP256r1Signature)) {
p_securedMessage.content.signedData.signature_ := m_signature_ecdsaBrainpoolP256r1(
m_ecdsaP256Signature(
m_eccP256CurvePoint_x_only(int2oct(0, 32)),
int2oct(0, 32)
)
);
} else if (ischosen(v_atCertificate.signature_.ecdsaBrainpoolP384r1Signature)) {
p_securedMessage.content.signedData.signature_ := m_signature_ecdsaBrainpoolP384r1(
m_ecdsaP384Signature(
m_eccP384CurvePoint_x_only(int2oct(0, 48)),
int2oct(0, 48)
)
);
} // else, m_signature_ecdsaNistP256 already chosen by default
}
log("p_securedMessage = ", p_securedMessage);
return f_buildGnSecuredMessage(p_securedMessage, p_certificateName, p_payloadField/*, v_mandatoryHeaders*/);
* @desc This function build and sign the SecureMessage part covered by the signature process including wrong elements of protocols. It is used for BO test cases
* @param p_securedMessage The signed SecureMessage part
* @param p_protocolVersion The protocol version to be set. Default: 2
* @param p_trailerStatus The Traile behaviour:
* <li>0 for no trailer</li>
* <li>1 for invalid trailer</li>
* <li>2 for duplicated trailer</li>
* @param p_payloadField Payloads to be included in the message
* @param p_signerIdentifierType Add digest or AT certificate or certificate chain
* @param p_headerInfo HeaderInfo to be inserted in the message
* @param p_certificateName The certificate identifier to be used. Default: TA_CERT_A
* @param p_addMissingHeaders Whether to add mandatory headers not present in p_headerInfo
* @param p_alterATCertificateSignature Set to true to alter the AT certificate signature
* @param p_alterAACertificateSignature Set to true to alter the AA certificate signature
*
* @see Draft ETSI TS 103 097 V1.1.14 Clause 7.1 Security profile for CAMs
function f_buildGnSecuredCam_Bo(
in integer p_trailerStatus := 0,
in ToBeSignedData p_payloadField,
in SignerIdentifier p_signerIdentifierType, // FIXME To be reviewed
in template (omit) HeaderInfo p_headerInfo := omit,
in boolean p_addMissingHeaders := true,
in boolean p_alterATCertificateSignature := false,
in boolean p_alterAACertificateSignature := false
) runs on ItsSecurityBaseComponent return boolean {
// Local variables
var EtsiTs103097Certificate v_aaCertificate, v_atCertificate;
var HeaderInfo v_mandatoryHeaders := {};
var HeaderInfo v_signerInfo;
// Load certificates if required
if (f_prepareCertificates(p_certificateName, v_aaCertificate, v_atCertificate) == false) {
return false;
}
v_atCertificate.signature_.ecdsaNistP256Signature.sSig := not4b(v_atCertificate.signature_.ecdsaNistP256Signature.sSig);
v_aaCertificate.signature_.ecdsaNistP256Signature.sSig := not4b(v_aaCertificate.signature_.ecdsaNistP256Signature.sSig);
/* FIXME To be reviewed if (p_addMissingHeaders == true) {
// Prepare mandatory headers
if (valueof(p_signerIdentifierType) == e_certificate) { // Add the AT certificate
v_signerInfo := valueof(
m_header_info_signer_info(
m_signerIdentifier_certificate(
v_atCertificate
)));
} else if (valueof(p_signerIdentifierType) == e_certificate_chain) { // Add the AT certificate + AA EtsiTs103097Certificate
v_signerInfo := valueof(
m_header_info_signer_info(
m_signerIdentifier_certificates(
{
v_aaCertificate,
v_atCertificate
}
)
));
} else if (valueof(p_signerIdentifierType) == e_certificate_digest_with_sha256) { // Add the AT certificate digest
v_signerInfo := valueof(
m_header_info_signer_info(
m_issuerIdentifier_sha256AndDigest(
f_calculateDigestFromCertificate(v_atCertificate)
)));
}
v_mandatoryHeaders := {
v_signerInfo,
valueof(m_header_info_generation_time(1000 * f_getCurrentTime())), // In us
valueof(m_header_info_its_aid(c_its_aid_CAM))
return f_buildGnSecuredMessage_Bo(p_securedMessage, p_certificateName, p_protocolVersion, p_trailerStatus, p_payloadField, v_mandatoryHeaders, p_headerInfo);
} // End of function f_buildGnSecuredCam_Bo
/**
* @desc This function build and sign the SecureMessage part covered by the signature process
* @param p_securedMessage The signed SecureMessage part
* @param p_payloadField Payloads to be included in the message
* @param p_signerIdentifierType Add digest or AT certificate or certificate chain
* @param p_threeDLocation The 3D location
