페이지 선택
Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Search in pages

Appendix F: Cryptographic test vectors for some procedures

F.1.   Certification Declaration CMS test vector

This subsection contains worked examples of encoding a Certification Declaration, which is con­ veyed by the Attestation Information payload during the Device Attestation Procedure.

The CSA CD signing certificate and associated private key which are provided in the vectors are only for exemplary purposes and are not official CD signing material.

The first example Certification Declaration has the following qualities:

  • Both dac_origin_vendor_id and dac_origin_product_id are absent
  • The product_id_array contains a single PID The content of this first example is shown below:

 

===== Algorithm inputs =====

-> format_version = 1

-> vendor_id = 0xFFF1

-> product_id_array = [ 0x8000 ]

-> device_type_id = 0x1234

-> certificate_id = “ZIG20141ZB330001-24”

-> security_level = 0

-> security_information = 0

-> version_number = 0x2694

-> certification_type = 0

-> dac_origin_vendor_id is not present

-> dac_origin_product_id is not present

-> authorized_paa_list is not present

-> Sample CSA CD Signing Certificate:

—–BEGIN CERTIFICATE—–

MIIBszCCAVqgAwIBAgIIRdrzneR6oI8wCgYIKoZIzj0EAwIwKzEpMCcGA1UEAwwg TWF0dGVyIFRlc3QgQ0QgU2lnbmluZyBBdXRob3JpdHkwIBcNMjEwNjI4MTQyMzQz WhgPOTk5OTEyMzEyMzU5NTlaMCsxKTAnBgNVBAMMIE1hdHRlciBUZXN0IENEIFNp

Z25pbmcgQXV0aG9yaXR5MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEPDmJIkUr VcrzicJb0bykZWlSzLkOiGkkmthHRlMBTL+V1oeWXgNrUhxRA35rjO3vyh60QEZp T6CIgu7WUZ3suqNmMGQwEgYDVR0TAQH/BAgwBgEB/wIBATAOBgNVHQ8BAf8EBAMC AQYwHQYDVR0OBBYEFGL6gjNZrPqplj4c+hQK3fUE83FgMB8GA1UdIwQYMBaAFGL6 gjNZrPqplj4c+hQK3fUE83FgMAoGCCqGSM49BAMCA0cAMEQCICxUXOTkV9im8NnZ

u+vW7OHd/n+MbZps83UyH8b6xxOEAiBUB3jodDlyUn7t669YaGIgtUB48s1OYqdq 58u5L/VMiw==

—–END CERTIFICATE—–

-> Sample CSA CD Signing Private Key:

  —–BEGIN EC PRIVATE KEY—–                                                                                                                                             

 

 

MHcCAQEEIK7zSEEW6UgexXvgRy30G/SZBk5QJK2GnspeiJgC1IB1oAoGCCqGSM49

AwEHoUQDQgAEPDmJIkUrVcrzicJb0bykZWlSzLkOiGkkmthHRlMBTL+V1oeWXgNr UhxRA35rjO3vyh60QEZpT6CIgu7WUZ3sug==

—–END EC PRIVATE KEY—–

===== Intermediate outputs =====

-> Encoded TLV of sample Certification Declaration (54 bytes):

00000000    15 24 00 01 25 01 f1 ff               36 02 05 00 80 18 25 03 |.$..%…6……………….. %.|

00000010    34 12 2c 04 13 5a 49 47             32 30 31 34 31 5a 42 33 |4.,..ZIG20141ZB3|

00000020    33 30 30 30 31 2d 32 34            24 05 00 24 06 00 25 07 |30001-24$..$..%.|

00000030    94 26 24 08 00 18                                                                            |.&$…|

00000036

===== Algorithm outputs =====

-> Encoded CMS SignedData of Certification Declaration (235 bytes):

00000000    30 81 e8 06 09 2a 86 48            86 f7 0d 01 07 02 a0 81 |0….*.H…………………….. |

00000010    da 30 81 d7 02 01 03 31            0d 30 0b 06 09 60 86 48 |.0…..1.0……………… `.H|

00000020    01 65 03 04 02 01 30 45            06 09 2a 86 48 86 f7 0d |.e….0E..*.H……………….. |

00000030    01 07 01 a0 38 04 36 15            24 00 01 25 01 f1 ff 36 |….8.6.$..%………………… 6|

00000040    02 05 00 80 18 25 03 34            12 2c 04 13 5a 49 47 32 |…..%.4.,..ZIG2|

00000050    30 31 34 31 5a 42 33 33            30 30 30 31 2d 32 34 24 |0141ZB330001-24$|

00000060    05 00 24 06 00 25 07 94            26 24 08 00 18 31 7c 30 |..$..%..&$……………. 1|0|

00000070    7a 02 01 03 80 14 62 fa             82 33 59 ac fa a9 96 3e |z…..b..3Y…………………. >|

00000080    1c fa 14 0a dd f5 04 f3               71 60 30 0b 06 09 60 86 |……..q`0……………….. `.|

00000090    48 01 65 03 04 02 01 30            0a 06 08 2a 86 48 ce 3d |H.e….0…………….. *.H.=|

000000a0    04 03 02 04 46 30 44 02            20 43 a6 3f 2b 94 3d f3 |….F0D. C.?+.=.|

000000b0    3c 38 b3 e0 2f ca a7 5f               e3 53 2a eb bf 5e 63 f5 |<8../.._.S*..^c.| 000000c0                      bb db c0 b1 f0 1d 3c 4f              60 02 20 4c 1a bf 5f 18 |……<O`. L.._.|

000000d0    07 b8 18 94 b1 57 6c 47            e4 72 4e 4d 96 6c 61 2e |……………. WlG.rNM.la.|