* @param p_headerInfo HeaderInfo to be inserted in the message
* @param p_certificateName The certificate identifier to be used. Default: TA_CERT_A
* @param p_addMissingHeaders Whether to add mandatory headers not present in p_headerInfo
* @return true on success, false otherwise
*/
out template (value) EtsiTs103097Data p_securedMessage,
in ToBeSignedData p_payloadField,
in SignerIdentifier p_signerIdentifierType,
in template (omit) HeaderInfo p_headerInfo := omit,
) runs on ItsSecurityBaseComponent return boolean {
var EtsiTs103097Certificate v_aaCertificate, v_atCertificate;
var HeaderInfo v_mandatoryHeaders := {};
var HeaderInfo v_signerInfo;
if (f_prepareCertificates(p_certificateName, v_aaCertificate, v_atCertificate) == false) {
return false;
/* FIXME To be reviewed if (p_addMissingHeaders == true) {
if (valueof(p_signerIdentifierType) == e_certificate) { // Add the AT certificate
v_signerInfo := valueof(
m_header_info_signer_info(
m_signerIdentifier_certificate(
v_atCertificate
)));
} else if (valueof(p_signerIdentifierType) == e_certificate_chain) { // Add the AT certificate + AA EtsiTs103097Certificate
v_signerInfo := valueof(
m_header_info_signer_info(
m_signerIdentifier_certificates(
{
v_aaCertificate,
v_atCertificate
}
)
} else if (valueof(p_signerIdentifierType) == e_certificate_digest_with_sha256) { // Add the AT certificate digest
v_signerInfo := valueof(
m_header_info_signer_info(
m_issuerIdentifier_sha256AndDigest(
v_atCertificate.cracaId
valueof(m_header_info_generation_time(1000 * f_getCurrentTime())), // In us
valueof(m_header_info_generation_location(p_threeDLocation)),
valueof(m_header_info_its_aid(c_its_aid_DENM))
// Build the secured message and return it
return f_buildGnSecuredMessage(p_securedMessage, p_certificateName, p_payloadField/*, v_mandatoryHeaders*/);
/**
* @desc This function build and sign the SecureMessage part covered by the signature process including wrong elements of protocols. It is used for BO test cases
* @param p_securedMessage The signed SecureMessage part
* @param p_protocolVersion The protocol version to be set. Default: 2
* @param p_trailerStatus The Traile behaviour:
* <li>0 for no trailer</li>
* <li>1 for invalid trailer</li>
* <li>2 for duplicated trailer</li>
* @param p_payloadField Payloads to be included in the message
* @param p_signerIdentifierType Add digest or AT certificate or certificate chain
* @param p_threeDLocation The 3D location
* @param p_headerInfo HeaderInfo to be inserted in the message
* @param p_certificateName The certificate identifier to be used. Default: TA_CERT_A
* @param p_addMissingHeaders Whether to add mandatory headers not present in p_headerInfo
* @return true on success, false otherwise
*/
function f_buildGnSecuredDenm_Bo(
in integer p_trailerStatus := 0,
in ToBeSignedData p_payloadField,
in SignerIdentifier p_signerIdentifierType, // FIXME To be reviewed
in ThreeDLocation p_threeDLocation,
in template (omit) HeaderInfo p_headerInfo := omit,
in boolean p_addMissingHeaders := true
) runs on ItsSecurityBaseComponent return boolean {
// Local variables
var EtsiTs103097Certificate v_aaCertificate, v_atCertificate;
var HeaderInfo v_mandatoryHeaders := {};
var HeaderInfo v_signerInfo;
// Load certificates if required
if (f_prepareCertificates(p_certificateName, v_aaCertificate, v_atCertificate) == false) {
return false;
}
// Add additional headers if required
/* FIXME To be reviewed if (p_addMissingHeaders == true) {
// Prepare mandatory headers
if (valueof(p_signerIdentifierType) == e_certificate) { // Add the AT certificate
v_signerInfo := valueof(
m_header_info_signer_info(
m_signerIdentifier_certificate(
v_atCertificate
)));
} else if (valueof(p_signerIdentifierType) == e_certificate_chain) { // Add the AT certificate + AA EtsiTs103097Certificate
v_signerInfo := valueof(
m_header_info_signer_info(
m_signerIdentifier_certificates(
{
v_aaCertificate,
v_atCertificate
}
)
));
} else if (valueof(p_signerIdentifierType) == e_certificate_digest_with_sha256) { // Add the AT certificate digest
v_signerInfo := valueof(
m_header_info_signer_info(
m_issuerIdentifier_sha256AndDigest(
v_atCertificate.cracaId
)));