000000e0    d3 fa 25 c1 18 c3 f2 b3               f9 03 69                                      |..%…………. i|

000000eb

 

The second example Certification Declaration has the following qualities:

  • Both dac_origin_vendor_id and dac_origin_product_id are present
  • The product_id_array contains a two PIDs (0x8001, 0x8002)
  • It uses the authorized_paa_list to indicate the Subject Key Identifier (SKI) extension value of the expected PAA in the certificate chain of the Device Attestation Certificate for a product carrying this Certification Declaration

 

The content of this second example is shown below:

 

===== Algorithm inputs =====

-> format_version = 1

-> vendor_id = 0xFFF2

-> product_id_array = [ 0x8001, 0x8002 ]

-> device_type_id = 0x1234

-> certificate_id = “ZIG20142ZB330002-24”

-> security_level = 0

 

-> security_information = 0

-> version_number = 0x2694

-> certification_type = 0

-> dac_origin_vendor_id = 0xFFF1

-> dac_origin_product_id = 0x8000

-> authorized_paa_list = [ 78:5c:e7:05:b8:6b:8f:4e:6f:c7:93:aa:60:cb:43:ea:69:68:82:d5

]

-> Sample CSA CD Signing Certificate:

—–BEGIN CERTIFICATE—–

MIIBszCCAVqgAwIBAgIIRdrzneR6oI8wCgYIKoZIzj0EAwIwKzEpMCcGA1UEAwwg TWF0dGVyIFRlc3QgQ0QgU2lnbmluZyBBdXRob3JpdHkwIBcNMjEwNjI4MTQyMzQz WhgPOTk5OTEyMzEyMzU5NTlaMCsxKTAnBgNVBAMMIE1hdHRlciBUZXN0IENEIFNp

Z25pbmcgQXV0aG9yaXR5MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEPDmJIkUr VcrzicJb0bykZWlSzLkOiGkkmthHRlMBTL+V1oeWXgNrUhxRA35rjO3vyh60QEZp T6CIgu7WUZ3suqNmMGQwEgYDVR0TAQH/BAgwBgEB/wIBATAOBgNVHQ8BAf8EBAMC AQYwHQYDVR0OBBYEFGL6gjNZrPqplj4c+hQK3fUE83FgMB8GA1UdIwQYMBaAFGL6 gjNZrPqplj4c+hQK3fUE83FgMAoGCCqGSM49BAMCA0cAMEQCICxUXOTkV9im8NnZ

u+vW7OHd/n+MbZps83UyH8b6xxOEAiBUB3jodDlyUn7t669YaGIgtUB48s1OYqdq 58u5L/VMiw==

—–END CERTIFICATE—–

-> Sample CSA CD Signing Private Key:

—–BEGIN EC PRIVATE KEY—–

MHcCAQEEIK7zSEEW6UgexXvgRy30G/SZBk5QJK2GnspeiJgC1IB1oAoGCCqGSM49

AwEHoUQDQgAEPDmJIkUrVcrzicJb0bykZWlSzLkOiGkkmthHRlMBTL+V1oeWXgNr UhxRA35rjO3vyh60QEZpT6CIgu7WUZ3sug==

—–END EC PRIVATE KEY—–

===== Intermediate outputs =====

-> Encoded TLV of sample Certification Declaration (90 bytes):

00000000    15 24 00 01 25 01 f2 ff               36 02 05 01 80 05 02 80 |.$..%…6…………………… |

00000010    18 25 03 34 12 2c 04 13             5a 49 47 32 30 31 34 32 |.%.4.,..ZIG20142|

00000020    5a 42 33 33 30 30 30 32            2d 32 34 24 05 00 24 06 |ZB330002-24$..$.|

00000030    00 25 07 94 26 24 08 00            25 09 f1 ff 25 0a 00 80 |.%..&$..%…%……………… |

00000040    36 0b 10 14 78 5c e7 05             b8 6b 8f 4e 6f c7 93 aa |6…x\…k.No……………….. |

00000050    60 cb 43 ea 69 68 82 d5             18 18                                           |`.C.ih………. |

0000005a

===== Algorithm outputs =====

-> Encoded CMS SignedData of Certification Declaration (273 bytes):

00000000    30 82 01 0d 06 09 2a 86            48 86 f7 0d 01 07 02 a0 |0…..*.H……………………. |

00000010    81 ff 30 81 fc 02 01 03               31 0d 30 0b 06 09 60 86 |..0…..1.0………………. `.|

00000020    48 01 65 03 04 02 01 30            69 06 09 2a 86 48 86 f7 |H.e….0i..*.H..|

00000030    0d 01 07 01 a0 5c 04 5a             15 24 00 01 25 01 f2 ff |…..\.Z.$..%…………………. |

00000040    36 02 05 01 80 05 02 80            18 25 03 34 12 2c 04 13 |6……..%.4.,..|

00000050    5a 49 47 32 30 31 34 32            5a 42 33 33 30 30 30 32 |ZIG20142ZB330002|

00000060    2d 32 34 24 05 00 24 06            00 25 07 94 26 24 08 00 |-24$..$..%..&$..|

00000070    25 09 f1 ff 25 0a 00 80               36 0b 10 14 78 5c e7 05 |%…%…6…x\..|

00000080    b8 6b 8f 4e 6f c7 93 aa              60 cb 43 ea 69 68 82 d5 |.k.No…`.C.ih..|

00000090    18 18 31 7d 30 7b 02 01            03 80 14 62 fa 82 33 59 |..1}0{…..b..3Y|

 

 

000000a0    ac fa a9 96 3e 1c fa 14               0a dd f5 04 f3 71 60 30 |….>.            q`0|