}
v_mandatoryHeaders := {
v_signerInfo,
valueof(m_header_info_generation_time(1000 * f_getCurrentTime())), // In us
valueof(m_header_info_generation_location(p_threeDLocation)),
valueof(m_header_info_its_aid(c_its_aid_DENM))
// Build the secured message and return it
return f_buildGnSecuredMessage_Bo(p_securedMessage, p_certificateName, p_protocolVersion, p_trailerStatus, p_payloadField, v_mandatoryHeaders, p_headerInfo);
} // End of function f_buildGnSecuredDenm_Bo
* @desc This function build and sign the SecureMessage part covered by the signature process
* @param p_securedMessage The signed SecureMessage part
* @param p_payloadField Payloads to be included in the message
* @param p_signerIdentifierType Add digest or AT certificate or certificate chain
* @param p_headerInfo HeaderInfo to be inserted in the message
* @param p_certificateName The certificate identifier to be used. Default: TA_CERT_A
* @param p_addMissingHeaders Whether to add mandatory headers not present in p_headerInfo
* @return true on success, false otherwise
*/
function f_buildGnSecuredOtherMessage(
out template (value) EtsiTs103097Data p_securedMessage,
in ToBeSignedData p_payloadField,
in SignerIdentifier p_signerIdentifierType, // FIXME To be reviewed
in template (omit) HeaderInfo p_headerInfo := omit,
) runs on ItsSecurityBaseComponent return boolean {
var EtsiTs103097Certificate v_aaCertificate, v_atCertificate;
var HeaderInfo v_mandatoryHeaders := {};
var HeaderInfo v_signerInfo;
if (f_prepareCertificates(p_certificateName, v_aaCertificate, v_atCertificate) == false) {
return false;
/* FIXME To be reviewed if (p_addMissingHeaders == true) {
if (valueof(p_signerIdentifierType) == e_certificate) { // Add the AT certificate
v_signerInfo := valueof(
m_header_info_signer_info(
m_signerIdentifier_certificate(
v_atCertificate
)));
} else if (valueof(p_signerIdentifierType) == e_certificate_chain) { // Add the AT certificate + AA EtsiTs103097Certificate
v_signerInfo := valueof(
m_header_info_signer_info(
m_signerIdentifier_certificates(
{
v_aaCertificate,
v_atCertificate
}
)
} else if (valueof(p_signerIdentifierType) == e_certificate_digest_with_sha256) { // Add the AT certificate digest
v_signerInfo := valueof(
m_header_info_signer_info(
m_issuerIdentifier_sha256AndDigest(
v_atCertificate.cracaId
valueof(m_header_info_generation_time(1000 * f_getCurrentTime())), // In us
valueof(m_header_info_generation_location(p_threeDLocation))
// Build the secured message and return it
return f_buildGnSecuredMessage(p_securedMessage, p_certificateName, p_payloadField/*, v_mandatoryHeaders*/);
} // End of function f_buildGnSecuredOtherMessage
/**
* @desc This function build and sign the SecureMessage part covered by the signature process including wrong elements of protocols. It is used for BO test cases
* @param p_securedMessage The signed SecureMessage part
* @param p_protocolVersion The protocol version to be set. Default: 2
* @param p_trailerStatus The Traile behaviour:
* <li>0 for no trailer</li>
* <li>1 for invalid trailer</li>
* <li>2 for duplicated trailer</li>
* @param p_payloadField Payloads to be included in the message
* @param p_signerIdentifierType Add digest or AT certificate or certificate chain
* @param p_headerInfo HeaderInfo to be inserted in the message
* @param p_certificateName The certificate identifier to be used. Default: TA_CERT_A
* @param p_addMissingHeaders Whether to add mandatory headers not present in p_headerInfo
* @return true on success, false otherwise
*/
function f_buildGnSecuredOtherMessage_Bo(
in ToBeSignedData p_payloadField,
in SignerIdentifier p_signerIdentifierType, // FIXME To be reviewed
in template (omit) HeaderInfo p_headerInfo := omit,
in boolean p_addMissingHeaders := true
) runs on ItsSecurityBaseComponent return boolean {
// Local variables
var EtsiTs103097Certificate v_aaCertificate, v_atCertificate;
var HeaderInfo v_mandatoryHeaders := {};
var HeaderInfo v_signerInfo;
// Load certificates if required
if (f_prepareCertificates(p_certificateName, v_aaCertificate, v_atCertificate) == false) {
return false;
}
// Add additional headers if required
/* FIXME To be reviewed if (p_addMissingHeaders == true) {