000000b0    0b 06 09 60 86 48 01 65            03 04 02 01 30 0a 06 08 |…`.H.e….0. |

000000c0     2a 86 48 ce 3d 04 03 02             04 47 30 45 02 20 4a e9 |*.H.=….G0E. J.|

000000d0    c9 b7 f8 aa 68 61 0a dd             84 e4 12 91 fc 8f 4d c5 |….ha.         M.|

000000e0    33 fc a2 9d c1 ff f2 25                 3c 09 cd 32 f7 75 02 21 |3……%<. 2.u.!|

000000f0     00 9c 0a 5f de f9 e0 08               d1 cc 8b b7 c3 95 9c db |…_.             |

00000100    65 c4 61 25 cb 72 95 08             1e 47 b5 c1 31 e4 d1 f4 |e.a%.r…G..1.                                                   |

00000110    8c                      |.|

00000111

 

F.2.   Device Attestation Response test vector

This subsection contains a worked example of the Attestation Information to be generated in the AttestationResponse Command when executing the Device Attestation Procedure.

The Device Attestation key pair shown is an example, not to be reused in implementations.

 

NOTE         This test vector does NOT contain the optional Firmware Information payload. It is omitted.

 

===== Algorithm inputs =====

-> AttestationNonce (example): e0:42:1b:91:c6:fd:cd:b4:0e:2a:4d:2c:f3:1d:b2:b4:e1:8b:41:1b:1d:3a:d4:d1:2a:9d:90:aa:8e

:52:fa:e2

-> Attestation challenge (example): 7a:49:53:05:d0:77:79:a4:94:dd:39:a0:85:1b:66:0d

-> Device attestation private key (example): 38:f3:e0:a1:f1:45:ba:1b:f3:e4:4b:55:2d:ef:65:27:3d:1d:8e:27:6a:a3:14:ac:74:2e:b1:28:93

:3b:a6:4b

—–BEGIN EC PRIVATE KEY—–

MHcCAQEEIDjz4KHxRbob8+RLVS3vZSc9HY4naqMUrHQusSiTO6ZLoAoGCCqGSM49

AwEHoUQDQgAEzlz477BdTu55DQpx1cARu3RyQNuiFFiEXTPjSwr2ZRYzBjqASy/4 XcqyAZoKtvVZV3X+jYX716B8joN9pNWouQ==

—–END EC PRIVATE KEY—–

-> Device attestation public key (example): 04:ce:5c:f8:ef:b0:5d:4e:ee:79:0d:0a:71:d5:c0:11:bb:74:72:40:db:a2:14:58:84:5d:33:e3:4b

:0a:f6:65:16:33:06:3a:80:4b:2f:f8:5d:ca:b2:01:9a:0a:b6:f5:59:57:75:fe:8d:85:fb:d7:a0:7

c:8e:83:7d:a4:d5:a8:b9

—–BEGIN PUBLIC KEY—–

MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEzlz477BdTu55DQpx1cARu3RyQNui FFiEXTPjSwr2ZRYzBjqASy/4XcqyAZoKtvVZV3X+jYX716B8joN9pNWouQ==

—–END PUBLIC KEY—–

-> Desired timestamp: 2021-06-15T20:15:57Z

-> Desired timestamp in epoch-s: 677103357

-> vendor specific [0xfff1:0x3e:0x1] = 73:61:6d:70:6c:65:5f:76:65:6e:64:6f:72:5f:72:65:73:65:72:76:65:64:31

  (“sample_vendor_reserved1”)                                                                                                                                            

 

-> vendor specific [0xfff1:0x3e:0x3] = 76:65:6e:64:6f:72:5f:72:65:73:65:72:76:65:64:33:5f:65:78:61:6d:70:6c:65

(“vendor_reserved3_example”)

===== Intermediate outputs =====

-> attestation_elements_message:

00000000    15 31 01 11 01 30 82 01            0d 06 09 2a 86 48 86 f7 |.1…0……………….. *.H..|

00000010    0d 01 07 02 a0 81 ff 30              81 fc 02 01 03 31 0d 30 |…….0………………….. 1.0|

00000020    0b 06 09 60 86 48 01 65            03 04 02 01 30 69 06 09 |…`.H.e….0i..|

00000030    2a 86 48 86 f7 0d 01 07             01 a0 5c 04 5a 15 24 00 |*.H………………… \.Z.$.|

00000040    01 25 01 f2 ff 36 02 05               01 80 05 02 80 18 25 03 |.%…6…………………… %.|

00000050    34 12 2c 04 13 5a 49 47             32 30 31 34 32 5a 42 33 |4.,..ZIG20142ZB3|

00000060    33 30 30 30 32 2d 32 34            24 05 00 24 06 00 25 07 |30002-24$..$..%.|

00000070    94 26 24 08 00 25 09 f1             ff 25 0a 00 80 36 0b 10 |.&$..%…%…6..|

00000080    14 78 5c e7 05 b8 6b 8f             4e 6f c7 93 aa 60 cb 43 |.x\…k.No……………… `.C|

00000090    ea 69 68 82 d5 18 18 31            7d 30 7b 02 01 03 80 14 |.ih….1}0{…………………. |

000000a0    62 fa 82 33 59 ac fa a9               96 3e 1c fa 14 0a dd f5 |b..3Y….>……………………. |

000000b0    04 f3 71 60 30 0b 06 09             60 86 48 01 65 03 04 02 |..q`0…`.H.e………………. |

000000c0     01 30 0a 06 08 2a 86 48             ce 3d 04 03 02 04 47 30 |.0…*.H.=.                      G0|

000000d0    45 02 20 4a e9 c9 b7 f8              aa 68 61 0a dd 84 e4 12 |E. J…..ha………………….. |

000000e0    91 fc 8f 4d c5 33 fc a2                9d c1 ff f2 25 3c 09 cd |…M.3……%<..|

000000f0     32 f7 75 02 21 00 9c 0a              5f de f9 e0 08 d1 cc 8b |2.u.!…_…………………….. |

00000100    b7 c3 95 9c db 65 c4 61             25 cb 72 95 08 1e 47 b5 |…..e.a%.r……………… G.|

00000110    c1 31 e4 d1 f4 8c 30 02              20 e0 42 1b 91 c6 fd cd |.1….0. .B…………………… |

00000120    b4 0e 2a 4d 2c f3 1d b2             b4 e1 8b 41 1b 1d 3a d4 |..*M,……A……………….. |

00000130    d1 2a 9d 90 aa 8e 52 fa             e2 26 03 fd c6 5b 28 d0 |.*….R..&……………… [(.|

00000140    f1 ff 3e 00 01 00 17 73               61 6d 70 6c 65 5f 76 65 |..>…………….. sample_ve|

00000150    6e 64 6f 72 5f 72 65 73              65 72 76 65 64 31 d0 f1 |ndor_reserved1..|

00000160    ff 3e 00 03 00 18 76 65              6e 64 6f 72 5f 72 65 73 |.>…………….. vendor_res|

00000170    65 72 76 65 64 33 5f 65             78 61 6d 70 6c 65 18                |erved3_example.|

0000017f

-> attestation_tbs := attestation_elements_message || attestation_challenge

-> attestation_tbs (NOT sent over the wire):

00000000    15 31 01 11 01 30 82 01            0d 06 09 2a 86 48 86 f7 |.1…0…..*.H..|

00000010    0d 01 07 02 a0 81 ff 30              81 fc 02 01 03 31 0d 30 |…….0………………….. 1.0|

00000020    0b 06 09 60 86 48 01 65            03 04 02 01 30 69 06 09 |…`.H.e….0i..|

00000030    2a 86 48 86 f7 0d 01 07             01 a0 5c 04 5a 15 24 00 |*.H………………… \.Z.$.|

00000040    01 25 01 f2 ff 36 02 05               01 80 05 02 80 18 25 03 |.%…6…………………… %.|

00000050    34 12 2c 04 13 5a 49 47             32 30 31 34 32 5a 42 33 |4.,..ZIG20142ZB3|

00000060    33 30 30 30 32 2d 32 34            24 05 00 24 06 00 25 07 |30002-24$..$..%.|

00000070    94 26 24 08 00 25 09 f1             ff 25 0a 00 80 36 0b 10 |.&$..%…%…6..|

00000080    14 78 5c e7 05 b8 6b 8f             4e 6f c7 93 aa 60 cb 43 |.x\…k.No……………… `.C|

00000090    ea 69 68 82 d5 18 18 31            7d 30 7b 02 01 03 80 14 |.ih….1}0{…………………. |

000000a0    62 fa 82 33 59 ac fa a9               96 3e 1c fa 14 0a dd f5 |b..3Y….>……………………. |

000000b0    04 f3 71 60 30 0b 06 09             60 86 48 01 65 03 04 02 |..q`0…`.H.e………………. |

000000c0     01 30 0a 06 08 2a 86 48             ce 3d 04 03 02 04 47 30 |.0…*.H.=.                      G0|

000000d0    45 02 20 4a e9 c9 b7 f8              aa 68 61 0a dd 84 e4 12 |E. J…..ha………………….. |

000000e0    91 fc 8f 4d c5 33 fc a2                9d c1 ff f2 25 3c 09 cd |…M.3……%<..|

000000f0     32 f7 75 02 21 00 9c 0a              5f de f9 e0 08 d1 cc 8b |2.u.!…_…………………….. |

00000100    b7 c3 95 9c db 65 c4 61             25 cb 72 95 08 1e 47 b5 |…..e.a%.r……………… G.|

 

00000110    c1 31 e4 d1 f4 8c 30 02              20 e0 42 1b 91 c6 fd cd |.1….0. .B.                      |

00000120    b4 0e 2a 4d 2c f3 1d b2             b4 e1 8b 41 1b 1d 3a d4 |..*M,……A.                      |

00000130    d1 2a 9d 90 aa 8e 52 fa             e2 26 03 fd c6 5b 28 d0 |.*….R..&.                      [(.|

00000140    f1 ff 3e 00 01 00 17 73               61 6d 70 6c 65 5f 76 65 |..>.                      sample_ve|

00000150    6e 64 6f 72 5f 72 65 73              65 72 76 65 64 31 d0 f1 |ndor_reserved1..|

00000160    ff 3e 00 03 00 18 76 65              6e 64 6f 72 5f 72 65 73 |.>.                      vendor_res|

00000170    65 72 76 65 64 33 5f 65             78 61 6d 70 6c 65 18 7a |erved3_example.z|

00000180    49 53 05 d0 77 79 a4 94            dd 39 a0 85 1b 66 0d               |IS..wy…9.                      f.|

0000018f

-> SHA-256 of attestation_tbs used for signature (NOT sent over the wire): 1d:f1:05:b1:30:84:c3:cc:13:19:9e:df:07:b8:76:9e:be:2e:26:0d:84:8f:27:a6:ca:b6:6d:d9:a5

:8c:ea:b1

-> Fixed K for sample signature of attestation_tbs: c5:35:83:3f:47:86:4f:cb:d8:b5:e3:2e:fb:a8:84:35:c0:fb:0c:9f:db:0f:00:34:98:0a:41:84:cc