if (valueof(p_signerIdentifierType) == e_certificate) { // Add the AT certificate
m_header_info_signer_info(
m_signerIdentifier_certificate(
} else if (valueof(p_signerIdentifierType) == e_certificate_chain) { // Add the AT certificate + AA EtsiTs103097Certificate
m_header_info_signer_info(
m_signerIdentifier_certificates(
{
v_aaCertificate,
v_atCertificate
}
)
));
} else if (valueof(p_signerIdentifierType) == e_certificate_digest_with_sha256) { // Add the AT certificate digest
m_header_info_signer_info(
m_issuerIdentifier_sha256AndDigest(
v_atCertificate.cracaId
)));
}
v_mandatoryHeaders := {
v_signerInfo,
valueof(m_header_info_generation_time(1000 * f_getCurrentTime())), // In us
valueof(m_header_info_generation_location(p_threeDLocation))
// FIXME To be done
// Build the secured message and return it
return f_buildGnSecuredMessage(p_securedMessage, p_certificateName, p_payloadField/*, v_mandatoryHeaders*/);
} // End of function f_buildGnSecuredOtherMessage_Bo
} // End of group hostSignatureHelpers
group deviceSignatureHelpers {
/**
* @desc Retrieve the HashedId8 to be sent to the IUT, based on the provided certificate identifier
* @param p_certificateName The certificate the IUT shall use
* @return The HashedId8 to be sent to the IUT in the UtInitialize command
* @verdict Unchanged
* @remark Component variable vc_hashedId8ToBeUsed shall be set with the IUT certificate to be used
*/
function f_setupIutCertificate(
in charstring p_certificateName
) runs on ItsSecurityBaseComponent return HashedId8 {
// Local variables
// var EtsiTs103097Certificate v_atCertificate;
var HashedId8 v_hashedId8 := '0000000000000000'O;
// Sanity check
if (lengthof(p_certificateName) == 0) {
return v_hashedId8;
}
// Load certificates
if(f_getCertificateDigest(p_certificateName, v_hashedId8) == false) {
v_hashedId8 := '0000000000000000'O;
}
return v_hashedId8;
} // End of function f_setupIutCertificate
* @desc Verify the signature of the provided certificate
* @param p_certificateToBeVerified EtsiTs103097Certificate to be verified
* @param p_publicKey Public key to verify the certificate signature
* @return true on success, false otherwise
* @verdict
*/
function f_verifyCertificateSignatureWithPublicKey(
in template (value) EtsiTs103097Certificate p_certificateToBeVerified,
in template (value) PublicVerificationKey p_publicVerificationKey
var ToBeSignedCertificate v_toBeSignedCertificate;
var octetstring v_enc_msg;
var octetstring v_signature;
log(">>> f_verifyCertificateSignatureWithPublicKey: p_certificateToBeVerified=", p_certificateToBeVerified);
log(">>> f_verifyCertificateSignatureWithPublicKey: p_publicVerificationKey=", p_publicVerificationKey);
// Create ToBeSignedCertificate payload to be signed
v_toBeSignedCertificate := valueof(p_certificateToBeVerified.toBeSigned);
log("f_verifyCertificateSignatureWithPublicKey: v_toBeSignedCertificate=", v_toBeSignedCertificate);
v_enc_msg := bit2oct(encvalue(v_toBeSignedCertificate));
log("f_verifyCertificateSignatureWithPublicKey: v_enc_msg=", v_enc_msg);
// Verify payload
if (ischosen(p_publicVerificationKey.ecdsaBrainpoolP256r1)) {
var Oct32 v_hash;
if (ischosen(p_certificateToBeVerified.issuer.self_)) {
v_hash := int2oct(0, 32);
} else {
var charstring v_certificate;
if (fx_readCertificateFromDigest(valueof(p_certificateToBeVerified.issuer.sha256AndDigest), v_certificate) == false) {
log("f_verifyCertificateSignatureWithPublicKey: Invalid issuer: ", p_certificateToBeVerified.issuer.sha256AndDigest);
return false;
}
if (f_getCertificateHash(v_certificate, v_hash) == false) {
log("f_verifyCertificateSignatureWithPublicKey: Invalid certificate: " & v_certificate);
return false;
}
}
v_signature := valueof(p_certificateToBeVerified.signature_.ecdsaBrainpoolP256r1Signature.rSig.x_only) & valueof(p_certificateToBeVerified.signature_.ecdsaBrainpoolP256r1Signature.sSig);
log("f_verifyCertificateSignatureWithPublicKey: v_signedData=", v_signature);
if (ischosen(p_publicVerificationKey.ecdsaBrainpoolP256r1.uncompressedP256)) {
return f_verifyWithEcdsaBrainpoolp256WithSha256_1(
v_enc_msg,
v_signature,
valueof(p_publicVerificationKey.ecdsaBrainpoolP256r1.uncompressedP256.x),