:f0:52:4d

-> Attestation signature: 79:82:53:5d:24:cf:e1:4a:71:ab:04:24:cf:0b:ac:f1:e3:45:48:7e:d5:0f:1a:c0:bc:25:9e:cc:fb

:39:08:1e:d7:a7:52:18:8d:9f:76:f9:06:37:03:eb:24:0f:9c:d1:4b:0a:43:e7:41:fe:60:ef:2a:8 1:63:5a:ea:5b:48:4d

===== Algorithm outputs =====

-> AttestationElements field of AttestationResponse (len 383 bytes):

00000000    15 31 01 11 01 30 82 01            0d 06 09 2a 86 48 86 f7 |.1…0…..*.H..|

00000010    0d 01 07 02 a0 81 ff 30              81 fc 02 01 03 31 0d 30 |…….0.                      1.0|

00000020    0b 06 09 60 86 48 01 65            03 04 02 01 30 69 06 09 |…`.H.e….0i..|

00000030    2a 86 48 86 f7 0d 01 07             01 a0 5c 04 5a 15 24 00 |*.H.                      \.Z.$.|

00000040    01 25 01 f2 ff 36 02 05               01 80 05 02 80 18 25 03 |.%…6.                      %.|

00000050    34 12 2c 04 13 5a 49 47             32 30 31 34 32 5a 42 33 |4.,..ZIG20142ZB3|

00000060    33 30 30 30 32 2d 32 34            24 05 00 24 06 00 25 07 |30002-24$..$..%.|

00000070    94 26 24 08 00 25 09 f1             ff 25 0a 00 80 36 0b 10 |.&$..%…%…6..|

00000080    14 78 5c e7 05 b8 6b 8f             4e 6f c7 93 aa 60 cb 43 |.x\…k.No.                      `.C|

00000090    ea 69 68 82 d5 18 18 31            7d 30 7b 02 01 03 80 14 |.ih….1}0{.                      |

000000a0    62 fa 82 33 59 ac fa a9               96 3e 1c fa 14 0a dd f5 |b..3Y….>.                      |

000000b0    04 f3 71 60 30 0b 06 09             60 86 48 01 65 03 04 02 |..q`0…`.H.e.                      |

000000c0     01 30 0a 06 08 2a 86 48             ce 3d 04 03 02 04 47 30 |.0…*.H.=.                      G0|

000000d0    45 02 20 4a e9 c9 b7 f8              aa 68 61 0a dd 84 e4 12 |E. J…..ha.                      |

000000e0    91 fc 8f 4d c5 33 fc a2                9d c1 ff f2 25 3c 09 cd |…M.3……%<..|

000000f0     32 f7 75 02 21 00 9c 0a              5f de f9 e0 08 d1 cc 8b |2.u.!…_.                      |

00000100    b7 c3 95 9c db 65 c4 61             25 cb 72 95 08 1e 47 b5 |…..e.a%.r.                      G.|

00000110    c1 31 e4 d1 f4 8c 30 02              20 e0 42 1b 91 c6 fd cd |.1….0. .B.                      |

00000120    b4 0e 2a 4d 2c f3 1d b2             b4 e1 8b 41 1b 1d 3a d4 |..*M,……A.                      |

00000130    d1 2a 9d 90 aa 8e 52 fa             e2 26 03 fd c6 5b 28 d0 |.*….R..&.                      [(.|

00000140    f1 ff 3e 00 01 00 17 73               61 6d 70 6c 65 5f 76 65 |..>.                      sample_ve|

00000150    6e 64 6f 72 5f 72 65 73              65 72 76 65 64 31 d0 f1 |ndor_reserved1..|

00000160    ff 3e 00 03 00 18 76 65              6e 64 6f 72 5f 72 65 73 |.>.                      vendor_res|

00000170    65 72 76 65 64 33 5f 65             78 61 6d 70 6c 65 18                      |erved3_example.|

0000017f

 

 

-> AttestationSignature field of AttestationResponse (len 64 bytes):

00000000    79 82 53 5d 24 cf e1 4a             71 ab 04 24 cf 0b ac f1 |y.S]$..Jq..$.                                                      |

00000010    e3 45 48 7e d5 0f 1a c0              bc 25 9e cc fb 39 08 1e |.EH~…..%…9..|

00000020    d7 a7 52 18 8d 9f 76 f9              06 37 03 eb 24 0f 9c d1 |..R…v..7..$.                                                      |

00000030    4b 0a 43 e7 41 fe 60 ef              2a 81 63 5a ea 5b 48 4d |K.C.A.`.*.cZ.[HM|

00000040

 

F.3.   Node Operational CSR Response test vector

This subsection contains a worked example of the NOCSR Information to be generated in the CSR­ Response Command when executing the Node Operational CSR Procedure.

The CSR shown is valid for the provided Node Operational public key.

 

The Device Attestation key pair shown is an example, not to be reused in implementations.