valueof(p_publicVerificationKey.ecdsaBrainpoolP256r1.uncompressedP256.y)
);
} else if (ischosen(p_publicVerificationKey.ecdsaBrainpoolP256r1.compressed_y_0)) {
return f_verifyWithEcdsaBrainpoolp256WithSha256(
v_enc_msg,
v_signature,
valueof(p_publicVerificationKey.ecdsaBrainpoolP256r1.compressed_y_0),
0 // Latest bit of the Y-coordinate is 0
);
} else if (ischosen(p_publicVerificationKey.ecdsaBrainpoolP256r1.compressed_y_1)) {
return f_verifyWithEcdsaBrainpoolp256WithSha256(
v_enc_msg,
v_signature,
valueof(p_publicVerificationKey.ecdsaBrainpoolP256r1.compressed_y_1),
1 // Latest bit of the Y-coordinate is 1
);
} else {
log("f_verifyCertificateSignatureWithPublicKey: Unknown PublicVerificationKey value");
return false;
} else if (ischosen(p_publicVerificationKey.ecdsaBrainpoolP384r1)) {
var Oct48 v_hash;
if (ischosen(p_certificateToBeVerified.issuer.self_)) {
v_hash := int2oct(0, 48);
} else {
var charstring v_certificate;
if (fx_readCertificateFromDigest(valueof(p_certificateToBeVerified.issuer.sha384AndDigest), v_certificate) == false) {
log("f_verifyCertificateSignatureWithPublicKey: Invalid issuer: ", p_certificateToBeVerified.issuer.sha384AndDigest);
return false;
}
if (f_getCertificateHash(v_certificate, v_hash) == false) {
log("f_verifyCertificateSignatureWithPublicKey: Invalid certificate: " & v_certificate);
return false;
}
}
v_signature := valueof(p_certificateToBeVerified.signature_.ecdsaBrainpoolP384r1Signature.rSig.x_only) & valueof(p_certificateToBeVerified.signature_.ecdsaBrainpoolP384r1Signature.sSig);
log("f_verifyCertificateSignatureWithPublicKey: v_signedData=", v_signature);
if (ischosen(p_publicVerificationKey.ecdsaBrainpoolP384r1.uncompressedP384)) {
return f_verifyWithEcdsaBrainpoolp384WithSha384_1(
v_enc_msg,
v_signature,
valueof(p_publicVerificationKey.ecdsaBrainpoolP384r1.uncompressedP384.x),
valueof(p_publicVerificationKey.ecdsaBrainpoolP384r1.uncompressedP384.y)
);
} else if (ischosen(p_publicVerificationKey.ecdsaBrainpoolP384r1.compressed_y_0)) {
return f_verifyWithEcdsaBrainpoolp384WithSha384(
v_enc_msg,
v_signature,
valueof(p_publicVerificationKey.ecdsaBrainpoolP384r1.compressed_y_0),
0 // Latest bit of the Y-coordinate is 0
);
} else if (ischosen(p_publicVerificationKey.ecdsaBrainpoolP384r1.compressed_y_1)) {
return f_verifyWithEcdsaBrainpoolp384WithSha384(
v_enc_msg,
v_signature,
valueof(p_publicVerificationKey.ecdsaBrainpoolP384r1.compressed_y_1),
1 // Latest bit of the Y-coordinate is 1
);
} else {
log("f_verifyCertificateSignatureWithPublicKey: Unknown PublicVerificationKey value");
return false;
} else if (ischosen(p_publicVerificationKey.ecdsaNistP256)) {
var Oct32 v_hash;
if (ischosen(p_certificateToBeVerified.issuer.self_)) {
v_hash := int2oct(0, 32);
} else {
var charstring v_certificate;
if (fx_readCertificateFromDigest(valueof(p_certificateToBeVerified.issuer.sha256AndDigest), v_certificate) == false) {
log("f_verifyCertificateSignatureWithPublicKey: Invalid issuer: ", p_certificateToBeVerified.issuer.sha256AndDigest);
return false;
}
if (f_getCertificateHash(v_certificate, v_hash) == false) {
log("f_verifyCertificateSignatureWithPublicKey: Invalid certificate: " & v_certificate);
return false;
}
}
v_signature := valueof(p_certificateToBeVerified.signature_.ecdsaNistP256Signature.rSig.x_only) & valueof(p_certificateToBeVerified.signature_.ecdsaNistP256Signature.sSig);
log("f_verifyCertificateSignatureWithPublicKey: v_signedData=", v_signature);
if (ischosen(p_publicVerificationKey.ecdsaNistP256.uncompressedP256)) {
return f_verifyWithEcdsaNistp256WithSha256_1(
v_enc_msg,
v_signature,
valueof(p_publicVerificationKey.ecdsaNistP256.uncompressedP256.x),
valueof(p_publicVerificationKey.ecdsaNistP256.uncompressedP256.y)
);
} else if (ischosen(p_publicVerificationKey.ecdsaNistP256.compressed_y_0)) {
return f_verifyWithEcdsaNistp256WithSha256(
v_enc_msg,
v_hash,
v_signature,
valueof(p_publicVerificationKey.ecdsaNistP256.compressed_y_0),
0 // Latest bit of the Y-coordinate is 0
);
} else if (ischosen(p_publicVerificationKey.ecdsaNistP256.compressed_y_1)) {
return f_verifyWithEcdsaNistp256WithSha256(
v_enc_msg,
v_hash,
v_signature,
valueof(p_publicVerificationKey.ecdsaNistP256.compressed_y_1),
1 // Latest bit of the Y-coordinate is 1
);
} else {
log("f_verifyCertificateSignatureWithPublicKey: Unknown PublicVerificationKey value");
return false;
} // End of finction f_verifyCertificateSignatureWithPublicKey
* @desc Verify the signature of the provided secured message
* @param p_certificateToBeVerified EtsiTs103097Certificate to be verified
* @param p_issuingCertificate Issuing certificate
* @return true on success, false otherwise
* @verdict
*/
function f_verifyCertificateSignatureWithIssuingCertificate(
in template (value) EtsiTs103097Certificate p_certificateToBeVerified,
in template (value) EtsiTs103097Certificate p_issuingCertificate
// Sanity checks
if (not(ischosen(p_issuingCertificate.toBeSigned.verifyKeyIndicator.verificationKey))) {
return false;
}
return f_verifyCertificateSignatureWithPublicKey(
p_certificateToBeVerified,
p_issuingCertificate.toBeSigned.verifyKeyIndicator.verificationKey
);
} // End of function f_verifyCertificateSignatureWithIssuingCertificate
* @desc Verify the signature of the provided secured message for ECDSA Nist-P256 algorithm
* @param p_securedMessage The message to be verified
* @param p_publicKey The ECDSA public key to verify a signature
* @param p_certificate EtsiTs103097Certificate to be used to verify the message
* @return true on success, false otherwise
* @verdict Unchanged
*/
function f_verifyGnSecuredMessageSignature_ecdsaNistP256(
in template (value) Ieee1609Dot2Data p_securedMessage,
in template (value) Oct32 p_certificateIssuer,
in template (value) EccP256CurvePoint p_publicKey
) return boolean {
// Local variables
var octetstring v_secPayload;
var octetstring v_signedData;
var boolean v_result := false;
var template (value) ToBeSignedData v_toBeSignedData;
log(">>> f_verifyGnSecuredMessageSignature_ecdsaNistP256: p_securedMessage= ", p_securedMessage);
log(">>> f_verifyGnSecuredMessageSignature_ecdsaNistP256: p_certificateIssuer= ", p_certificateIssuer);
log(">>> f_verifyGnSecuredMessageSignature_ecdsaNistP256: p_publicKey= ", p_publicKey);
// Create Ieee1609Dot2Data payload to be signed
v_toBeSignedData := valueof(p_securedMessage.content.signedData.tbsData);
log("f_verifyGnSecuredMessageSignature_ecdsaNistP256: v_toBeSignedData=", p_securedMessage.content.signedData.tbsData);
v_secPayload := bit2oct(encvalue(v_toBeSignedData));
log("f_verifyGnSecuredMessageSignature_ecdsaNistP256: v_secPayload=", v_secPayload);
// Verify payload
v_signedData := valueof(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature.rSig.x_only) & valueof(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature.sSig);
log("f_verifyGnSecuredMessageSignature_ecdsaNistP256: v_signedData=", v_signedData);
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
if (ischosen(p_publicKey.uncompressedP256)) {
v_result := f_verifyWithEcdsaNistp256WithSha256_1(
v_secPayload,
valueof(p_certificateIssuer),
v_signedData,
valueof(p_publicKey.uncompressedP256.x),
valueof(p_publicKey.uncompressedP256.y)
);
} else if (ischosen(p_publicKey.compressed_y_0)) {
v_result := f_verifyWithEcdsaNistp256WithSha256(
v_secPayload,
valueof(p_certificateIssuer),
v_signedData,
valueof(p_publicKey.compressed_y_0),
0
);
} else if (ischosen(p_publicKey.compressed_y_1)) {
v_result := f_verifyWithEcdsaNistp256WithSha256(
v_secPayload,
valueof(p_certificateIssuer),
v_signedData,
valueof(p_publicKey.compressed_y_1),
1
);
}
log("f_verifyGnSecuredMessageSignature_ecdsaNistP256: v_result=", v_result);
return v_result;
} // End of function f_verifyGnSecuredMessageSignature_ecdsaNistP256
/**
* @desc Verify the signature of the provided secured message for ECDSA Brainpool-P256 algorithm
* @param p_securedMessage The message to be verified
* @param p_publicKey The ECDSA public key to verify a signature
* @param p_certificate EtsiTs103097Certificate to be used to verify the message
* @return true on success, false otherwise
* @verdict Unchanged
*/
function f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP256r1(
in template (value) Ieee1609Dot2Data p_securedMessage,
in template (value) Oct32 p_certificateIssuer,