 

===== Algorithm inputs =====

-> CSRNonce: 81:4a:4d:4c:1c:4a:8e:bb:ea:db:0a:e2:82:f9:91:eb:13:ac:5f:9f:ce:94:30:93:19:aa:94:09:6c

:8c:d4:b8

-> Attestation challenge (example): 7a:49:53:05:d0:77:79:a4:94:dd:39:a0:85:1b:66:0d

-> Device attestation private key (example): 38:f3:e0:a1:f1:45:ba:1b:f3:e4:4b:55:2d:ef:65:27:3d:1d:8e:27:6a:a3:14:ac:74:2e:b1:28:93

:3b:a6:4b

—–BEGIN EC PRIVATE KEY—–

MHcCAQEEIDjz4KHxRbob8+RLVS3vZSc9HY4naqMUrHQusSiTO6ZLoAoGCCqGSM49

AwEHoUQDQgAEzlz477BdTu55DQpx1cARu3RyQNuiFFiEXTPjSwr2ZRYzBjqASy/4 XcqyAZoKtvVZV3X+jYX716B8joN9pNWouQ==

—–END EC PRIVATE KEY—–

-> Device attestation public key (example): 04:ce:5c:f8:ef:b0:5d:4e:ee:79:0d:0a:71:d5:c0:11:bb:74:72:40:db:a2:14:58:84:5d:33:e3:4b

:0a:f6:65:16:33:06:3a:80:4b:2f:f8:5d:ca:b2:01:9a:0a:b6:f5:59:57:75:fe:8d:85:fb:d7:a0:7

c:8e:83:7d:a4:d5:a8:b9

—–BEGIN PUBLIC KEY—–

MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEzlz477BdTu55DQpx1cARu3RyQNui FFiEXTPjSwr2ZRYzBjqASy/4XcqyAZoKtvVZV3X+jYX716B8joN9pNWouQ==

—–END PUBLIC KEY—–

===== Intermediate outputs =====

-> Candidate Operational Private Key: 1c:18:82:e8:7f:80:d8:1a:25:9a:62:b6:ea:02:db:08:17:e2:10:68:46:84:2b:eb:3a:ab:c2:53:86

:a9:1e:89

—–BEGIN EC PRIVATE KEY—–

MHcCAQEEIBwYguh/gNgaJZpituoC2wgX4hBoRoQr6zqrwlOGqR6JoAoGCCqGSM49 AwEHoUQDQgAEXKJ542aCwtRs59TPiWeEZwi1ufhbnNr9jKiFJhLLDwx6cTFOyNyc ljTd7v7p9j8Oi9faz8O2pFMqrdiallHNbg==

—–END EC PRIVATE KEY—–

 

 

-> Candidate Operational Public Key: 04:5c:a2:79:e3:66:82:c2:d4:6c:e7:d4:cf:89:67:84:67:08:b5:b9:f8:5b:9c:da:fd:8c:a8:85:26

:12:cb:0f:0c:7a:71:31:4e:c8:dc:9c:96:34:dd:ee:fe:e9:f6:3f:0e:8b:d7:da:cf:c3:b6:a4:53:2 a:ad:d8:9a:96:51:cd:6e

—–BEGIN PUBLIC KEY—–

MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXKJ542aCwtRs59TPiWeEZwi1ufhb nNr9jKiFJhLLDwx6cTFOyNycljTd7v7p9j8Oi9faz8O2pFMqrdiallHNbg==

—–END PUBLIC KEY—–

Certificate Request: Data:

Version: 1 (0x0) Subject: O = CSA

Subject Public Key Info:

Public Key Algorithm: id-ecPublicKey Public-Key: (256 bit)

pub:

04:5c:a2:79:e3:66:82:c2:d4:6c:e7:d4:cf:89:67:

84:67:08:b5:b9:f8:5b:9c:da:fd:8c:a8:85:26:12:

cb:0f:0c:7a:71:31:4e:c8:dc:9c:96:34:dd:ee:fe:

e9:f6:3f:0e:8b:d7:da:cf:c3:b6:a4:53:2a:ad:d8: 9a:96:51:cd:6e

ASN1 OID: prime256v1 NIST CURVE: P-256

Attributes:

Requested Extensions:

Signature Algorithm: ecdsa-with-SHA256 30:45:02:20:0e:67:5e:e1:b3:bb:fe:15:2a:17:4a:f5:35:e2:

2d:55:ce:10:c1:50:ca:c0:1b:31:18:de:05:e8:fd:9f:10:48:

02:21:00:d8:8c:57:cc:6e:74:f0:e5:48:8a:26:16:7a:07:fd:

6d:be:f1:aa:ad:72:1c:58:0b:6e:ae:21:be:5e:6d:0c:72

-> CSR bytes DER:

00000000    30 81 da 30 81 81 02 01            00 30 0e 31 0c 30 0a 06 |0..0…..0.1.0..|

00000010    03 55 04 0a 0c 03 43 53             41 30 59 30 13 06 07 2a |.U….CSA0Y0……………. *|

00000020    86 48 ce 3d 02 01 06 08             2a 86 48 ce 3d 03 01 07 |.H.=….*.H.=………………. |

00000030    03 42 00 04 5c a2 79 e3             66 82 c2 d4 6c e7 d4 cf |.B..\.y.f…l………………….. |

00000040    89 67 84 67 08 b5 b9 f8             5b 9c da fd 8c a8 85 26 |.g.g….[……………………. &|

00000050    12 cb 0f 0c 7a 71 31 4e              c8 dc 9c 96 34 dd ee fe |….zq1N….4……………….. |

00000060    e9 f6 3f 0e 8b d7 da cf               c3 b6 a4 53 2a ad d8 9a |..?……..S*…………………. |

00000070    96 51 cd 6e a0 11 30 0f              06 09 2a 86 48 86 f7 0d |.Q.n..0…*.H………………. |

00000080    01 09 0e 31 02 30 00 30            0a 06 08 2a 86 48 ce 3d |…1.0.0…………….. *.H.=|

00000090    04 03 02 03 48 00 30 45            02 20 0e 67 5e e1 b3 bb |….H.0E. .g^………………. |

000000a0    fe 15 2a 17 4a f5 35 e2              2d 55 ce 10 c1 50 ca c0 |..*.J.5.-U…P..|

000000b0    1b 31 18 de 05 e8 fd 9f              10 48 02 21 00 d8 8c 57 |.1…….H.!……………….. W|

000000c0     cc 6e 74 f0 e5 48 8a 26              16 7a 07 fd 6d be f1 aa |.nt..H.&.z..m………………. |

000000d0    ad 72 1c 58 0b 6e ae 21             be 5e 6d 0c 72                           |.r.X.n.!.^m.r| 000000dd

 

-> Sample vendor_reserved1: 73:61:6d:70:6c:65:5f:76:65:6e:64:6f:72:5f:72:65:73:65:72:76:65:64:31

 

-> Sample vendor_reserved3: 76:65:6e:64:6f:72:5f:72:65:73:65:72:76:65:64:33:5f:65:78:61:6d:70:6c:65

-> nocsr_elements_message:

00000000    15 30 01 dd 30 81 da 30            81 81 02 01 00 30 0e 31 |.0..0..0……………….. 0.1|

00000010    0c 30 0a 06 03 55 04 0a             0c 03 43 53 41 30 59 30 |.0…U.                      CSA0Y0|

00000020    13 06 07 2a 86 48 ce 3d             02 01 06 08 2a 86 48 ce |…*.H.=……………… *.H.|

00000030    3d 03 01 07 03 42 00 04            5c a2 79 e3 66 82 c2 d4 |=….B..\.y.f………………… |

00000040    6c e7 d4 cf 89 67 84 67              08 b5 b9 f8 5b 9c da fd |l….g.g….[…………………… |

00000050    8c a8 85 26 12 cb 0f 0c              7a 71 31 4e c8 dc 9c 96 |…&….zq1N……………….. |

00000060    34 dd ee fe e9 f6 3f 0e               8b d7 da cf c3 b6 a4 53 |4…..?……………………… S|

00000070    2a ad d8 9a 96 51 cd 6e             a0 11 30 0f 06 09 2a 86 |*….Q.n..0……………… *.|

00000080    48 86 f7 0d 01 09 0e 31             02 30 00 30 0a 06 08 2a |H……1.0.0………………. *|

00000090    86 48 ce 3d 04 03 02 03             48 00 30 45 02 20 0e 67 |.H.=….H.0E. .g|

000000a0    5e e1 b3 bb fe 15 2a 17             4a f5 35 e2 2d 55 ce 10 |^…..*.J.5.-U..|

000000b0    c1 50 ca c0 1b 31 18 de             05 e8 fd 9f 10 48 02 21 |.P…1……………………. H.!|

000000c0     00 d8 8c 57 cc 6e 74 f0              e5 48 8a 26 16 7a 07 fd |…W.nt..H.&.z..| 000000d0                            6d be f1 aa ad 72 1c 58                      0b 6e ae 21 be 5e 6d 0c |m.     r.X.n.!.^m.|

000000e0    72 30 02 20 81 4a 4d 4c             1c 4a 8e bb ea db 0a e2 |r0. .JML.J………………….. |

000000f0     82 f9 91 eb 13 ac 5f 9f               ce 94 30 93 19 aa 94 09 |……_…0…………………… |

00000100    6c 8c d4 b8 30 03 17 73             61 6d 70 6c 65 5f 76 65 |l…0..sample_ve|

00000110    6e 64 6f 72 5f 72 65 73              65 72 76 65 64 31 30 05 |ndor_reserved10.|

00000120    18 76 65 6e 64 6f 72 5f              72 65 73 65 72 76 65 64 |.vendor_reserved|

00000130    33 5f 65 78 61 6d 70 6c             65 18                                           |3_example.|

0000013a

-> nocsr_tbs (NOT sent over the wire):

00000000    15 30 01 dd 30 81 da 30            81 81 02 01 00 30 0e 31 |.0..0..0……………….. 0.1|

00000010    0c 30 0a 06 03 55 04 0a             0c 03 43 53 41 30 59 30 |.0…U.                      CSA0Y0|

00000020    13 06 07 2a 86 48 ce 3d             02 01 06 08 2a 86 48 ce |…*.H.=……………… *.H.|

00000030    3d 03 01 07 03 42 00 04            5c a2 79 e3 66 82 c2 d4 |=….B..\.y.f………………… |

00000040    6c e7 d4 cf 89 67 84 67              08 b5 b9 f8 5b 9c da fd |l….g.g….[…………………… |

00000050    8c a8 85 26 12 cb 0f 0c              7a 71 31 4e c8 dc 9c 96 |…&….zq1N……………….. |

00000060    34 dd ee fe e9 f6 3f 0e               8b d7 da cf c3 b6 a4 53 |4…..?……………………… S|

00000070    2a ad d8 9a 96 51 cd 6e             a0 11 30 0f 06 09 2a 86 |*….Q.n..0……………… *.|

00000080    48 86 f7 0d 01 09 0e 31             02 30 00 30 0a 06 08 2a |H……1.0.0………………. *|

00000090    86 48 ce 3d 04 03 02 03             48 00 30 45 02 20 0e 67 |.H.=….H.0E. .g|

000000a0    5e e1 b3 bb fe 15 2a 17             4a f5 35 e2 2d 55 ce 10 |^…..*.J.5.-U..|

000000b0    c1 50 ca c0 1b 31 18 de             05 e8 fd 9f 10 48 02 21 |.P…1……………………. H.!|

000000c0     00 d8 8c 57 cc 6e 74 f0              e5 48 8a 26 16 7a 07 fd |…W.nt..H.&.z..| 000000d0                            6d be f1 aa ad 72 1c 58                      0b 6e ae 21 be 5e 6d 0c |m.     r.X.n.!.^m.|