in template (value) EccP256CurvePoint p_publicKey
) return boolean {
// Local variables
var octetstring v_secPayload;
var octetstring v_signedData;
var boolean v_result := false;
var template (value) ToBeSignedData v_toBeSignedData;
log(">>> f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP256r1: p_securedMessage= ", p_securedMessage);
log(">>> f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP256r1: p_certificateIssuer= ", p_certificateIssuer);
log(">>> f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP256r1: p_publicKey= ", p_publicKey);
// Create Ieee1609Dot2Data payload to be signed
v_toBeSignedData := valueof(p_securedMessage.content.signedData.tbsData);
log("f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP256r1: v_toBeSignedData=", p_securedMessage.content.signedData.tbsData);
v_secPayload := bit2oct(encvalue(v_toBeSignedData));
log("f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP256r1: v_secPayload=", v_secPayload);
// Verify payload
v_signedData := valueof(p_securedMessage.content.signedData.signature_.ecdsaBrainpoolP256r1Signature.rSig.x_only) & valueof(p_securedMessage.content.signedData.signature_.ecdsaBrainpoolP256r1Signature.sSig);
log("f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP256r1: v_signedData=", v_signedData);
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
if (ischosen(p_publicKey.uncompressedP256)) {
v_result := f_verifyWithEcdsaBrainpoolp256WithSha256_1(
v_secPayload,
valueof(p_certificateIssuer),
v_signedData,
valueof(p_publicKey.uncompressedP256.x),
valueof(p_publicKey.uncompressedP256.y)
);
} else if (ischosen(p_publicKey.compressed_y_0)) {
v_result := f_verifyWithEcdsaBrainpoolp256WithSha256(
v_secPayload,
valueof(p_certificateIssuer),
v_signedData,
valueof(p_publicKey.compressed_y_0),
0
);
} else if (ischosen(p_publicKey.compressed_y_1)) {
v_result := f_verifyWithEcdsaBrainpoolp256WithSha256(
v_secPayload,
valueof(p_certificateIssuer),
v_signedData,
valueof(p_publicKey.compressed_y_1),
1
);
}
log("f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP256r1: v_result=", v_result);
return v_result;
} // End of function f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP256r1
/**
* @desc Verify the signature of the provided secured message for ECDSA Brainpool-P384 algorithm
* @param p_securedMessage The message to be verified
* @param p_publicKey The ECDSA public key to verify a signature
* @param p_certificate EtsiTs103097Certificate to be used to verify the message
* @return true on success, false otherwise
* @verdict Unchanged
*/
function f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP384r1(
in template (value) Ieee1609Dot2Data p_securedMessage,
in template (value) Oct48 p_certificateIssuer,
in template (value) EccP384CurvePoint p_publicKey
) return boolean {
// Local variables
var octetstring v_secPayload;
var octetstring v_signedData;
var boolean v_result := false;
var template (value) ToBeSignedData v_toBeSignedData;
log(">>> f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP384r1: p_securedMessage= ", p_securedMessage);
log(">>> f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP384r1: p_certificateIssuer= ", p_certificateIssuer);
log(">>> f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP384r1: p_publicKey= ", p_publicKey);
// Create Ieee1609Dot2Data payload to be signed
v_toBeSignedData := valueof(p_securedMessage.content.signedData.tbsData);
log("f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP384r1: v_toBeSignedData=", p_securedMessage.content.signedData.tbsData);
v_secPayload := bit2oct(encvalue(v_toBeSignedData));
log("f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP384r1: v_secPayload=", v_secPayload);
v_signedData := valueof(p_securedMessage.content.signedData.signature_.ecdsaBrainpoolP384r1Signature.rSig.x_only) & valueof(p_securedMessage.content.signedData.signature_.ecdsaBrainpoolP384r1Signature.sSig);
log("f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP384r1: v_signedData=", v_signedData);
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
if (ischosen(p_publicKey.uncompressedP384)) {
v_result := f_verifyWithEcdsaBrainpoolp384WithSha384_1(
v_secPayload,
valueof(p_certificateIssuer),
v_signedData,
valueof(p_publicKey.uncompressedP384.x),
valueof(p_publicKey.uncompressedP384.y)
);
} else if (ischosen(p_publicKey.compressed_y_0)) {
v_result := f_verifyWithEcdsaBrainpoolp384WithSha384(
v_secPayload,
valueof(p_certificateIssuer),
v_signedData,
valueof(p_publicKey.compressed_y_0),
0
);
} else if (ischosen(p_publicKey.compressed_y_1)) {
v_result := f_verifyWithEcdsaBrainpoolp384WithSha384(
v_secPayload,
valueof(p_certificateIssuer),
v_signedData,
valueof(p_publicKey.compressed_y_1),
1
);
}
log("f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP384r1: v_result=", v_result);
} // End of function f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP384r1
* @desc Verify the signature of the provided secured message
* @param p_securedMessage
* @param p_certificate EtsiTs103097Certificate to be used to verify the message
* @return true on success, false otherwise
* @verdict
*/
function f_verifyGnSecuredMessageSignatureWithCertificate(
in template (value) Ieee1609Dot2Data p_securedMessage,
in template (value) EtsiTs103097Certificate p_certificate
if (ischosen(p_securedMessage.content.signedData.signature_.ecdsaBrainpoolP256r1Signature)) {
var charstring v_certificate;
var Oct32 v_hash;
if (fx_readCertificateFromDigest(valueof(p_certificate.issuer.sha256AndDigest), v_certificate) == false) {
log("f_verifyCertificateSignatureWithPublicKey: Invalid issuer: ", p_certificate.issuer.sha256AndDigest);
return false;
}
if (f_getCertificateHash(v_certificate, v_hash) == false) {
log("f_verifyCertificateSignatureWithPublicKey: Invalid certificate: " & v_certificate);
return false;
}
return f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP256r1(p_securedMessage, v_hash, p_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP256r1);
} else if (ischosen(p_securedMessage.content.signedData.signature_.ecdsaBrainpoolP384r1Signature)) {
var charstring v_certificate;
var Oct48 v_hash;
if (fx_readCertificateFromDigest(valueof(p_certificate.issuer.sha384AndDigest), v_certificate) == false) {
log("f_verifyCertificateSignatureWithPublicKey: Invalid issuer: ", p_certificate.issuer.sha384AndDigest);
return false;
}
if (f_getCertificateHash(v_certificate, v_hash) == false) {
log("f_verifyCertificateSignatureWithPublicKey: Invalid certificate: " & v_certificate);
return false;
}
return f_verifyGnSecuredMessageSignature_ecdsaBrainpoolP384r1(p_securedMessage, v_hash, p_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1);
} else if (ischosen(p_securedMessage.content.signedData.signature_.ecdsaNistP256Signature)) {
var charstring v_certificate;
var Oct32 v_hash;
if (fx_readCertificateFromDigest(valueof(p_certificate.issuer.sha256AndDigest), v_certificate) == false) {
log("f_verifyCertificateSignatureWithPublicKey: Invalid issuer: ", p_certificate.issuer.sha256AndDigest);
return false;
}
if (f_getCertificateHash(v_certificate, v_hash) == false) {
log("f_verifyCertificateSignatureWithPublicKey: Invalid certificate: " & v_certificate);
return false;
}
return f_verifyGnSecuredMessageSignature_ecdsaNistP256(p_securedMessage, v_hash, p_certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaNistP256);
} // End of function f_verifyGnSecuredOtherMessageWithDeviceCertificate
} // End of group deviceSignatureHelpers
garciay
committed
* @desc return Ieee1609Dot2Data header field of given type or null if none
* @param p_msg the Ieee1609Dot2Data
* @return HeaderInfo of given type if any or null
in template(omit) Ieee1609Dot2Data p_securedMessage,
out HeaderInfo p_return
) return boolean {
if (not isvalue(p_securedMessage)) {
testcase.stop(__SCOPE__ & " can not handle omitted secured message values");
}
v_securedMessage := valueof(p_securedMessage);
if (ispresent(v_securedMessage.content.signedData)) {
p_return := v_securedMessage.content.signedData.tbsData.headerInfo;
return true;
}
}
/**
* @desc return SignerIdentifier Ieee1609Dot2Data field
in template(omit) Ieee1609Dot2Data p_securedMessage,
out SignerIdentifier p_signerIdentifier
) return boolean {
if (not isvalue(p_securedMessage)) {
testcase.stop(__SCOPE__ & " can not handle omitted secured message values");
}