000000e0    72 30 02 20 81 4a 4d 4c             1c 4a 8e bb ea db 0a e2 |r0. .JML.J………………….. |

000000f0     82 f9 91 eb 13 ac 5f 9f               ce 94 30 93 19 aa 94 09 |……_…0…………………… |

00000100    6c 8c d4 b8 30 03 17 73             61 6d 70 6c 65 5f 76 65 |l…0..sample_ve|

00000110    6e 64 6f 72 5f 72 65 73              65 72 76 65 64 31 30 05 |ndor_reserved10.|

00000120    18 76 65 6e 64 6f 72 5f              72 65 73 65 72 76 65 64 |.vendor_reserved|

00000130    33 5f 65 78 61 6d 70 6c             65 18 7a 49 53 05 d0 77 |3_example.zIS..w|

00000140    79 a4 94 dd 39 a0 85 1b            66 0d                                           |y…9…….. f.|

0000014a

-> SHA-256 of nocsr_tbs used for signature (NOT sent over the wire): e2:62:65:69:65:2b:49:e1:5b:6e:d5:b2:42:92:bf:28:e8:e0:e9:5d:e4:25:14:e1:03:a4:30:30:18

 

:16:cf:3f

-> Fixed K for sample signature of nocsr_tbs: a9:c0:d7:f2:b5:1f:51:e3:75:05:3d:c7:0e:53:f5:4e:b1:86:59:c7:d2:99:47:94:f6:8d:b5:08:bb

:53:05:5f

-> Attestation signature: 87:8e:46:cf:fa:83:c8:32:96:eb:27:2e:bc:37:1c:1f:ef:ee:6d:69:54:f3:78:9f:d3:d2:27:e1:64

:13:d3:d4:75:a6:2f:d0:12:b9:19:d9:95:8b:c7:3d:7c:63:b3:cc:1e:f2:b6:2c:18:e0:cc:10:2e:d

1:ba:4d:ac:85:fe:ea

===== Algorithm outputs =====

-> NOCSRElements field of CSRResponse (len 314 bytes):

00000000    15 30 01 dd 30 81 da 30            81 81 02 01 00 30 0e 31 |.0..0..0.                      0.1|

00000010    0c 30 0a 06 03 55 04 0a             0c 03 43 53 41 30 59 30 |.0…U.                      CSA0Y0|

00000020    13 06 07 2a 86 48 ce 3d             02 01 06 08 2a 86 48 ce |…*.H.=.                      *.H.|

00000030    3d 03 01 07 03 42 00 04            5c a2 79 e3 66 82 c2 d4 |=….B..\.y.f.                      |

00000040    6c e7 d4 cf 89 67 84 67              08 b5 b9 f8 5b 9c da fd |l….g.g….[.                      |

00000050    8c a8 85 26 12 cb 0f 0c              7a 71 31 4e c8 dc 9c 96 |…&….zq1N.                      |

00000060    34 dd ee fe e9 f6 3f 0e               8b d7 da cf c3 b6 a4 53 |4…..?.                      S|

00000070    2a ad d8 9a 96 51 cd 6e             a0 11 30 0f 06 09 2a 86 |*….Q.n..0.                      *.|

00000080    48 86 f7 0d 01 09 0e 31             02 30 00 30 0a 06 08 2a |H……1.0.0.                      *|

00000090    86 48 ce 3d 04 03 02 03             48 00 30 45 02 20 0e 67 |.H.=….H.0E. .g|

000000a0    5e e1 b3 bb fe 15 2a 17             4a f5 35 e2 2d 55 ce 10 |^…..*.J.5.-U..|

000000b0    c1 50 ca c0 1b 31 18 de             05 e8 fd 9f 10 48 02 21 |.P…1.                      H.!|

000000c0     00 d8 8c 57 cc 6e 74 f0              e5 48 8a 26 16 7a 07 fd |…W.nt..H.&.z..| 000000d0                            6d be f1 aa ad 72 1c 58……………….. 0b 6e ae 21 be 5e 6d 0c |m.                                           r.X.n.!.^m.|

000000e0    72 30 02 20 81 4a 4d 4c             1c 4a 8e bb ea db 0a e2 |r0. .JML.J.                      |

000000f0     82 f9 91 eb 13 ac 5f 9f               ce 94 30 93 19 aa 94 09 |……_…0.                      |

00000100    6c 8c d4 b8 30 03 17 73             61 6d 70 6c 65 5f 76 65 |l…0..sample_ve|

00000110    6e 64 6f 72 5f 72 65 73              65 72 76 65 64 31 30 05 |ndor_reserved10.|

00000120    18 76 65 6e 64 6f 72 5f              72 65 73 65 72 76 65 64 |.vendor_reserved|

00000130    33 5f 65 78 61 6d 70 6c             65 18                                           |3_example.|

0000013a

-> AttestationSignature field of CSRResponse (len 64 bytes):

00000000    87 8e 46 cf fa 83 c8 32               96 eb 27 2e bc 37 1c 1f |..F….2..’..7..|

00000010    ef ee 6d 69 54 f3 78 9f               d3 d2 27 e1 64 13 d3 d4 |..miT.x…’.d.                      |

00000020    75 a6 2f d0 12 b9 19 d9             95 8b c7 3d 7c 63 b3 cc |u./……..=|c..| 00000030                                1e f2 b6 2c 18 e0 cc 10                      2e d1 ba 4d ac 85 fe ea |…,…….M.                      |

00000040

Adsense

 

 WiFi IoT Module

 

www.mxchip.com

 

 

 Bluetooth Module

www.feasycom.com

 

 

 5G/LTE/CAT-M1/NB-IoT

 

www.simcom.com

 

Viewed Page List